diff options
| author | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-03-09 22:14:59 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-03-09 22:14:59 +0000 |
| commit | 73db87177b4e5b84daea4c689a93511b44f3ef5a (patch) | |
| tree | 272c48eb5b6fe2fb5c84929ad6d63194957c5f9a | |
| parent | f659b475cdbf05de27b97db4ec13e35227fdd6a6 (diff) | |
| parent | ff7e85efdac3fcf8c75ad23009470799bf75beea (diff) | |
| download | security-73db87177b4e5b84daea4c689a93511b44f3ef5a.tar.gz | |
Merge "credstore: signingKeyBlob was moved from finishRetrieval() to startRetrieval()." into rvc-dev am: ff7e85efda
Change-Id: I181a3d9f2854e3a4bb18b8f55300c6f0ce1aaa34
| -rw-r--r-- | identity/Credential.cpp | 45 |
1 files changed, 23 insertions, 22 deletions
diff --git a/identity/Credential.cpp b/identity/Credential.cpp index 604d2621..05c31d3d 100644 --- a/identity/Credential.cpp +++ b/identity/Credential.cpp @@ -242,8 +242,28 @@ Status Credential::getEntries(const vector<uint8_t>& requestMessage, } } - Status status = halBinder_->startRetrieval(selectedProfiles, aidlAuthToken, requestMessage, - sessionTranscript, readerSignature, requestCounts); + // Note that the selectAuthKey() method is only called if a CryptoObject is involved at + // the Java layer. So we could end up with no previously selected auth key and we may + // need one. + const AuthKeyData* authKey = selectedAuthKey_; + if (sessionTranscript.size() > 0) { + if (authKey == nullptr) { + authKey = data_->selectAuthKey(allowUsingExhaustedKeys); + if (authKey == nullptr) { + return Status::fromServiceSpecificError( + ICredentialStore::ERROR_NO_AUTHENTICATION_KEY_AVAILABLE, + "No suitable authentication key available"); + } + } + } + vector<uint8_t> signingKeyBlob; + if (authKey != nullptr) { + signingKeyBlob = authKey->keyBlob; + } + + Status status = + halBinder_->startRetrieval(selectedProfiles, aidlAuthToken, requestMessage, signingKeyBlob, + sessionTranscript, readerSignature, requestCounts); if (!status.isOk() && status.exceptionCode() == binder::Status::EX_SERVICE_SPECIFIC) { int code = status.serviceSpecificErrorCode(); if (code == IIdentityCredentialStore::STATUS_EPHEMERAL_PUBLIC_KEY_NOT_FOUND) { @@ -319,26 +339,7 @@ Status Credential::getEntries(const vector<uint8_t>& requestMessage, ret.resultNamespaces.push_back(resultNamespaceParcel); } - // Note that the selectAuthKey() method is only called if a CryptoObject is involved at - // the Java layer. So we could end up with no previously selected auth key and we may - // need one. - const AuthKeyData* authKey = selectedAuthKey_; - if (sessionTranscript.size() > 0) { - if (authKey == nullptr) { - authKey = data_->selectAuthKey(allowUsingExhaustedKeys); - if (authKey == nullptr) { - return Status::fromServiceSpecificError( - ICredentialStore::ERROR_NO_AUTHENTICATION_KEY_AVAILABLE, - "No suitable authentication key available"); - } - } - } - - vector<uint8_t> signingKeyBlob; - if (authKey != nullptr) { - signingKeyBlob = authKey->keyBlob; - } - status = halBinder_->finishRetrieval(signingKeyBlob, &ret.mac, &ret.deviceNameSpaces); + status = halBinder_->finishRetrieval(&ret.mac, &ret.deviceNameSpaces); if (!status.isOk()) { return halStatusToGenericError(status); } |