diff options
author | Paul Crowley <paulcrowley@google.com> | 2017-10-26 11:16:39 -0700 |
---|---|---|
committer | Paul Crowley <paulcrowley@google.com> | 2017-10-26 12:19:09 -0700 |
commit | 26a53888a4efa4a966db189dd0b614f7573b2760 (patch) | |
tree | e9dd12e8c9013fae4064fc073243888cf1f9b58b /KeyStorage.h | |
parent | c6433a299df633c45d714a20fe3672b9b86d9312 (diff) | |
download | vold-26a53888a4efa4a966db189dd0b614f7573b2760.tar.gz |
When we forget a volume, forget per-volume key
Protect all per-volume-per-user keys with a per-volume key, which is
forgotten when the volume is forgotten. This means that the user's key
is securely lost even when their storage is encrypted at forgetting
time.
Bug: 25861755
Test: create a volume, forget it, check logs and filesystem.
Change-Id: I8df77bc91bbfa2258e082ddd54d6160dbf39b378
Diffstat (limited to 'KeyStorage.h')
-rw-r--r-- | KeyStorage.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/KeyStorage.h b/KeyStorage.h index 655cd179..786e5b49 100644 --- a/KeyStorage.h +++ b/KeyStorage.h @@ -44,6 +44,9 @@ extern const KeyAuthentication kEmptyAuthentication; // Checks if path "path" exists. bool pathExists(const std::string& path); +bool createSecdiscardable(const std::string& path, std::string* hash); +bool readSecdiscardable(const std::string& path, std::string* hash); + // Create a directory at the named path, and store "key" in it, // in such a way that it can only be retrieved via Keymaster and // can be securely deleted. |