commit 6a0ec2ca085254f8090980faad00fcda69e70747
author David Drysdale <drysdale@google.com> Tue Apr 19 08:11:18 2022 +0100
committer David Drysdale <drysdale@google.com> Tue Apr 19 11:25:26 2022 +0100
tree 3def2b92aa40679425d59bb281a7f0781dfc7c0e
parent 678a6f5af4182d3e9a0e02656f03c25077124585

Drop ancient default salt value

A value for the salt is present in all code paths:

- All callers of `Password::derive_key` pass a `Some(..)` value for the
  salt.  Remove this `Some` everywhere and...
- Change the signature of `derive_key` to expect a `&[u8]` for `salt`
  rather than an `Option<&[u8]>`.
- `Password::derive_key` is the only caller of `generateKeyFromPassword`
  (via bindgen to C++-land), so...
- Make it clear that the C++ `generateKeyFromPassword()` function
  expects 16 bytes of `salt`.

Bug: 172121323
Test: compile, TreeHugger
Change-Id: I41966cce96b5371785680c13bacfc5f95969372a

keystore2/src/legacy_blob.rs

diff --git a/keystore2/src/legacy_blob.rs b/keystore2/src/legacy_blob.rs
index d75bfd2..1c43a04 100644
--- a/keystore2/src/legacy_blob.rs
+++ b/keystore2/src/legacy_blob.rs
@@ -1348,7 +1348,7 @@
                 Blob { flags, value: BlobValue::PwEncrypted { iv, tag, data, salt, key_size } } => {
                     if (flags & flags::ENCRYPTED) != 0 {
                         let key = pw
-                            .derive_key(Some(&salt), key_size)
+                            .derive_key(&salt, key_size)
                             .context("In load_super_key: Failed to derive key from password.")?;
                         let blob = aes_gcm_decrypt(&data, &iv, &tag, &key).context(
                             "In load_super_key: while trying to decrypt legacy super key blob.",
@@ -1993,7 +1993,7 @@
         std::fs::create_dir(&*temp_dir.build().push("user_0")).unwrap();
 
         let pw: Password = PASSWORD.into();
-        let pw_key = TestKey(pw.derive_key(Some(SUPERKEY_SALT), 32).unwrap());
+        let pw_key = TestKey(pw.derive_key(SUPERKEY_SALT, 32).unwrap());
         let super_key =
             Arc::new(TestKey(pw_key.decrypt(SUPERKEY_PAYLOAD, SUPERKEY_IV, SUPERKEY_TAG).unwrap()));
 
@@ -2080,7 +2080,7 @@
         std::fs::create_dir(&*temp_dir.build().push("user_0")).unwrap();
 
         let pw: Password = PASSWORD.into();
-        let pw_key = TestKey(pw.derive_key(Some(SUPERKEY_SALT), 32).unwrap());
+        let pw_key = TestKey(pw.derive_key(SUPERKEY_SALT, 32).unwrap());
         let super_key =
             Arc::new(TestKey(pw_key.decrypt(SUPERKEY_PAYLOAD, SUPERKEY_IV, SUPERKEY_TAG).unwrap()));
 
@@ -2168,7 +2168,7 @@
         std::fs::create_dir(&*temp_dir.build().push("user_0")).unwrap();
 
         let pw: Password = PASSWORD.into();
-        let pw_key = TestKey(pw.derive_key(Some(SUPERKEY_SALT), 32).unwrap());
+        let pw_key = TestKey(pw.derive_key(SUPERKEY_SALT, 32).unwrap());
         let super_key =
             Arc::new(TestKey(pw_key.decrypt(SUPERKEY_PAYLOAD, SUPERKEY_IV, SUPERKEY_TAG).unwrap()));