Ported keymaster fixes to Keymint.

Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java

@@ -47,6 +47,8 @@ public class KMAndroidSEApplet extends KMKeymasterApplet implements OnUpgradeLis
       INS_KEYMINT_PROVIDER_APDU_START + 6;
   private static final byte INS_PROVISION_ADDITIONAL_CERT_CHAIN_CMD =
       INS_KEYMINT_PROVIDER_APDU_START + 7;
+  private static final byte INS_SET_BOOT_ENDED_CMD = 
+		  INS_KEYMINT_PROVIDER_APDU_START + 8;
 
   private static final byte INS_KEYMINT_PROVIDER_APDU_END = 0x1F;
   public static final byte BOOT_KEY_MAX_SIZE = 32;
@@ -59,8 +61,7 @@ public class KMAndroidSEApplet extends KMKeymasterApplet implements OnUpgradeLis
   private static final byte PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04;
   private static final byte PROVISION_STATUS_ATTEST_IDS = 0x08;
   private static final byte PROVISION_STATUS_PRESHARED_SECRET = 0x10;
-  private static final byte PROVISION_STATUS_BOOT_PARAM = 0x20;
-  private static final byte PROVISION_STATUS_PROVISIONING_LOCKED = 0x40;
+  private static final byte PROVISION_STATUS_PROVISIONING_LOCKED = 0x20;
 
   public static final short SHARED_SECRET_KEY_SIZE = 32;
 
@@ -101,6 +102,13 @@ public void process(APDU apdu) {
           case INS_SET_BOOT_PARAMS_CMD:
             processSetBootParamsCmd(apdu);
             break;
+
+          case INS_SET_BOOT_ENDED_CMD:
+            //set the flag to mark boot ended
+            repository.setBootEndedStatus(true);
+            sendError(apdu, KMError.OK);
+            break;   
+
           default:
             super.process(apdu);
             break;
@@ -135,7 +143,6 @@ public void process(APDU apdu) {
         case INS_SET_BOOT_PARAMS_CMD:
 
           processSetBootParamsCmd(apdu);
-          provisionStatus |= PROVISION_STATUS_BOOT_PARAM;
           break;
 
         case INS_PROVISION_DEVICE_UNIQUE_KEY_CMD:
@@ -310,7 +317,8 @@ private void processGetProvisionStatusCmd(APDU apdu) {
 
   private void processSetBootParamsCmd(APDU apdu) {
     short argsProto = KMArray.instance((short) 5);
-
+
+    byte[] scratchPad = apdu.getBuffer();
     // Array of 4 expected arguments
     // Argument 0 Boot Patch level
     KMArray.cast(argsProto).add((short) 0, KMInteger.exp());
@@ -355,6 +363,11 @@ private void processSetBootParamsCmd(APDU apdu) {
     enumVal = KMEnum.cast(bootParam).getVal();
     ((KMAndroidSEProvider) seProvider).setDeviceLocked(enumVal == KMType.DEVICE_LOCKED_TRUE);
 
+
+    // Clear the Computed SharedHmac and Hmac nonce from persistent memory.
+    Util.arrayFillNonAtomic(scratchPad, (short) 0, KMRepository.COMPUTED_HMAC_KEY_SIZE, (byte) 0);
+    seProvider.createComputedHmacKey(scratchPad, (short) 0, KMRepository.COMPUTED_HMAC_KEY_SIZE);
+
     super.reboot();
     sendError(apdu, KMError.OK);
   }

Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java

@@ -89,6 +89,32 @@ public class KMAttestationCertImpl implements KMAttestationCert {
       0x05,
       0x00
   };
+
+
+  // Below are the allowed softwareEnforced Authorization tags inside the attestation certificate's extension.
+  private static final short[] swTagIds = {
+      KMType.ATTESTATION_APPLICATION_ID,
+      KMType.CREATION_DATETIME,
+      KMType.USAGE_EXPIRE_DATETIME,
+      KMType.ORIGINATION_EXPIRE_DATETIME,
+      KMType.ACTIVE_DATETIME,
+      KMType.UNLOCKED_DEVICE_REQUIRED
+  };
+
+  // Below are the allowed hardwareEnforced Authorization tags inside the attestation certificate's extension.
+  private static final short[] hwTagIds = {
+      KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL,
+      KMType.ATTESTATION_ID_MODEL, KMType.ATTESTATION_ID_MANUFACTURER,
+      KMType.ATTESTATION_ID_MEID, KMType.ATTESTATION_ID_IMEI,
+      KMType.ATTESTATION_ID_SERIAL, KMType.ATTESTATION_ID_PRODUCT,
+      KMType.ATTESTATION_ID_DEVICE, KMType.ATTESTATION_ID_BRAND,
+      KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST,
+      KMType.ORIGIN, KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE,
+      KMType.NO_AUTH_REQUIRED, KMType.USER_SECURE_ID,
+      KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.MIN_MAC_LENGTH,
+      KMType.CALLER_NONCE, KMType.PADDING, KMType.DIGEST, KMType.BLOCK_MODE,
+      KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE};
+
   // Validity is not fixed field
   // Subject is a fixed field with only CN= Android Keystore Key - same for all the keys
   private static final byte[] X509Subject = {
@@ -505,44 +531,27 @@ private static void pushKeyDescription() {
 
   private static void pushSWParams() {
     short last = stackPtr;
-    // Below are the allowed softwareEnforced Authorization tags inside the attestation certificate's extension.
-    short[] tagIds = {
-        KMType.ATTESTATION_APPLICATION_ID, KMType.CREATION_DATETIME,
-        KMType.USAGE_EXPIRE_DATETIME, KMType.ORIGINATION_EXPIRE_DATETIME,
-        KMType.ACTIVE_DATETIME, KMType.UNLOCKED_DEVICE_REQUIRED};
     byte index = 0;
+    short length = (short) swTagIds.length;
     do {
-      pushParams(swParams, swParamsIndex, tagIds[index]);
-    } while (++index < tagIds.length);
+      pushParams(swParams, swParamsIndex, swTagIds[index]);
+    } while (++index < length);
     pushSequenceHeader((short) (last - stackPtr));
   }
 
   private static void pushHWParams() {
     short last = stackPtr;
-    // Below are the allowed hardwareEnforced Authorization tags inside the attestation certificate's extension.
-    short[] tagIds = {
-        KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL,
-        KMType.ATTESTATION_ID_MODEL, KMType.ATTESTATION_ID_MANUFACTURER,
-        KMType.ATTESTATION_ID_MEID, KMType.ATTESTATION_ID_IMEI,
-        KMType.ATTESTATION_ID_SERIAL, KMType.ATTESTATION_ID_PRODUCT,
-        KMType.ATTESTATION_ID_DEVICE, KMType.ATTESTATION_ID_BRAND,
-        KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST,
-        KMType.ORIGIN, KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE,
-        KMType.NO_AUTH_REQUIRED, KMType.USER_SECURE_ID,
-        KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.MIN_MAC_LENGTH,
-        KMType.CALLER_NONCE, KMType.PADDING, KMType.DIGEST, KMType.BLOCK_MODE,
-        KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE};
-
     byte index = 0;
+    short length = (short) hwTagIds.length;
     do {
-      if (tagIds[index] == KMType.ROOT_OF_TRUST) {
+      if (hwTagIds[index] == KMType.ROOT_OF_TRUST) {
         pushRoT();
         continue;
       }
-      if (pushParams(hwParams, hwParamsIndex, tagIds[index])) {
+      if (pushParams(hwParams, hwParamsIndex, hwTagIds[index])) {
         continue;
       }
-    } while (++index < tagIds.length);
+    } while (++index < length);
     pushSequenceHeader((short) (last - stackPtr));
   }
 

Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMConfigurations.java

@@ -0,0 +1,23 @@
+/*
+ * Copyright(C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.javacard.keymaster;
+
+public class KMConfigurations {
+  // Machine types
+  public static final byte LITTLE_ENDIAN = 0x00;
+  public static final byte BIG_ENDIAN = 0x01;
+  public static final byte TEE_MACHINE_TYPE = LITTLE_ENDIAN;
+}

Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java

@@ -54,6 +54,8 @@ public class KMUtils {
       0, 0, 0, 0, (byte) 0x9A, 0x7E, (byte) 0xC8, 0x00};//2592000000
   public static final short year2051 = 2051;
   public static final short year2020 = 2020;
+  // Convert to milliseconds constants
+  public static final byte[] SEC_TO_MILLIS_SHIFT_POS = {9, 8, 7, 6, 5, 3};
 
   // --------------------------------------
   public static short convertToDate(short time, byte[] scratchPad,
@@ -103,10 +105,8 @@ public static short convertToDate(short time, byte[] scratchPad,
         (short) 8) >= 0) {
       Util.arrayCopyNonAtomic(fourYrsMsec, (short) 0, scratchPad, (short) 8,
           (short) 8);
-      yrsCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); // quotient
-      // is
-      // multiple
-      // of 4
+      // quotient is multiple of 4
+      yrsCount = divide(scratchPad, (short) 0, (short) 8, (short) 16);
       yrsCount = (short) (yrsCount * 4); // number of yrs.
       // copy reminder as new dividend
       Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0,
@@ -305,6 +305,14 @@ public static byte compare(byte[] buf, short lhs, short rhs) {
     return KMInteger.unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8);
   }
 
+  public static void shiftLeft(byte[] buf, short start, short count) {
+    short index = 0;
+    while (index < count) {
+      shiftLeft(buf, start);
+      index++;
+    }
+  }
+
   public static void shiftLeft(byte[] buf, short start) {
     byte index = 7;
     byte carry = 0;
@@ -419,4 +427,20 @@ public static void computeOnesCompliment(byte[] buf, short offset, short len) {
       index++;
     }
   }
+
+  // i * 1000 = (i << 9) + (i << 8) + (i << 7) + (i << 6) + (i << 5) + ( i << 3)
+  public static void convertToMilliseconds(byte[] buf, short inputOff, short outputOff,
+      short scratchPadOff) {
+    short index = 0;
+    short length = (short) SEC_TO_MILLIS_SHIFT_POS.length;
+    while (index < length) {
+      Util.arrayCopyNonAtomic(buf, inputOff, buf, scratchPadOff, (short) 8);
+      shiftLeft(buf, scratchPadOff, SEC_TO_MILLIS_SHIFT_POS[index]);
+      Util.arrayCopyNonAtomic(buf, outputOff, buf, (short) (scratchPadOff + 8), (short) 8);
+      add(buf, scratchPadOff, (short) (8 + scratchPadOff), (short) (16 + scratchPadOff));
+      Util.arrayCopyNonAtomic(buf, (short) (scratchPadOff + 16), buf, outputOff, (short) 8);
+      Util.arrayFillNonAtomic(buf, scratchPadOff, (short) 24, (byte) 0);
+      index++;
+    }
+  }
 }