avoid concating (and reallocating memory) to call the kdf in the ml-k…

…em to kyber ciphertext binding
tutao · Feb 3, 2025 · 27f3e55 · 27f3e55
1 parent 7846a1e
commit 27f3e55
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/tuta-sdk/rust/sdk/src/crypto/kyber.rs b/tuta-sdk/rust/sdk/src/crypto/kyber.rs
@@ -126,18 +126,19 @@ fn bind_shared_secret_to_ciphertext(
 	ciphertext: PQCryptoMlKem1024Ciphertext,
 ) -> KyberSharedSecret {
 	let hashed_ciphertext = sha::sha3_256(ciphertext.as_bytes());
-	let kdf_input = [
+	let kdf_input = vec![
 		unbound_shared_secret.as_bytes(),
 		hashed_ciphertext.as_slice(),
-	]
-	.concat();
-	let shared_secret = shake256(kdf_input.as_slice());
+	];
+	let shared_secret = shake256(kdf_input);
 	KyberSharedSecret(shared_secret)
 }
 
-fn shake256(input: &[u8]) -> [u8; SHAKE_BYTE_LENGTH] {
+fn shake256(input: Vec<&[u8]>) -> [u8; SHAKE_BYTE_LENGTH] {
 	let mut hasher = Shake256::default();
-	hasher.update(input);
+	for data in &input {
+		hasher.update(data);
+	}
 	let mut reader = hasher.finalize_xof();
 	let mut output = [0; SHAKE_BYTE_LENGTH];
 	reader.read(output.as_mut());