Enable extended output in SHAKE-128 and SHAKE-256 (GH #805, PR #806)

author: Jeffrey Walton <noloader@gmail.com> 2019-02-13 11:31:18 -0500
committer: Jeffrey Walton <noloader@gmail.com> 2019-02-13 11:31:18 -0500
commit: 00f9c1f0eb1573366bb16f0bfed4fbbc6906afd1 (patch)
tree: c2b73a5f2976c514d743148db752d2d68b9694cb /shake.cpp
parent: 2e440959b1e8a9d215d73631eb479a39d0d1a3f0 (diff)
download: cryptopp-git-00f9c1f0eb1573366bb16f0bfed4fbbc6906afd1.tar.gz
1 files changed, 20 insertions, 2 deletions
diff --git a/shake.cpp b/shake.cpp
index aa880389..65e08235 100644
--- a/shake.cpp
+++ b/shake.cpp
@@ -52,6 +52,13 @@ void SHAKE::Restart()
     m_counter = 0;
 }
 
+void SHAKE::ThrowIfInvalidTruncatedSize(size_t size) const
+{
+	if (size > UINT_MAX)
+		throw InvalidArgument(std::string("HashTransformation: can't truncate a ") +
+		    IntToString(UINT_MAX) + " byte digest to " + IntToString(size) + " bytes");
+}
+
 void SHAKE::TruncatedFinal(byte *hash, size_t size)
 {
     CRYPTOPP_ASSERT(hash != NULLPTR);
@@ -59,8 +66,19 @@ void SHAKE::TruncatedFinal(byte *hash, size_t size)
 
     m_state.BytePtr()[m_counter] ^= 0x1F;
     m_state.BytePtr()[r()-1] ^= 0x80;
-    KeccakF1600(m_state);
-    std::memcpy(hash, m_state, size);
+
+    // FIPS 202, Algorithm 8, pp 18-19.
+    while (size > 0)
+    {
+        KeccakF1600(m_state);
+
+        const size_t segmentLen = STDMIN(size, (size_t)BlockSize());
+        std::memcpy(hash, m_state, segmentLen);
+
+        hash += segmentLen;
+        size -= segmentLen;
+    }
+
     Restart();
 }
author	Jeffrey Walton <noloader@gmail.com>	2019-02-13 11:31:18 -0500
committer	Jeffrey Walton <noloader@gmail.com>	2019-02-13 11:31:18 -0500
commit	00f9c1f0eb1573366bb16f0bfed4fbbc6906afd1 (patch)
tree	c2b73a5f2976c514d743148db752d2d68b9694cb /shake.cpp
parent	2e440959b1e8a9d215d73631eb479a39d0d1a3f0 (diff)
download	cryptopp-git-00f9c1f0eb1573366bb16f0bfed4fbbc6906afd1.tar.gz