fs-verity: add SHA-512 support

Add SHA-512 support to fs-verity. This is primarily a demonstration of the trivial changes needed to support a new hash algorithm in fs-verity; most users will still use SHA-256, due to the smaller space required to store the hashes. But some users may prefer SHA-512. Reviewed-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Eric Biggers <ebiggers@google.com>
2019-07-22 09:26:23 -07:00 · 2019-07-22 09:26:23 -07:00 · add890c9f9
parent 4dd893d832
commit add890c9f9
3 changed files with 7 additions and 1 deletions
--- a/fs/verity/fsverity_private.h
+++ b/fs/verity/fsverity_private.h
@ -29,7 +29,7 @@ struct ahash_request;
 * Largest digest size among all hash algorithms supported by fs-verity.
 * Currently assumed to be <= size of fsverity_descriptor::root_hash.
 */
-#define FS_VERITY_MAX_DIGEST_SIZE	SHA256_DIGEST_SIZE
+#define FS_VERITY_MAX_DIGEST_SIZE	SHA512_DIGEST_SIZE

 /* A hash algorithm supported by fs-verity */
 struct fsverity_hash_alg {
--- a/fs/verity/hash_algs.c
+++ b/fs/verity/hash_algs.c
@ -17,6 +17,11 @@ struct fsverity_hash_alg fsverity_hash_algs[] = {
 		.digest_size = SHA256_DIGEST_SIZE,
 		.block_size = SHA256_BLOCK_SIZE,
 	},
+	[FS_VERITY_HASH_ALG_SHA512] = {
+		.name = "sha512",
+		.digest_size = SHA512_DIGEST_SIZE,
+		.block_size = SHA512_BLOCK_SIZE,
+	},
 };

 /**
--- a/include/uapi/linux/fsverity.h
+++ b/include/uapi/linux/fsverity.h
@ -14,6 +14,7 @@
 #include <linux/types.h>

 #define FS_VERITY_HASH_ALG_SHA256	1
+#define FS_VERITY_HASH_ALG_SHA512	2

 struct fsverity_enable_arg {
 	__u32 version;