From f5036f23f7831d6f32aeeba363678fba0df94464ecde9f11dde9b9884870f54b Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Thu, 5 Jun 2025 16:17:46 +0300
Subject: [PATCH] Fix awful XOF length typo

---
 go/cm/cmd/cmenctool/main.go | 6 +++---
 go/cm/hash/shake.go         | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/go/cm/cmd/cmenctool/main.go b/go/cm/cmd/cmenctool/main.go
index 0f0022c..ed64e53 100644
--- a/go/cm/cmd/cmenctool/main.go
+++ b/go/cm/cmd/cmenctool/main.go
@@ -417,7 +417,7 @@ func main() {
 						pkHash.Write(ourX25519.PublicKey().Bytes())
 						ikm := bytes.Join([][]byte{
 							keyMcEliece, keyX25519,
-							sha3.SumSHAKE256(kem.Encap, X25519KeyLen),
+							sha3.SumSHAKE256(kem.Encap, 64),
 							pkHash.Sum(nil),
 						}, []byte{})
 						var prk []byte
@@ -671,8 +671,8 @@ func main() {
 				{
 					ikm := bytes.Join([][]byte{
 						keyMcEliece[:], keyX25519,
-						sha3.SumSHAKE256(kem.Encap, 32),
-						sha3.SumSHAKE256(pub.V, 32),
+						sha3.SumSHAKE256(kem.Encap, 64),
+						sha3.SumSHAKE256(pub.V, 64),
 					}, []byte{})
 					var prk []byte
 					prk, err = hkdf.Extract(cmhash.NewSHAKE256, ikm, nil)
diff --git a/go/cm/hash/shake.go b/go/cm/hash/shake.go
index 7c2e1b8..6968236 100644
--- a/go/cm/hash/shake.go
+++ b/go/cm/hash/shake.go
@@ -66,7 +66,7 @@ func NewSHAKE128() hash.Hash {
 }
 
 func NewSHAKE256() hash.Hash {
-	return SHAKE{xof: sha3.NewSHAKE256(), l: 32}
+	return SHAKE{xof: sha3.NewSHAKE256(), l: 64}
 }
 
 func NewCSHAKE128(s []byte) hash.Hash {
@@ -74,7 +74,7 @@ func NewCSHAKE128(s []byte) hash.Hash {
 }
 
 func NewCSHAKE256(s []byte) hash.Hash {
-	return SHAKE{xof: sha3.NewCSHAKE256(nil, s), l: 32}
+	return SHAKE{xof: sha3.NewCSHAKE256(nil, s), l: 64}
 }
 
 func NewSHAKE128MerkleHasher(chunkLen, workers int) hash.Hash {
-- 
2.50.0