OSDN Git Service

(root) / android-x86 / frameworks-base.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 571c8a4) | patch
Swap the order of synthetic password wrapping
authorRubin Xu <rubinxu@google.com>
Tue, 31 Oct 2017 15:40:32 +0000 (15:40 +0000)
committerRubin Xu <rubinxu@google.com>
Sat, 4 Nov 2017 00:18:10 +0000 (00:18 +0000)
commit24bfd61d3c8bac869eb4e525e382476d3b7f5eb9
tree92635d659c740d4e4b8288a73217e7a71db12325tree | snapshot
parent571c8a450702a23b2290796f46d38ac54a9e034ccommit | diff
Swap the order of synthetic password wrapping

Synthetic password is double encrypted by both a random auth-bound keymaster
key and a secret derived from user password. In order to avoid a password
verification oracle without rate limiting, synthetic password needs to be
encrypted by the derived secret first, and then the auth-bound key. This
change corrects the order of encryptions, as well as adds an upgrade path to
refresh existing credentials.

Test: Running an old build with existing password, flash to new build,
      verify the device unlocks successfully.
Bug: 68694819

Change-Id: Ifdaa01f3f4ddd5bb3f3d808d38f440ced729034f
Merged-In: Ifdaa01f3f4ddd5bb3f3d808d38f440ced729034f
services/core/java/com/android/server/SyntheticPasswordCrypto.java diff | blob | history
services/core/java/com/android/server/SyntheticPasswordManager.java diff | blob | history
frameworks/base
About OSDN
Find Software
Develop Software
Help