Surface KeyPermanentlyInvalidatedException for per-op auth keys.
Bug: 20642549
Change-Id: Ibda270921f13a1fd695264583b0e4bd255f63aed
diff --git a/keystore/java/android/security/KeyStoreCipherSpi.java b/keystore/java/android/security/KeyStoreCipherSpi.java
index 125ca41..917f716 100644
--- a/keystore/java/android/security/KeyStoreCipherSpi.java
+++ b/keystore/java/android/security/KeyStoreCipherSpi.java
@@ -320,6 +320,16 @@
mMainDataStreamer = new KeyStoreCryptoOperationChunkedStreamer(
new KeyStoreCryptoOperationChunkedStreamer.MainDataStream(
mKeyStore, opResult.token));
+
+ if (opResult.resultCode != KeyStore.NO_ERROR) {
+ // The operation requires user authentication. Check whether such authentication is
+ // possible (e.g., the key may have been permanently invalidated).
+ InvalidKeyException e =
+ mKeyStore.getInvalidKeyException(mKey.getAlias(), opResult.resultCode);
+ if (!(e instanceof UserNotAuthenticatedException)) {
+ throw e;
+ }
+ }
}
@Override
diff --git a/keystore/java/android/security/KeyStoreHmacSpi.java b/keystore/java/android/security/KeyStoreHmacSpi.java
index 2a33721..4590b9c 100644
--- a/keystore/java/android/security/KeyStoreHmacSpi.java
+++ b/keystore/java/android/security/KeyStoreHmacSpi.java
@@ -183,6 +183,16 @@
mChunkedStreamer = new KeyStoreCryptoOperationChunkedStreamer(
new KeyStoreCryptoOperationChunkedStreamer.MainDataStream(
mKeyStore, mOperationToken));
+
+ if (opResult.resultCode != KeyStore.NO_ERROR) {
+ // The operation requires user authentication. Check whether such authentication is
+ // possible (e.g., the key may have been permanently invalidated).
+ InvalidKeyException e =
+ mKeyStore.getInvalidKeyException(mKey.getAlias(), opResult.resultCode);
+ if (!(e instanceof UserNotAuthenticatedException)) {
+ throw e;
+ }
+ }
}
@Override