eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

integritysetup: mention maximal allowed key size

Browse Source 
The error message and man page should contain this information.
This commit is contained in:
Milan Broz
2021-05-16 12:08:10 +02:00
parent 97e709788e
commit c7789719d8
3 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
configure.ac
View File

@@ -604,6 +604,7 @@ CS_STR_WITH([loopaes-cipher], [cipher for loop-AES mode], [aes])
CS_NUM_WITH([loopaes-keybits],[key length in bits for loop-AES mode], [256])
CS_NUM_WITH([keyfile-size-maxkb],[maximum keyfile size (in KiB)], [8192])
CS_NUM_WITH([integrity-keyfile-size-maxkb],[maximum integritysetup keyfile size (in KiB)], [4])
CS_NUM_WITH([passphrase-size-max],[maximum passphrase size (in characters)], [512])
CS_STR_WITH([verity-hash], [hash function for verity mode], [sha256])

6
man/integritysetup.8
View File

@@ -118,7 +118,7 @@ The integrity algorithm can be CRC (crc32c/crc32) or hash function (sha1, sha256
For HMAC (hmac-sha256) you have also to specify an integrity key and its size.
.TP
.B "\-\-integrity\-key\-size BYTES"
The size of the data integrity key.
The size of the data integrity key. Maximum is 4096 bytes.
.TP
.B "\-\-integrity\-key\-file FILE"
The file with the integrity key.
@@ -158,7 +158,7 @@ Integrity algorithm for journal area.
See \-\-integrity option for detailed specification.
.TP
.B "\-\-journal\-integrity\-key\-size BYTES"
The size of the journal integrity key.
The size of the journal integrity key. Maximum is 4096 bytes.
.TP
.B "\-\-journal\-integrity\-key\-file FILE"
The file with the integrity key.
@@ -169,7 +169,7 @@ You can use a block cipher here such as cbc-aes or
a stream cipher, for example, chacha20 or ctr-aes.
.TP
.B "\-\-journal\-crypt\-key\-size BYTES"
The size of the journal encryption key.
The size of the journal encryption key. Maximum is 4096 bytes.
.TP
.B "\-\-journal\-crypt\-key\-file FILE"
The file with the journal encryption key.

9
src/integritysetup.c
View File

@@ -25,7 +25,6 @@
#define PACKAGE_INTEGRITY "integritysetup"
#define DEFAULT_ALG_NAME "crc32c"
#define MAX_KEY_SIZE 4096
static char *opt_data_device = NULL;
static char *opt_integrity = NULL; /* DEFAULT_ALG_NAME */
@@ -82,8 +81,8 @@ static int _read_mk(const char *file, char **key, int keysize)
{
int fd;
if (keysize <= 0 || keysize > MAX_KEY_SIZE) {
log_err(_("Invalid key size."));
if (keysize <= 0 || keysize > (DEFAULT_INTEGRITY_KEYFILE_SIZE_MAXKB * 1024)) {
log_err(_("Invalid key size. Maximum is %u bytes."), DEFAULT_INTEGRITY_KEYFILE_SIZE_MAXKB * 1024);
return -EINVAL;
}
@@ -519,7 +518,9 @@ static void help(poptContext popt_context,
crypt_get_dir());
log_std(_("\nDefault compiled-in dm-integrity parameters:\n"
"\tChecksum algorithm: %s\n"), DEFAULT_ALG_NAME);
"\tChecksum algorithm: %s\n"
"\tMaximum keyfile size: %dkB\n"),
DEFAULT_ALG_NAME, DEFAULT_INTEGRITY_KEYFILE_SIZE_MAXKB);
tools_cleanup();
poptFreeContext(popt_context);
exit(EXIT_SUCCESS);