From 0be03b3217cc60944b60f6ba65dabcffd411e138 Mon Sep 17 00:00:00 2001 From: bigbiff bigbiff Date: Tue, 27 Aug 2019 20:50:31 -0400 Subject: Encryption: try wrapped key if the first time decryption fails Change-Id: I108b7aeea41c6b85c851f40c1c4a7e25012e2463 --- crypto/ext4crypt/Ext4CryptPie.cpp | 6 +++--- crypto/ext4crypt/KeyStorage4.cpp | 4 ++-- partitionmanager.cpp | 9 ++++++++- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/crypto/ext4crypt/Ext4CryptPie.cpp b/crypto/ext4crypt/Ext4CryptPie.cpp index d76ca2455..548e4e445 100644 --- a/crypto/ext4crypt/Ext4CryptPie.cpp +++ b/crypto/ext4crypt/Ext4CryptPie.cpp @@ -208,11 +208,11 @@ static bool read_and_fixate_user_ce_key(userid_t user_id, } static bool is_wrapped_key_supported_common(const std::string& mount_point) { - LOG(DEBUG) << "Determining wrapped-key support for " << mount_point; + LOG(DEBUG) << "Determining wrapped-key support for " << mount_point << std::endl; std::string wrapped_key_supported = android::base::GetProperty("fbe.data.wrappedkey", "false"); - LOG(DEBUG) << "fbe.data.wrappedkey = " << wrapped_key_supported; + LOG(DEBUG) << "fbe.data.wrappedkey = " << wrapped_key_supported << std::endl; if (mount_point == DATA_MNT_POINT && wrapped_key_supported == "true") { - LOG(DEBUG) << "Wrapped key supported on " << mount_point; + LOG(DEBUG) << "Wrapped key supported on " << mount_point << std::endl; return true; } else { return false; diff --git a/crypto/ext4crypt/KeyStorage4.cpp b/crypto/ext4crypt/KeyStorage4.cpp index b91d6e46b..b086791b5 100644 --- a/crypto/ext4crypt/KeyStorage4.cpp +++ b/crypto/ext4crypt/KeyStorage4.cpp @@ -177,12 +177,12 @@ bool getEphemeralWrappedKey(km::KeyFormat format, KeyBuffer& kmKey, KeyBuffer* k return true; } if (ret != km::ErrorCode::KEY_REQUIRES_UPGRADE) return false; - LOG(DEBUG) << "Upgrading key"; + LOG(DEBUG) << "Upgrading key" << std::endl; std::string kmKeyStr(reinterpret_cast(kmKey.data()), kmKey.size()); std::string newKey; if (!keymaster.upgradeKey(kmKeyStr, km::AuthorizationSet(), &newKey)) return false; memcpy(reinterpret_cast(kmKey.data()), newKey.c_str(), kmKey.size()); - LOG(INFO) << "Key upgraded"; + LOG(INFO) << "Key upgraded" << std::endl; export_again = true; } //Should never come here diff --git a/partitionmanager.cpp b/partitionmanager.cpp index 85dc79d36..41d8af209 100755 --- a/partitionmanager.cpp +++ b/partitionmanager.cpp @@ -296,7 +296,14 @@ int TWPartitionManager::Process_Fstab(string Fstab_Filename, bool Display_Error) while (!Decrypt_Data->Mount(false) && --retry_count) usleep(500); if (Decrypt_Data->Mount(false)) { - Decrypt_Data->Decrypt_FBE_DE(); + if (!Decrypt_Data->Decrypt_FBE_DE()) { + LOGINFO("Trying wrapped key.\n"); + property_set("fbe.data.wrappedkey", "true"); + if (!Decrypt_Data->Decrypt_FBE_DE()) { + LOGERR("Unable to decrypt FBE device\n"); + } + } + } else { LOGINFO("Failed to mount data after metadata decrypt\n"); } -- cgit v1.2.3