diff options
| author | Kenny Root <kroot@google.com> | 2012-03-26 14:54:22 -0700 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2012-03-26 14:54:22 -0700 |
| commit | 6c64e7377246153a3152b46f5291ff9dcee8dc05 (patch) | |
| tree | 00a4961e3b5b37fef19af5b50a04f6505ab69918 | |
| parent | 81c323dd54d5f0ea1e75ab392187608049b2326c (diff) | |
| parent | 8ae65e71996ce871cda97cc9114cb5211cb273bf (diff) | |
| download | libhardware-6c64e7377246153a3152b46f5291ff9dcee8dc05.tar.gz | |
Merge "Add delete_all to keymaster API"
| -rw-r--r-- | include/hardware/keymaster.h | 16 | ||||
| -rw-r--r-- | tests/keymaster/keymaster_test.cpp | 39 |
2 files changed, 55 insertions, 0 deletions
diff --git a/include/hardware/keymaster.h b/include/hardware/keymaster.h index 3c7799ac..5a7a3743 100644 --- a/include/hardware/keymaster.h +++ b/include/hardware/keymaster.h @@ -122,11 +122,27 @@ struct keymaster_device { /** * Deletes the key pair associated with the key blob. + * + * This function is optional and should be set to NULL if it is not + * implemented. + * + * Returns 0 on success or an error code less than 0. */ int (*delete_keypair)(const struct keymaster_device* dev, const uint8_t* key_blob, const size_t key_blob_length); /** + * Deletes all keys in the hardware keystore. Used when keystore is + * reset completely. + * + * This function is optional and should be set to NULL if it is not + * implemented. + * + * Returns 0 on success or an error code less than 0. + */ + int (*delete_all)(const struct keymaster_device* dev); + + /** * Signs data using a key-blob generated before. This can use either * an asymmetric key or a secret key. * diff --git a/tests/keymaster/keymaster_test.cpp b/tests/keymaster/keymaster_test.cpp index 98e94076..f4cfcd24 100644 --- a/tests/keymaster/keymaster_test.cpp +++ b/tests/keymaster/keymaster_test.cpp @@ -751,4 +751,43 @@ TEST_F(KeymasterTest, VerifyData_RSA_NullSignature_Failure) { << "Should fail on null signature"; } +TEST_F(KeymasterTest, EraseAll_Success) { + uint8_t *key1_blob, *key2_blob; + size_t key1_blob_length, key2_blob_length; + + // Only test this if the device says it supports delete_all + if (sDevice->delete_all == NULL) { + return; + } + + ASSERT_EQ(0, + sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1), + &key1_blob, &key1_blob_length)) + << "Should successfully import an RSA key"; + UniqueKey key1(&sDevice, key1_blob, key1_blob_length); + + ASSERT_EQ(0, + sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1), + &key2_blob, &key2_blob_length)) + << "Should successfully import an RSA key"; + UniqueKey key2(&sDevice, key2_blob, key2_blob_length); + + EXPECT_EQ(0, sDevice->delete_all(sDevice)) + << "Should erase all keys"; + + key1.reset(); + + uint8_t* x509_data; + size_t x509_data_length; + ASSERT_EQ(-1, + sDevice->get_keypair_public(sDevice, key1_blob, key1_blob_length, + &x509_data, &x509_data_length)) + << "Should be able to retrieve RSA public key 1 successfully"; + + ASSERT_EQ(-1, + sDevice->get_keypair_public(sDevice, key2_blob, key2_blob_length, + &x509_data, &x509_data_length)) + << "Should be able to retrieve RSA public key 2 successfully"; +} + } |