Ron Frederick ronf@timeheart.net writes:
Regarding the init function, that shouldn’t be necessary if Nettle guarantees that a call to set_key() resets the context structure and performs all necessarily initialization. I can see where init() would be needed for the key-less hash functions, but it may not be needed here.
You're right, umac needs no init call.
While this wouldn’t really be a problem for my use case, the Python cryptographic hash standard API (defined in PEP 452) states the following about the digest() method:
digest() Return the hash value of this hashing object as a bytes containing 8-bit data. The object is not altered in any way by this function; you can continue updating the object after calling this function.So, if I wanted to provide a Python module which adhered to this API, the automatic reset of the context and increment of the nonce would be a problem.
The way you'd do this with Nettle is to make a copy (plain memcpy or struct assignment) of the context struct, and extract the digest from the copy.
The nettle design is based on the assumption that it's an uncommon use case to hash (or mac) both a string and a prefix thereof. So it's possible, but not optimized for.
Regards, /Niels