Encrypt AES-256 keystore master keys. ag/5984229 that added support for AES-256 master keys inadvertently caused them not to be encyrpted by the user's password. This is less damaging to security than it might appear because these keys are also encrypted by Keymaster, in the TEE or StrongBox. Bug: 141955555 Test: Manually verify password is encryption on a userdebug build. Change-Id: Ic5e82546df67346e4c348273cf4fe2bac382c9dc

commit: 921d3a3678408af3598ef6bd8ec8f8afd4f6ee2e [log] [tgz]
author: Shawn Willden <swillden@google.com> Wed Oct 02 08:58:22 2019 -0600
committer: Shawn Willden <swillden@google.com> Wed Oct 02 15:17:51 2019 +0000
tree: bc2a830603fa5eac10b4442df27ecaa7f01e9b85
parent: 83aa272cae58ad2be32b946f5d4011abefcb07e8 [diff]
diff --git a/keystore/blob.cpp b/keystore/blob.cpp
index eac8f11..497f304 100644
--- a/keystore/blob.cpp
+++ b/keystore/blob.cpp

@@ -228,7 +228,7 @@
     mBlob->version = CURRENT_BLOB_VERSION;
     mBlob->type = uint8_t(type);
 
-    if (type == TYPE_MASTER_KEY) {
+    if (type == TYPE_MASTER_KEY || type == TYPE_MASTER_KEY_AES256) {
         mBlob->flags = KEYSTORE_FLAG_ENCRYPTED;
     } else {
         mBlob->flags = KEYSTORE_FLAG_NONE;
commit	921d3a3678408af3598ef6bd8ec8f8afd4f6ee2e	[log] [tgz]
author	Shawn Willden <swillden@google.com>	Wed Oct 02 08:58:22 2019 -0600
committer	Shawn Willden <swillden@google.com>	Wed Oct 02 15:17:51 2019 +0000
tree	bc2a830603fa5eac10b4442df27ecaa7f01e9b85
parent	83aa272cae58ad2be32b946f5d4011abefcb07e8 [diff]