Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf

commit: 0572080814ea5f7456d9feea05f936c858178159 [log] [tgz]
author: Paul Crowley <paulcrowley@google.com> Mon Feb 08 15:55:41 2016 +0000
committer: Paul Crowley <paulcrowley@google.com> Mon Feb 08 20:03:57 2016 +0000
tree: 1e30986d3d0adde4843367ba25d69353b81a9fb6
parent: 1ab7349e49dc8f53360750833d7e4e942f4408a8 [diff] [blame]
diff --git a/Keymaster.h b/Keymaster.h
index 003baa6..a4deddf 100644
--- a/Keymaster.h
+++ b/Keymaster.h

@@ -33,7 +33,6 @@
 // This is tailored to the needs of KeyStorage, but could be extended to be
 // a more general interface.
 
-
 // Wrapper for a keymaster_operation_handle_t representing an
 // ongoing Keymaster operation.  Aborts the operation
 // in the destructor if it is unfinished. Methods log failures
@@ -100,6 +99,12 @@
     return params.Authorization(tag, val.data(), val.size());
 }
 
+template <keymaster_tag_t Tag>
+inline void addStringParam(AuthorizationSetBuilder &params,
+        TypedTag<KM_BYTES, Tag> tag, const std::string& val) {
+    params.Authorization(tag, val.data(), val.size());
+}
+
 }  // namespace vold
 }  // namespace android
commit	0572080814ea5f7456d9feea05f936c858178159	[log] [tgz]
author	Paul Crowley <paulcrowley@google.com>	Mon Feb 08 15:55:41 2016 +0000
committer	Paul Crowley <paulcrowley@google.com>	Mon Feb 08 20:03:57 2016 +0000
tree	1e30986d3d0adde4843367ba25d69353b81a9fb6
parent	1ab7349e49dc8f53360750833d7e4e942f4408a8 [diff] [blame]