Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implemented polynomial interpolation with hazmat gf256 code #2

Merged
merged 2 commits into from
Sep 6, 2019
Merged

Implemented polynomial interpolation with hazmat gf256 code #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
df5c980
removed old file
howech Jun 28, 2019
a6208c0
added some explanation of the pedigree of the hazmat.c file
howech Sep 6, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 14 additions & 17 deletions slip39/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,16 @@ CFLAGS += -g -O2 -m64 -std=c99 -pedantic \
-Werror=format-security -Wstrict-prototypes -Wmissing-prototypes \
-D_FORTIFY_SOURCE=2 -fPIC -fno-strict-overflow

SRCS = gf256.c gf256_interpolate.c slip39_encrypt.c slip39_rs1024.c \
slip39_shamir.c slip39_wordlist.c slip39_mnemonics.c
SRCS = slip39_encrypt.c slip39_rs1024.c \
slip39_shamir.c slip39_wordlist.c slip39_mnemonics.c hazmat.c

OBJS := ${SRCS:.c=.o}

all: libslip39.a

libslip39.so: libslip39.so
$(CC) -shared $(CFLAGS) $^ -o $@

libslip39.a: ../randombytes/librandombytes.a $(OBJS)
$(AR) -rcs $@ $^

Expand All @@ -21,23 +24,17 @@ slip39_tests.c: vectors_to_tests.js vectors.json

slip39_tests.o: slip39_tests.c

slip39_tests.out: slip39_tests.o gf256.o gf256_interpolate.o slip39_wordlist.o slip39_rs1024.o \
slip39_tests.out: slip39_tests.o hazmat.o slip39_wordlist.o slip39_rs1024.o \
slip39_shamir.o slip39_mnemonics.o test_random.o slip39_encrypt.o
$(CC) -o $@ $(CFLAGS) $(LDFLAGS) $^ -l crypto
$(MEMCHECK) ./$@

gf256%.o: gf256&%.c gf256.h gf256%.h
$(CC) -o $@ $(CFLAGS) $(LDFLAGS) $<

test_gf256.o: test_gf256.c gf256.h

test_gf256.out: test_gf256.o gf256.o
$(CC) -o $@ $(CFLAGS) $(LDFLAGS) $^ $(LOADLIBES) $(LDLIBS)
$(MEMCHECK) ./$@
#gf256%.o: gf256&%.c hazmat.h gf256%.h
# $(CC) -o $@ $(CFLAGS) $(LDFLAGS) $<
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove?


test_gf256_interpolate.o: test_gf256_interpolate.c
test_interpolate.o: test_interpolate.c

test_gf256_interpolate.out: gf256_interpolate.o gf256.o test_gf256_interpolate.o
test_interpolate.out: hazmat.o test_interpolate.o
$(CC) -o $@ $(CFLAGS) $(LDFLAGS) $^ $(LOADLIBES) $(LDLIBS)
$(MEMCHECK) ./$@

Expand All @@ -55,29 +52,29 @@ test_slip39_shamir.o: test_slip39_shamir.c slip39.h

slip39_shamir.o: slip39_shamir.c slip39.h

test_slip39_shamir.out: test_slip39_shamir.o slip39_shamir.o gf256.o gf256_interpolate.o test_random.o
test_slip39_shamir.out: test_slip39_shamir.o slip39_shamir.o hazmat.o test_random.o
gcc $^ -o $@ -l crypto
./$@


slip39_encrypt.o: slip39_encrypt.c slip39.h

test_slip39_encrypt.out: test_slip39_encrypt.o slip39_encrypt.o
test_slip39_encrypt.out: test_slip39_encrypt.o slip39_encrypt.o
gcc $^ -o $@ -l crypto
./$@


test_generate_combine.o: test_generate_combine.c

test_generate_combine.out: test_generate_combine.o gf256.o gf256_interpolate.o slip39_wordlist.o \
test_generate_combine.out: test_generate_combine.o hazmat.o slip39_wordlist.o \
slip39_rs1024.o slip39_shamir.o slip39_mnemonics.o slip39_encrypt.o ../randombytes/librandombytes.a
$(CC) -o $@ $(CFLAGS) $(LDFLAGS) $^ $(LOADLIBES) $(LDLIBS) -l crypto
$(MEMCHECK) ./$@

slip39: slip39_cli.c libslip39.a ../randombytes/librandombytes.a
$(CC) -o $@ $(CFLAGS) $(LDFLAGS) $^ $(LOADLIBES) $(LDLIBS) -l crypto

check: test_gf256.out test_gf256_interpolate.out test_slip39_wordlist.out \
check: test_interpolate.out test_slip39_wordlist.out \
test_slip39_shamir.out test_slip39_encrypt.out test_generate_combine.out slip39_tests.out

.PHONY: check check_slip39
Expand Down
21 changes: 10 additions & 11 deletions slip39/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,25 +8,24 @@ standard for doing so:

Along with the proposed specification, they also have provided a
[python reference implementation](https://github.com/trezor/python-shamir-mnemonic)
and a set of
and a set of
[sest vectors](https://github.com/trezor/python-shamir-mnemonic/blob/master/vectors.json).

This branch intends to provide an implementation of the specification in C. Note that SLIP39
differs from standard implementations of Shamir Sharing in a couple of ways - it adds some
digest checking that allows you to give you some assurance that the result is correct at
digest checking that allows you to give you some assurance that the result is correct at
the expense of a few bits of security, it has a two-level grouping scheme, etc. At its heart,
it ends up making more use of polynomical interpolation than other implementations do.

The file vectors_to_tests.js contains some javascript that uses the published test vectors
to produce C code that can be used to verify that the code implements the spec.

gf256.c provides a naive, table-lookup implementation of gf256 operations.

gf256_interpolate.c provides an implementation for interpolating a polynomial going
through n arbitray points at an arbitrary x-coordinate. The y-coordinates are represented
as arrays of gf256 values, and while this implementation does calculations byte-by-byte,
it is probably feasible to adapt this implementation to using the bit-slicing approach
used in hazmat.c to give an implementation with fewer side-channel attacks.
hazmat.c provides a side-channel attack resistant implementation of gf256 operations
32 elements at a time, with a couple of additional functions dealing with lagrange
polynomials and polynomial interpolation. Note that this file was copied from
the Daan's original implementation of the hazmat code in the outer directory, and
then his inperpolation functions were removed and new lagrange and interpolation
functions added.

test_random.c implements some code to act as filler for random number generation when testing.
It is clearly not designed to be used in any real life application.
Expand All @@ -41,12 +40,12 @@ imbedding a digest into the shares which requires a sha256. Again this implement
on openssl for sha256.

slip39_wordlists.c implements functions for converting byte buffers to wordlists and
and the encoding and decoding of slip39 words into 10-bit integers. the toWords and
and the encoding and decoding of slip39 words into 10-bit integers. the toWords and
fromWords functions do/check the appropriate left padding of bits described in slip39.
slip39_wordlist_english.h contains the actual word list used.

There are various and sundry test files that test key parts of the implementation. You can
build and run them all by building the make target 'check'.
build and run them all by building the make target 'check'.

There is also a quick and dirty command line. You can build it with the make target 'slip39'. Here
is a sample of running it to generate a share set and then combine some of those shares
Expand Down
85 changes: 0 additions & 85 deletions slip39/gf256.c
View file
Open in desktop

This file was deleted.

12 changes: 0 additions & 12 deletions slip39/gf256.h
View file
Open in desktop

This file was deleted.

85 changes: 0 additions & 85 deletions slip39/gf256_interpolate.c
View file
Open in desktop

This file was deleted.

37 changes: 0 additions & 37 deletions slip39/gf256_interpolate.h
View file
Open in desktop

This file was deleted.

Loading