Commit 0bb7098f authored by Milan Broz's avatar Milan Broz

Add integritysetup command line tool for the dm-integrity standalone setting.

The dm-integrity target is intended to be used for authenticated
encryption through LUKS and dm-crypt.

It can be used in standalone as well; for this use case there
is a simple configuration utility called integritysetup
(similar to veritysetup to dm-verity).
parent 290b593d
......@@ -268,6 +268,11 @@ AC_ARG_ENABLE([cryptsetup-reencrypt],
[enable cryptsetup-reencrypt tool]))
AM_CONDITIONAL(REENCRYPT, test x$enable_cryptsetup_reencrypt = xyes)
AC_ARG_ENABLE(integritysetup,
AS_HELP_STRING([--disable-integritysetup],
[disable integritysetup support]),[], [enable_integritysetup=yes])
AM_CONDITIONAL(INTEGRITYSETUP, test x$enable_integritysetup = xyes)
AC_ARG_ENABLE(selinux,
AS_HELP_STRING([--disable-selinux],
[disable selinux support [default=auto]]),[], [])
......@@ -468,6 +473,7 @@ lib/luks1/Makefile
lib/loopaes/Makefile
lib/verity/Makefile
lib/tcrypt/Makefile
lib/integrity/Makefile
src/Makefile
po/Makefile.in
man/Makefile
......
SUBDIRS = crypto_backend luks1 loopaes verity tcrypt
SUBDIRS = crypto_backend luks1 loopaes verity tcrypt integrity
moduledir = $(libdir)/cryptsetup
......@@ -12,6 +12,7 @@ AM_CPPFLAGS = -include config.h \
-I$(top_srcdir)/lib/loopaes \
-I$(top_srcdir)/lib/verity \
-I$(top_srcdir)/lib/tcrypt \
-I$(top_srcdir)/lib/integrity \
-DDATADIR=\""$(datadir)"\" \
-DLIBDIR=\""$(libdir)"\" \
-DPREFIX=\""$(prefix)"\" \
......@@ -25,7 +26,8 @@ common_ldadd = \
luks1/libluks1.la \
loopaes/libloopaes.la \
verity/libverity.la \
tcrypt/libtcrypt.la
tcrypt/libtcrypt.la \
integrity/libintegrity.la
libcryptsetup_la_DEPENDENCIES = $(common_ldadd) libcryptsetup.sym
......
moduledir = $(libdir)/cryptsetup
noinst_LTLIBRARIES = libintegrity.la
libintegrity_la_CFLAGS = -Wall $(AM_CFLAGS) @CRYPTO_CFLAGS@
libintegrity_la_SOURCES = \
integrity.c \
integrity.h
AM_CPPFLAGS = -include config.h \
-I$(top_srcdir)/lib \
-I$(top_srcdir)/lib/crypto_backend
/*
* Integrity volume handling
*
* Copyright (C) 2016-2017, Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This file is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this file; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <uuid/uuid.h>
#include "integrity.h"
#include "internal.h"
static int INTEGRITY_read_superblock(struct crypt_device *cd,
struct device *device,
uint64_t offset, struct superblock *sb)
{
int devfd, r;
devfd = device_open(device, O_RDONLY);
if(devfd < 0) {
return -EINVAL;
}
if (read_lseek_blockwise(devfd, device_block_size(device),
sb, sizeof(*sb), offset) != sizeof(*sb) ||
memcmp(sb->magic, SB_MAGIC, sizeof(sb->magic)) ||
sb->version != SB_VERSION) {
log_std(cd, "No integrity superblock detected on %s.\n",
device_path(device));
r = -EINVAL;
} else {
sb->integrity_tag_size = le16toh(sb->integrity_tag_size);
sb->journal_sections = le32toh(sb->journal_sections);
sb->provided_data_sectors = le64toh(sb->provided_data_sectors);
r = 0;
}
close(devfd);
return r;
}
int INTEGRITY_read_sb(struct crypt_device *cd, struct crypt_params_integrity *params)
{
struct superblock sb;
int r;
r = INTEGRITY_read_superblock(cd, crypt_data_device(cd), 0, &sb);
if (r)
return r;
params->sector_size = SECTOR_SIZE << sb.log2_sectors_per_block;
params->tag_size = sb.integrity_tag_size;
return 0;
}
int INTEGRITY_dump(struct crypt_device *cd, struct device *device, uint64_t offset)
{
struct superblock sb;
int r;
r = INTEGRITY_read_superblock(cd, device, offset, &sb);
if (r)
return r;
log_std(cd, "Info for integrity device %s.\n", device_path(device));
log_std(cd, "log2_interleave_sectors %d\n", sb.log2_interleave_sectors);
log_std(cd, "integrity_tag_size %u\n", sb.integrity_tag_size);
log_std(cd, "journal_sections %u\n", sb.journal_sections);
log_std(cd, "provided_data_sectors %" PRIu64 "\n", sb.provided_data_sectors);
log_std(cd, "sector_size %u\n", SECTOR_SIZE << sb.log2_sectors_per_block);
return 0;
}
int INTEGRITY_data_sectors(struct crypt_device *cd,
struct device *device, uint64_t offset,
uint64_t *data_sectors)
{
struct superblock sb;
int r;
r = INTEGRITY_read_superblock(cd, device, offset, &sb);
if (r)
return r;
*data_sectors = sb.provided_data_sectors;
return 0;
}
int INTEGRITY_key_size(struct crypt_device *cd)
{
const char *integrity = crypt_get_integrity(cd);
if (!integrity)
return 0;
//FIXME: use crypto backend hash size
if (!strcmp(integrity, "aead"))
return 0;
else if (!strcmp(integrity, "hmac(sha256)"))
return 32;
else if (!strcmp(integrity, "hmac(sha512)"))
return 64;
else if (!strcmp(integrity, "poly1305"))
return 0;
else if (!strcmp(integrity, "none"))
return 0;
return -EINVAL;
}
int INTEGRITY_tag_size(struct crypt_device *cd)
{
const char *integrity = crypt_get_integrity(cd);
const char *cipher_mode = crypt_get_cipher_mode(cd);
int iv_tag_size = 0, auth_tag_size = 0;
if (!strcmp(cipher_mode, "xts-random"))
iv_tag_size = 16;
else if (!strcmp(cipher_mode, "gcm-random"))
iv_tag_size = 12;
else if (!strcmp(cipher_mode, "ccm-random"))
iv_tag_size = 8;
else if (!strcmp(cipher_mode, "ctr-random"))
iv_tag_size = 16;
else if (!strcmp(cipher_mode, "random"))
iv_tag_size = 16;
//FIXME: use crypto backend hash size
if (!integrity || !strcmp(integrity, "none"))
auth_tag_size = 0;
else if (!strcmp(integrity, "aead"))
auth_tag_size = 16; //FIXME gcm- mode only
else if (!strcmp(integrity, "cmac(aes)"))
auth_tag_size = 16;
else if (!strcmp(integrity, "hmac(sha256)"))
auth_tag_size = 32;
else if (!strcmp(integrity, "hmac(sha512)"))
auth_tag_size = 64;
else if (!strcmp(integrity, "poly1305")) {
if (iv_tag_size)
iv_tag_size = 12;
auth_tag_size = 16;
}
return iv_tag_size + auth_tag_size;
}
int INTEGRITY_activate(struct crypt_device *cd,
const char *name,
struct crypt_params_integrity *params,
struct volume_key *vk,
struct volume_key *journal_crypt_key,
struct volume_key *journal_mac_key,
uint32_t flags)
{
struct crypt_dm_active_device dmdi = {
.target = DM_INTEGRITY,
.data_device = crypt_data_device(cd),
.size = crypt_get_integrity_sectors(cd),
.flags = flags,
.u.integrity = {
.offset = crypt_get_data_offset(cd),
.tag_size = crypt_get_integrity_tag_size(cd),
.sector_size = crypt_get_sector_size(cd),
}
};
int r;
dmdi.u.integrity.journal_size = params->journal_size;
dmdi.u.integrity.journal_watermark = params->journal_watermark;
dmdi.u.integrity.journal_commit_time = params->journal_commit_time;
dmdi.u.integrity.interleave_sectors = params->interleave_sectors;
dmdi.u.integrity.buffer_sectors = params->buffer_sectors;
dmdi.u.integrity.integrity = params->integrity;
dmdi.u.integrity.vk = vk;
dmdi.u.integrity.journal_integrity = params->journal_integrity;
dmdi.u.integrity.journal_integrity_key = journal_mac_key;
dmdi.u.integrity.journal_crypt = params->journal_crypt;
dmdi.u.integrity.journal_crypt_key = journal_crypt_key;
log_dbg("Trying to activate INTEGRITY device on top of %s, using name %s, tag size %d, provided sectors %" PRIu64".",
device_path(dmdi.data_device), name, dmdi.u.integrity.tag_size, dmdi.size);
r = device_block_adjust(cd, dmdi.data_device, DEV_EXCL,
dmdi.u.integrity.offset, NULL, &dmdi.flags);
if (r)
return r;
return dm_create_device(cd, name, "INTEGRITY", &dmdi, 0);
}
int INTEGRITY_format(struct crypt_device *cd,
struct crypt_params_integrity *params,
struct volume_key *journal_crypt_key,
struct volume_key *journal_mac_key)
{
char tmp_name[64], tmp_uuid[40];
struct crypt_dm_active_device dmdi = {
.target = DM_INTEGRITY,
.data_device = crypt_data_device(cd),
.size = 8,
.flags = CRYPT_ACTIVATE_PRIVATE, /* We always create journal but it can be unused later */
.u.integrity = {
.offset = crypt_get_data_offset(cd),
.tag_size = crypt_get_integrity_tag_size(cd),
.sector_size = crypt_get_sector_size(cd),
}
};
int r;
uuid_t tmp_uuid_bin;
dmdi.u.integrity.journal_size = params->journal_size;
dmdi.u.integrity.journal_watermark = params->journal_watermark;
dmdi.u.integrity.journal_commit_time = params->journal_commit_time;
dmdi.u.integrity.interleave_sectors = params->interleave_sectors;
dmdi.u.integrity.buffer_sectors = params->buffer_sectors;
dmdi.u.integrity.integrity = params->integrity;
dmdi.u.integrity.journal_integrity = params->journal_integrity;
dmdi.u.integrity.journal_integrity_key = journal_mac_key;
dmdi.u.integrity.journal_crypt = params->journal_crypt;
dmdi.u.integrity.journal_crypt_key = journal_crypt_key;
uuid_generate(tmp_uuid_bin);
uuid_unparse(tmp_uuid_bin, tmp_uuid);
snprintf(tmp_name, sizeof(tmp_name), "temporary-cryptsetup-%s", tmp_uuid);
log_dbg("Trying to format INTEGRITY device on top of %s, tmp name %s, tag size %d.",
device_path(dmdi.data_device), tmp_name, dmdi.u.integrity.tag_size);
r = device_block_adjust(cd, dmdi.data_device, DEV_EXCL, dmdi.u.integrity.offset, NULL, NULL);
if (r)
return r;
r = dm_create_device(cd, tmp_name, "INTEGRITY", &dmdi, 0);
if (r)
return r;
return dm_remove_device(cd, tmp_name, 1, dmdi.size);
}
/*
* Integrity header defitinion
*
* Copyright (C) 2016-2017, Milan Broz
*
* This file is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This file is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this file; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef _CRYPTSETUP_INTEGRITY_H
#define _CRYPTSETUP_INTEGRITY_H
#include <stdint.h>
struct crypt_device;
struct device;
struct crypt_params_integrity;
struct volume_key;
/* dm-integrity helper */
#define SB_MAGIC "integrt"
#define SB_VERSION 1
struct superblock {
uint8_t magic[8];
uint8_t version;
int8_t log2_interleave_sectors;
uint16_t integrity_tag_size;
uint32_t journal_sections;
uint64_t provided_data_sectors;
uint32_t flags;
uint8_t log2_sectors_per_block;
} __attribute__ ((packed));
int INTEGRITY_read_sb(struct crypt_device *cd, struct crypt_params_integrity *params);
int INTEGRITY_dump(struct crypt_device *cd, struct device *device, uint64_t offset);
int INTEGRITY_data_sectors(struct crypt_device *cd,
struct device *device, uint64_t offset,
uint64_t *data_sectors);
int INTEGRITY_key_size(struct crypt_device *cd);
int INTEGRITY_tag_size(struct crypt_device *cd);
int INTEGRITY_format(struct crypt_device *cd,
struct crypt_params_integrity *params,
struct volume_key *journal_crypt_key,
struct volume_key *journal_mac_key);
int INTEGRITY_activate(struct crypt_device *cd,
const char *name,
struct crypt_params_integrity *params,
struct volume_key *vk,
struct volume_key *journal_crypt_key,
struct volume_key *journal_mac_key,
uint32_t flags);
#endif
......@@ -243,6 +243,8 @@ int crypt_memory_lock(struct crypt_device *cd, int lock);
#define CRYPT_VERITY "VERITY"
/** TCRYPT (TrueCrypt-compatible and VeraCrypt-compatible) mode */
#define CRYPT_TCRYPT "TCRYPT"
/** INTEGRITY dm-integrity device */
#define CRYPT_INTEGRITY "INTEGRITY"
/**
* Get device type
......@@ -358,6 +360,32 @@ struct crypt_params_tcrypt {
*/
#define CRYPT_TCRYPT_VERA_MODES (1 << 4)
/**
*
* Structure used as parameter for dm-integrity device type.
*
* @see crypt_format, crypt_load
*
*/
struct crypt_params_integrity {
uint64_t journal_size;
unsigned int journal_watermark;
unsigned int journal_commit_time;
uint32_t interleave_sectors;
uint32_t tag_size;
uint32_t sector_size; /* integrity sector size */
uint32_t buffer_sectors;
const char *integrity;
const char *journal_integrity;
const char *journal_integrity_key; /* only for crypt_load */
uint32_t journal_integrity_key_size; /* only for crypt_load */
const char *journal_crypt;
const char *journal_crypt_key; /* only for crypt_load */
uint32_t journal_crypt_key_size; /* only for crypt_load */
};
/** @} */
/**
......@@ -677,7 +705,10 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot);
#define CRYPT_ACTIVATE_RESTART_ON_CORRUPTION (1 << 9)
/** dm-verity: ignore_zero_blocks - do not verify zero blocks */
#define CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS (1 << 10)
/** dm-integrity: direct writes, do not use journal */
#define CRYPT_ACTIVATE_NO_JOURNAL (1 << 12)
/** dm-integrity: recovery mode - no journal, no integrity checks */
#define CRYPT_ACTIVATE_RECOVERY (1 << 13)
/**
* Active device runtime attributes
......@@ -886,6 +917,46 @@ const char *crypt_get_cipher(struct crypt_device *cd);
*/
const char *crypt_get_cipher_mode(struct crypt_device *cd);
/**
* Get cipher integrity mode used in device.
*
* @param cd crypt device handle
*
* @return used cipher mode e.g. "hmac(sha256)" or @e otherwise
*
*/
const char *crypt_get_integrity(struct crypt_device *cd);
/**
* Get size (in bytes) of integrity key (if present) for crypt device.
*
* @param cd crypt device handle
*
* @return integrity key size
*
*/
int crypt_get_integrity_key_size(struct crypt_device *cd);
/**
* Get size (in bytes) of integrity tag (if present) for crypt device.
*
* @param cd crypt device handle
*
* @return integrity tag size
*
*/
int crypt_get_integrity_tag_size(struct crypt_device *cd);
/**
* Get size (in bytes) of provided data sectors for integrity device.
*
* @param cd crypt device handle
*
* @return provided device size in 512-bytes sectors
*
*/
uint64_t crypt_get_integrity_sectors(struct crypt_device *cd);
/**
* Get device UUID.
*
......@@ -936,6 +1007,16 @@ uint64_t crypt_get_iv_offset(struct crypt_device *cd);
*/
int crypt_get_volume_key_size(struct crypt_device *cd);
/**
* Get size (in bytes) of encryption sector for crypt device.
*
* @param cd crypt device handle
*
* @return sector size
*
*/
int crypt_get_sector_size(struct crypt_device *cd);
/**
* Get device parameters for VERITY device.
*
......
......@@ -39,12 +39,17 @@ CRYPTSETUP_1.0 {
crypt_benchmark_kdf;
crypt_get_cipher;
crypt_get_cipher_mode;
crypt_get_integrity;
crypt_get_integrity_key_size;
crypt_get_integrity_tag_size;
crypt_get_integrity_sectors;
crypt_get_uuid;
crypt_get_data_offset;
crypt_get_iv_offset;
crypt_get_volume_key_size;
crypt_get_device_name;
crypt_get_verity_info;
crypt_get_sector_size;
crypt_get_type;
crypt_get_active_device;
......
This diff is collapsed.
This diff is collapsed.
......@@ -84,6 +84,28 @@ int crypt_parse_name_and_mode(const char *s, char *cipher, int *key_nums,
return -EINVAL;
}
int crypt_parse_hash_integrity_mode(const char *s, char *integrity)
{
char mode[MAX_CIPHER_LEN], hash[MAX_CIPHER_LEN];
int r;
if (!s || !integrity || strchr(s, '(') || strchr(s, ')'))
return -EINVAL;
r = sscanf(s, "%" MAX_CIPHER_LEN_STR "[^-]-%" MAX_CIPHER_LEN_STR "s", mode, hash);
if (r == 2)
r = snprintf(integrity, MAX_CIPHER_LEN, "%s(%s)", mode, hash);
else if (r == 1)
r = snprintf(integrity, MAX_CIPHER_LEN, "%s", mode);
else
return -EINVAL;
if (r < 0 || r == MAX_CIPHER_LEN)
return -EINVAL;
return 0;
}
/*
* Replacement for memset(s, 0, n) on stack that can be optimized out
* Also used in safe allocations for explicit memory wipe.
......
......@@ -33,6 +33,7 @@ struct crypt_device;
int crypt_parse_name_and_mode(const char *s, char *cipher,
int *key_nums, char *cipher_mode);
int crypt_parse_hash_integrity_mode(const char *s, char *integrity);
void *crypt_safe_alloc(size_t size);
void crypt_safe_free(void *data);
......
......@@ -44,6 +44,7 @@ struct device;
#define DM_SUBMIT_FROM_CRYPT_CPUS_SUPPORTED (1 << 8) /* submit_from_crypt_cpus */
#define DM_VERITY_ON_CORRUPTION_SUPPORTED (1 << 9) /* ignore/restart_on_corruption, ignore_zero_block */
#define DM_VERITY_FEC_SUPPORTED (1 << 10) /* Forward Error Correction (FEC) */
#define DM_INTEGRITY_SUPPORTED (1 << 12) /* dm-integrity target supported */
uint32_t dm_flags(void);
......@@ -59,7 +60,7 @@ uint32_t dm_flags(void);
#define DM_ACTIVE_VERITY_PARAMS (1 << 7)
struct crypt_dm_active_device {
enum { DM_CRYPT = 0, DM_VERITY } target;
enum { DM_CRYPT = 0, DM_VERITY, DM_INTEGRITY } target;
uint64_t size; /* active device size */
uint32_t flags; /* activation flags */
const char *uuid;
......@@ -67,6 +68,7 @@ struct crypt_dm_active_device {
union {
struct {
const char *cipher;
const char *integrity;
/* Active key for device */
struct volume_key *vk;
......@@ -88,6 +90,26 @@ struct crypt_dm_active_device {
uint64_t fec_blocks; /* size of FEC device (in hash blocks) */
struct crypt_params_verity *vp;
} verity;
struct {
uint64_t journal_size;
uint32_t journal_watermark;
uint32_t journal_commit_time;
uint32_t interleave_sectors;
uint32_t tag_size;
uint64_t offset; /* offset in sectors */
uint32_t sector_size; /* integrity sector size */
uint32_t buffer_sectors;
const char *integrity;
/* Active key for device */
struct volume_key *vk;
const char *journal_integrity;
struct volume_key *journal_integrity_key;
const char *journal_crypt;
struct volume_key *journal_crypt_key;
} integrity;
} u;
};
......
......@@ -8,4 +8,8 @@ if REENCRYPT
man8_MANS += cryptsetup-reencrypt.8
endif
EXTRA_DIST = cryptsetup.8 veritysetup.8 cryptsetup-reencrypt.8
if INTEGRITYSETUP
man8_MANS += integritysetup.8
endif
EXTRA_DIST = cryptsetup.8 integritysetup.8 veritysetup.8 cryptsetup-reencrypt.8
.TH INTEGRITYSETUP "8" "May 2017" "integritysetup" "Maintenance Commands"
.SH NAME
integritysetup - manage dm-integrity (block level integrity) volumes
.SH SYNOPSIS
.B integritysetup <options> <action> <action args>
.SH DESCRIPTION
.PP
Integritysetup is used to configure dm-integrity managed device-mapper mappings.
Device-mapper integrity target provides read-write transparent integrity
checking of block devices. The dm-integrity target emulates additional data
integrity field per-sector. You can use this additional field directly
with integritysetup utility, or indirectly (for authenticated encryption)
through cryptsetup.
Integritysetup supports these operations:
.PP
\fIformat\fR <device>
.IP
Formats <device> (calculates space and dm-integrity superblock).
\fB<options>\fR can be []
.PP
\fIcreate\fR <name> <device>
.IP
Creates a mapping with <name> backed by device <device>.
.PP
\fIremove\fR <name>
.IP
Removes existing mapping <name>.
.PP
\fIstatus\fR <name>
.IP
Reports status for the active integrity mapping <name>.
.PP
\fIdump\fR <device>
.IP
Reports parameters from on-disk stored superblock.
.SH OPTIONS
.TP
.B "\-\-verbose, \-v"
Print more information on command execution.
.TP
.B "\-\-debug"
Run in debug mode with full diagnostic logs. Debug output
lines are always prefixed by '#'.
.B "\-\-version"
Show the program version.
.TP
\fBWARNING:\fR Use these options only for very specific cases.
The dm-integrity target is available since Linux kernel version 4.12.
.TP
.SH RETURN CODES
Integritysetup returns 0 on success and a non-zero value on error.
Error codes are:
1 wrong parameters
2 no permission
3 out of memory
4 wrong device specified
5 device already exists or device is busy.
.SH EXAMPLES
.B "integritysetup format <device> --tag-size 4"
Formats device to use additional 4 bytes per-sector for integrity data.
.B "integritysetup create test-device <device> --integrity crc32"
Acivates the integrity device named test-device and automaticaly calculate specified
checsum on write (and verifies it on read).
.SH REPORTING BUGS
Report bugs, including ones in the documentation, on
the cryptsetup mailing list at <dm-crypt@saout.de>
or in the 'Issues' section on LUKS website.
Please attach the output of the failed command with the
\-\-debug option added.
.SH AUTHORS
The integritysetup tool and code is written by Milan Broz <gmazyland@gmail.com>
and is part of cryptsetup project.
.SH COPYRIGHT
Copyright \(co 2016-2017 Red Hat, Inc.
.br
Copyright \(co 2016-2017 Milan Broz
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
.SH SEE ALSO
The project website at \fBhttps://gitlab.com/cryptsetup/cryptsetup\fR
The integrity on-disk format specification available at
\fBhttps://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity\fR
......@@ -17,6 +17,7 @@ lib/verity/verity_hash.c
lib/verity/verity_fec.c
src/cryptsetup.c
src/veritysetup.c
src/integritysetup.c
src/cryptsetup_reencrypt.c
src/utils_tools.c
src/utils_password.c
......@@ -69,6 +69,36 @@ veritysetup_static_LDADD = $(veritysetup_LDADD) \
endif
endif
# integritysetup
if INTEGRITYSETUP
integritysetup_SOURCES = \
$(top_builddir)/lib/utils_crypt.c \
$(top_builddir)/lib/utils_loop.c \
utils_tools.c \
integritysetup.c \
cryptsetup.h
integritysetup_LDADD = \
$(top_builddir)/lib/libcryptsetup.la \