ren1244
commented
2 years ago For cshake128(X, L, N, S)
I get incorrect result if length of S is 161 and N is empty string.
Closed paulmillr closed 10 months ago
ren1244
commented
2 years ago For cshake128(X, L, N, S)
I get incorrect result if length of S is 161 and N is empty string.
ren1244
commented
2 years ago cshake128/256
function name does not support empty Array (including Uint8Array and ArrayBuffer)customization does not support empty Array (including Uint8Array and ArrayBuffer)for example
console.log(jsSha3.cshake128('', 128, '', ''));
//get: 7f9c2ba4e88f827d616045507605853e
console.log(jsSha3.cshake128([], 128, '', ''));
//get: 7f9c2ba4e88f827d616045507605853e
console.log(jsSha3.cshake128('', 128, [], ''));
//get: 1cdef541e61a208fd370edc896cc7ee0
console.log(jsSha3.cshake128('', 128, '', []));
//get: 1cdef541e61a208fd370edc896cc7ee0
console.log(jsSha3.cshake128([], 128, [], []));
//get: 1cdef541e61a208fd370edc896cc7ee0
emn178
commented
10 months ago Thank you for reporting. Will fix in next version.
emn178
commented
10 months ago fixed in v0.9.1, please check.
You have issue with cshake implementation here: https://github.com/emn178/js-sha3/blob/b39d0910cb4cce54a6060c21e1491d55f70269bf/src/sha3.js#L326 it should be
var paddingBytes = (w - bytes % w) % w;, since it should not pad if value is already divisible by block size without remainder. (spec: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-185.pdf: bytepad function step 3 here:while (len(z)/8) mod w ≠ 0:We encountered the same error in noble-hashes, which contains XKCP-generated test vectorsTest case which triggers the error:
Instead, it returns
bc58e9c8534e5fa7346f06e6ab25e2db