Merge "Fix handling of user password changes."
This commit is contained in:
Treehugger Robot
Gerrit Code Review
commit
946f1d11c0
3 changed files with 15 additions and 11 deletions
|
|
@ -37,6 +37,7 @@ constexpr size_t kAesKeySize = 128 / 8;
|
|||
constexpr size_t kGcmTagLength = 128 / 8;
|
||||
constexpr size_t kGcmIvLength = 96 / 8;
|
||||
constexpr size_t kAes128KeySizeBytes = 128 / 8;
|
||||
constexpr size_t kAes256KeySizeBytes = 256 / 8;
|
||||
|
||||
/* Here is the file format. There are two parts in blob.value, the secret and
|
||||
* the description. The secret is stored in ciphertext, and its original size
|
||||
|
|
|
|||
|
|
@ -140,10 +140,13 @@ ResponseCode UserState::copyMasterKeyFile(LockedUserState<UserState>* src) {
|
|||
}
|
||||
|
||||
ResponseCode UserState::writeMasterKey(const android::String8& pw) {
|
||||
std::vector<uint8_t> passwordKey(MASTER_KEY_SIZE_BYTES);
|
||||
std::vector<uint8_t> passwordKey(mMasterKey.size());
|
||||
generateKeyFromPassword(passwordKey, pw, mSalt);
|
||||
Blob masterKeyBlob(mMasterKey.data(), mMasterKey.size(), mSalt, sizeof(mSalt),
|
||||
TYPE_MASTER_KEY_AES256);
|
||||
auto blobType = TYPE_MASTER_KEY_AES256;
|
||||
if (mMasterKey.size() == kAes128KeySizeBytes) {
|
||||
blobType = TYPE_MASTER_KEY;
|
||||
}
|
||||
Blob masterKeyBlob(mMasterKey.data(), mMasterKey.size(), mSalt, sizeof(mSalt), blobType);
|
||||
auto lockedEntry = LockedKeyBlobEntry::get(mMasterKeyEntry);
|
||||
return lockedEntry.writeBlobs(masterKeyBlob, {}, passwordKey, STATE_NO_ERROR);
|
||||
}
|
||||
|
|
@ -174,7 +177,7 @@ ResponseCode UserState::readMasterKey(const android::String8& pw) {
|
|||
|
||||
size_t masterKeySize = MASTER_KEY_SIZE_BYTES;
|
||||
if (rawBlob.type == TYPE_MASTER_KEY) {
|
||||
masterKeySize = SHA1_DIGEST_SIZE_BYTES;
|
||||
masterKeySize = kAes128KeySizeBytes;
|
||||
}
|
||||
|
||||
std::vector<uint8_t> passwordKey(masterKeySize);
|
||||
|
|
@ -263,7 +266,7 @@ void UserState::generateKeyFromPassword(std::vector<uint8_t>& key, const android
|
|||
const EVP_MD* digest = EVP_sha256();
|
||||
|
||||
// SHA1 was used prior to increasing the key size
|
||||
if (key.size() == SHA1_DIGEST_SIZE_BYTES) {
|
||||
if (key.size() == kAes128KeySizeBytes) {
|
||||
digest = EVP_sha1();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -75,14 +75,14 @@ class UserState {
|
|||
bool operator<(uid_t userId) const;
|
||||
|
||||
private:
|
||||
static const int SHA1_DIGEST_SIZE_BYTES = 16;
|
||||
static const int SHA256_DIGEST_SIZE_BYTES = 32;
|
||||
static constexpr int SHA1_DIGEST_SIZE_BYTES = 16;
|
||||
static constexpr int SHA256_DIGEST_SIZE_BYTES = 32;
|
||||
|
||||
static const int MASTER_KEY_SIZE_BYTES = SHA256_DIGEST_SIZE_BYTES;
|
||||
static const int MASTER_KEY_SIZE_BITS = MASTER_KEY_SIZE_BYTES * 8;
|
||||
static constexpr int MASTER_KEY_SIZE_BYTES = kAes256KeySizeBytes;
|
||||
static constexpr int MASTER_KEY_SIZE_BITS = MASTER_KEY_SIZE_BYTES * 8;
|
||||
|
||||
static const int MAX_RETRY = 4;
|
||||
static const size_t SALT_SIZE = 16;
|
||||
static constexpr int MAX_RETRY = 4;
|
||||
static constexpr size_t SALT_SIZE = 16;
|
||||
|
||||
void generateKeyFromPassword(std::vector<uint8_t>& key, const android::String8& pw,
|
||||
uint8_t* salt);
|
||||
|
|
|
|||
Loading…
Reference in a new issue