Encrypt AES-256 keystore master keys. ag/5984229 that added support for AES-256 master keys inadvertently caused them not to be encyrpted by the user's password. This is less damaging to security than it might appear because these keys are also encrypted by Keymaster, in the TEE or StrongBox. Bug: 141955555 Test: Manually verify password is encryption on a userdebug build. Change-Id: Ic5e82546df67346e4c348273cf4fe2bac382c9dc Merged-In: Ie44a4097e058bd5b9e45aa73115c266b9570a4fc

commit: 58e675567c446b77c6ec83d8e07fecbd829f60ae [log] [tgz]
author: Shawn Willden <swillden@google.com> Wed Oct 02 08:58:22 2019 -0600
committer: Shawn Willden <swillden@google.com> Mon Oct 07 20:19:41 2019 +0000
tree: 6418a3814718af24f4ae4746179574aa4068e20f
parent: 550cf87b04e22441aa2e829ee3f2b4e0e3e79dfa [diff]
diff --git a/keystore/blob.cpp b/keystore/blob.cpp
index c3956f0..0a72d5b 100644
--- a/keystore/blob.cpp
+++ b/keystore/blob.cpp

@@ -170,7 +170,7 @@
     mBlob.version = CURRENT_BLOB_VERSION;
     mBlob.type = uint8_t(type);
 
-    if (type == TYPE_MASTER_KEY) {
+    if (type == TYPE_MASTER_KEY || type == TYPE_MASTER_KEY_AES256) {
         mBlob.flags = KEYSTORE_FLAG_ENCRYPTED;
     } else {
         mBlob.flags = KEYSTORE_FLAG_NONE;
commit	58e675567c446b77c6ec83d8e07fecbd829f60ae	[log] [tgz]
author	Shawn Willden <swillden@google.com>	Wed Oct 02 08:58:22 2019 -0600
committer	Shawn Willden <swillden@google.com>	Mon Oct 07 20:19:41 2019 +0000
tree	6418a3814718af24f4ae4746179574aa4068e20f
parent	550cf87b04e22441aa2e829ee3f2b4e0e3e79dfa [diff]