e2e2d308df2da26838de32852318bc2cb690d052 |
|
01-Aug-2017 |
Pavel Grafov <pgrafov@google.com> |
Zero memory used for encryuption keys. std::vector with custom zeroing allocator is used instead of std::string for data that can contain encryption keys. Bug: 64201177 Test: manually created a managed profile, changed it's credentials Test: manually upgraded a phone with profile from O to MR1. Change-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd
/system/vold/Keymaster.h
|
25e8b4b4f67f62a98c440f8323eaeb956d99f0cd |
|
01-May-2017 |
Steven Moreland <smoreland@google.com> |
Keymaster: IWYU Was depending on this transitively from MQDescriptor.h Test: links Bug: 37791060 Change-Id: I9b52bbe9ac6c3a54fdb6e352e90eba50914633d4
/system/vold/Keymaster.h
|
4375f1be4ccdbf78ef4c5ab926d3316503a7b146 |
|
25-Feb-2017 |
Wei Wang <wvw@google.com> |
Change to use new WaitForProperty API Change to use WaitForProperty API to wait for vold.post_fs_data_done Also change cryptfs to C++ Bug: 35425974 Test: mma, marlin/angler boot Change-Id: Id821f2035788fcc91909f296c83c871c67571de3
/system/vold/Keymaster.h
|
015ec30b36713308db9f0051e8f97338419d7fbf |
|
31-Jan-2017 |
Janis Danisevskis <jdanis@google.com> |
Port cryptfs to HILD keymaster HAL Cryptfs uses keymaster for key derivation. Vold has a C++ abstraction for Keymaster. However, cryptfs, being a pure C implementation, uses its own abstraction of the keymaster HAL. This patch expresses cryptfs' keymaster abstraction in terms of vold's C++ Keymaster abstraction, consolidating the code base to a single point where the actual keymaster HAL is beeing used. Test: successfully upgrade bullhead/angler while using FDE and having a PIN set run vold_cryptfs_scrypt_hidlization_equivalence_test Bug: 35028230 Bug: 32020919 Change-Id: Ic3b765720be0cf7899dda5005fa89347ffb59b9f
/system/vold/Keymaster.h
|
cfc5202147a1f72a61415266f0d4097544ce8b89 |
|
06-Feb-2017 |
Alex Klyubin <klyubin@google.com> |
Revert "Port cryptfs to HILD keymaster HAL" bullhead-userdebug with disk encryption enabled and with PIN prompt at boot can no longer unlock/mount encrypted userdata partition at boot after updating from bullhead-userdebug prior to the two commits being reverted here. This reverts commit 6b7fa1bf178cd941aabe815d17da38d2e55d9867. This reverts commit bbe31ba776fe73da2959c5ab442e191d8371a8f3. Test: Flash bullhead-userdebug build created prior to the above two commits, enable disk (set PIN to 1234) with PIN required at boot, reboot, confirm that PIN prompt accepts the PIN, confirm that device fully boots up and appears operational. Flash build with this commit without wiping userdata, confirm that PIN prompt at boot accepts the PIN and device fully boots up and appears operational. Bug: 35028230 Change-Id: I1e9303e9d007c0c9a3021c874340156748dff5f5
/system/vold/Keymaster.h
|
bbe31ba776fe73da2959c5ab442e191d8371a8f3 |
|
06-Feb-2017 |
Janis Danisevskis <jdanis@google.com> |
Cosmetic change to 6b7fa1b Test: no functional change Change-Id: I7f630473e317cbee73125955260f5aad0a000630
/system/vold/Keymaster.h
|
6b7fa1bf178cd941aabe815d17da38d2e55d9867 |
|
31-Jan-2017 |
Janis Danisevskis <jdanis@google.com> |
Port cryptfs to HILD keymaster HAL Cryptfs uses keymaster for key derivation. Vold has a C++ abstraction for Keymaster. However, cryptfs, being a pure C implementation, uses its own abstraction of the keymaster HAL. This patch expresses cryptfs' keymaster abstraction in terms of vold's C++ Keymaster abstraction, consolidating the code base to a single point where the actual keymaster HAL is beeing used. Test: marlin device boots with FBE enabled Change-Id: Ia51fed5508e06fd6c436cca193791e57e0ab99ea
/system/vold/Keymaster.h
|
8e537b80028d11ac1f3810e959636028e77b2025 |
|
26-Oct-2016 |
Janis Danisevskis <jdanis@google.com> |
Port to binder based keymaster hal Bug: 32020919 Change-Id: If45ece76fdaf4d2c80eddc537e429633e4d42f9d
/system/vold/Keymaster.h
|
dff8c727c15cbe795e518e9116dfa271e67755b5 |
|
16-May-2016 |
Paul Crowley <paulcrowley@google.com> |
Support Keymaster 2 configuration and key upgrading Bug: 27212248 Change-Id: I96bd9a442f4f535ba6ea44c9e81bcc1fee0ec471
/system/vold/Keymaster.h
|
0323afd69d82ce900d520f4611f56e6c06fc08a1 |
|
16-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Support Keymaster2 with lots of clever template logic :) Bug: 27718275 Change-Id: I0b2aa74f45fd07a121ce0c342b27426a3fe593ce
/system/vold/Keymaster.h
|
df528a7011b302c91579898c4a37361214ab05bb |
|
09-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Run clang-format over ext4crypt related code The formatting here is inconsistent with Android house style; use clang-format to bring it back into line. Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb
/system/vold/Keymaster.h
|
a051eb7a22b7cd97e66d2f22b64884f8ebc73952 |
|
09-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Use pointers not references for out arguments Google/Android C++ style requires that arguments passed in for writing should be pointers, not references, so that it's visible in the caller that they'll be written to. Bug: 27566014 Change-Id: I5cd55906cc4b2f61c8b97b223786be0b3ce28862
/system/vold/Keymaster.h
|
0572080814ea5f7456d9feea05f936c858178159 |
|
08-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
/system/vold/Keymaster.h
|
13ffd8ef7a02a1b4b4d9a74f45d4a5bb6b814313 |
|
27-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
/system/vold/Keymaster.h
|
1ef255816c50e462acc23383a9ff747c5f55c4ff |
|
21-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
/system/vold/Keymaster.h
|