Add test vectors for Ciphersuite::hash_to_F

2025-12-09 04:39:24 +00:00 · 2022-12-25 02:50:10 -05:00
parent da8e7e73e0
commit bacf31378d
7 changed files with 115 additions and 16 deletions
--- a/crypto/ciphersuite/README.md
+++ b/crypto/ciphersuite/README.md
@@ -1,4 +1,4 @@
-# Ciphersuite
+c# Ciphersuite

 Ciphersuites for elliptic curves premised on ff/group.

@@ -19,17 +19,17 @@ Ed25519/Ristretto are offered via
 around [curve25519-dalek](https://crates.io/crates/curve25519-dalek).

 Their `hash_to_F` is the wide reduction of SHA2-512, as used in
-[RFC 8032](https://www.rfc-editor.org/rfc/rfc8032). This is also compliant with
+[RFC-8032](https://www.rfc-editor.org/rfc/rfc8032). This is also compliant with
 the draft
-[RFC RISTRETTO](https://www.ietf.org/archive/id/draft-rtf-cfrg-ristretto255-decaf448-05.html).
+[RFC-RISTRETTO](https://www.ietf.org/archive/id/draft-irtf-cfrg-ristretto255-decaf448-05.html).
 The domain-separation tag is naively prefixed to the message.

 ### Ed448

 Ed448 is offered via [minimal-ed448](https://crates.io/crates/minimal-ed448), an
-explicitly not recommended Ed448 implementation, limited to its prime-order
-subgroup.
+explicitly not recommended, unaudited Ed448 implementation, limited to its
+prime-order subgroup.

 Its `hash_to_F` is the wide reduction of SHAKE256, with a 114-byte output, as
-used in [RFC 8032](https://www.rfc-editor.org/rfc/rfc8032). The
+used in [RFC-8032](https://www.rfc-editor.org/rfc/rfc8032). The
 domain-separation tag is naively prefixed to the message.