Adding the READ method for SHAKE
    NIIBE Yutaka 
    gniibe at fsij.org
       
    Fri Jun 23 02:31:02 CEST 2023
    
    
  
Hello,
NIIBE Yutaka <gniibe at fsij.org> wrote:
> I learned that there is a use case of SHAKE in CMS, specified in RFC
> 8802.
>
>     Use of the SHAKE One-Way Hash Functions in the Cryptographic Message
>     Syntax (CMS): https://www.rfc-editor.org/rfc/rfc8702.html
>
> In RFC 8802, SHAKE128 is used with 32-byte output, and SHAKE256 is used
> with 64-byte output.
I should have addressed this RFC, too:
    RFC 8692
    Internet X.509 Public Key Infrastructure: Additional Algorithm
    Identifiers for RSASSA-PSS and ECDSA Using SHAKEs
    https://www.rfc-editor.org/rfc/rfc8692.html
It's same for ECDSA.  It's same for RSASSA-PSS hash function.  It uses
SHAKE as fixed size output.
In RSASSA-PSS, for the use in MGF1 mask generation function, when SHAKE
is used, it's variable length version of SHAKE (depends on the size of
RSA modulus).
Ah, we need to modify the function mgf1 in rsa-common.c to support
SHAKE.  I will do that, at first.
-- 
    
    
More information about the Gcrypt-devel
mailing list