|
|
@@ -10,12 +10,28 @@ static void change_bit(unsigned char *arr, size_t index)
|
|
|
arr[index / CHAR_BIT] ^= (1 << (index % CHAR_BIT));
|
|
|
}
|
|
|
|
|
|
-static void derive(shachain_index_t index, size_t bits, struct sha256 *hash)
|
|
|
+/* We can only ever *unset* bits, so to must only have bits in from. */
|
|
|
+static bool can_derive(shachain_index_t from, shachain_index_t to)
|
|
|
{
|
|
|
+ return (~from & to) == 0;
|
|
|
+}
|
|
|
+
|
|
|
+static void derive(shachain_index_t from, shachain_index_t to,
|
|
|
+ const struct sha256 *from_hash,
|
|
|
+ struct sha256 *hash)
|
|
|
+{
|
|
|
+ shachain_index_t branches;
|
|
|
int i;
|
|
|
|
|
|
- for (i = bits - 1; i >= 0; i--) {
|
|
|
- if (!((index >> i) & 1)) {
|
|
|
+ assert(can_derive(from, to));
|
|
|
+
|
|
|
+ /* We start with the first hash. */
|
|
|
+ *hash = *from_hash;
|
|
|
+
|
|
|
+ /* This represents the bits set in from, and not to. */
|
|
|
+ branches = from ^ to;
|
|
|
+ for (i = ilog64(branches) - 1; i >= 0; i--) {
|
|
|
+ if (((branches >> i) & 1)) {
|
|
|
change_bit(hash->u.u8, i);
|
|
|
sha256(hash, hash, 1);
|
|
|
}
|
|
|
@@ -25,8 +41,7 @@ static void derive(shachain_index_t index, size_t bits, struct sha256 *hash)
|
|
|
void shachain_from_seed(const struct sha256 *seed, shachain_index_t index,
|
|
|
struct sha256 *hash)
|
|
|
{
|
|
|
- *hash = *seed;
|
|
|
- derive(index, sizeof(index) * CHAR_BIT, hash);
|
|
|
+ derive((shachain_index_t)-1ULL, index, seed, hash);
|
|
|
}
|
|
|
|
|
|
void shachain_init(struct shachain *shachain)
|
|
|
@@ -34,12 +49,6 @@ void shachain_init(struct shachain *shachain)
|
|
|
shachain->num_valid = 0;
|
|
|
}
|
|
|
|
|
|
-/* We can only ever *unset* bits, so to must only have bits in from. */
|
|
|
-static bool can_derive(shachain_index_t from, shachain_index_t to)
|
|
|
-{
|
|
|
- return (~from & to) == 0;
|
|
|
-}
|
|
|
-
|
|
|
void shachain_add_hash(struct shachain *chain,
|
|
|
shachain_index_t index, const struct sha256 *hash)
|
|
|
{
|
|
|
@@ -65,22 +74,13 @@ bool shachain_get_hash(const struct shachain *chain,
|
|
|
int i;
|
|
|
|
|
|
for (i = 0; i < chain->num_valid; i++) {
|
|
|
- shachain_index_t diff;
|
|
|
-
|
|
|
/* If we can get from key to index only by resetting bits,
|
|
|
* we can derive from it => index has no bits key doesn't. */
|
|
|
if (!can_derive(chain->known[i].index, index))
|
|
|
continue;
|
|
|
|
|
|
- /* Start from this hash. */
|
|
|
- *hash = chain->known[i].hash;
|
|
|
-
|
|
|
- /* This indicates the bits which are in 'index' and
|
|
|
- * not the key */
|
|
|
- diff = index ^ chain->known[i].index;
|
|
|
-
|
|
|
- /* Using ilog64 here is an optimization. */
|
|
|
- derive(~diff, ilog64(diff), hash);
|
|
|
+ derive(chain->known[i].index, index, &chain->known[i].hash,
|
|
|
+ hash);
|
|
|
return true;
|
|
|
}
|
|
|
return false;
|
Rusty Russell