FSB produces wrong hashes.

[fschmalzel]

Description

I tested several messages for a university assignment and compared the digests to the reference implementation. For longer messages the FSB implementation produces different results.

Using the random data from https://github.com/RustCrypto/hashes/blob/master/fsb/tests/mod.rs#L15 with the reference implementation produces the hash 40b7538be5e51978690d1a92fe12a7f25f0a7f08. The implementation of this project produces the hash 454b28a8d158ad63ff59e3f761919c7581ee78d3 for this data. Empty and small files seem to work fine and produce the same hashes.

For convenience the random data is uploaded here: testdata.txt

I am fairly new to Rust, so it is possible i somehow used this library wrongly.

I couldn't find any other FSB implementations to compare against to verify the results.

Testing reference implementation

wget https://www.paris.inria.fr/secret/CBCrypto/fsb_reference_implementation.zip
unzip fsb_reference_implementation.zip
cd Reference_Implementation
make
./fsb -s 160 <insert path>/testdata.txt

Testing this implementation

#[test]
fn fsb160_compare_to_reference_impl() {
    let mut h = Fsb160::new();
    let data = include_bytes!("<insert path>/testdata.txt");
    h.update(data);
    let hash = &h.finalize()[..];
    println!("Hash: {:02X?}", hash);
    assert_eq!(
        hash,
        &hex!("40b7538be5e51978690d1a92fe12a7f25f0a7f08")[..]
    );
}

Links to reference implementation

Reference implementation: https://www.paris.inria.fr/secret/CBCrypto/index.php?pg=fsb (on the right side)
Reference implementation direct download: https://www.paris.inria.fr/secret/CBCrypto/fsb_reference_implementation.zip

[newpavlov]

Thank you for reporting this! I do not have time to properly debug this issue right now, but I will try to look into it somewhat later.

cc @iquerejeta

[iquerejeta]

Thanks for sharing! The next couple of weeks I'm not at home, but I'll look into it as I get back. Curious to see what causes the fault with long messages.

Maybe in the meantime we can put a little footnote in the README, wdyt @newpavlov?

[fschmalzel]

Hi I've found smaller messages that produce different hashes. The smallest that i found is 52 bytes long for fsb160:
45fdeca3b08e38af53d7c4c60e3ad208ce5066441036e9f191e0b75036a77f65e2eaa4752443233fbe8f8943bf956de595665c38

Test:

#[test]
fn fsb160_compare_to_reference_impl_52() {
    let mut h = Fsb160::new();
    let data = &hex!("45fdeca3b08e38af53d7c4c60e3ad208ce5066441036e9f191e0b75036a77f65e2eaa4752443233fbe8f8943bf956de595665c38")[..];
    h.update(data);
    let hash = &h.finalize()[..];
    assert_eq!(
        hash,
        &hex!("57ff8cabced1b6992729bcc886f631a9502d62fd")[..]
    );
}

[iquerejeta]

@fschmalzel , I've tried to see that your failing examples now work, and they do. If by any chance you have other examples that failed, it would be great if you could try them out now with the code of #379 . Thanks for spotting the mismatch and letting us know! 👍