diff options
Diffstat (limited to 'fs/ecryptfs/crypto.c')
-rw-r--r-- | fs/ecryptfs/crypto.c | 37 |
1 files changed, 15 insertions, 22 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index b817a1a39e70..6ac630625b70 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c | |||
@@ -207,7 +207,7 @@ ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat) | |||
207 | mutex_init(&crypt_stat->cs_mutex); | 207 | mutex_init(&crypt_stat->cs_mutex); |
208 | mutex_init(&crypt_stat->cs_tfm_mutex); | 208 | mutex_init(&crypt_stat->cs_tfm_mutex); |
209 | mutex_init(&crypt_stat->cs_hash_tfm_mutex); | 209 | mutex_init(&crypt_stat->cs_hash_tfm_mutex); |
210 | ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_STRUCT_INITIALIZED); | 210 | crypt_stat->flags |= ECRYPTFS_STRUCT_INITIALIZED; |
211 | } | 211 | } |
212 | 212 | ||
213 | /** | 213 | /** |
@@ -305,8 +305,7 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat, | |||
305 | int rc = 0; | 305 | int rc = 0; |
306 | 306 | ||
307 | BUG_ON(!crypt_stat || !crypt_stat->tfm | 307 | BUG_ON(!crypt_stat || !crypt_stat->tfm |
308 | || !ECRYPTFS_CHECK_FLAG(crypt_stat->flags, | 308 | || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED)); |
309 | ECRYPTFS_STRUCT_INITIALIZED)); | ||
310 | if (unlikely(ecryptfs_verbosity > 0)) { | 309 | if (unlikely(ecryptfs_verbosity > 0)) { |
311 | ecryptfs_printk(KERN_DEBUG, "Key size [%d]; key:\n", | 310 | ecryptfs_printk(KERN_DEBUG, "Key size [%d]; key:\n", |
312 | crypt_stat->key_size); | 311 | crypt_stat->key_size); |
@@ -485,7 +484,7 @@ int ecryptfs_encrypt_page(struct ecryptfs_page_crypt_context *ctx) | |||
485 | lower_inode = ecryptfs_inode_to_lower(ctx->page->mapping->host); | 484 | lower_inode = ecryptfs_inode_to_lower(ctx->page->mapping->host); |
486 | inode_info = ecryptfs_inode_to_private(ctx->page->mapping->host); | 485 | inode_info = ecryptfs_inode_to_private(ctx->page->mapping->host); |
487 | crypt_stat = &inode_info->crypt_stat; | 486 | crypt_stat = &inode_info->crypt_stat; |
488 | if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED)) { | 487 | if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { |
489 | rc = ecryptfs_copy_page_to_lower(ctx->page, lower_inode, | 488 | rc = ecryptfs_copy_page_to_lower(ctx->page, lower_inode, |
490 | ctx->param.lower_file); | 489 | ctx->param.lower_file); |
491 | if (rc) | 490 | if (rc) |
@@ -617,7 +616,7 @@ int ecryptfs_decrypt_page(struct file *file, struct page *page) | |||
617 | crypt_stat = &(ecryptfs_inode_to_private( | 616 | crypt_stat = &(ecryptfs_inode_to_private( |
618 | page->mapping->host)->crypt_stat); | 617 | page->mapping->host)->crypt_stat); |
619 | lower_inode = ecryptfs_inode_to_lower(page->mapping->host); | 618 | lower_inode = ecryptfs_inode_to_lower(page->mapping->host); |
620 | if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED)) { | 619 | if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { |
621 | rc = ecryptfs_do_readpage(file, page, page->index); | 620 | rc = ecryptfs_do_readpage(file, page, page->index); |
622 | if (rc) | 621 | if (rc) |
623 | ecryptfs_printk(KERN_ERR, "Error attempting to copy " | 622 | ecryptfs_printk(KERN_ERR, "Error attempting to copy " |
@@ -882,7 +881,7 @@ int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat) | |||
882 | 881 | ||
883 | BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE); | 882 | BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE); |
884 | BUG_ON(crypt_stat->iv_bytes <= 0); | 883 | BUG_ON(crypt_stat->iv_bytes <= 0); |
885 | if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID)) { | 884 | if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) { |
886 | rc = -EINVAL; | 885 | rc = -EINVAL; |
887 | ecryptfs_printk(KERN_WARNING, "Session key not valid; " | 886 | ecryptfs_printk(KERN_WARNING, "Session key not valid; " |
888 | "cannot generate root IV\n"); | 887 | "cannot generate root IV\n"); |
@@ -899,8 +898,7 @@ int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat) | |||
899 | out: | 898 | out: |
900 | if (rc) { | 899 | if (rc) { |
901 | memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes); | 900 | memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes); |
902 | ECRYPTFS_SET_FLAG(crypt_stat->flags, | 901 | crypt_stat->flags |= ECRYPTFS_SECURITY_WARNING; |
903 | ECRYPTFS_SECURITY_WARNING); | ||
904 | } | 902 | } |
905 | return rc; | 903 | return rc; |
906 | } | 904 | } |
@@ -908,7 +906,7 @@ out: | |||
908 | static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat) | 906 | static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat) |
909 | { | 907 | { |
910 | get_random_bytes(crypt_stat->key, crypt_stat->key_size); | 908 | get_random_bytes(crypt_stat->key, crypt_stat->key_size); |
911 | ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID); | 909 | crypt_stat->flags |= ECRYPTFS_KEY_VALID; |
912 | ecryptfs_compute_root_iv(crypt_stat); | 910 | ecryptfs_compute_root_iv(crypt_stat); |
913 | if (unlikely(ecryptfs_verbosity > 0)) { | 911 | if (unlikely(ecryptfs_verbosity > 0)) { |
914 | ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n"); | 912 | ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n"); |
@@ -948,7 +946,7 @@ static void ecryptfs_set_default_crypt_stat_vals( | |||
948 | ecryptfs_set_default_sizes(crypt_stat); | 946 | ecryptfs_set_default_sizes(crypt_stat); |
949 | strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER); | 947 | strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER); |
950 | crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES; | 948 | crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES; |
951 | ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID); | 949 | crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID); |
952 | crypt_stat->file_version = ECRYPTFS_FILE_VERSION; | 950 | crypt_stat->file_version = ECRYPTFS_FILE_VERSION; |
953 | crypt_stat->mount_crypt_stat = mount_crypt_stat; | 951 | crypt_stat->mount_crypt_stat = mount_crypt_stat; |
954 | } | 952 | } |
@@ -988,8 +986,8 @@ int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry) | |||
988 | if (mount_crypt_stat->global_auth_tok) { | 986 | if (mount_crypt_stat->global_auth_tok) { |
989 | ecryptfs_printk(KERN_DEBUG, "Initializing context for new " | 987 | ecryptfs_printk(KERN_DEBUG, "Initializing context for new " |
990 | "file using mount_crypt_stat\n"); | 988 | "file using mount_crypt_stat\n"); |
991 | ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED); | 989 | crypt_stat->flags |= ECRYPTFS_ENCRYPTED; |
992 | ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID); | 990 | crypt_stat->flags |= ECRYPTFS_KEY_VALID; |
993 | ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat, | 991 | ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat, |
994 | mount_crypt_stat); | 992 | mount_crypt_stat); |
995 | memcpy(crypt_stat->keysigs[crypt_stat->num_keysigs++], | 993 | memcpy(crypt_stat->keysigs[crypt_stat->num_keysigs++], |
@@ -1074,11 +1072,9 @@ static int ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat, | |||
1074 | for (i = 0; i < ((sizeof(ecryptfs_flag_map) | 1072 | for (i = 0; i < ((sizeof(ecryptfs_flag_map) |
1075 | / sizeof(struct ecryptfs_flag_map_elem))); i++) | 1073 | / sizeof(struct ecryptfs_flag_map_elem))); i++) |
1076 | if (flags & ecryptfs_flag_map[i].file_flag) { | 1074 | if (flags & ecryptfs_flag_map[i].file_flag) { |
1077 | ECRYPTFS_SET_FLAG(crypt_stat->flags, | 1075 | crypt_stat->flags |= ecryptfs_flag_map[i].local_flag; |
1078 | ecryptfs_flag_map[i].local_flag); | ||
1079 | } else | 1076 | } else |
1080 | ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, | 1077 | crypt_stat->flags &= ~(ecryptfs_flag_map[i].local_flag); |
1081 | ecryptfs_flag_map[i].local_flag); | ||
1082 | /* Version is in top 8 bits of the 32-bit flag vector */ | 1078 | /* Version is in top 8 bits of the 32-bit flag vector */ |
1083 | crypt_stat->file_version = ((flags >> 24) & 0xFF); | 1079 | crypt_stat->file_version = ((flags >> 24) & 0xFF); |
1084 | (*bytes_read) = 4; | 1080 | (*bytes_read) = 4; |
@@ -1115,8 +1111,7 @@ write_ecryptfs_flags(char *page_virt, struct ecryptfs_crypt_stat *crypt_stat, | |||
1115 | 1111 | ||
1116 | for (i = 0; i < ((sizeof(ecryptfs_flag_map) | 1112 | for (i = 0; i < ((sizeof(ecryptfs_flag_map) |
1117 | / sizeof(struct ecryptfs_flag_map_elem))); i++) | 1113 | / sizeof(struct ecryptfs_flag_map_elem))); i++) |
1118 | if (ECRYPTFS_CHECK_FLAG(crypt_stat->flags, | 1114 | if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag) |
1119 | ecryptfs_flag_map[i].local_flag)) | ||
1120 | flags |= ecryptfs_flag_map[i].file_flag; | 1115 | flags |= ecryptfs_flag_map[i].file_flag; |
1121 | /* Version is in top 8 bits of the 32-bit flag vector */ | 1116 | /* Version is in top 8 bits of the 32-bit flag vector */ |
1122 | flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000); | 1117 | flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000); |
@@ -1414,10 +1409,8 @@ int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry, | |||
1414 | 1409 | ||
1415 | crypt_stat = &ecryptfs_inode_to_private( | 1410 | crypt_stat = &ecryptfs_inode_to_private( |
1416 | ecryptfs_dentry->d_inode)->crypt_stat; | 1411 | ecryptfs_dentry->d_inode)->crypt_stat; |
1417 | if (likely(ECRYPTFS_CHECK_FLAG(crypt_stat->flags, | 1412 | if (likely(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { |
1418 | ECRYPTFS_ENCRYPTED))) { | 1413 | if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) { |
1419 | if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, | ||
1420 | ECRYPTFS_KEY_VALID)) { | ||
1421 | ecryptfs_printk(KERN_DEBUG, "Key is " | 1414 | ecryptfs_printk(KERN_DEBUG, "Key is " |
1422 | "invalid; bailing out\n"); | 1415 | "invalid; bailing out\n"); |
1423 | rc = -EINVAL; | 1416 | rc = -EINVAL; |