CryptoJS.SHA3 does not pass any Keccak test vectors, it is completely broken

Question

CryptoJS.SHA3 does not pass any Keccak test vectors, it is completely broken

GoogleCodeExporter opened this issue 9 years ago · 2 comments

GoogleCodeExporter commented 9 years ago

See the "Known-answer and Monte Carlo test results" bullet on the downloads 
page, or go straight to the file.

http://keccak.noekeon.org/files.html
http://keccak.noekeon.org/KeccakKAT-3.zip

I have been testing with the CryptoJS.SHA3 and using the test vectors from 
ShortMsgKAT_512.txt or LongMsgKAT_512.txt I can't get it to match any of the 
test vectors.

I did however get one message to pass a test with the following code:

var words = CryptoJS.enc.Hex.parse(message);
var testResult = CryptoJS.SHA3(words, { outputLength: 512 }).toString();

It passes the first test in LongMsgKAT.txt

var message = 
'724627916C50338643E6996F07877EAFD96BDF01DA7E991D4155B9BE1295EA7D21C9391F4C4A41C
75F77E5D27389253393725F1427F57914B273AB862B9E31DABCE506E558720520D33352D119F699E
784F9E548FF91BC35CA147042128709820D69A8287EA3257857615EB0321270E94B84F446942765C
E882B191FAEE7E1C87E0F0BD4E0CD8A927703524B559B769CA4ECE1F6DBF313FDCF67C572EC4185C
1A88E86EC11B6454B371980020F19633B6B95BD280E4FBCB0161E1A82470320CEC6ECFA25AC73D09
F1536F286D3F9DACAFB2CD1D0CE72D64D197F5C7520B3CCB2FD74EB72664BA93853EF41EABF52F01
5DD591500D018DD162815CC993595B195';

var correctResult = 
'4E987768469F546296AD1A43D54C0A0A6C87E7E4E26B686612B1E5B1554B689BFFD56D6A4B454CE
4A5717625BBAD321F8D05F19C225259646F21416AA2D7C2ED';

var words = CryptoJS.enc.Hex.parse(message.toLowerCase());
var testResult = CryptoJS.SHA3(words, { outputLength: 512 }).toString();

test("Test Keccak", function()
{
   ok(testResult === correctResult.toLowerCase());
});

testResult is 
4e987768469f546296ad1a43d54c0a0a6c87e7e4e26b686612b1e5b1554b689bffd56d6a4b454ce4
a5717625bbad321f8d05f19c225259646f21416aa2d7c2ed

However _all_ the other tests fail. Any idea what is going on?

Can you fix this? I hope you can implement a test suite so these things don't 
happen again. Qunit from the jQuery team is good and simple.

Thanks

Original issue reported on code.google.com by john.f.m...@gmail.com on 26 Apr 2014 at 9:31

Answer 1 · 2016-04-18T08:45:27.000Z

I found out the issue. You have to run every 8th test in the test file. This is 
because only every 8th test has the input in full bytes. Only full bytes for 
input appear to be supported. That's ok though. After running quite a few of 
these tests CryptoJS produces the correct hashes for Keccak v3. Great stuff.

In future, perhaps we could put these test vectors into a file and have a unit 
test suite for CryptoJS.

Also if you decide to implement the actual (crippled) SHA3 standard by NIST at 
some stage, perhaps you can leave this code as it is and leave it accessible 
via CryptoJS.Keccak() then implement the finalized SHA3 standard as 
CryptoJS.SHA3(). I know there are more than a few people that don't want to use 
NIST's finalized version with faster performance but weaker security. We would 
rather just use regular Keccak as was at the end of the competition. Let's keep 
it how it is.

Original comment by john.f.m...@gmail.com on 30 Apr 2014 at 4:07

Answer 2 · 2016-04-18T08:45:27.000Z

Original comment by Jeff.Mott.OR on 15 Jun 2014 at 11:14

Changed state: Invalid