Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	usr.bin/ssh/lib/../ed25519.c	Lines:	0	69	0.0 %
Date:	2017-11-13	Branches:	0	26	0.0 %


/* $OpenBSD: ed25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */

/*
 * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange,
 * Peter Schwabe, Bo-Yin Yang.
 * Copied from supercop-20130419/crypto_sign/ed25519/ref/ed25519.c
 */

#include "crypto_api.h"

#include "ge25519.h"

static void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen)
{
  unsigned long long i;

  for (i =  0;i < 32;++i)    playground[i] = sm[i];
  for (i = 32;i < 64;++i)    playground[i] = pk[i-32];
  for (i = 64;i < smlen;++i) playground[i] = sm[i];

  crypto_hash_sha512(hram,playground,smlen);
}


int crypto_sign_ed25519_keypair(
    unsigned char *pk,
    unsigned char *sk
    )
{
  sc25519 scsk;
  ge25519 gepk;
  unsigned char extsk[64];
  int i;

  randombytes(sk, 32);
  crypto_hash_sha512(extsk, sk, 32);
  extsk[0] &= 248;
  extsk[31] &= 127;
  extsk[31] |= 64;

  sc25519_from32bytes(&scsk,extsk);

  ge25519_scalarmult_base(&gepk, &scsk);
  ge25519_pack(pk, &gepk);
  for(i=0;i<32;i++)
    sk[32 + i] = pk[i];
  return 0;
}

int crypto_sign_ed25519(
    unsigned char *sm,unsigned long long *smlen,
    const unsigned char *m,unsigned long long mlen,
    const unsigned char *sk
    )
{
  sc25519 sck, scs, scsk;
  ge25519 ger;
  unsigned char r[32];
  unsigned char s[32];
  unsigned char extsk[64];
  unsigned long long i;
  unsigned char hmg[crypto_hash_sha512_BYTES];
  unsigned char hram[crypto_hash_sha512_BYTES];

  crypto_hash_sha512(extsk, sk, 32);
  extsk[0] &= 248;
  extsk[31] &= 127;
  extsk[31] |= 64;

  *smlen = mlen+64;
  for(i=0;i<mlen;i++)
    sm[64 + i] = m[i];
  for(i=0;i<32;i++)
    sm[32 + i] = extsk[32+i];

  crypto_hash_sha512(hmg, sm+32, mlen+32); /* Generate k as h(extsk[32],...,extsk[63],m) */

  /* Computation of R */
  sc25519_from64bytes(&sck, hmg);
  ge25519_scalarmult_base(&ger, &sck);
  ge25519_pack(r, &ger);

  /* Computation of s */
  for(i=0;i<32;i++)
    sm[i] = r[i];

  get_hram(hram, sm, sk+32, sm, mlen+64);

  sc25519_from64bytes(&scs, hram);
  sc25519_from32bytes(&scsk, extsk);
  sc25519_mul(&scs, &scs, &scsk);

  sc25519_add(&scs, &scs, &sck);

  sc25519_to32bytes(s,&scs); /* cat s */
  for(i=0;i<32;i++)
    sm[32 + i] = s[i];

  return 0;
}

int crypto_sign_ed25519_open(
    unsigned char *m,unsigned long long *mlen,
    const unsigned char *sm,unsigned long long smlen,
    const unsigned char *pk
    )
{
  unsigned int i;
  int ret;
  unsigned char t2[32];
  ge25519 get1, get2;
  sc25519 schram, scs;
  unsigned char hram[crypto_hash_sha512_BYTES];

  *mlen = (unsigned long long) -1;
  if (smlen < 64) return -1;

  if (ge25519_unpackneg_vartime(&get1, pk)) return -1;

  get_hram(hram,sm,pk,m,smlen);

  sc25519_from64bytes(&schram, hram);

  sc25519_from32bytes(&scs, sm+32);

  ge25519_double_scalarmult_vartime(&get2, &get1, &schram, &ge25519_base, &scs);
  ge25519_pack(t2, &get2);

  ret = crypto_verify_32(sm, t2);

  if (!ret)
  {
    for(i=0;i<smlen-64;i++)
      m[i] = sm[i + 64];
    *mlen = smlen-64;
  }
  else
  {
    for(i=0;i<smlen-64;i++)
      m[i] = 0;
  }
  return ret;
}


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* $OpenBSD: ed25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */
2
3			/*
4			* Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange,
5			* Peter Schwabe, Bo-Yin Yang.
6			* Copied from supercop-20130419/crypto_sign/ed25519/ref/ed25519.c
7			*/
8
9			#include "crypto_api.h"
10
11			#include "ge25519.h"
12
13			static void get_hram(unsigned char hram, const unsigned char sm, const unsigned char pk, unsigned char playground, unsigned long long smlen)
14			{
15			unsigned long long i;
16
17			for (i = 0;i < 32;++i) playground[i] = sm[i];
18			for (i = 32;i < 64;++i) playground[i] = pk[i-32];
19			for (i = 64;i < smlen;++i) playground[i] = sm[i];
20
21			crypto_hash_sha512(hram,playground,smlen);
22			}
23
24
25			int crypto_sign_ed25519_keypair(
26			unsigned char *pk,
27			unsigned char *sk
28			)
29			{
30			sc25519 scsk;
31			ge25519 gepk;
32			unsigned char extsk[64];
33			int i;
34
35			randombytes(sk, 32);
36			crypto_hash_sha512(extsk, sk, 32);
37			extsk[0] &= 248;
38			extsk[31] &= 127;
39			extsk[31] \|= 64;
40
41			sc25519_from32bytes(&scsk,extsk);
42
43			ge25519_scalarmult_base(&gepk, &scsk);
44			ge25519_pack(pk, &gepk);
45			for(i=0;i<32;i++)
46			sk[32 + i] = pk[i];
47			return 0;
48			}
49
50			int crypto_sign_ed25519(
51			unsigned char sm,unsigned long long smlen,
52			const unsigned char *m,unsigned long long mlen,
53			const unsigned char *sk
54			)
55			{
56			sc25519 sck, scs, scsk;
57			ge25519 ger;
58			unsigned char r[32];
59			unsigned char s[32];
60			unsigned char extsk[64];
61			unsigned long long i;
62			unsigned char hmg[crypto_hash_sha512_BYTES];
63			unsigned char hram[crypto_hash_sha512_BYTES];
64
65			crypto_hash_sha512(extsk, sk, 32);
66			extsk[0] &= 248;
67			extsk[31] &= 127;
68			extsk[31] \|= 64;
69
70			*smlen = mlen+64;
71			for(i=0;i<mlen;i++)
72			sm[64 + i] = m[i];
73			for(i=0;i<32;i++)
74			sm[32 + i] = extsk[32+i];
75
76			crypto_hash_sha512(hmg, sm+32, mlen+32); /* Generate k as h(extsk[32],...,extsk[63],m) */
77
78			/* Computation of R */
79			sc25519_from64bytes(&sck, hmg);
80			ge25519_scalarmult_base(&ger, &sck);
81			ge25519_pack(r, &ger);
82
83			/* Computation of s */
84			for(i=0;i<32;i++)
85			sm[i] = r[i];
86
87			get_hram(hram, sm, sk+32, sm, mlen+64);
88
89			sc25519_from64bytes(&scs, hram);
90			sc25519_from32bytes(&scsk, extsk);
91			sc25519_mul(&scs, &scs, &scsk);
92
93			sc25519_add(&scs, &scs, &sck);
94
95			sc25519_to32bytes(s,&scs); /* cat s */
96			for(i=0;i<32;i++)
97			sm[32 + i] = s[i];
98
99			return 0;
100			}
101
102			int crypto_sign_ed25519_open(
103			unsigned char m,unsigned long long mlen,
104			const unsigned char *sm,unsigned long long smlen,
105			const unsigned char *pk
106			)
107			{
108			unsigned int i;
109			int ret;
110			unsigned char t2[32];
111			ge25519 get1, get2;
112			sc25519 schram, scs;
113			unsigned char hram[crypto_hash_sha512_BYTES];
114
115			*mlen = (unsigned long long) -1;
116			if (smlen < 64) return -1;
117
118			if (ge25519_unpackneg_vartime(&get1, pk)) return -1;
119
120			get_hram(hram,sm,pk,m,smlen);
121
122			sc25519_from64bytes(&schram, hram);
123
124			sc25519_from32bytes(&scs, sm+32);
125
126			ge25519_double_scalarmult_vartime(&get2, &get1, &schram, &ge25519_base, &scs);
127			ge25519_pack(t2, &get2);
128
129			ret = crypto_verify_32(sm, t2);
130
131			if (!ret)
132			{
133			for(i=0;i<smlen-64;i++)
134			m[i] = sm[i + 64];
135			*mlen = smlen-64;
136			}
137			else
138			{
139			for(i=0;i<smlen-64;i++)
140			m[i] = 0;
141			}
142			return ret;
143			}