Merge "Minor changes to the API to align the choice of password hashing algorithm" into pi-dev
diff --git a/core/java/android/security/keystore/recovery/KeyDerivationParams.java b/core/java/android/security/keystore/recovery/KeyDerivationParams.java
index ef5e90c..428eaaa 100644
--- a/core/java/android/security/keystore/recovery/KeyDerivationParams.java
+++ b/core/java/android/security/keystore/recovery/KeyDerivationParams.java
@@ -37,25 +37,26 @@
@SystemApi
public final class KeyDerivationParams implements Parcelable {
private final int mAlgorithm;
- private byte[] mSalt;
+ private final byte[] mSalt;
+ private final int mDifficulty;
/** @hide */
@Retention(RetentionPolicy.SOURCE)
- @IntDef(prefix = {"ALGORITHM_"}, value = {ALGORITHM_SHA256, ALGORITHM_ARGON2ID})
+ @IntDef(prefix = {"ALGORITHM_"}, value = {ALGORITHM_SHA256, ALGORITHM_SCRYPT})
public @interface KeyDerivationAlgorithm {
}
/**
- * Salted SHA256
+ * Salted SHA256.
*/
public static final int ALGORITHM_SHA256 = 1;
/**
- * Argon2ID
+ * SCRYPT.
+ *
* @hide
*/
- // TODO: add Argon2ID support.
- public static final int ALGORITHM_ARGON2ID = 2;
+ public static final int ALGORITHM_SCRYPT = 2;
/**
* Creates instance of the class to to derive key using salted SHA256 hash.
@@ -65,12 +66,30 @@
}
/**
+ * Creates instance of the class to to derive key using the password hashing algorithm SCRYPT.
+ *
+ * @hide
+ */
+ public static KeyDerivationParams createScryptParams(@NonNull byte[] salt, int difficulty) {
+ return new KeyDerivationParams(ALGORITHM_SCRYPT, salt, difficulty);
+ }
+
+ /**
* @hide
*/
// TODO: Make private once legacy API is removed
public KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt) {
+ this(algorithm, salt, /*difficulty=*/ 0);
+ }
+
+ /**
+ * @hide
+ */
+ KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt,
+ int difficulty) {
mAlgorithm = algorithm;
mSalt = Preconditions.checkNotNull(salt);
+ mDifficulty = difficulty;
}
/**
@@ -87,6 +106,15 @@
return mSalt;
}
+ /**
+ * Gets hashing difficulty.
+ *
+ * @hide
+ */
+ public int getDifficulty() {
+ return mDifficulty;
+ }
+
public static final Parcelable.Creator<KeyDerivationParams> CREATOR =
new Parcelable.Creator<KeyDerivationParams>() {
public KeyDerivationParams createFromParcel(Parcel in) {
@@ -102,6 +130,7 @@
public void writeToParcel(Parcel out, int flags) {
out.writeInt(mAlgorithm);
out.writeByteArray(mSalt);
+ out.writeInt(mDifficulty);
}
/**
@@ -110,6 +139,7 @@
protected KeyDerivationParams(Parcel in) {
mAlgorithm = in.readInt();
mSalt = in.createByteArray();
+ mDifficulty = in.readInt();
}
@Override
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
index 8983ec3..bda2ed3 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDbContract.java
@@ -175,7 +175,7 @@
/**
* The algorithm used to derive cryptographic material from the key and salt. One of
* {@link android.security.keystore.recovery.KeyDerivationParams#ALGORITHM_SHA256} or
- * {@link android.security.keystore.recovery.KeyDerivationParams#ALGORITHM_ARGON2ID}.
+ * {@link android.security.keystore.recovery.KeyDerivationParams#ALGORITHM_SCRYPT}.
*/
static final String COLUMN_NAME_KEY_DERIVATION_ALGORITHM = "key_derivation_algorithm";