Daiki Ueno <u...@gnu.org> writes:
> Yes, that looks good to me, except _nettle_sha3_shake has a
> copy-and-paste error where SHA3_256_BLOCK_SIZE is hard-coded.
Thanks, good catch.
>> 1. Decide what should be renamed sha3_shake256_*
>
> I guess we can live with the existing interface. For SHAKE128, we could
> only provide sha3_128_init, sha3_128_update, and
> sha3_128_shake{,_output}, without sha3_128_digest.
Sounds good to me.
>> 2. Implement shake128.
>
> I've extracted it from the ML-KEM merge request and put it here:
> https://git.lysator.liu.se/nettle/nettle/-/merge_requests/63
>
> Not sending via email as it includes a huge test vector.
Thanks, merged to the sha3-shake-updates branch. Sorry if you didn't
intend me to do that right away (I noticed some minor problems after
merge, which I've fixed). I'd like to merge to master after ci runs have
completed.
>> 3. Update docs.
>
> I can do that once we settle the interface.
Excellent. To me, interface in sha3.h now looks good.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
_______________________________________________
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe send an email to nettle-bugs-le...@lists.lysator.liu.se
