xref: /netbsd-src/crypto/external/bsd/openssl/dist/doc/man7/EVP_MD-SHAKE.pod (revision 0e2e28bced52bda3788c857106bde6c44d2df3b8) 
1b0d17251Schristos=pod
2b0d17251Schristos
3b0d17251Schristos=head1 NAME
4b0d17251Schristos
5b0d17251SchristosEVP_MD-SHAKE, EVP_MD-KECCAK-KMAC
6b0d17251Schristos- The SHAKE / KECCAK family EVP_MD implementations
7b0d17251Schristos
8b0d17251Schristos=head1 DESCRIPTION
9b0d17251Schristos
10b0d17251SchristosSupport for computing SHAKE or KECCAK-KMAC digests through the
11b0d17251SchristosB<EVP_MD> API.
12b0d17251Schristos
13*0e2e28bcSchristosKECCAK-KMAC is an Extendable Output Function (XOF), with a definition
14*0e2e28bcSchristossimilar to SHAKE, used by the KMAC EVP_MAC implementation (see
15*0e2e28bcSchristosL<EVP_MAC-KMAC(7)>).
16b0d17251Schristos
17b0d17251Schristos=head2 Identities
18b0d17251Schristos
19b0d17251SchristosThis implementation is available in the FIPS provider as well as the default
20b0d17251Schristosprovider, and includes the following varieties:
21b0d17251Schristos
22b0d17251Schristos=over 4
23b0d17251Schristos
24b0d17251Schristos=item KECCAK-KMAC-128
25b0d17251Schristos
26*0e2e28bcSchristosKnown names are "KECCAK-KMAC-128" and "KECCAK-KMAC128".  This is used
27*0e2e28bcSchristosby L<EVP_MAC-KMAC128(7)>.  Using the notation from NIST FIPS 202
28*0e2e28bcSchristos(Section 6.2), we have S<KECCAK-KMAC-128(M, d)> = S<KECCAK[256](M || 00, d)>
29*0e2e28bcSchristos(see the description of KMAC128 in Appendix A of NIST SP 800-185).
30b0d17251Schristos
31b0d17251Schristos=item KECCAK-KMAC-256
32b0d17251Schristos
33*0e2e28bcSchristosKnown names are "KECCAK-KMAC-256" and "KECCAK-KMAC256".  This is used
34*0e2e28bcSchristosby L<EVP_MAC-KMAC256(7)>.  Using the notation from NIST FIPS 202
35*0e2e28bcSchristos(Section 6.2), we have S<KECCAK-KMAC-256(M, d)> = S<KECCAK[512](M || 00, d)>
36*0e2e28bcSchristos(see the description of KMAC256 in Appendix A of NIST SP 800-185).
37b0d17251Schristos
38b0d17251Schristos=item SHAKE-128
39b0d17251Schristos
40*0e2e28bcSchristosKnown names are "SHAKE-128" and "SHAKE128".
41b0d17251Schristos
42b0d17251Schristos=item SHAKE-256
43b0d17251Schristos
44*0e2e28bcSchristosKnown names are "SHAKE-256" and "SHAKE256".
45b0d17251Schristos
46b0d17251Schristos=back
47b0d17251Schristos
48b0d17251Schristos=head2 Gettable Parameters
49b0d17251Schristos
50b0d17251SchristosThis implementation supports the common gettable parameters described
51b0d17251Schristosin L<EVP_MD-common(7)>.
52b0d17251Schristos
53b0d17251Schristos=head2 Settable Context Parameters
54b0d17251Schristos
55b0d17251SchristosThese implementations support the following L<OSSL_PARAM(3)> entries,
56b0d17251Schristossettable for an B<EVP_MD_CTX> with L<EVP_MD_CTX_set_params(3)>:
57b0d17251Schristos
58b0d17251Schristos=over 4
59b0d17251Schristos
60b0d17251Schristos=item "xoflen" (B<OSSL_DIGEST_PARAM_XOFLEN>) <unsigned integer>
61b0d17251Schristos
62b0d17251SchristosSets the digest length for extendable output functions.
63b0d17251SchristosThe length of the "xoflen" parameter should not exceed that of a B<size_t>.
64b0d17251Schristos
65b0d17251SchristosFor backwards compatibility reasons the default xoflen length for SHAKE-128 is
66b0d17251Schristos16 (bytes) which results in a security strength of only 64 bits. To ensure the
67b0d17251Schristosmaximum security strength of 128 bits, the xoflen should be set to at least 32.
68b0d17251Schristos
69b0d17251SchristosFor backwards compatibility reasons the default xoflen length for SHAKE-256 is
70b0d17251Schristos32 (bytes) which results in a security strength of only 128 bits. To ensure the
71b0d17251Schristosmaximum security strength of 256 bits, the xoflen should be set to at least 64.
72b0d17251Schristos
73b0d17251Schristos=back
74b0d17251Schristos
75b0d17251Schristos=head1 SEE ALSO
76b0d17251Schristos
77b0d17251SchristosL<EVP_MD_CTX_set_params(3)>, L<provider-digest(7)>, L<OSSL_PROVIDER-default(7)>
78b0d17251Schristos
79b0d17251Schristos=head1 COPYRIGHT
80b0d17251Schristos
81b0d17251SchristosCopyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
82b0d17251Schristos
83b0d17251SchristosLicensed under the Apache License 2.0 (the "License").  You may not use
84b0d17251Schristosthis file except in compliance with the License.  You can obtain a copy
85b0d17251Schristosin the file LICENSE in the source distribution or at
86b0d17251SchristosL<https://www.openssl.org/source/license.html>.
87b0d17251Schristos
88b0d17251Schristos=cut
89