| line |
true |
false |
branch |
|
38
|
2304 |
288 |
FOR(i,8) u=(u<<8)|x[i]; |
|
45
|
2016 |
504 |
FOR(i,4) { x[i] = u; u >>= 8; } |
|
51
|
1224 |
153 |
for (i = 7;i >= 0;--i) { x[i] = u; u >>= 8; } |
|
57
|
480 |
20 |
FOR(i,n) d |= x[i]^y[i]; |
|
76
|
168 |
42 |
FOR(i,4) { |
|
83
|
672 |
42 |
FOR(i,16) y[i] = x[i]; |
|
85
|
840 |
42 |
FOR(i,20) { |
|
86
|
3360 |
840 |
FOR(j,4) { |
|
87
|
13440 |
3360 |
FOR(m,4) t[m] = x[(5*j+4*m)%16]; |
|
92
|
13440 |
3360 |
FOR(m,4) w[4*j+(j+m)%4] = t[m]; |
|
94
|
13440 |
840 |
FOR(m,16) x[m] = w[m]; |
|
97
|
21 |
21 |
if (h) { |
|
98
|
336 |
21 |
FOR(i,16) x[i] += y[i]; |
|
99
|
84 |
21 |
FOR(i,4) { |
|
103
|
84 |
21 |
FOR(i,4) { |
|
108
|
336 |
21 |
FOR(i,16) st32(out + 4 * i,x[i] + y[i]); |
|
129
|
0 |
17 |
if (!b) return 0; |
|
130
|
272 |
17 |
FOR(i,16) z[i] = 0; |
|
131
|
136 |
17 |
FOR(i,8) z[i] = n[i]; |
|
132
|
4 |
17 |
while (b >= 64) { |
|
134
|
256 |
0 |
FOR(i,64) c[i] = (m?m[i]:0) ^ x[i]; |
|
|
256 |
4 |
FOR(i,64) c[i] = (m?m[i]:0) ^ x[i]; |
|
136
|
32 |
4 |
for (i = 8;i < 16;++i) { |
|
143
|
4 |
0 |
if (m) m += 64; |
|
145
|
17 |
0 |
if (b) { |
|
147
|
310 |
224 |
FOR(i,b) c[i] = (m?m[i]:0) ^ x[i]; |
|
|
534 |
17 |
FOR(i,b) c[i] = (m?m[i]:0) ^ x[i]; |
|
174
|
714 |
42 |
FOR(j,17) { |
|
189
|
221 |
13 |
FOR(j,17) r[j]=h[j]=0; |
|
190
|
208 |
13 |
FOR(j,16) r[j]=k[j]; |
|
199
|
16 |
13 |
while (n > 0) { |
|
200
|
272 |
16 |
FOR(j,17) c[j] = 0; |
|
201
|
208 |
3 |
for (j = 0;(j < 16) && (j < n);++j) c[j] = m[j]; |
|
|
195 |
13 |
for (j = 0;(j < 16) && (j < n);++j) c[j] = m[j]; |
|
205
|
272 |
16 |
FOR(i,17) { |
|
207
|
2448 |
2176 |
FOR(j,17) x[i] += h[j] * ((j <= i) ? r[i - j] : 320 * r[i + 17 - j]); |
|
|
4624 |
272 |
FOR(j,17) x[i] += h[j] * ((j <= i) ? r[i - j] : 320 * r[i + 17 - j]); |
|
209
|
272 |
16 |
FOR(i,17) h[i] = x[i]; |
|
211
|
256 |
16 |
FOR(j,16) { |
|
218
|
256 |
16 |
FOR(j,16) { |
|
226
|
221 |
13 |
FOR(j,17) g[j] = h[j]; |
|
229
|
221 |
13 |
FOR(j,17) h[j] ^= s & (g[j] ^ h[j]); |
|
231
|
208 |
13 |
FOR(j,16) c[j] = k[j + 16]; |
|
234
|
208 |
13 |
FOR(j,16) out[j] = h[j]; |
|
248
|
0 |
4 |
if (d < 32) return -1; |
|
251
|
64 |
4 |
FOR(i,16) c[i] = 0; |
|
259
|
0 |
6 |
if (d < 32) return -1; |
|
261
|
4 |
2 |
if (crypto_onetimeauth_verify(c + 16,c + 32,d - 32,x) != 0) return -1; |
|
263
|
64 |
2 |
FOR(i,32) m[i] = 0; |
|
270
|
624 |
39 |
FOR(i,16) r[i]=a[i]; |
|
277
|
2175616 |
135976 |
FOR(i,16) { |
|
288
|
393536 |
24596 |
FOR(i,16) { |
|
299
|
544 |
34 |
FOR(i,16) t[i]=n[i]; |
|
303
|
68 |
34 |
FOR(j,2) { |
|
305
|
952 |
68 |
for(i=1;i<15;i++) { |
|
314
|
544 |
34 |
FOR(i,16) { |
|
338
|
240 |
15 |
FOR(i,16) o[i]=n[2*i]+((i64)n[2*i+1]<<8); |
|
345
|
441808 |
27613 |
FOR(i,16) o[i]=a[i]+b[i]; |
|
351
|
392656 |
24541 |
FOR(i,16) o[i]=a[i]-b[i]; |
|
357
|
2106047 |
67937 |
FOR(i,31) t[i]=0; |
|
358
|
17391872 |
1086992 |
FOR(i,16) FOR(j,16) t[i+j]+=a[i]*b[j]; |
|
|
1086992 |
67937 |
FOR(i,16) FOR(j,16) t[i+j]+=a[i]*b[j]; |
|
359
|
1019055 |
67937 |
FOR(i,15) t[i]+=38*t[i+16]; |
|
360
|
1086992 |
67937 |
FOR(i,16) o[i]=t[i]; |
|
374
|
256 |
16 |
FOR(a,16) c[a]=i[a]; |
|
375
|
4064 |
16 |
for(a=253;a>=0;a--) { |
|
377
|
4048 |
16 |
if(a!=2&&a!=4) M(c,c,i); |
|
|
4032 |
16 |
if(a!=2&&a!=4) M(c,c,i); |
|
379
|
256 |
16 |
FOR(a,16) o[a]=c[a]; |
|
386
|
48 |
3 |
FOR(a,16) c[a]=i[a]; |
|
387
|
753 |
3 |
for(a=250;a>=0;a--) { |
|
389
|
750 |
3 |
if(a!=1) M(c,c,i); |
|
391
|
48 |
3 |
FOR(a,16) o[a]=c[a]; |
|
399
|
372 |
12 |
FOR(i,31) z[i]=n[i]; |
|
403
|
192 |
12 |
FOR(i,16) { |
|
408
|
3060 |
12 |
for(i=254;i>=0;--i) { |
|
433
|
192 |
12 |
FOR(i,16) { |
|
524
|
144 |
18 |
FOR(i,8) z[i] = a[i] = dl64(x + 8 * i); |
|
526
|
9 |
18 |
while (n >= 128) { |
|
527
|
144 |
9 |
FOR(i,16) w[i] = dl64(m + 8 * i); |
|
529
|
720 |
9 |
FOR(i,80) { |
|
530
|
5760 |
720 |
FOR(j,8) b[j] = a[j]; |
|
534
|
5760 |
720 |
FOR(j,8) a[(j+1)%8] = b[j]; |
|
535
|
45 |
675 |
if (i%16 == 15) |
|
536
|
720 |
45 |
FOR(j,16) |
|
540
|
72 |
9 |
FOR(i,8) { a[i] += z[i]; z[i] = a[i]; } |
|
546
|
144 |
18 |
FOR(i,8) ts64(x+8*i,z[i]); |
|
567
|
576 |
9 |
FOR(i,64) h[i] = iv[i]; |
|
574
|
2304 |
9 |
FOR(i,256) x[i] = 0; |
|
575
|
533 |
9 |
FOR(i,n) x[i] = m[i]; |
|
578
|
9 |
0 |
n = 256-128*(n<112); |
|
583
|
576 |
9 |
FOR(i,64) out[i] = h[i]; |
|
616
|
12288 |
3072 |
FOR(i,4) |
|
637
|
1536 |
6 |
for (i = 255;i >= 0;--i) { |
|
671
|
0 |
0 |
FOR(i,32) sk[32 + i] = pk[i]; |
|
680
|
256 |
8 |
for (i = 63;i >= 32;--i) { |
|
682
|
5120 |
256 |
for (j = i - 32;j < i - 12;++j) { |
|
691
|
256 |
8 |
FOR(j,32) { |
|
696
|
256 |
8 |
FOR(j,32) x[j] -= carry * L[j]; |
|
697
|
256 |
8 |
FOR(i,32) { |
|
706
|
384 |
6 |
FOR(i,64) x[i] = (u64) r[i]; |
|
707
|
384 |
6 |
FOR(i,64) r[i] = 0; |
|
723
|
48 |
2 |
FOR(i,n) sm[64 + i] = m[i]; |
|
724
|
64 |
2 |
FOR(i,32) sm[32 + i] = d[32 + i]; |
|
731
|
64 |
2 |
FOR(i,32) sm[i+32] = sk[i+32]; |
|
735
|
128 |
2 |
FOR(i,64) x[i] = 0; |
|
736
|
64 |
2 |
FOR(i,32) x[i] = (u64) r[i]; |
|
737
|
2048 |
64 |
FOR(i,32) FOR(j,32) x[i+j] += h[i] * (u64) d[j]; |
|
|
64 |
2 |
FOR(i,32) FOR(j,32) x[i+j] += h[i] * (u64) d[j]; |
|
767
|
1 |
2 |
if (neq25519(chk, num)) M(r[0],r[0],I); |
|
771
|
1 |
2 |
if (neq25519(chk, num)) return -1; |
|
773
|
2 |
0 |
if (par25519(r[0]) == (p[31]>>7)) Z(r[0],gf0,r[0]); |
|
786
|
0 |
3 |
if (n < 64) return -1; |
|
788
|
1 |
2 |
if (unpackneg(q,pk)) return -1; |
|
790
|
176 |
2 |
FOR(i,n) m[i] = sm[i]; |
|
791
|
64 |
2 |
FOR(i,32) m[i+32] = pk[i]; |
|
801
|
1 |
1 |
if (crypto_verify_32(sm, t)) { |
|
802
|
24 |
1 |
FOR(i,n) m[i] = 0; |
|
806
|
24 |
1 |
FOR(i,n) m[i] = sm[i + 64]; |