Message authentication

Purpose

BLAKE2b is a cryptographic hash function and message authentication code (MAC). As a MAC, it takes a message of any size and a 256-bit to 512-bit key and produces a 128-bit to 512-bit tag.

This tag allows you to verify that a message has not been tampered with. A change to the message or the use of a different key will result in a different tag, at which point you should throw an error.

Usage

ComputeTag

Fills a span with a tag computed from a message and a key.

BLAKE2b.ComputeTag(Span<byte> tag, ReadOnlySpan<byte> message, ReadOnlySpan<byte> key)

Exceptions

ArgumentOutOfRangeException

tag has a length less than MinTagSize or greater than MaxTagSize.

ArgumentOutOfRangeException

key has a length less than MinKeySize or greater than MaxKeySize.

CryptographicException

The tag could not be computed.

VerifyTag

Verifies that a tag is correct in constant time for a given message and key. It returns true if the tag is valid and false otherwise.

BLAKE2b.VerifyTag(ReadOnlySpan<byte> tag, ReadOnlySpan<byte> message, ReadOnlySpan<byte> key)

Exceptions

ArgumentOutOfRangeException

tag has a length less than MinTagSize or greater than MaxTagSize.

ArgumentOutOfRangeException

key has a length less than MinKeySize or greater than MaxKeySize.

CryptographicException

The tag could not be recomputed.

IncrementalBLAKE2b

Provides support for computing a tag from several messages and a key.

using var blake2b = new IncrementalBLAKE2b(int hashSize, ReadOnlySpan<byte> key);
blake2b.Update(ReadOnlySpan<byte> message1);
blake2b.Update(ReadOnlySpan<byte> message2);
// Compute
blake2b.Finalize(Span<byte> tag1);
// Or verify
bool valid = blake2b.FinalizeAndVerify(ReadOnlySpan<byte> tag1);

// Avoid another using statement
blake2b.Reinitialize(int hashSize, ReadOnlySpan<byte> key);
// Cache the state
blake2b.CacheState();
blake2b.Update(ReadOnlySpan<byte> message3);
blake2b.Finalize(Span<byte> tag2);

// Restore the cached state
blake2b.RestoreCachedState();
blake2b.Update(ReadOnlySpan<byte> message3);
// tag3 == tag2
blake2b.Finalize(Span<byte> tag3);

Exceptions

ArgumentOutOfRangeException

hashSize is less than MinHashSize or greater than MaxHashSize.

ArgumentOutOfRangeException

key has a length less than MinKeySize or greater than MaxKeySize.

ArgumentOutOfRangeException

hash has a length not equal to hashSize.

CryptographicException

The tag could not be computed.

InvalidOperationException

Cannot update after finalizing or finalize twice (without reinitializing or restoring a cached state).

InvalidOperationException

Cannot cache the state after finalizing (without reinitializing).

InvalidOperationException

Cannot restore the state when it has not been cached.

ObjectDisposedException

The object has been disposed.

Constants

These are used for validation and/or save you defining your own constants.

public const int TagSize = 32;
public const int KeySize = 32;
public const int MinTagSize = 16;
public const int MaxTagSize = 64;
public const int MinKeySize = 16;
public const int MaxKeySize = 64;

Notes

The security level of BLAKE2b against a generic attack on hash-based MACs is 1/2 the output length (e.g. 128-bit security for a 256-bit tag).​ However, the security level is equal to the output length for typical attacks against MACs (e.g. 256-bit security for a 256-bit tag). Both types of attacks are completely impractical.

Last updated