Skip to content

GitLab

Switch branch/tag
  1. 13 Oct, 2011 1 commit
    • Ken Sumrall's avatar
      Add the new verifypw command to vold/cryptfs · 3ad9072a
      Ken Sumrall authored 
      This vold command returns 0 if the given password matches the password
used to decrypt the device on boot.  It returns 1 if they don't match,
and it returns -1 on an internal error, and -2 if the device is not encrypted.

Also check the uid of the sender of the command and only allow the root and
system users to issue cryptfs commands.

Change-Id: I5e5ae3b72a2d7814ae68c2d49aa9deb90fb1dac5
      3ad9072a
  3. 01 Sep, 2011 1 commit
    • Ken Sumrall's avatar
      Add the ability to revert a crypto mapping when unmounting a volume · 0b8b5971
      Ken Sumrall authored 
      Add the force_and_revert option to the unmount command which will force
the unmount, and revert a crypto mapping.  This is used during factory
reset so that when the internal sdcard volume is formatted, it formats
the raw device, not the encrypted mapping.

Change-Id: I36b6ff9bb54863b121de635472a303bf4a2334a9
      0b8b5971
  5. 02 Jun, 2011 1 commit
    • Ken Sumrall's avatar
      vold: allow to store key in a file on another partition · 29d8da8c
      Ken Sumrall authored 
      Add support for keeping the keys in a separate file on another partition,
for devices with no space reserved for a footer after the userdata filesystem.

Add support for encrypting the volumes managed by vold, if they meet certain
criteria, namely being marked as nonremovable and encryptable in vold.fstab.
A bit of trickiness is required to keep vold happy.

Change-Id: Idf0611f74b56c1026c45742ca82e0c26e58828fe
      29d8da8c
  7. 01 Feb, 2011 2 commits
    • Ken Sumrall's avatar
      Improve detection of incomplete encryption · 7f7dbaa2
      Ken Sumrall authored 
      Bug 3384231 is punted to MR1, but the code to set the flag is already
in the tree, so this CL does 3 things:

1.  Comments out the lines that set the flag
2.  Removes the change to the checkpw that was added in the last change.
3.  Implements a new command to check the flag (which no one is calling
    yet and the flag won't be set anyhow).

When MR1 comes, it will be a simple matter to enable the flag setting
code and start testing it.

The fear is a false positive detection of incomplete encryption could
cause people to be prompted to wipe their data when MR1 comes out and
the flag is checked.  Not setting this for first release, and testing
this more before MR1, will give us confidence that the code will not
detect false positives of encryption failure.

Change-Id: I6dfba11646e291fe5867e8375b71a53c815f3968
      7f7dbaa2
    • Ken Sumrall's avatar
      Detect when encryption failed to complete · d33d417e
      Ken Sumrall authored 
      For the case there encryption failes to complete because of a kernel
crash or the user power cycling the device, define a flag in the
crypto footer that says encryption is in progress.  Set it when starting
the actual encryption, and clear it when it successfully completes.

When the user is asked for the disk password, if the flag is set,
return a special error to the caller so the UI can know to tell the
user there is no valid data on the disk, and present a button to
wipe and reset the device.

Change-Id: I3723ec77f33437d94b3ac9ad5db0a5c950d11648
      d33d417e
  9. 28 Jan, 2011 1 commit
    • Jason parks's avatar
      Change cryptfs changepw to only require a new password. · 70a4b3fd
      Jason parks authored 
      The master key is now stored unhashed in memory. This
is needed because certain operation like remote reseting
of passwords the old password is not avaliable.
The changepw interface has been changed to only take
the new password as the only argument. When this is
called we reencrypt the master key with the new password
and old salt.

Bug: 3382129
Change-Id: I9a596b89013194605d6d7790067691aa0dc75e72
      70a4b3fd
  11. 19 Jan, 2011 1 commit
    • Ken Sumrall's avatar
      Create and use a salt when calling pbkdf2 to encrypt/decrypt the master key. · e8744070
      Ken Sumrall authored 
      In order to prevent rainbow table attacks on decrypting the master key,
create a 16 byte "salt" by reading /dev/urandom.  This is done right after
reading urandom to get the master key for the filesystem.  The salt is
stored 32 bytes after the end of the key (a padding added to help prevent
accidental overwriting of the salt) and the salt is fixed at 16 bytes long.

This change will make existing encrypted filesystems unusable.

Change-Id: I420549d064c61d38aea78eef4d86c88acb265ca3
      e8744070
  13. 17 Jan, 2011 1 commit
    • Ken Sumrall's avatar
      Updates to cryptfs framework. · 8ddbe40a
      Ken Sumrall authored 
      Update the enable inplace API to allow the UI to show a progress bar.
Add new command changepw (whichis currently not working)
Internal restructuring of code to support these two features.
Some minor cleanup of the code as well.

Change-Id: I11461fc9ce66965bea6cd0b6bb2ff48bcf607b97
      8ddbe40a
  15. 14 Jan, 2011 1 commit
    • Ken Sumrall's avatar
      Change the cryptfs command to separate out checking the password and restarting · 6864b7ec
      Ken Sumrall authored 
      In order to make the animations and the UI look right, we need to change
the cryptfs checkpw command to return a status if the password was
correct or not, and not have it automatically restart if it's correct.

There is a new command restart that will restart the framework with the
encrypted filesystem.

Change-Id: Ia8ae00d7ed8667699aa58d05ad8ba953cca9316e
      6864b7ec
  17. 19 Dec, 2010 1 commit
    • Ken Sumrall's avatar
      Support for encrypting /data on Stingray. · 8f869aa1
      Ken Sumrall authored 
      There are still a few hacks and performance issues related
to shutting down the framework in this code, but it is
functional and tested.  Without the UI changes, it requires
cryptic adb shell commands to enable, which I shall not
utter here.

Change-Id: I0b8f90afd707e17fbdb0373d156236946633cf8b
      8f869aa1