Skip to content

Commit 2ab2bb6

Browse files
samuel-lucas6samuel-lucas6
committed
README.md: Add information.
1 parent ccb51f3 commit 2ab2bb6

File tree

1 file changed

+44
-1
lines changed

1 file changed

+44
-1
lines changed

README.md

Lines changed: 44 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,45 @@
1+
[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://github.com/samuel-lucas6/MultiMAC/blob/main/LICENSE)
2+
13
# MultiMAC
2-
Authenticate multiple inputs easily.
4+
Authenticate multiple inputs easily using keyed BLAKE2b in [libsodium](https://doc.libsodium.org/).
5+
6+
## Justification
7+
The [standard](https://github.com/samuel-lucas6/Cryptography-Guidelines#notes-2) way of [safely](https://soatok.blog/2021/07/30/canonicalization-attacks-against-macs-and-signatures/) computing a MAC for multiple inputs requires worrying about concatenating arrays and converting the length of each array to a fixed number of bytes, such as 4 bytes to represent an integer, consistently in either big- or little-endian, regardless of the endianness of the machine. This is annoying to implement and possibly less efficient than the following approach [discussed](https://neilmadden.blog/2021/10/27/multiple-input-macs/) by [Neil Madden](https://neilmadden.blog/), author of [API Security in Action](https://www.manning.com/books/api-security-in-action?a_aid=api_security_in_action).
8+
9+
## Installation
10+
1. Install the [Sodium.Core](https://www.nuget.org/packages/Sodium.Core) NuGet package in [Visual Studio](https://docs.microsoft.com/en-us/nuget/quickstart/install-and-use-a-package-in-visual-studio).
11+
2. Download the latest [release](https://github.com/samuel-lucas6/MultiMAC/releases/latest).
12+
3. Move the downloaded `.dll` file into your Visual Studio project folder.
13+
4. Click on the `Project` tab and `Add Project Reference...` in Visual Studio.
14+
5. Go to `Browse`, click the `Browse` button, and select the downloaded `.dll` file.
15+
6. Add `using MultiMAC;` to the top of each code file that will use the library.
16+
17+
### Requirements
18+
Note that the [libsodium](https://doc.libsodium.org/) library requires the [Visual C++ Redistributable for Visual Studio 2015-2019](https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads) to work on Windows. If you want your program to be portable, then you must keep the relevant (x86 or x64) `vcruntime140.dll` file in the same folder as your executable on Windows.
19+
20+
## Usage
21+
⚠️**WARNING: Never use the same key for `key1` and `key2`.**
22+
```c#
23+
const TagLength tagLength = TagLength.BLAKE2b256;
24+
25+
// Both keys should be derived using a KDF in practice (e.g. Argon2, HKDF, etc)
26+
byte[] key1 = SodiumCore.GetRandomBytes((int)tagLength);
27+
28+
// The keys must be the same size as the tag length
29+
byte[] key2 = SodiumCore.GetRandomBytes((int)tagLength);
30+
31+
// Gather up the byte arrays to authenticate
32+
byte[] input1 = Encoding.UTF8.GetBytes("Po");
33+
34+
byte[] input2 = Encoding.UTF8.GetBytes("ta");
35+
36+
byte[] input3 = Encoding.UTF8.GetBytes("toes");
37+
38+
byte[] input4 = Encoding.UTF8.GetBytes("Boil 'em, mash 'em, stick 'em in a stew");
39+
40+
// Compute a 256-bit tag
41+
byte[] tag = MultiMac.Compute(key1, key2, tagLength, input1, input2, input3, input4);
42+
43+
// Verify a tag
44+
bool validTag = MultiMac.Verify(tag, key1, key2, input1, input2, input3, input4);
45+
```

0 commit comments

Comments
 (0)