8c9fdcf50fe2de50f72ce64524e2e9c216f1e827
[ccan] / ccan / crypto / shachain / shachain.c
1 /* MIT (BSD) license - see LICENSE file for details */
2 #include <ccan/crypto/shachain/shachain.h>
3 #include <ccan/ilog/ilog.h>
4 #include <limits.h>
5 #include <string.h>
6 #include <assert.h>
7
8 static void change_bit(unsigned char *arr, size_t index)
9 {
10         arr[index / CHAR_BIT] ^= (1 << (index % CHAR_BIT));
11 }
12
13 /* We can only ever *unset* bits, so to must only have bits in from. */
14 static bool can_derive(shachain_index_t from, shachain_index_t to)
15 {
16         return (~from & to) == 0;
17 }
18
19 static void derive(shachain_index_t from, shachain_index_t to,
20                    const struct sha256 *from_hash,
21                    struct sha256 *hash)
22 {
23         shachain_index_t branches;
24         int i;
25
26         assert(can_derive(from, to));
27
28         /* We start with the first hash. */
29         *hash = *from_hash;
30
31         /* This represents the bits set in from, and not to. */
32         branches = from ^ to;
33         for (i = ilog64(branches) - 1; i >= 0; i--) {
34                 if (((branches >> i) & 1)) {
35                         change_bit(hash->u.u8, i);
36                         sha256(hash, hash, sizeof(*hash));
37                 }
38         }
39 }
40
41 void shachain_from_seed(const struct sha256 *seed, shachain_index_t index,
42                         struct sha256 *hash)
43 {
44         derive((shachain_index_t)-1ULL, index, seed, hash);
45 }
46
47 void shachain_init(struct shachain *chain)
48 {
49         chain->num_valid = 0;
50         chain->max_index = 0;
51 }
52
53 bool shachain_add_hash(struct shachain *chain,
54                        shachain_index_t index, const struct sha256 *hash)
55 {
56         int i;
57
58         /* You have to insert them in order! */
59         assert(index == chain->max_index + 1 ||
60                (index == 0 && chain->num_valid == 0));
61         
62         for (i = 0; i < chain->num_valid; i++) {
63                 /* If we could derive this value, we don't need it,
64                  * not any others (since they're in order). */
65                 if (can_derive(index, chain->known[i].index)) {
66                         struct sha256 expect;
67
68                         /* Make sure the others derive as expected! */
69                         derive(index, chain->known[i].index, hash, &expect);
70                         if (memcmp(&expect, &chain->known[i].hash,
71                                    sizeof(expect)) != 0)
72                                 return false;
73                         break;
74                 }
75         }
76
77         /* This can happen if you skip indices! */
78         assert(i < sizeof(chain->known) / sizeof(chain->known[0]));
79         chain->known[i].index = index;
80         chain->known[i].hash = *hash;
81         chain->num_valid = i+1;
82         chain->max_index = index;
83         return true;
84 }
85
86 bool shachain_get_hash(const struct shachain *chain,
87                        shachain_index_t index, struct sha256 *hash)
88 {
89         int i;
90
91         for (i = 0; i < chain->num_valid; i++) {
92                 /* If we can get from key to index only by resetting bits,
93                  * we can derive from it => index has no bits key doesn't. */
94                 if (!can_derive(chain->known[i].index, index))
95                         continue;
96
97                 derive(chain->known[i].index, index, &chain->known[i].hash,
98                        hash);
99                 return true;
100         }
101         return false;
102 }