From: Mike Halcrow Move logic to deal with AES special cases into the function that performs string to cipher code mapping. Signed-off-by: Michael Halcrow DESC ecryptfs-more-elegant-aes-key-size-manipulation-tidy EDESC From: Andrew Morton - braces are useful - Dont' open-code ARRAY_SIZE() Cc: Michael Halcrow Signed-off-by: Andrew Morton --- fs/ecryptfs/crypto.c | 36 ++++++++++++++++++++++---------- fs/ecryptfs/ecryptfs_kernel.h | 2 - fs/ecryptfs/keystore.c | 21 ------------------ 3 files changed, 27 insertions(+), 32 deletions(-) diff -puN fs/ecryptfs/crypto.c~ecryptfs-more-elegant-aes-key-size-manipulation fs/ecryptfs/crypto.c --- a/fs/ecryptfs/crypto.c~ecryptfs-more-elegant-aes-key-size-manipulation +++ a/fs/ecryptfs/crypto.c @@ -1057,16 +1057,32 @@ ecryptfs_cipher_code_str_map[] = { * * Returns zero on no match, or the cipher code on match */ -u16 ecryptfs_code_for_cipher_string(char *str) +u16 ecryptfs_code_for_cipher_string(struct ecryptfs_crypt_stat *crypt_stat) { int i; - - for (i = 0; i < (sizeof(ecryptfs_cipher_code_str_map) - / sizeof(struct ecryptfs_cipher_code_str_map_elem)); - i++) - if (strcmp(str, ecryptfs_cipher_code_str_map[i].cipher_str)==0) - return ecryptfs_cipher_code_str_map[i].cipher_code; - return 0; + u16 code = 0; + struct ecryptfs_cipher_code_str_map_elem *map = + ecryptfs_cipher_code_str_map; + + if (strcmp(crypt_stat->cipher, "aes") == 0) { + switch (crypt_stat->key_size) { + case 16: + code = RFC2440_CIPHER_AES_128; + break; + case 24: + code = RFC2440_CIPHER_AES_192; + break; + case 32: + code = RFC2440_CIPHER_AES_256; + } + } else { + for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++) + if (strcmp(crypt_stat->cipher, map[i].cipher_str) == 0){ + code = map[i].cipher_code; + break; + } + } + return code; } /** @@ -1082,9 +1098,7 @@ int ecryptfs_cipher_code_to_string(char int i; str[0] = '\0'; - for (i = 0; i < (sizeof(ecryptfs_cipher_code_str_map) - / sizeof(struct ecryptfs_cipher_code_str_map_elem)); - i++) + for (i = 0; i < ARRAY_SIZE(ecryptfs_cipher_code_str_map); i++) if (cipher_code == ecryptfs_cipher_code_str_map[i].cipher_code) strcpy(str, ecryptfs_cipher_code_str_map[i].cipher_str); if (str[0] == '\0') { diff -puN fs/ecryptfs/ecryptfs_kernel.h~ecryptfs-more-elegant-aes-key-size-manipulation fs/ecryptfs/ecryptfs_kernel.h --- a/fs/ecryptfs/ecryptfs_kernel.h~ecryptfs-more-elegant-aes-key-size-manipulation +++ a/fs/ecryptfs/ecryptfs_kernel.h @@ -439,7 +439,7 @@ int ecryptfs_new_file_context(struct den int contains_ecryptfs_marker(char *data); int ecryptfs_read_header_region(char *data, struct dentry *dentry, struct nameidata *nd); -u16 ecryptfs_code_for_cipher_string(char *str); +u16 ecryptfs_code_for_cipher_string(struct ecryptfs_crypt_stat *crypt_stat); int ecryptfs_cipher_code_to_string(char *str, u16 cipher_code); void ecryptfs_set_default_sizes(struct ecryptfs_crypt_stat *crypt_stat); int ecryptfs_generate_key_packet_set(char *dest_base, diff -puN fs/ecryptfs/keystore.c~ecryptfs-more-elegant-aes-key-size-manipulation fs/ecryptfs/keystore.c --- a/fs/ecryptfs/keystore.c~ecryptfs-more-elegant-aes-key-size-manipulation +++ a/fs/ecryptfs/keystore.c @@ -923,32 +923,13 @@ encrypted_session_key_set: } (*packet_size) += packet_size_length; dest[(*packet_size)++] = 0x04; /* version 4 */ - cipher_code = ecryptfs_code_for_cipher_string(crypt_stat->cipher); + cipher_code = ecryptfs_code_for_cipher_string(crypt_stat); if (cipher_code == 0) { ecryptfs_printk(KERN_WARNING, "Unable to generate code for " "cipher [%s]\n", crypt_stat->cipher); rc = -EINVAL; goto out; } - /* If it is AES, we need to get more specific. */ - if (cipher_code == RFC2440_CIPHER_AES_128){ - switch (crypt_stat->key_size) { - case 16: - break; - case 24: - cipher_code = RFC2440_CIPHER_AES_192; - break; - case 32: - cipher_code = RFC2440_CIPHER_AES_256; - break; - default: - rc = -EINVAL; - ecryptfs_printk(KERN_WARNING, "Unsupported AES key " - "size: [%d]\n", - crypt_stat->key_size); - goto out; - } - } dest[(*packet_size)++] = cipher_code; dest[(*packet_size)++] = 0x03; /* S2K */ dest[(*packet_size)++] = 0x01; /* MD5 (TODO: parameterize) */ _