diff options
author | Alex Klyubin <klyubin@google.com> | 2015-06-24 12:25:52 -0700 |
---|---|---|
committer | Alex Klyubin <klyubin@google.com> | 2015-06-24 15:42:09 -0700 |
commit | d23dc502b0a1952887d4453cba98aa2e3d2f5009 (patch) | |
tree | ec5252f24cf19123d994cd084c18902134734b12 /keystore/java/android/security/keystore/KeyStoreCryptoOperationStreamer.java | |
parent | cede20a7c273279a9bc51750bdd99c1383816e3e (diff) | |
download | frameworks_base-d23dc502b0a1952887d4453cba98aa2e3d2f5009.zip frameworks_base-d23dc502b0a1952887d4453cba98aa2e3d2f5009.tar.gz frameworks_base-d23dc502b0a1952887d4453cba98aa2e3d2f5009.tar.bz2 |
Make NONEwithECDSA truncate input when necessary.
Keymaster's implementation of ECDSA with digest NONE rejects input
longer than group size in bytes. RI's NONEwithECDSA accepts inputs
of arbitrary length by truncating them to the above size. This CL
makes Android Keystore's NONEwithECDSA do the truncation to keep
the JCA and Keymaster happy.
The change is inside AndroidKeyStoreECDSASignatureSpi$NONE. All other
small modifications are for supporting that change by making it
possible for AndroidKeyStoreSignatureSpiBase to pass in the signature
being verified into KeyStoreCryptoOperationStreamer. This in turn is
needed to make it possible for NONEwithECDSA implementation to provide
a wrapper streamer which truncates input.
Bug: 22030217
Change-Id: I26064f6df37ef8c631d70a36a356aa0b76a9ad29
Diffstat (limited to 'keystore/java/android/security/keystore/KeyStoreCryptoOperationStreamer.java')
-rw-r--r-- | keystore/java/android/security/keystore/KeyStoreCryptoOperationStreamer.java | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/keystore/java/android/security/keystore/KeyStoreCryptoOperationStreamer.java b/keystore/java/android/security/keystore/KeyStoreCryptoOperationStreamer.java index 897bd71..062c2d4 100644 --- a/keystore/java/android/security/keystore/KeyStoreCryptoOperationStreamer.java +++ b/keystore/java/android/security/keystore/KeyStoreCryptoOperationStreamer.java @@ -28,15 +28,15 @@ import android.security.KeyStoreException; * amount of data in one go because the operations are marshalled via Binder. Secondly, the update * operation may consume less data than provided, in which case the caller has to buffer the * remainder for next time. The helper exposes {@link #update(byte[], int, int) update} and - * {@link #doFinal(byte[], int, int, byte[]) doFinal} operations which can be used to conveniently - * implement various JCA crypto primitives. + * {@link #doFinal(byte[], int, int, byte[], byte[]) doFinal} operations which can be used to + * conveniently implement various JCA crypto primitives. * * @hide */ interface KeyStoreCryptoOperationStreamer { byte[] update(byte[] input, int inputOffset, int inputLength) throws KeyStoreException; - byte[] doFinal(byte[] input, int inputOffset, int inputLength, byte[] additionalEntropy) - throws KeyStoreException; + byte[] doFinal(byte[] input, int inputOffset, int inputLength, byte[] signature, + byte[] additionalEntropy) throws KeyStoreException; long getConsumedInputSizeBytes(); long getProducedOutputSizeBytes(); } |