Loading services/core/java/com/android/server/LockSettingsService.java +42 −29 Original line number Diff line number Diff line Loading @@ -584,6 +584,18 @@ public class LockSettingsService extends ILockSettings.Stub { Slog.e(TAG, "Invalid tied profile lock type: " + quality); } } try { final String alias = LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userInfo.id; java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); if (keyStore.containsAlias(alias)) { keyStore.deleteEntry(alias); } } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) { Slog.e(TAG, "Unable to remove tied profile key", e); } } } catch (RemoteException re) { Slog.e(TAG, "Unable to migrate old data", re); Loading Loading @@ -1027,9 +1039,9 @@ public class LockSettingsService extends ILockSettings.Stub { KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES); keyGenerator.init(new SecureRandom()); SecretKey secretKey = keyGenerator.generateKey(); java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); try { keyStore.setEntry( LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId, new java.security.KeyStore.SecretKeyEntry(secretKey), Loading @@ -1046,18 +1058,19 @@ public class LockSettingsService extends ILockSettings.Stub { .setUserAuthenticationRequired(true) .setUserAuthenticationValidityDurationSeconds(30) .build()); // Key imported, obtain a reference to it. SecretKey keyStoreEncryptionKey = (SecretKey) keyStore.getKey( LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId, null); // The original key can now be discarded. Cipher cipher = Cipher.getInstance( KeyProperties.KEY_ALGORITHM_AES + "/" + KeyProperties.BLOCK_MODE_GCM + "/" + KeyProperties.ENCRYPTION_PADDING_NONE); cipher.init(Cipher.ENCRYPT_MODE, keyStoreEncryptionKey); encryptionResult = cipher.doFinal(randomLockSeed); iv = cipher.getIV(); } finally { // The original key can now be discarded. keyStore.deleteEntry(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId); } } catch (CertificateException | UnrecoverableKeyException | IOException | BadPaddingException | IllegalBlockSizeException | KeyStoreException | NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) { Loading Loading
services/core/java/com/android/server/LockSettingsService.java +42 −29 Original line number Diff line number Diff line Loading @@ -584,6 +584,18 @@ public class LockSettingsService extends ILockSettings.Stub { Slog.e(TAG, "Invalid tied profile lock type: " + quality); } } try { final String alias = LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userInfo.id; java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); if (keyStore.containsAlias(alias)) { keyStore.deleteEntry(alias); } } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) { Slog.e(TAG, "Unable to remove tied profile key", e); } } } catch (RemoteException re) { Slog.e(TAG, "Unable to migrate old data", re); Loading Loading @@ -1027,9 +1039,9 @@ public class LockSettingsService extends ILockSettings.Stub { KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES); keyGenerator.init(new SecureRandom()); SecretKey secretKey = keyGenerator.generateKey(); java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); try { keyStore.setEntry( LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId, new java.security.KeyStore.SecretKeyEntry(secretKey), Loading @@ -1046,18 +1058,19 @@ public class LockSettingsService extends ILockSettings.Stub { .setUserAuthenticationRequired(true) .setUserAuthenticationValidityDurationSeconds(30) .build()); // Key imported, obtain a reference to it. SecretKey keyStoreEncryptionKey = (SecretKey) keyStore.getKey( LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId, null); // The original key can now be discarded. Cipher cipher = Cipher.getInstance( KeyProperties.KEY_ALGORITHM_AES + "/" + KeyProperties.BLOCK_MODE_GCM + "/" + KeyProperties.ENCRYPTION_PADDING_NONE); cipher.init(Cipher.ENCRYPT_MODE, keyStoreEncryptionKey); encryptionResult = cipher.doFinal(randomLockSeed); iv = cipher.getIV(); } finally { // The original key can now be discarded. keyStore.deleteEntry(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + userId); } } catch (CertificateException | UnrecoverableKeyException | IOException | BadPaddingException | IllegalBlockSizeException | KeyStoreException | NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) { Loading
