SHAKE128 and SHAKE256

src/libraries/Common/src/Interop/Android/System.Security.Cryptography.Native.Android/Interop.Evp.DigestAlgs.cs

@@ -54,6 +54,7 @@ internal static partial class Crypto
             HashAlgorithmNames.MD5 => EvpMd5(),
             HashAlgorithmNames.SHA3_256 or HashAlgorithmNames.SHA3_384 or HashAlgorithmNames.SHA3_512 =>
                 throw new PlatformNotSupportedException(),
+            HashAlgorithmNames.SHAKE128 or HashAlgorithmNames.SHAKE256 => throw new PlatformNotSupportedException(),
             _ => throw new CryptographicException(SR.Format(SR.Cryptography_UnknownHashAlgorithm, hashAlgorithmId))
         };
 
@@ -70,6 +71,8 @@ internal static bool HashAlgorithmSupported(string hashAlgorithmId)
                 case HashAlgorithmNames.SHA3_256:
                 case HashAlgorithmNames.SHA3_384:
                 case HashAlgorithmNames.SHA3_512:
+                case HashAlgorithmNames.SHAKE128:
+                case HashAlgorithmNames.SHAKE256:
                     return false;
                 default:
                     throw new CryptographicException(SR.Format(SR.Cryptography_UnknownHashAlgorithm, hashAlgorithmId));

src/libraries/Common/src/Interop/Android/System.Security.Cryptography.Native.Android/Interop.Evp.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Diagnostics;
 using System.Runtime.InteropServices;
 using System.Security.Cryptography;
 using Microsoft.Win32.SafeHandles;
@@ -37,6 +38,34 @@ internal static partial class Crypto
         [LibraryImport(Libraries.AndroidCryptoNative, EntryPoint = "CryptoNative_GetMaxMdSize")]
         private static partial int GetMaxMdSize();
 
+        internal static unsafe int EvpDigestXOFOneShot(IntPtr type, ReadOnlySpan<byte> source, Span<byte> destination)
+        {
+            // The partial needs to match the OpenSSL parameters.
+            _ = type;
+            _ = source;
+            _ = destination;
+            Debug.Fail("Should have validated that XOF is not supported before getting here.");
+            throw new UnreachableException();
+        }
+
+        internal static unsafe int EvpDigestFinalXOF(SafeEvpMdCtxHandle ctx, Span<byte> destination)
+        {
+            // The partial needs to match the OpenSSL parameters.
+            _ = ctx;
+            _ = destination;
+            Debug.Fail("Should have validated that XOF is not supported before getting here.");
+            throw new UnreachableException();
+        }
+
+        internal static unsafe int EvpDigestCurrentXOF(SafeEvpMdCtxHandle ctx, Span<byte> destination)
+        {
+            // The partial needs to match the OpenSSL parameters.
+            _ = ctx;
+            _ = destination;
+            Debug.Fail("Should have validated that XOF is not supported before getting here.");
+            throw new UnreachableException();
+        }
+
         internal static readonly int EVP_MAX_MD_SIZE = GetMaxMdSize();
     }
 }

src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EVP.DigestAlgs.cs

@@ -17,9 +17,13 @@ internal static partial class Crypto
         private static volatile IntPtr s_evpSha3_256;
         private static volatile IntPtr s_evpSha3_384;
         private static volatile IntPtr s_evpSha3_512;
+        private static volatile IntPtr s_evpSha3_Shake128;
+        private static volatile IntPtr s_evpSha3_Shake256;
         private static volatile bool s_evpSha3_256Cached;
         private static volatile bool s_evpSha3_384Cached;
         private static volatile bool s_evpSha3_512Cached;
+        private static volatile bool s_evpSha3_Shake128Cached;
+        private static volatile bool s_evpSha3_Shake256Cached;
 
         [LibraryImport(Libraries.CryptoNative)]
         private static partial IntPtr CryptoNative_EvpMd5();
@@ -93,6 +97,33 @@ private static IntPtr EvpSha3_512()
             return s_evpSha3_512;
         }
 
+        [LibraryImport(Libraries.CryptoNative)]
+        private static partial IntPtr CryptoNative_EvpShake128();
+
+        private static IntPtr EvpShake128()
+        {
+            if (!s_evpSha3_Shake128Cached)
+            {
+                s_evpSha3_Shake128 = CryptoNative_EvpShake128();
+                s_evpSha3_Shake128Cached = true;
+            }
+
+            return s_evpSha3_Shake128;
+        }
+
+        [LibraryImport(Libraries.CryptoNative)]
+        private static partial IntPtr CryptoNative_EvpShake256();
+
+        private static IntPtr EvpShake256()
+        {
+            if (!s_evpSha3_Shake256Cached)
+            {
+                s_evpSha3_Shake256 = CryptoNative_EvpShake256();
+                s_evpSha3_Shake256Cached = true;
+            }
+
+            return s_evpSha3_Shake256;
+        }
 
         internal static IntPtr HashAlgorithmToEvp(string hashAlgorithmId)
         {
@@ -111,6 +142,12 @@ internal static IntPtr HashAlgorithmToEvp(string hashAlgorithmId)
                 case HashAlgorithmNames.SHA3_512:
                     IntPtr sha3_512 = EvpSha3_512();
                     return sha3_512 != 0 ? sha3_512 : throw new PlatformNotSupportedException();
+                case HashAlgorithmNames.SHAKE128:
+                    IntPtr shake128 = EvpShake128();
+                    return shake128 != 0 ? shake128 : throw new PlatformNotSupportedException();
+                case HashAlgorithmNames.SHAKE256:
+                    IntPtr shake256 = EvpShake256();
+                    return shake256 != 0 ? shake256 : throw new PlatformNotSupportedException();
                 case nameof(HashAlgorithmName.MD5): return EvpMd5();
                 default:
                     throw new CryptographicException(SR.Format(SR.Cryptography_UnknownHashAlgorithm, hashAlgorithmId));
@@ -133,6 +170,10 @@ internal static bool HashAlgorithmSupported(string hashAlgorithmId)
                     return EvpSha3_384() != 0;
                 case HashAlgorithmNames.SHA3_512:
                     return EvpSha3_512() != 0;
+                case HashAlgorithmNames.SHAKE128:
+                    return EvpShake128() != 0;
+                case HashAlgorithmNames.SHAKE256:
+                    return EvpShake256() != 0;
                 default:
                     throw new CryptographicException(SR.Format(SR.Cryptography_UnknownHashAlgorithm, hashAlgorithmId));
             }

src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EVP.cs

@@ -3,7 +3,6 @@
 
 using System;
 using System.Runtime.InteropServices;
-using System.Security.Cryptography;
 using Microsoft.Win32.SafeHandles;
 
 internal static partial class Interop
@@ -25,12 +24,21 @@ internal static partial class Crypto
         [LibraryImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_EvpDigestFinalEx")]
         internal static partial int EvpDigestFinalEx(SafeEvpMdCtxHandle ctx, ref byte md, ref uint s);
 
+        [LibraryImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_EvpDigestFinalXOF")]
+        private static unsafe partial int EvpDigestFinalXOF(SafeEvpMdCtxHandle ctx, Span<byte> md, uint len);
+
+        [LibraryImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_EvpDigestCurrentXOF")]
+        private static unsafe partial int EvpDigestCurrentXOF(SafeEvpMdCtxHandle ctx, Span<byte> md, uint len);
+
         [LibraryImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_EvpDigestCurrent")]
         internal static partial int EvpDigestCurrent(SafeEvpMdCtxHandle ctx, ref byte md, ref uint s);
 
         [LibraryImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_EvpDigestOneShot")]
         internal static unsafe partial int EvpDigestOneShot(IntPtr type, byte* source, int sourceSize, byte* md, uint* mdSize);
 
+        [LibraryImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_EvpDigestXOFOneShot")]
+        private static unsafe partial int EvpDigestXOFOneShot(IntPtr type, ReadOnlySpan<byte> source, int sourceSize, Span<byte> md, uint len);
+
         [LibraryImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_EvpMdSize")]
         internal static partial int EvpMdSize(IntPtr md);
 
@@ -39,13 +47,13 @@ internal static partial class Crypto
 
         [LibraryImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_Pbkdf2")]
         private static unsafe partial int Pbkdf2(
-            byte* pPassword,
+            ReadOnlySpan<byte> pPassword,
             int passwordLength,
-            byte* pSalt,
+            ReadOnlySpan<byte> pSalt,
             int saltLength,
             int iterations,
             IntPtr digestEvp,
-            byte* pDestination,
+            Span<byte> pDestination,
             int destinationLength);
 
         internal static unsafe int Pbkdf2(
@@ -55,20 +63,30 @@ internal static partial class Crypto
             IntPtr digestEvp,
             Span<byte> destination)
         {
-            fixed (byte* pPassword = password)
-            fixed (byte* pSalt = salt)
-            fixed (byte* pDestination = destination)
-            {
-                return Pbkdf2(
-                    pPassword,
-                    password.Length,
-                    pSalt,
-                    salt.Length,
-                    iterations,
-                    digestEvp,
-                    pDestination,
-                    destination.Length);
-            }
+            return Pbkdf2(
+                password,
+                password.Length,
+                salt,
+                salt.Length,
+                iterations,
+                digestEvp,
+                destination,
+                destination.Length);
+        }
+
+        internal static unsafe int EvpDigestFinalXOF(SafeEvpMdCtxHandle ctx, Span<byte> destination)
+        {
+            return EvpDigestFinalXOF(ctx, destination, (uint)destination.Length);
+        }
+
+        internal static unsafe int EvpDigestCurrentXOF(SafeEvpMdCtxHandle ctx, Span<byte> destination)
+        {
+            return EvpDigestCurrentXOF(ctx, destination, (uint)destination.Length);
+        }
+
+        internal static unsafe int EvpDigestXOFOneShot(IntPtr type, ReadOnlySpan<byte> source, Span<byte> destination)
+        {
+            return EvpDigestXOFOneShot(type, source, source.Length, destination, (uint)destination.Length);
         }
 
         internal static readonly int EVP_MAX_MD_SIZE = GetMaxMdSize();

src/libraries/Common/src/Interop/Windows/BCrypt/Interop.BCryptAlgPseudoHandle.cs

@@ -29,6 +29,8 @@ public enum BCryptAlgPseudoHandle : uint
             BCRYPT_HMAC_SHA3_256_ALG_HANDLE = 0x000003E1,
             BCRYPT_HMAC_SHA3_384_ALG_HANDLE = 0x000003F1,
             BCRYPT_HMAC_SHA3_512_ALG_HANDLE = 0x00000401,
+            BCRYPT_CSHAKE128_ALG_HANDLE = 0x00000411,
+            BCRYPT_CSHAKE256_ALG_HANDLE = 0x00000421,
         }
 
         internal static bool PseudoHandlesSupported { get; } =

src/libraries/Common/src/Interop/Windows/BCrypt/Interop.BCryptCreateHash.cs

@@ -14,6 +14,9 @@ internal static partial class BCrypt
         [LibraryImport(Libraries.BCrypt, StringMarshalling = StringMarshalling.Utf16)]
         internal static partial NTSTATUS BCryptCreateHash(SafeBCryptAlgorithmHandle hAlgorithm, out SafeBCryptHashHandle phHash, IntPtr pbHashObject, int cbHashObject, ReadOnlySpan<byte> secret, int cbSecret, BCryptCreateHashFlags dwFlags);
 
+        [LibraryImport(Libraries.BCrypt, StringMarshalling = StringMarshalling.Utf16)]
+        internal static partial NTSTATUS BCryptCreateHash(nuint hAlgorithm, out SafeBCryptHashHandle phHash, IntPtr pbHashObject, int cbHashObject, ReadOnlySpan<byte> secret, int cbSecret, BCryptCreateHashFlags dwFlags);
+
         [Flags]
         internal enum BCryptCreateHashFlags : int
         {

src/libraries/Common/src/Interop/Windows/BCrypt/Interop.BCryptFinishHash.cs

@@ -11,5 +11,8 @@ internal static partial class BCrypt
     {
         [LibraryImport(Libraries.BCrypt)]
         internal static partial NTSTATUS BCryptFinishHash(SafeBCryptHashHandle hHash, Span<byte> pbOutput, int cbOutput, int dwFlags);
+
+        [LibraryImport(Libraries.BCrypt)]
+        internal static unsafe partial NTSTATUS BCryptFinishHash(SafeBCryptHashHandle hHash, byte* pbOutput, int cbOutput, int dwFlags);
     }
 }

src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs

@@ -2463,6 +2463,44 @@ public sealed partial class SHA512Managed : System.Security.Cryptography.SHA512
         public sealed override void Initialize() { }
         protected sealed override bool TryHashFinal(System.Span<byte> destination, out int bytesWritten) { throw null; }
     }
+    public sealed partial class Shake128 : System.IDisposable
+    {
+        public Shake128() { }
+        public static bool IsSupported { get { throw null; } }
+        public void AppendData(byte[] data) { }
+        public void AppendData(System.ReadOnlySpan<byte> data) { }
+        public void Dispose() { }
+        public byte[] GetCurrentHash(int outputLength) { throw null; }
+        public void GetCurrentHash(System.Span<byte> destination) { }
+        public byte[] GetHashAndReset(int outputLength) { throw null; }
+        public void GetHashAndReset(System.Span<byte> destination) { }
+        public static byte[] HashData(byte[] source, int outputLength) { throw null; }
+        public static byte[] HashData(System.IO.Stream source, int outputLength) { throw null; }
+        public static void HashData(System.IO.Stream source, System.Span<byte> destination) { }
+        public static byte[] HashData(System.ReadOnlySpan<byte> source, int outputLength) { throw null; }
+        public static void HashData(System.ReadOnlySpan<byte> source, System.Span<byte> destination) { }
+        public static System.Threading.Tasks.ValueTask<byte[]> HashDataAsync(System.IO.Stream source, int outputLength, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
+        public static System.Threading.Tasks.ValueTask HashDataAsync(System.IO.Stream source, System.Memory<byte> destination, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
+    }
+    public sealed partial class Shake256 : System.IDisposable
+    {
+        public Shake256() { }
+        public static bool IsSupported { get { throw null; } }
+        public void AppendData(byte[] data) { }
+        public void AppendData(System.ReadOnlySpan<byte> data) { }
+        public void Dispose() { }
+        public byte[] GetCurrentHash(int outputLength) { throw null; }
+        public void GetCurrentHash(System.Span<byte> destination) { }
+        public byte[] GetHashAndReset(int outputLength) { throw null; }
+        public void GetHashAndReset(System.Span<byte> destination) { }
+        public static byte[] HashData(byte[] source, int outputLength) { throw null; }
+        public static byte[] HashData(System.IO.Stream source, int outputLength) { throw null; }
+        public static void HashData(System.IO.Stream source, System.Span<byte> destination) { }
+        public static byte[] HashData(System.ReadOnlySpan<byte> source, int outputLength) { throw null; }
+        public static void HashData(System.ReadOnlySpan<byte> source, System.Span<byte> destination) { }
+        public static System.Threading.Tasks.ValueTask<byte[]> HashDataAsync(System.IO.Stream source, int outputLength, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
+        public static System.Threading.Tasks.ValueTask HashDataAsync(System.IO.Stream source, System.Memory<byte> destination, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
+    }
     public partial class SignatureDescription
     {
         public SignatureDescription() { }