Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 24bfd61d authored by Rubin Xu's avatar Rubin Xu
Browse files

Swap the order of synthetic password wrapping 

Synthetic password is double encrypted by both a random auth-bound keymaster
key and a secret derived from user password. In order to avoid a password
verification oracle without rate limiting, synthetic password needs to be
encrypted by the derived secret first, and then the auth-bound key. This
change corrects the order of encryptions, as well as adds an upgrade path to
refresh existing credentials.

Test: Running an old build with existing password, flash to new build,
      verify the device unlocks successfully.
Bug: 68694819

Change-Id: Ifdaa01f3f4ddd5bb3f3d808d38f440ced729034f
Merged-In: Ifdaa01f3f4ddd5bb3f3d808d38f440ced729034f
parent 571c8a45
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment