Crypto++ 8.7
Free C++ class library of cryptographic schemes
shake.cpp
1// shake.cpp - modified by Wei Dai from Ronny Van Keer's public domain
2// sha3-simple.c. All modifications here are placed in the
3// public domain by Wei Dai.
4// Keccack core function moved to keccakc.cpp in AUG 2018
5// by Jeffrey Walton. Separating the core file allows both
6// SHA3 and Keccack to share the core implementation.
7
8/*
9The SHAKE sponge function, designed by Guido Bertoni, Joan Daemen,
10Michael Peeters and Gilles Van Assche. For more information, feedback or
11questions, please refer to our website: http://keccak.noekeon.org/
12
13Implementation by Ronny Van Keer, hereby denoted as "the implementer".
14
15To the extent possible under law, the implementer has waived all copyright
16and related or neighboring rights to the source code in this file.
17http://creativecommons.org/publicdomain/zero/1.0/
18*/
19
20#include "pch.h"
21#include "shake.h"
22
23NAMESPACE_BEGIN(CryptoPP)
24
25// The Keccak core function
26extern void KeccakF1600(word64 *state);
27
28void SHAKE::Update(const byte *input, size_t length)
29{
30 CRYPTOPP_ASSERT(!(input == NULLPTR && length != 0));
31 if (length == 0) { return; }
32
33 size_t spaceLeft;
34 while (length >= (spaceLeft = r() - m_counter))
35 {
36 if (spaceLeft)
37 xorbuf(m_state.BytePtr() + m_counter, input, spaceLeft);
38 KeccakF1600(m_state);
39 input += spaceLeft;
40 length -= spaceLeft;
41 m_counter = 0;
42 }
43
44 if (length)
45 xorbuf(m_state.BytePtr() + m_counter, input, length);
46 m_counter += (unsigned int)length;
47}
48
50{
51 memset(m_state, 0, m_state.SizeInBytes());
52 m_counter = 0;
53}
54
55void SHAKE::ThrowIfInvalidTruncatedSize(size_t size) const
56{
57 if (size > UINT_MAX)
58 throw InvalidArgument(std::string("HashTransformation: can't truncate a ") +
59 IntToString(UINT_MAX) + " byte digest to " + IntToString(size) + " bytes");
60}
61
62void SHAKE::TruncatedFinal(byte *hash, size_t size)
63{
64 CRYPTOPP_ASSERT(hash != NULLPTR);
65 ThrowIfInvalidTruncatedSize(size);
66
67 m_state.BytePtr()[m_counter] ^= 0x1F;
68 m_state.BytePtr()[r()-1] ^= 0x80;
69
70 // FIPS 202, Algorithm 8, pp 18-19.
71 while (size > 0)
72 {
73 KeccakF1600(m_state);
74
75 const size_t segmentLen = STDMIN(size, (size_t)BlockSize());
76 std::memcpy(hash, m_state, segmentLen);
77
78 hash += segmentLen;
79 size -= segmentLen;
80 }
81
82 Restart();
83}
84
85NAMESPACE_END
virtual unsigned int BlockSize() const
Provides the block size of the compression function.
Definition: cryptlib.h:1165
An invalid argument was detected.
Definition: cryptlib.h:203
void Restart()
Restart the hash.
Definition: shake.cpp:49
void TruncatedFinal(byte *hash, size_t size)
Computes the hash of the current message.
Definition: shake.cpp:62
void Update(const byte *input, size_t length)
Updates a hash with additional input.
Definition: shake.cpp:28
size_type SizeInBytes() const
Provides the number of bytes in the SecBlock.
Definition: secblock.h:885
byte * BytePtr()
Provides a byte pointer to the first element in the memory block.
Definition: secblock.h:876
unsigned long long word64
64-bit unsigned datatype
Definition: config_int.h:91
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
Definition: misc.h:655
std::string IntToString(T value, unsigned int base=10)
Converts a value to a string.
Definition: misc.h:724
CRYPTOPP_DLL void xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.
Crypto++ library namespace.
Precompiled header file.
Classes for SHAKE message digests.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:68