KMACXOF(128/256) examples are not working with this implementation in PHP ( base on NIST docs)

[Emcode98]

Hello Denobisipsis,

I was checking an implementation that I am building and I did use your code ( 1000 thanks for it) super easy to understand since it is PHP.

I did use this Doc from NIST:
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/KMACXOF_samples.pdf

from tests, I did run the KMACs from "Sample 1 to 6" and none of them aim the correct results :-( I am almost sure that is me and not your code, if if you can spare some time to explain what I am doing wrong ie I use "Sample #1" in the document:

# Execute the "Sample #1" from NIST-DOC KMACXOF_samples.pdf
# I did run it from the CLI from an Ubuntu with PHP8 installed
#
php shahash.php KMACXOF128 -H 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F 00010203 256

Calling KMAC KMACXOF128 ...
.. arg1 = [-H]
.. arg2 = [404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F]
.. arg3 = [00010203]
.. arg4 = [256]
.. arg5 = []
[
1c 7f 9b f1 c3 35 c9 7d fa 48 fb a5 00 27 05 92
30 f1 ba 42 ae 74 9a d5 34 2f 96 5d d4 d7 3d 0c
-> len(32)
]

Base on the NIST test Doc the output of "Sample #1" should be:
Outval is
CD 83 74 0B BD 92 CC C8 CF 03 2B 14 81 A0 F4 46
0E 7C A9 DD 12 B0 8A 0C 40 31 17 8B AC D6 EC 35

---

I did add a little bit of code at the end of your code just to print the arguments in HEX alike the NIST document:

	function print_raw($stream)
	{
		$l_out="[\n";
		$l_thex = $stream;
		$l=strlen( $l_thex);
		$l_tmp_array []=str_split( $l_thex, 2);
		$l_cnt=0;
		for ($x = 0; $x <= intval($l/2);$x++)
		{
			$l_cnt++;
			$l_out=$l_out.substr($l_thex,($x*2),2)." ";
			if ( ($l_cnt % 8) == 0) $l_out = $l_out." ";
			if ( ($l_cnt % 16) == 0) $l_out = $l_out."\n";
		}

		$l_out = $l_out." -> len(".($l_cnt-1).")\n";
		$l_out=$l_out."]";
		return $l_out;
	} // end print_raw



// position [0] is the script's file name
array_shift($argv);
$funcName = array_shift($argv);
if ($argc >1) $v_arg1 = array_shift($argv);
if ($argc >2) $v_arg2 = array_shift($argv);
if ($argc >3) $v_arg3 = array_shift($argv); else $v_arg3="";
if ($argc >4) $v_arg4 = array_shift($argv); else $v_arg4="";
if ($argc >5) $v_arg5 = array_shift($argv); else $v_arg5="";

  echo "Calling KMAC $funcName ...\n";
  echo ".. arg1 = [".$v_arg1."]\n";
  echo ".. arg2 = [".$v_arg2."]\n";
  echo ".. arg3 = [".$v_arg3."]\n";
  echo ".. arg4 = [".$v_arg4."]\n";
  echo ".. arg5 = [".$v_arg5."]\n";


	if (  strtoupper($v_arg1) == '-H' )
	{
		$l_value1 = pack("H*", $v_arg2 );
		$l_value2 = pack("H*", $v_arg3 );
		$l_value3 = $v_arg4;
		$l_value4 = pack("H*", $v_arg5 );
	}
	else
	{
		$l_value1 = $v_arg1;
		$l_value2 = $v_arg2;
		$l_value3 = $v_arg3;
		$l_value4 = $v_arg4;
	}
  $obj = new SHA();
  $l_rtn = $obj->KMACXOF128($l_value1, $l_value2, $l_value3, $l_value4);

  echo $obj->print_raw($l_rtn)."\n";

What call that I be using in your code to KMACXOF128 ? ... I did also try the KMACXOF256 ( with the "Sample #5" on the NIST-DOC and it didn't match either)

Or I am using an old NIST-DOC and there is something new(with CVE fixes etc ) that I should be considering.

Please let me know your thoughts /comments etc.

Best Regards,
EM

[denobisipsis]

Under Kali WSL php 8.1 using your code

$ php shahash.php KMACXOF256 -H 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F 00010203 256
Calling KMAC KMACXOF256 ...
.. arg1 = [-H]
.. arg2 = [404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F]
.. arg3 = [00010203]
.. arg4 = [256]
.. arg5 = []
[
1c 7f 9b f1 c3 35 c9 7d fa 48 fb a5 00 27 05 92
30 f1 ba 42 ae 74 9a d5 34 2f 96 5d d4 d7 3d 0c
-> len(32)
]

$ php shahash.php KMACXOF128 -H 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F 00010203 256
Calling KMAC KMACXOF128 ...
.. arg1 = [-H]
.. arg2 = [404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F]
.. arg3 = [00010203]
.. arg4 = [256]
.. arg5 = []
[
cd 83 74 0b bd 92 cc c8 cf 03 2b 14 81 a0 f4 46
0e 7c a9 dd 12 b0 8a 0c 40 31 17 8b ac d6 ec 35
-> len(32)
]

The rest of NIST samples are right too.