diff options
| author | Michael Halcrow <mhalcrow@us.ibm.com> | 2007-02-12 03:53:49 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-02-12 12:48:37 -0500 |
| commit | e2bd99ec5c0e20ed6aeb079fa8f975c2dcd78a2c (patch) | |
| tree | 78892d49cf55fa4cf22ce9b8b226c63bac8b227c /fs/ecryptfs/keystore.c | |
| parent | 9d8b8ce5561890464c54645cdea4d6b157159fec (diff) | |
[PATCH] eCryptfs: open-code flag checking and manipulation
Open-code flag checking and manipulation.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Trevor Highland <tshighla@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/ecryptfs/keystore.c')
| -rw-r--r-- | fs/ecryptfs/keystore.c | 32 |
1 files changed, 14 insertions, 18 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 558d538e2b1f..c209f67e7a26 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
| @@ -607,13 +607,13 @@ parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 607 | (*new_auth_tok)->session_key.flags |= | 607 | (*new_auth_tok)->session_key.flags |= |
| 608 | ECRYPTFS_CONTAINS_ENCRYPTED_KEY; | 608 | ECRYPTFS_CONTAINS_ENCRYPTED_KEY; |
| 609 | (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY; | 609 | (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY; |
| 610 | ECRYPTFS_SET_FLAG((*new_auth_tok)->flags, ECRYPTFS_PRIVATE_KEY); | 610 | (*new_auth_tok)->flags |= ECRYPTFS_PRIVATE_KEY; |
| 611 | /* TODO: Why are we setting this flag here? Don't we want the | 611 | /* TODO: Why are we setting this flag here? Don't we want the |
| 612 | * userspace to decrypt the session key? */ | 612 | * userspace to decrypt the session key? */ |
| 613 | ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, | 613 | (*new_auth_tok)->session_key.flags &= |
| 614 | ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); | 614 | ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); |
| 615 | ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, | 615 | (*new_auth_tok)->session_key.flags &= |
| 616 | ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); | 616 | ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); |
| 617 | list_add(&auth_tok_list_item->list, auth_tok_list); | 617 | list_add(&auth_tok_list_item->list, auth_tok_list); |
| 618 | goto out; | 618 | goto out; |
| 619 | out_free: | 619 | out_free: |
| @@ -793,10 +793,10 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 793 | (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD; | 793 | (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD; |
| 794 | /* TODO: Parametarize; we might actually want userspace to | 794 | /* TODO: Parametarize; we might actually want userspace to |
| 795 | * decrypt the session key. */ | 795 | * decrypt the session key. */ |
| 796 | ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, | 796 | (*new_auth_tok)->session_key.flags &= |
| 797 | ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); | 797 | ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); |
| 798 | ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, | 798 | (*new_auth_tok)->session_key.flags &= |
| 799 | ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); | 799 | ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); |
| 800 | list_add(&auth_tok_list_item->list, auth_tok_list); | 800 | list_add(&auth_tok_list_item->list, auth_tok_list); |
| 801 | goto out; | 801 | goto out; |
| 802 | out_free: | 802 | out_free: |
| @@ -941,8 +941,7 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
| 941 | int rc = 0; | 941 | int rc = 0; |
| 942 | 942 | ||
| 943 | password_s_ptr = &auth_tok->token.password; | 943 | password_s_ptr = &auth_tok->token.password; |
| 944 | if (ECRYPTFS_CHECK_FLAG(password_s_ptr->flags, | 944 | if (password_s_ptr->flags & ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) |
| 945 | ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET)) | ||
| 946 | ecryptfs_printk(KERN_DEBUG, "Session key encryption key " | 945 | ecryptfs_printk(KERN_DEBUG, "Session key encryption key " |
| 947 | "set; skipping key generation\n"); | 946 | "set; skipping key generation\n"); |
| 948 | ecryptfs_printk(KERN_DEBUG, "Session key encryption key (size [%d])" | 947 | ecryptfs_printk(KERN_DEBUG, "Session key encryption key (size [%d])" |
| @@ -1024,7 +1023,7 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
| 1024 | auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY; | 1023 | auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY; |
| 1025 | memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key, | 1024 | memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key, |
| 1026 | auth_tok->session_key.decrypted_key_size); | 1025 | auth_tok->session_key.decrypted_key_size); |
| 1027 | ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID); | 1026 | crypt_stat->flags |= ECRYPTFS_KEY_VALID; |
| 1028 | ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n"); | 1027 | ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n"); |
| 1029 | if (ecryptfs_verbosity > 0) | 1028 | if (ecryptfs_verbosity > 0) |
| 1030 | ecryptfs_dump_hex(crypt_stat->key, | 1029 | ecryptfs_dump_hex(crypt_stat->key, |
| @@ -1127,8 +1126,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 1127 | sig_tmp_space, tag_11_contents_size); | 1126 | sig_tmp_space, tag_11_contents_size); |
| 1128 | new_auth_tok->token.password.signature[ | 1127 | new_auth_tok->token.password.signature[ |
| 1129 | ECRYPTFS_PASSWORD_SIG_SIZE] = '\0'; | 1128 | ECRYPTFS_PASSWORD_SIG_SIZE] = '\0'; |
| 1130 | ECRYPTFS_SET_FLAG(crypt_stat->flags, | 1129 | crypt_stat->flags |= ECRYPTFS_ENCRYPTED; |
| 1131 | ECRYPTFS_ENCRYPTED); | ||
| 1132 | break; | 1130 | break; |
| 1133 | case ECRYPTFS_TAG_1_PACKET_TYPE: | 1131 | case ECRYPTFS_TAG_1_PACKET_TYPE: |
| 1134 | rc = parse_tag_1_packet(crypt_stat, | 1132 | rc = parse_tag_1_packet(crypt_stat, |
| @@ -1142,8 +1140,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 1142 | goto out_wipe_list; | 1140 | goto out_wipe_list; |
| 1143 | } | 1141 | } |
| 1144 | i += packet_size; | 1142 | i += packet_size; |
| 1145 | ECRYPTFS_SET_FLAG(crypt_stat->flags, | 1143 | crypt_stat->flags |= ECRYPTFS_ENCRYPTED; |
| 1146 | ECRYPTFS_ENCRYPTED); | ||
| 1147 | break; | 1144 | break; |
| 1148 | case ECRYPTFS_TAG_11_PACKET_TYPE: | 1145 | case ECRYPTFS_TAG_11_PACKET_TYPE: |
| 1149 | ecryptfs_printk(KERN_WARNING, "Invalid packet set " | 1146 | ecryptfs_printk(KERN_WARNING, "Invalid packet set " |
| @@ -1209,8 +1206,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, | |||
| 1209 | } | 1206 | } |
| 1210 | leave_list: | 1207 | leave_list: |
| 1211 | rc = -ENOTSUPP; | 1208 | rc = -ENOTSUPP; |
| 1212 | if ((ECRYPTFS_CHECK_FLAG(candidate_auth_tok->flags, | 1209 | if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) { |
| 1213 | ECRYPTFS_PRIVATE_KEY))) { | ||
| 1214 | memcpy(&(candidate_auth_tok->token.private_key), | 1210 | memcpy(&(candidate_auth_tok->token.private_key), |
| 1215 | &(chosen_auth_tok->token.private_key), | 1211 | &(chosen_auth_tok->token.private_key), |
| 1216 | sizeof(struct ecryptfs_private_key)); | 1212 | sizeof(struct ecryptfs_private_key)); |