diff options
author | Chad Brubaker <cbrubaker@google.com> | 2015-06-04 19:48:27 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-06-04 19:48:33 +0000 |
commit | f82cd5c843faddb89156d331c8d96522878a0524 (patch) | |
tree | d7e5f9f7437e5d7598348fd491682649e118e619 | |
parent | 8c683b98e0b7ed1aa319f727f1d87ba5c410b30b (diff) | |
parent | 0d33e0babec356b1e69f1f15e8d9fe2ad878762c (diff) | |
download | android_system_security-f82cd5c843faddb89156d331c8d96522878a0524.tar.gz android_system_security-f82cd5c843faddb89156d331c8d96522878a0524.tar.bz2 android_system_security-f82cd5c843faddb89156d331c8d96522878a0524.zip |
Merge "Add optional additional entropy to finish" into mnc-dev
-rw-r--r-- | keystore/IKeystoreService.cpp | 16 | ||||
-rw-r--r-- | keystore/include/keystore/IKeystoreService.h | 1 | ||||
-rw-r--r-- | keystore/keystore.cpp | 17 |
3 files changed, 27 insertions, 7 deletions
diff --git a/keystore/IKeystoreService.cpp b/keystore/IKeystoreService.cpp index fc0b8da..9d19b46 100644 --- a/keystore/IKeystoreService.cpp +++ b/keystore/IKeystoreService.cpp @@ -1129,7 +1129,9 @@ public: } virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params, - const uint8_t* signature, size_t signatureLength, OperationResult* result) + const uint8_t* signature, size_t signatureLength, + const uint8_t* entropy, size_t entropyLength, + OperationResult* result) { if (!result) { return; @@ -1140,6 +1142,7 @@ public: data.writeInt32(1); params.writeToParcel(&data); data.writeByteArray(signatureLength, signature); + data.writeByteArray(entropyLength, entropy); status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply); if (status != NO_ERROR) { ALOGD("finish() could not contact remote: %d\n", status); @@ -1681,11 +1684,14 @@ status_t BnKeystoreService::onTransact( if (data.readInt32() != 0) { args.readFromParcel(data); } - const uint8_t* buf = NULL; - size_t bufLength = 0; - readByteArray(data, &buf, &bufLength); + const uint8_t* signature = NULL; + size_t signatureLength = 0; + readByteArray(data, &signature, &signatureLength); + const uint8_t* entropy = NULL; + size_t entropyLength = 0; + readByteArray(data, &entropy, &entropyLength); OperationResult result; - finish(token, args, buf, bufLength, &result); + finish(token, args, signature, signatureLength, entropy, entropyLength, &result); reply->writeNoException(); reply->writeInt32(1); result.writeToParcel(reply); diff --git a/keystore/include/keystore/IKeystoreService.h b/keystore/include/keystore/IKeystoreService.h index 6ad752e..c136dfd 100644 --- a/keystore/include/keystore/IKeystoreService.h +++ b/keystore/include/keystore/IKeystoreService.h @@ -218,6 +218,7 @@ public: virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params, const uint8_t* signature, size_t signatureLength, + const uint8_t* entropy, size_t entropyLength, OperationResult* result) = 0; virtual int32_t abort(const sp<IBinder>& handle) = 0; diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp index 12e52f7..a17ca20 100644 --- a/keystore/keystore.cpp +++ b/keystore/keystore.cpp @@ -2679,7 +2679,8 @@ public: } void finish(const sp<IBinder>& token, const KeymasterArguments& params, - const uint8_t* signature, size_t signatureLength, OperationResult* result) { + const uint8_t* signature, size_t signatureLength, + const uint8_t* entropy, size_t entropyLength, OperationResult* result) { if (!checkAllowedOperationParams(params.params)) { result->resultCode = KM_ERROR_INVALID_ARGUMENT; return; @@ -2696,12 +2697,24 @@ public: result->resultCode = authResult; return; } + keymaster_error_t err; + if (entropy) { + if (dev->add_rng_entropy) { + err = dev->add_rng_entropy(dev, entropy, entropyLength); + } else { + err = KM_ERROR_UNIMPLEMENTED; + } + if (err) { + result->resultCode = err; + return; + } + } keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; keymaster_blob_t input = {signature, signatureLength}; keymaster_blob_t output = {NULL, 0}; keymaster_key_param_set_t outParams = {NULL, 0}; - keymaster_error_t err = dev->finish(dev, handle, &inParams, &input, &outParams, &output); + err = dev->finish(dev, handle, &inParams, &input, &outParams, &output); // Remove the operation regardless of the result mOperationMap.removeOperation(token); mAuthTokenTable.MarkCompleted(handle); |