Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 708fc940 authored by Alex Klyubin's avatar Alex Klyubin
Browse files

Add KeyPermanentlyInvalidatedException. 

This enables users of AndroidKeyStore crypto to differentiate between
the key being unusable until the user is authenticated
(UserNotAuthenticatedException) and the key being permanently unusable
(KeyPermanentlyInvalidatedException). The latter is the case when the
secure lock screen has been disabled or reset, and, for keys that
require user authentication for every use, when a new fingerprint is
enrolled or all fingerprints are unenrolled.

NOTE: The KeyPermanentlyInvalidatedException subsumes/replaces the
NewFingerprintEnrolledException which has thus been removed. There
is no way to find out whether a key was permenently invalidated
specifically because a new fingerprint was added.

Bug: 20642549
Bug: 20526234
Change-Id: I0206cd99eef5c605c9c4d6afc5eea02eb3b1fe6b
parent 47ea8b3d

api/current.txt

+6 −5
Original line number Diff line number Diff line
@@ -28614,6 +28614,12 @@ package android.security { 
    method public android.security.KeyPairGeneratorSpec.Builder setUserAuthenticationValidityDurationSeconds(int);

  }













  public class KeyPermanentlyInvalidatedException extends java.security.InvalidKeyException {













    ctor public KeyPermanentlyInvalidatedException();













    ctor public KeyPermanentlyInvalidatedException(java.lang.String);













    ctor public KeyPermanentlyInvalidatedException(java.lang.String, java.lang.Throwable);













  }



























  public abstract class KeyStoreKeyProperties {















  }
























@@ -28694,11 +28700,6 @@ package android.security {













    method public boolean isCleartextTrafficPermitted();















  }



























  public class NewFingerprintEnrolledException extends java.security.InvalidKeyException {













    ctor public NewFingerprintEnrolledException();













    ctor public NewFingerprintEnrolledException(java.lang.String);













  }



























  public class UserNotAuthenticatedException extends java.security.InvalidKeyException {















    ctor public UserNotAuthenticatedException();















    ctor public UserNotAuthenticatedException(java.lang.String);

























api/system-current.txt



+6
−5




























Original line number
Diff line number
Diff line








@@ -30619,6 +30619,12 @@ package android.security {













    method public android.security.KeyPairGeneratorSpec.Builder setUserAuthenticationValidityDurationSeconds(int);















  }



























  public class KeyPermanentlyInvalidatedException extends java.security.InvalidKeyException {













    ctor public KeyPermanentlyInvalidatedException();













    ctor public KeyPermanentlyInvalidatedException(java.lang.String);













    ctor public KeyPermanentlyInvalidatedException(java.lang.String, java.lang.Throwable);













  }



























  public abstract class KeyStoreKeyProperties {















  }
























@@ -30699,11 +30705,6 @@ package android.security {













    method public boolean isCleartextTrafficPermitted();















  }



























  public class NewFingerprintEnrolledException extends java.security.InvalidKeyException {













    ctor public NewFingerprintEnrolledException();













    ctor public NewFingerprintEnrolledException(java.lang.String);













  }



























  public class UserNotAuthenticatedException extends java.security.InvalidKeyException {















    ctor public UserNotAuthenticatedException();















    ctor public UserNotAuthenticatedException(java.lang.String);

























core/java/android/security/keymaster/KeyCharacteristics.java



+22
−0




























Original line number
Diff line number
Diff line








@@ -87,6 +87,28 @@ public class KeyCharacteristics implements Parcelable {













        return result;















    }





























    public Long getLong(int tag) {













        if (hwEnforced.containsTag(tag)) {













            return hwEnforced.getLong(tag, -1);













        } else if (swEnforced.containsTag(tag)) {













            return swEnforced.getLong(tag, -1);













        } else {













            return null;













        }













    }



























    public long getLong(int tag, long defaultValue) {













        Long result = getLong(tag);













        return (result != null) ? result : defaultValue;













    }



























    public List<Long> getLongs(int tag) {













        List<Long> result = new ArrayList<Long>();













        result.addAll(hwEnforced.getLongs(tag));













        result.addAll(swEnforced.getLongs(tag));













        return result;













    }





























    public Date getDate(int tag) {















        Date result = hwEnforced.getDate(tag, null);















        if (result == null) {

































keystore/java/android/security/GateKeeper.java



+6
−2




























Original line number
Diff line number
Diff line








@@ -15,13 +15,17 @@ public abstract class GateKeeper {













    private GateKeeper() {}































    public static IGateKeeperService getService() {













        return IGateKeeperService.Stub.asInterface(













        IGateKeeperService service = IGateKeeperService.Stub.asInterface(















                ServiceManager.getService("android.service.gatekeeper.IGateKeeperService"));













        if (service == null) {













            throw new IllegalStateException("Gatekeeper service not available");













        }













        return service;















    }































    public static long getSecureUserId() throws IllegalStateException {















        try {













            return GateKeeper.getService().getSecureUserId(UserHandle.myUserId());













            return getService().getSecureUserId(UserHandle.myUserId());















        } catch (RemoteException e) {















            throw new IllegalStateException(















                    "Failed to obtain secure user ID from gatekeeper", e);

































keystore/java/android/security/NewFingerprintEnrolledException.javakeystore/java/android/security/KeyPermanentlyInvalidatedException.java



+55
−0




























Original line number
Diff line number
Diff line








@@ -19,23 +19,37 @@ package android.security;













import java.security.InvalidKeyException;































/**













 * Indicates that a cryptographic operation could not be performed because the key used by the













 * operation is permanently invalid because a new fingerprint was enrolled.













 * Indicates that the key can no longer be used because it has been permanently invalidated.













 *













 * <p>This can currently occur only for keys that require user authentication. Such keys are













 * permanently invalidated once the secure lock screen is disabled (i.e., reconfigured to None,













 * Swipe or other mode which does not authenticate the user) or when the secure lock screen is













 * forcibly reset (e.g., by Device Admin). Additionally, keys configured to require user













 * authentication for every use of the key are also permanently invalidated once a new fingerprint













 * is enrolled or once no more fingerprints are enrolled.















 */













public class NewFingerprintEnrolledException extends InvalidKeyException {













public class KeyPermanentlyInvalidatedException extends InvalidKeyException {































    /**













     * Constructs a new {@code NewFingerprintEnrolledException} without detail message and cause.













     * Constructs a new {@code KeyPermanentlyInvalidatedException} without detail message and cause.















     */













    public NewFingerprintEnrolledException() {













        super("Invalid key: new fingerprint enrolled");













    public KeyPermanentlyInvalidatedException() {













        super("Key permanently invalidated");















    }































    /**













     * Constructs a new {@code NewFingerprintEnrolledException} with the provided detail message and













     * no cause.













     * Constructs a new {@code KeyPermanentlyInvalidatedException} with the provided detail message













     * and no cause.















     */













    public NewFingerprintEnrolledException(String message) {













    public KeyPermanentlyInvalidatedException(String message) {















        super(message);















    }



























    /**













     * Constructs a new {@code KeyPermanentlyInvalidatedException} with the provided detail message













     * and cause.













     */













    public KeyPermanentlyInvalidatedException(String message, Throwable cause) {













        super(message, cause);













    }















}