Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322

commit: 1ef255816c50e462acc23383a9ff747c5f55c4ff [log] [tgz]
author: Paul Crowley <paulcrowley@google.com> Thu Jan 21 20:26:12 2016 +0000
committer: Paul Crowley <paulcrowley@google.com> Tue Jan 26 18:24:03 2016 +0000
tree: 2db97d6f6d61394c0f37ad14ee49d5fd33575421
parent: a042cb5761f4bf954645b404ae5bb0a0d5b583fd [diff] [blame]
diff --git a/Android.mk b/Android.mk
index 4ab719f..979ab5e 100644
--- a/Android.mk
+++ b/Android.mk

@@ -27,6 +27,8 @@
 	MoveTask.cpp \
 	Benchmark.cpp \
 	TrimTask.cpp \
+	Keymaster.cpp \
+	KeyStorage.cpp \
 
 common_c_includes := \
 	system/extras/ext4_utils \
@@ -52,7 +54,9 @@
 	libutils \
 	libhardware \
 	libsoftkeymaster \
-	libbase
+	libbase \
+	libkeymaster1 \
+	libkeymaster_messages \
 
 common_static_libraries := \
 	libfs_mgr \
@@ -61,7 +65,7 @@
 	libsquashfs_utils \
 	libscrypt_static \
 	libmincrypt \
-	libbatteryservice
+	libbatteryservice \
 
 vold_conlyflags := -std=c11
 vold_cflags := -Werror -Wall -Wno-missing-field-initializers -Wno-unused-variable -Wno-unused-parameter
commit	1ef255816c50e462acc23383a9ff747c5f55c4ff	[log] [tgz]
author	Paul Crowley <paulcrowley@google.com>	Thu Jan 21 20:26:12 2016 +0000
committer	Paul Crowley <paulcrowley@google.com>	Tue Jan 26 18:24:03 2016 +0000
tree	2db97d6f6d61394c0f37ad14ee49d5fd33575421
parent	a042cb5761f4bf954645b404ae5bb0a0d5b583fd [diff] [blame]