Skip to content

Commit

Permalink
crypto.hmac: set the recommended key size to the block size (ziglang#…
Browse files Browse the repository at this point in the history 
…15031)

HMAC supports arbitrary key sizes, and there are no practical reasons
to use more than 256 bit keys.

It still makes sense to match the security level, though, especially
since a distinction between the block size and the key size can be
confusing.

Using HMAC.key_size instead of HMAC.mac_size caused our TLS
implementation to compute wrong shared secrets when SHA-384 was
used. So, fix it directly in `crypto.hmac` in order to prevent
other misuses.
  • Loading branch information
@jedisct1 @truemedian
jedisct1 authored and truemedian committed Mar 30, 2023
1 parent acbd5c9 commit 921ad0f
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/std/crypto/hmac.zig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ pub fn Hmac(comptime Hash: type) type {
const Self = @This();
pub const mac_length = Hash.digest_length;
pub const key_length_min = 0;
pub const key_length = 32; // recommended key length
pub const key_length = mac_length; // recommended key length

o_key_pad: [Hash.block_length]u8,
hash: Hash,
Expand Down

0 comments on commit 921ad0f

Please sign in to comment.