integritysetup: Add PHMAC algorithm to list of known algorithms

Add the PHMAC integrity algorithm to the list of supported algorithms. The PHMAC algorithm is like the regular HMAC algorithm, but it takes a wrapped key as input. A key for the PHMAC algorithm is an opaque key blob, who's physical size has nothing to do with the cryptographic size. Currently PHMAC is only available for the s390x architecture.
2026-04-14 00:14:32 +09:00 · 2024-03-04 09:26:18 +01:00
parent 7bf1cfe3b2
commit eb7b0d413e
4 changed files with 9 additions and 3 deletions
--- a/man/integritytab.xml
+++ b/man/integritytab.xml
@@ -56,7 +56,7 @@
    <para>The third field if present contains an absolute filename path to a key file or a <literal>-</literal>
    to specify none.  When the filename is present, the "integrity-algorithm" defaults to <literal>hmac-sha256</literal>
    with the key length derived from the number of bytes in the key file.  At this time the only supported integrity algorithms
-    when using key file are hmac-sha256 and hmac-sha512.  The maximum size of the key file is 4096 bytes.
+    when using key file are hmac-sha256, hmac-sha512, phmac-sha256, and hmac-sha512.  The maximum size of the key file is 4096 bytes.
    </para>

     <para>The fourth field, if present, is a comma-delimited list of options or a <literal>-</literal> to specify none. The following options are
@@ -125,7 +125,7 @@
      </varlistentry>

      <varlistentry>
-        <term><option>integrity-algorithm=[crc32c|crc32|xxhash64|sha1|sha256|hmac-sha256|hmac-sha512]</option></term>
+        <term><option>integrity-algorithm=[crc32c|crc32|xxhash64|sha1|sha256|hmac-sha256|hmac-sha512|phmac-sha256|phmac-sha512]</option></term>

        <listitem><para>
        The algorithm used for integrity checking.  The default is crc32c. Must match option used during format.