Google Git
Sign in
android / platform / frameworks / base / 5025791ac6d1538224e19189397de8d71dcb1a12
commit5025791ac6d1538224e19189397de8d71dcb1a12[log] [tgz]
authorRubin Xu <rubinxu@google.com>Tue Oct 31 15:40:32 2017 +0000
committerandroid-build-team Robot <android-build-team-robot@google.com>Thu Jan 04 19:30:55 2018 +0000
tree322a5968015ba9bb25726f2db1c743b83d26d54e
parent5fdb80059e6cb1ffb3590ac3415c9072c1a8b17c [diff]
Swap the order of synthetic password wrapping

Synthetic password is double encrypted by both a random auth-bound keymaster
key and a secret derived from user password. In order to avoid a password
verification oracle without rate limiting, synthetic password needs to be
encrypted by the derived secret first, and then the auth-bound key. This
change corrects the order of encryptions, as well as adds an upgrade path to
refresh existing credentials.

Test: Running an old build with existing password, flash to new build,
      verify the device unlocks successfully.
Bug: 68694819

Change-Id: Ifdaa01f3f4ddd5bb3f3d808d38f440ced729034f
Merged-In: Ifdaa01f3f4ddd5bb3f3d808d38f440ced729034f
(cherry picked from commit 78acfe71d5d527ec727ffa3ad33f0de6255d60d7)
2 files changed
tree: 322a5968015ba9bb25726f2db1c743b83d26d54e
  1. apct-tests/
  2. api/
  3. cmds/
  4. config/
  5. core/
  6. data/
  7. docs/
  8. drm/
  9. graphics/
  10. keystore/
  11. legacy-test/
  12. libs/
  13. location/
  14. lowpan/
  15. media/
  16. native/
  17. nfc-extras/
  18. obex/
  19. opengl/
  20. packages/
  21. proto/
  22. rs/
  23. samples/
  24. sax/
  25. services/
  26. telecomm/
  27. telephony/
  28. test-runner/
  29. tests/
  30. tools/
  31. vr/
  32. wifi/
  33. Android.bp
  34. Android.mk
  35. CleanSpec.mk
  36. MODULE_LICENSE_APACHE2
  37. NOTICE
  38. pathmap.mk
  39. PREUPLOAD.cfg