Merge "Allow for input_data on finish."
This commit is contained in:
commit
fb2c9b1ee9
8 changed files with 21 additions and 39 deletions
|
@ -211,9 +211,9 @@ int32_t KeystoreBackendBinder::sign(const char* key_id, const uint8_t* in, size_
|
|||
promise = new OperationResultPromise();
|
||||
future = promise->get_future();
|
||||
|
||||
binder_result = service->finish(promise, handle, KeymasterArguments(params),
|
||||
std::vector<uint8_t>() /* signature */,
|
||||
std::vector<uint8_t>() /* entropy */, &error_code);
|
||||
binder_result = service->finish(
|
||||
promise, handle, KeymasterArguments(params), std::vector<uint8_t>() /* input */,
|
||||
std::vector<uint8_t>() /* signature */, std::vector<uint8_t>() /* entropy */, &error_code);
|
||||
|
||||
if (!binder_result.isOk()) {
|
||||
LOG(ERROR) << AT << "communication error while calling keystore";
|
||||
|
|
|
@ -68,7 +68,7 @@ interface IKeystoreService {
|
|||
int begin(in IKeystoreOperationResultCallback cb, IBinder appToken, String alias, int purpose, boolean pruneable,
|
||||
in KeymasterArguments params, in byte[] entropy, int uid);
|
||||
int update(in IKeystoreOperationResultCallback cb, IBinder token, in KeymasterArguments params, in byte[] input);
|
||||
int finish(in IKeystoreOperationResultCallback cb, IBinder token, in KeymasterArguments params, in byte[] signature,
|
||||
int finish(in IKeystoreOperationResultCallback cb, IBinder token, in KeymasterArguments params, in byte[] input, in byte[] signature,
|
||||
in byte[] entropy);
|
||||
int abort(in IKeystoreResponseCallback cb, IBinder token);
|
||||
int addAuthToken(in byte[] authToken);
|
||||
|
|
|
@ -160,7 +160,7 @@ class KeystoreClient {
|
|||
// keymaster_error_t on failure.
|
||||
virtual KeyStoreNativeReturnCode
|
||||
finishOperation(uint64_t handle, const keystore::AuthorizationSet& input_parameters,
|
||||
const std::string& signature_to_verify,
|
||||
const std::string& input_data, const std::string& signature_to_verify,
|
||||
keystore::AuthorizationSet* output_parameters, std::string* output_data) = 0;
|
||||
|
||||
// Aborts the operation associated with |handle|. Returns KM_ERROR_OK on
|
||||
|
|
|
@ -76,6 +76,7 @@ class KeystoreClientImpl : public KeystoreClient {
|
|||
std::string* output_data) override;
|
||||
KeyStoreNativeReturnCode finishOperation(uint64_t handle,
|
||||
const keystore::AuthorizationSet& input_parameters,
|
||||
const std::string& input_data,
|
||||
const std::string& signature_to_verify,
|
||||
keystore::AuthorizationSet* output_parameters,
|
||||
std::string* output_data) override;
|
||||
|
|
|
@ -892,6 +892,7 @@ Status KeyStoreService::update(const ::android::sp<IKeystoreOperationResultCallb
|
|||
Status KeyStoreService::finish(const ::android::sp<IKeystoreOperationResultCallback>& cb,
|
||||
const ::android::sp<::android::IBinder>& token,
|
||||
const ::android::security::keymaster::KeymasterArguments& params,
|
||||
const ::std::vector<uint8_t>& input,
|
||||
const ::std::vector<uint8_t>& signature,
|
||||
const ::std::vector<uint8_t>& entropy, int32_t* _aidl_return) {
|
||||
if (!checkAllowedOperationParams(params.getParameters())) {
|
||||
|
@ -903,7 +904,7 @@ Status KeyStoreService::finish(const ::android::sp<IKeystoreOperationResultCallb
|
|||
return AIDL_RETURN(ErrorCode::INVALID_OPERATION_HANDLE);
|
||||
}
|
||||
|
||||
dev->finish(token, params.getParameters(), {}, signature, entropy,
|
||||
dev->finish(token, params.getParameters(), input, signature, entropy,
|
||||
[this, cb, token](OperationResult result_) {
|
||||
mKeyStore->removeOperationDevice(token);
|
||||
cb->onFinished(result_);
|
||||
|
|
|
@ -126,8 +126,8 @@ class KeyStoreService : public android::security::keystore::BnKeystoreService {
|
|||
finish(const ::android::sp<::android::security::keystore::IKeystoreOperationResultCallback>& cb,
|
||||
const ::android::sp<::android::IBinder>& token,
|
||||
const ::android::security::keymaster::KeymasterArguments& params,
|
||||
const ::std::vector<uint8_t>& signature, const ::std::vector<uint8_t>& entropy,
|
||||
int32_t* _aidl_return) override;
|
||||
const ::std::vector<uint8_t>& input, const ::std::vector<uint8_t>& signature,
|
||||
const ::std::vector<uint8_t>& entropy, int32_t* _aidl_return) override;
|
||||
::android::binder::Status
|
||||
abort(const ::android::sp<::android::security::keystore::IKeystoreResponseCallback>& cb,
|
||||
const ::android::sp<::android::IBinder>& token, int32_t* _aidl_return) override;
|
||||
|
|
|
@ -416,16 +416,10 @@ int SignAndVerify(const std::string& name) {
|
|||
return result.getErrorCode();
|
||||
}
|
||||
AuthorizationSet empty_params;
|
||||
size_t num_input_bytes_consumed;
|
||||
std::string output_data;
|
||||
result = keystore->updateOperation(handle, empty_params, "data_to_sign",
|
||||
&num_input_bytes_consumed, &output_params, &output_data);
|
||||
if (!result.isOk()) {
|
||||
printf("Sign: UpdateOperation failed: %d\n", result.getErrorCode());
|
||||
return result.getErrorCode();
|
||||
}
|
||||
result = keystore->finishOperation(handle, empty_params, std::string() /*signature_to_verify*/,
|
||||
&output_params, &output_data);
|
||||
result = keystore->finishOperation(handle, empty_params, "data_to_sign",
|
||||
std::string() /*signature_to_verify*/, &output_params,
|
||||
&output_data);
|
||||
if (!result.isOk()) {
|
||||
printf("Sign: FinishOperation failed: %d\n", result.getErrorCode());
|
||||
return result.getErrorCode();
|
||||
|
@ -436,18 +430,8 @@ int SignAndVerify(const std::string& name) {
|
|||
output_data.clear();
|
||||
result =
|
||||
keystore->beginOperation(KeyPurpose::VERIFY, name, sign_params, &output_params, &handle);
|
||||
if (!result.isOk()) {
|
||||
printf("Verify: BeginOperation failed: %d\n", result.getErrorCode());
|
||||
return result.getErrorCode();
|
||||
}
|
||||
result = keystore->updateOperation(handle, empty_params, "data_to_sign",
|
||||
&num_input_bytes_consumed, &output_params, &output_data);
|
||||
if (!result.isOk()) {
|
||||
printf("Verify: UpdateOperation failed: %d\n", result.getErrorCode());
|
||||
return result.getErrorCode();
|
||||
}
|
||||
result = keystore->finishOperation(handle, empty_params, signature_to_verify, &output_params,
|
||||
&output_data);
|
||||
result = keystore->finishOperation(handle, empty_params, "data_to_sign", signature_to_verify,
|
||||
&output_params, &output_data);
|
||||
if (result == ErrorCode::VERIFICATION_FAILED) {
|
||||
printf("Verify: Failed to verify signature.\n");
|
||||
return result.getErrorCode();
|
||||
|
|
|
@ -166,16 +166,9 @@ bool KeystoreClientImpl::oneShotOperation(KeyPurpose purpose, const std::string&
|
|||
return false;
|
||||
}
|
||||
AuthorizationSet empty_params;
|
||||
size_t num_input_bytes_consumed;
|
||||
AuthorizationSet ignored_params;
|
||||
result = updateOperation(handle, empty_params, input_data, &num_input_bytes_consumed,
|
||||
&ignored_params, output_data);
|
||||
if (!result.isOk()) {
|
||||
ALOGE("UpdateOperation failed: %d", result.getErrorCode());
|
||||
return false;
|
||||
}
|
||||
result =
|
||||
finishOperation(handle, empty_params, signature_to_verify, &ignored_params, output_data);
|
||||
result = finishOperation(handle, empty_params, input_data, signature_to_verify, &ignored_params,
|
||||
output_data);
|
||||
if (!result.isOk()) {
|
||||
ALOGE("FinishOperation failed: %d", result.getErrorCode());
|
||||
return false;
|
||||
|
@ -384,6 +377,7 @@ KeystoreClientImpl::updateOperation(uint64_t handle, const AuthorizationSet& inp
|
|||
|
||||
KeyStoreNativeReturnCode
|
||||
KeystoreClientImpl::finishOperation(uint64_t handle, const AuthorizationSet& input_parameters,
|
||||
const std::string& input_data,
|
||||
const std::string& signature_to_verify,
|
||||
AuthorizationSet* output_parameters, std::string* output_data) {
|
||||
if (active_operations_.count(handle) == 0) {
|
||||
|
@ -391,12 +385,14 @@ KeystoreClientImpl::finishOperation(uint64_t handle, const AuthorizationSet& inp
|
|||
}
|
||||
int32_t error_code;
|
||||
auto hidlSignature = blob2hidlVec(signature_to_verify);
|
||||
auto hidlInput = blob2hidlVec(input_data);
|
||||
android::sp<OperationResultPromise> promise(new OperationResultPromise{});
|
||||
auto future = promise->get_future();
|
||||
auto binder_result = keystore_->finish(
|
||||
promise, active_operations_[handle],
|
||||
android::security::keymaster::KeymasterArguments(input_parameters.hidl_data()),
|
||||
(std::vector<uint8_t>)hidlSignature, hidl_vec<uint8_t>(), &error_code);
|
||||
(std::vector<uint8_t>)hidlInput, (std::vector<uint8_t>)hidlSignature, hidl_vec<uint8_t>(),
|
||||
&error_code);
|
||||
if (!binder_result.isOk()) return ResponseCode::SYSTEM_ERROR;
|
||||
KeyStoreNativeReturnCode rc(error_code);
|
||||
if (!rc.isOk()) return rc;
|
||||
|
|
Loading…
Reference in a new issue