Skip to content

Fix 1362 xof streaming squeeze#1389

Open
MavenRain wants to merge 3 commits intocryspen:mainfrom
MavenRain:fix-1362-xof-streaming-squeeze
Open

Fix 1362 xof streaming squeeze#1389
MavenRain wants to merge 3 commits intocryspen:mainfrom
MavenRain:fix-1362-xof-streaming-squeeze

Conversation

@MavenRain
Copy link
Copy Markdown

@MavenRain MavenRain commented Apr 22, 2026

No description provided.

@MavenRain
sha3: support arbitrary-sized streaming squeeze chunks (cryspen#1362)
aab63a9 
  The XOF squeeze previously required all chunks except the last to be
  exactly RATE bytes long. Calling squeeze with a sub-RATE chunk would
  permute on the next call and discard the unread bytes from the current
  block, producing output inconsistent with a single one-shot squeeze.

  Add `squeeze_buf: [u8; RATE]` and `squeeze_pos: usize` to
  `KeccakXofState`. On each squeeze:
    1. Drain leftover bytes from `squeeze_buf[squeeze_pos..]` first.
    2. If more output is needed, permute (skipping on the very first
       squeeze) and extract full blocks directly into the caller's buffer.
    3. For a trailing sub-RATE remainder, extract a full RATE-byte block
       into `squeeze_buf` and copy the requested prefix to the caller;
       the rest stays buffered for the next call.

  Add four regression tests covering partial-chunk streaming for SHAKE128
  and SHAKE256, byte-at-a-time squeezing, and a partial-then-multi-block
  squeeze that crosses a block boundary inside one call.
@MavenRain
Merge branch 'main' of https://github.com/cryspen/libcrux into fix-13…
826d53a 
…62-xof-streaming-squeeze
@MavenRain MavenRain requested a review from a team as a code owner April 22, 2026 19:38
@jschneider-bensch
Copy link
Copy Markdown
Collaborator

jschneider-bensch commented Apr 23, 2026

Thank you! I don't have capacity for a full review right now.
But I noticed that you also updated the hax annotations. Did you run it through hax already?

@jschneider-bensch jschneider-bensch added the waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Apr 23, 2026
@MavenRain
Copy link
Copy Markdown
Author

MavenRain commented May 1, 2026

Thank you! I don't have capacity for a full review right now. But I noticed that you also updated the hax annotations. Did you run it through hax already?

Sorry for the delay . . . I was behind on my Github email notifications.

I installed hax at the workspace's pinned hax-lib-v0.3.6 revision and ran cargo hax into ... fstar on crates/algorithms/sha3 locally. The extract succeeds, and all three of my annotation changes translate cleanly into the resulting Libcrux_sha3.Generic_keccak.Xof.fst:

  • t_KeccakXofState gains f_squeeze_buf and f_squeeze_pos.
  • impl__new's ensures clause carries result.f_squeeze_pos =. v_RATE.
  • impl_1__squeeze carries self.f_squeeze_pos <=. v_RATE on requires and future(self).f_squeeze_pos <=. v_RATE on ensures; the loop's bounds assert shifts to out_offset + i * v_RATE <=. out.len() as expected.

The SHA3 - hax workflow on this PR is sitting in action_required (fork, no prior merged PR). Approving it should exercise lax + type-check on top of what I confirmed locally. I'd be happy to run prove --admit here too if you'd rather, it just needs F* v2025.12.15, which I haven't set up yet.

@jschneider-bensch jschneider-bensch linked an issue May 5, 2026 that may be closed by this pull request
[SHA3] Properly support streaming XOF squeeze #1362
Open
@robinhundt robinhundt self-requested a review May 5, 2026 08:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jschneider-bensch jschneider-bensch Awaiting requested review from jschneider-bensch jschneider-bensch is a code owner automatically assigned from cryspen/libcrux

@robinhundt robinhundt Awaiting requested review from robinhundt

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

waiting-on-review Status: Awaiting review from the assignee but also interested parties.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[SHA3] Properly support streaming XOF squeeze

2 participants

@MavenRain @jschneider-bensch