Niels Möller <[email protected]> writes: > I'm looking into refactoring hmac, mainly to trim context size > https://git.lysator.liu.se/nettle/nettle/-/issues/2. > > Two questions somewhat related to this: > > 1. The hmac spec allows arbitrarily large keys; if key size exceeds > underlying block size, the key is hashed and the digest is used as > the hmac key. Effectively the same as if caller would hash the key, > and pass in the digest. Is this a feature that anyone is using, or in > other words, what would break if nettle's hmac implementation were > restricted to key size <= block size, and leave the obscure(?) > prehashing needed for support of arbitrary large keys to the > application?
I've seen applications pass in human password strings into HMAC, which are sometimes longer than the block size resulting in the extra hash step. This is usually bad practice (use scrypt or argon2 instead) but exists. > 2. That kind of prehashing is also a usecase for all-in-one hashing. > Would it be useful to add convenience functions for > all-in-one-hashing, e.g., > > void sha256_sum (uint8_t *digest, size_t length, const uint8_t *data); > > to hash a contiguous string without having to bother with > init/update/digest? Implementation would typically need to allocate a > context struct on the stack. Yes! I find such APIs really useful. Many applications create a similar one internally. /Simon > Regards, > /Niels
signature.asc
Description: PGP signature
_______________________________________________ nettle-bugs mailing list -- [email protected] To unsubscribe send an email to [email protected]
