From 7bf1cfe3b20037f3732d8854833b00f6a3511d95 Mon Sep 17 00:00:00 2001 From: Ingo Franzki Date: Tue, 5 Mar 2024 08:28:40 +0100 Subject: [PATCH] integritysetup: Add support for hmac-sha512 Currently the only supported integrity algorithm using HMAC is 'hmac-sha256'. Add 'hmac-sha512' to the list of supported algorithms as well. --- man/integritytab.xml | 6 +++--- src/integritysetup/integrity-util.c | 2 +- src/integritysetup/integrity-util.h | 1 + src/integritysetup/integritysetup.c | 2 ++ 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/man/integritytab.xml b/man/integritytab.xml index 413f5f49bca..196ae2fc978 100644 --- a/man/integritytab.xml +++ b/man/integritytab.xml @@ -55,8 +55,8 @@ The third field if present contains an absolute filename path to a key file or a - to specify none. When the filename is present, the "integrity-algorithm" defaults to hmac-sha256 - with the key length derived from the number of bytes in the key file. At this time the only supported integrity algorithm - when using key file is hmac-sha256. The maximum size of the key file is 4096 bytes. + with the key length derived from the number of bytes in the key file. At this time the only supported integrity algorithms + when using key file are hmac-sha256 and hmac-sha512. The maximum size of the key file is 4096 bytes. The fourth field, if present, is a comma-delimited list of options or a - to specify none. The following options are @@ -125,7 +125,7 @@ - + The algorithm used for integrity checking. The default is crc32c. Must match option used during format. diff --git a/src/integritysetup/integrity-util.c b/src/integritysetup/integrity-util.c index f421487805c..94ff62bf76a 100644 --- a/src/integritysetup/integrity-util.c +++ b/src/integritysetup/integrity-util.c @@ -11,7 +11,7 @@ #include "time-util.h" static int supported_integrity_algorithm(char *user_supplied) { - if (!STR_IN_SET(user_supplied, "crc32", "crc32c", "xxhash64", "sha1", "sha256", "hmac-sha256")) + if (!STR_IN_SET(user_supplied, "crc32", "crc32c", "xxhash64", "sha1", "sha256", "hmac-sha256", "hmac-sha512")) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unsupported integrity algorithm (%s)", user_supplied); return 0; } diff --git a/src/integritysetup/integrity-util.h b/src/integritysetup/integrity-util.h index 64aa79da870..4347a0ac7ef 100644 --- a/src/integritysetup/integrity-util.h +++ b/src/integritysetup/integrity-util.h @@ -12,4 +12,5 @@ int parse_integrity_options( char **ret_integrity_alg); #define DM_HMAC_256 "hmac(sha256)" +#define DM_HMAC_512 "hmac(sha512)" #define DM_MAX_KEY_SIZE 4096 /* Maximum size of key allowed for dm-integrity */ diff --git a/src/integritysetup/integritysetup.c b/src/integritysetup/integritysetup.c index b643a48e111..c55535febb7 100644 --- a/src/integritysetup/integritysetup.c +++ b/src/integritysetup/integritysetup.c @@ -77,6 +77,8 @@ static const char *integrity_algorithm_select(const void *key_file_buf) { if (arg_integrity_algorithm) { if (streq("hmac-sha256", arg_integrity_algorithm)) return DM_HMAC_256; + if (streq("hmac-sha512", arg_integrity_algorithm)) + return DM_HMAC_512; return arg_integrity_algorithm; } else if (key_file_buf) return DM_HMAC_256; -- 2.47.3