2.1 Additional Hash algorithms

These algorithms extend those defined in PSA Certified Crypto API [PSA-CRYPT] §10.2 Message digests. They are used with the hash functions and multi-part operations, or combined with composite algorithms that are parameterized by a hash algorithm.

2.1.1 SHA-256-based hash algorithms

PSA_ALG_SHA_256_192 (macro)

The SHA-256/192 message digest algorithm.

Added in version 1.3.

#define PSA_ALG_SHA_256_192 ((psa_algorithm_t)0x0200000E)

SHA-256/192 is the first 192 bits (24 bytes) of the SHA-256 output. SHA-256 is defined in [FIPS180-4].

2.1.2 SHAKE-based hash algorithms

PSA_ALG_SHAKE128_256 (macro)

The SHAKE128/256 message digest algorithm.

Added in version 1.3.

#define PSA_ALG_SHAKE128_256 ((psa_algorithm_t)0x02000016)

SHAKE128/256 is the first 256 bits (32 bytes) of the SHAKE128 output. SHAKE128 is defined in [FIPS202].

This can be used as pre-hashing for SLH-DSA (see PSA_ALG_HASH_SLH_DSA()).

Note

For other scenarios where a hash function based on SHA3 or SHAKE is required, SHA3-256 is recommended. SHA3-256 has the same output size, and a theoretically higher security strength.

PSA_ALG_SHAKE256_192 (macro)

The SHAKE256/192 message digest algorithm.

Added in version 1.3.

#define PSA_ALG_SHAKE256_192 ((psa_algorithm_t)0x02000017)

SHAKE256/192 is the first 192 bits (24 bytes) of the SHAKE256 output. SHAKE256 is defined in [FIPS202].

PSA_ALG_SHAKE256_256 (macro)

The SHAKE256/256 message digest algorithm.

Added in version 1.3.

#define PSA_ALG_SHAKE256_256 ((psa_algorithm_t)0x02000018)

SHAKE256/256 is the first 256 bits (32 bytes) of the SHAKE256 output. SHAKE256 is defined in [FIPS202].