Check password is correct by checking hash
Handle failures gracefully
Change-Id: Ifb6da8c11a86c50fb11964c18cc1be1326461f78
diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index df163b4..0c7b351 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -313,7 +313,18 @@
unsigned char master_key[key_length / 8];
if (cryptfs_get_master_key (&ftr, password, master_key)){
SLOGI("Incorrect password");
- return -1;
+ ftr.failed_decrypt_count++;
+ if (put_crypt_ftr_and_key(ftr, key_props)) {
+ SLOGW("Failed to update failed_decrypt_count");
+ }
+ return ftr.failed_decrypt_count;
+ }
+
+ if (ftr.failed_decrypt_count) {
+ ftr.failed_decrypt_count = 0;
+ if (put_crypt_ftr_and_key(ftr, key_props)) {
+ SLOGW("Failed to reset failed_decrypt_count");
+ }
}
s_key_store[path] = keys{std::string(reinterpret_cast<char*>(master_key),
diff --git a/cryptfs.c b/cryptfs.c
index 95b882f..7398995 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -3833,13 +3833,36 @@
{
int rc;
- // ext4enc:TODO check intermediate_key to see if this is valid key
unsigned char* intermediate_key = 0;
size_t intermediate_key_size = 0;
+
+ if (password == 0 || *password == 0) {
+ password = DEFAULT_PASSWORD;
+ }
+
rc = decrypt_master_key(password, master_key, ftr, &intermediate_key,
&intermediate_key_size);
- return rc;
+ int N = 1 << ftr->N_factor;
+ int r = 1 << ftr->r_factor;
+ int p = 1 << ftr->p_factor;
+
+ unsigned char scrypted_intermediate_key[sizeof(ftr->scrypted_intermediate_key)];
+
+ rc = crypto_scrypt(intermediate_key, intermediate_key_size,
+ ftr->salt, sizeof(ftr->salt), N, r, p,
+ scrypted_intermediate_key,
+ sizeof(scrypted_intermediate_key));
+
+ free(intermediate_key);
+
+ if (rc) {
+ SLOGE("Can't calculate intermediate key");
+ return rc;
+ }
+
+ return memcmp(scrypted_intermediate_key, ftr->scrypted_intermediate_key,
+ intermediate_key_size);
}
int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,