aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs/crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/ecryptfs/crypto.c')
-rw-r--r--fs/ecryptfs/crypto.c37
1 files changed, 15 insertions, 22 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c
index b817a1a39e70..6ac630625b70 100644
--- a/fs/ecryptfs/crypto.c
+++ b/fs/ecryptfs/crypto.c
@@ -207,7 +207,7 @@ ecryptfs_init_crypt_stat(struct ecryptfs_crypt_stat *crypt_stat)
207 mutex_init(&crypt_stat->cs_mutex); 207 mutex_init(&crypt_stat->cs_mutex);
208 mutex_init(&crypt_stat->cs_tfm_mutex); 208 mutex_init(&crypt_stat->cs_tfm_mutex);
209 mutex_init(&crypt_stat->cs_hash_tfm_mutex); 209 mutex_init(&crypt_stat->cs_hash_tfm_mutex);
210 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_STRUCT_INITIALIZED); 210 crypt_stat->flags |= ECRYPTFS_STRUCT_INITIALIZED;
211} 211}
212 212
213/** 213/**
@@ -305,8 +305,7 @@ static int encrypt_scatterlist(struct ecryptfs_crypt_stat *crypt_stat,
305 int rc = 0; 305 int rc = 0;
306 306
307 BUG_ON(!crypt_stat || !crypt_stat->tfm 307 BUG_ON(!crypt_stat || !crypt_stat->tfm
308 || !ECRYPTFS_CHECK_FLAG(crypt_stat->flags, 308 || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED));
309 ECRYPTFS_STRUCT_INITIALIZED));
310 if (unlikely(ecryptfs_verbosity > 0)) { 309 if (unlikely(ecryptfs_verbosity > 0)) {
311 ecryptfs_printk(KERN_DEBUG, "Key size [%d]; key:\n", 310 ecryptfs_printk(KERN_DEBUG, "Key size [%d]; key:\n",
312 crypt_stat->key_size); 311 crypt_stat->key_size);
@@ -485,7 +484,7 @@ int ecryptfs_encrypt_page(struct ecryptfs_page_crypt_context *ctx)
485 lower_inode = ecryptfs_inode_to_lower(ctx->page->mapping->host); 484 lower_inode = ecryptfs_inode_to_lower(ctx->page->mapping->host);
486 inode_info = ecryptfs_inode_to_private(ctx->page->mapping->host); 485 inode_info = ecryptfs_inode_to_private(ctx->page->mapping->host);
487 crypt_stat = &inode_info->crypt_stat; 486 crypt_stat = &inode_info->crypt_stat;
488 if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED)) { 487 if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
489 rc = ecryptfs_copy_page_to_lower(ctx->page, lower_inode, 488 rc = ecryptfs_copy_page_to_lower(ctx->page, lower_inode,
490 ctx->param.lower_file); 489 ctx->param.lower_file);
491 if (rc) 490 if (rc)
@@ -617,7 +616,7 @@ int ecryptfs_decrypt_page(struct file *file, struct page *page)
617 crypt_stat = &(ecryptfs_inode_to_private( 616 crypt_stat = &(ecryptfs_inode_to_private(
618 page->mapping->host)->crypt_stat); 617 page->mapping->host)->crypt_stat);
619 lower_inode = ecryptfs_inode_to_lower(page->mapping->host); 618 lower_inode = ecryptfs_inode_to_lower(page->mapping->host);
620 if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED)) { 619 if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
621 rc = ecryptfs_do_readpage(file, page, page->index); 620 rc = ecryptfs_do_readpage(file, page, page->index);
622 if (rc) 621 if (rc)
623 ecryptfs_printk(KERN_ERR, "Error attempting to copy " 622 ecryptfs_printk(KERN_ERR, "Error attempting to copy "
@@ -882,7 +881,7 @@ int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat)
882 881
883 BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE); 882 BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE);
884 BUG_ON(crypt_stat->iv_bytes <= 0); 883 BUG_ON(crypt_stat->iv_bytes <= 0);
885 if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID)) { 884 if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
886 rc = -EINVAL; 885 rc = -EINVAL;
887 ecryptfs_printk(KERN_WARNING, "Session key not valid; " 886 ecryptfs_printk(KERN_WARNING, "Session key not valid; "
888 "cannot generate root IV\n"); 887 "cannot generate root IV\n");
@@ -899,8 +898,7 @@ int ecryptfs_compute_root_iv(struct ecryptfs_crypt_stat *crypt_stat)
899out: 898out:
900 if (rc) { 899 if (rc) {
901 memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes); 900 memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes);
902 ECRYPTFS_SET_FLAG(crypt_stat->flags, 901 crypt_stat->flags |= ECRYPTFS_SECURITY_WARNING;
903 ECRYPTFS_SECURITY_WARNING);
904 } 902 }
905 return rc; 903 return rc;
906} 904}
@@ -908,7 +906,7 @@ out:
908static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat) 906static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat)
909{ 907{
910 get_random_bytes(crypt_stat->key, crypt_stat->key_size); 908 get_random_bytes(crypt_stat->key, crypt_stat->key_size);
911 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID); 909 crypt_stat->flags |= ECRYPTFS_KEY_VALID;
912 ecryptfs_compute_root_iv(crypt_stat); 910 ecryptfs_compute_root_iv(crypt_stat);
913 if (unlikely(ecryptfs_verbosity > 0)) { 911 if (unlikely(ecryptfs_verbosity > 0)) {
914 ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n"); 912 ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n");
@@ -948,7 +946,7 @@ static void ecryptfs_set_default_crypt_stat_vals(
948 ecryptfs_set_default_sizes(crypt_stat); 946 ecryptfs_set_default_sizes(crypt_stat);
949 strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER); 947 strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);
950 crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES; 948 crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES;
951 ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID); 949 crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID);
952 crypt_stat->file_version = ECRYPTFS_FILE_VERSION; 950 crypt_stat->file_version = ECRYPTFS_FILE_VERSION;
953 crypt_stat->mount_crypt_stat = mount_crypt_stat; 951 crypt_stat->mount_crypt_stat = mount_crypt_stat;
954} 952}
@@ -988,8 +986,8 @@ int ecryptfs_new_file_context(struct dentry *ecryptfs_dentry)
988 if (mount_crypt_stat->global_auth_tok) { 986 if (mount_crypt_stat->global_auth_tok) {
989 ecryptfs_printk(KERN_DEBUG, "Initializing context for new " 987 ecryptfs_printk(KERN_DEBUG, "Initializing context for new "
990 "file using mount_crypt_stat\n"); 988 "file using mount_crypt_stat\n");
991 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED); 989 crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
992 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID); 990 crypt_stat->flags |= ECRYPTFS_KEY_VALID;
993 ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat, 991 ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,
994 mount_crypt_stat); 992 mount_crypt_stat);
995 memcpy(crypt_stat->keysigs[crypt_stat->num_keysigs++], 993 memcpy(crypt_stat->keysigs[crypt_stat->num_keysigs++],
@@ -1074,11 +1072,9 @@ static int ecryptfs_process_flags(struct ecryptfs_crypt_stat *crypt_stat,
1074 for (i = 0; i < ((sizeof(ecryptfs_flag_map) 1072 for (i = 0; i < ((sizeof(ecryptfs_flag_map)
1075 / sizeof(struct ecryptfs_flag_map_elem))); i++) 1073 / sizeof(struct ecryptfs_flag_map_elem))); i++)
1076 if (flags & ecryptfs_flag_map[i].file_flag) { 1074 if (flags & ecryptfs_flag_map[i].file_flag) {
1077 ECRYPTFS_SET_FLAG(crypt_stat->flags, 1075 crypt_stat->flags |= ecryptfs_flag_map[i].local_flag;
1078 ecryptfs_flag_map[i].local_flag);
1079 } else 1076 } else
1080 ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, 1077 crypt_stat->flags &= ~(ecryptfs_flag_map[i].local_flag);
1081 ecryptfs_flag_map[i].local_flag);
1082 /* Version is in top 8 bits of the 32-bit flag vector */ 1078 /* Version is in top 8 bits of the 32-bit flag vector */
1083 crypt_stat->file_version = ((flags >> 24) & 0xFF); 1079 crypt_stat->file_version = ((flags >> 24) & 0xFF);
1084 (*bytes_read) = 4; 1080 (*bytes_read) = 4;
@@ -1115,8 +1111,7 @@ write_ecryptfs_flags(char *page_virt, struct ecryptfs_crypt_stat *crypt_stat,
1115 1111
1116 for (i = 0; i < ((sizeof(ecryptfs_flag_map) 1112 for (i = 0; i < ((sizeof(ecryptfs_flag_map)
1117 / sizeof(struct ecryptfs_flag_map_elem))); i++) 1113 / sizeof(struct ecryptfs_flag_map_elem))); i++)
1118 if (ECRYPTFS_CHECK_FLAG(crypt_stat->flags, 1114 if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag)
1119 ecryptfs_flag_map[i].local_flag))
1120 flags |= ecryptfs_flag_map[i].file_flag; 1115 flags |= ecryptfs_flag_map[i].file_flag;
1121 /* Version is in top 8 bits of the 32-bit flag vector */ 1116 /* Version is in top 8 bits of the 32-bit flag vector */
1122 flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000); 1117 flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000);
@@ -1414,10 +1409,8 @@ int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry,
1414 1409
1415 crypt_stat = &ecryptfs_inode_to_private( 1410 crypt_stat = &ecryptfs_inode_to_private(
1416 ecryptfs_dentry->d_inode)->crypt_stat; 1411 ecryptfs_dentry->d_inode)->crypt_stat;
1417 if (likely(ECRYPTFS_CHECK_FLAG(crypt_stat->flags, 1412 if (likely(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {
1418 ECRYPTFS_ENCRYPTED))) { 1413 if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {
1419 if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags,
1420 ECRYPTFS_KEY_VALID)) {
1421 ecryptfs_printk(KERN_DEBUG, "Key is " 1414 ecryptfs_printk(KERN_DEBUG, "Key is "
1422 "invalid; bailing out\n"); 1415 "invalid; bailing out\n");
1423 rc = -EINVAL; 1416 rc = -EINVAL;