aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ecryptfs/keystore.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/ecryptfs/keystore.c')
-rw-r--r--fs/ecryptfs/keystore.c32
1 files changed, 14 insertions, 18 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 558d538e2b1f..c209f67e7a26 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -607,13 +607,13 @@ parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat,
607 (*new_auth_tok)->session_key.flags |= 607 (*new_auth_tok)->session_key.flags |=
608 ECRYPTFS_CONTAINS_ENCRYPTED_KEY; 608 ECRYPTFS_CONTAINS_ENCRYPTED_KEY;
609 (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY; 609 (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY;
610 ECRYPTFS_SET_FLAG((*new_auth_tok)->flags, ECRYPTFS_PRIVATE_KEY); 610 (*new_auth_tok)->flags |= ECRYPTFS_PRIVATE_KEY;
611 /* TODO: Why are we setting this flag here? Don't we want the 611 /* TODO: Why are we setting this flag here? Don't we want the
612 * userspace to decrypt the session key? */ 612 * userspace to decrypt the session key? */
613 ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, 613 (*new_auth_tok)->session_key.flags &=
614 ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); 614 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
615 ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, 615 (*new_auth_tok)->session_key.flags &=
616 ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); 616 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
617 list_add(&auth_tok_list_item->list, auth_tok_list); 617 list_add(&auth_tok_list_item->list, auth_tok_list);
618 goto out; 618 goto out;
619out_free: 619out_free:
@@ -793,10 +793,10 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat,
793 (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD; 793 (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD;
794 /* TODO: Parametarize; we might actually want userspace to 794 /* TODO: Parametarize; we might actually want userspace to
795 * decrypt the session key. */ 795 * decrypt the session key. */
796 ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, 796 (*new_auth_tok)->session_key.flags &=
797 ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); 797 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT);
798 ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, 798 (*new_auth_tok)->session_key.flags &=
799 ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); 799 ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT);
800 list_add(&auth_tok_list_item->list, auth_tok_list); 800 list_add(&auth_tok_list_item->list, auth_tok_list);
801 goto out; 801 goto out;
802out_free: 802out_free:
@@ -941,8 +941,7 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
941 int rc = 0; 941 int rc = 0;
942 942
943 password_s_ptr = &auth_tok->token.password; 943 password_s_ptr = &auth_tok->token.password;
944 if (ECRYPTFS_CHECK_FLAG(password_s_ptr->flags, 944 if (password_s_ptr->flags & ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET)
945 ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET))
946 ecryptfs_printk(KERN_DEBUG, "Session key encryption key " 945 ecryptfs_printk(KERN_DEBUG, "Session key encryption key "
947 "set; skipping key generation\n"); 946 "set; skipping key generation\n");
948 ecryptfs_printk(KERN_DEBUG, "Session key encryption key (size [%d])" 947 ecryptfs_printk(KERN_DEBUG, "Session key encryption key (size [%d])"
@@ -1024,7 +1023,7 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok,
1024 auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY; 1023 auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY;
1025 memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key, 1024 memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key,
1026 auth_tok->session_key.decrypted_key_size); 1025 auth_tok->session_key.decrypted_key_size);
1027 ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID); 1026 crypt_stat->flags |= ECRYPTFS_KEY_VALID;
1028 ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n"); 1027 ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n");
1029 if (ecryptfs_verbosity > 0) 1028 if (ecryptfs_verbosity > 0)
1030 ecryptfs_dump_hex(crypt_stat->key, 1029 ecryptfs_dump_hex(crypt_stat->key,
@@ -1127,8 +1126,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1127 sig_tmp_space, tag_11_contents_size); 1126 sig_tmp_space, tag_11_contents_size);
1128 new_auth_tok->token.password.signature[ 1127 new_auth_tok->token.password.signature[
1129 ECRYPTFS_PASSWORD_SIG_SIZE] = '\0'; 1128 ECRYPTFS_PASSWORD_SIG_SIZE] = '\0';
1130 ECRYPTFS_SET_FLAG(crypt_stat->flags, 1129 crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1131 ECRYPTFS_ENCRYPTED);
1132 break; 1130 break;
1133 case ECRYPTFS_TAG_1_PACKET_TYPE: 1131 case ECRYPTFS_TAG_1_PACKET_TYPE:
1134 rc = parse_tag_1_packet(crypt_stat, 1132 rc = parse_tag_1_packet(crypt_stat,
@@ -1142,8 +1140,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1142 goto out_wipe_list; 1140 goto out_wipe_list;
1143 } 1141 }
1144 i += packet_size; 1142 i += packet_size;
1145 ECRYPTFS_SET_FLAG(crypt_stat->flags, 1143 crypt_stat->flags |= ECRYPTFS_ENCRYPTED;
1146 ECRYPTFS_ENCRYPTED);
1147 break; 1144 break;
1148 case ECRYPTFS_TAG_11_PACKET_TYPE: 1145 case ECRYPTFS_TAG_11_PACKET_TYPE:
1149 ecryptfs_printk(KERN_WARNING, "Invalid packet set " 1146 ecryptfs_printk(KERN_WARNING, "Invalid packet set "
@@ -1209,8 +1206,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat,
1209 } 1206 }
1210leave_list: 1207leave_list:
1211 rc = -ENOTSUPP; 1208 rc = -ENOTSUPP;
1212 if ((ECRYPTFS_CHECK_FLAG(candidate_auth_tok->flags, 1209 if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) {
1213 ECRYPTFS_PRIVATE_KEY))) {
1214 memcpy(&(candidate_auth_tok->token.private_key), 1210 memcpy(&(candidate_auth_tok->token.private_key),
1215 &(chosen_auth_tok->token.private_key), 1211 &(chosen_auth_tok->token.private_key),
1216 sizeof(struct ecryptfs_private_key)); 1212 sizeof(struct ecryptfs_private_key));