diff options
author | Chad Brubaker <cbrubaker@google.com> | 2015-05-29 12:30:19 -0700 |
---|---|---|
committer | Chad Brubaker <cbrubaker@google.com> | 2015-06-04 10:05:51 -0700 |
commit | 0d33e0babec356b1e69f1f15e8d9fe2ad878762c (patch) | |
tree | 967d82e5b78b3d099ffe9e92a2ce57d596cf41f9 | |
parent | 9ac7a27ae009692a5f8b630c79017e43e24a37e0 (diff) | |
download | android_system_security-0d33e0babec356b1e69f1f15e8d9fe2ad878762c.tar.gz android_system_security-0d33e0babec356b1e69f1f15e8d9fe2ad878762c.tar.bz2 android_system_security-0d33e0babec356b1e69f1f15e8d9fe2ad878762c.zip |
Add optional additional entropy to finish
If provided the extra entropy will be added to the device before calling
finish. If entropy is provided and the device does not support supplying
additional entropy then finish will fail with KM_ERROR_UNIMPLEMENTED.
(cherry-picked from commit 8cfb8ac6e9bd291e9d861a32de2719e3bc797191)
Change-Id: If26be118bf382604f6f8e96e833b76e6f9e94d58
-rw-r--r-- | keystore/IKeystoreService.cpp | 16 | ||||
-rw-r--r-- | keystore/include/keystore/IKeystoreService.h | 1 | ||||
-rw-r--r-- | keystore/keystore.cpp | 17 |
3 files changed, 27 insertions, 7 deletions
diff --git a/keystore/IKeystoreService.cpp b/keystore/IKeystoreService.cpp index fc0b8da..9d19b46 100644 --- a/keystore/IKeystoreService.cpp +++ b/keystore/IKeystoreService.cpp @@ -1129,7 +1129,9 @@ public: } virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params, - const uint8_t* signature, size_t signatureLength, OperationResult* result) + const uint8_t* signature, size_t signatureLength, + const uint8_t* entropy, size_t entropyLength, + OperationResult* result) { if (!result) { return; @@ -1140,6 +1142,7 @@ public: data.writeInt32(1); params.writeToParcel(&data); data.writeByteArray(signatureLength, signature); + data.writeByteArray(entropyLength, entropy); status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply); if (status != NO_ERROR) { ALOGD("finish() could not contact remote: %d\n", status); @@ -1681,11 +1684,14 @@ status_t BnKeystoreService::onTransact( if (data.readInt32() != 0) { args.readFromParcel(data); } - const uint8_t* buf = NULL; - size_t bufLength = 0; - readByteArray(data, &buf, &bufLength); + const uint8_t* signature = NULL; + size_t signatureLength = 0; + readByteArray(data, &signature, &signatureLength); + const uint8_t* entropy = NULL; + size_t entropyLength = 0; + readByteArray(data, &entropy, &entropyLength); OperationResult result; - finish(token, args, buf, bufLength, &result); + finish(token, args, signature, signatureLength, entropy, entropyLength, &result); reply->writeNoException(); reply->writeInt32(1); result.writeToParcel(reply); diff --git a/keystore/include/keystore/IKeystoreService.h b/keystore/include/keystore/IKeystoreService.h index 6ad752e..c136dfd 100644 --- a/keystore/include/keystore/IKeystoreService.h +++ b/keystore/include/keystore/IKeystoreService.h @@ -218,6 +218,7 @@ public: virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params, const uint8_t* signature, size_t signatureLength, + const uint8_t* entropy, size_t entropyLength, OperationResult* result) = 0; virtual int32_t abort(const sp<IBinder>& handle) = 0; diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp index 2208936..5be31eb 100644 --- a/keystore/keystore.cpp +++ b/keystore/keystore.cpp @@ -2671,7 +2671,8 @@ public: } void finish(const sp<IBinder>& token, const KeymasterArguments& params, - const uint8_t* signature, size_t signatureLength, OperationResult* result) { + const uint8_t* signature, size_t signatureLength, + const uint8_t* entropy, size_t entropyLength, OperationResult* result) { if (!checkAllowedOperationParams(params.params)) { result->resultCode = KM_ERROR_INVALID_ARGUMENT; return; @@ -2688,12 +2689,24 @@ public: result->resultCode = authResult; return; } + keymaster_error_t err; + if (entropy) { + if (dev->add_rng_entropy) { + err = dev->add_rng_entropy(dev, entropy, entropyLength); + } else { + err = KM_ERROR_UNIMPLEMENTED; + } + if (err) { + result->resultCode = err; + return; + } + } keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; keymaster_blob_t input = {signature, signatureLength}; keymaster_blob_t output = {NULL, 0}; keymaster_key_param_set_t outParams = {NULL, 0}; - keymaster_error_t err = dev->finish(dev, handle, &inParams, &input, &outParams, &output); + err = dev->finish(dev, handle, &inParams, &input, &outParams, &output); // Remove the operation regardless of the result mOperationMap.removeOperation(token); mAuthTokenTable.MarkCompleted(handle); |