fuzz_early_setup: 23| 2|void fuzz_early_setup(void) { 24| | /* Set stderr to point to normal stderr by default */ 25| | fuzz.fake_stderr = stderr; 26| 2|} fuzz_common_setup: 28| 1|void fuzz_common_setup(void) { 29| 1| disallow_core(); 30| 1| fuzz.fuzzing = 1; 31| 1| fuzz.wrapfds = 1; 32| 1| fuzz.do_jmp = 1; 33| 1| fuzz.input = m_malloc(sizeof(buffer)); 34| 1| _dropbear_log = fuzz_dropbear_log; 35| 1| crypto_init(); 36| 1| fuzz_seed("start", 5); 37| | /* let any messages get flushed */ 38| 1| setlinebuf(stdout); 39| |#if DEBUG_TRACE 40| | if (debug_trace) 41| | { 42| | fprintf(stderr, "Dropbear fuzzer: -v specified, not disabling stderr output\n"); 43| | } 44| | else 45| |#endif 46| 1| if (getenv("DROPBEAR_KEEP_STDERR")) { ------------------ | Branch (46:9): [True: 0, False: 1] ------------------ 47| 0| fprintf(stderr, "Dropbear fuzzer: DROPBEAR_KEEP_STDERR, not disabling stderr output\n"); 48| 0| } 49| 1| else 50| 1| { 51| 1| fprintf(stderr, "Dropbear fuzzer: Disabling stderr output\n"); 52| 1| fuzz.fake_stderr = fopen("/dev/null", "w"); 53| | assert(fuzz.fake_stderr); ------------------ | Branch (53:9): [True: 0, False: 1] | Branch (53:9): [True: 1, False: 0] ------------------ 54| 1| } 55| 1|} fuzz_set_input: 57| 2.92k|int fuzz_set_input(const uint8_t *Data, size_t Size) { 58| | 59| 2.92k| fuzz.input->data = (unsigned char*)Data; 60| 2.92k| fuzz.input->size = Size; 61| 2.92k| fuzz.input->len = Size; 62| 2.92k| fuzz.input->pos = 0; 63| | 64| 2.92k| memset(&ses, 0x0, sizeof(ses)); 65| 2.92k| memset(&svr_ses, 0x0, sizeof(svr_ses)); 66| 2.92k| memset(&cli_ses, 0x0, sizeof(cli_ses)); 67| 2.92k| wrapfd_setup(fuzz.input); 68| | // printhex("input", fuzz.input->data, fuzz.input->len); 69| | 70| 2.92k| fuzz_seed(fuzz.input->data, MIN(fuzz.input->len, 16)); ------------------ | Branch (70:33): [True: 231, False: 2.69k] ------------------ 71| | 72| 2.92k| return DROPBEAR_SUCCESS; ------------------ | | 111| 2.92k|#define DROPBEAR_SUCCESS 0 ------------------ 73| 2.92k|} fuzz-common.c:fuzz_dropbear_log: 84| 679|static void fuzz_dropbear_log(int UNUSED(priority), const char* UNUSED(format), va_list UNUSED(param)) { 85| | /* No print */ 86| 679|} wrapfd_setup: 32| 2.92k|void wrapfd_setup(buffer *buf) { 33| 2.92k| TRACE(("wrapfd_setup")) 34| | 35| | // clean old ones 36| 2.92k| int i; 37| 2.92k| for (i = 0; i <= wrapfd_maxfd; i++) { ------------------ | Branch (37:14): [True: 0, False: 2.92k] ------------------ 38| 0| if (wrap_fds[i].mode != UNUSED) { ------------------ | Branch (38:7): [True: 0, False: 0] ------------------ 39| 0| wrapfd_remove(i); 40| 0| } 41| 0| } 42| 2.92k| wrapfd_maxfd = -1; 43| | 44| 2.92k| memset(rand_state, 0x0, sizeof(rand_state)); 45| 2.92k| wrapfd_setseed(50); 46| 2.92k| input_buf = buf; 47| 2.92k|} wrapfd_setseed: 49| 2.92k|void wrapfd_setseed(uint32_t seed) { 50| 2.92k| memcpy(rand_state, &seed, sizeof(seed)); 51| 2.92k| nrand48(rand_state); 52| 2.92k|} LLVMFuzzerTestOneInput: 15| 2.92k|int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { 16| 2.92k| static int once = 0; 17| 2.92k| if (!once) { ------------------ | Branch (17:6): [True: 1, False: 2.92k] ------------------ 18| 1| setup_fuzzer(); 19| 1| verifydata = buf_new(30); 20| 1| buf_putstring(verifydata, "x", 1); 21| 1| once = 1; 22| 1| } 23| | 24| 2.92k| if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { ------------------ | | 112| 2.92k|#define DROPBEAR_FAILURE -1 ------------------ | Branch (24:6): [True: 0, False: 2.92k] ------------------ 25| 0| return 0; 26| 0| } 27| | 28| 2.92k| m_malloc_set_epoch(1); 29| | 30| 2.92k| if (setjmp(fuzz.jmp) == 0) { ------------------ | Branch (30:6): [True: 2.92k, False: 0] ------------------ 31| 2.92k| sign_key *key = new_sign_key(); 32| 2.92k| enum signkey_type keytype = DROPBEAR_SIGNKEY_ANY; 33| 2.92k| if (buf_get_pub_key(fuzz.input, key, &keytype) == DROPBEAR_SUCCESS) { ------------------ | | 111| 2.92k|#define DROPBEAR_SUCCESS 0 ------------------ | Branch (33:7): [True: 1.79k, False: 1.12k] ------------------ 34| 1.79k| enum signature_type sigtype; 35| 1.79k| if (keytype == DROPBEAR_SIGNKEY_RSA) { ------------------ | Branch (35:8): [True: 913, False: 881] ------------------ 36| | /* Flip a coin to decide rsa signature type */ 37| 913| int flag = buf_getbyte(fuzz.input); 38| 913| if (flag & 0x01) { ------------------ | Branch (38:9): [True: 14, False: 899] ------------------ 39| 14| sigtype = DROPBEAR_SIGNATURE_RSA_SHA256; 40| 899| } else { 41| 899| sigtype = DROPBEAR_SIGNATURE_RSA_SHA1; 42| 899| } 43| 913| } else { 44| 881| sigtype = signature_type_from_signkey(keytype); 45| 881| } 46| 1.79k| if (buf_verify(fuzz.input, key, sigtype, verifydata) == DROPBEAR_SUCCESS) { ------------------ | | 111| 1.79k|#define DROPBEAR_SUCCESS 0 ------------------ | Branch (46:8): [True: 130, False: 1.66k] ------------------ 47| | /* The fuzzer is capable of generating keys with a signature to match. 48| | We don't want false positives if the key is bogus, since a client/server 49| | wouldn't be trusting a bogus key anyway */ 50| 130| int boguskey = 0; 51| | 52| 130| if (keytype == DROPBEAR_SIGNKEY_DSS) { ------------------ | Branch (52:9): [True: 128, False: 2] ------------------ 53| | /* So far have seen dss keys with bad p/q/g domain parameters */ 54| 128| int pprime, qprime, trials; 55| 128| trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->p)); 56| 128| assert(mp_prime_is_prime(key->dsskey->p, trials, &pprime) == MP_OKAY); ------------------ | Branch (56:6): [True: 0, False: 128] | Branch (56:6): [True: 128, False: 0] ------------------ 57| 128| trials = mp_prime_rabin_miller_trials(mp_count_bits(key->dsskey->q)); 58| 128| assert(mp_prime_is_prime(key->dsskey->q, trials, &qprime) == MP_OKAY); ------------------ | Branch (58:6): [True: 0, False: 128] | Branch (58:6): [True: 128, False: 0] ------------------ 59| 128| boguskey = !(pprime && qprime); ------------------ | Branch (59:19): [True: 0, False: 128] | Branch (59:29): [True: 0, False: 0] ------------------ 60| | /* Could also check g**q mod p == 1 */ 61| 128| } 62| | 63| 130| if (keytype == DROPBEAR_SIGNKEY_SK_ED25519 || keytype == DROPBEAR_SIGNKEY_ED25519) { ------------------ | Branch (63:9): [True: 2, False: 128] | Branch (63:51): [True: 0, False: 128] ------------------ 64| 2| dropbear_ed25519_key **eck = (dropbear_ed25519_key**)signkey_key_ptr(key, keytype); 65| 2| if (eck && *eck) { ------------------ | Branch (65:10): [True: 2, False: 0] | Branch (65:17): [True: 2, False: 0] ------------------ 66| 2| int i; 67| | /* we've seen all-zero keys validate */ 68| 2| boguskey = 1; 69| 66| for (i = 0; i < CURVE25519_LEN; i++) { ------------------ | | 34| 66|#define CURVE25519_LEN 32 ------------------ | Branch (69:19): [True: 64, False: 2] ------------------ 70| 64| if ((*eck)->priv[i] != 0x00 || (*eck)->pub[i] != 0x00) { ------------------ | Branch (70:12): [True: 0, False: 64] | Branch (70:39): [True: 0, False: 64] ------------------ 71| 0| boguskey = 0; 72| 0| } 73| 64| } 74| | 75| 2| } 76| 2| } 77| | 78| 130| if (!boguskey) { ------------------ | Branch (78:9): [True: 0, False: 130] ------------------ 79| 0| printf("Random key/signature managed to verify!\n"); 80| 0| abort(); 81| 0| } 82| | 83| | 84| 130| } 85| 1.79k| } 86| 2.92k| sign_key_free(key); 87| 2.92k| m_malloc_free_epoch(1, 0); 88| 2.92k| } else { 89| 0| m_malloc_free_epoch(1, 1); 90| 0| TRACE(("dropbear_exit longjmped")) 91| | /* dropbear_exit jumped here */ 92| 0| } 93| | 94| 2.92k| return 0; 95| 2.92k|} fuzzer-verify.c:setup_fuzzer: 8| 1|static void setup_fuzzer(void) { 9| 1| fuzz_common_setup(); 10| 1|} sha1_init: 164| 1.02k|{ 165| 1.02k| LTC_ARGCHK(md != NULL); ------------------ | | 32| 1.02k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.02k] | | | Branch (32:87): [Folded, False: 1.02k] | | ------------------ ------------------ 166| 1.02k| md->sha1.state[0] = 0x67452301UL; 167| 1.02k| md->sha1.state[1] = 0xefcdab89UL; 168| 1.02k| md->sha1.state[2] = 0x98badcfeUL; 169| 1.02k| md->sha1.state[3] = 0x10325476UL; 170| 1.02k| md->sha1.state[4] = 0xc3d2e1f0UL; 171| 1.02k| md->sha1.curlen = 0; 172| 1.02k| md->sha1.length = 0; 173| 1.02k| return CRYPT_OK; 174| 1.02k|} sha1_done: 192| 1.02k|{ 193| 1.02k| int i; 194| | 195| 1.02k| LTC_ARGCHK(md != NULL); ------------------ | | 32| 1.02k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.02k] | | | Branch (32:87): [Folded, False: 1.02k] | | ------------------ ------------------ 196| 1.02k| LTC_ARGCHK(out != NULL); ------------------ | | 32| 1.02k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.02k] | | | Branch (32:87): [Folded, False: 1.02k] | | ------------------ ------------------ 197| | 198| 1.02k| if (md->sha1.curlen >= sizeof(md->sha1.buf)) { ------------------ | Branch (198:9): [True: 0, False: 1.02k] ------------------ 199| 0| return CRYPT_INVALID_ARG; 200| 0| } 201| | 202| | /* increase the length of the message */ 203| 1.02k| md->sha1.length += md->sha1.curlen * 8; 204| | 205| | /* append the '1' bit */ 206| 1.02k| md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80; 207| | 208| | /* if the length is currently above 56 bytes we append zeros 209| | * then compress. Then we can fall back to padding zeros and length 210| | * encoding like normal. 211| | */ 212| 1.02k| if (md->sha1.curlen > 56) { ------------------ | Branch (212:9): [True: 0, False: 1.02k] ------------------ 213| 0| while (md->sha1.curlen < 64) { ------------------ | Branch (213:16): [True: 0, False: 0] ------------------ 214| 0| md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; 215| 0| } 216| 0| sha1_compress(md, md->sha1.buf); 217| 0| md->sha1.curlen = 0; 218| 0| } 219| | 220| | /* pad upto 56 bytes of zeroes */ 221| 52.1k| while (md->sha1.curlen < 56) { ------------------ | Branch (221:12): [True: 51.1k, False: 1.02k] ------------------ 222| 51.1k| md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; 223| 51.1k| } 224| | 225| | /* store length */ 226| 1.02k| STORE64H(md->sha1.length, md->sha1.buf+56); ------------------ | | 101| 1.02k|#define STORE64H(x, y) \ | | 102| 1.02k|do { ulong64 __t = __builtin_bswap64 ((x)); \ | | 103| 1.02k| XMEMCPY ((y), &__t, 8); } while(0) | | ------------------ | | | | 39| 1.02k|#define XMEMCPY memcpy | | ------------------ | | | Branch (103:39): [Folded, False: 1.02k] | | ------------------ ------------------ 227| 1.02k| sha1_compress(md, md->sha1.buf); 228| | 229| | /* copy output */ 230| 6.13k| for (i = 0; i < 5; i++) { ------------------ | Branch (230:17): [True: 5.11k, False: 1.02k] ------------------ 231| 5.11k| STORE32H(md->sha1.state[i], out+(4*i)); ------------------ | | 62| 5.11k|#define STORE32H(x, y) \ | | 63| 5.11k|do { ulong32 __t = __builtin_bswap32 ((x)); \ | | 64| 5.11k| XMEMCPY ((y), &__t, 4); } while(0) | | ------------------ | | | | 39| 5.11k|#define XMEMCPY memcpy | | ------------------ | | | Branch (64:39): [Folded, False: 5.11k] | | ------------------ ------------------ 232| 5.11k| } 233| |#ifdef LTC_CLEAN_STACK 234| | zeromem(md, sizeof(hash_state)); 235| |#endif 236| 1.02k| return CRYPT_OK; 237| 1.02k|} sha1.c:sha1_compress: 47| 1.02k|{ 48| 1.02k| ulong32 a,b,c,d,e,W[80],i; 49| 1.02k|#ifdef LTC_SMALL_CODE 50| 1.02k| ulong32 t; 51| 1.02k|#endif 52| | 53| | /* copy the state into 512-bits into W[0..15] */ 54| 17.3k| for (i = 0; i < 16; i++) { ------------------ | Branch (54:17): [True: 16.3k, False: 1.02k] ------------------ 55| 16.3k| LOAD32H(W[i], buf + (4*i)); ------------------ | | 66| 16.3k|#define LOAD32H(x, y) \ | | 67| 16.3k|do { XMEMCPY (&(x), (y), 4); \ | | ------------------ | | | | 39| 16.3k|#define XMEMCPY memcpy | | ------------------ | | 68| 16.3k| (x) = __builtin_bswap32 ((x)); } while(0) | | ------------------ | | | Branch (68:46): [Folded, False: 16.3k] | | ------------------ ------------------ 56| 16.3k| } 57| | 58| | /* copy state */ 59| 1.02k| a = md->sha1.state[0]; 60| 1.02k| b = md->sha1.state[1]; 61| 1.02k| c = md->sha1.state[2]; 62| 1.02k| d = md->sha1.state[3]; 63| 1.02k| e = md->sha1.state[4]; 64| | 65| | /* expand it */ 66| 66.4k| for (i = 16; i < 80; i++) { ------------------ | Branch (66:18): [True: 65.4k, False: 1.02k] ------------------ 67| 65.4k| W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1); 68| 65.4k| } 69| | 70| | /* compress */ 71| | /* round one */ 72| 1.02k| #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30); 73| 1.02k| #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30); 74| 1.02k| #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30); 75| 1.02k| #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30); 76| | 77| 1.02k|#ifdef LTC_SMALL_CODE 78| | 79| 21.4k| for (i = 0; i < 20; ) { ------------------ | Branch (79:17): [True: 20.4k, False: 1.02k] ------------------ 80| 20.4k| FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; ------------------ | | 72| 20.4k| #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30); | | ------------------ | | | | 275| 20.4k|#define ROLc(word,i) ({ \ | | | | 276| 20.4k| ulong32 __ROLc_tmp = (word); \ | | | | 277| 20.4k| __asm__ ("roll %2, %0" : \ | | | | 278| 20.4k| "=r" (__ROLc_tmp) : \ | | | | 279| 20.4k| "0" (__ROLc_tmp), \ | | | | 280| 20.4k| "I" (i)); \ | | | | 281| 20.4k| __ROLc_tmp; \ | | | | 282| 20.4k| }) | | ------------------ | | #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30); | | ------------------ | | | | 37| 20.4k|#define F0(x,y,z) (z ^ (x & (y ^ z))) | | ------------------ | | #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30); | | ------------------ | | | | 275| 20.4k|#define ROLc(word,i) ({ \ | | | | 276| 20.4k| ulong32 __ROLc_tmp = (word); \ | | | | 277| 20.4k| __asm__ ("roll %2, %0" : \ | | | | 278| 20.4k| "=r" (__ROLc_tmp) : \ | | | | 279| 20.4k| "0" (__ROLc_tmp), \ | | | | 280| 20.4k| "I" (i)); \ | | | | 281| 20.4k| __ROLc_tmp; \ | | | | 282| 20.4k| }) | | ------------------ ------------------ 81| 20.4k| } 82| | 83| 21.4k| for (; i < 40; ) { ------------------ | Branch (83:12): [True: 20.4k, False: 1.02k] ------------------ 84| 20.4k| FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; ------------------ | | 73| 20.4k| #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30); | | ------------------ | | | | 275| 20.4k|#define ROLc(word,i) ({ \ | | | | 276| 20.4k| ulong32 __ROLc_tmp = (word); \ | | | | 277| 20.4k| __asm__ ("roll %2, %0" : \ | | | | 278| 20.4k| "=r" (__ROLc_tmp) : \ | | | | 279| 20.4k| "0" (__ROLc_tmp), \ | | | | 280| 20.4k| "I" (i)); \ | | | | 281| 20.4k| __ROLc_tmp; \ | | | | 282| 20.4k| }) | | ------------------ | | #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30); | | ------------------ | | | | 38| 20.4k|#define F1(x,y,z) (x ^ y ^ z) | | ------------------ | | #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30); | | ------------------ | | | | 275| 20.4k|#define ROLc(word,i) ({ \ | | | | 276| 20.4k| ulong32 __ROLc_tmp = (word); \ | | | | 277| 20.4k| __asm__ ("roll %2, %0" : \ | | | | 278| 20.4k| "=r" (__ROLc_tmp) : \ | | | | 279| 20.4k| "0" (__ROLc_tmp), \ | | | | 280| 20.4k| "I" (i)); \ | | | | 281| 20.4k| __ROLc_tmp; \ | | | | 282| 20.4k| }) | | ------------------ ------------------ 85| 20.4k| } 86| | 87| 21.4k| for (; i < 60; ) { ------------------ | Branch (87:12): [True: 20.4k, False: 1.02k] ------------------ 88| 20.4k| FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; ------------------ | | 74| 20.4k| #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30); | | ------------------ | | | | 275| 20.4k|#define ROLc(word,i) ({ \ | | | | 276| 20.4k| ulong32 __ROLc_tmp = (word); \ | | | | 277| 20.4k| __asm__ ("roll %2, %0" : \ | | | | 278| 20.4k| "=r" (__ROLc_tmp) : \ | | | | 279| 20.4k| "0" (__ROLc_tmp), \ | | | | 280| 20.4k| "I" (i)); \ | | | | 281| 20.4k| __ROLc_tmp; \ | | | | 282| 20.4k| }) | | ------------------ | | #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30); | | ------------------ | | | | 39| 20.4k|#define F2(x,y,z) ((x & y) | (z & (x | y))) | | ------------------ | | #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30); | | ------------------ | | | | 275| 20.4k|#define ROLc(word,i) ({ \ | | | | 276| 20.4k| ulong32 __ROLc_tmp = (word); \ | | | | 277| 20.4k| __asm__ ("roll %2, %0" : \ | | | | 278| 20.4k| "=r" (__ROLc_tmp) : \ | | | | 279| 20.4k| "0" (__ROLc_tmp), \ | | | | 280| 20.4k| "I" (i)); \ | | | | 281| 20.4k| __ROLc_tmp; \ | | | | 282| 20.4k| }) | | ------------------ ------------------ 89| 20.4k| } 90| | 91| 21.4k| for (; i < 80; ) { ------------------ | Branch (91:12): [True: 20.4k, False: 1.02k] ------------------ 92| 20.4k| FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; ------------------ | | 75| 20.4k| #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30); | | ------------------ | | | | 275| 20.4k|#define ROLc(word,i) ({ \ | | | | 276| 20.4k| ulong32 __ROLc_tmp = (word); \ | | | | 277| 20.4k| __asm__ ("roll %2, %0" : \ | | | | 278| 20.4k| "=r" (__ROLc_tmp) : \ | | | | 279| 20.4k| "0" (__ROLc_tmp), \ | | | | 280| 20.4k| "I" (i)); \ | | | | 281| 20.4k| __ROLc_tmp; \ | | | | 282| 20.4k| }) | | ------------------ | | #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30); | | ------------------ | | | | 40| 20.4k|#define F3(x,y,z) (x ^ y ^ z) | | ------------------ | | #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30); | | ------------------ | | | | 275| 20.4k|#define ROLc(word,i) ({ \ | | | | 276| 20.4k| ulong32 __ROLc_tmp = (word); \ | | | | 277| 20.4k| __asm__ ("roll %2, %0" : \ | | | | 278| 20.4k| "=r" (__ROLc_tmp) : \ | | | | 279| 20.4k| "0" (__ROLc_tmp), \ | | | | 280| 20.4k| "I" (i)); \ | | | | 281| 20.4k| __ROLc_tmp; \ | | | | 282| 20.4k| }) | | ------------------ ------------------ 93| 20.4k| } 94| | 95| |#else 96| | 97| | for (i = 0; i < 20; ) { 98| | FF0(a,b,c,d,e,i++); 99| | FF0(e,a,b,c,d,i++); 100| | FF0(d,e,a,b,c,i++); 101| | FF0(c,d,e,a,b,i++); 102| | FF0(b,c,d,e,a,i++); 103| | } 104| | 105| | /* round two */ 106| | for (; i < 40; ) { 107| | FF1(a,b,c,d,e,i++); 108| | FF1(e,a,b,c,d,i++); 109| | FF1(d,e,a,b,c,i++); 110| | FF1(c,d,e,a,b,i++); 111| | FF1(b,c,d,e,a,i++); 112| | } 113| | 114| | /* round three */ 115| | for (; i < 60; ) { 116| | FF2(a,b,c,d,e,i++); 117| | FF2(e,a,b,c,d,i++); 118| | FF2(d,e,a,b,c,i++); 119| | FF2(c,d,e,a,b,i++); 120| | FF2(b,c,d,e,a,i++); 121| | } 122| | 123| | /* round four */ 124| | for (; i < 80; ) { 125| | FF3(a,b,c,d,e,i++); 126| | FF3(e,a,b,c,d,i++); 127| | FF3(d,e,a,b,c,i++); 128| | FF3(c,d,e,a,b,i++); 129| | FF3(b,c,d,e,a,i++); 130| | } 131| |#endif 132| | 133| 1.02k| #undef FF0 134| 1.02k| #undef FF1 135| 1.02k| #undef FF2 136| 1.02k| #undef FF3 137| | 138| | /* store */ 139| 1.02k| md->sha1.state[0] = md->sha1.state[0] + a; 140| 1.02k| md->sha1.state[1] = md->sha1.state[1] + b; 141| 1.02k| md->sha1.state[2] = md->sha1.state[2] + c; 142| 1.02k| md->sha1.state[3] = md->sha1.state[3] + d; 143| 1.02k| md->sha1.state[4] = md->sha1.state[4] + e; 144| | 145| 1.02k| return CRYPT_OK; 146| 1.02k|} sha256_init: 205| 7.57k|{ 206| 7.57k| LTC_ARGCHK(md != NULL); ------------------ | | 32| 7.57k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 7.57k] | | | Branch (32:87): [Folded, False: 7.57k] | | ------------------ ------------------ 207| | 208| 7.57k| md->sha256.curlen = 0; 209| 7.57k| md->sha256.length = 0; 210| 7.57k| md->sha256.state[0] = 0x6A09E667UL; 211| 7.57k| md->sha256.state[1] = 0xBB67AE85UL; 212| 7.57k| md->sha256.state[2] = 0x3C6EF372UL; 213| 7.57k| md->sha256.state[3] = 0xA54FF53AUL; 214| 7.57k| md->sha256.state[4] = 0x510E527FUL; 215| 7.57k| md->sha256.state[5] = 0x9B05688CUL; 216| 7.57k| md->sha256.state[6] = 0x1F83D9ABUL; 217| 7.57k| md->sha256.state[7] = 0x5BE0CD19UL; 218| 7.57k| return CRYPT_OK; 219| 7.57k|} sha256_done: 237| 7.57k|{ 238| 7.57k| int i; 239| | 240| 7.57k| LTC_ARGCHK(md != NULL); ------------------ | | 32| 7.57k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 7.57k] | | | Branch (32:87): [Folded, False: 7.57k] | | ------------------ ------------------ 241| 7.57k| LTC_ARGCHK(out != NULL); ------------------ | | 32| 7.57k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 7.57k] | | | Branch (32:87): [Folded, False: 7.57k] | | ------------------ ------------------ 242| | 243| 7.57k| if (md->sha256.curlen >= sizeof(md->sha256.buf)) { ------------------ | Branch (243:9): [True: 0, False: 7.57k] ------------------ 244| 0| return CRYPT_INVALID_ARG; 245| 0| } 246| | 247| | 248| | /* increase the length of the message */ 249| 7.57k| md->sha256.length += md->sha256.curlen * 8; 250| | 251| | /* append the '1' bit */ 252| 7.57k| md->sha256.buf[md->sha256.curlen++] = (unsigned char)0x80; 253| | 254| | /* if the length is currently above 56 bytes we append zeros 255| | * then compress. Then we can fall back to padding zeros and length 256| | * encoding like normal. 257| | */ 258| 7.57k| if (md->sha256.curlen > 56) { ------------------ | Branch (258:9): [True: 19, False: 7.55k] ------------------ 259| 79| while (md->sha256.curlen < 64) { ------------------ | Branch (259:16): [True: 60, False: 19] ------------------ 260| 60| md->sha256.buf[md->sha256.curlen++] = (unsigned char)0; 261| 60| } 262| 19| sha256_compress(md, md->sha256.buf); 263| 19| md->sha256.curlen = 0; 264| 19| } 265| | 266| | /* pad upto 56 bytes of zeroes */ 267| 185k| while (md->sha256.curlen < 56) { ------------------ | Branch (267:12): [True: 177k, False: 7.57k] ------------------ 268| 177k| md->sha256.buf[md->sha256.curlen++] = (unsigned char)0; 269| 177k| } 270| | 271| | /* store length */ 272| 7.57k| STORE64H(md->sha256.length, md->sha256.buf+56); ------------------ | | 101| 7.57k|#define STORE64H(x, y) \ | | 102| 7.57k|do { ulong64 __t = __builtin_bswap64 ((x)); \ | | 103| 7.57k| XMEMCPY ((y), &__t, 8); } while(0) | | ------------------ | | | | 39| 7.57k|#define XMEMCPY memcpy | | ------------------ | | | Branch (103:39): [Folded, False: 7.57k] | | ------------------ ------------------ 273| 7.57k| sha256_compress(md, md->sha256.buf); 274| | 275| | /* copy output */ 276| 68.1k| for (i = 0; i < 8; i++) { ------------------ | Branch (276:17): [True: 60.6k, False: 7.57k] ------------------ 277| 60.6k| STORE32H(md->sha256.state[i], out+(4*i)); ------------------ | | 62| 60.6k|#define STORE32H(x, y) \ | | 63| 60.6k|do { ulong32 __t = __builtin_bswap32 ((x)); \ | | 64| 60.6k| XMEMCPY ((y), &__t, 4); } while(0) | | ------------------ | | | | 39| 60.6k|#define XMEMCPY memcpy | | ------------------ | | | Branch (64:39): [Folded, False: 60.6k] | | ------------------ ------------------ 278| 60.6k| } 279| |#ifdef LTC_CLEAN_STACK 280| | zeromem(md, sizeof(hash_state)); 281| |#endif 282| 7.57k| return CRYPT_OK; 283| 7.57k|} sha256.c:sha256_compress: 71| 9.34k|{ 72| 9.34k| ulong32 S[8], W[64], t0, t1; 73| 9.34k|#ifdef LTC_SMALL_CODE 74| 9.34k| ulong32 t; 75| 9.34k|#endif 76| 9.34k| int i; 77| | 78| | /* copy state into S */ 79| 84.0k| for (i = 0; i < 8; i++) { ------------------ | Branch (79:17): [True: 74.7k, False: 9.34k] ------------------ 80| 74.7k| S[i] = md->sha256.state[i]; 81| 74.7k| } 82| | 83| | /* copy the state into 512-bits into W[0..15] */ 84| 158k| for (i = 0; i < 16; i++) { ------------------ | Branch (84:17): [True: 149k, False: 9.34k] ------------------ 85| 149k| LOAD32H(W[i], buf + (4*i)); ------------------ | | 66| 149k|#define LOAD32H(x, y) \ | | 67| 149k|do { XMEMCPY (&(x), (y), 4); \ | | ------------------ | | | | 39| 149k|#define XMEMCPY memcpy | | ------------------ | | 68| 149k| (x) = __builtin_bswap32 ((x)); } while(0) | | ------------------ | | | Branch (68:46): [Folded, False: 149k] | | ------------------ ------------------ 86| 149k| } 87| | 88| | /* fill W[16..63] */ 89| 457k| for (i = 16; i < 64; i++) { ------------------ | Branch (89:18): [True: 448k, False: 9.34k] ------------------ 90| 448k| W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; ------------------ | | 63| 448k|#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) | | ------------------ | | | | 58| 448k|#define S(x, n) RORc((x),(n)) | | | | ------------------ | | | | | | 283| 448k|#define RORc(word,i) ({ \ | | | | | | 284| 448k| ulong32 __RORc_tmp = (word); \ | | | | | | 285| 448k| __asm__ ("rorl %2, %0" : \ | | | | | | 286| 448k| "=r" (__RORc_tmp) : \ | | | | | | 287| 448k| "0" (__RORc_tmp), \ | | | | | | 288| 448k| "I" (i)); \ | | | | | | 289| 448k| __RORc_tmp; \ | | | | | | 290| 448k| }) | | | | ------------------ | | ------------------ | | #define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) | | ------------------ | | | | 58| 448k|#define S(x, n) RORc((x),(n)) | | | | ------------------ | | | | | | 283| 448k|#define RORc(word,i) ({ \ | | | | | | 284| 448k| ulong32 __RORc_tmp = (word); \ | | | | | | 285| 448k| __asm__ ("rorl %2, %0" : \ | | | | | | 286| 448k| "=r" (__RORc_tmp) : \ | | | | | | 287| 448k| "0" (__RORc_tmp), \ | | | | | | 288| 448k| "I" (i)); \ | | | | | | 289| 448k| __RORc_tmp; \ | | | | | | 290| 448k| }) | | | | ------------------ | | ------------------ | | #define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) | | ------------------ | | | | 59| 448k|#define R(x, n) (((x)&0xFFFFFFFFUL)>>(n)) | | ------------------ ------------------ W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; ------------------ | | 62| 448k|#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) | | ------------------ | | | | 58| 448k|#define S(x, n) RORc((x),(n)) | | | | ------------------ | | | | | | 283| 448k|#define RORc(word,i) ({ \ | | | | | | 284| 448k| ulong32 __RORc_tmp = (word); \ | | | | | | 285| 448k| __asm__ ("rorl %2, %0" : \ | | | | | | 286| 448k| "=r" (__RORc_tmp) : \ | | | | | | 287| 448k| "0" (__RORc_tmp), \ | | | | | | 288| 448k| "I" (i)); \ | | | | | | 289| 448k| __RORc_tmp; \ | | | | | | 290| 448k| }) | | | | ------------------ | | ------------------ | | #define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) | | ------------------ | | | | 58| 448k|#define S(x, n) RORc((x),(n)) | | | | ------------------ | | | | | | 283| 448k|#define RORc(word,i) ({ \ | | | | | | 284| 448k| ulong32 __RORc_tmp = (word); \ | | | | | | 285| 448k| __asm__ ("rorl %2, %0" : \ | | | | | | 286| 448k| "=r" (__RORc_tmp) : \ | | | | | | 287| 448k| "0" (__RORc_tmp), \ | | | | | | 288| 448k| "I" (i)); \ | | | | | | 289| 448k| __RORc_tmp; \ | | | | | | 290| 448k| }) | | | | ------------------ | | ------------------ | | #define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) | | ------------------ | | | | 59| 448k|#define R(x, n) (((x)&0xFFFFFFFFUL)>>(n)) | | ------------------ ------------------ 91| 448k| } 92| | 93| | /* Compress */ 94| 9.34k|#ifdef LTC_SMALL_CODE 95| 9.34k|#define RND(a,b,c,d,e,f,g,h,i) \ 96| 9.34k| t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ 97| 9.34k| t1 = Sigma0(a) + Maj(a, b, c); \ 98| 9.34k| d += t0; \ 99| 9.34k| h = t0 + t1; 100| | 101| 607k| for (i = 0; i < 64; ++i) { ------------------ | Branch (101:18): [True: 597k, False: 9.34k] ------------------ 102| 597k| RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i); ------------------ | | 96| 597k| t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ | | ------------------ | | | | 61| 597k|#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) | | | | ------------------ | | | | | | 58| 597k|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 597k|#define RORc(word,i) ({ \ | | | | | | | | 284| 597k| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 597k| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 597k| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 597k| "0" (__RORc_tmp), \ | | | | | | | | 288| 597k| "I" (i)); \ | | | | | | | | 289| 597k| __RORc_tmp; \ | | | | | | | | 290| 597k| }) | | | | | | ------------------ | | | | ------------------ | | | | #define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) | | | | ------------------ | | | | | | 58| 597k|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 597k|#define RORc(word,i) ({ \ | | | | | | | | 284| 597k| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 597k| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 597k| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 597k| "0" (__RORc_tmp), \ | | | | | | | | 288| 597k| "I" (i)); \ | | | | | | | | 289| 597k| __RORc_tmp; \ | | | | | | | | 290| 597k| }) | | | | | | ------------------ | | | | ------------------ | | | | #define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) | | | | ------------------ | | | | | | 58| 597k|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 597k|#define RORc(word,i) ({ \ | | | | | | | | 284| 597k| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 597k| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 597k| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 597k| "0" (__RORc_tmp), \ | | | | | | | | 288| 597k| "I" (i)); \ | | | | | | | | 289| 597k| __RORc_tmp; \ | | | | | | | | 290| 597k| }) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ | | ------------------ | | | | 56| 597k|#define Ch(x,y,z) (z ^ (x & (y ^ z))) | | ------------------ | | 97| 597k| t1 = Sigma0(a) + Maj(a, b, c); \ | | ------------------ | | | | 60| 597k|#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) | | | | ------------------ | | | | | | 58| 597k|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 597k|#define RORc(word,i) ({ \ | | | | | | | | 284| 597k| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 597k| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 597k| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 597k| "0" (__RORc_tmp), \ | | | | | | | | 288| 597k| "I" (i)); \ | | | | | | | | 289| 597k| __RORc_tmp; \ | | | | | | | | 290| 597k| }) | | | | | | ------------------ | | | | ------------------ | | | | #define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) | | | | ------------------ | | | | | | 58| 597k|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 597k|#define RORc(word,i) ({ \ | | | | | | | | 284| 597k| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 597k| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 597k| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 597k| "0" (__RORc_tmp), \ | | | | | | | | 288| 597k| "I" (i)); \ | | | | | | | | 289| 597k| __RORc_tmp; \ | | | | | | | | 290| 597k| }) | | | | | | ------------------ | | | | ------------------ | | | | #define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) | | | | ------------------ | | | | | | 58| 597k|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 597k|#define RORc(word,i) ({ \ | | | | | | | | 284| 597k| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 597k| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 597k| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 597k| "0" (__RORc_tmp), \ | | | | | | | | 288| 597k| "I" (i)); \ | | | | | | | | 289| 597k| __RORc_tmp; \ | | | | | | | | 290| 597k| }) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | t1 = Sigma0(a) + Maj(a, b, c); \ | | ------------------ | | | | 57| 597k|#define Maj(x,y,z) (((x | y) & z) | (x & y)) | | ------------------ | | 98| 597k| d += t0; \ | | 99| 597k| h = t0 + t1; ------------------ 103| 597k| t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4]; 104| 597k| S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t; 105| 597k| } 106| |#else 107| |#define RND(a,b,c,d,e,f,g,h,i,ki) \ 108| | t0 = h + Sigma1(e) + Ch(e, f, g) + ki + W[i]; \ 109| | t1 = Sigma0(a) + Maj(a, b, c); \ 110| | d += t0; \ 111| | h = t0 + t1; 112| | 113| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],0,0x428a2f98); 114| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],1,0x71374491); 115| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],2,0xb5c0fbcf); 116| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],3,0xe9b5dba5); 117| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],4,0x3956c25b); 118| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],5,0x59f111f1); 119| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],6,0x923f82a4); 120| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],7,0xab1c5ed5); 121| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],8,0xd807aa98); 122| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],9,0x12835b01); 123| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],10,0x243185be); 124| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],11,0x550c7dc3); 125| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],12,0x72be5d74); 126| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],13,0x80deb1fe); 127| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],14,0x9bdc06a7); 128| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],15,0xc19bf174); 129| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],16,0xe49b69c1); 130| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],17,0xefbe4786); 131| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],18,0x0fc19dc6); 132| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],19,0x240ca1cc); 133| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],20,0x2de92c6f); 134| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],21,0x4a7484aa); 135| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],22,0x5cb0a9dc); 136| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],23,0x76f988da); 137| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],24,0x983e5152); 138| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],25,0xa831c66d); 139| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],26,0xb00327c8); 140| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],27,0xbf597fc7); 141| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],28,0xc6e00bf3); 142| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],29,0xd5a79147); 143| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],30,0x06ca6351); 144| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],31,0x14292967); 145| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],32,0x27b70a85); 146| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],33,0x2e1b2138); 147| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],34,0x4d2c6dfc); 148| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],35,0x53380d13); 149| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],36,0x650a7354); 150| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],37,0x766a0abb); 151| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],38,0x81c2c92e); 152| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],39,0x92722c85); 153| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],40,0xa2bfe8a1); 154| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],41,0xa81a664b); 155| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],42,0xc24b8b70); 156| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],43,0xc76c51a3); 157| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],44,0xd192e819); 158| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],45,0xd6990624); 159| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],46,0xf40e3585); 160| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],47,0x106aa070); 161| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],48,0x19a4c116); 162| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],49,0x1e376c08); 163| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],50,0x2748774c); 164| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],51,0x34b0bcb5); 165| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],52,0x391c0cb3); 166| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],53,0x4ed8aa4a); 167| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],54,0x5b9cca4f); 168| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],55,0x682e6ff3); 169| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],56,0x748f82ee); 170| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],57,0x78a5636f); 171| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],58,0x84c87814); 172| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],59,0x8cc70208); 173| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],60,0x90befffa); 174| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],61,0xa4506ceb); 175| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],62,0xbef9a3f7); 176| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],63,0xc67178f2); 177| | 178| |#undef RND 179| | 180| |#endif 181| | 182| | /* feedback */ 183| 84.0k| for (i = 0; i < 8; i++) { ------------------ | Branch (183:17): [True: 74.7k, False: 9.34k] ------------------ 184| 74.7k| md->sha256.state[i] = md->sha256.state[i] + S[i]; 185| 74.7k| } 186| 9.34k| return CRYPT_OK; 187| 9.34k|} sha384_init: 42| 50|{ 43| 50| LTC_ARGCHK(md != NULL); ------------------ | | 32| 50|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 50] | | | Branch (32:87): [Folded, False: 50] | | ------------------ ------------------ 44| | 45| 50| md->sha512.curlen = 0; 46| 50| md->sha512.length = 0; 47| 50| md->sha512.state[0] = CONST64(0xcbbb9d5dc1059ed8); ------------------ | | 200| 50| #define CONST64(n) n ## ULL ------------------ 48| 50| md->sha512.state[1] = CONST64(0x629a292a367cd507); ------------------ | | 200| 50| #define CONST64(n) n ## ULL ------------------ 49| 50| md->sha512.state[2] = CONST64(0x9159015a3070dd17); ------------------ | | 200| 50| #define CONST64(n) n ## ULL ------------------ 50| 50| md->sha512.state[3] = CONST64(0x152fecd8f70e5939); ------------------ | | 200| 50| #define CONST64(n) n ## ULL ------------------ 51| 50| md->sha512.state[4] = CONST64(0x67332667ffc00b31); ------------------ | | 200| 50| #define CONST64(n) n ## ULL ------------------ 52| 50| md->sha512.state[5] = CONST64(0x8eb44a8768581511); ------------------ | | 200| 50| #define CONST64(n) n ## ULL ------------------ 53| 50| md->sha512.state[6] = CONST64(0xdb0c2e0d64f98fa7); ------------------ | | 200| 50| #define CONST64(n) n ## ULL ------------------ 54| 50| md->sha512.state[7] = CONST64(0x47b5481dbefa4fa4); ------------------ | | 200| 50| #define CONST64(n) n ## ULL ------------------ 55| 50| return CRYPT_OK; 56| 50|} sha384_done: 65| 50|{ 66| 50| unsigned char buf[64]; 67| | 68| 50| LTC_ARGCHK(md != NULL); ------------------ | | 32| 50|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 50] | | | Branch (32:87): [Folded, False: 50] | | ------------------ ------------------ 69| 50| LTC_ARGCHK(out != NULL); ------------------ | | 32| 50|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 50] | | | Branch (32:87): [Folded, False: 50] | | ------------------ ------------------ 70| | 71| 50| if (md->sha512.curlen >= sizeof(md->sha512.buf)) { ------------------ | Branch (71:9): [True: 0, False: 50] ------------------ 72| 0| return CRYPT_INVALID_ARG; 73| 0| } 74| | 75| 50| sha512_done(md, buf); 76| 50| XMEMCPY(out, buf, 48); ------------------ | | 39| 50|#define XMEMCPY memcpy ------------------ 77| |#ifdef LTC_CLEAN_STACK 78| | zeromem(buf, sizeof(buf)); 79| |#endif 80| 50| return CRYPT_OK; 81| 50|} sha512_init: 174| 78|{ 175| 78| LTC_ARGCHK(md != NULL); ------------------ | | 32| 78|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 78] | | | Branch (32:87): [Folded, False: 78] | | ------------------ ------------------ 176| 78| md->sha512.curlen = 0; 177| 78| md->sha512.length = 0; 178| 78| md->sha512.state[0] = CONST64(0x6a09e667f3bcc908); ------------------ | | 200| 78| #define CONST64(n) n ## ULL ------------------ 179| 78| md->sha512.state[1] = CONST64(0xbb67ae8584caa73b); ------------------ | | 200| 78| #define CONST64(n) n ## ULL ------------------ 180| 78| md->sha512.state[2] = CONST64(0x3c6ef372fe94f82b); ------------------ | | 200| 78| #define CONST64(n) n ## ULL ------------------ 181| 78| md->sha512.state[3] = CONST64(0xa54ff53a5f1d36f1); ------------------ | | 200| 78| #define CONST64(n) n ## ULL ------------------ 182| 78| md->sha512.state[4] = CONST64(0x510e527fade682d1); ------------------ | | 200| 78| #define CONST64(n) n ## ULL ------------------ 183| 78| md->sha512.state[5] = CONST64(0x9b05688c2b3e6c1f); ------------------ | | 200| 78| #define CONST64(n) n ## ULL ------------------ 184| 78| md->sha512.state[6] = CONST64(0x1f83d9abfb41bd6b); ------------------ | | 200| 78| #define CONST64(n) n ## ULL ------------------ 185| 78| md->sha512.state[7] = CONST64(0x5be0cd19137e2179); ------------------ | | 200| 78| #define CONST64(n) n ## ULL ------------------ 186| 78| return CRYPT_OK; 187| 78|} sha512_done: 205| 128|{ 206| 128| int i; 207| | 208| 128| LTC_ARGCHK(md != NULL); ------------------ | | 32| 128|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 128] | | | Branch (32:87): [Folded, False: 128] | | ------------------ ------------------ 209| 128| LTC_ARGCHK(out != NULL); ------------------ | | 32| 128|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 128] | | | Branch (32:87): [Folded, False: 128] | | ------------------ ------------------ 210| | 211| 128| if (md->sha512.curlen >= sizeof(md->sha512.buf)) { ------------------ | Branch (211:9): [True: 0, False: 128] ------------------ 212| 0| return CRYPT_INVALID_ARG; 213| 0| } 214| | 215| | /* increase the length of the message */ 216| 128| md->sha512.length += md->sha512.curlen * CONST64(8); ------------------ | | 200| 128| #define CONST64(n) n ## ULL ------------------ 217| | 218| | /* append the '1' bit */ 219| 128| md->sha512.buf[md->sha512.curlen++] = (unsigned char)0x80; 220| | 221| | /* if the length is currently above 112 bytes we append zeros 222| | * then compress. Then we can fall back to padding zeros and length 223| | * encoding like normal. 224| | */ 225| 128| if (md->sha512.curlen > 112) { ------------------ | Branch (225:9): [True: 0, False: 128] ------------------ 226| 0| while (md->sha512.curlen < 128) { ------------------ | Branch (226:16): [True: 0, False: 0] ------------------ 227| 0| md->sha512.buf[md->sha512.curlen++] = (unsigned char)0; 228| 0| } 229| 0| sha512_compress(md, md->sha512.buf); 230| 0| md->sha512.curlen = 0; 231| 0| } 232| | 233| | /* pad upto 120 bytes of zeroes 234| | * note: that from 112 to 120 is the 64 MSB of the length. We assume that you won't hash 235| | * > 2^64 bits of data... :-) 236| | */ 237| 13.8k| while (md->sha512.curlen < 120) { ------------------ | Branch (237:12): [True: 13.6k, False: 128] ------------------ 238| 13.6k| md->sha512.buf[md->sha512.curlen++] = (unsigned char)0; 239| 13.6k| } 240| | 241| | /* store length */ 242| 128| STORE64H(md->sha512.length, md->sha512.buf+120); ------------------ | | 101| 128|#define STORE64H(x, y) \ | | 102| 128|do { ulong64 __t = __builtin_bswap64 ((x)); \ | | 103| 128| XMEMCPY ((y), &__t, 8); } while(0) | | ------------------ | | | | 39| 128|#define XMEMCPY memcpy | | ------------------ | | | Branch (103:39): [Folded, False: 128] | | ------------------ ------------------ 243| 128| sha512_compress(md, md->sha512.buf); 244| | 245| | /* copy output */ 246| 1.15k| for (i = 0; i < 8; i++) { ------------------ | Branch (246:17): [True: 1.02k, False: 128] ------------------ 247| 1.02k| STORE64H(md->sha512.state[i], out+(8*i)); ------------------ | | 101| 1.02k|#define STORE64H(x, y) \ | | 102| 1.02k|do { ulong64 __t = __builtin_bswap64 ((x)); \ | | 103| 1.02k| XMEMCPY ((y), &__t, 8); } while(0) | | ------------------ | | | | 39| 1.02k|#define XMEMCPY memcpy | | ------------------ | | | Branch (103:39): [Folded, False: 1.02k] | | ------------------ ------------------ 248| 1.02k| } 249| |#ifdef LTC_CLEAN_STACK 250| | zeromem(md, sizeof(hash_state)); 251| |#endif 252| 128| return CRYPT_OK; 253| 128|} sha512.c:sha512_compress: 96| 139|{ 97| 139| ulong64 S[8], W[80], t0, t1; 98| 139| int i; 99| | 100| | /* copy state into S */ 101| 1.25k| for (i = 0; i < 8; i++) { ------------------ | Branch (101:17): [True: 1.11k, False: 139] ------------------ 102| 1.11k| S[i] = md->sha512.state[i]; 103| 1.11k| } 104| | 105| | /* copy the state into 1024-bits into W[0..15] */ 106| 2.36k| for (i = 0; i < 16; i++) { ------------------ | Branch (106:17): [True: 2.22k, False: 139] ------------------ 107| 2.22k| LOAD64H(W[i], buf + (8*i)); ------------------ | | 105| 2.22k|#define LOAD64H(x, y) \ | | 106| 2.22k|do { XMEMCPY (&(x), (y), 8); \ | | ------------------ | | | | 39| 2.22k|#define XMEMCPY memcpy | | ------------------ | | 107| 2.22k| (x) = __builtin_bswap64 ((x)); } while(0) | | ------------------ | | | Branch (107:46): [Folded, False: 2.22k] | | ------------------ ------------------ 108| 2.22k| } 109| | 110| | /* fill W[16..79] */ 111| 9.03k| for (i = 16; i < 80; i++) { ------------------ | Branch (111:18): [True: 8.89k, False: 139] ------------------ 112| 8.89k| W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; ------------------ | | 88| 8.89k|#define Gamma1(x) (S(x, 19) ^ S(x, 61) ^ R(x, 6)) | | ------------------ | | | | 83| 8.89k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 8.89k|#define ROR64c(word,i) ({ \ | | | | | | 385| 8.89k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 8.89k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 8.89k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 8.89k| "0" (__ROR64c_tmp), \ | | | | | | 389| 8.89k| "J" (i)); \ | | | | | | 390| 8.89k| __ROR64c_tmp; \ | | | | | | 391| 8.89k| }) | | | | ------------------ | | ------------------ | | #define Gamma1(x) (S(x, 19) ^ S(x, 61) ^ R(x, 6)) | | ------------------ | | | | 83| 8.89k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 8.89k|#define ROR64c(word,i) ({ \ | | | | | | 385| 8.89k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 8.89k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 8.89k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 8.89k| "0" (__ROR64c_tmp), \ | | | | | | 389| 8.89k| "J" (i)); \ | | | | | | 390| 8.89k| __ROR64c_tmp; \ | | | | | | 391| 8.89k| }) | | | | ------------------ | | ------------------ | | #define Gamma1(x) (S(x, 19) ^ S(x, 61) ^ R(x, 6)) | | ------------------ | | | | 84| 8.89k|#define R(x, n) (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)n)) | | | | ------------------ | | | | | | 200| 8.89k| #define CONST64(n) n ## ULL | | | | ------------------ | | ------------------ ------------------ W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; ------------------ | | 87| 8.89k|#define Gamma0(x) (S(x, 1) ^ S(x, 8) ^ R(x, 7)) | | ------------------ | | | | 83| 8.89k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 8.89k|#define ROR64c(word,i) ({ \ | | | | | | 385| 8.89k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 8.89k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 8.89k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 8.89k| "0" (__ROR64c_tmp), \ | | | | | | 389| 8.89k| "J" (i)); \ | | | | | | 390| 8.89k| __ROR64c_tmp; \ | | | | | | 391| 8.89k| }) | | | | ------------------ | | ------------------ | | #define Gamma0(x) (S(x, 1) ^ S(x, 8) ^ R(x, 7)) | | ------------------ | | | | 83| 8.89k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 8.89k|#define ROR64c(word,i) ({ \ | | | | | | 385| 8.89k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 8.89k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 8.89k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 8.89k| "0" (__ROR64c_tmp), \ | | | | | | 389| 8.89k| "J" (i)); \ | | | | | | 390| 8.89k| __ROR64c_tmp; \ | | | | | | 391| 8.89k| }) | | | | ------------------ | | ------------------ | | #define Gamma0(x) (S(x, 1) ^ S(x, 8) ^ R(x, 7)) | | ------------------ | | | | 84| 8.89k|#define R(x, n) (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)n)) | | | | ------------------ | | | | | | 200| 8.89k| #define CONST64(n) n ## ULL | | | | ------------------ | | ------------------ ------------------ 113| 8.89k| } 114| | 115| | /* Compress */ 116| 139|#ifdef LTC_SMALL_CODE 117| 11.2k| for (i = 0; i < 80; i++) { ------------------ | Branch (117:17): [True: 11.1k, False: 139] ------------------ 118| 11.1k| t0 = S[7] + Sigma1(S[4]) + Ch(S[4], S[5], S[6]) + K[i] + W[i]; ------------------ | | 86| 11.1k|#define Sigma1(x) (S(x, 14) ^ S(x, 18) ^ S(x, 41)) | | ------------------ | | | | 83| 11.1k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 11.1k|#define ROR64c(word,i) ({ \ | | | | | | 385| 11.1k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 11.1k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 11.1k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 11.1k| "0" (__ROR64c_tmp), \ | | | | | | 389| 11.1k| "J" (i)); \ | | | | | | 390| 11.1k| __ROR64c_tmp; \ | | | | | | 391| 11.1k| }) | | | | ------------------ | | ------------------ | | #define Sigma1(x) (S(x, 14) ^ S(x, 18) ^ S(x, 41)) | | ------------------ | | | | 83| 11.1k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 11.1k|#define ROR64c(word,i) ({ \ | | | | | | 385| 11.1k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 11.1k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 11.1k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 11.1k| "0" (__ROR64c_tmp), \ | | | | | | 389| 11.1k| "J" (i)); \ | | | | | | 390| 11.1k| __ROR64c_tmp; \ | | | | | | 391| 11.1k| }) | | | | ------------------ | | ------------------ | | #define Sigma1(x) (S(x, 14) ^ S(x, 18) ^ S(x, 41)) | | ------------------ | | | | 83| 11.1k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 11.1k|#define ROR64c(word,i) ({ \ | | | | | | 385| 11.1k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 11.1k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 11.1k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 11.1k| "0" (__ROR64c_tmp), \ | | | | | | 389| 11.1k| "J" (i)); \ | | | | | | 390| 11.1k| __ROR64c_tmp; \ | | | | | | 391| 11.1k| }) | | | | ------------------ | | ------------------ ------------------ t0 = S[7] + Sigma1(S[4]) + Ch(S[4], S[5], S[6]) + K[i] + W[i]; ------------------ | | 81| 11.1k|#define Ch(x,y,z) (z ^ (x & (y ^ z))) ------------------ 119| 11.1k| t1 = Sigma0(S[0]) + Maj(S[0], S[1], S[2]); ------------------ | | 85| 11.1k|#define Sigma0(x) (S(x, 28) ^ S(x, 34) ^ S(x, 39)) | | ------------------ | | | | 83| 11.1k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 11.1k|#define ROR64c(word,i) ({ \ | | | | | | 385| 11.1k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 11.1k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 11.1k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 11.1k| "0" (__ROR64c_tmp), \ | | | | | | 389| 11.1k| "J" (i)); \ | | | | | | 390| 11.1k| __ROR64c_tmp; \ | | | | | | 391| 11.1k| }) | | | | ------------------ | | ------------------ | | #define Sigma0(x) (S(x, 28) ^ S(x, 34) ^ S(x, 39)) | | ------------------ | | | | 83| 11.1k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 11.1k|#define ROR64c(word,i) ({ \ | | | | | | 385| 11.1k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 11.1k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 11.1k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 11.1k| "0" (__ROR64c_tmp), \ | | | | | | 389| 11.1k| "J" (i)); \ | | | | | | 390| 11.1k| __ROR64c_tmp; \ | | | | | | 391| 11.1k| }) | | | | ------------------ | | ------------------ | | #define Sigma0(x) (S(x, 28) ^ S(x, 34) ^ S(x, 39)) | | ------------------ | | | | 83| 11.1k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 11.1k|#define ROR64c(word,i) ({ \ | | | | | | 385| 11.1k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 11.1k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 11.1k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 11.1k| "0" (__ROR64c_tmp), \ | | | | | | 389| 11.1k| "J" (i)); \ | | | | | | 390| 11.1k| __ROR64c_tmp; \ | | | | | | 391| 11.1k| }) | | | | ------------------ | | ------------------ ------------------ t1 = Sigma0(S[0]) + Maj(S[0], S[1], S[2]); ------------------ | | 82| 11.1k|#define Maj(x,y,z) (((x | y) & z) | (x & y)) ------------------ 120| 11.1k| S[7] = S[6]; 121| 11.1k| S[6] = S[5]; 122| 11.1k| S[5] = S[4]; 123| 11.1k| S[4] = S[3] + t0; 124| 11.1k| S[3] = S[2]; 125| 11.1k| S[2] = S[1]; 126| 11.1k| S[1] = S[0]; 127| 11.1k| S[0] = t0 + t1; 128| 11.1k| } 129| |#else 130| |#define RND(a,b,c,d,e,f,g,h,i) \ 131| | t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ 132| | t1 = Sigma0(a) + Maj(a, b, c); \ 133| | d += t0; \ 134| | h = t0 + t1; 135| | 136| | for (i = 0; i < 80; i += 8) { 137| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i+0); 138| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],i+1); 139| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],i+2); 140| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],i+3); 141| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],i+4); 142| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],i+5); 143| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],i+6); 144| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],i+7); 145| | } 146| |#endif 147| | 148| | 149| | /* feedback */ 150| 1.25k| for (i = 0; i < 8; i++) { ------------------ | Branch (150:17): [True: 1.11k, False: 139] ------------------ 151| 1.11k| md->sha512.state[i] = md->sha512.state[i] + S[i]; 152| 1.11k| } 153| | 154| 139| return CRYPT_OK; 155| 139|} sha1_process: 491| 1.02k|int func_name (hash_state * md, const unsigned char *in, unsigned long inlen) \ 492| 1.02k|{ \ 493| 1.02k| unsigned long n; \ 494| 1.02k| int err; \ 495| 1.02k| LTC_ARGCHK(md != NULL); \ ------------------ | | 32| 1.02k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.02k] | | | Branch (32:87): [Folded, False: 1.02k] | | ------------------ ------------------ 496| 1.02k| LTC_ARGCHK(in != NULL); \ ------------------ | | 32| 1.02k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.02k] | | | Branch (32:87): [Folded, False: 1.02k] | | ------------------ ------------------ 497| 1.02k| if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \ ------------------ | Branch (497:9): [True: 0, False: 1.02k] ------------------ 498| 0| return CRYPT_INVALID_ARG; \ 499| 0| } \ 500| 1.02k| if ((md-> state_var .length + inlen) < md-> state_var .length) { \ ------------------ | Branch (500:9): [True: 0, False: 1.02k] ------------------ 501| 0| return CRYPT_HASH_OVERFLOW; \ 502| 0| } \ 503| 2.04k| while (inlen > 0) { \ ------------------ | Branch (503:12): [True: 1.02k, False: 1.02k] ------------------ 504| 1.02k| if (md-> state_var .curlen == 0 && inlen >= block_size) { \ ------------------ | Branch (504:13): [True: 1.02k, False: 0] | Branch (504:44): [True: 0, False: 1.02k] ------------------ 505| 0| if ((err = compress_name (md, (unsigned char *)in)) != CRYPT_OK) { \ ------------------ | Branch (505:16): [True: 0, False: 0] ------------------ 506| 0| return err; \ 507| 0| } \ 508| 0| md-> state_var .length += block_size * 8; \ 509| 0| in += block_size; \ 510| 0| inlen -= block_size; \ 511| 1.02k| } else { \ 512| 1.02k| n = MIN(inlen, (block_size - md-> state_var .curlen)); \ ------------------ | | 425| 1.02k| #define MIN(x, y) ( ((x)<(y))?(x):(y) ) | | ------------------ | | | Branch (425:24): [True: 1.02k, False: 0] | | ------------------ ------------------ 513| 1.02k| XMEMCPY(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \ ------------------ | | 39| 1.02k|#define XMEMCPY memcpy ------------------ 514| 1.02k| md-> state_var .curlen += n; \ 515| 1.02k| in += n; \ 516| 1.02k| inlen -= n; \ 517| 1.02k| if (md-> state_var .curlen == block_size) { \ ------------------ | Branch (517:16): [True: 0, False: 1.02k] ------------------ 518| 0| if ((err = compress_name (md, md-> state_var .buf)) != CRYPT_OK) { \ ------------------ | Branch (518:19): [True: 0, False: 0] ------------------ 519| 0| return err; \ 520| 0| } \ 521| 0| md-> state_var .length += 8*block_size; \ 522| 0| md-> state_var .curlen = 0; \ 523| 0| } \ 524| 1.02k| } \ 525| 1.02k| } \ 526| 1.02k| return CRYPT_OK; \ 527| 1.02k|} sha256_process: 491| 14.8k|int func_name (hash_state * md, const unsigned char *in, unsigned long inlen) \ 492| 14.8k|{ \ 493| 14.8k| unsigned long n; \ 494| 14.8k| int err; \ 495| 14.8k| LTC_ARGCHK(md != NULL); \ ------------------ | | 32| 14.8k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 14.8k] | | | Branch (32:87): [Folded, False: 14.8k] | | ------------------ ------------------ 496| 14.8k| LTC_ARGCHK(in != NULL); \ ------------------ | | 32| 14.8k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 14.8k] | | | Branch (32:87): [Folded, False: 14.8k] | | ------------------ ------------------ 497| 14.8k| if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \ ------------------ | Branch (497:9): [True: 0, False: 14.8k] ------------------ 498| 0| return CRYPT_INVALID_ARG; \ 499| 0| } \ 500| 14.8k| if ((md-> state_var .length + inlen) < md-> state_var .length) { \ ------------------ | Branch (500:9): [True: 0, False: 14.8k] ------------------ 501| 0| return CRYPT_HASH_OVERFLOW; \ 502| 0| } \ 503| 31.4k| while (inlen > 0) { \ ------------------ | Branch (503:12): [True: 16.5k, False: 14.8k] ------------------ 504| 16.5k| if (md-> state_var .curlen == 0 && inlen >= block_size) { \ ------------------ | Branch (504:13): [True: 9.30k, False: 7.26k] | Branch (504:44): [True: 1.74k, False: 7.55k] ------------------ 505| 1.74k| if ((err = compress_name (md, (unsigned char *)in)) != CRYPT_OK) { \ ------------------ | Branch (505:16): [True: 0, False: 1.74k] ------------------ 506| 0| return err; \ 507| 0| } \ 508| 1.74k| md-> state_var .length += block_size * 8; \ 509| 1.74k| in += block_size; \ 510| 1.74k| inlen -= block_size; \ 511| 14.8k| } else { \ 512| 14.8k| n = MIN(inlen, (block_size - md-> state_var .curlen)); \ ------------------ | | 425| 14.8k| #define MIN(x, y) ( ((x)<(y))?(x):(y) ) | | ------------------ | | | Branch (425:24): [True: 14.8k, False: 0] | | ------------------ ------------------ 513| 14.8k| XMEMCPY(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \ ------------------ | | 39| 14.8k|#define XMEMCPY memcpy ------------------ 514| 14.8k| md-> state_var .curlen += n; \ 515| 14.8k| in += n; \ 516| 14.8k| inlen -= n; \ 517| 14.8k| if (md-> state_var .curlen == block_size) { \ ------------------ | Branch (517:16): [True: 0, False: 14.8k] ------------------ 518| 0| if ((err = compress_name (md, md-> state_var .buf)) != CRYPT_OK) { \ ------------------ | Branch (518:19): [True: 0, False: 0] ------------------ 519| 0| return err; \ 520| 0| } \ 521| 0| md-> state_var .length += 8*block_size; \ 522| 0| md-> state_var .curlen = 0; \ 523| 0| } \ 524| 14.8k| } \ 525| 16.5k| } \ 526| 14.8k| return CRYPT_OK; \ 527| 14.8k|} sha512_process: 491| 178|int func_name (hash_state * md, const unsigned char *in, unsigned long inlen) \ 492| 178|{ \ 493| 178| unsigned long n; \ 494| 178| int err; \ 495| 178| LTC_ARGCHK(md != NULL); \ ------------------ | | 32| 178|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 178] | | | Branch (32:87): [Folded, False: 178] | | ------------------ ------------------ 496| 178| LTC_ARGCHK(in != NULL); \ ------------------ | | 32| 178|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 178] | | | Branch (32:87): [Folded, False: 178] | | ------------------ ------------------ 497| 178| if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \ ------------------ | Branch (497:9): [True: 0, False: 178] ------------------ 498| 0| return CRYPT_INVALID_ARG; \ 499| 0| } \ 500| 178| if ((md-> state_var .length + inlen) < md-> state_var .length) { \ ------------------ | Branch (500:9): [True: 0, False: 178] ------------------ 501| 0| return CRYPT_HASH_OVERFLOW; \ 502| 0| } \ 503| 367| while (inlen > 0) { \ ------------------ | Branch (503:12): [True: 189, False: 178] ------------------ 504| 189| if (md-> state_var .curlen == 0 && inlen >= block_size) { \ ------------------ | Branch (504:13): [True: 139, False: 50] | Branch (504:44): [True: 0, False: 139] ------------------ 505| 0| if ((err = compress_name (md, (unsigned char *)in)) != CRYPT_OK) { \ ------------------ | Branch (505:16): [True: 0, False: 0] ------------------ 506| 0| return err; \ 507| 0| } \ 508| 0| md-> state_var .length += block_size * 8; \ 509| 0| in += block_size; \ 510| 0| inlen -= block_size; \ 511| 189| } else { \ 512| 189| n = MIN(inlen, (block_size - md-> state_var .curlen)); \ ------------------ | | 425| 189| #define MIN(x, y) ( ((x)<(y))?(x):(y) ) | | ------------------ | | | Branch (425:24): [True: 178, False: 11] | | ------------------ ------------------ 513| 189| XMEMCPY(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \ ------------------ | | 39| 189|#define XMEMCPY memcpy ------------------ 514| 189| md-> state_var .curlen += n; \ 515| 189| in += n; \ 516| 189| inlen -= n; \ 517| 189| if (md-> state_var .curlen == block_size) { \ ------------------ | Branch (517:16): [True: 11, False: 178] ------------------ 518| 11| if ((err = compress_name (md, md-> state_var .buf)) != CRYPT_OK) { \ ------------------ | Branch (518:19): [True: 0, False: 11] ------------------ 519| 0| return err; \ 520| 0| } \ 521| 11| md-> state_var .length += 8*block_size; \ 522| 11| md-> state_var .curlen = 0; \ 523| 11| } \ 524| 189| } \ 525| 189| } \ 526| 178| return CRYPT_OK; \ 527| 178|} sha1.c:ROL: 258| 65.4k|{ 259| 65.4k| asm ("roll %%cl,%0" 260| 65.4k| :"=r" (word) 261| 65.4k| :"0" (word),"c" (i)); 262| 65.4k| return word; 263| 65.4k|} ltm_desc.c:init: 58| 396k|{ 59| 396k| int err; 60| | 61| 396k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 396k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 396k] | | | Branch (32:87): [Folded, False: 396k] | | ------------------ ------------------ 62| | 63| 396k| if ((err = init_mpi(a)) != CRYPT_OK) { ------------------ | Branch (63:8): [True: 0, False: 396k] ------------------ 64| 0| return err; 65| 0| } 66| 396k| if ((err = mpi_to_ltc_error(mp_init(*a))) != CRYPT_OK) { ------------------ | Branch (66:8): [True: 0, False: 396k] ------------------ 67| 0| XFREE(*a); ------------------ | | 17| 0|#define XFREE m_free_direct ------------------ 68| 0| } 69| 396k| return err; 70| 396k|} ltm_desc.c:init_mpi: 46| 396k|{ 47| 396k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 396k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 396k] | | | Branch (32:87): [Folded, False: 396k] | | ------------------ ------------------ 48| | 49| 396k| *a = XCALLOC(1, sizeof(mp_int)); ------------------ | | 19| 396k|#define XCALLOC m_calloc ------------------ 50| 396k| if (*a == NULL) { ------------------ | Branch (50:8): [True: 0, False: 396k] ------------------ 51| 0| return CRYPT_MEM; 52| 396k| } else { 53| 396k| return CRYPT_OK; 54| 396k| } 55| 396k|} ltm_desc.c:mpi_to_ltc_error: 34| 5.50M|{ 35| 5.50M| size_t x; 36| | 37| 5.50M| for (x = 0; x < sizeof(mpi_to_ltc_codes)/sizeof(mpi_to_ltc_codes[0]); x++) { ------------------ | Branch (37:16): [True: 5.50M, False: 0] ------------------ 38| 5.50M| if (err == mpi_to_ltc_codes[x].mpi_code) { ------------------ | Branch (38:12): [True: 5.50M, False: 0] ------------------ 39| 5.50M| return mpi_to_ltc_codes[x].ltc_code; 40| 5.50M| } 41| 5.50M| } 42| 0| return CRYPT_ERROR; 43| 5.50M|} ltm_desc.c:deinit: 73| 398k|{ 74| 398k| LTC_ARGCHKVD(a != NULL); ------------------ | | 33| 398k|#define LTC_ARGCHKVD(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (33:34): [True: 0, False: 398k] | | | Branch (33:89): [Folded, False: 398k] | | ------------------ ------------------ 75| 398k| mp_clear(a); 76| 398k| XFREE(a); ------------------ | | 17| 398k|#define XFREE m_free_direct ------------------ 77| 398k|} ltm_desc.c:copy: 87| 250k|{ 88| 250k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 250k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 250k] | | | Branch (32:87): [Folded, False: 250k] | | ------------------ ------------------ 89| 250k| LTC_ARGCHK(b != NULL); ------------------ | | 32| 250k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 250k] | | | Branch (32:87): [Folded, False: 250k] | | ------------------ ------------------ 90| 250k| return mpi_to_ltc_error(mp_copy(a, b)); 91| 250k|} ltm_desc.c:set_int: 104| 518|{ 105| 518| LTC_ARGCHK(a != NULL); ------------------ | | 32| 518|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 518] | | | Branch (32:87): [Folded, False: 518] | | ------------------ ------------------ 106| 518| mp_set_u32(a, b); 107| 518| return CRYPT_OK; 108| 518|} ltm_desc.c:get_digit: 117| 127k|{ 118| 127k| mp_int *A; 119| 127k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 127k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 127k] | | | Branch (32:87): [Folded, False: 127k] | | ------------------ ------------------ 120| 127k| A = a; 121| 127k| return (n >= A->used || n < 0) ? 0 : A->dp[n]; ------------------ | Branch (121:12): [True: 0, False: 127k] | Branch (121:28): [True: 0, False: 127k] ------------------ 122| 127k|} ltm_desc.c:get_digit_count: 125| 127k|{ 126| 127k| mp_int *A; 127| 127k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 127k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 127k] | | | Branch (32:87): [Folded, False: 127k] | | ------------------ ------------------ 128| 127k| A = a; 129| 127k| return A->used; 130| 127k|} ltm_desc.c:compare: 133| 638k|{ 134| 638k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 638k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 638k] | | | Branch (32:87): [Folded, False: 638k] | | ------------------ ------------------ 135| 638k| LTC_ARGCHK(b != NULL); ------------------ | | 32| 638k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 638k] | | | Branch (32:87): [Folded, False: 638k] | | ------------------ ------------------ 136| 638k| switch (mp_cmp(a, b)) { 137| 318k| case MP_LT: return LTC_MP_LT; ------------------ | | 154| 318k|#define MP_LT -1 /* less than */ ------------------ case MP_LT: return LTC_MP_LT; ------------------ | | 12| 318k|#define LTC_MP_LT -1 ------------------ | Branch (137:7): [True: 318k, False: 319k] ------------------ 138| 0| case MP_EQ: return LTC_MP_EQ; ------------------ | | 155| 0|#define MP_EQ 0 /* equal to */ ------------------ case MP_EQ: return LTC_MP_EQ; ------------------ | | 13| 0|#define LTC_MP_EQ 0 ------------------ | Branch (138:7): [True: 0, False: 638k] ------------------ 139| 319k| case MP_GT: return LTC_MP_GT; ------------------ | | 156| 319k|#define MP_GT 1 /* greater than */ ------------------ case MP_GT: return LTC_MP_GT; ------------------ | | 14| 319k|#define LTC_MP_GT 1 ------------------ | Branch (139:7): [True: 319k, False: 318k] ------------------ 140| 0| default: return 0; ------------------ | Branch (140:7): [True: 0, False: 638k] ------------------ 141| 638k| } 142| 638k|} ltm_desc.c:compare_d: 145| 679k|{ 146| 679k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 679k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 679k] | | | Branch (32:87): [Folded, False: 679k] | | ------------------ ------------------ 147| 679k| switch (mp_cmp_d(a, b)) { 148| 340k| case MP_LT: return LTC_MP_LT; ------------------ | | 154| 340k|#define MP_LT -1 /* less than */ ------------------ case MP_LT: return LTC_MP_LT; ------------------ | | 12| 340k|#define LTC_MP_LT -1 ------------------ | Branch (148:7): [True: 340k, False: 339k] ------------------ 149| 4| case MP_EQ: return LTC_MP_EQ; ------------------ | | 155| 4|#define MP_EQ 0 /* equal to */ ------------------ case MP_EQ: return LTC_MP_EQ; ------------------ | | 13| 4|#define LTC_MP_EQ 0 ------------------ | Branch (149:7): [True: 4, False: 679k] ------------------ 150| 339k| case MP_GT: return LTC_MP_GT; ------------------ | | 156| 339k|#define MP_GT 1 /* greater than */ ------------------ case MP_GT: return LTC_MP_GT; ------------------ | | 14| 339k|#define LTC_MP_GT 1 ------------------ | Branch (150:7): [True: 339k, False: 340k] ------------------ 151| 0| default: return 0; ------------------ | Branch (151:7): [True: 0, False: 679k] ------------------ 152| 679k| } 153| 679k|} ltm_desc.c:read_radix: 178| 1.04k|{ 179| 1.04k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 1.04k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.04k] | | | Branch (32:87): [Folded, False: 1.04k] | | ------------------ ------------------ 180| 1.04k| LTC_ARGCHK(b != NULL); ------------------ | | 32| 1.04k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.04k] | | | Branch (32:87): [Folded, False: 1.04k] | | ------------------ ------------------ 181| 1.04k| return mpi_to_ltc_error(mp_read_radix(a, b, radix)); 182| 1.04k|} ltm_desc.c:unsigned_size: 194| 518|{ 195| 518| LTC_ARGCHK(a != NULL); ------------------ | | 32| 518|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 518] | | | Branch (32:87): [Folded, False: 518] | | ------------------ ------------------ 196| 518| return (unsigned long)mp_ubin_size(a); 197| 518|} ltm_desc.c:unsigned_write: 201| 518|{ 202| 518| LTC_ARGCHK(a != NULL); ------------------ | | 32| 518|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 518] | | | Branch (32:87): [Folded, False: 518] | | ------------------ ------------------ 203| 518| LTC_ARGCHK(b != NULL); ------------------ | | 32| 518|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 518] | | | Branch (32:87): [Folded, False: 518] | | ------------------ ------------------ 204| 518| return mpi_to_ltc_error(mp_to_ubin(a, b, SIZE_MAX, NULL)); 205| 518|} ltm_desc.c:unsigned_read: 209| 265|{ 210| 265| LTC_ARGCHK(a != NULL); ------------------ | | 32| 265|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 265] | | | Branch (32:87): [Folded, False: 265] | | ------------------ ------------------ 211| 265| LTC_ARGCHK(b != NULL); ------------------ | | 32| 265|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 265] | | | Branch (32:87): [Folded, False: 265] | | ------------------ ------------------ 212| 265| return mpi_to_ltc_error(mp_from_ubin(a, b, (size_t)len)); 213| 265|} ltm_desc.c:add: 217| 1.00M|{ 218| 1.00M| LTC_ARGCHK(a != NULL); ------------------ | | 32| 1.00M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.00M] | | | Branch (32:87): [Folded, False: 1.00M] | | ------------------ ------------------ 219| 1.00M| LTC_ARGCHK(b != NULL); ------------------ | | 32| 1.00M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.00M] | | | Branch (32:87): [Folded, False: 1.00M] | | ------------------ ------------------ 220| 1.00M| LTC_ARGCHK(c != NULL); ------------------ | | 32| 1.00M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.00M] | | | Branch (32:87): [Folded, False: 1.00M] | | ------------------ ------------------ 221| 1.00M| return mpi_to_ltc_error(mp_add(a, b, c)); 222| 1.00M|} ltm_desc.c:sub: 233| 1.01M|{ 234| 1.01M| LTC_ARGCHK(a != NULL); ------------------ | | 32| 1.01M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.01M] | | | Branch (32:87): [Folded, False: 1.01M] | | ------------------ ------------------ 235| 1.01M| LTC_ARGCHK(b != NULL); ------------------ | | 32| 1.01M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.01M] | | | Branch (32:87): [Folded, False: 1.01M] | | ------------------ ------------------ 236| 1.01M| LTC_ARGCHK(c != NULL); ------------------ | | 32| 1.01M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.01M] | | | Branch (32:87): [Folded, False: 1.01M] | | ------------------ ------------------ 237| 1.01M| return mpi_to_ltc_error(mp_sub(a, b, c)); 238| 1.01M|} ltm_desc.c:mul: 249| 841k|{ 250| 841k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 841k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 841k] | | | Branch (32:87): [Folded, False: 841k] | | ------------------ ------------------ 251| 841k| LTC_ARGCHK(b != NULL); ------------------ | | 32| 841k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 841k] | | | Branch (32:87): [Folded, False: 841k] | | ------------------ ------------------ 252| 841k| LTC_ARGCHK(c != NULL); ------------------ | | 32| 841k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 841k] | | | Branch (32:87): [Folded, False: 841k] | | ------------------ ------------------ 253| 841k| return mpi_to_ltc_error(mp_mul(a, b, c)); 254| 841k|} ltm_desc.c:sqr: 265| 510k|{ 266| 510k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 510k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 510k] | | | Branch (32:87): [Folded, False: 510k] | | ------------------ ------------------ 267| 510k| LTC_ARGCHK(b != NULL); ------------------ | | 32| 510k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 510k] | | | Branch (32:87): [Folded, False: 510k] | | ------------------ ------------------ 268| 510k| return mpi_to_ltc_error(mp_sqr(a, b)); 269| 510k|} ltm_desc.c:divide: 273| 777|{ 274| 777| LTC_ARGCHK(a != NULL); ------------------ | | 32| 777|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 777] | | | Branch (32:87): [Folded, False: 777] | | ------------------ ------------------ 275| 777| LTC_ARGCHK(b != NULL); ------------------ | | 32| 777|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 777] | | | Branch (32:87): [Folded, False: 777] | | ------------------ ------------------ 276| 777| return mpi_to_ltc_error(mp_div(a, b, c, d)); 277| 777|} ltm_desc.c:div_2: 280| 127k|{ 281| 127k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 127k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 127k] | | | Branch (32:87): [Folded, False: 127k] | | ------------------ ------------------ 282| 127k| LTC_ARGCHK(b != NULL); ------------------ | | 32| 127k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 127k] | | | Branch (32:87): [Folded, False: 127k] | | ------------------ ------------------ 283| 127k| return mpi_to_ltc_error(mp_div_2(a, b)); 284| 127k|} ltm_desc.c:mulmod: 339| 2.07k|{ 340| 2.07k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 2.07k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 2.07k] | | | Branch (32:87): [Folded, False: 2.07k] | | ------------------ ------------------ 341| 2.07k| LTC_ARGCHK(b != NULL); ------------------ | | 32| 2.07k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 2.07k] | | | Branch (32:87): [Folded, False: 2.07k] | | ------------------ ------------------ 342| 2.07k| LTC_ARGCHK(c != NULL); ------------------ | | 32| 2.07k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 2.07k] | | | Branch (32:87): [Folded, False: 2.07k] | | ------------------ ------------------ 343| 2.07k| LTC_ARGCHK(d != NULL); ------------------ | | 32| 2.07k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 2.07k] | | | Branch (32:87): [Folded, False: 2.07k] | | ------------------ ------------------ 344| 2.07k| return mpi_to_ltc_error(mp_mulmod(a,b,c,d)); 345| 2.07k|} ltm_desc.c:invmod: 357| 518|{ 358| 518| LTC_ARGCHK(a != NULL); ------------------ | | 32| 518|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 518] | | | Branch (32:87): [Folded, False: 518] | | ------------------ ------------------ 359| 518| LTC_ARGCHK(b != NULL); ------------------ | | 32| 518|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 518] | | | Branch (32:87): [Folded, False: 518] | | ------------------ ------------------ 360| 518| LTC_ARGCHK(c != NULL); ------------------ | | 32| 518|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 518] | | | Branch (32:87): [Folded, False: 518] | | ------------------ ------------------ 361| 518| return mpi_to_ltc_error(mp_invmod(a, b, c)); 362| 518|} ltm_desc.c:montgomery_setup: 366| 259|{ 367| 259| int err; 368| 259| LTC_ARGCHK(a != NULL); ------------------ | | 32| 259|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 259] | | | Branch (32:87): [Folded, False: 259] | | ------------------ ------------------ 369| 259| LTC_ARGCHK(b != NULL); ------------------ | | 32| 259|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 259] | | | Branch (32:87): [Folded, False: 259] | | ------------------ ------------------ 370| 259| *b = XCALLOC(1, sizeof(mp_digit)); ------------------ | | 19| 259|#define XCALLOC m_calloc ------------------ 371| 259| if (*b == NULL) { ------------------ | Branch (371:8): [True: 0, False: 259] ------------------ 372| 0| return CRYPT_MEM; 373| 0| } 374| 259| if ((err = mpi_to_ltc_error(mp_montgomery_setup(a, (mp_digit *)*b))) != CRYPT_OK) { ------------------ | Branch (374:8): [True: 0, False: 259] ------------------ 375| 0| XFREE(*b); ------------------ | | 17| 0|#define XFREE m_free_direct ------------------ 376| 0| } 377| 259| return err; 378| 259|} ltm_desc.c:montgomery_normalization: 382| 259|{ 383| 259| LTC_ARGCHK(a != NULL); ------------------ | | 32| 259|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 259] | | | Branch (32:87): [Folded, False: 259] | | ------------------ ------------------ 384| 259| LTC_ARGCHK(b != NULL); ------------------ | | 32| 259|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 259] | | | Branch (32:87): [Folded, False: 259] | | ------------------ ------------------ 385| 259| return mpi_to_ltc_error(mp_montgomery_calc_normalization(a, b)); 386| 259|} ltm_desc.c:montgomery_reduce: 390| 1.35M|{ 391| 1.35M| LTC_ARGCHK(a != NULL); ------------------ | | 32| 1.35M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.35M] | | | Branch (32:87): [Folded, False: 1.35M] | | ------------------ ------------------ 392| 1.35M| LTC_ARGCHK(b != NULL); ------------------ | | 32| 1.35M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.35M] | | | Branch (32:87): [Folded, False: 1.35M] | | ------------------ ------------------ 393| 1.35M| LTC_ARGCHK(c != NULL); ------------------ | | 32| 1.35M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.35M] | | | Branch (32:87): [Folded, False: 1.35M] | | ------------------ ------------------ 394| 1.35M| return mpi_to_ltc_error(mp_montgomery_reduce(a, b, *((mp_digit *)c))); 395| 1.35M|} ltm_desc.c:montgomery_deinit: 399| 259|{ 400| 259| XFREE(a); ------------------ | | 17| 259|#define XFREE m_free_direct ------------------ 401| 259|} ltc_init_multi: 15| 132k|{ 16| 132k| void **cur = a; 17| 132k| int np = 0; 18| 132k| va_list args; 19| | 20| 132k| va_start(args, a); 21| 529k| while (cur != NULL) { ------------------ | Branch (21:11): [True: 396k, False: 132k] ------------------ 22| 396k| if (mp_init(cur) != CRYPT_OK) { ------------------ | | 516| 396k|#define mp_init(a) ltc_mp.init(a) ------------------ | Branch (22:12): [True: 0, False: 396k] ------------------ 23| | /* failed */ 24| 0| va_list clean_list; 25| | 26| 0| va_start(clean_list, a); 27| 0| cur = a; 28| 0| while (np--) { ------------------ | Branch (28:18): [True: 0, False: 0] ------------------ 29| 0| mp_clear(*cur); ------------------ | | 518| 0|#define mp_clear(a) ltc_mp.deinit(a) ------------------ 30| 0| cur = va_arg(clean_list, void**); 31| 0| } 32| 0| va_end(clean_list); 33| 0| va_end(args); 34| 0| return CRYPT_MEM; 35| 0| } 36| 396k| ++np; 37| 396k| cur = va_arg(args, void**); 38| 396k| } 39| 132k| va_end(args); 40| 132k| return CRYPT_OK; 41| 132k|} ltc_deinit_multi: 44| 133k|{ 45| 133k| void *cur = a; 46| 133k| va_list args; 47| | 48| 133k| va_start(args, a); 49| 531k| while (cur != NULL) { ------------------ | Branch (49:11): [True: 398k, False: 133k] ------------------ 50| 398k| mp_clear(cur); ------------------ | | 518| 398k|#define mp_clear(a) ltc_mp.deinit(a) ------------------ 51| 398k| cur = va_arg(args, void *); 52| 398k| } 53| | va_end(args); 54| 133k|} register_cipher: 22| 1|{ 23| 1| int x; 24| | 25| 1| LTC_ARGCHK(cipher != NULL); ------------------ | | 32| 1|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1] | | | Branch (32:87): [Folded, False: 1] | | ------------------ ------------------ 26| | 27| | /* is it already registered? */ 28| 1| LTC_MUTEX_LOCK(<c_cipher_mutex); 29| 6| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 6|#define TAB_SIZE 5 ------------------ | Branch (29:16): [True: 5, False: 1] ------------------ 30| 5| if (cipher_descriptor[x].name != NULL && cipher_descriptor[x].ID == cipher->ID) { ------------------ | Branch (30:12): [True: 0, False: 5] | Branch (30:49): [True: 0, False: 0] ------------------ 31| 0| LTC_MUTEX_UNLOCK(<c_cipher_mutex); 32| 0| return x; 33| 0| } 34| 5| } 35| | 36| | /* find a blank spot */ 37| 1| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 1|#define TAB_SIZE 5 ------------------ | Branch (37:16): [True: 1, False: 0] ------------------ 38| 1| if (cipher_descriptor[x].name == NULL) { ------------------ | Branch (38:12): [True: 1, False: 0] ------------------ 39| 1| XMEMCPY(&cipher_descriptor[x], cipher, sizeof(struct ltc_cipher_descriptor)); ------------------ | | 39| 1|#define XMEMCPY memcpy ------------------ 40| 1| LTC_MUTEX_UNLOCK(<c_cipher_mutex); 41| 1| return x; 42| 1| } 43| 1| } 44| | 45| | /* no spot */ 46| 0| LTC_MUTEX_UNLOCK(<c_cipher_mutex); 47| 0| return -1; 48| 1|} register_hash: 22| 3|{ 23| 3| int x; 24| | 25| 3| LTC_ARGCHK(hash != NULL); ------------------ | | 32| 3|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 3] | | | Branch (32:87): [Folded, False: 3] | | ------------------ ------------------ 26| | 27| | /* is it already registered? */ 28| 3| LTC_MUTEX_LOCK(<c_hash_mutex); 29| 18| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 18|#define TAB_SIZE 5 ------------------ | Branch (29:16): [True: 15, False: 3] ------------------ 30| 15| if (XMEMCMP(&hash_descriptor[x], hash, sizeof(struct ltc_hash_descriptor)) == 0) { ------------------ | | 45| 15|#define XMEMCMP memcmp ------------------ | Branch (30:12): [True: 0, False: 15] ------------------ 31| 0| LTC_MUTEX_UNLOCK(<c_hash_mutex); 32| 0| return x; 33| 0| } 34| 15| } 35| | 36| | /* find a blank spot */ 37| 6| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 6|#define TAB_SIZE 5 ------------------ | Branch (37:16): [True: 6, False: 0] ------------------ 38| 6| if (hash_descriptor[x].name == NULL) { ------------------ | Branch (38:12): [True: 3, False: 3] ------------------ 39| 3| XMEMCPY(&hash_descriptor[x], hash, sizeof(struct ltc_hash_descriptor)); ------------------ | | 39| 3|#define XMEMCPY memcpy ------------------ 40| 3| LTC_MUTEX_UNLOCK(<c_hash_mutex); 41| 3| return x; 42| 3| } 43| 6| } 44| | 45| | /* no spot */ 46| 0| LTC_MUTEX_UNLOCK(<c_hash_mutex); 47| 0| return -1; 48| 3|} register_prng: 22| 1|{ 23| 1| int x; 24| | 25| 1| LTC_ARGCHK(prng != NULL); ------------------ | | 32| 1|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1] | | | Branch (32:87): [Folded, False: 1] | | ------------------ ------------------ 26| | 27| | /* is it already registered? */ 28| 1| LTC_MUTEX_LOCK(<c_prng_mutex); 29| 6| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 6|#define TAB_SIZE 5 ------------------ | Branch (29:16): [True: 5, False: 1] ------------------ 30| 5| if (XMEMCMP(&prng_descriptor[x], prng, sizeof(struct ltc_prng_descriptor)) == 0) { ------------------ | | 45| 5|#define XMEMCMP memcmp ------------------ | Branch (30:12): [True: 0, False: 5] ------------------ 31| 0| LTC_MUTEX_UNLOCK(<c_prng_mutex); 32| 0| return x; 33| 0| } 34| 5| } 35| | 36| | /* find a blank spot */ 37| 1| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 1|#define TAB_SIZE 5 ------------------ | Branch (37:16): [True: 1, False: 0] ------------------ 38| 1| if (prng_descriptor[x].name == NULL) { ------------------ | Branch (38:12): [True: 1, False: 0] ------------------ 39| 1| XMEMCPY(&prng_descriptor[x], prng, sizeof(struct ltc_prng_descriptor)); ------------------ | | 39| 1|#define XMEMCPY memcpy ------------------ 40| 1| LTC_MUTEX_UNLOCK(<c_prng_mutex); 41| 1| return x; 42| 1| } 43| 1| } 44| | 45| | /* no spot */ 46| 0| LTC_MUTEX_UNLOCK(<c_prng_mutex); 47| 0| return -1; 48| 1|} ecc_free: 29| 504|{ 30| 504| LTC_ARGCHKVD(key != NULL); ------------------ | | 33| 504|#define LTC_ARGCHKVD(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (33:34): [True: 0, False: 504] | | | Branch (33:89): [Folded, False: 504] | | ------------------ ------------------ 31| 504| mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL); ------------------ | | 519| 504|#define mp_clear_multi ltc_deinit_multi ------------------ 32| 504|} ltc_ecc_map: 32| 259|{ 33| 259| void *t1, *t2; 34| 259| int err; 35| | 36| 259| LTC_ARGCHK(P != NULL); ------------------ | | 32| 259|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 259] | | | Branch (32:87): [Folded, False: 259] | | ------------------ ------------------ 37| 259| LTC_ARGCHK(modulus != NULL); ------------------ | | 32| 259|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 259] | | | Branch (32:87): [Folded, False: 259] | | ------------------ ------------------ 38| 259| LTC_ARGCHK(mp != NULL); ------------------ | | 32| 259|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 259] | | | Branch (32:87): [Folded, False: 259] | | ------------------ ------------------ 39| | 40| 259| if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) { ------------------ | | 517| 259|#define mp_init_multi ltc_init_multi ------------------ | Branch (40:8): [True: 0, False: 259] ------------------ 41| 0| return err; 42| 0| } 43| | 44| | /* first map z back to normal */ 45| 259| if ((err = mp_montgomery_reduce(P->z, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 259|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (45:8): [True: 0, False: 259] ------------------ 46| | 47| | /* get 1/z */ 48| 259| if ((err = mp_invmod(P->z, modulus, t1)) != CRYPT_OK) { goto done; } ------------------ | | 561| 259|#define mp_invmod(a, b, c) ltc_mp.invmod(a, b, c) ------------------ | Branch (48:8): [True: 0, False: 259] ------------------ 49| | 50| | /* get 1/z^2 and 1/z^3 */ 51| 259| if ((err = mp_sqr(t1, t2)) != CRYPT_OK) { goto done; } ------------------ | | 549| 259|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (51:8): [True: 0, False: 259] ------------------ 52| 259| if ((err = mp_mod(t2, modulus, t2)) != CRYPT_OK) { goto done; } ------------------ | | 552| 259|#define mp_mod(a, b, c) ltc_mp.mpdiv(a, b, NULL, c) ------------------ | Branch (52:8): [True: 0, False: 259] ------------------ 53| 259| if ((err = mp_mul(t1, t2, t1)) != CRYPT_OK) { goto done; } ------------------ | | 547| 259|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (53:8): [True: 0, False: 259] ------------------ 54| 259| if ((err = mp_mod(t1, modulus, t1)) != CRYPT_OK) { goto done; } ------------------ | | 552| 259|#define mp_mod(a, b, c) ltc_mp.mpdiv(a, b, NULL, c) ------------------ | Branch (54:8): [True: 0, False: 259] ------------------ 55| | 56| | /* multiply against x/y */ 57| 259| if ((err = mp_mul(P->x, t2, P->x)) != CRYPT_OK) { goto done; } ------------------ | | 547| 259|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (57:8): [True: 0, False: 259] ------------------ 58| 259| if ((err = mp_montgomery_reduce(P->x, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 259|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (58:8): [True: 0, False: 259] ------------------ 59| 259| if ((err = mp_mul(P->y, t1, P->y)) != CRYPT_OK) { goto done; } ------------------ | | 547| 259|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (59:8): [True: 0, False: 259] ------------------ 60| 259| if ((err = mp_montgomery_reduce(P->y, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 259|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (60:8): [True: 0, False: 259] ------------------ 61| 259| if ((err = mp_set(P->z, 1)) != CRYPT_OK) { goto done; } ------------------ | | 526| 259|#define mp_set(a, b) ltc_mp.set_int(a, b) ------------------ | Branch (61:8): [True: 0, False: 259] ------------------ 62| | 63| 259| err = CRYPT_OK; 64| 259|done: 65| 259| mp_clear_multi(t1, t2, NULL); ------------------ | | 519| 259|#define mp_clear_multi ltc_deinit_multi ------------------ 66| 259| return err; 67| 259|} ltc_ecc_mul2add: 39| 259|{ 40| 259| ecc_point *precomp[16]; 41| 259| unsigned bitbufA, bitbufB, lenA, lenB, len, x, y, nA, nB, nibble; 42| 259| unsigned char *tA, *tB; 43| 259| int err, first; 44| 259| void *mp, *mu; 45| | 46| | /* argchks */ 47| 259| LTC_ARGCHK(A != NULL); ------------------ | | 32| 259|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 259] | | | Branch (32:87): [Folded, False: 259] | | ------------------ ------------------ 48| 259| LTC_ARGCHK(B != NULL); ------------------ | | 32| 259|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 259] | | | Branch (32:87): [Folded, False: 259] | | ------------------ ------------------ 49| 259| LTC_ARGCHK(C != NULL); ------------------ | | 32| 259|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 259] | | | Branch (32:87): [Folded, False: 259] | | ------------------ ------------------ 50| 259| LTC_ARGCHK(kA != NULL); ------------------ | | 32| 259|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 259] | | | Branch (32:87): [Folded, False: 259] | | ------------------ ------------------ 51| 259| LTC_ARGCHK(kB != NULL); ------------------ | | 32| 259|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 259] | | | Branch (32:87): [Folded, False: 259] | | ------------------ ------------------ 52| 259| LTC_ARGCHK(modulus != NULL); ------------------ | | 32| 259|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 259] | | | Branch (32:87): [Folded, False: 259] | | ------------------ ------------------ 53| | 54| | /* allocate memory */ 55| 259| tA = XCALLOC(1, ECC_BUF_SIZE); ------------------ | | 19| 259|#define XCALLOC m_calloc ------------------ tA = XCALLOC(1, ECC_BUF_SIZE); ------------------ | | 246| 259|#define ECC_BUF_SIZE 256 ------------------ 56| 259| if (tA == NULL) { ------------------ | Branch (56:7): [True: 0, False: 259] ------------------ 57| 0| return CRYPT_MEM; 58| 0| } 59| 259| tB = XCALLOC(1, ECC_BUF_SIZE); ------------------ | | 19| 259|#define XCALLOC m_calloc ------------------ tB = XCALLOC(1, ECC_BUF_SIZE); ------------------ | | 246| 259|#define ECC_BUF_SIZE 256 ------------------ 60| 259| if (tB == NULL) { ------------------ | Branch (60:7): [True: 0, False: 259] ------------------ 61| 0| XFREE(tA); ------------------ | | 17| 0|#define XFREE m_free_direct ------------------ 62| 0| return CRYPT_MEM; 63| 0| } 64| | 65| | /* get sizes */ 66| 259| lenA = mp_unsigned_bin_size(kA); ------------------ | | 539| 259|#define mp_unsigned_bin_size(a) ltc_mp.unsigned_size(a) ------------------ 67| 259| lenB = mp_unsigned_bin_size(kB); ------------------ | | 539| 259|#define mp_unsigned_bin_size(a) ltc_mp.unsigned_size(a) ------------------ 68| 259| len = MAX(lenA, lenB); ------------------ | | 421| 259| #define MAX(x, y) ( ((x)>(y))?(x):(y) ) | | ------------------ | | | Branch (421:24): [True: 86, False: 173] | | ------------------ ------------------ 69| | 70| | /* sanity check */ 71| 259| if ((lenA > ECC_BUF_SIZE) || (lenB > ECC_BUF_SIZE)) { ------------------ | | 246| 259|#define ECC_BUF_SIZE 256 ------------------ if ((lenA > ECC_BUF_SIZE) || (lenB > ECC_BUF_SIZE)) { ------------------ | | 246| 259|#define ECC_BUF_SIZE 256 ------------------ | Branch (71:7): [True: 0, False: 259] | Branch (71:32): [True: 0, False: 259] ------------------ 72| 0| err = CRYPT_INVALID_ARG; 73| 0| goto ERR_T; 74| 0| } 75| | 76| | /* extract and justify kA */ 77| 259| mp_to_unsigned_bin(kA, (len - lenA) + tA); ------------------ | | 540| 259|#define mp_to_unsigned_bin(a, b) ltc_mp.unsigned_write(a, b) ------------------ 78| | 79| | /* extract and justify kB */ 80| 259| mp_to_unsigned_bin(kB, (len - lenB) + tB); ------------------ | | 540| 259|#define mp_to_unsigned_bin(a, b) ltc_mp.unsigned_write(a, b) ------------------ 81| | 82| | /* allocate the table */ 83| 4.40k| for (x = 0; x < 16; x++) { ------------------ | Branch (83:15): [True: 4.14k, False: 259] ------------------ 84| 4.14k| precomp[x] = ltc_ecc_new_point(); 85| 4.14k| if (precomp[x] == NULL) { ------------------ | Branch (85:10): [True: 0, False: 4.14k] ------------------ 86| 0| for (y = 0; y < x; ++y) { ------------------ | Branch (86:22): [True: 0, False: 0] ------------------ 87| 0| ltc_ecc_del_point(precomp[y]); 88| 0| } 89| 0| err = CRYPT_MEM; 90| 0| goto ERR_T; 91| 0| } 92| 4.14k| } 93| | 94| | /* init montgomery reduction */ 95| 259| if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { ------------------ | | 563| 259|#define mp_montgomery_setup(a, b) ltc_mp.montgomery_setup(a, b) ------------------ | Branch (95:7): [True: 0, False: 259] ------------------ 96| 0| goto ERR_P; 97| 0| } 98| 259| if ((err = mp_init(&mu)) != CRYPT_OK) { ------------------ | | 516| 259|#define mp_init(a) ltc_mp.init(a) ------------------ | Branch (98:7): [True: 0, False: 259] ------------------ 99| 0| goto ERR_MP; 100| 0| } 101| 259| if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { ------------------ | | 564| 259|#define mp_montgomery_normalization(a, b) ltc_mp.montgomery_normalization(a, b) ------------------ | Branch (101:7): [True: 0, False: 259] ------------------ 102| 0| goto ERR_MU; 103| 0| } 104| | 105| | /* copy ones ... */ 106| 259| if ((err = mp_mulmod(A->x, mu, modulus, precomp[1]->x)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 559| 259|#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) ------------------ | Branch (106:7): [True: 0, False: 259] ------------------ 107| 259| if ((err = mp_mulmod(A->y, mu, modulus, precomp[1]->y)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 559| 259|#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) ------------------ | Branch (107:7): [True: 0, False: 259] ------------------ 108| 259| if ((err = mp_mulmod(A->z, mu, modulus, precomp[1]->z)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 559| 259|#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) ------------------ | Branch (108:7): [True: 0, False: 259] ------------------ 109| | 110| 259| if ((err = mp_mulmod(B->x, mu, modulus, precomp[1<<2]->x)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 559| 259|#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) ------------------ | Branch (110:7): [True: 0, False: 259] ------------------ 111| 259| if ((err = mp_mulmod(B->y, mu, modulus, precomp[1<<2]->y)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 559| 259|#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) ------------------ | Branch (111:7): [True: 0, False: 259] ------------------ 112| 259| if ((err = mp_mulmod(B->z, mu, modulus, precomp[1<<2]->z)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 559| 259|#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) ------------------ | Branch (112:7): [True: 0, False: 259] ------------------ 113| | 114| | /* precomp [i,0](A + B) table */ 115| 259| if ((err = ltc_mp.ecc_ptdbl(precomp[1], precomp[2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } ------------------ | Branch (115:7): [True: 0, False: 259] ------------------ 116| 259| if ((err = ltc_mp.ecc_ptadd(precomp[1], precomp[2], precomp[3], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } ------------------ | Branch (116:7): [True: 0, False: 259] ------------------ 117| | 118| | /* precomp [0,i](A + B) table */ 119| 259| if ((err = ltc_mp.ecc_ptdbl(precomp[1<<2], precomp[2<<2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } ------------------ | Branch (119:7): [True: 0, False: 259] ------------------ 120| 259| if ((err = ltc_mp.ecc_ptadd(precomp[1<<2], precomp[2<<2], precomp[3<<2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } ------------------ | Branch (120:7): [True: 0, False: 259] ------------------ 121| | 122| | /* precomp [i,j](A + B) table (i != 0, j != 0) */ 123| 1.03k| for (x = 1; x < 4; x++) { ------------------ | Branch (123:15): [True: 777, False: 259] ------------------ 124| 3.10k| for (y = 1; y < 4; y++) { ------------------ | Branch (124:18): [True: 2.33k, False: 777] ------------------ 125| 2.33k| if ((err = ltc_mp.ecc_ptadd(precomp[x], precomp[(y<<2)], precomp[x+(y<<2)], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } ------------------ | Branch (125:13): [True: 0, False: 2.33k] ------------------ 126| 2.33k| } 127| 777| } 128| | 129| 259| nibble = 3; 130| 259| first = 1; 131| 259| bitbufA = tA[0]; 132| 259| bitbufB = tB[0]; 133| | 134| | /* for every byte of the multiplicands */ 135| 43.5k| for (x = 0;; ) { 136| | /* grab a nibble */ 137| 43.5k| if (++nibble == 4) { ------------------ | Branch (137:10): [True: 11.0k, False: 32.4k] ------------------ 138| 11.0k| if (x == len) break; ------------------ | Branch (138:13): [True: 259, False: 10.8k] ------------------ 139| 10.8k| bitbufA = tA[x]; 140| 10.8k| bitbufB = tB[x]; 141| 10.8k| nibble = 0; 142| 10.8k| ++x; 143| 10.8k| } 144| | 145| | /* extract two bits from both, shift/update */ 146| 43.2k| nA = (bitbufA >> 6) & 0x03; 147| 43.2k| nB = (bitbufB >> 6) & 0x03; 148| 43.2k| bitbufA = (bitbufA << 2) & 0xFF; 149| 43.2k| bitbufB = (bitbufB << 2) & 0xFF; 150| | 151| | /* if both zero, if first, continue */ 152| 43.2k| if ((nA == 0) && (nB == 0) && (first == 1)) { ------------------ | Branch (152:10): [True: 11.0k, False: 32.2k] | Branch (152:23): [True: 4.57k, False: 6.49k] | Branch (152:36): [True: 169, False: 4.40k] ------------------ 153| 169| continue; 154| 169| } 155| | 156| | /* double twice, only if this isn't the first */ 157| 43.1k| if (first == 0) { ------------------ | Branch (157:10): [True: 42.8k, False: 259] ------------------ 158| | /* double twice */ 159| 42.8k| if ((err = ltc_mp.ecc_ptdbl(C, C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; } ------------------ | Branch (159:13): [True: 0, False: 42.8k] ------------------ 160| 42.8k| if ((err = ltc_mp.ecc_ptdbl(C, C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; } ------------------ | Branch (160:13): [True: 0, False: 42.8k] ------------------ 161| 42.8k| } 162| | 163| | /* if not both zero */ 164| 43.1k| if ((nA != 0) || (nB != 0)) { ------------------ | Branch (164:10): [True: 32.2k, False: 10.8k] | Branch (164:23): [True: 6.49k, False: 4.40k] ------------------ 165| 38.7k| if (first == 1) { ------------------ | Branch (165:13): [True: 259, False: 38.4k] ------------------ 166| | /* if first, copy from table */ 167| 259| first = 0; 168| 259| if ((err = mp_copy(precomp[nA + (nB<<2)]->x, C->x)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 524| 259|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (168:16): [True: 0, False: 259] ------------------ 169| 259| if ((err = mp_copy(precomp[nA + (nB<<2)]->y, C->y)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 524| 259|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (169:16): [True: 0, False: 259] ------------------ 170| 259| if ((err = mp_copy(precomp[nA + (nB<<2)]->z, C->z)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 524| 259|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (170:16): [True: 0, False: 259] ------------------ 171| 38.4k| } else { 172| | /* if not first, add from table */ 173| 38.4k| if ((err = ltc_mp.ecc_ptadd(C, precomp[nA + (nB<<2)], C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; } ------------------ | Branch (173:16): [True: 0, False: 38.4k] ------------------ 174| 38.4k| } 175| 38.7k| } 176| 43.1k| } 177| | 178| | /* reduce to affine */ 179| 259| err = ltc_ecc_map(C, modulus, mp); 180| | 181| | /* clean up */ 182| 259|ERR_MU: 183| 259| mp_clear(mu); ------------------ | | 518| 259|#define mp_clear(a) ltc_mp.deinit(a) ------------------ 184| 259|ERR_MP: 185| 259| mp_montgomery_free(mp); ------------------ | | 566| 259|#define mp_montgomery_free(a) ltc_mp.montgomery_deinit(a) ------------------ 186| 259|ERR_P: 187| 4.40k| for (x = 0; x < 16; x++) { ------------------ | Branch (187:16): [True: 4.14k, False: 259] ------------------ 188| 4.14k| ltc_ecc_del_point(precomp[x]); 189| 4.14k| } 190| 259|ERR_T: 191| |#ifdef LTC_CLEAN_STACK 192| | zeromem(tA, ECC_BUF_SIZE); 193| | zeromem(tB, ECC_BUF_SIZE); 194| |#endif 195| 259| XFREE(tA); ------------------ | | 17| 259|#define XFREE m_free_direct ------------------ 196| 259| XFREE(tB); ------------------ | | 17| 259|#define XFREE m_free_direct ------------------ 197| | 198| 259| return err; 199| 259|} ltc_ecc_new_point: 29| 4.76k|{ 30| 4.76k| ecc_point *p; 31| 4.76k| p = XCALLOC(1, sizeof(*p)); ------------------ | | 19| 4.76k|#define XCALLOC m_calloc ------------------ 32| 4.76k| if (p == NULL) { ------------------ | Branch (32:8): [True: 0, False: 4.76k] ------------------ 33| 0| return NULL; 34| 0| } 35| 4.76k| if (mp_init_multi(&p->x, &p->y, &p->z, NULL) != CRYPT_OK) { ------------------ | | 517| 4.76k|#define mp_init_multi ltc_init_multi ------------------ | Branch (35:8): [True: 0, False: 4.76k] ------------------ 36| 0| XFREE(p); ------------------ | | 17| 0|#define XFREE m_free_direct ------------------ 37| 0| return NULL; 38| 0| } 39| 4.76k| return p; 40| 4.76k|} ltc_ecc_del_point: 46| 4.75k|{ 47| | /* prevents free'ing null arguments */ 48| 4.75k| if (p != NULL) { ------------------ | Branch (48:8): [True: 4.75k, False: 0] ------------------ 49| 4.75k| mp_clear_multi(p->x, p->y, p->z, NULL); /* note: p->z may be NULL but that's ok with this function anyways */ ------------------ | | 519| 4.75k|#define mp_clear_multi ltc_deinit_multi ------------------ 50| 4.75k| XFREE(p); ------------------ | | 17| 4.75k|#define XFREE m_free_direct ------------------ 51| 4.75k| } 52| 4.75k|} ltc_ecc_projective_add_point: 34| 41.2k|{ 35| 41.2k| void *t1, *t2, *x, *y, *z; 36| 41.2k| int err; 37| | 38| 41.2k| LTC_ARGCHK(P != NULL); ------------------ | | 32| 41.2k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 41.2k] | | | Branch (32:87): [Folded, False: 41.2k] | | ------------------ ------------------ 39| 41.2k| LTC_ARGCHK(Q != NULL); ------------------ | | 32| 41.2k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 41.2k] | | | Branch (32:87): [Folded, False: 41.2k] | | ------------------ ------------------ 40| 41.2k| LTC_ARGCHK(R != NULL); ------------------ | | 32| 41.2k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 41.2k] | | | Branch (32:87): [Folded, False: 41.2k] | | ------------------ ------------------ 41| 41.2k| LTC_ARGCHK(modulus != NULL); ------------------ | | 32| 41.2k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 41.2k] | | | Branch (32:87): [Folded, False: 41.2k] | | ------------------ ------------------ 42| 41.2k| LTC_ARGCHK(mp != NULL); ------------------ | | 32| 41.2k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 41.2k] | | | Branch (32:87): [Folded, False: 41.2k] | | ------------------ ------------------ 43| | 44| 41.2k| if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != CRYPT_OK) { ------------------ | | 517| 41.2k|#define mp_init_multi ltc_init_multi ------------------ | Branch (44:8): [True: 0, False: 41.2k] ------------------ 45| 0| return err; 46| 0| } 47| | 48| | /* should we dbl instead? */ 49| 41.2k| if ((err = mp_sub(modulus, Q->y, t1)) != CRYPT_OK) { goto done; } ------------------ | | 545| 41.2k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (49:8): [True: 0, False: 41.2k] ------------------ 50| | 51| 41.2k| if ( (mp_cmp(P->x, Q->x) == LTC_MP_EQ) && ------------------ | | 531| 41.2k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if ( (mp_cmp(P->x, Q->x) == LTC_MP_EQ) && ------------------ | | 13| 41.2k|#define LTC_MP_EQ 0 ------------------ | Branch (51:9): [True: 0, False: 41.2k] ------------------ 52| 0| (Q->z != NULL && mp_cmp(P->z, Q->z) == LTC_MP_EQ) && ------------------ | | 531| 0|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ (Q->z != NULL && mp_cmp(P->z, Q->z) == LTC_MP_EQ) && ------------------ | | 13| 0|#define LTC_MP_EQ 0 ------------------ | Branch (52:10): [True: 0, False: 0] | Branch (52:26): [True: 0, False: 0] ------------------ 53| 0| (mp_cmp(P->y, Q->y) == LTC_MP_EQ || mp_cmp(P->y, t1) == LTC_MP_EQ)) { ------------------ | | 531| 0|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ (mp_cmp(P->y, Q->y) == LTC_MP_EQ || mp_cmp(P->y, t1) == LTC_MP_EQ)) { ------------------ | | 13| 0|#define LTC_MP_EQ 0 ------------------ (mp_cmp(P->y, Q->y) == LTC_MP_EQ || mp_cmp(P->y, t1) == LTC_MP_EQ)) { ------------------ | | 531| 0|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ (mp_cmp(P->y, Q->y) == LTC_MP_EQ || mp_cmp(P->y, t1) == LTC_MP_EQ)) { ------------------ | | 13| 0|#define LTC_MP_EQ 0 ------------------ | Branch (53:10): [True: 0, False: 0] | Branch (53:45): [True: 0, False: 0] ------------------ 54| 0| mp_clear_multi(t1, t2, x, y, z, NULL); ------------------ | | 519| 0|#define mp_clear_multi ltc_deinit_multi ------------------ 55| 0| return ltc_ecc_projective_dbl_point(P, R, modulus, mp); 56| 0| } 57| | 58| 41.2k| if ((err = mp_copy(P->x, x)) != CRYPT_OK) { goto done; } ------------------ | | 524| 41.2k|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (58:8): [True: 0, False: 41.2k] ------------------ 59| 41.2k| if ((err = mp_copy(P->y, y)) != CRYPT_OK) { goto done; } ------------------ | | 524| 41.2k|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (59:8): [True: 0, False: 41.2k] ------------------ 60| 41.2k| if ((err = mp_copy(P->z, z)) != CRYPT_OK) { goto done; } ------------------ | | 524| 41.2k|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (60:8): [True: 0, False: 41.2k] ------------------ 61| | 62| | /* if Z is one then these are no-operations */ 63| 41.2k| if (Q->z != NULL) { ------------------ | Branch (63:8): [True: 41.2k, False: 0] ------------------ 64| | /* T1 = Z' * Z' */ 65| 41.2k| if ((err = mp_sqr(Q->z, t1)) != CRYPT_OK) { goto done; } ------------------ | | 549| 41.2k|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (65:11): [True: 0, False: 41.2k] ------------------ 66| 41.2k| if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 41.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (66:11): [True: 0, False: 41.2k] ------------------ 67| | /* X = X * T1 */ 68| 41.2k| if ((err = mp_mul(t1, x, x)) != CRYPT_OK) { goto done; } ------------------ | | 547| 41.2k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (68:11): [True: 0, False: 41.2k] ------------------ 69| 41.2k| if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 41.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (69:11): [True: 0, False: 41.2k] ------------------ 70| | /* T1 = Z' * T1 */ 71| 41.2k| if ((err = mp_mul(Q->z, t1, t1)) != CRYPT_OK) { goto done; } ------------------ | | 547| 41.2k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (71:11): [True: 0, False: 41.2k] ------------------ 72| 41.2k| if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 41.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (72:11): [True: 0, False: 41.2k] ------------------ 73| | /* Y = Y * T1 */ 74| 41.2k| if ((err = mp_mul(t1, y, y)) != CRYPT_OK) { goto done; } ------------------ | | 547| 41.2k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (74:11): [True: 0, False: 41.2k] ------------------ 75| 41.2k| if ((err = mp_montgomery_reduce(y, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 41.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (75:11): [True: 0, False: 41.2k] ------------------ 76| 41.2k| } 77| | 78| | /* T1 = Z*Z */ 79| 41.2k| if ((err = mp_sqr(z, t1)) != CRYPT_OK) { goto done; } ------------------ | | 549| 41.2k|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (79:8): [True: 0, False: 41.2k] ------------------ 80| 41.2k| if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 41.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (80:8): [True: 0, False: 41.2k] ------------------ 81| | /* T2 = X' * T1 */ 82| 41.2k| if ((err = mp_mul(Q->x, t1, t2)) != CRYPT_OK) { goto done; } ------------------ | | 547| 41.2k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (82:8): [True: 0, False: 41.2k] ------------------ 83| 41.2k| if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 41.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (83:8): [True: 0, False: 41.2k] ------------------ 84| | /* T1 = Z * T1 */ 85| 41.2k| if ((err = mp_mul(z, t1, t1)) != CRYPT_OK) { goto done; } ------------------ | | 547| 41.2k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (85:8): [True: 0, False: 41.2k] ------------------ 86| 41.2k| if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 41.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (86:8): [True: 0, False: 41.2k] ------------------ 87| | /* T1 = Y' * T1 */ 88| 41.2k| if ((err = mp_mul(Q->y, t1, t1)) != CRYPT_OK) { goto done; } ------------------ | | 547| 41.2k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (88:8): [True: 0, False: 41.2k] ------------------ 89| 41.2k| if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 41.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (89:8): [True: 0, False: 41.2k] ------------------ 90| | 91| | /* Y = Y - T1 */ 92| 41.2k| if ((err = mp_sub(y, t1, y)) != CRYPT_OK) { goto done; } ------------------ | | 545| 41.2k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (92:8): [True: 0, False: 41.2k] ------------------ 93| 41.2k| if (mp_cmp_d(y, 0) == LTC_MP_LT) { ------------------ | | 532| 41.2k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(y, 0) == LTC_MP_LT) { ------------------ | | 12| 41.2k|#define LTC_MP_LT -1 ------------------ | Branch (93:8): [True: 20.7k, False: 20.5k] ------------------ 94| 20.7k| if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; } ------------------ | | 543| 20.7k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (94:11): [True: 0, False: 20.7k] ------------------ 95| 20.7k| } 96| | /* T1 = 2T1 */ 97| 41.2k| if ((err = mp_add(t1, t1, t1)) != CRYPT_OK) { goto done; } ------------------ | | 543| 41.2k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (97:8): [True: 0, False: 41.2k] ------------------ 98| 41.2k| if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 531| 41.2k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 12| 41.2k|#define LTC_MP_LT -1 ------------------ | Branch (98:8): [True: 20.8k, False: 20.4k] ------------------ 99| 20.8k| if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } ------------------ | | 545| 20.8k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (99:11): [True: 0, False: 20.8k] ------------------ 100| 20.8k| } 101| | /* T1 = Y + T1 */ 102| 41.2k| if ((err = mp_add(t1, y, t1)) != CRYPT_OK) { goto done; } ------------------ | | 543| 41.2k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (102:8): [True: 0, False: 41.2k] ------------------ 103| 41.2k| if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 531| 41.2k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 12| 41.2k|#define LTC_MP_LT -1 ------------------ | Branch (103:8): [True: 20.2k, False: 21.0k] ------------------ 104| 20.2k| if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } ------------------ | | 545| 20.2k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (104:11): [True: 0, False: 20.2k] ------------------ 105| 20.2k| } 106| | /* X = X - T2 */ 107| 41.2k| if ((err = mp_sub(x, t2, x)) != CRYPT_OK) { goto done; } ------------------ | | 545| 41.2k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (107:8): [True: 0, False: 41.2k] ------------------ 108| 41.2k| if (mp_cmp_d(x, 0) == LTC_MP_LT) { ------------------ | | 532| 41.2k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(x, 0) == LTC_MP_LT) { ------------------ | | 12| 41.2k|#define LTC_MP_LT -1 ------------------ | Branch (108:8): [True: 20.5k, False: 20.7k] ------------------ 109| 20.5k| if ((err = mp_add(x, modulus, x)) != CRYPT_OK) { goto done; } ------------------ | | 543| 20.5k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (109:11): [True: 0, False: 20.5k] ------------------ 110| 20.5k| } 111| | /* T2 = 2T2 */ 112| 41.2k| if ((err = mp_add(t2, t2, t2)) != CRYPT_OK) { goto done; } ------------------ | | 543| 41.2k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (112:8): [True: 0, False: 41.2k] ------------------ 113| 41.2k| if (mp_cmp(t2, modulus) != LTC_MP_LT) { ------------------ | | 531| 41.2k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(t2, modulus) != LTC_MP_LT) { ------------------ | | 12| 41.2k|#define LTC_MP_LT -1 ------------------ | Branch (113:8): [True: 20.6k, False: 20.6k] ------------------ 114| 20.6k| if ((err = mp_sub(t2, modulus, t2)) != CRYPT_OK) { goto done; } ------------------ | | 545| 20.6k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (114:11): [True: 0, False: 20.6k] ------------------ 115| 20.6k| } 116| | /* T2 = X + T2 */ 117| 41.2k| if ((err = mp_add(t2, x, t2)) != CRYPT_OK) { goto done; } ------------------ | | 543| 41.2k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (117:8): [True: 0, False: 41.2k] ------------------ 118| 41.2k| if (mp_cmp(t2, modulus) != LTC_MP_LT) { ------------------ | | 531| 41.2k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(t2, modulus) != LTC_MP_LT) { ------------------ | | 12| 41.2k|#define LTC_MP_LT -1 ------------------ | Branch (118:8): [True: 20.2k, False: 21.0k] ------------------ 119| 20.2k| if ((err = mp_sub(t2, modulus, t2)) != CRYPT_OK) { goto done; } ------------------ | | 545| 20.2k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (119:11): [True: 0, False: 20.2k] ------------------ 120| 20.2k| } 121| | 122| | /* if Z' != 1 */ 123| 41.2k| if (Q->z != NULL) { ------------------ | Branch (123:8): [True: 41.2k, False: 0] ------------------ 124| | /* Z = Z * Z' */ 125| 41.2k| if ((err = mp_mul(z, Q->z, z)) != CRYPT_OK) { goto done; } ------------------ | | 547| 41.2k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (125:11): [True: 0, False: 41.2k] ------------------ 126| 41.2k| if ((err = mp_montgomery_reduce(z, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 41.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (126:11): [True: 0, False: 41.2k] ------------------ 127| 41.2k| } 128| | 129| | /* Z = Z * X */ 130| 41.2k| if ((err = mp_mul(z, x, z)) != CRYPT_OK) { goto done; } ------------------ | | 547| 41.2k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (130:8): [True: 0, False: 41.2k] ------------------ 131| 41.2k| if ((err = mp_montgomery_reduce(z, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 41.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (131:8): [True: 0, False: 41.2k] ------------------ 132| | 133| | /* T1 = T1 * X */ 134| 41.2k| if ((err = mp_mul(t1, x, t1)) != CRYPT_OK) { goto done; } ------------------ | | 547| 41.2k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (134:8): [True: 0, False: 41.2k] ------------------ 135| 41.2k| if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 41.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (135:8): [True: 0, False: 41.2k] ------------------ 136| | /* X = X * X */ 137| 41.2k| if ((err = mp_sqr(x, x)) != CRYPT_OK) { goto done; } ------------------ | | 549| 41.2k|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (137:8): [True: 0, False: 41.2k] ------------------ 138| 41.2k| if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 41.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (138:8): [True: 0, False: 41.2k] ------------------ 139| | /* T2 = T2 * x */ 140| 41.2k| if ((err = mp_mul(t2, x, t2)) != CRYPT_OK) { goto done; } ------------------ | | 547| 41.2k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (140:8): [True: 0, False: 41.2k] ------------------ 141| 41.2k| if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 41.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (141:8): [True: 0, False: 41.2k] ------------------ 142| | /* T1 = T1 * X */ 143| 41.2k| if ((err = mp_mul(t1, x, t1)) != CRYPT_OK) { goto done; } ------------------ | | 547| 41.2k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (143:8): [True: 0, False: 41.2k] ------------------ 144| 41.2k| if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 41.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (144:8): [True: 0, False: 41.2k] ------------------ 145| | 146| | /* X = Y*Y */ 147| 41.2k| if ((err = mp_sqr(y, x)) != CRYPT_OK) { goto done; } ------------------ | | 549| 41.2k|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (147:8): [True: 0, False: 41.2k] ------------------ 148| 41.2k| if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 41.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (148:8): [True: 0, False: 41.2k] ------------------ 149| | /* X = X - T2 */ 150| 41.2k| if ((err = mp_sub(x, t2, x)) != CRYPT_OK) { goto done; } ------------------ | | 545| 41.2k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (150:8): [True: 0, False: 41.2k] ------------------ 151| 41.2k| if (mp_cmp_d(x, 0) == LTC_MP_LT) { ------------------ | | 532| 41.2k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(x, 0) == LTC_MP_LT) { ------------------ | | 12| 41.2k|#define LTC_MP_LT -1 ------------------ | Branch (151:8): [True: 20.1k, False: 21.1k] ------------------ 152| 20.1k| if ((err = mp_add(x, modulus, x)) != CRYPT_OK) { goto done; } ------------------ | | 543| 20.1k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (152:11): [True: 0, False: 20.1k] ------------------ 153| 20.1k| } 154| | 155| | /* T2 = T2 - X */ 156| 41.2k| if ((err = mp_sub(t2, x, t2)) != CRYPT_OK) { goto done; } ------------------ | | 545| 41.2k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (156:8): [True: 0, False: 41.2k] ------------------ 157| 41.2k| if (mp_cmp_d(t2, 0) == LTC_MP_LT) { ------------------ | | 532| 41.2k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(t2, 0) == LTC_MP_LT) { ------------------ | | 12| 41.2k|#define LTC_MP_LT -1 ------------------ | Branch (157:8): [True: 20.4k, False: 20.8k] ------------------ 158| 20.4k| if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; } ------------------ | | 543| 20.4k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (158:11): [True: 0, False: 20.4k] ------------------ 159| 20.4k| } 160| | /* T2 = T2 - X */ 161| 41.2k| if ((err = mp_sub(t2, x, t2)) != CRYPT_OK) { goto done; } ------------------ | | 545| 41.2k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (161:8): [True: 0, False: 41.2k] ------------------ 162| 41.2k| if (mp_cmp_d(t2, 0) == LTC_MP_LT) { ------------------ | | 532| 41.2k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(t2, 0) == LTC_MP_LT) { ------------------ | | 12| 41.2k|#define LTC_MP_LT -1 ------------------ | Branch (162:8): [True: 20.7k, False: 20.5k] ------------------ 163| 20.7k| if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; } ------------------ | | 543| 20.7k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (163:11): [True: 0, False: 20.7k] ------------------ 164| 20.7k| } 165| | /* T2 = T2 * Y */ 166| 41.2k| if ((err = mp_mul(t2, y, t2)) != CRYPT_OK) { goto done; } ------------------ | | 547| 41.2k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (166:8): [True: 0, False: 41.2k] ------------------ 167| 41.2k| if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 41.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (167:8): [True: 0, False: 41.2k] ------------------ 168| | /* Y = T2 - T1 */ 169| 41.2k| if ((err = mp_sub(t2, t1, y)) != CRYPT_OK) { goto done; } ------------------ | | 545| 41.2k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (169:8): [True: 0, False: 41.2k] ------------------ 170| 41.2k| if (mp_cmp_d(y, 0) == LTC_MP_LT) { ------------------ | | 532| 41.2k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(y, 0) == LTC_MP_LT) { ------------------ | | 12| 41.2k|#define LTC_MP_LT -1 ------------------ | Branch (170:8): [True: 20.7k, False: 20.5k] ------------------ 171| 20.7k| if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; } ------------------ | | 543| 20.7k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (171:11): [True: 0, False: 20.7k] ------------------ 172| 20.7k| } 173| | /* Y = Y/2 */ 174| 41.2k| if (mp_isodd(y)) { ------------------ | | 572| 41.2k|#define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 530| 41.2k|#define mp_get_digit_count(a) ltc_mp.get_digit_count(a) | | ------------------ | | #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 529| 41.2k|#define mp_get_digit(a, n) ltc_mp.get_digit(a, n) | | ------------------ | | #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 17| 20.8k|#define LTC_MP_YES 1 | | ------------------ | | #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 16| 20.4k|#define LTC_MP_NO 0 | | ------------------ | | #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 16| 0|#define LTC_MP_NO 0 | | ------------------ | | | Branch (572:38): [True: 20.8k, False: 20.4k] | | | Branch (572:39): [True: 41.2k, False: 0] | | | Branch (572:68): [True: 20.8k, False: 20.4k] | | ------------------ ------------------ 175| 20.8k| if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; } ------------------ | | 543| 20.8k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (175:11): [True: 0, False: 20.8k] ------------------ 176| 20.8k| } 177| 41.2k| if ((err = mp_div_2(y, y)) != CRYPT_OK) { goto done; } ------------------ | | 551| 41.2k|#define mp_div_2(a, b) ltc_mp.div_2(a, b) ------------------ | Branch (177:8): [True: 0, False: 41.2k] ------------------ 178| | 179| 41.2k| if ((err = mp_copy(x, R->x)) != CRYPT_OK) { goto done; } ------------------ | | 524| 41.2k|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (179:8): [True: 0, False: 41.2k] ------------------ 180| 41.2k| if ((err = mp_copy(y, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 524| 41.2k|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (180:8): [True: 0, False: 41.2k] ------------------ 181| 41.2k| if ((err = mp_copy(z, R->z)) != CRYPT_OK) { goto done; } ------------------ | | 524| 41.2k|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (181:8): [True: 0, False: 41.2k] ------------------ 182| | 183| 41.2k| err = CRYPT_OK; 184| 41.2k|done: 185| 41.2k| mp_clear_multi(t1, t2, x, y, z, NULL); ------------------ | | 519| 41.2k|#define mp_clear_multi ltc_deinit_multi ------------------ 186| 41.2k| return err; 187| 41.2k|} ltc_ecc_projective_dbl_point: 33| 86.2k|{ 34| 86.2k| void *t1, *t2; 35| 86.2k| int err; 36| | 37| 86.2k| LTC_ARGCHK(P != NULL); ------------------ | | 32| 86.2k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 86.2k] | | | Branch (32:87): [Folded, False: 86.2k] | | ------------------ ------------------ 38| 86.2k| LTC_ARGCHK(R != NULL); ------------------ | | 32| 86.2k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 86.2k] | | | Branch (32:87): [Folded, False: 86.2k] | | ------------------ ------------------ 39| 86.2k| LTC_ARGCHK(modulus != NULL); ------------------ | | 32| 86.2k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 86.2k] | | | Branch (32:87): [Folded, False: 86.2k] | | ------------------ ------------------ 40| 86.2k| LTC_ARGCHK(mp != NULL); ------------------ | | 32| 86.2k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 86.2k] | | | Branch (32:87): [Folded, False: 86.2k] | | ------------------ ------------------ 41| | 42| 86.2k| if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) { ------------------ | | 517| 86.2k|#define mp_init_multi ltc_init_multi ------------------ | Branch (42:8): [True: 0, False: 86.2k] ------------------ 43| 0| return err; 44| 0| } 45| | 46| 86.2k| if (P != R) { ------------------ | Branch (46:8): [True: 518, False: 85.6k] ------------------ 47| 518| if ((err = mp_copy(P->x, R->x)) != CRYPT_OK) { goto done; } ------------------ | | 524| 518|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (47:11): [True: 0, False: 518] ------------------ 48| 518| if ((err = mp_copy(P->y, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 524| 518|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (48:11): [True: 0, False: 518] ------------------ 49| 518| if ((err = mp_copy(P->z, R->z)) != CRYPT_OK) { goto done; } ------------------ | | 524| 518|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (49:11): [True: 0, False: 518] ------------------ 50| 518| } 51| | 52| | /* t1 = Z * Z */ 53| 86.2k| if ((err = mp_sqr(R->z, t1)) != CRYPT_OK) { goto done; } ------------------ | | 549| 86.2k|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (53:8): [True: 0, False: 86.2k] ------------------ 54| 86.2k| if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 86.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (54:8): [True: 0, False: 86.2k] ------------------ 55| | /* Z = Y * Z */ 56| 86.2k| if ((err = mp_mul(R->z, R->y, R->z)) != CRYPT_OK) { goto done; } ------------------ | | 547| 86.2k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (56:8): [True: 0, False: 86.2k] ------------------ 57| 86.2k| if ((err = mp_montgomery_reduce(R->z, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 86.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (57:8): [True: 0, False: 86.2k] ------------------ 58| | /* Z = 2Z */ 59| 86.2k| if ((err = mp_add(R->z, R->z, R->z)) != CRYPT_OK) { goto done; } ------------------ | | 543| 86.2k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (59:8): [True: 0, False: 86.2k] ------------------ 60| 86.2k| if (mp_cmp(R->z, modulus) != LTC_MP_LT) { ------------------ | | 531| 86.2k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(R->z, modulus) != LTC_MP_LT) { ------------------ | | 12| 86.2k|#define LTC_MP_LT -1 ------------------ | Branch (60:8): [True: 43.1k, False: 43.0k] ------------------ 61| 43.1k| if ((err = mp_sub(R->z, modulus, R->z)) != CRYPT_OK) { goto done; } ------------------ | | 545| 43.1k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (61:11): [True: 0, False: 43.1k] ------------------ 62| 43.1k| } 63| | 64| | /* T2 = X - T1 */ 65| 86.2k| if ((err = mp_sub(R->x, t1, t2)) != CRYPT_OK) { goto done; } ------------------ | | 545| 86.2k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (65:8): [True: 0, False: 86.2k] ------------------ 66| 86.2k| if (mp_cmp_d(t2, 0) == LTC_MP_LT) { ------------------ | | 532| 86.2k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(t2, 0) == LTC_MP_LT) { ------------------ | | 12| 86.2k|#define LTC_MP_LT -1 ------------------ | Branch (66:8): [True: 43.1k, False: 43.0k] ------------------ 67| 43.1k| if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; } ------------------ | | 543| 43.1k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (67:11): [True: 0, False: 43.1k] ------------------ 68| 43.1k| } 69| | /* T1 = X + T1 */ 70| 86.2k| if ((err = mp_add(t1, R->x, t1)) != CRYPT_OK) { goto done; } ------------------ | | 543| 86.2k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (70:8): [True: 0, False: 86.2k] ------------------ 71| 86.2k| if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 531| 86.2k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 12| 86.2k|#define LTC_MP_LT -1 ------------------ | Branch (71:8): [True: 42.7k, False: 43.4k] ------------------ 72| 42.7k| if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } ------------------ | | 545| 42.7k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (72:11): [True: 0, False: 42.7k] ------------------ 73| 42.7k| } 74| | /* T2 = T1 * T2 */ 75| 86.2k| if ((err = mp_mul(t1, t2, t2)) != CRYPT_OK) { goto done; } ------------------ | | 547| 86.2k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (75:8): [True: 0, False: 86.2k] ------------------ 76| 86.2k| if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 86.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (76:8): [True: 0, False: 86.2k] ------------------ 77| | /* T1 = 2T2 */ 78| 86.2k| if ((err = mp_add(t2, t2, t1)) != CRYPT_OK) { goto done; } ------------------ | | 543| 86.2k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (78:8): [True: 0, False: 86.2k] ------------------ 79| 86.2k| if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 531| 86.2k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 12| 86.2k|#define LTC_MP_LT -1 ------------------ | Branch (79:8): [True: 43.3k, False: 42.9k] ------------------ 80| 43.3k| if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } ------------------ | | 545| 43.3k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (80:11): [True: 0, False: 43.3k] ------------------ 81| 43.3k| } 82| | /* T1 = T1 + T2 */ 83| 86.2k| if ((err = mp_add(t1, t2, t1)) != CRYPT_OK) { goto done; } ------------------ | | 543| 86.2k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (83:8): [True: 0, False: 86.2k] ------------------ 84| 86.2k| if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 531| 86.2k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 12| 86.2k|#define LTC_MP_LT -1 ------------------ | Branch (84:8): [True: 43.1k, False: 43.0k] ------------------ 85| 43.1k| if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } ------------------ | | 545| 43.1k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (85:11): [True: 0, False: 43.1k] ------------------ 86| 43.1k| } 87| | 88| | /* Y = 2Y */ 89| 86.2k| if ((err = mp_add(R->y, R->y, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 543| 86.2k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (89:8): [True: 0, False: 86.2k] ------------------ 90| 86.2k| if (mp_cmp(R->y, modulus) != LTC_MP_LT) { ------------------ | | 531| 86.2k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(R->y, modulus) != LTC_MP_LT) { ------------------ | | 12| 86.2k|#define LTC_MP_LT -1 ------------------ | Branch (90:8): [True: 43.0k, False: 43.1k] ------------------ 91| 43.0k| if ((err = mp_sub(R->y, modulus, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 545| 43.0k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (91:11): [True: 0, False: 43.0k] ------------------ 92| 43.0k| } 93| | /* Y = Y * Y */ 94| 86.2k| if ((err = mp_sqr(R->y, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 549| 86.2k|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (94:8): [True: 0, False: 86.2k] ------------------ 95| 86.2k| if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 86.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (95:8): [True: 0, False: 86.2k] ------------------ 96| | /* T2 = Y * Y */ 97| 86.2k| if ((err = mp_sqr(R->y, t2)) != CRYPT_OK) { goto done; } ------------------ | | 549| 86.2k|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (97:8): [True: 0, False: 86.2k] ------------------ 98| 86.2k| if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 86.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (98:8): [True: 0, False: 86.2k] ------------------ 99| | /* T2 = T2/2 */ 100| 86.2k| if (mp_isodd(t2)) { ------------------ | | 572| 86.2k|#define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 530| 86.2k|#define mp_get_digit_count(a) ltc_mp.get_digit_count(a) | | ------------------ | | #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 529| 86.2k|#define mp_get_digit(a, n) ltc_mp.get_digit(a, n) | | ------------------ | | #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 17| 43.5k|#define LTC_MP_YES 1 | | ------------------ | | #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 16| 42.6k|#define LTC_MP_NO 0 | | ------------------ | | #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 16| 0|#define LTC_MP_NO 0 | | ------------------ | | | Branch (572:38): [True: 43.5k, False: 42.6k] | | | Branch (572:39): [True: 86.2k, False: 0] | | | Branch (572:68): [True: 43.5k, False: 42.6k] | | ------------------ ------------------ 101| 43.5k| if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; } ------------------ | | 543| 43.5k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (101:11): [True: 0, False: 43.5k] ------------------ 102| 43.5k| } 103| 86.2k| if ((err = mp_div_2(t2, t2)) != CRYPT_OK) { goto done; } ------------------ | | 551| 86.2k|#define mp_div_2(a, b) ltc_mp.div_2(a, b) ------------------ | Branch (103:8): [True: 0, False: 86.2k] ------------------ 104| | /* Y = Y * X */ 105| 86.2k| if ((err = mp_mul(R->y, R->x, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 547| 86.2k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (105:8): [True: 0, False: 86.2k] ------------------ 106| 86.2k| if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 86.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (106:8): [True: 0, False: 86.2k] ------------------ 107| | 108| | /* X = T1 * T1 */ 109| 86.2k| if ((err = mp_sqr(t1, R->x)) != CRYPT_OK) { goto done; } ------------------ | | 549| 86.2k|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (109:8): [True: 0, False: 86.2k] ------------------ 110| 86.2k| if ((err = mp_montgomery_reduce(R->x, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 86.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (110:8): [True: 0, False: 86.2k] ------------------ 111| | /* X = X - Y */ 112| 86.2k| if ((err = mp_sub(R->x, R->y, R->x)) != CRYPT_OK) { goto done; } ------------------ | | 545| 86.2k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (112:8): [True: 0, False: 86.2k] ------------------ 113| 86.2k| if (mp_cmp_d(R->x, 0) == LTC_MP_LT) { ------------------ | | 532| 86.2k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(R->x, 0) == LTC_MP_LT) { ------------------ | | 12| 86.2k|#define LTC_MP_LT -1 ------------------ | Branch (113:8): [True: 42.9k, False: 43.2k] ------------------ 114| 42.9k| if ((err = mp_add(R->x, modulus, R->x)) != CRYPT_OK) { goto done; } ------------------ | | 543| 42.9k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (114:11): [True: 0, False: 42.9k] ------------------ 115| 42.9k| } 116| | /* X = X - Y */ 117| 86.2k| if ((err = mp_sub(R->x, R->y, R->x)) != CRYPT_OK) { goto done; } ------------------ | | 545| 86.2k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (117:8): [True: 0, False: 86.2k] ------------------ 118| 86.2k| if (mp_cmp_d(R->x, 0) == LTC_MP_LT) { ------------------ | | 532| 86.2k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(R->x, 0) == LTC_MP_LT) { ------------------ | | 12| 86.2k|#define LTC_MP_LT -1 ------------------ | Branch (118:8): [True: 43.1k, False: 43.0k] ------------------ 119| 43.1k| if ((err = mp_add(R->x, modulus, R->x)) != CRYPT_OK) { goto done; } ------------------ | | 543| 43.1k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (119:11): [True: 0, False: 43.1k] ------------------ 120| 43.1k| } 121| | 122| | /* Y = Y - X */ 123| 86.2k| if ((err = mp_sub(R->y, R->x, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 545| 86.2k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (123:8): [True: 0, False: 86.2k] ------------------ 124| 86.2k| if (mp_cmp_d(R->y, 0) == LTC_MP_LT) { ------------------ | | 532| 86.2k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(R->y, 0) == LTC_MP_LT) { ------------------ | | 12| 86.2k|#define LTC_MP_LT -1 ------------------ | Branch (124:8): [True: 43.6k, False: 42.5k] ------------------ 125| 43.6k| if ((err = mp_add(R->y, modulus, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 543| 43.6k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (125:11): [True: 0, False: 43.6k] ------------------ 126| 43.6k| } 127| | /* Y = Y * T1 */ 128| 86.2k| if ((err = mp_mul(R->y, t1, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 547| 86.2k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (128:8): [True: 0, False: 86.2k] ------------------ 129| 86.2k| if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 86.2k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (129:8): [True: 0, False: 86.2k] ------------------ 130| | /* Y = Y - T2 */ 131| 86.2k| if ((err = mp_sub(R->y, t2, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 545| 86.2k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (131:8): [True: 0, False: 86.2k] ------------------ 132| 86.2k| if (mp_cmp_d(R->y, 0) == LTC_MP_LT) { ------------------ | | 532| 86.2k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(R->y, 0) == LTC_MP_LT) { ------------------ | | 12| 86.2k|#define LTC_MP_LT -1 ------------------ | Branch (132:8): [True: 43.5k, False: 42.6k] ------------------ 133| 43.5k| if ((err = mp_add(R->y, modulus, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 543| 43.5k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (133:11): [True: 0, False: 43.5k] ------------------ 134| 43.5k| } 135| | 136| 86.2k| err = CRYPT_OK; 137| 86.2k|done: 138| 86.2k| mp_clear_multi(t1, t2, NULL); ------------------ | | 519| 86.2k|#define mp_clear_multi ltc_deinit_multi ------------------ 139| 86.2k| return err; 140| 86.2k|} mp_2expt: 12| 3.83k|{ 13| 3.83k| mp_err err; 14| | 15| 3.83k| if (b < 0) { ------------------ | Branch (15:8): [True: 0, False: 3.83k] ------------------ 16| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 17| 0| } 18| | 19| | /* zero a as per default */ 20| 3.83k| mp_zero(a); 21| | 22| | /* grow a to accomodate the single bit */ 23| 3.83k| if ((err = mp_grow(a, (b / MP_DIGIT_BIT) + 1)) != MP_OKAY) { ------------------ | | 82| 3.83k|# define MP_DIGIT_BIT 60 ------------------ if ((err = mp_grow(a, (b / MP_DIGIT_BIT) + 1)) != MP_OKAY) { ------------------ | | 161| 3.83k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (23:8): [True: 0, False: 3.83k] ------------------ 24| 0| return err; 25| 0| } 26| | 27| | /* set the used count of where the bit will go */ 28| 3.83k| a->used = (b / MP_DIGIT_BIT) + 1; ------------------ | | 82| 3.83k|# define MP_DIGIT_BIT 60 ------------------ 29| | 30| | /* put the single bit in its place */ 31| 3.83k| a->dp[b / MP_DIGIT_BIT] = (mp_digit)1 << (mp_digit)(b % MP_DIGIT_BIT); ------------------ | | 82| 3.83k|# define MP_DIGIT_BIT 60 ------------------ a->dp[b / MP_DIGIT_BIT] = (mp_digit)1 << (mp_digit)(b % MP_DIGIT_BIT); ------------------ | | 82| 3.83k|# define MP_DIGIT_BIT 60 ------------------ 32| | 33| 3.83k| return MP_OKAY; ------------------ | | 161| 3.83k|#define MP_OKAY 0 /* no error */ ------------------ 34| 3.83k|} mp_add: 8| 1.01M|{ 9| 1.01M| mp_sign sa, sb; 10| 1.01M| mp_err err; 11| | 12| | /* get sign of both inputs */ 13| 1.01M| sa = a->sign; 14| 1.01M| sb = b->sign; 15| | 16| | /* handle two cases, not four */ 17| 1.01M| if (sa == sb) { ------------------ | Branch (17:8): [True: 666k, False: 352k] ------------------ 18| | /* both positive or both negative */ 19| | /* add their magnitudes, copy the sign */ 20| 666k| c->sign = sa; 21| 666k| err = s_mp_add(a, b, c); 22| 666k| } else { 23| | /* one positive, the other negative */ 24| | /* subtract the one with the greater magnitude from */ 25| | /* the one of the lesser magnitude. The result gets */ 26| | /* the sign of the one with the greater magnitude. */ 27| 352k| if (mp_cmp_mag(a, b) == MP_LT) { ------------------ | | 154| 352k|#define MP_LT -1 /* less than */ ------------------ | Branch (27:11): [True: 350k, False: 1.63k] ------------------ 28| 350k| c->sign = sb; 29| 350k| err = s_mp_sub(b, a, c); 30| 350k| } else { 31| 1.63k| c->sign = sa; 32| 1.63k| err = s_mp_sub(a, b, c); 33| 1.63k| } 34| 352k| } 35| 1.01M| return err; 36| 1.01M|} mp_add_d: 8| 165k|{ 9| 165k| mp_err err; 10| 165k| int ix, oldused; 11| 165k| mp_digit *tmpa, *tmpc; 12| | 13| | /* grow c as required */ 14| 165k| if (c->alloc < (a->used + 1)) { ------------------ | Branch (14:8): [True: 0, False: 165k] ------------------ 15| 0| if ((err = mp_grow(c, a->used + 1)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (15:11): [True: 0, False: 0] ------------------ 16| 0| return err; 17| 0| } 18| 0| } 19| | 20| | /* if a is negative and |a| >= b, call c = |a| - b */ 21| 165k| if ((a->sign == MP_NEG) && ((a->used > 1) || (a->dp[0] >= b))) { ------------------ | | 152| 165k|#define MP_NEG 1 /* negative */ ------------------ | Branch (21:8): [True: 0, False: 165k] | Branch (21:32): [True: 0, False: 0] | Branch (21:49): [True: 0, False: 0] ------------------ 22| 0| mp_int a_ = *a; 23| | /* temporarily fix sign of a */ 24| 0| a_.sign = MP_ZPOS; ------------------ | | 151| 0|#define MP_ZPOS 0 /* positive integer */ ------------------ 25| | 26| | /* c = |a| - b */ 27| 0| err = mp_sub_d(&a_, b, c); 28| | 29| | /* fix sign */ 30| 0| c->sign = MP_NEG; ------------------ | | 152| 0|#define MP_NEG 1 /* negative */ ------------------ 31| | 32| | /* clamp */ 33| 0| mp_clamp(c); 34| | 35| 0| return err; 36| 0| } 37| | 38| | /* old number of used digits in c */ 39| 165k| oldused = c->used; 40| | 41| | /* source alias */ 42| 165k| tmpa = a->dp; 43| | 44| | /* destination alias */ 45| 165k| tmpc = c->dp; 46| | 47| | /* if a is positive */ 48| 165k| if (a->sign == MP_ZPOS) { ------------------ | | 151| 165k|#define MP_ZPOS 0 /* positive integer */ ------------------ | Branch (48:8): [True: 165k, False: 0] ------------------ 49| | /* add digits, mu is carry */ 50| 165k| mp_digit mu = b; 51| 734k| for (ix = 0; ix < a->used; ix++) { ------------------ | Branch (51:20): [True: 568k, False: 165k] ------------------ 52| 568k| *tmpc = *tmpa++ + mu; 53| 568k| mu = *tmpc >> MP_DIGIT_BIT; ------------------ | | 82| 568k|# define MP_DIGIT_BIT 60 ------------------ 54| 568k| *tmpc++ &= MP_MASK; ------------------ | | 106| 568k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 568k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 55| 568k| } 56| | /* set final carry */ 57| 165k| ix++; 58| 165k| *tmpc++ = mu; 59| | 60| | /* setup size */ 61| 165k| c->used = a->used + 1; 62| 165k| } else { 63| | /* a was negative and |a| < b */ 64| 0| c->used = 1; 65| | 66| | /* the result is a single digit */ 67| 0| if (a->used == 1) { ------------------ | Branch (67:11): [True: 0, False: 0] ------------------ 68| 0| *tmpc++ = b - a->dp[0]; 69| 0| } else { 70| 0| *tmpc++ = b; 71| 0| } 72| | 73| | /* setup count so the clearing of oldused 74| | * can fall through correctly 75| | */ 76| 0| ix = 1; 77| 0| } 78| | 79| | /* sign always positive */ 80| 165k| c->sign = MP_ZPOS; ------------------ | | 151| 165k|#define MP_ZPOS 0 /* positive integer */ ------------------ 81| | 82| | /* now zero to oldused */ 83| 165k| MP_ZERO_DIGITS(tmpc, oldused - ix); ------------------ | | 89| 165k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 165k|do { \ | | 91| 165k| int zd_ = (digits); \ | | 92| 165k| mp_digit* zm_ = (mem); \ | | 93| 165k| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 0, False: 165k] | | ------------------ | | 94| 0| *zm_++ = 0; \ | | 95| 0| } \ | | 96| 165k|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 165k] | | ------------------ ------------------ 84| 165k| mp_clamp(c); 85| | 86| 165k| return MP_OKAY; ------------------ | | 161| 165k|#define MP_OKAY 0 /* no error */ ------------------ 87| 165k|} mp_clamp: 14| 23.5M|{ 15| | /* decrease used while the most significant digit is 16| | * zero. 17| | */ 18| 75.4M| while ((a->used > 0) && (a->dp[a->used - 1] == 0u)) { ------------------ | Branch (18:11): [True: 75.2M, False: 171k] | Branch (18:28): [True: 51.8M, False: 23.4M] ------------------ 19| 51.8M| --(a->used); 20| 51.8M| } 21| | 22| | /* reset the sign flag if used == 0 */ 23| 23.5M| if (a->used == 0) { ------------------ | Branch (23:8): [True: 171k, False: 23.4M] ------------------ 24| 171k| a->sign = MP_ZPOS; ------------------ | | 151| 171k|#define MP_ZPOS 0 /* positive integer */ ------------------ 25| 171k| } 26| 23.5M|} mp_clear: 8| 1.47M|{ 9| | /* only do anything if a hasn't been freed previously */ 10| 1.47M| if (a->dp != NULL) { ------------------ | Branch (10:8): [True: 1.47M, False: 0] ------------------ 11| | /* free ram */ 12| 1.47M| MP_FREE_DIGITS(a->dp, a->alloc); ------------------ | | 58| 1.47M|# define MP_FREE_DIGITS(mem, digits) \ | | 59| 1.47M|do { \ | | 60| 1.47M| int fd_ = (digits); \ | | 61| 1.47M| void* fm_ = (mem); \ | | 62| 1.47M| if (fm_ != NULL) { \ | | ------------------ | | | Branch (62:8): [True: 1.47M, False: 0] | | ------------------ | | 63| 1.47M| size_t fs_ = sizeof (mp_digit) * (size_t)fd_; \ | | 64| 1.47M| MP_ZERO_BUFFER(fm_, fs_); \ | | ------------------ | | | | 81| 1.47M|# define MP_ZERO_BUFFER(mem, size) \ | | | | 82| 1.47M|do { \ | | | | 83| 1.47M| size_t zs_ = (size); \ | | | | 84| 1.47M| char* zm_ = (char*)(mem); \ | | | | 85| 265M| while (zs_-- > 0u) { \ | | | | ------------------ | | | | | Branch (85:11): [True: 264M, False: 1.47M] | | | | ------------------ | | | | 86| 264M| *zm_++ = '\0'; \ | | | | 87| 264M| } \ | | | | 88| 1.47M|} while (0) | | | | ------------------ | | | | | Branch (88:10): [Folded, False: 1.47M] | | | | ------------------ | | ------------------ | | 65| 1.47M| MP_FREE(fm_, fs_); \ | | ------------------ | | | | 1324| 1.47M|#define MP_FREE m_free_ltm | | ------------------ | | 66| 1.47M| } \ | | 67| 1.47M|} while (0) | | ------------------ | | | Branch (67:10): [Folded, False: 1.47M] | | ------------------ ------------------ 13| | 14| | /* reset members to make debugging easier */ 15| 1.47M| a->dp = NULL; 16| 1.47M| a->alloc = a->used = 0; 17| 1.47M| a->sign = MP_ZPOS; ------------------ | | 151| 1.47M|#define MP_ZPOS 0 /* positive integer */ ------------------ 18| 1.47M| } 19| 1.47M|} mp_clear_multi: 9| 2.39k|{ 10| 2.39k| mp_int *next_mp = mp; 11| 2.39k| va_list args; 12| 2.39k| va_start(args, mp); 13| 12.7k| while (next_mp != NULL) { ------------------ | Branch (13:11): [True: 10.3k, False: 2.39k] ------------------ 14| 10.3k| mp_clear(next_mp); 15| 10.3k| next_mp = va_arg(args, mp_int *); 16| 10.3k| } 17| | va_end(args); 18| 2.39k|} mp_cmp: 8| 1.10M|{ 9| | /* compare based on sign */ 10| 1.10M| if (a->sign != b->sign) { ------------------ | Branch (10:8): [True: 0, False: 1.10M] ------------------ 11| 0| if (a->sign == MP_NEG) { ------------------ | | 152| 0|#define MP_NEG 1 /* negative */ ------------------ | Branch (11:11): [True: 0, False: 0] ------------------ 12| 0| return MP_LT; ------------------ | | 154| 0|#define MP_LT -1 /* less than */ ------------------ 13| 0| } else { 14| 0| return MP_GT; ------------------ | | 156| 0|#define MP_GT 1 /* greater than */ ------------------ 15| 0| } 16| 0| } 17| | 18| | /* compare digits */ 19| 1.10M| if (a->sign == MP_NEG) { ------------------ | | 152| 1.10M|#define MP_NEG 1 /* negative */ ------------------ | Branch (19:8): [True: 0, False: 1.10M] ------------------ 20| | /* if negative compare opposite direction */ 21| 0| return mp_cmp_mag(b, a); 22| 1.10M| } else { 23| 1.10M| return mp_cmp_mag(a, b); 24| 1.10M| } 25| 1.10M|} mp_cmp_d: 8| 896k|{ 9| | /* compare based on sign */ 10| 896k| if (a->sign == MP_NEG) { ------------------ | | 152| 896k|#define MP_NEG 1 /* negative */ ------------------ | Branch (10:8): [True: 347k, False: 548k] ------------------ 11| 347k| return MP_LT; ------------------ | | 154| 347k|#define MP_LT -1 /* less than */ ------------------ 12| 347k| } 13| | 14| | /* compare based on magnitude */ 15| 548k| if (a->used > 1) { ------------------ | Branch (15:8): [True: 530k, False: 18.5k] ------------------ 16| 530k| return MP_GT; ------------------ | | 156| 530k|#define MP_GT 1 /* greater than */ ------------------ 17| 530k| } 18| | 19| | /* compare the only digit of a to b */ 20| 18.5k| if (a->dp[0] > b) { ------------------ | Branch (20:8): [True: 8.19k, False: 10.3k] ------------------ 21| 8.19k| return MP_GT; ------------------ | | 156| 8.19k|#define MP_GT 1 /* greater than */ ------------------ 22| 10.3k| } else if (a->dp[0] < b) { ------------------ | Branch (22:15): [True: 1, False: 10.3k] ------------------ 23| 1| return MP_LT; ------------------ | | 154| 1|#define MP_LT -1 /* less than */ ------------------ 24| 10.3k| } else { 25| 10.3k| return MP_EQ; ------------------ | | 155| 10.3k|#define MP_EQ 0 /* equal to */ ------------------ 26| 10.3k| } 27| 18.5k|} mp_cmp_mag: 8| 8.28M|{ 9| 8.28M| int n; 10| 8.28M| const mp_digit *tmpa, *tmpb; 11| | 12| | /* compare based on # of non-zero digits */ 13| 8.28M| if (a->used > b->used) { ------------------ | Branch (13:8): [True: 2.70M, False: 5.57M] ------------------ 14| 2.70M| return MP_GT; ------------------ | | 156| 2.70M|#define MP_GT 1 /* greater than */ ------------------ 15| 2.70M| } 16| | 17| 5.57M| if (a->used < b->used) { ------------------ | Branch (17:8): [True: 114k, False: 5.46M] ------------------ 18| 114k| return MP_LT; ------------------ | | 154| 114k|#define MP_LT -1 /* less than */ ------------------ 19| 114k| } 20| | 21| | /* alias for a */ 22| 5.46M| tmpa = a->dp + (a->used - 1); 23| | 24| | /* alias for b */ 25| 5.46M| tmpb = b->dp + (a->used - 1); 26| | 27| | /* compare based on digits */ 28| 6.25M| for (n = 0; n < a->used; ++n, --tmpa, --tmpb) { ------------------ | Branch (28:16): [True: 6.24M, False: 15.6k] ------------------ 29| 6.24M| if (*tmpa > *tmpb) { ------------------ | Branch (29:11): [True: 1.96M, False: 4.27M] ------------------ 30| 1.96M| return MP_GT; ------------------ | | 156| 1.96M|#define MP_GT 1 /* greater than */ ------------------ 31| 1.96M| } 32| | 33| 4.27M| if (*tmpa < *tmpb) { ------------------ | Branch (33:11): [True: 3.47M, False: 796k] ------------------ 34| 3.47M| return MP_LT; ------------------ | | 154| 3.47M|#define MP_LT -1 /* less than */ ------------------ 35| 3.47M| } 36| 4.27M| } 37| 15.6k| return MP_EQ; ------------------ | | 155| 15.6k|#define MP_EQ 0 /* equal to */ ------------------ 38| 5.46M|} mp_cnt_lsb: 12| 2.33k|{ 13| 2.33k| int x; 14| 2.33k| mp_digit q, qq; 15| | 16| | /* easy out */ 17| 2.33k| if (MP_IS_ZERO(a)) { ------------------ | | 163| 2.33k|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 0, False: 2.33k] | | ------------------ ------------------ 18| 0| return 0; 19| 0| } 20| | 21| | /* scan lower digits until non-zero */ 22| 3.95k| for (x = 0; (x < a->used) && (a->dp[x] == 0u); x++) {} ------------------ | Branch (22:16): [True: 3.95k, False: 0] | Branch (22:33): [True: 1.62k, False: 2.33k] ------------------ 23| 2.33k| q = a->dp[x]; 24| 2.33k| x *= MP_DIGIT_BIT; ------------------ | | 82| 2.33k|# define MP_DIGIT_BIT 60 ------------------ 25| | 26| | /* now scan this digit until a 1 is found */ 27| 2.33k| if ((q & 1u) == 0u) { ------------------ | Branch (27:8): [True: 2.03k, False: 305] ------------------ 28| 8.38k| do { 29| 8.38k| qq = q & 15u; 30| 8.38k| x += lnz[qq]; 31| 8.38k| q >>= 4; 32| 8.38k| } while (qq == 0u); ------------------ | Branch (32:16): [True: 6.35k, False: 2.03k] ------------------ 33| 2.03k| } 34| 2.33k| return x; 35| 2.33k|} mp_copy: 8| 6.20M|{ 9| 6.20M| int n; 10| 6.20M| mp_digit *tmpa, *tmpb; 11| 6.20M| mp_err err; 12| | 13| | /* if dst == src do nothing */ 14| 6.20M| if (a == b) { ------------------ | Branch (14:8): [True: 2.91M, False: 3.28M] ------------------ 15| 2.91M| return MP_OKAY; ------------------ | | 161| 2.91M|#define MP_OKAY 0 /* no error */ ------------------ 16| 2.91M| } 17| | 18| | /* grow dest */ 19| 3.28M| if (b->alloc < a->used) { ------------------ | Branch (19:8): [True: 2.35k, False: 3.28M] ------------------ 20| 2.35k| if ((err = mp_grow(b, a->used)) != MP_OKAY) { ------------------ | | 161| 2.35k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (20:11): [True: 0, False: 2.35k] ------------------ 21| 0| return err; 22| 0| } 23| 2.35k| } 24| | 25| | /* zero b and copy the parameters over */ 26| | /* pointer aliases */ 27| | 28| | /* source */ 29| 3.28M| tmpa = a->dp; 30| | 31| | /* destination */ 32| 3.28M| tmpb = b->dp; 33| | 34| | /* copy all the digits */ 35| 128M| for (n = 0; n < a->used; n++) { ------------------ | Branch (35:16): [True: 124M, False: 3.28M] ------------------ 36| 124M| *tmpb++ = *tmpa++; 37| 124M| } 38| | 39| | /* clear high digits */ 40| 3.28M| MP_ZERO_DIGITS(tmpb, b->used - n); ------------------ | | 89| 3.28M|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 3.28M|do { \ | | 91| 3.28M| int zd_ = (digits); \ | | 92| 3.28M| mp_digit* zm_ = (mem); \ | | 93| 3.29M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 5.35k, False: 3.28M] | | ------------------ | | 94| 5.35k| *zm_++ = 0; \ | | 95| 5.35k| } \ | | 96| 3.28M|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 3.28M] | | ------------------ ------------------ 41| | 42| | /* copy used count and sign */ 43| 3.28M| b->used = a->used; 44| 3.28M| b->sign = a->sign; 45| 3.28M| return MP_OKAY; ------------------ | | 161| 3.28M|#define MP_OKAY 0 /* no error */ ------------------ 46| 3.28M|} mp_count_bits: 8| 192k|{ 9| 192k| int r; 10| 192k| mp_digit q; 11| | 12| | /* shortcut */ 13| 192k| if (MP_IS_ZERO(a)) { ------------------ | | 163| 192k|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 876, False: 192k] | | ------------------ ------------------ 14| 876| return 0; 15| 876| } 16| | 17| | /* get number of digits and add that */ 18| 192k| r = (a->used - 1) * MP_DIGIT_BIT; ------------------ | | 82| 192k|# define MP_DIGIT_BIT 60 ------------------ 19| | 20| | /* take the last digit and count the bits in it */ 21| 192k| q = a->dp[a->used - 1]; 22| 7.44M| while (q > 0u) { ------------------ | Branch (22:11): [True: 7.25M, False: 192k] ------------------ 23| 7.25M| ++r; 24| 7.25M| q >>= 1u; 25| 7.25M| } 26| 192k| return r; 27| 192k|} mp_div: 87| 131k|{ 88| 131k| mp_int q, x, y, t1, t2; 89| 131k| int n, t, i, norm; 90| 131k| mp_sign neg; 91| 131k| mp_err err; 92| | 93| | /* is divisor zero ? */ 94| 131k| if (MP_IS_ZERO(b)) { ------------------ | | 163| 131k|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 0, False: 131k] | | ------------------ ------------------ 95| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 96| 0| } 97| | 98| | /* if a < b then q=0, r = a */ 99| 131k| if (mp_cmp_mag(a, b) == MP_LT) { ------------------ | | 154| 131k|#define MP_LT -1 /* less than */ ------------------ | Branch (99:8): [True: 3.42k, False: 127k] ------------------ 100| 3.42k| if (d != NULL) { ------------------ | Branch (100:11): [True: 3.42k, False: 0] ------------------ 101| 3.42k| err = mp_copy(a, d); 102| 3.42k| } else { 103| 0| err = MP_OKAY; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ 104| 0| } 105| 3.42k| if (c != NULL) { ------------------ | Branch (105:11): [True: 0, False: 3.42k] ------------------ 106| 0| mp_zero(c); 107| 0| } 108| 3.42k| return err; 109| 3.42k| } 110| | 111| 127k| if ((err = mp_init_size(&q, a->used + 2)) != MP_OKAY) { ------------------ | | 161| 127k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (111:8): [True: 0, False: 127k] ------------------ 112| 0| return err; 113| 0| } 114| 127k| q.used = a->used + 2; 115| | 116| 127k| if ((err = mp_init(&t1)) != MP_OKAY) goto LBL_Q; ------------------ | | 161| 127k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (116:8): [True: 0, False: 127k] ------------------ 117| | 118| 127k| if ((err = mp_init(&t2)) != MP_OKAY) goto LBL_T1; ------------------ | | 161| 127k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (118:8): [True: 0, False: 127k] ------------------ 119| | 120| 127k| if ((err = mp_init_copy(&x, a)) != MP_OKAY) goto LBL_T2; ------------------ | | 161| 127k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (120:8): [True: 0, False: 127k] ------------------ 121| | 122| 127k| if ((err = mp_init_copy(&y, b)) != MP_OKAY) goto LBL_X; ------------------ | | 161| 127k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (122:8): [True: 0, False: 127k] ------------------ 123| | 124| | /* fix the sign */ 125| 127k| neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG; ------------------ | | 151| 127k|#define MP_ZPOS 0 /* positive integer */ ------------------ neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG; ------------------ | | 152| 127k|#define MP_NEG 1 /* negative */ ------------------ | Branch (125:10): [True: 127k, False: 278] ------------------ 126| 127k| x.sign = y.sign = MP_ZPOS; ------------------ | | 151| 127k|#define MP_ZPOS 0 /* positive integer */ ------------------ 127| | 128| | /* normalize both x and y, ensure that y >= b/2, [b == 2**MP_DIGIT_BIT] */ 129| 127k| norm = mp_count_bits(&y) % MP_DIGIT_BIT; ------------------ | | 82| 127k|# define MP_DIGIT_BIT 60 ------------------ 130| 127k| if (norm < (MP_DIGIT_BIT - 1)) { ------------------ | | 82| 127k|# define MP_DIGIT_BIT 60 ------------------ | Branch (130:8): [True: 127k, False: 17] ------------------ 131| 127k| norm = (MP_DIGIT_BIT - 1) - norm; ------------------ | | 82| 127k|# define MP_DIGIT_BIT 60 ------------------ 132| 127k| if ((err = mp_mul_2d(&x, norm, &x)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 127k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (132:11): [True: 0, False: 127k] ------------------ 133| 127k| if ((err = mp_mul_2d(&y, norm, &y)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 127k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (133:11): [True: 0, False: 127k] ------------------ 134| 127k| } else { 135| 17| norm = 0; 136| 17| } 137| | 138| | /* note hac does 0 based, so if used==5 then its 0,1,2,3,4, e.g. use 4 */ 139| 127k| n = x.used - 1; 140| 127k| t = y.used - 1; 141| | 142| | /* while (x >= y*b**n-t) do { q[n-t] += 1; x -= y*b**{n-t} } */ 143| | /* y = y*b**{n-t} */ 144| 127k| if ((err = mp_lshd(&y, n - t)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 127k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (144:8): [True: 0, False: 127k] ------------------ 145| | 146| 127k| while (mp_cmp(&x, &y) != MP_LT) { ------------------ | | 154| 127k|#define MP_LT -1 /* less than */ ------------------ | Branch (146:11): [True: 313, False: 127k] ------------------ 147| 313| ++(q.dp[n - t]); 148| 313| if ((err = mp_sub(&x, &y, &x)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 313|#define MP_OKAY 0 /* no error */ ------------------ | Branch (148:11): [True: 0, False: 313] ------------------ 149| 313| } 150| | 151| | /* reset y by shifting it back down */ 152| 127k| mp_rshd(&y, n - t); 153| | 154| | /* step 3. for i from n down to (t + 1) */ 155| 525k| for (i = n; i >= (t + 1); i--) { ------------------ | Branch (155:16): [True: 397k, False: 127k] ------------------ 156| 397k| if (i > x.used) { ------------------ | Branch (156:11): [True: 4.15k, False: 393k] ------------------ 157| 4.15k| continue; 158| 4.15k| } 159| | 160| | /* step 3.1 if xi == yt then set q{i-t-1} to b-1, 161| | * otherwise set q{i-t-1} to (xi*b + x{i-1})/yt */ 162| 393k| if (x.dp[i] == y.dp[t]) { ------------------ | Branch (162:11): [True: 371, False: 393k] ------------------ 163| 371| q.dp[(i - t) - 1] = ((mp_digit)1 << (mp_digit)MP_DIGIT_BIT) - (mp_digit)1; ------------------ | | 82| 371|# define MP_DIGIT_BIT 60 ------------------ 164| 393k| } else { 165| 393k| mp_word tmp; 166| 393k| tmp = (mp_word)x.dp[i] << (mp_word)MP_DIGIT_BIT; ------------------ | | 82| 393k|# define MP_DIGIT_BIT 60 ------------------ 167| 393k| tmp |= (mp_word)x.dp[i - 1]; 168| 393k| tmp /= (mp_word)y.dp[t]; 169| 393k| if (tmp > (mp_word)MP_MASK) { ------------------ | | 106| 393k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 393k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ | Branch (169:14): [True: 0, False: 393k] ------------------ 170| 0| tmp = MP_MASK; ------------------ | | 106| 0|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 0|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 171| 0| } 172| 393k| q.dp[(i - t) - 1] = (mp_digit)(tmp & (mp_word)MP_MASK); ------------------ | | 106| 393k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 393k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 173| 393k| } 174| | 175| | /* while (q{i-t-1} * (yt * b + y{t-1})) > 176| | xi * b**2 + xi-1 * b + xi-2 177| | 178| | do q{i-t-1} -= 1; 179| | */ 180| 393k| q.dp[(i - t) - 1] = (q.dp[(i - t) - 1] + 1uL) & (mp_digit)MP_MASK; ------------------ | | 106| 393k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 393k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 181| 522k| do { 182| 522k| q.dp[(i - t) - 1] = (q.dp[(i - t) - 1] - 1uL) & (mp_digit)MP_MASK; ------------------ | | 106| 522k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 522k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 183| | 184| | /* find left hand */ 185| 522k| mp_zero(&t1); 186| 522k| t1.dp[0] = ((t - 1) < 0) ? 0u : y.dp[t - 1]; ------------------ | Branch (186:21): [True: 277, False: 522k] ------------------ 187| 522k| t1.dp[1] = y.dp[t]; 188| 522k| t1.used = 2; 189| 522k| if ((err = mp_mul_d(&t1, q.dp[(i - t) - 1], &t1)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 522k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (189:14): [True: 0, False: 522k] ------------------ 190| | 191| | /* find right hand */ 192| 522k| t2.dp[0] = ((i - 2) < 0) ? 0u : x.dp[i - 2]; ------------------ | Branch (192:21): [True: 41, False: 522k] ------------------ 193| 522k| t2.dp[1] = x.dp[i - 1]; /* i >= 1 always holds */ 194| 522k| t2.dp[2] = x.dp[i]; 195| 522k| t2.used = 3; 196| 522k| } while (mp_cmp_mag(&t1, &t2) == MP_GT); ------------------ | | 156| 522k|#define MP_GT 1 /* greater than */ ------------------ | Branch (196:16): [True: 128k, False: 393k] ------------------ 197| | 198| | /* step 3.3 x = x - q{i-t-1} * y * b**{i-t-1} */ 199| 393k| if ((err = mp_mul_d(&y, q.dp[(i - t) - 1], &t1)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 393k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (199:11): [True: 0, False: 393k] ------------------ 200| | 201| 393k| if ((err = mp_lshd(&t1, (i - t) - 1)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 393k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (201:11): [True: 0, False: 393k] ------------------ 202| | 203| 393k| if ((err = mp_sub(&x, &t1, &x)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 393k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (203:11): [True: 0, False: 393k] ------------------ 204| | 205| | /* if x < 0 then { x = x + y*b**{i-t-1}; q{i-t-1} -= 1; } */ 206| 393k| if (x.sign == MP_NEG) { ------------------ | | 152| 393k|#define MP_NEG 1 /* negative */ ------------------ | Branch (206:11): [True: 2.16k, False: 391k] ------------------ 207| 2.16k| if ((err = mp_copy(&y, &t1)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 2.16k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (207:14): [True: 0, False: 2.16k] ------------------ 208| 2.16k| if ((err = mp_lshd(&t1, (i - t) - 1)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 2.16k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (208:14): [True: 0, False: 2.16k] ------------------ 209| 2.16k| if ((err = mp_add(&x, &t1, &x)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 2.16k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (209:14): [True: 0, False: 2.16k] ------------------ 210| | 211| 2.16k| q.dp[(i - t) - 1] = (q.dp[(i - t) - 1] - 1uL) & MP_MASK; ------------------ | | 106| 2.16k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 2.16k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 212| 2.16k| } 213| 393k| } 214| | 215| | /* now q is the quotient and x is the remainder 216| | * [which we have to normalize] 217| | */ 218| | 219| | /* get sign before writing to c */ 220| 127k| x.sign = (x.used == 0) ? MP_ZPOS : a->sign; ------------------ | | 151| 21|#define MP_ZPOS 0 /* positive integer */ ------------------ | Branch (220:13): [True: 21, False: 127k] ------------------ 221| | 222| 127k| if (c != NULL) { ------------------ | Branch (222:8): [True: 721, False: 126k] ------------------ 223| 721| mp_clamp(&q); 224| 721| mp_exch(&q, c); 225| 721| c->sign = neg; 226| 721| } 227| | 228| 127k| if (d != NULL) { ------------------ | Branch (228:8): [True: 126k, False: 721] ------------------ 229| 126k| if ((err = mp_div_2d(&x, norm, &x, NULL)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 126k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (229:11): [True: 0, False: 126k] ------------------ 230| 126k| mp_exch(&x, d); 231| 126k| } 232| | 233| 127k| err = MP_OKAY; ------------------ | | 161| 127k|#define MP_OKAY 0 /* no error */ ------------------ 234| | 235| 127k|LBL_Y: 236| 127k| mp_clear(&y); 237| 127k|LBL_X: 238| 127k| mp_clear(&x); 239| 127k|LBL_T2: 240| 127k| mp_clear(&t2); 241| 127k|LBL_T1: 242| 127k| mp_clear(&t1); 243| 127k|LBL_Q: 244| 127k| mp_clear(&q); 245| 127k| return err; 246| 127k|} mp_div_2: 8| 661k|{ 9| 661k| int x, oldused; 10| 661k| mp_digit r, rr, *tmpa, *tmpb; 11| 661k| mp_err err; 12| | 13| | /* copy */ 14| 661k| if (b->alloc < a->used) { ------------------ | Branch (14:8): [True: 0, False: 661k] ------------------ 15| 0| if ((err = mp_grow(b, a->used)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (15:11): [True: 0, False: 0] ------------------ 16| 0| return err; 17| 0| } 18| 0| } 19| | 20| 661k| oldused = b->used; 21| 661k| b->used = a->used; 22| | 23| | /* source alias */ 24| 661k| tmpa = a->dp + b->used - 1; 25| | 26| | /* dest alias */ 27| 661k| tmpb = b->dp + b->used - 1; 28| | 29| | /* carry */ 30| 661k| r = 0; 31| 3.90M| for (x = b->used - 1; x >= 0; x--) { ------------------ | Branch (31:26): [True: 3.24M, False: 661k] ------------------ 32| | /* get the carry for the next iteration */ 33| 3.24M| rr = *tmpa & 1u; 34| | 35| | /* shift the current digit, add in carry and store */ 36| 3.24M| *tmpb-- = (*tmpa-- >> 1) | (r << (MP_DIGIT_BIT - 1)); ------------------ | | 82| 3.24M|# define MP_DIGIT_BIT 60 ------------------ 37| | 38| | /* forward carry to next iteration */ 39| 3.24M| r = rr; 40| 3.24M| } 41| | 42| | /* zero excess digits */ 43| 661k| MP_ZERO_DIGITS(b->dp + b->used, oldused - b->used); ------------------ | | 89| 661k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 661k|do { \ | | 91| 661k| int zd_ = (digits); \ | | 92| 661k| mp_digit* zm_ = (mem); \ | | 93| 661k| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 0, False: 661k] | | ------------------ | | 94| 0| *zm_++ = 0; \ | | 95| 0| } \ | | 96| 661k|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 661k] | | ------------------ ------------------ 44| | 45| 661k| b->sign = a->sign; 46| 661k| mp_clamp(b); 47| 661k| return MP_OKAY; ------------------ | | 161| 661k|#define MP_OKAY 0 /* no error */ ------------------ 48| 661k|} mp_div_2d: 8| 2.86M|{ 9| 2.86M| mp_digit D, r, rr; 10| 2.86M| int x; 11| 2.86M| mp_err err; 12| | 13| | /* if the shift count is <= 0 then we do no work */ 14| 2.86M| if (b <= 0) { ------------------ | Branch (14:8): [True: 1, False: 2.86M] ------------------ 15| 1| err = mp_copy(a, c); 16| 1| if (d != NULL) { ------------------ | Branch (16:11): [True: 0, False: 1] ------------------ 17| 0| mp_zero(d); 18| 0| } 19| 1| return err; 20| 1| } 21| | 22| | /* copy */ 23| 2.86M| if ((err = mp_copy(a, c)) != MP_OKAY) { ------------------ | | 161| 2.86M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (23:8): [True: 0, False: 2.86M] ------------------ 24| 0| return err; 25| 0| } 26| | /* 'a' should not be used after here - it might be the same as d */ 27| | 28| | /* get the remainder */ 29| 2.86M| if (d != NULL) { ------------------ | Branch (29:8): [True: 2.72M, False: 149k] ------------------ 30| 2.72M| if ((err = mp_mod_2d(a, b, d)) != MP_OKAY) { ------------------ | | 161| 2.72M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (30:11): [True: 0, False: 2.72M] ------------------ 31| 0| return err; 32| 0| } 33| 2.72M| } 34| | 35| | /* shift by as many digits in the bit count */ 36| 2.86M| if (b >= MP_DIGIT_BIT) { ------------------ | | 82| 2.86M|# define MP_DIGIT_BIT 60 ------------------ | Branch (36:8): [True: 2.72M, False: 147k] ------------------ 37| 2.72M| mp_rshd(c, b / MP_DIGIT_BIT); ------------------ | | 82| 2.72M|# define MP_DIGIT_BIT 60 ------------------ 38| 2.72M| } 39| | 40| | /* shift any bit count < MP_DIGIT_BIT */ 41| 2.86M| D = (mp_digit)(b % MP_DIGIT_BIT); ------------------ | | 82| 2.86M|# define MP_DIGIT_BIT 60 ------------------ 42| 2.86M| if (D != 0u) { ------------------ | Branch (42:8): [True: 2.78M, False: 80.9k] ------------------ 43| 2.78M| mp_digit *tmpc, mask, shift; 44| | 45| | /* mask */ 46| 2.78M| mask = ((mp_digit)1 << D) - 1uL; 47| | 48| | /* shift for lsb */ 49| 2.78M| shift = (mp_digit)MP_DIGIT_BIT - D; ------------------ | | 82| 2.78M|# define MP_DIGIT_BIT 60 ------------------ 50| | 51| | /* alias */ 52| 2.78M| tmpc = c->dp + (c->used - 1); 53| | 54| | /* carry */ 55| 2.78M| r = 0; 56| 43.8M| for (x = c->used - 1; x >= 0; x--) { ------------------ | Branch (56:29): [True: 41.0M, False: 2.78M] ------------------ 57| | /* get the lower bits of this word in a temp */ 58| 41.0M| rr = *tmpc & mask; 59| | 60| | /* shift the current word and mix in the carry bits from the previous word */ 61| 41.0M| *tmpc = (*tmpc >> D) | (r << shift); 62| 41.0M| --tmpc; 63| | 64| | /* set the carry to the carry bits of the current word found above */ 65| 41.0M| r = rr; 66| 41.0M| } 67| 2.78M| } 68| 2.86M| mp_clamp(c); 69| 2.86M| return MP_OKAY; ------------------ | | 161| 2.86M|#define MP_OKAY 0 /* no error */ ------------------ 70| 2.86M|} mp_div_3: 8| 157|{ 9| 157| mp_int q; 10| 157| mp_word w, t; 11| 157| mp_digit b; 12| 157| mp_err err; 13| 157| int ix; 14| | 15| | /* b = 2**MP_DIGIT_BIT / 3 */ 16| 157| b = ((mp_word)1 << (mp_word)MP_DIGIT_BIT) / (mp_word)3; ------------------ | | 82| 157|# define MP_DIGIT_BIT 60 ------------------ 17| | 18| 157| if ((err = mp_init_size(&q, a->used)) != MP_OKAY) { ------------------ | | 161| 157|#define MP_OKAY 0 /* no error */ ------------------ | Branch (18:8): [True: 0, False: 157] ------------------ 19| 0| return err; 20| 0| } 21| | 22| 157| q.used = a->used; 23| 157| q.sign = a->sign; 24| 157| w = 0; 25| 1.09k| for (ix = a->used - 1; ix >= 0; ix--) { ------------------ | Branch (25:27): [True: 936, False: 157] ------------------ 26| 936| w = (w << (mp_word)MP_DIGIT_BIT) | (mp_word)a->dp[ix]; ------------------ | | 82| 936|# define MP_DIGIT_BIT 60 ------------------ 27| | 28| 936| if (w >= 3u) { ------------------ | Branch (28:11): [True: 824, False: 112] ------------------ 29| | /* multiply w by [1/3] */ 30| 824| t = (w * (mp_word)b) >> (mp_word)MP_DIGIT_BIT; ------------------ | | 82| 824|# define MP_DIGIT_BIT 60 ------------------ 31| | 32| | /* now subtract 3 * [w/3] from w, to get the remainder */ 33| 824| w -= t+t+t; 34| | 35| | /* fixup the remainder as required since 36| | * the optimization is not exact. 37| | */ 38| 1.31k| while (w >= 3u) { ------------------ | Branch (38:17): [True: 491, False: 824] ------------------ 39| 491| t += 1u; 40| 491| w -= 3u; 41| 491| } 42| 824| } else { 43| 112| t = 0; 44| 112| } 45| 936| q.dp[ix] = (mp_digit)t; 46| 936| } 47| | 48| | /* [optional] store the remainder */ 49| 157| if (d != NULL) { ------------------ | Branch (49:8): [True: 157, False: 0] ------------------ 50| 157| *d = (mp_digit)w; 51| 157| } 52| | 53| | /* [optional] store the quotient */ 54| 157| if (c != NULL) { ------------------ | Branch (54:8): [True: 0, False: 157] ------------------ 55| 0| mp_clamp(&q); 56| 0| mp_exch(&q, c); 57| 0| } 58| 157| mp_clear(&q); 59| | 60| 157| return err; 61| 157|} mp_div_d: 8| 27.8k|{ 9| 27.8k| mp_int q; 10| 27.8k| mp_word w; 11| 27.8k| mp_digit t; 12| 27.8k| mp_err err; 13| 27.8k| int ix; 14| | 15| | /* cannot divide by zero */ 16| 27.8k| if (b == 0u) { ------------------ | Branch (16:8): [True: 0, False: 27.8k] ------------------ 17| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 18| 0| } 19| | 20| | /* quick outs */ 21| 27.8k| if ((b == 1u) || MP_IS_ZERO(a)) { ------------------ | | 163| 27.8k|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 0, False: 27.8k] | | ------------------ ------------------ | Branch (21:8): [True: 0, False: 27.8k] ------------------ 22| 0| if (d != NULL) { ------------------ | Branch (22:11): [True: 0, False: 0] ------------------ 23| 0| *d = 0; 24| 0| } 25| 0| if (c != NULL) { ------------------ | Branch (25:11): [True: 0, False: 0] ------------------ 26| 0| return mp_copy(a, c); 27| 0| } 28| 0| return MP_OKAY; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ 29| 0| } 30| | 31| | /* power of two ? */ 32| 27.8k| if ((b & (b - 1u)) == 0u) { ------------------ | Branch (32:8): [True: 157, False: 27.7k] ------------------ 33| 157| ix = 1; 34| 157| while ((ix < MP_DIGIT_BIT) && (b != (((mp_digit)1)<dp[0] & (((mp_digit)1<<(mp_digit)ix) - 1uL); 39| 157| } 40| 157| if (c != NULL) { ------------------ | Branch (40:11): [True: 0, False: 157] ------------------ 41| 0| return mp_div_2d(a, ix, c, NULL); 42| 0| } 43| 157| return MP_OKAY; ------------------ | | 161| 157|#define MP_OKAY 0 /* no error */ ------------------ 44| 157| } 45| | 46| | /* three? */ 47| 27.7k| if (MP_HAS(MP_DIV_3) && (b == 3u)) { ------------------ | | 150| 55.4k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 27.7k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 27.7k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 27.7k, Folded] | | ------------------ ------------------ | Branch (47:28): [True: 157, False: 27.5k] ------------------ 48| 157| return mp_div_3(a, c, d); 49| 157| } 50| | 51| | /* no easy answer [c'est la vie]. Just division */ 52| 27.5k| if ((err = mp_init_size(&q, a->used)) != MP_OKAY) { ------------------ | | 161| 27.5k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (52:8): [True: 0, False: 27.5k] ------------------ 53| 0| return err; 54| 0| } 55| | 56| 27.5k| q.used = a->used; 57| 27.5k| q.sign = a->sign; 58| 27.5k| w = 0; 59| 120k| for (ix = a->used - 1; ix >= 0; ix--) { ------------------ | Branch (59:27): [True: 92.5k, False: 27.5k] ------------------ 60| 92.5k| w = (w << (mp_word)MP_DIGIT_BIT) | (mp_word)a->dp[ix]; ------------------ | | 82| 92.5k|# define MP_DIGIT_BIT 60 ------------------ 61| | 62| 92.5k| if (w >= b) { ------------------ | Branch (62:11): [True: 91.8k, False: 793] ------------------ 63| 91.8k| t = (mp_digit)(w / b); 64| 91.8k| w -= (mp_word)t * (mp_word)b; 65| 91.8k| } else { 66| 793| t = 0; 67| 793| } 68| 92.5k| q.dp[ix] = t; 69| 92.5k| } 70| | 71| 27.5k| if (d != NULL) { ------------------ | Branch (71:8): [True: 27.5k, False: 0] ------------------ 72| 27.5k| *d = (mp_digit)w; 73| 27.5k| } 74| | 75| 27.5k| if (c != NULL) { ------------------ | Branch (75:8): [True: 0, False: 27.5k] ------------------ 76| 0| mp_clamp(&q); 77| 0| mp_exch(&q, c); 78| 0| } 79| 27.5k| mp_clear(&q); 80| | 81| 27.5k| return err; 82| 27.5k|} mp_dr_is_modulus: 8| 3.17k|{ 9| 3.17k| int ix; 10| | 11| | /* must be at least two digits */ 12| 3.17k| if (a->used < 2) { ------------------ | Branch (12:8): [True: 0, False: 3.17k] ------------------ 13| 0| return MP_NO; ------------------ | | 159| 0|#define MP_NO 0 ------------------ 14| 0| } 15| | 16| | /* must be of the form b**k - a [a <= b] so all 17| | * but the first digit must be equal to -1 (mod b). 18| | */ 19| 3.44k| for (ix = 1; ix < a->used; ix++) { ------------------ | Branch (19:17): [True: 3.44k, False: 0] ------------------ 20| 3.44k| if (a->dp[ix] != MP_MASK) { ------------------ | | 106| 3.44k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 3.44k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ | Branch (20:11): [True: 3.17k, False: 265] ------------------ 21| 3.17k| return MP_NO; ------------------ | | 159| 3.17k|#define MP_NO 0 ------------------ 22| 3.17k| } 23| 3.44k| } 24| 0| return MP_YES; ------------------ | | 158| 0|#define MP_YES 1 ------------------ 25| 3.17k|} mp_exch: 10| 261k|{ 11| 261k| mp_int t; 12| | 13| 261k| t = *a; 14| 261k| *a = *b; 15| 261k| *b = t; 16| 261k|} mp_exptmod: 12| 3.57k|{ 13| 3.57k| int dr; 14| | 15| | /* modulus P must be positive */ 16| 3.57k| if (P->sign == MP_NEG) { ------------------ | | 152| 3.57k|#define MP_NEG 1 /* negative */ ------------------ | Branch (16:8): [True: 0, False: 3.57k] ------------------ 17| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 18| 0| } 19| | 20| | /* if exponent X is negative we have to recurse */ 21| 3.57k| if (X->sign == MP_NEG) { ------------------ | | 152| 3.57k|#define MP_NEG 1 /* negative */ ------------------ | Branch (21:8): [True: 0, False: 3.57k] ------------------ 22| 0| mp_int tmpG, tmpX; 23| 0| mp_err err; 24| | 25| 0| if (!MP_HAS(MP_INVMOD)) { ------------------ | | 150| 0|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ ------------------ | Branch (25:11): [Folded, False: 0] ------------------ 26| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 27| 0| } 28| | 29| 0| if ((err = mp_init_multi(&tmpG, &tmpX, NULL)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (29:11): [True: 0, False: 0] ------------------ 30| 0| return err; 31| 0| } 32| | 33| | /* first compute 1/G mod P */ 34| 0| if ((err = mp_invmod(G, P, &tmpG)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (34:11): [True: 0, False: 0] ------------------ 35| 0| goto LBL_ERR; 36| 0| } 37| | 38| | /* now get |X| */ 39| 0| if ((err = mp_abs(X, &tmpX)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (39:11): [True: 0, False: 0] ------------------ 40| 0| goto LBL_ERR; 41| 0| } 42| | 43| | /* and now compute (1/G)**|X| instead of G**X [X < 0] */ 44| 0| err = mp_exptmod(&tmpG, &tmpX, P, Y); 45| 0|LBL_ERR: 46| 0| mp_clear_multi(&tmpG, &tmpX, NULL); 47| 0| return err; 48| 0| } 49| | 50| | /* modified diminished radix reduction */ 51| 3.57k| if (MP_HAS(MP_REDUCE_IS_2K_L) && MP_HAS(MP_REDUCE_2K_L) && MP_HAS(S_MP_EXPTMOD) && ------------------ | | 150| 7.14k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 3.57k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 3.57k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 0, Folded] | | ------------------ ------------------ if (MP_HAS(MP_REDUCE_IS_2K_L) && MP_HAS(MP_REDUCE_2K_L) && MP_HAS(S_MP_EXPTMOD) && ------------------ | | 150| 3.57k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 0, Folded] | | ------------------ ------------------ if (MP_HAS(MP_REDUCE_IS_2K_L) && MP_HAS(MP_REDUCE_2K_L) && MP_HAS(S_MP_EXPTMOD) && ------------------ | | 150| 3.57k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 0, Folded] | | ------------------ ------------------ 52| 3.57k| (mp_reduce_is_2k_l(P) == MP_YES)) { ------------------ | | 158| 3.57k|#define MP_YES 1 ------------------ | Branch (52:8): [True: 396, False: 3.17k] ------------------ 53| 396| return s_mp_exptmod(G, X, P, Y, 1); 54| 396| } 55| | 56| | /* is it a DR modulus? default to no */ 57| 3.17k| dr = (MP_HAS(MP_DR_IS_MODULUS) && (mp_dr_is_modulus(P) == MP_YES)) ? 1 : 0; ------------------ | | 150| 6.35k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 3.17k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 3.17k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 3.17k, Folded] | | ------------------ ------------------ dr = (MP_HAS(MP_DR_IS_MODULUS) && (mp_dr_is_modulus(P) == MP_YES)) ? 1 : 0; ------------------ | | 158| 3.17k|#define MP_YES 1 ------------------ | Branch (57:38): [True: 0, False: 3.17k] ------------------ 58| | 59| | /* if not, is it a unrestricted DR modulus? */ 60| 3.17k| if (MP_HAS(MP_REDUCE_IS_2K) && (dr == 0)) { ------------------ | | 150| 6.35k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 3.17k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 3.17k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 3.17k, Folded] | | ------------------ ------------------ | Branch (60:35): [True: 3.17k, False: 0] ------------------ 61| 3.17k| dr = (mp_reduce_is_2k(P) == MP_YES) ? 2 : 0; ------------------ | | 158| 3.17k|#define MP_YES 1 ------------------ | Branch (61:12): [True: 0, False: 3.17k] ------------------ 62| 3.17k| } 63| | 64| | /* if the modulus is odd or dr != 0 use the montgomery method */ 65| 3.17k| if (MP_HAS(S_MP_EXPTMOD_FAST) && (MP_IS_ODD(P) || (dr != 0))) { ------------------ | | 150| 6.35k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 3.17k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 3.17k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 3.17k, Folded] | | ------------------ ------------------ if (MP_HAS(S_MP_EXPTMOD_FAST) && (MP_IS_ODD(P) || (dr != 0))) { ------------------ | | 165| 6.35k|#define MP_IS_ODD(a) (((a)->used > 0) && (((a)->dp[0] & 1u) == 1u)) | | ------------------ | | | Branch (165:24): [True: 3.17k, False: 0] | | | Branch (165:43): [True: 2.60k, False: 569] | | ------------------ ------------------ | Branch (65:54): [True: 0, False: 569] ------------------ 66| 2.60k| return s_mp_exptmod_fast(G, X, P, Y, dr); 67| 2.60k| } else if (MP_HAS(S_MP_EXPTMOD)) { ------------------ | | 150| 569|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 569|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 569|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 569, Folded] | | ------------------ ------------------ 68| | /* otherwise use the generic Barrett reduction technique */ 69| 569| return s_mp_exptmod(G, X, P, Y, 0); 70| 569| } else { 71| | /* no exptmod for evens */ 72| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 73| 0| } 74| 3.17k|} mp_from_ubin: 8| 6.72k|{ 9| 6.72k| mp_err err; 10| | 11| | /* make sure there are at least two digits */ 12| 6.72k| if (a->alloc < 2) { ------------------ | Branch (12:8): [True: 0, False: 6.72k] ------------------ 13| 0| if ((err = mp_grow(a, 2)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (13:11): [True: 0, False: 0] ------------------ 14| 0| return err; 15| 0| } 16| 0| } 17| | 18| | /* zero the int */ 19| 6.72k| mp_zero(a); 20| | 21| | /* read the bytes in */ 22| 1.13M| while (size-- > 0u) { ------------------ | Branch (22:11): [True: 1.12M, False: 6.72k] ------------------ 23| 1.12M| if ((err = mp_mul_2d(a, 8, a)) != MP_OKAY) { ------------------ | | 161| 1.12M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (23:11): [True: 0, False: 1.12M] ------------------ 24| 0| return err; 25| 0| } 26| | 27| 1.12M|#ifndef MP_8BIT 28| 1.12M| a->dp[0] |= *buf++; 29| 1.12M| a->used += 1; 30| |#else 31| | a->dp[0] = (*buf & MP_MASK); 32| | a->dp[1] |= ((*buf++ >> 7) & 1u); 33| | a->used += 2; 34| |#endif 35| 1.12M| } 36| 6.72k| mp_clamp(a); 37| 6.72k| return MP_OKAY; ------------------ | | 161| 6.72k|#define MP_OKAY 0 /* no error */ ------------------ 38| 6.72k|} mp_grow: 8| 546k|{ 9| 546k| int i; 10| 546k| mp_digit *tmp; 11| | 12| 546k| if (size < 0) { ------------------ | Branch (12:8): [True: 0, False: 546k] ------------------ 13| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 14| 0| } 15| | 16| | /* if the alloc size is smaller alloc more ram */ 17| 546k| if (a->alloc < size) { ------------------ | Branch (17:8): [True: 539k, False: 7.56k] ------------------ 18| | /* reallocate the array a->dp 19| | * 20| | * We store the return in a temporary variable 21| | * in case the operation failed we don't want 22| | * to overwrite the dp member of a. 23| | */ 24| 539k| tmp = (mp_digit *) MP_REALLOC(a->dp, ------------------ | | 1325| 539k|#define MP_REALLOC m_realloc_ltm ------------------ 25| 539k| (size_t)a->alloc * sizeof(mp_digit), 26| 539k| (size_t)size * sizeof(mp_digit)); 27| 539k| if (tmp == NULL) { ------------------ | Branch (27:11): [True: 0, False: 539k] ------------------ 28| | /* reallocation failed but "a" is still valid [can be freed] */ 29| 0| return MP_MEM; ------------------ | | 163| 0|#define MP_MEM -2 /* out of mem */ ------------------ 30| 0| } 31| | 32| | /* reallocation succeeded so set a->dp */ 33| 539k| a->dp = tmp; 34| | 35| | /* zero excess digits */ 36| 539k| i = a->alloc; 37| 539k| a->alloc = size; 38| 539k| MP_ZERO_DIGITS(a->dp + i, a->alloc - i); ------------------ | | 89| 539k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 539k|do { \ | | 91| 539k| int zd_ = (digits); \ | | 92| 539k| mp_digit* zm_ = (mem); \ | | 93| 1.78M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 1.24M, False: 539k] | | ------------------ | | 94| 1.24M| *zm_++ = 0; \ | | 95| 1.24M| } \ | | 96| 539k|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 539k] | | ------------------ ------------------ 39| 539k| } 40| 546k| return MP_OKAY; ------------------ | | 161| 546k|#define MP_OKAY 0 /* no error */ ------------------ 41| 546k|} mp_init: 8| 850k|{ 9| | /* allocate memory required and clear it */ 10| 850k| a->dp = (mp_digit *) MP_CALLOC((size_t)MP_PREC, sizeof(mp_digit)); ------------------ | | 1326| 850k|#define MP_CALLOC m_calloc ------------------ a->dp = (mp_digit *) MP_CALLOC((size_t)MP_PREC, sizeof(mp_digit)); ------------------ | | 177| 850k|# define MP_PREC PRIVATE_MP_PREC | | ------------------ | | | | 193| 850k|# define PRIVATE_MP_PREC 32 /* default digits of precision */ | | ------------------ ------------------ 11| 850k| if (a->dp == NULL) { ------------------ | Branch (11:8): [True: 0, False: 850k] ------------------ 12| 0| return MP_MEM; ------------------ | | 163| 0|#define MP_MEM -2 /* out of mem */ ------------------ 13| 0| } 14| | 15| | /* set the used to zero, allocated digits to the default precision 16| | * and sign to positive */ 17| 850k| a->used = 0; 18| 850k| a->alloc = MP_PREC; ------------------ | | 177| 850k|# define MP_PREC PRIVATE_MP_PREC | | ------------------ | | | | 193| 850k|# define PRIVATE_MP_PREC 32 /* default digits of precision */ | | ------------------ ------------------ 19| 850k| a->sign = MP_ZPOS; ------------------ | | 151| 850k|#define MP_ZPOS 0 /* positive integer */ ------------------ 20| | 21| 850k| return MP_OKAY; ------------------ | | 161| 850k|#define MP_OKAY 0 /* no error */ ------------------ 22| 850k|} mp_init_copy: 8| 305k|{ 9| 305k| mp_err err; 10| | 11| 305k| if ((err = mp_init_size(a, b->used)) != MP_OKAY) { ------------------ | | 161| 305k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (11:8): [True: 0, False: 305k] ------------------ 12| 0| return err; 13| 0| } 14| | 15| 305k| if ((err = mp_copy(b, a)) != MP_OKAY) { ------------------ | | 161| 305k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (15:8): [True: 0, False: 305k] ------------------ 16| 0| mp_clear(a); 17| 0| } 18| | 19| 305k| return err; 20| 305k|} mp_init_multi: 9| 751|{ 10| 751| mp_err err = MP_OKAY; /* Assume ok until proven otherwise */ ------------------ | | 161| 751|#define MP_OKAY 0 /* no error */ ------------------ 11| 751| int n = 0; /* Number of ok inits */ 12| 751| mp_int *cur_arg = mp; 13| 751| va_list args; 14| | 15| 751| va_start(args, mp); /* init args to next argument from caller */ 16| 5.41k| while (cur_arg != NULL) { ------------------ | Branch (16:11): [True: 4.66k, False: 751] ------------------ 17| 4.66k| if (mp_init(cur_arg) != MP_OKAY) { ------------------ | | 161| 4.66k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (17:11): [True: 0, False: 4.66k] ------------------ 18| | /* Oops - error! Back-track and mp_clear what we already 19| | succeeded in init-ing, then return error. 20| | */ 21| 0| va_list clean_args; 22| | 23| | /* now start cleaning up */ 24| 0| cur_arg = mp; 25| 0| va_start(clean_args, mp); 26| 0| while (n-- != 0) { ------------------ | Branch (26:17): [True: 0, False: 0] ------------------ 27| 0| mp_clear(cur_arg); 28| 0| cur_arg = va_arg(clean_args, mp_int *); 29| 0| } 30| 0| va_end(clean_args); 31| 0| err = MP_MEM; ------------------ | | 163| 0|#define MP_MEM -2 /* out of mem */ ------------------ 32| 0| break; 33| 0| } 34| 4.66k| n++; 35| 4.66k| cur_arg = va_arg(args, mp_int *); 36| 4.66k| } 37| | va_end(args); 38| 751| return err; /* Assumed ok, if error flagged above. */ 39| 751|} mp_init_set: 8| 103|{ 9| 103| mp_err err; 10| 103| if ((err = mp_init(a)) != MP_OKAY) { ------------------ | | 161| 103|#define MP_OKAY 0 /* no error */ ------------------ | Branch (10:8): [True: 0, False: 103] ------------------ 11| 0| return err; 12| 0| } 13| 103| mp_set(a, b); 14| 103| return err; 15| 103|} mp_init_size: 8| 624k|{ 9| | 10| 624k| if (size < 0) { ------------------ | Branch (10:8): [True: 0, False: 624k] ------------------ 11| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 12| 0| } 13| | 14| 624k| size = MP_MAX(MP_MIN_PREC, size); ------------------ | | 157| 624k|#define MP_MAX(x, y) (((x) > (y)) ? (x) : (y)) | | ------------------ | | | Branch (157:23): [True: 13.8k, False: 610k] | | ------------------ ------------------ 15| | 16| | /* alloc mem */ 17| 624k| a->dp = (mp_digit *) MP_CALLOC((size_t)size, sizeof(mp_digit)); ------------------ | | 1326| 624k|#define MP_CALLOC m_calloc ------------------ 18| 624k| if (a->dp == NULL) { ------------------ | Branch (18:8): [True: 0, False: 624k] ------------------ 19| 0| return MP_MEM; ------------------ | | 163| 0|#define MP_MEM -2 /* out of mem */ ------------------ 20| 0| } 21| | 22| | /* set the members */ 23| 624k| a->used = 0; 24| 624k| a->alloc = size; 25| 624k| a->sign = MP_ZPOS; ------------------ | | 151| 624k|#define MP_ZPOS 0 /* positive integer */ ------------------ 26| | 27| 624k| return MP_OKAY; ------------------ | | 161| 624k|#define MP_OKAY 0 /* no error */ ------------------ 28| 624k|} mp_invmod: 8| 751|{ 9| | /* b cannot be negative and has to be >1 */ 10| 751| if ((b->sign == MP_NEG) || (mp_cmp_d(b, 1uL) != MP_GT)) { ------------------ | | 152| 751|#define MP_NEG 1 /* negative */ ------------------ if ((b->sign == MP_NEG) || (mp_cmp_d(b, 1uL) != MP_GT)) { ------------------ | | 156| 751|#define MP_GT 1 /* greater than */ ------------------ | Branch (10:8): [True: 0, False: 751] | Branch (10:31): [True: 0, False: 751] ------------------ 11| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 12| 0| } 13| | 14| | /* if the modulus is odd we can use a faster routine instead */ 15| 751| if (MP_HAS(S_MP_INVMOD_FAST) && MP_IS_ODD(b)) { ------------------ | | 150| 1.50k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 751|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 751|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 751, Folded] | | ------------------ ------------------ if (MP_HAS(S_MP_INVMOD_FAST) && MP_IS_ODD(b)) { ------------------ | | 165| 751|#define MP_IS_ODD(a) (((a)->used > 0) && (((a)->dp[0] & 1u) == 1u)) | | ------------------ | | | Branch (165:24): [True: 751, False: 0] | | | Branch (165:43): [True: 674, False: 77] | | ------------------ ------------------ 16| 674| return s_mp_invmod_fast(a, b, c); 17| 674| } 18| | 19| 77| return MP_HAS(S_MP_INVMOD_SLOW) ------------------ | | 150| 77|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 77|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 77|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 77, Folded] | | ------------------ ------------------ 20| 77| ? s_mp_invmod_slow(a, b, c) 21| 77| : MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 22| 751|} mp_is_square: 30| 158|{ 31| 158| mp_err err; 32| 158| mp_digit c; 33| 158| mp_int t; 34| 158| unsigned long r; 35| | 36| | /* Default to Non-square :) */ 37| 158| *ret = MP_NO; ------------------ | | 159| 158|#define MP_NO 0 ------------------ 38| | 39| 158| if (arg->sign == MP_NEG) { ------------------ | | 152| 158|#define MP_NEG 1 /* negative */ ------------------ | Branch (39:8): [True: 0, False: 158] ------------------ 40| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 41| 0| } 42| | 43| 158| if (MP_IS_ZERO(arg)) { ------------------ | | 163| 158|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 0, False: 158] | | ------------------ ------------------ 44| 0| return MP_OKAY; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ 45| 0| } 46| | 47| | /* First check mod 128 (suppose that MP_DIGIT_BIT is at least 7) */ 48| 158| if (rem_128[127u & arg->dp[0]] == (char)1) { ------------------ | Branch (48:8): [True: 21, False: 137] ------------------ 49| 21| return MP_OKAY; ------------------ | | 161| 21|#define MP_OKAY 0 /* no error */ ------------------ 50| 21| } 51| | 52| | /* Next check mod 105 (3*5*7) */ 53| 137| if ((err = mp_mod_d(arg, 105uL, &c)) != MP_OKAY) { ------------------ | | 161| 137|#define MP_OKAY 0 /* no error */ ------------------ | Branch (53:8): [True: 0, False: 137] ------------------ 54| 0| return err; 55| 0| } 56| 137| if (rem_105[c] == (char)1) { ------------------ | Branch (56:8): [True: 96, False: 41] ------------------ 57| 96| return MP_OKAY; ------------------ | | 161| 96|#define MP_OKAY 0 /* no error */ ------------------ 58| 96| } 59| | 60| | 61| 41| if ((err = mp_init_u32(&t, 11u*13u*17u*19u*23u*29u*31u)) != MP_OKAY) { ------------------ | | 161| 41|#define MP_OKAY 0 /* no error */ ------------------ | Branch (61:8): [True: 0, False: 41] ------------------ 62| 0| return err; 63| 0| } 64| 41| if ((err = mp_mod(arg, &t, &t)) != MP_OKAY) { ------------------ | | 161| 41|#define MP_OKAY 0 /* no error */ ------------------ | Branch (64:8): [True: 0, False: 41] ------------------ 65| 0| goto LBL_ERR; 66| 0| } 67| 41| r = mp_get_u32(&t); ------------------ | | 310| 41|#define mp_get_u32(a) ((uint32_t)mp_get_i32(a)) ------------------ 68| | /* Check for other prime modules, note it's not an ERROR but we must 69| | * free "t" so the easiest way is to goto LBL_ERR. We know that err 70| | * is already equal to MP_OKAY from the mp_mod call 71| | */ 72| 41| if (((1uL<<(r%11uL)) & 0x5C4uL) != 0uL) goto LBL_ERR; ------------------ | Branch (72:8): [True: 8, False: 33] ------------------ 73| 33| if (((1uL<<(r%13uL)) & 0x9E4uL) != 0uL) goto LBL_ERR; ------------------ | Branch (73:8): [True: 11, False: 22] ------------------ 74| 22| if (((1uL<<(r%17uL)) & 0x5CE8uL) != 0uL) goto LBL_ERR; ------------------ | Branch (74:8): [True: 5, False: 17] ------------------ 75| 17| if (((1uL<<(r%19uL)) & 0x4F50CuL) != 0uL) goto LBL_ERR; ------------------ | Branch (75:8): [True: 7, False: 10] ------------------ 76| 10| if (((1uL<<(r%23uL)) & 0x7ACCA0uL) != 0uL) goto LBL_ERR; ------------------ | Branch (76:8): [True: 2, False: 8] ------------------ 77| 8| if (((1uL<<(r%29uL)) & 0xC2EDD0CuL) != 0uL) goto LBL_ERR; ------------------ | Branch (77:8): [True: 2, False: 6] ------------------ 78| 6| if (((1uL<<(r%31uL)) & 0x6DE2B848uL) != 0uL) goto LBL_ERR; ------------------ | Branch (78:8): [True: 1, False: 5] ------------------ 79| | 80| | /* Final check - is sqr(sqrt(arg)) == arg ? */ 81| 5| if ((err = mp_sqrt(arg, &t)) != MP_OKAY) { ------------------ | | 161| 5|#define MP_OKAY 0 /* no error */ ------------------ | Branch (81:8): [True: 0, False: 5] ------------------ 82| 0| goto LBL_ERR; 83| 0| } 84| 5| if ((err = mp_sqr(&t, &t)) != MP_OKAY) { ------------------ | | 161| 5|#define MP_OKAY 0 /* no error */ ------------------ | Branch (84:8): [True: 0, False: 5] ------------------ 85| 0| goto LBL_ERR; 86| 0| } 87| | 88| 5| *ret = (mp_cmp_mag(&t, arg) == MP_EQ) ? MP_YES : MP_NO; ------------------ | | 155| 5|#define MP_EQ 0 /* equal to */ ------------------ *ret = (mp_cmp_mag(&t, arg) == MP_EQ) ? MP_YES : MP_NO; ------------------ | | 158| 1|#define MP_YES 1 ------------------ *ret = (mp_cmp_mag(&t, arg) == MP_EQ) ? MP_YES : MP_NO; ------------------ | | 159| 9|#define MP_NO 0 ------------------ | Branch (88:11): [True: 1, False: 4] ------------------ 89| 41|LBL_ERR: 90| 41| mp_clear(&t); 91| 41| return err; 92| 5|} mp_lshd: 8| 530k|{ 9| 530k| int x; 10| 530k| mp_err err; 11| 530k| mp_digit *top, *bottom; 12| | 13| | /* if its less than zero return */ 14| 530k| if (b <= 0) { ------------------ | Branch (14:8): [True: 129k, False: 401k] ------------------ 15| 129k| return MP_OKAY; ------------------ | | 161| 129k|#define MP_OKAY 0 /* no error */ ------------------ 16| 129k| } 17| | /* no need to shift 0 around */ 18| 401k| if (MP_IS_ZERO(a)) { ------------------ | | 163| 401k|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 487, False: 400k] | | ------------------ ------------------ 19| 487| return MP_OKAY; ------------------ | | 161| 487|#define MP_OKAY 0 /* no error */ ------------------ 20| 487| } 21| | 22| | /* grow to fit the new digits */ 23| 400k| if (a->alloc < (a->used + b)) { ------------------ | Branch (23:8): [True: 126k, False: 274k] ------------------ 24| 126k| if ((err = mp_grow(a, a->used + b)) != MP_OKAY) { ------------------ | | 161| 126k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (24:11): [True: 0, False: 126k] ------------------ 25| 0| return err; 26| 0| } 27| 126k| } 28| | 29| | /* increment the used by the shift amount then copy upwards */ 30| 400k| a->used += b; 31| | 32| | /* top */ 33| 400k| top = a->dp + a->used - 1; 34| | 35| | /* base */ 36| 400k| bottom = (a->dp + a->used - 1) - b; 37| | 38| | /* much like mp_rshd this is implemented using a sliding window 39| | * except the window goes the otherway around. Copying from 40| | * the bottom to the top. see bn_mp_rshd.c for more info. 41| | */ 42| 2.43M| for (x = a->used - 1; x >= b; x--) { ------------------ | Branch (42:26): [True: 2.03M, False: 400k] ------------------ 43| 2.03M| *top-- = *bottom--; 44| 2.03M| } 45| | 46| | /* zero the lower digits */ 47| 400k| MP_ZERO_DIGITS(a->dp, b); ------------------ | | 89| 400k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 400k|do { \ | | 91| 400k| int zd_ = (digits); \ | | 92| 400k| mp_digit* zm_ = (mem); \ | | 93| 1.62M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 1.21M, False: 400k] | | ------------------ | | 94| 1.21M| *zm_++ = 0; \ | | 95| 1.21M| } \ | | 96| 400k|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 400k] | | ------------------ ------------------ 48| | 49| 400k| return MP_OKAY; ------------------ | | 161| 400k|#define MP_OKAY 0 /* no error */ ------------------ 50| 400k|} mp_mod: 8| 129k|{ 9| 129k| mp_int t; 10| 129k| mp_err err; 11| | 12| 129k| if ((err = mp_init_size(&t, b->used)) != MP_OKAY) { ------------------ | | 161| 129k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (12:8): [True: 0, False: 129k] ------------------ 13| 0| return err; 14| 0| } 15| | 16| 129k| if ((err = mp_div(a, b, NULL, &t)) != MP_OKAY) { ------------------ | | 161| 129k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (16:8): [True: 0, False: 129k] ------------------ 17| 0| goto LBL_ERR; 18| 0| } 19| | 20| 129k| if (MP_IS_ZERO(&t) || (t.sign == b->sign)) { ------------------ | | 163| 259k|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 776, False: 128k] | | ------------------ ------------------ | Branch (20:26): [True: 128k, False: 281] ------------------ 21| 129k| err = MP_OKAY; ------------------ | | 161| 129k|#define MP_OKAY 0 /* no error */ ------------------ 22| 129k| mp_exch(&t, c); 23| 129k| } else { 24| 281| err = mp_add(b, &t, c); 25| 281| } 26| | 27| 129k|LBL_ERR: 28| 129k| mp_clear(&t); 29| 129k| return err; 30| 129k|} mp_mod_2d: 8| 2.76M|{ 9| 2.76M| int x; 10| 2.76M| mp_err err; 11| | 12| | /* if b is <= 0 then zero the int */ 13| 2.76M| if (b <= 0) { ------------------ | Branch (13:8): [True: 0, False: 2.76M] ------------------ 14| 0| mp_zero(c); 15| 0| return MP_OKAY; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ 16| 0| } 17| | 18| | /* if the modulus is larger than the value than return */ 19| 2.76M| if (b >= (a->used * MP_DIGIT_BIT)) { ------------------ | | 82| 2.76M|# define MP_DIGIT_BIT 60 ------------------ | Branch (19:8): [True: 34.6k, False: 2.73M] ------------------ 20| 34.6k| return mp_copy(a, c); 21| 34.6k| } 22| | 23| | /* copy */ 24| 2.73M| if ((err = mp_copy(a, c)) != MP_OKAY) { ------------------ | | 161| 2.73M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (24:8): [True: 0, False: 2.73M] ------------------ 25| 0| return err; 26| 0| } 27| | 28| | /* zero digits above the last digit of the modulus */ 29| 2.73M| x = (b / MP_DIGIT_BIT) + (((b % MP_DIGIT_BIT) == 0) ? 0 : 1); ------------------ | | 82| 2.73M|# define MP_DIGIT_BIT 60 ------------------ x = (b / MP_DIGIT_BIT) + (((b % MP_DIGIT_BIT) == 0) ? 0 : 1); ------------------ | | 82| 2.73M|# define MP_DIGIT_BIT 60 ------------------ | Branch (29:30): [True: 96.4k, False: 2.63M] ------------------ 30| 2.73M| MP_ZERO_DIGITS(c->dp + x, c->used - x); ------------------ | | 89| 2.73M|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 2.73M|do { \ | | 91| 2.73M| int zd_ = (digits); \ | | 92| 2.73M| mp_digit* zm_ = (mem); \ | | 93| 42.0M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 39.2M, False: 2.73M] | | ------------------ | | 94| 39.2M| *zm_++ = 0; \ | | 95| 39.2M| } \ | | 96| 2.73M|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 2.73M] | | ------------------ ------------------ 31| | 32| | /* clear the digit that is not completely outside/inside the modulus */ 33| 2.73M| c->dp[b / MP_DIGIT_BIT] &= ------------------ | | 82| 2.73M|# define MP_DIGIT_BIT 60 ------------------ 34| 2.73M| ((mp_digit)1 << (mp_digit)(b % MP_DIGIT_BIT)) - (mp_digit)1; ------------------ | | 82| 2.73M|# define MP_DIGIT_BIT 60 ------------------ 35| 2.73M| mp_clamp(c); 36| 2.73M| return MP_OKAY; ------------------ | | 161| 2.73M|#define MP_OKAY 0 /* no error */ ------------------ 37| 2.73M|} mp_mod_d: 7| 27.8k|{ 8| | return mp_div_d(a, b, NULL, c); 9| 27.8k|} mp_montgomery_calc_normalization: 13| 2.86k|{ 14| 2.86k| int x, bits; 15| 2.86k| mp_err err; 16| | 17| | /* how many bits of last digit does b use */ 18| 2.86k| bits = mp_count_bits(b) % MP_DIGIT_BIT; ------------------ | | 82| 2.86k|# define MP_DIGIT_BIT 60 ------------------ 19| | 20| 2.86k| if (b->used > 1) { ------------------ | Branch (20:8): [True: 2.86k, False: 0] ------------------ 21| 2.86k| if ((err = mp_2expt(a, ((b->used - 1) * MP_DIGIT_BIT) + bits - 1)) != MP_OKAY) { ------------------ | | 82| 2.86k|# define MP_DIGIT_BIT 60 ------------------ if ((err = mp_2expt(a, ((b->used - 1) * MP_DIGIT_BIT) + bits - 1)) != MP_OKAY) { ------------------ | | 161| 2.86k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (21:11): [True: 0, False: 2.86k] ------------------ 22| 0| return err; 23| 0| } 24| 2.86k| } else { 25| 0| mp_set(a, 1uL); 26| 0| bits = 1; 27| 0| } 28| | 29| | 30| | /* now compute C = A * B mod b */ 31| 83.3k| for (x = bits - 1; x < (int)MP_DIGIT_BIT; x++) { ------------------ | | 82| 83.3k|# define MP_DIGIT_BIT 60 ------------------ | Branch (31:23): [True: 80.4k, False: 2.86k] ------------------ 32| 80.4k| if ((err = mp_mul_2(a, a)) != MP_OKAY) { ------------------ | | 161| 80.4k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (32:11): [True: 0, False: 80.4k] ------------------ 33| 0| return err; 34| 0| } 35| 80.4k| if (mp_cmp_mag(a, b) != MP_LT) { ------------------ | | 154| 80.4k|#define MP_LT -1 /* less than */ ------------------ | Branch (35:11): [True: 29.6k, False: 50.8k] ------------------ 36| 29.6k| if ((err = s_mp_sub(a, b, a)) != MP_OKAY) { ------------------ | | 161| 29.6k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (36:14): [True: 0, False: 29.6k] ------------------ 37| 0| return err; 38| 0| } 39| 29.6k| } 40| 80.4k| } 41| | 42| 2.86k| return MP_OKAY; ------------------ | | 161| 2.86k|#define MP_OKAY 0 /* no error */ ------------------ 43| 2.86k|} mp_montgomery_reduce: 8| 1.35M|{ 9| 1.35M| int ix, digs; 10| 1.35M| mp_err err; 11| 1.35M| mp_digit mu; 12| | 13| | /* can the fast reduction [comba] method be used? 14| | * 15| | * Note that unlike in mul you're safely allowed *less* 16| | * than the available columns [255 per default] since carries 17| | * are fixed up in the inner loop. 18| | */ 19| 1.35M| digs = (n->used * 2) + 1; 20| 1.35M| if ((digs < MP_WARRAY) && ------------------ | | 172| 1.35M|#define MP_WARRAY PRIVATE_MP_WARRAY | | ------------------ | | | | 203| 1.35M|#define PRIVATE_MP_WARRAY (int)(1uLL << (((CHAR_BIT * sizeof(private_mp_word)) - (2 * MP_DIGIT_BIT)) + 1)) | | | | ------------------ | | | | | | 82| 1.35M|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (20:8): [True: 1.35M, False: 0] ------------------ 21| 1.35M| (x->used <= MP_WARRAY) && ------------------ | | 172| 1.35M|#define MP_WARRAY PRIVATE_MP_WARRAY | | ------------------ | | | | 203| 1.35M|#define PRIVATE_MP_WARRAY (int)(1uLL << (((CHAR_BIT * sizeof(private_mp_word)) - (2 * MP_DIGIT_BIT)) + 1)) | | | | ------------------ | | | | | | 82| 1.35M|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (21:8): [True: 1.35M, False: 0] ------------------ 22| 1.35M| (n->used < MP_MAXFAST)) { ------------------ | | 168| 1.35M|#define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 167| 1.35M|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) | | ------------------ | | #define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 82| 1.35M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ | Branch (22:8): [True: 1.35M, False: 0] ------------------ 23| 1.35M| return s_mp_montgomery_reduce_fast(x, n, rho); 24| 1.35M| } 25| | 26| | /* grow the input as required */ 27| 0| if (x->alloc < digs) { ------------------ | Branch (27:8): [True: 0, False: 0] ------------------ 28| 0| if ((err = mp_grow(x, digs)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (28:11): [True: 0, False: 0] ------------------ 29| 0| return err; 30| 0| } 31| 0| } 32| 0| x->used = digs; 33| | 34| 0| for (ix = 0; ix < n->used; ix++) { ------------------ | Branch (34:17): [True: 0, False: 0] ------------------ 35| | /* mu = ai * rho mod b 36| | * 37| | * The value of rho must be precalculated via 38| | * montgomery_setup() such that 39| | * it equals -1/n0 mod b this allows the 40| | * following inner loop to reduce the 41| | * input one digit at a time 42| | */ 43| 0| mu = (mp_digit)(((mp_word)x->dp[ix] * (mp_word)rho) & MP_MASK); ------------------ | | 106| 0|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 0|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 44| | 45| | /* a = a + mu * m * b**i */ 46| 0| { 47| 0| int iy; 48| 0| mp_digit *tmpn, *tmpx, u; 49| 0| mp_word r; 50| | 51| | /* alias for digits of the modulus */ 52| 0| tmpn = n->dp; 53| | 54| | /* alias for the digits of x [the input] */ 55| 0| tmpx = x->dp + ix; 56| | 57| | /* set the carry to zero */ 58| 0| u = 0; 59| | 60| | /* Multiply and add in place */ 61| 0| for (iy = 0; iy < n->used; iy++) { ------------------ | Branch (61:23): [True: 0, False: 0] ------------------ 62| | /* compute product and sum */ 63| 0| r = ((mp_word)mu * (mp_word)*tmpn++) + 64| 0| (mp_word)u + (mp_word)*tmpx; 65| | 66| | /* get carry */ 67| 0| u = (mp_digit)(r >> (mp_word)MP_DIGIT_BIT); ------------------ | | 82| 0|# define MP_DIGIT_BIT 60 ------------------ 68| | 69| | /* fix digit */ 70| 0| *tmpx++ = (mp_digit)(r & (mp_word)MP_MASK); ------------------ | | 106| 0|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 0|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 71| 0| } 72| | /* At this point the ix'th digit of x should be zero */ 73| | 74| | 75| | /* propagate carries upwards as required*/ 76| 0| while (u != 0u) { ------------------ | Branch (76:17): [True: 0, False: 0] ------------------ 77| 0| *tmpx += u; 78| 0| u = *tmpx >> MP_DIGIT_BIT; ------------------ | | 82| 0|# define MP_DIGIT_BIT 60 ------------------ 79| 0| *tmpx++ &= MP_MASK; ------------------ | | 106| 0|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 0|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 80| 0| } 81| 0| } 82| 0| } 83| | 84| | /* at this point the n.used'th least 85| | * significant digits of x are all zero 86| | * which means we can shift x to the 87| | * right by n.used digits and the 88| | * residue is unchanged. 89| | */ 90| | 91| | /* x = x/b**n.used */ 92| 0| mp_clamp(x); 93| 0| mp_rshd(x, n->used); 94| | 95| | /* if x >= n then x = x - n */ 96| 0| if (mp_cmp_mag(x, n) != MP_LT) { ------------------ | | 154| 0|#define MP_LT -1 /* less than */ ------------------ | Branch (96:8): [True: 0, False: 0] ------------------ 97| 0| return s_mp_sub(x, n, x); 98| 0| } 99| | 100| 0| return MP_OKAY; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ 101| 0|} mp_montgomery_setup: 8| 2.86k|{ 9| 2.86k| mp_digit x, b; 10| | 11| | /* fast inversion mod 2**k 12| | * 13| | * Based on the fact that 14| | * 15| | * XA = 1 (mod 2**n) => (X(2-XA)) A = 1 (mod 2**2n) 16| | * => 2*X*A - X*X*A*A = 1 17| | * => 2*(1) - (1) = 1 18| | */ 19| 2.86k| b = n->dp[0]; 20| | 21| 2.86k| if ((b & 1u) == 0u) { ------------------ | Branch (21:8): [True: 0, False: 2.86k] ------------------ 22| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 23| 0| } 24| | 25| 2.86k| x = (((b + 2u) & 4u) << 1) + b; /* here x*a==1 mod 2**4 */ 26| 2.86k| x *= 2u - (b * x); /* here x*a==1 mod 2**8 */ 27| 2.86k|#if !defined(MP_8BIT) 28| 2.86k| x *= 2u - (b * x); /* here x*a==1 mod 2**16 */ 29| 2.86k|#endif 30| 2.86k|#if defined(MP_64BIT) || !(defined(MP_8BIT) || defined(MP_16BIT)) 31| 2.86k| x *= 2u - (b * x); /* here x*a==1 mod 2**32 */ 32| 2.86k|#endif 33| 2.86k|#ifdef MP_64BIT 34| 2.86k| x *= 2u - (b * x); /* here x*a==1 mod 2**64 */ 35| 2.86k|#endif 36| | 37| | /* rho = -1/m mod b */ 38| 2.86k| *rho = (mp_digit)(((mp_word)1 << (mp_word)MP_DIGIT_BIT) - x) & MP_MASK; ------------------ | | 82| 2.86k|# define MP_DIGIT_BIT 60 ------------------ *rho = (mp_digit)(((mp_word)1 << (mp_word)MP_DIGIT_BIT) - x) & MP_MASK; ------------------ | | 106| 2.86k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 2.86k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 39| | 40| 2.86k| return MP_OKAY; ------------------ | | 161| 2.86k|#define MP_OKAY 0 /* no error */ ------------------ 41| 2.86k|} mp_mul: 8| 3.64M|{ 9| 3.64M| mp_err err; 10| 3.64M| int min_len = MP_MIN(a->used, b->used), ------------------ | | 156| 3.64M|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 2.49M, False: 1.14M] | | ------------------ ------------------ 11| 3.64M| max_len = MP_MAX(a->used, b->used), ------------------ | | 157| 3.64M|#define MP_MAX(x, y) (((x) > (y)) ? (x) : (y)) | | ------------------ | | | Branch (157:23): [True: 16.5k, False: 3.63M] | | ------------------ ------------------ 12| 3.64M| digs = a->used + b->used + 1; 13| 3.64M| mp_sign neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG; ------------------ | | 151| 3.64M|#define MP_ZPOS 0 /* positive integer */ ------------------ mp_sign neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG; ------------------ | | 152| 0|#define MP_NEG 1 /* negative */ ------------------ | Branch (13:18): [True: 3.64M, False: 0] ------------------ 14| | 15| 3.64M| if (MP_HAS(S_MP_BALANCE_MUL) && ------------------ | | 150| 7.29M|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 3.64M|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 3.64M|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 3.64M, Folded] | | ------------------ ------------------ 16| | /* Check sizes. The smaller one needs to be larger than the Karatsuba cut-off. 17| | * The bigger one needs to be at least about one MP_KARATSUBA_MUL_CUTOFF bigger 18| | * to make some sense, but it depends on architecture, OS, position of the 19| | * stars... so YMMV. 20| | * Using it to cut the input into slices small enough for fast_s_mp_mul_digs 21| | * was actually slower on the author's machine, but YMMV. 22| | */ 23| 3.64M| (min_len >= MP_KARATSUBA_MUL_CUTOFF) && ------------------ | | 121| 3.64M|# define MP_KARATSUBA_MUL_CUTOFF KARATSUBA_MUL_CUTOFF ------------------ | Branch (23:8): [True: 112k, False: 3.53M] ------------------ 24| 112k| ((max_len / 2) >= MP_KARATSUBA_MUL_CUTOFF) && ------------------ | | 121| 112k|# define MP_KARATSUBA_MUL_CUTOFF KARATSUBA_MUL_CUTOFF ------------------ | Branch (24:8): [True: 0, False: 112k] ------------------ 25| | /* Not much effect was observed below a ratio of 1:2, but again: YMMV. */ 26| 0| (max_len >= (2 * min_len))) { ------------------ | Branch (26:8): [True: 0, False: 0] ------------------ 27| 0| err = s_mp_balance_mul(a,b,c); 28| 3.64M| } else if (MP_HAS(S_MP_TOOM_MUL) && ------------------ | | 150| 7.29M|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 3.64M|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 3.64M|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded, False: 3.64M] | | ------------------ ------------------ 29| 0| (min_len >= MP_TOOM_MUL_CUTOFF)) { ------------------ | | 123| 0|# define MP_TOOM_MUL_CUTOFF TOOM_MUL_CUTOFF ------------------ | Branch (29:15): [True: 0, False: 0] ------------------ 30| 0| err = s_mp_toom_mul(a, b, c); 31| 3.64M| } else if (MP_HAS(S_MP_KARATSUBA_MUL) && ------------------ | | 150| 7.29M|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 3.64M|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 3.64M|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded, False: 3.64M] | | ------------------ ------------------ 32| 0| (min_len >= MP_KARATSUBA_MUL_CUTOFF)) { ------------------ | | 121| 0|# define MP_KARATSUBA_MUL_CUTOFF KARATSUBA_MUL_CUTOFF ------------------ | Branch (32:15): [True: 0, False: 0] ------------------ 33| 0| err = s_mp_karatsuba_mul(a, b, c); 34| 3.64M| } else if (MP_HAS(S_MP_MUL_DIGS_FAST) && ------------------ | | 150| 7.29M|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 3.64M|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 3.64M|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 3.64M, Folded] | | ------------------ ------------------ 35| | /* can we use the fast multiplier? 36| | * 37| | * The fast multiplier can be used if the output will 38| | * have less than MP_WARRAY digits and the number of 39| | * digits won't affect carry propagation 40| | */ 41| 3.64M| (digs < MP_WARRAY) && ------------------ | | 172| 3.64M|#define MP_WARRAY PRIVATE_MP_WARRAY | | ------------------ | | | | 203| 3.64M|#define PRIVATE_MP_WARRAY (int)(1uLL << (((CHAR_BIT * sizeof(private_mp_word)) - (2 * MP_DIGIT_BIT)) + 1)) | | | | ------------------ | | | | | | 82| 3.64M|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (41:15): [True: 3.64M, False: 0] ------------------ 42| 3.64M| (min_len <= MP_MAXFAST)) { ------------------ | | 168| 3.64M|#define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 167| 3.64M|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) | | ------------------ | | #define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 82| 3.64M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ | Branch (42:15): [True: 3.64M, False: 0] ------------------ 43| 3.64M| err = s_mp_mul_digs_fast(a, b, c, digs); 44| 3.64M| } else if (MP_HAS(S_MP_MUL_DIGS)) { ------------------ | | 150| 0|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 0, Folded] | | ------------------ ------------------ 45| 0| err = s_mp_mul_digs(a, b, c, digs); 46| 0| } else { 47| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 48| 0| } 49| 3.64M| c->sign = (c->used > 0) ? neg : MP_ZPOS; ------------------ | | 151| 3.67M|#define MP_ZPOS 0 /* positive integer */ ------------------ | Branch (49:14): [True: 3.62M, False: 26.4k] ------------------ 50| 3.64M| return err; 51| 3.64M|} mp_mul_2: 8| 80.4k|{ 9| 80.4k| int x, oldused; 10| 80.4k| mp_err err; 11| | 12| | /* grow to accomodate result */ 13| 80.4k| if (b->alloc < (a->used + 1)) { ------------------ | Branch (13:8): [True: 0, False: 80.4k] ------------------ 14| 0| if ((err = mp_grow(b, a->used + 1)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (14:11): [True: 0, False: 0] ------------------ 15| 0| return err; 16| 0| } 17| 0| } 18| | 19| 80.4k| oldused = b->used; 20| 80.4k| b->used = a->used; 21| | 22| 80.4k| { 23| 80.4k| mp_digit r, rr, *tmpa, *tmpb; 24| | 25| | /* alias for source */ 26| 80.4k| tmpa = a->dp; 27| | 28| | /* alias for dest */ 29| 80.4k| tmpb = b->dp; 30| | 31| | /* carry */ 32| 80.4k| r = 0; 33| 1.00M| for (x = 0; x < a->used; x++) { ------------------ | Branch (33:19): [True: 922k, False: 80.4k] ------------------ 34| | 35| | /* get what will be the *next* carry bit from the 36| | * MSB of the current digit 37| | */ 38| 922k| rr = *tmpa >> (mp_digit)(MP_DIGIT_BIT - 1); ------------------ | | 82| 922k|# define MP_DIGIT_BIT 60 ------------------ 39| | 40| | /* now shift up this digit, add in the carry [from the previous] */ 41| 922k| *tmpb++ = ((*tmpa++ << 1uL) | r) & MP_MASK; ------------------ | | 106| 922k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 922k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 42| | 43| | /* copy the carry that would be from the source 44| | * digit into the next iteration 45| | */ 46| 922k| r = rr; 47| 922k| } 48| | 49| | /* new leading digit? */ 50| 80.4k| if (r != 0u) { ------------------ | Branch (50:11): [True: 1.57k, False: 78.8k] ------------------ 51| | /* add a MSB which is always 1 at this point */ 52| 1.57k| *tmpb = 1; 53| 1.57k| ++(b->used); 54| 1.57k| } 55| | 56| | /* now zero any excess digits on the destination 57| | * that we didn't write to 58| | */ 59| 80.4k| MP_ZERO_DIGITS(b->dp + b->used, oldused - b->used); ------------------ | | 89| 80.4k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 80.4k|do { \ | | 91| 80.4k| int zd_ = (digits); \ | | 92| 80.4k| mp_digit* zm_ = (mem); \ | | 93| 80.4k| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 0, False: 80.4k] | | ------------------ | | 94| 0| *zm_++ = 0; \ | | 95| 0| } \ | | 96| 80.4k|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 80.4k] | | ------------------ ------------------ 60| 80.4k| } 61| 80.4k| b->sign = a->sign; 62| 80.4k| return MP_OKAY; ------------------ | | 161| 80.4k|#define MP_OKAY 0 /* no error */ ------------------ 63| 80.4k|} mp_mul_2d: 8| 1.38M|{ 9| 1.38M| mp_digit d; 10| 1.38M| mp_err err; 11| | 12| 1.38M| if (b < 0) { ------------------ | Branch (12:8): [True: 0, False: 1.38M] ------------------ 13| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 14| 0| } 15| | 16| | /* copy */ 17| 1.38M| if (a != c) { ------------------ | Branch (17:8): [True: 0, False: 1.38M] ------------------ 18| 0| if ((err = mp_copy(a, c)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (18:11): [True: 0, False: 0] ------------------ 19| 0| return err; 20| 0| } 21| 0| } 22| | 23| 1.38M| if (c->alloc < (c->used + (b / MP_DIGIT_BIT) + 1)) { ------------------ | | 82| 1.38M|# define MP_DIGIT_BIT 60 ------------------ | Branch (23:8): [True: 351k, False: 1.03M] ------------------ 24| 351k| if ((err = mp_grow(c, c->used + (b / MP_DIGIT_BIT) + 1)) != MP_OKAY) { ------------------ | | 82| 351k|# define MP_DIGIT_BIT 60 ------------------ if ((err = mp_grow(c, c->used + (b / MP_DIGIT_BIT) + 1)) != MP_OKAY) { ------------------ | | 161| 351k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (24:11): [True: 0, False: 351k] ------------------ 25| 0| return err; 26| 0| } 27| 351k| } 28| | 29| | /* shift by as many digits in the bit count */ 30| 1.38M| if (b >= MP_DIGIT_BIT) { ------------------ | | 82| 1.38M|# define MP_DIGIT_BIT 60 ------------------ | Branch (30:8): [True: 0, False: 1.38M] ------------------ 31| 0| if ((err = mp_lshd(c, b / MP_DIGIT_BIT)) != MP_OKAY) { ------------------ | | 82| 0|# define MP_DIGIT_BIT 60 ------------------ if ((err = mp_lshd(c, b / MP_DIGIT_BIT)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (31:11): [True: 0, False: 0] ------------------ 32| 0| return err; 33| 0| } 34| 0| } 35| | 36| | /* shift any bit count < MP_DIGIT_BIT */ 37| 1.38M| d = (mp_digit)(b % MP_DIGIT_BIT); ------------------ | | 82| 1.38M|# define MP_DIGIT_BIT 60 ------------------ 38| 1.38M| if (d != 0u) { ------------------ | Branch (38:8): [True: 1.38M, False: 0] ------------------ 39| 1.38M| mp_digit *tmpc, shift, mask, r, rr; 40| 1.38M| int x; 41| | 42| | /* bitmask for carries */ 43| 1.38M| mask = ((mp_digit)1 << d) - (mp_digit)1; 44| | 45| | /* shift for msbs */ 46| 1.38M| shift = (mp_digit)MP_DIGIT_BIT - d; ------------------ | | 82| 1.38M|# define MP_DIGIT_BIT 60 ------------------ 47| | 48| | /* alias */ 49| 1.38M| tmpc = c->dp; 50| | 51| | /* carry */ 52| 1.38M| r = 0; 53| 841M| for (x = 0; x < c->used; x++) { ------------------ | Branch (53:19): [True: 839M, False: 1.38M] ------------------ 54| | /* get the higher bits of the current word */ 55| 839M| rr = (*tmpc >> shift) & mask; 56| | 57| | /* shift the current word and OR in the carry */ 58| 839M| *tmpc = ((*tmpc << d) | r) & MP_MASK; ------------------ | | 106| 839M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 839M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 59| 839M| ++tmpc; 60| | 61| | /* set the carry to the carry bits of the current word */ 62| 839M| r = rr; 63| 839M| } 64| | 65| | /* set final carry */ 66| 1.38M| if (r != 0u) { ------------------ | Branch (66:11): [True: 2.85k, False: 1.38M] ------------------ 67| 2.85k| c->dp[(c->used)++] = r; 68| 2.85k| } 69| 1.38M| } 70| 1.38M| mp_clamp(c); 71| 1.38M| return MP_OKAY; ------------------ | | 161| 1.38M|#define MP_OKAY 0 /* no error */ ------------------ 72| 1.38M|} mp_mul_d: 8| 1.08M|{ 9| 1.08M| mp_digit u, *tmpa, *tmpc; 10| 1.08M| mp_word r; 11| 1.08M| mp_err err; 12| 1.08M| int ix, olduse; 13| | 14| | /* make sure c is big enough to hold a*b */ 15| 1.08M| if (c->alloc < (a->used + 1)) { ------------------ | Branch (15:8): [True: 85, False: 1.08M] ------------------ 16| 85| if ((err = mp_grow(c, a->used + 1)) != MP_OKAY) { ------------------ | | 161| 85|#define MP_OKAY 0 /* no error */ ------------------ | Branch (16:11): [True: 0, False: 85] ------------------ 17| 0| return err; 18| 0| } 19| 85| } 20| | 21| | /* get the original destinations used count */ 22| 1.08M| olduse = c->used; 23| | 24| | /* set the sign */ 25| 1.08M| c->sign = a->sign; 26| | 27| | /* alias for a->dp [source] */ 28| 1.08M| tmpa = a->dp; 29| | 30| | /* alias for c->dp [dest] */ 31| 1.08M| tmpc = c->dp; 32| | 33| | /* zero carry */ 34| 1.08M| u = 0; 35| | 36| | /* compute columns */ 37| 4.45M| for (ix = 0; ix < a->used; ix++) { ------------------ | Branch (37:17): [True: 3.37M, False: 1.08M] ------------------ 38| | /* compute product and carry sum for this term */ 39| 3.37M| r = (mp_word)u + ((mp_word)*tmpa++ * (mp_word)b); 40| | 41| | /* mask off higher bits to get a single digit */ 42| 3.37M| *tmpc++ = (mp_digit)(r & (mp_word)MP_MASK); ------------------ | | 106| 3.37M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 3.37M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 43| | 44| | /* send carry into next iteration */ 45| 3.37M| u = (mp_digit)(r >> (mp_word)MP_DIGIT_BIT); ------------------ | | 82| 3.37M|# define MP_DIGIT_BIT 60 ------------------ 46| 3.37M| } 47| | 48| | /* store final carry [if any] and increment ix offset */ 49| 1.08M| *tmpc++ = u; 50| 1.08M| ++ix; 51| | 52| | /* now zero digits above the top */ 53| 1.08M| MP_ZERO_DIGITS(tmpc, olduse - ix); ------------------ | | 89| 1.08M|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 1.08M|do { \ | | 91| 1.08M| int zd_ = (digits); \ | | 92| 1.08M| mp_digit* zm_ = (mem); \ | | 93| 1.08M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 277, False: 1.08M] | | ------------------ | | 94| 277| *zm_++ = 0; \ | | 95| 277| } \ | | 96| 1.08M|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 1.08M] | | ------------------ ------------------ 54| | 55| | /* set used count */ 56| 1.08M| c->used = a->used + 1; 57| 1.08M| mp_clamp(c); 58| | 59| 1.08M| return MP_OKAY; ------------------ | | 161| 1.08M|#define MP_OKAY 0 /* no error */ ------------------ 60| 1.08M|} mp_mulmod: 8| 5.35k|{ 9| 5.35k| mp_err err; 10| 5.35k| mp_int t; 11| | 12| 5.35k| if ((err = mp_init_size(&t, c->used)) != MP_OKAY) { ------------------ | | 161| 5.35k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (12:8): [True: 0, False: 5.35k] ------------------ 13| 0| return err; 14| 0| } 15| | 16| 5.35k| if ((err = mp_mul(a, b, &t)) != MP_OKAY) { ------------------ | | 161| 5.35k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (16:8): [True: 0, False: 5.35k] ------------------ 17| 0| goto LBL_ERR; 18| 0| } 19| 5.35k| err = mp_mod(&t, c, d); 20| | 21| 5.35k|LBL_ERR: 22| 5.35k| mp_clear(&t); 23| 5.35k| return err; 24| 5.35k|} mp_prime_is_prime: 18| 256|{ 19| 256| mp_int b; 20| 256| int ix, p_max = 0, size_a, len; 21| 256| mp_bool res; 22| 256| mp_err err; 23| 256| unsigned int fips_rand, mask; 24| | 25| | /* default to no */ 26| 256| *result = MP_NO; ------------------ | | 159| 256|#define MP_NO 0 ------------------ 27| | 28| | /* Some shortcuts */ 29| | /* N > 3 */ 30| 256| if (a->used == 1) { ------------------ | Branch (30:8): [True: 0, False: 256] ------------------ 31| 0| if ((a->dp[0] == 0u) || (a->dp[0] == 1u)) { ------------------ | Branch (31:11): [True: 0, False: 0] | Branch (31:31): [True: 0, False: 0] ------------------ 32| 0| *result = MP_NO; ------------------ | | 159| 0|#define MP_NO 0 ------------------ 33| 0| return MP_OKAY; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ 34| 0| } 35| 0| if (a->dp[0] == 2u) { ------------------ | Branch (35:11): [True: 0, False: 0] ------------------ 36| 0| *result = MP_YES; ------------------ | | 158| 0|#define MP_YES 1 ------------------ 37| 0| return MP_OKAY; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ 38| 0| } 39| 0| } 40| | 41| | /* N must be odd */ 42| 256| if (MP_IS_EVEN(a)) { ------------------ | | 164| 256|#define MP_IS_EVEN(a) (((a)->used == 0) || (((a)->dp[0] & 1u) == 0u)) | | ------------------ | | | Branch (164:24): [True: 0, False: 256] | | | Branch (164:44): [True: 98, False: 158] | | ------------------ ------------------ 43| 98| return MP_OKAY; ------------------ | | 161| 98|#define MP_OKAY 0 /* no error */ ------------------ 44| 98| } 45| | /* N is not a perfect square: floor(sqrt(N))^2 != N */ 46| 158| if ((err = mp_is_square(a, &res)) != MP_OKAY) { ------------------ | | 161| 158|#define MP_OKAY 0 /* no error */ ------------------ | Branch (46:8): [True: 0, False: 158] ------------------ 47| 0| return err; 48| 0| } 49| 158| if (res != MP_NO) { ------------------ | | 159| 158|#define MP_NO 0 ------------------ | Branch (49:8): [True: 1, False: 157] ------------------ 50| 1| return MP_OKAY; ------------------ | | 161| 1|#define MP_OKAY 0 /* no error */ ------------------ 51| 1| } 52| | 53| | /* is the input equal to one of the primes in the table? */ 54| 40.3k| for (ix = 0; ix < PRIVATE_MP_PRIME_TAB_SIZE; ix++) { ------------------ | | 633| 40.3k|# define PRIVATE_MP_PRIME_TAB_SIZE 256 ------------------ | Branch (54:17): [True: 40.1k, False: 157] ------------------ 55| 40.1k| if (mp_cmp_d(a, s_mp_prime_tab[ix]) == MP_EQ) { ------------------ | | 155| 40.1k|#define MP_EQ 0 /* equal to */ ------------------ | Branch (55:11): [True: 0, False: 40.1k] ------------------ 56| 0| *result = MP_YES; ------------------ | | 158| 0|#define MP_YES 1 ------------------ 57| 0| return MP_OKAY; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ 58| 0| } 59| 40.1k| } 60| |#ifdef MP_8BIT 61| | /* The search in the loop above was exhaustive in this case */ 62| | if ((a->used == 1) && (PRIVATE_MP_PRIME_TAB_SIZE >= 31)) { 63| | return MP_OKAY; 64| | } 65| |#endif 66| | 67| | /* first perform trial division */ 68| 157| if ((err = s_mp_prime_is_divisible(a, &res)) != MP_OKAY) { ------------------ | | 161| 157|#define MP_OKAY 0 /* no error */ ------------------ | Branch (68:8): [True: 0, False: 157] ------------------ 69| 0| return err; 70| 0| } 71| | 72| | /* return if it was trivially divisible */ 73| 157| if (res == MP_YES) { ------------------ | | 158| 157|#define MP_YES 1 ------------------ | Branch (73:8): [True: 54, False: 103] ------------------ 74| 54| return MP_OKAY; ------------------ | | 161| 54|#define MP_OKAY 0 /* no error */ ------------------ 75| 54| } 76| | 77| | /* 78| | Run the Miller-Rabin test with base 2 for the BPSW test. 79| | */ 80| 103| if ((err = mp_init_set(&b, 2uL)) != MP_OKAY) { ------------------ | | 161| 103|#define MP_OKAY 0 /* no error */ ------------------ | Branch (80:8): [True: 0, False: 103] ------------------ 81| 0| return err; 82| 0| } 83| | 84| 103| if ((err = mp_prime_miller_rabin(a, &b, &res)) != MP_OKAY) { ------------------ | | 161| 103|#define MP_OKAY 0 /* no error */ ------------------ | Branch (84:8): [True: 0, False: 103] ------------------ 85| 0| goto LBL_B; 86| 0| } 87| 103| if (res == MP_NO) { ------------------ | | 159| 103|#define MP_NO 0 ------------------ | Branch (87:8): [True: 41, False: 62] ------------------ 88| 41| goto LBL_B; 89| 41| } 90| | /* 91| | Rumours have it that Mathematica does a second M-R test with base 3. 92| | Other rumours have it that their strong L-S test is slightly different. 93| | It does not hurt, though, beside a bit of extra runtime. 94| | */ 95| 62| b.dp[0]++; 96| 62| if ((err = mp_prime_miller_rabin(a, &b, &res)) != MP_OKAY) { ------------------ | | 161| 62|#define MP_OKAY 0 /* no error */ ------------------ | Branch (96:8): [True: 0, False: 62] ------------------ 97| 0| goto LBL_B; 98| 0| } 99| 62| if (res == MP_NO) { ------------------ | | 159| 62|#define MP_NO 0 ------------------ | Branch (99:8): [True: 0, False: 62] ------------------ 100| 0| goto LBL_B; 101| 0| } 102| | 103| | /* 104| | * Both, the Frobenius-Underwood test and the the Lucas-Selfridge test are quite 105| | * slow so if speed is an issue, define LTM_USE_ONLY_MR to use M-R tests with 106| | * bases 2, 3 and t random bases. 107| | */ 108| |#ifndef LTM_USE_ONLY_MR 109| | if (t >= 0) { 110| | /* 111| | * Use a Frobenius-Underwood test instead of the Lucas-Selfridge test for 112| | * MP_8BIT (It is unknown if the Lucas-Selfridge test works with 16-bit 113| | * integers but the necesssary analysis is on the todo-list). 114| | */ 115| |#if defined (MP_8BIT) || defined (LTM_USE_FROBENIUS_TEST) 116| | err = mp_prime_frobenius_underwood(a, &res); 117| | if ((err != MP_OKAY) && (err != MP_ITER)) { 118| | goto LBL_B; 119| | } 120| | if (res == MP_NO) { 121| | goto LBL_B; 122| | } 123| |#else 124| | if ((err = mp_prime_strong_lucas_selfridge(a, &res)) != MP_OKAY) { 125| | goto LBL_B; 126| | } 127| | if (res == MP_NO) { 128| | goto LBL_B; 129| | } 130| |#endif 131| | } 132| |#endif 133| | 134| | /* run at least one Miller-Rabin test with a random base */ 135| 62| if (t == 0) { ------------------ | Branch (135:8): [True: 0, False: 62] ------------------ 136| 0| t = 1; 137| 0| } 138| | 139| | /* 140| | Only recommended if the input range is known to be < 3317044064679887385961981 141| | 142| | It uses the bases necessary for a deterministic M-R test if the input is 143| | smaller than 3317044064679887385961981 144| | The caller has to check the size. 145| | TODO: can be made a bit finer grained but comparing is not free. 146| | */ 147| 62| if (t < 0) { ------------------ | Branch (147:8): [True: 0, False: 62] ------------------ 148| | /* 149| | Sorenson, Jonathan; Webster, Jonathan (2015). 150| | "Strong Pseudoprimes to Twelve Prime Bases". 151| | */ 152| | /* 0x437ae92817f9fc85b7e5 = 318665857834031151167461 */ 153| 0| if ((err = mp_read_radix(&b, "437ae92817f9fc85b7e5", 16)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (153:11): [True: 0, False: 0] ------------------ 154| 0| goto LBL_B; 155| 0| } 156| | 157| 0| if (mp_cmp(a, &b) == MP_LT) { ------------------ | | 154| 0|#define MP_LT -1 /* less than */ ------------------ | Branch (157:11): [True: 0, False: 0] ------------------ 158| 0| p_max = 12; 159| 0| } else { 160| | /* 0x2be6951adc5b22410a5fd = 3317044064679887385961981 */ 161| 0| if ((err = mp_read_radix(&b, "2be6951adc5b22410a5fd", 16)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (161:14): [True: 0, False: 0] ------------------ 162| 0| goto LBL_B; 163| 0| } 164| | 165| 0| if (mp_cmp(a, &b) == MP_LT) { ------------------ | | 154| 0|#define MP_LT -1 /* less than */ ------------------ | Branch (165:14): [True: 0, False: 0] ------------------ 166| 0| p_max = 13; 167| 0| } else { 168| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 169| 0| goto LBL_B; 170| 0| } 171| 0| } 172| | 173| | /* we did bases 2 and 3 already, skip them */ 174| 0| for (ix = 2; ix < p_max; ix++) { ------------------ | Branch (174:20): [True: 0, False: 0] ------------------ 175| 0| mp_set(&b, s_mp_prime_tab[ix]); 176| 0| if ((err = mp_prime_miller_rabin(a, &b, &res)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (176:14): [True: 0, False: 0] ------------------ 177| 0| goto LBL_B; 178| 0| } 179| 0| if (res == MP_NO) { ------------------ | | 159| 0|#define MP_NO 0 ------------------ | Branch (179:14): [True: 0, False: 0] ------------------ 180| 0| goto LBL_B; 181| 0| } 182| 0| } 183| 0| } 184| | /* 185| | Do "t" M-R tests with random bases between 3 and "a". 186| | See Fips 186.4 p. 126ff 187| | */ 188| 62| else if (t > 0) { ------------------ | Branch (188:13): [True: 62, False: 0] ------------------ 189| | /* 190| | * The mp_digit's have a defined bit-size but the size of the 191| | * array a.dp is a simple 'int' and this library can not assume full 192| | * compliance to the current C-standard (ISO/IEC 9899:2011) because 193| | * it gets used for small embeded processors, too. Some of those MCUs 194| | * have compilers that one cannot call standard compliant by any means. 195| | * Hence the ugly type-fiddling in the following code. 196| | */ 197| 62| size_a = mp_count_bits(a); 198| 62| mask = (1u << s_floor_ilog2(size_a)) - 1u; 199| | /* 200| | Assuming the General Rieman hypothesis (never thought to write that in a 201| | comment) the upper bound can be lowered to 2*(log a)^2. 202| | E. Bach, "Explicit bounds for primality testing and related problems," 203| | Math. Comp. 55 (1990), 355-380. 204| | 205| | size_a = (size_a/10) * 7; 206| | len = 2 * (size_a * size_a); 207| | 208| | E.g.: a number of size 2^2048 would be reduced to the upper limit 209| | 210| | floor(2048/10)*7 = 1428 211| | 2 * 1428^2 = 4078368 212| | 213| | (would have been ~4030331.9962 with floats and natural log instead) 214| | That number is smaller than 2^28, the default bit-size of mp_digit. 215| | */ 216| | 217| | /* 218| | How many tests, you might ask? Dana Jacobsen of Math::Prime::Util fame 219| | does exactly 1. In words: one. Look at the end of _GMP_is_prime() in 220| | Math-Prime-Util-GMP-0.50/primality.c if you do not believe it. 221| | 222| | The function mp_rand() goes to some length to use a cryptographically 223| | good PRNG. That also means that the chance to always get the same base 224| | in the loop is non-zero, although very low. 225| | If the BPSW test and/or the addtional Frobenious test have been 226| | performed instead of just the Miller-Rabin test with the bases 2 and 3, 227| | a single extra test should suffice, so such a very unlikely event 228| | will not do much harm. 229| | 230| | To preemptivly answer the dangling question: no, a witness does not 231| | need to be prime. 232| | */ 233| 2.23k| for (ix = 0; ix < t; ix++) { ------------------ | Branch (233:20): [True: 2.17k, False: 62] ------------------ 234| | /* mp_rand() guarantees the first digit to be non-zero */ 235| 2.17k| if ((err = mp_rand(&b, 1)) != MP_OKAY) { ------------------ | | 161| 2.17k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (235:14): [True: 0, False: 2.17k] ------------------ 236| 0| goto LBL_B; 237| 0| } 238| | /* 239| | * Reduce digit before casting because mp_digit might be bigger than 240| | * an unsigned int and "mask" on the other side is most probably not. 241| | */ 242| 2.17k| fips_rand = (unsigned int)(b.dp[0] & (mp_digit) mask); 243| |#ifdef MP_8BIT 244| | /* 245| | * One 8-bit digit is too small, so concatenate two if the size of 246| | * unsigned int allows for it. 247| | */ 248| | if ((MP_SIZEOF_BITS(unsigned int)/2) >= MP_SIZEOF_BITS(mp_digit)) { 249| | if ((err = mp_rand(&b, 1)) != MP_OKAY) { 250| | goto LBL_B; 251| | } 252| | fips_rand <<= MP_SIZEOF_BITS(mp_digit); 253| | fips_rand |= (unsigned int) b.dp[0]; 254| | fips_rand &= mask; 255| | } 256| |#endif 257| 2.17k| if (fips_rand > (unsigned int)(INT_MAX - MP_DIGIT_BIT)) { ------------------ | | 82| 2.17k|# define MP_DIGIT_BIT 60 ------------------ | Branch (257:14): [True: 0, False: 2.17k] ------------------ 258| 0| len = INT_MAX / MP_DIGIT_BIT; ------------------ | | 82| 0|# define MP_DIGIT_BIT 60 ------------------ 259| 2.17k| } else { 260| 2.17k| len = (((int)fips_rand + MP_DIGIT_BIT) / MP_DIGIT_BIT); ------------------ | | 82| 2.17k|# define MP_DIGIT_BIT 60 ------------------ len = (((int)fips_rand + MP_DIGIT_BIT) / MP_DIGIT_BIT); ------------------ | | 82| 2.17k|# define MP_DIGIT_BIT 60 ------------------ 261| 2.17k| } 262| | /* Unlikely. */ 263| 2.17k| if (len < 0) { ------------------ | Branch (263:14): [True: 0, False: 2.17k] ------------------ 264| 0| ix--; 265| 0| continue; 266| 0| } 267| | /* 268| | * As mentioned above, one 8-bit digit is too small and 269| | * although it can only happen in the unlikely case that 270| | * an "unsigned int" is smaller than 16 bit a simple test 271| | * is cheap and the correction even cheaper. 272| | */ 273| |#ifdef MP_8BIT 274| | /* All "a" < 2^8 have been caught before */ 275| | if (len == 1) { 276| | len++; 277| | } 278| |#endif 279| 2.17k| if ((err = mp_rand(&b, len)) != MP_OKAY) { ------------------ | | 161| 2.17k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (279:14): [True: 0, False: 2.17k] ------------------ 280| 0| goto LBL_B; 281| 0| } 282| | /* 283| | * That number might got too big and the witness has to be 284| | * smaller than "a" 285| | */ 286| 2.17k| len = mp_count_bits(&b); 287| 2.17k| if (len >= size_a) { ------------------ | Branch (287:14): [True: 243, False: 1.92k] ------------------ 288| 243| len = (len - size_a) + 1; 289| 243| if ((err = mp_div_2d(&b, len, &b, NULL)) != MP_OKAY) { ------------------ | | 161| 243|#define MP_OKAY 0 /* no error */ ------------------ | Branch (289:17): [True: 0, False: 243] ------------------ 290| 0| goto LBL_B; 291| 0| } 292| 243| } 293| | /* Although the chance for b <= 3 is miniscule, try again. */ 294| 2.17k| if (mp_cmp_d(&b, 3uL) != MP_GT) { ------------------ | | 156| 2.17k|#define MP_GT 1 /* greater than */ ------------------ | Branch (294:14): [True: 0, False: 2.17k] ------------------ 295| 0| ix--; 296| 0| continue; 297| 0| } 298| 2.17k| if ((err = mp_prime_miller_rabin(a, &b, &res)) != MP_OKAY) { ------------------ | | 161| 2.17k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (298:14): [True: 0, False: 2.17k] ------------------ 299| 0| goto LBL_B; 300| 0| } 301| 2.17k| if (res == MP_NO) { ------------------ | | 159| 2.17k|#define MP_NO 0 ------------------ | Branch (301:14): [True: 0, False: 2.17k] ------------------ 302| 0| goto LBL_B; 303| 0| } 304| 2.17k| } 305| 62| } 306| | 307| | /* passed the test */ 308| 62| *result = MP_YES; ------------------ | | 158| 62|#define MP_YES 1 ------------------ 309| 103|LBL_B: 310| 103| mp_clear(&b); 311| 103| return err; 312| 62|} bn_mp_prime_is_prime.c:s_floor_ilog2: 8| 62|{ 9| 62| unsigned int r = 0; 10| 496| while ((value >>= 1) != 0) { ------------------ | Branch (10:11): [True: 434, False: 62] ------------------ 11| 434| r++; 12| 434| } 13| 62| return r; 14| 62|} mp_prime_miller_rabin: 14| 2.33k|{ 15| 2.33k| mp_int n1, y, r; 16| 2.33k| mp_err err; 17| 2.33k| int s, j; 18| | 19| | /* default */ 20| 2.33k| *result = MP_NO; ------------------ | | 159| 2.33k|#define MP_NO 0 ------------------ 21| | 22| | /* ensure b > 1 */ 23| 2.33k| if (mp_cmp_d(b, 1uL) != MP_GT) { ------------------ | | 156| 2.33k|#define MP_GT 1 /* greater than */ ------------------ | Branch (23:8): [True: 0, False: 2.33k] ------------------ 24| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 25| 0| } 26| | 27| | /* get n1 = a - 1 */ 28| 2.33k| if ((err = mp_init_copy(&n1, a)) != MP_OKAY) { ------------------ | | 161| 2.33k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (28:8): [True: 0, False: 2.33k] ------------------ 29| 0| return err; 30| 0| } 31| 2.33k| if ((err = mp_sub_d(&n1, 1uL, &n1)) != MP_OKAY) { ------------------ | | 161| 2.33k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (31:8): [True: 0, False: 2.33k] ------------------ 32| 0| goto LBL_N1; 33| 0| } 34| | 35| | /* set 2**s * r = n1 */ 36| 2.33k| if ((err = mp_init_copy(&r, &n1)) != MP_OKAY) { ------------------ | | 161| 2.33k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (36:8): [True: 0, False: 2.33k] ------------------ 37| 0| goto LBL_N1; 38| 0| } 39| | 40| | /* count the number of least significant bits 41| | * which are zero 42| | */ 43| 2.33k| s = mp_cnt_lsb(&r); 44| | 45| | /* now divide n - 1 by 2**s */ 46| 2.33k| if ((err = mp_div_2d(&r, s, &r, NULL)) != MP_OKAY) { ------------------ | | 161| 2.33k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (46:8): [True: 0, False: 2.33k] ------------------ 47| 0| goto LBL_R; 48| 0| } 49| | 50| | /* compute y = b**r mod a */ 51| 2.33k| if ((err = mp_init(&y)) != MP_OKAY) { ------------------ | | 161| 2.33k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (51:8): [True: 0, False: 2.33k] ------------------ 52| 0| goto LBL_R; 53| 0| } 54| 2.33k| if ((err = mp_exptmod(b, &r, a, &y)) != MP_OKAY) { ------------------ | | 161| 2.33k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (54:8): [True: 0, False: 2.33k] ------------------ 55| 0| goto LBL_Y; 56| 0| } 57| | 58| | /* if y != 1 and y != n1 do */ 59| 2.33k| if ((mp_cmp_d(&y, 1uL) != MP_EQ) && (mp_cmp(&y, &n1) != MP_EQ)) { ------------------ | | 155| 2.33k|#define MP_EQ 0 /* equal to */ ------------------ if ((mp_cmp_d(&y, 1uL) != MP_EQ) && (mp_cmp(&y, &n1) != MP_EQ)) { ------------------ | | 155| 2.18k|#define MP_EQ 0 /* equal to */ ------------------ | Branch (59:8): [True: 2.18k, False: 155] | Branch (59:40): [True: 2.05k, False: 130] ------------------ 60| 2.05k| j = 1; 61| | /* while j <= s-1 and y != n1 */ 62| 123k| while ((j <= (s - 1)) && (mp_cmp(&y, &n1) != MP_EQ)) { ------------------ | | 155| 122k|#define MP_EQ 0 /* equal to */ ------------------ | Branch (62:14): [True: 122k, False: 1.10k] | Branch (62:32): [True: 121k, False: 942] ------------------ 63| 121k| if ((err = mp_sqrmod(&y, a, &y)) != MP_OKAY) { ------------------ | | 161| 121k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (63:14): [True: 0, False: 121k] ------------------ 64| 0| goto LBL_Y; 65| 0| } 66| | 67| | /* if y == 1 then composite */ 68| 121k| if (mp_cmp_d(&y, 1uL) == MP_EQ) { ------------------ | | 155| 121k|#define MP_EQ 0 /* equal to */ ------------------ | Branch (68:14): [True: 0, False: 121k] ------------------ 69| 0| goto LBL_Y; 70| 0| } 71| | 72| 121k| ++j; 73| 121k| } 74| | 75| | /* if y != n1 then composite */ 76| 2.05k| if (mp_cmp(&y, &n1) != MP_EQ) { ------------------ | | 155| 2.05k|#define MP_EQ 0 /* equal to */ ------------------ | Branch (76:11): [True: 41, False: 2.00k] ------------------ 77| 41| goto LBL_Y; 78| 41| } 79| 2.05k| } 80| | 81| | /* probably prime now */ 82| 2.29k| *result = MP_YES; ------------------ | | 158| 2.29k|#define MP_YES 1 ------------------ 83| 2.33k|LBL_Y: 84| 2.33k| mp_clear(&y); 85| 2.33k|LBL_R: 86| 2.33k| mp_clear(&r); 87| 2.33k|LBL_N1: 88| 2.33k| mp_clear(&n1); 89| 2.33k| return err; 90| 2.33k|} mp_prime_rabin_miller_trials: 33| 256|{ 34| 256| int x; 35| | 36| 2.04k| for (x = 0; x < (int)(sizeof(sizes)/(sizeof(sizes[0]))); x++) { ------------------ | Branch (36:16): [True: 2.04k, False: 0] ------------------ 37| 2.04k| if (sizes[x].k == size) { ------------------ | Branch (37:11): [True: 256, False: 1.79k] ------------------ 38| 256| return sizes[x].t; 39| 1.79k| } else if (sizes[x].k > size) { ------------------ | Branch (39:18): [True: 0, False: 1.79k] ------------------ 40| 0| return (x == 0) ? sizes[0].t : sizes[x - 1].t; ------------------ | Branch (40:17): [True: 0, False: 0] ------------------ 41| 0| } 42| 2.04k| } 43| 0| return sizes[x-1].t; 44| 256|} mp_rand_source: 10| 1|{ 11| | /* Dropbear, don't reset to platform if source==NULL */ 12| 1| s_mp_rand_source = source; 13| 1|} mp_rand: 16| 4.34k|{ 17| 4.34k| int i; 18| 4.34k| mp_err err; 19| | 20| 4.34k| mp_zero(a); 21| | 22| 4.34k| if (digits <= 0) { ------------------ | Branch (22:8): [True: 0, False: 4.34k] ------------------ 23| 0| return MP_OKAY; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ 24| 0| } 25| | 26| 4.34k| if ((err = mp_grow(a, digits)) != MP_OKAY) { ------------------ | | 161| 4.34k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (26:8): [True: 0, False: 4.34k] ------------------ 27| 0| return err; 28| 0| } 29| | 30| 4.34k| if ((err = s_mp_rand_source(a->dp, (size_t)digits * sizeof(mp_digit))) != MP_OKAY) { ------------------ | | 161| 4.34k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (30:8): [True: 0, False: 4.34k] ------------------ 31| 0| return err; 32| 0| } 33| | 34| | /* TODO: We ensure that the highest digit is nonzero. Should this be removed? */ 35| 4.34k| while ((a->dp[digits - 1] & MP_MASK) == 0u) { ------------------ | | 106| 4.34k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 4.34k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ | Branch (35:11): [True: 0, False: 4.34k] ------------------ 36| 0| if ((err = s_mp_rand_source(a->dp + digits - 1, sizeof(mp_digit))) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (36:11): [True: 0, False: 0] ------------------ 37| 0| return err; 38| 0| } 39| 0| } 40| | 41| 4.34k| a->used = digits; 42| 9.92k| for (i = 0; i < digits; ++i) { ------------------ | Branch (42:16): [True: 5.58k, False: 4.34k] ------------------ 43| 5.58k| a->dp[i] &= MP_MASK; ------------------ | | 106| 5.58k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 5.58k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 44| 5.58k| } 45| | 46| 4.34k| return MP_OKAY; ------------------ | | 161| 4.34k|#define MP_OKAY 0 /* no error */ ------------------ 47| 4.34k|} mp_read_radix: 10| 2.07k|{ 11| 2.07k| mp_err err; 12| 2.07k| int y; 13| 2.07k| mp_sign neg; 14| 2.07k| unsigned pos; 15| 2.07k| char ch; 16| | 17| | /* zero the digit bignum */ 18| 2.07k| mp_zero(a); 19| | 20| | /* make sure the radix is ok */ 21| 2.07k| if ((radix < 2) || (radix > 64)) { ------------------ | Branch (21:8): [True: 0, False: 2.07k] | Branch (21:23): [True: 0, False: 2.07k] ------------------ 22| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 23| 0| } 24| | 25| | /* if the leading digit is a 26| | * minus set the sign to negative. 27| | */ 28| 2.07k| if (*str == '-') { ------------------ | Branch (28:8): [True: 0, False: 2.07k] ------------------ 29| 0| ++str; 30| 0| neg = MP_NEG; ------------------ | | 152| 0|#define MP_NEG 1 /* negative */ ------------------ 31| 2.07k| } else { 32| 2.07k| neg = MP_ZPOS; ------------------ | | 151| 2.07k|#define MP_ZPOS 0 /* positive integer */ ------------------ 33| 2.07k| } 34| | 35| | /* set the integer to the default of zero */ 36| 2.07k| mp_zero(a); 37| | 38| | /* process each digit of the string */ 39| 167k| while (*str != '\0') { ------------------ | Branch (39:11): [True: 165k, False: 2.07k] ------------------ 40| | /* if the radix <= 36 the conversion is case insensitive 41| | * this allows numbers like 1AB and 1ab to represent the same value 42| | * [e.g. in hex] 43| | */ 44| 165k| ch = (radix <= 36) ? (char)MP_TOUPPER((int)*str) : *str; ------------------ | | 6| 165k|#define MP_TOUPPER(c) ((((c) >= 'a') && ((c) <= 'z')) ? (((c) + 'A') - 'a') : (c)) | | ------------------ | | | Branch (6:25): [True: 0, False: 165k] | | | Branch (6:41): [True: 0, False: 0] | | ------------------ ------------------ | Branch (44:12): [True: 165k, False: 0] ------------------ 45| 165k| pos = (unsigned)(ch - '('); 46| 165k| if (mp_s_rmap_reverse_sz < pos) { ------------------ | Branch (46:11): [True: 0, False: 165k] ------------------ 47| 0| break; 48| 0| } 49| 165k| y = (int)mp_s_rmap_reverse[pos]; 50| | 51| | /* if the char was found in the map 52| | * and is less than the given radix add it 53| | * to the number, otherwise exit the loop. 54| | */ 55| 165k| if ((y == 0xff) || (y >= radix)) { ------------------ | Branch (55:11): [True: 0, False: 165k] | Branch (55:26): [True: 0, False: 165k] ------------------ 56| 0| break; 57| 0| } 58| 165k| if ((err = mp_mul_d(a, (mp_digit)radix, a)) != MP_OKAY) { ------------------ | | 161| 165k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (58:11): [True: 0, False: 165k] ------------------ 59| 0| return err; 60| 0| } 61| 165k| if ((err = mp_add_d(a, (mp_digit)y, a)) != MP_OKAY) { ------------------ | | 161| 165k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (61:11): [True: 0, False: 165k] ------------------ 62| 0| return err; 63| 0| } 64| 165k| ++str; 65| 165k| } 66| | 67| | /* if an illegal character was found, fail. */ 68| 2.07k| if (!((*str == '\0') || (*str == '\r') || (*str == '\n'))) { ------------------ | Branch (68:10): [True: 2.07k, False: 0] | Branch (68:28): [True: 0, False: 0] | Branch (68:46): [True: 0, False: 0] ------------------ 69| 0| mp_zero(a); 70| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 71| 0| } 72| | 73| | /* set the sign only if a != 0 */ 74| 2.07k| if (!MP_IS_ZERO(a)) { ------------------ | | 163| 2.07k|#define MP_IS_ZERO(a) ((a)->used == 0) ------------------ | Branch (74:8): [True: 2.07k, False: 0] ------------------ 75| 2.07k| a->sign = neg; 76| 2.07k| } 77| 2.07k| return MP_OKAY; ------------------ | | 161| 2.07k|#define MP_OKAY 0 /* no error */ ------------------ 78| 2.07k|} mp_reduce: 11| 45.1k|{ 12| 45.1k| mp_int q; 13| 45.1k| mp_err err; 14| 45.1k| int um = m->used; 15| | 16| | /* q = x */ 17| 45.1k| if ((err = mp_init_copy(&q, x)) != MP_OKAY) { ------------------ | | 161| 45.1k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (17:8): [True: 0, False: 45.1k] ------------------ 18| 0| return err; 19| 0| } 20| | 21| | /* q1 = x / b**(k-1) */ 22| 45.1k| mp_rshd(&q, um - 1); 23| | 24| | /* according to HAC this optimization is ok */ 25| 45.1k| if ((mp_digit)um > ((mp_digit)1 << (MP_DIGIT_BIT - 1))) { ------------------ | | 82| 45.1k|# define MP_DIGIT_BIT 60 ------------------ | Branch (25:8): [True: 0, False: 45.1k] ------------------ 26| 0| if ((err = mp_mul(&q, mu, &q)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (26:11): [True: 0, False: 0] ------------------ 27| 0| goto CLEANUP; 28| 0| } 29| 45.1k| } else if (MP_HAS(S_MP_MUL_HIGH_DIGS)) { ------------------ | | 150| 45.1k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 45.1k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 45.1k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 45.1k, Folded] | | ------------------ ------------------ 30| 45.1k| if ((err = s_mp_mul_high_digs(&q, mu, &q, um)) != MP_OKAY) { ------------------ | | 161| 45.1k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (30:11): [True: 0, False: 45.1k] ------------------ 31| 0| goto CLEANUP; 32| 0| } 33| 45.1k| } else if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST)) { ------------------ | | 150| 0|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 0, Folded] | | ------------------ ------------------ 34| 0| if ((err = s_mp_mul_high_digs_fast(&q, mu, &q, um)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (34:11): [True: 0, False: 0] ------------------ 35| 0| goto CLEANUP; 36| 0| } 37| 0| } else { 38| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 39| 0| goto CLEANUP; 40| 0| } 41| | 42| | /* q3 = q2 / b**(k+1) */ 43| 45.1k| mp_rshd(&q, um + 1); 44| | 45| | /* x = x mod b**(k+1), quick (no division) */ 46| 45.1k| if ((err = mp_mod_2d(x, MP_DIGIT_BIT * (um + 1), x)) != MP_OKAY) { ------------------ | | 82| 45.1k|# define MP_DIGIT_BIT 60 ------------------ if ((err = mp_mod_2d(x, MP_DIGIT_BIT * (um + 1), x)) != MP_OKAY) { ------------------ | | 161| 45.1k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (46:8): [True: 0, False: 45.1k] ------------------ 47| 0| goto CLEANUP; 48| 0| } 49| | 50| | /* q = q * m mod b**(k+1), quick (no division) */ 51| 45.1k| if ((err = s_mp_mul_digs(&q, m, &q, um + 1)) != MP_OKAY) { ------------------ | | 161| 45.1k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (51:8): [True: 0, False: 45.1k] ------------------ 52| 0| goto CLEANUP; 53| 0| } 54| | 55| | /* x = x - q */ 56| 45.1k| if ((err = mp_sub(x, &q, x)) != MP_OKAY) { ------------------ | | 161| 45.1k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (56:8): [True: 0, False: 45.1k] ------------------ 57| 0| goto CLEANUP; 58| 0| } 59| | 60| | /* If x < 0, add b**(k+1) to it */ 61| 45.1k| if (mp_cmp_d(x, 0uL) == MP_LT) { ------------------ | | 154| 45.1k|#define MP_LT -1 /* less than */ ------------------ | Branch (61:8): [True: 7.25k, False: 37.9k] ------------------ 62| 7.25k| mp_set(&q, 1uL); 63| 7.25k| if ((err = mp_lshd(&q, um + 1)) != MP_OKAY) { ------------------ | | 161| 7.25k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (63:11): [True: 0, False: 7.25k] ------------------ 64| 0| goto CLEANUP; 65| 0| } 66| 7.25k| if ((err = mp_add(x, &q, x)) != MP_OKAY) { ------------------ | | 161| 7.25k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (66:11): [True: 0, False: 7.25k] ------------------ 67| 0| goto CLEANUP; 68| 0| } 69| 7.25k| } 70| | 71| | /* Back off if it's too big */ 72| 82.0k| while (mp_cmp(x, m) != MP_LT) { ------------------ | | 154| 82.0k|#define MP_LT -1 /* less than */ ------------------ | Branch (72:11): [True: 36.8k, False: 45.1k] ------------------ 73| 36.8k| if ((err = s_mp_sub(x, m, x)) != MP_OKAY) { ------------------ | | 161| 36.8k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (73:11): [True: 0, False: 36.8k] ------------------ 74| 0| goto CLEANUP; 75| 0| } 76| 36.8k| } 77| | 78| 45.1k|CLEANUP: 79| 45.1k| mp_clear(&q); 80| | 81| 45.1k| return err; 82| 45.1k|} mp_reduce_2k_l: 11| 47.5k|{ 12| 47.5k| mp_int q; 13| 47.5k| mp_err err; 14| 47.5k| int p; 15| | 16| 47.5k| if ((err = mp_init(&q)) != MP_OKAY) { ------------------ | | 161| 47.5k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (16:8): [True: 0, False: 47.5k] ------------------ 17| 0| return err; 18| 0| } 19| | 20| 47.5k| p = mp_count_bits(n); 21| 2.72M|top: 22| | /* q = a/2**p, a = a mod 2**p */ 23| 2.72M| if ((err = mp_div_2d(a, p, &q, a)) != MP_OKAY) { ------------------ | | 161| 2.72M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (23:8): [True: 0, False: 2.72M] ------------------ 24| 0| goto LBL_ERR; 25| 0| } 26| | 27| | /* q = q * d */ 28| 2.72M| if ((err = mp_mul(&q, d, &q)) != MP_OKAY) { ------------------ | | 161| 2.72M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (28:8): [True: 0, False: 2.72M] ------------------ 29| 0| goto LBL_ERR; 30| 0| } 31| | 32| | /* a = a + q */ 33| 2.72M| if ((err = s_mp_add(a, &q, a)) != MP_OKAY) { ------------------ | | 161| 2.72M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (33:8): [True: 0, False: 2.72M] ------------------ 34| 0| goto LBL_ERR; 35| 0| } 36| | 37| 2.72M| if (mp_cmp_mag(a, n) != MP_LT) { ------------------ | | 154| 2.72M|#define MP_LT -1 /* less than */ ------------------ | Branch (37:8): [True: 2.67M, False: 47.5k] ------------------ 38| 2.67M| if ((err = s_mp_sub(a, n, a)) != MP_OKAY) { ------------------ | | 161| 2.67M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (38:11): [True: 0, False: 2.67M] ------------------ 39| 0| goto LBL_ERR; 40| 0| } 41| 2.67M| goto top; 42| 2.67M| } 43| | 44| 47.5k|LBL_ERR: 45| 47.5k| mp_clear(&q); 46| 47.5k| return err; 47| 2.72M|} mp_reduce_2k_setup_l: 8| 396|{ 9| 396| mp_err err; 10| 396| mp_int tmp; 11| | 12| 396| if ((err = mp_init(&tmp)) != MP_OKAY) { ------------------ | | 161| 396|#define MP_OKAY 0 /* no error */ ------------------ | Branch (12:8): [True: 0, False: 396] ------------------ 13| 0| return err; 14| 0| } 15| | 16| 396| if ((err = mp_2expt(&tmp, mp_count_bits(a))) != MP_OKAY) { ------------------ | | 161| 396|#define MP_OKAY 0 /* no error */ ------------------ | Branch (16:8): [True: 0, False: 396] ------------------ 17| 0| goto LBL_ERR; 18| 0| } 19| | 20| 396| if ((err = s_mp_sub(&tmp, a, d)) != MP_OKAY) { ------------------ | | 161| 396|#define MP_OKAY 0 /* no error */ ------------------ | Branch (20:8): [True: 0, False: 396] ------------------ 21| 0| goto LBL_ERR; 22| 0| } 23| | 24| 396|LBL_ERR: 25| 396| mp_clear(&tmp); 26| 396| return err; 27| 396|} mp_reduce_is_2k: 8| 3.17k|{ 9| 3.17k| int ix, iy, iw; 10| 3.17k| mp_digit iz; 11| | 12| 3.17k| if (a->used == 0) { ------------------ | Branch (12:8): [True: 0, False: 3.17k] ------------------ 13| 0| return MP_NO; ------------------ | | 159| 0|#define MP_NO 0 ------------------ 14| 3.17k| } else if (a->used == 1) { ------------------ | Branch (14:15): [True: 0, False: 3.17k] ------------------ 15| 0| return MP_YES; ------------------ | | 158| 0|#define MP_YES 1 ------------------ 16| 3.17k| } else if (a->used > 1) { ------------------ | Branch (16:15): [True: 3.17k, False: 0] ------------------ 17| 3.17k| iy = mp_count_bits(a); 18| 3.17k| iz = 1; 19| 3.17k| iw = 1; 20| | 21| | /* Test every bit from the second digit up, must be 1 */ 22| 28.6k| for (ix = MP_DIGIT_BIT; ix < iy; ix++) { ------------------ | | 82| 3.17k|# define MP_DIGIT_BIT 60 ------------------ | Branch (22:31): [True: 28.6k, False: 0] ------------------ 23| 28.6k| if ((a->dp[iw] & iz) == 0u) { ------------------ | Branch (23:14): [True: 3.17k, False: 25.4k] ------------------ 24| 3.17k| return MP_NO; ------------------ | | 159| 3.17k|#define MP_NO 0 ------------------ 25| 3.17k| } 26| 25.4k| iz <<= 1; 27| 25.4k| if (iz > MP_DIGIT_MAX) { ------------------ | | 107| 25.4k|#define MP_DIGIT_MAX MP_MASK | | ------------------ | | | | 106| 25.4k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | | | ------------------ | | | | | | 82| 25.4k|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (27:14): [True: 265, False: 25.2k] ------------------ 28| 265| ++iw; 29| 265| iz = 1; 30| 265| } 31| 25.4k| } 32| 0| return MP_YES; ------------------ | | 158| 0|#define MP_YES 1 ------------------ 33| 3.17k| } else { 34| 0| return MP_YES; ------------------ | | 158| 0|#define MP_YES 1 ------------------ 35| 0| } 36| 3.17k|} mp_reduce_is_2k_l: 8| 3.57k|{ 9| 3.57k| int ix, iy; 10| | 11| 3.57k| if (a->used == 0) { ------------------ | Branch (11:8): [True: 0, False: 3.57k] ------------------ 12| 0| return MP_NO; ------------------ | | 159| 0|#define MP_NO 0 ------------------ 13| 3.57k| } else if (a->used == 1) { ------------------ | Branch (13:15): [True: 0, False: 3.57k] ------------------ 14| 0| return MP_YES; ------------------ | | 158| 0|#define MP_YES 1 ------------------ 15| 3.57k| } else if (a->used > 1) { ------------------ | Branch (15:15): [True: 3.57k, False: 0] ------------------ 16| | /* if more than half of the digits are -1 we're sold */ 17| 48.4k| for (iy = ix = 0; ix < a->used; ix++) { ------------------ | Branch (17:25): [True: 44.8k, False: 3.57k] ------------------ 18| 44.8k| if (a->dp[ix] == MP_DIGIT_MAX) { ------------------ | | 107| 44.8k|#define MP_DIGIT_MAX MP_MASK | | ------------------ | | | | 106| 44.8k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | | | ------------------ | | | | | | 82| 44.8k|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (18:14): [True: 7.03k, False: 37.8k] ------------------ 19| 7.03k| ++iy; 20| 7.03k| } 21| 44.8k| } 22| 3.57k| return (iy >= (a->used/2)) ? MP_YES : MP_NO; ------------------ | | 158| 396|#define MP_YES 1 ------------------ return (iy >= (a->used/2)) ? MP_YES : MP_NO; ------------------ | | 159| 3.17k|#define MP_NO 0 ------------------ | Branch (22:14): [True: 396, False: 3.17k] ------------------ 23| 3.57k| } else { 24| 0| return MP_NO; ------------------ | | 159| 0|#define MP_NO 0 ------------------ 25| 0| } 26| 3.57k|} mp_reduce_setup: 10| 569|{ 11| 569| mp_err err; 12| 569| if ((err = mp_2expt(a, b->used * 2 * MP_DIGIT_BIT)) != MP_OKAY) { ------------------ | | 82| 569|# define MP_DIGIT_BIT 60 ------------------ if ((err = mp_2expt(a, b->used * 2 * MP_DIGIT_BIT)) != MP_OKAY) { ------------------ | | 161| 569|#define MP_OKAY 0 /* no error */ ------------------ | Branch (12:8): [True: 0, False: 569] ------------------ 13| 0| return err; 14| 0| } 15| 569| return mp_div(a, b, a, NULL); 16| 569|} mp_rshd: 8| 2.94M|{ 9| 2.94M| int x; 10| 2.94M| mp_digit *bottom, *top; 11| | 12| | /* if b <= 0 then ignore it */ 13| 2.94M| if (b <= 0) { ------------------ | Branch (13:8): [True: 170, False: 2.93M] ------------------ 14| 170| return; 15| 170| } 16| | 17| | /* if b > used then simply zero it and return */ 18| 2.93M| if (a->used <= b) { ------------------ | Branch (18:8): [True: 58.5k, False: 2.88M] ------------------ 19| 58.5k| mp_zero(a); 20| 58.5k| return; 21| 58.5k| } 22| | 23| | /* shift the digits down */ 24| | 25| | /* bottom */ 26| 2.88M| bottom = a->dp; 27| | 28| | /* top [offset into digits] */ 29| 2.88M| top = a->dp + b; 30| | 31| | /* this is implemented as a sliding window where 32| | * the window is b-digits long and digits from 33| | * the top of the window are copied to the bottom 34| | * 35| | * e.g. 36| | 37| | b-2 | b-1 | b0 | b1 | b2 | ... | bb | ----> 38| | /\ | ----> 39| | \-------------------/ ----> 40| | */ 41| 45.4M| for (x = 0; x < (a->used - b); x++) { ------------------ | Branch (41:16): [True: 42.6M, False: 2.88M] ------------------ 42| 42.6M| *bottom++ = *top++; 43| 42.6M| } 44| | 45| | /* zero the top digits */ 46| 2.88M| MP_ZERO_DIGITS(bottom, a->used - x); ------------------ | | 89| 2.88M|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 2.88M|do { \ | | 91| 2.88M| int zd_ = (digits); \ | | 92| 2.88M| mp_digit* zm_ = (mem); \ | | 93| 83.4M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 80.5M, False: 2.88M] | | ------------------ | | 94| 80.5M| *zm_++ = 0; \ | | 95| 80.5M| } \ | | 96| 2.88M|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 2.88M] | | ------------------ ------------------ 47| | 48| | /* remove excess digits */ 49| 2.88M| a->used -= b; 50| 2.88M|} mp_set: 8| 9.66k|{ 9| 9.66k| a->dp[0] = b & MP_MASK; ------------------ | | 106| 9.66k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 9.66k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 10| 9.66k| a->sign = MP_ZPOS; ------------------ | | 151| 9.66k|#define MP_ZPOS 0 /* positive integer */ ------------------ 11| 9.66k| a->used = (a->dp[0] != 0u) ? 1 : 0; ------------------ | Branch (11:15): [True: 9.66k, False: 0] ------------------ 12| 9.66k| MP_ZERO_DIGITS(a->dp + a->used, a->alloc - a->used); ------------------ | | 89| 9.66k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 9.66k|do { \ | | 91| 9.66k| int zd_ = (digits); \ | | 92| 9.66k| mp_digit* zm_ = (mem); \ | | 93| 291k| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 282k, False: 9.66k] | | ------------------ | | 94| 282k| *zm_++ = 0; \ | | 95| 282k| } \ | | 96| 9.66k|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 9.66k] | | ------------------ ------------------ 13| 9.66k|} mp_sqr: 8| 950k|{ 9| 950k| mp_err err; 10| 950k| if (MP_HAS(S_MP_TOOM_SQR) && /* use Toom-Cook? */ ------------------ | | 150| 1.90M|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 950k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 950k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded, False: 950k] | | ------------------ ------------------ 11| 0| (a->used >= MP_TOOM_SQR_CUTOFF)) { ------------------ | | 124| 0|# define MP_TOOM_SQR_CUTOFF TOOM_SQR_CUTOFF ------------------ | Branch (11:8): [True: 0, False: 0] ------------------ 12| 0| err = s_mp_toom_sqr(a, b); 13| 950k| } else if (MP_HAS(S_MP_KARATSUBA_SQR) && /* Karatsuba? */ ------------------ | | 150| 1.90M|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 950k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 950k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded, False: 950k] | | ------------------ ------------------ 14| 0| (a->used >= MP_KARATSUBA_SQR_CUTOFF)) { ------------------ | | 122| 0|# define MP_KARATSUBA_SQR_CUTOFF KARATSUBA_SQR_CUTOFF ------------------ | Branch (14:15): [True: 0, False: 0] ------------------ 15| 0| err = s_mp_karatsuba_sqr(a, b); 16| 950k| } else if (MP_HAS(S_MP_SQR_FAST) && /* can we use the fast comba multiplier? */ ------------------ | | 150| 1.90M|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 950k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 950k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 950k, Folded] | | ------------------ ------------------ 17| 950k| (((a->used * 2) + 1) < MP_WARRAY) && ------------------ | | 172| 950k|#define MP_WARRAY PRIVATE_MP_WARRAY | | ------------------ | | | | 203| 950k|#define PRIVATE_MP_WARRAY (int)(1uLL << (((CHAR_BIT * sizeof(private_mp_word)) - (2 * MP_DIGIT_BIT)) + 1)) | | | | ------------------ | | | | | | 82| 950k|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (17:15): [True: 950k, False: 0] ------------------ 18| 950k| (a->used < (MP_MAXFAST / 2))) { ------------------ | | 168| 950k|#define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 167| 950k|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) | | ------------------ | | #define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 82| 950k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ | Branch (18:15): [True: 949k, False: 266] ------------------ 19| 949k| err = s_mp_sqr_fast(a, b); 20| 949k| } else if (MP_HAS(S_MP_SQR)) { ------------------ | | 150| 266|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 266|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 266|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 266, Folded] | | ------------------ ------------------ 21| 266| err = s_mp_sqr(a, b); 22| 266| } else { 23| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 24| 0| } 25| 950k| b->sign = MP_ZPOS; ------------------ | | 151| 950k|#define MP_ZPOS 0 /* positive integer */ ------------------ 26| 950k| return err; 27| 950k|} mp_sqrmod: 8| 121k|{ 9| 121k| mp_err err; 10| 121k| mp_int t; 11| | 12| 121k| if ((err = mp_init(&t)) != MP_OKAY) { ------------------ | | 161| 121k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (12:8): [True: 0, False: 121k] ------------------ 13| 0| return err; 14| 0| } 15| | 16| 121k| if ((err = mp_sqr(a, &t)) != MP_OKAY) { ------------------ | | 161| 121k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (16:8): [True: 0, False: 121k] ------------------ 17| 0| goto LBL_ERR; 18| 0| } 19| 121k| err = mp_mod(&t, b, c); 20| | 21| 121k|LBL_ERR: 22| 121k| mp_clear(&t); 23| 121k| return err; 24| 121k|} mp_sqrt: 8| 5|{ 9| 5| mp_err err; 10| 5| mp_int t1, t2; 11| | 12| | /* must be positive */ 13| 5| if (arg->sign == MP_NEG) { ------------------ | | 152| 5|#define MP_NEG 1 /* negative */ ------------------ | Branch (13:8): [True: 0, False: 5] ------------------ 14| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 15| 0| } 16| | 17| | /* easy out */ 18| 5| if (MP_IS_ZERO(arg)) { ------------------ | | 163| 5|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 0, False: 5] | | ------------------ ------------------ 19| 0| mp_zero(ret); 20| 0| return MP_OKAY; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ 21| 0| } 22| | 23| 5| if ((err = mp_init_copy(&t1, arg)) != MP_OKAY) { ------------------ | | 161| 5|#define MP_OKAY 0 /* no error */ ------------------ | Branch (23:8): [True: 0, False: 5] ------------------ 24| 0| return err; 25| 0| } 26| | 27| 5| if ((err = mp_init(&t2)) != MP_OKAY) { ------------------ | | 161| 5|#define MP_OKAY 0 /* no error */ ------------------ | Branch (27:8): [True: 0, False: 5] ------------------ 28| 0| goto E2; 29| 0| } 30| | 31| | /* First approx. (not very bad for large arg) */ 32| 5| mp_rshd(&t1, t1.used/2); 33| | 34| | /* t1 > 0 */ 35| 5| if ((err = mp_div(arg, &t1, &t2, NULL)) != MP_OKAY) { ------------------ | | 161| 5|#define MP_OKAY 0 /* no error */ ------------------ | Branch (35:8): [True: 0, False: 5] ------------------ 36| 0| goto E1; 37| 0| } 38| 5| if ((err = mp_add(&t1, &t2, &t1)) != MP_OKAY) { ------------------ | | 161| 5|#define MP_OKAY 0 /* no error */ ------------------ | Branch (38:8): [True: 0, False: 5] ------------------ 39| 0| goto E1; 40| 0| } 41| 5| if ((err = mp_div_2(&t1, &t1)) != MP_OKAY) { ------------------ | | 161| 5|#define MP_OKAY 0 /* no error */ ------------------ | Branch (41:8): [True: 0, False: 5] ------------------ 42| 0| goto E1; 43| 0| } 44| | /* And now t1 > sqrt(arg) */ 45| 147| do { 46| 147| if ((err = mp_div(arg, &t1, &t2, NULL)) != MP_OKAY) { ------------------ | | 161| 147|#define MP_OKAY 0 /* no error */ ------------------ | Branch (46:11): [True: 0, False: 147] ------------------ 47| 0| goto E1; 48| 0| } 49| 147| if ((err = mp_add(&t1, &t2, &t1)) != MP_OKAY) { ------------------ | | 161| 147|#define MP_OKAY 0 /* no error */ ------------------ | Branch (49:11): [True: 0, False: 147] ------------------ 50| 0| goto E1; 51| 0| } 52| 147| if ((err = mp_div_2(&t1, &t1)) != MP_OKAY) { ------------------ | | 161| 147|#define MP_OKAY 0 /* no error */ ------------------ | Branch (52:11): [True: 0, False: 147] ------------------ 53| 0| goto E1; 54| 0| } 55| | /* t1 >= sqrt(arg) >= t2 at this point */ 56| 147| } while (mp_cmp_mag(&t1, &t2) == MP_GT); ------------------ | | 156| 147|#define MP_GT 1 /* greater than */ ------------------ | Branch (56:13): [True: 142, False: 5] ------------------ 57| | 58| 5| mp_exch(&t1, ret); 59| | 60| 5|E1: 61| 5| mp_clear(&t2); 62| 5|E2: 63| 5| mp_clear(&t1); 64| 5| return err; 65| 5|} mp_sub: 8| 1.84M|{ 9| 1.84M| mp_sign sa = a->sign, sb = b->sign; 10| 1.84M| mp_err err; 11| | 12| 1.84M| if (sa != sb) { ------------------ | Branch (12:8): [True: 134k, False: 1.71M] ------------------ 13| | /* subtract a negative from a positive, OR */ 14| | /* subtract a positive from a negative. */ 15| | /* In either case, ADD their magnitudes, */ 16| | /* and use the sign of the first number. */ 17| 134k| c->sign = sa; 18| 134k| err = s_mp_add(a, b, c); 19| 1.71M| } else { 20| | /* subtract a positive from a positive, OR */ 21| | /* subtract a negative from a negative. */ 22| | /* First, take the difference between their */ 23| | /* magnitudes, then... */ 24| 1.71M| if (mp_cmp_mag(a, b) != MP_LT) { ------------------ | | 154| 1.71M|#define MP_LT -1 /* less than */ ------------------ | Branch (24:11): [True: 1.28M, False: 432k] ------------------ 25| | /* Copy the sign from the first */ 26| 1.28M| c->sign = sa; 27| | /* The first has a larger or equal magnitude */ 28| 1.28M| err = s_mp_sub(a, b, c); 29| 1.28M| } else { 30| | /* The result has the *opposite* sign from */ 31| | /* the first number. */ 32| 432k| c->sign = (sa == MP_ZPOS) ? MP_NEG : MP_ZPOS; ------------------ | | 151| 432k|#define MP_ZPOS 0 /* positive integer */ ------------------ c->sign = (sa == MP_ZPOS) ? MP_NEG : MP_ZPOS; ------------------ | | 152| 392k|#define MP_NEG 1 /* negative */ ------------------ c->sign = (sa == MP_ZPOS) ? MP_NEG : MP_ZPOS; ------------------ | | 151| 473k|#define MP_ZPOS 0 /* positive integer */ ------------------ | Branch (32:20): [True: 392k, False: 40.6k] ------------------ 33| | /* The second has a larger magnitude */ 34| 432k| err = s_mp_sub(b, a, c); 35| 432k| } 36| 1.71M| } 37| 1.84M| return err; 38| 1.84M|} mp_sub_d: 8| 2.33k|{ 9| 2.33k| mp_digit *tmpa, *tmpc; 10| 2.33k| mp_err err; 11| 2.33k| int ix, oldused; 12| | 13| | /* grow c as required */ 14| 2.33k| if (c->alloc < (a->used + 1)) { ------------------ | Branch (14:8): [True: 2.33k, False: 0] ------------------ 15| 2.33k| if ((err = mp_grow(c, a->used + 1)) != MP_OKAY) { ------------------ | | 161| 2.33k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (15:11): [True: 0, False: 2.33k] ------------------ 16| 0| return err; 17| 0| } 18| 2.33k| } 19| | 20| | /* if a is negative just do an unsigned 21| | * addition [with fudged signs] 22| | */ 23| 2.33k| if (a->sign == MP_NEG) { ------------------ | | 152| 2.33k|#define MP_NEG 1 /* negative */ ------------------ | Branch (23:8): [True: 0, False: 2.33k] ------------------ 24| 0| mp_int a_ = *a; 25| 0| a_.sign = MP_ZPOS; ------------------ | | 151| 0|#define MP_ZPOS 0 /* positive integer */ ------------------ 26| 0| err = mp_add_d(&a_, b, c); 27| 0| c->sign = MP_NEG; ------------------ | | 152| 0|#define MP_NEG 1 /* negative */ ------------------ 28| | 29| | /* clamp */ 30| 0| mp_clamp(c); 31| | 32| 0| return err; 33| 0| } 34| | 35| | /* setup regs */ 36| 2.33k| oldused = c->used; 37| 2.33k| tmpa = a->dp; 38| 2.33k| tmpc = c->dp; 39| | 40| | /* if a <= b simply fix the single digit */ 41| 2.33k| if (((a->used == 1) && (a->dp[0] <= b)) || (a->used == 0)) { ------------------ | Branch (41:9): [True: 0, False: 2.33k] | Branch (41:27): [True: 0, False: 0] | Branch (41:47): [True: 0, False: 2.33k] ------------------ 42| 0| if (a->used == 1) { ------------------ | Branch (42:11): [True: 0, False: 0] ------------------ 43| 0| *tmpc++ = b - *tmpa; 44| 0| } else { 45| 0| *tmpc++ = b; 46| 0| } 47| 0| ix = 1; 48| | 49| | /* negative/1digit */ 50| 0| c->sign = MP_NEG; ------------------ | | 152| 0|#define MP_NEG 1 /* negative */ ------------------ 51| 0| c->used = 1; 52| 2.33k| } else { 53| 2.33k| mp_digit mu = b; 54| | 55| | /* positive/size */ 56| 2.33k| c->sign = MP_ZPOS; ------------------ | | 151| 2.33k|#define MP_ZPOS 0 /* positive integer */ ------------------ 57| 2.33k| c->used = a->used; 58| | 59| | /* subtract digits, mu is carry */ 60| 9.34k| for (ix = 0; ix < a->used; ix++) { ------------------ | Branch (60:20): [True: 7.00k, False: 2.33k] ------------------ 61| 7.00k| *tmpc = *tmpa++ - mu; 62| 7.00k| mu = *tmpc >> (MP_SIZEOF_BITS(mp_digit) - 1u); ------------------ | | 167| 7.00k|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) ------------------ 63| 7.00k| *tmpc++ &= MP_MASK; ------------------ | | 106| 7.00k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 7.00k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 64| 7.00k| } 65| 2.33k| } 66| | 67| | /* zero excess digits */ 68| 2.33k| MP_ZERO_DIGITS(tmpc, oldused - ix); ------------------ | | 89| 2.33k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 2.33k|do { \ | | 91| 2.33k| int zd_ = (digits); \ | | 92| 2.33k| mp_digit* zm_ = (mem); \ | | 93| 2.33k| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 0, False: 2.33k] | | ------------------ | | 94| 0| *zm_++ = 0; \ | | 95| 0| } \ | | 96| 2.33k|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 2.33k] | | ------------------ ------------------ 69| | 70| 2.33k| mp_clamp(c); 71| 2.33k| return MP_OKAY; ------------------ | | 161| 2.33k|#define MP_OKAY 0 /* no error */ ------------------ 72| 2.33k|} mp_to_ubin: 8| 518|{ 9| 518| size_t x, count; 10| 518| mp_err err; 11| 518| mp_int t; 12| | 13| 518| count = mp_ubin_size(a); 14| 518| if (count > maxlen) { ------------------ | Branch (14:8): [True: 0, False: 518] ------------------ 15| 0| return MP_BUF; ------------------ | | 167| 0|#define MP_BUF -5 /* buffer overflow, supplied buffer too small */ ------------------ 16| 0| } 17| | 18| 518| if ((err = mp_init_copy(&t, a)) != MP_OKAY) { ------------------ | | 161| 518|#define MP_OKAY 0 /* no error */ ------------------ | Branch (18:8): [True: 0, False: 518] ------------------ 19| 0| return err; 20| 0| } 21| | 22| 20.1k| for (x = count; x --> 0u;) { ------------------ | Branch (22:20): [True: 19.6k, False: 518] ------------------ 23| 19.6k|#ifndef MP_8BIT 24| 19.6k| buf[x] = (unsigned char)(t.dp[0] & 255u); 25| |#else 26| | buf[x] = (unsigned char)(t.dp[0] | ((t.dp[1] & 1u) << 7)); 27| |#endif 28| 19.6k| if ((err = mp_div_2d(&t, 8, &t, NULL)) != MP_OKAY) { ------------------ | | 161| 19.6k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (28:11): [True: 0, False: 19.6k] ------------------ 29| 0| goto LBL_ERR; 30| 0| } 31| 19.6k| } 32| | 33| 518| if (written != NULL) { ------------------ | Branch (33:8): [True: 0, False: 518] ------------------ 34| 0| *written = count; 35| 0| } 36| | 37| 518|LBL_ERR: 38| 518| mp_clear(&t); 39| 518| return err; 40| 518|} mp_ubin_size: 8| 2.70k|{ 9| 2.70k| size_t size = (size_t)mp_count_bits(a); 10| 2.70k| return (size / 8u) + (((size & 7u) != 0u) ? 1u : 0u); ------------------ | Branch (10:26): [True: 1.58k, False: 1.12k] ------------------ 11| 2.70k|} mp_zero: 8| 601k|{ 9| 601k| a->sign = MP_ZPOS; ------------------ | | 151| 601k|#define MP_ZPOS 0 /* positive integer */ ------------------ 10| 601k| a->used = 0; 11| 601k| MP_ZERO_DIGITS(a->dp, a->alloc); ------------------ | | 89| 601k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 601k|do { \ | | 91| 601k| int zd_ = (digits); \ | | 92| 601k| mp_digit* zm_ = (mem); \ | | 93| 19.9M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 19.3M, False: 601k] | | ------------------ | | 94| 19.3M| *zm_++ = 0; \ | | 95| 19.3M| } \ | | 96| 601k|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 601k] | | ------------------ ------------------ 12| 601k|} s_mp_add: 8| 3.52M|{ 9| 3.52M| const mp_int *x; 10| 3.52M| mp_err err; 11| 3.52M| int olduse, min, max; 12| | 13| | /* find sizes, we let |a| <= |b| which means we have to sort 14| | * them. "x" will point to the input with the most digits 15| | */ 16| 3.52M| if (a->used > b->used) { ------------------ | Branch (16:8): [True: 37.8k, False: 3.48M] ------------------ 17| 37.8k| min = b->used; 18| 37.8k| max = a->used; 19| 37.8k| x = a; 20| 3.48M| } else { 21| 3.48M| min = a->used; 22| 3.48M| max = b->used; 23| 3.48M| x = b; 24| 3.48M| } 25| | 26| | /* init result */ 27| 3.52M| if (c->alloc < (max + 1)) { ------------------ | Branch (27:8): [True: 88, False: 3.52M] ------------------ 28| 88| if ((err = mp_grow(c, max + 1)) != MP_OKAY) { ------------------ | | 161| 88|#define MP_OKAY 0 /* no error */ ------------------ | Branch (28:11): [True: 0, False: 88] ------------------ 29| 0| return err; 30| 0| } 31| 88| } 32| | 33| | /* get old used digit count and set new one */ 34| 3.52M| olduse = c->used; 35| 3.52M| c->used = max + 1; 36| | 37| 3.52M| { 38| 3.52M| mp_digit u, *tmpa, *tmpb, *tmpc; 39| 3.52M| int i; 40| | 41| | /* alias for digit pointers */ 42| | 43| | /* first input */ 44| 3.52M| tmpa = a->dp; 45| | 46| | /* second input */ 47| 3.52M| tmpb = b->dp; 48| | 49| | /* destination */ 50| 3.52M| tmpc = c->dp; 51| | 52| | /* zero the carry */ 53| 3.52M| u = 0; 54| 90.5M| for (i = 0; i < min; i++) { ------------------ | Branch (54:19): [True: 86.9M, False: 3.52M] ------------------ 55| | /* Compute the sum at one digit, T[i] = A[i] + B[i] + U */ 56| 86.9M| *tmpc = *tmpa++ + *tmpb++ + u; 57| | 58| | /* U = carry bit of T[i] */ 59| 86.9M| u = *tmpc >> (mp_digit)MP_DIGIT_BIT; ------------------ | | 82| 86.9M|# define MP_DIGIT_BIT 60 ------------------ 60| | 61| | /* take away carry bit from T[i] */ 62| 86.9M| *tmpc++ &= MP_MASK; ------------------ | | 106| 86.9M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 86.9M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 63| 86.9M| } 64| | 65| | /* now copy higher words if any, that is in A+B 66| | * if A or B has more digits add those in 67| | */ 68| 3.52M| if (min != max) { ------------------ | Branch (68:11): [True: 2.50M, False: 1.01M] ------------------ 69| 41.7M| for (; i < max; i++) { ------------------ | Branch (69:17): [True: 39.1M, False: 2.50M] ------------------ 70| | /* T[i] = X[i] + U */ 71| 39.1M| *tmpc = x->dp[i] + u; 72| | 73| | /* U = carry bit of T[i] */ 74| 39.1M| u = *tmpc >> (mp_digit)MP_DIGIT_BIT; ------------------ | | 82| 39.1M|# define MP_DIGIT_BIT 60 ------------------ 75| | 76| | /* take away carry bit from T[i] */ 77| 39.1M| *tmpc++ &= MP_MASK; ------------------ | | 106| 39.1M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 39.1M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 78| 39.1M| } 79| 2.50M| } 80| | 81| | /* add carry */ 82| 3.52M| *tmpc++ = u; 83| | 84| | /* clear digits above oldused */ 85| 3.52M| MP_ZERO_DIGITS(tmpc, olduse - c->used); ------------------ | | 89| 3.52M|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 3.52M|do { \ | | 91| 3.52M| int zd_ = (digits); \ | | 92| 3.52M| mp_digit* zm_ = (mem); \ | | 93| 3.52M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 0, False: 3.52M] | | ------------------ | | 94| 0| *zm_++ = 0; \ | | 95| 0| } \ | | 96| 3.52M|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 3.52M] | | ------------------ ------------------ 86| 3.52M| } 87| | 88| 3.52M| mp_clamp(c); 89| 3.52M| return MP_OKAY; ------------------ | | 161| 3.52M|#define MP_OKAY 0 /* no error */ ------------------ 90| 3.52M|} s_mp_exptmod: 15| 965|{ 16| 965| mp_int M[TAB_SIZE], res, mu; 17| 965| mp_digit buf; 18| 965| mp_err err; 19| 965| int bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize; 20| 965| mp_err(*redux)(mp_int *x, const mp_int *m, const mp_int *mu); 21| | 22| | /* find window size */ 23| 965| x = mp_count_bits(X); 24| 965| if (x <= 7) { ------------------ | Branch (24:8): [True: 230, False: 735] ------------------ 25| 230| winsize = 2; 26| 735| } else if (x <= 36) { ------------------ | Branch (26:15): [True: 262, False: 473] ------------------ 27| 262| winsize = 3; 28| 473| } else if (x <= 140) { ------------------ | Branch (28:15): [True: 121, False: 352] ------------------ 29| 121| winsize = 4; 30| 352| } else if (x <= 450) { ------------------ | Branch (30:15): [True: 352, False: 0] ------------------ 31| 352| winsize = 5; 32| 352| } else if (x <= 1303) { ------------------ | Branch (32:15): [True: 0, False: 0] ------------------ 33| 0| winsize = 6; 34| 0| } else if (x <= 3529) { ------------------ | Branch (34:15): [True: 0, False: 0] ------------------ 35| 0| winsize = 7; 36| 0| } else { 37| 0| winsize = 8; 38| 0| } 39| | 40| 965| winsize = MAX_WINSIZE ? MP_MIN(MAX_WINSIZE, winsize) : winsize; ------------------ | | 11| 965|# define MAX_WINSIZE 0 | | ------------------ | | | Branch (11:24): [Folded, False: 965] | | ------------------ ------------------ winsize = MAX_WINSIZE ? MP_MIN(MAX_WINSIZE, winsize) : winsize; ------------------ | | 156| 0|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 0, False: 0] | | ------------------ ------------------ 41| | 42| | /* init M array */ 43| | /* init first cell */ 44| 965| if ((err = mp_init(&M[1])) != MP_OKAY) { ------------------ | | 161| 965|#define MP_OKAY 0 /* no error */ ------------------ | Branch (44:8): [True: 0, False: 965] ------------------ 45| 0| return err; 46| 0| } 47| | 48| | /* now init the second half of the array */ 49| 9.07k| for (x = 1<<(winsize-1); x < (1 << winsize); x++) { ------------------ | Branch (49:29): [True: 8.10k, False: 965] ------------------ 50| 8.10k| if ((err = mp_init(&M[x])) != MP_OKAY) { ------------------ | | 161| 8.10k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (50:11): [True: 0, False: 8.10k] ------------------ 51| 0| for (y = 1<<(winsize-1); y < x; y++) { ------------------ | Branch (51:35): [True: 0, False: 0] ------------------ 52| 0| mp_clear(&M[y]); 53| 0| } 54| 0| mp_clear(&M[1]); 55| 0| return err; 56| 0| } 57| 8.10k| } 58| | 59| | /* create mu, used for Barrett reduction */ 60| 965| if ((err = mp_init(&mu)) != MP_OKAY) goto LBL_M; ------------------ | | 161| 965|#define MP_OKAY 0 /* no error */ ------------------ | Branch (60:8): [True: 0, False: 965] ------------------ 61| | 62| 965| if (redmode == 0) { ------------------ | Branch (62:8): [True: 569, False: 396] ------------------ 63| 569| if ((err = mp_reduce_setup(&mu, P)) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 569|#define MP_OKAY 0 /* no error */ ------------------ | Branch (63:11): [True: 0, False: 569] ------------------ 64| 569| redux = mp_reduce; 65| 569| } else { 66| 396| if ((err = mp_reduce_2k_setup_l(P, &mu)) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 396|#define MP_OKAY 0 /* no error */ ------------------ | Branch (66:11): [True: 0, False: 396] ------------------ 67| 396| redux = mp_reduce_2k_l; 68| 396| } 69| | 70| | /* create M table 71| | * 72| | * The M table contains powers of the base, 73| | * e.g. M[x] = G**x mod P 74| | * 75| | * The first half of the table is not 76| | * computed though accept for M[0] and M[1] 77| | */ 78| 965| if ((err = mp_mod(G, P, &M[1])) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 965|#define MP_OKAY 0 /* no error */ ------------------ | Branch (78:8): [True: 0, False: 965] ------------------ 79| | 80| | /* compute the value at M[1<<(winsize-1)] by squaring 81| | * M[1] (winsize-1) times 82| | */ 83| 965| if ((err = mp_copy(&M[1], &M[(size_t)1 << (winsize - 1)])) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 965|#define MP_OKAY 0 /* no error */ ------------------ | Branch (83:8): [True: 0, False: 965] ------------------ 84| | 85| 3.49k| for (x = 0; x < (winsize - 1); x++) { ------------------ | Branch (85:16): [True: 2.52k, False: 965] ------------------ 86| | /* square it */ 87| 2.52k| if ((err = mp_sqr(&M[(size_t)1 << (winsize - 1)], ------------------ | Branch (87:11): [True: 0, False: 2.52k] ------------------ 88| 2.52k| &M[(size_t)1 << (winsize - 1)])) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 2.52k|#define MP_OKAY 0 /* no error */ ------------------ 89| | 90| | /* reduce modulo P */ 91| 2.52k| if ((err = redux(&M[(size_t)1 << (winsize - 1)], P, &mu)) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 2.52k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (91:11): [True: 0, False: 2.52k] ------------------ 92| 2.52k| } 93| | 94| | /* create upper table, that is M[x] = M[x-1] * M[1] (mod P) 95| | * for x = (2**(winsize - 1) + 1) to (2**winsize - 1) 96| | */ 97| 8.10k| for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) { ------------------ | Branch (97:39): [True: 7.14k, False: 965] ------------------ 98| 7.14k| if ((err = mp_mul(&M[x - 1], &M[1], &M[x])) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 7.14k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (98:11): [True: 0, False: 7.14k] ------------------ 99| 7.14k| if ((err = redux(&M[x], P, &mu)) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 7.14k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (99:11): [True: 0, False: 7.14k] ------------------ 100| 7.14k| } 101| | 102| | /* setup result */ 103| 965| if ((err = mp_init(&res)) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 965|#define MP_OKAY 0 /* no error */ ------------------ | Branch (103:8): [True: 0, False: 965] ------------------ 104| 965| mp_set(&res, 1uL); 105| | 106| | /* set initial mode and bit cnt */ 107| 965| mode = 0; 108| 965| bitcnt = 1; 109| 965| buf = 0; 110| 965| digidx = X->used - 1; 111| 965| bitcpy = 0; 112| 965| bitbuf = 0; 113| | 114| 97.0k| for (;;) { 115| | /* grab next digit as required */ 116| 97.0k| if (--bitcnt == 0) { ------------------ | Branch (116:11): [True: 2.56k, False: 94.4k] ------------------ 117| | /* if digidx == -1 we are out of digits */ 118| 2.56k| if (digidx == -1) { ------------------ | Branch (118:14): [True: 965, False: 1.60k] ------------------ 119| 965| break; 120| 965| } 121| | /* read next digit and reset the bitcnt */ 122| 1.60k| buf = X->dp[digidx--]; 123| 1.60k| bitcnt = (int)MP_DIGIT_BIT; ------------------ | | 82| 1.60k|# define MP_DIGIT_BIT 60 ------------------ 124| 1.60k| } 125| | 126| | /* grab the next msb from the exponent */ 127| 96.0k| y = (buf >> (mp_digit)(MP_DIGIT_BIT - 1)) & 1uL; ------------------ | | 82| 96.0k|# define MP_DIGIT_BIT 60 ------------------ 128| 96.0k| buf <<= (mp_digit)1; 129| | 130| | /* if the bit is zero and mode == 0 then we ignore it 131| | * These represent the leading zero bits before the first 1 bit 132| | * in the exponent. Technically this opt is not required but it 133| | * does lower the # of trivial squaring/reductions used 134| | */ 135| 96.0k| if ((mode == 0) && (y == 0)) { ------------------ | Branch (135:11): [True: 26.0k, False: 70.0k] | Branch (135:26): [True: 25.2k, False: 799] ------------------ 136| 25.2k| continue; 137| 25.2k| } 138| | 139| | /* if the bit is zero and mode == 1 then we square */ 140| 70.8k| if ((mode == 1) && (y == 0)) { ------------------ | Branch (140:11): [True: 27.4k, False: 43.3k] | Branch (140:26): [True: 16.3k, False: 11.0k] ------------------ 141| 16.3k| if ((err = mp_sqr(&res, &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 16.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (141:14): [True: 0, False: 16.3k] ------------------ 142| 16.3k| if ((err = redux(&res, P, &mu)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 16.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (142:14): [True: 0, False: 16.3k] ------------------ 143| 16.3k| continue; 144| 16.3k| } 145| | 146| | /* else we add it to the window */ 147| 54.4k| bitbuf |= (y << (winsize - ++bitcpy)); 148| 54.4k| mode = 2; 149| | 150| 54.4k| if (bitcpy == winsize) { ------------------ | Branch (150:11): [True: 11.4k, False: 42.9k] ------------------ 151| | /* ok window is filled so square as required and multiply */ 152| | /* square first */ 153| 64.8k| for (x = 0; x < winsize; x++) { ------------------ | Branch (153:22): [True: 53.3k, False: 11.4k] ------------------ 154| 53.3k| if ((err = mp_sqr(&res, &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 53.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (154:17): [True: 0, False: 53.3k] ------------------ 155| 53.3k| if ((err = redux(&res, P, &mu)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 53.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (155:17): [True: 0, False: 53.3k] ------------------ 156| 53.3k| } 157| | 158| | /* then multiply */ 159| 11.4k| if ((err = mp_mul(&res, &M[bitbuf], &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 11.4k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (159:14): [True: 0, False: 11.4k] ------------------ 160| 11.4k| if ((err = redux(&res, P, &mu)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 11.4k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (160:14): [True: 0, False: 11.4k] ------------------ 161| | 162| | /* empty window and reset */ 163| 11.4k| bitcpy = 0; 164| 11.4k| bitbuf = 0; 165| 11.4k| mode = 1; 166| 11.4k| } 167| 54.4k| } 168| | 169| | /* if bits remain then square/multiply */ 170| 965| if ((mode == 2) && (bitcpy > 0)) { ------------------ | Branch (170:8): [True: 390, False: 575] | Branch (170:23): [True: 390, False: 0] ------------------ 171| | /* square then multiply if the bit is set */ 172| 1.45k| for (x = 0; x < bitcpy; x++) { ------------------ | Branch (172:19): [True: 1.06k, False: 390] ------------------ 173| 1.06k| if ((err = mp_sqr(&res, &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 1.06k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (173:14): [True: 0, False: 1.06k] ------------------ 174| 1.06k| if ((err = redux(&res, P, &mu)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 1.06k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (174:14): [True: 0, False: 1.06k] ------------------ 175| | 176| 1.06k| bitbuf <<= 1; 177| 1.06k| if ((bitbuf & (1 << winsize)) != 0) { ------------------ | Branch (177:14): [True: 818, False: 251] ------------------ 178| | /* then multiply */ 179| 818| if ((err = mp_mul(&res, &M[1], &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 818|#define MP_OKAY 0 /* no error */ ------------------ | Branch (179:17): [True: 0, False: 818] ------------------ 180| 818| if ((err = redux(&res, P, &mu)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 818|#define MP_OKAY 0 /* no error */ ------------------ | Branch (180:17): [True: 0, False: 818] ------------------ 181| 818| } 182| 1.06k| } 183| 390| } 184| | 185| 965| mp_exch(&res, Y); 186| 965| err = MP_OKAY; ------------------ | | 161| 965|#define MP_OKAY 0 /* no error */ ------------------ 187| 965|LBL_RES: 188| 965| mp_clear(&res); 189| 965|LBL_MU: 190| 965| mp_clear(&mu); 191| 965|LBL_M: 192| 965| mp_clear(&M[1]); 193| 9.07k| for (x = 1<<(winsize-1); x < (1 << winsize); x++) { ------------------ | Branch (193:29): [True: 8.10k, False: 965] ------------------ 194| 8.10k| mp_clear(&M[x]); 195| 8.10k| } 196| 965| return err; 197| 965|} s_mp_exptmod_fast: 23| 2.60k|{ 24| 2.60k| mp_int M[TAB_SIZE], res; 25| 2.60k| mp_digit buf, mp; 26| 2.60k| int bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize; 27| 2.60k| mp_err err; 28| | 29| | /* use a pointer to the reduction algorithm. This allows us to use 30| | * one of many reduction algorithms without modding the guts of 31| | * the code with if statements everywhere. 32| | */ 33| 2.60k| mp_err(*redux)(mp_int *x, const mp_int *n, mp_digit rho); 34| | 35| | /* find window size */ 36| 2.60k| x = mp_count_bits(X); 37| 2.60k| if (x <= 7) { ------------------ | Branch (37:8): [True: 312, False: 2.29k] ------------------ 38| 312| winsize = 2; 39| 2.29k| } else if (x <= 36) { ------------------ | Branch (39:15): [True: 269, False: 2.02k] ------------------ 40| 269| winsize = 3; 41| 2.02k| } else if (x <= 140) { ------------------ | Branch (41:15): [True: 1.32k, False: 702] ------------------ 42| 1.32k| winsize = 4; 43| 1.32k| } else if (x <= 450) { ------------------ | Branch (43:15): [True: 702, False: 0] ------------------ 44| 702| winsize = 5; 45| 702| } else if (x <= 1303) { ------------------ | Branch (45:15): [True: 0, False: 0] ------------------ 46| 0| winsize = 6; 47| 0| } else if (x <= 3529) { ------------------ | Branch (47:15): [True: 0, False: 0] ------------------ 48| 0| winsize = 7; 49| 0| } else { 50| 0| winsize = 8; 51| 0| } 52| | 53| 2.60k| winsize = MAX_WINSIZE ? MP_MIN(MAX_WINSIZE, winsize) : winsize; ------------------ | | 19| 2.60k|# define MAX_WINSIZE 0 | | ------------------ | | | Branch (19:24): [Folded, False: 2.60k] | | ------------------ ------------------ winsize = MAX_WINSIZE ? MP_MIN(MAX_WINSIZE, winsize) : winsize; ------------------ | | 156| 0|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 0, False: 0] | | ------------------ ------------------ 54| | 55| | /* init M array */ 56| | /* init first cell */ 57| 2.60k| if ((err = mp_init_size(&M[1], P->alloc)) != MP_OKAY) { ------------------ | | 161| 2.60k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (57:8): [True: 0, False: 2.60k] ------------------ 58| 0| return err; 59| 0| } 60| | 61| | /* now init the second half of the array */ 62| 26.1k| for (x = 1<<(winsize-1); x < (1 << winsize); x++) { ------------------ | Branch (62:29): [True: 23.5k, False: 2.60k] ------------------ 63| 23.5k| if ((err = mp_init_size(&M[x], P->alloc)) != MP_OKAY) { ------------------ | | 161| 23.5k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (63:11): [True: 0, False: 23.5k] ------------------ 64| 0| for (y = 1<<(winsize-1); y < x; y++) { ------------------ | Branch (64:35): [True: 0, False: 0] ------------------ 65| 0| mp_clear(&M[y]); 66| 0| } 67| 0| mp_clear(&M[1]); 68| 0| return err; 69| 0| } 70| 23.5k| } 71| | 72| | /* determine and setup reduction code */ 73| 2.60k| if (redmode == 0) { ------------------ | Branch (73:8): [True: 2.60k, False: 0] ------------------ 74| 2.60k| if (MP_HAS(MP_MONTGOMERY_SETUP)) { ------------------ | | 150| 2.60k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 2.60k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 2.60k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 2.60k, Folded] | | ------------------ ------------------ 75| | /* now setup montgomery */ 76| 2.60k| if ((err = mp_montgomery_setup(P, &mp)) != MP_OKAY) goto LBL_M; ------------------ | | 161| 2.60k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (76:14): [True: 0, False: 2.60k] ------------------ 77| 2.60k| } else { 78| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 79| 0| goto LBL_M; 80| 0| } 81| | 82| | /* automatically pick the comba one if available (saves quite a few calls/ifs) */ 83| 2.60k| if (MP_HAS(S_MP_MONTGOMERY_REDUCE_FAST) && ------------------ | | 150| 5.21k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 2.60k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 2.60k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 2.60k, Folded] | | ------------------ ------------------ 84| 2.60k| (((P->used * 2) + 1) < MP_WARRAY) && ------------------ | | 172| 2.60k|#define MP_WARRAY PRIVATE_MP_WARRAY | | ------------------ | | | | 203| 2.60k|#define PRIVATE_MP_WARRAY (int)(1uLL << (((CHAR_BIT * sizeof(private_mp_word)) - (2 * MP_DIGIT_BIT)) + 1)) | | | | ------------------ | | | | | | 82| 2.60k|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (84:11): [True: 2.60k, False: 0] ------------------ 85| 2.60k| (P->used < MP_MAXFAST)) { ------------------ | | 168| 2.60k|#define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 167| 2.60k|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) | | ------------------ | | #define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 82| 2.60k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ | Branch (85:11): [True: 2.60k, False: 0] ------------------ 86| 2.60k| redux = s_mp_montgomery_reduce_fast; 87| 2.60k| } else if (MP_HAS(MP_MONTGOMERY_REDUCE)) { ------------------ | | 150| 0|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 0, Folded] | | ------------------ ------------------ 88| | /* use slower baseline Montgomery method */ 89| 0| redux = mp_montgomery_reduce; 90| 0| } else { 91| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 92| 0| goto LBL_M; 93| 0| } 94| 2.60k| } else if (redmode == 1) { ------------------ | Branch (94:15): [True: 0, False: 0] ------------------ 95| 0| if (MP_HAS(MP_DR_SETUP) && MP_HAS(MP_DR_REDUCE)) { ------------------ | | 150| 0|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 0, Folded] | | ------------------ ------------------ if (MP_HAS(MP_DR_SETUP) && MP_HAS(MP_DR_REDUCE)) { ------------------ | | 150| 0|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 0, Folded] | | ------------------ ------------------ 96| | /* setup DR reduction for moduli of the form B**k - b */ 97| 0| mp_dr_setup(P, &mp); 98| 0| redux = mp_dr_reduce; 99| 0| } else { 100| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 101| 0| goto LBL_M; 102| 0| } 103| 0| } else if (MP_HAS(MP_REDUCE_2K_SETUP) && MP_HAS(MP_REDUCE_2K)) { ------------------ | | 150| 0|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 0, Folded] | | ------------------ ------------------ } else if (MP_HAS(MP_REDUCE_2K_SETUP) && MP_HAS(MP_REDUCE_2K)) { ------------------ | | 150| 0|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 0, Folded] | | ------------------ ------------------ 104| | /* setup DR reduction for moduli of the form 2**k - b */ 105| 0| if ((err = mp_reduce_2k_setup(P, &mp)) != MP_OKAY) goto LBL_M; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (105:11): [True: 0, False: 0] ------------------ 106| 0| redux = mp_reduce_2k; 107| 0| } else { 108| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 109| 0| goto LBL_M; 110| 0| } 111| | 112| | /* setup result */ 113| 2.60k| if ((err = mp_init_size(&res, P->alloc)) != MP_OKAY) goto LBL_M; ------------------ | | 161| 2.60k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (113:8): [True: 0, False: 2.60k] ------------------ 114| | 115| | /* create M table 116| | * 117| | 118| | * 119| | * The first half of the table is not computed though accept for M[0] and M[1] 120| | */ 121| | 122| 2.60k| if (redmode == 0) { ------------------ | Branch (122:8): [True: 2.60k, False: 0] ------------------ 123| 2.60k| if (MP_HAS(MP_MONTGOMERY_CALC_NORMALIZATION)) { ------------------ | | 150| 2.60k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 2.60k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 2.60k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 2.60k, Folded] | | ------------------ ------------------ 124| | /* now we need R mod m */ 125| 2.60k| if ((err = mp_montgomery_calc_normalization(&res, P)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 2.60k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (125:14): [True: 0, False: 2.60k] ------------------ 126| | 127| | /* now set M[1] to G * R mod m */ 128| 2.60k| if ((err = mp_mulmod(G, &res, P, &M[1])) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 2.60k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (128:14): [True: 0, False: 2.60k] ------------------ 129| 2.60k| } else { 130| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 131| 0| goto LBL_RES; 132| 0| } 133| 2.60k| } else { 134| 0| mp_set(&res, 1uL); 135| 0| if ((err = mp_mod(G, P, &M[1])) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (135:11): [True: 0, False: 0] ------------------ 136| 0| } 137| | 138| | /* compute the value at M[1<<(winsize-1)] by squaring M[1] (winsize-1) times */ 139| 2.60k| if ((err = mp_copy(&M[1], &M[(size_t)1 << (winsize - 1)])) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 2.60k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (139:8): [True: 0, False: 2.60k] ------------------ 140| | 141| 10.2k| for (x = 0; x < (winsize - 1); x++) { ------------------ | Branch (141:16): [True: 7.63k, False: 2.60k] ------------------ 142| 7.63k| if ((err = mp_sqr(&M[(size_t)1 << (winsize - 1)], &M[(size_t)1 << (winsize - 1)])) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 7.63k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (142:11): [True: 0, False: 7.63k] ------------------ 143| 7.63k| if ((err = redux(&M[(size_t)1 << (winsize - 1)], P, mp)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 7.63k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (143:11): [True: 0, False: 7.63k] ------------------ 144| 7.63k| } 145| | 146| | /* create upper table */ 147| 23.5k| for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) { ------------------ | Branch (147:39): [True: 20.9k, False: 2.60k] ------------------ 148| 20.9k| if ((err = mp_mul(&M[x - 1], &M[1], &M[x])) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 20.9k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (148:11): [True: 0, False: 20.9k] ------------------ 149| 20.9k| if ((err = redux(&M[x], P, mp)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 20.9k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (149:11): [True: 0, False: 20.9k] ------------------ 150| 20.9k| } 151| | 152| | /* set initial mode and bit cnt */ 153| 2.60k| mode = 0; 154| 2.60k| bitcnt = 1; 155| 2.60k| buf = 0; 156| 2.60k| digidx = X->used - 1; 157| 2.60k| bitcpy = 0; 158| 2.60k| bitbuf = 0; 159| | 160| 308k| for (;;) { 161| | /* grab next digit as required */ 162| 308k| if (--bitcnt == 0) { ------------------ | Branch (162:11): [True: 7.70k, False: 300k] ------------------ 163| | /* if digidx == -1 we are out of digits so break */ 164| 7.70k| if (digidx == -1) { ------------------ | Branch (164:14): [True: 2.60k, False: 5.09k] ------------------ 165| 2.60k| break; 166| 2.60k| } 167| | /* read next digit and reset bitcnt */ 168| 5.09k| buf = X->dp[digidx--]; 169| 5.09k| bitcnt = (int)MP_DIGIT_BIT; ------------------ | | 82| 5.09k|# define MP_DIGIT_BIT 60 ------------------ 170| 5.09k| } 171| | 172| | /* grab the next msb from the exponent */ 173| 305k| y = (mp_digit)(buf >> (MP_DIGIT_BIT - 1)) & 1uL; ------------------ | | 82| 305k|# define MP_DIGIT_BIT 60 ------------------ 174| 305k| buf <<= (mp_digit)1; 175| | 176| | /* if the bit is zero and mode == 0 then we ignore it 177| | * These represent the leading zero bits before the first 1 bit 178| | * in the exponent. Technically this opt is not required but it 179| | * does lower the # of trivial squaring/reductions used 180| | */ 181| 305k| if ((mode == 0) && (y == 0)) { ------------------ | Branch (181:11): [True: 71.4k, False: 234k] | Branch (181:26): [True: 69.0k, False: 2.38k] ------------------ 182| 69.0k| continue; 183| 69.0k| } 184| | 185| | /* if the bit is zero and mode == 1 then we square */ 186| 236k| if ((mode == 1) && (y == 0)) { ------------------ | Branch (186:11): [True: 114k, False: 122k] | Branch (186:26): [True: 79.3k, False: 35.0k] ------------------ 187| 79.3k| if ((err = mp_sqr(&res, &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 79.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (187:14): [True: 0, False: 79.3k] ------------------ 188| 79.3k| if ((err = redux(&res, P, mp)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 79.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (188:14): [True: 0, False: 79.3k] ------------------ 189| 79.3k| continue; 190| 79.3k| } 191| | 192| | /* else we add it to the window */ 193| 157k| bitbuf |= (y << (winsize - ++bitcpy)); 194| 157k| mode = 2; 195| | 196| 157k| if (bitcpy == winsize) { ------------------ | Branch (196:11): [True: 35.6k, False: 121k] ------------------ 197| | /* ok window is filled so square as required and multiply */ 198| | /* square first */ 199| 189k| for (x = 0; x < winsize; x++) { ------------------ | Branch (199:22): [True: 153k, False: 35.6k] ------------------ 200| 153k| if ((err = mp_sqr(&res, &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 153k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (200:17): [True: 0, False: 153k] ------------------ 201| 153k| if ((err = redux(&res, P, mp)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 153k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (201:17): [True: 0, False: 153k] ------------------ 202| 153k| } 203| | 204| | /* then multiply */ 205| 35.6k| if ((err = mp_mul(&res, &M[bitbuf], &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 35.6k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (205:14): [True: 0, False: 35.6k] ------------------ 206| 35.6k| if ((err = redux(&res, P, mp)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 35.6k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (206:14): [True: 0, False: 35.6k] ------------------ 207| | 208| | /* empty window and reset */ 209| 35.6k| bitcpy = 0; 210| 35.6k| bitbuf = 0; 211| 35.6k| mode = 1; 212| 35.6k| } 213| 157k| } 214| | 215| | /* if bits remain then square/multiply */ 216| 2.60k| if ((mode == 2) && (bitcpy > 0)) { ------------------ | Branch (216:8): [True: 1.80k, False: 806] | Branch (216:23): [True: 1.80k, False: 0] ------------------ 217| | /* square then multiply if the bit is set */ 218| 5.62k| for (x = 0; x < bitcpy; x++) { ------------------ | Branch (218:19): [True: 3.82k, False: 1.80k] ------------------ 219| 3.82k| if ((err = mp_sqr(&res, &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 3.82k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (219:14): [True: 0, False: 3.82k] ------------------ 220| 3.82k| if ((err = redux(&res, P, mp)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 3.82k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (220:14): [True: 0, False: 3.82k] ------------------ 221| | 222| | /* get next bit of the window */ 223| 3.82k| bitbuf <<= 1; 224| 3.82k| if ((bitbuf & (1 << winsize)) != 0) { ------------------ | Branch (224:14): [True: 3.23k, False: 591] ------------------ 225| | /* then multiply */ 226| 3.23k| if ((err = mp_mul(&res, &M[1], &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 3.23k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (226:17): [True: 0, False: 3.23k] ------------------ 227| 3.23k| if ((err = redux(&res, P, mp)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 3.23k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (227:17): [True: 0, False: 3.23k] ------------------ 228| 3.23k| } 229| 3.82k| } 230| 1.80k| } 231| | 232| 2.60k| if (redmode == 0) { ------------------ | Branch (232:8): [True: 2.60k, False: 0] ------------------ 233| | /* fixup result if Montgomery reduction is used 234| | * recall that any value in a Montgomery system is 235| | * actually multiplied by R mod n. So we have 236| | * to reduce one more time to cancel out the factor 237| | * of R. 238| | */ 239| 2.60k| if ((err = redux(&res, P, mp)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 2.60k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (239:11): [True: 0, False: 2.60k] ------------------ 240| 2.60k| } 241| | 242| | /* swap res with Y */ 243| 2.60k| mp_exch(&res, Y); 244| 2.60k| err = MP_OKAY; ------------------ | | 161| 2.60k|#define MP_OKAY 0 /* no error */ ------------------ 245| 2.60k|LBL_RES: 246| 2.60k| mp_clear(&res); 247| 2.60k|LBL_M: 248| 2.60k| mp_clear(&M[1]); 249| 26.1k| for (x = 1<<(winsize-1); x < (1 << winsize); x++) { ------------------ | Branch (249:29): [True: 23.5k, False: 2.60k] ------------------ 250| 23.5k| mp_clear(&M[x]); 251| 23.5k| } 252| 2.60k| return err; 253| 2.60k|} s_mp_invmod_fast: 13| 674|{ 14| 674| mp_int x, y, u, v, B, D; 15| 674| mp_sign neg; 16| 674| mp_err err; 17| | 18| | /* 2. [modified] b must be odd */ 19| 674| if (MP_IS_EVEN(b)) { ------------------ | | 164| 674|#define MP_IS_EVEN(a) (((a)->used == 0) || (((a)->dp[0] & 1u) == 0u)) | | ------------------ | | | Branch (164:24): [True: 0, False: 674] | | | Branch (164:44): [True: 0, False: 674] | | ------------------ ------------------ 20| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 21| 0| } 22| | 23| | /* init all our temps */ 24| 674| if ((err = mp_init_multi(&x, &y, &u, &v, &B, &D, NULL)) != MP_OKAY) { ------------------ | | 161| 674|#define MP_OKAY 0 /* no error */ ------------------ | Branch (24:8): [True: 0, False: 674] ------------------ 25| 0| return err; 26| 0| } 27| | 28| | /* x == modulus, y == value to invert */ 29| 674| if ((err = mp_copy(b, &x)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 674|#define MP_OKAY 0 /* no error */ ------------------ | Branch (29:8): [True: 0, False: 674] ------------------ 30| | 31| | /* we need y = |a| */ 32| 674| if ((err = mp_mod(a, b, &y)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 674|#define MP_OKAY 0 /* no error */ ------------------ | Branch (32:8): [True: 0, False: 674] ------------------ 33| | 34| | /* if one of x,y is zero return an error! */ 35| 674| if (MP_IS_ZERO(&x) || MP_IS_ZERO(&y)) { ------------------ | | 163| 1.34k|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 0, False: 674] | | ------------------ ------------------ if (MP_IS_ZERO(&x) || MP_IS_ZERO(&y)) { ------------------ | | 163| 674|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 0, False: 674] | | ------------------ ------------------ 36| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 37| 0| goto LBL_ERR; 38| 0| } 39| | 40| | /* 3. u=x, v=y, A=1, B=0, C=0,D=1 */ 41| 674| if ((err = mp_copy(&x, &u)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 674|#define MP_OKAY 0 /* no error */ ------------------ | Branch (41:8): [True: 0, False: 674] ------------------ 42| 674| if ((err = mp_copy(&y, &v)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 674|#define MP_OKAY 0 /* no error */ ------------------ | Branch (42:8): [True: 0, False: 674] ------------------ 43| 674| mp_set(&D, 1uL); 44| | 45| 119k|top: 46| | /* 4. while u is even do */ 47| 286k| while (MP_IS_EVEN(&u)) { ------------------ | | 164| 286k|#define MP_IS_EVEN(a) (((a)->used == 0) || (((a)->dp[0] & 1u) == 0u)) | | ------------------ | | | Branch (164:24): [True: 0, False: 286k] | | | Branch (164:44): [True: 166k, False: 119k] | | ------------------ ------------------ 48| | /* 4.1 u = u/2 */ 49| 166k| if ((err = mp_div_2(&u, &u)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 166k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (49:11): [True: 0, False: 166k] ------------------ 50| | 51| | /* 4.2 if B is odd then */ 52| 166k| if (MP_IS_ODD(&B)) { ------------------ | | 165| 166k|#define MP_IS_ODD(a) (((a)->used > 0) && (((a)->dp[0] & 1u) == 1u)) | | ------------------ | | | Branch (165:24): [True: 166k, False: 0] | | | Branch (165:43): [True: 79.0k, False: 87.8k] | | ------------------ ------------------ 53| 79.0k| if ((err = mp_sub(&B, &x, &B)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 79.0k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (53:14): [True: 0, False: 79.0k] ------------------ 54| 79.0k| } 55| | /* B = B/2 */ 56| 166k| if ((err = mp_div_2(&B, &B)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 166k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (56:11): [True: 0, False: 166k] ------------------ 57| 166k| } 58| | 59| | /* 5. while v is even do */ 60| 197k| while (MP_IS_EVEN(&v)) { ------------------ | | 164| 197k|#define MP_IS_EVEN(a) (((a)->used == 0) || (((a)->dp[0] & 1u) == 0u)) | | ------------------ | | | Branch (164:24): [True: 0, False: 197k] | | | Branch (164:44): [True: 78.3k, False: 119k] | | ------------------ ------------------ 61| | /* 5.1 v = v/2 */ 62| 78.3k| if ((err = mp_div_2(&v, &v)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 78.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (62:11): [True: 0, False: 78.3k] ------------------ 63| | 64| | /* 5.2 if D is odd then */ 65| 78.3k| if (MP_IS_ODD(&D)) { ------------------ | | 165| 78.3k|#define MP_IS_ODD(a) (((a)->used > 0) && (((a)->dp[0] & 1u) == 1u)) | | ------------------ | | | Branch (165:24): [True: 78.3k, False: 0] | | | Branch (165:43): [True: 47.6k, False: 30.7k] | | ------------------ ------------------ 66| | /* D = (D-x)/2 */ 67| 47.6k| if ((err = mp_sub(&D, &x, &D)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 47.6k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (67:14): [True: 0, False: 47.6k] ------------------ 68| 47.6k| } 69| | /* D = D/2 */ 70| 78.3k| if ((err = mp_div_2(&D, &D)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 78.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (70:11): [True: 0, False: 78.3k] ------------------ 71| 78.3k| } 72| | 73| | /* 6. if u >= v then */ 74| 119k| if (mp_cmp(&u, &v) != MP_LT) { ------------------ | | 154| 119k|#define MP_LT -1 /* less than */ ------------------ | Branch (74:8): [True: 84.2k, False: 35.1k] ------------------ 75| | /* u = u - v, B = B - D */ 76| 84.2k| if ((err = mp_sub(&u, &v, &u)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 84.2k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (76:11): [True: 0, False: 84.2k] ------------------ 77| | 78| 84.2k| if ((err = mp_sub(&B, &D, &B)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 84.2k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (78:11): [True: 0, False: 84.2k] ------------------ 79| 84.2k| } else { 80| | /* v - v - u, D = D - B */ 81| 35.1k| if ((err = mp_sub(&v, &u, &v)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 35.1k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (81:11): [True: 0, False: 35.1k] ------------------ 82| | 83| 35.1k| if ((err = mp_sub(&D, &B, &D)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 35.1k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (83:11): [True: 0, False: 35.1k] ------------------ 84| 35.1k| } 85| | 86| | /* if not zero goto step 4 */ 87| 119k| if (!MP_IS_ZERO(&u)) { ------------------ | | 163| 119k|#define MP_IS_ZERO(a) ((a)->used == 0) ------------------ | Branch (87:8): [True: 118k, False: 674] ------------------ 88| 118k| goto top; 89| 118k| } 90| | 91| | /* now a = C, b = D, gcd == g*v */ 92| | 93| | /* if v != 1 then there is no inverse */ 94| 674| if (mp_cmp_d(&v, 1uL) != MP_EQ) { ------------------ | | 155| 674|#define MP_EQ 0 /* equal to */ ------------------ | Branch (94:8): [True: 1, False: 673] ------------------ 95| 1| err = MP_VAL; ------------------ | | 164| 1|#define MP_VAL -3 /* invalid input */ ------------------ 96| 1| goto LBL_ERR; 97| 1| } 98| | 99| | /* b is now the inverse */ 100| 673| neg = a->sign; 101| 1.25k| while (D.sign == MP_NEG) { ------------------ | | 152| 1.25k|#define MP_NEG 1 /* negative */ ------------------ | Branch (101:11): [True: 582, False: 673] ------------------ 102| 582| if ((err = mp_add(&D, b, &D)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 582|#define MP_OKAY 0 /* no error */ ------------------ | Branch (102:11): [True: 0, False: 582] ------------------ 103| 582| } 104| | 105| | /* too big */ 106| 719| while (mp_cmp_mag(&D, b) != MP_LT) { ------------------ | | 154| 719|#define MP_LT -1 /* less than */ ------------------ | Branch (106:11): [True: 46, False: 673] ------------------ 107| 46| if ((err = mp_sub(&D, b, &D)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 46|#define MP_OKAY 0 /* no error */ ------------------ | Branch (107:11): [True: 0, False: 46] ------------------ 108| 46| } 109| | 110| 673| mp_exch(&D, c); 111| 673| c->sign = neg; 112| 673| err = MP_OKAY; ------------------ | | 161| 673|#define MP_OKAY 0 /* no error */ ------------------ 113| | 114| 674|LBL_ERR: 115| | mp_clear_multi(&x, &y, &u, &v, &B, &D, NULL); 116| 674| return err; 117| 673|} s_mp_invmod_slow: 8| 77|{ 9| 77| mp_int x, y, u, v, A, B, C, D; 10| 77| mp_err err; 11| | 12| | /* b cannot be negative */ 13| 77| if ((b->sign == MP_NEG) || MP_IS_ZERO(b)) { ------------------ | | 152| 77|#define MP_NEG 1 /* negative */ ------------------ if ((b->sign == MP_NEG) || MP_IS_ZERO(b)) { ------------------ | | 163| 77|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 0, False: 77] | | ------------------ ------------------ | Branch (13:8): [True: 0, False: 77] ------------------ 14| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 15| 0| } 16| | 17| | /* init temps */ 18| 77| if ((err = mp_init_multi(&x, &y, &u, &v, ------------------ | Branch (18:8): [True: 0, False: 77] ------------------ 19| 77| &A, &B, &C, &D, NULL)) != MP_OKAY) { ------------------ | | 161| 77|#define MP_OKAY 0 /* no error */ ------------------ 20| 0| return err; 21| 0| } 22| | 23| | /* x = a, y = b */ 24| 77| if ((err = mp_mod(a, b, &x)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 77|#define MP_OKAY 0 /* no error */ ------------------ | Branch (24:8): [True: 0, False: 77] ------------------ 25| 77| if ((err = mp_copy(b, &y)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 77|#define MP_OKAY 0 /* no error */ ------------------ | Branch (25:8): [True: 0, False: 77] ------------------ 26| | 27| | /* 2. [modified] if x,y are both even then return an error! */ 28| 77| if (MP_IS_EVEN(&x) && MP_IS_EVEN(&y)) { ------------------ | | 164| 154|#define MP_IS_EVEN(a) (((a)->used == 0) || (((a)->dp[0] & 1u) == 0u)) | | ------------------ | | | Branch (164:24): [True: 0, False: 77] | | | Branch (164:44): [True: 1, False: 76] | | ------------------ ------------------ if (MP_IS_EVEN(&x) && MP_IS_EVEN(&y)) { ------------------ | | 164| 1|#define MP_IS_EVEN(a) (((a)->used == 0) || (((a)->dp[0] & 1u) == 0u)) | | ------------------ | | | Branch (164:24): [True: 0, False: 1] | | | Branch (164:44): [True: 1, False: 0] | | ------------------ ------------------ 29| 1| err = MP_VAL; ------------------ | | 164| 1|#define MP_VAL -3 /* invalid input */ ------------------ 30| 1| goto LBL_ERR; 31| 1| } 32| | 33| | /* 3. u=x, v=y, A=1, B=0, C=0,D=1 */ 34| 76| if ((err = mp_copy(&x, &u)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 76|#define MP_OKAY 0 /* no error */ ------------------ | Branch (34:8): [True: 0, False: 76] ------------------ 35| 76| if ((err = mp_copy(&y, &v)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 76|#define MP_OKAY 0 /* no error */ ------------------ | Branch (35:8): [True: 0, False: 76] ------------------ 36| 76| mp_set(&A, 1uL); 37| 76| mp_set(&D, 1uL); 38| | 39| 6.23k|top: 40| | /* 4. while u is even do */ 41| 11.2k| while (MP_IS_EVEN(&u)) { ------------------ | | 164| 11.2k|#define MP_IS_EVEN(a) (((a)->used == 0) || (((a)->dp[0] & 1u) == 0u)) | | ------------------ | | | Branch (164:24): [True: 0, False: 11.2k] | | | Branch (164:44): [True: 5.02k, False: 6.23k] | | ------------------ ------------------ 42| | /* 4.1 u = u/2 */ 43| 5.02k| if ((err = mp_div_2(&u, &u)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 5.02k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (43:11): [True: 0, False: 5.02k] ------------------ 44| | 45| | /* 4.2 if A or B is odd then */ 46| 5.02k| if (MP_IS_ODD(&A) || MP_IS_ODD(&B)) { ------------------ | | 165| 10.0k|#define MP_IS_ODD(a) (((a)->used > 0) && (((a)->dp[0] & 1u) == 1u)) | | ------------------ | | | Branch (165:24): [True: 5.02k, False: 0] | | | Branch (165:43): [True: 0, False: 5.02k] | | ------------------ ------------------ if (MP_IS_ODD(&A) || MP_IS_ODD(&B)) { ------------------ | | 165| 5.02k|#define MP_IS_ODD(a) (((a)->used > 0) && (((a)->dp[0] & 1u) == 1u)) | | ------------------ | | | Branch (165:24): [True: 5.02k, False: 0] | | | Branch (165:43): [True: 2.26k, False: 2.75k] | | ------------------ ------------------ 47| | /* A = (A+y)/2, B = (B-x)/2 */ 48| 2.26k| if ((err = mp_add(&A, &y, &A)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 2.26k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (48:14): [True: 0, False: 2.26k] ------------------ 49| 2.26k| if ((err = mp_sub(&B, &x, &B)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 2.26k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (49:14): [True: 0, False: 2.26k] ------------------ 50| 2.26k| } 51| | /* A = A/2, B = B/2 */ 52| 5.02k| if ((err = mp_div_2(&A, &A)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 5.02k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (52:11): [True: 0, False: 5.02k] ------------------ 53| 5.02k| if ((err = mp_div_2(&B, &B)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 5.02k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (53:11): [True: 0, False: 5.02k] ------------------ 54| 5.02k| } 55| | 56| | /* 5. while v is even do */ 57| 15.6k| while (MP_IS_EVEN(&v)) { ------------------ | | 164| 15.6k|#define MP_IS_EVEN(a) (((a)->used == 0) || (((a)->dp[0] & 1u) == 0u)) | | ------------------ | | | Branch (164:24): [True: 0, False: 15.6k] | | | Branch (164:44): [True: 9.46k, False: 6.23k] | | ------------------ ------------------ 58| | /* 5.1 v = v/2 */ 59| 9.46k| if ((err = mp_div_2(&v, &v)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 9.46k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (59:11): [True: 0, False: 9.46k] ------------------ 60| | 61| | /* 5.2 if C or D is odd then */ 62| 9.46k| if (MP_IS_ODD(&C) || MP_IS_ODD(&D)) { ------------------ | | 165| 18.9k|#define MP_IS_ODD(a) (((a)->used > 0) && (((a)->dp[0] & 1u) == 1u)) | | ------------------ | | | Branch (165:24): [True: 9.38k, False: 76] | | | Branch (165:43): [True: 0, False: 9.38k] | | ------------------ ------------------ if (MP_IS_ODD(&C) || MP_IS_ODD(&D)) { ------------------ | | 165| 9.46k|#define MP_IS_ODD(a) (((a)->used > 0) && (((a)->dp[0] & 1u) == 1u)) | | ------------------ | | | Branch (165:24): [True: 6.93k, False: 2.52k] | | | Branch (165:43): [True: 3.55k, False: 3.38k] | | ------------------ ------------------ 63| | /* C = (C+y)/2, D = (D-x)/2 */ 64| 3.55k| if ((err = mp_add(&C, &y, &C)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 3.55k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (64:14): [True: 0, False: 3.55k] ------------------ 65| 3.55k| if ((err = mp_sub(&D, &x, &D)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 3.55k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (65:14): [True: 0, False: 3.55k] ------------------ 66| 3.55k| } 67| | /* C = C/2, D = D/2 */ 68| 9.46k| if ((err = mp_div_2(&C, &C)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 9.46k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (68:11): [True: 0, False: 9.46k] ------------------ 69| 9.46k| if ((err = mp_div_2(&D, &D)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 9.46k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (69:11): [True: 0, False: 9.46k] ------------------ 70| 9.46k| } 71| | 72| | /* 6. if u >= v then */ 73| 6.23k| if (mp_cmp(&u, &v) != MP_LT) { ------------------ | | 154| 6.23k|#define MP_LT -1 /* less than */ ------------------ | Branch (73:8): [True: 2.90k, False: 3.32k] ------------------ 74| | /* u = u - v, A = A - C, B = B - D */ 75| 2.90k| if ((err = mp_sub(&u, &v, &u)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 2.90k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (75:11): [True: 0, False: 2.90k] ------------------ 76| | 77| 2.90k| if ((err = mp_sub(&A, &C, &A)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 2.90k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (77:11): [True: 0, False: 2.90k] ------------------ 78| | 79| 2.90k| if ((err = mp_sub(&B, &D, &B)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 2.90k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (79:11): [True: 0, False: 2.90k] ------------------ 80| 3.32k| } else { 81| | /* v - v - u, C = C - A, D = D - B */ 82| 3.32k| if ((err = mp_sub(&v, &u, &v)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 3.32k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (82:11): [True: 0, False: 3.32k] ------------------ 83| | 84| 3.32k| if ((err = mp_sub(&C, &A, &C)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 3.32k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (84:11): [True: 0, False: 3.32k] ------------------ 85| | 86| 3.32k| if ((err = mp_sub(&D, &B, &D)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 3.32k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (86:11): [True: 0, False: 3.32k] ------------------ 87| 3.32k| } 88| | 89| | /* if not zero goto step 4 */ 90| 6.23k| if (!MP_IS_ZERO(&u)) { ------------------ | | 163| 6.23k|#define MP_IS_ZERO(a) ((a)->used == 0) ------------------ | Branch (90:8): [True: 6.15k, False: 76] ------------------ 91| 6.15k| goto top; 92| 6.15k| } 93| | 94| | /* now a = C, b = D, gcd == g*v */ 95| | 96| | /* if v != 1 then there is no inverse */ 97| 76| if (mp_cmp_d(&v, 1uL) != MP_EQ) { ------------------ | | 155| 76|#define MP_EQ 0 /* equal to */ ------------------ | Branch (97:8): [True: 4, False: 72] ------------------ 98| 4| err = MP_VAL; ------------------ | | 164| 4|#define MP_VAL -3 /* invalid input */ ------------------ 99| 4| goto LBL_ERR; 100| 4| } 101| | 102| | /* if its too low */ 103| 124| while (mp_cmp_d(&C, 0uL) == MP_LT) { ------------------ | | 154| 124|#define MP_LT -1 /* less than */ ------------------ | Branch (103:11): [True: 52, False: 72] ------------------ 104| 52| if ((err = mp_add(&C, b, &C)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 52|#define MP_OKAY 0 /* no error */ ------------------ | Branch (104:11): [True: 0, False: 52] ------------------ 105| 52| } 106| | 107| | /* too big */ 108| 116| while (mp_cmp_mag(&C, b) != MP_LT) { ------------------ | | 154| 116|#define MP_LT -1 /* less than */ ------------------ | Branch (108:11): [True: 44, False: 72] ------------------ 109| 44| if ((err = mp_sub(&C, b, &C)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 44|#define MP_OKAY 0 /* no error */ ------------------ | Branch (109:11): [True: 0, False: 44] ------------------ 110| 44| } 111| | 112| | /* C is now the inverse */ 113| 72| mp_exch(&C, c); 114| 72| err = MP_OKAY; ------------------ | | 161| 72|#define MP_OKAY 0 /* no error */ ------------------ 115| 77|LBL_ERR: 116| | mp_clear_multi(&x, &y, &u, &v, &A, &B, &C, &D, NULL); 117| 77| return err; 118| 72|} s_mp_montgomery_reduce_fast: 15| 1.65M|{ 16| 1.65M| int ix, olduse; 17| 1.65M| mp_err err; 18| 1.65M| mp_word W[MP_WARRAY]; 19| | 20| 1.65M| if (x->used > MP_WARRAY) { ------------------ | | 172| 1.65M|#define MP_WARRAY PRIVATE_MP_WARRAY | | ------------------ | | | | 203| 1.65M|#define PRIVATE_MP_WARRAY (int)(1uLL << (((CHAR_BIT * sizeof(private_mp_word)) - (2 * MP_DIGIT_BIT)) + 1)) | | | | ------------------ | | | | | | 82| 1.65M|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (20:8): [True: 0, False: 1.65M] ------------------ 21| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 22| 0| } 23| | 24| | /* get old used count */ 25| 1.65M| olduse = x->used; 26| | 27| | /* grow a as required */ 28| 1.65M| if (x->alloc < (n->used + 1)) { ------------------ | Branch (28:8): [True: 0, False: 1.65M] ------------------ 29| 0| if ((err = mp_grow(x, n->used + 1)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (29:11): [True: 0, False: 0] ------------------ 30| 0| return err; 31| 0| } 32| 0| } 33| | 34| | /* first we have to get the digits of the input into 35| | * an array of double precision words W[...] 36| | */ 37| 1.65M| { 38| 1.65M| mp_word *_W; 39| 1.65M| mp_digit *tmpx; 40| | 41| | /* alias for the W[] array */ 42| 1.65M| _W = W; 43| | 44| | /* alias for the digits of x*/ 45| 1.65M| tmpx = x->dp; 46| | 47| | /* copy the digits of a into W[0..a->used-1] */ 48| 20.9M| for (ix = 0; ix < x->used; ix++) { ------------------ | Branch (48:20): [True: 19.3M, False: 1.65M] ------------------ 49| 19.3M| *_W++ = *tmpx++; 50| 19.3M| } 51| | 52| | /* zero the high words of W[a->used..m->used*2] */ 53| 1.65M| if (ix < ((n->used * 2) + 1)) { ------------------ | Branch (53:11): [True: 1.65M, False: 0] ------------------ 54| 1.65M| MP_ZERO_BUFFER(_W, sizeof(mp_word) * (size_t)(((n->used * 2) + 1) - ix)); ------------------ | | 81| 1.65M|# define MP_ZERO_BUFFER(mem, size) \ | | 82| 1.65M|do { \ | | 83| 1.65M| size_t zs_ = (size); \ | | 84| 1.65M| char* zm_ = (char*)(mem); \ | | 85| 53.1M| while (zs_-- > 0u) { \ | | ------------------ | | | Branch (85:11): [True: 51.4M, False: 1.65M] | | ------------------ | | 86| 51.4M| *zm_++ = '\0'; \ | | 87| 51.4M| } \ | | 88| 1.65M|} while (0) | | ------------------ | | | Branch (88:10): [Folded, False: 1.65M] | | ------------------ ------------------ 55| 1.65M| } 56| 1.65M| } 57| | 58| | /* now we proceed to zero successive digits 59| | * from the least significant upwards 60| | */ 61| 12.1M| for (ix = 0; ix < n->used; ix++) { ------------------ | Branch (61:17): [True: 10.4M, False: 1.65M] ------------------ 62| | /* mu = ai * m' mod b 63| | * 64| | * We avoid a double precision multiplication (which isn't required) 65| | * by casting the value down to a mp_digit. Note this requires 66| | * that W[ix-1] have the carry cleared (see after the inner loop) 67| | */ 68| 10.4M| mp_digit mu; 69| 10.4M| mu = ((W[ix] & MP_MASK) * rho) & MP_MASK; ------------------ | | 106| 10.4M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 10.4M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ mu = ((W[ix] & MP_MASK) * rho) & MP_MASK; ------------------ | | 106| 10.4M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 10.4M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 70| | 71| | /* a = a + mu * m * b**i 72| | * 73| | * This is computed in place and on the fly. The multiplication 74| | * by b**i is handled by offseting which columns the results 75| | * are added to. 76| | * 77| | * Note the comba method normally doesn't handle carries in the 78| | * inner loop In this case we fix the carry from the previous 79| | * column since the Montgomery reduction requires digits of the 80| | * result (so far) [see above] to work. This is 81| | * handled by fixing up one carry after the inner loop. The 82| | * carry fixups are done in order so after these loops the 83| | * first m->used words of W[] have the carries fixed 84| | */ 85| 10.4M| { 86| 10.4M| int iy; 87| 10.4M| mp_digit *tmpn; 88| 10.4M| mp_word *_W; 89| | 90| | /* alias for the digits of the modulus */ 91| 10.4M| tmpn = n->dp; 92| | 93| | /* Alias for the columns set by an offset of ix */ 94| 10.4M| _W = W + ix; 95| | 96| | /* inner loop */ 97| 96.9M| for (iy = 0; iy < n->used; iy++) { ------------------ | Branch (97:23): [True: 86.5M, False: 10.4M] ------------------ 98| 86.5M| *_W++ += (mp_word)mu * (mp_word)*tmpn++; 99| 86.5M| } 100| 10.4M| } 101| | 102| | /* now fix carry for next digit, W[ix+1] */ 103| 10.4M| W[ix + 1] += W[ix] >> (mp_word)MP_DIGIT_BIT; ------------------ | | 82| 10.4M|# define MP_DIGIT_BIT 60 ------------------ 104| 10.4M| } 105| | 106| | /* now we have to propagate the carries and 107| | * shift the words downward [all those least 108| | * significant digits we zeroed]. 109| | */ 110| 1.65M| { 111| 1.65M| mp_digit *tmpx; 112| 1.65M| mp_word *_W, *_W1; 113| | 114| | /* nox fix rest of carries */ 115| | 116| | /* alias for current word */ 117| 1.65M| _W1 = W + ix; 118| | 119| | /* alias for next word, where the carry goes */ 120| 1.65M| _W = W + ++ix; 121| | 122| 12.1M| for (; ix < ((n->used * 2) + 1); ix++) { ------------------ | Branch (122:14): [True: 10.4M, False: 1.65M] ------------------ 123| 10.4M| *_W++ += *_W1++ >> (mp_word)MP_DIGIT_BIT; ------------------ | | 82| 10.4M|# define MP_DIGIT_BIT 60 ------------------ 124| 10.4M| } 125| | 126| | /* copy out, A = A/b**n 127| | * 128| | * The result is A/b**n but instead of converting from an 129| | * array of mp_word to mp_digit than calling mp_rshd 130| | * we just copy them in the right order 131| | */ 132| | 133| | /* alias for destination word */ 134| 1.65M| tmpx = x->dp; 135| | 136| | /* alias for shifted double precision result */ 137| 1.65M| _W = W + n->used; 138| | 139| 13.7M| for (ix = 0; ix < (n->used + 1); ix++) { ------------------ | Branch (139:20): [True: 12.1M, False: 1.65M] ------------------ 140| 12.1M| *tmpx++ = *_W++ & (mp_word)MP_MASK; ------------------ | | 106| 12.1M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 12.1M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 141| 12.1M| } 142| | 143| | /* zero oldused digits, if the input a was larger than 144| | * m->used+1 we'll have to clear the digits 145| | */ 146| 1.65M| MP_ZERO_DIGITS(tmpx, olduse - ix); ------------------ | | 89| 1.65M|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 1.65M|do { \ | | 91| 1.65M| int zd_ = (digits); \ | | 92| 1.65M| mp_digit* zm_ = (mem); \ | | 93| 9.14M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 7.48M, False: 1.65M] | | ------------------ | | 94| 7.48M| *zm_++ = 0; \ | | 95| 7.48M| } \ | | 96| 1.65M|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 1.65M] | | ------------------ ------------------ 147| 1.65M| } 148| | 149| | /* set the max used and clamp */ 150| 1.65M| x->used = n->used + 1; 151| 1.65M| mp_clamp(x); 152| | 153| | /* if A >= m then A = A - m */ 154| 1.65M| if (mp_cmp_mag(x, n) != MP_LT) { ------------------ | | 154| 1.65M|#define MP_LT -1 /* less than */ ------------------ | Branch (154:8): [True: 1.20k, False: 1.65M] ------------------ 155| 1.20k| return s_mp_sub(x, n, x); 156| 1.20k| } 157| 1.65M| return MP_OKAY; ------------------ | | 161| 1.65M|#define MP_OKAY 0 /* no error */ ------------------ 158| 1.65M|} s_mp_mul_digs: 11| 45.1k|{ 12| 45.1k| mp_int t; 13| 45.1k| mp_err err; 14| 45.1k| int pa, pb, ix, iy; 15| 45.1k| mp_digit u; 16| 45.1k| mp_word r; 17| 45.1k| mp_digit tmpx, *tmpt, *tmpy; 18| | 19| 45.1k| if (digs < 0) { ------------------ | Branch (19:8): [True: 0, False: 45.1k] ------------------ 20| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 21| 0| } 22| | 23| | /* can we use the fast multiplier? */ 24| 45.1k| if ((digs < MP_WARRAY) && ------------------ | | 172| 45.1k|#define MP_WARRAY PRIVATE_MP_WARRAY | | ------------------ | | | | 203| 45.1k|#define PRIVATE_MP_WARRAY (int)(1uLL << (((CHAR_BIT * sizeof(private_mp_word)) - (2 * MP_DIGIT_BIT)) + 1)) | | | | ------------------ | | | | | | 82| 45.1k|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (24:8): [True: 45.1k, False: 0] ------------------ 25| 45.1k| (MP_MIN(a->used, b->used) < MP_MAXFAST)) { ------------------ | | 156| 45.1k|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 38.5k, False: 6.62k] | | ------------------ ------------------ (MP_MIN(a->used, b->used) < MP_MAXFAST)) { ------------------ | | 168| 45.1k|#define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 167| 45.1k|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) | | ------------------ | | #define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 82| 45.1k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ | Branch (25:8): [True: 45.1k, False: 0] ------------------ 26| 45.1k| return s_mp_mul_digs_fast(a, b, c, digs); 27| 45.1k| } 28| | 29| 0| if ((err = mp_init_size(&t, digs)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (29:8): [True: 0, False: 0] ------------------ 30| 0| return err; 31| 0| } 32| 0| t.used = digs; 33| | 34| | /* compute the digits of the product directly */ 35| 0| pa = a->used; 36| 0| for (ix = 0; ix < pa; ix++) { ------------------ | Branch (36:17): [True: 0, False: 0] ------------------ 37| | /* set the carry to zero */ 38| 0| u = 0; 39| | 40| | /* limit ourselves to making digs digits of output */ 41| 0| pb = MP_MIN(b->used, digs - ix); ------------------ | | 156| 0|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 0, False: 0] | | ------------------ ------------------ 42| | 43| | /* setup some aliases */ 44| | /* copy of the digit from a used within the nested loop */ 45| 0| tmpx = a->dp[ix]; 46| | 47| | /* an alias for the destination shifted ix places */ 48| 0| tmpt = t.dp + ix; 49| | 50| | /* an alias for the digits of b */ 51| 0| tmpy = b->dp; 52| | 53| | /* compute the columns of the output and propagate the carry */ 54| 0| for (iy = 0; iy < pb; iy++) { ------------------ | Branch (54:20): [True: 0, False: 0] ------------------ 55| | /* compute the column as a mp_word */ 56| 0| r = (mp_word)*tmpt + 57| 0| ((mp_word)tmpx * (mp_word)*tmpy++) + 58| 0| (mp_word)u; 59| | 60| | /* the new column is the lower part of the result */ 61| 0| *tmpt++ = (mp_digit)(r & (mp_word)MP_MASK); ------------------ | | 106| 0|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 0|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 62| | 63| | /* get the carry word from the result */ 64| 0| u = (mp_digit)(r >> (mp_word)MP_DIGIT_BIT); ------------------ | | 82| 0|# define MP_DIGIT_BIT 60 ------------------ 65| 0| } 66| | /* set carry if it is placed below digs */ 67| 0| if ((ix + iy) < digs) { ------------------ | Branch (67:11): [True: 0, False: 0] ------------------ 68| 0| *tmpt = u; 69| 0| } 70| 0| } 71| | 72| 0| mp_clamp(&t); 73| 0| mp_exch(&t, c); 74| | 75| 0| mp_clear(&t); 76| 0| return MP_OKAY; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ 77| 0|} s_mp_mul_digs_fast: 23| 3.69M|{ 24| 3.69M| int olduse, pa, ix, iz; 25| 3.69M| mp_err err; 26| 3.69M| mp_digit W[MP_WARRAY]; 27| 3.69M| mp_word _W; 28| | 29| 3.69M| if (digs < 0) { ------------------ | Branch (29:8): [True: 0, False: 3.69M] ------------------ 30| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 31| 0| } 32| | 33| | /* grow the destination as required */ 34| 3.69M| if (c->alloc < digs) { ------------------ | Branch (34:8): [True: 9.36k, False: 3.68M] ------------------ 35| 9.36k| if ((err = mp_grow(c, digs)) != MP_OKAY) { ------------------ | | 161| 9.36k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (35:11): [True: 0, False: 9.36k] ------------------ 36| 0| return err; 37| 0| } 38| 9.36k| } 39| | 40| | /* number of output digits to produce */ 41| 3.69M| pa = MP_MIN(digs, a->used + b->used); ------------------ | | 156| 3.69M|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 17.5k, False: 3.67M] | | ------------------ ------------------ 42| | 43| | /* clear the carry */ 44| 3.69M| _W = 0; 45| 139M| for (ix = 0; ix < pa; ix++) { ------------------ | Branch (45:17): [True: 135M, False: 3.69M] ------------------ 46| 135M| int tx, ty; 47| 135M| int iy; 48| 135M| mp_digit *tmpx, *tmpy; 49| | 50| | /* get offsets into the two bignums */ 51| 135M| ty = MP_MIN(b->used-1, ix); ------------------ | | 156| 135M|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 46.7M, False: 88.8M] | | ------------------ ------------------ 52| 135M| tx = ix - ty; 53| | 54| | /* setup temp aliases */ 55| 135M| tmpx = a->dp + tx; 56| 135M| tmpy = b->dp + ty; 57| | 58| | /* this is the number of times the loop will iterrate, essentially 59| | while (tx++ < a->used && ty-- >= 0) { ... } 60| | */ 61| 135M| iy = MP_MIN(a->used-tx, ty+1); ------------------ | | 156| 135M|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 88.6M, False: 46.9M] | | ------------------ ------------------ 62| | 63| | /* execute loop */ 64| 3.59G| for (iz = 0; iz < iy; ++iz) { ------------------ | Branch (64:20): [True: 3.45G, False: 135M] ------------------ 65| 3.45G| _W += (mp_word)*tmpx++ * (mp_word)*tmpy--; 66| | 67| 3.45G| } 68| | 69| | /* store term */ 70| 135M| W[ix] = (mp_digit)_W & MP_MASK; ------------------ | | 106| 135M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 135M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 71| | 72| | /* make next carry */ 73| 135M| _W = _W >> (mp_word)MP_DIGIT_BIT; ------------------ | | 82| 135M|# define MP_DIGIT_BIT 60 ------------------ 74| 135M| } 75| | 76| | /* setup dest */ 77| 3.69M| olduse = c->used; 78| 3.69M| c->used = pa; 79| | 80| 3.69M| { 81| 3.69M| mp_digit *tmpc; 82| 3.69M| tmpc = c->dp; 83| 139M| for (ix = 0; ix < pa; ix++) { ------------------ | Branch (83:20): [True: 135M, False: 3.69M] ------------------ 84| | /* now extract the previous digit [below the carry] */ 85| 135M| *tmpc++ = W[ix]; 86| 135M| } 87| | 88| | /* clear unused digits [that existed in the old copy of c] */ 89| 3.69M| MP_ZERO_DIGITS(tmpc, olduse - ix); ------------------ | | 89| 3.69M|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 3.69M|do { \ | | 91| 3.69M| int zd_ = (digits); \ | | 92| 3.69M| mp_digit* zm_ = (mem); \ | | 93| 3.69M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 0, False: 3.69M] | | ------------------ | | 94| 0| *zm_++ = 0; \ | | 95| 0| } \ | | 96| 3.69M|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 3.69M] | | ------------------ ------------------ 90| 3.69M| } 91| 3.69M| mp_clamp(c); 92| 3.69M| return MP_OKAY; ------------------ | | 161| 3.69M|#define MP_OKAY 0 /* no error */ ------------------ 93| 3.69M|} s_mp_mul_high_digs: 10| 45.1k|{ 11| 45.1k| mp_int t; 12| 45.1k| int pa, pb, ix, iy; 13| 45.1k| mp_err err; 14| 45.1k| mp_digit u; 15| 45.1k| mp_word r; 16| 45.1k| mp_digit tmpx, *tmpt, *tmpy; 17| | 18| 45.1k| if (digs < 0) { ------------------ | Branch (18:8): [True: 0, False: 45.1k] ------------------ 19| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 20| 0| } 21| | 22| | /* can we use the fast multiplier? */ 23| 45.1k| if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST) ------------------ | | 150| 90.3k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 45.1k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 45.1k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [True: 45.1k, Folded] | | ------------------ ------------------ 24| 45.1k| && ((a->used + b->used + 1) < MP_WARRAY) ------------------ | | 172| 45.1k|#define MP_WARRAY PRIVATE_MP_WARRAY | | ------------------ | | | | 203| 45.1k|#define PRIVATE_MP_WARRAY (int)(1uLL << (((CHAR_BIT * sizeof(private_mp_word)) - (2 * MP_DIGIT_BIT)) + 1)) | | | | ------------------ | | | | | | 82| 45.1k|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (24:11): [True: 45.1k, False: 0] ------------------ 25| 45.1k| && (MP_MIN(a->used, b->used) < MP_MAXFAST)) { ------------------ | | 156| 45.1k|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 44.8k, False: 357] | | ------------------ ------------------ && (MP_MIN(a->used, b->used) < MP_MAXFAST)) { ------------------ | | 168| 45.1k|#define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 167| 45.1k|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) | | ------------------ | | #define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 82| 45.1k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ | Branch (25:11): [True: 45.1k, False: 0] ------------------ 26| 45.1k| return s_mp_mul_high_digs_fast(a, b, c, digs); 27| 45.1k| } 28| | 29| 0| if ((err = mp_init_size(&t, a->used + b->used + 1)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (29:8): [True: 0, False: 0] ------------------ 30| 0| return err; 31| 0| } 32| 0| t.used = a->used + b->used + 1; 33| | 34| 0| pa = a->used; 35| 0| pb = b->used; 36| 0| for (ix = 0; ix < pa; ix++) { ------------------ | Branch (36:17): [True: 0, False: 0] ------------------ 37| | /* clear the carry */ 38| 0| u = 0; 39| | 40| | /* left hand side of A[ix] * B[iy] */ 41| 0| tmpx = a->dp[ix]; 42| | 43| | /* alias to the address of where the digits will be stored */ 44| 0| tmpt = &(t.dp[digs]); 45| | 46| | /* alias for where to read the right hand side from */ 47| 0| tmpy = b->dp + (digs - ix); 48| | 49| 0| for (iy = digs - ix; iy < pb; iy++) { ------------------ | Branch (49:28): [True: 0, False: 0] ------------------ 50| | /* calculate the double precision result */ 51| 0| r = (mp_word)*tmpt + 52| 0| ((mp_word)tmpx * (mp_word)*tmpy++) + 53| 0| (mp_word)u; 54| | 55| | /* get the lower part */ 56| 0| *tmpt++ = (mp_digit)(r & (mp_word)MP_MASK); ------------------ | | 106| 0|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 0|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 57| | 58| | /* carry the carry */ 59| 0| u = (mp_digit)(r >> (mp_word)MP_DIGIT_BIT); ------------------ | | 82| 0|# define MP_DIGIT_BIT 60 ------------------ 60| 0| } 61| 0| *tmpt = u; 62| 0| } 63| 0| mp_clamp(&t); 64| 0| mp_exch(&t, c); 65| 0| mp_clear(&t); 66| 0| return MP_OKAY; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ 67| 0|} s_mp_mul_high_digs_fast: 16| 45.1k|{ 17| 45.1k| int olduse, pa, ix, iz; 18| 45.1k| mp_err err; 19| 45.1k| mp_digit W[MP_WARRAY]; 20| 45.1k| mp_word _W; 21| | 22| 45.1k| if (digs < 0) { ------------------ | Branch (22:8): [True: 0, False: 45.1k] ------------------ 23| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 24| 0| } 25| | 26| | /* grow the destination as required */ 27| 45.1k| pa = a->used + b->used; 28| 45.1k| if (c->alloc < pa) { ------------------ | Branch (28:8): [True: 45.1k, False: 0] ------------------ 29| 45.1k| if ((err = mp_grow(c, pa)) != MP_OKAY) { ------------------ | | 161| 45.1k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (29:11): [True: 0, False: 45.1k] ------------------ 30| 0| return err; 31| 0| } 32| 45.1k| } 33| | 34| | /* number of output digits to produce */ 35| 45.1k| pa = a->used + b->used; 36| 45.1k| _W = 0; 37| 342k| for (ix = digs; ix < pa; ix++) { ------------------ | Branch (37:20): [True: 297k, False: 45.1k] ------------------ 38| 297k| int tx, ty, iy; 39| 297k| mp_digit *tmpx, *tmpy; 40| | 41| | /* get offsets into the two bignums */ 42| 297k| ty = MP_MIN(b->used-1, ix); ------------------ | | 156| 297k|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 251k, False: 45.2k] | | ------------------ ------------------ 43| 297k| tx = ix - ty; 44| | 45| | /* setup temp aliases */ 46| 297k| tmpx = a->dp + tx; 47| 297k| tmpy = b->dp + ty; 48| | 49| | /* this is the number of times the loop will iterrate, essentially its 50| | while (tx++ < a->used && ty-- >= 0) { ... } 51| | */ 52| 297k| iy = MP_MIN(a->used-tx, ty+1); ------------------ | | 156| 297k|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 296k, False: 357] | | ------------------ ------------------ 53| | 54| | /* execute loop */ 55| 3.28M| for (iz = 0; iz < iy; iz++) { ------------------ | Branch (55:20): [True: 2.98M, False: 297k] ------------------ 56| 2.98M| _W += (mp_word)*tmpx++ * (mp_word)*tmpy--; 57| 2.98M| } 58| | 59| | /* store term */ 60| 297k| W[ix] = (mp_digit)_W & MP_MASK; ------------------ | | 106| 297k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 297k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 61| | 62| | /* make next carry */ 63| 297k| _W = _W >> (mp_word)MP_DIGIT_BIT; ------------------ | | 82| 297k|# define MP_DIGIT_BIT 60 ------------------ 64| 297k| } 65| | 66| | /* setup dest */ 67| 45.1k| olduse = c->used; 68| 45.1k| c->used = pa; 69| | 70| 45.1k| { 71| 45.1k| mp_digit *tmpc; 72| | 73| 45.1k| tmpc = c->dp + digs; 74| 342k| for (ix = digs; ix < pa; ix++) { ------------------ | Branch (74:23): [True: 297k, False: 45.1k] ------------------ 75| | /* now extract the previous digit [below the carry] */ 76| 297k| *tmpc++ = W[ix]; 77| 297k| } 78| | 79| | /* clear unused digits [that existed in the old copy of c] */ 80| 45.1k| MP_ZERO_DIGITS(tmpc, olduse - ix); ------------------ | | 89| 45.1k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 45.1k|do { \ | | 91| 45.1k| int zd_ = (digits); \ | | 92| 45.1k| mp_digit* zm_ = (mem); \ | | 93| 45.1k| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 0, False: 45.1k] | | ------------------ | | 94| 0| *zm_++ = 0; \ | | 95| 0| } \ | | 96| 45.1k|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 45.1k] | | ------------------ ------------------ 81| 45.1k| } 82| 45.1k| mp_clamp(c); 83| 45.1k| return MP_OKAY; ------------------ | | 161| 45.1k|#define MP_OKAY 0 /* no error */ ------------------ 84| 45.1k|} s_mp_prime_is_divisible: 12| 157|{ 13| 157| int ix; 14| 157| mp_err err; 15| 157| mp_digit res; 16| | 17| | /* default to not */ 18| 157| *result = MP_NO; ------------------ | | 159| 157|#define MP_NO 0 ------------------ 19| | 20| 27.8k| for (ix = 0; ix < PRIVATE_MP_PRIME_TAB_SIZE; ix++) { ------------------ | | 633| 27.8k|# define PRIVATE_MP_PRIME_TAB_SIZE 256 ------------------ | Branch (20:17): [True: 27.7k, False: 103] ------------------ 21| | /* what is a mod LBL_prime_tab[ix] */ 22| 27.7k| if ((err = mp_mod_d(a, s_mp_prime_tab[ix], &res)) != MP_OKAY) { ------------------ | | 161| 27.7k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (22:11): [True: 0, False: 27.7k] ------------------ 23| 0| return err; 24| 0| } 25| | 26| | /* is the residue zero? */ 27| 27.7k| if (res == 0u) { ------------------ | Branch (27:11): [True: 54, False: 27.6k] ------------------ 28| 54| *result = MP_YES; ------------------ | | 158| 54|#define MP_YES 1 ------------------ 29| 54| return MP_OKAY; ------------------ | | 161| 54|#define MP_OKAY 0 /* no error */ ------------------ 30| 54| } 31| 27.7k| } 32| | 33| 103| return MP_OKAY; ------------------ | | 161| 103|#define MP_OKAY 0 /* no error */ ------------------ 34| 157|} s_mp_sqr: 8| 266|{ 9| 266| mp_int t; 10| 266| int ix, iy, pa; 11| 266| mp_err err; 12| 266| mp_word r; 13| 266| mp_digit u, tmpx, *tmpt; 14| | 15| 266| pa = a->used; 16| 266| if ((err = mp_init_size(&t, (2 * pa) + 1)) != MP_OKAY) { ------------------ | | 161| 266|#define MP_OKAY 0 /* no error */ ------------------ | Branch (16:8): [True: 0, False: 266] ------------------ 17| 0| return err; 18| 0| } 19| | 20| | /* default used is maximum possible size */ 21| 266| t.used = (2 * pa) + 1; 22| | 23| 35.5k| for (ix = 0; ix < pa; ix++) { ------------------ | Branch (23:17): [True: 35.2k, False: 266] ------------------ 24| | /* first calculate the digit at 2*ix */ 25| | /* calculate double precision result */ 26| 35.2k| r = (mp_word)t.dp[2*ix] + 27| 35.2k| ((mp_word)a->dp[ix] * (mp_word)a->dp[ix]); 28| | 29| | /* store lower part in result */ 30| 35.2k| t.dp[ix+ix] = (mp_digit)(r & (mp_word)MP_MASK); ------------------ | | 106| 35.2k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 35.2k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 31| | 32| | /* get the carry */ 33| 35.2k| u = (mp_digit)(r >> (mp_word)MP_DIGIT_BIT); ------------------ | | 82| 35.2k|# define MP_DIGIT_BIT 60 ------------------ 34| | 35| | /* left hand side of A[ix] * A[iy] */ 36| 35.2k| tmpx = a->dp[ix]; 37| | 38| | /* alias for where to store the results */ 39| 35.2k| tmpt = t.dp + ((2 * ix) + 1); 40| | 41| 2.35M| for (iy = ix + 1; iy < pa; iy++) { ------------------ | Branch (41:25): [True: 2.31M, False: 35.2k] ------------------ 42| | /* first calculate the product */ 43| 2.31M| r = (mp_word)tmpx * (mp_word)a->dp[iy]; 44| | 45| | /* now calculate the double precision result, note we use 46| | * addition instead of *2 since it's easier to optimize 47| | */ 48| 2.31M| r = (mp_word)*tmpt + r + r + (mp_word)u; 49| | 50| | /* store lower part */ 51| 2.31M| *tmpt++ = (mp_digit)(r & (mp_word)MP_MASK); ------------------ | | 106| 2.31M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 2.31M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 52| | 53| | /* get carry */ 54| 2.31M| u = (mp_digit)(r >> (mp_word)MP_DIGIT_BIT); ------------------ | | 82| 2.31M|# define MP_DIGIT_BIT 60 ------------------ 55| 2.31M| } 56| | /* propagate upwards */ 57| 65.8k| while (u != 0uL) { ------------------ | Branch (57:14): [True: 30.6k, False: 35.2k] ------------------ 58| 30.6k| r = (mp_word)*tmpt + (mp_word)u; 59| 30.6k| *tmpt++ = (mp_digit)(r & (mp_word)MP_MASK); ------------------ | | 106| 30.6k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 30.6k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 60| 30.6k| u = (mp_digit)(r >> (mp_word)MP_DIGIT_BIT); ------------------ | | 82| 30.6k|# define MP_DIGIT_BIT 60 ------------------ 61| 30.6k| } 62| 35.2k| } 63| | 64| 266| mp_clamp(&t); 65| 266| mp_exch(&t, b); 66| 266| mp_clear(&t); 67| 266| return MP_OKAY; ------------------ | | 161| 266|#define MP_OKAY 0 /* no error */ ------------------ 68| 266|} s_mp_sqr_fast: 17| 949k|{ 18| 949k| int olduse, pa, ix, iz; 19| 949k| mp_digit W[MP_WARRAY], *tmpx; 20| 949k| mp_word W1; 21| 949k| mp_err err; 22| | 23| | /* grow the destination as required */ 24| 949k| pa = a->used + a->used; 25| 949k| if (b->alloc < pa) { ------------------ | Branch (25:8): [True: 1.05k, False: 948k] ------------------ 26| 1.05k| if ((err = mp_grow(b, pa)) != MP_OKAY) { ------------------ | | 161| 1.05k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (26:11): [True: 0, False: 1.05k] ------------------ 27| 0| return err; 28| 0| } 29| 1.05k| } 30| | 31| | /* number of output digits to produce */ 32| 949k| W1 = 0; 33| 11.2M| for (ix = 0; ix < pa; ix++) { ------------------ | Branch (33:17): [True: 10.3M, False: 949k] ------------------ 34| 10.3M| int tx, ty, iy; 35| 10.3M| mp_word _W; 36| 10.3M| mp_digit *tmpy; 37| | 38| | /* clear counter */ 39| 10.3M| _W = 0; 40| | 41| | /* get offsets into the two bignums */ 42| 10.3M| ty = MP_MIN(a->used-1, ix); ------------------ | | 156| 10.3M|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 5.15M, False: 5.15M] | | ------------------ ------------------ 43| 10.3M| tx = ix - ty; 44| | 45| | /* setup temp aliases */ 46| 10.3M| tmpx = a->dp + tx; 47| 10.3M| tmpy = a->dp + ty; 48| | 49| | /* this is the number of times the loop will iterrate, essentially 50| | while (tx++ < a->used && ty-- >= 0) { ... } 51| | */ 52| 10.3M| iy = MP_MIN(a->used-tx, ty+1); ------------------ | | 156| 10.3M|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 5.15M, False: 5.15M] | | ------------------ ------------------ 53| | 54| | /* now for squaring tx can never equal ty 55| | * we halve the distance since they approach at a rate of 2x 56| | * and we have to round because odd cases need to be executed 57| | */ 58| 10.3M| iy = MP_MIN(iy, ((ty-tx)+1)>>1); ------------------ | | 156| 10.3M|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 0, False: 10.3M] | | ------------------ ------------------ 59| | 60| | /* execute loop */ 61| 28.2M| for (iz = 0; iz < iy; iz++) { ------------------ | Branch (61:20): [True: 17.9M, False: 10.3M] ------------------ 62| 17.9M| _W += (mp_word)*tmpx++ * (mp_word)*tmpy--; 63| 17.9M| } 64| | 65| | /* double the inner product and add carry */ 66| 10.3M| _W = _W + _W + W1; 67| | 68| | /* even columns have the square term in them */ 69| 10.3M| if (((unsigned)ix & 1u) == 0u) { ------------------ | Branch (69:11): [True: 5.15M, False: 5.15M] ------------------ 70| 5.15M| _W += (mp_word)a->dp[ix>>1] * (mp_word)a->dp[ix>>1]; 71| 5.15M| } 72| | 73| | /* store it */ 74| 10.3M| W[ix] = (mp_digit)_W & MP_MASK; ------------------ | | 106| 10.3M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 10.3M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 75| | 76| | /* make next carry */ 77| 10.3M| W1 = _W >> (mp_word)MP_DIGIT_BIT; ------------------ | | 82| 10.3M|# define MP_DIGIT_BIT 60 ------------------ 78| 10.3M| } 79| | 80| | /* setup dest */ 81| 949k| olduse = b->used; 82| 949k| b->used = a->used+a->used; 83| | 84| 949k| { 85| 949k| mp_digit *tmpb; 86| 949k| tmpb = b->dp; 87| 11.2M| for (ix = 0; ix < pa; ix++) { ------------------ | Branch (87:20): [True: 10.3M, False: 949k] ------------------ 88| 10.3M| *tmpb++ = W[ix] & MP_MASK; ------------------ | | 106| 10.3M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 10.3M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 89| 10.3M| } 90| | 91| | /* clear unused digits [that existed in the old copy of c] */ 92| 949k| MP_ZERO_DIGITS(tmpb, olduse - ix); ------------------ | | 89| 949k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 949k|do { \ | | 91| 949k| int zd_ = (digits); \ | | 92| 949k| mp_digit* zm_ = (mem); \ | | 93| 967k| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 17.0k, False: 949k] | | ------------------ | | 94| 17.0k| *zm_++ = 0; \ | | 95| 17.0k| } \ | | 96| 949k|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 949k] | | ------------------ ------------------ 93| 949k| } 94| 949k| mp_clamp(b); 95| 949k| return MP_OKAY; ------------------ | | 161| 949k|#define MP_OKAY 0 /* no error */ ------------------ 96| 949k|} s_mp_sub: 8| 4.80M|{ 9| 4.80M| int olduse, min, max; 10| 4.80M| mp_err err; 11| | 12| | /* find sizes */ 13| 4.80M| min = b->used; 14| 4.80M| max = a->used; 15| | 16| | /* init result */ 17| 4.80M| if (c->alloc < max) { ------------------ | Branch (17:8): [True: 44, False: 4.80M] ------------------ 18| 44| if ((err = mp_grow(c, max)) != MP_OKAY) { ------------------ | | 161| 44|#define MP_OKAY 0 /* no error */ ------------------ | Branch (18:11): [True: 0, False: 44] ------------------ 19| 0| return err; 20| 0| } 21| 44| } 22| 4.80M| olduse = c->used; 23| 4.80M| c->used = max; 24| | 25| 4.80M| { 26| 4.80M| mp_digit u, *tmpa, *tmpb, *tmpc; 27| 4.80M| int i; 28| | 29| | /* alias for digit pointers */ 30| 4.80M| tmpa = a->dp; 31| 4.80M| tmpb = b->dp; 32| 4.80M| tmpc = c->dp; 33| | 34| | /* set carry to zero */ 35| 4.80M| u = 0; 36| 101M| for (i = 0; i < min; i++) { ------------------ | Branch (36:19): [True: 96.6M, False: 4.80M] ------------------ 37| | /* T[i] = A[i] - B[i] - U */ 38| 96.6M| *tmpc = (*tmpa++ - *tmpb++) - u; 39| | 40| | /* U = carry bit of T[i] 41| | * Note this saves performing an AND operation since 42| | * if a carry does occur it will propagate all the way to the 43| | * MSB. As a result a single shift is enough to get the carry 44| | */ 45| 96.6M| u = *tmpc >> (MP_SIZEOF_BITS(mp_digit) - 1u); ------------------ | | 167| 96.6M|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) ------------------ 46| | 47| | /* Clear carry from T[i] */ 48| 96.6M| *tmpc++ &= MP_MASK; ------------------ | | 106| 96.6M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 96.6M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 49| 96.6M| } 50| | 51| | /* now copy higher words if any, e.g. if A has more digits than B */ 52| 44.1M| for (; i < max; i++) { ------------------ | Branch (52:14): [True: 39.3M, False: 4.80M] ------------------ 53| | /* T[i] = A[i] - U */ 54| 39.3M| *tmpc = *tmpa++ - u; 55| | 56| | /* U = carry bit of T[i] */ 57| 39.3M| u = *tmpc >> (MP_SIZEOF_BITS(mp_digit) - 1u); ------------------ | | 167| 39.3M|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) ------------------ 58| | 59| | /* Clear carry from T[i] */ 60| 39.3M| *tmpc++ &= MP_MASK; ------------------ | | 106| 39.3M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 39.3M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 61| 39.3M| } 62| | 63| | /* clear digits above used (since we may not have grown result above) */ 64| 4.80M| MP_ZERO_DIGITS(tmpc, olduse - c->used); ------------------ | | 89| 4.80M|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 4.80M|do { \ | | 91| 4.80M| int zd_ = (digits); \ | | 92| 4.80M| mp_digit* zm_ = (mem); \ | | 93| 4.80M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 986, False: 4.80M] | | ------------------ | | 94| 986| *zm_++ = 0; \ | | 95| 986| } \ | | 96| 4.80M|} while (0) | | ------------------ | | | Branch (96:10): [Folded, False: 4.80M] | | ------------------ ------------------ 65| 4.80M| } 66| | 67| 4.80M| mp_clamp(c); 68| 4.80M| return MP_OKAY; ------------------ | | 161| 4.80M|#define MP_OKAY 0 /* no error */ ------------------ 69| 4.80M|} mp_get_i32: 298| 41| { \ 299| 41| utype res = mag(a); \ 300| 41| return (a->sign == MP_NEG) ? (type)-res : (type)res; \ ------------------ | | 152| 41|#define MP_NEG 1 /* negative */ ------------------ | Branch (300:16): [True: 0, False: 41] ------------------ 301| 41| } mp_init_u32: 274| 41| { \ 275| 41| mp_err err; \ 276| 41| if ((err = mp_init(a)) != MP_OKAY) { \ ------------------ | | 161| 41|#define MP_OKAY 0 /* no error */ ------------------ | Branch (276:13): [True: 0, False: 41] ------------------ 277| 0| return err; \ 278| 0| } \ 279| 41| set(a, b); \ 280| 41| return MP_OKAY; \ ------------------ | | 161| 41|#define MP_OKAY 0 /* no error */ ------------------ 281| 41| } m_mp_init_multi: 41| 1.13k|{ 42| 1.13k| mp_int* cur_arg = mp; 43| 1.13k| va_list args; 44| | 45| 1.13k| va_start(args, mp); /* init args to next argument from caller */ 46| 4.80k| while (cur_arg != NULL) { ------------------ | Branch (46:9): [True: 3.67k, False: 1.13k] ------------------ 47| 3.67k| if (mp_init(cur_arg) != MP_OKAY) { ------------------ | | 161| 3.67k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (47:7): [True: 0, False: 3.67k] ------------------ 48| 0| dropbear_exit("Mem alloc error"); 49| 0| } 50| 3.67k| cur_arg = va_arg(args, mp_int*); 51| 3.67k| } 52| 1.13k| va_end(args); 53| 1.13k|} m_mp_alloc_init_multi: 56| 2.57k|{ 57| 2.57k| mp_int** cur_arg = mp; 58| 2.57k| va_list args; 59| | 60| 2.57k| va_start(args, mp); /* init args to next argument from caller */ 61| 10.5k| while (cur_arg != NULL) { ------------------ | Branch (61:9): [True: 7.93k, False: 2.57k] ------------------ 62| 7.93k| *cur_arg = m_malloc(sizeof(mp_int)); 63| 7.93k| if (mp_init(*cur_arg) != MP_OKAY) { ------------------ | | 161| 7.93k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (63:7): [True: 0, False: 7.93k] ------------------ 64| 0| dropbear_exit("Mem alloc error"); 65| 0| } 66| 7.93k| cur_arg = va_arg(args, mp_int**); 67| 7.93k| } 68| 2.57k| va_end(args); 69| 2.57k|} m_mp_free_multi: 72| 1.56k|{ 73| 1.56k| mp_int** cur_arg = mp; 74| 1.56k| va_list args; 75| | 76| 1.56k| va_start(args, mp); /* init args to next argument from caller */ 77| 8.89k| while (cur_arg != NULL) { ------------------ | Branch (77:9): [True: 7.32k, False: 1.56k] ------------------ 78| 7.32k| if (*cur_arg) { ------------------ | Branch (78:7): [True: 3.35k, False: 3.97k] ------------------ 79| 3.35k| mp_clear(*cur_arg); 80| 3.35k| } 81| 7.32k| m_free(*cur_arg); ------------------ | | 24| 7.32k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 7.32k] | | ------------------ ------------------ 82| 7.32k| cur_arg = va_arg(args, mp_int**); 83| 7.32k| } 84| | va_end(args); 85| 1.56k|} bytes_to_mp: 87| 1.48k|void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len) { 88| | 89| 1.48k| if (mp_from_ubin(mp, (unsigned char*)bytes, len) != MP_OKAY) { ------------------ | | 161| 1.48k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (89:6): [True: 0, False: 1.48k] ------------------ 90| 0| dropbear_exit("Mem alloc error"); 91| 0| } 92| 1.48k|} buf_new: 41| 1.48k|buffer* buf_new(unsigned int size) { 42| 1.48k| buffer* buf; 43| 1.48k| if (size > BUF_MAX_SIZE) { ------------------ | | 35| 1.48k|#define BUF_MAX_SIZE 1000000000 ------------------ | Branch (43:6): [True: 0, False: 1.48k] ------------------ 44| 0| dropbear_exit("buf->size too big"); 45| 0| } 46| | 47| 1.48k| buf = (buffer*)m_malloc(sizeof(buffer)+size); 48| 1.48k| buf->data = (unsigned char*)buf + sizeof(buffer); 49| 1.48k| buf->size = size; 50| 1.48k| return buf; 51| 1.48k|} buf_free: 54| 1.49k|void buf_free(buffer* buf) { 55| | m_free(buf); ------------------ | | 24| 1.49k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 1.49k] | | ------------------ ------------------ 56| 1.49k|} buf_incrlen: 104| 192k|void buf_incrlen(buffer* buf, unsigned int incr) { 105| 192k| if (incr > BUF_MAX_INCR || buf->len + incr > buf->size) { ------------------ | | 34| 384k|#define BUF_MAX_INCR 1000000000 ------------------ | Branch (105:6): [True: 0, False: 192k] | Branch (105:29): [True: 0, False: 192k] ------------------ 106| 0| dropbear_exit("Bad buf_incrlen"); 107| 0| } 108| 192k| buf->len += incr; 109| 192k|} buf_setpos: 111| 1.95k|void buf_setpos(buffer* buf, unsigned int pos) { 112| | 113| 1.95k| if (pos > buf->len) { ------------------ | Branch (113:6): [True: 0, False: 1.95k] ------------------ 114| 0| dropbear_exit("Bad buf_setpos"); 115| 0| } 116| 1.95k| buf->pos = pos; 117| 1.95k|} buf_incrwritepos: 120| 1.80k|void buf_incrwritepos(buffer* buf, unsigned int incr) { 121| 1.80k| if (incr > BUF_MAX_INCR || buf->pos + incr > buf->size) { ------------------ | | 34| 3.61k|#define BUF_MAX_INCR 1000000000 ------------------ | Branch (121:6): [True: 0, False: 1.80k] | Branch (121:29): [True: 0, False: 1.80k] ------------------ 122| 0| dropbear_exit("Bad buf_incrwritepos"); 123| 0| } 124| 1.80k| buf->pos += incr; 125| 1.80k| if (buf->pos > buf->len) { ------------------ | Branch (125:6): [True: 1.80k, False: 0] ------------------ 126| 1.80k| buf->len = buf->pos; 127| 1.80k| } 128| 1.80k|} buf_incrpos: 131| 29.0k|void buf_incrpos(buffer* buf, unsigned int incr) { 132| 29.0k| if (incr > BUF_MAX_INCR ------------------ | | 34| 58.0k|#define BUF_MAX_INCR 1000000000 ------------------ | Branch (132:6): [True: 0, False: 29.0k] ------------------ 133| 29.0k| || (buf->pos + incr) > buf->len) { ------------------ | Branch (133:6): [True: 0, False: 29.0k] ------------------ 134| 0| dropbear_exit("Bad buf_incrpos"); 135| 0| } 136| 29.0k| buf->pos += incr; 137| 29.0k|} buf_decrpos: 140| 2.85k|void buf_decrpos(buffer* buf, unsigned int decr) { 141| 2.85k| if (decr > buf->pos) { ------------------ | Branch (141:6): [True: 0, False: 2.85k] ------------------ 142| 0| dropbear_exit("Bad buf_decrpos"); 143| 0| } 144| 2.85k| buf->pos -= decr; 145| 2.85k|} buf_getbyte: 148| 1.57k|unsigned char buf_getbyte(buffer* buf) { 149| | 150| | /* This check is really just ==, but the >= allows us to check for the 151| | * bad case of pos > len, which should _never_ happen. */ 152| 1.57k| if (buf->pos >= buf->len) { ------------------ | Branch (152:6): [True: 24, False: 1.54k] ------------------ 153| 24| dropbear_exit("Bad buf_getbyte"); 154| 24| } 155| 1.54k| return buf->data[buf->pos++]; 156| 1.57k|} buf_putbyte: 169| 191k|void buf_putbyte(buffer* buf, unsigned char val) { 170| | 171| 191k| if (buf->pos >= buf->len) { ------------------ | Branch (171:6): [True: 191k, False: 0] ------------------ 172| 191k| buf_incrlen(buf, 1); 173| 191k| } 174| 191k| buf->data[buf->pos] = val; 175| 191k| buf->pos++; 176| 191k|} buf_getptr: 180| 32.6k|unsigned char* buf_getptr(const buffer* buf, unsigned int len) { 181| | 182| 32.6k| if (len > BUF_MAX_INCR || buf->pos + len > buf->len) { ------------------ | | 34| 65.3k|#define BUF_MAX_INCR 1000000000 ------------------ | Branch (182:6): [True: 0, False: 32.6k] | Branch (182:28): [True: 368, False: 32.2k] ------------------ 183| 368| dropbear_exit("Bad buf_getptr"); 184| 368| } 185| 32.2k| return &buf->data[buf->pos]; 186| 32.6k|} buf_getwriteptr: 190| 2.42k|unsigned char* buf_getwriteptr(const buffer* buf, unsigned int len) { 191| | 192| 2.42k| if (len > BUF_MAX_INCR || buf->pos + len > buf->size) { ------------------ | | 34| 4.85k|#define BUF_MAX_INCR 1000000000 ------------------ | Branch (192:6): [True: 0, False: 2.42k] | Branch (192:28): [True: 0, False: 2.42k] ------------------ 193| 0| dropbear_exit("Bad buf_getwriteptr"); 194| 0| } 195| 2.42k| return &buf->data[buf->pos]; 196| 2.42k|} buf_getstring: 201| 7.10k|char* buf_getstring(buffer* buf, unsigned int *retlen) { 202| | 203| 7.10k| unsigned int len; 204| 7.10k| char* ret; 205| 7.10k| void* src = NULL; 206| 7.10k| len = buf_getint(buf); 207| 7.10k| if (len > MAX_STRING_LEN) { ------------------ | | 253| 7.10k|#define MAX_STRING_LEN (MAX(MAX_CMD_LEN, 2400)) /* Sun SSH needs 2400 for algos, ------------------ | Branch (207:6): [True: 33, False: 7.07k] | Branch (207:12): [True: 7.01k, Folded] ------------------ 208| 33| dropbear_exit("String too long"); 209| 33| } 210| | 211| 7.07k| if (retlen != NULL) { ------------------ | Branch (211:6): [True: 6.98k, False: 89] ------------------ 212| 6.98k| *retlen = len; 213| 6.98k| } 214| 7.07k| src = buf_getptr(buf, len); 215| 7.07k| ret = m_malloc(len+1); 216| 7.07k| memcpy(ret, src, len); 217| 7.07k| buf_incrpos(buf, len); 218| 7.07k| ret[len] = '\0'; 219| | 220| 7.07k| return ret; 221| 7.10k|} buf_getstringbuf: 246| 657|buffer * buf_getstringbuf(buffer *buf) { 247| 657| return buf_getstringbuf_int(buf, 0); 248| 657|} buf_getint: 272| 15.6k|unsigned int buf_getint(buffer* buf) { 273| 15.6k| unsigned int ret; 274| | 275| 15.6k| LOAD32H(ret, buf_getptr(buf, 4)); ------------------ | | 66| 15.6k|#define LOAD32H(x, y) \ | | 67| 15.6k|do { XMEMCPY (&(x), (y), 4); \ | | ------------------ | | | | 39| 15.6k|#define XMEMCPY memcpy | | ------------------ | | 68| 15.6k| (x) = __builtin_bswap32 ((x)); } while(0) | | ------------------ | | | Branch (68:46): [Folded, False: 15.6k] | | ------------------ ------------------ 276| 15.6k| buf_incrpos(buf, 4); 277| 15.6k| return ret; 278| 15.6k|} buf_putint: 281| 74|void buf_putint(buffer* buf, int unsigned val) { 282| | 283| 74| STORE32H(val, buf_getwriteptr(buf, 4)); ------------------ | | 62| 74|#define STORE32H(x, y) \ | | 63| 74|do { ulong32 __t = __builtin_bswap32 ((x)); \ | | 64| 74| XMEMCPY ((y), &__t, 4); } while(0) | | ------------------ | | | | 39| 74|#define XMEMCPY memcpy | | ------------------ | | | Branch (64:39): [Folded, False: 74] | | ------------------ ------------------ 284| 74| buf_incrwritepos(buf, 4); 285| | 286| 74|} buf_putstring: 289| 1|void buf_putstring(buffer* buf, const char* str, unsigned int len) { 290| | 291| 1| buf_putint(buf, len); 292| 1| buf_putbytes(buf, (const unsigned char*)str, len); 293| | 294| 1|} buf_putbytes: 303| 940|void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len) { 304| 940| memcpy(buf_getwriteptr(buf, len), bytes, len); 305| 940| buf_incrwritepos(buf, len); 306| 940|} buf_getmpint: 356| 4.25k|int buf_getmpint(buffer* buf, mp_int* mp) { 357| | 358| 4.25k| unsigned int len; 359| 4.25k| len = buf_getint(buf); 360| | 361| 4.25k| if (len == 0) { ------------------ | Branch (361:6): [True: 890, False: 3.36k] ------------------ 362| 890| mp_zero(mp); 363| 890| return DROPBEAR_SUCCESS; ------------------ | | 111| 890|#define DROPBEAR_SUCCESS 0 ------------------ 364| 890| } 365| | 366| 3.36k| if (len > BUF_MAX_MPINT) { ------------------ | | 38| 3.36k|#define BUF_MAX_MPINT (8240 / 8) ------------------ | Branch (366:6): [True: 67, False: 3.30k] ------------------ 367| 67| return DROPBEAR_FAILURE; ------------------ | | 112| 67|#define DROPBEAR_FAILURE -1 ------------------ 368| 67| } 369| | 370| | /* check for negative */ 371| 3.30k| if (*buf_getptr(buf, 1) & (1 << (CHAR_BIT-1))) { ------------------ | Branch (371:6): [True: 9, False: 3.29k] ------------------ 372| 9| return DROPBEAR_FAILURE; ------------------ | | 112| 9|#define DROPBEAR_FAILURE -1 ------------------ 373| 9| } 374| | 375| 3.29k| if (mp_from_ubin(mp, buf_getptr(buf, len), len) != MP_OKAY) { ------------------ | | 161| 3.29k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (375:6): [True: 0, False: 3.29k] ------------------ 376| 0| return DROPBEAR_FAILURE; ------------------ | | 112| 0|#define DROPBEAR_FAILURE -1 ------------------ 377| 0| } 378| | 379| 3.29k| buf_incrpos(buf, len); 380| 3.29k| return DROPBEAR_SUCCESS; ------------------ | | 111| 3.29k|#define DROPBEAR_SUCCESS 0 ------------------ 381| 3.29k|} buffer.c:buf_getstringbuf_int: 224| 657|static buffer * buf_getstringbuf_int(buffer *buf, int incllen) { 225| 657| buffer *ret = NULL; 226| 657| unsigned int len = buf_getint(buf); 227| 657| int extra = 0; 228| 657| if (len > MAX_STRING_LEN) { ------------------ | | 253| 657|#define MAX_STRING_LEN (MAX(MAX_CMD_LEN, 2400)) /* Sun SSH needs 2400 for algos, ------------------ | Branch (228:6): [True: 27, False: 630] | Branch (228:12): [True: 647, Folded] ------------------ 229| 27| dropbear_exit("String too long"); 230| 27| } 231| 630| if (incllen) { ------------------ | Branch (231:6): [True: 0, False: 630] ------------------ 232| 0| extra = 4; 233| 0| } 234| 630| ret = buf_new(len+extra); 235| 630| if (incllen) { ------------------ | Branch (235:6): [True: 0, False: 630] ------------------ 236| 0| buf_putint(ret, len); 237| 0| } 238| 630| memcpy(buf_getwriteptr(ret, len), buf_getptr(buf, len), len); 239| 630| buf_incrpos(buf, len); 240| 630| buf_incrlen(ret, len); 241| 630| buf_setpos(ret, 0); 242| 630| return ret; 243| 657|} crypto_init: 21| 1|void crypto_init() { 22| | 23| 1| const struct ltc_cipher_descriptor *regciphers[] = { 24| 1|#if DROPBEAR_AES 25| 1| &aes_desc, 26| 1|#endif 27| |#if DROPBEAR_3DES 28| | &des3_desc, 29| |#endif 30| 1| NULL 31| 1| }; 32| | 33| 1| const struct ltc_hash_descriptor *reghashes[] = { 34| |#if DROPBEAR_SHA1_HMAC 35| | &sha1_desc, 36| |#endif 37| 1|#if DROPBEAR_SHA256 38| 1| &sha256_desc, 39| 1|#endif 40| 1|#if DROPBEAR_SHA384 41| 1| &sha384_desc, 42| 1|#endif 43| 1|#if DROPBEAR_SHA512 44| 1| &sha512_desc, 45| 1|#endif 46| 1| NULL 47| 1| }; 48| 1| int i; 49| | 50| 2| for (i = 0; regciphers[i] != NULL; i++) { ------------------ | Branch (50:14): [True: 1, False: 1] ------------------ 51| 1| if (register_cipher(regciphers[i]) == -1) { ------------------ | Branch (51:7): [True: 0, False: 1] ------------------ 52| 0| dropbear_exit("Error registering crypto"); 53| 0| } 54| 1| } 55| | 56| 4| for (i = 0; reghashes[i] != NULL; i++) { ------------------ | Branch (56:14): [True: 3, False: 1] ------------------ 57| 3| if (register_hash(reghashes[i]) == -1) { ------------------ | Branch (57:7): [True: 0, False: 3] ------------------ 58| 0| dropbear_exit("Error registering crypto"); 59| 0| } 60| 3| } 61| | 62| 1|#if DROPBEAR_LTC_PRNG 63| 1| dropbear_ltc_prng = register_prng(&dropbear_prng_desc); 64| 1| if (dropbear_ltc_prng == -1) { ------------------ | Branch (64:6): [True: 0, False: 1] ------------------ 65| 0| dropbear_exit("Error registering crypto"); 66| 0| } 67| 1|#endif 68| | 69| 1| mp_rand_source(dropbear_rand_source); 70| | 71| 1|#if DROPBEAR_ECC 72| 1| ltc_mp = ltm_desc; 73| 1| dropbear_ecc_fill_dp(); 74| 1|#endif 75| 1|} crypto_desc.c:dropbear_rand_source: 13| 4.34k|static mp_err dropbear_rand_source(void* out, size_t size) { 14| 4.34k| genrandom((unsigned char*)out, (unsigned int)size); 15| 4.34k| return MP_OKAY; ------------------ | | 161| 4.34k|#define MP_OKAY 0 /* no error */ ------------------ 16| 4.34k|} dropbear_ed25519_verify: 506| 118|{ 507| 118| hash_state hs; 508| 118| u8 t[32],h[64]; 509| 118| gf p[4],q[4]; 510| | 511| 118| if (slen < 64) return -1; ------------------ | Branch (511:7): [True: 0, False: 118] ------------------ 512| | 513| 118| if (s_lt_l(s + 32) == -1) { ------------------ | Branch (513:7): [True: 73, False: 45] ------------------ 514| 73| return -1; 515| 73| } 516| | 517| 45| if (unpackneg(q,pk)) return -1; ------------------ | Branch (517:7): [True: 20, False: 25] ------------------ 518| | 519| 25| sha512_init(&hs); 520| 25| sha512_process(&hs,s,32); 521| 25| sha512_process(&hs,pk,32); 522| 25| sha512_process(&hs,m,mlen); 523| 25| sha512_done(&hs,h); 524| | 525| 25| reduce(h); 526| 25| scalarmult(p,q,h); 527| | 528| 25| scalarbase(q,s + 32); 529| 25| add(p,q); 530| 25| pack(t,p); 531| | 532| 25| if (crypto_verify_32(s, t)) ------------------ | Branch (532:7): [True: 23, False: 2] ------------------ 533| 23| return -1; 534| | 535| 2| return 0; 536| 25|} curve25519.c:unpack25519: 152| 45|{ 153| 45| int i; 154| 720| FOR(i,16) o[i]=n[2*i]+((i64)n[2*i+1]<<8); ------------------ | | 34| 765|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 720, False: 45] | | ------------------ ------------------ 155| 45| o[15]&=0x7fff; 156| 45|} curve25519.c:sel25519: 98| 102k|{ 99| 102k| i64 t,i,c=~(b-1); 100| 1.64M| FOR(i,16) { ------------------ | | 34| 1.74M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 1.64M, False: 102k] | | ------------------ ------------------ 101| 1.64M| t= c&(p[i]^q[i]); 102| 1.64M| p[i]^=t; 103| 1.64M| q[i]^=t; 104| 1.64M| } 105| 102k|} curve25519.c:A: 159| 128k|{ 160| 128k| int i; 161| 2.05M| FOR(i,16) o[i]=a[i]+b[i]; ------------------ | | 34| 2.17M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 2.05M, False: 128k] | | ------------------ ------------------ 162| 128k|} curve25519.c:Z: 165| 102k|{ 166| 102k| int i; 167| 1.64M| FOR(i,16) o[i]=a[i]-b[i]; ------------------ | | 34| 1.74M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 1.64M, False: 102k] | | ------------------ ------------------ 168| 102k|} curve25519.c:S: 182| 16.5k|{ 183| 16.5k| M(o,a,a); 184| 16.5k|} curve25519.c:M: 171| 264k|{ 172| 264k| i64 i,j,t[31]; 173| 8.18M| FOR(i,31) t[i]=0; ------------------ | | 34| 8.44M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 8.18M, False: 264k] | | ------------------ ------------------ 174| 67.5M| FOR(i,16) FOR(j,16) t[i+j]+=a[i]*b[j]; ------------------ | | 34| 4.48M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 4.22M, False: 264k] | | ------------------ ------------------ FOR(i,16) FOR(j,16) t[i+j]+=a[i]*b[j]; ------------------ | | 34| 71.8M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 67.5M, False: 4.22M] | | ------------------ ------------------ 175| 3.96M| FOR(i,15) t[i]+=38*t[i+16]; ------------------ | | 34| 4.22M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 3.96M, False: 264k] | | ------------------ ------------------ 176| 4.22M| FOR(i,16) o[i]=t[i]; ------------------ | | 34| 4.48M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 4.22M, False: 264k] | | ------------------ ------------------ 177| 264k| car25519(o); 178| 264k| car25519(o); 179| 264k|} curve25519.c:car25519: 86| 528k|{ 87| 528k| int i; 88| 528k| i64 c; 89| 8.46M| FOR(i,16) { ------------------ | | 34| 8.98M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 8.46M, False: 528k] | | ------------------ ------------------ 90| 8.46M| o[i]+=(1LL<<16); 91| 8.46M| c=o[i]>>16; 92| 8.46M| o[(i+1)*(i<15)]+=c-1+37*(c-1)*(i==15); 93| 8.46M| o[i]-=((u64)c)<<16; 94| 8.46M| } 95| 528k|} curve25519.c:inv25519: 187| 25|{ 188| 25| gf c; 189| 25| int a; 190| 400| FOR(a,16) c[a]=i[a]; ------------------ | | 34| 425|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 400, False: 25] | | ------------------ ------------------ 191| 6.37k| for(a=253;a>=0;a--) { ------------------ | Branch (191:13): [True: 6.35k, False: 25] ------------------ 192| 6.35k| S(c,c); 193| 6.35k| if(a!=2&&a!=4) M(c,c,i); ------------------ | Branch (193:8): [True: 6.32k, False: 25] | Branch (193:14): [True: 6.30k, False: 25] ------------------ 194| 6.35k| } 195| 400| FOR(a,16) o[a]=c[a]; ------------------ | | 34| 425|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 400, False: 25] | | ------------------ ------------------ 196| 25|} curve25519.c:pack25519: 108| 235|{ 109| 235| int i,j,b; 110| 235| gf m,t; 111| 3.76k| FOR(i,16) t[i]=n[i]; ------------------ | | 34| 3.99k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 3.76k, False: 235] | | ------------------ ------------------ 112| 235| car25519(t); 113| 235| car25519(t); 114| 235| car25519(t); 115| 470| FOR(j,2) { ------------------ | | 34| 705|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 470, False: 235] | | ------------------ ------------------ 116| 470| m[0]=t[0]-0xffed; 117| 7.05k| for(i=1;i<15;i++) { ------------------ | Branch (117:13): [True: 6.58k, False: 470] ------------------ 118| 6.58k| m[i]=t[i]-0xffff-((m[i-1]>>16)&1); 119| 6.58k| m[i-1]&=0xffff; 120| 6.58k| } 121| 470| m[15]=t[15]-0x7fff-((m[14]>>16)&1); 122| 470| b=(m[15]>>16)&1; 123| 470| m[14]&=0xffff; 124| 470| sel25519(t,m,1-b); 125| 470| } 126| 3.76k| FOR(i,16) { ------------------ | | 34| 3.99k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 3.76k, False: 235] | | ------------------ ------------------ 127| 3.76k| o[2*i]=t[i]&0xff; 128| 3.76k| o[2*i+1]=t[i]>>8; 129| 3.76k| } 130| 235|} curve25519.c:scalarbase: 333| 25|{ 334| 25| gf q[4]; 335| 25| set25519(q[0],X); 336| 25| set25519(q[1],Y); 337| 25| set25519(q[2],gf1); 338| 25| M(q[3],X,Y); 339| 25| scalarmult(p,q,s); 340| 25|} curve25519.c:set25519: 79| 320|{ 80| 320| int i; 81| 5.12k| FOR(i,16) r[i]=a[i]; ------------------ | | 34| 5.44k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 5.12k, False: 320] | | ------------------ ------------------ 82| 320|} curve25519.c:pack: 307| 25|{ 308| 25| gf tx, ty, zi; 309| 25| inv25519(zi, p[2]); 310| 25| M(tx, p[0], zi); 311| 25| M(ty, p[1], zi); 312| 25| pack25519(r, ty); 313| 25| r[31] ^= par25519(tx) << 7; 314| 25|} curve25519.c:par25519: 144| 50|{ 145| 50| u8 d[32]; 146| 50| pack25519(d,a); 147| 50| return d[0]&1; 148| 50|} curve25519.c:reduce: 387| 25|{ 388| 25| i64 x[64],i; 389| 1.60k| FOR(i,64) x[i] = (u64) r[i]; ------------------ | | 34| 1.62k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 1.60k, False: 25] | | ------------------ ------------------ 390| 1.60k| FOR(i,64) r[i] = 0; ------------------ | | 34| 1.62k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 1.60k, False: 25] | | ------------------ ------------------ 391| 25| modL(r,x); 392| 25|} curve25519.c:modL: 361| 25|{ 362| 25| i64 carry,i,j; 363| 825| for (i = 63;i >= 32;--i) { ------------------ | Branch (363:15): [True: 800, False: 25] ------------------ 364| 800| carry = 0; 365| 16.8k| for (j = i - 32;j < i - 12;++j) { ------------------ | Branch (365:21): [True: 16.0k, False: 800] ------------------ 366| 16.0k| x[j] += carry - 16 * x[i] * L[j - (i - 32)]; 367| 16.0k| carry = (x[j] + 128) >> 8; 368| 16.0k| x[j] -= ((u64)carry) << 8; 369| 16.0k| } 370| 800| x[j] += carry; 371| 800| x[i] = 0; 372| 800| } 373| 25| carry = 0; 374| 800| FOR(j,32) { ------------------ | | 34| 825|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 800, False: 25] | | ------------------ ------------------ 375| 800| x[j] += carry - (x[31] >> 4) * L[j]; 376| 800| carry = x[j] >> 8; 377| 800| x[j] &= 255; 378| 800| } 379| 800| FOR(j,32) x[j] -= carry * L[j]; ------------------ | | 34| 825|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 800, False: 25] | | ------------------ ------------------ 380| 800| FOR(i,32) { ------------------ | | 34| 825|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 800, False: 25] | | ------------------ ------------------ 381| 800| x[i+1] += x[i] >> 8; 382| 800| r[i] = x[i] & 255; 383| 800| } 384| 25|} curve25519.c:s_lt_l: 434| 118|static int s_lt_l(const u8 *s) { 435| 118| int i; 436| 243| for (i = 31; i >= 0; i--) { ------------------ | Branch (436:16): [True: 243, False: 0] ------------------ 437| 243| if (s[i] < L[i]) { ------------------ | Branch (437:9): [True: 45, False: 198] ------------------ 438| 45| return 0; 439| 45| } 440| 198| if (s[i] > L[i]) { ------------------ | Branch (440:9): [True: 73, False: 125] ------------------ 441| 73| return -1; 442| 73| } 443| 198| } 444| 0| return -1; 445| 118|} curve25519.c:unpackneg: 464| 45|{ 465| 45| gf t, chk, num, den, den2, den4, den6; 466| 45| set25519(r[2],gf1); 467| 45| unpack25519(r[1],p); 468| | 469| | /* Check that pubkey y < 2^255 - 19 */ 470| 45| if (y_lt_p(r[1])) { ------------------ | Branch (470:7): [True: 5, False: 40] ------------------ 471| 5| return -1; 472| 5| } 473| | 474| 40| S(num,r[1]); 475| 40| M(den,num,D); 476| 40| Z(num,num,r[2]); 477| 40| A(den,r[2],den); 478| | 479| 40| S(den2,den); 480| 40| S(den4,den2); 481| 40| M(den6,den4,den2); 482| 40| M(t,den6,num); 483| 40| M(t,t,den); 484| | 485| 40| pow2523(t,t); 486| 40| M(t,t,num); 487| 40| M(t,t,den); 488| 40| M(t,t,den); 489| 40| M(r[0],t,den); 490| | 491| 40| S(chk,r[0]); 492| 40| M(chk,chk,den); 493| 40| if (neq25519(chk, num)) M(r[0],r[0],I); ------------------ | Branch (493:7): [True: 25, False: 15] ------------------ 494| | 495| 40| S(chk,r[0]); 496| 40| M(chk,chk,den); 497| 40| if (neq25519(chk, num)) return -1; ------------------ | Branch (497:7): [True: 15, False: 25] ------------------ 498| | 499| 25| if (par25519(r[0]) == (p[31]>>7)) Z(r[0],gf0,r[0]); ------------------ | Branch (499:7): [True: 13, False: 12] ------------------ 500| | 501| 25| M(r[3],r[0],r[1]); 502| 25| return 0; 503| 40|} curve25519.c:y_lt_p: 450| 45|static int y_lt_p(const gf y) { 451| 45| int i; 452| 169| for (i = 15; i >= 0; i--) { ------------------ | Branch (452:16): [True: 168, False: 1] ------------------ 453| 168| if (y[i] < field_prime[i]) { ------------------ | Branch (453:9): [True: 40, False: 128] ------------------ 454| 40| return 0; 455| 40| } 456| 128| if (y[i] > field_prime[i]) { ------------------ | Branch (456:9): [True: 4, False: 124] ------------------ 457| 4| return -1; 458| 4| } 459| 128| } 460| 1| return -1; 461| 45|} curve25519.c:pow2523: 200| 40|{ 201| 40| gf c; 202| 40| int a; 203| 640| FOR(a,16) c[a]=i[a]; ------------------ | | 34| 680|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 640, False: 40] | | ------------------ ------------------ 204| 10.0k| for(a=250;a>=0;a--) { ------------------ | Branch (204:13): [True: 10.0k, False: 40] ------------------ 205| 10.0k| S(c,c); 206| 10.0k| if(a!=1) M(c,c,i); ------------------ | Branch (206:8): [True: 10.0k, False: 40] ------------------ 207| 10.0k| } 208| 640| FOR(a,16) o[a]=c[a]; ------------------ | | 34| 680|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 640, False: 40] | | ------------------ ------------------ 209| 40|} curve25519.c:neq25519: 135| 80|{ 136| 80| u8 c[32],d[32]; 137| 80| pack25519(c,a); 138| 80| pack25519(d,b); 139| 80| return crypto_verify_32(c,d); 140| 80|} curve25519.c:scalarmult: 317| 50|{ 318| 50| int i; 319| 50| set25519(p[0],gf0); 320| 50| set25519(p[1],gf1); 321| 50| set25519(p[2],gf1); 322| 50| set25519(p[3],gf0); 323| 12.8k| for (i = 255;i >= 0;--i) { ------------------ | Branch (323:16): [True: 12.8k, False: 50] ------------------ 324| 12.8k| u8 b = (s[i/8]>>(i&7))&1; 325| 12.8k| cswap(p,q,b); 326| 12.8k| add(q,p); 327| 12.8k| add(p,p); 328| 12.8k| cswap(p,q,b); 329| 12.8k| } 330| 50|} curve25519.c:cswap: 300| 25.6k|{ 301| 25.6k| int i; 302| 25.6k| FOR(i,4) ------------------ | | 34| 128k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 102k, False: 25.6k] | | ------------------ ------------------ 303| 102k| sel25519(p[i],q[i],b); 304| 25.6k|} curve25519.c:add: 275| 25.6k|{ 276| 25.6k| gf a,b,c,d,t,e,f,g,h; 277| | 278| 25.6k| Z(a, p[1], p[0]); 279| 25.6k| Z(t, q[1], q[0]); 280| 25.6k| M(a, a, t); 281| 25.6k| A(b, p[0], p[1]); 282| 25.6k| A(t, q[0], q[1]); 283| 25.6k| M(b, b, t); 284| 25.6k| M(c, p[3], q[3]); 285| 25.6k| M(c, c, D2); 286| 25.6k| M(d, p[2], q[2]); 287| 25.6k| A(d, d, d); 288| 25.6k| Z(e, b, a); 289| 25.6k| Z(f, d, c); 290| 25.6k| A(g, d, c); 291| 25.6k| A(h, b, a); 292| | 293| 25.6k| M(p[0], e, f); 294| 25.6k| M(p[1], h, g); 295| 25.6k| M(p[2], g, f); 296| 25.6k| M(p[3], e, h); 297| 25.6k|} curve25519.c:crypto_verify_32: 73| 105|{ 74| 105| return vn(x,y,32); 75| 105|} curve25519.c:vn: 66| 105|{ 67| 105| u32 i,d = 0; 68| 3.36k| FOR(i,n) d |= x[i]^y[i]; ------------------ | | 34| 3.46k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 3.36k, False: 105] | | ------------------ ------------------ 69| 105| return (1 & ((d - 1) >> 8)) - 1; 70| 105|} m_burn: 5| 4.87k|void m_burn(void *data, unsigned int len) { 6| | 7| |#if defined(HAVE_MEMSET_S) 8| | memset_s(data, len, 0x0, len); 9| |#elif defined(HAVE_EXPLICIT_BZERO) 10| | explicit_bzero(data, len); 11| |#else 12| | /* This must be volatile to avoid compiler optimisation */ 13| | volatile void *p = data; 14| | memset((void*)p, 0x0, len); 15| |#endif 16| 4.87k|} m_calloc: 5| 1.87M|void * m_calloc(size_t nmemb, size_t size) { 6| 1.87M| if (SIZE_T_MAX / nmemb < size) { ------------------ | | 175| 1.87M|#define SIZE_T_MAX ULONG_MAX ------------------ | Branch (6:9): [True: 0, False: 1.87M] ------------------ 7| 0| dropbear_exit("m_calloc failed"); 8| 0| } 9| 1.87M| return m_malloc(nmemb*size); 10| 1.87M|} m_malloc_set_epoch: 76| 2.92k|void m_malloc_set_epoch(unsigned int epoch) { 77| 2.92k| current_epoch = epoch; 78| 2.92k|} m_malloc_free_epoch: 80| 2.92k|void m_malloc_free_epoch(unsigned int epoch, int dofree) { 81| 2.92k| struct dbmalloc_header* header; 82| 2.92k| struct dbmalloc_header* nextheader = NULL; 83| 2.92k| struct dbmalloc_header* oldstaple = staple; 84| 2.92k| staple = NULL; 85| | /* free allocations from this epoch, create a new staple-anchored list from 86| | the remainder */ 87| 10.9k| for (header = oldstaple; header; header = nextheader) ------------------ | Branch (87:30): [True: 8.06k, False: 2.92k] ------------------ 88| 8.06k| { 89| 8.06k| nextheader = header->next; 90| 8.06k| if (header->epoch == epoch) { ------------------ | Branch (90:13): [True: 2.22k, False: 5.84k] ------------------ 91| 2.22k| if (dofree) { ------------------ | Branch (91:17): [True: 2.22k, False: 0] ------------------ 92| 2.22k| free(header); 93| 2.22k| } 94| 5.84k| } else { 95| 5.84k| header->prev = NULL; 96| | header->next = NULL; 97| 5.84k| put_alloc(header); 98| 5.84k| } 99| 8.06k| } 100| 2.92k|} m_malloc: 131| 1.89M|void * m_malloc(size_t size) { 132| 1.89M| char* mem = NULL; 133| 1.89M| struct dbmalloc_header* header = NULL; 134| | 135| 1.89M| if (size == 0 || size > 1e9) { ------------------ | Branch (135:9): [True: 0, False: 1.89M] | Branch (135:22): [True: 0, False: 1.89M] ------------------ 136| 0| dropbear_exit("m_malloc failed"); 137| 0| } 138| | 139| 1.89M| size = size + sizeof(struct dbmalloc_header); 140| | 141| 1.89M| mem = calloc(1, size); 142| 1.89M| if (mem == NULL) { ------------------ | Branch (142:9): [True: 0, False: 1.89M] ------------------ 143| 0| dropbear_exit("m_malloc failed"); 144| 0| } 145| 1.89M| header = (struct dbmalloc_header*)mem; 146| 1.89M| put_alloc(header); 147| 1.89M| header->epoch = current_epoch; 148| 1.89M| return &mem[sizeof(struct dbmalloc_header)]; 149| 1.89M|} m_realloc: 151| 539k|void * m_realloc(void* ptr, size_t size) { 152| 539k| char* mem = NULL; 153| 539k| struct dbmalloc_header* header = NULL; 154| 539k| if (size == 0 || size > 1e9) { ------------------ | Branch (154:9): [True: 0, False: 539k] | Branch (154:22): [True: 0, False: 539k] ------------------ 155| 0| dropbear_exit("m_realloc failed"); 156| 0| } 157| | 158| 539k| header = get_header(ptr); 159| 539k| remove_alloc(header); 160| | 161| 539k| size = size + sizeof(struct dbmalloc_header); 162| 539k| mem = realloc(header, size); 163| 539k| if (mem == NULL) { ------------------ | Branch (163:9): [True: 0, False: 539k] ------------------ 164| 0| dropbear_exit("m_realloc failed"); 165| 0| } 166| | 167| 539k| header = (struct dbmalloc_header*)mem; 168| 539k| put_alloc(header); 169| 539k| return &mem[sizeof(struct dbmalloc_header)]; 170| 539k|} m_free_direct: 172| 1.90M|void m_free_direct(void* ptr) { 173| 1.90M| struct dbmalloc_header* header = NULL; 174| 1.90M| if (!ptr) { ------------------ | Branch (174:9): [True: 6.41k, False: 1.89M] ------------------ 175| 6.41k| return; 176| 6.41k| } 177| 1.89M| header = get_header(ptr); 178| 1.89M| remove_alloc(header); 179| 1.89M| free(header); 180| 1.89M|} m_realloc_ltm: 184| 539k|void * m_realloc_ltm(void* ptr, size_t oldsize, size_t newsize) { 185| 539k| (void)oldsize; 186| 539k| return m_realloc(ptr, newsize); 187| 539k|} m_free_ltm: 189| 1.47M|void m_free_ltm(void *mem, size_t size) { 190| 1.47M| (void)size; 191| 1.47M| m_free_direct(mem); 192| 1.47M|} dbmalloc.c:put_alloc: 102| 2.44M|static void put_alloc(struct dbmalloc_header *header) { 103| 2.44M| assert(header->next == NULL); ------------------ | Branch (103:5): [True: 0, False: 2.44M] | Branch (103:5): [True: 2.44M, False: 0] ------------------ 104| 2.44M| assert(header->prev == NULL); ------------------ | Branch (104:5): [True: 0, False: 2.44M] | Branch (104:5): [True: 2.44M, False: 0] ------------------ 105| 2.44M| if (staple) { ------------------ | Branch (105:9): [True: 2.44M, False: 2.92k] ------------------ 106| 2.44M| staple->prev = header; 107| 2.44M| } 108| 2.44M| header->next = staple; 109| 2.44M| staple = header; 110| 2.44M|} dbmalloc.c:get_header: 126| 2.43M|static struct dbmalloc_header* get_header(void* ptr) { 127| 2.43M| char* bptr = ptr; 128| 2.43M| return (struct dbmalloc_header*)&bptr[-sizeof(struct dbmalloc_header)]; 129| 2.43M|} dbmalloc.c:remove_alloc: 112| 2.43M|static void remove_alloc(struct dbmalloc_header *header) { 113| 2.43M| if (header->prev) { ------------------ | Branch (113:9): [True: 1.61M, False: 816k] ------------------ 114| 1.61M| header->prev->next = header->next; 115| 1.61M| } 116| 2.43M| if (header->next) { ------------------ | Branch (116:9): [True: 2.43M, False: 0] ------------------ 117| 2.43M| header->next->prev = header->prev; 118| 2.43M| } 119| 2.43M| if (staple == header) { ------------------ | Branch (119:9): [True: 816k, False: 1.61M] ------------------ 120| 816k| staple = header->next; 121| 816k| } 122| 2.43M| header->prev = NULL; 123| | header->next = NULL; 124| 2.43M|} fuzz_seed: 153| 2.92k|void fuzz_seed(const unsigned char* dat, unsigned int len) { 154| 2.92k| hash_state hs; 155| 2.92k| sha256_init(&hs); 156| 2.92k| sha256_process(&hs, "fuzzfuzzfuzz", strlen("fuzzfuzzfuzz")); 157| 2.92k| sha256_process(&hs, dat, len); 158| 2.92k| sha256_done(&hs, hashpool); 159| 2.92k| counter = 0; 160| 2.92k| donerandinit = 1; 161| 2.92k|} genrandom: 313| 4.34k|void genrandom(unsigned char* buf, unsigned int len) { 314| | 315| 4.34k| hash_state hs; 316| 4.34k| unsigned char hash[SHA256_HASH_SIZE]; 317| 4.34k| unsigned int copylen; 318| | 319| 4.34k| if (!donerandinit) { ------------------ | Branch (319:6): [True: 0, False: 4.34k] ------------------ 320| 0| dropbear_exit("seedrandom not done"); 321| 0| } 322| | 323| 8.68k| while (len > 0) { ------------------ | Branch (323:9): [True: 4.34k, False: 4.34k] ------------------ 324| 4.34k| sha256_init(&hs); 325| 4.34k| sha256_process(&hs, (void*)hashpool, sizeof(hashpool)); 326| 4.34k| sha256_process(&hs, (void*)&counter, sizeof(counter)); 327| 4.34k| sha256_done(&hs, hash); 328| | 329| 4.34k| counter++; 330| 4.34k| if (counter > MAX_COUNTER) { ------------------ | | 35| 4.34k|#define MAX_COUNTER (1<<30) ------------------ | Branch (330:7): [True: 0, False: 4.34k] ------------------ 331| 0| seedrandom(); 332| 0| } 333| | 334| | copylen = MIN(len, SHA256_HASH_SIZE); ------------------ | Branch (334:13): [True: 4.34k, False: 0] ------------------ 335| 4.34k| memcpy(buf, hash, copylen); 336| 4.34k| len -= copylen; 337| 4.34k| buf += copylen; 338| 4.34k| } 339| 4.34k| m_burn(hash, sizeof(hash)); 340| 4.34k|} dropbear_exit: 105| 531|void dropbear_exit(const char* format, ...) { 106| | 107| 531| va_list param; 108| | 109| 531| va_start(param, format); 110| 531| _dropbear_exit(EXIT_FAILURE, format, param); 111| 531| va_end(param); 112| 0|} dropbear_log: 148| 148|void dropbear_log(int priority, const char* format, ...) { 149| | 150| 148| va_list param; 151| | 152| 148| va_start(param, format); 153| 148| _dropbear_log(priority, format, param); 154| | va_end(param); 155| 148|} disallow_core: 610| 1|void disallow_core() { 611| 1| struct rlimit lim = {0}; 612| 1| if (getrlimit(RLIMIT_CORE, &lim) < 0) { ------------------ | Branch (612:6): [True: 0, False: 1] ------------------ 613| 0| TRACE(("getrlimit(RLIMIT_CORE) failed")); 614| 0| } 615| 1| lim.rlim_cur = 0; 616| 1| if (setrlimit(RLIMIT_CORE, &lim) < 0) { ------------------ | Branch (616:6): [True: 0, False: 1] ------------------ 617| 0| TRACE(("setrlimit(RLIMIT_CORE) failed")); 618| 0| } 619| 1|} dbutil.c:generic_dropbear_exit: 115| 531| va_list param) { 116| | 117| 531| char fmtbuf[300]; 118| | 119| 531| snprintf(fmtbuf, sizeof(fmtbuf), "Exited: %s", format); 120| | 121| 531| _dropbear_log(LOG_INFO, fmtbuf, param); 122| | 123| 531|#if DROPBEAR_FUZZ 124| 531| if (fuzz.do_jmp) { ------------------ | Branch (124:9): [True: 531, False: 0] ------------------ 125| 531| longjmp(fuzz.jmp, 1); 126| 531| } 127| 0|#endif 128| | 129| 0| exit(exitcode); 130| 531|} buf_get_dss_pub_key: 46| 373|int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key) { 47| 373| int ret = DROPBEAR_FAILURE; ------------------ | | 112| 373|#define DROPBEAR_FAILURE -1 ------------------ 48| | 49| 373| TRACE(("enter buf_get_dss_pub_key")) 50| 373| dropbear_assert(key != NULL); ------------------ | | 84| 373|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (84:37): [True: 0, False: 373] | | | Branch (84:93): [Folded, False: 373] | | ------------------ ------------------ 51| 373| m_mp_alloc_init_multi(&key->p, &key->q, &key->g, &key->y, NULL); 52| 373| key->x = NULL; 53| | 54| 373| buf_incrpos(buf, 4+SSH_SIGNKEY_DSS_LEN); /* int + "ssh-dss" */ ------------------ | | 115| 373|#define SSH_SIGNKEY_DSS_LEN 7 ------------------ 55| 373| if (buf_getmpint(buf, key->p) == DROPBEAR_FAILURE ------------------ | | 112| 746|#define DROPBEAR_FAILURE -1 ------------------ | Branch (55:6): [True: 24, False: 349] ------------------ 56| 349| || buf_getmpint(buf, key->q) == DROPBEAR_FAILURE ------------------ | | 112| 722|#define DROPBEAR_FAILURE -1 ------------------ | Branch (56:6): [True: 21, False: 328] ------------------ 57| 328| || buf_getmpint(buf, key->g) == DROPBEAR_FAILURE ------------------ | | 112| 701|#define DROPBEAR_FAILURE -1 ------------------ | Branch (57:6): [True: 8, False: 320] ------------------ 58| 320| || buf_getmpint(buf, key->y) == DROPBEAR_FAILURE) { ------------------ | | 112| 320|#define DROPBEAR_FAILURE -1 ------------------ | Branch (58:6): [True: 8, False: 312] ------------------ 59| 20| TRACE(("leave buf_get_dss_pub_key: failed reading mpints")) 60| 20| ret = DROPBEAR_FAILURE; ------------------ | | 112| 20|#define DROPBEAR_FAILURE -1 ------------------ 61| 20| goto out; 62| 20| } 63| | 64| 353| if (mp_count_bits(key->p) != DSS_P_BITS) { ------------------ | | 44| 353|#define DSS_P_BITS 1024 ------------------ | Branch (64:6): [True: 24, False: 329] ------------------ 65| 24| dropbear_log(LOG_WARNING, "Bad DSS p"); 66| 24| ret = DROPBEAR_FAILURE; ------------------ | | 112| 24|#define DROPBEAR_FAILURE -1 ------------------ 67| 24| goto out; 68| 24| } 69| | 70| 329| if (mp_count_bits(key->q) != DSS_Q_BITS) { ------------------ | | 45| 329|#define DSS_Q_BITS 160 ------------------ | Branch (70:6): [True: 27, False: 302] ------------------ 71| 27| dropbear_log(LOG_WARNING, "Bad DSS q"); 72| 27| ret = DROPBEAR_FAILURE; ------------------ | | 112| 27|#define DROPBEAR_FAILURE -1 ------------------ 73| 27| goto out; 74| 27| } 75| | 76| | /* test 1 < g < p */ 77| 302| if (mp_cmp_d(key->g, 1) != MP_GT) { ------------------ | | 156| 302|#define MP_GT 1 /* greater than */ ------------------ | Branch (77:6): [True: 1, False: 301] ------------------ 78| 1| dropbear_log(LOG_WARNING, "Bad DSS g"); 79| 1| ret = DROPBEAR_FAILURE; ------------------ | | 112| 1|#define DROPBEAR_FAILURE -1 ------------------ 80| 1| goto out; 81| 1| } 82| 301| if (mp_cmp(key->g, key->p) != MP_LT) { ------------------ | | 154| 301|#define MP_LT -1 /* less than */ ------------------ | Branch (82:6): [True: 2, False: 299] ------------------ 83| 2| dropbear_log(LOG_WARNING, "Bad DSS g"); 84| 2| ret = DROPBEAR_FAILURE; ------------------ | | 112| 2|#define DROPBEAR_FAILURE -1 ------------------ 85| 2| goto out; 86| 2| } 87| | 88| 299| ret = DROPBEAR_SUCCESS; ------------------ | | 111| 299|#define DROPBEAR_SUCCESS 0 ------------------ 89| 299| TRACE(("leave buf_get_dss_pub_key: success")) 90| 332|out: 91| 332| if (ret == DROPBEAR_FAILURE) { ------------------ | | 112| 332|#define DROPBEAR_FAILURE -1 ------------------ | Branch (91:6): [True: 74, False: 258] ------------------ 92| | m_mp_free_multi(&key->p, &key->q, &key->g, &key->y, NULL); 93| 74| } 94| 332| return ret; 95| 299|} dss_key_free: 122| 2.83k|void dss_key_free(dropbear_dss_key *key) { 123| | 124| 2.83k| TRACE2(("enter dsa_key_free")) 125| 2.83k| if (key == NULL) { ------------------ | Branch (125:6): [True: 2.50k, False: 329] ------------------ 126| 2.50k| TRACE2(("enter dsa_key_free: key == NULL")) 127| 2.50k| return; 128| 2.50k| } 129| 329| m_mp_free_multi(&key->p, &key->q, &key->g, &key->y, &key->x, NULL); 130| | m_free(key); ------------------ | | 24| 329|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 329] | | ------------------ ------------------ 131| 329| TRACE2(("leave dsa_key_free")) 132| 329|} buf_dss_verify: 165| 256|int buf_dss_verify(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf) { 166| 256| unsigned char msghash[SHA1_HASH_SIZE]; 167| 256| hash_state hs; 168| 256| int ret = DROPBEAR_FAILURE; ------------------ | | 112| 256|#define DROPBEAR_FAILURE -1 ------------------ 169| 256| DEF_MP_INT(val1); ------------------ | | 81| 256|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 170| 256| DEF_MP_INT(val2); ------------------ | | 81| 256|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 171| 256| DEF_MP_INT(val3); ------------------ | | 81| 256|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 172| 256| DEF_MP_INT(val4); ------------------ | | 81| 256|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 173| 256| char * string = NULL; 174| 256| unsigned int stringlen; 175| | 176| 256| TRACE(("enter buf_dss_verify")) 177| 256| dropbear_assert(key != NULL); ------------------ | | 84| 256|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (84:37): [True: 0, False: 256] | | | Branch (84:93): [Folded, False: 256] | | ------------------ ------------------ 178| | 179| 256| m_mp_init_multi(&val1, &val2, &val3, &val4, NULL); 180| | 181| | /* get blob, check length */ 182| 256| string = buf_getstring(buf, &stringlen); 183| 256| if (stringlen != 2*SHA1_HASH_SIZE) { ------------------ | | 133| 256|#define SHA1_HASH_SIZE 20 ------------------ | Branch (183:6): [True: 19, False: 237] ------------------ 184| 19| goto out; 185| 19| } 186| | 187| |#if DEBUG_DSS_VERIFY 188| | printmpint("dss verify p", key->p); 189| | printmpint("dss verify q", key->q); 190| | printmpint("dss verify g", key->g); 191| | printmpint("dss verify y", key->y); 192| |#endif 193| | 194| | /* hash the data */ 195| 237| sha1_init(&hs); 196| 237| sha1_process(&hs, data_buf->data, data_buf->len); 197| 237| sha1_done(&hs, msghash); 198| | 199| | /* create the signature - s' and r' are the received signatures in buf */ 200| | /* w = (s')-1 mod q */ 201| | /* let val1 = s' */ 202| 237| bytes_to_mp(&val1, (const unsigned char*) &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE); ------------------ | | 133| 237|#define SHA1_HASH_SIZE 20 ------------------ bytes_to_mp(&val1, (const unsigned char*) &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE); ------------------ | | 133| 237|#define SHA1_HASH_SIZE 20 ------------------ 203| |#if DEBUG_DSS_VERIFY 204| | printmpint("dss verify s'", &val1); 205| |#endif 206| | 207| 237| if (mp_cmp(&val1, key->q) != MP_LT) { ------------------ | | 154| 237|#define MP_LT -1 /* less than */ ------------------ | Branch (207:6): [True: 2, False: 235] ------------------ 208| 2| TRACE(("verify failed, s' >= q")) 209| 2| goto out; 210| 2| } 211| 235| if (mp_cmp_d(&val1, 0) != MP_GT) { ------------------ | | 156| 235|#define MP_GT 1 /* greater than */ ------------------ | Branch (211:6): [True: 1, False: 234] ------------------ 212| 1| TRACE(("verify failed, s' <= 0")) 213| 1| goto out; 214| 1| } 215| | /* let val2 = w = (s')^-1 mod q*/ 216| 234| if (mp_invmod(&val1, key->q, &val2) != MP_OKAY) { ------------------ | | 161| 234|#define MP_OKAY 0 /* no error */ ------------------ | Branch (216:6): [True: 6, False: 228] ------------------ 217| 6| goto out; 218| 6| } 219| | 220| | /* u1 = ((SHA(M')w) mod q */ 221| | /* let val1 = SHA(M') = msghash */ 222| 228| bytes_to_mp(&val1, msghash, SHA1_HASH_SIZE); ------------------ | | 133| 228|#define SHA1_HASH_SIZE 20 ------------------ 223| |#if DEBUG_DSS_VERIFY 224| | printmpint("dss verify r'", &val1); 225| |#endif 226| | 227| | /* let val3 = u1 = ((SHA(M')w) mod q */ 228| 228| if (mp_mulmod(&val1, &val2, key->q, &val3) != MP_OKAY) { ------------------ | | 161| 228|#define MP_OKAY 0 /* no error */ ------------------ | Branch (228:6): [True: 0, False: 228] ------------------ 229| 0| goto out; 230| 0| } 231| | 232| | /* u2 = ((r')w) mod q */ 233| | /* let val1 = r' */ 234| 228| bytes_to_mp(&val1, (const unsigned char*) &string[0], SHA1_HASH_SIZE); ------------------ | | 133| 228|#define SHA1_HASH_SIZE 20 ------------------ 235| 228| if (mp_cmp(&val1, key->q) != MP_LT) { ------------------ | | 154| 228|#define MP_LT -1 /* less than */ ------------------ | Branch (235:6): [True: 2, False: 226] ------------------ 236| 2| TRACE(("verify failed, r' >= q")) 237| 2| goto out; 238| 2| } 239| 226| if (mp_cmp_d(&val1, 0) != MP_GT) { ------------------ | | 156| 226|#define MP_GT 1 /* greater than */ ------------------ | Branch (239:6): [True: 2, False: 224] ------------------ 240| 2| TRACE(("verify failed, r' <= 0")) 241| 2| goto out; 242| 2| } 243| | /* let val4 = u2 = ((r')w) mod q */ 244| 224| if (mp_mulmod(&val1, &val2, key->q, &val4) != MP_OKAY) { ------------------ | | 161| 224|#define MP_OKAY 0 /* no error */ ------------------ | Branch (244:6): [True: 0, False: 224] ------------------ 245| 0| goto out; 246| 0| } 247| | 248| | /* v = (((g)^u1 (y)^u2) mod p) mod q */ 249| | /* val2 = g^u1 mod p */ 250| 224| if (mp_exptmod(key->g, &val3, key->p, &val2) != MP_OKAY) { ------------------ | | 161| 224|#define MP_OKAY 0 /* no error */ ------------------ | Branch (250:6): [True: 0, False: 224] ------------------ 251| 0| goto out; 252| 0| } 253| | /* val3 = y^u2 mod p */ 254| 224| if (mp_exptmod(key->y, &val4, key->p, &val3) != MP_OKAY) { ------------------ | | 161| 224|#define MP_OKAY 0 /* no error */ ------------------ | Branch (254:6): [True: 0, False: 224] ------------------ 255| 0| goto out; 256| 0| } 257| | /* val4 = ((g)^u1 (y)^u2) mod p */ 258| 224| if (mp_mulmod(&val2, &val3, key->p, &val4) != MP_OKAY) { ------------------ | | 161| 224|#define MP_OKAY 0 /* no error */ ------------------ | Branch (258:6): [True: 0, False: 224] ------------------ 259| 0| goto out; 260| 0| } 261| | /* val2 = v = (((g)^u1 (y)^u2) mod p) mod q */ 262| 224| if (mp_mod(&val4, key->q, &val2) != MP_OKAY) { ------------------ | | 161| 224|#define MP_OKAY 0 /* no error */ ------------------ | Branch (262:6): [True: 0, False: 224] ------------------ 263| 0| goto out; 264| 0| } 265| | 266| | /* check whether signatures verify */ 267| 224| if (mp_cmp(&val2, &val1) == MP_EQ) { ------------------ | | 155| 224|#define MP_EQ 0 /* equal to */ ------------------ | Branch (267:6): [True: 128, False: 96] ------------------ 268| | /* good sig */ 269| 128| ret = DROPBEAR_SUCCESS; ------------------ | | 111| 128|#define DROPBEAR_SUCCESS 0 ------------------ 270| 128| } 271| | 272| 255|out: 273| 255| mp_clear_multi(&val1, &val2, &val3, &val4, NULL); 274| 255| m_free(string); ------------------ | | 24| 255|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 255] | | ------------------ ------------------ 275| | 276| 255| return ret; 277| | 278| 224|} dropbear_ecc_fill_dp: 47| 1|void dropbear_ecc_fill_dp() { 48| 1| struct dropbear_ecc_curve **curve; 49| | /* libtomcrypt guarantees they're ordered by size */ 50| 1| const ltc_ecc_set_type *dp = ltc_ecc_sets; 51| 4| for (curve = dropbear_ecc_curves; *curve; curve++) { ------------------ | Branch (51:36): [True: 3, False: 1] ------------------ 52| 5| for (;dp->size > 0; dp++) { ------------------ | Branch (52:9): [True: 5, False: 0] ------------------ 53| 5| if (dp->size == (*curve)->ltc_size) { ------------------ | Branch (53:8): [True: 3, False: 2] ------------------ 54| 3| (*curve)->dp = dp; 55| 3| break; 56| 3| } 57| 5| } 58| 3| if (!(*curve)->dp) { ------------------ | Branch (58:7): [True: 0, False: 3] ------------------ 59| 0| dropbear_exit("Missing ECC params %s", (*curve)->name); 60| 0| } 61| 3| } 62| 1|} curve_for_dp: 64| 309|struct dropbear_ecc_curve* curve_for_dp(const ltc_ecc_set_type *dp) { 65| 309| struct dropbear_ecc_curve **curve = NULL; 66| 471| for (curve = dropbear_ecc_curves; *curve; curve++) { ------------------ | Branch (66:36): [True: 471, False: 0] ------------------ 67| 471| if ((*curve)->dp == dp) { ------------------ | Branch (67:7): [True: 309, False: 162] ------------------ 68| 309| break; 69| 309| } 70| 471| } 71| 309| assert(*curve); ------------------ | Branch (71:2): [True: 0, False: 309] | Branch (71:2): [True: 309, False: 0] ------------------ 72| 309| return *curve; 73| 309|} new_ecc_key: 75| 512|ecc_key * new_ecc_key(void) { 76| 512| ecc_key *key = m_malloc(sizeof(*key)); 77| 512| m_mp_alloc_init_multi((mp_int**)&key->pubkey.x, (mp_int**)&key->pubkey.y, 78| | (mp_int**)&key->pubkey.z, (mp_int**)&key->k, NULL); 79| 512| return key; 80| 512|} buf_get_ecc_raw_pubkey: 147| 582|ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *curve) { 148| 582| ecc_key *key = NULL; 149| 582| int ret = DROPBEAR_FAILURE; ------------------ | | 112| 582|#define DROPBEAR_FAILURE -1 ------------------ 150| 582| const unsigned int size = curve->dp->size; 151| 582| unsigned char first; 152| | 153| 582| TRACE(("enter buf_get_ecc_raw_pubkey")) 154| | 155| 582| buf_setpos(buf, 0); 156| 582| first = buf_getbyte(buf); 157| 582| if (first == 2 || first == 3) { ------------------ | Branch (157:6): [True: 10, False: 572] | Branch (157:20): [True: 2, False: 570] ------------------ 158| 5| dropbear_log(LOG_WARNING, "Dropbear doesn't support ECC point compression"); 159| 5| return NULL; 160| 5| } 161| 577| if (first != 4 || buf->len != 1+2*size) { ------------------ | Branch (161:6): [True: 38, False: 539] | Branch (161:20): [True: 27, False: 512] ------------------ 162| 58| TRACE(("leave, wrong size")) 163| 58| return NULL; 164| 58| } 165| | 166| 519| key = new_ecc_key(); 167| 519| key->dp = curve->dp; 168| | 169| 519| if (mp_from_ubin(key->pubkey.x, buf_getptr(buf, size), size) != MP_OKAY) { ------------------ | | 161| 519|#define MP_OKAY 0 /* no error */ ------------------ | Branch (169:6): [True: 0, False: 519] ------------------ 170| 0| TRACE(("failed to read x")) 171| 0| goto out; 172| 0| } 173| 519| buf_incrpos(buf, size); 174| | 175| 519| if (mp_from_ubin(key->pubkey.y, buf_getptr(buf, size), size) != MP_OKAY) { ------------------ | | 161| 519|#define MP_OKAY 0 /* no error */ ------------------ | Branch (175:6): [True: 0, False: 519] ------------------ 176| 0| TRACE(("failed to read y")) 177| 0| goto out; 178| 0| } 179| 519| buf_incrpos(buf, size); 180| | 181| 519| mp_set(key->pubkey.z, 1); 182| | 183| 519| if (ecc_is_point(key) != CRYPT_OK) { ------------------ | Branch (183:6): [True: 199, False: 320] ------------------ 184| 199| TRACE(("failed, not a point")) 185| 199| goto out; 186| 199| } 187| | 188| | /* SEC1 3.2.3.1 Check that Q != 0 */ 189| 320| if (mp_cmp_d(key->pubkey.x, 0) == LTC_MP_EQ) { ------------------ | | 13| 320|#define LTC_MP_EQ 0 ------------------ | Branch (189:6): [True: 0, False: 320] ------------------ 190| 0| TRACE(("failed, x == 0")) 191| 0| goto out; 192| 0| } 193| 320| if (mp_cmp_d(key->pubkey.y, 0) == LTC_MP_EQ) { ------------------ | | 13| 320|#define LTC_MP_EQ 0 ------------------ | Branch (193:6): [True: 0, False: 320] ------------------ 194| 0| TRACE(("failed, y == 0")) 195| 0| goto out; 196| 0| } 197| | 198| 320| ret = DROPBEAR_SUCCESS; ------------------ | | 111| 320|#define DROPBEAR_SUCCESS 0 ------------------ 199| | 200| 512| out: 201| 512| if (ret == DROPBEAR_FAILURE) { ------------------ | | 112| 512|#define DROPBEAR_FAILURE -1 ------------------ | Branch (201:6): [True: 199, False: 313] ------------------ 202| 199| if (key) { ------------------ | Branch (202:7): [True: 199, False: 0] ------------------ 203| 199| ecc_free(key); 204| 199| m_free(key); ------------------ | | 24| 199|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 199] | | ------------------ ------------------ 205| 199| key = NULL; 206| 199| } 207| 199| } 208| | 209| 512| return key; 210| | 211| 320|} ecc.c:ecc_is_point: 85| 512|{ 86| 512| mp_int *prime, *b, *t1, *t2; 87| 512| int err; 88| | 89| 512| m_mp_alloc_init_multi(&prime, &b, &t1, &t2, NULL); 90| | 91| | /* load prime and b */ 92| 512| if ((err = mp_read_radix(prime, key->dp->prime, 16)) != CRYPT_OK) { goto error; } ------------------ | Branch (92:6): [True: 0, False: 512] ------------------ 93| 512| if ((err = mp_read_radix(b, key->dp->B, 16)) != CRYPT_OK) { goto error; } ------------------ | Branch (93:6): [True: 0, False: 512] ------------------ 94| | 95| | /* compute y^2 */ 96| 512| if ((err = mp_sqr(key->pubkey.y, t1)) != CRYPT_OK) { goto error; } ------------------ | Branch (96:6): [True: 0, False: 512] ------------------ 97| | 98| | /* compute x^3 */ 99| 512| if ((err = mp_sqr(key->pubkey.x, t2)) != CRYPT_OK) { goto error; } ------------------ | Branch (99:6): [True: 0, False: 512] ------------------ 100| 512| if ((err = mp_mod(t2, prime, t2)) != CRYPT_OK) { goto error; } ------------------ | Branch (100:6): [True: 0, False: 512] ------------------ 101| 512| if ((err = mp_mul(key->pubkey.x, t2, t2)) != CRYPT_OK) { goto error; } ------------------ | Branch (101:6): [True: 0, False: 512] ------------------ 102| | 103| | /* compute y^2 - x^3 */ 104| 512| if ((err = mp_sub(t1, t2, t1)) != CRYPT_OK) { goto error; } ------------------ | Branch (104:6): [True: 0, False: 512] ------------------ 105| | 106| | /* compute y^2 - x^3 + 3x */ 107| 512| if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } ------------------ | Branch (107:6): [True: 0, False: 512] ------------------ 108| 512| if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } ------------------ | Branch (108:6): [True: 0, False: 512] ------------------ 109| 512| if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } ------------------ | Branch (109:6): [True: 0, False: 512] ------------------ 110| 512| if ((err = mp_mod(t1, prime, t1)) != CRYPT_OK) { goto error; } ------------------ | Branch (110:6): [True: 0, False: 512] ------------------ 111| 512| while (mp_cmp_d(t1, 0) == LTC_MP_LT) { ------------------ | | 12| 512|#define LTC_MP_LT -1 ------------------ | Branch (111:9): [True: 0, False: 512] ------------------ 112| 0| if ((err = mp_add(t1, prime, t1)) != CRYPT_OK) { goto error; } ------------------ | Branch (112:7): [True: 0, False: 0] ------------------ 113| 0| } 114| 512| while (mp_cmp(t1, prime) != LTC_MP_LT) { ------------------ | | 12| 512|#define LTC_MP_LT -1 ------------------ | Branch (114:9): [True: 0, False: 512] ------------------ 115| 0| if ((err = mp_sub(t1, prime, t1)) != CRYPT_OK) { goto error; } ------------------ | Branch (115:7): [True: 0, False: 0] ------------------ 116| 0| } 117| | 118| | /* compare to b */ 119| 512| if (mp_cmp(t1, b) != LTC_MP_EQ) { ------------------ | | 13| 512|#define LTC_MP_EQ 0 ------------------ | Branch (119:6): [True: 199, False: 313] ------------------ 120| 199| err = CRYPT_INVALID_PACKET; 121| 313| } else { 122| 313| err = CRYPT_OK; 123| 313| } 124| | 125| 512| error: 126| 512| mp_clear_multi(prime, b, t1, t2, NULL); 127| 512| m_free(prime); ------------------ | | 24| 512|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 512] | | ------------------ ------------------ 128| 512| m_free(b); ------------------ | | 24| 512|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 512] | | ------------------ ------------------ 129| 512| m_free(t1); ------------------ | | 24| 512|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 512] | | ------------------ ------------------ 130| | m_free(t2); ------------------ | | 24| 512|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 512] | | ------------------ ------------------ 131| 512| return err; 132| 512|} signkey_is_ecdsa: 11| 3.23k|{ 12| 3.23k| return type == DROPBEAR_SIGNKEY_ECDSA_NISTP256 ------------------ | Branch (12:9): [True: 666, False: 2.56k] ------------------ 13| 2.56k| || type == DROPBEAR_SIGNKEY_ECDSA_NISTP384 ------------------ | Branch (13:6): [True: 151, False: 2.41k] ------------------ 14| 2.41k| || type == DROPBEAR_SIGNKEY_ECDSA_NISTP521; ------------------ | Branch (14:6): [True: 181, False: 2.23k] ------------------ 15| 3.23k|} buf_get_ecdsa_pub_key: 77| 787|ecc_key *buf_get_ecdsa_pub_key(buffer* buf) { 78| 787| unsigned char *key_ident = NULL, *identifier = NULL; 79| 787| unsigned int key_ident_len, identifier_len; 80| 787| buffer *q_buf = NULL; 81| 787| struct dropbear_ecc_curve **curve; 82| 787| ecc_key *new_key = NULL; 83| | 84| | /* string "ecdsa-sha2-[identifier]" or "sk-ecdsa-sha2-nistp256@openssh.com" */ 85| 787| key_ident = (unsigned char*)buf_getstring(buf, &key_ident_len); 86| | /* string "[identifier]" */ 87| 787| identifier = (unsigned char*)buf_getstring(buf, &identifier_len); 88| | 89| 787| if (strcmp (key_ident, "sk-ecdsa-sha2-nistp256@openssh.com") == 0) { ------------------ | Branch (89:6): [True: 97, False: 690] ------------------ 90| 97| if (strcmp (identifier, "nistp256") != 0) { ------------------ | Branch (90:7): [True: 80, False: 17] ------------------ 91| 80| TRACE(("mismatching identifiers")) 92| 80| goto out; 93| 80| } 94| 690| } else { 95| 690| if (key_ident_len != identifier_len + strlen ("ecdsa-sha2-")) { ------------------ | Branch (95:7): [True: 30, False: 660] ------------------ 96| 30| TRACE(("Bad identifier lengths")) 97| 30| goto out; 98| 30| } 99| 660| if (memcmp(&key_ident[strlen ("ecdsa-sha2-")], identifier, identifier_len) != 0) { ------------------ | Branch (99:7): [True: 16, False: 644] ------------------ 100| 16| TRACE(("mismatching identifiers")) 101| 16| goto out; 102| 16| } 103| 660| } 104| | 105| 971| for (curve = dropbear_ecc_curves; *curve; curve++) { ------------------ | Branch (105:36): [True: 967, False: 4] ------------------ 106| 967| if (memcmp(identifier, (char*)(*curve)->name, strlen((char*)(*curve)->name)) == 0) { ------------------ | Branch (106:7): [True: 657, False: 310] ------------------ 107| 657| break; 108| 657| } 109| 967| } 110| 661| if (!*curve) { ------------------ | Branch (110:6): [True: 0, False: 661] ------------------ 111| 0| TRACE(("couldn't match ecc curve")) 112| 0| goto out; 113| 0| } 114| | 115| | /* string Q */ 116| 661| q_buf = buf_getstringbuf(buf); 117| 661| new_key = buf_get_ecc_raw_pubkey(q_buf, *curve); 118| | 119| 701|out: 120| 701| m_free(key_ident); ------------------ | | 24| 701|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 701] | | ------------------ ------------------ 121| 701| m_free(identifier); ------------------ | | 24| 701|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 701] | | ------------------ ------------------ 122| 701| if (q_buf) { ------------------ | Branch (122:6): [True: 575, False: 126] ------------------ 123| 575| buf_free(q_buf); 124| | q_buf = NULL; 125| 575| } 126| 701| TRACE(("leave buf_get_ecdsa_pub_key")) 127| 701| return new_key; 128| 661|} buf_ecdsa_verify: 281| 309|int buf_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf) { 282| | /* Based on libtomcrypt's ecc_verify_hash but without the asn1 */ 283| 309| int ret = DROPBEAR_FAILURE; ------------------ | | 112| 309|#define DROPBEAR_FAILURE -1 ------------------ 284| 309| hash_state hs; 285| 309| struct dropbear_ecc_curve *curve = NULL; 286| 309| unsigned char hash[64]; 287| 309| ecc_point *mG = NULL, *mQ = NULL; 288| 309| void *r = NULL, *s = NULL, *v = NULL, *w = NULL, *u1 = NULL, *u2 = NULL, 289| 309| *e = NULL, *p = NULL, *m = NULL; 290| 309| void *mp = NULL; 291| | 292| | /* verify 293| | * 294| | * w = s^-1 mod n 295| | * u1 = xw 296| | * u2 = rw 297| | * X = u1*G + u2*Q 298| | * v = X_x1 mod n 299| | * accept if v == r 300| | */ 301| | 302| 309| TRACE(("buf_ecdsa_verify")) 303| 309| curve = curve_for_dp(key->dp); 304| | 305| 309| mG = ltc_ecc_new_point(); 306| 309| mQ = ltc_ecc_new_point(); 307| 309| if (ltc_init_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL) != CRYPT_OK ------------------ | Branch (307:6): [True: 0, False: 309] ------------------ 308| 309| || !mG ------------------ | Branch (308:6): [True: 0, False: 309] ------------------ 309| 309| || !mQ) { ------------------ | Branch (309:6): [True: 0, False: 309] ------------------ 310| 0| dropbear_exit("ECC error"); 311| 0| } 312| | 313| 309| if (buf_get_ecdsa_verify_params(buf, r, s) != DROPBEAR_SUCCESS) { ------------------ | | 111| 309|#define DROPBEAR_SUCCESS 0 ------------------ | Branch (313:6): [True: 40, False: 269] ------------------ 314| 40| goto out; 315| 40| } 316| | 317| 269| curve->hash_desc->init(&hs); 318| 269| curve->hash_desc->process(&hs, data_buf->data, data_buf->len); 319| 269| curve->hash_desc->done(&hs, hash); 320| | 321| 269| if (ltc_mp.unsigned_read(e, hash, curve->hash_desc->hashsize) != CRYPT_OK) { ------------------ | Branch (321:6): [True: 0, False: 269] ------------------ 322| 0| goto out; 323| 0| } 324| | 325| | /* get the order */ 326| 269| if (ltc_mp.read_radix(p, (char *)key->dp->order, 16) != CRYPT_OK) { ------------------ | Branch (326:6): [True: 0, False: 269] ------------------ 327| 0| goto out; 328| 0| } 329| | 330| | /* get the modulus */ 331| 269| if (ltc_mp.read_radix(m, (char *)key->dp->prime, 16) != CRYPT_OK) { ------------------ | Branch (331:6): [True: 0, False: 269] ------------------ 332| 0| goto out; 333| 0| } 334| | 335| | /* check for zero */ 336| 269| if (ltc_mp.compare_d(r, 0) == LTC_MP_EQ ------------------ | | 13| 538|#define LTC_MP_EQ 0 ------------------ | Branch (336:6): [True: 7, False: 262] ------------------ 337| 262| || ltc_mp.compare_d(s, 0) == LTC_MP_EQ ------------------ | | 13| 531|#define LTC_MP_EQ 0 ------------------ | Branch (337:6): [True: 1, False: 261] ------------------ 338| 261| || ltc_mp.compare(r, p) != LTC_MP_LT ------------------ | | 12| 530|#define LTC_MP_LT -1 ------------------ | Branch (338:6): [True: 1, False: 260] ------------------ 339| 260| || ltc_mp.compare(s, p) != LTC_MP_LT) { ------------------ | | 12| 260|#define LTC_MP_LT -1 ------------------ | Branch (339:6): [True: 1, False: 259] ------------------ 340| 6| goto out; 341| 6| } 342| | 343| | /* w = s^-1 mod n */ 344| 263| if (ltc_mp.invmod(s, p, w) != CRYPT_OK) { ------------------ | Branch (344:6): [True: 0, False: 263] ------------------ 345| 0| goto out; 346| 0| } 347| | 348| | /* u1 = ew */ 349| 263| if (ltc_mp.mulmod(e, w, p, u1) != CRYPT_OK) { ------------------ | Branch (349:6): [True: 0, False: 263] ------------------ 350| 0| goto out; 351| 0| } 352| | 353| | /* u2 = rw */ 354| 263| if (ltc_mp.mulmod(r, w, p, u2) != CRYPT_OK) { ------------------ | Branch (354:6): [True: 0, False: 263] ------------------ 355| 0| goto out; 356| 0| } 357| | 358| | /* find mG and mQ */ 359| 263| if (ltc_mp.read_radix(mG->x, (char *)key->dp->Gx, 16) != CRYPT_OK) { ------------------ | Branch (359:6): [True: 0, False: 263] ------------------ 360| 0| goto out; 361| 0| } 362| 263| if (ltc_mp.read_radix(mG->y, (char *)key->dp->Gy, 16) != CRYPT_OK) { ------------------ | Branch (362:6): [True: 0, False: 263] ------------------ 363| 0| goto out; 364| 0| } 365| 263| if (ltc_mp.set_int(mG->z, 1) != CRYPT_OK) { ------------------ | Branch (365:6): [True: 0, False: 263] ------------------ 366| 0| goto out; 367| 0| } 368| | 369| 263| if (ltc_mp.copy(key->pubkey.x, mQ->x) != CRYPT_OK ------------------ | Branch (369:6): [True: 4, False: 259] ------------------ 370| 259| || ltc_mp.copy(key->pubkey.y, mQ->y) != CRYPT_OK ------------------ | Branch (370:6): [True: 0, False: 259] ------------------ 371| 259| || ltc_mp.copy(key->pubkey.z, mQ->z) != CRYPT_OK) { ------------------ | Branch (371:6): [True: 0, False: 259] ------------------ 372| 0| goto out; 373| 0| } 374| | 375| | /* compute u1*mG + u2*mQ = mG */ 376| 263| if (ltc_mp.ecc_mul2add == NULL) { ------------------ | Branch (376:6): [True: 0, False: 263] ------------------ 377| 0| if (ltc_mp.ecc_ptmul(u1, mG, mG, m, 0) != CRYPT_OK) { ------------------ | Branch (377:7): [True: 0, False: 0] ------------------ 378| 0| goto out; 379| 0| } 380| 0| if (ltc_mp.ecc_ptmul(u2, mQ, mQ, m, 0) != CRYPT_OK) { ------------------ | Branch (380:7): [True: 0, False: 0] ------------------ 381| 0| goto out; 382| 0| } 383| | 384| | /* find the montgomery mp */ 385| 0| if (ltc_mp.montgomery_setup(m, &mp) != CRYPT_OK) { ------------------ | Branch (385:7): [True: 0, False: 0] ------------------ 386| 0| goto out; 387| 0| } 388| | 389| | /* add them */ 390| 0| if (ltc_mp.ecc_ptadd(mQ, mG, mG, m, mp) != CRYPT_OK) { ------------------ | Branch (390:7): [True: 0, False: 0] ------------------ 391| 0| goto out; 392| 0| } 393| | 394| | /* reduce */ 395| 0| if (ltc_mp.ecc_map(mG, m, mp) != CRYPT_OK) { ------------------ | Branch (395:7): [True: 0, False: 0] ------------------ 396| 0| goto out; 397| 0| } 398| 263| } else { 399| | /* use Shamir's trick to compute u1*mG + u2*mQ using half of the doubles */ 400| 263| if (ltc_mp.ecc_mul2add(mG, u1, mQ, u2, mG, m) != CRYPT_OK) { ------------------ | Branch (400:7): [True: 0, False: 263] ------------------ 401| 0| goto out; 402| 0| } 403| 263| } 404| | 405| | /* v = X_x1 mod n */ 406| 263| if (ltc_mp.mpdiv(mG->x, p, NULL, v) != CRYPT_OK) { ------------------ | Branch (406:6): [True: 0, False: 263] ------------------ 407| 0| goto out; 408| 0| } 409| | 410| | /* does v == r */ 411| 263| if (ltc_mp.compare(v, r) == LTC_MP_EQ) { ------------------ | | 13| 263|#define LTC_MP_EQ 0 ------------------ | Branch (411:6): [True: 0, False: 263] ------------------ 412| 0| ret = DROPBEAR_SUCCESS; ------------------ | | 111| 0|#define DROPBEAR_SUCCESS 0 ------------------ 413| 0| } 414| | 415| 305|out: 416| 305| ltc_ecc_del_point(mG); 417| 305| ltc_ecc_del_point(mQ); 418| 305| ltc_deinit_multi(r, s, v, w, u1, u2, p, e, m, NULL); 419| 305| if (mp != NULL) { ------------------ | Branch (419:6): [True: 0, False: 305] ------------------ 420| 0| ltc_mp.montgomery_deinit(mp); 421| 0| } 422| 305| return ret; 423| 263|} ecdsa.c:buf_get_ecdsa_verify_params: 258| 309| void *r, void* s) { 259| 309| int ret = DROPBEAR_FAILURE; ------------------ | | 112| 309|#define DROPBEAR_FAILURE -1 ------------------ 260| 309| unsigned int sig_len; 261| 309| unsigned int sig_pos; 262| | 263| 309| sig_len = buf_getint(buf); 264| 309| sig_pos = buf->pos; 265| 309| if (buf_getmpint(buf, r) != DROPBEAR_SUCCESS) { ------------------ | | 111| 309|#define DROPBEAR_SUCCESS 0 ------------------ | Branch (265:6): [True: 3, False: 306] ------------------ 266| 3| goto out; 267| 3| } 268| 306| if (buf_getmpint(buf, s) != DROPBEAR_SUCCESS) { ------------------ | | 111| 306|#define DROPBEAR_SUCCESS 0 ------------------ | Branch (268:6): [True: 1, False: 305] ------------------ 269| 1| goto out; 270| 1| } 271| 305| if (buf->pos - sig_pos != sig_len) { ------------------ | Branch (271:6): [True: 36, False: 269] ------------------ 272| 36| goto out; 273| 36| } 274| 269| ret = DROPBEAR_SUCCESS; ------------------ | | 111| 269|#define DROPBEAR_SUCCESS 0 ------------------ 275| | 276| 305|out: 277| 305| return ret; 278| 269|} buf_get_ed25519_pub_key: 42| 375| enum signkey_type expect_keytype) { 43| | 44| | 45| 375| unsigned int len, typelen; 46| 375| char *keytype = NULL; 47| 375| enum signkey_type buf_keytype; 48| | 49| 375| TRACE(("enter buf_get_ed25519_pub_key")) 50| 375| dropbear_assert(key != NULL); ------------------ | | 84| 375|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (84:37): [True: 0, False: 375] | | | Branch (84:93): [Folded, False: 375] | | ------------------ ------------------ 51| | 52| | /* consume and check the key string */ 53| 375| keytype = buf_getstring(buf, &typelen); 54| 375| buf_keytype = signkey_type_from_name(keytype, typelen); 55| 375| m_free(keytype); ------------------ | | 24| 375|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 375] | | ------------------ ------------------ 56| 375| if (buf_keytype != expect_keytype) { ------------------ | Branch (56:6): [True: 0, False: 375] ------------------ 57| 0| TRACE(("leave buf_get_ed25519_pub_key: mismatch key type")) 58| 0| return DROPBEAR_FAILURE; ------------------ | | 112| 0|#define DROPBEAR_FAILURE -1 ------------------ 59| 0| } 60| | 61| 375| len = buf_getint(buf); 62| 375| if (len != CURVE25519_LEN || buf->len - buf->pos < len) { ------------------ | | 34| 750|#define CURVE25519_LEN 32 ------------------ | Branch (62:6): [True: 55, False: 320] | Branch (62:31): [True: 10, False: 310] ------------------ 63| 59| TRACE(("leave buf_get_ed25519_pub_key: failure")) 64| 59| return DROPBEAR_FAILURE; ------------------ | | 112| 59|#define DROPBEAR_FAILURE -1 ------------------ 65| 59| } 66| | 67| 316| m_burn(key->priv, CURVE25519_LEN); ------------------ | | 34| 316|#define CURVE25519_LEN 32 ------------------ 68| 316| memcpy(key->pub, buf_getptr(buf, CURVE25519_LEN), CURVE25519_LEN); ------------------ | | 34| 316|#define CURVE25519_LEN 32 ------------------ memcpy(key->pub, buf_getptr(buf, CURVE25519_LEN), CURVE25519_LEN); ------------------ | | 34| 316|#define CURVE25519_LEN 32 ------------------ 69| 316| buf_incrpos(buf, CURVE25519_LEN); ------------------ | | 34| 316|#define CURVE25519_LEN 32 ------------------ 70| | 71| 316| TRACE(("leave buf_get_ed25519_pub_key: success")) 72| 316| return DROPBEAR_SUCCESS; ------------------ | | 111| 316|#define DROPBEAR_SUCCESS 0 ------------------ 73| 375|} ed25519_key_free: 103| 2.76k|void ed25519_key_free(dropbear_ed25519_key *key) { 104| | 105| 2.76k| TRACE2(("enter ed25519_key_free")) 106| | 107| 2.76k| if (key == NULL) { ------------------ | Branch (107:6): [True: 2.54k, False: 222] ------------------ 108| 2.54k| TRACE2(("leave ed25519_key_free: key == NULL")) 109| 2.54k| return; 110| 2.54k| } 111| 222| m_burn(key->priv, CURVE25519_LEN); ------------------ | | 34| 222|#define CURVE25519_LEN 32 ------------------ 112| 222| m_free(key); ------------------ | | 24| 222|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 222] | | ------------------ ------------------ 113| | 114| 222| TRACE2(("leave ed25519_key_free")) 115| 222|} buf_ed25519_verify: 163| 100|int buf_ed25519_verify(buffer *buf, const dropbear_ed25519_key *key, const buffer *data_buf) { 164| | 165| 100| int ret = DROPBEAR_FAILURE; ------------------ | | 112| 100|#define DROPBEAR_FAILURE -1 ------------------ 166| 100| unsigned char *s; 167| 100| unsigned long slen; 168| | 169| 100| TRACE(("enter buf_ed25519_verify")) 170| 100| dropbear_assert(key != NULL); ------------------ | | 84| 100|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (84:37): [True: 0, False: 100] | | | Branch (84:93): [Folded, False: 100] | | ------------------ ------------------ 171| | 172| 100| slen = buf_getint(buf); 173| 100| if (slen != 64 || buf->len - buf->pos < slen) { ------------------ | Branch (173:6): [True: 44, False: 56] | Branch (173:20): [True: 11, False: 45] ------------------ 174| 54| TRACE(("leave buf_ed25519_verify: bad size")) 175| 54| goto out; 176| 54| } 177| 46| s = buf_getptr(buf, slen); 178| | 179| 46| if (dropbear_ed25519_verify(data_buf->data, data_buf->len, ------------------ | Branch (179:6): [True: 0, False: 46] ------------------ 180| 46| s, slen, key->pub) == 0) { 181| | /* signature is valid */ 182| 0| TRACE(("leave buf_ed25519_verify: success!")) 183| 0| ret = DROPBEAR_SUCCESS; ------------------ | | 111| 0|#define DROPBEAR_SUCCESS 0 ------------------ 184| 0| } 185| | 186| 99|out: 187| 99| TRACE(("leave buf_ed25519_verify: ret %d", ret)) 188| 99| return ret; 189| 46|} buf_get_rsa_pub_key: 53| 1.17k|int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) { 54| | 55| 1.17k| int ret = DROPBEAR_FAILURE; ------------------ | | 112| 1.17k|#define DROPBEAR_FAILURE -1 ------------------ 56| 1.17k| TRACE(("enter buf_get_rsa_pub_key")) 57| 1.17k| dropbear_assert(key != NULL); ------------------ | | 84| 1.17k|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (84:37): [True: 0, False: 1.17k] | | | Branch (84:93): [Folded, False: 1.17k] | | ------------------ ------------------ 58| 1.17k| m_mp_alloc_init_multi(&key->e, &key->n, NULL); 59| 1.17k| key->d = NULL; 60| 1.17k| key->p = NULL; 61| 1.17k| key->q = NULL; 62| | 63| 1.17k| buf_incrpos(buf, 4+SSH_SIGNKEY_RSA_LEN); /* int + "ssh-rsa" */ ------------------ | | 117| 1.17k|#define SSH_SIGNKEY_RSA_LEN 7 ------------------ 64| | 65| 1.17k| if (buf_getmpint(buf, key->e) == DROPBEAR_FAILURE ------------------ | | 112| 2.35k|#define DROPBEAR_FAILURE -1 ------------------ | Branch (65:6): [True: 72, False: 1.10k] ------------------ 66| 1.10k| || buf_getmpint(buf, key->n) == DROPBEAR_FAILURE) { ------------------ | | 112| 1.10k|#define DROPBEAR_FAILURE -1 ------------------ | Branch (66:6): [True: 101, False: 1.00k] ------------------ 67| 52| TRACE(("leave buf_get_rsa_pub_key: failure")) 68| 52| goto out; 69| 52| } 70| | 71| 1.12k| if (mp_count_bits(key->n) < MIN_RSA_KEYLEN) { ------------------ | | 69| 1.12k|#define MIN_RSA_KEYLEN 1024 ------------------ | Branch (71:6): [True: 82, False: 1.04k] ------------------ 72| 82| dropbear_log(LOG_WARNING, "RSA key too short"); 73| 82| goto out; 74| 82| } 75| | 76| | /* 64 bit is limit used by openssl, so we won't block any keys in the wild */ 77| 1.04k| if (mp_count_bits(key->e) > 64) { ------------------ | Branch (77:6): [True: 7, False: 1.03k] ------------------ 78| 7| dropbear_log(LOG_WARNING, "RSA key bad e"); 79| 7| goto out; 80| 7| } 81| | 82| 1.03k| TRACE(("leave buf_get_rsa_pub_key: success")) 83| 1.03k| ret = DROPBEAR_SUCCESS; ------------------ | | 111| 1.03k|#define DROPBEAR_SUCCESS 0 ------------------ 84| 1.05k|out: 85| 1.05k| if (ret == DROPBEAR_FAILURE) { ------------------ | | 112| 1.05k|#define DROPBEAR_FAILURE -1 ------------------ | Branch (85:6): [True: 141, False: 913] ------------------ 86| | m_mp_free_multi(&key->e, &key->n, NULL); 87| 141| } 88| 1.05k| return ret; 89| 1.03k|} rsa_key_free: 143| 3.70k|void rsa_key_free(dropbear_rsa_key *key) { 144| | 145| 3.70k| TRACE2(("enter rsa_key_free")) 146| | 147| 3.70k| if (key == NULL) { ------------------ | Branch (147:6): [True: 2.68k, False: 1.02k] ------------------ 148| 2.68k| TRACE2(("leave rsa_key_free: key == NULL")) 149| 2.68k| return; 150| 2.68k| } 151| 1.02k| m_mp_free_multi(&key->d, &key->e, &key->p, &key->q, &key->n, NULL); 152| | m_free(key); ------------------ | | 24| 1.02k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 1.02k] | | ------------------ ------------------ 153| 1.02k| TRACE2(("leave rsa_key_free")) 154| 1.02k|} buf_rsa_verify: 201| 882| enum signature_type sigtype, const buffer *data_buf) { 202| 882| unsigned int slen; 203| 882| DEF_MP_INT(rsa_s); ------------------ | | 81| 882|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 204| 882| DEF_MP_INT(rsa_mdash); ------------------ | | 81| 882|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 205| 882| DEF_MP_INT(rsa_em); ------------------ | | 81| 882|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 206| 882| int ret = DROPBEAR_FAILURE; ------------------ | | 112| 882|#define DROPBEAR_FAILURE -1 ------------------ 207| | 208| 882| TRACE(("enter buf_rsa_verify")) 209| | 210| 882| dropbear_assert(key != NULL); ------------------ | | 84| 882|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (84:37): [True: 0, False: 882] | | | Branch (84:93): [Folded, False: 882] | | ------------------ ------------------ 211| | 212| 882| m_mp_init_multi(&rsa_mdash, &rsa_s, &rsa_em, NULL); 213| | 214| 882| slen = buf_getint(buf); 215| 882| if (slen != (unsigned int)mp_ubin_size(key->n)) { ------------------ | Branch (215:6): [True: 51, False: 831] ------------------ 216| 51| TRACE(("bad size")) 217| 51| goto out; 218| 51| } 219| | 220| 831| if (mp_from_ubin(&rsa_s, buf_getptr(buf, buf->len - buf->pos), ------------------ | Branch (220:6): [True: 0, False: 831] ------------------ 221| 831| buf->len - buf->pos) != MP_OKAY) { ------------------ | | 161| 831|#define MP_OKAY 0 /* no error */ ------------------ 222| 0| TRACE(("failed reading rsa_s")) 223| 0| goto out; 224| 0| } 225| | 226| | /* check that s <= n-1 */ 227| 831| if (mp_cmp(&rsa_s, key->n) != MP_LT) { ------------------ | | 154| 831|#define MP_LT -1 /* less than */ ------------------ | Branch (227:6): [True: 36, False: 795] ------------------ 228| 36| TRACE(("s > n-1")) 229| 36| goto out; 230| 36| } 231| | 232| | /* create the magic PKCS padded value */ 233| 795| rsa_pad_em(key, data_buf, &rsa_em, sigtype); 234| | 235| 795| if (mp_exptmod(&rsa_s, key->e, key->n, &rsa_mdash) != MP_OKAY) { ------------------ | | 161| 795|#define MP_OKAY 0 /* no error */ ------------------ | Branch (235:6): [True: 0, False: 795] ------------------ 236| 0| TRACE(("failed exptmod rsa_s")) 237| 0| goto out; 238| 0| } 239| | 240| 795| if (mp_cmp(&rsa_em, &rsa_mdash) == MP_EQ) { ------------------ | | 155| 795|#define MP_EQ 0 /* equal to */ ------------------ | Branch (240:6): [True: 0, False: 795] ------------------ 241| | /* signature is valid */ 242| 0| TRACE(("success!")) 243| 0| ret = DROPBEAR_SUCCESS; ------------------ | | 111| 0|#define DROPBEAR_SUCCESS 0 ------------------ 244| 0| } 245| | 246| 880|out: 247| | mp_clear_multi(&rsa_mdash, &rsa_s, &rsa_em, NULL); 248| 880| TRACE(("leave buf_rsa_verify: ret %d", ret)) 249| 880| return ret; 250| 795|} rsa.c:rsa_pad_em: 398| 793| const buffer *data_buf, mp_int * rsa_em, enum signature_type sigtype) { 399| | /* EM = 0x00 || 0x01 || PS || 0x00 || T 400| | PS is padding of 0xff to make EM the size of key->n 401| | 402| | T is the DER encoding of the hash alg (sha1 or sha256) 403| | */ 404| | 405| | /* From rfc8017 page 46 */ 406| 793|#if DROPBEAR_RSA_SHA1 407| 793| const unsigned char T_sha1[] = 408| 793| {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 409| 793| 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14}; 410| 793|#endif 411| 793|#if DROPBEAR_RSA_SHA256 412| 793| const unsigned char T_sha256[] = 413| 793| {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 414| 793| 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20}; 415| 793|#endif 416| | 417| 793| int Tlen = 0; 418| 793| const unsigned char *T = NULL; 419| 793| const struct ltc_hash_descriptor *hash_desc = NULL; 420| 793| buffer * rsa_EM = NULL; 421| 793| hash_state hs; 422| 793| unsigned int nsize; 423| | 424| 793| switch (sigtype) { 425| 0|#if DROPBEAR_RSA_SHA1 426| 787| case DROPBEAR_SIGNATURE_RSA_SHA1: ------------------ | Branch (426:3): [True: 787, False: 6] ------------------ 427| 787| Tlen = sizeof(T_sha1); 428| 787| T = T_sha1; 429| 787| hash_desc = &sha1_desc; 430| 787| break; 431| 0|#endif 432| 0|#if DROPBEAR_RSA_SHA256 433| 6| case DROPBEAR_SIGNATURE_RSA_SHA256: ------------------ | Branch (433:3): [True: 6, False: 787] ------------------ 434| 6| Tlen = sizeof(T_sha256); 435| 6| T = T_sha256; 436| 6| hash_desc = &sha256_desc; 437| 6| break; 438| 0|#endif 439| 0| default: ------------------ | Branch (439:3): [True: 0, False: 793] ------------------ 440| 0| assert(0); ------------------ | Branch (440:4): [Folded, False: 0] | Branch (440:4): [Folded, False: 0] ------------------ 441| 793| } 442| | 443| | 444| 793| nsize = mp_ubin_size(key->n); 445| | 446| 793| rsa_EM = buf_new(nsize); 447| | /* type byte */ 448| 793| buf_putbyte(rsa_EM, 0x00); 449| 793| buf_putbyte(rsa_EM, 0x01); 450| | /* Padding with PS 0xFF bytes */ 451| 190k| while(rsa_EM->pos != rsa_EM->size - (1 + Tlen + hash_desc->hashsize)) { ------------------ | Branch (451:8): [True: 189k, False: 793] ------------------ 452| 189k| buf_putbyte(rsa_EM, 0xff); 453| 189k| } 454| 793| buf_putbyte(rsa_EM, 0x00); 455| | /* Magic ASN1 stuff */ 456| 793| buf_putbytes(rsa_EM, T, Tlen); 457| | 458| | /* The hash of the data */ 459| 793| hash_desc->init(&hs); 460| 793| hash_desc->process(&hs, data_buf->data, data_buf->len); 461| 793| hash_desc->done(&hs, buf_getwriteptr(rsa_EM, hash_desc->hashsize)); 462| 793| buf_incrwritepos(rsa_EM, hash_desc->hashsize); 463| | 464| 793| dropbear_assert(rsa_EM->pos == rsa_EM->size); ------------------ | | 84| 793|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (84:37): [True: 0, False: 793] | | | Branch (84:93): [Folded, False: 793] | | ------------------ ------------------ 465| | 466| | /* Create the mp_int from the encoded bytes */ 467| 793| buf_setpos(rsa_EM, 0); 468| 793| bytes_to_mp(rsa_em, buf_getptr(rsa_EM, rsa_EM->size), 469| 793| rsa_EM->size); 470| 793| buf_free(rsa_EM); 471| 793|} new_sign_key: 62| 2.92k|sign_key * new_sign_key() { 63| | 64| 2.92k| sign_key * ret; 65| | 66| 2.92k| ret = (sign_key*)m_malloc(sizeof(sign_key)); 67| 2.92k| ret->type = DROPBEAR_SIGNKEY_NONE; 68| 2.92k| ret->source = SIGNKEY_SOURCE_INVALID; 69| 2.92k| return ret; 70| 2.92k|} signkey_type_from_name: 86| 4.10k|enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen) { 87| 4.10k| int i; 88| 15.7k| for (i = 0; i < DROPBEAR_SIGNKEY_NUM_NAMED; i++) { ------------------ | Branch (88:14): [True: 15.5k, False: 221] ------------------ 89| 15.5k| const char *fixed_name = signkey_names[i]; 90| 15.5k| if (namelen == strlen(fixed_name) ------------------ | Branch (90:7): [True: 5.30k, False: 10.2k] ------------------ 91| 5.30k| && memcmp(fixed_name, name, namelen) == 0) { ------------------ | Branch (91:7): [True: 3.88k, False: 1.42k] ------------------ 92| | 93| 3.88k|#if DROPBEAR_ECDSA 94| | /* Some of the ECDSA key sizes are defined even if they're not compiled in */ 95| 3.88k| if (0 ------------------ | Branch (95:8): [Folded, False: 3.88k] ------------------ 96| |#if !DROPBEAR_ECC_256 97| | || i == DROPBEAR_SIGNKEY_ECDSA_NISTP256 98| |#endif 99| |#if !DROPBEAR_ECC_384 100| | || i == DROPBEAR_SIGNKEY_ECDSA_NISTP384 101| |#endif 102| |#if !DROPBEAR_ECC_521 103| | || i == DROPBEAR_SIGNKEY_ECDSA_NISTP521 104| |#endif 105| 3.88k| ) { 106| 0| TRACE(("attempt to use ecdsa type %d not compiled in", i)) 107| 0| return DROPBEAR_SIGNKEY_NONE; 108| 0| } 109| 3.88k|#endif 110| | 111| 3.88k| return (enum signkey_type)i; 112| 3.88k| } 113| 15.5k| } 114| | 115| 221| TRACE(("signkey_type_from_name unexpected key type.")) 116| | 117| 221| return DROPBEAR_SIGNKEY_NONE; 118| 4.10k|} signature_type_from_name: 145| 1.75k|enum signature_type signature_type_from_name(const char* name, unsigned int namelen) { 146| 1.75k|#if DROPBEAR_RSA 147| 1.75k|#if DROPBEAR_RSA_SHA256 148| 1.75k| if (namelen == strlen(SSH_SIGNATURE_RSA_SHA256) ------------------ | | 121| 1.75k|#define SSH_SIGNATURE_RSA_SHA256 "rsa-sha2-256" ------------------ | Branch (148:6): [True: 25, False: 1.72k] ------------------ 149| 25| && memcmp(name, SSH_SIGNATURE_RSA_SHA256, namelen) == 0) { ------------------ | | 121| 25|#define SSH_SIGNATURE_RSA_SHA256 "rsa-sha2-256" ------------------ | Branch (149:6): [True: 8, False: 17] ------------------ 150| 8| return DROPBEAR_SIGNATURE_RSA_SHA256; 151| 8| } 152| 1.74k|#endif 153| 1.74k|#if DROPBEAR_RSA_SHA1 154| 1.74k| if (namelen == strlen(SSH_SIGNKEY_RSA) ------------------ | | 116| 1.74k|#define SSH_SIGNKEY_RSA "ssh-rsa" ------------------ | Branch (154:6): [True: 1.13k, False: 610] ------------------ 155| 1.13k| && memcmp(name, SSH_SIGNKEY_RSA, namelen) == 0) { ------------------ | | 116| 1.13k|#define SSH_SIGNKEY_RSA "ssh-rsa" ------------------ | Branch (155:6): [True: 876, False: 258] ------------------ 156| 876| return DROPBEAR_SIGNATURE_RSA_SHA1; 157| 876| } 158| 868|#endif 159| 868|#endif /* DROPBEAR_RSA */ 160| 868| return (enum signature_type)signkey_type_from_name(name, namelen); 161| 1.74k|} signature_type_from_signkey: 165| 881|enum signature_type signature_type_from_signkey(enum signkey_type keytype) { 166| 881|#if DROPBEAR_RSA 167| 881| assert(keytype != DROPBEAR_SIGNKEY_RSA); ------------------ | Branch (167:2): [True: 0, False: 881] | Branch (167:2): [True: 881, False: 0] ------------------ 168| 881|#endif 169| 881| assert(keytype < DROPBEAR_SIGNKEY_NUM_NAMED); ------------------ | Branch (169:2): [True: 0, False: 881] | Branch (169:2): [True: 881, False: 0] ------------------ 170| 881| return (enum signature_type)keytype; 171| 881|} signkey_type_from_signature: 173| 1.67k|enum signkey_type signkey_type_from_signature(enum signature_type sigtype) { 174| 1.67k|#if DROPBEAR_RSA 175| 1.67k|#if DROPBEAR_RSA_SHA256 176| 1.67k| if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA256) { ------------------ | Branch (176:6): [True: 7, False: 1.66k] ------------------ 177| 7| return DROPBEAR_SIGNKEY_RSA; 178| 7| } 179| 1.66k|#endif 180| 1.66k|#if DROPBEAR_RSA_SHA1 181| 1.66k| if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA1) { ------------------ | Branch (181:6): [True: 875, False: 791] ------------------ 182| 875| return DROPBEAR_SIGNKEY_RSA; 183| 875| } 184| 791|#endif 185| 791|#endif /* DROPBEAR_RSA */ 186| 1.66k| assert((int)sigtype < (int)DROPBEAR_SIGNKEY_NUM_NAMED); ------------------ | Branch (186:2): [True: 0, False: 791] | Branch (186:2): [True: 791, False: 0] ------------------ 187| 791| return (enum signkey_type)sigtype; 188| 791|} signkey_key_ptr: 193| 1.22k|signkey_key_ptr(sign_key *key, enum signkey_type type) { 194| 1.22k| switch (type) { 195| 0|#if DROPBEAR_ED25519 196| 0| case DROPBEAR_SIGNKEY_ED25519: ------------------ | Branch (196:3): [True: 0, False: 1.22k] ------------------ 197| 0|#if DROPBEAR_SK_ED25519 198| 128| case DROPBEAR_SIGNKEY_SK_ED25519: ------------------ | Branch (198:3): [True: 128, False: 1.09k] ------------------ 199| 128|#endif 200| 128| return (void**)&key->ed25519key; 201| 0|#endif 202| 0|#if DROPBEAR_ECDSA 203| 0|#if DROPBEAR_ECC_256 204| 666| case DROPBEAR_SIGNKEY_ECDSA_NISTP256: ------------------ | Branch (204:3): [True: 666, False: 558] ------------------ 205| 666|#if DROPBEAR_SK_ECDSA 206| 764| case DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256: ------------------ | Branch (206:3): [True: 98, False: 1.12k] ------------------ 207| 764|#endif 208| 764| return (void**)&key->ecckey256; 209| 0|#endif 210| 0|#if DROPBEAR_ECC_384 211| 151| case DROPBEAR_SIGNKEY_ECDSA_NISTP384: ------------------ | Branch (211:3): [True: 151, False: 1.07k] ------------------ 212| 151| return (void**)&key->ecckey384; 213| 0|#endif 214| 0|#if DROPBEAR_ECC_521 215| 181| case DROPBEAR_SIGNKEY_ECDSA_NISTP521: ------------------ | Branch (215:3): [True: 181, False: 1.04k] ------------------ 216| 181| return (void**)&key->ecckey521; 217| 0|#endif 218| 0|#endif /* DROPBEAR_ECDSA */ 219| 0|#if DROPBEAR_RSA 220| 0| case DROPBEAR_SIGNKEY_RSA: ------------------ | Branch (220:3): [True: 0, False: 1.22k] ------------------ 221| 0| return (void**)&key->rsakey; 222| 0|#endif 223| 0|#if DROPBEAR_DSS 224| 0| case DROPBEAR_SIGNKEY_DSS: ------------------ | Branch (224:3): [True: 0, False: 1.22k] ------------------ 225| 0| return (void**)&key->dsskey; 226| 0|#endif 227| 0| default: ------------------ | Branch (227:3): [True: 0, False: 1.22k] ------------------ 228| | return NULL; 229| 1.22k| } 230| 1.22k|} buf_get_pub_key: 235| 2.92k|int buf_get_pub_key(buffer *buf, sign_key *key, enum signkey_type *type) { 236| | 237| 2.92k| char *ident; 238| 2.92k| unsigned int len; 239| 2.92k| enum signkey_type keytype; 240| 2.92k| int ret = DROPBEAR_FAILURE; ------------------ | | 112| 2.92k|#define DROPBEAR_FAILURE -1 ------------------ 241| | 242| 2.92k| TRACE2(("enter buf_get_pub_key")) 243| | 244| 2.92k| ident = buf_getstring(buf, &len); 245| 2.92k| keytype = signkey_type_from_name(ident, len); 246| 2.92k| m_free(ident); ------------------ | | 24| 2.92k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 2.92k] | | ------------------ ------------------ 247| | 248| 2.92k| if (*type != DROPBEAR_SIGNKEY_ANY && *type != keytype) { ------------------ | Branch (248:6): [True: 0, False: 2.92k] | Branch (248:39): [True: 0, False: 0] ------------------ 249| 0| TRACE(("buf_get_pub_key bad type - got %d, expected %d", keytype, *type)) 250| 0| return DROPBEAR_FAILURE; ------------------ | | 112| 0|#define DROPBEAR_FAILURE -1 ------------------ 251| 0| } 252| | 253| 2.92k| TRACE2(("buf_get_pub_key keytype is %d", keytype)) 254| | 255| 2.92k| *type = keytype; 256| | 257| | /* Rewind the buffer back before "ssh-rsa" etc */ 258| 2.92k| buf_decrpos(buf, len + 4); 259| | 260| 2.92k|#if DROPBEAR_DSS 261| 2.92k| if (keytype == DROPBEAR_SIGNKEY_DSS) { ------------------ | Branch (261:6): [True: 373, False: 2.54k] ------------------ 262| 373| dss_key_free(key->dsskey); 263| 373| key->dsskey = m_malloc(sizeof(*key->dsskey)); 264| 373| ret = buf_get_dss_pub_key(buf, key->dsskey); 265| 373| if (ret == DROPBEAR_FAILURE) { ------------------ | | 112| 373|#define DROPBEAR_FAILURE -1 ------------------ | Branch (265:7): [True: 74, False: 299] ------------------ 266| 74| dss_key_free(key->dsskey); 267| 74| key->dsskey = NULL; 268| 74| } 269| 373| } 270| 2.92k|#endif 271| 2.92k|#if DROPBEAR_RSA 272| 2.92k| if (keytype == DROPBEAR_SIGNKEY_RSA) { ------------------ | Branch (272:6): [True: 1.17k, False: 1.74k] ------------------ 273| 1.17k| rsa_key_free(key->rsakey); 274| 1.17k| key->rsakey = m_malloc(sizeof(*key->rsakey)); 275| 1.17k| ret = buf_get_rsa_pub_key(buf, key->rsakey); 276| 1.17k| if (ret == DROPBEAR_FAILURE) { ------------------ | | 112| 1.17k|#define DROPBEAR_FAILURE -1 ------------------ | Branch (276:7): [True: 141, False: 1.03k] ------------------ 277| 141| rsa_key_free(key->rsakey); 278| 141| key->rsakey = NULL; 279| 141| } 280| 1.17k| } 281| 2.92k|#endif 282| 2.92k|#if DROPBEAR_ECDSA 283| 2.92k| if (signkey_is_ecdsa(keytype) ------------------ | Branch (283:6): [True: 913, False: 2.00k] ------------------ 284| 2.00k|#if DROPBEAR_SK_ECDSA 285| 2.00k| || keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256 ------------------ | Branch (285:6): [True: 98, False: 1.91k] ------------------ 286| 2.92k|#endif 287| 2.92k| ) { 288| 787| ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype); 289| 787| if (eck) { ------------------ | Branch (289:7): [True: 787, False: 0] ------------------ 290| 787| if (*eck) { ------------------ | Branch (290:8): [True: 0, False: 787] ------------------ 291| 0| ecc_free(*eck); 292| 0| m_free(*eck); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 293| 0| *eck = NULL; 294| 0| } 295| 787| *eck = buf_get_ecdsa_pub_key(buf); 296| 787| if (*eck) { ------------------ | Branch (296:8): [True: 313, False: 474] ------------------ 297| 313| ret = DROPBEAR_SUCCESS; ------------------ | | 111| 313|#define DROPBEAR_SUCCESS 0 ------------------ 298| 313| } 299| 787| } 300| 787| } 301| 2.92k|#endif 302| 2.92k|#if DROPBEAR_ED25519 303| 2.92k| if (keytype == DROPBEAR_SIGNKEY_ED25519 ------------------ | Branch (303:6): [True: 548, False: 2.37k] ------------------ 304| 2.37k|#if DROPBEAR_SK_ED25519 305| 2.37k| || keytype == DROPBEAR_SIGNKEY_SK_ED25519 ------------------ | Branch (305:6): [True: 137, False: 2.23k] ------------------ 306| 2.92k|#endif 307| 2.92k| ) { 308| 375| ed25519_key_free(key->ed25519key); 309| 375| key->ed25519key = m_malloc(sizeof(*key->ed25519key)); 310| 375| ret = buf_get_ed25519_pub_key(buf, key->ed25519key, keytype); 311| 375| if (ret == DROPBEAR_FAILURE) { ------------------ | | 112| 375|#define DROPBEAR_FAILURE -1 ------------------ | Branch (311:7): [True: 59, False: 316] ------------------ 312| 59| m_free(key->ed25519key); ------------------ | | 24| 59|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 59] | | ------------------ ------------------ 313| 59| key->ed25519key = NULL; 314| 59| } 315| 375| } 316| 2.92k|#endif 317| | 318| 2.92k|#if DROPBEAR_SK_ECDSA || DROPBEAR_SK_ED25519 319| 2.92k| if (0 ------------------ | Branch (319:6): [Folded, False: 2.60k] ------------------ 320| 2.60k|#if DROPBEAR_SK_ED25519 321| 2.60k| || keytype == DROPBEAR_SIGNKEY_SK_ED25519 ------------------ | Branch (321:6): [True: 135, False: 2.47k] ------------------ 322| 2.47k|#endif 323| 2.47k|#if DROPBEAR_SK_ECDSA 324| 2.47k| || keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256 ------------------ | Branch (324:6): [True: 85, False: 2.38k] ------------------ 325| 2.92k|#endif 326| 2.92k| ) { 327| 220| key->sk_app = buf_getstring(buf, &key->sk_applen); 328| 220| } 329| 2.92k|#endif 330| | 331| 2.92k| TRACE2(("leave buf_get_pub_key")) 332| | 333| 2.92k| return ret; 334| 2.92k|} sign_key_free: 506| 2.39k|void sign_key_free(sign_key *key) { 507| | 508| 2.39k| TRACE2(("enter sign_key_free")) 509| | 510| 2.39k|#if DROPBEAR_DSS 511| 2.39k| dss_key_free(key->dsskey); 512| 2.39k| key->dsskey = NULL; 513| 2.39k|#endif 514| 2.39k|#if DROPBEAR_RSA 515| 2.39k| rsa_key_free(key->rsakey); 516| 2.39k| key->rsakey = NULL; 517| 2.39k|#endif 518| 2.39k|#if DROPBEAR_ECDSA 519| 2.39k|#if DROPBEAR_ECC_256 520| 2.39k| if (key->ecckey256) { ------------------ | Branch (520:6): [True: 200, False: 2.19k] ------------------ 521| 200| ecc_free(key->ecckey256); 522| 200| m_free(key->ecckey256); ------------------ | | 24| 200|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 200] | | ------------------ ------------------ 523| 200| key->ecckey256 = NULL; 524| 200| } 525| 2.39k|#endif 526| 2.39k|#if DROPBEAR_ECC_384 527| 2.39k| if (key->ecckey384) { ------------------ | Branch (527:6): [True: 51, False: 2.33k] ------------------ 528| 51| ecc_free(key->ecckey384); 529| 51| m_free(key->ecckey384); ------------------ | | 24| 51|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 51] | | ------------------ ------------------ 530| 51| key->ecckey384 = NULL; 531| 51| } 532| 2.39k|#endif 533| 2.39k|#if DROPBEAR_ECC_521 534| 2.39k| if (key->ecckey521) { ------------------ | Branch (534:6): [True: 54, False: 2.33k] ------------------ 535| 54| ecc_free(key->ecckey521); 536| 54| m_free(key->ecckey521); ------------------ | | 24| 54|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 54] | | ------------------ ------------------ 537| 54| key->ecckey521 = NULL; 538| 54| } 539| 2.39k|#endif 540| 2.39k|#endif 541| 2.39k|#if DROPBEAR_ED25519 542| 2.39k| ed25519_key_free(key->ed25519key); 543| 2.39k| key->ed25519key = NULL; 544| 2.39k|#endif 545| | 546| 2.39k| m_free(key->filename); ------------------ | | 24| 2.39k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 2.39k] | | ------------------ ------------------ 547| 2.39k|#if DROPBEAR_SK_ECDSA || DROPBEAR_SK_ED25519 548| 2.39k| if (key->sk_app) { ------------------ | Branch (548:6): [True: 127, False: 2.26k] ------------------ 549| 127| m_free(key->sk_app); ------------------ | | 24| 127|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 127] | | ------------------ ------------------ 550| 127| } 551| 2.39k|#endif 552| | 553| | m_free(key); ------------------ | | 24| 2.39k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 2.39k] | | ------------------ ------------------ 554| 2.39k| TRACE2(("leave sign_key_free")) 555| 2.39k|} buf_verify: 645| 1.77k|int buf_verify(buffer * buf, sign_key *key, enum signature_type expect_sigtype, const buffer *data_buf) { 646| | 647| 1.77k| char *type_name = NULL; 648| 1.77k| unsigned int type_name_len = 0; 649| 1.77k| enum signature_type sigtype; 650| 1.77k| enum signkey_type keytype; 651| | 652| 1.77k| TRACE(("enter buf_verify")) 653| | 654| 1.77k| buf_getint(buf); /* blob length */ 655| 1.77k| type_name = buf_getstring(buf, &type_name_len); 656| 1.77k| sigtype = signature_type_from_name(type_name, type_name_len); 657| 1.77k| m_free(type_name); ------------------ | | 24| 1.77k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 1.77k] | | ------------------ ------------------ 658| | 659| 1.77k| if (expect_sigtype != sigtype) { ------------------ | Branch (659:6): [True: 79, False: 1.69k] ------------------ 660| 79| dropbear_exit("Non-matching signing type"); 661| 79| } 662| | 663| 1.69k| keytype = signkey_type_from_signature(sigtype); 664| 1.69k|#if DROPBEAR_DSS 665| 1.69k| if (keytype == DROPBEAR_SIGNKEY_DSS) { ------------------ | Branch (665:6): [True: 256, False: 1.44k] ------------------ 666| 256| if (key->dsskey == NULL) { ------------------ | Branch (666:7): [True: 0, False: 256] ------------------ 667| 0| dropbear_exit("No DSS key to verify signature"); 668| 0| } 669| 256| return buf_dss_verify(buf, key->dsskey, data_buf); 670| 256| } 671| 1.44k|#endif 672| | 673| 1.44k|#if DROPBEAR_RSA 674| 1.44k| if (keytype == DROPBEAR_SIGNKEY_RSA) { ------------------ | Branch (674:6): [True: 882, False: 561] ------------------ 675| 882| if (key->rsakey == NULL) { ------------------ | Branch (675:7): [True: 0, False: 882] ------------------ 676| 0| dropbear_exit("No RSA key to verify signature"); 677| 0| } 678| 882| return buf_rsa_verify(buf, key->rsakey, sigtype, data_buf); 679| 882| } 680| 561|#endif 681| 561|#if DROPBEAR_ECDSA 682| 561| if (signkey_is_ecdsa(keytype)) { ------------------ | Branch (682:6): [True: 309, False: 252] ------------------ 683| 309| ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype); 684| 309| if (eck && *eck) { ------------------ | Branch (684:7): [True: 309, False: 0] | Branch (684:14): [True: 309, False: 0] ------------------ 685| 309| return buf_ecdsa_verify(buf, *eck, data_buf); 686| 309| } 687| 309| } 688| 252|#endif 689| 252|#if DROPBEAR_ED25519 690| 252| if (keytype == DROPBEAR_SIGNKEY_ED25519) { ------------------ | Branch (690:6): [True: 100, False: 152] ------------------ 691| 100| if (key->ed25519key == NULL) { ------------------ | Branch (691:7): [True: 0, False: 100] ------------------ 692| 0| dropbear_exit("No Ed25519 key to verify signature"); 693| 0| } 694| 100| return buf_ed25519_verify(buf, key->ed25519key, data_buf); 695| 100| } 696| 152|#endif 697| 152|#if DROPBEAR_SK_ECDSA 698| 152| if (keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256) { ------------------ | Branch (698:6): [True: 0, False: 152] ------------------ 699| 0| ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype); 700| 0| if (eck && *eck) { ------------------ | Branch (700:7): [True: 0, False: 0] | Branch (700:14): [True: 0, False: 0] ------------------ 701| 0| return buf_sk_ecdsa_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen, key->sk_flags_mask); 702| 0| } 703| 0| } 704| 152|#endif 705| 152|#if DROPBEAR_SK_ED25519 706| 152| if (keytype == DROPBEAR_SIGNKEY_SK_ED25519) { ------------------ | Branch (706:6): [True: 126, False: 26] ------------------ 707| 126| dropbear_ed25519_key **eck = (dropbear_ed25519_key**)signkey_key_ptr(key, keytype); 708| 126| if (eck && *eck) { ------------------ | Branch (708:7): [True: 126, False: 0] | Branch (708:14): [True: 126, False: 0] ------------------ 709| 126| return buf_sk_ed25519_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen, key->sk_flags_mask); 710| 126| } 711| 126| } 712| 26|#endif 713| | 714| 26| dropbear_exit("Non-matching signing type"); 715| 0| return DROPBEAR_FAILURE; ------------------ | | 112| 0|#define DROPBEAR_FAILURE -1 ------------------ 716| 152|} buf_sk_ed25519_verify: 13| 126| unsigned char sk_flags_mask) { 14| | 15| 126| int ret = DROPBEAR_FAILURE; ------------------ | | 112| 126|#define DROPBEAR_FAILURE -1 ------------------ 16| 126| unsigned char *s; 17| 126| unsigned long slen; 18| 126| hash_state hs; 19| 126| unsigned char hash[SHA256_HASH_SIZE]; 20| 126| buffer *sk_buffer = NULL; 21| 126| unsigned char flags; 22| 126| unsigned int counter; 23| | 24| 126| TRACE(("enter buf_sk_ed25519_verify")) 25| 126| dropbear_assert(key != NULL); ------------------ | | 84| 126|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (84:37): [True: 0, False: 126] | | | Branch (84:93): [Folded, False: 126] | | ------------------ ------------------ 26| | 27| 126| slen = buf_getint(buf); 28| 126| if (slen != 64 || buf->len - buf->pos < slen) { ------------------ | Branch (28:6): [True: 40, False: 86] | Branch (28:20): [True: 11, False: 75] ------------------ 29| 50| TRACE(("leave buf_sk_ed25519_verify: bad size")) 30| 50| goto out; 31| 50| } 32| 76| s = buf_getptr(buf, slen); 33| 76| buf_incrpos(buf, slen); 34| | 35| 76| flags = buf_getbyte (buf); 36| 76| counter = buf_getint (buf); 37| | /* create the message to be signed */ 38| 76| sk_buffer = buf_new (2*SHA256_HASH_SIZE+5); ------------------ | | 134| 76|#define SHA256_HASH_SIZE 32 ------------------ 39| 76| sha256_init (&hs); 40| 76| sha256_process (&hs, app, applen); 41| 76| sha256_done (&hs, hash); 42| 76| buf_putbytes (sk_buffer, hash, sizeof (hash)); 43| 76| buf_putbyte (sk_buffer, flags); 44| 76| buf_putint (sk_buffer, counter); 45| 76| sha256_init (&hs); 46| 76| sha256_process (&hs, data_buf->data, data_buf->len); 47| 76| sha256_done (&hs, hash); 48| 76| buf_putbytes (sk_buffer, hash, sizeof (hash)); 49| | 50| 76| if (dropbear_ed25519_verify(sk_buffer->data, sk_buffer->len, ------------------ | Branch (50:6): [True: 2, False: 74] ------------------ 51| 76| s, slen, key->pub) == 0) { 52| | /* signature is valid */ 53| 2| TRACE(("leave buf_sk_ed25519_verify: success!")) 54| 2| ret = DROPBEAR_SUCCESS; ------------------ | | 111| 2|#define DROPBEAR_SUCCESS 0 ------------------ 55| 2| } 56| | 57| 76| if (~flags & sk_flags_mask & SSH_SK_USER_PRESENCE_REQD) { ------------------ | | 135| 76|#define SSH_SK_USER_PRESENCE_REQD 0x01 ------------------ | Branch (57:6): [True: 0, False: 76] ------------------ 58| 0| if (ret == DROPBEAR_SUCCESS) { ------------------ | | 111| 0|#define DROPBEAR_SUCCESS 0 ------------------ | Branch (58:7): [True: 0, False: 0] ------------------ 59| 0| dropbear_log(LOG_WARNING, "Rejecting, user-presence not set"); 60| 0| } 61| 0| ret = DROPBEAR_FAILURE; ------------------ | | 112| 0|#define DROPBEAR_FAILURE -1 ------------------ 62| 0| } 63| 76| if (~flags & sk_flags_mask & SSH_SK_USER_VERIFICATION_REQD) { ------------------ | | 136| 76|#define SSH_SK_USER_VERIFICATION_REQD 0x04 ------------------ | Branch (63:6): [True: 0, False: 76] ------------------ 64| 0| if (ret == DROPBEAR_SUCCESS) { ------------------ | | 111| 0|#define DROPBEAR_SUCCESS 0 ------------------ | Branch (64:7): [True: 0, False: 0] ------------------ 65| 0| dropbear_log(LOG_WARNING, "Rejecting, user-verification not set"); 66| 0| } 67| 0| ret = DROPBEAR_FAILURE; ------------------ | | 112| 0|#define DROPBEAR_FAILURE -1 ------------------ 68| 0| } 69| 123|out: 70| 123| buf_free(sk_buffer); 71| 123| TRACE(("leave buf_sk_ed25519_verify: ret %d", ret)) 72| 123| return ret; 73| 76|}