| e2e2d308df2da26838de32852318bc2cb690d052 |
|
01-Aug-2017 |
Pavel Grafov <pgrafov@google.com> |
Zero memory used for encryuption keys.
std::vector with custom zeroing allocator is used instead of
std::string for data that can contain encryption keys.
Bug: 64201177
Test: manually created a managed profile, changed it's credentials
Test: manually upgraded a phone with profile from O to MR1.
Change-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd
/system/vold/Keymaster.h
|
| 25e8b4b4f67f62a98c440f8323eaeb956d99f0cd |
|
01-May-2017 |
Steven Moreland <smoreland@google.com> |
Keymaster: IWYU
Was depending on this transitively from MQDescriptor.h
Test: links
Bug: 37791060
Change-Id: I9b52bbe9ac6c3a54fdb6e352e90eba50914633d4
/system/vold/Keymaster.h
|
| 4375f1be4ccdbf78ef4c5ab926d3316503a7b146 |
|
25-Feb-2017 |
Wei Wang <wvw@google.com> |
Change to use new WaitForProperty API
Change to use WaitForProperty API to wait for vold.post_fs_data_done
Also change cryptfs to C++
Bug: 35425974
Test: mma, marlin/angler boot
Change-Id: Id821f2035788fcc91909f296c83c871c67571de3
/system/vold/Keymaster.h
|
| 015ec30b36713308db9f0051e8f97338419d7fbf |
|
31-Jan-2017 |
Janis Danisevskis <jdanis@google.com> |
Port cryptfs to HILD keymaster HAL
Cryptfs uses keymaster for key derivation. Vold has a C++ abstraction
for Keymaster. However, cryptfs, being a pure C implementation, uses
its own abstraction of the keymaster HAL.
This patch expresses cryptfs' keymaster abstraction in terms of
vold's C++ Keymaster abstraction, consolidating the code base to a
single point where the actual keymaster HAL is beeing used.
Test: successfully upgrade bullhead/angler while using FDE and
having a PIN set
run vold_cryptfs_scrypt_hidlization_equivalence_test
Bug: 35028230
Bug: 32020919
Change-Id: Ic3b765720be0cf7899dda5005fa89347ffb59b9f
/system/vold/Keymaster.h
|
| cfc5202147a1f72a61415266f0d4097544ce8b89 |
|
06-Feb-2017 |
Alex Klyubin <klyubin@google.com> |
Revert "Port cryptfs to HILD keymaster HAL"
bullhead-userdebug with disk encryption enabled and with PIN prompt at
boot can no longer unlock/mount encrypted userdata partition at boot
after updating from bullhead-userdebug prior to the two commits being
reverted here.
This reverts commit 6b7fa1bf178cd941aabe815d17da38d2e55d9867.
This reverts commit bbe31ba776fe73da2959c5ab442e191d8371a8f3.
Test: Flash bullhead-userdebug build created prior to the above two
commits, enable disk (set PIN to 1234) with PIN required at
boot, reboot, confirm that PIN prompt accepts the PIN, confirm
that device fully boots up and appears operational. Flash build
with this commit without wiping userdata, confirm that PIN
prompt at boot accepts the PIN and device fully boots up and
appears operational.
Bug: 35028230
Change-Id: I1e9303e9d007c0c9a3021c874340156748dff5f5
/system/vold/Keymaster.h
|
| bbe31ba776fe73da2959c5ab442e191d8371a8f3 |
|
06-Feb-2017 |
Janis Danisevskis <jdanis@google.com> |
Cosmetic change to 6b7fa1b
Test: no functional change
Change-Id: I7f630473e317cbee73125955260f5aad0a000630
/system/vold/Keymaster.h
|
| 6b7fa1bf178cd941aabe815d17da38d2e55d9867 |
|
31-Jan-2017 |
Janis Danisevskis <jdanis@google.com> |
Port cryptfs to HILD keymaster HAL
Cryptfs uses keymaster for key derivation. Vold has a C++ abstraction
for Keymaster. However, cryptfs, being a pure C implementation, uses
its own abstraction of the keymaster HAL.
This patch expresses cryptfs' keymaster abstraction in terms of
vold's C++ Keymaster abstraction, consolidating the code base to a
single point where the actual keymaster HAL is beeing used.
Test: marlin device boots with FBE enabled
Change-Id: Ia51fed5508e06fd6c436cca193791e57e0ab99ea
/system/vold/Keymaster.h
|
| 8e537b80028d11ac1f3810e959636028e77b2025 |
|
26-Oct-2016 |
Janis Danisevskis <jdanis@google.com> |
Port to binder based keymaster hal
Bug: 32020919
Change-Id: If45ece76fdaf4d2c80eddc537e429633e4d42f9d
/system/vold/Keymaster.h
|
| dff8c727c15cbe795e518e9116dfa271e67755b5 |
|
16-May-2016 |
Paul Crowley <paulcrowley@google.com> |
Support Keymaster 2 configuration and key upgrading
Bug: 27212248
Change-Id: I96bd9a442f4f535ba6ea44c9e81bcc1fee0ec471
/system/vold/Keymaster.h
|
| 0323afd69d82ce900d520f4611f56e6c06fc08a1 |
|
16-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Support Keymaster2 with lots of clever template logic :)
Bug: 27718275
Change-Id: I0b2aa74f45fd07a121ce0c342b27426a3fe593ce
/system/vold/Keymaster.h
|
| df528a7011b302c91579898c4a37361214ab05bb |
|
09-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Run clang-format over ext4crypt related code
The formatting here is inconsistent with Android house style; use
clang-format to bring it back into line.
Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb
/system/vold/Keymaster.h
|
| a051eb7a22b7cd97e66d2f22b64884f8ebc73952 |
|
09-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Use pointers not references for out arguments
Google/Android C++ style requires that arguments passed in for writing
should be pointers, not references, so that it's visible in the caller
that they'll be written to.
Bug: 27566014
Change-Id: I5cd55906cc4b2f61c8b97b223786be0b3ce28862
/system/vold/Keymaster.h
|
| 0572080814ea5f7456d9feea05f936c858178159 |
|
08-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Password security for FBE disk encryption keys
Added a new call change_user_key which changes the way that disk
encryption keys are protected; a key can now be protected with a
combination of an auth token and a secret which is a hashed password.
Both of these are passed to unlock_user_key.
This change introduces a security bug, b/26948053, which must be fixed
before we ship.
Bug: 22950892
Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
/system/vold/Keymaster.h
|
| 13ffd8ef7a02a1b4b4d9a74f45d4a5bb6b814313 |
|
27-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Improvements to the key storage module
The key storage module didn't comply with Android coding standards
and had room for improvemnet in a few other ways, so have cleaned up.
Change-Id: I260ccff316423169cf887e538113b5ea400892f2
/system/vold/Keymaster.h
|
| 1ef255816c50e462acc23383a9ff747c5f55c4ff |
|
21-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Use a keymaster-based key storage module
Instead of writing raw keys, encrypt the keys with keymaster. This
paves the way to protecting them with auth tokens and passwords later.
In addition, fold in the hash of a 16k file into their encryption, to
ensure secure deletion works properly.
Now even C++ier!
Bug: 22502684
Bug: 22950892
Change-Id: If70f139e342373533c42d5a298444b8438428322
/system/vold/Keymaster.h
|