Mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-01-18 17:11:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
536649082212e7c643ab8d7bab89f620fbcd37f0
openssl/doc/man7/EVP_MD-SHAKE.pod
slontis 5366490822 Add EVP_DigestSqueeze() API. 
Fixes #7894

This allows SHAKE to squeeze multiple times with different output sizes.

The existing EVP_DigestFinalXOF() API has been left as a one shot
operation. A similar interface is used by another toolkit.

The low level SHA3_Squeeze() function needed to change slightly so
that it can handle multiple squeezes. This involves changing the
assembler code so that it passes a boolean to indicate whether
the Keccak function should be called on entry.
At the provider level, the squeeze is buffered, so that it only requests
a multiple of the blocksize when SHA3_Squeeze() is called. On the first
call the value is zero, on subsequent calls the value passed is 1.

This PR is derived from the excellent work done by @nmathewson in
https://github.com/openssl/openssl/pull/7921

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21511)
2023-11-10 13:27:00 +01:00

97 lines
2.7 KiB
Plaintext
Raw Blame History

=pod
=head1 NAME
EVP_MD-SHAKE, EVP_MD-KECCAK-KMAC
- The SHAKE / KECCAK family EVP_MD implementations
=head1 DESCRIPTION
Support for computing SHAKE or KECCAK-KMAC digests through the
B<EVP_MD> API.
KECCAK-KMAC is a special digest that's used by the KMAC EVP_MAC
implementation (see L<EVP_MAC-KMAC(7)>).
=head2 Identities
This implementation is available in the FIPS provider as well as the default
provider, and includes the following varieties:
=over 4
=item KECCAK-KMAC-128
Known names are "KECCAK-KMAC-128" and "KECCAK-KMAC128"
This is used by L<EVP_MAC-KMAC128(7)>
=item KECCAK-KMAC-256
Known names are "KECCAK-KMAC-256" and "KECCAK-KMAC256"
This is used by L<EVP_MAC-KMAC256(7)>
=item SHAKE-128
Known names are "SHAKE-128" and "SHAKE128"
=item SHAKE-256
Known names are "SHAKE-256" and "SHAKE256"
=back
=head2 Gettable Parameters
This implementation supports the common gettable parameters described
in L<EVP_MD-common(7)>.
=head2 Settable Context Parameters
These implementations support the following L<OSSL_PARAM(3)> entries,
settable for an B<EVP_MD_CTX> with L<EVP_MD_CTX_set_params(3)>:
=over 4
=item "xoflen" (B<OSSL_DIGEST_PARAM_XOFLEN>) <unsigned integer>
Sets the digest length for extendable output functions.
The length of the "xoflen" parameter should not exceed that of a B<size_t>.
For backwards compatibility reasons the default xoflen length for SHAKE-128 is
16 (bytes) which results in a security strength of only 64 bits. To ensure the
maximum security strength of 128 bits, the xoflen should be set to at least 32.
For backwards compatibility reasons the default xoflen length for SHAKE-256 is
32 (bytes) which results in a security strength of only 128 bits. To ensure the
maximum security strength of 256 bits, the xoflen should be set to at least 64.
This parameter may be used when calling either EVP_DigestFinal_ex() or
EVP_DigestFinal(), since these functions were not designed to handle variable
length output. It is recommended to either use EVP_DigestSqueeze() or
EVP_DigestFinalXOF() instead.
=back
=head1 NOTES
For SHAKE-128, to ensure the maximum security strength of 128 bits, the output
length passed to EVP_DigestFinalXOF() should be at least 32.
For SHAKE-256, to ensure the maximum security strength of 256 bits, the output
length passed to EVP_DigestFinalXOF() should be at least 64.
=head1 SEE ALSO
L<EVP_MD_CTX_set_params(3)>, L<provider-digest(7)>, L<OSSL_PROVIDER-default(7)>
=head1 COPYRIGHT
Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut
Reference in New Issue View Git Blame Copy Permalink