commit 92743aeb44087ad60de820c13086eb61637a0fd3
author Rob Barnes <robbarnes@google.com> Thu Nov 14 15:13:52 2019 -0700
committer Rob Barnes <robbarnes@google.com> Thu Nov 14 16:19:20 2019 -0700
tree 65248a48a7723d18e63994fb19e41dde0740ebd8
parent af35741307cd7f7cb6971faecb005a5865c9b211

Allow for input_data on finish.

This additional input will be unused for now, but future changes are
expected to utilize it.

Test: Keystore CTS Tests
Change-Id: I5c388032e3710e3825bdb06b26443a5ae2c034a3

keystore/java/android/security/KeyStore.java

diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 646aa13..b6f5250 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -922,15 +922,26 @@
         }
     }
 
-    public OperationResult finish(IBinder token, KeymasterArguments arguments, byte[] signature,
-            byte[] entropy) {
+    /**
+     * Android KeyStore finish operation.
+     *
+     * @param token Authentication token.
+     * @param arguments Keymaster arguments
+     * @param input Optional additional input data.
+     * @param signature Optional signature to be verified.
+     * @param entropy Optional additional entropy
+     * @return OperationResult that will indicate success or error of the operation.
+     */
+    public OperationResult finish(IBinder token, KeymasterArguments arguments, byte[] input,
+            byte[] signature, byte[] entropy) {
         OperationPromise promise = new OperationPromise();
         try {
             mBinder.asBinder().linkToDeath(promise, 0);
             arguments = arguments != null ? arguments : new KeymasterArguments();
             entropy = entropy != null ? entropy : new byte[0];
+            input = input != null ? input : new byte[0];
             signature = signature != null ? signature : new byte[0];
-            int errorCode = mBinder.finish(promise, token, arguments, signature, entropy);
+            int errorCode = mBinder.finish(promise, token, arguments, input, signature, entropy);
             if (errorCode == NO_ERROR) {
                 return promise.getFuture().get();
             } else {
@@ -948,7 +959,7 @@
     }
 
     public OperationResult finish(IBinder token, KeymasterArguments arguments, byte[] signature) {
-        return finish(token, arguments, signature, null);
+        return finish(token, arguments, null, signature, null);
     }
 
     private class KeystoreResultPromise

keystore/java/android/security/keystore/AndroidKeyStoreAuthenticatedAESCipherSpi.java

diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreAuthenticatedAESCipherSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreAuthenticatedAESCipherSpi.java
index 441ee66..c6515ef 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreAuthenticatedAESCipherSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreAuthenticatedAESCipherSpi.java
@@ -432,7 +432,7 @@
         }
 
         @Override
-        public OperationResult finish(byte[] signature, byte[] additionalEntropy) {
+        public OperationResult finish(byte[] input, byte[] signature, byte[] additionalEntropy) {
             if ((additionalEntropy != null) && (additionalEntropy.length > 0)) {
                 throw new ProviderException("AAD stream does not support additional entropy");
             }

keystore/java/android/security/keystore/KeyStoreCryptoOperationChunkedStreamer.java

diff --git a/keystore/java/android/security/keystore/KeyStoreCryptoOperationChunkedStreamer.java b/keystore/java/android/security/keystore/KeyStoreCryptoOperationChunkedStreamer.java
index e030478..75bea26 100644
--- a/keystore/java/android/security/keystore/KeyStoreCryptoOperationChunkedStreamer.java
+++ b/keystore/java/android/security/keystore/KeyStoreCryptoOperationChunkedStreamer.java
@@ -62,7 +62,7 @@
          * Returns the result of the KeyStore {@code finish} operation or null if keystore couldn't
          * be reached.
          */
-        OperationResult finish(byte[] siganture, byte[] additionalEntropy);
+        OperationResult finish(byte[] input, byte[] siganture, byte[] additionalEntropy);
     }
 
     // Binder buffer is about 1MB, but it's shared between all active transactions of the process.
@@ -217,7 +217,8 @@
         byte[] output = update(input, inputOffset, inputLength);
         output = ArrayUtils.concat(output, flush());
 
-        OperationResult opResult = mKeyStoreStream.finish(signature, additionalEntropy);
+        OperationResult opResult = mKeyStoreStream.finish(EmptyArray.BYTE, signature,
+                                                          additionalEntropy);
         if (opResult == null) {
             throw new KeyStoreConnectException();
         } else if (opResult.resultCode != KeyStore.NO_ERROR) {
@@ -334,8 +335,8 @@
         }
 
         @Override
-        public OperationResult finish(byte[] signature, byte[] additionalEntropy) {
-            return mKeyStore.finish(mOperationToken, null, signature, additionalEntropy);
+        public OperationResult finish(byte[] input, byte[] signature, byte[] additionalEntropy) {
+            return mKeyStore.finish(mOperationToken, null, input, signature, additionalEntropy);
         }
     }
 }