Commit a97de38b authored by Andrea Gelmini's avatar Andrea Gelmini Committed by Milan Broz

Fix typos.

parent 444eac35
......@@ -2475,7 +2475,7 @@ offset length name data type description
More details:
Cipher, mode and pasword hash (or no hash):
Cipher, mode and password hash (or no hash):
-e cipher [-N] => -c cipher-cbc-plain -H plain [-s 256]
-e cipher => -c cipher-cbc-plain -H ripemd160 [-s 256]
......@@ -2616,7 +2616,7 @@ My take is this was much more driven by some big egos that wanted
to make a splash for self-aggrandizement, than by any actual
security concerns. Ignore it.
* 9.3 How do I do my own inird with cryptsetup?
* 9.3 How do I do my own initrd with cryptsetup?
It depends on the distribution. Below, I give a very simple example
and step-by-step instructions for Debian. With a bit of work, it
......
......@@ -44,7 +44,7 @@ The simplest way to compile this package is:
`sh ./configure' instead to prevent `csh' from trying to execute
`configure' itself.
Running `configure' takes awhile. While running, it prints some
Running `configure' takes a while. While running, it prints some
messages telling which features it is checking for.
2. Type `make' to compile the package.
......
......@@ -26,7 +26,7 @@ Last version of the LUKS format specification is
Why LUKS?
---------
* compatiblity via standardization,
* compatibility via standardization,
* secure against low entropy attacks,
* support for multiple keys,
* effective passphrase revocation,
......
......@@ -178,7 +178,7 @@
* Document cryptsetup exit codes.
2011-03-18 Milan Broz <mbroz@redhat.com>
* Respect maximum keyfile size paramater.
* Respect maximum keyfile size parameter.
* Introduce maximum default keyfile size, add configure option.
* Require the whole key read from keyfile in create command (broken in 1.2.0).
* Fix offset option for loopaesOpen.
......@@ -334,13 +334,13 @@
* Version 1.1.0.
2010-01-10 Milan Broz <mbroz@redhat.com>
* Fix initialisation of gcrypt duting luksFormat.
* Convert hash name to lower case in header (fix sha1 backward comatible header)
* Fix initialisation of gcrypt during luksFormat.
* Convert hash name to lower case in header (fix sha1 backward compatible header)
* Check for minimum required gcrypt version.
2009-12-30 Milan Broz <mbroz@redhat.com>
* Fix key slot iteration count calculation (small -i value was the same as default).
* The slot and key digest iteration minimun is now 1000.
* The slot and key digest iteration minimum is now 1000.
* The key digest iteration # is calculated from iteration time (approx 1/8 of that).
* Version 1.1.0-rc4.
......@@ -395,16 +395,16 @@
* Require device device-mapper to build and do not use backend wrapper for dm calls.
* Move memory locking and dm initialization to command layer.
* Increase priority of process if memory is locked.
* Add log macros and make logging modre consitent.
* Add log macros and make logging more consistent.
* Move command successful messages to verbose level.
* Introduce --debug parameter.
* Move device utils code and provide context parameter (for log).
* Keyfile now must be provided by path, only stdin file descriptor is used (api only).
* Do not call isatty() on closed keyfile descriptor.
* Run performance check for PBKDF2 from LUKS code, do not mix hash algoritms results.
* Run performance check for PBKDF2 from LUKS code, do not mix hash algorithms results.
* Add ability to provide pre-generated master key and UUID in LUKS header format.
* Add LUKS function to verify master key digest.
* Move key slot manuipulation function into LUKS specific code.
* Move key slot manipulation function into LUKS specific code.
* Replace global options struct with separate parameters in helper functions.
* Add new libcryptsetup API (documented in libcryptsetup.h).
* Implement old API calls using new functions.
......@@ -412,7 +412,7 @@
* Add --master-key-file option for luksFormat and luksAddKey.
2009-08-17 Milan Broz <mbroz@redhat.com>
* Fix PBKDF2 speed calculation for large passhrases.
* Fix PBKDF2 speed calculation for large passphrases.
* Allow using passphrase provided in options struct for LuksOpen.
* Allow restrict keys size in LuksOpen.
......@@ -424,7 +424,7 @@
* Switch PBKDF2 from internal SHA1 to libgcrypt, make hash algorithm not hardcoded to SHA1 here.
* Add required parameters for changing hash used in LUKS key setup scheme.
* Do not export simple XOR helper now used only inside AF functions.
* Completely remove internal SHA1 implementanion code, not needed anymore.
* Completely remove internal SHA1 implementation code, not needed anymore.
* Enable hash algorithm selection for LUKS through -h luksFormat option.
2009-07-28 Milan Broz <mbroz@redhat.com>
......@@ -705,7 +705,7 @@
2005-12-06 Clemens Fruhwirth <clemens@endorphin.org>
* man/cryptsetup.8: Correct "seconds" to "microseconds" in the explaination for -i.
* man/cryptsetup.8: Correct "seconds" to "microseconds" in the explanation for -i.
2005-11-09 Clemens Fruhwirth <clemens@endorphin.org>
......@@ -726,7 +726,7 @@
2005-09-08 Clemens Fruhwirth <clemens@endorphin.org>
* lib/setup.c (get_key): Fixed another incompatiblity with
* lib/setup.c (get_key): Fixed another incompatibility with
original cryptsetup.
2005-08-20 Clemens Fruhwirth <clemens@endorphin.org>
......@@ -816,7 +816,7 @@
* man/cryptsetup.1: Add man page.
* lib/setup.c: Remove unneccessary LUKS_write_phdr call, so the
* lib/setup.c: Remove unnecessary LUKS_write_phdr call, so the
phdr is written after passphrase reading, so the user can change
his mind, and not have a partial written LUKS header on it's disk.
......
......@@ -15,7 +15,7 @@ Important changes
* NSS (because of missing ripemd160 it cannot provide full backward compatibility)
* kernel userspace API (provided by kernel 2.6.38 and above)
(Note that kernel userspace backend is very slow for this type of operation.
But it can be usefull for embedded systems, because you can avoid userspace
But it can be useful for embedded systems, because you can avoid userspace
crypto library completely.)
Backend is selected during configure time, using --with-crypto_backend option.
......
......@@ -89,7 +89,7 @@ WARNING: This release removes old deprecated API from libcryptsetup
(It can be used to simulate trivial hidden disk concepts.)
libcryptsetup API changes:
* Added options to suport detached metadata device
* Added options to support detached metadata device
crypt_init_by_name_and_header()
crypt_set_data_device()
* Add crypt_last_error() API call.
......
......@@ -481,7 +481,7 @@ Other changes
For LUKS2 it is always better to specify full settings (do not rely on default
cost values).
For example, we can set to use Argon2id with iteration cost 5, memory 128000
and paralell set 1:
and parallel set 1:
$ cryptsetup luksFormat --type luks2 <device> \
--pbkdf argon2id --pbkdf-force-iterations 5 --pbkdf-memory 128000 --pbkdf-parallel 1
......
......@@ -53,7 +53,7 @@ int crypt_hmac_write(struct crypt_hmac *ctx, const char *buffer, size_t length);
int crypt_hmac_final(struct crypt_hmac *ctx, char *buffer, size_t length);
int crypt_hmac_destroy(struct crypt_hmac *ctx);
/* RNG (if fips paramater set, must provide FIPS compliance) */
/* RNG (if fips parameter set, must provide FIPS compliance) */
enum { CRYPT_RND_NORMAL = 0, CRYPT_RND_KEY = 1, CRYPT_RND_SALT = 2 };
int crypt_backend_rng(char *buffer, size_t length, int quality, int fips);
......
......@@ -239,7 +239,7 @@ struct crypt_pbkdf_type {
*
* @return 0 on success or negative errno value otherwise.
*
* @note For LUKS1, only PBKDF2 is suppported, other settings will be rejected.
* @note For LUKS1, only PBKDF2 is supported, other settings will be rejected.
* @note For non-LUKS context types the call succeeds, but PBKDF is not used.
*/
int crypt_set_pbkdf_type(struct crypt_device *cd,
......@@ -511,7 +511,7 @@ struct crypt_params_luks2 {
*
* @note Note that crypt_format does not enable any keyslot (in case of work with LUKS device),
* but it stores volume key internally and subsequent crypt_keyslot_add_* calls can be used.
* @note For VERITY @link crypt-type @endlink, only uuid parameter is used, others paramaters
* @note For VERITY @link crypt-type @endlink, only uuid parameter is used, other parameters
* are ignored and verity specific attributes are set through mandatory params option.
*/
int crypt_format(struct crypt_device *cd,
......@@ -1648,7 +1648,7 @@ typedef enum {
crypt_token_info crypt_token_status(struct crypt_device *cd, int token, const char **type);
/**
* LUKS2 keyring token paramaters.
* LUKS2 keyring token parameters.
*
* @see crypt_token_builtin_set
*
......
......@@ -1155,7 +1155,7 @@ static int check_retry(uint32_t *dmd_flags, uint32_t dmt_flags)
/* If kernel keyring is not supported load key directly in dm-crypt */
if ((*dmd_flags & CRYPT_ACTIVATE_KEYRING_KEY) &&
!(dmt_flags & DM_KERNEL_KEYRING_SUPPORTED)) {
log_dbg("dm-crypt doesn't suport kernel keyring");
log_dbg("dm-crypt doesn't support kernel keyring");
*dmd_flags = *dmd_flags & ~CRYPT_ACTIVATE_KEYRING_KEY;
ret = 1;
}
......@@ -1288,7 +1288,7 @@ int dm_status_device(struct crypt_device *cd, const char *name)
struct stat st;
/* libdevmapper is too clever and handles
* path argument differenly with error.
* path argument differently with error.
* Fail early here if parameter is non-existent path.
*/
if (strchr(name, '/') && stat(name, &st) < 0)
......
......@@ -457,7 +457,7 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
}
/*
* check repair result before writting because repair can't fix out of order
* check repair result before writing because repair can't fix out of order
* keyslot offsets and would corrupt header again
*/
if (LUKS_check_keyslots(ctx, phdr))
......@@ -539,7 +539,7 @@ static void _to_lower(char *str, unsigned max_len)
static void LUKS_fix_header_compatible(struct luks_phdr *header)
{
/* Old cryptsetup expects "sha1", gcrypt allows case insensistive names,
/* Old cryptsetup expects "sha1", gcrypt allows case insensitive names,
* so always convert hash to lower case in header */
_to_lower(header->hashSpec, LUKS_HASHSPEC_L);
......@@ -865,7 +865,7 @@ int LUKS_set_key(unsigned int keyIndex,
return -EINVAL;
}
/* LUKS keyslot has always at least 4000 stripes accoding to specification */
/* LUKS keyslot has always at least 4000 stripes according to specification */
if(hdr->keyblock[keyIndex].stripes < 4000) {
log_err(ctx, _("Key slot %d material includes too few stripes. Header manipulation?\n"),
keyIndex);
......
......@@ -182,7 +182,7 @@ static void hdr_to_disk(struct luks2_hdr *hdr,
}
/*
* Sanity checks before checkum is validated
* Sanity checks before checksum is validated
*/
static int hdr_disk_sanity_check_pre(struct luks2_hdr_disk *hdr,
size_t *hdr_json_size, int secondary,
......@@ -324,7 +324,7 @@ static int hdr_write_disk(struct device *device, struct luks2_hdr *hdr,
}
/*
* Calculate checksum and write header with checkum.
* Calculate checksum and write header with checksum.
*/
r = hdr_checksum_calculate(hdr_disk.checksum_alg, &hdr_disk,
json_area, hdr_json_len);
......@@ -504,7 +504,7 @@ static json_object *parse_and_validate_json(const char *json_area, int length)
if (!jobj)
return NULL;
/* successfull parse_json_len must not return offset <= 0 */
/* successful parse_json_len must not return offset <= 0 */
assert(offset > 0);
r = validate_json_area(json_area, offset, length);
......
......@@ -844,7 +844,7 @@ static void LUKS2_hdr_free_unused_objects(struct crypt_device *cd, struct luks2_
int LUKS2_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr)
{
/* FIXME: we risk to hide future intenal implementation bugs with this */
/* FIXME: we risk to hide future internal implementation bugs with this */
LUKS2_hdr_free_unused_objects(cd, hdr);
if (LUKS2_hdr_validate(hdr->jobj))
......@@ -1317,7 +1317,7 @@ int LUKS2_config_set_requirements(struct crypt_device *cd, struct luks2_hdr *hdr
/* any remaining bit in requirements is unknown therefore illegal */
if (reqs) {
log_dbg("Illegal requiremnt flag(s) requested");
log_dbg("Illegal requirement flag(s) requested");
goto err;
}
......
......@@ -3959,7 +3959,7 @@ int crypt_convert(struct crypt_device *cd,
return crypt_load(cd, type, params);
}
/* Internall access function to header pointer */
/* Internal access function to header pointer */
void *crypt_get_hdr(struct crypt_device *cd, const char *type)
{
/* If requested type differs, ignore it */
......
......@@ -350,7 +350,7 @@ static int TCRYPT_decrypt_hdr_one(struct tcrypt_alg *alg, const char *mode,
}
/*
* For chanined ciphers and CBC mode we need "outer" decryption.
* For chained ciphers and CBC mode we need "outer" decryption.
* Backend doesn't provide this, so implement it here directly using ECB.
*/
static int TCRYPT_decrypt_cbci(struct tcrypt_algs *ciphers,
......@@ -775,7 +775,7 @@ int TCRYPT_activate(struct crypt_device *cd,
return r;
}
/* Frome here, key size for every cipher must be the same */
/* From here, key size for every cipher must be the same */
dmd.u.crypt.vk = crypt_alloc_volume_key(algs->cipher[0].key_size +
algs->cipher[0].key_extra_size, NULL);
if (!dmd.u.crypt.vk) {
......
......@@ -421,7 +421,7 @@ int crypt_keyfile_read(struct crypt_device *cd, const char *keyfile,
goto out_err;
}
/* If not requsted otherwise, we limit input to prevent memory exhaustion */
/* If not requested otherwise, we limit input to prevent memory exhaustion */
if (keyfile_size_max == 0) {
keyfile_size_max = DEFAULT_KEYFILE_SIZE_MAXKB * 1024 + 1;
unlimited_read = 1;
......
/*
* libcryptsetup - cryptsetup library, cipher bechmark
* libcryptsetup - cryptsetup library, cipher benchmark
*
* Copyright (C) 2012-2017, Red Hat, Inc. All rights reserved.
* Copyright (C) 2012-2017, Milan Broz
......@@ -281,8 +281,8 @@ static int benchmark_callback(uint32_t time_ms, void *usrptr)
/*
* Used in internal places to benchmark crypt_device context PBKDF.
* Once requested parameters are benchmarked, iterations attribute is set,
* and the benchamarked values can be reused.
* Note that memory cost can be changed after benchark (if used).
* and the benchmarked values can be reused.
* Note that memory cost can be changed after benchmark (if used).
* NOTE: You need to check that you are benchmarking for the same key size.
*/
int crypt_benchmark_pbkdf_internal(struct crypt_device *cd,
......@@ -306,8 +306,8 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd,
if (!strcmp(pbkdf->type, CRYPT_KDF_PBKDF2)) {
/*
* For PBKDF2 it is enouch to run benchmark for only 1 second
* and interpolate final iterarions value from it.
* For PBKDF2 it is enough to run benchmark for only 1 second
* and interpolate final iterations value from it.
*/
ms_tmp = pbkdf->time_ms;
pbkdf->time_ms = 1000;
......
......@@ -172,7 +172,7 @@ static void release_lock_handle(struct crypt_lock_handle *h)
if (S_ISBLK(h->mode) && /* was it block device */
!flock(h->flock_fd, LOCK_EX | LOCK_NB) && /* lock to drop the file */
!resource_by_devno(res, sizeof(res), h->devno, 1) && /* acquire lock resource name */
!fstat(h->flock_fd, &buf_a) && /* read inode id refered by fd */
!fstat(h->flock_fd, &buf_a) && /* read inode id referred by fd */
!stat(res, &buf_b) && /* does path file stil exist? */
same_inode(buf_a, buf_b)) { /* is it same id as the one referenced by fd? */
/* coverity[toctou] */
......
......@@ -86,7 +86,7 @@ struct crypt_dm_active_device {
/* struct crypt_active_device */
uint64_t offset; /* offset in sectors */
uint64_t iv_offset; /* IV initilisation sector */
uint64_t iv_offset; /* IV initialisation sector */
uint32_t tag_size; /* additional on-disk tag size */
uint32_t sector_size; /* encryption sector size */
} crypt;
......
......@@ -218,5 +218,5 @@ void crypt_set_iteration_time(struct crypt_device *cd, uint64_t iteration_time_m
pbkdf->flags &= ~(CRYPT_PBKDF_NO_BENCHMARK);
pbkdf->iterations = 0;
log_dbg("Iteration time set to %" PRIu64 " miliseconds.", iteration_time_ms);
log_dbg("Iteration time set to %" PRIu64 " milliseconds.", iteration_time_ms);
}
......@@ -201,7 +201,7 @@ Print separate line every <seconds> with reencryption progress.
Use only while encrypting not yet encrypted device (see \-\-new).
Specify LUKS version when performing in-place encryption. If the parameter
is ommited default value (LUKS1) is used. Type may be one of: \fBluks\fR (default),
is omitted default value (LUKS1) is used. Type may be one of: \fBluks\fR (default),
\fBluks1\fR or \fBluks2\fR.
.TP
.B "\-\-version"
......
......@@ -432,7 +432,7 @@ The \fItoken\fR command is supported only for LUKS2.
For adding new keyring token, option \-\-key\-description is mandatory.
Also, new token is assigned to key slot specified with \-\-key\-slot option or to all
active key slots in the case \-\-key\-slot option is ommited.
active key slots in the case \-\-key\-slot option is omitted.
To remove existing token, specify the token ID which should be removed with
\-\-token\-id option.
......@@ -907,7 +907,7 @@ Set the memory cost for PBKDF (for Argon2i/id the number represents kilobytes).
Note that it is maximal value, PBKDF benchmark can decrease it.
This option is not available for PBKDF2.
.TP
.B "\-\-pbkdf\-paralell <number>"
.B "\-\-pbkdf\-parallel <number>"
Set the parallel cost for PBKDF (number of threads, up to 4).
Note that it is maximal value, it is decreased automatically if
CPU online count is lower.
......@@ -1347,7 +1347,7 @@ the status command output. Also see losetup(8).
The LUKS2 on-disk metadata is updated in several steps and
to achieve proper atomic update, there is a locking mechanism.
For an image in file, code uses \fIflock(2)\fR system call.
For a block device, lock is perfomed over a special file stored
For a block device, lock is performed over a special file stored
in a locking directory (by default \fI/run/lock/cryptsetup\fR).
The locking directory should be created with the proper security
context by the distribution during the boot-up phase.
......
......@@ -120,7 +120,7 @@ Defines what to do if data integrity problem is detected (data corruption).
Without these options kernel fails the IO operation with I/O error.
With \-\-ignore-corruption option the corruption is only logged.
With \-\-restart-on-corruption the kernel is restarted immediatelly.
With \-\-restart-on-corruption the kernel is restarted immediately.
(You have to provide way how to avoid restart loops.)
\fBWARNING:\fR Use these options only for very specific cases.
......@@ -182,7 +182,7 @@ Hash-offset must be greater than number of blocks in data-area.
.B "veritysetup \-\-data-blocks=256 \-\-hash-offset=1052672 create test-device <device> <device> <root_hash>"
Acivatees the verity device named test-device. Options \-\-data-blocks and \-\-hash-offset are the same
Activates the verity device named test-device. Options \-\-data-blocks and \-\-hash-offset are the same
as in the format command. The <root_hash> was calculated in format command.
.B "veritysetup \-\-data-blocks=256 \-\-hash-offset=1052672 verify <data_device> <hash_device> <root_hash>"
......
......@@ -13,7 +13,7 @@ luks|tcrypt specified device type (LUKS or TrueCrypt)
cpus - number of processes to start in parallel
Format of dictionary file is simple one password per line,
if first char on line s # it is skiped as comment.
if first char on line is # it is skipped as comment.
For LUKS, you have it run as root (device-mapper cannot
create dmcrypt devices as nrmal user. Code need
......
......@@ -2,9 +2,9 @@ Example of simple dracut module for reencryption of system
LUKS drive on-the-fly.
Install in /usr/[share|lib]/dracut/modules.d/90reencrypt, then
build special intramfs "with dracut -a reencrypt -o crypt".
build special initramfs "with dracut -a reencrypt -o crypt".
Reencrypt module doesn't work (has a conflict) with crypt module as
of now. After successfull reencryption reboot using original initramfs.
of now. After successful reencryption reboot using original initramfs.
Dracut then recognize argument rd.luks.reencrypt=name:size,
e.g. rd.luks.reencrypt=sda2:52G means only 52G of device
......
......@@ -61,7 +61,7 @@ const char *help =
" the threshold down to reduce misdetection. For values\n"
" larger than the default you need to adjust the threshold\n"
" up to retain sensitivity.\n"
" -v Print found suspicuous sectors verbosely. \n"
" -v Print found suspicious sectors verbosely. \n"
" -d Print decimal addresses instead of hex ones.\n"
"\n";
......@@ -321,8 +321,8 @@ int main(int argc, char **argv)
device = argv[optind];
/* test whether we can open and read device */
/* This is neded as we are reading the actual data
* in the keyslots dirtectly from the LUKS container.
/* This is needed as we are reading the actual data
* in the keyslots directly from the LUKS container.
*/
f_luks = open(device, O_RDONLY);
if (f_luks == -1) {
......
......@@ -192,7 +192,7 @@ static int download_remote_password(struct crypt_device *cd, char *password, siz
return -EINVAL;
/* extract third party metadata neccessary to extract passphrase remotely */
/* extract third party metadata necessary to extract passphrase remotely */
json_object_object_get_ex(jobj_keyslot, "ssh_server", &jobj_server);
json_object_object_get_ex(jobj_keyslot, "ssh_user", &jobj_user);
json_object_object_get_ex(jobj_keyslot, "ssh_path", &jobj_path);
......
......@@ -235,7 +235,7 @@ static PyObject *CryptSetup_activate(CryptSetupObject* self, PyObject *args, PyO
static char
CryptSetup_deactivate_HELP[] =
"Dectivate LUKS device\n\n\
"Deactivate LUKS device\n\n\
deactivate()";
static PyObject *CryptSetup_deactivate(CryptSetupObject* self, PyObject *args, PyObject *kwds)
......
......@@ -119,7 +119,7 @@ static const char *luksType(const char *type)
static int _verify_passphrase(int def)
{
/* Batch mode switch off verify - if not overrided by -y */
/* Batch mode switch off verify - if not overridden by -y */
if (opt_verify_passphrase)
def = 1;
else if (opt_batch_mode)
......
......@@ -65,7 +65,7 @@ struct reenc_ctx {
char *device;
char *device_uuid;
const char *type;
uint64_t device_size; /* overrided by parameter */
uint64_t device_size; /* overridden by parameter */
uint64_t device_size_new_real;
uint64_t device_size_org_real;
uint64_t device_offset;
......
......@@ -608,8 +608,8 @@ static void AddDeviceLuks2(void)
OK_(crypt_deactivate(cd, CDEVICE_1));
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
// restrict format only to empty context
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Context is already formated");
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL), "Context is already formated");
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Context is already formatted");
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL), "Context is already formatted");
// change data device to wrong one
OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_0S));
FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device too small");
......@@ -628,7 +628,7 @@ static void AddDeviceLuks2(void)
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase) ,0), 7);
crypt_free(cd);
OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE));
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Context is already formated");
FAIL_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, &params), "Context is already formatted");
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
crypt_free(cd);
// check active status without header
......@@ -854,7 +854,7 @@ static void Luks2HeaderRestore(void)
.size = 0
};
struct crypt_params_luks1 luks1 = {
.data_alignment = 8192, // 4M offset to pass alignement test
.data_alignment = 8192, // 4M offset to pass alignment test
};
char key[128];
......@@ -2175,7 +2175,7 @@ static void Pbkdf(void)
// bad.hash = "hamster_hash";
// FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Unknown hash member");
crypt_free(cd);
// test whether crypt_get_pbkdf_type() behaves accordinglt after second crypt_load() call
// test whether crypt_get_pbkdf_type() behaves accordingly after second crypt_load() call
OK_(crypt_init(&cd, DEVICE_1));
OK_(crypt_load(cd, CRYPT_LUKS, NULL));
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
......@@ -2367,7 +2367,7 @@ static void Luks2Requirements(void)
OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
NOTNULL_(crypt_get_pbkdf_type(cd));
/* crypt_set_itertion_time (unrestricted) */
/* crypt_set_iteration_time (unrestricted) */
crypt_set_iteration_time(cd, 1);
pbkdf = crypt_get_pbkdf_type(cd);
NOTNULL_(pbkdf);
......@@ -2504,7 +2504,7 @@ static void Luks2Requirements(void)
remove(BACKUP_FILE);
OK_(crypt_header_backup(cd, CRYPT_LUKS, BACKUP_FILE));
/* crypt_header_restore (restricted, do not drop the test untill we have safe option) */
/* crypt_header_restore (restricted, do not drop the test until we have safe option) */
FAIL_((r = crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE)), "Unmet requirements detected");
EQ_(r, -ETXTBSY);
remove(BACKUP_FILE);
......@@ -2584,7 +2584,7 @@ static void Luks2Requirements(void)
OK_(crypt_init_by_name(&cd, CDEVICE_1));
OK_(crypt_suspend(cd, CDEVICE_1));
/* crypt_header_restore (restricted, do not drop the test untill we have safe option) */
/* crypt_header_restore (restricted, do not drop the test until we have safe option) */
/* refuse to overwrite header w/ backup including requirements */
FAIL_((r = crypt_header_restore(cd, CRYPT_LUKS2, BACKUP_FILE)), "Unmet requirements detected");
EQ_(r, -ETXTBSY);
......
......@@ -267,12 +267,12 @@ static int _setup(void)
_system(" [ ! -e " EVL_HEADER_1 " ] && bzip2 -dk " EVL_HEADER_1 ".bz2", 1);
/* keymaterial offset aims into payload area */
_system(" [ ! -e " EVL_HEADER_2 " ] && bzip2 -dk " EVL_HEADER_2 ".bz2", 1);
/* keymaterial offset is valid, number of stripes causes payload area to be overwriten */
/* keymaterial offset is valid, number of stripes causes payload area to be overwritten */
_system(" [ ! -e " EVL_HEADER_3 " ] && bzip2 -dk " EVL_HEADER_3 ".bz2", 1);
/* luks device header for data and header on same device. payloadOffset is greater than
* device size (crypt_load() test) */
_system(" [ ! -e " EVL_HEADER_4 " ] && bzip2 -dk " EVL_HEADER_4 ".bz2", 1);
/* two keyslots with same offset (overlaping keyslots) */
/* two keyslots with same offset (overlapping keyslots) */
_system(" [ ! -e " EVL_HEADER_5 " ] && bzip2 -dk " EVL_HEADER_5 ".bz2", 1);
/* valid header: payloadOffset=4096, key_size=32,
* volume_key = bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a */
......@@ -796,8 +796,8 @@ static void AddDeviceLuks(void)
OK_(crypt_deactivate(cd, CDEVICE_1));
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_INACTIVE);
// restrict format only to empty context
FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, &params), "Context is already formated");
FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, NULL), "Context is already formated");
FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, &params), "Context is already formatted");
FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, NULL), "Context is already formatted");
// change data device to wrong one
OK_(crypt_set_data_device(cd, DMDIR L_DEVICE_0S));
FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_1, key, key_size, 0), "Device too small");
......@@ -816,7 +816,7 @@ static void AddDeviceLuks(void)
EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase) ,0), 7);
crypt_free(cd);
OK_(crypt_init_by_name_and_header(&cd, CDEVICE_1, DMDIR H_DEVICE));
FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, &params), "Context is already formated");
FAIL_(crypt_format(cd, CRYPT_LUKS1, cipher, cipher_mode, NULL, key, key_size, &params), "Context is already formatted");
EQ_(crypt_status(cd, CDEVICE_1), CRYPT_ACTIVE);
crypt_free(cd);
// check active status without header
......@@ -988,7 +988,7 @@ static void UseTempVolumes(void)
OK_(crypt_format(cd, CRYPT_PLAIN, "aes", "cbc-essiv:sha256", NULL, NULL, 16, NULL));
FAIL_(crypt_activate_by_volume_key(cd, NULL, "xxx", 3, 0), "cannot verify key with plain");
FAIL_(crypt_volume_key_verify(cd, "xxx", 3), "cannot verify key with plain");
FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, "xxx", 3, 0), "wrong key lenght");
FAIL_(crypt_activate_by_volume_key(cd, CDEVICE_2, "xxx", 3, 0), "wrong key length");
OK_(crypt_activate_by_volume_key(cd, CDEVICE_2, "volumekeyvolumek", 16, 0));
EQ_(crypt_status(cd, CDEVICE_2), CRYPT_ACTIVE);
OK_(crypt_deactivate(cd, CDEVICE_2));
......
# Supresion file for valgrind
# Suppresion file for valgrind
# known problem in libgcrypt
{
......
......@@ -66,7 +66,7 @@ DEV="$MNT_DIR/test.img"
mount -t tmpfs none $MNT_DIR || skip "Mounting tmpfs not available."
format luks1
echo "[2] Kernel dmcrypt performace options"
echo "[2] Kernel dmcrypt performance options"
echo -e "$PWD1" | $CRYPTSETUP open --type plain $DEV $DEV_NAME --perf-same_cpu_crypt >/dev/null 2>&1
if [ $? -ne 0 ] ; then
echo "TEST SKIPPED: dmcrypt options not available"
......
......@@ -6,7 +6,7 @@
# *** Description ***
#
# generate primary header with json area concluded with illegal
# byte beyond terminating '}' charcter.
# byte beyond terminating '}' character.
#
# secondary header is corrupted on purpose as well
#
......
......@@ -5,7 +5,7 @@
#
# *** Description ***
#
# generate primary header with one area incuded within another one (in terms of 'offset' + 'length')
# generate primary header with one area included within another one (in terms of 'offset' + 'length')
#
# secondary header is corrupted on purpose as well
#
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment