OSDN Git Service

(root) / android-x86 / frameworks-base.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 20fb01e) | patch
Swap the order of synthetic password wrapping
authorRubin Xu <rubinxu@google.com>
Tue, 31 Oct 2017 15:40:32 +0000 (15:40 +0000)
committerRubin Xu <rubinxu@google.com>
Sat, 4 Nov 2017 00:19:05 +0000 (00:19 +0000)
commit78acfe71d5d527ec727ffa3ad33f0de6255d60d7
treeccc38ad2445b2a1e7d700a942d0676518febf7fbtree | snapshot
parent20fb01eb23934ea702efe94fc7db0242b5c976e2commit | diff
Swap the order of synthetic password wrapping

Synthetic password is double encrypted by both a random auth-bound keymaster
key and a secret derived from user password. In order to avoid a password
verification oracle without rate limiting, synthetic password needs to be
encrypted by the derived secret first, and then the auth-bound key. This
change corrects the order of encryptions, as well as adds an upgrade path to
refresh existing credentials.

Test: Running an old build with existing password, flash to new build,
      verify the device unlocks successfully.
Bug: 68694819

Change-Id: Ifdaa01f3f4ddd5bb3f3d808d38f440ced729034f
Merged-In: Ifdaa01f3f4ddd5bb3f3d808d38f440ced729034f
services/core/java/com/android/server/locksettings/SyntheticPasswordCrypto.java diff | blob | history
services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java diff | blob | history
frameworks/base
About OSDN
Find Software
Develop Software
Help