Merge "Minor changes to the API to align the choice of password hashing algorithm" into pi-dev

author: TreeHugger Robot <treehugger-gerrit@google.com> 2018-03-20 21:13:26 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2018-03-20 21:13:26 +0000
commit: cb686a19e6be88e8e69f03b67687ed78d904e576 (patch)
tree: e9b4d16416c14cb8e038aaf5440519f652ec95b4
parent: e248eeebc28e444bb03c2cadea927e4155985ff7 (diff)
parent: e066a59436579f8d7961e97e4aef6e26e5e1c659 (diff)
2 files changed, 37 insertions, 7 deletions
diff --git a/core/java/android/security/keystore/recovery/KeyDerivationParams.java b/core/java/android/security/keystore/recovery/KeyDerivationParams.java
index ef5e90c89944..428eaaa0079e 100644
--- a/core/java/android/security/keystore/recovery/KeyDerivationParams.java
+++ b/core/java/android/security/keystore/recovery/KeyDerivationParams.java
@@ -37,25 +37,26 @@ import java.lang.annotation.RetentionPolicy;
 @SystemApi
 public final class KeyDerivationParams implements Parcelable {
     private final int mAlgorithm;
-    private byte[] mSalt;
+    private final byte[] mSalt;
+    private final int mDifficulty;
 
     /** @hide */
     @Retention(RetentionPolicy.SOURCE)
-    @IntDef(prefix = {"ALGORITHM_"}, value = {ALGORITHM_SHA256, ALGORITHM_ARGON2ID})
+    @IntDef(prefix = {"ALGORITHM_"}, value = {ALGORITHM_SHA256, ALGORITHM_SCRYPT})
     public @interface KeyDerivationAlgorithm {
     }
 
     /**
-     * Salted SHA256
+     * Salted SHA256.
      */
     public static final int ALGORITHM_SHA256 = 1;
 
     /**
-     * Argon2ID
+     * SCRYPT.
+     *
      * @hide
      */
-    // TODO: add Argon2ID support.
-    public static final int ALGORITHM_ARGON2ID = 2;
+    public static final int ALGORITHM_SCRYPT = 2;
 
     /**
      * Creates instance of the class to to derive key using salted SHA256 hash.
@@ -65,12 +66,30 @@ public final class KeyDerivationParams implements Parcelable {
     }
 
     /**
+     * Creates instance of the class to to derive key using the password hashing algorithm SCRYPT.
+     *
+     * @hide
+     */
+    public static KeyDerivationParams createScryptParams(@NonNull byte[] salt, int difficulty) {
+        return new KeyDerivationParams(ALGORITHM_SCRYPT, salt, difficulty);
+    }
+
+    /**
      * @hide
      */
     // TODO: Make private once legacy API is removed
     public KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt) {
+        this(algorithm, salt, /*difficulty=*/ 0);
+    }
+
+    /**
+     * @hide
+     */
+    KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt,
+            int difficulty) {
         mAlgorithm = algorithm;
         mSalt = Preconditions.checkNotNull(salt);
+        mDifficulty = difficulty;
     }
 
     /**
@@ -87,6 +106,15 @@ public final class KeyDerivationParams implements Parcelable {
         return mSalt;
     }
 
+    /**
+     * Gets hashing difficulty.
+     *
+     * @hide
+     */
+    public int getDifficulty() {
+        return mDifficulty;
+    }
+
     public static final Parcelable.Creator<KeyDerivationParams> CREATOR =
             new Parcelable.Creator<KeyDerivationParams>() {
         public KeyDerivationParams createFromParcel(Parcel in) {
@@ -102,6 +130,7 @@ public final class KeyDerivationParams implements Parcelable {
     public void writeToParcel(Parcel out, int flags) {
         out.writeInt(mAlgorithm);
         out.writeByteArray(mSalt);
+        out.writeInt(mDifficulty);
     }
 
     /**
@@ -110,6 +139,7 @@ public final class KeyDerivationParams implements Parcelable {
     protected KeyDerivationParams(Parcel in) {
         mAlgorithm = in.readInt();
         mSalt = in.createByteArray();
+        mDifficulty = in.readInt();
     }
 
     @Override
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
index 8983ec369f55..bda2ed39f09e 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
@@ -175,7 +175,7 @@ class RecoverableKeyStoreDbContract {
         /**
          * The algorithm used to derive cryptographic material from the key and salt. One of
          * {@link android.security.keystore.recovery.KeyDerivationParams#ALGORITHM_SHA256} or
-         * {@link android.security.keystore.recovery.KeyDerivationParams#ALGORITHM_ARGON2ID}.
+         * {@link android.security.keystore.recovery.KeyDerivationParams#ALGORITHM_SCRYPT}.
          */
         static final String COLUMN_NAME_KEY_DERIVATION_ALGORITHM = "key_derivation_algorithm";
author	TreeHugger Robot <treehugger-gerrit@google.com>	2018-03-20 21:13:26 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2018-03-20 21:13:26 +0000
commit	cb686a19e6be88e8e69f03b67687ed78d904e576 (patch)
tree	e9b4d16416c14cb8e038aaf5440519f652ec95b4
parent	e248eeebc28e444bb03c2cadea927e4155985ff7 (diff)
parent	e066a59436579f8d7961e97e4aef6e26e5e1c659 (diff)