-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose is_supported_alg
in EverCrypt.DRBG API
#435
Comments
This is primarily a typo in the documentation. Where it says "As always, the source is authoritative and you should check Extending HMAC to support Blake2 and other non-NIST approved hash functions is straightforward. For HMAC-DRBG, this requires estimating the security strength of Blake2-based HMACs. Now, Blake2 already has its own keying mechanism, so I'm not sure about the motivation to support instantiating HMAC with Blake2 or having a Blake2-based HMAC-DRBG. If there's a genuine use case, this can be done, but there are better ways to construct a DRBG from Blake2. |
Thanks for the details! Just to clarify, I wasn't trying to use HMAC-DRBG with Blake2, it was just a small discrepancy that I found while testing and documenting the OCaml API. |
I see there is an |
You're right. |
is_supported_alg
in EverCrypt.DRBG API
Blake2b and Blake2s are now supported as agility arguments for EverCrypt HMAC and thus
is_supported_alg
returns true for them. According to the docs this should be the authoritative source of which algorithms are also supported for HMAC-DRBG.However, when passing Blake2b/Blake2s to
instantiate
it throwsKreMLin incomplete match at EverCrypt_DRBG.c:265
because the check doesn't include them.The text was updated successfully, but these errors were encountered: