mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-07 19:38:33 +08:00
Code Issues Packages Projects Releases Wiki Activity
6772c2ab1b
openssl/doc/man7/EVP_MD-SHAKE.pod
slontis c48e56874c XOF / EVP_MD_size() changes. 
Added the function EVP_MD_CTX_get_size_ex() which checks for XOF and
does a ctx get rather than just returning EVP_MD_size().
SHAKE did not have a get_ctx_params() so that had to be added to return the xoflen.

Added a helper function EVP_MD_xof()
EVP_MD_CTX_size() was just an aliased macro for EVP_MD_size(), so to
keep it the same I added an extra function.

EVP_MD_size() always returns 0 for SHAKE now, since it caches the value
of md_size at the time of an EVP_MD_fetch(). This is probably better
than returning the incorrect initial value it was before e.g (16 for
SHAKE128) and returning tht always instead of the set xoflen.

Note BLAKE2B uses "size" instead of "xoflen" to do a similar thing.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25285)
2024-08-29 10:29:53 +02:00

102 lines
2.8 KiB
Plaintext
Raw Blame History

=pod
=head1 NAME
EVP_MD-SHAKE, EVP_MD-KECCAK-KMAC
- The SHAKE / KECCAK family EVP_MD implementations
=head1 DESCRIPTION
Support for computing SHAKE or KECCAK-KMAC digests through the
B<EVP_MD> API.
KECCAK-KMAC is an Extendable Output Function (XOF), with a definition
similar to SHAKE, used by the KMAC EVP_MAC implementation (see
L<EVP_MAC-KMAC(7)>).
=head2 Identities
This implementation is available in the FIPS provider as well as the default
provider, and includes the following varieties:
=over 4
=item KECCAK-KMAC-128
Known names are "KECCAK-KMAC-128" and "KECCAK-KMAC128". This is used
by L<EVP_MAC-KMAC128(7)>. Using the notation from NIST FIPS 202
(Section 6.2), we have S<KECCAK-KMAC-128(M, d)> = S<KECCAK[256](M || 00, d)>
(see the description of KMAC128 in Appendix A of NIST SP 800-185).
=item KECCAK-KMAC-256
Known names are "KECCAK-KMAC-256" and "KECCAK-KMAC256". This is used
by L<EVP_MAC-KMAC256(7)>. Using the notation from NIST FIPS 202
(Section 6.2), we have S<KECCAK-KMAC-256(M, d)> = S<KECCAK[512](M || 00, d)>
(see the description of KMAC256 in Appendix A of NIST SP 800-185).
=item SHAKE-128
Known names are "SHAKE-128" and "SHAKE128".
=item SHAKE-256
Known names are "SHAKE-256" and "SHAKE256".
=back
=head2 Parameters
This implementation supports the following L<OSSL_PARAM(3)> entries:
=over 4
=item "xoflen" (B<OSSL_DIGEST_PARAM_XOFLEN>) <unsigned integer>
Sets or Gets the digest length for extendable output functions.
The length of the "xoflen" parameter should not exceed that of a B<size_t>.
The SHAKE-128 and SHAKE-256 implementations do not have any default digest
length.
This parameter must be set before calling either EVP_DigestFinal_ex() or
EVP_DigestFinal(), since these functions were not designed to handle variable
length output. It is recommended to either use EVP_DigestSqueeze() or
EVP_DigestFinalXOF() instead.
=item "size" (B<OSSL_DIGEST_PARAM_SIZE>) <unsigned integer>
An alias of "xoflen".
=back
See L<EVP_DigestInit(3)/PARAMETERS> for further information related to parameters
=head1 NOTES
For SHAKE-128, to ensure the maximum security strength of 128 bits, the output
length passed to EVP_DigestFinalXOF() should be at least 32.
For SHAKE-256, to ensure the maximum security strength of 256 bits, the output
length passed to EVP_DigestFinalXOF() should be at least 64.
=head1 SEE ALSO
L<EVP_MD_CTX_set_params(3)>, L<provider-digest(7)>, L<OSSL_PROVIDER-default(7)>
=head1 HISTORY
Since OpenSSL 3.4 the SHAKE-128 and SHAKE-256 implementations have no default
digest length.
=head1 COPYRIGHT
Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut
Reference in New Issue View Git Blame Copy Permalink