Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b24f1222 authored by Janis Danisevskis's avatar Janis Danisevskis
Browse files

Forward HAT and ConfirmationToken to TA on finish. 

The Trusty KeyMint HAL did not forward auth tokens and confirmation
tokens to the TA. This broke all per-op-bound key operations.

Test: CtsVerifier biometrics tests.
Bug: 192201272
Merged-In: Ifb2b08514acab78ff3d4fec4bc928260820d4ce0
Change-Id: Ifb2b08514acab78ff3d4fec4bc928260820d4ce0
parent 8d7c887b

trusty/keymaster/keymint/TrustyKeyMintOperation.cpp

+17 −6
Original line number Original line Diff line number Diff line
@@ -34,6 +34,7 @@ using ::keymaster::FinishOperationRequest; 
using ::keymaster::FinishOperationResponse;

using ::keymaster::FinishOperationResponse;

using ::keymaster::TAG_ASSOCIATED_DATA;

using ::keymaster::TAG_ASSOCIATED_DATA;

using ::keymaster::TAG_AUTH_TOKEN;

using ::keymaster::TAG_AUTH_TOKEN;

using ::keymaster::TAG_CONFIRMATION_TOKEN;

using ::keymaster::UpdateOperationRequest;

using ::keymaster::UpdateOperationRequest;

using ::keymaster::UpdateOperationResponse;

using ::keymaster::UpdateOperationResponse;

using km_utils::authToken2AidlVec;

using km_utils::authToken2AidlVec;
@@ -106,12 +107,12 @@ ScopedAStatus TrustyKeyMintOperation::update(const vector<uint8_t>& input, 
    return ScopedAStatus::ok();

    return ScopedAStatus::ok();

}

}





ScopedAStatus TrustyKeyMintOperation::finish(

ScopedAStatus TrustyKeyMintOperation::finish(const optional<vector<uint8_t>>& input,      //

        const optional<vector<uint8_t>>& input,      //

                                             const optional<vector<uint8_t>>& signature,  //

                                             const optional<vector<uint8_t>>& signature,  //

                                             const optional<HardwareAuthToken>& authToken,

                                             const optional<HardwareAuthToken>& authToken,

                                             const optional<TimeStampToken>& /* timestampToken */,

                                             const optional<TimeStampToken>& /* timestampToken */,

        const optional<vector<uint8_t>>& /* confirmationToken */, vector<uint8_t>* output) {

                                             const optional<vector<uint8_t>>& confirmationToken,

                                             vector<uint8_t>* output) {

    if (!output) {

    if (!output) {

        return ScopedAStatus(AStatus_fromServiceSpecificError(

        return ScopedAStatus(AStatus_fromServiceSpecificError(

                static_cast<int32_t>(ErrorCode::OUTPUT_PARAMETER_NULL)));

                static_cast<int32_t>(ErrorCode::OUTPUT_PARAMETER_NULL)));
@@ -119,6 +120,16 @@ ScopedAStatus TrustyKeyMintOperation::finish( 
    output->clear();

    output->clear();





    FinishOperationRequest request(impl_->message_version());

    FinishOperationRequest request(impl_->message_version());



    if (authToken) {

        auto tokenAsVec(authToken2AidlVec(*authToken));

        request.additional_params.push_back(TAG_AUTH_TOKEN, tokenAsVec.data(), tokenAsVec.size());

    }

    if (confirmationToken) {

        request.additional_params.push_back(TAG_CONFIRMATION_TOKEN, confirmationToken->data(),

                                            confirmationToken->size());

    }



    request.op_handle = opHandle_;

    request.op_handle = opHandle_;

    if (signature) request.signature.Reinitialize(signature->data(), signature->size());

    if (signature) request.signature.Reinitialize(signature->data(), signature->size());

    size_t serialized_size = request.SerializedSize();

    size_t serialized_size = request.SerializedSize();