From: Luca Boccassi <bluca@debian.org>
Date: Fri, 14 Nov 2025 00:12:34 +0000 (+0000)
Subject: integritysetup: Add support for hmac-sha512 and wrapped key HMAC algorithms phmac... 
X-Git-Tag: v259-rc1~61
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=98ae19d9fe5cbdaefae600c5b906cacd1a48c57a;p=thirdparty%2Fsystemd.git

integritysetup: Add support for hmac-sha512 and wrapped key HMAC algorithms phmac-sha256 and phmac-sha512 (#39719)

Currently the only supported integrity algorithm using HMAC is
`hmac-sha256`. Add `hmac-sha512` to the list of supported algorithms as
well.

Also add the `PHMAC` integrity algorithm to the list of supported
algorithms. The `PHMAC` algorithm is like the regular HMAC algorithm,
but it takes a wrapped key as input. A key for the `PHMAC` algorithm is
an opaque key blob, who's physical size has nothing to do with the
cryptographic size. Such a wrapped key can for example be a HSM
protected key. Currently PHMAC is only available for the s390x
architecture (Linux on IBM Z).

Support for PHMAC has just been added to the cryptsetup project via MR
https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/693 by commit

https://gitlab.com/cryptsetup/cryptsetup/-/commit/296eb39c60bd85228930caaea4bb1d2a766b7544

To allow automatic opening of integrity protected volumes that use PHMAC
via `/etc/integritytab`, this change in systemd's integritysetup tool is
needed as well.
---

98ae19d9fe5cbdaefae600c5b906cacd1a48c57a