| Absolute File Name: | /home/opencoverage/opencoverage/guest-scripts/openssh/src/sc25519.c |
| Switch to Source code | Preprocessed file |
| Line | Source | Count | ||||||
|---|---|---|---|---|---|---|---|---|
| 1 | - | |||||||
| 2 | - | |||||||
| 3 | - | |||||||
| 4 | - | |||||||
| 5 | static const crypto_uint32 m[32] = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14, | - | ||||||
| 6 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10}; | - | ||||||
| 7 | - | |||||||
| 8 | static const crypto_uint32 mu[33] = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21, | - | ||||||
| 9 | 0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F}; | - | ||||||
| 10 | - | |||||||
| 11 | static crypto_uint32 lt(crypto_uint32 a,crypto_uint32 b) | - | ||||||
| 12 | { | - | ||||||
| 13 | unsigned int x = a; | - | ||||||
| 14 | x -= (unsigned int) b; | - | ||||||
| 15 | x >>= 31; | - | ||||||
| 16 | return executed 2701312 times by 3 tests: x;return x;Executed by:
executed 2701312 times by 3 tests: return x;Executed by:
| 2701312 | ||||||
| 17 | } | - | ||||||
| 18 | - | |||||||
| 19 | - | |||||||
| 20 | static void reduce_add_sub(crypto_sign_ed25519_ref_sc25519 *r) | - | ||||||
| 21 | { | - | ||||||
| 22 | crypto_uint32 pb = 0; | - | ||||||
| 23 | crypto_uint32 b; | - | ||||||
| 24 | crypto_uint32 mask; | - | ||||||
| 25 | int i; | - | ||||||
| 26 | unsigned char t[32]; | - | ||||||
| 27 | - | |||||||
| 28 | for(i=0;i<32
| 56299-1801568 | ||||||
| 29 | { | - | ||||||
| 30 | pb += m[i]; | - | ||||||
| 31 | b = lt(r->v[i],pb); | - | ||||||
| 32 | t[i] = r->v[i]-pb+(b<<8); | - | ||||||
| 33 | pb = b; | - | ||||||
| 34 | } executed 1801568 times by 3 tests: end of blockExecuted by:
| 1801568 | ||||||
| 35 | mask = b - 1; | - | ||||||
| 36 | for(i=0;i<32
| 56299-1801568 | ||||||
| 37 | r->v[i] ^= mask & (r->v[i] ^ t[i]); executed 1801568 times by 3 tests: r->v[i] ^= mask & (r->v[i] ^ t[i]);Executed by:
| 1801568 | ||||||
| 38 | } executed 56299 times by 3 tests: end of blockExecuted by:
| 56299 | ||||||
| 39 | - | |||||||
| 40 | - | |||||||
| 41 | static void barrett_reduce(crypto_sign_ed25519_ref_sc25519 *r, const crypto_uint32 x[64]) | - | ||||||
| 42 | { | - | ||||||
| 43 | - | |||||||
| 44 | int i,j; | - | ||||||
| 45 | crypto_uint32 q2[66]; | - | ||||||
| 46 | crypto_uint32 *q3 = q2 + 33; | - | ||||||
| 47 | crypto_uint32 r1[33]; | - | ||||||
| 48 | crypto_uint32 r2[33]; | - | ||||||
| 49 | crypto_uint32 carry; | - | ||||||
| 50 | crypto_uint32 pb = 0; | - | ||||||
| 51 | crypto_uint32 b; | - | ||||||
| 52 | - | |||||||
| 53 | for (i = 0;i < 66
executed 1855722 times by 3 tests: q2[i] = 0;Executed by:
| 28117-1855722 | ||||||
| 54 | for (i = 0;i < 33
executed 927861 times by 3 tests: r2[i] = 0;Executed by:
| 28117-927861 | ||||||
| 55 | - | |||||||
| 56 | for(i=0;i<33
| 28117-927861 | ||||||
| 57 | for(j=0;j<33
| 927861-30619413 | ||||||
| 58 | if(i+j >= 31
executed 16673381 times by 3 tests: q2[i+j] += mu[i]*x[j+31];Executed by:
| 13946032-16673381 | ||||||
| 59 | carry = q2[31] >> 8; | - | ||||||
| 60 | q2[32] += carry; | - | ||||||
| 61 | carry = q2[32] >> 8; | - | ||||||
| 62 | q2[33] += carry; | - | ||||||
| 63 | - | |||||||
| 64 | for(i=0;i<33
executed 927861 times by 3 tests: r1[i] = x[i];Executed by:
| 28117-927861 | ||||||
| 65 | for(i=0;i<32
| 28117-899744 | ||||||
| 66 | for(j=0;j<33
| 899744-29691552 | ||||||
| 67 | if(i+j < 33
executed 15745520 times by 3 tests: r2[i+j] += m[i]*q3[j];Executed by:
| 13946032-15745520 | ||||||
| 68 | - | |||||||
| 69 | for(i=0;i<32
| 28117-899744 | ||||||
| 70 | { | - | ||||||
| 71 | carry = r2[i] >> 8; | - | ||||||
| 72 | r2[i+1] += carry; | - | ||||||
| 73 | r2[i] &= 0xff; | - | ||||||
| 74 | } executed 899744 times by 3 tests: end of blockExecuted by:
| 899744 | ||||||
| 75 | - | |||||||
| 76 | for(i=0;i<32
| 28117-899744 | ||||||
| 77 | { | - | ||||||
| 78 | pb += r2[i]; | - | ||||||
| 79 | b = lt(r1[i],pb); | - | ||||||
| 80 | r->v[i] = r1[i]-pb+(b<<8); | - | ||||||
| 81 | pb = b; | - | ||||||
| 82 | } executed 899744 times by 3 tests: end of blockExecuted by:
| 899744 | ||||||
| 83 | - | |||||||
| 84 | - | |||||||
| 85 | - | |||||||
| 86 | - | |||||||
| 87 | - | |||||||
| 88 | reduce_add_sub(r); | - | ||||||
| 89 | reduce_add_sub(r); | - | ||||||
| 90 | } executed 28117 times by 3 tests: end of blockExecuted by:
| 28117 | ||||||
| 91 | - | |||||||
| 92 | void crypto_sign_ed25519_ref_sc25519_from32bytes(crypto_sign_ed25519_ref_sc25519 *r, const unsigned char x[32]) | - | ||||||
| 93 | { | - | ||||||
| 94 | int i; | - | ||||||
| 95 | crypto_uint32 t[64]; | - | ||||||
| 96 | for(i=0;i<32
executed 448000 times by 3 tests: t[i] = x[i];Executed by:
| 14000-448000 | ||||||
| 97 | for(i=32;i<64
executed 448000 times by 3 tests: t[i] = 0;Executed by:
| 14000-448000 | ||||||
| 98 | barrett_reduce(r, t); | - | ||||||
| 99 | } executed 14000 times by 3 tests: end of blockExecuted by:
| 14000 | ||||||
| 100 | - | |||||||
| 101 | void crypto_sign_ed25519_ref_shortsc25519_from16bytes(crypto_sign_ed25519_ref_shortsc25519 *r, const unsigned char x[16]) | - | ||||||
| 102 | { | - | ||||||
| 103 | int i; | - | ||||||
| 104 | for(i=0;i<16
never executed: r->v[i] = x[i]; | 0 | ||||||
| 105 | } never executed: end of block | 0 | ||||||
| 106 | - | |||||||
| 107 | void crypto_sign_ed25519_ref_sc25519_from64bytes(crypto_sign_ed25519_ref_sc25519 *r, const unsigned char x[64]) | - | ||||||
| 108 | { | - | ||||||
| 109 | int i; | - | ||||||
| 110 | crypto_uint32 t[64]; | - | ||||||
| 111 | for(i=0;i<64
executed 899328 times by 2 tests: t[i] = x[i];Executed by:
| 14052-899328 | ||||||
| 112 | barrett_reduce(r, t); | - | ||||||
| 113 | } executed 14052 times by 2 tests: end of blockExecuted by:
| 14052 | ||||||
| 114 | - | |||||||
| 115 | void crypto_sign_ed25519_ref_sc25519_from_shortsc(crypto_sign_ed25519_ref_sc25519 *r, const crypto_sign_ed25519_ref_shortsc25519 *x) | - | ||||||
| 116 | { | - | ||||||
| 117 | int i; | - | ||||||
| 118 | for(i=0;i<16
| 0 | ||||||
| 119 | r->v[i] = x->v[i]; never executed: r->v[i] = x->v[i]; | 0 | ||||||
| 120 | for(i=0;i<16
| 0 | ||||||
| 121 | r->v[16+i] = 0; never executed: r->v[16+i] = 0; | 0 | ||||||
| 122 | } never executed: end of block | 0 | ||||||
| 123 | - | |||||||
| 124 | void crypto_sign_ed25519_ref_sc25519_to32bytes(unsigned char r[32], const crypto_sign_ed25519_ref_sc25519 *x) | - | ||||||
| 125 | { | - | ||||||
| 126 | int i; | - | ||||||
| 127 | for(i=0;i<32
executed 2080 times by 2 tests: r[i] = x->v[i];Executed by:
| 65-2080 | ||||||
| 128 | } executed 65 times by 2 tests: end of blockExecuted by:
| 65 | ||||||
| 129 | - | |||||||
| 130 | int crypto_sign_ed25519_ref_sc25519_iszero_vartime(const crypto_sign_ed25519_ref_sc25519 *x) | - | ||||||
| 131 | { | - | ||||||
| 132 | int i; | - | ||||||
| 133 | for(i=0;i<32
| 0 | ||||||
| 134 | if(x->v[i] != 0
never executed: 0;return 0;never executed: return 0; | 0 | ||||||
| 135 | return never executed: 1;return 1;never executed: return 1; | 0 | ||||||
| 136 | } | - | ||||||
| 137 | - | |||||||
| 138 | int crypto_sign_ed25519_ref_sc25519_isshort_vartime(const crypto_sign_ed25519_ref_sc25519 *x) | - | ||||||
| 139 | { | - | ||||||
| 140 | int i; | - | ||||||
| 141 | for(i=31;i>15
| 0 | ||||||
| 142 | if(x->v[i] != 0
never executed: 0;return 0;never executed: return 0; | 0 | ||||||
| 143 | return never executed: 1;return 1;never executed: return 1; | 0 | ||||||
| 144 | } | - | ||||||
| 145 | - | |||||||
| 146 | int crypto_sign_ed25519_ref_sc25519_lt_vartime(const crypto_sign_ed25519_ref_sc25519 *x, const crypto_sign_ed25519_ref_sc25519 *y) | - | ||||||
| 147 | { | - | ||||||
| 148 | int i; | - | ||||||
| 149 | for(i=31;i>=0
| 0 | ||||||
| 150 | { | - | ||||||
| 151 | if(x->v[i] < y->v[i]
never executed: 1;return 1;never executed: return 1; | 0 | ||||||
| 152 | if(x->v[i] > y->v[i]
never executed: 0;return 0;never executed: return 0; | 0 | ||||||
| 153 | } never executed: end of block | 0 | ||||||
| 154 | return never executed: 0;return 0;never executed: return 0; | 0 | ||||||
| 155 | } | - | ||||||
| 156 | - | |||||||
| 157 | void crypto_sign_ed25519_ref_sc25519_add(crypto_sign_ed25519_ref_sc25519 *r, const crypto_sign_ed25519_ref_sc25519 *x, const crypto_sign_ed25519_ref_sc25519 *y) | - | ||||||
| 158 | { | - | ||||||
| 159 | int i, carry; | - | ||||||
| 160 | for(i=0;i<32
executed 2080 times by 2 tests: r->v[i] = x->v[i] + y->v[i];Executed by:
| 65-2080 | ||||||
| 161 | for(i=0;i<31
| 65-2015 | ||||||
| 162 | { | - | ||||||
| 163 | carry = r->v[i] >> 8; | - | ||||||
| 164 | r->v[i+1] += carry; | - | ||||||
| 165 | r->v[i] &= 0xff; | - | ||||||
| 166 | } executed 2015 times by 2 tests: end of blockExecuted by:
| 2015 | ||||||
| 167 | reduce_add_sub(r); | - | ||||||
| 168 | } executed 65 times by 2 tests: end of blockExecuted by:
| 65 | ||||||
| 169 | - | |||||||
| 170 | void crypto_sign_ed25519_ref_sc25519_sub_nored(crypto_sign_ed25519_ref_sc25519 *r, const crypto_sign_ed25519_ref_sc25519 *x, const crypto_sign_ed25519_ref_sc25519 *y) | - | ||||||
| 171 | { | - | ||||||
| 172 | crypto_uint32 b = 0; | - | ||||||
| 173 | crypto_uint32 t; | - | ||||||
| 174 | int i; | - | ||||||
| 175 | for(i=0;i<32
| 0 | ||||||
| 176 | { | - | ||||||
| 177 | t = x->v[i] - y->v[i] - b; | - | ||||||
| 178 | r->v[i] = t & 255; | - | ||||||
| 179 | b = (t >> 8) & 1; | - | ||||||
| 180 | } never executed: end of block | 0 | ||||||
| 181 | } never executed: end of block | 0 | ||||||
| 182 | - | |||||||
| 183 | void crypto_sign_ed25519_ref_sc25519_mul(crypto_sign_ed25519_ref_sc25519 *r, const crypto_sign_ed25519_ref_sc25519 *x, const crypto_sign_ed25519_ref_sc25519 *y) | - | ||||||
| 184 | { | - | ||||||
| 185 | int i,j,carry; | - | ||||||
| 186 | crypto_uint32 t[64]; | - | ||||||
| 187 | for(i=0;i<64
executed 4160 times by 2 tests: t[i] = 0;Executed by:
| 65-4160 | ||||||
| 188 | - | |||||||
| 189 | for(i=0;i<32
| 65-2080 | ||||||
| 190 | for(j=0;j<32
| 2080-66560 | ||||||
| 191 | t[i+j] += x->v[i] * y->v[j]; executed 66560 times by 2 tests: t[i+j] += x->v[i] * y->v[j];Executed by:
| 66560 | ||||||
| 192 | - | |||||||
| 193 | - | |||||||
| 194 | for(i=0;i<63
| 65-4095 | ||||||
| 195 | { | - | ||||||
| 196 | carry = t[i] >> 8; | - | ||||||
| 197 | t[i+1] += carry; | - | ||||||
| 198 | t[i] &= 0xff; | - | ||||||
| 199 | } executed 4095 times by 2 tests: end of blockExecuted by:
| 4095 | ||||||
| 200 | - | |||||||
| 201 | barrett_reduce(r, t); | - | ||||||
| 202 | } executed 65 times by 2 tests: end of blockExecuted by:
| 65 | ||||||
| 203 | - | |||||||
| 204 | void crypto_sign_ed25519_ref_sc25519_mul_shortsc(crypto_sign_ed25519_ref_sc25519 *r, const crypto_sign_ed25519_ref_sc25519 *x, const crypto_sign_ed25519_ref_shortsc25519 *y) | - | ||||||
| 205 | { | - | ||||||
| 206 | crypto_sign_ed25519_ref_sc25519 t; | - | ||||||
| 207 | crypto_sign_ed25519_ref_sc25519_from_shortsc(&t, y); | - | ||||||
| 208 | crypto_sign_ed25519_ref_sc25519_mul(r, x, &t); | - | ||||||
| 209 | } never executed: end of block | 0 | ||||||
| 210 | - | |||||||
| 211 | void crypto_sign_ed25519_ref_sc25519_window3(signed char r[85], const crypto_sign_ed25519_ref_sc25519 *s) | - | ||||||
| 212 | { | - | ||||||
| 213 | char carry; | - | ||||||
| 214 | int i; | - | ||||||
| 215 | for(i=0;i<10
| 78-780 | ||||||
| 216 | { | - | ||||||
| 217 | r[8*i+0] = s->v[3*i+0] & 7; | - | ||||||
| 218 | r[8*i+1] = (s->v[3*i+0] >> 3) & 7; | - | ||||||
| 219 | r[8*i+2] = (s->v[3*i+0] >> 6) & 7; | - | ||||||
| 220 | r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; | - | ||||||
| 221 | r[8*i+3] = (s->v[3*i+1] >> 1) & 7; | - | ||||||
| 222 | r[8*i+4] = (s->v[3*i+1] >> 4) & 7; | - | ||||||
| 223 | r[8*i+5] = (s->v[3*i+1] >> 7) & 7; | - | ||||||
| 224 | r[8*i+5] ^= (s->v[3*i+2] << 1) & 7; | - | ||||||
| 225 | r[8*i+6] = (s->v[3*i+2] >> 2) & 7; | - | ||||||
| 226 | r[8*i+7] = (s->v[3*i+2] >> 5) & 7; | - | ||||||
| 227 | } executed 780 times by 3 tests: end of blockExecuted by:
| 780 | ||||||
| 228 | r[8*i+0] = s->v[3*i+0] & 7; | - | ||||||
| 229 | r[8*i+1] = (s->v[3*i+0] >> 3) & 7; | - | ||||||
| 230 | r[8*i+2] = (s->v[3*i+0] >> 6) & 7; | - | ||||||
| 231 | r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; | - | ||||||
| 232 | r[8*i+3] = (s->v[3*i+1] >> 1) & 7; | - | ||||||
| 233 | r[8*i+4] = (s->v[3*i+1] >> 4) & 7; | - | ||||||
| 234 | - | |||||||
| 235 | - | |||||||
| 236 | carry = 0; | - | ||||||
| 237 | for(i=0;i<84
| 78-6552 | ||||||
| 238 | { | - | ||||||
| 239 | r[i] += carry; | - | ||||||
| 240 | r[i+1] += r[i] >> 3; | - | ||||||
| 241 | r[i] &= 7; | - | ||||||
| 242 | carry = r[i] >> 2; | - | ||||||
| 243 | r[i] -= carry<<3; | - | ||||||
| 244 | } executed 6552 times by 3 tests: end of blockExecuted by:
| 6552 | ||||||
| 245 | r[84] += carry; | - | ||||||
| 246 | } executed 78 times by 3 tests: end of blockExecuted by:
| 78 | ||||||
| 247 | - | |||||||
| 248 | void crypto_sign_ed25519_ref_sc25519_window5(signed char r[51], const crypto_sign_ed25519_ref_sc25519 *s) | - | ||||||
| 249 | { | - | ||||||
| 250 | char carry; | - | ||||||
| 251 | int i; | - | ||||||
| 252 | for(i=0;i<6
| 0 | ||||||
| 253 | { | - | ||||||
| 254 | r[8*i+0] = s->v[5*i+0] & 31; | - | ||||||
| 255 | r[8*i+1] = (s->v[5*i+0] >> 5) & 31; | - | ||||||
| 256 | r[8*i+1] ^= (s->v[5*i+1] << 3) & 31; | - | ||||||
| 257 | r[8*i+2] = (s->v[5*i+1] >> 2) & 31; | - | ||||||
| 258 | r[8*i+3] = (s->v[5*i+1] >> 7) & 31; | - | ||||||
| 259 | r[8*i+3] ^= (s->v[5*i+2] << 1) & 31; | - | ||||||
| 260 | r[8*i+4] = (s->v[5*i+2] >> 4) & 31; | - | ||||||
| 261 | r[8*i+4] ^= (s->v[5*i+3] << 4) & 31; | - | ||||||
| 262 | r[8*i+5] = (s->v[5*i+3] >> 1) & 31; | - | ||||||
| 263 | r[8*i+6] = (s->v[5*i+3] >> 6) & 31; | - | ||||||
| 264 | r[8*i+6] ^= (s->v[5*i+4] << 2) & 31; | - | ||||||
| 265 | r[8*i+7] = (s->v[5*i+4] >> 3) & 31; | - | ||||||
| 266 | } never executed: end of block | 0 | ||||||
| 267 | r[8*i+0] = s->v[5*i+0] & 31; | - | ||||||
| 268 | r[8*i+1] = (s->v[5*i+0] >> 5) & 31; | - | ||||||
| 269 | r[8*i+1] ^= (s->v[5*i+1] << 3) & 31; | - | ||||||
| 270 | r[8*i+2] = (s->v[5*i+1] >> 2) & 31; | - | ||||||
| 271 | - | |||||||
| 272 | - | |||||||
| 273 | carry = 0; | - | ||||||
| 274 | for(i=0;i<50
| 0 | ||||||
| 275 | { | - | ||||||
| 276 | r[i] += carry; | - | ||||||
| 277 | r[i+1] += r[i] >> 5; | - | ||||||
| 278 | r[i] &= 31; | - | ||||||
| 279 | carry = r[i] >> 4; | - | ||||||
| 280 | r[i] -= carry<<5; | - | ||||||
| 281 | } never executed: end of block | 0 | ||||||
| 282 | r[50] += carry; | - | ||||||
| 283 | } never executed: end of block | 0 | ||||||
| 284 | - | |||||||
| 285 | void crypto_sign_ed25519_ref_sc25519_2interleave2(unsigned char r[127], const crypto_sign_ed25519_ref_sc25519 *s1, const crypto_sign_ed25519_ref_sc25519 *s2) | - | ||||||
| 286 | { | - | ||||||
| 287 | int i; | - | ||||||
| 288 | for(i=0;i<31
| 13922-431582 | ||||||
| 289 | { | - | ||||||
| 290 | r[4*i] = ( s1->v[i] & 3) ^ (( s2->v[i] & 3) << 2); | - | ||||||
| 291 | r[4*i+1] = ((s1->v[i] >> 2) & 3) ^ (((s2->v[i] >> 2) & 3) << 2); | - | ||||||
| 292 | r[4*i+2] = ((s1->v[i] >> 4) & 3) ^ (((s2->v[i] >> 4) & 3) << 2); | - | ||||||
| 293 | r[4*i+3] = ((s1->v[i] >> 6) & 3) ^ (((s2->v[i] >> 6) & 3) << 2); | - | ||||||
| 294 | } executed 431582 times by 2 tests: end of blockExecuted by:
| 431582 | ||||||
| 295 | r[124] = ( s1->v[31] & 3) ^ (( s2->v[31] & 3) << 2); | - | ||||||
| 296 | r[125] = ((s1->v[31] >> 2) & 3) ^ (((s2->v[31] >> 2) & 3) << 2); | - | ||||||
| 297 | r[126] = ((s1->v[31] >> 4) & 3) ^ (((s2->v[31] >> 4) & 3) << 2); | - | ||||||
| 298 | } executed 13922 times by 2 tests: end of blockExecuted by:
| 13922 | ||||||
| Switch to Source code | Preprocessed file |