diff options
author | Kenny Root <kroot@google.com> | 2013-06-14 12:11:38 -0700 |
---|---|---|
committer | Kenny Root <kroot@google.com> | 2013-06-24 09:40:54 -0700 |
commit | c4c70f15bb8845b02f9ec1d624794757badd6933 (patch) | |
tree | b3efc6b9d153b8f3db853da81999fe5b6608f8dc /cryptfs.h | |
parent | c96a5f8edf65a8abe441d0cfd3ce227bdf1bf55f (diff) | |
download | android_system_vold-c4c70f15bb8845b02f9ec1d624794757badd6933.tar.gz android_system_vold-c4c70f15bb8845b02f9ec1d624794757badd6933.tar.bz2 android_system_vold-c4c70f15bb8845b02f9ec1d624794757badd6933.zip |
Change key derivation to scrypt
scrypt is a sequential memory-hard key derivation algorithm that makes
it more difficult for adversaries to brute force passwords using
specialized equipment. See http://www.tarsnap.com/scrypt/scrypt.pdf for
more details of the algorithm.
This adds support for initializing disk encryption using scrypt and
upgrading from the previous PBKDF2 algorithm.
Change-Id: I1d26db4eb9d27fea7310be3e49c8e6219e6d2c3b
Diffstat (limited to 'cryptfs.h')
-rw-r--r-- | cryptfs.h | 20 |
1 files changed, 19 insertions, 1 deletions
@@ -49,8 +49,16 @@ #define CRYPT_MNT_MAGIC 0xD0B5B1C4 #define PERSIST_DATA_MAGIC 0xE950CD44 +#define SCRYPT_PROP "ro.crypto.scrypt_params" +#define SCRYPT_DEFAULTS { 15, 3, 1 } + +/* Key Derivation Function algorithms */ +#define KDF_PBKDF2 1 +#define KDF_SCRYPT 2 + #define __le32 unsigned int -#define __le16 unsigned short int +#define __le16 unsigned short int +#define __le8 unsigned char struct crypt_mnt_ftr { __le32 magic; /* See above */ @@ -75,6 +83,13 @@ struct crypt_mnt_ftr { __le32 persist_data_size; /* The number of bytes allocated to each copy of the * persistent data table*/ + + __le8 kdf_type; /* The key derivation function used. */ + + /* scrypt parameters. See www.tarsnap.com/scrypt/scrypt.pdf */ + __le8 N_factor; /* (1 << N) */ + __le8 r_factor; /* (1 << r) */ + __le8 p_factor; /* (1 << p) */ }; /* Persistant data that should be available before decryption. @@ -118,6 +133,9 @@ struct volume_info { #ifdef __cplusplus extern "C" { #endif + + typedef void (*kdf_func)(char *passwd, unsigned char *salt, unsigned char *ikey, void *params); + int cryptfs_crypto_complete(void); int cryptfs_check_passwd(char *pw); int cryptfs_verify_passwd(char *newpw); |