diff options
| author | TreeHugger Robot <treehugger-gerrit@google.com> | 2021-08-11 22:59:40 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2021-08-11 22:59:40 +0000 |
| commit | 8f19fd90e3c9c1fcb3056129f356f875c95b839c (patch) | |
| tree | e8f33c2dd866ade9fbfd2240893bd4251a227ce8 | |
| parent | 0f74bd4811c506269c2139a40af1f66e75871cd8 (diff) | |
| parent | 2601eb7f8c241f9cf24510115e0a572819fd0514 (diff) | |
| download | vold-android12-dev.tar.gz | |
Merge "Add ROLLBACK_RESISTANCE tag to key usage" into sc-devandroid12-dev
| -rw-r--r-- | KeyStorage.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/KeyStorage.cpp b/KeyStorage.cpp index 472e6b1e..93c5c29c 100644 --- a/KeyStorage.cpp +++ b/KeyStorage.cpp @@ -379,7 +379,9 @@ static bool encryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir const km::AuthorizationSet& keyParams, const KeyBuffer& message, std::string* ciphertext) { km::AuthorizationSet opParams = - km::AuthorizationSetBuilder().Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT); + km::AuthorizationSetBuilder() + .Authorization(km::TAG_ROLLBACK_RESISTANCE) + .Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT); km::AuthorizationSet outParams; auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, &outParams); if (!opHandle) return false; @@ -408,6 +410,7 @@ static bool decryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES); auto opParams = km::AuthorizationSetBuilder() .Authorization(km::TAG_NONCE, nonce) + .Authorization(km::TAG_ROLLBACK_RESISTANCE) .Authorization(km::TAG_PURPOSE, km::KeyPurpose::DECRYPT); auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, nullptr); if (!opHandle) return false; |