Encryption: try wrapped key if the first time decryption fails

Change-Id: I108b7aeea41c6b85c851f40c1c4a7e25012e2463
tonirmv · Sep 1, 2019 · 0be03b3 · 0be03b3
1 parent 05cd3f8
commit 0be03b3
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 6 deletions.
diff --git a/crypto/ext4crypt/Ext4CryptPie.cpp b/crypto/ext4crypt/Ext4CryptPie.cpp
@@ -208,11 +208,11 @@ static bool read_and_fixate_user_ce_key(userid_t user_id,
 }
 
 static bool is_wrapped_key_supported_common(const std::string& mount_point) {
-    LOG(DEBUG) << "Determining wrapped-key support for " << mount_point;
+    LOG(DEBUG) << "Determining wrapped-key support for " << mount_point << std::endl;
     std::string wrapped_key_supported = android::base::GetProperty("fbe.data.wrappedkey", "false");
-    LOG(DEBUG) << "fbe.data.wrappedkey = " << wrapped_key_supported;
+    LOG(DEBUG) << "fbe.data.wrappedkey = " << wrapped_key_supported << std::endl;
     if (mount_point == DATA_MNT_POINT && wrapped_key_supported == "true") {
-        LOG(DEBUG) << "Wrapped key supported on " << mount_point;
+        LOG(DEBUG) << "Wrapped key supported on " << mount_point << std::endl;
         return true;
     } else {
         return false;

diff --git a/crypto/ext4crypt/KeyStorage4.cpp b/crypto/ext4crypt/KeyStorage4.cpp
@@ -177,12 +177,12 @@ bool getEphemeralWrappedKey(km::KeyFormat format, KeyBuffer& kmKey, KeyBuffer* k
             return true;
         }
         if (ret != km::ErrorCode::KEY_REQUIRES_UPGRADE) return false;
-        LOG(DEBUG) << "Upgrading key";
+        LOG(DEBUG) << "Upgrading key" << std::endl;
         std::string kmKeyStr(reinterpret_cast<const char*>(kmKey.data()), kmKey.size());
         std::string newKey;
         if (!keymaster.upgradeKey(kmKeyStr, km::AuthorizationSet(), &newKey)) return false;
         memcpy(reinterpret_cast<void*>(kmKey.data()), newKey.c_str(), kmKey.size());
-        LOG(INFO) << "Key upgraded";
+        LOG(INFO) << "Key upgraded" << std::endl;
         export_again = true;
     }
     //Should never come here

diff --git a/partitionmanager.cpp b/partitionmanager.cpp
@@ -296,7 +296,14 @@ int TWPartitionManager::Process_Fstab(string Fstab_Filename, bool Display_Error)
 				while (!Decrypt_Data->Mount(false) && --retry_count)
 					usleep(500);
 				if (Decrypt_Data->Mount(false)) {
-					Decrypt_Data->Decrypt_FBE_DE();
+					if (!Decrypt_Data->Decrypt_FBE_DE()) {
+						LOGINFO("Trying wrapped key.\n");
+						property_set("fbe.data.wrappedkey", "true");
+						if (!Decrypt_Data->Decrypt_FBE_DE()) {
+							LOGERR("Unable to decrypt FBE device\n");
+						}
+					}
+
 				} else {
 					LOGINFO("Failed to mount data after metadata decrypt\n");
 				}