projects
/
shamirs
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
516104a
)
Small cleanups
master
author
Matt Corallo
<git@bluematt.me>
Fri, 29 Sep 2017 17:13:53 +0000
(13:13 -0400)
committer
Matt Corallo
<git@bluematt.me>
Fri, 29 Sep 2017 17:17:33 +0000
(13:17 -0400)
main.c
patch
|
blob
|
history
shamirssecret.c
patch
|
blob
|
history
diff --git
a/main.c
b/main.c
index af5a7d791425ac764d77ffeb10640ad2186e4b24..f79f074aec31327ca19b8cc0df7a151a0b8ecc81 100644
(file)
--- a/
main.c
+++ b/
main.c
@@
-58,8
+58,6
@@
static void derive_missing_part(uint8_t total_shares, uint8_t shares_required, b
// shares, because more shares could be added arbitrarily, any x should not be
// able to rule out any possible secrets) and try each possible q, making sure
// that each q gives us a new possibility for the secret.
// shares, because more shares could be added arbitrarily, any x should not be
// able to rule out any possible secrets) and try each possible q, making sure
// that each q gives us a new possibility for the secret.
- bool impossible_secrets[P];
- memset(impossible_secrets, 0, sizeof(impossible_secrets));
for (uint16_t final_x = 1; final_x < P; final_x++) {
bool x_already_used = false;
for (uint8_t j = 0; j < shares_required; j++) {
for (uint16_t final_x = 1; final_x < P; final_x++) {
bool x_already_used = false;
for (uint8_t j = 0; j < shares_required; j++) {
diff --git
a/shamirssecret.c
b/shamirssecret.c
index f5ca5c5f135f6bd7eaad98d95e7c8905f0e2ea3f..fd309f9386ea06d66feeba3d2b7a13c0f0dd5a94 100644
(file)
--- a/
shamirssecret.c
+++ b/
shamirssecret.c
@@
-38,7
+38,6
@@
* Calculations across the finite field GF(2^8)
*/
* Calculations across the finite field GF(2^8)
*/
-#ifndef TEST
static uint8_t field_add(uint8_t a, uint8_t b) {
return a ^ b;
}
static uint8_t field_add(uint8_t a, uint8_t b) {
return a ^ b;
}
@@
-50,7
+49,6
@@
static uint8_t field_sub(uint8_t a, uint8_t b) {
static uint8_t field_neg(uint8_t a) {
return field_sub(0, a);
}
static uint8_t field_neg(uint8_t a) {
return field_sub(0, a);
}
-#endif
//TODO: Using static tables will very likely create side-channel attacks when measuring cache hits
// Because these are fairly small tables, we can probably get them loaded mostly/fully into
//TODO: Using static tables will very likely create side-channel attacks when measuring cache hits
// Because these are fairly small tables, we can probably get them loaded mostly/fully into
@@
-114,27
+112,17
@@
static uint8_t field_invert(uint8_t a) {
return exp[0xff - log[a]]; // log[1] == 0xff
}
return exp[0xff - log[a]]; // log[1] == 0xff
}
-// We disable lots of optimizations that result in non-constant runtime (+/- branch delays)
-static uint8_t field_pow_ret(uint8_t calc, uint8_t a, uint8_t e) __attribute__((optimize("-O0"))) noinline;
-static uint8_t field_pow_ret(uint8_t calc, uint8_t a, uint8_t e) {
- uint8_t ret, ret2;
- if (a == 0)
- ret2 = 0;
- else
- ret2 = calc;
- if (e == 0)
- ret = 1;
- else
- ret = ret2;
- return ret;
-}
static uint8_t field_pow(uint8_t a, uint8_t e) {
static uint8_t field_pow(uint8_t a, uint8_t e) {
+ uint8_t ret = exp[(log[a] * e) % 255];
#ifndef TEST
#ifndef TEST
- //
Although this function works for a==0, its not trivially obvious why,
- //
and since we
never call with a==0, we just assert a != 0 (except when testing)
+ //
We only work for a == 0 by branching (below), but since we
+ // never call with a==0, we just assert a != 0 (except when testing)
CHECKSTATE(a != 0);
CHECKSTATE(a != 0);
+#else
+ if (a == 0 && e != 0)
+ ret = 0;
#endif
#endif
- return
field_pow_ret(exp[(log[a] * e) % 255], a, e)
;
+ return
ret
;
}
#ifdef TEST
}
#ifdef TEST
@@
-176,6
+164,17
@@
int main() {
for (uint16_t j = 0; j < P; j++)
CHECKSTATE(field_pow(i, j) == field_pow_calc(i, j));
}
for (uint16_t j = 0; j < P; j++)
CHECKSTATE(field_pow(i, j) == field_pow_calc(i, j));
}
+
+ // Test invertibility of add/negate/subtract
+ for (uint16_t i = 0; i < P; i++) {
+ CHECKSTATE(field_neg(field_neg(i)) == i);
+ // Test add/sub commutativity
+ for (uint16_t j = 0; j < P; j++) {
+ CHECKSTATE(field_add(i, j) == field_add(j, i));
+ CHECKSTATE(field_add(i, field_neg(j)) == field_sub(i, j));
+ CHECKSTATE(field_add(field_neg(j), i) == field_sub(i, j));
+ }
+ }
}
#endif // defined(TEST)
}
#endif // defined(TEST)
@@
-202,7
+201,7
@@
uint8_t calculateQ(uint8_t coefficients[], uint8_t shares_required, uint8_t x) {
* Derives the secret given a set of shares_required points (x and q coordinates)
*/
uint8_t calculateSecret(uint8_t x[], uint8_t q[], uint8_t shares_required) {
* Derives the secret given a set of shares_required points (x and q coordinates)
*/
uint8_t calculateSecret(uint8_t x[], uint8_t q[], uint8_t shares_required) {
- // Calculate the x^0 term using a derivation of the for
u
mula at
+ // Calculate the x^0 term using a derivation of the formula at
// http://en.wikipedia.org/wiki/Lagrange_polynomial#Example_2
uint8_t ret = 0, i, j;
for (i = 0; i < shares_required; i++) {
// http://en.wikipedia.org/wiki/Lagrange_polynomial#Example_2
uint8_t ret = 0, i, j;
for (i = 0; i < shares_required; i++) {