arr[index / CHAR_BIT] ^= (1 << (index % CHAR_BIT));
}
-/* We can only ever *unset* bits, so to must only have bits in from. */
-static bool can_derive(shachain_index_t from, shachain_index_t to)
+static unsigned int count_trailing_zeroes(uint64_t index)
{
- return (~from & to) == 0;
+#if HAVE_BUILTIN_CTZLL
+ return index ? (unsigned int)__builtin_ctzll(index) : SHACHAIN_BITS;
+#else
+ unsigned int i;
+
+ for (i = 0; i < SHACHAIN_BITS; i++) {
+ if (index & (1ULL << i))
+ break;
+ }
+ return i;
+#endif
+}
+
+static bool can_derive(uint64_t from, uint64_t to)
+{
+ uint64_t mask;
+
+ /* Corner case: can always derive from seed. */
+ if (from == 0)
+ return true;
+
+ /* Leading bits must be the same */
+ mask = ~(((uint64_t)1 << count_trailing_zeroes(from))-1);
+ return ((from ^ to) & mask) == 0;
}
-static void derive(shachain_index_t from, shachain_index_t to,
+static void derive(uint64_t from, uint64_t to,
const struct sha256 *from_hash,
struct sha256 *hash)
{
- shachain_index_t branches;
+ uint64_t branches;
int i;
assert(can_derive(from, to));
/* We start with the first hash. */
*hash = *from_hash;
- /* This represents the bits set in from, and not to. */
+ /* This represents the bits set in to, and not from. */
branches = from ^ to;
for (i = ilog64(branches) - 1; i >= 0; i--) {
if (((branches >> i) & 1)) {
change_bit(hash->u.u8, i);
- sha256(hash, hash, 1);
+ sha256(hash, hash, sizeof(*hash));
}
}
}
-void shachain_from_seed(const struct sha256 *seed, shachain_index_t index,
+void shachain_from_seed(const struct sha256 *seed, uint64_t index,
struct sha256 *hash)
{
- derive((shachain_index_t)-1ULL, index, seed, hash);
+ derive(0, index, seed, hash);
+}
+
+uint64_t shachain_next_index(const struct shachain *chain)
+{
+ return chain->min_index - 1;
}
void shachain_init(struct shachain *chain)
{
chain->num_valid = 0;
- chain->max_index = 0;
+ /* This is 0 in the case where SHACHAIN_BITS is 64. */
+ chain->min_index = (UINT64_MAX >> (64 - SHACHAIN_BITS)) + 1;
}
bool shachain_add_hash(struct shachain *chain,
- shachain_index_t index, const struct sha256 *hash)
+ uint64_t index, const struct sha256 *hash)
{
- int i;
+ unsigned int i, pos;
/* You have to insert them in order! */
- assert(index == chain->max_index + 1 ||
- (index == 0 && chain->num_valid == 0));
-
- for (i = 0; i < chain->num_valid; i++) {
- /* If we could derive this value, we don't need it,
- * not any others (since they're in order). */
- if (can_derive(index, chain->known[i].index)) {
- struct sha256 expect;
-
- /* Make sure the others derive as expected! */
- derive(index, chain->known[i].index, hash, &expect);
- if (memcmp(&expect, &chain->known[i].hash,
- sizeof(expect)) != 0)
- return false;
- break;
- }
+ assert(index == shachain_next_index(chain));
+
+ pos = count_trailing_zeroes(index);
+
+ /* All derivable answers must be valid. */
+ /* FIXME: Is it sufficient to check just the next answer? */
+ for (i = 0; i < pos; i++) {
+ struct sha256 expect;
+
+ /* Make sure the others derive as expected! */
+ derive(index, chain->known[i].index, hash, &expect);
+ if (memcmp(&expect, &chain->known[i].hash, sizeof(expect)))
+ return false;
}
- /* This can happen if you skip indices! */
- assert(i < sizeof(chain->known) / sizeof(chain->known[0]));
- chain->known[i].index = index;
- chain->known[i].hash = *hash;
- chain->num_valid = i+1;
- chain->max_index = index;
+ chain->known[pos].index = index;
+ chain->known[pos].hash = *hash;
+ if (pos + 1 > chain->num_valid)
+ chain->num_valid = pos + 1;
+ chain->min_index = index;
return true;
}
bool shachain_get_hash(const struct shachain *chain,
- shachain_index_t index, struct sha256 *hash)
+ uint64_t index, struct sha256 *hash)
{
- int i;
+ unsigned int i;
for (i = 0; i < chain->num_valid; i++) {
/* If we can get from key to index only by resetting bits,