Fix ZFS crypto error types.

* grub-core/fs/zfs/zfscrypt.c (grub_ccm_decrypt): Fix return type.
	(grub_gcm_decrypt): Likewise.
	(grub_zfs_load_key_real): Fix error code type. Handle possible error
	from PBKDF2.
This commit is contained in:
Vladimir 'phcoder' Serbinenko 2011-11-08 16:07:27 +01:00
parent 958ee22168
commit 4a19b6017d
2 changed files with 26 additions and 11 deletions

View file

@ -1,3 +1,12 @@
2011-11-08 Vladimir Serbinenko <phcoder@gmail.com>
Fix ZFS crypto error types.
* grub-core/fs/zfs/zfscrypt.c (grub_ccm_decrypt): Fix return type.
(grub_gcm_decrypt): Likewise.
(grub_zfs_load_key_real): Fix error code type. Handle possible error
from PBKDF2.
2011-11-08 Vladimir Serbinenko <phcoder@gmail.com> 2011-11-08 Vladimir Serbinenko <phcoder@gmail.com>
Illumos support. Illumos support.

View file

@ -90,7 +90,7 @@ grub_zfs_add_key (grub_uint8_t *key_in,
return GRUB_ERR_NONE; return GRUB_ERR_NONE;
} }
static grub_err_t static gcry_err_code_t
grub_ccm_decrypt (grub_crypto_cipher_handle_t cipher, grub_ccm_decrypt (grub_crypto_cipher_handle_t cipher,
grub_uint8_t *out, const grub_uint8_t *in, grub_uint8_t *out, const grub_uint8_t *in,
grub_size_t psize, grub_size_t psize,
@ -101,7 +101,7 @@ grub_ccm_decrypt (grub_crypto_cipher_handle_t cipher,
grub_uint8_t mul[16]; grub_uint8_t mul[16];
grub_uint32_t mac[4]; grub_uint32_t mac[4];
unsigned i, j; unsigned i, j;
grub_err_t err; gcry_err_code_t err;
grub_memcpy (iv + 1, nonce, 15 - l); grub_memcpy (iv + 1, nonce, 15 - l);
@ -173,7 +173,7 @@ grub_gcm_mul (grub_uint8_t *a, const grub_uint8_t *b)
grub_memcpy (a, res, 16); grub_memcpy (a, res, 16);
} }
static grub_err_t static gcry_err_code_t
grub_gcm_decrypt (grub_crypto_cipher_handle_t cipher, grub_gcm_decrypt (grub_crypto_cipher_handle_t cipher,
grub_uint8_t *out, const grub_uint8_t *in, grub_uint8_t *out, const grub_uint8_t *in,
grub_size_t psize, grub_size_t psize,
@ -184,7 +184,7 @@ grub_gcm_decrypt (grub_crypto_cipher_handle_t cipher,
grub_uint8_t mul[16]; grub_uint8_t mul[16];
grub_uint8_t mac[16], h[16], mac_xor[16]; grub_uint8_t mac[16], h[16], mac_xor[16];
unsigned i, j; unsigned i, j;
grub_err_t err; gcry_err_code_t err;
grub_memset (mac, 0, sizeof (mac)); grub_memset (mac, 0, sizeof (mac));
@ -243,7 +243,7 @@ grub_gcm_decrypt (grub_crypto_cipher_handle_t cipher,
} }
static grub_err_t static gcry_err_code_t
algo_decrypt (grub_crypto_cipher_handle_t cipher, grub_uint64_t algo, algo_decrypt (grub_crypto_cipher_handle_t cipher, grub_uint64_t algo,
grub_uint8_t *out, const grub_uint8_t *in, grub_uint8_t *out, const grub_uint8_t *in,
grub_size_t psize, grub_size_t psize,
@ -307,7 +307,6 @@ grub_zfs_load_key_real (const struct grub_zfs_key *key,
unsigned keylen; unsigned keylen;
struct grub_zfs_wrap_key *wrap_key; struct grub_zfs_wrap_key *wrap_key;
grub_crypto_cipher_handle_t ret = NULL; grub_crypto_cipher_handle_t ret = NULL;
grub_err_t err;
if (keysize != sizeof (*key)) if (keysize != sizeof (*key))
{ {
@ -327,6 +326,7 @@ grub_zfs_load_key_real (const struct grub_zfs_key *key,
{ {
grub_crypto_cipher_handle_t cipher; grub_crypto_cipher_handle_t cipher;
grub_uint8_t decrypted[32], mac[32], wrap_key_real[32]; grub_uint8_t decrypted[32], mac[32], wrap_key_real[32];
gcry_err_code_t err;
cipher = grub_crypto_cipher_open (GRUB_CIPHER_AES); cipher = grub_crypto_cipher_open (GRUB_CIPHER_AES);
if (!cipher) if (!cipher)
{ {
@ -334,15 +334,21 @@ grub_zfs_load_key_real (const struct grub_zfs_key *key,
return 0; return 0;
} }
grub_memset (wrap_key_real, 0, sizeof (wrap_key_real)); grub_memset (wrap_key_real, 0, sizeof (wrap_key_real));
err = 0;
if (!wrap_key->is_passphrase) if (!wrap_key->is_passphrase)
grub_memcpy(wrap_key_real, wrap_key->key, grub_memcpy(wrap_key_real, wrap_key->key,
wrap_key->keylen < keylen ? wrap_key->keylen : keylen); wrap_key->keylen < keylen ? wrap_key->keylen : keylen);
else else
grub_crypto_pbkdf2 (GRUB_MD_SHA1, err = grub_crypto_pbkdf2 (GRUB_MD_SHA1,
(const grub_uint8_t *) wrap_key->key, (const grub_uint8_t *) wrap_key->key,
wrap_key->keylen, wrap_key->keylen,
(const grub_uint8_t *) &salt, sizeof (salt), (const grub_uint8_t *) &salt, sizeof (salt),
1000, wrap_key_real, keylen); 1000, wrap_key_real, keylen);
if (err)
{
grub_errno = GRUB_ERR_NONE;
continue;
}
err = grub_crypto_cipher_set_key (cipher, wrap_key_real, err = grub_crypto_cipher_set_key (cipher, wrap_key_real,
keylen); keylen);