Merge "Add ROLLBACK_RESISTANCE tag to key usage" into sc-dev
This commit is contained in:
commit
8f19fd90e3
1 changed files with 4 additions and 1 deletions
|
@ -379,7 +379,9 @@ static bool encryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir
|
|||
const km::AuthorizationSet& keyParams,
|
||||
const KeyBuffer& message, std::string* ciphertext) {
|
||||
km::AuthorizationSet opParams =
|
||||
km::AuthorizationSetBuilder().Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
|
||||
km::AuthorizationSetBuilder()
|
||||
.Authorization(km::TAG_ROLLBACK_RESISTANCE)
|
||||
.Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
|
||||
km::AuthorizationSet outParams;
|
||||
auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, &outParams);
|
||||
if (!opHandle) return false;
|
||||
|
@ -408,6 +410,7 @@ static bool decryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir
|
|||
auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES);
|
||||
auto opParams = km::AuthorizationSetBuilder()
|
||||
.Authorization(km::TAG_NONCE, nonce)
|
||||
.Authorization(km::TAG_ROLLBACK_RESISTANCE)
|
||||
.Authorization(km::TAG_PURPOSE, km::KeyPurpose::DECRYPT);
|
||||
auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, nullptr);
|
||||
if (!opHandle) return false;
|
||||
|
|
Loading…
Reference in a new issue