eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 10:50:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

integritysetup: mention maximal allowed key size

Browse Source 
The error message and man page should contain this information.
This commit is contained in:
Milan Broz
2021-05-16 12:08:10 +02:00
parent a7872ab856
commit 351d7fefca
3 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
configure.ac
View File

@@ -621,6 +621,7 @@ CS_STR_WITH([loopaes-cipher], [cipher for loop-AES mode], [aes])
CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256])
CS_NUM_WITH([keyfile-size-maxkb],[maximum keyfile size (in KiB)], [8192])
CS_NUM_WITH([integrity-keyfile-size-maxkb],[maximum integritysetup keyfile size (in KiB)], [4])
CS_NUM_WITH([passphrase-size-max],[maximum passphrase size (in characters)], [512])
CS_STR_WITH([verity-hash], [hash function for verity mode], [sha256])

6
man/integritysetup.8
View File

@@ -127,7 +127,7 @@ The integrity algorithm can be CRC (crc32c/crc32) or hash function (sha1, sha256
For HMAC (hmac-sha256) you have also to specify an integrity key and its size.
.TP
.B "\-\-integrity\-key\-size BYTES"
The size of the data integrity key.
The size of the data integrity key. Maximum is 4096 bytes.
.TP
.B "\-\-integrity\-key\-file FILE"
The file with the integrity key.
@@ -167,7 +167,7 @@ Integrity algorithm for journal area.
See \-\-integrity option for detailed specification.
.TP
.B "\-\-journal\-integrity\-key\-size BYTES"
The size of the journal integrity key.
The size of the journal integrity key. Maximum is 4096 bytes.
.TP
.B "\-\-journal\-integrity\-key\-file FILE"
The file with the integrity key.
@@ -178,7 +178,7 @@ You can use a block cipher here such as cbc-aes or
a stream cipher, for example, chacha20 or ctr-aes.
.TP
.B "\-\-journal\-crypt\-key\-size BYTES"
The size of the journal encryption key.
The size of the journal encryption key. Maximum is 4096 bytes.
.TP
.B "\-\-journal\-crypt\-key\-file FILE"
The file with the journal encryption key.

11
src/integritysetup.c
View File

@@ -28,8 +28,6 @@
#define PACKAGE_INTEGRITY "integritysetup"
#define MAX_KEY_SIZE 4096
static const char **action_argv;
static int action_argc;
static struct tools_log_params log_parms;
@@ -473,7 +471,9 @@ static void help(poptContext popt_context,
crypt_get_dir());
log_std(_("\nDefault compiled-in dm-integrity parameters:\n"
"\tChecksum algorithm: %s\n"), DEFAULT_ALG_NAME);
"\tChecksum algorithm: %s\n"
"\tMaximum keyfile size: %dkB\n"),
DEFAULT_ALG_NAME, DEFAULT_INTEGRITY_KEYFILE_SIZE_MAXKB);
tools_cleanup();
poptFreeContext(popt_context);
exit(EXIT_SUCCESS);
@@ -526,8 +526,9 @@ static void basic_options_cb(poptContext popt_context,
case OPT_JOURNAL_INTEGRITY_KEY_SIZE_ID:
/* fall through */
case OPT_JOURNAL_CRYPT_KEY_SIZE_ID:
if (ARG_UINT32(key->val) > MAX_KEY_SIZE) {
snprintf(msg, sizeof(msg), _("Invalid --%s size."), key->longName);
if (ARG_UINT32(key->val) > (DEFAULT_INTEGRITY_KEYFILE_SIZE_MAXKB * 1024)) {
snprintf(msg, sizeof(msg), _("Invalid --%s size. Maximum is %u bytes."),
key->longName, DEFAULT_INTEGRITY_KEYFILE_SIZE_MAXKB * 1024);
usage(popt_context, EXIT_FAILURE, msg,
poptGetInvocationName(popt_context));
}