Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / bffab8f00e5841a11f769e469cf31c3b2b46a3ba / . / rebootescrow / aidl / default / HadamardUtils.cpp
blob: 8ee77e137c013886bf38baa0f5ebb4b5a313a9f1 [file] [log] [blame]
Tianjie Xua0a12cf2019-12-05 21:50:22 -0800[diff] [blame]1/*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <HadamardUtils.h>
18
Paul Crowleyc675b182019-12-18 16:09:24 -0800[diff] [blame]19#include <limits>
20
Tianjie Xua0a12cf2019-12-05 21:50:22 -0800[diff] [blame]21#include <android-base/logging.h>
22
23namespace aidl {
24namespace android {
25namespace hardware {
26namespace rebootescrow {
27namespace hadamard {
28
Paul Crowleyc675b182019-12-18 16:09:24 -0800[diff] [blame]29static inline void or_bit(std::vector<uint8_t>* input, size_t bit, uint8_t val) {
30 (*input)[bit >> 3] |= (val & 1u) << (bit & 7);
31}
Tianjie Xua0a12cf2019-12-05 21:50:22 -0800[diff] [blame]32
Paul Crowleyc675b182019-12-18 16:09:24 -0800[diff] [blame]33static inline uint8_t read_bit(const std::vector<uint8_t>& input, size_t bit) {
34 return (input[bit >> 3] >> (bit & 7)) & 1u;
35}
36
37// Apply an error correcting encoding.
38//
39// The error correcting code used is an augmented Hadamard code with
40// k=15, so it takes a 16-bit input and produces a 2^15-bit output.
41// We break the 32-byte key into 16 16-bit codewords and encode
42// each codeword to a 2^15-bit output.
43//
44// To better defend against clustered errors, we stripe together the encoded
45// codewords. Thus if a single 512-byte DRAM line is lost, instead of losing
46// 2^11 bits from the encoding of a single code word, we lose 2^7 bits
47// from the encoding of each of the 16 codewords.
48std::vector<uint8_t> EncodeKey(const std::vector<uint8_t>& input) {
49 CHECK_EQ(input.size(), KEY_SIZE_IN_BYTES);
50 std::vector<uint8_t> result(OUTPUT_SIZE_BYTES, 0);
51 static_assert(OUTPUT_SIZE_BYTES == 64 * 1024);
52 for (size_t i = 0; i < KEY_CODEWORDS; i++) {
53 uint16_t word = input[i * 2 + 1] << 8 | input[i * 2];
54 for (size_t j = 0; j < ENCODE_LENGTH; j++) {
55 uint16_t wi = word & (j + ENCODE_LENGTH);
56 // Sum all the bits in the word and check its parity.
57 wi ^= wi >> 8u;
58 wi ^= wi >> 4u;
59 wi ^= wi >> 2u;
60 wi ^= wi >> 1u;
61 or_bit(&result, (j * KEY_CODEWORDS) + i, wi & 1);
Tianjie Xua0a12cf2019-12-05 21:50:22 -0800[diff] [blame]62 }
Tianjie Xua0a12cf2019-12-05 21:50:22 -0800[diff] [blame]63 }
64 return result;
65}
66
Paul Crowleyc675b182019-12-18 16:09:24 -0800[diff] [blame]67// Decode a single codeword. Because of the way codewords are striped together
68// this takes the entire input, plus an offset telling it which word to decode.
69static uint16_t DecodeWord(size_t word, const std::vector<uint8_t>& encoded) {
Tianjie Xua0a12cf2019-12-05 21:50:22 -0800[diff] [blame]70 std::vector<int32_t> scores;
71 scores.reserve(ENCODE_LENGTH);
Paul Crowleyc675b182019-12-18 16:09:24 -0800[diff] [blame]72 // Convert x -> -1^x in the encoded bits. e.g [1, 0, 0, 1] -> [-1, 1, 1, -1]
Tianjie Xua0a12cf2019-12-05 21:50:22 -0800[diff] [blame]73 for (uint32_t i = 0; i < ENCODE_LENGTH; i++) {
Paul Crowleyc675b182019-12-18 16:09:24 -0800[diff] [blame]74 scores.push_back(1 - 2 * read_bit(encoded, i * KEY_CODEWORDS + word));
Tianjie Xua0a12cf2019-12-05 21:50:22 -0800[diff] [blame]75 }
76
77 // Multiply the hadamard matrix by the transformed input.
78 // |1 1 1 1| |-1| | 0|
79 // |1 -1 1 -1| * | 1| = | 0|
80 // |1 1 -1 -1| | 1| | 0|
81 // |1 -1 -1 1| |-1| |-4|
82 for (uint32_t i = 0; i < CODE_K; i++) {
83 uint16_t step = 1u << i;
84 for (uint32_t j = 0; j < ENCODE_LENGTH; j += 2 * step) {
85 for (uint32_t k = j; k < j + step; k++) {
86 auto a0 = scores[k];
87 auto a1 = scores[k + step];
88 scores[k] = a0 + a1;
89 scores[k + step] = a0 - a1;
90 }
91 }
92 }
Paul Crowleyc675b182019-12-18 16:09:24 -0800[diff] [blame]93 auto hiscore = std::numeric_limits<int32_t>::min();
94 uint16_t winner;
95 // TODO(b/146520538): this needs to be constant time
96 for (size_t i = 0; i < ENCODE_LENGTH; i++) {
97 if (scores[i] > hiscore) {
98 winner = i;
99 hiscore = scores[i];
Tianjie Xua0a12cf2019-12-05 21:50:22 -0800[diff] [blame]100
Paul Crowleyc675b182019-12-18 16:09:24 -0800[diff] [blame]101 } else if (-scores[i] > hiscore) {
102 winner = i | (1 << CODE_K);
103 hiscore = -scores[i];
104 }
Tianjie Xua0a12cf2019-12-05 21:50:22 -0800[diff] [blame]105 }
Paul Crowleyc675b182019-12-18 16:09:24 -0800[diff] [blame]106 return winner;
107}
Tianjie Xua0a12cf2019-12-05 21:50:22 -0800[diff] [blame]108
Paul Crowleyc675b182019-12-18 16:09:24 -0800[diff] [blame]109std::vector<uint8_t> DecodeKey(const std::vector<uint8_t>& encoded) {
110 CHECK_EQ(OUTPUT_SIZE_BYTES, encoded.size());
111 std::vector<uint8_t> result(KEY_SIZE_IN_BYTES, 0);
112 for (size_t i = 0; i < KEY_CODEWORDS; i++) {
113 uint16_t val = DecodeWord(i, encoded);
114 result[i * CODEWORD_BYTES] = val & 0xffu;
115 result[i * CODEWORD_BYTES + 1] = val >> 8u;
116 }
117 return result;
Tianjie Xua0a12cf2019-12-05 21:50:22 -0800[diff] [blame]118}
119
120} // namespace hadamard
121} // namespace rebootescrow
122} // namespace hardware
123} // namespace android
124} // namespace aidl