search

BLAKE3-team / BLAKE3

the official Rust and C implementations of the BLAKE3 cryptographic hash function
Apache License 2.0
5.22k stars 351 forks source link

Implement constant-time hash ordering #420

Open AaronFeickert opened 3 months ago

AaronFeickert commented 3 months ago

This PR implements constant-time ordering (and partial ordering) for Hash, but does so differently than #267 and #370.

It uses subtle internally to lexicographically compare corresponding bytes, being careful not to short circuit. This simplifies the logic considerably.

Note that it does not use subtle to implement PartialEq; this functionality exists in #419 since it seemed better scoped for a separate PR. However, if #419 is implemented, it will be possible to implement ConstantTimeGreater and ConstantTimeLess due to the latter requiring a ConstantTimeEq trait bound included in that PR.

AaronFeickert commented 2 months ago

Marking as draft for now, since #419 would add subtle support via an optional feature that would presumably be used here.