Release only targeted for Android T VSR devices launching with Keymint 200 + Factory Attestation (without RKPv2)

This is the Version 1.0 release for Javacard KeyMint 200 with Factory Attestation. Please refer to the following release notes for details.

Previous Release Tag : JC_Keymint_200_v1.0
Current Release Tag : JC_Keymint_200_Factory_Attestation_v1.0
Branch: Javacard_KeyMint_200_master_with_factory_attestation
KeyMint Spec Version: 2.0 (no RKP)

Release Documents:
https://drive.google.com/corp/drive/folders/1BTebVySE4Olj_YJDY33FNjHWX8R_BdmA

Release Folder Contents
[External] Android Ready SE - StrongBox RMA.pdf
[External] Javacard KeyBlob Versioning.pdf
[External] Javacard Keymint 2.0 v1.0 Release Notes.pdf
[External] KeyMint Applet Ready State.pdf
[External] Keymint 2.0 Reference Integration Guide
[External] Strongbox Intermediate Key Signing
[External] Keymint Provisioning.pdf
[External] xTS Setup Guide for Keymint100.pdf

Release Highlights
Please refer to detailed release notes for complete list.

Implementation of KeyMint 2.0 specification without RKP

• NVM Changes from KeyMint300 to KeyMint200 by @subrahmanyaman in #234
• Import wrapped key fix merged from KeyMint300 by @subrahmanyaman in #235
• Remove getter setter - Merge from KeyMint300 by @subrahmanyaman in #236
• Fixed the issue with one of the wychproof test vectors for RSA OAEP by @subrahmanyaman in #237
• Correction in the calcuclation of RSA KeySize in importKey by @subrahmanyaman in #238
• Support for Factory attestation and removed RKP by @subrahmanyaman in #246

Full Changelog: JC_Keymint_200_RKP_v2-Release-v1.0...JC_Keymint_200_Factory_Attestation_v1.0

This is the Javacard KeyMint 300 with RKP v3 intermediate release (v0.1). Please refer to the following release notes for details.

Previous Release Tag : JC_Keymint_200_RKP_v2-Release-v1.0
Current Release Tag : JC_Keymint_300_RKP_v3-v0.1
Branch: Javacard_KeyMint_300_master
KeyMint Spec Version: 3.0
RKP Version: v3
Release Status: Intermediate

Release Documents:
https://drive.google.com/corp/drive/folders/1lue960pFcpzHYvaviH0YyuTSclJVmMRo

Release Folder Contents

[External] Android Ready SE - StrongBox RMA.pdf
[External] Javacard KeyBlob Versioning.pdf
[External] Javacard Keymint 300 v0.1 Release Notes.pdf
[External] KeyMint Applet Ready State.pdf
[External] Keymint 3.0 Reference Integration Guide
[External] Keymint Provisioning.pdf
[External] xTS Setup Guide for Keymint.pdf

Release Highlights
Please refer to detailed release notes for complete list.

[Intermediate] Implementation of KeyMint 3.0 specification with RKP v3

• Keymint Version Update
• Support for RKP v3 spec - removal of end to end encryption.
• Minor NVM optimization
• Minor code optimization - removal of getters and setters
• Bug Fix
  - Import Wrapped Key - Validation of key parameters based on new VTS test
  - Include key usage extension in self signed certificate.

This is the Version 1.0 release for Javacard KeyMint 200 with RKP v2. Please refer to the following release notes for details.

Previous Release Tag : JC_Keymint_100_v2.0
Current Release Tag : JC_Keymint_200_RKP_v2-Release-v1.0
Branch: Javacard_KeyMint_200_master
KeyMint Spec Version: 2.0
RKP Version: v2

Release Documents:
https://drive.google.com/corp/drive/folders/1OZ4fLLcKA-Dz6Tj7r81LD8ccTw5NCTh-

Release Folder Contents

[External] Android Ready SE - StrongBox RMA.pdf
[External] Javacard KeyBlob Versioning.pdf
[External] Javacard Keymint 2.0 v1.0 Release Notes.pdf
[External] KeyMint Applet Ready State.pdf
[External] Keymint 2.0 Reference Integration Guide
[External] Keymint Provisioning.pdf
[External] xTS Setup Guide for Keymint100.pdf

Release Highlights
Please refer to detailed release notes for complete list.

Implementation of KeyMint 2.0 specification with RKP v2

• Making RKP ACC provisioning optional
• Replace COSE ACC chain wtih x509 (optional)

This is the Version 1.0 release for Javacard KeyMint 200. Please refer to the following release notes for details.

Previous Release Tag : JC_Keymint_100_v2.0
Current Release Tag : JC_Keymint_200_v1.0-Pre-Release
Branch: Javacard_KeyMint_200_master
KeyMint Spec Version: 2.0

Release Documents:
https://drive.google.com/drive/folders/1SYInrUIPJ8Ppzo3pZWFmRhCX7pWv_OGC?usp=sharing

Release Folder Contents

• [External] Android Ready SE - StrongBox RMA.pdf
• [External] Javacard KeyBlob Versioning.pdf
• [External] Javacard Keymint 1.0 v2.0 Release Notes.pdf
• [External] KeyMint Applet Ready State.pdf
• [External] Keymint Provisioning.pdf
• [External] xTS Setup Guide for Keymint100.pdf

Release Highlights
Please refer to detailed release notes for complete list.

Implementation of KeyMint 2.0 specification.

getRootOfTrustChallenge
sendRootOfTrust
getRootOfTrust - Strongbox KeyMint returns UNIMPLEMENTED.

This is the Version 2.0 release for Javacard KeyMint 100. Please refer to the following release notes for details.

Previous Release Tag : JC_Keymint_100_v1.1
Current Release Tag : JC_Keymint_100_v2.0-Pre-Release
Branch: Javacard_KeyMint_100_master
KeyMint Spec Version: 1.0

Release Documents:
https://drive.google.com/drive/folders/1FD5NejzmUu7nFjdacJJH9JPNK3hW_DI8?usp=sharing)

Release Folder Contents

• [External] Android Ready SE - StrongBox RMA.pdf
• [External] Javacard KeyBlob Versioning.pdf
• [External] Javacard Keymint 1.0 v2.0 Release Notes.pdf
• [External] KeyMint Applet Ready State.pdf
• [External] Keymint Provisioning.pdf
• [External] xTS Setup Guide for Keymint100.pdf

Release Highlights
Please refer to detailed release notes for complete list.

• Support for RMA

Note: OEMs must provision the OEM root public key using the provision tool after the upgrade.

• Changes in the KeyBlob encryption, the KeyBlob’s version is changed from 2 to 3.

In this version, the AuthData is considered only for deriving key and not for KeyBlob encryption and decryption.
AuthData is a Cbor array containing HARDWARE_PARAMETERS, HIDDEN_PARAMETERS, VERSION, CUSTOM_TAGS, PUB_KEY.

• Moved UNLOCKED_DEVICE_REQUIRED and TRUSTED_CONFIRMATION_REQUIRED tags from strongbox enforced list to TEE enforced list
• Maximum size limit validation for all the Byte tags
• In this version only provision data, Provision status, Master key and RPK Mac key are saved and restored during applet upgrade.
• Added the JCard functional tests.
• Support of Version jump while KeyMint Applet upgrade.
• Integrated OMAPI in the HAL. Open the OMAPI session and channel indefinitely.
• Optimized NVM memory usage.

Avoided initialization of arrays inside the functions and declared them as global transient arrays.

• Critical bug fixes from KeyMint

Updated tags in hardware & software enforced in attestation record.
Digest value validation depending on the purpose.
GPIO supports changes in KeyMint. Accept setBootParamters only once after boot
Corrected Keyblob version V1 offsets.
Corrected validation of OS version and OS patch level during Keyblob upgrade.
Added Buffering of input data for RSA decryption operation in HAL

• Don't allow commands untill all the provisiong parameters (including ROT/Pre-shared secret) are available to Keymint device post device reboot (KeyMint is ready).

This is the Version 3.0 release for Javacard 4.1 Keymaster. Please refer to the following release notes for details.

Relese Tag : JC_KM_41_V3.1
Branch: master, Javacard_KM_41_AOSP_UPMERGE_0630
Keymaster Version: 4.1

Detailed Release Notes: https://drive.google.com/file/d/1BjKo2co6hut5qHv6YlqLAmCjKi-abxbn/view?usp=sharing
Release Documents: https://drive.google.com/drive/folders/14UKN80LtEnTpC-xsGETqNkcnQ9sXgaIf?usp=sharing
Folder Contains :

• Detailed Release Notes
• VTS Setup Guide
• Integration Guide
• StrongBox RMA Document
• Applet State Machine

Highlights of the changes as below: - Please refer to detailed release notes for complete list.

• Support for RMA
• Introduced SE Lock, OEM Lock, OEM Unlock in the provision flow.
• Provision OEM Root public key to authenticate OEM Unlock or OEM Lock.

Please refer to the “[External] Android Ready SE - StrongBox RMA.pdf” document for more information

• Fixed the issue with parallel operation execution with each operation overriding the previous KeyObject.
• Changes in the KeyBlob structure, the KeyBlob’s version is changed from 0 to 1.

Added a Version variable inside the KeyBlob.
Added a new entry for custom tags inside the KeyBlob.
Changes in the KeyBlob’s hidden parameters: The Root of Trust.

• Root of Trust binding, contains only Verified Boot Key, Verified Boot State and lock state of the device. ( No Verified Boot Hash)
• Maximum size limit validation for all the Byte tags
• Integrated OMAPI in the HAL and added a patch to remove the changes in [aosp_12]
• Open the OMAPI session and channel indefinitely.
• Updated the JCard functional tests.
• Support of Version jump while Keymaster Applet upgrade.
• Critical bug fixes from Keymint

Updated tags in hardware & software enforced in attestation record.

• Digest value validation depending on the purpose.
• Follow X509 standard in representing ASN.1 UTC time.
• Clear the transient buffer (heap) after reclaiming it back.
• Don't allow commands till the shared secret is negotiated (Keymaster is ready).

This is the Version bug fixes release for Javacard KeyMint 100 . Please refer to the following release notes for details.

- Previous Relese: JC_Keymint_100_v1.0
- Current Release: JC_Keymint_100_v1.1
- Branch: Javacard_KeyMint_100_master
- KeyMint Spec Version: 1.0
- Date : 02-May-2022

Release Documents:
https://drive.google.com/drive/folders/1MxUKxCzHvzR5nsq3RqRnbDIxltXMJ0f8?usp=sharing

Detailed Release Notes:
https://drive.google.com/file/d/1v0SwvO7NGndMXZGiJ7Q9jM8Vhtoxf9zn/view?usp=sharing

Other Docs Included:

• xTS Setup Guide
• Details on RKP Component Provisioning
• RKP Explanatio
• Keymint Provisioning

Release Highlights - Bug Fixes

• Changes in the KeyBlob structure, the KeyBlobś version is changed from 1 to 2.

Added a new entry for custom tags inside the KeyBlob.

Changes in the KeyBlobś hidden parameters: The Root of Trust.

• Root of Trust binding, contains only Verified Boot Key, Verified Boot State and lock state of the device. ( No Verified Boot Hash)

• Fixed the issue with parallel operation execution with each operation overriding the previous KeyObject.

Created a pool for KeyObjects, where a single KeyObject per each algorithm (AES, TDES, HMAC, RSA, EC) is created at installation time and supports on demand creation of an extra 3 KeyObjects per algorithm.

Each crypto object is associated with a separate KeyObject from the Key pool.

• Separate crypto and key instances created for RKP generateCSR flow so that it does not depend on the objects from the Pool.

• Renamed "CURRENT_PACKAGE_VERSION" variable to "KM_PERSISTENT_DATA_STORAGE_VERSION¨.

This is the Version 1.0 final release for Javacard KeyMint 1.0. Please refer to the following release notes for details.

Relese Tag : JC_Keymint_100_v1.0
Branch: Javacard_KeyMint_100_master
KeyMint Spec Version: 1.0

Detailed Release Notes:
https://docs.google.com/document/d/1DopGqSU8s7VkQgNeP0x5bqSVItlRPkVpDA5o2-KuNW4/edit#

Release Documents:
https://drive.google.com/corp/drive/folders/1bh0IMgDH4ryS_ACa12VFaQWCJ02AQsEn

Release Folder Contents

• Detailed Release Notes
• xTS Setup Guide
• Details on RKP Component Provisioning
• RKP Explanation
• Keymint Provisioning

Release Highlights
Please refer to detailed release notes for complete list.

• Few corrections in the tag related validations as per Keymint specification.
• RKP End to end testing
• Integrated OMAPI changes in the HAL source code and removed it as a patch
• KeyMint applet upgrade support.
• Use jc_strongbox as AID in the .rc file.
• Included version parameters in the KeyBlob. This is for backward compatibility for KeyBlobs.
• Maximum size limit validation for all the Byte tags
  • APPLICATION_ID and APPLICATION_DATA
  • CERTIFICATE_SUBJECT
  • ATTESTATION_APPLICATION_ID
  • BRAND, DEVICE, MODEL, IMEI, MEID, MANUFACTURER, PRODUCT, SERIAL
• Updated Goldfish patches.
• To support read data from socket over multiple calls, prepended data length to the actual data while sending over socket. This is to solve the socket issues in goldfish emulators. Please look for changes in SocketTransport, JCProxy and ProvisionTool.This is purely while testing through socket. No changes in OMAPI, HAL or Applet code.
• Updated the JCardSim code to support testing on JCardSimulator.
• Memory optimization in generateKey/importKey/importWrappedKey flow when sending the output response.
  • Created output in a stacked manner with custom cbor encoding for these functions.
  • Reclaimed the heap memory (moved heap pointer back to original state before the function call) post operations if possible.
  • Reused i/p parameters and reference to avoid copy.
  • Reduced number of exp creations for keyParameters inside keyCharacteristics.
• Feedbacks from SE partners.

This is the Version 2.0 release for Javacard 4.1 Keymaster. Please refer to the following release notes for details.

Relese Tag : JC_KM_41_V20
Branch: master
Keymaster Version: 4.1

Detailed Release Notes: https://drive.google.com/file/d/1NDDO66zcFAjHeT6oDOdqLF3Z47B1GKRK/view?usp=sharing

Release Documents: https://drive.google.com/corp/drive/folders/1NtkHdL2jvXU1bdZRUu5BuDA_cjIxFPQM
Folder Contains :

• Detailed Release Notes
• VTS Setup Guide
• Intermediate Signing Document
• Integration Guide
• Provisiong Command and Document
• OMAPI Integration document
• Applet State Machine

Highlights of the changes as below: - Please refer to detailed release notes for complete list.

Javacard Keymaster HAL changes

• Fix for the CTS failures relating to Symmetric block ciphers and stream ciphers (buffering modes).
• Cache earlyBootEnded flag and send to the applet when OMAPI/Socket is initialized
• Fix for the issue that the operation handle(i.e Challenge), inside the HardwareAuthToken and VerificationToken is mismatching with the operation handle generated by Strongbox.

Keymaster Applet

• USER_SECURE_ID tag implementation with and without AUTH_TIMEOUT tag.
• Corrected the response error codes for a few tags as per specification.
• Reduced the writes in pool implementation.
• Reset HMac signer instance for failed operations (Issue with few simulators).
• Computed shared HMAC is stored in KeyObject rather than as a byte array.
• Added Configuration class - specifies configuration for TEE implementations, endianness etc.
• Added Support for few tags
• The AUTH_TAG, which is used as auth data while encrypting the secret in the key blob, is digested with SHA256 digest to restrict the length to 32 bytes.
• Support for PKCS8 decoding in the Keymaster Applet.
• Applet upgrade with versioning.
• Keymaster Provisioning data changes.

This is the Version 2.0 release for Javacard 4.0 Keymaster. Please refer to the following release notes for details.

Relese Tag : JC_KM_40_V20
Branch: Javacard_KM_40_AOSP_UPMERGE_0630
Keymaster Version: 4.0

Detailed Release Notes: https://drive.google.com/file/d/1NDDO66zcFAjHeT6oDOdqLF3Z47B1GKRK/view?usp=sharing

Release Documents: https://drive.google.com/corp/drive/folders/1NtkHdL2jvXU1bdZRUu5BuDA_cjIxFPQM
Folder Contains :

• Detailed Release Notes
• VTS Setup Guide
• Intermediate Signing Document
• Integration Guide
• Provisiong Command and Document
• OMAPI Integration document
• Applet State Machine

Highlights of the changes as below: - Please refer to detailed release notes for complete list.Highlights of the changes:

Javacard Keymaster HAL changes

• Fix for the CTS failures relating to Symmetric block ciphers and stream ciphers (buffering modes).
• Fix for the issue that the operation handle(i.e Challenge), inside the HardwareAuthToken and VerificationToken is mismatching with the operation handle generated by Strongbox.

Keymaster Applet

• USER_SECURE_ID tag implementation with and without AUTH_TIMEOUT tag.
• Corrected the response error codes for a few tags as per specification.
• Reduced the writes in pool implementation.
• Reset HMac signer instance for failed operations (Issue with few simulators).
• Computed shared HMAC is stored in KeyObject rather than as a byte array.
• Added Configuration class - specifies configuration for TEE implementations, endianness, certificate max sizes etc.
• Added Support for few tags
• The AUTH_TAG, which is used as auth data while encrypting the secret in the key blob, is digested with SHA256 digest to restrict the length to 32 bytes.
• Support for PKCS8 decoding in the Keymaster Applet.
• Applet upgrade with versioning.
• Keymaster Provisioning data changes.