diff options
Diffstat (limited to 'fs/ecryptfs/keystore.c')
-rw-r--r-- | fs/ecryptfs/keystore.c | 32 |
1 files changed, 14 insertions, 18 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 558d538e2b1f..c209f67e7a26 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
@@ -607,13 +607,13 @@ parse_tag_1_packet(struct ecryptfs_crypt_stat *crypt_stat, | |||
607 | (*new_auth_tok)->session_key.flags |= | 607 | (*new_auth_tok)->session_key.flags |= |
608 | ECRYPTFS_CONTAINS_ENCRYPTED_KEY; | 608 | ECRYPTFS_CONTAINS_ENCRYPTED_KEY; |
609 | (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY; | 609 | (*new_auth_tok)->token_type = ECRYPTFS_PRIVATE_KEY; |
610 | ECRYPTFS_SET_FLAG((*new_auth_tok)->flags, ECRYPTFS_PRIVATE_KEY); | 610 | (*new_auth_tok)->flags |= ECRYPTFS_PRIVATE_KEY; |
611 | /* TODO: Why are we setting this flag here? Don't we want the | 611 | /* TODO: Why are we setting this flag here? Don't we want the |
612 | * userspace to decrypt the session key? */ | 612 | * userspace to decrypt the session key? */ |
613 | ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, | 613 | (*new_auth_tok)->session_key.flags &= |
614 | ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); | 614 | ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); |
615 | ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, | 615 | (*new_auth_tok)->session_key.flags &= |
616 | ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); | 616 | ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); |
617 | list_add(&auth_tok_list_item->list, auth_tok_list); | 617 | list_add(&auth_tok_list_item->list, auth_tok_list); |
618 | goto out; | 618 | goto out; |
619 | out_free: | 619 | out_free: |
@@ -793,10 +793,10 @@ parse_tag_3_packet(struct ecryptfs_crypt_stat *crypt_stat, | |||
793 | (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD; | 793 | (*new_auth_tok)->token_type = ECRYPTFS_PASSWORD; |
794 | /* TODO: Parametarize; we might actually want userspace to | 794 | /* TODO: Parametarize; we might actually want userspace to |
795 | * decrypt the session key. */ | 795 | * decrypt the session key. */ |
796 | ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, | 796 | (*new_auth_tok)->session_key.flags &= |
797 | ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); | 797 | ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_DECRYPT); |
798 | ECRYPTFS_CLEAR_FLAG((*new_auth_tok)->session_key.flags, | 798 | (*new_auth_tok)->session_key.flags &= |
799 | ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); | 799 | ~(ECRYPTFS_USERSPACE_SHOULD_TRY_TO_ENCRYPT); |
800 | list_add(&auth_tok_list_item->list, auth_tok_list); | 800 | list_add(&auth_tok_list_item->list, auth_tok_list); |
801 | goto out; | 801 | goto out; |
802 | out_free: | 802 | out_free: |
@@ -941,8 +941,7 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
941 | int rc = 0; | 941 | int rc = 0; |
942 | 942 | ||
943 | password_s_ptr = &auth_tok->token.password; | 943 | password_s_ptr = &auth_tok->token.password; |
944 | if (ECRYPTFS_CHECK_FLAG(password_s_ptr->flags, | 944 | if (password_s_ptr->flags & ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET) |
945 | ECRYPTFS_SESSION_KEY_ENCRYPTION_KEY_SET)) | ||
946 | ecryptfs_printk(KERN_DEBUG, "Session key encryption key " | 945 | ecryptfs_printk(KERN_DEBUG, "Session key encryption key " |
947 | "set; skipping key generation\n"); | 946 | "set; skipping key generation\n"); |
948 | ecryptfs_printk(KERN_DEBUG, "Session key encryption key (size [%d])" | 947 | ecryptfs_printk(KERN_DEBUG, "Session key encryption key (size [%d])" |
@@ -1024,7 +1023,7 @@ static int decrypt_session_key(struct ecryptfs_auth_tok *auth_tok, | |||
1024 | auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY; | 1023 | auth_tok->session_key.flags |= ECRYPTFS_CONTAINS_DECRYPTED_KEY; |
1025 | memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key, | 1024 | memcpy(crypt_stat->key, auth_tok->session_key.decrypted_key, |
1026 | auth_tok->session_key.decrypted_key_size); | 1025 | auth_tok->session_key.decrypted_key_size); |
1027 | ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID); | 1026 | crypt_stat->flags |= ECRYPTFS_KEY_VALID; |
1028 | ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n"); | 1027 | ecryptfs_printk(KERN_DEBUG, "Decrypted session key:\n"); |
1029 | if (ecryptfs_verbosity > 0) | 1028 | if (ecryptfs_verbosity > 0) |
1030 | ecryptfs_dump_hex(crypt_stat->key, | 1029 | ecryptfs_dump_hex(crypt_stat->key, |
@@ -1127,8 +1126,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, | |||
1127 | sig_tmp_space, tag_11_contents_size); | 1126 | sig_tmp_space, tag_11_contents_size); |
1128 | new_auth_tok->token.password.signature[ | 1127 | new_auth_tok->token.password.signature[ |
1129 | ECRYPTFS_PASSWORD_SIG_SIZE] = '\0'; | 1128 | ECRYPTFS_PASSWORD_SIG_SIZE] = '\0'; |
1130 | ECRYPTFS_SET_FLAG(crypt_stat->flags, | 1129 | crypt_stat->flags |= ECRYPTFS_ENCRYPTED; |
1131 | ECRYPTFS_ENCRYPTED); | ||
1132 | break; | 1130 | break; |
1133 | case ECRYPTFS_TAG_1_PACKET_TYPE: | 1131 | case ECRYPTFS_TAG_1_PACKET_TYPE: |
1134 | rc = parse_tag_1_packet(crypt_stat, | 1132 | rc = parse_tag_1_packet(crypt_stat, |
@@ -1142,8 +1140,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, | |||
1142 | goto out_wipe_list; | 1140 | goto out_wipe_list; |
1143 | } | 1141 | } |
1144 | i += packet_size; | 1142 | i += packet_size; |
1145 | ECRYPTFS_SET_FLAG(crypt_stat->flags, | 1143 | crypt_stat->flags |= ECRYPTFS_ENCRYPTED; |
1146 | ECRYPTFS_ENCRYPTED); | ||
1147 | break; | 1144 | break; |
1148 | case ECRYPTFS_TAG_11_PACKET_TYPE: | 1145 | case ECRYPTFS_TAG_11_PACKET_TYPE: |
1149 | ecryptfs_printk(KERN_WARNING, "Invalid packet set " | 1146 | ecryptfs_printk(KERN_WARNING, "Invalid packet set " |
@@ -1209,8 +1206,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, | |||
1209 | } | 1206 | } |
1210 | leave_list: | 1207 | leave_list: |
1211 | rc = -ENOTSUPP; | 1208 | rc = -ENOTSUPP; |
1212 | if ((ECRYPTFS_CHECK_FLAG(candidate_auth_tok->flags, | 1209 | if (candidate_auth_tok->token_type == ECRYPTFS_PRIVATE_KEY) { |
1213 | ECRYPTFS_PRIVATE_KEY))) { | ||
1214 | memcpy(&(candidate_auth_tok->token.private_key), | 1210 | memcpy(&(candidate_auth_tok->token.private_key), |
1215 | &(chosen_auth_tok->token.private_key), | 1211 | &(chosen_auth_tok->token.private_key), |
1216 | sizeof(struct ecryptfs_private_key)); | 1212 | sizeof(struct ecryptfs_private_key)); |