eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove trailing EOL for verbose and error messages.

Browse Source
This commit is contained in:
Milan Broz
2018-04-26 10:38:17 +02:00
parent aee55b0595
commit b00a87d8fa
24 changed files with 316 additions and 317 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/integrity/integrity.c
View File

@@ -216,7 +216,7 @@ int INTEGRITY_activate(struct crypt_device *cd,
r = dm_create_device(cd, name, "INTEGRITY", &dmdi, 0);
if (r < 0 && (dm_flags(DM_INTEGRITY, &dmi_flags) || !(dmi_flags & DM_INTEGRITY_SUPPORTED))) {
log_err(cd, _("Kernel doesn't support dm-integrity mapping.\n"));
log_err(cd, _("Kernel doesn't support dm-integrity mapping."));
return -ENOTSUP;
}
@@ -267,7 +267,7 @@ int INTEGRITY_format(struct crypt_device *cd,
r = device_block_adjust(cd, dmdi.data_device, DEV_EXCL, dmdi.u.integrity.offset, NULL, NULL);
if (r < 0 && (dm_flags(DM_INTEGRITY, &dmi_flags) || !(dmi_flags & DM_INTEGRITY_SUPPORTED))) {
log_err(cd, _("Kernel doesn't support dm-integrity mapping.\n"));
log_err(cd, _("Kernel doesn't support dm-integrity mapping."));
return -ENOTSUP;
}
if (r)

19
lib/libdevmapper.c
View File

@@ -96,7 +96,6 @@ static void set_dm_error(int level,
if (vasprintf(&msg, f, va) > 0) {
if (level < 4 && !_quiet_log) {
log_err(_context, "%s", msg);
log_err(_context, "\n");
} else {
/* We do not use DM visual stack backtrace here */
if (strncmp(msg, "<backtrace>", 11))
@@ -330,10 +329,10 @@ static int dm_init_context(struct crypt_device *cd, dm_target_type target)
if (!_dm_check_versions(target)) {
if (getuid() || geteuid())
log_err(cd, _("Cannot initialize device-mapper, "
"running as non-root user.\n"));
"running as non-root user."));
else
log_err(cd, _("Cannot initialize device-mapper. "
"Is dm_mod kernel module loaded?\n"));
"Is dm_mod kernel module loaded?"));
_context = NULL;
return -ENOTSUP;
}
@@ -936,7 +935,7 @@ int dm_remove_device(struct crypt_device *cd, const char *name, uint32_t flags)
dm_flags(DM_UNKNOWN, &dmt_flags);
if (deferred && !(dmt_flags & DM_DEFERRED_SUPPORTED)) {
log_err(cd, _("Requested deferred flag is not supported.\n"));
log_err(cd, _("Requested deferred flag is not supported."));
return -ENOTSUP;
}
@@ -1001,7 +1000,7 @@ static int dm_prepare_uuid(const char *name, const char *type, const char *uuid,
log_dbg("DM-UUID is %s", buf);
if (i >= buflen)
log_err(NULL, _("DM-UUID for device %s was truncated.\n"), name);
log_err(NULL, _("DM-UUID for device %s was truncated."), name);
return 1;
}
@@ -1221,24 +1220,24 @@ int dm_create_device(struct crypt_device *cd, const char *name,
if (r == -EINVAL &&
dmd_flags & (CRYPT_ACTIVATE_SAME_CPU_CRYPT|CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS) &&
!(dmt_flags & (DM_SAME_CPU_CRYPT_SUPPORTED|DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED)))
log_err(cd, _("Requested dm-crypt performance options are not supported.\n"));
log_err(cd, _("Requested dm-crypt performance options are not supported."));
if (r == -EINVAL && dmd_flags & (CRYPT_ACTIVATE_IGNORE_CORRUPTION|
CRYPT_ACTIVATE_RESTART_ON_CORRUPTION|
CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS|
CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE) &&
!(dmt_flags & DM_VERITY_ON_CORRUPTION_SUPPORTED))
log_err(cd, _("Requested dm-verity data corruption handling options are not supported.\n"));
log_err(cd, _("Requested dm-verity data corruption handling options are not supported."));
if (r == -EINVAL && dmd->target == DM_VERITY && dmd->u.verity.fec_device &&
!(dmt_flags & DM_VERITY_FEC_SUPPORTED))
log_err(cd, _("Requested dm-verity FEC options are not supported.\n"));
log_err(cd, _("Requested dm-verity FEC options are not supported."));
if (r == -EINVAL && dmd->target == DM_CRYPT) {
if (dmd->u.crypt.integrity && !(dmt_flags & DM_INTEGRITY_SUPPORTED))
log_err(cd, _("Requested data integrity options are not supported.\n"));
log_err(cd, _("Requested data integrity options are not supported."));
if (dmd->u.crypt.sector_size != SECTOR_SIZE && !(dmt_flags & DM_SECTOR_SIZE_SUPPORTED))
log_err(cd, _("Requested sector_size option is not supported.\n"));
log_err(cd, _("Requested sector_size option is not supported."));
}
out:
crypt_safe_free(table_params);

8
lib/loopaes/loopaes.c
View File

@@ -87,7 +87,7 @@ static int hash_keys(struct crypt_device *cd,
tweak = get_tweak(keys_count);
if (!keys_count || !key_len_output || !hash_name || !key_len_input) {
log_err(cd, _("Key processing error (using hash %s).\n"),
log_err(cd, _("Key processing error (using hash %s)."),
hash_name ?: "[none]");
return -EINVAL;
}
@@ -165,7 +165,7 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd,
}
if (offset == buffer_len) {
log_dbg("Unterminated key #%d in keyfile.", key_index);
log_err(cd, _("Incompatible loop-AES keyfile detected.\n"));
log_err(cd, _("Incompatible loop-AES keyfile detected."));
return -EINVAL;
}
while (offset < buffer_len && !buffer[offset])
@@ -185,7 +185,7 @@ int LOOPAES_parse_keyfile(struct crypt_device *cd,
if (offset != buffer_len || key_len == 0 ||
(key_index != 1 && key_index !=64 && key_index != 65)) {
log_err(cd, _("Incompatible loop-AES keyfile detected.\n"));
log_err(cd, _("Incompatible loop-AES keyfile detected."));
return -EINVAL;
}
@@ -243,7 +243,7 @@ int LOOPAES_activate(struct crypt_device *cd,
if (r < 0 && !dm_flags(DM_CRYPT, &dmc_flags) &&
(dmc_flags & req_flags) != req_flags) {
log_err(cd, _("Kernel doesn't support loop-AES compatible mapping.\n"));
log_err(cd, _("Kernel doesn't support loop-AES compatible mapping."));
r = -ENOTSUP;
}

18
lib/luks1/keyencryption.c
View File

@@ -37,13 +37,13 @@ static void _error_hint(struct crypt_device *ctx, const char *device,
return;
log_err(ctx, _("Failed to setup dm-crypt key mapping for device %s.\n"
"Check that kernel supports %s cipher (check syslog for more info).\n"),
"Check that kernel supports %s cipher (check syslog for more info)."),
device, cipher_spec);
if (!strncmp(mode, "xts", 3) && (keyLength != 256 && keyLength != 512))
log_err(ctx, _("Key size in XTS mode must be 256 or 512 bits.\n"));
log_err(ctx, _("Key size in XTS mode must be 256 or 512 bits."));
else if (!(c = strchr(mode, '-')) || strlen(c) < 4)
log_err(ctx, _("Cipher specification should be in [cipher]-[mode]-[iv] format.\n"));
log_err(ctx, _("Cipher specification should be in [cipher]-[mode]-[iv] format."));
}
static int LUKS_endec_template(char *src, size_t srcLength,
@@ -98,13 +98,13 @@ static int LUKS_endec_template(char *src, size_t srcLength,
r = device_block_adjust(ctx, dmd.data_device, DEV_OK,
dmd.u.crypt.offset, &dmd.size, &dmd.flags);
if (r < 0) {
log_err(ctx, _("Device %s doesn't exist or access denied.\n"),
log_err(ctx, _("Device %s doesn't exist or access denied."),
device_path(dmd.data_device));
return -EIO;
}
if (mode != O_RDONLY && dmd.flags & CRYPT_ACTIVATE_READONLY) {
log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
log_err(ctx, _("Cannot write to device %s, permission denied."),
device_path(dmd.data_device));
return -EACCES;
}
@@ -119,14 +119,14 @@ static int LUKS_endec_template(char *src, size_t srcLength,
devfd = open(path, mode | O_DIRECT | O_SYNC);
if (devfd == -1) {
log_err(ctx, _("Failed to open temporary keystore device.\n"));
log_err(ctx, _("Failed to open temporary keystore device."));
r = -EIO;
goto out;
}
r = func(devfd, bsize, alignment, src, srcLength);
if (r < 0) {
log_err(ctx, _("Failed to access temporary keystore device.\n"));
log_err(ctx, _("Failed to access temporary keystore device."));
r = -EIO;
} else
r = 0;
@@ -196,7 +196,7 @@ out:
if (devfd >= 0)
close(devfd);
if (r)
log_err(ctx, _("IO error while encrypting keyslot.\n"));
log_err(ctx, _("IO error while encrypting keyslot."));
return r;
}
@@ -258,7 +258,7 @@ bad:
if (devfd >= 0)
close(devfd);
log_err(ctx, _("IO error while decrypting keyslot.\n"));
log_err(ctx, _("IO error while decrypting keyslot."));
crypt_storage_destroy(s);
return r;

94
lib/luks1/keymanage.c
View File

@@ -125,7 +125,7 @@ static int LUKS_check_device_size(struct crypt_device *ctx, const struct luks_ph
if (falloc && !device_fallocate(device, hdr_sectors << SECTOR_SHIFT))
return 0;
log_err(ctx, _("Device %s is too small. (LUKS1 requires at least %" PRIu64 " bytes.)\n"),
log_err(ctx, _("Device %s is too small. (LUKS1 requires at least %" PRIu64 " bytes.)"),
device_path(device), hdr_sectors * SECTOR_SIZE);
return -EINVAL;
}
@@ -146,7 +146,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr
if (phdr->keyblock[i].stripes != LUKS_STRIPES) {
log_dbg("Invalid stripes count %u in keyslot %u.",
phdr->keyblock[i].stripes, i);
log_err(ctx, _("LUKS keyslot %u is invalid.\n"), i);
log_err(ctx, _("LUKS keyslot %u is invalid."), i);
return -1;
}
@@ -154,7 +154,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr
if (phdr->keyblock[i].keyMaterialOffset * SECTOR_SIZE < sizeof(*phdr)) {
log_dbg("Invalid offset %u in keyslot %u.",
phdr->keyblock[i].keyMaterialOffset, i);
log_err(ctx, _("LUKS keyslot %u is invalid.\n"), i);
log_err(ctx, _("LUKS keyslot %u is invalid."), i);
return -1;
}
@@ -166,7 +166,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr
log_dbg("Invalid offset %u in keyslot %u (beyond data area offset %u).",
phdr->keyblock[i].keyMaterialOffset, i,
phdr->payloadOffset);
log_err(ctx, _("LUKS keyslot %u is invalid.\n"), i);
log_err(ctx, _("LUKS keyslot %u is invalid."), i);
return -1;
}
@@ -177,7 +177,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr
phdr->keyblock[i].keyMaterialOffset,
phdr->keyblock[i].stripes,
i, phdr->payloadOffset);
log_err(ctx, _("LUKS keyslot %u is invalid.\n"), i);
log_err(ctx, _("LUKS keyslot %u is invalid."), i);
return -1;
}
}
@@ -189,7 +189,7 @@ static int LUKS_check_keyslots(struct crypt_device *ctx, const struct luks_phdr
if (phdr->keyblock[next].keyMaterialOffset <
(phdr->keyblock[prev].keyMaterialOffset + secs_per_stripes)) {
log_dbg("Not enough space in LUKS keyslot %d.", prev);
log_err(ctx, _("LUKS keyslot %u is invalid.\n"), prev);
log_err(ctx, _("LUKS keyslot %u is invalid."), prev);
return -1;
}
}
@@ -242,7 +242,7 @@ int LUKS_hdr_backup(const char *backup_file, struct crypt_device *ctx)
devfd = device_open(device, O_RDONLY);
if (devfd < 0) {
log_err(ctx, _("Device %s is not a valid LUKS device.\n"), device_path(device));
log_err(ctx, _("Device %s is not a valid LUKS device."), device_path(device));
r = -EINVAL;
goto out;
}
@@ -261,14 +261,14 @@ int LUKS_hdr_backup(const char *backup_file, struct crypt_device *ctx)
devfd = open(backup_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR);
if (devfd == -1) {
if (errno == EEXIST)
log_err(ctx, _("Requested header backup file %s already exists.\n"), backup_file);
log_err(ctx, _("Requested header backup file %s already exists."), backup_file);
else
log_err(ctx, _("Cannot create header backup file %s.\n"), backup_file);
log_err(ctx, _("Cannot create header backup file %s."), backup_file);
r = -EINVAL;
goto out;
}
if (write_buffer(devfd, buffer, buffer_size) < (ssize_t)buffer_size) {
log_err(ctx, _("Cannot write header backup file %s.\n"), backup_file);
log_err(ctx, _("Cannot write header backup file %s."), backup_file);
r = -EIO;
goto out;
}
@@ -301,7 +301,7 @@ int LUKS_hdr_restore(
buffer_size = LUKS_device_sectors(&hdr_file) << SECTOR_SHIFT;
if (r || buffer_size < LUKS_ALIGN_KEYSLOTS) {
log_err(ctx, _("Backup file doesn't contain valid LUKS header.\n"));
log_err(ctx, _("Backup file doesn't contain valid LUKS header."));
r = -EINVAL;
goto out;
}
@@ -314,13 +314,13 @@ int LUKS_hdr_restore(
devfd = open(backup_file, O_RDONLY);
if (devfd == -1) {
log_err(ctx, _("Cannot open header backup file %s.\n"), backup_file);
log_err(ctx, _("Cannot open header backup file %s."), backup_file);
r = -EINVAL;
goto out;
}
if (read_buffer(devfd, buffer, buffer_size) < buffer_size) {
log_err(ctx, _("Cannot read header backup file %s.\n"), backup_file);
log_err(ctx, _("Cannot read header backup file %s."), backup_file);
r = -EIO;
goto out;
}
@@ -332,7 +332,7 @@ int LUKS_hdr_restore(
log_dbg("Device %s already contains LUKS header, checking UUID and offset.", device_path(device));
if(hdr->payloadOffset != hdr_file.payloadOffset ||
hdr->keyBytes != hdr_file.keyBytes) {
log_err(ctx, _("Data offset or key size differs on device and backup, restore failed.\n"));
log_err(ctx, _("Data offset or key size differs on device and backup, restore failed."));
r = -EINVAL;
goto out;
}
@@ -359,10 +359,10 @@ int LUKS_hdr_restore(
devfd = device_open(device, O_RDWR);
if (devfd < 0) {
if (errno == EACCES)
log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
log_err(ctx, _("Cannot write to device %s, permission denied."),
device_path(device));
else
log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
log_err(ctx, _("Cannot open device %s."), device_path(device));
r = -EINVAL;
goto out;
}
@@ -393,12 +393,12 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
int i, bad, r, need_write = 0;
if (phdr->keyBytes != 16 && phdr->keyBytes != 32 && phdr->keyBytes != 64) {
log_err(ctx, _("Non standard key size, manual repair required.\n"));
log_err(ctx, _("Non standard key size, manual repair required."));
return -EINVAL;
}
/* cryptsetup 1.0 did not align to 4k, cannot repair this one */
if (LUKS_keyslots_offset(phdr) < (LUKS_ALIGN_KEYSLOTS / SECTOR_SIZE)) {
log_err(ctx, _("Non standard keyslots alignment, manual repair required.\n"));
log_err(ctx, _("Non standard keyslots alignment, manual repair required."));
return -EINVAL;
}
@@ -408,7 +408,7 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
vk = crypt_alloc_volume_key(phdr->keyBytes, NULL);
log_verbose(ctx, _("Repairing keyslots.\n"));
log_verbose(ctx, _("Repairing keyslots."));
log_dbg("Generating second header with the same parameters for check.");
/* cipherName, cipherMode, hashSpec, uuid are already null terminated */
@@ -428,7 +428,7 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
bad = 0;
if (phdr->keyblock[i].keyMaterialOffset != temp_phdr.keyblock[i].keyMaterialOffset) {
log_err(ctx, _("Keyslot %i: offset repaired (%u -> %u).\n"), i,
log_err(ctx, _("Keyslot %i: offset repaired (%u -> %u)."), i,
(unsigned)phdr->keyblock[i].keyMaterialOffset,
(unsigned)temp_phdr.keyblock[i].keyMaterialOffset);
phdr->keyblock[i].keyMaterialOffset = temp_phdr.keyblock[i].keyMaterialOffset;
@@ -436,7 +436,7 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
}
if (phdr->keyblock[i].stripes != temp_phdr.keyblock[i].stripes) {
log_err(ctx, _("Keyslot %i: stripes repaired (%u -> %u).\n"), i,
log_err(ctx, _("Keyslot %i: stripes repaired (%u -> %u)."), i,
(unsigned)phdr->keyblock[i].stripes,
(unsigned)temp_phdr.keyblock[i].stripes);
phdr->keyblock[i].stripes = temp_phdr.keyblock[i].stripes;
@@ -445,12 +445,12 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
/* Known case - MSDOS partition table signature */
if (i == 6 && sector[0x1fe] == 0x55 && sector[0x1ff] == 0xaa) {
log_err(ctx, _("Keyslot %i: bogus partition signature.\n"), i);
log_err(ctx, _("Keyslot %i: bogus partition signature."), i);
bad = 1;
}
if(bad) {
log_err(ctx, _("Keyslot %i: salt wiped.\n"), i);
log_err(ctx, _("Keyslot %i: salt wiped."), i);
phdr->keyblock[i].active = LUKS_KEY_DISABLED;
memset(&phdr->keyblock[i].passwordSalt, 0x00, LUKS_SALTSIZE);
phdr->keyblock[i].passwordIterations = 0;
@@ -467,12 +467,12 @@ static int _keyslot_repair(struct luks_phdr *phdr, struct crypt_device *ctx)
if (LUKS_check_keyslots(ctx, phdr))
r = -EINVAL;
else if (need_write) {
log_verbose(ctx, _("Writing LUKS header to disk.\n"));
log_verbose(ctx, _("Writing LUKS header to disk."));
r = LUKS_write_phdr(phdr, ctx);
}
out:
if (r)
log_err(ctx, _("Repair failed.\n"));
log_err(ctx, _("Repair failed."));
crypt_free_volume_key(vk);
crypt_memzero(&temp_phdr, sizeof(temp_phdr));
return r;
@@ -491,16 +491,16 @@ static int _check_and_convert_hdr(const char *device,
if(memcmp(hdr->magic, luksMagic, LUKS_MAGIC_L)) { /* Check magic */
log_dbg("LUKS header not detected.");
if (require_luks_device)
log_err(ctx, _("Device %s is not a valid LUKS device.\n"), device);
log_err(ctx, _("Device %s is not a valid LUKS device."), device);
return -EINVAL;
} else if((hdr->version = ntohs(hdr->version)) != 1) { /* Convert every uint16/32_t item from network byte order */
log_err(ctx, _("Unsupported LUKS version %d.\n"), hdr->version);
log_err(ctx, _("Unsupported LUKS version %d."), hdr->version);
return -EINVAL;
}
hdr->hashSpec[LUKS_HASHSPEC_L - 1] = '\0';
if (crypt_hmac_size(hdr->hashSpec) < LUKS_DIGESTSIZE) {
log_err(ctx, _("Requested LUKS hash %s is not supported.\n"), hdr->hashSpec);
log_err(ctx, _("Requested LUKS hash %s is not supported."), hdr->hashSpec);
return -EINVAL;
}
@@ -528,7 +528,7 @@ static int _check_and_convert_hdr(const char *device,
if (r == -EINVAL)
r = _keyslot_repair(hdr, ctx);
else
log_verbose(ctx, _("No known problems detected for LUKS header.\n"));
log_verbose(ctx, _("No known problems detected for LUKS header."));
}
return r;
@@ -568,7 +568,7 @@ int LUKS_read_phdr_backup(const char *backup_file,
devfd = open(backup_file, O_RDONLY);
if (devfd == -1) {
log_err(ctx, _("Cannot open header backup file %s.\n"), backup_file);
log_err(ctx, _("Cannot open header backup file %s."), backup_file);
return -ENOENT;
}
@@ -607,7 +607,7 @@ int LUKS_read_phdr(struct luks_phdr *hdr,
devfd = device_open(device, O_RDONLY);
if (devfd < 0) {
log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
log_err(ctx, _("Cannot open device %s."), device_path(device));
return -EINVAL;
}
@@ -655,10 +655,10 @@ int LUKS_write_phdr(struct luks_phdr *hdr,
devfd = device_open(device, O_RDWR);
if (devfd < 0) {
if (errno == EACCES)
log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
log_err(ctx, _("Cannot write to device %s, permission denied."),
device_path(device));
else
log_err(ctx, _("Cannot open device %s.\n"), device_path(device));
log_err(ctx, _("Cannot open device %s."), device_path(device));
return -EINVAL;
}
@@ -680,14 +680,14 @@ int LUKS_write_phdr(struct luks_phdr *hdr,
r = write_blockwise(devfd, device_block_size(device), device_alignment(device),
&convHdr, hdr_size) < hdr_size ? -EIO : 0;
if (r)
log_err(ctx, _("Error during update of LUKS header on device %s.\n"), device_path(device));
log_err(ctx, _("Error during update of LUKS header on device %s."), device_path(device));
close(devfd);
/* Re-read header from disk to be sure that in-memory and on-disk data are the same. */
if (!r) {
r = LUKS_read_phdr(hdr, 1, 0, ctx);
if (r)
log_err(ctx, _("Error re-reading LUKS header after update on device %s.\n"),
log_err(ctx, _("Error re-reading LUKS header after update on device %s."),
device_path(device));
}
@@ -740,18 +740,18 @@ int LUKS_generate_phdr(struct luks_phdr *header,
if (alignPayload && detached_metadata_device && alignPayload < hdr_sectors) {
log_err(ctx, _("Data offset for detached LUKS header must be "
"either 0 or higher than header size (%d sectors).\n"),
"either 0 or higher than header size (%d sectors)."),
hdr_sectors);
return -EINVAL;
}
if (crypt_hmac_size(hashSpec) < LUKS_DIGESTSIZE) {
log_err(ctx, _("Requested LUKS hash %s is not supported.\n"), hashSpec);
log_err(ctx, _("Requested LUKS hash %s is not supported."), hashSpec);
return -EINVAL;
}
if (uuid && uuid_parse(uuid, partitionUuid) == -1) {
log_err(ctx, _("Wrong LUKS UUID format provided.\n"));
log_err(ctx, _("Wrong LUKS UUID format provided."));
return -EINVAL;
}
if (!uuid)
@@ -776,7 +776,7 @@ int LUKS_generate_phdr(struct luks_phdr *header,
r = crypt_random_get(ctx, header->mkDigestSalt, LUKS_SALTSIZE, CRYPT_RND_SALT);
if(r < 0) {
log_err(ctx, _("Cannot create LUKS header: reading random salt failed.\n"));
log_err(ctx, _("Cannot create LUKS header: reading random salt failed."));
return r;
}
@@ -797,7 +797,7 @@ int LUKS_generate_phdr(struct luks_phdr *header,
header->mkDigest,LUKS_DIGESTSIZE,
header->mkDigestIterations, 0, 0);
if(r < 0) {
log_err(ctx, _("Cannot create LUKS header: header digest failed (using hash %s).\n"),
log_err(ctx, _("Cannot create LUKS header: header digest failed (using hash %s)."),
header->hashSpec);
return r;
}
@@ -837,7 +837,7 @@ int LUKS_hdr_uuid_set(
uuid_t partitionUuid;
if (uuid && uuid_parse(uuid, partitionUuid) == -1) {
log_err(ctx, _("Wrong LUKS UUID format provided.\n"));
log_err(ctx, _("Wrong LUKS UUID format provided."));
return -EINVAL;
}
if (!uuid)
@@ -860,13 +860,13 @@ int LUKS_set_key(unsigned int keyIndex,
int r;
if(hdr->keyblock[keyIndex].active != LUKS_KEY_DISABLED) {
log_err(ctx, _("Key slot %d active, purge first.\n"), keyIndex);
log_err(ctx, _("Key slot %d active, purge first."), keyIndex);
return -EINVAL;
}
/* LUKS keyslot has always at least 4000 stripes according to specification */
if(hdr->keyblock[keyIndex].stripes < 4000) {
log_err(ctx, _("Key slot %d material includes too few stripes. Header manipulation?\n"),
log_err(ctx, _("Key slot %d material includes too few stripes. Header manipulation?"),
keyIndex);
return -EINVAL;
}
@@ -1025,7 +1025,7 @@ static int LUKS_open_key(unsigned int keyIndex,
r = -EPERM;
if (!r)
log_verbose(ctx, _("Key slot %d unlocked.\n"), keyIndex);
log_verbose(ctx, _("Key slot %d unlocked."), keyIndex);
out:
crypt_safe_free(AfKey);
crypt_free_volume_key(derived_key);
@@ -1077,7 +1077,7 @@ int LUKS_del_key(unsigned int keyIndex,
r = LUKS_keyslot_set(hdr, keyIndex, 0);
if (r) {
log_err(ctx, _("Key slot %d is invalid, please select keyslot between 0 and %d.\n"),
log_err(ctx, _("Key slot %d is invalid, please select keyslot between 0 and %d."),
keyIndex, LUKS_NUMKEYS - 1);
return r;
}
@@ -1091,11 +1091,11 @@ int LUKS_del_key(unsigned int keyIndex,
(endOffset - startOffset) * SECTOR_SIZE, NULL, NULL);
if (r) {
if (r == -EACCES) {
log_err(ctx, _("Cannot write to device %s, permission denied.\n"),
log_err(ctx, _("Cannot write to device %s, permission denied."),
device_path(device));
r = -EINVAL;
} else
log_err(ctx, _("Cannot wipe device %s.\n"),
log_err(ctx, _("Cannot wipe device %s."),
device_path(device));
return r;
}

4
lib/luks2/luks2_disk_metadata.c
View File

@@ -361,7 +361,7 @@ static int LUKS2_check_device_size(struct crypt_device *cd, struct device *devic
if (falloc && !device_fallocate(device, hdr_size))
return 0;
log_err(cd, _("Device %s is too small. (LUKS2 requires at least %" PRIu64 " bytes.)\n"),
log_err(cd, _("Device %s is too small. (LUKS2 requires at least %" PRIu64 " bytes.)"),
device_path(device), hdr_size);
return -EINVAL;
}
@@ -425,7 +425,7 @@ int LUKS2_disk_hdr_write(struct crypt_device *cd, struct luks2_hdr *hdr, struct
r = device_write_lock(cd, device);
if (r) {
log_err(cd, _("Failed to acquire write device lock.\n"));
log_err(cd, _("Failed to acquire write device lock."));
free(json_area);
return r;
}

4
lib/luks2/luks2_json_format.c
View File

@@ -96,7 +96,7 @@ int LUKS2_find_area_gap(struct crypt_device *cd, struct luks2_hdr *hdr,
}
if (get_max_offset(cd) && (offset + length) > get_max_offset(cd)) {
log_err(cd, _("No space for new keyslot.\n"));
log_err(cd, _("No space for new keyslot."));
return -EINVAL;
}
@@ -142,7 +142,7 @@ int LUKS2_generate_hdr(
crypt_random_get(NULL, (char*)hdr->salt2, LUKS2_SALT_L, CRYPT_RND_SALT);
if (uuid && uuid_parse(uuid, partitionUuid) == -1) {
log_err(cd, _("Wrong LUKS UUID format provided.\n"));
log_err(cd, _("Wrong LUKS UUID format provided."));
return -EINVAL;
}
if (!uuid)

48
lib/luks2/luks2_json_metadata.c
View File

@@ -848,7 +848,7 @@ int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr)
r = device_read_lock(cd, crypt_metadata_device(cd));
if (r) {
log_err(cd, _("Failed to acquire read lock on device %s.\n"),
log_err(cd, _("Failed to acquire read lock on device %s."),
device_path(crypt_metadata_device(cd)));
return r;
}
@@ -860,7 +860,7 @@ int LUKS2_hdr_read(struct crypt_device *cd, struct luks2_hdr *hdr)
r = device_write_lock(cd, crypt_metadata_device(cd));
if (r) {
log_err(cd, _("Failed to acquire write lock on device %s.\n"),
log_err(cd, _("Failed to acquire write lock on device %s."),
device_path(crypt_metadata_device(cd)));
return r;
}
@@ -891,7 +891,7 @@ int LUKS2_hdr_uuid(struct crypt_device *cd, struct luks2_hdr *hdr, const char *u
uuid_t partitionUuid;
if (uuid && uuid_parse(uuid, partitionUuid) == -1) {
log_err(cd, _("Wrong LUKS UUID format provided.\n"));
log_err(cd, _("Wrong LUKS UUID format provided."));
return -EINVAL;
}
if (!uuid)
@@ -971,7 +971,7 @@ int LUKS2_hdr_backup(struct crypt_device *cd, struct luks2_hdr *hdr,
r = device_read_lock(cd, device);
if (r) {
log_err(cd, _("Failed to acquire read lock on device %s.\n"),
log_err(cd, _("Failed to acquire read lock on device %s."),
device_path(crypt_metadata_device(cd)));
crypt_safe_free(buffer);
return r;
@@ -980,7 +980,7 @@ int LUKS2_hdr_backup(struct crypt_device *cd, struct luks2_hdr *hdr,
devfd = device_open_locked(device, O_RDONLY);
if (devfd < 0) {
device_read_unlock(device);
log_err(cd, _("Device %s is not a valid LUKS device.\n"), device_path(device));
log_err(cd, _("Device %s is not a valid LUKS device."), device_path(device));
crypt_safe_free(buffer);
return devfd == -1 ? -EINVAL : devfd;
}
@@ -999,14 +999,14 @@ int LUKS2_hdr_backup(struct crypt_device *cd, struct luks2_hdr *hdr,
devfd = open(backup_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR);
if (devfd == -1) {
if (errno == EEXIST)
log_err(cd, _("Requested header backup file %s already exists.\n"), backup_file);
log_err(cd, _("Requested header backup file %s already exists."), backup_file);
else
log_err(cd, _("Cannot create header backup file %s.\n"), backup_file);
log_err(cd, _("Cannot create header backup file %s."), backup_file);
crypt_safe_free(buffer);
return -EINVAL;
}
if (write_buffer(devfd, buffer, buffer_size) < buffer_size) {
log_err(cd, _("Cannot write header backup file %s.\n"), backup_file);
log_err(cd, _("Cannot write header backup file %s."), backup_file);
r = -EIO;
} else
r = 0;
@@ -1044,7 +1044,7 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
/* FIXME: why lock backup device ? */
r = device_read_lock(cd, backup_device);
if (r) {
log_err(cd, _("Failed to acquire read lock on device %s.\n"),
log_err(cd, _("Failed to acquire read lock on device %s."),
device_path(backup_device));
device_free(backup_device);
return r;
@@ -1055,13 +1055,13 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
device_free(backup_device);
if (r < 0) {
log_err(cd, _("Backup file doesn't contain valid LUKS header.\n"));
log_err(cd, _("Backup file doesn't contain valid LUKS header."));
goto out;
}
/* do not allow header restore from backup with unmet requirements */
if (LUKS2_unmet_requirements(cd, &hdr_file, 0, 1)) {
log_err(cd, _("Forbidden LUKS2 requirements detected in backup %s.\n"),
log_err(cd, _("Forbidden LUKS2 requirements detected in backup %s."),
backup_file);
r = -ETXTBSY;
goto out;
@@ -1076,13 +1076,13 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
devfd = open(backup_file, O_RDONLY);
if (devfd == -1) {
log_err(cd, _("Cannot open header backup file %s.\n"), backup_file);
log_err(cd, _("Cannot open header backup file %s."), backup_file);
r = -EINVAL;
goto out;
}
if (read_buffer(devfd, buffer, buffer_size) < buffer_size) {
log_err(cd, _("Cannot read header backup file %s.\n"), backup_file);
log_err(cd, _("Cannot read header backup file %s."), backup_file);
r = -EIO;
goto out;
}
@@ -1102,13 +1102,13 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
if (!reqs_reencrypt(reqs)) {
log_dbg("Checking LUKS2 header size and offsets.");
if (LUKS2_get_data_offset(&tmp_hdr) != LUKS2_get_data_offset(&hdr_file)) {
log_err(cd, _("Data offset differ on device and backup, restore failed.\n"));
log_err(cd, _("Data offset differ on device and backup, restore failed."));
r = -EINVAL;
goto out;
}
/* FIXME: what could go wrong? Erase if we're fine with consequences */
if (buffer_size != (ssize_t) LUKS2_hdr_and_areas_size(tmp_hdr.jobj)) {
log_err(cd, _("Binary header with keyslot areas size differ on device and backup, restore failed.\n"));
log_err(cd, _("Binary header with keyslot areas size differ on device and backup, restore failed."));
r = -EINVAL;
goto out;
}
@@ -1138,7 +1138,7 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
/* TODO: perform header restore on bdev in stand-alone routine? */
r = device_write_lock(cd, device);
if (r) {
log_err(cd, _("Failed to acquire write lock on device %s.\n"),
log_err(cd, _("Failed to acquire write lock on device %s."),
device_path(device));
goto out;
}
@@ -1146,10 +1146,10 @@ int LUKS2_hdr_restore(struct crypt_device *cd, struct luks2_hdr *hdr,
devfd = device_open_locked(device, O_RDWR);
if (devfd < 0) {
if (errno == EACCES)
log_err(cd, _("Cannot write to device %s, permission denied.\n"),
log_err(cd, _("Cannot write to device %s, permission denied."),
device_path(device));
else
log_err(cd, _("Cannot open device %s.\n"), device_path(device));
log_err(cd, _("Cannot open device %s."), device_path(device));
device_write_unlock(device);
r = -EINVAL;
goto out;
@@ -1223,7 +1223,7 @@ int LUKS2_config_get_flags(struct crypt_device *cd, struct luks2_hdr *hdr, uint3
found = 1;
}
if (!found)
log_verbose(cd, _("Ignored unknown flag %s.\n"),
log_verbose(cd, _("Ignored unknown flag %s."),
json_object_get_string(jobj1));
}
@@ -1867,7 +1867,7 @@ int LUKS2_activate(struct crypt_device *cd,
if (dmd.u.crypt.tag_size) {
if (!LUKS2_integrity_compatible(hdr)) {
log_err(cd, "Unsupported device integrity configuration.\n");
log_err(cd, "Unsupported device integrity configuration.");
return -EINVAL;
}
@@ -1894,7 +1894,7 @@ int LUKS2_activate(struct crypt_device *cd,
crypt_get_data_offset(cd) * SECTOR_SIZE,
&dmd.size);
if (r < 0) {
log_err(cd, "Cannot detect integrity device size.\n");
log_err(cd, "Cannot detect integrity device size.");
device_free(device);
dm_remove_device(cd, dm_int_name, 0);
return r;
@@ -1920,14 +1920,14 @@ int LUKS2_unmet_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uin
if (r) {
if (!quiet)
log_err(cd, _("Failed to read LUKS2 requirements.\n"));
log_err(cd, _("Failed to read LUKS2 requirements."));
return r;
}
/* do not mask unknown requirements check */
if (reqs_unknown(reqs)) {
if (!quiet)
log_err(cd, _("Unmet LUKS2 requirements detected.\n"));
log_err(cd, _("Unmet LUKS2 requirements detected."));
return -ETXTBSY;
}
@@ -1935,7 +1935,7 @@ int LUKS2_unmet_requirements(struct crypt_device *cd, struct luks2_hdr *hdr, uin
reqs &= ~reqs_mask;
if (reqs_reencrypt(reqs) && !quiet)
log_err(cd, _("Offline reencryption in progress. Aborting.\n"));
log_err(cd, _("Offline reencryption in progress. Aborting."));
/* any remaining unmasked requirement fails the check */
return reqs ? -EINVAL : 0;

6
lib/luks2/luks2_keyslot.c
View File

@@ -426,7 +426,7 @@ int LUKS2_keyslot_wipe(struct crypt_device *cd,
/* Just check that nobody uses the metadata now */
r = device_write_lock(cd, device);
if (r) {
log_err(cd, _("Failed to acquire write lock on device %s.\n"),
log_err(cd, _("Failed to acquire write lock on device %s."),
device_path(device));
return r;
}
@@ -443,11 +443,11 @@ int LUKS2_keyslot_wipe(struct crypt_device *cd,
area_length, area_length, NULL, NULL);
if (r) {
if (r == -EACCES) {
log_err(cd, _("Cannot write to device %s, permission denied.\n"),
log_err(cd, _("Cannot write to device %s, permission denied."),
device_path(device));
r = -EINVAL;
} else
log_err(cd, _("Cannot wipe device %s.\n"), device_path(device));
log_err(cd, _("Cannot wipe device %s."), device_path(device));
return r;
}
}

12
lib/luks2/luks2_keyslot_luks2.c
View File

@@ -37,7 +37,7 @@ static int luks2_encrypt_to_storage(char *src, size_t srcLength,
#ifndef ENABLE_AF_ALG /* Support for old kernel without Crypto API */
int r = device_write_lock(cd, device);
if (r) {
log_err(cd, _("Failed to acquire write lock on device %s.\n"), device_path(device));
log_err(cd, _("Failed to acquire write lock on device %s."), device_path(device));
return r;
}
r = LUKS_encrypt_to_storage(src, srcLength, cipher, cipher_mode, vk, sector, cd);
@@ -66,7 +66,7 @@ static int luks2_encrypt_to_storage(char *src, size_t srcLength,
r = device_write_lock(cd, device);
if (r) {
log_err(cd, _("Failed to acquire write lock on device %s.\n"),
log_err(cd, _("Failed to acquire write lock on device %s."),
device_path(device));
return r;
}
@@ -86,7 +86,7 @@ static int luks2_encrypt_to_storage(char *src, size_t srcLength,
device_write_unlock(device);
if (r)
log_err(cd, _("IO error while encrypting keyslot.\n"));
log_err(cd, _("IO error while encrypting keyslot."));
return r;
#endif
@@ -100,7 +100,7 @@ static int luks2_decrypt_from_storage(char *dst, size_t dstLength,
#ifndef ENABLE_AF_ALG /* Support for old kernel without Crypto API */
int r = device_read_lock(cd, device);
if (r) {
log_err(cd, _("Failed to acquire read lock on device %s.\n"), device_path(device));
log_err(cd, _("Failed to acquire read lock on device %s."), device_path(device));
return r;
}
r = LUKS_decrypt_from_storage(dst, dstLength, cipher, cipher_mode, vk, sector, cd);
@@ -123,7 +123,7 @@ static int luks2_decrypt_from_storage(char *dst, size_t dstLength,
r = device_read_lock(cd, device);
if (r) {
log_err(cd, _("Failed to acquire read lock on device %s.\n"),
log_err(cd, _("Failed to acquire read lock on device %s."),
device_path(device));
crypt_storage_destroy(s);
return r;
@@ -147,7 +147,7 @@ static int luks2_decrypt_from_storage(char *dst, size_t dstLength,
if (!r)
r = crypt_storage_decrypt(s, 0, dstLength / SECTOR_SIZE, dst);
else
log_err(cd, _("IO error while decrypting keyslot.\n"));
log_err(cd, _("IO error while decrypting keyslot."));
crypt_storage_destroy(s);
return r;

22
lib/luks2/luks2_luks1_convert.c
View File

@@ -474,7 +474,7 @@ static int luks_header_in_use(struct crypt_device *cd)
r = lookup_dm_dev_by_uuid(crypt_get_uuid(cd), crypt_get_type(cd));
if (r < 0)
log_err(cd, _("Can not check status of device with uuid: %s.\n"), crypt_get_uuid(cd));
log_err(cd, _("Can not check status of device with uuid: %s."), crypt_get_uuid(cd));
return r;
}
@@ -500,7 +500,7 @@ static int luksmeta_header_present(struct crypt_device *cd, off_t luks1_size)
if (read_lseek_blockwise(devfd, device_block_size(device), device_alignment(device),
buf, sizeof(LM_MAGIC), luks1_size) == (ssize_t)sizeof(LM_MAGIC) &&
!memcmp(LM_MAGIC, buf, sizeof(LM_MAGIC))) {
log_err(cd, _("Unable to convert header with LUKSMETA additional metadata.\n"));
log_err(cd, _("Unable to convert header with LUKSMETA additional metadata."));
r = -EBUSY;
}
@@ -537,7 +537,7 @@ int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct
log_dbg("Max size: %" PRIu64 ", LUKS1 (full) header size %zu , required shift: %zu",
max_size, luks1_size, luks1_shift);
if ((max_size - luks1_size) < luks1_shift) {
log_err(cd, _("Unable to move keyslot area. Not enough space.\n"));
log_err(cd, _("Unable to move keyslot area. Not enough space."));
return -EINVAL;
}
@@ -577,7 +577,7 @@ int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct
buf_offset = 2 * LUKS2_HDR_16K_LEN;
buf_size = luks1_size - LUKS_ALIGN_KEYSLOTS;
if ((r = move_keyslot_areas(cd, 8 * SECTOR_SIZE, buf_offset, buf_size)) < 0) {
log_err(cd, _("Unable to move keyslot area.\n"));
log_err(cd, _("Unable to move keyslot area."));
goto out;
}
@@ -665,7 +665,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
if (!json_object_object_get_ex(jobj_digest, "type", &jobj2) ||
strcmp(json_object_get_string(jobj2), "pbkdf2") ||
json_object_object_length(jobj1) != 1) {
log_err(cd, _("Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible.\n"));
log_err(cd, _("Cannot convert to LUKS1 format - key slot digests are not LUKS1 compatible."));
return -EINVAL;
}
@@ -674,7 +674,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
return r;
if (crypt_cipher_wrapped_key(cipher)) {
log_err(cd, _("Cannot convert to LUKS1 format - device uses wrapped key cipher %s.\n"), cipher);
log_err(cd, _("Cannot convert to LUKS1 format - device uses wrapped key cipher %s."), cipher);
return -EINVAL;
}
@@ -682,7 +682,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
if (r < 0)
return r;
if (r > 0) {
log_err(cd, _("Cannot convert to LUKS1 format - LUKS2 header contains %u token(s).\n"), r);
log_err(cd, _("Cannot convert to LUKS1 format - LUKS2 header contains %u token(s)."), r);
return -EINVAL;
}
@@ -696,17 +696,17 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
continue;
if (LUKS2_keyslot_info(hdr2, i) == CRYPT_SLOT_INVALID) {
log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is in invalid state.\n"), i);
log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is in invalid state."), i);
return -EINVAL;
}
if (i >= LUKS_NUMKEYS) {
log_err(cd, _("Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active.\n"), i);
log_err(cd, _("Cannot convert to LUKS1 format - slot %u (over maximum slots) is still active."), i);
return -EINVAL;
}
if (!keyslot_LUKS1_compatible(hdr2, i, key_size)) {
log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible.\n"), i);
log_err(cd, _("Cannot convert to LUKS1 format - keyslot %u is not LUKS1 compatible."), i);
return -EINVAL;
}
}
@@ -843,7 +843,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
buf_size = LUKS2_keyslots_size(hdr2->jobj);
r = move_keyslot_areas(cd, buf_offset, 8 * SECTOR_SIZE, buf_size);
if (r < 0) {
log_err(cd, _("Unable to move keyslot area.\n"));
log_err(cd, _("Unable to move keyslot area."));
return r;
}

4
lib/luks2/luks2_token.c
View File

@@ -263,7 +263,7 @@ int LUKS2_builtin_token_create(struct crypt_device *cd,
if (token == CRYPT_ANY_TOKEN) {
if ((token = LUKS2_token_find_free(hdr)) < 0)
log_err(cd, _("No free token slot\n"));
log_err(cd, _("No free token slot."));
}
if (token < 0 || token >= LUKS2_TOKENS_MAX)
return -EINVAL;
@@ -271,7 +271,7 @@ int LUKS2_builtin_token_create(struct crypt_device *cd,
r = th->set(&jobj_token, params);
if (r) {
log_err(cd, _("Failed to create builtin token %s.\n"), type);
log_err(cd, _("Failed to create builtin token %s."), type);
return r;
}

8
lib/random.c
View File

@@ -167,13 +167,13 @@ int crypt_random_init(struct crypt_device *ctx)
goto fail;
if (crypt_fips_mode())
log_verbose(ctx, _("Running in FIPS mode.\n"));
log_verbose(ctx, _("Running in FIPS mode."));
random_initialised = 1;
return 0;
fail:
crypt_random_exit();
log_err(ctx, _("Fatal error during RNG initialisation.\n"));
log_err(ctx, _("Fatal error during RNG initialisation."));
return -ENOSYS;
}
@@ -210,12 +210,12 @@ int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int qualit
}
break;
default:
log_err(ctx, _("Unknown RNG quality requested.\n"));
log_err(ctx, _("Unknown RNG quality requested."));
return -EINVAL;
}
if (status)
log_err(ctx, _("Error reading from RNG.\n"));
log_err(ctx, _("Error reading from RNG."));
return status;
}

196
lib/setup.c
View File

@@ -200,13 +200,13 @@ int init_crypto(struct crypt_device *ctx)
r = crypt_random_init(ctx);
if (r < 0) {
log_err(ctx, _("Cannot initialize crypto RNG backend.\n"));
log_err(ctx, _("Cannot initialize crypto RNG backend."));
return r;
}
r = crypt_backend_init(ctx);
if (r < 0)
log_err(ctx, _("Cannot initialize crypto backend.\n"));
log_err(ctx, _("Cannot initialize crypto backend."));
if (!r && !_crypto_logged) {
log_dbg("Crypto backend (%s) initialized in cryptsetup library version %s.",
@@ -237,10 +237,10 @@ static int process_key(struct crypt_device *cd, const char *hash_name,
r = crypt_plain_hash(cd, hash_name, (*vk)->key, key_size, pass, passLen);
if (r < 0) {
if (r == -ENOENT)
log_err(cd, _("Hash algorithm %s not supported.\n"),
log_err(cd, _("Hash algorithm %s not supported."),
hash_name);
else
log_err(cd, _("Key processing error (using hash %s).\n"),
log_err(cd, _("Key processing error (using hash %s)."),
hash_name);
crypt_free_volume_key(*vk);
*vk = NULL;
@@ -301,13 +301,13 @@ static int _onlyLUKS(struct crypt_device *cd, uint32_t cdflags)
if (cd && !cd->type) {
if (!(cdflags & CRYPT_CD_QUIET))
log_err(cd, _("Cannot determine device type. Incompatible activation of device?\n"));
log_err(cd, _("Cannot determine device type. Incompatible activation of device?"));
r = -EINVAL;
}
if (!cd || !isLUKS(cd->type)) {
if (!(cdflags & CRYPT_CD_QUIET))
log_err(cd, _("This operation is supported only for LUKS device.\n"));
log_err(cd, _("This operation is supported only for LUKS device."));
r = -EINVAL;
}
@@ -328,13 +328,13 @@ static int _onlyLUKS2(struct crypt_device *cd, uint32_t cdflags)
if (cd && !cd->type) {
if (!(cdflags & CRYPT_CD_QUIET))
log_err(cd, _("Cannot determine device type. Incompatible activation of device?\n"));
log_err(cd, _("Cannot determine device type. Incompatible activation of device?"));
r = -EINVAL;
}
if (!cd || !isLUKS2(cd->type)) {
if (!(cdflags & CRYPT_CD_QUIET))
log_err(cd, _("This operation is supported only for LUKS2 device.\n"));
log_err(cd, _("This operation is supported only for LUKS2 device."));
r = -EINVAL;
}
@@ -379,7 +379,7 @@ static int keyslot_verify_or_find_empty(struct crypt_device *cd, int *keyslot)
else
*keyslot = LUKS2_keyslot_find_empty(&cd->u.luks2.hdr, "luks2");
if (*keyslot < 0) {
log_err(cd, _("All key slots full.\n"));
log_err(cd, _("All key slots full."));
return -EINVAL;
}
}
@@ -390,13 +390,13 @@ static int keyslot_verify_or_find_empty(struct crypt_device *cd, int *keyslot)
ki = LUKS2_keyslot_info(&cd->u.luks2.hdr, *keyslot);
switch (ki) {
case CRYPT_SLOT_INVALID:
log_err(cd, _("Key slot %d is invalid, please select between 0 and %d.\n"),
log_err(cd, _("Key slot %d is invalid, please select between 0 and %d."),
*keyslot, LUKS_NUMKEYS - 1);
return -EINVAL;
case CRYPT_SLOT_INACTIVE:
break;
default:
log_err(cd, _("Key slot %d is full, please select another one.\n"),
log_err(cd, _("Key slot %d is full, please select another one."),
*keyslot);
return -EINVAL;
}
@@ -594,7 +594,7 @@ static int crypt_check_data_device_size(struct crypt_device *cd)
return r;
if (size < size_min) {
log_err(cd, _("Header detected but device %s is too small.\n"),
log_err(cd, _("Header detected but device %s is too small."),
device_path(cd->device));
return -EINVAL;
}
@@ -613,7 +613,7 @@ int crypt_set_data_device(struct crypt_device *cd, const char *device)
log_dbg("Setting ciphertext data device to %s.", device ?: "(none)");
if (!isLUKS1(cd->type) && !isLUKS2(cd->type) && !isVERITY(cd->type)) {
log_err(cd, _("This operation is not supported for this device type.\n"));
log_err(cd, _("This operation is not supported for this device type."));
return -EINVAL;
}
@@ -1236,7 +1236,7 @@ int crypt_init_by_name_and_header(struct crypt_device **cd,
return -ENODEV;
if (ci < CRYPT_ACTIVE) {
log_err(NULL, _("Device %s is not active.\n"), name);
log_err(NULL, _("Device %s is not active."), name);
return -ENODEV;
}
@@ -1253,7 +1253,7 @@ int crypt_init_by_name_and_header(struct crypt_device **cd,
/* Underlying device disappeared but mapping still active */
if (!dmd.data_device || r == -ENOTBLK)
log_verbose(NULL, _("Underlying device for crypt device %s disappeared.\n"),
log_verbose(NULL, _("Underlying device for crypt device %s disappeared."),
name);
/* Underlying device is not readable but crypt mapping exists */
@@ -1333,17 +1333,17 @@ static int _crypt_format_plain(struct crypt_device *cd,
unsigned int sector_size = params ? params->sector_size : SECTOR_SIZE;
if (!cipher || !cipher_mode) {
log_err(cd, _("Invalid plain crypt parameters.\n"));
log_err(cd, _("Invalid plain crypt parameters."));
return -EINVAL;
}
if (volume_key_size > 1024) {
log_err(cd, _("Invalid key size.\n"));
log_err(cd, _("Invalid key size."));
return -EINVAL;
}
if (uuid) {
log_err(cd, _("UUID is not supported for this crypt type.\n"));
log_err(cd, _("UUID is not supported for this crypt type."));
return -EINVAL;
}
@@ -1353,7 +1353,7 @@ static int _crypt_format_plain(struct crypt_device *cd,
if (sector_size < SECTOR_SIZE || sector_size > MAX_SECTOR_SIZE ||
(sector_size & (sector_size - 1))) {
log_err(cd, _("Unsupported encryption sector size.\n"));
log_err(cd, _("Unsupported encryption sector size."));
return -EINVAL;
}
@@ -1399,7 +1399,7 @@ static int _crypt_format_luks1(struct crypt_device *cd,
return -EINVAL;
if (!crypt_metadata_device(cd)) {
log_err(cd, _("Can't format LUKS without device.\n"));
log_err(cd, _("Can't format LUKS without device."));
return -EINVAL;
}
@@ -1461,7 +1461,7 @@ static int _crypt_format_luks1(struct crypt_device *cd,
r = crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO, 0,
8 * SECTOR_SIZE, 8 * SECTOR_SIZE, NULL, NULL);
if (r < 0) {
log_err(cd, _("Cannot wipe header on device %s.\n"),
log_err(cd, _("Cannot wipe header on device %s."),
mdata_device_path(cd));
return r;
}
@@ -1491,13 +1491,13 @@ static int _crypt_format_luks2(struct crypt_device *cd,
return -EINVAL;
if (!crypt_metadata_device(cd)) {
log_err(cd, _("Can't format LUKS without device.\n"));
log_err(cd, _("Can't format LUKS without device."));
return -EINVAL;
}
if (sector_size < SECTOR_SIZE || sector_size > MAX_SECTOR_SIZE ||
(sector_size & (sector_size - 1))) {
log_err(cd, _("Unsupported encryption sector size.\n"));
log_err(cd, _("Unsupported encryption sector size."));
return -EINVAL;
}
@@ -1520,7 +1520,7 @@ static int _crypt_format_luks2(struct crypt_device *cd,
}
integrity_key_size = INTEGRITY_key_size(cd, integrity);
if ((integrity_key_size < 0) || (integrity_key_size >= (int)volume_key_size)) {
log_err(cd, _("Volume key is too small for encryption with integrity extensions.\n"));
log_err(cd, _("Volume key is too small for encryption with integrity extensions."));
return -EINVAL;
}
}
@@ -1528,7 +1528,7 @@ static int _crypt_format_luks2(struct crypt_device *cd,
r = device_check_access(cd, crypt_metadata_device(cd), DEV_EXCL);
if (r < 0) {
log_err(cd, _("Cannot use device %s which is in use "
"(already mapped or mounted).\n"),
"(already mapped or mounted)."),
device_path(crypt_metadata_device(cd)));
return r;
}
@@ -1607,14 +1607,14 @@ static int _crypt_format_luks2(struct crypt_device *cd,
8 * SECTOR_SIZE, 8 * SECTOR_SIZE, NULL, NULL);
if (r < 0) {
if (r == -EBUSY)
log_err(cd, _("Cannot format device %s which is still in use.\n"),
log_err(cd, _("Cannot format device %s which is still in use."),
mdata_device_path(cd));
else if (r == -EACCES) {
log_err(cd, _("Cannot format device %s, permission denied.\n"),
log_err(cd, _("Cannot format device %s, permission denied."),
mdata_device_path(cd));
r = -EINVAL;
} else
log_err(cd, _("Cannot wipe header on device %s.\n"),
log_err(cd, _("Cannot wipe header on device %s."),
mdata_device_path(cd));
goto out;
@@ -1622,7 +1622,7 @@ static int _crypt_format_luks2(struct crypt_device *cd,
r = device_write_lock(cd, crypt_metadata_device(cd));
if (r) {
log_err(cd, _("Failed to acquire write lock on device %s.\n"),
log_err(cd, _("Failed to acquire write lock on device %s."),
mdata_device_path(cd));
r = -EINVAL;
goto out;
@@ -1630,7 +1630,7 @@ static int _crypt_format_luks2(struct crypt_device *cd,
r = INTEGRITY_format(cd, params ? params->integrity_params : NULL, NULL, NULL);
if (r)
log_err(cd, _("Cannot format integrity for device %s.\n"),
log_err(cd, _("Cannot format integrity for device %s."),
mdata_device_path(cd));
device_write_unlock(crypt_metadata_device(cd));
@@ -1642,14 +1642,14 @@ static int _crypt_format_luks2(struct crypt_device *cd,
r = LUKS2_hdr_write(cd, &cd->u.luks2.hdr);
if (r < 0) {
if (r == -EBUSY)
log_err(cd, _("Cannot format device %s in use.\n"),
log_err(cd, _("Cannot format device %s in use."),
mdata_device_path(cd));
else if (r == -EACCES) {
log_err(cd, _("Cannot format device %s, permission denied.\n"),
log_err(cd, _("Cannot format device %s, permission denied."),
mdata_device_path(cd));
r = -EINVAL;
} else
log_err(cd, _("Cannot format device %s\n"),
log_err(cd, _("Cannot format device %s."),
mdata_device_path(cd));
}
@@ -1672,17 +1672,17 @@ static int _crypt_format_loopaes(struct crypt_device *cd,
struct crypt_params_loopaes *params)
{
if (!crypt_metadata_device(cd)) {
log_err(cd, _("Can't format LOOPAES without device.\n"));
log_err(cd, _("Can't format LOOPAES without device."));
return -EINVAL;
}
if (volume_key_size > 1024) {
log_err(cd, _("Invalid key size.\n"));
log_err(cd, _("Invalid key size."));
return -EINVAL;
}
if (uuid) {
log_err(cd, _("UUID is not supported for this crypt type.\n"));
log_err(cd, _("UUID is not supported for this crypt type."));
return -EINVAL;
}
@@ -1712,7 +1712,7 @@ static int _crypt_format_verity(struct crypt_device *cd,
char *fec_device_path = NULL, *hash_name = NULL, *root_hash = NULL, *salt = NULL;
if (!crypt_metadata_device(cd)) {
log_err(cd, _("Can't format VERITY without device.\n"));
log_err(cd, _("Can't format VERITY without device."));
return -EINVAL;
}
@@ -1720,23 +1720,23 @@ static int _crypt_format_verity(struct crypt_device *cd,
return -EINVAL;
if (params->hash_type > VERITY_MAX_HASH_TYPE) {
log_err(cd, _("Unsupported VERITY hash type %d.\n"), params->hash_type);
log_err(cd, _("Unsupported VERITY hash type %d."), params->hash_type);
return -EINVAL;
}
if (VERITY_BLOCK_SIZE_OK(params->data_block_size) ||
VERITY_BLOCK_SIZE_OK(params->hash_block_size)) {
log_err(cd, _("Unsupported VERITY block size.\n"));
log_err(cd, _("Unsupported VERITY block size."));
return -EINVAL;
}
if (params->hash_area_offset % 512) {
log_err(cd, _("Unsupported VERITY hash offset.\n"));
log_err(cd, _("Unsupported VERITY hash offset."));
return -EINVAL;
}
if (params->fec_area_offset % 512) {
log_err(cd, _("Unsupported VERITY FEC offset.\n"));
log_err(cd, _("Unsupported VERITY FEC offset."));
return -EINVAL;
}
@@ -1757,13 +1757,13 @@ static int _crypt_format_verity(struct crypt_device *cd,
if (device_is_identical(crypt_metadata_device(cd), crypt_data_device(cd)) &&
(cd->u.verity.hdr.data_size * params->data_block_size) > params->hash_area_offset) {
log_err(cd, _("Data area overlaps with hash area.\n"));
log_err(cd, _("Data area overlaps with hash area."));
return -EINVAL;
}
hash_size = crypt_hash_size(params->hash_name);
if (hash_size <= 0) {
log_err(cd, _("Hash algorithm %s not supported.\n"),
log_err(cd, _("Hash algorithm %s not supported."),
params->hash_name);
return -EINVAL;
}
@@ -1782,14 +1782,14 @@ static int _crypt_format_verity(struct crypt_device *cd,
hash_blocks_size = VERITY_hash_blocks(cd, params) * params->hash_block_size;
if (device_is_identical(crypt_metadata_device(cd), fec_device) &&
(params->hash_area_offset + hash_blocks_size) > params->fec_area_offset) {
log_err(cd, _("Hash area overlaps with FEC area.\n"));
log_err(cd, _("Hash area overlaps with FEC area."));
r = -EINVAL;
goto err;
}
if (device_is_identical(crypt_data_device(cd), fec_device) &&
(cd->u.verity.hdr.data_size * params->data_block_size) > params->fec_area_offset) {
log_err(cd, _("Data area overlaps with FEC area.\n"));
log_err(cd, _("Data area overlaps with FEC area."));
r = -EINVAL;
goto err;
}
@@ -1873,7 +1873,7 @@ static int _crypt_format_integrity(struct crypt_device *cd,
return -EINVAL;
if (uuid) {
log_err(cd, _("UUID is not supported for this crypt type.\n"));
log_err(cd, _("UUID is not supported for this crypt type."));
return -EINVAL;
}
@@ -1885,7 +1885,7 @@ static int _crypt_format_integrity(struct crypt_device *cd,
r = crypt_wipe_device(cd, crypt_metadata_device(cd), CRYPT_WIPE_ZERO, 0,
8 * SECTOR_SIZE, 8 * SECTOR_SIZE, NULL, NULL);
if (r < 0) {
log_err(cd, _("Cannot wipe header on device %s.\n"),
log_err(cd, _("Cannot wipe header on device %s."),
mdata_device_path(cd));
return r;
}
@@ -1937,7 +1937,7 @@ static int _crypt_format_integrity(struct crypt_device *cd,
r = INTEGRITY_format(cd, params, cd->u.integrity.journal_crypt_key, cd->u.integrity.journal_mac_key);
if (r)
log_err(cd, _("Cannot format integrity for device %s.\n"),
log_err(cd, _("Cannot format integrity for device %s."),
mdata_device_path(cd));
err:
if (r) {
@@ -1994,7 +1994,7 @@ int crypt_format(struct crypt_device *cd,
else if (isINTEGRITY(type))
r = _crypt_format_integrity(cd, uuid, params);
else {
log_err(cd, _("Unknown crypt device type %s requested.\n"), type);
log_err(cd, _("Unknown crypt device type %s requested."), type);
r = -EINVAL;
}
@@ -2063,7 +2063,7 @@ int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size)
DM_ACTIVE_UUID | DM_ACTIVE_CRYPT_KEYSIZE |
DM_ACTIVE_CRYPT_KEY, &dmd);
if (r < 0) {
log_err(NULL, _("Device %s is not active.\n"), name);
log_err(NULL, _("Device %s is not active."), name);
return -EINVAL;
}
@@ -2095,7 +2095,7 @@ int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size)
crypt_get_device_name(cd));
/* Here we always use default size not new_size */
if (crypt_loop_resize(crypt_get_device_name(cd)))
log_err(NULL, _("Cannot resize loop device.\n"));
log_err(NULL, _("Cannot resize loop device."));
}
r = device_block_adjust(cd, dmd.data_device, DEV_OK,
@@ -2104,7 +2104,7 @@ int crypt_resize(struct crypt_device *cd, const char *name, uint64_t new_size)
goto out;
if (new_size & ((dmd.u.crypt.sector_size >> SECTOR_SHIFT) - 1)) {
log_err(cd, _("Device %s size is not aligned to requested sector size (%u bytes).\n"),
log_err(cd, _("Device %s size is not aligned to requested sector size (%u bytes)."),
crypt_get_device_name(cd), (unsigned)dmd.u.crypt.sector_size);
r = -EINVAL;
goto out;
@@ -2234,7 +2234,7 @@ int crypt_header_restore(struct crypt_device *cd,
if (!version ||
(requested_type && version == 1 && !isLUKS1(requested_type)) ||
(requested_type && version == 2 && !isLUKS2(requested_type))) {
log_err(cd, _("Header backup file does not contain compatible LUKS header.\n"));
log_err(cd, _("Header backup file does not contain compatible LUKS header."));
return -EINVAL;
}
@@ -2323,7 +2323,7 @@ int crypt_suspend(struct crypt_device *cd,
if (r < 0)
r = crypt_uuid_type_cmp(cd, CRYPT_LUKS2);
if (r < 0)
log_err(cd, _("This operation is supported only for LUKS device.\n"));
log_err(cd, _("This operation is supported only for LUKS device."));
}
if (r < 0)
@@ -2331,7 +2331,7 @@ int crypt_suspend(struct crypt_device *cd,
ci = crypt_status(NULL, name);
if (ci < CRYPT_ACTIVE) {
log_err(cd, _("Volume %s is not active.\n"), name);
log_err(cd, _("Volume %s is not active."), name);
return -EINVAL;
}
@@ -2342,7 +2342,7 @@ int crypt_suspend(struct crypt_device *cd,
goto out;
if (r) {
log_err(cd, _("Volume %s is already suspended.\n"), name);
log_err(cd, _("Volume %s is already suspended."), name);
r = -EINVAL;
goto out;
}
@@ -2356,9 +2356,9 @@ int crypt_suspend(struct crypt_device *cd,
r = dm_suspend_and_wipe_key(cd, name);
if (r == -ENOTSUP)
log_err(cd, _("Suspend is not supported for device %s.\n"), name);
log_err(cd, _("Suspend is not supported for device %s."), name);
else if (r)
log_err(cd, _("Error during suspending device %s.\n"), name);
log_err(cd, _("Error during suspending device %s."), name);
else
crypt_drop_keyring_key(cd, key_desc);
free(key_desc);
@@ -2391,7 +2391,7 @@ int crypt_resume_by_passphrase(struct crypt_device *cd,
return r;
if (!r) {
log_err(cd, _("Volume %s is not suspended.\n"), name);
log_err(cd, _("Volume %s is not suspended."), name);
return -EINVAL;
}
@@ -2420,9 +2420,9 @@ int crypt_resume_by_passphrase(struct crypt_device *cd,
r = dm_resume_and_reinstate_key(cd, name, vk);
if (r == -ENOTSUP)
log_err(cd, _("Resume is not supported for device %s.\n"), name);
log_err(cd, _("Resume is not supported for device %s."), name);
else if (r)
log_err(cd, _("Error during resuming device %s.\n"), name);
log_err(cd, _("Error during resuming device %s."), name);
out:
if (r < 0 && vk)
crypt_drop_keyring_key(cd, vk->key_description);
@@ -2458,7 +2458,7 @@ int crypt_resume_by_keyfile_device_offset(struct crypt_device *cd,
return r;
if (!r) {
log_err(cd, _("Volume %s is not suspended.\n"), name);
log_err(cd, _("Volume %s is not suspended."), name);
return -EINVAL;
}
@@ -2490,7 +2490,7 @@ int crypt_resume_by_keyfile_device_offset(struct crypt_device *cd,
r = dm_resume_and_reinstate_key(cd, name, vk);
if (r)
log_err(cd, _("Error during resuming device %s.\n"), name);
log_err(cd, _("Error during resuming device %s."), name);
out:
crypt_safe_free(passphrase_read);
if (r < 0 && vk)
@@ -2558,7 +2558,7 @@ int crypt_keyslot_add_by_passphrase(struct crypt_device *cd,
vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key);
r = vk ? 0 : -ENOMEM;
} else {
log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided.\n"));
log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided."));
return -EINVAL;
}
} else if (active_slots < 0)
@@ -2695,15 +2695,15 @@ int crypt_keyslot_change_by_passphrase(struct crypt_device *cd,
if (keyslot_old == keyslot_new) {
if (r >= 0)
log_verbose(cd, _("Key slot %d changed.\n"), keyslot_new);
log_verbose(cd, _("Key slot %d changed."), keyslot_new);
} else {
if (r >= 0) {
log_verbose(cd, _("Replaced with key slot %d.\n"), keyslot_new);
log_verbose(cd, _("Replaced with key slot %d."), keyslot_new);
r = crypt_keyslot_destroy(cd, keyslot_old);
}
}
if (r < 0)
log_err(cd, _("Failed to swap new key slot.\n"));
log_err(cd, _("Failed to swap new key slot."));
out:
crypt_free_volume_key(vk);
if (r < 0) {
@@ -2751,7 +2751,7 @@ int crypt_keyslot_add_by_keyfile_device_offset(struct crypt_device *cd,
vk = crypt_alloc_volume_key(cd->volume_key->keylength, cd->volume_key->key);
r = vk ? 0 : -ENOMEM;
} else {
log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided.\n"));
log_err(cd, _("Cannot add key slot, all slots disabled and no volume key provided."));
return -EINVAL;
}
} else {
@@ -2868,7 +2868,7 @@ int crypt_keyslot_add_by_volume_key(struct crypt_device *cd,
r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk);
if (r < 0)
log_err(cd, _("Volume key does not match the volume.\n"));
log_err(cd, _("Volume key does not match the volume."));
else
r = LUKS_set_key(keyslot, passphrase, passphrase_size,
&cd->u.luks1.hdr, vk, cd);
@@ -2889,13 +2889,13 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot)
ki = crypt_keyslot_status(cd, keyslot);
if (ki == CRYPT_SLOT_INVALID) {
log_err(cd, _("Key slot %d is invalid.\n"), keyslot);
log_err(cd, _("Key slot %d is invalid."), keyslot);
return -EINVAL;
}
if (isLUKS1(cd->type)) {
if (ki == CRYPT_SLOT_INACTIVE) {
log_err(cd, _("Key slot %d is not used.\n"), keyslot);
log_err(cd, _("Key slot %d is not used."), keyslot);
return -EINVAL;
}
return LUKS_del_key(keyslot, &cd->u.luks1.hdr, cd);
@@ -2965,7 +2965,7 @@ static int _activate_by_passphrase(struct crypt_device *cd,
r = LUKS2_activate(cd, name, vk, flags);
}
} else {
log_err(cd, _("Device type is not properly initialised.\n"));
log_err(cd, _("Device type is not properly initialised."));
r = -EINVAL;
}
out:
@@ -3007,10 +3007,10 @@ static int _activate_check_status(struct crypt_device *cd, const char *name)
ci = crypt_status(cd, name);
if (ci == CRYPT_INVALID) {
log_err(cd, _("Cannot use device %s, name is invalid or still in use.\n"), name);
log_err(cd, _("Cannot use device %s, name is invalid or still in use."), name);
return -EINVAL;
} else if (ci >= CRYPT_ACTIVE) {
log_err(cd, _("Device %s already exists.\n"), name);
log_err(cd, _("Device %s already exists."), name);
return -EEXIST;
}
@@ -3129,7 +3129,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
return -EINVAL;
if (!volume_key || !volume_key_size || volume_key_size != cd->u.plain.key_size) {
log_err(cd, _("Incorrect volume key specified for plain device.\n"));
log_err(cd, _("Incorrect volume key specified for plain device."));
return -EINVAL;
}
@@ -3142,7 +3142,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
/* If key is not provided, try to use internal key */
if (!volume_key) {
if (!cd->volume_key) {
log_err(cd, _("Volume key does not match the volume.\n"));
log_err(cd, _("Volume key does not match the volume."));
return -EINVAL;
}
volume_key_size = cd->volume_key->keylength;
@@ -3155,7 +3155,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
r = LUKS_verify_volume_key(&cd->u.luks1.hdr, vk);
if (r == -EPERM)
log_err(cd, _("Volume key does not match the volume.\n"));
log_err(cd, _("Volume key does not match the volume."));
if (!r && name)
r = LUKS1_activate(cd, name, vk, flags);
@@ -3163,7 +3163,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
/* If key is not provided, try to use internal key */
if (!volume_key) {
if (!cd->volume_key) {
log_err(cd, _("Volume key does not match the volume.\n"));
log_err(cd, _("Volume key does not match the volume."));
return -EINVAL;
}
volume_key_size = cd->volume_key->keylength;
@@ -3176,7 +3176,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk);
if (r == -EPERM || r == -ENOENT)
log_err(cd, _("Volume key does not match the volume.\n"));
log_err(cd, _("Volume key does not match the volume."));
if (r > 0)
r = 0;
@@ -3195,7 +3195,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
} else if (isVERITY(cd->type)) {
/* volume_key == root hash */
if (!volume_key || !volume_key_size) {
log_err(cd, _("Incorrect root hash specified for verity device.\n"));
log_err(cd, _("Incorrect root hash specified for verity device."));
return -EINVAL;
}
@@ -3229,7 +3229,7 @@ int crypt_activate_by_volume_key(struct crypt_device *cd,
cd->u.integrity.journal_crypt_key,
cd->u.integrity.journal_mac_key, flags);
} else {
log_err(cd, _("Device type is not properly initialised.\n"));
log_err(cd, _("Device type is not properly initialised."));
r = -EINVAL;
}
@@ -3271,7 +3271,7 @@ int crypt_deactivate_by_name(struct crypt_device *cd, const char *name, uint32_t
r = dm_query_device(cd, name, get_flags, &dmd);
if (r >= 0) {
if (dmd.holders) {
log_err(cd, _("Device %s is still in use.\n"), name);
log_err(cd, _("Device %s is still in use."), name);
r = -EBUSY;
break;
}
@@ -3286,7 +3286,7 @@ int crypt_deactivate_by_name(struct crypt_device *cd, const char *name, uint32_t
else
r = dm_remove_device(cd, name, flags);
if (r < 0 && crypt_status(cd, name) == CRYPT_BUSY) {
log_err(cd, _("Device %s is still in use.\n"), name);
log_err(cd, _("Device %s is still in use."), name);
r = -EBUSY;
} else if (namei) {
log_dbg("Deactivating integrity device %s.", namei);
@@ -3297,11 +3297,11 @@ int crypt_deactivate_by_name(struct crypt_device *cd, const char *name, uint32_t
free(key_desc);
break;
case CRYPT_INACTIVE:
log_err(cd, _("Device %s is not active.\n"), name);
log_err(cd, _("Device %s is not active."), name);
r = -ENODEV;
break;
default:
log_err(cd, _("Invalid device %s.\n"), name);
log_err(cd, _("Invalid device %s."), name);
r = -EINVAL;
}
@@ -3386,7 +3386,7 @@ int crypt_volume_key_get(struct crypt_device *cd,
if (crypt_fips_mode() && !crypt_cipher_wrapped_key(crypt_get_cipher(cd))) {
if (!isLUKS2(cd->type) || keyslot == CRYPT_ANY_SLOT ||
!LUKS2_keyslot_for_segment(&cd->u.luks2.hdr, keyslot, CRYPT_DEFAULT_SEGMENT)) {
log_err(cd, _("Function not available in FIPS mode.\n"));
log_err(cd, _("Function not available in FIPS mode."));
return -EACCES;
}
}
@@ -3400,7 +3400,7 @@ int crypt_volume_key_get(struct crypt_device *cd,
return -EINVAL;
if (key_len > (int)*volume_key_size) {
log_err(cd, _("Volume key buffer too small.\n"));
log_err(cd, _("Volume key buffer too small."));
return -ENOMEM;
}
@@ -3408,7 +3408,7 @@ int crypt_volume_key_get(struct crypt_device *cd,
r = process_key(cd, cd->u.plain.hdr.hash, key_len,
passphrase, passphrase_size, &vk);
if (r < 0)
log_err(cd, _("Cannot retrieve volume key for plain device.\n"));
log_err(cd, _("Cannot retrieve volume key for plain device."));
} else if (isLUKS1(cd->type)) {
r = LUKS_open_key_with_hdr(keyslot, passphrase,
passphrase_size, &cd->u.luks1.hdr, &vk, cd);
@@ -3419,7 +3419,7 @@ int crypt_volume_key_get(struct crypt_device *cd,
} else if (isTCRYPT(cd->type)) {
r = TCRYPT_get_volume_key(cd, &cd->u.tcrypt.hdr, &cd->u.tcrypt.params, &vk);
} else
log_err(cd, _("This operation is not supported for %s crypt device.\n"), cd->type ?: "(none)");
log_err(cd, _("This operation is not supported for %s crypt device."), cd->type ?: "(none)");
if (r >= 0) {
memcpy(volume_key, vk->key, vk->keylength);
@@ -3450,7 +3450,7 @@ int crypt_volume_key_verify(struct crypt_device *cd,
r = LUKS2_digest_verify_by_segment(cd, &cd->u.luks2.hdr, CRYPT_DEFAULT_SEGMENT, vk);
if (r == -EPERM)
log_err(cd, _("Volume key does not match the volume.\n"));
log_err(cd, _("Volume key does not match the volume."));
crypt_free_volume_key(vk);
@@ -3606,7 +3606,7 @@ int crypt_dump(struct crypt_device *cd)
else if (isINTEGRITY(cd->type))
return INTEGRITY_dump(cd, crypt_data_device(cd), 0);
log_err(cd, _("Dump operation is not supported for this device type.\n"));
log_err(cd, _("Dump operation is not supported for this device type."));
return -EINVAL;
}
@@ -3998,7 +3998,7 @@ int crypt_convert(struct crypt_device *cd,
/* in-memory header may be invalid after failed conversion */
_luks2_reload(cd);
if (r == -EBUSY)
log_err(cd, _("Cannot convert device %s which is still in use.\n"), mdata_device_path(cd));
log_err(cd, _("Cannot convert device %s which is still in use."), mdata_device_path(cd));
return r;
}
@@ -4281,7 +4281,7 @@ static int verify_and_update_segment_digest(struct crypt_device *cd,
r = update_volume_key_segment_digest(cd, &cd->u.luks2.hdr, digest, 1);
if (r)
log_err(cd, _("Failed to assign keyslot %u as the new volume key.\n"), keyslot);
log_err(cd, _("Failed to assign keyslot %u as the new volume key."), keyslot);
out:
crypt_free_volume_key(vk);
return r < 0 ? r : keyslot;
@@ -4344,19 +4344,19 @@ int crypt_keyslot_add_by_key(struct crypt_device *cd,
r = LUKS2_keyslot_params_default(cd, &cd->u.luks2.hdr, vk->keylength, &params);
if (r < 0) {
log_err(cd, _("Failed to initialise default LUKS2 keyslot parameters.\n"));
log_err(cd, _("Failed to initialise default LUKS2 keyslot parameters."));
goto out;
}
r = digest;
if (r < 0) {
log_err(cd, _("Volume key does not match the volume.\n"));
log_err(cd, _("Volume key does not match the volume."));
goto out;
}
r = LUKS2_digest_assign(cd, &cd->u.luks2.hdr, keyslot, digest, 1, 0);
if (r < 0) {
log_err(cd, _("Failed to assign keyslot %d to digest.\n"), keyslot);
log_err(cd, _("Failed to assign keyslot %d to digest."), keyslot);
goto out;
}
@@ -4440,7 +4440,7 @@ int crypt_volume_key_load_in_keyring(struct crypt_device *cd, struct volume_key
r = keyring_add_key_in_thread_keyring(vk->key_description, vk->key, vk->keylength);
if (r) {
log_dbg("keyring_add_key_in_thread_keyring failed (error %d)", r);
log_err(cd, _("Failed to load key in kernel keyring.\n"));
log_err(cd, _("Failed to load key in kernel keyring."));
} else
crypt_set_key_in_keyring(cd, 1);
@@ -4495,7 +4495,7 @@ int crypt_activate_by_keyring(struct crypt_device *cd,
name ? "Activating" : "Checking", name ?: "passphrase", keyslot);
if (!kernel_keyring_support()) {
log_err(cd, _("Kernel keyring is not supported by the kernel.\n"));
log_err(cd, _("Kernel keyring is not supported by the kernel."));
return -EINVAL;
}

22
lib/tcrypt/tcrypt.c
View File

@@ -472,14 +472,14 @@ static int TCRYPT_pool_keyfile(struct crypt_device *cd,
fd = open(keyfile, O_RDONLY);
if (fd < 0) {
log_err(cd, _("Failed to open key file.\n"));
log_err(cd, _("Failed to open key file."));
goto out;
}
data_size = read_buffer(fd, data, TCRYPT_KEYFILE_LEN);
close(fd);
if (data_size < 0) {
log_err(cd, _("Error reading keyfile %s.\n"), keyfile);
log_err(cd, _("Error reading keyfile %s."), keyfile);
goto out;
}
@@ -519,7 +519,7 @@ static int TCRYPT_init_hdr(struct crypt_device *cd,
passphrase_size = params->passphrase_size;
if (params->passphrase_size > TCRYPT_KEY_POOL_LEN) {
log_err(cd, _("Maximum TCRYPT passphrase length (%d) exceeded.\n"),
log_err(cd, _("Maximum TCRYPT passphrase length (%d) exceeded."),
TCRYPT_KEY_POOL_LEN);
goto out;
}
@@ -560,7 +560,7 @@ static int TCRYPT_init_hdr(struct crypt_device *cd,
key, TCRYPT_HDR_KEY_LEN,
iterations, 0, 0);
if (r < 0 && crypt_hash_size(tcrypt_kdf[i].hash) < 0) {
log_verbose(cd, _("PBKDF2 hash algorithm %s not available, skipping.\n"),
log_verbose(cd, _("PBKDF2 hash algorithm %s not available, skipping."),
tcrypt_kdf[i].hash);
continue;
}
@@ -578,9 +578,9 @@ static int TCRYPT_init_hdr(struct crypt_device *cd,
}
if ((r < 0 && r != -EPERM && skipped && skipped == i) || r == -ENOTSUP) {
log_err(cd, _("Required kernel crypto interface not available.\n"));
log_err(cd, _("Required kernel crypto interface not available."));
#ifdef ENABLE_AF_ALG
log_err(cd, _("Ensure you have algif_skcipher kernel module loaded.\n"));
log_err(cd, _("Ensure you have algif_skcipher kernel module loaded."));
#endif
}
if (r < 0)
@@ -637,7 +637,7 @@ int TCRYPT_read_phdr(struct crypt_device *cd,
devfd = device_open(device, O_RDONLY);
if (devfd < 0) {
log_err(cd, _("Cannot open device %s.\n"), device_path(device));
log_err(cd, _("Cannot open device %s."), device_path(device));
return -EINVAL;
}
@@ -726,13 +726,13 @@ int TCRYPT_activate(struct crypt_device *cd,
}
if (hdr->d.sector_size && hdr->d.sector_size != SECTOR_SIZE) {
log_err(cd, _("Activation is not supported for %d sector size.\n"),
log_err(cd, _("Activation is not supported for %d sector size."),
hdr->d.sector_size);
return -ENOTSUP;
}
if (strstr(params->mode, "-tcrypt")) {
log_err(cd, _("Kernel doesn't support activation for this TCRYPT legacy mode.\n"));
log_err(cd, _("Kernel doesn't support activation for this TCRYPT legacy mode."));
return -ENOTSUP;
}
@@ -766,7 +766,7 @@ int TCRYPT_activate(struct crypt_device *cd,
dmd.u.crypt.offset, dmd.size);
if (part_path) {
if (!device_alloc(&part_device, part_path)) {
log_verbose(cd, _("Activating TCRYPT system encryption for partition %s.\n"),
log_verbose(cd, _("Activating TCRYPT system encryption for partition %s."),
part_path);
dmd.data_device = part_device;
dmd.u.crypt.offset = 0;
@@ -834,7 +834,7 @@ int TCRYPT_activate(struct crypt_device *cd,
if (r < 0 &&
(dm_flags(DM_CRYPT, &dmc_flags) || ((dmc_flags & req_flags) != req_flags))) {
log_err(cd, _("Kernel doesn't support TCRYPT compatible mapping.\n"));
log_err(cd, _("Kernel doesn't support TCRYPT compatible mapping."));
r = -ENOTSUP;
}

24
lib/utils.c
View File

@@ -78,7 +78,7 @@ int crypt_memlock_inc(struct crypt_device *ctx)
}
errno = 0;
if (((_priority = getpriority(PRIO_PROCESS, 0)) == -1) && errno)
log_err(ctx, _("Cannot get process priority.\n"));
log_err(ctx, _("Cannot get process priority."));
else
if (setpriority(PRIO_PROCESS, 0, DEFAULT_PROCESS_PRIORITY))
log_dbg("setpriority %d failed: %s",
@@ -92,7 +92,7 @@ int crypt_memlock_dec(struct crypt_device *ctx)
if (_memlock_count && (!--_memlock_count)) {
log_dbg("Unlocking memory.");
if (munlockall() == -1)
log_err(ctx, _("Cannot unlock memory.\n"));
log_err(ctx, _("Cannot unlock memory."));
if (setpriority(PRIO_PROCESS, 0, _priority))
log_dbg("setpriority %d failed: %s", _priority, strerror(errno));
}
@@ -166,12 +166,12 @@ int crypt_keyfile_device_read(struct crypt_device *cd, const char *keyfile,
fd = keyfile ? open(keyfile, O_RDONLY) : STDIN_FILENO;
if (fd < 0) {
log_err(cd, _("Failed to open key file.\n"));
log_err(cd, _("Failed to open key file."));
return -EINVAL;
}
if (isatty(fd)) {
log_err(cd, _("Cannot read keyfile from a terminal.\n"));
log_err(cd, _("Cannot read keyfile from a terminal."));
r = -EINVAL;
goto out_err;
}
@@ -188,7 +188,7 @@ int crypt_keyfile_device_read(struct crypt_device *cd, const char *keyfile,
regular_file = 0;
if (keyfile) {
if (stat(keyfile, &st) < 0) {
log_err(cd, _("Failed to stat key file.\n"));
log_err(cd, _("Failed to stat key file."));
goto out_err;
}
if (S_ISREG(st.st_mode)) {
@@ -196,7 +196,7 @@ int crypt_keyfile_device_read(struct crypt_device *cd, const char *keyfile,
file_read_size = (uint64_t)st.st_size;
if (keyfile_offset > file_read_size) {
log_err(cd, _("Cannot seek to requested keyfile offset.\n"));
log_err(cd, _("Cannot seek to requested keyfile offset."));
goto out_err;
}
file_read_size -= keyfile_offset;
@@ -211,13 +211,13 @@ int crypt_keyfile_device_read(struct crypt_device *cd, const char *keyfile,
pass = crypt_safe_alloc(buflen);
if (!pass) {
log_err(cd, _("Out of memory while reading passphrase.\n"));
log_err(cd, _("Out of memory while reading passphrase."));
goto out_err;
}
/* Discard keyfile_offset bytes on input */
if (keyfile_offset && keyfile_seek(fd, keyfile_offset) < 0) {
log_err(cd, _("Cannot seek to requested keyfile offset.\n"));
log_err(cd, _("Cannot seek to requested keyfile offset."));
goto out_err;
}
@@ -226,7 +226,7 @@ int crypt_keyfile_device_read(struct crypt_device *cd, const char *keyfile,
buflen += 4096;
pass = crypt_safe_realloc(pass, buflen);
if (!pass) {
log_err(cd, _("Out of memory while reading passphrase.\n"));
log_err(cd, _("Out of memory while reading passphrase."));
r = -ENOMEM;
goto out_err;
}
@@ -246,7 +246,7 @@ int crypt_keyfile_device_read(struct crypt_device *cd, const char *keyfile,
}
char_read = read_buffer(fd, &pass[i], char_to_read);
if (char_read < 0) {
log_err(cd, _("Error reading passphrase.\n"));
log_err(cd, _("Error reading passphrase."));
r = -EPIPE;
goto out_err;
}
@@ -270,12 +270,12 @@ int crypt_keyfile_device_read(struct crypt_device *cd, const char *keyfile,
/* Fail if we exceeded internal default (no specified size) */
if (unlimited_read && i == keyfile_size_max) {
log_err(cd, _("Maximum keyfile size exceeded.\n"));
log_err(cd, _("Maximum keyfile size exceeded."));
goto out_err;
}
if (!unlimited_read && i != keyfile_size_max) {
log_err(cd, _("Cannot read requested amount of data.\n"));
log_err(cd, _("Cannot read requested amount of data."));
goto out_err;
}

6
lib/utils_benchmark.c
View File

@@ -301,7 +301,7 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd,
}
if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK) {
log_err(cd, _("PBKDF benchmark disabled but iterations not set.\n"));
log_err(cd, _("PBKDF benchmark disabled but iterations not set."));
return -EINVAL;
}
@@ -323,7 +323,7 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd,
volume_key_size, &benchmark_callback, pbkdf);
pbkdf->time_ms = ms_tmp;
if (r < 0) {
log_err(cd, _("Not compatible PBKDF2 options (using hash algorithm %s).\n"),
log_err(cd, _("Not compatible PBKDF2 options (using hash algorithm %s)."),
pbkdf->hash);
return r;
}
@@ -337,7 +337,7 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd,
"0123456789abcdef0123456789abcdef", 32,
volume_key_size, &benchmark_callback, pbkdf);
if (r < 0)
log_err(cd, _("Not compatible PBKDF options.\n"));
log_err(cd, _("Not compatible PBKDF options."));
}
return r;

18
lib/utils_device.c
View File

@@ -181,7 +181,7 @@ static int device_ready(struct device *device)
}
if (devfd < 0) {
log_err(NULL, _("Device %s doesn't exist or access denied.\n"),
log_err(NULL, _("Device %s doesn't exist or access denied."),
device_path(device));
return -EINVAL;
}
@@ -597,13 +597,13 @@ out:
break;
case -EBUSY:
log_err(cd, _("Cannot use device %s which is in use "
"(already mapped or mounted).\n"), device->path);
"(already mapped or mounted)."), device->path);
break;
case -EACCES:
log_err(cd, _("Cannot use device %s, permission denied.\n"), device->path);
log_err(cd, _("Cannot use device %s, permission denied."), device->path);
break;
default:
log_err(cd, _("Cannot get info about device %s.\n"), device->path);
log_err(cd, _("Cannot get info about device %s."), device->path);
}
return r;
@@ -626,7 +626,7 @@ static int device_internal_prepare(struct crypt_device *cd, struct device *devic
if (getuid() || geteuid()) {
log_err(cd, _("Cannot use a loopback device, "
"running as non-root user.\n"));
"running as non-root user."));
return -ENOTSUP;
}
@@ -636,7 +636,7 @@ static int device_internal_prepare(struct crypt_device *cd, struct device *devic
loop_fd = crypt_loop_attach(&loop_device, device->path, 0, 1, &readonly);
if (loop_fd == -1) {
log_err(cd, _("Attaching loopback device failed "
"(loop device with autoclear flag is required).\n"));
"(loop device with autoclear flag is required)."));
free(loop_device);
return -EINVAL;
}
@@ -681,7 +681,7 @@ int device_block_adjust(struct crypt_device *cd,
return r;
if (device_offset >= real_size) {
log_err(cd, _("Requested offset is beyond real size of device %s.\n"),
log_err(cd, _("Requested offset is beyond real size of device %s."),
device->path);
return -EINVAL;
}
@@ -689,7 +689,7 @@ int device_block_adjust(struct crypt_device *cd,
if (size && !*size) {
*size = real_size;
if (!*size) {
log_err(cd, _("Device %s has zero size.\n"), device->path);
log_err(cd, _("Device %s has zero size."), device->path);
return -ENOTBLK;
}
*size -= device_offset;
@@ -700,7 +700,7 @@ int device_block_adjust(struct crypt_device *cd,
log_dbg("Device %s: offset = %" PRIu64 " requested size = %" PRIu64
", backing device size = %" PRIu64,
device->path, device_offset, *size, real_size);
log_err(cd, _("Device %s is too small.\n"), device->path);
log_err(cd, _("Device %s is too small."), device->path);
return -EINVAL;
}

4
lib/utils_device_locking.c
View File

@@ -77,7 +77,7 @@ static int open_lock_dir(struct crypt_device *cd, const char *dir, const char *b
if (dirfd < 0) {
log_dbg("Failed to open directory %s: (%d: %s).", dir, errno, strerror(errno));
if (errno == ENOTDIR || errno == ENOENT)
log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (not a directory or missing).\n"), dir, base);
log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (not a directory or missing)."), dir, base);
return -EINVAL;
}
@@ -94,7 +94,7 @@ static int open_lock_dir(struct crypt_device *cd, const char *dir, const char *b
} else {
log_dbg("Failed to open directory %s/%s: (%d: %s)", dir, base, errno, strerror(errno));
if (errno == ENOTDIR || errno == ELOOP)
log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (%s is not a directory).\n"), dir, base, base);
log_err(cd, _("Locking aborted. The locking path %s/%s is unusable (%s is not a directory)."), dir, base, base);
}
}

20
lib/utils_pbkdf.c
View File

@@ -71,7 +71,7 @@ int verify_pbkdf_params(struct crypt_device *cd,
/* TODO: initialise crypto and check the hash and pbkdf are both available */
r = crypt_parse_pbkdf(pbkdf->type, &pbkdf_type);
if (r < 0) {
log_err(cd, _("Unknown PBKDF type %s.\n"), pbkdf->type);
log_err(cd, _("Unknown PBKDF type %s."), pbkdf->type);
return r;
}
@@ -82,18 +82,18 @@ int verify_pbkdf_params(struct crypt_device *cd,
if (crypt_get_type(cd) &&
!strcmp(crypt_get_type(cd), CRYPT_LUKS1) &&
strcmp(pbkdf_type, CRYPT_KDF_PBKDF2)) {
log_err(cd, _("Requested PBKDF type is not supported for LUKS1.\n"));
log_err(cd, _("Requested PBKDF type is not supported for LUKS1."));
return -EINVAL;
}
if (!strcmp(pbkdf_type, CRYPT_KDF_PBKDF2)) {
if (pbkdf->max_memory_kb || pbkdf->parallel_threads) {
log_err(cd, _("PBKDF max memory or parallel threads must not be set with pbkdf2.\n"));
log_err(cd, _("PBKDF max memory or parallel threads must not be set with pbkdf2."));
return -EINVAL;
}
if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK &&
pbkdf->iterations < pbkdf_limits.min_iterations) {
log_err(cd, _("Forced iteration count is too low for %s (minimum is %u).\n"),
log_err(cd, _("Forced iteration count is too low for %s (minimum is %u)."),
pbkdf_type, pbkdf_limits.min_iterations);
return -EINVAL;
}
@@ -103,32 +103,32 @@ int verify_pbkdf_params(struct crypt_device *cd,
/* TODO: properly define minimal iterations and also minimal memory values */
if (pbkdf->flags & CRYPT_PBKDF_NO_BENCHMARK) {
if (pbkdf->iterations < pbkdf_limits.min_iterations) {
log_err(cd, _("Forced iteration count is too low for %s (minimum is %u).\n"),
log_err(cd, _("Forced iteration count is too low for %s (minimum is %u)."),
pbkdf_type, pbkdf_limits.min_iterations);
r = -EINVAL;
}
if (pbkdf->max_memory_kb < pbkdf_limits.min_memory) {
log_err(cd, _("Forced memory cost is too low for %s (minimum is %u kilobytes).\n"),
log_err(cd, _("Forced memory cost is too low for %s (minimum is %u kilobytes)."),
pbkdf_type, pbkdf_limits.min_memory);
r = -EINVAL;
}
}
if (pbkdf->max_memory_kb > pbkdf_limits.max_memory) {
log_err(cd, _("Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes).\n"),
log_err(cd, _("Requested maximum PBKDF memory cost is too high (maximum is %d kilobytes)."),
pbkdf_limits.max_memory);
r = -EINVAL;
}
if (!pbkdf->max_memory_kb) {
log_err(cd, _("Requested maximum PBKDF memory can not be zero.\n"));
log_err(cd, _("Requested maximum PBKDF memory can not be zero."));
r = -EINVAL;
}
if (!pbkdf->parallel_threads) {
log_err(cd, _("Requested PBKDF parallel threads can not be zero.\n"));
log_err(cd, _("Requested PBKDF parallel threads can not be zero."));
r = -EINVAL;
}
if (!pbkdf->time_ms) {
log_err(cd, _("Requested PBKDF target time can not be zero.\n"));
log_err(cd, _("Requested PBKDF target time can not be zero."));
r = -EINVAL;
}

4
lib/utils_wipe.c
View File

@@ -177,7 +177,7 @@ int crypt_wipe_device(struct crypt_device *cd,
goto out;
if (lseek64(devfd, offset, SEEK_SET) < 0) {
log_err(cd, "Cannot seek to device offset.\n");
log_err(cd, "Cannot seek to device offset.");
r = -EINVAL;
goto out;
}
@@ -201,7 +201,7 @@ int crypt_wipe_device(struct crypt_device *cd,
r = wipe_block(devfd, pattern, sf, bsize, alignment,
wipe_block_size, offset, &need_block_init);
if (r) {
log_err(cd, "Device wipe error, offset %" PRIu64 ".\n", offset);
log_err(cd, "Device wipe error, offset %" PRIu64 ".", offset);
break;
}

34
lib/verity/verity.c
View File

@@ -66,19 +66,19 @@ int VERITY_read_sb(struct crypt_device *cd,
sizeof(struct verity_sb), device_path(device), sb_offset);
if (params->flags & CRYPT_VERITY_NO_HEADER) {
log_err(cd, _("Verity device %s doesn't use on-disk header.\n"),
log_err(cd, _("Verity device %s doesn't use on-disk header."),
device_path(device));
return -EINVAL;
}
if (sb_offset % 512) {
log_err(cd, _("Unsupported VERITY hash offset.\n"));
log_err(cd, _("Unsupported VERITY hash offset."));
return -EINVAL;
}
devfd = device_open(device, O_RDONLY);
if (devfd < 0) {
log_err(cd, _("Cannot open device %s.\n"), device_path(device));
log_err(cd, _("Cannot open device %s."), device_path(device));
return -EINVAL;
}
@@ -91,19 +91,19 @@ int VERITY_read_sb(struct crypt_device *cd,
close(devfd);
if (memcmp(sb.signature, VERITY_SIGNATURE, sizeof(sb.signature))) {
log_err(cd, _("Device %s is not a valid VERITY device.\n"),
log_err(cd, _("Device %s is not a valid VERITY device."),
device_path(device));
return -EINVAL;
}
sb_version = le32_to_cpu(sb.version);
if (sb_version != 1) {
log_err(cd, _("Unsupported VERITY version %d.\n"), sb_version);
log_err(cd, _("Unsupported VERITY version %d."), sb_version);
return -EINVAL;
}
params->hash_type = le32_to_cpu(sb.hash_type);
if (params->hash_type > VERITY_MAX_HASH_TYPE) {
log_err(cd, _("Unsupported VERITY hash type %d.\n"), params->hash_type);
log_err(cd, _("Unsupported VERITY hash type %d."), params->hash_type);
return -EINVAL;
}
@@ -111,7 +111,7 @@ int VERITY_read_sb(struct crypt_device *cd,
params->hash_block_size = le32_to_cpu(sb.hash_block_size);
if (VERITY_BLOCK_SIZE_OK(params->data_block_size) ||
VERITY_BLOCK_SIZE_OK(params->hash_block_size)) {
log_err(cd, _("Unsupported VERITY block size.\n"));
log_err(cd, _("Unsupported VERITY block size."));
return -EINVAL;
}
params->data_size = le64_to_cpu(sb.data_blocks);
@@ -120,7 +120,7 @@ int VERITY_read_sb(struct crypt_device *cd,
if (!params->hash_name)
return -ENOMEM;
if (crypt_hash_size(params->hash_name) <= 0) {
log_err(cd, _("Hash algorithm %s not supported.\n"),
log_err(cd, _("Hash algorithm %s not supported."),
params->hash_name);
free(CONST_CAST(char*)params->hash_name);
params->hash_name = NULL;
@@ -129,7 +129,7 @@ int VERITY_read_sb(struct crypt_device *cd,
params->salt_size = le16_to_cpu(sb.salt_size);
if (params->salt_size > sizeof(sb.salt)) {
log_err(cd, _("VERITY header corrupted.\n"));
log_err(cd, _("VERITY header corrupted."));
free(CONST_CAST(char*)params->hash_name);
params->hash_name = NULL;
return -EINVAL;
@@ -166,20 +166,20 @@ int VERITY_write_sb(struct crypt_device *cd,
sizeof(struct verity_sb), device_path(device), sb_offset);
if (!uuid_string || uuid_parse(uuid_string, uuid) == -1) {
log_err(cd, _("Wrong VERITY UUID format provided on device %s.\n"),
log_err(cd, _("Wrong VERITY UUID format provided on device %s."),
device_path(device));
return -EINVAL;
}
if (params->flags & CRYPT_VERITY_NO_HEADER) {
log_err(cd, _("Verity device %s doesn't use on-disk header.\n"),
log_err(cd, _("Verity device %s doesn't use on-disk header."),
device_path(device));
return -EINVAL;
}
devfd = device_open(device, O_RDWR);
if (devfd < 0) {
log_err(cd, _("Cannot open device %s.\n"), device_path(device));
log_err(cd, _("Cannot open device %s."), device_path(device));
return -EINVAL;
}
@@ -199,7 +199,7 @@ int VERITY_write_sb(struct crypt_device *cd,
r = write_lseek_blockwise(devfd, device_block_size(device), device_alignment(device),
(char*)&sb, hdr_size, sb_offset) < hdr_size ? -EIO : 0;
if (r)
log_err(cd, _("Error during update of verity header on device %s.\n"),
log_err(cd, _("Error during update of verity header on device %s."),
device_path(device));
close(devfd);
@@ -256,9 +256,9 @@ int VERITY_activate(struct crypt_device *cd,
log_dbg("Verification failed, trying to repair with FEC device.");
r = VERITY_FEC_process(cd, verity_hdr, fec_device, 1, &fec_errors);
if (r < 0)
log_err(cd, _("Errors cannot be repaired with FEC device.\n"));
log_err(cd, _("Errors cannot be repaired with FEC device."));
else if (fec_errors)
log_err(cd, _("Found %u repairable errors with FEC device.\n"),
log_err(cd, _("Found %u repairable errors with FEC device."),
fec_errors);
}
@@ -302,7 +302,7 @@ int VERITY_activate(struct crypt_device *cd,
r = dm_create_device(cd, name, CRYPT_VERITY, &dmd, 0);
if (r < 0 && (dm_flags(DM_VERITY, &dmv_flags) || !(dmv_flags & DM_VERITY_SUPPORTED))) {
log_err(cd, _("Kernel doesn't support dm-verity mapping.\n"));
log_err(cd, _("Kernel doesn't support dm-verity mapping."));
return -ENOTSUP;
}
if (r < 0)
@@ -313,6 +313,6 @@ int VERITY_activate(struct crypt_device *cd,
return r;
if (!r)
log_err(cd, _("Verity device detected corruption after activation.\n"));
log_err(cd, _("Verity device detected corruption after activation."));
return 0;
}

24
lib/verity/verity_fec.c
View File

@@ -129,7 +129,7 @@ static int FEC_process_inputs(struct crypt_device *cd,
rs = init_rs_char(FEC_PARAMS(ctx.roots));
if (!rs) {
log_err(cd, _("Failed to allocate RS context.\n"));
log_err(cd, _("Failed to allocate RS context."));
return -ENOMEM;
}
@@ -144,7 +144,7 @@ static int FEC_process_inputs(struct crypt_device *cd,
buf = malloc((size_t)ctx.block_size * ctx.rsn);
if (!buf) {
log_err(cd, _("Failed to allocate buffer.\n"));
log_err(cd, _("Failed to allocate buffer."));
r = -ENOMEM;
goto out;
}
@@ -154,7 +154,7 @@ static int FEC_process_inputs(struct crypt_device *cd,
for (i = 0; i < ctx.rsn; ++i) {
if (FEC_read_interleaved(&ctx, n * ctx.rsn * ctx.block_size + i,
&buf[i * ctx.block_size], ctx.block_size)) {
log_err(cd, _("Failed to read RS block %" PRIu64 " byte %d.\n"), n, i);
log_err(cd, _("Failed to read RS block %" PRIu64 " byte %d."), n, i);
r = -EIO;
goto out;
}
@@ -167,14 +167,14 @@ static int FEC_process_inputs(struct crypt_device *cd,
/* decoding from parity device */
if (decode) {
if (read_buffer(fd, &rs_block[ctx.rsn], ctx.roots) != ctx.roots) {
log_err(cd, _("Failed to read parity for RS block %" PRIu64 ".\n"), n);
log_err(cd, _("Failed to read parity for RS block %" PRIu64 "."), n);
r = -EIO;
goto out;
}
r = decode_rs_char(rs, rs_block);
if (r < 0) {
log_err(cd, _("Failed to repair parity for block %" PRIu64 ".\n"), n);
log_err(cd, _("Failed to repair parity for block %" PRIu64 "."), n);
goto out;
}
/* return number of detected errors */
@@ -185,7 +185,7 @@ static int FEC_process_inputs(struct crypt_device *cd,
/* encoding and writing parity data to fec device */
encode_rs_char(rs, rs_block, &rs_block[ctx.rsn]);
if (write_buffer(fd, &rs_block[ctx.rsn], ctx.roots) != ctx.roots) {
log_err(cd, _("Failed to write parity for RS block %" PRIu64 ".\n"), n);
log_err(cd, _("Failed to write parity for RS block %" PRIu64 "."), n);
r = -EIO;
goto out;
}
@@ -220,13 +220,13 @@ int VERITY_FEC_process(struct crypt_device *cd,
/* validate parameters */
if (params->data_block_size != params->hash_block_size) {
log_err(cd, _("Block sizes must match for FEC.\n"));
log_err(cd, _("Block sizes must match for FEC."));
return -EINVAL;
}
if (params->fec_roots > FEC_RSM - FEC_MIN_RSN ||
params->fec_roots < FEC_RSM - FEC_MAX_RSN) {
log_err(cd, _("Invalid number of parity bytes.\n"));
log_err(cd, _("Invalid number of parity bytes."));
return -EINVAL;
}
@@ -238,7 +238,7 @@ int VERITY_FEC_process(struct crypt_device *cd,
fd = open(device_path(fec_device), O_RDWR);
if (fd == -1) {
log_err(cd, _("Cannot open device %s.\n"), device_path(fec_device));
log_err(cd, _("Cannot open device %s."), device_path(fec_device));
goto out;
}
@@ -250,19 +250,19 @@ int VERITY_FEC_process(struct crypt_device *cd,
/* input devices */
inputs[0].fd = open(device_path(inputs[0].device), O_RDONLY);
if (inputs[0].fd == -1) {
log_err(cd, _("Cannot open device %s.\n"), device_path(inputs[0].device));
log_err(cd, _("Cannot open device %s."), device_path(inputs[0].device));
goto out;
}
inputs[1].fd = open(device_path(inputs[1].device), O_RDONLY);
if (inputs[1].fd == -1) {
log_err(cd, _("Cannot open device %s.\n"), device_path(inputs[1].device));
log_err(cd, _("Cannot open device %s."), device_path(inputs[1].device));
goto out;
}
/* cover the entire hash device starting from hash_offset */
r = device_size(inputs[1].device, &inputs[1].count);
if (r) {
log_err(cd, _("Failed to determine size for device %s.\n"),
log_err(cd, _("Failed to determine size for device %s."),
device_path(inputs[1].device));
goto out;
}

30
lib/verity/verity_hash.c
View File

@@ -56,7 +56,7 @@ static int verify_zero(struct crypt_device *cd, FILE *wr, size_t bytes)
}
for (i = 0; i < bytes; i++)
if (block[i]) {
log_err(cd, _("Spare area is not zeroed at position %" PRIu64 ".\n"),
log_err(cd, _("Spare area is not zeroed at position %" PRIu64 "."),
ftello(wr) - bytes);
return -EPERM;
}
@@ -157,7 +157,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
if (mult_overflow(&seek_rd, data_block, data_block_size) ||
mult_overflow(&seek_wr, hash_block, hash_block_size)) {
log_err(cd, _("Device offset overflow.\n"));
log_err(cd, _("Device offset overflow."));
return -EINVAL;
}
@@ -197,7 +197,7 @@ static int create_or_verify(struct crypt_device *cd, FILE *rd, FILE *wr,
return -EIO;
}
if (memcmp(read_digest, calculated_digest, digest_size)) {
log_err(cd, _("Verification failed at position %" PRIu64 ".\n"),
log_err(cd, _("Verification failed at position %" PRIu64 "."),
ftello(rd) - data_block_size);
return -EPERM;
}
@@ -270,7 +270,7 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd,
device_path(hash_device), hash_position);
if (data_blocks < 0 || hash_position < 0) {
log_err(cd, _("Invalid size parameters for verity device.\n"));
log_err(cd, _("Invalid size parameters for verity device."));
return -EINVAL;
}
@@ -284,20 +284,20 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd,
data_file_blocks = data_blocks;
if (mult_overflow(&data_device_size, data_blocks, data_block_size)) {
log_err(cd, _("Device offset overflow.\n"));
log_err(cd, _("Device offset overflow."));
return -EINVAL;
}
if (hash_levels(hash_block_size, digest_size, data_file_blocks, &hash_position,
&levels, &hash_level_block[0], &hash_level_size[0])) {
log_err(cd, _("Hash area overflow.\n"));
log_err(cd, _("Hash area overflow."));
return -EINVAL;
}
log_dbg("Using %d hash levels.", levels);
if (mult_overflow(&hash_device_size, hash_position, hash_block_size)) {
log_err(cd, _("Device offset overflow.\n"));
log_err(cd, _("Device offset overflow."));
return -EINVAL;
}
@@ -305,7 +305,7 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd,
data_device_size);
data_file = fopen(device_path(data_device), "r");
if (!data_file) {
log_err(cd, _("Cannot open device %s.\n"),
log_err(cd, _("Cannot open device %s."),
device_path(data_device)
);
r = -EIO;
@@ -316,7 +316,7 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd,
hash_device_size);
hash_file = fopen(device_path(hash_device), verify ? "r" : "r+");
if (!hash_file) {
log_err(cd, _("Cannot open device %s.\n"),
log_err(cd, _("Cannot open device %s."),
device_path(hash_device));
r = -EIO;
goto out;
@@ -336,7 +336,7 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd,
} else {
hash_file_2 = fopen(device_path(hash_device), "r");
if (!hash_file_2) {
log_err(cd, _("Cannot open device %s.\n"),
log_err(cd, _("Cannot open device %s."),
device_path(hash_device));
r = -EIO;
goto out;
@@ -367,20 +367,20 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd,
out:
if (verify) {
if (r)
log_err(cd, _("Verification of data area failed.\n"));
log_err(cd, _("Verification of data area failed."));
else {
log_dbg("Verification of data area succeeded.");
r = memcmp(root_hash, calculated_digest, digest_size) ? -EPERM : 0;
if (r)
log_err(cd, _("Verification of root hash failed.\n"));
log_err(cd, _("Verification of root hash failed."));
else
log_dbg("Verification of root hash succeeded.");
}
} else {
if (r == -EIO)
log_err(cd, _("Input/output error while creating hash area.\n"));
log_err(cd, _("Input/output error while creating hash area."));
else if (r)
log_err(cd, _("Creation of hash area failed.\n"));
log_err(cd, _("Creation of hash area failed."));
else {
fsync(fileno(hash_file));
memcpy(root_hash, calculated_digest, digest_size);
@@ -428,7 +428,7 @@ int VERITY_create(struct crypt_device *cd,
if (verity_hdr->data_block_size > pgsize)
log_err(cd, _("WARNING: Kernel cannot activate device if data "
"block size exceeds page size (%u).\n"), pgsize);
"block size exceeds page size (%u)."), pgsize);
return VERITY_create_or_verify_hash(cd, 0,
verity_hdr->hash_type,