diff options
| author | Frank Denis <124872+jedisct1@users.noreply.github.com> | 2023-03-02 07:13:40 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-02 06:13:40 +0000 |
| commit | 28364166e83ed52a7053029d5d7b33ad956d804d (patch) | |
| tree | b377f5a0b9967f81faa1e2c9f35a56977b9fc05a /lib/std/Build/WriteFileStep.zig | |
| parent | db8217f9a080f7c645a6448640a9af65f3944818 (diff) | |
| download | zig-28364166e83ed52a7053029d5d7b33ad956d804d.tar.gz zig-28364166e83ed52a7053029d5d7b33ad956d804d.zip | |
crypto.hash.sha3: make permutation generic and public, add SHAKE (#14756)
Make the Keccak permutation public, as it's useful for more than
SHA-3 (kMAC, SHAKE, TurboSHAKE, TupleHash, etc).
Our Keccak implementation was accepting f as a comptime parameter,
but always used 64-bit words and 200 byte states, so it actually
didn't work with anything besides f=1600.
That has been fixed. The ability to use reduced-round versions
was also added in order to support M14 and K12.
The state was constantly converted back and forth between bytes
and words, even though only a part of the state is actually used
for absorbing and squeezing bytes. It was changed to something
similar to the other permutations we have, so we can avoid extra
copies, and eventually add vectorized implementations.
In addition, the SHAKE extendable output function (XOF) was
added (SHAKE128, SHAKE256). It is required by newer schemes,
such as the Kyber post-quantum key exchange mechanism, whose
implementation is currently blocked by SHAKE missing from our
standard library.
Breaking change: `Keccak_256` and `Keccak_512` were renamed to
`Keccak256` and `Keccak512` for consistency with all other
hash functions.
Diffstat (limited to 'lib/std/Build/WriteFileStep.zig')
0 files changed, 0 insertions, 0 deletions