ssh_digest_bytes: 101| 4.57k|{ 102| 4.57k| const struct ssh_digest *digest = ssh_digest_by_alg(alg); 103| | 104| 4.57k| return digest == NULL ? 0 : digest->digest_len; ------------------ | Branch (104:9): [True: 0, False: 4.57k] ------------------ 105| 4.57k|} ssh_digest_memory: 186| 18|{ 187| 18| const struct ssh_digest *digest = ssh_digest_by_alg(alg); 188| 18| u_int mdlen; 189| | 190| 18| if (digest == NULL) ------------------ | Branch (190:6): [True: 0, False: 18] ------------------ 191| 0| return SSH_ERR_INVALID_ARGUMENT; ------------------ | | 34| 0|#define SSH_ERR_INVALID_ARGUMENT -10 ------------------ 192| 18| if (dlen > UINT_MAX) ------------------ | Branch (192:6): [True: 0, False: 18] ------------------ 193| 0| return SSH_ERR_INVALID_ARGUMENT; ------------------ | | 34| 0|#define SSH_ERR_INVALID_ARGUMENT -10 ------------------ 194| 18| if (dlen < digest->digest_len) ------------------ | Branch (194:6): [True: 0, False: 18] ------------------ 195| 0| return SSH_ERR_INVALID_ARGUMENT; ------------------ | | 34| 0|#define SSH_ERR_INVALID_ARGUMENT -10 ------------------ 196| 18| mdlen = dlen; 197| 18| if (!EVP_Digest(m, mlen, d, &mdlen, digest->mdfunc(), NULL)) ------------------ | Branch (197:6): [True: 0, False: 18] ------------------ 198| 0| return SSH_ERR_LIBCRYPTO_ERROR; ------------------ | | 46| 0|#define SSH_ERR_LIBCRYPTO_ERROR -22 ------------------ 199| 18| return 0; 200| 18|} digest-openssl.c:ssh_digest_by_alg: 69| 4.59k|{ 70| 4.59k| if (alg < 0 || alg >= SSH_DIGEST_MAX) ------------------ | | 30| 4.59k|#define SSH_DIGEST_MAX 5 ------------------ | Branch (70:6): [True: 0, False: 4.59k] | Branch (70:17): [True: 0, False: 4.59k] ------------------ 71| 0| return NULL; 72| 4.59k| if (digests[alg].id != alg) /* sanity */ ------------------ | Branch (72:6): [True: 0, False: 4.59k] ------------------ 73| 0| return NULL; 74| 4.59k| if (digests[alg].mdfunc == NULL) ------------------ | Branch (74:6): [True: 0, False: 4.59k] ------------------ 75| 0| return NULL; 76| 4.59k| return &(digests[alg]); 77| 4.59k|} crypto_sign_ed25519_ref_fe25519_getparity: 268| 57|{ 269| 57| fe25519 t = *x; ------------------ | | 72| 57|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 270| 57| fe25519_freeze(&t); ------------------ | | 73| 57|#define fe25519_freeze crypto_sign_ed25519_ref_fe25519_freeze ------------------ 271| 57| return t.v[0] & 1; 272| 57|} crypto_sign_ed25519_ref_unpackneg_vartime: 1786| 28|{ 1787| 28| unsigned char par; 1788| 28| fe25519 t, chk, num, den, den2, den4, den6; ------------------ | | 72| 28|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 1789| 28| fe25519_setone(&r->z); ------------------ | | 79| 28|#define fe25519_setone crypto_sign_ed25519_ref_fe25519_setone ------------------ 1790| 28| par = p[31] >> 7; 1791| 28| fe25519_unpack(&r->y, p); ------------------ | | 74| 28|#define fe25519_unpack crypto_sign_ed25519_ref_fe25519_unpack ------------------ 1792| 28| fe25519_square(&num, &r->y); /* x = y^2 */ ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 1793| 28| fe25519_mul(&den, &num, &ge25519_ecd); /* den = dy^2 */ ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1794| 28| fe25519_sub(&num, &num, &r->z); /* x = y^2-1 */ ------------------ | | 84| 28|#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub ------------------ 1795| 28| fe25519_add(&den, &r->z, &den); /* den = dy^2+1 */ ------------------ | | 83| 28|#define fe25519_add crypto_sign_ed25519_ref_fe25519_add ------------------ 1796| | 1797| | /* Computation of sqrt(num/den) */ 1798| | /* 1.: computation of num^((p-5)/8)*den^((7p-35)/8) = (num*den^7)^((p-5)/8) */ 1799| 28| fe25519_square(&den2, &den); ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 1800| 28| fe25519_square(&den4, &den2); ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 1801| 28| fe25519_mul(&den6, &den4, &den2); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1802| 28| fe25519_mul(&t, &den6, &num); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1803| 28| fe25519_mul(&t, &t, &den); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1804| | 1805| 28| fe25519_pow2523(&t, &t); ------------------ | | 88| 28|#define fe25519_pow2523 crypto_sign_ed25519_ref_fe25519_pow2523 ------------------ 1806| | /* 2. computation of r->x = t * num * den^3 */ 1807| 28| fe25519_mul(&t, &t, &num); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1808| 28| fe25519_mul(&t, &t, &den); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1809| 28| fe25519_mul(&t, &t, &den); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1810| 28| fe25519_mul(&r->x, &t, &den); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1811| | 1812| | /* 3. Check whether sqrt computation gave correct result, multiply by sqrt(-1) if not: */ 1813| 28| fe25519_square(&chk, &r->x); ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 1814| 28| fe25519_mul(&chk, &chk, &den); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1815| 28| if (!fe25519_iseq_vartime(&chk, &num)) ------------------ | | 77| 28|#define fe25519_iseq_vartime crypto_sign_ed25519_ref_fe25519_iseq_vartime ------------------ | Branch (1815:7): [True: 0, False: 28] ------------------ 1816| 0| fe25519_mul(&r->x, &r->x, &ge25519_sqrtm1); ------------------ | | 85| 0|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1817| | 1818| | /* 4. Now we have one of the two square roots, except if input was not a square */ 1819| 28| fe25519_square(&chk, &r->x); ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 1820| 28| fe25519_mul(&chk, &chk, &den); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1821| 28| if (!fe25519_iseq_vartime(&chk, &num)) ------------------ | | 77| 28|#define fe25519_iseq_vartime crypto_sign_ed25519_ref_fe25519_iseq_vartime ------------------ | Branch (1821:7): [True: 0, False: 28] ------------------ 1822| 0| return -1; 1823| | 1824| | /* 5. Choose the desired square root according to parity: */ 1825| 28| if(fe25519_getparity(&r->x) != (1-par)) ------------------ | | 82| 28|#define fe25519_getparity crypto_sign_ed25519_ref_fe25519_getparity ------------------ | Branch (1825:6): [True: 0, False: 28] ------------------ 1826| 0| fe25519_neg(&r->x, &r->x); ------------------ | | 81| 0|#define fe25519_neg crypto_sign_ed25519_ref_fe25519_neg ------------------ 1827| | 1828| 28| fe25519_mul(&r->t, &r->x, &r->y); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1829| 28| return 0; 1830| 28|} crypto_sign_ed25519_keypair: 1914| 1|{ 1915| 1| unsigned char az[64]; 1916| 1| sc25519 scsk; ------------------ | | 461| 1|#define sc25519 crypto_sign_ed25519_ref_sc25519 ------------------ 1917| 1| ge25519 gepk; ------------------ | | 724| 1|#define ge25519 crypto_sign_ed25519_ref_ge25519 ------------------ 1918| | 1919| 1| randombytes(sk,32); ------------------ | | 27| 1|#define randombytes(buf, buf_len) arc4random_buf((buf), (buf_len)) ------------------ 1920| 1| crypto_hash_sha512(az,sk,32); 1921| 1| az[0] &= 248; 1922| 1| az[31] &= 127; 1923| 1| az[31] |= 64; 1924| | 1925| 1| sc25519_from32bytes(&scsk,az); ------------------ | | 463| 1|#define sc25519_from32bytes crypto_sign_ed25519_ref_sc25519_from32bytes ------------------ 1926| | 1927| 1| ge25519_scalarmult_base(&gepk, &scsk); ------------------ | | 730| 1|#define ge25519_scalarmult_base crypto_sign_ed25519_ref_scalarmult_base ------------------ 1928| 1| ge25519_pack(pk, &gepk); ------------------ | | 727| 1|#define ge25519_pack crypto_sign_ed25519_ref_pack ------------------ 1929| 1| memmove(sk + 32,pk,32); 1930| 1| return 0; 1931| 1|} crypto_sign_ed25519_open: 1993| 46|{ 1994| 46| unsigned char pkcopy[32]; 1995| 46| unsigned char rcopy[32]; 1996| 46| unsigned char hram[64]; 1997| 46| unsigned char rcheck[32]; 1998| 46| ge25519 get1, get2; ------------------ | | 724| 46|#define ge25519 crypto_sign_ed25519_ref_ge25519 ------------------ 1999| 46| sc25519 schram, scs; ------------------ | | 461| 46|#define sc25519 crypto_sign_ed25519_ref_sc25519 ------------------ 2000| | 2001| 46| if (smlen < 64) goto badsig; ------------------ | Branch (2001:7): [True: 0, False: 46] ------------------ 2002| 46| if (sm[63] & 224) goto badsig; ------------------ | Branch (2002:7): [True: 18, False: 28] ------------------ 2003| 28| if (ge25519_unpackneg_vartime(&get1,pk)) goto badsig; ------------------ | | 726| 28|#define ge25519_unpackneg_vartime crypto_sign_ed25519_ref_unpackneg_vartime ------------------ | Branch (2003:7): [True: 0, False: 28] ------------------ 2004| | 2005| 28| memmove(pkcopy,pk,32); 2006| 28| memmove(rcopy,sm,32); 2007| | 2008| 28| sc25519_from32bytes(&scs, sm+32); ------------------ | | 463| 28|#define sc25519_from32bytes crypto_sign_ed25519_ref_sc25519_from32bytes ------------------ 2009| | 2010| 28| memmove(m,sm,smlen); 2011| 28| memmove(m + 32,pkcopy,32); 2012| 28| crypto_hash_sha512(hram,m,smlen); 2013| | 2014| 28| sc25519_from64bytes(&schram, hram); ------------------ | | 464| 28|#define sc25519_from64bytes crypto_sign_ed25519_ref_sc25519_from64bytes ------------------ 2015| | 2016| 28| ge25519_double_scalarmult_vartime(&get2, &get1, &schram, &ge25519_base, &scs); ------------------ | | 729| 28|#define ge25519_double_scalarmult_vartime crypto_sign_ed25519_ref_double_scalarmult_vartime ------------------ ge25519_double_scalarmult_vartime(&get2, &get1, &schram, &ge25519_base, &scs); ------------------ | | 725| 28|#define ge25519_base crypto_sign_ed25519_ref_ge25519_base ------------------ 2017| 28| ge25519_pack(rcheck, &get2); ------------------ | | 727| 28|#define ge25519_pack crypto_sign_ed25519_ref_pack ------------------ 2018| | 2019| 28| if (crypto_verify_32(rcopy,rcheck) == 0) { ------------------ | Branch (2019:7): [True: 0, False: 28] ------------------ 2020| 0| memmove(m,m + 64,smlen - 64); 2021| 0| memset(m + smlen - 64,0,64); 2022| 0| *mlen = smlen - 64; 2023| 0| return 0; 2024| 0| } 2025| | 2026| 46|badsig: 2027| 46| *mlen = (unsigned long long) -1; 2028| 46| memset(m,0,smlen); 2029| 46| return -1; 2030| 28|} ed25519.c:crypto_sign_ed25519_ref_fe25519_freeze: 203| 198|{ 204| 198| int i; 205| 198| crypto_uint32 m = fe25519_equal(r->v[31],127); 206| 6.13k| for(i=30;i>0;i--) ------------------ | Branch (206:12): [True: 5.94k, False: 198] ------------------ 207| 5.94k| m &= fe25519_equal(r->v[i],255); 208| 198| m &= ge(r->v[0],237); 209| | 210| 198| m = -m; 211| | 212| 198| r->v[31] -= m&127; 213| 6.13k| for(i=30;i>0;i--) ------------------ | Branch (213:12): [True: 5.94k, False: 198] ------------------ 214| 5.94k| r->v[i] -= m&255; 215| 198| r->v[0] -= m&237; 216| 198|} ed25519.c:fe25519_equal: 135| 6.13k|{ 136| 6.13k| crypto_uint32 x = a ^ b; /* 0: yes; 1..65535: no */ 137| 6.13k| x -= 1; /* 4294967295: yes; 0..65534: no */ 138| 6.13k| x >>= 31; /* 1: yes; 0: no */ 139| 6.13k| return x; 140| 6.13k|} ed25519.c:ge: 143| 198|{ 144| 198| unsigned int x = a; 145| 198| x -= (unsigned int) b; /* 0..65535: yes; 4294901761..4294967295: no */ 146| 198| x >>= 31; /* 0: yes; 1: no */ 147| 198| x ^= 1; /* 1: yes; 0: no */ 148| 198| return x; 149| 198|} ed25519.c:crypto_sign_ed25519_ref_fe25519_setone: 275| 85|{ 276| 85| int i; 277| 85| r->v[0] = 1; 278| 2.72k| for(i=1;i<32;i++) r->v[i]=0; ------------------ | Branch (278:11): [True: 2.63k, False: 85] ------------------ 279| 85|} ed25519.c:crypto_sign_ed25519_ref_fe25519_unpack: 219| 28|{ 220| 28| int i; 221| 924| for(i=0;i<32;i++) r->v[i] = x[i]; ------------------ | Branch (221:11): [True: 896, False: 28] ------------------ 222| 28| r->v[31] &= 127; 223| 28|} ed25519.c:crypto_sign_ed25519_ref_fe25519_square: 332| 43.0k|{ 333| 43.0k| fe25519_mul(r, x, x); ------------------ | | 85| 43.0k|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 334| 43.0k|} ed25519.c:crypto_sign_ed25519_ref_fe25519_mul: 315| 95.3k|{ 316| 95.3k| int i,j; 317| 95.3k| crypto_uint32 t[63]; 318| 6.09M| for(i=0;i<63;i++)t[i] = 0; ------------------ | Branch (318:11): [True: 6.00M, False: 95.3k] ------------------ 319| | 320| 3.14M| for(i=0;i<32;i++) ------------------ | Branch (320:11): [True: 3.04M, False: 95.3k] ------------------ 321| 100M| for(j=0;j<32;j++) ------------------ | Branch (321:13): [True: 97.5M, False: 3.04M] ------------------ 322| 97.5M| t[i+j] += x->v[i] * y->v[j]; 323| | 324| 3.04M| for(i=32;i<63;i++) ------------------ | Branch (324:12): [True: 2.95M, False: 95.3k] ------------------ 325| 2.95M| r->v[i-32] = t[i-32] + times38(t[i]); 326| 95.3k| r->v[31] = t[31]; /* result now in r[0]...r[31] */ 327| | 328| 95.3k| reduce_mul(r); 329| 95.3k|} ed25519.c:times38: 157| 2.95M|{ 158| 2.95M| return (a << 5) + (a << 2) + (a << 1); 159| 2.95M|} ed25519.c:reduce_mul: 182| 95.3k|{ 183| 95.3k| crypto_uint32 t; 184| 95.3k| int i,rep; 185| | 186| 285k| for(rep=0;rep<2;rep++) ------------------ | Branch (186:13): [True: 190k, False: 95.3k] ------------------ 187| 190k| { 188| 190k| t = r->v[31] >> 7; 189| 190k| r->v[31] &= 127; 190| 190k| t = times19(t); 191| 190k| r->v[0] += t; 192| 6.09M| for(i=0;i<31;i++) ------------------ | Branch (192:13): [True: 5.90M, False: 190k] ------------------ 193| 5.90M| { 194| 5.90M| t = r->v[i] >> 8; 195| 5.90M| r->v[i+1] += t; 196| 5.90M| r->v[i] &= 255; 197| 5.90M| } 198| 190k| } 199| 95.3k|} ed25519.c:times19: 152| 538k|{ 153| 538k| return (a << 4) + (a << 1) + a; 154| 538k|} ed25519.c:crypto_sign_ed25519_ref_fe25519_sub: 304| 49.0k|{ 305| 49.0k| int i; 306| 49.0k| crypto_uint32 t[32]; 307| 49.0k| t[0] = x->v[0] + 0x1da; 308| 49.0k| t[31] = x->v[31] + 0xfe; 309| 1.51M| for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe; ------------------ | Branch (309:11): [True: 1.47M, False: 49.0k] ------------------ 310| 1.61M| for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i]; ------------------ | Branch (310:11): [True: 1.56M, False: 49.0k] ------------------ 311| 49.0k| fe25519_reduce_add_sub(r); 312| 49.0k|} ed25519.c:fe25519_reduce_add_sub: 162| 86.9k|{ 163| 86.9k| crypto_uint32 t; 164| 86.9k| int i,rep; 165| | 166| 434k| for(rep=0;rep<4;rep++) ------------------ | Branch (166:13): [True: 347k, False: 86.9k] ------------------ 167| 347k| { 168| 347k| t = r->v[31] >> 7; 169| 347k| r->v[31] &= 127; 170| 347k| t = times19(t); 171| 347k| r->v[0] += t; 172| 11.1M| for(i=0;i<31;i++) ------------------ | Branch (172:13): [True: 10.7M, False: 347k] ------------------ 173| 10.7M| { 174| 10.7M| t = r->v[i] >> 8; 175| 10.7M| r->v[i+1] += t; 176| 10.7M| r->v[i] &= 255; 177| 10.7M| } 178| 347k| } 179| 86.9k|} ed25519.c:crypto_sign_ed25519_ref_fe25519_add: 297| 37.9k|{ 298| 37.9k| int i; 299| 1.25M| for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i]; ------------------ | Branch (299:11): [True: 1.21M, False: 37.9k] ------------------ 300| 37.9k| fe25519_reduce_add_sub(r); 301| 37.9k|} ed25519.c:crypto_sign_ed25519_ref_fe25519_pow2523: 404| 28|{ 405| 28| fe25519 z2; ------------------ | | 72| 28|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 406| 28| fe25519 z9; ------------------ | | 72| 28|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 407| 28| fe25519 z11; ------------------ | | 72| 28|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 408| 28| fe25519 z2_5_0; ------------------ | | 72| 28|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 409| 28| fe25519 z2_10_0; ------------------ | | 72| 28|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 410| 28| fe25519 z2_20_0; ------------------ | | 72| 28|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 411| 28| fe25519 z2_50_0; ------------------ | | 72| 28|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 412| 28| fe25519 z2_100_0; ------------------ | | 72| 28|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 413| 28| fe25519 t; ------------------ | | 72| 28|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 414| 28| int i; 415| | 416| 28| /* 2 */ fe25519_square(&z2,x); ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 417| | /* 4 */ fe25519_square(&t,&z2); ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 418| | /* 8 */ fe25519_square(&t,&t); ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 419| | /* 9 */ fe25519_mul(&z9,&t,x); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 420| | /* 11 */ fe25519_mul(&z11,&z9,&z2); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 421| | /* 22 */ fe25519_square(&t,&z11); ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 422| | /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t,&z9); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 423| | 424| 28| /* 2^6 - 2^1 */ fe25519_square(&t,&z2_5_0); ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 425| 140| /* 2^10 - 2^5 */ for (i = 1;i < 5;i++) { fe25519_square(&t,&t); } ------------------ | | 86| 112|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ | Branch (425:30): [True: 112, False: 28] ------------------ 426| | /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t,&z2_5_0); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 427| | 428| 28| /* 2^11 - 2^1 */ fe25519_square(&t,&z2_10_0); ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 429| 280| /* 2^20 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); } ------------------ | | 86| 252|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ | Branch (429:31): [True: 252, False: 28] ------------------ 430| | /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t,&z2_10_0); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 431| | 432| 28| /* 2^21 - 2^1 */ fe25519_square(&t,&z2_20_0); ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 433| 560| /* 2^40 - 2^20 */ for (i = 1;i < 20;i++) { fe25519_square(&t,&t); } ------------------ | | 86| 532|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ | Branch (433:31): [True: 532, False: 28] ------------------ 434| | /* 2^40 - 2^0 */ fe25519_mul(&t,&t,&z2_20_0); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 435| | 436| 28| /* 2^41 - 2^1 */ fe25519_square(&t,&t); ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 437| 280| /* 2^50 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); } ------------------ | | 86| 252|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ | Branch (437:31): [True: 252, False: 28] ------------------ 438| | /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t,&z2_10_0); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 439| | 440| 28| /* 2^51 - 2^1 */ fe25519_square(&t,&z2_50_0); ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 441| 1.40k| /* 2^100 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); } ------------------ | | 86| 1.37k|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ | Branch (441:32): [True: 1.37k, False: 28] ------------------ 442| | /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t,&z2_50_0); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 443| | 444| 28| /* 2^101 - 2^1 */ fe25519_square(&t,&z2_100_0); ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 445| 2.80k| /* 2^200 - 2^100 */ for (i = 1;i < 100;i++) { fe25519_square(&t,&t); } ------------------ | | 86| 2.77k|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ | Branch (445:33): [True: 2.77k, False: 28] ------------------ 446| | /* 2^200 - 2^0 */ fe25519_mul(&t,&t,&z2_100_0); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 447| | 448| 28| /* 2^201 - 2^1 */ fe25519_square(&t,&t); ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 449| 1.40k| /* 2^250 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); } ------------------ | | 86| 1.37k|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ | Branch (449:32): [True: 1.37k, False: 28] ------------------ 450| | /* 2^250 - 2^0 */ fe25519_mul(&t,&t,&z2_50_0); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 451| | 452| 28| /* 2^251 - 2^1 */ fe25519_square(&t,&t); ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 453| | /* 2^252 - 2^2 */ fe25519_square(&t,&t); ------------------ | | 86| 28|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 454| | /* 2^252 - 3 */ fe25519_mul(r,&t,x); ------------------ | | 85| 28|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 455| 28|} ed25519.c:crypto_sign_ed25519_ref_fe25519_iseq_vartime: 248| 56|{ 249| 56| int i; 250| 56| fe25519 t1 = *x; ------------------ | | 72| 56|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 251| 56| fe25519 t2 = *y; ------------------ | | 72| 56|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 252| 56| fe25519_freeze(&t1); ------------------ | | 73| 56|#define fe25519_freeze crypto_sign_ed25519_ref_fe25519_freeze ------------------ 253| 56| fe25519_freeze(&t2); ------------------ | | 73| 56|#define fe25519_freeze crypto_sign_ed25519_ref_fe25519_freeze ------------------ 254| 1.84k| for(i=0;i<32;i++) ------------------ | Branch (254:11): [True: 1.79k, False: 56] ------------------ 255| 1.79k| if(t1.v[i] != t2.v[i]) return 0; ------------------ | Branch (255:8): [True: 0, False: 1.79k] ------------------ 256| 56| return 1; 257| 56|} ed25519.c:crypto_sign_ed25519_ref_fe25519_neg: 288| 7.22k|{ 289| 7.22k| fe25519 t; ------------------ | | 72| 7.22k|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 290| 7.22k| int i; 291| 238k| for(i=0;i<32;i++) t.v[i]=x->v[i]; ------------------ | Branch (291:11): [True: 231k, False: 7.22k] ------------------ 292| 7.22k| fe25519_setzero(r); ------------------ | | 80| 7.22k|#define fe25519_setzero crypto_sign_ed25519_ref_fe25519_setzero ------------------ 293| 7.22k| fe25519_sub(r, r, &t); ------------------ | | 84| 7.22k|#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub ------------------ 294| 7.22k|} ed25519.c:crypto_sign_ed25519_ref_fe25519_setzero: 282| 7.28k|{ 283| 7.28k| int i; 284| 240k| for(i=0;i<32;i++) r->v[i]=0; ------------------ | Branch (284:11): [True: 232k, False: 7.28k] ------------------ 285| 7.28k|} ed25519.c:crypto_sign_ed25519_ref_sc25519_from32bytes: 604| 29|{ 605| 29| int i; 606| 29| crypto_uint32 t[64]; 607| 957| for(i=0;i<32;i++) t[i] = x[i]; ------------------ | Branch (607:11): [True: 928, False: 29] ------------------ 608| 957| for(i=32;i<64;++i) t[i] = 0; ------------------ | Branch (608:12): [True: 928, False: 29] ------------------ 609| 29| barrett_reduce(r, t); 610| 29|} ed25519.c:barrett_reduce: 553| 57|{ 554| | /* See HAC, Alg. 14.42 */ 555| 57| int i,j; 556| 57| crypto_uint32 q2[66]; 557| 57| crypto_uint32 *q3 = q2 + 33; 558| 57| crypto_uint32 r1[33]; 559| 57| crypto_uint32 r2[33]; 560| 57| crypto_uint32 carry; 561| 57| crypto_uint32 pb = 0; 562| 57| crypto_uint32 b; 563| | 564| 3.81k| for (i = 0;i < 66;++i) q2[i] = 0; ------------------ | Branch (564:14): [True: 3.76k, False: 57] ------------------ 565| 1.93k| for (i = 0;i < 33;++i) r2[i] = 0; ------------------ | Branch (565:14): [True: 1.88k, False: 57] ------------------ 566| | 567| 1.93k| for(i=0;i<33;i++) ------------------ | Branch (567:11): [True: 1.88k, False: 57] ------------------ 568| 63.9k| for(j=0;j<33;j++) ------------------ | Branch (568:13): [True: 62.0k, False: 1.88k] ------------------ 569| 62.0k| if(i+j >= 31) q2[i+j] += sc25519_mu[i]*x[j+31]; ------------------ | Branch (569:10): [True: 33.8k, False: 28.2k] ------------------ 570| 57| carry = q2[31] >> 8; 571| 57| q2[32] += carry; 572| 57| carry = q2[32] >> 8; 573| 57| q2[33] += carry; 574| | 575| 1.93k| for(i=0;i<33;i++)r1[i] = x[i]; ------------------ | Branch (575:11): [True: 1.88k, False: 57] ------------------ 576| 1.88k| for(i=0;i<32;i++) ------------------ | Branch (576:11): [True: 1.82k, False: 57] ------------------ 577| 62.0k| for(j=0;j<33;j++) ------------------ | Branch (577:13): [True: 60.1k, False: 1.82k] ------------------ 578| 60.1k| if(i+j < 33) r2[i+j] += sc25519_m[i]*q3[j]; ------------------ | Branch (578:10): [True: 31.9k, False: 28.2k] ------------------ 579| | 580| 1.88k| for(i=0;i<32;i++) ------------------ | Branch (580:11): [True: 1.82k, False: 57] ------------------ 581| 1.82k| { 582| 1.82k| carry = r2[i] >> 8; 583| 1.82k| r2[i+1] += carry; 584| 1.82k| r2[i] &= 0xff; 585| 1.82k| } 586| | 587| 1.88k| for(i=0;i<32;i++) ------------------ | Branch (587:11): [True: 1.82k, False: 57] ------------------ 588| 1.82k| { 589| 1.82k| pb += r2[i]; 590| 1.82k| b = lt(r1[i],pb); 591| 1.82k| r->v[i] = r1[i]-pb+(b<<8); 592| 1.82k| pb = b; 593| 1.82k| } 594| | 595| | /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3 596| | * If so: Handle it here! 597| | */ 598| | 599| 57| sc25519_reduce_add_sub(r); 600| 57| sc25519_reduce_add_sub(r); 601| 57|} ed25519.c:lt: 523| 5.47k|{ 524| 5.47k| unsigned int x = a; 525| 5.47k| x -= (unsigned int) b; /* 0..65535: no; 4294901761..4294967295: yes */ 526| 5.47k| x >>= 31; /* 0: no; 1: yes */ 527| 5.47k| return x; 528| 5.47k|} ed25519.c:sc25519_reduce_add_sub: 532| 114|{ 533| 114| crypto_uint32 pb = 0; 534| 114| crypto_uint32 b; 535| 114| crypto_uint32 mask; 536| 114| int i; 537| 114| unsigned char t[32]; 538| | 539| 3.76k| for(i=0;i<32;i++) ------------------ | Branch (539:11): [True: 3.64k, False: 114] ------------------ 540| 3.64k| { 541| 3.64k| pb += sc25519_m[i]; 542| 3.64k| b = lt(r->v[i],pb); 543| 3.64k| t[i] = r->v[i]-pb+(b<<8); 544| 3.64k| pb = b; 545| 3.64k| } 546| 114| mask = b - 1; 547| 3.76k| for(i=0;i<32;i++) ------------------ | Branch (547:11): [True: 3.64k, False: 114] ------------------ 548| 3.64k| r->v[i] ^= mask & (r->v[i] ^ t[i]); 549| 114|} ed25519.c:crypto_sign_ed25519_ref_scalarmult_base: 1896| 1|{ 1897| 1| signed char b[85]; 1898| 1| int i; 1899| 1| ge25519_aff t; 1900| 1| sc25519_window3(b,s); ------------------ | | 468| 1|#define sc25519_window3 crypto_sign_ed25519_ref_sc25519_window3 ------------------ 1901| | 1902| 1| choose_t((ge25519_aff *)r, 0, b[0]); 1903| 1| fe25519_setone(&r->z); ------------------ | | 79| 1|#define fe25519_setone crypto_sign_ed25519_ref_fe25519_setone ------------------ 1904| 1| fe25519_mul(&r->t, &r->x, &r->y); ------------------ | | 85| 1|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1905| 85| for(i=1;i<85;i++) ------------------ | Branch (1905:11): [True: 84, False: 1] ------------------ 1906| 84| { 1907| 84| choose_t(&t, (unsigned long long) i, b[i]); 1908| 84| ge25519_mixadd2(r, &t); 1909| 84| } 1910| 1|} ed25519.c:crypto_sign_ed25519_ref_sc25519_window3: 668| 1|{ 669| 1| char carry; 670| 1| int i; 671| 11| for(i=0;i<10;i++) ------------------ | Branch (671:11): [True: 10, False: 1] ------------------ 672| 10| { 673| 10| r[8*i+0] = s->v[3*i+0] & 7; 674| 10| r[8*i+1] = (s->v[3*i+0] >> 3) & 7; 675| 10| r[8*i+2] = (s->v[3*i+0] >> 6) & 7; 676| 10| r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; 677| 10| r[8*i+3] = (s->v[3*i+1] >> 1) & 7; 678| 10| r[8*i+4] = (s->v[3*i+1] >> 4) & 7; 679| 10| r[8*i+5] = (s->v[3*i+1] >> 7) & 7; 680| 10| r[8*i+5] ^= (s->v[3*i+2] << 1) & 7; 681| 10| r[8*i+6] = (s->v[3*i+2] >> 2) & 7; 682| 10| r[8*i+7] = (s->v[3*i+2] >> 5) & 7; 683| 10| } 684| 1| r[8*i+0] = s->v[3*i+0] & 7; 685| 1| r[8*i+1] = (s->v[3*i+0] >> 3) & 7; 686| 1| r[8*i+2] = (s->v[3*i+0] >> 6) & 7; 687| 1| r[8*i+2] ^= (s->v[3*i+1] << 2) & 7; 688| 1| r[8*i+3] = (s->v[3*i+1] >> 1) & 7; 689| 1| r[8*i+4] = (s->v[3*i+1] >> 4) & 7; 690| | 691| | /* Making it signed */ 692| 1| carry = 0; 693| 85| for(i=0;i<84;i++) ------------------ | Branch (693:11): [True: 84, False: 1] ------------------ 694| 84| { 695| 84| r[i] += carry; 696| 84| r[i+1] += r[i] >> 3; 697| 84| r[i] &= 7; 698| 84| carry = r[i] >> 2; 699| 84| r[i] -= carry<<3; 700| 84| } 701| 1| r[84] += carry; 702| 1|} ed25519.c:choose_t: 1760| 85|{ 1761| | /* constant time */ 1762| 85| fe25519 v; ------------------ | | 72| 85|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 1763| 85| *t = ge25519_base_multiples_affine[5*pos+0]; 1764| 85| cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1)); 1765| 85| cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2)); 1766| 85| cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3)); 1767| 85| cmov_aff(t, &ge25519_base_multiples_affine[5*pos+4],equal(b,-4)); 1768| 85| fe25519_neg(&v, &t->x); ------------------ | | 81| 85|#define fe25519_neg crypto_sign_ed25519_ref_fe25519_neg ------------------ 1769| 85| fe25519_cmov(&t->x, &v, negative(b)); ------------------ | | 78| 85|#define fe25519_cmov crypto_sign_ed25519_ref_fe25519_cmov ------------------ 1770| 85|} ed25519.c:cmov_aff: 1736| 340|{ 1737| 340| fe25519_cmov(&r->x, &p->x, b); ------------------ | | 78| 340|#define fe25519_cmov crypto_sign_ed25519_ref_fe25519_cmov ------------------ 1738| 340| fe25519_cmov(&r->y, &p->y, b); ------------------ | | 78| 340|#define fe25519_cmov crypto_sign_ed25519_ref_fe25519_cmov ------------------ 1739| 340|} ed25519.c:equal: 1742| 595|{ 1743| 595| unsigned char ub = b; 1744| 595| unsigned char uc = c; 1745| 595| unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */ 1746| 595| crypto_uint32 y = x; /* 0: yes; 1..255: no */ 1747| 595| y -= 1; /* 4294967295: yes; 0..254: no */ 1748| 595| y >>= 31; /* 1: yes; 0: no */ 1749| 595| return y; 1750| 595|} ed25519.c:crypto_sign_ed25519_ref_fe25519_cmov: 260| 765|{ 261| 765| int i; 262| 765| crypto_uint32 mask = b; 263| 765| mask = -mask; 264| 25.2k| for(i=0;i<32;i++) r->v[i] ^= mask & (x->v[i] ^ r->v[i]); ------------------ | Branch (264:11): [True: 24.4k, False: 765] ------------------ 265| 765|} ed25519.c:negative: 1753| 85|{ 1754| 85| unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */ 1755| 85| x >>= 63; /* 1: yes; 0: no */ 1756| 85| return x; 1757| 85|} ed25519.c:ge25519_mixadd2: 1673| 84|{ 1674| 84| fe25519 a,b,t1,t2,c,d,e,f,g,h,qt; ------------------ | | 72| 84|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 1675| 84| fe25519_mul(&qt, &q->x, &q->y); ------------------ | | 85| 84|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1676| 84| fe25519_sub(&a, &r->y, &r->x); /* A = (Y1-X1)*(Y2-X2) */ ------------------ | | 84| 84|#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub ------------------ 1677| 84| fe25519_add(&b, &r->y, &r->x); /* B = (Y1+X1)*(Y2+X2) */ ------------------ | | 83| 84|#define fe25519_add crypto_sign_ed25519_ref_fe25519_add ------------------ 1678| 84| fe25519_sub(&t1, &q->y, &q->x); ------------------ | | 84| 84|#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub ------------------ 1679| 84| fe25519_add(&t2, &q->y, &q->x); ------------------ | | 83| 84|#define fe25519_add crypto_sign_ed25519_ref_fe25519_add ------------------ 1680| 84| fe25519_mul(&a, &a, &t1); ------------------ | | 85| 84|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1681| 84| fe25519_mul(&b, &b, &t2); ------------------ | | 85| 84|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1682| 84| fe25519_sub(&e, &b, &a); /* E = B-A */ ------------------ | | 84| 84|#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub ------------------ 1683| 84| fe25519_add(&h, &b, &a); /* H = B+A */ ------------------ | | 83| 84|#define fe25519_add crypto_sign_ed25519_ref_fe25519_add ------------------ 1684| 84| fe25519_mul(&c, &r->t, &qt); /* C = T1*k*T2 */ ------------------ | | 85| 84|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1685| 84| fe25519_mul(&c, &c, &ge25519_ec2d); ------------------ | | 85| 84|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1686| 84| fe25519_add(&d, &r->z, &r->z); /* D = Z1*2 */ ------------------ | | 83| 84|#define fe25519_add crypto_sign_ed25519_ref_fe25519_add ------------------ 1687| 84| fe25519_sub(&f, &d, &c); /* F = D-C */ ------------------ | | 84| 84|#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub ------------------ 1688| 84| fe25519_add(&g, &d, &c); /* G = D+C */ ------------------ | | 83| 84|#define fe25519_add crypto_sign_ed25519_ref_fe25519_add ------------------ 1689| 84| fe25519_mul(&r->x, &e, &f); ------------------ | | 85| 84|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1690| 84| fe25519_mul(&r->y, &h, &g); ------------------ | | 85| 84|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1691| 84| fe25519_mul(&r->z, &g, &f); ------------------ | | 85| 84|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1692| 84| fe25519_mul(&r->t, &e, &h); ------------------ | | 85| 84|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1693| 84|} ed25519.c:crypto_sign_ed25519_ref_pack: 1833| 29|{ 1834| 29| fe25519 tx, ty, zi; ------------------ | | 72| 29|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 1835| 29| fe25519_invert(&zi, &p->z); ------------------ | | 87| 29|#define fe25519_invert crypto_sign_ed25519_ref_fe25519_invert ------------------ 1836| 29| fe25519_mul(&tx, &p->x, &zi); ------------------ | | 85| 29|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1837| 29| fe25519_mul(&ty, &p->y, &zi); ------------------ | | 85| 29|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1838| 29| fe25519_pack(r, &ty); ------------------ | | 75| 29|#define fe25519_pack crypto_sign_ed25519_ref_fe25519_pack ------------------ 1839| 29| r[31] ^= fe25519_getparity(&tx) << 7; ------------------ | | 82| 29|#define fe25519_getparity crypto_sign_ed25519_ref_fe25519_getparity ------------------ 1840| 29|} ed25519.c:crypto_sign_ed25519_ref_fe25519_invert: 337| 29|{ 338| 29| fe25519 z2; ------------------ | | 72| 29|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 339| 29| fe25519 z9; ------------------ | | 72| 29|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 340| 29| fe25519 z11; ------------------ | | 72| 29|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 341| 29| fe25519 z2_5_0; ------------------ | | 72| 29|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 342| 29| fe25519 z2_10_0; ------------------ | | 72| 29|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 343| 29| fe25519 z2_20_0; ------------------ | | 72| 29|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 344| 29| fe25519 z2_50_0; ------------------ | | 72| 29|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 345| 29| fe25519 z2_100_0; ------------------ | | 72| 29|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 346| 29| fe25519 t0; ------------------ | | 72| 29|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 347| 29| fe25519 t1; ------------------ | | 72| 29|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 348| 29| int i; 349| | 350| 29| /* 2 */ fe25519_square(&z2,x); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 351| | /* 4 */ fe25519_square(&t1,&z2); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 352| | /* 8 */ fe25519_square(&t0,&t1); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 353| | /* 9 */ fe25519_mul(&z9,&t0,x); ------------------ | | 85| 29|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 354| | /* 11 */ fe25519_mul(&z11,&z9,&z2); ------------------ | | 85| 29|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 355| | /* 22 */ fe25519_square(&t0,&z11); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 356| | /* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t0,&z9); ------------------ | | 85| 29|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 357| | 358| 29| /* 2^6 - 2^1 */ fe25519_square(&t0,&z2_5_0); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 359| | /* 2^7 - 2^2 */ fe25519_square(&t1,&t0); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 360| | /* 2^8 - 2^3 */ fe25519_square(&t0,&t1); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 361| | /* 2^9 - 2^4 */ fe25519_square(&t1,&t0); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 362| | /* 2^10 - 2^5 */ fe25519_square(&t0,&t1); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 363| | /* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t0,&z2_5_0); ------------------ | | 85| 29|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 364| | 365| 29| /* 2^11 - 2^1 */ fe25519_square(&t0,&z2_10_0); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 366| | /* 2^12 - 2^2 */ fe25519_square(&t1,&t0); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 367| 145| /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } ------------------ | | 86| 116|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } ------------------ | | 86| 116|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ | Branch (367:31): [True: 116, False: 29] ------------------ 368| | /* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t1,&z2_10_0); ------------------ | | 85| 29|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 369| | 370| 29| /* 2^21 - 2^1 */ fe25519_square(&t0,&z2_20_0); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 371| | /* 2^22 - 2^2 */ fe25519_square(&t1,&t0); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 372| 290| /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } ------------------ | | 86| 261|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } ------------------ | | 86| 261|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ | Branch (372:31): [True: 261, False: 29] ------------------ 373| | /* 2^40 - 2^0 */ fe25519_mul(&t0,&t1,&z2_20_0); ------------------ | | 85| 29|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 374| | 375| 29| /* 2^41 - 2^1 */ fe25519_square(&t1,&t0); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 376| | /* 2^42 - 2^2 */ fe25519_square(&t0,&t1); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 377| 145| /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } ------------------ | | 86| 116|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } ------------------ | | 86| 116|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ | Branch (377:31): [True: 116, False: 29] ------------------ 378| | /* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t0,&z2_10_0); ------------------ | | 85| 29|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 379| | 380| 29| /* 2^51 - 2^1 */ fe25519_square(&t0,&z2_50_0); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 381| | /* 2^52 - 2^2 */ fe25519_square(&t1,&t0); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 382| 725| /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } ------------------ | | 86| 696|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } ------------------ | | 86| 696|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ | Branch (382:32): [True: 696, False: 29] ------------------ 383| | /* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t1,&z2_50_0); ------------------ | | 85| 29|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 384| | 385| 29| /* 2^101 - 2^1 */ fe25519_square(&t1,&z2_100_0); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 386| | /* 2^102 - 2^2 */ fe25519_square(&t0,&t1); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 387| 1.45k| /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } ------------------ | | 86| 1.42k|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); } ------------------ | | 86| 1.42k|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ | Branch (387:33): [True: 1.42k, False: 29] ------------------ 388| | /* 2^200 - 2^0 */ fe25519_mul(&t1,&t0,&z2_100_0); ------------------ | | 85| 29|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 389| | 390| 29| /* 2^201 - 2^1 */ fe25519_square(&t0,&t1); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 391| | /* 2^202 - 2^2 */ fe25519_square(&t1,&t0); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 392| 725| /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } ------------------ | | 86| 696|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); } ------------------ | | 86| 696|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ | Branch (392:32): [True: 696, False: 29] ------------------ 393| | /* 2^250 - 2^0 */ fe25519_mul(&t0,&t1,&z2_50_0); ------------------ | | 85| 29|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 394| | 395| 29| /* 2^251 - 2^1 */ fe25519_square(&t1,&t0); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 396| | /* 2^252 - 2^2 */ fe25519_square(&t0,&t1); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 397| | /* 2^253 - 2^3 */ fe25519_square(&t1,&t0); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 398| | /* 2^254 - 2^4 */ fe25519_square(&t0,&t1); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 399| | /* 2^255 - 2^5 */ fe25519_square(&t1,&t0); ------------------ | | 86| 29|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 400| | /* 2^255 - 21 */ fe25519_mul(r,&t1,&z11); ------------------ | | 85| 29|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 401| 29|} ed25519.c:crypto_sign_ed25519_ref_fe25519_pack: 227| 29|{ 228| 29| int i; 229| 29| fe25519 y = *x; ------------------ | | 72| 29|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 230| 29| fe25519_freeze(&y); ------------------ | | 73| 29|#define fe25519_freeze crypto_sign_ed25519_ref_fe25519_freeze ------------------ 231| 957| for(i=0;i<32;i++) ------------------ | Branch (231:11): [True: 928, False: 29] ------------------ 232| 928| r[i] = y.v[i]; 233| 29|} ed25519.c:crypto_sign_ed25519_ref_sc25519_from64bytes: 614| 28|{ 615| 28| int i; 616| 28| crypto_uint32 t[64]; 617| 1.82k| for(i=0;i<64;i++) t[i] = x[i]; ------------------ | Branch (617:11): [True: 1.79k, False: 28] ------------------ 618| 28| barrett_reduce(r, t); 619| 28|} ed25519.c:crypto_sign_ed25519_ref_double_scalarmult_vartime: 1852| 28|{ 1853| 28| ge25519_p1p1 tp1p1; 1854| 28| ge25519_p3 pre[16]; ------------------ | | 771| 28|#define ge25519_p3 ge25519 | | ------------------ | | | | 724| 28|#define ge25519 crypto_sign_ed25519_ref_ge25519 | | ------------------ ------------------ 1855| 28| unsigned char b[127]; 1856| 28| int i; 1857| | 1858| | /* precomputation s2 s1 */ 1859| 28| setneutral(pre); /* 00 00 */ 1860| 28| pre[1] = *p1; /* 00 01 */ 1861| 28| dbl_p1p1(&tp1p1,(ge25519_p2 *)p1); p1p1_to_p3( &pre[2], &tp1p1); /* 00 10 */ 1862| 28| add_p1p1(&tp1p1,&pre[1], &pre[2]); p1p1_to_p3( &pre[3], &tp1p1); /* 00 11 */ 1863| 28| pre[4] = *p2; /* 01 00 */ 1864| 28| add_p1p1(&tp1p1,&pre[1], &pre[4]); p1p1_to_p3( &pre[5], &tp1p1); /* 01 01 */ 1865| 28| add_p1p1(&tp1p1,&pre[2], &pre[4]); p1p1_to_p3( &pre[6], &tp1p1); /* 01 10 */ 1866| 28| add_p1p1(&tp1p1,&pre[3], &pre[4]); p1p1_to_p3( &pre[7], &tp1p1); /* 01 11 */ 1867| 28| dbl_p1p1(&tp1p1,(ge25519_p2 *)p2); p1p1_to_p3( &pre[8], &tp1p1); /* 10 00 */ 1868| 28| add_p1p1(&tp1p1,&pre[1], &pre[8]); p1p1_to_p3( &pre[9], &tp1p1); /* 10 01 */ 1869| 28| dbl_p1p1(&tp1p1,(ge25519_p2 *)&pre[5]); p1p1_to_p3(&pre[10], &tp1p1); /* 10 10 */ 1870| 28| add_p1p1(&tp1p1,&pre[3], &pre[8]); p1p1_to_p3(&pre[11], &tp1p1); /* 10 11 */ 1871| 28| add_p1p1(&tp1p1,&pre[4], &pre[8]); p1p1_to_p3(&pre[12], &tp1p1); /* 11 00 */ 1872| 28| add_p1p1(&tp1p1,&pre[1],&pre[12]); p1p1_to_p3(&pre[13], &tp1p1); /* 11 01 */ 1873| 28| add_p1p1(&tp1p1,&pre[2],&pre[12]); p1p1_to_p3(&pre[14], &tp1p1); /* 11 10 */ 1874| 28| add_p1p1(&tp1p1,&pre[3],&pre[12]); p1p1_to_p3(&pre[15], &tp1p1); /* 11 11 */ 1875| | 1876| 28| sc25519_2interleave2(b,s1,s2); ------------------ | | 469| 28|#define sc25519_2interleave2 crypto_sign_ed25519_ref_sc25519_2interleave2 ------------------ 1877| | 1878| | /* scalar multiplication */ 1879| 28| *r = pre[b[126]]; 1880| 3.55k| for(i=125;i>=0;i--) ------------------ | Branch (1880:13): [True: 3.52k, False: 28] ------------------ 1881| 3.52k| { 1882| 3.52k| dbl_p1p1(&tp1p1, (ge25519_p2 *)r); 1883| 3.52k| p1p1_to_p2((ge25519_p2 *) r, &tp1p1); 1884| 3.52k| dbl_p1p1(&tp1p1, (ge25519_p2 *)r); 1885| 3.52k| if(b[i]!=0) ------------------ | Branch (1885:8): [True: 2.93k, False: 593] ------------------ 1886| 2.93k| { 1887| 2.93k| p1p1_to_p3(r, &tp1p1); 1888| 2.93k| add_p1p1(&tp1p1, r, &pre[b[i]]); 1889| 2.93k| } 1890| 3.52k| if(i != 0) p1p1_to_p2((ge25519_p2 *)r, &tp1p1); ------------------ | Branch (1890:8): [True: 3.50k, False: 28] ------------------ 1891| 28| else p1p1_to_p3(r, &tp1p1); 1892| 3.52k| } 1893| 28|} ed25519.c:setneutral: 1773| 28|{ 1774| 28| fe25519_setzero(&r->x); ------------------ | | 80| 28|#define fe25519_setzero crypto_sign_ed25519_ref_fe25519_setzero ------------------ 1775| 28| fe25519_setone(&r->y); ------------------ | | 79| 28|#define fe25519_setone crypto_sign_ed25519_ref_fe25519_setone ------------------ 1776| 28| fe25519_setone(&r->z); ------------------ | | 79| 28|#define fe25519_setone crypto_sign_ed25519_ref_fe25519_setone ------------------ 1777| 28| fe25519_setzero(&r->t); ------------------ | | 80| 28|#define fe25519_setzero crypto_sign_ed25519_ref_fe25519_setzero ------------------ 1778| 28|} ed25519.c:dbl_p1p1: 1717| 7.14k|{ 1718| 7.14k| fe25519 a,b,c,d; ------------------ | | 72| 7.14k|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 1719| 7.14k| fe25519_square(&a, &p->x); ------------------ | | 86| 7.14k|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 1720| 7.14k| fe25519_square(&b, &p->y); ------------------ | | 86| 7.14k|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 1721| 7.14k| fe25519_square(&c, &p->z); ------------------ | | 86| 7.14k|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 1722| 7.14k| fe25519_add(&c, &c, &c); ------------------ | | 83| 7.14k|#define fe25519_add crypto_sign_ed25519_ref_fe25519_add ------------------ 1723| 7.14k| fe25519_neg(&d, &a); ------------------ | | 81| 7.14k|#define fe25519_neg crypto_sign_ed25519_ref_fe25519_neg ------------------ 1724| | 1725| 7.14k| fe25519_add(&r->x, &p->x, &p->y); ------------------ | | 83| 7.14k|#define fe25519_add crypto_sign_ed25519_ref_fe25519_add ------------------ 1726| 7.14k| fe25519_square(&r->x, &r->x); ------------------ | | 86| 7.14k|#define fe25519_square crypto_sign_ed25519_ref_fe25519_square ------------------ 1727| 7.14k| fe25519_sub(&r->x, &r->x, &a); ------------------ | | 84| 7.14k|#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub ------------------ 1728| 7.14k| fe25519_sub(&r->x, &r->x, &b); ------------------ | | 84| 7.14k|#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub ------------------ 1729| 7.14k| fe25519_add(&r->z, &d, &b); ------------------ | | 83| 7.14k|#define fe25519_add crypto_sign_ed25519_ref_fe25519_add ------------------ 1730| 7.14k| fe25519_sub(&r->t, &r->z, &c); ------------------ | | 84| 7.14k|#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub ------------------ 1731| 7.14k| fe25519_sub(&r->y, &d, &b); ------------------ | | 84| 7.14k|#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub ------------------ 1732| 7.14k|} ed25519.c:p1p1_to_p3: 1667| 3.32k|{ 1668| 3.32k| p1p1_to_p2((ge25519_p2 *)r, p); 1669| 3.32k| fe25519_mul(&r->t, &p->x, &p->y); ------------------ | | 85| 3.32k|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1670| 3.32k|} ed25519.c:add_p1p1: 1696| 3.21k|{ 1697| 3.21k| fe25519 a, b, c, d, t; ------------------ | | 72| 3.21k|#define fe25519 crypto_sign_ed25519_ref_fe25519 ------------------ 1698| | 1699| 3.21k| fe25519_sub(&a, &p->y, &p->x); /* A = (Y1-X1)*(Y2-X2) */ ------------------ | | 84| 3.21k|#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub ------------------ 1700| 3.21k| fe25519_sub(&t, &q->y, &q->x); ------------------ | | 84| 3.21k|#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub ------------------ 1701| 3.21k| fe25519_mul(&a, &a, &t); ------------------ | | 85| 3.21k|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1702| 3.21k| fe25519_add(&b, &p->x, &p->y); /* B = (Y1+X1)*(Y2+X2) */ ------------------ | | 83| 3.21k|#define fe25519_add crypto_sign_ed25519_ref_fe25519_add ------------------ 1703| 3.21k| fe25519_add(&t, &q->x, &q->y); ------------------ | | 83| 3.21k|#define fe25519_add crypto_sign_ed25519_ref_fe25519_add ------------------ 1704| 3.21k| fe25519_mul(&b, &b, &t); ------------------ | | 85| 3.21k|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1705| 3.21k| fe25519_mul(&c, &p->t, &q->t); /* C = T1*k*T2 */ ------------------ | | 85| 3.21k|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1706| 3.21k| fe25519_mul(&c, &c, &ge25519_ec2d); ------------------ | | 85| 3.21k|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1707| 3.21k| fe25519_mul(&d, &p->z, &q->z); /* D = Z1*2*Z2 */ ------------------ | | 85| 3.21k|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1708| 3.21k| fe25519_add(&d, &d, &d); ------------------ | | 83| 3.21k|#define fe25519_add crypto_sign_ed25519_ref_fe25519_add ------------------ 1709| 3.21k| fe25519_sub(&r->x, &b, &a); /* E = B-A */ ------------------ | | 84| 3.21k|#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub ------------------ 1710| 3.21k| fe25519_sub(&r->t, &d, &c); /* F = D-C */ ------------------ | | 84| 3.21k|#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub ------------------ 1711| 3.21k| fe25519_add(&r->z, &d, &c); /* G = D+C */ ------------------ | | 83| 3.21k|#define fe25519_add crypto_sign_ed25519_ref_fe25519_add ------------------ 1712| 3.21k| fe25519_add(&r->y, &b, &a); /* H = B+A */ ------------------ | | 83| 3.21k|#define fe25519_add crypto_sign_ed25519_ref_fe25519_add ------------------ 1713| 3.21k|} ed25519.c:crypto_sign_ed25519_ref_sc25519_2interleave2: 706| 28|{ 707| 28| int i; 708| 896| for(i=0;i<31;i++) ------------------ | Branch (708:11): [True: 868, False: 28] ------------------ 709| 868| { 710| 868| r[4*i] = ( s1->v[i] & 3) ^ (( s2->v[i] & 3) << 2); 711| 868| r[4*i+1] = ((s1->v[i] >> 2) & 3) ^ (((s2->v[i] >> 2) & 3) << 2); 712| 868| r[4*i+2] = ((s1->v[i] >> 4) & 3) ^ (((s2->v[i] >> 4) & 3) << 2); 713| 868| r[4*i+3] = ((s1->v[i] >> 6) & 3) ^ (((s2->v[i] >> 6) & 3) << 2); 714| 868| } 715| 28| r[124] = ( s1->v[31] & 3) ^ (( s2->v[31] & 3) << 2); 716| 28| r[125] = ((s1->v[31] >> 2) & 3) ^ (((s2->v[31] >> 2) & 3) << 2); 717| 28| r[126] = ((s1->v[31] >> 4) & 3) ^ (((s2->v[31] >> 4) & 3) << 2); 718| 28|} ed25519.c:p1p1_to_p2: 1660| 10.3k|{ 1661| 10.3k| fe25519_mul(&r->x, &p->x, &p->t); ------------------ | | 85| 10.3k|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1662| 10.3k| fe25519_mul(&r->y, &p->y, &p->z); ------------------ | | 85| 10.3k|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1663| 10.3k| fe25519_mul(&r->z, &p->z, &p->t); ------------------ | | 85| 10.3k|#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul ------------------ 1664| 10.3k|} ed25519.c:crypto_verify_32: 30| 28|{ 31| 28| unsigned int differentbits = 0; 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; 33| 28| F(0) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 34| 28| F(1) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 35| 28| F(2) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 36| 28| F(3) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 37| 28| F(4) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 38| 28| F(5) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 39| 28| F(6) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 40| 28| F(7) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 41| 28| F(8) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 42| 28| F(9) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 43| 28| F(10) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 44| 28| F(11) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 45| 28| F(12) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 46| 28| F(13) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 47| 28| F(14) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 48| 28| F(15) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 49| 28| F(16) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 50| 28| F(17) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 51| 28| F(18) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 52| 28| F(19) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 53| 28| F(20) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 54| 28| F(21) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 55| 28| F(22) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 56| 28| F(23) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 57| 28| F(24) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 58| 28| F(25) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 59| 28| F(26) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 60| 28| F(27) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 61| 28| F(28) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 62| 28| F(29) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 63| 28| F(30) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 64| 28| F(31) ------------------ | | 32| 28|#define F(i) differentbits |= x[i] ^ y[i]; ------------------ 65| 28| return (1 & ((differentbits - 1) >> 8)) - 1; 66| 28|} crypto_hash_sha512: 19| 29|{ 20| | 21| 29| if (!EVP_Digest(in, inlen, out, NULL, EVP_sha512(), NULL)) ------------------ | Branch (21:6): [True: 0, False: 29] ------------------ 22| 0| return -1; 23| 29| return 0; 24| 29|} sshlog: 429| 46|{ 430| 46| va_list args; 431| | 432| 46| va_start(args, fmt); 433| 46| sshlogv(file, func, line, showfunc, level, suffix, fmt, args); 434| 46| va_end(args); 435| 46|} sshlogv: 466| 46|{ 467| 46| char tag[128], fmt2[MSGBUFSIZ + 128]; 468| 46| int forced = 0; 469| 46| const char *cp; 470| 46| size_t i; 471| | 472| 46| snprintf(tag, sizeof(tag), "%.48s:%.48s():%d (pid=%ld)", 473| 46| (cp = strrchr(file, '/')) == NULL ? file : cp + 1, func, line, ------------------ | Branch (473:6): [True: 46, False: 0] ------------------ 474| 46| (long)getpid()); 475| 46| for (i = 0; i < nlog_verbose; i++) { ------------------ | Branch (475:14): [True: 0, False: 46] ------------------ 476| 0| if (match_pattern_list(tag, log_verbose[i], 0) == 1) { ------------------ | Branch (476:7): [True: 0, False: 0] ------------------ 477| 0| forced = 1; 478| 0| break; 479| 0| } 480| 0| } 481| | 482| 46| if (forced) ------------------ | Branch (482:6): [True: 0, False: 46] ------------------ 483| 0| snprintf(fmt2, sizeof(fmt2), "%s: %s", tag, fmt); 484| 46| else if (showfunc) ------------------ | Branch (484:11): [True: 46, False: 0] ------------------ 485| 46| snprintf(fmt2, sizeof(fmt2), "%s: %s", func, fmt); 486| 0| else 487| 0| strlcpy(fmt2, fmt, sizeof(fmt2)); 488| | 489| 46| do_log(level, forced, suffix, fmt2, args); 490| 46|} log.c:do_log: 339| 46|{ 340| |#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) 341| | struct syslog_data sdata = SYSLOG_DATA_INIT; 342| |#endif 343| 46| char msgbuf[MSGBUFSIZ]; 344| 46| char fmtbuf[MSGBUFSIZ]; 345| 46| char *txt = NULL; 346| 46| int pri = LOG_INFO; 347| 46| int saved_errno = errno; 348| 46| log_handler_fn *tmp_handler; 349| 46| const char *progname = argv0 != NULL ? argv0 : __progname; ------------------ | Branch (349:25): [True: 0, False: 46] ------------------ 350| | 351| 46| if (!force && level > log_level) ------------------ | Branch (351:6): [True: 46, False: 0] | Branch (351:16): [True: 46, False: 0] ------------------ 352| 46| return; 353| | 354| 0| switch (level) { 355| 0| case SYSLOG_LEVEL_FATAL: ------------------ | Branch (355:2): [True: 0, False: 0] ------------------ 356| 0| if (!log_on_stderr) ------------------ | Branch (356:7): [True: 0, False: 0] ------------------ 357| 0| txt = "fatal"; 358| 0| pri = LOG_CRIT; 359| 0| break; 360| 0| case SYSLOG_LEVEL_ERROR: ------------------ | Branch (360:2): [True: 0, False: 0] ------------------ 361| 0| if (!log_on_stderr) ------------------ | Branch (361:7): [True: 0, False: 0] ------------------ 362| 0| txt = "error"; 363| 0| pri = LOG_ERR; 364| 0| break; 365| 0| case SYSLOG_LEVEL_INFO: ------------------ | Branch (365:2): [True: 0, False: 0] ------------------ 366| 0| pri = LOG_INFO; 367| 0| break; 368| 0| case SYSLOG_LEVEL_VERBOSE: ------------------ | Branch (368:2): [True: 0, False: 0] ------------------ 369| 0| pri = LOG_INFO; 370| 0| break; 371| 0| case SYSLOG_LEVEL_DEBUG1: ------------------ | Branch (371:2): [True: 0, False: 0] ------------------ 372| 0| txt = "debug1"; 373| 0| pri = LOG_DEBUG; 374| 0| break; 375| 0| case SYSLOG_LEVEL_DEBUG2: ------------------ | Branch (375:2): [True: 0, False: 0] ------------------ 376| 0| txt = "debug2"; 377| 0| pri = LOG_DEBUG; 378| 0| break; 379| 0| case SYSLOG_LEVEL_DEBUG3: ------------------ | Branch (379:2): [True: 0, False: 0] ------------------ 380| 0| txt = "debug3"; 381| 0| pri = LOG_DEBUG; 382| 0| break; 383| 0| default: ------------------ | Branch (383:2): [True: 0, False: 0] ------------------ 384| 0| txt = "internal error"; 385| 0| pri = LOG_ERR; 386| 0| break; 387| 0| } 388| 0| if (txt != NULL && log_handler == NULL) { ------------------ | Branch (388:6): [True: 0, False: 0] | Branch (388:21): [True: 0, False: 0] ------------------ 389| 0| snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt); 390| 0| vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args); 391| 0| } else { 392| 0| vsnprintf(msgbuf, sizeof(msgbuf), fmt, args); 393| 0| } 394| 0| if (suffix != NULL) { ------------------ | Branch (394:6): [True: 0, False: 0] ------------------ 395| 0| snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", msgbuf, suffix); 396| 0| strlcpy(msgbuf, fmtbuf, sizeof(msgbuf)); 397| 0| } 398| 0| strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), 399| 0| log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS); ------------------ | | 69| 0|#define LOG_STDERR_VIS (VIS_SAFE|VIS_OCTAL) | | ------------------ | | | | 60| 0|#define VIS_SAFE 0x20 /* only encode "unsafe" characters */ | | ------------------ | | #define LOG_STDERR_VIS (VIS_SAFE|VIS_OCTAL) | | ------------------ | | | | 49| 0|#define VIS_OCTAL 0x01 /* use octal \ddd format */ | | ------------------ ------------------ log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS); ------------------ | | 68| 0|#define LOG_SYSLOG_VIS (VIS_CSTYLE|VIS_NL|VIS_TAB|VIS_OCTAL) | | ------------------ | | | | 50| 0|#define VIS_CSTYLE 0x02 /* use \[nrft0..] where appropriate */ | | ------------------ | | #define LOG_SYSLOG_VIS (VIS_CSTYLE|VIS_NL|VIS_TAB|VIS_OCTAL) | | ------------------ | | | | 58| 0|#define VIS_NL 0x10 /* also encode newline */ | | ------------------ | | #define LOG_SYSLOG_VIS (VIS_CSTYLE|VIS_NL|VIS_TAB|VIS_OCTAL) | | ------------------ | | | | 57| 0|#define VIS_TAB 0x08 /* also encode tab */ | | ------------------ | | #define LOG_SYSLOG_VIS (VIS_CSTYLE|VIS_NL|VIS_TAB|VIS_OCTAL) | | ------------------ | | | | 49| 0|#define VIS_OCTAL 0x01 /* use octal \ddd format */ | | ------------------ ------------------ | Branch (399:6): [True: 0, False: 0] ------------------ 400| 0| if (log_handler != NULL) { ------------------ | Branch (400:6): [True: 0, False: 0] ------------------ 401| | /* Avoid recursion */ 402| 0| tmp_handler = log_handler; 403| 0| log_handler = NULL; 404| 0| tmp_handler(level, force, fmtbuf, log_handler_ctx); 405| 0| log_handler = tmp_handler; 406| 0| } else if (log_on_stderr) { ------------------ | Branch (406:13): [True: 0, False: 0] ------------------ 407| 0| snprintf(msgbuf, sizeof msgbuf, "%s%s%.*s\r\n", 408| 0| (log_on_stderr > 1) ? progname : "", ------------------ | Branch (408:7): [True: 0, False: 0] ------------------ 409| 0| (log_on_stderr > 1) ? ": " : "", ------------------ | Branch (409:7): [True: 0, False: 0] ------------------ 410| 0| (int)sizeof msgbuf - 3, fmtbuf); 411| 0| (void)write(log_stderr_fd, msgbuf, strlen(msgbuf)); 412| 0| } else { 413| |#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) 414| | openlog_r(progname, LOG_PID, log_facility, &sdata); 415| | syslog_r(pri, &sdata, "%.500s", fmtbuf); 416| | closelog_r(&sdata); 417| |#else 418| 0| openlog(progname, LOG_PID, log_facility); 419| 0| syslog(pri, "%.500s", fmtbuf); 420| 0| closelog(); 421| 0|#endif 422| 0| } 423| 0| errno = saved_errno; 424| 0|} arc4random_buf: 227| 1|{ 228| 1| _ARC4_LOCK(); 229| 1| _rs_random_buf(buf, n); 230| 1| _ARC4_UNLOCK(); 231| 1|} arc4random.c:_rs_stir_if_needed: 137| 1|{ 138| 1| _rs_forkdetect(); 139| 1| if (!rs || rs->rs_count <= len) ------------------ | Branch (139:6): [True: 1, False: 0] | Branch (139:13): [True: 0, False: 0] ------------------ 140| 1| _rs_stir(); 141| 1| if (rs->rs_count <= len) ------------------ | Branch (141:6): [True: 0, False: 1] ------------------ 142| 0| rs->rs_count = 0; 143| 1| else 144| 1| rs->rs_count -= len; 145| 1|} arc4random.c:_rs_stir: 112| 1|{ 113| 1| u_char rnd[KEYSZ + IVSZ]; 114| 1| uint32_t rekey_fuzz = 0; 115| | 116| 1| if (getentropy(rnd, sizeof rnd) == -1) ------------------ | | 55| 1|#define getentropy(x, y) (_ssh_compat_getentropy((x), (y))) ------------------ | Branch (116:6): [True: 0, False: 1] ------------------ 117| 0| _getentropy_fail(); 118| | 119| 1| if (!rs) ------------------ | Branch (119:6): [True: 1, False: 0] ------------------ 120| 1| _rs_init(rnd, sizeof(rnd)); 121| 0| else 122| 0| _rs_rekey(rnd, sizeof(rnd)); 123| 1| explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */ 124| | 125| | /* invalidate rs_buf */ 126| 1| rs->rs_have = 0; 127| 1| memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); 128| | 129| | /* rekey interval should not be predictable */ 130| 1| chacha_encrypt_bytes(&rsx->rs_chacha, (uint8_t *)&rekey_fuzz, 131| 1| (uint8_t *)&rekey_fuzz, sizeof(rekey_fuzz)); 132| 1| rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE); ------------------ | | 75| 1|#define REKEY_BASE (1024*1024) /* NB. should be a power of 2 */ ------------------ rs->rs_count = REKEY_BASE + (rekey_fuzz % REKEY_BASE); ------------------ | | 75| 1|#define REKEY_BASE (1024*1024) /* NB. should be a power of 2 */ ------------------ 133| 1|} arc4random.c:_rs_init: 97| 2|{ 98| 2| if (n < KEYSZ + IVSZ) ------------------ | | 70| 2|#define KEYSZ 32 ------------------ if (n < KEYSZ + IVSZ) ------------------ | | 71| 2|#define IVSZ 8 ------------------ | Branch (98:6): [True: 0, False: 2] ------------------ 99| 0| return; 100| | 101| 2| if (rs == NULL) { ------------------ | Branch (101:6): [True: 1, False: 1] ------------------ 102| 1| if (_rs_allocate(&rs, &rsx) == -1) ------------------ | Branch (102:7): [True: 0, False: 1] ------------------ 103| 0| _exit(1); 104| 1| } 105| | 106| 2| chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8); ------------------ | | 70| 2|#define KEYSZ 32 ------------------ 107| 2| chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ); ------------------ | | 70| 2|#define KEYSZ 32 ------------------ 108| 2|} arc4random.c:_rs_rekey: 149| 1|{ 150| |#ifndef KEYSTREAM_ONLY 151| | memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); 152| |#endif 153| | /* fill rs_buf with the keystream */ 154| 1| chacha_encrypt_bytes(&rsx->rs_chacha, rsx->rs_buf, 155| 1| rsx->rs_buf, sizeof(rsx->rs_buf)); 156| | /* mix in optional user provided data */ 157| 1| if (dat) { ------------------ | Branch (157:6): [True: 0, False: 1] ------------------ 158| 0| size_t i, m; 159| | 160| 0| m = minimum(datlen, KEYSZ + IVSZ); ------------------ | | 62| 0|#define minimum(a, b) ((a) < (b) ? (a) : (b)) | | ------------------ | | | Branch (62:24): [True: 0, False: 0] | | ------------------ ------------------ 161| 0| for (i = 0; i < m; i++) ------------------ | Branch (161:15): [True: 0, False: 0] ------------------ 162| 0| rsx->rs_buf[i] ^= dat[i]; 163| 0| } 164| | /* immediately reinit for backtracking resistance */ 165| 1| _rs_init(rsx->rs_buf, KEYSZ + IVSZ); ------------------ | | 70| 1|#define KEYSZ 32 ------------------ _rs_init(rsx->rs_buf, KEYSZ + IVSZ); ------------------ | | 71| 1|#define IVSZ 8 ------------------ 166| 1| memset(rsx->rs_buf, 0, KEYSZ + IVSZ); ------------------ | | 70| 1|#define KEYSZ 32 ------------------ memset(rsx->rs_buf, 0, KEYSZ + IVSZ); ------------------ | | 71| 1|#define IVSZ 8 ------------------ 167| 1| rs->rs_have = sizeof(rsx->rs_buf) - KEYSZ - IVSZ; ------------------ | | 70| 1|#define KEYSZ 32 ------------------ rs->rs_have = sizeof(rsx->rs_buf) - KEYSZ - IVSZ; ------------------ | | 71| 1|#define IVSZ 8 ------------------ 168| 1|} arc4random.c:_rs_random_buf: 172| 1|{ 173| 1| u_char *buf = (u_char *)_buf; 174| 1| u_char *keystream; 175| 1| size_t m; 176| | 177| 1| _rs_stir_if_needed(n); 178| 3| while (n > 0) { ------------------ | Branch (178:9): [True: 2, False: 1] ------------------ 179| 2| if (rs->rs_have > 0) { ------------------ | Branch (179:7): [True: 1, False: 1] ------------------ 180| 1| m = minimum(n, rs->rs_have); ------------------ | | 62| 1|#define minimum(a, b) ((a) < (b) ? (a) : (b)) | | ------------------ | | | Branch (62:24): [True: 1, False: 0] | | ------------------ ------------------ 181| 1| keystream = rsx->rs_buf + sizeof(rsx->rs_buf) 182| 1| - rs->rs_have; 183| 1| memcpy(buf, keystream, m); 184| 1| memset(keystream, 0, m); 185| 1| buf += m; 186| 1| n -= m; 187| 1| rs->rs_have -= m; 188| 1| } 189| 2| if (rs->rs_have == 0) ------------------ | Branch (189:7): [True: 1, False: 1] ------------------ 190| 1| _rs_rekey(NULL, 0); 191| 2| } 192| 1|} arc4random.c:_rs_forkdetect: 51| 1|{ 52| 1| static pid_t _rs_pid = 0; 53| 1| pid_t pid = getpid(); 54| | 55| 1| if (_rs_pid == 0 || _rs_pid == 1 || _rs_pid != pid || _rs_forked) { ------------------ | Branch (55:6): [True: 1, False: 0] | Branch (55:22): [True: 0, False: 0] | Branch (55:38): [True: 0, False: 0] | Branch (55:56): [True: 0, False: 0] ------------------ 56| 1| _rs_pid = pid; 57| 1| _rs_forked = 0; 58| 1| if (rs) ------------------ | Branch (58:7): [True: 0, False: 1] ------------------ 59| 0| memset(rs, 0, sizeof(*rs)); 60| 1| } 61| 1|} arc4random.c:_rs_allocate: 65| 1|{ 66| 1|#if defined(MAP_ANON) && defined(MAP_PRIVATE) 67| 1| if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, ------------------ | Branch (67:6): [True: 0, False: 1] ------------------ 68| 1| MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) 69| 0| return (-1); 70| | 71| 1| if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE, ------------------ | Branch (71:6): [True: 0, False: 1] ------------------ 72| 1| MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { 73| 0| munmap(*rsp, sizeof(**rsp)); 74| 0| *rsp = NULL; 75| 0| return (-1); 76| 0| } 77| |#else 78| | if ((*rsp = calloc(1, sizeof(**rsp))) == NULL) 79| | return (-1); 80| | if ((*rsxp = calloc(1, sizeof(**rsxp))) == NULL) { 81| | free(*rsp); 82| | *rsp = NULL; 83| | return (-1); 84| | } 85| |#endif 86| | 87| 1| _ARC4_ATFORK(_rs_forkhandler); 88| 1| return (0); 89| 1|} _ssh_compat_getentropy: 43| 1|{ 44| 1|#ifdef WITH_OPENSSL 45| 1| if (RAND_bytes(s, len) <= 0) ------------------ | Branch (45:6): [True: 0, False: 1] ------------------ 46| 0| fatal("Couldn't obtain random bytes (error 0x%lx)", ------------------ | | 94| 0|#define fatal(...) sshfatal(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_FATAL, NULL, __VA_ARGS__) ------------------ 47| 1| (unsigned long)ERR_get_error()); 48| |#else 49| | int fd, save_errno; 50| | ssize_t r; 51| | size_t o = 0; 52| | 53| |#ifdef HAVE_GETENTROPY 54| | if ((r = getentropy(s, len)) == 0) 55| | return 0; 56| |#endif /* HAVE_GETENTROPY */ 57| |#ifdef HAVE_GETRANDOM 58| | if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len) 59| | return 0; 60| |#endif /* HAVE_GETRANDOM */ 61| | 62| | if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1) { 63| | save_errno = errno; 64| | /* Try egd/prngd before giving up. */ 65| | if (seed_from_prngd(s, len) == 0) 66| | return 0; 67| | fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, 68| | strerror(save_errno)); 69| | } 70| | while (o < len) { 71| | r = read(fd, (u_char *)s + o, len - o); 72| | if (r < 0) { 73| | if (errno == EAGAIN || errno == EINTR || 74| | errno == EWOULDBLOCK) 75| | continue; 76| | fatal("read %s: %s", SSH_RANDOM_DEV, strerror(errno)); 77| | } 78| | o += r; 79| | } 80| | close(fd); 81| |#endif /* WITH_OPENSSL */ 82| 1| return 0; 83| 1|} arc4random.c:chacha_keysetup: 58| 2|{ 59| 2| const char *constants; 60| | 61| 2| x->input[4] = U8TO32_LITTLE(k + 0); ------------------ | | 29| 2| (((u32)((p)[0]) ) | \ | | 30| 2| ((u32)((p)[1]) << 8) | \ | | 31| 2| ((u32)((p)[2]) << 16) | \ | | 32| 2| ((u32)((p)[3]) << 24)) ------------------ 62| 2| x->input[5] = U8TO32_LITTLE(k + 4); ------------------ | | 29| 2| (((u32)((p)[0]) ) | \ | | 30| 2| ((u32)((p)[1]) << 8) | \ | | 31| 2| ((u32)((p)[2]) << 16) | \ | | 32| 2| ((u32)((p)[3]) << 24)) ------------------ 63| 2| x->input[6] = U8TO32_LITTLE(k + 8); ------------------ | | 29| 2| (((u32)((p)[0]) ) | \ | | 30| 2| ((u32)((p)[1]) << 8) | \ | | 31| 2| ((u32)((p)[2]) << 16) | \ | | 32| 2| ((u32)((p)[3]) << 24)) ------------------ 64| 2| x->input[7] = U8TO32_LITTLE(k + 12); ------------------ | | 29| 2| (((u32)((p)[0]) ) | \ | | 30| 2| ((u32)((p)[1]) << 8) | \ | | 31| 2| ((u32)((p)[2]) << 16) | \ | | 32| 2| ((u32)((p)[3]) << 24)) ------------------ 65| 2| if (kbits == 256) { /* recommended */ ------------------ | Branch (65:7): [True: 2, False: 0] ------------------ 66| 2| k += 16; 67| 2| constants = sigma; 68| 2| } else { /* kbits == 128 */ 69| 0| constants = tau; 70| 0| } 71| 2| x->input[8] = U8TO32_LITTLE(k + 0); ------------------ | | 29| 2| (((u32)((p)[0]) ) | \ | | 30| 2| ((u32)((p)[1]) << 8) | \ | | 31| 2| ((u32)((p)[2]) << 16) | \ | | 32| 2| ((u32)((p)[3]) << 24)) ------------------ 72| 2| x->input[9] = U8TO32_LITTLE(k + 4); ------------------ | | 29| 2| (((u32)((p)[0]) ) | \ | | 30| 2| ((u32)((p)[1]) << 8) | \ | | 31| 2| ((u32)((p)[2]) << 16) | \ | | 32| 2| ((u32)((p)[3]) << 24)) ------------------ 73| 2| x->input[10] = U8TO32_LITTLE(k + 8); ------------------ | | 29| 2| (((u32)((p)[0]) ) | \ | | 30| 2| ((u32)((p)[1]) << 8) | \ | | 31| 2| ((u32)((p)[2]) << 16) | \ | | 32| 2| ((u32)((p)[3]) << 24)) ------------------ 74| 2| x->input[11] = U8TO32_LITTLE(k + 12); ------------------ | | 29| 2| (((u32)((p)[0]) ) | \ | | 30| 2| ((u32)((p)[1]) << 8) | \ | | 31| 2| ((u32)((p)[2]) << 16) | \ | | 32| 2| ((u32)((p)[3]) << 24)) ------------------ 75| 2| x->input[0] = U8TO32_LITTLE(constants + 0); ------------------ | | 29| 2| (((u32)((p)[0]) ) | \ | | 30| 2| ((u32)((p)[1]) << 8) | \ | | 31| 2| ((u32)((p)[2]) << 16) | \ | | 32| 2| ((u32)((p)[3]) << 24)) ------------------ 76| 2| x->input[1] = U8TO32_LITTLE(constants + 4); ------------------ | | 29| 2| (((u32)((p)[0]) ) | \ | | 30| 2| ((u32)((p)[1]) << 8) | \ | | 31| 2| ((u32)((p)[2]) << 16) | \ | | 32| 2| ((u32)((p)[3]) << 24)) ------------------ 77| 2| x->input[2] = U8TO32_LITTLE(constants + 8); ------------------ | | 29| 2| (((u32)((p)[0]) ) | \ | | 30| 2| ((u32)((p)[1]) << 8) | \ | | 31| 2| ((u32)((p)[2]) << 16) | \ | | 32| 2| ((u32)((p)[3]) << 24)) ------------------ 78| 2| x->input[3] = U8TO32_LITTLE(constants + 12); ------------------ | | 29| 2| (((u32)((p)[0]) ) | \ | | 30| 2| ((u32)((p)[1]) << 8) | \ | | 31| 2| ((u32)((p)[2]) << 16) | \ | | 32| 2| ((u32)((p)[3]) << 24)) ------------------ 79| 2|} arc4random.c:chacha_ivsetup: 83| 2|{ 84| 2| x->input[12] = 0; 85| 2| x->input[13] = 0; 86| 2| x->input[14] = U8TO32_LITTLE(iv + 0); ------------------ | | 29| 2| (((u32)((p)[0]) ) | \ | | 30| 2| ((u32)((p)[1]) << 8) | \ | | 31| 2| ((u32)((p)[2]) << 16) | \ | | 32| 2| ((u32)((p)[3]) << 24)) ------------------ 87| 2| x->input[15] = U8TO32_LITTLE(iv + 4); ------------------ | | 29| 2| (((u32)((p)[0]) ) | \ | | 30| 2| ((u32)((p)[1]) << 8) | \ | | 31| 2| ((u32)((p)[2]) << 16) | \ | | 32| 2| ((u32)((p)[3]) << 24)) ------------------ 88| 2|} arc4random.c:chacha_encrypt_bytes: 92| 2|{ 93| 2| u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; 94| 2| u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; 95| 2| u8 *ctarget = NULL; 96| 2| u8 tmp[64]; 97| 2| u_int i; 98| | 99| 2| if (!bytes) return; ------------------ | Branch (99:7): [True: 0, False: 2] ------------------ 100| | 101| 2| j0 = x->input[0]; 102| 2| j1 = x->input[1]; 103| 2| j2 = x->input[2]; 104| 2| j3 = x->input[3]; 105| 2| j4 = x->input[4]; 106| 2| j5 = x->input[5]; 107| 2| j6 = x->input[6]; 108| 2| j7 = x->input[7]; 109| 2| j8 = x->input[8]; 110| 2| j9 = x->input[9]; 111| 2| j10 = x->input[10]; 112| 2| j11 = x->input[11]; 113| 2| j12 = x->input[12]; 114| 2| j13 = x->input[13]; 115| 2| j14 = x->input[14]; 116| 2| j15 = x->input[15]; 117| | 118| 17| for (;;) { 119| 17| if (bytes < 64) { ------------------ | Branch (119:9): [True: 1, False: 16] ------------------ 120| 5| for (i = 0;i < bytes;++i) tmp[i] = m[i]; ------------------ | Branch (120:18): [True: 4, False: 1] ------------------ 121| 1| m = tmp; 122| 1| ctarget = c; 123| 1| c = tmp; 124| 1| } 125| 17| x0 = j0; 126| 17| x1 = j1; 127| 17| x2 = j2; 128| 17| x3 = j3; 129| 17| x4 = j4; 130| 17| x5 = j5; 131| 17| x6 = j6; 132| 17| x7 = j7; 133| 17| x8 = j8; 134| 17| x9 = j9; 135| 17| x10 = j10; 136| 17| x11 = j11; 137| 17| x12 = j12; 138| 17| x13 = j13; 139| 17| x14 = j14; 140| 17| x15 = j15; 141| 187| for (i = 20;i > 0;i -= 2) { ------------------ | Branch (141:17): [True: 170, False: 17] ------------------ 142| 170| QUARTERROUND( x0, x4, x8,x12) ------------------ | | 48| 170| a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 49| 170| c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 50| 170| a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 51| 170| c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 143| 170| QUARTERROUND( x1, x5, x9,x13) ------------------ | | 48| 170| a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 49| 170| c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 50| 170| a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 51| 170| c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 144| 170| QUARTERROUND( x2, x6,x10,x14) ------------------ | | 48| 170| a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 49| 170| c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 50| 170| a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 51| 170| c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 145| 170| QUARTERROUND( x3, x7,x11,x15) ------------------ | | 48| 170| a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 49| 170| c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 50| 170| a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 51| 170| c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 146| 170| QUARTERROUND( x0, x5,x10,x15) ------------------ | | 48| 170| a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 49| 170| c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 50| 170| a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 51| 170| c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 147| 170| QUARTERROUND( x1, x6,x11,x12) ------------------ | | 48| 170| a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 49| 170| c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 50| 170| a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 51| 170| c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 148| 170| QUARTERROUND( x2, x7, x8,x13) ------------------ | | 48| 170| a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 49| 170| c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 50| 170| a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 51| 170| c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 149| 170| QUARTERROUND( x3, x4, x9,x14) ------------------ | | 48| 170| a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 49| 170| c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 50| 170| a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ | | 51| 170| c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); | | ------------------ | | | | 44| 170|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); | | ------------------ | | | | 42| 170|#define ROTATE(v,c) (ROTL32(v,c)) | | | | ------------------ | | | | | | 26| 170| (U32V((v) << (n)) | ((v) >> (32 - (n)))) | | | | | | ------------------ | | | | | | | | 23| 170|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | | | ------------------ | | | | | | | | | | 20| 170|#define U32C(v) (v##U) | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 150| 170| } 151| 17| x0 = PLUS(x0,j0); ------------------ | | 44| 17|#define PLUS(v,w) (U32V((v) + (w))) | | ------------------ | | | | 23| 17|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | ------------------ | | | | | | 20| 17|#define U32C(v) (v##U) | | | | ------------------ | | ------------------ ------------------ 152| 17| x1 = PLUS(x1,j1); ------------------ | | 44| 17|#define PLUS(v,w) (U32V((v) + (w))) | | ------------------ | | | | 23| 17|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | ------------------ | | | | | | 20| 17|#define U32C(v) (v##U) | | | | ------------------ | | ------------------ ------------------ 153| 17| x2 = PLUS(x2,j2); ------------------ | | 44| 17|#define PLUS(v,w) (U32V((v) + (w))) | | ------------------ | | | | 23| 17|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | ------------------ | | | | | | 20| 17|#define U32C(v) (v##U) | | | | ------------------ | | ------------------ ------------------ 154| 17| x3 = PLUS(x3,j3); ------------------ | | 44| 17|#define PLUS(v,w) (U32V((v) + (w))) | | ------------------ | | | | 23| 17|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | ------------------ | | | | | | 20| 17|#define U32C(v) (v##U) | | | | ------------------ | | ------------------ ------------------ 155| 17| x4 = PLUS(x4,j4); ------------------ | | 44| 17|#define PLUS(v,w) (U32V((v) + (w))) | | ------------------ | | | | 23| 17|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | ------------------ | | | | | | 20| 17|#define U32C(v) (v##U) | | | | ------------------ | | ------------------ ------------------ 156| 17| x5 = PLUS(x5,j5); ------------------ | | 44| 17|#define PLUS(v,w) (U32V((v) + (w))) | | ------------------ | | | | 23| 17|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | ------------------ | | | | | | 20| 17|#define U32C(v) (v##U) | | | | ------------------ | | ------------------ ------------------ 157| 17| x6 = PLUS(x6,j6); ------------------ | | 44| 17|#define PLUS(v,w) (U32V((v) + (w))) | | ------------------ | | | | 23| 17|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | ------------------ | | | | | | 20| 17|#define U32C(v) (v##U) | | | | ------------------ | | ------------------ ------------------ 158| 17| x7 = PLUS(x7,j7); ------------------ | | 44| 17|#define PLUS(v,w) (U32V((v) + (w))) | | ------------------ | | | | 23| 17|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | ------------------ | | | | | | 20| 17|#define U32C(v) (v##U) | | | | ------------------ | | ------------------ ------------------ 159| 17| x8 = PLUS(x8,j8); ------------------ | | 44| 17|#define PLUS(v,w) (U32V((v) + (w))) | | ------------------ | | | | 23| 17|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | ------------------ | | | | | | 20| 17|#define U32C(v) (v##U) | | | | ------------------ | | ------------------ ------------------ 160| 17| x9 = PLUS(x9,j9); ------------------ | | 44| 17|#define PLUS(v,w) (U32V((v) + (w))) | | ------------------ | | | | 23| 17|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | ------------------ | | | | | | 20| 17|#define U32C(v) (v##U) | | | | ------------------ | | ------------------ ------------------ 161| 17| x10 = PLUS(x10,j10); ------------------ | | 44| 17|#define PLUS(v,w) (U32V((v) + (w))) | | ------------------ | | | | 23| 17|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | ------------------ | | | | | | 20| 17|#define U32C(v) (v##U) | | | | ------------------ | | ------------------ ------------------ 162| 17| x11 = PLUS(x11,j11); ------------------ | | 44| 17|#define PLUS(v,w) (U32V((v) + (w))) | | ------------------ | | | | 23| 17|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | ------------------ | | | | | | 20| 17|#define U32C(v) (v##U) | | | | ------------------ | | ------------------ ------------------ 163| 17| x12 = PLUS(x12,j12); ------------------ | | 44| 17|#define PLUS(v,w) (U32V((v) + (w))) | | ------------------ | | | | 23| 17|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | ------------------ | | | | | | 20| 17|#define U32C(v) (v##U) | | | | ------------------ | | ------------------ ------------------ 164| 17| x13 = PLUS(x13,j13); ------------------ | | 44| 17|#define PLUS(v,w) (U32V((v) + (w))) | | ------------------ | | | | 23| 17|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | ------------------ | | | | | | 20| 17|#define U32C(v) (v##U) | | | | ------------------ | | ------------------ ------------------ 165| 17| x14 = PLUS(x14,j14); ------------------ | | 44| 17|#define PLUS(v,w) (U32V((v) + (w))) | | ------------------ | | | | 23| 17|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | ------------------ | | | | | | 20| 17|#define U32C(v) (v##U) | | | | ------------------ | | ------------------ ------------------ 166| 17| x15 = PLUS(x15,j15); ------------------ | | 44| 17|#define PLUS(v,w) (U32V((v) + (w))) | | ------------------ | | | | 23| 17|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | ------------------ | | | | | | 20| 17|#define U32C(v) (v##U) | | | | ------------------ | | ------------------ ------------------ 167| | 168| |#ifndef KEYSTREAM_ONLY 169| | x0 = XOR(x0,U8TO32_LITTLE(m + 0)); 170| | x1 = XOR(x1,U8TO32_LITTLE(m + 4)); 171| | x2 = XOR(x2,U8TO32_LITTLE(m + 8)); 172| | x3 = XOR(x3,U8TO32_LITTLE(m + 12)); 173| | x4 = XOR(x4,U8TO32_LITTLE(m + 16)); 174| | x5 = XOR(x5,U8TO32_LITTLE(m + 20)); 175| | x6 = XOR(x6,U8TO32_LITTLE(m + 24)); 176| | x7 = XOR(x7,U8TO32_LITTLE(m + 28)); 177| | x8 = XOR(x8,U8TO32_LITTLE(m + 32)); 178| | x9 = XOR(x9,U8TO32_LITTLE(m + 36)); 179| | x10 = XOR(x10,U8TO32_LITTLE(m + 40)); 180| | x11 = XOR(x11,U8TO32_LITTLE(m + 44)); 181| | x12 = XOR(x12,U8TO32_LITTLE(m + 48)); 182| | x13 = XOR(x13,U8TO32_LITTLE(m + 52)); 183| | x14 = XOR(x14,U8TO32_LITTLE(m + 56)); 184| | x15 = XOR(x15,U8TO32_LITTLE(m + 60)); 185| |#endif 186| | 187| 17| j12 = PLUSONE(j12); ------------------ | | 45| 17|#define PLUSONE(v) (PLUS((v),1)) | | ------------------ | | | | 44| 17|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 17|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 17|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 188| 17| if (!j12) { ------------------ | Branch (188:9): [True: 0, False: 17] ------------------ 189| 0| j13 = PLUSONE(j13); ------------------ | | 45| 0|#define PLUSONE(v) (PLUS((v),1)) | | ------------------ | | | | 44| 0|#define PLUS(v,w) (U32V((v) + (w))) | | | | ------------------ | | | | | | 23| 0|#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) | | | | | | ------------------ | | | | | | | | 20| 0|#define U32C(v) (v##U) | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 190| | /* stopping at 2^70 bytes per nonce is user's responsibility */ 191| 0| } 192| | 193| 17| U32TO8_LITTLE(c + 0,x0); ------------------ | | 35| 17| do { \ | | 36| 17| (p)[0] = U8V((v) ); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 37| 17| (p)[1] = U8V((v) >> 8); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 38| 17| (p)[2] = U8V((v) >> 16); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 39| 17| (p)[3] = U8V((v) >> 24); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 40| 17| } while (0) | | ------------------ | | | Branch (40:12): [Folded - Ignored] | | ------------------ ------------------ 194| 17| U32TO8_LITTLE(c + 4,x1); ------------------ | | 35| 17| do { \ | | 36| 17| (p)[0] = U8V((v) ); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 37| 17| (p)[1] = U8V((v) >> 8); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 38| 17| (p)[2] = U8V((v) >> 16); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 39| 17| (p)[3] = U8V((v) >> 24); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 40| 17| } while (0) | | ------------------ | | | Branch (40:12): [Folded - Ignored] | | ------------------ ------------------ 195| 17| U32TO8_LITTLE(c + 8,x2); ------------------ | | 35| 17| do { \ | | 36| 17| (p)[0] = U8V((v) ); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 37| 17| (p)[1] = U8V((v) >> 8); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 38| 17| (p)[2] = U8V((v) >> 16); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 39| 17| (p)[3] = U8V((v) >> 24); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 40| 17| } while (0) | | ------------------ | | | Branch (40:12): [Folded - Ignored] | | ------------------ ------------------ 196| 17| U32TO8_LITTLE(c + 12,x3); ------------------ | | 35| 17| do { \ | | 36| 17| (p)[0] = U8V((v) ); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 37| 17| (p)[1] = U8V((v) >> 8); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 38| 17| (p)[2] = U8V((v) >> 16); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 39| 17| (p)[3] = U8V((v) >> 24); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 40| 17| } while (0) | | ------------------ | | | Branch (40:12): [Folded - Ignored] | | ------------------ ------------------ 197| 17| U32TO8_LITTLE(c + 16,x4); ------------------ | | 35| 17| do { \ | | 36| 17| (p)[0] = U8V((v) ); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 37| 17| (p)[1] = U8V((v) >> 8); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 38| 17| (p)[2] = U8V((v) >> 16); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 39| 17| (p)[3] = U8V((v) >> 24); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 40| 17| } while (0) | | ------------------ | | | Branch (40:12): [Folded - Ignored] | | ------------------ ------------------ 198| 17| U32TO8_LITTLE(c + 20,x5); ------------------ | | 35| 17| do { \ | | 36| 17| (p)[0] = U8V((v) ); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 37| 17| (p)[1] = U8V((v) >> 8); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 38| 17| (p)[2] = U8V((v) >> 16); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 39| 17| (p)[3] = U8V((v) >> 24); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 40| 17| } while (0) | | ------------------ | | | Branch (40:12): [Folded - Ignored] | | ------------------ ------------------ 199| 17| U32TO8_LITTLE(c + 24,x6); ------------------ | | 35| 17| do { \ | | 36| 17| (p)[0] = U8V((v) ); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 37| 17| (p)[1] = U8V((v) >> 8); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 38| 17| (p)[2] = U8V((v) >> 16); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 39| 17| (p)[3] = U8V((v) >> 24); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 40| 17| } while (0) | | ------------------ | | | Branch (40:12): [Folded - Ignored] | | ------------------ ------------------ 200| 17| U32TO8_LITTLE(c + 28,x7); ------------------ | | 35| 17| do { \ | | 36| 17| (p)[0] = U8V((v) ); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 37| 17| (p)[1] = U8V((v) >> 8); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 38| 17| (p)[2] = U8V((v) >> 16); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 39| 17| (p)[3] = U8V((v) >> 24); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 40| 17| } while (0) | | ------------------ | | | Branch (40:12): [Folded - Ignored] | | ------------------ ------------------ 201| 17| U32TO8_LITTLE(c + 32,x8); ------------------ | | 35| 17| do { \ | | 36| 17| (p)[0] = U8V((v) ); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 37| 17| (p)[1] = U8V((v) >> 8); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 38| 17| (p)[2] = U8V((v) >> 16); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 39| 17| (p)[3] = U8V((v) >> 24); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 40| 17| } while (0) | | ------------------ | | | Branch (40:12): [Folded - Ignored] | | ------------------ ------------------ 202| 17| U32TO8_LITTLE(c + 36,x9); ------------------ | | 35| 17| do { \ | | 36| 17| (p)[0] = U8V((v) ); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 37| 17| (p)[1] = U8V((v) >> 8); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 38| 17| (p)[2] = U8V((v) >> 16); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 39| 17| (p)[3] = U8V((v) >> 24); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 40| 17| } while (0) | | ------------------ | | | Branch (40:12): [Folded - Ignored] | | ------------------ ------------------ 203| 17| U32TO8_LITTLE(c + 40,x10); ------------------ | | 35| 17| do { \ | | 36| 17| (p)[0] = U8V((v) ); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 37| 17| (p)[1] = U8V((v) >> 8); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 38| 17| (p)[2] = U8V((v) >> 16); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 39| 17| (p)[3] = U8V((v) >> 24); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 40| 17| } while (0) | | ------------------ | | | Branch (40:12): [Folded - Ignored] | | ------------------ ------------------ 204| 17| U32TO8_LITTLE(c + 44,x11); ------------------ | | 35| 17| do { \ | | 36| 17| (p)[0] = U8V((v) ); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 37| 17| (p)[1] = U8V((v) >> 8); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 38| 17| (p)[2] = U8V((v) >> 16); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 39| 17| (p)[3] = U8V((v) >> 24); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 40| 17| } while (0) | | ------------------ | | | Branch (40:12): [Folded - Ignored] | | ------------------ ------------------ 205| 17| U32TO8_LITTLE(c + 48,x12); ------------------ | | 35| 17| do { \ | | 36| 17| (p)[0] = U8V((v) ); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 37| 17| (p)[1] = U8V((v) >> 8); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 38| 17| (p)[2] = U8V((v) >> 16); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 39| 17| (p)[3] = U8V((v) >> 24); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 40| 17| } while (0) | | ------------------ | | | Branch (40:12): [Folded - Ignored] | | ------------------ ------------------ 206| 17| U32TO8_LITTLE(c + 52,x13); ------------------ | | 35| 17| do { \ | | 36| 17| (p)[0] = U8V((v) ); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 37| 17| (p)[1] = U8V((v) >> 8); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 38| 17| (p)[2] = U8V((v) >> 16); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 39| 17| (p)[3] = U8V((v) >> 24); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 40| 17| } while (0) | | ------------------ | | | Branch (40:12): [Folded - Ignored] | | ------------------ ------------------ 207| 17| U32TO8_LITTLE(c + 56,x14); ------------------ | | 35| 17| do { \ | | 36| 17| (p)[0] = U8V((v) ); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 37| 17| (p)[1] = U8V((v) >> 8); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 38| 17| (p)[2] = U8V((v) >> 16); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 39| 17| (p)[3] = U8V((v) >> 24); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 40| 17| } while (0) | | ------------------ | | | Branch (40:12): [Folded - Ignored] | | ------------------ ------------------ 208| 17| U32TO8_LITTLE(c + 60,x15); ------------------ | | 35| 17| do { \ | | 36| 17| (p)[0] = U8V((v) ); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 37| 17| (p)[1] = U8V((v) >> 8); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 38| 17| (p)[2] = U8V((v) >> 16); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 39| 17| (p)[3] = U8V((v) >> 24); \ | | ------------------ | | | | 22| 17|#define U8V(v) ((u8)(v) & U8C(0xFF)) | | | | ------------------ | | | | | | 19| 17|#define U8C(v) (v##U) | | | | ------------------ | | ------------------ | | 40| 17| } while (0) | | ------------------ | | | Branch (40:12): [Folded - Ignored] | | ------------------ ------------------ 209| | 210| 17| if (bytes <= 64) { ------------------ | Branch (210:9): [True: 2, False: 15] ------------------ 211| 2| if (bytes < 64) { ------------------ | Branch (211:11): [True: 1, False: 1] ------------------ 212| 5| for (i = 0;i < bytes;++i) ctarget[i] = c[i]; ------------------ | Branch (212:20): [True: 4, False: 1] ------------------ 213| 1| } 214| 2| x->input[12] = j12; 215| 2| x->input[13] = j13; 216| 2| return; 217| 2| } 218| 15| bytes -= 64; 219| 15| c += 64; 220| |#ifndef KEYSTREAM_ONLY 221| | m += 64; 222| |#endif 223| 15| } 224| 2|} freezero: 26| 17.9k|{ 27| 17.9k| if (ptr == NULL) ------------------ | Branch (27:6): [True: 7.89k, False: 10.0k] ------------------ 28| 7.89k| return; 29| 10.0k| explicit_bzero(ptr, sz); 30| 10.0k| free(ptr); 31| 10.0k|} LLVMFuzzerTestOneInput: 26| 1.13k|{ 27| 1.13k|#ifdef WITH_OPENSSL 28| 1.13k| static struct sshkey *rsa = generate_or_die(KEY_RSA, 2048); 29| 1.13k| static struct sshkey *dsa = generate_or_die(KEY_DSA, 1024); 30| 1.13k| static struct sshkey *ecdsa256 = generate_or_die(KEY_ECDSA, 256); 31| 1.13k| static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384); 32| 1.13k| static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521); 33| 1.13k|#endif 34| 1.13k| struct sshkey_sig_details *details = NULL; 35| 1.13k| static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0); 36| 1.13k| static const char *data = "If everyone started announcing his nose had " 37| 1.13k| "run away, I don’t know how it would all end"; 38| 1.13k| static const size_t dlen = strlen(data); 39| | 40| 1.13k|#ifdef WITH_OPENSSL 41| 1.13k| sshkey_verify(rsa, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); 42| 1.13k| sshkey_sig_details_free(details); 43| 1.13k| details = NULL; 44| 1.13k| sshkey_verify(dsa, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); 45| 1.13k| sshkey_sig_details_free(details); 46| 1.13k| details = NULL; 47| 1.13k| sshkey_verify(ecdsa256, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); 48| 1.13k| sshkey_sig_details_free(details); 49| 1.13k| details = NULL; 50| 1.13k| sshkey_verify(ecdsa384, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); 51| 1.13k| sshkey_sig_details_free(details); 52| 1.13k| details = NULL; 53| 1.13k| sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); 54| 1.13k| sshkey_sig_details_free(details); 55| 1.13k| details = NULL; 56| 1.13k|#endif 57| 1.13k| sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); 58| 1.13k| sshkey_sig_details_free(details); 59| 1.13k| return 0; 60| 1.13k|} sig_fuzz.cc:_ZL15generate_or_dieij: 15| 6|static struct sshkey *generate_or_die(int type, unsigned bits) { 16| 6| int r; 17| 6| struct sshkey *ret; 18| 6| if ((r = sshkey_generate(type, bits, &ret)) != 0) { ------------------ | Branch (18:7): [True: 0, False: 6] ------------------ 19| 0| fprintf(stderr, "generate(%d, %u): %s", type, bits, ssh_err(r)); 20| 0| abort(); 21| 0| } 22| 6| return ret; 23| 6|} ssh-dss.c:ssh_dss_generate: 147| 1|{ 148| 1| DSA *private; 149| | 150| 1| if (bits != 1024) ------------------ | Branch (150:6): [True: 0, False: 1] ------------------ 151| 0| return SSH_ERR_KEY_LENGTH; ------------------ | | 80| 0|#define SSH_ERR_KEY_LENGTH -56 ------------------ 152| 1| if ((private = DSA_new()) == NULL) ------------------ | Branch (152:6): [True: 0, False: 1] ------------------ 153| 0| return SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 154| 1| if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL, ------------------ | Branch (154:6): [True: 0, False: 1] ------------------ 155| 1| NULL, NULL) || !DSA_generate_key(private)) { ------------------ | Branch (155:21): [True: 0, False: 1] ------------------ 156| 0| DSA_free(private); 157| 0| return SSH_ERR_LIBCRYPTO_ERROR; ------------------ | | 46| 0|#define SSH_ERR_LIBCRYPTO_ERROR -22 ------------------ 158| 0| } 159| 1| k->dsa = private; 160| 1| return 0; 161| 1|} ssh-dss.c:ssh_dss_verify: 333| 1.13k|{ 334| 1.13k| DSA_SIG *dsig = NULL; 335| 1.13k| BIGNUM *sig_r = NULL, *sig_s = NULL; 336| 1.13k| u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob = NULL; 337| 1.13k| size_t len, hlen = ssh_digest_bytes(SSH_DIGEST_SHA1); ------------------ | | 26| 1.13k|#define SSH_DIGEST_SHA1 1 ------------------ 338| 1.13k| int ret = SSH_ERR_INTERNAL_ERROR; ------------------ | | 25| 1.13k|#define SSH_ERR_INTERNAL_ERROR -1 ------------------ 339| 1.13k| struct sshbuf *b = NULL; 340| 1.13k| char *ktype = NULL; 341| | 342| 1.13k| if (key == NULL || key->dsa == NULL || ------------------ | Branch (342:6): [True: 0, False: 1.13k] | Branch (342:21): [True: 0, False: 1.13k] ------------------ 343| 1.13k| sshkey_type_plain(key->type) != KEY_DSA || ------------------ | Branch (343:6): [True: 0, False: 1.13k] ------------------ 344| 1.13k| sig == NULL || siglen == 0) ------------------ | Branch (344:6): [True: 0, False: 1.13k] | Branch (344:21): [True: 0, False: 1.13k] ------------------ 345| 0| return SSH_ERR_INVALID_ARGUMENT; ------------------ | | 34| 0|#define SSH_ERR_INVALID_ARGUMENT -10 ------------------ 346| 1.13k| if (hlen == 0) ------------------ | Branch (346:6): [True: 0, False: 1.13k] ------------------ 347| 0| return SSH_ERR_INTERNAL_ERROR; ------------------ | | 25| 0|#define SSH_ERR_INTERNAL_ERROR -1 ------------------ 348| | 349| | /* fetch signature */ 350| 1.13k| if ((b = sshbuf_from(sig, siglen)) == NULL) ------------------ | Branch (350:6): [True: 0, False: 1.13k] ------------------ 351| 0| return SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 352| 1.13k| if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || ------------------ | Branch (352:6): [True: 68, False: 1.06k] ------------------ 353| 1.13k| sshbuf_get_string(b, &sigblob, &len) != 0) { ------------------ | Branch (353:6): [True: 312, False: 757] ------------------ 354| 380| ret = SSH_ERR_INVALID_FORMAT; ------------------ | | 28| 380|#define SSH_ERR_INVALID_FORMAT -4 ------------------ 355| 380| goto out; 356| 380| } 357| 757| if (strcmp("ssh-dss", ktype) != 0) { ------------------ | Branch (357:6): [True: 714, False: 43] ------------------ 358| 714| ret = SSH_ERR_KEY_TYPE_MISMATCH; ------------------ | | 37| 714|#define SSH_ERR_KEY_TYPE_MISMATCH -13 ------------------ 359| 714| goto out; 360| 714| } 361| 43| if (sshbuf_len(b) != 0) { ------------------ | Branch (361:6): [True: 20, False: 23] ------------------ 362| 20| ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; ------------------ | | 47| 20|#define SSH_ERR_UNEXPECTED_TRAILING_DATA -23 ------------------ 363| 20| goto out; 364| 20| } 365| | 366| 23| if (len != SIGBLOB_LEN) { ------------------ | | 48| 23|#define SIGBLOB_LEN (2*INTBLOB_LEN) | | ------------------ | | | | 47| 23|#define INTBLOB_LEN 20 | | ------------------ ------------------ | Branch (366:6): [True: 22, False: 1] ------------------ 367| 22| ret = SSH_ERR_INVALID_FORMAT; ------------------ | | 28| 22|#define SSH_ERR_INVALID_FORMAT -4 ------------------ 368| 22| goto out; 369| 22| } 370| | 371| | /* parse signature */ 372| 1| if ((dsig = DSA_SIG_new()) == NULL || ------------------ | Branch (372:6): [True: 0, False: 1] ------------------ 373| 1| (sig_r = BN_new()) == NULL || ------------------ | Branch (373:6): [True: 0, False: 1] ------------------ 374| 1| (sig_s = BN_new()) == NULL) { ------------------ | Branch (374:6): [True: 0, False: 1] ------------------ 375| 0| ret = SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 376| 0| goto out; 377| 0| } 378| 1| if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig_r) == NULL) || ------------------ | | 47| 1|#define INTBLOB_LEN 20 ------------------ | Branch (378:6): [True: 0, False: 1] ------------------ 379| 1| (BN_bin2bn(sigblob + INTBLOB_LEN, INTBLOB_LEN, sig_s) == NULL)) { ------------------ | | 47| 1|#define INTBLOB_LEN 20 ------------------ (BN_bin2bn(sigblob + INTBLOB_LEN, INTBLOB_LEN, sig_s) == NULL)) { ------------------ | | 47| 1|#define INTBLOB_LEN 20 ------------------ | Branch (379:6): [True: 0, False: 1] ------------------ 380| 0| ret = SSH_ERR_LIBCRYPTO_ERROR; ------------------ | | 46| 0|#define SSH_ERR_LIBCRYPTO_ERROR -22 ------------------ 381| 0| goto out; 382| 0| } 383| 1| if (!DSA_SIG_set0(dsig, sig_r, sig_s)) { ------------------ | Branch (383:6): [True: 0, False: 1] ------------------ 384| 0| ret = SSH_ERR_LIBCRYPTO_ERROR; ------------------ | | 46| 0|#define SSH_ERR_LIBCRYPTO_ERROR -22 ------------------ 385| 0| goto out; 386| 0| } 387| 1| sig_r = sig_s = NULL; /* transferred */ 388| | 389| | /* sha1 the data */ 390| 1| if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, dlen, ------------------ | | 26| 1|#define SSH_DIGEST_SHA1 1 ------------------ | Branch (390:6): [True: 0, False: 1] ------------------ 391| 1| digest, sizeof(digest))) != 0) 392| 0| goto out; 393| | 394| 1| switch (DSA_do_verify(digest, hlen, dsig, key->dsa)) { 395| 0| case 1: ------------------ | Branch (395:2): [True: 0, False: 1] ------------------ 396| 0| ret = 0; 397| 0| break; 398| 1| case 0: ------------------ | Branch (398:2): [True: 1, False: 0] ------------------ 399| 1| ret = SSH_ERR_SIGNATURE_INVALID; ------------------ | | 45| 1|#define SSH_ERR_SIGNATURE_INVALID -21 ------------------ 400| 1| goto out; 401| 0| default: ------------------ | Branch (401:2): [True: 0, False: 1] ------------------ 402| 0| ret = SSH_ERR_LIBCRYPTO_ERROR; ------------------ | | 46| 0|#define SSH_ERR_LIBCRYPTO_ERROR -22 ------------------ 403| 0| goto out; 404| 1| } 405| | 406| 1.13k| out: 407| 1.13k| explicit_bzero(digest, sizeof(digest)); 408| 1.13k| DSA_SIG_free(dsig); 409| 1.13k| BN_clear_free(sig_r); 410| 1.13k| BN_clear_free(sig_s); 411| 1.13k| sshbuf_free(b); 412| 1.13k| free(ktype); 413| 1.13k| if (sigblob != NULL) ------------------ | Branch (413:6): [True: 757, False: 380] ------------------ 414| 757| freezero(sigblob, len); 415| 1.13k| return ret; 416| 1|} ssh-ecdsa.c:ssh_ecdsa_generate: 128| 3|{ 129| 3| EC_KEY *private; 130| | 131| 3| if ((k->ecdsa_nid = sshkey_ecdsa_bits_to_nid(bits)) == -1) ------------------ | Branch (131:6): [True: 0, False: 3] ------------------ 132| 0| return SSH_ERR_KEY_LENGTH; ------------------ | | 80| 0|#define SSH_ERR_KEY_LENGTH -56 ------------------ 133| 3| if ((private = EC_KEY_new_by_curve_name(k->ecdsa_nid)) == NULL) ------------------ | Branch (133:6): [True: 0, False: 3] ------------------ 134| 0| return SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 135| 3| if (EC_KEY_generate_key(private) != 1) { ------------------ | Branch (135:6): [True: 0, False: 3] ------------------ 136| 0| EC_KEY_free(private); 137| 0| return SSH_ERR_LIBCRYPTO_ERROR; ------------------ | | 46| 0|#define SSH_ERR_LIBCRYPTO_ERROR -22 ------------------ 138| 0| } 139| 3| EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE); 140| 3| k->ecdsa = private; 141| 3| return 0; 142| 3|} ssh-ecdsa.c:ssh_ecdsa_verify: 295| 3.41k|{ 296| 3.41k| ECDSA_SIG *esig = NULL; 297| 3.41k| BIGNUM *sig_r = NULL, *sig_s = NULL; 298| 3.41k| int hash_alg; 299| 3.41k| u_char digest[SSH_DIGEST_MAX_LENGTH]; 300| 3.41k| size_t hlen; 301| 3.41k| int ret = SSH_ERR_INTERNAL_ERROR; ------------------ | | 25| 3.41k|#define SSH_ERR_INTERNAL_ERROR -1 ------------------ 302| 3.41k| struct sshbuf *b = NULL, *sigbuf = NULL; 303| 3.41k| char *ktype = NULL; 304| | 305| 3.41k| if (key == NULL || key->ecdsa == NULL || ------------------ | Branch (305:6): [True: 0, False: 3.41k] | Branch (305:21): [True: 0, False: 3.41k] ------------------ 306| 3.41k| sshkey_type_plain(key->type) != KEY_ECDSA || ------------------ | Branch (306:6): [True: 0, False: 3.41k] ------------------ 307| 3.41k| sig == NULL || siglen == 0) ------------------ | Branch (307:6): [True: 0, False: 3.41k] | Branch (307:21): [True: 0, False: 3.41k] ------------------ 308| 0| return SSH_ERR_INVALID_ARGUMENT; ------------------ | | 34| 0|#define SSH_ERR_INVALID_ARGUMENT -10 ------------------ 309| | 310| 3.41k| if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1 || ------------------ | Branch (310:6): [True: 0, False: 3.41k] ------------------ 311| 3.41k| (hlen = ssh_digest_bytes(hash_alg)) == 0) ------------------ | Branch (311:6): [True: 0, False: 3.41k] ------------------ 312| 0| return SSH_ERR_INTERNAL_ERROR; ------------------ | | 25| 0|#define SSH_ERR_INTERNAL_ERROR -1 ------------------ 313| | 314| | /* fetch signature */ 315| 3.41k| if ((b = sshbuf_from(sig, siglen)) == NULL) ------------------ | Branch (315:6): [True: 0, False: 3.41k] ------------------ 316| 0| return SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 317| 3.41k| if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || ------------------ | Branch (317:6): [True: 204, False: 3.20k] ------------------ 318| 3.41k| sshbuf_froms(b, &sigbuf) != 0) { ------------------ | Branch (318:6): [True: 936, False: 2.27k] ------------------ 319| 1.14k| ret = SSH_ERR_INVALID_FORMAT; ------------------ | | 28| 1.14k|#define SSH_ERR_INVALID_FORMAT -4 ------------------ 320| 1.14k| goto out; 321| 1.14k| } 322| 2.27k| if (strcmp(sshkey_ssh_name_plain(key), ktype) != 0) { ------------------ | Branch (322:6): [True: 2.06k, False: 208] ------------------ 323| 2.06k| ret = SSH_ERR_KEY_TYPE_MISMATCH; ------------------ | | 37| 2.06k|#define SSH_ERR_KEY_TYPE_MISMATCH -13 ------------------ 324| 2.06k| goto out; 325| 2.06k| } 326| 208| if (sshbuf_len(b) != 0) { ------------------ | Branch (326:6): [True: 25, False: 183] ------------------ 327| 25| ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; ------------------ | | 47| 25|#define SSH_ERR_UNEXPECTED_TRAILING_DATA -23 ------------------ 328| 25| goto out; 329| 25| } 330| | 331| | /* parse signature */ 332| 183| if (sshbuf_get_bignum2(sigbuf, &sig_r) != 0 || ------------------ | Branch (332:6): [True: 91, False: 92] ------------------ 333| 183| sshbuf_get_bignum2(sigbuf, &sig_s) != 0) { ------------------ | Branch (333:6): [True: 52, False: 40] ------------------ 334| 143| ret = SSH_ERR_INVALID_FORMAT; ------------------ | | 28| 143|#define SSH_ERR_INVALID_FORMAT -4 ------------------ 335| 143| goto out; 336| 143| } 337| 40| if ((esig = ECDSA_SIG_new()) == NULL) { ------------------ | Branch (337:6): [True: 0, False: 40] ------------------ 338| 0| ret = SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 339| 0| goto out; 340| 0| } 341| 40| if (!ECDSA_SIG_set0(esig, sig_r, sig_s)) { ------------------ | Branch (341:6): [True: 0, False: 40] ------------------ 342| 0| ret = SSH_ERR_LIBCRYPTO_ERROR; ------------------ | | 46| 0|#define SSH_ERR_LIBCRYPTO_ERROR -22 ------------------ 343| 0| goto out; 344| 0| } 345| 40| sig_r = sig_s = NULL; /* transferred */ 346| | 347| 40| if (sshbuf_len(sigbuf) != 0) { ------------------ | Branch (347:6): [True: 35, False: 5] ------------------ 348| 35| ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; ------------------ | | 47| 35|#define SSH_ERR_UNEXPECTED_TRAILING_DATA -23 ------------------ 349| 35| goto out; 350| 35| } 351| 5| if ((ret = ssh_digest_memory(hash_alg, data, dlen, ------------------ | Branch (351:6): [True: 0, False: 5] ------------------ 352| 5| digest, sizeof(digest))) != 0) 353| 0| goto out; 354| | 355| 5| switch (ECDSA_do_verify(digest, hlen, esig, key->ecdsa)) { 356| 0| case 1: ------------------ | Branch (356:2): [True: 0, False: 5] ------------------ 357| 0| ret = 0; 358| 0| break; 359| 5| case 0: ------------------ | Branch (359:2): [True: 5, False: 0] ------------------ 360| 5| ret = SSH_ERR_SIGNATURE_INVALID; ------------------ | | 45| 5|#define SSH_ERR_SIGNATURE_INVALID -21 ------------------ 361| 5| goto out; 362| 0| default: ------------------ | Branch (362:2): [True: 0, False: 5] ------------------ 363| 0| ret = SSH_ERR_LIBCRYPTO_ERROR; ------------------ | | 46| 0|#define SSH_ERR_LIBCRYPTO_ERROR -22 ------------------ 364| 0| goto out; 365| 5| } 366| | 367| 3.41k| out: 368| 3.41k| explicit_bzero(digest, sizeof(digest)); 369| 3.41k| sshbuf_free(sigbuf); 370| 3.41k| sshbuf_free(b); 371| 3.41k| ECDSA_SIG_free(esig); 372| 3.41k| BN_clear_free(sig_r); 373| 3.41k| BN_clear_free(sig_s); 374| 3.41k| free(ktype); 375| 3.41k| return ret; 376| 5|} ssh-ed25519.c:ssh_ed25519_generate: 83| 1|{ 84| 1| if ((k->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL || ------------------ | | 159| 1|#define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES | | ------------------ | | | | 36| 1|#define crypto_sign_ed25519_PUBLICKEYBYTES 32U | | ------------------ ------------------ | Branch (84:6): [True: 0, False: 1] ------------------ 85| 1| (k->ed25519_sk = malloc(ED25519_SK_SZ)) == NULL) ------------------ | | 158| 1|#define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES | | ------------------ | | | | 35| 1|#define crypto_sign_ed25519_SECRETKEYBYTES 64U | | ------------------ ------------------ | Branch (85:6): [True: 0, False: 1] ------------------ 86| 0| return SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 87| 1| crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); 88| 1| return 0; 89| 1|} ssh-ed25519.c:ssh_ed25519_verify: 209| 1.13k|{ 210| 1.13k| struct sshbuf *b = NULL; 211| 1.13k| char *ktype = NULL; 212| 1.13k| const u_char *sigblob; 213| 1.13k| u_char *sm = NULL, *m = NULL; 214| 1.13k| size_t len; 215| 1.13k| unsigned long long smlen = 0, mlen = 0; 216| 1.13k| int r, ret; 217| | 218| 1.13k| if (key == NULL || ------------------ | Branch (218:6): [True: 0, False: 1.13k] ------------------ 219| 1.13k| sshkey_type_plain(key->type) != KEY_ED25519 || ------------------ | Branch (219:6): [True: 0, False: 1.13k] ------------------ 220| 1.13k| key->ed25519_pk == NULL || ------------------ | Branch (220:6): [True: 0, False: 1.13k] ------------------ 221| 1.13k| dlen >= INT_MAX - crypto_sign_ed25519_BYTES || ------------------ | | 37| 2.27k|#define crypto_sign_ed25519_BYTES 64U ------------------ | Branch (221:6): [True: 0, False: 1.13k] ------------------ 222| 1.13k| sig == NULL || siglen == 0) ------------------ | Branch (222:6): [True: 0, False: 1.13k] | Branch (222:21): [True: 0, False: 1.13k] ------------------ 223| 0| return SSH_ERR_INVALID_ARGUMENT; ------------------ | | 34| 0|#define SSH_ERR_INVALID_ARGUMENT -10 ------------------ 224| | 225| 1.13k| if ((b = sshbuf_from(sig, siglen)) == NULL) ------------------ | Branch (225:6): [True: 0, False: 1.13k] ------------------ 226| 0| return SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 227| 1.13k| if ((r = sshbuf_get_cstring(b, &ktype, NULL)) != 0 || ------------------ | Branch (227:6): [True: 68, False: 1.06k] ------------------ 228| 1.13k| (r = sshbuf_get_string_direct(b, &sigblob, &len)) != 0) ------------------ | Branch (228:6): [True: 312, False: 757] ------------------ 229| 380| goto out; 230| 757| if (strcmp("ssh-ed25519", ktype) != 0) { ------------------ | Branch (230:6): [True: 679, False: 78] ------------------ 231| 679| r = SSH_ERR_KEY_TYPE_MISMATCH; ------------------ | | 37| 679|#define SSH_ERR_KEY_TYPE_MISMATCH -13 ------------------ 232| 679| goto out; 233| 679| } 234| 78| if (sshbuf_len(b) != 0) { ------------------ | Branch (234:6): [True: 20, False: 58] ------------------ 235| 20| r = SSH_ERR_UNEXPECTED_TRAILING_DATA; ------------------ | | 47| 20|#define SSH_ERR_UNEXPECTED_TRAILING_DATA -23 ------------------ 236| 20| goto out; 237| 20| } 238| 58| if (len > crypto_sign_ed25519_BYTES) { ------------------ | | 37| 58|#define crypto_sign_ed25519_BYTES 64U ------------------ | Branch (238:6): [True: 12, False: 46] ------------------ 239| 12| r = SSH_ERR_INVALID_FORMAT; ------------------ | | 28| 12|#define SSH_ERR_INVALID_FORMAT -4 ------------------ 240| 12| goto out; 241| 12| } 242| 46| if (dlen >= SIZE_MAX - len) { ------------------ | Branch (242:6): [True: 0, False: 46] ------------------ 243| 0| r = SSH_ERR_INVALID_ARGUMENT; ------------------ | | 34| 0|#define SSH_ERR_INVALID_ARGUMENT -10 ------------------ 244| 0| goto out; 245| 0| } 246| 46| smlen = len + dlen; 247| 46| mlen = smlen; 248| 46| if ((sm = malloc(smlen)) == NULL || (m = malloc(mlen)) == NULL) { ------------------ | Branch (248:6): [True: 0, False: 46] | Branch (248:38): [True: 0, False: 46] ------------------ 249| 0| r = SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 250| 0| goto out; 251| 0| } 252| 46| memcpy(sm, sigblob, len); 253| 46| memcpy(sm+len, data, dlen); 254| 46| if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen, ------------------ | Branch (254:6): [True: 46, False: 0] ------------------ 255| 46| key->ed25519_pk)) != 0) { 256| 46| debug2_f("crypto_sign_ed25519_open failed: %d", ret); ------------------ | | 101| 46|#define debug2_f(...) sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_DEBUG2, NULL, __VA_ARGS__) ------------------ 257| 46| } 258| 46| if (ret != 0 || mlen != dlen) { ------------------ | Branch (258:6): [True: 46, False: 0] | Branch (258:18): [True: 0, False: 0] ------------------ 259| 46| r = SSH_ERR_SIGNATURE_INVALID; ------------------ | | 45| 46|#define SSH_ERR_SIGNATURE_INVALID -21 ------------------ 260| 46| goto out; 261| 46| } 262| | /* XXX compare 'm' and 'data' ? */ 263| | /* success */ 264| 0| r = 0; 265| 1.13k| out: 266| 1.13k| if (sm != NULL) ------------------ | Branch (266:6): [True: 46, False: 1.09k] ------------------ 267| 46| freezero(sm, smlen); 268| 1.13k| if (m != NULL) ------------------ | Branch (268:6): [True: 46, False: 1.09k] ------------------ 269| 46| freezero(m, smlen); /* NB mlen may be invalid if r != 0 */ 270| 1.13k| sshbuf_free(b); 271| 1.13k| free(ktype); 272| 1.13k| return r; 273| 0|} ssh-rsa.c:ssh_rsa_generate: 133| 1|{ 134| 1| RSA *private = NULL; 135| 1| BIGNUM *f4 = NULL; 136| 1| int ret = SSH_ERR_INTERNAL_ERROR; ------------------ | | 25| 1|#define SSH_ERR_INTERNAL_ERROR -1 ------------------ 137| | 138| 1| if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE || ------------------ | | 53| 2|#define SSH_RSA_MINIMUM_MODULUS_SIZE 1024 ------------------ | Branch (138:6): [True: 0, False: 1] ------------------ 139| 1| bits > SSHBUF_MAX_BIGNUM * 8) ------------------ | | 33| 1|#define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */ ------------------ | Branch (139:6): [True: 0, False: 1] ------------------ 140| 0| return SSH_ERR_KEY_LENGTH; ------------------ | | 80| 0|#define SSH_ERR_KEY_LENGTH -56 ------------------ 141| 1| if ((private = RSA_new()) == NULL || (f4 = BN_new()) == NULL) { ------------------ | Branch (141:6): [True: 0, False: 1] | Branch (141:39): [True: 0, False: 1] ------------------ 142| 0| ret = SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 143| 0| goto out; 144| 0| } 145| 1| if (!BN_set_word(f4, RSA_F4) || ------------------ | Branch (145:6): [True: 0, False: 1] ------------------ 146| 1| !RSA_generate_key_ex(private, bits, f4, NULL)) { ------------------ | Branch (146:6): [True: 0, False: 1] ------------------ 147| 0| ret = SSH_ERR_LIBCRYPTO_ERROR; ------------------ | | 46| 0|#define SSH_ERR_LIBCRYPTO_ERROR -22 ------------------ 148| 0| goto out; 149| 0| } 150| 1| k->rsa = private; 151| 1| private = NULL; 152| 1| ret = 0; 153| 1| out: 154| 1| RSA_free(private); 155| 1| BN_free(f4); 156| 1| return ret; 157| 1|} ssh-rsa.c:rsa_hash_id_from_ident: 289| 1.06k|{ 290| 1.06k| if (strcmp(ident, "ssh-rsa") == 0) ------------------ | Branch (290:6): [True: 60, False: 1.00k] ------------------ 291| 60| return SSH_DIGEST_SHA1; ------------------ | | 26| 60|#define SSH_DIGEST_SHA1 1 ------------------ 292| 1.00k| if (strcmp(ident, "rsa-sha2-256") == 0) ------------------ | Branch (292:6): [True: 3, False: 1.00k] ------------------ 293| 3| return SSH_DIGEST_SHA256; ------------------ | | 27| 3|#define SSH_DIGEST_SHA256 2 ------------------ 294| 1.00k| if (strcmp(ident, "rsa-sha2-512") == 0) ------------------ | Branch (294:6): [True: 3, False: 1.00k] ------------------ 295| 3| return SSH_DIGEST_SHA512; ------------------ | | 29| 3|#define SSH_DIGEST_SHA512 4 ------------------ 296| 1.00k| return -1; 297| 1.00k|} ssh-rsa.c:ssh_rsa_verify: 478| 1.13k|{ 479| 1.13k| const BIGNUM *rsa_n; 480| 1.13k| char *sigtype = NULL; 481| 1.13k| int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR; ------------------ | | 25| 1.13k|#define SSH_ERR_INTERNAL_ERROR -1 ------------------ 482| 1.13k| size_t len = 0, diff, modlen, hlen; 483| 1.13k| struct sshbuf *b = NULL; 484| 1.13k| u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL; 485| | 486| 1.13k| if (key == NULL || key->rsa == NULL || ------------------ | Branch (486:6): [True: 0, False: 1.13k] | Branch (486:21): [True: 0, False: 1.13k] ------------------ 487| 1.13k| sshkey_type_plain(key->type) != KEY_RSA || ------------------ | Branch (487:6): [True: 0, False: 1.13k] ------------------ 488| 1.13k| sig == NULL || siglen == 0) ------------------ | Branch (488:6): [True: 0, False: 1.13k] | Branch (488:21): [True: 0, False: 1.13k] ------------------ 489| 0| return SSH_ERR_INVALID_ARGUMENT; ------------------ | | 34| 0|#define SSH_ERR_INVALID_ARGUMENT -10 ------------------ 490| 1.13k| RSA_get0_key(key->rsa, &rsa_n, NULL, NULL); 491| 1.13k| if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE) ------------------ | | 53| 1.13k|#define SSH_RSA_MINIMUM_MODULUS_SIZE 1024 ------------------ | Branch (491:6): [True: 0, False: 1.13k] ------------------ 492| 0| return SSH_ERR_KEY_LENGTH; ------------------ | | 80| 0|#define SSH_ERR_KEY_LENGTH -56 ------------------ 493| | 494| 1.13k| if ((b = sshbuf_from(sig, siglen)) == NULL) ------------------ | Branch (494:6): [True: 0, False: 1.13k] ------------------ 495| 0| return SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 496| 1.13k| if (sshbuf_get_cstring(b, &sigtype, NULL) != 0) { ------------------ | Branch (496:6): [True: 68, False: 1.06k] ------------------ 497| 68| ret = SSH_ERR_INVALID_FORMAT; ------------------ | | 28| 68|#define SSH_ERR_INVALID_FORMAT -4 ------------------ 498| 68| goto out; 499| 68| } 500| 1.06k| if ((hash_alg = rsa_hash_id_from_ident(sigtype)) == -1) { ------------------ | Branch (500:6): [True: 1.00k, False: 66] ------------------ 501| 1.00k| ret = SSH_ERR_KEY_TYPE_MISMATCH; ------------------ | | 37| 1.00k|#define SSH_ERR_KEY_TYPE_MISMATCH -13 ------------------ 502| 1.00k| goto out; 503| 1.00k| } 504| | /* 505| | * Allow ssh-rsa-cert-v01 certs to generate SHA2 signatures for 506| | * legacy reasons, but otherwise the signature type should match. 507| | */ 508| 66| if (alg != NULL && strcmp(alg, "ssh-rsa-cert-v01@openssh.com") != 0) { ------------------ | Branch (508:6): [True: 0, False: 66] | Branch (508:21): [True: 0, False: 0] ------------------ 509| 0| if ((want_alg = rsa_hash_id_from_keyname(alg)) == -1) { ------------------ | Branch (509:7): [True: 0, False: 0] ------------------ 510| 0| ret = SSH_ERR_INVALID_ARGUMENT; ------------------ | | 34| 0|#define SSH_ERR_INVALID_ARGUMENT -10 ------------------ 511| 0| goto out; 512| 0| } 513| 0| if (hash_alg != want_alg) { ------------------ | Branch (513:7): [True: 0, False: 0] ------------------ 514| 0| ret = SSH_ERR_SIGNATURE_INVALID; ------------------ | | 45| 0|#define SSH_ERR_SIGNATURE_INVALID -21 ------------------ 515| 0| goto out; 516| 0| } 517| 0| } 518| 66| if (sshbuf_get_string(b, &sigblob, &len) != 0) { ------------------ | Branch (518:6): [True: 5, False: 61] ------------------ 519| 5| ret = SSH_ERR_INVALID_FORMAT; ------------------ | | 28| 5|#define SSH_ERR_INVALID_FORMAT -4 ------------------ 520| 5| goto out; 521| 5| } 522| 61| if (sshbuf_len(b) != 0) { ------------------ | Branch (522:6): [True: 20, False: 41] ------------------ 523| 20| ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; ------------------ | | 47| 20|#define SSH_ERR_UNEXPECTED_TRAILING_DATA -23 ------------------ 524| 20| goto out; 525| 20| } 526| | /* RSA_verify expects a signature of RSA_size */ 527| 41| modlen = RSA_size(key->rsa); 528| 41| if (len > modlen) { ------------------ | Branch (528:6): [True: 29, False: 12] ------------------ 529| 29| ret = SSH_ERR_KEY_BITS_MISMATCH; ------------------ | | 35| 29|#define SSH_ERR_KEY_BITS_MISMATCH -11 ------------------ 530| 29| goto out; 531| 29| } else if (len < modlen) { ------------------ | Branch (531:13): [True: 11, False: 1] ------------------ 532| 11| diff = modlen - len; 533| 11| osigblob = sigblob; 534| 11| if ((sigblob = realloc(sigblob, modlen)) == NULL) { ------------------ | Branch (534:7): [True: 0, False: 11] ------------------ 535| 0| sigblob = osigblob; /* put it back for clear/free */ 536| 0| ret = SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 537| 0| goto out; 538| 0| } 539| 11| memmove(sigblob + diff, sigblob, len); 540| 11| explicit_bzero(sigblob, diff); 541| 11| len = modlen; 542| 11| } 543| 12| if ((hlen = ssh_digest_bytes(hash_alg)) == 0) { ------------------ | Branch (543:6): [True: 0, False: 12] ------------------ 544| 0| ret = SSH_ERR_INTERNAL_ERROR; ------------------ | | 25| 0|#define SSH_ERR_INTERNAL_ERROR -1 ------------------ 545| 0| goto out; 546| 0| } 547| 12| if ((ret = ssh_digest_memory(hash_alg, data, dlen, ------------------ | Branch (547:6): [True: 0, False: 12] ------------------ 548| 12| digest, sizeof(digest))) != 0) 549| 0| goto out; 550| | 551| 12| ret = openssh_RSA_verify(hash_alg, digest, hlen, sigblob, len, 552| 12| key->rsa); 553| 1.13k| out: 554| 1.13k| freezero(sigblob, len); 555| 1.13k| free(sigtype); 556| 1.13k| sshbuf_free(b); 557| 1.13k| explicit_bzero(digest, sizeof(digest)); 558| 1.13k| return ret; 559| 12|} ssh-rsa.c:openssh_RSA_verify: 635| 12|{ 636| 12| size_t rsasize = 0, oidlen = 0, hlen = 0; 637| 12| int ret, len, oidmatch, hashmatch; 638| 12| const u_char *oid = NULL; 639| 12| u_char *decrypted = NULL; 640| | 641| 12| if ((ret = rsa_hash_alg_oid(hash_alg, &oid, &oidlen)) != 0) ------------------ | Branch (641:6): [True: 0, False: 12] ------------------ 642| 0| return ret; 643| 12| ret = SSH_ERR_INTERNAL_ERROR; ------------------ | | 25| 12|#define SSH_ERR_INTERNAL_ERROR -1 ------------------ 644| 12| hlen = ssh_digest_bytes(hash_alg); 645| 12| if (hashlen != hlen) { ------------------ | Branch (645:6): [True: 0, False: 12] ------------------ 646| 0| ret = SSH_ERR_INVALID_ARGUMENT; ------------------ | | 34| 0|#define SSH_ERR_INVALID_ARGUMENT -10 ------------------ 647| 0| goto done; 648| 0| } 649| 12| rsasize = RSA_size(rsa); 650| 12| if (rsasize <= 0 || rsasize > SSHBUF_MAX_BIGNUM || ------------------ | | 33| 24|#define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */ ------------------ | Branch (650:6): [True: 0, False: 12] | Branch (650:22): [True: 0, False: 12] ------------------ 651| 12| siglen == 0 || siglen > rsasize) { ------------------ | Branch (651:6): [True: 0, False: 12] | Branch (651:21): [True: 0, False: 12] ------------------ 652| 0| ret = SSH_ERR_INVALID_ARGUMENT; ------------------ | | 34| 0|#define SSH_ERR_INVALID_ARGUMENT -10 ------------------ 653| 0| goto done; 654| 0| } 655| 12| if ((decrypted = malloc(rsasize)) == NULL) { ------------------ | Branch (655:6): [True: 0, False: 12] ------------------ 656| 0| ret = SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 657| 0| goto done; 658| 0| } 659| 12| if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa, ------------------ | Branch (659:6): [True: 12, False: 0] ------------------ 660| 12| RSA_PKCS1_PADDING)) < 0) { 661| 12| ret = SSH_ERR_LIBCRYPTO_ERROR; ------------------ | | 46| 12|#define SSH_ERR_LIBCRYPTO_ERROR -22 ------------------ 662| 12| goto done; 663| 12| } 664| 0| if (len < 0 || (size_t)len != hlen + oidlen) { ------------------ | Branch (664:6): [True: 0, False: 0] | Branch (664:17): [True: 0, False: 0] ------------------ 665| 0| ret = SSH_ERR_INVALID_FORMAT; ------------------ | | 28| 0|#define SSH_ERR_INVALID_FORMAT -4 ------------------ 666| 0| goto done; 667| 0| } 668| 0| oidmatch = timingsafe_bcmp(decrypted, oid, oidlen) == 0; 669| 0| hashmatch = timingsafe_bcmp(decrypted + oidlen, hash, hlen) == 0; 670| 0| if (!oidmatch || !hashmatch) { ------------------ | Branch (670:6): [True: 0, False: 0] | Branch (670:19): [True: 0, False: 0] ------------------ 671| 0| ret = SSH_ERR_SIGNATURE_INVALID; ------------------ | | 45| 0|#define SSH_ERR_SIGNATURE_INVALID -21 ------------------ 672| 0| goto done; 673| 0| } 674| 0| ret = 0; 675| 12|done: 676| 12| freezero(decrypted, rsasize); 677| 12| return ret; 678| 0|} ssh-rsa.c:rsa_hash_alg_oid: 612| 12|{ 613| 12| switch (hash_alg) { 614| 10| case SSH_DIGEST_SHA1: ------------------ | | 26| 10|#define SSH_DIGEST_SHA1 1 ------------------ | Branch (614:2): [True: 10, False: 2] ------------------ 615| 10| *oidp = id_sha1; 616| 10| *oidlenp = sizeof(id_sha1); 617| 10| break; 618| 1| case SSH_DIGEST_SHA256: ------------------ | | 27| 1|#define SSH_DIGEST_SHA256 2 ------------------ | Branch (618:2): [True: 1, False: 11] ------------------ 619| 1| *oidp = id_sha256; 620| 1| *oidlenp = sizeof(id_sha256); 621| 1| break; 622| 1| case SSH_DIGEST_SHA512: ------------------ | | 29| 1|#define SSH_DIGEST_SHA512 4 ------------------ | Branch (622:2): [True: 1, False: 11] ------------------ 623| 1| *oidp = id_sha512; 624| 1| *oidlenp = sizeof(id_sha512); 625| 1| break; 626| 0| default: ------------------ | Branch (626:2): [True: 0, False: 12] ------------------ 627| 0| return SSH_ERR_INVALID_ARGUMENT; ------------------ | | 34| 0|#define SSH_ERR_INVALID_ARGUMENT -10 ------------------ 628| 12| } 629| 12| return 0; 630| 12|} sshbuf_get_string: 188| 1.13k|{ 189| 1.13k| const u_char *val; 190| 1.13k| size_t len; 191| 1.13k| int r; 192| | 193| 1.13k| if (valp != NULL) ------------------ | Branch (193:6): [True: 1.13k, False: 0] ------------------ 194| 1.13k| *valp = NULL; 195| 1.13k| if (lenp != NULL) ------------------ | Branch (195:6): [True: 1.13k, False: 0] ------------------ 196| 1.13k| *lenp = 0; 197| 1.13k| if ((r = sshbuf_get_string_direct(buf, &val, &len)) < 0) ------------------ | Branch (197:6): [True: 317, False: 818] ------------------ 198| 317| return r; 199| 818| if (valp != NULL) { ------------------ | Branch (199:6): [True: 818, False: 0] ------------------ 200| 818| if ((*valp = malloc(len + 1)) == NULL) { ------------------ | Branch (200:7): [True: 0, False: 818] ------------------ 201| 0| SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); 202| 0| return SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 203| 0| } 204| 818| if (len != 0) ------------------ | Branch (204:7): [True: 412, False: 406] ------------------ 205| 412| memcpy(*valp, val, len); 206| 818| (*valp)[len] = '\0'; 207| 818| } 208| 818| if (lenp != NULL) ------------------ | Branch (208:6): [True: 818, False: 0] ------------------ 209| 818| *lenp = len; 210| 818| return 0; 211| 818|} sshbuf_get_string_direct: 215| 8.61k|{ 216| 8.61k| size_t len; 217| 8.61k| const u_char *p; 218| 8.61k| int r; 219| | 220| 8.61k| if (valp != NULL) ------------------ | Branch (220:6): [True: 2.20k, False: 6.41k] ------------------ 221| 2.20k| *valp = NULL; 222| 8.61k| if (lenp != NULL) ------------------ | Branch (222:6): [True: 2.20k, False: 6.41k] ------------------ 223| 2.20k| *lenp = 0; 224| 8.61k| if ((r = sshbuf_peek_string_direct(buf, &p, &len)) < 0) ------------------ | Branch (224:6): [True: 629, False: 7.98k] ------------------ 225| 629| return r; 226| 7.98k| if (valp != NULL) ------------------ | Branch (226:6): [True: 1.57k, False: 6.41k] ------------------ 227| 1.57k| *valp = p; 228| 7.98k| if (lenp != NULL) ------------------ | Branch (228:6): [True: 1.57k, False: 6.41k] ------------------ 229| 1.57k| *lenp = len; 230| 7.98k| if (sshbuf_consume(buf, len + 4) != 0) { ------------------ | Branch (230:6): [True: 0, False: 7.98k] ------------------ 231| | /* Shouldn't happen */ 232| 0| SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); 233| 0| SSHBUF_ABORT(); 234| 0| return SSH_ERR_INTERNAL_ERROR; ------------------ | | 25| 0|#define SSH_ERR_INTERNAL_ERROR -1 ------------------ 235| 0| } 236| 7.98k| return 0; 237| 7.98k|} sshbuf_peek_string_direct: 242| 18.9k|{ 243| 18.9k| u_int32_t len; 244| 18.9k| const u_char *p = sshbuf_ptr(buf); 245| | 246| 18.9k| if (valp != NULL) ------------------ | Branch (246:6): [True: 18.9k, False: 0] ------------------ 247| 18.9k| *valp = NULL; 248| 18.9k| if (lenp != NULL) ------------------ | Branch (248:6): [True: 18.9k, False: 0] ------------------ 249| 18.9k| *lenp = 0; 250| 18.9k| if (sshbuf_len(buf) < 4) { ------------------ | Branch (250:6): [True: 1.28k, False: 17.6k] ------------------ 251| 1.28k| SSHBUF_DBG(("SSH_ERR_MESSAGE_INCOMPLETE")); 252| 1.28k| return SSH_ERR_MESSAGE_INCOMPLETE; ------------------ | | 27| 1.28k|#define SSH_ERR_MESSAGE_INCOMPLETE -3 ------------------ 253| 1.28k| } 254| 17.6k| len = PEEK_U32(p); ------------------ | | 312| 17.6k| (((u_int32_t)(((const u_char *)(p))[0]) << 24) | \ | | 313| 17.6k| ((u_int32_t)(((const u_char *)(p))[1]) << 16) | \ | | 314| 17.6k| ((u_int32_t)(((const u_char *)(p))[2]) << 8) | \ | | 315| 17.6k| (u_int32_t)(((const u_char *)(p))[3])) ------------------ 255| 17.6k| if (len > SSHBUF_SIZE_MAX - 4) { ------------------ | | 31| 17.6k|#define SSHBUF_SIZE_MAX 0x8000000 /* Hard maximum size */ ------------------ | Branch (255:6): [True: 145, False: 17.4k] ------------------ 256| 145| SSHBUF_DBG(("SSH_ERR_STRING_TOO_LARGE")); 257| 145| return SSH_ERR_STRING_TOO_LARGE; ------------------ | | 30| 145|#define SSH_ERR_STRING_TOO_LARGE -6 ------------------ 258| 145| } 259| 17.4k| if (sshbuf_len(buf) - 4 < len) { ------------------ | Branch (259:6): [True: 599, False: 16.8k] ------------------ 260| 599| SSHBUF_DBG(("SSH_ERR_MESSAGE_INCOMPLETE")); 261| 599| return SSH_ERR_MESSAGE_INCOMPLETE; ------------------ | | 27| 599|#define SSH_ERR_MESSAGE_INCOMPLETE -3 ------------------ 262| 599| } 263| 16.8k| if (valp != NULL) ------------------ | Branch (263:6): [True: 16.8k, False: 0] ------------------ 264| 16.8k| *valp = p + 4; 265| 16.8k| if (lenp != NULL) ------------------ | Branch (265:6): [True: 16.8k, False: 0] ------------------ 266| 16.8k| *lenp = len; 267| 16.8k| return 0; 268| 17.4k|} sshbuf_get_cstring: 272| 6.82k|{ 273| 6.82k| size_t len; 274| 6.82k| const u_char *p, *z; 275| 6.82k| int r; 276| | 277| 6.82k| if (valp != NULL) ------------------ | Branch (277:6): [True: 6.82k, False: 0] ------------------ 278| 6.82k| *valp = NULL; 279| 6.82k| if (lenp != NULL) ------------------ | Branch (279:6): [True: 0, False: 6.82k] ------------------ 280| 0| *lenp = 0; 281| 6.82k| if ((r = sshbuf_peek_string_direct(buf, &p, &len)) != 0) ------------------ | Branch (281:6): [True: 348, False: 6.47k] ------------------ 282| 348| return r; 283| | /* Allow a \0 only at the end of the string */ 284| 6.47k| if (len > 0 && ------------------ | Branch (284:6): [True: 5.52k, False: 948] ------------------ 285| 6.47k| (z = memchr(p , '\0', len)) != NULL && z < p + len - 1) { ------------------ | Branch (285:6): [True: 132, False: 5.39k] | Branch (285:45): [True: 60, False: 72] ------------------ 286| 60| SSHBUF_DBG(("SSH_ERR_INVALID_FORMAT")); 287| 60| return SSH_ERR_INVALID_FORMAT; ------------------ | | 28| 60|#define SSH_ERR_INVALID_FORMAT -4 ------------------ 288| 60| } 289| 6.41k| if ((r = sshbuf_skip_string(buf)) != 0) ------------------ | | 205| 6.41k|#define sshbuf_skip_string(buf) sshbuf_get_string_direct(buf, NULL, NULL) ------------------ | Branch (289:6): [True: 0, False: 6.41k] ------------------ 290| 0| return -1; 291| 6.41k| if (valp != NULL) { ------------------ | Branch (291:6): [True: 6.41k, False: 0] ------------------ 292| 6.41k| if ((*valp = malloc(len + 1)) == NULL) { ------------------ | Branch (292:7): [True: 0, False: 6.41k] ------------------ 293| 0| SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); 294| 0| return SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 295| 0| } 296| 6.41k| if (len != 0) ------------------ | Branch (296:7): [True: 5.46k, False: 948] ------------------ 297| 5.46k| memcpy(*valp, p, len); 298| 6.41k| (*valp)[len] = '\0'; 299| 6.41k| } 300| 6.41k| if (lenp != NULL) ------------------ | Branch (300:6): [True: 0, False: 6.41k] ------------------ 301| 0| *lenp = (size_t)len; 302| 6.41k| return 0; 303| 6.41k|} sshbuf_froms: 548| 3.20k|{ 549| 3.20k| const u_char *p; 550| 3.20k| size_t len; 551| 3.20k| struct sshbuf *ret; 552| 3.20k| int r; 553| | 554| 3.20k| if (buf == NULL || bufp == NULL) ------------------ | Branch (554:6): [True: 0, False: 3.20k] | Branch (554:21): [True: 0, False: 3.20k] ------------------ 555| 0| return SSH_ERR_INVALID_ARGUMENT; ------------------ | | 34| 0|#define SSH_ERR_INVALID_ARGUMENT -10 ------------------ 556| 3.20k| *bufp = NULL; 557| 3.20k| if ((r = sshbuf_peek_string_direct(buf, &p, &len)) != 0) ------------------ | Branch (557:6): [True: 936, False: 2.27k] ------------------ 558| 936| return r; 559| 2.27k| if ((ret = sshbuf_from(p, len)) == NULL) ------------------ | Branch (559:6): [True: 0, False: 2.27k] ------------------ 560| 0| return SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 561| 2.27k| if ((r = sshbuf_consume(buf, len + 4)) != 0 || /* Shouldn't happen */ ------------------ | Branch (561:6): [True: 0, False: 2.27k] ------------------ 562| 2.27k| (r = sshbuf_set_parent(ret, buf)) != 0) { ------------------ | Branch (562:6): [True: 0, False: 2.27k] ------------------ 563| 0| sshbuf_free(ret); 564| 0| return r; 565| 0| } 566| 2.27k| *bufp = ret; 567| 2.27k| return 0; 568| 2.27k|} sshbuf_get_bignum2_bytes_direct: 602| 275|{ 603| 275| const u_char *d; 604| 275| size_t len, olen; 605| 275| int r; 606| | 607| 275| if ((r = sshbuf_peek_string_direct(buf, &d, &olen)) < 0) ------------------ | Branch (607:6): [True: 112, False: 163] ------------------ 608| 112| return r; 609| 163| len = olen; 610| | /* Refuse negative (MSB set) bignums */ 611| 163| if ((len != 0 && (*d & 0x80) != 0)) ------------------ | Branch (611:7): [True: 98, False: 65] | Branch (611:19): [True: 11, False: 87] ------------------ 612| 11| return SSH_ERR_BIGNUM_IS_NEGATIVE; ------------------ | | 29| 11|#define SSH_ERR_BIGNUM_IS_NEGATIVE -5 ------------------ 613| | /* Refuse overlong bignums, allow prepended \0 to avoid MSB set */ 614| 152| if (len > SSHBUF_MAX_BIGNUM + 1 || ------------------ | | 33| 152|#define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */ ------------------ | Branch (614:6): [True: 13, False: 139] ------------------ 615| 152| (len == SSHBUF_MAX_BIGNUM + 1 && *d != 0)) ------------------ | | 33| 139|#define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */ ------------------ | Branch (615:7): [True: 10, False: 129] | Branch (615:39): [True: 7, False: 3] ------------------ 616| 20| return SSH_ERR_BIGNUM_TOO_LARGE; ------------------ | | 31| 20|#define SSH_ERR_BIGNUM_TOO_LARGE -7 ------------------ 617| | /* Trim leading zeros */ 618| 707| while (len > 0 && *d == 0x00) { ------------------ | Branch (618:9): [True: 631, False: 76] | Branch (618:20): [True: 575, False: 56] ------------------ 619| 575| d++; 620| 575| len--; 621| 575| } 622| 132| if (valp != NULL) ------------------ | Branch (622:6): [True: 132, False: 0] ------------------ 623| 132| *valp = d; 624| 132| if (lenp != NULL) ------------------ | Branch (624:6): [True: 132, False: 0] ------------------ 625| 132| *lenp = len; 626| 132| if (sshbuf_consume(buf, olen + 4) != 0) { ------------------ | Branch (626:6): [True: 0, False: 132] ------------------ 627| | /* Shouldn't happen */ 628| 0| SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); 629| 0| SSHBUF_ABORT(); 630| 0| return SSH_ERR_INTERNAL_ERROR; ------------------ | | 25| 0|#define SSH_ERR_INTERNAL_ERROR -1 ------------------ 631| 0| } 632| 132| return 0; 633| 132|} sshbuf_get_bignum2: 37| 275|{ 38| 275| BIGNUM *v; 39| 275| const u_char *d; 40| 275| size_t len; 41| 275| int r; 42| | 43| 275| if (valp != NULL) ------------------ | Branch (43:6): [True: 275, False: 0] ------------------ 44| 275| *valp = NULL; 45| 275| if ((r = sshbuf_get_bignum2_bytes_direct(buf, &d, &len)) != 0) ------------------ | Branch (45:6): [True: 143, False: 132] ------------------ 46| 143| return r; 47| 132| if (valp != NULL) { ------------------ | Branch (47:6): [True: 132, False: 0] ------------------ 48| 132| if ((v = BN_new()) == NULL || ------------------ | Branch (48:7): [True: 0, False: 132] ------------------ 49| 132| BN_bin2bn(d, len, v) == NULL) { ------------------ | Branch (49:7): [True: 0, False: 132] ------------------ 50| 0| BN_clear_free(v); 51| 0| return SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 52| 0| } 53| 132| *valp = v; 54| 132| } 55| 132| return 0; 56| 132|} sshbuf_from: 112| 9.09k|{ 113| 9.09k| struct sshbuf *ret; 114| | 115| 9.09k| if (blob == NULL || len > SSHBUF_SIZE_MAX || ------------------ | | 31| 18.1k|#define SSHBUF_SIZE_MAX 0x8000000 /* Hard maximum size */ ------------------ | Branch (115:6): [True: 0, False: 9.09k] | Branch (115:22): [True: 0, False: 9.09k] ------------------ 116| 9.09k| (ret = calloc(sizeof(*ret), 1)) == NULL) ------------------ | Branch (116:6): [True: 0, False: 9.09k] ------------------ 117| 0| return NULL; 118| 9.09k| ret->alloc = ret->size = ret->max_size = len; 119| 9.09k| ret->readonly = 1; 120| 9.09k| ret->refcount = 1; 121| 9.09k| ret->parent = NULL; 122| 9.09k| ret->cd = blob; 123| 9.09k| ret->d = NULL; 124| 9.09k| return ret; 125| 9.09k|} sshbuf_set_parent: 129| 2.27k|{ 130| 2.27k| int r; 131| | 132| 2.27k| if ((r = sshbuf_check_sanity(child)) != 0 || ------------------ | Branch (132:6): [True: 0, False: 2.27k] ------------------ 133| 2.27k| (r = sshbuf_check_sanity(parent)) != 0) ------------------ | Branch (133:6): [True: 0, False: 2.27k] ------------------ 134| 0| return r; 135| 2.27k| if (child->parent != NULL && child->parent != parent) ------------------ | Branch (135:6): [True: 0, False: 2.27k] | Branch (135:31): [True: 0, False: 0] ------------------ 136| 0| return SSH_ERR_INTERNAL_ERROR; ------------------ | | 25| 0|#define SSH_ERR_INTERNAL_ERROR -1 ------------------ 137| 2.27k| child->parent = parent; 138| 2.27k| child->parent->refcount++; 139| 2.27k| return 0; 140| 2.27k|} sshbuf_free: 160| 19.3k|{ 161| 19.3k| if (buf == NULL) ------------------ | Branch (161:6): [True: 7.96k, False: 11.3k] ------------------ 162| 7.96k| return; 163| | /* 164| | * The following will leak on insane buffers, but this is the safest 165| | * course of action - an invalid pointer or already-freed pointer may 166| | * have been passed to us and continuing to scribble over memory would 167| | * be bad. 168| | */ 169| 11.3k| if (sshbuf_check_sanity(buf) != 0) ------------------ | Branch (169:6): [True: 0, False: 11.3k] ------------------ 170| 0| return; 171| | 172| | /* 173| | * If we are a parent with still-extant children, then don't free just 174| | * yet. The last child's call to sshbuf_free should decrement our 175| | * refcount to 0 and trigger the actual free. 176| | */ 177| 11.3k| buf->refcount--; 178| 11.3k| if (buf->refcount > 0) ------------------ | Branch (178:6): [True: 2.27k, False: 9.09k] ------------------ 179| 2.27k| return; 180| | 181| | /* 182| | * If we are a child, the free our parent to decrement its reference 183| | * count and possibly free it. 184| | */ 185| 9.09k| sshbuf_free(buf->parent); 186| 9.09k| buf->parent = NULL; 187| | 188| 9.09k| if (!buf->readonly) { ------------------ | Branch (188:6): [True: 0, False: 9.09k] ------------------ 189| 0| explicit_bzero(buf->d, buf->alloc); 190| 0| free(buf->d); 191| 0| } 192| 9.09k| freezero(buf, sizeof(*buf)); 193| 9.09k|} sshbuf_len: 282| 47.2k|{ 283| 47.2k| if (sshbuf_check_sanity(buf) != 0) ------------------ | Branch (283:6): [True: 0, False: 47.2k] ------------------ 284| 0| return 0; 285| 47.2k| return buf->size - buf->off; 286| 47.2k|} sshbuf_ptr: 298| 18.9k|{ 299| 18.9k| if (sshbuf_check_sanity(buf) != 0) ------------------ | Branch (299:6): [True: 0, False: 18.9k] ------------------ 300| 0| return NULL; 301| 18.9k| return buf->cd + buf->off; 302| 18.9k|} sshbuf_consume: 393| 10.3k|{ 394| 10.3k| int r; 395| | 396| 10.3k| SSHBUF_DBG(("len = %zu", len)); 397| 10.3k| if ((r = sshbuf_check_sanity(buf)) != 0) ------------------ | Branch (397:6): [True: 0, False: 10.3k] ------------------ 398| 0| return r; 399| 10.3k| if (len == 0) ------------------ | Branch (399:6): [True: 0, False: 10.3k] ------------------ 400| 0| return 0; 401| 10.3k| if (len > sshbuf_len(buf)) ------------------ | Branch (401:6): [True: 0, False: 10.3k] ------------------ 402| 0| return SSH_ERR_MESSAGE_INCOMPLETE; ------------------ | | 27| 0|#define SSH_ERR_MESSAGE_INCOMPLETE -3 ------------------ 403| 10.3k| buf->off += len; 404| | /* deal with empty buffer */ 405| 10.3k| if (buf->off == buf->size) ------------------ | Branch (405:6): [True: 4.38k, False: 6.00k] ------------------ 406| 4.38k| buf->off = buf->size = 0; 407| 10.3k| SSHBUF_TELL("done"); 408| 10.3k| return 0; 409| 10.3k|} sshbuf.c:sshbuf_check_sanity: 56| 92.4k|{ 57| 92.4k| SSHBUF_TELL("sanity"); 58| 92.4k| if (__predict_false(buf == NULL || ------------------ | | 924| 1.57M|# define __predict_false(exp) __builtin_expect(((exp) != 0), 0) | | ------------------ | | | Branch (924:35): [True: 0, False: 92.4k] | | | Branch (924:54): [True: 0, False: 92.4k] | | | Branch (924:54): [True: 0, False: 0] | | | Branch (924:54): [True: 0, False: 92.4k] | | | Branch (924:54): [True: 0, False: 92.4k] | | | Branch (924:54): [True: 0, False: 92.4k] | | | Branch (924:54): [True: 0, False: 92.4k] | | | Branch (924:54): [True: 0, False: 92.4k] | | | Branch (924:54): [True: 0, False: 92.4k] | | | Branch (924:54): [True: 0, False: 92.4k] | | | Branch (924:54): [True: 0, False: 92.4k] | | ------------------ ------------------ 59| 92.4k| (!buf->readonly && buf->d != buf->cd) || 60| 92.4k| buf->refcount < 1 || buf->refcount > SSHBUF_REFS_MAX || 61| 92.4k| buf->cd == NULL || 62| 92.4k| buf->max_size > SSHBUF_SIZE_MAX || 63| 92.4k| buf->alloc > buf->max_size || 64| 92.4k| buf->size > buf->alloc || 65| 92.4k| buf->off > buf->size)) { 66| | /* Do not try to recover from corrupted buffer internals */ 67| 0| SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); 68| 0| ssh_signal(SIGSEGV, SIG_DFL); 69| 0| raise(SIGSEGV); 70| 0| return SSH_ERR_INTERNAL_ERROR; ------------------ | | 25| 0|#define SSH_ERR_INTERNAL_ERROR -1 ------------------ 71| 0| } 72| 92.4k| return 0; 73| 92.4k|} sshkey_type_is_cert: 225| 12|{ 226| 12| const struct sshkey_impl *impl; 227| | 228| 12| if ((impl = sshkey_impl_from_type(type)) == NULL) ------------------ | Branch (228:6): [True: 6, False: 6] ------------------ 229| 6| return 0; 230| 6| return impl->cert; 231| 12|} sshkey_ssh_name_plain: 241| 2.27k|{ 242| 2.27k| return sshkey_ssh_name_from_type_nid(sshkey_type_plain(k->type), 243| 2.27k| k->ecdsa_nid); 244| 2.27k|} sshkey_is_cert: 407| 6|{ 408| 6| if (k == NULL) ------------------ | Branch (408:6): [True: 0, False: 6] ------------------ 409| 0| return 0; 410| 6| return sshkey_type_is_cert(k->type); 411| 6|} sshkey_type_plain: 430| 9.09k|{ 431| 9.09k| switch (type) { 432| 0| case KEY_RSA_CERT: ------------------ | Branch (432:2): [True: 0, False: 9.09k] ------------------ 433| 0| return KEY_RSA; 434| 0| case KEY_DSA_CERT: ------------------ | Branch (434:2): [True: 0, False: 9.09k] ------------------ 435| 0| return KEY_DSA; 436| 0| case KEY_ECDSA_CERT: ------------------ | Branch (436:2): [True: 0, False: 9.09k] ------------------ 437| 0| return KEY_ECDSA; 438| 0| case KEY_ECDSA_SK_CERT: ------------------ | Branch (438:2): [True: 0, False: 9.09k] ------------------ 439| 0| return KEY_ECDSA_SK; 440| 0| case KEY_ED25519_CERT: ------------------ | Branch (440:2): [True: 0, False: 9.09k] ------------------ 441| 0| return KEY_ED25519; 442| 0| case KEY_ED25519_SK_CERT: ------------------ | Branch (442:2): [True: 0, False: 9.09k] ------------------ 443| 0| return KEY_ED25519_SK; 444| 0| case KEY_XMSS_CERT: ------------------ | Branch (444:2): [True: 0, False: 9.09k] ------------------ 445| 0| return KEY_XMSS; 446| 9.09k| default: ------------------ | Branch (446:2): [True: 9.09k, False: 0] ------------------ 447| 9.09k| return type; 448| 9.09k| } 449| 9.09k|} sshkey_curve_nid_to_bits: 494| 3.41k|{ 495| 3.41k| switch (nid) { 496| 1.13k| case NID_X9_62_prime256v1: ------------------ | Branch (496:2): [True: 1.13k, False: 2.27k] ------------------ 497| 1.13k| return 256; 498| 1.13k| case NID_secp384r1: ------------------ | Branch (498:2): [True: 1.13k, False: 2.27k] ------------------ 499| 1.13k| return 384; 500| 0|# ifdef OPENSSL_HAS_NISTP521 501| 1.13k| case NID_secp521r1: ------------------ | Branch (501:2): [True: 1.13k, False: 2.27k] ------------------ 502| 1.13k| return 521; 503| 0|# endif /* OPENSSL_HAS_NISTP521 */ 504| 0| default: ------------------ | Branch (504:2): [True: 0, False: 3.41k] ------------------ 505| 0| return 0; 506| 3.41k| } 507| 3.41k|} sshkey_ecdsa_bits_to_nid: 511| 3|{ 512| 3| switch (bits) { 513| 1| case 256: ------------------ | Branch (513:2): [True: 1, False: 2] ------------------ 514| 1| return NID_X9_62_prime256v1; 515| 1| case 384: ------------------ | Branch (515:2): [True: 1, False: 2] ------------------ 516| 1| return NID_secp384r1; 517| 0|# ifdef OPENSSL_HAS_NISTP521 518| 1| case 521: ------------------ | Branch (518:2): [True: 1, False: 2] ------------------ 519| 1| return NID_secp521r1; 520| 0|# endif /* OPENSSL_HAS_NISTP521 */ 521| 0| default: ------------------ | Branch (521:2): [True: 0, False: 3] ------------------ 522| 0| return -1; 523| 3| } 524| 3|} sshkey_ec_nid_to_hash_alg: 545| 3.41k|{ 546| 3.41k| int kbits = sshkey_curve_nid_to_bits(nid); 547| | 548| 3.41k| if (kbits <= 0) ------------------ | Branch (548:6): [True: 0, False: 3.41k] ------------------ 549| 0| return -1; 550| | 551| | /* RFC5656 section 6.2.1 */ 552| 3.41k| if (kbits <= 256) ------------------ | Branch (552:6): [True: 1.13k, False: 2.27k] ------------------ 553| 1.13k| return SSH_DIGEST_SHA256; ------------------ | | 27| 1.13k|#define SSH_DIGEST_SHA256 2 ------------------ 554| 2.27k| else if (kbits <= 384) ------------------ | Branch (554:11): [True: 1.13k, False: 1.13k] ------------------ 555| 1.13k| return SSH_DIGEST_SHA384; ------------------ | | 28| 1.13k|#define SSH_DIGEST_SHA384 3 ------------------ 556| 1.13k| else 557| 1.13k| return SSH_DIGEST_SHA512; ------------------ | | 29| 1.13k|#define SSH_DIGEST_SHA512 4 ------------------ 558| 3.41k|} sshkey_new: 602| 6|{ 603| 6| struct sshkey *k; 604| 6| const struct sshkey_impl *impl = NULL; 605| | 606| 6| if (type != KEY_UNSPEC && ------------------ | Branch (606:6): [True: 0, False: 6] ------------------ 607| 6| (impl = sshkey_impl_from_type(type)) == NULL) ------------------ | Branch (607:6): [True: 0, False: 0] ------------------ 608| 0| return NULL; 609| | 610| | /* All non-certificate types may act as CAs */ 611| 6| if ((k = calloc(1, sizeof(*k))) == NULL) ------------------ | Branch (611:6): [True: 0, False: 6] ------------------ 612| 0| return NULL; 613| 6| k->type = type; 614| 6| k->ecdsa_nid = -1; 615| 6| if (impl != NULL && impl->funcs->alloc != NULL) { ------------------ | Branch (615:6): [True: 0, False: 6] | Branch (615:22): [True: 0, False: 0] ------------------ 616| 0| if (impl->funcs->alloc(k) != 0) { ------------------ | Branch (616:7): [True: 0, False: 0] ------------------ 617| 0| free(k); 618| 0| return NULL; 619| 0| } 620| 0| } 621| 6| if (sshkey_is_cert(k)) { ------------------ | Branch (621:6): [True: 0, False: 6] ------------------ 622| 0| if ((k->cert = cert_new()) == NULL) { ------------------ | Branch (622:7): [True: 0, False: 0] ------------------ 623| 0| sshkey_free(k); 624| 0| return NULL; 625| 0| } 626| 0| } 627| | 628| 6| return k; 629| 6|} sshkey_generate: 1391| 6|{ 1392| 6| struct sshkey *k; 1393| 6| int ret = SSH_ERR_INTERNAL_ERROR; ------------------ | | 25| 6|#define SSH_ERR_INTERNAL_ERROR -1 ------------------ 1394| 6| const struct sshkey_impl *impl; 1395| | 1396| 6| if (keyp == NULL || sshkey_type_is_cert(type)) ------------------ | Branch (1396:6): [True: 0, False: 6] | Branch (1396:22): [True: 0, False: 6] ------------------ 1397| 0| return SSH_ERR_INVALID_ARGUMENT; ------------------ | | 34| 0|#define SSH_ERR_INVALID_ARGUMENT -10 ------------------ 1398| 6| *keyp = NULL; 1399| 6| if ((impl = sshkey_impl_from_type(type)) == NULL) ------------------ | Branch (1399:6): [True: 0, False: 6] ------------------ 1400| 0| return SSH_ERR_KEY_TYPE_UNKNOWN; ------------------ | | 38| 0|#define SSH_ERR_KEY_TYPE_UNKNOWN -14 /* XXX UNSUPPORTED? */ ------------------ 1401| 6| if (impl->funcs->generate == NULL) ------------------ | Branch (1401:6): [True: 0, False: 6] ------------------ 1402| 0| return SSH_ERR_FEATURE_UNSUPPORTED; ------------------ | | 83| 0|#define SSH_ERR_FEATURE_UNSUPPORTED -59 ------------------ 1403| 6| if ((k = sshkey_new(KEY_UNSPEC)) == NULL) ------------------ | Branch (1403:6): [True: 0, False: 6] ------------------ 1404| 0| return SSH_ERR_ALLOC_FAIL; ------------------ | | 26| 0|#define SSH_ERR_ALLOC_FAIL -2 ------------------ 1405| 6| k->type = type; 1406| 6| if ((ret = impl->funcs->generate(k, bits)) != 0) { ------------------ | Branch (1406:6): [True: 0, False: 6] ------------------ 1407| 0| sshkey_free(k); 1408| 0| return ret; 1409| 0| } 1410| | /* success */ 1411| 6| *keyp = k; 1412| 6| return 0; 1413| 6|} sshkey_verify: 2124| 6.82k|{ 2125| 6.82k| const struct sshkey_impl *impl; 2126| | 2127| 6.82k| if (detailsp != NULL) ------------------ | Branch (2127:6): [True: 6.82k, False: 0] ------------------ 2128| 6.82k| *detailsp = NULL; 2129| 6.82k| if (siglen == 0 || dlen > SSH_KEY_MAX_SIGN_DATA_SIZE) ------------------ | | 54| 6.82k|#define SSH_KEY_MAX_SIGN_DATA_SIZE (1 << 20) ------------------ | Branch (2129:6): [True: 0, False: 6.82k] | Branch (2129:21): [True: 0, False: 6.82k] ------------------ 2130| 0| return SSH_ERR_INVALID_ARGUMENT; ------------------ | | 34| 0|#define SSH_ERR_INVALID_ARGUMENT -10 ------------------ 2131| 6.82k| if ((impl = sshkey_impl_from_key(key)) == NULL) ------------------ | Branch (2131:6): [True: 0, False: 6.82k] ------------------ 2132| 0| return SSH_ERR_KEY_TYPE_UNKNOWN; ------------------ | | 38| 0|#define SSH_ERR_KEY_TYPE_UNKNOWN -14 /* XXX UNSUPPORTED? */ ------------------ 2133| 6.82k| return impl->funcs->verify(key, sig, siglen, data, dlen, 2134| 6.82k| alg, compat, detailsp); 2135| 6.82k|} sshkey_sig_details_free: 3563| 6.82k|{ 3564| 6.82k| freezero(details, sizeof(*details)); 3565| 6.82k|} sshkey.c:sshkey_impl_from_key: 197| 6.82k|{ 198| 6.82k| if (k == NULL) ------------------ | Branch (198:6): [True: 0, False: 6.82k] ------------------ 199| 0| return NULL; 200| 6.82k| return sshkey_impl_from_type_nid(k->type, k->ecdsa_nid); 201| 6.82k|} sshkey.c:sshkey_impl_from_type_nid: 184| 9.09k|{ 185| 9.09k| int i; 186| | 187| 75.0k| for (i = 0; keyimpls[i] != NULL; i++) { ------------------ | Branch (187:14): [True: 75.0k, False: 0] ------------------ 188| 75.0k| if (keyimpls[i]->type == type && ------------------ | Branch (188:7): [True: 14.7k, False: 60.2k] ------------------ 189| 75.0k| (keyimpls[i]->nid == 0 || keyimpls[i]->nid == nid)) ------------------ | Branch (189:8): [True: 3.41k, False: 11.3k] | Branch (189:33): [True: 5.68k, False: 5.68k] ------------------ 190| 9.09k| return keyimpls[i]; 191| 75.0k| } 192| 0| return NULL; 193| 9.09k|} sshkey.c:sshkey_impl_from_type: 172| 18|{ 173| 18| int i; 174| | 175| 236| for (i = 0; keyimpls[i] != NULL; i++) { ------------------ | Branch (175:14): [True: 230, False: 6] ------------------ 176| 230| if (keyimpls[i]->type == type) ------------------ | Branch (176:7): [True: 12, False: 218] ------------------ 177| 12| return keyimpls[i]; 178| 230| } 179| 6| return NULL; 180| 18|} sshkey.c:sshkey_ssh_name_from_type_nid: 215| 2.27k|{ 216| 2.27k| const struct sshkey_impl *impl; 217| | 218| 2.27k| if ((impl = sshkey_impl_from_type_nid(type, nid)) == NULL) ------------------ | Branch (218:6): [True: 0, False: 2.27k] ------------------ 219| 0| return "ssh-unknown"; 220| 2.27k| return impl->name; 221| 2.27k|}