Daiki Ueno ueno@gnu.org writes:
Yes, that looks good to me, except _nettle_sha3_shake has a copy-and-paste error where SHA3_256_BLOCK_SIZE is hard-coded.
Thanks, good catch.
- Decide what should be renamed sha3_shake256_*
I guess we can live with the existing interface. For SHAKE128, we could only provide sha3_128_init, sha3_128_update, and sha3_128_shake{,_output}, without sha3_128_digest.
Sounds good to me.
- Implement shake128.
I've extracted it from the ML-KEM merge request and put it here: https://git.lysator.liu.se/nettle/nettle/-/merge_requests/63
Not sending via email as it includes a huge test vector.
Thanks, merged to the sha3-shake-updates branch. Sorry if you didn't intend me to do that right away (I noticed some minor problems after merge, which I've fixed). I'd like to merge to master after ci runs have completed.
- Update docs.
I can do that once we settle the interface.
Excellent. To me, interface in sha3.h now looks good.
Regards, /Niels