Why do BouncyCastle Keccak sha-384 and MessageDigest sha-384 have different output?

1.7k Views Asked by At

Simple example hashing an array of just one byte:

import java.security.MessageDigest;
import java.util.Arrays;
import org.bouncycastle.jcajce.provider.digest.Keccak;

public class Program {
    public static void main(String[ ] args) {
        // MessageDigest:
        byte[] state = { (byte) 1};
        try {
            MessageDigest md5 = MessageDigest.getInstance("SHA-384");
            byte[] digest = md5.digest(state);
            System.out.println("A: " + Arrays.toString(digest));
        } catch (Exception e) {}

        // BouncyCastle Keccak:
        Keccak.Digest384 keccak = new Keccak.Digest384();
        keccak.update(state);
        try {
            byte[] digest = new byte[48];
            keccak.digest(digest, 0, 48);
            System.out.println("B: " + Arrays.toString(digest));
        } catch (Exception e) {}
    }
}

The output of this program is as follows:

A: [-115, 44, -24, 125, -122, -11, 95, -49, -85, 119, 10, 4, 123, 9, 13, -94, 50, 112, -6, 32, 104, 50, -33, -22, 126, 12, -108, 111, -1, 69, 31, -127, -102, -35, 36, 35, 116, -66, 85, 27, 13, 99, 24, -19, 108, 125, 65, -40]

B: [45, -11, 56, -101, -127, 15, 27, 78, 83, 13, 3, -41, 58, -24, 82, -74, 37, -120, -70, 20, 26, 16, 66, 76, 2, 104, -22, -24, -58, 79, -81, 58, -71, 1, -14, -115, -27, 85, 73, -70, -8, 113, -67, -93, -19, 62, -15, 65]

Shouldn't they be the same or am I missing something?

Version of BouncyCastle used: https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.58

Java: jdk1.8.0_121

2

There are 2 best solutions below

0
On BEST ANSWER

"SHA-384" is the hash function from the SHA2 family with a 384-bit output. You want "SHA3-384". Here some example code using your example and Bobulous' example.

import org.bouncycastle.jcajce.provider.digest.SHA3;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

import java.security.MessageDigest;
import java.security.Security;
import java.util.Arrays;

public class Main {

    public static void main(String[] args) throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        MessageDigest md5 = MessageDigest.getInstance("SHA-384");
        byte[] state = new byte[]{1};
        byte[] digest = md5.digest(state);
        System.out.println("A: " + Arrays.toString(digest));
        md5 = MessageDigest.getInstance("SHA3-384");
        digest = md5.digest(state);
        System.out.println("B: " + Arrays.toString(digest));
        SHA3.DigestSHA3 sha3 = new SHA3.DigestSHA3(384);
        digest = sha3.digest(state);
        System.out.println("C: " + Arrays.toString(digest));
    }
}

and the output is:

A: [-115, 44, -24, 125, -122, -11, 95, -49, -85, 119, 10, 4, 123, 9, 13, -94, 50, 112, -6, 32, 104, 50, -33, -22, 126, 12, -108, 111, -1, 69, 31, -127, -102, -35, 36, 35, 116, -66, 85, 27, 13, 99, 24, -19, 108, 125, 65, -40]
B: [49, 123, -48, 9, 32, 59, -57, -101, 6, 78, 83, -8, -20, -53, 99, 46, 5, 19, -121, 44, -98, -59, -64, -90, -108, -106, -82, -8, -106, 113, -81, 33, -19, -110, -93, -78, 85, 72, 12, 90, 9, 118, -22, 73, 37, -118, -64, -114]
C: [49, 123, -48, 9, 32, 59, -57, -101, 6, 78, 83, -8, -20, -53, 99, 46, 5, 19, -121, 44, -98, -59, -64, -90, -108, -106, -82, -8, -106, 113, -81, 33, -19, -110, -93, -78, 85, 72, 12, 90, 9, 118, -22, 73, 37, -118, -64, -114]
1
On

I believe your existing code is using Bouncy Castle to create a Keccak hash function. Keccak is a superset of SHA-3 digest functions, and SHA-3 requires particular settings to be configured on a Keccak function, so using a different Keccak configuration will give different results to SHA-3.

For your call to Bouncy Castle, try this instead:

import org.bouncycastle.jcajce.provider.digest.SHA3.DigestSHA3;
import org.bouncycastle.jcajce.provider.digest.SHA3.Digest384;

public class Program {
    public static void main(String[ ] args) {
        /* EARLIER CODE OMITTED */

        SHA3.DigestSHA3 sha3 = new SHA3.DigestSHA3(384);
        sha3.update(state);
        System.out.println("B: " + Arrays.toString(md.digest()));
    }
}

I don't have Bouncy Castle installed at the moment, but I believe that this will cause Bouncy Castle to use the SHA-3(384) hash function.