diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp index df163b4..0c7b351 100644 --- a/Ext4Crypt.cpp +++ b/Ext4Crypt.cpp @@ -313,7 +313,18 @@ int e4crypt_check_passwd(const char* path, const char* password) unsigned char master_key[key_length / 8]; if (cryptfs_get_master_key (&ftr, password, master_key)){ SLOGI("Incorrect password"); - return -1; + ftr.failed_decrypt_count++; + if (put_crypt_ftr_and_key(ftr, key_props)) { + SLOGW("Failed to update failed_decrypt_count"); + } + return ftr.failed_decrypt_count; + } + + if (ftr.failed_decrypt_count) { + ftr.failed_decrypt_count = 0; + if (put_crypt_ftr_and_key(ftr, key_props)) { + SLOGW("Failed to reset failed_decrypt_count"); + } } s_key_store[path] = keys{std::string(reinterpret_cast(master_key), diff --git a/cryptfs.c b/cryptfs.c index 95b882f..7398995 100644 --- a/cryptfs.c +++ b/cryptfs.c @@ -3833,13 +3833,36 @@ int cryptfs_get_master_key(struct crypt_mnt_ftr* ftr, const char* password, { int rc; - // ext4enc:TODO check intermediate_key to see if this is valid key unsigned char* intermediate_key = 0; size_t intermediate_key_size = 0; + + if (password == 0 || *password == 0) { + password = DEFAULT_PASSWORD; + } + rc = decrypt_master_key(password, master_key, ftr, &intermediate_key, &intermediate_key_size); - return rc; + int N = 1 << ftr->N_factor; + int r = 1 << ftr->r_factor; + int p = 1 << ftr->p_factor; + + unsigned char scrypted_intermediate_key[sizeof(ftr->scrypted_intermediate_key)]; + + rc = crypto_scrypt(intermediate_key, intermediate_key_size, + ftr->salt, sizeof(ftr->salt), N, r, p, + scrypted_intermediate_key, + sizeof(scrypted_intermediate_key)); + + free(intermediate_key); + + if (rc) { + SLOGE("Can't calculate intermediate key"); + return rc; + } + + return memcmp(scrypted_intermediate_key, ftr->scrypted_intermediate_key, + intermediate_key_size); } int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,