Skip to content

KMAC Verify #119912

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Sep 30, 2025
Merged

KMAC Verify #119912

merged 14 commits into from
Sep 30, 2025

Conversation

vcsjones
Copy link
Member

Closes #116028

@Copilot Copilot AI review requested due to automatic review settings September 19, 2025 22:00
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Copilot
Copilot AI reviewed Sep 19, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Adds verification capabilities to KMAC APIs (Kmac128/256 and KmacXof128/256), enabling one-shot and streaming hash verification plus instance-level verification of current and reset hashes. Expands test coverage for valid/invalid cases, argument validation, cancellation, platform not supported paths, and cryptographic edge scenarios. Introduces shared internal generic helper (KmacStatic) to consolidate verification logic.

  • Adds instance methods: VerifyCurrentHash and VerifyHashAndReset
  • Adds static one-shot and streaming Verify / VerifyAsync APIs (byte[], span, stream overloads)
  • Adds comprehensive positive/negative test coverage and supporting infrastructure (KmacStatic helper, trait updates)

Reviewed Changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
KmacXof256Tests.cs Adds test trait wrappers for new verify APIs.
KmacXof128Tests.cs Same as above for 128-bit XOF variant.
KmacTestDriver.cs Adds extensive test coverage for verification success/failure and argument validation.
Kmac256Tests.cs Adds trait wrappers for fixed-length 256-bit variant.
Kmac128Tests.cs Adds trait wrappers for fixed-length 128-bit variant.
KmacXof256.cs Adds instance and static verification APIs for KMACXOF256.
KmacXof128.cs Adds instance and static verification APIs for KMACXOF128.
KmacStatic.cs New internal generic helper implementing shared verification logic.
Kmac256.cs Adds instance and static verification APIs for KMAC256.
Kmac128.cs Adds instance and static verification APIs for KMAC128.
ConcurrentSafeKmac.cs Adds internal verification helpers for current and finalize+reset paths.
System.Security.Cryptography.csproj Includes new KmacStatic.cs file in build.
Strings.resx Adds resource string for empty-hash argument validation.
System.Security.Cryptography.cs (ref) Exposes new public API surface for verification methods.

@build-analysis build-analysis bot mentioned this pull request Sep 26, 2025
Open
bartonjs
bartonjs reviewed Sep 26, 2025
View reviewed changes
@build-analysis build-analysis bot mentioned this pull request Sep 27, 2025
Open
@vcsjones vcsjones merged commit 8ac5e2d into dotnet:main Sep 30, 2025
86 of 88 checks passed
@vcsjones vcsjones deleted the verify-kmac branch September 30, 2025 21:19
@vcsjones vcsjones added this to the 11.0.0 milestone Sep 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bartonjs bartonjs bartonjs approved these changes

Copilot code review Copilot Copilot left review comments

Assignees

@vcsjones vcsjones

Labels

area-System.Security

Projects

None yet

Milestone

11.0.0

Development

Successfully merging this pull request may close these issues.

[API Proposal]: Verify HMAC/KMAC APIs

3 participants

@vcsjones @bartonjs @Copilot