Encryption: try wrapped key if the first time decryption fails

Change-Id: I108b7aeea41c6b85c851f40c1c4a7e25012e2463

crypto/ext4crypt/Ext4CryptPie.cpp

@@ -208,11 +208,11 @@ static bool read_and_fixate_user_ce_key(userid_t user_id,
 }
 
 static bool is_wrapped_key_supported_common(const std::string& mount_point) {
-    LOG(DEBUG) << "Determining wrapped-key support for " << mount_point;
+    LOG(DEBUG) << "Determining wrapped-key support for " << mount_point << std::endl;
     std::string wrapped_key_supported = android::base::GetProperty("fbe.data.wrappedkey", "false");
-    LOG(DEBUG) << "fbe.data.wrappedkey = " << wrapped_key_supported;
+    LOG(DEBUG) << "fbe.data.wrappedkey = " << wrapped_key_supported << std::endl;
     if (mount_point == DATA_MNT_POINT && wrapped_key_supported == "true") {
-        LOG(DEBUG) << "Wrapped key supported on " << mount_point;
+        LOG(DEBUG) << "Wrapped key supported on " << mount_point << std::endl;
         return true;
     } else {
         return false;

crypto/ext4crypt/KeyStorage4.cpp

@@ -177,12 +177,12 @@ bool getEphemeralWrappedKey(km::KeyFormat format, KeyBuffer& kmKey, KeyBuffer* k
             return true;
         }
         if (ret != km::ErrorCode::KEY_REQUIRES_UPGRADE) return false;
-        LOG(DEBUG) << "Upgrading key";
+        LOG(DEBUG) << "Upgrading key" << std::endl;
         std::string kmKeyStr(reinterpret_cast<const char*>(kmKey.data()), kmKey.size());
         std::string newKey;
         if (!keymaster.upgradeKey(kmKeyStr, km::AuthorizationSet(), &newKey)) return false;
         memcpy(reinterpret_cast<void*>(kmKey.data()), newKey.c_str(), kmKey.size());
-        LOG(INFO) << "Key upgraded";
+        LOG(INFO) << "Key upgraded" << std::endl;
         export_again = true;
     }
     //Should never come here

partitionmanager.cpp

@@ -296,7 +296,14 @@ int TWPartitionManager::Process_Fstab(string Fstab_Filename, bool Display_Error)
 				while (!Decrypt_Data->Mount(false) && --retry_count)
 					usleep(500);
 				if (Decrypt_Data->Mount(false)) {
-					Decrypt_Data->Decrypt_FBE_DE();
+					if (!Decrypt_Data->Decrypt_FBE_DE()) {
+						LOGINFO("Trying wrapped key.\n");
+						property_set("fbe.data.wrappedkey", "true");
+						if (!Decrypt_Data->Decrypt_FBE_DE()) {
+							LOGERR("Unable to decrypt FBE device\n");
+						}
+					}
+
 				} else {
 					LOGINFO("Failed to mount data after metadata decrypt\n");
 				}