diff options
author | Shawn Willden <swillden@google.com> | 2016-01-27 12:59:13 -0700 |
---|---|---|
committer | Shawn Willden <swillden@google.com> | 2016-01-28 16:24:17 -0700 |
commit | cb647fec03f71929fd316d2b8f0750f7b24824f3 (patch) | |
tree | 54b208b5c2de82c6ed5b722fdeac91a22dc675b1 /rsa_operation.cpp | |
parent | 4ed2d7ed2275735ddc4952f310badfa4dcbaf04e (diff) | |
download | keymaster-cb647fec03f71929fd316d2b8f0750f7b24824f3.tar.gz |
Support input to "finish()" in AndroidKeymaster operations.
This CL does not yet take advantage of the simplifications that allowing
input to finish() provides. That will require updating the Java layer
first, to remove some assumptions and code that assume update() must
eventually consume all input.
Change-Id: Ie85896027a1d55ddec06750d19addbb1f5e462c8
Diffstat (limited to 'rsa_operation.cpp')
-rw-r--r-- | rsa_operation.cpp | 42 |
1 files changed, 30 insertions, 12 deletions
diff --git a/rsa_operation.cpp b/rsa_operation.cpp index 7b6514c..2046a64 100644 --- a/rsa_operation.cpp +++ b/rsa_operation.cpp @@ -282,11 +282,15 @@ keymaster_error_t RsaSignOperation::Update(const AuthorizationSet& additional_pa return KM_ERROR_OK; } -keymaster_error_t RsaSignOperation::Finish(const AuthorizationSet& /* additional_params */, - const Buffer& /* signature */, +keymaster_error_t RsaSignOperation::Finish(const AuthorizationSet& additional_params, + const Buffer& input, const Buffer& /* signature */, AuthorizationSet* /* output_params */, Buffer* output) { assert(output); + keymaster_error_t error = UpdateForFinish(additional_params, input); + if (error != KM_ERROR_OK) + return error; + if (digest_ == KM_DIGEST_NONE) return SignUndigested(output); else @@ -401,10 +405,14 @@ keymaster_error_t RsaVerifyOperation::Update(const AuthorizationSet& additional_ return KM_ERROR_OK; } -keymaster_error_t RsaVerifyOperation::Finish(const AuthorizationSet& /* additional_params */, - const Buffer& signature, +keymaster_error_t RsaVerifyOperation::Finish(const AuthorizationSet& additional_params, + const Buffer& input, const Buffer& signature, AuthorizationSet* /* output_params */, Buffer* /* output */) { + keymaster_error_t error = UpdateForFinish(additional_params, input); + if (error != KM_ERROR_OK) + return error; + if (digest_ == KM_DIGEST_NONE) return VerifyUndigested(signature); else @@ -502,11 +510,16 @@ struct EVP_PKEY_CTX_Delete { void operator()(EVP_PKEY_CTX* p) { EVP_PKEY_CTX_free(p); } }; -keymaster_error_t RsaEncryptOperation::Finish(const AuthorizationSet& /* additional_params */, - const Buffer& /* signature */, +keymaster_error_t RsaEncryptOperation::Finish(const AuthorizationSet& additional_params, + const Buffer& input, const Buffer& /* signature */, AuthorizationSet* /* output_params */, Buffer* output) { - assert(output); + if (!output) + return KM_ERROR_OUTPUT_PARAMETER_NULL; + + keymaster_error_t error = UpdateForFinish(additional_params, input); + if (error != KM_ERROR_OK) + return error; UniquePtr<EVP_PKEY_CTX, EVP_PKEY_CTX_Delete> ctx( EVP_PKEY_CTX_new(rsa_key_, nullptr /* engine */)); @@ -516,7 +529,7 @@ keymaster_error_t RsaEncryptOperation::Finish(const AuthorizationSet& /* additio if (EVP_PKEY_encrypt_init(ctx.get()) <= 0) return TranslateLastOpenSslError(); - keymaster_error_t error = SetRsaPaddingInEvpContext(ctx.get()); + error = SetRsaPaddingInEvpContext(ctx.get()); if (error != KM_ERROR_OK) return error; error = SetOaepDigestIfRequired(ctx.get()); @@ -550,11 +563,16 @@ keymaster_error_t RsaEncryptOperation::Finish(const AuthorizationSet& /* additio return KM_ERROR_OK; } -keymaster_error_t RsaDecryptOperation::Finish(const AuthorizationSet& /* additional_params */, - const Buffer& /* signature */, +keymaster_error_t RsaDecryptOperation::Finish(const AuthorizationSet& additional_params, + const Buffer& input, const Buffer& /* signature */, AuthorizationSet* /* output_params */, Buffer* output) { - assert(output); + if (!output) + return KM_ERROR_OUTPUT_PARAMETER_NULL; + + keymaster_error_t error = UpdateForFinish(additional_params, input); + if (error != KM_ERROR_OK) + return error; UniquePtr<EVP_PKEY_CTX, EVP_PKEY_CTX_Delete> ctx( EVP_PKEY_CTX_new(rsa_key_, nullptr /* engine */)); @@ -564,7 +582,7 @@ keymaster_error_t RsaDecryptOperation::Finish(const AuthorizationSet& /* additio if (EVP_PKEY_decrypt_init(ctx.get()) <= 0) return TranslateLastOpenSslError(); - keymaster_error_t error = SetRsaPaddingInEvpContext(ctx.get()); + error = SetRsaPaddingInEvpContext(ctx.get()); if (error != KM_ERROR_OK) return error; error = SetOaepDigestIfRequired(ctx.get()); |