ShakeDigest.cs 3.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123
  1. #if !BESTHTTP_DISABLE_ALTERNATE_SSL && (!UNITY_WEBGL || UNITY_EDITOR)
  2. using System;
  3. using System.Diagnostics;
  4. using Org.BouncyCastle.Utilities;
  5. namespace Org.BouncyCastle.Crypto.Digests
  6. {
  7. /// <summary>
  8. /// Implementation of SHAKE based on following KeccakNISTInterface.c from http://keccak.noekeon.org/
  9. /// </summary>
  10. /// <remarks>
  11. /// Following the naming conventions used in the C source code to enable easy review of the implementation.
  12. /// </remarks>
  13. public class ShakeDigest
  14. : KeccakDigest, IXof
  15. {
  16. private static int CheckBitLength(int bitLength)
  17. {
  18. switch (bitLength)
  19. {
  20. case 128:
  21. case 256:
  22. return bitLength;
  23. default:
  24. throw new ArgumentException(bitLength + " not supported for SHAKE", "bitLength");
  25. }
  26. }
  27. public ShakeDigest()
  28. : this(128)
  29. {
  30. }
  31. public ShakeDigest(int bitLength)
  32. : base(CheckBitLength(bitLength))
  33. {
  34. }
  35. public ShakeDigest(ShakeDigest source)
  36. : base(source)
  37. {
  38. }
  39. public override string AlgorithmName
  40. {
  41. get { return "SHAKE" + fixedOutputLength; }
  42. }
  43. public override int DoFinal(byte[] output, int outOff)
  44. {
  45. return DoFinal(output, outOff, GetDigestSize());
  46. }
  47. public virtual int DoFinal(byte[] output, int outOff, int outLen)
  48. {
  49. DoOutput(output, outOff, outLen);
  50. Reset();
  51. return outLen;
  52. }
  53. public virtual int DoOutput(byte[] output, int outOff, int outLen)
  54. {
  55. if (!squeezing)
  56. {
  57. Absorb(new byte[] { 0x0F }, 0, 4);
  58. }
  59. Squeeze(output, outOff, ((long)outLen) * 8);
  60. return outLen;
  61. }
  62. /*
  63. * TODO Possible API change to support partial-byte suffixes.
  64. */
  65. protected override int DoFinal(byte[] output, int outOff, byte partialByte, int partialBits)
  66. {
  67. return DoFinal(output, outOff, GetDigestSize(), partialByte, partialBits);
  68. }
  69. /*
  70. * TODO Possible API change to support partial-byte suffixes.
  71. */
  72. protected virtual int DoFinal(byte[] output, int outOff, int outLen, byte partialByte, int partialBits)
  73. {
  74. if (partialBits < 0 || partialBits > 7)
  75. throw new ArgumentException("must be in the range [0,7]", "partialBits");
  76. int finalInput = (partialByte & ((1 << partialBits) - 1)) | (0x0F << partialBits);
  77. Debug.Assert(finalInput >= 0);
  78. int finalBits = partialBits + 4;
  79. if (finalBits >= 8)
  80. {
  81. oneByte[0] = (byte)finalInput;
  82. Absorb(oneByte, 0, 8);
  83. finalBits -= 8;
  84. finalInput >>= 8;
  85. }
  86. if (finalBits > 0)
  87. {
  88. oneByte[0] = (byte)finalInput;
  89. Absorb(oneByte, 0, finalBits);
  90. }
  91. Squeeze(output, outOff, ((long)outLen) * 8);
  92. Reset();
  93. return outLen;
  94. }
  95. public override IMemoable Copy()
  96. {
  97. return new ShakeDigest(this);
  98. }
  99. }
  100. }
  101. #endif