namespace {
+const size_t DEFAULT_KEY_SIZE = 64;
+
const char *EXTENSION_DEV_PATH = "/dev/mmcblk1p1";
const char *EXTENSION_NAME = EXTENSION_NAME_DEF;
const char *EXTENSION_MAP_PATH = "/dev/mapper/" EXTENSION_NAME_DEF;
KeyManager::data pwData(password.begin(), password.end());
KeyManager keyManager;
- keyManager.initPassword(pwData);
+ keyManager.initPassword(pwData, DEFAULT_KEY_SIZE);
engine->setKeyMeta(keyManager.serialize());
return 0;
}
#include "key-generator.h"
#include "anti-forensics.h"
-#define MASTER_KEY_LENGTH (256 / 8)
#define ITERATION_COUNT 1000
#define LUKS_STRIPES 3
return store.serialize();
}
-const KeyManager::data KeyManager::newMasterKey()
+const KeyManager::data KeyManager::newMasterKey(size_t keyBytes)
{
- data masterKey = KeyGenerator::RNG(MASTER_KEY_LENGTH);
+ data masterKey = KeyGenerator::RNG(keyBytes);
data masterKeyDigestSalt = KeyGenerator::RNG(store.getMasterKeyDigestSaltLength());
store.setMasterKeyLength(masterKey.size());
KeyGenerator::SHA256(derivedPassword)));
}
-
-void KeyManager::initPassword(const data& password)
+void KeyManager::initPassword(const data& password, size_t keyBytes)
{
store.setCipherName("aes");
store.setCipherMode("cbc-essiv:sha256");
store.setHashSpec("sha256");
- data masterKey = newMasterKey();
- setPassword(newMasterKey(), password);
+ setPassword(newMasterKey(keyBytes), password);
}
void KeyManager::changePassword(const data& old_password,
const data serialize() const;
- const data newMasterKey();
const data getMasterKey(const data& password) const;
void setPassword(const data& masterKey, const data& password);
- void initPassword(const data& password);
+ void initPassword(const data& password, size_t keyBytes = DEFAULT_KEY_LENGTH);
void changePassword(const data& old_password, const data& new_password);
bool verifyPassword(const data& password) const;
private:
+ // default master key length in bytes
+ static const size_t DEFAULT_KEY_LENGTH = 32;
+
+ const data newMasterKey(size_t keyBytes);
+
KeyStore store;
};