openkylin
/
platform_system_core
mirror of https://gitee.com/openkylin/platform_system_core.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Forward HAT and ConfirmationToken to TA on finish. 

The Trusty KeyMint HAL did not forward auth tokens and confirmation
tokens to the TA. This broke all per-op-bound key operations.

Ignore-AOSP-First: No mergepath from AOSP.
Test: CtsVerifier biometrics tests.
Bug: 192201272
Change-Id: Ifb2b08514acab78ff3d4fec4bc928260820d4ce0
This commit is contained in:
Janis Danisevskis 2021-07-01 14:20:06 -07:00
parent 729e08f6ea
commit 94c4e237e5
1 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
trusty/keymaster/keymint/TrustyKeyMintOperation.cpp
View File

@ -34,6 +34,7 @@ using ::keymaster::FinishOperationRequest;
using ::keymaster::FinishOperationResponse;
using ::keymaster::TAG_ASSOCIATED_DATA;
using ::keymaster::TAG_AUTH_TOKEN;
using ::keymaster::TAG_CONFIRMATION_TOKEN;
using ::keymaster::UpdateOperationRequest;
using ::keymaster::UpdateOperationResponse;
using km_utils::authToken2AidlVec;
@ -106,12 +107,12 @@ ScopedAStatus TrustyKeyMintOperation::update(const vector<uint8_t>& input,
return ScopedAStatus::ok();
}
ScopedAStatus TrustyKeyMintOperation::finish(
const optional<vector<uint8_t>>& input, //
const optional<vector<uint8_t>>& signature, //
const optional<HardwareAuthToken>& authToken,
const optional<TimeStampToken>& /* timestampToken */,
const optional<vector<uint8_t>>& /* confirmationToken */, vector<uint8_t>* output) {
ScopedAStatus TrustyKeyMintOperation::finish(const optional<vector<uint8_t>>& input, //
const optional<vector<uint8_t>>& signature, //
const optional<HardwareAuthToken>& authToken,
const optional<TimeStampToken>& /* timestampToken */,
const optional<vector<uint8_t>>& confirmationToken,
vector<uint8_t>* output) {
if (!output) {
return ScopedAStatus(AStatus_fromServiceSpecificError(
static_cast<int32_t>(ErrorCode::OUTPUT_PARAMETER_NULL)));
@ -119,6 +120,16 @@ ScopedAStatus TrustyKeyMintOperation::finish(
output->clear();
FinishOperationRequest request(impl_->message_version());
if (authToken) {
auto tokenAsVec(authToken2AidlVec(*authToken));
request.additional_params.push_back(TAG_AUTH_TOKEN, tokenAsVec.data(), tokenAsVec.size());
}
if (confirmationToken) {
request.additional_params.push_back(TAG_CONFIRMATION_TOKEN, confirmationToken->data(),
confirmationToken->size());
}
request.op_handle = opHandle_;
if (signature) request.signature.Reinitialize(signature->data(), signature->size());
size_t serialized_size = request.SerializedSize();