commit c78c71b1717613a5be921bbb8ac63c007d4af86a
author Paul Lawrence <paullawrence@google.com> Tue Apr 14 15:26:29 2015 -0700
committer Paul Lawrence <paullawrence@google.com> Fri May 29 14:13:50 2015 -0700
tree bdba6151f0d89bfae0e279cf401303613355122e
parent fd7db732434eb41fda69a353053bcb7aab259529

DO NOT MERGE Check password is correct by checking hash

(cherry-picked from commit 3ca21e227a2e1ed01138a29f450917290a9d1e6e)

Handle failures gracefully

Change-Id: Ifb6da8c11a86c50fb11964c18cc1be1326461f78

Ext4Crypt.cpp

diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index df163b4..0c7b351 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -313,7 +313,18 @@
     unsigned char master_key[key_length / 8];
     if (cryptfs_get_master_key (&ftr, password, master_key)){
         SLOGI("Incorrect password");
-        return -1;
+        ftr.failed_decrypt_count++;
+        if (put_crypt_ftr_and_key(ftr, key_props)) {
+            SLOGW("Failed to update failed_decrypt_count");
+        }
+        return ftr.failed_decrypt_count;
+    }
+
+    if (ftr.failed_decrypt_count) {
+        ftr.failed_decrypt_count = 0;
+        if (put_crypt_ftr_and_key(ftr, key_props)) {
+            SLOGW("Failed to reset failed_decrypt_count");
+        }
     }
 
     s_key_store[path] = keys{std::string(reinterpret_cast<char*>(master_key),

cryptfs.c

diff --git a/cryptfs.c b/cryptfs.c
index 79d2052..1ab587c 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -3746,13 +3746,36 @@
 {
     int rc;
 
-    // ext4enc:TODO check intermediate_key to see if this is valid key
     unsigned char* intermediate_key = 0;
     size_t intermediate_key_size = 0;
+
+    if (password == 0 || *password == 0) {
+        password = DEFAULT_PASSWORD;
+    }
+
     rc = decrypt_master_key(password, master_key, ftr, &intermediate_key,
                             &intermediate_key_size);
 
-    return rc;
+    int N = 1 << ftr->N_factor;
+    int r = 1 << ftr->r_factor;
+    int p = 1 << ftr->p_factor;
+
+    unsigned char scrypted_intermediate_key[sizeof(ftr->scrypted_intermediate_key)];
+
+    rc = crypto_scrypt(intermediate_key, intermediate_key_size,
+                       ftr->salt, sizeof(ftr->salt), N, r, p,
+                       scrypted_intermediate_key,
+                       sizeof(scrypted_intermediate_key));
+
+    free(intermediate_key);
+
+    if (rc) {
+        SLOGE("Can't calculate intermediate key");
+        return rc;
+    }
+
+    return memcmp(scrypted_intermediate_key, ftr->scrypted_intermediate_key,
+                  intermediate_key_size);
 }
 
 int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,