1 files changed, 13 insertions, 7 deletions

diff --git a/metadata/constants.go b/metadata/constants.go
index 344f955..fa6b8a7 100644
--- a/metadata/constants.go
+++ b/metadata/constants.go
@@ -27,8 +27,12 @@ import (
 
 // Lengths for our keys, buffers, and strings used in fscrypt.
 const (
-	// DescriptorLen is the length of all Protector and Policy descriptors.
-	DescriptorLen = 2 * unix.FS_KEY_DESCRIPTOR_SIZE
+	// Length of policy descriptor (in hex chars) for v1 encryption policies
+	PolicyDescriptorLenV1 = 2 * unix.FSCRYPT_KEY_DESCRIPTOR_SIZE
+	// Length of protector descriptor (in hex chars)
+	ProtectorDescriptorLen = PolicyDescriptorLenV1
+	// Length of policy descriptor (in hex chars) for v2 encryption policies
+	PolicyDescriptorLenV2 = 2 * unix.FSCRYPT_KEY_IDENTIFIER_SIZE
 	// We always use 256-bit keys internally (compared to 512-bit policy keys).
 	InternalKeyLen = 32
 	IVLen          = 16
@@ -36,15 +40,17 @@ const (
 	// We use SHA256 for the HMAC, and len(HMAC) == len(hash size).
 	HMACLen = sha256.Size
 	// PolicyKeyLen is the length of all keys passed directly to the Keyring
-	PolicyKeyLen = unix.FS_MAX_KEY_SIZE
+	PolicyKeyLen = unix.FSCRYPT_MAX_KEY_SIZE
 )
 
 var (
-	// DefaultOptions use the supported encryption modes and max padding.
+	// DefaultOptions use the supported encryption modes, max padding, and
+	// policy version 1.
 	DefaultOptions = &EncryptionOptions{
-		Padding:   32,
-		Contents:  EncryptionOptions_AES_256_XTS,
-		Filenames: EncryptionOptions_AES_256_CTS,
+		Padding:       32,
+		Contents:      EncryptionOptions_AES_256_XTS,
+		Filenames:     EncryptionOptions_AES_256_CTS,
+		PolicyVersion: 1,
 	}
 	// DefaultSource is the source we use if none is specified.
 	DefaultSource = SourceType_custom_passphrase