A whimsical STROBE based encryption protocol
Don't bother ct checking op flags for operate/operate_no_mutate
+9
-5
+9
-5
src/strobe.rs
+9
-5
src/strobe.rs
···
239
239
/// `Strobe::squeeze`. It's like `squeeze` in that we assume we've been given all zeros as
240
240
/// input, and like `overwrite` in that we do not mutate (or take) any input.
241
241
fn zero_state(&mut self, mut bytes_to_zero: usize) {
242
+
// Put in a limit to allow for constant time checking
243
+
debug_assert!(
244
+
bytes_to_zero <= (u32::MAX as usize),
245
+
"Don't bother zeroing more than u32::MAX bytes"
246
+
);
247
+
242
248
// Do the zero-writing in chunks
243
249
while bytes_to_zero.ct_ne(&0).into() {
244
250
let min_slice = (self.rate - self.position) as u32;
···
331
337
// RATCHET is special cased to never call operate/operate_no_mutate directly
332
338
debug_assert!(flags == ops::KEY || !bool::from(flags.contains(OpFlags::CIPHER)));
333
339
334
-
// There are no non-mutating variants of things with flags & (C | T | I) == C | T
335
-
if flags.contains(OpFlags::CIPHER).into() {
340
+
match flags {
336
341
// This is equivalent to a non-mutating form of the `duplex` operation in the Python
337
342
// implementation, with `cbefore = True`
338
-
self.overwrite(data);
339
-
} else {
343
+
ops::KEY => self.overwrite(data),
340
344
// This is equivalent to the `duplex` operation in the Python implementation, with
341
345
// `cbefore = cafter = False`
342
-
self.absorb(data);
346
+
_ => self.absorb(data),
343
347
}
344
348
}
345
349