Have generateKey() treat additional entropy as optional
KeyStore.generateKey() takes an entropy parameter. This is optional
and can be null. That is how KeyStore used to work but a recent
refactor made us always feed the entropy to keymaster, even if it
is empty (null or byte[0] on the Java side). This CL makes us ignore
such empty entropy again.
We only noticed this because a recently added GTS test that happens
to set the entropy to null is failing on some hardware (other
keymaster implementations silently ignore this invalid attempt to
set entropy).
Bug: 35156555
Test: gts-tradefed run gts --module GtsGmscoreHostTestCases
--test com.google.android.gts.security.DeviceIdAttestationHostTest
Change-Id: Iadaf40e69350c17dd18e4dc2a1dab97fa911e1bf
diff --git a/keymaster/3.0/default/KeymasterDevice.cpp b/keymaster/3.0/default/KeymasterDevice.cpp
index 563ff84..24cf53a 100644
--- a/keymaster/3.0/default/KeymasterDevice.cpp
+++ b/keymaster/3.0/default/KeymasterDevice.cpp
@@ -375,6 +375,7 @@
}
Return<ErrorCode> KeymasterDevice::addRngEntropy(const hidl_vec<uint8_t>& data) {
+ if (!data.size()) return ErrorCode::OK;
return legacy_enum_conversion(
keymaster_device_->add_rng_entropy(keymaster_device_, &data[0], data.size()));
}