HMAC and key padding

[Mike Pastore]

Hi folks,

Regarding RbNaCl/libsodium's HMAC functions: if the key is shorter than key_bytes (i.e. 32), is it safe/secure to pad the key out to key_bytes? If so, with what byte (0?), and left- or right-pad?

Thank you,

Mike

[Tony Arcieri]

HMAC 

HMAC will automatically pad the key if it's too short.

--

Tony Arcieri

[Mike Pastore]

On Tuesday, February 28, 2017 at 5:29:02 PM UTC-6, Tony Arcieri wrote:

HMAC will automatically pad the key if it's too short.

It would be great if it did that, but that hasn't been my experience:

irb(main):002:0> RbNaCl::HMAC::SHA256.auth("foo".encode("binary"), "bar".encode("binary"))
RbNaCl::LengthError: RbNaCl::HMAC::SHA256 key was 3 bytes (Expected 32)
 from /Users/mwp/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/rbnacl-4.0.1/lib/rbnacl/util.rb:117:in `check_string'
 from /Users/mwp/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/rbnacl-4.0.1/lib/rbnacl/auth.rb:24:in `initialize'
 from /Users/mwp/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/rbnacl-4.0.1/lib/rbnacl/auth.rb:34:in `new'
 from /Users/mwp/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/rbnacl-4.0.1/lib/rbnacl/auth.rb:34:in `auth'
 from (irb):2
 from /Users/mwp/.rbenv/versions/2.3.3/bin/irb:11:in `<top (required)>'
 from /Users/mwp/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/bundler-1.14.4/lib/bundler/cli/exec.rb:74:in `load'
 from /Users/mwp/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/bundler-1.14.4/lib/bundler/cli/exec.rb:74:in `kernel_load'
 from /Users/mwp/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/bundler-1.14.4/lib/bundler/cli/exec.rb:27:in `run'
 from /Users/mwp/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/bundler-1.14.4/lib/bundler/cli.rb:335:in `exec'
 from /Users/mwp/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/bundler-1.14.4/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
 from /Users/mwp/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/bundler-1.14.4/lib/bundler/vendor/thor/lib/thor/invocation.rb:126:in `invoke_command'
 from /Users/mwp/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/bundler-1.14.4/lib/bundler/vendor/thor/lib/thor.rb:359:in `dispatch'
 from /Users/mwp/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/bundler-1.14.4/lib/bundler/cli.rb:20:in `dispatch'
 from /Users/mwp/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/bundler-1.14.4/lib/bundler/vendor/thor/lib/thor/base.rb:440:in `start'
 from /Users/mwp/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/bundler-1.14.4/lib/bundler/cli.rb:11:in `start'
 from /Users/mwp/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/bundler-1.14.4/exe/bundle:32:in `block in <top (required)>'
 from /Users/mwp/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/bundler-1.14.4/lib/bundler/friendly_errors.rb:121:in `with_friendly_errors'
 from /Users/mwp/.rbenv/versions/2.3.3/lib/ruby/gems/2.3.0/gems/bundler-1.14.4/exe/bundle:24:in `<top (required)>'
 from /Users/mwp/.rbenv/versions/2.3.3/bin/bundle:22:in `load'
 from /Users/mwp/.rbenv/versions/2.3.3/bin/bundle:22:in `<main>'

 

[Tony Arcieri]

I'd consider that a bug (well, it's a sharp edge in the design of HMAC, but RbNaCl should respect HMAC's design)

That said, why are you using a 3-byte key? o_O

--

Tony Arcieri

[Mike Pastore]

On Tuesday, February 28, 2017 at 5:52:02 PM UTC-6, Tony Arcieri wrote:

I'd consider that a bug (well, it's a sharp edge in the design of HMAC, but RbNaCl should respect HMAC's design)

Okay, I'll open an issue. 

That said, why are you using a 3-byte key? o_O

I'm not. It was just an example to demonstrate the problem!