Please provide COPY-MAC as well

sharplispers / ironclad

A cryptographic toolkit written in Common Lisp

BSD 3-Clause "New" or "Revised" License

166 stars 28 forks source link

Please provide COPY-MAC as well #42

Closed phmarek closed 2 years ago

phmarek commented 3 years ago

So that the parts of a HMAC that get initialized by a salt can be safely updated with only the specific input data.

(defparameter *mac* (make-hmac KEY 'sha256))

(defun foo (input)
  (let ((mac (COPY-MAC *mac*)))
    (UPDATE-HMAC mac input)
    (PRODUCE-MAC mac)))

Thanks a lot!

glv2 commented 3 years ago

I think providing a global copy-mac method would be a bad idea, because there are MACs for which nonce reuse is a big problem.

For example, using the same key/nonce to authenticate several messages with Poly1305 or GMAC can allow attackers to forge authentication tags for messages created by themselves. It is not as critical for HMAC (as in your example), but it could still facilitate replay attacks, which could be a problem depending on the kind of cryptographic protocol used.