On Mon, May 5, 2014 at 11:27 PM, Niels Möller nisse@lysator.liu.se wrote:
I've spent some time the last few days updating the manual. Feedback appreciated, in particular on the new sections on the new DSA interface, AEAD algorithms, chacha and poly1305. Also some smaller documentation updates on Salsa20, GCM and CCM.
Hello Niels, Very nice work. Some comments bellow.
SHA3-224 section: I'd provide a reference to http://csrc.nist.gov/publications/drafts/fips-202/fips_202_draft.pdf, since it is now published.
I don't see any test vectors to verify but note that the document says: "The four SHA-3 hash functions differ slightly from the instances of KECCAK that were proposed for the SHA-3 competition [3]. In particular, two additional bits are appended to the messages, in order to distinguish the SHA-3 hash functions from the SHA-3 XOFs, and to facilitate the development of new variants of the SHA-3 functions that can be dedicated to individual application domains. The mechanism for achieving these goals is called domain separation".
Camellia: I'd add "Camellia is one of the selected algorithms in the New European Schemes for Signatures, Integrity and Encryption (NESSIE) project". https://www.cosic.esat.kuleuven.be/nessie/deliverables/press_release_feb27.p...
Galois counter mode: (see Keyed hash functions... parenthesis doesn't close.
ChaCha-Poly1305: If you plan a release soon, I'd suggest not to include that yet. There is no document you can refer to and the latest draft document we have already differs from the implementation. (see http://tools.ietf.org/html/draft-nir-cfrg-chacha20-poly1305-02 )
Traditional Nettle Soup: I never knew there was such a thing :)
regards, Nikos