field.h

Jenkins

field.h

Absolute File Name:

/home/opencoverage/opencoverage/guest-scripts/openssl/src/crypto/ec/curve448/field.h

Line

Source

Count

* Licensed under the OpenSSL license (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

* in the file LICENSE in the source distribution or at

* https://www.openssl.org/source/license.html

* Originally written by Mike Hamburg

#ifndef HEADER_FIELD_H

# define HEADER_FIELD_H

# include "internal/constant_time_locl.h"

# include <string.h>

# include <assert.h>

# include "word.h"

# define NLIMBS (64/sizeof(word_t))

# define X_SER_BYTES 56

# define SER_BYTES 56

# if defined(__GNUC__) || defined(__clang__)

# define INLINE_UNUSED __inline__ __attribute__((__unused__,__always_inline__))

# define RESTRICT __restrict__

# define ALIGNED __attribute__((__aligned__(16)))

# else

# define INLINE_UNUSED ossl_inline

# define RESTRICT

# define ALIGNED

# endif

typedef struct gf_s {

word_t limb[NLIMBS];

} ALIGNED gf_s, gf[1];

/* RFC 7748 support */

# define X_PUBLIC_BYTES X_SER_BYTES

# define X_PRIVATE_BYTES X_PUBLIC_BYTES

# define X_PRIVATE_BITS 448

static INLINE_UNUSED void gf_copy(gf out, const gf a)

{

*out = *a;

}

executed 8435 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

8435

static INLINE_UNUSED void gf_add_RAW(gf out, const gf a, const gf b);

static INLINE_UNUSED void gf_sub_RAW(gf out, const gf a, const gf b);

static INLINE_UNUSED void gf_bias(gf inout, int amount);

static INLINE_UNUSED void gf_weak_reduce(gf inout);

void gf_strong_reduce(gf inout);

void gf_add(gf out, const gf a, const gf b);

void gf_sub(gf out, const gf a, const gf b);

void gf_mul(gf_s * RESTRICT out, const gf a, const gf b);

void gf_mulw_unsigned(gf_s * RESTRICT out, const gf a, uint32_t b);

void gf_sqr(gf_s * RESTRICT out, const gf a);

mask_t gf_isr(gf a, const gf x); /** a^2 x = 1, QNR, or 0 if x=0. Return true if successful */

mask_t gf_eq(const gf x, const gf y);

mask_t gf_lobit(const gf x);

mask_t gf_hibit(const gf x);

void gf_serialize(uint8_t *serial, const gf x, int with_highbit);

mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit,

uint8_t hi_nmask);

# include "f_impl.h" /* Bring in the inline implementations */

# define LIMBPERM(i) (i)

# define LIMB_MASK(i) (((1)<<LIMB_PLACE_VALUE(i))-1)

static const gf ZERO = {{{0}}}, ONE = {{{1}}};

/* Square x, n times. */

static ossl_inline void gf_sqrn(gf_s * RESTRICT y, const gf x, int n)

{

gf tmp;

assert(n > 0);

if (n & 1) {

n & 1	Description
TRUE	evaluated 8078 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 1154 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

1154-8078

gf_sqr(y, x);

n--;

} else {

executed 8078 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

8078

gf_sqr(tmp, x);

gf_sqr(y, tmp);

n -= 2;

}

executed 1154 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

1154

for (; n; n -= 2) {

n	Description
TRUE	evaluated 249264 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 9232 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

9232-249264

gf_sqr(tmp, y);

gf_sqr(y, tmp);

}

executed 249264 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

249264

}

executed 9232 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

9232

# define gf_add_nr gf_add_RAW

/* Subtract mod p. Bias by 2 and don't reduce */

static ossl_inline void gf_sub_nr(gf c, const gf a, const gf b)

{

gf_sub_RAW(c, a, b);

gf_bias(c, 2);

if (GF_HEADROOM < 3)

2 < 3	Description
TRUE	evaluated 1859470 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	never evaluated

0-1859470

104

gf_weak_reduce(c);

executed 1859470 times by 2 tests: gf_weak_reduce(c);

Executed by:

curve448_internal_test
libcrypto.so.1.1

1859470

105

}

executed 1859470 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

1859470

106

107

/* Subtract mod p. Bias by amt but don't reduce. */

108

static ossl_inline void gf_subx_nr(gf c, const gf a, const gf b, int amt)

{

gf_sub_RAW(c, a, b);

gf_bias(c, amt);

if (GF_HEADROOM < amt + 1)

2 < amt + 1	Description
TRUE	evaluated 12182 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	never evaluated

0-12182

113

gf_weak_reduce(c);

executed 12182 times by 2 tests: gf_weak_reduce(c);

Executed by:

curve448_internal_test
libcrypto.so.1.1

12182

114

}

executed 12182 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

12182

115

116

/* Mul by signed int. Not constant-time WRT the sign of that int. */

117

static ossl_inline void gf_mulw(gf c, const gf a, int32_t w)

118

{

119

if (w > 0) {

w > 0	Description
TRUE	evaluated 454272 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 99 times by 1 test Evaluated by: libcrypto.so.1.1

99-454272

120

gf_mulw_unsigned(c, a, w);

121

} else {

executed 454272 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

454272

122

gf_mulw_unsigned(c, a, -w);

123

gf_sub(c, ZERO, c);

124

}

executed 99 times by 1 test: end of block

Executed by:

libcrypto.so.1.1

125

}

126

127

/* Constant time, x = is_z ? z : y */

128

static ossl_inline void gf_cond_sel(gf x, const gf y, const gf z, mask_t is_z)

{

size_t i;

for (i = 0; i < NLIMBS; i++) {

i < (64/sizeof(word_t))	Description
TRUE	evaluated 175968 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 10998 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

10998-175968

133

#if ARCH_WORD_BITS == 32

134

x[0].limb[i] = constant_time_select_32(is_z, z[0].limb[i],

y[0].limb[i]);

#else

/* Must be 64 bit */

x[0].limb[i] = constant_time_select_64(is_z, z[0].limb[i],

139

y[0].limb[i]);

140

#endif

141

}

executed 175968 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

175968

142

}

executed 10998 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

10998

143

144

/* Constant time, if (neg) x=-x; */

145

static ossl_inline void gf_cond_neg(gf x, mask_t neg)

{

gf y;

gf_sub(y, ZERO, x);

gf_cond_sel(x, x, y, neg);

151

}

executed 10998 times by 2 tests: end of block

Executed by:

curve448_internal_test
libcrypto.so.1.1

10998

152

153

/* Constant time, if (swap) (x,y) = (y,x); */

154

static ossl_inline void gf_cond_swap(gf x, gf_s * RESTRICT y, mask_t swap)

{

size_t i;

for (i = 0; i < NLIMBS; i++) {

i < (64/sizeof(word_t))	Description
TRUE	evaluated 14744832 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1
FALSE	evaluated 921552 times by 2 tests Evaluated by: curve448_internal_test libcrypto.so.1.1

921552-14744832

159

#if ARCH_WORD_BITS == 32

160