Absolute File Name: | /home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/ec/curve448/eddsa.c |
Switch to Source code | Preprocessed file |
Line | Source | Count | ||||||
---|---|---|---|---|---|---|---|---|
1 | - | |||||||
2 | - | |||||||
3 | - | |||||||
4 | static c448_error_t oneshot_hash(uint8_t *out, size_t outlen, | - | ||||||
5 | const uint8_t *in, size_t inlen) | - | ||||||
6 | { | - | ||||||
7 | EVP_MD_CTX *hashctx = EVP_MD_CTX_new(); | - | ||||||
8 | - | |||||||
9 | if (hashctx ==
| 0-63 | ||||||
10 | ((void *)0)
| 0-63 | ||||||
11 | ) | - | ||||||
12 | return never executed: C448_FAILURE;return C448_FAILURE; never executed: return C448_FAILURE; | 0 | ||||||
13 | - | |||||||
14 | if (!EVP_DigestInit_ex(hashctx, EVP_shake256(),
| 0-63 | ||||||
15 | ((void *)0)
| 0-63 | ||||||
16 | )
| 0-63 | ||||||
17 | || !EVP_DigestUpdate(hashctx, in, inlen)
| 0-63 | ||||||
18 | || !EVP_DigestFinalXOF(hashctx, out, outlen)
| 0-63 | ||||||
19 | EVP_MD_CTX_free(hashctx); | - | ||||||
20 | return never executed: C448_FAILURE;return C448_FAILURE; never executed: return C448_FAILURE; | 0 | ||||||
21 | } | - | ||||||
22 | - | |||||||
23 | EVP_MD_CTX_free(hashctx); | - | ||||||
24 | return executed 63 times by 2 tests: C448_SUCCESS;return C448_SUCCESS; Executed by:
executed 63 times by 2 tests: return C448_SUCCESS; Executed by:
| 63 | ||||||
25 | } | - | ||||||
26 | - | |||||||
27 | static void clamp(uint8_t secret_scalar_ser[57]) | - | ||||||
28 | { | - | ||||||
29 | secret_scalar_ser[0] &= -4; | - | ||||||
30 | secret_scalar_ser[57 - 1] = 0; | - | ||||||
31 | secret_scalar_ser[57 - 2] |= 0x80; | - | ||||||
32 | } executed 63 times by 2 tests: end of block Executed by:
| 63 | ||||||
33 | - | |||||||
34 | static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed, | - | ||||||
35 | uint8_t for_prehash, | - | ||||||
36 | const uint8_t *context, | - | ||||||
37 | size_t context_len) | - | ||||||
38 | { | - | ||||||
39 | const char *dom_s = "SigEd448"; | - | ||||||
40 | uint8_t dom[2]; | - | ||||||
41 | - | |||||||
42 | if (context_len >
| 0-59 | ||||||
43 | (255)
| 0-59 | ||||||
44 | ) | - | ||||||
45 | return never executed: C448_FAILURE;return C448_FAILURE; never executed: return C448_FAILURE; | 0 | ||||||
46 | - | |||||||
47 | dom[0] = (uint8_t)(2 - (prehashed == 0
| 4-55 | ||||||
48 | - (for_prehash == 0
| 0-59 | ||||||
49 | dom[1] = (uint8_t)context_len; | - | ||||||
50 | - | |||||||
51 | if (!EVP_DigestInit_ex(hashctx, EVP_shake256(),
| 0-59 | ||||||
52 | ((void *)0)
| 0-59 | ||||||
53 | )
| 0-59 | ||||||
54 | || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s))
| 0-59 | ||||||
55 | || !EVP_DigestUpdate(hashctx, dom, sizeof(dom))
| 0-59 | ||||||
56 | || !EVP_DigestUpdate(hashctx, context, context_len)
| 0-59 | ||||||
57 | return never executed: C448_FAILURE;return C448_FAILURE; never executed: return C448_FAILURE; | 0 | ||||||
58 | - | |||||||
59 | return executed 59 times by 2 tests: C448_SUCCESS;return C448_SUCCESS; Executed by:
executed 59 times by 2 tests: return C448_SUCCESS; Executed by:
| 59 | ||||||
60 | } | - | ||||||
61 | - | |||||||
62 | - | |||||||
63 | c448_error_t c448_ed448_convert_private_key_to_x448( | - | ||||||
64 | uint8_t x[56], | - | ||||||
65 | const uint8_t ed [57]) | - | ||||||
66 | { | - | ||||||
67 | - | |||||||
68 | - | |||||||
69 | return never executed: oneshot_hash(x, 56, ed,return oneshot_hash(x, 56, ed, 57); never executed: return oneshot_hash(x, 56, ed, 57); | 0 | ||||||
70 | 57); never executed: return oneshot_hash(x, 56, ed, 57); | 0 | ||||||
71 | } | - | ||||||
72 | - | |||||||
73 | c448_error_t c448_ed448_derive_public_key( | - | ||||||
74 | uint8_t pubkey[57], | - | ||||||
75 | const uint8_t privkey[57]) | - | ||||||
76 | { | - | ||||||
77 | - | |||||||
78 | uint8_t secret_scalar_ser[57]; | - | ||||||
79 | curve448_scalar_t secret_scalar; | - | ||||||
80 | unsigned int c; | - | ||||||
81 | curve448_point_t p; | - | ||||||
82 | - | |||||||
83 | if (!oneshot_hash(secret_scalar_ser, sizeof(secret_scalar_ser), privkey,
| 0-38 | ||||||
84 | 57)
| 0-38 | ||||||
85 | return never executed: C448_FAILURE;return C448_FAILURE; never executed: return C448_FAILURE; | 0 | ||||||
86 | - | |||||||
87 | clamp(secret_scalar_ser); | - | ||||||
88 | - | |||||||
89 | curve448_scalar_decode_long(secret_scalar, secret_scalar_ser, | - | ||||||
90 | sizeof(secret_scalar_ser)); | - | ||||||
91 | for (c = 1; c < 4
| 38-76 | ||||||
92 | curve448_scalar_halve(secret_scalar, secret_scalar); executed 76 times by 1 test: curve448_scalar_halve(secret_scalar, secret_scalar); Executed by:
| 76 | ||||||
93 | - | |||||||
94 | curve448_precomputed_scalarmul(p, curve448_precomputed_base, secret_scalar); | - | ||||||
95 | - | |||||||
96 | curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p); | - | ||||||
97 | - | |||||||
98 | - | |||||||
99 | curve448_scalar_destroy(secret_scalar); | - | ||||||
100 | curve448_point_destroy(p); | - | ||||||
101 | OPENSSL_cleanse(secret_scalar_ser, sizeof(secret_scalar_ser)); | - | ||||||
102 | - | |||||||
103 | return executed 38 times by 1 test: C448_SUCCESS;return C448_SUCCESS; Executed by:
executed 38 times by 1 test: return C448_SUCCESS; Executed by:
| 38 | ||||||
104 | } | - | ||||||
105 | - | |||||||
106 | c448_error_t c448_ed448_sign( | - | ||||||
107 | uint8_t signature[(57 + 57)], | - | ||||||
108 | const uint8_t privkey[57], | - | ||||||
109 | const uint8_t pubkey[57], | - | ||||||
110 | const uint8_t *message, size_t message_len, | - | ||||||
111 | uint8_t prehashed, const uint8_t *context, | - | ||||||
112 | size_t context_len) | - | ||||||
113 | { | - | ||||||
114 | curve448_scalar_t secret_scalar; | - | ||||||
115 | EVP_MD_CTX *hashctx = EVP_MD_CTX_new(); | - | ||||||
116 | c448_error_t ret = C448_FAILURE; | - | ||||||
117 | curve448_scalar_t nonce_scalar; | - | ||||||
118 | uint8_t nonce_point[57] = { 0 }; | - | ||||||
119 | unsigned int c; | - | ||||||
120 | curve448_scalar_t challenge_scalar; | - | ||||||
121 | - | |||||||
122 | if (hashctx ==
| 0-25 | ||||||
123 | ((void *)0)
| 0-25 | ||||||
124 | ) | - | ||||||
125 | return never executed: C448_FAILURE;return C448_FAILURE; never executed: return C448_FAILURE; | 0 | ||||||
126 | - | |||||||
127 | { | - | ||||||
128 | - | |||||||
129 | - | |||||||
130 | - | |||||||
131 | - | |||||||
132 | uint8_t expanded[57 * 2]; | - | ||||||
133 | - | |||||||
134 | if (!oneshot_hash(expanded, sizeof(expanded), privkey,
| 0-25 | ||||||
135 | 57)
| 0-25 | ||||||
136 | goto never executed: err;goto err; never executed: goto err; | 0 | ||||||
137 | clamp(expanded); | - | ||||||
138 | curve448_scalar_decode_long(secret_scalar, expanded, | - | ||||||
139 | 57); | - | ||||||
140 | - | |||||||
141 | - | |||||||
142 | if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len)
| 0-25 | ||||||
143 | || !EVP_DigestUpdate(hashctx,
| 0-25 | ||||||
144 | expanded + 57,
| 0-25 | ||||||
145 | 57)
| 0-25 | ||||||
146 | || !EVP_DigestUpdate(hashctx, message, message_len)
| 0-25 | ||||||
147 | OPENSSL_cleanse(expanded, sizeof(expanded)); | - | ||||||
148 | goto never executed: err;goto err; never executed: goto err; | 0 | ||||||
149 | } | - | ||||||
150 | OPENSSL_cleanse(expanded, sizeof(expanded)); | - | ||||||
151 | } | - | ||||||
152 | - | |||||||
153 | - | |||||||
154 | { | - | ||||||
155 | uint8_t nonce[2 * 57]; | - | ||||||
156 | - | |||||||
157 | if (!EVP_DigestFinalXOF(hashctx, nonce, sizeof(nonce))
| 0-25 | ||||||
158 | goto never executed: err;goto err; never executed: goto err; | 0 | ||||||
159 | curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce)); | - | ||||||
160 | OPENSSL_cleanse(nonce, sizeof(nonce)); | - | ||||||
161 | } | - | ||||||
162 | - | |||||||
163 | { | - | ||||||
164 | - | |||||||
165 | curve448_scalar_t nonce_scalar_2; | - | ||||||
166 | curve448_point_t p; | - | ||||||
167 | - | |||||||
168 | curve448_scalar_halve(nonce_scalar_2, nonce_scalar); | - | ||||||
169 | for (c = 2; c < 4
| 25 | ||||||
170 | curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2); executed 25 times by 2 tests: curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2); Executed by:
| 25 | ||||||
171 | - | |||||||
172 | curve448_precomputed_scalarmul(p, curve448_precomputed_base, | - | ||||||
173 | nonce_scalar_2); | - | ||||||
174 | curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p); | - | ||||||
175 | curve448_point_destroy(p); | - | ||||||
176 | curve448_scalar_destroy(nonce_scalar_2); | - | ||||||
177 | } | - | ||||||
178 | - | |||||||
179 | { | - | ||||||
180 | uint8_t challenge[2 * 57]; | - | ||||||
181 | - | |||||||
182 | - | |||||||
183 | if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len)
| 0-25 | ||||||
184 | || !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point))
| 0-25 | ||||||
185 | || !EVP_DigestUpdate(hashctx, pubkey, 57)
| 0-25 | ||||||
186 | || !EVP_DigestUpdate(hashctx, message, message_len)
| 0-25 | ||||||
187 | || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge))
| 0-25 | ||||||
188 | goto never executed: err;goto err; never executed: goto err; | 0 | ||||||
189 | - | |||||||
190 | curve448_scalar_decode_long(challenge_scalar, challenge, | - | ||||||
191 | sizeof(challenge)); | - | ||||||
192 | OPENSSL_cleanse(challenge, sizeof(challenge)); | - | ||||||
193 | } | - | ||||||
194 | - | |||||||
195 | curve448_scalar_mul(challenge_scalar, challenge_scalar, secret_scalar); | - | ||||||
196 | curve448_scalar_add(challenge_scalar, challenge_scalar, nonce_scalar); | - | ||||||
197 | - | |||||||
198 | OPENSSL_cleanse(signature, (57 + 57)); | - | ||||||
199 | memcpy(signature, nonce_point, sizeof(nonce_point)); | - | ||||||
200 | curve448_scalar_encode(&signature[57], | - | ||||||
201 | challenge_scalar); | - | ||||||
202 | - | |||||||
203 | curve448_scalar_destroy(secret_scalar); | - | ||||||
204 | curve448_scalar_destroy(nonce_scalar); | - | ||||||
205 | curve448_scalar_destroy(challenge_scalar); | - | ||||||
206 | - | |||||||
207 | ret = C448_SUCCESS; | - | ||||||
208 | err: code before this statement executed 25 times by 2 tests: err: Executed by:
| 25 | ||||||
209 | EVP_MD_CTX_free(hashctx); | - | ||||||
210 | return executed 25 times by 2 tests: ret;return ret; Executed by:
executed 25 times by 2 tests: return ret; Executed by:
| 25 | ||||||
211 | } | - | ||||||
212 | - | |||||||
213 | c448_error_t c448_ed448_sign_prehash( | - | ||||||
214 | uint8_t signature[(57 + 57)], | - | ||||||
215 | const uint8_t privkey[57], | - | ||||||
216 | const uint8_t pubkey[57], | - | ||||||
217 | const uint8_t hash[64], const uint8_t *context, | - | ||||||
218 | size_t context_len) | - | ||||||
219 | { | - | ||||||
220 | return executed 2 times by 1 test: c448_ed448_sign(signature, privkey, pubkey, hash, 64, 1, context,return c448_ed448_sign(signature, privkey, pubkey, hash, 64, 1, context, context_len); Executed by:
executed 2 times by 1 test: return c448_ed448_sign(signature, privkey, pubkey, hash, 64, 1, context, context_len); Executed by:
| 2 | ||||||
221 | context_len); executed 2 times by 1 test: return c448_ed448_sign(signature, privkey, pubkey, hash, 64, 1, context, context_len); Executed by:
| 2 | ||||||
222 | } | - | ||||||
223 | - | |||||||
224 | c448_error_t c448_ed448_verify( | - | ||||||
225 | const uint8_t signature[(57 + 57)], | - | ||||||
226 | const uint8_t pubkey[57], | - | ||||||
227 | const uint8_t *message, size_t message_len, | - | ||||||
228 | uint8_t prehashed, const uint8_t *context, | - | ||||||
229 | uint8_t context_len) | - | ||||||
230 | { | - | ||||||
231 | curve448_point_t pk_point, r_point; | - | ||||||
232 | c448_error_t error = | - | ||||||
233 | curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey); | - | ||||||
234 | curve448_scalar_t challenge_scalar; | - | ||||||
235 | curve448_scalar_t response_scalar; | - | ||||||
236 | - | |||||||
237 | if (C448_SUCCESS != error
| 0-9 | ||||||
238 | return never executed: error;return error; never executed: return error; | 0 | ||||||
239 | - | |||||||
240 | error = | - | ||||||
241 | curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature); | - | ||||||
242 | if (C448_SUCCESS != error
| 0-9 | ||||||
243 | return never executed: error;return error; never executed: return error; | 0 | ||||||
244 | - | |||||||
245 | { | - | ||||||
246 | - | |||||||
247 | EVP_MD_CTX *hashctx = EVP_MD_CTX_new(); | - | ||||||
248 | uint8_t challenge[2 * 57]; | - | ||||||
249 | - | |||||||
250 | if (hashctx ==
| 0-9 | ||||||
251 | ((void *)0)
| 0-9 | ||||||
252 | - | |||||||
253 | || !hash_init_with_dom(hashctx, prehashed, 0, context,
| 0-9 | ||||||
254 | context_len)
| 0-9 | ||||||
255 | || !EVP_DigestUpdate(hashctx, signature, 57)
| 0-9 | ||||||
256 | || !EVP_DigestUpdate(hashctx, pubkey, 57)
| 0-9 | ||||||
257 | || !EVP_DigestUpdate(hashctx, message, message_len)
| 0-9 | ||||||
258 | || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge))
| 0-9 | ||||||
259 | EVP_MD_CTX_free(hashctx); | - | ||||||
260 | return never executed: C448_FAILURE;return C448_FAILURE; never executed: return C448_FAILURE; | 0 | ||||||
261 | } | - | ||||||
262 | - | |||||||
263 | EVP_MD_CTX_free(hashctx); | - | ||||||
264 | curve448_scalar_decode_long(challenge_scalar, challenge, | - | ||||||
265 | sizeof(challenge)); | - | ||||||
266 | OPENSSL_cleanse(challenge, sizeof(challenge)); | - | ||||||
267 | } | - | ||||||
268 | curve448_scalar_sub(challenge_scalar, curve448_scalar_zero, | - | ||||||
269 | challenge_scalar); | - | ||||||
270 | - | |||||||
271 | curve448_scalar_decode_long(response_scalar, | - | ||||||
272 | &signature[57], | - | ||||||
273 | 57); | - | ||||||
274 | - | |||||||
275 | - | |||||||
276 | curve448_base_double_scalarmul_non_secret(pk_point, | - | ||||||
277 | response_scalar, | - | ||||||
278 | pk_point, challenge_scalar); | - | ||||||
279 | return executed 9 times by 1 test: c448_succeed_if(curve448_point_eq(pk_point, r_point));return c448_succeed_if(curve448_point_eq(pk_point, r_point)); Executed by:
executed 9 times by 1 test: return c448_succeed_if(curve448_point_eq(pk_point, r_point)); Executed by:
| 9 | ||||||
280 | } | - | ||||||
281 | - | |||||||
282 | c448_error_t c448_ed448_verify_prehash( | - | ||||||
283 | const uint8_t signature[(57 + 57)], | - | ||||||
284 | const uint8_t pubkey[57], | - | ||||||
285 | const uint8_t hash[64], const uint8_t *context, | - | ||||||
286 | uint8_t context_len) | - | ||||||
287 | { | - | ||||||
288 | return never executed: c448_ed448_verify(signature, pubkey, hash, 64, 1, context,return c448_ed448_verify(signature, pubkey, hash, 64, 1, context, context_len); never executed: return c448_ed448_verify(signature, pubkey, hash, 64, 1, context, context_len); | 0 | ||||||
289 | context_len); never executed: return c448_ed448_verify(signature, pubkey, hash, 64, 1, context, context_len); | 0 | ||||||
290 | } | - | ||||||
291 | - | |||||||
292 | int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, | - | ||||||
293 | const uint8_t public_key[57], const uint8_t private_key[57], | - | ||||||
294 | const uint8_t *context, size_t context_len) | - | ||||||
295 | { | - | ||||||
296 | return executed 23 times by 2 tests: c448_ed448_sign(out_sig, private_key, public_key, message,return c448_ed448_sign(out_sig, private_key, public_key, message, message_len, 0, context, context_len) == C448_SUCCESS; Executed by:
executed 23 times by 2 tests: return c448_ed448_sign(out_sig, private_key, public_key, message, message_len, 0, context, context_len) == C448_SUCCESS; Executed by:
| 23 | ||||||
297 | message_len, 0, context, context_len) executed 23 times by 2 tests: return c448_ed448_sign(out_sig, private_key, public_key, message, message_len, 0, context, context_len) == C448_SUCCESS; Executed by:
| 23 | ||||||
298 | == C448_SUCCESS; executed 23 times by 2 tests: return c448_ed448_sign(out_sig, private_key, public_key, message, message_len, 0, context, context_len) == C448_SUCCESS; Executed by:
| 23 | ||||||
299 | } | - | ||||||
300 | - | |||||||
301 | int ED448_verify(const uint8_t *message, size_t message_len, | - | ||||||
302 | const uint8_t signature[114], const uint8_t public_key[57], | - | ||||||
303 | const uint8_t *context, size_t context_len) | - | ||||||
304 | { | - | ||||||
305 | return executed 9 times by 1 test: c448_ed448_verify(signature, public_key, message, message_len, 0,return c448_ed448_verify(signature, public_key, message, message_len, 0, context, (uint8_t)context_len) == C448_SUCCESS; Executed by:
executed 9 times by 1 test: return c448_ed448_verify(signature, public_key, message, message_len, 0, context, (uint8_t)context_len) == C448_SUCCESS; Executed by:
| 9 | ||||||
306 | context, (uint8_t)context_len) == C448_SUCCESS; executed 9 times by 1 test: return c448_ed448_verify(signature, public_key, message, message_len, 0, context, (uint8_t)context_len) == C448_SUCCESS; Executed by:
| 9 | ||||||
307 | } | - | ||||||
308 | - | |||||||
309 | int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64], | - | ||||||
310 | const uint8_t public_key[57], const uint8_t private_key[57], | - | ||||||
311 | const uint8_t *context, size_t context_len) | - | ||||||
312 | { | - | ||||||
313 | return executed 2 times by 1 test: c448_ed448_sign_prehash(out_sig, private_key, public_key, hash,return c448_ed448_sign_prehash(out_sig, private_key, public_key, hash, context, context_len) == C448_SUCCESS; Executed by:
executed 2 times by 1 test: return c448_ed448_sign_prehash(out_sig, private_key, public_key, hash, context, context_len) == C448_SUCCESS; Executed by:
| 2 | ||||||
314 | context, context_len) == C448_SUCCESS; executed 2 times by 1 test: return c448_ed448_sign_prehash(out_sig, private_key, public_key, hash, context, context_len) == C448_SUCCESS; Executed by:
| 2 | ||||||
315 | - | |||||||
316 | } | - | ||||||
317 | - | |||||||
318 | int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114], | - | ||||||
319 | const uint8_t public_key[57], const uint8_t *context, | - | ||||||
320 | size_t context_len) | - | ||||||
321 | { | - | ||||||
322 | return never executed: c448_ed448_verify_prehash(signature, public_key, hash, context,return c448_ed448_verify_prehash(signature, public_key, hash, context, (uint8_t)context_len) == C448_SUCCESS; never executed: return c448_ed448_verify_prehash(signature, public_key, hash, context, (uint8_t)context_len) == C448_SUCCESS; | 0 | ||||||
323 | (uint8_t)context_len) == C448_SUCCESS; never executed: return c448_ed448_verify_prehash(signature, public_key, hash, context, (uint8_t)context_len) == C448_SUCCESS; | 0 | ||||||
324 | } | - | ||||||
325 | - | |||||||
326 | int ED448_public_from_private(uint8_t out_public_key[57], | - | ||||||
327 | const uint8_t private_key[57]) | - | ||||||
328 | { | - | ||||||
329 | return executed 38 times by 1 test: c448_ed448_derive_public_key(out_public_key, private_key)return c448_ed448_derive_public_key(out_public_key, private_key) == C448_SUCCESS; Executed by:
executed 38 times by 1 test: return c448_ed448_derive_public_key(out_public_key, private_key) == C448_SUCCESS; Executed by:
| 38 | ||||||
330 | == C448_SUCCESS; executed 38 times by 1 test: return c448_ed448_derive_public_key(out_public_key, private_key) == C448_SUCCESS; Executed by:
| 38 | ||||||
331 | } | - | ||||||
Switch to Source code | Preprocessed file |