From 8dda0ab8837825276c2dc85ba6f7179a36772f14 Mon Sep 17 00:00:00 2001
From: Subrahmanya Manikanta Venkateswarlu Bhamidipati Kameswara Sri
 <subrahmanyaman@google.com>
Date: Mon, 30 Oct 2023 03:20:16 +0000
Subject: Fix asymmetric secure key import

Bug: 292534977
Test: atest android.keystore.cts.ImportWrappedKeyTest
Change-Id: I8d507f1a7d26fa7936aabd99d7d4ef3e29818888
---
 .../javacard/keymaster/KMKeymasterApplet.java      | 53 +++++++++++++---------
 1 file changed, 32 insertions(+), 21 deletions(-)

diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index 19c91dd..06051f2 100644
--- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -2360,8 +2360,8 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
   }
 
   private short aesGCMDecrypt(
-      short aesSecret, short input, short nonce, short authData, short authTag, byte[] scratchPad) {
-    Util.arrayFillNonAtomic(scratchPad, (short) 0, KMByteBlob.cast(input).length(), (byte) 0);
+      short aesSecret, short input, short nonce, short authData, short authTag) {
+    short outPtr = KMByteBlob.instance(KMByteBlob.cast(input).length());
     if (!seProvider.aesGCMDecrypt(
         KMByteBlob.cast(aesSecret).getBuffer(),
         KMByteBlob.cast(aesSecret).getStartOff(),
@@ -2369,8 +2369,8 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
         KMByteBlob.cast(input).getBuffer(),
         KMByteBlob.cast(input).getStartOff(),
         KMByteBlob.cast(input).length(),
-        scratchPad,
-        (short) 0,
+        KMByteBlob.cast(outPtr).getBuffer(),
+        KMByteBlob.cast(outPtr).getStartOff(),
         KMByteBlob.cast(nonce).getBuffer(),
         KMByteBlob.cast(nonce).getStartOff(),
         KMByteBlob.cast(nonce).length(),
@@ -2382,7 +2382,7 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
         KMByteBlob.cast(authTag).length())) {
       KMException.throwIt(KMError.VERIFICATION_FAILED);
     }
-    return KMByteBlob.instance(scratchPad, (short) 0, KMByteBlob.cast(input).length());
+    return outPtr;
   }
 
   private short finishImportWrappedKeyCmd(APDU apdu) {
@@ -2422,8 +2422,7 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
             data[INPUT_DATA],
             data[NONCE],
             data[AUTH_DATA],
-            data[AUTH_TAG],
-            scratchPad);
+            data[AUTH_TAG]);
     resetWrappingKey();
     // Step 5 - Import decrypted key
     data[ORIGIN] = KMType.SECURELY_IMPORTED;
@@ -2449,20 +2448,8 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
     }
     cert.subjectName(subject);
     // Validity period must be specified
-    short notBefore =
-        KMKeyParameters.findTag(
-            KMType.DATE_TAG, KMType.CERTIFICATE_NOT_BEFORE, data[KEY_PARAMETERS]);
-    if (notBefore == KMType.INVALID_VALUE) {
-      KMException.throwIt(KMError.MISSING_NOT_BEFORE);
-    }
-    notBefore = KMIntegerTag.cast(notBefore).getValue();
-    short notAfter =
-        KMKeyParameters.findTag(
-            KMType.DATE_TAG, KMType.CERTIFICATE_NOT_AFTER, data[KEY_PARAMETERS]);
-    if (notAfter == KMType.INVALID_VALUE) {
-      KMException.throwIt(KMError.MISSING_NOT_AFTER);
-    }
-    notAfter = KMIntegerTag.cast(notAfter).getValue();
+    short notBefore = getCertificateValidityDate(KMType.CERTIFICATE_NOT_BEFORE, scratchPad);
+    short notAfter = getCertificateValidityDate(KMType.CERTIFICATE_NOT_AFTER, scratchPad);
     // VTS sends notBefore == Epoch.
     Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 8, (byte) 0);
     short epoch = KMInteger.instance(scratchPad, (short) 0, (short) 8);
@@ -2494,6 +2481,30 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
     return cert;
   }
 
+  private short getCertificateValidityDate(short tag, byte[] scratchpad) {
+    short error = KMError.UNKNOWN_ERROR;
+    switch(tag) {
+    case KMType.CERTIFICATE_NOT_AFTER:
+      error = KMError.MISSING_NOT_AFTER;
+      Util.arrayCopyNonAtomic(dec319999Ms, (short) 0, scratchpad, (short) 0, (short) dec319999Ms.length);
+      break;
+    case KMType.CERTIFICATE_NOT_BEFORE:
+      error = KMError.MISSING_NOT_BEFORE;
+      Util.arrayFillNonAtomic(scratchpad, (short) 0, (short) 8, (byte) 0);
+      break;
+      default:
+        KMException.throwIt(KMError.INVALID_TAG);
+    }
+    short datePtr = KMKeyParameters.findTag(KMType.DATE_TAG, tag, data[KEY_PARAMETERS]);
+    if (datePtr == KMType.INVALID_VALUE ) {
+      if (data[ORIGIN] == KMType.SECURELY_IMPORTED) {
+        return KMInteger.instance(scratchpad, (short) 0, (short) 8);
+      }
+      KMException.throwIt(error);
+    }
+    return KMIntegerTag.cast(datePtr).getValue();
+  }
+
   private KMAttestationCert makeAttestationCert(
       short attKeyBlob, short attKeyParam, short attChallenge, short issuer, byte[] scratchPad) {
     KMAttestationCert cert = makeCommonCert(scratchPad);
-- 
cgit v1.2.3