Merge "SyntheticPasswordManager: fix naming of scrypt parameters" am: cb854dc1fd (5282397a) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java

+17 −17

Original line number	Diff line number	Diff line
		@@ -116,9 +116,9 @@ public class SyntheticPasswordManager {
		// 256-bit synthetic password
		private static final byte SYNTHETIC_PASSWORD_LENGTH = 256 / 8;

		private static final int PASSWORD_SCRYPT_N = 11;
		private static final int PASSWORD_SCRYPT_R = 3;
		private static final int PASSWORD_SCRYPT_P = 1;
		private static final int PASSWORD_SCRYPT_LOG_N = 11;
		private static final int PASSWORD_SCRYPT_LOG_R = 3;
		private static final int PASSWORD_SCRYPT_LOG_P = 1;
		private static final int PASSWORD_SALT_LENGTH = 16;
		private static final int PASSWORD_TOKEN_LENGTH = 32;
		private static final String TAG = "SyntheticPasswordManager";
		@@ -308,9 +308,9 @@ public class SyntheticPasswordManager {
		}

		static class PasswordData {
		byte scryptN;
		byte scryptR;
		byte scryptP;
		byte scryptLogN;
		byte scryptLogR;
		byte scryptLogP;
		public int credentialType;
		byte[] salt;
		// For GateKeeper-based credential, this is the password handle returned by GK,
		@@ -319,9 +319,9 @@ public class SyntheticPasswordManager {

		public static PasswordData create(int passwordType) {
		PasswordData result = new PasswordData();
		result.scryptN = PASSWORD_SCRYPT_N;
		result.scryptR = PASSWORD_SCRYPT_R;
		result.scryptP = PASSWORD_SCRYPT_P;
		result.scryptLogN = PASSWORD_SCRYPT_LOG_N;
		result.scryptLogR = PASSWORD_SCRYPT_LOG_R;
		result.scryptLogP = PASSWORD_SCRYPT_LOG_P;
		result.credentialType = passwordType;
		result.salt = secureRandom(PASSWORD_SALT_LENGTH);
		return result;
		@@ -333,9 +333,9 @@ public class SyntheticPasswordManager {
		buffer.put(data, 0, data.length);
		buffer.flip();
		result.credentialType = buffer.getInt();
		result.scryptN = buffer.get();
		result.scryptR = buffer.get();
		result.scryptP = buffer.get();
		result.scryptLogN = buffer.get();
		result.scryptLogR = buffer.get();
		result.scryptLogP = buffer.get();
		int saltLen = buffer.getInt();
		result.salt = new byte[saltLen];
		buffer.get(result.salt);
		@@ -355,9 +355,9 @@ public class SyntheticPasswordManager {
		+ Integer.BYTES + salt.length + Integer.BYTES +
		(passwordHandle != null ? passwordHandle.length : 0));
		buffer.putInt(credentialType);
		buffer.put(scryptN);
		buffer.put(scryptR);
		buffer.put(scryptP);
		buffer.put(scryptLogN);
		buffer.put(scryptLogR);
		buffer.put(scryptLogP);
		buffer.putInt(salt.length);
		buffer.put(salt);
		if (passwordHandle != null && passwordHandle.length > 0) {
		@@ -1373,8 +1373,8 @@ public class SyntheticPasswordManager {

		private byte[] computePasswordToken(LockscreenCredential credential, PasswordData data) {
		final byte[] password = credential.isNone() ? DEFAULT_PASSWORD : credential.getCredential();
		return scrypt(password, data.salt, 1 << data.scryptN, 1 << data.scryptR, 1 << data.scryptP,
		PASSWORD_TOKEN_LENGTH);
		return scrypt(password, data.salt, 1 << data.scryptLogN, 1 << data.scryptLogR,
		1 << data.scryptLogP, PASSWORD_TOKEN_LENGTH);
		}

		private byte[] passwordTokenToGkInput(byte[] token) {

services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java

+12 −12

Original line number	Diff line number	Diff line
		@@ -461,18 +461,18 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests {
		@Test
		public void testPasswordData_serializeDeserialize() {
		PasswordData data = new PasswordData();
		data.scryptN = 11;
		data.scryptR = 22;
		data.scryptP = 33;
		data.scryptLogN = 11;
		data.scryptLogR = 22;
		data.scryptLogP = 33;
		data.credentialType = CREDENTIAL_TYPE_PASSWORD;
		data.salt = PAYLOAD;
		data.passwordHandle = PAYLOAD2;

		PasswordData deserialized = PasswordData.fromBytes(data.toBytes());

		assertEquals(11, deserialized.scryptN);
		assertEquals(22, deserialized.scryptR);
		assertEquals(33, deserialized.scryptP);
		assertEquals(11, deserialized.scryptLogN);
		assertEquals(22, deserialized.scryptLogR);
		assertEquals(33, deserialized.scryptLogP);
		assertEquals(CREDENTIAL_TYPE_PASSWORD, deserialized.credentialType);
		assertArrayEquals(PAYLOAD, deserialized.salt);
		assertArrayEquals(PAYLOAD2, deserialized.passwordHandle);
		@@ -484,9 +484,9 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests {
		// wire format.
		byte[] serialized = new byte[] {
		0, 0, 0, 2, /* CREDENTIAL_TYPE_PASSWORD_OR_PIN */
		11, /* scryptN */
		22, /* scryptR */
		33, /* scryptP */
		11, /* scryptLogN */
		22, /* scryptLogR */
		33, /* scryptLogP */
		0, 0, 0, 5, /* salt.length */
		1, 2, -1, -2, 55, /* salt */
		0, 0, 0, 6, /* passwordHandle.length */
		@@ -494,9 +494,9 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests {
		};
		PasswordData deserialized = PasswordData.fromBytes(serialized);

		assertEquals(11, deserialized.scryptN);
		assertEquals(22, deserialized.scryptR);
		assertEquals(33, deserialized.scryptP);
		assertEquals(11, deserialized.scryptLogN);
		assertEquals(22, deserialized.scryptLogR);
		assertEquals(33, deserialized.scryptLogP);
		assertEquals(CREDENTIAL_TYPE_PASSWORD_OR_PIN, deserialized.credentialType);
		assertArrayEquals(PAYLOAD, deserialized.salt);
		assertArrayEquals(PAYLOAD2, deserialized.passwordHandle);