integritysetup: Add support for hmac-sha512

Currently the only supported integrity algorithm using HMAC is 'hmac-sha256'.
Add 'hmac-sha512' to the list of supported algorithms as well.

diff --git a/man/integritytab.xml b/man/integritytab.xml
index 413f5f49bca24ac93ba4076bb9dd982f46eabaae..196ae2fc97843abbffb883383a401eeb264a6f2e 100644 (file)
--- a/man/integritytab.xml
+++ b/man/integritytab.xml
@@ -55,8 +55,8 @@
 
     <para>The third field if present contains an absolute filename path to a key file or a <literal>-</literal>
     to specify none.  When the filename is present, the "integrity-algorithm" defaults to <literal>hmac-sha256</literal>
-    with the key length derived from the number of bytes in the key file.  At this time the only supported integrity algorithm
-    when using key file is hmac-sha256.  The maximum size of the key file is 4096 bytes.
+    with the key length derived from the number of bytes in the key file.  At this time the only supported integrity algorithms
+    when using key file are hmac-sha256 and hmac-sha512.  The maximum size of the key file is 4096 bytes.
     </para>
 
      <para>The fourth field, if present, is a comma-delimited list of options or a <literal>-</literal> to specify none. The following options are
@@ -125,7 +125,7 @@
       </varlistentry>
 
       <varlistentry>
-        <term><option>integrity-algorithm=[crc32c|crc32|xxhash64|sha1|sha256|hmac-sha256]</option></term>
+        <term><option>integrity-algorithm=[crc32c|crc32|xxhash64|sha1|sha256|hmac-sha256|hmac-sha512]</option></term>
 
         <listitem><para>
         The algorithm used for integrity checking.  The default is crc32c. Must match option used during format.

diff --git a/src/integritysetup/integrity-util.c b/src/integritysetup/integrity-util.c
index f421487805cf6856494df727f926e5bbc288de5c..94ff62bf76a9c13dcd8c4c3f461b4d069ab0cf34 100644 (file)
--- a/src/integritysetup/integrity-util.c
+++ b/src/integritysetup/integrity-util.c
@@ -11,7 +11,7 @@
 #include "time-util.h"
 
 static int supported_integrity_algorithm(char *user_supplied) {
-        if (!STR_IN_SET(user_supplied, "crc32", "crc32c", "xxhash64", "sha1", "sha256", "hmac-sha256"))
+        if (!STR_IN_SET(user_supplied, "crc32", "crc32c", "xxhash64", "sha1", "sha256", "hmac-sha256", "hmac-sha512"))
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unsupported integrity algorithm (%s)", user_supplied);
         return 0;
 }

diff --git a/src/integritysetup/integrity-util.h b/src/integritysetup/integrity-util.h
index 64aa79da870d3d122fa138ff2cea831a9e110e98..4347a0ac7efde2d950f7608465dba2b8479ed88a 100644 (file)
--- a/src/integritysetup/integrity-util.h
+++ b/src/integritysetup/integrity-util.h
@@ -12,4 +12,5 @@ int parse_integrity_options(
                 char **ret_integrity_alg);
 
 #define DM_HMAC_256 "hmac(sha256)"
+#define DM_HMAC_512 "hmac(sha512)"
 #define DM_MAX_KEY_SIZE 4096            /* Maximum size of key allowed for dm-integrity */

diff --git a/src/integritysetup/integritysetup.c b/src/integritysetup/integritysetup.c
index b643a48e111300cd4ac9df06e9d03c2905308e11..c55535febb7c8cb6e8f538852adb12f368d10593 100644 (file)
--- a/src/integritysetup/integritysetup.c
+++ b/src/integritysetup/integritysetup.c
@@ -77,6 +77,8 @@ static const char *integrity_algorithm_select(const void *key_file_buf) {
         if (arg_integrity_algorithm) {
                 if (streq("hmac-sha256", arg_integrity_algorithm))
                         return DM_HMAC_256;
+                if (streq("hmac-sha512", arg_integrity_algorithm))
+                        return DM_HMAC_512;
                 return arg_integrity_algorithm;
         } else if (key_file_buf)
                 return DM_HMAC_256;