Adding the READ method for SHAKE

NIIBE Yutaka gniibe at fsij.org
Fri Jun 23 02:31:02 CEST 2023


Hello,

NIIBE Yutaka <gniibe at fsij.org> wrote:
> I learned that there is a use case of SHAKE in CMS, specified in RFC
> 8802.
>
>     Use of the SHAKE One-Way Hash Functions in the Cryptographic Message
>     Syntax (CMS): https://www.rfc-editor.org/rfc/rfc8702.html
>
> In RFC 8802, SHAKE128 is used with 32-byte output, and SHAKE256 is used
> with 64-byte output.

I should have addressed this RFC, too:

    RFC 8692
    Internet X.509 Public Key Infrastructure: Additional Algorithm
    Identifiers for RSASSA-PSS and ECDSA Using SHAKEs
    https://www.rfc-editor.org/rfc/rfc8692.html

It's same for ECDSA.  It's same for RSASSA-PSS hash function.  It uses
SHAKE as fixed size output.

In RSASSA-PSS, for the use in MGF1 mask generation function, when SHAKE
is used, it's variable length version of SHAKE (depends on the size of
RSA modulus).

Ah, we need to modify the function mgf1 in rsa-common.c to support
SHAKE.  I will do that, at first.
-- 



More information about the Gcrypt-devel mailing list