mirror of
https://github.com/openssl/openssl.git
synced 2025-01-12 13:36:28 +08:00
b7cf9dd239
Fixes #18586 In order to not break existing applications the OpenSSL documentation related to SHAKE has been updated. Background: All digests algorithms (including XOF's) use the bitlen as the default output length. This results in a security strength of bitlen / 2. This means that SHAKE128 will by default have an output length of 16 bytes and a security strength of 64 bits. For SHAKE256 the default output length is 32 bytes and has a security strength of 128 bits. This behaviour was present in 1.1.1 and has been duplicated in the provider SHAKE algorithms for 3.0. The SHAKE XOF algorithms have a security strength of min(bitlen, output xof length in bits / 2). Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18622)
84 lines
2.2 KiB
Plaintext
84 lines
2.2 KiB
Plaintext
=pod
|
|
|
|
=head1 NAME
|
|
|
|
EVP_MD-SHAKE, EVP_MD-KECCAK-KMAC
|
|
- The SHAKE / KECCAK family EVP_MD implementations
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
Support for computing SHAKE or KECCAK-KMAC digests through the
|
|
B<EVP_MD> API.
|
|
|
|
KECCAK-KMAC is a special digest that's used by the KMAC EVP_MAC
|
|
implementation (see L<EVP_MAC-KMAC(7)>).
|
|
|
|
=head2 Identities
|
|
|
|
This implementation is available in the FIPS provider as well as the default
|
|
provider, and includes the following varieties:
|
|
|
|
=over 4
|
|
|
|
=item KECCAK-KMAC-128
|
|
|
|
Known names are "KECCAK-KMAC-128" and "KECCAK-KMAC128"
|
|
This is used by L<EVP_MAC-KMAC128(7)>
|
|
|
|
=item KECCAK-KMAC-256
|
|
|
|
Known names are "KECCAK-KMAC-256" and "KECCAK-KMAC256"
|
|
This is used by L<EVP_MAC-KMAC256(7)>
|
|
|
|
=item SHAKE-128
|
|
|
|
Known names are "SHAKE-128" and "SHAKE128"
|
|
|
|
=item SHAKE-256
|
|
|
|
Known names are "SHAKE-256" and "SHAKE256"
|
|
|
|
=back
|
|
|
|
=head2 Gettable Parameters
|
|
|
|
This implementation supports the common gettable parameters described
|
|
in L<EVP_MD-common(7)>.
|
|
|
|
=head2 Settable Context Parameters
|
|
|
|
These implementations support the following L<OSSL_PARAM(3)> entries,
|
|
settable for an B<EVP_MD_CTX> with L<EVP_MD_CTX_set_params(3)>:
|
|
|
|
=over 4
|
|
|
|
=item "xoflen" (B<OSSL_DIGEST_PARAM_XOFLEN>) <unsigned integer>
|
|
|
|
Sets the digest length for extendable output functions.
|
|
The length of the "xoflen" parameter should not exceed that of a B<size_t>.
|
|
|
|
For backwards compatibility reasons the default xoflen length for SHAKE-128 is
|
|
16 (bytes) which results in a security strength of only 64 bits. To ensure the
|
|
maximum security strength of 128 bits, the xoflen should be set to at least 32.
|
|
|
|
For backwards compatibility reasons the default xoflen length for SHAKE-256 is
|
|
32 (bytes) which results in a security strength of only 128 bits. To ensure the
|
|
maximum security strength of 256 bits, the xoflen should be set to at least 64.
|
|
|
|
=back
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<EVP_MD_CTX_set_params(3)>, L<provider-digest(7)>, L<OSSL_PROVIDER-default(7)>
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|