Adding KEY_PERMANENTLY_INVALIDATED int (b2cc3dc2) · Commits · e / os / android_frameworks_base

core/java/android/security/keystore/recovery/RecoveryController.java

+7 −3

Original line number	Diff line number	Diff line
		@@ -29,6 +29,7 @@ import android.os.ServiceManager;
		import android.os.ServiceSpecificException;
		import android.security.KeyStore;
		import android.security.keystore.AndroidKeyStoreProvider;
		import android.security.keystore.KeyPermanentlyInvalidatedException;

		import com.android.internal.widget.ILockSettings;

		@@ -635,7 +636,7 @@ public class RecoveryController {
		return getKeyFromGrant(grantAlias);
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		} catch (UnrecoverableKeyException e) {
		} catch (KeyPermanentlyInvalidatedException \| UnrecoverableKeyException e) {
		throw new InternalRecoveryServiceException("Failed to get key from keystore", e);
		} catch (ServiceSpecificException e) {
		if (e.errorCode == ERROR_INSECURE_USER) {
		@@ -666,7 +667,7 @@ public class RecoveryController {
		return getKeyFromGrant(grantAlias);
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		} catch (UnrecoverableKeyException e) {
		} catch (KeyPermanentlyInvalidatedException \| UnrecoverableKeyException e) {
		throw new InternalRecoveryServiceException("Failed to get key from keystore", e);
		} catch (ServiceSpecificException e) {
		if (e.errorCode == ERROR_INSECURE_USER) {
		@@ -696,6 +697,8 @@ public class RecoveryController {
		return getKeyFromGrant(grantAlias);
		} catch (RemoteException e) {
		throw e.rethrowFromSystemServer();
		} catch (KeyPermanentlyInvalidatedException \| UnrecoverableKeyException e) {
		throw new UnrecoverableKeyException("Failed to get key from keystore");
		} catch (ServiceSpecificException e) {
		throw wrapUnexpectedServiceSpecificException(e);
		}
		@@ -704,7 +707,8 @@ public class RecoveryController {
		/**
		* Returns the key with the given {@code grantAlias}.
		*/
		@NonNull Key getKeyFromGrant(@NonNull String grantAlias) throws UnrecoverableKeyException {
		@NonNull Key getKeyFromGrant(@NonNull String grantAlias)
		throws UnrecoverableKeyException, KeyPermanentlyInvalidatedException {
		return AndroidKeyStoreProvider.loadAndroidKeyStoreKeyFromKeystore(
		mKeyStore,
		grantAlias,

core/java/android/security/keystore/recovery/RecoverySession.java

+2 −1

Original line number	Diff line number	Diff line
		@@ -22,6 +22,7 @@ import android.annotation.RequiresPermission;
		import android.annotation.SystemApi;
		import android.os.RemoteException;
		import android.os.ServiceSpecificException;
		import android.security.keystore.KeyPermanentlyInvalidatedException;
		import android.util.ArrayMap;
		import android.util.Log;

		@@ -218,7 +219,7 @@ public class RecoverySession implements AutoCloseable {
		Key key;
		try {
		key = mRecoveryController.getKeyFromGrant(grantAlias);
		} catch (UnrecoverableKeyException e) {
		} catch (KeyPermanentlyInvalidatedException \| UnrecoverableKeyException e) {
		throw new InternalRecoveryServiceException(
		String.format(
		Locale.US,

keystore/java/android/security/KeyChain.java

+2 −1

Original line number	Diff line number	Diff line
		@@ -36,6 +36,7 @@ import android.os.Process;
		import android.os.RemoteException;
		import android.os.UserHandle;
		import android.security.keystore.AndroidKeyStoreProvider;
		import android.security.keystore.KeyPermanentlyInvalidatedException;
		import android.security.keystore.KeyProperties;

		import java.io.ByteArrayInputStream;
		@@ -538,7 +539,7 @@ public final class KeyChain {
		try {
		return AndroidKeyStoreProvider.loadAndroidKeyStoreKeyPairFromKeystore(
		KeyStore.getInstance(), keyId, KeyStore.UID_SELF);
		} catch (RuntimeException \| UnrecoverableKeyException e) {
		} catch (RuntimeException \| UnrecoverableKeyException \| KeyPermanentlyInvalidatedException e) {
		throw new KeyChainException(e);
		}
		}

keystore/java/android/security/KeyStore.java

+5 −0

Original line number	Diff line number	Diff line
		@@ -95,6 +95,9 @@ public class KeyStore {
		*/
		public static final int OP_AUTH_NEEDED = 15;

		// Used when a user changes their pin, invalidating old auth bound keys.
		public static final int KEY_PERMANENTLY_INVALIDATED = 17;

		// Used for UID field to indicate the calling UID.
		public static final int UID_SELF = -1;

		@@ -1185,6 +1188,8 @@ public class KeyStore {
		return new KeyStoreException(errorCode, "Key blob corrupted");
		case OP_AUTH_NEEDED:
		return new KeyStoreException(errorCode, "Operation requires authorization");
		case KEY_PERMANENTLY_INVALIDATED:
		return new KeyStoreException(errorCode, "Key permanently invalidated");
		default:
		return new KeyStoreException(errorCode, String.valueOf(errorCode));
		}

keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -526,7 +526,7 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
		+ result.getPrivate().getAlgorithm() + " vs " + mJcaKeyAlgorithm);
		}
		return result;
		} catch (UnrecoverableKeyException e) {
		} catch (UnrecoverableKeyException \| KeyPermanentlyInvalidatedException e) {
		throw new ProviderException("Failed to load generated key pair from keystore", e);
		}
		}