Merge "credstore: signingKeyBlob was moved from finishRetrieval() to startRetrieval()." am: 37d5b94d14

Change-Id: I955a93741dd2eea92e2d13822b6d982029ea7355
This commit is contained in:
Automerger Merge Worker 2020-02-28 15:22:35 +00:00
commit 567cff88a1

View file

@ -242,8 +242,28 @@ Status Credential::getEntries(const vector<uint8_t>& requestMessage,
}
}
Status status = halBinder_->startRetrieval(selectedProfiles, aidlAuthToken, requestMessage,
sessionTranscript, readerSignature, requestCounts);
// Note that the selectAuthKey() method is only called if a CryptoObject is involved at
// the Java layer. So we could end up with no previously selected auth key and we may
// need one.
const AuthKeyData* authKey = selectedAuthKey_;
if (sessionTranscript.size() > 0) {
if (authKey == nullptr) {
authKey = data_->selectAuthKey(allowUsingExhaustedKeys);
if (authKey == nullptr) {
return Status::fromServiceSpecificError(
ICredentialStore::ERROR_NO_AUTHENTICATION_KEY_AVAILABLE,
"No suitable authentication key available");
}
}
}
vector<uint8_t> signingKeyBlob;
if (authKey != nullptr) {
signingKeyBlob = authKey->keyBlob;
}
Status status =
halBinder_->startRetrieval(selectedProfiles, aidlAuthToken, requestMessage, signingKeyBlob,
sessionTranscript, readerSignature, requestCounts);
if (!status.isOk() && status.exceptionCode() == binder::Status::EX_SERVICE_SPECIFIC) {
int code = status.serviceSpecificErrorCode();
if (code == IIdentityCredentialStore::STATUS_EPHEMERAL_PUBLIC_KEY_NOT_FOUND) {
@ -319,26 +339,7 @@ Status Credential::getEntries(const vector<uint8_t>& requestMessage,
ret.resultNamespaces.push_back(resultNamespaceParcel);
}
// Note that the selectAuthKey() method is only called if a CryptoObject is involved at
// the Java layer. So we could end up with no previously selected auth key and we may
// need one.
const AuthKeyData* authKey = selectedAuthKey_;
if (sessionTranscript.size() > 0) {
if (authKey == nullptr) {
authKey = data_->selectAuthKey(allowUsingExhaustedKeys);
if (authKey == nullptr) {
return Status::fromServiceSpecificError(
ICredentialStore::ERROR_NO_AUTHENTICATION_KEY_AVAILABLE,
"No suitable authentication key available");
}
}
}
vector<uint8_t> signingKeyBlob;
if (authKey != nullptr) {
signingKeyBlob = authKey->keyBlob;
}
status = halBinder_->finishRetrieval(signingKeyBlob, &ret.mac, &ret.deviceNameSpaces);
status = halBinder_->finishRetrieval(&ret.mac, &ret.deviceNameSpaces);
if (!status.isOk()) {
return halStatusToGenericError(status);
}