Nikos Mavrogiannopoulos n.mavrogiannopoulos@gmail.com writes:
I was wondering whether we should also add an HMAC API for SHA3. While it is easy to do a MAC from SHA-3 only HMAC is defined in FIPS202.
Technically, it makes more sense to do sha3-based mac without hmac. But if hmac-sha3 is the standardized way, we might need to support that. I guess there aren't any applications of hmac-sha3 yet?
In Sec 7. "Conformance" in FIPS202, it says that HMAC is "One of the approved uses of cryptographic hash functions", and then it specifies the block sizes for the sha3 hashes (Table 3) so that hmac is well defined.
But I don't read that as recommending that anyone should use hmac-sha3. And I think this table was added in response to one of the comments (http://csrc.nist.gov/groups/ST/hash/sha-3/documents/fips202_comments/Rombout...)
Attached you'll find an initial patch, but unfortunately I could find no test vectors to verify.
Maybe implementation of hmac-sha3 could wait until there's some specification of it including test vectors?
Regards, /Niels