Correctness: need to check why it differs from pycryptopan

[aaronkaplan]

pycryptopan as well as yacryptopan agree on the result of the function if the key is the same and the ip address as input is the same. cryptopanlib.so does not produce the same results with the same key. Need to inspect. Probably an endianness problem (?)

[noinkling]

That's by design to some degree, the David Stott/Lucent version tries to increase randomness of the output:

https://web.archive.org/web/20180908092852/https://www.cc.gatech.edu/computing/Networking/projects/cryptopan/lucent.shtml

I choose to wrap the overflow bits from the pad back into the pad (e.g., if the pad is being shifted left, I set the LSB to the old MSB).

You can see part of the pad being rotated each iteration here:

cryptopanlib/panonymizer.cpp

Line 69 in f2872d5

u_int32_t newpad = (first4bytes_pad<<pos)|(first4bytes_pad>>(32-pos));

There's another change, which doesn't seem to be documented/explained anywhere, which is that the pad gets XORed with the address bits on each iteration:

cryptopanlib/panonymizer.cpp

Line 77 in f2872d5

*(u_int32_t*)rin_input = htonl( newpad^(orig_addr&mask));

By changing these two parts, and also changing the endianness of one value, I was able modify the program to match the reference output (and the other implementations).