New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proper SHA3 implementation? #6

Closed
iagox86 opened this Issue Oct 19, 2015 · 8 comments

Comments

Projects
None yet
3 participants
@iagox86
Copy link

iagox86 commented Oct 19, 2015

Hey,

I'm trying to find a SHA3 library for Ruby, but it seems like every library (this one included) is, if I'm not mistaken, using an old version of Keccak for validation, not the actual standardized SHA3.

The most recent SHA3 test vectors say that the hash of the blank string should be:

A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A

however, in this library, it works out to:

C5D2460186F7233C927E7DB2DCC703C0E500B653CA82273B7BFAD8045D85A470

After some research, I found some pages that calculate both the original keccak and the sha3, and it confirms that the first output is correct. Here's one such page:

https://www.npmjs.com/package/js-sha3

And here's a blank test vector from the original docs:

http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/SHA3-256_Msg0.pdf

Which agrees with everything else, and shows that the output is wrong.

Is there any chance of getting this fixed? Or of adding an option to use the new variation?

@iagox86

This comment has been minimized.

Copy link

iagox86 commented Oct 19, 2015

It appears to be a padding issue.. NIST changed the padding to be:

SHA3-256(M) = K ECCAK [512] (M || 01, 256);

But this implementation doesn't account for the 01 bits in the padding. After padding the empty string, the first byte should be '06', not '01', to account for the extra 01 at the start (6 = 00000110, reversing endian = 01100000, the current padding is 10000......, but the proper padding is that one, 01 then 10000.......

@johanns johanns added the enhancement label Oct 19, 2015

@johanns johanns added this to the 1.0 milestone Oct 19, 2015

@johanns johanns self-assigned this Oct 19, 2015

@johanns

This comment has been minimized.

Copy link
Owner

johanns commented Oct 19, 2015

@iagox86 This version of the gem is based on the original (optimized) C reference implementation released by Keccak team. I know that they have updated their implementation, and provide FIPS 202 support, but the gem's backing code MAY require a good amount of rewrite. Nonetheless, this is something I've been wanting to do, and I suppose it should be done sooner rather than later.

I'll look into this, but considering my schedule, I'm doubtful that I'll be able to complete a new release quickly (2 - 3 weeks would be optimistic). Of course, pull requests are welcome. :)

@johanns

This comment has been minimized.

Copy link
Owner

johanns commented Oct 21, 2015

@iagox86 Quick update: I've managed to get SHA3-256 (FIPS 202) tests to pass. There is still quite a bit of work that needs to be done, but I should have it completed sooner than 2-weeks.

@iagox86

This comment has been minimized.

Copy link

iagox86 commented Oct 21, 2015

Sweet, thanks!

On Wed, Oct 21, 2015 at 11:34 AM, Johanns Gregorian <
notifications@github.com> wrote:

@iagox86 https://github.com/iagox86 Quick update: I've managed to get
SHA3-256 (FIPS 202) tests to pass. There is still quite a bit of work that
needs to be done, but I should have it completed sooner than 2-weeks.


Reply to this email directly or view it on GitHub
#6 (comment).

@johanns

This comment has been minimized.

Copy link
Owner

johanns commented Oct 22, 2015

@iagox86 I think it's done. I haven't cut a new gem yet, but you can grab a pre-release here:

https://github.com/johanns/sha3/releases/tag/v1.0.1

A few notes:

  • There is no Keccak (non-FIPS) mode -- in other words, it's not backwards compatible (but fully SHA3 compliant). I didn't think this was necessary/required, and it was simpler to replace, rather than augment.
  • I haven't implemented SHAKE128/256 functions, yet.

Let me know if this meets your expectations, and/or if you find any bugs.

@iagox86

This comment has been minimized.

Copy link

iagox86 commented Oct 22, 2015

Awesome, I'll check it out! Thanks for the update!

On Thu, Oct 22, 2015 at 12:11 AM, Johanns Gregorian <
notifications@github.com> wrote:

@iagox86 https://github.com/iagox86 I think it's done. I haven't cut a
new gem yet, but you can grab a pre-release here:

https://github.com/johanns/sha3/releases/tag/v1.0.1

A few notes:

  • There is no Keccak (non-FIPS) mode -- in other words, it's not
    backwards compatible (but fully SHA3 compliant). I didn't think this was
    necessary/required, and it was simpler to replace, rather than augment.
  • I haven't implemented SHAKE128/256 functions, yet.

Let me know if this meets your expectations, and/or if you find any bugs.


Reply to this email directly or view it on GitHub
#6 (comment).

@iagox86

This comment has been minimized.

Copy link

iagox86 commented Oct 23, 2015

Just letting you know that (at least for what I'm doing), it's working perfectly!

@mmoghadas

This comment has been minimized.

Copy link
Collaborator

mmoghadas commented Oct 23, 2015

@iagox86 - Thanks for the feedback!

@mmoghadas mmoghadas closed this Oct 23, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment