eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Changes to support PHMAC with integritysetup and cryptsetup

Browse Source 
Make the PHMAC integrity algorithm know to libcryptsetup.

The size of a key for PHMAC is not known, because PHMAC gets an opaque
blob as key, who's physical size has nothing to do with the cryptographic
size. Thus, let INTEGRITY_key_size() and crypt_parse_integrity_mode()
return the required_key_size as key size for PHMAC, or -EINVAL if
required_key_size is zero, to indicate that the size is unknown.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
This commit is contained in:
Ingo Franzki
2024-02-28 17:50:46 +01:00
parent 917b6836a9
commit 296eb39c60
2 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
lib/utils_crypt.c
View File

@@ -119,6 +119,21 @@ int crypt_parse_integrity_mode(const char *s, char *integrity,
} else if (!strcmp(s, "hmac-sha512")) {
strncpy(integrity, "hmac(sha512)", MAX_CIPHER_LEN);
ks = required_key_size ?: 64;
} else if (!strcmp(s, "phmac-sha1")) {
strncpy(integrity, "phmac(sha1)", MAX_CIPHER_LEN);
ks = required_key_size;
if (!required_key_size)
r = -EINVAL;
} else if (!strcmp(s, "phmac-sha256")) {
strncpy(integrity, "phmac(sha256)", MAX_CIPHER_LEN);
ks = required_key_size;
if (!required_key_size)
r = -EINVAL;
} else if (!strcmp(s, "phmac-sha512")) {
strncpy(integrity, "phmac(sha512)", MAX_CIPHER_LEN);
ks = required_key_size;
if (!required_key_size)
r = -EINVAL;
} else if (!strcmp(s, "cmac-aes")) {
strncpy(integrity, "cmac(aes)", MAX_CIPHER_LEN);
ks = 16;