Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cSHAKE implementation produces invalid output #24

Closed
paulmillr opened this issue Oct 25, 2021 · 4 comments
Closed

cSHAKE implementation produces invalid output #24

paulmillr opened this issue Oct 25, 2021 · 4 comments

Comments

@paulmillr
Copy link

You have issue with cshake implementation here:

js-sha3/src/sha3.js

Line 326 in b39d091

var paddingBytes = w - bytes % w;

it should be var paddingBytes = (w - bytes % w) % w;, since it should not pad if value is already divisible by block size without remainder.
(spec: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-185.pdf: bytepad function step 3 here: while (len(z)/8) mod w ≠ 0:
We encountered the same error in noble-hashes, which contains XKCP-generated test vectors

Test case which triggers the error:

let str='084fed08b978af4d7d196a7446a86b58009e636b611db16211b65a9aadff29c5084fed08b978af4d7d196a7446a86b58009e636b611db16211b65a9aadff29c5084fed08b978af4d7d196a7446a86b58009e636b611db16211b65a9aadff29c5084fed08b978af4d7d196a7446a86b58009e636b611db16211b65a9aad';
Buffer.from(new Uint8Array(require('js-sha3').kmac256.create(Buffer.from([]), 16*8, Buffer.from(str, 'hex')).update(Buffer([])).arrayBuffer())).toString('hex')==='031801b0b50ebeef772fbe7a279bc144'

Instead, it returns bc58e9c8534e5fa7346f06e6ab25e2db
@ren1244
Copy link

ren1244 commented Jun 6, 2022

For cshake128(X, L, N, S)
I get incorrect result if length of S is 161 and N is empty string.

@ren1244
Copy link

ren1244 commented Jun 7, 2022

cshake128/256

  • parameter function name does not support empty Array (including Uint8Array and ArrayBuffer)
  • parameter customization does not support empty Array (including Uint8Array and ArrayBuffer)

for example

console.log(jsSha3.cshake128('',  128, '', ''));
//get: 7f9c2ba4e88f827d616045507605853e

console.log(jsSha3.cshake128([],  128, '', ''));
//get: 7f9c2ba4e88f827d616045507605853e

console.log(jsSha3.cshake128('',  128, [], ''));
//get: 1cdef541e61a208fd370edc896cc7ee0

console.log(jsSha3.cshake128('',  128, '', []));
//get: 1cdef541e61a208fd370edc896cc7ee0

console.log(jsSha3.cshake128([],  128, [], []));
//get: 1cdef541e61a208fd370edc896cc7ee0

@emn178
Copy link
Owner

emn178 commented Aug 27, 2023

Thank you for reporting. Will fix in next version.

emn178 added a commit that referenced this issue Aug 30, 2023
@emn178
## v0.9.0 / 2023-08-30
dbb0ea4 
### Fixed
- cSHAKE bug. #24
- dependencies and security issues.
emn178 added a commit that referenced this issue Aug 31, 2023
@emn178
## v0.9.1 / 2023-08-31
f293b5d 
### Fixed
- cSHAKE empty Array bug. #24
@emn178
Copy link
Owner

emn178 commented Aug 31, 2023

fixed in v0.9.1, please check.

@emn178 emn178 closed this as completed Sep 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@paulmillr @emn178 @ren1244