Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove comment about zero padding HMAC{256,384,512} keys. #8761

Merged
merged 1 commit into from
Jan 4, 2023
Merged

Remove comment about zero padding HMAC{256,384,512} keys. #8761

merged 1 commit into from
Jan 4, 2023

Conversation

vcsjones
Copy link
Member

@vcsjones vcsjones commented Jan 4, 2023

Summary

The zero padding is not observed in the Key property. It's an implementation detail of how HMAC works. To avoid any confusion, let's just remove this comment. We don't have it for HMACSHA1 or HMACMD5.

I initially tried to re-word this to something like If it is less than 64 bytes long, the key is internally zero padded to 64 bytes. However, I'm not sure it makes sense to document the internals of how HMAC works in the key parameter documentation. I left the documentation for if the key is too large because we do have observable changes to the Key property in that case.

See dotnet/runtime#80180 for background on why I am suggesting this change.

@vcsjones
Remove comment about zero padding HMAC{256,384,512} keys.
a6c99f5 
The zero padding is not observed in the `Key` property. It's an implementation detail of how HMAC works. To avoid any confusion, let's just remove this comment. We don't have it for HMACSHA1 or HMACMD5.
@vcsjones vcsjones requested a review from a team as a code owner January 4, 2023 16:27
@ghost ghost assigned vcsjones Jan 4, 2023
@dotnet-issue-labeler dotnet-issue-labeler bot added the area-System.Security Issues related to security practices for .NET developers. label Jan 4, 2023
@ghost
Copy link

ghost commented Jan 4, 2023

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Summary

The zero padding is not observed in the Key property. It's an implementation detail of how HMAC works. To avoid any confusion, let's just remove this comment. We don't have it for HMACSHA1 or HMACMD5.

I initially tried to re-word this to something like If it is less than 64 bytes long, the key is internally zero padded to 64 bytes. However, I'm not sure it makes sense to document the internals of how HMAC works in the key parameter documentation. I left the documentation for if the key is too large because we do have observable changes to the Key property in that case.

See dotnet/runtime#80180 for background on why I am suggesting this change.

Author: vcsjones
Assignees: vcsjones
Labels:

area-System.Security
Milestone: -

@learn-build-service-prod
Copy link

Learn Build status updates of commit a6c99f5:

✅ Validation status: passed

File Status Preview URL Details
xml/System.Security.Cryptography/HMACSHA256.xml ✅Succeeded View
xml/System.Security.Cryptography/HMACSHA384.xml ✅Succeeded View
xml/System.Security.Cryptography/HMACSHA512.xml ✅Succeeded View

For more details, please refer to the build report.

Note: Broken links written as relative paths are included in the above build report. For broken links written as absolute paths or external URLs, see the broken link report.

For any questions, please:

@gewarren gewarren merged commit bae2371 into dotnet:main Jan 4, 2023
@vcsjones vcsjones deleted the remove-hmac-zero-comment branch January 4, 2023 20:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bartonjs bartonjs bartonjs approved these changes

@gewarren gewarren gewarren approved these changes

Assignees

@vcsjones vcsjones

Labels
area-System.Security Issues related to security practices for .NET developers.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@vcsjones @bartonjs @gewarren