commit 6669421021d127235734a4e13afd830da78c687d
author Max Bires <jbires@google.com> Fri Nov 02 10:45:12 2018 -0700
committer Max Bires <jbires@google.com> Sun Feb 10 23:36:23 2019 +0000
tree 0ff226be1e0210e192196d5832a174c87860f8be
parent fe2a27d9a92784e6ee3e3a3e18c1d89ab220f22f

Adding KEY_PERMANENTLY_INVALIDATED to ResponseCode

This response code needs to be added in the condition where a super
encrypted key blob fails to be read in after a user changes their pin.
Currently, the error code being sent back is VALUE_CORRUPTED, which is
incorrect.

Bug: 118883532
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/AuthBoundKeyTest.java
Change-Id: I188948e6e2e66903ee259108db9b8d26d11ca92c
Merged-In: I188948e6e2e66903ee259108db9b8d26d11ca92c

keystore/blob.cpp

diff --git a/keystore/blob.cpp b/keystore/blob.cpp
index f887e80..ee56245 100644
--- a/keystore/blob.cpp
+++ b/keystore/blob.cpp
@@ -400,7 +400,16 @@
         if (rawBlobIsEncrypted(*rawBlob)) {
             rc = AES_gcm_decrypt(rawBlob->value /* in */, rawBlob->value /* out */, encryptedLength,
                                  aes_key, rawBlob->initialization_vector, rawBlob->aead_tag);
-            if (rc != ResponseCode::NO_ERROR) return rc;
+            if (rc != ResponseCode::NO_ERROR) {
+                // If the blob was superencrypted and decryption failed, it is
+                // almost certain that decryption is failing due to a user's
+                // changed master key.
+                if ((rawBlob->flags & KEYSTORE_FLAG_SUPER_ENCRYPTED) &&
+                    (rc == ResponseCode::VALUE_CORRUPTED)) {
+                    return ResponseCode::KEY_PERMANENTLY_INVALIDATED;
+                }
+                return rc;
+            }
         }
     } else if (rawBlob->version < 3) {
         blobv2& v2blob = reinterpret_cast<blobv2&>(*rawBlob);