Home | History | Annotate | Download | only in utils 
      1 /*
      2  * Copyright (C) 2017 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License
     15  */
     16 
     17 package com.android.server.backup.utils;
     18 
     19 import static com.android.server.backup.BackupManagerService.TAG;
     20 
     21 import android.util.Slog;
     22 
     23 import java.security.Key;
     24 import java.security.NoSuchAlgorithmException;
     25 import java.security.spec.InvalidKeySpecException;
     26 import java.security.spec.KeySpec;
     27 
     28 import javax.crypto.SecretKey;
     29 import javax.crypto.SecretKeyFactory;
     30 import javax.crypto.spec.PBEKeySpec;
     31 
     32 /**
     33  * Passwords related utility methods.
     34  */
     35 public class PasswordUtils {
     36     // Configuration of PBKDF2 that we use for generating pw hashes and intermediate keys
     37     public static final int PBKDF2_HASH_ROUNDS = 10000;
     38     private static final int PBKDF2_KEY_SIZE = 256;     // bits
     39     public static final int PBKDF2_SALT_SIZE = 512;    // bits
     40     public static final String ENCRYPTION_ALGORITHM_NAME = "AES-256";
     41 
     42     /**
     43      * Creates {@link SecretKey} instance from given parameters.
     44      *
     45      * @param algorithm - key generation algorithm.
     46      * @param pw - password.
     47      * @param salt - salt.
     48      * @param rounds - number of rounds to run in key generation.
     49      * @return {@link SecretKey} instance or null in case of an error.
     50      */
     51     public static SecretKey buildPasswordKey(String algorithm, String pw, byte[] salt, int rounds) {
     52         return buildCharArrayKey(algorithm, pw.toCharArray(), salt, rounds);
     53     }
     54 
     55     /**
     56      * Generates {@link SecretKey} instance from given parameters and returns it's hex
     57      * representation.
     58      *
     59      * @param algorithm - key generation algorithm.
     60      * @param pw - password.
     61      * @param salt - salt.
     62      * @param rounds - number of rounds to run in key generation.
     63      * @return Hex representation of the generated key, or null if generation failed.
     64      */
     65     public static String buildPasswordHash(String algorithm, String pw, byte[] salt, int rounds) {
     66         SecretKey key = buildPasswordKey(algorithm, pw, salt, rounds);
     67         if (key != null) {
     68             return byteArrayToHex(key.getEncoded());
     69         }
     70         return null;
     71     }
     72 
     73     /**
     74      * Creates hex string representation of the byte array.
     75      */
     76     public static String byteArrayToHex(byte[] data) {
     77         StringBuilder buf = new StringBuilder(data.length * 2);
     78         for (int i = 0; i < data.length; i++) {
     79             buf.append(Byte.toHexString(data[i], true));
     80         }
     81         return buf.toString();
     82     }
     83 
     84     /**
     85      * Creates byte array from it's hex string representation.
     86      */
     87     public static byte[] hexToByteArray(String digits) {
     88         final int bytes = digits.length() / 2;
     89         if (2 * bytes != digits.length()) {
     90             throw new IllegalArgumentException("Hex string must have an even number of digits");
     91         }
     92 
     93         byte[] result = new byte[bytes];
     94         for (int i = 0; i < digits.length(); i += 2) {
     95             result[i / 2] = (byte) Integer.parseInt(digits.substring(i, i + 2), 16);
     96         }
     97         return result;
     98     }
     99 
    100     /**
    101      * Generates {@link SecretKey} instance from given parameters and returns it's checksum.
    102      *
    103      * Current implementation returns the key in its primary encoding format.
    104      *
    105      * @param algorithm - key generation algorithm.
    106      * @param pwBytes - password.
    107      * @param salt - salt.
    108      * @param rounds - number of rounds to run in key generation.
    109      * @return Hex representation of the generated key, or null if generation failed.
    110      */
    111     public static byte[] makeKeyChecksum(String algorithm, byte[] pwBytes, byte[] salt,
    112             int rounds) {
    113         char[] mkAsChar = new char[pwBytes.length];
    114         for (int i = 0; i < pwBytes.length; i++) {
    115             mkAsChar[i] = (char) pwBytes[i];
    116         }
    117 
    118         Key checksum = buildCharArrayKey(algorithm, mkAsChar, salt, rounds);
    119         return checksum.getEncoded();
    120     }
    121 
    122     private static SecretKey buildCharArrayKey(String algorithm, char[] pwArray, byte[] salt,
    123             int rounds) {
    124         try {
    125             SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(algorithm);
    126             KeySpec ks = new PBEKeySpec(pwArray, salt, rounds, PBKDF2_KEY_SIZE);
    127             return keyFactory.generateSecret(ks);
    128         } catch (InvalidKeySpecException e) {
    129             Slog.e(TAG, "Invalid key spec for PBKDF2!");
    130         } catch (NoSuchAlgorithmException e) {
    131             Slog.e(TAG, "PBKDF2 unavailable!");
    132         }
    133         return null;
    134     }
    135 }
    136