ren1244
commented
2 years ago For cshake128(X, L, N, S)
I get incorrect result if length of S is 161 and N is empty string.
Closed paulmillr closed 1 year ago
ren1244
commented
2 years ago For cshake128(X, L, N, S)
I get incorrect result if length of S is 161 and N is empty string.
ren1244
commented
2 years ago cshake128/256
function name does not support empty Array (including Uint8Array and ArrayBuffer)customization does not support empty Array (including Uint8Array and ArrayBuffer)for example
console.log(jsSha3.cshake128('', 128, '', ''));
//get: 7f9c2ba4e88f827d616045507605853e
console.log(jsSha3.cshake128([], 128, '', ''));
//get: 7f9c2ba4e88f827d616045507605853e
console.log(jsSha3.cshake128('', 128, [], ''));
//get: 1cdef541e61a208fd370edc896cc7ee0
console.log(jsSha3.cshake128('', 128, '', []));
//get: 1cdef541e61a208fd370edc896cc7ee0
console.log(jsSha3.cshake128([], 128, [], []));
//get: 1cdef541e61a208fd370edc896cc7ee0
emn178
commented
1 year ago Thank you for reporting. Will fix in next version.
emn178
commented
1 year ago fixed in v0.9.1, please check.
You have issue with cshake implementation here: https://github.com/emn178/js-sha3/blob/b39d0910cb4cce54a6060c21e1491d55f70269bf/src/sha3.js#L326 it should be
var paddingBytes = (w - bytes % w) % w;, since it should not pad if value is already divisible by block size without remainder. (spec: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-185.pdf: bytepad function step 3 here:while (len(z)/8) mod w ≠ 0:We encountered the same error in noble-hashes, which contains XKCP-generated test vectorsTest case which triggers the error:
Instead, it returns
bc58e9c8534e5fa7346f06e6ab25e2db