Support input to "finish()" in AndroidKeymaster operations.
This CL does not yet take advantage of the simplifications that allowing
input to finish() provides. That will require updating the Java layer
first, to remove some assumptions and code that assume update() must
eventually consume all input.
Change-Id: Ie85896027a1d55ddec06750d19addbb1f5e462c8
diff --git a/ecdsa_operation.cpp b/ecdsa_operation.cpp
index 0e56344..405dcb5 100644
--- a/ecdsa_operation.cpp
+++ b/ecdsa_operation.cpp
@@ -135,13 +135,17 @@
return KM_ERROR_OK;
}
-keymaster_error_t EcdsaSignOperation::Finish(const AuthorizationSet& /* additional_params */,
- const Buffer& /* signature */,
+keymaster_error_t EcdsaSignOperation::Finish(const AuthorizationSet& additional_params,
+ const Buffer& input, const Buffer& /* signature */,
AuthorizationSet* /* output_params */,
Buffer* output) {
if (!output)
return KM_ERROR_OUTPUT_PARAMETER_NULL;
+ keymaster_error_t error = UpdateForFinish(additional_params, input);
+ if (error != KM_ERROR_OK)
+ return error;
+
size_t siglen;
if (digest_ == KM_DIGEST_NONE) {
UniquePtr<EC_KEY, EC_KEY_Delete> ecdsa(EVP_PKEY_get1_EC_KEY(ecdsa_key_));
@@ -196,10 +200,14 @@
return KM_ERROR_OK;
}
-keymaster_error_t EcdsaVerifyOperation::Finish(const AuthorizationSet& /* additional_params */,
- const Buffer& signature,
+keymaster_error_t EcdsaVerifyOperation::Finish(const AuthorizationSet& additional_params,
+ const Buffer& input, const Buffer& signature,
AuthorizationSet* /* output_params */,
Buffer* /* output */) {
+ keymaster_error_t error = UpdateForFinish(additional_params, input);
+ if (error != KM_ERROR_OK)
+ return error;
+
if (digest_ == KM_DIGEST_NONE) {
UniquePtr<EC_KEY, EC_KEY_Delete> ecdsa(EVP_PKEY_get1_EC_KEY(ecdsa_key_));
if (!ecdsa.get())