Potentially dead code in `ubc_check.h`

[dignifiedquire]

When porting the code to rust, I noticed that the struct fields of dv_info_t

• dvk,
• dvb,
• maski

are never actually accessed in the code, so I was wondering what the reason is for still including them, thanks. Als dv_type seems to be one of 0 (terminal marker?) 1 or 2, but the only usage I found is for checking if it is != 0

Definition: https://github.com/cr-marcstevens/sha1collisiondetection/blob/master/lib/ubc_check.h#L35

[cr-marcstevens]

The code was written quite generally as you might have noticed. There is a lot of code for recomputing from many other middle steps than actually used. That's also because the ubc_check was mostly generated automatically, the code for that is in a separate repository: https://github.com/cr-marcstevens/sha1collisiondetection-tools

The ubc_check code and the big list in there you're referencing is generated from the short list of DVs, which are purely defined by the specific combination of values for dvtype, dvK and dvB. From there also dm is generated, and ubc checks are first determined and then code generated. Although sha1collisiondetection directly uses dm for speed, instead of dvtype, dvK and dvB, I would say those values are still important information to keep: those three values are the identifier for which "disturbance vector" the attack is actually based on.

maski is always 0 and therefore unused, because we chose to generate the code for exactly 32 disturbance vectors. I think it's fine to remove maski. Because if we ever want to increase the DVlist, we'll start using uint64 instead of uint32.

[cr-marcstevens]

If you want to know more about disturbance vectors then I should refer you to the original paper:

https://marc-stevens.nl/research/papers/C13-S.pdf

The techniques and choice for sha1collisiondetection tool are described in this paper:

https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-stevens.pdf

[dignifiedquire]

Thanks a lot for the quick answer!