resolved conflicts for merge of b068f162 to master

Change-Id: I5bc234e1da047880d3437a861ff93474a9797e18
author: Alex Klyubin <klyubin@google.com> 2015-04-03 13:01:09 -0700
committer: Alex Klyubin <klyubin@google.com> 2015-04-03 13:01:09 -0700
commit: dbcec13d64d7e6e8d4e5a867c1ca8b78951ed217 (patch)
tree: 7cbb65edf7b1ccad05045523d0ed0a3bacb8dd6c /keystore
parent: ecf2b4f550c329db8d12a6be91ac9a6b2b0c7432 (diff)
parent: b068f162a4670287aa66d6b193c84ccd01e3417e (diff)
download: frameworks_base-dbcec13d64d7e6e8d4e5a867c1ca8b78951ed217.zip
frameworks_base-dbcec13d64d7e6e8d4e5a867c1ca8b78951ed217.tar.gz
frameworks_base-dbcec13d64d7e6e8d4e5a867c1ca8b78951ed217.tar.bz2
7 files changed, 78 insertions, 54 deletions
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 94a479b..5af0527 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -26,6 +26,7 @@ import android.security.keymaster.ExportResult;
 import android.security.keymaster.KeyCharacteristics;
 import android.security.keymaster.KeymasterArguments;
 import android.security.keymaster.KeymasterBlob;
+import android.security.keymaster.KeymasterDefs;
 import android.security.keymaster.OperationResult;
 import android.util.Log;
 
@@ -506,4 +507,60 @@ public class KeyStore {
             return SYSTEM_ERROR;
         }
     }
+
+    public static KeyStoreException getKeyStoreException(int errorCode) {
+        if (errorCode > 0) {
+            // KeyStore layer error
+            switch (errorCode) {
+                case NO_ERROR:
+                    return new KeyStoreException(errorCode, "OK");
+                case LOCKED:
+                    return new KeyStoreException(errorCode, "Keystore locked");
+                case UNINITIALIZED:
+                    return new KeyStoreException(errorCode, "Keystore not initialized");
+                case SYSTEM_ERROR:
+                    return new KeyStoreException(errorCode, "System error");
+                case PERMISSION_DENIED:
+                    return new KeyStoreException(errorCode, "Permission denied");
+                case KEY_NOT_FOUND:
+                    return new KeyStoreException(errorCode, "Key not found");
+                case VALUE_CORRUPTED:
+                    return new KeyStoreException(errorCode, "Key blob corrupted");
+                default:
+                    return new KeyStoreException(errorCode, String.valueOf(errorCode));
+            }
+        } else {
+            // Keymaster layer error
+            switch (errorCode) {
+                case KeymasterDefs.KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT:
+                    // The name of this parameter significantly differs between Keymaster and
+                    // framework APIs. Use the framework wording to make life easier for developers.
+                    return new KeyStoreException(errorCode,
+                            "Invalid user authentication validity duration");
+                default:
+                    return new KeyStoreException(errorCode,
+                            KeymasterDefs.getErrorMessage(errorCode));
+            }
+        }
+    }
+
+    public static CryptoOperationException getCryptoOperationException(KeyStoreException e) {
+        switch (e.getErrorCode()) {
+            case KeymasterDefs.KM_ERROR_KEY_EXPIRED:
+                return new KeyExpiredException();
+            case KeymasterDefs.KM_ERROR_KEY_NOT_YET_VALID:
+                return new KeyNotYetValidException();
+            case KeymasterDefs.KM_ERROR_KEY_USER_NOT_AUTHENTICATED:
+                return new UserNotAuthenticatedException();
+            // TODO: Handle TBD Keymaster error code "invalid key: new fingerprint enrolled"
+            // case KeymasterDefs.KM_ERROR_TBD
+            //     return new NewFingerprintEnrolledException();
+            default:
+                return new CryptoOperationException("Crypto operation failed", e);
+        }
+    }
+
+    public static CryptoOperationException getCryptoOperationException(int errorCode) {
+        return getCryptoOperationException(getKeyStoreException(errorCode));
+    }
 }
diff --git a/keystore/java/android/security/KeyStoreCipherSpi.java b/keystore/java/android/security/KeyStoreCipherSpi.java
index afb5e36..ec358d6 100644
--- a/keystore/java/android/security/KeyStoreCipherSpi.java
+++ b/keystore/java/android/security/KeyStoreCipherSpi.java
@@ -224,7 +224,7 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry
         if (opResult == null) {
             throw new KeyStoreConnectException();
         } else if (opResult.resultCode != KeyStore.NO_ERROR) {
-            throw KeymasterUtils.getCryptoOperationException(opResult.resultCode);
+            throw KeyStore.getCryptoOperationException(opResult.resultCode);
         }
 
         if (opResult.token == null) {
@@ -250,8 +250,8 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry
         byte[] output;
         try {
             output = mMainDataStreamer.update(input, inputOffset, inputLen);
-        } catch (KeymasterException e) {
-            throw KeymasterUtils.getCryptoOperationException(e);
+        } catch (KeyStoreException e) {
+            throw KeyStore.getCryptoOperationException(e);
         }
 
         if (output.length == 0) {
@@ -285,7 +285,7 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry
         byte[] output;
         try {
             output = mMainDataStreamer.doFinal(input, inputOffset, inputLen);
-        } catch (KeymasterException e) {
+        } catch (KeyStoreException e) {
             switch (e.getErrorCode()) {
                 case KeymasterDefs.KM_ERROR_INVALID_INPUT_LENGTH:
                     throw new IllegalBlockSizeException();
@@ -294,7 +294,7 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry
                 case KeymasterDefs.KM_ERROR_VERIFICATION_FAILED:
                     throw new AEADBadTagException();
                 default:
-                    throw KeymasterUtils.getCryptoOperationException(e);
+                    throw KeyStore.getCryptoOperationException(e);
             }
         }
 
diff --git a/keystore/java/android/security/KeyStoreCryptoOperationChunkedStreamer.java b/keystore/java/android/security/KeyStoreCryptoOperationChunkedStreamer.java
index 993614b..1f8b7e4 100644
--- a/keystore/java/android/security/KeyStoreCryptoOperationChunkedStreamer.java
+++ b/keystore/java/android/security/KeyStoreCryptoOperationChunkedStreamer.java
@@ -80,7 +80,7 @@ public class KeyStoreCryptoOperationChunkedStreamer {
         mMaxChunkSize = maxChunkSize;
     }
 
-    public byte[] update(byte[] input, int inputOffset, int inputLength) throws KeymasterException {
+    public byte[] update(byte[] input, int inputOffset, int inputLength) throws KeyStoreException {
         if (inputLength == 0) {
             // No input provided
             return EMPTY_BYTE_ARRAY;
@@ -120,7 +120,7 @@ public class KeyStoreCryptoOperationChunkedStreamer {
             if (opResult == null) {
                 throw new KeyStoreConnectException();
             } else if (opResult.resultCode != KeyStore.NO_ERROR) {
-                throw KeymasterUtils.getKeymasterException(opResult.resultCode);
+                throw KeyStore.getKeyStoreException(opResult.resultCode);
             }
 
             if (opResult.inputConsumed == chunk.length) {
@@ -188,7 +188,7 @@ public class KeyStoreCryptoOperationChunkedStreamer {
     }
 
     public byte[] doFinal(byte[] input, int inputOffset, int inputLength)
-            throws KeymasterException {
+            throws KeyStoreException {
         if (inputLength == 0) {
             // No input provided -- simplify the rest of the code
             input = EMPTY_BYTE_ARRAY;
@@ -203,7 +203,7 @@ public class KeyStoreCryptoOperationChunkedStreamer {
         if (opResult == null) {
             throw new KeyStoreConnectException();
         } else if (opResult.resultCode != KeyStore.NO_ERROR) {
-            throw KeymasterUtils.getKeymasterException(opResult.resultCode);
+            throw KeyStore.getKeyStoreException(opResult.resultCode);
         }
 
         return concat(output, opResult.output);
@@ -213,7 +213,7 @@ public class KeyStoreCryptoOperationChunkedStreamer {
      * Passes all of buffered input into the the KeyStore operation (via the {@code update}
      * operation) and returns output.
      */
-    public byte[] flush() throws KeymasterException {
+    public byte[] flush() throws KeyStoreException {
         if (mBufferedLength <= 0) {
             return EMPTY_BYTE_ARRAY;
         }
@@ -227,7 +227,7 @@ public class KeyStoreCryptoOperationChunkedStreamer {
         if (opResult == null) {
             throw new KeyStoreConnectException();
         } else if (opResult.resultCode != KeyStore.NO_ERROR) {
-            throw KeymasterUtils.getKeymasterException(opResult.resultCode);
+            throw KeyStore.getKeyStoreException(opResult.resultCode);
         }
 
         if (opResult.inputConsumed < chunk.length) {
diff --git a/keystore/java/android/security/KeymasterException.java b/keystore/java/android/security/KeyStoreException.java
index 484be12..88e768c 100644
--- a/keystore/java/android/security/KeymasterException.java
+++ b/keystore/java/android/security/KeyStoreException.java
@@ -17,15 +17,16 @@
 package android.security;
 
 /**
- * Keymaster exception.
+ * KeyStore/keymaster exception with positive error codes coming from the KeyStore and negative
+ * ones from keymaster.
  *
  * @hide
  */
-public class KeymasterException extends Exception {
+public class KeyStoreException extends Exception {
 
     private final int mErrorCode;
 
-    public KeymasterException(int errorCode, String message) {
+    public KeyStoreException(int errorCode, String message) {
         super(message);
         mErrorCode = errorCode;
     }
diff --git a/keystore/java/android/security/KeyStoreHmacSpi.java b/keystore/java/android/security/KeyStoreHmacSpi.java
index 6d0e1ae..a5864a4 100644
--- a/keystore/java/android/security/KeyStoreHmacSpi.java
+++ b/keystore/java/android/security/KeyStoreHmacSpi.java
@@ -117,7 +117,7 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp
         if (opResult == null) {
             throw new KeyStoreConnectException();
         } else if (opResult.resultCode != KeyStore.NO_ERROR) {
-            throw KeymasterUtils.getCryptoOperationException(opResult.resultCode);
+            throw KeyStore.getCryptoOperationException(opResult.resultCode);
         }
         if (opResult.token == null) {
             throw new CryptoOperationException("Keystore returned null operation token");
@@ -141,8 +141,8 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp
         byte[] output;
         try {
             output = mChunkedStreamer.update(input, offset, len);
-        } catch (KeymasterException e) {
-            throw KeymasterUtils.getCryptoOperationException(e);
+        } catch (KeyStoreException e) {
+            throw KeyStore.getCryptoOperationException(e);
         }
         if ((output != null) && (output.length != 0)) {
             throw new CryptoOperationException("Update operation unexpectedly produced output");
@@ -156,8 +156,8 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp
         byte[] result;
         try {
             result = mChunkedStreamer.doFinal(null, 0, 0);
-        } catch (KeymasterException e) {
-            throw KeymasterUtils.getCryptoOperationException(e);
+        } catch (KeyStoreException e) {
+            throw KeyStore.getCryptoOperationException(e);
         }
 
         engineReset();
diff --git a/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java b/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java
index 8b0a3e9..48b6d06 100644
--- a/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java
+++ b/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java
@@ -177,7 +177,7 @@ public abstract class KeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
         int errorCode = mKeyStore.generateKey(
                 keyAliasInKeystore, args, additionalEntropy, flags, new KeyCharacteristics());
         if (errorCode != KeyStore.NO_ERROR) {
-            throw KeymasterUtils.getCryptoOperationException(errorCode);
+            throw KeyStore.getCryptoOperationException(errorCode);
         }
         String keyAlgorithmJCA =
                 KeyStoreKeyConstraints.Algorithm.toJCASecretKeyAlgorithm(mAlgorithm, mDigest);
diff --git a/keystore/java/android/security/KeymasterUtils.java b/keystore/java/android/security/KeymasterUtils.java
index 55999dc..3143d4d 100644
--- a/keystore/java/android/security/KeymasterUtils.java
+++ b/keystore/java/android/security/KeymasterUtils.java
@@ -17,7 +17,6 @@
 package android.security;
 
 import android.security.keymaster.KeyCharacteristics;
-import android.security.keymaster.KeymasterDefs;
 
 import java.util.ArrayList;
 import java.util.Date;
@@ -29,39 +28,6 @@ import java.util.List;
 public abstract class KeymasterUtils {
     private KeymasterUtils() {}
 
-    public static KeymasterException getKeymasterException(int keymasterErrorCode) {
-        switch (keymasterErrorCode) {
-            case KeymasterDefs.KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT:
-                // The name of this parameter significantly differs between Keymaster and framework
-                // APIs. Use the framework wording to make life easier for developers.
-                return new KeymasterException(keymasterErrorCode,
-                        "Invalid user authentication validity duration");
-            default:
-                return new KeymasterException(keymasterErrorCode,
-                        KeymasterDefs.getErrorMessage(keymasterErrorCode));
-        }
-    }
-
-    public static CryptoOperationException getCryptoOperationException(KeymasterException e) {
-        switch (e.getErrorCode()) {
-            case KeymasterDefs.KM_ERROR_KEY_EXPIRED:
-                return new KeyExpiredException();
-            case KeymasterDefs.KM_ERROR_KEY_NOT_YET_VALID:
-                return new KeyNotYetValidException();
-            case KeymasterDefs.KM_ERROR_KEY_USER_NOT_AUTHENTICATED:
-                return new UserNotAuthenticatedException();
-            // TODO: Handle TBD Keymaster error code "invalid key: new fingerprint enrolled"
-            // case KeymasterDefs.KM_ERROR_TBD
-            //     return new NewFingerprintEnrolledException();
-            default:
-                return new CryptoOperationException("Crypto operation failed", e);
-        }
-    }
-
-    public static CryptoOperationException getCryptoOperationException(int keymasterErrorCode) {
-        return getCryptoOperationException(getKeymasterException(keymasterErrorCode));
-    }
-
     public static Integer getInt(KeyCharacteristics keyCharacteristics, int tag) {
         if (keyCharacteristics.hwEnforced.containsTag(tag)) {
             return keyCharacteristics.hwEnforced.getInt(tag, -1);
author	Alex Klyubin <klyubin@google.com>	2015-04-03 13:01:09 -0700
committer	Alex Klyubin <klyubin@google.com>	2015-04-03 13:01:09 -0700
commit	dbcec13d64d7e6e8d4e5a867c1ca8b78951ed217 (patch)
tree	7cbb65edf7b1ccad05045523d0ed0a3bacb8dd6c /keystore
parent	ecf2b4f550c329db8d12a6be91ac9a6b2b0c7432 (diff)
parent	b068f162a4670287aa66d6b193c84ccd01e3417e (diff)
download	frameworks_base-dbcec13d64d7e6e8d4e5a867c1ca8b78951ed217.zip frameworks_base-dbcec13d64d7e6e8d4e5a867c1ca8b78951ed217.tar.gz frameworks_base-dbcec13d64d7e6e8d4e5a867c1ca8b78951ed217.tar.bz2