I am trying to get CryptoJS to pass some known answer tests for Keccak, however it appears to be giving me the incorrect digest hashes.
Click the "Known-answer and Monte Carlo test results" link on the Keccak downloads page, or go straight to the zip file.
I have been testing with the CryptoJS.SHA3 and using the test vectors from ShortMsgKAT_512.txt or LongMsgKAT_512.txt. Unfortunately I can't get it to match any of the test vectors bar one. The one I did get to pass a test was with the first test in LongMsgKAT.txt:
var message = '724627916C50338643E6996F07877EAFD96BDF01DA7E991D4155B9BE1295EA7D21C9391F4C4A41C75F77E5D27389253393725F1427F57914B273AB862B9E31DABCE506E558720520D33352D119F699E784F9E548FF91BC35CA147042128709820D69A8287EA3257857615EB0321270E94B84F446942765CE882B191FAEE7E1C87E0F0BD4E0CD8A927703524B559B769CA4ECE1F6DBF313FDCF67C572EC4185C1A88E86EC11B6454B371980020F19633B6B95BD280E4FBCB0161E1A82470320CEC6ECFA25AC73D09F1536F286D3F9DACAFB2CD1D0CE72D64D197F5C7520B3CCB2FD74EB72664BA93853EF41EABF52F015DD591500D018DD162815CC993595B195;'
var correctResult = '4E987768469F546296AD1A43D54C0A0A6C87E7E4E26B686612B1E5B1554B689BFFD56D6A4B454CE4A5717625BBAD321F8D05F19C225259646F21416AA2D7C2ED';
I got this to pass with the following code:
var words = CryptoJS.enc.Hex.parse(message.toLowerCase());
var testResult = CryptoJS.SHA3(words, { outputLength: 512 }).toString();
However the other tests I tried fail. Any idea what is going on?
One possibility is the Keccak team have updated the algorithm and the test vectors since CryptoJS author wrote the code. Is there a way to view the original test vectors in their source control which would match the the current CryptoJS.SHA3 code? I think I saw a link around to their online source control (CVS?) but can't find it now.
Another possibility is I'm using the wrong test vector file. Does anyone know what Rate and Capacity settings are used internally by CryptoJS.SHA3 and what test vectors to match it against?
Ideally crypto libraries should have unit test suites that prove their implementation is correct and matches the reference test vectors. Otherwise we can't trust the implementation. Hopefully there is an older version of the test vectors that match against this CryptoJS library otherwise I'll have to ditch the library.
I know that you said all tests failed, but just confirming: did every 8th test fail too? In my port to C#, the test results were provided using sub-bytes, so I had to use every 8th test as only whole bytes are supported.