summaryrefslogtreecommitdiffstats
path: root/keystore/java/android/security/KeyStoreHmacSpi.java
diff options
context:
space:
mode:
authorAlex Klyubin <klyubin@google.com>2015-04-30 19:44:13 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>2015-04-30 19:44:15 +0000
commit3cd8ec3c6832ee142e217e2653cce58de3f1dba1 (patch)
tree8c85af732f0fcf6de5beb229fed5a396fd41491e /keystore/java/android/security/KeyStoreHmacSpi.java
parent2619ef3918e15bf415fb038e942cfbd98bff4c6a (diff)
parent8c82b4508f0e9f07bb24f106aa817466e39d0cc9 (diff)
downloadframeworks_base-3cd8ec3c6832ee142e217e2653cce58de3f1dba1.zip
frameworks_base-3cd8ec3c6832ee142e217e2653cce58de3f1dba1.tar.gz
frameworks_base-3cd8ec3c6832ee142e217e2653cce58de3f1dba1.tar.bz2
Merge "Cleanup logic for per-op auth keys." into mnc-dev
Diffstat (limited to 'keystore/java/android/security/KeyStoreHmacSpi.java')
-rw-r--r--keystore/java/android/security/KeyStoreHmacSpi.java32
1 files changed, 14 insertions, 18 deletions
diff --git a/keystore/java/android/security/KeyStoreHmacSpi.java b/keystore/java/android/security/KeyStoreHmacSpi.java
index c52f61b..e993b50 100644
--- a/keystore/java/android/security/KeyStoreHmacSpi.java
+++ b/keystore/java/android/security/KeyStoreHmacSpi.java
@@ -170,31 +170,27 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp
keymasterOutputArgs);
if (opResult == null) {
throw new KeyStoreConnectException();
- } else if ((opResult.resultCode != KeyStore.NO_ERROR)
- && (opResult.resultCode != KeyStore.OP_AUTH_NEEDED)) {
- throw mKeyStore.getInvalidKeyException(mKey.getAlias(), opResult.resultCode);
}
- if (opResult.token == null) {
- throw new IllegalStateException("Keystore returned null operation token");
- }
- // The operation handle/token is now either valid for use immediately or needs to be
- // authorized through user authentication (if the error code was OP_AUTH_NEEDED).
+ // Store operation token and handle regardless of the error code returned by KeyStore to
+ // ensure that the operation gets aborted immediately if the code below throws an exception.
mOperationToken = opResult.token;
mOperationHandle = opResult.operationHandle;
+
+ // If necessary, throw an exception due to KeyStore operation having failed.
+ InvalidKeyException e = KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(
+ mKeyStore, mKey, opResult.resultCode);
+ if (e != null) {
+ throw e;
+ }
+
+ if (mOperationToken == null) {
+ throw new IllegalStateException("Keystore returned null operation token");
+ }
+
mChunkedStreamer = new KeyStoreCryptoOperationChunkedStreamer(
new KeyStoreCryptoOperationChunkedStreamer.MainDataStream(
mKeyStore, mOperationToken));
-
- if (opResult.resultCode != KeyStore.NO_ERROR) {
- // The operation requires user authentication. Check whether such authentication is
- // possible (e.g., the key may have been permanently invalidated).
- InvalidKeyException e =
- mKeyStore.getInvalidKeyException(mKey.getAlias(), opResult.resultCode);
- if (!(e instanceof UserNotAuthenticatedException)) {
- throw e;
- }
- }
}
@Override
generated by cgit v1.1 at 2025-11-28 00:36:33 +0000