eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-14 20:30:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix a problem in integritysetup if a hash algorithm has dash in the name.

Browse Source 
If users want to use blake2b/blake2s, the kernel algorithm name
includes dash - like "blake2s-256".

Because we use dash as a separator, this patch adds an exception
for this case.

Fixes: #581.
This commit is contained in:
Milan Broz
2020-07-27 12:50:46 +02:00
parent 04d2ff7689
commit 16aec64d1b
2 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/utils_crypt.c
View File

@@ -23,6 +23,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include <ctype.h>
#include <errno.h> #include <errno.h>
#include "libcryptsetup.h" #include "libcryptsetup.h"
@@ -76,8 +77,10 @@ int crypt_parse_hash_integrity_mode(const char *s, char *integrity)
return -EINVAL; return -EINVAL;
r = sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]-%" MAX_CIPHER_LEN_STR "s", mode, hash); r = sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]-%" MAX_CIPHER_LEN_STR "s", mode, hash);
if (r == 2) if (r == 2 && !isdigit(hash[0]))
r = snprintf(integrity, MAX_CIPHER_LEN, "%s(%s)", mode, hash); r = snprintf(integrity, MAX_CIPHER_LEN, "%s(%s)", mode, hash);
else if (r == 2)
r = snprintf(integrity, MAX_CIPHER_LEN, "%s-%s", mode, hash);
else if (r == 1) else if (r == 1)
r = snprintf(integrity, MAX_CIPHER_LEN, "%s", mode); r = snprintf(integrity, MAX_CIPHER_LEN, "%s", mode);
else else

14
tests/integrity-compat-test
View File

@@ -30,7 +30,7 @@ cleanup() {
fail() fail()
{ {
echo [ -n "$1" ] && echo "$1"
echo "FAILED backtrace:" echo "FAILED backtrace:"
while caller $frame; do ((frame++)); done while caller $frame; do ((frame++)); done
cleanup cleanup
@@ -157,7 +157,15 @@ intformat() # alg alg_out tagsize outtagsize sector_size csum [keyfile keysize]
echo -n "[INTEGRITY:$2:$4:$5]" echo -n "[INTEGRITY:$2:$4:$5]"
echo -n "[FORMAT]" echo -n "[FORMAT]"
$INTSETUP format --integrity-legacy-padding -q --integrity $1 $TAG_PARAMS --sector-size $5 $KEY_PARAMS $DEV >/dev/null || fail "Cannot format device." $INTSETUP format --integrity-legacy-padding -q --integrity $1 $TAG_PARAMS --sector-size $5 $KEY_PARAMS $DEV >/dev/null 2>&1
if [ $? -ne 0 ] ; then
if ! grep -q $1 /proc/crypto ; then
echo "[N/A]"
return
fi
fail "Cannot format device."
fi
dump_check "tag_size" $4 dump_check "tag_size" $4
dump_check "sector_size" $5 dump_check "sector_size" $5
echo -n "[ACTIVATE]" echo -n "[ACTIVATE]"
@@ -316,6 +324,8 @@ modprobe dm-integrity >/dev/null 2>&1
dm_integrity_features dm_integrity_features
add_device add_device
intformat blake2s-256 blake2s-256 32 32 512 8e5fe4119558e117bfc40e3b0f13ade3abe497b52604d4c7cca0cfd6c7f4cf11
intformat blake2b-256 blake2b-256 32 32 512 8e5fe4119558e117bfc40e3b0f13ade3abe497b52604d4c7cca0cfd6c7f4cf11
intformat crc32c crc32c 0 4 512 08f63eb27fb9ce2ce903b0a56429c68ce5e209253ba42154841ef045a53839d7 intformat crc32c crc32c 0 4 512 08f63eb27fb9ce2ce903b0a56429c68ce5e209253ba42154841ef045a53839d7
intformat crc32 crc32 0 4 512 08f63eb27fb9ce2ce903b0a56429c68ce5e209253ba42154841ef045a53839d7 intformat crc32 crc32 0 4 512 08f63eb27fb9ce2ce903b0a56429c68ce5e209253ba42154841ef045a53839d7
intformat sha1 sha1 0 20 512 6eedd6344dab8875cd185fcd6565dfc869ab36bc57e577f40c685290b1fa7fe7 intformat sha1 sha1 0 20 512 6eedd6344dab8875cd185fcd6565dfc869ab36bc57e577f40c685290b1fa7fe7