Add support for 512 keys in key-manager

Also use it in extension encryption

Change-Id: Iad9d6ea2653c3e2f5377dc204fa492aadde03e18

diff --git a/server/extension-encryption.cpp b/server/extension-encryption.cpp
index 9c7f1a3..06f8b17 100644 (file)
--- a/server/extension-encryption.cpp
+++ b/server/extension-encryption.cpp
@@ -40,6 +40,8 @@ namespace ode {
 
 namespace {
 
+const size_t DEFAULT_KEY_SIZE = 64;
+
 const char *EXTENSION_DEV_PATH = "/dev/mmcblk1p1";
 const char *EXTENSION_NAME             = EXTENSION_NAME_DEF;
 const char *EXTENSION_MAP_PATH = "/dev/mapper/" EXTENSION_NAME_DEF;
@@ -335,7 +337,7 @@ int ExtensionEncryption::initPassword(const std::string& password)
        KeyManager::data pwData(password.begin(), password.end());
        KeyManager keyManager;
 
-       keyManager.initPassword(pwData);
+       keyManager.initPassword(pwData, DEFAULT_KEY_SIZE);
        engine->setKeyMeta(keyManager.serialize());
        return 0;
 }

diff --git a/server/key-manager/key-manager.cpp b/server/key-manager/key-manager.cpp
index 7d3c647..ad75c7d 100644 (file)
--- a/server/key-manager/key-manager.cpp
+++ b/server/key-manager/key-manager.cpp
@@ -19,7 +19,6 @@
 #include "key-generator.h"
 #include "anti-forensics.h"
 
-#define MASTER_KEY_LENGTH (256 / 8)
 #define ITERATION_COUNT 1000
 #define LUKS_STRIPES 3
 
@@ -43,9 +42,9 @@ const KeyManager::data KeyManager::serialize() const
        return store.serialize();
 }
 
-const KeyManager::data KeyManager::newMasterKey()
+const KeyManager::data KeyManager::newMasterKey(size_t keyBytes)
 {
-       data masterKey = KeyGenerator::RNG(MASTER_KEY_LENGTH);
+       data masterKey = KeyGenerator::RNG(keyBytes);
        data masterKeyDigestSalt = KeyGenerator::RNG(store.getMasterKeyDigestSaltLength());
 
        store.setMasterKeyLength(masterKey.size());
@@ -105,15 +104,13 @@ void KeyManager::setPassword(const data& masterKey, const data& password) {
                KeyGenerator::SHA256(derivedPassword)));
 }
 
-
-void KeyManager::initPassword(const data& password)
+void KeyManager::initPassword(const data& password, size_t keyBytes)
 {
        store.setCipherName("aes");
        store.setCipherMode("cbc-essiv:sha256");
        store.setHashSpec("sha256");
 
-       data masterKey = newMasterKey();
-       setPassword(newMasterKey(), password);
+       setPassword(newMasterKey(keyBytes), password);
 }
 
 void KeyManager::changePassword(const data& old_password,

diff --git a/server/key-manager/key-manager.h b/server/key-manager/key-manager.h
index b8138ba..9eb44e7 100644 (file)
--- a/server/key-manager/key-manager.h
+++ b/server/key-manager/key-manager.h
@@ -36,15 +36,19 @@ public:
 
        const data serialize() const;
 
-       const data newMasterKey();
        const data getMasterKey(const data& password) const;
        void setPassword(const data& masterKey, const data& password);
 
-       void initPassword(const data& password);
+       void initPassword(const data& password, size_t keyBytes = DEFAULT_KEY_LENGTH);
        void changePassword(const data& old_password, const data& new_password);
        bool verifyPassword(const data& password) const;
 
 private:
+       // default master key length in bytes
+       static const size_t DEFAULT_KEY_LENGTH = 32;
+
+       const data newMasterKey(size_t keyBytes);
+
        KeyStore store;
 };