search

golang / go

The Go programming language
https://go.dev
BSD 3-Clause "New" or "Revised" License
124.24k stars 17.7k forks source link

proposal: x/crypto/blake2s: add New(size, key) #32417

Open PlainsWraith opened 5 years ago

PlainsWraith commented 5 years ago

What version of Go are you using (go version)?

$ go version 1.12.2

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env GOHOSTARCH="amd64" GOHOSTOS="linux"

What did you do?

I want to be able to export newDigest for blake2s. blake2s.New128 and blake2s.New256 are great, but I want to interface with one function that can take hash size as an input (like blake2b.New)

What did you expect to see?

I want something like blake2b.New, but for blake2s. One way to make that easy is just export blake2s.newDigest

What did you see instead?

function isn't available for export in the package

agnivade commented 5 years ago

@FiloSottile

PlainsWraith commented 5 years ago

@FiloSottile, saw your tweet here

How does this issue request fall wrt to your perspectives on security v safety of golang standard crypto lib? Should we close this issue because it perhaps asks for something unsafe?

FiloSottile commented 5 years ago

With the right minimums, it can be safe, but any new API adds confusion. I guess it matter whether you need a non-128-or-256 size for compatibility (in which case, with what?), or you'd just like an API that provides both. The former is a stronger case.

anatol commented 3 years ago

I vote for this request as well.

but any new API adds confusion

In fact adding blake2s.New(size, key) reduces confusion. blake2b already has New(size, key) method and it would be great if blake2s stay consistent with blake2b.

whether you need a non-128-or-256 size for compatibility

There are cases when blake2s used with non-128-or-256 keys. For example in cryptsetup (if you have Ubuntu with full-disk-encryption enabled then you use this library). cryptsetup supports blake2s-128,blake2s-160,blake2s-224,blake2s-256.

And Linux kernel supports these key sizes as well. See https://github.com/torvalds/linux/blob/31caf8b2a847214be856f843e251fc2ed2cd1075/include/crypto/blake2s.h#L19

Getting the golang's crypto library in parity with widely used practice would be a great thing.