Merge "Request rollback resistance for FBE keys."

5 years ago · aae52f4816
parent 88a19b6fe1 8431fe24cb
commit aae52f4816
1 changed files with 7 additions and 1 deletions
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@ -126,7 +126,13 @@ static bool generateKeymasterKey(Keymaster& keymaster, const KeyAuthentication&
        paramBuilder.Authorization(km::TAG_USER_AUTH_TYPE, km::HardwareAuthenticatorType::PASSWORD);
        paramBuilder.Authorization(km::TAG_AUTH_TIMEOUT, AUTH_TIMEOUT);
    }
-    return keymaster.generateKey(paramBuilder, key);
+
+    auto paramsWithRollback = paramBuilder;
+    paramsWithRollback.Authorization(km::TAG_ROLLBACK_RESISTANCE);
+
+    // Generate rollback-resistant key if possible.
+    return keymaster.generateKey(paramsWithRollback, key) ||
+           keymaster.generateKey(paramBuilder, key);
 }

 static std::pair<km::AuthorizationSet, km::HardwareAuthToken> beginParams(