Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 94c4e237 authored by Janis Danisevskis's avatar Janis Danisevskis
Browse files

Forward HAT and ConfirmationToken to TA on finish. 

The Trusty KeyMint HAL did not forward auth tokens and confirmation
tokens to the TA. This broke all per-op-bound key operations.

Ignore-AOSP-First: No mergepath from AOSP.
Test: CtsVerifier biometrics tests.
Bug: 192201272
Change-Id: Ifb2b08514acab78ff3d4fec4bc928260820d4ce0
parent 729e08f6

trusty/keymaster/keymint/TrustyKeyMintOperation.cpp

+17 −6
Original line number Diff line number Diff line
@@ -34,6 +34,7 @@ using ::keymaster::FinishOperationRequest; 
using ::keymaster::FinishOperationResponse;

using ::keymaster::TAG_ASSOCIATED_DATA;

using ::keymaster::TAG_AUTH_TOKEN;

using ::keymaster::TAG_CONFIRMATION_TOKEN;

using ::keymaster::UpdateOperationRequest;

using ::keymaster::UpdateOperationResponse;

using km_utils::authToken2AidlVec;
@@ -106,12 +107,12 @@ ScopedAStatus TrustyKeyMintOperation::update(const vector<uint8_t>& input, 
    return ScopedAStatus::ok();

}



ScopedAStatus TrustyKeyMintOperation::finish(

        const optional<vector<uint8_t>>& input,      //

ScopedAStatus TrustyKeyMintOperation::finish(const optional<vector<uint8_t>>& input,      //

                                             const optional<vector<uint8_t>>& signature,  //

                                             const optional<HardwareAuthToken>& authToken,

                                             const optional<TimeStampToken>& /* timestampToken */,

        const optional<vector<uint8_t>>& /* confirmationToken */, vector<uint8_t>* output) {

                                             const optional<vector<uint8_t>>& confirmationToken,

                                             vector<uint8_t>* output) {

    if (!output) {

        return ScopedAStatus(AStatus_fromServiceSpecificError(

                static_cast<int32_t>(ErrorCode::OUTPUT_PARAMETER_NULL)));
@@ -119,6 +120,16 @@ ScopedAStatus TrustyKeyMintOperation::finish( 
    output->clear();



    FinishOperationRequest request(impl_->message_version());



    if (authToken) {

        auto tokenAsVec(authToken2AidlVec(*authToken));

        request.additional_params.push_back(TAG_AUTH_TOKEN, tokenAsVec.data(), tokenAsVec.size());

    }

    if (confirmationToken) {

        request.additional_params.push_back(TAG_CONFIRMATION_TOKEN, confirmationToken->data(),

                                            confirmationToken->size());

    }



    request.op_handle = opHandle_;

    if (signature) request.signature.Reinitialize(signature->data(), signature->size());

    size_t serialized_size = request.SerializedSize();