Closed quentin-k closed 2 years ago
newpavlov
commented
2 years ago Hm, I wonder why both variants do not trigger failure on our tests... Can you provide test vectors which the current implementation does not pass? I will need to check HC-256 specification and compare with our implementation before merging this.
cc @emc2
quentin-k
commented
2 years ago The reason the variants do not trigger on the test vector is that the linear masking does not modify the p and q tables, only the output. Since only 32 bytes are tested the non linear masking code doesn't get applied. If the test vectors tested between 4096 and 8192 it would fail the test.
quentin-k
commented
2 years ago I have made extended the test vectors to be 8192 bytes. The following files will pass the fixed library, but fail the unfixed library, the files are also equal to the first 32 bytes of each original test vector, they are compressed into long_vector_byte_files.zip. Your variant will work on the first 4096 bytes for each of these files.
quentin-k
commented
2 years ago I was looking over my code, and am going to close the pull request unless I can modify it since I disn't fully fix h2. It is currently
#[inline]
fn h2(&self, x: u32) -> u32 {
self.qtable[(x & 0xff) as usize]
.wrapping_add(self.ptable[(256 + ((x >> 8) & 0xff)) as usize])
.wrapping_add(self.ptable[(512 + ((x >> 16) & 0xff)) as usize])
.wrapping_add(self.ptable[(768 + ((x >> 24) & 0xff)) as usize])
}instead of
#[inline]
fn h2(&self, x: u32) -> u32 {
self.ptable[(x & 0xff) as usize]
.wrapping_add(self.ptable[(256 + ((x >> 8) & 0xff)) as usize])
.wrapping_add(self.ptable[(512 + ((x >> 16) & 0xff)) as usize])
.wrapping_add(self.ptable[(768 + ((x >> 24) & 0xff)) as usize])
}
In hc-256 0.4.1, linear masking isn't applied when the
h2method is being used.