Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_system_vold / 168af6afb18045d721fba0fb4cde7919cacf7470^2..168af6afb18045d721fba0fb4cde7919cacf7470 / .
commit168af6afb18045d721fba0fb4cde7919cacf7470[log] [tgz]
authorAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Thu Aug 12 00:00:10 2021 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Thu Aug 12 00:00:10 2021 +0000
tree3aeb8f8e227c527d632583fff1cadf78f932191f
parentbdd66d06dbbd73b47674282289ab72629ab9bbc8 [diff]
parent091b29d7968ef6d4daec81eb562bb3d76f51fe84 [diff]
Merge "[automerger skipped] Detect factory reset and deleteAllKeys am: 0f74bd4811 am: e00101c162 -s ours am: f54a94de16 -s ours" into sc-v2-dev-plus-aosp am: 091b29d796 -s ours

am skip reason: Merged-In I9c5c547140e8b1bbffb9c1d215f75251f0f1354e with SHA-1 0f74bd4811 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15517876

Change-Id: Ice0a18de8f6aedcf3c3dc881dd45f640d7b3d4fc

diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 6aab4bd..e84fe75 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp

@@ -383,7 +383,9 @@
                                    const km::AuthorizationSet& keyParams, const KeyBuffer& message,
                                    std::string* ciphertext) {
     km::AuthorizationSet opParams =
-            km::AuthorizationSetBuilder().Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
+            km::AuthorizationSetBuilder()
+                    .Authorization(km::TAG_ROLLBACK_RESISTANCE)
+                    .Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
     km::AuthorizationSet outParams;
     auto opHandle = BeginKeystoreOp(keystore, dir, keyParams, opParams, &outParams);
     if (!opHandle) return false;
@@ -412,6 +414,7 @@
     auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES);
     auto opParams = km::AuthorizationSetBuilder()
                             .Authorization(km::TAG_NONCE, nonce)
+                            .Authorization(km::TAG_ROLLBACK_RESISTANCE)
                             .Authorization(km::TAG_PURPOSE, km::KeyPurpose::DECRYPT);
     auto opHandle = BeginKeystoreOp(keystore, dir, keyParams, opParams, nullptr);
     if (!opHandle) return false;