DO NOT MERGE Check password is correct by checking hash

(cherry-picked from commit 3ca21e227a) Handle failures gracefully Change-Id: Ifb6da8c11a86c50fb11964c18cc1be1326461f78
9 years ago · c78c71b171
parent fd7db73243
commit c78c71b171
2 changed files with 37 additions and 3 deletions
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@ -313,7 +313,18 @@ int e4crypt_check_passwd(const char* path, const char* password)
    unsigned char master_key[key_length / 8];
    if (cryptfs_get_master_key (&ftr, password, master_key)){
        SLOGI("Incorrect password");
-        return -1;
+        ftr.failed_decrypt_count++;
+        if (put_crypt_ftr_and_key(ftr, key_props)) {
+            SLOGW("Failed to update failed_decrypt_count");
+        }
+        return ftr.failed_decrypt_count;
+    }
+
+    if (ftr.failed_decrypt_count) {
+        ftr.failed_decrypt_count = 0;
+        if (put_crypt_ftr_and_key(ftr, key_props)) {
+            SLOGW("Failed to reset failed_decrypt_count");
+        }
    }

    s_key_store[path] = keys{std::string(reinterpret_cast<char*>(master_key),
--- a/cryptfs.c
+++ b/cryptfs.c
@ -3746,13 +3746,36 @@ int cryptfs_get_master_key(struct crypt_mnt_ftr* ftr, const char* password,
 {
    int rc;

-    // ext4enc:TODO check intermediate_key to see if this is valid key
    unsigned char* intermediate_key = 0;
    size_t intermediate_key_size = 0;
+
+    if (password == 0 || *password == 0) {
+        password = DEFAULT_PASSWORD;
+    }
+
    rc = decrypt_master_key(password, master_key, ftr, &intermediate_key,
                            &intermediate_key_size);

-    return rc;
+    int N = 1 << ftr->N_factor;
+    int r = 1 << ftr->r_factor;
+    int p = 1 << ftr->p_factor;
+
+    unsigned char scrypted_intermediate_key[sizeof(ftr->scrypted_intermediate_key)];
+
+    rc = crypto_scrypt(intermediate_key, intermediate_key_size,
+                       ftr->salt, sizeof(ftr->salt), N, r, p,
+                       scrypted_intermediate_key,
+                       sizeof(scrypted_intermediate_key));
+
+    free(intermediate_key);
+
+    if (rc) {
+        SLOGE("Can't calculate intermediate key");
+        return rc;
+    }
+
+    return memcmp(scrypted_intermediate_key, ftr->scrypted_intermediate_key,
+                  intermediate_key_size);
 }

 int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,