diff options
author | Alex Klyubin <klyubin@google.com> | 2015-04-29 20:28:41 -0700 |
---|---|---|
committer | Alex Klyubin <klyubin@google.com> | 2015-04-29 20:28:41 -0700 |
commit | 459ef1e7ce2a128f194087f9689df830b7870884 (patch) | |
tree | 955a3d9ec25a7ccbd11677b1b943088a29d8e916 | |
parent | 4fbdbbe8f1bbf743ea730774173667835749787e (diff) | |
download | frameworks_base-459ef1e7ce2a128f194087f9689df830b7870884.zip frameworks_base-459ef1e7ce2a128f194087f9689df830b7870884.tar.gz frameworks_base-459ef1e7ce2a128f194087f9689df830b7870884.tar.bz2 |
Surface KeyPermanentlyInvalidatedException for per-op auth keys.
Bug: 20642549
Change-Id: Ibda270921f13a1fd695264583b0e4bd255f63aed
-rw-r--r-- | keystore/java/android/security/KeyStoreCipherSpi.java | 10 | ||||
-rw-r--r-- | keystore/java/android/security/KeyStoreHmacSpi.java | 10 |
2 files changed, 20 insertions, 0 deletions
diff --git a/keystore/java/android/security/KeyStoreCipherSpi.java b/keystore/java/android/security/KeyStoreCipherSpi.java index 125ca41..917f716 100644 --- a/keystore/java/android/security/KeyStoreCipherSpi.java +++ b/keystore/java/android/security/KeyStoreCipherSpi.java @@ -320,6 +320,16 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry mMainDataStreamer = new KeyStoreCryptoOperationChunkedStreamer( new KeyStoreCryptoOperationChunkedStreamer.MainDataStream( mKeyStore, opResult.token)); + + if (opResult.resultCode != KeyStore.NO_ERROR) { + // The operation requires user authentication. Check whether such authentication is + // possible (e.g., the key may have been permanently invalidated). + InvalidKeyException e = + mKeyStore.getInvalidKeyException(mKey.getAlias(), opResult.resultCode); + if (!(e instanceof UserNotAuthenticatedException)) { + throw e; + } + } } @Override diff --git a/keystore/java/android/security/KeyStoreHmacSpi.java b/keystore/java/android/security/KeyStoreHmacSpi.java index 2a33721..4590b9c 100644 --- a/keystore/java/android/security/KeyStoreHmacSpi.java +++ b/keystore/java/android/security/KeyStoreHmacSpi.java @@ -183,6 +183,16 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp mChunkedStreamer = new KeyStoreCryptoOperationChunkedStreamer( new KeyStoreCryptoOperationChunkedStreamer.MainDataStream( mKeyStore, mOperationToken)); + + if (opResult.resultCode != KeyStore.NO_ERROR) { + // The operation requires user authentication. Check whether such authentication is + // possible (e.g., the key may have been permanently invalidated). + InvalidKeyException e = + mKeyStore.getInvalidKeyException(mKey.getAlias(), opResult.resultCode); + if (!(e instanceof UserNotAuthenticatedException)) { + throw e; + } + } } @Override |