Daiki Ueno <u...@gnu.org> writes:
> This is, however, not usable for HMAC, because Nettle build uses
> -Wcast-function-type and the set_key member has an incompatible type
> with hmac_*_set_key, which requires a key length argument as HMAC allows
> arbitrary key length up to the hash block size.
It's also not directly usable with umac, which takes a nonce (and auto
increment in umac*_digest). Should the generic interface try to
accomodate macs that require a nonce?
> Is there any plan to make it more generic and eventually move it to
> nettle-meta.h? That would be particularly useful in applications
> passing around HMAC functions (e.g., HKDF, deterministic ECDSA).
If we can find a reasonable "generic" interface, yes.
> For example, I'm thinking to use nettle_hash_update_func for set_key and
> provide a wrapper around other MACs which don't take key length,
> something like:
>
> void
> _cmac_aes128_set_key(struct cmac_aes128_ctx *ctx,
> size_t length, const uint8_t *key)
> {
> assert (length == AES128_KEY_LENGTH);
> cmac_aes128_set_key (ctx, length, key);
> }
I would consider doing it the other way around, and define nettle_hmac_*
with fixed key size, for the key sizes used by applications. E.g,
https://tools.ietf.org/html/rfc4253#section-6.4 defines 4 mac algorithms
based on hmac, with the main one being hmac-sha1, with a fixed key size
equal to the digest size of 160 bits.
Is it common to use hmac, without context implying a fix key size ?
Slightly related: HMAC is defined as allowing very long keys, by hashing
the key in case it's larger than the block size (e.g., 512 bits for
hmac-sha1 and hmac-sha256). That seems a bit obscure to me. Are there
any applications or protocols depending on that feature?
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
_______________________________________________
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
