From 8cbd940de917925266cb6f2086975a79ba4760ca Mon Sep 17 00:00:00 2001
From: Jaeyoon Lee <joyful.lee@samsung.corp-partner.google.com>
Date: Thu, 29 Jun 2023 16:05:54 +0900
Subject: Insert DEFAULT_MGF1_DIGEST SHA-1 on MGF_DIGEST tag when
 ImportWrappedKey

SecureKeyImport is failed because of MGF_DIGEST tag mismatch.
wrapping key has MGF_DIGEST tag when generate or import key
but importWrappedKey logic does not have MGF_DIGEST tag on WrappedKeyEntry
So MGF_DIGEST tat mismatch error occur when decrypt wrapped key using wrapping key

Insert SHA-1 value on MGF_DIGEST tag because ImportWrappedKey should have spcified format
that keymint is compulsorily checking main digest SHA-256 and MGF digest SHA-1.

And MGF_DIGEST tag will add only wrappingkey has MGF_DIGEST value
in order not to affect keys generated prior to Android14.

Bug: 277853193
Test: android.keystore.cts.ImportWrappedKeyTest#testKeyStore_ImportWrappedKey
Change-Id: Id7229a763e3041ffbe73989a2bb24306b7beb7a5
Signed-off-by: Jaeyoon Lee <joyful.lee@samsung.corp-partner.google.com>
---
 .../security/keystore2/AndroidKeyStoreSpi.java     | 27 ++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
index 045e318ff513..ced58a2f72fa 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java
@@ -36,6 +36,7 @@ import android.security.keystore.KeyProtection;
 import android.security.keystore.SecureKeyImportUnavailableException;
 import android.security.keystore.WrappedKeyEntry;
 import android.system.keystore2.AuthenticatorSpec;
+import android.system.keystore2.Authorization;
 import android.system.keystore2.Domain;
 import android.system.keystore2.IKeystoreSecurityLevel;
 import android.system.keystore2.KeyDescriptor;
@@ -960,6 +961,32 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
             authenticatorSpecs.add(authSpec);
         }
 
+        if (parts.length > 2) {
+            @KeyProperties.EncryptionPaddingEnum int padding =
+                    KeyProperties.EncryptionPadding.toKeymaster(parts[2]);
+            if (padding == KeymasterDefs.KM_PAD_RSA_OAEP
+                    && response.metadata != null
+                    && response.metadata.authorizations != null) {
+                Authorization[] keyCharacteristics = response.metadata.authorizations;
+
+                for (Authorization authorization : keyCharacteristics) {
+                    // Add default MGF1 digest SHA-1
+                    // when wrapping key has KM_TAG_RSA_OAEP_MGF_DIGEST tag
+                    if (authorization.keyParameter.tag
+                            == KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST) {
+                        // Default MGF1 digest is SHA-1
+                        // and KeyMint only supports default MGF1 digest crypto operations
+                        // for importWrappedKey.
+                        args.add(KeyStore2ParameterUtils.makeEnum(
+                                KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST,
+                                KeyProperties.Digest.toKeymaster(DEFAULT_MGF1_DIGEST)
+                        ));
+                        break;
+                    }
+                }
+            }
+        }
+
         try {
             securityLevel.importWrappedKey(
                     wrappedKey, wrappingkey,
-- 
cgit v1.2.3-59-g8ed1b