On Tue, Aug 08, 2023 at 01:08:06PM -0400, Sweet Tea Dorminy wrote: > Currently, fscrypt_setup_v2_file_key() has a set of ifs which encode > various information about how to set up a new mode key if necessary for > a shared-key policy (DIRECT or IV_INO_LBLK_*). This is somewhat awkward > -- this information is only needed at the point that we need to setup a > new key, which is not the common case; the setup details are recorded as > function parameters relatively far from where they're actually used; and > at the point we use the parameters, we can derive the information > equally well. > > So this moves mode and policy checking as deep into the callstack as > possible. mk_prepared_key_for_mode_policy() deals with the array lookup > within a master key. And fill_hkdf_info_for mode_key() deals with > filling in the hkdf info as necessary for a particular policy. These > seem a little clearer in broad strokes, emphasizing the similarities > between the policies, but it does spread out the information on how the > key is derived for a particular policy more. > > Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@xxxxxxxxxx> Reviewed-by: Josef Bacik <josef@xxxxxxxxxxxxxx> Thanks, Josef
|