Commit graph

9 commits

Author SHA1 Message Date
Pavel Grafov
e2e2d308df Zero memory used for encryuption keys.
std::vector with custom zeroing allocator is used instead of
std::string for data that can contain encryption keys.

Bug: 64201177
Test: manually created a managed profile, changed it's credentials
Test: manually upgraded a phone with profile from O to MR1.
Change-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd
2017-08-10 17:31:03 +01:00
Rubin Xu
2436e27717 Add secdiscard command for secure deletion of files
This is used by LockSettingsService to delete sensitive credential files.

Bug: 34600579
Test: manual - change device lock under synthetic password, verify
      old data on disk is erased.

Change-Id: I5e11b559ad8818bd2ad2b321d67d21477aab7555
2017-05-16 12:44:02 +01:00
Paul Crowley
f71ace310e Refactor to lay the groundwork for metadata encryption
Bug: 26778031
Test: Angler, Marlin build and boot
Change-Id: Ic136dfe6195a650f7db76d3489f36da6a1929dc5
2017-04-21 10:47:17 -07:00
Paul Crowley
6ab2cabd19 Support keys with a secret but no token, which are handled not using
Keymaster but in-process crypto.

Bug: 33384925
Test: manual for now: patch KeyAuthentication.usesKeymaster() to always return true;
      flash a FBE device, add a device PIN, reboot and verify PIN can unlock FBE.
      Then clear device PIN, reboot and verify FBE is unlocked automatically.
      In both cases, check there is no keymaster_key_blob in
      /data/misc/vold/user_keys/ce/0/current/
      Unit tests to be added.
Change-Id: Ia94e2b39d60bfd98c7a8347a5ba043eeab6928c5
2017-02-13 23:37:31 +00:00
Paul Crowley
df528a7011 Run clang-format over ext4crypt related code
The formatting here is inconsistent with Android house style; use
clang-format to bring it back into line.

Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb
2016-03-09 09:34:13 -08:00
Paul Crowley
a051eb7a22 Use pointers not references for out arguments
Google/Android C++ style requires that arguments passed in for writing
should be pointers, not references, so that it's visible in the caller
that they'll be written to.

Bug: 27566014
Change-Id: I5cd55906cc4b2f61c8b97b223786be0b3ce28862
2016-03-09 09:32:02 -08:00
Paul Crowley
0572080814 Password security for FBE disk encryption keys
Added a new call change_user_key which changes the way that disk
encryption keys are protected; a key can now be protected with a
combination of an auth token and a secret which is a hashed password.
Both of these are passed to unlock_user_key.

This change introduces a security bug, b/26948053, which must be fixed
before we ship.

Bug: 22950892
Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
2016-02-08 20:03:57 +00:00
Paul Crowley
13ffd8ef7a Improvements to the key storage module
The key storage module didn't comply with Android coding standards
and had room for improvemnet in a few other ways, so have cleaned up.

Change-Id: I260ccff316423169cf887e538113b5ea400892f2
2016-01-27 15:54:35 +00:00
Paul Crowley
1ef255816c Use a keymaster-based key storage module
Instead of writing raw keys, encrypt the keys with keymaster. This
paves the way to protecting them with auth tokens and passwords later.
In addition, fold in the hash of a 16k file into their encryption, to
ensure secure deletion works properly.

Now even C++ier!

Bug: 22502684
Bug: 22950892
Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-26 18:24:03 +00:00