Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal: x/crypto/blake2b: Make blake2b compatible with crypto/hmac #21644

Closed
demonshreder opened this issue Aug 26, 2017 · 6 comments
Closed

proposal: x/crypto/blake2b: Make blake2b compatible with crypto/hmac #21644

demonshreder opened this issue Aug 26, 2017 · 6 comments
Labels
FrozenDueToAge Proposal
Milestone
Proposal

Comments

@demonshreder
Copy link

hmac.New() requires a function[1] that returns hash.Hash, which is what sha1,sha256,sha512 do but this thing changes with blake2b as it returns an error along with hash.Hash[2] which makes it incompatible with hmac.New().

Creating a hmac now with blake2b requires manual intervention, it would nice to support hmac out of box. I don't know how this could be done without breaking the existing API as I think just not returning error on blake2b functions would do the job. I don't know why blake2b alone returns error while SHAs don't.

Please advise.

Thanks.

// func New(h func() hash.Hash, key []byte) hash.Hash
[1] https://golang.org/pkg/crypto/hmac/#New

// func New512(key []byte) (hash.Hash, error)
[2] https://godoc.org/golang.org/x/crypto/blake2b#New512
@gopherbot gopherbot added this to the Proposal milestone Aug 26, 2017
@rsc
Copy link
Contributor

rsc commented Aug 28, 2017

hmac.New takes a func() hash.Hash because it needs to create two separate hash.Hashes. It's not clear to me what is supposed to happen with HMAC-around-Blake2b as far as whether both should be keyed the same. But yes we should try to find a way to make Blake2b work with hmac.New.

/cc @aead

@rsc rsc changed the title Proposal: x/crypto/blake2b: Make blake2b compatible with crypto/hmac proposal: x/crypto/blake2b: Make blake2b compatible with crypto/hmac Aug 28, 2017
@FiloSottile
Copy link
Contributor

HMAC-BLAKE2 does not make a lot of sense since BLAKE2 can be used itself as a keyed MAC, but I agree that x/crypto/blake2b should expose func() hash.Hash functions.

I wish we called the keyed options NewXXXWithKey, but I guess we can call the un-keyed versions (which don't return an error) NewHashXXX:

func NewHash256() hash.Hash
func NewHash384() hash.Hash
func NewHash512() hash.Hash

👍 ?

@aead
Copy link
Contributor

aead commented Aug 30, 2017
edited

I would agree with @FiloSottile , BLAKE2 combined with HMAC doesn't make much sense - as far as I can see... However if someone wants to use BLAKE2 as a hash function for the HMAC construction I would prefer something like this (works only with 1.9):

import (
	"crypto"
	"crypto/hmac"
	"fmt"

	_ "golang.org/x/crypto/blake2b"
)

func main() {
	key := make([]byte, 32)
	msg := []byte("hello world")
	hash := hmac.New(crypto.BLAKE2b_256.New, key)
	hash.Write(msg)
	fmt.Println(hash.Sum(nil))
}

over adding new functions to the blake2(b/s) packages. They already contain a lot of exported functions and with crypto.Hash there is already a mechanism to create a hash.Hash

@rsc
Copy link
Contributor

rsc commented Aug 30, 2017

Forcing the indirection through package crypto is a bit odd. Do any real-world protocols use HMAC-BLAKE2? Maybe we don't need to do this?

@aead
Copy link
Contributor

aead commented Aug 31, 2017

I'm not aware of any protocols using HMAC-BLAKE2. I agree that the indirection is a bit odd compared to code using HMAC-SHA2. On the other hand BLAKE2 can be used as a MAC directly. However, the usage of BLAKE2 as a hash function is a bit different because of the error handling:

hash, err := blake2b.New256(nil)
if err != nil {
      // this will never happen...
}

Of course crypto.Hash solves this but I think many people use the package directly instead of crypto.Hash.New()

@rsc
Copy link
Contributor

rsc commented Oct 16, 2017

It sounds like there are thorny API issues here and on top of that "BLAKE2 combined with HMAC doesn't make much sense". And we know of no protocols that actually need HMAC-BLAKE2. So the fact that it's hard to do (well, a few lines of code) seems OK.

@rsc rsc closed this as completed Oct 16, 2017
@golang golang locked and limited conversation to collaborators Oct 16, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge Proposal
Projects
None yet
Milestone
Proposal
Development

No branches or pull requests
5 participants
@rsc @FiloSottile @demonshreder @gopherbot @aead