Struct OutputReader

pub struct OutputReader { /* private fields */ }

An incremental reader for extended output, returned by Hasher::finalize_xof.

Shorter BLAKE3 outputs are prefixes of longer ones, and explicitly requesting a short output is equivalent to truncating the default-length output. Note that this is a difference between BLAKE2 and BLAKE3.

Security notes

Outputs shorter than the default length of 32 bytes (256 bits) provide less security. An N-bit BLAKE3 output is intended to provide N bits of first and second preimage resistance and N/2 bits of collision resistance, for any N up to 256. Longer outputs don’t provide any additional security.

Avoid relying on the secrecy of the output offset, that is, the number of output bytes read or the arguments to seek or set_position. Block-Cipher-Based Tree Hashing by Aldo Gunsing shows that an attacker who knows both the message and the key (if any) can easily determine the offset of an extended output. For comparison, AES-CTR has a similar property: if you know the key, you can decrypt a block from an unknown position in the output stream to recover its block index. Callers with strong secret keys aren’t affected in practice, but secret offsets are a design smell in any case.

Implementations

impl OutputReader

pub fn fill(&mut self, buf: &mut [u8])

Fill a buffer with output bytes and advance the position of the OutputReader. This is equivalent to Read::read, except that it doesn’t return a Result. Both methods always fill the entire buffer.

Note that OutputReader doesn’t buffer output bytes internally, so calling fill repeatedly with a short-length or odd-length slice will end up performing the same compression multiple times. If you’re reading output in a loop, prefer a slice length that’s a multiple of BLOCK_LEN (64 bytes).

The maximum output size of BLAKE3 is 2⁶⁴-1 bytes. If you try to extract more than that, for example by seeking near the end and reading further, the behavior is unspecified.

pub fn position(&self) -> u64

Return the current read position in the output stream. This is equivalent to Seek::stream_position, except that it doesn’t return a Result. The position of a new OutputReader starts at 0, and each call to fill or Read::read moves the position forward by the number of bytes read.

pub fn set_position(&mut self, position: u64)

Seek to a new read position in the output stream. This is equivalent to calling Seek::seek with SeekFrom::Start, except that it doesn’t return a Result.

Trait Implementations

impl Clone for OutputReader

fn clone(&self) -> OutputReader

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for OutputReader

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.