Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Blake2 hashes are incorrect when message size is an even multiple of block size #23
I was just doing some evaluation/benchmarking of the Blake2 implementations available on Nuget, and I noticed yours has a fairly serious bug in it. It appears your implementation eagerly processes every full block, whereas the Blake2 spec delays the processing of each block until it is known whether that block is the last. This is most easily seen with an empty message and a key. The key is padded out to fill the first block, and since the message is empty, the key block becomes the final block. In your implementation, the key block is processed, and then a second 0-filled block is processed to finalize the hash.
For example, the hash for key="abc" msg=null should be
Your implementation returns
The same bug manifests in any message with a length that is an even multiple of the block size.
added a commit
Jun 29, 2018
As this issue reflects, I finally had the time (or more realistically decided it's been long enough that I was willing to give up a night of sleep to fix it). I'll be pushing v 1.0.7 of the package with the fix. Once that's pushed to nuget, I'll close this issue. Feel free to re-open if the issue isn't fixed by that package.
https://www.nuget.org/packages/Konscious.Security.Cryptography.Blake2/1.0.7 should have this fix. Thanks for reporting it with the specific example that I could build a test against.