-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HMAC one-shot methods #40012
Comments
I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label. |
What's wrong with using the method name |
Nothing. I just thought Hash was not exactly descriptive, but maybe I thought about it too hard. We can keep the name too. |
HashData would be preferred speaking as a consumer of them. It is the method I'd logically look for first when trying to figure out how to make it work. |
Okay, sounds like I am the outlier on wanting a different name; I have restored the name from the other proposal. |
Doh. |
My only concern with HashData(key, data) is that it doesn't necessarily follow that the first argument is the key (and, since HMAC doesn't require block-sized keys, there's not a strong feedback that you got it wrong). As it is, one has to think about Specs seem to be all over the place.
So, for a thing that uses a key and an algorithm over data, I think the verb is "Authenticate"... though that does imply a boolean response (to me): NIST SP 800-56A does define the output of that function (after being run through a truncator, if needed) Alternatively, |
Oh good someone who can articulate what is in my head clearly, much appreciated. I would personally prefer
I can be persuaded that generally, most of the time the audience may not be crypto nerds that go spelunking through NIST papers and
In the case of MACs, I tend to think of it as symmetric signing, so if I was forced to pick a verb, it would be "sign" to produce the signature, and "authenticate" would be "verify" that returns a bool. I shied away from mentioning this or considering I'm in favor or |
@bartonjs What's remaining to move this forward? It seems like the only hitch is the name of the members. Given the discussion, it seems like:
|
Looks good as proposed. namespace System.Security.Cryptography {
public partial class HMACMD5 {
public static byte[] HashData(byte[] key, byte[] source) => throw null;
public static byte[] HashData(ReadOnlySpan<byte> key, ReadOnlySpan<byte> source) => throw null;
public static int HashData(ReadOnlySpan<byte> key, ReadOnlySpan<byte> source, Span<byte> destination) => throw null;
public static bool TryHashData(ReadOnlySpan<byte> key, ReadOnlySpan<byte> source, Span<byte> destination, out int bytesWritten) => throw null;
}
public partial class HMACSHA1 {
public static byte[] HashData(byte[] key, byte[] source) => throw null;
public static byte[] HashData(ReadOnlySpan<byte> key, ReadOnlySpan<byte> source) => throw null;
public static int HashData(ReadOnlySpan<byte> key, ReadOnlySpan<byte> source, Span<byte> destination) => throw null;
public static bool TryHashData(ReadOnlySpan<byte> key, ReadOnlySpan<byte> source, Span<byte> destination, out int bytesWritten) => throw null;
}
public partial class HMACSHA256 {
public static byte[] HashData(byte[] key, byte[] source) => throw null;
public static byte[] HashData(ReadOnlySpan<byte> key, ReadOnlySpan<byte> source) => throw null;
public static int HashData(ReadOnlySpan<byte> key, ReadOnlySpan<byte> source, Span<byte> destination) => throw null;
public static bool TryHashData(ReadOnlySpan<byte> key, ReadOnlySpan<byte> source, Span<byte> destination, out int bytesWritten) => throw null;
}
public partial class HMACSHA384 {
public static byte[] HashData(byte[] key, byte[] source) => throw null;
public static byte[] HashData(ReadOnlySpan<byte> key, ReadOnlySpan<byte> source) => throw null;
public static int HashData(ReadOnlySpan<byte> key, ReadOnlySpan<byte> source, Span<byte> destination) => throw null;
public static bool TryHashData(ReadOnlySpan<byte> key, ReadOnlySpan<byte> source, Span<byte> destination, out int bytesWritten) => throw null;
}
public partial class HMACSHA512 {
public static byte[] HashData(byte[] key, byte[] source) => throw null;
public static byte[] HashData(ReadOnlySpan<byte> key, ReadOnlySpan<byte> source) => throw null;
public static int HashData(ReadOnlySpan<byte> key, ReadOnlySpan<byte> source, Span<byte> destination) => throw null;
public static bool TryHashData(ReadOnlySpan<byte> key, ReadOnlySpan<byte> source, Span<byte> destination, out int bytesWritten) => throw null;
}
} |
Shouldn't this be added in "What's new in .NET 6 Preview 5"? |
No, Preview 5 closed for new features about a week ago, this'll be new in Preview 6. |
Background and Motivation
In #17590 we added one-shot methods for hashing. It might be worth considering similar methods on the HMAC classes to provide some API parity, and to offer the same benefits as one-shot hash: straight forward API, no stateful object allocation, etc.
Proposed API
The API is the same as #17590 on the appropriate classes, with the addition of a key parameter.
The text was updated successfully, but these errors were encountered: