HMAC-SHA256/512 non 32 byte keys supporting #166
Conversation
gdwrd
force-pushed
the
hmac_keysize_fix
branch
from
d7afd19
to
0742fd9
Compare
gdwrd
force-pushed
the
hmac_keysize_fix
branch
from
0742fd9
to
c8ccf4f
Compare
|
Hi @tarcieri, what do you think about my PR? |
|
I think if you're doing this much, you might as well expose the full IUF API... and ideally make it API-compatible with |
|
@tarcieri You mean, change |
|
@nsheremet you've done most of the work here to expose the IUF API (i.e. initialize, update, finalize or as the |
|
@tarcieri hm. I will add IUF Api soon. |
|
@tarcieri Hi, I pushed some updates. Can you review, please? |
|
I can review it soon |
|
Hi @tarcieri, did you see the PR? |
|
@nsheremet yes, sorry, I haven't had time to review it |
| # @params [#to_str] message message to construct an authenticator for | ||
| def update(message) | ||
| self.class.auth_hmacsha256_update(@state, message, message.bytesize) | ||
| self.class.auth_hmacsha256_final(@state.clone, @authenticator) |
There was a problem hiding this comment.
This should probably be moved to #digest below so as to allow #update to be called multiple times. I'm also curious how this handles #update being called after it's been finalized. That should probably raise an exception.
There was a problem hiding this comment.
Hi @tarcieri. You can use this update multiple times.
But the point is, #update method without calling this line self.class.auth_hmacsha256_final(@state.clone, @authenticator) every time will be rewriting the @state. I can add spec test to compare with openssl multiple usage. But I know that it's work because I test it.
There was a problem hiding this comment.
here is RbNaCl example:
pry(main)> key = ['07c0'].pack('H*')
pry(main)> hmac = RbNaCl::HMAC::SHA256.new(key)
pry(main)> hmac.update 'abcd'
pry(main)> hmac.update '1'
pry(main)> hmac.digest
=> "G\xCC[\xBDI\x1A\xA3\x95\xCD\xA2@\xC2\xB2L\xCD\xE9\x03kV\xDA\x7F\xAB@\xBE\xB5\xA7V\x1C\x11G\xBE\xD8"OpenSSL example:
pry(main)> key = ['07c0'].pack('H*')
pry(main)> hmac = OpenSSL::HMAC.new(key, d)
pry(main)> hmac.update 'abcd'
pry(main)> hmac.update '1'
pry(main)> hmac.digest
=> "G\xCC[\xBDI\x1A\xA3\x95\xCD\xA2@\xC2\xB2L\xCD\xE9\x03kV\xDA\x7F\xAB@\xBE\xB5\xA7V\x1C\x11G\xBE\xD8"
| # @params [#to_str] message message to construct an authenticator for | ||
| def update(message) | ||
| self.class.auth_hmacsha512_update(@state, message, message.bytesize) | ||
| self.class.auth_hmacsha512_final(@state.clone, @authenticator) |
There was a problem hiding this comment.
There was a problem hiding this comment.
here is the answer #166 (comment)
| # @params [#to_str] message message to construct an authenticator for | ||
| def update(message) | ||
| self.class.auth_hmacsha512256_update(@state, message, message.bytesize) | ||
| self.class.auth_hmacsha512256_final(@state.clone, @authenticator) |
There was a problem hiding this comment.
here is the answer #166 (comment)
|
This looks mostly good but I think all three primitives you're implementing here should both handle multiple invocations of |
|
@tarcieri I also can make that after you call |
|
@nsheremet sorry I misunderstood how this works. I think the change you suggest (to match the |
gdwrd
force-pushed
the
hmac_keysize_fix
branch
from
18f5952
to
0b3a757
Compare
gdwrd
force-pushed
the
hmac_keysize_fix
branch
from
0b3a757
to
def63ed
Compare
|
@tarcieri I updated |
|
@tarcieri so, will you merge this PR? |
lib/rbnacl/hmac/sha256.rb
Outdated
| end | ||
| end | ||
|
|
||
| # The crupto_auth_hmacsha256_state struct representation |
spec/shared/hmac.rb
Outdated
| # encoding: binary | ||
| # frozen_string_literal: true | ||
|
|
||
| RSpec.shared_examples "hmac" do |
There was a problem hiding this comment.
tiny nit but I'd personally prefer "HMAC" here
|
One typo and one nit, otherwise it looks good, thanks for your contribution! |
|
@tarcieri I fixed typos. |
|
@tarcieri I think that's all 😄 |
|
Thanks! |
|
@tarcieri I am glad to help! |
## [6.0.0] (2018-11-08) [6.0.0]: RubyCrypto/rbnacl#182 * [#180](RubyCrypto/rbnacl#180) Deprecate rbnacl-libsodium. ([@tarcieri]) * [#176](RubyCrypto/rbnacl#176) Add support for XChaCha20-Poly1305. ([@AnIrishDuck]) * [#174](RubyCrypto/rbnacl#174) Fix buffer size type in `randombytes_buf` binding. ([@elijh]) * [#172](RubyCrypto/rbnacl#172) Add support for argon2id digest. ([@trofi]) * [#166](RubyCrypto/rbnacl#166) Support for non-32-byte HMAC-SHA256/512 keys. ([@nsheremet])
Hi,
Here is my PR with non 32 keys supporting.
HMAC RFC 2104: https://tools.ietf.org/html/rfc2104#section-3
Thanks!