tequilaOS/platform_system_security
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix temporary key deletion after device ID attestation

Browse source 
After device ID attestation has been performed, the key used for it
should be deleted. Calling directly into the keymaster HAL for this
is wrong as it removes the key from keymaster but still leaves the
actual key matter around and the alias visible to KeyStore.

The key should be deleted using the KeyStore's delete method.

Bug: 37522655
Test: GTS DeviceIdAttestationHostTest

Change-Id: I10b27216642893d2a1cf8407f65eb4207bcde1f5
This commit is contained in:
Bartosz Fabianowski 2017-04-20 04:41:21 +02:00
parent 484779559c
commit a65ab425aa
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
keystore/key_store_service.cpp
View file

@ -1392,7 +1392,7 @@ KeyStoreServiceReturnCode KeyStoreService::attestKey(const String16& name,
if (attestingDeviceIds) {
// When performing device id attestation, treat the key as ephemeral and delete it straight
// away.
deletionRc = KS_HANDLE_HIDL_ERROR(dev->deleteKey(hidlKey));
deletionRc = del(name, callingUid);
}
if (!attestationRc.isOk()) {