From beb33a67e1b1298417690c6bb00170f8fed74881 Mon Sep 17 00:00:00 2001
From: Paul Crowley <paulcrowley@google.com>
Date: Thu, 7 Jul 2016 10:06:30 -0700
Subject: [PATCH] Run secdiscard on encrypted key and key blob too

Don't rely on cryptographic binding of secdiscard to key; securely
delete the other information needed to reconstruct the key too.

Bug: 26021231
Change-Id: If03d2c051b0ec2fdcb5c6f70bde7e3287424f216
---
 KeyStorage.cpp | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 5234c56..986f403 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -314,9 +314,13 @@ static bool deleteKey(const std::string& dir) {
     return true;
 }
 
-static bool secdiscardSecdiscardable(const std::string& dir) {
+static bool runSecdiscard(const std::string& dir) {
     if (ForkExecvp(
-            std::vector<std::string>{kSecdiscardPath, "--", dir + "/" + kFn_secdiscardable}) != 0) {
+            std::vector<std::string>{kSecdiscardPath, "--",
+                dir + "/" + kFn_encrypted_key,
+                dir + "/" + kFn_keymaster_key_blob,
+                dir + "/" + kFn_secdiscardable,
+                }) != 0) {
         LOG(ERROR) << "secdiscard failed";
         return false;
     }
@@ -335,7 +339,7 @@ bool destroyKey(const std::string& dir) {
     bool success = true;
     // Try each thing, even if previous things failed.
     success &= deleteKey(dir);
-    success &= secdiscardSecdiscardable(dir);
+    success &= runSecdiscard(dir);
     success &= recursiveDeleteKey(dir);
     return success;
 }