Increase the master key size to 256 bits NIAP certification finds that the 128 bit key size is insufficient and requires a 256 bit key size. This change increases the size of new master keys to 256 bits. Any existing master keys are not changed and continue to be supported. A new BlobType, TYPE_MASTER_KEY_AES256, is used to signal when a key is the new larger size. Bug: 121272336 Test: (1) Ran Keystore CTS tests against Walleye. (2) Created keys in build without change, moved to build with change and verified old key could be loaded and used. Also, a new key could be created with the increased size and could be reloaded after a reboot. Change-Id: If00331c303e6cc7bc95a2ab624d0e19bec4e587e

commit: d0315735fdc56aa7e57746c413fe9cb0eeedd352 [log] [tgz]
author: Branden Archer <brarcher@google.com> Thu Jan 10 14:56:05 2019 -0800
committer: Branden Archer <brarcher@google.com> Thu Jan 10 17:01:14 2019 -0800
tree: 922158105fbbce1d52107fe1c6e9f27cd9c773d7
parent: f5953d7ace12a7548503e0422c40dc176f46596b [diff] [blame]
diff --git a/keystore/user_state.h b/keystore/user_state.h
index 9403552..b0671e3 100644
--- a/keystore/user_state.h
+++ b/keystore/user_state.h

@@ -78,7 +78,7 @@
     static const int SHA1_DIGEST_SIZE_BYTES = 16;
     static const int SHA256_DIGEST_SIZE_BYTES = 32;
 
-    static const int MASTER_KEY_SIZE_BYTES = SHA1_DIGEST_SIZE_BYTES;
+    static const int MASTER_KEY_SIZE_BYTES = SHA256_DIGEST_SIZE_BYTES;
     static const int MASTER_KEY_SIZE_BITS = MASTER_KEY_SIZE_BYTES * 8;
 
     static const int MAX_RETRY = 4;
commit	d0315735fdc56aa7e57746c413fe9cb0eeedd352	[log] [tgz]
author	Branden Archer <brarcher@google.com>	Thu Jan 10 14:56:05 2019 -0800
committer	Branden Archer <brarcher@google.com>	Thu Jan 10 17:01:14 2019 -0800
tree	922158105fbbce1d52107fe1c6e9f27cd9c773d7
parent	f5953d7ace12a7548503e0422c40dc176f46596b [diff] [blame]