fs-verity: add SHA-512 support

Add SHA-512 support to fs-verity.  This is primarily a demonstration of
the trivial changes needed to support a new hash algorithm in fs-verity;
most users will still use SHA-256, due to the smaller space required to
store the hashes.  But some users may prefer SHA-512.

Reviewed-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
This commit is contained in:
Eric Biggers 2019-07-22 09:26:23 -07:00 committed by Jaegeuk Kim
parent ebeb654881
commit 9b8425a7cd
3 changed files with 7 additions and 1 deletions

View file

@ -29,7 +29,7 @@ struct ahash_request;
* Largest digest size among all hash algorithms supported by fs-verity. * Largest digest size among all hash algorithms supported by fs-verity.
* Currently assumed to be <= size of fsverity_descriptor::root_hash. * Currently assumed to be <= size of fsverity_descriptor::root_hash.
*/ */
#define FS_VERITY_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE #define FS_VERITY_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
/* A hash algorithm supported by fs-verity */ /* A hash algorithm supported by fs-verity */
struct fsverity_hash_alg { struct fsverity_hash_alg {

View file

@ -17,6 +17,11 @@ struct fsverity_hash_alg fsverity_hash_algs[] = {
.digest_size = SHA256_DIGEST_SIZE, .digest_size = SHA256_DIGEST_SIZE,
.block_size = SHA256_BLOCK_SIZE, .block_size = SHA256_BLOCK_SIZE,
}, },
[FS_VERITY_HASH_ALG_SHA512] = {
.name = "sha512",
.digest_size = SHA512_DIGEST_SIZE,
.block_size = SHA512_BLOCK_SIZE,
},
}; };
/** /**

View file

@ -14,6 +14,7 @@
#include <linux/types.h> #include <linux/types.h>
#define FS_VERITY_HASH_ALG_SHA256 1 #define FS_VERITY_HASH_ALG_SHA256 1
#define FS_VERITY_HASH_ALG_SHA512 2
struct fsverity_enable_arg { struct fsverity_enable_arg {
__u32 version; __u32 version;