commit 2a305d48a93f9d1a65e99ae96ac274be4adf8f4b
author Keith Mok <keithmok@google.com> Thu Sep 02 00:45:22 2021 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Sep 02 00:45:22 2021 +0000
tree 916549ca46bb7f036850cfe8f06d0cfa0c9eced5
parent 28f8d9e74e323ac188453a54e2e13d4164a37d73
parent 7586bba4872f6c80998ae712c9b0abc0eac9fed3

Merge "Set a property if seed binding is enabled." am: cc63a93fd6 am: d5f0a5751e am: 7586bba487

Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1816736

Change-Id: I31bf53fb43e6f6367a70cbcf51cccf8f82342a70

KeyStorage.cpp

diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 50bba56..ebaefa3 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -383,9 +383,7 @@
                                    const km::AuthorizationSet& keyParams, const KeyBuffer& message,
                                    std::string* ciphertext) {
     km::AuthorizationSet opParams =
-            km::AuthorizationSetBuilder()
-                    .Authorization(km::TAG_ROLLBACK_RESISTANCE)
-                    .Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
+            km::AuthorizationSetBuilder().Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
     km::AuthorizationSet outParams;
     auto opHandle = BeginKeystoreOp(keystore, dir, keyParams, opParams, &outParams);
     if (!opHandle) return false;
@@ -414,7 +412,6 @@
     auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES);
     auto opParams = km::AuthorizationSetBuilder()
                             .Authorization(km::TAG_NONCE, nonce)
-                            .Authorization(km::TAG_ROLLBACK_RESISTANCE)
                             .Authorization(km::TAG_PURPOSE, km::KeyPurpose::DECRYPT);
     auto opHandle = BeginKeystoreOp(keystore, dir, keyParams, opParams, nullptr);
     if (!opHandle) return false;