Currently, process_final_incomplete_block() will perform the round
R calculation with the remaining data, then finalize CubeHash. It
is not possible to finalize CubeHash if there's no incomplete block.
Here, we define the call of process_final_incomplete_block(NULL, 0)
as a way to directly finalize CubeHash when input is a multiple of
block size and there is no remaining data for round R.
Also, in this case, any call of process_final_incomplete_block(),
but only with a single NULL pointer, or only with n == 0, is an
indication of bug. We assert both to be zero/nonzero.
Signed-off-by: Tom Li <tomli@tomli.me>
Well, there's a reason for that test vectors are published on wikipedia.
Although this looks scary (like writing past array bounds), cubehash B
parameter is in all cases smaller than 63 (which is the first B value where
this would write behind the array), so no harm is done. For similar reason, the
"misimplemented" cubehash was cryptographically correct (i.e. without
cryptographic weakness), only implemented differently and producing different
results than those prescribed by the standard.
Practical implications of changing the hash functions are:
- everyone gets a new KeyID
- FMTSeq keys that used cubehash are invalid now, users are forced to generate
new ones