Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a9a04e2b authored by Bo Zhu's avatar Bo Zhu
Browse files

Add loging for application key decryption failures as well 

Test: adb shell am instrument -w -e package
com.android.server.locksettings.recoverablekeystore
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner

Change-Id: I00aca841fac86f0529aee681cd97b7726ad49650
Bug: 72213759
parent 31a40c09

services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java

+18 −2
Original line number Diff line number Diff line
@@ -456,7 +456,6 @@ public class RecoverableKeyStoreManager { 
    private byte[] decryptRecoveryKey(

            RecoverySessionStorage.Entry sessionEntry, byte[] encryptedClaimResponse)

            throws RemoteException, ServiceSpecificException {

        // TODO: Remove the extensive loggings in this function

        byte[] locallyEncryptedKey;

        try {

            locallyEncryptedKey = KeySyncUtils.decryptRecoveryClaimResponse(
@@ -464,6 +463,7 @@ public class RecoverableKeyStoreManager { 
                    sessionEntry.getVaultParams(),

                    encryptedClaimResponse);

        } catch (InvalidKeyException e) {

            // TODO: Remove the extraneous logging here

            Log.e(TAG, "Got InvalidKeyException during decrypting recovery claim response", e);

            Log.e(TAG, constructLoggingMessage("sessionEntry.getKeyClaimant()",

                    sessionEntry.getKeyClaimant()));
@@ -473,6 +473,7 @@ public class RecoverableKeyStoreManager { 
            throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED,

                    "Failed to decrypt recovery key " + e.getMessage());

        } catch (AEADBadTagException e) {

            // TODO: Remove the extraneous logging here

            Log.e(TAG, "Got AEADBadTagException during decrypting recovery claim response", e);

            Log.e(TAG, constructLoggingMessage("sessionEntry.getKeyClaimant()",

                    sessionEntry.getKeyClaimant()));
@@ -489,6 +490,7 @@ public class RecoverableKeyStoreManager { 
        try {

            return KeySyncUtils.decryptRecoveryKey(sessionEntry.getLskfHash(), locallyEncryptedKey);

        } catch (InvalidKeyException e) {

            // TODO: Remove the extraneous logging here

            Log.e(TAG, "Got InvalidKeyException during decrypting recovery key", e);

            Log.e(TAG, constructLoggingMessage("sessionEntry.getLskfHash()",

                    sessionEntry.getLskfHash()));
@@ -496,6 +498,7 @@ public class RecoverableKeyStoreManager { 
            throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED,

                    "Failed to decrypt recovery key " + e.getMessage());

        } catch (AEADBadTagException e) {

            // TODO: Remove the extraneous logging here

            Log.e(TAG, "Got AEADBadTagException during decrypting recovery key", e);

            Log.e(TAG, constructLoggingMessage("sessionEntry.getLskfHash()",

                    sessionEntry.getLskfHash()));
@@ -538,7 +541,20 @@ public class RecoverableKeyStoreManager { 
                Log.wtf(TAG, "Missing SecureBox algorithm. AOSP required to support this.", e);

                throw new ServiceSpecificException(

                        ERROR_SERVICE_INTERNAL_ERROR, e.getMessage());

            } catch (InvalidKeyException | AEADBadTagException e) {

            } catch (InvalidKeyException e) {

                // TODO: Remove the extraneous logging here

                Log.e(TAG, "Got InvalidKeyException during decrypting application key with alias: "

                        + alias, e);

                Log.e(TAG, constructLoggingMessage("recoveryKey", recoveryKey));

                Log.e(TAG, constructLoggingMessage("encryptedKeyMaterial", encryptedKeyMaterial));

                throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED,

                        "Failed to recover key with alias '" + alias + "': " + e.getMessage());

            } catch (AEADBadTagException e) {

                // TODO: Remove the extraneous logging here

                Log.e(TAG, "Got AEADBadTagException during decrypting application key with alias: "

                        + alias, e);

                Log.e(TAG, constructLoggingMessage("recoveryKey", recoveryKey));

                Log.e(TAG, constructLoggingMessage("encryptedKeyMaterial", encryptedKeyMaterial));

                throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED,

                        "Failed to recover key with alias '" + alias + "': " + e.getMessage());

            }