Add additional params to update and finish operations.
Change-Id: I78a81b1ceb47a2abb189da4b0446800a56ec88c3
diff --git a/aead_mode_operation.cpp b/aead_mode_operation.cpp
index 8b117f0..8aa5535 100644
--- a/aead_mode_operation.cpp
+++ b/aead_mode_operation.cpp
@@ -41,7 +41,8 @@
return b;
}
-keymaster_error_t AeadModeOperation::Update(const Buffer& input, Buffer* output,
+keymaster_error_t AeadModeOperation::Update(const AuthorizationSet& /* additional_params */,
+ const Buffer& input, Buffer* output,
size_t* input_consumed) {
// Make an effort to reserve enough output space. The output buffer will be extended if needed,
// but this reduces reallocations.
@@ -70,7 +71,8 @@
return error;
}
-keymaster_error_t AeadModeOperation::Finish(const Buffer& /* signature */, Buffer* output) {
+keymaster_error_t AeadModeOperation::Finish(const AuthorizationSet& /* additional_params */,
+ const Buffer& /* signature */, Buffer* output) {
keymaster_error_t error = KM_ERROR_OK;
if (!nonce_handled_)
error = HandleNonce(output);
diff --git a/aead_mode_operation.h b/aead_mode_operation.h
index bdebaec..40196f7 100644
--- a/aead_mode_operation.h
+++ b/aead_mode_operation.h
@@ -47,10 +47,12 @@
delete[] additional_data_.data;
}
- virtual keymaster_error_t Begin(const AuthorizationSet& /* input_params */,
+ virtual keymaster_error_t Begin(const AuthorizationSet& input_params,
AuthorizationSet* output_params);
- virtual keymaster_error_t Update(const Buffer& input, Buffer* output, size_t* input_consumed);
- virtual keymaster_error_t Finish(const Buffer& /* signature */, Buffer* output);
+ virtual keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input,
+ Buffer* output, size_t* input_consumed);
+ virtual keymaster_error_t Finish(const AuthorizationSet& additional_params,
+ const Buffer& signature, Buffer* output);
protected:
size_t buffered_data_length() const { return buffer_end_; }
diff --git a/ecdsa_operation.cpp b/ecdsa_operation.cpp
index aa41095..a2dbc4d 100644
--- a/ecdsa_operation.cpp
+++ b/ecdsa_operation.cpp
@@ -26,7 +26,8 @@
EC_KEY_free(ecdsa_key_);
}
-keymaster_error_t EcdsaOperation::Update(const Buffer& input, Buffer* /* output */,
+keymaster_error_t EcdsaOperation::Update(const AuthorizationSet& /* additional_params */,
+ const Buffer& input, Buffer* /* output */,
size_t* input_consumed) {
assert(input_consumed);
switch (purpose()) {
@@ -46,7 +47,8 @@
return KM_ERROR_OK;
}
-keymaster_error_t EcdsaSignOperation::Finish(const Buffer& /* signature */, Buffer* output) {
+keymaster_error_t EcdsaSignOperation::Finish(const AuthorizationSet& /* additional_params */,
+ const Buffer& /* signature */, Buffer* output) {
assert(output);
output->Reinitialize(ECDSA_size(ecdsa_key_));
unsigned int siglen;
@@ -57,7 +59,8 @@
return KM_ERROR_OK;
}
-keymaster_error_t EcdsaVerifyOperation::Finish(const Buffer& signature, Buffer* /* output */) {
+keymaster_error_t EcdsaVerifyOperation::Finish(const AuthorizationSet& /* additional_params */,
+ const Buffer& signature, Buffer* /* output */) {
int result = ECDSA_verify(0 /* type -- ignored */, data_.peek_read(), data_.available_read(),
signature.peek_read(), signature.available_read(), ecdsa_key_);
if (result < 0)
diff --git a/ecdsa_operation.h b/ecdsa_operation.h
index a0dbda6..fdfe526 100644
--- a/ecdsa_operation.h
+++ b/ecdsa_operation.h
@@ -37,7 +37,8 @@
AuthorizationSet* /* output_params */) {
return KM_ERROR_OK;
}
- virtual keymaster_error_t Update(const Buffer& input, Buffer* output, size_t* input_consumed);
+ virtual keymaster_error_t Update(const AuthorizationSet& /* additional_params */,
+ const Buffer& input, Buffer* output, size_t* input_consumed);
virtual keymaster_error_t Abort() { return KM_ERROR_OK; }
protected:
@@ -51,14 +52,16 @@
public:
EcdsaSignOperation(keymaster_purpose_t purpose, const Logger& logger, EC_KEY* key)
: EcdsaOperation(purpose, logger, key) {}
- virtual keymaster_error_t Finish(const Buffer& signature, Buffer* output);
+ virtual keymaster_error_t Finish(const AuthorizationSet& additional_params,
+ const Buffer& signature, Buffer* output);
};
class EcdsaVerifyOperation : public EcdsaOperation {
public:
EcdsaVerifyOperation(keymaster_purpose_t purpose, const Logger& logger, EC_KEY* key)
: EcdsaOperation(purpose, logger, key) {}
- virtual keymaster_error_t Finish(const Buffer& signature, Buffer* output);
+ virtual keymaster_error_t Finish(const AuthorizationSet& additional_params,
+ const Buffer& signature, Buffer* output);
};
} // namespace keymaster
diff --git a/google_keymaster.cpp b/google_keymaster.cpp
index 056f643..f89b6f7 100644
--- a/google_keymaster.cpp
+++ b/google_keymaster.cpp
@@ -253,8 +253,8 @@
return;
}
- response->error =
- entry->operation->Update(request.input, &response->output, &response->input_consumed);
+ response->error = entry->operation->Update(request.additional_params, request.input,
+ &response->output, &response->input_consumed);
if (response->error != KM_ERROR_OK) {
// Any error invalidates the operation.
DeleteOperation(entry);
@@ -272,7 +272,8 @@
return;
}
- response->error = entry->operation->Finish(request.signature, &response->output);
+ response->error =
+ entry->operation->Finish(request.additional_params, request.signature, &response->output);
DeleteOperation(entry);
}
diff --git a/google_keymaster_test.cpp b/google_keymaster_test.cpp
index 2e60fbd..67d06a9 100644
--- a/google_keymaster_test.cpp
+++ b/google_keymaster_test.cpp
@@ -228,8 +228,9 @@
size_t out_length;
EXPECT_NE(op_handle_, OP_HANDLE_SENTINEL);
keymaster_error_t error = device()->update(
- device(), op_handle_, reinterpret_cast<const uint8_t*>(message.c_str()),
- message.length(), input_consumed, &out_tmp, &out_length);
+ device(), op_handle_, NULL /* additional_params */, 0 /* additional_params_count */,
+ reinterpret_cast<const uint8_t*>(message.c_str()), message.length(), input_consumed,
+ &out_tmp, &out_length);
if (out_tmp)
output->append(reinterpret_cast<char*>(out_tmp), out_length);
free(out_tmp);
@@ -242,8 +243,9 @@
uint8_t* out_tmp = NULL;
size_t out_length;
keymaster_error_t error = device()->finish(
- device(), op_handle_, reinterpret_cast<const uint8_t*>(signature.c_str()),
- signature.length(), &out_tmp, &out_length);
+ device(), op_handle_, NULL /* additional_params */, 0 /* additional_params_count */,
+ reinterpret_cast<const uint8_t*>(signature.c_str()), signature.length(), &out_tmp,
+ &out_length);
if (out_tmp)
output->append(reinterpret_cast<char*>(out_tmp), out_length);
free(out_tmp);
diff --git a/hmac_operation.cpp b/hmac_operation.cpp
index 8023662..74c65b9 100644
--- a/hmac_operation.cpp
+++ b/hmac_operation.cpp
@@ -70,7 +70,8 @@
return error_;
}
-keymaster_error_t HmacOperation::Update(const Buffer& input, Buffer* /* output */,
+keymaster_error_t HmacOperation::Update(const AuthorizationSet& /* additional_params */,
+ const Buffer& input, Buffer* /* output */,
size_t* input_consumed) {
if (!HMAC_Update(&ctx_, input.peek_read(), input.available_read()))
return KM_ERROR_UNKNOWN_ERROR;
@@ -82,7 +83,8 @@
return KM_ERROR_OK;
}
-keymaster_error_t HmacOperation::Finish(const Buffer& signature, Buffer* output) {
+keymaster_error_t HmacOperation::Finish(const AuthorizationSet& /* additional_params */,
+ const Buffer& signature, Buffer* output) {
uint8_t digest[EVP_MAX_MD_SIZE];
unsigned int digest_len;
if (!HMAC_Final(&ctx_, digest, &digest_len))
diff --git a/hmac_operation.h b/hmac_operation.h
index 61f76d5..41325b6 100644
--- a/hmac_operation.h
+++ b/hmac_operation.h
@@ -29,11 +29,13 @@
size_t key_data_size, keymaster_digest_t digest, size_t tag_length);
~HmacOperation();
- virtual keymaster_error_t Begin(const AuthorizationSet& /* input_params */,
+ virtual keymaster_error_t Begin(const AuthorizationSet& input_params,
AuthorizationSet* output_params);
- virtual keymaster_error_t Update(const Buffer& input, Buffer* output, size_t* input_consumed);
+ virtual keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input,
+ Buffer* output, size_t* input_consumed);
virtual keymaster_error_t Abort();
- virtual keymaster_error_t Finish(const Buffer& signature, Buffer* output);
+ virtual keymaster_error_t Finish(const AuthorizationSet& additional_params,
+ const Buffer& signature, Buffer* output);
private:
HMAC_CTX ctx_;
diff --git a/include/keymaster/soft_keymaster_device.h b/include/keymaster/soft_keymaster_device.h
index 37be566..645ce0b 100644
--- a/include/keymaster/soft_keymaster_device.h
+++ b/include/keymaster/soft_keymaster_device.h
@@ -138,13 +138,13 @@
const keymaster_key_param_t* params, size_t params_count,
keymaster_key_param_t** out_params, size_t* out_params_count,
keymaster_operation_handle_t* operation_handle);
- static keymaster_error_t update(const struct keymaster_device* dev,
- keymaster_operation_handle_t operation_handle,
- const uint8_t* input, size_t input_length,
- size_t* input_consumed, uint8_t** output,
- size_t* output_length);
+ static keymaster_error_t
+ update(const struct keymaster_device* dev, keymaster_operation_handle_t operation_handle,
+ const keymaster_key_param_t* params, size_t params_count, const uint8_t* input,
+ size_t input_length, size_t* input_consumed, uint8_t** output, size_t* output_length);
static keymaster_error_t finish(const struct keymaster_device* dev,
keymaster_operation_handle_t operation_handle,
+ const keymaster_key_param_t* params, size_t params_count,
const uint8_t* signature, size_t signature_length,
uint8_t** output, size_t* output_length);
static keymaster_error_t abort(const struct keymaster_device* dev,
diff --git a/operation.h b/operation.h
index 6d55340..836b7d1 100644
--- a/operation.h
+++ b/operation.h
@@ -44,9 +44,10 @@
virtual keymaster_error_t Begin(const AuthorizationSet& input_params,
AuthorizationSet* output_params) = 0;
- virtual keymaster_error_t Update(const Buffer& input, Buffer* output,
- size_t* input_consumed) = 0;
- virtual keymaster_error_t Finish(const Buffer& signature, Buffer* output) = 0;
+ virtual keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input,
+ Buffer* output, size_t* input_consumed) = 0;
+ virtual keymaster_error_t Finish(const AuthorizationSet& /* additional_params */,
+ const Buffer& signature, Buffer* output) = 0;
virtual keymaster_error_t Abort() = 0;
private:
diff --git a/rsa_operation.cpp b/rsa_operation.cpp
index 14df611..4ca7812 100644
--- a/rsa_operation.cpp
+++ b/rsa_operation.cpp
@@ -34,7 +34,8 @@
RSA_free(rsa_key_);
}
-keymaster_error_t RsaOperation::Update(const Buffer& input, Buffer* /* output */,
+keymaster_error_t RsaOperation::Update(const AuthorizationSet& /* additional_params */,
+ const Buffer& input, Buffer* /* output */,
size_t* input_consumed) {
assert(input_consumed);
switch (purpose()) {
@@ -57,7 +58,8 @@
return KM_ERROR_OK;
}
-keymaster_error_t RsaSignOperation::Finish(const Buffer& /* signature */, Buffer* output) {
+keymaster_error_t RsaSignOperation::Finish(const AuthorizationSet& /* additional_params */,
+ const Buffer& /* signature */, Buffer* output) {
assert(output);
output->Reinitialize(RSA_size(rsa_key_));
int bytes_encrypted = RSA_private_encrypt(data_.available_read(), data_.peek_read(),
@@ -69,7 +71,8 @@
return KM_ERROR_OK;
}
-keymaster_error_t RsaVerifyOperation::Finish(const Buffer& signature, Buffer* /* output */) {
+keymaster_error_t RsaVerifyOperation::Finish(const AuthorizationSet& /* additional_params */,
+ const Buffer& signature, Buffer* /* output */) {
#if defined(OPENSSL_IS_BORINGSSL)
size_t message_size = data_.available_read();
#else
@@ -99,7 +102,8 @@
const int OAEP_PADDING_OVERHEAD = 41;
const int PKCS1_PADDING_OVERHEAD = 11;
-keymaster_error_t RsaEncryptOperation::Finish(const Buffer& /* signature */, Buffer* output) {
+keymaster_error_t RsaEncryptOperation::Finish(const AuthorizationSet& /* additional_params */,
+ const Buffer& /* signature */, Buffer* output) {
assert(output);
int openssl_padding;
@@ -147,7 +151,8 @@
return KM_ERROR_OK;
}
-keymaster_error_t RsaDecryptOperation::Finish(const Buffer& /* signature */, Buffer* output) {
+keymaster_error_t RsaDecryptOperation::Finish(const AuthorizationSet& /* additional_params */,
+ const Buffer& /* signature */, Buffer* output) {
assert(output);
int openssl_padding;
switch (padding_) {
diff --git a/rsa_operation.h b/rsa_operation.h
index 16548ee..14a66c1 100644
--- a/rsa_operation.h
+++ b/rsa_operation.h
@@ -36,7 +36,8 @@
AuthorizationSet* /* output_params */) {
return KM_ERROR_OK;
}
- virtual keymaster_error_t Update(const Buffer& input, Buffer* output, size_t* input_consumed);
+ virtual keymaster_error_t Update(const AuthorizationSet& additional_params, const Buffer& input,
+ Buffer* output, size_t* input_consumed);
virtual keymaster_error_t Abort() { return KM_ERROR_OK; }
protected:
@@ -52,7 +53,8 @@
RsaSignOperation(const Logger& logger, keymaster_digest_t digest, keymaster_padding_t padding,
RSA* key)
: RsaOperation(KM_PURPOSE_SIGN, logger, padding, key), digest_(digest) {}
- virtual keymaster_error_t Finish(const Buffer& signature, Buffer* output);
+ virtual keymaster_error_t Finish(const AuthorizationSet& additional_params,
+ const Buffer& signature, Buffer* output);
private:
keymaster_digest_t digest_;
@@ -63,7 +65,8 @@
RsaVerifyOperation(const Logger& logger, keymaster_digest_t digest, keymaster_padding_t padding,
RSA* key)
: RsaOperation(KM_PURPOSE_VERIFY, logger, padding, key), digest_(digest) {}
- virtual keymaster_error_t Finish(const Buffer& signature, Buffer* output);
+ virtual keymaster_error_t Finish(const AuthorizationSet& additional_params,
+ const Buffer& signature, Buffer* output);
private:
keymaster_digest_t digest_;
@@ -73,14 +76,16 @@
public:
RsaEncryptOperation(const Logger& logger, keymaster_padding_t padding, RSA* key)
: RsaOperation(KM_PURPOSE_ENCRYPT, logger, padding, key) {}
- virtual keymaster_error_t Finish(const Buffer& signature, Buffer* output);
+ virtual keymaster_error_t Finish(const AuthorizationSet& additional_params,
+ const Buffer& signature, Buffer* output);
};
class RsaDecryptOperation : public RsaOperation {
public:
RsaDecryptOperation(const Logger& logger, keymaster_padding_t padding, RSA* key)
: RsaOperation(KM_PURPOSE_DECRYPT, logger, padding, key) {}
- virtual keymaster_error_t Finish(const Buffer& signature, Buffer* output);
+ virtual keymaster_error_t Finish(const AuthorizationSet& additional_params,
+ const Buffer& signature, Buffer* output);
};
} // namespace keymaster
diff --git a/soft_keymaster_device.cpp b/soft_keymaster_device.cpp
index c4421a9..36dee7a 100644
--- a/soft_keymaster_device.cpp
+++ b/soft_keymaster_device.cpp
@@ -652,9 +652,10 @@
/* static */
keymaster_error_t SoftKeymasterDevice::update(const struct keymaster_device* dev,
keymaster_operation_handle_t operation_handle,
- const uint8_t* input, size_t input_length,
- size_t* input_consumed, uint8_t** output,
- size_t* output_length) {
+ const keymaster_key_param_t* params,
+ size_t params_count, const uint8_t* input,
+ size_t input_length, size_t* input_consumed,
+ uint8_t** output, size_t* output_length) {
if (!input)
return KM_ERROR_UNEXPECTED_NULL_POINTER;
@@ -664,6 +665,7 @@
UpdateOperationRequest request;
request.op_handle = operation_handle;
request.input.Reinitialize(input, input_length);
+ request.additional_params.Reinitialize(params, params_count);
UpdateOperationResponse response;
convert_device(dev)->impl_->UpdateOperation(request, &response);
@@ -682,8 +684,10 @@
/* static */
keymaster_error_t SoftKeymasterDevice::finish(const struct keymaster_device* dev,
keymaster_operation_handle_t operation_handle,
- const uint8_t* signature, size_t signature_length,
- uint8_t** output, size_t* output_length) {
+ const keymaster_key_param_t* params,
+ size_t params_count, const uint8_t* signature,
+ size_t signature_length, uint8_t** output,
+ size_t* output_length) {
if (!output || !output_length)
return KM_ERROR_OUTPUT_PARAMETER_NULL;
@@ -691,6 +695,7 @@
request.op_handle = operation_handle;
if (signature)
request.signature.Reinitialize(signature, signature_length);
+ request.additional_params.Reinitialize(params, params_count);
FinishOperationResponse response;
convert_device(dev)->impl_->FinishOperation(request, &response);