Merge "Add ROLLBACK_RESISTANCE tag to key usage" into sc-dev

aosp-gr · Aug 11, 2021 · 8f19fd9 · 8f19fd9
2 parents 0f74bd4 + 2601eb7
commit 8f19fd9
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
@@ -379,7 +379,9 @@ static bool encryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir
                                     const km::AuthorizationSet& keyParams,
                                     const KeyBuffer& message, std::string* ciphertext) {
     km::AuthorizationSet opParams =
-            km::AuthorizationSetBuilder().Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
+            km::AuthorizationSetBuilder()
+                    .Authorization(km::TAG_ROLLBACK_RESISTANCE)
+                    .Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
     km::AuthorizationSet outParams;
     auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, &outParams);
     if (!opHandle) return false;
@@ -408,6 +410,7 @@ static bool decryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir
     auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES);
     auto opParams = km::AuthorizationSetBuilder()
                             .Authorization(km::TAG_NONCE, nonce)
+                            .Authorization(km::TAG_ROLLBACK_RESISTANCE)
                             .Authorization(km::TAG_PURPOSE, km::KeyPurpose::DECRYPT);
     auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, nullptr);
     if (!opHandle) return false;