Joachim Strömbergson joachim@secworks.se writes:
It wasn't really that hard. Patches will follow in two mails.
Nice. If this is to go in the upcoming release, I'd appreciate help with the documentation too.
I have not updated the H0 generation scripts used to verify the values (which you have done for SHA-384 and SHA-512).
Ideally, shadata.c should be extended to generate all tables needed for sha2. It can now use mini-gmp to get as much precision as it needs. But that's not urgent.
I think it looks a bit ugly to have separat init and digest functions but reuse the update function from sha512. I would prefer to add sha512_224_update() and sha512_256 too but still reuse the context. But since you don't do that for sha384
For sha384, there's a
#define sha384_update nettle_sha512_update
in sha2.h. We could add two more aliases for that function, if that makes application code prettier.
Minor nit: I prefer patches in unified format.
Regards, /Niels