Request rollback resistance for FBE keys.

Test: Manual
Bug: 119663806
Change-Id: I954f2c7bfe65fbed88832432a89dacf3899498f2
This commit is contained in:
Shawn Willden 2018-12-06 07:45:02 -07:00
parent b2455747a9
commit 8431fe24cb

View file

@ -123,7 +123,13 @@ static bool generateKeymasterKey(Keymaster& keymaster, const KeyAuthentication&
paramBuilder.Authorization(km::TAG_USER_AUTH_TYPE, km::HardwareAuthenticatorType::PASSWORD);
paramBuilder.Authorization(km::TAG_AUTH_TIMEOUT, AUTH_TIMEOUT);
}
return keymaster.generateKey(paramBuilder, key);
auto paramsWithRollback = paramBuilder;
paramsWithRollback.Authorization(km::TAG_ROLLBACK_RESISTANCE);
// Generate rollback-resistant key if possible.
return keymaster.generateKey(paramsWithRollback, key) ||
keymaster.generateKey(paramBuilder, key);
}
static std::pair<km::AuthorizationSet, km::HardwareAuthToken> beginParams(