Add auth token fetching
Auth tokens are now fetched from the table in begin update and finish if
needed. Begin will not fail on a missing/expired auth token since some
authorization requires a valid operation handle.
This doesn't yet do any enforcement of the token beyond what the auth
token table does, that should happen in the keymaster auth code when it
is done.
This also includes the key in the operation map since authorization
works based off that and not the handle.
Change-Id: I62a395b74a925b819f4cde75ae3bfab8b8928cd1
diff --git a/keystore/operation.h b/keystore/operation.h
index f6f3ea7..6076836 100644
--- a/keystore/operation.h
+++ b/keystore/operation.h
@@ -39,9 +39,9 @@
OperationMap(IBinder::DeathRecipient* deathRecipient);
sp<IBinder> addOperation(keymaster_operation_handle_t handle,
const keymaster1_device_t* dev, sp<IBinder> appToken,
- bool pruneable);
+ const keymaster_key_blob_t& key, bool pruneable);
bool getOperation(sp<IBinder> token, keymaster_operation_handle_t* outHandle,
- const keymaster1_device_t** outDev);
+ const keymaster1_device_t** outDev, keymaster_key_blob_t* outKey);
bool removeOperation(sp<IBinder> token);
bool hasPruneableOperation();
sp<IBinder> getOldestPruneableOperation();
@@ -53,9 +53,10 @@
struct Operation {
Operation();
Operation(keymaster_operation_handle_t handle, const keymaster1_device_t* device,
- sp<IBinder> appToken);
+ const keymaster_key_blob_t& key, sp<IBinder> appToken);
keymaster_operation_handle_t handle;
const keymaster1_device_t* device;
+ keymaster_key_blob_t key;
sp<IBinder> appToken;
};
std::map<sp<IBinder>, struct Operation> mMap;