diff --git a/lib/integrity/integrity.c b/lib/integrity/integrity.c index a1326b0d..a10050d1 100644 --- a/lib/integrity/integrity.c +++ b/lib/integrity/integrity.c @@ -151,6 +151,12 @@ int INTEGRITY_key_size(const char *integrity, int required_key_size) ks = required_key_size ?: 32; else if (!strcmp(integrity, "hmac(sha512)")) ks = required_key_size ?: 64; + else if (!strcmp(integrity, "phmac(sha1)")) + ks = required_key_size ?: -EINVAL; + else if (!strcmp(integrity, "phmac(sha256)")) + ks = required_key_size ?: -EINVAL; + else if (!strcmp(integrity, "phmac(sha512)")) + ks = required_key_size ?: -EINVAL; else if (!strcmp(integrity, "poly1305")) ks = 0; else if (!strcmp(integrity, "none")) @@ -180,6 +186,8 @@ int INTEGRITY_hash_tag_size(const char *integrity) return 8; r = sscanf(integrity, "hmac(%" MAX_CIPHER_LEN_STR "[^)]s", hash); + if (r != 1) + r = sscanf(integrity, "phmac(%" MAX_CIPHER_LEN_STR "[^)]s", hash); if (r == 1) r = crypt_hash_size(hash); else @@ -222,6 +230,12 @@ int INTEGRITY_tag_size(const char *integrity, auth_tag_size = 32; else if (!strcmp(integrity, "hmac(sha512)")) auth_tag_size = 64; + else if (!strcmp(integrity, "phmac(sha1)")) + auth_tag_size = 20; + else if (!strcmp(integrity, "phmac(sha256)")) + auth_tag_size = 32; + else if (!strcmp(integrity, "phmac(sha512)")) + auth_tag_size = 64; else if (!strcmp(integrity, "poly1305")) { if (iv_tag_size) iv_tag_size = 12; diff --git a/lib/utils_crypt.c b/lib/utils_crypt.c index 9121e42a..a5eca18a 100644 --- a/lib/utils_crypt.c +++ b/lib/utils_crypt.c @@ -119,6 +119,21 @@ int crypt_parse_integrity_mode(const char *s, char *integrity, } else if (!strcmp(s, "hmac-sha512")) { strncpy(integrity, "hmac(sha512)", MAX_CIPHER_LEN); ks = required_key_size ?: 64; + } else if (!strcmp(s, "phmac-sha1")) { + strncpy(integrity, "phmac(sha1)", MAX_CIPHER_LEN); + ks = required_key_size; + if (!required_key_size) + r = -EINVAL; + } else if (!strcmp(s, "phmac-sha256")) { + strncpy(integrity, "phmac(sha256)", MAX_CIPHER_LEN); + ks = required_key_size; + if (!required_key_size) + r = -EINVAL; + } else if (!strcmp(s, "phmac-sha512")) { + strncpy(integrity, "phmac(sha512)", MAX_CIPHER_LEN); + ks = required_key_size; + if (!required_key_size) + r = -EINVAL; } else if (!strcmp(s, "cmac-aes")) { strncpy(integrity, "cmac(aes)", MAX_CIPHER_LEN); ks = 16;