commit b24f12226aac7dc878c3aa16ab7570525fb5c1d4
author Janis Danisevskis <jdanis@google.com> Thu Jul 01 14:20:06 2021 -0700
committer Janis Danisevskis <jdanis@google.com> Thu Jul 01 15:17:32 2021 -0700
tree bcf19c7350a3aa0631bed3a28796b5dfd5d20acf
parent 8d7c887b234cfffcf7821add9bbfc081e464ed3a

Forward HAT and ConfirmationToken to TA on finish.

The Trusty KeyMint HAL did not forward auth tokens and confirmation
tokens to the TA. This broke all per-op-bound key operations.

Test: CtsVerifier biometrics tests.
Bug: 192201272
Merged-In: Ifb2b08514acab78ff3d4fec4bc928260820d4ce0
Change-Id: Ifb2b08514acab78ff3d4fec4bc928260820d4ce0

trusty/keymaster/keymint/TrustyKeyMintOperation.cpp

diff --git a/trusty/keymaster/keymint/TrustyKeyMintOperation.cpp b/trusty/keymaster/keymint/TrustyKeyMintOperation.cpp
index 41a21e9..9440724 100644
--- a/trusty/keymaster/keymint/TrustyKeyMintOperation.cpp
+++ b/trusty/keymaster/keymint/TrustyKeyMintOperation.cpp
@@ -34,6 +34,7 @@
 using ::keymaster::FinishOperationResponse;
 using ::keymaster::TAG_ASSOCIATED_DATA;
 using ::keymaster::TAG_AUTH_TOKEN;
+using ::keymaster::TAG_CONFIRMATION_TOKEN;
 using ::keymaster::UpdateOperationRequest;
 using ::keymaster::UpdateOperationResponse;
 using km_utils::authToken2AidlVec;
@@ -106,12 +107,12 @@
     return ScopedAStatus::ok();
 }
 
-ScopedAStatus TrustyKeyMintOperation::finish(
-        const optional<vector<uint8_t>>& input,      //
-        const optional<vector<uint8_t>>& signature,  //
-        const optional<HardwareAuthToken>& authToken,
-        const optional<TimeStampToken>& /* timestampToken */,
-        const optional<vector<uint8_t>>& /* confirmationToken */, vector<uint8_t>* output) {
+ScopedAStatus TrustyKeyMintOperation::finish(const optional<vector<uint8_t>>& input,      //
+                                             const optional<vector<uint8_t>>& signature,  //
+                                             const optional<HardwareAuthToken>& authToken,
+                                             const optional<TimeStampToken>& /* timestampToken */,
+                                             const optional<vector<uint8_t>>& confirmationToken,
+                                             vector<uint8_t>* output) {
     if (!output) {
         return ScopedAStatus(AStatus_fromServiceSpecificError(
                 static_cast<int32_t>(ErrorCode::OUTPUT_PARAMETER_NULL)));
@@ -119,6 +120,16 @@
     output->clear();
 
     FinishOperationRequest request(impl_->message_version());
+
+    if (authToken) {
+        auto tokenAsVec(authToken2AidlVec(*authToken));
+        request.additional_params.push_back(TAG_AUTH_TOKEN, tokenAsVec.data(), tokenAsVec.size());
+    }
+    if (confirmationToken) {
+        request.additional_params.push_back(TAG_CONFIRMATION_TOKEN, confirmationToken->data(),
+                                            confirmationToken->size());
+    }
+
     request.op_handle = opHandle_;
     if (signature) request.signature.Reinitialize(signature->data(), signature->size());
     size_t serialized_size = request.SerializedSize();