xof.md - OpenGrok cross reference for /freebsd/crypto/openssl/doc/designs/xof.md

Lines Matching +full:one +full:- +full:shot
5 --------------
7 An extendable output function (XOF) is defined as a variable-length hash
10 At a minimum an XOF needs to support the following pseudo-code
23 - absorb can be called multiple times
24 - finalize ends the absorb process (by adding padding bytes and doing a final
27 - finalize may be done as part of the first squeeze operation
28 - squeeze can be called multiple times.
31 ------------------------
46 -------------------------
69   - New API is not required
73   - Final seems like a strange name to call multiple times.
77 Keep EVP_DigestFinalXOF() as a one shot function and create a new API to handle
86   - Seems like a better name.
87   - The existing function does not change, so it is not affected by logic that
89   - The behaviour of the existing API is the same.
90   - At least one other toolkit uses this approach.
94   - Adds an extra API.
95   - The interaction between the 2 API's needs to be clearly documented.
96   - A call to EVP_DigestSqueeze() after EVP_DigestFinalXOF() would fail since
98   - A call to EVP_DigestFinalXOF() after the EVP_DigestSqueeze() would fail.
106   - This would separate the XOF operations so that the interface consisted
108   - DigestXOF could then be deprecated.
112   - XOF operations are required for Post Quantum signatures which currently use
114   - Duplication of the EVP_MD code (although all legacy/engine code would be
118 -------------------------------------------------------------
130 ---------------------------------
181 --------------------------
185 The existing one shot squeeze method is:
198 since it was assumed that it was not required for a one shot operation.
208   - Change in C code is minimal. it just needs to pass this additional parameter.
209   - There are no additional memory copies of buffered results.
213   - The logic in the c reference has many if clauses.
214   - This C code also needs to be written in assembler, the logic would also be
217   - The general SHA3 case would be slower unless code was duplicated.
226   - Change is mainly in C code.
230   - Because of the one shot nature of the SHA3_squeeze() it still needs to call
232   - The Assembler function for KeccakF1600() needs to be exposed. This function
235   - When should this internal buffer state be cleared?
239 Perform a one-shot squeeze on the original absorbed data and throw away the
244   - Very simple.
248   - Incredibly slow.
249   - More of a hack than a real solution.
259   - C code is fairly simple to implement.
260   - The state data remains as an opaque blob.
261   - For larger values of outlen SHA3_squeeze() may use the out buffer directly.
265   - Requires small assembler change to pass the boolean and handle the call to
267   - Uses memcpy to store partial results for a single blob of squeezed data of