am 58031d5e: am 378df98e: am 3cc9e5d6: Merge "Improve the AndroidKeyStore-backed HMAC state machine."
* commit '58031d5eb5531f8bc45ac1789ea1cc9134591358':
Improve the AndroidKeyStore-backed HMAC state machine.
diff --git a/keystore/java/android/security/KeyStoreCipherSpi.java b/keystore/java/android/security/KeyStoreCipherSpi.java
index 5219086..afb5e36 100644
--- a/keystore/java/android/security/KeyStoreCipherSpi.java
+++ b/keystore/java/android/security/KeyStoreCipherSpi.java
@@ -264,8 +264,6 @@
@Override
protected int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output,
int outputOffset) throws ShortBufferException {
- ensureKeystoreOperationInitialized();
-
byte[] outputCopy = engineUpdate(input, inputOffset, inputLen);
if (outputCopy == null) {
return 0;
diff --git a/keystore/java/android/security/KeyStoreHmacSpi.java b/keystore/java/android/security/KeyStoreHmacSpi.java
index 1297cc2..6d0e1ae 100644
--- a/keystore/java/android/security/KeyStoreHmacSpi.java
+++ b/keystore/java/android/security/KeyStoreHmacSpi.java
@@ -78,7 +78,11 @@
}
mKeyAliasInKeyStore = ((KeyStoreSecretKey) key).getAlias();
+ if (mKeyAliasInKeyStore == null) {
+ throw new InvalidKeyException("Key's KeyStore alias not known");
+ }
engineReset();
+ ensureKeystoreOperationInitialized();
}
@Override
@@ -90,8 +94,18 @@
}
mOperationHandle = null;
mChunkedStreamer = null;
+ }
+
+ private void ensureKeystoreOperationInitialized() {
+ if (mChunkedStreamer != null) {
+ return;
+ }
+ if (mKeyAliasInKeyStore == null) {
+ throw new IllegalStateException("Not initialized");
+ }
KeymasterArguments keymasterArgs = new KeymasterArguments();
+ keymasterArgs.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeyStoreKeyConstraints.Algorithm.HMAC);
keymasterArgs.addInt(KeymasterDefs.KM_TAG_DIGEST, mDigest);
OperationResult opResult = mKeyStore.begin(mKeyAliasInKeyStore,
@@ -105,10 +119,10 @@
} else if (opResult.resultCode != KeyStore.NO_ERROR) {
throw KeymasterUtils.getCryptoOperationException(opResult.resultCode);
}
- mOperationToken = opResult.token;
- if (mOperationToken == null) {
+ if (opResult.token == null) {
throw new CryptoOperationException("Keystore returned null operation token");
}
+ mOperationToken = opResult.token;
mOperationHandle = opResult.operationHandle;
mChunkedStreamer = new KeyStoreCryptoOperationChunkedStreamer(
new KeyStoreCryptoOperationChunkedStreamer.MainDataStream(
@@ -122,9 +136,7 @@
@Override
protected void engineUpdate(byte[] input, int offset, int len) {
- if (mChunkedStreamer == null) {
- throw new IllegalStateException("Not initialized");
- }
+ ensureKeystoreOperationInitialized();
byte[] output;
try {
@@ -139,9 +151,7 @@
@Override
protected byte[] engineDoFinal() {
- if (mChunkedStreamer == null) {
- throw new IllegalStateException("Not initialized");
- }
+ ensureKeystoreOperationInitialized();
byte[] result;
try {