From 459ef1e7ce2a128f194087f9689df830b7870884 Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Wed, 29 Apr 2015 20:28:41 -0700
Subject: Surface KeyPermanentlyInvalidatedException for per-op auth keys.

Bug: 20642549
Change-Id: Ibda270921f13a1fd695264583b0e4bd255f63aed
---
 keystore/java/android/security/KeyStoreCipherSpi.java | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'keystore/java/android/security/KeyStoreCipherSpi.java')

diff --git a/keystore/java/android/security/KeyStoreCipherSpi.java b/keystore/java/android/security/KeyStoreCipherSpi.java
index 125ca41..917f716 100644
--- a/keystore/java/android/security/KeyStoreCipherSpi.java
+++ b/keystore/java/android/security/KeyStoreCipherSpi.java
@@ -320,6 +320,16 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry
         mMainDataStreamer = new KeyStoreCryptoOperationChunkedStreamer(
                 new KeyStoreCryptoOperationChunkedStreamer.MainDataStream(
                         mKeyStore, opResult.token));
+
+        if (opResult.resultCode != KeyStore.NO_ERROR) {
+            // The operation requires user authentication. Check whether such authentication is
+            // possible (e.g., the key may have been permanently invalidated).
+            InvalidKeyException e =
+                    mKeyStore.getInvalidKeyException(mKey.getAlias(), opResult.resultCode);
+            if (!(e instanceof UserNotAuthenticatedException)) {
+                throw e;
+            }
+        }
     }
 
     @Override
-- 
cgit v1.1