Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2abea782 authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge "Require DeleteAllKeys to work regardless of rollback resistance tag" into main

parents c44267dc ff635634
Loading
Loading
Loading
Loading
+2 −4
Original line number Diff line number Diff line
@@ -549,9 +549,7 @@ interface IKeyMintDevice {

    /**
     * Deletes all keys in the hardware keystore. Used when keystore is reset completely. After
     * this function is called all keys with Tag::ROLLBACK_RESISTANCE in their hardware-enforced
     * authorization lists must be rendered permanently unusable.  Keys without
     * Tag::ROLLBACK_RESISTANCE may or may not be rendered unusable.
     * this function is called all keys created previously must be rendered permanently unusable.
     */
    void deleteAllKeys();

+2 −8
Original line number Diff line number Diff line
@@ -8305,21 +8305,15 @@ TEST_P(KeyDeletionTest, DeleteAllKeys) {
        GTEST_SKIP() << "Option --arm_deleteAllKeys not set";
        return;
    }
    // This test was introduced in API level 36, but is not version guarded because it requires a
    // manual opt-in anyway. This makes it easier to run on older devices.
    auto error = GenerateKey(AuthorizationSetBuilder()
                                     .RsaSigningKey(2048, 65537)
                                     .Digest(Digest::NONE)
                                     .Padding(PaddingMode::NONE)
                                     .Authorization(TAG_NO_AUTH_REQUIRED)
                                     .Authorization(TAG_ROLLBACK_RESISTANCE)
                                     .SetDefaultValidity());
    if (error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE) {
        GTEST_SKIP() << "Rollback resistance not supported";
    }

    // Delete must work if rollback protection is implemented
    ASSERT_EQ(ErrorCode::OK, error);
    AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
    ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));

    ASSERT_EQ(ErrorCode::OK, DeleteAllKeys());