javascriptunit-testinghashcryptographykeccak

CryptoJS SHA3 does not pass any Keccak test vectors?


I am trying to get CryptoJS to pass some known answer tests for Keccak, however it appears to be giving me the incorrect digest hashes.

Click the "Known-answer and Monte Carlo test results" link on the Keccak downloads page, or go straight to the zip file.

I have been testing with the CryptoJS.SHA3 and using the test vectors from ShortMsgKAT_512.txt or LongMsgKAT_512.txt. Unfortunately I can't get it to match any of the test vectors bar one. The one I did get to pass a test was with the first test in LongMsgKAT.txt:

var message = '724627916C50338643E6996F07877EAFD96BDF01DA7E991D4155B9BE1295EA7D21C9391F4C4A41C75F77E5D27389253393725F1427F57914B273AB862B9E31DABCE506E558720520D33352D119F699E784F9E548FF91BC35CA147042128709820D69A8287EA3257857615EB0321270E94B84F446942765CE882B191FAEE7E1C87E0F0BD4E0CD8A927703524B559B769CA4ECE1F6DBF313FDCF67C572EC4185C1A88E86EC11B6454B371980020F19633B6B95BD280E4FBCB0161E1A82470320CEC6ECFA25AC73D09F1536F286D3F9DACAFB2CD1D0CE72D64D197F5C7520B3CCB2FD74EB72664BA93853EF41EABF52F015DD591500D018DD162815CC993595B195;'

var correctResult = '4E987768469F546296AD1A43D54C0A0A6C87E7E4E26B686612B1E5B1554B689BFFD56D6A4B454CE4A5717625BBAD321F8D05F19C225259646F21416AA2D7C2ED';

I got this to pass with the following code:

var words = CryptoJS.enc.Hex.parse(message.toLowerCase()); var testResult = CryptoJS.SHA3(words, { outputLength: 512 }).toString();

However the other tests I tried fail. Any idea what is going on?

Ideally crypto libraries should have unit test suites that prove their implementation is correct and matches the reference test vectors. Otherwise we can't trust the implementation. Hopefully there is an older version of the test vectors that match against this CryptoJS library otherwise I'll have to ditch the library.


Solution

  • I know that you said all tests failed, but just confirming: did every 8th test fail too? In my port to C#, the test results were provided using sub-bytes, so I had to use every 8th test as only whole bytes are supported.