diff options
author | Eric Biggers <ebiggers@google.com> | 2024-03-20 03:44:54 +0000 |
---|---|---|
committer | Eric Biggers <ebiggers@google.com> | 2024-03-20 06:47:47 +0000 |
commit | eed080bd2d7cce48c97a83880eb778227500778b (patch) | |
tree | daecad637da29c6191e607c5b81001aa6a2ce25c /keystore | |
parent | ed2534a15e6737478cae3afa3194e584c921d736 (diff) | |
download | base-eed080bd2d7cce48c97a83880eb778227500778b.tar.gz |
Remove the obsolete field android.security.KeyStore.NO_ERROR
There's no such thing as a NO_ERROR Keystore error code anymore, let
alone one whose numeric value is 1. The field
android.security.KeyStore.NO_ERROR is a remnant from Keystore1.
NO_ERROR existed in Keystore1 because Keystore1's binder methods used a
binder exception code of 0 ("success") even on failure, so they had to
use the return value to convey a Keystore error code or NO_ERROR.
Keystore2 instead uses binder's support for service-specific errors, and
there is no NO_ERROR error code because the success case is conveyed via
the binder exception code being 0 instead of EX_SERVICE_SPECIFIC.
Therefore, this CL removes the obsolete field
android.security.KeyStore.NO_ERROR and its two users. These users were:
- AndroidKeyStoreCipherSpiBase checked for NO_ERROR "errors" from
createOperation(). But this case is unreachable, and the operation
cannot continue without the CreateOperationResponse anyway. So this
obsolete code can just be removed.
- AuthenticationClient checked the return value of
KeyStore#addAuthToken() against NO_ERROR. But this method actually
just wraps Authorization#addAuthToken() which returns 0 on success, as
per its javadoc. So this was a bug, though it didn't matter much
since it just caused a misleading log message. Check for 0 instead.
Finally, NO_ERROR did have @UnsupportedAppUsage. But since there's no
use case for it, removing it is allowed by the non-SDK interface policy.
Bug: 326508120
Test: atest CtsKeystoreTestCases
Change-Id: I735e005d7ca39e231667dd95da533519085ba4ef
Diffstat (limited to 'keystore')
3 files changed, 9 insertions, 22 deletions
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index f105072a32bf..2cac2e150919 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -17,7 +17,6 @@ package android.security; import android.compat.annotation.UnsupportedAppUsage; -import android.os.Build; import android.os.StrictMode; /** @@ -30,10 +29,6 @@ import android.os.StrictMode; */ public class KeyStore { - // ResponseCodes - see system/security/keystore/include/keystore/keystore.h - @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553) - public static final int NO_ERROR = 1; - // Used for UID field to indicate the calling UID. public static final int UID_SELF = -1; @@ -48,8 +43,8 @@ public class KeyStore { * Add an authentication record to the keystore authorization table. * * @param authToken The packed bytes of a hw_auth_token_t to be provided to keymaster. - * @return {@code KeyStore.NO_ERROR} on success, otherwise an error value corresponding to - * a {@code KeymasterDefs.KM_ERROR_} value or {@code KeyStore} ResponseCode. + * @return 0 on success, otherwise an error value corresponding to a + * {@code KeymasterDefs.KM_ERROR_} value or {@code KeyStore} ResponseCode. */ public int addAuthToken(byte[] authToken) { StrictMode.noteDiskWrite(); diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java index 101a10e3d312..3f39eeb0cc6b 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java @@ -359,14 +359,12 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor } catch (KeyStoreException keyStoreException) { GeneralSecurityException e = KeyStoreCryptoOperationUtils.getExceptionForCipherInit( mKey, keyStoreException); - if (e != null) { - if (e instanceof InvalidKeyException) { - throw (InvalidKeyException) e; - } else if (e instanceof InvalidAlgorithmParameterException) { - throw (InvalidAlgorithmParameterException) e; - } else { - throw new ProviderException("Unexpected exception type", e); - } + if (e instanceof InvalidKeyException) { + throw (InvalidKeyException) e; + } else if (e instanceof InvalidAlgorithmParameterException) { + throw (InvalidAlgorithmParameterException) e; + } else { + throw new ProviderException("Unexpected exception type", e); } } diff --git a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java index 372e4cb3d72e..9b82206e5709 100644 --- a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java +++ b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java @@ -20,7 +20,6 @@ import android.app.ActivityThread; import android.hardware.biometrics.BiometricManager; import android.hardware.security.keymint.ErrorCode; import android.security.GateKeeper; -import android.security.KeyStore; import android.security.KeyStoreException; import android.security.KeyStoreOperation; import android.security.keymaster.KeymasterDefs; @@ -131,15 +130,10 @@ abstract class KeyStoreCryptoOperationUtils { /** * Returns the exception to be thrown by the {@code Cipher.init} method of the crypto operation - * in response to {@code KeyStore.begin} operation or {@code null} if the {@code init} method - * should succeed. + * in response to a failed {code IKeystoreSecurityLevel#createOperation()}. */ public static GeneralSecurityException getExceptionForCipherInit( AndroidKeyStoreKey key, KeyStoreException e) { - if (e.getErrorCode() == KeyStore.NO_ERROR) { - return null; - } - // Cipher-specific cases switch (e.getErrorCode()) { case KeymasterDefs.KM_ERROR_INVALID_NONCE: |