Merge "Request rollback resistance for FBE keys."

commit: aae52f4816097b23f1ab0455bc598e246dde460f [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Thu Sep 12 15:20:45 2019 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Sep 12 15:20:45 2019 +0000
tree: 5286274611144f47ee3fe0058fb9379cdcba0b98
parent: 88a19b6fe18c45bb7d087ad3a897fd4665e9e627 [diff]
parent: 8431fe24cb627c5d5df08eea646cdee4838826ba [diff]
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 271a220..d5ac7d0 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp

@@ -126,7 +126,13 @@
         paramBuilder.Authorization(km::TAG_USER_AUTH_TYPE, km::HardwareAuthenticatorType::PASSWORD);
         paramBuilder.Authorization(km::TAG_AUTH_TIMEOUT, AUTH_TIMEOUT);
     }
-    return keymaster.generateKey(paramBuilder, key);
+
+    auto paramsWithRollback = paramBuilder;
+    paramsWithRollback.Authorization(km::TAG_ROLLBACK_RESISTANCE);
+
+    // Generate rollback-resistant key if possible.
+    return keymaster.generateKey(paramsWithRollback, key) ||
+           keymaster.generateKey(paramBuilder, key);
 }
 
 static std::pair<km::AuthorizationSet, km::HardwareAuthToken> beginParams(
commit	aae52f4816097b23f1ab0455bc598e246dde460f	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Thu Sep 12 15:20:45 2019 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Sep 12 15:20:45 2019 +0000
tree	5286274611144f47ee3fe0058fb9379cdcba0b98
parent	88a19b6fe18c45bb7d087ad3a897fd4665e9e627 [diff]
parent	8431fe24cb627c5d5df08eea646cdee4838826ba [diff]