diff options
Diffstat (limited to 'cryptfs')
| -rw-r--r-- | cryptfs/config_file.go | 15 | ||||
| -rw-r--r-- | cryptfs/config_test.go | 2 | ||||
| -rw-r--r-- | cryptfs/kdf.go | 22 |
3 files changed, 29 insertions, 10 deletions
diff --git a/cryptfs/config_file.go b/cryptfs/config_file.go index a0ab218..be37c60 100644 --- a/cryptfs/config_file.go +++ b/cryptfs/config_file.go @@ -35,8 +35,9 @@ type ConfFile struct { } // CreateConfFile - create a new config with a random key encrypted with -// "password" and write it to "filename" -func CreateConfFile(filename string, password string, plaintextNames bool) error { +// "password" and write it to "filename". +// Uses scrypt with cost parameter logN. +func CreateConfFile(filename string, password string, plaintextNames bool, logN int) error { var cf ConfFile cf.filename = filename @@ -45,7 +46,7 @@ func CreateConfFile(filename string, password string, plaintextNames bool) error // Encrypt it using the password // This sets ScryptObject and EncryptedKey - cf.EncryptKey(key, password) + cf.EncryptKey(key, password, logN) // Set defaults cf.Version = HEADER_CURRENT_VERSION @@ -109,10 +110,12 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) { } // EncryptKey - encrypt "key" using an scrypt hash generated from "password" -// and store it in cf.EncryptedKey -func (cf *ConfFile) EncryptKey(key []byte, password string) { +// and store it in cf.EncryptedKey. +// Uses scrypt with cost parameter logN and stores the scrypt parameters in +// cf.ScryptObject. +func (cf *ConfFile) EncryptKey(key []byte, password string, logN int) { // Generate derived key from password - cf.ScryptObject = NewScryptKdf() + cf.ScryptObject = NewScryptKdf(logN) scryptHash := cf.ScryptObject.DeriveKey(password) // Lock master key using password-based key diff --git a/cryptfs/config_test.go b/cryptfs/config_test.go index e052428..1c5a375 100644 --- a/cryptfs/config_test.go +++ b/cryptfs/config_test.go @@ -59,7 +59,7 @@ func TestLoadV2StrangeFeature(t *testing.T) { } func TestCreateConfFile(t *testing.T) { - err := CreateConfFile("config_test/tmp.conf", "test", false) + err := CreateConfFile("config_test/tmp.conf", "test", false, 0) if err != nil { t.Fatal(err) } diff --git a/cryptfs/kdf.go b/cryptfs/kdf.go index 32870cd..73be0bb 100644 --- a/cryptfs/kdf.go +++ b/cryptfs/kdf.go @@ -1,6 +1,8 @@ package cryptfs import ( + "os" + "math" "fmt" "golang.org/x/crypto/scrypt" ) @@ -8,7 +10,7 @@ import ( const ( // 1 << 16 uses 64MB of memory, // takes 4 seconds on my Atom Z3735F netbook - SCRYPT_DEFAULT_N = 1 << 16 + SCRYPT_DEFAULT_LOGN = 16 ) type scryptKdf struct { @@ -19,10 +21,18 @@ type scryptKdf struct { KeyLen int } -func NewScryptKdf() scryptKdf { +func NewScryptKdf(logN int) scryptKdf { var s scryptKdf s.Salt = RandBytes(KEY_LEN) - s.N = SCRYPT_DEFAULT_N + if logN <= 0 { + s.N = 1 << SCRYPT_DEFAULT_LOGN + } else { + if logN < 10 { + fmt.Printf("Error: scryptn below 10 is too low to make sense. Aborting.") + os.Exit(1) + } + s.N = 1 << uint32(logN) + } s.R = 8 // Always 8 s.P = 1 // Always 1 s.KeyLen = KEY_LEN @@ -36,3 +46,9 @@ func (s *scryptKdf) DeriveKey(pw string) []byte { } return k } + +// LogN - N is saved as 2^LogN, but LogN is much easier to work with. +// This function gives you LogN = Log2(N). +func (s *scryptKdf) LogN() int { + return int(math.Log2(float64(s.N))+0.5) +} |