Create and use a salt when calling pbkdf2 to encrypt/decrypt the master key.
In order to prevent rainbow table attacks on decrypting the master key,
create a 16 byte "salt" by reading /dev/urandom. This is done right after
reading urandom to get the master key for the filesystem. The salt is
stored 32 bytes after the end of the key (a padding added to help prevent
accidental overwriting of the salt) and the salt is fixed at 16 bytes long.
This change will make existing encrypted filesystems unusable.
Change-Id: I420549d064c61d38aea78eef4d86c88acb265ca3
diff --git a/cryptfs.h b/cryptfs.h
index 2e17433..432450c 100644
--- a/cryptfs.h
+++ b/cryptfs.h
@@ -17,6 +17,10 @@
/* This structure starts 16,384 bytes before the end of a hardware
* partition that is encrypted.
* Immediately following this structure is the encrypted key.
+ * The keysize field tells how long the key is, in bytes.
+ * Then there is 32 bytes of padding,
+ * Finally there is the salt used with the user password.
+ * The salt is fixed at 16 bytes long.
* Obviously, the filesystem does not include the last 16 kbytes
* of the partition.
*/
@@ -25,6 +29,9 @@
#define MAX_CRYPTO_TYPE_NAME_LEN 64
+#define SALT_LEN 16
+#define KEY_TO_SALT_PADDING 32
+
/* definitions of flags in the structure below */
#define CRYPT_MNT_KEY_UNENCRYPTED 0x1 /* The key for the partition is not encrypted. */