diff options
| -rw-r--r-- | keystore/java/android/security/KeyStore.java | 3 | ||||
| -rw-r--r-- | keystore/java/android/security/KeyStoreCipherSpi.java | 5 | ||||
| -rw-r--r-- | keystore/java/android/security/KeyStoreHmacSpi.java | 6 |
3 files changed, 12 insertions, 2 deletions
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index f3b447e..1563863 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -543,6 +543,8 @@ public class KeyStore { return new KeyStoreException(errorCode, "Key not found"); case VALUE_CORRUPTED: return new KeyStoreException(errorCode, "Key blob corrupted"); + case OP_AUTH_NEEDED: + return new KeyStoreException(errorCode, "Operation requires authorization"); default: return new KeyStoreException(errorCode, String.valueOf(errorCode)); } @@ -572,6 +574,7 @@ public class KeyStore { case KeymasterDefs.KM_ERROR_KEY_NOT_YET_VALID: return new KeyNotYetValidException(); case KeymasterDefs.KM_ERROR_KEY_USER_NOT_AUTHENTICATED: + case OP_AUTH_NEEDED: { // We now need to determine whether the key/operation can become usable if user // authentication is performed, or whether it can never become usable again. diff --git a/keystore/java/android/security/KeyStoreCipherSpi.java b/keystore/java/android/security/KeyStoreCipherSpi.java index 9393e32..125ca41 100644 --- a/keystore/java/android/security/KeyStoreCipherSpi.java +++ b/keystore/java/android/security/KeyStoreCipherSpi.java @@ -298,7 +298,8 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry mAdditionalEntropyForBegin = null; if (opResult == null) { throw new KeyStoreConnectException(); - } else if (opResult.resultCode != KeyStore.NO_ERROR) { + } else if ((opResult.resultCode != KeyStore.NO_ERROR) + && (opResult.resultCode != KeyStore.OP_AUTH_NEEDED)) { switch (opResult.resultCode) { case KeymasterDefs.KM_ERROR_INVALID_NONCE: throw new InvalidAlgorithmParameterException("Invalid IV"); @@ -309,6 +310,8 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry if (opResult.token == null) { throw new IllegalStateException("Keystore returned null operation token"); } + // The operation handle/token is now either valid for use immediately or needs to be + // authorized through user authentication (if the error code was OP_AUTH_NEEDED). mOperationToken = opResult.token; mOperationHandle = opResult.operationHandle; loadAlgorithmSpecificParametersFromBeginResult(keymasterOutputArgs); diff --git a/keystore/java/android/security/KeyStoreHmacSpi.java b/keystore/java/android/security/KeyStoreHmacSpi.java index 8d71d1d..2a33721 100644 --- a/keystore/java/android/security/KeyStoreHmacSpi.java +++ b/keystore/java/android/security/KeyStoreHmacSpi.java @@ -168,12 +168,16 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp new KeymasterArguments()); if (opResult == null) { throw new KeyStoreConnectException(); - } else if (opResult.resultCode != KeyStore.NO_ERROR) { + } else if ((opResult.resultCode != KeyStore.NO_ERROR) + && (opResult.resultCode != KeyStore.OP_AUTH_NEEDED)) { throw mKeyStore.getInvalidKeyException(mKey.getAlias(), opResult.resultCode); } + if (opResult.token == null) { throw new IllegalStateException("Keystore returned null operation token"); } + // The operation handle/token is now either valid for use immediately or needs to be + // authorized through user authentication (if the error code was OP_AUTH_NEEDED). mOperationToken = opResult.token; mOperationHandle = opResult.operationHandle; mChunkedStreamer = new KeyStoreCryptoOperationChunkedStreamer( |