diff options
| author | Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> | 2024-01-24 20:57:00 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2024-01-24 20:57:00 +0000 |
| commit | 56cdf61cbbca1ebf02e0627c451ad0a958e3944a (patch) | |
| tree | 1616cae38291cde5e7806c9c0af2c9b427746154 | |
| parent | 38252da098cf530023ccf7d394dc75af1390e55c (diff) | |
| parent | 9866ea6053c39197957be824c4f908b7e7189165 (diff) | |
| download | libese-56cdf61cbbca1ebf02e0627c451ad0a958e3944a.tar.gz | |
Merge "Removed unused functions" into main am: 9866ea6053
Original change: https://android-review.googlesource.com/c/platform/external/libese/+/2754165
Change-Id: I66ded4490b12b7ca1deb7378f29744e5e0a95701
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
23 files changed, 0 insertions, 505 deletions
diff --git a/ready_se/google/keymint/KM300/Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMAndroidSEProvider.java b/ready_se/google/keymint/KM300/Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMAndroidSEProvider.java index b8e78a0..c74081e 100644 --- a/ready_se/google/keymint/KM300/Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMAndroidSEProvider.java +++ b/ready_se/google/keymint/KM300/Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMAndroidSEProvider.java @@ -1239,7 +1239,6 @@ public class KMAndroidSEProvider implements KMSEProvider { MessageDigest.ALG_SHA_256, Signature.SIG_CIPHER_RSA, Cipher.PAD_PKCS1); RSAPrivateKey key = (RSAPrivateKey) rsaKeyPair.getPrivate(); - ; key.setExponent(secret, secretStart, secretLength); key.setModulus(modBuf, modStart, modLength); diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMAsn1Parser.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMAsn1Parser.java index 22a16a3..93ff64a 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMAsn1Parser.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMAsn1Parser.java @@ -330,7 +330,6 @@ public class KMAsn1Parser { if (data[dataInfo[DATA_CURSOR_OFFSET]] != ASN1_A0_TAG) { return; } - ; short len = header(ASN1_A0_TAG); if (len != EC_CURVE.length) { KMException.throwIt(KMError.UNKNOWN_ERROR); diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCose.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCose.java index 2854a71..39e0188 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCose.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCose.java @@ -27,19 +27,11 @@ public class KMCose { // COSE SIGN1 public static final byte COSE_SIGN1_ENTRY_COUNT = 4; - public static final byte COSE_SIGN1_PROTECTED_PARAMS_OFFSET = 0; - public static final byte COSE_SIGN1_PAYLOAD_OFFSET = 2; - public static final byte COSE_SIGN1_SIGNATURE_OFFSET = 3; // COSE MAC0 public static final byte COSE_MAC0_ENTRY_COUNT = 4; public static final byte COSE_MAC0_PROTECTED_PARAMS_OFFSET = 0; public static final byte COSE_MAC0_PAYLOAD_OFFSET = 2; public static final byte COSE_MAC0_TAG_OFFSET = 3; - // COSE ENCRYPT - public static final byte COSE_ENCRYPT_ENTRY_COUNT = 4; - public static final byte COSE_ENCRYPT_STRUCTURE_ENTRY_COUNT = 3; - public static final byte COSE_ENCRYPT_RECIPIENT_ENTRY_COUNT = 3; - // COSE Labels public static final byte COSE_LABEL_ALGORITHM = 1; public static final byte COSE_LABEL_KEYID = 4; @@ -61,10 +53,6 @@ public class KMCose { // COSE Key Operations public static final byte COSE_KEY_OP_SIGN = 1; - public static final byte COSE_KEY_OP_VERIFY = 2; - public static final byte COSE_KEY_OP_ENCRYPT = 3; - public static final byte COSE_KEY_OP_DECRYPT = 4; - // AES GCM public static final short AES_GCM_KEY_SIZE_BITS = 256; // Cose key parameters. diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCoseCertPayload.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCoseCertPayload.java index fff9cf8..c86d890 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCoseCertPayload.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCoseCertPayload.java @@ -125,12 +125,4 @@ public class KMCoseCertPayload extends KMCoseMap { Util.getShort(KMCose.SUBJECT_PUBLIC_KEY, (short) 0) // MSB (Significant) ); } - - public short getSubject() { - return getValueType(KMCose.SUBJECT, KMType.INVALID_VALUE); - } - - public short getIssuer() { - return getValueType(KMCose.ISSUER, KMType.INVALID_VALUE); - } } diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCoseHeaders.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCoseHeaders.java index 0e722d2..8715b08 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCoseHeaders.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCoseHeaders.java @@ -143,10 +143,6 @@ public class KMCoseHeaders extends KMCoseMap { return getValueType(KMCose.COSE_LABEL_COSE_KEY); } - public short getIV() { - return getValueType(KMCose.COSE_LABEL_IV); - } - public short getAlgorithm() { return getValueType(KMCose.COSE_LABEL_ALGORITHM); } diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCoseKey.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCoseKey.java index d1bfec1..4a3cb59 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCoseKey.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCoseKey.java @@ -132,10 +132,6 @@ public class KMCoseKey extends KMCoseMap { return valPtr; } - public short getKeyIdentifier() { - return getValueType(KMCose.COSE_KEY_KEY_ID, KMType.INVALID_VALUE); - } - public short getEcdsa256PublicKey(byte[] pubKey, short pubKeyOff) { short baseOffset = pubKeyOff; pubKey[pubKeyOff] = (byte) 0x04; // uncompressed. diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairByteBlobTag.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairByteBlobTag.java index 04c3abe..c7da27a 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairByteBlobTag.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairByteBlobTag.java @@ -119,10 +119,6 @@ public class KMCosePairByteBlobTag extends KMCosePairTagType { return false; } - public short getValueType() { - return BYTE_BLOB_TYPE; - } - @Override public short getKeyPtr() { return Util.getShort( diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairCoseKeyTag.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairCoseKeyTag.java index 5290da2..1fd3b83 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairCoseKeyTag.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairCoseKeyTag.java @@ -71,10 +71,6 @@ public class KMCosePairCoseKeyTag extends KMCosePairTagType { return false; } - public short getValueType() { - return COSE_KEY_TYPE; - } - @Override public short getKeyPtr() { return Util.getShort( diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairIntegerTag.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairIntegerTag.java index ea052a6..4e072ea 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairIntegerTag.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairIntegerTag.java @@ -74,10 +74,6 @@ public class KMCosePairIntegerTag extends KMCosePairTagType { return proto(ptr); } - public short getValueType() { - return INTEGER_TYPE; - } - @Override public short getKeyPtr() { return Util.getShort( diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairNegIntegerTag.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairNegIntegerTag.java index 7f01202..95b6547 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairNegIntegerTag.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairNegIntegerTag.java @@ -74,10 +74,6 @@ public class KMCosePairNegIntegerTag extends KMCosePairTagType { return ptr; } - public short getValueType() { - return NEG_INTEGER_TYPE; - } - @Override public short getKeyPtr() { return Util.getShort( diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairTagType.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairTagType.java index baa0855..85774c1 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairTagType.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairTagType.java @@ -173,17 +173,6 @@ public abstract class KMCosePairTagType extends KMType { return value; } - public static void getKeyValue(short keyPtr, byte[] dest, short offset, short len) { - short type = KMType.getType(keyPtr); - if (type == INTEGER_TYPE) { - KMInteger.cast(keyPtr).getValue(dest, offset, len); - } else if (type == NEG_INTEGER_TYPE) { - KMNInteger.cast(keyPtr).getValue(dest, offset, len); - } else { - ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); - } - } - /** * Returns the key offset from the key pointer. * @@ -204,25 +193,6 @@ public abstract class KMCosePairTagType extends KMType { } /** - * Returns the key length. - * - * @param keyPtr pointer to either KMInteger/KMInteger. - * @return length of the key. - */ - public static short getKeyLength(short keyPtr) { - short type = KMType.getType(keyPtr); - short len = 0; - if (type == INTEGER_TYPE) { - len = KMInteger.cast(keyPtr).length(); - } else if (type == NEG_INTEGER_TYPE) { - len = KMNInteger.cast(keyPtr).length(); - } else { - ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); - } - return len; - } - - /** * This function returns one of COSE_KEY_TAG_*_VALUE_TYPE tag information. * * @param ptr Pointer to one of the KMCoseKey*Value class. diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairTextStringTag.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairTextStringTag.java index 99506b6..5000b94 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairTextStringTag.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMCosePairTextStringTag.java @@ -73,10 +73,6 @@ public class KMCosePairTextStringTag extends KMCosePairTagType { return false; } - public short getValueType() { - return TEXT_STRING_TYPE; - } - @Override public short getKeyPtr() { return Util.getShort( diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMEncoder.java index 98cad49..0048175 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMEncoder.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMEncoder.java @@ -334,13 +334,6 @@ public class KMEncoder { } } - public void encodeArrayOnlyLength(short arrLength, byte[] buffer, short offset, short length) { - bufferRef[0] = buffer; - scratchBuf[START_OFFSET] = offset; - scratchBuf[LEN_OFFSET] = (short) (offset + length + 1); - writeMajorTypeWithLength(ARRAY_TYPE, length); - } - private void encodeMap(short obj) { writeMajorTypeWithLength(MAP_TYPE, KMMap.cast(obj).length()); short len = KMMap.cast(obj).length(); diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java index ea73c40..579f69c 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java @@ -131,15 +131,6 @@ public class KMEnumArrayTag extends KMTag { return null; } - public static short getValues(short tagId, short params, byte[] buf, short start) { - short tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, tagId, params); - if (tag == KMType.INVALID_VALUE) { - return KMType.INVALID_VALUE; - } - tag = KMEnumArrayTag.cast(tag).getValues(); - return KMByteBlob.cast(tag).getValues(buf, start); - } - public static boolean contains(short tagId, short tagValue, short params) { short tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, tagId, params); if (tag != KMType.INVALID_VALUE) { @@ -197,109 +188,4 @@ public class KMEnumArrayTag extends KMTag { } return false; } - - public boolean isValidDigests(byte alg) { - short index = 0; - short digest; - while (index < length()) { - digest = get(index); - switch (alg) { - case KMType.EC: - case KMType.RSA: - if (digest != KMType.DIGEST_NONE && digest != KMType.SHA2_256 && digest != KMType.SHA1) { - return false; - } - break; - case KMType.HMAC: - if (digest != KMType.SHA2_256) { - return false; - } - break; - case KMType.AES: - case KMType.DES: - if (digest != KMType.DIGEST_NONE) { - return false; - } - break; - default: - return false; - } - index++; - } - return true; - } - - public boolean isValidPaddingModes(byte alg) { - short index = 0; - short padding; - while (index < length()) { - padding = get(index); - switch (alg) { - case KMType.RSA: - if (padding != KMType.RSA_OAEP - && padding != KMType.PADDING_NONE - && padding != KMType.RSA_PKCS1_1_5_SIGN - && padding != KMType.RSA_PKCS1_1_5_ENCRYPT - && padding != KMType.RSA_PSS) { - return false; - } - break; - case KMType.AES: - case KMType.DES: - if (padding != KMType.PKCS7 && padding != KMType.PADDING_NONE) { - return false; - } - break; - case KMType.EC: - case KMType.HMAC: - if (padding != PADDING_NONE) { - return false; - } - break; - default: - return false; - } - index++; - } - return true; - } - - public boolean isValidPurpose(byte alg) { - short index = 0; - short purpose; - while (index < length()) { - purpose = get(index); - switch (purpose) { - case KMType.DECRYPT: - case KMType.ENCRYPT: - if (alg != KMType.RSA && alg != KMType.AES && alg != KMType.DES) { - return false; - } - break; - case KMType.SIGN: - case KMType.VERIFY: - if (alg != KMType.HMAC && alg != KMType.RSA && alg != KMType.EC) { - return false; - } - break; - case KMType.WRAP_KEY: - if (alg != KMType.RSA) { - return false; - } - break; - default: - return false; - } - index++; - } - return true; - } - - public boolean isValidBlockMode(byte alg) { - if (alg == KMType.AES || alg == KMType.DES) { - return true; - } else { - return false; - } - } } diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java index e6b1d37..0fa3e9d 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java @@ -119,53 +119,23 @@ public class KMHardwareAuthToken extends KMType { return KMArray.cast(arrPtr).get(USER_ID); } - public void setUserId(short vals) { - KMInteger.cast(vals); - short arrPtr = getVals(); - KMArray.cast(arrPtr).add(USER_ID, vals); - } - public short getAuthenticatorId() { short arrPtr = getVals(); return KMArray.cast(arrPtr).get(AUTHENTICATOR_ID); } - public void setAuthenticatorId(short vals) { - KMInteger.cast(vals); - short arrPtr = getVals(); - KMArray.cast(arrPtr).add(AUTHENTICATOR_ID, vals); - } - public short getHwAuthenticatorType() { short arrPtr = getVals(); return KMArray.cast(arrPtr).get(HW_AUTHENTICATOR_TYPE); } - public void setHwAuthenticatorType(short vals) { - KMEnum.cast(vals); - short arrPtr = getVals(); - KMArray.cast(arrPtr).add(HW_AUTHENTICATOR_TYPE, vals); - } - public short getTimestamp() { short arrPtr = getVals(); return KMArray.cast(arrPtr).get(TIMESTAMP); } - public void setTimestamp(short vals) { - KMInteger.cast(vals); - short arrPtr = getVals(); - KMArray.cast(arrPtr).add(TIMESTAMP, vals); - } - public short getMac() { short arrPtr = getVals(); return KMArray.cast(arrPtr).get(MAC); } - - public void setMac(short vals) { - KMByteBlob.cast(vals); - short arrPtr = getVals(); - KMArray.cast(arrPtr).add(MAC, vals); - } } diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMInteger.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMInteger.java index b09de0f..89960d7 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMInteger.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMInteger.java @@ -172,10 +172,6 @@ public class KMInteger extends KMType { Util.arrayCopyNonAtomic(heap, getStartOff(), dest, destOff, length); } - public void setValue(byte[] src, short srcOff) { - Util.arrayCopyNonAtomic(src, srcOff, heap, getStartOff(), length()); - } - public short value(byte[] dest, short destOff) { Util.arrayCopyNonAtomic(heap, getStartOff(), dest, destOff, length()); return length(); diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java index 54ab6ee..74e3769 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java @@ -456,17 +456,4 @@ public class KMKeyParameters extends KMType { } return ret; } - - public void deleteCustomTags() { - short arrPtr = getVals(); - short index = (short) (customTags.length - 1); - short obj; - while (index >= 0) { - obj = findTag(customTags[(short) (index - 1)], customTags[index]); - if (obj != KMType.INVALID_VALUE) { - KMArray.cast(arrPtr).deleteLastEntry(); - } - index -= 2; - } - } } diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java index 78ea201..516a263 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java @@ -1020,124 +1020,6 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe return len; } - public static short validateCertChain( - boolean validateEekRoot, - byte expCertAlg, - byte expLeafCertAlg, - short certChainArr, - byte[] scratchPad, - Object[] authorizedEekRoots) { - short len = KMArray.cast(certChainArr).length(); - short coseHeadersExp = KMCoseHeaders.exp(); - // prepare exp for coseky - short coseKeyExp = KMCoseKey.exp(); - short ptr1; - short ptr2; - short signStructure; - short encodedLen; - short prevCoseKey = 0; - short keySize; - short alg = expCertAlg; - short index; - for (index = 0; index < len; index++) { - ptr1 = KMArray.cast(certChainArr).get(index); - - // validate protected Headers - ptr2 = KMArray.cast(ptr1).get(KMCose.COSE_SIGN1_PROTECTED_PARAMS_OFFSET); - ptr2 = - decoder.decode( - coseHeadersExp, - KMByteBlob.cast(ptr2).getBuffer(), - KMByteBlob.cast(ptr2).getStartOff(), - KMByteBlob.cast(ptr2).length()); - if (!KMCoseHeaders.cast(ptr2).isDataValid(rkp.rkpTmpVariables, alg, KMType.INVALID_VALUE)) { - KMException.throwIt(KMError.STATUS_FAILED); - } - - // parse and get the public key from payload. - ptr2 = KMArray.cast(ptr1).get(KMCose.COSE_SIGN1_PAYLOAD_OFFSET); - ptr2 = - decoder.decode( - coseKeyExp, - KMByteBlob.cast(ptr2).getBuffer(), - KMByteBlob.cast(ptr2).getStartOff(), - KMByteBlob.cast(ptr2).length()); - if ((index == (short) (len - 1)) && len > 1) { - alg = expLeafCertAlg; - } - if (!KMCoseKey.cast(ptr2) - .isDataValid( - rkp.rkpTmpVariables, - KMCose.COSE_KEY_TYPE_EC2, - KMType.INVALID_VALUE, - alg, - KMCose.COSE_ECCURVE_256)) { - KMException.throwIt(KMError.STATUS_FAILED); - } - if (prevCoseKey == 0) { - prevCoseKey = ptr2; - } - // Get the public key. - keySize = KMCoseKey.cast(prevCoseKey).getEcdsa256PublicKey(scratchPad, (short) 0); - if (keySize != 65) { - KMException.throwIt(KMError.STATUS_FAILED); - } - if (validateEekRoot && (index == 0)) { - boolean found = false; - // In prod mode the first pubkey should match a well-known Google public key. - for (short i = 0; i < (short) authorizedEekRoots.length; i++) { - if (0 - == Util.arrayCompare( - scratchPad, - (short) 0, - (byte[]) authorizedEekRoots[i], - (short) 0, - (short) ((byte[]) authorizedEekRoots[i]).length)) { - found = true; - break; - } - } - if (!found) { - KMException.throwIt(KMError.STATUS_FAILED); - } - } - // Validate signature. - signStructure = - KMCose.constructCoseSignStructure( - KMArray.cast(ptr1).get(KMCose.COSE_SIGN1_PROTECTED_PARAMS_OFFSET), - KMByteBlob.instance((short) 0), - KMArray.cast(ptr1).get(KMCose.COSE_SIGN1_PAYLOAD_OFFSET)); - encodedLen = - KMKeymasterApplet.encodeToApduBuffer( - signStructure, scratchPad, keySize, KMKeymasterApplet.MAX_COSE_BUF_SIZE); - - short signatureLen = - rkp.encodeES256CoseSignSignature( - KMByteBlob.cast(KMArray.cast(ptr1).get(KMCose.COSE_SIGN1_SIGNATURE_OFFSET)) - .getBuffer(), - KMByteBlob.cast(KMArray.cast(ptr1).get(KMCose.COSE_SIGN1_SIGNATURE_OFFSET)) - .getStartOff(), - KMByteBlob.length(KMArray.cast(ptr1).get(KMCose.COSE_SIGN1_SIGNATURE_OFFSET)), - scratchPad, - (short) (keySize + encodedLen)); - - if (!seProvider.ecVerify256( - scratchPad, - (short) 0, - keySize, - scratchPad, - keySize, - encodedLen, - scratchPad, - (short) (keySize + encodedLen), - signatureLen)) { - KMException.throwIt(KMError.STATUS_FAILED); - } - prevCoseKey = ptr2; - } - return prevCoseKey; - } - public static short generateDiceCertChain(byte[] scratchPad) { if (kmDataStore.isProvisionLocked()) { KMException.throwIt(KMError.STATUS_FAILED); @@ -2335,31 +2217,6 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe sendResponse(apdu, KMError.OK); } - private short aesGCMEncrypt( - short aesSecret, short input, short nonce, short authData, short authTag, byte[] scratchPad) { - Util.arrayFillNonAtomic(scratchPad, (short) 0, KMByteBlob.cast(input).length(), (byte) 0); - short len = - seProvider.aesGCMEncrypt( - KMByteBlob.cast(aesSecret).getBuffer(), - KMByteBlob.cast(aesSecret).getStartOff(), - KMByteBlob.cast(aesSecret).length(), - KMByteBlob.cast(input).getBuffer(), - KMByteBlob.cast(input).getStartOff(), - KMByteBlob.cast(input).length(), - scratchPad, - (short) 0, - KMByteBlob.cast(nonce).getBuffer(), - KMByteBlob.cast(nonce).getStartOff(), - KMByteBlob.cast(nonce).length(), - KMByteBlob.cast(authData).getBuffer(), - KMByteBlob.cast(authData).getStartOff(), - KMByteBlob.cast(authData).length(), - KMByteBlob.cast(authTag).getBuffer(), - KMByteBlob.cast(authTag).getStartOff(), - KMByteBlob.cast(authTag).length()); - return KMByteBlob.instance(scratchPad, (short) 0, len); - } - private short aesGCMDecrypt( short aesSecret, short input, short nonce, short authData, short authTag, byte[] scratchPad) { Util.arrayFillNonAtomic(scratchPad, (short) 0, KMByteBlob.cast(input).length(), (byte) 0); @@ -4621,16 +4478,6 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe kmDataStore.removeAllAuthTags(); } - protected void initSystemBootParams( - short osVersion, short osPatchLevel, short vendorPatchLevel, short bootPatchLevel) { - osVersion = KMInteger.uint_16(osVersion); - osPatchLevel = KMInteger.uint_16(osPatchLevel); - vendorPatchLevel = KMInteger.uint_16((short) vendorPatchLevel); - setOsVersion(osVersion); - setOsPatchLevel(osPatchLevel); - setVendorPatchLevel(vendorPatchLevel); - } - protected void setOsVersion(short version) { kmDataStore.setOsVersion( KMInteger.cast(version).getBuffer(), @@ -4984,7 +4831,6 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe default: KMException.throwIt(KMError.INVALID_KEY_BLOB); } - ; // KeyBlob size should not be less than the minimum KeyBlob size. if (KMArray.cast(parsedBlob).length() < minArraySize) { KMException.throwIt(KMError.INVALID_KEY_BLOB); @@ -5046,7 +4892,6 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe default: KMException.throwIt(KMError.INVALID_KEY_BLOB); } - ; KMArray.cast(data[KEY_BLOB]).add(keyBlobSecretOff, data[SECRET]); } diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeymintDataStore.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeymintDataStore.java index 65117eb..908cbdc 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeymintDataStore.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeymintDataStore.java @@ -382,10 +382,6 @@ public class KMKeymintDataStore implements KMUpgradable { writeDataEntry(HMAC_NONCE, nonce, offset, len); } - public void clearHmacNonce() { - clearDataEntry(HMAC_NONCE); - } - public boolean persistAuthTag(short authTag) { if (KMByteBlob.cast(authTag).length() != AUTH_TAG_LENGTH) { diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMMap.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMMap.java index 2418204..fee6922 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMMap.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMMap.java @@ -191,10 +191,6 @@ public class KMMap extends KMType { KMCoseMap.canonicalize(instanceTable[KM_MAP_OFFSET], length()); } - public short containedType() { - return Util.getShort(heap, (short) (instanceTable[KM_MAP_OFFSET] + TLV_HEADER_SIZE)); - } - public short getStartOff() { return (short) (instanceTable[KM_MAP_OFFSET] + TLV_HEADER_SIZE + MAP_HEADER_SIZE); } diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMRemotelyProvisionedComponentDevice.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMRemotelyProvisionedComponentDevice.java index 612bfcd..8fc5aed 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMRemotelyProvisionedComponentDevice.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMRemotelyProvisionedComponentDevice.java @@ -1285,74 +1285,6 @@ public class KMRemotelyProvisionedComponentDevice { return KMKeyParameters.instance(arrPtr); } - private boolean isSignedByte(byte b) { - return ((b & 0x0080) != 0); - } - - private short writeIntegerHeader(short valueLen, byte[] data, short offset) { - // write length - data[offset] = (byte) valueLen; - // write INTEGER tag - offset--; - data[offset] = 0x02; - return offset; - } - - private short writeSequenceHeader(short valueLen, byte[] data, short offset) { - // write length - data[offset] = (byte) valueLen; - // write INTEGER tag - offset--; - data[offset] = 0x30; - return offset; - } - - private short writeSignatureData( - byte[] input, short inputOff, short inputlen, byte[] output, short offset) { - Util.arrayCopyNonAtomic(input, inputOff, output, offset, inputlen); - if (isSignedByte(input[inputOff])) { - offset--; - output[offset] = (byte) 0; - } - return offset; - } - - public short encodeES256CoseSignSignature( - byte[] input, short offset, short len, byte[] scratchPad, short scratchPadOff) { - // SEQ [ INTEGER(r), INTEGER(s)] - // write from bottom to the top - if (len != 64) { - KMException.throwIt(KMError.INVALID_DATA); - } - short maxTotalLen = 72; - short end = (short) (scratchPadOff + maxTotalLen); - // write s. - short start = (short) (end - 32); - start = writeSignatureData(input, (short) (offset + 32), (short) 32, scratchPad, start); - // write length and header - short length = (short) (end - start); - start--; - start = writeIntegerHeader(length, scratchPad, start); - // write r - short rEnd = start; - start = (short) (start - 32); - start = writeSignatureData(input, offset, (short) 32, scratchPad, start); - // write length and header - length = (short) (rEnd - start); - start--; - start = writeIntegerHeader(length, scratchPad, start); - // write length and sequence header - length = (short) (end - start); - start--; - start = writeSequenceHeader(length, scratchPad, start); - length = (short) (end - start); - if (start > scratchPadOff) { - // re adjust the buffer - Util.arrayCopyNonAtomic(scratchPad, start, scratchPad, scratchPadOff, length); - } - return length; - } - private short rkpHmacSign( byte[] data, short dataStart, short dataLength, byte[] signature, short signatureStart) { short result = diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMTag.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMTag.java index 3033a70..d7d549a 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMTag.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMTag.java @@ -55,29 +55,6 @@ public class KMTag extends KMType { return tag != KMType.INVALID_VALUE; } - public static boolean isEqual(short params, short tagType, short tagKey, short value) { - switch (tagType) { - case KMType.ENUM_TAG: - return KMEnumTag.getValue(tagKey, params) == value; - case KMType.UINT_TAG: - case KMType.DATE_TAG: - case KMType.ULONG_TAG: - return KMIntegerTag.isEqual(params, tagType, tagKey, value); - case KMType.ENUM_ARRAY_TAG: - return KMEnumArrayTag.contains(tagKey, value, params); - case KMType.UINT_ARRAY_TAG: - case KMType.ULONG_ARRAY_TAG: - return KMIntegerArrayTag.contains(tagKey, value, params); - } - return false; - } - - public static void assertTrue(boolean condition, short error) { - if (!condition) { - KMException.throwIt(error); - } - } - public static boolean isValidPublicExponent(short params) { short pubExp = KMKeyParameters.findTag(KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, params); if (pubExp == KMType.INVALID_VALUE) { diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMType.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMType.java index 59f45da..873ca8b 100644 --- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMType.java +++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMType.java @@ -227,7 +227,6 @@ public abstract class KMType { public static final short ORIGINATION_EXPIRE_DATETIME = 0x0191; public static final short USAGE_EXPIRE_DATETIME = 0x0192; public static final short CREATION_DATETIME = 0x02BD; - ; public static final short CERTIFICATE_NOT_BEFORE = 0x03F0; public static final short CERTIFICATE_NOT_AFTER = 0x03F1; // Integer Array Tags - ULONG_REP and UINT_REP. @@ -304,8 +303,6 @@ public abstract class KMType { // Subject Name public static final short CERTIFICATE_SUBJECT_NAME = (short) 0x03EF; - public static final short LENGTH_FROM_PDU = (short) 0xFFFF; - public static final byte NO_VALUE = (byte) 0xff; // Support Curves for Eek Chain validation. public static final byte RKP_CURVE_NONE = 0; |