tequilaOS/platform_system_security
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Encrypt AES-256 keystore master keys.

Browse source 
ag/5984229 that added support for AES-256 master keys inadvertently
caused them not to be encyrpted by the user's password.  This is less
damaging to security than it might appear because these keys are also
encrypted by Keymaster, in the TEE or StrongBox.

Bug: 141955555
Test:  Manually verify password is encryption on a userdebug build.
Change-Id: Ic5e82546df67346e4c348273cf4fe2bac382c9dc
(cherry picked from commit b951bc5317)
This commit is contained in:
Shawn Willden 2019-10-02 08:58:22 -06:00 committed by android-build-team Robot
parent 0d466c94a8
commit c9349a5bf0
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
keystore/blob.cpp
View file

@ -228,7 +228,7 @@ Blob::Blob(const uint8_t* value, size_t valueLength, const uint8_t* info, uint8_
mBlob->version = CURRENT_BLOB_VERSION;
mBlob->type = uint8_t(type);
if (type == TYPE_MASTER_KEY) {
if (type == TYPE_MASTER_KEY || type == TYPE_MASTER_KEY_AES256) {
mBlob->flags = KEYSTORE_FLAG_ENCRYPTED;
} else {
mBlob->flags = KEYSTORE_FLAG_NONE;