Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f739c03a authored by Annie Meng's avatar Annie Meng Committed by android-build-merger
Browse files

Merge "Invalidate existing keys when platform_key_generation_id is set" into qt-dev

am: 03078786

Change-Id: I7f3c63a683954ec6f2e4d7159d364037efbbe4cc
parents 554e191d 03078786
Loading
Loading
Loading
Loading
+4 −6
Original line number Diff line number Diff line
@@ -333,6 +333,7 @@ public class RecoverableKeyStoreDb {
        String[] selectionArguments = new String[] {String.valueOf(userId)};

        ensureUserMetadataEntryExists(userId);
        invalidateKeysForUser(userId);
        return db.update(UserMetadataEntry.TABLE_NAME, values, selection, selectionArguments);
    }

@@ -394,16 +395,13 @@ public class RecoverableKeyStoreDb {
    /**
     * Updates status of old keys to {@code RecoveryController.RECOVERY_STATUS_PERMANENT_FAILURE}.
     */
    public void invalidateKeysWithOldGenerationId(int userId, int newGenerationId) {
    public void invalidateKeysForUser(int userId) {
        SQLiteDatabase db = mKeyStoreDbHelper.getWritableDatabase();
        ContentValues values = new ContentValues();
        values.put(KeysEntry.COLUMN_NAME_RECOVERY_STATUS,
                RecoveryController.RECOVERY_STATUS_PERMANENT_FAILURE);
        String selection =
                KeysEntry.COLUMN_NAME_USER_ID + " = ? AND "
                + KeysEntry.COLUMN_NAME_GENERATION_ID + " < ?";
        db.update(KeysEntry.TABLE_NAME, values, selection,
            new String[] {String.valueOf(userId), String.valueOf(newGenerationId)});
        String selection = KeysEntry.COLUMN_NAME_USER_ID + " = ?";
        db.update(KeysEntry.TABLE_NAME, values, selection, new String[] {String.valueOf(userId)});
    }

    /**
+27 −2
Original line number Diff line number Diff line
@@ -329,6 +329,31 @@ public class RecoverableKeyStoreDbTest {
        assertEquals(serialNumber, mRecoverableKeyStoreDb.getUserSerialNumbers().get(userId));
    }

    @Test
    public void setPlatformKeyGenerationId_invalidatesExistingKeysForUser() {
        int userId = 42;
        int generationId = 110;
        int uid = 1009;
        int status = 120;
        String alias = "test";
        byte[] nonce = getUtf8Bytes("nonce");
        byte[] keyMaterial = getUtf8Bytes("keymaterial");
        byte[] keyMetadata = null;

        WrappedKey wrappedKey =
                new WrappedKey(nonce, keyMaterial, keyMetadata, generationId, status);
        mRecoverableKeyStoreDb.insertKey(userId, uid, alias, wrappedKey);

        WrappedKey retrievedKey = mRecoverableKeyStoreDb.getKey(uid, alias);
        assertThat(retrievedKey.getRecoveryStatus()).isEqualTo(status);

        mRecoverableKeyStoreDb.setPlatformKeyGenerationId(userId, generationId + 1);

        retrievedKey = mRecoverableKeyStoreDb.getKey(uid, alias);
        assertThat(retrievedKey.getRecoveryStatus())
                .isEqualTo(RecoveryController.RECOVERY_STATUS_PERMANENT_FAILURE);
    }


    @Test
    public void removeUserFromAllTables_removesData() throws Exception {
@@ -439,7 +464,7 @@ public class RecoverableKeyStoreDbTest {
    }

    @Test
    public void testInvalidateKeysWithOldGenerationId_withSingleKey() {
    public void testInvalidateKeysForUser_withSingleKey() {
        int userId = 12;
        int uid = 1009;
        int generationId = 6;
@@ -458,7 +483,7 @@ public class RecoverableKeyStoreDbTest {
        assertThat(retrievedKey.getRecoveryStatus()).isEqualTo(status);

        mRecoverableKeyStoreDb.setRecoveryStatus(uid, alias, status2);
        mRecoverableKeyStoreDb.invalidateKeysWithOldGenerationId(userId, generationId + 1);
        mRecoverableKeyStoreDb.invalidateKeysForUser(userId);

        retrievedKey = mRecoverableKeyStoreDb.getKey(uid, alias);
        assertThat(retrievedKey.getRecoveryStatus())