bash-prg-hash: Initial implementation#751
bash-prg-hash: Initial implementation#751makavity wants to merge 46 commits intoRustCrypto:masterfrom
bash-prg-hash: Initial implementation#751Conversation
|
I am also not sure, it should be implemented as prg-hash. |
newpavlov
left a comment
newpavlov
left a comment
There was a problem hiding this comment.
Sorry for the late review!
Some preliminary comments without looking deep at the implementation and the spec.
|
Thanks for review, @newpavlov. |
|
Looks like the |
…artially use `SpongeCursor`
|
I've commited it without |
Can not say right now, I will need to read the spec first. |
…of_reset_test` from `digest::dev`)
|
I refactored the code a fair bit. Feel free to comment on the changes if something is not clear or if you have suggestions on how we could improve it. I think this PR is mostly ready for merge. We only need to release |
|
|
||
| // Step 2: S[r] <- S[r] ⊕ 1, where r = 1536 - 2 d ℓ (bit index). | ||
| const { assert!(RATE % 8 == 0) } | ||
| self.state[RATE / 8] ^= 1u64 << 7; |
There was a problem hiding this comment.
This looks a bit weird, but I guess it's a consequence of mixing little-endian byte order and big-endian bit order in the spec and commit acting on the state outside of the rate part. For comparison, in cshake and turboshake we use self.state[RATE / 8 - 1] ^= 1 << 63;.
There was a problem hiding this comment.
You're right, I suppose. I've noticed earlier, that spec is using first byte after rate.
Looks like the commit |
|
Just misspell in the header length calculation. |
|
@newpavlov in the methodic, there are test with 1000000 of |
Really a fair bit. Now it's just two little functions :D |
I think it's fine to add it (e.g. by feeding 1k byte chunks 1k times). It should be relatively fast. |
2 participants
newandnew_with_empty_headerfunctions.