Add "-scryptn" option that sets the cost parameter for scryptv0.5-rc1

Use that option to speed up the automated tests by 7 seconds.

Before:
	ok  	github.com/rfjakob/gocryptfs/integration_tests	26.667s
After:
	ok  	github.com/rfjakob/gocryptfs/integration_tests	19.534s

5 files changed, 36 insertions, 15 deletions

diff --git a/cryptfs/config_file.go b/cryptfs/config_file.go
index a0ab218..be37c60 100644
--- a/cryptfs/config_file.go
+++ b/cryptfs/config_file.go
@@ -35,8 +35,9 @@ type ConfFile struct {
 }
 
 // CreateConfFile - create a new config with a random key encrypted with
-// "password" and write it to "filename"
-func CreateConfFile(filename string, password string, plaintextNames bool) error {
+// "password" and write it to "filename".
+// Uses scrypt with cost parameter logN.
+func CreateConfFile(filename string, password string, plaintextNames bool, logN int) error {
 	var cf ConfFile
 	cf.filename = filename
 
@@ -45,7 +46,7 @@ func CreateConfFile(filename string, password string, plaintextNames bool) error
 
 	// Encrypt it using the password
 	// This sets ScryptObject and EncryptedKey
-	cf.EncryptKey(key, password)
+	cf.EncryptKey(key, password, logN)
 
 	// Set defaults
 	cf.Version = HEADER_CURRENT_VERSION
@@ -109,10 +110,12 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
 }
 
 // EncryptKey - encrypt "key" using an scrypt hash generated from "password"
-// and store it in cf.EncryptedKey
-func (cf *ConfFile) EncryptKey(key []byte, password string) {
+// and store it in cf.EncryptedKey.
+// Uses scrypt with cost parameter logN and stores the scrypt parameters in
+// cf.ScryptObject.
+func (cf *ConfFile) EncryptKey(key []byte, password string, logN int) {
 	// Generate derived key from password
-	cf.ScryptObject = NewScryptKdf()
+	cf.ScryptObject = NewScryptKdf(logN)
 	scryptHash := cf.ScryptObject.DeriveKey(password)
 
 	// Lock master key using password-based key
diff --git a/cryptfs/config_test.go b/cryptfs/config_test.go
index e052428..1c5a375 100644
--- a/cryptfs/config_test.go
+++ b/cryptfs/config_test.go
@@ -59,7 +59,7 @@ func TestLoadV2StrangeFeature(t *testing.T) {
 }
 
 func TestCreateConfFile(t *testing.T) {
-	err := CreateConfFile("config_test/tmp.conf", "test", false)
+	err := CreateConfFile("config_test/tmp.conf", "test", false, 0)
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/cryptfs/kdf.go b/cryptfs/kdf.go
index 32870cd..73be0bb 100644
--- a/cryptfs/kdf.go
+++ b/cryptfs/kdf.go
@@ -1,6 +1,8 @@
 package cryptfs
 
 import (
+	"os"
+	"math"
 	"fmt"
 	"golang.org/x/crypto/scrypt"
 )
@@ -8,7 +10,7 @@ import (
 const (
 	// 1 << 16 uses 64MB of memory,
 	// takes 4 seconds on my Atom Z3735F netbook
-	SCRYPT_DEFAULT_N = 1 << 16
+	SCRYPT_DEFAULT_LOGN = 16
 )
 
 type scryptKdf struct {
@@ -19,10 +21,18 @@ type scryptKdf struct {
 	KeyLen int
 }
 
-func NewScryptKdf() scryptKdf {
+func NewScryptKdf(logN int) scryptKdf {
 	var s scryptKdf
 	s.Salt = RandBytes(KEY_LEN)
-	s.N = SCRYPT_DEFAULT_N
+	if logN <= 0 {
+		s.N = 1 << SCRYPT_DEFAULT_LOGN
+	} else {
+		if logN < 10 {
+			fmt.Printf("Error: scryptn below 10 is too low to make sense. Aborting.")
+			os.Exit(1)
+		}
+		s.N = 1 << uint32(logN)
+	}
 	s.R = 8 // Always 8
 	s.P = 1 // Always 1
 	s.KeyLen = KEY_LEN
@@ -36,3 +46,9 @@ func (s *scryptKdf) DeriveKey(pw string) []byte {
 	}
 	return k
 }
+
+// LogN - N is saved as 2^LogN, but LogN is much easier to work with.
+// This function gives you LogN = Log2(N).
+func (s *scryptKdf) LogN() int {
+	return int(math.Log2(float64(s.N))+0.5)
+}
diff --git a/integration_tests/cli_test.go b/integration_tests/cli_test.go
index d79b877..7047edb 100644
--- a/integration_tests/cli_test.go
+++ b/integration_tests/cli_test.go
@@ -17,7 +17,7 @@ func TestInit(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	cmd := exec.Command(gocryptfsBinary, "-init", "-extpass", "echo test", dir)
+	cmd := exec.Command(gocryptfsBinary, "-init", "-extpass", "echo test", "-scryptn=10", dir)
 	if testing.Verbose() {
 		cmd.Stdout = os.Stdout
 		cmd.Stderr = os.Stderr
@@ -52,7 +52,7 @@ func TestInitConfig(t *testing.T) {
 		t.Fatal(err)
 	}
 	cmd := exec.Command(gocryptfsBinary, "-init", "-extpass", "echo test",
-		"-config", config, dir)
+		"-config", config, "-scryptn=10", dir)
 	if testing.Verbose() {
 		cmd.Stdout = os.Stdout
 		cmd.Stderr = os.Stderr
diff --git a/main.go b/main.go
index ab2c1f1..7184255 100644
--- a/main.go
+++ b/main.go
@@ -37,7 +37,7 @@ type argContainer struct {
 	debug, init, zerokey, fusedebug, openssl, passwd, foreground, version,
 	plaintextnames, quiet, diriv bool
 	masterkey, mountpoint, cipherdir, cpuprofile, config, extpass string
-	notifypid                                                     int
+	notifypid, scryptn                                            int
 }
 
 var flagSet *flag.FlagSet
@@ -62,7 +62,7 @@ func initDir(args *argContainer) {
 	// Create gocryptfs.conf
 	cryptfs.Info.Printf("Choose a password for protecting your files.\n")
 	password := readPasswordTwice(args.extpass)
-	err = cryptfs.CreateConfFile(args.config, password, args.plaintextnames)
+	err = cryptfs.CreateConfFile(args.config, password, args.plaintextnames, args.scryptn)
 	if err != nil {
 		fmt.Println(err)
 		os.Exit(ERREXIT_INIT)
@@ -109,7 +109,7 @@ func changePassword(args *argContainer) {
 	masterkey, confFile := loadConfig(args)
 	fmt.Printf("Please enter your new password.\n")
 	newPw := readPasswordTwice(args.extpass)
-	confFile.EncryptKey(masterkey, newPw)
+	confFile.EncryptKey(masterkey, newPw, confFile.ScryptObject.LogN())
 	err := confFile.WriteFile()
 	if err != nil {
 		fmt.Println(err)
@@ -151,6 +151,8 @@ func main() {
 	flagSet.StringVar(&args.extpass, "extpass", "", "Use external program for the password prompt")
 	flagSet.IntVar(&args.notifypid, "notifypid", 0, "Send USR1 to the specified process after "+
 		"successful mount - used internally for daemonization")
+	flagSet.IntVar(&args.scryptn, "scryptn", cryptfs.SCRYPT_DEFAULT_LOGN, "scrypt cost parameter logN. "+
+		"Setting this to a lower value speeds up mounting but makes the password susceptible to brute-force attacks")
 	flagSet.Parse(os.Args[1:])
 
 	// By default, let the child handle everything.