Impossible to use HMAC-SHA-256/512 with non 32 bytes keys

[gdwrd]

Hi, here is libsodium issue, we need to fix this too.

This causes incompatibility with other implementations. For HMAC-SHA-256, it is possible to work around by padding or hashing keys beforehand. But this is not possible for HMAC-SHA-512, because crypto_auth_hmacsha512 does not accept 64-byte keys (crypto_auth_hmacsha512_KEYBYTES is hardcoded to 32).

Short keys should be first padded and long keys should be first hashed with the underlying hash function.

RFC: https://tools.ietf.org/html/rfc2104#section-3
Test Vectors: https://tools.ietf.org/html/rfc4231#section-4.3

HMAC-SHA-512 should certainly allow 64-byte keys because "the minimal recommended length for K is L bytes" where L is the output length. -- https://tools.ietf.org/html/rfc2104#section-2

I will add PR with changes soon.

[jedisct1]

libsodium supports any key size, with the multi-part API.

See the second example and the function description here: https://download.libsodium.org/doc/advanced/hmac-sha2.html