1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
using System;
using System.Diagnostics;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Crypto.Digests
{
/// <summary>
/// Implementation of SHAKE based on following KeccakNISTInterface.c from http://keccak.noekeon.org/
/// </summary>
/// <remarks>
/// Following the naming conventions used in the C source code to enable easy review of the implementation.
/// </remarks>
public class ShakeDigest
: KeccakDigest, IXof
{
private static int CheckBitLength(int bitLength)
{
switch (bitLength)
{
case 128:
case 256:
return bitLength;
default:
throw new ArgumentException(bitLength + " not supported for SHAKE", "bitLength");
}
}
public ShakeDigest()
: this(128)
{
}
public ShakeDigest(int bitLength)
: base(CheckBitLength(bitLength))
{
}
public ShakeDigest(ShakeDigest source)
: base(source)
{
}
public override string AlgorithmName
{
get { return "SHAKE" + fixedOutputLength; }
}
public override int DoFinal(byte[] output, int outOff)
{
return DoFinal(output, outOff, GetDigestSize());
}
public virtual int DoFinal(byte[] output, int outOff, int outLen)
{
DoOutput(output, outOff, outLen);
Reset();
return outLen;
}
public virtual int DoOutput(byte[] output, int outOff, int outLen)
{
if (!squeezing)
{
AbsorbBits(0x0F, 4);
}
Squeeze(output, outOff, (long)outLen << 3);
return outLen;
}
/*
* TODO Possible API change to support partial-byte suffixes.
*/
protected override int DoFinal(byte[] output, int outOff, byte partialByte, int partialBits)
{
return DoFinal(output, outOff, GetDigestSize(), partialByte, partialBits);
}
/*
* TODO Possible API change to support partial-byte suffixes.
*/
protected virtual int DoFinal(byte[] output, int outOff, int outLen, byte partialByte, int partialBits)
{
if (partialBits < 0 || partialBits > 7)
throw new ArgumentException("must be in the range [0,7]", "partialBits");
int finalInput = (partialByte & ((1 << partialBits) - 1)) | (0x0F << partialBits);
Debug.Assert(finalInput >= 0);
int finalBits = partialBits + 4;
if (finalBits >= 8)
{
Absorb((byte)finalInput);
finalBits -= 8;
finalInput >>= 8;
}
if (finalBits > 0)
{
AbsorbBits(finalInput, finalBits);
}
Squeeze(output, outOff, (long)outLen << 3);
Reset();
return outLen;
}
public override IMemoable Copy()
{
return new ShakeDigest(this);
}
}
}
|