Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_system_vold / 90c818d9eeca73513fc263a3900322d21b41cb6e^2..90c818d9eeca73513fc263a3900322d21b41cb6e / .
commit90c818d9eeca73513fc263a3900322d21b41cb6e[log] [tgz]
authorShawn Willden <swillden@google.com>Thu Aug 12 01:17:13 2021 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>Thu Aug 12 01:17:13 2021 +0000
tree851e88035f498cf4842469c387a35cc587ffbd6c
parent8f19fd90e3c9c1fcb3056129f356f875c95b839c [diff]
parent2bab97c36830a568083ab60767817ef037c5367d [diff]
Merge "Revert "Detect factory reset and deleteAllKeys"" into sc-dev
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 472e6b1..93c5c29 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp

@@ -379,7 +379,9 @@
                                     const km::AuthorizationSet& keyParams,
                                     const KeyBuffer& message, std::string* ciphertext) {
     km::AuthorizationSet opParams =
-            km::AuthorizationSetBuilder().Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
+            km::AuthorizationSetBuilder()
+                    .Authorization(km::TAG_ROLLBACK_RESISTANCE)
+                    .Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
     km::AuthorizationSet outParams;
     auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, &outParams);
     if (!opHandle) return false;
@@ -408,6 +410,7 @@
     auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES);
     auto opParams = km::AuthorizationSetBuilder()
                             .Authorization(km::TAG_NONCE, nonce)
+                            .Authorization(km::TAG_ROLLBACK_RESISTANCE)
                             .Authorization(km::TAG_PURPOSE, km::KeyPurpose::DECRYPT);
     auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, nullptr);
     if (!opHandle) return false;