Add optional additional entropy to finish
If provided the extra entropy will be added to the device before calling
finish. If entropy is provided and the device does not support supplying
additional entropy then finish will fail with KM_ERROR_UNIMPLEMENTED.
(cherry-picked from commit 8cfb8ac6e9bd291e9d861a32de2719e3bc797191)
Change-Id: If26be118bf382604f6f8e96e833b76e6f9e94d58
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index 2208936..5be31eb 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -2671,7 +2671,8 @@
}
void finish(const sp<IBinder>& token, const KeymasterArguments& params,
- const uint8_t* signature, size_t signatureLength, OperationResult* result) {
+ const uint8_t* signature, size_t signatureLength,
+ const uint8_t* entropy, size_t entropyLength, OperationResult* result) {
if (!checkAllowedOperationParams(params.params)) {
result->resultCode = KM_ERROR_INVALID_ARGUMENT;
return;
@@ -2688,12 +2689,24 @@
result->resultCode = authResult;
return;
}
+ keymaster_error_t err;
+ if (entropy) {
+ if (dev->add_rng_entropy) {
+ err = dev->add_rng_entropy(dev, entropy, entropyLength);
+ } else {
+ err = KM_ERROR_UNIMPLEMENTED;
+ }
+ if (err) {
+ result->resultCode = err;
+ return;
+ }
+ }
keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()};
keymaster_blob_t input = {signature, signatureLength};
keymaster_blob_t output = {NULL, 0};
keymaster_key_param_set_t outParams = {NULL, 0};
- keymaster_error_t err = dev->finish(dev, handle, &inParams, &input, &outParams, &output);
+ err = dev->finish(dev, handle, &inParams, &input, &outParams, &output);
// Remove the operation regardless of the result
mOperationMap.removeOperation(token);
mAuthTokenTable.MarkCompleted(handle);