Commit graph

9 commits

Author SHA1 Message Date
Paul Crowley
b3de337acd Use a longer timeout on the disk encryption keys
Avoid a timeout error by extending the time allowed between getting
the auth token and decrypting the key from five to thirty seconds.

Bug: 28398766
Change-Id: I1dbb9e0e33707e7de4c1720ad1b8e153c77094b2
2016-04-27 12:58:41 -07:00
Paul Crowley
df528a7011 Run clang-format over ext4crypt related code
The formatting here is inconsistent with Android house style; use
clang-format to bring it back into line.

Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb
2016-03-09 09:34:13 -08:00
Paul Crowley
a051eb7a22 Use pointers not references for out arguments
Google/Android C++ style requires that arguments passed in for writing
should be pointers, not references, so that it's visible in the caller
that they'll be written to.

Bug: 27566014
Change-Id: I5cd55906cc4b2f61c8b97b223786be0b3ce28862
2016-03-09 09:32:02 -08:00
Paul Crowley
320e5e15b6 Require the auth token for decryption.
A bug meant that the auth token wasn't being used; it turns out that
in order to use it we need to do things slightly differently.

Bug: 27496553
Change-Id: I0f0ab77fed31b92a79eba4acf488cb098691b4be
2016-03-08 14:32:00 -08:00
Paul Crowley
d9b9295b8c Fix memory leak in generate_key wrapper. Other fixes.
- catch errors in looking for the keyring
- static_assert to prevent a buffer overrun
- remove obsolete, misleading comment
- dial down priority of some log messages
- explain why we ignore some errors
- idiomatic C++11

Bug: 27552432
Change-Id: Ic3ee05b41eae45e7c6b571a459b326a483663526
2016-03-08 14:31:49 -08:00
Paul Crowley
63c18d3ba9 Add scrypt-based password stretching.
Bug: 27056334
Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
2016-02-10 14:07:59 +00:00
Paul Crowley
0572080814 Password security for FBE disk encryption keys
Added a new call change_user_key which changes the way that disk
encryption keys are protected; a key can now be protected with a
combination of an auth token and a secret which is a hashed password.
Both of these are passed to unlock_user_key.

This change introduces a security bug, b/26948053, which must be fixed
before we ship.

Bug: 22950892
Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
2016-02-08 20:03:57 +00:00
Paul Crowley
13ffd8ef7a Improvements to the key storage module
The key storage module didn't comply with Android coding standards
and had room for improvemnet in a few other ways, so have cleaned up.

Change-Id: I260ccff316423169cf887e538113b5ea400892f2
2016-01-27 15:54:35 +00:00
Paul Crowley
1ef255816c Use a keymaster-based key storage module
Instead of writing raw keys, encrypt the keys with keymaster. This
paves the way to protecting them with auth tokens and passwords later.
In addition, fold in the hash of a 16k file into their encryption, to
ensure secure deletion works properly.

Now even C++ier!

Bug: 22502684
Bug: 22950892
Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-26 18:24:03 +00:00