diff options
| author | Mykola Kondratenko <mykola.kondratenko@sony.com> | 2019-01-04 15:13:33 +0100 |
|---|---|---|
| committer | Rubin Xu <rubinxu@google.com> | 2019-05-08 16:20:39 +0100 |
| commit | 01e3a48d87f4f621b9587614351790c89d2f667f (patch) | |
| tree | 8c6ca5d1e4403c0db0205a5adad7831477b72bf6 /tools/aapt2/java/JavaClassGenerator_test.cpp | |
| parent | c49800f15dc4aac1435a5ff7cb22374b15ae6d64 (diff) | |
Fix AES encryption for SP
Synthetic password is double encrypted by both a random auth-bound
keymaster key and a secret derived from user password.
The value 256 (AES_KEY_LENGTH) is declared as default key size for
secret derived from user password.
Auth-bound keymaster key is not a KeyStore-backed secret key
but is one that is PRNG created by JCA classes and stored
into KeyStore through import key material routine,
constraining particular purpose (only PURPOSE_DECRYPT).
Size for random auth-bound keymaster key is not set.
The default size of the AES key generated by KeyGenerator
(if keysize is not set) is 128.
Following fix is aiming to:
* Ensures that both wrapping keys are using the same key size (=256).
* Ensures that GCM encryption parameters generated by the provider are
the same (tag size equals 128).
How to verify:
Check the synthetic_password_X keystore blob size diff (479 -> 495) at
/data/misc/keystore/user_XX
Bug: 124030743
Test: Manual - see issue
Change-Id: I44346b8c1d98773ef1c168d63b03bc5d2bf0f746
Diffstat (limited to 'tools/aapt2/java/JavaClassGenerator_test.cpp')
0 files changed, 0 insertions, 0 deletions