Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f568ae7e authored by Rubin Xu's avatar Rubin Xu
Browse files

Throw exception when SyntheticPassword key is missing 

Throws early if keystore returns a null key. Otherwise the null
value will be passed into Conscrypt which will throw a confusing
exception "Only SecretKey is supported"

Also add a log when key is deleted on purpose, just in case it
helps us catching the case when the key's gone missing on some devices.

Bug: 141565253
Test: builds
Change-Id: Iee56c8295f84f662876704ac6583f4b34b56876b
parent a2261e72

services/core/java/com/android/server/locksettings/SyntheticPasswordCrypto.java

+7 −0
Original line number Diff line number Diff line
@@ -129,6 +129,9 @@ public class SyntheticPasswordCrypto { 
            keyStore.load(null);



            SecretKey decryptionKey = (SecretKey) keyStore.getKey(keyAlias, null);

            if (decryptionKey == null) {

                throw new IllegalStateException("SP key is missing: " + keyAlias);

            }

            byte[] intermediate = decrypt(applicationId, APPLICATION_ID_PERSONALIZATION, blob);

            return decrypt(decryptionKey, intermediate);

        } catch (Exception e) {
@@ -143,6 +146,9 @@ public class SyntheticPasswordCrypto { 
            keyStore.load(null);



            SecretKey decryptionKey = (SecretKey) keyStore.getKey(keyAlias, null);

            if (decryptionKey == null) {

                throw new IllegalStateException("SP key is missing: " + keyAlias);

            }

            byte[] intermediate = decrypt(decryptionKey, blob);

            return decrypt(applicationId, APPLICATION_ID_PERSONALIZATION, intermediate);

        } catch (CertificateException | IOException | BadPaddingException
@@ -193,6 +199,7 @@ public class SyntheticPasswordCrypto { 
            keyStore = KeyStore.getInstance("AndroidKeyStore");

            keyStore.load(null);

            keyStore.deleteEntry(keyAlias);

            Slog.i(TAG, "SP key deleted: " + keyAlias);

        } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException

                | IOException e) {

            Slog.e(TAG, "Failed to destroy blob", e);