diff options
author | Clay Murphy <claym@google.com> | 2014-11-04 16:04:37 -0800 |
---|---|---|
committer | Clay Murphy <claym@google.com> | 2014-11-04 16:04:37 -0800 |
commit | 0878fe8e0c91a32a682e00d570c1e4467309c582 (patch) | |
tree | 84fbd8878d7ec9401088c7171d4324b0699b8860 | |
parent | 8dca84336d1c11d141d7afa954fac1cfc9024b30 (diff) | |
download | source.android.com-0878fe8e0c91a32a682e00d570c1e4467309c582.tar.gz |
Docs: Fixing error in key length.
Bug: 18234248
Change-Id: I2e9824dd5371b81c434327434a5216f76b444524
-rw-r--r-- | src/devices/tech/encryption/index.jd | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/devices/tech/encryption/index.jd b/src/devices/tech/encryption/index.jd index 9d633542..d7e93281 100644 --- a/src/devices/tech/encryption/index.jd +++ b/src/devices/tech/encryption/index.jd @@ -358,13 +358,13 @@ against off-box attacks, we extend this algorithm by signing the resultant key w <ol> <li>Generate random 16-byte disk encryption key (DEK) and 16-byte salt. - <li>Apply scrypt to the user password and the salt to produce 16-byte intermediate + <li>Apply scrypt to the user password and the salt to produce 32-byte intermediate key 1 (IK1). <li>Pad IK1 with zero bytes to the size of the hardware-bound private key (HBK). Specifically, we pad as: 00 || IK1 || 00..00; one zero byte, 32 IK1 bytes, 223 zero bytes. <li>Sign padded IK1 with HBK to produce 256-byte IK2. - <li>Apply scrypt to IK2 and salt (same salt as step 2) to produce 16-byte IK3. + <li>Apply scrypt to IK2 and salt (same salt as step 2) to produce 32-byte IK3. <li>Use the first 16 bytes of IK3 as KEK and the last 16 bytes as IV. <li>Encrypt DEK with AES_CBC, with key KEK, and initialization vector IV. </ol> |