From 870c4520211fa49daa3bbf7c78fe3fde9d4c6b84 Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Tue, 13 Apr 2021 22:59:53 +0100 Subject: [PATCH 1/3] Fix for the issue instance gets cleared when device resets --- .../javacard/keymaster/KMOperationImpl.java | 51 ++++++++++--------- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java index 2a20541c..0a2b5943 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java @@ -23,6 +23,8 @@ public class KMOperationImpl implements KMOperation { + private Cipher cipher; + private Signature signature; private static final short CIPHER_ALG_OFFSET = 0x00; private static final short PADDING_OFFSET = 0x01; private static final short OPER_MODE_OFFSET = 0x02; @@ -32,12 +34,9 @@ public class KMOperationImpl implements KMOperation { //Java Card after the GCM update operation. private static final short AES_GCM_UPDATE_LEN_OFFSET = 0x05; private short[] parameters; - // Either one of Cipher/Signature instance is stored. - private Object[] operationInst; public KMOperationImpl() { parameters = JCSystem.makeTransientShortArray((short) 6, JCSystem.CLEAR_ON_RESET); - operationInst = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET); } public short getMode() { @@ -81,15 +80,19 @@ public void setCipherAlgorithm(short cipherAlg) { } public void setCipher(Cipher cipher) { - operationInst[0] = cipher; + JCSystem.beginTransaction(); + this.cipher = cipher; + JCSystem.commitTransaction(); } public void setSignature(Signature signer) { - operationInst[0] = signer; + JCSystem.beginTransaction(); + this.signature = signer; + JCSystem.commitTransaction(); } private void resetCipher() { - operationInst[0] = null; + setCipher(null); parameters[MAC_LENGTH_OFFSET] = 0; parameters[AES_GCM_UPDATE_LEN_OFFSET] = 0; parameters[BLOCK_MODE_OFFSET] = 0; @@ -101,7 +104,7 @@ private void resetCipher() { @Override public short update(byte[] inputDataBuf, short inputDataStart, short inputDataLength, byte[] outputDataBuf, short outputDataStart) { - short len = ((Cipher) operationInst[0]).update(inputDataBuf, inputDataStart, inputDataLength, + short len = cipher.update(inputDataBuf, inputDataStart, inputDataLength, outputDataBuf, outputDataStart); if (parameters[CIPHER_ALG_OFFSET] == KMType.AES && parameters[BLOCK_MODE_OFFSET] == KMType.GCM) { // Every time Block size data is stored as intermediate result. @@ -113,7 +116,7 @@ public short update(byte[] inputDataBuf, short inputDataStart, @Override public short update(byte[] inputDataBuf, short inputDataStart, short inputDataLength) { - ((Signature) operationInst[0]).update(inputDataBuf, inputDataStart, inputDataLength); + signature.update(inputDataBuf, inputDataStart, inputDataLength); return 0; } @@ -121,7 +124,6 @@ public short update(byte[] inputDataBuf, short inputDataStart, public short finish(byte[] inputDataBuf, short inputDataStart, short inputDataLen, byte[] outputDataBuf, short outputDataStart) { byte[] tmpArray = KMAndroidSEProvider.getInstance().tmpArray; - Cipher cipher = (Cipher) operationInst[0]; short cipherAlg = parameters[CIPHER_ALG_OFFSET]; short blockMode = parameters[BLOCK_MODE_OFFSET]; short mode = parameters[OPER_MODE_OFFSET]; @@ -207,11 +209,11 @@ public short sign(byte[] inputDataBuf, short inputDataStart, short inputDataLength, byte[] signBuf, short signStart) { short len = 0; try { - len = ((Signature) operationInst[0]).sign(inputDataBuf, inputDataStart, inputDataLength, + len = signature.sign(inputDataBuf, inputDataStart, inputDataLength, signBuf, signStart); } finally { - KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]); - operationInst[0] = null; + KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature); + setSigner(null); } return len; } @@ -221,33 +223,32 @@ public boolean verify(byte[] inputDataBuf, short inputDataStart, short inputDataLength, byte[] signBuf, short signStart, short signLength) { boolean ret = false; try { - ret = ((Signature) operationInst[0]).verify(inputDataBuf, inputDataStart, inputDataLength, + ret = signature.verify(inputDataBuf, inputDataStart, inputDataLength, signBuf, signStart, signLength); } finally { - KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]); - operationInst[0] = null; + KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature); + setSigner(null); } return ret; } @Override public void abort() { - if (operationInst[0] != null) { - if (parameters[OPER_MODE_OFFSET] == KMType.ENCRYPT || - parameters[OPER_MODE_OFFSET] == KMType.DECRYPT) { - KMAndroidSEProvider.getInstance().releaseCipherInstance((Cipher) operationInst[0]); - resetCipher(); - } else { - KMAndroidSEProvider.getInstance().releaseSignatureInstance((Signature) operationInst[0]); - } - operationInst[0] = null; + // do nothing + if (cipher != null) { + KMAndroidSEProvider.getInstance().releaseCipherInstance(cipher); + resetCipher(); + } + if (signature != null) { + KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature); + setSigner(null); } KMAndroidSEProvider.getInstance().releaseOperationInstance(this); } @Override public void updateAAD(byte[] dataBuf, short dataStart, short dataLength) { - ((AEADCipher) operationInst[0]).updateAAD(dataBuf, dataStart, dataLength); + ((AEADCipher) cipher).updateAAD(dataBuf, dataStart, dataLength); } @Override From 96e6daeecdff2c0fc08ee03ec52c8284fcd67d0d Mon Sep 17 00:00:00 2001 From: bvenkatswarlu Date: Wed, 14 Apr 2021 20:05:22 +0530 Subject: [PATCH 2/3] Fixed compilation error --- .../src/com/android/javacard/keymaster/KMOperationImpl.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java index 0a2b5943..3d06cd99 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java @@ -213,7 +213,7 @@ public short sign(byte[] inputDataBuf, short inputDataStart, signBuf, signStart); } finally { KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature); - setSigner(null); + setSignature(null); } return len; } @@ -227,7 +227,7 @@ public boolean verify(byte[] inputDataBuf, short inputDataStart, signBuf, signStart, signLength); } finally { KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature); - setSigner(null); + setSignature(null); } return ret; } @@ -241,7 +241,7 @@ public void abort() { } if (signature != null) { KMAndroidSEProvider.getInstance().releaseSignatureInstance(signature); - setSigner(null); + setSignature(null); } KMAndroidSEProvider.getInstance().releaseOperationInstance(this); } From 92ac00b7761b95149a93479446f2d358c641657f Mon Sep 17 00:00:00 2001 From: BKSSMVenkateswarlu <40534495+BKSSMVenkateswarlu@users.noreply.github.com> Date: Wed, 14 Apr 2021 18:09:31 +0100 Subject: [PATCH 3/3] Update KMOperationImpl.java Removed comment. --- .../src/com/android/javacard/keymaster/KMOperationImpl.java | 1 - 1 file changed, 1 deletion(-) diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java index 3d06cd99..32741eed 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java @@ -234,7 +234,6 @@ public boolean verify(byte[] inputDataBuf, short inputDataStart, @Override public void abort() { - // do nothing if (cipher != null) { KMAndroidSEProvider.getInstance().releaseCipherInstance(cipher); resetCipher();