Skip to content

Commit 296eb39

Browse files
ifranzkiifranzki
committed
Changes to support PHMAC with integritysetup and cryptsetup
Make the PHMAC integrity algorithm know to libcryptsetup. The size of a key for PHMAC is not known, because PHMAC gets an opaque blob as key, who's physical size has nothing to do with the cryptographic size. Thus, let INTEGRITY_key_size() and crypt_parse_integrity_mode() return the required_key_size as key size for PHMAC, or -EINVAL if required_key_size is zero, to indicate that the size is unknown. Signed-off-by: Ingo Franzki <[email protected]>
1 parent 917b683 commit 296eb39

File tree

2 files changed

+29
-0
lines changed

2 files changed

+29
-0
lines changed

lib/integrity/integrity.c

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -151,6 +151,12 @@ int INTEGRITY_key_size(const char *integrity, int required_key_size)
151151
ks = required_key_size ?: 32;
152152
else if (!strcmp(integrity, "hmac(sha512)"))
153153
ks = required_key_size ?: 64;
154+
else if (!strcmp(integrity, "phmac(sha1)"))
155+
ks = required_key_size ?: -EINVAL;
156+
else if (!strcmp(integrity, "phmac(sha256)"))
157+
ks = required_key_size ?: -EINVAL;
158+
else if (!strcmp(integrity, "phmac(sha512)"))
159+
ks = required_key_size ?: -EINVAL;
154160
else if (!strcmp(integrity, "poly1305"))
155161
ks = 0;
156162
else if (!strcmp(integrity, "none"))
@@ -180,6 +186,8 @@ int INTEGRITY_hash_tag_size(const char *integrity)
180186
return 8;
181187

182188
r = sscanf(integrity, "hmac(%" MAX_CIPHER_LEN_STR "[^)]s", hash);
189+
if (r != 1)
190+
r = sscanf(integrity, "phmac(%" MAX_CIPHER_LEN_STR "[^)]s", hash);
183191
if (r == 1)
184192
r = crypt_hash_size(hash);
185193
else
@@ -222,6 +230,12 @@ int INTEGRITY_tag_size(const char *integrity,
222230
auth_tag_size = 32;
223231
else if (!strcmp(integrity, "hmac(sha512)"))
224232
auth_tag_size = 64;
233+
else if (!strcmp(integrity, "phmac(sha1)"))
234+
auth_tag_size = 20;
235+
else if (!strcmp(integrity, "phmac(sha256)"))
236+
auth_tag_size = 32;
237+
else if (!strcmp(integrity, "phmac(sha512)"))
238+
auth_tag_size = 64;
225239
else if (!strcmp(integrity, "poly1305")) {
226240
if (iv_tag_size)
227241
iv_tag_size = 12;

lib/utils_crypt.c

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -119,6 +119,21 @@ int crypt_parse_integrity_mode(const char *s, char *integrity,
119119
} else if (!strcmp(s, "hmac-sha512")) {
120120
strncpy(integrity, "hmac(sha512)", MAX_CIPHER_LEN);
121121
ks = required_key_size ?: 64;
122+
} else if (!strcmp(s, "phmac-sha1")) {
123+
strncpy(integrity, "phmac(sha1)", MAX_CIPHER_LEN);
124+
ks = required_key_size;
125+
if (!required_key_size)
126+
r = -EINVAL;
127+
} else if (!strcmp(s, "phmac-sha256")) {
128+
strncpy(integrity, "phmac(sha256)", MAX_CIPHER_LEN);
129+
ks = required_key_size;
130+
if (!required_key_size)
131+
r = -EINVAL;
132+
} else if (!strcmp(s, "phmac-sha512")) {
133+
strncpy(integrity, "phmac(sha512)", MAX_CIPHER_LEN);
134+
ks = required_key_size;
135+
if (!required_key_size)
136+
r = -EINVAL;
122137
} else if (!strcmp(s, "cmac-aes")) {
123138
strncpy(integrity, "cmac(aes)", MAX_CIPHER_LEN);
124139
ks = 16;

0 commit comments

Comments
 (0)