diff options
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/crypto.go | 13 | ||||
| -rw-r--r-- | crypto/crypto_test.go | 26 | ||||
| -rw-r--r-- | crypto/key.go | 6 | ||||
| -rw-r--r-- | crypto/rand.go | 2 |
4 files changed, 24 insertions, 23 deletions
diff --git a/crypto/crypto.go b/crypto/crypto.go index 7327bd5..8de8134 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -50,7 +50,7 @@ import ( // Crypto error values var ( ErrBadAuth = errors.New("key authentication check failed") - ErrNegitiveLength = errors.New("keys cannot have negative lengths") + ErrNegativeLength = errors.New("keys cannot have negative lengths") ErrRecoveryCode = errors.New("invalid recovery code") ErrGetrandomFail = util.SystemError("getrandom() failed") ErrKeyAlloc = util.SystemError("could not allocate memory for key") @@ -71,8 +71,8 @@ func checkWrappingKey(wrappingKey *Key) error { return errors.Wrap(err, "wrapping key") } -// stretchKey stretches a key of length KeyLen using unsalted HKDF to make two -// keys of length KeyLen. +// stretchKey stretches a key of length InternalKeyLen using unsalted HKDF to +// make two keys of length InternalKeyLen. func stretchKey(key *Key) (encKey, authKey *Key) { panicInputLength("hkdf key", metadata.InternalKeyLen, key.Len()) @@ -148,9 +148,10 @@ func Wrap(wrappingKey, secretKey *Key) (*metadata.WrappedKeyData, error) { return data, nil } -// Unwrap takes a wrapping Key of length KeyLen, and uses it to unwrap the -// WrappedKeyData to get the unwrapped secret Key. The Wrapped Key data includes -// an authentication check, so an error will be returned if that check fails. +// Unwrap takes a wrapping Key of length InternalKeyLen, and uses it to unwrap +// the WrappedKeyData to get the unwrapped secret Key. The Wrapped Key data +// includes an authentication check, so an error will be returned if that check +// fails. func Unwrap(wrappingKey *Key, data *metadata.WrappedKeyData) (*Key, error) { if err := checkWrappingKey(wrappingKey); err != nil { return nil, err diff --git a/crypto/crypto_test.go b/crypto/crypto_test.go index 2946a59..a8d9830 100644 --- a/crypto/crypto_test.go +++ b/crypto/crypto_test.go @@ -65,7 +65,7 @@ var ( testUser, _ = util.EffectiveUser() ) -// As the passpharase hashing function clears the passphrase, we need to make +// As the passphrase hashing function clears the passphrase, we need to make // a new passphrase key for each test func fakePassphraseKey() (*Key, error) { return NewFixedLengthKeyFromReader(bytes.NewReader(fakePassword), len(fakePassword)) @@ -158,7 +158,7 @@ func TestZeroLength(t *testing.T) { } defer key1.Wipe() if key1.data != nil { - t.Error("FIxed length key from reader contained data") + t.Error("Fixed length key from reader contained data") } key2, err := NewKeyFromReader(bytes.NewReader(nil)) @@ -171,7 +171,7 @@ func TestZeroLength(t *testing.T) { } } -// Test that enabling the disabling memory locking succeeds even if a key is +// Test that enabling then disabling memory locking succeeds even if a key is // active when the variable changes. func TestEnableDisableMemoryLocking(t *testing.T) { // Mlock on for creation, off for wiping @@ -282,7 +282,7 @@ func TestBadAddKeys(t *testing.T) { // Check that we can create random keys. All this test does to test the // "randomness" is generate a page of random bytes and attempts compression. // If the data can be compressed it is probably not very random. This isn't -// indented to be a sufficient test for randomness (which is impossible), but a +// intended to be a sufficient test for randomness (which is impossible), but a // way to catch simple regressions (key is all zeros or contains a repeating // pattern). func TestRandomKeyGen(t *testing.T) { @@ -456,7 +456,7 @@ func TestWrongUnwrappingKeyLength(t *testing.T) { } } -// Wraping twice with the same keys should give different components +// Wrapping twice with the same keys should give different components func TestWrapTwiceDistinct(t *testing.T) { data1, err := Wrap(fakeWrappingKey, fakeValidPolicyKey) if err != nil { @@ -472,14 +472,14 @@ func TestWrapTwiceDistinct(t *testing.T) { } } -// Attempts to Unwrap data with key after altering tweek, should fail -func testFailWithTweek(key *Key, data *metadata.WrappedKeyData, tweek []byte) error { - tweek[0]++ +// Attempts to Unwrap data with key after altering tweak, should fail +func testFailWithTweak(key *Key, data *metadata.WrappedKeyData, tweak []byte) error { + tweak[0]++ key, err := Unwrap(key, data) if err == nil { key.Wipe() } - tweek[0]-- + tweak[0]-- return err } @@ -489,7 +489,7 @@ func TestUnwrapWrongKey(t *testing.T) { if err != nil { t.Fatal(err) } - if testFailWithTweek(fakeWrappingKey, data, fakeWrappingKey.data) == nil { + if testFailWithTweak(fakeWrappingKey, data, fakeWrappingKey.data) == nil { t.Error("using a different wrapping key should make unwrap fail") } } @@ -499,13 +499,13 @@ func TestUnwrapWrongData(t *testing.T) { if err != nil { t.Fatal(err) } - if testFailWithTweek(fakeWrappingKey, data, data.EncryptedKey) == nil { + if testFailWithTweak(fakeWrappingKey, data, data.EncryptedKey) == nil { t.Error("changing encryption key should make unwrap fail") } - if testFailWithTweek(fakeWrappingKey, data, data.IV) == nil { + if testFailWithTweak(fakeWrappingKey, data, data.IV) == nil { t.Error("changing IV should make unwrap fail") } - if testFailWithTweek(fakeWrappingKey, data, data.Hmac) == nil { + if testFailWithTweak(fakeWrappingKey, data, data.Hmac) == nil { t.Error("changing HMAC should make unwrap fail") } } diff --git a/crypto/key.go b/crypto/key.go index 027d46d..7059073 100644 --- a/crypto/key.go +++ b/crypto/key.go @@ -100,7 +100,7 @@ func newBlankKey(length int) (*Key, error) { if length == 0 { return &Key{data: nil}, nil } else if length < 0 { - return nil, errors.Wrapf(ErrNegitiveLength, "length of %d requested", length) + return nil, errors.Wrapf(ErrNegativeLength, "length of %d requested", length) } flags := keyMmapFlags @@ -198,7 +198,7 @@ func NewKeyFromCString(str unsafe.Pointer) (*Key, error) { return key, nil } -// NewKeyFromReader constructs a key of abritary length by reading from reader +// NewKeyFromReader constructs a key of arbitrary length by reading from reader // until hitting EOF. func NewKeyFromReader(reader io.Reader) (*Key, error) { // Use an initial key size of a page. As Mmap allocates a page anyway, @@ -312,7 +312,7 @@ func WriteRecoveryCode(key *Key, writer io.Writer) error { return w.Err() } -// ReadRecoveryCode gets the recovery code from the provided writer and returns +// ReadRecoveryCode gets the recovery code from the provided reader and returns // the corresponding cryptographic key. // WARNING: This recovery key is enough to derive the original key, so it must // be given the same level of protection as a raw cryptographic key. diff --git a/crypto/rand.go b/crypto/rand.go index 0778ebd..736d969 100644 --- a/crypto/rand.go +++ b/crypto/rand.go @@ -44,7 +44,7 @@ func NewRandomBuffer(length int) ([]byte, error) { } // NewRandomKey creates a random key of the specified length. This function uses -// the same random number generation process a NewRandomBuffer. +// the same random number generation process as NewRandomBuffer. func NewRandomKey(length int) (*Key, error) { return NewFixedLengthKeyFromReader(randReader{}, length) } |