Add backend support for new device-mapper kernel options.

This patch adds support for using keyring for volume key and support for new integrity fields for dm-crypt. Also helpers for searching disk by id. To be used later.
2025-12-08 09:20:11 +01:00 · 2017-09-24 12:00:05 +02:00
parent 894e7b9357
commit c56bdee177
14 changed files with 606 additions and 37 deletions
--- a/lib/utils_crypt.c
+++ b/lib/utils_crypt.c
@@ -89,6 +89,40 @@ int crypt_parse_hash_integrity_mode(const char *s, char *integrity)
 	return 0;
 }

+int crypt_parse_integrity_mode(const char *s, char *integrity,
+			       int *integrity_key_size)
+{
+	int ks = 0, r = 0;
+
+	if (!s || !integrity)
+		return -EINVAL;
+
+	// FIXME: do not hardcode it here
+
+	/* AEAD modes */
+	if (!strcmp(s, "aead") ||
+	    !strcmp(s, "poly1305") ||
+	    !strcmp(s, "none")) {
+		strncpy(integrity, s, MAX_CIPHER_LEN);
+		ks = 0;
+	} else if (!strcmp(s, "hmac-sha256")) {
+		strncpy(integrity, "hmac(sha256)", MAX_CIPHER_LEN);
+		ks = 32;
+	} else if (!strcmp(s, "hmac-sha512")) {
+		ks = 64;
+		strncpy(integrity, "hmac(sha512)", MAX_CIPHER_LEN);
+	} else if (!strcmp(s, "cmac-aes")) {
+		ks = 16;
+		strncpy(integrity, "cmac(aes)", MAX_CIPHER_LEN);
+	} else
+		r = -EINVAL;
+
+	if (integrity_key_size)
+		*integrity_key_size = ks;
+
+	return r;
+}
+
 int crypt_parse_pbkdf(const char *s, const char **pbkdf)
 {
 	const char *tmp = NULL;