diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp index a868c966e6..c25c9ac710 100644 --- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp +++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp @@ -120,6 +120,7 @@ TEST_P(AttestKeyTest, AllRsaSizes) { .SetDefaultValidity(), {} /* attestation signing key */, &attest_key.keyBlob, &attest_key_characteristics, &attest_key_cert_chain)); + KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob); ASSERT_GT(attest_key_cert_chain.size(), 0); EXPECT_EQ(attest_key_cert_chain.size(), 1); @@ -141,8 +142,7 @@ TEST_P(AttestKeyTest, AllRsaSizes) { .SetDefaultValidity(), attest_key, &attested_key_blob, &attested_key_characteristics, &attested_key_cert_chain)); - - CheckedDeleteKey(&attested_key_blob); + KeyBlobDeleter attested_deleter(keymint_, attested_key_blob); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); @@ -174,8 +174,7 @@ TEST_P(AttestKeyTest, AllRsaSizes) { .SetDefaultValidity(), attest_key, &attested_key_blob, &attested_key_characteristics, &attested_key_cert_chain)); - - CheckedDeleteKey(&attested_key_blob); + KeyBlobDeleter attested_deleter2(keymint_, attested_key_blob); hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); @@ -207,6 +206,7 @@ TEST_P(AttestKeyTest, AllRsaSizes) { .SetDefaultValidity(), attest_key, &attested_key_blob, &attested_key_characteristics, &attested_key_cert_chain)); + KeyBlobDeleter attested_deleter3(keymint_, attested_key_blob); // The returned key characteristics will include CREATION_DATETIME (checked below) // in SecurityLevel::KEYSTORE; this will be stripped out in the CheckCharacteristics() @@ -214,9 +214,6 @@ TEST_P(AttestKeyTest, AllRsaSizes) { // any SecurityLevel::KEYSTORE characteristics). CheckCharacteristics(attested_key_blob, attested_key_characteristics); - CheckedDeleteKey(&attested_key_blob); - CheckedDeleteKey(&attest_key.keyBlob); - hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); @@ -308,6 +305,7 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) { if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return; } ASSERT_EQ(ErrorCode::OK, result); + KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob); EXPECT_GT(attest_key_cert_chain.size(), 1); verify_subject_and_serial(attest_key_cert_chain[0], serial_int, subject, false); @@ -344,9 +342,7 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) { .SetDefaultValidity(), attest_key, &attested_key_blob, &attested_key_characteristics, &attested_key_cert_chain)); - - CheckedDeleteKey(&attested_key_blob); - CheckedDeleteKey(&attest_key.keyBlob); + KeyBlobDeleter attested_deleter(keymint_, attested_key_blob); AuthorizationSet hw_enforced2 = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced2 = SwEnforcedAuthorizations(attested_key_characteristics); @@ -376,6 +372,7 @@ TEST_P(AttestKeyTest, RsaAttestKeyChaining) { const int chain_size = 6; vector> key_blob_list(chain_size); vector> cert_chain_list(chain_size); + vector deleters; for (int i = 0; i < chain_size; i++) { string sub = "attest key chaining "; @@ -412,6 +409,7 @@ TEST_P(AttestKeyTest, RsaAttestKeyChaining) { if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return; } ASSERT_EQ(ErrorCode::OK, result); + deleters.push_back(KeyBlobDeleter(keymint_, key_blob_list[i])); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); @@ -437,10 +435,6 @@ TEST_P(AttestKeyTest, RsaAttestKeyChaining) { EXPECT_GT(cert_chain_list[i].size(), i + 1); verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false); } - - for (int i = 0; i < chain_size; i++) { - CheckedDeleteKey(&key_blob_list[i]); - } } /* @@ -453,6 +447,7 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) { const int chain_size = 6; vector> key_blob_list(chain_size); vector> cert_chain_list(chain_size); + vector deleters; for (int i = 0; i < chain_size; i++) { string sub = "Ec attest key chaining "; @@ -489,6 +484,7 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) { if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return; } ASSERT_EQ(ErrorCode::OK, result); + deleters.push_back(KeyBlobDeleter(keymint_, key_blob_list[i])); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); @@ -514,10 +510,6 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) { EXPECT_GT(cert_chain_list[i].size(), i + 1); verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false); } - - for (int i = 0; i < chain_size; i++) { - CheckedDeleteKey(&key_blob_list[i]); - } } /* @@ -557,6 +549,7 @@ TEST_P(AttestKeyTest, AlternateAttestKeyChaining) { const int chain_size = 6; vector> key_blob_list(chain_size); vector> cert_chain_list(chain_size); + vector deleters; for (int i = 0; i < chain_size; i++) { string sub = "Alt attest key chaining "; @@ -607,6 +600,7 @@ TEST_P(AttestKeyTest, AlternateAttestKeyChaining) { if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return; } ASSERT_EQ(ErrorCode::OK, result); + deleters.push_back(KeyBlobDeleter(keymint_, key_blob_list[i])); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); @@ -632,10 +626,6 @@ TEST_P(AttestKeyTest, AlternateAttestKeyChaining) { EXPECT_GT(cert_chain_list[i].size(), i + 1); verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false); } - - for (int i = 0; i < chain_size; i++) { - CheckedDeleteKey(&key_blob_list[i]); - } } TEST_P(AttestKeyTest, MissingChallenge) { @@ -653,6 +643,7 @@ TEST_P(AttestKeyTest, MissingChallenge) { .SetDefaultValidity(), {} /* attestation signing key */, &attest_key.keyBlob, &attest_key_characteristics, &attest_key_cert_chain)); + KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob); EXPECT_EQ(attest_key_cert_chain.size(), 1); EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size; @@ -681,8 +672,6 @@ TEST_P(AttestKeyTest, MissingChallenge) { .SetDefaultValidity(), attest_key, &attested_key_blob, &attested_key_characteristics, &attested_key_cert_chain)); - - CheckedDeleteKey(&attest_key.keyBlob); } } @@ -700,6 +689,7 @@ TEST_P(AttestKeyTest, AllEcCurves) { AuthorizationSetBuilder().EcdsaKey(curve).AttestKey().SetDefaultValidity(), {} /* attestation signing key */, &attest_key.keyBlob, &attest_key_characteristics, &attest_key_cert_chain)); + KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob); ASSERT_GT(attest_key_cert_chain.size(), 0); EXPECT_EQ(attest_key_cert_chain.size(), 1); @@ -721,9 +711,9 @@ TEST_P(AttestKeyTest, AllEcCurves) { .SetDefaultValidity(), attest_key, &attested_key_blob, &attested_key_characteristics, &attested_key_cert_chain)); + KeyBlobDeleter attested_deleter(keymint_, attested_key_blob); ASSERT_GT(attested_key_cert_chain.size(), 0); - CheckedDeleteKey(&attested_key_blob); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); @@ -752,10 +742,9 @@ TEST_P(AttestKeyTest, AllEcCurves) { .SetDefaultValidity(), attest_key, &attested_key_blob, &attested_key_characteristics, &attested_key_cert_chain)); + KeyBlobDeleter attested_deleter2(keymint_, attested_key_blob); ASSERT_GT(attested_key_cert_chain.size(), 0); - CheckedDeleteKey(&attested_key_blob); - CheckedDeleteKey(&attest_key.keyBlob); hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); @@ -825,6 +814,7 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) { .SetDefaultValidity(), {} /* attestation signing key */, &attest_key.keyBlob, &attest_key_characteristics, &attest_key_cert_chain)); + KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob); attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key"); ASSERT_GT(attest_key_cert_chain.size(), 0); EXPECT_EQ(attest_key_cert_chain.size(), 1); @@ -891,8 +881,7 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) { } ASSERT_EQ(result, ErrorCode::OK); - - CheckedDeleteKey(&attested_key_blob); + KeyBlobDeleter attested_deleter(keymint_, attested_key_blob); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); @@ -906,7 +895,6 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) { hw_enforced, SecLevel(), attested_key_cert_chain[0].encodedCertificate)); } - CheckedDeleteKey(&attest_key.keyBlob); } TEST_P(AttestKeyTest, EcdsaAttestationMismatchID) { @@ -921,6 +909,7 @@ TEST_P(AttestKeyTest, EcdsaAttestationMismatchID) { .SetDefaultValidity(), {} /* attestation signing key */, &attest_key.keyBlob, &attest_key_characteristics, &attest_key_cert_chain)); + KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob); attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key"); ASSERT_GT(attest_key_cert_chain.size(), 0); EXPECT_EQ(attest_key_cert_chain.size(), 1); @@ -966,7 +955,6 @@ TEST_P(AttestKeyTest, EcdsaAttestationMismatchID) { << "result = " << result; device_id_attestation_vsr_check(result); } - CheckedDeleteKey(&attest_key.keyBlob); } TEST_P(AttestKeyTest, SecondIMEIAttestationIDSuccess) { @@ -997,6 +985,7 @@ TEST_P(AttestKeyTest, SecondIMEIAttestationIDSuccess) { .SetDefaultValidity(), {} /* attestation signing key */, &attest_key.keyBlob, &attest_key_characteristics, &attest_key_cert_chain)); + KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob); attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key"); EXPECT_EQ(attest_key_cert_chain.size(), 1); EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)); @@ -1025,11 +1014,10 @@ TEST_P(AttestKeyTest, SecondIMEIAttestationIDSuccess) { } ASSERT_EQ(result, ErrorCode::OK); + KeyBlobDeleter attested_deleter(keymint_, attested_key_blob); device_id_attestation_vsr_check(result); - CheckedDeleteKey(&attested_key_blob); - AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); @@ -1043,8 +1031,6 @@ TEST_P(AttestKeyTest, SecondIMEIAttestationIDSuccess) { EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced, hw_enforced, SecLevel(), attested_key_cert_chain[0].encodedCertificate)); - - CheckedDeleteKey(&attest_key.keyBlob); } TEST_P(AttestKeyTest, MultipleIMEIAttestationIDSuccess) { @@ -1081,6 +1067,7 @@ TEST_P(AttestKeyTest, MultipleIMEIAttestationIDSuccess) { .SetDefaultValidity(), {} /* attestation signing key */, &attest_key.keyBlob, &attest_key_characteristics, &attest_key_cert_chain)); + KeyBlobDeleter attest_deleter(keymint_, attest_key.keyBlob); attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key"); EXPECT_EQ(attest_key_cert_chain.size(), 1); EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)); @@ -1106,11 +1093,10 @@ TEST_P(AttestKeyTest, MultipleIMEIAttestationIDSuccess) { } ASSERT_EQ(result, ErrorCode::OK); + KeyBlobDeleter attested_deleter(keymint_, attested_key_blob); device_id_attestation_vsr_check(result); - CheckedDeleteKey(&attested_key_blob); - AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); @@ -1127,8 +1113,6 @@ TEST_P(AttestKeyTest, MultipleIMEIAttestationIDSuccess) { EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced, hw_enforced, SecLevel(), attested_key_cert_chain[0].encodedCertificate)); - - CheckedDeleteKey(&attest_key.keyBlob); } INSTANTIATE_KEYMINT_AIDL_TEST(AttestKeyTest); diff --git a/security/keymint/aidl/vts/functional/KeyBlobUpgradeTest.cpp b/security/keymint/aidl/vts/functional/KeyBlobUpgradeTest.cpp index 4f72f67763..4830422f4d 100644 --- a/security/keymint/aidl/vts/functional/KeyBlobUpgradeTest.cpp +++ b/security/keymint/aidl/vts/functional/KeyBlobUpgradeTest.cpp @@ -560,7 +560,7 @@ TEST_P(KeyBlobUpgradeTest, UseKeyBlobsBeforeOrAfter) { .SetDefaultValidity(), attest_key, &attested_key_blob, &attested_key_characteristics, &attested_key_cert_chain)); - CheckedDeleteKey(&attested_key_blob); + KeyBlobDeleter(keymint_, attested_key_blob); } else { FAIL() << "Unexpected name: " << name; } diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index b55e609319..b2fd08eb60 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -176,6 +176,17 @@ bool KeyMintAidlTestBase::dump_Attestations = false; std::string KeyMintAidlTestBase::keyblob_dir; std::optional KeyMintAidlTestBase::expect_upgrade = std::nullopt; +KeyBlobDeleter::~KeyBlobDeleter() { + if (key_blob_.empty()) { + return; + } + Status result = keymint_->deleteKey(key_blob_); + key_blob_.clear(); + EXPECT_TRUE(result.isOk()) << result.getServiceSpecificError() << "\n"; + ErrorCode rc = GetReturnErrorCode(result); + EXPECT_TRUE(rc == ErrorCode::OK || rc == ErrorCode::UNIMPLEMENTED) << result << "\n"; +} + uint32_t KeyMintAidlTestBase::boot_patch_level( const vector& key_characteristics) { // The boot patchlevel is not available as a property, but should be present @@ -229,16 +240,6 @@ bool KeyMintAidlTestBase::Curve25519Supported() { return version >= 2; } -ErrorCode KeyMintAidlTestBase::GetReturnErrorCode(const Status& result) { - if (result.isOk()) return ErrorCode::OK; - - if (result.getExceptionCode() == EX_SERVICE_SPECIFIC) { - return static_cast(result.getServiceSpecificError()); - } - - return ErrorCode::UNKNOWN_ERROR; -} - void KeyMintAidlTestBase::InitializeKeyMint(std::shared_ptr keyMint) { ASSERT_NE(keyMint, nullptr); keymint_ = std::move(keyMint); @@ -513,13 +514,9 @@ ErrorCode KeyMintAidlTestBase::DestroyAttestationIds() { return GetReturnErrorCode(result); } -void KeyMintAidlTestBase::CheckedDeleteKey(vector* key_blob, bool keep_key_blob) { - ErrorCode result = DeleteKey(key_blob, keep_key_blob); - EXPECT_TRUE(result == ErrorCode::OK || result == ErrorCode::UNIMPLEMENTED) << result << endl; -} - void KeyMintAidlTestBase::CheckedDeleteKey() { - CheckedDeleteKey(&key_blob_); + ErrorCode result = DeleteKey(&key_blob_, /* keep_key_blob = */ false); + EXPECT_TRUE(result == ErrorCode::OK || result == ErrorCode::UNIMPLEMENTED) << result << endl; } ErrorCode KeyMintAidlTestBase::Begin(KeyPurpose purpose, const vector& key_blob, @@ -1986,6 +1983,16 @@ AssertionResult ChainSignaturesAreValid(const vector& chain, return AssertionSuccess(); } +ErrorCode GetReturnErrorCode(const Status& result) { + if (result.isOk()) return ErrorCode::OK; + + if (result.getExceptionCode() == EX_SERVICE_SPECIFIC) { + return static_cast(result.getServiceSpecificError()); + } + + return ErrorCode::UNKNOWN_ERROR; +} + X509_Ptr parse_cert_blob(const vector& blob) { const uint8_t* p = blob.data(); return X509_Ptr(d2i_X509(nullptr /* allocate new */, &p, blob.size())); diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h index 415a83e4e8..aa3069a0a6 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h @@ -57,6 +57,18 @@ constexpr uint64_t kOpHandleSentinel = 0xFFFFFFFFFFFFFFFF; const string FEATURE_KEYSTORE_APP_ATTEST_KEY = "android.hardware.keystore.app_attest_key"; const string FEATURE_STRONGBOX_KEYSTORE = "android.hardware.strongbox_keystore"; +// RAII class to ensure that a keyblob is deleted regardless of how a test exits. +class KeyBlobDeleter { + public: + KeyBlobDeleter(const shared_ptr& keymint, const vector& key_blob) + : keymint_(keymint), key_blob_(key_blob) {} + ~KeyBlobDeleter(); + + private: + shared_ptr keymint_; + vector key_blob_; +}; + class KeyMintAidlTestBase : public ::testing::TestWithParam { public: struct KeyData { @@ -94,8 +106,6 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam { bool Curve25519Supported(); - ErrorCode GetReturnErrorCode(const Status& result); - ErrorCode GenerateKey(const AuthorizationSet& key_desc, vector* key_blob, vector* key_characteristics) { return GenerateKey(key_desc, std::nullopt /* attest_key */, key_blob, key_characteristics, @@ -159,7 +169,6 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam { ErrorCode DestroyAttestationIds(); - void CheckedDeleteKey(vector* key_blob, bool keep_key_blob = false); void CheckedDeleteKey(); ErrorCode Begin(KeyPurpose purpose, const vector& key_blob, @@ -431,6 +440,8 @@ AuthorizationSet SwEnforcedAuthorizations(const vector& key_ ::testing::AssertionResult ChainSignaturesAreValid(const vector& chain, bool strict_issuer_check = true); +ErrorCode GetReturnErrorCode(const Status& result); + #define INSTANTIATE_KEYMINT_AIDL_TEST(name) \ INSTANTIATE_TEST_SUITE_P(PerInstance, name, \ testing::ValuesIn(KeyMintAidlTestBase::build_params()), \ diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp index c54a2c9d1f..c534a37367 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp @@ -693,6 +693,7 @@ TEST_P(NewKeyGenerationTest, Aes) { builder.Authorization(TAG_MIN_MAC_LENGTH, 128); } ASSERT_EQ(ErrorCode::OK, GenerateKey(builder, &key_blob, &key_characteristics)); + KeyBlobDeleter deleter(keymint_, key_blob); EXPECT_GT(key_blob.size(), 0U); CheckSymmetricParams(key_characteristics); @@ -703,8 +704,6 @@ TEST_P(NewKeyGenerationTest, Aes) { EXPECT_TRUE(crypto_params.Contains(TAG_ALGORITHM, Algorithm::AES)); EXPECT_TRUE(crypto_params.Contains(TAG_KEY_SIZE, key_size)) << "Key size " << key_size << "missing"; - - CheckedDeleteKey(&key_blob); } } } @@ -877,6 +876,7 @@ TEST_P(NewKeyGenerationTest, TripleDes) { .Authorization(TAG_NO_AUTH_REQUIRED) .SetDefaultValidity(), &key_blob, &key_characteristics)); + KeyBlobDeleter deleter(keymint_, key_blob); EXPECT_GT(key_blob.size(), 0U); CheckSymmetricParams(key_characteristics); @@ -887,8 +887,6 @@ TEST_P(NewKeyGenerationTest, TripleDes) { EXPECT_TRUE(crypto_params.Contains(TAG_ALGORITHM, Algorithm::TRIPLE_DES)); EXPECT_TRUE(crypto_params.Contains(TAG_KEY_SIZE, key_size)) << "Key size " << key_size << "missing"; - - CheckedDeleteKey(&key_blob); } } } @@ -924,6 +922,7 @@ TEST_P(NewKeyGenerationTest, TripleDesWithAttestation) { .AttestationApplicationId(app_id) .SetDefaultValidity(), &key_blob, &key_characteristics)); + KeyBlobDeleter deleter(keymint_, key_blob); EXPECT_GT(key_blob.size(), 0U); CheckSymmetricParams(key_characteristics); @@ -934,8 +933,6 @@ TEST_P(NewKeyGenerationTest, TripleDesWithAttestation) { EXPECT_TRUE(crypto_params.Contains(TAG_ALGORITHM, Algorithm::TRIPLE_DES)); EXPECT_TRUE(crypto_params.Contains(TAG_KEY_SIZE, key_size)) << "Key size " << key_size << "missing"; - - CheckedDeleteKey(&key_blob); } } } @@ -1003,6 +1000,7 @@ TEST_P(NewKeyGenerationTest, Rsa) { .Padding(PaddingMode::NONE) .SetDefaultValidity(), &key_blob, &key_characteristics)); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); @@ -1014,8 +1012,6 @@ TEST_P(NewKeyGenerationTest, Rsa) { EXPECT_TRUE(crypto_params.Contains(TAG_KEY_SIZE, key_size)) << "Key size " << key_size << "missing"; EXPECT_TRUE(crypto_params.Contains(TAG_RSA_PUBLIC_EXPONENT, 65537U)); - - CheckedDeleteKey(&key_blob); } } @@ -1139,6 +1135,7 @@ TEST_P(NewKeyGenerationTest, RsaWithAttestation) { } } ASSERT_EQ(ErrorCode::OK, result); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); CheckCharacteristics(key_blob, key_characteristics); @@ -1159,8 +1156,6 @@ TEST_P(NewKeyGenerationTest, RsaWithAttestation) { EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, // sw_enforced, hw_enforced, SecLevel(), cert_chain_[0].encodedCertificate)); - - CheckedDeleteKey(&key_blob); } } @@ -1214,6 +1209,7 @@ TEST_P(NewKeyGenerationTest, RsaWithRkpAttestation) { .Authorization(TAG_NO_AUTH_REQUIRED) .SetDefaultValidity(), attestation_key, &key_blob, &key_characteristics, &cert_chain_)); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); @@ -1240,8 +1236,6 @@ TEST_P(NewKeyGenerationTest, RsaWithRkpAttestation) { ASSERT_TRUE(X509_verify(key_cert.get(), signing_pubkey.get())) << "Verification of attested certificate failed " << "OpenSSL error string: " << ERR_error_string(ERR_get_error(), NULL); - - CheckedDeleteKey(&key_blob); } } @@ -1294,6 +1288,7 @@ TEST_P(NewKeyGenerationTest, EcdsaWithRkpAttestation) { .Authorization(TAG_NO_AUTH_REQUIRED) .SetDefaultValidity(), attestation_key, &key_blob, &key_characteristics, &cert_chain_)); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); @@ -1318,8 +1313,6 @@ TEST_P(NewKeyGenerationTest, EcdsaWithRkpAttestation) { ASSERT_TRUE(X509_verify(key_cert.get(), signing_pubkey.get())) << "Verification of attested certificate failed " << "OpenSSL error string: " << ERR_error_string(ERR_get_error(), NULL); - - CheckedDeleteKey(&key_blob); } } @@ -1365,6 +1358,7 @@ TEST_P(NewKeyGenerationTest, RsaEncryptionWithAttestation) { } } ASSERT_EQ(ErrorCode::OK, result); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); AuthorizationSet auths; @@ -1405,8 +1399,6 @@ TEST_P(NewKeyGenerationTest, RsaEncryptionWithAttestation) { EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, // sw_enforced, hw_enforced, SecLevel(), cert_chain_[0].encodedCertificate)); - - CheckedDeleteKey(&key_blob); } /* @@ -1437,6 +1429,7 @@ TEST_P(NewKeyGenerationTest, RsaWithSelfSign) { .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) .SetDefaultValidity(), &key_blob, &key_characteristics)); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); @@ -1452,8 +1445,6 @@ TEST_P(NewKeyGenerationTest, RsaWithSelfSign) { ASSERT_EQ(cert_chain_.size(), 1); verify_subject_and_serial(cert_chain_[0], serial_int, subject, false); EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_)); - - CheckedDeleteKey(&key_blob); } } @@ -1518,6 +1509,7 @@ TEST_P(NewKeyGenerationTest, RsaWithAttestationAppIdIgnored) { .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) .SetDefaultValidity(), &key_blob, &key_characteristics)); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); @@ -1534,8 +1526,6 @@ TEST_P(NewKeyGenerationTest, RsaWithAttestationAppIdIgnored) { verify_subject_and_serial(cert_chain_[0], serial_int, subject, false); EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_)); ASSERT_EQ(cert_chain_.size(), 1); - - CheckedDeleteKey(&key_blob); } /* @@ -1556,6 +1546,7 @@ TEST_P(NewKeyGenerationTest, LimitedUsageRsa) { .Authorization(TAG_USAGE_COUNT_LIMIT, 1) .SetDefaultValidity(), &key_blob, &key_characteristics)); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); @@ -1575,8 +1566,6 @@ TEST_P(NewKeyGenerationTest, LimitedUsageRsa) { } EXPECT_TRUE(auths.Contains(TAG_USAGE_COUNT_LIMIT, 1U)) << "key usage count limit " << 1U << " missing"; - - CheckedDeleteKey(&key_blob); } } @@ -1625,6 +1614,7 @@ TEST_P(NewKeyGenerationTest, LimitedUsageRsaWithAttestation) { } } ASSERT_EQ(ErrorCode::OK, result); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); @@ -1655,8 +1645,6 @@ TEST_P(NewKeyGenerationTest, LimitedUsageRsaWithAttestation) { EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, // sw_enforced, hw_enforced, SecLevel(), cert_chain_[0].encodedCertificate)); - - CheckedDeleteKey(&key_blob); } } @@ -1726,6 +1714,7 @@ TEST_P(NewKeyGenerationTest, Ecdsa) { .Digest(Digest::NONE) .SetDefaultValidity(), &key_blob, &key_characteristics)); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); CheckCharacteristics(key_blob, key_characteristics); @@ -1734,8 +1723,6 @@ TEST_P(NewKeyGenerationTest, Ecdsa) { EXPECT_TRUE(crypto_params.Contains(TAG_ALGORITHM, Algorithm::EC)); EXPECT_TRUE(crypto_params.Contains(TAG_EC_CURVE, curve)) << "Curve " << curve << "missing"; - - CheckedDeleteKey(&key_blob); } } @@ -1759,6 +1746,8 @@ TEST_P(NewKeyGenerationTest, EcdsaCurve25519) { .SetDefaultValidity(), &key_blob, &key_characteristics); ASSERT_EQ(result, ErrorCode::OK); + KeyBlobDeleter deleter(keymint_, key_blob); + ASSERT_GT(key_blob.size(), 0U); EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_)); @@ -1771,8 +1760,6 @@ TEST_P(NewKeyGenerationTest, EcdsaCurve25519) { EXPECT_TRUE(crypto_params.Contains(TAG_ALGORITHM, Algorithm::EC)); EXPECT_TRUE(crypto_params.Contains(TAG_EC_CURVE, curve)) << "Curve " << curve << "missing"; - - CheckedDeleteKey(&key_blob); } /* @@ -1879,6 +1866,7 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestation) { } } ASSERT_EQ(ErrorCode::OK, result); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); CheckCharacteristics(key_blob, key_characteristics); @@ -1897,8 +1885,6 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestation) { EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, // sw_enforced, hw_enforced, SecLevel(), cert_chain_[0].encodedCertificate)); - - CheckedDeleteKey(&key_blob); } } @@ -1936,6 +1922,7 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationCurve25519) { .SetDefaultValidity(), &key_blob, &key_characteristics); ASSERT_EQ(ErrorCode::OK, result); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); CheckCharacteristics(key_blob, key_characteristics); @@ -1954,8 +1941,6 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationCurve25519) { EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, // sw_enforced, hw_enforced, SecLevel(), cert_chain_[0].encodedCertificate)); - - CheckedDeleteKey(&key_blob); } /* @@ -2024,6 +2009,7 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) { } } ASSERT_EQ(result, ErrorCode::OK); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_)); @@ -2043,8 +2029,6 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) { EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, sw_enforced, hw_enforced, SecLevel(), cert_chain_[0].encodedCertificate)); - - CheckedDeleteKey(&key_blob); } // Collection of invalid attestation ID tags. @@ -2170,6 +2154,7 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) { continue; } ASSERT_EQ(result, ErrorCode::OK); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_)); @@ -2189,8 +2174,6 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) { EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, sw_enforced, hw_enforced, SecLevel(), cert_chain_[0].encodedCertificate)); - - CheckedDeleteKey(&key_blob); } } @@ -2345,6 +2328,7 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTagNoApplicationId) { } } ASSERT_EQ(result, ErrorCode::OK); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_)); @@ -2364,8 +2348,6 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTagNoApplicationId) { ASSERT_EQ(std::search(cert_chain_[0].encodedCertificate.begin(), cert_chain_[0].encodedCertificate.end(), needle.begin(), needle.end()), cert_chain_[0].encodedCertificate.end()); - - CheckedDeleteKey(&key_blob); } /* @@ -2393,6 +2375,7 @@ TEST_P(NewKeyGenerationTest, EcdsaSelfSignAttestation) { .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) .SetDefaultValidity(), &key_blob, &key_characteristics)); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); CheckCharacteristics(key_blob, key_characteristics); @@ -2408,8 +2391,6 @@ TEST_P(NewKeyGenerationTest, EcdsaSelfSignAttestation) { AuthorizationSet hw_enforced = HwEnforcedAuthorizations(key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics); - - CheckedDeleteKey(&key_blob); } } @@ -2463,6 +2444,7 @@ TEST_P(NewKeyGenerationTest, EcdsaIgnoreAppId) { .AttestationApplicationId(app_id) .SetDefaultValidity(), &key_blob, &key_characteristics)); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); @@ -2478,8 +2460,6 @@ TEST_P(NewKeyGenerationTest, EcdsaIgnoreAppId) { AuthorizationSet hw_enforced = HwEnforcedAuthorizations(key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics); - - CheckedDeleteKey(&key_blob); } } @@ -2521,6 +2501,7 @@ TEST_P(NewKeyGenerationTest, AttestationApplicationIDLengthProperlyEncoded) { } } ASSERT_EQ(ErrorCode::OK, result); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); CheckCharacteristics(key_blob, key_characteristics); @@ -2538,8 +2519,6 @@ TEST_P(NewKeyGenerationTest, AttestationApplicationIDLengthProperlyEncoded) { EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, // sw_enforced, hw_enforced, SecLevel(), cert_chain_[0].encodedCertificate)); - - CheckedDeleteKey(&key_blob); } } @@ -2560,6 +2539,7 @@ TEST_P(NewKeyGenerationTest, LimitedUsageEcdsa) { .Authorization(TAG_USAGE_COUNT_LIMIT, 1) .SetDefaultValidity(), &key_blob, &key_characteristics)); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); @@ -2577,8 +2557,6 @@ TEST_P(NewKeyGenerationTest, LimitedUsageEcdsa) { } EXPECT_TRUE(auths.Contains(TAG_USAGE_COUNT_LIMIT, 1U)) << "key usage count limit " << 1U << " missing"; - - CheckedDeleteKey(&key_blob); } } @@ -2710,6 +2688,7 @@ TEST_P(NewKeyGenerationTest, Hmac) { AuthorizationSetBuilder().HmacKey(key_size).Digest(digest).Authorization( TAG_MIN_MAC_LENGTH, 128), &key_blob, &key_characteristics)); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); @@ -2719,8 +2698,6 @@ TEST_P(NewKeyGenerationTest, Hmac) { EXPECT_TRUE(crypto_params.Contains(TAG_ALGORITHM, Algorithm::HMAC)); EXPECT_TRUE(crypto_params.Contains(TAG_KEY_SIZE, key_size)) << "Key size " << key_size << "missing"; - - CheckedDeleteKey(&key_blob); } } @@ -2746,6 +2723,7 @@ TEST_P(NewKeyGenerationTest, HmacNoAttestation) { .AttestationApplicationId(app_id) .Authorization(TAG_MIN_MAC_LENGTH, 128), &key_blob, &key_characteristics)); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); ASSERT_EQ(cert_chain_.size(), 0); @@ -2756,8 +2734,6 @@ TEST_P(NewKeyGenerationTest, HmacNoAttestation) { EXPECT_TRUE(crypto_params.Contains(TAG_ALGORITHM, Algorithm::HMAC)); EXPECT_TRUE(crypto_params.Contains(TAG_KEY_SIZE, key_size)) << "Key size " << key_size << "missing"; - - CheckedDeleteKey(&key_blob); } } @@ -2779,6 +2755,7 @@ TEST_P(NewKeyGenerationTest, LimitedUsageHmac) { .Authorization(TAG_MIN_MAC_LENGTH, 128) .Authorization(TAG_USAGE_COUNT_LIMIT, 1), &key_blob, &key_characteristics)); + KeyBlobDeleter deleter(keymint_, key_blob); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); @@ -2796,8 +2773,6 @@ TEST_P(NewKeyGenerationTest, LimitedUsageHmac) { } EXPECT_TRUE(auths.Contains(TAG_USAGE_COUNT_LIMIT, 1U)) << "key usage count limit " << 1U << " missing"; - - CheckedDeleteKey(&key_blob); } } @@ -3891,6 +3866,7 @@ TEST_P(VerificationOperationsTest, HmacSigningKeyCannotVerify) { .Digest(Digest::SHA_2_256) .Authorization(TAG_MIN_MAC_LENGTH, 160), KeyFormat::RAW, key_material, &signing_key, &signing_key_chars)); + KeyBlobDeleter sign_deleter(keymint_, signing_key); EXPECT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) @@ -3899,6 +3875,7 @@ TEST_P(VerificationOperationsTest, HmacSigningKeyCannotVerify) { .Digest(Digest::SHA_2_256) .Authorization(TAG_MIN_MAC_LENGTH, 160), KeyFormat::RAW, key_material, &verification_key, &verification_key_chars)); + KeyBlobDeleter verify_deleter(keymint_, verification_key); string message = "This is a message."; string signature = SignMessage( @@ -3914,9 +3891,6 @@ TEST_P(VerificationOperationsTest, HmacSigningKeyCannotVerify) { // Verification key should work. VerifyMessage(verification_key, message, signature, AuthorizationSetBuilder().Digest(Digest::SHA_2_256)); - - CheckedDeleteKey(&signing_key); - CheckedDeleteKey(&verification_key); } /* @@ -3937,6 +3911,7 @@ TEST_P(VerificationOperationsTest, HmacVerificationFailsForCorruptSignature) { .Digest(Digest::SHA_2_256) .Authorization(TAG_MIN_MAC_LENGTH, 160), KeyFormat::RAW, key_material, &signing_key, &signing_key_chars)); + KeyBlobDeleter sign_deleter(keymint_, signing_key); EXPECT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) @@ -3945,6 +3920,7 @@ TEST_P(VerificationOperationsTest, HmacVerificationFailsForCorruptSignature) { .Digest(Digest::SHA_2_256) .Authorization(TAG_MIN_MAC_LENGTH, 160), KeyFormat::RAW, key_material, &verification_key, &verification_key_chars)); + KeyBlobDeleter verify_deleter(keymint_, verification_key); string message = "This is a message."; string signature = SignMessage( @@ -3966,9 +3942,6 @@ TEST_P(VerificationOperationsTest, HmacVerificationFailsForCorruptSignature) { signature[0] += 1; // Corrupt a signature EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(message, signature, &output)); - - CheckedDeleteKey(&signing_key); - CheckedDeleteKey(&verification_key); } INSTANTIATE_KEYMINT_AIDL_TEST(VerificationOperationsTest); @@ -8497,16 +8470,16 @@ TEST_P(EarlyBootKeyTest, CreateEarlyBootKeys) { // Early boot keys can be created after early boot. auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] = CreateTestKeys(TAG_EARLY_BOOT_ONLY, ErrorCode::OK); + KeyBlobDeleter aes_deleter(keymint_, aesKeyData.blob); + KeyBlobDeleter hmac_deleter(keymint_, hmacKeyData.blob); + KeyBlobDeleter rsa_deleter(keymint_, rsaKeyData.blob); + KeyBlobDeleter ecdsa_deleter(keymint_, ecdsaKeyData.blob); for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) { ASSERT_GT(keyData.blob.size(), 0U); AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics); EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params; } - CheckedDeleteKey(&aesKeyData.blob); - CheckedDeleteKey(&hmacKeyData.blob); - CheckedDeleteKey(&rsaKeyData.blob); - CheckedDeleteKey(&ecdsaKeyData.blob); } /* @@ -8520,6 +8493,10 @@ TEST_P(EarlyBootKeyTest, CreateAttestedEarlyBootKey) { builder->AttestationChallenge("challenge"); builder->AttestationApplicationId("app_id"); }); + KeyBlobDeleter aes_deleter(keymint_, aesKeyData.blob); + KeyBlobDeleter hmac_deleter(keymint_, hmacKeyData.blob); + KeyBlobDeleter rsa_deleter(keymint_, rsaKeyData.blob); + KeyBlobDeleter ecdsa_deleter(keymint_, ecdsaKeyData.blob); for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) { // Strongbox may not support factory attestation. Key creation might fail with @@ -8531,14 +8508,6 @@ TEST_P(EarlyBootKeyTest, CreateAttestedEarlyBootKey) { AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics); EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params; } - CheckedDeleteKey(&aesKeyData.blob); - CheckedDeleteKey(&hmacKeyData.blob); - if (rsaKeyData.blob.size() != 0U) { - CheckedDeleteKey(&rsaKeyData.blob); - } - if (ecdsaKeyData.blob.size() != 0U) { - CheckedDeleteKey(&ecdsaKeyData.blob); - } } /* @@ -8583,6 +8552,11 @@ TEST_P(EarlyBootKeyTest, ImportEarlyBootKeyFailure) { TEST_P(EarlyBootKeyTest, DISABLED_FullTest) { auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] = CreateTestKeys(TAG_EARLY_BOOT_ONLY, ErrorCode::OK); + KeyBlobDeleter aes_deleter(keymint_, aesKeyData.blob); + KeyBlobDeleter hmac_deleter(keymint_, hmacKeyData.blob); + KeyBlobDeleter rsa_deleter(keymint_, rsaKeyData.blob); + KeyBlobDeleter ecdsa_deleter(keymint_, ecdsaKeyData.blob); + // TAG_EARLY_BOOT_ONLY should be in hw-enforced. EXPECT_TRUE(HwEnforcedAuthorizations(aesKeyData.characteristics).Contains(TAG_EARLY_BOOT_ONLY)); EXPECT_TRUE( @@ -8607,19 +8581,13 @@ TEST_P(EarlyBootKeyTest, DISABLED_FullTest) { EXPECT_EQ(ErrorCode::EARLY_BOOT_ENDED, UseRsaKey(rsaKeyData.blob)); EXPECT_EQ(ErrorCode::EARLY_BOOT_ENDED, UseEcdsaKey(ecdsaKeyData.blob)); - CheckedDeleteKey(&aesKeyData.blob); - CheckedDeleteKey(&hmacKeyData.blob); - CheckedDeleteKey(&rsaKeyData.blob); - CheckedDeleteKey(&ecdsaKeyData.blob); - // Should not be able to create new keys - std::tie(aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData) = + auto [aesKeyData2, hmacKeyData2, rsaKeyData2, ecdsaKeyData2] = CreateTestKeys(TAG_EARLY_BOOT_ONLY, ErrorCode::EARLY_BOOT_ENDED); - - CheckedDeleteKey(&aesKeyData.blob); - CheckedDeleteKey(&hmacKeyData.blob); - CheckedDeleteKey(&rsaKeyData.blob); - CheckedDeleteKey(&ecdsaKeyData.blob); + KeyBlobDeleter aes_deleter2(keymint_, aesKeyData2.blob); + KeyBlobDeleter hmac_deleter2(keymint_, hmacKeyData2.blob); + KeyBlobDeleter rsa_deleter2(keymint_, rsaKeyData2.blob); + KeyBlobDeleter ecdsa_deleter2(keymint_, ecdsaKeyData2.blob); } INSTANTIATE_KEYMINT_AIDL_TEST(EarlyBootKeyTest); @@ -8637,6 +8605,10 @@ using UnlockedDeviceRequiredTest = KeyMintAidlTestBase; TEST_P(UnlockedDeviceRequiredTest, DISABLED_KeysBecomeUnusable) { auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] = CreateTestKeys(TAG_UNLOCKED_DEVICE_REQUIRED, ErrorCode::OK); + KeyBlobDeleter aes_deleter(keymint_, aesKeyData.blob); + KeyBlobDeleter hmac_deleter(keymint_, hmacKeyData.blob); + KeyBlobDeleter rsa_deleter(keymint_, rsaKeyData.blob); + KeyBlobDeleter ecdsa_deleter(keymint_, ecdsaKeyData.blob); EXPECT_EQ(ErrorCode::OK, UseAesKey(aesKeyData.blob)); EXPECT_EQ(ErrorCode::OK, UseHmacKey(hmacKeyData.blob)); @@ -8650,11 +8622,6 @@ TEST_P(UnlockedDeviceRequiredTest, DISABLED_KeysBecomeUnusable) { EXPECT_EQ(ErrorCode::DEVICE_LOCKED, UseHmacKey(hmacKeyData.blob)); EXPECT_EQ(ErrorCode::DEVICE_LOCKED, UseRsaKey(rsaKeyData.blob)); EXPECT_EQ(ErrorCode::DEVICE_LOCKED, UseEcdsaKey(ecdsaKeyData.blob)); - - CheckedDeleteKey(&aesKeyData.blob); - CheckedDeleteKey(&hmacKeyData.blob); - CheckedDeleteKey(&rsaKeyData.blob); - CheckedDeleteKey(&ecdsaKeyData.blob); } INSTANTIATE_KEYMINT_AIDL_TEST(UnlockedDeviceRequiredTest);