tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Add ROLLBACK_RESISTANCE tag to key usage" into sc-dev

Browse source
This commit is contained in:
TreeHugger Robot 2021-08-11 22:59:40 +00:00 committed by Android (Google) Code Review
commit 8f19fd90e3
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
KeyStorage.cpp
View file

@ -379,7 +379,9 @@ static bool encryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir
const km::AuthorizationSet& keyParams, const km::AuthorizationSet& keyParams,
const KeyBuffer& message, std::string* ciphertext) { const KeyBuffer& message, std::string* ciphertext) {
km::AuthorizationSet opParams = km::AuthorizationSet opParams =
km::AuthorizationSetBuilder().Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT); km::AuthorizationSetBuilder()
.Authorization(km::TAG_ROLLBACK_RESISTANCE)
.Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
km::AuthorizationSet outParams; km::AuthorizationSet outParams;
auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, &outParams); auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, &outParams);
if (!opHandle) return false; if (!opHandle) return false;
@ -408,6 +410,7 @@ static bool decryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir
auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES); auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES);
auto opParams = km::AuthorizationSetBuilder() auto opParams = km::AuthorizationSetBuilder()
.Authorization(km::TAG_NONCE, nonce) .Authorization(km::TAG_NONCE, nonce)
.Authorization(km::TAG_ROLLBACK_RESISTANCE)
.Authorization(km::TAG_PURPOSE, km::KeyPurpose::DECRYPT); .Authorization(km::TAG_PURPOSE, km::KeyPurpose::DECRYPT);
auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, nullptr); auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, nullptr);
if (!opHandle) return false; if (!opHandle) return false;