From 86f1ccef13278d2bf1652d902e1679d145246ae6 Mon Sep 17 00:00:00 2001 From: bvenkatswarlu Date: Thu, 29 Apr 2021 16:23:08 +0530 Subject: [PATCH 1/3] Fixed the failure in Unittest --- .../test/com/android/javacard/test/KMFunctionalTest.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java index 9df39738..1e80f4b2 100644 --- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java +++ b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java @@ -2758,9 +2758,9 @@ public void testUpgradeKey() { {0, OS_PATCH_LEVEL+1, VENDOR_PATCH_LEVEL-1, BOOT_PATCH_LEVEL+1, NO_UPGRADE, KMError.INVALID_ARGUMENT }, }; for (int i = 0; i < test_data.length; i++) { - setAndroidOSSystemProperties(simulator, (short) test_data[i][0], (short) test_data[i][1], - (short) test_data[i][2]); setBootParams(simulator, (short) test_data[i][3]); + setAndroidOSSystemProperties(simulator, (short) test_data[i][0], (short) test_data[i][1], + (short) test_data[i][2]); ret = upgradeKey( KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), null, null, test_data[i][5]); From 1be6a40698903636ddecf25592781d296398231c Mon Sep 17 00:00:00 2001 From: BKSSM Venkateswarlu Date: Thu, 29 Apr 2021 18:32:32 +0530 Subject: [PATCH 2/3] Fixed the erros after merging branch --- HAL/keymaster/4.1/JavacardKeymaster4Device.cpp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp index f1f25cb4..a7298172 100644 --- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp +++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp @@ -438,7 +438,11 @@ ErrorCode sendData(Instruction ins, std::vector& inData, std::vector& oprCtx) { ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; cppbor::Array array; std::unique_ptr item; @@ -453,7 +457,7 @@ static ErrorCode setAndroidSystemProperties(CborConverter& cborConverter_) { if (ErrorCode::OK == errorCode) { //Skip last 2 bytes in cborData, it contains status. std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), - true); + true, oprCtx); } if (ErrorCode::OK != errorCode) LOG(ERROR) << "Failed to set os_version, os_patchlevel and vendor_patchlevel err: " << (int32_t) errorCode; @@ -471,7 +475,7 @@ JavacardKeymaster4Device::JavacardKeymaster4Device(): softKm_(new ::keymaster::A // Send Android system properties like os_version, os_patchlevel and vendor_patchlevel // to the Applet. Incase if setting system properties fails here, again try setting // it from computeSharedHmac. - if (ErrorCode::OK == setAndroidSystemProperties(cborConverter_)) { + if (ErrorCode::OK == setAndroidSystemProperties(cborConverter_, oprCtx_)) { isEachSystemPropertySet = true; } From e83ce6b91378f58ed4c697b051f2906612965966 Mon Sep 17 00:00:00 2001 From: bvenkatswarlu Date: Thu, 29 Apr 2021 21:00:47 +0530 Subject: [PATCH 3/3] Allow checking of boot signal event for setting boot parameters only in Active state --- Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java | 1 + 1 file changed, 1 insertion(+) diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index 78fdc4c9..6566dd55 100644 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -390,6 +390,7 @@ public void process(APDU apdu) { switch (apduIns) { case INS_SET_BOOT_PARAMS_CMD: if (seProvider.isBootSignalEventSupported() + && (keymasterState == KMKeymasterApplet.ACTIVE_STATE) && (!seProvider.isDeviceRebooted())) { ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED); }