OpenCoverage

scalar.c

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/ec/curve448/scalar.c

Switch to Source code

Preprocessed file

Line Source Count

1 -

2 -

3 static const c448_word_t MONTGOMERY_FACTOR = (c448_word_t) 0x3bd440fae918bc5; -

4 static const curve448_scalar_t sc_p = { -

5 { -

6 { -

7 (0x2378c292ab5844f3), (0x216cc2728dc58f55), -

8 (0xc44edb49aed63690), (0xffffffff7cca23e9), -

9 (0xffffffffffffffff), (0xffffffffffffffff), -

10 (0x3fffffffffffffff) -

11 } -

12 } -

13 }, sc_r2 = { -

14 { -

15 { -

16 -

17 (0xe3539257049b9b60), (0x7af32c4bc1b195d9), -

18 (0x0d66de2388ea1859), (0xae17cf725ee4d838), -

19 (0x1a9cc14ba3c47c44), (0x2052bcb7e4d070af), -

20 (0x3402a939f823b729) -

21 } -

22 } -

23 }; -

24 -

25 -

26 -

27 const curve448_scalar_t curve448_scalar_one = {{{1}}}; -

28 const curve448_scalar_t curve448_scalar_zero = {{{0}}}; -

29 -

30 -

31 -

32 -

33 -

34 static void sc_subx(curve448_scalar_t out, -

35 const c448_word_t accum[((446-1)/64 +1)], -

36 const curve448_scalar_t sub, -

37 const curve448_scalar_t p, c448_word_t extra) -

38 { -

39 c448_dsword_t chain = 0; -

40 unsigned int i; -

41 c448_word_t borrow; -

42 -

for (i = 0; i < ((446-1)/64 +1)

i < ((446-1)/64 +1)	Description
TRUE	evaluated 7588 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 1084 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

; i++) {

1084-7588

44 chain = (chain + accum[i]) - sub->limb[i]; -

45 out->limb[i] = (c448_word_t)chain; -

46 chain >>= 64; -

}

executed 7588 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

7588

48 borrow = (c448_word_t)chain + extra; -

49 -

50 chain = 0; -

for (i = 0; i < ((446-1)/64 +1)

i < ((446-1)/64 +1)	Description
TRUE	evaluated 7588 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 1084 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

; i++) {

1084-7588

52 chain = (chain + out->limb[i]) + (p->limb[i] & borrow); -

53 out->limb[i] = (c448_word_t)chain; -

54 chain >>= 64; -

}

executed 7588 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

7588

}

executed 1084 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

1084

57 -

58 static void sc_montmul(curve448_scalar_t out, const curve448_scalar_t a, -

59 const curve448_scalar_t b) -

60 { -

61 unsigned int i, j; -

62 c448_word_t accum[((446-1)/64 +1) + 1] = { 0 }; -

63 c448_word_t hi_carry = 0; -

64 -

for (i = 0; i < ((446-1)/64 +1)

i < ((446-1)/64 +1)	Description
TRUE	evaluated 5166 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 738 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

; i++) {

738-5166

66 c448_word_t mand = a->limb[i]; -

67 const c448_word_t *mier = b->limb; -

68 -

69 c448_dword_t chain = 0; -

for (j = 0; j < ((446-1)/64 +1)

j < ((446-1)/64 +1)	Description
TRUE	evaluated 36162 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 5166 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

; j++) {

5166-36162

71 chain += ((c448_dword_t) mand) * mier[j] + accum[j]; -

72 accum[j] = (c448_word_t)chain; -

73 chain >>= 64; -

}

executed 36162 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

36162

75 accum[j] = (c448_word_t)chain; -

76 -

77 mand = accum[0] * MONTGOMERY_FACTOR; -

78 chain = 0; -

79 mier = sc_p->limb; -

for (j = 0; j < ((446-1)/64 +1)

j < ((446-1)/64 +1)	Description
TRUE	evaluated 36162 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 5166 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

; j++) {

5166-36162

81 chain += (c448_dword_t) mand *mier[j] + accum[j]; -

if (j

j	Description
TRUE	evaluated 30996 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 5166 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

)

5166-30996

accum[j - 1] = (c448_word_t)chain;

executed 30996 times by 2 tests: accum[j - 1] = (c448_word_t)chain;

Executed by:

curve448_internal_test
libcrypto.so.1.1

30996

84 chain >>= 64; -

}

executed 36162 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

36162

86 chain += accum[j]; -

87 chain += hi_carry; -

88 accum[j - 1] = (c448_word_t)chain; -

89 hi_carry = chain >> 64; -

}

executed 5166 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

5166

91 -

92 sc_subx(out, accum, sc_p, sc_p, hi_carry); -

}

executed 738 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

738

94 -

95 void curve448_scalar_mul(curve448_scalar_t out, const curve448_scalar_t a, -

96 const curve448_scalar_t b) -

97 { -

98 sc_montmul(out, a, b); -

99 sc_montmul(out, out, sc_r2); -

100

}

executed 274 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

274

101 -

102 void curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a, -

103 const curve448_scalar_t b) -

104 { -

105 sc_subx(out, a->limb, b, sc_p, 0); -

106

}

executed 9 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

107 -

108 void curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a, -

109 const curve448_scalar_t b) -

110 { -

111 c448_dword_t chain = 0; -

112 unsigned int i; -

113 -

114

for (i = 0; i < ((446-1)/64 +1)

i < ((446-1)/64 +1)	Description
TRUE	evaluated 2359 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 337 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

; i++) {

337-2359

115 chain = (chain + a->limb[i]) + b->limb[i]; -

116 out->limb[i] = (c448_word_t)chain; -

117 chain >>= 64; -

118

}

executed 2359 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

2359

119 sc_subx(out, out->limb, sc_p, sc_p, (c448_word_t)chain); -

120

}

executed 337 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

337

121 -

122 static inline void scalar_decode_short(curve448_scalar_t s, -

123 const unsigned char *ser, -

124 size_t nbytes) -

125 { -

126 size_t i, j, k = 0; -

127 -

128

for (i = 0; i < ((446-1)/64 +1)

i < ((446-1)/64 +1)	Description
TRUE	evaluated 2660 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 380 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

; i++) {

380-2660

129 c448_word_t out = 0; -

130 -

131

for (j = 0; j < sizeof(c448_word_t)

j < sizeof(c448_word_t)	Description
TRUE	evaluated 15051 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 1743 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

&& k < nbytes

k < nbytes	Description
TRUE	evaluated 14134 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 917 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

; j++, k++)

917-15051

132

out |= ((c448_word_t) ser[k]) << (8 * j);

executed 14134 times by 2 tests: out |= ((c448_word_t) ser[k]) << (8 * j);

Executed by:

curve448_internal_test
libcrypto.so.1.1

14134

133 s->limb[i] = out; -

134

}

executed 2660 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

2660

135

}

executed 380 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

380

136 -

137 c448_error_t curve448_scalar_decode( -

138 curve448_scalar_t s, -

139 const unsigned char ser[56]) -

140 { -

141 unsigned int i; -

142 c448_dsword_t accum = 0; -

143 -

144 scalar_decode_short(s, ser, 56); -

145

for (i = 0; i < ((446-1)/64 +1)

i < ((446-1)/64 +1)	Description
TRUE	evaluated 1330 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 190 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

; i++)

190-1330

146

accum = (accum + s->limb[i] - sc_p->limb[i]) >> 64;

executed 1330 times by 2 tests: accum = (accum + s->limb[i] - sc_p->limb[i]) >> 64;

Executed by:

curve448_internal_test
libcrypto.so.1.1

1330

147 -

148 -

149 curve448_scalar_mul(s, s, curve448_scalar_one); -

150 -

151

return

executed 190 times by 2 tests: return c448_succeed_if(~constant_time_is_zero_32((uint32_t)accum));

Executed by:

curve448_internal_test
libcrypto.so.1.1

c448_succeed_if(~constant_time_is_zero_32((uint32_t)accum));

executed 190 times by 2 tests: return c448_succeed_if(~constant_time_is_zero_32((uint32_t)accum));

Executed by:

curve448_internal_test
libcrypto.so.1.1

190

152 } -

153 -

154 void curve448_scalar_destroy(curve448_scalar_t scalar) -

155 { -

156 OPENSSL_cleanse(scalar, sizeof(curve448_scalar_t)); -

157

}

executed 459 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

459

158 -

159 void curve448_scalar_decode_long(curve448_scalar_t s, -

160 const unsigned char *ser, size_t ser_len) -

161 { -

162 size_t i; -

163 curve448_scalar_t t1, t2; -

164 -

165

if (ser_len == 0

ser_len == 0	Description
TRUE	never evaluated
FALSE	evaluated 190 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

) {

0-190

166 curve448_scalar_copy(s, curve448_scalar_zero); -

167

return;

never executed: return;

168 } -

169 -

170 i = ser_len - (ser_len % 56); -

171

if (i == ser_len

i == ser_len	Description
TRUE	evaluated 59 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 131 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

)

59-131

172

i -= 56;

executed 59 times by 1 test: i -= 56;

Executed by:

libcrypto.so.1.1

173 -

174 scalar_decode_short(t1, &ser[i], ser_len - i); -

175 -

176

if (ser_len == sizeof(curve448_scalar_t)

ser_len == siz...e448_scalar_t)	Description
TRUE	evaluated 59 times by 1 test Evaluated by: libcrypto.so.1.1
FALSE	evaluated 131 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

) {

59-131

177 -

178 ((void) (0)) -

179 ; -

180 -

181 curve448_scalar_mul(s, t1, curve448_scalar_one); -

182 curve448_scalar_destroy(t1); -

183

return;

executed 59 times by 1 test: return;

Executed by:

libcrypto.so.1.1

184 } -

185 -

186

while (i

i	Description
TRUE	evaluated 190 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 131 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

) {

131-190

187 i -= 56; -

188 sc_montmul(t1, t1, sc_r2); -

189 (void)curve448_scalar_decode(t2, ser + i); -

190 curve448_scalar_add(t1, t1, t2); -

191

}

executed 190 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

190

192 -

193 curve448_scalar_copy(s, t1); -

194 curve448_scalar_destroy(t1); -

195 curve448_scalar_destroy(t2); -

196

}

executed 131 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

131

197 -

198 void curve448_scalar_encode(unsigned char ser[56], -

199 const curve448_scalar_t s) -

200 { -

201 unsigned int i, j, k = 0; -

202 -

203

for (i = 0; i < ((446-1)/64 +1)

i < ((446-1)/64 +1)	Description
TRUE	evaluated 175 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 25 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

; i++) {

25-175

204

for (j = 0; j < sizeof(c448_word_t)

j < sizeof(c448_word_t)	Description
TRUE	evaluated 1400 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 175 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

; j++, k++)

175-1400

205

ser[k] = s->limb[i] >> (8 * j);

executed 1400 times by 2 tests: ser[k] = s->limb[i] >> (8 * j);

Executed by:

curve448_internal_test
libcrypto.so.1.1

1400

206

}

executed 175 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

175

207

}

executed 25 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

208 -

209 void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a) -

210 { -

211 c448_word_t mask = 0 - (a->limb[0] & 1); -

212 c448_dword_t chain = 0; -

213 unsigned int i; -

214 -

215

for (i = 0; i < ((446-1)/64 +1)

i < ((446-1)/64 +1)	Description
TRUE	evaluated 2149 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 307 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

; i++) {

307-2149

216 chain = (chain + a->limb[i]) + (sc_p->limb[i] & mask); -

217 out->limb[i] = (c448_word_t)chain; -

218 chain >>= 64; -

219

}

executed 2149 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

2149

220

for (i = 0; i < ((446-1)/64 +1) - 1

i < ((446-1)/64 +1) - 1	Description
TRUE	evaluated 1842 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 307 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

; i++)

307-1842

221

out->limb[i] = out->limb[i] >> 1 | out->limb[i + 1] << (64 - 1);

executed 1842 times by 2 tests: out->limb[i] = out->limb[i] >> 1 | out->limb[i + 1] << (64 - 1);

Executed by:

curve448_internal_test
libcrypto.so.1.1

1842

222 out->limb[i] = out->limb[i] >> 1 | (c448_word_t)(chain << (64 - 1)); -

223

}

executed 307 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

307

Switch to Source code

Preprocessed file

Generated by Squish Coco 4.2.2