diff options
| author | 2017-10-31 15:40:32 +0000 | |
|---|---|---|
| committer | 2017-11-04 00:19:05 +0000 | |
| commit | 78acfe71d5d527ec727ffa3ad33f0de6255d60d7 (patch) | |
| tree | ccc38ad2445b2a1e7d700a942d0676518febf7fb /libs/androidfw/AttributeResolution.cpp | |
| parent | 20fb01eb23934ea702efe94fc7db0242b5c976e2 (diff) | |
Swap the order of synthetic password wrapping
Synthetic password is double encrypted by both a random auth-bound keymaster
key and a secret derived from user password. In order to avoid a password
verification oracle without rate limiting, synthetic password needs to be
encrypted by the derived secret first, and then the auth-bound key. This
change corrects the order of encryptions, as well as adds an upgrade path to
refresh existing credentials.
Test: Running an old build with existing password, flash to new build,
      verify the device unlocks successfully.
Bug: 68694819
Change-Id: Ifdaa01f3f4ddd5bb3f3d808d38f440ced729034f
Merged-In: Ifdaa01f3f4ddd5bb3f3d808d38f440ced729034f
Diffstat (limited to 'libs/androidfw/AttributeResolution.cpp')
0 files changed, 0 insertions, 0 deletions