Surface KeyPermanentlyInvalidatedException for per-op auth keys.

Bug: 20642549 Change-Id: Ibda270921f13a1fd695264583b0e4bd255f63aed
author: Alex Klyubin <klyubin@google.com> 2015-04-29 20:28:41 -0700
committer: Alex Klyubin <klyubin@google.com> 2015-04-29 20:28:41 -0700
commit: 459ef1e7ce2a128f194087f9689df830b7870884 (patch)
tree: 955a3d9ec25a7ccbd11677b1b943088a29d8e916 /keystore
parent: 4fbdbbe8f1bbf743ea730774173667835749787e (diff)
download: frameworks_base-459ef1e7ce2a128f194087f9689df830b7870884.zip
frameworks_base-459ef1e7ce2a128f194087f9689df830b7870884.tar.gz
frameworks_base-459ef1e7ce2a128f194087f9689df830b7870884.tar.bz2
2 files changed, 20 insertions, 0 deletions
diff --git a/keystore/java/android/security/KeyStoreCipherSpi.java b/keystore/java/android/security/KeyStoreCipherSpi.java
index 125ca41..917f716 100644
--- a/keystore/java/android/security/KeyStoreCipherSpi.java
+++ b/keystore/java/android/security/KeyStoreCipherSpi.java
@@ -320,6 +320,16 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry
         mMainDataStreamer = new KeyStoreCryptoOperationChunkedStreamer(
                 new KeyStoreCryptoOperationChunkedStreamer.MainDataStream(
                         mKeyStore, opResult.token));
+
+        if (opResult.resultCode != KeyStore.NO_ERROR) {
+            // The operation requires user authentication. Check whether such authentication is
+            // possible (e.g., the key may have been permanently invalidated).
+            InvalidKeyException e =
+                    mKeyStore.getInvalidKeyException(mKey.getAlias(), opResult.resultCode);
+            if (!(e instanceof UserNotAuthenticatedException)) {
+                throw e;
+            }
+        }
     }
 
     @Override
diff --git a/keystore/java/android/security/KeyStoreHmacSpi.java b/keystore/java/android/security/KeyStoreHmacSpi.java
index 2a33721..4590b9c 100644
--- a/keystore/java/android/security/KeyStoreHmacSpi.java
+++ b/keystore/java/android/security/KeyStoreHmacSpi.java
@@ -183,6 +183,16 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp
         mChunkedStreamer = new KeyStoreCryptoOperationChunkedStreamer(
                 new KeyStoreCryptoOperationChunkedStreamer.MainDataStream(
                         mKeyStore, mOperationToken));
+
+        if (opResult.resultCode != KeyStore.NO_ERROR) {
+            // The operation requires user authentication. Check whether such authentication is
+            // possible (e.g., the key may have been permanently invalidated).
+            InvalidKeyException e =
+                    mKeyStore.getInvalidKeyException(mKey.getAlias(), opResult.resultCode);
+            if (!(e instanceof UserNotAuthenticatedException)) {
+                throw e;
+            }
+        }
     }
 
     @Override
author	Alex Klyubin <klyubin@google.com>	2015-04-29 20:28:41 -0700
committer	Alex Klyubin <klyubin@google.com>	2015-04-29 20:28:41 -0700
commit	459ef1e7ce2a128f194087f9689df830b7870884 (patch)
tree	955a3d9ec25a7ccbd11677b1b943088a29d8e916 /keystore
parent	4fbdbbe8f1bbf743ea730774173667835749787e (diff)
download	frameworks_base-459ef1e7ce2a128f194087f9689df830b7870884.zip frameworks_base-459ef1e7ce2a128f194087f9689df830b7870884.tar.gz frameworks_base-459ef1e7ce2a128f194087f9689df830b7870884.tar.bz2