bash-prg-hash: Initial implementation#751
Conversation
|
I am also not sure, it should be implemented as prg-hash. |
newpavlov
left a comment
newpavlov
left a comment
There was a problem hiding this comment.
Sorry for the late review!
Some preliminary comments without looking deep at the implementation and the spec.
|
Thanks for review, @newpavlov. |
|
Looks like the |
|
|
||
| // Step 2: S[r] <- S[r] ⊕ 1, where r = 1536 - 2 d ℓ (bit index). | ||
| const { assert!(RATE % 8 == 0) } | ||
| self.state[RATE / 8] ^= 1u64 << 7; |
There was a problem hiding this comment.
This looks a bit weird, but I guess it's a consequence of mixing little-endian byte order and big-endian bit order in the spec and commit acting on the state outside of the rate part. For comparison, in cshake and turboshake we use self.state[RATE / 8 - 1] ^= 1 << 63;.
There was a problem hiding this comment.
You're right, I suppose. I've noticed earlier, that spec is using first byte after rate.
Looks like the commit |
|
Just misspell in the header length calculation. |
|
@newpavlov in the methodic, there are test with 1000000 of |
Really a fair bit. Now it's just two little functions :D |
I think it's fine to add it (e.g. by feeding 1k byte chunks 1k times). It should be relatively fast. |
|
Please merge master (or rebase) and fix the readme issue. |
Additionally, performs a minor refactoring.
Removes unnecessary buffering from sponge-based constructions using the `sponge-cursor` crate (see RustCrypto/utils#1477).
2 participants
newandnew_with_empty_headerfunctions.