Merge "Require DeleteAllKeys to work regardless of rollback resistance tag"... (53c72989) · Commits · e / os / android_hardware_interfaces

security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl

+2 −4

Original line number	Diff line number	Diff line
		@@ -549,9 +549,7 @@ interface IKeyMintDevice {

		/**
		* Deletes all keys in the hardware keystore. Used when keystore is reset completely. After
		* this function is called all keys with Tag::ROLLBACK_RESISTANCE in their hardware-enforced
		* authorization lists must be rendered permanently unusable. Keys without
		* Tag::ROLLBACK_RESISTANCE may or may not be rendered unusable.
		* this function is called all keys created previously must be rendered permanently unusable.
		*/
		void deleteAllKeys();

+2 −8

Original line number	Diff line number	Diff line
		@@ -8305,21 +8305,15 @@ TEST_P(KeyDeletionTest, DeleteAllKeys) {
		GTEST_SKIP() << "Option --arm_deleteAllKeys not set";
		return;
		}
		// This test was introduced in API level 36, but is not version guarded because it requires a
		// manual opt-in anyway. This makes it easier to run on older devices.
		auto error = GenerateKey(AuthorizationSetBuilder()
		.RsaSigningKey(2048, 65537)
		.Digest(Digest::NONE)
		.Padding(PaddingMode::NONE)
		.Authorization(TAG_NO_AUTH_REQUIRED)
		.Authorization(TAG_ROLLBACK_RESISTANCE)
		.SetDefaultValidity());
		if (error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE) {
		GTEST_SKIP() << "Rollback resistance not supported";
		}

		// Delete must work if rollback protection is implemented
		ASSERT_EQ(ErrorCode::OK, error);
		AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
		ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));

		ASSERT_EQ(ErrorCode::OK, DeleteAllKeys());