Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validating HMACs with incremental computation #219

Closed
semicoleon opened this issue Feb 23, 2024 · 1 comment
Closed

Validating HMACs with incremental computation #219

semicoleon opened this issue Feb 23, 2024 · 1 comment

Comments

@semicoleon
Copy link

As far as I can tell, it's currently not possible to create a MAC from data with swift-crypto. The only way to validate an existing MAC that wasn't computed by swift-crypto in the current process (e.g. a MAC that was sent as part of an HTTP request, or a MAC that was saved to disk between process launches) with the HMAC API is to use isValidAuthenticationCode, which requires that the data you're validating fits in contiguous memory.

Motivation:

Most of the HMAC API is oriented around allowing computing HMACs from incremental data. Not being able to validate a MAC with this mode of operation directly seems like an oversight in the API. I can compare the MAC bytes manually, but swift-crypto doesn't expose its safeCompare function so it wouldn't be constant time any more.

Importance:

Low
@semicoleon
Copy link
Author

I knew there had to be something I was missing MessageAuthenticationCode has an equatable conformance which allows comparing a code to a type conforming to DataProtocol which allows comparing a computed code to one computed in another process

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@semicoleon