Merge "Add ROLLBACK_RESISTANCE tag to key usage" into sc-dev am: 8f19fd90e3
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15534270
Change-Id: Ieaa3ce08c20df998a8141c77a7f771e40e1c6d0a
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 6aab4bd..e84fe75 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -383,7 +383,9 @@
const km::AuthorizationSet& keyParams, const KeyBuffer& message,
std::string* ciphertext) {
km::AuthorizationSet opParams =
- km::AuthorizationSetBuilder().Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
+ km::AuthorizationSetBuilder()
+ .Authorization(km::TAG_ROLLBACK_RESISTANCE)
+ .Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
km::AuthorizationSet outParams;
auto opHandle = BeginKeystoreOp(keystore, dir, keyParams, opParams, &outParams);
if (!opHandle) return false;
@@ -412,6 +414,7 @@
auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES);
auto opParams = km::AuthorizationSetBuilder()
.Authorization(km::TAG_NONCE, nonce)
+ .Authorization(km::TAG_ROLLBACK_RESISTANCE)
.Authorization(km::TAG_PURPOSE, km::KeyPurpose::DECRYPT);
auto opHandle = BeginKeystoreOp(keystore, dir, keyParams, opParams, nullptr);
if (!opHandle) return false;