New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Blake2 hashes are incorrect when message size is an even multiple of block size #23

Closed
saucecontrol opened this Issue May 23, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@saucecontrol

saucecontrol commented May 23, 2018

Howdy,

I was just doing some evaluation/benchmarking of the Blake2 implementations available on Nuget, and I noticed yours has a fairly serious bug in it. It appears your implementation eagerly processes every full block, whereas the Blake2 spec delays the processing of each block until it is known whether that block is the last. This is most easily seen with an empty message and a key. The key is padded out to fill the first block, and since the message is empty, the key block becomes the final block. In your implementation, the key block is processed, and then a second 0-filled block is processed to finalize the hash.

For example, the hash for key="abc" msg=null should be 91CC35FC51CE734EAE9E57A20725D68062B0BD6DE1965A4B5DC5EB4D60402D02D00B5079B0907775E317FD84A149634253C9D1FD01819E202729AFFBF47B00E5.

Your implementation returns
03F6D1846F629A5C3CAB19CA9672EA9E5F0742C73867564EAD0F61AF9CA0195342FD1E325046D79AD0DB2557035E9FF03EF8C2FC116F0FAF100DAD4C0A5847A0

The same bug manifests in any message with a length that is an even multiple of the block size.

@saucecontrol saucecontrol changed the title from Blak2 hashes are incorrect when message size is an even multiple of block size to Blake2 hashes are incorrect when message size is an even multiple of block size May 23, 2018

@kmaragon

This comment has been minimized.

Owner

kmaragon commented May 25, 2018

Wow. This is a great find. I'll try to spin up my environment this weekend and take care of that!

kmaragon added a commit that referenced this issue Jun 29, 2018

@kmaragon

This comment has been minimized.

Owner

kmaragon commented Jun 29, 2018

As this issue reflects, I finally had the time (or more realistically decided it's been long enough that I was willing to give up a night of sleep to fix it). I'll be pushing v 1.0.7 of the package with the fix. Once that's pushed to nuget, I'll close this issue. Feel free to re-open if the issue isn't fixed by that package.

@kmaragon

This comment has been minimized.

Owner

kmaragon commented Jun 29, 2018

https://www.nuget.org/packages/Konscious.Security.Cryptography.Blake2/1.0.7 should have this fix. Thanks for reporting it with the specific example that I could build a test against.

@kmaragon kmaragon closed this Jun 29, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment