[PATCH] eCryptfs: open-code flag checking and manipulation

	mutex_init(&crypt_stat->cs_mutex);

	mutex_init(&crypt_stat->cs_mutex);

	mutex_init(&crypt_stat->cs_tfm_mutex);

	mutex_init(&crypt_stat->cs_tfm_mutex);

	mutex_init(&crypt_stat->cs_hash_tfm_mutex);

	mutex_init(&crypt_stat->cs_hash_tfm_mutex);

	ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_STRUCT_INITIALIZED);

	crypt_stat->flags |= ECRYPTFS_STRUCT_INITIALIZED;

}

}

/**

/**

	int rc = 0;

	int rc = 0;

	BUG_ON(!crypt_stat || !crypt_stat->tfm

	BUG_ON(!crypt_stat || !crypt_stat->tfm

	       || !ECRYPTFS_CHECK_FLAG(crypt_stat->flags,

	       || !(crypt_stat->flags & ECRYPTFS_STRUCT_INITIALIZED));

				       ECRYPTFS_STRUCT_INITIALIZED));

	if (unlikely(ecryptfs_verbosity > 0)) {

	if (unlikely(ecryptfs_verbosity > 0)) {

		ecryptfs_printk(KERN_DEBUG, "Key size [%d]; key:\n",

		ecryptfs_printk(KERN_DEBUG, "Key size [%d]; key:\n",

				crypt_stat->key_size);

				crypt_stat->key_size);

	lower_inode = ecryptfs_inode_to_lower(ctx->page->mapping->host);

	lower_inode = ecryptfs_inode_to_lower(ctx->page->mapping->host);

	inode_info = ecryptfs_inode_to_private(ctx->page->mapping->host);

	inode_info = ecryptfs_inode_to_private(ctx->page->mapping->host);

	crypt_stat = &inode_info->crypt_stat;

	crypt_stat = &inode_info->crypt_stat;

	if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED)) {

	if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {

		rc = ecryptfs_copy_page_to_lower(ctx->page, lower_inode,

		rc = ecryptfs_copy_page_to_lower(ctx->page, lower_inode,

						 ctx->param.lower_file);

						 ctx->param.lower_file);

		if (rc)

		if (rc)

	crypt_stat = &(ecryptfs_inode_to_private(

	crypt_stat = &(ecryptfs_inode_to_private(

			       page->mapping->host)->crypt_stat);

			       page->mapping->host)->crypt_stat);

	lower_inode = ecryptfs_inode_to_lower(page->mapping->host);

	lower_inode = ecryptfs_inode_to_lower(page->mapping->host);

	if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED)) {

	if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {

		rc = ecryptfs_do_readpage(file, page, page->index);

		rc = ecryptfs_do_readpage(file, page, page->index);

		if (rc)

		if (rc)

			ecryptfs_printk(KERN_ERR, "Error attempting to copy "

			ecryptfs_printk(KERN_ERR, "Error attempting to copy "

	BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE);

	BUG_ON(crypt_stat->iv_bytes > MD5_DIGEST_SIZE);

	BUG_ON(crypt_stat->iv_bytes <= 0);

	BUG_ON(crypt_stat->iv_bytes <= 0);

	if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID)) {

	if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {

		rc = -EINVAL;

		rc = -EINVAL;

		ecryptfs_printk(KERN_WARNING, "Session key not valid; "

		ecryptfs_printk(KERN_WARNING, "Session key not valid; "

				"cannot generate root IV\n");

				"cannot generate root IV\n");

out:

out:

	if (rc) {

	if (rc) {

		memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes);

		memset(crypt_stat->root_iv, 0, crypt_stat->iv_bytes);

		ECRYPTFS_SET_FLAG(crypt_stat->flags,

		crypt_stat->flags |= ECRYPTFS_SECURITY_WARNING;

				  ECRYPTFS_SECURITY_WARNING);

	}

	}

	return rc;

	return rc;

}

}

static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat)

static void ecryptfs_generate_new_key(struct ecryptfs_crypt_stat *crypt_stat)

{

{

	get_random_bytes(crypt_stat->key, crypt_stat->key_size);

	get_random_bytes(crypt_stat->key, crypt_stat->key_size);

	ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID);

	crypt_stat->flags |= ECRYPTFS_KEY_VALID;

	ecryptfs_compute_root_iv(crypt_stat);

	ecryptfs_compute_root_iv(crypt_stat);

	if (unlikely(ecryptfs_verbosity > 0)) {

	if (unlikely(ecryptfs_verbosity > 0)) {

		ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n");

		ecryptfs_printk(KERN_DEBUG, "Generated new session key:\n");

	ecryptfs_set_default_sizes(crypt_stat);

	ecryptfs_set_default_sizes(crypt_stat);

	strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);

	strcpy(crypt_stat->cipher, ECRYPTFS_DEFAULT_CIPHER);

	crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES;

	crypt_stat->key_size = ECRYPTFS_DEFAULT_KEY_BYTES;

	ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID);

	crypt_stat->flags &= ~(ECRYPTFS_KEY_VALID);

	crypt_stat->file_version = ECRYPTFS_FILE_VERSION;

	crypt_stat->file_version = ECRYPTFS_FILE_VERSION;

	crypt_stat->mount_crypt_stat = mount_crypt_stat;

	crypt_stat->mount_crypt_stat = mount_crypt_stat;

}

}

	if (mount_crypt_stat->global_auth_tok) {

	if (mount_crypt_stat->global_auth_tok) {

		ecryptfs_printk(KERN_DEBUG, "Initializing context for new "

		ecryptfs_printk(KERN_DEBUG, "Initializing context for new "

				"file using mount_crypt_stat\n");

				"file using mount_crypt_stat\n");

		ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED);

		crypt_stat->flags |= ECRYPTFS_ENCRYPTED;

		ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_KEY_VALID);

		crypt_stat->flags |= ECRYPTFS_KEY_VALID;

		ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,

		ecryptfs_copy_mount_wide_flags_to_inode_flags(crypt_stat,

							      mount_crypt_stat);

							      mount_crypt_stat);

		memcpy(crypt_stat->keysigs[crypt_stat->num_keysigs++],

		memcpy(crypt_stat->keysigs[crypt_stat->num_keysigs++],

	for (i = 0; i < ((sizeof(ecryptfs_flag_map)

	for (i = 0; i < ((sizeof(ecryptfs_flag_map)

			  / sizeof(struct ecryptfs_flag_map_elem))); i++)

			  / sizeof(struct ecryptfs_flag_map_elem))); i++)

		if (flags & ecryptfs_flag_map[i].file_flag) {

		if (flags & ecryptfs_flag_map[i].file_flag) {

			ECRYPTFS_SET_FLAG(crypt_stat->flags,

			crypt_stat->flags |= ecryptfs_flag_map[i].local_flag;

					  ecryptfs_flag_map[i].local_flag);

		} else

		} else

			ECRYPTFS_CLEAR_FLAG(crypt_stat->flags,

			crypt_stat->flags &= ~(ecryptfs_flag_map[i].local_flag);

					    ecryptfs_flag_map[i].local_flag);

	/* Version is in top 8 bits of the 32-bit flag vector */

	/* Version is in top 8 bits of the 32-bit flag vector */

	crypt_stat->file_version = ((flags >> 24) & 0xFF);

	crypt_stat->file_version = ((flags >> 24) & 0xFF);

	(*bytes_read) = 4;

	(*bytes_read) = 4;

	for (i = 0; i < ((sizeof(ecryptfs_flag_map)

	for (i = 0; i < ((sizeof(ecryptfs_flag_map)

			  / sizeof(struct ecryptfs_flag_map_elem))); i++)

			  / sizeof(struct ecryptfs_flag_map_elem))); i++)

		if (ECRYPTFS_CHECK_FLAG(crypt_stat->flags,

		if (crypt_stat->flags & ecryptfs_flag_map[i].local_flag)

					ecryptfs_flag_map[i].local_flag))

			flags |= ecryptfs_flag_map[i].file_flag;

			flags |= ecryptfs_flag_map[i].file_flag;

	/* Version is in top 8 bits of the 32-bit flag vector */

	/* Version is in top 8 bits of the 32-bit flag vector */

	flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000);

	flags |= ((((u8)crypt_stat->file_version) << 24) & 0xFF000000);

	crypt_stat = &ecryptfs_inode_to_private(

	crypt_stat = &ecryptfs_inode_to_private(

		ecryptfs_dentry->d_inode)->crypt_stat;

		ecryptfs_dentry->d_inode)->crypt_stat;

	if (likely(ECRYPTFS_CHECK_FLAG(crypt_stat->flags,

	if (likely(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) {

				       ECRYPTFS_ENCRYPTED))) {

		if (!(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {

		if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags,

					 ECRYPTFS_KEY_VALID)) {

			ecryptfs_printk(KERN_DEBUG, "Key is "

			ecryptfs_printk(KERN_DEBUG, "Key is "

					"invalid; bailing out\n");

					"invalid; bailing out\n");

			rc = -EINVAL;

			rc = -EINVAL;

	ecryptfs_printk(KERN_DEBUG, "Auth tok at mem loc [%p]:\n",

	ecryptfs_printk(KERN_DEBUG, "Auth tok at mem loc [%p]:\n",

			auth_tok);

			auth_tok);

	if (ECRYPTFS_CHECK_FLAG(auth_tok->flags, ECRYPTFS_PRIVATE_KEY)) {

	if (auth_tok->flags & ECRYPTFS_PRIVATE_KEY) {

		ecryptfs_printk(KERN_DEBUG, " * private key type\n");

		ecryptfs_printk(KERN_DEBUG, " * private key type\n");

		ecryptfs_printk(KERN_DEBUG, " * (NO PRIVATE KEY SUPPORT "

		ecryptfs_printk(KERN_DEBUG, " * (NO PRIVATE KEY SUPPORT "

				"IN ECRYPTFS VERSION 0.1)\n");

				"IN ECRYPTFS VERSION 0.1)\n");

				ECRYPTFS_SALT_SIZE);

				ECRYPTFS_SALT_SIZE);

		salt[ECRYPTFS_SALT_SIZE * 2] = '\0';

		salt[ECRYPTFS_SALT_SIZE * 2] = '\0';

		ecryptfs_printk(KERN_DEBUG, " * salt = [%s]\n", salt);

		ecryptfs_printk(KERN_DEBUG, " * salt = [%s]\n", salt);

		if (ECRYPTFS_CHECK_FLAG(auth_tok->token.password.flags,

		if (auth_tok->token.password.flags &

					ECRYPTFS_PERSISTENT_PASSWORD)) {

		    ECRYPTFS_PERSISTENT_PASSWORD) {

			ecryptfs_printk(KERN_DEBUG, " * persistent\n");

			ecryptfs_printk(KERN_DEBUG, " * persistent\n");

		}

		}

		memcpy(sig, auth_tok->token.password.signature,

		memcpy(sig, auth_tok->token.password.signature,

#define RFC2440_CIPHER_TWOFISH 0x0a

#define RFC2440_CIPHER_TWOFISH 0x0a

#define RFC2440_CIPHER_CAST_6 0x0b

#define RFC2440_CIPHER_CAST_6 0x0b

#define ECRYPTFS_SET_FLAG(flag_bit_vector, flag) (flag_bit_vector |= (flag))

#define ECRYPTFS_CLEAR_FLAG(flag_bit_vector, flag) (flag_bit_vector &= ~(flag))

#define ECRYPTFS_CHECK_FLAG(flag_bit_vector, flag) (flag_bit_vector & (flag))

#define RFC2440_CIPHER_RSA 0x01

#define RFC2440_CIPHER_RSA 0x01

/**

/**

	lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);

	lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);

	crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;

	crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;

	mutex_lock(&crypt_stat->cs_mutex);

	mutex_lock(&crypt_stat->cs_mutex);

	if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED)) {

	if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) {

		ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n");

		ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n");

		/* Policy code enabled in future release */

		/* Policy code enabled in future release */

		ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED);

		crypt_stat->flags |= ECRYPTFS_POLICY_APPLIED;

		ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED);

		crypt_stat->flags |= ECRYPTFS_ENCRYPTED;

	}

	}

	mutex_unlock(&crypt_stat->cs_mutex);

	mutex_unlock(&crypt_stat->cs_mutex);

	lower_flags = file->f_flags;

	lower_flags = file->f_flags;

	lower_inode = lower_dentry->d_inode;

	lower_inode = lower_dentry->d_inode;

	if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {

	if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {

		ecryptfs_printk(KERN_DEBUG, "This is a directory\n");

		ecryptfs_printk(KERN_DEBUG, "This is a directory\n");

		ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED);

		crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);

		rc = 0;

		rc = 0;

		goto out;

		goto out;

	}

	}

	mutex_lock(&crypt_stat->cs_mutex);

	mutex_lock(&crypt_stat->cs_mutex);

	if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags,

	if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)

				 ECRYPTFS_POLICY_APPLIED)

	    || !(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {

	    || !ECRYPTFS_CHECK_FLAG(crypt_stat->flags,

				    ECRYPTFS_KEY_VALID)) {

		rc = ecryptfs_read_metadata(ecryptfs_dentry, lower_file);

		rc = ecryptfs_read_metadata(ecryptfs_dentry, lower_file);

		if (rc) {

		if (rc) {

			ecryptfs_printk(KERN_DEBUG,

			ecryptfs_printk(KERN_DEBUG,

				mutex_unlock(&crypt_stat->cs_mutex);

				mutex_unlock(&crypt_stat->cs_mutex);

				goto out_puts;

				goto out_puts;

			}

			}

			ECRYPTFS_CLEAR_FLAG(crypt_stat->flags,

					    ECRYPTFS_ENCRYPTED);

			rc = 0;

			rc = 0;

			crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);

			mutex_unlock(&crypt_stat->cs_mutex);

			mutex_unlock(&crypt_stat->cs_mutex);

			goto out;

			goto out;

		}

		}

	ecryptfs_set_file_lower(&fake_file, lower_file);

	ecryptfs_set_file_lower(&fake_file, lower_file);

	rc = ecryptfs_fill_zeros(&fake_file, 1);

	rc = ecryptfs_fill_zeros(&fake_file, 1);

	if (rc) {

	if (rc) {

		ECRYPTFS_SET_FLAG(

		ecryptfs_inode_to_private(inode)->crypt_stat.flags |=

			ecryptfs_inode_to_private(inode)->crypt_stat.flags,

			ECRYPTFS_SECURITY_WARNING;

			ECRYPTFS_SECURITY_WARNING);

		ecryptfs_printk(KERN_WARNING, "Error attempting to fill zeros "

		ecryptfs_printk(KERN_WARNING, "Error attempting to fill zeros "

				"in file; rc = [%d]\n", rc);

				"in file; rc = [%d]\n", rc);

		goto out;

		goto out;

	ecryptfs_write_inode_size_to_metadata(lower_file, lower_inode, inode,

	ecryptfs_write_inode_size_to_metadata(lower_file, lower_inode, inode,

					      ecryptfs_dentry,

					      ecryptfs_dentry,

					      ECRYPTFS_LOWER_I_MUTEX_NOT_HELD);

					      ECRYPTFS_LOWER_I_MUTEX_NOT_HELD);

	ECRYPTFS_SET_FLAG(ecryptfs_inode_to_private(inode)->crypt_stat.flags,

	ecryptfs_inode_to_private(inode)->crypt_stat.flags |= ECRYPTFS_NEW_FILE;

			  ECRYPTFS_NEW_FILE);

out:

out:

	return rc;

	return rc;

}

}

	lower_inode = lower_dentry->d_inode;

	lower_inode = lower_dentry->d_inode;

	if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {

	if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {

		ecryptfs_printk(KERN_DEBUG, "This is a directory\n");

		ecryptfs_printk(KERN_DEBUG, "This is a directory\n");

		ECRYPTFS_CLEAR_FLAG(crypt_stat->flags, ECRYPTFS_ENCRYPTED);

		crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);

		goto out_fput;

		goto out_fput;

	}

	}

	ECRYPTFS_SET_FLAG(crypt_stat->flags, ECRYPTFS_NEW_FILE);

	crypt_stat->flags |= ECRYPTFS_NEW_FILE;

	ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");

	ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n");

	rc = ecryptfs_new_file_context(ecryptfs_dentry);

	rc = ecryptfs_new_file_context(ecryptfs_dentry);

	if (rc) {

	if (rc) {

		goto out_dput;

		goto out_dput;

	}

	}

	crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;

	crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat;

	if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED))

	if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED))

		ecryptfs_set_default_sizes(crypt_stat);

		ecryptfs_set_default_sizes(crypt_stat);

	rc = ecryptfs_read_and_validate_header_region(page_virt, lower_dentry,

	rc = ecryptfs_read_and_validate_header_region(page_virt, lower_dentry,

						      nd->mnt);

						      nd->mnt);