eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Changes to support PHMAC with integritysetup and cryptsetup

Browse Source 
Make the PHMAC integrity algorithm know to libcryptsetup.

The size of a key for PHMAC is not known, because PHMAC gets an opaque
blob as key, who's physical size has nothing to do with the cryptographic
size. Thus, let INTEGRITY_key_size() and crypt_parse_integrity_mode()
return the required_key_size as key size for PHMAC, or -EINVAL if
required_key_size is zero, to indicate that the size is unknown.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
This commit is contained in:
Ingo Franzki
2024-02-28 17:50:46 +01:00
parent 917b6836a9
commit 296eb39c60
2 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/integrity/integrity.c
View File

@@ -151,6 +151,12 @@ int INTEGRITY_key_size(const char *integrity, int required_key_size)
ks = required_key_size ?: 32; ks = required_key_size ?: 32;
else if (!strcmp(integrity, "hmac(sha512)")) else if (!strcmp(integrity, "hmac(sha512)"))
ks = required_key_size ?: 64; ks = required_key_size ?: 64;
else if (!strcmp(integrity, "phmac(sha1)"))
ks = required_key_size ?: -EINVAL;
else if (!strcmp(integrity, "phmac(sha256)"))
ks = required_key_size ?: -EINVAL;
else if (!strcmp(integrity, "phmac(sha512)"))
ks = required_key_size ?: -EINVAL;
else if (!strcmp(integrity, "poly1305")) else if (!strcmp(integrity, "poly1305"))
ks = 0; ks = 0;
else if (!strcmp(integrity, "none")) else if (!strcmp(integrity, "none"))
@@ -180,6 +186,8 @@ int INTEGRITY_hash_tag_size(const char *integrity)
return 8; return 8;
r = sscanf(integrity, "hmac(%" MAX_CIPHER_LEN_STR "[^)]s", hash); r = sscanf(integrity, "hmac(%" MAX_CIPHER_LEN_STR "[^)]s", hash);
if (r != 1)
r = sscanf(integrity, "phmac(%" MAX_CIPHER_LEN_STR "[^)]s", hash);
if (r == 1) if (r == 1)
r = crypt_hash_size(hash); r = crypt_hash_size(hash);
else else
@@ -222,6 +230,12 @@ int INTEGRITY_tag_size(const char *integrity,
auth_tag_size = 32; auth_tag_size = 32;
else if (!strcmp(integrity, "hmac(sha512)")) else if (!strcmp(integrity, "hmac(sha512)"))
auth_tag_size = 64; auth_tag_size = 64;
else if (!strcmp(integrity, "phmac(sha1)"))
auth_tag_size = 20;
else if (!strcmp(integrity, "phmac(sha256)"))
auth_tag_size = 32;
else if (!strcmp(integrity, "phmac(sha512)"))
auth_tag_size = 64;
else if (!strcmp(integrity, "poly1305")) { else if (!strcmp(integrity, "poly1305")) {
if (iv_tag_size) if (iv_tag_size)
iv_tag_size = 12; iv_tag_size = 12;

15
lib/utils_crypt.c
View File

@@ -119,6 +119,21 @@ int crypt_parse_integrity_mode(const char *s, char *integrity,
} else if (!strcmp(s, "hmac-sha512")) { } else if (!strcmp(s, "hmac-sha512")) {
strncpy(integrity, "hmac(sha512)", MAX_CIPHER_LEN); strncpy(integrity, "hmac(sha512)", MAX_CIPHER_LEN);
ks = required_key_size ?: 64; ks = required_key_size ?: 64;
} else if (!strcmp(s, "phmac-sha1")) {
strncpy(integrity, "phmac(sha1)", MAX_CIPHER_LEN);
ks = required_key_size;
if (!required_key_size)
r = -EINVAL;
} else if (!strcmp(s, "phmac-sha256")) {
strncpy(integrity, "phmac(sha256)", MAX_CIPHER_LEN);
ks = required_key_size;
if (!required_key_size)
r = -EINVAL;
} else if (!strcmp(s, "phmac-sha512")) {
strncpy(integrity, "phmac(sha512)", MAX_CIPHER_LEN);
ks = required_key_size;
if (!required_key_size)
r = -EINVAL;
} else if (!strcmp(s, "cmac-aes")) { } else if (!strcmp(s, "cmac-aes")) {
strncpy(integrity, "cmac(aes)", MAX_CIPHER_LEN); strncpy(integrity, "cmac(aes)", MAX_CIPHER_LEN);
ks = 16; ks = 16;