From: Eric Biggers <ebiggers@kernel.org>
To: David Howells <dhowells@redhat.com>
Cc: "Jason A . Donenfeld" <Jason@zx2c4.com>,
Ard Biesheuvel <ardb@kernel.org>,
Herbert Xu <herbert@gondor.apana.org.au>,
Stephan Mueller <smueller@chronox.de>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 7/8] crypto/sha3: Add SHAKE128/256 support
Date: Fri, 26 Sep 2025 14:14:15 -0700 [thread overview]
Message-ID: <20250926211415.GC2163@sol> (raw)
In-Reply-To: <20250926141959.1272455-8-dhowells@redhat.com>
On Fri, Sep 26, 2025 at 03:19:50PM +0100, David Howells wrote:
> SHAKE128/256 'digest' algos need to be available for the ML-DSA pre-digest,
> which is a selectable algorithm and need to be available through the same
> API as, say, SHA3-512 and SHA512 both. Resqueezability (probably) isn't
> required for this and they'll produce the default number of bytes as the
> digest size.
>
> Signed-off-by: David Howells <dhowells@redhat.com>
> cc: Eric Biggers <ebiggers@kernel.org>
> cc: Jason A. Donenfeld <Jason@zx2c4.com>
> cc: Ard Biesheuvel <ardb@kernel.org>
> cc: Herbert Xu <herbert@gondor.apana.org.au>
> cc: Stephan Mueller <smueller@chronox.de>
> cc: linux-crypto@vger.kernel.org
> ---
> crypto/sha3_generic.c | 26 ++++++++++++++++++++++++++
> 1 file changed, 26 insertions(+)
I recommend holding off on this part until you have a try at using the
SHAKE library API directly. The dispatch to different algorithms could
be done in the calling code. This patch would also limit the ML-DSA
code to fixed-size SHAKE outputs; is that really going to be enough?
- Eric
next prev parent reply other threads:[~2025-09-26 21:15 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-26 14:19 [PATCH v3 0/8] crypto, lib/crypto: Add SHAKE128/256 support and move SHA3 to lib/crypto David Howells
2025-09-26 14:19 ` [PATCH v3 1/8] s390/sha3: Rename conflicting functions David Howells
2025-09-29 11:39 ` Harald Freudenberger
2025-09-26 14:19 ` [PATCH v3 2/8] arm64/sha3: " David Howells
2025-09-26 14:19 ` [PATCH v3 3/8] lib/crypto: Add SHA3-224, SHA3-256, SHA3-384, SHA-512, SHAKE128, SHAKE256 David Howells
2025-09-26 21:09 ` Eric Biggers
2025-09-26 14:19 ` [PATCH v3 4/8] lib/crypto: Move the SHA3 Iota transform into the single round function David Howells
2025-09-26 14:19 ` [PATCH v3 5/8] lib/crypto: Add SHA3 kunit tests David Howells
2025-10-01 16:04 ` Eric Biggers
2025-10-01 16:08 ` Eric Biggers
2025-10-02 13:05 ` David Howells
2025-10-02 16:07 ` Eric Biggers
2025-09-26 14:19 ` [PATCH v3 6/8] crypto/sha3: Use lib/crypto/sha3 David Howells
2025-09-26 21:25 ` Eric Biggers
2025-09-26 14:19 ` [PATCH v3 7/8] crypto/sha3: Add SHAKE128/256 support David Howells
2025-09-26 21:14 ` Eric Biggers [this message]
2025-10-01 13:02 ` David Howells
2025-10-01 15:25 ` Eric Biggers
2025-09-26 14:19 ` [PATCH v3 8/8] crypto: SHAKE tests David Howells
2025-09-26 19:59 ` [PATCH v3 0/8] crypto, lib/crypto: Add SHAKE128/256 support and move SHA3 to lib/crypto Eric Biggers
2025-10-01 15:28 ` Eric Biggers
2025-10-02 13:14 ` David Howells
2025-10-02 16:27 ` Eric Biggers
2025-10-11 0:26 ` Eric Biggers
2025-10-16 12:35 ` David Howells
2025-10-16 14:34 ` David Howells
2025-10-16 14:56 ` Stephan Mueller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250926211415.GC2163@sol \
--to=ebiggers@kernel.org \
--cc=Jason@zx2c4.com \
--cc=ardb@kernel.org \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.