Swap the order of synthetic password wrapping
Synthetic password is double encrypted by both a random auth-bound keymaster
key and a secret derived from user password. In order to avoid a password
verification oracle without rate limiting, synthetic password needs to be
encrypted by the derived secret first, and then the auth-bound key. This
change corrects the order of encryptions, as well as adds an upgrade path to
refresh existing credentials.
Test: Running an old build with existing password, flash to new build,
verify the device unlocks successfully.
(cherry picked from commit 78acfe71d5d527ec727ffa3ad33f0de6255d60d7)
2 files changed