Merge "Request rollback resistance for FBE keys."

This commit is contained in:
Treehugger Robot 2019-09-12 15:20:45 +00:00 committed by Gerrit Code Review
commit aae52f4816

View file

@ -126,7 +126,13 @@ static bool generateKeymasterKey(Keymaster& keymaster, const KeyAuthentication&
paramBuilder.Authorization(km::TAG_USER_AUTH_TYPE, km::HardwareAuthenticatorType::PASSWORD); paramBuilder.Authorization(km::TAG_USER_AUTH_TYPE, km::HardwareAuthenticatorType::PASSWORD);
paramBuilder.Authorization(km::TAG_AUTH_TIMEOUT, AUTH_TIMEOUT); paramBuilder.Authorization(km::TAG_AUTH_TIMEOUT, AUTH_TIMEOUT);
} }
return keymaster.generateKey(paramBuilder, key);
auto paramsWithRollback = paramBuilder;
paramsWithRollback.Authorization(km::TAG_ROLLBACK_RESISTANCE);
// Generate rollback-resistant key if possible.
return keymaster.generateKey(paramsWithRollback, key) ||
keymaster.generateKey(paramBuilder, key);
} }
static std::pair<km::AuthorizationSet, km::HardwareAuthToken> beginParams( static std::pair<km::AuthorizationSet, km::HardwareAuthToken> beginParams(