From 37a8ac1d459d1bbe0b6dc3fb5fa89c78b3e97c2d Mon Sep 17 00:00:00 2001
From: David Drysdale <drysdale@google.com>
Date: Wed, 18 May 2022 11:12:01 +0100
Subject: [PATCH] KeyMint HAL: pass auth token on updateAad

Bug: 230716629
Test: CtsVerifier with aosp/2077898 included
Change-Id: I2ba275718ef7ce6cc701ac2eb4a122639d7a4351
---
 trusty/keymaster/keymint/TrustyKeyMintOperation.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/trusty/keymaster/keymint/TrustyKeyMintOperation.cpp b/trusty/keymaster/keymint/TrustyKeyMintOperation.cpp
index 9440724da..78e765e9c 100644
--- a/trusty/keymaster/keymint/TrustyKeyMintOperation.cpp
+++ b/trusty/keymaster/keymint/TrustyKeyMintOperation.cpp
@@ -52,11 +52,15 @@ TrustyKeyMintOperation::~TrustyKeyMintOperation() {
 }
 
 ScopedAStatus TrustyKeyMintOperation::updateAad(
-        const vector<uint8_t>& input, const optional<HardwareAuthToken>& /* authToken */,
+        const vector<uint8_t>& input, const optional<HardwareAuthToken>& authToken,
         const optional<TimeStampToken>& /* timestampToken */) {
     UpdateOperationRequest request(impl_->message_version());
     request.op_handle = opHandle_;
     request.additional_params.push_back(TAG_ASSOCIATED_DATA, input.data(), input.size());
+    if (authToken) {
+        auto tokenAsVec(authToken2AidlVec(*authToken));
+        request.additional_params.push_back(TAG_AUTH_TOKEN, tokenAsVec.data(), tokenAsVec.size());
+    }
 
     UpdateOperationResponse response(impl_->message_version());
     impl_->UpdateOperation(request, &response);