When we forget a volume, forget per-volume key

Protect all per-volume-per-user keys with a per-volume key, which is forgotten when the volume is forgotten. This means that the user's key is securely lost even when their storage is encrypted at forgetting time. Bug: 25861755 Test: create a volume, forget it, check logs and filesystem. Change-Id: I8df77bc91bbfa2258e082ddd54d6160dbf39b378
author: Paul Crowley <paulcrowley@google.com> 2017-10-26 11:16:39 -0700
committer: Paul Crowley <paulcrowley@google.com> 2017-10-26 12:19:09 -0700
commit: 26a53888a4efa4a966db189dd0b614f7573b2760 (patch)
tree: e9dd12e8c9013fae4064fc073243888cf1f9b58b /KeyStorage.h
parent: c6433a299df633c45d714a20fe3672b9b86d9312 (diff)
download: vold-26a53888a4efa4a966db189dd0b614f7573b2760.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/KeyStorage.h b/KeyStorage.h
index 655cd179..786e5b49 100644
--- a/KeyStorage.h
+++ b/KeyStorage.h
@@ -44,6 +44,9 @@ extern const KeyAuthentication kEmptyAuthentication;
 // Checks if path "path" exists.
 bool pathExists(const std::string& path);
 
+bool createSecdiscardable(const std::string& path, std::string* hash);
+bool readSecdiscardable(const std::string& path, std::string* hash);
+
 // Create a directory at the named path, and store "key" in it,
 // in such a way that it can only be retrieved via Keymaster and
 // can be securely deleted.
author	Paul Crowley <paulcrowley@google.com>	2017-10-26 11:16:39 -0700
committer	Paul Crowley <paulcrowley@google.com>	2017-10-26 12:19:09 -0700
commit	26a53888a4efa4a966db189dd0b614f7573b2760 (patch)
tree	e9dd12e8c9013fae4064fc073243888cf1f9b58b /KeyStorage.h
parent	c6433a299df633c45d714a20fe3672b9b86d9312 (diff)
download	vold-26a53888a4efa4a966db189dd0b614f7573b2760.tar.gz