<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Werner,<br>
</p>
<div class="moz-cite-prefix">Am 14.09.23 um 14:50 schrieb Werner
Koch:<br>
</div>
<blockquote type="cite" cite="mid:87y1h8j4uy.fsf@jacob.g10code.de">
<pre class="moz-quote-pre" wrap="">On Tue, 12 Sep 2023 13:50, Falko Strenzke said:
</pre>
<span style="white-space: pre-wrap"></span><span
style="white-space: pre-wrap">
</span>
<pre class="moz-quote-pre" wrap="">
Insted we use:
gcry_md_ctl (hd, GCRYCTL_CSHAKE_N, n, nlen);
gcry_md_ctl (hd, GCRYCTL_CSHAKE_S, n, nlen)
(which should return an error if the parmeters are not okay.</pre>
</blockquote>
Agreed, we will use <span style="white-space: pre-wrap"><tt>gcry_md_ctl</tt></span>
like you are proposing.<br>
<blockquote type="cite" cite="mid:87y1h8j4uy.fsf@jacob.g10code.de">
<pre class="moz-quote-pre" wrap="">
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap=""> have to be made to set N and S in that order. If data is added
without having made these calls, then it will behave as normal
SHAKE as required by the specification.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Well, in that case we may not even need GCRY_MD_CSHAKE but could reuse
GCRY_MD_SHAKE256 and check that the parameters are only used for this
algo - a test which is anyway required. Below an unfinished example.</pre>
</blockquote>
I don't understand what you mean exactly by "<span
style="white-space: pre-wrap">we may not even need GCRY_MD_CSHAKE". Maybe it is with respect to how we implement it, in that case see my comment below on reusing the SHAKE implementation.</span>
<blockquote type="cite" cite="mid:87y1h8j4uy.fsf@jacob.g10code.de">
<pre class="moz-quote-pre" wrap="">
--8<---------------cut here---------------start------------->8---
commit 1b4bb2ee125a91084f0fe6fa74d57cd47d2164fe (HEAD -> refs/heads/master)
Author: Werner Koch <a class="moz-txt-link-rfc2396E" href="mailto:wk@gnupg.org"><wk@gnupg.org></a>
Date: Thu Sep 14 14:43:13 2023 +0200
xxxxxxxxxxxxxxxxxxxxxxx
Modified cipher/md.c
diff --git a/cipher/md.c b/cipher/md.c
index a128dd82..4052bc90 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -1001,8 +1001,6 @@ _gcry_md_ctl (gcry_md_hd_t hd, int cmd, void *buffer, size_t buflen)
{
gcry_err_code_t rc = 0;
- (void)buflen; /* Currently not used. */
-
switch (cmd)
{
case GCRYCTL_FINALIZE:
@@ -1014,6 +1012,12 @@ _gcry_md_ctl (gcry_md_hd_t hd, int cmd, void *buffer, size_t buflen)
case GCRYCTL_STOP_DUMP:
md_stop_debug ( hd );
break;
+ case GCRYCTL_CSHAKE_N:
+ rc = _gcry_md_cshake_set_n (hd, buffer, buflen);
+ break;
+ case GCRYCTL_CSHAKE_S:
+ rc = _gcry_md_cshake_set_s (hd, buffer, buflen);
+ break;
default:
rc = GPG_ERR_INV_OP;
}</pre>
</blockquote>
Makes sense to me.<br>
<blockquote type="cite" cite="mid:87y1h8j4uy.fsf@jacob.g10code.de">
<pre class="moz-quote-pre" wrap="">
Modified src/gcrypt.h.in
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 7dc1196b..a861a11e 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -333,7 +333,9 @@ enum gcry_ctl_cmds
GCRYCTL_FIPS_SERVICE_INDICATOR_FUNCTION = 84,
GCRYCTL_FIPS_SERVICE_INDICATOR_MAC = 85,
GCRYCTL_FIPS_SERVICE_INDICATOR_MD = 86,
- GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87
+ GCRYCTL_FIPS_SERVICE_INDICATOR_PK_FLAGS = 87,
+ GCRYCTL_CSHAKE_N = 88,
+ GCRYCTL_CSHAKE_S = 89</pre>
</blockquote>
OK.<br>
<blockquote type="cite" cite="mid:87y1h8j4uy.fsf@jacob.g10code.de">
<pre class="moz-quote-pre" wrap="">
};
/* Perform various operations defined by CMD. */
@@ -1304,7 +1306,8 @@ enum gcry_md_algos
GCRY_MD_BLAKE2S_128 = 325,
GCRY_MD_SM3 = 326,
GCRY_MD_SHA512_256 = 327,
- GCRY_MD_SHA512_224 = 328
+ GCRY_MD_SHA512_224 = 328,
+ GCRY_MD_CSHAKE = 329</pre>
</blockquote>
<p>In my opinion we need to add GCRY_MD_CSHAKE128 and
GCRY_MD_CSHAKE256, the two algorithms defined by NIST and needed
for KMAC128 and KMAC256, respectively. The implementation that I
have made is thin though, it basically reuses the SHAKE
implementation and its functions together with the KECCAK_CONTEXT
and only adds some state management for the additional inputs N
and S (and of course the corresponding encoding functions). I will
be able to provide it for review in the next weeks after the
corrections we are still discussing.<br>
</p>
<p>- Falko<br>
</p>
<blockquote type="cite" cite="mid:87y1h8j4uy.fsf@jacob.g10code.de">
<pre class="moz-quote-pre" wrap="">
</pre>
</blockquote>
<div class="moz-signature">-- <br>
<!-- MTG AG HTML signature v.1.0 - Messen 2022, 2022-03-14 - Author: Andreas Cholet -->
<p style="line-height: 1.1;"><font face="Arial"><span
style="font-size: small; color: rgb(93, 93, 95);">
<strong>MTG AG</strong><br>
Dr. Falko Strenzke<br>
Executive System Architect<br>
<!--up to here--> </span></font></p>
<font face="Arial">
<p>
<span style="font-size: small; color: rgb(93, 93, 95);">
<span style="display:inline-block;width:4em">Phone: </span>+49
6151 8000 24<br>
<span style="display:inline-block;width:4em">E-Mail: </span><a class="moz-txt-link-abbreviated" href="mailto:falko.strenzke@mtg.de">falko.strenzke@mtg.de</a><br>
<span style="display:inline-block;width:4em">Web: </span><a
href="https://www.mtg.de" title="MTG AG Internet"
target="_blank">mtg.de</a><br>
<br>
<br>
<strong>MTG Exhibitions – See you in 2023</strong>
</span></p>
<font face="Arial">
<hr
style="width:320px; text-align:left;margin-left:0; height: 0,1px">
<a
href="https://community.e-world-essen.com/institutions/allExhibitors?query=true&keywords=mtg"
title="Info E-world 2023" target="_blank" rel="“noopener"
noreferrer"="">
<img data-filename="Eworld.png"
src="cid:part1.0ewsa86f.w3V03D9p@mtg.de"
style="width:126px; margin-left: 6px"></a>
<span style="font-size: small; color: rgb(93, 93, 95);">
<a href="https://www.itsa365.de/de-de/companies/m/mtg-ag"
title="Info itsa365 2023" target="_blank" rel="“noopener"
noreferrer"="">
<img data-filename="itsa.png"
src="cid:part2.dz7prIsp.MA48JhEu@mtg.de"
style="width:83px; margin-left: 60px"></a></span></font>
<span style="font-size: small; color: rgb(93, 93, 95);">
<!--a href="https://www.mtg.de/de/aktuelles/Hannover-Messe-2021-IT-Security-fuer-das-IoT/" title="Mehr Informationen" target="_blank"><strong>Mehr Informationen</strong></a -->
</span><br>
<br>
</font>
<p style="line-height: 1.2;"><font face="Arial">
<span style="font-size: x-small; color: rgb(93, 93, 95);">
MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany<br>
Commercial register: HRB 8901<br>
Register Court: Amtsgericht Darmstadt<br>
Management Board: Jürgen Ruf (CEO), Tamer Kemeröz<br>
Chairman of the Supervisory Board: Dr. Thomas Milde<br>
<br>
This email may contain confidential and/or privileged
information. If you are not the correct recipient or have
received this email in error,
<br>
please inform the sender immediately and delete this email.
Unauthorised copying or distribution of this email is not
permitted.<br>
<br>
Data protection information: <a
href="https://www.mtg.de/en/privacy-policy"
title="MTG Privacy policy" target="_blank">Privacy policy</a>
</span></font></p>
</div>
</body>
</html>