added SavableDigest support to CSHAKE, SHAKE

minor changes to support in SHA3 to accomodate.

Author: dghgit

core/src/main/java/org/bouncycastle/crypto/digests/CSHAKEDigest.java

@@ -2,6 +2,7 @@
 
 import org.bouncycastle.crypto.CryptoServicePurpose;
 import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.Memoable;
 
 /**
  * Customizable SHAKE function.
@@ -10,7 +11,8 @@ public class CSHAKEDigest
     extends SHAKEDigest
 {
     private static final byte[] padding = new byte[100];
-    private final byte[] diff;
+
+    private byte[] diff;
 
     /**
      * Base constructor.
@@ -54,6 +56,29 @@ public CSHAKEDigest(CSHAKEDigest source)
         this.diff = Arrays.clone(source.diff);
     }
 
+    public CSHAKEDigest(byte[] encodedState)
+    {
+        super(encodedState);
+
+        int sha3StateLength = state.length * 8 + dataQueue.length + 12 + 2;
+        if (encodedState.length != sha3StateLength)
+        {
+            this.diff = new byte[encodedState.length - sha3StateLength];
+            System.arraycopy(encodedState, sha3StateLength, diff, 0, diff.length);
+        }
+        else
+        {
+            this.diff = null;
+        }
+    }
+
+    private void copyIn(CSHAKEDigest source)
+    {
+        super.copyIn(source);
+
+        this.diff = Arrays.clone(source.diff);
+    }
+
     // bytepad in SP 800-185
     private void diffPadAndAbsorb()
     {
@@ -120,4 +145,36 @@ public void reset()
             diffPadAndAbsorb();
         }
     }
+
+    public byte[] getEncodedState()
+    {
+        int sha3StateLength = state.length * 8 + dataQueue.length + 12 + 2;
+        byte[] encState;
+
+        if (diff == null)
+        {
+            encState = new byte[sha3StateLength];
+            super.getEncodedState(encState);
+        }
+        else
+        {
+            encState = new byte[sha3StateLength + diff.length];
+            super.getEncodedState(encState);
+            System.arraycopy(diff, 0, encState, sha3StateLength, diff.length);
+        }
+
+        return encState;
+    }
+
+    public Memoable copy()
+    {
+        return new CSHAKEDigest(this);
+    }
+
+    public void reset(Memoable other)
+    {
+        CSHAKEDigest d = (CSHAKEDigest)other;
+
+        copyIn(d);
+    }
 }

core/src/main/java/org/bouncycastle/crypto/digests/KeccakDigest.java

@@ -66,6 +66,47 @@ public KeccakDigest(KeccakDigest source)
         CryptoServicesRegistrar.checkConstraints(cryptoServiceProperties());
     }
 
+    protected KeccakDigest(byte[] encodedState)
+    {
+        purpose = getCryptoServicePurpose(encodedState[0]);
+
+        int encOff = 1;
+        Pack.bigEndianToLong(encodedState, encOff, state, 0, state.length);
+        encOff += state.length * 8;
+        System.arraycopy(encodedState, encOff, dataQueue, 0, dataQueue.length);
+        encOff += dataQueue.length;
+        rate = Pack.bigEndianToInt(encodedState, encOff);
+        encOff += 4;
+        bitsInQueue = Pack.bigEndianToInt(encodedState, encOff);
+        encOff += 4;
+        fixedOutputLength = Pack.bigEndianToInt(encodedState, encOff);
+        encOff += 4;
+        squeezing = encodedState[encOff] != 0;
+    }
+
+    private static CryptoServicePurpose getCryptoServicePurpose(byte b)
+    {
+        CryptoServicePurpose[] values = CryptoServicePurpose.values();
+        return values[b];
+    }
+
+    protected void copyIn(KeccakDigest source)
+    {
+        if (this.purpose != source.purpose)
+        {
+            throw new IllegalArgumentException("attempt to copy digest of different purpose");
+        }
+
+        System.arraycopy(source.state, 0, this.state, 0, source.state.length);
+        System.arraycopy(source.dataQueue, 0, this.dataQueue, 0, source.dataQueue.length);
+        this.rate = source.rate;
+        this.bitsInQueue = source.bitsInQueue;
+        this.fixedOutputLength = source.fixedOutputLength;
+        this.squeezing = source.squeezing;
+
+        CryptoServicesRegistrar.checkConstraints(cryptoServiceProperties());
+    }
+
     public String getAlgorithmName()
     {
         return "Keccak-" + fixedOutputLength;
@@ -440,4 +481,29 @@ protected CryptoServiceProperties cryptoServiceProperties()
     {
         return Utils.getDefaultProperties(this, getDigestSize() * 8, purpose);
     }
+
+    protected byte[] getEncodedState(byte[] encState)
+    {
+        encState[0] = (byte)purpose.ordinal();
+
+        int sOff = 1;
+        for (int i = 0; i != state.length; i++)
+        {
+            Pack.longToBigEndian(state[i], encState, sOff);
+            sOff += 8;
+        }
+        
+        System.arraycopy(dataQueue, 0, encState, sOff, dataQueue.length);
+
+        sOff += dataQueue.length;
+        Pack.intToBigEndian(rate, encState, sOff);
+        sOff += 4;
+        Pack.intToBigEndian(bitsInQueue, encState, sOff);
+        sOff += 4;
+        Pack.intToBigEndian(fixedOutputLength, encState, sOff);
+        sOff += 4;
+        encState[sOff] = squeezing ? (byte)1 : (byte)0;
+
+        return encState;
+    }
 }

core/src/main/java/org/bouncycastle/crypto/digests/SHA3Digest.java

@@ -1,10 +1,8 @@
 package org.bouncycastle.crypto.digests;
 
 import org.bouncycastle.crypto.CryptoServicePurpose;
-import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.SavableDigest;
 import org.bouncycastle.util.Memoable;
-import org.bouncycastle.util.Pack;
 
 /**
  * implementation of SHA-3 based on following KeccakNISTInterface.c from https://keccak.noekeon.org/
@@ -51,49 +49,14 @@ public SHA3Digest(int bitLength, CryptoServicePurpose purpose)
 
     public SHA3Digest(byte[] encodedState)
     {
-        super(getCryptoServicePurpose(encodedState[encodedState.length - 1]));
-
-        Pack.bigEndianToLong(encodedState, 0, state, 0, state.length);
-        int encOff = state.length * 8;
-        System.arraycopy(encodedState, encOff, dataQueue, 0, dataQueue.length);
-        encOff += dataQueue.length;
-        rate = Pack.bigEndianToInt(encodedState, encOff);
-        encOff += 4;
-        bitsInQueue = Pack.bigEndianToInt(encodedState, encOff);
-        encOff += 4;
-        fixedOutputLength = Pack.bigEndianToInt(encodedState, encOff);
-        encOff += 4;
-        squeezing = encodedState[encOff] != 0;
-    }
-
-    private static CryptoServicePurpose getCryptoServicePurpose(byte b)
-    {
-        CryptoServicePurpose[] values = CryptoServicePurpose.values();
-        return values[b];
+        super(encodedState);
     }
 
     public SHA3Digest(SHA3Digest source)
     {
         super(source);
     }
 
-    private void copyIn(SHA3Digest source)
-    {
-        if (this.purpose != source.purpose)
-        {
-            throw new IllegalArgumentException("attempt to copy digest of different purpose");
-        }
-
-        System.arraycopy(source.state, 0, this.state, 0, source.state.length);
-        System.arraycopy(source.dataQueue, 0, this.dataQueue, 0, source.dataQueue.length);
-        this.rate = source.rate;
-        this.bitsInQueue = source.bitsInQueue;
-        this.fixedOutputLength = source.fixedOutputLength;
-        this.squeezing = source.squeezing;
-
-        CryptoServicesRegistrar.checkConstraints(cryptoServiceProperties());
-    }
-
     public String getAlgorithmName()
     {
         return "SHA3-" + fixedOutputLength;
@@ -133,24 +96,8 @@ public byte[] getEncodedState()
     {
         byte[] encState = new byte[state.length * 8 + dataQueue.length + 12 + 2];
 
-        for (int i = 0; i != state.length; i++)
-        {
-            Pack.longToBigEndian(state[i], encState, i * 8);
-        }
-
-        int sOff = state.length * 8;
-        System.arraycopy(dataQueue, 0, encState, sOff, dataQueue.length);
-
-        sOff += dataQueue.length;
-        Pack.intToBigEndian(rate, encState, sOff);
-        sOff += 4;
-        Pack.intToBigEndian(bitsInQueue, encState, sOff);
-        sOff += 4;
-        Pack.intToBigEndian(fixedOutputLength, encState, sOff);
-        sOff += 4;
-        encState[sOff++] = squeezing ? (byte)1 : (byte)0;
-        encState[sOff] = (byte)purpose.ordinal();
-
+        super.getEncodedState(encState);
+        
         return encState;
     }
 

core/src/main/java/org/bouncycastle/crypto/digests/SHAKEDigest.java

@@ -2,7 +2,9 @@
 
 import org.bouncycastle.crypto.CryptoServiceProperties;
 import org.bouncycastle.crypto.CryptoServicePurpose;
+import org.bouncycastle.crypto.SavableDigest;
 import org.bouncycastle.crypto.Xof;
+import org.bouncycastle.util.Memoable;
 
 
 /**
@@ -12,7 +14,7 @@
  */
 public class SHAKEDigest
     extends KeccakDigest
-    implements Xof
+    implements Xof, SavableDigest
 {
     private static int checkBitLength(int bitStrength)
     {
@@ -67,6 +69,11 @@ public SHAKEDigest(SHAKEDigest source)
         super(source);
     }
 
+    public SHAKEDigest(byte[] encodedState)
+    {
+         super(encodedState);
+    }
+
     public String getAlgorithmName()
     {
         return "SHAKE" + fixedOutputLength;
@@ -147,4 +154,25 @@ protected CryptoServiceProperties cryptoServiceProperties()
     {
         return Utils.getDefaultProperties(this, purpose);
     }
+
+    public byte[] getEncodedState()
+    {
+        byte[] encState = new byte[state.length * 8 + dataQueue.length + 12 + 2];
+
+        super.getEncodedState(encState);
+
+        return encState;
+    }
+
+    public Memoable copy()
+    {
+        return new SHAKEDigest(this);
+    }
+
+    public void reset(Memoable other)
+    {
+        SHAKEDigest d = (SHAKEDigest)other;
+
+        copyIn(d);
+    }
 }

core/src/test/java/org/bouncycastle/crypto/test/CSHAKETest.java

@@ -1,28 +1,60 @@
 package org.bouncycastle.crypto.test;
 
+import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.CSHAKEDigest;
 import org.bouncycastle.crypto.digests.SHAKEDigest;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Strings;
 import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.util.test.SimpleTest;
 
 /**
  * CSHAKE test vectors from:
  *
  * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/cSHAKE_samples.pdf
  */
 public class CSHAKETest
-    extends SimpleTest
+    extends DigestTest
 {
+    private static String[] messages =
+    {
+        "",
+        "a",
+        "abc",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+    };
+
+    private static String[] digests =
+    {
+        "28a0e58d342a45ef1522d69cd41748beee29c188364df18c84ed4ab8bed0cc85",
+        "cb0a67f6ff4a3b64497a757a85bda4a275cf11970ff226abd2bf2bbcba5890ea",
+        "346c136daea11c436d8d9e668e08888bd4e341dae05da4cb8773f74402c5bdbc",
+        "64602dc88c880bdfb6d0c9163a72b2e3653ab6114e4f4e25d7aaf5b8d441e36f"
+    };
+
+    public CSHAKETest()
+    {
+        super(new CSHAKEDigest(128, new byte[1], new byte[1]), messages, digests);
+    }
+
     public String getName()
     {
         return "CSHAKE";
     }
 
+    protected Digest cloneDigest(Digest digest)
+    {
+        return new CSHAKEDigest((CSHAKEDigest)digest);
+    }
+
+    protected Digest cloneDigest(byte[] encodedState)
+    {
+        return new CSHAKEDigest(encodedState);
+    }
+
     public void performTest()
-        throws Exception
     {
+        super.performTest();
+
         CSHAKEDigest cshake = new CSHAKEDigest(128, new byte[0], Strings.toByteArray("Email Signature"));
 
         cshake.update(Hex.decode("00010203"), 0, 4);