Proper SHA3 implementation?
iagox86 opened this issue · comments
Hey,
I'm trying to find a SHA3 library for Ruby, but it seems like every library (this one included) is, if I'm not mistaken, using an old version of Keccak for validation, not the actual standardized SHA3.
The most recent SHA3 test vectors say that the hash of the blank string should be:
A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A
however, in this library, it works out to:
C5D2460186F7233C927E7DB2DCC703C0E500B653CA82273B7BFAD8045D85A470
After some research, I found some pages that calculate both the original keccak and the sha3, and it confirms that the first output is correct. Here's one such page:
https://www.npmjs.com/package/js-sha3
And here's a blank test vector from the original docs:
http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/SHA3-256_Msg0.pdf
Which agrees with everything else, and shows that the output is wrong.
Is there any chance of getting this fixed? Or of adding an option to use the new variation?
It appears to be a padding issue.. NIST changed the padding to be:
SHA3-256(M) = K ECCAK [512] (M || 01, 256);
But this implementation doesn't account for the 01 bits in the padding. After padding the empty string, the first byte should be '06', not '01', to account for the extra 01 at the start (6 = 00000110, reversing endian = 01100000, the current padding is 10000......, but the proper padding is that one, 01 then 10000.......
@iagox86 This version of the gem is based on the original (optimized) C reference implementation released by Keccak team. I know that they have updated their implementation, and provide FIPS 202 support, but the gem's backing code MAY require a good amount of rewrite. Nonetheless, this is something I've been wanting to do, and I suppose it should be done sooner rather than later.
I'll look into this, but considering my schedule, I'm doubtful that I'll be able to complete a new release quickly (2 - 3 weeks would be optimistic). Of course, pull requests are welcome. :)
@iagox86 Quick update: I've managed to get SHA3-256 (FIPS 202) tests to pass. There is still quite a bit of work that needs to be done, but I should have it completed sooner than 2-weeks.
Sweet, thanks!
On Wed, Oct 21, 2015 at 11:34 AM, Johanns Gregorian <
notifications@github.com> wrote:
@iagox86 https://github.com/iagox86 Quick update: I've managed to get
SHA3-256 (FIPS 202) tests to pass. There is still quite a bit of work that
needs to be done, but I should have it completed sooner than 2-weeks.—
Reply to this email directly or view it on GitHub
#6 (comment).
@iagox86 I think it's done. I haven't cut a new gem yet, but you can grab a pre-release here:
https://github.com/johanns/sha3/releases/tag/v1.0.1
A few notes:
- There is no Keccak (non-FIPS) mode -- in other words, it's not backwards compatible (but fully SHA3 compliant). I didn't think this was necessary/required, and it was simpler to replace, rather than augment.
- I haven't implemented SHAKE128/256 functions, yet.
Let me know if this meets your expectations, and/or if you find any bugs.
Awesome, I'll check it out! Thanks for the update!
On Thu, Oct 22, 2015 at 12:11 AM, Johanns Gregorian <
notifications@github.com> wrote:
@iagox86 https://github.com/iagox86 I think it's done. I haven't cut a
new gem yet, but you can grab a pre-release here:https://github.com/johanns/sha3/releases/tag/v1.0.1
A few notes:
- There is no Keccak (non-FIPS) mode -- in other words, it's not
backwards compatible (but fully SHA3 compliant). I didn't think this was
necessary/required, and it was simpler to replace, rather than augment.- I haven't implemented SHAKE128/256 functions, yet.
Let me know if this meets your expectations, and/or if you find any bugs.
—
Reply to this email directly or view it on GitHub
#6 (comment).
Just letting you know that (at least for what I'm doing), it's working perfectly!
@iagox86 - Thanks for the feedback!