Botan 3.6.1
Crypto and TLS for C&
zfec.cpp
Go to the documentation of this file.
1/*
2* Forward error correction based on Vandermonde matrices
3*
4* (C) 1997-1998 Luigi Rizzo (luigi@iet.unipi.it)
5* (C) 2009,2010,2021 Jack Lloyd
6* (C) 2011 Billy Brumley (billy.brumley@aalto.fi)
7*
8* Botan is released under the Simplified BSD License (see license.txt)
9*/
10
11#include <botan/zfec.h>
12
13#include <botan/exceptn.h>
14#include <botan/mem_ops.h>
15#include <botan/internal/cpuid.h>
16#include <cstring>
17#include <vector>
18
19namespace Botan {
20
21namespace {
22
23/* Tables for arithetic in GF(2^8) using 1+x^2+x^3+x^4+x^8
24*
25* See Lin & Costello, Appendix A, and Lee & Messerschmitt, p. 453.
26*
27* Generate GF(2**m) from the irreducible polynomial p(X) in p[0]..p[m]
28* Lookup tables:
29* index->polynomial form gf_exp[] contains j= \alpha^i;
30* polynomial form -> index form gf_log[ j = \alpha^i ] = i
31* \alpha=x is the primitive element of GF(2^m)
32*/
33alignas(256) const uint8_t GF_EXP[255] = {
34 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1D, 0x3A, 0x74, 0xE8, 0xCD, 0x87, 0x13, 0x26, 0x4C, 0x98, 0x2D,
35 0x5A, 0xB4, 0x75, 0xEA, 0xC9, 0x8F, 0x03, 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0x9D, 0x27, 0x4E, 0x9C, 0x25, 0x4A,
36 0x94, 0x35, 0x6A, 0xD4, 0xB5, 0x77, 0xEE, 0xC1, 0x9F, 0x23, 0x46, 0x8C, 0x05, 0x0A, 0x14, 0x28, 0x50, 0xA0, 0x5D,
37 0xBA, 0x69, 0xD2, 0xB9, 0x6F, 0xDE, 0xA1, 0x5F, 0xBE, 0x61, 0xC2, 0x99, 0x2F, 0x5E, 0xBC, 0x65, 0xCA, 0x89, 0x0F,
38 0x1E, 0x3C, 0x78, 0xF0, 0xFD, 0xE7, 0xD3, 0xBB, 0x6B, 0xD6, 0xB1, 0x7F, 0xFE, 0xE1, 0xDF, 0xA3, 0x5B, 0xB6, 0x71,
39 0xE2, 0xD9, 0xAF, 0x43, 0x86, 0x11, 0x22, 0x44, 0x88, 0x0D, 0x1A, 0x34, 0x68, 0xD0, 0xBD, 0x67, 0xCE, 0x81, 0x1F,
40 0x3E, 0x7C, 0xF8, 0xED, 0xC7, 0x93, 0x3B, 0x76, 0xEC, 0xC5, 0x97, 0x33, 0x66, 0xCC, 0x85, 0x17, 0x2E, 0x5C, 0xB8,
41 0x6D, 0xDA, 0xA9, 0x4F, 0x9E, 0x21, 0x42, 0x84, 0x15, 0x2A, 0x54, 0xA8, 0x4D, 0x9A, 0x29, 0x52, 0xA4, 0x55, 0xAA,
42 0x49, 0x92, 0x39, 0x72, 0xE4, 0xD5, 0xB7, 0x73, 0xE6, 0xD1, 0xBF, 0x63, 0xC6, 0x91, 0x3F, 0x7E, 0xFC, 0xE5, 0xD7,
43 0xB3, 0x7B, 0xF6, 0xF1, 0xFF, 0xE3, 0xDB, 0xAB, 0x4B, 0x96, 0x31, 0x62, 0xC4, 0x95, 0x37, 0x6E, 0xDC, 0xA5, 0x57,
44 0xAE, 0x41, 0x82, 0x19, 0x32, 0x64, 0xC8, 0x8D, 0x07, 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0xDD, 0xA7, 0x53, 0xA6, 0x51,
45 0xA2, 0x59, 0xB2, 0x79, 0xF2, 0xF9, 0xEF, 0xC3, 0x9B, 0x2B, 0x56, 0xAC, 0x45, 0x8A, 0x09, 0x12, 0x24, 0x48, 0x90,
46 0x3D, 0x7A, 0xF4, 0xF5, 0xF7, 0xF3, 0xFB, 0xEB, 0xCB, 0x8B, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x7D, 0xFA, 0xE9, 0xCF,
47 0x83, 0x1B, 0x36, 0x6C, 0xD8, 0xAD, 0x47, 0x8E,
48};
49
50alignas(256) const uint8_t GF_LOG[256] = {
51 0xFF, 0x00, 0x01, 0x19, 0x02, 0x32, 0x1A, 0xC6, 0x03, 0xDF, 0x33, 0xEE, 0x1B, 0x68, 0xC7, 0x4B, 0x04, 0x64, 0xE0,
52 0x0E, 0x34, 0x8D, 0xEF, 0x81, 0x1C, 0xC1, 0x69, 0xF8, 0xC8, 0x08, 0x4C, 0x71, 0x05, 0x8A, 0x65, 0x2F, 0xE1, 0x24,
53 0x0F, 0x21, 0x35, 0x93, 0x8E, 0xDA, 0xF0, 0x12, 0x82, 0x45, 0x1D, 0xB5, 0xC2, 0x7D, 0x6A, 0x27, 0xF9, 0xB9, 0xC9,
54 0x9A, 0x09, 0x78, 0x4D, 0xE4, 0x72, 0xA6, 0x06, 0xBF, 0x8B, 0x62, 0x66, 0xDD, 0x30, 0xFD, 0xE2, 0x98, 0x25, 0xB3,
55 0x10, 0x91, 0x22, 0x88, 0x36, 0xD0, 0x94, 0xCE, 0x8F, 0x96, 0xDB, 0xBD, 0xF1, 0xD2, 0x13, 0x5C, 0x83, 0x38, 0x46,
56 0x40, 0x1E, 0x42, 0xB6, 0xA3, 0xC3, 0x48, 0x7E, 0x6E, 0x6B, 0x3A, 0x28, 0x54, 0xFA, 0x85, 0xBA, 0x3D, 0xCA, 0x5E,
57 0x9B, 0x9F, 0x0A, 0x15, 0x79, 0x2B, 0x4E, 0xD4, 0xE5, 0xAC, 0x73, 0xF3, 0xA7, 0x57, 0x07, 0x70, 0xC0, 0xF7, 0x8C,
58 0x80, 0x63, 0x0D, 0x67, 0x4A, 0xDE, 0xED, 0x31, 0xC5, 0xFE, 0x18, 0xE3, 0xA5, 0x99, 0x77, 0x26, 0xB8, 0xB4, 0x7C,
59 0x11, 0x44, 0x92, 0xD9, 0x23, 0x20, 0x89, 0x2E, 0x37, 0x3F, 0xD1, 0x5B, 0x95, 0xBC, 0xCF, 0xCD, 0x90, 0x87, 0x97,
60 0xB2, 0xDC, 0xFC, 0xBE, 0x61, 0xF2, 0x56, 0xD3, 0xAB, 0x14, 0x2A, 0x5D, 0x9E, 0x84, 0x3C, 0x39, 0x53, 0x47, 0x6D,
61 0x41, 0xA2, 0x1F, 0x2D, 0x43, 0xD8, 0xB7, 0x7B, 0xA4, 0x76, 0xC4, 0x17, 0x49, 0xEC, 0x7F, 0x0C, 0x6F, 0xF6, 0x6C,
62 0xA1, 0x3B, 0x52, 0x29, 0x9D, 0x55, 0xAA, 0xFB, 0x60, 0x86, 0xB1, 0xBB, 0xCC, 0x3E, 0x5A, 0xCB, 0x59, 0x5F, 0xB0,
63 0x9C, 0xA9, 0xA0, 0x51, 0x0B, 0xF5, 0x16, 0xEB, 0x7A, 0x75, 0x2C, 0xD7, 0x4F, 0xAE, 0xD5, 0xE9, 0xE6, 0xE7, 0xAD,
64 0xE8, 0x74, 0xD6, 0xF4, 0xEA, 0xA8, 0x50, 0x58, 0xAF};
65
66alignas(256) const uint8_t GF_INVERSE[256] = {
67 0x00, 0x01, 0x8E, 0xF4, 0x47, 0xA7, 0x7A, 0xBA, 0xAD, 0x9D, 0xDD, 0x98, 0x3D, 0xAA, 0x5D, 0x96, 0xD8, 0x72, 0xC0,
68 0x58, 0xE0, 0x3E, 0x4C, 0x66, 0x90, 0xDE, 0x55, 0x80, 0xA0, 0x83, 0x4B, 0x2A, 0x6C, 0xED, 0x39, 0x51, 0x60, 0x56,
69 0x2C, 0x8A, 0x70, 0xD0, 0x1F, 0x4A, 0x26, 0x8B, 0x33, 0x6E, 0x48, 0x89, 0x6F, 0x2E, 0xA4, 0xC3, 0x40, 0x5E, 0x50,
70 0x22, 0xCF, 0xA9, 0xAB, 0x0C, 0x15, 0xE1, 0x36, 0x5F, 0xF8, 0xD5, 0x92, 0x4E, 0xA6, 0x04, 0x30, 0x88, 0x2B, 0x1E,
71 0x16, 0x67, 0x45, 0x93, 0x38, 0x23, 0x68, 0x8C, 0x81, 0x1A, 0x25, 0x61, 0x13, 0xC1, 0xCB, 0x63, 0x97, 0x0E, 0x37,
72 0x41, 0x24, 0x57, 0xCA, 0x5B, 0xB9, 0xC4, 0x17, 0x4D, 0x52, 0x8D, 0xEF, 0xB3, 0x20, 0xEC, 0x2F, 0x32, 0x28, 0xD1,
73 0x11, 0xD9, 0xE9, 0xFB, 0xDA, 0x79, 0xDB, 0x77, 0x06, 0xBB, 0x84, 0xCD, 0xFE, 0xFC, 0x1B, 0x54, 0xA1, 0x1D, 0x7C,
74 0xCC, 0xE4, 0xB0, 0x49, 0x31, 0x27, 0x2D, 0x53, 0x69, 0x02, 0xF5, 0x18, 0xDF, 0x44, 0x4F, 0x9B, 0xBC, 0x0F, 0x5C,
75 0x0B, 0xDC, 0xBD, 0x94, 0xAC, 0x09, 0xC7, 0xA2, 0x1C, 0x82, 0x9F, 0xC6, 0x34, 0xC2, 0x46, 0x05, 0xCE, 0x3B, 0x0D,
76 0x3C, 0x9C, 0x08, 0xBE, 0xB7, 0x87, 0xE5, 0xEE, 0x6B, 0xEB, 0xF2, 0xBF, 0xAF, 0xC5, 0x64, 0x07, 0x7B, 0x95, 0x9A,
77 0xAE, 0xB6, 0x12, 0x59, 0xA5, 0x35, 0x65, 0xB8, 0xA3, 0x9E, 0xD2, 0xF7, 0x62, 0x5A, 0x85, 0x7D, 0xA8, 0x3A, 0x29,
78 0x71, 0xC8, 0xF6, 0xF9, 0x43, 0xD7, 0xD6, 0x10, 0x73, 0x76, 0x78, 0x99, 0x0A, 0x19, 0x91, 0x14, 0x3F, 0xE6, 0xF0,
79 0x86, 0xB1, 0xE2, 0xF1, 0xFA, 0x74, 0xF3, 0xB4, 0x6D, 0x21, 0xB2, 0x6A, 0xE3, 0xE7, 0xB5, 0xEA, 0x03, 0x8F, 0xD3,
80 0xC9, 0x42, 0xD4, 0xE8, 0x75, 0x7F, 0xFF, 0x7E, 0xFD};
81
82const uint8_t* GF_MUL_TABLE(uint8_t y) {
83 class GF_Table final {
84 public:
85 GF_Table() {
86 m_table.resize(256 * 256);
87
88 // x*0 = 0*y = 0 so we iterate over [1,255)
89 for(size_t i = 1; i != 256; ++i) {
90 for(size_t j = 1; j != 256; ++j) {
91 m_table[256 * i + j] = GF_EXP[(GF_LOG[i] + GF_LOG[j]) % 255];
92 }
93 }
94 }
95
96 const uint8_t* ptr(uint8_t y) const { return &m_table[256 * y]; }
97
98 private:
99 std::vector<uint8_t> m_table;
100 };
101
102 static GF_Table table;
103 return table.ptr(y);
104}
105
106/*
107* invert_matrix() takes a K*K matrix and produces its inverse
108* (Gauss-Jordan algorithm, adapted from Numerical Recipes in C)
109*/
110void invert_matrix(uint8_t matrix[], size_t K) {
111 class pivot_searcher {
112 public:
113 explicit pivot_searcher(size_t K) : m_ipiv(K) {}
114
115 std::pair<size_t, size_t> operator()(size_t col, const uint8_t matrix[]) {
116 /*
117 * Zeroing column 'col', look for a non-zero element.
118 * First try on the diagonal, if it fails, look elsewhere.
119 */
120
121 const size_t K = m_ipiv.size();
122
123 if(m_ipiv[col] == false && matrix[col * K + col] != 0) {
124 m_ipiv[col] = true;
125 return std::make_pair(col, col);
126 }
127
128 for(size_t row = 0; row != K; ++row) {
129 if(m_ipiv[row]) {
130 continue;
131 }
132
133 for(size_t i = 0; i != K; ++i) {
134 if(m_ipiv[i] == false && matrix[row * K + i] != 0) {
135 m_ipiv[i] = true;
136 return std::make_pair(row, i);
137 }
138 }
139 }
140
141 throw Invalid_Argument("ZFEC: pivot not found in invert_matrix");
142 }
143
144 private:
145 // Marks elements already used as pivots
146 std::vector<bool> m_ipiv;
147 };
148
149 pivot_searcher pivot_search(K);
150 std::vector<size_t> indxc(K);
151 std::vector<size_t> indxr(K);
152
153 for(size_t col = 0; col != K; ++col) {
154 const auto icolrow = pivot_search(col, matrix);
155
156 const size_t icol = icolrow.first;
157 const size_t irow = icolrow.second;
158
159 /*
160 * swap rows irow and icol, so afterwards the diagonal
161 * element will be correct. Rarely done, not worth
162 * optimizing.
163 */
164 if(irow != icol) {
165 for(size_t i = 0; i != K; ++i) {
166 std::swap(matrix[irow * K + i], matrix[icol * K + i]);
167 }
168 }
169
170 indxr[col] = irow;
171 indxc[col] = icol;
172 uint8_t* pivot_row = &matrix[icol * K];
173 const uint8_t c = pivot_row[icol];
174 pivot_row[icol] = 1;
175
176 if(c == 0) {
177 throw Invalid_Argument("ZFEC: singlar matrix");
178 }
179
180 if(c != 1) {
181 const uint8_t* mul_c = GF_MUL_TABLE(GF_INVERSE[c]);
182 for(size_t i = 0; i != K; ++i) {
183 pivot_row[i] = mul_c[pivot_row[i]];
184 }
185 }
186
187 /*
188 * From all rows, remove multiples of the selected row to zero
189 * the relevant entry (in fact, the entry is not zero because we
190 * know it must be zero).
191 */
192 for(size_t i = 0; i != K; ++i) {
193 if(i != icol) {
194 const uint8_t z = matrix[i * K + icol];
195 matrix[i * K + icol] = 0;
196
197 // This is equivalent to addmul()
198 const uint8_t* mul_z = GF_MUL_TABLE(z);
199 for(size_t j = 0; j != K; ++j) {
200 matrix[i * K + j] ^= mul_z[pivot_row[j]];
201 }
202 }
203 }
204 }
205
206 for(size_t i = 0; i != K; ++i) {
207 if(indxr[i] != indxc[i]) {
208 for(size_t row = 0; row != K; ++row) {
209 std::swap(matrix[row * K + indxr[i]], matrix[row * K + indxc[i]]);
210 }
211 }
212 }
213}
214
215/*
216* Generate and invert a Vandermonde matrix.
217*
218* Only uses the second column of the matrix, containing the p_i's
219* (contents - 0, GF_EXP[0...n])
220*
221* Algorithm borrowed from "Numerical recipes in C", section 2.8, but
222* largely revised for my purposes.
223*
224* p = coefficients of the matrix (p_i)
225* q = values of the polynomial (known)
226*/
227void create_inverted_vdm(uint8_t vdm[], size_t K) {
228 if(K == 0) {
229 return;
230 }
231
232 if(K == 1) {
233 // degenerate case, matrix must be p^0 = 1
234 vdm[0] = 1;
235 return;
236 }
237
238 /*
239 * c holds the coefficient of P(x) = Prod (x - p_i), i=0..K-1
240 * b holds the coefficient for the matrix inversion
241 */
242 std::vector<uint8_t> b(K);
243 std::vector<uint8_t> c(K);
244
245 /*
246 * construct coeffs. recursively. We know c[K] = 1 (implicit)
247 * and start P_0 = x - p_0, then at each stage multiply by
248 * x - p_i generating P_i = x P_{i-1} - p_i P_{i-1}
249 * After K steps we are done.
250 */
251 c[K - 1] = 0; /* really -p(0), but x = -x in GF(2^m) */
252 for(size_t i = 1; i < K; ++i) {
253 const uint8_t* mul_p_i = GF_MUL_TABLE(GF_EXP[i]);
254
255 for(size_t j = K - 1 - (i - 1); j < K - 1; ++j) {
256 c[j] ^= mul_p_i[c[j + 1]];
257 }
258 c[K - 1] ^= GF_EXP[i];
259 }
260
261 for(size_t row = 0; row < K; ++row) {
262 // synthetic division etc.
263 const uint8_t* mul_p_row = GF_MUL_TABLE(row == 0 ? 0 : GF_EXP[row]);
264
265 uint8_t t = 1;
266 b[K - 1] = 1; /* this is in fact c[K] */
267 for(size_t i = K - 1; i > 0; i--) {
268 b[i - 1] = c[i] ^ mul_p_row[b[i]];
269 t = b[i - 1] ^ mul_p_row[t];
270 }
271
272 const uint8_t* mul_t_inv = GF_MUL_TABLE(GF_INVERSE[t]);
273 for(size_t col = 0; col != K; ++col) {
274 vdm[col * K + row] = mul_t_inv[b[col]];
275 }
276 }
277}
278
279} // namespace
280
281/*
282* addmul() computes z[] = z[] + x[] * y
283*/
284void ZFEC::addmul(uint8_t z[], const uint8_t x[], uint8_t y, size_t size) {
285 if(y == 0) {
286 return;
287 }
288
289 const uint8_t* GF_MUL_Y = GF_MUL_TABLE(y);
290
291 // first align z to 16 bytes
292 while(size > 0 && reinterpret_cast<uintptr_t>(z) % 16) {
293 z[0] ^= GF_MUL_Y[x[0]];
294 ++z;
295 ++x;
296 size--;
297 }
298
299#if defined(BOTAN_HAS_ZFEC_VPERM)
300 if(size >= 16 && CPUID::has_vperm()) {
301 const size_t consumed = addmul_vperm(z, x, y, size);
302 z += consumed;
303 x += consumed;
304 size -= consumed;
305 }
306#endif
307
308#if defined(BOTAN_HAS_ZFEC_SSE2)
309 if(size >= 64 && CPUID::has_sse2()) {
310 const size_t consumed = addmul_sse2(z, x, y, size);
311 z += consumed;
312 x += consumed;
313 size -= consumed;
314 }
315#endif
316
317 while(size >= 16) {
318 z[0] ^= GF_MUL_Y[x[0]];
319 z[1] ^= GF_MUL_Y[x[1]];
320 z[2] ^= GF_MUL_Y[x[2]];
321 z[3] ^= GF_MUL_Y[x[3]];
322 z[4] ^= GF_MUL_Y[x[4]];
323 z[5] ^= GF_MUL_Y[x[5]];
324 z[6] ^= GF_MUL_Y[x[6]];
325 z[7] ^= GF_MUL_Y[x[7]];
326 z[8] ^= GF_MUL_Y[x[8]];
327 z[9] ^= GF_MUL_Y[x[9]];
328 z[10] ^= GF_MUL_Y[x[10]];
329 z[11] ^= GF_MUL_Y[x[11]];
330 z[12] ^= GF_MUL_Y[x[12]];
331 z[13] ^= GF_MUL_Y[x[13]];
332 z[14] ^= GF_MUL_Y[x[14]];
333 z[15] ^= GF_MUL_Y[x[15]];
334
335 x += 16;
336 z += 16;
337 size -= 16;
338 }
339
340 // Clean up the trailing pieces
341 for(size_t i = 0; i != size; ++i) {
342 z[i] ^= GF_MUL_Y[x[i]];
343 }
344}
345
346/*
347* This section contains the proper FEC encoding/decoding routines.
348* The encoding matrix is computed starting with a Vandermonde matrix,
349* and then transforming it into a systematic matrix.
350*/
351
352/*
353* ZFEC constructor
354*/
355ZFEC::ZFEC(size_t K, size_t N) : m_K(K), m_N(N), m_enc_matrix(N * K) {
356 if(m_K == 0 || m_N == 0 || m_K > 256 || m_N > 256 || m_K > N) {
357 throw Invalid_Argument("ZFEC: violated 1 <= K <= N <= 256");
358 }
359
360 std::vector<uint8_t> temp_matrix(m_N * m_K);
361
362 /*
363 * quick code to build systematic matrix: invert the top
364 * K*K Vandermonde matrix, multiply right the bottom n-K rows
365 * by the inverse, and construct the identity matrix at the top.
366 */
367 create_inverted_vdm(&temp_matrix[0], m_K);
368
369 for(size_t i = m_K * m_K; i != temp_matrix.size(); ++i) {
370 temp_matrix[i] = GF_EXP[((i / m_K) * (i % m_K)) % 255];
371 }
372
373 /*
374 * the upper part of the encoding matrix is I
375 */
376 for(size_t i = 0; i != m_K; ++i) {
377 m_enc_matrix[i * (m_K + 1)] = 1;
378 }
379
380 /*
381 * computes C = AB where A is n*K, B is K*m, C is n*m
382 */
383 for(size_t row = m_K; row != m_N; ++row) {
384 for(size_t col = 0; col != m_K; ++col) {
385 uint8_t acc = 0;
386 for(size_t i = 0; i != m_K; i++) {
387 const uint8_t row_v = temp_matrix[row * m_K + i];
388 const uint8_t row_c = temp_matrix[col + m_K * i];
389 acc ^= GF_MUL_TABLE(row_v)[row_c];
390 }
391 m_enc_matrix[row * m_K + col] = acc;
392 }
393 }
394}
395
396/*
397* ZFEC encoding routine
398*/
399void ZFEC::encode(const uint8_t input[], size_t size, const output_cb_t& output_cb) const {
400 if(size % m_K != 0) {
401 throw Invalid_Argument("ZFEC::encode: input must be multiple of K uint8_ts");
402 }
403
404 const size_t share_size = size / m_K;
405
406 std::vector<const uint8_t*> shares;
407 for(size_t i = 0; i != m_K; ++i) {
408 shares.push_back(input + i * share_size);
409 }
410
411 this->encode_shares(shares, share_size, output_cb);
412}
413
414void ZFEC::encode_shares(const std::vector<const uint8_t*>& shares,
415 size_t share_size,
416 const output_cb_t& output_cb) const {
417 if(shares.size() != m_K) {
418 throw Invalid_Argument("ZFEC::encode_shares must provide K shares");
419 }
420
421 // The initial shares are just the original input shares
422 for(size_t i = 0; i != m_K; ++i) {
423 output_cb(i, shares[i], share_size);
424 }
425
426 std::vector<uint8_t> fec_buf(share_size);
427
428 for(size_t i = m_K; i != m_N; ++i) {
429 clear_mem(fec_buf.data(), fec_buf.size());
430
431 for(size_t j = 0; j != m_K; ++j) {
432 addmul(&fec_buf[0], shares[j], m_enc_matrix[i * m_K + j], share_size);
433 }
434
435 output_cb(i, &fec_buf[0], fec_buf.size());
436 }
437}
438
439/*
440* ZFEC decoding routine
441*/
442void ZFEC::decode_shares(const std::map<size_t, const uint8_t*>& shares,
443 size_t share_size,
444 const output_cb_t& output_cb) const {
445 /*
446 Todo:
447 If shares.size() < K:
448 signal decoding error for missing shares < K
449 emit existing shares < K
450 (ie, partial recovery if possible)
451 Assert share_size % K == 0
452 */
453
454 if(shares.size() < m_K) {
455 throw Decoding_Error("ZFEC: could not decode, less than K surviving shares");
456 }
457
458 std::vector<uint8_t> decoding_matrix(m_K * m_K);
459 std::vector<size_t> indexes(m_K);
460 std::vector<const uint8_t*> sharesv(m_K);
461
462 auto shares_b_iter = shares.begin();
463 auto shares_e_iter = shares.rbegin();
464
465 bool missing_primary_share = false;
466
467 for(size_t i = 0; i != m_K; ++i) {
468 size_t share_id = 0;
469 const uint8_t* share_data = nullptr;
470
471 if(shares_b_iter->first == i) {
472 share_id = shares_b_iter->first;
473 share_data = shares_b_iter->second;
474 ++shares_b_iter;
475 } else {
476 // if share i not found, use the unused one closest to n
477 share_id = shares_e_iter->first;
478 share_data = shares_e_iter->second;
479 ++shares_e_iter;
480 missing_primary_share = true;
481 }
482
483 if(share_id >= m_N) {
484 throw Decoding_Error("ZFEC: invalid share id detected during decode");
485 }
486
487 /*
488 This is a systematic code (encoding matrix includes K*K identity
489 matrix), so shares less than K are copies of the input data,
490 can output_cb directly. Also we know the encoding matrix in those rows
491 contains I, so we can set the single bit directly without copying
492 the entire row
493 */
494 if(share_id < m_K) {
495 decoding_matrix[i * (m_K + 1)] = 1;
496 output_cb(share_id, share_data, share_size);
497 } else {
498 // will decode after inverting matrix
499 std::memcpy(&decoding_matrix[i * m_K], &m_enc_matrix[share_id * m_K], m_K);
500 }
501
502 sharesv[i] = share_data;
503 indexes[i] = share_id;
504 }
505
506 // If we had the original data shares then no need to perform
507 // a matrix inversion, return immediately.
508 if(!missing_primary_share) {
509 for(size_t i = 0; i != indexes.size(); ++i) {
510 BOTAN_ASSERT_NOMSG(indexes[i] < m_K);
511 }
512 return;
513 }
514
515 invert_matrix(&decoding_matrix[0], m_K);
516
517 for(size_t i = 0; i != indexes.size(); ++i) {
518 if(indexes[i] >= m_K) {
519 std::vector<uint8_t> buf(share_size);
520 for(size_t col = 0; col != m_K; ++col) {
521 addmul(&buf[0], sharesv[col], decoding_matrix[i * m_K + col], share_size);
522 }
523 output_cb(i, &buf[0], share_size);
524 }
525 }
526}
527
528std::string ZFEC::provider() const {
529#if defined(BOTAN_HAS_ZFEC_VPERM)
530 if(CPUID::has_vperm()) {
531 return "vperm";
532 }
533#endif
534
535#if defined(BOTAN_HAS_ZFEC_SSE2)
536 if(CPUID::has_sse2()) {
537 return "sse2";
538 }
539#endif
540
541 return "base";
542}
543
544} // namespace Botan
BOTAN_ASSERT_NOMSG
#define BOTAN_ASSERT_NOMSG(expr)
Definition assert.h:59
Botan::CPUID::has_vperm
static bool has_vperm()
Definition cpuid.h:335
Botan::Decoding_Error
Definition exceptn.h:191
Botan::Invalid_Argument
Definition exceptn.h:131
Botan::ZFEC::provider
std::string provider() const
Definition zfec.cpp:528
Botan::ZFEC::ZFEC
ZFEC(size_t K, size_t N)
Definition zfec.cpp:355
Botan::ZFEC::encode_shares
void encode_shares(const std::vector< const uint8_t * > &shares, size_t share_size, const output_cb_t &output_cb) const
Definition zfec.cpp:414
Botan::ZFEC::encode
void encode(const uint8_t input[], size_t size, const output_cb_t &output_cb) const
Definition zfec.cpp:399
Botan::ZFEC::output_cb_t
std::function< void(size_t, const uint8_t[], size_t)> output_cb_t
Definition zfec.h:32
Botan::ZFEC::decode_shares
void decode_shares(const std::map< size_t, const uint8_t * > &shares, size_t share_size, const output_cb_t &output_cb) const
Definition zfec.cpp:442
final
int(* final)(unsigned char *, CTX *)
Definition commoncrypto_hash.cpp:29
Botan::AES_AARCH64::K
uint8x16_t K
Definition aes_armv8.cpp:20
Botan::b
const SIMD_8x32 & b
Definition simd_avx2_gfni.h:63
Botan::clear_mem
constexpr void clear_mem(T *ptr, size_t n)
Definition mem_ops.h:120
Generated by doxygen 1.12.0