Remove kdfs that were only used internally in LMP
Bug: 17439091
Change-Id: I55f92984c8234362597be3976a10626a0ed8763f
diff --git a/cryptfs.c b/cryptfs.c
index 88e0ead..f6ea9aa 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -235,20 +235,6 @@
// necessary, but is necessary to ensure consistency in
// implementations.
switch (ftr->kdf_type) {
- case KDF_SCRYPT_KEYMASTER_UNPADDED:
- // This is broken: It produces a message which is shorter than
- // the public modulus, failing criterion 2.
- memcpy(to_sign, object, object_size);
- to_sign_size = object_size;
- SLOGI("Signing unpadded object");
- break;
- case KDF_SCRYPT_KEYMASTER_BADLY_PADDED:
- // This is broken: Since the value of object is uniformly
- // distributed, it produces a message that is larger than the
- // public modulus with probability 0.25.
- memcpy(to_sign, object, min(RSA_KEY_SIZE_BYTES, object_size));
- SLOGI("Signing end-padded object");
- break;
case KDF_SCRYPT_KEYMASTER:
// This ensures the most significant byte of the signed message
// is zero. We could have zero-padded to the left instead, but
@@ -1270,8 +1256,6 @@
get_device_scrypt_params(crypt_ftr);
switch (crypt_ftr->kdf_type) {
- case KDF_SCRYPT_KEYMASTER_UNPADDED:
- case KDF_SCRYPT_KEYMASTER_BADLY_PADDED:
case KDF_SCRYPT_KEYMASTER:
if (keymaster_create_key(crypt_ftr)) {
SLOGE("keymaster_create_key failed");
@@ -1392,9 +1376,7 @@
static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params)
{
- if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER_UNPADDED ||
- ftr->kdf_type == KDF_SCRYPT_KEYMASTER_BADLY_PADDED ||
- ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
+ if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
*kdf = scrypt_keymaster;
*kdf_params = ftr;
} else if (ftr->kdf_type == KDF_SCRYPT) {
diff --git a/cryptfs.h b/cryptfs.h
index 8e38213..c1ce165 100644
--- a/cryptfs.h
+++ b/cryptfs.h
@@ -71,10 +71,7 @@
/* Key Derivation Function algorithms */
#define KDF_PBKDF2 1
#define KDF_SCRYPT 2
-/* TODO(paullawrence): Remove KDF_SCRYPT_KEYMASTER_UNPADDED and KDF_SCRYPT_KEYMASTER_BADLY_PADDED
- * when it is safe to do so. */
-#define KDF_SCRYPT_KEYMASTER_UNPADDED 3
-#define KDF_SCRYPT_KEYMASTER_BADLY_PADDED 4
+/* Algorithms 3 & 4 deprecated before shipping outside of google, so removed */
#define KDF_SCRYPT_KEYMASTER 5
/* Maximum allowed keymaster blob size. */