commit 906147cdb3663b1aa5f6ebdc4a8ce2ce509ffa27
author Janis Danisevskis <jdanis@google.com> Tue Nov 06 14:14:05 2018 -0800
committer Janis Danisevskis <jdanis@google.com> Wed Nov 21 18:42:17 2018 +0000
tree dc12b2c48b0250736ea7568fe5f8d703cb7e0b8d
parent 4492ec573ae421affd3adebb1d583fcf33508bb4

Fix deleting legacy key blobs

Since the keystore alias prefix USERSKEY was deprecated
Credentials.deleteUserKeyTypeForAlias tried to delete key the
remaining prefix first and if that failed tried to delete the
legacy prefix.
However, KeyStore.delete returns true if the key was deleted or
did not exist. So the first call to delete would return true
whether the key existed or not and the legacy alias would never be
deleted.

This patch introduces a new flavor of KeyStore.delete, that returns an
error code instead of a boolean. The caller can now distinguish
the nature of the failure. Credentials.deleteUserKeyTypeForAlias now
checks this return code and attempts to delete the legacy variant if
KEY_NOT_FOUND was returned.

Bug: 117818447
Change-Id: Ifae1f3dbb07d85d94f430ead2cdd3e39d22436a4

keystore/java/android/security/Credentials.java

diff --git a/keystore/java/android/security/Credentials.java b/keystore/java/android/security/Credentials.java
index 7216a22..072fe73 100644
--- a/keystore/java/android/security/Credentials.java
+++ b/keystore/java/android/security/Credentials.java
@@ -282,8 +282,11 @@
      * Returns {@code true} if the entry no longer exists.
      */
     public static boolean deleteUserKeyTypeForAlias(KeyStore keystore, String alias, int uid) {
-        return keystore.delete(Credentials.USER_PRIVATE_KEY + alias, uid) ||
-                keystore.delete(Credentials.USER_SECRET_KEY + alias, uid);
+        int ret = keystore.delete2(Credentials.USER_PRIVATE_KEY + alias, uid);
+        if (ret == KeyStore.KEY_NOT_FOUND) {
+            return keystore.delete(Credentials.USER_SECRET_KEY + alias, uid);
+        }
+        return ret == KeyStore.NO_ERROR;
     }
 
     /**

keystore/java/android/security/KeyStore.java

diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index e1c1138..6ac52d1 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -255,16 +255,20 @@
         }
     }
 
-    public boolean delete(String key, int uid) {
+    int delete2(String key, int uid) {
         try {
-            int ret = mBinder.del(key, uid);
-            return (ret == NO_ERROR || ret == KEY_NOT_FOUND);
+            return mBinder.del(key, uid);
         } catch (RemoteException e) {
             Log.w(TAG, "Cannot connect to keystore", e);
-            return false;
+            return SYSTEM_ERROR;
         }
     }
 
+    public boolean delete(String key, int uid) {
+        int ret = delete2(key, uid);
+        return ret == NO_ERROR || ret == KEY_NOT_FOUND;
+    }
+
     @UnsupportedAppUsage
     public boolean delete(String key) {
         return delete(key, UID_SELF);