Don't clear kesytore after 5 auth failures.
Keystore's security originally derived from encrypting keys with a key
derived from the user's password. To avoid making keystore into a
password brute force oracle, keystore cleared itself after five
incorrect presentations. All of this has been superseded by moving
keystore's security into Keymaster, and by moving password security
into Gatekeeper/Weaver, and further by implmenting the synthetic
password model.
This CL removes the now-useless and occasionally-dangerous keystore
self-destruct.
Test: Manual
Change-Id: Id85c1c39769701bbc0dcfcb76511faf9eeb65496
diff --git a/keystore/user_state.cpp b/keystore/user_state.cpp
index 8d993e2..30dfe3c 100644
--- a/keystore/user_state.cpp
+++ b/keystore/user_state.cpp
@@ -37,7 +37,7 @@
UserState::UserState(uid_t userId)
: mMasterKeyEntry(".masterkey", "user_" + std::to_string(userId), userId, /* masterkey */ true),
- mUserId(userId), mState(STATE_UNINITIALIZED), mRetry(MAX_RETRY) {}
+ mUserId(userId), mState(STATE_UNINITIALIZED) {}
bool UserState::operator<(const UserState& rhs) const {
return getUserId() < rhs.getUserId();
@@ -69,9 +69,6 @@
void UserState::setState(State state) {
mState = state;
- if (mState == STATE_NO_ERROR || mState == STATE_UNINITIALIZED) {
- mRetry = MAX_RETRY;
- }
}
void UserState::zeroizeMasterKeysInMemory() {
@@ -208,23 +205,9 @@
}
return response;
}
- if (mRetry <= 0) {
- reset();
- return ResponseCode::UNINITIALIZED;
- }
- --mRetry;
- switch (mRetry) {
- case 0:
- return ResponseCode::WRONG_PASSWORD_0;
- case 1:
- return ResponseCode::WRONG_PASSWORD_1;
- case 2:
- return ResponseCode::WRONG_PASSWORD_2;
- case 3:
- return ResponseCode::WRONG_PASSWORD_3;
- default:
- return ResponseCode::WRONG_PASSWORD_3;
- }
+
+ LOG(ERROR) << "Invalid password presented";
+ return ResponseCode::WRONG_PASSWORD_0;
}
bool UserState::reset() {