Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ff635634 authored by Victor Hsieh's avatar Victor Hsieh
Browse files

Require DeleteAllKeys to work regardless of rollback resistance tag

Bug: 376261153
Test: VtsAidlKeyMintTargetTest --gtest_filter=*DeleteAllKeys* --arm_deleteAllKeys
Change-Id: Icff430509710ec928ca0b803a5bc4d1fb4e8ab88
parent a5ad8db5
Loading
Loading
Loading
Loading
+2 −4
Original line number Diff line number Diff line
@@ -549,9 +549,7 @@ interface IKeyMintDevice {

    /**
     * Deletes all keys in the hardware keystore. Used when keystore is reset completely. After
     * this function is called all keys with Tag::ROLLBACK_RESISTANCE in their hardware-enforced
     * authorization lists must be rendered permanently unusable.  Keys without
     * Tag::ROLLBACK_RESISTANCE may or may not be rendered unusable.
     * this function is called all keys created previously must be rendered permanently unusable.
     */
    void deleteAllKeys();

+2 −8
Original line number Diff line number Diff line
@@ -8305,21 +8305,15 @@ TEST_P(KeyDeletionTest, DeleteAllKeys) {
        GTEST_SKIP() << "Option --arm_deleteAllKeys not set";
        return;
    }
    // This test was introduced in API level 36, but is not version guarded because it requires a
    // manual opt-in anyway. This makes it easier to run on older devices.
    auto error = GenerateKey(AuthorizationSetBuilder()
                                     .RsaSigningKey(2048, 65537)
                                     .Digest(Digest::NONE)
                                     .Padding(PaddingMode::NONE)
                                     .Authorization(TAG_NO_AUTH_REQUIRED)
                                     .Authorization(TAG_ROLLBACK_RESISTANCE)
                                     .SetDefaultValidity());
    if (error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE) {
        GTEST_SKIP() << "Rollback resistance not supported";
    }

    // Delete must work if rollback protection is implemented
    ASSERT_EQ(ErrorCode::OK, error);
    AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
    ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));

    ASSERT_EQ(ErrorCode::OK, DeleteAllKeys());