Increase the master key size to 256 bits
NIAP certification finds that the 128 bit key size is insufficient
and requires a 256 bit key size. This change increases the
size of new master keys to 256 bits. Any existing master keys are
not changed and continue to be supported.
A new BlobType, TYPE_MASTER_KEY_AES256, is used to signal when a
key is the new larger size.
Bug: 121272336
Test: (1) Ran Keystore CTS tests against Walleye,
no new test failures observed.
(2) Created keys in build without change, moved to build
with change and verified old key could be loaded and
used. Also, a new key could be created with the
increased size and could be reloaded after a reboot.
Change-Id: Ie120f514bc1db7a8a9eeaaf842178bafe128ee19
Merged-In: If00331c303e6cc7bc95a2ab624d0e19bec4e587e
diff --git a/keystore/blob.h b/keystore/blob.h
index 4a35842..dc70709 100644
--- a/keystore/blob.h
+++ b/keystore/blob.h
@@ -30,6 +30,7 @@
constexpr size_t kAesKeySize = 128 / 8;
constexpr size_t kGcmTagLength = 128 / 8;
constexpr size_t kGcmIvLength = 96 / 8;
+constexpr size_t kAes128KeySizeBytes = 128 / 8;
/* Here is the file format. There are two parts in blob.value, the secret and
* the description. The secret is stored in ciphertext, and its original size
@@ -81,9 +82,9 @@
TYPE_KEY_PAIR = 3,
TYPE_KEYMASTER_10 = 4,
TYPE_KEY_CHARACTERISTICS = 5,
+ TYPE_MASTER_KEY_AES256 = 7,
} BlobType;
-
class Blob {
public:
Blob(const uint8_t* value, size_t valueLength, const uint8_t* info, uint8_t infoLength,