Request rollback resistance for FBE keys. Test: Manual Bug: 119663806 Change-Id: I954f2c7bfe65fbed88832432a89dacf3899498f2

commit: 8431fe24cb627c5d5df08eea646cdee4838826ba [log] [tgz]
author: Shawn Willden <swillden@google.com> Thu Dec 06 07:45:02 2018 -0700
committer: Shawn Willden <swillden@google.com> Thu Dec 06 07:45:02 2018 -0700
tree: 0ed4f7b12fc15480546e9002568ff495acbed5ad
parent: b2455747a92957d109a050b8f3e394d87d085086 [diff]
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 035c7b7..7e0a66f 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp

@@ -123,7 +123,13 @@
         paramBuilder.Authorization(km::TAG_USER_AUTH_TYPE, km::HardwareAuthenticatorType::PASSWORD);
         paramBuilder.Authorization(km::TAG_AUTH_TIMEOUT, AUTH_TIMEOUT);
     }
-    return keymaster.generateKey(paramBuilder, key);
+
+    auto paramsWithRollback = paramBuilder;
+    paramsWithRollback.Authorization(km::TAG_ROLLBACK_RESISTANCE);
+
+    // Generate rollback-resistant key if possible.
+    return keymaster.generateKey(paramsWithRollback, key) ||
+           keymaster.generateKey(paramBuilder, key);
 }
 
 static std::pair<km::AuthorizationSet, km::HardwareAuthToken> beginParams(
commit	8431fe24cb627c5d5df08eea646cdee4838826ba	[log] [tgz]
author	Shawn Willden <swillden@google.com>	Thu Dec 06 07:45:02 2018 -0700
committer	Shawn Willden <swillden@google.com>	Thu Dec 06 07:45:02 2018 -0700
tree	0ed4f7b12fc15480546e9002568ff495acbed5ad
parent	b2455747a92957d109a050b8f3e394d87d085086 [diff]