Everything is fine (though unnecessarily ugly) if we take the final `/'
as delimiting the tag length, rather than the initial one. So do that.
if ((p = key_getattr(kf, k, "mac")) != 0) {
dstr_reset(&d);
dstr_puts(&d, p);
if ((p = key_getattr(kf, k, "mac")) != 0) {
dstr_reset(&d);
dstr_puts(&d, p);
- if ((q = strchr(d.buf, '/')) != 0)
+ if ((q = strrchr(d.buf, '/')) != 0)
*q++ = 0;
if ((a->m = gmac_byname(d.buf)) == 0) {
a_format(e, "unknown-mac", "%s", d.buf, A_END);
*q++ = 0;
if ((a->m = gmac_byname(d.buf)) == 0) {
a_format(e, "unknown-mac", "%s", d.buf, A_END);
and the desired tag length in bits. The default is
.IB hash \-hmac
at half the underlying hash function's output length.
and the desired tag length in bits. The default is
.IB hash \-hmac
at half the underlying hash function's output length.
+If the MAC's name contains a
+.RB ` / '
+character,
+e.g.,
+.RB ` sha512/256 ',
+then an
+.I additional
+.RB ` / '
+and the tag size is required to disambiguate,
+so, e.g.,
+one might write
+.RB ` sha512/256/256 '.
.TP
.B mgf
A `mask-generation function', used in the key-exchange. The default is
.TP
.B mgf
A `mask-generation function', used in the key-exchange. The default is