summaryrefslogtreecommitdiff
path: root/cryptfs
diff options
context:
space:
mode:
Diffstat (limited to 'cryptfs')
-rw-r--r--cryptfs/config_file.go15
-rw-r--r--cryptfs/config_test.go2
-rw-r--r--cryptfs/kdf.go22
3 files changed, 29 insertions, 10 deletions
diff --git a/cryptfs/config_file.go b/cryptfs/config_file.go
index a0ab218..be37c60 100644
--- a/cryptfs/config_file.go
+++ b/cryptfs/config_file.go
@@ -35,8 +35,9 @@ type ConfFile struct {
}
// CreateConfFile - create a new config with a random key encrypted with
-// "password" and write it to "filename"
-func CreateConfFile(filename string, password string, plaintextNames bool) error {
+// "password" and write it to "filename".
+// Uses scrypt with cost parameter logN.
+func CreateConfFile(filename string, password string, plaintextNames bool, logN int) error {
var cf ConfFile
cf.filename = filename
@@ -45,7 +46,7 @@ func CreateConfFile(filename string, password string, plaintextNames bool) error
// Encrypt it using the password
// This sets ScryptObject and EncryptedKey
- cf.EncryptKey(key, password)
+ cf.EncryptKey(key, password, logN)
// Set defaults
cf.Version = HEADER_CURRENT_VERSION
@@ -109,10 +110,12 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
}
// EncryptKey - encrypt "key" using an scrypt hash generated from "password"
-// and store it in cf.EncryptedKey
-func (cf *ConfFile) EncryptKey(key []byte, password string) {
+// and store it in cf.EncryptedKey.
+// Uses scrypt with cost parameter logN and stores the scrypt parameters in
+// cf.ScryptObject.
+func (cf *ConfFile) EncryptKey(key []byte, password string, logN int) {
// Generate derived key from password
- cf.ScryptObject = NewScryptKdf()
+ cf.ScryptObject = NewScryptKdf(logN)
scryptHash := cf.ScryptObject.DeriveKey(password)
// Lock master key using password-based key
diff --git a/cryptfs/config_test.go b/cryptfs/config_test.go
index e052428..1c5a375 100644
--- a/cryptfs/config_test.go
+++ b/cryptfs/config_test.go
@@ -59,7 +59,7 @@ func TestLoadV2StrangeFeature(t *testing.T) {
}
func TestCreateConfFile(t *testing.T) {
- err := CreateConfFile("config_test/tmp.conf", "test", false)
+ err := CreateConfFile("config_test/tmp.conf", "test", false, 0)
if err != nil {
t.Fatal(err)
}
diff --git a/cryptfs/kdf.go b/cryptfs/kdf.go
index 32870cd..73be0bb 100644
--- a/cryptfs/kdf.go
+++ b/cryptfs/kdf.go
@@ -1,6 +1,8 @@
package cryptfs
import (
+ "os"
+ "math"
"fmt"
"golang.org/x/crypto/scrypt"
)
@@ -8,7 +10,7 @@ import (
const (
// 1 << 16 uses 64MB of memory,
// takes 4 seconds on my Atom Z3735F netbook
- SCRYPT_DEFAULT_N = 1 << 16
+ SCRYPT_DEFAULT_LOGN = 16
)
type scryptKdf struct {
@@ -19,10 +21,18 @@ type scryptKdf struct {
KeyLen int
}
-func NewScryptKdf() scryptKdf {
+func NewScryptKdf(logN int) scryptKdf {
var s scryptKdf
s.Salt = RandBytes(KEY_LEN)
- s.N = SCRYPT_DEFAULT_N
+ if logN <= 0 {
+ s.N = 1 << SCRYPT_DEFAULT_LOGN
+ } else {
+ if logN < 10 {
+ fmt.Printf("Error: scryptn below 10 is too low to make sense. Aborting.")
+ os.Exit(1)
+ }
+ s.N = 1 << uint32(logN)
+ }
s.R = 8 // Always 8
s.P = 1 // Always 1
s.KeyLen = KEY_LEN
@@ -36,3 +46,9 @@ func (s *scryptKdf) DeriveKey(pw string) []byte {
}
return k
}
+
+// LogN - N is saved as 2^LogN, but LogN is much easier to work with.
+// This function gives you LogN = Log2(N).
+func (s *scryptKdf) LogN() int {
+ return int(math.Log2(float64(s.N))+0.5)
+}