From 9ce30624a448f439e19960d0dd88103c04676e7d Mon Sep 17 00:00:00 2001
From: Chad Brubaker <cbrubaker@google.com>
Date: Fri, 29 May 2015 12:32:51 -0700
Subject: Add optional additional entropy to finish

If provided the extra entropy will be added to the device before calling
finish. If entropy is provided and the device does not support supplying
additional entropy then finish will fail with KM_ERROR_UNIMPLEMENTED.

Change-Id: If26be118bf382604f6f8e96e833b76e6f9e94d58
---
 core/java/android/security/IKeystoreService.aidl | 3 ++-
 keystore/java/android/security/KeyStore.java     | 9 +++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/core/java/android/security/IKeystoreService.aidl b/core/java/android/security/IKeystoreService.aidl
index 30ea8e7e81d3..4a0107ded8f8 100644
--- a/core/java/android/security/IKeystoreService.aidl
+++ b/core/java/android/security/IKeystoreService.aidl
@@ -67,7 +67,8 @@ interface IKeystoreService {
     OperationResult begin(IBinder appToken, String alias, int purpose, boolean pruneable,
         in KeymasterArguments params, in byte[] entropy, out KeymasterArguments operationParams);
     OperationResult update(IBinder token, in KeymasterArguments params, in byte[] input);
-    OperationResult finish(IBinder token, in KeymasterArguments params, in byte[] signature);
+    OperationResult finish(IBinder token, in KeymasterArguments params, in byte[] signature,
+        in byte[] entropy);
     int abort(IBinder handle);
     boolean isOperationAuthorized(IBinder token);
     int addAuthToken(in byte[] authToken);
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 2558929632e3..c85c3a865412 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -474,15 +474,20 @@ public class KeyStore {
         }
     }
 
-    public OperationResult finish(IBinder token, KeymasterArguments arguments, byte[] signature) {
+    public OperationResult finish(IBinder token, KeymasterArguments arguments, byte[] signature,
+            byte[] entropy) {
         try {
-            return mBinder.finish(token, arguments, signature);
+            return mBinder.finish(token, arguments, signature, entropy);
         } catch (RemoteException e) {
             Log.w(TAG, "Cannot connect to keystore", e);
             return null;
         }
     }
 
+    public OperationResult finish(IBinder token, KeymasterArguments arguments, byte[] signature) {
+        return finish(token, arguments, signature, null);
+    }
+
     public int abort(IBinder token) {
         try {
             return mBinder.abort(token);
-- 
cgit v1.2.3-59-g8ed1b