Conversation
That makes it match the scalar hasher, reducing the TCB somewhat
This eliminates the last dependency on sha512 in the groups code
* split expandstring() into two functions:
* expand_password (for password_to_scalar)
* expand_arbitrary_element_seed (for arbitrary_element)
* change HKDF context_info= for both
* This should match the proposed SJCL changes, in
bitwiseshiftleft/sjcl#273
* remove element_hasher= from Group constructor
* change Ed25519 to use the same scheme
Contributor
|
The changes all look sensible to me; thanks for picking this up! |
pypy3 currently implements the equivalent of Python-3.2.5, and we only support Python-3.3 or higher. This wasn't a problem before, but we now depend on HKDF (from PyPI), and it uses bytearrays and buffers in a way that fails on pypy3 (and presumably Python-3.2).
This uses the SHA256 test vectors from RFC5869, and a copy of hkdf.py that I wrote a couple years ago, for comparison.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This includes/fixes/builds-upon work by @eternaleye in #5. It uses the password-to-scalar function proposed in bitwiseshiftleft/sjcl#273 (the finalize-hash function will be updated in a separate patch).