Change key derivation to scrypt

scrypt is a sequential memory-hard key derivation algorithm that makes
it more difficult for adversaries to brute force passwords using
specialized equipment. See http://www.tarsnap.com/scrypt/scrypt.pdf for
more details of the algorithm.

This adds support for initializing disk encryption using scrypt and
upgrading from the previous PBKDF2 algorithm.

Change-Id: I1d26db4eb9d27fea7310be3e49c8e6219e6d2c3b

1 files changed, 19 insertions, 1 deletions

diff --git a/cryptfs.h b/cryptfs.h
index bdbce80..421181e 100644
--- a/cryptfs.h
+++ b/cryptfs.h
@@ -49,8 +49,16 @@
 #define CRYPT_MNT_MAGIC 0xD0B5B1C4
 #define PERSIST_DATA_MAGIC 0xE950CD44
 
+#define SCRYPT_PROP "ro.crypto.scrypt_params"
+#define SCRYPT_DEFAULTS { 15, 3, 1 }
+
+/* Key Derivation Function algorithms */
+#define KDF_PBKDF2 1
+#define KDF_SCRYPT 2
+
 #define __le32 unsigned int
-#define __le16 unsigned short int 
+#define __le16 unsigned short int
+#define __le8  unsigned char
 
 struct crypt_mnt_ftr {
   __le32 magic;		/* See above */
@@ -75,6 +83,13 @@ struct crypt_mnt_ftr {
 
   __le32 persist_data_size;       /* The number of bytes allocated to each copy of the
                                    * persistent data table*/
+
+  __le8  kdf_type; /* The key derivation function used. */
+
+  /* scrypt parameters. See www.tarsnap.com/scrypt/scrypt.pdf */
+  __le8  N_factor; /* (1 << N) */
+  __le8  r_factor; /* (1 << r) */
+  __le8  p_factor; /* (1 << p) */
 };
 
 /* Persistant data that should be available before decryption.
@@ -118,6 +133,9 @@ struct volume_info {
 #ifdef __cplusplus
 extern "C" {
 #endif
+
+  typedef void (*kdf_func)(char *passwd, unsigned char *salt, unsigned char *ikey, void *params);
+
   int cryptfs_crypto_complete(void);
   int cryptfs_check_passwd(char *pw);
   int cryptfs_verify_passwd(char *newpw);