Extends the hash API and some implementations to add a primitive with a code path independent from the message length.
The number of compression-function calls and all internal padding logic depends on the total buffer length, but not the effective message length specified as additional argument.
One typical application is decoding a MAC-then-Encrypt construction after block-cipher decryption, like CBC mode in TLS.
All validation code should run in constant-time, otherwise this can lead to distinguishing or plaintext-recovery attacks.
Extends the hash API and some implementations to add a primitive with a code path independent from the message length. The number of compression-function calls and all internal padding logic depends on the total buffer length, but not the effective message length specified as additional argument.
One typical application is decoding a MAC-then-Encrypt construction after block-cipher decryption, like CBC mode in TLS. All validation code should run in constant-time, otherwise this can lead to distinguishing or plaintext-recovery attacks.