Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf

commit: 0572080814ea5f7456d9feea05f936c858178159 [log] [tgz]
author: Paul Crowley <paulcrowley@google.com> Mon Feb 08 15:55:41 2016 +0000
committer: Paul Crowley <paulcrowley@google.com> Mon Feb 08 20:03:57 2016 +0000
tree: 1e30986d3d0adde4843367ba25d69353b81a9fb6
parent: 1ab7349e49dc8f53360750833d7e4e942f4408a8 [diff] [blame]
diff --git a/Ext4Crypt.h b/Ext4Crypt.h
index d732e86..80838c8 100644
--- a/Ext4Crypt.h
+++ b/Ext4Crypt.h

@@ -28,8 +28,11 @@
 int e4crypt_init_user0();
 int e4crypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral);
 int e4crypt_destroy_user_key(userid_t user_id);
+int e4crypt_change_user_key(userid_t user_id, int serial,
+    const char* token, const char* old_secret, const char* new_secret);
 
-int e4crypt_unlock_user_key(userid_t user_id, int serial, const char* token);
+int e4crypt_unlock_user_key(userid_t user_id, int serial,
+    const char* token, const char* secret);
 int e4crypt_lock_user_key(userid_t user_id);
 
 int e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id,
commit	0572080814ea5f7456d9feea05f936c858178159	[log] [tgz]
author	Paul Crowley <paulcrowley@google.com>	Mon Feb 08 15:55:41 2016 +0000
committer	Paul Crowley <paulcrowley@google.com>	Mon Feb 08 20:03:57 2016 +0000
tree	1e30986d3d0adde4843367ba25d69353b81a9fb6
parent	1ab7349e49dc8f53360750833d7e4e942f4408a8 [diff] [blame]