_ZNK5Botan7AES_1284nameEv: 28| 101| std::string name() const override { return "AES-128"; } _ZNK5Botan7AES_2564nameEv: 119| 117| std::string name() const override { return "AES-256"; } _ZN5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EED2Ev: 64| 40.4k| ~AlignmentBuffer() { secure_zeroize_buffer(m_buffer.data(), sizeof(T) * m_buffer.size()); } _ZN5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EEC2Ev: 62| 40.4k| AlignmentBuffer() = default; _ZN5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE5clearEv: 71| 143k| void clear() { 72| 143k| zeroize_buffer(m_buffer.data(), m_buffer.size()); 73| 143k| m_position = 0; 74| 143k| } _ZN5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EEC2Ev: 62| 618| AlignmentBuffer() = default; _ZN5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE5clearEv: 71| 6.31k| void clear() { 72| 6.31k| zeroize_buffer(m_buffer.data(), m_buffer.size()); 73| 6.31k| m_position = 0; 74| 6.31k| } _ZN5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EED2Ev: 64| 618| ~AlignmentBuffer() { secure_zeroize_buffer(m_buffer.data(), sizeof(T) * m_buffer.size()); } _ZN5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE21handle_unaligned_dataERNS_12BufferSlicerE: 166| 214k| [[nodiscard]] std::optional> handle_unaligned_data(BufferSlicer& slicer) { 167| | // When the final block is to be deferred, we would need to store and 168| | // hold a buffer that contains exactly one block until more data is 169| | // passed or it is explicitly consumed. 170| 214k| const size_t defer = (defers_final_block()) ? 1 : 0; ------------------ | Branch (170:31): [True: 0, False: 214k] ------------------ 171| | 172| 214k| if(in_alignment() && slicer.remaining() >= m_buffer.size() + defer) { ------------------ | Branch (172:13): [True: 174k, False: 40.0k] | Branch (172:31): [True: 76.0k, False: 98.0k] ------------------ 173| | // We are currently in alignment and the passed-in data source 174| | // contains enough data to benefit from aligned processing. 175| | // Therefore, we don't copy anything into the intermittent buffer. 176| 76.0k| return std::nullopt; 177| 76.0k| } 178| | 179| | // Fill the buffer with as much input data as needed to reach alignment 180| | // or until the input source is depleted. 181| 138k| const auto elements_to_consume = std::min(m_buffer.size() - m_position, slicer.remaining()); 182| 138k| append(slicer.take(elements_to_consume)); 183| | 184| | // If we collected enough data, we push out one full block. When 185| | // deferring the final block is enabled, we additionally check that 186| | // more input data is available to continue processing a consecutive 187| | // block. 188| 138k| if(ready_to_consume() && (!defers_final_block() || !slicer.empty())) { ------------------ | Branch (188:13): [True: 6.24k, False: 131k] | Branch (188:36): [True: 6.24k, False: 0] | Branch (188:61): [True: 0, False: 0] ------------------ 189| 6.24k| return consume(); 190| 131k| } else { 191| 131k| return std::nullopt; 192| 131k| } 193| 138k| } _ZNK5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE18defers_final_blockEv: 233| 302k| constexpr bool defers_final_block() const { 234| 302k| return FINAL_BLOCK_STRATEGY == AlignmentBufferFinalBlock::must_be_deferred; 235| 302k| } _ZN5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE6appendENSt3__14spanIKhLm18446744073709551615EEE: 90| 229k| void append(std::span elements) { 91| 229k| BOTAN_ASSERT_NOMSG(elements.size() <= elements_until_alignment()); ------------------ | | 77| 229k| do { \ | | 78| 229k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 229k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 229k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 229k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 229k] | | ------------------ ------------------ 92| 229k| std::copy(elements.begin(), elements.end(), m_buffer.begin() + m_position); 93| 229k| m_position += elements.size(); 94| 229k| } _ZNK5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE24elements_until_alignmentEv: 221| 521k| size_t elements_until_alignment() const { return m_buffer.size() - m_position; } _ZNK5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE16ready_to_consumeEv: 231| 453k| bool ready_to_consume() const { return m_position == m_buffer.size(); } _ZN5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE7consumeEv: 200| 114k| [[nodiscard]] std::span consume() { 201| 114k| BOTAN_ASSERT_NOMSG(ready_to_consume()); ------------------ | | 77| 114k| do { \ | | 78| 114k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 114k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 114k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 114k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 114k] | | ------------------ ------------------ 202| 114k| m_position = 0; 203| 114k| return m_buffer; 204| 114k| } _ZNK5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE12in_alignmentEv: 226| 510k| bool in_alignment() const { return m_position == 0; } _ZNK5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE23aligned_data_to_processERNS_12BufferSlicerE: 126| 82.2k| [[nodiscard]] std::tuple, size_t> aligned_data_to_process(BufferSlicer& slicer) const { 127| 82.2k| BOTAN_ASSERT_NOMSG(in_alignment()); ------------------ | | 77| 82.2k| do { \ | | 78| 82.2k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 82.2k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 82.2k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 82.2k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 82.2k] | | ------------------ ------------------ 128| | 129| | // When the final block is to be deferred, the last block must not be 130| | // selected for processing if there is no (unaligned) extra input data. 131| 82.2k| const size_t defer = (defers_final_block()) ? 1 : 0; ------------------ | Branch (131:31): [True: 0, False: 82.2k] ------------------ 132| 82.2k| const size_t full_blocks_to_process = (slicer.remaining() - defer) / m_buffer.size(); 133| 82.2k| return {slicer.take(full_blocks_to_process * m_buffer.size()), full_blocks_to_process}; 134| 82.2k| } _ZN5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE18fill_up_with_zerosEv: 79| 108k| void fill_up_with_zeros() { 80| 108k| if(!ready_to_consume()) { ------------------ | Branch (80:13): [True: 108k, False: 74] ------------------ 81| 108k| zeroize_buffer(&m_buffer[m_position], elements_until_alignment()); 82| 108k| m_position = m_buffer.size(); 83| 108k| } 84| 108k| } _ZN5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE20directly_modify_lastEm: 113| 91.7k| std::span directly_modify_last(size_t elements) { 114| 91.7k| BOTAN_ASSERT_NOMSG(size() >= elements); ------------------ | | 77| 91.7k| do { \ | | 78| 91.7k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 91.7k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 91.7k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 91.7k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 91.7k] | | ------------------ ------------------ 115| 91.7k| return std::span(m_buffer).last(elements); 116| 91.7k| } _ZNK5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE4sizeEv: 217| 91.7k| constexpr size_t size() const { return m_buffer.size(); } _ZN5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE21handle_unaligned_dataERNS_12BufferSlicerE: 166| 13.2k| [[nodiscard]] std::optional> handle_unaligned_data(BufferSlicer& slicer) { 167| | // When the final block is to be deferred, we would need to store and 168| | // hold a buffer that contains exactly one block until more data is 169| | // passed or it is explicitly consumed. 170| 13.2k| const size_t defer = (defers_final_block()) ? 1 : 0; ------------------ | Branch (170:31): [True: 0, False: 13.2k] ------------------ 171| | 172| 13.2k| if(in_alignment() && slicer.remaining() >= m_buffer.size() + defer) { ------------------ | Branch (172:13): [True: 10.8k, False: 2.42k] | Branch (172:31): [True: 5.69k, False: 5.14k] ------------------ 173| | // We are currently in alignment and the passed-in data source 174| | // contains enough data to benefit from aligned processing. 175| | // Therefore, we don't copy anything into the intermittent buffer. 176| 5.69k| return std::nullopt; 177| 5.69k| } 178| | 179| | // Fill the buffer with as much input data as needed to reach alignment 180| | // or until the input source is depleted. 181| 7.56k| const auto elements_to_consume = std::min(m_buffer.size() - m_position, slicer.remaining()); 182| 7.56k| append(slicer.take(elements_to_consume)); 183| | 184| | // If we collected enough data, we push out one full block. When 185| | // deferring the final block is enabled, we additionally check that 186| | // more input data is available to continue processing a consecutive 187| | // block. 188| 7.56k| if(ready_to_consume() && (!defers_final_block() || !slicer.empty())) { ------------------ | Branch (188:13): [True: 16, False: 7.55k] | Branch (188:36): [True: 16, False: 0] | Branch (188:61): [True: 0, False: 0] ------------------ 189| 16| return consume(); 190| 7.55k| } else { 191| 7.55k| return std::nullopt; 192| 7.55k| } 193| 7.56k| } _ZNK5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE18defers_final_blockEv: 233| 18.9k| constexpr bool defers_final_block() const { 234| 18.9k| return FINAL_BLOCK_STRATEGY == AlignmentBufferFinalBlock::must_be_deferred; 235| 18.9k| } _ZN5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE6appendENSt3__14spanIKhLm18446744073709551615EEE: 90| 12.6k| void append(std::span elements) { 91| 12.6k| BOTAN_ASSERT_NOMSG(elements.size() <= elements_until_alignment()); ------------------ | | 77| 12.6k| do { \ | | 78| 12.6k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 12.6k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 12.6k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 12.6k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 12.6k] | | ------------------ ------------------ 92| 12.6k| std::copy(elements.begin(), elements.end(), m_buffer.begin() + m_position); 93| 12.6k| m_position += elements.size(); 94| 12.6k| } _ZNK5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE24elements_until_alignmentEv: 221| 29.2k| size_t elements_until_alignment() const { return m_buffer.size() - m_position; } _ZNK5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE16ready_to_consumeEv: 231| 25.3k| bool ready_to_consume() const { return m_position == m_buffer.size(); } _ZN5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE7consumeEv: 200| 6.35k| [[nodiscard]] std::span consume() { 201| 6.35k| BOTAN_ASSERT_NOMSG(ready_to_consume()); ------------------ | | 77| 6.35k| do { \ | | 78| 6.35k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 6.35k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 6.35k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 6.35k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 6.35k] | | ------------------ ------------------ 202| 6.35k| m_position = 0; 203| 6.35k| return m_buffer; 204| 6.35k| } _ZNK5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE12in_alignmentEv: 226| 32.2k| bool in_alignment() const { return m_position == 0; } _ZNK5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE23aligned_data_to_processERNS_12BufferSlicerE: 126| 5.71k| [[nodiscard]] std::tuple, size_t> aligned_data_to_process(BufferSlicer& slicer) const { 127| 5.71k| BOTAN_ASSERT_NOMSG(in_alignment()); ------------------ | | 77| 5.71k| do { \ | | 78| 5.71k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 5.71k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 5.71k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 5.71k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 5.71k] | | ------------------ ------------------ 128| | 129| | // When the final block is to be deferred, the last block must not be 130| | // selected for processing if there is no (unaligned) extra input data. 131| 5.71k| const size_t defer = (defers_final_block()) ? 1 : 0; ------------------ | Branch (131:31): [True: 0, False: 5.71k] ------------------ 132| 5.71k| const size_t full_blocks_to_process = (slicer.remaining() - defer) / m_buffer.size(); 133| 5.71k| return {slicer.take(full_blocks_to_process * m_buffer.size()), full_blocks_to_process}; 134| 5.71k| } _ZN5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE18fill_up_with_zerosEv: 79| 6.33k| void fill_up_with_zeros() { 80| 6.33k| if(!ready_to_consume()) { ------------------ | Branch (80:13): [True: 6.33k, False: 0] ------------------ 81| 6.33k| zeroize_buffer(&m_buffer[m_position], elements_until_alignment()); 82| 6.33k| m_position = m_buffer.size(); 83| 6.33k| } 84| 6.33k| } _ZN5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE20directly_modify_lastEm: 113| 5.11k| std::span directly_modify_last(size_t elements) { 114| 5.11k| BOTAN_ASSERT_NOMSG(size() >= elements); ------------------ | | 77| 5.11k| do { \ | | 78| 5.11k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 5.11k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 5.11k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 5.11k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 5.11k] | | ------------------ ------------------ 115| 5.11k| return std::span(m_buffer).last(elements); 116| 5.11k| } _ZNK5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE4sizeEv: 217| 5.11k| constexpr size_t size() const { return m_buffer.size(); } _ZN5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EEC2Ev: 62| 62| AlignmentBuffer() = default; _ZN5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EED2Ev: 64| 62| ~AlignmentBuffer() { secure_zeroize_buffer(m_buffer.data(), sizeof(T) * m_buffer.size()); } _ZN5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE5clearEv: 71| 61| void clear() { 72| 61| zeroize_buffer(m_buffer.data(), m_buffer.size()); 73| 61| m_position = 0; 74| 61| } _ZN5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE21handle_unaligned_dataERNS_12BufferSlicerE: 166| 158| [[nodiscard]] std::optional> handle_unaligned_data(BufferSlicer& slicer) { 167| | // When the final block is to be deferred, we would need to store and 168| | // hold a buffer that contains exactly one block until more data is 169| | // passed or it is explicitly consumed. 170| 158| const size_t defer = (defers_final_block()) ? 1 : 0; ------------------ | Branch (170:31): [True: 0, False: 158] ------------------ 171| | 172| 158| if(in_alignment() && slicer.remaining() >= m_buffer.size() + defer) { ------------------ | Branch (172:13): [True: 158, False: 0] | Branch (172:31): [True: 51, False: 107] ------------------ 173| | // We are currently in alignment and the passed-in data source 174| | // contains enough data to benefit from aligned processing. 175| | // Therefore, we don't copy anything into the intermittent buffer. 176| 51| return std::nullopt; 177| 51| } 178| | 179| | // Fill the buffer with as much input data as needed to reach alignment 180| | // or until the input source is depleted. 181| 107| const auto elements_to_consume = std::min(m_buffer.size() - m_position, slicer.remaining()); 182| 107| append(slicer.take(elements_to_consume)); 183| | 184| | // If we collected enough data, we push out one full block. When 185| | // deferring the final block is enabled, we additionally check that 186| | // more input data is available to continue processing a consecutive 187| | // block. 188| 107| if(ready_to_consume() && (!defers_final_block() || !slicer.empty())) { ------------------ | Branch (188:13): [True: 0, False: 107] | Branch (188:36): [True: 0, False: 0] | Branch (188:61): [True: 0, False: 0] ------------------ 189| 0| return consume(); 190| 107| } else { 191| 107| return std::nullopt; 192| 107| } 193| 107| } _ZNK5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE18defers_final_blockEv: 233| 209| constexpr bool defers_final_block() const { 234| 209| return FINAL_BLOCK_STRATEGY == AlignmentBufferFinalBlock::must_be_deferred; 235| 209| } _ZNK5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE16ready_to_consumeEv: 231| 321| bool ready_to_consume() const { return m_position == m_buffer.size(); } _ZNK5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE12in_alignmentEv: 226| 550| bool in_alignment() const { return m_position == 0; } _ZNK5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE23aligned_data_to_processERNS_12BufferSlicerE: 126| 51| [[nodiscard]] std::tuple, size_t> aligned_data_to_process(BufferSlicer& slicer) const { 127| 51| BOTAN_ASSERT_NOMSG(in_alignment()); ------------------ | | 77| 51| do { \ | | 78| 51| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 51| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 51] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 51| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 51] | | ------------------ ------------------ 128| | 129| | // When the final block is to be deferred, the last block must not be 130| | // selected for processing if there is no (unaligned) extra input data. 131| 51| const size_t defer = (defers_final_block()) ? 1 : 0; ------------------ | Branch (131:31): [True: 0, False: 51] ------------------ 132| 51| const size_t full_blocks_to_process = (slicer.remaining() - defer) / m_buffer.size(); 133| 51| return {slicer.take(full_blocks_to_process * m_buffer.size()), full_blocks_to_process}; 134| 51| } _ZN5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE6appendENSt3__14spanIKhLm18446744073709551615EEE: 90| 107| void append(std::span elements) { 91| 107| BOTAN_ASSERT_NOMSG(elements.size() <= elements_until_alignment()); ------------------ | | 77| 107| do { \ | | 78| 107| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 107| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 107] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 107| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 107] | | ------------------ ------------------ 92| 107| std::copy(elements.begin(), elements.end(), m_buffer.begin() + m_position); 93| 107| m_position += elements.size(); 94| 107| } _ZNK5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE24elements_until_alignmentEv: 221| 214| size_t elements_until_alignment() const { return m_buffer.size() - m_position; } _ZN5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE18fill_up_with_zerosEv: 79| 107| void fill_up_with_zeros() { 80| 107| if(!ready_to_consume()) { ------------------ | Branch (80:13): [True: 107, False: 0] ------------------ 81| 107| zeroize_buffer(&m_buffer[m_position], elements_until_alignment()); 82| 107| m_position = m_buffer.size(); 83| 107| } 84| 107| } _ZN5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE7consumeEv: 200| 107| [[nodiscard]] std::span consume() { 201| 107| BOTAN_ASSERT_NOMSG(ready_to_consume()); ------------------ | | 77| 107| do { \ | | 78| 107| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 107| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 107] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 107| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 107] | | ------------------ ------------------ 202| 107| m_position = 0; 203| 107| return m_buffer; 204| 107| } _ZNK5Botan17Barrett_Reduction4cubeERKNS_6BigIntE: 66| 6| BigInt cube(const BigInt& x) const { return this->multiply(x, this->square(x)); } _ZN5Botan10ct_is_zeroITkNSt3__117unsigned_integralEhEET_S2_: 37| 2.61k|BOTAN_FORCE_INLINE constexpr T ct_is_zero(T x) { 38| 2.61k| return ct_expand_top_bit(~x & (x - 1)); 39| 2.61k|} _ZN5Botan17ct_expand_top_bitITkNSt3__117unsigned_integralEhEET_S2_: 28| 2.61k|BOTAN_FORCE_INLINE constexpr T ct_expand_top_bit(T a) { 29| 2.61k| const T top = CT::value_barrier(a >> (sizeof(T) * 8 - 1)); 30| 2.61k| return static_cast(0) - top; 31| 2.61k|} _ZN5Botan9var_ctz64Em: 180| 681|BOTAN_FORCE_INLINE constexpr size_t var_ctz64(uint64_t n) { 181| 681|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_ctzll) 182| 681| if(n == 0) { ------------------ | Branch (182:7): [True: 0, False: 681] ------------------ 183| 0| return 64; 184| 0| } 185| 681| return __builtin_ctzll(n); 186| |#else 187| | return ctz(n); 188| |#endif 189| 681|} _ZN5Botan17ct_expand_top_bitITkNSt3__117unsigned_integralEmEET_S2_: 28| 33.4M|BOTAN_FORCE_INLINE constexpr T ct_expand_top_bit(T a) { 29| 33.4M| const T top = CT::value_barrier(a >> (sizeof(T) * 8 - 1)); 30| 33.4M| return static_cast(0) - top; 31| 33.4M|} _ZN5Botan10ct_is_zeroITkNSt3__117unsigned_integralEmEET_S2_: 37| 31.7M|BOTAN_FORCE_INLINE constexpr T ct_is_zero(T x) { 38| 31.7M| return ct_expand_top_bit(~x & (x - 1)); 39| 31.7M|} _ZN5Botan6chooseITkNSt3__117unsigned_integralEmEET_S2_S2_S2_: 216| 184M|BOTAN_FORCE_INLINE constexpr T choose(T mask, T a, T b) { 217| | //return (mask & a) | (~mask & b); 218| 184M| return (b ^ (mask & (a ^ b))); 219| 184M|} _ZN5Botan17ct_if_is_zero_retITkNSt3__117unsigned_integralEjEEmT_m: 45| 189k|BOTAN_FORCE_INLINE constexpr size_t ct_if_is_zero_ret(T x, size_t s) { 46| | /* 47| | Similar to `return ct_is_zero(x) & s` but has to account for possibility that 48| | sizeof(T) is smaller than sizeof(size_t) which would lead to incomplete masking 49| | */ 50| 189k| const T a = ~x & (x - 1); 51| 189k| const size_t a_top = static_cast(CT::value_barrier(a >> (sizeof(T) * 8 - 1))); 52| 189k| const size_t mask = static_cast(0) - a_top; 53| 189k| return mask & s; 54| 189k|} _ZN5Botan8high_bitITkNSt3__117unsigned_integralEjEEmT_: 73| 37.8k|BOTAN_FORCE_INLINE constexpr size_t high_bit(T n) { 74| 37.8k| size_t hb = 0; 75| | 76| 226k| for(size_t s = 8 * sizeof(T) / 2; s > 0; s /= 2) { ------------------ | Branch (76:38): [True: 189k, False: 37.8k] ------------------ 77| | // Equivalent to: ((n >> s) == 0) ? 0 : s; 78| 189k| const size_t z = s - ct_if_is_zero_ret(n >> s, s); 79| 189k| hb += z; 80| 189k| n >>= z; 81| 189k| } 82| | 83| 37.8k| hb += n; 84| | 85| 37.8k| return hb; 86| 37.8k|} _ZN5Botan17significant_bytesITkNSt3__117unsigned_integralEmEEmT_: 94| 12.9k|BOTAN_FORCE_INLINE constexpr size_t significant_bytes(T n) { 95| 12.9k| size_t b = 0; 96| | 97| 51.6k| for(size_t s = 8 * sizeof(T) / 2; s >= 8; s /= 2) { ------------------ | Branch (97:38): [True: 38.7k, False: 12.9k] ------------------ 98| | // Equivalent to: ((n >> s) == 0) ? 0 : s; 99| 38.7k| const size_t z = s - ct_if_is_zero_ret(n >> s, s); 100| 38.7k| b += z / 8; 101| 38.7k| n >>= z; 102| 38.7k| } 103| | 104| 12.9k| b += (n != 0); 105| | 106| 12.9k| return b; 107| 12.9k|} _ZN5Botan17ct_if_is_zero_retITkNSt3__117unsigned_integralEmEEmT_m: 45| 268k|BOTAN_FORCE_INLINE constexpr size_t ct_if_is_zero_ret(T x, size_t s) { 46| | /* 47| | Similar to `return ct_is_zero(x) & s` but has to account for possibility that 48| | sizeof(T) is smaller than sizeof(size_t) which would lead to incomplete masking 49| | */ 50| 268k| const T a = ~x & (x - 1); 51| 268k| const size_t a_top = static_cast(CT::value_barrier(a >> (sizeof(T) * 8 - 1))); 52| 268k| const size_t mask = static_cast(0) - a_top; 53| 268k| return mask & s; 54| 268k|} _ZN5Botan9swap_bitsITkNSt3__117unsigned_integralEmEEvRT_S3_S2_m: 202| 71.5k|BOTAN_FORCE_INLINE constexpr void swap_bits(T& x, T& y, T mask, size_t shift) { 203| 71.5k| const T swap = ((x >> shift) ^ y) & mask; 204| 71.5k| x ^= swap << shift; 205| 71.5k| y ^= swap; 206| 71.5k|} _ZN5Botan13is_power_of_2ITkNSt3__117unsigned_integralEmEEbT_: 62| 185|BOTAN_FORCE_INLINE constexpr bool is_power_of_2(T arg) { 63| 185| return (arg != 0) && (arg != 1) && ((arg & static_cast(arg - 1)) == 0); ------------------ | Branch (63:11): [True: 185, False: 0] | Branch (63:25): [True: 185, False: 0] | Branch (63:39): [True: 185, False: 0] ------------------ 64| 185|} _ZN5Botan8majorityITkNSt3__117unsigned_integralEmEET_S2_S2_S2_: 222| 1.00M|BOTAN_FORCE_INLINE constexpr T majority(T a, T b, T c) { 223| | /* 224| | Considering each bit of a, b, c individually 225| | 226| | If a xor b is set, then c is the deciding vote. 227| | 228| | If a xor b is not set then either a and b are both set or both unset. 229| | In either case the value of c doesn't matter, and examining b (or a) 230| | allows us to determine which case we are in. 231| | */ 232| 1.00M| return choose(a ^ b, c, b); 233| 1.00M|} _ZN5Botan8high_bitITkNSt3__117unsigned_integralEmEEmT_: 73| 38.3k|BOTAN_FORCE_INLINE constexpr size_t high_bit(T n) { 74| 38.3k| size_t hb = 0; 75| | 76| 268k| for(size_t s = 8 * sizeof(T) / 2; s > 0; s /= 2) { ------------------ | Branch (76:38): [True: 229k, False: 38.3k] ------------------ 77| | // Equivalent to: ((n >> s) == 0) ? 0 : s; 78| 229k| const size_t z = s - ct_if_is_zero_ret(n >> s, s); 79| 229k| hb += z; 80| 229k| n >>= z; 81| 229k| } 82| | 83| 38.3k| hb += n; 84| | 85| 38.3k| return hb; 86| 38.3k|} _ZN5Botan6chooseITkNSt3__117unsigned_integralEhEET_S2_S2_S2_: 216| 1.46k|BOTAN_FORCE_INLINE constexpr T choose(T mask, T a, T b) { 217| | //return (mask & a) | (~mask & b); 218| 1.46k| return (b ^ (mask & (a ^ b))); 219| 1.46k|} _ZN5Botan17ct_expand_top_bitITkNSt3__117unsigned_integralEtEET_S2_: 28| 45.4k|BOTAN_FORCE_INLINE constexpr T ct_expand_top_bit(T a) { 29| 45.4k| const T top = CT::value_barrier(a >> (sizeof(T) * 8 - 1)); 30| 45.4k| return static_cast(0) - top; 31| 45.4k|} _ZN5Botan10ct_is_zeroITkNSt3__117unsigned_integralEtEET_S2_: 37| 22.7k|BOTAN_FORCE_INLINE constexpr T ct_is_zero(T x) { 38| 22.7k| return ct_expand_top_bit(~x & (x - 1)); 39| 22.7k|} _ZN5Botan13reverse_bytesITkNSt3__117unsigned_integralEmQooooooeqstT_Li1EeqstS2_Li2EeqstS2_Li4EeqstS2_Li8EEES2_S2_: 27| 896k|inline constexpr T reverse_bytes(T x) { 28| | if constexpr(sizeof(T) == 1) { 29| | return x; 30| | } else if constexpr(sizeof(T) == 2) { 31| |#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap16) 32| | return static_cast(__builtin_bswap16(x)); 33| |#else 34| | return static_cast((x << 8) | (x >> 8)); 35| |#endif 36| | } else if constexpr(sizeof(T) == 4) { 37| |#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap32) 38| | return static_cast(__builtin_bswap32(x)); 39| |#else 40| | // MSVC at least recognizes this as a bswap 41| | return static_cast(((x & 0x000000FF) << 24) | ((x & 0x0000FF00) << 8) | ((x & 0x00FF0000) >> 8) | 42| | ((x & 0xFF000000) >> 24)); 43| |#endif 44| 896k| } else if constexpr(sizeof(T) == 8) { 45| 896k|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap64) 46| 896k| return static_cast(__builtin_bswap64(x)); 47| |#else 48| | uint32_t hi = static_cast(x >> 32); 49| | uint32_t lo = static_cast(x); 50| | 51| | hi = reverse_bytes(hi); 52| | lo = reverse_bytes(lo); 53| | 54| | return (static_cast(lo) << 32) | hi; 55| |#endif 56| 896k| } 57| 896k|} _ZN5Botan13reverse_bytesITkNSt3__117unsigned_integralEtQooooooeqstT_Li1EeqstS2_Li2EeqstS2_Li4EeqstS2_Li8EEES2_S2_: 27| 51.3k|inline constexpr T reverse_bytes(T x) { 28| | if constexpr(sizeof(T) == 1) { 29| | return x; 30| 51.3k| } else if constexpr(sizeof(T) == 2) { 31| 51.3k|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap16) 32| 51.3k| return static_cast(__builtin_bswap16(x)); 33| |#else 34| | return static_cast((x << 8) | (x >> 8)); 35| |#endif 36| | } else if constexpr(sizeof(T) == 4) { 37| |#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap32) 38| | return static_cast(__builtin_bswap32(x)); 39| |#else 40| | // MSVC at least recognizes this as a bswap 41| | return static_cast(((x & 0x000000FF) << 24) | ((x & 0x0000FF00) << 8) | ((x & 0x00FF0000) >> 8) | 42| | ((x & 0xFF000000) >> 24)); 43| |#endif 44| | } else if constexpr(sizeof(T) == 8) { 45| |#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap64) 46| | return static_cast(__builtin_bswap64(x)); 47| |#else 48| | uint32_t hi = static_cast(x >> 32); 49| | uint32_t lo = static_cast(x); 50| | 51| | hi = reverse_bytes(hi); 52| | lo = reverse_bytes(lo); 53| | 54| | return (static_cast(lo) << 32) | hi; 55| |#endif 56| | } 57| 51.3k|} _ZN5Botan13reverse_bytesITkNSt3__117unsigned_integralEjQooooooeqstT_Li1EeqstS2_Li2EeqstS2_Li4EeqstS2_Li8EEES2_S2_: 27| 703k|inline constexpr T reverse_bytes(T x) { 28| | if constexpr(sizeof(T) == 1) { 29| | return x; 30| | } else if constexpr(sizeof(T) == 2) { 31| |#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap16) 32| | return static_cast(__builtin_bswap16(x)); 33| |#else 34| | return static_cast((x << 8) | (x >> 8)); 35| |#endif 36| 703k| } else if constexpr(sizeof(T) == 4) { 37| 703k|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap32) 38| 703k| return static_cast(__builtin_bswap32(x)); 39| |#else 40| | // MSVC at least recognizes this as a bswap 41| | return static_cast(((x & 0x000000FF) << 24) | ((x & 0x0000FF00) << 8) | ((x & 0x00FF0000) >> 8) | 42| | ((x & 0xFF000000) >> 24)); 43| |#endif 44| | } else if constexpr(sizeof(T) == 8) { 45| |#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap64) 46| | return static_cast(__builtin_bswap64(x)); 47| |#else 48| | uint32_t hi = static_cast(x >> 32); 49| | uint32_t lo = static_cast(x); 50| | 51| | hi = reverse_bytes(hi); 52| | lo = reverse_bytes(lo); 53| | 54| | return (static_cast(lo) << 32) | hi; 55| |#endif 56| | } 57| 703k|} _ZN5Botan12BufferSlicerC2ENSt3__14spanIKhLm18446744073709551615EEE: 25| 305k| explicit BufferSlicer(std::span buffer) : m_remaining(buffer) {} _ZN5Botan12BufferSlicer4takeEm: 37| 674k| std::span take(const size_t count) { 38| 674k| BOTAN_STATE_CHECK(remaining() >= count); ------------------ | | 51| 674k| do { \ | | 52| 674k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 674k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 674k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 674k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 674k] | | ------------------ ------------------ 39| 674k| auto result = m_remaining.first(count); 40| 674k| m_remaining = m_remaining.subspan(count); 41| 674k| return result; 42| 674k| } _ZNK5Botan12BufferSlicer9remainingEv: 66| 1.09M| size_t remaining() const { return m_remaining.size(); } _ZN5Botan12BufferSlicer9take_byteEv: 57| 440k| uint8_t take_byte() { return take(1)[0]; } _ZNK5Botan12BufferSlicer5emptyEv: 68| 1.34M| bool empty() const { return m_remaining.empty(); } _ZN5Botan13BufferStufferC2ENSt3__14spanIhLm18446744073709551615EEE: 26| 18.9k| constexpr explicit BufferStuffer(std::span buffer) : m_buffer(buffer) {} _ZN5Botan13BufferStuffer4nextEm: 32| 23.1k| constexpr std::span next(size_t bytes) { 33| 23.1k| BOTAN_STATE_CHECK(m_buffer.size() >= bytes); ------------------ | | 51| 23.1k| do { \ | | 52| 23.1k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 23.1k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 23.1k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 23.1k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 23.1k] | | ------------------ ------------------ 34| | 35| 23.1k| auto result = m_buffer.first(bytes); 36| 23.1k| m_buffer = m_buffer.subspan(bytes); 37| 23.1k| return result; 38| 23.1k| } _ZN5Botan13BufferStuffer6appendEhm: 64| 16.0k| constexpr void append(uint8_t b, size_t repeat = 1) { 65| 16.0k| auto sink = next(repeat); 66| 16.0k| std::fill(sink.begin(), sink.end(), b); 67| 16.0k| } _ZNK5Botan13BufferStuffer4fullEv: 69| 9.96k| constexpr bool full() const { return m_buffer.empty(); } _ZNK5Botan13BufferStuffer18remaining_capacityEv: 71| 7.05k| constexpr size_t remaining_capacity() const { return m_buffer.size(); } _ZN5Botan13BufferStuffer4nextILm32EEENSt3__14spanIhXT_EEEv: 41| 21.8k| constexpr std::span next() { 42| 21.8k| BOTAN_STATE_CHECK(m_buffer.size() >= bytes); ------------------ | | 51| 21.8k| do { \ | | 52| 21.8k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 21.8k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 21.8k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 21.8k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 21.8k] | | ------------------ ------------------ 43| | 44| 21.8k| auto result = m_buffer.first(); 45| 21.8k| m_buffer = m_buffer.subspan(bytes); 46| 21.8k| return result; 47| 21.8k| } _ZN5Botan13BufferStuffer4nextILm48EEENSt3__14spanIhXT_EEEv: 41| 5.49k| constexpr std::span next() { 42| 5.49k| BOTAN_STATE_CHECK(m_buffer.size() >= bytes); ------------------ | | 51| 5.49k| do { \ | | 52| 5.49k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 5.49k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 5.49k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 5.49k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 5.49k] | | ------------------ ------------------ 43| | 44| 5.49k| auto result = m_buffer.first(); 45| 5.49k| m_buffer = m_buffer.subspan(bytes); 46| 5.49k| return result; 47| 5.49k| } _ZN5Botan13BufferStuffer4nextILm64EEENSt3__14spanIhXT_EEEv: 41| 1.92k| constexpr std::span next() { 42| 1.92k| BOTAN_STATE_CHECK(m_buffer.size() >= bytes); ------------------ | | 51| 1.92k| do { \ | | 52| 1.92k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 1.92k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 1.92k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 1.92k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 1.92k] | | ------------------ ------------------ 43| | 44| 1.92k| auto result = m_buffer.first(); 45| 1.92k| m_buffer = m_buffer.subspan(bytes); 46| 1.92k| return result; 47| 1.92k| } _ZN5Botan13BufferStuffer4nextILm66EEENSt3__14spanIhXT_EEEv: 41| 2.69k| constexpr std::span next() { 42| 2.69k| BOTAN_STATE_CHECK(m_buffer.size() >= bytes); ------------------ | | 51| 2.69k| do { \ | | 52| 2.69k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 2.69k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 2.69k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 2.69k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 2.69k] | | ------------------ ------------------ 43| | 44| 2.69k| auto result = m_buffer.first(); 45| 2.69k| m_buffer = m_buffer.subspan(bytes); 46| 2.69k| return result; 47| 2.69k| } _ZN5Botan14CBC_EncryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEENS2_INS_28BlockCipherModePaddingMethodENS4_IS7_EEEE: 79| 60| CBC_Mode(std::move(cipher), std::move(padding)) {} _ZN5Botan14CBC_DecryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEENS2_INS_28BlockCipherModePaddingMethodENS4_IS7_EEEE: 120| 171| CBC_Mode(std::move(cipher), std::move(padding)), m_tempbuf(ideal_granularity()) {} _ZNK5Botan8CBC_Mode6cipherEv: 45| 1.21k| const BlockCipher& cipher() const { return *m_cipher; } _ZNK5Botan8CBC_Mode10block_sizeEv: 52| 418| size_t block_size() const { return m_block_size; } _ZN5Botan8CBC_Mode5stateEv: 54| 316| secure_vector& state() { return m_state; } _ZN5Botan8CBC_Mode9state_ptrEv: 56| 1.00k| uint8_t* state_ptr() { return m_state.data(); } _ZN5Botan14CCM_EncryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEmm: 95| 6| CCM_Mode(std::move(cipher), tag_size, L) {} _ZN5Botan14CCM_DecryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEmm: 118| 28| CCM_Mode(std::move(cipher), tag_size, L) {} _ZNK5Botan8CCM_Mode8tag_sizeEv: 47| 240| size_t tag_size() const final { return m_tag_size; } _ZNK5Botan8CCM_Mode1LEv: 54| 204| size_t L() const { return m_L; } _ZNK5Botan8CCM_Mode6cipherEv: 56| 34| const BlockCipher& cipher() const { return *m_cipher; } _ZNK5Botan8CCM_Mode6ad_bufEv: 62| 34| const secure_vector& ad_buf() const { return m_ad_buf; } _ZN5Botan8CCM_Mode7msg_bufEv: 64| 68| secure_vector& msg_buf() { return m_msg_buf; } _ZNK5Botan14CCM_Encryption13output_lengthEm: 97| 11| size_t output_length(size_t input_length) const override { return input_length + tag_size(); } _ZNK5Botan14CCM_Decryption13output_lengthEm: 120| 23| size_t output_length(size_t input_length) const override { 121| 23| BOTAN_ARG_CHECK(input_length >= tag_size(), "Sufficient input"); ------------------ | | 35| 23| do { \ | | 36| 23| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 23| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 23] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 23| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 23] | | ------------------ ------------------ 122| 23| return input_length - tag_size(); 123| 23| } _ZNK5Botan14CCM_Decryption18minimum_final_sizeEv: 125| 23| size_t minimum_final_size() const override { return tag_size(); } base64.cpp:_ZN5Botan11base_decodeINS_12_GLOBAL__N_16Base64EEEmRKT_PhPKcmRmbb: 124| 12.9k| bool ignore_ws = true) { 125| | // TODO(Botan4) Check if we can use just base. or Base:: here instead 126| 12.9k| constexpr size_t decoding_bytes_in = std::remove_reference_t::decoding_bytes_in(); 127| 12.9k| constexpr size_t decoding_bytes_out = std::remove_reference_t::decoding_bytes_out(); 128| | 129| 12.9k| uint8_t* out_ptr = output; 130| 12.9k| std::array decode_buf{}; 131| 12.9k| size_t decode_buf_pos = 0; 132| 12.9k| size_t final_truncate = 0; 133| | 134| 12.9k| clear_mem(output, base.decode_max_output(input_length)); 135| | 136| 5.36M| for(size_t i = 0; i != input_length; ++i) { ------------------ | Branch (136:22): [True: 5.34M, False: 12.9k] ------------------ 137| 5.34M| const uint8_t bin = base.lookup_binary_value(input[i]); 138| | 139| | // This call might throw Invalid_Argument 140| 5.34M| if(base.check_bad_char(bin, input[i], ignore_ws)) { ------------------ | Branch (140:10): [True: 5.34M, False: 0] ------------------ 141| 5.34M| decode_buf[decode_buf_pos] = bin; 142| 5.34M| ++decode_buf_pos; 143| 5.34M| } 144| | 145| | /* 146| | * If we're at the end of the input, pad with 0s and truncate 147| | */ 148| 5.34M| if(final_inputs && (i == input_length - 1)) { ------------------ | Branch (148:10): [True: 5.34M, False: 0] | Branch (148:26): [True: 12.9k, False: 5.33M] ------------------ 149| 12.9k| if(decode_buf_pos) { ------------------ | Branch (149:13): [True: 12.9k, False: 0] ------------------ 150| 12.9k| for(size_t j = decode_buf_pos; j < decoding_bytes_in; ++j) { ------------------ | Branch (150:44): [True: 0, False: 12.9k] ------------------ 151| 0| decode_buf[j] = 0; 152| 0| } 153| | 154| 12.9k| final_truncate = decoding_bytes_in - decode_buf_pos; 155| 12.9k| decode_buf_pos = decoding_bytes_in; 156| 12.9k| } 157| 12.9k| } 158| | 159| 5.34M| if(decode_buf_pos == decoding_bytes_in) { ------------------ | Branch (159:10): [True: 1.33M, False: 4.01M] ------------------ 160| 1.33M| base.decode(out_ptr, decode_buf.data()); 161| | 162| 1.33M| out_ptr += decoding_bytes_out; 163| 1.33M| decode_buf_pos = 0; 164| 1.33M| input_consumed = i + 1; 165| 1.33M| } 166| 5.34M| } 167| | 168| 12.9k| while(input_consumed < input_length && base.lookup_binary_value(input[input_consumed]) == 0x80) { ------------------ | Branch (168:10): [True: 0, False: 12.9k] | Branch (168:43): [True: 0, False: 0] ------------------ 169| 0| ++input_consumed; 170| 0| } 171| | 172| 12.9k| const size_t written = (out_ptr - output) - base.bytes_to_remove(final_truncate); 173| | 174| 12.9k| return written; 175| 12.9k|} base64.cpp:_ZN5Botan16base_decode_fullINS_12_GLOBAL__N_16Base64EEEmRKT_PhPKcmb: 178| 12.9k|size_t base_decode_full(const Base& base, uint8_t output[], const char input[], size_t input_length, bool ignore_ws) { 179| 12.9k| size_t consumed = 0; 180| 12.9k| const size_t written = base_decode(base, output, input, input_length, consumed, true, ignore_ws); 181| | 182| 12.9k| if(consumed != input_length) { ------------------ | Branch (182:7): [True: 0, False: 12.9k] ------------------ 183| 0| throw Invalid_Argument(base.name() + " decoding failed, input did not have full bytes"); 184| 0| } 185| | 186| 12.9k| return written; 187| 12.9k|} base64.cpp:_ZN5Botan18base_decode_to_vecINSt3__16vectorIhNS_16secure_allocatorIhEEEENS_12_GLOBAL__N_16Base64EEET_RKT0_PKcmb: 190| 12.9k|Vector base_decode_to_vec(const Base& base, const char input[], size_t input_length, bool ignore_ws) { 191| 12.9k| const size_t output_length = base.decode_max_output(input_length); 192| 12.9k| Vector bin(output_length); 193| | 194| 12.9k| const size_t written = base_decode_full(base, bin.data(), input, input_length, ignore_ws); 195| | 196| 12.9k| bin.resize(written); 197| 12.9k| return bin; 198| 12.9k|} _ZN5Botan6concatINSt3__16vectorIhNS_16secure_allocatorIhEEEETpTkNS_6ranges14spanable_rangeEJRNS1_4spanIKhLm18446744073709551615EEESA_EEEDaDpOT0_Q10all_same_vIDpNS1_11conditionalIXsr21__is_primary_templateINS1_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS1_6ranges5__cpo5beginEEclsr3stdE7declvalIRSB_EEEEEEEEE5valueENS1_26indirectly_readable_traitsISK_EESL_E4type10value_typeEE: 92| 2.91k|{ 93| | if constexpr(std::same_as) { 94| | // Try to auto-detect a reasonable output type given the input ranges 95| | static_assert(sizeof...(Rs) > 0, "Cannot auto-detect the output type if not a single input range is provided."); 96| | using candidate_result_t = std::remove_cvref_t>>; 97| | using result_range_value_t = std::remove_cvref_t>; 98| | 99| | if constexpr((ranges::statically_spanable_range && ...)) { 100| | // If all input ranges have a static extent, we can calculate the total size at compile time 101| | // and therefore can use a statically sized output container. This is constexpr. 102| | constexpr size_t total_size = (decltype(std::span{ranges})::extent + ... + 0); 103| | using out_array_t = std::array; 104| | return detail::concatenate(std::forward(ranges)...); 105| | } else { 106| | // If at least one input range has a dynamic extent, we must use a dynamically allocated output container. 107| | // We assume that the user wants to use the first input range's container type as output type. 108| | static_assert( 109| | concepts::reservable_container, 110| | "First input range has static extent, but a dynamically allocated output range is required. Please explicitly specify a dynamically allocatable output type."); 111| | return detail::concatenate(std::forward(ranges)...); 112| | } 113| 2.91k| } else { 114| | // The caller has explicitly specified the output type 115| 2.91k| return detail::concatenate(std::forward(ranges)...); 116| 2.91k| } 117| 2.91k|} _ZN5Botan6detail11concatenateITkNS_6ranges14spanable_rangeENSt3__16vectorIhNS_16secure_allocatorIhEEEETpTkNS2_14spanable_rangeEJRNS3_4spanIKhLm18446744073709551615EEESB_EEET_DpOT0_Qoosr8conceptsE20reservable_containerISC_Esr6rangesE25statically_spanable_rangeISC_E: 33| 2.91k|{ 34| 2.91k| OutR result{}; 35| | 36| | // Prepare and validate the output range and construct a lambda that does the 37| | // actual filling of the result buffer. 38| | // (if no input ranges are given, GCC claims that fill_fn is unused) 39| 2.91k| [[maybe_unused]] auto fill_fn = [&] { 40| 2.91k| if constexpr(concepts::reservable_container) { 41| | // dynamically allocate the correct result byte length 42| 2.91k| const size_t total_size = (ranges.size() + ... + 0); 43| 2.91k| result.reserve(total_size); 44| | 45| | // fill the result buffer using a back-inserter 46| 2.91k| return [&result](auto&& range) { 47| 2.91k| std::copy( 48| 2.91k| std::ranges::begin(range), std::ranges::end(range), std::back_inserter(unwrap_strong_type(result))); 49| 2.91k| }; 50| 2.91k| } else { 51| 2.91k| if constexpr((ranges::statically_spanable_range && ... && true)) { 52| | // all input ranges have a static extent, so check the total size at compile time 53| | // (work around an issue in MSVC that warns `total_size` is unused) 54| 2.91k| [[maybe_unused]] constexpr size_t total_size = (decltype(std::span{ranges})::extent + ... + 0); 55| 2.91k| static_assert(result.size() == total_size, "size of result buffer does not match the sum of input buffers"); 56| 2.91k| } else { 57| | // at least one input range has a dynamic extent, so check the total size at runtime 58| 2.91k| const size_t total_size = (ranges.size() + ... + 0); 59| 2.91k| BOTAN_ARG_CHECK(result.size() == total_size, 60| 2.91k| "result buffer has static extent that does not match the sum of input buffers"); 61| 2.91k| } 62| | 63| | // fill the result buffer and hold the current output-iterator position 64| 2.91k| return [itr = std::ranges::begin(result)](auto&& range) mutable { 65| 2.91k| std::copy(std::ranges::begin(range), std::ranges::end(range), itr); 66| 2.91k| std::advance(itr, std::ranges::size(range)); 67| 2.91k| }; 68| 2.91k| } 69| 2.91k| }(); 70| | 71| | // perform the actual concatenation 72| 2.91k| (fill_fn(std::forward(ranges)), ...); 73| | 74| 2.91k| return result; 75| 2.91k|} _ZZN5Botan6detail11concatenateITkNS_6ranges14spanable_rangeENSt3__16vectorIhNS_16secure_allocatorIhEEEETpTkNS2_14spanable_rangeEJRNS3_4spanIKhLm18446744073709551615EEESB_EEET_DpOT0_Qoosr8conceptsE20reservable_containerISC_Esr6rangesE25statically_spanable_rangeISC_EENKUlvE_clEv: 39| 2.91k| [[maybe_unused]] auto fill_fn = [&] { 40| 2.91k| if constexpr(concepts::reservable_container) { 41| | // dynamically allocate the correct result byte length 42| 2.91k| const size_t total_size = (ranges.size() + ... + 0); 43| 2.91k| result.reserve(total_size); 44| | 45| | // fill the result buffer using a back-inserter 46| 2.91k| return [&result](auto&& range) { 47| 2.91k| std::copy( 48| 2.91k| std::ranges::begin(range), std::ranges::end(range), std::back_inserter(unwrap_strong_type(result))); 49| 2.91k| }; 50| | } else { 51| | if constexpr((ranges::statically_spanable_range && ... && true)) { 52| | // all input ranges have a static extent, so check the total size at compile time 53| | // (work around an issue in MSVC that warns `total_size` is unused) 54| | [[maybe_unused]] constexpr size_t total_size = (decltype(std::span{ranges})::extent + ... + 0); 55| | static_assert(result.size() == total_size, "size of result buffer does not match the sum of input buffers"); 56| | } else { 57| | // at least one input range has a dynamic extent, so check the total size at runtime 58| | const size_t total_size = (ranges.size() + ... + 0); 59| | BOTAN_ARG_CHECK(result.size() == total_size, 60| | "result buffer has static extent that does not match the sum of input buffers"); 61| | } 62| | 63| | // fill the result buffer and hold the current output-iterator position 64| | return [itr = std::ranges::begin(result)](auto&& range) mutable { 65| | std::copy(std::ranges::begin(range), std::ranges::end(range), itr); 66| | std::advance(itr, std::ranges::size(range)); 67| | }; 68| | } 69| 2.91k| }(); _ZZZN5Botan6detail11concatenateITkNS_6ranges14spanable_rangeENSt3__16vectorIhNS_16secure_allocatorIhEEEETpTkNS2_14spanable_rangeEJRNS3_4spanIKhLm18446744073709551615EEESB_EEET_DpOT0_Qoosr8conceptsE20reservable_containerISC_Esr6rangesE25statically_spanable_rangeISC_EENKUlvE_clEvENKUlOSC_E_clISB_EEDaSH_: 46| 5.82k| return [&result](auto&& range) { 47| 5.82k| std::copy( 48| 5.82k| std::ranges::begin(range), std::ranges::end(range), std::back_inserter(unwrap_strong_type(result))); 49| 5.82k| }; _ZN5Botan5CPUID3hasENS_10CPUFeatureE: 94| 219k| static bool has(CPUID::Feature feat) { return state().has_bit(feat.as_u32()); } _ZN5Botan5CPUID3hasENS_10CPUFeatureES1_: 99| 24.1k| static bool has(CPUID::Feature feat1, CPUID::Feature feat2) { 100| 24.1k| return state().has_bit(feat1.as_u32() | feat2.as_u32()); 101| 24.1k| } _ZN5Botan5CPUID6is_setEjNS_10CPUFeatureE: 127| 4| static inline bool is_set(uint32_t allowed, CPUID::Feature bit) { 128| 4| const uint32_t feat_bit = bit.as_u32(); 129| 4| return ((allowed & feat_bit) == feat_bit); 130| 4| } _ZNK5Botan5CPUID10CPUID_Data7has_bitEj: 144| 243k| bool has_bit(uint32_t bit) const { return (m_processor_features & bit) == bit; } _ZN5Botan5CPUID5stateEv: 156| 243k| static CPUID_Data& state() { 157| 243k| static CPUID::CPUID_Data g_cpuid; 158| 243k| return g_cpuid; 159| 243k| } cpuid_x86.cpp:_ZN5Botan5CPUID6if_setIZNS0_10CPUID_Data19detect_cpu_featuresEjE16x86_CPUID_1_bitsEEjmT_NS_10CPUFeatureEj: 117| 6| static inline uint32_t if_set(uint64_t cpuid, T flag, CPUID::Feature bit, uint32_t allowed) { 118| 6| const uint64_t flag64 = static_cast(flag); 119| 6| if((cpuid & flag64) == flag64) { ------------------ | Branch (119:13): [True: 6, False: 0] ------------------ 120| 6| return (bit.as_u32() & allowed); 121| 6| } else { 122| 0| return 0; 123| 0| } 124| 6| } cpuid_x86.cpp:_ZN5Botan5CPUID6if_setIZNS0_10CPUID_Data19detect_cpu_featuresEjE16x86_CPUID_7_bitsEEjmT_NS_10CPUFeatureEj: 117| 8| static inline uint32_t if_set(uint64_t cpuid, T flag, CPUID::Feature bit, uint32_t allowed) { 118| 8| const uint64_t flag64 = static_cast(flag); 119| 8| if((cpuid & flag64) == flag64) { ------------------ | Branch (119:13): [True: 5, False: 3] ------------------ 120| 5| return (bit.as_u32() & allowed); 121| 5| } else { 122| 3| return 0; 123| 3| } 124| 8| } cpuid_x86.cpp:_ZN5Botan5CPUID6if_setIZNS0_10CPUID_Data19detect_cpu_featuresEjE18x86_CPUID_7_1_bitsEEjmT_NS_10CPUFeatureEj: 117| 3| static inline uint32_t if_set(uint64_t cpuid, T flag, CPUID::Feature bit, uint32_t allowed) { 118| 3| const uint64_t flag64 = static_cast(flag); 119| 3| if((cpuid & flag64) == flag64) { ------------------ | Branch (119:13): [True: 0, False: 3] ------------------ 120| 0| return (bit.as_u32() & allowed); 121| 3| } else { 122| 3| return 0; 123| 3| } 124| 3| } _ZN5Botan10CPUFeatureC2ENS0_3BitE: 51| 267k| CPUFeature(Bit b) : m_bit(b) {} // NOLINT(*-explicit-conversions) _ZNK5Botan10CPUFeature6as_u32Ev: 53| 267k| uint32_t as_u32() const { return static_cast(m_bit); } _ZN5Botan2CT8is_equalIhEENS0_4MaskIT_EEPKS3_S6_m: 798| 772|constexpr inline CT::Mask is_equal(const T x[], const T y[], size_t len) { 799| 772| if(std::is_constant_evaluated()) { ------------------ | Branch (799:7): [Folded, False: 772] ------------------ 800| 0| T difference = 0; 801| | 802| 0| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (802:25): [True: 0, False: 0] ------------------ 803| 0| difference = difference | (x[i] ^ y[i]); 804| 0| } 805| | 806| 0| return CT::Mask::is_zero(difference); 807| 772| } else { 808| 772| volatile T difference = 0; 809| | 810| 14.5k| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (810:25): [True: 13.7k, False: 772] ------------------ 811| 13.7k| difference = difference | (x[i] ^ y[i]); 812| 13.7k| } 813| | 814| 772| return CT::Mask::is_zero(difference); 815| 772| } 816| 772|} _ZN5Botan2CT4MaskIhE7is_zeroEh: 437| 2.61k| static constexpr Mask is_zero(T x) { return Mask(ct_is_zero(value_barrier(x))); } _ZN5Botan2CT4MaskIhEC2Eh: 637| 11.5k| constexpr explicit Mask(T m) : m_mask(m) {} _ZNK5Botan2CT4MaskIhE7as_boolEv: 614| 9.64k| constexpr bool as_bool() const { return unpoisoned_value() != 0; } _ZNK5Botan2CT4MaskIhE16unpoisoned_valueEv: 598| 11.4k| constexpr T unpoisoned_value() const { 599| 11.4k| T r = value(); 600| 11.4k| CT::unpoison(r); 601| 11.4k| return r; 602| 11.4k| } _ZNK5Botan2CT4MaskIhE5valueEv: 630| 13.0k| constexpr T value() const { return value_barrier(m_mask); } _ZN5Botan2CT8unpoisonITkNSt3__18integralEhEEvRKT_: 112| 11.5k|constexpr void unpoison(const T& p) { 113| 11.5k| unpoison(&p, 1); 114| 11.5k|} _ZN5Botan2CT8unpoisonIhEEvPKT_m: 67| 16.3k|constexpr inline void unpoison(const T* p, size_t n) { 68| |#if defined(BOTAN_HAS_VALGRIND) 69| | if(!std::is_constant_evaluated()) { 70| | VALGRIND_MAKE_MEM_DEFINED(p, n * sizeof(T)); 71| | } 72| |#endif 73| | 74| 16.3k| BOTAN_UNUSED(p, n); ------------------ | | 144| 16.3k|#define BOTAN_UNUSED Botan::ignore_params ------------------ 75| 16.3k|} _ZN5Botan2CT6Choice9from_maskEm: 303| 10.5M| constexpr static Choice from_mask(underlying_type v) { return Choice(v); } _ZN5Botan2CT6Choice2noEv: 307| 1.69k| constexpr static Choice no() { return Choice(0); } _ZNK5Botan2CT6ChoicentEv: 309| 369k| constexpr Choice operator!() const { return Choice(~value()); } _ZNK5Botan2CT6ChoiceaaERKS1_: 311| 1.40M| constexpr Choice operator&&(const Choice& other) const { return Choice(value() & other.value()); } _ZNK5Botan2CT6ChoiceooERKS1_: 313| 43.8k| constexpr Choice operator||(const Choice& other) const { return Choice(value() | other.value()); } _ZNK5Botan2CT6ChoiceneERKS1_: 315| 1.69k| constexpr Choice operator!=(const Choice& other) const { return Choice(value() ^ other.value()); } _ZNK5Botan2CT6Choice7as_boolEv: 329| 426k| constexpr bool as_bool() const { return m_value != 0; } _ZNK5Botan2CT6Choice5valueEv: 332| 12.6M| constexpr underlying_type value() const { return value_barrier(m_value); } _ZN5Botan2CT6ChoiceC2Em: 341| 12.3M| constexpr explicit Choice(underlying_type v) : m_value(CT::value_barrier(v)) {} _ZN5Botan2CT4MaskImE7is_zeroEm: 437| 31.3M| static constexpr Mask is_zero(T x) { return Mask(ct_is_zero(value_barrier(x))); } _ZNK5Botan2CT4MaskImE5valueEv: 630| 49.4M| constexpr T value() const { return value_barrier(m_mask); } _ZNK5Botan2CT4MaskImEcoEv: 533| 15.7M| constexpr Mask operator~() const { return Mask(~value()); } _ZN5Botan2CT4MaskImE6expandEm: 392| 15.1M| static constexpr Mask expand(T v) { return ~Mask::is_zero(value_barrier(v)); } _ZNK5Botan2CT4MaskImE6selectEmm: 548| 1.66M| constexpr T select(T x, T y) const { return choose(value(), x, y); } _ZNK5Botan2CT4MaskImE16conditional_swapImEEvRT_S5_QlestTL0__stS4_: 587| 50.2k| { 588| 50.2k| auto cnd = Mask(*this); 589| 50.2k| U t0 = cnd.select(y, x); 590| 50.2k| U t1 = cnd.select(x, y); 591| 50.2k| x = t0; 592| 50.2k| y = t1; 593| 50.2k| } _ZN5Botan2CT6poisonIhEEvPKT_m: 56| 4.82k|constexpr inline void poison(const T* p, size_t n) { 57| |#if defined(BOTAN_HAS_VALGRIND) 58| | if(!std::is_constant_evaluated()) { 59| | VALGRIND_MAKE_MEM_UNDEFINED(p, n * sizeof(T)); 60| | } 61| |#endif 62| | 63| 4.82k| BOTAN_UNUSED(p, n); ------------------ | | 144| 4.82k|#define BOTAN_UNUSED Botan::ignore_params ------------------ 64| 4.82k|} _ZN5Botan2CT8unpoisonItEEvPKT_m: 67| 306|constexpr inline void unpoison(const T* p, size_t n) { 68| |#if defined(BOTAN_HAS_VALGRIND) 69| | if(!std::is_constant_evaluated()) { 70| | VALGRIND_MAKE_MEM_DEFINED(p, n * sizeof(T)); 71| | } 72| |#endif 73| | 74| 306| BOTAN_UNUSED(p, n); ------------------ | | 144| 306|#define BOTAN_UNUSED Botan::ignore_params ------------------ 75| 306|} _ZN5Botan2CT4MaskImE14expand_top_bitEm: 415| 1.63M| static constexpr Mask expand_top_bit(T v) { return Mask(ct_expand_top_bit(v)); } _ZN5Botan2CT4MaskImEC2Em: 637| 49.0M| constexpr explicit Mask(T m) : m_mask(m) {} _ZN5Botan2CT4MaskImE5is_ltEmm: 450| 1.63M| static constexpr Mask is_lt(T x, T y) { 451| 1.63M| T u = x ^ ((x ^ y) | ((x - y) ^ x)); 452| 1.63M| return Mask::expand_top_bit(u); 453| 1.63M| } _ZNK5Botan2CT4MaskImE13if_set_returnEm: 538| 646k| constexpr T if_set_return(T x) const { return value() & x; } _ZN5Botan2CT4MaskImE8is_equalEmm: 442| 8.80M| static constexpr Mask is_equal(T x, T y) { 443| 8.80M| const T diff = value_barrier(x) ^ value_barrier(y); 444| 8.80M| return Mask::is_zero(diff); 445| 8.80M| } _ZN5Botan2CT8unpoisonITkNSt3__18integralEmEEvRKT_: 112| 10.7M|constexpr void unpoison(const T& p) { 113| 10.7M| unpoison(&p, 1); 114| 10.7M|} _ZN5Botan2CT8unpoisonImEEvPKT_m: 67| 10.8M|constexpr inline void unpoison(const T* p, size_t n) { 68| |#if defined(BOTAN_HAS_VALGRIND) 69| | if(!std::is_constant_evaluated()) { 70| | VALGRIND_MAKE_MEM_DEFINED(p, n * sizeof(T)); 71| | } 72| |#endif 73| | 74| 10.8M| BOTAN_UNUSED(p, n); ------------------ | | 144| 10.8M|#define BOTAN_UNUSED Botan::ignore_params ------------------ 75| 10.8M|} _ZNK5Botan2CT4MaskImE7as_boolEv: 614| 52.0k| constexpr bool as_bool() const { return unpoisoned_value() != 0; } _ZNK5Botan2CT4MaskImE16unpoisoned_valueEv: 598| 10.5M| constexpr T unpoisoned_value() const { 599| 10.5M| T r = value(); 600| 10.5M| CT::unpoison(r); 601| 10.5M| return r; 602| 10.5M| } _ZNK5Botan2CT4MaskImE11select_maskES2_S2_: 559| 265k| Mask select_mask(Mask x, Mask y) const { return Mask(select(x.value(), y.value())); } _ZN5Botan2CT4MaskImEaNES2_: 494| 49| Mask& operator&=(Mask o) { 495| 49| m_mask &= o.value(); 496| 49| return (*this); 497| 49| } _ZNK5Botan2CT4MaskImE8select_nEPmPKmS5_m: 565| 10.2M| constexpr void select_n(T output[], const T x[], const T y[], size_t len) const { 566| 10.2M| const T mask = value(); 567| 70.0M| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (567:28): [True: 59.8M, False: 10.2M] ------------------ 568| 59.8M| output[i] = choose(mask, x[i], y[i]); 569| 59.8M| } 570| 10.2M| } _ZNK5Botan2CT4MaskIhE6selectEhh: 548| 1.46k| constexpr T select(T x, T y) const { return choose(value(), x, y); } _ZNK5Botan2CT4MaskImE9as_choiceEv: 619| 10.5M| constexpr CT::Choice as_choice() const { 620| 10.5M| if constexpr(sizeof(T) >= sizeof(Choice::underlying_type)) { 621| 10.5M| return CT::Choice::from_mask(static_cast(unpoisoned_value())); 622| | } else { 623| | return CT::Choice::from_int(unpoisoned_value()); 624| | } 625| 10.5M| } _ZN5Botan2CT6poisonImEEvPKT_m: 56| 13.5k|constexpr inline void poison(const T* p, size_t n) { 57| |#if defined(BOTAN_HAS_VALGRIND) 58| | if(!std::is_constant_evaluated()) { 59| | VALGRIND_MAKE_MEM_UNDEFINED(p, n * sizeof(T)); 60| | } 61| |#endif 62| | 63| 13.5k| BOTAN_UNUSED(p, n); ------------------ | | 144| 13.5k|#define BOTAN_UNUSED Botan::ignore_params ------------------ 64| 13.5k|} _ZN5Botan2CT4MaskImE6is_gteEmm: 468| 1.46k| static constexpr Mask is_gte(T x, T y) { return ~Mask::is_lt(x, y); } _ZN5Botan2CT20conditional_copy_memImEENS0_4MaskIT_EES3_PS3_PKS3_S7_m: 738| 48|constexpr inline Mask conditional_copy_mem(T cnd, T* dest, const T* if_set, const T* if_unset, size_t elems) { 739| 48| const auto mask = CT::Mask::expand(cnd); 740| 48| return CT::conditional_copy_mem(mask, dest, if_set, if_unset, elems); 741| 48|} _ZN5Botan2CT20conditional_copy_memImEENS0_4MaskIT_EES4_PS3_PKS3_S7_m: 732| 48|constexpr inline Mask conditional_copy_mem(Mask mask, T* dest, const T* if_set, const T* if_unset, size_t elems) { 733| 48| mask.select_n(dest, if_set, if_unset, elems); 734| 48| return mask; 735| 48|} _ZN5Botan2CTeoENS0_4MaskImEES2_: 523| 4.48k| friend Mask operator^(Mask x, Mask y) { return Mask(x.value() ^ y.value()); } _ZN5Botan2CT8is_equalIhEENS0_4MaskIT_EENSt3__14spanIKS3_Lm18446744073709551615EEES8_: 825| 9.53k|constexpr inline CT::Mask is_equal(std::span x, std::span y) { 826| 9.53k| if(x.size() != y.size()) { ------------------ | Branch (826:7): [True: 8.96k, False: 564] ------------------ 827| 8.96k| return CT::Mask::cleared(); 828| 8.96k| } 829| | 830| 564| return is_equal(x.data(), y.data(), x.size()); 831| 9.53k|} _ZN5Botan2CT4MaskIhE7clearedEv: 387| 8.96k| static constexpr Mask cleared() { return Mask(0); } _ZN5Botan2CT13scoped_poisonIJNSt3__16vectorIhNS_16secure_allocatorIhEEEEEQaaaagtsZT_Li0Efraa10poisonableIT_Efraa12unpoisonableIS7_EEEDaDpRKS7_: 222| 8|[[nodiscard]] constexpr auto scoped_poison(const Ts&... xs) { 223| 8| auto scope = scoped_cleanup([&] { unpoison_all(xs...); }); 224| 8| poison_all(xs...); 225| 8| return scope; 226| 8|} _ZN5Botan2CT10poison_allITpTkNS0_10poisonableEJNSt3__16vectorIhNS_16secure_allocatorIhEEEEEQgtsZT_Li0EEEvDpRKT_: 201| 8|constexpr void poison_all(const Ts&... ts) { 202| 8| (poison(ts), ...); 203| 8|} _ZN5Botan2CT6poisonITkNS_6ranges14spanable_rangeENSt3__16vectorIhNS_16secure_allocatorIhEEEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEnt17custom_poisonableISC_EEEvRKSC_: 121| 8|constexpr void poison(const R& r) { 122| 8| const std::span s{r}; 123| 8| poison(s.data(), s.size()); 124| 8|} _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__15arrayIhLm56EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt19custom_unpoisonableISA_EEEvRKSA_: 128| 7|constexpr void unpoison(const R& r) { 129| 7| const std::span s{r}; 130| 7| unpoison(s.data(), s.size()); 131| 7|} _ZZN5Botan2CT13scoped_poisonIJNSt3__16vectorIhNS_16secure_allocatorIhEEEEEQaaaagtsZT_Li0Efraa10poisonableIT_Efraa12unpoisonableIS7_EEEDaDpRKS7_ENKUlvE_clEv: 223| 8| auto scope = scoped_cleanup([&] { unpoison_all(xs...); }); _ZN5Botan2CT12unpoison_allITpTkNS0_12unpoisonableEJNSt3__16vectorIhNS_16secure_allocatorIhEEEEEQgtsZT_Li0EEEvDpRKT_: 207| 8|constexpr void unpoison_all(const Ts&... ts) { 208| 8| (unpoison(ts), ...); 209| 8|} _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__16vectorIhNS_16secure_allocatorIhEEEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEnt19custom_unpoisonableISC_EEEvRKSC_: 128| 9|constexpr void unpoison(const R& r) { 129| 9| const std::span s{r}; 130| 9| unpoison(s.data(), s.size()); 131| 9|} _ZN5Botan2CT9all_zerosIhEENS0_4MaskIT_EEPKS3_m: 785| 4|constexpr inline CT::Mask all_zeros(const T elem[], size_t len) { 786| 4| T sum = 0; 787| 156| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (787:22): [True: 152, False: 4] ------------------ 788| 152| sum |= elem[i]; 789| 152| } 790| 4| return CT::Mask::is_zero(sum); 791| 4|} _ZN5Botan2CT4MaskImE7clearedEv: 387| 8| static constexpr Mask cleared() { return Mask(0); } _ZN5Botan2CT4MaskImEeOES2_: 502| 3.58k| Mask& operator^=(Mask o) { 503| 3.58k| m_mask ^= o.value(); 504| 3.58k| return (*this); 505| 3.58k| } _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__16vectorImNS_16secure_allocatorImEEEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEnt19custom_unpoisonableISC_EEEvRKSC_: 128| 144|constexpr void unpoison(const R& r) { 129| 144| const std::span s{r}; 130| 144| unpoison(s.data(), s.size()); 131| 144|} _ZN5Botan2CT9all_zerosImEENS0_4MaskIT_EEPKS3_m: 785| 2.19M|constexpr inline CT::Mask all_zeros(const T elem[], size_t len) { 786| 2.19M| T sum = 0; 787| 15.8M| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (787:22): [True: 13.6M, False: 2.19M] ------------------ 788| 13.6M| sum |= elem[i]; 789| 13.6M| } 790| 2.19M| return CT::Mask::is_zero(sum); 791| 2.19M|} _ZN5Botan2CT4MaskItEC2Et: 637| 113k| constexpr explicit Mask(T m) : m_mask(m) {} _ZN5Botan2CT4MaskItE14expand_top_bitEt: 415| 22.6k| static constexpr Mask expand_top_bit(T v) { return Mask(ct_expand_top_bit(v)); } _ZNK5Botan2CT4MaskItEcoEv: 533| 45.2k| constexpr Mask operator~() const { return Mask(~value()); } _ZNK5Botan2CT4MaskItE5valueEv: 630| 113k| constexpr T value() const { return value_barrier(m_mask); } _ZNK5Botan2CT4MaskItE7as_boolEv: 614| 102| constexpr bool as_bool() const { return unpoisoned_value() != 0; } _ZNK5Botan2CT4MaskItE16unpoisoned_valueEv: 598| 102| constexpr T unpoisoned_value() const { 599| 102| T r = value(); 600| 102| CT::unpoison(r); 601| 102| return r; 602| 102| } _ZN5Botan2CT8unpoisonITkNSt3__18integralEtEEvRKT_: 112| 306|constexpr void unpoison(const T& p) { 113| 306| unpoison(&p, 1); 114| 306|} _ZN5Botan2CT4MaskIhE8is_equalEhh: 442| 1.84k| static constexpr Mask is_equal(T x, T y) { 443| 1.84k| const T diff = value_barrier(x) ^ value_barrier(y); 444| 1.84k| return Mask::is_zero(diff); 445| 1.84k| } _ZN5Botan2CT4MaskIhEC2ImEENS1_IT_EE: 375| 1.46k| constexpr explicit Mask(Mask o) : m_mask(static_cast(o.value())) { 376| 1.46k| static_assert(sizeof(U) > sizeof(T), "sizes ok"); 377| 1.46k| } _ZN5Botan2CT4MaskImE6is_lteEmm: 463| 585k| static constexpr Mask is_lte(T x, T y) { return ~Mask::is_gt(x, y); } _ZN5Botan2CT4MaskImE5is_gtEmm: 458| 585k| static constexpr Mask is_gt(T x, T y) { return Mask::is_lt(y, x); } _ZN5Botan2CT6Choice8from_intIjQaasr3stdE17unsigned_integralIT_Entsr3stdE7same_asIbS3_EEES1_S3_: 268| 54| constexpr static Choice from_int(T v) { 269| 54| if constexpr(sizeof(T) <= sizeof(underlying_type)) { 270| 54| return !Choice(ct_is_zero(v)); 271| | } else { 272| | // Mask of T that is either |0| or |1| 273| | const T v_is_0 = ct_is_zero(value_barrier(v)); 274| | 275| | // We want the mask to be set if v != 0 so we must check that 276| | // v_is_0 is itself zero. 277| | // 278| | // Also sizeof(T) may not equal sizeof(underlying_type) so we must 279| | // use ct_is_zero. It's ok to either truncate or 280| | // zero extend v_is_0 to 32 bits since we know it is |0| or |1| 281| | // so even just the low bit is sufficient. 282| | return Choice(ct_is_zero(static_cast(v_is_0))); 283| | } 284| 54| } _ZN5Botan2CT6poisonITkNS_6ranges14spanable_rangeENSt3__14spanIKmLm18446744073709551615EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEnt17custom_poisonableISB_EEEvRKSB_: 121| 48|constexpr void poison(const R& r) { 122| 48| const std::span s{r}; 123| 48| poison(s.data(), s.size()); 124| 48|} _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__14spanIKmLm18446744073709551615EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEnt19custom_unpoisonableISB_EEEvRKSB_: 128| 48|constexpr void unpoison(const R& r) { 129| 48| const std::span s{r}; 130| 48| unpoison(s.data(), s.size()); 131| 48|} _ZN5Botan2CT22conditional_assign_memImEENS0_4MaskIT_EES3_PS3_PKS3_m: 749| 10.2M|constexpr inline Mask conditional_assign_mem(T cnd, T* dest, const T* src, size_t elems) { 750| 10.2M| const auto mask = CT::Mask::expand(cnd); 751| 10.2M| mask.select_n(dest, src, dest, elems); 752| 10.2M| return mask; 753| 10.2M|} _ZNK5Botan2CT6Choice12into_bitmaskImQaasr3stdE17unsigned_integralIT_Entsr3stdE7same_asIbS3_EEES3_v: 291| 9.36M| constexpr T into_bitmask() const { 292| 9.36M| if constexpr(sizeof(T) <= sizeof(underlying_type)) { 293| | // The inner mask is already |0| or |1| so just truncate 294| 9.36M| return static_cast(value()); 295| | } else { 296| | return ~ct_is_zero(value()); 297| | } 298| 9.36M| } pcurves_brainpool256r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES4_E11FieldParamsEEEEES9_EEEEvRKT_: 138| 1.17k|constexpr void poison(const T& x) { 139| 1.17k| x._const_time_poison(); 140| 1.17k|} pcurves_brainpool256r1.cpp:_ZN5Botan2CT10poison_allITpTkNS0_10poisonableEJNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 201| 1.17k|constexpr void poison_all(const Ts&... ts) { 202| 1.17k| (poison(ts), ...); 203| 1.17k|} pcurves_brainpool256r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEEEEvRKT_: 138| 3.52k|constexpr void poison(const T& x) { 139| 3.52k| x._const_time_poison(); 140| 3.52k|} _ZN5Botan2CT6poisonITkNS_6ranges14spanable_rangeENSt3__15arrayImLm4EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt17custom_poisonableISA_EEEvRKSA_: 121| 5.87k|constexpr void poison(const R& r) { 122| 5.87k| const std::span s{r}; 123| 5.87k| poison(s.data(), s.size()); 124| 5.87k|} pcurves_brainpool256r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES4_E11FieldParamsEEEEES9_EEEEvRKT_: 143| 1.17k|constexpr void unpoison(const T& x) { 144| 1.17k| x._const_time_unpoison(); 145| 1.17k|} pcurves_brainpool256r1.cpp:_ZN5Botan2CT12unpoison_allITpTkNS0_12unpoisonableEJNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 207| 1.17k|constexpr void unpoison_all(const Ts&... ts) { 208| 1.17k| (unpoison(ts), ...); 209| 1.17k|} pcurves_brainpool256r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEEEEvRKT_: 143| 3.52k|constexpr void unpoison(const T& x) { 144| 3.52k| x._const_time_unpoison(); 145| 3.52k|} _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__15arrayImLm4EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt19custom_unpoisonableISA_EEEvRKSA_: 128| 5.87k|constexpr void unpoison(const R& r) { 129| 5.87k| const std::span s{r}; 130| 5.87k| unpoison(s.data(), s.size()); 131| 5.87k|} _ZN5Botan2CT8is_equalImEENS0_4MaskIT_EEPKS3_S6_m: 798| 13.0k|constexpr inline CT::Mask is_equal(const T x[], const T y[], size_t len) { 799| 13.0k| if(std::is_constant_evaluated()) { ------------------ | Branch (799:7): [Folded, False: 13.0k] ------------------ 800| 0| T difference = 0; 801| | 802| 0| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (802:25): [True: 0, False: 0] ------------------ 803| 0| difference = difference | (x[i] ^ y[i]); 804| 0| } 805| | 806| 0| return CT::Mask::is_zero(difference); 807| 13.0k| } else { 808| 13.0k| volatile T difference = 0; 809| | 810| 76.7k| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (810:25): [True: 63.7k, False: 13.0k] ------------------ 811| 63.7k| difference = difference | (x[i] ^ y[i]); 812| 63.7k| } 813| | 814| 13.0k| return CT::Mask::is_zero(difference); 815| 13.0k| } 816| 13.0k|} _ZNK5Botan2CT4MaskIhE9as_choiceEv: 619| 1.84k| constexpr CT::Choice as_choice() const { 620| | if constexpr(sizeof(T) >= sizeof(Choice::underlying_type)) { 621| | return CT::Choice::from_mask(static_cast(unpoisoned_value())); 622| 1.84k| } else { 623| 1.84k| return CT::Choice::from_int(unpoisoned_value()); 624| 1.84k| } 625| 1.84k| } _ZN5Botan2CT6Choice8from_intIhQaasr3stdE17unsigned_integralIT_Entsr3stdE7same_asIbS3_EEES1_S3_: 268| 1.84k| constexpr static Choice from_int(T v) { 269| 1.84k| if constexpr(sizeof(T) <= sizeof(underlying_type)) { 270| 1.84k| return !Choice(ct_is_zero(v)); 271| | } else { 272| | // Mask of T that is either |0| or |1| 273| | const T v_is_0 = ct_is_zero(value_barrier(v)); 274| | 275| | // We want the mask to be set if v != 0 so we must check that 276| | // v_is_0 is itself zero. 277| | // 278| | // Also sizeof(T) may not equal sizeof(underlying_type) so we must 279| | // use ct_is_zero. It's ok to either truncate or 280| | // zero extend v_is_0 to 32 bits since we know it is |0| or |1| 281| | // so even just the low bit is sufficient. 282| | return Choice(ct_is_zero(static_cast(v_is_0))); 283| | } 284| 1.84k| } pcurves_brainpool256r1.cpp:_ZN5Botan2CT6OptionINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEEEC2ESC_NS0_6ChoiceE: 653| 528| constexpr Option(T v, Choice valid) : m_has_value(valid), m_value(std::move(v)) {} pcurves_brainpool256r1.cpp:_ZNK5Botan2CT6OptionINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEEE19as_optional_vartimeEv: 710| 528| constexpr std::optional as_optional_vartime() const { 711| 528| if(m_has_value.as_bool()) { ------------------ | Branch (711:13): [True: 514, False: 14] ------------------ 712| 514| return {m_value}; 713| 514| } else { 714| 14| return {}; 715| 14| } 716| 528| } _ZN5Botan2CT6Choice8from_intImQaasr3stdE17unsigned_integralIT_Entsr3stdE7same_asIbS3_EEES1_S3_: 268| 1.69k| constexpr static Choice from_int(T v) { 269| 1.69k| if constexpr(sizeof(T) <= sizeof(underlying_type)) { 270| 1.69k| return !Choice(ct_is_zero(v)); 271| | } else { 272| | // Mask of T that is either |0| or |1| 273| | const T v_is_0 = ct_is_zero(value_barrier(v)); 274| | 275| | // We want the mask to be set if v != 0 so we must check that 276| | // v_is_0 is itself zero. 277| | // 278| | // Also sizeof(T) may not equal sizeof(underlying_type) so we must 279| | // use ct_is_zero. It's ok to either truncate or 280| | // zero extend v_is_0 to 32 bits since we know it is |0| or |1| 281| | // so even just the low bit is sufficient. 282| | return Choice(ct_is_zero(static_cast(v_is_0))); 283| | } 284| 1.69k| } pcurves_brainpool384r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES4_E11FieldParamsEEEEES9_EEEEvRKT_: 138| 601|constexpr void poison(const T& x) { 139| 601| x._const_time_poison(); 140| 601|} pcurves_brainpool384r1.cpp:_ZN5Botan2CT10poison_allITpTkNS0_10poisonableEJNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 201| 601|constexpr void poison_all(const Ts&... ts) { 202| 601| (poison(ts), ...); 203| 601|} pcurves_brainpool384r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEEEEvRKT_: 138| 1.80k|constexpr void poison(const T& x) { 139| 1.80k| x._const_time_poison(); 140| 1.80k|} _ZN5Botan2CT6poisonITkNS_6ranges14spanable_rangeENSt3__15arrayImLm6EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt17custom_poisonableISA_EEEvRKSA_: 121| 4.08k|constexpr void poison(const R& r) { 122| 4.08k| const std::span s{r}; 123| 4.08k| poison(s.data(), s.size()); 124| 4.08k|} pcurves_brainpool384r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES4_E11FieldParamsEEEEES9_EEEEvRKT_: 143| 601|constexpr void unpoison(const T& x) { 144| 601| x._const_time_unpoison(); 145| 601|} pcurves_brainpool384r1.cpp:_ZN5Botan2CT12unpoison_allITpTkNS0_12unpoisonableEJNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 207| 601|constexpr void unpoison_all(const Ts&... ts) { 208| 601| (unpoison(ts), ...); 209| 601|} pcurves_brainpool384r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEEEEvRKT_: 143| 1.80k|constexpr void unpoison(const T& x) { 144| 1.80k| x._const_time_unpoison(); 145| 1.80k|} _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__15arrayImLm6EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt19custom_unpoisonableISA_EEEvRKSA_: 128| 4.08k|constexpr void unpoison(const R& r) { 129| 4.08k| const std::span s{r}; 130| 4.08k| unpoison(s.data(), s.size()); 131| 4.08k|} pcurves_brainpool384r1.cpp:_ZN5Botan2CT6OptionINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEEEC2ESC_NS0_6ChoiceE: 653| 221| constexpr Option(T v, Choice valid) : m_has_value(valid), m_value(std::move(v)) {} pcurves_brainpool384r1.cpp:_ZNK5Botan2CT6OptionINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEEE19as_optional_vartimeEv: 710| 221| constexpr std::optional as_optional_vartime() const { 711| 221| if(m_has_value.as_bool()) { ------------------ | Branch (711:13): [True: 168, False: 53] ------------------ 712| 168| return {m_value}; 713| 168| } else { 714| 53| return {}; 715| 53| } 716| 221| } pcurves_brainpool512r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES4_E11FieldParamsEEEEES9_EEEEvRKT_: 138| 510|constexpr void poison(const T& x) { 139| 510| x._const_time_poison(); 140| 510|} pcurves_brainpool512r1.cpp:_ZN5Botan2CT10poison_allITpTkNS0_10poisonableEJNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 201| 510|constexpr void poison_all(const Ts&... ts) { 202| 510| (poison(ts), ...); 203| 510|} pcurves_brainpool512r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEEEEvRKT_: 138| 1.53k|constexpr void poison(const T& x) { 139| 1.53k| x._const_time_poison(); 140| 1.53k|} _ZN5Botan2CT6poisonITkNS_6ranges14spanable_rangeENSt3__15arrayImLm8EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt17custom_poisonableISA_EEEvRKSA_: 121| 1.53k|constexpr void poison(const R& r) { 122| 1.53k| const std::span s{r}; 123| 1.53k| poison(s.data(), s.size()); 124| 1.53k|} pcurves_brainpool512r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES4_E11FieldParamsEEEEES9_EEEEvRKT_: 143| 510|constexpr void unpoison(const T& x) { 144| 510| x._const_time_unpoison(); 145| 510|} pcurves_brainpool512r1.cpp:_ZN5Botan2CT12unpoison_allITpTkNS0_12unpoisonableEJNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 207| 510|constexpr void unpoison_all(const Ts&... ts) { 208| 510| (unpoison(ts), ...); 209| 510|} pcurves_brainpool512r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEEEEvRKT_: 143| 1.53k|constexpr void unpoison(const T& x) { 144| 1.53k| x._const_time_unpoison(); 145| 1.53k|} _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__15arrayImLm8EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt19custom_unpoisonableISA_EEEvRKSA_: 128| 1.53k|constexpr void unpoison(const R& r) { 129| 1.53k| const std::span s{r}; 130| 1.53k| unpoison(s.data(), s.size()); 131| 1.53k|} pcurves_brainpool512r1.cpp:_ZN5Botan2CT6OptionINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEEEC2ESC_NS0_6ChoiceE: 653| 199| constexpr Option(T v, Choice valid) : m_has_value(valid), m_value(std::move(v)) {} pcurves_brainpool512r1.cpp:_ZNK5Botan2CT6OptionINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEEE19as_optional_vartimeEv: 710| 199| constexpr std::optional as_optional_vartime() const { 711| 199| if(m_has_value.as_bool()) { ------------------ | Branch (711:13): [True: 150, False: 49] ------------------ 712| 150| return {m_value}; 713| 150| } else { 714| 49| return {}; 715| 49| } 716| 199| } _ZN5Botan2CT6poisonITkNS_6ranges14spanable_rangeENSt3__15arrayImLm9EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt17custom_poisonableISA_EEEvRKSA_: 121| 1.90k|constexpr void poison(const R& r) { 122| 1.90k| const std::span s{r}; 123| 1.90k| poison(s.data(), s.size()); 124| 1.90k|} _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__15arrayImLm9EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt19custom_unpoisonableISA_EEEvRKSA_: 128| 1.90k|constexpr void unpoison(const R& r) { 129| 1.90k| const std::span s{r}; 130| 1.90k| unpoison(s.data(), s.size()); 131| 1.90k|} pcurves_secp256r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS5_9secp256r16ParamsES6_E11FieldParamsEEEEES9_EEEEvRKT_: 138| 782|constexpr void poison(const T& x) { 139| 782| x._const_time_poison(); 140| 782|} pcurves_secp256r1.cpp:_ZN5Botan2CT10poison_allITpTkNS0_10poisonableEJNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 201| 782|constexpr void poison_all(const Ts&... ts) { 202| 782| (poison(ts), ...); 203| 782|} pcurves_secp256r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEEEEvRKT_: 138| 2.34k|constexpr void poison(const T& x) { 139| 2.34k| x._const_time_poison(); 140| 2.34k|} pcurves_secp256r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS5_9secp256r16ParamsES6_E11FieldParamsEEEEES9_EEEEvRKT_: 143| 782|constexpr void unpoison(const T& x) { 144| 782| x._const_time_unpoison(); 145| 782|} pcurves_secp256r1.cpp:_ZN5Botan2CT12unpoison_allITpTkNS0_12unpoisonableEJNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 207| 782|constexpr void unpoison_all(const Ts&... ts) { 208| 782| (unpoison(ts), ...); 209| 782|} pcurves_secp256r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEEEEvRKT_: 143| 2.34k|constexpr void unpoison(const T& x) { 144| 2.34k| x._const_time_unpoison(); 145| 2.34k|} pcurves_secp256r1.cpp:_ZN5Botan2CT6OptionINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEEEC2ESC_NS0_6ChoiceE: 653| 338| constexpr Option(T v, Choice valid) : m_has_value(valid), m_value(std::move(v)) {} pcurves_secp256r1.cpp:_ZNK5Botan2CT6OptionINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEEE19as_optional_vartimeEv: 710| 338| constexpr std::optional as_optional_vartime() const { 711| 338| if(m_has_value.as_bool()) { ------------------ | Branch (711:13): [True: 328, False: 10] ------------------ 712| 328| return {m_value}; 713| 328| } else { 714| 10| return {}; 715| 10| } 716| 338| } pcurves_secp384r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS5_9secp384r16ParamsES6_E11FieldParamsEEEEES9_EEEEvRKT_: 138| 759|constexpr void poison(const T& x) { 139| 759| x._const_time_poison(); 140| 759|} pcurves_secp384r1.cpp:_ZN5Botan2CT10poison_allITpTkNS0_10poisonableEJNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 201| 759|constexpr void poison_all(const Ts&... ts) { 202| 759| (poison(ts), ...); 203| 759|} pcurves_secp384r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEEEEvRKT_: 138| 2.27k|constexpr void poison(const T& x) { 139| 2.27k| x._const_time_poison(); 140| 2.27k|} pcurves_secp384r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS5_9secp384r16ParamsES6_E11FieldParamsEEEEES9_EEEEvRKT_: 143| 759|constexpr void unpoison(const T& x) { 144| 759| x._const_time_unpoison(); 145| 759|} pcurves_secp384r1.cpp:_ZN5Botan2CT12unpoison_allITpTkNS0_12unpoisonableEJNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 207| 759|constexpr void unpoison_all(const Ts&... ts) { 208| 759| (unpoison(ts), ...); 209| 759|} pcurves_secp384r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEEEEvRKT_: 143| 2.27k|constexpr void unpoison(const T& x) { 144| 2.27k| x._const_time_unpoison(); 145| 2.27k|} pcurves_secp384r1.cpp:_ZN5Botan2CT6OptionINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEEEC2ESC_NS0_6ChoiceE: 653| 299| constexpr Option(T v, Choice valid) : m_has_value(valid), m_value(std::move(v)) {} pcurves_secp384r1.cpp:_ZNK5Botan2CT6OptionINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEEE19as_optional_vartimeEv: 710| 299| constexpr std::optional as_optional_vartime() const { 711| 299| if(m_has_value.as_bool()) { ------------------ | Branch (711:13): [True: 295, False: 4] ------------------ 712| 295| return {m_value}; 713| 295| } else { 714| 4| return {}; 715| 4| } 716| 299| } pcurves_secp521r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS6_6ParamsES7_E11FieldParamsEEEEES9_EEEEvRKT_: 138| 635|constexpr void poison(const T& x) { 139| 635| x._const_time_poison(); 140| 635|} pcurves_secp521r1.cpp:_ZN5Botan2CT10poison_allITpTkNS0_10poisonableEJNS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 201| 635|constexpr void poison_all(const Ts&... ts) { 202| 635| (poison(ts), ...); 203| 635|} pcurves_secp521r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEEEEvRKT_: 138| 1.90k|constexpr void poison(const T& x) { 139| 1.90k| x._const_time_poison(); 140| 1.90k|} pcurves_secp521r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS6_6ParamsES7_E11FieldParamsEEEEES9_EEEEvRKT_: 143| 635|constexpr void unpoison(const T& x) { 144| 635| x._const_time_unpoison(); 145| 635|} pcurves_secp521r1.cpp:_ZN5Botan2CT12unpoison_allITpTkNS0_12unpoisonableEJNS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 207| 635|constexpr void unpoison_all(const Ts&... ts) { 208| 635| (unpoison(ts), ...); 209| 635|} pcurves_secp521r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEEEEvRKT_: 143| 1.90k|constexpr void unpoison(const T& x) { 144| 1.90k| x._const_time_unpoison(); 145| 1.90k|} pcurves_secp521r1.cpp:_ZN5Botan2CT6OptionINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEEEC2ESC_NS0_6ChoiceE: 653| 247| constexpr Option(T v, Choice valid) : m_has_value(valid), m_value(std::move(v)) {} pcurves_secp521r1.cpp:_ZNK5Botan2CT6OptionINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEEE19as_optional_vartimeEv: 710| 247| constexpr std::optional as_optional_vartime() const { 711| 247| if(m_has_value.as_bool()) { ------------------ | Branch (711:13): [True: 237, False: 10] ------------------ 712| 237| return {m_value}; 713| 237| } else { 714| 10| return {}; 715| 10| } 716| 247| } _ZNK5Botan2CT4MaskItE13if_set_returnEt: 538| 204| constexpr T if_set_return(T x) const { return value() & x; } _ZN5Botan2CT4MaskItE7is_zeroEt: 437| 22.7k| static constexpr Mask is_zero(T x) { return Mask(ct_is_zero(value_barrier(x))); } _ZN5Botan2CT4MaskItE5is_ltEtt: 450| 22.6k| static constexpr Mask is_lt(T x, T y) { 451| 22.6k| T u = x ^ ((x ^ y) | ((x - y) ^ x)); 452| 22.6k| return Mask::expand_top_bit(u); 453| 22.6k| } _ZN5Botan2CT4MaskItE5is_gtEtt: 458| 22.5k| static constexpr Mask is_gt(T x, T y) { return Mask::is_lt(y, x); } _ZN5Botan2CT4MaskItE6is_lteEtt: 463| 22.5k| static constexpr Mask is_lte(T x, T y) { return ~Mask::is_gt(x, y); } _ZN5Botan2CT4MaskItE8is_equalEtt: 442| 22.5k| static constexpr Mask is_equal(T x, T y) { 443| 22.5k| const T diff = value_barrier(x) ^ value_barrier(y); 444| 22.5k| return Mask::is_zero(diff); 445| 22.5k| } _ZN5Botan2CT4MaskItE6expandEt: 392| 102| static constexpr Mask expand(T v) { return ~Mask::is_zero(value_barrier(v)); } _ZN5Botan2CT4MaskImE10expand_bitEmm: 421| 5.12k| static constexpr Mask expand_bit(T v, size_t bit) { 422| 5.12k| return CT::Mask::expand_top_bit(v << (sizeof(v) * 8 - 1 - bit)); 423| 5.12k| } _ZNK5Botan2CT4MaskItE17if_not_set_returnEt: 543| 102| constexpr T if_not_set_return(T x) const { return ~value() & x; } _ZN5Botan2CT4MaskItE6expandIhEES2_NS1_IT_EE: 429| 102| static constexpr Mask expand(Mask m) { 430| 102| static_assert(sizeof(U) < sizeof(T), "sizes ok"); 431| 102| return ~Mask::is_zero(m.value()); 432| 102| } _ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS0_4MaskItEEEEvRKT_: 143| 102|constexpr void unpoison(const T& x) { 144| 102| x._const_time_unpoison(); 145| 102|} _ZNK5Botan2CT4MaskItE20_const_time_unpoisonEv: 634| 102| constexpr void _const_time_unpoison() const { CT::unpoison(m_mask); } _ZN5Botan2CTanENS0_4MaskItEES2_: 518| 22.6k| friend Mask operator&(Mask x, Mask y) { return Mask(x.value() & y.value()); } _ZN5Botan2CT4MaskItEoRES2_: 510| 22.4k| Mask& operator|=(Mask o) { 511| 22.4k| m_mask |= o.value(); 512| 22.4k| return (*this); 513| 22.4k| } _ZN5Botan9Gf448Elem3oneEv: 64| 16| static Gf448Elem one() { return Gf448Elem(1); } _ZN5Botan9Gf448Elem4zeroEv: 59| 8| static Gf448Elem zero() { return Gf448Elem(0); } _ZN5Botan9Gf448Elem5wordsEv: 120| 17.9k| std::span words() { return m_x; } _ZNK5Botan9Gf448Elem5wordsEv: 128| 17.9k| std::span words() const { return m_x; } _ZNK5Botan9TripleDES4nameEv: 50| 75| std::string name() const override { return "TripleDES"; } _ZNK5Botan9TripleDES11parallelismEv: 54| 58| size_t parallelism() const override { return 32; } _ZN5Botan11carry_shiftEom: 139| 282k|inline uint64_t carry_shift(const uint128_t a, size_t shift) { 140| 282k| return static_cast(a >> shift); 141| 282k|} _ZN5Botan13combine_lowerEomom: 143| 80|inline uint64_t combine_lower(const uint128_t a, size_t s1, const uint128_t b, size_t s2) { 144| 80| return static_cast((a >> s1) | (b << s2)); 145| 80|} _ZNK5Botan13EC_Group_Data3oidEv: 165| 33.8k| const OID& oid() const { return m_oid; } _ZNK5Botan13EC_Group_Data1pEv: 169| 21.8k| const BigInt& p() const { return m_p; } _ZNK5Botan13EC_Group_Data5curveEv: 180| 10.9k| const CurveGFp& curve() const { return m_curve; } _ZNK5Botan13EC_Group_Data5montyEv: 184| 54.6k| const Montgomery_Params& monty() const { return m_monty; } _ZNK5Botan13EC_Group_Data12has_cofactorEv: 195| 3.38k| bool has_cofactor() const { return m_has_cofactor; } _ZNK5Botan13EC_Group_Data7p_wordsEv: 201| 10.9k| size_t p_words() const { return m_p_words; } _ZNK5Botan13EC_Group_Data6p_bitsEv: 203| 1.69k| size_t p_bits() const { return m_p_bits; } _ZNK5Botan13EC_Group_Data11order_bytesEv: 209| 24.9k| size_t order_bytes() const { return m_order_bytes; } _ZNK5Botan13EC_Group_Data6pcurveEv: 282| 72.0k| const PCurve::PrimeOrderCurve& pcurve() const { 283| 72.0k| BOTAN_ASSERT_NONNULL(m_pcurve); ------------------ | | 116| 72.0k| do { \ | | 117| 72.0k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 72.0k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 72.0k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 72.0k] | | ------------------ ------------------ 284| 72.0k| return *m_pcurve; 285| 72.0k| } _ZN5Botan19EC_AffinePoint_DataD2Ev: 73| 16.0k| virtual ~EC_AffinePoint_Data() = default; _ZN5Botan14EC_Scalar_DataD2Ev: 38| 17.3k| virtual ~EC_Scalar_Data() = default; _ZNK5Botan17EC_Scalar_Data_PC5valueEv: 53| 12.6k| const auto& value() const { return m_v; } _ZN5Botan17EC_Scalar_Data_PCC2ENSt3__110shared_ptrIKNS_13EC_Group_DataEEENS_6PCurve15PrimeOrderCurve6ScalarE: 19| 17.3k| m_group(std::move(group)), m_v(std::move(v)) {} _ZNK5Botan17EC_PublicKey_Data5groupEv: 31| 14.3k| const EC_Group& group() const { return m_group; } _ZNK5Botan17EC_PublicKey_Data10public_keyEv: 33| 4.46k| const EC_AffinePoint& public_key() const { return m_point; } _ZNK5Botan18EC_PrivateKey_Data11private_keyEv: 74| 1.69k| const EC_Scalar& private_key() const { return m_scalar; } _ZN5Botan17EC_PublicKey_DataC2ERKNS_8EC_GroupENSt3__14spanIKhLm18446744073709551615EEE: 29| 6.45k| EC_PublicKey_Data(group, EC_AffinePoint(group, bytes)) {} _ZN5Botan3fmtIJNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEEEES7_NS1_17basic_string_viewIcS4_EEDpRKT_: 53| 13.5k|std::string fmt(std::string_view format, const T&... args) { 54| 13.5k| std::ostringstream oss; 55| 13.5k| oss.imbue(std::locale::classic()); 56| 13.5k| fmt_detail::do_fmt(oss, format, args...); 57| 13.5k| return oss.str(); 58| 13.5k|} _ZN5Botan10fmt_detail6do_fmtINSt3__112basic_stringIcNS2_11char_traitsIcEENS2_9allocatorIcEEEEJEEEvRNS2_19basic_ostringstreamIcS5_S7_EENS2_17basic_string_viewIcS5_EERKT_DpRKT0_: 25| 13.5k|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 13.5k| size_t i = 0; 27| | 28| 134k| while(i < format.size()) { ------------------ | Branch (28:10): [True: 134k, False: 0] ------------------ 29| 134k| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 13.5k, False: 120k] | Branch (29:30): [True: 13.5k, False: 0] | Branch (29:59): [True: 13.5k, False: 0] ------------------ 30| 13.5k| oss << val; 31| 13.5k| return do_fmt(oss, format.substr(i + 2), rest...); 32| 120k| } else { 33| 120k| oss << format[i]; 34| 120k| } 35| | 36| 120k| i += 1; 37| 120k| } 38| 13.5k|} _ZN5Botan10fmt_detail6do_fmtERNSt3__119basic_ostringstreamIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS1_17basic_string_viewIcS4_EE: 20| 18.3k|inline void do_fmt(std::ostringstream& oss, std::string_view format) { 21| 18.3k| oss << format; 22| 18.3k|} _ZN5Botan3fmtIJNSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEEEENS1_12basic_stringIcS4_NS1_9allocatorIcEEEES5_DpRKT_: 53| 3.03k|std::string fmt(std::string_view format, const T&... args) { 54| 3.03k| std::ostringstream oss; 55| 3.03k| oss.imbue(std::locale::classic()); 56| 3.03k| fmt_detail::do_fmt(oss, format, args...); 57| 3.03k| return oss.str(); 58| 3.03k|} _ZN5Botan10fmt_detail6do_fmtINSt3__117basic_string_viewIcNS2_11char_traitsIcEEEEJEEEvRNS2_19basic_ostringstreamIcS5_NS2_9allocatorIcEEEES6_RKT_DpRKT0_: 25| 3.99k|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 3.99k| size_t i = 0; 27| | 28| 27.3k| while(i < format.size()) { ------------------ | Branch (28:10): [True: 27.3k, False: 0] ------------------ 29| 27.3k| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 3.99k, False: 23.3k] | Branch (29:30): [True: 3.99k, False: 0] | Branch (29:59): [True: 3.99k, False: 0] ------------------ 30| 3.99k| oss << val; 31| 3.99k| return do_fmt(oss, format.substr(i + 2), rest...); 32| 23.3k| } else { 33| 23.3k| oss << format[i]; 34| 23.3k| } 35| | 36| 23.3k| i += 1; 37| 23.3k| } 38| 3.99k|} _ZN5Botan3fmtIJPKcS2_S2_EEENSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEENS3_17basic_string_viewIcS6_EEDpRKT_: 53| 9|std::string fmt(std::string_view format, const T&... args) { 54| 9| std::ostringstream oss; 55| 9| oss.imbue(std::locale::classic()); 56| 9| fmt_detail::do_fmt(oss, format, args...); 57| 9| return oss.str(); 58| 9|} _ZN5Botan10fmt_detail6do_fmtIPKcJS3_S3_EEEvRNSt3__119basic_ostringstreamIcNS4_11char_traitsIcEENS4_9allocatorIcEEEENS4_17basic_string_viewIcS7_EERKT_DpRKT0_: 25| 9|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 9| size_t i = 0; 27| | 28| 9| while(i < format.size()) { ------------------ | Branch (28:10): [True: 9, False: 0] ------------------ 29| 9| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 9, False: 0] | Branch (29:30): [True: 9, False: 0] | Branch (29:59): [True: 9, False: 0] ------------------ 30| 9| oss << val; 31| 9| return do_fmt(oss, format.substr(i + 2), rest...); 32| 9| } else { 33| 0| oss << format[i]; 34| 0| } 35| | 36| 0| i += 1; 37| 0| } 38| 9|} _ZN5Botan10fmt_detail6do_fmtIPKcJS3_EEEvRNSt3__119basic_ostringstreamIcNS4_11char_traitsIcEENS4_9allocatorIcEEEENS4_17basic_string_viewIcS7_EERKT_DpRKT0_: 25| 9|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 9| size_t i = 0; 27| | 28| 45| while(i < format.size()) { ------------------ | Branch (28:10): [True: 45, False: 0] ------------------ 29| 45| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 9, False: 36] | Branch (29:30): [True: 9, False: 0] | Branch (29:59): [True: 9, False: 0] ------------------ 30| 9| oss << val; 31| 9| return do_fmt(oss, format.substr(i + 2), rest...); 32| 36| } else { 33| 36| oss << format[i]; 34| 36| } 35| | 36| 36| i += 1; 37| 36| } 38| 9|} _ZN5Botan10fmt_detail6do_fmtIPKcJEEEvRNSt3__119basic_ostringstreamIcNS4_11char_traitsIcEENS4_9allocatorIcEEEENS4_17basic_string_viewIcS7_EERKT_DpRKT0_: 25| 314|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 314| size_t i = 0; 27| | 28| 4.28k| while(i < format.size()) { ------------------ | Branch (28:10): [True: 4.28k, False: 0] ------------------ 29| 4.28k| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 314, False: 3.96k] | Branch (29:30): [True: 314, False: 0] | Branch (29:59): [True: 314, False: 0] ------------------ 30| 314| oss << val; 31| 314| return do_fmt(oss, format.substr(i + 2), rest...); 32| 3.96k| } else { 33| 3.96k| oss << format[i]; 34| 3.96k| } 35| | 36| 3.96k| i += 1; 37| 3.96k| } 38| 314|} _ZN5Botan3fmtIJNSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEPKcEEENS1_12basic_stringIcS4_NS1_9allocatorIcEEEES5_DpRKT_: 53| 297|std::string fmt(std::string_view format, const T&... args) { 54| 297| std::ostringstream oss; 55| 297| oss.imbue(std::locale::classic()); 56| 297| fmt_detail::do_fmt(oss, format, args...); 57| 297| return oss.str(); 58| 297|} _ZN5Botan10fmt_detail6do_fmtINSt3__117basic_string_viewIcNS2_11char_traitsIcEEEEJPKcEEEvRNS2_19basic_ostringstreamIcS5_NS2_9allocatorIcEEEES6_RKT_DpRKT0_: 25| 297|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 297| size_t i = 0; 27| | 28| 297| while(i < format.size()) { ------------------ | Branch (28:10): [True: 297, False: 0] ------------------ 29| 297| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 297, False: 0] | Branch (29:30): [True: 297, False: 0] | Branch (29:59): [True: 297, False: 0] ------------------ 30| 297| oss << val; 31| 297| return do_fmt(oss, format.substr(i + 2), rest...); 32| 297| } else { 33| 0| oss << format[i]; 34| 0| } 35| | 36| 0| i += 1; 37| 0| } 38| 297|} _ZN5Botan3fmtIJPKcNSt3__117basic_string_viewIcNS3_11char_traitsIcEEEEEEENS3_12basic_stringIcS6_NS3_9allocatorIcEEEES7_DpRKT_: 53| 960|std::string fmt(std::string_view format, const T&... args) { 54| 960| std::ostringstream oss; 55| 960| oss.imbue(std::locale::classic()); 56| 960| fmt_detail::do_fmt(oss, format, args...); 57| 960| return oss.str(); 58| 960|} _ZN5Botan10fmt_detail6do_fmtIPKcJNSt3__117basic_string_viewIcNS4_11char_traitsIcEEEEEEEvRNS4_19basic_ostringstreamIcS7_NS4_9allocatorIcEEEES8_RKT_DpRKT0_: 25| 960|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 960| size_t i = 0; 27| | 28| 7.07k| while(i < format.size()) { ------------------ | Branch (28:10): [True: 7.07k, False: 0] ------------------ 29| 7.07k| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 960, False: 6.11k] | Branch (29:30): [True: 960, False: 0] | Branch (29:59): [True: 960, False: 0] ------------------ 30| 960| oss << val; 31| 960| return do_fmt(oss, format.substr(i + 2), rest...); 32| 6.11k| } else { 33| 6.11k| oss << format[i]; 34| 6.11k| } 35| | 36| 6.11k| i += 1; 37| 6.11k| } 38| 960|} _ZN5Botan10fmt_detail6do_fmtImJEEEvRNSt3__119basic_ostringstreamIcNS2_11char_traitsIcEENS2_9allocatorIcEEEENS2_17basic_string_viewIcS5_EERKT_DpRKT0_: 25| 420|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 420| size_t i = 0; 27| | 28| 10.3k| while(i < format.size()) { ------------------ | Branch (28:10): [True: 10.3k, False: 0] ------------------ 29| 10.3k| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 420, False: 9.97k] | Branch (29:30): [True: 420, False: 0] | Branch (29:59): [True: 420, False: 0] ------------------ 30| 420| oss << val; 31| 420| return do_fmt(oss, format.substr(i + 2), rest...); 32| 9.97k| } else { 33| 9.97k| oss << format[i]; 34| 9.97k| } 35| | 36| 9.97k| i += 1; 37| 9.97k| } 38| 420|} _ZN5Botan3fmtIJmmEEENSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS1_17basic_string_viewIcS4_EEDpRKT_: 53| 420|std::string fmt(std::string_view format, const T&... args) { 54| 420| std::ostringstream oss; 55| 420| oss.imbue(std::locale::classic()); 56| 420| fmt_detail::do_fmt(oss, format, args...); 57| 420| return oss.str(); 58| 420|} _ZN5Botan10fmt_detail6do_fmtImJmEEEvRNSt3__119basic_ostringstreamIcNS2_11char_traitsIcEENS2_9allocatorIcEEEENS2_17basic_string_viewIcS5_EERKT_DpRKT0_: 25| 420|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 420| size_t i = 0; 27| | 28| 5.44k| while(i < format.size()) { ------------------ | Branch (28:10): [True: 5.44k, False: 0] ------------------ 29| 5.44k| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 420, False: 5.02k] | Branch (29:30): [True: 420, False: 0] | Branch (29:59): [True: 420, False: 0] ------------------ 30| 420| oss << val; 31| 420| return do_fmt(oss, format.substr(i + 2), rest...); 32| 5.02k| } else { 33| 5.02k| oss << format[i]; 34| 5.02k| } 35| | 36| 5.02k| i += 1; 37| 5.02k| } 38| 420|} _ZN5Botan10fmt_detail6do_fmtIjJEEEvRNSt3__119basic_ostringstreamIcNS2_11char_traitsIcEENS2_9allocatorIcEEEENS2_17basic_string_viewIcS5_EERKT_DpRKT0_: 25| 34|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 34| size_t i = 0; 27| | 28| 87| while(i < format.size()) { ------------------ | Branch (28:10): [True: 87, False: 0] ------------------ 29| 87| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 34, False: 53] | Branch (29:30): [True: 34, False: 0] | Branch (29:59): [True: 34, False: 0] ------------------ 30| 34| oss << val; 31| 34| return do_fmt(oss, format.substr(i + 2), rest...); 32| 53| } else { 33| 53| oss << format[i]; 34| 53| } 35| | 36| 53| i += 1; 37| 53| } 38| 34|} _ZN5Botan3fmtIJNSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEjEEENS1_12basic_stringIcS4_NS1_9allocatorIcEEEES5_DpRKT_: 53| 19|std::string fmt(std::string_view format, const T&... args) { 54| 19| std::ostringstream oss; 55| 19| oss.imbue(std::locale::classic()); 56| 19| fmt_detail::do_fmt(oss, format, args...); 57| 19| return oss.str(); 58| 19|} _ZN5Botan10fmt_detail6do_fmtINSt3__117basic_string_viewIcNS2_11char_traitsIcEEEEJjEEEvRNS2_19basic_ostringstreamIcS5_NS2_9allocatorIcEEEES6_RKT_DpRKT0_: 25| 19|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 19| size_t i = 0; 27| | 28| 19| while(i < format.size()) { ------------------ | Branch (28:10): [True: 19, False: 0] ------------------ 29| 19| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 19, False: 0] | Branch (29:30): [True: 19, False: 0] | Branch (29:59): [True: 19, False: 0] ------------------ 30| 19| oss << val; 31| 19| return do_fmt(oss, format.substr(i + 2), rest...); 32| 19| } else { 33| 0| oss << format[i]; 34| 0| } 35| | 36| 0| i += 1; 37| 0| } 38| 19|} _ZN5Botan3fmtIJjjEEENSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS1_17basic_string_viewIcS4_EEDpRKT_: 53| 15|std::string fmt(std::string_view format, const T&... args) { 54| 15| std::ostringstream oss; 55| 15| oss.imbue(std::locale::classic()); 56| 15| fmt_detail::do_fmt(oss, format, args...); 57| 15| return oss.str(); 58| 15|} _ZN5Botan10fmt_detail6do_fmtIjJjEEEvRNSt3__119basic_ostringstreamIcNS2_11char_traitsIcEENS2_9allocatorIcEEEENS2_17basic_string_viewIcS5_EERKT_DpRKT0_: 25| 15|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 15| size_t i = 0; 27| | 28| 510| while(i < format.size()) { ------------------ | Branch (28:10): [True: 510, False: 0] ------------------ 29| 510| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 15, False: 495] | Branch (29:30): [True: 15, False: 0] | Branch (29:59): [True: 15, False: 0] ------------------ 30| 15| oss << val; 31| 15| return do_fmt(oss, format.substr(i + 2), rest...); 32| 495| } else { 33| 495| oss << format[i]; 34| 495| } 35| | 36| 495| i += 1; 37| 495| } 38| 15|} _ZN5Botan3fmtIJmPKcEEENSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEENS3_17basic_string_viewIcS6_EEDpRKT_: 53| 8|std::string fmt(std::string_view format, const T&... args) { 54| 8| std::ostringstream oss; 55| 8| oss.imbue(std::locale::classic()); 56| 8| fmt_detail::do_fmt(oss, format, args...); 57| 8| return oss.str(); 58| 8|} _ZN5Botan10fmt_detail6do_fmtImJPKcEEEvRNSt3__119basic_ostringstreamIcNS4_11char_traitsIcEENS4_9allocatorIcEEEENS4_17basic_string_viewIcS7_EERKT_DpRKT0_: 25| 8|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 8| size_t i = 0; 27| | 28| 112| while(i < format.size()) { ------------------ | Branch (28:10): [True: 112, False: 0] ------------------ 29| 112| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 8, False: 104] | Branch (29:30): [True: 8, False: 0] | Branch (29:59): [True: 8, False: 0] ------------------ 30| 8| oss << val; 31| 8| return do_fmt(oss, format.substr(i + 2), rest...); 32| 104| } else { 33| 104| oss << format[i]; 34| 104| } 35| | 36| 104| i += 1; 37| 104| } 38| 8|} _ZN5Botan14GCM_EncryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEm: 79| 9| GCM_Mode(std::move(cipher), tag_size) {} _ZN5Botan14GCM_DecryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEm: 100| 53| GCM_Mode(std::move(cipher), tag_size) {} _ZNK5Botan8GCM_Mode8tag_sizeEv: 40| 359| size_t tag_size() const final { return m_tag_size; } _ZNK5Botan14GCM_Encryption13output_lengthEm: 81| 17| size_t output_length(size_t input_length) const override { return input_length + tag_size(); } _ZNK5Botan14GCM_Decryption13output_lengthEm: 102| 44| size_t output_length(size_t input_length) const override { 103| 44| BOTAN_ARG_CHECK(input_length >= tag_size(), "Sufficient input"); ------------------ | | 35| 44| do { \ | | 36| 44| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 44| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 44] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 44| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 44] | | ------------------ ------------------ 104| 44| return input_length - tag_size(); 105| 44| } _ZNK5Botan14GCM_Decryption18minimum_final_sizeEv: 107| 44| size_t minimum_final_size() const override { return tag_size(); } _ZNK5Botan5GHASH8key_specEv: 42| 62| Key_Length_Specification key_spec() const override { return Key_Length_Specification(16); } _ZN5Botan7swar_ltITkNSt3__117unsigned_integralEtEET_S2_S2_: 91| 335k|constexpr T swar_lt(T a, T b) { 92| | // The constant 0x808080... as a T 93| 335k| constexpr T hi1 = (static_cast(-1) / 255) << 7; 94| | // The constant 0x7F7F7F... as a T 95| 335k| constexpr T lo7 = static_cast(~hi1); 96| 335k| T r = (lo7 - a + b) & hi1; 97| | // Currently the mask is 80 if lt, otherwise 00. Convert to FF/00 98| 335k| return (r << 1) - (r >> 7); 99| 335k|} _ZN5Botan13swar_in_rangeITkNSt3__117unsigned_integralEmEET_S2_S2_S2_: 114| 5.71M|constexpr T swar_in_range(T v, T lower, T upper) { 115| | // The constant 0x808080... as a T 116| 5.71M| constexpr T hi1 = (static_cast(-1) / 255) << 7; 117| | // The constant 0x7F7F7F... as a T 118| 5.71M| constexpr T lo7 = ~hi1; 119| | 120| 5.71M| const T sub = ((v | hi1) - (lower & lo7)) ^ ((v ^ (~lower)) & hi1); 121| 5.71M| const T a_lo = sub & lo7; 122| 5.71M| const T a_hi = sub & hi1; 123| 5.71M| return (lo7 - a_lo + upper) & hi1 & ~a_hi; 124| 5.71M|} _ZN5Botan23index_of_first_set_byteITkNSt3__117unsigned_integralEmEEmT_: 130| 367k|constexpr size_t index_of_first_set_byte(T v) { 131| | // The constant 0x010101... as a T 132| 367k| constexpr T lo1 = (static_cast(-1) / 255); 133| | // The constant 0x808080... as a T 134| 367k| constexpr T hi1 = lo1 << 7; 135| | // How many bits to shift in order to get the top byte 136| 367k| constexpr size_t bits = (sizeof(T) * 8) - 8; 137| | 138| 367k| return static_cast((((((v & hi1) - 1) & lo1) * lo1) >> bits) - 1); 139| 367k|} _ZN5Botan11checked_mulITkNSt3__117unsigned_integralEmEENS1_8optionalIT_EES3_S3_: 46| 594k|constexpr inline std::optional checked_mul(T a, T b) { 47| | // Multiplication by 1U is a hack to work around C's insane 48| | // integer promotion rules. 49| | // https://stackoverflow.com/questions/24795651 50| 594k| const T r = (1U * a) * b; 51| | // If a == 0 then the multiply certainly did not overflow 52| | // Otherwise r / a == b unless overflow occurred 53| 594k| if(a != 0 && r / a != b) { ------------------ | Branch (53:7): [True: 594k, False: 0] | Branch (53:17): [True: 0, False: 594k] ------------------ 54| 0| return {}; 55| 0| } 56| 594k| return r; 57| 594k|} _ZN5Botan11checked_addITkNSt3__117unsigned_integralEjEENS1_8optionalIT_EES3_S3_: 19| 25.1k|constexpr inline std::optional checked_add(T a, T b) { 20| 25.1k| const T r = a + b; 21| 25.1k| if(r < a || r < b) { ------------------ | Branch (21:7): [True: 0, False: 25.1k] | Branch (21:16): [True: 0, False: 25.1k] ------------------ 22| 0| return {}; 23| 0| } 24| 25.1k| return r; 25| 25.1k|} _ZN5Botan11checked_addITkNSt3__117unsigned_integralEmTpTkNS1_17unsigned_integralEJmmEQ10all_same_vIT_DpT0_EEENS1_8optionalIS2_EES2_S2_S4_: 37| 6.45k|constexpr inline std::optional checked_add(T a, T b, Ts... rest) { 38| 6.45k| if(auto r = checked_add(a, b)) { ------------------ | Branch (38:12): [True: 6.45k, False: 0] ------------------ 39| 6.45k| return checked_add(r.value(), rest...); 40| 6.45k| } else { 41| 0| return {}; 42| 0| } 43| 6.45k|} _ZN5Botan11checked_addITkNSt3__117unsigned_integralEmEENS1_8optionalIT_EES3_S3_: 19| 45.2k|constexpr inline std::optional checked_add(T a, T b) { 20| 45.2k| const T r = a + b; 21| 45.2k| if(r < a || r < b) { ------------------ | Branch (21:7): [True: 0, False: 45.2k] | Branch (21:16): [True: 0, False: 45.2k] ------------------ 22| 0| return {}; 23| 0| } 24| 45.2k| return r; 25| 45.2k|} _ZN5Botan11checked_addITkNSt3__117unsigned_integralEmTpTkNS1_17unsigned_integralEJmEQ10all_same_vIT_DpT0_EEENS1_8optionalIS2_EES2_S2_S4_: 37| 6.45k|constexpr inline std::optional checked_add(T a, T b, Ts... rest) { 38| 6.45k| if(auto r = checked_add(a, b)) { ------------------ | Branch (38:12): [True: 6.45k, False: 0] ------------------ 39| 6.45k| return checked_add(r.value(), rest...); 40| 6.45k| } else { 41| 0| return {}; 42| 0| } 43| 6.45k|} _ZN5Botan11checked_addITkNSt3__117unsigned_integralEmTpTkNS1_17unsigned_integralEJmmmmmmEQ10all_same_vIT_DpT0_EEENS1_8optionalIS2_EES2_S2_S4_: 37| 6.45k|constexpr inline std::optional checked_add(T a, T b, Ts... rest) { 38| 6.45k| if(auto r = checked_add(a, b)) { ------------------ | Branch (38:12): [True: 6.45k, False: 0] ------------------ 39| 6.45k| return checked_add(r.value(), rest...); 40| 6.45k| } else { 41| 0| return {}; 42| 0| } 43| 6.45k|} _ZN5Botan11checked_addITkNSt3__117unsigned_integralEmTpTkNS1_17unsigned_integralEJmmmmmEQ10all_same_vIT_DpT0_EEENS1_8optionalIS2_EES2_S2_S4_: 37| 6.45k|constexpr inline std::optional checked_add(T a, T b, Ts... rest) { 38| 6.45k| if(auto r = checked_add(a, b)) { ------------------ | Branch (38:12): [True: 6.45k, False: 0] ------------------ 39| 6.45k| return checked_add(r.value(), rest...); 40| 6.45k| } else { 41| 0| return {}; 42| 0| } 43| 6.45k|} _ZN5Botan11checked_addITkNSt3__117unsigned_integralEmTpTkNS1_17unsigned_integralEJmmmmEQ10all_same_vIT_DpT0_EEENS1_8optionalIS2_EES2_S2_S4_: 37| 6.45k|constexpr inline std::optional checked_add(T a, T b, Ts... rest) { 38| 6.45k| if(auto r = checked_add(a, b)) { ------------------ | Branch (38:12): [True: 6.45k, False: 0] ------------------ 39| 6.45k| return checked_add(r.value(), rest...); 40| 6.45k| } else { 41| 0| return {}; 42| 0| } 43| 6.45k|} _ZN5Botan11checked_addITkNSt3__117unsigned_integralEmTpTkNS1_17unsigned_integralEJmmmEQ10all_same_vIT_DpT0_EEENS1_8optionalIS2_EES2_S2_S4_: 37| 6.45k|constexpr inline std::optional checked_add(T a, T b, Ts... rest) { 38| 6.45k| if(auto r = checked_add(a, b)) { ------------------ | Branch (38:12): [True: 6.45k, False: 0] ------------------ 39| 6.45k| return checked_add(r.value(), rest...); 40| 6.45k| } else { 41| 0| return {}; 42| 0| } 43| 6.45k|} _ZN5Botan8get_byteILm0EtEEhT0_QltT_stS1_: 81| 374k|{ 82| 374k| const size_t shift = ((~B) & (sizeof(T) - 1)) << 3; 83| 374k| return static_cast((input >> shift) & 0xFF); 84| 374k|} _ZN5Botan8get_byteILm1EtEEhT0_QltT_stS1_: 81| 374k|{ 82| 374k| const size_t shift = ((~B) & (sizeof(T) - 1)) << 3; 83| 374k| return static_cast((input >> shift) & 0xFF); 84| 374k|} _ZN5Botan11make_uint16Ehh: 92| 255k|inline constexpr uint16_t make_uint16(uint8_t i0, uint8_t i1) { 93| 255k| return static_cast((static_cast(i0) << 8) | i1); 94| 255k|} _ZN5Botan11make_uint32Ehhhh: 104| 34.3k|inline constexpr uint32_t make_uint32(uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3) { 105| 34.3k| return ((static_cast(i0) << 24) | (static_cast(i1) << 16) | (static_cast(i2) << 8) | 106| 34.3k| (static_cast(i3))); 107| 34.3k|} _ZN5Botan8store_beINS_6detail10AutoDetectEJRKmPhEEEDaDpOT0_: 745| 109k|inline constexpr auto store_be(ParamTs&&... params) { 746| 109k| return detail::store_any(std::forward(params)...); 747| 109k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEmQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asIT1_S5_EEEvS6_Ph: 711| 128k|inline constexpr void store_any(T in, uint8_t out[]) { 712| | // asserts that *out points to enough bytes to write into 713| 128k| store_any(in, std::span(out, sizeof(T))); 714| 128k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm8EEEQsr3stdE7same_asIS4_T0_EEEvT1_OT2_: 646| 128k|inline constexpr void store_any(T in, OutR&& out_range) { 647| 128k| store_any(in, std::forward(out_range)); 648| 128k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm8EEEQnt15custom_storableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEEvS9_OT1_: 525| 434k|inline constexpr void store_any(WrappedInT wrapped_in, OutR&& out_range) { 526| 434k| const auto in = detail::unwrap_strong_type_or_enum(wrapped_in); 527| 434k| using InT = decltype(in); 528| 434k| ranges::assert_exact_byte_length(out_range); 529| 434k| const std::span out{out_range}; 530| | 531| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 532| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 533| | // in a `constexpr` context. 534| 434k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (534:7): [Folded, False: 434k] ------------------ 535| 0| return fallback_store_any(in, std::forward(out_range)); 536| 434k| } else { 537| | if constexpr(sizeof(InT) == 1) { 538| | out[0] = static_cast(in); 539| | } else if constexpr(endianness == std::endian::native) { 540| | typecast_copy(out, in); 541| 434k| } else { 542| 434k| static_assert(opposite(endianness) == std::endian::native); 543| 434k| typecast_copy(out, reverse_bytes(in)); 544| 434k| } 545| 434k| } 546| 434k|} _ZN5Botan6detail26unwrap_strong_type_or_enumITkNS0_20unsigned_integralishEmEEDaT_: 190| 436k|constexpr auto unwrap_strong_type_or_enum(InT t) { 191| | if constexpr(std::is_enum_v) { 192| | // TODO: C++23: use std::to_underlying(in) instead 193| | return static_cast>(t); 194| 436k| } else { 195| 436k| return Botan::unwrap_strong_type(t); 196| 436k| } 197| 436k|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmEET0_PKhm: 454| 263k|inline constexpr OutT load_any(const uint8_t in[], size_t off) { 455| | // asserts that *in points to enough bytes to read at offset off 456| 263k| constexpr size_t out_size = sizeof(OutT); 457| 263k| return load_any(std::span(in + off * out_size, out_size)); 458| 263k|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm8EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_: 278| 432k|inline constexpr WrappedOutT load_any(InR&& in_range) { 279| 432k| using OutT = detail::wrapped_type; 280| 432k| ranges::assert_exact_byte_length(in_range); 281| | 282| 432k| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 432k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { 287| 432k| return fallback_load_any(std::forward(in_range)); 288| 432k| } else { 289| 432k| const std::span in{in_range}; 290| 432k| if constexpr(sizeof(OutT) == 1) { 291| 432k| return static_cast(in[0]); 292| 432k| } else if constexpr(endianness == std::endian::native) { 293| 432k| return typecast_copy(in); 294| 432k| } else { 295| 432k| static_assert(opposite(endianness) == std::endian::native); 296| 432k| return reverse_bytes(typecast_copy(in)); 297| 432k| } 298| 432k| } 299| 432k| }()); 300| 432k|} _ZN5Botan6detail24wrap_strong_type_or_enumITkNS0_20unsigned_integralishEmTkNSt3__117unsigned_integralEmEEDaT0_: 200| 459k|constexpr auto wrap_strong_type_or_enum(T t) { 201| | if constexpr(std::is_enum_v) { 202| | return static_cast(t); 203| 459k| } else { 204| 459k| return Botan::wrap_strong_type(t); 205| 459k| } 206| 459k|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm8EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_ENKUlvE_clEv: 282| 432k| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 432k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (286:10): [Folded, False: 432k] ------------------ 287| 0| return fallback_load_any(std::forward(in_range)); 288| 432k| } else { 289| 432k| const std::span in{in_range}; 290| | if constexpr(sizeof(OutT) == 1) { 291| | return static_cast(in[0]); 292| | } else if constexpr(endianness == std::endian::native) { 293| | return typecast_copy(in); 294| 432k| } else { 295| 432k| static_assert(opposite(endianness) == std::endian::native); 296| 432k| return reverse_bytes(typecast_copy(in)); 297| 432k| } 298| 432k| } 299| 432k| }()); _ZN5Botan7load_beItJRPKhRmEEEDaDpOT0_: 504| 162|inline constexpr auto load_be(ParamTs&&... params) { 505| 162| return detail::load_any(std::forward(params)...); 506| 162|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEtEET0_PKhm: 454| 51.3k|inline constexpr OutT load_any(const uint8_t in[], size_t off) { 455| | // asserts that *in points to enough bytes to read at offset off 456| 51.3k| constexpr size_t out_size = sizeof(OutT); 457| 51.3k| return load_any(std::span(in + off * out_size, out_size)); 458| 51.3k|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEtTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm2EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_: 278| 51.3k|inline constexpr WrappedOutT load_any(InR&& in_range) { 279| 51.3k| using OutT = detail::wrapped_type; 280| 51.3k| ranges::assert_exact_byte_length(in_range); 281| | 282| 51.3k| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 51.3k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { 287| 51.3k| return fallback_load_any(std::forward(in_range)); 288| 51.3k| } else { 289| 51.3k| const std::span in{in_range}; 290| 51.3k| if constexpr(sizeof(OutT) == 1) { 291| 51.3k| return static_cast(in[0]); 292| 51.3k| } else if constexpr(endianness == std::endian::native) { 293| 51.3k| return typecast_copy(in); 294| 51.3k| } else { 295| 51.3k| static_assert(opposite(endianness) == std::endian::native); 296| 51.3k| return reverse_bytes(typecast_copy(in)); 297| 51.3k| } 298| 51.3k| } 299| 51.3k| }()); 300| 51.3k|} _ZN5Botan6detail24wrap_strong_type_or_enumITkNS0_20unsigned_integralishEtTkNSt3__117unsigned_integralEtEEDaT0_: 200| 51.3k|constexpr auto wrap_strong_type_or_enum(T t) { 201| | if constexpr(std::is_enum_v) { 202| | return static_cast(t); 203| 51.3k| } else { 204| 51.3k| return Botan::wrap_strong_type(t); 205| 51.3k| } 206| 51.3k|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEtTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm2EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_ENKUlvE_clEv: 282| 51.3k| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 51.3k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (286:10): [Folded, False: 51.3k] ------------------ 287| 0| return fallback_load_any(std::forward(in_range)); 288| 51.3k| } else { 289| 51.3k| const std::span in{in_range}; 290| | if constexpr(sizeof(OutT) == 1) { 291| | return static_cast(in[0]); 292| | } else if constexpr(endianness == std::endian::native) { 293| | return typecast_copy(in); 294| 51.3k| } else { 295| 51.3k| static_assert(opposite(endianness) == std::endian::native); 296| 51.3k| return reverse_bytes(typecast_copy(in)); 297| 51.3k| } 298| 51.3k| } 299| 51.3k| }()); _ZN5Botan7load_beIjJRPKhRmEEEDaDpOT0_: 504| 143|inline constexpr auto load_be(ParamTs&&... params) { 505| 143| return detail::load_any(std::forward(params)...); 506| 143|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEjEET0_PKhm: 454| 354|inline constexpr OutT load_any(const uint8_t in[], size_t off) { 455| | // asserts that *in points to enough bytes to read at offset off 456| 354| constexpr size_t out_size = sizeof(OutT); 457| 354| return load_any(std::span(in + off * out_size, out_size)); 458| 354|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEjTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm4EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_: 278| 354|inline constexpr WrappedOutT load_any(InR&& in_range) { 279| 354| using OutT = detail::wrapped_type; 280| 354| ranges::assert_exact_byte_length(in_range); 281| | 282| 354| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 354| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { 287| 354| return fallback_load_any(std::forward(in_range)); 288| 354| } else { 289| 354| const std::span in{in_range}; 290| 354| if constexpr(sizeof(OutT) == 1) { 291| 354| return static_cast(in[0]); 292| 354| } else if constexpr(endianness == std::endian::native) { 293| 354| return typecast_copy(in); 294| 354| } else { 295| 354| static_assert(opposite(endianness) == std::endian::native); 296| 354| return reverse_bytes(typecast_copy(in)); 297| 354| } 298| 354| } 299| 354| }()); 300| 354|} _ZN5Botan6detail24wrap_strong_type_or_enumITkNS0_20unsigned_integralishEjTkNSt3__117unsigned_integralEjEEDaT0_: 200| 354|constexpr auto wrap_strong_type_or_enum(T t) { 201| | if constexpr(std::is_enum_v) { 202| | return static_cast(t); 203| 354| } else { 204| 354| return Botan::wrap_strong_type(t); 205| 354| } 206| 354|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEjTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm4EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_ENKUlvE_clEv: 282| 354| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 354| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (286:10): [Folded, False: 354] ------------------ 287| 0| return fallback_load_any(std::forward(in_range)); 288| 354| } else { 289| 354| const std::span in{in_range}; 290| | if constexpr(sizeof(OutT) == 1) { 291| | return static_cast(in[0]); 292| | } else if constexpr(endianness == std::endian::native) { 293| | return typecast_copy(in); 294| 354| } else { 295| 354| static_assert(opposite(endianness) == std::endian::native); 296| 354| return reverse_bytes(typecast_copy(in)); 297| 354| } 298| 354| } 299| 354| }()); _ZN5Botan8get_byteILm1EjEEhT0_QltT_stS1_: 81| 32.8k|{ 82| 32.8k| const size_t shift = ((~B) & (sizeof(T) - 1)) << 3; 83| 32.8k| return static_cast((input >> shift) & 0xFF); 84| 32.8k|} _ZN5Botan8get_byteILm2EjEEhT0_QltT_stS1_: 81| 32.8k|{ 82| 32.8k| const size_t shift = ((~B) & (sizeof(T) - 1)) << 3; 83| 32.8k| return static_cast((input >> shift) & 0xFF); 84| 32.8k|} _ZN5Botan8get_byteILm3EjEEhT0_QltT_stS1_: 81| 32.8k|{ 82| 32.8k| const size_t shift = ((~B) & (sizeof(T) - 1)) << 3; 83| 32.8k| return static_cast((input >> shift) & 0xFF); 84| 32.8k|} _ZN5Botan12get_byte_varImEEhmT_: 69| 220k|inline constexpr uint8_t get_byte_var(size_t byte_num, T input) { 70| 220k| return static_cast(input >> (((~byte_num) & (sizeof(T) - 1)) << 3)); 71| 220k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEtQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asIT1_S5_EEEvS6_Ph: 711| 5|inline constexpr void store_any(T in, uint8_t out[]) { 712| | // asserts that *out points to enough bytes to write into 713| 5| store_any(in, std::span(out, sizeof(T))); 714| 5|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEtTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm2EEEQsr3stdE7same_asIS4_T0_EEEvT1_OT2_: 646| 5|inline constexpr void store_any(T in, OutR&& out_range) { 647| 5| store_any(in, std::forward(out_range)); 648| 5|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEtTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm2EEEQnt15custom_storableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEEvS9_OT1_: 525| 5|inline constexpr void store_any(WrappedInT wrapped_in, OutR&& out_range) { 526| 5| const auto in = detail::unwrap_strong_type_or_enum(wrapped_in); 527| 5| using InT = decltype(in); 528| 5| ranges::assert_exact_byte_length(out_range); 529| 5| const std::span out{out_range}; 530| | 531| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 532| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 533| | // in a `constexpr` context. 534| 5| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (534:7): [Folded, False: 5] ------------------ 535| 0| return fallback_store_any(in, std::forward(out_range)); 536| 5| } else { 537| | if constexpr(sizeof(InT) == 1) { 538| | out[0] = static_cast(in); 539| | } else if constexpr(endianness == std::endian::native) { 540| | typecast_copy(out, in); 541| 5| } else { 542| 5| static_assert(opposite(endianness) == std::endian::native); 543| 5| typecast_copy(out, reverse_bytes(in)); 544| 5| } 545| 5| } 546| 5|} _ZN5Botan6detail26unwrap_strong_type_or_enumITkNS0_20unsigned_integralishEtEEDaT_: 190| 5|constexpr auto unwrap_strong_type_or_enum(InT t) { 191| | if constexpr(std::is_enum_v) { 192| | // TODO: C++23: use std::to_underlying(in) instead 193| | return static_cast>(t); 194| 5| } else { 195| 5| return Botan::unwrap_strong_type(t); 196| 5| } 197| 5|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEjQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asIT1_S5_EEEvS6_Ph: 711| 8.97k|inline constexpr void store_any(T in, uint8_t out[]) { 712| | // asserts that *out points to enough bytes to write into 713| 8.97k| store_any(in, std::span(out, sizeof(T))); 714| 8.97k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEjTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm4EEEQsr3stdE7same_asIS4_T0_EEEvT1_OT2_: 646| 8.97k|inline constexpr void store_any(T in, OutR&& out_range) { 647| 8.97k| store_any(in, std::forward(out_range)); 648| 8.97k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEjTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm4EEEQnt15custom_storableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEEvS9_OT1_: 525| 703k|inline constexpr void store_any(WrappedInT wrapped_in, OutR&& out_range) { 526| 703k| const auto in = detail::unwrap_strong_type_or_enum(wrapped_in); 527| 703k| using InT = decltype(in); 528| 703k| ranges::assert_exact_byte_length(out_range); 529| 703k| const std::span out{out_range}; 530| | 531| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 532| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 533| | // in a `constexpr` context. 534| 703k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (534:7): [Folded, False: 703k] ------------------ 535| 0| return fallback_store_any(in, std::forward(out_range)); 536| 703k| } else { 537| | if constexpr(sizeof(InT) == 1) { 538| | out[0] = static_cast(in); 539| | } else if constexpr(endianness == std::endian::native) { 540| | typecast_copy(out, in); 541| 703k| } else { 542| 703k| static_assert(opposite(endianness) == std::endian::native); 543| 703k| typecast_copy(out, reverse_bytes(in)); 544| 703k| } 545| 703k| } 546| 703k|} _ZN5Botan6detail26unwrap_strong_type_or_enumITkNS0_20unsigned_integralishEjEEDaT_: 190| 703k|constexpr auto unwrap_strong_type_or_enum(InT t) { 191| | if constexpr(std::is_enum_v) { 192| | // TODO: C++23: use std::to_underlying(in) instead 193| | return static_cast>(t); 194| 703k| } else { 195| 703k| return Botan::unwrap_strong_type(t); 196| 703k| } 197| 703k|} _ZN5Botan8store_beINS_6detail10AutoDetectEJRmRA8_hEEEDaDpOT0_: 745| 18.2k|inline constexpr auto store_be(ParamTs&&... params) { 746| 18.2k| return detail::store_any(std::forward(params)...); 747| 18.2k|} _ZN5Botan6detail9store_anyILNSt3__16endianE57005ETkNS0_20unsigned_integralishEmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm8EEEQnt15custom_storableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEEvS9_OT1_: 525| 80|inline constexpr void store_any(WrappedInT wrapped_in, OutR&& out_range) { 526| 80| const auto in = detail::unwrap_strong_type_or_enum(wrapped_in); 527| 80| using InT = decltype(in); 528| 80| ranges::assert_exact_byte_length(out_range); 529| 80| const std::span out{out_range}; 530| | 531| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 532| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 533| | // in a `constexpr` context. 534| 80| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (534:7): [Folded, False: 80] ------------------ 535| 0| return fallback_store_any(in, std::forward(out_range)); 536| 80| } else { 537| | if constexpr(sizeof(InT) == 1) { 538| | out[0] = static_cast(in); 539| 80| } else if constexpr(endianness == std::endian::native) { 540| 80| typecast_copy(out, in); 541| | } else { 542| | static_assert(opposite(endianness) == std::endian::native); 543| | typecast_copy(out, reverse_bytes(in)); 544| | } 545| 80| } 546| 80|} _ZN5Botan7load_beImJRA32_mRPKhRmEEEDaDpOT0_: 504| 447|inline constexpr auto load_be(ParamTs&&... params) { 505| 447| return detail::load_any(std::forward(params)...); 506| 447|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206EmTkNS0_20unsigned_integralishEmQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asIT1_S5_EEEvPS6_PKhm: 483| 447|inline constexpr void load_any(T out[], const uint8_t in[], size_t count) { 484| | // asserts that *in and *out point to the correct amount of memory 485| 447| load_any(std::span(out, count), std::span(in, count * sizeof(T))); 486| 447|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeENS2_4spanImLm18446744073709551615EEETkNS4_16contiguous_rangeIhEENS5_IKhLm18446744073709551615EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISH_EESI_E4type10value_typeEEoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISP_SN_EEEvOSE_RKT2_: 355| 447|inline constexpr void load_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 356| 447| ranges::assert_equal_byte_lengths(out, in); 357| 447| using element_type = std::ranges::range_value_t; 358| | 359| 447| auto load_elementwise = [&] { 360| 447| constexpr size_t bytes_per_element = sizeof(element_type); 361| 447| std::span in_s(in); 362| 447| for(auto& out_elem : out) { 363| 447| out_elem = load_any(in_s.template first()); 364| 447| in_s = in_s.subspan(bytes_per_element); 365| 447| } 366| 447| }; 367| | 368| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 369| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 370| | // in a `constexpr` context. 371| 447| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (371:7): [Folded, False: 447] ------------------ 372| 0| load_elementwise(); 373| 447| } else { 374| | if constexpr(endianness == std::endian::native && !custom_loadable) { 375| | typecast_copy(out, in); 376| 447| } else { 377| 447| load_elementwise(); 378| 447| } 379| 447| } 380| 447|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeENS2_4spanImLm18446744073709551615EEETkNS4_16contiguous_rangeIhEENS5_IKhLm18446744073709551615EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISH_EESI_E4type10value_typeEEoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISP_SN_EEEvOSE_RKT2_ENKUlvE_clEv: 359| 447| auto load_elementwise = [&] { 360| 447| constexpr size_t bytes_per_element = sizeof(element_type); 361| 447| std::span in_s(in); 362| 9.88k| for(auto& out_elem : out) { ------------------ | Branch (362:26): [True: 9.88k, False: 447] ------------------ 363| 9.88k| out_elem = load_any(in_s.template first()); 364| 9.88k| in_s = in_s.subspan(bytes_per_element); 365| 9.88k| } 366| 447| }; _ZN5Botan8store_beINS_6detail10AutoDetectEJPhRmEEEDaDpOT0_: 745| 9.88k|inline constexpr auto store_be(ParamTs&&... params) { 746| 9.88k| return detail::store_any(std::forward(params)...); 747| 9.88k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEmTpTkNS0_20unsigned_integralishEJEQaaoosr3stdE7same_asIS4_T0_Esr3stdE7same_asIT1_S5_E10all_same_vIS6_DpT2_EEEvPhS6_S8_: 723| 9.88k|inline constexpr void store_any(uint8_t out[], T0 in0, Ts... ins) { 724| 9.88k| constexpr auto bytes = sizeof(in0) + (sizeof(ins) + ... + 0); 725| | // asserts that *out points to the correct amount of memory 726| 9.88k| store_any(std::span(out, bytes), in0, ins...); 727| 9.88k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm8EEETpTkNS0_20unsigned_integralishEJmEQaagtsZT2_Li0Eooaasr3stdE7same_asINS0_10AutoDetectET0_E10all_same_vIDpT2_Eaa20unsigned_integralishIS9_E10all_same_vIS9_SB_EEEvOT1_SB_: 582| 305k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, Ts... ins) { 583| 305k| ranges::assert_exact_byte_length<(sizeof(Ts) + ...)>(out); 584| 305k| auto store_one = [off = 0](auto o, T i) mutable { 585| 305k| store_any(i, o.subspan(off).template first()); 586| 305k| off += sizeof(T); 587| 305k| }; 588| | 589| 305k| (store_one(std::span{out}, ins), ...); 590| 305k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm8EEETpTkNS0_20unsigned_integralishEJmEQaagtsZT2_Li0Eooaasr3stdE7same_asINS0_10AutoDetectET0_E10all_same_vIDpT2_Eaa20unsigned_integralishIS9_E10all_same_vIS9_SB_EEEvOT1_SB_ENUlTyS9_T_E_clImS7_EEDaS9_SE_: 584| 305k| auto store_one = [off = 0](auto o, T i) mutable { 585| 305k| store_any(i, o.subspan(off).template first()); 586| 305k| off += sizeof(T); 587| 305k| }; _ZN5Botan7load_leImJPKhiEEEDaDpOT0_: 495| 80|inline constexpr auto load_le(ParamTs&&... params) { 496| 80| return detail::load_any(std::forward(params)...); 497| 80|} _ZN5Botan6detail8load_anyILNSt3__16endianE57005ETkNS0_20unsigned_integralishEmEET0_PKhm: 454| 100|inline constexpr OutT load_any(const uint8_t in[], size_t off) { 455| | // asserts that *in points to enough bytes to read at offset off 456| 100| constexpr size_t out_size = sizeof(OutT); 457| 100| return load_any(std::span(in + off * out_size, out_size)); 458| 100|} _ZN5Botan6detail8load_anyILNSt3__16endianE57005ETkNS0_20unsigned_integralishEmTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm8EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_: 278| 100|inline constexpr WrappedOutT load_any(InR&& in_range) { 279| 100| using OutT = detail::wrapped_type; 280| 100| ranges::assert_exact_byte_length(in_range); 281| | 282| 100| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 100| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { 287| 100| return fallback_load_any(std::forward(in_range)); 288| 100| } else { 289| 100| const std::span in{in_range}; 290| 100| if constexpr(sizeof(OutT) == 1) { 291| 100| return static_cast(in[0]); 292| 100| } else if constexpr(endianness == std::endian::native) { 293| 100| return typecast_copy(in); 294| 100| } else { 295| 100| static_assert(opposite(endianness) == std::endian::native); 296| 100| return reverse_bytes(typecast_copy(in)); 297| 100| } 298| 100| } 299| 100| }()); 300| 100|} _ZZN5Botan6detail8load_anyILNSt3__16endianE57005ETkNS0_20unsigned_integralishEmTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm8EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_ENKUlvE_clEv: 282| 100| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 100| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (286:10): [Folded, False: 100] ------------------ 287| 0| return fallback_load_any(std::forward(in_range)); 288| 100| } else { 289| 100| const std::span in{in_range}; 290| | if constexpr(sizeof(OutT) == 1) { 291| | return static_cast(in[0]); 292| 100| } else if constexpr(endianness == std::endian::native) { 293| 100| return typecast_copy(in); 294| | } else { 295| | static_assert(opposite(endianness) == std::endian::native); 296| | return reverse_bytes(typecast_copy(in)); 297| | } 298| 100| } 299| 100| }()); _ZN5Botan7load_leImJRPKhiEEEDaDpOT0_: 495| 20|inline constexpr auto load_le(ParamTs&&... params) { 496| 20| return detail::load_any(std::forward(params)...); 497| 20|} _ZN5Botan12get_byte_varIjEEhmT_: 69| 18|inline constexpr uint8_t get_byte_var(size_t byte_num, T input) { 70| 18| return static_cast(input >> (((~byte_num) & (sizeof(T) - 1)) << 3)); 71| 18|} _ZN5Botan11copy_out_beITkNS_6ranges14spanable_rangeENSt3__16vectorIjNS_16secure_allocatorIjEEEEEEvNS2_4spanIhLm18446744073709551615EEERKT_: 773| 91.7k|inline void copy_out_be(std::span out, const InR& in) { 774| 91.7k| using T = std::ranges::range_value_t; 775| 91.7k| std::span in_s{in}; 776| 91.7k| const auto remaining_bytes = detail::copy_out_any_word_aligned_portion(out, in_s); 777| | 778| | // copy remaining bytes as a partial word 779| 91.7k| for(size_t i = 0; i < remaining_bytes; ++i) { ------------------ | Branch (779:22): [True: 0, False: 91.7k] ------------------ 780| 0| out[i] = get_byte_var(i, in_s.front()); 781| 0| } 782| 91.7k|} _ZN5Botan6detail33copy_out_any_word_aligned_portionILNSt3__16endianE64206ETkNS0_20unsigned_integralishEjEEmRNS2_4spanIhLm18446744073709551615EEERNS4_IKT0_Lm18446744073709551615EEE: 752| 91.7k|inline size_t copy_out_any_word_aligned_portion(std::span& out, std::span& in) { 753| 91.7k| const size_t full_words = out.size() / sizeof(T); 754| 91.7k| const size_t full_word_bytes = full_words * sizeof(T); 755| 91.7k| const size_t remaining_bytes = out.size() - full_word_bytes; 756| 91.7k| BOTAN_ASSERT_NOMSG(in.size_bytes() >= full_word_bytes + remaining_bytes); ------------------ | | 77| 91.7k| do { \ | | 78| 91.7k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 91.7k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 91.7k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 91.7k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 91.7k] | | ------------------ ------------------ 757| | 758| | // copy full words 759| 91.7k| store_any(out.first(full_word_bytes), in.first(full_words)); 760| 91.7k| out = out.subspan(full_word_bytes); 761| 91.7k| in = in.subspan(full_words); 762| | 763| 91.7k| return remaining_bytes; 764| 91.7k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206EjTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm18446744073709551615EEETkNS4_14spanable_rangeENS6_IKjLm18446744073709551615EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_: 603| 91.7k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 91.7k| ranges::assert_equal_byte_lengths(out, in); 605| 91.7k| using element_type = std::ranges::range_value_t; 606| | 607| 91.7k| auto store_elementwise = [&] { 608| 91.7k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 91.7k| std::span out_s(out); 610| 91.7k| for(auto in_elem : in) { 611| 91.7k| store_any(out_s.template first(), in_elem); 612| 91.7k| out_s = out_s.subspan(bytes_per_element); 613| 91.7k| } 614| 91.7k| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 91.7k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 91.7k] ------------------ 620| 0| store_elementwise(); 621| 91.7k| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 91.7k| } else { 625| 91.7k| store_elementwise(); 626| 91.7k| } 627| 91.7k| } 628| 91.7k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EjTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm18446744073709551615EEETkNS4_14spanable_rangeENS6_IKjLm18446744073709551615EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_ENKUlvE_clEv: 607| 91.7k| auto store_elementwise = [&] { 608| 91.7k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 91.7k| std::span out_s(out); 610| 694k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 694k, False: 91.7k] ------------------ 611| 694k| store_any(out_s.template first(), in_elem); 612| 694k| out_s = out_s.subspan(bytes_per_element); 613| 694k| } 614| 91.7k| }; _ZN5Botan6detail9store_anyILNSt3__16endianE64206EjTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm4EEETpTkNS0_20unsigned_integralishEJjEQaagtsZT2_Li0Eooaasr3stdE7same_asINS0_10AutoDetectET0_E10all_same_vIDpT2_Eaa20unsigned_integralishIS9_E10all_same_vIS9_SB_EEEvOT1_SB_: 582| 694k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, Ts... ins) { 583| 694k| ranges::assert_exact_byte_length<(sizeof(Ts) + ...)>(out); 584| 694k| auto store_one = [off = 0](auto o, T i) mutable { 585| 694k| store_any(i, o.subspan(off).template first()); 586| 694k| off += sizeof(T); 587| 694k| }; 588| | 589| 694k| (store_one(std::span{out}, ins), ...); 590| 694k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EjTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm4EEETpTkNS0_20unsigned_integralishEJjEQaagtsZT2_Li0Eooaasr3stdE7same_asINS0_10AutoDetectET0_E10all_same_vIDpT2_Eaa20unsigned_integralishIS9_E10all_same_vIS9_SB_EEEvOT1_SB_ENUlTyS9_T_E_clIjS7_EEDaS9_SE_: 584| 694k| auto store_one = [off = 0](auto o, T i) mutable { 585| 694k| store_any(i, o.subspan(off).template first()); 586| 694k| off += sizeof(T); 587| 694k| }; _ZN5Botan11copy_out_beITkNS_6ranges14spanable_rangeENSt3__16vectorImNS_16secure_allocatorImEEEEEEvNS2_4spanIhLm18446744073709551615EEERKT_: 773| 5.11k|inline void copy_out_be(std::span out, const InR& in) { 774| 5.11k| using T = std::ranges::range_value_t; 775| 5.11k| std::span in_s{in}; 776| 5.11k| const auto remaining_bytes = detail::copy_out_any_word_aligned_portion(out, in_s); 777| | 778| | // copy remaining bytes as a partial word 779| 5.11k| for(size_t i = 0; i < remaining_bytes; ++i) { ------------------ | Branch (779:22): [True: 0, False: 5.11k] ------------------ 780| 0| out[i] = get_byte_var(i, in_s.front()); 781| 0| } 782| 5.11k|} _ZN5Botan6detail33copy_out_any_word_aligned_portionILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmEEmRNS2_4spanIhLm18446744073709551615EEERNS4_IKT0_Lm18446744073709551615EEE: 752| 5.83k|inline size_t copy_out_any_word_aligned_portion(std::span& out, std::span& in) { 753| 5.83k| const size_t full_words = out.size() / sizeof(T); 754| 5.83k| const size_t full_word_bytes = full_words * sizeof(T); 755| 5.83k| const size_t remaining_bytes = out.size() - full_word_bytes; 756| 5.83k| BOTAN_ASSERT_NOMSG(in.size_bytes() >= full_word_bytes + remaining_bytes); ------------------ | | 77| 5.83k| do { \ | | 78| 5.83k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 5.83k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 5.83k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 5.83k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 5.83k] | | ------------------ ------------------ 757| | 758| | // copy full words 759| 5.83k| store_any(out.first(full_word_bytes), in.first(full_words)); 760| 5.83k| out = out.subspan(full_word_bytes); 761| 5.83k| in = in.subspan(full_words); 762| | 763| 5.83k| return remaining_bytes; 764| 5.83k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm18446744073709551615EEETkNS4_14spanable_rangeENS6_IKmLm18446744073709551615EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_: 603| 5.83k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 5.83k| ranges::assert_equal_byte_lengths(out, in); 605| 5.83k| using element_type = std::ranges::range_value_t; 606| | 607| 5.83k| auto store_elementwise = [&] { 608| 5.83k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 5.83k| std::span out_s(out); 610| 5.83k| for(auto in_elem : in) { 611| 5.83k| store_any(out_s.template first(), in_elem); 612| 5.83k| out_s = out_s.subspan(bytes_per_element); 613| 5.83k| } 614| 5.83k| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 5.83k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 5.83k] ------------------ 620| 0| store_elementwise(); 621| 5.83k| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 5.83k| } else { 625| 5.83k| store_elementwise(); 626| 5.83k| } 627| 5.83k| } 628| 5.83k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm18446744073709551615EEETkNS4_14spanable_rangeENS6_IKmLm18446744073709551615EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_ENKUlvE_clEv: 607| 5.83k| auto store_elementwise = [&] { 608| 5.83k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 5.83k| std::span out_s(out); 610| 32.1k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 32.1k, False: 5.83k] ------------------ 611| 32.1k| store_any(out_s.template first(), in_elem); 612| 32.1k| out_s = out_s.subspan(bytes_per_element); 613| 32.1k| } 614| 5.83k| }; _ZN5Botan6detail8load_anyILNSt3__16endianE57005ENS0_10AutoDetectETkNS0_20unsigned_integralishEmQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asIT1_S5_EEEvPS6_PKhm: 483| 4.46k|inline constexpr void load_any(T out[], const uint8_t in[], size_t count) { 484| | // asserts that *in and *out point to the correct amount of memory 485| 4.46k| load_any(std::span(out, count), std::span(in, count * sizeof(T))); 486| 4.46k|} _ZN5Botan6detail8load_anyILNSt3__16endianE57005ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeENS2_4spanImLm18446744073709551615EEETkNS5_16contiguous_rangeIhEENS6_IKhLm18446744073709551615EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISI_EESJ_E4type10value_typeEEoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISP_SO_EEEvOSF_RKT2_: 355| 4.46k|inline constexpr void load_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 356| 4.46k| ranges::assert_equal_byte_lengths(out, in); 357| 4.46k| using element_type = std::ranges::range_value_t; 358| | 359| 4.46k| auto load_elementwise = [&] { 360| 4.46k| constexpr size_t bytes_per_element = sizeof(element_type); 361| 4.46k| std::span in_s(in); 362| 4.46k| for(auto& out_elem : out) { 363| 4.46k| out_elem = load_any(in_s.template first()); 364| 4.46k| in_s = in_s.subspan(bytes_per_element); 365| 4.46k| } 366| 4.46k| }; 367| | 368| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 369| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 370| | // in a `constexpr` context. 371| 4.46k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (371:7): [Folded, False: 4.46k] ------------------ 372| 0| load_elementwise(); 373| 4.46k| } else { 374| 4.46k| if constexpr(endianness == std::endian::native && !custom_loadable) { 375| 4.46k| typecast_copy(out, in); 376| | } else { 377| | load_elementwise(); 378| | } 379| 4.46k| } 380| 4.46k|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEmQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asIT1_S5_EEEvPS6_PKhm: 483| 723|inline constexpr void load_any(T out[], const uint8_t in[], size_t count) { 484| | // asserts that *in and *out point to the correct amount of memory 485| 723| load_any(std::span(out, count), std::span(in, count * sizeof(T))); 486| 723|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeENS2_4spanImLm18446744073709551615EEETkNS5_16contiguous_rangeIhEENS6_IKhLm18446744073709551615EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISI_EESJ_E4type10value_typeEEoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISP_SO_EEEvOSF_RKT2_: 355| 723|inline constexpr void load_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 356| 723| ranges::assert_equal_byte_lengths(out, in); 357| 723| using element_type = std::ranges::range_value_t; 358| | 359| 723| auto load_elementwise = [&] { 360| 723| constexpr size_t bytes_per_element = sizeof(element_type); 361| 723| std::span in_s(in); 362| 723| for(auto& out_elem : out) { 363| 723| out_elem = load_any(in_s.template first()); 364| 723| in_s = in_s.subspan(bytes_per_element); 365| 723| } 366| 723| }; 367| | 368| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 369| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 370| | // in a `constexpr` context. 371| 723| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (371:7): [Folded, False: 723] ------------------ 372| 0| load_elementwise(); 373| 723| } else { 374| | if constexpr(endianness == std::endian::native && !custom_loadable) { 375| | typecast_copy(out, in); 376| 723| } else { 377| 723| load_elementwise(); 378| 723| } 379| 723| } 380| 723|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeENS2_4spanImLm18446744073709551615EEETkNS5_16contiguous_rangeIhEENS6_IKhLm18446744073709551615EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISI_EESJ_E4type10value_typeEEoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISP_SO_EEEvOSF_RKT2_ENKUlvE_clEv: 359| 723| auto load_elementwise = [&] { 360| 723| constexpr size_t bytes_per_element = sizeof(element_type); 361| 723| std::span in_s(in); 362| 1.44k| for(auto& out_elem : out) { ------------------ | Branch (362:26): [True: 1.44k, False: 723] ------------------ 363| 1.44k| out_elem = load_any(in_s.template first()); 364| 1.44k| in_s = in_s.subspan(bytes_per_element); 365| 1.44k| } 366| 723| }; _ZN5Botan7load_beImJNSt3__14spanIKhLm8EEEEEEDaDpOT0_: 504| 156k|inline constexpr auto load_be(ParamTs&&... params) { 505| 156k| return detail::load_any(std::forward(params)...); 506| 156k|} _ZN5Botan7load_beImJRNSt3__15arrayIhLm8EEEEEEDaDpOT0_: 504| 27.5k|inline constexpr auto load_be(ParamTs&&... params) { 505| 27.5k| return detail::load_any(std::forward(params)...); 506| 27.5k|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmTkNS_6ranges16contiguous_rangeIhEERNS2_5arrayIhLm8EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_: 278| 27.5k|inline constexpr WrappedOutT load_any(InR&& in_range) { 279| 27.5k| using OutT = detail::wrapped_type; 280| 27.5k| ranges::assert_exact_byte_length(in_range); 281| | 282| 27.5k| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 27.5k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { 287| 27.5k| return fallback_load_any(std::forward(in_range)); 288| 27.5k| } else { 289| 27.5k| const std::span in{in_range}; 290| 27.5k| if constexpr(sizeof(OutT) == 1) { 291| 27.5k| return static_cast(in[0]); 292| 27.5k| } else if constexpr(endianness == std::endian::native) { 293| 27.5k| return typecast_copy(in); 294| 27.5k| } else { 295| 27.5k| static_assert(opposite(endianness) == std::endian::native); 296| 27.5k| return reverse_bytes(typecast_copy(in)); 297| 27.5k| } 298| 27.5k| } 299| 27.5k| }()); 300| 27.5k|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmTkNS_6ranges16contiguous_rangeIhEERNS2_5arrayIhLm8EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_ENKUlvE_clEv: 282| 27.5k| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 27.5k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (286:10): [Folded, False: 27.5k] ------------------ 287| 0| return fallback_load_any(std::forward(in_range)); 288| 27.5k| } else { 289| 27.5k| const std::span in{in_range}; 290| | if constexpr(sizeof(OutT) == 1) { 291| | return static_cast(in[0]); 292| | } else if constexpr(endianness == std::endian::native) { 293| | return typecast_copy(in); 294| 27.5k| } else { 295| 27.5k| static_assert(opposite(endianness) == std::endian::native); 296| 27.5k| return reverse_bytes(typecast_copy(in)); 297| 27.5k| } 298| 27.5k| } 299| 27.5k| }()); _ZN5Botan8store_beINS_6detail10AutoDetectEJRmPhEEEDaDpOT0_: 745| 529|inline constexpr auto store_be(ParamTs&&... params) { 746| 529| return detail::store_any(std::forward(params)...); 747| 529|} _ZN5Botan8store_beINS_6detail10AutoDetectEJRKjPhEEEDaDpOT0_: 745| 8.55k|inline constexpr auto store_be(ParamTs&&... params) { 746| 8.55k| return detail::store_any(std::forward(params)...); 747| 8.55k|} _ZN5Botan8store_beINS_6detail10AutoDetectEJjPhEEEDaDpOT0_: 745| 416|inline constexpr auto store_be(ParamTs&&... params) { 746| 416| return detail::store_any(std::forward(params)...); 747| 416|} _ZN5Botan7load_leIjJPjPKhmEEEDaDpOT0_: 495| 2|inline constexpr auto load_le(ParamTs&&... params) { 496| 2| return detail::load_any(std::forward(params)...); 497| 2|} _ZN5Botan6detail8load_anyILNSt3__16endianE57005EjTkNS0_20unsigned_integralishEjQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asIT1_S5_EEEvPS6_PKhm: 483| 2|inline constexpr void load_any(T out[], const uint8_t in[], size_t count) { 484| | // asserts that *in and *out point to the correct amount of memory 485| 2| load_any(std::span(out, count), std::span(in, count * sizeof(T))); 486| 2|} _ZN5Botan6detail8load_anyILNSt3__16endianE57005EjTkNS_6ranges23contiguous_output_rangeENS2_4spanIjLm18446744073709551615EEETkNS4_16contiguous_rangeIhEENS5_IKhLm18446744073709551615EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISH_EESI_E4type10value_typeEEoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISP_SN_EEEvOSE_RKT2_: 355| 2|inline constexpr void load_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 356| 2| ranges::assert_equal_byte_lengths(out, in); 357| 2| using element_type = std::ranges::range_value_t; 358| | 359| 2| auto load_elementwise = [&] { 360| 2| constexpr size_t bytes_per_element = sizeof(element_type); 361| 2| std::span in_s(in); 362| 2| for(auto& out_elem : out) { 363| 2| out_elem = load_any(in_s.template first()); 364| 2| in_s = in_s.subspan(bytes_per_element); 365| 2| } 366| 2| }; 367| | 368| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 369| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 370| | // in a `constexpr` context. 371| 2| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (371:7): [Folded, False: 2] ------------------ 372| 0| load_elementwise(); 373| 2| } else { 374| 2| if constexpr(endianness == std::endian::native && !custom_loadable) { 375| 2| typecast_copy(out, in); 376| | } else { 377| | load_elementwise(); 378| | } 379| 2| } 380| 2|} _ZN5Botan7load_beIjJPhiEEEDaDpOT0_: 504| 211|inline constexpr auto load_be(ParamTs&&... params) { 505| 211| return detail::load_any(std::forward(params)...); 506| 211|} _ZN5Botan7load_beImJPhiEEEDaDpOT0_: 504| 2.69k|inline constexpr auto load_be(ParamTs&&... params) { 505| 2.69k| return detail::load_any(std::forward(params)...); 506| 2.69k|} _ZN5Botan8store_beINS_6detail10AutoDetectEJRKmRKNSt3__14spanIhLm18446744073709551615EEEEEEDaDpOT0_: 745| 2.89k|inline constexpr auto store_be(ParamTs&&... params) { 746| 2.89k| return detail::store_any(std::forward(params)...); 747| 2.89k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEmTkNS_6ranges23contiguous_output_rangeIhEERKNS2_4spanIhLm18446744073709551615EEEQsr3stdE7same_asIS4_T0_EEEvT1_OT2_: 646| 2.89k|inline constexpr void store_any(T in, OutR&& out_range) { 647| 2.89k| store_any(in, std::forward(out_range)); 648| 2.89k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmTkNS_6ranges23contiguous_output_rangeIhEERKNS2_4spanIhLm18446744073709551615EEEQnt15custom_storableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEEvSB_OT1_: 525| 2.89k|inline constexpr void store_any(WrappedInT wrapped_in, OutR&& out_range) { 526| 2.89k| const auto in = detail::unwrap_strong_type_or_enum(wrapped_in); 527| 2.89k| using InT = decltype(in); 528| 2.89k| ranges::assert_exact_byte_length(out_range); 529| 2.89k| const std::span out{out_range}; 530| | 531| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 532| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 533| | // in a `constexpr` context. 534| 2.89k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (534:7): [Folded, False: 2.89k] ------------------ 535| 0| return fallback_store_any(in, std::forward(out_range)); 536| 2.89k| } else { 537| | if constexpr(sizeof(InT) == 1) { 538| | out[0] = static_cast(in); 539| | } else if constexpr(endianness == std::endian::native) { 540| | typecast_copy(out, in); 541| 2.89k| } else { 542| 2.89k| static_assert(opposite(endianness) == std::endian::native); 543| 2.89k| typecast_copy(out, reverse_bytes(in)); 544| 2.89k| } 545| 2.89k| } 546| 2.89k|} _ZN5Botan7load_beIhJPKhRmEEEDaDpOT0_: 504| 1.98M|inline constexpr auto load_be(ParamTs&&... params) { 505| 1.98M| return detail::load_any(std::forward(params)...); 506| 1.98M|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEhEET0_PKhm: 454| 1.98M|inline constexpr OutT load_any(const uint8_t in[], size_t off) { 455| | // asserts that *in points to enough bytes to read at offset off 456| 1.98M| constexpr size_t out_size = sizeof(OutT); 457| 1.98M| return load_any(std::span(in + off * out_size, out_size)); 458| 1.98M|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEhTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm1EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_: 278| 1.98M|inline constexpr WrappedOutT load_any(InR&& in_range) { 279| 1.98M| using OutT = detail::wrapped_type; 280| 1.98M| ranges::assert_exact_byte_length(in_range); 281| | 282| 1.98M| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 1.98M| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { 287| 1.98M| return fallback_load_any(std::forward(in_range)); 288| 1.98M| } else { 289| 1.98M| const std::span in{in_range}; 290| 1.98M| if constexpr(sizeof(OutT) == 1) { 291| 1.98M| return static_cast(in[0]); 292| 1.98M| } else if constexpr(endianness == std::endian::native) { 293| 1.98M| return typecast_copy(in); 294| 1.98M| } else { 295| 1.98M| static_assert(opposite(endianness) == std::endian::native); 296| 1.98M| return reverse_bytes(typecast_copy(in)); 297| 1.98M| } 298| 1.98M| } 299| 1.98M| }()); 300| 1.98M|} _ZN5Botan6detail24wrap_strong_type_or_enumITkNS0_20unsigned_integralishEhTkNSt3__117unsigned_integralEhEEDaT0_: 200| 1.98M|constexpr auto wrap_strong_type_or_enum(T t) { 201| | if constexpr(std::is_enum_v) { 202| | return static_cast(t); 203| 1.98M| } else { 204| 1.98M| return Botan::wrap_strong_type(t); 205| 1.98M| } 206| 1.98M|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEhTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm1EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_ENKUlvE_clEv: 282| 1.98M| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 1.98M| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (286:10): [Folded, False: 1.98M] ------------------ 287| 0| return fallback_load_any(std::forward(in_range)); 288| 1.98M| } else { 289| 1.98M| const std::span in{in_range}; 290| 1.98M| if constexpr(sizeof(OutT) == 1) { 291| 1.98M| return static_cast(in[0]); 292| | } else if constexpr(endianness == std::endian::native) { 293| | return typecast_copy(in); 294| | } else { 295| | static_assert(opposite(endianness) == std::endian::native); 296| | return reverse_bytes(typecast_copy(in)); 297| | } 298| 1.98M| } 299| 1.98M| }()); _ZN5Botan12get_byte_varIhEEhmT_: 69| 769k|inline constexpr uint8_t get_byte_var(size_t byte_num, T input) { 70| 769k| return static_cast(input >> (((~byte_num) & (sizeof(T) - 1)) << 3)); 71| 769k|} _ZN5Botan7load_beItJPKhRmEEEDaDpOT0_: 504| 49.6k|inline constexpr auto load_be(ParamTs&&... params) { 505| 49.6k| return detail::load_any(std::forward(params)...); 506| 49.6k|} _ZN5Botan7load_beINSt3__15arrayImLm2EEEJNS1_4spanIKhLm16EEEEEEDaDpOT0_: 504| 62|inline constexpr auto load_be(ParamTs&&... params) { 505| 62| return detail::load_any(std::forward(params)...); 506| 62|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ENS2_5arrayImLm2EEETkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm16EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Eaaoosr6rangesE25statically_spanable_rangeISC_Esr8conceptsE19resizable_containerISC_E20unsigned_integralishINSC_10value_typeEEEEDaOT1_: 397| 62|inline constexpr auto load_any(InR&& in_range) { 398| 62| auto out = []([[maybe_unused]] const auto& in) { 399| 62| if constexpr(std::same_as) { 400| 62| if constexpr(ranges::statically_spanable_range) { 401| 62| constexpr size_t extent = decltype(std::span{in})::extent; 402| | 403| | // clang-format off 404| 62| using type = 405| 62| std::conditional_t>>>; 409| | // clang-format on 410| | 411| 62| static_assert( 412| 62| !std::is_void_v, 413| 62| "Cannot determine the output type based on a statically sized bytearray with length other than those: 1, 2, 4, 8"); 414| | 415| 62| return type{}; 416| 62| } else { 417| 62| static_assert( 418| 62| !std::same_as, 419| 62| "cannot infer return type from a dynamic range at compile time, please specify it explicitly"); 420| 62| } 421| 62| } else if constexpr(concepts::resizable_container) { 422| 62| const size_t in_bytes = std::span{in}.size_bytes(); 423| 62| constexpr size_t out_elem_bytes = sizeof(typename OutT::value_type); 424| 62| BOTAN_ARG_CHECK(in_bytes % out_elem_bytes == 0, 425| 62| "Input range is not word-aligned with the requested output range"); 426| 62| return OutT(in_bytes / out_elem_bytes); 427| 62| } else { 428| 62| return OutT{}; 429| 62| } 430| 62| }(in_range); 431| | 432| 62| using out_type = decltype(out); 433| | if constexpr(unsigned_integralish) { 434| | out = load_any(std::forward(in_range)); 435| 62| } else { 436| 62| static_assert(ranges::contiguous_range); 437| 62| using out_range_type = std::ranges::range_value_t; 438| 62| load_any(out, std::forward(in_range)); 439| 62| } 440| 62| return out; 441| 62|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206ENS2_5arrayImLm2EEETkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm16EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Eaaoosr6rangesE25statically_spanable_rangeISC_Esr8conceptsE19resizable_containerISC_E20unsigned_integralishINSC_10value_typeEEEEDaOT1_ENKUlRKT_E_clISA_EEDaSI_: 398| 62| auto out = []([[maybe_unused]] const auto& in) { 399| | if constexpr(std::same_as) { 400| | if constexpr(ranges::statically_spanable_range) { 401| | constexpr size_t extent = decltype(std::span{in})::extent; 402| | 403| | // clang-format off 404| | using type = 405| | std::conditional_t>>>; 409| | // clang-format on 410| | 411| | static_assert( 412| | !std::is_void_v, 413| | "Cannot determine the output type based on a statically sized bytearray with length other than those: 1, 2, 4, 8"); 414| | 415| | return type{}; 416| | } else { 417| | static_assert( 418| | !std::same_as, 419| | "cannot infer return type from a dynamic range at compile time, please specify it explicitly"); 420| | } 421| | } else if constexpr(concepts::resizable_container) { 422| | const size_t in_bytes = std::span{in}.size_bytes(); 423| | constexpr size_t out_elem_bytes = sizeof(typename OutT::value_type); 424| | BOTAN_ARG_CHECK(in_bytes % out_elem_bytes == 0, 425| | "Input range is not word-aligned with the requested output range"); 426| | return OutT(in_bytes / out_elem_bytes); 427| 62| } else { 428| 62| return OutT{}; 429| 62| } 430| 62| }(in_range); _ZN5Botan6detail8load_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeERNS2_5arrayImLm2EEETkNS4_16contiguous_rangeIhEENS2_4spanIKhLm16EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISR_SP_EEEvOSG_RKT2_: 355| 62|inline constexpr void load_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 356| 62| ranges::assert_equal_byte_lengths(out, in); 357| 62| using element_type = std::ranges::range_value_t; 358| | 359| 62| auto load_elementwise = [&] { 360| 62| constexpr size_t bytes_per_element = sizeof(element_type); 361| 62| std::span in_s(in); 362| 62| for(auto& out_elem : out) { 363| 62| out_elem = load_any(in_s.template first()); 364| 62| in_s = in_s.subspan(bytes_per_element); 365| 62| } 366| 62| }; 367| | 368| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 369| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 370| | // in a `constexpr` context. 371| 62| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (371:7): [Folded, False: 62] ------------------ 372| 0| load_elementwise(); 373| 62| } else { 374| | if constexpr(endianness == std::endian::native && !custom_loadable) { 375| | typecast_copy(out, in); 376| 62| } else { 377| 62| load_elementwise(); 378| 62| } 379| 62| } 380| 62|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeERNS2_5arrayImLm2EEETkNS4_16contiguous_rangeIhEENS2_4spanIKhLm16EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISR_SP_EEEvOSG_RKT2_ENKUlvE_clEv: 359| 62| auto load_elementwise = [&] { 360| 62| constexpr size_t bytes_per_element = sizeof(element_type); 361| 62| std::span in_s(in); 362| 124| for(auto& out_elem : out) { ------------------ | Branch (362:26): [True: 124, False: 62] ------------------ 363| 124| out_elem = load_any(in_s.template first()); 364| 124| in_s = in_s.subspan(bytes_per_element); 365| 124| } 366| 62| }; _ZN5Botan8store_beINS_6detail10AutoDetectEJmmEEEDaDpOT0_: 745| 61|inline constexpr auto store_be(ParamTs&&... params) { 746| 61| return detail::store_any(std::forward(params)...); 747| 61|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETpTkNS0_20unsigned_integralishEJmmEQ10all_same_vIDpT1_EEEDaS6_: 696| 61|inline constexpr auto store_any(Ts... ins) { 697| 61| return store_any(std::array{ins...}); 698| 61|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges14spanable_rangeENS2_5arrayImLm2EEEQoooosr3stdE7same_asIS4_T0_Eaasr6rangesE25statically_spanable_rangeIS8_Esr3stdE21default_initializableIS8_Esr8conceptsE21resizable_byte_bufferIS8_EEEDaOT1_: 663| 61|inline constexpr auto store_any(InR&& in_range) { 664| 61| auto out = []([[maybe_unused]] const auto& in) { 665| 61| if constexpr(std::same_as) { 666| 61| if constexpr(ranges::statically_spanable_range) { 667| 61| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 61| return std::array(); 669| 61| } else { 670| 61| static_assert( 671| 61| !std::same_as, 672| 61| "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| 61| } 674| 61| } else if constexpr(concepts::resizable_byte_buffer) { 675| 61| return OutR(std::span{in}.size_bytes()); 676| 61| } else { 677| 61| return OutR{}; 678| 61| } 679| 61| }(in_range); 680| | 681| 61| store_any>(out, std::forward(in_range)); 682| 61| return out; 683| 61|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges14spanable_rangeENS2_5arrayImLm2EEEQoooosr3stdE7same_asIS4_T0_Eaasr6rangesE25statically_spanable_rangeIS8_Esr3stdE21default_initializableIS8_Esr8conceptsE21resizable_byte_bufferIS8_EEEDaOT1_ENKUlRKT_E_clIS7_EEDaSD_: 664| 61| auto out = []([[maybe_unused]] const auto& in) { 665| 61| if constexpr(std::same_as) { 666| 61| if constexpr(ranges::statically_spanable_range) { 667| 61| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 61| return std::array(); 669| | } else { 670| | static_assert( 671| | !std::same_as, 672| | "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| | } 674| | } else if constexpr(concepts::resizable_byte_buffer) { 675| | return OutR(std::span{in}.size_bytes()); 676| | } else { 677| | return OutR{}; 678| | } 679| 61| }(in_range); _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_5arrayIhLm16EEETkNS4_14spanable_rangeENS6_ImLm2EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_: 603| 61|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 61| ranges::assert_equal_byte_lengths(out, in); 605| 61| using element_type = std::ranges::range_value_t; 606| | 607| 61| auto store_elementwise = [&] { 608| 61| constexpr size_t bytes_per_element = sizeof(element_type); 609| 61| std::span out_s(out); 610| 61| for(auto in_elem : in) { 611| 61| store_any(out_s.template first(), in_elem); 612| 61| out_s = out_s.subspan(bytes_per_element); 613| 61| } 614| 61| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 61| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 61] ------------------ 620| 0| store_elementwise(); 621| 61| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 61| } else { 625| 61| store_elementwise(); 626| 61| } 627| 61| } 628| 61|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_5arrayIhLm16EEETkNS4_14spanable_rangeENS6_ImLm2EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_ENKUlvE_clEv: 607| 61| auto store_elementwise = [&] { 608| 61| constexpr size_t bytes_per_element = sizeof(element_type); 609| 61| std::span out_s(out); 610| 122| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 122, False: 61] ------------------ 611| 122| store_any(out_s.template first(), in_elem); 612| 122| out_s = out_s.subspan(bytes_per_element); 613| 122| } 614| 61| }; _ZN5Botan7load_beINS_6detail10AutoDetectEJRA2_mRPKhmEEEDaDpOT0_: 504| 723|inline constexpr auto load_be(ParamTs&&... params) { 505| 723| return detail::load_any(std::forward(params)...); 506| 723|} _ZN5Botan11copy_out_beITkNS_6ranges14spanable_rangeEA2_mEEvNSt3__14spanIhLm18446744073709551615EEERKT_: 773| 723|inline void copy_out_be(std::span out, const InR& in) { 774| 723| using T = std::ranges::range_value_t; 775| 723| std::span in_s{in}; 776| 723| const auto remaining_bytes = detail::copy_out_any_word_aligned_portion(out, in_s); 777| | 778| | // copy remaining bytes as a partial word 779| 723| for(size_t i = 0; i < remaining_bytes; ++i) { ------------------ | Branch (779:22): [True: 0, False: 723] ------------------ 780| 0| out[i] = get_byte_var(i, in_s.front()); 781| 0| } 782| 723|} _ZN5Botan7load_leINS_6detail10AutoDetectEJRA4_mRA8_hRKmEEEDaDpOT0_: 495| 1.95k|inline constexpr auto load_le(ParamTs&&... params) { 496| 1.95k| return detail::load_any(std::forward(params)...); 497| 1.95k|} _ZN5Botan8store_beINSt3__16vectorIhNS1_9allocatorIhEEEEJRA8_mEEEDaDpOT0_: 745| 1.95k|inline constexpr auto store_be(ParamTs&&... params) { 746| 1.95k| return detail::store_any(std::forward(params)...); 747| 1.95k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS2_6vectorIhNS2_9allocatorIhEEEETkNS_6ranges14spanable_rangeERA8_mQoooosr3stdE7same_asINS0_10AutoDetectET0_Eaasr6rangesE25statically_spanable_rangeISC_Esr3stdE21default_initializableISC_Esr8conceptsE21resizable_byte_bufferISC_EEEDaOT1_: 663| 1.95k|inline constexpr auto store_any(InR&& in_range) { 664| 1.95k| auto out = []([[maybe_unused]] const auto& in) { 665| 1.95k| if constexpr(std::same_as) { 666| 1.95k| if constexpr(ranges::statically_spanable_range) { 667| 1.95k| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 1.95k| return std::array(); 669| 1.95k| } else { 670| 1.95k| static_assert( 671| 1.95k| !std::same_as, 672| 1.95k| "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| 1.95k| } 674| 1.95k| } else if constexpr(concepts::resizable_byte_buffer) { 675| 1.95k| return OutR(std::span{in}.size_bytes()); 676| 1.95k| } else { 677| 1.95k| return OutR{}; 678| 1.95k| } 679| 1.95k| }(in_range); 680| | 681| 1.95k| store_any>(out, std::forward(in_range)); 682| 1.95k| return out; 683| 1.95k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS2_6vectorIhNS2_9allocatorIhEEEETkNS_6ranges14spanable_rangeERA8_mQoooosr3stdE7same_asINS0_10AutoDetectET0_Eaasr6rangesE25statically_spanable_rangeISC_Esr3stdE21default_initializableISC_Esr8conceptsE21resizable_byte_bufferISC_EEEDaOT1_ENKUlRKT_E_clIS9_EEDaSH_: 664| 1.95k| auto out = []([[maybe_unused]] const auto& in) { 665| | if constexpr(std::same_as) { 666| | if constexpr(ranges::statically_spanable_range) { 667| | constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| | return std::array(); 669| | } else { 670| | static_assert( 671| | !std::same_as, 672| | "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| | } 674| 1.95k| } else if constexpr(concepts::resizable_byte_buffer) { 675| 1.95k| return OutR(std::span{in}.size_bytes()); 676| | } else { 677| | return OutR{}; 678| | } 679| 1.95k| }(in_range); _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_6vectorIhNS2_9allocatorIhEEEETkNS4_14spanable_rangeEA8_mQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISD_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISL_EESM_E4type10value_typeEEEEvOT1_RKSI_: 603| 1.95k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 1.95k| ranges::assert_equal_byte_lengths(out, in); 605| 1.95k| using element_type = std::ranges::range_value_t; 606| | 607| 1.95k| auto store_elementwise = [&] { 608| 1.95k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 1.95k| std::span out_s(out); 610| 1.95k| for(auto in_elem : in) { 611| 1.95k| store_any(out_s.template first(), in_elem); 612| 1.95k| out_s = out_s.subspan(bytes_per_element); 613| 1.95k| } 614| 1.95k| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 1.95k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 1.95k] ------------------ 620| 0| store_elementwise(); 621| 1.95k| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 1.95k| } else { 625| 1.95k| store_elementwise(); 626| 1.95k| } 627| 1.95k| } 628| 1.95k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_6vectorIhNS2_9allocatorIhEEEETkNS4_14spanable_rangeEA8_mQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISD_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISL_EESM_E4type10value_typeEEEEvOT1_RKSI_ENKUlvE_clEv: 607| 1.95k| auto store_elementwise = [&] { 608| 1.95k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 1.95k| std::span out_s(out); 610| 15.6k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 15.6k, False: 1.95k] ------------------ 611| 15.6k| store_any(out_s.template first(), in_elem); 612| 15.6k| out_s = out_s.subspan(bytes_per_element); 613| 15.6k| } 614| 1.95k| }; _ZN5Botan8store_beINS_6detail10AutoDetectEJRNSt3__14spanIhLm32EEERNS3_5arrayImLm4EEEEEEDaDpOT0_: 745| 30.3k|inline constexpr auto store_be(ParamTs&&... params) { 746| 30.3k| return detail::store_any(std::forward(params)...); 747| 30.3k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm32EEETkNS5_14spanable_rangeENS2_5arrayImLm4EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_: 603| 30.3k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 30.3k| ranges::assert_equal_byte_lengths(out, in); 605| 30.3k| using element_type = std::ranges::range_value_t; 606| | 607| 30.3k| auto store_elementwise = [&] { 608| 30.3k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 30.3k| std::span out_s(out); 610| 30.3k| for(auto in_elem : in) { 611| 30.3k| store_any(out_s.template first(), in_elem); 612| 30.3k| out_s = out_s.subspan(bytes_per_element); 613| 30.3k| } 614| 30.3k| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 30.3k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 30.3k] ------------------ 620| 0| store_elementwise(); 621| 30.3k| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 30.3k| } else { 625| 30.3k| store_elementwise(); 626| 30.3k| } 627| 30.3k| } 628| 30.3k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm32EEETkNS5_14spanable_rangeENS2_5arrayImLm4EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_ENKUlvE_clEv: 607| 30.3k| auto store_elementwise = [&] { 608| 30.3k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 30.3k| std::span out_s(out); 610| 121k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 121k, False: 30.3k] ------------------ 611| 121k| store_any(out_s.template first(), in_elem); 612| 121k| out_s = out_s.subspan(bytes_per_element); 613| 121k| } 614| 30.3k| }; _ZN5Botan7load_beImJPKhmEEEDaDpOT0_: 504| 261k|inline constexpr auto load_be(ParamTs&&... params) { 505| 261k| return detail::load_any(std::forward(params)...); 506| 261k|} _ZN5Botan7load_leINS_6detail10AutoDetectEJRA6_mRA8_hRKmEEEDaDpOT0_: 495| 1.36k|inline constexpr auto load_le(ParamTs&&... params) { 496| 1.36k| return detail::load_any(std::forward(params)...); 497| 1.36k|} _ZN5Botan8store_beINSt3__16vectorIhNS1_9allocatorIhEEEEJRA12_mEEEDaDpOT0_: 745| 1.36k|inline constexpr auto store_be(ParamTs&&... params) { 746| 1.36k| return detail::store_any(std::forward(params)...); 747| 1.36k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS2_6vectorIhNS2_9allocatorIhEEEETkNS_6ranges14spanable_rangeERA12_mQoooosr3stdE7same_asINS0_10AutoDetectET0_Eaasr6rangesE25statically_spanable_rangeISC_Esr3stdE21default_initializableISC_Esr8conceptsE21resizable_byte_bufferISC_EEEDaOT1_: 663| 1.36k|inline constexpr auto store_any(InR&& in_range) { 664| 1.36k| auto out = []([[maybe_unused]] const auto& in) { 665| 1.36k| if constexpr(std::same_as) { 666| 1.36k| if constexpr(ranges::statically_spanable_range) { 667| 1.36k| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 1.36k| return std::array(); 669| 1.36k| } else { 670| 1.36k| static_assert( 671| 1.36k| !std::same_as, 672| 1.36k| "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| 1.36k| } 674| 1.36k| } else if constexpr(concepts::resizable_byte_buffer) { 675| 1.36k| return OutR(std::span{in}.size_bytes()); 676| 1.36k| } else { 677| 1.36k| return OutR{}; 678| 1.36k| } 679| 1.36k| }(in_range); 680| | 681| 1.36k| store_any>(out, std::forward(in_range)); 682| 1.36k| return out; 683| 1.36k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS2_6vectorIhNS2_9allocatorIhEEEETkNS_6ranges14spanable_rangeERA12_mQoooosr3stdE7same_asINS0_10AutoDetectET0_Eaasr6rangesE25statically_spanable_rangeISC_Esr3stdE21default_initializableISC_Esr8conceptsE21resizable_byte_bufferISC_EEEDaOT1_ENKUlRKT_E_clIS9_EEDaSH_: 664| 1.36k| auto out = []([[maybe_unused]] const auto& in) { 665| | if constexpr(std::same_as) { 666| | if constexpr(ranges::statically_spanable_range) { 667| | constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| | return std::array(); 669| | } else { 670| | static_assert( 671| | !std::same_as, 672| | "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| | } 674| 1.36k| } else if constexpr(concepts::resizable_byte_buffer) { 675| 1.36k| return OutR(std::span{in}.size_bytes()); 676| | } else { 677| | return OutR{}; 678| | } 679| 1.36k| }(in_range); _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_6vectorIhNS2_9allocatorIhEEEETkNS4_14spanable_rangeEA12_mQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISD_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISL_EESM_E4type10value_typeEEEEvOT1_RKSI_: 603| 1.36k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 1.36k| ranges::assert_equal_byte_lengths(out, in); 605| 1.36k| using element_type = std::ranges::range_value_t; 606| | 607| 1.36k| auto store_elementwise = [&] { 608| 1.36k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 1.36k| std::span out_s(out); 610| 1.36k| for(auto in_elem : in) { 611| 1.36k| store_any(out_s.template first(), in_elem); 612| 1.36k| out_s = out_s.subspan(bytes_per_element); 613| 1.36k| } 614| 1.36k| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 1.36k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 1.36k] ------------------ 620| 0| store_elementwise(); 621| 1.36k| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 1.36k| } else { 625| 1.36k| store_elementwise(); 626| 1.36k| } 627| 1.36k| } 628| 1.36k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_6vectorIhNS2_9allocatorIhEEEETkNS4_14spanable_rangeEA12_mQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISD_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISL_EESM_E4type10value_typeEEEEvOT1_RKSI_ENKUlvE_clEv: 607| 1.36k| auto store_elementwise = [&] { 608| 1.36k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 1.36k| std::span out_s(out); 610| 16.3k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 16.3k, False: 1.36k] ------------------ 611| 16.3k| store_any(out_s.template first(), in_elem); 612| 16.3k| out_s = out_s.subspan(bytes_per_element); 613| 16.3k| } 614| 1.36k| }; _ZN5Botan8store_beINS_6detail10AutoDetectEJRNSt3__14spanIhLm48EEERNS3_5arrayImLm6EEEEEEDaDpOT0_: 745| 6.85k|inline constexpr auto store_be(ParamTs&&... params) { 746| 6.85k| return detail::store_any(std::forward(params)...); 747| 6.85k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm48EEETkNS5_14spanable_rangeENS2_5arrayImLm6EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_: 603| 6.85k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 6.85k| ranges::assert_equal_byte_lengths(out, in); 605| 6.85k| using element_type = std::ranges::range_value_t; 606| | 607| 6.85k| auto store_elementwise = [&] { 608| 6.85k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 6.85k| std::span out_s(out); 610| 6.85k| for(auto in_elem : in) { 611| 6.85k| store_any(out_s.template first(), in_elem); 612| 6.85k| out_s = out_s.subspan(bytes_per_element); 613| 6.85k| } 614| 6.85k| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 6.85k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 6.85k] ------------------ 620| 0| store_elementwise(); 621| 6.85k| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 6.85k| } else { 625| 6.85k| store_elementwise(); 626| 6.85k| } 627| 6.85k| } 628| 6.85k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm48EEETkNS5_14spanable_rangeENS2_5arrayImLm6EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_ENKUlvE_clEv: 607| 6.85k| auto store_elementwise = [&] { 608| 6.85k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 6.85k| std::span out_s(out); 610| 41.1k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 41.1k, False: 6.85k] ------------------ 611| 41.1k| store_any(out_s.template first(), in_elem); 612| 41.1k| out_s = out_s.subspan(bytes_per_element); 613| 41.1k| } 614| 6.85k| }; _ZN5Botan7load_leINS_6detail10AutoDetectEJRA8_mRA8_hRKmEEEDaDpOT0_: 495| 510|inline constexpr auto load_le(ParamTs&&... params) { 496| 510| return detail::load_any(std::forward(params)...); 497| 510|} _ZN5Botan8store_beINSt3__16vectorIhNS1_9allocatorIhEEEEJRA16_mEEEDaDpOT0_: 745| 510|inline constexpr auto store_be(ParamTs&&... params) { 746| 510| return detail::store_any(std::forward(params)...); 747| 510|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS2_6vectorIhNS2_9allocatorIhEEEETkNS_6ranges14spanable_rangeERA16_mQoooosr3stdE7same_asINS0_10AutoDetectET0_Eaasr6rangesE25statically_spanable_rangeISC_Esr3stdE21default_initializableISC_Esr8conceptsE21resizable_byte_bufferISC_EEEDaOT1_: 663| 510|inline constexpr auto store_any(InR&& in_range) { 664| 510| auto out = []([[maybe_unused]] const auto& in) { 665| 510| if constexpr(std::same_as) { 666| 510| if constexpr(ranges::statically_spanable_range) { 667| 510| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 510| return std::array(); 669| 510| } else { 670| 510| static_assert( 671| 510| !std::same_as, 672| 510| "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| 510| } 674| 510| } else if constexpr(concepts::resizable_byte_buffer) { 675| 510| return OutR(std::span{in}.size_bytes()); 676| 510| } else { 677| 510| return OutR{}; 678| 510| } 679| 510| }(in_range); 680| | 681| 510| store_any>(out, std::forward(in_range)); 682| 510| return out; 683| 510|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS2_6vectorIhNS2_9allocatorIhEEEETkNS_6ranges14spanable_rangeERA16_mQoooosr3stdE7same_asINS0_10AutoDetectET0_Eaasr6rangesE25statically_spanable_rangeISC_Esr3stdE21default_initializableISC_Esr8conceptsE21resizable_byte_bufferISC_EEEDaOT1_ENKUlRKT_E_clIS9_EEDaSH_: 664| 510| auto out = []([[maybe_unused]] const auto& in) { 665| | if constexpr(std::same_as) { 666| | if constexpr(ranges::statically_spanable_range) { 667| | constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| | return std::array(); 669| | } else { 670| | static_assert( 671| | !std::same_as, 672| | "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| | } 674| 510| } else if constexpr(concepts::resizable_byte_buffer) { 675| 510| return OutR(std::span{in}.size_bytes()); 676| | } else { 677| | return OutR{}; 678| | } 679| 510| }(in_range); _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_6vectorIhNS2_9allocatorIhEEEETkNS4_14spanable_rangeEA16_mQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISD_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISL_EESM_E4type10value_typeEEEEvOT1_RKSI_: 603| 510|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 510| ranges::assert_equal_byte_lengths(out, in); 605| 510| using element_type = std::ranges::range_value_t; 606| | 607| 510| auto store_elementwise = [&] { 608| 510| constexpr size_t bytes_per_element = sizeof(element_type); 609| 510| std::span out_s(out); 610| 510| for(auto in_elem : in) { 611| 510| store_any(out_s.template first(), in_elem); 612| 510| out_s = out_s.subspan(bytes_per_element); 613| 510| } 614| 510| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 510| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 510] ------------------ 620| 0| store_elementwise(); 621| 510| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 510| } else { 625| 510| store_elementwise(); 626| 510| } 627| 510| } 628| 510|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_6vectorIhNS2_9allocatorIhEEEETkNS4_14spanable_rangeEA16_mQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISD_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISL_EESM_E4type10value_typeEEEEvOT1_RKSI_ENKUlvE_clEv: 607| 510| auto store_elementwise = [&] { 608| 510| constexpr size_t bytes_per_element = sizeof(element_type); 609| 510| std::span out_s(out); 610| 8.16k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 8.16k, False: 510] ------------------ 611| 8.16k| store_any(out_s.template first(), in_elem); 612| 8.16k| out_s = out_s.subspan(bytes_per_element); 613| 8.16k| } 614| 510| }; _ZN5Botan8store_beINS_6detail10AutoDetectEJRNSt3__14spanIhLm64EEERNS3_5arrayImLm8EEEEEEDaDpOT0_: 745| 2.43k|inline constexpr auto store_be(ParamTs&&... params) { 746| 2.43k| return detail::store_any(std::forward(params)...); 747| 2.43k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm64EEETkNS5_14spanable_rangeENS2_5arrayImLm8EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_: 603| 2.43k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 2.43k| ranges::assert_equal_byte_lengths(out, in); 605| 2.43k| using element_type = std::ranges::range_value_t; 606| | 607| 2.43k| auto store_elementwise = [&] { 608| 2.43k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 2.43k| std::span out_s(out); 610| 2.43k| for(auto in_elem : in) { 611| 2.43k| store_any(out_s.template first(), in_elem); 612| 2.43k| out_s = out_s.subspan(bytes_per_element); 613| 2.43k| } 614| 2.43k| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 2.43k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 2.43k] ------------------ 620| 0| store_elementwise(); 621| 2.43k| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 2.43k| } else { 625| 2.43k| store_elementwise(); 626| 2.43k| } 627| 2.43k| } 628| 2.43k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm64EEETkNS5_14spanable_rangeENS2_5arrayImLm8EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_ENKUlvE_clEv: 607| 2.43k| auto store_elementwise = [&] { 608| 2.43k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 2.43k| std::span out_s(out); 610| 19.4k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 19.4k, False: 2.43k] ------------------ 611| 19.4k| store_any(out_s.template first(), in_elem); 612| 19.4k| out_s = out_s.subspan(bytes_per_element); 613| 19.4k| } 614| 2.43k| }; _ZN5Botan8store_beINS_6detail10AutoDetectEJRNSt3__15arrayImLm9EEEEEEDaDpOT0_: 745| 3.32k|inline constexpr auto store_be(ParamTs&&... params) { 746| 3.32k| return detail::store_any(std::forward(params)...); 747| 3.32k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges14spanable_rangeERNS2_5arrayImLm9EEEQoooosr3stdE7same_asIS4_T0_Eaasr6rangesE25statically_spanable_rangeIS9_Esr3stdE21default_initializableIS9_Esr8conceptsE21resizable_byte_bufferIS9_EEEDaOT1_: 663| 3.32k|inline constexpr auto store_any(InR&& in_range) { 664| 3.32k| auto out = []([[maybe_unused]] const auto& in) { 665| 3.32k| if constexpr(std::same_as) { 666| 3.32k| if constexpr(ranges::statically_spanable_range) { 667| 3.32k| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 3.32k| return std::array(); 669| 3.32k| } else { 670| 3.32k| static_assert( 671| 3.32k| !std::same_as, 672| 3.32k| "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| 3.32k| } 674| 3.32k| } else if constexpr(concepts::resizable_byte_buffer) { 675| 3.32k| return OutR(std::span{in}.size_bytes()); 676| 3.32k| } else { 677| 3.32k| return OutR{}; 678| 3.32k| } 679| 3.32k| }(in_range); 680| | 681| 3.32k| store_any>(out, std::forward(in_range)); 682| 3.32k| return out; 683| 3.32k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges14spanable_rangeERNS2_5arrayImLm9EEEQoooosr3stdE7same_asIS4_T0_Eaasr6rangesE25statically_spanable_rangeIS9_Esr3stdE21default_initializableIS9_Esr8conceptsE21resizable_byte_bufferIS9_EEEDaOT1_ENKUlRKT_E_clIS7_EEDaSE_: 664| 3.32k| auto out = []([[maybe_unused]] const auto& in) { 665| 3.32k| if constexpr(std::same_as) { 666| 3.32k| if constexpr(ranges::statically_spanable_range) { 667| 3.32k| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 3.32k| return std::array(); 669| | } else { 670| | static_assert( 671| | !std::same_as, 672| | "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| | } 674| | } else if constexpr(concepts::resizable_byte_buffer) { 675| | return OutR(std::span{in}.size_bytes()); 676| | } else { 677| | return OutR{}; 678| | } 679| 3.32k| }(in_range); _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_5arrayIhLm72EEETkNS4_14spanable_rangeENS6_ImLm9EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_: 603| 3.32k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 3.32k| ranges::assert_equal_byte_lengths(out, in); 605| 3.32k| using element_type = std::ranges::range_value_t; 606| | 607| 3.32k| auto store_elementwise = [&] { 608| 3.32k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 3.32k| std::span out_s(out); 610| 3.32k| for(auto in_elem : in) { 611| 3.32k| store_any(out_s.template first(), in_elem); 612| 3.32k| out_s = out_s.subspan(bytes_per_element); 613| 3.32k| } 614| 3.32k| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 3.32k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 3.32k] ------------------ 620| 0| store_elementwise(); 621| 3.32k| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 3.32k| } else { 625| 3.32k| store_elementwise(); 626| 3.32k| } 627| 3.32k| } 628| 3.32k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_5arrayIhLm72EEETkNS4_14spanable_rangeENS6_ImLm9EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_ENKUlvE_clEv: 607| 3.32k| auto store_elementwise = [&] { 608| 3.32k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 3.32k| std::span out_s(out); 610| 29.9k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 29.9k, False: 3.32k] ------------------ 611| 29.9k| store_any(out_s.template first(), in_elem); 612| 29.9k| out_s = out_s.subspan(bytes_per_element); 613| 29.9k| } 614| 3.32k| }; _ZN5Botan7load_leINS_6detail10AutoDetectEJRA9_mRA8_hRKmEEEDaDpOT0_: 495| 635|inline constexpr auto load_le(ParamTs&&... params) { 496| 635| return detail::load_any(std::forward(params)...); 497| 635|} _ZN5Botan8store_beINSt3__16vectorIhNS1_9allocatorIhEEEEJRA18_mEEEDaDpOT0_: 745| 635|inline constexpr auto store_be(ParamTs&&... params) { 746| 635| return detail::store_any(std::forward(params)...); 747| 635|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS2_6vectorIhNS2_9allocatorIhEEEETkNS_6ranges14spanable_rangeERA18_mQoooosr3stdE7same_asINS0_10AutoDetectET0_Eaasr6rangesE25statically_spanable_rangeISC_Esr3stdE21default_initializableISC_Esr8conceptsE21resizable_byte_bufferISC_EEEDaOT1_: 663| 635|inline constexpr auto store_any(InR&& in_range) { 664| 635| auto out = []([[maybe_unused]] const auto& in) { 665| 635| if constexpr(std::same_as) { 666| 635| if constexpr(ranges::statically_spanable_range) { 667| 635| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 635| return std::array(); 669| 635| } else { 670| 635| static_assert( 671| 635| !std::same_as, 672| 635| "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| 635| } 674| 635| } else if constexpr(concepts::resizable_byte_buffer) { 675| 635| return OutR(std::span{in}.size_bytes()); 676| 635| } else { 677| 635| return OutR{}; 678| 635| } 679| 635| }(in_range); 680| | 681| 635| store_any>(out, std::forward(in_range)); 682| 635| return out; 683| 635|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS2_6vectorIhNS2_9allocatorIhEEEETkNS_6ranges14spanable_rangeERA18_mQoooosr3stdE7same_asINS0_10AutoDetectET0_Eaasr6rangesE25statically_spanable_rangeISC_Esr3stdE21default_initializableISC_Esr8conceptsE21resizable_byte_bufferISC_EEEDaOT1_ENKUlRKT_E_clIS9_EEDaSH_: 664| 635| auto out = []([[maybe_unused]] const auto& in) { 665| | if constexpr(std::same_as) { 666| | if constexpr(ranges::statically_spanable_range) { 667| | constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| | return std::array(); 669| | } else { 670| | static_assert( 671| | !std::same_as, 672| | "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| | } 674| 635| } else if constexpr(concepts::resizable_byte_buffer) { 675| 635| return OutR(std::span{in}.size_bytes()); 676| | } else { 677| | return OutR{}; 678| | } 679| 635| }(in_range); _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_6vectorIhNS2_9allocatorIhEEEETkNS4_14spanable_rangeEA18_mQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISD_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISL_EESM_E4type10value_typeEEEEvOT1_RKSI_: 603| 635|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 635| ranges::assert_equal_byte_lengths(out, in); 605| 635| using element_type = std::ranges::range_value_t; 606| | 607| 635| auto store_elementwise = [&] { 608| 635| constexpr size_t bytes_per_element = sizeof(element_type); 609| 635| std::span out_s(out); 610| 635| for(auto in_elem : in) { 611| 635| store_any(out_s.template first(), in_elem); 612| 635| out_s = out_s.subspan(bytes_per_element); 613| 635| } 614| 635| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 635| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 635] ------------------ 620| 0| store_elementwise(); 621| 635| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 635| } else { 625| 635| store_elementwise(); 626| 635| } 627| 635| } 628| 635|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_6vectorIhNS2_9allocatorIhEEEETkNS4_14spanable_rangeEA18_mQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISD_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISL_EESM_E4type10value_typeEEEEvOT1_RKSI_ENKUlvE_clEv: 607| 635| auto store_elementwise = [&] { 608| 635| constexpr size_t bytes_per_element = sizeof(element_type); 609| 635| std::span out_s(out); 610| 11.4k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 11.4k, False: 635] ------------------ 611| 11.4k| store_any(out_s.template first(), in_elem); 612| 11.4k| out_s = out_s.subspan(bytes_per_element); 613| 11.4k| } 614| 635| }; _ZN5Botan7load_leINS_6detail10AutoDetectEJRNSt3__15arrayImLm7EEERNS3_4spanIKhLm56EEEEEEDaDpOT0_: 495| 16|inline constexpr auto load_le(ParamTs&&... params) { 496| 16| return detail::load_any(std::forward(params)...); 497| 16|} _ZN5Botan6detail8load_anyILNSt3__16endianE57005ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeERNS2_5arrayImLm7EEETkNS5_16contiguous_rangeIhEENS2_4spanIKhLm56EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISR_SQ_EEEvOSH_RKT2_: 355| 16|inline constexpr void load_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 356| 16| ranges::assert_equal_byte_lengths(out, in); 357| 16| using element_type = std::ranges::range_value_t; 358| | 359| 16| auto load_elementwise = [&] { 360| 16| constexpr size_t bytes_per_element = sizeof(element_type); 361| 16| std::span in_s(in); 362| 16| for(auto& out_elem : out) { 363| 16| out_elem = load_any(in_s.template first()); 364| 16| in_s = in_s.subspan(bytes_per_element); 365| 16| } 366| 16| }; 367| | 368| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 369| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 370| | // in a `constexpr` context. 371| 16| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (371:7): [Folded, False: 16] ------------------ 372| 0| load_elementwise(); 373| 16| } else { 374| 16| if constexpr(endianness == std::endian::native && !custom_loadable) { 375| 16| typecast_copy(out, in); 376| | } else { 377| | load_elementwise(); 378| | } 379| 16| } 380| 16|} _ZN5Botan8store_leINS_6detail10AutoDetectEJRNSt3__14spanIhLm56EEENS3_5arrayImLm7EEEEEEDaDpOT0_: 736| 8|inline constexpr auto store_le(ParamTs&&... params) { 737| 8| return detail::store_any(std::forward(params)...); 738| 8|} _ZN5Botan6detail9store_anyILNSt3__16endianE57005ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm56EEETkNS5_14spanable_rangeENS2_5arrayImLm7EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_: 603| 8|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 8| ranges::assert_equal_byte_lengths(out, in); 605| 8| using element_type = std::ranges::range_value_t; 606| | 607| 8| auto store_elementwise = [&] { 608| 8| constexpr size_t bytes_per_element = sizeof(element_type); 609| 8| std::span out_s(out); 610| 8| for(auto in_elem : in) { 611| 8| store_any(out_s.template first(), in_elem); 612| 8| out_s = out_s.subspan(bytes_per_element); 613| 8| } 614| 8| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 8| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 8] ------------------ 620| 0| store_elementwise(); 621| 8| } else { 622| 8| if constexpr(endianness == std::endian::native && !custom_storable) { 623| 8| typecast_copy(out, in); 624| | } else { 625| | store_elementwise(); 626| | } 627| 8| } 628| 8|} _ZN5Botan8store_leINS_6detail10AutoDetectEJRPhmmmmEEEDaDpOT0_: 736| 20|inline constexpr auto store_le(ParamTs&&... params) { 737| 20| return detail::store_any(std::forward(params)...); 738| 20|} _ZN5Botan6detail9store_anyILNSt3__16endianE57005ENS0_10AutoDetectETkNS0_20unsigned_integralishEmTpTkNS0_20unsigned_integralishEJmmmEQaaoosr3stdE7same_asIS4_T0_Esr3stdE7same_asIT1_S5_E10all_same_vIS6_DpT2_EEEvPhS6_S8_: 723| 20|inline constexpr void store_any(uint8_t out[], T0 in0, Ts... ins) { 724| 20| constexpr auto bytes = sizeof(in0) + (sizeof(ins) + ... + 0); 725| | // asserts that *out points to the correct amount of memory 726| 20| store_any(std::span(out, bytes), in0, ins...); 727| 20|} _ZN5Botan6detail9store_anyILNSt3__16endianE57005EmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm32EEETpTkNS0_20unsigned_integralishEJmmmmEQaagtsZT2_Li0Eooaasr3stdE7same_asINS0_10AutoDetectET0_E10all_same_vIDpT2_Eaa20unsigned_integralishIS9_E10all_same_vIS9_SB_EEEvOT1_SB_: 582| 20|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, Ts... ins) { 583| 20| ranges::assert_exact_byte_length<(sizeof(Ts) + ...)>(out); 584| 20| auto store_one = [off = 0](auto o, T i) mutable { 585| 20| store_any(i, o.subspan(off).template first()); 586| 20| off += sizeof(T); 587| 20| }; 588| | 589| 20| (store_one(std::span{out}, ins), ...); 590| 20|} _ZZN5Botan6detail9store_anyILNSt3__16endianE57005EmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm32EEETpTkNS0_20unsigned_integralishEJmmmmEQaagtsZT2_Li0Eooaasr3stdE7same_asINS0_10AutoDetectET0_E10all_same_vIDpT2_Eaa20unsigned_integralishIS9_E10all_same_vIS9_SB_EEEvOT1_SB_ENUlTyS9_T_E_clImS7_EEDaS9_SE_: 584| 80| auto store_one = [off = 0](auto o, T i) mutable { 585| 80| store_any(i, o.subspan(off).template first()); 586| 80| off += sizeof(T); 587| 80| }; _ZN5Botan7load_beItJPKhiEEEDaDpOT0_: 504| 1.50k|inline constexpr auto load_be(ParamTs&&... params) { 505| 1.50k| return detail::load_any(std::forward(params)...); 506| 1.50k|} _ZN5Botan8store_beINS_6detail10AutoDetectEJRtPhEEEDaDpOT0_: 745| 5|inline constexpr auto store_be(ParamTs&&... params) { 746| 5| return detail::store_any(std::forward(params)...); 747| 5|} _ZN5Botan18MerkleDamgard_HashINS_5SHA_1EEC2Ev: 42| 6.59k| MerkleDamgard_Hash() { clear(); } _ZN5Botan18MerkleDamgard_HashINS_5SHA_1EE5clearEv: 70| 19.8k| void clear() { 71| 19.8k| MD::init(m_digest); 72| 19.8k| m_buffer.clear(); 73| 19.8k| m_count = 0; 74| 19.8k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_256EEC2Ev: 42| 33.8k| MerkleDamgard_Hash() { clear(); } _ZN5Botan18MerkleDamgard_HashINS_7SHA_256EE5clearEv: 70| 123k| void clear() { 71| 123k| MD::init(m_digest); 72| 123k| m_buffer.clear(); 73| 123k| m_count = 0; 74| 123k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_384EEC2Ev: 42| 618| MerkleDamgard_Hash() { clear(); } _ZN5Botan18MerkleDamgard_HashINS_7SHA_384EE5clearEv: 70| 6.31k| void clear() { 71| 6.31k| MD::init(m_digest); 72| 6.31k| m_buffer.clear(); 73| 6.31k| m_count = 0; 74| 6.31k| } _ZN5Botan18MerkleDamgard_HashINS_5SHA_1EE6updateENSt3__14spanIKhLm18446744073709551615EEE: 44| 13.7k| void update(std::span input) { 45| 13.7k| BufferSlicer in(input); 46| | 47| 40.5k| while(!in.empty()) { ------------------ | Branch (47:16): [True: 26.7k, False: 13.7k] ------------------ 48| 26.7k| if(const auto one_block = m_buffer.handle_unaligned_data(in)) { ------------------ | Branch (48:27): [True: 61, False: 26.6k] ------------------ 49| 61| MD::compress_n(m_digest, one_block.value(), 1); 50| 61| } 51| | 52| 26.7k| if(m_buffer.in_alignment()) { ------------------ | Branch (52:16): [True: 13.3k, False: 13.3k] ------------------ 53| 13.3k| const auto [aligned_data, full_blocks] = m_buffer.aligned_data_to_process(in); 54| 13.3k| if(full_blocks > 0) { ------------------ | Branch (54:19): [True: 13.3k, False: 3] ------------------ 55| 13.3k| MD::compress_n(m_digest, aligned_data, full_blocks); 56| 13.3k| } 57| 13.3k| } 58| 26.7k| } 59| | 60| 13.7k| m_count += input.size(); 61| 13.7k| } _ZN5Botan18MerkleDamgard_HashINS_5SHA_1EE5finalENSt3__14spanIhLm18446744073709551615EEE: 63| 13.1k| void final(std::span output) { 64| 13.1k| append_padding_bit(); 65| 13.1k| append_counter_and_finalize(); 66| 13.1k| copy_output(output); 67| 13.1k| clear(); 68| 13.1k| } _ZN5Botan18MerkleDamgard_HashINS_5SHA_1EE18append_padding_bitEv: 77| 13.1k| void append_padding_bit() { 78| 13.1k| BOTAN_ASSERT_NOMSG(!m_buffer.ready_to_consume()); ------------------ | | 77| 13.1k| do { \ | | 78| 13.1k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 13.1k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 13.1k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 13.1k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 13.1k] | | ------------------ ------------------ 79| 13.1k| if constexpr(MD::bit_endianness == MD_Endian::Big) { 80| 13.1k| const uint8_t final_byte = 0x80; 81| 13.1k| m_buffer.append({&final_byte, 1}); 82| | } else { 83| | const uint8_t final_byte = 0x01; 84| | m_buffer.append({&final_byte, 1}); 85| | } 86| 13.1k| } _ZN5Botan18MerkleDamgard_HashINS_5SHA_1EE27append_counter_and_finalizeEv: 88| 13.1k| void append_counter_and_finalize() { 89| | // Compress the remaining data if the final data block does not provide 90| | // enough space for the counter bytes. 91| 13.1k| if(m_buffer.elements_until_alignment() < MD::ctr_bytes) { ------------------ | Branch (91:13): [True: 9, False: 13.1k] ------------------ 92| 9| m_buffer.fill_up_with_zeros(); 93| 9| MD::compress_n(m_digest, m_buffer.consume(), 1); 94| 9| } 95| | 96| | // Make sure that any remaining bytes in the very last block are zero. 97| 13.1k| BOTAN_ASSERT_NOMSG(m_buffer.elements_until_alignment() >= MD::ctr_bytes); ------------------ | | 77| 13.1k| do { \ | | 78| 13.1k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 13.1k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 13.1k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 13.1k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 13.1k] | | ------------------ ------------------ 98| 13.1k| m_buffer.fill_up_with_zeros(); 99| | 100| | // Replace a bunch of the right-most zero-padding with the counter bytes. 101| 13.1k| const uint64_t bit_count = m_count * 8; 102| 13.1k| auto last_bytes = m_buffer.directly_modify_last(sizeof(bit_count)); 103| 13.1k| if constexpr(MD::byte_endianness == MD_Endian::Big) { 104| 13.1k| store_be(bit_count, last_bytes.data()); 105| | } else { 106| | store_le(bit_count, last_bytes.data()); 107| | } 108| | 109| | // Compress the very last block. 110| 13.1k| MD::compress_n(m_digest, m_buffer.consume(), 1); 111| 13.1k| } _ZN5Botan18MerkleDamgard_HashINS_5SHA_1EE11copy_outputENSt3__14spanIhLm18446744073709551615EEE: 113| 13.1k| void copy_output(std::span output) { 114| 13.1k| BOTAN_ASSERT_NOMSG(output.size() >= MD::output_bytes); ------------------ | | 77| 13.1k| do { \ | | 78| 13.1k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 13.1k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 13.1k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 13.1k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 13.1k] | | ------------------ ------------------ 115| | 116| 13.1k| if constexpr(MD::byte_endianness == MD_Endian::Big) { 117| 13.1k| copy_out_be(output.first(MD::output_bytes), m_digest); 118| | } else { 119| | copy_out_le(output.first(MD::output_bytes), m_digest); 120| | } 121| 13.1k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_256EE6updateENSt3__14spanIKhLm18446744073709551615EEE: 44| 181k| void update(std::span input) { 45| 181k| BufferSlicer in(input); 46| | 47| 368k| while(!in.empty()) { ------------------ | Branch (47:16): [True: 187k, False: 181k] ------------------ 48| 187k| if(const auto one_block = m_buffer.handle_unaligned_data(in)) { ------------------ | Branch (48:27): [True: 6.18k, False: 181k] ------------------ 49| 6.18k| MD::compress_n(m_digest, one_block.value(), 1); 50| 6.18k| } 51| | 52| 187k| if(m_buffer.in_alignment()) { ------------------ | Branch (52:16): [True: 68.9k, False: 118k] ------------------ 53| 68.9k| const auto [aligned_data, full_blocks] = m_buffer.aligned_data_to_process(in); 54| 68.9k| if(full_blocks > 0) { ------------------ | Branch (54:19): [True: 62.7k, False: 6.12k] ------------------ 55| 62.7k| MD::compress_n(m_digest, aligned_data, full_blocks); 56| 62.7k| } 57| 68.9k| } 58| 187k| } 59| | 60| 181k| m_count += input.size(); 61| 181k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_256EE5finalENSt3__14spanIhLm18446744073709551615EEE: 63| 78.5k| void final(std::span output) { 64| 78.5k| append_padding_bit(); 65| 78.5k| append_counter_and_finalize(); 66| 78.5k| copy_output(output); 67| 78.5k| clear(); 68| 78.5k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_256EE18append_padding_bitEv: 77| 78.5k| void append_padding_bit() { 78| 78.5k| BOTAN_ASSERT_NOMSG(!m_buffer.ready_to_consume()); ------------------ | | 77| 78.5k| do { \ | | 78| 78.5k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 78.5k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 78.5k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 78.5k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 78.5k] | | ------------------ ------------------ 79| 78.5k| if constexpr(MD::bit_endianness == MD_Endian::Big) { 80| 78.5k| const uint8_t final_byte = 0x80; 81| 78.5k| m_buffer.append({&final_byte, 1}); 82| | } else { 83| | const uint8_t final_byte = 0x01; 84| | m_buffer.append({&final_byte, 1}); 85| | } 86| 78.5k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_256EE27append_counter_and_finalizeEv: 88| 78.5k| void append_counter_and_finalize() { 89| | // Compress the remaining data if the final data block does not provide 90| | // enough space for the counter bytes. 91| 78.5k| if(m_buffer.elements_until_alignment() < MD::ctr_bytes) { ------------------ | Branch (91:13): [True: 16.9k, False: 61.5k] ------------------ 92| 16.9k| m_buffer.fill_up_with_zeros(); 93| 16.9k| MD::compress_n(m_digest, m_buffer.consume(), 1); 94| 16.9k| } 95| | 96| | // Make sure that any remaining bytes in the very last block are zero. 97| 78.5k| BOTAN_ASSERT_NOMSG(m_buffer.elements_until_alignment() >= MD::ctr_bytes); ------------------ | | 77| 78.5k| do { \ | | 78| 78.5k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 78.5k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 78.5k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 78.5k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 78.5k] | | ------------------ ------------------ 98| 78.5k| m_buffer.fill_up_with_zeros(); 99| | 100| | // Replace a bunch of the right-most zero-padding with the counter bytes. 101| 78.5k| const uint64_t bit_count = m_count * 8; 102| 78.5k| auto last_bytes = m_buffer.directly_modify_last(sizeof(bit_count)); 103| 78.5k| if constexpr(MD::byte_endianness == MD_Endian::Big) { 104| 78.5k| store_be(bit_count, last_bytes.data()); 105| | } else { 106| | store_le(bit_count, last_bytes.data()); 107| | } 108| | 109| | // Compress the very last block. 110| 78.5k| MD::compress_n(m_digest, m_buffer.consume(), 1); 111| 78.5k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_256EE11copy_outputENSt3__14spanIhLm18446744073709551615EEE: 113| 78.5k| void copy_output(std::span output) { 114| 78.5k| BOTAN_ASSERT_NOMSG(output.size() >= MD::output_bytes); ------------------ | | 77| 78.5k| do { \ | | 78| 78.5k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 78.5k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 78.5k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 78.5k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 78.5k] | | ------------------ ------------------ 115| | 116| 78.5k| if constexpr(MD::byte_endianness == MD_Endian::Big) { 117| 78.5k| copy_out_be(output.first(MD::output_bytes), m_digest); 118| | } else { 119| | copy_out_le(output.first(MD::output_bytes), m_digest); 120| | } 121| 78.5k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_384EE6updateENSt3__14spanIKhLm18446744073709551615EEE: 44| 12.9k| void update(std::span input) { 45| 12.9k| BufferSlicer in(input); 46| | 47| 26.2k| while(!in.empty()) { ------------------ | Branch (47:16): [True: 13.2k, False: 12.9k] ------------------ 48| 13.2k| if(const auto one_block = m_buffer.handle_unaligned_data(in)) { ------------------ | Branch (48:27): [True: 16, False: 13.2k] ------------------ 49| 16| MD::compress_n(m_digest, one_block.value(), 1); 50| 16| } 51| | 52| 13.2k| if(m_buffer.in_alignment()) { ------------------ | Branch (52:16): [True: 5.71k, False: 7.55k] ------------------ 53| 5.71k| const auto [aligned_data, full_blocks] = m_buffer.aligned_data_to_process(in); 54| 5.71k| if(full_blocks > 0) { ------------------ | Branch (54:19): [True: 5.71k, False: 2] ------------------ 55| 5.71k| MD::compress_n(m_digest, aligned_data, full_blocks); 56| 5.71k| } 57| 5.71k| } 58| 13.2k| } 59| | 60| 12.9k| m_count += input.size(); 61| 12.9k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_384EE5finalENSt3__14spanIhLm18446744073709551615EEE: 63| 5.11k| void final(std::span output) { 64| 5.11k| append_padding_bit(); 65| 5.11k| append_counter_and_finalize(); 66| 5.11k| copy_output(output); 67| 5.11k| clear(); 68| 5.11k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_384EE18append_padding_bitEv: 77| 5.11k| void append_padding_bit() { 78| 5.11k| BOTAN_ASSERT_NOMSG(!m_buffer.ready_to_consume()); ------------------ | | 77| 5.11k| do { \ | | 78| 5.11k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 5.11k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 5.11k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 5.11k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 5.11k] | | ------------------ ------------------ 79| 5.11k| if constexpr(MD::bit_endianness == MD_Endian::Big) { 80| 5.11k| const uint8_t final_byte = 0x80; 81| 5.11k| m_buffer.append({&final_byte, 1}); 82| | } else { 83| | const uint8_t final_byte = 0x01; 84| | m_buffer.append({&final_byte, 1}); 85| | } 86| 5.11k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_384EE27append_counter_and_finalizeEv: 88| 5.11k| void append_counter_and_finalize() { 89| | // Compress the remaining data if the final data block does not provide 90| | // enough space for the counter bytes. 91| 5.11k| if(m_buffer.elements_until_alignment() < MD::ctr_bytes) { ------------------ | Branch (91:13): [True: 1.22k, False: 3.89k] ------------------ 92| 1.22k| m_buffer.fill_up_with_zeros(); 93| 1.22k| MD::compress_n(m_digest, m_buffer.consume(), 1); 94| 1.22k| } 95| | 96| | // Make sure that any remaining bytes in the very last block are zero. 97| 5.11k| BOTAN_ASSERT_NOMSG(m_buffer.elements_until_alignment() >= MD::ctr_bytes); ------------------ | | 77| 5.11k| do { \ | | 78| 5.11k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 5.11k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 5.11k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 5.11k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 5.11k] | | ------------------ ------------------ 98| 5.11k| m_buffer.fill_up_with_zeros(); 99| | 100| | // Replace a bunch of the right-most zero-padding with the counter bytes. 101| 5.11k| const uint64_t bit_count = m_count * 8; 102| 5.11k| auto last_bytes = m_buffer.directly_modify_last(sizeof(bit_count)); 103| 5.11k| if constexpr(MD::byte_endianness == MD_Endian::Big) { 104| 5.11k| store_be(bit_count, last_bytes.data()); 105| | } else { 106| | store_le(bit_count, last_bytes.data()); 107| | } 108| | 109| | // Compress the very last block. 110| 5.11k| MD::compress_n(m_digest, m_buffer.consume(), 1); 111| 5.11k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_384EE11copy_outputENSt3__14spanIhLm18446744073709551615EEE: 113| 5.11k| void copy_output(std::span output) { 114| 5.11k| BOTAN_ASSERT_NOMSG(output.size() >= MD::output_bytes); ------------------ | | 77| 5.11k| do { \ | | 78| 5.11k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 5.11k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 5.11k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 5.11k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 5.11k] | | ------------------ ------------------ 115| | 116| 5.11k| if constexpr(MD::byte_endianness == MD_Endian::Big) { 117| 5.11k| copy_out_be(output.first(MD::output_bytes), m_digest); 118| | } else { 119| | copy_out_le(output.first(MD::output_bytes), m_digest); 120| | } 121| 5.11k| } _ZN5Botan16as_span_of_bytesENSt3__117basic_string_viewIcNS0_11char_traitsIcEEEE: 68| 26.6k|inline std::span as_span_of_bytes(std::string_view s) { 69| 26.6k| return as_span_of_bytes(s.data(), s.size()); 70| 26.6k|} _ZN5Botan16as_span_of_bytesEPKcm: 59| 26.6k|inline std::span as_span_of_bytes(const char* s, size_t len) { 60| 26.6k| const uint8_t* b = reinterpret_cast(s); 61| 26.6k| return std::span{b, len}; 62| 26.6k|} _ZN5Botan15bytes_to_stringENSt3__14spanIKhLm18446744073709551615EEE: 76| 61.5k|inline std::string bytes_to_string(std::span bytes) { 77| 61.5k| return std::string(reinterpret_cast(bytes.data()), bytes.size()); 78| 61.5k|} _ZN5Botan14zeroize_bufferITkNSt3__117unsigned_integralEhEEvPT_m: 37| 265k|inline void zeroize_buffer(T buf[], size_t n) { 38| 265k| if(n > 0) { ------------------ | Branch (38:7): [True: 265k, False: 0] ------------------ 39| 265k| std::memset(buf, 0, sizeof(T) * n); 40| 265k| } 41| 265k|} _ZN5Botan21unchecked_copy_memoryITkNSt3__117unsigned_integralEmEEvPT_PKS2_m: 44| 150|inline void unchecked_copy_memory(T* out, const T* in, size_t n) { 45| 150| if(in != nullptr && out != nullptr && n > 0) { ------------------ | Branch (45:7): [True: 150, False: 0] | Branch (45:24): [True: 150, False: 0] | Branch (45:42): [True: 150, False: 0] ------------------ 46| 150| std::memmove(out, in, sizeof(T) * n); 47| 150| } 48| 150|} _ZN5Botan14zeroize_bufferITkNSt3__117unsigned_integralEmEEvPT_m: 37| 44.0k|inline void zeroize_buffer(T buf[], size_t n) { 38| 44.0k| if(n > 0) { ------------------ | Branch (38:7): [True: 44.0k, False: 3] ------------------ 39| 44.0k| std::memset(buf, 0, sizeof(T) * n); 40| 44.0k| } 41| 44.0k|} _ZNK5Botan12Null_Padding15valid_blocksizeEm: 172| 231| bool valid_blocksize(size_t /*block_size*/) const override { return true; } _ZN5Botan28BlockCipherModePaddingMethodD2Ev: 78| 231| virtual ~BlockCipherModePaddingMethod() = default; _ZNK5Botan17Montgomery_Params1pEv: 41| 21.8k| const BigInt& p() const { return m_data->p(); } _ZNK5Botan17Montgomery_Params2R1Ev: 43| 10.9k| const BigInt& R1() const { return m_data->r1(); } _ZNK5Botan17Montgomery_Params2R2Ev: 45| 21.8k| const BigInt& R2() const { return m_data->r2(); } _ZNK5Botan17Montgomery_Params6p_dashEv: 49| 21.8k| word p_dash() const { return m_data->p_dash(); } _ZNK5Botan17Montgomery_Params7p_wordsEv: 51| 21.8k| size_t p_words() const { return m_data->p_size(); } _ZNK5Botan17Montgomery_Params4Data1pEv: 76| 21.8k| const BigInt& p() const { return m_p; } _ZNK5Botan17Montgomery_Params4Data2r1Ev: 78| 10.9k| const BigInt& r1() const { return m_r1; } _ZNK5Botan17Montgomery_Params4Data2r2Ev: 80| 21.8k| const BigInt& r2() const { return m_r2; } _ZNK5Botan17Montgomery_Params4Data6p_dashEv: 84| 21.8k| word p_dash() const { return m_p_dash; } _ZNK5Botan17Montgomery_Params4Data6p_sizeEv: 86| 21.8k| size_t p_size() const { return m_p_words; } _ZN5Botan10word8_add3ITkNS_8WordTypeEmEET_PS1_PKS1_S4_S1_: 294| 4|inline constexpr auto word8_add3(W z[8], const W x[8], const W y[8], W carry) -> W { 295| 4|#if defined(BOTAN_MP_USE_X86_64_ASM) 296| 4| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (296:7): [True: 0, Folded] | Branch (296:36): [True: 0, Folded] ------------------ 297| 4| asm volatile(ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "adcq")) 298| 4| : [carry] "=r"(carry) 299| 4| : [x] "r"(x), [y] "r"(y), [z] "r"(z), "0"(carry) 300| 4| : "cc", "memory"); 301| 4| return carry; 302| 4| } 303| 0|#endif 304| | 305| 0| z[0] = word_add(x[0], y[0], &carry); 306| 0| z[1] = word_add(x[1], y[1], &carry); 307| 0| z[2] = word_add(x[2], y[2], &carry); 308| 0| z[3] = word_add(x[3], y[3], &carry); 309| 0| z[4] = word_add(x[4], y[4], &carry); 310| 0| z[5] = word_add(x[5], y[5], &carry); 311| 0| z[6] = word_add(x[6], y[6], &carry); 312| 0| z[7] = word_add(x[7], y[7], &carry); 313| 0| return carry; 314| 4|} _ZN5Botan8word_addITkNS_8WordTypeEmEET_S1_S1_PS1_: 231| 80.0M|inline constexpr auto word_add(W x, W y, W* carry) -> W { 232| 80.0M|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_addc) 233| 80.0M| if(!std::is_constant_evaluated()) { ------------------ | Branch (233:7): [True: 80.0M, Folded] ------------------ 234| | if constexpr(std::same_as) { 235| | return __builtin_addc(x, y, *carry & 1, carry); 236| 80.0M| } else if constexpr(std::same_as) { 237| 80.0M| return __builtin_addcl(x, y, *carry & 1, carry); 238| | } else if constexpr(std::same_as) { 239| | return __builtin_addcll(x, y, *carry & 1, carry); 240| | } 241| 80.0M| } 242| 0|#endif 243| | 244| | if constexpr(WordInfo::dword_is_native && use_dword_for_word_add) { 245| | /* 246| | TODO(Botan4) this is largely a performance hack for GCCs that don't 247| | support __builtin_addc, if we increase the minimum supported version of 248| | GCC to GCC 14 then we can remove this and not worry about it 249| | */ 250| | const W cb = *carry & 1; 251| | const auto s = typename WordInfo::dword(x) + y + cb; 252| | *carry = static_cast(s >> WordInfo::bits); 253| | return static_cast(s); 254| 80.0M| } else { 255| 80.0M| const W cb = *carry & 1; 256| 80.0M| W z = x + y; 257| 80.0M| W c1 = (z < x); 258| 80.0M| z += cb; 259| 80.0M| *carry = c1 | (z < cb); 260| 80.0M| return z; 261| 80.0M| } 262| 80.0M|} _ZN5Botan10word8_sub3ITkNS_8WordTypeEmEET_PS1_PKS1_S4_S1_: 371| 2.44k|inline constexpr auto word8_sub3(W z[8], const W x[8], const W y[8], W carry) -> W { 372| 2.44k|#if defined(BOTAN_MP_USE_X86_64_ASM) 373| 2.44k| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (373:7): [True: 0, Folded] | Branch (373:36): [True: 0, Folded] ------------------ 374| 2.44k| asm volatile(ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "sbbq")) 375| 2.44k| : [carry] "=r"(carry) 376| 2.44k| : [x] "r"(x), [y] "r"(y), [z] "r"(z), "0"(carry) 377| 2.44k| : "cc", "memory"); 378| 2.44k| return carry; 379| 2.44k| } 380| 0|#endif 381| | 382| 0| z[0] = word_sub(x[0], y[0], &carry); 383| 0| z[1] = word_sub(x[1], y[1], &carry); 384| 0| z[2] = word_sub(x[2], y[2], &carry); 385| 0| z[3] = word_sub(x[3], y[3], &carry); 386| 0| z[4] = word_sub(x[4], y[4], &carry); 387| 0| z[5] = word_sub(x[5], y[5], &carry); 388| 0| z[6] = word_sub(x[6], y[6], &carry); 389| 0| z[7] = word_sub(x[7], y[7], &carry); 390| 0| return carry; 391| 2.44k|} _ZN5Botan8word_subITkNS_8WordTypeEmEET_S1_S1_PS1_: 320| 134M|inline constexpr auto word_sub(W x, W y, W* carry) -> W { 321| 134M|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_subc) 322| 134M| if(!std::is_constant_evaluated()) { ------------------ | Branch (322:7): [True: 134M, Folded] ------------------ 323| | if constexpr(std::same_as) { 324| | return __builtin_subc(x, y, *carry & 1, carry); 325| 134M| } else if constexpr(std::same_as) { 326| 134M| return __builtin_subcl(x, y, *carry & 1, carry); 327| | } else if constexpr(std::same_as) { 328| | return __builtin_subcll(x, y, *carry & 1, carry); 329| | } 330| 134M| } 331| 0|#endif 332| | 333| 0| const W cb = *carry & 1; 334| 134M| W t0 = x - y; 335| 134M| W c1 = (t0 > x); 336| 134M| W z = t0 - cb; 337| 134M| *carry = c1 | (z > t0); 338| 134M| return z; 339| 134M|} _ZN5Botan13word8_linmul3ITkNS_8WordTypeEmEET_PS1_PKS1_S1_S1_: 397| 51|inline constexpr auto word8_linmul3(W z[8], const W x[8], W y, W carry) -> W { 398| 51|#if defined(BOTAN_MP_USE_X86_64_ASM) 399| 51| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (399:7): [True: 0, Folded] | Branch (399:36): [True: 0, Folded] ------------------ 400| 51| asm(DO_8_TIMES(LINMUL_OP, "z") 401| 51| : [carry] "=r"(carry) 402| 51| : [z] "r"(z), [x] "r"(x), [y] "rm"(y), "0"(carry) 403| 51| : "cc", "%rax", "%rdx", "memory"); 404| 51| return carry; 405| 51| } 406| 0|#endif 407| | 408| 0| z[0] = word_madd2(x[0], y, &carry); 409| 0| z[1] = word_madd2(x[1], y, &carry); 410| 0| z[2] = word_madd2(x[2], y, &carry); 411| 0| z[3] = word_madd2(x[3], y, &carry); 412| 0| z[4] = word_madd2(x[4], y, &carry); 413| 0| z[5] = word_madd2(x[5], y, &carry); 414| 0| z[6] = word_madd2(x[6], y, &carry); 415| 0| z[7] = word_madd2(x[7], y, &carry); 416| 0| return carry; 417| 51|} _ZN5Botan10word_madd2ITkNS_8WordTypeEmEET_S1_S1_PS1_: 90| 25.7k|inline constexpr auto word_madd2(W a, W b, W* c) -> W { 91| 25.7k|#if defined(BOTAN_MP_USE_X86_64_ASM) 92| 25.7k| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (92:7): [True: 0, Folded] | Branch (92:36): [True: 0, Folded] ------------------ 93| 25.7k| asm(R"( 94| 25.7k| mulq %[b] 95| 25.7k| addq %[c],%[a] 96| 25.7k| adcq $0,%[carry] 97| 25.7k| )" 98| 25.7k| : [a] "=a"(a), [b] "=rm"(b), [carry] "=&d"(*c) 99| 25.7k| : "0"(a), "1"(b), [c] "g"(*c) 100| 25.7k| : "cc"); 101| | 102| 25.7k| return a; 103| 25.7k| } 104| |#elif defined(BOTAN_MP_USE_AARCH64_ASM) 105| | if(std::same_as && !std::is_constant_evaluated()) { 106| | W lo = 0; 107| | W hi = 0; 108| | asm(R"( 109| | mul %[lo], %[a], %[b] 110| | umulh %[hi], %[a], %[b] 111| | adds %[lo], %[lo], %[c] 112| | adc %[hi], %[hi], xzr 113| | )" 114| | : [lo] "=&r"(lo), [hi] "=&r"(hi) 115| | : [a] "r"(a), [b] "r"(b), [c] "r"(*c) 116| | : "cc"); 117| | 118| | *c = hi; 119| | return lo; 120| | } 121| |#endif 122| | 123| 0| typedef typename WordInfo::dword dword; 124| 0| const dword s = dword(a) * b + *c; 125| 0| *c = static_cast(s >> WordInfo::bits); 126| 0| return static_cast(s); 127| 25.7k|} _ZN5Botan11word8_madd3ITkNS_8WordTypeEmEET_PS1_PKS1_S1_S1_: 423| 152|inline constexpr auto word8_madd3(W z[8], const W x[8], W y, W carry) -> W { 424| 152|#if defined(BOTAN_MP_USE_X86_64_ASM) 425| 152| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (425:7): [True: 0, Folded] | Branch (425:36): [True: 0, Folded] ------------------ 426| 152| asm(DO_8_TIMES(MULADD_OP, "") 427| 152| : [carry] "=r"(carry) 428| 152| : [z] "r"(z), [x] "r"(x), [y] "rm"(y), "0"(carry) 429| 152| : "cc", "%rax", "%rdx", "memory"); 430| 152| return carry; 431| 152| } 432| 0|#endif 433| | 434| 0| z[0] = word_madd3(x[0], y, z[0], &carry); 435| 0| z[1] = word_madd3(x[1], y, z[1], &carry); 436| 0| z[2] = word_madd3(x[2], y, z[2], &carry); 437| 0| z[3] = word_madd3(x[3], y, z[3], &carry); 438| 0| z[4] = word_madd3(x[4], y, z[4], &carry); 439| 0| z[5] = word_madd3(x[5], y, z[5], &carry); 440| 0| z[6] = word_madd3(x[6], y, z[6], &carry); 441| 0| z[7] = word_madd3(x[7], y, z[7], &carry); 442| 0| return carry; 443| 152|} _ZN5Botan10word_madd3ITkNS_8WordTypeEmEET_S1_S1_S1_PS1_: 133| 304|inline constexpr auto word_madd3(W a, W b, W c, W* d) -> W { 134| 304|#if defined(BOTAN_MP_USE_X86_64_ASM) 135| 304| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (135:7): [True: 0, Folded] | Branch (135:36): [True: 0, Folded] ------------------ 136| 304| asm(R"( 137| 304| mulq %[b] 138| 304| 139| 304| addq %[c],%[a] 140| 304| adcq $0,%[carry] 141| 304| 142| 304| addq %[d],%[a] 143| 304| adcq $0,%[carry] 144| 304| )" 145| 304| : [a] "=a"(a), [b] "=rm"(b), [carry] "=&d"(*d) 146| 304| : "0"(a), "1"(b), [c] "g"(c), [d] "g"(*d) 147| 304| : "cc"); 148| | 149| 304| return a; 150| 304| } 151| |#elif defined(BOTAN_MP_USE_AARCH64_ASM) 152| | if(std::same_as && !std::is_constant_evaluated()) { 153| | W lo = 0; 154| | W hi = 0; 155| | asm(R"( 156| | mul %[lo], %[a], %[b] 157| | umulh %[hi], %[a], %[b] 158| | adds %[lo], %[lo], %[c] 159| | adc %[hi], %[hi], xzr 160| | adds %[lo], %[lo], %[d] 161| | adc %[hi], %[hi], xzr 162| | )" 163| | : [lo] "=&r"(lo), [hi] "=&r"(hi) 164| | : [a] "r"(a), [b] "r"(b), [c] "r"(c), [d] "r"(*d) 165| | : "cc"); 166| | 167| | *d = hi; 168| | return lo; 169| | } 170| |#endif 171| | 172| 0| typedef typename WordInfo::dword dword; 173| 0| const dword s = dword(a) * b + c + *d; 174| 0| *d = static_cast(s >> WordInfo::bits); 175| 0| return static_cast(s); 176| 304|} _ZN5Botan10word8_add2ITkNS_8WordTypeEmEET_PS1_PKS1_S1_: 268| 1.61k|inline constexpr auto word8_add2(W x[8], const W y[8], W carry) -> W { 269| 1.61k|#if defined(BOTAN_MP_USE_X86_64_ASM) 270| 1.61k| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (270:7): [True: 0, Folded] | Branch (270:36): [True: 0, Folded] ------------------ 271| 1.61k| asm volatile(ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "adcq")) 272| 1.61k| : [carry] "=r"(carry) 273| 1.61k| : [x] "r"(x), [y] "r"(y), "0"(carry) 274| 1.61k| : "cc", "memory"); 275| 1.61k| return carry; 276| 1.61k| } 277| 0|#endif 278| | 279| 0| x[0] = word_add(x[0], y[0], &carry); 280| 0| x[1] = word_add(x[1], y[1], &carry); 281| 0| x[2] = word_add(x[2], y[2], &carry); 282| 0| x[3] = word_add(x[3], y[3], &carry); 283| 0| x[4] = word_add(x[4], y[4], &carry); 284| 0| x[5] = word_add(x[5], y[5], &carry); 285| 0| x[6] = word_add(x[6], y[6], &carry); 286| 0| x[7] = word_add(x[7], y[7], &carry); 287| 0| return carry; 288| 1.61k|} _ZN5Botan10word8_sub2ITkNS_8WordTypeEmEET_PS1_PKS1_S1_: 345| 118|inline constexpr auto word8_sub2(W x[8], const W y[8], W carry) -> W { 346| 118|#if defined(BOTAN_MP_USE_X86_64_ASM) 347| 118| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (347:7): [True: 0, Folded] | Branch (347:36): [True: 0, Folded] ------------------ 348| 118| asm volatile(ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "sbbq")) 349| 118| : [carry] "=r"(carry) 350| 118| : [x] "r"(x), [y] "r"(y), "0"(carry) 351| 118| : "cc", "memory"); 352| 118| return carry; 353| 118| } 354| 0|#endif 355| | 356| 0| x[0] = word_sub(x[0], y[0], &carry); 357| 0| x[1] = word_sub(x[1], y[1], &carry); 358| 0| x[2] = word_sub(x[2], y[2], &carry); 359| 0| x[3] = word_sub(x[3], y[3], &carry); 360| 0| x[4] = word_sub(x[4], y[4], &carry); 361| 0| x[5] = word_sub(x[5], y[5], &carry); 362| 0| x[6] = word_sub(x[6], y[6], &carry); 363| 0| x[7] = word_sub(x[7], y[7], &carry); 364| 0| return carry; 365| 118|} _ZN5Botan5word3ImEC2Ev: 458| 19.7M| constexpr word3() : m_w(0) {} _ZN5Botan5word3ImE3mulEmm: 460| 534M| inline constexpr void mul(W x, W y) { m_w += static_cast(x) * y; } _ZN5Botan5word3ImE7extractEv: 466| 207M| inline constexpr W extract() { 467| 207M| W r = static_cast(m_w); 468| 207M| m_w >>= WordInfo::bits; 469| 207M| return r; 470| 207M| } _ZN5Botan5word3ImE6mul_x2Emm: 462| 126M| inline constexpr void mul_x2(W x, W y) { m_w += static_cast(x) * y * 2; } _ZN5Botan5word3ImE3addEm: 464| 74.9M| inline constexpr void add(W x) { m_w += x; } _ZN5Botan5word3ImE10monty_stepEmm: 472| 37.4M| inline constexpr W monty_step(W p0, W p_dash) { 473| 37.4M| const W w0 = static_cast(m_w); 474| 37.4M| const W r = w0 * p_dash; 475| 37.4M| mul(r, p0); 476| 37.4M| m_w >>= WordInfo::bits; 477| 37.4M| return r; 478| 37.4M| } _ZN5Botan11bigint_add3ITkNS_8WordTypeEmEET_PS1_PKS1_mS4_m: 120| 12|inline constexpr auto bigint_add3(W z[], const W x[], size_t x_size, const W y[], size_t y_size) -> W { 121| 12| if(x_size < y_size) { ------------------ | Branch (121:7): [True: 0, False: 12] ------------------ 122| 0| return bigint_add3(z, y, y_size, x, x_size); 123| 0| } 124| | 125| 12| W carry = 0; 126| | 127| 12| const size_t blocks = y_size - (y_size % 8); 128| | 129| 16| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (129:22): [True: 4, False: 12] ------------------ 130| 4| carry = word8_add3(z + i, x + i, y + i, carry); 131| 4| } 132| | 133| 54| for(size_t i = blocks; i != y_size; ++i) { ------------------ | Branch (133:27): [True: 42, False: 12] ------------------ 134| 42| z[i] = word_add(x[i], y[i], &carry); 135| 42| } 136| | 137| 12| for(size_t i = y_size; i != x_size; ++i) { ------------------ | Branch (137:27): [True: 0, False: 12] ------------------ 138| 0| z[i] = word_add(x[i], static_cast(0), &carry); 139| 0| } 140| | 141| 12| return carry; 142| 12|} _ZN5Botan10bigint_cmpITkNS_8WordTypeEmEEiPKT_mS3_m: 439| 28.3k|inline constexpr int32_t bigint_cmp(const W x[], size_t x_size, const W y[], size_t y_size) { 440| 28.3k| static_assert(sizeof(W) >= sizeof(uint32_t), "Size assumption"); 441| | 442| 28.3k| const W LT = static_cast(-1); 443| 28.3k| const W EQ = 0; 444| 28.3k| const W GT = 1; 445| | 446| 28.3k| const size_t common_elems = std::min(x_size, y_size); 447| | 448| 28.3k| W result = EQ; // until found otherwise 449| | 450| 220k| for(size_t i = 0; i != common_elems; i++) { ------------------ | Branch (450:22): [True: 192k, False: 28.3k] ------------------ 451| 192k| const auto is_eq = CT::Mask::is_equal(x[i], y[i]); 452| 192k| const auto is_lt = CT::Mask::is_lt(x[i], y[i]); 453| | 454| 192k| result = is_eq.select(result, is_lt.select(LT, GT)); 455| 192k| } 456| | 457| 28.3k| if(x_size < y_size) { ------------------ | Branch (457:7): [True: 2, False: 28.2k] ------------------ 458| 2| W mask = 0; 459| 4| for(size_t i = x_size; i != y_size; i++) { ------------------ | Branch (459:30): [True: 2, False: 2] ------------------ 460| 2| mask |= y[i]; 461| 2| } 462| | 463| | // If any bits were set in high part of y, then x < y 464| 2| result = CT::Mask::is_zero(mask).select(result, LT); 465| 28.2k| } else if(y_size < x_size) { ------------------ | Branch (465:14): [True: 23, False: 28.2k] ------------------ 466| 23| W mask = 0; 467| 71| for(size_t i = y_size; i != x_size; i++) { ------------------ | Branch (467:30): [True: 48, False: 23] ------------------ 468| 48| mask |= x[i]; 469| 48| } 470| | 471| | // If any bits were set in high part of x, then x > y 472| 23| result = CT::Mask::is_zero(mask).select(result, GT); 473| 23| } 474| | 475| 28.3k| CT::unpoison(result); 476| 28.3k| BOTAN_DEBUG_ASSERT(result == LT || result == GT || result == EQ); ------------------ | | 130| 28.3k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 28.3k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 28.3k] | | ------------------ ------------------ 477| 28.3k| return static_cast(result); 478| 28.3k|} _ZN5Botan11bigint_sub3ITkNS_8WordTypeEmEET_PS1_PKS1_mS4_m: 192| 2.50k|inline constexpr auto bigint_sub3(W z[], const W x[], size_t x_size, const W y[], size_t y_size) -> W { 193| 2.50k| W borrow = 0; 194| | 195| 2.50k| BOTAN_ASSERT(x_size >= y_size, "Expected sizes"); ------------------ | | 64| 2.50k| do { \ | | 65| 2.50k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 2.50k| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 2.50k] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 2.50k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 2.50k] | | ------------------ ------------------ 196| | 197| 2.50k| const size_t blocks = y_size - (y_size % 8); 198| | 199| 3.64k| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (199:22): [True: 1.13k, False: 2.50k] ------------------ 200| 1.13k| borrow = word8_sub3(z + i, x + i, y + i, borrow); 201| 1.13k| } 202| | 203| 10.1k| for(size_t i = blocks; i != y_size; ++i) { ------------------ | Branch (203:27): [True: 7.67k, False: 2.50k] ------------------ 204| 7.67k| z[i] = word_sub(x[i], y[i], &borrow); 205| 7.67k| } 206| | 207| 2.64k| for(size_t i = y_size; i != x_size; ++i) { ------------------ | Branch (207:27): [True: 145, False: 2.50k] ------------------ 208| 145| z[i] = word_sub(x[i], static_cast(0), &borrow); 209| 145| } 210| | 211| 2.50k| return borrow; 212| 2.50k|} _ZN5Botan14bigint_linmul3ITkNS_8WordTypeEmEEvPT_PKS1_mS1_: 416| 84|inline constexpr void bigint_linmul3(W z[], const W x[], size_t x_size, W y) { 417| 84| const size_t blocks = x_size - (x_size % 8); 418| | 419| 84| W carry = 0; 420| | 421| 135| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (421:22): [True: 51, False: 84] ------------------ 422| 51| carry = word8_linmul3(z + i, x + i, y, carry); 423| 51| } 424| | 425| 427| for(size_t i = blocks; i != x_size; ++i) { ------------------ | Branch (425:27): [True: 343, False: 84] ------------------ 426| 343| z[i] = word_madd2(x[i], y, &carry); 427| 343| } 428| | 429| 84| z[x_size] = carry; 430| 84|} _ZN5Botan14divide_precompImEC2Em: 574| 18| explicit constexpr divide_precomp(W divisor) : m_divisor(divisor) { 575| 18| BOTAN_ARG_CHECK(m_divisor != 0, "Division by zero"); ------------------ | | 35| 18| do { \ | | 36| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 18| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 18] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18] | | ------------------ ------------------ 576| 18| } _ZNK5Botan14divide_precompImE16vartime_div_2to1Emm: 581| 129| inline constexpr W vartime_div_2to1(W n1, W n0) const { 582| 129| BOTAN_ASSERT_NOMSG(n1 < m_divisor); ------------------ | | 77| 129| do { \ | | 78| 129| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 129| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 129] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 129| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 129] | | ------------------ ------------------ 583| | 584| 129| if(m_divisor == WordInfo::max) { ------------------ | Branch (584:13): [True: 51, False: 78] ------------------ 585| 51| return vartime_div_2to1_max_d(n1, n0); 586| 51| } 587| | 588| 78| if(m_divisor == WordInfo::top_bit) { ------------------ | Branch (588:13): [True: 0, False: 78] ------------------ 589| | // Simply a shift by N-1 bits 590| 0| return (n1 << 1) | (n0 >> (WordInfo::bits - 1)); 591| 0| } 592| | 593| 78| if(!std::is_constant_evaluated()) { ------------------ | Branch (593:13): [True: 78, Folded] ------------------ 594| 78|#if defined(BOTAN_MP_USE_X86_64_ASM) 595| 78| if constexpr(std::same_as) { 596| 78| W quotient = 0; 597| 78| W remainder = 0; 598| | // NOLINTNEXTLINE(*-no-assembler) 599| 78| asm("divq %[v]" : "=a"(quotient), "=d"(remainder) : [v] "r"(m_divisor), "a"(n0), "d"(n1) : "cc"); 600| 78| return quotient; 601| 78| } 602| 0|#endif 603| | 604| 0|#if !defined(BOTAN_BUILD_COMPILER_IS_CLANGCL) 605| | 606| | /* clang-cl has a bug where on encountering a 128/64 division it emits 607| | * a call to __udivti3() but then fails to link the relevant builtin into 608| | * the binary, causing a link failure. Work around this by simply omitting 609| | * such code for clang-cl 610| | * 611| | * See https://github.com/llvm/llvm-project/issues/25679 612| | */ 613| 78| if constexpr(WordInfo::dword_is_native) { 614| 78| typename WordInfo::dword n = n1; 615| 78| n <<= WordInfo::bits; 616| 78| n |= n0; 617| 78| return static_cast(n / m_divisor); 618| 78| } 619| 78|#endif 620| 78| } 621| | 622| 0| W high = n1; 623| 78| W quotient = 0; 624| | 625| 78| for(size_t i = 0; i != WordInfo::bits; ++i) { ------------------ | Branch (625:28): [True: 0, False: 78] ------------------ 626| 0| const W high_top_bit = high >> (WordInfo::bits - 1); 627| | 628| 0| high <<= 1; 629| 0| high |= (n0 >> (WordInfo::bits - 1 - i)) & 1; 630| 0| quotient <<= 1; 631| | 632| 0| if(high_top_bit || high >= m_divisor) { ------------------ | Branch (632:16): [True: 0, False: 0] | Branch (632:32): [True: 0, False: 0] ------------------ 633| 0| high -= m_divisor; 634| 0| quotient |= 1; 635| 0| } 636| 0| } 637| | 638| 78| return quotient; 639| 78| } _ZN5Botan14divide_precompImE22vartime_div_2to1_max_dEmm: 657| 51| static inline constexpr W vartime_div_2to1_max_d(W n1, W n0) { 658| | /* 659| | Use k to refer to WordInfo::bits 660| | 661| | We are dividing n = (n1 * 2^k) + n0 by 2^k - 1 662| | 663| | Recall that 2^k = 1 (mod 2^k - 1) 664| | 665| | Rewrite n = n1*2^k + n0 as n1*(2^k - 1) + n1 + n0 666| | 667| | The result of dividing n by (2^k - 1) will be equal to 668| | (n1*(2^k-1) + n1 + n0) / (2^k-1) = 669| | n1 + ((n1 + n0) / (2^k-1) 670| | 671| | Use c to refer to ((n1 + n0) / (2^k-1)) 672| | 673| | If (n1 + n0) < (2^k - 1) then c is 0 674| | If (n1 + n0) >= (2^k - 1) then c is 1 675| | 676| | Since n1 < 2^k - 1 [*] and n0 <= 2^k - 1 it is impossible for (n1 + n0) / (2^k -1) 677| | to be greater than 1. 678| | 679| | [*] We require n1 be strictly less than the divisor to ensure that the 680| | output fits in a single word; this is checked at the start of vartime_div_2to1. 681| | */ 682| | 683| 51| const W s = n0 + n1; 684| | // did n0 + n1 overflow? or does (n0 + n1) == 2^k - 1? if either, c == 1 685| 51| if(s < n0 || s == WordInfo::max) { ------------------ | Branch (685:13): [True: 5, False: 46] | Branch (685:23): [True: 0, False: 46] ------------------ 686| 5| n1 += 1; 687| 5| } 688| | 689| 51| return n1; 690| 51| } _ZN5Botan11bigint_shl2ITkNS_8WordTypeEmEEvPT_mPKS1_mm: 355| 18|inline constexpr void bigint_shl2(W y[], size_t y_size, const W x[], size_t x_size, size_t shift) { 356| 18| const size_t word_shift = shift / WordInfo::bits; 357| 18| const size_t bit_shift = shift % WordInfo::bits; 358| | 359| 18| BOTAN_ASSERT_NOMSG(word_shift <= y_size); ------------------ | | 77| 18| do { \ | | 78| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 18| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 18] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 18| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 18] | | ------------------ ------------------ 360| 18| BOTAN_ASSERT_NOMSG(x_size < y_size - word_shift); ------------------ | | 77| 18| do { \ | | 78| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 18| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 18] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 18| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 18] | | ------------------ ------------------ 361| | 362| 18| unchecked_copy_memory(y + word_shift, x, x_size); 363| 18| zeroize_buffer(y, word_shift); 364| 18| zeroize_buffer(y + word_shift + x_size, y_size - word_shift - x_size); 365| | 366| 18| const auto carry_mask = CT::Mask::expand(bit_shift); 367| 18| const W carry_shift = carry_mask.if_set_return(WordInfo::bits - bit_shift); 368| | 369| 18| W carry = 0; 370| 147| for(size_t i = word_shift; i != x_size + word_shift + 1; ++i) { ------------------ | Branch (370:31): [True: 129, False: 18] ------------------ 371| 129| const W w = y[i]; 372| 129| y[i] = (w << bit_shift) | carry; 373| 129| carry = carry_mask.if_set_return(w >> carry_shift); 374| 129| } 375| 18|} _ZN5Botan17bigint_monty_redcEPmPKmS2_mmS0_m: 924| 21.8k| word r[], const word z[], const word p[], size_t p_size, word p_dash, word ws[], size_t ws_size) { 925| 21.8k| const size_t z_size = 2 * p_size; 926| | 927| 21.8k| BOTAN_ARG_CHECK(ws_size >= p_size, "Montgomery reduction workspace too small"); ------------------ | | 35| 21.8k| do { \ | | 36| 21.8k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 21.8k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 21.8k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 21.8k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 21.8k] | | ------------------ ------------------ 928| | 929| 21.8k| if(p_size == 4) { ------------------ | Branch (929:7): [True: 16.8k, False: 5.02k] ------------------ 930| 16.8k| bigint_monty_redc_4(r, z, p, p_dash, ws); 931| 16.8k| } else if(p_size == 6) { ------------------ | Branch (931:14): [True: 2.72k, False: 2.29k] ------------------ 932| 2.72k| bigint_monty_redc_6(r, z, p, p_dash, ws); 933| 2.72k| } else if(p_size == 8) { ------------------ | Branch (933:14): [True: 1.02k, False: 1.27k] ------------------ 934| 1.02k| bigint_monty_redc_8(r, z, p, p_dash, ws); 935| 1.27k| } else if(p_size == 12) { ------------------ | Branch (935:14): [True: 0, False: 1.27k] ------------------ 936| 0| bigint_monty_redc_12(r, z, p, p_dash, ws); 937| 1.27k| } else if(p_size == 16) { ------------------ | Branch (937:14): [True: 0, False: 1.27k] ------------------ 938| 0| bigint_monty_redc_16(r, z, p, p_dash, ws); 939| 1.27k| } else if(p_size == 24) { ------------------ | Branch (939:14): [True: 0, False: 1.27k] ------------------ 940| 0| bigint_monty_redc_24(r, z, p, p_dash, ws); 941| 1.27k| } else if(p_size == 32) { ------------------ | Branch (941:14): [True: 0, False: 1.27k] ------------------ 942| 0| bigint_monty_redc_32(r, z, p, p_dash, ws); 943| 1.27k| } else { 944| 1.27k| bigint_monty_redc_generic(r, z, z_size, p, p_size, p_dash, ws); 945| 1.27k| } 946| 21.8k|} _ZN5Botan25bigint_monty_redc_inplaceEPmPKmmmS0_m: 948| 21.8k|inline void bigint_monty_redc_inplace(word z[], const word p[], size_t p_size, word p_dash, word ws[], size_t ws_size) { 949| 21.8k| bigint_monty_redc(z, z, p, p_size, p_dash, ws, ws_size); 950| 21.8k| zeroize_buffer(z + p_size, p_size); 951| 21.8k|} _ZN5Botan15bigint_ct_is_eqITkNS_8WordTypeEmEENS_2CT4MaskIT_EEPKS3_mS6_m: 519| 12|inline constexpr auto bigint_ct_is_eq(const W x[], size_t x_size, const W y[], size_t y_size) -> CT::Mask { 520| 12| const size_t common_elems = std::min(x_size, y_size); 521| | 522| 12| W diff = 0; 523| | 524| 166| for(size_t i = 0; i != common_elems; i++) { ------------------ | Branch (524:22): [True: 154, False: 12] ------------------ 525| 154| diff |= (x[i] ^ y[i]); 526| 154| } 527| | 528| | // If any bits were set in high part of x/y, then they are not equal 529| 12| if(x_size < y_size) { ------------------ | Branch (529:7): [True: 1, False: 11] ------------------ 530| 9| for(size_t i = x_size; i != y_size; i++) { ------------------ | Branch (530:30): [True: 8, False: 1] ------------------ 531| 8| diff |= y[i]; 532| 8| } 533| 11| } else if(y_size < x_size) { ------------------ | Branch (533:14): [True: 0, False: 11] ------------------ 534| 0| for(size_t i = y_size; i != x_size; i++) { ------------------ | Branch (534:30): [True: 0, False: 0] ------------------ 535| 0| diff |= x[i]; 536| 0| } 537| 0| } 538| | 539| 12| return CT::Mask::is_zero(diff); 540| 12|} _ZN5Botan15bigint_ct_is_ltITkNS_8WordTypeEmEENS_2CT4MaskIT_EEPKS3_mS6_mb: 487| 52.1k| -> CT::Mask { 488| 52.1k| const size_t common_elems = std::min(x_size, y_size); 489| | 490| 52.1k| auto is_lt = CT::Mask::expand(lt_or_equal); 491| | 492| 317k| for(size_t i = 0; i != common_elems; i++) { ------------------ | Branch (492:22): [True: 265k, False: 52.1k] ------------------ 493| 265k| const auto eq = CT::Mask::is_equal(x[i], y[i]); 494| 265k| const auto lt = CT::Mask::is_lt(x[i], y[i]); 495| 265k| is_lt = eq.select_mask(is_lt, lt); 496| 265k| } 497| | 498| 52.1k| if(x_size < y_size) { ------------------ | Branch (498:7): [True: 0, False: 52.1k] ------------------ 499| 0| W mask = 0; 500| 0| for(size_t i = x_size; i != y_size; i++) { ------------------ | Branch (500:30): [True: 0, False: 0] ------------------ 501| 0| mask |= y[i]; 502| 0| } 503| | // If any bits were set in high part of y, then is_lt should be forced true 504| 0| is_lt |= CT::Mask::expand(mask); 505| 52.1k| } else if(y_size < x_size) { ------------------ | Branch (505:14): [True: 49, False: 52.0k] ------------------ 506| 49| W mask = 0; 507| 388| for(size_t i = y_size; i != x_size; i++) { ------------------ | Branch (507:30): [True: 339, False: 49] ------------------ 508| 339| mask |= x[i]; 509| 339| } 510| | 511| | // If any bits were set in high part of x, then is_lt should be false 512| 49| is_lt &= CT::Mask::is_zero(mask); 513| 49| } 514| | 515| 52.1k| return is_lt; 516| 52.1k|} _ZN5Botan11bigint_shl1ITkNS_8WordTypeEmEEvPT_mmm: 309| 3|inline constexpr void bigint_shl1(W x[], size_t x_size, size_t x_words, size_t shift) { 310| 3| const size_t word_shift = shift / WordInfo::bits; 311| 3| const size_t bit_shift = shift % WordInfo::bits; 312| | 313| 3| BOTAN_ASSERT_NOMSG(word_shift <= x_size); ------------------ | | 77| 3| do { \ | | 78| 3| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 3| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 3] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 3| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 3] | | ------------------ ------------------ 314| 3| BOTAN_ASSERT_NOMSG(x_words <= x_size - word_shift); ------------------ | | 77| 3| do { \ | | 78| 3| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 3| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 3] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 3| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 3] | | ------------------ ------------------ 315| | 316| 3| unchecked_copy_memory(x + word_shift, x, x_words); 317| 3| zeroize_buffer(x, word_shift); 318| | 319| 3| const auto carry_mask = CT::Mask::expand(bit_shift); 320| 3| const W carry_shift = carry_mask.if_set_return(WordInfo::bits - bit_shift); 321| | 322| 3| W carry = 0; 323| 33| for(size_t i = word_shift; i != x_size; ++i) { ------------------ | Branch (323:31): [True: 30, False: 3] ------------------ 324| 30| const W w = x[i]; 325| 30| x[i] = (w << bit_shift) | carry; 326| 30| carry = carry_mask.if_set_return(w >> carry_shift); 327| 30| } 328| 3|} _ZN5Botan14bigint_sub_absITkNS_8WordTypeEmEENS_2CT4MaskIT_EEPS3_PKS3_S7_mS5_: 279| 48|inline constexpr auto bigint_sub_abs(W z[], const W x[], const W y[], size_t N, W ws[]) -> CT::Mask { 280| | // Subtract in both direction then conditional copy out the result 281| | 282| 48| W* ws0 = ws; 283| 48| W* ws1 = ws + N; 284| | 285| 48| W borrow0 = 0; 286| 48| W borrow1 = 0; 287| | 288| 48| const size_t blocks = N - (N % 8); 289| | 290| 64| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (290:22): [True: 16, False: 48] ------------------ 291| 16| borrow0 = word8_sub3(ws0 + i, x + i, y + i, borrow0); 292| 16| borrow1 = word8_sub3(ws1 + i, y + i, x + i, borrow1); 293| 16| } 294| | 295| 264| for(size_t i = blocks; i != N; ++i) { ------------------ | Branch (295:27): [True: 216, False: 48] ------------------ 296| 216| ws0[i] = word_sub(x[i], y[i], &borrow0); 297| 216| ws1[i] = word_sub(y[i], x[i], &borrow1); 298| 216| } 299| | 300| 48| return CT::conditional_copy_mem(borrow0, z, ws1, ws0, N); 301| 48|} _ZN5Botan11bigint_add2ITkNS_8WordTypeEmEET_PS1_mPKS1_m: 94| 5.79k|inline constexpr auto bigint_add2(W x[], size_t x_size, const W y[], size_t y_size) -> W { 95| 5.79k| W carry = 0; 96| | 97| 5.79k| BOTAN_ASSERT(x_size >= y_size, "Expected sizes"); ------------------ | | 64| 5.79k| do { \ | | 65| 5.79k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 5.79k| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 5.79k] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 5.79k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 5.79k] | | ------------------ ------------------ 98| | 99| 5.79k| const size_t blocks = y_size - (y_size % 8); 100| | 101| 7.41k| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (101:22): [True: 1.61k, False: 5.79k] ------------------ 102| 1.61k| carry = word8_add2(x + i, y + i, carry); 103| 1.61k| } 104| | 105| 27.0k| for(size_t i = blocks; i != y_size; ++i) { ------------------ | Branch (105:27): [True: 21.2k, False: 5.79k] ------------------ 106| 21.2k| x[i] = word_add(x[i], y[i], &carry); 107| 21.2k| } 108| | 109| 31.5k| for(size_t i = y_size; i != x_size; ++i) { ------------------ | Branch (109:27): [True: 25.7k, False: 5.79k] ------------------ 110| 25.7k| x[i] = word_add(x[i], static_cast(0), &carry); 111| 25.7k| } 112| | 113| 5.79k| return carry; 114| 5.79k|} _ZN5Botan11bigint_sub2ITkNS_8WordTypeEmEET_PS1_mPKS1_m: 148| 149|inline constexpr auto bigint_sub2(W x[], size_t x_size, const W y[], size_t y_size) -> W { 149| 149| W borrow = 0; 150| | 151| 149| BOTAN_ASSERT(x_size >= y_size, "Expected sizes"); ------------------ | | 64| 149| do { \ | | 65| 149| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 149| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 149] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 149| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 149] | | ------------------ ------------------ 152| | 153| 149| const size_t blocks = y_size - (y_size % 8); 154| | 155| 267| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (155:22): [True: 118, False: 149] ------------------ 156| 118| borrow = word8_sub2(x + i, y + i, borrow); 157| 118| } 158| | 159| 616| for(size_t i = blocks; i != y_size; ++i) { ------------------ | Branch (159:27): [True: 467, False: 149] ------------------ 160| 467| x[i] = word_sub(x[i], y[i], &borrow); 161| 467| } 162| | 163| 166| for(size_t i = y_size; i != x_size; ++i) { ------------------ | Branch (163:27): [True: 17, False: 149] ------------------ 164| 17| x[i] = word_sub(x[i], static_cast(0), &borrow); 165| 17| } 166| | 167| 149| return borrow; 168| 149|} _ZN5Botan11bigint_shr1ITkNS_8WordTypeEmEEvPT_mm: 331| 129|inline constexpr void bigint_shr1(W x[], size_t x_size, size_t shift) { 332| 129| const size_t word_shift = shift / WordInfo::bits; 333| 129| const size_t bit_shift = shift % WordInfo::bits; 334| | 335| 129| const size_t top = x_size >= word_shift ? (x_size - word_shift) : 0; ------------------ | Branch (335:23): [True: 129, False: 0] ------------------ 336| | 337| 129| if(top > 0) { ------------------ | Branch (337:7): [True: 129, False: 0] ------------------ 338| 129| unchecked_copy_memory(x, x + word_shift, top); 339| 129| } 340| 129| zeroize_buffer(x + top, std::min(word_shift, x_size)); 341| | 342| 129| const auto carry_mask = CT::Mask::expand(bit_shift); 343| 129| const W carry_shift = carry_mask.if_set_return(WordInfo::bits - bit_shift); 344| | 345| 129| W carry = 0; 346| | 347| 2.52k| for(size_t i = 0; i != top; ++i) { ------------------ | Branch (347:22): [True: 2.39k, False: 129] ------------------ 348| 2.39k| const W w = x[top - i - 1]; 349| 2.39k| x[top - i - 1] = (w >> bit_shift) | carry; 350| 2.39k| carry = carry_mask.if_set_return(w << carry_shift); 351| 2.39k| } 352| 129|} _ZN5Botan13monty_inverseITkNS_8WordTypeEmEET_S1_: 703| 6|inline constexpr auto monty_inverse(W a) -> W { 704| 6| BOTAN_ARG_CHECK(a % 2 == 1, "Cannot compute Montgomery inverse of an even integer"); ------------------ | | 35| 6| do { \ | | 36| 6| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 6| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 6] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 6| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 6] | | ------------------ ------------------ 705| | 706| | // Newton's Method, following https://lemire.me/blog/2017/09/18/computing-the-inverse-of-odd-integers/ 707| | 708| 6| constexpr size_t iter = WordInfo::bits == 64 ? 4 : 3; ------------------ | Branch (708:28): [True: 0, Folded] ------------------ 709| | 710| | // Initial guess provides 5 bits of accuracy 711| 6| W r = (3 * a) ^ 2; 712| | 713| | // Each iteration doubles the accuracy 714| 30| for(size_t i = 0; i != iter; ++i) { ------------------ | Branch (714:22): [True: 24, False: 6] ------------------ 715| 24| r = r * (2 - r * a); 716| 24| } 717| | 718| | // Now invert in addition space 719| 6| r = (WordInfo::max - r) + 1; 720| | 721| 6| return r; 722| 6|} _ZN5Botan22bigint_monty_maybe_subITkNS_8WordTypeEmEEvmPT_S1_PKS1_S4_: 225| 1.27k|inline constexpr void bigint_monty_maybe_sub(size_t N, W z[], W x0, const W x[], const W p[]) { 226| 1.27k| W borrow = 0; 227| | 228| 1.27k| const size_t blocks = N - (N % 8); 229| | 230| 2.54k| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (230:22): [True: 1.27k, False: 1.27k] ------------------ 231| 1.27k| borrow = word8_sub3(z + i, x + i, p + i, borrow); 232| 1.27k| } 233| | 234| 2.54k| for(size_t i = blocks; i != N; ++i) { ------------------ | Branch (234:27): [True: 1.27k, False: 1.27k] ------------------ 235| 1.27k| z[i] = word_sub(x[i], p[i], &borrow); 236| 1.27k| } 237| | 238| 1.27k| borrow = (x0 - borrow) > x0; 239| | 240| 1.27k| CT::conditional_assign_mem(borrow, z, x, N); 241| 1.27k|} _ZN5Botan9comba_sqrILm4ETkNS_8WordTypeEmEEvPT0_PKS1_: 854| 2.41M|constexpr inline void comba_sqr(W z[2 * N], const W x[N]) { 855| 2.41M| if(!std::is_constant_evaluated()) { ------------------ | Branch (855:7): [True: 2.41M, Folded] ------------------ 856| 2.41M| if constexpr(std::same_as && N == 4) { 857| 2.41M| return bigint_comba_sqr4(z, x); 858| 2.41M| } 859| | if constexpr(std::same_as && N == 6) { 860| | return bigint_comba_sqr6(z, x); 861| | } 862| | if constexpr(std::same_as && N == 7) { 863| | return bigint_comba_sqr7(z, x); 864| | } 865| | if constexpr(std::same_as && N == 8) { 866| | return bigint_comba_sqr8(z, x); 867| | } 868| | if constexpr(std::same_as && N == 9) { 869| | return bigint_comba_sqr9(z, x); 870| | } 871| | if constexpr(std::same_as && N == 16) { 872| | return bigint_comba_sqr16(z, x); 873| | } 874| 2.41M| } 875| | 876| 0| word3 accum; 877| | 878| 2.41M| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (878:22): [True: 0, False: 2.41M] ------------------ 879| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (879:28): [True: 0, False: 0] ------------------ 880| 0| const size_t end = std::min(N, i + 1); 881| | 882| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (882:29): [True: 0, False: 0] ------------------ 883| 0| accum.mul(x[j], x[i - j]); 884| 0| } 885| 0| z[i] = accum.extract(); 886| 0| } 887| 2.41M|} _ZN5Botan22bigint_monty_maybe_subILm4ETkNS_8WordTypeEmEEvPT0_S1_PKS1_S4_: 254| 4.23M|inline constexpr void bigint_monty_maybe_sub(W z[N], W x0, const W x[N], const W y[N]) { 255| 4.23M| W borrow = 0; 256| | 257| 21.1M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (257:22): [True: 16.9M, False: 4.23M] ------------------ 258| 16.9M| z[i] = word_sub(x[i], y[i], &borrow); 259| 16.9M| } 260| | 261| 4.23M| borrow = (x0 - borrow) > x0; 262| | 263| 4.23M| CT::conditional_assign_mem(borrow, z, x, N); 264| 4.23M|} _ZN5Botan9comba_mulILm4ETkNS_8WordTypeEmEEvPT0_PKS1_S4_: 818| 2.17M|constexpr inline void comba_mul(W z[2 * N], const W x[N], const W y[N]) { 819| 2.17M| if(!std::is_constant_evaluated()) { ------------------ | Branch (819:7): [True: 2.17M, Folded] ------------------ 820| 2.17M| if constexpr(std::same_as && N == 4) { 821| 2.17M| return bigint_comba_mul4(z, x, y); 822| 2.17M| } 823| | if constexpr(std::same_as && N == 6) { 824| | return bigint_comba_mul6(z, x, y); 825| | } 826| | if constexpr(std::same_as && N == 7) { 827| | return bigint_comba_mul7(z, x, y); 828| | } 829| | if constexpr(std::same_as && N == 8) { 830| | return bigint_comba_mul8(z, x, y); 831| | } 832| | if constexpr(std::same_as && N == 9) { 833| | return bigint_comba_mul9(z, x, y); 834| | } 835| | if constexpr(std::same_as && N == 16) { 836| | return bigint_comba_mul16(z, x, y); 837| | } 838| 2.17M| } 839| | 840| 0| word3 accum; 841| | 842| 2.17M| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (842:22): [True: 0, False: 2.17M] ------------------ 843| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (843:28): [True: 0, False: 0] ------------------ 844| 0| const size_t end = std::min(N, i + 1); 845| | 846| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (846:29): [True: 0, False: 0] ------------------ 847| 0| accum.mul(x[j], y[i - j]); 848| 0| } 849| 0| z[i] = accum.extract(); 850| 0| } 851| 2.17M|} _ZN5Botan10shift_leftILm1ETkNS_8WordTypeEmLm4EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 835k|inline constexpr W shift_left(std::array& x) { 726| 835k| static_assert(N >= 1, "Invalid input size"); 727| 835k| static_assert(S > 0, "Zero shift not supported"); 728| 835k| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 835k| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 3.34M| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 2.50M, False: 835k] ------------------ 733| 2.50M| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 2.50M| } 735| 835k| x[0] <<= S; 736| | 737| 835k| return carry; 738| 835k|} _ZN5Botan16read_window_bitsILm4EmLm4EEEmNSt3__14spanIKT0_XT1_EEEm: 1071| 141k|constexpr size_t read_window_bits(std::span words, size_t offset) { 1072| 141k| static_assert(WindowBits >= 1 && WindowBits <= 7); 1073| | 1074| 141k| constexpr uint8_t WindowMask = static_cast(1 << WindowBits) - 1; 1075| | 1076| 141k| constexpr size_t W_bits = sizeof(W) * 8; 1077| 141k| const auto bit_shift = offset % W_bits; 1078| 141k| const auto word_offset = words.size() - 1 - (offset / W_bits); 1079| | 1080| 141k| const bool single_byte_window = bit_shift <= (W_bits - WindowBits) || word_offset == 0; ------------------ | Branch (1080:36): [True: 141k, False: 0] | Branch (1080:74): [True: 0, False: 0] ------------------ 1081| | 1082| 141k| const auto w0 = words[word_offset]; 1083| | 1084| 141k| if(single_byte_window) { ------------------ | Branch (1084:7): [True: 141k, False: 0] ------------------ 1085| 141k| return (w0 >> bit_shift) & WindowMask; 1086| 141k| } else { 1087| | // Otherwise we must join two words and extract the result 1088| 0| const auto w1 = words[word_offset - 1]; 1089| 0| const auto combined = ((w0 >> bit_shift) | (w1 << (W_bits - bit_shift))); 1090| 0| return combined & WindowMask; 1091| 0| } 1092| 141k|} _ZN5Botan11shift_rightILm1ETkNS_8WordTypeEmLm4EEET0_RNSt3__15arrayIS1_XT1_EEE: 741| 49.4k|inline constexpr W shift_right(std::array& x) { 742| 49.4k| static_assert(N >= 1, "Invalid input size"); 743| 49.4k| static_assert(S > 0, "Zero shift not supported"); 744| 49.4k| static_assert(S < WordInfo::bits, "Shift too large"); 745| | 746| 49.4k| const W carry = x[0] << (WordInfo::bits - S); 747| | 748| 197k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (748:22): [True: 148k, False: 49.4k] ------------------ 749| 148k| x[i] = (x[i] >> S) | (x[i + 1] << (WordInfo::bits - S)); 750| 148k| } 751| 49.4k| x[N - 1] >>= S; 752| | 753| 49.4k| return carry; 754| 49.4k|} _ZN5Botan16read_window_bitsILm7EhLm18446744073709551615EEEmNSt3__14spanIKT0_XT1_EEEm: 1071| 193k|constexpr size_t read_window_bits(std::span words, size_t offset) { 1072| 193k| static_assert(WindowBits >= 1 && WindowBits <= 7); 1073| | 1074| 193k| constexpr uint8_t WindowMask = static_cast(1 << WindowBits) - 1; 1075| | 1076| 193k| constexpr size_t W_bits = sizeof(W) * 8; 1077| 193k| const auto bit_shift = offset % W_bits; 1078| 193k| const auto word_offset = words.size() - 1 - (offset / W_bits); 1079| | 1080| 193k| const bool single_byte_window = bit_shift <= (W_bits - WindowBits) || word_offset == 0; ------------------ | Branch (1080:36): [True: 50.5k, False: 143k] | Branch (1080:74): [True: 0, False: 143k] ------------------ 1081| | 1082| 193k| const auto w0 = words[word_offset]; 1083| | 1084| 193k| if(single_byte_window) { ------------------ | Branch (1084:7): [True: 50.5k, False: 143k] ------------------ 1085| 50.5k| return (w0 >> bit_shift) & WindowMask; 1086| 143k| } else { 1087| | // Otherwise we must join two words and extract the result 1088| 143k| const auto w1 = words[word_offset - 1]; 1089| 143k| const auto combined = ((w0 >> bit_shift) | (w1 << (W_bits - bit_shift))); 1090| 143k| return combined & WindowMask; 1091| 143k| } 1092| 193k|} _ZN5Botan16read_window_bitsILm6EhLm18446744073709551615EEEmNSt3__14spanIKT0_XT1_EEEm: 1071| 134k|constexpr size_t read_window_bits(std::span words, size_t offset) { 1072| 134k| static_assert(WindowBits >= 1 && WindowBits <= 7); 1073| | 1074| 134k| constexpr uint8_t WindowMask = static_cast(1 << WindowBits) - 1; 1075| | 1076| 134k| constexpr size_t W_bits = sizeof(W) * 8; 1077| 134k| const auto bit_shift = offset % W_bits; 1078| 134k| const auto word_offset = words.size() - 1 - (offset / W_bits); 1079| | 1080| 134k| const bool single_byte_window = bit_shift <= (W_bits - WindowBits) || word_offset == 0; ------------------ | Branch (1080:36): [True: 50.8k, False: 83.1k] | Branch (1080:74): [True: 0, False: 83.1k] ------------------ 1081| | 1082| 134k| const auto w0 = words[word_offset]; 1083| | 1084| 134k| if(single_byte_window) { ------------------ | Branch (1084:7): [True: 50.8k, False: 83.1k] ------------------ 1085| 50.8k| return (w0 >> bit_shift) & WindowMask; 1086| 83.1k| } else { 1087| | // Otherwise we must join two words and extract the result 1088| 83.1k| const auto w1 = words[word_offset - 1]; 1089| 83.1k| const auto combined = ((w0 >> bit_shift) | (w1 << (W_bits - bit_shift))); 1090| 83.1k| return combined & WindowMask; 1091| 83.1k| } 1092| 134k|} _ZN5Botan9comba_sqrILm6ETkNS_8WordTypeEmEEvPT0_PKS1_: 854| 2.16M|constexpr inline void comba_sqr(W z[2 * N], const W x[N]) { 855| 2.16M| if(!std::is_constant_evaluated()) { ------------------ | Branch (855:7): [True: 2.16M, Folded] ------------------ 856| | if constexpr(std::same_as && N == 4) { 857| | return bigint_comba_sqr4(z, x); 858| | } 859| 2.16M| if constexpr(std::same_as && N == 6) { 860| 2.16M| return bigint_comba_sqr6(z, x); 861| 2.16M| } 862| | if constexpr(std::same_as && N == 7) { 863| | return bigint_comba_sqr7(z, x); 864| | } 865| | if constexpr(std::same_as && N == 8) { 866| | return bigint_comba_sqr8(z, x); 867| | } 868| | if constexpr(std::same_as && N == 9) { 869| | return bigint_comba_sqr9(z, x); 870| | } 871| | if constexpr(std::same_as && N == 16) { 872| | return bigint_comba_sqr16(z, x); 873| | } 874| 2.16M| } 875| | 876| 0| word3 accum; 877| | 878| 2.16M| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (878:22): [True: 0, False: 2.16M] ------------------ 879| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (879:28): [True: 0, False: 0] ------------------ 880| 0| const size_t end = std::min(N, i + 1); 881| | 882| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (882:29): [True: 0, False: 0] ------------------ 883| 0| accum.mul(x[j], x[i - j]); 884| 0| } 885| 0| z[i] = accum.extract(); 886| 0| } 887| 2.16M|} _ZN5Botan22bigint_monty_maybe_subILm6ETkNS_8WordTypeEmEEvPT0_S1_PKS1_S4_: 254| 2.79M|inline constexpr void bigint_monty_maybe_sub(W z[N], W x0, const W x[N], const W y[N]) { 255| 2.79M| W borrow = 0; 256| | 257| 19.5M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (257:22): [True: 16.7M, False: 2.79M] ------------------ 258| 16.7M| z[i] = word_sub(x[i], y[i], &borrow); 259| 16.7M| } 260| | 261| 2.79M| borrow = (x0 - borrow) > x0; 262| | 263| 2.79M| CT::conditional_assign_mem(borrow, z, x, N); 264| 2.79M|} _ZN5Botan9comba_mulILm6ETkNS_8WordTypeEmEEvPT0_PKS1_S4_: 818| 1.89M|constexpr inline void comba_mul(W z[2 * N], const W x[N], const W y[N]) { 819| 1.89M| if(!std::is_constant_evaluated()) { ------------------ | Branch (819:7): [True: 1.89M, Folded] ------------------ 820| | if constexpr(std::same_as && N == 4) { 821| | return bigint_comba_mul4(z, x, y); 822| | } 823| 1.89M| if constexpr(std::same_as && N == 6) { 824| 1.89M| return bigint_comba_mul6(z, x, y); 825| 1.89M| } 826| | if constexpr(std::same_as && N == 7) { 827| | return bigint_comba_mul7(z, x, y); 828| | } 829| | if constexpr(std::same_as && N == 8) { 830| | return bigint_comba_mul8(z, x, y); 831| | } 832| | if constexpr(std::same_as && N == 9) { 833| | return bigint_comba_mul9(z, x, y); 834| | } 835| | if constexpr(std::same_as && N == 16) { 836| | return bigint_comba_mul16(z, x, y); 837| | } 838| 1.89M| } 839| | 840| 0| word3 accum; 841| | 842| 1.89M| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (842:22): [True: 0, False: 1.89M] ------------------ 843| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (843:28): [True: 0, False: 0] ------------------ 844| 0| const size_t end = std::min(N, i + 1); 845| | 846| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (846:29): [True: 0, False: 0] ------------------ 847| 0| accum.mul(x[j], y[i - j]); 848| 0| } 849| 0| z[i] = accum.extract(); 850| 0| } 851| 1.89M|} _ZN5Botan10shift_leftILm1ETkNS_8WordTypeEmLm6EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 686k|inline constexpr W shift_left(std::array& x) { 726| 686k| static_assert(N >= 1, "Invalid input size"); 727| 686k| static_assert(S > 0, "Zero shift not supported"); 728| 686k| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 686k| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 4.11M| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 3.43M, False: 686k] ------------------ 733| 3.43M| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 3.43M| } 735| 686k| x[0] <<= S; 736| | 737| 686k| return carry; 738| 686k|} _ZN5Botan16read_window_bitsILm5EmLm6EEEmNSt3__14spanIKT0_XT1_EEEm: 1071| 76.2k|constexpr size_t read_window_bits(std::span words, size_t offset) { 1072| 76.2k| static_assert(WindowBits >= 1 && WindowBits <= 7); 1073| | 1074| 76.2k| constexpr uint8_t WindowMask = static_cast(1 << WindowBits) - 1; 1075| | 1076| 76.2k| constexpr size_t W_bits = sizeof(W) * 8; 1077| 76.2k| const auto bit_shift = offset % W_bits; 1078| 76.2k| const auto word_offset = words.size() - 1 - (offset / W_bits); 1079| | 1080| 76.2k| const bool single_byte_window = bit_shift <= (W_bits - WindowBits) || word_offset == 0; ------------------ | Branch (1080:36): [True: 71.2k, False: 4.95k] | Branch (1080:74): [True: 990, False: 3.96k] ------------------ 1081| | 1082| 76.2k| const auto w0 = words[word_offset]; 1083| | 1084| 76.2k| if(single_byte_window) { ------------------ | Branch (1084:7): [True: 72.2k, False: 3.96k] ------------------ 1085| 72.2k| return (w0 >> bit_shift) & WindowMask; 1086| 72.2k| } else { 1087| | // Otherwise we must join two words and extract the result 1088| 3.96k| const auto w1 = words[word_offset - 1]; 1089| 3.96k| const auto combined = ((w0 >> bit_shift) | (w1 << (W_bits - bit_shift))); 1090| 3.96k| return combined & WindowMask; 1091| 3.96k| } 1092| 76.2k|} _ZN5Botan11shift_rightILm1ETkNS_8WordTypeEmLm6EEET0_RNSt3__15arrayIS1_XT1_EEE: 741| 42.0k|inline constexpr W shift_right(std::array& x) { 742| 42.0k| static_assert(N >= 1, "Invalid input size"); 743| 42.0k| static_assert(S > 0, "Zero shift not supported"); 744| 42.0k| static_assert(S < WordInfo::bits, "Shift too large"); 745| | 746| 42.0k| const W carry = x[0] << (WordInfo::bits - S); 747| | 748| 252k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (748:22): [True: 210k, False: 42.0k] ------------------ 749| 210k| x[i] = (x[i] >> S) | (x[i + 1] << (WordInfo::bits - S)); 750| 210k| } 751| 42.0k| x[N - 1] >>= S; 752| | 753| 42.0k| return carry; 754| 42.0k|} _ZN5Botan9comba_sqrILm8ETkNS_8WordTypeEmEEvPT0_PKS1_: 854| 1.02M|constexpr inline void comba_sqr(W z[2 * N], const W x[N]) { 855| 1.02M| if(!std::is_constant_evaluated()) { ------------------ | Branch (855:7): [True: 1.02M, Folded] ------------------ 856| | if constexpr(std::same_as && N == 4) { 857| | return bigint_comba_sqr4(z, x); 858| | } 859| | if constexpr(std::same_as && N == 6) { 860| | return bigint_comba_sqr6(z, x); 861| | } 862| | if constexpr(std::same_as && N == 7) { 863| | return bigint_comba_sqr7(z, x); 864| | } 865| 1.02M| if constexpr(std::same_as && N == 8) { 866| 1.02M| return bigint_comba_sqr8(z, x); 867| 1.02M| } 868| | if constexpr(std::same_as && N == 9) { 869| | return bigint_comba_sqr9(z, x); 870| | } 871| | if constexpr(std::same_as && N == 16) { 872| | return bigint_comba_sqr16(z, x); 873| | } 874| 1.02M| } 875| | 876| 0| word3 accum; 877| | 878| 1.02M| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (878:22): [True: 0, False: 1.02M] ------------------ 879| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (879:28): [True: 0, False: 0] ------------------ 880| 0| const size_t end = std::min(N, i + 1); 881| | 882| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (882:29): [True: 0, False: 0] ------------------ 883| 0| accum.mul(x[j], x[i - j]); 884| 0| } 885| 0| z[i] = accum.extract(); 886| 0| } 887| 1.02M|} _ZN5Botan22bigint_monty_maybe_subILm8ETkNS_8WordTypeEmEEvPT0_S1_PKS1_S4_: 254| 2.49M|inline constexpr void bigint_monty_maybe_sub(W z[N], W x0, const W x[N], const W y[N]) { 255| 2.49M| W borrow = 0; 256| | 257| 22.4M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (257:22): [True: 19.9M, False: 2.49M] ------------------ 258| 19.9M| z[i] = word_sub(x[i], y[i], &borrow); 259| 19.9M| } 260| | 261| 2.49M| borrow = (x0 - borrow) > x0; 262| | 263| 2.49M| CT::conditional_assign_mem(borrow, z, x, N); 264| 2.49M|} _ZN5Botan9comba_mulILm8ETkNS_8WordTypeEmEEvPT0_PKS1_S4_: 818| 941k|constexpr inline void comba_mul(W z[2 * N], const W x[N], const W y[N]) { 819| 941k| if(!std::is_constant_evaluated()) { ------------------ | Branch (819:7): [True: 941k, Folded] ------------------ 820| | if constexpr(std::same_as && N == 4) { 821| | return bigint_comba_mul4(z, x, y); 822| | } 823| | if constexpr(std::same_as && N == 6) { 824| | return bigint_comba_mul6(z, x, y); 825| | } 826| | if constexpr(std::same_as && N == 7) { 827| | return bigint_comba_mul7(z, x, y); 828| | } 829| 941k| if constexpr(std::same_as && N == 8) { 830| 941k| return bigint_comba_mul8(z, x, y); 831| 941k| } 832| | if constexpr(std::same_as && N == 9) { 833| | return bigint_comba_mul9(z, x, y); 834| | } 835| | if constexpr(std::same_as && N == 16) { 836| | return bigint_comba_mul16(z, x, y); 837| | } 838| 941k| } 839| | 840| 0| word3 accum; 841| | 842| 941k| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (842:22): [True: 0, False: 941k] ------------------ 843| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (843:28): [True: 0, False: 0] ------------------ 844| 0| const size_t end = std::min(N, i + 1); 845| | 846| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (846:29): [True: 0, False: 0] ------------------ 847| 0| accum.mul(x[j], y[i - j]); 848| 0| } 849| 0| z[i] = accum.extract(); 850| 0| } 851| 941k|} _ZN5Botan10shift_leftILm1ETkNS_8WordTypeEmLm8EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 298k|inline constexpr W shift_left(std::array& x) { 726| 298k| static_assert(N >= 1, "Invalid input size"); 727| 298k| static_assert(S > 0, "Zero shift not supported"); 728| 298k| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 298k| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 2.39M| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 2.09M, False: 298k] ------------------ 733| 2.09M| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 2.09M| } 735| 298k| x[0] <<= S; 736| | 737| 298k| return carry; 738| 298k|} _ZN5Botan16read_window_bitsILm5EmLm8EEEmNSt3__14spanIKT0_XT1_EEEm: 1071| 88.4k|constexpr size_t read_window_bits(std::span words, size_t offset) { 1072| 88.4k| static_assert(WindowBits >= 1 && WindowBits <= 7); 1073| | 1074| 88.4k| constexpr uint8_t WindowMask = static_cast(1 << WindowBits) - 1; 1075| | 1076| 88.4k| constexpr size_t W_bits = sizeof(W) * 8; 1077| 88.4k| const auto bit_shift = offset % W_bits; 1078| 88.4k| const auto word_offset = words.size() - 1 - (offset / W_bits); 1079| | 1080| 88.4k| const bool single_byte_window = bit_shift <= (W_bits - WindowBits) || word_offset == 0; ------------------ | Branch (1080:36): [True: 82.4k, False: 6.01k] | Branch (1080:74): [True: 859, False: 5.15k] ------------------ 1081| | 1082| 88.4k| const auto w0 = words[word_offset]; 1083| | 1084| 88.4k| if(single_byte_window) { ------------------ | Branch (1084:7): [True: 83.3k, False: 5.15k] ------------------ 1085| 83.3k| return (w0 >> bit_shift) & WindowMask; 1086| 83.3k| } else { 1087| | // Otherwise we must join two words and extract the result 1088| 5.15k| const auto w1 = words[word_offset - 1]; 1089| 5.15k| const auto combined = ((w0 >> bit_shift) | (w1 << (W_bits - bit_shift))); 1090| 5.15k| return combined & WindowMask; 1091| 5.15k| } 1092| 88.4k|} _ZN5Botan11shift_rightILm1ETkNS_8WordTypeEmLm8EEET0_RNSt3__15arrayIS1_XT1_EEE: 741| 18.6k|inline constexpr W shift_right(std::array& x) { 742| 18.6k| static_assert(N >= 1, "Invalid input size"); 743| 18.6k| static_assert(S > 0, "Zero shift not supported"); 744| 18.6k| static_assert(S < WordInfo::bits, "Shift too large"); 745| | 746| 18.6k| const W carry = x[0] << (WordInfo::bits - S); 747| | 748| 149k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (748:22): [True: 130k, False: 18.6k] ------------------ 749| 130k| x[i] = (x[i] >> S) | (x[i + 1] << (WordInfo::bits - S)); 750| 130k| } 751| 18.6k| x[N - 1] >>= S; 752| | 753| 18.6k| return carry; 754| 18.6k|} _ZN5Botan10shift_leftILm1ETkNS_8WordTypeEmLm9EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 464k|inline constexpr W shift_left(std::array& x) { 726| 464k| static_assert(N >= 1, "Invalid input size"); 727| 464k| static_assert(S > 0, "Zero shift not supported"); 728| 464k| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 464k| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 4.17M| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 3.71M, False: 464k] ------------------ 733| 3.71M| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 3.71M| } 735| 464k| x[0] <<= S; 736| | 737| 464k| return carry; 738| 464k|} _ZN5Botan22bigint_monty_maybe_subILm9ETkNS_8WordTypeEmEEvPT0_S1_PKS1_S4_: 254| 680k|inline constexpr void bigint_monty_maybe_sub(W z[N], W x0, const W x[N], const W y[N]) { 255| 680k| W borrow = 0; 256| | 257| 6.80M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (257:22): [True: 6.12M, False: 680k] ------------------ 258| 6.12M| z[i] = word_sub(x[i], y[i], &borrow); 259| 6.12M| } 260| | 261| 680k| borrow = (x0 - borrow) > x0; 262| | 263| 680k| CT::conditional_assign_mem(borrow, z, x, N); 264| 680k|} _ZN5Botan11shift_rightILm1ETkNS_8WordTypeEmLm9EEET0_RNSt3__15arrayIS1_XT1_EEE: 741| 28.7k|inline constexpr W shift_right(std::array& x) { 742| 28.7k| static_assert(N >= 1, "Invalid input size"); 743| 28.7k| static_assert(S > 0, "Zero shift not supported"); 744| 28.7k| static_assert(S < WordInfo::bits, "Shift too large"); 745| | 746| 28.7k| const W carry = x[0] << (WordInfo::bits - S); 747| | 748| 258k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (748:22): [True: 229k, False: 28.7k] ------------------ 749| 229k| x[i] = (x[i] >> S) | (x[i + 1] << (WordInfo::bits - S)); 750| 229k| } 751| 28.7k| x[N - 1] >>= S; 752| | 753| 28.7k| return carry; 754| 28.7k|} _ZN5Botan9comba_sqrILm9ETkNS_8WordTypeEmEEvPT0_PKS1_: 854| 1.41M|constexpr inline void comba_sqr(W z[2 * N], const W x[N]) { 855| 1.41M| if(!std::is_constant_evaluated()) { ------------------ | Branch (855:7): [True: 1.41M, Folded] ------------------ 856| | if constexpr(std::same_as && N == 4) { 857| | return bigint_comba_sqr4(z, x); 858| | } 859| | if constexpr(std::same_as && N == 6) { 860| | return bigint_comba_sqr6(z, x); 861| | } 862| | if constexpr(std::same_as && N == 7) { 863| | return bigint_comba_sqr7(z, x); 864| | } 865| | if constexpr(std::same_as && N == 8) { 866| | return bigint_comba_sqr8(z, x); 867| | } 868| 1.41M| if constexpr(std::same_as && N == 9) { 869| 1.41M| return bigint_comba_sqr9(z, x); 870| 1.41M| } 871| | if constexpr(std::same_as && N == 16) { 872| | return bigint_comba_sqr16(z, x); 873| | } 874| 1.41M| } 875| | 876| 0| word3 accum; 877| | 878| 1.41M| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (878:22): [True: 0, False: 1.41M] ------------------ 879| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (879:28): [True: 0, False: 0] ------------------ 880| 0| const size_t end = std::min(N, i + 1); 881| | 882| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (882:29): [True: 0, False: 0] ------------------ 883| 0| accum.mul(x[j], x[i - j]); 884| 0| } 885| 0| z[i] = accum.extract(); 886| 0| } 887| 1.41M|} _ZN5Botan9comba_mulILm9ETkNS_8WordTypeEmEEvPT0_PKS1_S4_: 818| 1.15M|constexpr inline void comba_mul(W z[2 * N], const W x[N], const W y[N]) { 819| 1.15M| if(!std::is_constant_evaluated()) { ------------------ | Branch (819:7): [True: 1.15M, Folded] ------------------ 820| | if constexpr(std::same_as && N == 4) { 821| | return bigint_comba_mul4(z, x, y); 822| | } 823| | if constexpr(std::same_as && N == 6) { 824| | return bigint_comba_mul6(z, x, y); 825| | } 826| | if constexpr(std::same_as && N == 7) { 827| | return bigint_comba_mul7(z, x, y); 828| | } 829| | if constexpr(std::same_as && N == 8) { 830| | return bigint_comba_mul8(z, x, y); 831| | } 832| 1.15M| if constexpr(std::same_as && N == 9) { 833| 1.15M| return bigint_comba_mul9(z, x, y); 834| 1.15M| } 835| | if constexpr(std::same_as && N == 16) { 836| | return bigint_comba_mul16(z, x, y); 837| | } 838| 1.15M| } 839| | 840| 0| word3 accum; 841| | 842| 1.15M| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (842:22): [True: 0, False: 1.15M] ------------------ 843| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (843:28): [True: 0, False: 0] ------------------ 844| 0| const size_t end = std::min(N, i + 1); 845| | 846| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (846:29): [True: 0, False: 0] ------------------ 847| 0| accum.mul(x[j], y[i - j]); 848| 0| } 849| 0| z[i] = accum.extract(); 850| 0| } 851| 1.15M|} _ZN5Botan10shift_leftILm16ETkNS_8WordTypeEmLm9EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 3.76k|inline constexpr W shift_left(std::array& x) { 726| 3.76k| static_assert(N >= 1, "Invalid input size"); 727| 3.76k| static_assert(S > 0, "Zero shift not supported"); 728| 3.76k| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 3.76k| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 33.9k| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 30.1k, False: 3.76k] ------------------ 733| 30.1k| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 30.1k| } 735| 3.76k| x[0] <<= S; 736| | 737| 3.76k| return carry; 738| 3.76k|} _ZN5Botan9comba_mulILm7ETkNS_8WordTypeEmEEvPT0_PKS1_S4_: 818| 18.0k|constexpr inline void comba_mul(W z[2 * N], const W x[N], const W y[N]) { 819| 18.0k| if(!std::is_constant_evaluated()) { ------------------ | Branch (819:7): [True: 18.0k, Folded] ------------------ 820| | if constexpr(std::same_as && N == 4) { 821| | return bigint_comba_mul4(z, x, y); 822| | } 823| | if constexpr(std::same_as && N == 6) { 824| | return bigint_comba_mul6(z, x, y); 825| | } 826| 18.0k| if constexpr(std::same_as && N == 7) { 827| 18.0k| return bigint_comba_mul7(z, x, y); 828| 18.0k| } 829| | if constexpr(std::same_as && N == 8) { 830| | return bigint_comba_mul8(z, x, y); 831| | } 832| | if constexpr(std::same_as && N == 9) { 833| | return bigint_comba_mul9(z, x, y); 834| | } 835| | if constexpr(std::same_as && N == 16) { 836| | return bigint_comba_mul16(z, x, y); 837| | } 838| 18.0k| } 839| | 840| 0| word3 accum; 841| | 842| 18.0k| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (842:22): [True: 0, False: 18.0k] ------------------ 843| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (843:28): [True: 0, False: 0] ------------------ 844| 0| const size_t end = std::min(N, i + 1); 845| | 846| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (846:29): [True: 0, False: 0] ------------------ 847| 0| accum.mul(x[j], y[i - j]); 848| 0| } 849| 0| z[i] = accum.extract(); 850| 0| } 851| 18.0k|} _ZN5Botan9comba_sqrILm7ETkNS_8WordTypeEmEEvPT0_PKS1_: 854| 17.9k|constexpr inline void comba_sqr(W z[2 * N], const W x[N]) { 855| 17.9k| if(!std::is_constant_evaluated()) { ------------------ | Branch (855:7): [True: 17.9k, Folded] ------------------ 856| | if constexpr(std::same_as && N == 4) { 857| | return bigint_comba_sqr4(z, x); 858| | } 859| | if constexpr(std::same_as && N == 6) { 860| | return bigint_comba_sqr6(z, x); 861| | } 862| 17.9k| if constexpr(std::same_as && N == 7) { 863| 17.9k| return bigint_comba_sqr7(z, x); 864| 17.9k| } 865| | if constexpr(std::same_as && N == 8) { 866| | return bigint_comba_sqr8(z, x); 867| | } 868| | if constexpr(std::same_as && N == 9) { 869| | return bigint_comba_sqr9(z, x); 870| | } 871| | if constexpr(std::same_as && N == 16) { 872| | return bigint_comba_sqr16(z, x); 873| | } 874| 17.9k| } 875| | 876| 0| word3 accum; 877| | 878| 17.9k| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (878:22): [True: 0, False: 17.9k] ------------------ 879| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (879:28): [True: 0, False: 0] ------------------ 880| 0| const size_t end = std::min(N, i + 1); 881| | 882| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (882:29): [True: 0, False: 0] ------------------ 883| 0| accum.mul(x[j], x[i - j]); 884| 0| } 885| 0| z[i] = accum.extract(); 886| 0| } 887| 17.9k|} _ZN5Botan14OCB_EncryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEm: 102| 29| OCB_Mode(std::move(cipher), tag_size) {} _ZN5Botan14OCB_DecryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEm: 121| 51| OCB_Mode(std::move(cipher), tag_size) {} _ZNK5Botan8OCB_Mode8tag_sizeEv: 47| 422| size_t tag_size() const final { return m_tag_size; } _ZNK5Botan8OCB_Mode10block_sizeEv: 64| 443| size_t block_size() const { return m_block_size; } _ZNK5Botan8OCB_Mode10par_blocksEv: 66| 198| size_t par_blocks() const { return m_par_blocks; } _ZNK5Botan14OCB_Encryption13output_lengthEm: 104| 54| size_t output_length(size_t input_length) const override { return input_length + tag_size(); } _ZNK5Botan14OCB_Decryption13output_lengthEm: 123| 37| size_t output_length(size_t input_length) const override { 124| 37| BOTAN_ASSERT(input_length >= tag_size(), "Sufficient input"); ------------------ | | 64| 37| do { \ | | 65| 37| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 37| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 37] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 37| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 37] | | ------------------ ------------------ 125| 37| return input_length - tag_size(); 126| 37| } _ZNK5Botan14OCB_Decryption18minimum_final_sizeEv: 128| 38| size_t minimum_final_size() const override { return tag_size(); } _ZN5Botan6PCurve15PrimeOrderCurve6ScalarD2Ev: 72| 50.4k| ~Scalar() = default; _ZN5Botan6PCurve15PrimeOrderCurve11AffinePointD2Ev: 100| 54.4k| ~AffinePoint() = default; _ZN5Botan6PCurve15PrimeOrderCurve15ProjectivePointD2Ev: 134| 2.77k| ~ProjectivePoint() = default; _ZN5Botan6PCurve15PrimeOrderCurve6ScalarC2EOS2_: 69| 26.6k| Scalar(Scalar&& other) = default; _ZN5Botan6PCurve15PrimeOrderCurve6ScalarC2ERKS2_: 68| 14.6k| Scalar(const Scalar& other) = default; _ZN5Botan6PCurve15PrimeOrderCurve11AffinePointC2EOS2_: 97| 38.4k| AffinePoint(AffinePoint&& other) = default; _ZN5Botan6PCurve15PrimeOrderCurve11AffinePointC2ERKS2_: 96| 3.39k| AffinePoint(const AffinePoint& other) = default; _ZNK5Botan6PCurve15PrimeOrderCurve6Scalar6_curveEv: 76| 22.9k| const auto& _curve() const { return m_curve; } _ZNK5Botan6PCurve15PrimeOrderCurve6Scalar6_valueEv: 78| 22.9k| const auto& _value() const { return m_value; } _ZN5Botan6PCurve15PrimeOrderCurve6Scalar7_createENSt3__110shared_ptrIKS1_EENS3_5arrayImLm9EEE: 80| 9.22k| static Scalar _create(CurvePtr curve, StorageUnit v) { return Scalar(std::move(curve), v); } _ZN5Botan6PCurve15PrimeOrderCurve6ScalarC2ENSt3__110shared_ptrIKS1_EENS3_5arrayImLm9EEE: 83| 9.22k| Scalar(CurvePtr curve, StorageUnit v) : m_curve(std::move(curve)), m_value(v) {} _ZNK5Botan6PCurve15PrimeOrderCurve11AffinePoint6_curveEv: 104| 33.7k| const auto& _curve() const { return m_curve; } _ZNK5Botan6PCurve15PrimeOrderCurve11AffinePoint2_xEv: 106| 33.7k| const auto& _x() const { return m_x; } _ZNK5Botan6PCurve15PrimeOrderCurve11AffinePoint2_yEv: 108| 33.7k| const auto& _y() const { return m_y; } _ZN5Botan6PCurve15PrimeOrderCurve11AffinePoint7_createENSt3__110shared_ptrIKS1_EENS3_5arrayImLm9EEES8_: 110| 12.6k| static AffinePoint _create(CurvePtr curve, StorageUnit x, StorageUnit y) { 111| 12.6k| return AffinePoint(std::move(curve), x, y); 112| 12.6k| } _ZN5Botan6PCurve15PrimeOrderCurve11AffinePointC2ENSt3__110shared_ptrIKS1_EENS3_5arrayImLm9EEES8_: 115| 12.6k| AffinePoint(CurvePtr curve, StorageUnit x, StorageUnit y) : m_curve(std::move(curve)), m_x(x), m_y(y) {} _ZNK5Botan6PCurve15PrimeOrderCurve15ProjectivePoint6_curveEv: 136| 2.77k| const auto& _curve() const { return m_curve; } _ZNK5Botan6PCurve15PrimeOrderCurve15ProjectivePoint2_xEv: 138| 2.77k| const auto& _x() const { return m_x; } _ZNK5Botan6PCurve15PrimeOrderCurve15ProjectivePoint2_yEv: 140| 2.77k| const auto& _y() const { return m_y; } _ZNK5Botan6PCurve15PrimeOrderCurve15ProjectivePoint2_zEv: 142| 2.77k| const auto& _z() const { return m_z; } _ZN5Botan6PCurve15PrimeOrderCurve15ProjectivePoint7_createENSt3__110shared_ptrIKS1_EENS3_5arrayImLm9EEES8_S8_: 144| 2.77k| static ProjectivePoint _create(CurvePtr curve, StorageUnit x, StorageUnit y, StorageUnit z) { 145| 2.77k| return ProjectivePoint(std::move(curve), x, y, z); 146| 2.77k| } _ZN5Botan6PCurve15PrimeOrderCurve15ProjectivePointC2ENSt3__110shared_ptrIKS1_EENS3_5arrayImLm9EEES8_S8_: 150| 2.77k| m_curve(std::move(curve)), m_x(x), m_y(y), m_z(z) {} _ZN5Botan6PCurve15PrimeOrderCurveD2Ev: 163| 6| virtual ~PrimeOrderCurve() = default; pcurves_brainpool256r1.cpp:_ZN5Botan11dbl_genericINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_RKT0_: 397| 4.94k|inline constexpr ProjectivePoint dbl_generic(const ProjectivePoint& pt, const FieldElement& A) { 398| | // Cost: 1M + 3S + 1A + 1*3 399| 4.94k| const auto z2 = pt.z().square(); 400| 4.94k| const auto m = pt.x().square().mul3() + A * z2.square(); 401| | 402| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 403| 4.94k| const auto y2 = pt.y().square(); 404| 4.94k| const auto s = pt.x().mul4() * y2; 405| 4.94k| const auto nx = m.square() - s.mul2(); 406| 4.94k| const auto ny = m * (s - nx) - y2.square().mul8(); 407| 4.94k| const auto nz = pt.y().mul2() * pt.z(); 408| | 409| 4.94k| return ProjectivePoint(nx, ny, nz); 410| 4.94k|} pcurves_brainpool256r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 735|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 735| const auto a_is_identity = a.is_identity(); 189| 735| const auto b_is_identity = b.is_identity(); 190| | 191| 735| const auto Z1Z1 = a.z().square(); 192| 735| const auto Z2Z2 = b.z().square(); 193| 735| const auto U1 = a.x() * Z2Z2; 194| 735| const auto U2 = b.x() * Z1Z1; 195| 735| const auto S1 = a.y() * b.z() * Z2Z2; 196| 735| const auto S2 = b.y() * a.z() * Z1Z1; 197| 735| const auto H = U2 - U1; 198| 735| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 735| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 735] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 735| const auto HH = H.square(); 215| 735| const auto HHH = H * HH; 216| 735| const auto V = U1 * HH; 217| 735| const auto t2 = r.square(); 218| 735| const auto t3 = V + V; 219| 735| const auto t4 = t2 - HHH; 220| 735| auto X3 = t4 - t3; 221| 735| const auto t5 = V - X3; 222| 735| const auto t6 = S1 * HHH; 223| 735| const auto t7 = r * t5; 224| 735| auto Y3 = t7 - t6; 225| 735| const auto t8 = b.z() * H; 226| 735| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 735| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 735| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 735| return ProjectivePoint(X3, Y3, Z3); 235| 735|} pcurves_brainpool256r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 1.56k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 1.56k, False: 1] ------------------ 117| 1.56k| any_identity = any_identity || pt.is_identity(); 118| 1.56k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 1.56k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 1.56k, False: 1] ------------------ 146| 1.56k| c.push_back(c[i - 1] * projective[i].z()); 147| 1.56k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 1.56k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 1.56k, False: 1] ------------------ 158| 1.56k| const auto& p = projective[i]; 159| | 160| 1.56k| const auto z_inv = s_inv * c[i - 1]; 161| 1.56k| const auto z2_inv = z_inv.square(); 162| 1.56k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 1.56k| s_inv = s_inv * p.z(); 165| | 166| 1.56k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 1.56k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_brainpool256r1.cpp:_ZN5Botan9to_affineINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveEEEDaRKNT_15ProjectivePointE: 76| 662|inline constexpr auto to_affine(const typename C::ProjectivePoint& pt) { 77| | // Not strictly required right? - default should work as long 78| | // as (0,0) is identity and invert returns 0 on 0 79| | 80| | if constexpr(curve_supports_fe_invert2) { 81| | const auto z2_inv = C::fe_invert2(pt.z()); 82| | const auto z3_inv = z2_inv.square() * pt.z(); 83| | return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 84| 662| } else { 85| 662| const auto z_inv = invert_field_element(pt.z()); 86| 662| const auto z2_inv = z_inv.square(); 87| 662| const auto z3_inv = z_inv * z2_inv; 88| 662| return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 89| 662| } 90| 662|} pcurves_brainpool256r1.cpp:_ZN5Botan20invert_field_elementINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveEEEDaRKNT_12FieldElementE: 35| 1.69k|inline constexpr auto invert_field_element(const typename C::FieldElement& fe) { 36| | if constexpr(curve_supports_fe_invert2) { 37| | return C::fe_invert2(fe) * fe; 38| 1.69k| } else { 39| 1.69k| return fe.invert(); 40| 1.69k| } 41| 1.69k|} pcurves_brainpool256r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_brainpool256r1.cpp:_ZN5Botan22point_add_or_sub_mixedINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_NS_2CT6ChoiceERKT1_: 296| 61.0k| const FieldElement& one) { 297| 61.0k| const auto a_is_identity = a.is_identity(); 298| 61.0k| const auto b_is_identity = b.is_identity(); 299| | 300| | /* 301| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 302| | 303| | Cost: 8M + 3S + 6add + 1*2 304| | */ 305| | 306| 61.0k| auto by = b.y(); 307| 61.0k| by.conditional_assign(sub, by.negate()); 308| | 309| 61.0k| const auto Z1Z1 = a.z().square(); 310| 61.0k| const auto U2 = b.x() * Z1Z1; 311| 61.0k| const auto S2 = by * a.z() * Z1Z1; 312| 61.0k| const auto H = U2 - a.x(); 313| 61.0k| const auto r = S2 - a.y(); 314| | 315| | /* Risky conditional 316| | * 317| | * This implementation uses projective coordinates, which do not have an efficient complete 318| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 319| | * 320| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 321| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 322| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 323| | * (the identity element) 324| | */ 325| 61.0k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (325:7): [True: 0, False: 61.0k] ------------------ 326| 0| return a.dbl(); 327| 0| } 328| | 329| 61.0k| const auto HH = H.square(); 330| 61.0k| const auto HHH = H * HH; 331| 61.0k| const auto V = a.x() * HH; 332| 61.0k| const auto t2 = r.square(); 333| 61.0k| const auto t3 = V + V; 334| 61.0k| const auto t4 = t2 - HHH; 335| 61.0k| auto X3 = t4 - t3; 336| 61.0k| const auto t5 = V - X3; 337| 61.0k| const auto t6 = a.y() * HHH; 338| 61.0k| const auto t7 = r * t5; 339| 61.0k| auto Y3 = t7 - t6; 340| 61.0k| auto Z3 = a.z() * H; 341| | 342| | // if a is identity then return b 343| 61.0k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), by, one); 344| | 345| | // if b is identity then return a 346| 61.0k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 347| | 348| 61.0k| return ProjectivePoint(X3, Y3, Z3); 349| 61.0k|} pcurves_brainpool256r1.cpp:_ZN5Botan11to_affine_xINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveEEEDaRKNT_15ProjectivePointE: 96| 514|auto to_affine_x(const typename C::ProjectivePoint& pt) { 97| | if constexpr(curve_supports_fe_invert2) { 98| | return pt.x() * C::fe_invert2(pt.z()); 99| 514| } else { 100| 514| const auto z_inv = invert_field_element(pt.z()); 101| 514| const auto z2_inv = z_inv.square(); 102| 514| return pt.x() * z2_inv; 103| 514| } 104| 514|} pcurves_brainpool256r1.cpp:_ZN5Botan15point_add_mixedINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_RKT1_: 240| 3.59k| const FieldElement& one) { 241| 3.59k| const auto a_is_identity = a.is_identity(); 242| 3.59k| const auto b_is_identity = b.is_identity(); 243| | 244| | /* 245| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 246| | 247| | Cost: 8M + 3S + 6add + 1*2 248| | */ 249| | 250| 3.59k| const auto Z1Z1 = a.z().square(); 251| 3.59k| const auto U2 = b.x() * Z1Z1; 252| 3.59k| const auto S2 = b.y() * a.z() * Z1Z1; 253| 3.59k| const auto H = U2 - a.x(); 254| 3.59k| const auto r = S2 - a.y(); 255| | 256| | /* Risky conditional 257| | * 258| | * This implementation uses projective coordinates, which do not have an efficient complete 259| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 260| | * 261| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 262| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 263| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 264| | * (the identity element) 265| | */ 266| 3.59k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (266:7): [True: 0, False: 3.59k] ------------------ 267| 0| return a.dbl(); 268| 0| } 269| | 270| 3.59k| const auto HH = H.square(); 271| 3.59k| const auto HHH = H * HH; 272| 3.59k| const auto V = a.x() * HH; 273| 3.59k| const auto t2 = r.square(); 274| 3.59k| const auto t3 = V + V; 275| 3.59k| const auto t4 = t2 - HHH; 276| 3.59k| auto X3 = t4 - t3; 277| 3.59k| const auto t5 = V - X3; 278| 3.59k| const auto t6 = a.y() * HHH; 279| 3.59k| const auto t7 = r * t5; 280| 3.59k| auto Y3 = t7 - t6; 281| 3.59k| auto Z3 = a.z() * H; 282| | 283| | // if a is identity then return b 284| 3.59k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), one); 285| | 286| | // if b is identity then return a 287| 3.59k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 288| | 289| 3.59k| return ProjectivePoint(X3, Y3, Z3); 290| 3.59k|} pcurves_brainpool256r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 514|auto to_affine_batch(std::span projective) { 108| 514| using AffinePoint = typename C::AffinePoint; 109| | 110| 514| const size_t N = projective.size(); 111| 514| std::vector affine; 112| 514| affine.reserve(N); 113| | 114| 514| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 8.22k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 8.22k, False: 514] ------------------ 117| 8.22k| any_identity = any_identity || pt.is_identity(); 118| 8.22k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 514| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 514] | Branch (126:17): [True: 0, False: 514] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 514| } else { 134| 514| std::vector c; 135| 514| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 514| c.push_back(projective[0].z()); 145| 8.22k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 7.71k, False: 514] ------------------ 146| 7.71k| c.push_back(c[i - 1] * projective[i].z()); 147| 7.71k| } 148| | 149| 514| auto s_inv = [&]() { 150| 514| if constexpr(VariableTime) { 151| 514| return c[N - 1].invert_vartime(); 152| 514| } else { 153| 514| return invert_field_element(c[N - 1]); 154| 514| } 155| 514| }(); 156| | 157| 8.22k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 7.71k, False: 514] ------------------ 158| 7.71k| const auto& p = projective[i]; 159| | 160| 7.71k| const auto z_inv = s_inv * c[i - 1]; 161| 7.71k| const auto z2_inv = z_inv.square(); 162| 7.71k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 7.71k| s_inv = s_inv * p.z(); 165| | 166| 7.71k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 7.71k| } 168| | 169| 514| const auto z2_inv = s_inv.square(); 170| 514| const auto z3_inv = s_inv * z2_inv; 171| 514| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 514| std::reverse(affine.begin(), affine.end()); 173| 514| return affine; 174| 514| } 175| | 176| 0| return affine; 177| 514|} pcurves_brainpool256r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 514| auto s_inv = [&]() { 150| | if constexpr(VariableTime) { 151| | return c[N - 1].invert_vartime(); 152| 514| } else { 153| 514| return invert_field_element(c[N - 1]); 154| 514| } 155| 514| }(); pcurves_brainpool256r1.cpp:_ZN5Botan13dbl_n_genericINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_RKT0_m: 477| 29.2k|inline constexpr ProjectivePoint dbl_n_generic(const ProjectivePoint& pt, const FieldElement& A, size_t n) { 478| 29.2k| auto nx = pt.x(); 479| 29.2k| auto ny = pt.y().mul2(); 480| 29.2k| auto nz = pt.z(); 481| 29.2k| auto w = nz.square().square() * A; 482| | 483| | // Conditional ok: loop iteration count is public 484| 175k| while(n > 0) { ------------------ | Branch (484:10): [True: 146k, False: 29.2k] ------------------ 485| 146k| const auto ny2 = ny.square(); 486| 146k| const auto ny4 = ny2.square(); 487| 146k| const auto t1 = nx.square().mul3() + w; 488| 146k| const auto t2 = nx * ny2; 489| 146k| nx = t1.square() - t2.mul2(); 490| 146k| nz *= ny; 491| 146k| ny = t1 * (t2 - nx).mul2() - ny4; 492| 146k| n--; 493| | // Conditional ok: loop iteration count is public 494| 146k| if(n > 0) { ------------------ | Branch (494:10): [True: 117k, False: 29.2k] ------------------ 495| 117k| w *= ny4; 496| 117k| } 497| 146k| } 498| 29.2k| return ProjectivePoint(nx, ny.div2(), nz); 499| 29.2k|} pcurves_brainpool256r1.cpp:_ZN5Botan18sqrt_field_elementINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveEEENS_2CT6OptionINT_12FieldElementEEERKS8_: 60| 528|inline constexpr CT::Option sqrt_field_element(const typename C::FieldElement& fe) { 61| | if constexpr(curve_supports_fe_sqrt) { 62| | auto z = C::fe_sqrt(fe); 63| | // Zero out the return value if it would otherwise be incorrect 64| | const CT::Choice correct = (z.square() == fe); 65| | z.conditional_assign(!correct, C::FieldElement::zero()); 66| | return CT::Option(z, correct); 67| 528| } else { 68| 528| return fe.sqrt(); 69| 528| } 70| 528|} pcurves_brainpool384r1.cpp:_ZN5Botan11dbl_genericINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_RKT0_: 397| 2.58k|inline constexpr ProjectivePoint dbl_generic(const ProjectivePoint& pt, const FieldElement& A) { 398| | // Cost: 1M + 3S + 1A + 1*3 399| 2.58k| const auto z2 = pt.z().square(); 400| 2.58k| const auto m = pt.x().square().mul3() + A * z2.square(); 401| | 402| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 403| 2.58k| const auto y2 = pt.y().square(); 404| 2.58k| const auto s = pt.x().mul4() * y2; 405| 2.58k| const auto nx = m.square() - s.mul2(); 406| 2.58k| const auto ny = m * (s - nx) - y2.square().mul8(); 407| 2.58k| const auto nz = pt.y().mul2() * pt.z(); 408| | 409| 2.58k| return ProjectivePoint(nx, ny, nz); 410| 2.58k|} pcurves_brainpool384r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 1.09k|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 1.09k| const auto a_is_identity = a.is_identity(); 189| 1.09k| const auto b_is_identity = b.is_identity(); 190| | 191| 1.09k| const auto Z1Z1 = a.z().square(); 192| 1.09k| const auto Z2Z2 = b.z().square(); 193| 1.09k| const auto U1 = a.x() * Z2Z2; 194| 1.09k| const auto U2 = b.x() * Z1Z1; 195| 1.09k| const auto S1 = a.y() * b.z() * Z2Z2; 196| 1.09k| const auto S2 = b.y() * a.z() * Z1Z1; 197| 1.09k| const auto H = U2 - U1; 198| 1.09k| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 1.09k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 1.09k] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 1.09k| const auto HH = H.square(); 215| 1.09k| const auto HHH = H * HH; 216| 1.09k| const auto V = U1 * HH; 217| 1.09k| const auto t2 = r.square(); 218| 1.09k| const auto t3 = V + V; 219| 1.09k| const auto t4 = t2 - HHH; 220| 1.09k| auto X3 = t4 - t3; 221| 1.09k| const auto t5 = V - X3; 222| 1.09k| const auto t6 = S1 * HHH; 223| 1.09k| const auto t7 = r * t5; 224| 1.09k| auto Y3 = t7 - t6; 225| 1.09k| const auto t8 = b.z() * H; 226| 1.09k| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 1.09k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 1.09k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 1.09k| return ProjectivePoint(X3, Y3, Z3); 235| 1.09k|} pcurves_brainpool384r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 2.33k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 2.33k, False: 1] ------------------ 117| 2.33k| any_identity = any_identity || pt.is_identity(); 118| 2.33k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 2.33k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 2.33k, False: 1] ------------------ 146| 2.33k| c.push_back(c[i - 1] * projective[i].z()); 147| 2.33k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 2.33k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 2.33k, False: 1] ------------------ 158| 2.33k| const auto& p = projective[i]; 159| | 160| 2.33k| const auto z_inv = s_inv * c[i - 1]; 161| 2.33k| const auto z2_inv = z_inv.square(); 162| 2.33k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 2.33k| s_inv = s_inv * p.z(); 165| | 166| 2.33k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 2.33k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_brainpool384r1.cpp:_ZN5Botan9to_affineINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveEEEDaRKNT_15ProjectivePointE: 76| 433|inline constexpr auto to_affine(const typename C::ProjectivePoint& pt) { 77| | // Not strictly required right? - default should work as long 78| | // as (0,0) is identity and invert returns 0 on 0 79| | 80| | if constexpr(curve_supports_fe_invert2) { 81| | const auto z2_inv = C::fe_invert2(pt.z()); 82| | const auto z3_inv = z2_inv.square() * pt.z(); 83| | return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 84| 433| } else { 85| 433| const auto z_inv = invert_field_element(pt.z()); 86| 433| const auto z2_inv = z_inv.square(); 87| 433| const auto z3_inv = z_inv * z2_inv; 88| 433| return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 89| 433| } 90| 433|} pcurves_brainpool384r1.cpp:_ZN5Botan20invert_field_elementINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveEEEDaRKNT_12FieldElementE: 35| 769|inline constexpr auto invert_field_element(const typename C::FieldElement& fe) { 36| | if constexpr(curve_supports_fe_invert2) { 37| | return C::fe_invert2(fe) * fe; 38| 769| } else { 39| 769| return fe.invert(); 40| 769| } 41| 769|} pcurves_brainpool384r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_brainpool384r1.cpp:_ZN5Botan22point_add_or_sub_mixedINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_NS_2CT6ChoiceERKT1_: 296| 45.6k| const FieldElement& one) { 297| 45.6k| const auto a_is_identity = a.is_identity(); 298| 45.6k| const auto b_is_identity = b.is_identity(); 299| | 300| | /* 301| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 302| | 303| | Cost: 8M + 3S + 6add + 1*2 304| | */ 305| | 306| 45.6k| auto by = b.y(); 307| 45.6k| by.conditional_assign(sub, by.negate()); 308| | 309| 45.6k| const auto Z1Z1 = a.z().square(); 310| 45.6k| const auto U2 = b.x() * Z1Z1; 311| 45.6k| const auto S2 = by * a.z() * Z1Z1; 312| 45.6k| const auto H = U2 - a.x(); 313| 45.6k| const auto r = S2 - a.y(); 314| | 315| | /* Risky conditional 316| | * 317| | * This implementation uses projective coordinates, which do not have an efficient complete 318| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 319| | * 320| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 321| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 322| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 323| | * (the identity element) 324| | */ 325| 45.6k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (325:7): [True: 0, False: 45.6k] ------------------ 326| 0| return a.dbl(); 327| 0| } 328| | 329| 45.6k| const auto HH = H.square(); 330| 45.6k| const auto HHH = H * HH; 331| 45.6k| const auto V = a.x() * HH; 332| 45.6k| const auto t2 = r.square(); 333| 45.6k| const auto t3 = V + V; 334| 45.6k| const auto t4 = t2 - HHH; 335| 45.6k| auto X3 = t4 - t3; 336| 45.6k| const auto t5 = V - X3; 337| 45.6k| const auto t6 = a.y() * HHH; 338| 45.6k| const auto t7 = r * t5; 339| 45.6k| auto Y3 = t7 - t6; 340| 45.6k| auto Z3 = a.z() * H; 341| | 342| | // if a is identity then return b 343| 45.6k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), by, one); 344| | 345| | // if b is identity then return a 346| 45.6k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 347| | 348| 45.6k| return ProjectivePoint(X3, Y3, Z3); 349| 45.6k|} pcurves_brainpool384r1.cpp:_ZN5Botan11to_affine_xINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveEEEDaRKNT_15ProjectivePointE: 96| 168|auto to_affine_x(const typename C::ProjectivePoint& pt) { 97| | if constexpr(curve_supports_fe_invert2) { 98| | return pt.x() * C::fe_invert2(pt.z()); 99| 168| } else { 100| 168| const auto z_inv = invert_field_element(pt.z()); 101| 168| const auto z2_inv = z_inv.square(); 102| 168| return pt.x() * z2_inv; 103| 168| } 104| 168|} pcurves_brainpool384r1.cpp:_ZN5Botan15point_add_mixedINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_RKT1_: 240| 1.17k| const FieldElement& one) { 241| 1.17k| const auto a_is_identity = a.is_identity(); 242| 1.17k| const auto b_is_identity = b.is_identity(); 243| | 244| | /* 245| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 246| | 247| | Cost: 8M + 3S + 6add + 1*2 248| | */ 249| | 250| 1.17k| const auto Z1Z1 = a.z().square(); 251| 1.17k| const auto U2 = b.x() * Z1Z1; 252| 1.17k| const auto S2 = b.y() * a.z() * Z1Z1; 253| 1.17k| const auto H = U2 - a.x(); 254| 1.17k| const auto r = S2 - a.y(); 255| | 256| | /* Risky conditional 257| | * 258| | * This implementation uses projective coordinates, which do not have an efficient complete 259| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 260| | * 261| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 262| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 263| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 264| | * (the identity element) 265| | */ 266| 1.17k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (266:7): [True: 0, False: 1.17k] ------------------ 267| 0| return a.dbl(); 268| 0| } 269| | 270| 1.17k| const auto HH = H.square(); 271| 1.17k| const auto HHH = H * HH; 272| 1.17k| const auto V = a.x() * HH; 273| 1.17k| const auto t2 = r.square(); 274| 1.17k| const auto t3 = V + V; 275| 1.17k| const auto t4 = t2 - HHH; 276| 1.17k| auto X3 = t4 - t3; 277| 1.17k| const auto t5 = V - X3; 278| 1.17k| const auto t6 = a.y() * HHH; 279| 1.17k| const auto t7 = r * t5; 280| 1.17k| auto Y3 = t7 - t6; 281| 1.17k| auto Z3 = a.z() * H; 282| | 283| | // if a is identity then return b 284| 1.17k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), one); 285| | 286| | // if b is identity then return a 287| 1.17k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 288| | 289| 1.17k| return ProjectivePoint(X3, Y3, Z3); 290| 1.17k|} pcurves_brainpool384r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 168|auto to_affine_batch(std::span projective) { 108| 168| using AffinePoint = typename C::AffinePoint; 109| | 110| 168| const size_t N = projective.size(); 111| 168| std::vector affine; 112| 168| affine.reserve(N); 113| | 114| 168| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 2.68k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 2.68k, False: 168] ------------------ 117| 2.68k| any_identity = any_identity || pt.is_identity(); 118| 2.68k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 168| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 168] | Branch (126:17): [True: 0, False: 168] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 168| } else { 134| 168| std::vector c; 135| 168| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 168| c.push_back(projective[0].z()); 145| 2.68k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 2.52k, False: 168] ------------------ 146| 2.52k| c.push_back(c[i - 1] * projective[i].z()); 147| 2.52k| } 148| | 149| 168| auto s_inv = [&]() { 150| 168| if constexpr(VariableTime) { 151| 168| return c[N - 1].invert_vartime(); 152| 168| } else { 153| 168| return invert_field_element(c[N - 1]); 154| 168| } 155| 168| }(); 156| | 157| 2.68k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 2.52k, False: 168] ------------------ 158| 2.52k| const auto& p = projective[i]; 159| | 160| 2.52k| const auto z_inv = s_inv * c[i - 1]; 161| 2.52k| const auto z2_inv = z_inv.square(); 162| 2.52k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 2.52k| s_inv = s_inv * p.z(); 165| | 166| 2.52k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 2.52k| } 168| | 169| 168| const auto z2_inv = s_inv.square(); 170| 168| const auto z3_inv = s_inv * z2_inv; 171| 168| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 168| std::reverse(affine.begin(), affine.end()); 173| 168| return affine; 174| 168| } 175| | 176| 0| return affine; 177| 168|} pcurves_brainpool384r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 168| auto s_inv = [&]() { 150| | if constexpr(VariableTime) { 151| | return c[N - 1].invert_vartime(); 152| 168| } else { 153| 168| return invert_field_element(c[N - 1]); 154| 168| } 155| 168| }(); pcurves_brainpool384r1.cpp:_ZN5Botan13dbl_n_genericINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_RKT0_m: 477| 14.4k|inline constexpr ProjectivePoint dbl_n_generic(const ProjectivePoint& pt, const FieldElement& A, size_t n) { 478| 14.4k| auto nx = pt.x(); 479| 14.4k| auto ny = pt.y().mul2(); 480| 14.4k| auto nz = pt.z(); 481| 14.4k| auto w = nz.square().square() * A; 482| | 483| | // Conditional ok: loop iteration count is public 484| 86.6k| while(n > 0) { ------------------ | Branch (484:10): [True: 72.2k, False: 14.4k] ------------------ 485| 72.2k| const auto ny2 = ny.square(); 486| 72.2k| const auto ny4 = ny2.square(); 487| 72.2k| const auto t1 = nx.square().mul3() + w; 488| 72.2k| const auto t2 = nx * ny2; 489| 72.2k| nx = t1.square() - t2.mul2(); 490| 72.2k| nz *= ny; 491| 72.2k| ny = t1 * (t2 - nx).mul2() - ny4; 492| 72.2k| n--; 493| | // Conditional ok: loop iteration count is public 494| 72.2k| if(n > 0) { ------------------ | Branch (494:10): [True: 57.7k, False: 14.4k] ------------------ 495| 57.7k| w *= ny4; 496| 57.7k| } 497| 72.2k| } 498| 14.4k| return ProjectivePoint(nx, ny.div2(), nz); 499| 14.4k|} pcurves_brainpool384r1.cpp:_ZN5Botan18sqrt_field_elementINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveEEENS_2CT6OptionINT_12FieldElementEEERKS8_: 60| 221|inline constexpr CT::Option sqrt_field_element(const typename C::FieldElement& fe) { 61| | if constexpr(curve_supports_fe_sqrt) { 62| | auto z = C::fe_sqrt(fe); 63| | // Zero out the return value if it would otherwise be incorrect 64| | const CT::Choice correct = (z.square() == fe); 65| | z.conditional_assign(!correct, C::FieldElement::zero()); 66| | return CT::Option(z, correct); 67| 221| } else { 68| 221| return fe.sqrt(); 69| 221| } 70| 221|} pcurves_brainpool512r1.cpp:_ZN5Botan11dbl_genericINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_RKT0_: 397| 2.84k|inline constexpr ProjectivePoint dbl_generic(const ProjectivePoint& pt, const FieldElement& A) { 398| | // Cost: 1M + 3S + 1A + 1*3 399| 2.84k| const auto z2 = pt.z().square(); 400| 2.84k| const auto m = pt.x().square().mul3() + A * z2.square(); 401| | 402| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 403| 2.84k| const auto y2 = pt.y().square(); 404| 2.84k| const auto s = pt.x().mul4() * y2; 405| 2.84k| const auto nx = m.square() - s.mul2(); 406| 2.84k| const auto ny = m * (s - nx) - y2.square().mul8(); 407| 2.84k| const auto nz = pt.y().mul2() * pt.z(); 408| | 409| 2.84k| return ProjectivePoint(nx, ny, nz); 410| 2.84k|} pcurves_brainpool512r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 1.45k|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 1.45k| const auto a_is_identity = a.is_identity(); 189| 1.45k| const auto b_is_identity = b.is_identity(); 190| | 191| 1.45k| const auto Z1Z1 = a.z().square(); 192| 1.45k| const auto Z2Z2 = b.z().square(); 193| 1.45k| const auto U1 = a.x() * Z2Z2; 194| 1.45k| const auto U2 = b.x() * Z1Z1; 195| 1.45k| const auto S1 = a.y() * b.z() * Z2Z2; 196| 1.45k| const auto S2 = b.y() * a.z() * Z1Z1; 197| 1.45k| const auto H = U2 - U1; 198| 1.45k| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 1.45k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 1.45k] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 1.45k| const auto HH = H.square(); 215| 1.45k| const auto HHH = H * HH; 216| 1.45k| const auto V = U1 * HH; 217| 1.45k| const auto t2 = r.square(); 218| 1.45k| const auto t3 = V + V; 219| 1.45k| const auto t4 = t2 - HHH; 220| 1.45k| auto X3 = t4 - t3; 221| 1.45k| const auto t5 = V - X3; 222| 1.45k| const auto t6 = S1 * HHH; 223| 1.45k| const auto t7 = r * t5; 224| 1.45k| auto Y3 = t7 - t6; 225| 1.45k| const auto t8 = b.z() * H; 226| 1.45k| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 1.45k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 1.45k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 1.45k| return ProjectivePoint(X3, Y3, Z3); 235| 1.45k|} pcurves_brainpool512r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 3.10k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 3.10k, False: 1] ------------------ 117| 3.10k| any_identity = any_identity || pt.is_identity(); 118| 3.10k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 3.10k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 3.10k, False: 1] ------------------ 146| 3.10k| c.push_back(c[i - 1] * projective[i].z()); 147| 3.10k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 3.10k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 3.10k, False: 1] ------------------ 158| 3.10k| const auto& p = projective[i]; 159| | 160| 3.10k| const auto z_inv = s_inv * c[i - 1]; 161| 3.10k| const auto z2_inv = z_inv.square(); 162| 3.10k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 3.10k| s_inv = s_inv * p.z(); 165| | 166| 3.10k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 3.10k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_brainpool512r1.cpp:_ZN5Botan9to_affineINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveEEEDaRKNT_15ProjectivePointE: 76| 360|inline constexpr auto to_affine(const typename C::ProjectivePoint& pt) { 77| | // Not strictly required right? - default should work as long 78| | // as (0,0) is identity and invert returns 0 on 0 79| | 80| | if constexpr(curve_supports_fe_invert2) { 81| | const auto z2_inv = C::fe_invert2(pt.z()); 82| | const auto z3_inv = z2_inv.square() * pt.z(); 83| | return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 84| 360| } else { 85| 360| const auto z_inv = invert_field_element(pt.z()); 86| 360| const auto z2_inv = z_inv.square(); 87| 360| const auto z3_inv = z_inv * z2_inv; 88| 360| return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 89| 360| } 90| 360|} pcurves_brainpool512r1.cpp:_ZN5Botan20invert_field_elementINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveEEEDaRKNT_12FieldElementE: 35| 660|inline constexpr auto invert_field_element(const typename C::FieldElement& fe) { 36| | if constexpr(curve_supports_fe_invert2) { 37| | return C::fe_invert2(fe) * fe; 38| 660| } else { 39| 660| return fe.invert(); 40| 660| } 41| 660|} pcurves_brainpool512r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_brainpool512r1.cpp:_ZN5Botan22point_add_or_sub_mixedINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_NS_2CT6ChoiceERKT1_: 296| 51.8k| const FieldElement& one) { 297| 51.8k| const auto a_is_identity = a.is_identity(); 298| 51.8k| const auto b_is_identity = b.is_identity(); 299| | 300| | /* 301| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 302| | 303| | Cost: 8M + 3S + 6add + 1*2 304| | */ 305| | 306| 51.8k| auto by = b.y(); 307| 51.8k| by.conditional_assign(sub, by.negate()); 308| | 309| 51.8k| const auto Z1Z1 = a.z().square(); 310| 51.8k| const auto U2 = b.x() * Z1Z1; 311| 51.8k| const auto S2 = by * a.z() * Z1Z1; 312| 51.8k| const auto H = U2 - a.x(); 313| 51.8k| const auto r = S2 - a.y(); 314| | 315| | /* Risky conditional 316| | * 317| | * This implementation uses projective coordinates, which do not have an efficient complete 318| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 319| | * 320| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 321| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 322| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 323| | * (the identity element) 324| | */ 325| 51.8k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (325:7): [True: 0, False: 51.8k] ------------------ 326| 0| return a.dbl(); 327| 0| } 328| | 329| 51.8k| const auto HH = H.square(); 330| 51.8k| const auto HHH = H * HH; 331| 51.8k| const auto V = a.x() * HH; 332| 51.8k| const auto t2 = r.square(); 333| 51.8k| const auto t3 = V + V; 334| 51.8k| const auto t4 = t2 - HHH; 335| 51.8k| auto X3 = t4 - t3; 336| 51.8k| const auto t5 = V - X3; 337| 51.8k| const auto t6 = a.y() * HHH; 338| 51.8k| const auto t7 = r * t5; 339| 51.8k| auto Y3 = t7 - t6; 340| 51.8k| auto Z3 = a.z() * H; 341| | 342| | // if a is identity then return b 343| 51.8k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), by, one); 344| | 345| | // if b is identity then return a 346| 51.8k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 347| | 348| 51.8k| return ProjectivePoint(X3, Y3, Z3); 349| 51.8k|} pcurves_brainpool512r1.cpp:_ZN5Botan11to_affine_xINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveEEEDaRKNT_15ProjectivePointE: 96| 150|auto to_affine_x(const typename C::ProjectivePoint& pt) { 97| | if constexpr(curve_supports_fe_invert2) { 98| | return pt.x() * C::fe_invert2(pt.z()); 99| 150| } else { 100| 150| const auto z_inv = invert_field_element(pt.z()); 101| 150| const auto z2_inv = z_inv.square(); 102| 150| return pt.x() * z2_inv; 103| 150| } 104| 150|} pcurves_brainpool512r1.cpp:_ZN5Botan15point_add_mixedINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_RKT1_: 240| 1.05k| const FieldElement& one) { 241| 1.05k| const auto a_is_identity = a.is_identity(); 242| 1.05k| const auto b_is_identity = b.is_identity(); 243| | 244| | /* 245| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 246| | 247| | Cost: 8M + 3S + 6add + 1*2 248| | */ 249| | 250| 1.05k| const auto Z1Z1 = a.z().square(); 251| 1.05k| const auto U2 = b.x() * Z1Z1; 252| 1.05k| const auto S2 = b.y() * a.z() * Z1Z1; 253| 1.05k| const auto H = U2 - a.x(); 254| 1.05k| const auto r = S2 - a.y(); 255| | 256| | /* Risky conditional 257| | * 258| | * This implementation uses projective coordinates, which do not have an efficient complete 259| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 260| | * 261| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 262| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 263| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 264| | * (the identity element) 265| | */ 266| 1.05k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (266:7): [True: 0, False: 1.05k] ------------------ 267| 0| return a.dbl(); 268| 0| } 269| | 270| 1.05k| const auto HH = H.square(); 271| 1.05k| const auto HHH = H * HH; 272| 1.05k| const auto V = a.x() * HH; 273| 1.05k| const auto t2 = r.square(); 274| 1.05k| const auto t3 = V + V; 275| 1.05k| const auto t4 = t2 - HHH; 276| 1.05k| auto X3 = t4 - t3; 277| 1.05k| const auto t5 = V - X3; 278| 1.05k| const auto t6 = a.y() * HHH; 279| 1.05k| const auto t7 = r * t5; 280| 1.05k| auto Y3 = t7 - t6; 281| 1.05k| auto Z3 = a.z() * H; 282| | 283| | // if a is identity then return b 284| 1.05k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), one); 285| | 286| | // if b is identity then return a 287| 1.05k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 288| | 289| 1.05k| return ProjectivePoint(X3, Y3, Z3); 290| 1.05k|} pcurves_brainpool512r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 150|auto to_affine_batch(std::span projective) { 108| 150| using AffinePoint = typename C::AffinePoint; 109| | 110| 150| const size_t N = projective.size(); 111| 150| std::vector affine; 112| 150| affine.reserve(N); 113| | 114| 150| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 2.40k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 2.40k, False: 150] ------------------ 117| 2.40k| any_identity = any_identity || pt.is_identity(); 118| 2.40k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 150| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 150] | Branch (126:17): [True: 0, False: 150] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 150| } else { 134| 150| std::vector c; 135| 150| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 150| c.push_back(projective[0].z()); 145| 2.40k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 2.25k, False: 150] ------------------ 146| 2.25k| c.push_back(c[i - 1] * projective[i].z()); 147| 2.25k| } 148| | 149| 150| auto s_inv = [&]() { 150| 150| if constexpr(VariableTime) { 151| 150| return c[N - 1].invert_vartime(); 152| 150| } else { 153| 150| return invert_field_element(c[N - 1]); 154| 150| } 155| 150| }(); 156| | 157| 2.40k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 2.25k, False: 150] ------------------ 158| 2.25k| const auto& p = projective[i]; 159| | 160| 2.25k| const auto z_inv = s_inv * c[i - 1]; 161| 2.25k| const auto z2_inv = z_inv.square(); 162| 2.25k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 2.25k| s_inv = s_inv * p.z(); 165| | 166| 2.25k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 2.25k| } 168| | 169| 150| const auto z2_inv = s_inv.square(); 170| 150| const auto z3_inv = s_inv * z2_inv; 171| 150| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 150| std::reverse(affine.begin(), affine.end()); 173| 150| return affine; 174| 150| } 175| | 176| 0| return affine; 177| 150|} pcurves_brainpool512r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 150| auto s_inv = [&]() { 150| | if constexpr(VariableTime) { 151| | return c[N - 1].invert_vartime(); 152| 150| } else { 153| 150| return invert_field_element(c[N - 1]); 154| 150| } 155| 150| }(); pcurves_brainpool512r1.cpp:_ZN5Botan13dbl_n_genericINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_RKT0_m: 477| 17.2k|inline constexpr ProjectivePoint dbl_n_generic(const ProjectivePoint& pt, const FieldElement& A, size_t n) { 478| 17.2k| auto nx = pt.x(); 479| 17.2k| auto ny = pt.y().mul2(); 480| 17.2k| auto nz = pt.z(); 481| 17.2k| auto w = nz.square().square() * A; 482| | 483| | // Conditional ok: loop iteration count is public 484| 103k| while(n > 0) { ------------------ | Branch (484:10): [True: 86.2k, False: 17.2k] ------------------ 485| 86.2k| const auto ny2 = ny.square(); 486| 86.2k| const auto ny4 = ny2.square(); 487| 86.2k| const auto t1 = nx.square().mul3() + w; 488| 86.2k| const auto t2 = nx * ny2; 489| 86.2k| nx = t1.square() - t2.mul2(); 490| 86.2k| nz *= ny; 491| 86.2k| ny = t1 * (t2 - nx).mul2() - ny4; 492| 86.2k| n--; 493| | // Conditional ok: loop iteration count is public 494| 86.2k| if(n > 0) { ------------------ | Branch (494:10): [True: 69.0k, False: 17.2k] ------------------ 495| 69.0k| w *= ny4; 496| 69.0k| } 497| 86.2k| } 498| 17.2k| return ProjectivePoint(nx, ny.div2(), nz); 499| 17.2k|} pcurves_brainpool512r1.cpp:_ZN5Botan18sqrt_field_elementINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveEEENS_2CT6OptionINT_12FieldElementEEERKS8_: 60| 199|inline constexpr CT::Option sqrt_field_element(const typename C::FieldElement& fe) { 61| | if constexpr(curve_supports_fe_sqrt) { 62| | auto z = C::fe_sqrt(fe); 63| | // Zero out the return value if it would otherwise be incorrect 64| | const CT::Choice correct = (z.square() == fe); 65| | z.conditional_assign(!correct, C::FieldElement::zero()); 66| | return CT::Option(z, correct); 67| 199| } else { 68| 199| return fe.sqrt(); 69| 199| } 70| 199|} pcurves_secp256r1.cpp:_ZN5Botan13dbl_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEES8_EEEET_RKSE_: 362| 3.45k|inline constexpr ProjectivePoint dbl_a_minus_3(const ProjectivePoint& pt) { 363| | /* 364| | if a == -3 then 365| | 3*x^2 + a*z^4 == 3*x^2 - 3*z^4 == 3*(x^2-z^4) == 3*(x-z^2)*(x+z^2) 366| | */ 367| 3.45k| const auto z2 = pt.z().square(); 368| 3.45k| const auto m = (pt.x() - z2).mul3() * (pt.x() + z2); 369| | 370| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 371| 3.45k| const auto y2 = pt.y().square(); 372| 3.45k| const auto s = pt.x().mul4() * y2; 373| 3.45k| const auto nx = m.square() - s.mul2(); 374| 3.45k| const auto ny = m * (s - nx) - y2.square().mul8(); 375| 3.45k| const auto nz = pt.y().mul2() * pt.z(); 376| | 377| 3.45k| return ProjectivePoint(nx, ny, nz); 378| 3.45k|} pcurves_secp256r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 735|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 735| const auto a_is_identity = a.is_identity(); 189| 735| const auto b_is_identity = b.is_identity(); 190| | 191| 735| const auto Z1Z1 = a.z().square(); 192| 735| const auto Z2Z2 = b.z().square(); 193| 735| const auto U1 = a.x() * Z2Z2; 194| 735| const auto U2 = b.x() * Z1Z1; 195| 735| const auto S1 = a.y() * b.z() * Z2Z2; 196| 735| const auto S2 = b.y() * a.z() * Z1Z1; 197| 735| const auto H = U2 - U1; 198| 735| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 735| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 735] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 735| const auto HH = H.square(); 215| 735| const auto HHH = H * HH; 216| 735| const auto V = U1 * HH; 217| 735| const auto t2 = r.square(); 218| 735| const auto t3 = V + V; 219| 735| const auto t4 = t2 - HHH; 220| 735| auto X3 = t4 - t3; 221| 735| const auto t5 = V - X3; 222| 735| const auto t6 = S1 * HHH; 223| 735| const auto t7 = r * t5; 224| 735| auto Y3 = t7 - t6; 225| 735| const auto t8 = b.z() * H; 226| 735| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 735| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 735| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 735| return ProjectivePoint(X3, Y3, Z3); 235| 735|} pcurves_secp256r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp256r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 1.56k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 1.56k, False: 1] ------------------ 117| 1.56k| any_identity = any_identity || pt.is_identity(); 118| 1.56k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 1.56k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 1.56k, False: 1] ------------------ 146| 1.56k| c.push_back(c[i - 1] * projective[i].z()); 147| 1.56k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 1.56k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 1.56k, False: 1] ------------------ 158| 1.56k| const auto& p = projective[i]; 159| | 160| 1.56k| const auto z_inv = s_inv * c[i - 1]; 161| 1.56k| const auto z2_inv = z_inv.square(); 162| 1.56k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 1.56k| s_inv = s_inv * p.z(); 165| | 166| 1.56k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 1.56k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_secp256r1.cpp:_ZN5Botan9to_affineINS_6PCurve12_GLOBAL__N_19secp256r15CurveEEEDaRKNT_15ProjectivePointE: 76| 454|inline constexpr auto to_affine(const typename C::ProjectivePoint& pt) { 77| | // Not strictly required right? - default should work as long 78| | // as (0,0) is identity and invert returns 0 on 0 79| | 80| 454| if constexpr(curve_supports_fe_invert2) { 81| 454| const auto z2_inv = C::fe_invert2(pt.z()); 82| 454| const auto z3_inv = z2_inv.square() * pt.z(); 83| 454| return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 84| | } else { 85| | const auto z_inv = invert_field_element(pt.z()); 86| | const auto z2_inv = z_inv.square(); 87| | const auto z3_inv = z_inv * z2_inv; 88| | return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 89| | } 90| 454|} pcurves_secp256r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp256r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_secp256r1.cpp:_ZN5Botan22point_add_or_sub_mixedINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_NS_2CT6ChoiceERKT1_: 296| 40.4k| const FieldElement& one) { 297| 40.4k| const auto a_is_identity = a.is_identity(); 298| 40.4k| const auto b_is_identity = b.is_identity(); 299| | 300| | /* 301| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 302| | 303| | Cost: 8M + 3S + 6add + 1*2 304| | */ 305| | 306| 40.4k| auto by = b.y(); 307| 40.4k| by.conditional_assign(sub, by.negate()); 308| | 309| 40.4k| const auto Z1Z1 = a.z().square(); 310| 40.4k| const auto U2 = b.x() * Z1Z1; 311| 40.4k| const auto S2 = by * a.z() * Z1Z1; 312| 40.4k| const auto H = U2 - a.x(); 313| 40.4k| const auto r = S2 - a.y(); 314| | 315| | /* Risky conditional 316| | * 317| | * This implementation uses projective coordinates, which do not have an efficient complete 318| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 319| | * 320| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 321| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 322| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 323| | * (the identity element) 324| | */ 325| 40.4k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (325:7): [True: 0, False: 40.4k] ------------------ 326| 0| return a.dbl(); 327| 0| } 328| | 329| 40.4k| const auto HH = H.square(); 330| 40.4k| const auto HHH = H * HH; 331| 40.4k| const auto V = a.x() * HH; 332| 40.4k| const auto t2 = r.square(); 333| 40.4k| const auto t3 = V + V; 334| 40.4k| const auto t4 = t2 - HHH; 335| 40.4k| auto X3 = t4 - t3; 336| 40.4k| const auto t5 = V - X3; 337| 40.4k| const auto t6 = a.y() * HHH; 338| 40.4k| const auto t7 = r * t5; 339| 40.4k| auto Y3 = t7 - t6; 340| 40.4k| auto Z3 = a.z() * H; 341| | 342| | // if a is identity then return b 343| 40.4k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), by, one); 344| | 345| | // if b is identity then return a 346| 40.4k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 347| | 348| 40.4k| return ProjectivePoint(X3, Y3, Z3); 349| 40.4k|} pcurves_secp256r1.cpp:_ZN5Botan11to_affine_xINS_6PCurve12_GLOBAL__N_19secp256r15CurveEEEDaRKNT_15ProjectivePointE: 96| 328|auto to_affine_x(const typename C::ProjectivePoint& pt) { 97| 328| if constexpr(curve_supports_fe_invert2) { 98| 328| return pt.x() * C::fe_invert2(pt.z()); 99| | } else { 100| | const auto z_inv = invert_field_element(pt.z()); 101| | const auto z2_inv = z_inv.square(); 102| | return pt.x() * z2_inv; 103| | } 104| 328|} pcurves_secp256r1.cpp:_ZN5Botan15point_add_mixedINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_RKT1_: 240| 2.29k| const FieldElement& one) { 241| 2.29k| const auto a_is_identity = a.is_identity(); 242| 2.29k| const auto b_is_identity = b.is_identity(); 243| | 244| | /* 245| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 246| | 247| | Cost: 8M + 3S + 6add + 1*2 248| | */ 249| | 250| 2.29k| const auto Z1Z1 = a.z().square(); 251| 2.29k| const auto U2 = b.x() * Z1Z1; 252| 2.29k| const auto S2 = b.y() * a.z() * Z1Z1; 253| 2.29k| const auto H = U2 - a.x(); 254| 2.29k| const auto r = S2 - a.y(); 255| | 256| | /* Risky conditional 257| | * 258| | * This implementation uses projective coordinates, which do not have an efficient complete 259| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 260| | * 261| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 262| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 263| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 264| | * (the identity element) 265| | */ 266| 2.29k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (266:7): [True: 0, False: 2.29k] ------------------ 267| 0| return a.dbl(); 268| 0| } 269| | 270| 2.29k| const auto HH = H.square(); 271| 2.29k| const auto HHH = H * HH; 272| 2.29k| const auto V = a.x() * HH; 273| 2.29k| const auto t2 = r.square(); 274| 2.29k| const auto t3 = V + V; 275| 2.29k| const auto t4 = t2 - HHH; 276| 2.29k| auto X3 = t4 - t3; 277| 2.29k| const auto t5 = V - X3; 278| 2.29k| const auto t6 = a.y() * HHH; 279| 2.29k| const auto t7 = r * t5; 280| 2.29k| auto Y3 = t7 - t6; 281| 2.29k| auto Z3 = a.z() * H; 282| | 283| | // if a is identity then return b 284| 2.29k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), one); 285| | 286| | // if b is identity then return a 287| 2.29k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 288| | 289| 2.29k| return ProjectivePoint(X3, Y3, Z3); 290| 2.29k|} pcurves_secp256r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp256r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 328|auto to_affine_batch(std::span projective) { 108| 328| using AffinePoint = typename C::AffinePoint; 109| | 110| 328| const size_t N = projective.size(); 111| 328| std::vector affine; 112| 328| affine.reserve(N); 113| | 114| 328| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 5.24k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 5.24k, False: 328] ------------------ 117| 5.24k| any_identity = any_identity || pt.is_identity(); 118| 5.24k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 328| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 328] | Branch (126:17): [True: 0, False: 328] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 328| } else { 134| 328| std::vector c; 135| 328| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 328| c.push_back(projective[0].z()); 145| 5.24k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 4.92k, False: 328] ------------------ 146| 4.92k| c.push_back(c[i - 1] * projective[i].z()); 147| 4.92k| } 148| | 149| 328| auto s_inv = [&]() { 150| 328| if constexpr(VariableTime) { 151| 328| return c[N - 1].invert_vartime(); 152| 328| } else { 153| 328| return invert_field_element(c[N - 1]); 154| 328| } 155| 328| }(); 156| | 157| 5.24k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 4.92k, False: 328] ------------------ 158| 4.92k| const auto& p = projective[i]; 159| | 160| 4.92k| const auto z_inv = s_inv * c[i - 1]; 161| 4.92k| const auto z2_inv = z_inv.square(); 162| 4.92k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 4.92k| s_inv = s_inv * p.z(); 165| | 166| 4.92k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 4.92k| } 168| | 169| 328| const auto z2_inv = s_inv.square(); 170| 328| const auto z3_inv = s_inv * z2_inv; 171| 328| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 328| std::reverse(affine.begin(), affine.end()); 173| 328| return affine; 174| 328| } 175| | 176| 0| return affine; 177| 328|} pcurves_secp256r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp256r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 328| auto s_inv = [&]() { 150| | if constexpr(VariableTime) { 151| | return c[N - 1].invert_vartime(); 152| 328| } else { 153| 328| return invert_field_element(c[N - 1]); 154| 328| } 155| 328| }(); pcurves_secp256r1.cpp:_ZN5Botan20invert_field_elementINS_6PCurve12_GLOBAL__N_19secp256r15CurveEEEDaRKNT_12FieldElementE: 35| 328|inline constexpr auto invert_field_element(const typename C::FieldElement& fe) { 36| 328| if constexpr(curve_supports_fe_invert2) { 37| 328| return C::fe_invert2(fe) * fe; 38| | } else { 39| | return fe.invert(); 40| | } 41| 328|} pcurves_secp256r1.cpp:_ZN5Botan15dbl_n_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEES8_EEEET_RKSE_m: 432| 18.6k|inline constexpr ProjectivePoint dbl_n_a_minus_3(const ProjectivePoint& pt, size_t n) { 433| 18.6k| auto nx = pt.x(); 434| 18.6k| auto ny = pt.y().mul2(); 435| 18.6k| auto nz = pt.z(); 436| 18.6k| auto w = nz.square().square(); 437| | 438| | // Conditional ok: loop iteration count is public 439| 112k| while(n > 0) { ------------------ | Branch (439:10): [True: 93.4k, False: 18.6k] ------------------ 440| 93.4k| const auto ny2 = ny.square(); 441| 93.4k| const auto ny4 = ny2.square(); 442| 93.4k| const auto t1 = (nx.square() - w).mul3(); 443| 93.4k| const auto t2 = nx * ny2; 444| 93.4k| nx = t1.square() - t2.mul2(); 445| 93.4k| nz *= ny; 446| 93.4k| ny = t1 * (t2 - nx).mul2() - ny4; 447| 93.4k| n--; 448| | // Conditional ok: loop iteration count is public 449| 93.4k| if(n > 0) { ------------------ | Branch (449:10): [True: 74.7k, False: 18.6k] ------------------ 450| 74.7k| w *= ny4; 451| 74.7k| } 452| 93.4k| } 453| 18.6k| return ProjectivePoint(nx, ny.div2(), nz); 454| 18.6k|} pcurves_secp256r1.cpp:_ZN5Botan18sqrt_field_elementINS_6PCurve12_GLOBAL__N_19secp256r15CurveEEENS_2CT6OptionINT_12FieldElementEEERKS8_: 60| 338|inline constexpr CT::Option sqrt_field_element(const typename C::FieldElement& fe) { 61| 338| if constexpr(curve_supports_fe_sqrt) { 62| 338| auto z = C::fe_sqrt(fe); 63| | // Zero out the return value if it would otherwise be incorrect 64| 338| const CT::Choice correct = (z.square() == fe); 65| 338| z.conditional_assign(!correct, C::FieldElement::zero()); 66| 338| return CT::Option(z, correct); 67| | } else { 68| | return fe.sqrt(); 69| | } 70| 338|} pcurves_secp384r1.cpp:_ZN5Botan13dbl_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEES8_EEEET_RKSE_: 362| 3.60k|inline constexpr ProjectivePoint dbl_a_minus_3(const ProjectivePoint& pt) { 363| | /* 364| | if a == -3 then 365| | 3*x^2 + a*z^4 == 3*x^2 - 3*z^4 == 3*(x^2-z^4) == 3*(x-z^2)*(x+z^2) 366| | */ 367| 3.60k| const auto z2 = pt.z().square(); 368| 3.60k| const auto m = (pt.x() - z2).mul3() * (pt.x() + z2); 369| | 370| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 371| 3.60k| const auto y2 = pt.y().square(); 372| 3.60k| const auto s = pt.x().mul4() * y2; 373| 3.60k| const auto nx = m.square() - s.mul2(); 374| 3.60k| const auto ny = m * (s - nx) - y2.square().mul8(); 375| 3.60k| const auto nz = pt.y().mul2() * pt.z(); 376| | 377| 3.60k| return ProjectivePoint(nx, ny, nz); 378| 3.60k|} pcurves_secp384r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 1.09k|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 1.09k| const auto a_is_identity = a.is_identity(); 189| 1.09k| const auto b_is_identity = b.is_identity(); 190| | 191| 1.09k| const auto Z1Z1 = a.z().square(); 192| 1.09k| const auto Z2Z2 = b.z().square(); 193| 1.09k| const auto U1 = a.x() * Z2Z2; 194| 1.09k| const auto U2 = b.x() * Z1Z1; 195| 1.09k| const auto S1 = a.y() * b.z() * Z2Z2; 196| 1.09k| const auto S2 = b.y() * a.z() * Z1Z1; 197| 1.09k| const auto H = U2 - U1; 198| 1.09k| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 1.09k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 1.09k] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 1.09k| const auto HH = H.square(); 215| 1.09k| const auto HHH = H * HH; 216| 1.09k| const auto V = U1 * HH; 217| 1.09k| const auto t2 = r.square(); 218| 1.09k| const auto t3 = V + V; 219| 1.09k| const auto t4 = t2 - HHH; 220| 1.09k| auto X3 = t4 - t3; 221| 1.09k| const auto t5 = V - X3; 222| 1.09k| const auto t6 = S1 * HHH; 223| 1.09k| const auto t7 = r * t5; 224| 1.09k| auto Y3 = t7 - t6; 225| 1.09k| const auto t8 = b.z() * H; 226| 1.09k| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 1.09k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 1.09k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 1.09k| return ProjectivePoint(X3, Y3, Z3); 235| 1.09k|} pcurves_secp384r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp384r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 2.33k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 2.33k, False: 1] ------------------ 117| 2.33k| any_identity = any_identity || pt.is_identity(); 118| 2.33k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 2.33k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 2.33k, False: 1] ------------------ 146| 2.33k| c.push_back(c[i - 1] * projective[i].z()); 147| 2.33k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 2.33k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 2.33k, False: 1] ------------------ 158| 2.33k| const auto& p = projective[i]; 159| | 160| 2.33k| const auto z_inv = s_inv * c[i - 1]; 161| 2.33k| const auto z2_inv = z_inv.square(); 162| 2.33k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 2.33k| s_inv = s_inv * p.z(); 165| | 166| 2.33k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 2.33k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_secp384r1.cpp:_ZN5Botan9to_affineINS_6PCurve12_GLOBAL__N_19secp384r15CurveEEEDaRKNT_15ProjectivePointE: 76| 464|inline constexpr auto to_affine(const typename C::ProjectivePoint& pt) { 77| | // Not strictly required right? - default should work as long 78| | // as (0,0) is identity and invert returns 0 on 0 79| | 80| 464| if constexpr(curve_supports_fe_invert2) { 81| 464| const auto z2_inv = C::fe_invert2(pt.z()); 82| 464| const auto z3_inv = z2_inv.square() * pt.z(); 83| 464| return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 84| | } else { 85| | const auto z_inv = invert_field_element(pt.z()); 86| | const auto z2_inv = z_inv.square(); 87| | const auto z3_inv = z_inv * z2_inv; 88| | return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 89| | } 90| 464|} pcurves_secp384r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp384r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_secp384r1.cpp:_ZN5Botan22point_add_or_sub_mixedINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_NS_2CT6ChoiceERKT1_: 296| 58.7k| const FieldElement& one) { 297| 58.7k| const auto a_is_identity = a.is_identity(); 298| 58.7k| const auto b_is_identity = b.is_identity(); 299| | 300| | /* 301| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 302| | 303| | Cost: 8M + 3S + 6add + 1*2 304| | */ 305| | 306| 58.7k| auto by = b.y(); 307| 58.7k| by.conditional_assign(sub, by.negate()); 308| | 309| 58.7k| const auto Z1Z1 = a.z().square(); 310| 58.7k| const auto U2 = b.x() * Z1Z1; 311| 58.7k| const auto S2 = by * a.z() * Z1Z1; 312| 58.7k| const auto H = U2 - a.x(); 313| 58.7k| const auto r = S2 - a.y(); 314| | 315| | /* Risky conditional 316| | * 317| | * This implementation uses projective coordinates, which do not have an efficient complete 318| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 319| | * 320| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 321| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 322| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 323| | * (the identity element) 324| | */ 325| 58.7k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (325:7): [True: 0, False: 58.7k] ------------------ 326| 0| return a.dbl(); 327| 0| } 328| | 329| 58.7k| const auto HH = H.square(); 330| 58.7k| const auto HHH = H * HH; 331| 58.7k| const auto V = a.x() * HH; 332| 58.7k| const auto t2 = r.square(); 333| 58.7k| const auto t3 = V + V; 334| 58.7k| const auto t4 = t2 - HHH; 335| 58.7k| auto X3 = t4 - t3; 336| 58.7k| const auto t5 = V - X3; 337| 58.7k| const auto t6 = a.y() * HHH; 338| 58.7k| const auto t7 = r * t5; 339| 58.7k| auto Y3 = t7 - t6; 340| 58.7k| auto Z3 = a.z() * H; 341| | 342| | // if a is identity then return b 343| 58.7k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), by, one); 344| | 345| | // if b is identity then return a 346| 58.7k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 347| | 348| 58.7k| return ProjectivePoint(X3, Y3, Z3); 349| 58.7k|} pcurves_secp384r1.cpp:_ZN5Botan11to_affine_xINS_6PCurve12_GLOBAL__N_19secp384r15CurveEEEDaRKNT_15ProjectivePointE: 96| 295|auto to_affine_x(const typename C::ProjectivePoint& pt) { 97| 295| if constexpr(curve_supports_fe_invert2) { 98| 295| return pt.x() * C::fe_invert2(pt.z()); 99| | } else { 100| | const auto z_inv = invert_field_element(pt.z()); 101| | const auto z2_inv = z_inv.square(); 102| | return pt.x() * z2_inv; 103| | } 104| 295|} pcurves_secp384r1.cpp:_ZN5Botan15point_add_mixedINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_RKT1_: 240| 2.06k| const FieldElement& one) { 241| 2.06k| const auto a_is_identity = a.is_identity(); 242| 2.06k| const auto b_is_identity = b.is_identity(); 243| | 244| | /* 245| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 246| | 247| | Cost: 8M + 3S + 6add + 1*2 248| | */ 249| | 250| 2.06k| const auto Z1Z1 = a.z().square(); 251| 2.06k| const auto U2 = b.x() * Z1Z1; 252| 2.06k| const auto S2 = b.y() * a.z() * Z1Z1; 253| 2.06k| const auto H = U2 - a.x(); 254| 2.06k| const auto r = S2 - a.y(); 255| | 256| | /* Risky conditional 257| | * 258| | * This implementation uses projective coordinates, which do not have an efficient complete 259| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 260| | * 261| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 262| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 263| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 264| | * (the identity element) 265| | */ 266| 2.06k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (266:7): [True: 0, False: 2.06k] ------------------ 267| 0| return a.dbl(); 268| 0| } 269| | 270| 2.06k| const auto HH = H.square(); 271| 2.06k| const auto HHH = H * HH; 272| 2.06k| const auto V = a.x() * HH; 273| 2.06k| const auto t2 = r.square(); 274| 2.06k| const auto t3 = V + V; 275| 2.06k| const auto t4 = t2 - HHH; 276| 2.06k| auto X3 = t4 - t3; 277| 2.06k| const auto t5 = V - X3; 278| 2.06k| const auto t6 = a.y() * HHH; 279| 2.06k| const auto t7 = r * t5; 280| 2.06k| auto Y3 = t7 - t6; 281| 2.06k| auto Z3 = a.z() * H; 282| | 283| | // if a is identity then return b 284| 2.06k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), one); 285| | 286| | // if b is identity then return a 287| 2.06k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 288| | 289| 2.06k| return ProjectivePoint(X3, Y3, Z3); 290| 2.06k|} pcurves_secp384r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp384r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 295|auto to_affine_batch(std::span projective) { 108| 295| using AffinePoint = typename C::AffinePoint; 109| | 110| 295| const size_t N = projective.size(); 111| 295| std::vector affine; 112| 295| affine.reserve(N); 113| | 114| 295| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 4.72k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 4.72k, False: 295] ------------------ 117| 4.72k| any_identity = any_identity || pt.is_identity(); 118| 4.72k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 295| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 295] | Branch (126:17): [True: 0, False: 295] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 295| } else { 134| 295| std::vector c; 135| 295| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 295| c.push_back(projective[0].z()); 145| 4.72k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 4.42k, False: 295] ------------------ 146| 4.42k| c.push_back(c[i - 1] * projective[i].z()); 147| 4.42k| } 148| | 149| 295| auto s_inv = [&]() { 150| 295| if constexpr(VariableTime) { 151| 295| return c[N - 1].invert_vartime(); 152| 295| } else { 153| 295| return invert_field_element(c[N - 1]); 154| 295| } 155| 295| }(); 156| | 157| 4.72k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 4.42k, False: 295] ------------------ 158| 4.42k| const auto& p = projective[i]; 159| | 160| 4.42k| const auto z_inv = s_inv * c[i - 1]; 161| 4.42k| const auto z2_inv = z_inv.square(); 162| 4.42k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 4.42k| s_inv = s_inv * p.z(); 165| | 166| 4.42k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 4.42k| } 168| | 169| 295| const auto z2_inv = s_inv.square(); 170| 295| const auto z3_inv = s_inv * z2_inv; 171| 295| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 295| std::reverse(affine.begin(), affine.end()); 173| 295| return affine; 174| 295| } 175| | 176| 0| return affine; 177| 295|} pcurves_secp384r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp384r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 295| auto s_inv = [&]() { 150| | if constexpr(VariableTime) { 151| | return c[N - 1].invert_vartime(); 152| 295| } else { 153| 295| return invert_field_element(c[N - 1]); 154| 295| } 155| 295| }(); pcurves_secp384r1.cpp:_ZN5Botan20invert_field_elementINS_6PCurve12_GLOBAL__N_19secp384r15CurveEEEDaRKNT_12FieldElementE: 35| 295|inline constexpr auto invert_field_element(const typename C::FieldElement& fe) { 36| 295| if constexpr(curve_supports_fe_invert2) { 37| 295| return C::fe_invert2(fe) * fe; 38| | } else { 39| | return fe.invert(); 40| | } 41| 295|} pcurves_secp384r1.cpp:_ZN5Botan15dbl_n_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEES8_EEEET_RKSE_m: 432| 25.3k|inline constexpr ProjectivePoint dbl_n_a_minus_3(const ProjectivePoint& pt, size_t n) { 433| 25.3k| auto nx = pt.x(); 434| 25.3k| auto ny = pt.y().mul2(); 435| 25.3k| auto nz = pt.z(); 436| 25.3k| auto w = nz.square().square(); 437| | 438| | // Conditional ok: loop iteration count is public 439| 152k| while(n > 0) { ------------------ | Branch (439:10): [True: 126k, False: 25.3k] ------------------ 440| 126k| const auto ny2 = ny.square(); 441| 126k| const auto ny4 = ny2.square(); 442| 126k| const auto t1 = (nx.square() - w).mul3(); 443| 126k| const auto t2 = nx * ny2; 444| 126k| nx = t1.square() - t2.mul2(); 445| 126k| nz *= ny; 446| 126k| ny = t1 * (t2 - nx).mul2() - ny4; 447| 126k| n--; 448| | // Conditional ok: loop iteration count is public 449| 126k| if(n > 0) { ------------------ | Branch (449:10): [True: 101k, False: 25.3k] ------------------ 450| 101k| w *= ny4; 451| 101k| } 452| 126k| } 453| 25.3k| return ProjectivePoint(nx, ny.div2(), nz); 454| 25.3k|} pcurves_secp384r1.cpp:_ZN5Botan18sqrt_field_elementINS_6PCurve12_GLOBAL__N_19secp384r15CurveEEENS_2CT6OptionINT_12FieldElementEEERKS8_: 60| 299|inline constexpr CT::Option sqrt_field_element(const typename C::FieldElement& fe) { 61| 299| if constexpr(curve_supports_fe_sqrt) { 62| 299| auto z = C::fe_sqrt(fe); 63| | // Zero out the return value if it would otherwise be incorrect 64| 299| const CT::Choice correct = (z.square() == fe); 65| 299| z.conditional_assign(!correct, C::FieldElement::zero()); 66| 299| return CT::Option(z, correct); 67| | } else { 68| | return fe.sqrt(); 69| | } 70| 299|} pcurves_secp521r1.cpp:_ZN5Botan13dbl_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EEEET_RKSE_: 362| 3.54k|inline constexpr ProjectivePoint dbl_a_minus_3(const ProjectivePoint& pt) { 363| | /* 364| | if a == -3 then 365| | 3*x^2 + a*z^4 == 3*x^2 - 3*z^4 == 3*(x^2-z^4) == 3*(x-z^2)*(x+z^2) 366| | */ 367| 3.54k| const auto z2 = pt.z().square(); 368| 3.54k| const auto m = (pt.x() - z2).mul3() * (pt.x() + z2); 369| | 370| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 371| 3.54k| const auto y2 = pt.y().square(); 372| 3.54k| const auto s = pt.x().mul4() * y2; 373| 3.54k| const auto nx = m.square() - s.mul2(); 374| 3.54k| const auto ny = m * (s - nx) - y2.square().mul8(); 375| 3.54k| const auto nz = pt.y().mul2() * pt.z(); 376| | 377| 3.54k| return ProjectivePoint(nx, ny, nz); 378| 3.54k|} pcurves_secp521r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 1.45k|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 1.45k| const auto a_is_identity = a.is_identity(); 189| 1.45k| const auto b_is_identity = b.is_identity(); 190| | 191| 1.45k| const auto Z1Z1 = a.z().square(); 192| 1.45k| const auto Z2Z2 = b.z().square(); 193| 1.45k| const auto U1 = a.x() * Z2Z2; 194| 1.45k| const auto U2 = b.x() * Z1Z1; 195| 1.45k| const auto S1 = a.y() * b.z() * Z2Z2; 196| 1.45k| const auto S2 = b.y() * a.z() * Z1Z1; 197| 1.45k| const auto H = U2 - U1; 198| 1.45k| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 1.45k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 1.45k] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 1.45k| const auto HH = H.square(); 215| 1.45k| const auto HHH = H * HH; 216| 1.45k| const auto V = U1 * HH; 217| 1.45k| const auto t2 = r.square(); 218| 1.45k| const auto t3 = V + V; 219| 1.45k| const auto t4 = t2 - HHH; 220| 1.45k| auto X3 = t4 - t3; 221| 1.45k| const auto t5 = V - X3; 222| 1.45k| const auto t6 = S1 * HHH; 223| 1.45k| const auto t7 = r * t5; 224| 1.45k| auto Y3 = t7 - t6; 225| 1.45k| const auto t8 = b.z() * H; 226| 1.45k| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 1.45k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 1.45k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 1.45k| return ProjectivePoint(X3, Y3, Z3); 235| 1.45k|} pcurves_secp521r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp521r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 3.10k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 3.10k, False: 1] ------------------ 117| 3.10k| any_identity = any_identity || pt.is_identity(); 118| 3.10k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 3.10k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 3.10k, False: 1] ------------------ 146| 3.10k| c.push_back(c[i - 1] * projective[i].z()); 147| 3.10k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 3.10k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 3.10k, False: 1] ------------------ 158| 3.10k| const auto& p = projective[i]; 159| | 160| 3.10k| const auto z_inv = s_inv * c[i - 1]; 161| 3.10k| const auto z2_inv = z_inv.square(); 162| 3.10k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 3.10k| s_inv = s_inv * p.z(); 165| | 166| 3.10k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 3.10k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_secp521r1.cpp:_ZN5Botan9to_affineINS_6PCurve12_GLOBAL__N_19secp521r15CurveEEEDaRKNT_15ProjectivePointE: 76| 398|inline constexpr auto to_affine(const typename C::ProjectivePoint& pt) { 77| | // Not strictly required right? - default should work as long 78| | // as (0,0) is identity and invert returns 0 on 0 79| | 80| 398| if constexpr(curve_supports_fe_invert2) { 81| 398| const auto z2_inv = C::fe_invert2(pt.z()); 82| 398| const auto z3_inv = z2_inv.square() * pt.z(); 83| 398| return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 84| | } else { 85| | const auto z_inv = invert_field_element(pt.z()); 86| | const auto z2_inv = z_inv.square(); 87| | const auto z3_inv = z_inv * z2_inv; 88| | return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 89| | } 90| 398|} pcurves_secp521r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp521r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_secp521r1.cpp:_ZN5Botan22point_add_or_sub_mixedINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_NS_2CT6ChoiceERKT1_: 296| 65.4k| const FieldElement& one) { 297| 65.4k| const auto a_is_identity = a.is_identity(); 298| 65.4k| const auto b_is_identity = b.is_identity(); 299| | 300| | /* 301| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 302| | 303| | Cost: 8M + 3S + 6add + 1*2 304| | */ 305| | 306| 65.4k| auto by = b.y(); 307| 65.4k| by.conditional_assign(sub, by.negate()); 308| | 309| 65.4k| const auto Z1Z1 = a.z().square(); 310| 65.4k| const auto U2 = b.x() * Z1Z1; 311| 65.4k| const auto S2 = by * a.z() * Z1Z1; 312| 65.4k| const auto H = U2 - a.x(); 313| 65.4k| const auto r = S2 - a.y(); 314| | 315| | /* Risky conditional 316| | * 317| | * This implementation uses projective coordinates, which do not have an efficient complete 318| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 319| | * 320| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 321| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 322| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 323| | * (the identity element) 324| | */ 325| 65.4k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (325:7): [True: 0, False: 65.4k] ------------------ 326| 0| return a.dbl(); 327| 0| } 328| | 329| 65.4k| const auto HH = H.square(); 330| 65.4k| const auto HHH = H * HH; 331| 65.4k| const auto V = a.x() * HH; 332| 65.4k| const auto t2 = r.square(); 333| 65.4k| const auto t3 = V + V; 334| 65.4k| const auto t4 = t2 - HHH; 335| 65.4k| auto X3 = t4 - t3; 336| 65.4k| const auto t5 = V - X3; 337| 65.4k| const auto t6 = a.y() * HHH; 338| 65.4k| const auto t7 = r * t5; 339| 65.4k| auto Y3 = t7 - t6; 340| 65.4k| auto Z3 = a.z() * H; 341| | 342| | // if a is identity then return b 343| 65.4k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), by, one); 344| | 345| | // if b is identity then return a 346| 65.4k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 347| | 348| 65.4k| return ProjectivePoint(X3, Y3, Z3); 349| 65.4k|} pcurves_secp521r1.cpp:_ZN5Botan11to_affine_xINS_6PCurve12_GLOBAL__N_19secp521r15CurveEEEDaRKNT_15ProjectivePointE: 96| 237|auto to_affine_x(const typename C::ProjectivePoint& pt) { 97| 237| if constexpr(curve_supports_fe_invert2) { 98| 237| return pt.x() * C::fe_invert2(pt.z()); 99| | } else { 100| | const auto z_inv = invert_field_element(pt.z()); 101| | const auto z2_inv = z_inv.square(); 102| | return pt.x() * z2_inv; 103| | } 104| 237|} pcurves_secp521r1.cpp:_ZN5Botan15point_add_mixedINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_RKT1_: 240| 1.65k| const FieldElement& one) { 241| 1.65k| const auto a_is_identity = a.is_identity(); 242| 1.65k| const auto b_is_identity = b.is_identity(); 243| | 244| | /* 245| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 246| | 247| | Cost: 8M + 3S + 6add + 1*2 248| | */ 249| | 250| 1.65k| const auto Z1Z1 = a.z().square(); 251| 1.65k| const auto U2 = b.x() * Z1Z1; 252| 1.65k| const auto S2 = b.y() * a.z() * Z1Z1; 253| 1.65k| const auto H = U2 - a.x(); 254| 1.65k| const auto r = S2 - a.y(); 255| | 256| | /* Risky conditional 257| | * 258| | * This implementation uses projective coordinates, which do not have an efficient complete 259| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 260| | * 261| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 262| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 263| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 264| | * (the identity element) 265| | */ 266| 1.65k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (266:7): [True: 0, False: 1.65k] ------------------ 267| 0| return a.dbl(); 268| 0| } 269| | 270| 1.65k| const auto HH = H.square(); 271| 1.65k| const auto HHH = H * HH; 272| 1.65k| const auto V = a.x() * HH; 273| 1.65k| const auto t2 = r.square(); 274| 1.65k| const auto t3 = V + V; 275| 1.65k| const auto t4 = t2 - HHH; 276| 1.65k| auto X3 = t4 - t3; 277| 1.65k| const auto t5 = V - X3; 278| 1.65k| const auto t6 = a.y() * HHH; 279| 1.65k| const auto t7 = r * t5; 280| 1.65k| auto Y3 = t7 - t6; 281| 1.65k| auto Z3 = a.z() * H; 282| | 283| | // if a is identity then return b 284| 1.65k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), one); 285| | 286| | // if b is identity then return a 287| 1.65k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 288| | 289| 1.65k| return ProjectivePoint(X3, Y3, Z3); 290| 1.65k|} pcurves_secp521r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp521r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 237|auto to_affine_batch(std::span projective) { 108| 237| using AffinePoint = typename C::AffinePoint; 109| | 110| 237| const size_t N = projective.size(); 111| 237| std::vector affine; 112| 237| affine.reserve(N); 113| | 114| 237| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 3.79k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 3.79k, False: 237] ------------------ 117| 3.79k| any_identity = any_identity || pt.is_identity(); 118| 3.79k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 237| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 237] | Branch (126:17): [True: 0, False: 237] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 237| } else { 134| 237| std::vector c; 135| 237| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 237| c.push_back(projective[0].z()); 145| 3.79k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 3.55k, False: 237] ------------------ 146| 3.55k| c.push_back(c[i - 1] * projective[i].z()); 147| 3.55k| } 148| | 149| 237| auto s_inv = [&]() { 150| 237| if constexpr(VariableTime) { 151| 237| return c[N - 1].invert_vartime(); 152| 237| } else { 153| 237| return invert_field_element(c[N - 1]); 154| 237| } 155| 237| }(); 156| | 157| 3.79k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 3.55k, False: 237] ------------------ 158| 3.55k| const auto& p = projective[i]; 159| | 160| 3.55k| const auto z_inv = s_inv * c[i - 1]; 161| 3.55k| const auto z2_inv = z_inv.square(); 162| 3.55k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 3.55k| s_inv = s_inv * p.z(); 165| | 166| 3.55k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 3.55k| } 168| | 169| 237| const auto z2_inv = s_inv.square(); 170| 237| const auto z3_inv = s_inv * z2_inv; 171| 237| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 237| std::reverse(affine.begin(), affine.end()); 173| 237| return affine; 174| 237| } 175| | 176| 0| return affine; 177| 237|} pcurves_secp521r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp521r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 237| auto s_inv = [&]() { 150| | if constexpr(VariableTime) { 151| | return c[N - 1].invert_vartime(); 152| 237| } else { 153| 237| return invert_field_element(c[N - 1]); 154| 237| } 155| 237| }(); pcurves_secp521r1.cpp:_ZN5Botan20invert_field_elementINS_6PCurve12_GLOBAL__N_19secp521r15CurveEEEDaRKNT_12FieldElementE: 35| 237|inline constexpr auto invert_field_element(const typename C::FieldElement& fe) { 36| 237| if constexpr(curve_supports_fe_invert2) { 37| 237| return C::fe_invert2(fe) * fe; 38| | } else { 39| | return fe.invert(); 40| | } 41| 237|} pcurves_secp521r1.cpp:_ZN5Botan15dbl_n_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EEEET_RKSE_m: 432| 27.2k|inline constexpr ProjectivePoint dbl_n_a_minus_3(const ProjectivePoint& pt, size_t n) { 433| 27.2k| auto nx = pt.x(); 434| 27.2k| auto ny = pt.y().mul2(); 435| 27.2k| auto nz = pt.z(); 436| 27.2k| auto w = nz.square().square(); 437| | 438| | // Conditional ok: loop iteration count is public 439| 163k| while(n > 0) { ------------------ | Branch (439:10): [True: 136k, False: 27.2k] ------------------ 440| 136k| const auto ny2 = ny.square(); 441| 136k| const auto ny4 = ny2.square(); 442| 136k| const auto t1 = (nx.square() - w).mul3(); 443| 136k| const auto t2 = nx * ny2; 444| 136k| nx = t1.square() - t2.mul2(); 445| 136k| nz *= ny; 446| 136k| ny = t1 * (t2 - nx).mul2() - ny4; 447| 136k| n--; 448| | // Conditional ok: loop iteration count is public 449| 136k| if(n > 0) { ------------------ | Branch (449:10): [True: 109k, False: 27.2k] ------------------ 450| 109k| w *= ny4; 451| 109k| } 452| 136k| } 453| 27.2k| return ProjectivePoint(nx, ny.div2(), nz); 454| 27.2k|} pcurves_secp521r1.cpp:_ZN5Botan18sqrt_field_elementINS_6PCurve12_GLOBAL__N_19secp521r15CurveEEENS_2CT6OptionINT_12FieldElementEEERKS8_: 60| 247|inline constexpr CT::Option sqrt_field_element(const typename C::FieldElement& fe) { 61| 247| if constexpr(curve_supports_fe_sqrt) { 62| 247| auto z = C::fe_sqrt(fe); 63| | // Zero out the return value if it would otherwise be incorrect 64| 247| const CT::Choice correct = (z.square() == fe); 65| 247| z.conditional_assign(!correct, C::FieldElement::zero()); 66| 247| return CT::Option(z, correct); 67| | } else { 68| | return fe.sqrt(); 69| | } 70| 247|} pcurves_brainpool256r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1.69k| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1.69k| auto x = pt.x(); 1027| 1.69k| auto y = pt.y(); 1028| 1.69k| auto z = FieldElement::one(); 1029| | 1030| 1.69k| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1.69k| return ProjectiveCurvePoint(x, y, z); 1033| 1.69k| } pcurves_brainpool256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE1xEv: 971| 1.72M| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE1yEv: 976| 1.66M| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE3oneEv: 200| 69.0k| static constexpr Self one() { return Self(Rep::one()); } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E11FieldParamsEE3oneEv: 99| 69.0k| constexpr static std::array one() { return R1; } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 3.89M| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1.69k| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1.69k| const W mask = cond.into_bitmask(); 412| | 413| 8.45k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 6.76k, False: 1.69k] ------------------ 414| 6.76k| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 6.76k| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 6.76k| x.m_val[i] = nx; 417| 6.76k| y.m_val[i] = ny; 418| 6.76k| } 419| 1.69k| } pcurves_brainpool256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE11is_identityEv: 928| 72.4k| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE7is_zeroEv: 225| 356k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 103k| m_x(x), m_y(y), m_z(z) {} pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E3dblEv: 1121| 4.94k| constexpr Self dbl() const { 1122| | if constexpr(Self::A_is_minus_3) { 1123| | return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| 4.94k| } else { 1127| 4.94k| return dbl_generic(*this, A); 1128| 4.94k| } 1129| 4.94k| } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E1zEv: 1172| 403k| constexpr const FieldElement& z() const { return m_z; } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE6squareEv: 426| 905k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 905k| std::array z; // NOLINT(*-member-init) 428| 905k| comba_sqr(z.data(), this->data()); 429| 905k| return Self(Rep::redc(z)); 430| 905k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4dataEv: 896| 4.24M| constexpr const W* data() const { return m_val.data(); } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E11FieldParamsEE4redcERKNSt3__15arrayImLm8EEE: 104| 2.83M| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 2.83M| } else { 108| 2.83M| return monty_redc(z, P, P_dash); 109| 2.83M| } 110| 2.83M| } pcurves_brainpool256r1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEESC_: 265| 371k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 371k| std::array t; // NOLINT(*-member-init) 267| | 268| 371k| W carry = 0; 269| 1.85M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 1.48M, False: 371k] ------------------ 270| 1.48M| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 1.48M| } 272| | 273| 371k| std::array r; // NOLINT(*-member-init) 274| 371k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 371k| return Self(r); 276| 371k| } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E1xEv: 1162| 250k| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4mul3Ev: 335| 151k| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_brainpool256r1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEESC_: 346| 949k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 949k| std::array z; // NOLINT(*-member-init) 348| 949k| comba_mul(z.data(), a.data(), b.data()); 349| 949k| return Self(Rep::redc(z)); 350| 949k| } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E1yEv: 1167| 249k| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4mul4Ev: 338| 4.94k| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_brainpool256r1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEESC_: 281| 846k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 846k| std::array r; // NOLINT(*-member-init) 283| 846k| W carry = 0; 284| 4.23M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 3.38M, False: 846k] ------------------ 285| 3.38M| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 3.38M| } 287| | 288| 846k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 846k| carry = 0; 291| | 292| 4.23M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 3.38M, False: 846k] ------------------ 293| 3.38M| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 3.38M| } 295| | 296| 846k| return Self(r); 297| 846k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4mul2Ev: 325| 508k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 508k| std::array t = value(); 327| 508k| const W carry = shift_left<1>(t); 328| | 329| 508k| std::array r; // NOLINT(*-member-init) 330| 508k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 508k| return Self(r); 332| 508k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE5valueEv: 894| 537k| constexpr const std::array& value() const { return m_val; } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4mul8Ev: 341| 4.94k| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_brainpool256r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_EESE_: 1064| 735| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 735| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 76.4k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 131k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 131k| const W mask = cond.into_bitmask(); 397| | 398| 659k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 527k, False: 131k] ------------------ 399| 527k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 527k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 527k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 527k| } 403| 131k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE6invertEv: 538| 1.69k| constexpr Self invert() const { return pow_vartime(Self::P_MINUS_2); } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE11pow_vartimeERKNSt3__15arrayImLm4EEE: 477| 2.21k| constexpr Self pow_vartime(const std::array& exp) const { 478| 2.21k| constexpr size_t WindowBits = (Self::BITS <= 256) ? 4 : 5; ------------------ | Branch (478:40): [True: 0, Folded] ------------------ 479| 2.21k| constexpr size_t WindowElements = (1 << WindowBits) - 1; 480| | 481| 2.21k| constexpr size_t Windows = (Self::BITS + WindowBits - 1) / WindowBits; 482| | 483| | /* 484| | A simple fixed width window modular multiplication. 485| | 486| | TODO: investigate using sliding window here 487| | */ 488| | 489| 2.21k| std::array tbl; 490| | 491| 2.21k| tbl[0] = (*this); 492| | 493| 33.2k| for(size_t i = 1; i != WindowElements; ++i) { ------------------ | Branch (493:28): [True: 31.0k, False: 2.21k] ------------------ 494| | // Conditional ok: table indexes are public here 495| 31.0k| if(i % 2 == 1) { ------------------ | Branch (495:16): [True: 15.5k, False: 15.5k] ------------------ 496| 15.5k| tbl[i] = tbl[i / 2].square(); 497| 15.5k| } else { 498| 15.5k| tbl[i] = tbl[i - 1] * tbl[0]; 499| 15.5k| } 500| 31.0k| } 501| | 502| 2.21k| auto r = Self::one(); 503| | 504| 2.21k| const size_t w0 = read_window_bits(std::span{exp}, (Windows - 1) * WindowBits); 505| | 506| | // Conditional ok: this function is variable time 507| 2.21k| if(w0 > 0) { ------------------ | Branch (507:13): [True: 2.21k, False: 0] ------------------ 508| 2.21k| r = tbl[w0 - 1]; 509| 2.21k| } 510| | 511| 141k| for(size_t i = 1; i != Windows; ++i) { ------------------ | Branch (511:28): [True: 139k, False: 2.21k] ------------------ 512| 139k| r.square_n(WindowBits); 513| | 514| 139k| const size_t w = read_window_bits(std::span{exp}, (Windows - i - 1) * WindowBits); 515| | 516| | // Conditional ok: this function is variable time 517| 139k| if(w > 0) { ------------------ | Branch (517:16): [True: 129k, False: 9.92k] ------------------ 518| 129k| r *= tbl[w - 1]; 519| 129k| } 520| 139k| } 521| | 522| 2.21k| return r; 523| 2.21k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEC2Ev: 180| 33.2k| constexpr IntMod() : m_val({}) {} pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE8square_nEm: 439| 139k| constexpr void square_n(size_t n) { 440| 139k| std::array z; // NOLINT(*-member-init) 441| 698k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 558k, False: 139k] ------------------ 442| 558k| comba_sqr(z.data(), this->data()); 443| 558k| m_val = Rep::redc(z); 444| 558k| } 445| 139k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEmLERKSA_: 355| 407k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 407k| std::array z; // NOLINT(*-member-init) 357| 407k| comba_mul(z.data(), data(), other.data()); 358| 407k| m_val = Rep::redc(z); 359| 407k| return (*this); 360| 407k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 177| for(;;) { 618| | // Conditional ok: this function is variable time 619| 177| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 176] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 176| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 176| std::array r; // NOLINT(*-member-init) 640| 176| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 176| if(carry == 0) { ------------------ | Branch (643:16): [True: 94, False: 82] ------------------ 644| | // b > a 645| 94| b.m_val = r; 646| 94| x = nx; 647| 94| Self::_invert_vartime_div2_helper(b, x); 648| 94| } else { 649| | // We know this can't underflow because a > b 650| 82| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 82| a.m_val = r; 652| 82| y = nx; 653| 82| Self::_invert_vartime_div2_helper(a, y); 654| 82| } 655| 176| } 656| 1| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4zeroEv: 195| 126k| static constexpr Self zero() { return Self(std::array{0}); } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E11FieldParamsEE8from_repERKNSt3__15arrayImLm4EEE: 137| 6.46k| constexpr static std::array from_rep(const std::array& z) { 138| 6.46k| std::array ze = {}; 139| 6.46k| copy_mem(std::span{ze}.template first(), z); 140| 6.46k| return Self::redc(ze); 141| 6.46k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 178| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 178| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 553| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 375, False: 178] ------------------ 552| 375| shift_right<1>(a.m_val); 553| | 554| 375| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 375| if(borrow) { ------------------ | Branch (557:16): [True: 193, False: 182] ------------------ 558| 193| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 193| } 560| 375| } 561| 178| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE6negateEv: 452| 62.7k| constexpr Self negate() const { 453| 62.7k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 62.7k| std::array r; // NOLINT(*-member-init) 456| 62.7k| W carry = 0; 457| 313k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 251k, False: 62.7k] ------------------ 458| 251k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 251k| } 460| | 461| 62.7k| return Self(r); 462| 62.7k| } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E11FieldParamsEE6to_repERKNSt3__15arrayImLm4EEE: 115| 6.28k| constexpr static std::array to_rep(const std::array& x) { 116| 6.28k| std::array z; // NOLINT(*-member-init) 117| 6.28k| comba_mul(z.data(), x.data(), R2.data()); 118| 6.28k| return Self::redc(z); 119| 6.28k| } pcurves_brainpool256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 79.6k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 5.36k| std::array stash_value() const { 760| 5.36k| static_assert(L >= N); 761| 5.36k| std::array stash = {}; 762| 26.8k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 21.4k, False: 5.36k] ------------------ 763| 21.4k| stash[i] = m_val[i]; 764| 21.4k| } 765| 5.36k| return stash; 766| 5.36k| } pcurves_brainpool256r1.cpp:_ZNK5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1407| 662| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1408| 662| const BlindedScalar scalar(s, rng); 1409| 662| return basemul_booth_exec(m_table, scalar, rng); 1410| 662| } pcurves_brainpool256r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm7EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 662| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 662| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 662, Folded] | Branch (1308:33): [True: 662, False: 0] ------------------ 1309| 662| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 662| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 662| constexpr size_t n_words = C::Words; 1313| | 1314| 662| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 662| rng.randomize(maskb, MaskBytes); 1316| | 1317| 662| W mask[n_words] = {0}; 1318| 662| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 662| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 662| if constexpr(ExcessBits > 0) { 1323| 662| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 662| mask[MaskWords - 1] &= ExcessMask; 1325| 662| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 662| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 662| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 662| mask[0] |= 1; 1331| | 1332| 662| W mask_n[2 * n_words] = {0}; 1333| | 1334| 662| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 662| comba_mul(mask_n, mask, C::NW.data()); 1338| 662| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 662| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 662| m_bytes = store_be>(mask_n); 1342| 662| m_bits = C::Scalar::BITS + BlindingBits; 1343| 662| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 662| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 662| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE8to_wordsEv: 734| 1.17k| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E12ScalarParamsEE8from_repERKNSt3__15arrayImLm4EEE: 137| 1.83k| constexpr static std::array from_rep(const std::array& z) { 138| 1.83k| std::array ze = {}; 139| 1.83k| copy_mem(std::span{ze}.template first(), z); 140| 1.83k| return Self::redc(ze); 141| 1.83k| } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E12ScalarParamsEE4redcERKNSt3__15arrayImLm8EEE: 104| 2.50k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 2.50k| } else { 108| 2.50k| return monty_redc(z, P, P_dash); 109| 2.50k| } 110| 2.50k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm32EEE: 739| 662| constexpr void serialize_to(std::span bytes) const { 740| 662| auto v = Rep::from_rep(m_val); 741| 662| std::reverse(v.begin(), v.end()); 742| | 743| 662| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 662| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 662| } pcurves_brainpool256r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm7EE4bitsEv: 1305| 662| size_t bits() const { return m_bits; } pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E18conditional_assignENS_2CT6ChoiceERKSC_: 1084| 1.17k| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 1085| 1.17k| FieldElement::conditional_assign(m_x, m_y, m_z, cond, pt.x(), pt.y(), pt.z()); 1086| 1.17k| } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E6negateEv: 1134| 1.17k| constexpr Self negate() const { return Self(x(), y().negate(), z()); } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E18_const_time_poisonEv: 1174| 1.17k| constexpr void _const_time_poison() const { CT::poison_all(m_x, m_y, m_z); } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE18_const_time_poisonEv: 889| 3.52k| constexpr void _const_time_poison() const { CT::poison(m_val); } pcurves_brainpool256r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm7EE10get_windowEm: 1353| 32.4k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 32.4k| return read_window_bits(std::span{m_bytes}, offset); 1356| 32.4k| } pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E10add_or_subERKSC_RKNS_16AffineCurvePointISB_EENS_2CT6ChoiceE: 1096| 61.0k| constexpr static Self add_or_sub(const Self& a, const AffinePoint& b, CT::Choice sub) { 1097| 61.0k| return point_add_or_sub_mixed(a, b, sub, FieldElement::one()); 1098| 61.0k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE18conditional_assignENS_2CT6ChoiceERKSA_: 367| 62.1k| constexpr void conditional_assign(CT::Choice cond, const Self& nx) { 368| 62.1k| const W mask = cond.into_bitmask(); 369| | 370| 310k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (370:28): [True: 248k, False: 62.1k] ------------------ 371| 248k| m_val[i] = Botan::choose(mask, nx.m_val[i], m_val[i]); 372| 248k| } 373| 62.1k| } pcurves_brainpool256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE9ct_selectENSt3__14spanIKSC_Lm18446744073709551615EEEm: 955| 32.4k| static constexpr auto ct_select(std::span pts, size_t idx) { 956| 32.4k| auto result = Self::identity(pts[0]); 957| | 958| | // Intentionally wrapping; set to maximum size_t if idx == 0 959| 32.4k| const size_t idx1 = static_cast(idx - 1); 960| 1.07M| for(size_t i = 0; i != pts.size(); ++i) { ------------------ | Branch (960:28): [True: 1.03M, False: 32.4k] ------------------ 961| 1.03M| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 962| 1.03M| result.conditional_assign(found, pts[i]); 963| 1.03M| } 964| | 965| 32.4k| return result; 966| 32.4k| } pcurves_brainpool256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE8identityERKSC_: 924| 62.2k| static constexpr Self identity(const Self& /*unused*/) { 925| 62.2k| return Self(FieldElement::zero(), FieldElement::zero()); 926| 62.2k| } pcurves_brainpool256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE18conditional_assignENS_2CT6ChoiceERKSC_: 981| 1.51M| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 982| 1.51M| FieldElement::conditional_assign(m_x, m_y, cond, pt.x(), pt.y()); 983| 1.51M| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE18conditional_assignERSA_SB_NS_2CT6ChoiceERKSA_SF_: 380| 1.51M| static constexpr void conditional_assign(Self& x, Self& y, CT::Choice cond, const Self& nx, const Self& ny) { 381| 1.51M| const W mask = cond.into_bitmask(); 382| | 383| 7.57M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (383:28): [True: 6.06M, False: 1.51M] ------------------ 384| 6.06M| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 385| 6.06M| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 386| 6.06M| } 387| 1.51M| } pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E13randomize_repERNS_21RandomNumberGeneratorE: 1142| 4.70k| void randomize_rep(RandomNumberGenerator& rng) { 1143| | // In certain contexts we may be called with a Null_RNG; in that case the 1144| | // caller is accepting that randomization will not occur 1145| | 1146| | // Conditional ok: caller's RNG state (seeded vs not) is presumed public 1147| 4.70k| if(rng.is_seeded()) { ------------------ | Branch (1147:13): [True: 4.70k, False: 0] ------------------ 1148| 4.70k| auto r = FieldElement::random(rng); 1149| | 1150| 4.70k| auto r2 = r.square(); 1151| 4.70k| auto r3 = r2 * r; 1152| | 1153| 4.70k| m_x *= r2; 1154| 4.70k| m_y *= r3; 1155| 4.70k| m_z *= r; 1156| 4.70k| } 1157| 4.70k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 4.70k| static Self random(RandomNumberGenerator& rng) { 852| 4.70k| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 4.70k| std::array buf{}; 855| | 856| 7.09k| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 7.09k, False: 0] ------------------ 857| 7.09k| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 7.09k| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 4.70k, False: 2.39k] ------------------ 868| 4.70k| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 4.70k, False: 0] ------------------ 869| 4.70k| return s.value(); 870| 4.70k| } 871| 4.70k| } 872| 7.09k| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 4.70k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 8.68k| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 8.68k| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 8.68k] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 8.68k| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 8.68k| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 2.39k, False: 6.28k] ------------------ 802| 2.39k| return {}; 803| 2.39k| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 6.28k| return Self::from_words(words); 807| 8.68k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE10from_wordsILm4EEESA_NSt3__15arrayImXT_EEE: 211| 6.28k| static constexpr Self from_words(std::array w) { 212| 6.28k| if constexpr(L == N) { 213| 6.28k| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 6.28k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE10is_nonzeroEv: 230| 4.70k| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E20_const_time_unpoisonEv: 1176| 1.17k| constexpr void _const_time_unpoison() const { CT::unpoison_all(m_x, m_y, m_z); } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE20_const_time_unpoisonEv: 891| 3.52k| constexpr void _const_time_unpoison() const { CT::unpoison(m_val); } pcurves_brainpool256r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm7EED2Ev: 1358| 662| ~BlindedScalarBits() { 1359| 662| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 662| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 662| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 2.50k| static Self from_stash(const std::array& stash) { 775| 2.50k| static_assert(L >= N); 776| 2.50k| std::array val = {}; 777| 12.5k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 10.0k, False: 2.50k] ------------------ 778| 10.0k| val[i] = stash[i]; 779| 10.0k| } 780| 2.50k| return Self(val); 781| 2.50k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 3.16k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE12serialize_toENSt3__14spanIhLm32EEE: 739| 5.95k| constexpr void serialize_to(std::span bytes) const { 740| 5.95k| auto v = Rep::from_rep(m_val); 741| 5.95k| std::reverse(v.begin(), v.end()); 742| | 743| 5.95k| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 5.95k| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 5.95k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 662| std::array stash_value() const { 760| 662| static_assert(L >= N); 761| 662| std::array stash = {}; 762| 3.31k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 2.64k, False: 662] ------------------ 763| 2.64k| stash[i] = m_val[i]; 764| 2.64k| } 765| 662| return stash; 766| 662| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 13.8k| static Self from_stash(const std::array& stash) { 775| 13.8k| static_assert(L >= N); 776| 13.8k| std::array val = {}; 777| 69.4k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 55.5k, False: 13.8k] ------------------ 778| 55.5k| val[i] = stash[i]; 779| 55.5k| } 780| 13.8k| return Self(val); 781| 13.8k| } pcurves_brainpool256r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm4EEC2ERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1487| 514| explicit WindowedBoothMulTable(const AffinePoint& p) : m_table(varpoint_setup(p)) {} pcurves_brainpool256r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_EERKNS_16AffineCurvePointISB_EE: 1066| 3.59k| friend constexpr Self operator+(const Self& a, const AffinePoint& b) { return Self::add_mixed(a, b); } pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E9add_mixedERKSC_RKNS_16AffineCurvePointISB_EE: 1091| 3.59k| constexpr static Self add_mixed(const Self& a, const AffinePoint& b) { 1092| 3.59k| return point_add_mixed(a, b, FieldElement::one()); 1093| 3.59k| } pcurves_brainpool256r1.cpp:_ZNK5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm4EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1489| 514| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1490| 514| const BlindedScalar bits(s, rng); 1491| | 1492| 514| const size_t scalar_bits = bits.bits(); 1493| 514| const size_t full_windows = compute_full_windows(scalar_bits + 1, WindowBits); 1494| 514| const size_t initial_shift = compute_initial_shift(scalar_bits + 1, WindowBits); 1495| | 1496| 514| BOTAN_DEBUG_ASSERT(full_windows * WindowBits + initial_shift == scalar_bits + 1); ------------------ | | 130| 514| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 514| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 514] | | ------------------ ------------------ 1497| 514| BOTAN_DEBUG_ASSERT(initial_shift > 0); ------------------ | | 130| 514| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 514| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 514] | | ------------------ ------------------ 1498| | 1499| 514| auto accum = ProjectivePoint::identity(); 1500| 514| CT::poison(accum); 1501| | 1502| 29.8k| for(size_t i = 0; i != full_windows; ++i) { ------------------ | Branch (1502:28): [True: 29.2k, False: 514] ------------------ 1503| 29.2k| const size_t idx = scalar_bits - initial_shift - WindowBits * i; 1504| | 1505| 29.2k| const size_t w_i = bits.get_window(idx); 1506| 29.2k| const auto [tidx, tneg] = booth_recode(w_i); 1507| | 1508| | // Conditional ok: loop iteration count is public 1509| 29.2k| if(i == 0) { ------------------ | Branch (1509:16): [True: 514, False: 28.7k] ------------------ 1510| 514| accum = ProjectivePoint::from_affine(m_table.ct_select(tidx)); 1511| 514| accum.conditional_assign(tneg, accum.negate()); 1512| 28.7k| } else { 1513| 28.7k| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1514| 28.7k| } 1515| | 1516| 29.2k| accum = accum.dbl_n(WindowBits); 1517| | 1518| | // Conditional ok: loop iteration count is public 1519| 29.2k| if(i <= 3) { ------------------ | Branch (1519:16): [True: 2.05k, False: 27.2k] ------------------ 1520| 2.05k| accum.randomize_rep(rng); 1521| 2.05k| } 1522| 29.2k| } 1523| | 1524| | // final window (note one bit shorter than previous reads) 1525| 514| const size_t w_l = bits.get_window(0) & ((1 << WindowBits) - 1); 1526| 514| const auto [tidx, tneg] = booth_recode(w_l << 1); 1527| 514| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1528| | 1529| 514| CT::unpoison(accum); 1530| 514| return accum; 1531| 514| } pcurves_brainpool256r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 514| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 514| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 514, Folded] | Branch (1308:33): [True: 514, False: 0] ------------------ 1309| 514| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 514| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 514| constexpr size_t n_words = C::Words; 1313| | 1314| 514| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 514| rng.randomize(maskb, MaskBytes); 1316| | 1317| 514| W mask[n_words] = {0}; 1318| 514| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 514| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 514| if constexpr(ExcessBits > 0) { 1323| 514| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 514| mask[MaskWords - 1] &= ExcessMask; 1325| 514| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 514| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 514| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 514| mask[0] |= 1; 1331| | 1332| 514| W mask_n[2 * n_words] = {0}; 1333| | 1334| 514| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 514| comba_mul(mask_n, mask, C::NW.data()); 1338| 514| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 514| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 514| m_bytes = store_be>(mask_n); 1342| 514| m_bits = C::Scalar::BITS + BlindingBits; 1343| 514| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 514| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 514| } pcurves_brainpool256r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6EE4bitsEv: 1305| 514| size_t bits() const { return m_bits; } pcurves_brainpool256r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm4EE20compute_full_windowsEmm: 1468| 514| static constexpr size_t compute_full_windows(size_t sb, size_t wb) { 1469| 514| if(sb % wb == 0) { ------------------ | Branch (1469:13): [True: 0, False: 514] ------------------ 1470| 0| return (sb - 1) / wb; 1471| 514| } else { 1472| 514| return sb / wb; 1473| 514| } 1474| 514| } pcurves_brainpool256r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm4EE21compute_initial_shiftEmm: 1476| 514| static constexpr size_t compute_initial_shift(size_t sb, size_t wb) { 1477| 514| if(sb % wb == 0) { ------------------ | Branch (1477:13): [True: 0, False: 514] ------------------ 1478| 0| return wb; 1479| 514| } else { 1480| 514| return sb - (sb / wb) * wb; 1481| 514| } 1482| 514| } pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E8identityEv: 1038| 514| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::one(), FieldElement::zero()); } pcurves_brainpool256r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6EE10get_windowEm: 1353| 29.8k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 29.8k| return read_window_bits(std::span{m_bytes}, offset); 1356| 29.8k| } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E5dbl_nEm: 1108| 29.2k| constexpr Self dbl_n(size_t n) const { 1109| | if constexpr(Self::A_is_minus_3) { 1110| | return dbl_n_a_minus_3(*this, n); 1111| | } else if constexpr(Self::A_is_zero) { 1112| | return dbl_n_a_zero(*this, n); 1113| 29.2k| } else { 1114| 29.2k| return dbl_n_generic(*this, A, n); 1115| 29.2k| } 1116| 29.2k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4div2Ev: 302| 29.2k| Self div2() const { 303| | // The inverse of 2 modulo P is (P/2)+1; this avoids a constexpr time 304| | // general inversion, which some compilers can't handle 305| 29.2k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 306| | 307| | // We could multiply by INV_2 but there is a better way ... 308| | 309| 29.2k| std::array t = value(); 310| 29.2k| const W borrow = shift_right<1>(t); 311| | 312| | // If value was odd, add (P/2)+1 313| 29.2k| const auto mask = CT::Mask::expand(borrow).value(); 314| | 315| 29.2k| W carry = 0; 316| | 317| 146k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (317:28): [True: 117k, False: 29.2k] ------------------ 318| 117k| t[i] = word_add(t[i], INV_2[i] & mask, &carry); 319| 117k| } 320| | 321| 29.2k| return Self(t); 322| 29.2k| } pcurves_brainpool256r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6EED2Ev: 1358| 514| ~BlindedScalarBits() { 1359| 514| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 514| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 514| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE7is_zeroEv: 225| 1.32k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEeqERKSA_: 722| 1.71k| constexpr CT::Choice operator==(const Self& other) const { 723| 1.71k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 1.71k| } pcurves_brainpool256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE8identityEv: 921| 1| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::zero()); } pcurves_brainpool256r1.cpp:_ZN5Botan13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsENS_13MontgomeryRepEE7x3_ax_bERKNS_6IntModINS5_INS6_11FieldParamsEEEEE: 1275| 1.71k| static constexpr FieldElement x3_ax_b(const FieldElement& x) { return (x.square() + A) * x + B; } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4sqrtEv: 663| 528| constexpr CT::Option sqrt() const { 664| 528| if constexpr(Self::P_MOD_4 == 3) { 665| | // The easy case for square root is when p == 3 (mod 4) 666| | 667| 528| constexpr auto P_PLUS_1_OVER_4 = p_plus_1_over_4(P); 668| 528| auto z = pow_vartime(P_PLUS_1_OVER_4); 669| | 670| | // Zero out the return value if it would otherwise be incorrect 671| 528| const CT::Choice correct = (z.square() == *this); 672| 528| z.conditional_assign(!correct, Self::zero()); 673| 528| return CT::Option(z, correct); 674| | } else { 675| | // Shanks-Tonelli, following I.4 in RFC 9380 676| | 677| | /* 678| | Constants: 679| | 1. c1, the largest integer such that 2^c1 divides q - 1. 680| | 2. c2 = (q - 1) / (2^c1) # Integer arithmetic 681| | 3. c3 = (c2 - 1) / 2 # Integer arithmetic 682| | 4. c4, a non-square value in F 683| | 5. c5 = c4^c2 in F 684| | */ 685| | constexpr auto C1_C2 = shanks_tonelli_c1c2(Self::P); 686| | constexpr std::array C3 = shanks_tonelli_c3(C1_C2.second); 687| | constexpr std::array P_MINUS_1_OVER_2 = p_minus_1_over_2(Self::P); 688| | constexpr Self C4 = shanks_tonelli_c4(P_MINUS_1_OVER_2); 689| | constexpr Self C5 = C4.pow_vartime(C1_C2.second); 690| | 691| | const Self& x = (*this); 692| | 693| | auto z = x.pow_vartime(C3); 694| | auto t = z.square(); 695| | t *= x; 696| | z *= x; 697| | auto b = t; 698| | auto c = C5; 699| | 700| | for(size_t i = C1_C2.first; i >= 2; i--) { 701| | b.square_n(i - 2); 702| | const CT::Choice e = b.is_one(); 703| | z.conditional_assign(!e, z * c); 704| | c.square_n(1); 705| | t.conditional_assign(!e, t * c); 706| | b = t; 707| | } 708| | 709| | // Zero out the return value if it would otherwise be incorrect 710| | const CT::Choice correct = (z.square() == *this); 711| | z.conditional_assign(!correct, Self::zero()); 712| | return CT::Option(z, correct); 713| | } 714| 528| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE12correct_signENS_2CT6ChoiceE: 248| 514| constexpr Self correct_sign(CT::Choice even) const { 249| 514| const auto flip = (even != this->is_even()); 250| 514| return Self::choose(flip, this->negate(), *this); 251| 514| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE7is_evenEv: 240| 514| constexpr CT::Choice is_even() const { 241| 514| auto v = Rep::from_rep(m_val); 242| 514| return !CT::Choice::from_int(v[0] & 0x01); 243| 514| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE6chooseENS_2CT6ChoiceERKSA_SE_: 256| 514| static constexpr Self choose(CT::Choice choice, const Self& x, const Self& y) { 257| 514| auto r = y; 258| 514| r.conditional_assign(choice, x); 259| 514| return r; 260| 514| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 1.00k| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 1.00k| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 1.00k] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 1.00k| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 1.00k| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 339, False: 662] ------------------ 802| 339| return {}; 803| 339| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 662| return Self::from_words(words); 807| 1.00k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE10from_wordsILm4EEESA_NSt3__15arrayImXT_EEE: 211| 662| static constexpr Self from_words(std::array w) { 212| 662| if constexpr(L == N) { 213| 662| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 662| } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E12ScalarParamsEE6to_repERKNSt3__15arrayImLm4EEE: 115| 662| constexpr static std::array to_rep(const std::array& x) { 116| 662| std::array z; // NOLINT(*-member-init) 117| 662| comba_mul(z.data(), x.data(), R2.data()); 118| 662| return Self::redc(z); 119| 662| } pcurves_brainpool256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE12serialize_toENSt3__14spanIhLm65EEE: 941| 2.71k| constexpr void serialize_to(std::span bytes) const { 942| 2.71k| BOTAN_STATE_CHECK(this->is_identity().as_bool() == false); ------------------ | | 51| 2.71k| do { \ | | 52| 2.71k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 2.71k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 2.71k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 2.71k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 2.71k] | | ------------------ ------------------ 943| 2.71k| BufferStuffer pack(bytes); 944| 2.71k| pack.append(0x04); 945| 2.71k| x().serialize_to(pack.next()); 946| 2.71k| y().serialize_to(pack.next()); 947| 2.71k| BOTAN_DEBUG_ASSERT(pack.full()); ------------------ | | 130| 2.71k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 2.71k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 2.71k] | | ------------------ ------------------ 948| 2.71k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 662| static Self random(RandomNumberGenerator& rng) { 852| 662| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 662| std::array buf{}; 855| | 856| 1.00k| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 1.00k, False: 0] ------------------ 857| 1.00k| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 1.00k| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 662, False: 339] ------------------ 868| 662| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 662, False: 0] ------------------ 869| 662| return s.value(); 870| 662| } 871| 662| } 872| 1.00k| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 662| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE10is_nonzeroEv: 230| 662| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_brainpool384r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 770| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 770| auto x = pt.x(); 1027| 770| auto y = pt.y(); 1028| 770| auto z = FieldElement::one(); 1029| | 1030| 770| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 770| return ProjectiveCurvePoint(x, y, z); 1033| 770| } pcurves_brainpool384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE1xEv: 971| 1.39M| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE1yEv: 976| 1.34M| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE3oneEv: 200| 48.7k| static constexpr Self one() { return Self(Rep::one()); } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E11FieldParamsEE3oneEv: 99| 48.7k| constexpr static std::array one() { return R1; } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEC2ENSt3__15arrayImLm6EEE: 898| 2.28M| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 770| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 770| const W mask = cond.into_bitmask(); 412| | 413| 5.39k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 4.62k, False: 770] ------------------ 414| 4.62k| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 4.62k| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 4.62k| x.m_val[i] = nx; 417| 4.62k| y.m_val[i] = ny; 418| 4.62k| } 419| 770| } pcurves_brainpool384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE11is_identityEv: 928| 50.2k| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE7is_zeroEv: 225| 252k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 66.9k| m_x(x), m_y(y), m_z(z) {} pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E3dblEv: 1121| 2.58k| constexpr Self dbl() const { 1122| | if constexpr(Self::A_is_minus_3) { 1123| | return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| 2.58k| } else { 1127| 2.58k| return dbl_generic(*this, A); 1128| 2.58k| } 1129| 2.58k| } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E1zEv: 1172| 281k| constexpr const FieldElement& z() const { return m_z; } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE6squareEv: 426| 502k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 502k| std::array z; // NOLINT(*-member-init) 428| 502k| comba_sqr(z.data(), this->data()); 429| 502k| return Self(Rep::redc(z)); 430| 502k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4dataEv: 896| 2.55M| constexpr const W* data() const { return m_val.data(); } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E11FieldParamsEE4redcERKNSt3__15arrayImLm12EEE: 104| 1.70M| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 1.70M| } else { 108| 1.70M| return monty_redc(z, P, P_dash); 109| 1.70M| } 110| 1.70M| } pcurves_brainpool384r1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEESC_: 265| 199k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 199k| std::array t; // NOLINT(*-member-init) 267| | 268| 199k| W carry = 0; 269| 1.39M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 1.19M, False: 199k] ------------------ 270| 1.19M| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 1.19M| } 272| | 273| 199k| std::array r; // NOLINT(*-member-init) 274| 199k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 199k| return Self(r); 276| 199k| } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E1xEv: 1162| 171k| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4mul3Ev: 335| 74.8k| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_brainpool384r1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEESC_: 346| 606k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 606k| std::array z; // NOLINT(*-member-init) 348| 606k| comba_mul(z.data(), a.data(), b.data()); 349| 606k| return Self(Rep::redc(z)); 350| 606k| } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E1yEv: 1167| 171k| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4mul4Ev: 338| 2.58k| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_brainpool384r1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEESC_: 281| 511k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 511k| std::array r; // NOLINT(*-member-init) 283| 511k| W carry = 0; 284| 3.58M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 3.07M, False: 511k] ------------------ 285| 3.07M| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 3.07M| } 287| | 288| 511k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 511k| carry = 0; 291| | 292| 3.58M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 3.07M, False: 511k] ------------------ 293| 3.07M| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 3.07M| } 295| | 296| 511k| return Self(r); 297| 511k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4mul2Ev: 325| 251k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 251k| std::array t = value(); 327| 251k| const W carry = shift_left<1>(t); 328| | 329| 251k| std::array r; // NOLINT(*-member-init) 330| 251k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 251k| return Self(r); 332| 251k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE5valueEv: 894| 266k| constexpr const std::array& value() const { return m_val; } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4mul8Ev: 341| 2.58k| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_brainpool384r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_EESE_: 1064| 1.09k| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 1.09k| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 54.1k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 96.3k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 96.3k| const W mask = cond.into_bitmask(); 397| | 398| 674k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 578k, False: 96.3k] ------------------ 399| 578k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 578k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 578k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 578k| } 403| 96.3k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE6invertEv: 538| 769| constexpr Self invert() const { return pow_vartime(Self::P_MINUS_2); } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE11pow_vartimeERKNSt3__15arrayImLm6EEE: 477| 990| constexpr Self pow_vartime(const std::array& exp) const { 478| 990| constexpr size_t WindowBits = (Self::BITS <= 256) ? 4 : 5; ------------------ | Branch (478:40): [Folded, False: 990] ------------------ 479| 990| constexpr size_t WindowElements = (1 << WindowBits) - 1; 480| | 481| 990| constexpr size_t Windows = (Self::BITS + WindowBits - 1) / WindowBits; 482| | 483| | /* 484| | A simple fixed width window modular multiplication. 485| | 486| | TODO: investigate using sliding window here 487| | */ 488| | 489| 990| std::array tbl; 490| | 491| 990| tbl[0] = (*this); 492| | 493| 30.6k| for(size_t i = 1; i != WindowElements; ++i) { ------------------ | Branch (493:28): [True: 29.7k, False: 990] ------------------ 494| | // Conditional ok: table indexes are public here 495| 29.7k| if(i % 2 == 1) { ------------------ | Branch (495:16): [True: 14.8k, False: 14.8k] ------------------ 496| 14.8k| tbl[i] = tbl[i / 2].square(); 497| 14.8k| } else { 498| 14.8k| tbl[i] = tbl[i - 1] * tbl[0]; 499| 14.8k| } 500| 29.7k| } 501| | 502| 990| auto r = Self::one(); 503| | 504| 990| const size_t w0 = read_window_bits(std::span{exp}, (Windows - 1) * WindowBits); 505| | 506| | // Conditional ok: this function is variable time 507| 990| if(w0 > 0) { ------------------ | Branch (507:13): [True: 990, False: 0] ------------------ 508| 990| r = tbl[w0 - 1]; 509| 990| } 510| | 511| 76.2k| for(size_t i = 1; i != Windows; ++i) { ------------------ | Branch (511:28): [True: 75.2k, False: 990] ------------------ 512| 75.2k| r.square_n(WindowBits); 513| | 514| 75.2k| const size_t w = read_window_bits(std::span{exp}, (Windows - i - 1) * WindowBits); 515| | 516| | // Conditional ok: this function is variable time 517| 75.2k| if(w > 0) { ------------------ | Branch (517:16): [True: 72.0k, False: 3.19k] ------------------ 518| 72.0k| r *= tbl[w - 1]; 519| 72.0k| } 520| 75.2k| } 521| | 522| 990| return r; 523| 990| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEC2Ev: 180| 30.6k| constexpr IntMod() : m_val({}) {} pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE8square_nEm: 439| 75.2k| constexpr void square_n(size_t n) { 440| 75.2k| std::array z; // NOLINT(*-member-init) 441| 451k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 376k, False: 75.2k] ------------------ 442| 376k| comba_sqr(z.data(), this->data()); 443| 376k| m_val = Rep::redc(z); 444| 376k| } 445| 75.2k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEmLERKSA_: 355| 209k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 209k| std::array z; // NOLINT(*-member-init) 357| 209k| comba_mul(z.data(), data(), other.data()); 358| 209k| m_val = Rep::redc(z); 359| 209k| return (*this); 360| 209k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 262| for(;;) { 618| | // Conditional ok: this function is variable time 619| 262| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 261] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 261| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 261| std::array r; // NOLINT(*-member-init) 640| 261| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 261| if(carry == 0) { ------------------ | Branch (643:16): [True: 128, False: 133] ------------------ 644| | // b > a 645| 128| b.m_val = r; 646| 128| x = nx; 647| 128| Self::_invert_vartime_div2_helper(b, x); 648| 133| } else { 649| | // We know this can't underflow because a > b 650| 133| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 133| a.m_val = r; 652| 133| y = nx; 653| 133| Self::_invert_vartime_div2_helper(a, y); 654| 133| } 655| 261| } 656| 1| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4zeroEv: 195| 93.0k| static constexpr Self zero() { return Self(std::array{0}); } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E11FieldParamsEE8from_repERKNSt3__15arrayImLm6EEE: 137| 2.54k| constexpr static std::array from_rep(const std::array& z) { 138| 2.54k| std::array ze = {}; 139| 2.54k| copy_mem(std::span{ze}.template first(), z); 140| 2.54k| return Self::redc(ze); 141| 2.54k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 263| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 263| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 814| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 551, False: 263] ------------------ 552| 551| shift_right<1>(a.m_val); 553| | 554| 551| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 551| if(borrow) { ------------------ | Branch (557:16): [True: 291, False: 260] ------------------ 558| 291| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 291| } 560| 551| } 561| 263| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE6negateEv: 452| 46.3k| constexpr Self negate() const { 453| 46.3k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 46.3k| std::array r; // NOLINT(*-member-init) 456| 46.3k| W carry = 0; 457| 324k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 278k, False: 46.3k] ------------------ 458| 278k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 278k| } 460| | 461| 46.3k| return Self(r); 462| 46.3k| } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E11FieldParamsEE6to_repERKNSt3__15arrayImLm6EEE: 115| 3.13k| constexpr static std::array to_rep(const std::array& x) { 116| 3.13k| std::array z; // NOLINT(*-member-init) 117| 3.13k| comba_mul(z.data(), x.data(), R2.data()); 118| 3.13k| return Self::redc(z); 119| 3.13k| } pcurves_brainpool384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 54.3k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 2.83k| std::array stash_value() const { 760| 2.83k| static_assert(L >= N); 761| 2.83k| std::array stash = {}; 762| 19.8k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 17.0k, False: 2.83k] ------------------ 763| 17.0k| stash[i] = m_val[i]; 764| 17.0k| } 765| 2.83k| return stash; 766| 2.83k| } pcurves_brainpool384r1.cpp:_ZNK5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1407| 433| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1408| 433| const BlindedScalar scalar(s, rng); 1409| 433| return basemul_booth_exec(m_table, scalar, rng); 1410| 433| } pcurves_brainpool384r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm7EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 433| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 433| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 433, Folded] | Branch (1308:33): [True: 433, False: 0] ------------------ 1309| 433| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 433| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 433| constexpr size_t n_words = C::Words; 1313| | 1314| 433| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 433| rng.randomize(maskb, MaskBytes); 1316| | 1317| 433| W mask[n_words] = {0}; 1318| 433| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 433| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 433| if constexpr(ExcessBits > 0) { 1323| 433| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 433| mask[MaskWords - 1] &= ExcessMask; 1325| 433| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 433| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 433| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 433| mask[0] |= 1; 1331| | 1332| 433| W mask_n[2 * n_words] = {0}; 1333| | 1334| 433| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 433| comba_mul(mask_n, mask, C::NW.data()); 1338| 433| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 433| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 433| m_bytes = store_be>(mask_n); 1342| 433| m_bits = C::Scalar::BITS + BlindingBits; 1343| 433| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 433| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 433| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE8to_wordsEv: 734| 601| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E12ScalarParamsEE8from_repERKNSt3__15arrayImLm6EEE: 137| 1.03k| constexpr static std::array from_rep(const std::array& z) { 138| 1.03k| std::array ze = {}; 139| 1.03k| copy_mem(std::span{ze}.template first(), z); 140| 1.03k| return Self::redc(ze); 141| 1.03k| } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E12ScalarParamsEE4redcERKNSt3__15arrayImLm12EEE: 104| 1.46k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 1.46k| } else { 108| 1.46k| return monty_redc(z, P, P_dash); 109| 1.46k| } 110| 1.46k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm48EEE: 739| 433| constexpr void serialize_to(std::span bytes) const { 740| 433| auto v = Rep::from_rep(m_val); 741| 433| std::reverse(v.begin(), v.end()); 742| | 743| 433| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 433| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 433| } pcurves_brainpool384r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm7EE4bitsEv: 1305| 433| size_t bits() const { return m_bits; } pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E18conditional_assignENS_2CT6ChoiceERKSC_: 1084| 601| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 1085| 601| FieldElement::conditional_assign(m_x, m_y, m_z, cond, pt.x(), pt.y(), pt.z()); 1086| 601| } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E6negateEv: 1134| 601| constexpr Self negate() const { return Self(x(), y().negate(), z()); } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E18_const_time_poisonEv: 1174| 601| constexpr void _const_time_poison() const { CT::poison_all(m_x, m_y, m_z); } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE18_const_time_poisonEv: 889| 1.80k| constexpr void _const_time_poison() const { CT::poison(m_val); } pcurves_brainpool384r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm7EE10get_windowEm: 1353| 31.6k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 31.6k| return read_window_bits(std::span{m_bytes}, offset); 1356| 31.6k| } pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E10add_or_subERKSC_RKNS_16AffineCurvePointISB_EENS_2CT6ChoiceE: 1096| 45.6k| constexpr static Self add_or_sub(const Self& a, const AffinePoint& b, CT::Choice sub) { 1097| 45.6k| return point_add_or_sub_mixed(a, b, sub, FieldElement::one()); 1098| 45.6k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE18conditional_assignENS_2CT6ChoiceERKSA_: 367| 46.0k| constexpr void conditional_assign(CT::Choice cond, const Self& nx) { 368| 46.0k| const W mask = cond.into_bitmask(); 369| | 370| 322k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (370:28): [True: 276k, False: 46.0k] ------------------ 371| 276k| m_val[i] = Botan::choose(mask, nx.m_val[i], m_val[i]); 372| 276k| } 373| 46.0k| } pcurves_brainpool384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE9ct_selectENSt3__14spanIKSC_Lm18446744073709551615EEEm: 955| 31.6k| static constexpr auto ct_select(std::span pts, size_t idx) { 956| 31.6k| auto result = Self::identity(pts[0]); 957| | 958| | // Intentionally wrapping; set to maximum size_t if idx == 0 959| 31.6k| const size_t idx1 = static_cast(idx - 1); 960| 1.04M| for(size_t i = 0; i != pts.size(); ++i) { ------------------ | Branch (960:28): [True: 1.01M, False: 31.6k] ------------------ 961| 1.01M| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 962| 1.01M| result.conditional_assign(found, pts[i]); 963| 1.01M| } 964| | 965| 31.6k| return result; 966| 31.6k| } pcurves_brainpool384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE8identityERKSC_: 924| 46.2k| static constexpr Self identity(const Self& /*unused*/) { 925| 46.2k| return Self(FieldElement::zero(), FieldElement::zero()); 926| 46.2k| } pcurves_brainpool384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE18conditional_assignENS_2CT6ChoiceERKSC_: 981| 1.24M| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 982| 1.24M| FieldElement::conditional_assign(m_x, m_y, cond, pt.x(), pt.y()); 983| 1.24M| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE18conditional_assignERSA_SB_NS_2CT6ChoiceERKSA_SF_: 380| 1.24M| static constexpr void conditional_assign(Self& x, Self& y, CT::Choice cond, const Self& nx, const Self& ny) { 381| 1.24M| const W mask = cond.into_bitmask(); 382| | 383| 8.71M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (383:28): [True: 7.47M, False: 1.24M] ------------------ 384| 7.47M| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 385| 7.47M| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 386| 7.47M| } 387| 1.24M| } pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E13randomize_repERNS_21RandomNumberGeneratorE: 1142| 2.40k| void randomize_rep(RandomNumberGenerator& rng) { 1143| | // In certain contexts we may be called with a Null_RNG; in that case the 1144| | // caller is accepting that randomization will not occur 1145| | 1146| | // Conditional ok: caller's RNG state (seeded vs not) is presumed public 1147| 2.40k| if(rng.is_seeded()) { ------------------ | Branch (1147:13): [True: 2.40k, False: 0] ------------------ 1148| 2.40k| auto r = FieldElement::random(rng); 1149| | 1150| 2.40k| auto r2 = r.square(); 1151| 2.40k| auto r3 = r2 * r; 1152| | 1153| 2.40k| m_x *= r2; 1154| 2.40k| m_y *= r3; 1155| 2.40k| m_z *= r; 1156| 2.40k| } 1157| 2.40k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 2.40k| static Self random(RandomNumberGenerator& rng) { 852| 2.40k| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 2.40k| std::array buf{}; 855| | 856| 4.43k| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 4.43k, False: 0] ------------------ 857| 4.43k| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 4.43k| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 2.40k, False: 2.03k] ------------------ 868| 2.40k| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 2.40k, False: 0] ------------------ 869| 2.40k| return s.value(); 870| 2.40k| } 871| 2.40k| } 872| 4.43k| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 2.40k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 5.17k| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 5.17k| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 5.17k] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 5.17k| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 5.17k| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 2.03k, False: 3.13k] ------------------ 802| 2.03k| return {}; 803| 2.03k| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 3.13k| return Self::from_words(words); 807| 5.17k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE10from_wordsILm6EEESA_NSt3__15arrayImXT_EEE: 211| 3.13k| static constexpr Self from_words(std::array w) { 212| 3.13k| if constexpr(L == N) { 213| 3.13k| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 3.13k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE10is_nonzeroEv: 230| 2.40k| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E20_const_time_unpoisonEv: 1176| 601| constexpr void _const_time_unpoison() const { CT::unpoison_all(m_x, m_y, m_z); } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE20_const_time_unpoisonEv: 891| 1.80k| constexpr void _const_time_unpoison() const { CT::unpoison(m_val); } pcurves_brainpool384r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm7EED2Ev: 1358| 433| ~BlindedScalarBits() { 1359| 433| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 433| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 433| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 1.46k| static Self from_stash(const std::array& stash) { 775| 1.46k| static_assert(L >= N); 776| 1.46k| std::array val = {}; 777| 10.2k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 8.80k, False: 1.46k] ------------------ 778| 8.80k| val[i] = stash[i]; 779| 8.80k| } 780| 1.46k| return Self(val); 781| 1.46k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEEC2ENSt3__15arrayImLm6EEE: 898| 1.90k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE12serialize_toENSt3__14spanIhLm48EEE: 739| 2.37k| constexpr void serialize_to(std::span bytes) const { 740| 2.37k| auto v = Rep::from_rep(m_val); 741| 2.37k| std::reverse(v.begin(), v.end()); 742| | 743| 2.37k| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 2.37k| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 2.37k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 433| std::array stash_value() const { 760| 433| static_assert(L >= N); 761| 433| std::array stash = {}; 762| 3.03k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 2.59k, False: 433] ------------------ 763| 2.59k| stash[i] = m_val[i]; 764| 2.59k| } 765| 433| return stash; 766| 433| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 6.05k| static Self from_stash(const std::array& stash) { 775| 6.05k| static_assert(L >= N); 776| 6.05k| std::array val = {}; 777| 42.4k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 36.3k, False: 6.05k] ------------------ 778| 36.3k| val[i] = stash[i]; 779| 36.3k| } 780| 6.05k| return Self(val); 781| 6.05k| } pcurves_brainpool384r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm4EEC2ERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1487| 168| explicit WindowedBoothMulTable(const AffinePoint& p) : m_table(varpoint_setup(p)) {} pcurves_brainpool384r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_EERKNS_16AffineCurvePointISB_EE: 1066| 1.17k| friend constexpr Self operator+(const Self& a, const AffinePoint& b) { return Self::add_mixed(a, b); } pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E9add_mixedERKSC_RKNS_16AffineCurvePointISB_EE: 1091| 1.17k| constexpr static Self add_mixed(const Self& a, const AffinePoint& b) { 1092| 1.17k| return point_add_mixed(a, b, FieldElement::one()); 1093| 1.17k| } pcurves_brainpool384r1.cpp:_ZNK5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm4EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1489| 168| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1490| 168| const BlindedScalar bits(s, rng); 1491| | 1492| 168| const size_t scalar_bits = bits.bits(); 1493| 168| const size_t full_windows = compute_full_windows(scalar_bits + 1, WindowBits); 1494| 168| const size_t initial_shift = compute_initial_shift(scalar_bits + 1, WindowBits); 1495| | 1496| 168| BOTAN_DEBUG_ASSERT(full_windows * WindowBits + initial_shift == scalar_bits + 1); ------------------ | | 130| 168| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 168| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 168] | | ------------------ ------------------ 1497| 168| BOTAN_DEBUG_ASSERT(initial_shift > 0); ------------------ | | 130| 168| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 168| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 168] | | ------------------ ------------------ 1498| | 1499| 168| auto accum = ProjectivePoint::identity(); 1500| 168| CT::poison(accum); 1501| | 1502| 14.6k| for(size_t i = 0; i != full_windows; ++i) { ------------------ | Branch (1502:28): [True: 14.4k, False: 168] ------------------ 1503| 14.4k| const size_t idx = scalar_bits - initial_shift - WindowBits * i; 1504| | 1505| 14.4k| const size_t w_i = bits.get_window(idx); 1506| 14.4k| const auto [tidx, tneg] = booth_recode(w_i); 1507| | 1508| | // Conditional ok: loop iteration count is public 1509| 14.4k| if(i == 0) { ------------------ | Branch (1509:16): [True: 168, False: 14.2k] ------------------ 1510| 168| accum = ProjectivePoint::from_affine(m_table.ct_select(tidx)); 1511| 168| accum.conditional_assign(tneg, accum.negate()); 1512| 14.2k| } else { 1513| 14.2k| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1514| 14.2k| } 1515| | 1516| 14.4k| accum = accum.dbl_n(WindowBits); 1517| | 1518| | // Conditional ok: loop iteration count is public 1519| 14.4k| if(i <= 3) { ------------------ | Branch (1519:16): [True: 672, False: 13.7k] ------------------ 1520| 672| accum.randomize_rep(rng); 1521| 672| } 1522| 14.4k| } 1523| | 1524| | // final window (note one bit shorter than previous reads) 1525| 168| const size_t w_l = bits.get_window(0) & ((1 << WindowBits) - 1); 1526| 168| const auto [tidx, tneg] = booth_recode(w_l << 1); 1527| 168| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1528| | 1529| 168| CT::unpoison(accum); 1530| 168| return accum; 1531| 168| } pcurves_brainpool384r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 168| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 168| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 168, Folded] | Branch (1308:33): [True: 168, False: 0] ------------------ 1309| 168| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 168| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 168| constexpr size_t n_words = C::Words; 1313| | 1314| 168| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 168| rng.randomize(maskb, MaskBytes); 1316| | 1317| 168| W mask[n_words] = {0}; 1318| 168| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 168| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 168| if constexpr(ExcessBits > 0) { 1323| 168| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 168| mask[MaskWords - 1] &= ExcessMask; 1325| 168| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 168| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 168| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 168| mask[0] |= 1; 1331| | 1332| 168| W mask_n[2 * n_words] = {0}; 1333| | 1334| 168| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 168| comba_mul(mask_n, mask, C::NW.data()); 1338| 168| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 168| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 168| m_bytes = store_be>(mask_n); 1342| 168| m_bits = C::Scalar::BITS + BlindingBits; 1343| 168| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 168| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 168| } pcurves_brainpool384r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6EE4bitsEv: 1305| 168| size_t bits() const { return m_bits; } pcurves_brainpool384r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm4EE20compute_full_windowsEmm: 1468| 168| static constexpr size_t compute_full_windows(size_t sb, size_t wb) { 1469| 168| if(sb % wb == 0) { ------------------ | Branch (1469:13): [True: 0, False: 168] ------------------ 1470| 0| return (sb - 1) / wb; 1471| 168| } else { 1472| 168| return sb / wb; 1473| 168| } 1474| 168| } pcurves_brainpool384r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm4EE21compute_initial_shiftEmm: 1476| 168| static constexpr size_t compute_initial_shift(size_t sb, size_t wb) { 1477| 168| if(sb % wb == 0) { ------------------ | Branch (1477:13): [True: 0, False: 168] ------------------ 1478| 0| return wb; 1479| 168| } else { 1480| 168| return sb - (sb / wb) * wb; 1481| 168| } 1482| 168| } pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E8identityEv: 1038| 168| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::one(), FieldElement::zero()); } pcurves_brainpool384r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6EE10get_windowEm: 1353| 14.6k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 14.6k| return read_window_bits(std::span{m_bytes}, offset); 1356| 14.6k| } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E5dbl_nEm: 1108| 14.4k| constexpr Self dbl_n(size_t n) const { 1109| | if constexpr(Self::A_is_minus_3) { 1110| | return dbl_n_a_minus_3(*this, n); 1111| | } else if constexpr(Self::A_is_zero) { 1112| | return dbl_n_a_zero(*this, n); 1113| 14.4k| } else { 1114| 14.4k| return dbl_n_generic(*this, A, n); 1115| 14.4k| } 1116| 14.4k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4div2Ev: 302| 14.4k| Self div2() const { 303| | // The inverse of 2 modulo P is (P/2)+1; this avoids a constexpr time 304| | // general inversion, which some compilers can't handle 305| 14.4k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 306| | 307| | // We could multiply by INV_2 but there is a better way ... 308| | 309| 14.4k| std::array t = value(); 310| 14.4k| const W borrow = shift_right<1>(t); 311| | 312| | // If value was odd, add (P/2)+1 313| 14.4k| const auto mask = CT::Mask::expand(borrow).value(); 314| | 315| 14.4k| W carry = 0; 316| | 317| 101k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (317:28): [True: 86.6k, False: 14.4k] ------------------ 318| 86.6k| t[i] = word_add(t[i], INV_2[i] & mask, &carry); 319| 86.6k| } 320| | 321| 14.4k| return Self(t); 322| 14.4k| } pcurves_brainpool384r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6EED2Ev: 1358| 168| ~BlindedScalarBits() { 1359| 168| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 168| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 168| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE7is_zeroEv: 225| 866| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEeqERKSA_: 722| 905| constexpr CT::Choice operator==(const Self& other) const { 723| 905| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 905| } pcurves_brainpool384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE8identityEv: 921| 1| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::zero()); } pcurves_brainpool384r1.cpp:_ZN5Botan13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsENS_13MontgomeryRepEE7x3_ax_bERKNS_6IntModINS5_INS6_11FieldParamsEEEEE: 1275| 905| static constexpr FieldElement x3_ax_b(const FieldElement& x) { return (x.square() + A) * x + B; } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4sqrtEv: 663| 221| constexpr CT::Option sqrt() const { 664| 221| if constexpr(Self::P_MOD_4 == 3) { 665| | // The easy case for square root is when p == 3 (mod 4) 666| | 667| 221| constexpr auto P_PLUS_1_OVER_4 = p_plus_1_over_4(P); 668| 221| auto z = pow_vartime(P_PLUS_1_OVER_4); 669| | 670| | // Zero out the return value if it would otherwise be incorrect 671| 221| const CT::Choice correct = (z.square() == *this); 672| 221| z.conditional_assign(!correct, Self::zero()); 673| 221| return CT::Option(z, correct); 674| | } else { 675| | // Shanks-Tonelli, following I.4 in RFC 9380 676| | 677| | /* 678| | Constants: 679| | 1. c1, the largest integer such that 2^c1 divides q - 1. 680| | 2. c2 = (q - 1) / (2^c1) # Integer arithmetic 681| | 3. c3 = (c2 - 1) / 2 # Integer arithmetic 682| | 4. c4, a non-square value in F 683| | 5. c5 = c4^c2 in F 684| | */ 685| | constexpr auto C1_C2 = shanks_tonelli_c1c2(Self::P); 686| | constexpr std::array C3 = shanks_tonelli_c3(C1_C2.second); 687| | constexpr std::array P_MINUS_1_OVER_2 = p_minus_1_over_2(Self::P); 688| | constexpr Self C4 = shanks_tonelli_c4(P_MINUS_1_OVER_2); 689| | constexpr Self C5 = C4.pow_vartime(C1_C2.second); 690| | 691| | const Self& x = (*this); 692| | 693| | auto z = x.pow_vartime(C3); 694| | auto t = z.square(); 695| | t *= x; 696| | z *= x; 697| | auto b = t; 698| | auto c = C5; 699| | 700| | for(size_t i = C1_C2.first; i >= 2; i--) { 701| | b.square_n(i - 2); 702| | const CT::Choice e = b.is_one(); 703| | z.conditional_assign(!e, z * c); 704| | c.square_n(1); 705| | t.conditional_assign(!e, t * c); 706| | b = t; 707| | } 708| | 709| | // Zero out the return value if it would otherwise be incorrect 710| | const CT::Choice correct = (z.square() == *this); 711| | z.conditional_assign(!correct, Self::zero()); 712| | return CT::Option(z, correct); 713| | } 714| 221| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE12correct_signENS_2CT6ChoiceE: 248| 168| constexpr Self correct_sign(CT::Choice even) const { 249| 168| const auto flip = (even != this->is_even()); 250| 168| return Self::choose(flip, this->negate(), *this); 251| 168| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE7is_evenEv: 240| 168| constexpr CT::Choice is_even() const { 241| 168| auto v = Rep::from_rep(m_val); 242| 168| return !CT::Choice::from_int(v[0] & 0x01); 243| 168| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE6chooseENS_2CT6ChoiceERKSA_SE_: 256| 168| static constexpr Self choose(CT::Choice choice, const Self& x, const Self& y) { 257| 168| auto r = y; 258| 168| r.conditional_assign(choice, x); 259| 168| return r; 260| 168| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 753| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 753| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 753] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 753| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 753| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 320, False: 433] ------------------ 802| 320| return {}; 803| 320| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 433| return Self::from_words(words); 807| 753| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE10from_wordsILm6EEESA_NSt3__15arrayImXT_EEE: 211| 433| static constexpr Self from_words(std::array w) { 212| 433| if constexpr(L == N) { 213| 433| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 433| } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E12ScalarParamsEE6to_repERKNSt3__15arrayImLm6EEE: 115| 433| constexpr static std::array to_rep(const std::array& x) { 116| 433| std::array z; // NOLINT(*-member-init) 117| 433| comba_mul(z.data(), x.data(), R2.data()); 118| 433| return Self::redc(z); 119| 433| } pcurves_brainpool384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE12serialize_toENSt3__14spanIhLm97EEE: 941| 1.10k| constexpr void serialize_to(std::span bytes) const { 942| 1.10k| BOTAN_STATE_CHECK(this->is_identity().as_bool() == false); ------------------ | | 51| 1.10k| do { \ | | 52| 1.10k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 1.10k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 1.10k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 1.10k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 1.10k] | | ------------------ ------------------ 943| 1.10k| BufferStuffer pack(bytes); 944| 1.10k| pack.append(0x04); 945| 1.10k| x().serialize_to(pack.next()); 946| 1.10k| y().serialize_to(pack.next()); 947| 1.10k| BOTAN_DEBUG_ASSERT(pack.full()); ------------------ | | 130| 1.10k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 1.10k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 1.10k] | | ------------------ ------------------ 948| 1.10k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 433| static Self random(RandomNumberGenerator& rng) { 852| 433| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 433| std::array buf{}; 855| | 856| 753| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 753, False: 0] ------------------ 857| 753| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 753| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 433, False: 320] ------------------ 868| 433| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 433, False: 0] ------------------ 869| 433| return s.value(); 870| 433| } 871| 433| } 872| 753| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 433| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE10is_nonzeroEv: 230| 433| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_brainpool512r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 661| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 661| auto x = pt.x(); 1027| 661| auto y = pt.y(); 1028| 661| auto z = FieldElement::one(); 1029| | 1030| 661| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 661| return ProjectiveCurvePoint(x, y, z); 1033| 661| } pcurves_brainpool512r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE1xEv: 971| 1.56M| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool512r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE1yEv: 976| 1.50M| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE3oneEv: 200| 54.5k| static constexpr Self one() { return Self(Rep::one()); } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E11FieldParamsEE3oneEv: 99| 54.5k| constexpr static std::array one() { return R1; } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEC2ENSt3__15arrayImLm8EEE: 898| 2.63M| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 661| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 661| const W mask = cond.into_bitmask(); 412| | 413| 5.94k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 5.28k, False: 661] ------------------ 414| 5.28k| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 5.28k| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 5.28k| x.m_val[i] = nx; 417| 5.28k| y.m_val[i] = ny; 418| 5.28k| } 419| 661| } pcurves_brainpool512r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE11is_identityEv: 928| 55.8k| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE7is_zeroEv: 225| 283k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 76.0k| m_x(x), m_y(y), m_z(z) {} pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E3dblEv: 1121| 2.84k| constexpr Self dbl() const { 1122| | if constexpr(Self::A_is_minus_3) { 1123| | return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| 2.84k| } else { 1127| 2.84k| return dbl_generic(*this, A); 1128| 2.84k| } 1129| 2.84k| } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E1zEv: 1172| 320k| constexpr const FieldElement& z() const { return m_z; } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE6squareEv: 426| 583k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 583k| std::array z; // NOLINT(*-member-init) 428| 583k| comba_sqr(z.data(), this->data()); 429| 583k| return Self(Rep::redc(z)); 430| 583k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4dataEv: 896| 2.95M| constexpr const W* data() const { return m_val.data(); } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E11FieldParamsEE4redcERKNSt3__15arrayImLm16EEE: 104| 1.96M| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 1.96M| } else { 108| 1.96M| return monty_redc(z, P, P_dash); 109| 1.96M| } 110| 1.96M| } pcurves_brainpool512r1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEESC_: 265| 234k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 234k| std::array t; // NOLINT(*-member-init) 267| | 268| 234k| W carry = 0; 269| 2.10M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 1.87M, False: 234k] ------------------ 270| 1.87M| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 1.87M| } 272| | 273| 234k| std::array r; // NOLINT(*-member-init) 274| 234k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 234k| return Self(r); 276| 234k| } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E1xEv: 1162| 194k| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4mul3Ev: 335| 89.0k| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_brainpool512r1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEESC_: 346| 690k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 690k| std::array z; // NOLINT(*-member-init) 348| 690k| comba_mul(z.data(), a.data(), b.data()); 349| 690k| return Self(Rep::redc(z)); 350| 690k| } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E1yEv: 1167| 194k| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4mul4Ev: 338| 2.84k| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_brainpool512r1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEESC_: 281| 593k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 593k| std::array r; // NOLINT(*-member-init) 283| 593k| W carry = 0; 284| 5.33M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 4.74M, False: 593k] ------------------ 285| 4.74M| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 4.74M| } 287| | 288| 593k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 593k| carry = 0; 291| | 292| 5.33M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 4.74M, False: 593k] ------------------ 293| 4.74M| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 4.74M| } 295| | 296| 593k| return Self(r); 297| 593k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4mul2Ev: 325| 298k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 298k| std::array t = value(); 327| 298k| const W carry = shift_left<1>(t); 328| | 329| 298k| std::array r; // NOLINT(*-member-init) 330| 298k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 298k| return Self(r); 332| 298k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE5valueEv: 894| 316k| constexpr const std::array& value() const { return m_val; } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4mul8Ev: 341| 2.84k| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_brainpool512r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_EESE_: 1064| 1.45k| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 1.45k| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 61.4k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 109k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 109k| const W mask = cond.into_bitmask(); 397| | 398| 982k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 873k, False: 109k] ------------------ 399| 873k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 873k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 873k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 873k| } 403| 109k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE6invertEv: 538| 660| constexpr Self invert() const { return pow_vartime(Self::P_MINUS_2); } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE11pow_vartimeERKNSt3__15arrayImLm8EEE: 477| 859| constexpr Self pow_vartime(const std::array& exp) const { 478| 859| constexpr size_t WindowBits = (Self::BITS <= 256) ? 4 : 5; ------------------ | Branch (478:40): [Folded, False: 859] ------------------ 479| 859| constexpr size_t WindowElements = (1 << WindowBits) - 1; 480| | 481| 859| constexpr size_t Windows = (Self::BITS + WindowBits - 1) / WindowBits; 482| | 483| | /* 484| | A simple fixed width window modular multiplication. 485| | 486| | TODO: investigate using sliding window here 487| | */ 488| | 489| 859| std::array tbl; 490| | 491| 859| tbl[0] = (*this); 492| | 493| 26.6k| for(size_t i = 1; i != WindowElements; ++i) { ------------------ | Branch (493:28): [True: 25.7k, False: 859] ------------------ 494| | // Conditional ok: table indexes are public here 495| 25.7k| if(i % 2 == 1) { ------------------ | Branch (495:16): [True: 12.8k, False: 12.8k] ------------------ 496| 12.8k| tbl[i] = tbl[i / 2].square(); 497| 12.8k| } else { 498| 12.8k| tbl[i] = tbl[i - 1] * tbl[0]; 499| 12.8k| } 500| 25.7k| } 501| | 502| 859| auto r = Self::one(); 503| | 504| 859| const size_t w0 = read_window_bits(std::span{exp}, (Windows - 1) * WindowBits); 505| | 506| | // Conditional ok: this function is variable time 507| 859| if(w0 > 0) { ------------------ | Branch (507:13): [True: 660, False: 199] ------------------ 508| 660| r = tbl[w0 - 1]; 509| 660| } 510| | 511| 88.4k| for(size_t i = 1; i != Windows; ++i) { ------------------ | Branch (511:28): [True: 87.6k, False: 859] ------------------ 512| 87.6k| r.square_n(WindowBits); 513| | 514| 87.6k| const size_t w = read_window_bits(std::span{exp}, (Windows - i - 1) * WindowBits); 515| | 516| | // Conditional ok: this function is variable time 517| 87.6k| if(w > 0) { ------------------ | Branch (517:16): [True: 85.3k, False: 2.31k] ------------------ 518| 85.3k| r *= tbl[w - 1]; 519| 85.3k| } 520| 87.6k| } 521| | 522| 859| return r; 523| 859| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEC2Ev: 180| 26.6k| constexpr IntMod() : m_val({}) {} pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE8square_nEm: 439| 87.6k| constexpr void square_n(size_t n) { 440| 87.6k| std::array z; // NOLINT(*-member-init) 441| 525k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 438k, False: 87.6k] ------------------ 442| 438k| comba_sqr(z.data(), this->data()); 443| 438k| m_val = Rep::redc(z); 444| 438k| } 445| 87.6k| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEmLERKSA_: 355| 246k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 246k| std::array z; // NOLINT(*-member-init) 357| 246k| comba_mul(z.data(), data(), other.data()); 358| 246k| m_val = Rep::redc(z); 359| 246k| return (*this); 360| 246k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 366| for(;;) { 618| | // Conditional ok: this function is variable time 619| 366| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 365] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 365| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 365| std::array r; // NOLINT(*-member-init) 640| 365| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 365| if(carry == 0) { ------------------ | Branch (643:16): [True: 175, False: 190] ------------------ 644| | // b > a 645| 175| b.m_val = r; 646| 175| x = nx; 647| 175| Self::_invert_vartime_div2_helper(b, x); 648| 190| } else { 649| | // We know this can't underflow because a > b 650| 190| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 190| a.m_val = r; 652| 190| y = nx; 653| 190| Self::_invert_vartime_div2_helper(a, y); 654| 190| } 655| 365| } 656| 1| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4zeroEv: 195| 105k| static constexpr Self zero() { return Self(std::array{0}); } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E11FieldParamsEE8from_repERKNSt3__15arrayImLm8EEE: 137| 2.22k| constexpr static std::array from_rep(const std::array& z) { 138| 2.22k| std::array ze = {}; 139| 2.22k| copy_mem(std::span{ze}.template first(), z); 140| 2.22k| return Self::redc(ze); 141| 2.22k| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 367| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 367| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 1.08k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 713, False: 367] ------------------ 552| 713| shift_right<1>(a.m_val); 553| | 554| 713| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 713| if(borrow) { ------------------ | Branch (557:16): [True: 362, False: 351] ------------------ 558| 362| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 362| } 560| 713| } 561| 367| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE6negateEv: 452| 52.4k| constexpr Self negate() const { 453| 52.4k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 52.4k| std::array r; // NOLINT(*-member-init) 456| 52.4k| W carry = 0; 457| 472k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 419k, False: 52.4k] ------------------ 458| 419k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 419k| } 460| | 461| 52.4k| return Self(r); 462| 52.4k| } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E11FieldParamsEE6to_repERKNSt3__15arrayImLm8EEE: 115| 2.64k| constexpr static std::array to_rep(const std::array& x) { 116| 2.64k| std::array z; // NOLINT(*-member-init) 117| 2.64k| comba_mul(z.data(), x.data(), R2.data()); 118| 2.64k| return Self::redc(z); 119| 2.64k| } pcurves_brainpool512r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 60.5k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 2.40k| std::array stash_value() const { 760| 2.40k| static_assert(L >= N); 761| 2.40k| std::array stash = {}; 762| 21.6k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 19.2k, False: 2.40k] ------------------ 763| 19.2k| stash[i] = m_val[i]; 764| 19.2k| } 765| 2.40k| return stash; 766| 2.40k| } pcurves_brainpool512r1.cpp:_ZNK5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1407| 360| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1408| 360| const BlindedScalar scalar(s, rng); 1409| 360| return basemul_booth_exec(m_table, scalar, rng); 1410| 360| } pcurves_brainpool512r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm7EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 360| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 360| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 360, Folded] | Branch (1308:33): [True: 360, False: 0] ------------------ 1309| 360| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 360| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 360| constexpr size_t n_words = C::Words; 1313| | 1314| 360| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 360| rng.randomize(maskb, MaskBytes); 1316| | 1317| 360| W mask[n_words] = {0}; 1318| 360| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 360| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| | if constexpr(ExcessBits > 0) { 1323| | constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| | mask[MaskWords - 1] &= ExcessMask; 1325| | } 1326| | 1327| | // Set top and bottom bits of mask 1328| 360| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 360| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 360| mask[0] |= 1; 1331| | 1332| 360| W mask_n[2 * n_words] = {0}; 1333| | 1334| 360| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 360| comba_mul(mask_n, mask, C::NW.data()); 1338| 360| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 360| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 360| m_bytes = store_be>(mask_n); 1342| 360| m_bits = C::Scalar::BITS + BlindingBits; 1343| 360| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 360| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 360| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE8to_wordsEv: 734| 510| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E12ScalarParamsEE8from_repERKNSt3__15arrayImLm8EEE: 137| 870| constexpr static std::array from_rep(const std::array& z) { 138| 870| std::array ze = {}; 139| 870| copy_mem(std::span{ze}.template first(), z); 140| 870| return Self::redc(ze); 141| 870| } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E12ScalarParamsEE4redcERKNSt3__15arrayImLm16EEE: 104| 1.23k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 1.23k| } else { 108| 1.23k| return monty_redc(z, P, P_dash); 109| 1.23k| } 110| 1.23k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm64EEE: 739| 360| constexpr void serialize_to(std::span bytes) const { 740| 360| auto v = Rep::from_rep(m_val); 741| 360| std::reverse(v.begin(), v.end()); 742| | 743| 360| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 360| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 360| } pcurves_brainpool512r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm7EE4bitsEv: 1305| 360| size_t bits() const { return m_bits; } pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E18conditional_assignENS_2CT6ChoiceERKSC_: 1084| 510| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 1085| 510| FieldElement::conditional_assign(m_x, m_y, m_z, cond, pt.x(), pt.y(), pt.z()); 1086| 510| } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E6negateEv: 1134| 510| constexpr Self negate() const { return Self(x(), y().negate(), z()); } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E18_const_time_poisonEv: 1174| 510| constexpr void _const_time_poison() const { CT::poison_all(m_x, m_y, m_z); } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE18_const_time_poisonEv: 889| 1.53k| constexpr void _const_time_poison() const { CT::poison(m_val); } pcurves_brainpool512r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm7EE10get_windowEm: 1353| 34.9k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 34.9k| return read_window_bits(std::span{m_bytes}, offset); 1356| 34.9k| } pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E10add_or_subERKSC_RKNS_16AffineCurvePointISB_EENS_2CT6ChoiceE: 1096| 51.8k| constexpr static Self add_or_sub(const Self& a, const AffinePoint& b, CT::Choice sub) { 1097| 51.8k| return point_add_or_sub_mixed(a, b, sub, FieldElement::one()); 1098| 51.8k| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE18conditional_assignENS_2CT6ChoiceERKSA_: 367| 52.1k| constexpr void conditional_assign(CT::Choice cond, const Self& nx) { 368| 52.1k| const W mask = cond.into_bitmask(); 369| | 370| 469k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (370:28): [True: 417k, False: 52.1k] ------------------ 371| 417k| m_val[i] = Botan::choose(mask, nx.m_val[i], m_val[i]); 372| 417k| } 373| 52.1k| } pcurves_brainpool512r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE9ct_selectENSt3__14spanIKSC_Lm18446744073709551615EEEm: 955| 34.9k| static constexpr auto ct_select(std::span pts, size_t idx) { 956| 34.9k| auto result = Self::identity(pts[0]); 957| | 958| | // Intentionally wrapping; set to maximum size_t if idx == 0 959| 34.9k| const size_t idx1 = static_cast(idx - 1); 960| 1.15M| for(size_t i = 0; i != pts.size(); ++i) { ------------------ | Branch (960:28): [True: 1.11M, False: 34.9k] ------------------ 961| 1.11M| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 962| 1.11M| result.conditional_assign(found, pts[i]); 963| 1.11M| } 964| | 965| 34.9k| return result; 966| 34.9k| } pcurves_brainpool512r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE8identityERKSC_: 924| 52.3k| static constexpr Self identity(const Self& /*unused*/) { 925| 52.3k| return Self(FieldElement::zero(), FieldElement::zero()); 926| 52.3k| } pcurves_brainpool512r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE18conditional_assignENS_2CT6ChoiceERKSC_: 981| 1.39M| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 982| 1.39M| FieldElement::conditional_assign(m_x, m_y, cond, pt.x(), pt.y()); 983| 1.39M| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE18conditional_assignERSA_SB_NS_2CT6ChoiceERKSA_SF_: 380| 1.39M| static constexpr void conditional_assign(Self& x, Self& y, CT::Choice cond, const Self& nx, const Self& ny) { 381| 1.39M| const W mask = cond.into_bitmask(); 382| | 383| 12.5M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (383:28): [True: 11.1M, False: 1.39M] ------------------ 384| 11.1M| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 385| 11.1M| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 386| 11.1M| } 387| 1.39M| } pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E13randomize_repERNS_21RandomNumberGeneratorE: 1142| 2.04k| void randomize_rep(RandomNumberGenerator& rng) { 1143| | // In certain contexts we may be called with a Null_RNG; in that case the 1144| | // caller is accepting that randomization will not occur 1145| | 1146| | // Conditional ok: caller's RNG state (seeded vs not) is presumed public 1147| 2.04k| if(rng.is_seeded()) { ------------------ | Branch (1147:13): [True: 2.04k, False: 0] ------------------ 1148| 2.04k| auto r = FieldElement::random(rng); 1149| | 1150| 2.04k| auto r2 = r.square(); 1151| 2.04k| auto r3 = r2 * r; 1152| | 1153| 2.04k| m_x *= r2; 1154| 2.04k| m_y *= r3; 1155| 2.04k| m_z *= r; 1156| 2.04k| } 1157| 2.04k| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 2.04k| static Self random(RandomNumberGenerator& rng) { 852| 2.04k| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 2.04k| std::array buf{}; 855| | 856| 3.08k| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 3.08k, False: 0] ------------------ 857| 3.08k| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 3.08k| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 2.04k, False: 1.04k] ------------------ 868| 2.04k| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 2.04k, False: 0] ------------------ 869| 2.04k| return s.value(); 870| 2.04k| } 871| 2.04k| } 872| 3.08k| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 2.04k| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 3.68k| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 3.68k| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 3.68k] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 3.68k| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 3.68k| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 1.04k, False: 2.64k] ------------------ 802| 1.04k| return {}; 803| 1.04k| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 2.64k| return Self::from_words(words); 807| 3.68k| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE10from_wordsILm8EEESA_NSt3__15arrayImXT_EEE: 211| 2.64k| static constexpr Self from_words(std::array w) { 212| 2.64k| if constexpr(L == N) { 213| 2.64k| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 2.64k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE10is_nonzeroEv: 230| 2.04k| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E20_const_time_unpoisonEv: 1176| 510| constexpr void _const_time_unpoison() const { CT::unpoison_all(m_x, m_y, m_z); } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE20_const_time_unpoisonEv: 891| 1.53k| constexpr void _const_time_unpoison() const { CT::unpoison(m_val); } pcurves_brainpool512r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm7EED2Ev: 1358| 360| ~BlindedScalarBits() { 1359| 360| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 360| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 360| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 1.23k| static Self from_stash(const std::array& stash) { 775| 1.23k| static_assert(L >= N); 776| 1.23k| std::array val = {}; 777| 11.0k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 9.84k, False: 1.23k] ------------------ 778| 9.84k| val[i] = stash[i]; 779| 9.84k| } 780| 1.23k| return Self(val); 781| 1.23k| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEEC2ENSt3__15arrayImLm8EEE: 898| 1.59k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE12serialize_toENSt3__14spanIhLm64EEE: 739| 2.07k| constexpr void serialize_to(std::span bytes) const { 740| 2.07k| auto v = Rep::from_rep(m_val); 741| 2.07k| std::reverse(v.begin(), v.end()); 742| | 743| 2.07k| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 2.07k| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 2.07k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 360| std::array stash_value() const { 760| 360| static_assert(L >= N); 761| 360| std::array stash = {}; 762| 3.24k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 2.88k, False: 360] ------------------ 763| 2.88k| stash[i] = m_val[i]; 764| 2.88k| } 765| 360| return stash; 766| 360| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 5.22k| static Self from_stash(const std::array& stash) { 775| 5.22k| static_assert(L >= N); 776| 5.22k| std::array val = {}; 777| 47.0k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 41.7k, False: 5.22k] ------------------ 778| 41.7k| val[i] = stash[i]; 779| 41.7k| } 780| 5.22k| return Self(val); 781| 5.22k| } pcurves_brainpool512r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm4EEC2ERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1487| 150| explicit WindowedBoothMulTable(const AffinePoint& p) : m_table(varpoint_setup(p)) {} pcurves_brainpool512r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_EERKNS_16AffineCurvePointISB_EE: 1066| 1.05k| friend constexpr Self operator+(const Self& a, const AffinePoint& b) { return Self::add_mixed(a, b); } pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E9add_mixedERKSC_RKNS_16AffineCurvePointISB_EE: 1091| 1.05k| constexpr static Self add_mixed(const Self& a, const AffinePoint& b) { 1092| 1.05k| return point_add_mixed(a, b, FieldElement::one()); 1093| 1.05k| } pcurves_brainpool512r1.cpp:_ZNK5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm4EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1489| 150| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1490| 150| const BlindedScalar bits(s, rng); 1491| | 1492| 150| const size_t scalar_bits = bits.bits(); 1493| 150| const size_t full_windows = compute_full_windows(scalar_bits + 1, WindowBits); 1494| 150| const size_t initial_shift = compute_initial_shift(scalar_bits + 1, WindowBits); 1495| | 1496| 150| BOTAN_DEBUG_ASSERT(full_windows * WindowBits + initial_shift == scalar_bits + 1); ------------------ | | 130| 150| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 150| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 150] | | ------------------ ------------------ 1497| 150| BOTAN_DEBUG_ASSERT(initial_shift > 0); ------------------ | | 130| 150| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 150| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 150] | | ------------------ ------------------ 1498| | 1499| 150| auto accum = ProjectivePoint::identity(); 1500| 150| CT::poison(accum); 1501| | 1502| 17.4k| for(size_t i = 0; i != full_windows; ++i) { ------------------ | Branch (1502:28): [True: 17.2k, False: 150] ------------------ 1503| 17.2k| const size_t idx = scalar_bits - initial_shift - WindowBits * i; 1504| | 1505| 17.2k| const size_t w_i = bits.get_window(idx); 1506| 17.2k| const auto [tidx, tneg] = booth_recode(w_i); 1507| | 1508| | // Conditional ok: loop iteration count is public 1509| 17.2k| if(i == 0) { ------------------ | Branch (1509:16): [True: 150, False: 17.1k] ------------------ 1510| 150| accum = ProjectivePoint::from_affine(m_table.ct_select(tidx)); 1511| 150| accum.conditional_assign(tneg, accum.negate()); 1512| 17.1k| } else { 1513| 17.1k| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1514| 17.1k| } 1515| | 1516| 17.2k| accum = accum.dbl_n(WindowBits); 1517| | 1518| | // Conditional ok: loop iteration count is public 1519| 17.2k| if(i <= 3) { ------------------ | Branch (1519:16): [True: 600, False: 16.6k] ------------------ 1520| 600| accum.randomize_rep(rng); 1521| 600| } 1522| 17.2k| } 1523| | 1524| | // final window (note one bit shorter than previous reads) 1525| 150| const size_t w_l = bits.get_window(0) & ((1 << WindowBits) - 1); 1526| 150| const auto [tidx, tneg] = booth_recode(w_l << 1); 1527| 150| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1528| | 1529| 150| CT::unpoison(accum); 1530| 150| return accum; 1531| 150| } pcurves_brainpool512r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 150| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 150| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 150, Folded] | Branch (1308:33): [True: 150, False: 0] ------------------ 1309| 150| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 150| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 150| constexpr size_t n_words = C::Words; 1313| | 1314| 150| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 150| rng.randomize(maskb, MaskBytes); 1316| | 1317| 150| W mask[n_words] = {0}; 1318| 150| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 150| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| | if constexpr(ExcessBits > 0) { 1323| | constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| | mask[MaskWords - 1] &= ExcessMask; 1325| | } 1326| | 1327| | // Set top and bottom bits of mask 1328| 150| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 150| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 150| mask[0] |= 1; 1331| | 1332| 150| W mask_n[2 * n_words] = {0}; 1333| | 1334| 150| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 150| comba_mul(mask_n, mask, C::NW.data()); 1338| 150| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 150| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 150| m_bytes = store_be>(mask_n); 1342| 150| m_bits = C::Scalar::BITS + BlindingBits; 1343| 150| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 150| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 150| } pcurves_brainpool512r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6EE4bitsEv: 1305| 150| size_t bits() const { return m_bits; } pcurves_brainpool512r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm4EE20compute_full_windowsEmm: 1468| 150| static constexpr size_t compute_full_windows(size_t sb, size_t wb) { 1469| 150| if(sb % wb == 0) { ------------------ | Branch (1469:13): [True: 0, False: 150] ------------------ 1470| 0| return (sb - 1) / wb; 1471| 150| } else { 1472| 150| return sb / wb; 1473| 150| } 1474| 150| } pcurves_brainpool512r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm4EE21compute_initial_shiftEmm: 1476| 150| static constexpr size_t compute_initial_shift(size_t sb, size_t wb) { 1477| 150| if(sb % wb == 0) { ------------------ | Branch (1477:13): [True: 0, False: 150] ------------------ 1478| 0| return wb; 1479| 150| } else { 1480| 150| return sb - (sb / wb) * wb; 1481| 150| } 1482| 150| } pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E8identityEv: 1038| 150| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::one(), FieldElement::zero()); } pcurves_brainpool512r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6EE10get_windowEm: 1353| 17.4k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 17.4k| return read_window_bits(std::span{m_bytes}, offset); 1356| 17.4k| } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E5dbl_nEm: 1108| 17.2k| constexpr Self dbl_n(size_t n) const { 1109| | if constexpr(Self::A_is_minus_3) { 1110| | return dbl_n_a_minus_3(*this, n); 1111| | } else if constexpr(Self::A_is_zero) { 1112| | return dbl_n_a_zero(*this, n); 1113| 17.2k| } else { 1114| 17.2k| return dbl_n_generic(*this, A, n); 1115| 17.2k| } 1116| 17.2k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4div2Ev: 302| 17.2k| Self div2() const { 303| | // The inverse of 2 modulo P is (P/2)+1; this avoids a constexpr time 304| | // general inversion, which some compilers can't handle 305| 17.2k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 306| | 307| | // We could multiply by INV_2 but there is a better way ... 308| | 309| 17.2k| std::array t = value(); 310| 17.2k| const W borrow = shift_right<1>(t); 311| | 312| | // If value was odd, add (P/2)+1 313| 17.2k| const auto mask = CT::Mask::expand(borrow).value(); 314| | 315| 17.2k| W carry = 0; 316| | 317| 155k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (317:28): [True: 138k, False: 17.2k] ------------------ 318| 138k| t[i] = word_add(t[i], INV_2[i] & mask, &carry); 319| 138k| } 320| | 321| 17.2k| return Self(t); 322| 17.2k| } pcurves_brainpool512r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6EED2Ev: 1358| 150| ~BlindedScalarBits() { 1359| 150| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 150| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 150| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE7is_zeroEv: 225| 720| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEeqERKSA_: 722| 759| constexpr CT::Choice operator==(const Self& other) const { 723| 759| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 759| } pcurves_brainpool512r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE8identityEv: 921| 1| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::zero()); } pcurves_brainpool512r1.cpp:_ZN5Botan13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsENS_13MontgomeryRepEE7x3_ax_bERKNS_6IntModINS5_INS6_11FieldParamsEEEEE: 1275| 759| static constexpr FieldElement x3_ax_b(const FieldElement& x) { return (x.square() + A) * x + B; } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4sqrtEv: 663| 199| constexpr CT::Option sqrt() const { 664| 199| if constexpr(Self::P_MOD_4 == 3) { 665| | // The easy case for square root is when p == 3 (mod 4) 666| | 667| 199| constexpr auto P_PLUS_1_OVER_4 = p_plus_1_over_4(P); 668| 199| auto z = pow_vartime(P_PLUS_1_OVER_4); 669| | 670| | // Zero out the return value if it would otherwise be incorrect 671| 199| const CT::Choice correct = (z.square() == *this); 672| 199| z.conditional_assign(!correct, Self::zero()); 673| 199| return CT::Option(z, correct); 674| | } else { 675| | // Shanks-Tonelli, following I.4 in RFC 9380 676| | 677| | /* 678| | Constants: 679| | 1. c1, the largest integer such that 2^c1 divides q - 1. 680| | 2. c2 = (q - 1) / (2^c1) # Integer arithmetic 681| | 3. c3 = (c2 - 1) / 2 # Integer arithmetic 682| | 4. c4, a non-square value in F 683| | 5. c5 = c4^c2 in F 684| | */ 685| | constexpr auto C1_C2 = shanks_tonelli_c1c2(Self::P); 686| | constexpr std::array C3 = shanks_tonelli_c3(C1_C2.second); 687| | constexpr std::array P_MINUS_1_OVER_2 = p_minus_1_over_2(Self::P); 688| | constexpr Self C4 = shanks_tonelli_c4(P_MINUS_1_OVER_2); 689| | constexpr Self C5 = C4.pow_vartime(C1_C2.second); 690| | 691| | const Self& x = (*this); 692| | 693| | auto z = x.pow_vartime(C3); 694| | auto t = z.square(); 695| | t *= x; 696| | z *= x; 697| | auto b = t; 698| | auto c = C5; 699| | 700| | for(size_t i = C1_C2.first; i >= 2; i--) { 701| | b.square_n(i - 2); 702| | const CT::Choice e = b.is_one(); 703| | z.conditional_assign(!e, z * c); 704| | c.square_n(1); 705| | t.conditional_assign(!e, t * c); 706| | b = t; 707| | } 708| | 709| | // Zero out the return value if it would otherwise be incorrect 710| | const CT::Choice correct = (z.square() == *this); 711| | z.conditional_assign(!correct, Self::zero()); 712| | return CT::Option(z, correct); 713| | } 714| 199| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE12correct_signENS_2CT6ChoiceE: 248| 150| constexpr Self correct_sign(CT::Choice even) const { 249| 150| const auto flip = (even != this->is_even()); 250| 150| return Self::choose(flip, this->negate(), *this); 251| 150| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE7is_evenEv: 240| 150| constexpr CT::Choice is_even() const { 241| 150| auto v = Rep::from_rep(m_val); 242| 150| return !CT::Choice::from_int(v[0] & 0x01); 243| 150| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE6chooseENS_2CT6ChoiceERKSA_SE_: 256| 150| static constexpr Self choose(CT::Choice choice, const Self& x, const Self& y) { 257| 150| auto r = y; 258| 150| r.conditional_assign(choice, x); 259| 150| return r; 260| 150| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 554| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 554| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 554] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 554| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 554| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 194, False: 360] ------------------ 802| 194| return {}; 803| 194| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 360| return Self::from_words(words); 807| 554| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE10from_wordsILm8EEESA_NSt3__15arrayImXT_EEE: 211| 360| static constexpr Self from_words(std::array w) { 212| 360| if constexpr(L == N) { 213| 360| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 360| } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E12ScalarParamsEE6to_repERKNSt3__15arrayImLm8EEE: 115| 360| constexpr static std::array to_rep(const std::array& x) { 116| 360| std::array z; // NOLINT(*-member-init) 117| 360| comba_mul(z.data(), x.data(), R2.data()); 118| 360| return Self::redc(z); 119| 360| } pcurves_brainpool512r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE12serialize_toENSt3__14spanIhLm129EEE: 941| 960| constexpr void serialize_to(std::span bytes) const { 942| 960| BOTAN_STATE_CHECK(this->is_identity().as_bool() == false); ------------------ | | 51| 960| do { \ | | 52| 960| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 960| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 960] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 960| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 960] | | ------------------ ------------------ 943| 960| BufferStuffer pack(bytes); 944| 960| pack.append(0x04); 945| 960| x().serialize_to(pack.next()); 946| 960| y().serialize_to(pack.next()); 947| 960| BOTAN_DEBUG_ASSERT(pack.full()); ------------------ | | 130| 960| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 960| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 960] | | ------------------ ------------------ 948| 960| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 360| static Self random(RandomNumberGenerator& rng) { 852| 360| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 360| std::array buf{}; 855| | 856| 554| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 554, False: 0] ------------------ 857| 554| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 554| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 360, False: 194] ------------------ 868| 360| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 360, False: 0] ------------------ 869| 360| return s.value(); 870| 360| } 871| 360| } 872| 554| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 360| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE10is_nonzeroEv: 230| 360| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_secp256r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS2_12Secp256r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1.11k| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1.11k| auto x = pt.x(); 1027| 1.11k| auto y = pt.y(); 1028| 1.11k| auto z = FieldElement::one(); 1029| | 1030| 1.11k| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1.11k| return ProjectiveCurvePoint(x, y, z); 1033| 1.11k| } pcurves_secp256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE1xEv: 971| 1.17M| constexpr const FieldElement& x() const { return m_x; } pcurves_secp256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE1yEv: 976| 1.13M| constexpr const FieldElement& y() const { return m_y; } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE3oneEv: 200| 44.2k| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 2.56M| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1.11k| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1.11k| const W mask = cond.into_bitmask(); 412| | 413| 5.55k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 4.44k, False: 1.11k] ------------------ 414| 4.44k| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 4.44k| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 4.44k| x.m_val[i] = nx; 417| 4.44k| y.m_val[i] = ny; 418| 4.44k| } 419| 1.11k| } pcurves_secp256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE11is_identityEv: 928| 60.8k| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE7is_zeroEv: 225| 263k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 68.3k| m_x(x), m_y(y), m_z(z) {} pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E3dblEv: 1121| 3.45k| constexpr Self dbl() const { 1122| 3.45k| if constexpr(Self::A_is_minus_3) { 1123| 3.45k| return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| | } else { 1127| | return dbl_generic(*this, A); 1128| | } 1129| 3.45k| } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E1zEv: 1172| 270k| constexpr const FieldElement& z() const { return m_z; } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE6squareEv: 426| 585k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 585k| std::array z; // NOLINT(*-member-init) 428| 585k| comba_sqr(z.data(), this->data()); 429| 585k| return Self(Rep::redc(z)); 430| 585k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4dataEv: 896| 2.60M| constexpr const W* data() const { return m_val.data(); } pcurves_secp256r1.cpp:_ZN5BotanmlERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEEESC_: 346| 604k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 604k| std::array z; // NOLINT(*-member-init) 348| 604k| comba_mul(z.data(), a.data(), b.data()); 349| 604k| return Self(Rep::redc(z)); 350| 604k| } pcurves_secp256r1.cpp:_ZN5BotanmiERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEEESC_: 281| 648k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 648k| std::array r; // NOLINT(*-member-init) 283| 648k| W carry = 0; 284| 3.24M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 2.59M, False: 648k] ------------------ 285| 2.59M| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 2.59M| } 287| | 288| 648k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 648k| carry = 0; 291| | 292| 3.24M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 2.59M, False: 648k] ------------------ 293| 2.59M| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 2.59M| } 295| | 296| 648k| return Self(r); 297| 648k| } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E1xEv: 1162| 169k| constexpr const FieldElement& x() const { return m_x; } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4mul3Ev: 335| 96.9k| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_secp256r1.cpp:_ZN5BotanplERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEEESC_: 265| 159k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 159k| std::array t; // NOLINT(*-member-init) 267| | 268| 159k| W carry = 0; 269| 796k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 637k, False: 159k] ------------------ 270| 637k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 637k| } 272| | 273| 159k| std::array r; // NOLINT(*-member-init) 274| 159k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 159k| return Self(r); 276| 159k| } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E1yEv: 1167| 166k| constexpr const FieldElement& y() const { return m_y; } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4mul4Ev: 338| 3.45k| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4mul2Ev: 325| 326k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 326k| std::array t = value(); 327| 326k| const W carry = shift_left<1>(t); 328| | 329| 326k| std::array r; // NOLINT(*-member-init) 330| 326k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 326k| return Self(r); 332| 326k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE5valueEv: 894| 345k| constexpr const std::array& value() const { return m_val; } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4mul8Ev: 341| 3.45k| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_secp256r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_EESE_: 1064| 735| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 735| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 51.3k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 87.8k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 87.8k| const W mask = cond.into_bitmask(); 397| | 398| 439k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 351k, False: 87.8k] ------------------ 399| 351k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 351k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 351k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 351k| } 403| 87.8k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEEmLERKSA_: 355| 192k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 192k| std::array z; // NOLINT(*-member-init) 357| 192k| comba_mul(z.data(), data(), other.data()); 358| 192k| m_val = Rep::redc(z); 359| 192k| return (*this); 360| 192k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE8square_nEm: 439| 12.3k| constexpr void square_n(size_t n) { 440| 12.3k| std::array z; // NOLINT(*-member-init) 441| 377k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 364k, False: 12.3k] ------------------ 442| 364k| comba_sqr(z.data(), this->data()); 443| 364k| m_val = Rep::redc(z); 444| 364k| } 445| 12.3k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 176| for(;;) { 618| | // Conditional ok: this function is variable time 619| 176| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 175] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 175| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 175| std::array r; // NOLINT(*-member-init) 640| 175| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 175| if(carry == 0) { ------------------ | Branch (643:16): [True: 85, False: 90] ------------------ 644| | // b > a 645| 85| b.m_val = r; 646| 85| x = nx; 647| 85| Self::_invert_vartime_div2_helper(b, x); 648| 90| } else { 649| | // We know this can't underflow because a > b 650| 90| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 90| a.m_val = r; 652| 90| y = nx; 653| 90| Self::_invert_vartime_div2_helper(a, y); 654| 90| } 655| 175| } 656| 1| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4zeroEv: 195| 83.5k| static constexpr Self zero() { return Self(std::array{0}); } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 177| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 177| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 545| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 368, False: 177] ------------------ 552| 368| shift_right<1>(a.m_val); 553| | 554| 368| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 368| if(borrow) { ------------------ | Branch (557:16): [True: 129, False: 239] ------------------ 558| 129| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 129| } 560| 368| } 561| 177| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE6negateEv: 452| 41.6k| constexpr Self negate() const { 453| 41.6k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 41.6k| std::array r; // NOLINT(*-member-init) 456| 41.6k| W carry = 0; 457| 208k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 166k, False: 41.6k] ------------------ 458| 166k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 166k| } 460| | 461| 41.6k| return Self(r); 462| 41.6k| } pcurves_secp256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 72.4k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 16.5k| std::array stash_value() const { 760| 16.5k| static_assert(L >= N); 761| 16.5k| std::array stash = {}; 762| 82.5k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 66.0k, False: 16.5k] ------------------ 763| 66.0k| stash[i] = m_val[i]; 764| 66.0k| } 765| 16.5k| return stash; 766| 16.5k| } pcurves_secp256r1.cpp:_ZNK5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp256r1RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1407| 454| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1408| 454| const BlindedScalar scalar(s, rng); 1409| 454| return basemul_booth_exec(m_table, scalar, rng); 1410| 454| } pcurves_secp256r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm7EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp256r1RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 454| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 454| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 454, Folded] | Branch (1308:33): [True: 454, False: 0] ------------------ 1309| 454| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 454| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 454| constexpr size_t n_words = C::Words; 1313| | 1314| 454| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 454| rng.randomize(maskb, MaskBytes); 1316| | 1317| 454| W mask[n_words] = {0}; 1318| 454| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 454| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 454| if constexpr(ExcessBits > 0) { 1323| 454| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 454| mask[MaskWords - 1] &= ExcessMask; 1325| 454| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 454| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 454| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 454| mask[0] |= 1; 1331| | 1332| 454| W mask_n[2 * n_words] = {0}; 1333| | 1334| 454| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 454| comba_mul(mask_n, mask, C::NW.data()); 1338| 454| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 454| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 454| m_bytes = store_be>(mask_n); 1342| 454| m_bits = C::Scalar::BITS + BlindingBits; 1343| 454| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 454| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 454| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE8to_wordsEv: 734| 782| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS3_12Secp256r1RepEE12ScalarParamsEE8from_repERKNSt3__15arrayImLm4EEE: 137| 7.69k| constexpr static std::array from_rep(const std::array& z) { 138| 7.69k| std::array ze = {}; 139| 7.69k| copy_mem(std::span{ze}.template first(), z); 140| 7.69k| return Self::redc(ze); 141| 7.69k| } pcurves_secp256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS3_12Secp256r1RepEE12ScalarParamsEE4redcERKNSt3__15arrayImLm8EEE: 104| 14.6k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 14.6k| } else { 108| 14.6k| return monty_redc(z, P, P_dash); 109| 14.6k| } 110| 14.6k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm32EEE: 739| 6.91k| constexpr void serialize_to(std::span bytes) const { 740| 6.91k| auto v = Rep::from_rep(m_val); 741| 6.91k| std::reverse(v.begin(), v.end()); 742| | 743| 6.91k| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 6.91k| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 6.91k| } pcurves_secp256r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm7EE4bitsEv: 1305| 454| size_t bits() const { return m_bits; } pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E18conditional_assignENS_2CT6ChoiceERKSC_: 1084| 782| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 1085| 782| FieldElement::conditional_assign(m_x, m_y, m_z, cond, pt.x(), pt.y(), pt.z()); 1086| 782| } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E6negateEv: 1134| 782| constexpr Self negate() const { return Self(x(), y().negate(), z()); } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E18_const_time_poisonEv: 1174| 782| constexpr void _const_time_poison() const { CT::poison_all(m_x, m_y, m_z); } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE18_const_time_poisonEv: 889| 2.34k| constexpr void _const_time_poison() const { CT::poison(m_val); } pcurves_secp256r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm7EE10get_windowEm: 1353| 22.2k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 22.2k| return read_window_bits(std::span{m_bytes}, offset); 1356| 22.2k| } pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E10add_or_subERKSC_RKNS_16AffineCurvePointISB_EENS_2CT6ChoiceE: 1096| 40.4k| constexpr static Self add_or_sub(const Self& a, const AffinePoint& b, CT::Choice sub) { 1097| 40.4k| return point_add_or_sub_mixed(a, b, sub, FieldElement::one()); 1098| 40.4k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE18conditional_assignENS_2CT6ChoiceERKSA_: 367| 41.1k| constexpr void conditional_assign(CT::Choice cond, const Self& nx) { 368| 41.1k| const W mask = cond.into_bitmask(); 369| | 370| 205k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (370:28): [True: 164k, False: 41.1k] ------------------ 371| 164k| m_val[i] = Botan::choose(mask, nx.m_val[i], m_val[i]); 372| 164k| } 373| 41.1k| } pcurves_secp256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE9ct_selectENSt3__14spanIKSC_Lm18446744073709551615EEEm: 955| 22.2k| static constexpr auto ct_select(std::span pts, size_t idx) { 956| 22.2k| auto result = Self::identity(pts[0]); 957| | 958| | // Intentionally wrapping; set to maximum size_t if idx == 0 959| 22.2k| const size_t idx1 = static_cast(idx - 1); 960| 734k| for(size_t i = 0; i != pts.size(); ++i) { ------------------ | Branch (960:28): [True: 711k, False: 22.2k] ------------------ 961| 711k| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 962| 711k| result.conditional_assign(found, pts[i]); 963| 711k| } 964| | 965| 22.2k| return result; 966| 22.2k| } pcurves_secp256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE8identityERKSC_: 924| 41.2k| static constexpr Self identity(const Self& /*unused*/) { 925| 41.2k| return Self(FieldElement::zero(), FieldElement::zero()); 926| 41.2k| } pcurves_secp256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE18conditional_assignENS_2CT6ChoiceERKSC_: 981| 1.01M| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 982| 1.01M| FieldElement::conditional_assign(m_x, m_y, cond, pt.x(), pt.y()); 983| 1.01M| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE18conditional_assignERSA_SB_NS_2CT6ChoiceERKSA_SF_: 380| 1.01M| static constexpr void conditional_assign(Self& x, Self& y, CT::Choice cond, const Self& nx, const Self& ny) { 381| 1.01M| const W mask = cond.into_bitmask(); 382| | 383| 5.08M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (383:28): [True: 4.06M, False: 1.01M] ------------------ 384| 4.06M| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 385| 4.06M| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 386| 4.06M| } 387| 1.01M| } pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E13randomize_repERNS_21RandomNumberGeneratorE: 1142| 3.12k| void randomize_rep(RandomNumberGenerator& rng) { 1143| | // In certain contexts we may be called with a Null_RNG; in that case the 1144| | // caller is accepting that randomization will not occur 1145| | 1146| | // Conditional ok: caller's RNG state (seeded vs not) is presumed public 1147| 3.12k| if(rng.is_seeded()) { ------------------ | Branch (1147:13): [True: 3.12k, False: 0] ------------------ 1148| 3.12k| auto r = FieldElement::random(rng); 1149| | 1150| 3.12k| auto r2 = r.square(); 1151| 3.12k| auto r3 = r2 * r; 1152| | 1153| 3.12k| m_x *= r2; 1154| 3.12k| m_y *= r3; 1155| 3.12k| m_z *= r; 1156| 3.12k| } 1157| 3.12k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 3.12k| static Self random(RandomNumberGenerator& rng) { 852| 3.12k| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 3.12k| std::array buf{}; 855| | 856| 3.12k| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 3.12k, False: 0] ------------------ 857| 3.12k| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 3.12k| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 3.12k, False: 0] ------------------ 868| 3.12k| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 3.12k, False: 0] ------------------ 869| 3.12k| return s.value(); 870| 3.12k| } 871| 3.12k| } 872| 3.12k| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 3.12k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 17.0k| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 17.0k| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 17.0k] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 17.0k| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 17.0k| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 5, False: 17.0k] ------------------ 802| 5| return {}; 803| 5| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 17.0k| return Self::from_words(words); 807| 17.0k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE10from_wordsILm4EEESA_NSt3__15arrayImXT_EEE: 211| 17.0k| static constexpr Self from_words(std::array w) { 212| 17.0k| if constexpr(L == N) { 213| 17.0k| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 17.0k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE10is_nonzeroEv: 230| 3.12k| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E20_const_time_unpoisonEv: 1176| 782| constexpr void _const_time_unpoison() const { CT::unpoison_all(m_x, m_y, m_z); } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE20_const_time_unpoisonEv: 891| 2.34k| constexpr void _const_time_unpoison() const { CT::unpoison(m_val); } pcurves_secp256r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm7EED2Ev: 1358| 454| ~BlindedScalarBits() { 1359| 454| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 454| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 454| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE10from_stashILm9EEESB_RKNSt3__15arrayImXT_EEE: 774| 14.6k| static Self from_stash(const std::array& stash) { 775| 14.6k| static_assert(L >= N); 776| 14.6k| std::array val = {}; 777| 73.0k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 58.4k, False: 14.6k] ------------------ 778| 58.4k| val[i] = stash[i]; 779| 58.4k| } 780| 14.6k| return Self(val); 781| 14.6k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 21.5k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE12serialize_toENSt3__14spanIhLm32EEE: 739| 16.7k| constexpr void serialize_to(std::span bytes) const { 740| 16.7k| auto v = Rep::from_rep(m_val); 741| 16.7k| std::reverse(v.begin(), v.end()); 742| | 743| 16.7k| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 16.7k| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 16.7k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 6.91k| std::array stash_value() const { 760| 6.91k| static_assert(L >= N); 761| 6.91k| std::array stash = {}; 762| 34.5k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 27.6k, False: 6.91k] ------------------ 763| 27.6k| stash[i] = m_val[i]; 764| 27.6k| } 765| 6.91k| return stash; 766| 6.91k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 34.9k| static Self from_stash(const std::array& stash) { 775| 34.9k| static_assert(L >= N); 776| 34.9k| std::array val = {}; 777| 174k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 139k, False: 34.9k] ------------------ 778| 139k| val[i] = stash[i]; 779| 139k| } 780| 34.9k| return Self(val); 781| 34.9k| } pcurves_secp256r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm4EEC2ERKNS_16AffineCurvePointINS_6IntModINS2_12Secp256r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1487| 328| explicit WindowedBoothMulTable(const AffinePoint& p) : m_table(varpoint_setup(p)) {} pcurves_secp256r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_EERKNS_16AffineCurvePointISB_EE: 1066| 2.29k| friend constexpr Self operator+(const Self& a, const AffinePoint& b) { return Self::add_mixed(a, b); } pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E9add_mixedERKSC_RKNS_16AffineCurvePointISB_EE: 1091| 2.29k| constexpr static Self add_mixed(const Self& a, const AffinePoint& b) { 1092| 2.29k| return point_add_mixed(a, b, FieldElement::one()); 1093| 2.29k| } pcurves_secp256r1.cpp:_ZNK5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm4EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp256r1RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1489| 328| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1490| 328| const BlindedScalar bits(s, rng); 1491| | 1492| 328| const size_t scalar_bits = bits.bits(); 1493| 328| const size_t full_windows = compute_full_windows(scalar_bits + 1, WindowBits); 1494| 328| const size_t initial_shift = compute_initial_shift(scalar_bits + 1, WindowBits); 1495| | 1496| 328| BOTAN_DEBUG_ASSERT(full_windows * WindowBits + initial_shift == scalar_bits + 1); ------------------ | | 130| 328| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 328| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 328] | | ------------------ ------------------ 1497| 328| BOTAN_DEBUG_ASSERT(initial_shift > 0); ------------------ | | 130| 328| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 328| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 328] | | ------------------ ------------------ 1498| | 1499| 328| auto accum = ProjectivePoint::identity(); 1500| 328| CT::poison(accum); 1501| | 1502| 19.0k| for(size_t i = 0; i != full_windows; ++i) { ------------------ | Branch (1502:28): [True: 18.6k, False: 328] ------------------ 1503| 18.6k| const size_t idx = scalar_bits - initial_shift - WindowBits * i; 1504| | 1505| 18.6k| const size_t w_i = bits.get_window(idx); 1506| 18.6k| const auto [tidx, tneg] = booth_recode(w_i); 1507| | 1508| | // Conditional ok: loop iteration count is public 1509| 18.6k| if(i == 0) { ------------------ | Branch (1509:16): [True: 328, False: 18.3k] ------------------ 1510| 328| accum = ProjectivePoint::from_affine(m_table.ct_select(tidx)); 1511| 328| accum.conditional_assign(tneg, accum.negate()); 1512| 18.3k| } else { 1513| 18.3k| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1514| 18.3k| } 1515| | 1516| 18.6k| accum = accum.dbl_n(WindowBits); 1517| | 1518| | // Conditional ok: loop iteration count is public 1519| 18.6k| if(i <= 3) { ------------------ | Branch (1519:16): [True: 1.31k, False: 17.3k] ------------------ 1520| 1.31k| accum.randomize_rep(rng); 1521| 1.31k| } 1522| 18.6k| } 1523| | 1524| | // final window (note one bit shorter than previous reads) 1525| 328| const size_t w_l = bits.get_window(0) & ((1 << WindowBits) - 1); 1526| 328| const auto [tidx, tneg] = booth_recode(w_l << 1); 1527| 328| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1528| | 1529| 328| CT::unpoison(accum); 1530| 328| return accum; 1531| 328| } pcurves_secp256r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp256r1RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 328| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 328| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 328, Folded] | Branch (1308:33): [True: 328, False: 0] ------------------ 1309| 328| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 328| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 328| constexpr size_t n_words = C::Words; 1313| | 1314| 328| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 328| rng.randomize(maskb, MaskBytes); 1316| | 1317| 328| W mask[n_words] = {0}; 1318| 328| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 328| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 328| if constexpr(ExcessBits > 0) { 1323| 328| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 328| mask[MaskWords - 1] &= ExcessMask; 1325| 328| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 328| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 328| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 328| mask[0] |= 1; 1331| | 1332| 328| W mask_n[2 * n_words] = {0}; 1333| | 1334| 328| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 328| comba_mul(mask_n, mask, C::NW.data()); 1338| 328| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 328| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 328| m_bytes = store_be>(mask_n); 1342| 328| m_bits = C::Scalar::BITS + BlindingBits; 1343| 328| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 328| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 328| } pcurves_secp256r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6EE4bitsEv: 1305| 328| size_t bits() const { return m_bits; } pcurves_secp256r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm4EE20compute_full_windowsEmm: 1468| 328| static constexpr size_t compute_full_windows(size_t sb, size_t wb) { 1469| 328| if(sb % wb == 0) { ------------------ | Branch (1469:13): [True: 0, False: 328] ------------------ 1470| 0| return (sb - 1) / wb; 1471| 328| } else { 1472| 328| return sb / wb; 1473| 328| } 1474| 328| } pcurves_secp256r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm4EE21compute_initial_shiftEmm: 1476| 328| static constexpr size_t compute_initial_shift(size_t sb, size_t wb) { 1477| 328| if(sb % wb == 0) { ------------------ | Branch (1477:13): [True: 0, False: 328] ------------------ 1478| 0| return wb; 1479| 328| } else { 1480| 328| return sb - (sb / wb) * wb; 1481| 328| } 1482| 328| } pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E8identityEv: 1038| 328| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::one(), FieldElement::zero()); } pcurves_secp256r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6EE10get_windowEm: 1353| 19.0k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 19.0k| return read_window_bits(std::span{m_bytes}, offset); 1356| 19.0k| } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E5dbl_nEm: 1108| 18.6k| constexpr Self dbl_n(size_t n) const { 1109| 18.6k| if constexpr(Self::A_is_minus_3) { 1110| 18.6k| return dbl_n_a_minus_3(*this, n); 1111| | } else if constexpr(Self::A_is_zero) { 1112| | return dbl_n_a_zero(*this, n); 1113| | } else { 1114| | return dbl_n_generic(*this, A, n); 1115| | } 1116| 18.6k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4div2Ev: 302| 18.6k| Self div2() const { 303| | // The inverse of 2 modulo P is (P/2)+1; this avoids a constexpr time 304| | // general inversion, which some compilers can't handle 305| 18.6k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 306| | 307| | // We could multiply by INV_2 but there is a better way ... 308| | 309| 18.6k| std::array t = value(); 310| 18.6k| const W borrow = shift_right<1>(t); 311| | 312| | // If value was odd, add (P/2)+1 313| 18.6k| const auto mask = CT::Mask::expand(borrow).value(); 314| | 315| 18.6k| W carry = 0; 316| | 317| 93.4k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (317:28): [True: 74.7k, False: 18.6k] ------------------ 318| 74.7k| t[i] = word_add(t[i], INV_2[i] & mask, &carry); 319| 74.7k| } 320| | 321| 18.6k| return Self(t); 322| 18.6k| } pcurves_secp256r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6EED2Ev: 1358| 328| ~BlindedScalarBits() { 1359| 328| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 328| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 328| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE7is_zeroEv: 225| 13.8k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEEeqERKSA_: 722| 7.58k| constexpr CT::Choice operator==(const Self& other) const { 723| 7.58k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 7.58k| } pcurves_secp256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE8identityEv: 921| 2| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::zero()); } pcurves_secp256r1.cpp:_ZN5Botan13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS2_12Secp256r1RepEE7x3_ax_bERKNS_6IntModINS5_INS6_11FieldParamsEEEEE: 1275| 7.58k| static constexpr FieldElement x3_ax_b(const FieldElement& x) { return (x.square() + A) * x + B; } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE12correct_signENS_2CT6ChoiceE: 248| 328| constexpr Self correct_sign(CT::Choice even) const { 249| 328| const auto flip = (even != this->is_even()); 250| 328| return Self::choose(flip, this->negate(), *this); 251| 328| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE7is_evenEv: 240| 328| constexpr CT::Choice is_even() const { 241| 328| auto v = Rep::from_rep(m_val); 242| 328| return !CT::Choice::from_int(v[0] & 0x01); 243| 328| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE6chooseENS_2CT6ChoiceERKSA_SE_: 256| 328| static constexpr Self choose(CT::Choice choice, const Self& x, const Self& y) { 257| 328| auto r = y; 258| 328| r.conditional_assign(choice, x); 259| 328| return r; 260| 328| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 6.91k| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 6.91k| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 6.91k] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 6.91k| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 6.91k| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 6.91k] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 6.91k| return Self::from_words(words); 807| 6.91k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE10from_wordsILm4EEESB_NSt3__15arrayImXT_EEE: 211| 6.91k| static constexpr Self from_words(std::array w) { 212| 6.91k| if constexpr(L == N) { 213| 6.91k| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 6.91k| } pcurves_secp256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS3_12Secp256r1RepEE12ScalarParamsEE6to_repERKNSt3__15arrayImLm4EEE: 115| 6.91k| constexpr static std::array to_rep(const std::array& x) { 116| 6.91k| std::array z; // NOLINT(*-member-init) 117| 6.91k| comba_mul(z.data(), x.data(), R2.data()); 118| 6.91k| return Self::redc(z); 119| 6.91k| } pcurves_secp256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE12serialize_toENSt3__14spanIhLm65EEE: 941| 8.22k| constexpr void serialize_to(std::span bytes) const { 942| 8.22k| BOTAN_STATE_CHECK(this->is_identity().as_bool() == false); ------------------ | | 51| 8.22k| do { \ | | 52| 8.22k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 8.22k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 8.22k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 8.22k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 8.22k] | | ------------------ ------------------ 943| 8.22k| BufferStuffer pack(bytes); 944| 8.22k| pack.append(0x04); 945| 8.22k| x().serialize_to(pack.next()); 946| 8.22k| y().serialize_to(pack.next()); 947| 8.22k| BOTAN_DEBUG_ASSERT(pack.full()); ------------------ | | 130| 8.22k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 8.22k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 8.22k] | | ------------------ ------------------ 948| 8.22k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 454| static Self random(RandomNumberGenerator& rng) { 852| 454| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 454| std::array buf{}; 855| | 856| 454| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 454, False: 0] ------------------ 857| 454| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 454| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 454, False: 0] ------------------ 868| 454| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 454, False: 0] ------------------ 869| 454| return s.value(); 870| 454| } 871| 454| } 872| 454| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 454| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE10is_nonzeroEv: 230| 454| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_secp384r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS2_12Secp384r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1.05k| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1.05k| auto x = pt.x(); 1027| 1.05k| auto y = pt.y(); 1028| 1.05k| auto z = FieldElement::one(); 1029| | 1030| 1.05k| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1.05k| return ProjectiveCurvePoint(x, y, z); 1033| 1.05k| } pcurves_secp384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE1xEv: 971| 1.68M| constexpr const FieldElement& x() const { return m_x; } pcurves_secp384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE1yEv: 976| 1.62M| constexpr const FieldElement& y() const { return m_y; } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE3oneEv: 200| 62.1k| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEEC2ENSt3__15arrayImLm6EEE: 898| 3.39M| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1.05k| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1.05k| const W mask = cond.into_bitmask(); 412| | 413| 7.38k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 6.33k, False: 1.05k] ------------------ 414| 6.33k| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 6.33k| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 6.33k| x.m_val[i] = nx; 417| 6.33k| y.m_val[i] = ny; 418| 6.33k| } 419| 1.05k| } pcurves_secp384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE11is_identityEv: 928| 65.6k| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE7is_zeroEv: 225| 328k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 93.4k| m_x(x), m_y(y), m_z(z) {} pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E3dblEv: 1121| 3.60k| constexpr Self dbl() const { 1122| 3.60k| if constexpr(Self::A_is_minus_3) { 1123| 3.60k| return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| | } else { 1127| | return dbl_generic(*this, A); 1128| | } 1129| 3.60k| } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E1zEv: 1172| 372k| constexpr const FieldElement& z() const { return m_z; } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE6squareEv: 426| 775k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 775k| std::array z; // NOLINT(*-member-init) 428| 775k| comba_sqr(z.data(), this->data()); 429| 775k| return Self(Rep::redc(z)); 430| 775k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4dataEv: 896| 3.49M| constexpr const W* data() const { return m_val.data(); } pcurves_secp384r1.cpp:_ZN5BotanmlERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEEESC_: 346| 816k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 816k| std::array z; // NOLINT(*-member-init) 348| 816k| comba_mul(z.data(), a.data(), b.data()); 349| 816k| return Self(Rep::redc(z)); 350| 816k| } pcurves_secp384r1.cpp:_ZN5BotanmiERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEEESC_: 281| 893k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 893k| std::array r; // NOLINT(*-member-init) 283| 893k| W carry = 0; 284| 6.25M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 5.36M, False: 893k] ------------------ 285| 5.36M| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 5.36M| } 287| | 288| 893k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 893k| carry = 0; 291| | 292| 6.25M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 5.36M, False: 893k] ------------------ 293| 5.36M| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 5.36M| } 295| | 296| 893k| return Self(r); 297| 893k| } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E1xEv: 1162| 232k| constexpr const FieldElement& x() const { return m_x; } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4mul3Ev: 335| 130k| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_secp384r1.cpp:_ZN5BotanplERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEEESC_: 265| 198k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 198k| std::array t; // NOLINT(*-member-init) 267| | 268| 198k| W carry = 0; 269| 1.38M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 1.19M, False: 198k] ------------------ 270| 1.19M| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 1.19M| } 272| | 273| 198k| std::array r; // NOLINT(*-member-init) 274| 198k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 198k| return Self(r); 276| 198k| } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E1yEv: 1167| 228k| constexpr const FieldElement& y() const { return m_y; } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4mul4Ev: 338| 3.60k| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4mul2Ev: 325| 434k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 434k| std::array t = value(); 327| 434k| const W carry = shift_left<1>(t); 328| | 329| 434k| std::array r; // NOLINT(*-member-init) 330| 434k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 434k| return Self(r); 332| 434k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE5valueEv: 894| 460k| constexpr const std::array& value() const { return m_val; } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4mul8Ev: 341| 3.60k| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_secp384r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_EESE_: 1064| 1.09k| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 1.09k| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 70.3k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 124k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 124k| const W mask = cond.into_bitmask(); 397| | 398| 872k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 747k, False: 124k] ------------------ 399| 747k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 747k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 747k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 747k| } 403| 124k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEEmLERKSA_: 355| 254k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 254k| std::array z; // NOLINT(*-member-init) 357| 254k| comba_mul(z.data(), data(), other.data()); 358| 254k| m_val = Rep::redc(z); 359| 254k| return (*this); 360| 254k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE8square_nEm: 439| 15.9k| constexpr void square_n(size_t n) { 440| 15.9k| std::array z; // NOLINT(*-member-init) 441| 530k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 514k, False: 15.9k] ------------------ 442| 514k| comba_sqr(z.data(), this->data()); 443| 514k| m_val = Rep::redc(z); 444| 514k| } 445| 15.9k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 252| for(;;) { 618| | // Conditional ok: this function is variable time 619| 252| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 251] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 251| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 251| std::array r; // NOLINT(*-member-init) 640| 251| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 251| if(carry == 0) { ------------------ | Branch (643:16): [True: 118, False: 133] ------------------ 644| | // b > a 645| 118| b.m_val = r; 646| 118| x = nx; 647| 118| Self::_invert_vartime_div2_helper(b, x); 648| 133| } else { 649| | // We know this can't underflow because a > b 650| 133| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 133| a.m_val = r; 652| 133| y = nx; 653| 133| Self::_invert_vartime_div2_helper(a, y); 654| 133| } 655| 251| } 656| 1| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4zeroEv: 195| 119k| static constexpr Self zero() { return Self(std::array{0}); } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 253| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 253| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 809| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 556, False: 253] ------------------ 552| 556| shift_right<1>(a.m_val); 553| | 554| 556| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 556| if(borrow) { ------------------ | Branch (557:16): [True: 248, False: 308] ------------------ 558| 248| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 248| } 560| 556| } 561| 253| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE6negateEv: 452| 59.8k| constexpr Self negate() const { 453| 59.8k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 59.8k| std::array r; // NOLINT(*-member-init) 456| 59.8k| W carry = 0; 457| 418k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 359k, False: 59.8k] ------------------ 458| 359k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 359k| } 460| | 461| 59.8k| return Self(r); 462| 59.8k| } pcurves_secp384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 71.2k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 3.50k| std::array stash_value() const { 760| 3.50k| static_assert(L >= N); 761| 3.50k| std::array stash = {}; 762| 24.5k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 21.0k, False: 3.50k] ------------------ 763| 21.0k| stash[i] = m_val[i]; 764| 21.0k| } 765| 3.50k| return stash; 766| 3.50k| } pcurves_secp384r1.cpp:_ZNK5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp384r1RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1407| 464| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1408| 464| const BlindedScalar scalar(s, rng); 1409| 464| return basemul_booth_exec(m_table, scalar, rng); 1410| 464| } pcurves_secp384r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm7EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp384r1RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 464| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 464| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 464, Folded] | Branch (1308:33): [True: 464, False: 0] ------------------ 1309| 464| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 464| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 464| constexpr size_t n_words = C::Words; 1313| | 1314| 464| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 464| rng.randomize(maskb, MaskBytes); 1316| | 1317| 464| W mask[n_words] = {0}; 1318| 464| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 464| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 464| if constexpr(ExcessBits > 0) { 1323| 464| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 464| mask[MaskWords - 1] &= ExcessMask; 1325| 464| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 464| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 464| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 464| mask[0] |= 1; 1331| | 1332| 464| W mask_n[2 * n_words] = {0}; 1333| | 1334| 464| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 464| comba_mul(mask_n, mask, C::NW.data()); 1338| 464| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 464| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 464| m_bytes = store_be>(mask_n); 1342| 464| m_bits = C::Scalar::BITS + BlindingBits; 1343| 464| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 464| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 464| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE8to_wordsEv: 734| 759| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS3_12Secp384r1RepEE12ScalarParamsEE8from_repERKNSt3__15arrayImLm6EEE: 137| 1.22k| constexpr static std::array from_rep(const std::array& z) { 138| 1.22k| std::array ze = {}; 139| 1.22k| copy_mem(std::span{ze}.template first(), z); 140| 1.22k| return Self::redc(ze); 141| 1.22k| } pcurves_secp384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS3_12Secp384r1RepEE12ScalarParamsEE4redcERKNSt3__15arrayImLm12EEE: 104| 1.68k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 1.68k| } else { 108| 1.68k| return monty_redc(z, P, P_dash); 109| 1.68k| } 110| 1.68k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm48EEE: 739| 464| constexpr void serialize_to(std::span bytes) const { 740| 464| auto v = Rep::from_rep(m_val); 741| 464| std::reverse(v.begin(), v.end()); 742| | 743| 464| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 464| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 464| } pcurves_secp384r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm7EE4bitsEv: 1305| 464| size_t bits() const { return m_bits; } pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E18conditional_assignENS_2CT6ChoiceERKSC_: 1084| 759| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 1085| 759| FieldElement::conditional_assign(m_x, m_y, m_z, cond, pt.x(), pt.y(), pt.z()); 1086| 759| } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E6negateEv: 1134| 759| constexpr Self negate() const { return Self(x(), y().negate(), z()); } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E18_const_time_poisonEv: 1174| 759| constexpr void _const_time_poison() const { CT::poison_all(m_x, m_y, m_z); } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE18_const_time_poisonEv: 889| 2.27k| constexpr void _const_time_poison() const { CT::poison(m_val); } pcurves_secp384r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm7EE10get_windowEm: 1353| 33.8k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 33.8k| return read_window_bits(std::span{m_bytes}, offset); 1356| 33.8k| } pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E10add_or_subERKSC_RKNS_16AffineCurvePointISB_EENS_2CT6ChoiceE: 1096| 58.7k| constexpr static Self add_or_sub(const Self& a, const AffinePoint& b, CT::Choice sub) { 1097| 58.7k| return point_add_or_sub_mixed(a, b, sub, FieldElement::one()); 1098| 58.7k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE18conditional_assignENS_2CT6ChoiceERKSA_: 367| 59.3k| constexpr void conditional_assign(CT::Choice cond, const Self& nx) { 368| 59.3k| const W mask = cond.into_bitmask(); 369| | 370| 415k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (370:28): [True: 356k, False: 59.3k] ------------------ 371| 356k| m_val[i] = Botan::choose(mask, nx.m_val[i], m_val[i]); 372| 356k| } 373| 59.3k| } pcurves_secp384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE9ct_selectENSt3__14spanIKSC_Lm18446744073709551615EEEm: 955| 33.8k| static constexpr auto ct_select(std::span pts, size_t idx) { 956| 33.8k| auto result = Self::identity(pts[0]); 957| | 958| | // Intentionally wrapping; set to maximum size_t if idx == 0 959| 33.8k| const size_t idx1 = static_cast(idx - 1); 960| 1.11M| for(size_t i = 0; i != pts.size(); ++i) { ------------------ | Branch (960:28): [True: 1.08M, False: 33.8k] ------------------ 961| 1.08M| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 962| 1.08M| result.conditional_assign(found, pts[i]); 963| 1.08M| } 964| | 965| 33.8k| return result; 966| 33.8k| } pcurves_secp384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE8identityERKSC_: 924| 59.5k| static constexpr Self identity(const Self& /*unused*/) { 925| 59.5k| return Self(FieldElement::zero(), FieldElement::zero()); 926| 59.5k| } pcurves_secp384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE18conditional_assignENS_2CT6ChoiceERKSC_: 981| 1.49M| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 982| 1.49M| FieldElement::conditional_assign(m_x, m_y, cond, pt.x(), pt.y()); 983| 1.49M| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE18conditional_assignERSA_SB_NS_2CT6ChoiceERKSA_SF_: 380| 1.49M| static constexpr void conditional_assign(Self& x, Self& y, CT::Choice cond, const Self& nx, const Self& ny) { 381| 1.49M| const W mask = cond.into_bitmask(); 382| | 383| 10.4M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (383:28): [True: 8.96M, False: 1.49M] ------------------ 384| 8.96M| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 385| 8.96M| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 386| 8.96M| } 387| 1.49M| } pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E13randomize_repERNS_21RandomNumberGeneratorE: 1142| 3.03k| void randomize_rep(RandomNumberGenerator& rng) { 1143| | // In certain contexts we may be called with a Null_RNG; in that case the 1144| | // caller is accepting that randomization will not occur 1145| | 1146| | // Conditional ok: caller's RNG state (seeded vs not) is presumed public 1147| 3.03k| if(rng.is_seeded()) { ------------------ | Branch (1147:13): [True: 3.03k, False: 0] ------------------ 1148| 3.03k| auto r = FieldElement::random(rng); 1149| | 1150| 3.03k| auto r2 = r.square(); 1151| 3.03k| auto r3 = r2 * r; 1152| | 1153| 3.03k| m_x *= r2; 1154| 3.03k| m_y *= r3; 1155| 3.03k| m_z *= r; 1156| 3.03k| } 1157| 3.03k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 3.03k| static Self random(RandomNumberGenerator& rng) { 852| 3.03k| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 3.03k| std::array buf{}; 855| | 856| 3.03k| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 3.03k, False: 0] ------------------ 857| 3.03k| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 3.03k| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 3.03k, False: 0] ------------------ 868| 3.03k| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 3.03k, False: 0] ------------------ 869| 3.03k| return s.value(); 870| 3.03k| } 871| 3.03k| } 872| 3.03k| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 3.03k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 4.02k| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 4.02k| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 4.02k] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 4.02k| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 4.02k| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 5, False: 4.02k] ------------------ 802| 5| return {}; 803| 5| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 4.02k| return Self::from_words(words); 807| 4.02k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE10from_wordsILm6EEESA_NSt3__15arrayImXT_EEE: 211| 4.02k| static constexpr Self from_words(std::array w) { 212| 4.02k| if constexpr(L == N) { 213| 4.02k| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 4.02k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE10is_nonzeroEv: 230| 3.03k| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E20_const_time_unpoisonEv: 1176| 759| constexpr void _const_time_unpoison() const { CT::unpoison_all(m_x, m_y, m_z); } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE20_const_time_unpoisonEv: 891| 2.27k| constexpr void _const_time_unpoison() const { CT::unpoison(m_val); } pcurves_secp384r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm7EED2Ev: 1358| 464| ~BlindedScalarBits() { 1359| 464| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 464| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 464| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE10from_stashILm9EEESB_RKNSt3__15arrayImXT_EEE: 774| 1.68k| static Self from_stash(const std::array& stash) { 775| 1.68k| static_assert(L >= N); 776| 1.68k| std::array val = {}; 777| 11.8k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 10.1k, False: 1.68k] ------------------ 778| 10.1k| val[i] = stash[i]; 779| 10.1k| } 780| 1.68k| return Self(val); 781| 1.68k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEEC2ENSt3__15arrayImLm6EEE: 898| 2.15k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE12serialize_toENSt3__14spanIhLm48EEE: 739| 3.58k| constexpr void serialize_to(std::span bytes) const { 740| 3.58k| auto v = Rep::from_rep(m_val); 741| 3.58k| std::reverse(v.begin(), v.end()); 742| | 743| 3.58k| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 3.58k| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 3.58k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 464| std::array stash_value() const { 760| 464| static_assert(L >= N); 761| 464| std::array stash = {}; 762| 3.24k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 2.78k, False: 464] ------------------ 763| 2.78k| stash[i] = m_val[i]; 764| 2.78k| } 765| 464| return stash; 766| 464| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 8.56k| static Self from_stash(const std::array& stash) { 775| 8.56k| static_assert(L >= N); 776| 8.56k| std::array val = {}; 777| 59.9k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 51.3k, False: 8.56k] ------------------ 778| 51.3k| val[i] = stash[i]; 779| 51.3k| } 780| 8.56k| return Self(val); 781| 8.56k| } pcurves_secp384r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm4EEC2ERKNS_16AffineCurvePointINS_6IntModINS2_12Secp384r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1487| 295| explicit WindowedBoothMulTable(const AffinePoint& p) : m_table(varpoint_setup(p)) {} pcurves_secp384r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_EERKNS_16AffineCurvePointISB_EE: 1066| 2.06k| friend constexpr Self operator+(const Self& a, const AffinePoint& b) { return Self::add_mixed(a, b); } pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E9add_mixedERKSC_RKNS_16AffineCurvePointISB_EE: 1091| 2.06k| constexpr static Self add_mixed(const Self& a, const AffinePoint& b) { 1092| 2.06k| return point_add_mixed(a, b, FieldElement::one()); 1093| 2.06k| } pcurves_secp384r1.cpp:_ZNK5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm4EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp384r1RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1489| 295| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1490| 295| const BlindedScalar bits(s, rng); 1491| | 1492| 295| const size_t scalar_bits = bits.bits(); 1493| 295| const size_t full_windows = compute_full_windows(scalar_bits + 1, WindowBits); 1494| 295| const size_t initial_shift = compute_initial_shift(scalar_bits + 1, WindowBits); 1495| | 1496| 295| BOTAN_DEBUG_ASSERT(full_windows * WindowBits + initial_shift == scalar_bits + 1); ------------------ | | 130| 295| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 295| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 295] | | ------------------ ------------------ 1497| 295| BOTAN_DEBUG_ASSERT(initial_shift > 0); ------------------ | | 130| 295| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 295| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 295] | | ------------------ ------------------ 1498| | 1499| 295| auto accum = ProjectivePoint::identity(); 1500| 295| CT::poison(accum); 1501| | 1502| 25.6k| for(size_t i = 0; i != full_windows; ++i) { ------------------ | Branch (1502:28): [True: 25.3k, False: 295] ------------------ 1503| 25.3k| const size_t idx = scalar_bits - initial_shift - WindowBits * i; 1504| | 1505| 25.3k| const size_t w_i = bits.get_window(idx); 1506| 25.3k| const auto [tidx, tneg] = booth_recode(w_i); 1507| | 1508| | // Conditional ok: loop iteration count is public 1509| 25.3k| if(i == 0) { ------------------ | Branch (1509:16): [True: 295, False: 25.0k] ------------------ 1510| 295| accum = ProjectivePoint::from_affine(m_table.ct_select(tidx)); 1511| 295| accum.conditional_assign(tneg, accum.negate()); 1512| 25.0k| } else { 1513| 25.0k| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1514| 25.0k| } 1515| | 1516| 25.3k| accum = accum.dbl_n(WindowBits); 1517| | 1518| | // Conditional ok: loop iteration count is public 1519| 25.3k| if(i <= 3) { ------------------ | Branch (1519:16): [True: 1.18k, False: 24.1k] ------------------ 1520| 1.18k| accum.randomize_rep(rng); 1521| 1.18k| } 1522| 25.3k| } 1523| | 1524| | // final window (note one bit shorter than previous reads) 1525| 295| const size_t w_l = bits.get_window(0) & ((1 << WindowBits) - 1); 1526| 295| const auto [tidx, tneg] = booth_recode(w_l << 1); 1527| 295| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1528| | 1529| 295| CT::unpoison(accum); 1530| 295| return accum; 1531| 295| } pcurves_secp384r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp384r1RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 295| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 295| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 295, Folded] | Branch (1308:33): [True: 295, False: 0] ------------------ 1309| 295| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 295| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 295| constexpr size_t n_words = C::Words; 1313| | 1314| 295| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 295| rng.randomize(maskb, MaskBytes); 1316| | 1317| 295| W mask[n_words] = {0}; 1318| 295| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 295| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 295| if constexpr(ExcessBits > 0) { 1323| 295| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 295| mask[MaskWords - 1] &= ExcessMask; 1325| 295| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 295| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 295| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 295| mask[0] |= 1; 1331| | 1332| 295| W mask_n[2 * n_words] = {0}; 1333| | 1334| 295| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 295| comba_mul(mask_n, mask, C::NW.data()); 1338| 295| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 295| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 295| m_bytes = store_be>(mask_n); 1342| 295| m_bits = C::Scalar::BITS + BlindingBits; 1343| 295| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 295| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 295| } pcurves_secp384r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6EE4bitsEv: 1305| 295| size_t bits() const { return m_bits; } pcurves_secp384r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm4EE20compute_full_windowsEmm: 1468| 295| static constexpr size_t compute_full_windows(size_t sb, size_t wb) { 1469| 295| if(sb % wb == 0) { ------------------ | Branch (1469:13): [True: 0, False: 295] ------------------ 1470| 0| return (sb - 1) / wb; 1471| 295| } else { 1472| 295| return sb / wb; 1473| 295| } 1474| 295| } pcurves_secp384r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm4EE21compute_initial_shiftEmm: 1476| 295| static constexpr size_t compute_initial_shift(size_t sb, size_t wb) { 1477| 295| if(sb % wb == 0) { ------------------ | Branch (1477:13): [True: 0, False: 295] ------------------ 1478| 0| return wb; 1479| 295| } else { 1480| 295| return sb - (sb / wb) * wb; 1481| 295| } 1482| 295| } pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E8identityEv: 1038| 295| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::one(), FieldElement::zero()); } pcurves_secp384r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6EE10get_windowEm: 1353| 25.6k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 25.6k| return read_window_bits(std::span{m_bytes}, offset); 1356| 25.6k| } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E5dbl_nEm: 1108| 25.3k| constexpr Self dbl_n(size_t n) const { 1109| 25.3k| if constexpr(Self::A_is_minus_3) { 1110| 25.3k| return dbl_n_a_minus_3(*this, n); 1111| | } else if constexpr(Self::A_is_zero) { 1112| | return dbl_n_a_zero(*this, n); 1113| | } else { 1114| | return dbl_n_generic(*this, A, n); 1115| | } 1116| 25.3k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4div2Ev: 302| 25.3k| Self div2() const { 303| | // The inverse of 2 modulo P is (P/2)+1; this avoids a constexpr time 304| | // general inversion, which some compilers can't handle 305| 25.3k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 306| | 307| | // We could multiply by INV_2 but there is a better way ... 308| | 309| 25.3k| std::array t = value(); 310| 25.3k| const W borrow = shift_right<1>(t); 311| | 312| | // If value was odd, add (P/2)+1 313| 25.3k| const auto mask = CT::Mask::expand(borrow).value(); 314| | 315| 25.3k| W carry = 0; 316| | 317| 177k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (317:28): [True: 152k, False: 25.3k] ------------------ 318| 152k| t[i] = word_add(t[i], INV_2[i] & mask, &carry); 319| 152k| } 320| | 321| 25.3k| return Self(t); 322| 25.3k| } pcurves_secp384r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6EED2Ev: 1358| 295| ~BlindedScalarBits() { 1359| 295| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 295| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 295| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE7is_zeroEv: 225| 928| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEEeqERKSA_: 722| 1.10k| constexpr CT::Choice operator==(const Self& other) const { 723| 1.10k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 1.10k| } pcurves_secp384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE8identityEv: 921| 1| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::zero()); } pcurves_secp384r1.cpp:_ZN5Botan13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS2_12Secp384r1RepEE7x3_ax_bERKNS_6IntModINS5_INS6_11FieldParamsEEEEE: 1275| 1.10k| static constexpr FieldElement x3_ax_b(const FieldElement& x) { return (x.square() + A) * x + B; } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE12correct_signENS_2CT6ChoiceE: 248| 295| constexpr Self correct_sign(CT::Choice even) const { 249| 295| const auto flip = (even != this->is_even()); 250| 295| return Self::choose(flip, this->negate(), *this); 251| 295| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE7is_evenEv: 240| 295| constexpr CT::Choice is_even() const { 241| 295| auto v = Rep::from_rep(m_val); 242| 295| return !CT::Choice::from_int(v[0] & 0x01); 243| 295| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE6chooseENS_2CT6ChoiceERKSA_SE_: 256| 295| static constexpr Self choose(CT::Choice choice, const Self& x, const Self& y) { 257| 295| auto r = y; 258| 295| r.conditional_assign(choice, x); 259| 295| return r; 260| 295| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 464| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 464| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 464] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 464| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 464| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 464] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 464| return Self::from_words(words); 807| 464| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE10from_wordsILm6EEESB_NSt3__15arrayImXT_EEE: 211| 464| static constexpr Self from_words(std::array w) { 212| 464| if constexpr(L == N) { 213| 464| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 464| } pcurves_secp384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS3_12Secp384r1RepEE12ScalarParamsEE6to_repERKNSt3__15arrayImLm6EEE: 115| 464| constexpr static std::array to_rep(const std::array& x) { 116| 464| std::array z; // NOLINT(*-member-init) 117| 464| comba_mul(z.data(), x.data(), R2.data()); 118| 464| return Self::redc(z); 119| 464| } pcurves_secp384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE12serialize_toENSt3__14spanIhLm97EEE: 941| 1.64k| constexpr void serialize_to(std::span bytes) const { 942| 1.64k| BOTAN_STATE_CHECK(this->is_identity().as_bool() == false); ------------------ | | 51| 1.64k| do { \ | | 52| 1.64k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 1.64k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 1.64k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 1.64k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 1.64k] | | ------------------ ------------------ 943| 1.64k| BufferStuffer pack(bytes); 944| 1.64k| pack.append(0x04); 945| 1.64k| x().serialize_to(pack.next()); 946| 1.64k| y().serialize_to(pack.next()); 947| 1.64k| BOTAN_DEBUG_ASSERT(pack.full()); ------------------ | | 130| 1.64k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 1.64k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 1.64k] | | ------------------ ------------------ 948| 1.64k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 464| static Self random(RandomNumberGenerator& rng) { 852| 464| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 464| std::array buf{}; 855| | 856| 464| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 464, False: 0] ------------------ 857| 464| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 464| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 464, False: 0] ------------------ 868| 464| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 464, False: 0] ------------------ 869| 464| return s.value(); 870| 464| } 871| 464| } 872| 464| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 464| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE10is_nonzeroEv: 230| 464| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_secp521r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS3_7P521RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 873| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 873| auto x = pt.x(); 1027| 873| auto y = pt.y(); 1028| 873| auto z = FieldElement::one(); 1029| | 1030| 873| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 873| return ProjectiveCurvePoint(x, y, z); 1033| 873| } pcurves_secp521r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE1xEv: 971| 1.88M| constexpr const FieldElement& x() const { return m_x; } pcurves_secp521r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE1yEv: 976| 1.81M| constexpr const FieldElement& y() const { return m_y; } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE3oneEv: 200| 68.2k| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEC2ENSt3__15arrayImLm9EEE: 898| 3.67M| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 873| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 873| const W mask = cond.into_bitmask(); 412| | 413| 8.73k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 7.85k, False: 873] ------------------ 414| 7.85k| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 7.85k| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 7.85k| x.m_val[i] = nx; 417| 7.85k| y.m_val[i] = ny; 418| 7.85k| } 419| 873| } pcurves_secp521r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE11is_identityEv: 928| 71.0k| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE7is_zeroEv: 225| 359k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 101k| m_x(x), m_y(y), m_z(z) {} pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E3dblEv: 1121| 3.54k| constexpr Self dbl() const { 1122| 3.54k| if constexpr(Self::A_is_minus_3) { 1123| 3.54k| return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| | } else { 1127| | return dbl_generic(*this, A); 1128| | } 1129| 3.54k| } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1zEv: 1172| 407k| constexpr const FieldElement& z() const { return m_z; } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6squareEv: 426| 834k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 834k| std::array z; // NOLINT(*-member-init) 428| 834k| comba_sqr(z.data(), this->data()); 429| 834k| return Self(Rep::redc(z)); 430| 834k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4dataEv: 896| 3.78M| constexpr const W* data() const { return m_val.data(); } pcurves_secp521r1.cpp:_ZN5BotanmlERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 346| 886k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 886k| std::array z; // NOLINT(*-member-init) 348| 886k| comba_mul(z.data(), a.data(), b.data()); 349| 886k| return Self(Rep::redc(z)); 350| 886k| } pcurves_secp521r1.cpp:_ZN5BotanmiERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 281| 970k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 970k| std::array r; // NOLINT(*-member-init) 283| 970k| W carry = 0; 284| 9.70M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 8.73M, False: 970k] ------------------ 285| 8.73M| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 8.73M| } 287| | 288| 970k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 970k| carry = 0; 291| | 292| 9.70M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 8.73M, False: 970k] ------------------ 293| 8.73M| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 8.73M| } 295| | 296| 970k| return Self(r); 297| 970k| } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1xEv: 1162| 254k| constexpr const FieldElement& x() const { return m_x; } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul3Ev: 335| 139k| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_secp521r1.cpp:_ZN5BotanplERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 265| 214k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 214k| std::array t; // NOLINT(*-member-init) 267| | 268| 214k| W carry = 0; 269| 2.14M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 1.92M, False: 214k] ------------------ 270| 1.92M| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 1.92M| } 272| | 273| 214k| std::array r; // NOLINT(*-member-init) 274| 214k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 214k| return Self(r); 276| 214k| } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1yEv: 1167| 250k| constexpr const FieldElement& y() const { return m_y; } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul4Ev: 338| 3.54k| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul2Ev: 325| 464k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 464k| std::array t = value(); 327| 464k| const W carry = shift_left<1>(t); 328| | 329| 464k| std::array r; // NOLINT(*-member-init) 330| 464k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 464k| return Self(r); 332| 464k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE5valueEv: 894| 491k| constexpr const std::array& value() const { return m_val; } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul8Ev: 341| 3.54k| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_secp521r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EESE_: 1064| 1.45k| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 1.45k| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 77.1k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 137k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 137k| const W mask = cond.into_bitmask(); 397| | 398| 1.37M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 1.24M, False: 137k] ------------------ 399| 1.24M| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 1.24M| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 1.24M| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 1.24M| } 403| 137k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEmLERKSA_: 355| 263k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 263k| std::array z; // NOLINT(*-member-init) 357| 263k| comba_mul(z.data(), data(), other.data()); 358| 263k| m_val = Rep::redc(z); 359| 263k| return (*this); 360| 263k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE8square_nEm: 439| 9.83k| constexpr void square_n(size_t n) { 440| 9.83k| std::array z; // NOLINT(*-member-init) 441| 589k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 579k, False: 9.83k] ------------------ 442| 579k| comba_sqr(z.data(), this->data()); 443| 579k| m_val = Rep::redc(z); 444| 579k| } 445| 9.83k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 350| for(;;) { 618| | // Conditional ok: this function is variable time 619| 350| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 349] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 349| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 349| std::array r; // NOLINT(*-member-init) 640| 349| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 349| if(carry == 0) { ------------------ | Branch (643:16): [True: 170, False: 179] ------------------ 644| | // b > a 645| 170| b.m_val = r; 646| 170| x = nx; 647| 170| Self::_invert_vartime_div2_helper(b, x); 648| 179| } else { 649| | // We know this can't underflow because a > b 650| 179| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 179| a.m_val = r; 652| 179| y = nx; 653| 179| Self::_invert_vartime_div2_helper(a, y); 654| 179| } 655| 349| } 656| 1| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4zeroEv: 195| 132k| static constexpr Self zero() { return Self(std::array{0}); } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 351| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 351| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 1.09k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 742, False: 351] ------------------ 552| 742| shift_right<1>(a.m_val); 553| | 554| 742| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 742| if(borrow) { ------------------ | Branch (557:16): [True: 109, False: 633] ------------------ 558| 109| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 109| } 560| 742| } 561| 351| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6negateEv: 452| 66.3k| constexpr Self negate() const { 453| 66.3k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 66.3k| std::array r; // NOLINT(*-member-init) 456| 66.3k| W carry = 0; 457| 663k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 597k, False: 66.3k] ------------------ 458| 597k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 597k| } 460| | 461| 66.3k| return Self(r); 462| 66.3k| } pcurves_secp521r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 76.7k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 2.94k| std::array stash_value() const { 760| 2.94k| static_assert(L >= N); 761| 2.94k| std::array stash = {}; 762| 29.4k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 26.4k, False: 2.94k] ------------------ 763| 26.4k| stash[i] = m_val[i]; 764| 26.4k| } 765| 2.94k| return stash; 766| 2.94k| } pcurves_secp521r1.cpp:_ZNK5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS3_7P521RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1407| 398| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1408| 398| const BlindedScalar scalar(s, rng); 1409| 398| return basemul_booth_exec(m_table, scalar, rng); 1410| 398| } pcurves_secp521r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm7EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS3_7P521RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 398| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 398| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 398, Folded] | Branch (1308:33): [True: 398, False: 0] ------------------ 1309| 398| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 398| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 398| constexpr size_t n_words = C::Words; 1313| | 1314| 398| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 398| rng.randomize(maskb, MaskBytes); 1316| | 1317| 398| W mask[n_words] = {0}; 1318| 398| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 398| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 398| if constexpr(ExcessBits > 0) { 1323| 398| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 398| mask[MaskWords - 1] &= ExcessMask; 1325| 398| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 398| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 398| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 398| mask[0] |= 1; 1331| | 1332| 398| W mask_n[2 * n_words] = {0}; 1333| | 1334| 398| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 398| comba_mul(mask_n, mask, C::NW.data()); 1338| 398| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 398| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 398| m_bytes = store_be>(mask_n); 1342| 398| m_bits = C::Scalar::BITS + BlindingBits; 1343| 398| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 398| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 398| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE8to_wordsEv: 734| 635| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp521r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS4_7P521RepEE12ScalarParamsEE8from_repERKNSt3__15arrayImLm9EEE: 137| 1.03k| constexpr static std::array from_rep(const std::array& z) { 138| 1.03k| std::array ze = {}; 139| 1.03k| copy_mem(std::span{ze}.template first(), z); 140| 1.03k| return Self::redc(ze); 141| 1.03k| } pcurves_secp521r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS4_7P521RepEE12ScalarParamsEE4redcERKNSt3__15arrayImLm18EEE: 104| 1.43k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 1.43k| } else { 108| 1.43k| return monty_redc(z, P, P_dash); 109| 1.43k| } 110| 1.43k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm66EEE: 739| 398| constexpr void serialize_to(std::span bytes) const { 740| 398| auto v = Rep::from_rep(m_val); 741| 398| std::reverse(v.begin(), v.end()); 742| | 743| | if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| | store_be(bytes, v); 745| 398| } else { 746| | // Remove leading zero bytes 747| 398| const auto padded_bytes = store_be(v); 748| 398| constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| 398| copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| 398| } 751| 398| } pcurves_secp521r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm7EE4bitsEv: 1305| 398| size_t bits() const { return m_bits; } pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E18conditional_assignENS_2CT6ChoiceERKSC_: 1084| 635| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 1085| 635| FieldElement::conditional_assign(m_x, m_y, m_z, cond, pt.x(), pt.y(), pt.z()); 1086| 635| } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E6negateEv: 1134| 635| constexpr Self negate() const { return Self(x(), y().negate(), z()); } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E18_const_time_poisonEv: 1174| 635| constexpr void _const_time_poison() const { CT::poison_all(m_x, m_y, m_z); } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE18_const_time_poisonEv: 889| 1.90k| constexpr void _const_time_poison() const { CT::poison(m_val); } pcurves_secp521r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm7EE10get_windowEm: 1353| 38.6k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 38.6k| return read_window_bits(std::span{m_bytes}, offset); 1356| 38.6k| } pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E10add_or_subERKSC_RKNS_16AffineCurvePointISB_EENS_2CT6ChoiceE: 1096| 65.4k| constexpr static Self add_or_sub(const Self& a, const AffinePoint& b, CT::Choice sub) { 1097| 65.4k| return point_add_or_sub_mixed(a, b, sub, FieldElement::one()); 1098| 65.4k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE18conditional_assignENS_2CT6ChoiceERKSA_: 367| 65.9k| constexpr void conditional_assign(CT::Choice cond, const Self& nx) { 368| 65.9k| const W mask = cond.into_bitmask(); 369| | 370| 659k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (370:28): [True: 593k, False: 65.9k] ------------------ 371| 593k| m_val[i] = Botan::choose(mask, nx.m_val[i], m_val[i]); 372| 593k| } 373| 65.9k| } pcurves_secp521r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE9ct_selectENSt3__14spanIKSC_Lm18446744073709551615EEEm: 955| 38.6k| static constexpr auto ct_select(std::span pts, size_t idx) { 956| 38.6k| auto result = Self::identity(pts[0]); 957| | 958| | // Intentionally wrapping; set to maximum size_t if idx == 0 959| 38.6k| const size_t idx1 = static_cast(idx - 1); 960| 1.27M| for(size_t i = 0; i != pts.size(); ++i) { ------------------ | Branch (960:28): [True: 1.23M, False: 38.6k] ------------------ 961| 1.23M| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 962| 1.23M| result.conditional_assign(found, pts[i]); 963| 1.23M| } 964| | 965| 38.6k| return result; 966| 38.6k| } pcurves_secp521r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE8identityERKSC_: 924| 66.0k| static constexpr Self identity(const Self& /*unused*/) { 925| 66.0k| return Self(FieldElement::zero(), FieldElement::zero()); 926| 66.0k| } pcurves_secp521r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE18conditional_assignENS_2CT6ChoiceERKSC_: 981| 1.67M| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 982| 1.67M| FieldElement::conditional_assign(m_x, m_y, cond, pt.x(), pt.y()); 983| 1.67M| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE18conditional_assignERSA_SB_NS_2CT6ChoiceERKSA_SF_: 380| 1.67M| static constexpr void conditional_assign(Self& x, Self& y, CT::Choice cond, const Self& nx, const Self& ny) { 381| 1.67M| const W mask = cond.into_bitmask(); 382| | 383| 16.7M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (383:28): [True: 15.0M, False: 1.67M] ------------------ 384| 15.0M| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 385| 15.0M| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 386| 15.0M| } 387| 1.67M| } pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E13randomize_repERNS_21RandomNumberGeneratorE: 1142| 2.54k| void randomize_rep(RandomNumberGenerator& rng) { 1143| | // In certain contexts we may be called with a Null_RNG; in that case the 1144| | // caller is accepting that randomization will not occur 1145| | 1146| | // Conditional ok: caller's RNG state (seeded vs not) is presumed public 1147| 2.54k| if(rng.is_seeded()) { ------------------ | Branch (1147:13): [True: 2.54k, False: 0] ------------------ 1148| 2.54k| auto r = FieldElement::random(rng); 1149| | 1150| 2.54k| auto r2 = r.square(); 1151| 2.54k| auto r3 = r2 * r; 1152| | 1153| 2.54k| m_x *= r2; 1154| 2.54k| m_y *= r3; 1155| 2.54k| m_z *= r; 1156| 2.54k| } 1157| 2.54k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 2.54k| static Self random(RandomNumberGenerator& rng) { 852| 2.54k| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 2.54k| std::array buf{}; 855| | 856| 2.54k| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 2.54k, False: 0] ------------------ 857| 2.54k| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| 2.54k| if constexpr(Self::BITS % 8 != 0) { 862| 2.54k| constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| 2.54k| buf[0] &= mask; 864| 2.54k| } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 2.54k| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 2.54k, False: 0] ------------------ 868| 2.54k| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 2.54k, False: 0] ------------------ 869| 2.54k| return s.value(); 870| 2.54k| } 871| 2.54k| } 872| 2.54k| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 2.54k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 3.36k| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 3.36k| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 3.36k] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 3.36k| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 3.36k| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 5, False: 3.36k] ------------------ 802| 5| return {}; 803| 5| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 3.36k| return Self::from_words(words); 807| 3.36k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE10from_wordsILm9EEESA_NSt3__15arrayImXT_EEE: 211| 3.36k| static constexpr Self from_words(std::array w) { 212| 3.36k| if constexpr(L == N) { 213| 3.36k| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 3.36k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE10is_nonzeroEv: 230| 2.54k| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E20_const_time_unpoisonEv: 1176| 635| constexpr void _const_time_unpoison() const { CT::unpoison_all(m_x, m_y, m_z); } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE20_const_time_unpoisonEv: 891| 1.90k| constexpr void _const_time_unpoison() const { CT::unpoison(m_val); } pcurves_secp521r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm7EED2Ev: 1358| 398| ~BlindedScalarBits() { 1359| 398| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 398| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 398| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE10from_stashILm9EEESB_RKNSt3__15arrayImXT_EEE: 774| 1.43k| static Self from_stash(const std::array& stash) { 775| 1.43k| static_assert(L >= N); 776| 1.43k| std::array val = {}; 777| 14.3k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 12.8k, False: 1.43k] ------------------ 778| 12.8k| val[i] = stash[i]; 779| 12.8k| } 780| 1.43k| return Self(val); 781| 1.43k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEEC2ENSt3__15arrayImLm9EEE: 898| 1.82k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE12serialize_toENSt3__14spanIhLm66EEE: 739| 2.92k| constexpr void serialize_to(std::span bytes) const { 740| 2.92k| auto v = Rep::from_rep(m_val); 741| 2.92k| std::reverse(v.begin(), v.end()); 742| | 743| | if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| | store_be(bytes, v); 745| 2.92k| } else { 746| | // Remove leading zero bytes 747| 2.92k| const auto padded_bytes = store_be(v); 748| 2.92k| constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| 2.92k| copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| 2.92k| } 751| 2.92k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 398| std::array stash_value() const { 760| 398| static_assert(L >= N); 761| 398| std::array stash = {}; 762| 3.98k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 3.58k, False: 398] ------------------ 763| 3.58k| stash[i] = m_val[i]; 764| 3.58k| } 765| 398| return stash; 766| 398| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 7.05k| static Self from_stash(const std::array& stash) { 775| 7.05k| static_assert(L >= N); 776| 7.05k| std::array val = {}; 777| 70.5k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 63.5k, False: 7.05k] ------------------ 778| 63.5k| val[i] = stash[i]; 779| 63.5k| } 780| 7.05k| return Self(val); 781| 7.05k| } pcurves_secp521r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm4EEC2ERKNS_16AffineCurvePointINS_6IntModINS3_7P521RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1487| 237| explicit WindowedBoothMulTable(const AffinePoint& p) : m_table(varpoint_setup(p)) {} pcurves_secp521r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EERKNS_16AffineCurvePointISB_EE: 1066| 1.65k| friend constexpr Self operator+(const Self& a, const AffinePoint& b) { return Self::add_mixed(a, b); } pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E9add_mixedERKSC_RKNS_16AffineCurvePointISB_EE: 1091| 1.65k| constexpr static Self add_mixed(const Self& a, const AffinePoint& b) { 1092| 1.65k| return point_add_mixed(a, b, FieldElement::one()); 1093| 1.65k| } pcurves_secp521r1.cpp:_ZNK5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm4EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS3_7P521RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1489| 237| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1490| 237| const BlindedScalar bits(s, rng); 1491| | 1492| 237| const size_t scalar_bits = bits.bits(); 1493| 237| const size_t full_windows = compute_full_windows(scalar_bits + 1, WindowBits); 1494| 237| const size_t initial_shift = compute_initial_shift(scalar_bits + 1, WindowBits); 1495| | 1496| 237| BOTAN_DEBUG_ASSERT(full_windows * WindowBits + initial_shift == scalar_bits + 1); ------------------ | | 130| 237| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 237| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 237] | | ------------------ ------------------ 1497| 237| BOTAN_DEBUG_ASSERT(initial_shift > 0); ------------------ | | 130| 237| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 237| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 237] | | ------------------ ------------------ 1498| | 1499| 237| auto accum = ProjectivePoint::identity(); 1500| 237| CT::poison(accum); 1501| | 1502| 27.4k| for(size_t i = 0; i != full_windows; ++i) { ------------------ | Branch (1502:28): [True: 27.2k, False: 237] ------------------ 1503| 27.2k| const size_t idx = scalar_bits - initial_shift - WindowBits * i; 1504| | 1505| 27.2k| const size_t w_i = bits.get_window(idx); 1506| 27.2k| const auto [tidx, tneg] = booth_recode(w_i); 1507| | 1508| | // Conditional ok: loop iteration count is public 1509| 27.2k| if(i == 0) { ------------------ | Branch (1509:16): [True: 237, False: 27.0k] ------------------ 1510| 237| accum = ProjectivePoint::from_affine(m_table.ct_select(tidx)); 1511| 237| accum.conditional_assign(tneg, accum.negate()); 1512| 27.0k| } else { 1513| 27.0k| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1514| 27.0k| } 1515| | 1516| 27.2k| accum = accum.dbl_n(WindowBits); 1517| | 1518| | // Conditional ok: loop iteration count is public 1519| 27.2k| if(i <= 3) { ------------------ | Branch (1519:16): [True: 948, False: 26.3k] ------------------ 1520| 948| accum.randomize_rep(rng); 1521| 948| } 1522| 27.2k| } 1523| | 1524| | // final window (note one bit shorter than previous reads) 1525| 237| const size_t w_l = bits.get_window(0) & ((1 << WindowBits) - 1); 1526| 237| const auto [tidx, tneg] = booth_recode(w_l << 1); 1527| 237| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1528| | 1529| 237| CT::unpoison(accum); 1530| 237| return accum; 1531| 237| } pcurves_secp521r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS3_7P521RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 237| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 237| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 237, Folded] | Branch (1308:33): [True: 237, False: 0] ------------------ 1309| 237| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 237| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 237| constexpr size_t n_words = C::Words; 1313| | 1314| 237| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 237| rng.randomize(maskb, MaskBytes); 1316| | 1317| 237| W mask[n_words] = {0}; 1318| 237| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 237| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 237| if constexpr(ExcessBits > 0) { 1323| 237| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 237| mask[MaskWords - 1] &= ExcessMask; 1325| 237| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 237| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 237| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 237| mask[0] |= 1; 1331| | 1332| 237| W mask_n[2 * n_words] = {0}; 1333| | 1334| 237| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 237| comba_mul(mask_n, mask, C::NW.data()); 1338| 237| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 237| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 237| m_bytes = store_be>(mask_n); 1342| 237| m_bits = C::Scalar::BITS + BlindingBits; 1343| 237| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 237| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 237| } pcurves_secp521r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6EE4bitsEv: 1305| 237| size_t bits() const { return m_bits; } pcurves_secp521r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm4EE20compute_full_windowsEmm: 1468| 237| static constexpr size_t compute_full_windows(size_t sb, size_t wb) { 1469| 237| if(sb % wb == 0) { ------------------ | Branch (1469:13): [True: 0, False: 237] ------------------ 1470| 0| return (sb - 1) / wb; 1471| 237| } else { 1472| 237| return sb / wb; 1473| 237| } 1474| 237| } pcurves_secp521r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm4EE21compute_initial_shiftEmm: 1476| 237| static constexpr size_t compute_initial_shift(size_t sb, size_t wb) { 1477| 237| if(sb % wb == 0) { ------------------ | Branch (1477:13): [True: 0, False: 237] ------------------ 1478| 0| return wb; 1479| 237| } else { 1480| 237| return sb - (sb / wb) * wb; 1481| 237| } 1482| 237| } pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E8identityEv: 1038| 237| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::one(), FieldElement::zero()); } pcurves_secp521r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6EE10get_windowEm: 1353| 27.4k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 27.4k| return read_window_bits(std::span{m_bytes}, offset); 1356| 27.4k| } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E5dbl_nEm: 1108| 27.2k| constexpr Self dbl_n(size_t n) const { 1109| 27.2k| if constexpr(Self::A_is_minus_3) { 1110| 27.2k| return dbl_n_a_minus_3(*this, n); 1111| | } else if constexpr(Self::A_is_zero) { 1112| | return dbl_n_a_zero(*this, n); 1113| | } else { 1114| | return dbl_n_generic(*this, A, n); 1115| | } 1116| 27.2k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4div2Ev: 302| 27.2k| Self div2() const { 303| | // The inverse of 2 modulo P is (P/2)+1; this avoids a constexpr time 304| | // general inversion, which some compilers can't handle 305| 27.2k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 306| | 307| | // We could multiply by INV_2 but there is a better way ... 308| | 309| 27.2k| std::array t = value(); 310| 27.2k| const W borrow = shift_right<1>(t); 311| | 312| | // If value was odd, add (P/2)+1 313| 27.2k| const auto mask = CT::Mask::expand(borrow).value(); 314| | 315| 27.2k| W carry = 0; 316| | 317| 272k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (317:28): [True: 245k, False: 27.2k] ------------------ 318| 245k| t[i] = word_add(t[i], INV_2[i] & mask, &carry); 319| 245k| } 320| | 321| 27.2k| return Self(t); 322| 27.2k| } pcurves_secp521r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6EED2Ev: 1358| 237| ~BlindedScalarBits() { 1359| 237| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 237| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 237| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE7is_zeroEv: 225| 796| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEeqERKSA_: 722| 933| constexpr CT::Choice operator==(const Self& other) const { 723| 933| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 933| } pcurves_secp521r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE8identityEv: 921| 1| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::zero()); } pcurves_secp521r1.cpp:_ZN5Botan13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS3_7P521RepEE7x3_ax_bERKNS_6IntModINS5_INS6_11FieldParamsEEEEE: 1275| 933| static constexpr FieldElement x3_ax_b(const FieldElement& x) { return (x.square() + A) * x + B; } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE12correct_signENS_2CT6ChoiceE: 248| 237| constexpr Self correct_sign(CT::Choice even) const { 249| 237| const auto flip = (even != this->is_even()); 250| 237| return Self::choose(flip, this->negate(), *this); 251| 237| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE7is_evenEv: 240| 237| constexpr CT::Choice is_even() const { 241| 237| auto v = Rep::from_rep(m_val); 242| 237| return !CT::Choice::from_int(v[0] & 0x01); 243| 237| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6chooseENS_2CT6ChoiceERKSA_SE_: 256| 237| static constexpr Self choose(CT::Choice choice, const Self& x, const Self& y) { 257| 237| auto r = y; 258| 237| r.conditional_assign(choice, x); 259| 237| return r; 260| 237| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 398| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 398| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 398] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 398| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 398| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 398] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 398| return Self::from_words(words); 807| 398| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE10from_wordsILm9EEESB_NSt3__15arrayImXT_EEE: 211| 398| static constexpr Self from_words(std::array w) { 212| 398| if constexpr(L == N) { 213| 398| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 398| } pcurves_secp521r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS4_7P521RepEE12ScalarParamsEE6to_repERKNSt3__15arrayImLm9EEE: 115| 398| constexpr static std::array to_rep(const std::array& x) { 116| 398| std::array z; // NOLINT(*-member-init) 117| 398| comba_mul(z.data(), x.data(), R2.data()); 118| 398| return Self::redc(z); 119| 398| } pcurves_secp521r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE12serialize_toENSt3__14spanIhLm133EEE: 941| 1.34k| constexpr void serialize_to(std::span bytes) const { 942| 1.34k| BOTAN_STATE_CHECK(this->is_identity().as_bool() == false); ------------------ | | 51| 1.34k| do { \ | | 52| 1.34k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 1.34k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 1.34k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 1.34k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 1.34k] | | ------------------ ------------------ 943| 1.34k| BufferStuffer pack(bytes); 944| 1.34k| pack.append(0x04); 945| 1.34k| x().serialize_to(pack.next()); 946| 1.34k| y().serialize_to(pack.next()); 947| 1.34k| BOTAN_DEBUG_ASSERT(pack.full()); ------------------ | | 130| 1.34k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 1.34k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 1.34k] | | ------------------ ------------------ 948| 1.34k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 398| static Self random(RandomNumberGenerator& rng) { 852| 398| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 398| std::array buf{}; 855| | 856| 398| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 398, False: 0] ------------------ 857| 398| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| 398| if constexpr(Self::BITS % 8 != 0) { 862| 398| constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| 398| buf[0] &= mask; 864| 398| } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 398| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 398, False: 0] ------------------ 868| 398| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 398, False: 0] ------------------ 869| 398| return s.value(); 870| 398| } 871| 398| } 872| 398| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 398| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE10is_nonzeroEv: 230| 398| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_brainpool256r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 50| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 49, False: 1] ------------------ 270| 49| table.push_back(accum); 271| | 272| 1.56k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 1.51k, False: 49] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 1.51k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 784, False: 735] ------------------ 275| 784| table.emplace_back(table[i + j / 2].dbl()); 276| 784| } else { 277| 735| table.emplace_back(table[i + j - 1] + table[i]); 278| 735| } 279| 1.51k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 49| accum = table[i + WindowElements - 1].dbl(); 284| 49| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_brainpool256r1.cpp:_ZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorE: 308| 662| RandomNumberGenerator& rng) { 309| 662| static constexpr size_t WindowElements = 1 << (WindowBits - 1); 310| | 311| 662| const size_t windows = (scalar.bits() + WindowBits) / WindowBits; 312| | 313| 662| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 662| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 662| const size_t raw = w_bits << 1; 317| 662| const auto [tidx, tneg] = booth_recode(raw); 318| 662| const auto tbl_0 = table.first(WindowElements); 319| | 320| 662| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 662| pt.conditional_assign(tneg, pt.negate()); 322| 662| CT::poison(pt); 323| 662| pt.randomize_rep(rng); 324| 662| return pt; 325| 662| }(); 326| | 327| 32.4k| for(size_t i = 1; i != windows; ++i) { ------------------ | Branch (327:22): [True: 31.7k, False: 662] ------------------ 328| | // Extract W+1 bits overlapping by 1 with the previous window 329| 31.7k| const size_t bit_pos = WindowBits * i - 1; 330| 31.7k| const size_t raw = scalar.get_window(bit_pos); 331| 31.7k| const auto [tidx, tneg] = booth_recode(raw); 332| | 333| 31.7k| const auto tbl_i = table.subspan(WindowElements * i, WindowElements); 334| | 335| 31.7k| accum = C::ProjectivePoint::add_or_sub(accum, C::AffinePoint::ct_select(tbl_i, tidx), tneg); 336| | 337| | // Conditional ok: loop iteration count is public 338| 31.7k| if(i <= 3) { ------------------ | Branch (338:10): [True: 1.98k, False: 29.7k] ------------------ 339| 1.98k| accum.randomize_rep(rng); 340| 1.98k| } 341| 31.7k| } 342| | 343| 662| CT::unpoison(accum); 344| 662| return accum; 345| 662|} pcurves_brainpool256r1.cpp:_ZZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorEENKUlvE_clEv: 313| 662| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 662| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 662| const size_t raw = w_bits << 1; 317| 662| const auto [tidx, tneg] = booth_recode(raw); 318| 662| const auto tbl_0 = table.first(WindowElements); 319| | 320| 662| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 662| pt.conditional_assign(tneg, pt.negate()); 322| 662| CT::poison(pt); 323| 662| pt.randomize_rep(rng); 324| 662| return pt; 325| 662| }(); _ZN5Botan12booth_recodeILm6ETkNSt3__117unsigned_integralEmEENS1_4pairImNS_2CT6ChoiceEEET0_: 294| 193k|constexpr std::pair booth_recode(T x) { 295| 193k| static_assert(WindowBits >= 1 && WindowBits <= 8); 296| | 297| 193k| auto s_mask = CT::Mask::expand(x >> WindowBits); 298| 193k| const T neg_x = (1 << (WindowBits + 1)) - x - 1; 299| 193k| T d = s_mask.select(neg_x, x); 300| 193k| d = (d >> 1) + (d & 1); 301| | 302| 193k| return std::make_pair(static_cast(d), s_mask.as_choice()); 303| 193k|} pcurves_brainpool256r1.cpp:_ZN5Botan14varpoint_setupINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm16EEENS_16AffinePointTableIT_Lm0EEERKNS6_11AffinePointE: 351| 514|AffinePointTable varpoint_setup(const typename C::AffinePoint& p) { 352| 514| static_assert(TableSize > 2); 353| | 354| 514| std::vector table; 355| 514| table.reserve(TableSize); 356| 514| table.push_back(C::ProjectivePoint::from_affine(p)); 357| | 358| 8.22k| for(size_t i = 1; i != TableSize; ++i) { ------------------ | Branch (358:22): [True: 7.71k, False: 514] ------------------ 359| | // Conditional ok: loop iteration count is public 360| 7.71k| if(i % 2 == 1) { ------------------ | Branch (360:10): [True: 4.11k, False: 3.59k] ------------------ 361| 4.11k| table.push_back(table[i / 2].dbl()); 362| 4.11k| } else { 363| 3.59k| table.push_back(table[i - 1] + p); 364| 3.59k| } 365| 7.71k| } 366| | 367| 514| return AffinePointTable(table); 368| 514|} pcurves_brainpool256r1.cpp:_ZN5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm0EEC2ENSt3__14spanIKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsESA_E11FieldParamsEEEEESC_EELm18446744073709551615EEE: 70| 514| explicit AffinePointTable(std::span pts) { 71| 514| BOTAN_ASSERT_NOMSG(pts.size() > 1); ------------------ | | 77| 514| do { \ | | 78| 514| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 514| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 514] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 514| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 514] | | ------------------ ------------------ 72| | 73| | if constexpr(R > 0) { 74| | BOTAN_ASSERT_NOMSG(pts.size() % R == 0); 75| | } 76| | 77| | // TODO scatter/gather with SIMD lookup 78| 514| m_table = to_affine_batch(pts); 79| 514| } _ZN5Botan12booth_recodeILm5ETkNSt3__117unsigned_integralEmEENS1_4pairImNS_2CT6ChoiceEEET0_: 294| 134k|constexpr std::pair booth_recode(T x) { 295| 134k| static_assert(WindowBits >= 1 && WindowBits <= 8); 296| | 297| 134k| auto s_mask = CT::Mask::expand(x >> WindowBits); 298| 134k| const T neg_x = (1 << (WindowBits + 1)) - x - 1; 299| 134k| T d = s_mask.select(neg_x, x); 300| 134k| d = (d >> 1) + (d & 1); 301| | 302| 134k| return std::make_pair(static_cast(d), s_mask.as_choice()); 303| 134k|} pcurves_brainpool256r1.cpp:_ZNK5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm0EE9ct_selectEmQL_ZNS_16AffinePointTable16WholeRangeSearchEE: 86| 29.8k| { 87| 29.8k| BOTAN_DEBUG_ASSERT(idx < m_table.size() + 1); ------------------ | | 130| 29.8k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 29.8k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 29.8k] | | ------------------ ------------------ 88| | 89| 29.8k| auto result = AffinePoint::identity(m_table[0]); 90| | 91| | // Intentionally wrapping; set to maximum size_t if idx == 0 92| 29.8k| const size_t idx1 = static_cast(idx - 1); 93| 506k| for(size_t i = 0; i != m_table.size(); ++i) { ------------------ | Branch (93:28): [True: 476k, False: 29.8k] ------------------ 94| 476k| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 95| 476k| result.conditional_assign(found, m_table[i]); 96| 476k| } 97| | 98| 29.8k| return result; 99| 29.8k| } pcurves_brainpool384r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 74| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 73, False: 1] ------------------ 270| 73| table.push_back(accum); 271| | 272| 2.33k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 2.26k, False: 73] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 2.26k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 1.16k, False: 1.09k] ------------------ 275| 1.16k| table.emplace_back(table[i + j / 2].dbl()); 276| 1.16k| } else { 277| 1.09k| table.emplace_back(table[i + j - 1] + table[i]); 278| 1.09k| } 279| 2.26k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 73| accum = table[i + WindowElements - 1].dbl(); 284| 73| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_brainpool384r1.cpp:_ZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorE: 308| 433| RandomNumberGenerator& rng) { 309| 433| static constexpr size_t WindowElements = 1 << (WindowBits - 1); 310| | 311| 433| const size_t windows = (scalar.bits() + WindowBits) / WindowBits; 312| | 313| 433| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 433| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 433| const size_t raw = w_bits << 1; 317| 433| const auto [tidx, tneg] = booth_recode(raw); 318| 433| const auto tbl_0 = table.first(WindowElements); 319| | 320| 433| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 433| pt.conditional_assign(tneg, pt.negate()); 322| 433| CT::poison(pt); 323| 433| pt.randomize_rep(rng); 324| 433| return pt; 325| 433| }(); 326| | 327| 31.6k| for(size_t i = 1; i != windows; ++i) { ------------------ | Branch (327:22): [True: 31.1k, False: 433] ------------------ 328| | // Extract W+1 bits overlapping by 1 with the previous window 329| 31.1k| const size_t bit_pos = WindowBits * i - 1; 330| 31.1k| const size_t raw = scalar.get_window(bit_pos); 331| 31.1k| const auto [tidx, tneg] = booth_recode(raw); 332| | 333| 31.1k| const auto tbl_i = table.subspan(WindowElements * i, WindowElements); 334| | 335| 31.1k| accum = C::ProjectivePoint::add_or_sub(accum, C::AffinePoint::ct_select(tbl_i, tidx), tneg); 336| | 337| | // Conditional ok: loop iteration count is public 338| 31.1k| if(i <= 3) { ------------------ | Branch (338:10): [True: 1.29k, False: 29.8k] ------------------ 339| 1.29k| accum.randomize_rep(rng); 340| 1.29k| } 341| 31.1k| } 342| | 343| 433| CT::unpoison(accum); 344| 433| return accum; 345| 433|} pcurves_brainpool384r1.cpp:_ZZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorEENKUlvE_clEv: 313| 433| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 433| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 433| const size_t raw = w_bits << 1; 317| 433| const auto [tidx, tneg] = booth_recode(raw); 318| 433| const auto tbl_0 = table.first(WindowElements); 319| | 320| 433| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 433| pt.conditional_assign(tneg, pt.negate()); 322| 433| CT::poison(pt); 323| 433| pt.randomize_rep(rng); 324| 433| return pt; 325| 433| }(); pcurves_brainpool384r1.cpp:_ZN5Botan14varpoint_setupINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm16EEENS_16AffinePointTableIT_Lm0EEERKNS6_11AffinePointE: 351| 168|AffinePointTable varpoint_setup(const typename C::AffinePoint& p) { 352| 168| static_assert(TableSize > 2); 353| | 354| 168| std::vector table; 355| 168| table.reserve(TableSize); 356| 168| table.push_back(C::ProjectivePoint::from_affine(p)); 357| | 358| 2.68k| for(size_t i = 1; i != TableSize; ++i) { ------------------ | Branch (358:22): [True: 2.52k, False: 168] ------------------ 359| | // Conditional ok: loop iteration count is public 360| 2.52k| if(i % 2 == 1) { ------------------ | Branch (360:10): [True: 1.34k, False: 1.17k] ------------------ 361| 1.34k| table.push_back(table[i / 2].dbl()); 362| 1.34k| } else { 363| 1.17k| table.push_back(table[i - 1] + p); 364| 1.17k| } 365| 2.52k| } 366| | 367| 168| return AffinePointTable(table); 368| 168|} pcurves_brainpool384r1.cpp:_ZN5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm0EEC2ENSt3__14spanIKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsESA_E11FieldParamsEEEEESC_EELm18446744073709551615EEE: 70| 168| explicit AffinePointTable(std::span pts) { 71| 168| BOTAN_ASSERT_NOMSG(pts.size() > 1); ------------------ | | 77| 168| do { \ | | 78| 168| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 168| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 168] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 168| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 168] | | ------------------ ------------------ 72| | 73| | if constexpr(R > 0) { 74| | BOTAN_ASSERT_NOMSG(pts.size() % R == 0); 75| | } 76| | 77| | // TODO scatter/gather with SIMD lookup 78| 168| m_table = to_affine_batch(pts); 79| 168| } pcurves_brainpool384r1.cpp:_ZNK5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm0EE9ct_selectEmQL_ZNS_16AffinePointTable16WholeRangeSearchEE: 86| 14.6k| { 87| 14.6k| BOTAN_DEBUG_ASSERT(idx < m_table.size() + 1); ------------------ | | 130| 14.6k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 14.6k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 14.6k] | | ------------------ ------------------ 88| | 89| 14.6k| auto result = AffinePoint::identity(m_table[0]); 90| | 91| | // Intentionally wrapping; set to maximum size_t if idx == 0 92| 14.6k| const size_t idx1 = static_cast(idx - 1); 93| 248k| for(size_t i = 0; i != m_table.size(); ++i) { ------------------ | Branch (93:28): [True: 233k, False: 14.6k] ------------------ 94| 233k| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 95| 233k| result.conditional_assign(found, m_table[i]); 96| 233k| } 97| | 98| 14.6k| return result; 99| 14.6k| } pcurves_brainpool512r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 98| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 97, False: 1] ------------------ 270| 97| table.push_back(accum); 271| | 272| 3.10k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 3.00k, False: 97] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 3.00k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 1.55k, False: 1.45k] ------------------ 275| 1.55k| table.emplace_back(table[i + j / 2].dbl()); 276| 1.55k| } else { 277| 1.45k| table.emplace_back(table[i + j - 1] + table[i]); 278| 1.45k| } 279| 3.00k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 97| accum = table[i + WindowElements - 1].dbl(); 284| 97| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_brainpool512r1.cpp:_ZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorE: 308| 360| RandomNumberGenerator& rng) { 309| 360| static constexpr size_t WindowElements = 1 << (WindowBits - 1); 310| | 311| 360| const size_t windows = (scalar.bits() + WindowBits) / WindowBits; 312| | 313| 360| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 360| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 360| const size_t raw = w_bits << 1; 317| 360| const auto [tidx, tneg] = booth_recode(raw); 318| 360| const auto tbl_0 = table.first(WindowElements); 319| | 320| 360| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 360| pt.conditional_assign(tneg, pt.negate()); 322| 360| CT::poison(pt); 323| 360| pt.randomize_rep(rng); 324| 360| return pt; 325| 360| }(); 326| | 327| 34.9k| for(size_t i = 1; i != windows; ++i) { ------------------ | Branch (327:22): [True: 34.5k, False: 360] ------------------ 328| | // Extract W+1 bits overlapping by 1 with the previous window 329| 34.5k| const size_t bit_pos = WindowBits * i - 1; 330| 34.5k| const size_t raw = scalar.get_window(bit_pos); 331| 34.5k| const auto [tidx, tneg] = booth_recode(raw); 332| | 333| 34.5k| const auto tbl_i = table.subspan(WindowElements * i, WindowElements); 334| | 335| 34.5k| accum = C::ProjectivePoint::add_or_sub(accum, C::AffinePoint::ct_select(tbl_i, tidx), tneg); 336| | 337| | // Conditional ok: loop iteration count is public 338| 34.5k| if(i <= 3) { ------------------ | Branch (338:10): [True: 1.08k, False: 33.4k] ------------------ 339| 1.08k| accum.randomize_rep(rng); 340| 1.08k| } 341| 34.5k| } 342| | 343| 360| CT::unpoison(accum); 344| 360| return accum; 345| 360|} pcurves_brainpool512r1.cpp:_ZZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorEENKUlvE_clEv: 313| 360| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 360| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 360| const size_t raw = w_bits << 1; 317| 360| const auto [tidx, tneg] = booth_recode(raw); 318| 360| const auto tbl_0 = table.first(WindowElements); 319| | 320| 360| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 360| pt.conditional_assign(tneg, pt.negate()); 322| 360| CT::poison(pt); 323| 360| pt.randomize_rep(rng); 324| 360| return pt; 325| 360| }(); pcurves_brainpool512r1.cpp:_ZN5Botan14varpoint_setupINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm16EEENS_16AffinePointTableIT_Lm0EEERKNS6_11AffinePointE: 351| 150|AffinePointTable varpoint_setup(const typename C::AffinePoint& p) { 352| 150| static_assert(TableSize > 2); 353| | 354| 150| std::vector table; 355| 150| table.reserve(TableSize); 356| 150| table.push_back(C::ProjectivePoint::from_affine(p)); 357| | 358| 2.40k| for(size_t i = 1; i != TableSize; ++i) { ------------------ | Branch (358:22): [True: 2.25k, False: 150] ------------------ 359| | // Conditional ok: loop iteration count is public 360| 2.25k| if(i % 2 == 1) { ------------------ | Branch (360:10): [True: 1.20k, False: 1.05k] ------------------ 361| 1.20k| table.push_back(table[i / 2].dbl()); 362| 1.20k| } else { 363| 1.05k| table.push_back(table[i - 1] + p); 364| 1.05k| } 365| 2.25k| } 366| | 367| 150| return AffinePointTable(table); 368| 150|} pcurves_brainpool512r1.cpp:_ZN5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm0EEC2ENSt3__14spanIKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsESA_E11FieldParamsEEEEESC_EELm18446744073709551615EEE: 70| 150| explicit AffinePointTable(std::span pts) { 71| 150| BOTAN_ASSERT_NOMSG(pts.size() > 1); ------------------ | | 77| 150| do { \ | | 78| 150| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 150| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 150] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 150| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 150] | | ------------------ ------------------ 72| | 73| | if constexpr(R > 0) { 74| | BOTAN_ASSERT_NOMSG(pts.size() % R == 0); 75| | } 76| | 77| | // TODO scatter/gather with SIMD lookup 78| 150| m_table = to_affine_batch(pts); 79| 150| } pcurves_brainpool512r1.cpp:_ZNK5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm0EE9ct_selectEmQL_ZNS_16AffinePointTable16WholeRangeSearchEE: 86| 17.4k| { 87| 17.4k| BOTAN_DEBUG_ASSERT(idx < m_table.size() + 1); ------------------ | | 130| 17.4k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 17.4k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 17.4k] | | ------------------ ------------------ 88| | 89| 17.4k| auto result = AffinePoint::identity(m_table[0]); 90| | 91| | // Intentionally wrapping; set to maximum size_t if idx == 0 92| 17.4k| const size_t idx1 = static_cast(idx - 1); 93| 295k| for(size_t i = 0; i != m_table.size(); ++i) { ------------------ | Branch (93:28): [True: 278k, False: 17.4k] ------------------ 94| 278k| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 95| 278k| result.conditional_assign(found, m_table[i]); 96| 278k| } 97| | 98| 17.4k| return result; 99| 17.4k| } pcurves_secp256r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 50| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 49, False: 1] ------------------ 270| 49| table.push_back(accum); 271| | 272| 1.56k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 1.51k, False: 49] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 1.51k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 784, False: 735] ------------------ 275| 784| table.emplace_back(table[i + j / 2].dbl()); 276| 784| } else { 277| 735| table.emplace_back(table[i + j - 1] + table[i]); 278| 735| } 279| 1.51k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 49| accum = table[i + WindowElements - 1].dbl(); 284| 49| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_secp256r1.cpp:_ZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorE: 308| 454| RandomNumberGenerator& rng) { 309| 454| static constexpr size_t WindowElements = 1 << (WindowBits - 1); 310| | 311| 454| const size_t windows = (scalar.bits() + WindowBits) / WindowBits; 312| | 313| 454| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 454| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 454| const size_t raw = w_bits << 1; 317| 454| const auto [tidx, tneg] = booth_recode(raw); 318| 454| const auto tbl_0 = table.first(WindowElements); 319| | 320| 454| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 454| pt.conditional_assign(tneg, pt.negate()); 322| 454| CT::poison(pt); 323| 454| pt.randomize_rep(rng); 324| 454| return pt; 325| 454| }(); 326| | 327| 22.2k| for(size_t i = 1; i != windows; ++i) { ------------------ | Branch (327:22): [True: 21.7k, False: 454] ------------------ 328| | // Extract W+1 bits overlapping by 1 with the previous window 329| 21.7k| const size_t bit_pos = WindowBits * i - 1; 330| 21.7k| const size_t raw = scalar.get_window(bit_pos); 331| 21.7k| const auto [tidx, tneg] = booth_recode(raw); 332| | 333| 21.7k| const auto tbl_i = table.subspan(WindowElements * i, WindowElements); 334| | 335| 21.7k| accum = C::ProjectivePoint::add_or_sub(accum, C::AffinePoint::ct_select(tbl_i, tidx), tneg); 336| | 337| | // Conditional ok: loop iteration count is public 338| 21.7k| if(i <= 3) { ------------------ | Branch (338:10): [True: 1.36k, False: 20.4k] ------------------ 339| 1.36k| accum.randomize_rep(rng); 340| 1.36k| } 341| 21.7k| } 342| | 343| 454| CT::unpoison(accum); 344| 454| return accum; 345| 454|} pcurves_secp256r1.cpp:_ZZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorEENKUlvE_clEv: 313| 454| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 454| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 454| const size_t raw = w_bits << 1; 317| 454| const auto [tidx, tneg] = booth_recode(raw); 318| 454| const auto tbl_0 = table.first(WindowElements); 319| | 320| 454| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 454| pt.conditional_assign(tneg, pt.negate()); 322| 454| CT::poison(pt); 323| 454| pt.randomize_rep(rng); 324| 454| return pt; 325| 454| }(); pcurves_secp256r1.cpp:_ZN5Botan14varpoint_setupINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm16EEENS_16AffinePointTableIT_Lm0EEERKNS6_11AffinePointE: 351| 328|AffinePointTable varpoint_setup(const typename C::AffinePoint& p) { 352| 328| static_assert(TableSize > 2); 353| | 354| 328| std::vector table; 355| 328| table.reserve(TableSize); 356| 328| table.push_back(C::ProjectivePoint::from_affine(p)); 357| | 358| 5.24k| for(size_t i = 1; i != TableSize; ++i) { ------------------ | Branch (358:22): [True: 4.92k, False: 328] ------------------ 359| | // Conditional ok: loop iteration count is public 360| 4.92k| if(i % 2 == 1) { ------------------ | Branch (360:10): [True: 2.62k, False: 2.29k] ------------------ 361| 2.62k| table.push_back(table[i / 2].dbl()); 362| 2.62k| } else { 363| 2.29k| table.push_back(table[i - 1] + p); 364| 2.29k| } 365| 4.92k| } 366| | 367| 328| return AffinePointTable(table); 368| 328|} pcurves_secp256r1.cpp:_ZN5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm0EEC2ENSt3__14spanIKNS_20ProjectiveCurvePointINS_6IntModINS2_12Secp256r1RepINS_13EllipticCurveINS3_6ParamsESA_E11FieldParamsEEEEESC_EELm18446744073709551615EEE: 70| 328| explicit AffinePointTable(std::span pts) { 71| 328| BOTAN_ASSERT_NOMSG(pts.size() > 1); ------------------ | | 77| 328| do { \ | | 78| 328| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 328| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 328] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 328| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 328] | | ------------------ ------------------ 72| | 73| | if constexpr(R > 0) { 74| | BOTAN_ASSERT_NOMSG(pts.size() % R == 0); 75| | } 76| | 77| | // TODO scatter/gather with SIMD lookup 78| 328| m_table = to_affine_batch(pts); 79| 328| } pcurves_secp256r1.cpp:_ZNK5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm0EE9ct_selectEmQL_ZNS_16AffinePointTable16WholeRangeSearchEE: 86| 19.0k| { 87| 19.0k| BOTAN_DEBUG_ASSERT(idx < m_table.size() + 1); ------------------ | | 130| 19.0k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 19.0k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 19.0k] | | ------------------ ------------------ 88| | 89| 19.0k| auto result = AffinePoint::identity(m_table[0]); 90| | 91| | // Intentionally wrapping; set to maximum size_t if idx == 0 92| 19.0k| const size_t idx1 = static_cast(idx - 1); 93| 323k| for(size_t i = 0; i != m_table.size(); ++i) { ------------------ | Branch (93:28): [True: 304k, False: 19.0k] ------------------ 94| 304k| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 95| 304k| result.conditional_assign(found, m_table[i]); 96| 304k| } 97| | 98| 19.0k| return result; 99| 19.0k| } pcurves_secp384r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 74| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 73, False: 1] ------------------ 270| 73| table.push_back(accum); 271| | 272| 2.33k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 2.26k, False: 73] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 2.26k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 1.16k, False: 1.09k] ------------------ 275| 1.16k| table.emplace_back(table[i + j / 2].dbl()); 276| 1.16k| } else { 277| 1.09k| table.emplace_back(table[i + j - 1] + table[i]); 278| 1.09k| } 279| 2.26k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 73| accum = table[i + WindowElements - 1].dbl(); 284| 73| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_secp384r1.cpp:_ZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorE: 308| 464| RandomNumberGenerator& rng) { 309| 464| static constexpr size_t WindowElements = 1 << (WindowBits - 1); 310| | 311| 464| const size_t windows = (scalar.bits() + WindowBits) / WindowBits; 312| | 313| 464| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 464| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 464| const size_t raw = w_bits << 1; 317| 464| const auto [tidx, tneg] = booth_recode(raw); 318| 464| const auto tbl_0 = table.first(WindowElements); 319| | 320| 464| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 464| pt.conditional_assign(tneg, pt.negate()); 322| 464| CT::poison(pt); 323| 464| pt.randomize_rep(rng); 324| 464| return pt; 325| 464| }(); 326| | 327| 33.8k| for(size_t i = 1; i != windows; ++i) { ------------------ | Branch (327:22): [True: 33.4k, False: 464] ------------------ 328| | // Extract W+1 bits overlapping by 1 with the previous window 329| 33.4k| const size_t bit_pos = WindowBits * i - 1; 330| 33.4k| const size_t raw = scalar.get_window(bit_pos); 331| 33.4k| const auto [tidx, tneg] = booth_recode(raw); 332| | 333| 33.4k| const auto tbl_i = table.subspan(WindowElements * i, WindowElements); 334| | 335| 33.4k| accum = C::ProjectivePoint::add_or_sub(accum, C::AffinePoint::ct_select(tbl_i, tidx), tneg); 336| | 337| | // Conditional ok: loop iteration count is public 338| 33.4k| if(i <= 3) { ------------------ | Branch (338:10): [True: 1.39k, False: 32.0k] ------------------ 339| 1.39k| accum.randomize_rep(rng); 340| 1.39k| } 341| 33.4k| } 342| | 343| 464| CT::unpoison(accum); 344| 464| return accum; 345| 464|} pcurves_secp384r1.cpp:_ZZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorEENKUlvE_clEv: 313| 464| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 464| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 464| const size_t raw = w_bits << 1; 317| 464| const auto [tidx, tneg] = booth_recode(raw); 318| 464| const auto tbl_0 = table.first(WindowElements); 319| | 320| 464| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 464| pt.conditional_assign(tneg, pt.negate()); 322| 464| CT::poison(pt); 323| 464| pt.randomize_rep(rng); 324| 464| return pt; 325| 464| }(); pcurves_secp384r1.cpp:_ZN5Botan14varpoint_setupINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm16EEENS_16AffinePointTableIT_Lm0EEERKNS6_11AffinePointE: 351| 295|AffinePointTable varpoint_setup(const typename C::AffinePoint& p) { 352| 295| static_assert(TableSize > 2); 353| | 354| 295| std::vector table; 355| 295| table.reserve(TableSize); 356| 295| table.push_back(C::ProjectivePoint::from_affine(p)); 357| | 358| 4.72k| for(size_t i = 1; i != TableSize; ++i) { ------------------ | Branch (358:22): [True: 4.42k, False: 295] ------------------ 359| | // Conditional ok: loop iteration count is public 360| 4.42k| if(i % 2 == 1) { ------------------ | Branch (360:10): [True: 2.36k, False: 2.06k] ------------------ 361| 2.36k| table.push_back(table[i / 2].dbl()); 362| 2.36k| } else { 363| 2.06k| table.push_back(table[i - 1] + p); 364| 2.06k| } 365| 4.42k| } 366| | 367| 295| return AffinePointTable(table); 368| 295|} pcurves_secp384r1.cpp:_ZN5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm0EEC2ENSt3__14spanIKNS_20ProjectiveCurvePointINS_6IntModINS2_12Secp384r1RepINS_13EllipticCurveINS3_6ParamsESA_E11FieldParamsEEEEESC_EELm18446744073709551615EEE: 70| 295| explicit AffinePointTable(std::span pts) { 71| 295| BOTAN_ASSERT_NOMSG(pts.size() > 1); ------------------ | | 77| 295| do { \ | | 78| 295| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 295| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 295] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 295| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 295] | | ------------------ ------------------ 72| | 73| | if constexpr(R > 0) { 74| | BOTAN_ASSERT_NOMSG(pts.size() % R == 0); 75| | } 76| | 77| | // TODO scatter/gather with SIMD lookup 78| 295| m_table = to_affine_batch(pts); 79| 295| } pcurves_secp384r1.cpp:_ZNK5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm0EE9ct_selectEmQL_ZNS_16AffinePointTable16WholeRangeSearchEE: 86| 25.6k| { 87| 25.6k| BOTAN_DEBUG_ASSERT(idx < m_table.size() + 1); ------------------ | | 130| 25.6k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 25.6k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 25.6k] | | ------------------ ------------------ 88| | 89| 25.6k| auto result = AffinePoint::identity(m_table[0]); 90| | 91| | // Intentionally wrapping; set to maximum size_t if idx == 0 92| 25.6k| const size_t idx1 = static_cast(idx - 1); 93| 436k| for(size_t i = 0; i != m_table.size(); ++i) { ------------------ | Branch (93:28): [True: 410k, False: 25.6k] ------------------ 94| 410k| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 95| 410k| result.conditional_assign(found, m_table[i]); 96| 410k| } 97| | 98| 25.6k| return result; 99| 25.6k| } pcurves_secp521r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 98| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 97, False: 1] ------------------ 270| 97| table.push_back(accum); 271| | 272| 3.10k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 3.00k, False: 97] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 3.00k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 1.55k, False: 1.45k] ------------------ 275| 1.55k| table.emplace_back(table[i + j / 2].dbl()); 276| 1.55k| } else { 277| 1.45k| table.emplace_back(table[i + j - 1] + table[i]); 278| 1.45k| } 279| 3.00k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 97| accum = table[i + WindowElements - 1].dbl(); 284| 97| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_secp521r1.cpp:_ZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorE: 308| 398| RandomNumberGenerator& rng) { 309| 398| static constexpr size_t WindowElements = 1 << (WindowBits - 1); 310| | 311| 398| const size_t windows = (scalar.bits() + WindowBits) / WindowBits; 312| | 313| 398| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 398| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 398| const size_t raw = w_bits << 1; 317| 398| const auto [tidx, tneg] = booth_recode(raw); 318| 398| const auto tbl_0 = table.first(WindowElements); 319| | 320| 398| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 398| pt.conditional_assign(tneg, pt.negate()); 322| 398| CT::poison(pt); 323| 398| pt.randomize_rep(rng); 324| 398| return pt; 325| 398| }(); 326| | 327| 38.6k| for(size_t i = 1; i != windows; ++i) { ------------------ | Branch (327:22): [True: 38.2k, False: 398] ------------------ 328| | // Extract W+1 bits overlapping by 1 with the previous window 329| 38.2k| const size_t bit_pos = WindowBits * i - 1; 330| 38.2k| const size_t raw = scalar.get_window(bit_pos); 331| 38.2k| const auto [tidx, tneg] = booth_recode(raw); 332| | 333| 38.2k| const auto tbl_i = table.subspan(WindowElements * i, WindowElements); 334| | 335| 38.2k| accum = C::ProjectivePoint::add_or_sub(accum, C::AffinePoint::ct_select(tbl_i, tidx), tneg); 336| | 337| | // Conditional ok: loop iteration count is public 338| 38.2k| if(i <= 3) { ------------------ | Branch (338:10): [True: 1.19k, False: 37.0k] ------------------ 339| 1.19k| accum.randomize_rep(rng); 340| 1.19k| } 341| 38.2k| } 342| | 343| 398| CT::unpoison(accum); 344| 398| return accum; 345| 398|} pcurves_secp521r1.cpp:_ZZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorEENKUlvE_clEv: 313| 398| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 398| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 398| const size_t raw = w_bits << 1; 317| 398| const auto [tidx, tneg] = booth_recode(raw); 318| 398| const auto tbl_0 = table.first(WindowElements); 319| | 320| 398| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 398| pt.conditional_assign(tneg, pt.negate()); 322| 398| CT::poison(pt); 323| 398| pt.randomize_rep(rng); 324| 398| return pt; 325| 398| }(); pcurves_secp521r1.cpp:_ZN5Botan14varpoint_setupINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm16EEENS_16AffinePointTableIT_Lm0EEERKNS6_11AffinePointE: 351| 237|AffinePointTable varpoint_setup(const typename C::AffinePoint& p) { 352| 237| static_assert(TableSize > 2); 353| | 354| 237| std::vector table; 355| 237| table.reserve(TableSize); 356| 237| table.push_back(C::ProjectivePoint::from_affine(p)); 357| | 358| 3.79k| for(size_t i = 1; i != TableSize; ++i) { ------------------ | Branch (358:22): [True: 3.55k, False: 237] ------------------ 359| | // Conditional ok: loop iteration count is public 360| 3.55k| if(i % 2 == 1) { ------------------ | Branch (360:10): [True: 1.89k, False: 1.65k] ------------------ 361| 1.89k| table.push_back(table[i / 2].dbl()); 362| 1.89k| } else { 363| 1.65k| table.push_back(table[i - 1] + p); 364| 1.65k| } 365| 3.55k| } 366| | 367| 237| return AffinePointTable(table); 368| 237|} pcurves_secp521r1.cpp:_ZN5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm0EEC2ENSt3__14spanIKNS_20ProjectiveCurvePointINS_6IntModINS3_7P521RepINS_13EllipticCurveINS3_6ParamsESA_E11FieldParamsEEEEESC_EELm18446744073709551615EEE: 70| 237| explicit AffinePointTable(std::span pts) { 71| 237| BOTAN_ASSERT_NOMSG(pts.size() > 1); ------------------ | | 77| 237| do { \ | | 78| 237| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 237| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 237] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 237| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 237] | | ------------------ ------------------ 72| | 73| | if constexpr(R > 0) { 74| | BOTAN_ASSERT_NOMSG(pts.size() % R == 0); 75| | } 76| | 77| | // TODO scatter/gather with SIMD lookup 78| 237| m_table = to_affine_batch(pts); 79| 237| } pcurves_secp521r1.cpp:_ZNK5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm0EE9ct_selectEmQL_ZNS_16AffinePointTable16WholeRangeSearchEE: 86| 27.4k| { 87| 27.4k| BOTAN_DEBUG_ASSERT(idx < m_table.size() + 1); ------------------ | | 130| 27.4k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 27.4k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 27.4k] | | ------------------ ------------------ 88| | 89| 27.4k| auto result = AffinePoint::identity(m_table[0]); 90| | 91| | // Intentionally wrapping; set to maximum size_t if idx == 0 92| 27.4k| const size_t idx1 = static_cast(idx - 1); 93| 467k| for(size_t i = 0; i != m_table.size(); ++i) { ------------------ | Branch (93:28): [True: 439k, False: 27.4k] ------------------ 94| 439k| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 95| 439k| result.conditional_assign(found, m_table[i]); 96| 439k| } 97| | 98| 27.4k| return result; 99| 27.4k| } _ZN5Botan10get_uint32ITkNS_8WordTypeEmEEjPKT_m: 33| 84.6M|constexpr uint32_t get_uint32(const W xw[], size_t i) { 34| 84.6M| static_assert(WordInfo::bits == 32 || WordInfo::bits == 64); 35| | 36| | if constexpr(WordInfo::bits == 32) { 37| | return xw[i]; 38| 84.6M| } else { 39| 84.6M| return static_cast(xw[i / 2] >> ((i % 2) * 32)); 40| 84.6M| } 41| 84.6M|} _ZN5Botan12SolinasAccumImLm4EEC2ERNSt3__15arrayImLm4EEE: 50| 1.74M| constexpr explicit SolinasAccum(std::array& r) : m_r(r) {} _ZN5Botan12SolinasAccumImLm4EE5accumEl: 52| 13.9M| constexpr void accum(int64_t v) { 53| 13.9M| BOTAN_DEBUG_ASSERT(m_idx < N32); ------------------ | | 130| 13.9M| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 13.9M| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 13.9M] | | ------------------ ------------------ 54| | 55| 13.9M| m_S += v; 56| 13.9M| const uint32_t r = static_cast(m_S); 57| 13.9M| m_S >>= 32; 58| | 59| | if constexpr(WordInfo::bits == 32) { 60| | m_r[m_idx] = r; 61| 13.9M| } else { 62| 13.9M| m_r[m_idx / 2] |= static_cast(r) << (32 * (m_idx % 2)); 63| 13.9M| } 64| | 65| 13.9M| m_idx += 1; 66| 13.9M| } _ZN5Botan12SolinasAccumImLm4EE11final_carryEl: 68| 1.74M| constexpr W final_carry(int64_t C) { 69| 1.74M| m_S += C; 70| 1.74M| BOTAN_DEBUG_ASSERT(m_S >= 0); ------------------ | | 130| 1.74M| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 1.74M| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 1.74M] | | ------------------ ------------------ 71| 1.74M| return static_cast(m_S); 72| 1.74M| } _ZN5Botan20solinas_correct_redcILm4ETkNS_8WordTypeEmEEvRNSt3__15arrayIT0_XT_EEERKS4_S7_: 84| 1.74M|constexpr inline void solinas_correct_redc(std::array& r, const std::array& P, const std::array& C) { 85| 1.74M| W borrow = 0; 86| 8.73M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (86:22): [True: 6.98M, False: 1.74M] ------------------ 87| 6.98M| r[i] = word_sub(r[i], C[i], &borrow); 88| 6.98M| } 89| | 90| | // borrow is either 0 or 1, perfect for setting up a mask without extra work 91| 1.74M| const W mask = CT::value_barrier(0 - borrow); 92| | 93| 1.74M| W carry = 0; 94| | 95| 8.73M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (95:22): [True: 6.98M, False: 1.74M] ------------------ 96| 6.98M| r[i] = word_add(r[i], P[i] & mask, &carry); 97| 6.98M| } 98| 1.74M|} _ZN5Botan12SolinasAccumImLm6EEC2ERNSt3__15arrayImLm6EEE: 50| 2.36M| constexpr explicit SolinasAccum(std::array& r) : m_r(r) {} _ZN5Botan12SolinasAccumImLm6EE5accumEl: 52| 28.3M| constexpr void accum(int64_t v) { 53| 28.3M| BOTAN_DEBUG_ASSERT(m_idx < N32); ------------------ | | 130| 28.3M| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 28.3M| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 28.3M] | | ------------------ ------------------ 54| | 55| 28.3M| m_S += v; 56| 28.3M| const uint32_t r = static_cast(m_S); 57| 28.3M| m_S >>= 32; 58| | 59| | if constexpr(WordInfo::bits == 32) { 60| | m_r[m_idx] = r; 61| 28.3M| } else { 62| 28.3M| m_r[m_idx / 2] |= static_cast(r) << (32 * (m_idx % 2)); 63| 28.3M| } 64| | 65| 28.3M| m_idx += 1; 66| 28.3M| } _ZN5Botan12SolinasAccumImLm6EE11final_carryEl: 68| 2.36M| constexpr W final_carry(int64_t C) { 69| 2.36M| m_S += C; 70| 2.36M| BOTAN_DEBUG_ASSERT(m_S >= 0); ------------------ | | 130| 2.36M| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 2.36M| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 2.36M] | | ------------------ ------------------ 71| 2.36M| return static_cast(m_S); 72| 2.36M| } _ZN5Botan20solinas_correct_redcILm6ETkNS_8WordTypeEmEEvRNSt3__15arrayIT0_XT_EEERKS4_S7_: 84| 2.36M|constexpr inline void solinas_correct_redc(std::array& r, const std::array& P, const std::array& C) { 85| 2.36M| W borrow = 0; 86| 16.5M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (86:22): [True: 14.1M, False: 2.36M] ------------------ 87| 14.1M| r[i] = word_sub(r[i], C[i], &borrow); 88| 14.1M| } 89| | 90| | // borrow is either 0 or 1, perfect for setting up a mask without extra work 91| 2.36M| const W mask = CT::value_barrier(0 - borrow); 92| | 93| 2.36M| W carry = 0; 94| | 95| 16.5M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (95:22): [True: 14.1M, False: 2.36M] ------------------ 96| 14.1M| r[i] = word_add(r[i], P[i] & mask, &carry); 97| 14.1M| } 98| 2.36M|} _ZN5Botan10monty_redcITkNS_8WordTypeEmLm4EEENSt3__15arrayIT_XT0_EEERKNS2_IS3_XmlLi2ET0_EEERKS4_S3_: 110| 2.85M| -> std::array { 111| 2.85M| static_assert(N >= 1); 112| | 113| 2.85M| std::array ws; // NOLINT(*-member-init) 114| 2.85M| std::array r; // NOLINT(*-member-init) 115| | 116| | // Conditional ok: the parameter size is public 117| 2.85M| if(!std::is_constant_evaluated()) { ------------------ | Branch (117:7): [True: 2.85M, Folded] ------------------ 118| | // This range ensures we cover fields of 256, 384 and 512 bits for both 32 and 64 bit words 119| 2.85M| if constexpr(N == 4) { 120| 2.85M| bigint_monty_redc_4(r.data(), z.data(), p.data(), p_dash, ws.data()); 121| 2.85M| return r; 122| | } else if constexpr(N == 6) { 123| | bigint_monty_redc_6(r.data(), z.data(), p.data(), p_dash, ws.data()); 124| | return r; 125| | } else if constexpr(N == 8) { 126| | bigint_monty_redc_8(r.data(), z.data(), p.data(), p_dash, ws.data()); 127| | return r; 128| | } else if constexpr(N == 12) { 129| | bigint_monty_redc_12(r.data(), z.data(), p.data(), p_dash, ws.data()); 130| | return r; 131| | } else if constexpr(N == 16) { 132| | bigint_monty_redc_16(r.data(), z.data(), p.data(), p_dash, ws.data()); 133| | return r; 134| | } 135| 2.85M| } 136| | 137| 0| word3 accum; 138| | 139| 2.85M| accum.add(z[0]); 140| | 141| 2.85M| ws[0] = accum.monty_step(p[0], p_dash); 142| | 143| 2.85M| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (143:22): [True: 0, False: 2.85M] ------------------ 144| 0| for(size_t j = 0; j < i; ++j) { ------------------ | Branch (144:25): [True: 0, False: 0] ------------------ 145| 0| accum.mul(ws[j], p[i - j]); 146| 0| } 147| | 148| 0| accum.add(z[i]); 149| | 150| 0| ws[i] = accum.monty_step(p[0], p_dash); 151| 0| } 152| | 153| 2.85M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (153:22): [True: 0, False: 2.85M] ------------------ 154| 0| for(size_t j = i + 1; j != N; ++j) { ------------------ | Branch (154:29): [True: 0, False: 0] ------------------ 155| 0| accum.mul(ws[j], p[N + i - j]); 156| 0| } 157| | 158| 0| accum.add(z[N + i]); 159| | 160| 0| ws[i] = accum.extract(); 161| 0| } 162| | 163| 2.85M| accum.add(z[2 * N - 1]); 164| | 165| 2.85M| ws[N - 1] = accum.extract(); 166| | // w1 is the final part, which is not stored in the workspace 167| 2.85M| const W w1 = accum.extract(); 168| | 169| 2.85M| bigint_monty_maybe_sub(r.data(), w1, ws.data(), p.data()); 170| | 171| 2.85M| return r; 172| 2.85M|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm4ELm32EEEDaNSt3__14spanIKhXT1_EEE: 287| 33.6k|inline constexpr auto bytes_to_words(std::span bytes) { 288| 33.6k| static_assert(L <= WordInfo::bytes * N); 289| | 290| 33.6k| std::array r = {}; 291| | 292| 33.6k| constexpr size_t full_words = L / WordInfo::bytes; 293| 33.6k| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 33.6k| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 168k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 134k, False: 33.6k] ------------------ 298| 134k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 134k| } 300| | 301| | if constexpr(extra_bytes > 0) { 302| | constexpr size_t shift = extra_bytes * 8; 303| | shift_left(r); 304| | 305| | for(size_t i = 0; i != extra_bytes; ++i) { 306| | const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| | r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| | } 309| | } 310| | 311| 33.6k| return r; 312| 33.6k|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm8ELm64EEEDaNSt3__14spanIKhXT1_EEE: 287| 4.24k|inline constexpr auto bytes_to_words(std::span bytes) { 288| 4.24k| static_assert(L <= WordInfo::bytes * N); 289| | 290| 4.24k| std::array r = {}; 291| | 292| 4.24k| constexpr size_t full_words = L / WordInfo::bytes; 293| 4.24k| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 4.24k| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 38.1k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 33.9k, False: 4.24k] ------------------ 298| 33.9k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 33.9k| } 300| | 301| | if constexpr(extra_bytes > 0) { 302| | constexpr size_t shift = extra_bytes * 8; 303| | shift_left(r); 304| | 305| | for(size_t i = 0; i != extra_bytes; ++i) { 306| | const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| | r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| | } 309| | } 310| | 311| 4.24k| return r; 312| 4.24k|} _ZN5Botan10monty_redcITkNS_8WordTypeEmLm6EEENSt3__15arrayIT_XT0_EEERKNS2_IS3_XmlLi2ET0_EEERKS4_S3_: 110| 1.70M| -> std::array { 111| 1.70M| static_assert(N >= 1); 112| | 113| 1.70M| std::array ws; // NOLINT(*-member-init) 114| 1.70M| std::array r; // NOLINT(*-member-init) 115| | 116| | // Conditional ok: the parameter size is public 117| 1.70M| if(!std::is_constant_evaluated()) { ------------------ | Branch (117:7): [True: 1.70M, Folded] ------------------ 118| | // This range ensures we cover fields of 256, 384 and 512 bits for both 32 and 64 bit words 119| | if constexpr(N == 4) { 120| | bigint_monty_redc_4(r.data(), z.data(), p.data(), p_dash, ws.data()); 121| | return r; 122| 1.70M| } else if constexpr(N == 6) { 123| 1.70M| bigint_monty_redc_6(r.data(), z.data(), p.data(), p_dash, ws.data()); 124| 1.70M| return r; 125| | } else if constexpr(N == 8) { 126| | bigint_monty_redc_8(r.data(), z.data(), p.data(), p_dash, ws.data()); 127| | return r; 128| | } else if constexpr(N == 12) { 129| | bigint_monty_redc_12(r.data(), z.data(), p.data(), p_dash, ws.data()); 130| | return r; 131| | } else if constexpr(N == 16) { 132| | bigint_monty_redc_16(r.data(), z.data(), p.data(), p_dash, ws.data()); 133| | return r; 134| | } 135| 1.70M| } 136| | 137| 0| word3 accum; 138| | 139| 1.70M| accum.add(z[0]); 140| | 141| 1.70M| ws[0] = accum.monty_step(p[0], p_dash); 142| | 143| 1.70M| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (143:22): [True: 0, False: 1.70M] ------------------ 144| 0| for(size_t j = 0; j < i; ++j) { ------------------ | Branch (144:25): [True: 0, False: 0] ------------------ 145| 0| accum.mul(ws[j], p[i - j]); 146| 0| } 147| | 148| 0| accum.add(z[i]); 149| | 150| 0| ws[i] = accum.monty_step(p[0], p_dash); 151| 0| } 152| | 153| 1.70M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (153:22): [True: 0, False: 1.70M] ------------------ 154| 0| for(size_t j = i + 1; j != N; ++j) { ------------------ | Branch (154:29): [True: 0, False: 0] ------------------ 155| 0| accum.mul(ws[j], p[N + i - j]); 156| 0| } 157| | 158| 0| accum.add(z[N + i]); 159| | 160| 0| ws[i] = accum.extract(); 161| 0| } 162| | 163| 1.70M| accum.add(z[2 * N - 1]); 164| | 165| 1.70M| ws[N - 1] = accum.extract(); 166| | // w1 is the final part, which is not stored in the workspace 167| 1.70M| const W w1 = accum.extract(); 168| | 169| 1.70M| bigint_monty_maybe_sub(r.data(), w1, ws.data(), p.data()); 170| | 171| 1.70M| return r; 172| 1.70M|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm6ELm48EEEDaNSt3__14spanIKhXT1_EEE: 287| 10.4k|inline constexpr auto bytes_to_words(std::span bytes) { 288| 10.4k| static_assert(L <= WordInfo::bytes * N); 289| | 290| 10.4k| std::array r = {}; 291| | 292| 10.4k| constexpr size_t full_words = L / WordInfo::bytes; 293| 10.4k| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 10.4k| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 72.9k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 62.5k, False: 10.4k] ------------------ 298| 62.5k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 62.5k| } 300| | 301| | if constexpr(extra_bytes > 0) { 302| | constexpr size_t shift = extra_bytes * 8; 303| | shift_left(r); 304| | 305| | for(size_t i = 0; i != extra_bytes; ++i) { 306| | const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| | r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| | } 309| | } 310| | 311| 10.4k| return r; 312| 10.4k|} _ZN5Botan10monty_redcITkNS_8WordTypeEmLm8EEENSt3__15arrayIT_XT0_EEERKNS2_IS3_XmlLi2ET0_EEERKS4_S3_: 110| 1.96M| -> std::array { 111| 1.96M| static_assert(N >= 1); 112| | 113| 1.96M| std::array ws; // NOLINT(*-member-init) 114| 1.96M| std::array r; // NOLINT(*-member-init) 115| | 116| | // Conditional ok: the parameter size is public 117| 1.96M| if(!std::is_constant_evaluated()) { ------------------ | Branch (117:7): [True: 1.96M, Folded] ------------------ 118| | // This range ensures we cover fields of 256, 384 and 512 bits for both 32 and 64 bit words 119| | if constexpr(N == 4) { 120| | bigint_monty_redc_4(r.data(), z.data(), p.data(), p_dash, ws.data()); 121| | return r; 122| | } else if constexpr(N == 6) { 123| | bigint_monty_redc_6(r.data(), z.data(), p.data(), p_dash, ws.data()); 124| | return r; 125| 1.96M| } else if constexpr(N == 8) { 126| 1.96M| bigint_monty_redc_8(r.data(), z.data(), p.data(), p_dash, ws.data()); 127| 1.96M| return r; 128| | } else if constexpr(N == 12) { 129| | bigint_monty_redc_12(r.data(), z.data(), p.data(), p_dash, ws.data()); 130| | return r; 131| | } else if constexpr(N == 16) { 132| | bigint_monty_redc_16(r.data(), z.data(), p.data(), p_dash, ws.data()); 133| | return r; 134| | } 135| 1.96M| } 136| | 137| 0| word3 accum; 138| | 139| 1.96M| accum.add(z[0]); 140| | 141| 1.96M| ws[0] = accum.monty_step(p[0], p_dash); 142| | 143| 1.96M| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (143:22): [True: 0, False: 1.96M] ------------------ 144| 0| for(size_t j = 0; j < i; ++j) { ------------------ | Branch (144:25): [True: 0, False: 0] ------------------ 145| 0| accum.mul(ws[j], p[i - j]); 146| 0| } 147| | 148| 0| accum.add(z[i]); 149| | 150| 0| ws[i] = accum.monty_step(p[0], p_dash); 151| 0| } 152| | 153| 1.96M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (153:22): [True: 0, False: 1.96M] ------------------ 154| 0| for(size_t j = i + 1; j != N; ++j) { ------------------ | Branch (154:29): [True: 0, False: 0] ------------------ 155| 0| accum.mul(ws[j], p[N + i - j]); 156| 0| } 157| | 158| 0| accum.add(z[N + i]); 159| | 160| 0| ws[i] = accum.extract(); 161| 0| } 162| | 163| 1.96M| accum.add(z[2 * N - 1]); 164| | 165| 1.96M| ws[N - 1] = accum.extract(); 166| | // w1 is the final part, which is not stored in the workspace 167| 1.96M| const W w1 = accum.extract(); 168| | 169| 1.96M| bigint_monty_maybe_sub(r.data(), w1, ws.data(), p.data()); 170| | 171| 1.96M| return r; 172| 1.96M|} _ZN5Botan10monty_redcITkNS_8WordTypeEmLm9EEENSt3__15arrayIT_XT0_EEERKNS2_IS3_XmlLi2ET0_EEERKS4_S3_: 110| 1.43k| -> std::array { 111| 1.43k| static_assert(N >= 1); 112| | 113| 1.43k| std::array ws; // NOLINT(*-member-init) 114| 1.43k| std::array r; // NOLINT(*-member-init) 115| | 116| | // Conditional ok: the parameter size is public 117| 1.43k| if(!std::is_constant_evaluated()) { ------------------ | Branch (117:7): [True: 1.43k, Folded] ------------------ 118| | // This range ensures we cover fields of 256, 384 and 512 bits for both 32 and 64 bit words 119| | if constexpr(N == 4) { 120| | bigint_monty_redc_4(r.data(), z.data(), p.data(), p_dash, ws.data()); 121| | return r; 122| | } else if constexpr(N == 6) { 123| | bigint_monty_redc_6(r.data(), z.data(), p.data(), p_dash, ws.data()); 124| | return r; 125| | } else if constexpr(N == 8) { 126| | bigint_monty_redc_8(r.data(), z.data(), p.data(), p_dash, ws.data()); 127| | return r; 128| | } else if constexpr(N == 12) { 129| | bigint_monty_redc_12(r.data(), z.data(), p.data(), p_dash, ws.data()); 130| | return r; 131| 1.43k| } else if constexpr(N == 16) { 132| 1.43k| bigint_monty_redc_16(r.data(), z.data(), p.data(), p_dash, ws.data()); 133| 1.43k| return r; 134| 1.43k| } 135| 1.43k| } 136| | 137| 1.43k| word3 accum; 138| | 139| 1.43k| accum.add(z[0]); 140| | 141| 1.43k| ws[0] = accum.monty_step(p[0], p_dash); 142| | 143| 12.8k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (143:22): [True: 11.4k, False: 1.43k] ------------------ 144| 62.9k| for(size_t j = 0; j < i; ++j) { ------------------ | Branch (144:25): [True: 51.5k, False: 11.4k] ------------------ 145| 51.5k| accum.mul(ws[j], p[i - j]); 146| 51.5k| } 147| | 148| 11.4k| accum.add(z[i]); 149| | 150| 11.4k| ws[i] = accum.monty_step(p[0], p_dash); 151| 11.4k| } 152| | 153| 12.8k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (153:22): [True: 11.4k, False: 1.43k] ------------------ 154| 62.9k| for(size_t j = i + 1; j != N; ++j) { ------------------ | Branch (154:29): [True: 51.5k, False: 11.4k] ------------------ 155| 51.5k| accum.mul(ws[j], p[N + i - j]); 156| 51.5k| } 157| | 158| 11.4k| accum.add(z[N + i]); 159| | 160| 11.4k| ws[i] = accum.extract(); 161| 11.4k| } 162| | 163| 1.43k| accum.add(z[2 * N - 1]); 164| | 165| 1.43k| ws[N - 1] = accum.extract(); 166| | // w1 is the final part, which is not stored in the workspace 167| 1.43k| const W w1 = accum.extract(); 168| | 169| 1.43k| bigint_monty_maybe_sub(r.data(), w1, ws.data(), p.data()); 170| | 171| 1.43k| return r; 172| 1.43k|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm9ELm66EEEDaNSt3__14spanIKhXT1_EEE: 287| 3.76k|inline constexpr auto bytes_to_words(std::span bytes) { 288| 3.76k| static_assert(L <= WordInfo::bytes * N); 289| | 290| 3.76k| std::array r = {}; 291| | 292| 3.76k| constexpr size_t full_words = L / WordInfo::bytes; 293| 3.76k| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 3.76k| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 33.9k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 30.1k, False: 3.76k] ------------------ 298| 30.1k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 30.1k| } 300| | 301| 3.76k| if constexpr(extra_bytes > 0) { 302| 3.76k| constexpr size_t shift = extra_bytes * 8; 303| 3.76k| shift_left(r); 304| | 305| 11.3k| for(size_t i = 0; i != extra_bytes; ++i) { ------------------ | Branch (305:25): [True: 7.53k, False: 3.76k] ------------------ 306| 7.53k| const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| 7.53k| r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| 7.53k| } 309| 3.76k| } 310| | 311| 3.76k| return r; 312| 3.76k|} pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE8instanceEv: 338| 12.1k| static std::shared_ptr instance() { 339| 12.1k| static auto g_curve = std::make_shared>(); 340| 12.1k| return g_curve; 341| 12.1k| } pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE19field_element_bytesEv: 36| 6.24k| size_t field_element_bytes() const override { return C::FieldElement::BYTES; } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE8mul_by_gERKNS0_15PrimeOrderCurve6ScalarERNS_21RandomNumberGeneratorE: 38| 662| ProjectivePoint mul_by_g(const Scalar& scalar, RandomNumberGenerator& rng) const override { 39| 662| return stash(m_mul_by_g.mul(from_stash(scalar), rng)); 40| 662| } pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE5stashERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEESA_EE: 370| 662| static ProjectivePoint stash(const typename C::ProjectivePoint& pt) { 371| 662| auto x_w = pt.x().template stash_value(); 372| 662| auto y_w = pt.y().template stash_value(); 373| 662| auto z_w = pt.z().template stash_value(); 374| 662| return ProjectivePoint::_create(instance(), x_w, y_w, z_w); 375| 662| } pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 2.50k| static typename C::Scalar from_stash(const Scalar& s) { 349| 2.50k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 2.50k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 2.50k| return C::Scalar::from_stash(s._value()); 353| 2.50k| } pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEE: 344| 662| static Scalar stash(const typename C::Scalar& s) { 345| 662| return Scalar::_create(instance(), s.template stash_value()); 346| 662| } pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE10from_stashERKNS0_15PrimeOrderCurve11AffinePointE: 361| 5.95k| static typename C::AffinePoint from_stash(const AffinePoint& pt) { 362| 5.95k| if(pt._curve() != instance()) { ------------------ | Branch (362:13): [True: 0, False: 5.95k] ------------------ 363| 0| throw Invalid_Argument("Curve mismatch"); 364| 0| } 365| 5.95k| auto x = C::FieldElement::from_stash(pt._x()); 366| 5.95k| auto y = C::FieldElement::from_stash(pt._y()); 367| 5.95k| return typename C::AffinePoint(x, y); 368| 5.95k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE10mul_x_onlyERKNS0_15PrimeOrderCurve11AffinePointERKNS6_6ScalarERNS_21RandomNumberGeneratorE: 49| 514| RandomNumberGenerator& rng) const override { 50| 514| auto tbl = WindowedBoothMulTable(from_stash(pt)); 51| 514| auto result = tbl.mul(from_stash(scalar), rng); 52| 514| BOTAN_STATE_CHECK(!result.is_identity().as_bool()); ------------------ | | 51| 514| do { \ | | 52| 514| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 514| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 514] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 514| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 514] | | ------------------ ------------------ 53| 514| auto pt_x = to_affine_x(result); 54| 514| secure_vector x_bytes(C::FieldElement::BYTES); 55| 514| pt_x.serialize_to(std::span{x_bytes}); 56| 514| return x_bytes; 57| 514| } pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE5stashERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 355| 1.69k| static AffinePoint stash(const typename C::AffinePoint& pt) { 356| 1.69k| auto x_w = pt.x().template stash_value(); 357| 1.69k| auto y_w = pt.y().template stash_value(); 358| 1.69k| return AffinePoint::_create(instance(), x_w, y_w); 359| 1.69k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE17deserialize_pointENSt3__14spanIKhLm18446744073709551615EEE: 242| 1.07k| std::optional deserialize_point(std::span bytes) const override { 243| | // The identity element (see SEC1 section 2.3.4) 244| | // TODO(Botan4) remove this - we should reject the identity encoding 245| 1.07k| if(bytes.size() == 1 && bytes[0] == 0x00) { ------------------ | Branch (245:13): [True: 4, False: 1.07k] | Branch (245:34): [True: 1, False: 3] ------------------ 246| 1| return stash(C::AffinePoint::identity()); 247| 1| } 248| | 249| 1.07k| constexpr size_t FieldElementBytes = C::FieldElement::BYTES; 250| 1.07k| constexpr size_t CompressedBytes = C::FieldElement::BYTES + 1; 251| 1.07k| constexpr size_t UncompressedBytes = 2 * C::FieldElement::BYTES + 1; 252| | 253| 1.07k| if(bytes.size() == UncompressedBytes && bytes[0] == 0x04) { ------------------ | Branch (253:13): [True: 530, False: 544] | Branch (253:50): [True: 529, False: 1] ------------------ 254| 529| const auto encoded_point = bytes.subspan(1); 255| 529| auto x = C::FieldElement::deserialize(encoded_point.first(FieldElementBytes)); 256| 529| auto y = C::FieldElement::deserialize(encoded_point.last(FieldElementBytes)); 257| | 258| 529| if(x && y) { ------------------ | Branch (258:16): [True: 528, False: 1] | Branch (258:21): [True: 527, False: 1] ------------------ 259| | // Check that y^2 = x^3 + ax + b 260| 527| const auto lhs = (*y).square(); 261| 527| const auto rhs = C::x3_ax_b(*x); 262| 527| const auto valid = (lhs == rhs); 263| 527| if(valid.as_bool()) { ------------------ | Branch (263:19): [True: 514, False: 13] ------------------ 264| 514| return stash(typename C::AffinePoint(*x, *y)); 265| 514| } 266| 527| } 267| 545| } else if(bytes.size() == CompressedBytes && (bytes[0] == 0x02 || bytes[0] == 0x03)) { ------------------ | Branch (267:20): [True: 536, False: 9] | Branch (267:56): [True: 320, False: 216] | Branch (267:76): [True: 210, False: 6] ------------------ 268| 530| const CT::Choice y_is_even = CT::Mask::is_equal(bytes[0], 0x02).as_choice(); 269| | 270| 530| if(auto x = C::FieldElement::deserialize(bytes.subspan(1, FieldElementBytes))) { ------------------ | Branch (270:21): [True: 528, False: 2] ------------------ 271| 528| if(auto y = sqrt_field_element(C::x3_ax_b(*x)).as_optional_vartime()) { ------------------ | Branch (271:24): [True: 514, False: 14] ------------------ 272| 514| return stash(typename C::AffinePoint(*x, y->correct_sign(y_is_even))); 273| 514| } 274| 528| } 275| 530| } 276| | 277| 46| return {}; 278| 1.07k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE15point_to_affineERKNS0_15PrimeOrderCurve15ProjectivePointE: 192| 662| AffinePoint point_to_affine(const ProjectivePoint& pt) const override { 193| 662| auto affine = to_affine(from_stash(pt)); 194| | 195| 662| const auto y2 = affine.y().square(); 196| 662| const auto x3_ax_b = C::x3_ax_b(affine.x()); 197| 662| const auto valid_point = affine.is_identity() || (y2 == x3_ax_b); 198| | 199| 662| BOTAN_ASSERT(valid_point.as_bool(), "Computed point is on the curve"); ------------------ | | 64| 662| do { \ | | 65| 662| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 662| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 662] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 662| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 662] | | ------------------ ------------------ 200| | 201| 662| return stash(affine); 202| 662| } pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE10from_stashERKNS0_15PrimeOrderCurve15ProjectivePointE: 377| 662| static typename C::ProjectivePoint from_stash(const ProjectivePoint& pt) { 378| 662| if(pt._curve() != instance()) { ------------------ | Branch (378:13): [True: 0, False: 662] ------------------ 379| 0| throw Invalid_Argument("Curve mismatch"); 380| 0| } 381| 662| auto x = C::FieldElement::from_stash(pt._x()); 382| 662| auto y = C::FieldElement::from_stash(pt._y()); 383| 662| auto z = C::FieldElement::from_stash(pt._z()); 384| 662| return typename C::ProjectivePoint(x, y, z); 385| 662| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE24affine_point_is_identityERKNS0_15PrimeOrderCurve11AffinePointE: 210| 2.72k| bool affine_point_is_identity(const AffinePoint& pt) const override { 211| 2.72k| return from_stash(pt).is_identity().as_bool(); 212| 2.72k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE15serialize_pointENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve11AffinePointE: 214| 2.71k| void serialize_point(std::span bytes, const AffinePoint& pt) const override { 215| 2.71k| BOTAN_ARG_CHECK(bytes.size() == C::AffinePoint::BYTES, "Invalid length for serialize_point"); ------------------ | | 35| 2.71k| do { \ | | 36| 2.71k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 2.71k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 2.71k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 2.71k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 2.71k] | | ------------------ ------------------ 216| 2.71k| from_stash(pt).serialize_to(bytes.subspan<0, C::AffinePoint::BYTES>()); 217| 2.71k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 662| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 662| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 662| do { \ | | 36| 662| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 662| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 662] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 662| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 662] | | ------------------ ------------------ 221| 662| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 662| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 662| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE13random_scalarERNS_21RandomNumberGeneratorE: 334| 662| Scalar random_scalar(RandomNumberGenerator& rng) const override { return stash(C::Scalar::random(rng)); } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE8instanceEv: 338| 5.91k| static std::shared_ptr instance() { 339| 5.91k| static auto g_curve = std::make_shared>(); 340| 5.91k| return g_curve; 341| 5.91k| } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE19field_element_bytesEv: 36| 2.92k| size_t field_element_bytes() const override { return C::FieldElement::BYTES; } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE8mul_by_gERKNS0_15PrimeOrderCurve6ScalarERNS_21RandomNumberGeneratorE: 38| 433| ProjectivePoint mul_by_g(const Scalar& scalar, RandomNumberGenerator& rng) const override { 39| 433| return stash(m_mul_by_g.mul(from_stash(scalar), rng)); 40| 433| } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE5stashERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEESA_EE: 370| 433| static ProjectivePoint stash(const typename C::ProjectivePoint& pt) { 371| 433| auto x_w = pt.x().template stash_value(); 372| 433| auto y_w = pt.y().template stash_value(); 373| 433| auto z_w = pt.z().template stash_value(); 374| 433| return ProjectivePoint::_create(instance(), x_w, y_w, z_w); 375| 433| } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 1.46k| static typename C::Scalar from_stash(const Scalar& s) { 349| 1.46k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 1.46k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 1.46k| return C::Scalar::from_stash(s._value()); 353| 1.46k| } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEE: 344| 433| static Scalar stash(const typename C::Scalar& s) { 345| 433| return Scalar::_create(instance(), s.template stash_value()); 346| 433| } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE10from_stashERKNS0_15PrimeOrderCurve11AffinePointE: 361| 2.38k| static typename C::AffinePoint from_stash(const AffinePoint& pt) { 362| 2.38k| if(pt._curve() != instance()) { ------------------ | Branch (362:13): [True: 0, False: 2.38k] ------------------ 363| 0| throw Invalid_Argument("Curve mismatch"); 364| 0| } 365| 2.38k| auto x = C::FieldElement::from_stash(pt._x()); 366| 2.38k| auto y = C::FieldElement::from_stash(pt._y()); 367| 2.38k| return typename C::AffinePoint(x, y); 368| 2.38k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE10mul_x_onlyERKNS0_15PrimeOrderCurve11AffinePointERKNS6_6ScalarERNS_21RandomNumberGeneratorE: 49| 168| RandomNumberGenerator& rng) const override { 50| 168| auto tbl = WindowedBoothMulTable(from_stash(pt)); 51| 168| auto result = tbl.mul(from_stash(scalar), rng); 52| 168| BOTAN_STATE_CHECK(!result.is_identity().as_bool()); ------------------ | | 51| 168| do { \ | | 52| 168| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 168| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 168] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 168| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 168] | | ------------------ ------------------ 53| 168| auto pt_x = to_affine_x(result); 54| 168| secure_vector x_bytes(C::FieldElement::BYTES); 55| 168| pt_x.serialize_to(std::span{x_bytes}); 56| 168| return x_bytes; 57| 168| } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE5stashERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 355| 770| static AffinePoint stash(const typename C::AffinePoint& pt) { 356| 770| auto x_w = pt.x().template stash_value(); 357| 770| auto y_w = pt.y().template stash_value(); 358| 770| return AffinePoint::_create(instance(), x_w, y_w); 359| 770| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE17deserialize_pointENSt3__14spanIKhLm18446744073709551615EEE: 242| 487| std::optional deserialize_point(std::span bytes) const override { 243| | // The identity element (see SEC1 section 2.3.4) 244| | // TODO(Botan4) remove this - we should reject the identity encoding 245| 487| if(bytes.size() == 1 && bytes[0] == 0x00) { ------------------ | Branch (245:13): [True: 2, False: 485] | Branch (245:34): [True: 1, False: 1] ------------------ 246| 1| return stash(C::AffinePoint::identity()); 247| 1| } 248| | 249| 486| constexpr size_t FieldElementBytes = C::FieldElement::BYTES; 250| 486| constexpr size_t CompressedBytes = C::FieldElement::BYTES + 1; 251| 486| constexpr size_t UncompressedBytes = 2 * C::FieldElement::BYTES + 1; 252| | 253| 486| if(bytes.size() == UncompressedBytes && bytes[0] == 0x04) { ------------------ | Branch (253:13): [True: 259, False: 227] | Branch (253:50): [True: 258, False: 1] ------------------ 254| 258| const auto encoded_point = bytes.subspan(1); 255| 258| auto x = C::FieldElement::deserialize(encoded_point.first(FieldElementBytes)); 256| 258| auto y = C::FieldElement::deserialize(encoded_point.last(FieldElementBytes)); 257| | 258| 258| if(x && y) { ------------------ | Branch (258:16): [True: 257, False: 1] | Branch (258:21): [True: 251, False: 6] ------------------ 259| | // Check that y^2 = x^3 + ax + b 260| 251| const auto lhs = (*y).square(); 261| 251| const auto rhs = C::x3_ax_b(*x); 262| 251| const auto valid = (lhs == rhs); 263| 251| if(valid.as_bool()) { ------------------ | Branch (263:19): [True: 168, False: 83] ------------------ 264| 168| return stash(typename C::AffinePoint(*x, *y)); 265| 168| } 266| 251| } 267| 258| } else if(bytes.size() == CompressedBytes && (bytes[0] == 0x02 || bytes[0] == 0x03)) { ------------------ | Branch (267:20): [True: 224, False: 4] | Branch (267:56): [True: 213, False: 11] | Branch (267:76): [True: 9, False: 2] ------------------ 268| 222| const CT::Choice y_is_even = CT::Mask::is_equal(bytes[0], 0x02).as_choice(); 269| | 270| 222| if(auto x = C::FieldElement::deserialize(bytes.subspan(1, FieldElementBytes))) { ------------------ | Branch (270:21): [True: 221, False: 1] ------------------ 271| 221| if(auto y = sqrt_field_element(C::x3_ax_b(*x)).as_optional_vartime()) { ------------------ | Branch (271:24): [True: 168, False: 53] ------------------ 272| 168| return stash(typename C::AffinePoint(*x, y->correct_sign(y_is_even))); 273| 168| } 274| 221| } 275| 222| } 276| | 277| 150| return {}; 278| 486| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE15point_to_affineERKNS0_15PrimeOrderCurve15ProjectivePointE: 192| 433| AffinePoint point_to_affine(const ProjectivePoint& pt) const override { 193| 433| auto affine = to_affine(from_stash(pt)); 194| | 195| 433| const auto y2 = affine.y().square(); 196| 433| const auto x3_ax_b = C::x3_ax_b(affine.x()); 197| 433| const auto valid_point = affine.is_identity() || (y2 == x3_ax_b); 198| | 199| 433| BOTAN_ASSERT(valid_point.as_bool(), "Computed point is on the curve"); ------------------ | | 64| 433| do { \ | | 65| 433| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 433| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 433] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 433| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 433] | | ------------------ ------------------ 200| | 201| 433| return stash(affine); 202| 433| } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE10from_stashERKNS0_15PrimeOrderCurve15ProjectivePointE: 377| 433| static typename C::ProjectivePoint from_stash(const ProjectivePoint& pt) { 378| 433| if(pt._curve() != instance()) { ------------------ | Branch (378:13): [True: 0, False: 433] ------------------ 379| 0| throw Invalid_Argument("Curve mismatch"); 380| 0| } 381| 433| auto x = C::FieldElement::from_stash(pt._x()); 382| 433| auto y = C::FieldElement::from_stash(pt._y()); 383| 433| auto z = C::FieldElement::from_stash(pt._z()); 384| 433| return typename C::ProjectivePoint(x, y, z); 385| 433| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE24affine_point_is_identityERKNS0_15PrimeOrderCurve11AffinePointE: 210| 1.10k| bool affine_point_is_identity(const AffinePoint& pt) const override { 211| 1.10k| return from_stash(pt).is_identity().as_bool(); 212| 1.10k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE15serialize_pointENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve11AffinePointE: 214| 1.10k| void serialize_point(std::span bytes, const AffinePoint& pt) const override { 215| 1.10k| BOTAN_ARG_CHECK(bytes.size() == C::AffinePoint::BYTES, "Invalid length for serialize_point"); ------------------ | | 35| 1.10k| do { \ | | 36| 1.10k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 1.10k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 1.10k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 1.10k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 1.10k] | | ------------------ ------------------ 216| 1.10k| from_stash(pt).serialize_to(bytes.subspan<0, C::AffinePoint::BYTES>()); 217| 1.10k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 433| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 433| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 433| do { \ | | 36| 433| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 433| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 433] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 433| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 433] | | ------------------ ------------------ 221| 433| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 433| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 433| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE13random_scalarERNS_21RandomNumberGeneratorE: 334| 433| Scalar random_scalar(RandomNumberGenerator& rng) const override { return stash(C::Scalar::random(rng)); } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE8instanceEv: 338| 5.04k| static std::shared_ptr instance() { 339| 5.04k| static auto g_curve = std::make_shared>(); 340| 5.04k| return g_curve; 341| 5.04k| } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE19field_element_bytesEv: 36| 2.49k| size_t field_element_bytes() const override { return C::FieldElement::BYTES; } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE8mul_by_gERKNS0_15PrimeOrderCurve6ScalarERNS_21RandomNumberGeneratorE: 38| 360| ProjectivePoint mul_by_g(const Scalar& scalar, RandomNumberGenerator& rng) const override { 39| 360| return stash(m_mul_by_g.mul(from_stash(scalar), rng)); 40| 360| } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE5stashERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEESA_EE: 370| 360| static ProjectivePoint stash(const typename C::ProjectivePoint& pt) { 371| 360| auto x_w = pt.x().template stash_value(); 372| 360| auto y_w = pt.y().template stash_value(); 373| 360| auto z_w = pt.z().template stash_value(); 374| 360| return ProjectivePoint::_create(instance(), x_w, y_w, z_w); 375| 360| } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 1.23k| static typename C::Scalar from_stash(const Scalar& s) { 349| 1.23k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 1.23k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 1.23k| return C::Scalar::from_stash(s._value()); 353| 1.23k| } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEE: 344| 360| static Scalar stash(const typename C::Scalar& s) { 345| 360| return Scalar::_create(instance(), s.template stash_value()); 346| 360| } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE10from_stashERKNS0_15PrimeOrderCurve11AffinePointE: 361| 2.07k| static typename C::AffinePoint from_stash(const AffinePoint& pt) { 362| 2.07k| if(pt._curve() != instance()) { ------------------ | Branch (362:13): [True: 0, False: 2.07k] ------------------ 363| 0| throw Invalid_Argument("Curve mismatch"); 364| 0| } 365| 2.07k| auto x = C::FieldElement::from_stash(pt._x()); 366| 2.07k| auto y = C::FieldElement::from_stash(pt._y()); 367| 2.07k| return typename C::AffinePoint(x, y); 368| 2.07k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE10mul_x_onlyERKNS0_15PrimeOrderCurve11AffinePointERKNS6_6ScalarERNS_21RandomNumberGeneratorE: 49| 150| RandomNumberGenerator& rng) const override { 50| 150| auto tbl = WindowedBoothMulTable(from_stash(pt)); 51| 150| auto result = tbl.mul(from_stash(scalar), rng); 52| 150| BOTAN_STATE_CHECK(!result.is_identity().as_bool()); ------------------ | | 51| 150| do { \ | | 52| 150| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 150| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 150] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 150| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 150] | | ------------------ ------------------ 53| 150| auto pt_x = to_affine_x(result); 54| 150| secure_vector x_bytes(C::FieldElement::BYTES); 55| 150| pt_x.serialize_to(std::span{x_bytes}); 56| 150| return x_bytes; 57| 150| } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE5stashERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 355| 661| static AffinePoint stash(const typename C::AffinePoint& pt) { 356| 661| auto x_w = pt.x().template stash_value(); 357| 661| auto y_w = pt.y().template stash_value(); 358| 661| return AffinePoint::_create(instance(), x_w, y_w); 359| 661| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE17deserialize_pointENSt3__14spanIKhLm18446744073709551615EEE: 242| 419| std::optional deserialize_point(std::span bytes) const override { 243| | // The identity element (see SEC1 section 2.3.4) 244| | // TODO(Botan4) remove this - we should reject the identity encoding 245| 419| if(bytes.size() == 1 && bytes[0] == 0x00) { ------------------ | Branch (245:13): [True: 6, False: 413] | Branch (245:34): [True: 1, False: 5] ------------------ 246| 1| return stash(C::AffinePoint::identity()); 247| 1| } 248| | 249| 418| constexpr size_t FieldElementBytes = C::FieldElement::BYTES; 250| 418| constexpr size_t CompressedBytes = C::FieldElement::BYTES + 1; 251| 418| constexpr size_t UncompressedBytes = 2 * C::FieldElement::BYTES + 1; 252| | 253| 418| if(bytes.size() == UncompressedBytes && bytes[0] == 0x04) { ------------------ | Branch (253:13): [True: 205, False: 213] | Branch (253:50): [True: 202, False: 3] ------------------ 254| 202| const auto encoded_point = bytes.subspan(1); 255| 202| auto x = C::FieldElement::deserialize(encoded_point.first(FieldElementBytes)); 256| 202| auto y = C::FieldElement::deserialize(encoded_point.last(FieldElementBytes)); 257| | 258| 202| if(x && y) { ------------------ | Branch (258:16): [True: 201, False: 1] | Branch (258:21): [True: 200, False: 1] ------------------ 259| | // Check that y^2 = x^3 + ax + b 260| 200| const auto lhs = (*y).square(); 261| 200| const auto rhs = C::x3_ax_b(*x); 262| 200| const auto valid = (lhs == rhs); 263| 200| if(valid.as_bool()) { ------------------ | Branch (263:19): [True: 150, False: 50] ------------------ 264| 150| return stash(typename C::AffinePoint(*x, *y)); 265| 150| } 266| 200| } 267| 216| } else if(bytes.size() == CompressedBytes && (bytes[0] == 0x02 || bytes[0] == 0x03)) { ------------------ | Branch (267:20): [True: 202, False: 14] | Branch (267:56): [True: 182, False: 20] | Branch (267:76): [True: 18, False: 2] ------------------ 268| 200| const CT::Choice y_is_even = CT::Mask::is_equal(bytes[0], 0x02).as_choice(); 269| | 270| 200| if(auto x = C::FieldElement::deserialize(bytes.subspan(1, FieldElementBytes))) { ------------------ | Branch (270:21): [True: 199, False: 1] ------------------ 271| 199| if(auto y = sqrt_field_element(C::x3_ax_b(*x)).as_optional_vartime()) { ------------------ | Branch (271:24): [True: 150, False: 49] ------------------ 272| 150| return stash(typename C::AffinePoint(*x, y->correct_sign(y_is_even))); 273| 150| } 274| 199| } 275| 200| } 276| | 277| 118| return {}; 278| 418| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE15point_to_affineERKNS0_15PrimeOrderCurve15ProjectivePointE: 192| 360| AffinePoint point_to_affine(const ProjectivePoint& pt) const override { 193| 360| auto affine = to_affine(from_stash(pt)); 194| | 195| 360| const auto y2 = affine.y().square(); 196| 360| const auto x3_ax_b = C::x3_ax_b(affine.x()); 197| 360| const auto valid_point = affine.is_identity() || (y2 == x3_ax_b); 198| | 199| 360| BOTAN_ASSERT(valid_point.as_bool(), "Computed point is on the curve"); ------------------ | | 64| 360| do { \ | | 65| 360| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 360| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 360] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 360| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 360] | | ------------------ ------------------ 200| | 201| 360| return stash(affine); 202| 360| } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE10from_stashERKNS0_15PrimeOrderCurve15ProjectivePointE: 377| 360| static typename C::ProjectivePoint from_stash(const ProjectivePoint& pt) { 378| 360| if(pt._curve() != instance()) { ------------------ | Branch (378:13): [True: 0, False: 360] ------------------ 379| 0| throw Invalid_Argument("Curve mismatch"); 380| 0| } 381| 360| auto x = C::FieldElement::from_stash(pt._x()); 382| 360| auto y = C::FieldElement::from_stash(pt._y()); 383| 360| auto z = C::FieldElement::from_stash(pt._z()); 384| 360| return typename C::ProjectivePoint(x, y, z); 385| 360| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE24affine_point_is_identityERKNS0_15PrimeOrderCurve11AffinePointE: 210| 962| bool affine_point_is_identity(const AffinePoint& pt) const override { 211| 962| return from_stash(pt).is_identity().as_bool(); 212| 962| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE15serialize_pointENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve11AffinePointE: 214| 960| void serialize_point(std::span bytes, const AffinePoint& pt) const override { 215| 960| BOTAN_ARG_CHECK(bytes.size() == C::AffinePoint::BYTES, "Invalid length for serialize_point"); ------------------ | | 35| 960| do { \ | | 36| 960| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 960| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 960] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 960| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 960] | | ------------------ ------------------ 216| 960| from_stash(pt).serialize_to(bytes.subspan<0, C::AffinePoint::BYTES>()); 217| 960| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 360| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 360| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 360| do { \ | | 36| 360| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 360| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 360] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 360| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 360] | | ------------------ ------------------ 221| 360| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 360| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 360| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE13random_scalarERNS_21RandomNumberGeneratorE: 334| 360| Scalar random_scalar(RandomNumberGenerator& rng) const override { return stash(C::Scalar::random(rng)); } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE8instanceEv: 338| 46.7k| static std::shared_ptr instance() { 339| 46.7k| static auto g_curve = std::make_shared>(); 340| 46.7k| return g_curve; 341| 46.7k| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE19field_element_bytesEv: 36| 17.0k| size_t field_element_bytes() const override { return C::FieldElement::BYTES; } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE8mul_by_gERKNS0_15PrimeOrderCurve6ScalarERNS_21RandomNumberGeneratorE: 38| 454| ProjectivePoint mul_by_g(const Scalar& scalar, RandomNumberGenerator& rng) const override { 39| 454| return stash(m_mul_by_g.mul(from_stash(scalar), rng)); 40| 454| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE5stashERKNS_20ProjectiveCurvePointINS_6IntModINS2_12Secp256r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEESA_EE: 370| 454| static ProjectivePoint stash(const typename C::ProjectivePoint& pt) { 371| 454| auto x_w = pt.x().template stash_value(); 372| 454| auto y_w = pt.y().template stash_value(); 373| 454| auto z_w = pt.z().template stash_value(); 374| 454| return ProjectivePoint::_create(instance(), x_w, y_w, z_w); 375| 454| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 14.6k| static typename C::Scalar from_stash(const Scalar& s) { 349| 14.6k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 14.6k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 14.6k| return C::Scalar::from_stash(s._value()); 353| 14.6k| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp256r1RepEE12ScalarParamsEEEEE: 344| 6.91k| static Scalar stash(const typename C::Scalar& s) { 345| 6.91k| return Scalar::_create(instance(), s.template stash_value()); 346| 6.91k| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE10from_stashERKNS0_15PrimeOrderCurve11AffinePointE: 361| 16.7k| static typename C::AffinePoint from_stash(const AffinePoint& pt) { 362| 16.7k| if(pt._curve() != instance()) { ------------------ | Branch (362:13): [True: 0, False: 16.7k] ------------------ 363| 0| throw Invalid_Argument("Curve mismatch"); 364| 0| } 365| 16.7k| auto x = C::FieldElement::from_stash(pt._x()); 366| 16.7k| auto y = C::FieldElement::from_stash(pt._y()); 367| 16.7k| return typename C::AffinePoint(x, y); 368| 16.7k| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE10mul_x_onlyERKNS0_15PrimeOrderCurve11AffinePointERKNS6_6ScalarERNS_21RandomNumberGeneratorE: 49| 328| RandomNumberGenerator& rng) const override { 50| 328| auto tbl = WindowedBoothMulTable(from_stash(pt)); 51| 328| auto result = tbl.mul(from_stash(scalar), rng); 52| 328| BOTAN_STATE_CHECK(!result.is_identity().as_bool()); ------------------ | | 51| 328| do { \ | | 52| 328| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 328| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 328] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 328| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 328] | | ------------------ ------------------ 53| 328| auto pt_x = to_affine_x(result); 54| 328| secure_vector x_bytes(C::FieldElement::BYTES); 55| 328| pt_x.serialize_to(std::span{x_bytes}); 56| 328| return x_bytes; 57| 328| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE5stashERKNS_16AffineCurvePointINS_6IntModINS2_12Secp256r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 355| 7.57k| static AffinePoint stash(const typename C::AffinePoint& pt) { 356| 7.57k| auto x_w = pt.x().template stash_value(); 357| 7.57k| auto y_w = pt.y().template stash_value(); 358| 7.57k| return AffinePoint::_create(instance(), x_w, y_w); 359| 7.57k| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE17deserialize_pointENSt3__14spanIKhLm18446744073709551615EEE: 242| 7.15k| std::optional deserialize_point(std::span bytes) const override { 243| | // The identity element (see SEC1 section 2.3.4) 244| | // TODO(Botan4) remove this - we should reject the identity encoding 245| 7.15k| if(bytes.size() == 1 && bytes[0] == 0x00) { ------------------ | Branch (245:13): [True: 6, False: 7.14k] | Branch (245:34): [True: 2, False: 4] ------------------ 246| 2| return stash(C::AffinePoint::identity()); 247| 2| } 248| | 249| 7.15k| constexpr size_t FieldElementBytes = C::FieldElement::BYTES; 250| 7.15k| constexpr size_t CompressedBytes = C::FieldElement::BYTES + 1; 251| 7.15k| constexpr size_t UncompressedBytes = 2 * C::FieldElement::BYTES + 1; 252| | 253| 7.15k| if(bytes.size() == UncompressedBytes && bytes[0] == 0x04) { ------------------ | Branch (253:13): [True: 6.79k, False: 353] | Branch (253:50): [True: 6.79k, False: 4] ------------------ 254| 6.79k| const auto encoded_point = bytes.subspan(1); 255| 6.79k| auto x = C::FieldElement::deserialize(encoded_point.first(FieldElementBytes)); 256| 6.79k| auto y = C::FieldElement::deserialize(encoded_point.last(FieldElementBytes)); 257| | 258| 6.79k| if(x && y) { ------------------ | Branch (258:16): [True: 6.79k, False: 1] | Branch (258:21): [True: 6.79k, False: 1] ------------------ 259| | // Check that y^2 = x^3 + ax + b 260| 6.79k| const auto lhs = (*y).square(); 261| 6.79k| const auto rhs = C::x3_ax_b(*x); 262| 6.79k| const auto valid = (lhs == rhs); 263| 6.79k| if(valid.as_bool()) { ------------------ | Branch (263:19): [True: 6.78k, False: 6] ------------------ 264| 6.78k| return stash(typename C::AffinePoint(*x, *y)); 265| 6.78k| } 266| 6.79k| } 267| 6.79k| } else if(bytes.size() == CompressedBytes && (bytes[0] == 0x02 || bytes[0] == 0x03)) { ------------------ | Branch (267:20): [True: 346, False: 11] | Branch (267:56): [True: 176, False: 170] | Branch (267:76): [True: 164, False: 6] ------------------ 268| 340| const CT::Choice y_is_even = CT::Mask::is_equal(bytes[0], 0x02).as_choice(); 269| | 270| 340| if(auto x = C::FieldElement::deserialize(bytes.subspan(1, FieldElementBytes))) { ------------------ | Branch (270:21): [True: 338, False: 2] ------------------ 271| 338| if(auto y = sqrt_field_element(C::x3_ax_b(*x)).as_optional_vartime()) { ------------------ | Branch (271:24): [True: 328, False: 10] ------------------ 272| 328| return stash(typename C::AffinePoint(*x, y->correct_sign(y_is_even))); 273| 328| } 274| 338| } 275| 340| } 276| | 277| 37| return {}; 278| 7.15k| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE18deserialize_scalarENSt3__14spanIKhLm18446744073709551615EEE: 224| 6.45k| std::optional deserialize_scalar(std::span bytes) const override { 225| 6.45k| if(auto scalar = C::Scalar::deserialize(bytes)) { ------------------ | Branch (225:18): [True: 6.45k, False: 0] ------------------ 226| 6.45k| if(!scalar->is_zero().as_bool()) { ------------------ | Branch (226:16): [True: 6.45k, False: 0] ------------------ 227| 6.45k| return stash(*scalar); 228| 6.45k| } 229| 6.45k| } 230| | 231| 0| return {}; 232| 6.45k| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE15point_to_affineERKNS0_15PrimeOrderCurve15ProjectivePointE: 192| 454| AffinePoint point_to_affine(const ProjectivePoint& pt) const override { 193| 454| auto affine = to_affine(from_stash(pt)); 194| | 195| 454| const auto y2 = affine.y().square(); 196| 454| const auto x3_ax_b = C::x3_ax_b(affine.x()); 197| 454| const auto valid_point = affine.is_identity() || (y2 == x3_ax_b); 198| | 199| 454| BOTAN_ASSERT(valid_point.as_bool(), "Computed point is on the curve"); ------------------ | | 64| 454| do { \ | | 65| 454| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 454| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 454] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 454| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 454] | | ------------------ ------------------ 200| | 201| 454| return stash(affine); 202| 454| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE10from_stashERKNS0_15PrimeOrderCurve15ProjectivePointE: 377| 454| static typename C::ProjectivePoint from_stash(const ProjectivePoint& pt) { 378| 454| if(pt._curve() != instance()) { ------------------ | Branch (378:13): [True: 0, False: 454] ------------------ 379| 0| throw Invalid_Argument("Curve mismatch"); 380| 0| } 381| 454| auto x = C::FieldElement::from_stash(pt._x()); 382| 454| auto y = C::FieldElement::from_stash(pt._y()); 383| 454| auto z = C::FieldElement::from_stash(pt._z()); 384| 454| return typename C::ProjectivePoint(x, y, z); 385| 454| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE24affine_point_is_identityERKNS0_15PrimeOrderCurve11AffinePointE: 210| 8.22k| bool affine_point_is_identity(const AffinePoint& pt) const override { 211| 8.22k| return from_stash(pt).is_identity().as_bool(); 212| 8.22k| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE15serialize_pointENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve11AffinePointE: 214| 8.22k| void serialize_point(std::span bytes, const AffinePoint& pt) const override { 215| 8.22k| BOTAN_ARG_CHECK(bytes.size() == C::AffinePoint::BYTES, "Invalid length for serialize_point"); ------------------ | | 35| 8.22k| do { \ | | 36| 8.22k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 8.22k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 8.22k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 8.22k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 8.22k] | | ------------------ ------------------ 216| 8.22k| from_stash(pt).serialize_to(bytes.subspan<0, C::AffinePoint::BYTES>()); 217| 8.22k| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 6.91k| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 6.91k| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 6.91k| do { \ | | 36| 6.91k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 6.91k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 6.91k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 6.91k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 6.91k] | | ------------------ ------------------ 221| 6.91k| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 6.91k| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 6.91k| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE13random_scalarERNS_21RandomNumberGeneratorE: 334| 454| Scalar random_scalar(RandomNumberGenerator& rng) const override { return stash(C::Scalar::random(rng)); } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE8instanceEv: 338| 7.72k| static std::shared_ptr instance() { 339| 7.72k| static auto g_curve = std::make_shared>(); 340| 7.72k| return g_curve; 341| 7.72k| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE19field_element_bytesEv: 36| 3.92k| size_t field_element_bytes() const override { return C::FieldElement::BYTES; } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE8mul_by_gERKNS0_15PrimeOrderCurve6ScalarERNS_21RandomNumberGeneratorE: 38| 464| ProjectivePoint mul_by_g(const Scalar& scalar, RandomNumberGenerator& rng) const override { 39| 464| return stash(m_mul_by_g.mul(from_stash(scalar), rng)); 40| 464| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE5stashERKNS_20ProjectiveCurvePointINS_6IntModINS2_12Secp384r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEESA_EE: 370| 464| static ProjectivePoint stash(const typename C::ProjectivePoint& pt) { 371| 464| auto x_w = pt.x().template stash_value(); 372| 464| auto y_w = pt.y().template stash_value(); 373| 464| auto z_w = pt.z().template stash_value(); 374| 464| return ProjectivePoint::_create(instance(), x_w, y_w, z_w); 375| 464| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 1.68k| static typename C::Scalar from_stash(const Scalar& s) { 349| 1.68k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 1.68k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 1.68k| return C::Scalar::from_stash(s._value()); 353| 1.68k| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp384r1RepEE12ScalarParamsEEEEE: 344| 464| static Scalar stash(const typename C::Scalar& s) { 345| 464| return Scalar::_create(instance(), s.template stash_value()); 346| 464| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE10from_stashERKNS0_15PrimeOrderCurve11AffinePointE: 361| 3.58k| static typename C::AffinePoint from_stash(const AffinePoint& pt) { 362| 3.58k| if(pt._curve() != instance()) { ------------------ | Branch (362:13): [True: 0, False: 3.58k] ------------------ 363| 0| throw Invalid_Argument("Curve mismatch"); 364| 0| } 365| 3.58k| auto x = C::FieldElement::from_stash(pt._x()); 366| 3.58k| auto y = C::FieldElement::from_stash(pt._y()); 367| 3.58k| return typename C::AffinePoint(x, y); 368| 3.58k| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE10mul_x_onlyERKNS0_15PrimeOrderCurve11AffinePointERKNS6_6ScalarERNS_21RandomNumberGeneratorE: 49| 295| RandomNumberGenerator& rng) const override { 50| 295| auto tbl = WindowedBoothMulTable(from_stash(pt)); 51| 295| auto result = tbl.mul(from_stash(scalar), rng); 52| 295| BOTAN_STATE_CHECK(!result.is_identity().as_bool()); ------------------ | | 51| 295| do { \ | | 52| 295| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 295| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 295] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 295| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 295] | | ------------------ ------------------ 53| 295| auto pt_x = to_affine_x(result); 54| 295| secure_vector x_bytes(C::FieldElement::BYTES); 55| 295| pt_x.serialize_to(std::span{x_bytes}); 56| 295| return x_bytes; 57| 295| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE5stashERKNS_16AffineCurvePointINS_6IntModINS2_12Secp384r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 355| 1.05k| static AffinePoint stash(const typename C::AffinePoint& pt) { 356| 1.05k| auto x_w = pt.x().template stash_value(); 357| 1.05k| auto y_w = pt.y().template stash_value(); 358| 1.05k| return AffinePoint::_create(instance(), x_w, y_w); 359| 1.05k| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE17deserialize_pointENSt3__14spanIKhLm18446744073709551615EEE: 242| 660| std::optional deserialize_point(std::span bytes) const override { 243| | // The identity element (see SEC1 section 2.3.4) 244| | // TODO(Botan4) remove this - we should reject the identity encoding 245| 660| if(bytes.size() == 1 && bytes[0] == 0x00) { ------------------ | Branch (245:13): [True: 4, False: 656] | Branch (245:34): [True: 1, False: 3] ------------------ 246| 1| return stash(C::AffinePoint::identity()); 247| 1| } 248| | 249| 659| constexpr size_t FieldElementBytes = C::FieldElement::BYTES; 250| 659| constexpr size_t CompressedBytes = C::FieldElement::BYTES + 1; 251| 659| constexpr size_t UncompressedBytes = 2 * C::FieldElement::BYTES + 1; 252| | 253| 659| if(bytes.size() == UncompressedBytes && bytes[0] == 0x04) { ------------------ | Branch (253:13): [True: 349, False: 310] | Branch (253:50): [True: 346, False: 3] ------------------ 254| 346| const auto encoded_point = bytes.subspan(1); 255| 346| auto x = C::FieldElement::deserialize(encoded_point.first(FieldElementBytes)); 256| 346| auto y = C::FieldElement::deserialize(encoded_point.last(FieldElementBytes)); 257| | 258| 346| if(x && y) { ------------------ | Branch (258:16): [True: 344, False: 2] | Branch (258:21): [True: 343, False: 1] ------------------ 259| | // Check that y^2 = x^3 + ax + b 260| 343| const auto lhs = (*y).square(); 261| 343| const auto rhs = C::x3_ax_b(*x); 262| 343| const auto valid = (lhs == rhs); 263| 343| if(valid.as_bool()) { ------------------ | Branch (263:19): [True: 295, False: 48] ------------------ 264| 295| return stash(typename C::AffinePoint(*x, *y)); 265| 295| } 266| 343| } 267| 346| } else if(bytes.size() == CompressedBytes && (bytes[0] == 0x02 || bytes[0] == 0x03)) { ------------------ | Branch (267:20): [True: 305, False: 8] | Branch (267:56): [True: 231, False: 74] | Branch (267:76): [True: 69, False: 5] ------------------ 268| 300| const CT::Choice y_is_even = CT::Mask::is_equal(bytes[0], 0x02).as_choice(); 269| | 270| 300| if(auto x = C::FieldElement::deserialize(bytes.subspan(1, FieldElementBytes))) { ------------------ | Branch (270:21): [True: 299, False: 1] ------------------ 271| 299| if(auto y = sqrt_field_element(C::x3_ax_b(*x)).as_optional_vartime()) { ------------------ | Branch (271:24): [True: 295, False: 4] ------------------ 272| 295| return stash(typename C::AffinePoint(*x, y->correct_sign(y_is_even))); 273| 295| } 274| 299| } 275| 300| } 276| | 277| 69| return {}; 278| 659| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE15point_to_affineERKNS0_15PrimeOrderCurve15ProjectivePointE: 192| 464| AffinePoint point_to_affine(const ProjectivePoint& pt) const override { 193| 464| auto affine = to_affine(from_stash(pt)); 194| | 195| 464| const auto y2 = affine.y().square(); 196| 464| const auto x3_ax_b = C::x3_ax_b(affine.x()); 197| 464| const auto valid_point = affine.is_identity() || (y2 == x3_ax_b); 198| | 199| 464| BOTAN_ASSERT(valid_point.as_bool(), "Computed point is on the curve"); ------------------ | | 64| 464| do { \ | | 65| 464| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 464| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 464] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 464| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 464] | | ------------------ ------------------ 200| | 201| 464| return stash(affine); 202| 464| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE10from_stashERKNS0_15PrimeOrderCurve15ProjectivePointE: 377| 464| static typename C::ProjectivePoint from_stash(const ProjectivePoint& pt) { 378| 464| if(pt._curve() != instance()) { ------------------ | Branch (378:13): [True: 0, False: 464] ------------------ 379| 0| throw Invalid_Argument("Curve mismatch"); 380| 0| } 381| 464| auto x = C::FieldElement::from_stash(pt._x()); 382| 464| auto y = C::FieldElement::from_stash(pt._y()); 383| 464| auto z = C::FieldElement::from_stash(pt._z()); 384| 464| return typename C::ProjectivePoint(x, y, z); 385| 464| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE24affine_point_is_identityERKNS0_15PrimeOrderCurve11AffinePointE: 210| 1.64k| bool affine_point_is_identity(const AffinePoint& pt) const override { 211| 1.64k| return from_stash(pt).is_identity().as_bool(); 212| 1.64k| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE15serialize_pointENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve11AffinePointE: 214| 1.64k| void serialize_point(std::span bytes, const AffinePoint& pt) const override { 215| 1.64k| BOTAN_ARG_CHECK(bytes.size() == C::AffinePoint::BYTES, "Invalid length for serialize_point"); ------------------ | | 35| 1.64k| do { \ | | 36| 1.64k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 1.64k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 1.64k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 1.64k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 1.64k] | | ------------------ ------------------ 216| 1.64k| from_stash(pt).serialize_to(bytes.subspan<0, C::AffinePoint::BYTES>()); 217| 1.64k| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 464| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 464| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 464| do { \ | | 36| 464| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 464| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 464] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 464| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 464] | | ------------------ ------------------ 221| 464| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 464| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 464| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE13random_scalarERNS_21RandomNumberGeneratorE: 334| 464| Scalar random_scalar(RandomNumberGenerator& rng) const override { return stash(C::Scalar::random(rng)); } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE8instanceEv: 338| 6.43k| static std::shared_ptr instance() { 339| 6.43k| static auto g_curve = std::make_shared>(); 340| 6.43k| return g_curve; 341| 6.43k| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE19field_element_bytesEv: 36| 3.25k| size_t field_element_bytes() const override { return C::FieldElement::BYTES; } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE8mul_by_gERKNS0_15PrimeOrderCurve6ScalarERNS_21RandomNumberGeneratorE: 38| 398| ProjectivePoint mul_by_g(const Scalar& scalar, RandomNumberGenerator& rng) const override { 39| 398| return stash(m_mul_by_g.mul(from_stash(scalar), rng)); 40| 398| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE5stashERKNS_20ProjectiveCurvePointINS_6IntModINS3_7P521RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEESA_EE: 370| 398| static ProjectivePoint stash(const typename C::ProjectivePoint& pt) { 371| 398| auto x_w = pt.x().template stash_value(); 372| 398| auto y_w = pt.y().template stash_value(); 373| 398| auto z_w = pt.z().template stash_value(); 374| 398| return ProjectivePoint::_create(instance(), x_w, y_w, z_w); 375| 398| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 1.43k| static typename C::Scalar from_stash(const Scalar& s) { 349| 1.43k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 1.43k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 1.43k| return C::Scalar::from_stash(s._value()); 353| 1.43k| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS3_7P521RepEE12ScalarParamsEEEEE: 344| 398| static Scalar stash(const typename C::Scalar& s) { 345| 398| return Scalar::_create(instance(), s.template stash_value()); 346| 398| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE10from_stashERKNS0_15PrimeOrderCurve11AffinePointE: 361| 2.93k| static typename C::AffinePoint from_stash(const AffinePoint& pt) { 362| 2.93k| if(pt._curve() != instance()) { ------------------ | Branch (362:13): [True: 0, False: 2.93k] ------------------ 363| 0| throw Invalid_Argument("Curve mismatch"); 364| 0| } 365| 2.93k| auto x = C::FieldElement::from_stash(pt._x()); 366| 2.93k| auto y = C::FieldElement::from_stash(pt._y()); 367| 2.93k| return typename C::AffinePoint(x, y); 368| 2.93k| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE10mul_x_onlyERKNS0_15PrimeOrderCurve11AffinePointERKNS6_6ScalarERNS_21RandomNumberGeneratorE: 49| 237| RandomNumberGenerator& rng) const override { 50| 237| auto tbl = WindowedBoothMulTable(from_stash(pt)); 51| 237| auto result = tbl.mul(from_stash(scalar), rng); 52| 237| BOTAN_STATE_CHECK(!result.is_identity().as_bool()); ------------------ | | 51| 237| do { \ | | 52| 237| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 237| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 237] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 237| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 237] | | ------------------ ------------------ 53| 237| auto pt_x = to_affine_x(result); 54| 237| secure_vector x_bytes(C::FieldElement::BYTES); 55| 237| pt_x.serialize_to(std::span{x_bytes}); 56| 237| return x_bytes; 57| 237| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE5stashERKNS_16AffineCurvePointINS_6IntModINS3_7P521RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 355| 873| static AffinePoint stash(const typename C::AffinePoint& pt) { 356| 873| auto x_w = pt.x().template stash_value(); 357| 873| auto y_w = pt.y().template stash_value(); 358| 873| return AffinePoint::_create(instance(), x_w, y_w); 359| 873| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE17deserialize_pointENSt3__14spanIKhLm18446744073709551615EEE: 242| 551| std::optional deserialize_point(std::span bytes) const override { 243| | // The identity element (see SEC1 section 2.3.4) 244| | // TODO(Botan4) remove this - we should reject the identity encoding 245| 551| if(bytes.size() == 1 && bytes[0] == 0x00) { ------------------ | Branch (245:13): [True: 2, False: 549] | Branch (245:34): [True: 1, False: 1] ------------------ 246| 1| return stash(C::AffinePoint::identity()); 247| 1| } 248| | 249| 550| constexpr size_t FieldElementBytes = C::FieldElement::BYTES; 250| 550| constexpr size_t CompressedBytes = C::FieldElement::BYTES + 1; 251| 550| constexpr size_t UncompressedBytes = 2 * C::FieldElement::BYTES + 1; 252| | 253| 550| if(bytes.size() == UncompressedBytes && bytes[0] == 0x04) { ------------------ | Branch (253:13): [True: 291, False: 259] | Branch (253:50): [True: 290, False: 1] ------------------ 254| 290| const auto encoded_point = bytes.subspan(1); 255| 290| auto x = C::FieldElement::deserialize(encoded_point.first(FieldElementBytes)); 256| 290| auto y = C::FieldElement::deserialize(encoded_point.last(FieldElementBytes)); 257| | 258| 290| if(x && y) { ------------------ | Branch (258:16): [True: 289, False: 1] | Branch (258:21): [True: 288, False: 1] ------------------ 259| | // Check that y^2 = x^3 + ax + b 260| 288| const auto lhs = (*y).square(); 261| 288| const auto rhs = C::x3_ax_b(*x); 262| 288| const auto valid = (lhs == rhs); 263| 288| if(valid.as_bool()) { ------------------ | Branch (263:19): [True: 237, False: 51] ------------------ 264| 237| return stash(typename C::AffinePoint(*x, *y)); 265| 237| } 266| 288| } 267| 290| } else if(bytes.size() == CompressedBytes && (bytes[0] == 0x02 || bytes[0] == 0x03)) { ------------------ | Branch (267:20): [True: 251, False: 9] | Branch (267:56): [True: 31, False: 220] | Branch (267:76): [True: 218, False: 2] ------------------ 268| 249| const CT::Choice y_is_even = CT::Mask::is_equal(bytes[0], 0x02).as_choice(); 269| | 270| 249| if(auto x = C::FieldElement::deserialize(bytes.subspan(1, FieldElementBytes))) { ------------------ | Branch (270:21): [True: 247, False: 2] ------------------ 271| 247| if(auto y = sqrt_field_element(C::x3_ax_b(*x)).as_optional_vartime()) { ------------------ | Branch (271:24): [True: 237, False: 10] ------------------ 272| 237| return stash(typename C::AffinePoint(*x, y->correct_sign(y_is_even))); 273| 237| } 274| 247| } 275| 249| } 276| | 277| 76| return {}; 278| 550| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE15point_to_affineERKNS0_15PrimeOrderCurve15ProjectivePointE: 192| 398| AffinePoint point_to_affine(const ProjectivePoint& pt) const override { 193| 398| auto affine = to_affine(from_stash(pt)); 194| | 195| 398| const auto y2 = affine.y().square(); 196| 398| const auto x3_ax_b = C::x3_ax_b(affine.x()); 197| 398| const auto valid_point = affine.is_identity() || (y2 == x3_ax_b); 198| | 199| 398| BOTAN_ASSERT(valid_point.as_bool(), "Computed point is on the curve"); ------------------ | | 64| 398| do { \ | | 65| 398| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 398| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 398] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 398| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 398] | | ------------------ ------------------ 200| | 201| 398| return stash(affine); 202| 398| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE10from_stashERKNS0_15PrimeOrderCurve15ProjectivePointE: 377| 398| static typename C::ProjectivePoint from_stash(const ProjectivePoint& pt) { 378| 398| if(pt._curve() != instance()) { ------------------ | Branch (378:13): [True: 0, False: 398] ------------------ 379| 0| throw Invalid_Argument("Curve mismatch"); 380| 0| } 381| 398| auto x = C::FieldElement::from_stash(pt._x()); 382| 398| auto y = C::FieldElement::from_stash(pt._y()); 383| 398| auto z = C::FieldElement::from_stash(pt._z()); 384| 398| return typename C::ProjectivePoint(x, y, z); 385| 398| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE24affine_point_is_identityERKNS0_15PrimeOrderCurve11AffinePointE: 210| 1.34k| bool affine_point_is_identity(const AffinePoint& pt) const override { 211| 1.34k| return from_stash(pt).is_identity().as_bool(); 212| 1.34k| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE15serialize_pointENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve11AffinePointE: 214| 1.34k| void serialize_point(std::span bytes, const AffinePoint& pt) const override { 215| 1.34k| BOTAN_ARG_CHECK(bytes.size() == C::AffinePoint::BYTES, "Invalid length for serialize_point"); ------------------ | | 35| 1.34k| do { \ | | 36| 1.34k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 1.34k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 1.34k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 1.34k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 1.34k] | | ------------------ ------------------ 216| 1.34k| from_stash(pt).serialize_to(bytes.subspan<0, C::AffinePoint::BYTES>()); 217| 1.34k| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 398| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 398| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 398| do { \ | | 36| 398| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 398| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 398] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 398| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 398] | | ------------------ ------------------ 221| 398| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 398| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 398| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE13random_scalarERNS_21RandomNumberGeneratorE: 334| 398| Scalar random_scalar(RandomNumberGenerator& rng) const override { return stash(C::Scalar::random(rng)); } _ZN5Botan12mulx_polyvalERKNS_9SIMD_4x32E: 92| 62|BOTAN_FORCE_INLINE SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 mulx_polyval(const SIMD_4x32& h) { 93| 62| const auto V = SIMD_4x32(0x00000001, 0x00000000, 0x00000000, 0xc2000000); 94| | 95| | // Bitmask set iff the top bit of h is set 96| 62| const auto mask = h.top_bit_mask(); 97| | 98| | // Extract the top bits of the words and move them into place as the low bit of the next word 99| 62| auto top_bits = h.shr<31>().shift_elems_left<1>(); 100| | 101| | // The main shift, adding back in the top bits that are otherwise lost 102| 62| auto shifted_h = h.shl<1>() | top_bits; 103| | 104| 62| return shifted_h ^ (mask & V); 105| 62|} _ZN5Botan14reverse_vectorERKNS_9SIMD_4x32E: 16| 2.67k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_SIMD_4X32 SIMD_4x32 reverse_vector(const SIMD_4x32& in) { 17| 2.67k|#if defined(BOTAN_SIMD_USE_SSSE3) 18| 2.67k| const __m128i BSWAP_MASK = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); 19| 2.67k| return SIMD_4x32(_mm_shuffle_epi8(in.raw(), BSWAP_MASK)); 20| |#elif defined(BOTAN_SIMD_USE_NEON) 21| | const uint8_t maskb[16] = {15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0}; 22| | const uint8x16_t mask = vld1q_u8(maskb); 23| | return SIMD_4x32(vreinterpretq_u32_u8(vqtbl1q_u8(vreinterpretq_u8_u32(in.raw()), mask))); 24| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 25| | const __vector unsigned char mask = {15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0}; 26| | return SIMD_4x32(vec_perm(in.raw(), in.raw(), mask)); 27| |#endif 28| 2.67k|} _ZN5Botan16polyval_multiplyERKNS_9SIMD_4x32ES2_: 128| 558|BOTAN_FORCE_INLINE SIMD_4x32 BOTAN_FN_ISA_CLMUL polyval_multiply(const SIMD_4x32& H, const SIMD_4x32& x) { 129| 558| SIMD_4x32 hi = clmul<0x11>(H, x); 130| 558| const SIMD_4x32 mid = clmul<0x10>(H, x) ^ clmul<0x01>(H, x); 131| 558| SIMD_4x32 lo = clmul<0x00>(H, x); 132| | 133| 558| hi ^= mid.shift_elems_right<2>(); 134| 558| lo ^= mid.shift_elems_left<2>(); 135| | 136| 558| return polyval_reduce(hi, lo); 137| 558|} _ZN5Botan5clmulILi17EEENS_9SIMD_4x32ERKS1_S3_: 31| 2.48k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_CLMUL SIMD_4x32 clmul(const SIMD_4x32& H, const SIMD_4x32& x) { 32| 2.48k| static_assert(M == 0x00 || M == 0x01 || M == 0x10 || M == 0x11, "Valid clmul mode"); 33| | 34| 2.48k|#if defined(BOTAN_SIMD_USE_SSSE3) 35| 2.48k| return SIMD_4x32(_mm_clmulepi64_si128(x.raw(), H.raw(), M)); 36| |#elif defined(BOTAN_SIMD_USE_NEON) 37| | const uint64_t a = vgetq_lane_u64(vreinterpretq_u64_u32(x.raw()), M & 0x01); 38| | const uint64_t b = vgetq_lane_u64(vreinterpretq_u64_u32(H.raw()), (M & 0x10) >> 4); 39| | 40| | #if defined(BOTAN_BUILD_COMPILER_IS_MSVC) 41| | __n64 a1 = {a}, b1 = {b}; 42| | return SIMD_4x32(vmull_p64(a1, b1)); 43| | #else 44| | return SIMD_4x32(reinterpret_cast(vmull_p64(a, b))); 45| | #endif 46| | 47| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 48| | const SIMD_4x32 mask_lo = SIMD_4x32(0, 0, 0xFFFFFFFF, 0xFFFFFFFF); 49| | constexpr uint8_t flip = (std::endian::native == std::endian::big) ? 0x11 : 0x00; 50| | 51| | SIMD_4x32 i1 = x; 52| | SIMD_4x32 i2 = H; 53| | 54| | if constexpr(std::endian::native == std::endian::big) { 55| | i1 = reverse_vector(i1).bswap(); 56| | i2 = reverse_vector(i2).bswap(); 57| | } 58| | 59| | if constexpr(M == (0x11 ^ flip)) { 60| | i1 &= mask_lo; 61| | i2 &= mask_lo; 62| | } else if constexpr(M == (0x10 ^ flip)) { 63| | i1 = i1.shift_elems_left<2>(); 64| | } else if constexpr(M == (0x01 ^ flip)) { 65| | i2 = i2.shift_elems_left<2>(); 66| | } else if constexpr(M == (0x00 ^ flip)) { 67| | i1 = mask_lo.andc(i1); 68| | i2 = mask_lo.andc(i2); 69| | } 70| | 71| | auto i1v = reinterpret_cast<__vector unsigned long long>(i1.raw()); 72| | auto i2v = reinterpret_cast<__vector unsigned long long>(i2.raw()); 73| | 74| | #if BOTAN_COMPILER_HAS_BUILTIN(__builtin_crypto_vpmsumd) 75| | auto rv = __builtin_crypto_vpmsumd(i1v, i2v); 76| | #else 77| | auto rv = __builtin_altivec_crypto_vpmsumd(i1v, i2v); 78| | #endif 79| | 80| | auto z = SIMD_4x32(reinterpret_cast<__vector unsigned int>(rv)); 81| | 82| | if constexpr(std::endian::native == std::endian::big) { 83| | z = reverse_vector(z).bswap(); 84| | } 85| | 86| | return z; 87| |#endif 88| 2.48k|} _ZN5Botan5clmulILi16EEENS_9SIMD_4x32ERKS1_S3_: 31| 558|BOTAN_FORCE_INLINE BOTAN_FN_ISA_CLMUL SIMD_4x32 clmul(const SIMD_4x32& H, const SIMD_4x32& x) { 32| 558| static_assert(M == 0x00 || M == 0x01 || M == 0x10 || M == 0x11, "Valid clmul mode"); 33| | 34| 558|#if defined(BOTAN_SIMD_USE_SSSE3) 35| 558| return SIMD_4x32(_mm_clmulepi64_si128(x.raw(), H.raw(), M)); 36| |#elif defined(BOTAN_SIMD_USE_NEON) 37| | const uint64_t a = vgetq_lane_u64(vreinterpretq_u64_u32(x.raw()), M & 0x01); 38| | const uint64_t b = vgetq_lane_u64(vreinterpretq_u64_u32(H.raw()), (M & 0x10) >> 4); 39| | 40| | #if defined(BOTAN_BUILD_COMPILER_IS_MSVC) 41| | __n64 a1 = {a}, b1 = {b}; 42| | return SIMD_4x32(vmull_p64(a1, b1)); 43| | #else 44| | return SIMD_4x32(reinterpret_cast(vmull_p64(a, b))); 45| | #endif 46| | 47| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 48| | const SIMD_4x32 mask_lo = SIMD_4x32(0, 0, 0xFFFFFFFF, 0xFFFFFFFF); 49| | constexpr uint8_t flip = (std::endian::native == std::endian::big) ? 0x11 : 0x00; 50| | 51| | SIMD_4x32 i1 = x; 52| | SIMD_4x32 i2 = H; 53| | 54| | if constexpr(std::endian::native == std::endian::big) { 55| | i1 = reverse_vector(i1).bswap(); 56| | i2 = reverse_vector(i2).bswap(); 57| | } 58| | 59| | if constexpr(M == (0x11 ^ flip)) { 60| | i1 &= mask_lo; 61| | i2 &= mask_lo; 62| | } else if constexpr(M == (0x10 ^ flip)) { 63| | i1 = i1.shift_elems_left<2>(); 64| | } else if constexpr(M == (0x01 ^ flip)) { 65| | i2 = i2.shift_elems_left<2>(); 66| | } else if constexpr(M == (0x00 ^ flip)) { 67| | i1 = mask_lo.andc(i1); 68| | i2 = mask_lo.andc(i2); 69| | } 70| | 71| | auto i1v = reinterpret_cast<__vector unsigned long long>(i1.raw()); 72| | auto i2v = reinterpret_cast<__vector unsigned long long>(i2.raw()); 73| | 74| | #if BOTAN_COMPILER_HAS_BUILTIN(__builtin_crypto_vpmsumd) 75| | auto rv = __builtin_crypto_vpmsumd(i1v, i2v); 76| | #else 77| | auto rv = __builtin_altivec_crypto_vpmsumd(i1v, i2v); 78| | #endif 79| | 80| | auto z = SIMD_4x32(reinterpret_cast<__vector unsigned int>(rv)); 81| | 82| | if constexpr(std::endian::native == std::endian::big) { 83| | z = reverse_vector(z).bswap(); 84| | } 85| | 86| | return z; 87| |#endif 88| 558|} _ZN5Botan5clmulILi1EEENS_9SIMD_4x32ERKS1_S3_: 31| 558|BOTAN_FORCE_INLINE BOTAN_FN_ISA_CLMUL SIMD_4x32 clmul(const SIMD_4x32& H, const SIMD_4x32& x) { 32| 558| static_assert(M == 0x00 || M == 0x01 || M == 0x10 || M == 0x11, "Valid clmul mode"); 33| | 34| 558|#if defined(BOTAN_SIMD_USE_SSSE3) 35| 558| return SIMD_4x32(_mm_clmulepi64_si128(x.raw(), H.raw(), M)); 36| |#elif defined(BOTAN_SIMD_USE_NEON) 37| | const uint64_t a = vgetq_lane_u64(vreinterpretq_u64_u32(x.raw()), M & 0x01); 38| | const uint64_t b = vgetq_lane_u64(vreinterpretq_u64_u32(H.raw()), (M & 0x10) >> 4); 39| | 40| | #if defined(BOTAN_BUILD_COMPILER_IS_MSVC) 41| | __n64 a1 = {a}, b1 = {b}; 42| | return SIMD_4x32(vmull_p64(a1, b1)); 43| | #else 44| | return SIMD_4x32(reinterpret_cast(vmull_p64(a, b))); 45| | #endif 46| | 47| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 48| | const SIMD_4x32 mask_lo = SIMD_4x32(0, 0, 0xFFFFFFFF, 0xFFFFFFFF); 49| | constexpr uint8_t flip = (std::endian::native == std::endian::big) ? 0x11 : 0x00; 50| | 51| | SIMD_4x32 i1 = x; 52| | SIMD_4x32 i2 = H; 53| | 54| | if constexpr(std::endian::native == std::endian::big) { 55| | i1 = reverse_vector(i1).bswap(); 56| | i2 = reverse_vector(i2).bswap(); 57| | } 58| | 59| | if constexpr(M == (0x11 ^ flip)) { 60| | i1 &= mask_lo; 61| | i2 &= mask_lo; 62| | } else if constexpr(M == (0x10 ^ flip)) { 63| | i1 = i1.shift_elems_left<2>(); 64| | } else if constexpr(M == (0x01 ^ flip)) { 65| | i2 = i2.shift_elems_left<2>(); 66| | } else if constexpr(M == (0x00 ^ flip)) { 67| | i1 = mask_lo.andc(i1); 68| | i2 = mask_lo.andc(i2); 69| | } 70| | 71| | auto i1v = reinterpret_cast<__vector unsigned long long>(i1.raw()); 72| | auto i2v = reinterpret_cast<__vector unsigned long long>(i2.raw()); 73| | 74| | #if BOTAN_COMPILER_HAS_BUILTIN(__builtin_crypto_vpmsumd) 75| | auto rv = __builtin_crypto_vpmsumd(i1v, i2v); 76| | #else 77| | auto rv = __builtin_altivec_crypto_vpmsumd(i1v, i2v); 78| | #endif 79| | 80| | auto z = SIMD_4x32(reinterpret_cast<__vector unsigned int>(rv)); 81| | 82| | if constexpr(std::endian::native == std::endian::big) { 83| | z = reverse_vector(z).bswap(); 84| | } 85| | 86| | return z; 87| |#endif 88| 558|} _ZN5Botan5clmulILi0EEENS_9SIMD_4x32ERKS1_S3_: 31| 6.02k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_CLMUL SIMD_4x32 clmul(const SIMD_4x32& H, const SIMD_4x32& x) { 32| 6.02k| static_assert(M == 0x00 || M == 0x01 || M == 0x10 || M == 0x11, "Valid clmul mode"); 33| | 34| 6.02k|#if defined(BOTAN_SIMD_USE_SSSE3) 35| 6.02k| return SIMD_4x32(_mm_clmulepi64_si128(x.raw(), H.raw(), M)); 36| |#elif defined(BOTAN_SIMD_USE_NEON) 37| | const uint64_t a = vgetq_lane_u64(vreinterpretq_u64_u32(x.raw()), M & 0x01); 38| | const uint64_t b = vgetq_lane_u64(vreinterpretq_u64_u32(H.raw()), (M & 0x10) >> 4); 39| | 40| | #if defined(BOTAN_BUILD_COMPILER_IS_MSVC) 41| | __n64 a1 = {a}, b1 = {b}; 42| | return SIMD_4x32(vmull_p64(a1, b1)); 43| | #else 44| | return SIMD_4x32(reinterpret_cast(vmull_p64(a, b))); 45| | #endif 46| | 47| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 48| | const SIMD_4x32 mask_lo = SIMD_4x32(0, 0, 0xFFFFFFFF, 0xFFFFFFFF); 49| | constexpr uint8_t flip = (std::endian::native == std::endian::big) ? 0x11 : 0x00; 50| | 51| | SIMD_4x32 i1 = x; 52| | SIMD_4x32 i2 = H; 53| | 54| | if constexpr(std::endian::native == std::endian::big) { 55| | i1 = reverse_vector(i1).bswap(); 56| | i2 = reverse_vector(i2).bswap(); 57| | } 58| | 59| | if constexpr(M == (0x11 ^ flip)) { 60| | i1 &= mask_lo; 61| | i2 &= mask_lo; 62| | } else if constexpr(M == (0x10 ^ flip)) { 63| | i1 = i1.shift_elems_left<2>(); 64| | } else if constexpr(M == (0x01 ^ flip)) { 65| | i2 = i2.shift_elems_left<2>(); 66| | } else if constexpr(M == (0x00 ^ flip)) { 67| | i1 = mask_lo.andc(i1); 68| | i2 = mask_lo.andc(i2); 69| | } 70| | 71| | auto i1v = reinterpret_cast<__vector unsigned long long>(i1.raw()); 72| | auto i2v = reinterpret_cast<__vector unsigned long long>(i2.raw()); 73| | 74| | #if BOTAN_COMPILER_HAS_BUILTIN(__builtin_crypto_vpmsumd) 75| | auto rv = __builtin_crypto_vpmsumd(i1v, i2v); 76| | #else 77| | auto rv = __builtin_altivec_crypto_vpmsumd(i1v, i2v); 78| | #endif 79| | 80| | auto z = SIMD_4x32(reinterpret_cast<__vector unsigned int>(rv)); 81| | 82| | if constexpr(std::endian::native == std::endian::big) { 83| | z = reverse_vector(z).bswap(); 84| | } 85| | 86| | return z; 87| |#endif 88| 6.02k|} _ZN5Botan14polyval_reduceERKNS_9SIMD_4x32ES2_: 107| 810|BOTAN_FORCE_INLINE SIMD_4x32 BOTAN_FN_ISA_CLMUL polyval_reduce(const SIMD_4x32& hi, const SIMD_4x32& lo) { 108| 810| const SIMD_4x32 V(0, 0xC2000000, 0, 0); 109| | 110| | /* 111| | Montgomery reduction 112| | Input: 256-bit operand [X3 : X2 : X1 : X0] 113| | [A1 : A0] = X0 • 0xc200000000000000 114| | [B1 : B0] = [X0 ⨁ A1 : X1 ⨁ A0] 115| | [C1 : C0] = B0 • 0xc200000000000000 116| | [D1 : D0] = [B0 ⨁ C1 : B1 ⨁ C0] 117| | Output: [D1 ⨁ X3 : D0 ⨁ X2] 118| | */ 119| | 120| 810| const auto A = clmul<0x00>(lo, V); 121| 810| const auto B = A ^ lo.swap_halves(); 122| 810| const auto C = clmul<0x00>(B, V); 123| 810| const auto D = C ^ B.swap_halves(); 124| | 125| 810| return D ^ hi; 126| 810|} _ZN5Botan10TLS_12_PRFC2ENSt3__110unique_ptrINS_25MessageAuthenticationCodeENS1_14default_deleteIS3_EEEE: 28| 1.55k| explicit TLS_12_PRF(std::unique_ptr mac) : m_mac(std::move(mac)) {} _ZN5Botan4rotrILm39ETkNSt3__117unsigned_integralEmEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 1.00M|{ 38| 1.00M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 1.00M|} _ZN5Botan4rotrILm34ETkNSt3__117unsigned_integralEmEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 1.00M|{ 38| 1.00M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 1.00M|} _ZN5Botan4rotrILm14ETkNSt3__117unsigned_integralEmEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 1.00M|{ 38| 1.00M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 1.00M|} _ZN5Botan3rhoILm14ELm18ELm41ETkNSt3__117unsigned_integralEmEET2_S2_: 53| 1.00M|BOTAN_FORCE_INLINE constexpr T rho(T x) { 54| 1.00M| return rotr(x) ^ rotr(x) ^ rotr(x); 55| 1.00M|} _ZN5Botan4rotrILm18ETkNSt3__117unsigned_integralEmEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 1.00M|{ 38| 1.00M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 1.00M|} _ZN5Botan4rotrILm41ETkNSt3__117unsigned_integralEmEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 1.00M|{ 38| 1.00M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 1.00M|} _ZN5Botan3rhoILm28ELm34ELm39ETkNSt3__117unsigned_integralEmEET2_S2_: 53| 1.00M|BOTAN_FORCE_INLINE constexpr T rho(T x) { 54| 1.00M| return rotr(x) ^ rotr(x) ^ rotr(x); 55| 1.00M|} _ZN5Botan4rotrILm28ETkNSt3__117unsigned_integralEmEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 1.00M|{ 38| 1.00M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 1.00M|} _ZN5Botan8round_upEmm: 26| 108k|constexpr inline size_t round_up(size_t n, size_t align_to) { 27| | // Arguably returning n in this case would also be sensible 28| 108k| BOTAN_ARG_CHECK(align_to != 0, "align_to must not be 0"); ------------------ | | 35| 108k| do { \ | | 36| 108k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 108k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 108k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 108k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 108k] | | ------------------ ------------------ 29| | 30| 108k| if(n % align_to > 0) { ------------------ | Branch (30:7): [True: 68.2k, False: 40.1k] ------------------ 31| 68.2k| const size_t adj = align_to - (n % align_to); 32| 68.2k| BOTAN_ARG_CHECK(n + adj >= n, "Integer overflow during rounding"); ------------------ | | 35| 68.2k| do { \ | | 36| 68.2k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 68.2k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 68.2k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 68.2k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 68.2k] | | ------------------ ------------------ 33| 68.2k| n += adj; 34| 68.2k| } 35| 108k| return n; 36| 108k|} _ZNK5Botan9SCAN_Name9arg_countEv: 49| 25.5k| size_t arg_count() const { return m_args.size(); } _ZNK5Botan9SCAN_Name9algo_nameEv: 44| 55.0k| const std::string& algo_name() const { return m_alg_name; } _ZN5Botan14scoped_cleanupIZNS_2CT13scoped_poisonIJNSt3__16vectorIhNS_16secure_allocatorIhEEEEEQaaaagtsZT_Li0Efraa10poisonableIT_Efraa12unpoisonableIS8_EEEDaDpRKS8_EUlvE_EC2ESC_: 26| 8| explicit scoped_cleanup(FunT cleanup) : m_cleanup(std::move(cleanup)) {} _ZN5Botan14scoped_cleanupIZNS_2CT13scoped_poisonIJNSt3__16vectorIhNS_16secure_allocatorIhEEEEEQaaaagtsZT_Li0Efraa10poisonableIT_Efraa12unpoisonableIS8_EEEDaDpRKS8_EUlvE_EC2EOSD_: 31| 8| scoped_cleanup(scoped_cleanup&& other) noexcept : m_cleanup(std::move(other.m_cleanup)) { other.disengage(); } _ZN5Botan14scoped_cleanupIZNS_2CT13scoped_poisonIJNSt3__16vectorIhNS_16secure_allocatorIhEEEEEQaaaagtsZT_Li0Efraa10poisonableIT_Efraa12unpoisonableIS8_EEEDaDpRKS8_EUlvE_E9disengageEv: 50| 8| void disengage() noexcept { m_cleanup.reset(); } _ZN5Botan14scoped_cleanupIZNS_2CT13scoped_poisonIJNSt3__16vectorIhNS_16secure_allocatorIhEEEEEQaaaagtsZT_Li0Efraa10poisonableIT_Efraa12unpoisonableIS8_EEEDaDpRKS8_EUlvE_ED2Ev: 41| 16| ~scoped_cleanup() { 42| 16| if(m_cleanup.has_value()) { ------------------ | Branch (42:13): [True: 8, False: 8] ------------------ 43| 8| (*m_cleanup)(); // NOLINT(bugprone-exception-escape) clang-tidy bug 44| 8| } 45| 16| } _ZNK5Botan5SHA_14nameEv: 32| 202| std::string name() const override { return "SHA-1"; } _ZNK5Botan5SHA_113output_lengthEv: 34| 13.3k| size_t output_length() const override { return 20; } _ZNK5Botan5SHA_115hash_block_sizeEv: 36| 134| size_t hash_block_size() const override { return block_bytes; } _ZN5Botan5SHA_15clearEv: 44| 134| void clear() override { m_md.clear(); } _ZNK5Botan7SHA_2564nameEv: 73| 59| std::string name() const override { return "SHA-256"; } _ZNK5Botan7SHA_25613output_lengthEv: 75| 89.0k| size_t output_length() const override { return output_bytes; } _ZNK5Botan7SHA_25615hash_block_sizeEv: 77| 10.4k| size_t hash_block_size() const override { return block_bytes; } _ZN5Botan7SHA_2565clearEv: 83| 11.5k| void clear() override { m_md.clear(); } _ZNK5Botan7SHA_3844nameEv: 32| 72| std::string name() const override { return "SHA-384"; } _ZNK5Botan7SHA_38413output_lengthEv: 34| 5.45k| size_t output_length() const override { return output_bytes; } _ZNK5Botan7SHA_38415hash_block_sizeEv: 36| 336| size_t hash_block_size() const override { return block_bytes; } _ZN5Botan7SHA_3845clearEv: 44| 584| void clear() override { m_md.clear(); } _ZN5Botan9SHA2_64_FEmmmRmmmmS0_m: 42| 1.00M| uint64_t A, uint64_t B, uint64_t C, uint64_t& D, uint64_t E, uint64_t F, uint64_t G, uint64_t& H, uint64_t M) { 43| 1.00M| H += rho<14, 18, 41>(E) + choose(E, F, G) + M; 44| 1.00M| D += H; 45| 1.00M| H += rho<28, 34, 39>(A) + majority(A, B, C); 46| 1.00M|} _ZN5Botan9SIMD_2x64C2Ev: 50| 94.1k| m_simd(_mm_setzero_si128()) 51| |#elif defined(BOTAN_SIMD_USE_SIMD128) 52| | m_simd(wasm_u64x2_const_splat(0)) 53| |#endif 54| 94.1k| { 55| 94.1k| } _ZN5Botan9SIMD_2x647load_beEPKv: 90| 94.1k| static SIMD_2x64 BOTAN_FN_ISA_SIMD_2X64 load_be(const void* in) { return SIMD_2x64::load_le(in).bswap(); } _ZNK5Botan9SIMD_2x645bswapEv: 100| 94.1k| SIMD_2x64 BOTAN_FN_ISA_SIMD_2X64 bswap() const { 101| 94.1k|#if defined(BOTAN_SIMD_USE_SSSE3) 102| 94.1k| const auto idx = _mm_set_epi8(8, 9, 10, 11, 12, 13, 14, 15, 0, 1, 2, 3, 4, 5, 6, 7); 103| 94.1k| return SIMD_2x64(_mm_shuffle_epi8(m_simd, idx)); 104| |#elif defined(BOTAN_SIMD_USE_SIMD128) 105| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 7, 6, 5, 4, 3, 2, 1, 0, 15, 14, 13, 12, 11, 10, 9, 8)); 106| |#endif 107| 94.1k| } _ZN5Botan9SIMD_2x64C2EDv2_x: 316| 3.67M| explicit BOTAN_FN_ISA_SIMD_2X64 SIMD_2x64(native_simd_type x) : m_simd(x) {} _ZNK5Botan9SIMD_2x64plERKS0_: 144| 1.60M| SIMD_2x64 BOTAN_FN_ISA_SIMD_2X64 operator+(const SIMD_2x64& other) const { 145| 1.60M| SIMD_2x64 retval(*this); 146| 1.60M| retval += other; 147| 1.60M| return retval; 148| 1.60M| } _ZN5Botan9SIMD_2x64pLERKS0_: 156| 1.60M| void BOTAN_FN_ISA_SIMD_2X64 operator+=(const SIMD_2x64& other) { 157| 1.60M|#if defined(BOTAN_SIMD_USE_SSSE3) 158| 1.60M| m_simd = _mm_add_epi64(m_simd, other.m_simd); 159| |#elif defined(BOTAN_SIMD_USE_SIMD128) 160| | m_simd = wasm_i64x2_add(m_simd, other.m_simd); 161| |#endif 162| 1.60M| } _ZN5Botan9SIMD_2x647load_leEPKv: 82| 565k| static SIMD_2x64 BOTAN_FN_ISA_SIMD_2X64 load_le(const void* in) { 83| 565k|#if defined(BOTAN_SIMD_USE_SSSE3) 84| 565k| return SIMD_2x64(_mm_loadu_si128(reinterpret_cast(in))); 85| |#elif defined(BOTAN_SIMD_USE_SIMD128) 86| | return SIMD_2x64(wasm_v128_load(in)); 87| |#endif 88| 565k| } _ZNK5Botan9SIMD_2x648store_leEPm: 126| 470k| void BOTAN_FN_ISA_SIMD_2X64 store_le(uint64_t out[2]) const { this->store_le(reinterpret_cast(out)); } _ZNK5Botan9SIMD_2x648store_leEPh: 128| 470k| void BOTAN_FN_ISA_SIMD_2X64 store_le(uint8_t out[]) const { 129| 470k|#if defined(BOTAN_SIMD_USE_SSSE3) 130| 470k| _mm_storeu_si128(reinterpret_cast<__m128i*>(out), m_simd); 131| |#elif defined(BOTAN_SIMD_USE_SIMD128) 132| | wasm_v128_store(out, m_simd); 133| |#endif 134| 470k| } _ZN5Botan9SIMD_2x647alignr8ERKS0_S2_: 240| 753k| static SIMD_2x64 BOTAN_FN_ISA_SIMD_2X64 alignr8(const SIMD_2x64& a, const SIMD_2x64& b) { 241| 753k|#if defined(BOTAN_SIMD_USE_SSSE3) 242| 753k| return SIMD_2x64(_mm_alignr_epi8(a.m_simd, b.m_simd, 8)); 243| |#elif defined(BOTAN_SIMD_USE_SIMD128) 244| | return SIMD_2x64( 245| | wasm_i8x16_shuffle(b.m_simd, a.m_simd, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)); 246| |#endif 247| 753k| } _ZNK5Botan9SIMD_2x644rotrILm1EEES0_vQaagtT_Li0EltT_Li64E: 184| 376k| { 185| 376k|#if defined(BOTAN_SIMD_USE_SSSE3) 186| | if constexpr(ROT == 8) { 187| | auto tab = _mm_setr_epi8(1, 2, 3, 4, 5, 6, 7, 0, 9, 10, 11, 12, 13, 14, 15, 8); 188| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 189| | } else if constexpr(ROT == 16) { 190| | auto tab = _mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9); 191| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 192| | } else if constexpr(ROT == 24) { 193| | auto tab = _mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10); 194| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 195| | } else if constexpr(ROT == 32) { 196| | auto tab = _mm_setr_epi8(4, 5, 6, 7, 0, 1, 2, 3, 12, 13, 14, 15, 8, 9, 10, 11); 197| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 198| 376k| } else { 199| 376k| return SIMD_2x64(_mm_or_si128(_mm_srli_epi64(m_simd, static_cast(ROT)), 200| 376k| _mm_slli_epi64(m_simd, static_cast(64 - ROT)))); 201| 376k| } 202| |#elif defined(BOTAN_SIMD_USE_SIMD128) 203| | if constexpr(ROT == 8) { 204| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 1, 2, 3, 4, 5, 6, 7, 0, 9, 10, 11, 12, 13, 14, 15, 8)); 205| | } else if constexpr(ROT == 16) { 206| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)); 207| | } else if constexpr(ROT == 24) { 208| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)); 209| | } else if constexpr(ROT == 32) { 210| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 4, 5, 6, 7, 0, 1, 2, 3, 12, 13, 14, 15, 8, 9, 10, 11)); 211| | } else { 212| | return SIMD_2x64(wasm_v128_or(wasm_u64x2_shr(m_simd, ROT), wasm_i64x2_shl(m_simd, 64 - ROT))); 213| | } 214| |#endif 215| 376k| } _ZNK5Botan9SIMD_2x64eoERKS0_: 150| 1.50M| SIMD_2x64 BOTAN_FN_ISA_SIMD_2X64 operator^(const SIMD_2x64& other) const { 151| 1.50M| SIMD_2x64 retval(*this); 152| 1.50M| retval ^= other; 153| 1.50M| return retval; 154| 1.50M| } _ZN5Botan9SIMD_2x64eOERKS0_: 164| 1.50M| void BOTAN_FN_ISA_SIMD_2X64 operator^=(const SIMD_2x64& other) { 165| 1.50M|#if defined(BOTAN_SIMD_USE_SSSE3) 166| 1.50M| m_simd = _mm_xor_si128(m_simd, other.m_simd); 167| |#elif defined(BOTAN_SIMD_USE_SIMD128) 168| | m_simd = wasm_v128_xor(m_simd, other.m_simd); 169| |#endif 170| 1.50M| } _ZNK5Botan9SIMD_2x644rotrILm8EEES0_vQaagtT_Li0EltT_Li64E: 184| 376k| { 185| 376k|#if defined(BOTAN_SIMD_USE_SSSE3) 186| 376k| if constexpr(ROT == 8) { 187| 376k| auto tab = _mm_setr_epi8(1, 2, 3, 4, 5, 6, 7, 0, 9, 10, 11, 12, 13, 14, 15, 8); 188| 376k| return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 189| | } else if constexpr(ROT == 16) { 190| | auto tab = _mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9); 191| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 192| | } else if constexpr(ROT == 24) { 193| | auto tab = _mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10); 194| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 195| | } else if constexpr(ROT == 32) { 196| | auto tab = _mm_setr_epi8(4, 5, 6, 7, 0, 1, 2, 3, 12, 13, 14, 15, 8, 9, 10, 11); 197| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 198| | } else { 199| | return SIMD_2x64(_mm_or_si128(_mm_srli_epi64(m_simd, static_cast(ROT)), 200| | _mm_slli_epi64(m_simd, static_cast(64 - ROT)))); 201| | } 202| |#elif defined(BOTAN_SIMD_USE_SIMD128) 203| | if constexpr(ROT == 8) { 204| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 1, 2, 3, 4, 5, 6, 7, 0, 9, 10, 11, 12, 13, 14, 15, 8)); 205| | } else if constexpr(ROT == 16) { 206| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)); 207| | } else if constexpr(ROT == 24) { 208| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)); 209| | } else if constexpr(ROT == 32) { 210| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 4, 5, 6, 7, 0, 1, 2, 3, 12, 13, 14, 15, 8, 9, 10, 11)); 211| | } else { 212| | return SIMD_2x64(wasm_v128_or(wasm_u64x2_shr(m_simd, ROT), wasm_i64x2_shl(m_simd, 64 - ROT))); 213| | } 214| |#endif 215| 376k| } _ZNK5Botan9SIMD_2x643shrILi7EEES0_v: 223| 376k| SIMD_2x64 BOTAN_FN_ISA_SIMD_2X64 shr() const noexcept { 224| 376k|#if defined(BOTAN_SIMD_USE_SSSE3) 225| 376k| return SIMD_2x64(_mm_srli_epi64(m_simd, SHIFT)); 226| |#elif defined(BOTAN_SIMD_USE_SIMD128) 227| | return SIMD_2x64(wasm_u64x2_shr(m_simd, SHIFT)); 228| |#endif 229| 376k| } _ZNK5Botan9SIMD_2x644rotrILm19EEES0_vQaagtT_Li0EltT_Li64E: 184| 376k| { 185| 376k|#if defined(BOTAN_SIMD_USE_SSSE3) 186| | if constexpr(ROT == 8) { 187| | auto tab = _mm_setr_epi8(1, 2, 3, 4, 5, 6, 7, 0, 9, 10, 11, 12, 13, 14, 15, 8); 188| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 189| | } else if constexpr(ROT == 16) { 190| | auto tab = _mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9); 191| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 192| | } else if constexpr(ROT == 24) { 193| | auto tab = _mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10); 194| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 195| | } else if constexpr(ROT == 32) { 196| | auto tab = _mm_setr_epi8(4, 5, 6, 7, 0, 1, 2, 3, 12, 13, 14, 15, 8, 9, 10, 11); 197| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 198| 376k| } else { 199| 376k| return SIMD_2x64(_mm_or_si128(_mm_srli_epi64(m_simd, static_cast(ROT)), 200| 376k| _mm_slli_epi64(m_simd, static_cast(64 - ROT)))); 201| 376k| } 202| |#elif defined(BOTAN_SIMD_USE_SIMD128) 203| | if constexpr(ROT == 8) { 204| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 1, 2, 3, 4, 5, 6, 7, 0, 9, 10, 11, 12, 13, 14, 15, 8)); 205| | } else if constexpr(ROT == 16) { 206| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)); 207| | } else if constexpr(ROT == 24) { 208| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)); 209| | } else if constexpr(ROT == 32) { 210| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 4, 5, 6, 7, 0, 1, 2, 3, 12, 13, 14, 15, 8, 9, 10, 11)); 211| | } else { 212| | return SIMD_2x64(wasm_v128_or(wasm_u64x2_shr(m_simd, ROT), wasm_i64x2_shl(m_simd, 64 - ROT))); 213| | } 214| |#endif 215| 376k| } _ZNK5Botan9SIMD_2x644rotrILm61EEES0_vQaagtT_Li0EltT_Li64E: 184| 376k| { 185| 376k|#if defined(BOTAN_SIMD_USE_SSSE3) 186| | if constexpr(ROT == 8) { 187| | auto tab = _mm_setr_epi8(1, 2, 3, 4, 5, 6, 7, 0, 9, 10, 11, 12, 13, 14, 15, 8); 188| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 189| | } else if constexpr(ROT == 16) { 190| | auto tab = _mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9); 191| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 192| | } else if constexpr(ROT == 24) { 193| | auto tab = _mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10); 194| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 195| | } else if constexpr(ROT == 32) { 196| | auto tab = _mm_setr_epi8(4, 5, 6, 7, 0, 1, 2, 3, 12, 13, 14, 15, 8, 9, 10, 11); 197| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 198| 376k| } else { 199| 376k| return SIMD_2x64(_mm_or_si128(_mm_srli_epi64(m_simd, static_cast(ROT)), 200| 376k| _mm_slli_epi64(m_simd, static_cast(64 - ROT)))); 201| 376k| } 202| |#elif defined(BOTAN_SIMD_USE_SIMD128) 203| | if constexpr(ROT == 8) { 204| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 1, 2, 3, 4, 5, 6, 7, 0, 9, 10, 11, 12, 13, 14, 15, 8)); 205| | } else if constexpr(ROT == 16) { 206| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)); 207| | } else if constexpr(ROT == 24) { 208| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)); 209| | } else if constexpr(ROT == 32) { 210| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 4, 5, 6, 7, 0, 1, 2, 3, 12, 13, 14, 15, 8, 9, 10, 11)); 211| | } else { 212| | return SIMD_2x64(wasm_v128_or(wasm_u64x2_shr(m_simd, ROT), wasm_i64x2_shl(m_simd, 64 - ROT))); 213| | } 214| |#endif 215| 376k| } _ZNK5Botan9SIMD_2x643shrILi6EEES0_v: 223| 376k| SIMD_2x64 BOTAN_FN_ISA_SIMD_2X64 shr() const noexcept { 224| 376k|#if defined(BOTAN_SIMD_USE_SSSE3) 225| 376k| return SIMD_2x64(_mm_srli_epi64(m_simd, SHIFT)); 226| |#elif defined(BOTAN_SIMD_USE_SIMD128) 227| | return SIMD_2x64(wasm_u64x2_shr(m_simd, SHIFT)); 228| |#endif 229| 376k| } _ZN5Botan9SIMD_4x32C2Ev: 86| 252| BOTAN_FN_ISA_SIMD_4X32 SIMD_4x32() noexcept { 87| 252|#if defined(BOTAN_SIMD_USE_SSSE3) 88| 252| m_simd = _mm_setzero_si128(); 89| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 90| | m_simd = vec_splat_u32(0); 91| |#elif defined(BOTAN_SIMD_USE_NEON) 92| | m_simd = vdupq_n_u32(0); 93| |#elif defined(BOTAN_SIMD_USE_LSX) 94| | m_simd = __lsx_vldi(0); 95| |#elif defined(BOTAN_SIMD_USE_SIMD128) 96| | m_simd = wasm_u32x4_const_splat(0); 97| |#endif 98| 252| } _ZNK5Botan9SIMD_4x323rawEv: 942| 53.5M| native_simd_type BOTAN_FN_ISA_SIMD_4X32 raw() const noexcept { return m_simd; } _ZN5Botan9SIMD_4x32C2EDv2_x: 944| 30.8M| explicit BOTAN_FN_ISA_SIMD_4X32 SIMD_4x32(native_simd_type x) noexcept : m_simd(x) {} _ZN5Botan9SIMD_4x327load_leEPKv: 162| 4.87M| static SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 load_le(const void* in) noexcept { 163| 4.87M|#if defined(BOTAN_SIMD_USE_SSSE3) 164| 4.87M| return SIMD_4x32(_mm_loadu_si128(reinterpret_cast(in))); 165| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 166| | uint32_t R0 = Botan::load_le(reinterpret_cast(in), 0); 167| | uint32_t R1 = Botan::load_le(reinterpret_cast(in), 1); 168| | uint32_t R2 = Botan::load_le(reinterpret_cast(in), 2); 169| | uint32_t R3 = Botan::load_le(reinterpret_cast(in), 3); 170| | __vector unsigned int val = {R0, R1, R2, R3}; 171| | return SIMD_4x32(val); 172| |#elif defined(BOTAN_SIMD_USE_NEON) 173| | SIMD_4x32 l(vld1q_u32(static_cast(in))); 174| | if constexpr(std::endian::native == std::endian::big) { 175| | return l.bswap(); 176| | } else { 177| | return l; 178| | } 179| |#elif defined(BOTAN_SIMD_USE_LSX) 180| | return SIMD_4x32(__lsx_vld(in, 0)); 181| |#elif defined(BOTAN_SIMD_USE_SIMD128) 182| | return SIMD_4x32(wasm_v128_load(in)); 183| |#endif 184| 4.87M| } _ZN5Botan9SIMD_4x32C2Ejjjj: 103| 27.4k| BOTAN_FN_ISA_SIMD_4X32 SIMD_4x32(uint32_t B0, uint32_t B1, uint32_t B2, uint32_t B3) noexcept { 104| 27.4k|#if defined(BOTAN_SIMD_USE_SSSE3) 105| 27.4k| m_simd = _mm_set_epi32(B3, B2, B1, B0); 106| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 107| | __vector unsigned int val = {B0, B1, B2, B3}; 108| | m_simd = val; 109| |#elif defined(BOTAN_SIMD_USE_NEON) 110| | // Better way to do this? 111| | const uint32_t B[4] = {B0, B1, B2, B3}; 112| | m_simd = vld1q_u32(B); 113| |#elif defined(BOTAN_SIMD_USE_LSX) 114| | // Better way to do this? 115| | const uint32_t B[4] = {B0, B1, B2, B3}; 116| | m_simd = __lsx_vld(B, 0); 117| |#elif defined(BOTAN_SIMD_USE_SIMD128) 118| | m_simd = wasm_u32x4_make(B0, B1, B2, B3); 119| |#endif 120| 27.4k| } _ZNK5Botan9SIMD_4x32anERKS0_: 421| 62| SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 operator&(const SIMD_4x32& other) const noexcept { 422| 62| SIMD_4x32 retval(*this); 423| 62| retval &= other; 424| 62| return retval; 425| 62| } _ZN5Botan9SIMD_4x32aNERKS0_: 485| 62| void BOTAN_FN_ISA_SIMD_4X32 operator&=(const SIMD_4x32& other) noexcept { 486| 62|#if defined(BOTAN_SIMD_USE_SSSE3) 487| 62| m_simd = _mm_and_si128(m_simd, other.m_simd); 488| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 489| | m_simd = vec_and(m_simd, other.m_simd); 490| |#elif defined(BOTAN_SIMD_USE_NEON) 491| | m_simd = vandq_u32(m_simd, other.m_simd); 492| |#elif defined(BOTAN_SIMD_USE_LSX) 493| | m_simd = __lsx_vand_v(m_simd, other.m_simd); 494| |#elif defined(BOTAN_SIMD_USE_SIMD128) 495| | m_simd = wasm_v128_and(m_simd, other.m_simd); 496| |#endif 497| 62| } _ZNK5Botan9SIMD_4x32eoERKS0_: 403| 10.9k| SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 operator^(const SIMD_4x32& other) const noexcept { 404| 10.9k| SIMD_4x32 retval(*this); 405| 10.9k| retval ^= other; 406| 10.9k| return retval; 407| 10.9k| } _ZNK5Botan9SIMD_4x3211swap_halvesEv: 934| 1.62k| inline SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 swap_halves() const { 935| 1.62k|#if defined(BOTAN_SIMD_USE_SSSE3) 936| 1.62k| return SIMD_4x32(_mm_shuffle_epi32(raw(), 0b01001110)); 937| |#else 938| | return SIMD_4x32::alignr8(*this, *this); 939| |#endif 940| 1.62k| } _ZN5Botan9SIMD_4x32eOERKS0_: 455| 1.16M| void BOTAN_FN_ISA_SIMD_4X32 operator^=(const SIMD_4x32& other) noexcept { 456| 1.16M|#if defined(BOTAN_SIMD_USE_SSSE3) 457| 1.16M| m_simd = _mm_xor_si128(m_simd, other.m_simd); 458| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 459| | m_simd = vec_xor(m_simd, other.m_simd); 460| |#elif defined(BOTAN_SIMD_USE_NEON) 461| | m_simd = veorq_u32(m_simd, other.m_simd); 462| |#elif defined(BOTAN_SIMD_USE_LSX) 463| | m_simd = __lsx_vxor_v(m_simd, other.m_simd); 464| |#elif defined(BOTAN_SIMD_USE_SIMD128) 465| | m_simd = wasm_v128_xor(m_simd, other.m_simd); 466| |#endif 467| 1.16M| } _ZNK5Botan9SIMD_4x32orERKS0_: 412| 62| SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 operator|(const SIMD_4x32& other) const noexcept { 413| 62| SIMD_4x32 retval(*this); 414| 62| retval |= other; 415| 62| return retval; 416| 62| } _ZN5Botan9SIMD_4x32oRERKS0_: 471| 62| void BOTAN_FN_ISA_SIMD_4X32 operator|=(const SIMD_4x32& other) noexcept { 472| 62|#if defined(BOTAN_SIMD_USE_SSSE3) 473| 62| m_simd = _mm_or_si128(m_simd, other.m_simd); 474| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 475| | m_simd = vec_or(m_simd, other.m_simd); 476| |#elif defined(BOTAN_SIMD_USE_NEON) 477| | m_simd = vorrq_u32(m_simd, other.m_simd); 478| |#elif defined(BOTAN_SIMD_USE_LSX) 479| | m_simd = __lsx_vor_v(m_simd, other.m_simd); 480| |#elif defined(BOTAN_SIMD_USE_SIMD128) 481| | m_simd = wasm_v128_or(m_simd, other.m_simd); 482| |#endif 483| 62| } _ZNK5Botan9SIMD_4x328store_leEPh: 234| 370k| void BOTAN_FN_ISA_SIMD_4X32 store_le(uint8_t out[]) const noexcept { 235| 370k|#if defined(BOTAN_SIMD_USE_SSSE3) 236| | 237| 370k| _mm_storeu_si128(reinterpret_cast<__m128i*>(out), raw()); 238| | 239| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 240| | 241| | union { 242| | __vector unsigned int V; 243| | uint32_t R[4]; 244| | } vec{}; 245| | 246| | // NOLINTNEXTLINE(*-union-access) 247| | vec.V = raw(); 248| | // NOLINTNEXTLINE(*-union-access) 249| | Botan::store_le(out, vec.R[0], vec.R[1], vec.R[2], vec.R[3]); 250| | 251| |#elif defined(BOTAN_SIMD_USE_NEON) 252| | if constexpr(std::endian::native == std::endian::little) { 253| | vst1q_u8(out, vreinterpretq_u8_u32(m_simd)); 254| | } else { 255| | vst1q_u8(out, vreinterpretq_u8_u32(bswap().m_simd)); 256| | } 257| |#elif defined(BOTAN_SIMD_USE_LSX) 258| | __lsx_vst(raw(), out, 0); 259| |#elif defined(BOTAN_SIMD_USE_SIMD128) 260| | wasm_v128_store(out, m_simd); 261| |#endif 262| 370k| } _ZN5Botan9SIMD_4x327load_beEPKv: 189| 1.10M| static SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 load_be(const void* in) noexcept { 190| 1.10M|#if defined(BOTAN_SIMD_USE_SSSE3) || defined(BOTAN_SIMD_USE_LSX) || defined(BOTAN_SIMD_USE_SIMD128) 191| 1.10M| return load_le(in).bswap(); 192| | 193| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 194| | uint32_t R0 = Botan::load_be(reinterpret_cast(in), 0); 195| | uint32_t R1 = Botan::load_be(reinterpret_cast(in), 1); 196| | uint32_t R2 = Botan::load_be(reinterpret_cast(in), 2); 197| | uint32_t R3 = Botan::load_be(reinterpret_cast(in), 3); 198| | __vector unsigned int val = {R0, R1, R2, R3}; 199| | return SIMD_4x32(val); 200| | 201| |#elif defined(BOTAN_SIMD_USE_NEON) 202| | SIMD_4x32 l(vld1q_u32(static_cast(in))); 203| | if constexpr(std::endian::native == std::endian::little) { 204| | return l.bswap(); 205| | } else { 206| | return l; 207| | } 208| |#endif 209| 1.10M| } _ZNK5Botan9SIMD_4x328store_leEPj: 219| 355k| void BOTAN_FN_ISA_SIMD_4X32 store_le(uint32_t out[4]) const noexcept { 220| 355k| this->store_le(reinterpret_cast(out)); 221| 355k| } _ZNK5Botan9SIMD_4x328store_leEPm: 227| 372| void BOTAN_FN_ISA_SIMD_4X32 store_le(uint64_t out[2]) const noexcept { 228| 372| this->store_le(reinterpret_cast(out)); 229| 372| } _ZNK5Botan9SIMD_4x32plERKS0_: 385| 3.42M| SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 operator+(const SIMD_4x32& other) const noexcept { 386| 3.42M| SIMD_4x32 retval(*this); 387| 3.42M| retval += other; 388| 3.42M| return retval; 389| 3.42M| } _ZN5Botan9SIMD_4x32pLERKS0_: 427| 6.42M| void BOTAN_FN_ISA_SIMD_4X32 operator+=(const SIMD_4x32& other) noexcept { 428| 6.42M|#if defined(BOTAN_SIMD_USE_SSSE3) 429| 6.42M| m_simd = _mm_add_epi32(m_simd, other.m_simd); 430| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 431| | m_simd = vec_add(m_simd, other.m_simd); 432| |#elif defined(BOTAN_SIMD_USE_NEON) 433| | m_simd = vaddq_u32(m_simd, other.m_simd); 434| |#elif defined(BOTAN_SIMD_USE_LSX) 435| | m_simd = __lsx_vadd_w(m_simd, other.m_simd); 436| |#elif defined(BOTAN_SIMD_USE_SIMD128) 437| | m_simd = wasm_i32x4_add(m_simd, other.m_simd); 438| |#endif 439| 6.42M| } _ZNK5Botan9SIMD_4x325bswapEv: 576| 1.10M| BOTAN_FN_ISA_SIMD_4X32 SIMD_4x32 bswap() const noexcept { 577| 1.10M|#if defined(BOTAN_SIMD_USE_SSSE3) 578| 1.10M| const auto idx = _mm_set_epi8(12, 13, 14, 15, 8, 9, 10, 11, 4, 5, 6, 7, 0, 1, 2, 3); 579| | 580| 1.10M| return SIMD_4x32(_mm_shuffle_epi8(raw(), idx)); 581| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 582| | #ifdef BOTAN_SIMD_USE_VSX 583| | return SIMD_4x32(vec_revb(m_simd)); 584| | #else 585| | const __vector unsigned char rev[1] = { 586| | {3, 2, 1, 0, 7, 6, 5, 4, 11, 10, 9, 8, 15, 14, 13, 12}, 587| | }; 588| | 589| | return SIMD_4x32(vec_perm(m_simd, m_simd, rev[0])); 590| | #endif 591| | 592| |#elif defined(BOTAN_SIMD_USE_NEON) 593| | return SIMD_4x32(vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(m_simd)))); 594| |#elif defined(BOTAN_SIMD_USE_LSX) 595| | return SIMD_4x32(__lsx_vshuf4i_b(m_simd, 0b00011011)); 596| |#elif defined(BOTAN_SIMD_USE_SIMD128) 597| | return SIMD_4x32(wasm_i8x16_shuffle(m_simd, m_simd, 3, 2, 1, 0, 7, 6, 5, 4, 11, 10, 9, 8, 15, 14, 13, 12)); 598| |#endif 599| 1.10M| } _ZN5Botan9SIMD_4x327alignr4ERKS0_S2_: 869| 2.51M| static inline SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 alignr4(const SIMD_4x32& a, const SIMD_4x32& b) { 870| 2.51M|#if defined(BOTAN_SIMD_USE_SSSE3) 871| 2.51M| return SIMD_4x32(_mm_alignr_epi8(a.raw(), b.raw(), 4)); 872| |#elif defined(BOTAN_SIMD_USE_NEON) 873| | return SIMD_4x32(vextq_u32(b.raw(), a.raw(), 1)); 874| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 875| | const __vector unsigned char mask = {4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19}; 876| | return SIMD_4x32(vec_perm(b.raw(), a.raw(), mask)); 877| |#elif defined(BOTAN_SIMD_USE_LSX) 878| | const auto mask = SIMD_4x32(0x07060504, 0x0B0A0908, 0x0F0E0D0C, 0x13121110); 879| | return SIMD_4x32(__lsx_vshuf_b(a.raw(), b.raw(), mask.raw())); 880| |#elif defined(BOTAN_SIMD_USE_SIMD128) 881| | return SIMD_4x32( 882| | wasm_i8x16_shuffle(b.raw(), a.raw(), 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)); 883| |#endif 884| 2.51M| } _ZN5Botan9SIMD_4x327alignr8ERKS0_S2_: 886| 329k| static inline SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 alignr8(const SIMD_4x32& a, const SIMD_4x32& b) { 887| 329k|#if defined(BOTAN_SIMD_USE_SSSE3) 888| 329k| return SIMD_4x32(_mm_alignr_epi8(a.raw(), b.raw(), 8)); 889| |#elif defined(BOTAN_SIMD_USE_NEON) 890| | return SIMD_4x32(vextq_u32(b.raw(), a.raw(), 2)); 891| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 892| | const __vector unsigned char mask = {8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23}; 893| | return SIMD_4x32(vec_perm(b.raw(), a.raw(), mask)); 894| |#elif defined(BOTAN_SIMD_USE_LSX) 895| | return SIMD_4x32(__lsx_vshuf4i_d(a.raw(), b.raw(), 0b0011)); 896| |#elif defined(BOTAN_SIMD_USE_SIMD128) 897| | return SIMD_4x32( 898| | wasm_i8x16_shuffle(b.raw(), a.raw(), 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)); 899| |#endif 900| 329k| } _ZNK5Botan9SIMD_4x3212top_bit_maskEv: 909| 62| inline SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 top_bit_mask() const { 910| 62|#if defined(BOTAN_SIMD_USE_SSSE3) 911| 62| return SIMD_4x32(_mm_shuffle_epi32(_mm_srai_epi32(raw(), 31), 0b11111111)); 912| |#elif defined(BOTAN_SIMD_USE_NEON) 913| | #if defined(BOTAN_TARGET_ARCH_IS_ARM32) 914| | int32x4_t v = vshrq_n_s32(vreinterpretq_s32_u32(raw()), 31); 915| | int32x2_t hi = vget_high_s32(v); 916| | return SIMD_4x32(vreinterpretq_u32_s32(vdupq_lane_s32(hi, 1))); 917| | #else 918| | return SIMD_4x32(vreinterpretq_u32_s32(vdupq_laneq_s32(vshrq_n_s32(vreinterpretq_s32_u32(raw()), 31), 3))); 919| | #endif 920| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 921| | const __vector unsigned int shift = vec_splats(31U); 922| | const __vector signed int shifted = vec_sra(reinterpret_cast<__vector signed int>(raw()), shift); 923| | return SIMD_4x32(reinterpret_cast<__vector unsigned int>(vec_splat(shifted, 3))); 924| |#elif defined(BOTAN_SIMD_USE_LSX) 925| | return SIMD_4x32(__lsx_vshuf4i_w(__lsx_vsrai_w(raw(), 31), 0xFF)); 926| |#elif defined(BOTAN_SIMD_USE_SIMD128) 927| | return SIMD_4x32(wasm_i32x4_splat(wasm_i32x4_extract_lane(wasm_i32x4_shr(raw(), 31), 3))); 928| |#endif 929| 62| } _ZNK5Botan9SIMD_4x3217shift_elems_rightILm2EEES0_vQleT_Li3E: 641| 3.35M| { 642| 3.35M|#if defined(BOTAN_SIMD_USE_SSSE3) 643| 3.35M| return SIMD_4x32(_mm_srli_si128(raw(), 4 * I)); 644| |#elif defined(BOTAN_SIMD_USE_NEON) 645| | return SIMD_4x32(vextq_u32(raw(), vdupq_n_u32(0), I)); 646| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 647| | const __vector unsigned int zero = vec_splat_u32(0); 648| | 649| | const __vector unsigned char shuf[3] = { 650| | {4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19}, 651| | {8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23}, 652| | {12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27}, 653| | }; 654| | 655| | return SIMD_4x32(vec_perm(raw(), zero, shuf[I - 1])); 656| |#elif defined(BOTAN_SIMD_USE_LSX) 657| | return SIMD_4x32(__lsx_vbsrl_v(raw(), 4 * I)); 658| |#elif defined(BOTAN_SIMD_USE_SIMD128) 659| | if constexpr(I == 0) { 660| | return SIMD_4x32(m_simd); 661| | } 662| | 663| | const auto zero = wasm_u32x4_const_splat(0); 664| | if constexpr(I == 1) { 665| | return SIMD_4x32( 666| | wasm_i8x16_shuffle(m_simd, zero, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 16, 16, 16)); 667| | } 668| | if constexpr(I == 2) { 669| | return SIMD_4x32( 670| | wasm_i8x16_shuffle(m_simd, zero, 8, 9, 10, 11, 12, 13, 14, 15, 16, 16, 16, 16, 16, 16, 16, 16)); 671| | } 672| | 673| | return SIMD_4x32( 674| | wasm_i8x16_shuffle(m_simd, zero, 12, 13, 14, 15, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16)); 675| |#endif 676| 3.35M| } _ZNK5Botan9SIMD_4x323shrILi31EEES0_v: 520| 62| SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 shr() const noexcept { 521| 62|#if defined(BOTAN_SIMD_USE_SSSE3) 522| 62| return SIMD_4x32(_mm_srli_epi32(m_simd, SHIFT)); 523| | 524| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 525| | const unsigned int s = static_cast(SHIFT); 526| | const __vector unsigned int shifts = {s, s, s, s}; 527| | return SIMD_4x32(vec_sr(m_simd, shifts)); 528| |#elif defined(BOTAN_SIMD_USE_NEON) 529| | return SIMD_4x32(vshrq_n_u32(m_simd, SHIFT)); 530| |#elif defined(BOTAN_SIMD_USE_LSX) 531| | return SIMD_4x32(__lsx_vsrli_w(m_simd, SHIFT)); 532| |#elif defined(BOTAN_SIMD_USE_SIMD128) 533| | return SIMD_4x32(wasm_u32x4_shr(m_simd, SHIFT)); 534| |#endif 535| 62| } _ZNK5Botan9SIMD_4x3216shift_elems_leftILm1EEES0_vQleT_Li3E: 604| 62| { 605| 62|#if defined(BOTAN_SIMD_USE_SSSE3) 606| 62| return SIMD_4x32(_mm_slli_si128(raw(), 4 * I)); 607| |#elif defined(BOTAN_SIMD_USE_NEON) 608| | return SIMD_4x32(vextq_u32(vdupq_n_u32(0), raw(), 4 - I)); 609| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 610| | const __vector unsigned int zero = vec_splat_u32(0); 611| | 612| | const __vector unsigned char shuf[3] = { 613| | {16, 17, 18, 19, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11}, 614| | {16, 17, 18, 19, 20, 21, 22, 23, 0, 1, 2, 3, 4, 5, 6, 7}, 615| | {16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 0, 1, 2, 3}, 616| | }; 617| | 618| | return SIMD_4x32(vec_perm(raw(), zero, shuf[I - 1])); 619| |#elif defined(BOTAN_SIMD_USE_LSX) 620| | return SIMD_4x32(__lsx_vbsll_v(raw(), 4 * I)); 621| |#elif defined(BOTAN_SIMD_USE_SIMD128) 622| | if constexpr(I == 0) { 623| | return SIMD_4x32(m_simd); 624| | } 625| | 626| | const auto zero = wasm_u32x4_const_splat(0); 627| | if constexpr(I == 1) { 628| | return SIMD_4x32(wasm_i8x16_shuffle(m_simd, zero, 16, 16, 16, 16, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11)); 629| | } 630| | if constexpr(I == 2) { 631| | return SIMD_4x32(wasm_i8x16_shuffle(m_simd, zero, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 2, 3, 4, 5, 6, 7)); 632| | } 633| | 634| | return SIMD_4x32(wasm_i8x16_shuffle(m_simd, zero, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 2, 3)); 635| |#endif 636| 62| } _ZNK5Botan9SIMD_4x323shlILi1EEES0_vQaagtT_Li0EltT_Li32E: 502| 62| { 503| 62|#if defined(BOTAN_SIMD_USE_SSSE3) 504| 62| return SIMD_4x32(_mm_slli_epi32(m_simd, SHIFT)); 505| | 506| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 507| | const unsigned int s = static_cast(SHIFT); 508| | const __vector unsigned int shifts = {s, s, s, s}; 509| | return SIMD_4x32(vec_sl(m_simd, shifts)); 510| |#elif defined(BOTAN_SIMD_USE_NEON) 511| | return SIMD_4x32(vshlq_n_u32(m_simd, SHIFT)); 512| |#elif defined(BOTAN_SIMD_USE_LSX) 513| | return SIMD_4x32(__lsx_vslli_w(m_simd, SHIFT)); 514| |#elif defined(BOTAN_SIMD_USE_SIMD128) 515| | return SIMD_4x32(wasm_i32x4_shl(m_simd, SHIFT)); 516| |#endif 517| 62| } _ZNK5Botan9SIMD_4x3216shift_elems_leftILm2EEES0_vQleT_Li3E: 604| 810| { 605| 810|#if defined(BOTAN_SIMD_USE_SSSE3) 606| 810| return SIMD_4x32(_mm_slli_si128(raw(), 4 * I)); 607| |#elif defined(BOTAN_SIMD_USE_NEON) 608| | return SIMD_4x32(vextq_u32(vdupq_n_u32(0), raw(), 4 - I)); 609| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 610| | const __vector unsigned int zero = vec_splat_u32(0); 611| | 612| | const __vector unsigned char shuf[3] = { 613| | {16, 17, 18, 19, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11}, 614| | {16, 17, 18, 19, 20, 21, 22, 23, 0, 1, 2, 3, 4, 5, 6, 7}, 615| | {16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 0, 1, 2, 3}, 616| | }; 617| | 618| | return SIMD_4x32(vec_perm(raw(), zero, shuf[I - 1])); 619| |#elif defined(BOTAN_SIMD_USE_LSX) 620| | return SIMD_4x32(__lsx_vbsll_v(raw(), 4 * I)); 621| |#elif defined(BOTAN_SIMD_USE_SIMD128) 622| | if constexpr(I == 0) { 623| | return SIMD_4x32(m_simd); 624| | } 625| | 626| | const auto zero = wasm_u32x4_const_splat(0); 627| | if constexpr(I == 1) { 628| | return SIMD_4x32(wasm_i8x16_shuffle(m_simd, zero, 16, 16, 16, 16, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11)); 629| | } 630| | if constexpr(I == 2) { 631| | return SIMD_4x32(wasm_i8x16_shuffle(m_simd, zero, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 2, 3, 4, 5, 6, 7)); 632| | } 633| | 634| | return SIMD_4x32(wasm_i8x16_shuffle(m_simd, zero, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 2, 3)); 635| |#endif 636| 810| } _ZN5Botan9SIMD_4x64C2Ev: 34| 2.98k| BOTAN_FN_ISA_SIMD_4X64 SIMD_4x64() : m_simd(_mm256_setzero_si256()) {} _ZNK5Botan9SIMD_4x645bswapEv: 56| 2.98k| SIMD_4x64 BOTAN_FN_ISA_SIMD_4X64 bswap() const { 57| 2.98k| const auto idx = _mm256_set_epi8( 58| 2.98k| 8, 9, 10, 11, 12, 13, 14, 15, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0, 1, 2, 3, 4, 5, 6, 7); 59| | 60| 2.98k| return SIMD_4x64(_mm256_shuffle_epi8(m_simd, idx)); 61| 2.98k| } _ZN5Botan9SIMD_4x64C2EDv4_x: 196| 116k| explicit BOTAN_FN_ISA_SIMD_4X64 SIMD_4x64(__m256i x) : m_simd(x) {} _ZN5Botan9SIMD_4x64eOERKS0_: 103| 47.7k| BOTAN_FN_ISA_SIMD_4X64 void operator^=(const SIMD_4x64& other) { 104| 47.7k| m_simd = _mm256_xor_si256(m_simd, other.m_simd); 105| 47.7k| } _ZNK5Botan9SIMD_4x64eoERKS0_: 81| 47.7k| SIMD_4x64 BOTAN_FN_ISA_SIMD_4X64 operator^(const SIMD_4x64& other) const { 82| 47.7k| SIMD_4x64 retval(*this); 83| 47.7k| retval ^= other; 84| 47.7k| return retval; 85| 47.7k| } _ZN5Botan9SIMD_4x648load_le2EPKvS2_: 37| 2.98k| static BOTAN_FN_ISA_SIMD_4X64 SIMD_4x64 load_le2(const void* lo, const void* hi) { 38| 2.98k| return SIMD_4x64( 39| 2.98k| _mm256_loadu2_m128i(reinterpret_cast(lo), reinterpret_cast(hi))); 40| 2.98k| } _ZN5Botan9SIMD_4x648load_be2EPKvS2_: 42| 2.98k| static BOTAN_FN_ISA_SIMD_4X64 SIMD_4x64 load_be2(const void* lo, const void* hi) { 43| 2.98k| return SIMD_4x64::load_le2(lo, hi).bswap(); 44| 2.98k| } _ZN5Botan9SIMD_4x6414broadcast_2x64EPKm: 52| 14.9k| static BOTAN_FN_ISA_SIMD_4X64 SIMD_4x64 broadcast_2x64(const uint64_t* in) { 53| 14.9k| return SIMD_4x64(_mm256_broadcastsi128_si256(_mm_loadu_si128(reinterpret_cast(in)))); 54| 14.9k| } _ZN5Botan9SIMD_4x649store_le2EPvS1_: 69| 14.9k| BOTAN_FN_ISA_SIMD_4X64 void store_le2(void* outh, void* outl) { 70| 14.9k| _mm256_storeu2_m128i(reinterpret_cast<__m128i*>(outh), reinterpret_cast<__m128i*>(outl), m_simd); 71| 14.9k| } _ZNK5Botan9SIMD_4x64plERKS0_: 75| 50.7k| SIMD_4x64 BOTAN_FN_ISA_SIMD_4X64 operator+(const SIMD_4x64& other) const { 76| 50.7k| SIMD_4x64 retval(*this); 77| 50.7k| retval += other; 78| 50.7k| return retval; 79| 50.7k| } _ZN5Botan9SIMD_4x64pLERKS0_: 99| 50.7k| BOTAN_FN_ISA_SIMD_4X64 void operator+=(const SIMD_4x64& other) { 100| 50.7k| m_simd = _mm256_add_epi64(m_simd, other.m_simd); 101| 50.7k| } _ZN5Botan9SIMD_4x647alignr8ERKS0_S2_: 162| 23.8k| static SIMD_4x64 BOTAN_FN_ISA_SIMD_4X64 alignr8(const SIMD_4x64& a, const SIMD_4x64& b) { 163| | return SIMD_4x64(_mm256_alignr_epi8(a.m_simd, b.m_simd, 8)); 164| 23.8k| } _ZNK5Botan9SIMD_4x644rotrILm1EEES0_vQaagtT_Li0EltT_Li64E: 116| 11.9k| { 117| |#if defined(__AVX512VL__) 118| | return SIMD_4x64(_mm256_ror_epi64(m_simd, ROT)); 119| |#else 120| | if constexpr(ROT == 8) { 121| | auto shuf_rot_8 = 122| | _mm256_set_epi64x(0x080f0e0d0c0b0a09, 0x0007060504030201, 0x080f0e0d0c0b0a09, 0x0007060504030201); 123| | 124| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_8)); 125| | } else if constexpr(ROT == 16) { 126| | auto shuf_rot_16 = 127| | _mm256_set_epi64x(0x09080f0e0d0c0b0a, 0x0100070605040302, 0x09080f0e0d0c0b0a, 0x0100070605040302); 128| | 129| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_16)); 130| | } else if constexpr(ROT == 24) { 131| | auto shuf_rot_24 = 132| | _mm256_set_epi64x(0x0a09080f0e0d0c0b, 0x0201000706050403, 0x0a09080f0e0d0c0b, 0x0201000706050403); 133| | 134| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_24)); 135| | } else if constexpr(ROT == 32) { 136| | auto shuf_rot_32 = 137| | _mm256_set_epi64x(0x0b0a09080f0e0d0c, 0x0302010007060504, 0x0b0a09080f0e0d0c, 0x0302010007060504); 138| | 139| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_32)); 140| 11.9k| } else { 141| 11.9k| return SIMD_4x64(_mm256_or_si256(_mm256_srli_epi64(m_simd, static_cast(ROT)), 142| 11.9k| _mm256_slli_epi64(m_simd, static_cast(64 - ROT)))); 143| 11.9k| } 144| 11.9k|#endif 145| 11.9k| } _ZNK5Botan9SIMD_4x644rotrILm8EEES0_vQaagtT_Li0EltT_Li64E: 116| 11.9k| { 117| |#if defined(__AVX512VL__) 118| | return SIMD_4x64(_mm256_ror_epi64(m_simd, ROT)); 119| |#else 120| 11.9k| if constexpr(ROT == 8) { 121| 11.9k| auto shuf_rot_8 = 122| 11.9k| _mm256_set_epi64x(0x080f0e0d0c0b0a09, 0x0007060504030201, 0x080f0e0d0c0b0a09, 0x0007060504030201); 123| | 124| 11.9k| return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_8)); 125| | } else if constexpr(ROT == 16) { 126| | auto shuf_rot_16 = 127| | _mm256_set_epi64x(0x09080f0e0d0c0b0a, 0x0100070605040302, 0x09080f0e0d0c0b0a, 0x0100070605040302); 128| | 129| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_16)); 130| | } else if constexpr(ROT == 24) { 131| | auto shuf_rot_24 = 132| | _mm256_set_epi64x(0x0a09080f0e0d0c0b, 0x0201000706050403, 0x0a09080f0e0d0c0b, 0x0201000706050403); 133| | 134| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_24)); 135| | } else if constexpr(ROT == 32) { 136| | auto shuf_rot_32 = 137| | _mm256_set_epi64x(0x0b0a09080f0e0d0c, 0x0302010007060504, 0x0b0a09080f0e0d0c, 0x0302010007060504); 138| | 139| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_32)); 140| | } else { 141| | return SIMD_4x64(_mm256_or_si256(_mm256_srli_epi64(m_simd, static_cast(ROT)), 142| | _mm256_slli_epi64(m_simd, static_cast(64 - ROT)))); 143| | } 144| 11.9k|#endif 145| 11.9k| } _ZNK5Botan9SIMD_4x643shrILi7EEES0_v: 153| 11.9k| SIMD_4x64 BOTAN_FN_ISA_SIMD_4X64 shr() const noexcept { 154| 11.9k| return SIMD_4x64(_mm256_srli_epi64(m_simd, SHIFT)); 155| 11.9k| } _ZNK5Botan9SIMD_4x644rotrILm19EEES0_vQaagtT_Li0EltT_Li64E: 116| 11.9k| { 117| |#if defined(__AVX512VL__) 118| | return SIMD_4x64(_mm256_ror_epi64(m_simd, ROT)); 119| |#else 120| | if constexpr(ROT == 8) { 121| | auto shuf_rot_8 = 122| | _mm256_set_epi64x(0x080f0e0d0c0b0a09, 0x0007060504030201, 0x080f0e0d0c0b0a09, 0x0007060504030201); 123| | 124| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_8)); 125| | } else if constexpr(ROT == 16) { 126| | auto shuf_rot_16 = 127| | _mm256_set_epi64x(0x09080f0e0d0c0b0a, 0x0100070605040302, 0x09080f0e0d0c0b0a, 0x0100070605040302); 128| | 129| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_16)); 130| | } else if constexpr(ROT == 24) { 131| | auto shuf_rot_24 = 132| | _mm256_set_epi64x(0x0a09080f0e0d0c0b, 0x0201000706050403, 0x0a09080f0e0d0c0b, 0x0201000706050403); 133| | 134| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_24)); 135| | } else if constexpr(ROT == 32) { 136| | auto shuf_rot_32 = 137| | _mm256_set_epi64x(0x0b0a09080f0e0d0c, 0x0302010007060504, 0x0b0a09080f0e0d0c, 0x0302010007060504); 138| | 139| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_32)); 140| 11.9k| } else { 141| 11.9k| return SIMD_4x64(_mm256_or_si256(_mm256_srli_epi64(m_simd, static_cast(ROT)), 142| 11.9k| _mm256_slli_epi64(m_simd, static_cast(64 - ROT)))); 143| 11.9k| } 144| 11.9k|#endif 145| 11.9k| } _ZNK5Botan9SIMD_4x644rotrILm61EEES0_vQaagtT_Li0EltT_Li64E: 116| 11.9k| { 117| |#if defined(__AVX512VL__) 118| | return SIMD_4x64(_mm256_ror_epi64(m_simd, ROT)); 119| |#else 120| | if constexpr(ROT == 8) { 121| | auto shuf_rot_8 = 122| | _mm256_set_epi64x(0x080f0e0d0c0b0a09, 0x0007060504030201, 0x080f0e0d0c0b0a09, 0x0007060504030201); 123| | 124| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_8)); 125| | } else if constexpr(ROT == 16) { 126| | auto shuf_rot_16 = 127| | _mm256_set_epi64x(0x09080f0e0d0c0b0a, 0x0100070605040302, 0x09080f0e0d0c0b0a, 0x0100070605040302); 128| | 129| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_16)); 130| | } else if constexpr(ROT == 24) { 131| | auto shuf_rot_24 = 132| | _mm256_set_epi64x(0x0a09080f0e0d0c0b, 0x0201000706050403, 0x0a09080f0e0d0c0b, 0x0201000706050403); 133| | 134| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_24)); 135| | } else if constexpr(ROT == 32) { 136| | auto shuf_rot_32 = 137| | _mm256_set_epi64x(0x0b0a09080f0e0d0c, 0x0302010007060504, 0x0b0a09080f0e0d0c, 0x0302010007060504); 138| | 139| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_32)); 140| 11.9k| } else { 141| 11.9k| return SIMD_4x64(_mm256_or_si256(_mm256_srli_epi64(m_simd, static_cast(ROT)), 142| 11.9k| _mm256_slli_epi64(m_simd, static_cast(64 - ROT)))); 143| 11.9k| } 144| 11.9k|#endif 145| 11.9k| } _ZNK5Botan9SIMD_4x643shrILi6EEES0_v: 153| 11.9k| SIMD_4x64 BOTAN_FN_ISA_SIMD_4X64 shr() const noexcept { 154| 11.9k| return SIMD_4x64(_mm256_srli_epi64(m_simd, SHIFT)); 155| 11.9k| } _ZN5Botan9SIMD_8x32C2Ejjjjjjjj: 46| 5.67k| uint32_t B7) noexcept { 47| | // NOLINTNEXTLINE(*-prefer-member-initializer) 48| 5.67k| m_avx2 = _mm256_set_epi32(B7, B6, B5, B4, B3, B2, B1, B0); 49| 5.67k| } _ZN5Botan9SIMD_8x32C2Ejjjj: 52| 16| explicit SIMD_8x32(uint32_t B0, uint32_t B1, uint32_t B2, uint32_t B3) noexcept { 53| | // NOLINTNEXTLINE(*-prefer-member-initializer) 54| 16| m_avx2 = _mm256_set_epi32(B3, B2, B1, B0, B3, B2, B1, B0); 55| 16| } _ZN5Botan9SIMD_8x325splatEj: 58| 90.0k| static SIMD_8x32 splat(uint32_t B) noexcept { return SIMD_8x32(_mm256_set1_epi32(B)); } _ZN5Botan9SIMD_8x327load_leEPKh: 61| 1.34k| static SIMD_8x32 load_le(const uint8_t* in) noexcept { 62| 1.34k| return SIMD_8x32(_mm256_loadu_si256(reinterpret_cast(in))); 63| 1.34k| } _ZN5Botan9SIMD_8x3210load_le128EPKh: 71| 16| static SIMD_8x32 load_le128(const uint8_t* in) noexcept { 72| 16| return SIMD_8x32(_mm256_broadcastsi128_si256(_mm_loadu_si128(reinterpret_cast(in)))); 73| 16| } _ZNK5Botan9SIMD_8x328store_leEPh: 84| 46.3k| void store_le(uint8_t out[]) const noexcept { _mm256_storeu_si256(reinterpret_cast<__m256i*>(out), m_avx2); } _ZNK5Botan9SIMD_8x32plERKS0_: 164| 11.2k| SIMD_8x32 operator+(const SIMD_8x32& other) const noexcept { 165| 11.2k| SIMD_8x32 retval(*this); 166| 11.2k| retval += other; 167| 11.2k| return retval; 168| 11.2k| } _ZN5Botan9SIMD_8x32pLERKS0_: 199| 957k| void operator+=(const SIMD_8x32& other) { m_avx2 = _mm256_add_epi32(m_avx2, other.m_avx2); } _ZN5Botan9SIMD_8x32eOERKS0_: 205| 901k| void operator^=(const SIMD_8x32& other) { m_avx2 = _mm256_xor_si256(m_avx2, other.m_avx2); } _ZN5Botan9SIMD_8x329transposeERS0_S1_S1_S1_: 264| 11.2k| static void transpose(SIMD_8x32& B0, SIMD_8x32& B1, SIMD_8x32& B2, SIMD_8x32& B3) noexcept { 265| 11.2k| const __m256i T0 = _mm256_unpacklo_epi32(B0.m_avx2, B1.m_avx2); 266| 11.2k| const __m256i T1 = _mm256_unpacklo_epi32(B2.m_avx2, B3.m_avx2); 267| 11.2k| const __m256i T2 = _mm256_unpackhi_epi32(B0.m_avx2, B1.m_avx2); 268| 11.2k| const __m256i T3 = _mm256_unpackhi_epi32(B2.m_avx2, B3.m_avx2); 269| | 270| 11.2k| B0.m_avx2 = _mm256_unpacklo_epi64(T0, T1); 271| 11.2k| B1.m_avx2 = _mm256_unpackhi_epi64(T0, T1); 272| 11.2k| B2.m_avx2 = _mm256_unpacklo_epi64(T2, T3); 273| 11.2k| B3.m_avx2 = _mm256_unpackhi_epi64(T2, T3); 274| 11.2k| } _ZN5Botan9SIMD_8x329transposeERS0_S1_S1_S1_S1_S1_S1_S1_: 302| 5.63k| SIMD_8x32& B7) noexcept { 303| 5.63k| transpose(B0, B1, B2, B3); 304| 5.63k| transpose(B4, B5, B6, B7); 305| | 306| 5.63k| swap_tops(B0, B4); 307| 5.63k| swap_tops(B1, B5); 308| 5.63k| swap_tops(B2, B6); 309| 5.63k| swap_tops(B3, B7); 310| 5.63k| } _ZN5Botan9SIMD_8x3212byte_shuffleERKS0_S2_: 330| 688| static inline SIMD_8x32 BOTAN_FN_ISA_AVX2 byte_shuffle(const SIMD_8x32& tbl, const SIMD_8x32& idx) { 331| 688| return SIMD_8x32(_mm256_shuffle_epi8(tbl.raw(), idx.raw())); 332| 688| } _ZN5Botan9SIMD_8x3215reset_registersEv: 335| 2.81k| static void reset_registers() noexcept { _mm256_zeroupper(); } _ZN5Botan9SIMD_8x3214zero_registersEv: 338| 2.81k| static void zero_registers() noexcept { _mm256_zeroall(); } _ZNK5Botan9SIMD_8x323rawEv: 340| 91.4k| __m256i BOTAN_FN_ISA_AVX2 raw() const noexcept { return m_avx2; } _ZN5Botan9SIMD_8x32C2EDv4_x: 343| 1.03M| explicit SIMD_8x32(__m256i x) noexcept : m_avx2(x) {} _ZN5Botan9SIMD_8x329swap_topsERS0_S1_: 347| 22.5k| static void swap_tops(SIMD_8x32& A, SIMD_8x32& B) { 348| 22.5k| auto T0 = SIMD_8x32(_mm256_permute2x128_si256(A.raw(), B.raw(), 0 + (2 << 4))); 349| | auto T1 = SIMD_8x32(_mm256_permute2x128_si256(A.raw(), B.raw(), 1 + (3 << 4))); 350| 22.5k| A = T0; 351| 22.5k| B = T1; 352| 22.5k| } _ZNK5Botan9SIMD_8x324rotlILm7EEES0_vQaagtT_Li0EltT_Li32E: 118| 225k| { 119| |#if defined(__AVX512VL__) 120| | return SIMD_8x32(_mm256_rol_epi32(m_avx2, ROT)); 121| |#else 122| | if constexpr(ROT == 8) { 123| | const __m256i shuf_rotl_8 = 124| | _mm256_set_epi64x(0x0e0d0c0f'0a09080b, 0x06050407'02010003, 0x0e0d0c0f'0a09080b, 0x06050407'02010003); 125| | 126| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_8)); 127| | } else if constexpr(ROT == 16) { 128| | const __m256i shuf_rotl_16 = 129| | _mm256_set_epi64x(0x0d0c0f0e'09080b0a, 0x05040706'01000302, 0x0d0c0f0e'09080b0a, 0x05040706'01000302); 130| | 131| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_16)); 132| | } else if constexpr(ROT == 24) { 133| | const __m256i shuf_rotl_24 = 134| | _mm256_set_epi64x(0x0c0f0e0d'080b0a09, 0x04070605'00030201, 0x0c0f0e0d'080b0a09, 0x04070605'00030201); 135| | 136| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_24)); 137| 225k| } else { 138| 225k| return SIMD_8x32(_mm256_xor_si256(_mm256_slli_epi32(m_avx2, static_cast(ROT)), 139| 225k| _mm256_srli_epi32(m_avx2, static_cast(32 - ROT)))); 140| 225k| } 141| 225k|#endif 142| 225k| } _ZNK5Botan9SIMD_8x324rotlILm16EEES0_vQaagtT_Li0EltT_Li32E: 118| 225k| { 119| |#if defined(__AVX512VL__) 120| | return SIMD_8x32(_mm256_rol_epi32(m_avx2, ROT)); 121| |#else 122| | if constexpr(ROT == 8) { 123| | const __m256i shuf_rotl_8 = 124| | _mm256_set_epi64x(0x0e0d0c0f'0a09080b, 0x06050407'02010003, 0x0e0d0c0f'0a09080b, 0x06050407'02010003); 125| | 126| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_8)); 127| 225k| } else if constexpr(ROT == 16) { 128| 225k| const __m256i shuf_rotl_16 = 129| 225k| _mm256_set_epi64x(0x0d0c0f0e'09080b0a, 0x05040706'01000302, 0x0d0c0f0e'09080b0a, 0x05040706'01000302); 130| | 131| 225k| return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_16)); 132| | } else if constexpr(ROT == 24) { 133| | const __m256i shuf_rotl_24 = 134| | _mm256_set_epi64x(0x0c0f0e0d'080b0a09, 0x04070605'00030201, 0x0c0f0e0d'080b0a09, 0x04070605'00030201); 135| | 136| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_24)); 137| | } else { 138| | return SIMD_8x32(_mm256_xor_si256(_mm256_slli_epi32(m_avx2, static_cast(ROT)), 139| | _mm256_srli_epi32(m_avx2, static_cast(32 - ROT)))); 140| | } 141| 225k|#endif 142| 225k| } _ZNK5Botan9SIMD_8x324rotlILm12EEES0_vQaagtT_Li0EltT_Li32E: 118| 225k| { 119| |#if defined(__AVX512VL__) 120| | return SIMD_8x32(_mm256_rol_epi32(m_avx2, ROT)); 121| |#else 122| | if constexpr(ROT == 8) { 123| | const __m256i shuf_rotl_8 = 124| | _mm256_set_epi64x(0x0e0d0c0f'0a09080b, 0x06050407'02010003, 0x0e0d0c0f'0a09080b, 0x06050407'02010003); 125| | 126| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_8)); 127| | } else if constexpr(ROT == 16) { 128| | const __m256i shuf_rotl_16 = 129| | _mm256_set_epi64x(0x0d0c0f0e'09080b0a, 0x05040706'01000302, 0x0d0c0f0e'09080b0a, 0x05040706'01000302); 130| | 131| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_16)); 132| | } else if constexpr(ROT == 24) { 133| | const __m256i shuf_rotl_24 = 134| | _mm256_set_epi64x(0x0c0f0e0d'080b0a09, 0x04070605'00030201, 0x0c0f0e0d'080b0a09, 0x04070605'00030201); 135| | 136| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_24)); 137| 225k| } else { 138| 225k| return SIMD_8x32(_mm256_xor_si256(_mm256_slli_epi32(m_avx2, static_cast(ROT)), 139| 225k| _mm256_srli_epi32(m_avx2, static_cast(32 - ROT)))); 140| 225k| } 141| 225k|#endif 142| 225k| } _ZNK5Botan9SIMD_8x324rotlILm8EEES0_vQaagtT_Li0EltT_Li32E: 118| 225k| { 119| |#if defined(__AVX512VL__) 120| | return SIMD_8x32(_mm256_rol_epi32(m_avx2, ROT)); 121| |#else 122| 225k| if constexpr(ROT == 8) { 123| 225k| const __m256i shuf_rotl_8 = 124| 225k| _mm256_set_epi64x(0x0e0d0c0f'0a09080b, 0x06050407'02010003, 0x0e0d0c0f'0a09080b, 0x06050407'02010003); 125| | 126| 225k| return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_8)); 127| | } else if constexpr(ROT == 16) { 128| | const __m256i shuf_rotl_16 = 129| | _mm256_set_epi64x(0x0d0c0f0e'09080b0a, 0x05040706'01000302, 0x0d0c0f0e'09080b0a, 0x05040706'01000302); 130| | 131| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_16)); 132| | } else if constexpr(ROT == 24) { 133| | const __m256i shuf_rotl_24 = 134| | _mm256_set_epi64x(0x0c0f0e0d'080b0a09, 0x04070605'00030201, 0x0c0f0e0d'080b0a09, 0x04070605'00030201); 135| | 136| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_24)); 137| | } else { 138| | return SIMD_8x32(_mm256_xor_si256(_mm256_slli_epi32(m_avx2, static_cast(ROT)), 139| | _mm256_srli_epi32(m_avx2, static_cast(32 - ROT)))); 140| | } 141| 225k|#endif 142| 225k| } _ZN5Botan12value_existsINSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS1_17basic_string_viewIcS4_EEEEbRKNS1_6vectorIT_NS5_ISB_EEEERKT0_: 44| 110k|bool value_exists(const std::vector& vec, const V& val) { 45| 204k| for(const auto& elem : vec) { ------------------ | Branch (45:25): [True: 204k, False: 0] ------------------ 46| 204k| if(elem == val) { ------------------ | Branch (46:10): [True: 110k, False: 93.9k] ------------------ 47| 110k| return true; 48| 110k| } 49| 204k| } 50| 0| return false; 51| 110k|} _ZN5Botan12value_existsINS_3TLS12Group_ParamsES2_EEbRKNSt3__16vectorIT_NS3_9allocatorIS5_EEEERKT0_: 44| 47.6k|bool value_exists(const std::vector& vec, const V& val) { 45| 49.5k| for(const auto& elem : vec) { ------------------ | Branch (45:25): [True: 49.5k, False: 41.9k] ------------------ 46| 49.5k| if(elem == val) { ------------------ | Branch (46:10): [True: 5.69k, False: 43.8k] ------------------ 47| 5.69k| return true; 48| 5.69k| } 49| 49.5k| } 50| 41.9k| return false; 51| 47.6k|} _ZN5Botan12value_existsINSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEES7_EEbRKNS1_6vectorIT_NS5_IS9_EEEERKT0_: 44| 16|bool value_exists(const std::vector& vec, const V& val) { 45| 16| for(const auto& elem : vec) { ------------------ | Branch (45:25): [True: 16, False: 2] ------------------ 46| 16| if(elem == val) { ------------------ | Branch (46:10): [True: 14, False: 2] ------------------ 47| 14| return true; 48| 14| } 49| 16| } 50| 2| return false; 51| 16|} _ZN5Botan12value_existsINS_3TLS16Signature_SchemeES2_EEbRKNSt3__16vectorIT_NS3_9allocatorIS5_EEEERKT0_: 44| 16.7k|bool value_exists(const std::vector& vec, const V& val) { 45| 126k| for(const auto& elem : vec) { ------------------ | Branch (45:25): [True: 126k, False: 13.3k] ------------------ 46| 126k| if(elem == val) { ------------------ | Branch (46:10): [True: 3.35k, False: 122k] ------------------ 47| 3.35k| return true; 48| 3.35k| } 49| 126k| } 50| 13.3k| return false; 51| 16.7k|} _ZN5Botan12value_existsINS_3TLS16Protocol_VersionES2_EEbRKNSt3__16vectorIT_NS3_9allocatorIS5_EEEERKT0_: 44| 421|bool value_exists(const std::vector& vec, const V& val) { 45| 1.35k| for(const auto& elem : vec) { ------------------ | Branch (45:25): [True: 1.35k, False: 36] ------------------ 46| 1.35k| if(elem == val) { ------------------ | Branch (46:10): [True: 385, False: 969] ------------------ 47| 385| return true; 48| 385| } 49| 1.35k| } 50| 36| return false; 51| 421|} _ZN5Botan12value_existsIhhEEbRKNSt3__16vectorIT_NS1_9allocatorIS3_EEEERKT0_: 44| 12.3k|bool value_exists(const std::vector& vec, const V& val) { 45| 13.7k| for(const auto& elem : vec) { ------------------ | Branch (45:25): [True: 13.7k, False: 34] ------------------ 46| 13.7k| if(elem == val) { ------------------ | Branch (46:10): [True: 12.3k, False: 1.41k] ------------------ 47| 12.3k| return true; 48| 12.3k| } 49| 13.7k| } 50| 34| return false; 51| 12.3k|} tls_channel_impl_12.cpp:_ZN5Botan13map_remove_ifINSt3__13mapItNS1_10shared_ptrINS_3TLS23Connection_Cipher_StateEEENS1_4lessItEENS1_9allocatorINS1_4pairIKtS6_EEEEEEZNS4_15Channel_Impl_1216activate_sessionEvE3$_0EEvT0_RT_: 54| 208|void map_remove_if(Pred pred, T& assoc) { 55| 208| auto i = assoc.begin(); 56| 624| while(i != assoc.end()) { ------------------ | Branch (56:10): [True: 416, False: 208] ------------------ 57| 416| if(pred(i->first)) { ------------------ | Branch (57:10): [True: 208, False: 208] ------------------ 58| 208| assoc.erase(i++); 59| 208| } else { 60| 208| i++; 61| 208| } 62| 416| } 63| 208|} _ZN5Botan12holds_any_ofIJNS_3TLS20Client_Hello_12_ShimENS1_15Client_Hello_13ENS1_15Server_Hello_13ENS1_19Hello_Retry_RequestENS1_11Finished_13EEJS3_S2_S4_NS1_20Server_Hello_12_ShimES5_NS1_20Encrypted_ExtensionsENS1_14Certificate_13ENS1_22Certificate_Request_13ENS1_21Certificate_Verify_13ES6_EEEbRKNSt3__17variantIJDpT0_EEE: 66| 3.87k|constexpr bool holds_any_of(const std::variant& v) noexcept { 67| 5.16k| return (std::holds_alternative(v) || ...); ------------------ | Branch (67:12): [True: 0, False: 184] | Branch (67:12): [True: 15, False: 169] | Branch (67:12): [True: 0, False: 184] | Branch (67:12): [True: 0, False: 184] | Branch (67:12): [True: 3.69k, False: 184] ------------------ 68| 3.87k|} _ZN5Botan13generalize_toINSt3__17variantIJNS_3TLS15Client_Hello_13ENS3_20Client_Hello_12_ShimENS3_15Server_Hello_13ENS3_20Server_Hello_12_ShimENS3_19Hello_Retry_RequestENS3_20Encrypted_ExtensionsENS3_14Certificate_13ENS3_22Certificate_Request_13ENS3_21Certificate_Verify_13ENS3_11Finished_13EEEEJS4_S5_EEET_NS2_IJDpT0_EEE: 102| 3.69k|constexpr GeneralVariantT generalize_to(std::variant specific) { 103| 3.69k| static_assert( 104| 3.69k| is_generalizable_to(specific), 105| 3.69k| "Desired general type must be implicitly constructible by all types of the specialized std::variant<>"); 106| 3.69k| return std::visit([](auto s) -> GeneralVariantT { return s; }, std::move(specific)); 107| 3.69k|} _ZZN5Botan13generalize_toINSt3__17variantIJNS_3TLS15Client_Hello_13ENS3_20Client_Hello_12_ShimENS3_15Server_Hello_13ENS3_20Server_Hello_12_ShimENS3_19Hello_Retry_RequestENS3_20Encrypted_ExtensionsENS3_14Certificate_13ENS3_22Certificate_Request_13ENS3_21Certificate_Verify_13ENS3_11Finished_13EEEEJS4_S5_EEET_NS2_IJDpT0_EEEENKUlSF_E_clIS5_EESE_SF_: 106| 3.69k| return std::visit([](auto s) -> GeneralVariantT { return s; }, std::move(specific)); _ZN5Botan13generalize_toINSt3__17variantIJNS_3TLS15Client_Hello_13ENS3_20Client_Hello_12_ShimENS3_15Server_Hello_13ENS3_20Server_Hello_12_ShimENS3_19Hello_Retry_RequestENS3_20Encrypted_ExtensionsENS3_14Certificate_13ENS3_22Certificate_Request_13ENS3_21Certificate_Verify_13ENS3_11Finished_13EEEEJS8_S6_S7_EEET_NS2_IJDpT0_EEE: 102| 23|constexpr GeneralVariantT generalize_to(std::variant specific) { 103| 23| static_assert( 104| 23| is_generalizable_to(specific), 105| 23| "Desired general type must be implicitly constructible by all types of the specialized std::variant<>"); 106| 23| return std::visit([](auto s) -> GeneralVariantT { return s; }, std::move(specific)); 107| 23|} _ZZN5Botan13generalize_toINSt3__17variantIJNS_3TLS15Client_Hello_13ENS3_20Client_Hello_12_ShimENS3_15Server_Hello_13ENS3_20Server_Hello_12_ShimENS3_19Hello_Retry_RequestENS3_20Encrypted_ExtensionsENS3_14Certificate_13ENS3_22Certificate_Request_13ENS3_21Certificate_Verify_13ENS3_11Finished_13EEEEJS8_S6_S7_EEET_NS2_IJDpT0_EEEENKUlSF_E_clIS7_EESE_SF_: 106| 23| return std::visit([](auto s) -> GeneralVariantT { return s; }, std::move(specific)); _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode8tag_sizeEv: 43| 1.47k| size_t tag_size() const final { return m_tag_size; } _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode7iv_sizeEv: 74| 87| size_t iv_size() const { return m_iv_size; } _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode10block_sizeEv: 76| 942| size_t block_size() const { return m_block_size; } _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode20use_encrypt_then_macEv: 78| 755| bool use_encrypt_then_mac() const { return m_use_encrypt_then_mac; } _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode20is_datagram_protocolEv: 80| 102| bool is_datagram_protocol() const { return m_is_datagram; } _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode3cbcEv: 82| 649| Cipher_Mode& cbc() const { return *m_cbc; } _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode3macEv: 84| 1.08k| MessageAuthenticationCode& mac() const { return *m_mac; } _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode9cbc_stateEv: 86| 438| secure_vector& cbc_state() { return m_cbc_state; } _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode10assoc_dataEv: 88| 179| std::vector& assoc_data() { return m_ad; } _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode3msgEv: 90| 446| secure_vector& msg() { return m_msg; } _ZNK5Botan3TLS28TLS_CBC_HMAC_AEAD_Decryption18minimum_final_sizeEv: 159| 117| size_t minimum_final_size() const override { return tag_size(); } _ZNK5Botan3TLS12Channel_Impl17expects_downgradeEv: 276| 19.4k| bool expects_downgrade() const { return m_downgrade_info != nullptr; } _ZN5Botan3TLS12Channel_Impl18set_io_buffer_sizeEm: 237| 5.69k| void set_io_buffer_size(size_t io_buf_sz) { 238| 5.69k| BOTAN_STATE_CHECK(m_downgrade_info); ------------------ | | 51| 5.69k| do { \ | | 52| 5.69k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 5.69k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 5.69k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 5.69k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 5.69k] | | ------------------ ------------------ 239| 5.69k| m_downgrade_info->io_buffer_size = io_buf_sz; 240| 5.69k| } _ZNK5Botan3TLS12Channel_Impl14is_downgradingEv: 269| 15.5k| bool is_downgrading() const { return m_downgrade_info && m_downgrade_info->will_downgrade; } ------------------ | Branch (269:44): [True: 15.0k, False: 435] | Branch (269:64): [True: 7.35k, False: 7.72k] ------------------ _ZN5Botan3TLS12Channel_Impl22extract_downgrade_infoEv: 274| 3.67k| std::unique_ptr extract_downgrade_info() { return std::exchange(m_downgrade_info, {}); } _ZN5Botan3TLS12Channel_Impl18send_warning_alertENS0_9AlertTypeE: 66| 669| void send_warning_alert(Alert::Type type) { send_alert(Alert(type, false)); } _ZN5Botan3TLS12Channel_Impl16send_fatal_alertENS0_9AlertTypeE: 71| 4.71k| void send_fatal_alert(Alert::Type type) { send_alert(Alert(type, true)); } _ZN5Botan3TLS12Channel_Impl5closeEv: 76| 18| void close() { send_warning_alert(Alert::CloseNotify); } _ZN5Botan3TLS12Channel_Impl24preserve_peer_transcriptENSt3__14spanIKhLm18446744073709551615EEE: 224| 5.69k| void preserve_peer_transcript(std::span input) { 225| 5.69k| BOTAN_STATE_CHECK(m_downgrade_info); ------------------ | | 51| 5.69k| do { \ | | 52| 5.69k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 5.69k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 5.69k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 5.69k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 5.69k] | | ------------------ ------------------ 226| 5.69k| m_downgrade_info->peer_transcript.insert(m_downgrade_info->peer_transcript.end(), input.begin(), input.end()); 227| 5.69k| } _ZN5Botan3TLS12Channel_Impl17request_downgradeEv: 250| 3.67k| void request_downgrade() { 251| 3.67k| BOTAN_STATE_CHECK(m_downgrade_info && !m_downgrade_info->will_downgrade); ------------------ | | 51| 3.67k| do { \ | | 52| 3.67k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 7.35k| if(!(expr)) { \ | | ------------------ | | | Branch (53:12): [True: 3.67k, False: 0] | | | Branch (53:12): [True: 3.67k, False: 0] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 3.67k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 3.67k] | | ------------------ ------------------ 252| 3.67k| m_downgrade_info->will_downgrade = true; 253| 3.67k| } _ZN5Botan3TLS12Channel_ImplC2Ev: 185| 10.1k| Channel_Impl() = default; _ZN5Botan3TLS12Channel_ImplD2Ev: 36| 10.1k| virtual ~Channel_Impl() = default; _ZNK5Botan3TLS15Channel_Impl_1212active_stateEv: 153| 28.0k| const std::optional& active_state() const { return m_active_state; } _ZN5Botan3TLS15Channel_Impl_123rngEv: 179| 11.1k| RandomNumberGenerator& rng() { return *m_rng; } _ZN5Botan3TLS15Channel_Impl_1215session_managerEv: 181| 3.10k| Session_Manager& session_manager() { return *m_session_manager; } _ZNK5Botan3TLS15Channel_Impl_126policyEv: 183| 83.8k| const Policy& policy() const { return *m_policy; } _ZNK5Botan3TLS15Channel_Impl_129callbacksEv: 185| 46.3k| Callbacks& callbacks() const { return *m_callbacks; } _ZNK5Botan3TLS15Channel_Impl_1213pending_stateEv: 209| 38.8k| const Handshake_State* pending_state() const { return m_pending_state.get(); } _ZN5Botan3TLS15Channel_Impl_1311prepend_ccsEv: 232| 1.86k| virtual bool prepend_ccs() { return false; } _ZNK5Botan3TLS15Channel_Impl_139callbacksEv: 267| 6.54k| Callbacks& callbacks() const { return *m_callbacks; } _ZNK5Botan3TLS15Channel_Impl_136policyEv: 275| 10.6k| const Policy& policy() const { return *m_policy; } _ZN5Botan3TLS13Secret_LoggerD2Ev: 34| 5.69k| virtual ~Secret_Logger() = default; _ZNK5Botan3TLS26Active_Connection_State_127versionEv: 47| 85| Protocol_Version version() const { return m_version; } _ZNK5Botan3TLS26Active_Connection_State_1210session_idEv: 61| 85| const Session_ID& session_id() const { return m_session_id; } _ZN5Botan3TLS14Handshake_Hash6updateERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 23| 23.6k| void update(const std::vector& in) { m_data += in; } _ZN5Botan3TLS14Handshake_Hash5resetEv: 29| 9.14k| void reset() { m_data.clear(); } _ZN5Botan3TLS19Stream_Handshake_IOC2ENSt3__18functionIFvNS0_11Record_TypeERKNS2_6vectorIhNS2_9allocatorIhEEEEEEE: 86| 3.67k| explicit Stream_Handshake_IO(writer_fn writer) : m_send_hs(std::move(writer)) {} _ZNK5Botan3TLS19Stream_Handshake_IO14have_more_dataEv: 92| 12.6k| bool have_more_data() const override { return !m_queue.empty(); } _ZN5Botan3TLS21Datagram_Handshake_IOC2ENSt3__18functionIFvtNS0_11Record_TypeERKNS2_6vectorIhNS2_9allocatorIhEEEEEEERNS0_27Connection_Sequence_NumbersEtmmm: 124| 569| m_seqs(seq), 125| 569| m_flights(1), 126| 569| m_initial_timeout(initial_timeout_ms), 127| 569| m_max_timeout(max_timeout_ms), 128| 569| m_send_hs(std::move(writer)), 129| 569| m_mtu(mtu), 130| 569| m_max_handshake_msg_size(max_handshake_msg_size) {} _ZNK5Botan3TLS21Datagram_Handshake_IO20Handshake_Reassembly10msg_lengthEv: 184| 88| size_t msg_length() const { return m_msg_length; } _ZN5Botan3TLS12Handshake_IOC2Ev: 69| 4.24k| Handshake_IO() = default; _ZN5Botan3TLS12Handshake_IOD2Ev: 76| 4.24k| virtual ~Handshake_IO() = default; _ZN5Botan3TLS15Handshake_LayerC2ENS0_15Connection_SideE: 31| 5.69k| m_peer(whoami == Connection_Side::Server ? Connection_Side::Client : Connection_Side::Server) ------------------ | Branch (31:20): [True: 5.69k, False: 0] ------------------ 32| | // RFC 8446 4.4.2 33| | // If the corresponding certificate type extension 34| | // ("server_certificate_type" or "client_certificate_type") was not 35| | // negotiated in EncryptedExtensions, or the X.509 certificate type 36| | // was negotiated, then each CertificateEntry contains a DER-encoded 37| | // X.509 certificate. 38| | // 39| | // We need the certificate_type info to parse Certificate messages. 40| | , 41| 5.69k| m_certificate_type(Certificate_Type::X509) {} _ZNK5Botan3TLS15Handshake_Layer16has_pending_dataEv: 95| 4.70k| bool has_pending_data() const { return m_read_offset < m_read_buffer.size(); } _ZN5Botan3TLS15Handshake_State12handshake_ioEv: 71| 63.6k| Handshake_IO& handshake_io() { return *m_handshake_io; } _ZNK5Botan3TLS15Handshake_State12client_helloEv: 135| 96.8k| const Client_Hello_12* client_hello() const { return m_client_hello.get(); } _ZNK5Botan3TLS15Handshake_State12client_certsEv: 147| 208| const Certificate_12* client_certs() const { return m_client_certs.get(); } _ZNK5Botan3TLS15Handshake_State12session_keysEv: 169| 823| const Session_Keys& session_keys() const { return m_session_keys; } _ZN5Botan3TLS15Handshake_State4hashEv: 177| 32.8k| Handshake_Hash& hash() { return m_handshake_hash; } _ZNK5Botan3TLS15Handshake_State15client_finishedEv: 161| 208| const Finished_12* client_finished() const { return m_client_finished.get(); } _ZNK5Botan3TLS15Handshake_State15server_finishedEv: 159| 208| const Finished_12* server_finished() const { return m_server_finished.get(); } _ZNK5Botan3TLS15Handshake_State12server_helloEv: 137| 23.5k| const Server_Hello_12* server_hello() const { return m_server_hello.get(); } _ZNK5Botan3TLS15Handshake_State18new_session_ticketEv: 157| 104| const New_Session_Ticket_12* new_session_ticket() const { return m_new_session_ticket.get(); } _ZNK5Botan3TLS15Handshake_State7versionEv: 110| 30.0k| Protocol_Version version() const { return m_version; } _ZNK5Botan3TLS15Handshake_State12server_certsEv: 139| 3| const Certificate_12* server_certs() const { return m_server_certs.get(); } _ZNK5Botan3TLS15Handshake_State10server_kexEv: 141| 4.42k| const Server_Key_Exchange* server_kex() const { return m_server_kex.get(); } _ZNK5Botan3TLS15Handshake_State10client_kexEv: 149| 2.70k| const Client_Key_Exchange* client_kex() const { return m_client_kex.get(); } _ZNK5Botan3TLS15Handshake_State9callbacksEv: 171| 5.00k| Callbacks& callbacks() const { return m_callbacks; } _ZNK5Botan3TLS15Handshake_State4hashEv: 179| 1.55k| const Handshake_Hash& hash() const { return m_handshake_hash; } _ZNK5Botan3TLS8Internal23Handshake_State_13_Base16has_client_helloEv: 24| 1| bool has_client_hello() const { return m_client_hello.has_value(); } _ZNK5Botan3TLS8Internal23Handshake_State_13_Base23has_hello_retry_requestEv: 32| 3.67k| bool has_hello_retry_request() const { return m_hello_retry_request.has_value(); } _ZNK5Botan3TLS8Internal23Handshake_State_13_Base19has_client_finishedEv: 38| 10.6k| bool has_client_finished() const { return m_client_finished.has_value(); } _ZN5Botan3TLS8Internal23Handshake_State_13_BaseC2ENS0_15Connection_SideE: 76| 5.69k| explicit Handshake_State_13_Base(Connection_Side whoami) : m_side(whoami) {} _ZN5Botan3TLS18Handshake_State_13ILNS0_15Connection_SideE2ENSt3__17variantIJNS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEENS4_IJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimES9_SB_SC_EEENS4_IJNS0_10Key_UpdateEEEEE8receivedENS4_IJSE_SF_S5_S6_S7_S8_S9_SA_SB_SC_EEE: 162| 3.85k| decltype(auto) received(Handshake_Message_13 message) { 163| 3.85k| return std::visit( 164| 3.85k| [&](auto msg) -> detail::as_wrapped_references_t { 165| 3.85k| if constexpr(std::is_constructible_v) { 166| 3.85k| return std::reference_wrapper(store(std::move(msg), true)); 167| 3.85k| } else { 168| 3.85k| throw TLS_Exception(AlertType::UnexpectedMessage, "received an illegal handshake message"); 169| 3.85k| } 170| 3.85k| }, 171| 3.85k| std::move(message)); 172| 3.85k| } _ZZN5Botan3TLS18Handshake_State_13ILNS0_15Connection_SideE2ENSt3__17variantIJNS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEENS4_IJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimES9_SB_SC_EEENS4_IJNS0_10Key_UpdateEEEEE8receivedENS4_IJSE_SF_S5_S6_S7_S8_S9_SA_SB_SC_EEEENKUlT_E_clISF_EENS4_IJNS3_17reference_wrapperISE_EENSO_ISF_EENSO_IS9_EENSO_ISB_EENSO_ISC_EEEEESL_: 164| 3.67k| [&](auto msg) -> detail::as_wrapped_references_t { 165| 3.67k| if constexpr(std::is_constructible_v) { 166| 3.67k| return std::reference_wrapper(store(std::move(msg), true)); 167| | } else { 168| | throw TLS_Exception(AlertType::UnexpectedMessage, "received an illegal handshake message"); 169| | } 170| 3.67k| }, _ZZN5Botan3TLS18Handshake_State_13ILNS0_15Connection_SideE2ENSt3__17variantIJNS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEENS4_IJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimES9_SB_SC_EEENS4_IJNS0_10Key_UpdateEEEEE8receivedENS4_IJSE_SF_S5_S6_S7_S8_S9_SA_SB_SC_EEEENKUlT_E_clIS6_EENS4_IJNS3_17reference_wrapperISE_EENSO_ISF_EENSO_IS9_EENSO_ISB_EENSO_ISC_EEEEESL_: 164| 23| [&](auto msg) -> detail::as_wrapped_references_t { 165| | if constexpr(std::is_constructible_v) { 166| | return std::reference_wrapper(store(std::move(msg), true)); 167| 23| } else { 168| 23| throw TLS_Exception(AlertType::UnexpectedMessage, "received an illegal handshake message"); 169| 23| } 170| 23| }, _ZZN5Botan3TLS18Handshake_State_13ILNS0_15Connection_SideE2ENSt3__17variantIJNS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEENS4_IJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimES9_SB_SC_EEENS4_IJNS0_10Key_UpdateEEEEE8receivedENS4_IJSE_SF_S5_S6_S7_S8_S9_SA_SB_SC_EEEENKUlT_E_clIS8_EENS4_IJNS3_17reference_wrapperISE_EENSO_ISF_EENSO_IS9_EENSO_ISB_EENSO_ISC_EEEEESL_: 164| 138| [&](auto msg) -> detail::as_wrapped_references_t { 165| | if constexpr(std::is_constructible_v) { 166| | return std::reference_wrapper(store(std::move(msg), true)); 167| 138| } else { 168| 138| throw TLS_Exception(AlertType::UnexpectedMessage, "received an illegal handshake message"); 169| 138| } 170| 138| }, _ZZN5Botan3TLS18Handshake_State_13ILNS0_15Connection_SideE2ENSt3__17variantIJNS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEENS4_IJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimES9_SB_SC_EEENS4_IJNS0_10Key_UpdateEEEEE8receivedENS4_IJSE_SF_S5_S6_S7_S8_S9_SA_SB_SC_EEEENKUlT_E_clIS9_EENS4_IJNS3_17reference_wrapperISE_EENSO_ISF_EENSO_IS9_EENSO_ISB_EENSO_ISC_EEEEESL_: 164| 2| [&](auto msg) -> detail::as_wrapped_references_t { 165| 2| if constexpr(std::is_constructible_v) { 166| 2| return std::reference_wrapper(store(std::move(msg), true)); 167| | } else { 168| | throw TLS_Exception(AlertType::UnexpectedMessage, "received an illegal handshake message"); 169| | } 170| 2| }, _ZZN5Botan3TLS18Handshake_State_13ILNS0_15Connection_SideE2ENSt3__17variantIJNS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEENS4_IJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimES9_SB_SC_EEENS4_IJNS0_10Key_UpdateEEEEE8receivedENS4_IJSE_SF_S5_S6_S7_S8_S9_SA_SB_SC_EEEENKUlT_E_clISB_EENS4_IJNS3_17reference_wrapperISE_EENSO_ISF_EENSO_IS9_EENSO_ISB_EENSO_ISC_EEEEESL_: 164| 6| [&](auto msg) -> detail::as_wrapped_references_t { 165| 6| if constexpr(std::is_constructible_v) { 166| 6| return std::reference_wrapper(store(std::move(msg), true)); 167| | } else { 168| | throw TLS_Exception(AlertType::UnexpectedMessage, "received an illegal handshake message"); 169| | } 170| 6| }, _ZZN5Botan3TLS18Handshake_State_13ILNS0_15Connection_SideE2ENSt3__17variantIJNS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEENS4_IJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimES9_SB_SC_EEENS4_IJNS0_10Key_UpdateEEEEE8receivedENS4_IJSE_SF_S5_S6_S7_S8_S9_SA_SB_SC_EEEENKUlT_E_clISC_EENS4_IJNS3_17reference_wrapperISE_EENSO_ISF_EENSO_IS9_EENSO_ISB_EENSO_ISC_EEEEESL_: 164| 6| [&](auto msg) -> detail::as_wrapped_references_t { 165| 6| if constexpr(std::is_constructible_v) { 166| 6| return std::reference_wrapper(store(std::move(msg), true)); 167| | } else { 168| | throw TLS_Exception(AlertType::UnexpectedMessage, "received an illegal handshake message"); 169| | } 170| 6| }, _ZN5Botan3TLS18Handshake_State_13ILNS0_15Connection_SideE2ENSt3__17variantIJNS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEENS4_IJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimES9_SB_SC_EEENS4_IJNS0_10Key_UpdateEEEEEC2Ev: 142| 5.69k| Handshake_State_13() : Handshake_State_13_Base(whoami) {} _ZNK5Botan3TLS21Server_Hello_Internal10extensionsEv: 144| 3.03k| const Extensions& extensions() const { return m_extensions; } _ZNK5Botan3TLS21Server_Hello_Internal14legacy_versionEv: 132| 8.82k| Protocol_Version legacy_version() const { return m_legacy_version; } _ZNK5Botan3TLS21Server_Hello_Internal6randomEv: 136| 4.34k| const std::vector& random() const { return m_random; } _ZNK5Botan3TLS21Server_Hello_Internal10session_idEv: 134| 3.20k| const Session_ID& session_id() const { return m_session_id; } _ZNK5Botan3TLS21Server_Hello_Internal11ciphersuiteEv: 138| 11.7k| uint16_t ciphersuite() const { return m_ciphersuite; } _ZNK5Botan3TLS21Server_Hello_Internal11comp_methodEv: 140| 3.30k| uint8_t comp_method() const { return m_comp_method; } _ZN5Botan3TLS21Server_Hello_Internal10extensionsEv: 146| 14.5k| Extensions& extensions() { return m_extensions; } _ZNK5Botan3TLS21Client_Hello_Internal14legacy_versionEv: 74| 12.4k| Protocol_Version legacy_version() const { return m_legacy_version; } _ZNK5Botan3TLS21Client_Hello_Internal10session_idEv: 76| 3.04k| const Session_ID& session_id() const { return m_session_id; } _ZNK5Botan3TLS21Client_Hello_Internal6randomEv: 78| 1.45k| const std::vector& random() const { return m_random; } _ZNK5Botan3TLS21Client_Hello_Internal12ciphersuitesEv: 80| 40.3k| const std::vector& ciphersuites() const { return m_suites; } _ZNK5Botan3TLS21Client_Hello_Internal12comp_methodsEv: 82| 12.3k| const std::vector& comp_methods() const { return m_comp_methods; } _ZNK5Botan3TLS21Client_Hello_Internal12hello_cookieEv: 84| 9.14k| const std::vector& hello_cookie() const { return m_hello_cookie; } _ZNK5Botan3TLS21Client_Hello_Internal23hello_cookie_input_bitsEv: 86| 18.2k| const std::vector& hello_cookie_input_bits() const { return m_cookie_input_bits; } _ZNK5Botan3TLS21Client_Hello_Internal10extensionsEv: 88| 3.80k| const Extensions& extensions() const { return m_extensions; } _ZN5Botan3TLS21Client_Hello_Internal10extensionsEv: 90| 83.2k| Extensions& extensions() { return m_extensions; } _ZN5Botan3TLS21Server_Hello_InternalC2ENS0_16Protocol_VersionENS_6StrongINSt3__16vectorIhNS4_9allocatorIhEEEENS0_11Session_ID_EJEEES8_thb: 123| 2.89k| m_legacy_version(lv), 124| 2.89k| m_session_id(std::move(sid)), 125| 2.89k| m_random(std::move(r)), 126| 2.89k| m_is_hello_retry_request(is_hrr), 127| 2.89k| m_ciphersuite(cs), 128| 2.89k| m_comp_method(cm) {} _ZNK5Botan3TLS21Server_Hello_Internal22is_hello_retry_requestEv: 142| 48| bool is_hello_retry_request() const { return m_is_hello_retry_request; } _ZN5Botan3TLS15TLS_Data_ReaderC2EPKcNSt3__14spanIKhLm18446744073709551615EEE: 27| 84.0k| m_typename(type), m_buf(buf_in), m_offset(0) {} _ZN5Botan3TLS15TLS_Data_Reader8get_byteEv: 83| 103k| uint8_t get_byte() { 84| 103k| assert_at_least(1); 85| 103k| const uint8_t result = m_buf[m_offset]; 86| 103k| m_offset += 1; 87| 103k| return result; 88| 103k| } _ZN5Botan3TLS15TLS_Data_Reader12get_uint16_tEv: 71| 211k| uint16_t get_uint16_t() { 72| 211k| assert_at_least(2); 73| 211k| const uint16_t result = make_uint16(m_buf[m_offset], m_buf[m_offset + 1]); 74| 211k| m_offset += 2; 75| 211k| return result; 76| 211k| } _ZN5Botan3TLS15TLS_Data_Reader9get_fixedIhEENSt3__16vectorIT_NS3_9allocatorIS5_EEEEm: 129| 113k| std::vector get_fixed(size_t size) { 130| 113k| return get_elem>(size); 131| 113k| } _ZN5Botan3TLS15TLS_Data_Reader8get_elemIhNSt3__16vectorIhNS3_9allocatorIhEEEEEET0_m: 91| 163k| Container get_elem(size_t num_elems) { 92| 163k| assert_at_least(num_elems * sizeof(T)); 93| | 94| 163k| Container result(num_elems); 95| | 96| 2.15M| for(size_t i = 0; i != num_elems; ++i) { ------------------ | Branch (96:28): [True: 1.98M, False: 163k] ------------------ 97| 1.98M| result[i] = load_be(&m_buf[m_offset], i); 98| 1.98M| } 99| | 100| 163k| m_offset += num_elems * sizeof(T); 101| | 102| 163k| return result; 103| 163k| } _ZN5Botan3TLS15TLS_Data_Reader9get_rangeIhEENSt3__16vectorIT_NS3_9allocatorIS5_EEEEmmm: 110| 30.0k| std::vector get_range(size_t len_bytes, size_t min_elems, size_t max_elems) { 111| 30.0k| const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems); 112| | 113| 30.0k| return get_elem>(num_elems); 114| 30.0k| } _ZN5Botan3TLS15TLS_Data_Reader13get_num_elemsEmmmm: 148| 67.3k| size_t get_num_elems(size_t len_bytes, size_t T_size, size_t min_elems, size_t max_elems) { 149| 67.3k| const size_t byte_length = get_length_field(len_bytes); 150| | 151| 67.3k| if(byte_length % T_size != 0) { ------------------ | Branch (151:13): [True: 19, False: 67.3k] ------------------ 152| 19| throw_decode_error("Size isn't multiple of T"); 153| 19| } 154| | 155| 67.3k| const size_t num_elems = byte_length / T_size; 156| | 157| 67.3k| if(num_elems < min_elems || num_elems > max_elems) { ------------------ | Branch (157:13): [True: 56, False: 67.2k] | Branch (157:38): [True: 41, False: 67.2k] ------------------ 158| 61| throw_decode_error("Length field outside parameters"); 159| 61| } 160| | 161| 67.3k| return num_elems; 162| 67.3k| } _ZN5Botan3TLS15TLS_Data_Reader16get_length_fieldEm: 134| 68.9k| size_t get_length_field(size_t len_bytes) { 135| 68.9k| assert_at_least(len_bytes); 136| | 137| 68.9k| if(len_bytes == 1) { ------------------ | Branch (137:13): [True: 48.3k, False: 20.6k] ------------------ 138| 48.3k| return get_byte(); 139| 48.3k| } else if(len_bytes == 2) { ------------------ | Branch (139:20): [True: 20.2k, False: 327] ------------------ 140| 20.2k| return get_uint16_t(); 141| 20.2k| } else if(len_bytes == 3) { ------------------ | Branch (141:20): [True: 308, False: 19] ------------------ 142| 308| return get_uint24_t(); 143| 308| } 144| | 145| 19| throw_decode_error("Bad length size"); 146| 19| } _ZN5Botan3TLS15TLS_Data_Reader12get_uint24_tEv: 64| 11.2k| uint32_t get_uint24_t() { 65| 11.2k| assert_at_least(3); 66| 11.2k| const uint32_t result = make_uint32(0, m_buf[m_offset], m_buf[m_offset + 1], m_buf[m_offset + 2]); 67| 11.2k| m_offset += 3; 68| 11.2k| return result; 69| 11.2k| } _ZN5Botan3TLS23append_tls_length_valueIhNSt3__19allocatorIhEES4_EEvRNS2_6vectorIhT0_EERKNS5_IT_T1_EEm: 209| 14.9k| size_t tag_size) { 210| 14.9k| append_tls_length_value(buf, std::span{vals}, tag_size); 211| 14.9k|} _ZN5Botan3TLS23append_tls_length_valueIhNSt3__19allocatorIhEEEEvRNS2_6vectorIhT0_EENS2_4spanIKT_Lm18446744073709551615EEEm: 202| 17.8k|inline void append_tls_length_value(std::vector& buf, std::span vals, size_t tag_size) { 203| 17.8k| append_tls_length_value(buf, vals.data(), vals.size(), tag_size); 204| 17.8k|} _ZN5Botan3TLS23append_tls_length_valueIhNSt3__19allocatorIhEEEEvRNS2_6vectorIhT0_EEPKT_mm: 180| 17.8k| size_t tag_size) { 181| 17.8k| const size_t T_size = sizeof(T); 182| 17.8k| const size_t val_bytes = T_size * vals_size; 183| | 184| 17.8k| BOTAN_ARG_CHECK(tag_size == 1 || tag_size == 2 || tag_size == 3, "Invalid TLS tag size"); ------------------ | | 35| 17.8k| do { \ | | 36| 17.8k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 38.5k| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 14.9k, False: 2.88k] | | | Branch (37:12): [True: 2.88k, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 17.8k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 17.8k] | | ------------------ ------------------ 185| | 186| 17.8k| const size_t max_possible_size = (1 << (8 * tag_size)) - 1; 187| | 188| 17.8k| BOTAN_ARG_CHECK(val_bytes <= max_possible_size, "Value too large to encode"); ------------------ | | 35| 17.8k| do { \ | | 36| 17.8k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 17.8k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 17.8k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 17.8k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 17.8k] | | ------------------ ------------------ 189| | 190| 38.5k| for(size_t i = 0; i != tag_size; ++i) { ------------------ | Branch (190:22): [True: 20.7k, False: 17.8k] ------------------ 191| 20.7k| buf.push_back(get_byte_var(sizeof(val_bytes) - tag_size + i, val_bytes)); 192| 20.7k| } 193| | 194| 685k| for(size_t i = 0; i != vals_size; ++i) { ------------------ | Branch (194:22): [True: 667k, False: 17.8k] ------------------ 195| 1.33M| for(size_t j = 0; j != T_size; ++j) { ------------------ | Branch (195:25): [True: 667k, False: 667k] ------------------ 196| 667k| buf.push_back(get_byte_var(j, vals[i])); 197| 667k| } 198| 667k| } 199| 17.8k|} _ZNK5Botan3TLS15TLS_Data_Reader11assert_doneEv: 29| 54.4k| void assert_done() const { 30| 54.4k| if(has_remaining()) { ------------------ | Branch (30:13): [True: 368, False: 54.0k] ------------------ 31| 368| throw_decode_error("Extra bytes at end of message"); 32| 368| } 33| 54.4k| } _ZNK5Botan3TLS15TLS_Data_Reader11read_so_farEv: 35| 9.08k| size_t read_so_far() const { return m_offset; } _ZNK5Botan3TLS15TLS_Data_Reader15remaining_bytesEv: 37| 801k| size_t remaining_bytes() const { return m_buf.size() - m_offset; } _ZNK5Botan3TLS15TLS_Data_Reader13has_remainingEv: 39| 137k| bool has_remaining() const { return (remaining_bytes() > 0); } _ZN5Botan3TLS15TLS_Data_Reader13get_remainingEv: 41| 9.81k| std::vector get_remaining() { 42| 9.81k| const std::span rest = m_buf.subspan(m_offset); 43| 9.81k| return std::vector(rest.begin(), rest.end()); 44| 9.81k| } _ZN5Botan3TLS15TLS_Data_Reader20get_data_read_so_farEv: 46| 9.83k| std::vector get_data_read_so_far() { 47| 9.83k| const std::span first = m_buf.first(m_offset); 48| 9.83k| return std::vector(first.begin(), first.end()); 49| 9.83k| } _ZN5Botan3TLS15TLS_Data_Reader12discard_nextEm: 51| 1.93k| void discard_next(size_t bytes) { 52| 1.93k| assert_at_least(bytes); 53| 1.93k| m_offset += bytes; 54| 1.93k| } _ZN5Botan3TLS15TLS_Data_Reader12get_uint32_tEv: 56| 691| uint32_t get_uint32_t() { 57| 691| assert_at_least(4); 58| 691| const uint32_t result = 59| 691| make_uint32(m_buf[m_offset], m_buf[m_offset + 1], m_buf[m_offset + 2], m_buf[m_offset + 3]); 60| 691| m_offset += 4; 61| 691| return result; 62| 691| } _ZN5Botan3TLS15TLS_Data_Reader20get_tls_length_valueEm: 105| 1.57k| std::vector get_tls_length_value(size_t len_bytes) { 106| 1.57k| return get_fixed(get_length_field(len_bytes)); 107| 1.57k| } _ZN5Botan3TLS15TLS_Data_Reader10get_stringEmmm: 123| 3.34k| std::string get_string(size_t len_bytes, size_t min_bytes, size_t max_bytes) { 124| 3.34k| std::vector v = get_range_vector(len_bytes, min_bytes, max_bytes); 125| 3.34k| return bytes_to_string(v); 126| 3.34k| } _ZN5Botan3TLS15TLS_Data_Reader16get_range_vectorIhEENSt3__16vectorIT_NS3_9allocatorIS5_EEEEmmm: 117| 19.9k| std::vector get_range_vector(size_t len_bytes, size_t min_elems, size_t max_elems) { 118| 19.9k| const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems); 119| | 120| 19.9k| return get_elem>(num_elems); 121| 19.9k| } _ZN5Botan3TLS23append_tls_length_valueINSt3__19allocatorIhEEEEvRNS2_6vectorIhT_EENS2_17basic_string_viewIcNS2_11char_traitsIcEEEEm: 214| 2.89k|inline void append_tls_length_value(std::vector& buf, std::string_view str, size_t tag_size) { 215| 2.89k| append_tls_length_value(buf, as_span_of_bytes(str), tag_size); 216| 2.89k|} _ZN5Botan3TLS15TLS_Data_Reader9get_rangeItEENSt3__16vectorIT_NS3_9allocatorIS5_EEEEmmm: 110| 585| std::vector get_range(size_t len_bytes, size_t min_elems, size_t max_elems) { 111| 585| const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems); 112| | 113| 585| return get_elem>(num_elems); 114| 585| } _ZN5Botan3TLS15TLS_Data_Reader8get_elemItNSt3__16vectorItNS3_9allocatorItEEEEEET0_m: 91| 17.2k| Container get_elem(size_t num_elems) { 92| 17.2k| assert_at_least(num_elems * sizeof(T)); 93| | 94| 17.2k| Container result(num_elems); 95| | 96| 66.9k| for(size_t i = 0; i != num_elems; ++i) { ------------------ | Branch (96:28): [True: 49.6k, False: 17.2k] ------------------ 97| 49.6k| result[i] = load_be(&m_buf[m_offset], i); 98| 49.6k| } 99| | 100| 17.2k| m_offset += num_elems * sizeof(T); 101| | 102| 17.2k| return result; 103| 17.2k| } _ZN5Botan3TLS15TLS_Data_Reader16get_range_vectorItEENSt3__16vectorIT_NS3_9allocatorIS5_EEEEmmm: 117| 16.7k| std::vector get_range_vector(size_t len_bytes, size_t min_elems, size_t max_elems) { 118| 16.7k| const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems); 119| | 120| 16.7k| return get_elem>(num_elems); 121| 16.7k| } _ZN5Botan3TLS23append_tls_length_valueIhNS_16secure_allocatorIhEENSt3__19allocatorIhEEEEvRNS4_6vectorIhT0_EERKNS7_IT_T1_EEm: 209| 4| size_t tag_size) { 210| 4| append_tls_length_value(buf, std::span{vals}, tag_size); 211| 4|} _ZN5Botan3TLS23append_tls_length_valueIhNS_16secure_allocatorIhEEEEvRNSt3__16vectorIhT0_EENS4_4spanIKT_Lm18446744073709551615EEEm: 202| 3.39k|inline void append_tls_length_value(std::vector& buf, std::span vals, size_t tag_size) { 203| 3.39k| append_tls_length_value(buf, vals.data(), vals.size(), tag_size); 204| 3.39k|} _ZN5Botan3TLS23append_tls_length_valueIhNS_16secure_allocatorIhEEEEvRNSt3__16vectorIhT0_EEPKT_mm: 180| 3.39k| size_t tag_size) { 181| 3.39k| const size_t T_size = sizeof(T); 182| 3.39k| const size_t val_bytes = T_size * vals_size; 183| | 184| 3.39k| BOTAN_ARG_CHECK(tag_size == 1 || tag_size == 2 || tag_size == 3, "Invalid TLS tag size"); ------------------ | | 35| 3.39k| do { \ | | 36| 3.39k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 10.1k| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 0, False: 3.39k] | | | Branch (37:12): [True: 3.39k, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 3.39k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 3.39k] | | ------------------ ------------------ 185| | 186| 3.39k| const size_t max_possible_size = (1 << (8 * tag_size)) - 1; 187| | 188| 3.39k| BOTAN_ARG_CHECK(val_bytes <= max_possible_size, "Value too large to encode"); ------------------ | | 35| 3.39k| do { \ | | 36| 3.39k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 3.39k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 3.39k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 3.39k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 3.39k] | | ------------------ ------------------ 189| | 190| 10.1k| for(size_t i = 0; i != tag_size; ++i) { ------------------ | Branch (190:22): [True: 6.79k, False: 3.39k] ------------------ 191| 6.79k| buf.push_back(get_byte_var(sizeof(val_bytes) - tag_size + i, val_bytes)); 192| 6.79k| } 193| | 194| 105k| for(size_t i = 0; i != vals_size; ++i) { ------------------ | Branch (194:22): [True: 101k, False: 3.39k] ------------------ 195| 203k| for(size_t j = 0; j != T_size; ++j) { ------------------ | Branch (195:25): [True: 101k, False: 101k] ------------------ 196| 101k| buf.push_back(get_byte_var(j, vals[i])); 197| 101k| } 198| 101k| } 199| 3.39k|} _ZN5Botan3TLS23append_tls_length_valueIhNS_16secure_allocatorIhEES3_EEvRNSt3__16vectorIhT0_EERKNS5_IT_T1_EEm: 209| 3.39k| size_t tag_size) { 210| 3.39k| append_tls_length_value(buf, std::span{vals}, tag_size); 211| 3.39k|} _ZNK5Botan3TLS13Record_Header6neededEv: 91| 21.1k| size_t needed() const { return m_needed; } _ZNK5Botan3TLS13Record_Header4typeEv: 105| 88.5k| Record_Type type() const { 106| 88.5k| BOTAN_ASSERT_NOMSG(m_needed == 0); ------------------ | | 77| 88.5k| do { \ | | 78| 88.5k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 88.5k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 88.5k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 88.5k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 88.5k] | | ------------------ ------------------ 107| 88.5k| return m_type; 108| 88.5k| } _ZNK5Botan3TLS13Record_Header5epochEv: 103| 2.54k| uint16_t epoch() const { return static_cast(sequence() >> 48); } _ZNK5Botan3TLS13Record_Header7versionEv: 93| 25.6k| Protocol_Version version() const { 94| 25.6k| BOTAN_ASSERT_NOMSG(m_needed == 0); ------------------ | | 77| 25.6k| do { \ | | 78| 25.6k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 25.6k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 25.6k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 25.6k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 25.6k] | | ------------------ ------------------ 95| 25.6k| return m_version; 96| 25.6k| } _ZNK5Botan3TLS13Record_Header8sequenceEv: 98| 20.5k| uint64_t sequence() const { 99| 20.5k| BOTAN_ASSERT_NOMSG(m_needed == 0); ------------------ | | 77| 20.5k| do { \ | | 78| 20.5k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 20.5k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 20.5k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 20.5k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 20.5k] | | ------------------ ------------------ 100| 20.5k| return m_sequence; 101| 20.5k| } _ZN5Botan3TLS23Connection_Cipher_State4aeadEv: 58| 413| AEAD_Mode& aead() { 59| 413| BOTAN_ASSERT_NONNULL(m_aead.get()); ------------------ | | 116| 413| do { \ | | 117| 413| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 413] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 413| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 413] | | ------------------ ------------------ 60| 413| return *m_aead; 61| 413| } _ZNK5Botan3TLS23Connection_Cipher_State26nonce_bytes_from_handshakeEv: 69| 123| size_t nonce_bytes_from_handshake() const { return m_nonce_bytes_from_handshake; } _ZNK5Botan3TLS23Connection_Cipher_State23nonce_bytes_from_recordEv: 71| 1.32k| size_t nonce_bytes_from_record() const { return m_nonce_bytes_from_record; } _ZNK5Botan3TLS23Connection_Cipher_State12nonce_formatEv: 73| 718| Nonce_Format nonce_format() const { return m_nonce_format; } _ZN5Botan3TLS13Record_HeaderC2EmNS0_16Protocol_VersionENS0_11Record_TypeE: 87| 20.3k| m_needed(0), m_sequence(sequence), m_version(version), m_type(type) {} _ZN5Botan3TLS13Record_HeaderC2Em: 89| 855| explicit Record_Header(size_t needed) : m_needed(needed), m_sequence(0), m_type(Record_Type::Invalid) {} _ZN5Botan3TLS6RecordC2ENS0_11Record_TypeENSt3__16vectorIhNS_16secure_allocatorIhEEEE: 33| 11.6k| type(record_type), fragment(std::move(frgmnt)), seq_no(std::nullopt) {} _ZN5Botan3TLS12Record_Layer17clear_read_bufferEv: 82| 18| void clear_read_buffer() { 83| 18| zap(m_read_buffer); 84| 18| m_read_offset = 0; 85| 18| } _ZN5Botan3TLS25Datagram_Sequence_NumbersC2Ev: 89| 569| Datagram_Sequence_Numbers() { Datagram_Sequence_Numbers::reset(); } _ZN5Botan3TLS25Datagram_Sequence_Numbers5resetEv: 91| 569| void reset() override { 92| 569| m_write_seqs.clear(); 93| 569| m_write_seqs[0] = 0; 94| 569| m_write_epoch = 0; 95| 569| m_read_epoch = 0; 96| 569| m_window_highest = 0; 97| 569| m_window_bits = 0; 98| 569| } _ZN5Botan3TLS27Connection_Sequence_NumbersD2Ev: 20| 4.24k| virtual ~Connection_Sequence_Numbers() = default; _ZNK5Botan3TLS25Datagram_Sequence_Numbers19current_write_epochEv: 109| 265| uint16_t current_write_epoch() const override { return m_write_epoch; } _ZN5Botan3TLS25Datagram_Sequence_Numbers19next_write_sequenceEt: 111| 265| uint64_t next_write_sequence(uint16_t epoch) override { 112| 265| auto i = m_write_seqs.find(epoch); 113| 265| BOTAN_ASSERT(i != m_write_seqs.end(), "Found epoch"); ------------------ | | 64| 265| do { \ | | 65| 265| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 265| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 265] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 265| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 265] | | ------------------ ------------------ 114| 265| if(i->second > 0x0000FFFFFFFFFFFF) { ------------------ | Branch (114:13): [True: 0, False: 265] ------------------ 115| 0| throw Invalid_State("DTLS write sequence number overflow"); 116| 0| } 117| 265| return (static_cast(epoch) << 48) | i->second++; 118| 265| } _ZNK5Botan3TLS25Datagram_Sequence_Numbers12already_seenEm: 122| 425| bool already_seen(uint64_t sequence) const override { 123| 425| const size_t window_size = sizeof(m_window_bits) * 8; 124| | 125| 425| if(sequence > m_window_highest) { ------------------ | Branch (125:13): [True: 327, False: 98] ------------------ 126| 327| return false; 127| 327| } 128| | 129| 98| const uint64_t offset = m_window_highest - sequence; 130| | 131| 98| if(offset >= window_size) { ------------------ | Branch (131:13): [True: 74, False: 24] ------------------ 132| 74| return true; // really old? 133| 74| } 134| | 135| 24| return (((m_window_bits >> offset) & 1) == 1); 136| 98| } _ZN5Botan3TLS25Datagram_Sequence_Numbers11read_acceptEm: 138| 319| void read_accept(uint64_t sequence) override { 139| 319| const size_t window_size = sizeof(m_window_bits) * 8; 140| | 141| 319| if(sequence > m_window_highest) { ------------------ | Branch (141:13): [True: 299, False: 20] ------------------ 142| | // We've received a later sequence which advances our window 143| 299| const uint64_t offset = sequence - m_window_highest; 144| 299| m_window_highest += offset; 145| | 146| 299| if(offset >= window_size) { ------------------ | Branch (146:16): [True: 271, False: 28] ------------------ 147| 271| m_window_bits = 0; 148| 271| } else { 149| 28| m_window_bits <<= offset; 150| 28| } 151| | 152| 299| m_window_bits |= 0x01; 153| 299| } else { 154| 20| const uint64_t offset = m_window_highest - sequence; 155| | 156| 20| if(offset < window_size) { ------------------ | Branch (156:16): [True: 20, False: 0] ------------------ 157| | // We've received an old sequence but still within our window 158| 20| m_window_bits |= (static_cast(1) << offset); 159| 20| } else { 160| | // This occurs only if we have reset state (DTLS reconnection case) 161| 0| m_window_highest = sequence; 162| 0| m_window_bits = 0; 163| 0| } 164| 20| } 165| 319| } _ZN5Botan3TLS23Stream_Sequence_NumbersC2Ev: 39| 3.67k| Stream_Sequence_Numbers() : m_write_seq_no(0), m_read_seq_no(0), m_read_epoch(0), m_write_epoch(0) {} _ZN5Botan3TLS23Stream_Sequence_Numbers21new_read_cipher_stateEv: 48| 303| void new_read_cipher_state() override { 49| 303| m_read_seq_no = 0; 50| 303| m_read_epoch++; 51| 303| } _ZN5Botan3TLS23Stream_Sequence_Numbers22new_write_cipher_stateEv: 53| 104| void new_write_cipher_state() override { 54| 104| m_write_seq_no = 0; 55| 104| m_write_epoch++; 56| 104| } _ZNK5Botan3TLS23Stream_Sequence_Numbers18current_read_epochEv: 58| 14.2k| uint16_t current_read_epoch() const override { return m_read_epoch; } _ZNK5Botan3TLS23Stream_Sequence_Numbers19current_write_epochEv: 60| 20.7k| uint16_t current_write_epoch() const override { return m_write_epoch; } _ZN5Botan3TLS23Stream_Sequence_Numbers19next_write_sequenceEt: 62| 20.5k| uint64_t next_write_sequence(uint16_t /*epoch*/) override { 63| 20.5k| if(m_write_seq_no == std::numeric_limits::max()) { ------------------ | Branch (63:13): [True: 0, False: 20.5k] ------------------ 64| 0| throw Invalid_State("TLS 1.2 write sequence number overflow"); 65| 0| } 66| 20.5k| return m_write_seq_no++; 67| 20.5k| } _ZN5Botan3TLS23Stream_Sequence_Numbers18next_read_sequenceEv: 69| 13.9k| uint64_t next_read_sequence() override { return m_read_seq_no; } _ZNK5Botan3TLS14Server_Impl_1220application_protocolEv: 64| 104| std::string application_protocol() const override { return m_next_protocol; } _ZNK5Botan3TLS12Session_Keys13master_secretEv: 46| 416| const secure_vector& master_secret() const { return m_master_sec; } _ZNK5Botan3TLS12Session_Keys15client_aead_keyEv: 26| 303| const secure_vector& client_aead_key() const { return m_c_aead; } _ZNK5Botan3TLS12Session_Keys15server_aead_keyEv: 31| 104| const secure_vector& server_aead_key() const { return m_s_aead; } _ZNK5Botan3TLS12Session_Keys12client_nonceEv: 36| 303| const std::vector& client_nonce() const { return m_c_nonce; } _ZNK5Botan3TLS12Session_Keys12server_nonceEv: 41| 104| const std::vector& server_nonce() const { return m_s_nonce; } _ZNK5Botan3TLS12Session_Keys8aead_keyENS0_15Connection_SideE: 48| 407| const secure_vector& aead_key(Connection_Side side) const { 49| 407| return (side == Connection_Side::Client) ? client_aead_key() : server_aead_key(); ------------------ | Branch (49:17): [True: 303, False: 104] ------------------ 50| 407| } _ZNK5Botan3TLS12Session_Keys5nonceENS0_15Connection_SideE: 52| 407| const std::vector& nonce(Connection_Side side) const { 53| 407| return (side == Connection_Side::Client) ? client_nonce() : server_nonce(); ------------------ | Branch (53:17): [True: 303, False: 104] ------------------ 54| 407| } _ZN5Botan3TLS12Session_KeysC2Ev: 56| 4.24k| Session_Keys() = default; _ZN5Botan2CT13value_barrierITkNSt3__117unsigned_integralEhQntsr3stdE7same_asIbT_EEES3_S3_: 43| 21.9k|constexpr inline T value_barrier(T x) { 44| 21.9k| if(std::is_constant_evaluated()) { ------------------ | Branch (44:7): [Folded, False: 21.9k] ------------------ 45| 0| return x; 46| 21.9k| } else { 47| 21.9k|#if defined(BOTAN_CT_VALUE_BARRIER_USE_ASM) 48| | /* 49| | * We may want a "stronger" statement such as 50| | * asm volatile("" : "+r,m"(x) : : "memory); 51| | * (see https://theunixzoo.co.uk/blog/2021-10-14-preventing-optimisations.html) 52| | * however the current approach seems sufficient with current compilers, 53| | * and is minimally damaging with regards to degrading code generation. 54| | */ 55| 21.9k| asm("" : "+r"(x) : /* no input */); // NOLINT(*-no-assembler) 56| 21.9k| return x; 57| |#elif defined(BOTAN_CT_VALUE_BARRIER_USE_VOLATILE) 58| | volatile T vx = x; 59| | return vx; 60| |#else 61| | return x; 62| |#endif 63| 21.9k| } 64| 21.9k|} _ZN5Botan2CT13value_barrierITkNSt3__117unsigned_integralEmQntsr3stdE7same_asIbT_EEES3_S3_: 43| 176M|constexpr inline T value_barrier(T x) { 44| 176M| if(std::is_constant_evaluated()) { ------------------ | Branch (44:7): [Folded, False: 176M] ------------------ 45| 0| return x; 46| 176M| } else { 47| 176M|#if defined(BOTAN_CT_VALUE_BARRIER_USE_ASM) 48| | /* 49| | * We may want a "stronger" statement such as 50| | * asm volatile("" : "+r,m"(x) : : "memory); 51| | * (see https://theunixzoo.co.uk/blog/2021-10-14-preventing-optimisations.html) 52| | * however the current approach seems sufficient with current compilers, 53| | * and is minimally damaging with regards to degrading code generation. 54| | */ 55| 176M| asm("" : "+r"(x) : /* no input */); // NOLINT(*-no-assembler) 56| 176M| return x; 57| |#elif defined(BOTAN_CT_VALUE_BARRIER_USE_VOLATILE) 58| | volatile T vx = x; 59| | return vx; 60| |#else 61| | return x; 62| |#endif 63| 176M| } 64| 176M|} _ZN5Botan2CT13value_barrierITkNSt3__117unsigned_integralEjQntsr3stdE7same_asIbT_EEES3_S3_: 43| 189k|constexpr inline T value_barrier(T x) { 44| 189k| if(std::is_constant_evaluated()) { ------------------ | Branch (44:7): [Folded, False: 189k] ------------------ 45| 0| return x; 46| 189k| } else { 47| 189k|#if defined(BOTAN_CT_VALUE_BARRIER_USE_ASM) 48| | /* 49| | * We may want a "stronger" statement such as 50| | * asm volatile("" : "+r,m"(x) : : "memory); 51| | * (see https://theunixzoo.co.uk/blog/2021-10-14-preventing-optimisations.html) 52| | * however the current approach seems sufficient with current compilers, 53| | * and is minimally damaging with regards to degrading code generation. 54| | */ 55| 189k| asm("" : "+r"(x) : /* no input */); // NOLINT(*-no-assembler) 56| 189k| return x; 57| |#elif defined(BOTAN_CT_VALUE_BARRIER_USE_VOLATILE) 58| | volatile T vx = x; 59| | return vx; 60| |#else 61| | return x; 62| |#endif 63| 189k| } 64| 189k|} _ZN5Botan2CT13value_barrierITkNSt3__117unsigned_integralEtQntsr3stdE7same_asIbT_EEES3_S3_: 43| 227k|constexpr inline T value_barrier(T x) { 44| 227k| if(std::is_constant_evaluated()) { ------------------ | Branch (44:7): [Folded, False: 227k] ------------------ 45| 0| return x; 46| 227k| } else { 47| 227k|#if defined(BOTAN_CT_VALUE_BARRIER_USE_ASM) 48| | /* 49| | * We may want a "stronger" statement such as 50| | * asm volatile("" : "+r,m"(x) : : "memory); 51| | * (see https://theunixzoo.co.uk/blog/2021-10-14-preventing-optimisations.html) 52| | * however the current approach seems sufficient with current compilers, 53| | * and is minimally damaging with regards to degrading code generation. 54| | */ 55| 227k| asm("" : "+r"(x) : /* no input */); // NOLINT(*-no-assembler) 56| 227k| return x; 57| |#elif defined(BOTAN_CT_VALUE_BARRIER_USE_VOLATILE) 58| | volatile T vx = x; 59| | return vx; 60| |#else 61| | return x; 62| |#endif 63| 227k| } 64| 227k|} _ZN5Botan17is_sub_element_ofERKNS_3OIDESt16initializer_listIjE: 16| 25.8k|inline std::optional is_sub_element_of(const OID& oid, std::initializer_list prefix) { 17| 25.8k| const auto& c = oid.get_components(); 18| | 19| 25.8k| if(c.size() != prefix.size() + 1) { ------------------ | Branch (19:7): [True: 0, False: 25.8k] ------------------ 20| 0| return {}; 21| 0| } 22| | 23| 25.8k| if(!std::equal(c.begin(), c.end() - 1, prefix.begin(), prefix.end())) { ------------------ | Branch (23:7): [True: 0, False: 25.8k] ------------------ 24| 0| return {}; 25| 0| } 26| | 27| 25.8k| return c[c.size() - 1]; 28| 25.8k|} _ZN5Botan9AEAD_Mode19set_associated_dataENSt3__14spanIKhLm18446744073709551615EEE: 59| 409| void set_associated_data(std::span ad) { set_associated_data_n(0, ad); } _ZN5Botan21Allocator_InitializerC2Ev: 50| 1| Allocator_Initializer() { initialize_allocator(); } _ZN5Botan11ASN1_ObjectC2ERKS0_: 118| 211k| ASN1_Object(const ASN1_Object&) = default; _ZN5Botan11ASN1_ObjectD2Ev: 122| 968k| virtual ~ASN1_Object() = default; _ZN5Botan11ASN1_ObjectC2EOS0_: 120| 328k| ASN1_Object(ASN1_Object&&) = default; _ZNK5Botan10BER_Object6is_setEv: 138| 1.43M| bool is_set() const { return m_type_tag != ASN1_Type::NoObject; } _ZNK5Botan10BER_Object7taggingEv: 140| 583k| uint32_t tagging() const { return type_tag() | class_tag(); } _ZNK5Botan10BER_Object8type_tagEv: 142| 589k| ASN1_Type type_tag() const { return m_type_tag; } _ZNK5Botan10BER_Object9class_tagEv: 144| 654k| ASN1_Class class_tag() const { return m_class_tag; } _ZNK5Botan10BER_Object4typeEv: 146| 103k| ASN1_Type type() const { return m_type_tag; } _ZNK5Botan10BER_Object9get_classEv: 148| 51.8k| ASN1_Class get_class() const { return m_class_tag; } _ZNK5Botan10BER_Object4bitsEv: 150| 4.69M| const uint8_t* bits() const { return m_value.data(); } _ZNK5Botan10BER_Object6lengthEv: 152| 10.0M| size_t length() const { return m_value.size(); } _ZNK5Botan10BER_Object4dataEv: 154| 200k| std::span data() const { return std::span{m_value}; } _ZN5Botan10BER_Object12mutable_bitsEm: 171| 486k| uint8_t* mutable_bits(size_t length) { 172| 486k| m_value.resize(length); 173| 486k| return m_value.data(); 174| 486k| } _ZNK5Botan3OID5emptyEv: 265| 41.7k| bool empty() const { return m_id.empty(); } _ZNK5Botan3OID9has_valueEv: 271| 30.7k| bool has_value() const { return !empty(); } _ZNK5Botan3OIDeqERKS0_: 301| 48.7k| bool operator==(const OID& other) const { return m_id == other.m_id; } _ZNK5Botan3OID14get_componentsEv: 321| 749k| const std::vector& get_components() const { 322| 749k| return m_id; 323| 749k| } _ZNK5Botan11ASN1_String5valueEv: 365| 38.7k| const std::string& value() const { return m_utf8_str; } _ZNK5Botan11ASN1_String5emptyEv: 369| 38.7k| bool empty() const { return m_utf8_str.empty(); } _ZNK5Botan19AlgorithmIdentifier3oidEv: 407| 50.9k| const OID& oid() const { return m_oid; } _ZNK5Botan19AlgorithmIdentifier10parametersEv: 409| 31.5k| const std::vector& parameters() const { return m_parameters; } _ZNK5Botan19AlgorithmIdentifier20parameters_are_emptyEv: 419| 12.9k| bool parameters_are_empty() const { return m_parameters.empty(); } _ZNK5Botan19AlgorithmIdentifier28parameters_are_null_or_emptyEv: 421| 12.9k| bool parameters_are_null_or_empty() const { return parameters_are_empty() || parameters_are_null(); } ------------------ | Branch (421:58): [True: 12.9k, False: 0] | Branch (421:84): [True: 0, False: 0] ------------------ _ZN5BotanorENS_10ASN1_ClassES0_: 78| 296k|inline ASN1_Class operator|(ASN1_Class x, ASN1_Class y) { 79| 296k| return static_cast(static_cast(x) | static_cast(y)); 80| 296k|} _ZN5BotanorENS_9ASN1_TypeENS_10ASN1_ClassE: 82| 583k|inline uint32_t operator|(ASN1_Type x, ASN1_Class y) { 83| 583k| return static_cast(x) | static_cast(y); 84| 583k|} _ZN5BotanorENS_10ASN1_ClassENS_9ASN1_TypeE: 86| 97.1k|inline uint32_t operator|(ASN1_Class x, ASN1_Type y) { 87| 97.1k| return static_cast(x) | static_cast(y); 88| 97.1k|} _ZN5BotanneERKNS_3OIDES2_: 342| 25.8k|inline bool operator!=(const OID& a, const OID& b) { 343| 25.8k| return !(a == b); 344| 25.8k|} _ZNKSt3__14hashIN5Botan3OIDEEclERKS2_: 441| 4| size_t operator()(const Botan::OID& oid) const noexcept { return static_cast(oid.hash_code()); } _ZN5Botan19AlgorithmIdentifierC2Ev: 399| 59.2k| AlgorithmIdentifier() = default; _ZN5Botan11ASN1_ObjectC2Ev: 117| 428k| ASN1_Object() = default; _ZN5Botan3OIDC2Ev: 220| 143k| explicit OID() = default; _ZN5Botan11ASN1_ObjectaSERKS0_: 119| 12.9k| ASN1_Object& operator=(const ASN1_Object&) = default; _ZN5Botan10BER_ObjectC2Ev: 130| 889k| BER_Object() = default; _ZN5Botan10BER_ObjectaSEOS0_: 135| 232k| BER_Object& operator=(BER_Object&& other) = default; _ZN5Botan10BER_ObjectC2EOS0_: 133| 266k| BER_Object(BER_Object&& other) = default; _ZN5Botan9ASN1_TimeC2Ev: 39| 13.0k| ASN1_Time() = default; _ZN5Botan13ignore_paramsIJNSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEEEEvDpRKT_: 142| 352|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan13ignore_paramsIJNS_3TLS15Session_SummaryEEEEvDpRKT_: 142| 104|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan13ignore_paramsIJNSt3__16vectorINS_16X509_CertificateENS1_9allocatorIS3_EEEENS_3TLS26Certificate_Status_RequestEEEEvDpRKT_: 142| 1|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan13ignore_paramsIJNS_3TLS16Protocol_VersionEEEEvDpRKT_: 142| 407|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan13ignore_paramsIJPKhmEEEvDpRKT_: 142| 21.1k|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan13ignore_paramsIJjEEEvDpRKT_: 142| 220k|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan13ignore_paramsIJPKtmEEEvDpRKT_: 142| 306|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan13ignore_paramsIJPKmmEEEvDpRKT_: 142| 10.8M|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan13ignore_paramsIJNS_3TLS20Client_Hello_12_ShimEEEEvDpRKT_: 142| 3.67k|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan11BER_Decoder6Limits3DEREv: 35| 71.6k| static Limits DER() { return Limits(false, 0); } _ZN5Botan11BER_Decoder6LimitsC2Ebm: 54| 71.6k| m_allow_ber(allow_ber), m_max_nested_indef(max_nested_indef) {} _ZN5Botan11BER_Decoder14start_sequenceEv: 160| 162k| BER_Decoder start_sequence() { return start_cons(ASN1_Type::Sequence, ASN1_Class::Universal); } _ZN5Botan11BER_Decoder16decode_and_checkImEERS0_RKT_NSt3__117basic_string_viewIcNS6_11char_traitsIcEEEE: 327| 12.9k| BER_Decoder& decode_and_check(const T& expected, std::string_view error_msg) { 328| 12.9k| T actual; 329| 12.9k| decode(actual); 330| | 331| 12.9k| if(actual != expected) { ------------------ | Branch (331:13): [True: 0, False: 12.9k] ------------------ 332| 0| throw Decoding_Error(error_msg); 333| 0| } 334| | 335| 12.9k| return (*this); 336| 12.9k| } _ZN5Botan11BER_Decoder6decodeERm: 225| 19.3k| BER_Decoder& decode(size_t& out) { return decode(out, ASN1_Type::Integer, ASN1_Class::Universal); } _ZN5Botan11BER_Decoder6decodeINS_16secure_allocatorIhEEEERS0_RNSt3__16vectorIhT_EENS_9ASN1_TypeE: 242| 19.3k| BER_Decoder& decode(std::vector& out, ASN1_Type real_type) { 243| 19.3k| return decode(out, real_type, real_type, ASN1_Class::Universal); 244| 19.3k| } _ZNK5Botan11BER_Decoder6Limits18allow_ber_encodingEv: 44| 1.07M| bool allow_ber_encoding() const { return m_allow_ber; } _ZNK5Botan11BER_Decoder6Limits20require_der_encodingEv: 46| 589k| bool require_der_encoding() const { return !allow_ber_encoding(); } _ZN5Botan11BER_DecoderC2ERKNS_10BER_ObjectENS0_6LimitsE: 81| 19.3k| BER_Decoder(obj.data(), limits) {} _ZNK5Botan11BER_Decoder6limitsEv: 98| 214k| Limits limits() const { return m_limits; } _ZN5Botan11BER_Decoder8get_nextERNS_10BER_ObjectE: 106| 12.9k| BER_Decoder& get_next(BER_Object& ber) { 107| 12.9k| ber = get_next_object(); 108| 12.9k| return (*this); 109| 12.9k| } _ZN5Botan11BER_Decoder9start_setEv: 162| 39.0k| BER_Decoder start_set() { return start_cons(ASN1_Type::Set, ASN1_Class::Universal); } _ZN5Botan11BER_Decoder6decodeERNS_6BigIntE: 230| 6.51k| BER_Decoder& decode(BigInt& out) { return decode(out, ASN1_Type::Integer, ASN1_Class::Universal); } _ZN5Botan11BER_Decoder6decodeINSt3__19allocatorIhEEEERS0_RNS2_6vectorIhT_EENS_9ASN1_TypeE: 242| 45.3k| BER_Decoder& decode(std::vector& out, ASN1_Type real_type) { 243| 45.3k| return decode(out, real_type, real_type, ASN1_Class::Universal); 244| 45.3k| } _ZN5Botan11BER_Decoder9raw_bytesINSt3__19allocatorIhEEEERS0_RNS2_6vectorIhT_EE: 203| 45.6k| BER_Decoder& raw_bytes(std::vector& out) { 204| 45.6k| out.clear(); 205| 3.43M| for(;;) { 206| 3.43M| if(auto next = this->read_next_byte()) { ------------------ | Branch (206:21): [True: 3.38M, False: 45.6k] ------------------ 207| 3.38M| out.push_back(*next); 208| 3.38M| } else { 209| 45.6k| break; 210| 45.6k| } 211| 3.43M| } 212| 45.6k| return (*this); 213| 45.6k| } _ZN5Botan11BER_Decoder15decode_optionalImEERS0_RT_NS_9ASN1_TypeENS_10ASN1_ClassERKS3_: 285| 6.51k| BER_Decoder& decode_optional(T& out, ASN1_Type type_tag, ASN1_Class class_tag, const T& default_value = T()) { 286| 6.51k| std::optional optval; 287| 6.51k| this->decode_optional(optval, type_tag, class_tag); 288| 6.51k| out = optval ? *optval : default_value; ------------------ | Branch (288:16): [True: 6.45k, False: 58] ------------------ 289| 6.51k| return (*this); 290| 6.51k| } _ZN5Botan11BER_Decoder15decode_optionalImEERS0_RNSt3__18optionalIT_EENS_9ASN1_TypeENS_10ASN1_ClassE: 394| 12.9k|BER_Decoder& BER_Decoder::decode_optional(std::optional& optval, ASN1_Type type_tag, ASN1_Class class_tag) { 395| 12.9k| BER_Object obj = get_next_object(); 396| | 397| 12.9k| if(obj.is_a(type_tag, class_tag)) { ------------------ | Branch (397:7): [True: 6.45k, False: 6.51k] ------------------ 398| 6.45k| T out{}; 399| 6.45k| if(class_tag == ASN1_Class::ExplicitContextSpecific) { ------------------ | Branch (399:10): [True: 6.45k, False: 0] ------------------ 400| 6.45k| BER_Decoder(obj, m_limits).decode(out).verify_end(); 401| 6.45k| } else { 402| 0| this->push_back(std::move(obj)); 403| 0| this->decode(out, type_tag, class_tag); 404| 0| } 405| 6.45k| optval = std::move(out); 406| 6.51k| } else { 407| 6.51k| this->push_back(std::move(obj)); 408| 6.51k| optval = std::nullopt; 409| 6.51k| } 410| | 411| 12.9k| return (*this); 412| 12.9k|} _ZN5Botan11BER_Decoder22decode_optional_stringINSt3__19allocatorIhEEEERS0_RNS2_6vectorIhT_EENS_9ASN1_TypeEjNS_10ASN1_ClassE: 345| 19.3k| ASN1_Class class_tag = ASN1_Class::ContextSpecific) { 346| 19.3k| BER_Object obj = get_next_object(); 347| | 348| 19.3k| const ASN1_Type type_tag = static_cast(expected_tag); 349| | 350| 19.3k| if(obj.is_a(type_tag, class_tag)) { ------------------ | Branch (350:13): [True: 6.45k, False: 12.9k] ------------------ 351| 6.45k| if(class_tag == ASN1_Class::ExplicitContextSpecific) { ------------------ | Branch (351:16): [True: 0, False: 6.45k] ------------------ 352| 0| BER_Decoder(obj, m_limits).decode(out, real_type).verify_end(); 353| 6.45k| } else { 354| 6.45k| push_back(std::move(obj)); 355| 6.45k| decode(out, real_type, type_tag, class_tag); 356| 6.45k| } 357| 12.9k| } else { 358| 12.9k| out.clear(); 359| 12.9k| push_back(std::move(obj)); 360| 12.9k| } 361| | 362| 19.3k| return (*this); 363| 19.3k| } _ZN5Botan11BER_Decoder15decode_optionalIbEERS0_RT_NS_9ASN1_TypeENS_10ASN1_ClassERKS3_: 285| 32.2k| BER_Decoder& decode_optional(T& out, ASN1_Type type_tag, ASN1_Class class_tag, const T& default_value = T()) { 286| 32.2k| std::optional optval; 287| 32.2k| this->decode_optional(optval, type_tag, class_tag); 288| 32.2k| out = optval ? *optval : default_value; ------------------ | Branch (288:16): [True: 6.45k, False: 25.8k] ------------------ 289| 32.2k| return (*this); 290| 32.2k| } _ZN5Botan11BER_Decoder15decode_optionalIbEERS0_RNSt3__18optionalIT_EENS_9ASN1_TypeENS_10ASN1_ClassE: 394| 32.2k|BER_Decoder& BER_Decoder::decode_optional(std::optional& optval, ASN1_Type type_tag, ASN1_Class class_tag) { 395| 32.2k| BER_Object obj = get_next_object(); 396| | 397| 32.2k| if(obj.is_a(type_tag, class_tag)) { ------------------ | Branch (397:7): [True: 6.45k, False: 25.8k] ------------------ 398| 6.45k| T out{}; 399| 6.45k| if(class_tag == ASN1_Class::ExplicitContextSpecific) { ------------------ | Branch (399:10): [True: 0, False: 6.45k] ------------------ 400| 0| BER_Decoder(obj, m_limits).decode(out).verify_end(); 401| 6.45k| } else { 402| 6.45k| this->push_back(std::move(obj)); 403| 6.45k| this->decode(out, type_tag, class_tag); 404| 6.45k| } 405| 6.45k| optval = std::move(out); 406| 25.8k| } else { 407| 25.8k| this->push_back(std::move(obj)); 408| 25.8k| optval = std::nullopt; 409| 25.8k| } 410| | 411| 32.2k| return (*this); 412| 32.2k|} _ZN5Botan11BER_Decoder15decode_optionalINS_3OIDEEERS0_RT_NS_9ASN1_TypeENS_10ASN1_ClassERKS4_: 285| 6.45k| BER_Decoder& decode_optional(T& out, ASN1_Type type_tag, ASN1_Class class_tag, const T& default_value = T()) { 286| 6.45k| std::optional optval; 287| 6.45k| this->decode_optional(optval, type_tag, class_tag); 288| 6.45k| out = optval ? *optval : default_value; ------------------ | Branch (288:16): [True: 0, False: 6.45k] ------------------ 289| 6.45k| return (*this); 290| 6.45k| } _ZN5Botan11BER_Decoder15decode_optionalINS_3OIDEEERS0_RNSt3__18optionalIT_EENS_9ASN1_TypeENS_10ASN1_ClassE: 394| 6.45k|BER_Decoder& BER_Decoder::decode_optional(std::optional& optval, ASN1_Type type_tag, ASN1_Class class_tag) { 395| 6.45k| BER_Object obj = get_next_object(); 396| | 397| 6.45k| if(obj.is_a(type_tag, class_tag)) { ------------------ | Branch (397:7): [True: 0, False: 6.45k] ------------------ 398| 0| T out{}; 399| 0| if(class_tag == ASN1_Class::ExplicitContextSpecific) { ------------------ | Branch (399:10): [True: 0, False: 0] ------------------ 400| 0| BER_Decoder(obj, m_limits).decode(out).verify_end(); 401| 0| } else { 402| 0| this->push_back(std::move(obj)); 403| 0| this->decode(out, type_tag, class_tag); 404| 0| } 405| 0| optval = std::move(out); 406| 6.45k| } else { 407| 6.45k| this->push_back(std::move(obj)); 408| 6.45k| optval = std::nullopt; 409| 6.45k| } 410| | 411| 6.45k| return (*this); 412| 6.45k|} _ZN5Botan11BER_Decoder22decode_optional_stringINS_16secure_allocatorIhEEEERS0_RNSt3__16vectorIhT_EENS_9ASN1_TypeEjNS_10ASN1_ClassE: 345| 6.45k| ASN1_Class class_tag = ASN1_Class::ContextSpecific) { 346| 6.45k| BER_Object obj = get_next_object(); 347| | 348| 6.45k| const ASN1_Type type_tag = static_cast(expected_tag); 349| | 350| 6.45k| if(obj.is_a(type_tag, class_tag)) { ------------------ | Branch (350:13): [True: 6.45k, False: 0] ------------------ 351| 6.45k| if(class_tag == ASN1_Class::ExplicitContextSpecific) { ------------------ | Branch (351:16): [True: 6.45k, False: 0] ------------------ 352| 6.45k| BER_Decoder(obj, m_limits).decode(out, real_type).verify_end(); 353| 6.45k| } else { 354| 0| push_back(std::move(obj)); 355| 0| decode(out, real_type, type_tag, class_tag); 356| 0| } 357| 6.45k| } else { 358| 0| out.clear(); 359| 0| push_back(std::move(obj)); 360| 0| } 361| | 362| 6.45k| return (*this); 363| 6.45k| } _ZN5BotangeERKNS_6BigIntES2_: 1174| 21.8k|inline bool operator>=(const BigInt& a, const BigInt& b) { 1175| 21.8k| return (a.cmp(b) >= 0); 1176| 21.8k|} _ZN5BotanmiERKNS_6BigIntEm: 1141| 6|inline BigInt operator-(const BigInt& x, word y) { 1142| 6| return BigInt::add2(x, &y, 1, BigInt::Negative); 1143| 6|} _ZN5Botan6BigIntD2Ev: 185| 129k| ~BigInt() { _const_time_unpoison(); } _ZN5Botan6BigInt4zeroEv: 50| 18| static BigInt zero() { return BigInt(); } _ZN5Botan6BigIntC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 98| 36| explicit BigInt(std::string_view str) { *this = BigInt::from_string(str); } _ZN5Botan6BigIntC2EOS0_: 183| 21.8k| BigInt(BigInt&& other) noexcept { this->swap(other); } _ZN5Botan6BigIntaSEOS0_: 190| 66| BigInt& operator=(BigInt&& other) noexcept { 191| 66| if(this != &other) { ------------------ | Branch (191:13): [True: 66, False: 0] ------------------ 192| 66| this->swap(other); 193| 66| } 194| | 195| 66| return (*this); 196| 66| } _ZN5Botan6BigInt4swapERS0_: 207| 54.7k| void swap(BigInt& other) noexcept { 208| 54.7k| m_data.swap(other.m_data); 209| 54.7k| std::swap(m_signedness, other.m_signedness); 210| 54.7k| } _ZN5Botan6BigInt3subEPKmmNS0_4SignE: 332| 101| BigInt& sub(const word y[], size_t y_words, Sign sign) { 333| 101| return add(y, y_words, sign == Positive ? Negative : Positive); ------------------ | Branch (333:33): [True: 101, False: 0] ------------------ 334| 101| } _ZN5Botan6BigInt5clearEv: 415| 56.9k| void clear() { 416| 56.9k| m_data.set_to_zero(); 417| 56.9k| m_signedness = Positive; 418| 56.9k| } _ZNK5Botan6BigInt7is_evenEv: 455| 6| bool is_even() const { return !get_bit(0); } _ZNK5Botan6BigInt6signumEv: 467| 147k| int signum() const { 468| 147k| if(sig_words() == 0) { ------------------ | Branch (468:13): [True: 6.46k, False: 141k] ------------------ 469| 6.46k| return 0; 470| 6.46k| } 471| 141k| return (sign() == Negative) ? -1 : 1; ------------------ | Branch (471:17): [True: 0, False: 141k] ------------------ 472| 147k| } _ZNK5Botan6BigInt7is_zeroEv: 484| 40| bool is_zero() const { return sig_words() == 0; } _ZN5Botan6BigInt7set_bitEm: 490| 24| void set_bit(size_t n) { conditionally_set_bit(n, true); } _ZN5Botan6BigInt21conditionally_set_bitEmb: 500| 24| void conditionally_set_bit(size_t n, bool set_it) { 501| 24| const size_t which = n / (sizeof(word) * 8); 502| 24| const word mask = static_cast(set_it) << (n % (sizeof(word) * 8)); 503| 24| m_data.set_word_at(which, word_at(which) | mask); 504| 24| } _ZNK5Botan6BigInt7get_bitEm: 523| 6| bool get_bit(size_t n) const { return ((word_at(n / (sizeof(word) * 8)) >> (n % (sizeof(word) * 8))) & 1) == 1; } _ZNK5Botan6BigInt7word_atEm: 574| 135k| word word_at(size_t n) const { return m_data.get_word_at(n); } _ZNK5Botan6BigInt4signEv: 604| 141k| Sign sign() const { return (m_signedness); } _ZNK5Botan6BigInt12reverse_signEv: 609| 16| Sign reverse_sign() const { 610| 16| if(sign() == Positive) { ------------------ | Branch (610:13): [True: 16, False: 0] ------------------ 611| 16| return Negative; 612| 16| } 613| 0| return Positive; 614| 16| } _ZN5Botan6BigInt9flip_signEv: 619| 16| BOTAN_DEPRECATED("Deprecated no replacement") void flip_sign() { set_sign(reverse_sign()); } _ZN5Botan6BigInt8set_signENS0_4SignE: 625| 172| void set_sign(Sign sign) { 626| 172| if(sign == Negative && is_zero()) { ------------------ | Branch (626:13): [True: 16, False: 156] | Branch (626:33): [True: 0, False: 16] ------------------ 627| 0| sign = Positive; 628| 0| } 629| | 630| 172| m_signedness = sign; 631| 172| } _ZNK5Botan6BigInt4sizeEv: 642| 153k| size_t size() const { return m_data.size(); } _ZNK5Botan6BigInt9sig_wordsEv: 648| 259k| size_t sig_words() const { return m_data.sig_words(); } _ZN5Botan6BigInt12mutable_dataEv: 673| 22.1k| BOTAN_DEPRECATED("Deprecated no replacement") word* mutable_data() { return m_data.mutable_data(); } _ZNK5Botan6BigInt4dataEv: 679| 12| BOTAN_DEPRECATED("Deprecated no replacement") const word* data() const { return m_data.const_data(); } _ZNK5Botan6BigInt7grow_toEm: 699| 5.31k| BOTAN_DEPRECATED("Deprecated no replacement") void grow_to(size_t n) const { m_data.grow_to(n); } _ZN5Botan6BigInt10power_of_2Em: 856| 6| static BigInt power_of_2(size_t n) { 857| 6| BigInt b; 858| 6| b.set_bit(n); 859| 6| return b; 860| 6| } _ZNK5Botan6BigInt8_as_spanEv: 962| 12| std::span _as_span() const { return m_data.const_span(); } _ZNK5Botan6BigInt5_dataEv: 972| 116k| const word* _data() const { return m_data.const_data(); } _ZN5Botan6BigInt18_assign_from_bytesENSt3__14spanIKhLm18446744073709551615EEE: 983| 25.8k| void _assign_from_bytes(std::span bytes) { assign_from_bytes(bytes); } _ZN5Botan6BigInt11_from_wordsERNSt3__16vectorImNS_16secure_allocatorImEEEE: 991| 48| static BigInt _from_words(secure_vector& words) { 992| 48| BigInt bn; 993| 48| bn.m_data.swap(words); 994| 48| return bn; 995| 48| } _ZN5Botan6BigInt4Data12mutable_dataEv: 1022| 22.2k| word* mutable_data() { 1023| 22.2k| invalidate_sig_words(); 1024| 22.2k| return m_reg.data(); 1025| 22.2k| } _ZNK5Botan6BigInt4Data10const_dataEv: 1027| 245k| const word* const_data() const { return m_reg.data(); } _ZNK5Botan6BigInt4Data10const_spanEv: 1029| 12| std::span const_span() const { return std::span{m_reg}; } _ZNK5Botan6BigInt4Data11get_word_atEm: 1038| 135k| word get_word_at(size_t n) const { 1039| 135k| if(n < m_reg.size()) { ------------------ | Branch (1039:19): [True: 135k, False: 24] ------------------ 1040| 135k| return m_reg[n]; 1041| 135k| } 1042| 24| return 0; 1043| 135k| } _ZN5Botan6BigInt4Data11set_word_atEmm: 1045| 6.26k| void set_word_at(size_t i, word w) { 1046| 6.26k| invalidate_sig_words(); 1047| 6.26k| if(i >= m_reg.size()) { ------------------ | Branch (1047:19): [True: 6.26k, False: 0] ------------------ 1048| 6.26k| if(w == 0) { ------------------ | Branch (1048:22): [True: 14, False: 6.25k] ------------------ 1049| 14| return; 1050| 14| } 1051| 6.25k| grow_to(i + 1); 1052| 6.25k| } 1053| 6.25k| m_reg[i] = w; 1054| 6.25k| } _ZNK5Botan6BigInt4Data7grow_toEm: 1065| 11.5k| void grow_to(size_t n) const { 1066| 11.5k| if(n > size()) { ------------------ | Branch (1066:19): [True: 11.4k, False: 119] ------------------ 1067| 11.4k| if(n <= m_reg.capacity()) { ------------------ | Branch (1067:22): [True: 0, False: 11.4k] ------------------ 1068| 0| m_reg.resize(n); 1069| 11.4k| } else { 1070| 11.4k| m_reg.resize(n + (8 - (n % 8))); 1071| 11.4k| } 1072| 11.4k| } 1073| 11.5k| } _ZNK5Botan6BigInt4Data4sizeEv: 1075| 294k| size_t size() const { return m_reg.size(); } _ZN5Botan6BigInt4Data4swapERS1_: 1090| 54.7k| void swap(Data& other) noexcept { 1091| 54.7k| m_reg.swap(other.m_reg); 1092| 54.7k| std::swap(m_sig_words, other.m_sig_words); 1093| 54.7k| } _ZN5Botan6BigInt4Data4swapERNSt3__16vectorImNS_16secure_allocatorImEEEE: 1095| 57.0k| void swap(secure_vector& reg) noexcept { 1096| 57.0k| m_reg.swap(reg); 1097| 57.0k| invalidate_sig_words(); 1098| 57.0k| } _ZNK5Botan6BigInt4Data20invalidate_sig_wordsEv: 1100| 85.5k| void invalidate_sig_words() const noexcept { m_sig_words = sig_words_npos; } _ZNK5Botan6BigInt4Data9sig_wordsEv: 1102| 259k| size_t sig_words() const { 1103| 259k| if(m_sig_words == sig_words_npos) { ------------------ | Branch (1103:19): [True: 54.3k, False: 205k] ------------------ 1104| 54.3k| m_sig_words = calc_sig_words(); 1105| 54.3k| } 1106| 259k| return m_sig_words; 1107| 259k| } _ZN5BotanplERKNS_6BigIntES2_: 1125| 12|inline BigInt operator+(const BigInt& x, const BigInt& y) { 1126| 12| return BigInt::add2(x, y._data(), y.sig_words(), y.sign()); 1127| 12|} _ZN5BotanmlEmRKNS_6BigIntE: 1148| 84|inline BigInt operator*(word x, const BigInt& y) { 1149| 84| return y * x; 1150| 84|} _ZN5BotaneqERKNS_6BigIntES2_: 1162| 6|inline bool operator==(const BigInt& a, const BigInt& b) { 1163| 6| return a.is_equal(b); 1164| 6|} _ZN5BotanneERKNS_6BigIntES2_: 1166| 6|inline bool operator!=(const BigInt& a, const BigInt& b) { 1167| 6| return !a.is_equal(b); 1168| 6|} _ZN5BotanltERKNS_6BigIntES2_: 1178| 6|inline bool operator<(const BigInt& a, const BigInt& b) { 1179| 6| return a.is_less_than(b); 1180| 6|} _ZN5BotaneqERKNS_6BigIntEm: 1186| 6.22k|inline bool operator==(const BigInt& a, word b) { 1187| 6.22k| return (a.cmp_word(b) == 0); 1188| 6.22k|} _ZN5BotanneERKNS_6BigIntEm: 1190| 6|inline bool operator!=(const BigInt& a, word b) { 1191| 6| return (a.cmp_word(b) != 0); 1192| 6|} _ZN5BotanltERKNS_6BigIntEm: 1202| 21.8k|inline bool operator<(const BigInt& a, word b) { 1203| 21.8k| return (a.cmp_word(b) < 0); 1204| 21.8k|} _ZNK5Botan6BigInt9serializeINSt3__16vectorIhNS2_9allocatorIhEEEEEET_m: 747| 12.6k| T serialize(size_t len) const { 748| | // TODO this supports std::vector and secure_vector 749| | // it would be nice if this also could work with std::array as in 750| | // bn.serialize_to>(32); 751| 12.6k| T out(len); 752| 12.6k| this->serialize_to(out); 753| 12.6k| return out; 754| 12.6k| } _ZNK5Botan6BigInt9serializeINSt3__16vectorIhNS2_9allocatorIhEEEEEET_v: 760| 6.45k| T serialize() const { 761| 6.45k| return serialize(this->bytes()); 762| 6.45k| } _ZN5Botan6BigIntC2ERKS0_: 88| 11.0k| BigInt(const BigInt& other) = default; _ZN5Botan6BigIntC2Ev: 45| 90.0k| BigInt() = default; _ZN5Botan6BigIntaSERKS0_: 201| 6| BigInt& operator=(const BigInt&) = default; _ZNK5Botan11BlockCipher14parallel_bytesEv: 67| 535| size_t parallel_bytes() const { return parallelism() * block_size() * BlockCipher::ParallelismMult; } _ZNK5Botan11BlockCipher7encryptEPh: 99| 358| void encrypt(uint8_t block[]) const { encrypt_n(block, block, 1); } _ZNK5Botan11BlockCipher7encryptENSt3__14spanIhLm18446744073709551615EEE: 113| 1.13k| void encrypt(std::span block) const { 114| 1.13k| return encrypt_n(block.data(), block.data(), block.size() / block_size()); 115| 1.13k| } _ZNK5Botan11BlockCipher7encryptENSt3__14spanIKhLm18446744073709551615EEENS2_IhLm18446744073709551615EEE: 130| 894| void encrypt(std::span in, std::span out) const { 131| 894| return encrypt_n(in.data(), out.data(), in.size() / block_size()); 132| 894| } _ZNK5Botan25Block_Cipher_Fixed_ParamsILm16ELm16ELm0ELm1ENS_11BlockCipherEE8key_specEv: 216| 371| Key_Length_Specification key_spec() const final { return Key_Length_Specification(KMIN, KMAX, KMOD); } _ZNK5Botan25Block_Cipher_Fixed_ParamsILm16ELm16ELm0ELm1ENS_11BlockCipherEE10block_sizeEv: 214| 1.98k| size_t block_size() const final { return BS; } _ZNK5Botan25Block_Cipher_Fixed_ParamsILm16ELm32ELm0ELm1ENS_11BlockCipherEE8key_specEv: 216| 511| Key_Length_Specification key_spec() const final { return Key_Length_Specification(KMIN, KMAX, KMOD); } _ZNK5Botan25Block_Cipher_Fixed_ParamsILm16ELm32ELm0ELm1ENS_11BlockCipherEE10block_sizeEv: 214| 1.32k| size_t block_size() const final { return BS; } _ZNK5Botan25Block_Cipher_Fixed_ParamsILm8ELm16ELm24ELm8ENS_11BlockCipherEE8key_specEv: 216| 225| Key_Length_Specification key_spec() const final { return Key_Length_Specification(KMIN, KMAX, KMOD); } _ZNK5Botan25Block_Cipher_Fixed_ParamsILm8ELm16ELm24ELm8ENS_11BlockCipherEE10block_sizeEv: 214| 208| size_t block_size() const final { return BS; } _ZN5Botan20Buffered_Computation6updateEPKhm: 34| 211| void update(const uint8_t in[], size_t length) { add_data({in, length}); } _ZN5Botan20Buffered_Computation6updateENSt3__14spanIKhLm18446744073709551615EEE: 40| 245k| void update(std::span in) { add_data(in); } _ZN5Botan20Buffered_Computation5finalEPh: 69| 9.80k| void final(uint8_t out[]) { final_result({out, output_length()}); } _ZN5Botan20Buffered_Computation12final_stdvecEv: 83| 29.1k| std::vector final_stdvec() { return final>(); } _ZN5Botan20Buffered_Computation5finalITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS3_9allocatorIhEEEEEET_v: 77| 29.1k| T final() { 78| 29.1k| T output(output_length()); 79| 29.1k| final_result(output); 80| 29.1k| return output; 81| 29.1k| } _ZN5Botan20Buffered_Computation5finalITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEEET_v: 77| 8.61k| T final() { 78| 8.61k| T output(output_length()); 79| 8.61k| final_result(output); 80| 8.61k| return output; 81| 8.61k| } _ZN5Botan20Buffered_ComputationD2Ev: 130| 51.9k| virtual ~Buffered_Computation() = default; _ZN5Botan20Buffered_Computation5finalITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEEEvRT_: 88| 7.05k| void final(T& out) { 89| 7.05k| out.resize(output_length()); 90| 7.05k| final_result(out); 91| 7.05k| } _ZN5Botan20Buffered_Computation7processITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEEET_NS3_4spanIKhLm18446744073709551615EEE: 125| 7.05k| T process(std::span in) { 126| 7.05k| update(in); 127| 7.05k| return final(); 128| 7.05k| } _ZN5Botan20Buffered_Computation5finalITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS3_9allocatorIhEEEEEEvRT_: 88| 5.78k| void final(T& out) { 89| 5.78k| out.resize(output_length()); 90| 5.78k| final_result(out); 91| 5.78k| } _ZNK5Botan10ChaCha_RNG31max_number_of_bytes_per_requestEv: 108| 37.3k| size_t max_number_of_bytes_per_request() const override { return 0; } _ZN5Botan11Cipher_Mode5startENSt3__14spanIKhLm18446744073709551615EEE: 97| 618| void start(std::span nonce) { start_msg(nonce.data(), nonce.size()); } _ZN5Botan11Cipher_Mode6finishERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 178| 409| void finish(secure_vector& final_block, size_t offset = 0) { finish_msg(final_block, offset); } _ZN5Botan11Cipher_Mode7processENSt3__14spanIhLm18446744073709551615EEE: 131| 223| size_t process(std::span msg) { return this->process_msg(msg.data(), msg.size()); } _ZN5Botan11Cipher_Mode7processEPhm: 133| 209| size_t process(uint8_t msg[], size_t msg_len) { return this->process_msg(msg, msg_len); } _ZN5Botan11Cipher_Mode6updateITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEEEvRT_m: 148| 223| void update(T& buffer, size_t offset = 0) { 149| 223| const size_t written = process(std::span(buffer).subspan(offset)); 150| 223| buffer.resize(offset + written); 151| 223| } _ZN5Botan19Credentials_ManagerD2Ev: 42| 6.45k| virtual ~Credentials_Manager() = default; _ZN5Botan8CurveGFp4swapERS0_: 69| 10.9k| void swap(CurveGFp& other) noexcept { std::swap(m_group, other.m_group); } _ZN5Botan8CurveGFpC2Ev: 62| 10.9k| CurveGFp() = default; _ZN5Botan10DataSourceD2Ev: 101| 312k| virtual ~DataSource() = default; _ZN5Botan17DataSource_MemoryC2ENSt3__16vectorIhNS_16secure_allocatorIhEEEE: 135| 6.45k| explicit DataSource_Memory(secure_vector in) : m_source(std::move(in)), m_offset(0) {} _ZN5Botan17DataSource_MemoryC2ENSt3__14spanIKhLm18446744073709551615EEE: 141| 104k| explicit DataSource_Memory(std::span in) : m_source(in.begin(), in.end()), m_offset(0) {} _ZN5Botan10DataSourceC2Ev: 100| 312k| DataSource() = default; _ZN5Botan11DER_Encoder14start_sequenceEv: 67| 63.6k| DER_Encoder& start_sequence() { return start_cons(ASN1_Type::Sequence, ASN1_Class::Universal); } _ZN5Botan11DER_Encoder12DER_SequenceD2Ev: 244| 272k| ~DER_Sequence() = default; _ZN5Botan11DER_Encoder6encodeINSt3__19allocatorIhEEEERS0_RKNS2_6vectorIhT_EENS_9ASN1_TypeE: 98| 6.46k| DER_Encoder& encode(const std::vector& vec, ASN1_Type real_type) { 99| 6.46k| return encode(vec.data(), vec.size(), real_type); 100| 6.46k| } _ZN5Botan11DER_Encoder22start_context_specificEj: 71| 18.6k| DER_Encoder& start_context_specific(uint32_t tag) { 72| 18.6k| return start_cons(ASN1_Type(tag), ASN1_Class::ContextSpecific); 73| 18.6k| } _ZN5Botan11DER_Encoder9raw_bytesENSt3__14spanIKhLm18446744073709551615EEE: 89| 31.5k| DER_Encoder& raw_bytes(std::span val) { return raw_bytes(val.data(), val.size()); } _ZN5Botan11DER_Encoder10add_objectENS_9ASN1_TypeENS_10ASN1_ClassENSt3__14spanIKhLm18446744073709551615EEE: 185| 37.8k| DER_Encoder& add_object(ASN1_Type type_tag, ASN1_Class class_tag, std::span rep) { 186| 37.8k| return add_object(type_tag, class_tag, rep.data(), rep.size()); 187| 37.8k| } _ZN5Botan11DER_Encoder10add_objectENS_9ASN1_TypeENS_10ASN1_ClassERKNSt3__16vectorIhNS3_9allocatorIhEEEE: 189| 25.1k| DER_Encoder& add_object(ASN1_Type type_tag, ASN1_Class class_tag, const std::vector& rep) { 190| 25.1k| return add_object(type_tag, class_tag, std::span{rep}); 191| 25.1k| } _ZN5Botan11DER_Encoder10add_objectENS_9ASN1_TypeENS_10ASN1_ClassERKNSt3__16vectorIhNS_16secure_allocatorIhEEEE: 193| 6.46k| DER_Encoder& add_object(ASN1_Type type_tag, ASN1_Class class_tag, const secure_vector& rep) { 194| 6.46k| return add_object(type_tag, class_tag, std::span{rep}); 195| 6.46k| } _ZN5Botan11DER_Encoder12DER_SequenceC2EOS1_: 229| 189k| m_type_tag(seq.m_type_tag), 230| 189k| m_class_tag(seq.m_class_tag), 231| 189k| m_contents(std::move(seq.m_contents)), 232| 189k| m_set_contents(std::move(seq.m_set_contents)) {} _ZNK5Botan14EC_AffinePoint5innerEv: 274| 26.6k| const EC_AffinePoint_Data& inner() const { return *m_point; } _ZNK5Botan14EC_AffinePoint22serialize_uncompressedITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS3_9allocatorIhEEEEEET_v: 203| 4.43k| T serialize_uncompressed() const { 204| 4.43k| T bytes(1 + 2 * this->field_element_bytes()); 205| 4.43k| this->serialize_uncompressed_to(bytes); 206| 4.43k| return bytes; 207| 4.43k| } _ZNK5Botan14EC_AffinePoint20serialize_compressedITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS3_9allocatorIhEEEEEET_v: 213| 27| T serialize_compressed() const { 214| 27| T bytes(1 + this->field_element_bytes()); 215| 27| this->serialize_compressed_to(bytes); 216| 27| return bytes; 217| 27| } _ZNK5Botan8EC_Group5_dataEv: 458| 19.5k| const std::shared_ptr& _data() const { return m_data; } _ZN5Botan8EC_GroupC2EOS0_: 221| 20.1k| EC_Group(EC_Group&&) = default; _ZN5Botan8EC_PointaSEOS0_: 72| 10.9k| EC_Point& operator=(EC_Point&& other) noexcept { 73| 10.9k| if(this != &other) { ------------------ | Branch (73:13): [True: 10.9k, False: 0] ------------------ 74| 10.9k| this->swap(other); 75| 10.9k| } 76| 10.9k| return (*this); 77| 10.9k| } _ZN5Botan8EC_PointD2Ev: 79| 21.8k| ~EC_Point() = default; _ZN5Botan8EC_PointC2Ev: 46| 10.9k| EC_Point() = default; _ZNK5Botan9EC_Scalar10is_nonzeroEv: 161| 9.22k| bool is_nonzero() const { return !is_zero(); } _ZNK5Botan9EC_Scalar6_innerEv: 244| 4.46k| const EC_Scalar_Data& _inner() const { return inner(); } _ZNK5Botan9EC_Scalar5innerEv: 253| 24.6k| const EC_Scalar_Data& inner() const { return *m_scalar; } _ZN5Botan12EC_PublicKeyC2Ev: 137| 9.22k| EC_PublicKey() = default; _ZN5Botan12EC_PublicKeyD2Ev: 42| 10.9k| ~EC_PublicKey() override = default; _ZN5Botan13EC_PrivateKeyD2Ev: 170| 9.22k| ~EC_PrivateKey() override = default; _ZNK5Botan12EC_PublicKey14point_encodingEv: 102| 4.46k| EC_Point_Format point_encoding() const { return m_point_encoding; } _ZN5Botan14ECDH_PublicKeyC1ERKNS_8EC_GroupERKNS_14EC_AffinePointE: 44| 1.69k| ECDH_PublicKey(const EC_Group& group, const EC_AffinePoint& public_key) : EC_PublicKey(group, public_key) {} _ZN5Botan15ECDH_PrivateKeyC1ERNS_21RandomNumberGeneratorERKNS_8EC_GroupE: 101| 2.77k| ECDH_PrivateKey(RandomNumberGenerator& rng, const EC_Group& group) : EC_PrivateKey(rng, group) {} _ZN5Botan14ECDH_PublicKeyC2Ev: 67| 2.77k| ECDH_PublicKey() = default; _ZNK5Botan14ECDH_PublicKey9algo_nameEv: 50| 5.58k| std::string algo_name() const override { return "ECDH"; } _ZN5Botan16ECDSA_PrivateKeyC1ERKNS_19AlgorithmIdentifierENSt3__14spanIKhLm18446744073709551615EEE: 98| 6.45k| EC_PrivateKey(alg_id, key_bits) {} _ZN5Botan15ECDSA_PublicKeyC2Ev: 79| 6.45k| ECDSA_PublicKey() = default; _ZNK5Botan9Exception4whatEv: 94| 1.10k| const char* what() const noexcept override { return m_msg.c_str(); } _ZN5Botan10hex_encodeENSt3__14spanIKhLm18446744073709551615EEEb: 43| 12.9k|inline std::string hex_encode(std::span input, bool uppercase = true) { 44| 12.9k| return hex_encode(input.data(), input.size(), uppercase); 45| 12.9k|} _ZN5Botan3KDFD2Ev: 27| 1.55k| virtual ~KDF() = default; _ZNK5Botan3KDF10derive_keyITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEEET_mNS3_4spanIKhLm18446744073709551615EEESB_SB_: 143| 2.91k| std::span label) const { 144| 2.91k| T key(key_len); 145| 2.91k| perform_kdf(key, secret, salt, label); 146| 2.91k| return key; 147| 2.91k| } _ZNK5Botan3KDF10derive_keyITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEEET_mPKhmSA_mSA_m: 97| 1.35k| size_t label_len = 0) const { 98| 1.35k| return derive_key(key_len, {secret, secret_len}, {salt, salt_len}, {label, label_len}); 99| 1.35k| } _ZN5Botan9clear_memIhEEvPT_m: 118| 49.0k|inline constexpr void clear_mem(T* ptr, size_t n) { 119| 49.0k| clear_bytes(ptr, sizeof(T) * n); 120| 49.0k|} _ZN5Botan11clear_bytesEPvm: 101| 170k|inline constexpr void clear_bytes(void* ptr, size_t bytes) { 102| 170k| if(bytes > 0) { ------------------ | Branch (102:7): [True: 113k, False: 56.9k] ------------------ 103| 113k| std::memset(ptr, 0, bytes); 104| 113k| } 105| 170k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERNSt3__15arrayImLm4EEETkNS1_16contiguous_rangeENS2_4spanIhLm32EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS8_IXsr21__is_primary_templateINS9_Iu14__remove_cvrefIDTclL_ZNSB_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSH_ISP_EESQ_E4type10value_typeEEEEvOSM_RKSC_: 176| 12.6k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 12.6k| ranges::assert_equal_byte_lengths(out, in); 178| 12.6k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 12.6k|} _ZN5Botan13typecast_copyINSt3__15arrayImLm4EEETkNS_6ranges16contiguous_rangeENS1_4spanIhLm32EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vIS7_Esr3stdE23is_trivially_copyable_vINS1_11conditionalIXsr21__is_primary_templateINS1_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS1_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS1_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEEES7_RKSC_: 210| 12.6k|inline constexpr ToT typecast_copy(const FromR& src) { 211| 12.6k| ToT dst; // NOLINT(*-member-init) 212| 12.6k| typecast_copy(dst, src); 213| 12.6k| return dst; 214| 12.6k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERNSt3__15arrayImLm4EEETkNS1_16contiguous_rangeENS2_4spanIKhLm32EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISG_EESH_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS9_IXsr21__is_primary_templateINSA_Iu14__remove_cvrefIDTclL_ZNSC_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSI_ISQ_EESR_E4type10value_typeEEEEvOSN_RKSD_: 176| 13.2k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 13.2k| ranges::assert_equal_byte_lengths(out, in); 178| 13.2k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 13.2k|} _ZN5Botan13typecast_copyINSt3__15arrayImLm4EEETkNS_6ranges16contiguous_rangeENS1_4spanIKhLm32EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vIS8_Esr3stdE23is_trivially_copyable_vINS1_11conditionalIXsr21__is_primary_templateINS1_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS1_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS1_26indirectly_readable_traitsISG_EESH_E4type10value_typeEEEES8_RKSD_: 210| 13.2k|inline constexpr ToT typecast_copy(const FromR& src) { 211| 13.2k| ToT dst; // NOLINT(*-member-init) 212| 13.2k| typecast_copy(dst, src); 213| 13.2k| return dst; 214| 13.2k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeENSt3__14spanIhLm32EEETkNS1_16contiguous_rangeENS2_5arrayImLm4EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEEEvOSL_RKSB_: 176| 12.9k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 12.9k| ranges::assert_equal_byte_lengths(out, in); 178| 12.9k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 12.9k|} _ZN5Botan7xor_bufITkNS_6ranges23contiguous_output_rangeIhEENSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeIhEENS4_IKhLm18446744073709551615EEEEEvOT_OT0_: 342| 6.55k| ranges::contiguous_range auto&& in) { 343| 6.55k| ranges::assert_equal_byte_lengths(out, in); 344| | 345| 6.55k| std::span o(out); 346| 6.55k| std::span i(in); 347| | 348| 14.7k| for(; o.size_bytes() >= 32; o = o.subspan(32), i = i.subspan(32)) { ------------------ | Branch (348:10): [True: 8.23k, False: 6.55k] ------------------ 349| 8.23k| auto x = typecast_copy>(o.template first<32>()); 350| 8.23k| const auto y = typecast_copy>(i.template first<32>()); 351| | 352| 8.23k| x[0] ^= y[0]; 353| 8.23k| x[1] ^= y[1]; 354| 8.23k| x[2] ^= y[2]; 355| 8.23k| x[3] ^= y[3]; 356| | 357| 8.23k| typecast_copy(o.template first<32>(), x); 358| 8.23k| } 359| | 360| 99.8k| for(size_t off = 0; off != o.size_bytes(); ++off) { ------------------ | Branch (360:24): [True: 93.3k, False: 6.55k] ------------------ 361| 93.3k| o[off] ^= i[off]; 362| 93.3k| } 363| 6.55k|} _ZN5Botan7xor_bufITkNS_6ranges23contiguous_output_rangeIhEENSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeIhEENS4_IKhLm18446744073709551615EEETkNS6_IhEES8_EEvOT_OT0_OT1_: 373| 1.38k| ranges::contiguous_range auto&& in2) { 374| 1.38k| ranges::assert_equal_byte_lengths(out, in1, in2); 375| | 376| 1.38k| std::span o{out}; 377| 1.38k| std::span i1{in1}; 378| 1.38k| std::span i2{in2}; 379| | 380| 1.69k| for(; o.size_bytes() >= 32; o = o.subspan(32), i1 = i1.subspan(32), i2 = i2.subspan(32)) { ------------------ | Branch (380:10): [True: 303, False: 1.38k] ------------------ 381| 303| auto x = typecast_copy>(i1.template first<32>()); 382| 303| const auto y = typecast_copy>(i2.template first<32>()); 383| | 384| 303| x[0] ^= y[0]; 385| 303| x[1] ^= y[1]; 386| 303| x[2] ^= y[2]; 387| 303| x[3] ^= y[3]; 388| | 389| 303| typecast_copy(o.template first<32>(), x); 390| 303| } 391| | 392| 23.4k| for(size_t off = 0; off != o.size_bytes(); ++off) { ------------------ | Branch (392:24): [True: 22.0k, False: 1.38k] ------------------ 393| 22.0k| o[off] = i1[off] ^ i2[off]; 394| 22.0k| } 395| 1.38k|} _ZN5Botan7xor_bufEPhPKhm: 403| 6.46k|inline void xor_buf(uint8_t out[], const uint8_t in[], size_t length) { 404| | // simply assumes that *out and *in point to "length" allocated bytes at least 405| 6.46k| xor_buf(std::span{out, length}, std::span{in, length}); 406| 6.46k|} _ZN5Botan7xor_bufEPhPKhS2_m: 415| 1.38k|inline void xor_buf(uint8_t out[], const uint8_t in[], const uint8_t in2[], size_t length) { 416| | // simply assumes that *out, *in, and *in2 point to "length" allocated bytes at least 417| 1.38k| xor_buf(std::span{out, length}, std::span{in, length}, std::span{in2, length}); 418| 1.38k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm8EEEmQaaaasr3stdE23is_trivially_copyable_vIT0_Entsr3std6rangesE5rangeIS7_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEEEvOSC_RKS7_: 199| 434k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromT& in) { 200| 434k| typecast_copy(out, std::span(&in, 1)); 201| 434k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm8EEETkNS1_16contiguous_rangeENS3_IKmLm1EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISG_EESH_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS9_IXsr21__is_primary_templateINSA_Iu14__remove_cvrefIDTclL_ZNSC_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSI_ISQ_EESR_E4type10value_typeEEEEvOSN_RKSD_: 176| 434k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 434k| ranges::assert_equal_byte_lengths(out, in); 178| 434k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 434k|} _ZN5Botan13typecast_copyImTkNS_6ranges16contiguous_rangeENSt3__14spanIKhLm8EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vIS6_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEEES6_RKSB_: 210| 432k|inline constexpr ToT typecast_copy(const FromR& src) { 211| 432k| ToT dst; // NOLINT(*-member-init) 212| 432k| typecast_copy(dst, src); 213| 432k| return dst; 214| 432k|} _ZN5Botan13typecast_copyImTkNS_6ranges16contiguous_rangeENSt3__14spanIKhLm8EEEQaaaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIT_Entsr3std6rangesE5rangeISK_EEEvRSK_RKSA_: 188| 432k|inline constexpr void typecast_copy(ToT& out, const FromR& in) { 189| 432k| typecast_copy(std::span(&out, 1), in); 190| 432k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm1EEETkNS1_16contiguous_rangeENS3_IKhLm8EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEEEvOSL_RKSB_: 176| 432k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 432k| ranges::assert_equal_byte_lengths(out, in); 178| 432k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 432k|} _ZN5Botan13typecast_copyItTkNS_6ranges16contiguous_rangeENSt3__14spanIKhLm2EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vIS6_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEEES6_RKSB_: 210| 51.3k|inline constexpr ToT typecast_copy(const FromR& src) { 211| 51.3k| ToT dst; // NOLINT(*-member-init) 212| 51.3k| typecast_copy(dst, src); 213| 51.3k| return dst; 214| 51.3k|} _ZN5Botan13typecast_copyItTkNS_6ranges16contiguous_rangeENSt3__14spanIKhLm2EEEQaaaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIT_Entsr3std6rangesE5rangeISK_EEEvRSK_RKSA_: 188| 51.3k|inline constexpr void typecast_copy(ToT& out, const FromR& in) { 189| 51.3k| typecast_copy(std::span(&out, 1), in); 190| 51.3k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeENSt3__14spanItLm1EEETkNS1_16contiguous_rangeENS3_IKhLm2EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEEEvOSL_RKSB_: 176| 51.3k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 51.3k| ranges::assert_equal_byte_lengths(out, in); 178| 51.3k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 51.3k|} _ZN5Botan13typecast_copyIjTkNS_6ranges16contiguous_rangeENSt3__14spanIKhLm4EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vIS6_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEEES6_RKSB_: 210| 354|inline constexpr ToT typecast_copy(const FromR& src) { 211| 354| ToT dst; // NOLINT(*-member-init) 212| 354| typecast_copy(dst, src); 213| 354| return dst; 214| 354|} _ZN5Botan13typecast_copyIjTkNS_6ranges16contiguous_rangeENSt3__14spanIKhLm4EEEQaaaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIT_Entsr3std6rangesE5rangeISK_EEEvRSK_RKSA_: 188| 354|inline constexpr void typecast_copy(ToT& out, const FromR& in) { 189| 354| typecast_copy(std::span(&out, 1), in); 190| 354|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeENSt3__14spanIjLm1EEETkNS1_16contiguous_rangeENS3_IKhLm4EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEEEvOSL_RKSB_: 176| 354|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 354| ranges::assert_equal_byte_lengths(out, in); 178| 354| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 354|} _ZN5Botan8copy_memIhQsr3stdE12is_trivial_vIu7__decayIT_EEEEvPS1_PKS1_m: 144| 11.0M|inline constexpr void copy_mem(T* out, const T* in, size_t n) { 145| 11.0M| BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, "If n > 0 then args are not null"); ------------------ | | 103| 11.0M| do { \ | | 104| 11.0M| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 105| 22.0M| if((expr1) && !(expr2)) { \ | | ------------------ | | | Branch (105:10): [True: 11.0M, False: 79.3k] | | | Branch (105:23): [True: 11.0M, False: 0] | | | Branch (105:23): [True: 11.0M, False: 0] | | ------------------ | | 106| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 107| 0| Botan::assertion_failure(#expr1 " implies " #expr2, msg, __func__, __FILE__, __LINE__); \ | | 108| 0| } \ | | 109| 11.0M| } while(0) | | ------------------ | | | Branch (109:12): [Folded, False: 11.0M] | | ------------------ ------------------ 146| | 147| 11.0M| if(in != nullptr && out != nullptr && n > 0) { ------------------ | Branch (147:7): [True: 11.0M, False: 12.9k] | Branch (147:24): [True: 11.0M, False: 6.78k] | Branch (147:42): [True: 11.0M, False: 59.5k] ------------------ 148| 11.0M| std::memmove(out, in, sizeof(T) * n); 149| 11.0M| } 150| 11.0M|} _ZN5Botan19secure_scrub_memoryITkNS_6ranges23contiguous_output_rangeERNSt3__16vectorIhNS2_9allocatorIhEEEEEEvOT_: 59| 1.15M|void secure_scrub_memory(ranges::contiguous_output_range auto&& data) { 60| 1.15M| secure_scrub_memory(std::ranges::data(data), ranges::size_bytes(data)); 61| 1.15M|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm2EEEtQaaaasr3stdE23is_trivially_copyable_vIT0_Entsr3std6rangesE5rangeIS7_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEEEvOSC_RKS7_: 199| 5|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromT& in) { 200| 5| typecast_copy(out, std::span(&in, 1)); 201| 5|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm2EEETkNS1_16contiguous_rangeENS3_IKtLm1EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISG_EESH_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS9_IXsr21__is_primary_templateINSA_Iu14__remove_cvrefIDTclL_ZNSC_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSI_ISQ_EESR_E4type10value_typeEEEEvOSN_RKSD_: 176| 5|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 5| ranges::assert_equal_byte_lengths(out, in); 178| 5| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 5|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm4EEEjQaaaasr3stdE23is_trivially_copyable_vIT0_Entsr3std6rangesE5rangeIS7_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEEEvOSC_RKS7_: 199| 703k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromT& in) { 200| 703k| typecast_copy(out, std::span(&in, 1)); 201| 703k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm4EEETkNS1_16contiguous_rangeENS3_IKjLm1EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISG_EESH_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS9_IXsr21__is_primary_templateINSA_Iu14__remove_cvrefIDTclL_ZNSC_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSI_ISQ_EESR_E4type10value_typeEEEEvOSN_RKSD_: 176| 703k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 703k| ranges::assert_equal_byte_lengths(out, in); 178| 703k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 703k|} _ZN5Botan9clear_memIjEEvPT_m: 118| 6|inline constexpr void clear_mem(T* ptr, size_t n) { 119| 6| clear_bytes(ptr, sizeof(T) * n); 120| 6|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERNSt3__14spanImLm18446744073709551615EEETkNS1_16contiguous_rangeENS3_IKhLm18446744073709551615EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS8_IXsr21__is_primary_templateINS9_Iu14__remove_cvrefIDTclL_ZNSB_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSH_ISP_EESQ_E4type10value_typeEEEEvOSM_RKSC_: 176| 4.46k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 4.46k| ranges::assert_equal_byte_lengths(out, in); 178| 4.46k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 4.46k|} _ZN5Botan8copy_memImQsr3stdE12is_trivial_vIu7__decayIT_EEEEvPS1_PKS1_m: 144| 37.3k|inline constexpr void copy_mem(T* out, const T* in, size_t n) { 145| 37.3k| BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, "If n > 0 then args are not null"); ------------------ | | 103| 37.3k| do { \ | | 104| 37.3k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 105| 74.6k| if((expr1) && !(expr2)) { \ | | ------------------ | | | Branch (105:10): [True: 37.3k, False: 0] | | | Branch (105:23): [True: 37.3k, False: 0] | | | Branch (105:23): [True: 37.3k, False: 0] | | ------------------ | | 106| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 107| 0| Botan::assertion_failure(#expr1 " implies " #expr2, msg, __func__, __FILE__, __LINE__); \ | | 108| 0| } \ | | 109| 37.3k| } while(0) | | ------------------ | | | Branch (109:12): [Folded, False: 37.3k] | | ------------------ ------------------ 146| | 147| 37.3k| if(in != nullptr && out != nullptr && n > 0) { ------------------ | Branch (147:7): [True: 37.3k, False: 0] | Branch (147:24): [True: 37.3k, False: 0] | Branch (147:42): [True: 37.3k, False: 0] ------------------ 148| 37.3k| std::memmove(out, in, sizeof(T) * n); 149| 37.3k| } 150| 37.3k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeERNSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeENS3_IKhLm18446744073709551615EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeENS8_IXsr21__is_primary_templateINS9_Iu14__remove_cvrefIDTclL_ZNSB_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSH_ISP_EESQ_E4type10value_typeEEsr3stdE23is_trivially_copyable_vISU_EEEvOSC_RKSM_: 160| 27|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 27| ranges::assert_equal_byte_lengths(out, in); 162| 27| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 27] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 27| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 27, False: 0] ------------------ 165| 27| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 27| } 167| 27|} _ZN5Botan7xor_bufITkNS_6ranges23contiguous_output_rangeIhEENSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeIhEES5_EEvOT_OT0_: 342| 7.05k| ranges::contiguous_range auto&& in) { 343| 7.05k| ranges::assert_equal_byte_lengths(out, in); 344| | 345| 7.05k| std::span o(out); 346| 7.05k| std::span i(in); 347| | 348| 11.5k| for(; o.size_bytes() >= 32; o = o.subspan(32), i = i.subspan(32)) { ------------------ | Branch (348:10): [True: 4.45k, False: 7.05k] ------------------ 349| 4.45k| auto x = typecast_copy>(o.template first<32>()); 350| 4.45k| const auto y = typecast_copy>(i.template first<32>()); 351| | 352| 4.45k| x[0] ^= y[0]; 353| 4.45k| x[1] ^= y[1]; 354| 4.45k| x[2] ^= y[2]; 355| 4.45k| x[3] ^= y[3]; 356| | 357| 4.45k| typecast_copy(o.template first<32>(), x); 358| 4.45k| } 359| | 360| 63.6k| for(size_t off = 0; off != o.size_bytes(); ++off) { ------------------ | Branch (360:24): [True: 56.6k, False: 7.05k] ------------------ 361| 56.6k| o[off] ^= i[off]; 362| 56.6k| } 363| 7.05k|} _ZN5Botan9clear_memImEEvPT_m: 118| 57.0k|inline constexpr void clear_mem(T* ptr, size_t n) { 119| 57.0k| clear_bytes(ptr, sizeof(T) * n); 120| 57.0k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeENS3_IKhLm18446744073709551615EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeENS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIST_EEEvOSB_RKSL_: 160| 30.2k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 30.2k| ranges::assert_equal_byte_lengths(out, in); 162| 30.2k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 30.2k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 30.2k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 30.2k, False: 0] ------------------ 165| 30.2k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 30.2k| } 167| 30.2k|} _ZN5Botan13typecast_copyImTkNS_6ranges16contiguous_rangeENSt3__14spanIhLm8EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vIS5_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEEES5_RKSA_: 210| 27.5k|inline constexpr ToT typecast_copy(const FromR& src) { 211| 27.5k| ToT dst; // NOLINT(*-member-init) 212| 27.5k| typecast_copy(dst, src); 213| 27.5k| return dst; 214| 27.5k|} _ZN5Botan13typecast_copyImTkNS_6ranges16contiguous_rangeENSt3__14spanIhLm8EEEQaaaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISC_EESD_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIT_Entsr3std6rangesE5rangeISJ_EEEvRSJ_RKS9_: 188| 27.5k|inline constexpr void typecast_copy(ToT& out, const FromR& in) { 189| 27.5k| typecast_copy(std::span(&out, 1), in); 190| 27.5k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm1EEETkNS1_16contiguous_rangeENS3_IhLm8EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS6_IXsr21__is_primary_templateINS7_Iu14__remove_cvrefIDTclL_ZNS9_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSF_ISN_EESO_E4type10value_typeEEEEvOSK_RKSA_: 176| 27.5k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 27.5k| ranges::assert_equal_byte_lengths(out, in); 178| 27.5k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 27.5k|} _ZN5Botan9clear_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanIhLm18446744073709551615EEEEEvOT_Qsr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRS5_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEE: 132| 104|{ 133| 104| clear_bytes(std::ranges::data(mem), ranges::size_bytes(mem)); 134| 104|} _ZN5BotaneOINS_16secure_allocatorIhEES2_EERNSt3__16vectorIhT_EES7_RKNS4_IhT0_EE: 445| 382|std::vector& operator^=(std::vector& out, const std::vector& in) { 446| 382| if(out.size() < in.size()) { ------------------ | Branch (446:7): [True: 0, False: 382] ------------------ 447| 0| out.resize(in.size()); 448| 0| } 449| | 450| 382| xor_buf(std::span{out}.first(in.size()), in); 451| 382| return out; 452| 382|} _ZN5Botan7xor_bufITkNS_6ranges23contiguous_output_rangeIhEENSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeIhEERKNS3_6vectorIhNS_16secure_allocatorIhEEEEEEvOT_OT0_: 342| 382| ranges::contiguous_range auto&& in) { 343| 382| ranges::assert_equal_byte_lengths(out, in); 344| | 345| 382| std::span o(out); 346| 382| std::span i(in); 347| | 348| 382| for(; o.size_bytes() >= 32; o = o.subspan(32), i = i.subspan(32)) { ------------------ | Branch (348:10): [True: 0, False: 382] ------------------ 349| 0| auto x = typecast_copy>(o.template first<32>()); 350| 0| const auto y = typecast_copy>(i.template first<32>()); 351| | 352| 0| x[0] ^= y[0]; 353| 0| x[1] ^= y[1]; 354| 0| x[2] ^= y[2]; 355| 0| x[3] ^= y[3]; 356| | 357| 0| typecast_copy(o.template first<32>(), x); 358| 0| } 359| | 360| 6.49k| for(size_t off = 0; off != o.size_bytes(); ++off) { ------------------ | Branch (360:24): [True: 6.11k, False: 382] ------------------ 361| 6.11k| o[off] ^= i[off]; 362| 6.11k| } 363| 382|} _ZN5Botan19secure_scrub_memoryITkNS_6ranges23contiguous_output_rangeERNSt3__15arrayIhLm16EEEEEvOT_: 59| 122|void secure_scrub_memory(ranges::contiguous_output_range auto&& data) { 60| 122| secure_scrub_memory(std::ranges::data(data), ranges::size_bytes(data)); 61| 122|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeERNSt3__15arrayIhLm56EEETkNS1_16contiguous_rangeENS2_4spanIKhLm18446744073709551615EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISG_EESH_E4type10value_typeENS9_IXsr21__is_primary_templateINSA_Iu14__remove_cvrefIDTclL_ZNSC_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSI_ISQ_EESR_E4type10value_typeEEsr3stdE23is_trivially_copyable_vISV_EEEvOSD_RKSN_: 160| 1|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 1| ranges::assert_equal_byte_lengths(out, in); 162| 1| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 1] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 1| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 1, False: 0] ------------------ 165| 1| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 1| } 167| 1|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeERNSt3__14spanIhLm56EEETkNS1_16contiguous_rangeENS2_6vectorIhNS_16secure_allocatorIhEEEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISH_EESI_E4type10value_typeENSA_IXsr21__is_primary_templateINSB_Iu14__remove_cvrefIDTclL_ZNSD_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSJ_ISR_EESS_E4type10value_typeEEsr3stdE23is_trivially_copyable_vISW_EEEvOSE_RKSO_: 160| 7|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 7| ranges::assert_equal_byte_lengths(out, in); 162| 7| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 7] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 7| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 7, False: 0] ------------------ 165| 7| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 7| } 167| 7|} _ZN5Botan13typecast_copyINS_6StrongINSt3__15arrayIhLm56EEENS_9Point448_EJEEETkNS_6ranges16contiguous_rangeENS2_4spanIKhLm18446744073709551615EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vISB_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEESB_RKSG_: 210| 1|inline constexpr ToT typecast_copy(const FromR& src) { 211| 1| ToT dst; // NOLINT(*-member-init) 212| 1| typecast_copy(dst, src); 213| 1| return dst; 214| 1|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERNS_6StrongINSt3__15arrayIhLm56EEENS_9Point448_EJEEETkNS1_16contiguous_rangeENS3_4spanIKhLm18446744073709551615EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINSC_IXsr21__is_primary_templateINSD_Iu14__remove_cvrefIDTclL_ZNSF_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSL_IST_EESU_E4type10value_typeEEEEvOSQ_RKSG_: 176| 1|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 1| ranges::assert_equal_byte_lengths(out, in); 178| 1| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 1|} _ZN5Botan13typecast_copyINS_6StrongINSt3__15arrayIhLm56EEENS_11ScalarX448_EJEEETkNS_6ranges16contiguous_rangeENS2_4spanIKhLm18446744073709551615EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vISB_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEESB_RKSG_: 210| 8|inline constexpr ToT typecast_copy(const FromR& src) { 211| 8| ToT dst; // NOLINT(*-member-init) 212| 8| typecast_copy(dst, src); 213| 8| return dst; 214| 8|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERNS_6StrongINSt3__15arrayIhLm56EEENS_11ScalarX448_EJEEETkNS1_16contiguous_rangeENS3_4spanIKhLm18446744073709551615EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINSC_IXsr21__is_primary_templateINSD_Iu14__remove_cvrefIDTclL_ZNSF_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSL_IST_EESU_E4type10value_typeEEEEvOSQ_RKSG_: 176| 8|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 8| ranges::assert_equal_byte_lengths(out, in); 178| 8| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 8|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeERNSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeENS2_6vectorIhNS_16secure_allocatorIhEEEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISH_EESI_E4type10value_typeENSA_IXsr21__is_primary_templateINSB_Iu14__remove_cvrefIDTclL_ZNSD_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSJ_ISR_EESS_E4type10value_typeEEsr3stdE23is_trivially_copyable_vISW_EEEvOSE_RKSO_: 160| 4.43k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 4.43k| ranges::assert_equal_byte_lengths(out, in); 162| 4.43k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 4.43k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 4.43k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 4.43k, False: 0] ------------------ 165| 4.43k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 4.43k| } 167| 4.43k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERNSt3__14spanIjLm18446744073709551615EEETkNS1_16contiguous_rangeENS3_IKhLm18446744073709551615EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS8_IXsr21__is_primary_templateINS9_Iu14__remove_cvrefIDTclL_ZNSB_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSH_ISP_EESQ_E4type10value_typeEEEEvOSM_RKSC_: 176| 2|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 2| ranges::assert_equal_byte_lengths(out, in); 178| 2| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 2|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm18446744073709551615EEEmQaaaasr3stdE23is_trivially_copyable_vIT0_Entsr3std6rangesE5rangeIS7_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEEEvOSC_RKS7_: 199| 2.89k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromT& in) { 200| 2.89k| typecast_copy(out, std::span(&in, 1)); 201| 2.89k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeENS3_IKmLm1EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISG_EESH_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS9_IXsr21__is_primary_templateINSA_Iu14__remove_cvrefIDTclL_ZNSC_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSI_ISQ_EESR_E4type10value_typeEEEEvOSN_RKSD_: 176| 2.89k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 2.89k| ranges::assert_equal_byte_lengths(out, in); 178| 2.89k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 2.89k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeERNSt3__15arrayIhLm16EEETkNS1_16contiguous_rangeENS2_4spanIKhLm18446744073709551615EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISG_EESH_E4type10value_typeENS9_IXsr21__is_primary_templateINSA_Iu14__remove_cvrefIDTclL_ZNSC_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSI_ISQ_EESR_E4type10value_typeEEsr3stdE23is_trivially_copyable_vISV_EEEvOSD_RKSN_: 160| 61|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 61| ranges::assert_equal_byte_lengths(out, in); 162| 61| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 61] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 61| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 61, False: 0] ------------------ 165| 61| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 61| } 167| 61|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeERNSt3__15arrayIhLm16EEETkNS1_16contiguous_rangeES4_Qaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeENS6_IXsr21__is_primary_templateINS7_Iu14__remove_cvrefIDTclL_ZNS9_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSF_ISN_EESO_E4type10value_typeEEsr3stdE23is_trivially_copyable_vISS_EEEvOSA_RKSK_: 160| 61|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 61| ranges::assert_equal_byte_lengths(out, in); 162| 61| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 61] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 61| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 61, False: 0] ------------------ 165| 61| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 61| } 167| 61|} _ZN5Botan7xor_bufITkNS_6ranges23contiguous_output_rangeIhEERNSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeIhEES5_TkNS7_IhEES5_EEvOT_OT0_OT1_: 373| 61| ranges::contiguous_range auto&& in2) { 374| 61| ranges::assert_equal_byte_lengths(out, in1, in2); 375| | 376| 61| std::span o{out}; 377| 61| std::span i1{in1}; 378| 61| std::span i2{in2}; 379| | 380| 61| for(; o.size_bytes() >= 32; o = o.subspan(32), i1 = i1.subspan(32), i2 = i2.subspan(32)) { ------------------ | Branch (380:10): [True: 0, False: 61] ------------------ 381| 0| auto x = typecast_copy>(i1.template first<32>()); 382| 0| const auto y = typecast_copy>(i2.template first<32>()); 383| | 384| 0| x[0] ^= y[0]; 385| 0| x[1] ^= y[1]; 386| 0| x[2] ^= y[2]; 387| 0| x[3] ^= y[3]; 388| | 389| 0| typecast_copy(o.template first<32>(), x); 390| 0| } 391| | 392| 1.03k| for(size_t off = 0; off != o.size_bytes(); ++off) { ------------------ | Branch (392:24): [True: 976, False: 61] ------------------ 393| 976| o[off] = i1[off] ^ i2[off]; 394| 976| } 395| 61|} _ZN5Botan9clear_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm18446744073709551615EEEEEvOT_Qsr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRS5_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEE: 132| 48|{ 133| 48| clear_bytes(std::ranges::data(mem), ranges::size_bytes(mem)); 134| 48|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm4EEETkNS1_16contiguous_rangeENS2_5arrayImLm4EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeENS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIST_EEEvOSB_RKSL_: 160| 15.9k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 15.9k| ranges::assert_equal_byte_lengths(out, in); 162| 15.9k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 15.9k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 15.9k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 15.9k, False: 0] ------------------ 165| 15.9k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 15.9k| } 167| 15.9k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm6EEETkNS1_16contiguous_rangeENS2_5arrayImLm6EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeENS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIST_EEEvOSB_RKSL_: 160| 4.80k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 4.80k| ranges::assert_equal_byte_lengths(out, in); 162| 4.80k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 4.80k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 4.80k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 4.80k, False: 0] ------------------ 165| 4.80k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 4.80k| } 167| 4.80k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm8EEETkNS1_16contiguous_rangeENS2_5arrayImLm8EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeENS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIST_EEEvOSB_RKSL_: 160| 3.09k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 3.09k| ranges::assert_equal_byte_lengths(out, in); 162| 3.09k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 3.09k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 3.09k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 3.09k, False: 0] ------------------ 165| 3.09k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 3.09k| } 167| 3.09k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm9EEETkNS1_16contiguous_rangeENS2_5arrayImLm9EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeENS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIST_EEEvOSB_RKSL_: 160| 1.03k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 1.03k| ranges::assert_equal_byte_lengths(out, in); 162| 1.03k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 1.03k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 1.03k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 1.03k, False: 0] ------------------ 165| 1.03k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 1.03k| } 167| 1.03k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeERNSt3__14spanIhLm66EEETkNS1_16contiguous_rangeENS3_IKhLm66EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeENS8_IXsr21__is_primary_templateINS9_Iu14__remove_cvrefIDTclL_ZNSB_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSH_ISP_EESQ_E4type10value_typeEEsr3stdE23is_trivially_copyable_vISU_EEEvOSC_RKSM_: 160| 3.32k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 3.32k| ranges::assert_equal_byte_lengths(out, in); 162| 3.32k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 3.32k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 3.32k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 3.32k, False: 0] ------------------ 165| 3.32k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 3.32k| } 167| 3.32k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERNSt3__15arrayImLm7EEETkNS1_16contiguous_rangeENS2_4spanIKhLm56EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISG_EESH_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS9_IXsr21__is_primary_templateINSA_Iu14__remove_cvrefIDTclL_ZNSC_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSI_ISQ_EESR_E4type10value_typeEEEEvOSN_RKSD_: 176| 16|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 16| ranges::assert_equal_byte_lengths(out, in); 178| 16| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 16|} _ZN5Botan9clear_memITkNS_6ranges23contiguous_output_rangeERNSt3__15arrayImLm7EEEEEvOT_Qsr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRS6_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEE: 132| 64.5k|{ 133| 64.5k| clear_bytes(std::ranges::data(mem), ranges::size_bytes(mem)); 134| 64.5k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERNSt3__14spanIhLm56EEETkNS1_16contiguous_rangeENS2_5arrayImLm7EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS8_IXsr21__is_primary_templateINS9_Iu14__remove_cvrefIDTclL_ZNSB_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSH_ISP_EESQ_E4type10value_typeEEEEvOSM_RKSC_: 176| 8|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 8| ranges::assert_equal_byte_lengths(out, in); 178| 8| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 8|} _ZN5Botan7xor_bufINSt3__19allocatorIhEEEEvRNS1_6vectorIhT_EEPKhm: 429| 92|void xor_buf(std::vector& out, const uint8_t* in, size_t n) { 430| 92| BOTAN_ARG_CHECK(out.size() >= n, "output vector is too small"); ------------------ | | 35| 92| do { \ | | 36| 92| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 92| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 92] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 92| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 92] | | ------------------ ------------------ 431| | // simply assumes that *in points to "n" allocated bytes at least 432| 92| xor_buf(std::span{out}.first(n), std::span{in, n}); 433| 92|} _ZN5Botan14Asymmetric_KeyD2Ev: 62| 10.9k| virtual ~Asymmetric_Key() = default; _ZN5Botan6PK_Ops13Key_AgreementD2Ev: 147| 1.69k| virtual ~Key_Agreement() = default; _ZN5Botan15Key_ConstraintsC2Ev: 158| 6.51k| Key_Constraints() : m_value(0) {} _ZNK5Botan7X509_DN8get_bitsEv: 84| 12.9k| const std::vector& get_bits() const { return m_dn_bits; } _ZN5Botan10Extensions15Extensions_InfoC2EbRKNSt3__16vectorIhNS2_9allocatorIhEEEENS2_10unique_ptrINS_21Certificate_ExtensionENS2_14default_deleteISA_EEEE: 743| 25.8k| m_obj(std::move(ext)), m_bits(encoding), m_critical(critical) {} _ZN5Botan10ExtensionsC2Ev: 720| 6.51k| Extensions() = default; _ZN5Botan10ExtensionsD2Ev: 728| 6.51k| ~Extensions() override = default; _ZN5Botan7X509_DNC2Ev: 45| 13.3k| X509_DN() = default; _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension16Authority_Key_IDEEEPKT_RKNS_3OIDE: 594| 6.45k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 595| 6.45k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (595:42): [True: 6.45k, False: 0] ------------------ 596| | // Unknown_Extension oid_name is empty 597| 6.45k| if(extn->oid_name().empty()) { ------------------ | Branch (597:16): [True: 0, False: 6.45k] ------------------ 598| 0| return nullptr; 599| 6.45k| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (599:32): [True: 6.45k, False: 0] ------------------ 600| 6.45k| return extn_as_T; 601| 6.45k| } else { 602| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 603| 0| } 604| 6.45k| } 605| | 606| 0| return nullptr; 607| 6.45k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension23CRL_Distribution_PointsEEEPKT_RKNS_3OIDE: 594| 6.45k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 595| 6.45k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (595:42): [True: 0, False: 6.45k] ------------------ 596| | // Unknown_Extension oid_name is empty 597| 0| if(extn->oid_name().empty()) { ------------------ | Branch (597:16): [True: 0, False: 0] ------------------ 598| 0| return nullptr; 599| 0| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (599:32): [True: 0, False: 0] ------------------ 600| 0| return extn_as_T; 601| 0| } else { 602| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 603| 0| } 604| 0| } 605| | 606| 6.45k| return nullptr; 607| 6.45k| } _ZN5Botan15NameConstraintsC2Ev: 479| 6.51k| NameConstraints() = default; _ZN5Botan21Certificate_ExtensionD2Ev: 568| 25.8k| virtual ~Certificate_Extension() = default; _ZN5Botan15AlternativeNameC2Ev: 176| 19.4k| AlternativeName() = default; _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension17Basic_ConstraintsEEEPKT_RKNS_3OIDE: 594| 6.45k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 595| 6.45k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (595:42): [True: 6.45k, False: 0] ------------------ 596| | // Unknown_Extension oid_name is empty 597| 6.45k| if(extn->oid_name().empty()) { ------------------ | Branch (597:16): [True: 0, False: 6.45k] ------------------ 598| 0| return nullptr; 599| 6.45k| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (599:32): [True: 6.45k, False: 0] ------------------ 600| 6.45k| return extn_as_T; 601| 6.45k| } else { 602| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 603| 0| } 604| 6.45k| } 605| | 606| 0| return nullptr; 607| 6.45k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension28Authority_Information_AccessEEEPKT_RKNS_3OIDE: 594| 6.45k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 595| 6.45k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (595:42): [True: 0, False: 6.45k] ------------------ 596| | // Unknown_Extension oid_name is empty 597| 0| if(extn->oid_name().empty()) { ------------------ | Branch (597:16): [True: 0, False: 0] ------------------ 598| 0| return nullptr; 599| 0| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (599:32): [True: 0, False: 0] ------------------ 600| 0| return extn_as_T; 601| 0| } else { 602| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 603| 0| } 604| 0| } 605| | 606| 6.45k| return nullptr; 607| 6.45k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension9Key_UsageEEEPKT_RKNS_3OIDE: 594| 6.45k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 595| 6.45k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (595:42): [True: 0, False: 6.45k] ------------------ 596| | // Unknown_Extension oid_name is empty 597| 0| if(extn->oid_name().empty()) { ------------------ | Branch (597:16): [True: 0, False: 0] ------------------ 598| 0| return nullptr; 599| 0| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (599:32): [True: 0, False: 0] ------------------ 600| 0| return extn_as_T; 601| 0| } else { 602| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 603| 0| } 604| 0| } 605| | 606| 6.45k| return nullptr; 607| 6.45k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension14Subject_Key_IDEEEPKT_RKNS_3OIDE: 594| 6.45k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 595| 6.45k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (595:42): [True: 6.45k, False: 0] ------------------ 596| | // Unknown_Extension oid_name is empty 597| 6.45k| if(extn->oid_name().empty()) { ------------------ | Branch (597:16): [True: 0, False: 6.45k] ------------------ 598| 0| return nullptr; 599| 6.45k| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (599:32): [True: 6.45k, False: 0] ------------------ 600| 6.45k| return extn_as_T; 601| 6.45k| } else { 602| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 603| 0| } 604| 6.45k| } 605| | 606| 0| return nullptr; 607| 6.45k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension16Name_ConstraintsEEEPKT_RKNS_3OIDE: 594| 6.45k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 595| 6.45k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (595:42): [True: 0, False: 6.45k] ------------------ 596| | // Unknown_Extension oid_name is empty 597| 0| if(extn->oid_name().empty()) { ------------------ | Branch (597:16): [True: 0, False: 0] ------------------ 598| 0| return nullptr; 599| 0| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (599:32): [True: 0, False: 0] ------------------ 600| 0| return extn_as_T; 601| 0| } else { 602| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 603| 0| } 604| 0| } 605| | 606| 6.45k| return nullptr; 607| 6.45k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension18Extended_Key_UsageEEEPKT_RKNS_3OIDE: 594| 6.45k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 595| 6.45k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (595:42): [True: 0, False: 6.45k] ------------------ 596| | // Unknown_Extension oid_name is empty 597| 0| if(extn->oid_name().empty()) { ------------------ | Branch (597:16): [True: 0, False: 0] ------------------ 598| 0| return nullptr; 599| 0| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (599:32): [True: 0, False: 0] ------------------ 600| 0| return extn_as_T; 601| 0| } else { 602| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 603| 0| } 604| 0| } 605| | 606| 6.45k| return nullptr; 607| 6.45k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension23Issuer_Alternative_NameEEEPKT_RKNS_3OIDE: 594| 6.45k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 595| 6.45k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (595:42): [True: 0, False: 6.45k] ------------------ 596| | // Unknown_Extension oid_name is empty 597| 0| if(extn->oid_name().empty()) { ------------------ | Branch (597:16): [True: 0, False: 0] ------------------ 598| 0| return nullptr; 599| 0| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (599:32): [True: 0, False: 0] ------------------ 600| 0| return extn_as_T; 601| 0| } else { 602| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 603| 0| } 604| 0| } 605| | 606| 6.45k| return nullptr; 607| 6.45k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension24Subject_Alternative_NameEEEPKT_RKNS_3OIDE: 594| 6.45k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 595| 6.45k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (595:42): [True: 6.45k, False: 0] ------------------ 596| | // Unknown_Extension oid_name is empty 597| 6.45k| if(extn->oid_name().empty()) { ------------------ | Branch (597:16): [True: 0, False: 6.45k] ------------------ 598| 0| return nullptr; 599| 6.45k| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (599:32): [True: 6.45k, False: 0] ------------------ 600| 6.45k| return extn_as_T; 601| 6.45k| } else { 602| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 603| 0| } 604| 6.45k| } 605| | 606| 0| return nullptr; 607| 6.45k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension20Certificate_PoliciesEEEPKT_RKNS_3OIDE: 594| 6.45k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 595| 6.45k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (595:42): [True: 0, False: 6.45k] ------------------ 596| | // Unknown_Extension oid_name is empty 597| 0| if(extn->oid_name().empty()) { ------------------ | Branch (597:16): [True: 0, False: 0] ------------------ 598| 0| return nullptr; 599| 0| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (599:32): [True: 0, False: 0] ------------------ 600| 0| return extn_as_T; 601| 0| } else { 602| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 603| 0| } 604| 0| } 605| | 606| 6.45k| return nullptr; 607| 6.45k| } _ZN5Botan6ranges24assert_exact_byte_lengthILm32ETkNS0_14spanable_rangeENSt3__14spanIhLm32EEEEEvRKT0_: 77| 12.7k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 12.7k| const std::span s{r}; 79| 12.7k| if constexpr(statically_spanable_range) { 80| 12.7k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 12.7k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayImLm4EEETpTkNS0_14spanable_rangeEJNS2_4spanIhLm32EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 12.6k|{ 101| 12.6k| const std::span s0{r0}; 102| | 103| 12.6k| if constexpr(statically_spanable_range) { 104| 12.6k| constexpr size_t expected_size = s0.size_bytes(); 105| 12.6k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 12.6k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__15arrayImLm4EEEEEmRKT_: 59| 25.9k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 25.9k| return std::span{r}.size_bytes(); 61| 25.9k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm32ETkNS0_14spanable_rangeENSt3__14spanIKhLm32EEEEEvRKT0_: 77| 13.2k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 13.2k| const std::span s{r}; 79| 13.2k| if constexpr(statically_spanable_range) { 80| 13.2k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 13.2k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayImLm4EEETpTkNS0_14spanable_rangeEJNS2_4spanIKhLm32EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 13.2k|{ 101| 13.2k| const std::span s0{r0}; 102| | 103| 13.2k| if constexpr(statically_spanable_range) { 104| 13.2k| constexpr size_t expected_size = s0.size_bytes(); 105| 13.2k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 13.2k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm32ETkNS0_14spanable_rangeENSt3__15arrayImLm4EEEEEvRKT0_: 77| 59.2k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 59.2k| const std::span s{r}; 79| 59.2k| if constexpr(statically_spanable_range) { 80| 59.2k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 59.2k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm32EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm4EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 43.2k|{ 101| 43.2k| const std::span s0{r0}; 102| | 103| 43.2k| if constexpr(statically_spanable_range) { 104| 43.2k| constexpr size_t expected_size = s0.size_bytes(); 105| 43.2k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 43.2k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm32EEEEEmRKT_: 59| 12.9k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 12.9k| return std::span{r}.size_bytes(); 61| 12.9k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEETpTkNS0_14spanable_rangeEJNS3_IKhLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 36.8k|{ 101| 36.8k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 36.8k| } else { 107| 36.8k| const size_t expected_size = s0.size_bytes(); 108| 36.8k| const bool correct_size = 109| 36.8k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 36.8k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 36.8k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 36.8k| } 115| 36.8k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEETpTkNS0_14spanable_rangeEJNS3_IKhLm18446744073709551615EEES6_EEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 1.38k|{ 101| 1.38k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 1.38k| } else { 107| 1.38k| const size_t expected_size = s0.size_bytes(); 108| 1.38k| const bool correct_size = 109| 2.77k| ((std::span>{rs}.size_bytes() == expected_size) && ...); ------------------ | Branch (109:11): [True: 1.38k, False: 0] | Branch (109:11): [True: 1.38k, False: 0] ------------------ 110| | 111| 1.38k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 1.38k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 1.38k| } 115| 1.38k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm8ETkNS0_14spanable_rangeENSt3__14spanIhLm8EEEEEvRKT0_: 77| 767k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 767k| const std::span s{r}; 79| 767k| if constexpr(statically_spanable_range) { 80| 767k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 767k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm8EEETpTkNS0_14spanable_rangeEJNS3_IKmLm1EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 434k|{ 101| 434k| const std::span s0{r0}; 102| | 103| 434k| if constexpr(statically_spanable_range) { 104| 434k| constexpr size_t expected_size = s0.size_bytes(); 105| 434k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 434k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm8ETkNS0_14spanable_rangeENSt3__14spanIKmLm1EEEEEvRKT0_: 77| 434k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 434k| const std::span s{r}; 79| 434k| if constexpr(statically_spanable_range) { 80| 434k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 434k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm8EEEEEmRKT_: 59| 434k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 434k| return std::span{r}.size_bytes(); 61| 434k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm8ETkNS0_14spanable_rangeENSt3__14spanIKhLm8EEEEEvRKT0_: 77| 864k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 864k| const std::span s{r}; 79| 864k| if constexpr(statically_spanable_range) { 80| 864k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 864k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm1EEETpTkNS0_14spanable_rangeEJNS3_IKhLm8EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 432k|{ 101| 432k| const std::span s0{r0}; 102| | 103| 432k| if constexpr(statically_spanable_range) { 104| 432k| constexpr size_t expected_size = s0.size_bytes(); 105| 432k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 432k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm1EEEEEmRKT_: 59| 459k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 459k| return std::span{r}.size_bytes(); 61| 459k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm2ETkNS0_14spanable_rangeENSt3__14spanIKhLm2EEEEEvRKT0_: 77| 102k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 102k| const std::span s{r}; 79| 102k| if constexpr(statically_spanable_range) { 80| 102k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 102k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanItLm1EEETpTkNS0_14spanable_rangeEJNS3_IKhLm2EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 51.3k|{ 101| 51.3k| const std::span s0{r0}; 102| | 103| 51.3k| if constexpr(statically_spanable_range) { 104| 51.3k| constexpr size_t expected_size = s0.size_bytes(); 105| 51.3k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 51.3k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanItLm1EEEEEmRKT_: 59| 51.3k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 51.3k| return std::span{r}.size_bytes(); 61| 51.3k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm4ETkNS0_14spanable_rangeENSt3__14spanIKhLm4EEEEEvRKT0_: 77| 708|inline constexpr void assert_exact_byte_length(const R& r) { 78| 708| const std::span s{r}; 79| 708| if constexpr(statically_spanable_range) { 80| 708| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 708|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIjLm1EEETpTkNS0_14spanable_rangeEJNS3_IKhLm4EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 354|{ 101| 354| const std::span s0{r0}; 102| | 103| 354| if constexpr(statically_spanable_range) { 104| 354| constexpr size_t expected_size = s0.size_bytes(); 105| 354| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 354|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIjLm1EEEEEmRKT_: 59| 354|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 354| return std::span{r}.size_bytes(); 61| 354|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__16vectorIhNS2_9allocatorIhEEEEEEmRKT_: 59| 1.15M|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 1.15M| return std::span{r}.size_bytes(); 61| 1.15M|} _ZN5Botan6ranges24assert_exact_byte_lengthILm2ETkNS0_14spanable_rangeENSt3__14spanIhLm2EEEEEvRKT0_: 77| 5|inline constexpr void assert_exact_byte_length(const R& r) { 78| 5| const std::span s{r}; 79| 5| if constexpr(statically_spanable_range) { 80| 5| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 5|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm2EEETpTkNS0_14spanable_rangeEJNS3_IKtLm1EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 5|{ 101| 5| const std::span s0{r0}; 102| | 103| 5| if constexpr(statically_spanable_range) { 104| 5| constexpr size_t expected_size = s0.size_bytes(); 105| 5| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 5|} _ZN5Botan6ranges24assert_exact_byte_lengthILm2ETkNS0_14spanable_rangeENSt3__14spanIKtLm1EEEEEvRKT0_: 77| 5|inline constexpr void assert_exact_byte_length(const R& r) { 78| 5| const std::span s{r}; 79| 5| if constexpr(statically_spanable_range) { 80| 5| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 5|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm2EEEEEmRKT_: 59| 5|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 5| return std::span{r}.size_bytes(); 61| 5|} _ZN5Botan6ranges24assert_exact_byte_lengthILm4ETkNS0_14spanable_rangeENSt3__14spanIhLm4EEEEEvRKT0_: 77| 1.39M|inline constexpr void assert_exact_byte_length(const R& r) { 78| 1.39M| const std::span s{r}; 79| 1.39M| if constexpr(statically_spanable_range) { 80| 1.39M| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 1.39M|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm4EEETpTkNS0_14spanable_rangeEJNS3_IKjLm1EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 703k|{ 101| 703k| const std::span s0{r0}; 102| | 103| 703k| if constexpr(statically_spanable_range) { 104| 703k| constexpr size_t expected_size = s0.size_bytes(); 105| 703k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 703k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm4ETkNS0_14spanable_rangeENSt3__14spanIKjLm1EEEEEvRKT0_: 77| 703k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 703k| const std::span s{r}; 79| 703k| if constexpr(statically_spanable_range) { 80| 703k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 703k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm4EEEEEmRKT_: 59| 703k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 703k| return std::span{r}.size_bytes(); 61| 703k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm16ETkNS0_14spanable_rangeENSt3__14spanIKhLm16EEEEEvRKT0_: 77| 62|inline constexpr void assert_exact_byte_length(const R& r) { 78| 62| const std::span s{r}; 79| 62| if constexpr(statically_spanable_range) { 80| 62| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 62|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm18446744073709551615EEETpTkNS0_14spanable_rangeEJNS3_IKhLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 10.0k|{ 101| 10.0k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 10.0k| } else { 107| 10.0k| const size_t expected_size = s0.size_bytes(); 108| 10.0k| const bool correct_size = 109| 10.0k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 10.0k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 10.0k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 10.0k| } 115| 10.0k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIjLm18446744073709551615EEETpTkNS0_14spanable_rangeEJNS3_IKhLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 4|{ 101| 4| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 4| } else { 107| 4| const size_t expected_size = s0.size_bytes(); 108| 4| const bool correct_size = 109| 4| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 4| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 4] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 4| } 115| 4|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEETpTkNS0_14spanable_rangeEJNS3_IKjLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 91.7k|{ 101| 91.7k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 91.7k| } else { 107| 91.7k| const size_t expected_size = s0.size_bytes(); 108| 91.7k| const bool correct_size = 109| 91.7k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 91.7k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 91.7k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 91.7k| } 115| 91.7k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEEEEmRKT_: 59| 72.3k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 72.3k| return std::span{r}.size_bytes(); 61| 72.3k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEETpTkNS0_14spanable_rangeEJNS3_IKmLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 5.83k|{ 101| 5.83k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 5.83k| } else { 107| 5.83k| const size_t expected_size = s0.size_bytes(); 108| 5.83k| const bool correct_size = 109| 5.83k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 5.83k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 5.83k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 5.83k| } 115| 5.83k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm18446744073709551615EEEEEmRKT_: 59| 4.51k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 4.51k| return std::span{r}.size_bytes(); 61| 4.51k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEETpTkNS0_14spanable_rangeEJS4_EEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 7.05k|{ 101| 7.05k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 7.05k| } else { 107| 7.05k| const size_t expected_size = s0.size_bytes(); 108| 7.05k| const bool correct_size = 109| 7.05k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 7.05k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 7.05k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 7.05k| } 115| 7.05k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm8ETkNS0_14spanable_rangeENSt3__15arrayIhLm8EEEEEvRKT0_: 77| 27.5k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 27.5k| const std::span s{r}; 79| 27.5k| if constexpr(statically_spanable_range) { 80| 27.5k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 27.5k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm1EEETpTkNS0_14spanable_rangeEJNS3_IhLm8EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 27.5k|{ 101| 27.5k| const std::span s0{r0}; 102| | 103| 27.5k| if constexpr(statically_spanable_range) { 104| 27.5k| constexpr size_t expected_size = s0.size_bytes(); 105| 27.5k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 27.5k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayImLm2EEETpTkNS0_14spanable_rangeEJNS2_4spanIKhLm16EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 62|{ 101| 62| const std::span s0{r0}; 102| | 103| 62| if constexpr(statically_spanable_range) { 104| 62| constexpr size_t expected_size = s0.size_bytes(); 105| 62| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 62|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__15arrayIhLm16EEEEEmRKT_: 59| 366|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 366| return std::span{r}.size_bytes(); 61| 366|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEETpTkNS0_14spanable_rangeEJNS2_6vectorIhNS_16secure_allocatorIhEEEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 4.81k|{ 101| 4.81k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 4.81k| } else { 107| 4.81k| const size_t expected_size = s0.size_bytes(); 108| 4.81k| const bool correct_size = 109| 4.81k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 4.81k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 4.81k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 4.81k| } 115| 4.81k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayIhLm56EEETpTkNS0_14spanable_rangeEJNS2_4spanIKhLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 1|{ 101| 1| const std::span s0{r0}; 102| | 103| 1| if constexpr(statically_spanable_range) { 104| 1| constexpr size_t expected_size = s0.size_bytes(); 105| 1| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 1|} _ZN5Botan6ranges24assert_exact_byte_lengthILm56ETkNS0_14spanable_rangeENSt3__14spanIKhLm18446744073709551615EEEEEvRKT0_: 77| 1|inline constexpr void assert_exact_byte_length(const R& r) { 78| 1| const std::span s{r}; 79| | if constexpr(statically_spanable_range) { 80| | static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| 1| } else { 82| 1| if(s.size_bytes() != expected) { ------------------ | Branch (82:10): [True: 0, False: 1] ------------------ 83| 0| memory_region_size_violation(); 84| 0| } 85| 1| } 86| 1|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__15arrayIhLm56EEEEEmRKT_: 59| 2|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 2| return std::span{r}.size_bytes(); 61| 2|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm56EEETpTkNS0_14spanable_rangeEJNS2_6vectorIhNS_16secure_allocatorIhEEEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 7|{ 101| 7| const std::span s0{r0}; 102| | 103| 7| if constexpr(statically_spanable_range) { 104| 7| constexpr size_t expected_size = s0.size_bytes(); 105| 7| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 7|} _ZN5Botan6ranges24assert_exact_byte_lengthILm56ETkNS0_14spanable_rangeENSt3__16vectorIhNS_16secure_allocatorIhEEEEEEvRKT0_: 77| 7|inline constexpr void assert_exact_byte_length(const R& r) { 78| 7| const std::span s{r}; 79| | if constexpr(statically_spanable_range) { 80| | static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| 7| } else { 82| 7| if(s.size_bytes() != expected) { ------------------ | Branch (82:10): [True: 0, False: 7] ------------------ 83| 0| memory_region_size_violation(); 84| 0| } 85| 7| } 86| 7|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm56EEEEEmRKT_: 59| 22|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 22| return std::span{r}.size_bytes(); 61| 22|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENS_6StrongINSt3__15arrayIhLm56EEENS_9Point448_EJEEETpTkNS0_14spanable_rangeEJNS3_4spanIKhLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 1|{ 101| 1| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 1| } else { 107| 1| const size_t expected_size = s0.size_bytes(); 108| 1| const bool correct_size = 109| 1| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 1| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 1] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 1| } 115| 1|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENS_6StrongINSt3__15arrayIhLm56EEENS_9Point448_EJEEEEEmRKT_: 59| 1|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 1| return std::span{r}.size_bytes(); 61| 1|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENS_6StrongINSt3__15arrayIhLm56EEENS_11ScalarX448_EJEEETpTkNS0_14spanable_rangeEJNS3_4spanIKhLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 8|{ 101| 8| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 8| } else { 107| 8| const size_t expected_size = s0.size_bytes(); 108| 8| const bool correct_size = 109| 8| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 8| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 8] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 8| } 115| 8|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENS_6StrongINSt3__15arrayIhLm56EEENS_11ScalarX448_EJEEEEEmRKT_: 59| 8|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 8| return std::span{r}.size_bytes(); 61| 8|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__15arrayImLm7EEEEEmRKT_: 59| 64.5k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 64.5k| return std::span{r}.size_bytes(); 61| 64.5k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayIhLm16EEETpTkNS0_14spanable_rangeEJNS3_ImLm2EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 61|{ 101| 61| const std::span s0{r0}; 102| | 103| 61| if constexpr(statically_spanable_range) { 104| 61| constexpr size_t expected_size = s0.size_bytes(); 105| 61| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 61|} _ZN5Botan6ranges24assert_exact_byte_lengthILm16ETkNS0_14spanable_rangeENSt3__15arrayImLm2EEEEEvRKT0_: 77| 61|inline constexpr void assert_exact_byte_length(const R& r) { 78| 61| const std::span s{r}; 79| 61| if constexpr(statically_spanable_range) { 80| 61| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 61|} _ZN5Botan6ranges24assert_exact_byte_lengthILm16ETkNS0_14spanable_rangeENSt3__15arrayIhLm16EEEEEvRKT0_: 77| 61|inline constexpr void assert_exact_byte_length(const R& r) { 78| 61| const std::span s{r}; 79| 61| if constexpr(statically_spanable_range) { 80| 61| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 61|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIjLm18446744073709551615EEEEEmRKT_: 59| 2|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 2| return std::span{r}.size_bytes(); 61| 2|} _ZN5Botan6ranges24assert_exact_byte_lengthILm8ETkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEEEEvRKT0_: 77| 2.89k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 2.89k| const std::span s{r}; 79| | if constexpr(statically_spanable_range) { 80| | static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| 2.89k| } else { 82| 2.89k| if(s.size_bytes() != expected) { ------------------ | Branch (82:10): [True: 0, False: 2.89k] ------------------ 83| 0| memory_region_size_violation(); 84| 0| } 85| 2.89k| } 86| 2.89k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEETpTkNS0_14spanable_rangeEJNS3_IKmLm1EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 2.89k|{ 101| 2.89k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 2.89k| } else { 107| 2.89k| const size_t expected_size = s0.size_bytes(); 108| 2.89k| const bool correct_size = 109| 2.89k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 2.89k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 2.89k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 2.89k| } 115| 2.89k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm1ETkNS0_14spanable_rangeENSt3__14spanIKhLm1EEEEEvRKT0_: 77| 1.98M|inline constexpr void assert_exact_byte_length(const R& r) { 78| 1.98M| const std::span s{r}; 79| 1.98M| if constexpr(statically_spanable_range) { 80| 1.98M| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 1.98M|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayIhLm16EEETpTkNS0_14spanable_rangeEJNS2_4spanIKhLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 61|{ 101| 61| const std::span s0{r0}; 102| | 103| 61| if constexpr(statically_spanable_range) { 104| 61| constexpr size_t expected_size = s0.size_bytes(); 105| 61| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 61|} _ZN5Botan6ranges24assert_exact_byte_lengthILm16ETkNS0_14spanable_rangeENSt3__14spanIKhLm18446744073709551615EEEEEvRKT0_: 77| 61|inline constexpr void assert_exact_byte_length(const R& r) { 78| 61| const std::span s{r}; 79| | if constexpr(statically_spanable_range) { 80| | static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| 61| } else { 82| 61| if(s.size_bytes() != expected) { ------------------ | Branch (82:10): [True: 0, False: 61] ------------------ 83| 0| memory_region_size_violation(); 84| 0| } 85| 61| } 86| 61|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayIhLm16EEETpTkNS0_14spanable_rangeEJS4_EEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 61|{ 101| 61| const std::span s0{r0}; 102| | 103| 61| if constexpr(statically_spanable_range) { 104| 61| constexpr size_t expected_size = s0.size_bytes(); 105| 61| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 61|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEETpTkNS0_14spanable_rangeEJS4_S4_EEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 61|{ 101| 61| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 61| } else { 107| 61| const size_t expected_size = s0.size_bytes(); 108| 61| const bool correct_size = 109| 122| ((std::span>{rs}.size_bytes() == expected_size) && ...); ------------------ | Branch (109:11): [True: 61, False: 0] | Branch (109:11): [True: 61, False: 0] ------------------ 110| | 111| 61| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 61] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 61| } 115| 61|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm4EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm4EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 15.9k|{ 101| 15.9k| const std::span s0{r0}; 102| | 103| 15.9k| if constexpr(statically_spanable_range) { 104| 15.9k| constexpr size_t expected_size = s0.size_bytes(); 105| 15.9k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 15.9k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm4EEEEEmRKT_: 59| 31.9k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 31.9k| return std::span{r}.size_bytes(); 61| 31.9k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__16vectorIhNS2_9allocatorIhEEEETpTkNS0_14spanable_rangeEJA8_mEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 1.95k|{ 101| 1.95k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 1.95k| } else { 107| 1.95k| const size_t expected_size = s0.size_bytes(); 108| 1.95k| const bool correct_size = 109| 1.95k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 1.95k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 1.95k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 1.95k| } 115| 1.95k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm6EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm6EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 4.80k|{ 101| 4.80k| const std::span s0{r0}; 102| | 103| 4.80k| if constexpr(statically_spanable_range) { 104| 4.80k| constexpr size_t expected_size = s0.size_bytes(); 105| 4.80k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 4.80k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm48ETkNS0_14spanable_rangeENSt3__15arrayImLm6EEEEEvRKT0_: 77| 11.6k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 11.6k| const std::span s{r}; 79| 11.6k| if constexpr(statically_spanable_range) { 80| 11.6k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 11.6k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm6EEEEEmRKT_: 59| 9.60k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 9.60k| return std::span{r}.size_bytes(); 61| 9.60k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__16vectorIhNS2_9allocatorIhEEEETpTkNS0_14spanable_rangeEJA12_mEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 1.36k|{ 101| 1.36k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 1.36k| } else { 107| 1.36k| const size_t expected_size = s0.size_bytes(); 108| 1.36k| const bool correct_size = 109| 1.36k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 1.36k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 1.36k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 1.36k| } 115| 1.36k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm48EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm6EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 6.85k|{ 101| 6.85k| const std::span s0{r0}; 102| | 103| 6.85k| if constexpr(statically_spanable_range) { 104| 6.85k| constexpr size_t expected_size = s0.size_bytes(); 105| 6.85k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 6.85k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm8EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm8EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 3.09k|{ 101| 3.09k| const std::span s0{r0}; 102| | 103| 3.09k| if constexpr(statically_spanable_range) { 104| 3.09k| constexpr size_t expected_size = s0.size_bytes(); 105| 3.09k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 3.09k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm64ETkNS0_14spanable_rangeENSt3__15arrayImLm8EEEEEvRKT0_: 77| 5.52k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 5.52k| const std::span s{r}; 79| 5.52k| if constexpr(statically_spanable_range) { 80| 5.52k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 5.52k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm8EEEEEmRKT_: 59| 6.18k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 6.18k| return std::span{r}.size_bytes(); 61| 6.18k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__16vectorIhNS2_9allocatorIhEEEETpTkNS0_14spanable_rangeEJA16_mEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 510|{ 101| 510| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 510| } else { 107| 510| const size_t expected_size = s0.size_bytes(); 108| 510| const bool correct_size = 109| 510| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 510| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 510] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 510| } 115| 510|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm64EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm8EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 2.43k|{ 101| 2.43k| const std::span s0{r0}; 102| | 103| 2.43k| if constexpr(statically_spanable_range) { 104| 2.43k| constexpr size_t expected_size = s0.size_bytes(); 105| 2.43k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 2.43k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm9EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm9EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 1.03k|{ 101| 1.03k| const std::span s0{r0}; 102| | 103| 1.03k| if constexpr(statically_spanable_range) { 104| 1.03k| constexpr size_t expected_size = s0.size_bytes(); 105| 1.03k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 1.03k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm72ETkNS0_14spanable_rangeENSt3__15arrayImLm9EEEEEvRKT0_: 77| 4.36k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 4.36k| const std::span s{r}; 79| 4.36k| if constexpr(statically_spanable_range) { 80| 4.36k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 4.36k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm9EEEEEmRKT_: 59| 2.06k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 2.06k| return std::span{r}.size_bytes(); 61| 2.06k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayIhLm72EEETpTkNS0_14spanable_rangeEJNS3_ImLm9EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 3.32k|{ 101| 3.32k| const std::span s0{r0}; 102| | 103| 3.32k| if constexpr(statically_spanable_range) { 104| 3.32k| constexpr size_t expected_size = s0.size_bytes(); 105| 3.32k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 3.32k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__16vectorIhNS2_9allocatorIhEEEETpTkNS0_14spanable_rangeEJA18_mEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 635|{ 101| 635| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 635| } else { 107| 635| const size_t expected_size = s0.size_bytes(); 108| 635| const bool correct_size = 109| 635| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 635| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 635] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 635| } 115| 635|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm66EEETpTkNS0_14spanable_rangeEJNS3_IKhLm66EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 3.32k|{ 101| 3.32k| const std::span s0{r0}; 102| | 103| 3.32k| if constexpr(statically_spanable_range) { 104| 3.32k| constexpr size_t expected_size = s0.size_bytes(); 105| 3.32k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 3.32k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm66ETkNS0_14spanable_rangeENSt3__14spanIKhLm66EEEEEvRKT0_: 77| 3.32k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 3.32k| const std::span s{r}; 79| 3.32k| if constexpr(statically_spanable_range) { 80| 3.32k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 3.32k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm66EEEEEmRKT_: 59| 6.65k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 6.65k| return std::span{r}.size_bytes(); 61| 6.65k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayImLm7EEETpTkNS0_14spanable_rangeEJNS2_4spanIKhLm56EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 32|{ 101| 32| const std::span s0{r0}; 102| | 103| 32| if constexpr(statically_spanable_range) { 104| 32| constexpr size_t expected_size = s0.size_bytes(); 105| 32| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 32|} _ZN5Botan6ranges24assert_exact_byte_lengthILm56ETkNS0_14spanable_rangeENSt3__14spanIKhLm56EEEEEvRKT0_: 77| 32|inline constexpr void assert_exact_byte_length(const R& r) { 78| 32| const std::span s{r}; 79| 32| if constexpr(statically_spanable_range) { 80| 32| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 32|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm56EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm7EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 16|{ 101| 16| const std::span s0{r0}; 102| | 103| 16| if constexpr(statically_spanable_range) { 104| 16| constexpr size_t expected_size = s0.size_bytes(); 105| 16| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 16|} _ZN5Botan6ranges24assert_exact_byte_lengthILm56ETkNS0_14spanable_rangeENSt3__15arrayImLm7EEEEEvRKT0_: 77| 16|inline constexpr void assert_exact_byte_length(const R& r) { 78| 16| const std::span s{r}; 79| 16| if constexpr(statically_spanable_range) { 80| 16| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 16|} _ZN5Botan21RandomNumberGeneratorD2Ev: 52| 6.45k| virtual ~RandomNumberGenerator() = default; _ZN5Botan21RandomNumberGenerator9randomizeENSt3__14spanIhLm18446744073709551615EEE: 75| 37.3k| void randomize(std::span output) { this->fill_bytes_with_input(output, {}); } _ZN5Botan21RandomNumberGenerator9randomizeEPhm: 77| 4.57k| void randomize(uint8_t output[], size_t length) { this->randomize(std::span(output, length)); } _ZN5Botan21RandomNumberGenerator11add_entropyENSt3__14spanIKhLm18446744073709551615EEE: 98| 1| void add_entropy(std::span input) { this->fill_bytes_with_input({}, input); } _ZN5Botan21RandomNumberGenerator10random_vecENSt3__14spanIhLm18446744073709551615EEE: 204| 5.80k| void random_vec(std::span v) { this->randomize(v); } _ZN5Botan21RandomNumberGeneratorC2Ev: 54| 6.45k| RandomNumberGenerator() = default; _ZN5Botan21RandomNumberGenerator10random_vecITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS3_9allocatorIhEEEEEEvRT_m: 215| 5.78k| void random_vec(T& v, size_t bytes) { 216| 5.78k| v.resize(bytes); 217| 5.78k| random_vec(v); 218| 5.78k| } _ZN5Botan21RandomNumberGenerator10random_vecITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEQsr3stdE21default_initializableIT_EEES8_m: 230| 24| T random_vec(size_t bytes) { 231| 24| T result; 232| 24| random_vec(result, bytes); 233| 24| return result; 234| 24| } _ZN5Botan21RandomNumberGenerator10random_vecITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEEEvRT_m: 215| 24| void random_vec(T& v, size_t bytes) { 216| 24| v.resize(bytes); 217| 24| random_vec(v); 218| 24| } _ZN5Botan21RandomNumberGenerator10random_vecITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS3_9allocatorIhEEEEQsr3stdE21default_initializableIT_EEES8_m: 230| 5.78k| T random_vec(size_t bytes) { 231| 5.78k| T result; 232| 5.78k| random_vec(result, bytes); 233| 5.78k| return result; 234| 5.78k| } _ZN5Botan16secure_allocatorIhE8allocateEm: 52| 450k| T* allocate(std::size_t n) { return static_cast(allocate_memory(n, sizeof(T))); } _ZN5Botan16secure_allocatorIhE10deallocateEPhm: 54| 450k| void deallocate(T* p, std::size_t n) { deallocate_memory(p, n, sizeof(T)); } _ZN5BotanneIhhEEbRKNS_16secure_allocatorIT_EERKNS1_IT0_EE: 63| 32.7k|inline bool operator!=(const secure_allocator& /*a*/, const secure_allocator& /*b*/) { 64| 32.7k| return false; 65| 32.7k|} _ZN5Botan16secure_allocatorIjE10deallocateEPjm: 54| 41.1k| void deallocate(T* p, std::size_t n) { deallocate_memory(p, n, sizeof(T)); } _ZN5Botan16secure_allocatorImE10deallocateEPmm: 54| 102k| void deallocate(T* p, std::size_t n) { deallocate_memory(p, n, sizeof(T)); } _ZN5Botan16secure_allocatorImE8allocateEm: 52| 102k| T* allocate(std::size_t n) { return static_cast(allocate_memory(n, sizeof(T))); } _ZN5Botan3zapIhNSt3__19allocatorIhEEEEvRNS1_6vectorIT_T0_EE: 157| 2.02k|void zap(std::vector& vec) { 158| 2.02k| zeroise(vec); 159| 2.02k| vec.clear(); 160| 2.02k| vec.shrink_to_fit(); 161| 2.02k|} _ZN5Botan7zeroiseIhNSt3__19allocatorIhEEEEvRNS1_6vectorIT_T0_EE: 137| 2.20k|void zeroise(std::vector& vec) { 138| 259k| for(size_t i = 0; i != vec.size(); ++i) { ------------------ | Branch (138:22): [True: 257k, False: 2.20k] ------------------ 139| 257k| vec[i] = static_cast(0); 140| 257k| } 141| 2.20k|} _ZN5BotanpLIhNSt3__19allocatorIhEES3_EERNS1_6vectorIT_T0_EES8_RKNS4_IS5_T1_EE: 92| 35.3k|std::vector& operator+=(std::vector& out, const std::vector& in) { 93| 35.3k| out.insert(out.end(), in.begin(), in.end()); 94| 35.3k| return out; 95| 35.3k|} _ZN5BotanpLIhNSt3__19allocatorIhEENS_16secure_allocatorIhEEEERNS1_6vectorIT_T0_EESA_RKNS6_IS7_T1_EE: 92| 1.55k|std::vector& operator+=(std::vector& out, const std::vector& in) { 93| 1.55k| out.insert(out.end(), in.begin(), in.end()); 94| 1.55k| return out; 95| 1.55k|} _ZN5BotanpLIhNS_16secure_allocatorIhEES2_EERNSt3__16vectorIT_T0_EES8_RKNS4_IS5_T1_EE: 92| 5|std::vector& operator+=(std::vector& out, const std::vector& in) { 93| 5| out.insert(out.end(), in.begin(), in.end()); 94| 5| return out; 95| 5|} _ZN5BotanpLIhNS_16secure_allocatorIhEEmEERNSt3__16vectorIT_T0_EES8_RKNS3_4pairIPKS5_T1_EE: 110| 221k|std::vector& operator+=(std::vector& out, const std::pair& in) { 111| 221k| out.insert(out.end(), in.first, in.first + in.second); 112| 221k| return out; 113| 221k|} _ZN5BotanpLIhNS_16secure_allocatorIhEENSt3__19allocatorIhEEEERNS3_6vectorIT_T0_EESA_RKNS6_IS7_T1_EE: 92| 107|std::vector& operator+=(std::vector& out, const std::vector& in) { 93| 107| out.insert(out.end(), in.begin(), in.end()); 94| 107| return out; 95| 107|} _ZN5Botan16secure_allocatorIjE8allocateEm: 52| 41.1k| T* allocate(std::size_t n) { return static_cast(allocate_memory(n, sizeof(T))); } _ZN5Botan3zapImNS_16secure_allocatorImEEEEvRNSt3__16vectorIT_T0_EE: 157| 62|void zap(std::vector& vec) { 158| 62| zeroise(vec); 159| 62| vec.clear(); 160| 62| vec.shrink_to_fit(); 161| 62|} _ZN5Botan7zeroiseImNS_16secure_allocatorImEEEEvRNSt3__16vectorIT_T0_EE: 137| 62|void zeroise(std::vector& vec) { 138| 62| for(size_t i = 0; i != vec.size(); ++i) { ------------------ | Branch (138:22): [True: 0, False: 62] ------------------ 139| 0| vec[i] = static_cast(0); 140| 0| } 141| 62|} _ZN5Botan7zeroiseIhNS_16secure_allocatorIhEEEEvRNSt3__16vectorIT_T0_EE: 137| 367|void zeroise(std::vector& vec) { 138| 94.3k| for(size_t i = 0; i != vec.size(); ++i) { ------------------ | Branch (138:22): [True: 93.9k, False: 367] ------------------ 139| 93.9k| vec[i] = static_cast(0); 140| 93.9k| } 141| 367|} _ZN5BotanpLIhNS_16secure_allocatorIhEEmEERNSt3__16vectorIT_T0_EES8_RKNS3_4pairIPS5_T1_EE: 116| 82|std::vector& operator+=(std::vector& out, const std::pair& in) { 117| 82| out.insert(out.end(), in.first, in.first + in.second); 118| 82| return out; 119| 82|} _ZN5Botan6unlockIhEENSt3__16vectorIT_NS1_9allocatorIS3_EEEERKNS2_IS3_NS_16secure_allocatorIS3_EEEE: 85| 208|std::vector unlock(const secure_vector& in) { 86| 208| return std::vector(in.begin(), in.end()); 87| 208|} _ZN5BotanpLIhNSt3__19allocatorIhEEmEERNS1_6vectorIT_T0_EES8_RKNS1_4pairIPKS5_T1_EE: 110| 208|std::vector& operator+=(std::vector& out, const std::pair& in) { 111| 208| out.insert(out.end(), in.first, in.first + in.second); 112| 208| return out; 113| 208|} _ZN5Botan12Stateful_RNGC2Ev: 58| 1| Stateful_RNG() : m_reseed_interval(0) {} _ZN5Botan12StreamCipher6cipherEPKhPhm: 59| 183| void cipher(const uint8_t in[], uint8_t out[], size_t len) { cipher_bytes(in, out, len); } _ZN5Botan12StreamCipher15write_keystreamENSt3__14spanIhLm18446744073709551615EEE: 86| 37.3k| void write_keystream(std::span out) { generate_keystream(out.data(), out.size()); } _ZN5Botan12StreamCipher8encipherENSt3__14spanIhLm18446744073709551615EEE: 122| 123| void encipher(std::span inout) { cipher(inout.data(), inout.data(), inout.size()); } _ZN5Botan12StreamCipher6set_ivEPKhm: 166| 125| void set_iv(const uint8_t iv[], size_t iv_len) { set_iv_bytes(iv, iv_len); } _ZN5Botan12StreamCipher6set_ivENSt3__14spanIKhLm18446744073709551615EEE: 173| 62| void set_iv(std::span iv) { set_iv_bytes(iv.data(), iv.size()); } _ZN5Botan12StreamCipher15keystream_bytesITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEEET_m: 96| 1| T keystream_bytes(size_t bytes) { 97| 1| T out(bytes); 98| 1| write_keystream(out); 99| 1| return out; 100| 1| } _ZNKR5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEE3getEv: 87| 9.30k| constexpr const T& get() const& { return m_value; } _ZNK5Botan6detail29Container_Strong_Adapter_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEE4sizeEv: 141| 106| size_type size() const noexcept(noexcept(this->get().size())) { return this->get().size(); } _ZN5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEED2Ev: 81| 49.4k| ~Strong_Base() = default; _ZNK5Botan6detail29Container_Strong_Adapter_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEE5emptyEvQsr8conceptsE9has_emptyIT_E: 145| 6.30k| { 146| 6.30k| return this->get().empty(); 147| 6.30k| } _ZN5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEEC2ES6_: 83| 19.9k| constexpr explicit Strong_Base(T v) : m_value(std::move(v)) {} _ZN5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEEC2EOS7_: 78| 6.01k| Strong_Base(Strong_Base&&) noexcept = default; _ZN5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEEC2ERKS7_: 77| 3.33k| Strong_Base(const Strong_Base&) = default; _ZN5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEEC2Ev: 76| 20.2k| Strong_Base() = default; _ZN5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEEaSEOS7_: 80| 17.1k| Strong_Base& operator=(Strong_Base&&) noexcept = default; _ZN5Botan18unwrap_strong_typeIRmEEDcOT_: 243| 436k|[[nodiscard]] constexpr decltype(auto) unwrap_strong_type(T&& t) { 244| 436k| if constexpr(!concepts::strong_type>) { 245| | // If the parameter type isn't a strong type, return it as is. 246| 436k| return std::forward(t); 247| | } else { 248| | // Unwrap the strong type and return the underlying value. 249| | return std::forward(t).get(); 250| | } 251| 436k|} _ZN5Botan16wrap_strong_typeImRmQoosr3stdE18constructible_fromIT_T0_Eaasr8conceptsE11strong_typeIS2_Esr3stdE18constructible_fromINS2_12wrapped_typeES3_EEEDcOS3_: 268| 459k|[[nodiscard]] constexpr decltype(auto) wrap_strong_type(ParamT&& t) { 269| 459k| if constexpr(std::same_as, T>) { 270| | // Noop, if the parameter type already is the desired return type. 271| 459k| return std::forward(t); 272| | } else if constexpr(std::constructible_from) { 273| | // Implicit conversion from the parameter type to the return type. 274| | return T{std::forward(t)}; 275| | } else { 276| | // Explicitly calling the wrapped type's constructor to support 277| | // implicit conversions on types that mark their constructors as explicit. 278| | static_assert(concepts::strong_type && std::constructible_from); 279| | return T{typename T::wrapped_type{std::forward(t)}}; 280| | } 281| 459k|} _ZN5Botan16wrap_strong_typeItRtQoosr3stdE18constructible_fromIT_T0_Eaasr8conceptsE11strong_typeIS2_Esr3stdE18constructible_fromINS2_12wrapped_typeES3_EEEDcOS3_: 268| 51.3k|[[nodiscard]] constexpr decltype(auto) wrap_strong_type(ParamT&& t) { 269| 51.3k| if constexpr(std::same_as, T>) { 270| | // Noop, if the parameter type already is the desired return type. 271| 51.3k| return std::forward(t); 272| | } else if constexpr(std::constructible_from) { 273| | // Implicit conversion from the parameter type to the return type. 274| | return T{std::forward(t)}; 275| | } else { 276| | // Explicitly calling the wrapped type's constructor to support 277| | // implicit conversions on types that mark their constructors as explicit. 278| | static_assert(concepts::strong_type && std::constructible_from); 279| | return T{typename T::wrapped_type{std::forward(t)}}; 280| | } 281| 51.3k|} _ZN5Botan16wrap_strong_typeIjRjQoosr3stdE18constructible_fromIT_T0_Eaasr8conceptsE11strong_typeIS2_Esr3stdE18constructible_fromINS2_12wrapped_typeES3_EEEDcOS3_: 268| 354|[[nodiscard]] constexpr decltype(auto) wrap_strong_type(ParamT&& t) { 269| 354| if constexpr(std::same_as, T>) { 270| | // Noop, if the parameter type already is the desired return type. 271| 354| return std::forward(t); 272| | } else if constexpr(std::constructible_from) { 273| | // Implicit conversion from the parameter type to the return type. 274| | return T{std::forward(t)}; 275| | } else { 276| | // Explicitly calling the wrapped type's constructor to support 277| | // implicit conversions on types that mark their constructors as explicit. 278| | static_assert(concepts::strong_type && std::constructible_from); 279| | return T{typename T::wrapped_type{std::forward(t)}}; 280| | } 281| 354|} _ZN5Botan18unwrap_strong_typeIRtEEDcOT_: 243| 5|[[nodiscard]] constexpr decltype(auto) unwrap_strong_type(T&& t) { 244| 5| if constexpr(!concepts::strong_type>) { 245| | // If the parameter type isn't a strong type, return it as is. 246| 5| return std::forward(t); 247| | } else { 248| | // Unwrap the strong type and return the underlying value. 249| | return std::forward(t).get(); 250| | } 251| 5|} _ZN5Botan18unwrap_strong_typeIRjEEDcOT_: 243| 703k|[[nodiscard]] constexpr decltype(auto) unwrap_strong_type(T&& t) { 244| 703k| if constexpr(!concepts::strong_type>) { 245| | // If the parameter type isn't a strong type, return it as is. 246| 703k| return std::forward(t); 247| | } else { 248| | // Unwrap the strong type and return the underlying value. 249| | return std::forward(t).get(); 250| | } 251| 703k|} _ZN5Botan18unwrap_strong_typeIRNSt3__16vectorIhNS_16secure_allocatorIhEEEEEEDcOT_: 243| 5.82k|[[nodiscard]] constexpr decltype(auto) unwrap_strong_type(T&& t) { 244| 5.82k| if constexpr(!concepts::strong_type>) { 245| | // If the parameter type isn't a strong type, return it as is. 246| 5.82k| return std::forward(t); 247| | } else { 248| | // Unwrap the strong type and return the underlying value. 249| | return std::forward(t).get(); 250| | } 251| 5.82k|} _ZNK5Botan6detail29Container_Strong_Adapter_BaseINSt3__15arrayIhLm56EEEE5beginEv: 127| 8| decltype(auto) begin() const noexcept(noexcept(this->get().begin())) { return this->get().begin(); } _ZNK5Botan6detail29Container_Strong_Adapter_BaseINSt3__15arrayIhLm56EEEE3endEv: 131| 8| decltype(auto) end() const noexcept(noexcept(this->get().end())) { return this->get().end(); } _ZNK5Botan6detail14Strong_AdapterINSt3__15arrayIhLm56EEEE4dataEv: 200| 18| decltype(auto) data() const noexcept(noexcept(this->get().data())) { return this->get().data(); } _ZNK5Botan6detail29Container_Strong_Adapter_BaseINSt3__15arrayIhLm56EEEE4sizeEv: 141| 18| size_type size() const noexcept(noexcept(this->get().size())) { return this->get().size(); } _ZN5Botan6detail14Strong_AdapterINSt3__15arrayIhLm56EEEE4dataEv: 198| 9| decltype(auto) data() noexcept(noexcept(this->get().data())) { return this->get().data(); } _ZNR5Botan6detail11Strong_BaseINSt3__15arrayIhLm56EEEE3getEv: 85| 25| constexpr T& get() & { return m_value; } _ZN5Botan6detail29Container_Strong_Adapter_BaseINSt3__15arrayIhLm56EEEEixIiEEDcOT_: 167| 16| decltype(auto) operator[](U&& i) noexcept(noexcept(this->get().operator[](i))) { 168| 16| return this->get()[std::forward(i)]; 169| 16| } _ZNKR5Botan6detail11Strong_BaseINSt3__15arrayIhLm56EEEE3getEv: 87| 3.65k| constexpr const T& get() const& { return m_value; } _ZNK5Botan6detail29Container_Strong_Adapter_BaseINSt3__15arrayIhLm56EEEEixImEEDcOT_: 162| 3.58k| decltype(auto) operator[](U&& i) const noexcept(noexcept(this->get().operator[](i))) { 163| 3.58k| return this->get()[std::forward(i)]; 164| 3.58k| } _ZN5Botan6detail11Strong_BaseINSt3__15arrayIhLm56EEEEC2ES4_: 83| 8| constexpr explicit Strong_Base(T v) : m_value(std::move(v)) {} _ZN5Botan16wrap_strong_typeIhRhQoosr3stdE18constructible_fromIT_T0_Eaasr8conceptsE11strong_typeIS2_Esr3stdE18constructible_fromINS2_12wrapped_typeES3_EEEDcOS3_: 268| 1.98M|[[nodiscard]] constexpr decltype(auto) wrap_strong_type(ParamT&& t) { 269| 1.98M| if constexpr(std::same_as, T>) { 270| | // Noop, if the parameter type already is the desired return type. 271| 1.98M| return std::forward(t); 272| | } else if constexpr(std::constructible_from) { 273| | // Implicit conversion from the parameter type to the return type. 274| | return T{std::forward(t)}; 275| | } else { 276| | // Explicitly calling the wrapped type's constructor to support 277| | // implicit conversions on types that mark their constructors as explicit. 278| | static_assert(concepts::strong_type && std::constructible_from); 279| | return T{typename T::wrapped_type{std::forward(t)}}; 280| | } 281| 1.98M|} _ZN5Botan24Key_Length_SpecificationC2Em: 28| 293| explicit Key_Length_Specification(size_t keylen) : m_min_keylen(keylen), m_max_keylen(keylen), m_keylen_mod(1) {} _ZN5Botan24Key_Length_SpecificationC2Emmm: 37| 13.6k| m_min_keylen(min_k), m_max_keylen(max_k > 0 ? max_k : min_k), m_keylen_mod(k_mod) {} ------------------ | Branch (37:47): [True: 12.7k, False: 882] ------------------ _ZNK5Botan24Key_Length_Specification15valid_keylengthEm: 43| 13.9k| bool valid_keylength(size_t length) const { 44| 13.9k| return ((length >= m_min_keylen) && (length <= m_max_keylen) && (length % m_keylen_mod == 0)); ------------------ | Branch (44:18): [True: 13.9k, False: 0] | Branch (44:46): [True: 13.9k, False: 0] | Branch (44:74): [True: 13.9k, False: 0] ------------------ 45| 13.9k| } _ZNK5Botan18SymmetricAlgorithm15valid_keylengthEm: 113| 13.9k| bool valid_keylength(size_t length) const { return key_spec().valid_keylength(length); } _ZNK5Botan18SymmetricAlgorithm23assert_key_material_setEv: 145| 130k| void assert_key_material_set() const { assert_key_material_set(has_keying_material()); } _ZNK5Botan18SymmetricAlgorithm23assert_key_material_setEb: 147| 130k| void assert_key_material_set(bool predicate) const { 148| 130k| if(!predicate) { ------------------ | Branch (148:13): [True: 0, False: 130k] ------------------ 149| 0| throw_key_not_set_error(); 150| 0| } 151| 130k| } _ZN5Botan18SymmetricAlgorithmD2Ev: 81| 12.1k| virtual ~SymmetricAlgorithm() = default; _ZN5Botan18SymmetricAlgorithmC2Ev: 80| 12.1k| SymmetricAlgorithm() = default; _ZNK5Botan11OctetString6lengthEv: 27| 9.15k| size_t length() const { return m_data.size(); } _ZNK5Botan11OctetString5emptyEv: 31| 11.3k| bool empty() const { return m_data.empty(); } _ZNK5Botan11OctetString7bits_ofEv: 36| 3.39k| secure_vector bits_of() const { return m_data; } _ZNK5Botan11OctetString5beginEv: 41| 9.14k| const uint8_t* begin() const { return m_data.data(); } _ZN5Botan11OctetStringC2ENSt3__16vectorIhNS_16secure_allocatorIhEEEE: 99| 13.0k| explicit OctetString(secure_vector in) : m_data(std::move(in)) {} _ZNK5Botan3TLS5Alert8is_validEv: 78| 5.38k| bool is_valid() const { return (m_type_code != AlertType::None); } _ZNK5Botan3TLS5Alert8is_fatalEv: 93| 16.3k| bool is_fatal() const { return m_fatal; } _ZNK5Botan3TLS5Alert4typeEv: 100| 27.6k| Type type() const { return m_type_code; } _ZN5Botan3TLS5AlertC2ENS0_9AlertTypeEb: 126| 5.38k| m_fatal(fatal), m_type_code(type_code) {} _ZN5Botan3TLS12Group_ParamsC2Ev: 141| 138| constexpr Group_Params() : m_code(Group_Params_Code::NONE) {} _ZN5Botan3TLS12Group_ParamsC2ENS0_17Group_Params_CodeE: 144| 3.22k| constexpr Group_Params(Group_Params_Code code) : m_code(code) {} _ZN5Botan3TLS12Group_ParamsC2Et: 147| 31.9k| constexpr Group_Params(uint16_t code) : m_code(static_cast(code)) {} _ZNK5Botan3TLS12Group_ParamseqENS0_17Group_Params_CodeE: 154| 11.1k| constexpr bool operator==(Group_Params_Code code) const { return m_code == code; } _ZNK5Botan3TLS12Group_ParamseqES1_: 156| 49.5k| constexpr bool operator==(Group_Params other) const { return m_code == other.m_code; } _ZNK5Botan3TLS12Group_Params9wire_codeEv: 162| 77.3k| constexpr uint16_t wire_code() const { return static_cast(m_code); } _ZNK5Botan3TLS12Group_Params9is_x25519Ev: 169| 24.4k| constexpr bool is_x25519() const { return m_code == Group_Params_Code::X25519; } _ZNK5Botan3TLS12Group_Params7is_x448Ev: 171| 24.3k| constexpr bool is_x448() const { return m_code == Group_Params_Code::X448; } _ZNK5Botan3TLS12Group_Params19is_ecdh_named_curveEv: 173| 32.1k| constexpr bool is_ecdh_named_curve() const { 174| 32.1k| return m_code == Group_Params_Code::SECP256R1 || m_code == Group_Params_Code::SECP384R1 || ------------------ | Branch (174:17): [True: 2.20k, False: 29.9k] | Branch (174:59): [True: 2.23k, False: 27.6k] ------------------ 175| 27.6k| m_code == Group_Params_Code::SECP521R1 || m_code == Group_Params_Code::BRAINPOOL256R1 || ------------------ | Branch (175:17): [True: 1.93k, False: 25.7k] | Branch (175:59): [True: 3.23k, False: 22.4k] ------------------ 176| 22.4k| m_code == Group_Params_Code::BRAINPOOL384R1 || m_code == Group_Params_Code::BRAINPOOL512R1; ------------------ | Branch (176:17): [True: 2.10k, False: 20.3k] | Branch (176:64): [True: 1.74k, False: 18.6k] ------------------ 177| 32.1k| } _ZNK5Botan3TLS12Group_Params17is_in_ffdhe_rangeEv: 179| 26.0k| constexpr bool is_in_ffdhe_range() const { 180| | // See RFC 7919 181| 26.0k| return wire_code() >= 256 && wire_code() < 512; ------------------ | Branch (181:17): [True: 16.5k, False: 9.47k] | Branch (181:39): [True: 858, False: 15.7k] ------------------ 182| 26.0k| } _ZNK5Botan3TLS12Group_Params17is_dh_named_groupEv: 184| 5.00k| constexpr bool is_dh_named_group() const { 185| 5.00k| return m_code == Group_Params_Code::FFDHE_2048 || m_code == Group_Params_Code::FFDHE_3072 || ------------------ | Branch (185:17): [True: 0, False: 5.00k] | Branch (185:60): [True: 0, False: 5.00k] ------------------ 186| 5.00k| m_code == Group_Params_Code::FFDHE_4096 || m_code == Group_Params_Code::FFDHE_6144 || ------------------ | Branch (186:17): [True: 0, False: 5.00k] | Branch (186:60): [True: 0, False: 5.00k] ------------------ 187| 5.00k| m_code == Group_Params_Code::FFDHE_8192; ------------------ | Branch (187:17): [True: 0, False: 5.00k] ------------------ 188| 5.00k| } _ZNK5Botan3TLS12Group_Params14is_pure_ml_kemEv: 190| 6.20k| constexpr bool is_pure_ml_kem() const { 191| 6.20k| return m_code == Group_Params_Code::ML_KEM_512 || m_code == Group_Params_Code::ML_KEM_768 || ------------------ | Branch (191:17): [True: 0, False: 6.20k] | Branch (191:60): [True: 0, False: 6.20k] ------------------ 192| 6.20k| m_code == Group_Params_Code::ML_KEM_1024; ------------------ | Branch (192:17): [True: 0, False: 6.20k] ------------------ 193| 6.20k| } _ZNK5Botan3TLS12Group_Params16is_pure_frodokemEv: 195| 6.20k| constexpr bool is_pure_frodokem() const { 196| 6.20k| return m_code == Group_Params_Code::eFRODOKEM_640_SHAKE_OQS || ------------------ | Branch (196:17): [True: 0, False: 6.20k] ------------------ 197| 6.20k| m_code == Group_Params_Code::eFRODOKEM_976_SHAKE_OQS || ------------------ | Branch (197:17): [True: 0, False: 6.20k] ------------------ 198| 6.20k| m_code == Group_Params_Code::eFRODOKEM_1344_SHAKE_OQS || ------------------ | Branch (198:17): [True: 0, False: 6.20k] ------------------ 199| 6.20k| m_code == Group_Params_Code::eFRODOKEM_640_AES_OQS || ------------------ | Branch (199:17): [True: 0, False: 6.20k] ------------------ 200| 6.20k| m_code == Group_Params_Code::eFRODOKEM_976_AES_OQS || ------------------ | Branch (200:17): [True: 0, False: 6.20k] ------------------ 201| 6.20k| m_code == Group_Params_Code::eFRODOKEM_1344_AES_OQS; ------------------ | Branch (201:17): [True: 0, False: 6.20k] ------------------ 202| 6.20k| } _ZNK5Botan3TLS12Group_Params17is_pure_ecc_groupEv: 204| 24.3k| constexpr bool is_pure_ecc_group() const { return is_x25519() || is_x448() || is_ecdh_named_curve(); } ------------------ | Branch (204:57): [True: 37, False: 24.3k] | Branch (204:72): [True: 23, False: 24.3k] | Branch (204:85): [True: 5.71k, False: 18.5k] ------------------ _ZNK5Botan3TLS12Group_Params15is_post_quantumEv: 206| 6.20k| constexpr bool is_post_quantum() const { 207| 6.20k| BOTAN_DIAGNOSTIC_PUSH 208| 6.20k| BOTAN_DIAGNOSTIC_IGNORE_DEPRECATED_DECLARATIONS 209| | 210| 6.20k| return is_pure_ml_kem() || is_pure_frodokem() || is_pqc_hybrid(); ------------------ | Branch (210:17): [True: 0, False: 6.20k] | Branch (210:37): [True: 0, False: 6.20k] | Branch (210:59): [True: 0, False: 6.20k] ------------------ 211| | 212| 6.20k| BOTAN_DIAGNOSTIC_POP 213| 6.20k| } _ZNK5Botan3TLS12Group_Params20is_pqc_hybrid_ml_kemEv: 215| 6.20k| constexpr bool is_pqc_hybrid_ml_kem() const { 216| 6.20k| return m_code == Group_Params_Code::HYBRID_SECP256R1_ML_KEM_768 || ------------------ | Branch (216:17): [True: 0, False: 6.20k] ------------------ 217| 6.20k| m_code == Group_Params_Code::HYBRID_SECP384R1_ML_KEM_1024 || ------------------ | Branch (217:17): [True: 0, False: 6.20k] ------------------ 218| 6.20k| m_code == Group_Params_Code::HYBRID_X25519_ML_KEM_768; ------------------ | Branch (218:17): [True: 0, False: 6.20k] ------------------ 219| 6.20k| } _ZNK5Botan3TLS12Group_Params22is_pqc_hybrid_frodokemEv: 221| 6.20k| constexpr bool is_pqc_hybrid_frodokem() const { 222| 6.20k| return m_code == Group_Params_Code::HYBRID_X25519_eFRODOKEM_640_SHAKE_OQS || ------------------ | Branch (222:17): [True: 0, False: 6.20k] ------------------ 223| 6.20k| m_code == Group_Params_Code::HYBRID_X25519_eFRODOKEM_640_AES_OQS || ------------------ | Branch (223:17): [True: 0, False: 6.20k] ------------------ 224| 6.20k| m_code == Group_Params_Code::HYBRID_X448_eFRODOKEM_976_SHAKE_OQS || ------------------ | Branch (224:17): [True: 0, False: 6.20k] ------------------ 225| 6.20k| m_code == Group_Params_Code::HYBRID_X448_eFRODOKEM_976_AES_OQS || ------------------ | Branch (225:17): [True: 0, False: 6.20k] ------------------ 226| 6.20k| m_code == Group_Params_Code::HYBRID_SECP256R1_eFRODOKEM_640_SHAKE_OQS || ------------------ | Branch (226:17): [True: 0, False: 6.20k] ------------------ 227| 6.20k| m_code == Group_Params_Code::HYBRID_SECP256R1_eFRODOKEM_640_AES_OQS || ------------------ | Branch (227:17): [True: 0, False: 6.20k] ------------------ 228| 6.20k| m_code == Group_Params_Code::HYBRID_SECP384R1_eFRODOKEM_976_SHAKE_OQS || ------------------ | Branch (228:17): [True: 0, False: 6.20k] ------------------ 229| 6.20k| m_code == Group_Params_Code::HYBRID_SECP384R1_eFRODOKEM_976_AES_OQS || ------------------ | Branch (229:17): [True: 0, False: 6.20k] ------------------ 230| 6.20k| m_code == Group_Params_Code::HYBRID_SECP521R1_eFRODOKEM_1344_SHAKE_OQS || ------------------ | Branch (230:17): [True: 0, False: 6.20k] ------------------ 231| 6.20k| m_code == Group_Params_Code::HYBRID_SECP521R1_eFRODOKEM_1344_AES_OQS; ------------------ | Branch (231:17): [True: 0, False: 6.20k] ------------------ 232| 6.20k| } _ZNK5Botan3TLS12Group_Params13is_pqc_hybridEv: 234| 6.20k| constexpr bool is_pqc_hybrid() const { return is_pqc_hybrid_ml_kem() || is_pqc_hybrid_frodokem(); } ------------------ | Branch (234:53): [True: 0, False: 6.20k] | Branch (234:79): [True: 0, False: 6.20k] ------------------ _ZN5Botan3TLS19key_exchange_is_pskENS0_8Kex_AlgoE: 274| 2.26k|inline bool key_exchange_is_psk(Kex_Algo m) { 275| 2.26k| return (m == Kex_Algo::PSK || m == Kex_Algo::ECDHE_PSK || m == Kex_Algo::DHE_PSK); ------------------ | Branch (275:12): [True: 6, False: 2.26k] | Branch (275:34): [True: 2.26k, False: 0] | Branch (275:62): [True: 0, False: 0] ------------------ 276| 2.26k|} _ZN5Botan3TLS9CallbacksD2Ev: 59| 6.45k| virtual ~Callbacks() = default; _ZN5Botan3TLS9Callbacks21tls_session_activatedEv: 154| 104| virtual void tls_session_activated() {} _ZN5Botan3TLS9Callbacks26tls_peer_closed_connectionEv: 176| 669| virtual bool tls_peer_closed_connection() { return true; } _ZN5Botan3TLS7Channel13received_dataENSt3__14spanIKhLm18446744073709551615EEE: 58| 6.45k| size_t received_data(std::span data) { return this->from_peer(data); } _ZN5Botan3TLS7ChannelC2Ev: 47| 6.45k| Channel() = default; _ZN5Botan3TLS7ChannelD2Ev: 39| 6.45k| virtual ~Channel() = default; _ZNK5Botan3TLS11Ciphersuite5validEv: 141| 316k| bool valid() const { return m_usable; } _ZNK5Botan3TLS11Ciphersuite16ciphersuite_codeEv: 62| 629k| uint16_t ciphersuite_code() const { return m_ciphersuite_code; } _ZNK5Botan3TLS11Ciphersuite8kex_algoEv: 102| 104| std::string kex_algo() const { return kex_method_to_string(kex_method()); } _ZNK5Botan3TLS11Ciphersuite10kex_methodEv: 104| 23.0k| Kex_Algo kex_method() const { return m_kex_algo; } _ZNK5Botan3TLS11Ciphersuite8sig_algoEv: 109| 126| std::string sig_algo() const { return auth_method_to_string(auth_method()); } _ZNK5Botan3TLS11Ciphersuite11auth_methodEv: 111| 12.1k| Auth_Method auth_method() const { return m_auth_method; } _ZNK5Botan3TLS11Ciphersuite11cipher_algoEv: 116| 2.59k| std::string cipher_algo() const { return m_cipher_algo; } _ZNK5Botan3TLS11Ciphersuite8mac_algoEv: 121| 3.12k| std::string mac_algo() const { return m_mac_algo; } _ZNK5Botan3TLS11Ciphersuite8prf_algoEv: 123| 3.22k| std::string prf_algo() const { return kdf_algo_to_string(m_prf_algo); } _ZNK5Botan3TLS11Ciphersuite13cipher_keylenEv: 128| 1.58k| size_t cipher_keylen() const { return m_cipher_keylen; } _ZNK5Botan3TLS11Ciphersuite12nonce_formatEv: 134| 407| Nonce_Format nonce_format() const { return m_nonce_format; } _ZNK5Botan3TLS11Ciphersuite10mac_keylenEv: 136| 1.58k| size_t mac_keylen() const { return m_mac_keylen; } _ZNK5Botan3TLS11CiphersuiteltEt: 147| 59.7k| bool operator<(const uint16_t c) const { return ciphersuite_code() < c; } _ZN5Botan3TLS11CiphersuiteC2EtPKcNS0_11Auth_MethodENS0_8Kex_AlgoES3_mS3_mNS0_8KDF_AlgoENS0_12Nonce_FormatE: 162| 102| m_ciphersuite_code(ciphersuite_code), 163| 102| m_iana_id(iana_id), 164| 102| m_auth_method(auth_method), 165| 102| m_kex_algo(kex_algo), 166| 102| m_prf_algo(prf_algo), 167| 102| m_nonce_format(nonce_format), 168| 102| m_cipher_algo(cipher_algo), 169| 102| m_mac_algo(mac_algo), 170| 102| m_cipher_keylen(cipher_keylen), 171| 102| m_mac_keylen(mac_keylen), 172| 102| m_usable(is_known_usable(ciphersuite_code)) {} _ZN5Botan3TLS13TLS_ExceptionC2ENS0_9AlertTypeENSt3__117basic_string_viewIcNS3_11char_traitsIcEEEE: 24| 3.08k| Exception(err_msg), m_alert_type(type) {} _ZNK5Botan3TLS13TLS_Exception4typeEv: 21| 3.08k| Alert::Type type() const { return m_alert_type; } _ZN5Botan3TLS18Unexpected_MessageC2ENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 39| 147| explicit Unexpected_Message(std::string_view err) : TLS_Exception(AlertType::UnexpectedMessage, err) {} _ZNK5Botan3TLS9Extension14is_implementedEv: 100| 52| virtual bool is_implemented() const { return true; } _ZN5Botan3TLS21Server_Name_Indicator11static_typeEv: 110| 8.35k| static Extension_Code static_type() { return Extension_Code::ServerNameIndication; } _ZNK5Botan3TLS21Server_Name_Indicator4typeEv: 112| 51| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS21Server_Name_Indicator9host_nameEv: 118| 2| std::string host_name() const { return m_sni_host_name; } _ZNK5Botan3TLS21Server_Name_Indicator5emptyEv: 122| 27| bool empty() const override { return false; } _ZN5Botan3TLS39Application_Layer_Protocol_Notification11static_typeEv: 135| 3.16k| static Extension_Code static_type() { return Extension_Code::ApplicationLayerProtocolNegotiation; } _ZNK5Botan3TLS39Application_Layer_Protocol_Notification4typeEv: 137| 69| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS39Application_Layer_Protocol_Notification9protocolsEv: 139| 16| const std::vector& protocols() const { return m_protocols; } _ZNK5Botan3TLS39Application_Layer_Protocol_Notification5emptyEv: 157| 12| bool empty() const override { return m_protocols.empty(); } _ZNK5Botan3TLS21Certificate_Type_Base5emptyEv: 189| 19| bool empty() const override { 190| | // RFC 7250 4.1 191| | // If the client has no remaining certificate types to send in the 192| | // client hello, other than the default X.509 type, it MUST omit the 193| | // entire client[/server]_certificate_type extension [...]. 194| 19| return m_from == Connection_Side::Client && m_certificate_types.size() == 1 && ------------------ | Branch (194:17): [True: 8, False: 11] | Branch (194:54): [True: 3, False: 5] ------------------ 195| 3| m_certificate_types.front() == Certificate_Type::X509; ------------------ | Branch (195:17): [True: 1, False: 2] ------------------ 196| 19| } _ZN5Botan3TLS23Client_Certificate_Type11static_typeEv: 212| 152| static Extension_Code static_type() { return Extension_Code::ClientCertificateType; } _ZNK5Botan3TLS23Client_Certificate_Type4typeEv: 214| 152| Extension_Code type() const override { return static_type(); } _ZN5Botan3TLS23Server_Certificate_Type11static_typeEv: 226| 94| static Extension_Code static_type() { return Extension_Code::ServerCertificateType; } _ZNK5Botan3TLS23Server_Certificate_Type4typeEv: 228| 94| Extension_Code type() const override { return static_type(); } _ZN5Botan3TLS16Supported_Groups11static_typeEv: 236| 17.8k| static Extension_Code static_type() { return Extension_Code::SupportedGroups; } _ZNK5Botan3TLS16Supported_Groups4typeEv: 238| 5.89k| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS16Supported_Groups5emptyEv: 254| 2.82k| bool empty() const override { return m_groups.empty(); } _ZN5Botan3TLS20Signature_Algorithms11static_typeEv: 265| 6.43k| static Extension_Code static_type() { return Extension_Code::SignatureAlgorithms; } _ZNK5Botan3TLS20Signature_Algorithms4typeEv: 267| 312| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS20Signature_Algorithms17supported_schemesEv: 269| 297| const std::vector& supported_schemes() const { return m_schemes; } _ZNK5Botan3TLS20Signature_Algorithms5emptyEv: 273| 8| bool empty() const override { return m_schemes.empty(); } _ZN5Botan3TLS25Signature_Algorithms_Cert11static_typeEv: 298| 3.09k| static Extension_Code static_type() { return Extension_Code::CertSignatureAlgorithms; } _ZNK5Botan3TLS25Signature_Algorithms_Cert4typeEv: 300| 27| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS25Signature_Algorithms_Cert17supported_schemesEv: 302| 9| const std::vector& supported_schemes() const { return m_schemes; } _ZNK5Botan3TLS25Signature_Algorithms_Cert5emptyEv: 306| 2| bool empty() const override { return m_schemes.empty(); } _ZN5Botan3TLS24SRTP_Protection_Profiles11static_typeEv: 321| 139| static Extension_Code static_type() { return Extension_Code::UseSrtp; } _ZNK5Botan3TLS24SRTP_Protection_Profiles4typeEv: 323| 35| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS24SRTP_Protection_Profiles5emptyEv: 329| 1| bool empty() const override { return m_pp.empty(); } _ZN5Botan3TLS26Certificate_Status_Request11static_typeEv: 348| 4.83k| static Extension_Code static_type() { return Extension_Code::CertificateStatusRequest; } _ZNK5Botan3TLS26Certificate_Status_Request4typeEv: 350| 1.93k| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS26Certificate_Status_Request5emptyEv: 354| 146| bool empty() const override { return false; } _ZN5Botan3TLS18Supported_Versions11static_typeEv: 386| 19.8k| static Extension_Code static_type() { return Extension_Code::SupportedVersions; } _ZNK5Botan3TLS18Supported_Versions4typeEv: 388| 534| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS18Supported_Versions5emptyEv: 392| 3| bool empty() const override { return m_versions.empty(); } _ZNK5Botan3TLS18Supported_Versions8versionsEv: 402| 426| const std::vector& versions() const { return m_versions; } _ZN5Botan3TLS17Record_Size_Limit11static_typeEv: 417| 28| static Extension_Code static_type() { return Extension_Code::RecordSizeLimit; } _ZNK5Botan3TLS17Record_Size_Limit4typeEv: 419| 28| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS17Record_Size_Limit5emptyEv: 429| 16| bool empty() const override { return m_limit == 0; } _ZNK5Botan3TLS17Unknown_Extension5emptyEv: 446| 15.5k| bool empty() const override { return false; } _ZNK5Botan3TLS17Unknown_Extension4typeEv: 448| 35.6k| Extension_Code type() const override { return m_type; } _ZNK5Botan3TLS17Unknown_Extension14is_implementedEv: 450| 376| bool is_implemented() const override { return false; } _ZN5Botan3TLS10Extensions3addEPNS0_9ExtensionE: 482| 6.34k| void add(Extension* extn) { add(std::unique_ptr(extn)); } _ZNK5Botan3TLS10Extensions42contains_implemented_extensions_other_thanERKNSt3__13setINS0_14Extension_CodeENS2_4lessIS4_EENS2_9allocatorIS4_EEEE: 503| 190| bool contains_implemented_extensions_other_than(const std::set& allowed_extensions) const { 504| 190| return contains_other_than(allowed_extensions, true); 505| 190| } _ZNK5Botan3TLS10Extensions3getINS0_9Key_ShareEEEPT_v: 465| 1| T* get() const { 466| 1| return dynamic_cast(get(T::static_type())); 467| 1| } _ZN5Botan3TLS10ExtensionsC2Ev: 535| 20.6k| Extensions() = default; _ZNK5Botan3TLS10Extensions3hasINS0_18Supported_VersionsEEEbv: 470| 6.79k| bool has() const { 471| 6.79k| return get() != nullptr; 472| 6.79k| } _ZNK5Botan3TLS10Extensions3getINS0_18Supported_VersionsEEEPT_v: 465| 19.2k| T* get() const { 466| 19.2k| return dynamic_cast(get(T::static_type())); 467| 19.2k| } _ZNK5Botan3TLS10Extensions3getINS0_26Certificate_Status_RequestEEEPT_v: 465| 2.89k| T* get() const { 466| 2.89k| return dynamic_cast(get(T::static_type())); 467| 2.89k| } _ZN5Botan3TLS9ExtensionD2Ev: 102| 59.6k| virtual ~Extension() = default; _ZNK5Botan3TLS10Extensions3hasINS0_16Supported_GroupsEEEbv: 470| 4| bool has() const { 471| 4| return get() != nullptr; 472| 4| } _ZNK5Botan3TLS10Extensions3hasINS0_9Key_ShareEEEbv: 470| 1| bool has() const { 471| 1| return get() != nullptr; 472| 1| } _ZNK5Botan3TLS10Extensions3getINS0_16Supported_GroupsEEEPT_v: 465| 11.9k| T* get() const { 466| 11.9k| return dynamic_cast(get(T::static_type())); 467| 11.9k| } _ZNK5Botan3TLS10Extensions3hasINS0_3PSKEEEbv: 470| 6| bool has() const { 471| 6| return get() != nullptr; 472| 6| } _ZNK5Botan3TLS10Extensions3getINS0_3PSKEEEPT_v: 465| 6| T* get() const { 466| 6| return dynamic_cast(get(T::static_type())); 467| 6| } _ZN5Botan3TLS10ExtensionsC2EOS1_: 538| 552| Extensions(Extensions&&) = default; _ZNK5Botan3TLS10Extensions3hasINS0_26Certificate_Status_RequestEEEbv: 470| 2.89k| bool has() const { 471| 2.89k| return get() != nullptr; 472| 2.89k| } _ZNK5Botan3TLS10Extensions3getINS0_20Signature_AlgorithmsEEEPT_v: 465| 6.12k| T* get() const { 466| 6.12k| return dynamic_cast(get(T::static_type())); 467| 6.12k| } _ZNK5Botan3TLS10Extensions3getINS0_25Signature_Algorithms_CertEEEPT_v: 465| 3.06k| T* get() const { 466| 3.06k| return dynamic_cast(get(T::static_type())); 467| 3.06k| } _ZNK5Botan3TLS10Extensions3getINS0_21Server_Name_IndicatorEEEPT_v: 465| 8.30k| T* get() const { 466| 8.30k| return dynamic_cast(get(T::static_type())); 467| 8.30k| } _ZNK5Botan3TLS10Extensions3hasINS0_39Application_Layer_Protocol_NotificationEEEbv: 470| 3.07k| bool has() const { 471| 3.07k| return get() != nullptr; 472| 3.07k| } _ZNK5Botan3TLS10Extensions3hasINS0_20Signature_AlgorithmsEEEbv: 470| 2| bool has() const { 471| 2| return get() != nullptr; 472| 2| } _ZNK5Botan3TLS10Extensions3getINS0_39Application_Layer_Protocol_NotificationEEEPT_v: 465| 3.09k| T* get() const { 466| 3.09k| return dynamic_cast(get(T::static_type())); 467| 3.09k| } _ZNK5Botan3TLS10Extensions3getINS0_24SRTP_Protection_ProfilesEEEPT_v: 465| 104| T* get() const { 466| 104| return dynamic_cast(get(T::static_type())); 467| 104| } _ZNK5Botan3TLS10Extensions3getINS0_23Supported_Point_FormatsEEEPT_v: 465| 2.77k| T* get() const { 466| 2.77k| return dynamic_cast(get(T::static_type())); 467| 2.77k| } _ZNK5Botan3TLS10Extensions3hasINS0_23Renegotiation_ExtensionEEEbv: 470| 9.17k| bool has() const { 471| 9.17k| return get() != nullptr; 472| 9.17k| } _ZNK5Botan3TLS10Extensions3getINS0_23Renegotiation_ExtensionEEEPT_v: 465| 12.6k| T* get() const { 466| 12.6k| return dynamic_cast(get(T::static_type())); 467| 12.6k| } _ZNK5Botan3TLS10Extensions3hasINS0_24Session_Ticket_ExtensionEEEbv: 470| 3.20k| bool has() const { 471| 3.20k| return get() != nullptr; 472| 3.20k| } _ZNK5Botan3TLS10Extensions3getINS0_24Session_Ticket_ExtensionEEEPT_v: 465| 6.27k| T* get() const { 466| 6.27k| return dynamic_cast(get(T::static_type())); 467| 6.27k| } _ZNK5Botan3TLS10Extensions3hasINS0_22Extended_Master_SecretEEEbv: 470| 7.63k| bool has() const { 471| 7.63k| return get() != nullptr; 472| 7.63k| } _ZNK5Botan3TLS10Extensions3getINS0_22Extended_Master_SecretEEEPT_v: 465| 7.63k| T* get() const { 466| 7.63k| return dynamic_cast(get(T::static_type())); 467| 7.63k| } _ZNK5Botan3TLS10Extensions3hasINS0_16Encrypt_then_MACEEEbv: 470| 2.46k| bool has() const { 471| 2.46k| return get() != nullptr; 472| 2.46k| } _ZNK5Botan3TLS10Extensions3getINS0_16Encrypt_then_MACEEEPT_v: 465| 2.46k| T* get() const { 466| 2.46k| return dynamic_cast(get(T::static_type())); 467| 2.46k| } _ZN5Botan3TLS23Renegotiation_Extension11static_typeEv: 31| 16.1k| static Extension_Code static_type() { return Extension_Code::SafeRenegotiation; } _ZNK5Botan3TLS23Renegotiation_Extension4typeEv: 33| 3.46k| Extension_Code type() const override { return static_type(); } _ZN5Botan3TLS23Renegotiation_ExtensionC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 37| 110| explicit Renegotiation_Extension(const std::vector& bits) : m_reneg_data(bits) {} _ZNK5Botan3TLS23Renegotiation_Extension18renegotiation_infoEv: 41| 316| const std::vector& renegotiation_info() const { return m_reneg_data; } _ZNK5Botan3TLS23Renegotiation_Extension5emptyEv: 45| 169| bool empty() const override { return false; } // always send this _ZN5Botan3TLS24Session_Ticket_Extension11static_typeEv: 56| 6.44k| static Extension_Code static_type() { return Extension_Code::SessionTicket; } _ZNK5Botan3TLS24Session_Ticket_Extension4typeEv: 58| 172| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS24Session_Ticket_Extension8contentsEv: 63| 24| const Session_Ticket& contents() const { return m_ticket; } _ZNK5Botan3TLS24Session_Ticket_Extension5emptyEv: 82| 21| bool empty() const override { return false; } _ZN5Botan3TLS23Supported_Point_Formats11static_typeEv: 99| 2.99k| static Extension_Code static_type() { return Extension_Code::EcPointFormats; } _ZNK5Botan3TLS23Supported_Point_Formats4typeEv: 101| 223| Extension_Code type() const override { return static_type(); } _ZN5Botan3TLS23Supported_Point_FormatsC2Eb: 105| 40| explicit Supported_Point_Formats(bool prefer_compressed) : m_prefers_compressed(prefer_compressed) {} _ZNK5Botan3TLS23Supported_Point_Formats5emptyEv: 109| 83| bool empty() const override { return false; } _ZNK5Botan3TLS23Supported_Point_Formats18prefers_compressedEv: 111| 40| bool prefers_compressed() const { return m_prefers_compressed; } _ZN5Botan3TLS22Extended_Master_Secret11static_typeEv: 122| 16.6k| static Extension_Code static_type() { return Extension_Code::ExtendedMasterSecret; } _ZNK5Botan3TLS22Extended_Master_Secret4typeEv: 124| 9.01k| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS22Extended_Master_Secret5emptyEv: 128| 5.69k| bool empty() const override { return false; } _ZN5Botan3TLS16Encrypt_then_MAC11static_typeEv: 140| 2.65k| static Extension_Code static_type() { return Extension_Code::EncryptThenMac; } _ZNK5Botan3TLS16Encrypt_then_MAC4typeEv: 142| 195| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS16Encrypt_then_MAC5emptyEv: 146| 113| bool empty() const override { return false; } _ZN5Botan3TLS22Extended_Master_SecretC2Ev: 130| 2.89k| Extended_Master_Secret() = default; _ZN5Botan3TLS16Encrypt_then_MACC2Ev: 148| 55| Encrypt_then_MAC() = default; _ZN5Botan3TLS23Renegotiation_ExtensionC2Ev: 35| 3.16k| Renegotiation_Extension() = default; _ZN5Botan3TLS9Key_Share11static_typeEv: 212| 60| static Extension_Code static_type() { return Extension_Code::KeyShare; } _ZN5Botan3TLS6Cookie11static_typeEv: 44| 49| static Extension_Code static_type() { return Extension_Code::Cookie; } _ZNK5Botan3TLS6Cookie4typeEv: 46| 49| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS6Cookie5emptyEv: 50| 4| bool empty() const override { return m_cookie.empty(); } _ZN5Botan3TLS22PSK_Key_Exchange_Modes11static_typeEv: 67| 837| static Extension_Code static_type() { return Extension_Code::PskKeyExchangeModes; } _ZNK5Botan3TLS22PSK_Key_Exchange_Modes4typeEv: 69| 837| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS22PSK_Key_Exchange_Modes5emptyEv: 73| 20| bool empty() const override { return m_modes.empty(); } _ZN5Botan3TLS23Certificate_Authorities11static_typeEv: 90| 3| static Extension_Code static_type() { return Extension_Code::CertificateAuthorities; } _ZNK5Botan3TLS23Certificate_Authorities4typeEv: 92| 3| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS23Certificate_Authorities5emptyEv: 96| 1| bool empty() const override { return m_distinguished_names.empty(); } _ZN5Botan3TLS3PSK11static_typeEv: 112| 20| static Extension_Code static_type() { return Extension_Code::PresharedKey; } _ZNK5Botan3TLS3PSK4typeEv: 114| 14| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS9Key_Share4typeEv: 214| 59| Extension_Code type() const override { return static_type(); } _ZN5Botan3TLS19EarlyDataIndication11static_typeEv: 306| 38| static Extension_Code static_type() { return Extension_Code::EarlyData; } _ZNK5Botan3TLS19EarlyDataIndication4typeEv: 308| 38| Extension_Code type() const override { return static_type(); } _ZN5Botan3TLS11ExternalPSKC2ENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEES6_NS2_6vectorIhNS_16secure_allocatorIhEEEE: 31| 2.22k| m_identity(identity), m_prf_algo(prf_algo), m_master_secret(std::move(psk)), m_is_imported(false) {} _ZN5Botan3TLS11ExternalPSKD2Ev: 28| 2.22k| ~ExternalPSK() = default; _ZN5Botan3TLS17Handshake_MessageD2Ev: 50| 71.5k| virtual ~Handshake_Message() = default; _ZNK5Botan3TLS17Handshake_Message9wire_typeEv: 39| 17.9k| virtual Handshake_Type wire_type() const { 40| | // Usually equal to the Handshake_Type enum value, 41| | // with the exception of TLS 1.3 Hello Retry Request. 42| 17.9k| return type(); 43| 17.9k| } _ZN5Botan3TLS17Handshake_MessageC2Ev: 51| 37.6k| Handshake_Message() = default; _ZN5Botan3TLS17Handshake_MessageC2EOS1_: 53| 33.9k| Handshake_Message(Handshake_Message&&) = default; _ZNK5Botan3TLS8Finished4typeEv: 274| 214| Handshake_Type type() const override { return Handshake_Type::Finished; } _ZNK5Botan3TLS8Finished9serializeEv: 278| 104| std::vector serialize() const override { return m_verification_data; } _ZNK5Botan3TLS20Hello_Verify_Request4typeEv: 61| 18.2k| Handshake_Type type() const override { return Handshake_Type::HelloVerifyRequest; } _ZNK5Botan3TLS20Hello_Verify_Request6cookieEv: 63| 9.14k| const std::vector& cookie() const { return m_cookie; } _ZNK5Botan3TLS18Certificate_Verify4typeEv: 253| 6| Handshake_Type type() const override { return Handshake_Type::CertificateVerify; } _ZN5Botan3TLS8FinishedC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 272| 119| explicit Finished(const std::vector& buf) : m_verification_data(buf) {} _ZNK5Botan3TLS8Finished11verify_dataEv: 276| 208| std::vector verify_data() const { return m_verification_data; } _ZNK5Botan3TLS14Certificate_1210cert_chainEv: 211| 3| const std::vector& cert_chain() const { return m_certs; } _ZNK5Botan3TLS18Change_Cipher_Spec4typeEv: 416| 104| Handshake_Type type() const override { return Handshake_Type::HandshakeCCS; } _ZNK5Botan3TLS18Change_Cipher_Spec9serializeEv: 418| 104| std::vector serialize() const override { return std::vector(1, 1); } _ZN5Botan3TLS15Server_Hello_128SettingsC2ENS_6StrongINSt3__16vectorIhNS4_9allocatorIhEEEENS0_11Session_ID_EJEEENS0_16Protocol_VersionEtb: 97| 2.89k| m_new_session_id(std::move(new_session_id)), 98| 2.89k| m_new_session_version(new_session_version), 99| 2.89k| m_ciphersuite(ciphersuite), 100| 2.89k| m_offer_session_ticket(offer_session_ticket) {} _ZNK5Botan3TLS15Server_Hello_128Settings10session_idEv: 102| 2.89k| const Session_ID& session_id() const { return m_new_session_id; } _ZNK5Botan3TLS15Server_Hello_128Settings16protocol_versionEv: 104| 5.78k| Protocol_Version protocol_version() const { return m_new_session_version; } _ZNK5Botan3TLS15Server_Hello_128Settings11ciphersuiteEv: 106| 2.89k| uint16_t ciphersuite() const { return m_ciphersuite; } _ZNK5Botan3TLS15Server_Hello_128Settings20offer_session_ticketEv: 108| 15| bool offer_session_ticket() const { return m_offer_session_ticket; } _ZNK5Botan3TLS19Client_Key_Exchange17pre_master_secretEv: 174| 1.35k| const secure_vector& pre_master_secret() const { return m_pre_master; } _ZNK5Botan3TLS19Client_Key_Exchange12psk_identityEv: 179| 208| const std::optional& psk_identity() const { return m_psk_identity; } _ZNK5Botan3TLS14Certificate_124typeEv: 209| 6| Handshake_Type type() const override { return Handshake_Type::Certificate; } _ZNK5Botan3TLS19Server_Key_Exchange4typeEv: 324| 5.77k| Handshake_Type type() const override { return Handshake_Type::ServerKeyExchange; } _ZNK5Botan3TLS19Server_Key_Exchange6paramsEv: 326| 2.88k| const std::vector& params() const { return m_params; } _ZNK5Botan3TLS19Server_Key_Exchange12shared_groupEv: 337| 2.20k| const std::optional& shared_group() const { return m_shared_group; } _ZNK5Botan3TLS17Server_Hello_Done4typeEv: 375| 5.77k| Handshake_Type type() const override { return Handshake_Type::ServerHelloDone; } _ZNK5Botan3TLS20Encrypted_Extensions4typeEv: 155| 588| Handshake_Type type() const override { return Handshake_Type::EncryptedExtensions; } _ZNK5Botan3TLS14Certificate_134typeEv: 204| 2| Handshake_Type type() const override { return Handshake_Type::Certificate; } _ZN5Botan3TLS6PolicyD2Ev: 610| 6.45k| virtual ~Policy() = default; _ZN5Botan3TLS11PskIdentityC2ENSt3__16vectorIhNS2_9allocatorIhEEEEj: 41| 681| m_identity(std::move(identity)), m_obfuscated_age(obfuscated_age) {} _ZN5Botan3TLS18Server_InformationC2ENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEEt: 32| 6.56k| m_hostname(hostname), m_port(port) {} _ZN5Botan3TLS18Server_InformationC2Ev: 24| 5.69k| Server_Information() = default; _ZNK5Botan3TLS7Session13lifetime_hintEv: 350| 104| std::chrono::seconds lifetime_hint() const { return m_lifetime_hint; } _ZNK5Botan3TLS12Session_Base7versionEv: 74| 104| Protocol_Version version() const { return m_version; } _ZN5Botan3TLS15Session_Summary14set_session_idENS_6StrongINSt3__16vectorIhNS3_9allocatorIhEEEENS0_11Session_ID_EJEEE: 220| 104| void set_session_id(Session_ID id) { m_session_id = std::move(id); } _ZN5Botan3TLS14Session_HandleC2ENS_6StrongINSt3__16vectorIhNS3_9allocatorIhEEEENS0_11Session_ID_EJEEE: 59| 86| Session_Handle(Session_ID id) : m_handle(std::move(id)) { validate_constraints(); } _ZN5Botan3TLS14Session_HandleC2ENS_6StrongINSt3__16vectorIhNS3_9allocatorIhEEEENS0_15Session_Ticket_EJEEE: 70| 20| Session_Handle(Session_Ticket ticket) : m_handle(std::move(ticket)) { validate_constraints(); } _ZN5Botan3TLS15Session_ManagerD2Ev: 217| 6.45k| virtual ~Session_Manager() = default; _ZN5Botan3TLS15Session_Manager21emits_session_ticketsEv: 215| 2.89k| virtual bool emits_session_tickets() { return false; } _ZN5Botan3TLS20Session_Manager_Noop6removeERKNS0_14Session_HandleE: 33| 85| size_t remove(const Session_Handle& /*session*/) override { return 0; } _ZNK5Botan3TLS16Signature_Scheme9wire_codeEv: 74| 30.9k| Signature_Scheme::Code wire_code() const noexcept { return m_code; } _ZNK5Botan3TLS16Signature_SchemeeqERKS1_: 106| 126k| bool operator==(const Signature_Scheme& rhs) const { return m_code == rhs.m_code; } _ZN5Botan3TLS16Protocol_VersionC2Ev: 54| 41.9k| Protocol_Version() : m_version(0) {} _ZN5Botan3TLS16Protocol_VersionC2Et: 56| 421k| explicit Protocol_Version(uint16_t code) : m_version(code) {} _ZN5Botan3TLS16Protocol_VersionC2ENS0_12Version_CodeE: 62| 359k| Protocol_Version(static_cast(named_version)) {} _ZN5Botan3TLS16Protocol_VersionC2Ehh: 69| 47.0k| Protocol_Version(static_cast((static_cast(major) << 8) | minor)) {} _ZNK5Botan3TLS16Protocol_Version13major_versionEv: 84| 565k| uint8_t major_version() const { return static_cast(m_version >> 8); } _ZNK5Botan3TLS16Protocol_Version13minor_versionEv: 89| 47.6k| uint8_t minor_version() const { return static_cast(m_version & 0xFF); } _ZNK5Botan3TLS16Protocol_VersioneqERKS1_: 123| 332k| bool operator==(const Protocol_Version& other) const { return (m_version == other.m_version); } _ZNK5Botan3TLS16Protocol_VersionneERKS1_: 128| 2.72k| bool operator!=(const Protocol_Version& other) const { return (m_version != other.m_version); } _ZNK5Botan3TLS16Protocol_VersiongeERKS1_: 138| 17.8k| bool operator>=(const Protocol_Version& other) const { return (*this == other || *this > other); } ------------------ | Branch (138:70): [True: 174, False: 17.6k] | Branch (138:88): [True: 17.6k, False: 63] ------------------ _ZNK5Botan3TLS16Protocol_VersionltERKS1_: 143| 5.84k| bool operator<(const Protocol_Version& other) const { return !(*this >= other); } _ZNK5Botan3TLS16Protocol_VersionleERKS1_: 148| 305k| bool operator<=(const Protocol_Version& other) const { return (*this == other || *this < other); } ------------------ | Branch (148:70): [True: 299k, False: 5.84k] | Branch (148:88): [True: 42, False: 5.80k] ------------------ _ZNK5Botan16X25519_PublicKey9algo_nameEv: 16| 17| std::string algo_name() const override { return "X25519"; } _ZNK5Botan16X25519_PublicKey10key_lengthEv: 20| 3| size_t key_length() const override { return 255; } _ZN5Botan16X25519_PublicKeyC2Ev: 52| 17| X25519_PublicKey() = default; _ZNK5Botan14X448_PublicKey9algo_nameEv: 34| 5| std::string algo_name() const override { return "X448"; } _ZNK5Botan14X448_PublicKey10key_lengthEv: 38| 1| size_t key_length() const override { return 448; } _ZN5Botan14X448_PublicKeyC2Ev: 57| 7| X448_PublicKey() = default; _ZNK5Botan14Cert_Extension17Basic_Constraints5is_caEv: 51| 6.45k| bool is_ca() const { return m_is_ca; } _ZN5Botan14Cert_Extension17Basic_Constraints10static_oidEv: 55| 6.45k| static OID static_oid() { return OID({2, 5, 29, 19}); } _ZNK5Botan14Cert_Extension17Basic_Constraints8oid_nameEv: 60| 6.45k| std::string oid_name() const override { return "X509v3.BasicConstraints"; } _ZN5Botan14Cert_Extension9Key_Usage10static_oidEv: 84| 6.45k| static OID static_oid() { return OID({2, 5, 29, 15}); } _ZNK5Botan14Cert_Extension14Subject_Key_ID10get_key_idEv: 114| 6.45k| const std::vector& get_key_id() const { return m_key_id; } _ZN5Botan14Cert_Extension14Subject_Key_ID10static_oidEv: 116| 6.45k| static OID static_oid() { return OID({2, 5, 29, 14}); } _ZNK5Botan14Cert_Extension14Subject_Key_ID8oid_nameEv: 121| 6.45k| std::string oid_name() const override { return "X509v3.SubjectKeyIdentifier"; } _ZNK5Botan14Cert_Extension16Authority_Key_ID10get_key_idEv: 144| 6.45k| const std::vector& get_key_id() const { return m_key_id; } _ZN5Botan14Cert_Extension16Authority_Key_ID10static_oidEv: 146| 6.45k| static OID static_oid() { return OID({2, 5, 29, 35}); } _ZNK5Botan14Cert_Extension16Authority_Key_ID8oid_nameEv: 151| 6.45k| std::string oid_name() const override { return "X509v3.AuthorityKeyIdentifier"; } _ZNK5Botan14Cert_Extension24Subject_Alternative_Name12get_alt_nameEv: 166| 6.45k| const AlternativeName& get_alt_name() const { return m_alt_name; } _ZN5Botan14Cert_Extension24Subject_Alternative_Name10static_oidEv: 168| 6.45k| static OID static_oid() { return OID({2, 5, 29, 17}); } _ZN5Botan14Cert_Extension24Subject_Alternative_NameC2ERKNS_15AlternativeNameE: 176| 6.45k| explicit Subject_Alternative_Name(const AlternativeName& name = AlternativeName()) : m_alt_name(name) {} _ZNK5Botan14Cert_Extension24Subject_Alternative_Name8oid_nameEv: 179| 6.45k| std::string oid_name() const override { return "X509v3.SubjectAlternativeName"; } _ZN5Botan14Cert_Extension23Issuer_Alternative_Name10static_oidEv: 196| 6.45k| static OID static_oid() { return OID({2, 5, 29, 18}); } _ZN5Botan14Cert_Extension18Extended_Key_Usage10static_oidEv: 232| 6.45k| static OID static_oid() { return OID({2, 5, 29, 37}); } _ZN5Botan14Cert_Extension16Name_Constraints10static_oidEv: 268| 6.45k| static OID static_oid() { return OID({2, 5, 29, 30}); } _ZN5Botan14Cert_Extension20Certificate_Policies10static_oidEv: 298| 6.45k| static OID static_oid() { return OID({2, 5, 29, 32}); } _ZN5Botan14Cert_Extension28Authority_Information_Access10static_oidEv: 348| 6.45k| static OID static_oid() { return OID({1, 3, 6, 1, 5, 5, 7, 1, 1}); } _ZN5Botan14Cert_Extension23CRL_Distribution_Points10static_oidEv: 454| 6.45k| static OID static_oid() { return OID({2, 5, 29, 31}); } _ZN5Botan14Cert_Extension14Subject_Key_IDC2Ev: 104| 6.45k| Subject_Key_ID() = default; _ZN5Botan14Cert_Extension16Authority_Key_IDC2Ev: 140| 6.45k| Authority_Key_ID() = default; _ZN5Botan11X509_ObjectC2Ev: 120| 6.75k| X509_Object() = default; _ZN5Botan16X509_CertificateC2ERKS0_: 477| 6.13k| X509_Certificate(const X509_Certificate& other) = default; LLVMFuzzerInitialize: 28| 2|extern "C" int LLVMFuzzerInitialize(int* /*argc*/, char*** /*argv*/) { 29| | /* 30| | * This disables the mlock pool, as overwrites within the pool are 31| | * opaque to ASan or other instrumentation. 32| | */ 33| 2| ::setenv("BOTAN_MLOCK_POOL_SIZE", "0", 1); 34| 2| return 0; 35| 2|} LLVMFuzzerTestOneInput: 39| 6.46k|extern "C" int LLVMFuzzerTestOneInput(const uint8_t in[], size_t len) { 40| 6.46k| if(len <= max_fuzzer_input_size) { ------------------ | Branch (40:7): [True: 6.45k, False: 7] ------------------ 41| 6.45k| try { 42| 6.45k| fuzz(std::span(in, len)); 43| 6.45k| } catch(const std::exception& e) { 44| 0| std::cerr << "Uncaught exception from fuzzer driver " << e.what() << "\n"; 45| 0| abort(); 46| 0| } catch(...) { 47| 0| std::cerr << "Uncaught exception from fuzzer driver (unknown type)\n"; 48| 0| abort(); 49| 0| } 50| 6.45k| } 51| 6.46k| return 0; 52| 6.46k|} _Z20fuzzer_rng_as_sharedv: 56| 6.45k|inline std::shared_ptr fuzzer_rng_as_shared() { 57| 6.45k| static const std::shared_ptr rng = 58| 6.45k| std::make_shared(Botan::secure_vector(32)); 59| 6.45k| return rng; 60| 6.45k|} _Z4fuzzNSt3__14spanIKhLm18446744073709551615EEE: 175| 6.45k|void fuzz(std::span in) { 176| 6.45k| if(in.size() <= 1) { ------------------ | Branch (176:7): [True: 1, False: 6.45k] ------------------ 177| 1| return; 178| 1| } 179| | 180| 6.45k| auto session_manager = std::make_shared(); 181| 6.45k| auto policy = std::make_shared(); 182| 6.45k| const Botan::TLS::Server_Information info("server.name", 443); 183| 6.45k| auto creds = std::make_shared(); 184| 6.45k| auto callbacks = std::make_shared(); 185| | 186| 6.45k| const bool is_datagram = (in[0] & 1) == 1; 187| | 188| 6.45k| Botan::TLS::Server server(callbacks, session_manager, creds, policy, fuzzer_rng_as_shared(), is_datagram); 189| | 190| 6.45k| try { 191| 6.45k| server.received_data(in.subspan(1, in.size() - 1)); 192| 6.45k| } catch(const std::exception& e) {} 193| 6.45k|} tls_server.cpp:_ZNK12_GLOBAL__N_117Fuzzer_TLS_Policy16ciphersuite_listEN5Botan3TLS16Protocol_VersionE: 122| 3.06k| std::vector ciphersuite_list(Botan::TLS::Protocol_Version version) const override { 123| 3.06k| std::vector ciphersuites; 124| | 125| 312k| for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites()) { ------------------ | Branch (125:27): [True: 312k, False: 3.06k] ------------------ 126| 312k| if(suite.valid() and suite.usable_in_version(version)) { ------------------ | Branch (126:16): [True: 288k, False: 24.5k] | Branch (126:34): [True: 272k, False: 15.3k] ------------------ 127| 272k| ciphersuites.push_back(suite.ciphersuite_code()); 128| 272k| } 129| 312k| } 130| | 131| 3.06k| return ciphersuites; 132| 3.06k| } tls_server.cpp:_ZN12_GLOBAL__N_123Fuzzer_TLS_Server_CredsC2Ev: 49| 6.45k| Fuzzer_TLS_Server_Creds() { 50| 6.45k| Botan::DataSource_Memory cert_in(fixed_ecdsa_cert); 51| 6.45k| m_ecdsa_cert = std::make_unique(cert_in); 52| | 53| 6.45k| Botan::DataSource_Memory key_in(fixed_ecdsa_key); 54| 6.45k| m_ecdsa_key.reset(Botan::PKCS8::load_key(key_in).release()); 55| 6.45k| } tls_server.cpp:_ZN12_GLOBAL__N_123Fuzzer_TLS_Server_Creds10cert_chainERKNSt3__16vectorINS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS6_IS8_EEEERKNS2_IN5Botan19AlgorithmIdentifierENS6_ISE_EEEERKS8_SK_: 61| 6.12k| const std::string& /*hostname*/) override { 62| 6.12k| std::vector v; 63| | 64| 6.12k| for(const auto& algo : algos) { ------------------ | Branch (64:31): [True: 6.12k, False: 3.06k] ------------------ 65| 6.12k| if(algo == "ECDSA") { ------------------ | Branch (65:16): [True: 3.06k, False: 3.06k] ------------------ 66| 3.06k| v.push_back(*m_ecdsa_cert); 67| 3.06k| break; 68| 3.06k| } 69| 6.12k| } 70| | 71| 6.12k| return v; 72| 6.12k| } tls_server.cpp:_ZN12_GLOBAL__N_123Fuzzer_TLS_Server_Creds15private_key_forERKN5Botan16X509_CertificateERKNSt3__112basic_stringIcNS5_11char_traitsIcEENS5_9allocatorIcEEEESD_: 76| 3| const std::string& /*context*/) override { 77| 3| if(type == "ECDSA") { ------------------ | Branch (77:13): [True: 0, False: 3] ------------------ 78| 0| return m_ecdsa_key; 79| 0| } 80| 3| return nullptr; 81| 3| } tls_server.cpp:_ZN12_GLOBAL__N_123Fuzzer_TLS_Server_Creds18dtls_cookie_secretEv: 87| 9.14k| Botan::secure_vector dtls_cookie_secret() override { 88| 9.14k| return Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899"); 89| 9.14k| } tls_server.cpp:_ZN12_GLOBAL__N_123Fuzzer_TLS_Server_Creds17psk_identity_hintERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEES9_: 91| 2.88k| std::string psk_identity_hint(const std::string& /*type*/, const std::string& /*context*/) override { 92| 2.88k| return "psk_hint"; 93| 2.88k| } tls_server.cpp:_ZN12_GLOBAL__N_123Fuzzer_TLS_Server_Creds19find_preshared_keysENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEN5Botan3TLS15Connection_SideERKNS1_6vectorINS1_12basic_stringIcS4_NS1_9allocatorIcEEEENSB_ISD_EEEERKNS1_8optionalISD_EE: 105| 2.25k| const std::optional& prf = std::nullopt) override { 106| 2.25k| if(!identities.empty() && std::find(identities.begin(), identities.end(), "psk_id") == identities.end()) { ------------------ | Branch (106:13): [True: 2.25k, False: 0] | Branch (106:13): [True: 30, False: 2.22k] | Branch (106:36): [True: 30, False: 2.22k] ------------------ 107| 30| return Botan::Credentials_Manager::find_preshared_keys(host, whoami, identities, prf); 108| 30| } 109| | 110| 2.22k| std::vector psks; 111| 2.22k| psks.emplace_back("psk_id", "SHA-256", Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899")); 112| 2.22k| return psks; 113| 2.25k| } tls_server.cpp:_ZN12_GLOBAL__N_127Fuzzer_TLS_Server_Callbacks13tls_emit_dataENSt3__14spanIKhLm18446744073709551615EEE: 137| 22.6k| void tls_emit_data(std::span /*data*/) override { 138| | // discard 139| 22.6k| } tls_server.cpp:_ZN12_GLOBAL__N_127Fuzzer_TLS_Server_Callbacks9tls_alertEN5Botan3TLS5AlertE: 145| 3.12k| void tls_alert(Botan::TLS::Alert /*alert*/) override { 146| | // ignore alert 147| 3.12k| } tls_server.cpp:_ZN12_GLOBAL__N_127Fuzzer_TLS_Server_Callbacks30tls_server_choose_app_protocolERKNSt3__16vectorINS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS6_IS8_EEEE: 149| 16| std::string tls_server_choose_app_protocol(const std::vector& client_protos) override { 150| 16| if(client_protos.size() > 1) { ------------------ | Branch (150:13): [True: 14, False: 2] ------------------ 151| 14| return client_protos[0]; 152| 14| } else { 153| 2| return "fuzzy"; 154| 2| } 155| 16| } _ZN5Botan19AlgorithmIdentifierC2ERKNS_3OIDERKNSt3__16vectorIhNS4_9allocatorIhEEEE: 19| 12.4k| m_oid(oid), m_parameters(param) {} _ZN5Botan19AlgorithmIdentifierC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEERKNS1_6vectorIhNS1_9allocatorIhEEEE: 25| 6.22k| AlgorithmIdentifier(OID::from_string(oid), param) {} _ZN5Botan19AlgorithmIdentifierC2ERKNS_3OIDENS0_15Encoding_OptionE: 30| 696|AlgorithmIdentifier::AlgorithmIdentifier(const OID& oid, Encoding_Option option) : m_oid(oid) { 31| 696| constexpr uint8_t DER_NULL[] = {0x05, 0x00}; 32| | 33| 696| if(option == USE_NULL_PARAM) { ------------------ | Branch (33:7): [True: 518, False: 178] ------------------ 34| 518| m_parameters.assign(DER_NULL, DER_NULL + 2); 35| 518| } 36| 696|} _ZN5Botan19AlgorithmIdentifierC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEENS0_15Encoding_OptionE: 41| 6.22k|AlgorithmIdentifier::AlgorithmIdentifier(std::string_view oid, Encoding_Option option) : m_oid(OID::from_string(oid)) { 42| 6.22k| constexpr uint8_t DER_NULL[2] = {0x05, 0x00}; 43| | 44| 6.22k| if(option == USE_NULL_PARAM) { ------------------ | Branch (44:7): [True: 6.22k, False: 0] ------------------ 45| 6.22k| m_parameters.assign(DER_NULL, DER_NULL + 2); 46| 6.22k| } 47| 6.22k|} _ZN5BotaneqERKNS_19AlgorithmIdentifierES2_: 53| 6.45k|bool operator==(const AlgorithmIdentifier& a1, const AlgorithmIdentifier& a2) { 54| 6.45k| if(a1.oid() != a2.oid()) { ------------------ | Branch (54:7): [True: 0, False: 6.45k] ------------------ 55| 0| return false; 56| 0| } 57| | 58| | /* 59| | * Treat NULL and empty as equivalent 60| | */ 61| 6.45k| if(a1.parameters_are_null_or_empty() && a2.parameters_are_null_or_empty()) { ------------------ | Branch (61:7): [True: 6.45k, False: 0] | Branch (61:44): [True: 6.45k, False: 0] ------------------ 62| 6.45k| return true; 63| 6.45k| } 64| | 65| 0| return (a1.parameters() == a2.parameters()); 66| 6.45k|} _ZN5BotanneERKNS_19AlgorithmIdentifierES2_: 68| 6.45k|bool operator!=(const AlgorithmIdentifier& a1, const AlgorithmIdentifier& a2) { 69| 6.45k| return !(a1 == a2); 70| 6.45k|} _ZNK5Botan19AlgorithmIdentifier11encode_intoERNS_11DER_EncoderE: 75| 25.1k|void AlgorithmIdentifier::encode_into(DER_Encoder& codec) const { 76| 25.1k| codec.start_sequence().encode(oid()).raw_bytes(parameters()).end_cons(); 77| 25.1k|} _ZN5Botan19AlgorithmIdentifier11decode_fromERNS_11BER_DecoderE: 82| 25.9k|void AlgorithmIdentifier::decode_from(BER_Decoder& codec) { 83| 25.9k| codec.start_sequence().decode(m_oid).raw_bytes(m_parameters).end_cons(); 84| 25.9k|} _ZNK5Botan11ASN1_Object10BER_encodeEv: 20| 12.6k|std::vector ASN1_Object::BER_encode() const { 21| 12.6k| std::vector output; 22| 12.6k| DER_Encoder der(output); 23| 12.6k| this->encode_into(der); 24| 12.6k| return output; 25| 12.6k|} _ZN5Botan10BER_ObjectD2Ev: 27| 1.15M|BER_Object::~BER_Object() { 28| 1.15M| secure_scrub_memory(m_value); 29| 1.15M|} _ZNK5Botan10BER_Object11assert_is_aENS_9ASN1_TypeENS_10ASN1_ClassENSt3__117basic_string_viewIcNS3_11char_traitsIcEEEE: 34| 311k|void BER_Object::assert_is_a(ASN1_Type expected_type_tag, ASN1_Class expected_class_tag, std::string_view descr) const { 35| 311k| if(!this->is_a(expected_type_tag, expected_class_tag)) { ------------------ | Branch (35:7): [True: 142, False: 311k] ------------------ 36| 142| std::stringstream msg; 37| | 38| 142| msg << "Tag mismatch when decoding " << descr << " got "; 39| | 40| 142| if(m_class_tag == ASN1_Class::NoObject && m_type_tag == ASN1_Type::NoObject) { ------------------ | Branch (40:10): [True: 3, False: 139] | Branch (40:49): [True: 3, False: 0] ------------------ 41| 3| msg << "EOF"; 42| 139| } else { 43| 139| if(m_class_tag == ASN1_Class::Universal || m_class_tag == ASN1_Class::Constructed) { ------------------ | Branch (43:13): [True: 22, False: 117] | Branch (43:53): [True: 67, False: 50] ------------------ 44| 89| msg << asn1_tag_to_string(m_type_tag); 45| 89| } else { 46| 50| msg << std::to_string(static_cast(m_type_tag)); 47| 50| } 48| | 49| 139| msg << "/" << asn1_class_to_string(m_class_tag); 50| 139| } 51| | 52| 142| msg << " expected "; 53| | 54| 142| if(expected_class_tag == ASN1_Class::Universal || expected_class_tag == ASN1_Class::Constructed) { ------------------ | Branch (54:10): [True: 46, False: 96] | Branch (54:57): [True: 96, False: 0] ------------------ 55| 142| msg << asn1_tag_to_string(expected_type_tag); 56| 142| } else { 57| 0| msg << std::to_string(static_cast(expected_type_tag)); 58| 0| } 59| | 60| 142| msg << "/" << asn1_class_to_string(expected_class_tag); 61| | 62| 142| throw BER_Decoding_Error(msg.str()); 63| 142| } 64| 311k|} _ZNK5Botan10BER_Object4is_aENS_9ASN1_TypeENS_10ASN1_ClassE: 66| 421k|bool BER_Object::is_a(ASN1_Type expected_type_tag, ASN1_Class expected_class_tag) const { 67| 421k| return (m_type_tag == expected_type_tag && m_class_tag == expected_class_tag); ------------------ | Branch (67:12): [True: 356k, False: 64.7k] | Branch (67:47): [True: 356k, False: 10] ------------------ 68| 421k|} _ZNK5Botan10BER_Object4is_aEiNS_10ASN1_ClassE: 70| 32.2k|bool BER_Object::is_a(int expected_type_tag, ASN1_Class expected_class_tag) const { 71| 32.2k| return is_a(ASN1_Type(expected_type_tag), expected_class_tag); 72| 32.2k|} _ZN5Botan10BER_Object11set_taggingENS_9ASN1_TypeENS_10ASN1_ClassE: 74| 499k|void BER_Object::set_tagging(ASN1_Type type_tag, ASN1_Class class_tag) { 75| 499k| m_type_tag = type_tag; 76| 499k| m_class_tag = class_tag; 77| 499k|} _ZN5Botan20asn1_class_to_stringENS_10ASN1_ClassE: 79| 281|std::string asn1_class_to_string(ASN1_Class type) { 80| 281| switch(type) { 81| 68| case ASN1_Class::Universal: ------------------ | Branch (81:7): [True: 68, False: 213] ------------------ 82| 68| return "UNIVERSAL"; 83| 163| case ASN1_Class::Constructed: ------------------ | Branch (83:7): [True: 163, False: 118] ------------------ 84| 163| return "CONSTRUCTED"; 85| 2| case ASN1_Class::ContextSpecific: ------------------ | Branch (85:7): [True: 2, False: 279] ------------------ 86| 2| return "CONTEXT_SPECIFIC"; 87| 6| case ASN1_Class::Application: ------------------ | Branch (87:7): [True: 6, False: 275] ------------------ 88| 6| return "APPLICATION"; 89| 2| case ASN1_Class::Private: ------------------ | Branch (89:7): [True: 2, False: 279] ------------------ 90| 2| return "PRIVATE"; 91| 0| case ASN1_Class::NoObject: ------------------ | Branch (91:7): [True: 0, False: 281] ------------------ 92| 0| return "NO_OBJECT"; 93| 40| default: ------------------ | Branch (93:7): [True: 40, False: 241] ------------------ 94| 40| return "CLASS(" + std::to_string(static_cast(type)) + ")"; 95| 281| } 96| 281|} _ZN5Botan18asn1_tag_to_stringENS_9ASN1_TypeE: 98| 266|std::string asn1_tag_to_string(ASN1_Type type) { 99| 266| switch(type) { 100| 95| case ASN1_Type::Sequence: ------------------ | Branch (100:7): [True: 95, False: 171] ------------------ 101| 95| return "SEQUENCE"; 102| | 103| 5| case ASN1_Type::Set: ------------------ | Branch (103:7): [True: 5, False: 261] ------------------ 104| 5| return "SET"; 105| | 106| 2| case ASN1_Type::PrintableString: ------------------ | Branch (106:7): [True: 2, False: 264] ------------------ 107| 2| return "PRINTABLE STRING"; 108| | 109| 3| case ASN1_Type::NumericString: ------------------ | Branch (109:7): [True: 3, False: 263] ------------------ 110| 3| return "NUMERIC STRING"; 111| | 112| 2| case ASN1_Type::Ia5String: ------------------ | Branch (112:7): [True: 2, False: 264] ------------------ 113| 2| return "IA5 STRING"; 114| | 115| 1| case ASN1_Type::TeletexString: ------------------ | Branch (115:7): [True: 1, False: 265] ------------------ 116| 1| return "T61 STRING"; 117| | 118| 29| case ASN1_Type::Utf8String: ------------------ | Branch (118:7): [True: 29, False: 237] ------------------ 119| 29| return "UTF8 STRING"; 120| | 121| 5| case ASN1_Type::VisibleString: ------------------ | Branch (121:7): [True: 5, False: 261] ------------------ 122| 5| return "VISIBLE STRING"; 123| | 124| 2| case ASN1_Type::BmpString: ------------------ | Branch (124:7): [True: 2, False: 264] ------------------ 125| 2| return "BMP STRING"; 126| | 127| 1| case ASN1_Type::UniversalString: ------------------ | Branch (127:7): [True: 1, False: 265] ------------------ 128| 1| return "UNIVERSAL STRING"; 129| | 130| 1| case ASN1_Type::UtcTime: ------------------ | Branch (130:7): [True: 1, False: 265] ------------------ 131| 1| return "UTC TIME"; 132| | 133| 2| case ASN1_Type::GeneralizedTime: ------------------ | Branch (133:7): [True: 2, False: 264] ------------------ 134| 2| return "GENERALIZED TIME"; 135| | 136| 1| case ASN1_Type::OctetString: ------------------ | Branch (136:7): [True: 1, False: 265] ------------------ 137| 1| return "OCTET STRING"; 138| | 139| 17| case ASN1_Type::BitString: ------------------ | Branch (139:7): [True: 17, False: 249] ------------------ 140| 17| return "BIT STRING"; 141| | 142| 1| case ASN1_Type::Enumerated: ------------------ | Branch (142:7): [True: 1, False: 265] ------------------ 143| 1| return "ENUMERATED"; 144| | 145| 34| case ASN1_Type::Integer: ------------------ | Branch (145:7): [True: 34, False: 232] ------------------ 146| 34| return "INTEGER"; 147| | 148| 3| case ASN1_Type::Null: ------------------ | Branch (148:7): [True: 3, False: 263] ------------------ 149| 3| return "NULL"; 150| | 151| 1| case ASN1_Type::ObjectId: ------------------ | Branch (151:7): [True: 1, False: 265] ------------------ 152| 1| return "OBJECT"; 153| | 154| 2| case ASN1_Type::Boolean: ------------------ | Branch (154:7): [True: 2, False: 264] ------------------ 155| 2| return "BOOLEAN"; 156| | 157| 0| case ASN1_Type::NoObject: ------------------ | Branch (157:7): [True: 0, False: 266] ------------------ 158| 0| return "NO_OBJECT"; 159| | 160| 59| default: ------------------ | Branch (160:7): [True: 59, False: 207] ------------------ 161| 59| return "TAG(" + std::to_string(static_cast(type)) + ")"; 162| 266| } 163| 266|} _ZN5Botan18BER_Decoding_ErrorC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 168| 400|BER_Decoding_Error::BER_Decoding_Error(std::string_view err) : Decoding_Error(fmt("BER: {}", err)) {} _ZN5Botan11BER_Bad_TagC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEj: 170| 19|BER_Bad_Tag::BER_Bad_Tag(std::string_view str, uint32_t tagging) : BER_Decoding_Error(fmt("{}: {}", str, tagging)) {} _ZN5Botan4ASN115put_in_sequenceERKNSt3__16vectorIhNS1_9allocatorIhEEEE: 177| 19.3k|std::vector put_in_sequence(const std::vector& contents) { 178| 19.3k| return ASN1::put_in_sequence(contents.data(), contents.size()); 179| 19.3k|} _ZN5Botan4ASN115put_in_sequenceEPKhm: 181| 19.3k|std::vector put_in_sequence(const uint8_t bits[], size_t len) { 182| 19.3k| std::vector output; 183| 19.3k| DER_Encoder(output).start_sequence().raw_bytes(bits, len).end_cons(); 184| 19.3k| return output; 185| 19.3k|} _ZN5Botan4ASN19to_stringERKNS_10BER_ObjectE: 190| 58.1k|std::string to_string(const BER_Object& obj) { 191| 58.1k| return bytes_to_string(obj.data()); 192| 58.1k|} _ZN5Botan4ASN19maybe_BERERNS_10DataSourceE: 197| 13.2k|bool maybe_BER(DataSource& source) { 198| 13.2k| uint8_t first_u8 = 0; 199| 13.2k| if(source.peek_byte(first_u8) == 0) { ------------------ | Branch (199:7): [True: 1, False: 13.2k] ------------------ 200| 1| BOTAN_ASSERT_EQUAL(source.read_byte(first_u8), 0, "Expected EOF"); ------------------ | | 90| 1| do { \ | | 91| 1| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 92| 1| if((expr1) != (expr2)) { \ | | ------------------ | | | Branch (92:10): [True: 0, False: 1] | | ------------------ | | 93| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 94| 0| Botan::assertion_failure(#expr1 " == " #expr2, assertion_made, __func__, __FILE__, __LINE__); \ | | 95| 0| } \ | | 96| 1| } while(0) | | ------------------ | | | Branch (96:12): [Folded, False: 1] | | ------------------ ------------------ 201| 1| throw Stream_IO_Error("ASN1::maybe_BER: Source was empty"); 202| 1| } 203| | 204| 13.2k| const auto cons_seq = static_cast(ASN1_Class::Constructed) | static_cast(ASN1_Type::Sequence); 205| 13.2k| return first_u8 == cons_seq; 206| 13.2k|} _ZN5Botan3OID9from_nameENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 72| 4.96k|std::optional OID::from_name(std::string_view name) { 73| 4.96k| if(name.empty()) { ------------------ | Branch (73:7): [True: 0, False: 4.96k] ------------------ 74| 0| throw Invalid_Argument("OID::from_name argument must be non-empty"); 75| 0| } 76| | 77| 4.96k| OID o = OID_Map::global_registry().str2oid(name); 78| 4.96k| if(o.has_value()) { ------------------ | Branch (78:7): [True: 4.96k, False: 0] ------------------ 79| 4.96k| return std::optional(o); 80| 4.96k| } 81| | 82| 0| return std::nullopt; 83| 4.96k|} _ZN5Botan3OID11from_stringENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 86| 25.8k|OID OID::from_string(std::string_view str) { 87| 25.8k| if(str.empty()) { ------------------ | Branch (87:7): [True: 0, False: 25.8k] ------------------ 88| 0| throw Invalid_Argument("OID::from_string argument must be non-empty"); 89| 0| } 90| | 91| 25.8k| OID o = OID_Map::global_registry().str2oid(str); 92| 25.8k| if(o.has_value()) { ------------------ | Branch (92:7): [True: 25.8k, False: 0] ------------------ 93| 25.8k| return o; 94| 25.8k| } 95| | 96| | // Try to parse as a dotted decimal 97| 0| try { 98| 0| return OID(str); 99| 0| } catch(...) {} 100| | 101| 0| throw Lookup_Error(fmt("No OID associated with name '{}'", str)); 102| 0|} _ZN5Botan3OIDC2ESt16initializer_listIjE: 104| 101k|OID::OID(std::initializer_list init) : m_id(init) { 105| 101k| oid_valid_check(m_id); 106| 101k|} _ZNK5Botan3OID19to_formatted_stringEv: 139| 6.45k|std::string OID::to_formatted_string() const { 140| 6.45k| std::string s = this->human_name_or_empty(); 141| 6.45k| if(!s.empty()) { ------------------ | Branch (141:7): [True: 6.45k, False: 0] ------------------ 142| 6.45k| return s; 143| 6.45k| } 144| 0| return this->to_string(); 145| 6.45k|} _ZNK5Botan3OID19human_name_or_emptyEv: 147| 12.9k|std::string OID::human_name_or_empty() const { 148| 12.9k| return OID_Map::global_registry().oid2str(*this); 149| 12.9k|} _ZNK5Botan3OID7matchesESt16initializer_listIjE: 155| 12.9k|bool OID::matches(std::initializer_list other) const { 156| | // TODO: once all target compilers support it, use std::ranges::equal 157| 12.9k| return std::equal(m_id.begin(), m_id.end(), other.begin(), other.end()); 158| 12.9k|} _ZNK5Botan3OID9hash_codeEv: 160| 12.9k|uint64_t OID::hash_code() const { 161| | // If this is changed also update gen_oids.py to match 162| 12.9k| uint64_t hash = 0x621F302327D9A49A; 163| 77.5k| for(auto id : m_id) { ------------------ | Branch (163:16): [True: 77.5k, False: 12.9k] ------------------ 164| 77.5k| hash *= 193; 165| 77.5k| hash += id; 166| 77.5k| } 167| 12.9k| return hash; 168| 12.9k|} _ZN5BotanltERKNS_3OIDES2_: 173| 361k|bool operator<(const OID& a, const OID& b) { 174| 361k| const std::vector& oid1 = a.get_components(); 175| 361k| const std::vector& oid2 = b.get_components(); 176| | 177| 361k| return std::lexicographical_compare(oid1.begin(), oid1.end(), oid2.begin(), oid2.end()); 178| 361k|} _ZNK5Botan3OID11encode_intoERNS_11DER_EncoderE: 183| 25.1k|void OID::encode_into(DER_Encoder& der) const { 184| 25.1k| if(m_id.size() < 2) { ------------------ | Branch (184:7): [True: 0, False: 25.1k] ------------------ 185| 0| throw Invalid_Argument("OID::encode_into: OID is invalid"); 186| 0| } 187| | 188| 25.1k| auto append = [](std::vector& encoding, uint32_t z) { 189| 25.1k| if(z <= 0x7F) { 190| 25.1k| encoding.push_back(static_cast(z)); 191| 25.1k| } else { 192| 25.1k| const size_t z7 = (high_bit(z) + 7 - 1) / 7; 193| | 194| 25.1k| for(size_t j = 0; j != z7; ++j) { 195| 25.1k| uint8_t zp = static_cast(z >> (7 * (z7 - j - 1)) & 0x7F); 196| | 197| 25.1k| if(j != z7 - 1) { 198| 25.1k| zp |= 0x80; 199| 25.1k| } 200| | 201| 25.1k| encoding.push_back(zp); 202| 25.1k| } 203| 25.1k| } 204| 25.1k| }; 205| | 206| 25.1k| std::vector encoding; 207| | 208| | // We know 40 * root can't overflow because root is between 0 and 2 209| 25.1k| auto first = checked_add(40 * m_id[0], m_id[1]); 210| 25.1k| BOTAN_ASSERT_NOMSG(first.has_value()); ------------------ | | 77| 25.1k| do { \ | | 78| 25.1k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 25.1k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 25.1k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 25.1k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 25.1k] | | ------------------ ------------------ 211| | 212| 25.1k| append(encoding, *first); 213| | 214| 175k| for(size_t i = 2; i != m_id.size(); ++i) { ------------------ | Branch (214:22): [True: 150k, False: 25.1k] ------------------ 215| 150k| append(encoding, m_id[i]); 216| 150k| } 217| 25.1k| der.add_object(ASN1_Type::ObjectId, ASN1_Class::Universal, encoding); 218| 25.1k|} _ZN5Botan3OID11decode_fromERNS_11BER_DecoderE: 223| 97.1k|void OID::decode_from(BER_Decoder& decoder) { 224| 97.1k| const BER_Object obj = decoder.get_next_object(); 225| 97.1k| if(obj.tagging() != (ASN1_Class::Universal | ASN1_Type::ObjectId)) { ------------------ | Branch (225:7): [True: 19, False: 97.1k] ------------------ 226| 19| throw BER_Bad_Tag("Error decoding OID, unknown tag", obj.tagging()); 227| 19| } 228| | 229| 97.1k| if(obj.length() == 0) { ------------------ | Branch (229:7): [True: 1, False: 97.1k] ------------------ 230| 1| throw BER_Decoding_Error("OID encoding is too short"); 231| 1| } 232| | 233| 97.1k| auto consume = [](BufferSlicer& data) -> uint32_t { 234| 97.1k| BOTAN_ASSERT_NOMSG(!data.empty()); 235| 97.1k| uint32_t b = data.take_byte(); 236| | 237| 97.1k| if(b > 0x7F) { 238| 97.1k| b &= 0x7F; 239| | 240| | // Even BER requires that the OID have minimal length, ie that 241| | // the first byte of a multibyte encoding cannot be zero 242| | // See X.690 section 8.19.2 243| 97.1k| if(b == 0) { 244| 97.1k| throw Decoding_Error("Leading zero byte in multibyte OID encoding"); 245| 97.1k| } 246| | 247| 97.1k| while(true) { 248| 97.1k| if(data.empty()) { 249| 97.1k| throw Decoding_Error("Truncated OID value"); 250| 97.1k| } 251| | 252| 97.1k| const uint8_t next = data.take_byte(); 253| 97.1k| const bool more = (next & 0x80) == 0x80; 254| 97.1k| const uint8_t value = next & 0x7F; 255| | 256| 97.1k| if((b >> (32 - 7)) != 0) { 257| 97.1k| throw Decoding_Error("OID component overflow"); 258| 97.1k| } 259| | 260| 97.1k| b = (b << 7) | value; 261| | 262| 97.1k| if(!more) { 263| 97.1k| break; 264| 97.1k| } 265| 97.1k| } 266| 97.1k| } 267| | 268| 97.1k| return b; 269| 97.1k| }; 270| | 271| 97.1k| BufferSlicer data(obj.data()); 272| 97.1k| std::vector parts; 273| 472k| while(!data.empty()) { ------------------ | Branch (273:10): [True: 375k, False: 97.1k] ------------------ 274| 375k| const uint32_t comp = consume(data); 275| | 276| 375k| if(parts.empty()) { ------------------ | Branch (276:10): [True: 97.1k, False: 278k] ------------------ 277| | // divide into root and second arc 278| | 279| 97.1k| const uint32_t root_arc = [](uint32_t b0) -> uint32_t { 280| 97.1k| if(b0 < 40) { 281| 97.1k| return 0; 282| 97.1k| } else if(b0 < 80) { 283| 97.1k| return 1; 284| 97.1k| } else { 285| 97.1k| return 2; 286| 97.1k| } 287| 97.1k| }(comp); 288| | 289| 97.1k| parts.push_back(root_arc); 290| 97.1k| BOTAN_ASSERT_NOMSG(comp >= 40 * root_arc); ------------------ | | 77| 97.1k| do { \ | | 78| 97.1k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 97.1k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 97.1k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 97.1k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 97.1k] | | ------------------ ------------------ 291| 97.1k| parts.push_back(comp - 40 * root_arc); 292| 278k| } else { 293| 278k| parts.push_back(comp); 294| 278k| } 295| 375k| } 296| | 297| 97.1k| m_id = parts; 298| 97.1k|} asn1_oid.cpp:_ZN5Botan12_GLOBAL__N_115oid_valid_checkENSt3__14spanIKjLm18446744073709551615EEE: 26| 101k|void oid_valid_check(std::span oid) { 27| 101k| BOTAN_ARG_CHECK(oid.size() >= 2, "OID too short to be valid"); ------------------ | | 35| 101k| do { \ | | 36| 101k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 101k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 101k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 101k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 101k] | | ------------------ ------------------ 28| 101k| BOTAN_ARG_CHECK(oid[0] <= 2, "OID root out of range"); ------------------ | | 35| 101k| do { \ | | 36| 101k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 101k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 101k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 101k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 101k] | | ------------------ ------------------ 29| 101k| BOTAN_ARG_CHECK(oid[1] <= 39 || oid[0] == 2, "OID second arc too large"); ------------------ | | 35| 101k| do { \ | | 36| 101k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 101k| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 101k, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 101k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 101k] | | ------------------ ------------------ 30| | // This last is a limitation of using 32 bit integers when decoding 31| | // not a limitation of ASN.1 object identifiers in general 32| 101k| BOTAN_ARG_CHECK(oid[1] <= 0xFFFFFFAF, "OID second arc too large"); ------------------ | | 35| 101k| do { \ | | 36| 101k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 101k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 101k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 101k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 101k] | | ------------------ ------------------ 33| 101k|} asn1_oid.cpp:_ZZNK5Botan3OID11encode_intoERNS_11DER_EncoderEENK3$_0clERNSt3__16vectorIhNS4_9allocatorIhEEEEj: 188| 175k| auto append = [](std::vector& encoding, uint32_t z) { 189| 175k| if(z <= 0x7F) { ------------------ | Branch (189:10): [True: 137k, False: 37.8k] ------------------ 190| 137k| encoding.push_back(static_cast(z)); 191| 137k| } else { 192| 37.8k| const size_t z7 = (high_bit(z) + 7 - 1) / 7; 193| | 194| 119k| for(size_t j = 0; j != z7; ++j) { ------------------ | Branch (194:28): [True: 81.8k, False: 37.8k] ------------------ 195| 81.8k| uint8_t zp = static_cast(z >> (7 * (z7 - j - 1)) & 0x7F); 196| | 197| 81.8k| if(j != z7 - 1) { ------------------ | Branch (197:16): [True: 44.0k, False: 37.8k] ------------------ 198| 44.0k| zp |= 0x80; 199| 44.0k| } 200| | 201| 81.8k| encoding.push_back(zp); 202| 81.8k| } 203| 37.8k| } 204| 175k| }; asn1_oid.cpp:_ZZN5Botan3OID11decode_fromERNS_11BER_DecoderEENK3$_0clERNS_12BufferSlicerE: 233| 375k| auto consume = [](BufferSlicer& data) -> uint32_t { 234| 375k| BOTAN_ASSERT_NOMSG(!data.empty()); ------------------ | | 77| 375k| do { \ | | 78| 375k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 375k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 375k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 375k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 375k] | | ------------------ ------------------ 235| 375k| uint32_t b = data.take_byte(); 236| | 237| 375k| if(b > 0x7F) { ------------------ | Branch (237:10): [True: 64.7k, False: 310k] ------------------ 238| 64.7k| b &= 0x7F; 239| | 240| | // Even BER requires that the OID have minimal length, ie that 241| | // the first byte of a multibyte encoding cannot be zero 242| | // See X.690 section 8.19.2 243| 64.7k| if(b == 0) { ------------------ | Branch (243:13): [True: 1, False: 64.7k] ------------------ 244| 1| throw Decoding_Error("Leading zero byte in multibyte OID encoding"); 245| 1| } 246| | 247| 64.9k| while(true) { ------------------ | Branch (247:16): [True: 64.9k, Folded] ------------------ 248| 64.9k| if(data.empty()) { ------------------ | Branch (248:16): [True: 4, False: 64.9k] ------------------ 249| 4| throw Decoding_Error("Truncated OID value"); 250| 4| } 251| | 252| 64.9k| const uint8_t next = data.take_byte(); 253| 64.9k| const bool more = (next & 0x80) == 0x80; 254| 64.9k| const uint8_t value = next & 0x7F; 255| | 256| 64.9k| if((b >> (32 - 7)) != 0) { ------------------ | Branch (256:16): [True: 18, False: 64.9k] ------------------ 257| 18| throw Decoding_Error("OID component overflow"); 258| 18| } 259| | 260| 64.9k| b = (b << 7) | value; 261| | 262| 64.9k| if(!more) { ------------------ | Branch (262:16): [True: 64.7k, False: 203] ------------------ 263| 64.7k| break; 264| 64.7k| } 265| 64.9k| } 266| 64.7k| } 267| | 268| 375k| return b; 269| 375k| }; asn1_oid.cpp:_ZZN5Botan3OID11decode_fromERNS_11BER_DecoderEENK3$_1clEj: 279| 97.1k| const uint32_t root_arc = [](uint32_t b0) -> uint32_t { 280| 97.1k| if(b0 < 40) { ------------------ | Branch (280:16): [True: 114, False: 97.0k] ------------------ 281| 114| return 0; 282| 97.0k| } else if(b0 < 80) { ------------------ | Branch (282:23): [True: 32.3k, False: 64.6k] ------------------ 283| 32.3k| return 1; 284| 64.6k| } else { 285| 64.6k| return 2; 286| 64.6k| } 287| 97.1k| }(comp); _ZN5Botan11ASN1_StringC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEENS_9ASN1_TypeE: 135| 38.9k|ASN1_String::ASN1_String(std::string_view str, ASN1_Type t) : m_utf8_str(str), m_tag(t) { 136| 38.9k| if(!is_utf8_subset_string_type(m_tag)) { ------------------ | Branch (136:7): [True: 0, False: 38.9k] ------------------ 137| 0| throw Invalid_Argument("ASN1_String only supports encoding to UTF-8 or a UTF-8 subset"); 138| 0| } 139| | 140| 38.9k| if(!is_valid_asn1_string_content(m_utf8_str, m_tag)) { ------------------ | Branch (140:7): [True: 0, False: 38.9k] ------------------ 141| 0| throw Invalid_Argument(fmt("ASN1_String: Invalid {} encoding", asn1_tag_to_string(m_tag))); 142| 0| } 143| 38.9k|} _ZN5Botan11ASN1_StringC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 145| 38.9k|ASN1_String::ASN1_String(std::string_view str) : ASN1_String(str, choose_encoding(str)) {} _ZN5Botan11ASN1_String11decode_fromERNS_11BER_DecoderE: 162| 38.9k|void ASN1_String::decode_from(BER_Decoder& source) { 163| 38.9k| const BER_Object obj = source.get_next_object(); 164| | 165| 38.9k| if(obj.get_class() != ASN1_Class::Universal || !is_asn1_string_type(obj.type())) { ------------------ | Branch (165:7): [True: 18, False: 38.8k] | Branch (165:51): [True: 6, False: 38.8k] ------------------ 166| 15| auto typ = static_cast(obj.type()); 167| 15| auto cls = static_cast(obj.get_class()); 168| 15| throw Decoding_Error(fmt("ASN1_String: Unknown string type {}/{}", typ, cls)); 169| 15| } 170| | 171| 38.9k| m_tag = obj.type(); 172| 38.9k| m_data.assign(obj.bits(), obj.bits() + obj.length()); 173| | 174| 38.9k| if(m_tag == ASN1_Type::BmpString) { ------------------ | Branch (174:7): [True: 18, False: 38.8k] ------------------ 175| 18| m_utf8_str = ucs2_to_utf8(m_data.data(), m_data.size()); 176| 38.8k| } else if(m_tag == ASN1_Type::UniversalString) { ------------------ | Branch (176:14): [True: 48, False: 38.8k] ------------------ 177| 48| m_utf8_str = ucs4_to_utf8(m_data.data(), m_data.size()); 178| 38.8k| } else if(m_tag == ASN1_Type::TeletexString) { ------------------ | Branch (178:14): [True: 13, False: 38.8k] ------------------ 179| | /* 180| | TeletexString is nominally ITU T.61 not ISO-8859-1 but it seems 181| | the majority of implementations actually used that charset here. 182| | */ 183| 13| m_utf8_str = latin1_to_utf8(m_data.data(), m_data.size()); 184| 38.8k| } else { 185| | // All other supported string types are UTF-8 or some subset thereof 186| 38.8k| m_utf8_str = ASN1::to_string(obj); 187| | 188| 38.8k| if(!is_valid_asn1_string_content(m_utf8_str, m_tag)) { ------------------ | Branch (188:10): [True: 35, False: 38.7k] ------------------ 189| 35| throw Decoding_Error(fmt("ASN1_String: Invalid {} encoding", asn1_tag_to_string(m_tag))); 190| 35| } 191| 38.8k| } 192| 38.9k|} asn1_str.cpp:_ZN5Botan12_GLOBAL__N_119is_asn1_string_typeENS_9ASN1_TypeE: 99| 38.8k|bool is_asn1_string_type(ASN1_Type tag) { 100| 38.8k| return (is_utf8_subset_string_type(tag) || tag == ASN1_Type::TeletexString || tag == ASN1_Type::BmpString || ------------------ | Branch (100:12): [True: 38.8k, False: 85] | Branch (100:47): [True: 13, False: 72] | Branch (100:82): [True: 18, False: 54] ------------------ 101| 54| tag == ASN1_Type::UniversalString); ------------------ | Branch (101:12): [True: 48, False: 6] ------------------ 102| 38.8k|} asn1_str.cpp:_ZN5Botan12_GLOBAL__N_126is_utf8_subset_string_typeENS_9ASN1_TypeE: 94| 155k|bool is_utf8_subset_string_type(ASN1_Type tag) { 95| 155k| return (tag == ASN1_Type::NumericString || tag == ASN1_Type::PrintableString || tag == ASN1_Type::VisibleString || ------------------ | Branch (95:12): [True: 6, False: 155k] | Branch (95:47): [True: 129k, False: 26.0k] | Branch (95:84): [True: 12, False: 26.0k] ------------------ 96| 26.0k| tag == ASN1_Type::Ia5String || tag == ASN1_Type::Utf8String); ------------------ | Branch (96:12): [True: 10, False: 26.0k] | Branch (96:43): [True: 25.9k, False: 85] ------------------ 97| 155k|} asn1_str.cpp:_ZN5Botan12_GLOBAL__N_128is_valid_asn1_string_contentERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS_9ASN1_TypeE: 104| 77.7k|bool is_valid_asn1_string_content(const std::string& str, ASN1_Type tag) { 105| 77.7k| BOTAN_ASSERT_NOMSG(is_utf8_subset_string_type(tag)); ------------------ | | 77| 77.7k| do { \ | | 78| 77.7k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 77.7k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 77.7k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 77.7k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 77.7k] | | ------------------ ------------------ 106| | 107| 77.7k| switch(tag) { 108| 12.9k| case ASN1_Type::Utf8String: ------------------ | Branch (108:7): [True: 12.9k, False: 64.7k] ------------------ 109| 12.9k| return is_valid_utf8(str); 110| 3| case ASN1_Type::NumericString: ------------------ | Branch (110:7): [True: 3, False: 77.7k] ------------------ 111| 64.7k| case ASN1_Type::PrintableString: ------------------ | Branch (111:7): [True: 64.7k, False: 12.9k] ------------------ 112| 64.7k| case ASN1_Type::Ia5String: ------------------ | Branch (112:7): [True: 5, False: 77.7k] ------------------ 113| 64.7k| case ASN1_Type::VisibleString: ------------------ | Branch (113:7): [True: 6, False: 77.7k] ------------------ 114| 64.7k| return g_char_validator.valid_encoding(str, tag); 115| 0| default: ------------------ | Branch (115:7): [True: 0, False: 77.7k] ------------------ 116| 0| return false; 117| 77.7k| } 118| 77.7k|} asn1_str.cpp:_ZNK5Botan12_GLOBAL__N_131ASN1_String_Codepoint_Validator14valid_encodingENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEENS_9ASN1_TypeE: 25| 103k| constexpr bool valid_encoding(std::string_view str, ASN1_Type tag) const { 26| 103k| const uint8_t mask = mask_for(tag); 27| 103k| for(const char c : str) { ------------------ | Branch (27:27): [True: 90.4k, False: 103k] ------------------ 28| 90.4k| const uint8_t codepoint = static_cast(c); 29| 90.4k| const bool is_valid = (m_table[codepoint] & mask) != 0; 30| | 31| 90.4k| if(!is_valid) { ------------------ | Branch (31:16): [True: 7, False: 90.4k] ------------------ 32| 7| return false; 33| 7| } 34| 90.4k| } 35| | 36| 103k| return true; 37| 103k| } asn1_str.cpp:_ZN5Botan12_GLOBAL__N_131ASN1_String_Codepoint_Validator8mask_forENS_9ASN1_TypeE: 45| 103k| static constexpr uint8_t mask_for(ASN1_Type tag) { 46| 103k| switch(tag) { 47| 3| case ASN1_Type::NumericString: ------------------ | Branch (47:13): [True: 3, False: 103k] ------------------ 48| 3| return Numeric_String; 49| 103k| case ASN1_Type::PrintableString: ------------------ | Branch (49:13): [True: 103k, False: 14] ------------------ 50| 103k| return Printable_String; 51| 5| case ASN1_Type::Ia5String: ------------------ | Branch (51:13): [True: 5, False: 103k] ------------------ 52| 5| return IA5_String; 53| 6| case ASN1_Type::VisibleString: ------------------ | Branch (53:13): [True: 6, False: 103k] ------------------ 54| 6| return Visible_String; 55| 0| default: ------------------ | Branch (55:13): [True: 0, False: 103k] ------------------ 56| 0| return 0; 57| 103k| } 58| 103k| } asn1_str.cpp:_ZN5Botan12_GLOBAL__N_115choose_encodingENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 120| 38.9k|ASN1_Type choose_encoding(std::string_view str) { 121| 38.9k| if(g_char_validator.valid_encoding(str, ASN1_Type::PrintableString)) { ------------------ | Branch (121:7): [True: 38.9k, False: 0] ------------------ 122| 38.9k| return ASN1_Type::PrintableString; 123| 38.9k| } else { 124| 0| return ASN1_Type::Utf8String; 125| 0| } 126| 38.9k|} _ZN5Botan9ASN1_Time11decode_fromERNS_11BER_DecoderE: 59| 12.9k|void ASN1_Time::decode_from(BER_Decoder& source) { 60| 12.9k| const BER_Object ber_time = source.get_next_object(); 61| | 62| 12.9k| if(ber_time.get_class() != ASN1_Class::Universal || ------------------ | Branch (62:7): [True: 0, False: 12.9k] ------------------ 63| 12.9k| (ber_time.type() != ASN1_Type::UtcTime && ber_time.type() != ASN1_Type::GeneralizedTime)) { ------------------ | Branch (63:8): [True: 0, False: 12.9k] | Branch (63:49): [True: 0, False: 0] ------------------ 64| 0| throw Decoding_Error(fmt("ASN1_Time: Unexpected tag {}/{}", 65| 0| static_cast(ber_time.type()), 66| 0| static_cast(ber_time.get_class()))); 67| 0| } 68| | 69| 12.9k| try { 70| 12.9k| set_to(ASN1::to_string(ber_time), ber_time.type()); 71| 12.9k| } catch(Invalid_Argument& e) { 72| 0| throw Decoding_Error(fmt("Invalid ASN1_Time encoding: {}", e.what())); 73| 0| } 74| 12.9k|} _ZN5Botan9ASN1_Time6set_toENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEENS_9ASN1_TypeE: 176| 12.9k|void ASN1_Time::set_to(std::string_view t_spec, ASN1_Type spec_tag) { 177| 12.9k| BOTAN_ARG_CHECK(spec_tag == ASN1_Type::UtcTime || spec_tag == ASN1_Type::GeneralizedTime, ------------------ | | 35| 12.9k| do { \ | | 36| 12.9k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 12.9k| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 12.9k, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 12.9k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 12.9k] | | ------------------ ------------------ 178| 12.9k| "Invalid tag for ASN1_Time"); 179| | 180| 12.9k| if(spec_tag == ASN1_Type::GeneralizedTime) { ------------------ | Branch (180:7): [True: 0, False: 12.9k] ------------------ 181| 0| BOTAN_ARG_CHECK(t_spec.size() == 15, "Invalid GeneralizedTime input string"); ------------------ | | 35| 0| do { \ | | 36| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 0| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 0| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 0] | | ------------------ ------------------ 182| 12.9k| } else if(spec_tag == ASN1_Type::UtcTime) { ------------------ | Branch (182:14): [True: 12.9k, False: 0] ------------------ 183| 12.9k| BOTAN_ARG_CHECK(t_spec.size() == 13, "Invalid UTCTime input string"); ------------------ | | 35| 12.9k| do { \ | | 36| 12.9k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 12.9k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 12.9k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 12.9k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 12.9k] | | ------------------ ------------------ 184| 12.9k| } 185| | 186| 12.9k| BOTAN_ARG_CHECK(t_spec.back() == 'Z', "Botan does not support ASN1 times with timezones other than Z"); ------------------ | | 35| 12.9k| do { \ | | 36| 12.9k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 12.9k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 12.9k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 12.9k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 12.9k] | | ------------------ ------------------ 187| | 188| 12.9k| const size_t field_len = 2; 189| | 190| 12.9k| const size_t year_start = 0; 191| 12.9k| const size_t year_len = (spec_tag == ASN1_Type::UtcTime) ? 2 : 4; ------------------ | Branch (191:28): [True: 12.9k, False: 0] ------------------ 192| 12.9k| const size_t month_start = year_start + year_len; 193| 12.9k| const size_t day_start = month_start + field_len; 194| 12.9k| const size_t hour_start = day_start + field_len; 195| 12.9k| const size_t min_start = hour_start + field_len; 196| 12.9k| const size_t sec_start = min_start + field_len; 197| | 198| 12.9k| m_year = to_u32bit(t_spec.substr(year_start, year_len)); 199| 12.9k| m_month = to_u32bit(t_spec.substr(month_start, field_len)); 200| 12.9k| m_day = to_u32bit(t_spec.substr(day_start, field_len)); 201| 12.9k| m_hour = to_u32bit(t_spec.substr(hour_start, field_len)); 202| 12.9k| m_minute = to_u32bit(t_spec.substr(min_start, field_len)); 203| 12.9k| m_second = to_u32bit(t_spec.substr(sec_start, field_len)); 204| 12.9k| m_tag = spec_tag; 205| | 206| 12.9k| if(spec_tag == ASN1_Type::UtcTime) { ------------------ | Branch (206:7): [True: 12.9k, False: 0] ------------------ 207| 12.9k| if(m_year >= 50) { ------------------ | Branch (207:10): [True: 0, False: 12.9k] ------------------ 208| 0| m_year += 1900; 209| 12.9k| } else { 210| 12.9k| m_year += 2000; 211| 12.9k| } 212| 12.9k| } 213| | 214| 12.9k| if(!passes_sanity_check()) { ------------------ | Branch (214:7): [True: 0, False: 12.9k] ------------------ 215| 0| throw Invalid_Argument(fmt("ASN1_Time string '{}' does not seem to be valid", t_spec)); 216| 0| } 217| 12.9k|} _ZNK5Botan9ASN1_Time19passes_sanity_checkEv: 222| 12.9k|bool ASN1_Time::passes_sanity_check() const { 223| | // AppVeyor's trust store includes a cert with expiration date in 3016 ... 224| 12.9k| if(m_year < 1950 || m_year > 3100) { ------------------ | Branch (224:7): [True: 0, False: 12.9k] | Branch (224:24): [True: 0, False: 12.9k] ------------------ 225| 0| return false; 226| 0| } 227| 12.9k| if(m_month == 0 || m_month > 12) { ------------------ | Branch (227:7): [True: 0, False: 12.9k] | Branch (227:23): [True: 0, False: 12.9k] ------------------ 228| 0| return false; 229| 0| } 230| | 231| 12.9k| const uint32_t days_in_month[12] = {31, 28 + 1, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; 232| | 233| 12.9k| if(m_day == 0 || m_day > days_in_month[m_month - 1]) { ------------------ | Branch (233:7): [True: 0, False: 12.9k] | Branch (233:21): [True: 0, False: 12.9k] ------------------ 234| 0| return false; 235| 0| } 236| | 237| 12.9k| if(m_month == 2 && m_day == 29) { ------------------ | Branch (237:7): [True: 0, False: 12.9k] | Branch (237:23): [True: 0, False: 0] ------------------ 238| 0| if(m_year % 4 != 0) { ------------------ | Branch (238:10): [True: 0, False: 0] ------------------ 239| 0| return false; // not a leap year 240| 0| } 241| | 242| 0| if(m_year % 100 == 0 && m_year % 400 != 0) { ------------------ | Branch (242:10): [True: 0, False: 0] | Branch (242:31): [True: 0, False: 0] ------------------ 243| 0| return false; 244| 0| } 245| 0| } 246| | 247| 12.9k| if(m_hour >= 24 || m_minute >= 60 || m_second > 60) { ------------------ | Branch (247:7): [True: 0, False: 12.9k] | Branch (247:23): [True: 0, False: 12.9k] | Branch (247:41): [True: 0, False: 12.9k] ------------------ 248| 0| return false; 249| 0| } 250| | 251| 12.9k| if(m_tag == ASN1_Type::UtcTime) { ------------------ | Branch (251:7): [True: 12.9k, False: 0] ------------------ 252| | /* 253| | UTCTime limits the value of components such that leap seconds 254| | are not covered. See "UNIVERSAL 23" in "Information technology 255| | Abstract Syntax Notation One (ASN.1): Specification of basic notation" 256| | 257| | http://www.itu.int/ITU-T/studygroups/com17/languages/ 258| | */ 259| 12.9k| if(m_second > 59) { ------------------ | Branch (259:10): [True: 0, False: 12.9k] ------------------ 260| 0| return false; 261| 0| } 262| 12.9k| } 263| | 264| 12.9k| return true; 265| 12.9k|} _ZN5Botan11BER_DecoderD2Ev: 366| 299k|BER_Decoder::~BER_Decoder() = default; _ZNK5Botan11BER_Decoder10more_itemsEv: 371| 175k|bool BER_Decoder::more_items() const { 372| 175k| if(m_source->end_of_data() && !m_pushed.is_set()) { ------------------ | Branch (372:7): [True: 64.7k, False: 110k] | Branch (372:34): [True: 64.7k, False: 0] ------------------ 373| 64.7k| return false; 374| 64.7k| } 375| 110k| return true; 376| 175k|} _ZN5Botan11BER_Decoder10verify_endEv: 381| 71.0k|BER_Decoder& BER_Decoder::verify_end() { 382| 71.0k| return verify_end("BER_Decoder::verify_end called, but data remains"); 383| 71.0k|} _ZN5Botan11BER_Decoder10verify_endENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 388| 77.5k|BER_Decoder& BER_Decoder::verify_end(std::string_view err) { 389| 77.5k| if(!m_source->end_of_data() || m_pushed.is_set()) { ------------------ | Branch (389:7): [True: 15, False: 77.5k] | Branch (389:35): [True: 0, False: 77.5k] ------------------ 390| 15| throw Decoding_Error(err); 391| 15| } 392| 77.5k| return (*this); 393| 77.5k|} _ZN5Botan11BER_Decoder17discard_remainingEv: 398| 12.9k|BER_Decoder& BER_Decoder::discard_remaining() { 399| 12.9k| m_pushed = BER_Object(); 400| 12.9k| uint8_t buf = 0; 401| 12.9k| while(m_source->read_byte(buf) != 0) {} ------------------ | Branch (401:10): [True: 0, False: 12.9k] ------------------ 402| 12.9k| return (*this); 403| 12.9k|} _ZN5Botan11BER_Decoder14read_next_byteEv: 405| 3.43M|std::optional BER_Decoder::read_next_byte() { 406| 3.43M| BOTAN_ASSERT_NOMSG(m_source != nullptr); ------------------ | | 77| 3.43M| do { \ | | 78| 3.43M| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 3.43M| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 3.43M] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 3.43M| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 3.43M] | | ------------------ ------------------ 407| 3.43M| uint8_t b = 0; 408| 3.43M| if(m_source->read_byte(b) != 0) { ------------------ | Branch (408:7): [True: 3.38M, False: 45.6k] ------------------ 409| 3.38M| return b; 410| 3.38M| } else { 411| 45.6k| return {}; 412| 45.6k| } 413| 3.43M|} _ZN5Botan11BER_Decoder16peek_next_objectEv: 415| 12.9k|const BER_Object& BER_Decoder::peek_next_object() { 416| 12.9k| if(!m_pushed.is_set()) { ------------------ | Branch (416:7): [True: 12.9k, False: 0] ------------------ 417| 12.9k| m_pushed = get_next_object(); 418| 12.9k| } 419| | 420| 12.9k| return m_pushed; 421| 12.9k|} _ZN5Botan11BER_Decoder15get_next_objectEv: 426| 563k|BER_Object BER_Decoder::get_next_object() { 427| 563k| BER_Object next; 428| | 429| 563k| if(m_pushed.is_set()) { ------------------ | Branch (429:7): [True: 64.6k, False: 499k] ------------------ 430| 64.6k| std::swap(next, m_pushed); 431| 64.6k| return next; 432| 64.6k| } 433| | 434| 499k| for(;;) { 435| 499k| ASN1_Type type_tag = ASN1_Type::NoObject; 436| 499k| ASN1_Class class_tag = ASN1_Class::NoObject; 437| 499k| decode_tag(m_source, type_tag, class_tag); 438| 499k| next.set_tagging(type_tag, class_tag); 439| 499k| if(next.is_set() == false) { // no more objects ------------------ | Branch (439:10): [True: 12.9k, False: 486k] ------------------ 440| 12.9k| return next; 441| 12.9k| } 442| | 443| 486k| const size_t allow_indef = m_limits.allow_ber_encoding() ? m_limits.max_nested_indefinite_length() : 0; ------------------ | Branch (443:34): [True: 0, False: 486k] ------------------ 444| 486k| const bool der_mode = m_limits.require_der_encoding(); 445| 486k| const auto dl = decode_length(m_source, allow_indef, der_mode, is_constructed(class_tag)); 446| | 447| | // Per X.690 8.1.5 the only valid EOC encoding is the two-octet 448| | // sequence 0x00 0x00. Reject any other length encoding on a tag of 449| | // (Eoc, Universal) before we consume the "content" bytes. 450| 486k| if(type_tag == ASN1_Type::Eoc && class_tag == ASN1_Class::Universal && ------------------ | Branch (450:10): [True: 12.9k, False: 473k] | Branch (450:40): [True: 30, False: 12.9k] ------------------ 451| 30| (dl.content_length() != 0 || dl.indefinite_length())) { ------------------ | Branch (451:11): [True: 20, False: 10] | Branch (451:39): [True: 0, False: 10] ------------------ 452| 20| throw BER_Decoding_Error("EOC marker with non-zero length"); 453| 20| } 454| | 455| 486k| if(!m_source->check_available(dl.total_length())) { ------------------ | Branch (455:10): [True: 101, False: 486k] ------------------ 456| 101| throw BER_Decoding_Error("Value truncated"); 457| 101| } 458| | 459| 486k| uint8_t* out = next.mutable_bits(dl.content_length()); 460| 486k| if(m_source->read(out, dl.content_length()) != dl.content_length()) { ------------------ | Branch (460:10): [True: 0, False: 486k] ------------------ 461| 0| throw BER_Decoding_Error("Value truncated"); 462| 0| } 463| | 464| 486k| if(dl.indefinite_length()) { ------------------ | Branch (464:10): [True: 0, False: 486k] ------------------ 465| | // After reading the data consume the 2-byte EOC 466| 0| uint8_t eoc[2] = {0xFF, 0xFF}; 467| 0| if(m_source->read(eoc, 2) != 2 || eoc[0] != 0x00 || eoc[1] != 0x00) { ------------------ | Branch (467:13): [True: 0, False: 0] | Branch (467:44): [True: 0, False: 0] | Branch (467:62): [True: 0, False: 0] ------------------ 468| 0| throw BER_Decoding_Error("Missing or malformed EOC marker"); 469| 0| } 470| 0| } 471| | 472| 486k| if(next.tagging() == static_cast(ASN1_Type::Eoc)) { ------------------ | Branch (472:10): [True: 10, False: 486k] ------------------ 473| 10| if(m_limits.require_der_encoding()) { ------------------ | Branch (473:13): [True: 10, False: 0] ------------------ 474| 10| throw BER_Decoding_Error("Detected EOC marker in DER structure"); 475| 10| } 476| 0| continue; 477| 486k| } else { 478| 486k| break; 479| 486k| } 480| 486k| } 481| | 482| 486k| return next; 483| 499k|} _ZN5Botan11BER_Decoder9push_backEONS_10BER_ObjectE: 507| 64.6k|void BER_Decoder::push_back(BER_Object&& obj) { 508| 64.6k| if(m_pushed.is_set()) { ------------------ | Branch (508:7): [True: 0, False: 64.6k] ------------------ 509| 0| throw Invalid_State("BER_Decoder: Only one push back is allowed"); 510| 0| } 511| 64.6k| m_pushed = std::move(obj); 512| 64.6k|} _ZN5Botan11BER_Decoder10start_consENS_9ASN1_TypeENS_10ASN1_ClassE: 514| 201k|BER_Decoder BER_Decoder::start_cons(ASN1_Type type_tag, ASN1_Class class_tag) { 515| 201k| BER_Object obj = get_next_object(); 516| 201k| obj.assert_is_a(type_tag, class_tag | ASN1_Class::Constructed); 517| 201k| BER_Decoder child(std::move(obj), this); 518| 201k| return child; 519| 201k|} _ZN5Botan11BER_Decoder8end_consEv: 524| 149k|BER_Decoder& BER_Decoder::end_cons() { 525| 149k| if(m_parent == nullptr) { ------------------ | Branch (525:7): [True: 0, False: 149k] ------------------ 526| 0| throw Invalid_State("BER_Decoder::end_cons called with null parent"); 527| 0| } 528| 149k| if(!m_source->end_of_data() || m_pushed.is_set()) { ------------------ | Branch (528:7): [True: 29, False: 149k] | Branch (528:35): [True: 0, False: 149k] ------------------ 529| 29| throw Decoding_Error("BER_Decoder::end_cons called with data left"); 530| 29| } 531| 149k| return (*m_parent); 532| 149k|} _ZN5Botan11BER_DecoderC2EONS_10BER_ObjectEPS0_: 535| 201k| m_limits(parent != nullptr ? parent->limits() : BER_Decoder::Limits::BER()), m_parent(parent) { ------------------ | Branch (535:16): [True: 201k, False: 0] ------------------ 536| 201k| m_data_src = std::make_unique(std::move(obj)); 537| 201k| m_source = m_data_src.get(); 538| 201k|} _ZN5Botan11BER_DecoderC2ERNS_10DataSourceENS0_6LimitsE: 543| 6.71k|BER_Decoder::BER_Decoder(DataSource& src, Limits limits) : m_limits(limits), m_source(&src) {} _ZN5Botan11BER_DecoderC2ENSt3__14spanIKhLm18446744073709551615EEENS0_6LimitsE: 548| 90.9k|BER_Decoder::BER_Decoder(std::span buf, Limits limits) : m_limits(limits) { 549| 90.9k| m_data_src = std::make_unique(buf); 550| 90.9k| m_source = m_data_src.get(); 551| 90.9k|} _ZN5Botan11BER_Decoder6decodeERNS_11ASN1_ObjectENS_9ASN1_TypeENS_10ASN1_ClassE: 560| 201k|BER_Decoder& BER_Decoder::decode(ASN1_Object& obj, ASN1_Type /*unused*/, ASN1_Class /*unused*/) { 561| 201k| obj.decode_from(*this); 562| 201k| return (*this); 563| 201k|} _ZN5Botan11BER_Decoder6decodeERbNS_9ASN1_TypeENS_10ASN1_ClassE: 587| 6.45k|BER_Decoder& BER_Decoder::decode(bool& out, ASN1_Type type_tag, ASN1_Class class_tag) { 588| 6.45k| const BER_Object obj = get_next_object(); 589| 6.45k| obj.assert_is_a(type_tag, class_tag); 590| | 591| 6.45k| if(obj.length() != 1) { ------------------ | Branch (591:7): [True: 0, False: 6.45k] ------------------ 592| 0| throw BER_Decoding_Error("BER boolean value had invalid size"); 593| 0| } 594| | 595| 6.45k| const uint8_t val = obj.bits()[0]; 596| | 597| | // DER requires boolean values to be exactly 0x00 or 0xFF 598| 6.45k| if(m_limits.require_der_encoding() && val != 0x00 && val != 0xFF) { ------------------ | Branch (598:7): [True: 6.45k, False: 0] | Branch (598:42): [True: 6.45k, False: 0] | Branch (598:57): [True: 0, False: 6.45k] ------------------ 599| 0| throw BER_Decoding_Error("Detected non-canonical boolean encoding in DER structure"); 600| 0| } 601| | 602| 6.45k| out = (val != 0) ? true : false; ------------------ | Branch (602:10): [True: 6.45k, False: 0] ------------------ 603| | 604| 6.45k| return (*this); 605| 6.45k|} _ZN5Botan11BER_Decoder6decodeERmNS_9ASN1_TypeENS_10ASN1_ClassE: 610| 19.3k|BER_Decoder& BER_Decoder::decode(size_t& out, ASN1_Type type_tag, ASN1_Class class_tag) { 611| 19.3k| BigInt integer; 612| 19.3k| decode(integer, type_tag, class_tag); 613| | 614| 19.3k| if(integer.signum() < 0) { ------------------ | Branch (614:7): [True: 0, False: 19.3k] ------------------ 615| 0| throw BER_Decoding_Error("Decoded small integer value was negative"); 616| 0| } 617| | 618| 19.3k| if(integer.bits() > 32) { ------------------ | Branch (618:7): [True: 0, False: 19.3k] ------------------ 619| 0| throw BER_Decoding_Error("Decoded integer value larger than expected"); 620| 0| } 621| | 622| 19.3k| out = 0; 623| 96.8k| for(size_t i = 0; i != 4; ++i) { ------------------ | Branch (623:22): [True: 77.4k, False: 19.3k] ------------------ 624| 77.4k| out = (out << 8) | integer.byte_at(3 - i); 625| 77.4k| } 626| | 627| 19.3k| return (*this); 628| 19.3k|} _ZN5Botan11BER_Decoder6decodeERNS_6BigIntENS_9ASN1_TypeENS_10ASN1_ClassE: 660| 25.8k|BER_Decoder& BER_Decoder::decode(BigInt& out, ASN1_Type type_tag, ASN1_Class class_tag) { 661| 25.8k| const BER_Object obj = get_next_object(); 662| 25.8k| obj.assert_is_a(type_tag, class_tag); 663| | 664| | // DER requires minimal INTEGER encoding (X.690 section 8.3.2) 665| 25.8k| if(m_limits.require_der_encoding()) { ------------------ | Branch (665:7): [True: 25.8k, False: 32] ------------------ 666| 25.8k| if(obj.length() == 0) { ------------------ | Branch (666:10): [True: 1, False: 25.8k] ------------------ 667| 1| throw BER_Decoding_Error("Detected empty INTEGER encoding in DER structure"); 668| 1| } 669| 25.8k| if(obj.length() > 1) { ------------------ | Branch (669:10): [True: 6.48k, False: 19.3k] ------------------ 670| 6.48k| if(obj.bits()[0] == 0x00 && (obj.bits()[1] & 0x80) == 0) { ------------------ | Branch (670:13): [True: 6.46k, False: 21] | Branch (670:38): [True: 2, False: 6.45k] ------------------ 671| 2| throw BER_Decoding_Error("Detected non-minimal INTEGER encoding in DER structure"); 672| 2| } 673| 6.48k| if(obj.bits()[0] == 0xFF && (obj.bits()[1] & 0x80) != 0) { ------------------ | Branch (673:13): [True: 12, False: 6.46k] | Branch (673:38): [True: 5, False: 7] ------------------ 674| 5| throw BER_Decoding_Error("Detected non-minimal INTEGER encoding in DER structure"); 675| 5| } 676| 6.48k| } 677| 25.8k| } 678| | 679| 25.8k| if(obj.length() == 0) { ------------------ | Branch (679:7): [True: 0, False: 25.8k] ------------------ 680| 0| out.clear(); 681| 25.8k| } else { 682| 25.8k| const uint8_t first = obj.bits()[0]; 683| 25.8k| const bool negative = (first & 0x80) == 0x80; 684| | 685| 25.8k| if(negative) { ------------------ | Branch (685:10): [True: 16, False: 25.8k] ------------------ 686| 16| secure_vector vec(obj.bits(), obj.bits() + obj.length()); 687| 34| for(size_t i = obj.length(); i > 0; --i) { ------------------ | Branch (687:39): [True: 34, False: 0] ------------------ 688| 34| const bool gt0 = (vec[i - 1] > 0); 689| 34| vec[i - 1] -= 1; 690| 34| if(gt0) { ------------------ | Branch (690:16): [True: 16, False: 18] ------------------ 691| 16| break; 692| 16| } 693| 34| } 694| 84| for(size_t i = 0; i != obj.length(); ++i) { ------------------ | Branch (694:28): [True: 68, False: 16] ------------------ 695| 68| vec[i] = ~vec[i]; 696| 68| } 697| 16| out._assign_from_bytes(vec); 698| 16| out.flip_sign(); 699| 25.8k| } else { 700| 25.8k| out._assign_from_bytes(obj.data()); 701| 25.8k| } 702| 25.8k| } 703| | 704| 25.8k| return (*this); 705| 25.8k|} _ZN5Botan11BER_Decoder6decodeERNSt3__16vectorIhNS_16secure_allocatorIhEEEENS_9ASN1_TypeES7_NS_10ASN1_ClassE: 769| 19.3k| ASN1_Class class_tag) { 770| 19.3k| if(real_type != ASN1_Type::OctetString && real_type != ASN1_Type::BitString) { ------------------ | Branch (770:7): [True: 6.45k, False: 12.9k] | Branch (770:46): [True: 0, False: 6.45k] ------------------ 771| 0| throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", static_cast(real_type)); 772| 0| } 773| | 774| 19.3k| asn1_decode_binary_string( 775| 19.3k| buffer, get_next_object(), real_type, type_tag, class_tag, m_limits.require_der_encoding()); 776| 19.3k| return (*this); 777| 19.3k|} _ZN5Botan11BER_Decoder6decodeERNSt3__16vectorIhNS1_9allocatorIhEEEENS_9ASN1_TypeES7_NS_10ASN1_ClassE: 782| 51.7k| ASN1_Class class_tag) { 783| 51.7k| if(real_type != ASN1_Type::OctetString && real_type != ASN1_Type::BitString) { ------------------ | Branch (783:7): [True: 13.0k, False: 38.7k] | Branch (783:46): [True: 0, False: 13.0k] ------------------ 784| 0| throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", static_cast(real_type)); 785| 0| } 786| | 787| 51.7k| asn1_decode_binary_string( 788| 51.7k| buffer, get_next_object(), real_type, type_tag, class_tag, m_limits.require_der_encoding()); 789| 51.7k| return (*this); 790| 51.7k|} ber_dec.cpp:_ZN5Botan12_GLOBAL__N_110decode_tagEPNS_10DataSourceERNS_9ASN1_TypeERNS_10ASN1_ClassE: 27| 499k|size_t decode_tag(DataSource* ber, ASN1_Type& type_tag, ASN1_Class& class_tag) { 28| 499k| auto b = ber->read_byte(); 29| | 30| 499k| if(!b) { ------------------ | Branch (30:7): [True: 12.9k, False: 486k] ------------------ 31| 12.9k| type_tag = ASN1_Type::NoObject; 32| 12.9k| class_tag = ASN1_Class::NoObject; 33| 12.9k| return 0; 34| 12.9k| } 35| | 36| 486k| if((*b & 0x1F) != 0x1F) { ------------------ | Branch (36:7): [True: 486k, False: 162] ------------------ 37| 486k| type_tag = ASN1_Type(*b & 0x1F); 38| 486k| class_tag = ASN1_Class(*b & 0xE0); 39| 486k| return 1; 40| 486k| } 41| | 42| 162| size_t tag_bytes = 1; 43| 162| class_tag = ASN1_Class(*b & 0xE0); 44| | 45| 162| uint32_t tag_buf = 0; 46| 563| while(true) { ------------------ | Branch (46:10): [True: 563, Folded] ------------------ 47| 563| b = ber->read_byte(); 48| 563| if(!b) { ------------------ | Branch (48:10): [True: 6, False: 557] ------------------ 49| 6| throw BER_Decoding_Error("Long-form tag truncated"); 50| 6| } 51| 557| if((tag_buf >> 24) != 0) { ------------------ | Branch (51:10): [True: 9, False: 548] ------------------ 52| 9| throw BER_Decoding_Error("Long-form tag overflowed 32 bits"); 53| 9| } 54| | // This is required even by BER (see X.690 section 8.1.2.4.2 sentence c). 55| | // Bits 7-1 of the first subsequent octet must not be all zero; this rules 56| | // out both 0x80 (continuation with no data) and 0x00 (a long-form encoding 57| | // of tag value 0, which collides with the EOC marker). 58| 548| if(tag_bytes == 1 && (*b & 0x7F) == 0) { ------------------ | Branch (58:10): [True: 162, False: 386] | Branch (58:28): [True: 1, False: 161] ------------------ 59| 1| throw BER_Decoding_Error("Long form tag with leading zero"); 60| 1| } 61| 547| ++tag_bytes; 62| 547| tag_buf = (tag_buf << 7) | (*b & 0x7F); 63| 547| if((*b & 0x80) == 0) { ------------------ | Branch (63:10): [True: 146, False: 401] ------------------ 64| 146| break; 65| 146| } 66| 547| } 67| | // Per X.690 8.1.2.2, tag values 0-30 shall be encoded in the short form. 68| | // Long-form encoding is reserved for tag values >= 31 (X.690 8.1.2.3). 69| | // This is unconditional and applies to BER as well as DER. 70| 146| if(tag_buf <= 30) { ------------------ | Branch (70:7): [True: 4, False: 142] ------------------ 71| 4| throw BER_Decoding_Error("Long-form tag encoding used for small tag value"); 72| 4| } 73| | 74| 142| if(tag_buf == static_cast(ASN1_Type::NoObject)) { ------------------ | Branch (74:7): [True: 1, False: 141] ------------------ 75| 1| throw BER_Decoding_Error("Tag value collides with internal sentinel"); 76| 1| } 77| | 78| | // NOLINTNEXTLINE(clang-analyzer-optin.core.EnumCastOutOfRange) 79| 141| type_tag = ASN1_Type(tag_buf); 80| 141| return tag_bytes; 81| 142|} ber_dec.cpp:_ZN5Botan12_GLOBAL__N_113decode_lengthEPNS_10DataSourceEmbb: 126| 486k|BerDecodedLength decode_length(DataSource* ber, size_t allow_indef, bool der_mode, bool constructed) { 127| 486k| uint8_t b = 0; 128| 486k| if(ber->read_byte(b) == 0) { ------------------ | Branch (128:7): [True: 32, False: 486k] ------------------ 129| 32| throw BER_Decoding_Error("Length field not found"); 130| 32| } 131| 486k| if((b & 0x80) == 0) { ------------------ | Branch (131:7): [True: 466k, False: 19.4k] ------------------ 132| 466k| return BerDecodedLength(b, 1); 133| 466k| } 134| | 135| 19.4k| const size_t num_length_bytes = (b & 0x7F); 136| 19.4k| if(num_length_bytes > 4) { ------------------ | Branch (136:7): [True: 15, False: 19.4k] ------------------ 137| 15| throw BER_Decoding_Error("Length field is too large"); 138| 15| } 139| | 140| 19.4k| const size_t field_size = 1 + num_length_bytes; 141| | 142| 19.4k| if(num_length_bytes == 0) { ------------------ | Branch (142:7): [True: 11, False: 19.4k] ------------------ 143| 11| if(der_mode) { ------------------ | Branch (143:10): [True: 11, False: 0] ------------------ 144| 11| throw BER_Decoding_Error("Detected indefinite-length encoding in DER structure"); 145| 11| } else if(!constructed) { ------------------ | Branch (145:17): [True: 0, False: 0] ------------------ 146| | // Indefinite length is only valid for constructed types (X.690 8.1.3.2) 147| 0| throw BER_Decoding_Error("Indefinite-length encoding used with non-constructed type"); 148| 0| } else if(allow_indef == 0) { ------------------ | Branch (148:17): [True: 0, False: 0] ------------------ 149| 0| throw BER_Decoding_Error("Nested EOC markers too deep, rejecting to avoid stack exhaustion"); 150| 0| } else { 151| | // find_eoc returns bytes up to and including the EOC marker. 152| | // Return the content length; the caller consumes the EOC separately. 153| 0| const size_t eoc_len = find_eoc(ber, /*base_offset=*/0, allow_indef - 1); 154| 0| if(eoc_len < 2) { ------------------ | Branch (154:13): [True: 0, False: 0] ------------------ 155| 0| throw BER_Decoding_Error("Invalid EOC encoding"); 156| 0| } 157| 0| return BerDecodedLength::indefinite(eoc_len - 2, field_size); 158| 0| } 159| 11| } 160| | 161| 19.4k| size_t length = 0; 162| | 163| 52.0k| for(size_t i = 0; i != num_length_bytes; ++i) { ------------------ | Branch (163:22): [True: 32.5k, False: 19.4k] ------------------ 164| 32.5k| if(ber->read_byte(b) == 0) { ------------------ | Branch (164:10): [True: 1, False: 32.5k] ------------------ 165| 1| throw BER_Decoding_Error("Corrupted length field"); 166| 1| } 167| | // Can't overflow since we already checked that num_length_bytes <= 4 168| 32.5k| length = (length << 8) | b; 169| 32.5k| } 170| | 171| | // DER requires shortest possible length encoding 172| 19.4k| if(der_mode) { ------------------ | Branch (172:7): [True: 19.4k, False: 0] ------------------ 173| 19.4k| if(length < 128) { ------------------ | Branch (173:10): [True: 6, False: 19.4k] ------------------ 174| 6| throw BER_Decoding_Error("Detected non-canonical length encoding in DER structure"); 175| 6| } 176| 19.4k| if(num_length_bytes > 1 && length < (size_t(1) << ((num_length_bytes - 1) * 8))) { ------------------ | Branch (176:10): [True: 12.9k, False: 6.46k] | Branch (176:34): [True: 1, False: 12.9k] ------------------ 177| 1| throw BER_Decoding_Error("Detected non-canonical length encoding in DER structure"); 178| 1| } 179| 19.4k| } 180| | 181| 19.4k| return BerDecodedLength(length, field_size); 182| 19.4k|} ber_dec.cpp:_ZN5Botan12_GLOBAL__N_116BerDecodedLengthC2Emm: 99| 486k| BerDecodedLength(content_length, field_length, false) {} ber_dec.cpp:_ZN5Botan12_GLOBAL__N_116BerDecodedLengthC2Emmb: 116| 486k| m_content_length(content_length), m_field_length(field_length), m_indefinite(indefinite) {} ber_dec.cpp:_ZN5Botan12_GLOBAL__N_114is_constructedENS_10ASN1_ClassE: 20| 557k|bool is_constructed(ASN1_Class class_tag) { 21| 557k| return (static_cast(class_tag) & static_cast(ASN1_Class::Constructed)) != 0; 22| 557k|} ber_dec.cpp:_ZNK5Botan12_GLOBAL__N_116BerDecodedLength14content_lengthEv: 105| 1.45M| size_t content_length() const { return m_content_length; } ber_dec.cpp:_ZNK5Botan12_GLOBAL__N_116BerDecodedLength17indefinite_lengthEv: 112| 486k| bool indefinite_length() const { return m_indefinite; } ber_dec.cpp:_ZNK5Botan12_GLOBAL__N_116BerDecodedLength12total_lengthEv: 108| 486k| size_t total_length() const { return m_indefinite ? m_content_length + 2 : m_content_length; } ------------------ | Branch (108:44): [True: 0, False: 486k] ------------------ ber_dec.cpp:_ZN5Botan12_GLOBAL__N_120DataSource_BERObjectC2EONS_10BER_ObjectE: 357| 201k| explicit DataSource_BERObject(BER_Object&& obj) : m_obj(std::move(obj)) {} ber_dec.cpp:_ZN5Botan12_GLOBAL__N_120DataSource_BERObject4readEPhm: 327| 4.40M| size_t read(uint8_t out[], size_t length) override { 328| 4.40M| BOTAN_ASSERT_NOMSG(m_offset <= m_obj.length()); ------------------ | | 77| 4.40M| do { \ | | 78| 4.40M| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 4.40M| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 4.40M] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 4.40M| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 4.40M] | | ------------------ ------------------ 329| 4.40M| const size_t got = std::min(m_obj.length() - m_offset, length); 330| 4.40M| copy_mem(out, m_obj.bits() + m_offset, got); 331| 4.40M| m_offset += got; 332| 4.40M| return got; 333| 4.40M| } ber_dec.cpp:_ZN5Botan12_GLOBAL__N_120DataSource_BERObject15check_availableEm: 348| 311k| bool check_available(size_t n) override { 349| 311k| BOTAN_ASSERT_NOMSG(m_offset <= m_obj.length()); ------------------ | | 77| 311k| do { \ | | 78| 311k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 311k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 311k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 311k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 311k] | | ------------------ ------------------ 350| 311k| return (n <= (m_obj.length() - m_offset)); 351| 311k| } ber_dec.cpp:_ZNK5Botan12_GLOBAL__N_120DataSource_BERObject11end_of_dataEv: 353| 278k| bool end_of_data() const override { return get_bytes_read() == m_obj.length(); } ber_dec.cpp:_ZNK5Botan12_GLOBAL__N_120DataSource_BERObject14get_bytes_readEv: 355| 278k| size_t get_bytes_read() const override { return m_offset; } ber_dec.cpp:_ZN5Botan12_GLOBAL__N_125asn1_decode_binary_stringINS_16secure_allocatorIhEEEEvRNSt3__16vectorIhT_EERKNS_10BER_ObjectENS_9ASN1_TypeESC_NS_10ASN1_ClassEb: 719| 19.3k| bool require_der) { 720| 19.3k| obj.assert_is_a(type_tag, class_tag); 721| | 722| | // DER requires BIT STRING and OCTET STRING to use primitive encoding 723| 19.3k| if(require_der && is_constructed(obj)) { ------------------ | Branch (723:7): [True: 19.3k, False: 0] | Branch (723:22): [True: 0, False: 19.3k] ------------------ 724| 0| throw BER_Decoding_Error("Detected constructed string encoding in DER structure"); 725| 0| } 726| | 727| 19.3k| if(real_type == ASN1_Type::OctetString) { ------------------ | Branch (727:7): [True: 12.9k, False: 6.45k] ------------------ 728| 12.9k| buffer.assign(obj.bits(), obj.bits() + obj.length()); 729| 12.9k| } else { 730| 6.45k| if(obj.length() == 0) { ------------------ | Branch (730:10): [True: 0, False: 6.45k] ------------------ 731| 0| throw BER_Decoding_Error("Invalid BIT STRING"); 732| 0| } 733| | 734| 6.45k| const uint8_t unused_bits = obj.bits()[0]; 735| | 736| 6.45k| if(unused_bits >= 8) { ------------------ | Branch (736:10): [True: 0, False: 6.45k] ------------------ 737| 0| throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); 738| 0| } 739| | 740| | // Empty BIT STRING with unused bits > 0 ... 741| 6.45k| if(unused_bits > 0 && obj.length() < 2) { ------------------ | Branch (741:10): [True: 0, False: 6.45k] | Branch (741:29): [True: 0, False: 0] ------------------ 742| 0| throw BER_Decoding_Error("Invalid BIT STRING"); 743| 0| } 744| | 745| | // DER requires unused bits in BIT STRING to be zero (X.690 section 11.2.2) 746| 6.45k| if(require_der && unused_bits > 0) { ------------------ | Branch (746:10): [True: 6.45k, False: 0] | Branch (746:25): [True: 0, False: 6.45k] ------------------ 747| 0| const uint8_t last_byte = obj.bits()[obj.length() - 1]; 748| 0| if((last_byte & ((1 << unused_bits) - 1)) != 0) { ------------------ | Branch (748:13): [True: 0, False: 0] ------------------ 749| 0| throw BER_Decoding_Error("Detected non-zero padding bits in BIT STRING in DER structure"); 750| 0| } 751| 0| } 752| | 753| 6.45k| buffer.resize(obj.length() - 1); 754| | 755| 6.45k| if(obj.length() > 1) { ------------------ | Branch (755:10): [True: 6.45k, False: 0] ------------------ 756| 6.45k| copy_mem(buffer.data(), obj.bits() + 1, obj.length() - 1); 757| 6.45k| } 758| 6.45k| } 759| 19.3k|} ber_dec.cpp:_ZN5Botan12_GLOBAL__N_114is_constructedERKNS_10BER_ObjectE: 709| 71.1k|bool is_constructed(const BER_Object& obj) { 710| 71.1k| return is_constructed(obj.class_tag()); 711| 71.1k|} ber_dec.cpp:_ZN5Botan12_GLOBAL__N_125asn1_decode_binary_stringINSt3__19allocatorIhEEEEvRNS2_6vectorIhT_EERKNS_10BER_ObjectENS_9ASN1_TypeESC_NS_10ASN1_ClassEb: 719| 51.7k| bool require_der) { 720| 51.7k| obj.assert_is_a(type_tag, class_tag); 721| | 722| | // DER requires BIT STRING and OCTET STRING to use primitive encoding 723| 51.7k| if(require_der && is_constructed(obj)) { ------------------ | Branch (723:7): [True: 51.7k, False: 15] | Branch (723:22): [True: 0, False: 51.7k] ------------------ 724| 0| throw BER_Decoding_Error("Detected constructed string encoding in DER structure"); 725| 0| } 726| | 727| 51.7k| if(real_type == ASN1_Type::OctetString) { ------------------ | Branch (727:7): [True: 38.7k, False: 13.0k] ------------------ 728| 38.7k| buffer.assign(obj.bits(), obj.bits() + obj.length()); 729| 38.7k| } else { 730| 13.0k| if(obj.length() == 0) { ------------------ | Branch (730:10): [True: 4, False: 13.0k] ------------------ 731| 4| throw BER_Decoding_Error("Invalid BIT STRING"); 732| 4| } 733| | 734| 13.0k| const uint8_t unused_bits = obj.bits()[0]; 735| | 736| 13.0k| if(unused_bits >= 8) { ------------------ | Branch (736:10): [True: 4, False: 12.9k] ------------------ 737| 4| throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); 738| 4| } 739| | 740| | // Empty BIT STRING with unused bits > 0 ... 741| 12.9k| if(unused_bits > 0 && obj.length() < 2) { ------------------ | Branch (741:10): [True: 20, False: 12.9k] | Branch (741:29): [True: 2, False: 18] ------------------ 742| 2| throw BER_Decoding_Error("Invalid BIT STRING"); 743| 2| } 744| | 745| | // DER requires unused bits in BIT STRING to be zero (X.690 section 11.2.2) 746| 12.9k| if(require_der && unused_bits > 0) { ------------------ | Branch (746:10): [True: 12.9k, False: 15] | Branch (746:25): [True: 18, False: 12.9k] ------------------ 747| 18| const uint8_t last_byte = obj.bits()[obj.length() - 1]; 748| 18| if((last_byte & ((1 << unused_bits) - 1)) != 0) { ------------------ | Branch (748:13): [True: 2, False: 16] ------------------ 749| 2| throw BER_Decoding_Error("Detected non-zero padding bits in BIT STRING in DER structure"); 750| 2| } 751| 18| } 752| | 753| 12.9k| buffer.resize(obj.length() - 1); 754| | 755| 12.9k| if(obj.length() > 1) { ------------------ | Branch (755:10): [True: 12.9k, False: 17] ------------------ 756| 12.9k| copy_mem(buffer.data(), obj.bits() + 1, obj.length() - 1); 757| 12.9k| } 758| 12.9k| } 759| 51.7k|} _ZN5Botan11DER_EncoderC2ERNSt3__16vectorIhNS1_9allocatorIhEEEE: 72| 38.2k|DER_Encoder::DER_Encoder(std::vector& vec) { 73| 38.2k| m_append_output = [&vec](const uint8_t b[], size_t l) { vec.insert(vec.end(), b, b + l); }; 74| 38.2k|} _ZN5Botan11DER_Encoder12DER_Sequence13push_contentsERS0_: 79| 82.2k|void DER_Encoder::DER_Sequence::push_contents(DER_Encoder& der) { 80| 82.2k| const auto real_class_tag = m_class_tag | ASN1_Class::Constructed; 81| | 82| 82.2k| if(m_type_tag == ASN1_Type::Set && m_class_tag == ASN1_Class::Universal) { ------------------ | Branch (82:7): [True: 0, False: 82.2k] | Branch (82:39): [True: 0, False: 0] ------------------ 83| 0| std::sort(m_set_contents.begin(), m_set_contents.end()); 84| 0| for(const auto& set_elem : m_set_contents) { ------------------ | Branch (84:32): [True: 0, False: 0] ------------------ 85| 0| m_contents += set_elem; 86| 0| } 87| 0| m_set_contents.clear(); 88| 0| } 89| | 90| 82.2k| der.add_object(m_type_tag, real_class_tag, m_contents.data(), m_contents.size()); 91| 82.2k| m_contents.clear(); 92| 82.2k|} _ZN5Botan11DER_Encoder12DER_Sequence9add_bytesEPKhm: 97| 50.9k|void DER_Encoder::DER_Sequence::add_bytes(const uint8_t data[], size_t length) { 98| 50.9k| if(m_type_tag == ASN1_Type::Set && m_class_tag == ASN1_Class::Universal) { ------------------ | Branch (98:7): [True: 0, False: 50.9k] | Branch (98:39): [True: 0, False: 0] ------------------ 99| 0| m_set_contents.push_back(secure_vector(data, data + length)); 100| 50.9k| } else { 101| 50.9k| m_contents += std::make_pair(data, length); 102| 50.9k| } 103| 50.9k|} _ZN5Botan11DER_Encoder12DER_Sequence9add_bytesEPKhmS3_m: 105| 81.8k|void DER_Encoder::DER_Sequence::add_bytes(const uint8_t hdr[], size_t hdr_len, const uint8_t val[], size_t val_len) { 106| 81.8k| if(m_type_tag == ASN1_Type::Set && m_class_tag == ASN1_Class::Universal) { ------------------ | Branch (106:7): [True: 0, False: 81.8k] | Branch (106:39): [True: 0, False: 0] ------------------ 107| 0| secure_vector m; 108| 0| m.reserve(hdr_len + val_len); 109| 0| m += std::make_pair(hdr, hdr_len); 110| 0| m += std::make_pair(val, val_len); 111| 0| m_set_contents.push_back(std::move(m)); 112| 81.8k| } else { 113| 81.8k| m_contents += std::make_pair(hdr, hdr_len); 114| 81.8k| m_contents += std::make_pair(val, val_len); 115| 81.8k| } 116| 81.8k|} _ZN5Botan11DER_Encoder12DER_SequenceC2ENS_9ASN1_TypeENS_10ASN1_ClassE: 129| 82.2k| m_type_tag(type_tag), m_class_tag(class_tag) {} _ZN5Botan11DER_Encoder10start_consENS_9ASN1_TypeENS_10ASN1_ClassE: 165| 82.2k|DER_Encoder& DER_Encoder::start_cons(ASN1_Type type_tag, ASN1_Class class_tag) { 166| 82.2k| m_subsequences.push_back(DER_Sequence(type_tag, class_tag)); 167| 82.2k| return (*this); 168| 82.2k|} _ZN5Botan11DER_Encoder8end_consEv: 173| 82.2k|DER_Encoder& DER_Encoder::end_cons() { 174| 82.2k| if(m_subsequences.empty()) { ------------------ | Branch (174:7): [True: 0, False: 82.2k] ------------------ 175| 0| throw Invalid_State("DER_Encoder::end_cons: No such sequence"); 176| 0| } 177| | 178| 82.2k| DER_Sequence last_seq = std::move(m_subsequences[m_subsequences.size() - 1]); 179| 82.2k| m_subsequences.pop_back(); 180| 82.2k| last_seq.push_contents(*this); 181| | 182| 82.2k| return (*this); 183| 82.2k|} _ZN5Botan11DER_Encoder9raw_bytesEPKhm: 202| 50.9k|DER_Encoder& DER_Encoder::raw_bytes(const uint8_t bytes[], size_t length) { 203| 50.9k| if(!m_subsequences.empty()) { ------------------ | Branch (203:7): [True: 50.9k, False: 0] ------------------ 204| 50.9k| m_subsequences[m_subsequences.size() - 1].add_bytes(bytes, length); 205| 50.9k| } else if(m_append_output) { ------------------ | Branch (205:14): [True: 0, False: 0] ------------------ 206| 0| m_append_output(bytes, length); 207| 0| } else { 208| 0| m_default_outbuf += std::make_pair(bytes, length); 209| 0| } 210| | 211| 50.9k| return (*this); 212| 50.9k|} _ZN5Botan11DER_Encoder10add_objectENS_9ASN1_TypeENS_10ASN1_ClassEPKhm: 244| 120k|DER_Encoder& DER_Encoder::add_object(ASN1_Type type_tag, ASN1_Class class_tag, const uint8_t rep[], size_t length) { 245| 120k| std::vector hdr; 246| 120k| encode_tag(hdr, type_tag, class_tag); 247| 120k| encode_length(hdr, length); 248| | 249| 120k| if(!m_subsequences.empty()) { ------------------ | Branch (249:7): [True: 81.8k, False: 38.2k] ------------------ 250| 81.8k| m_subsequences[m_subsequences.size() - 1].add_bytes(hdr.data(), hdr.size(), rep, length); 251| 81.8k| } else if(m_append_output) { ------------------ | Branch (251:14): [True: 38.2k, False: 0] ------------------ 252| 38.2k| m_append_output(hdr.data(), hdr.size()); 253| 38.2k| m_append_output(rep, length); 254| 38.2k| } else { 255| 0| m_default_outbuf += hdr; 256| 0| m_default_outbuf += std::make_pair(rep, length); 257| 0| } 258| | 259| 120k| return (*this); 260| 120k|} _ZN5Botan11DER_Encoder6encodeEm: 279| 6.22k|DER_Encoder& DER_Encoder::encode(size_t n) { 280| 6.22k| return encode(BigInt::from_u64(n), ASN1_Type::Integer, ASN1_Class::Universal); 281| 6.22k|} _ZN5Botan11DER_Encoder6encodeEPKhmNS_9ASN1_TypeE: 293| 6.46k|DER_Encoder& DER_Encoder::encode(const uint8_t bytes[], size_t length, ASN1_Type real_type) { 294| 6.46k| return encode(bytes, length, real_type, real_type, ASN1_Class::Universal); 295| 6.46k|} _ZN5Botan11DER_Encoder6encodeERKNS_6BigIntENS_9ASN1_TypeENS_10ASN1_ClassE: 315| 6.22k|DER_Encoder& DER_Encoder::encode(const BigInt& n, ASN1_Type type_tag, ASN1_Class class_tag) { 316| 6.22k| if(n == 0) { ------------------ | Branch (316:7): [True: 0, False: 6.22k] ------------------ 317| 0| return add_object(type_tag, class_tag, 0); 318| 0| } 319| | 320| | // Serialize magnitude with one extra leading byte 321| 6.22k| auto contents = n.serialize(n.bytes() + 1); 322| | 323| 6.22k| if(n.signum() < 0) { ------------------ | Branch (323:7): [True: 0, False: 6.22k] ------------------ 324| | // Two's complement: bitwise NOT then increment 325| 0| for(auto& byte : contents) { ------------------ | Branch (325:22): [True: 0, False: 0] ------------------ 326| 0| byte = ~byte; 327| 0| } 328| 0| for(size_t i = contents.size(); i > 0; --i) { ------------------ | Branch (328:39): [True: 0, False: 0] ------------------ 329| 0| if(++contents[i - 1] != 0) { ------------------ | Branch (329:13): [True: 0, False: 0] ------------------ 330| 0| break; 331| 0| } 332| 0| } 333| 0| } 334| | 335| | /* 336| | * DER requires the leading byte be emitted only if it required 337| | */ 338| 6.22k| BOTAN_ASSERT_NOMSG(contents.size() >= 2); ------------------ | | 77| 6.22k| do { \ | | 78| 6.22k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 6.22k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 6.22k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 6.22k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 6.22k] | | ------------------ ------------------ 339| 6.22k| const bool leading_byte_redundant = 340| 6.22k| (contents[0] == 0x00 && (contents[1] & 0x80) == 0) || (contents[0] == 0xFF && (contents[1] & 0x80) != 0); ------------------ | Branch (340:8): [True: 6.22k, False: 0] | Branch (340:31): [True: 6.22k, False: 0] | Branch (340:62): [True: 0, False: 0] | Branch (340:85): [True: 0, False: 0] ------------------ 341| 6.22k| auto encoding = std::span{contents}.subspan(leading_byte_redundant ? 1 : 0); ------------------ | Branch (341:48): [True: 6.22k, False: 0] ------------------ 342| | 343| 6.22k| return add_object(type_tag, class_tag, encoding); 344| 6.22k|} _ZN5Botan11DER_Encoder6encodeEPKhmNS_9ASN1_TypeES3_NS_10ASN1_ClassE: 350| 6.46k| const uint8_t bytes[], size_t length, ASN1_Type real_type, ASN1_Type type_tag, ASN1_Class class_tag) { 351| 6.46k| if(real_type != ASN1_Type::OctetString && real_type != ASN1_Type::BitString) { ------------------ | Branch (351:7): [True: 6.46k, False: 0] | Branch (351:46): [True: 0, False: 6.46k] ------------------ 352| 0| throw Invalid_Argument("DER_Encoder: Invalid tag for byte/bit string"); 353| 0| } 354| | 355| 6.46k| if(real_type == ASN1_Type::BitString) { ------------------ | Branch (355:7): [True: 6.46k, False: 0] ------------------ 356| 6.46k| secure_vector encoded; 357| 6.46k| encoded.push_back(0); 358| 6.46k| encoded += std::make_pair(bytes, length); 359| 6.46k| return add_object(type_tag, class_tag, encoded); 360| 6.46k| } else { 361| 0| return add_object(type_tag, class_tag, bytes, length); 362| 0| } 363| 6.46k|} _ZN5Botan11DER_Encoder6encodeERKNS_11ASN1_ObjectE: 365| 50.2k|DER_Encoder& DER_Encoder::encode(const ASN1_Object& obj) { 366| 50.2k| obj.encode_into(*this); 367| 50.2k| return (*this); 368| 50.2k|} der_enc.cpp:_ZN5Botan12_GLOBAL__N_110encode_tagERNSt3__16vectorIhNS1_9allocatorIhEEEENS_9ASN1_TypeENS_10ASN1_ClassE: 25| 120k|void encode_tag(std::vector& encoded_tag, ASN1_Type type_tag_e, ASN1_Class class_tag_e) { 26| 120k| const uint32_t type_tag = static_cast(type_tag_e); 27| 120k| const uint32_t class_tag = static_cast(class_tag_e); 28| | 29| 120k| if((class_tag | 0xE0) != 0xE0) { ------------------ | Branch (29:7): [True: 0, False: 120k] ------------------ 30| 0| throw Encoding_Error(fmt("DER_Encoder: Invalid class tag {}", std::to_string(class_tag))); 31| 0| } 32| | 33| 120k| if(type_tag <= 30) { ------------------ | Branch (33:7): [True: 120k, False: 0] ------------------ 34| 120k| encoded_tag.push_back(static_cast(type_tag | class_tag)); 35| 120k| } else { 36| 0| size_t blocks = high_bit(static_cast(type_tag)) + 6; 37| 0| blocks = (blocks - (blocks % 7)) / 7; 38| | 39| 0| BOTAN_ASSERT_NOMSG(blocks > 0); ------------------ | | 77| 0| do { \ | | 78| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 0| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 0| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 0] | | ------------------ ------------------ 40| | 41| 0| encoded_tag.push_back(static_cast(class_tag | 0x1F)); 42| 0| for(size_t i = 0; i != blocks - 1; ++i) { ------------------ | Branch (42:25): [True: 0, False: 0] ------------------ 43| 0| encoded_tag.push_back(0x80 | ((type_tag >> 7 * (blocks - i - 1)) & 0x7F)); 44| 0| } 45| 0| encoded_tag.push_back(type_tag & 0x7F); 46| 0| } 47| 120k|} der_enc.cpp:_ZN5Botan12_GLOBAL__N_113encode_lengthERNSt3__16vectorIhNS1_9allocatorIhEEEEm: 52| 120k|void encode_length(std::vector& encoded_length, size_t length) { 53| 120k| if(length <= 127) { ------------------ | Branch (53:7): [True: 107k, False: 12.9k] ------------------ 54| 107k| encoded_length.push_back(static_cast(length)); 55| 107k| } else { 56| 12.9k| const size_t bytes_needed = significant_bytes(length); 57| | 58| 12.9k| encoded_length.push_back(static_cast(0x80 | bytes_needed)); 59| | 60| 38.7k| for(size_t i = sizeof(length) - bytes_needed; i < sizeof(length); ++i) { ------------------ | Branch (60:53): [True: 25.8k, False: 12.9k] ------------------ 61| 25.8k| encoded_length.push_back(get_byte_var(i, length)); 62| 25.8k| } 63| 12.9k| } 64| 120k|} der_enc.cpp:_ZZN5Botan11DER_EncoderC1ERNSt3__16vectorIhNS1_9allocatorIhEEEEENK3$_0clEPKhm: 73| 76.5k| m_append_output = [&vec](const uint8_t b[], size_t l) { vec.insert(vec.end(), b, b + l); }; _ZN5Botan7OID_MapC2Ev: 11| 1|OID_Map::OID_Map() { 12| 1| m_str2oid = OID_Map::load_str2oid_map(); 13| 1| m_oid2str = OID_Map::load_oid2str_map(); 14| 1|} _ZN5Botan7OID_Map15global_registryEv: 16| 43.7k|OID_Map& OID_Map::global_registry() { 17| 43.7k| static OID_Map g_map; 18| 43.7k| return g_map; 19| 43.7k|} _ZN5Botan7OID_Map7oid2strERKNS_3OIDE: 69| 12.9k|std::string OID_Map::oid2str(const OID& oid) { 70| 12.9k| if(auto name = lookup_static_oid(oid)) { ------------------ | Branch (70:12): [True: 12.9k, False: 0] ------------------ 71| 12.9k| return std::string(*name); 72| 12.9k| } 73| | 74| 0| const lock_guard_type lock(m_mutex); 75| | 76| 0| auto i = m_oid2str.find(oid); 77| 0| if(i != m_oid2str.end()) { ------------------ | Branch (77:7): [True: 0, False: 0] ------------------ 78| 0| return i->second; 79| 0| } 80| | 81| 0| return ""; 82| 0|} _ZN5Botan7OID_Map7str2oidENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 84| 30.7k|OID OID_Map::str2oid(std::string_view str) { 85| 30.7k| if(auto oid = lookup_static_oid_name(str)) { ------------------ | Branch (85:12): [True: 30.7k, False: 0] ------------------ 86| 30.7k| return std::move(*oid); 87| 30.7k| } 88| | 89| 0| const lock_guard_type lock(m_mutex); 90| 0| auto i = m_str2oid.find(std::string(str)); 91| 0| if(i != m_str2oid.end()) { ------------------ | Branch (91:7): [True: 0, False: 0] ------------------ 92| 0| return i->second; 93| 0| } 94| | 95| 0| return OID(); 96| 0|} _ZN5Botan10PSS_ParamsC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEm: 33| 6.22k| m_hash(hash_fn, AlgorithmIdentifier::USE_NULL_PARAM), 34| 6.22k| m_mgf("MGF1", m_hash.BER_encode()), 35| 6.22k| m_mgf_hash(m_hash), 36| 6.22k| m_salt_len(salt_len), 37| 6.22k| m_trailer_field(1) {} _ZNK5Botan10PSS_Params9serializeEv: 45| 6.22k|std::vector PSS_Params::serialize() const { 46| 6.22k| std::vector output; 47| 6.22k| DER_Encoder(output).encode(*this); 48| 6.22k| return output; 49| 6.22k|} _ZNK5Botan10PSS_Params11encode_intoERNS_11DER_EncoderE: 51| 6.22k|void PSS_Params::encode_into(DER_Encoder& to) const { 52| 6.22k| to.start_sequence() 53| 6.22k| .start_context_specific(0) 54| 6.22k| .encode(m_hash) 55| 6.22k| .end_cons() 56| 6.22k| .start_context_specific(1) 57| 6.22k| .encode(m_mgf) 58| 6.22k| .end_cons() 59| 6.22k| .start_context_specific(2) 60| 6.22k| .encode(m_salt_len) 61| 6.22k| .end_cons() 62| 6.22k| .end_cons(); 63| 6.22k|} _ZN5Botan7OID_Map17lookup_static_oidERKNS_3OIDE: 48| 12.9k|std::optional OID_Map::lookup_static_oid(const OID& oid) { 49| 12.9k| const uint32_t hc = static_cast(oid.hash_code() % 858701); 50| | 51| 12.9k| switch(hc) { 52| 0| case 0x01506: ------------------ | Branch (52:7): [True: 0, False: 12.9k] ------------------ 53| 0| return if_match(oid, {1, 2, 840, 10045, 4, 3, 1}, "ECDSA/SHA-224"); 54| 0| case 0x01507: ------------------ | Branch (54:7): [True: 0, False: 12.9k] ------------------ 55| 0| return if_match(oid, {1, 2, 840, 10045, 4, 3, 2}, "ECDSA/SHA-256"); 56| 0| case 0x01508: ------------------ | Branch (56:7): [True: 0, False: 12.9k] ------------------ 57| 0| return if_match(oid, {1, 2, 840, 10045, 4, 3, 3}, "ECDSA/SHA-384"); 58| 0| case 0x01509: ------------------ | Branch (58:7): [True: 0, False: 12.9k] ------------------ 59| 0| return if_match(oid, {1, 2, 840, 10045, 4, 3, 4}, "ECDSA/SHA-512"); 60| 0| case 0x04C1E: ------------------ | Branch (60:7): [True: 0, False: 12.9k] ------------------ 61| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 3029, 1, 2, 1}, "ElGamal"); 62| 0| case 0x04E61: ------------------ | Branch (62:7): [True: 0, False: 12.9k] ------------------ 63| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 3029, 1, 5, 1}, "OpenPGP.Curve25519"); 64| 0| case 0x0779B: ------------------ | Branch (64:7): [True: 0, False: 12.9k] ------------------ 65| 0| return if_match(oid, {1, 2, 840, 113549, 2, 5}, "MD5"); 66| 0| case 0x0779D: ------------------ | Branch (66:7): [True: 0, False: 12.9k] ------------------ 67| 0| return if_match(oid, {1, 2, 840, 113549, 2, 7}, "HMAC(SHA-1)"); 68| 0| case 0x0779E: ------------------ | Branch (68:7): [True: 0, False: 12.9k] ------------------ 69| 0| return if_match(oid, {1, 2, 840, 113549, 2, 8}, "HMAC(SHA-224)"); 70| 0| case 0x0779F: ------------------ | Branch (70:7): [True: 0, False: 12.9k] ------------------ 71| 0| return if_match(oid, {1, 2, 840, 113549, 2, 9}, "HMAC(SHA-256)"); 72| 0| case 0x077A0: ------------------ | Branch (72:7): [True: 0, False: 12.9k] ------------------ 73| 0| return if_match(oid, {1, 2, 840, 113549, 2, 10}, "HMAC(SHA-384)"); 74| 0| case 0x077A1: ------------------ | Branch (74:7): [True: 0, False: 12.9k] ------------------ 75| 0| return if_match(oid, {1, 2, 840, 113549, 2, 11}, "HMAC(SHA-512)"); 76| 0| case 0x077A3: ------------------ | Branch (76:7): [True: 0, False: 12.9k] ------------------ 77| 0| return if_match(oid, {1, 2, 840, 113549, 2, 13}, "HMAC(SHA-512-256)"); 78| 0| case 0x0785E: ------------------ | Branch (78:7): [True: 0, False: 12.9k] ------------------ 79| 0| return if_match(oid, {1, 2, 840, 113549, 3, 7}, "TripleDES/CBC"); 80| 0| case 0x0C904: ------------------ | Branch (80:7): [True: 0, False: 12.9k] ------------------ 81| 0| return if_match(oid, {1, 0, 14888, 3, 0, 5}, "ECKCDSA"); 82| 0| case 0x11547: ------------------ | Branch (82:7): [True: 0, False: 12.9k] ------------------ 83| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 1}, "SphincsPlus-shake-128s-r3.1"); 84| 0| case 0x11548: ------------------ | Branch (84:7): [True: 0, False: 12.9k] ------------------ 85| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 2}, "SphincsPlus-shake-128f-r3.1"); 86| 0| case 0x11549: ------------------ | Branch (86:7): [True: 0, False: 12.9k] ------------------ 87| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 3}, "SphincsPlus-shake-192s-r3.1"); 88| 0| case 0x1154A: ------------------ | Branch (88:7): [True: 0, False: 12.9k] ------------------ 89| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 4}, "SphincsPlus-shake-192f-r3.1"); 90| 0| case 0x1154B: ------------------ | Branch (90:7): [True: 0, False: 12.9k] ------------------ 91| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 5}, "SphincsPlus-shake-256s-r3.1"); 92| 0| case 0x1154C: ------------------ | Branch (92:7): [True: 0, False: 12.9k] ------------------ 93| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 6}, "SphincsPlus-shake-256f-r3.1"); 94| 0| case 0x11608: ------------------ | Branch (94:7): [True: 0, False: 12.9k] ------------------ 95| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 1}, "SphincsPlus-sha2-128s-r3.1"); 96| 0| case 0x11609: ------------------ | Branch (96:7): [True: 0, False: 12.9k] ------------------ 97| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 2}, "SphincsPlus-sha2-128f-r3.1"); 98| 0| case 0x1160A: ------------------ | Branch (98:7): [True: 0, False: 12.9k] ------------------ 99| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 3}, "SphincsPlus-sha2-192s-r3.1"); 100| 0| case 0x1160B: ------------------ | Branch (100:7): [True: 0, False: 12.9k] ------------------ 101| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 4}, "SphincsPlus-sha2-192f-r3.1"); 102| 0| case 0x1160C: ------------------ | Branch (102:7): [True: 0, False: 12.9k] ------------------ 103| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 5}, "SphincsPlus-sha2-256s-r3.1"); 104| 0| case 0x1160D: ------------------ | Branch (104:7): [True: 0, False: 12.9k] ------------------ 105| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 6}, "SphincsPlus-sha2-256f-r3.1"); 106| 0| case 0x116C9: ------------------ | Branch (106:7): [True: 0, False: 12.9k] ------------------ 107| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 1}, "SphincsPlus-haraka-128s-r3.1"); 108| 0| case 0x116CA: ------------------ | Branch (108:7): [True: 0, False: 12.9k] ------------------ 109| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 2}, "SphincsPlus-haraka-128f-r3.1"); 110| 0| case 0x116CB: ------------------ | Branch (110:7): [True: 0, False: 12.9k] ------------------ 111| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 3}, "SphincsPlus-haraka-192s-r3.1"); 112| 0| case 0x116CC: ------------------ | Branch (112:7): [True: 0, False: 12.9k] ------------------ 113| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 4}, "SphincsPlus-haraka-192f-r3.1"); 114| 0| case 0x116CD: ------------------ | Branch (114:7): [True: 0, False: 12.9k] ------------------ 115| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 5}, "SphincsPlus-haraka-256s-r3.1"); 116| 0| case 0x116CE: ------------------ | Branch (116:7): [True: 0, False: 12.9k] ------------------ 117| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 6}, "SphincsPlus-haraka-256f-r3.1"); 118| 0| case 0x1533B: ------------------ | Branch (118:7): [True: 0, False: 12.9k] ------------------ 119| 0| return if_match(oid, {1, 2, 156, 10197, 1, 104, 2}, "SM4/CBC"); 120| 0| case 0x15341: ------------------ | Branch (120:7): [True: 0, False: 12.9k] ------------------ 121| 0| return if_match(oid, {1, 2, 156, 10197, 1, 104, 8}, "SM4/GCM"); 122| 0| case 0x1539D: ------------------ | Branch (122:7): [True: 0, False: 12.9k] ------------------ 123| 0| return if_match(oid, {1, 2, 156, 10197, 1, 104, 100}, "SM4/OCB"); 124| 0| case 0x187D7: ------------------ | Branch (124:7): [True: 0, False: 12.9k] ------------------ 125| 0| return if_match(oid, {1, 3, 14, 3, 2, 7}, "DES/CBC"); 126| 0| case 0x187EA: ------------------ | Branch (126:7): [True: 0, False: 12.9k] ------------------ 127| 0| return if_match(oid, {1, 3, 14, 3, 2, 26}, "SHA-1"); 128| 0| case 0x19933: ------------------ | Branch (128:7): [True: 0, False: 12.9k] ------------------ 129| 0| return if_match(oid, {1, 3, 132, 0, 8}, "secp160r1"); 130| 0| case 0x19934: ------------------ | Branch (130:7): [True: 0, False: 12.9k] ------------------ 131| 0| return if_match(oid, {1, 3, 132, 0, 9}, "secp160k1"); 132| 0| case 0x19935: ------------------ | Branch (132:7): [True: 0, False: 12.9k] ------------------ 133| 0| return if_match(oid, {1, 3, 132, 0, 10}, "secp256k1"); 134| 0| case 0x19949: ------------------ | Branch (134:7): [True: 0, False: 12.9k] ------------------ 135| 0| return if_match(oid, {1, 3, 132, 0, 30}, "secp160r2"); 136| 0| case 0x1994A: ------------------ | Branch (136:7): [True: 0, False: 12.9k] ------------------ 137| 0| return if_match(oid, {1, 3, 132, 0, 31}, "secp192k1"); 138| 0| case 0x1994B: ------------------ | Branch (138:7): [True: 0, False: 12.9k] ------------------ 139| 0| return if_match(oid, {1, 3, 132, 0, 32}, "secp224k1"); 140| 0| case 0x1994C: ------------------ | Branch (140:7): [True: 0, False: 12.9k] ------------------ 141| 0| return if_match(oid, {1, 3, 132, 0, 33}, "secp224r1"); 142| 1| case 0x1994D: ------------------ | Branch (142:7): [True: 1, False: 12.9k] ------------------ 143| 1| return if_match(oid, {1, 3, 132, 0, 34}, "secp384r1"); 144| 1| case 0x1994E: ------------------ | Branch (144:7): [True: 1, False: 12.9k] ------------------ 145| 1| return if_match(oid, {1, 3, 132, 0, 35}, "secp521r1"); 146| 0| case 0x199F8: ------------------ | Branch (146:7): [True: 0, False: 12.9k] ------------------ 147| 0| return if_match(oid, {1, 3, 132, 1, 12}, "ECDH"); 148| 0| case 0x1E7BF: ------------------ | Branch (148:7): [True: 0, False: 12.9k] ------------------ 149| 0| return if_match(oid, {1, 2, 156, 10197, 1, 301, 1}, "SM2"); 150| 0| case 0x1E7C0: ------------------ | Branch (150:7): [True: 0, False: 12.9k] ------------------ 151| 0| return if_match(oid, {1, 2, 156, 10197, 1, 301, 2}, "SM2_Kex"); 152| 0| case 0x1E7C1: ------------------ | Branch (152:7): [True: 0, False: 12.9k] ------------------ 153| 0| return if_match(oid, {1, 2, 156, 10197, 1, 301, 3}, "SM2_Enc"); 154| 0| case 0x21960: ------------------ | Branch (154:7): [True: 0, False: 12.9k] ------------------ 155| 0| return if_match(oid, {1, 3, 36, 3, 3, 1, 2}, "RSA/PKCS1v15(RIPEMD-160)"); 156| 0| case 0x2198A: ------------------ | Branch (156:7): [True: 0, False: 12.9k] ------------------ 157| 0| return if_match(oid, {1, 2, 840, 113533, 7, 66, 10}, "CAST-128/CBC"); 158| 0| case 0x2198F: ------------------ | Branch (158:7): [True: 0, False: 12.9k] ------------------ 159| 0| return if_match(oid, {1, 2, 840, 113533, 7, 66, 15}, "KeyWrap.CAST-128"); 160| 0| case 0x227C0: ------------------ | Branch (160:7): [True: 0, False: 12.9k] ------------------ 161| 0| return if_match(oid, {1, 3, 101, 110}, "X25519"); 162| 0| case 0x227C1: ------------------ | Branch (162:7): [True: 0, False: 12.9k] ------------------ 163| 0| return if_match(oid, {1, 3, 101, 111}, "X448"); 164| 0| case 0x227C2: ------------------ | Branch (164:7): [True: 0, False: 12.9k] ------------------ 165| 0| return if_match(oid, {1, 3, 101, 112}, "Ed25519"); 166| 0| case 0x227C3: ------------------ | Branch (166:7): [True: 0, False: 12.9k] ------------------ 167| 0| return if_match(oid, {1, 3, 101, 113}, "Ed448"); 168| 0| case 0x27565: ------------------ | Branch (168:7): [True: 0, False: 12.9k] ------------------ 169| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 48, 1, 1}, "PKIX.OCSP.BasicResponse"); 170| 0| case 0x27569: ------------------ | Branch (170:7): [True: 0, False: 12.9k] ------------------ 171| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 48, 1, 5}, "PKIX.OCSP.NoCheck"); 172| 0| case 0x29F7C: ------------------ | Branch (172:7): [True: 0, False: 12.9k] ------------------ 173| 0| return if_match(oid, {1, 2, 410, 200004, 1, 100, 4, 3}, "ECKCDSA/SHA-1"); 174| 0| case 0x29F7D: ------------------ | Branch (174:7): [True: 0, False: 12.9k] ------------------ 175| 0| return if_match(oid, {1, 2, 410, 200004, 1, 100, 4, 4}, "ECKCDSA/SHA-224"); 176| 0| case 0x29F7E: ------------------ | Branch (176:7): [True: 0, False: 12.9k] ------------------ 177| 0| return if_match(oid, {1, 2, 410, 200004, 1, 100, 4, 5}, "ECKCDSA/SHA-256"); 178| 0| case 0x2AC3B: ------------------ | Branch (178:7): [True: 0, False: 12.9k] ------------------ 179| 0| return if_match(oid, {2, 5, 29, 32, 0}, "X509v3.AnyPolicy"); 180| 0| case 0x2B000: ------------------ | Branch (180:7): [True: 0, False: 12.9k] ------------------ 181| 0| return if_match(oid, {2, 5, 29, 37, 0}, "X509v3.AnyExtendedKeyUsage"); 182| 12.9k| case 0x2B5C9: ------------------ | Branch (182:7): [True: 12.9k, False: 6] ------------------ 183| 12.9k| return if_match(oid, {1, 2, 840, 10045, 2, 1}, "ECDSA"); 184| 0| case 0x2B74B: ------------------ | Branch (184:7): [True: 0, False: 12.9k] ------------------ 185| 0| return if_match(oid, {1, 2, 840, 10045, 4, 1}, "ECDSA/SHA-1"); 186| 0| case 0x3474A: ------------------ | Branch (186:7): [True: 0, False: 12.9k] ------------------ 187| 0| return if_match(oid, {1, 2, 840, 10046, 2, 1}, "DH"); 188| 0| case 0x38D6D: ------------------ | Branch (188:7): [True: 0, False: 12.9k] ------------------ 189| 0| return if_match(oid, {1, 2, 643, 7, 1, 2, 1, 1, 1}, "gost_256A"); 190| 0| case 0x38D6E: ------------------ | Branch (190:7): [True: 0, False: 12.9k] ------------------ 191| 0| return if_match(oid, {1, 2, 643, 7, 1, 2, 1, 1, 2}, "gost_256B"); 192| 0| case 0x38E2E: ------------------ | Branch (192:7): [True: 0, False: 12.9k] ------------------ 193| 0| return if_match(oid, {1, 2, 643, 7, 1, 2, 1, 2, 1}, "gost_512A"); 194| 0| case 0x38E2F: ------------------ | Branch (194:7): [True: 0, False: 12.9k] ------------------ 195| 0| return if_match(oid, {1, 2, 643, 7, 1, 2, 1, 2, 2}, "gost_512B"); 196| 0| case 0x38F2C: ------------------ | Branch (196:7): [True: 0, False: 12.9k] ------------------ 197| 0| return if_match(oid, {1, 2, 643, 2, 2, 3}, "GOST-34.10/GOST-R-34.11-94"); 198| 0| case 0x38F3C: ------------------ | Branch (198:7): [True: 0, False: 12.9k] ------------------ 199| 0| return if_match(oid, {1, 2, 643, 2, 2, 19}, "GOST-34.10"); 200| 0| case 0x3D7B8: ------------------ | Branch (200:7): [True: 0, False: 12.9k] ------------------ 201| 0| return if_match(oid, {0, 3, 4401, 5, 3, 1, 9, 6}, "Camellia-128/GCM"); 202| 0| case 0x3D7CC: ------------------ | Branch (202:7): [True: 0, False: 12.9k] ------------------ 203| 0| return if_match(oid, {0, 3, 4401, 5, 3, 1, 9, 26}, "Camellia-192/GCM"); 204| 0| case 0x3D7E0: ------------------ | Branch (204:7): [True: 0, False: 12.9k] ------------------ 205| 0| return if_match(oid, {0, 3, 4401, 5, 3, 1, 9, 46}, "Camellia-256/GCM"); 206| 0| case 0x3F20F: ------------------ | Branch (206:7): [True: 0, False: 12.9k] ------------------ 207| 0| return if_match(oid, {1, 3, 36, 3, 2, 1}, "RIPEMD-160"); 208| 0| case 0x4266E: ------------------ | Branch (208:7): [True: 0, False: 12.9k] ------------------ 209| 0| return if_match(oid, {0, 4, 0, 127, 0, 15, 1, 1, 13, 0}, "XMSS"); 210| 0| case 0x478C4: ------------------ | Branch (210:7): [True: 0, False: 12.9k] ------------------ 211| 0| return if_match(oid, {1, 2, 410, 200004, 1, 4}, "SEED/CBC"); 212| 0| case 0x47D98: ------------------ | Branch (212:7): [True: 0, False: 12.9k] ------------------ 213| 0| return if_match(oid, {1, 2, 156, 10197, 1, 301}, "sm2p256v1"); 214| 0| case 0x47DFC: ------------------ | Branch (214:7): [True: 0, False: 12.9k] ------------------ 215| 0| return if_match(oid, {1, 2, 156, 10197, 1, 401}, "SM3"); 216| 0| case 0x47E60: ------------------ | Branch (216:7): [True: 0, False: 12.9k] ------------------ 217| 0| return if_match(oid, {1, 2, 156, 10197, 1, 501}, "SM2_Sig/SM3"); 218| 0| case 0x47E63: ------------------ | Branch (218:7): [True: 0, False: 12.9k] ------------------ 219| 0| return if_match(oid, {1, 2, 156, 10197, 1, 504}, "RSA/PKCS1v15(SM3)"); 220| 0| case 0x52B13: ------------------ | Branch (220:7): [True: 0, False: 12.9k] ------------------ 221| 0| return if_match(oid, {1, 2, 643, 3, 131, 1, 1}, "GOST.INN"); 222| 0| case 0x635AE: ------------------ | Branch (222:7): [True: 0, False: 12.9k] ------------------ 223| 0| return if_match(oid, {1, 2, 250, 1, 223, 101, 256, 1}, "frp256v1"); 224| 0| case 0x6A784: ------------------ | Branch (224:7): [True: 0, False: 12.9k] ------------------ 225| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 1}, "PKCS12.KeyBag"); 226| 0| case 0x6A785: ------------------ | Branch (226:7): [True: 0, False: 12.9k] ------------------ 227| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 2}, "PKCS12.PKCS8ShroudedKeyBag"); 228| 0| case 0x6A786: ------------------ | Branch (228:7): [True: 0, False: 12.9k] ------------------ 229| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 3}, "PKCS12.CertBag"); 230| 0| case 0x6A787: ------------------ | Branch (230:7): [True: 0, False: 12.9k] ------------------ 231| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 4}, "PKCS12.CRLBag"); 232| 0| case 0x6A788: ------------------ | Branch (232:7): [True: 0, False: 12.9k] ------------------ 233| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 5}, "PKCS12.SecretBag"); 234| 0| case 0x6A789: ------------------ | Branch (234:7): [True: 0, False: 12.9k] ------------------ 235| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 6}, "PKCS12.SafeContentsBag"); 236| 0| case 0x6EB86: ------------------ | Branch (236:7): [True: 0, False: 12.9k] ------------------ 237| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 6, 1}, "GOST-34.10-2012-256/SHA-256"); 238| 0| case 0x6EC47: ------------------ | Branch (238:7): [True: 0, False: 12.9k] ------------------ 239| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 7, 1}, "Kyber-512-r3"); 240| 0| case 0x6EC48: ------------------ | Branch (240:7): [True: 0, False: 12.9k] ------------------ 241| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 7, 2}, "Kyber-768-r3"); 242| 0| case 0x6EC49: ------------------ | Branch (242:7): [True: 0, False: 12.9k] ------------------ 243| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 7, 3}, "Kyber-1024-r3"); 244| 0| case 0x6EDC9: ------------------ | Branch (244:7): [True: 0, False: 12.9k] ------------------ 245| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 9, 1}, "Dilithium-4x4-r3"); 246| 0| case 0x6EDCA: ------------------ | Branch (246:7): [True: 0, False: 12.9k] ------------------ 247| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 9, 2}, "Dilithium-6x5-r3"); 248| 0| case 0x6EDCB: ------------------ | Branch (248:7): [True: 0, False: 12.9k] ------------------ 249| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 9, 3}, "Dilithium-8x7-r3"); 250| 0| case 0x6EE8A: ------------------ | Branch (250:7): [True: 0, False: 12.9k] ------------------ 251| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 10, 1}, "Dilithium-4x4-AES-r3"); 252| 0| case 0x6EE8B: ------------------ | Branch (252:7): [True: 0, False: 12.9k] ------------------ 253| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 10, 2}, "Dilithium-6x5-AES-r3"); 254| 0| case 0x6EE8C: ------------------ | Branch (254:7): [True: 0, False: 12.9k] ------------------ 255| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 10, 3}, "Dilithium-8x7-AES-r3"); 256| 0| case 0x6EF4B: ------------------ | Branch (256:7): [True: 0, False: 12.9k] ------------------ 257| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 11, 1}, "Kyber-512-90s-r3"); 258| 0| case 0x6EF4C: ------------------ | Branch (258:7): [True: 0, False: 12.9k] ------------------ 259| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 11, 2}, "Kyber-768-90s-r3"); 260| 0| case 0x6EF4D: ------------------ | Branch (260:7): [True: 0, False: 12.9k] ------------------ 261| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 11, 3}, "Kyber-1024-90s-r3"); 262| 0| case 0x6F18E: ------------------ | Branch (262:7): [True: 0, False: 12.9k] ------------------ 263| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 14, 1}, "FrodoKEM-640-SHAKE"); 264| 0| case 0x6F18F: ------------------ | Branch (264:7): [True: 0, False: 12.9k] ------------------ 265| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 14, 2}, "FrodoKEM-976-SHAKE"); 266| 0| case 0x6F190: ------------------ | Branch (266:7): [True: 0, False: 12.9k] ------------------ 267| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 14, 3}, "FrodoKEM-1344-SHAKE"); 268| 0| case 0x6F24F: ------------------ | Branch (268:7): [True: 0, False: 12.9k] ------------------ 269| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 15, 1}, "FrodoKEM-640-AES"); 270| 0| case 0x6F250: ------------------ | Branch (270:7): [True: 0, False: 12.9k] ------------------ 271| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 15, 2}, "FrodoKEM-976-AES"); 272| 0| case 0x6F251: ------------------ | Branch (272:7): [True: 0, False: 12.9k] ------------------ 273| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 15, 3}, "FrodoKEM-1344-AES"); 274| 0| case 0x6F310: ------------------ | Branch (274:7): [True: 0, False: 12.9k] ------------------ 275| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 16, 1}, "eFrodoKEM-640-SHAKE"); 276| 0| case 0x6F311: ------------------ | Branch (276:7): [True: 0, False: 12.9k] ------------------ 277| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 16, 2}, "eFrodoKEM-976-SHAKE"); 278| 0| case 0x6F312: ------------------ | Branch (278:7): [True: 0, False: 12.9k] ------------------ 279| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 16, 3}, "eFrodoKEM-1344-SHAKE"); 280| 0| case 0x6F3D1: ------------------ | Branch (280:7): [True: 0, False: 12.9k] ------------------ 281| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 17, 1}, "eFrodoKEM-640-AES"); 282| 0| case 0x6F3D2: ------------------ | Branch (282:7): [True: 0, False: 12.9k] ------------------ 283| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 17, 2}, "eFrodoKEM-976-AES"); 284| 0| case 0x6F3D3: ------------------ | Branch (284:7): [True: 0, False: 12.9k] ------------------ 285| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 17, 3}, "eFrodoKEM-1344-AES"); 286| 0| case 0x6F492: ------------------ | Branch (286:7): [True: 0, False: 12.9k] ------------------ 287| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 1}, "ClassicMcEliece_6688128pc"); 288| 0| case 0x6F493: ------------------ | Branch (288:7): [True: 0, False: 12.9k] ------------------ 289| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 2}, "ClassicMcEliece_6688128pcf"); 290| 0| case 0x6F494: ------------------ | Branch (290:7): [True: 0, False: 12.9k] ------------------ 291| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 3}, "ClassicMcEliece_6960119pc"); 292| 0| case 0x6F495: ------------------ | Branch (292:7): [True: 0, False: 12.9k] ------------------ 293| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 4}, "ClassicMcEliece_6960119pcf"); 294| 0| case 0x6F496: ------------------ | Branch (294:7): [True: 0, False: 12.9k] ------------------ 295| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 5}, "ClassicMcEliece_8192128pc"); 296| 0| case 0x6F497: ------------------ | Branch (296:7): [True: 0, False: 12.9k] ------------------ 297| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 6}, "ClassicMcEliece_8192128pcf"); 298| 0| case 0x6F79D: ------------------ | Branch (298:7): [True: 0, False: 12.9k] ------------------ 299| 0| return if_match(oid, {2, 16, 840, 1, 113730, 1, 13}, "Certificate Comment"); 300| 0| case 0x701A0: ------------------ | Branch (300:7): [True: 0, False: 12.9k] ------------------ 301| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 2, 1}, "ECGDSA"); 302| 0| case 0x70322: ------------------ | Branch (302:7): [True: 0, False: 12.9k] ------------------ 303| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 1}, "ECGDSA/RIPEMD-160"); 304| 0| case 0x70323: ------------------ | Branch (304:7): [True: 0, False: 12.9k] ------------------ 305| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 2}, "ECGDSA/SHA-1"); 306| 0| case 0x70324: ------------------ | Branch (306:7): [True: 0, False: 12.9k] ------------------ 307| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 3}, "ECGDSA/SHA-224"); 308| 0| case 0x70325: ------------------ | Branch (308:7): [True: 0, False: 12.9k] ------------------ 309| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 4}, "ECGDSA/SHA-256"); 310| 0| case 0x70326: ------------------ | Branch (310:7): [True: 0, False: 12.9k] ------------------ 311| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 5}, "ECGDSA/SHA-384"); 312| 0| case 0x70327: ------------------ | Branch (312:7): [True: 0, False: 12.9k] ------------------ 313| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 6}, "ECGDSA/SHA-512"); 314| 0| case 0x72B21: ------------------ | Branch (314:7): [True: 0, False: 12.9k] ------------------ 315| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 1, 1}, "GOST-34.10-2012-256"); 316| 0| case 0x72B22: ------------------ | Branch (316:7): [True: 0, False: 12.9k] ------------------ 317| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 1, 2}, "GOST-34.10-2012-512"); 318| 0| case 0x72BE3: ------------------ | Branch (318:7): [True: 0, False: 12.9k] ------------------ 319| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 2, 2}, "Streebog-256"); 320| 0| case 0x72BE4: ------------------ | Branch (320:7): [True: 0, False: 12.9k] ------------------ 321| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 2, 3}, "Streebog-512"); 322| 0| case 0x72CA4: ------------------ | Branch (322:7): [True: 0, False: 12.9k] ------------------ 323| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 3, 2}, "GOST-34.10-2012-256/Streebog-256"); 324| 0| case 0x72CA5: ------------------ | Branch (324:7): [True: 0, False: 12.9k] ------------------ 325| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 3, 3}, "GOST-34.10-2012-512/Streebog-512"); 326| 0| case 0x7C7C7: ------------------ | Branch (326:7): [True: 0, False: 12.9k] ------------------ 327| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 22, 1}, "PKCS9.X509Certificate"); 328| 0| case 0x7C7C8: ------------------ | Branch (328:7): [True: 0, False: 12.9k] ------------------ 329| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 22, 2}, "PKCS9.SDSICertificate"); 330| 0| case 0x7C888: ------------------ | Branch (330:7): [True: 0, False: 12.9k] ------------------ 331| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 23, 1}, "PKCS9.X509CRL"); 332| 0| case 0x7E10F: ------------------ | Branch (332:7): [True: 0, False: 12.9k] ------------------ 333| 0| return if_match(oid, {2, 5, 4, 3}, "X520.CommonName"); 334| 0| case 0x7E110: ------------------ | Branch (334:7): [True: 0, False: 12.9k] ------------------ 335| 0| return if_match(oid, {2, 5, 4, 4}, "X520.Surname"); 336| 0| case 0x7E111: ------------------ | Branch (336:7): [True: 0, False: 12.9k] ------------------ 337| 0| return if_match(oid, {2, 5, 4, 5}, "X520.SerialNumber"); 338| 0| case 0x7E112: ------------------ | Branch (338:7): [True: 0, False: 12.9k] ------------------ 339| 0| return if_match(oid, {2, 5, 4, 6}, "X520.Country"); 340| 0| case 0x7E113: ------------------ | Branch (340:7): [True: 0, False: 12.9k] ------------------ 341| 0| return if_match(oid, {2, 5, 4, 7}, "X520.Locality"); 342| 0| case 0x7E114: ------------------ | Branch (342:7): [True: 0, False: 12.9k] ------------------ 343| 0| return if_match(oid, {2, 5, 4, 8}, "X520.State"); 344| 0| case 0x7E115: ------------------ | Branch (344:7): [True: 0, False: 12.9k] ------------------ 345| 0| return if_match(oid, {2, 5, 4, 9}, "X520.StreetAddress"); 346| 0| case 0x7E116: ------------------ | Branch (346:7): [True: 0, False: 12.9k] ------------------ 347| 0| return if_match(oid, {2, 5, 4, 10}, "X520.Organization"); 348| 0| case 0x7E117: ------------------ | Branch (348:7): [True: 0, False: 12.9k] ------------------ 349| 0| return if_match(oid, {2, 5, 4, 11}, "X520.OrganizationalUnit"); 350| 0| case 0x7E118: ------------------ | Branch (350:7): [True: 0, False: 12.9k] ------------------ 351| 0| return if_match(oid, {2, 5, 4, 12}, "X520.Title"); 352| 0| case 0x7E136: ------------------ | Branch (352:7): [True: 0, False: 12.9k] ------------------ 353| 0| return if_match(oid, {2, 5, 4, 42}, "X520.GivenName"); 354| 0| case 0x7E137: ------------------ | Branch (354:7): [True: 0, False: 12.9k] ------------------ 355| 0| return if_match(oid, {2, 5, 4, 43}, "X520.Initials"); 356| 0| case 0x7E138: ------------------ | Branch (356:7): [True: 0, False: 12.9k] ------------------ 357| 0| return if_match(oid, {2, 5, 4, 44}, "X520.GenerationalQualifier"); 358| 0| case 0x7E13A: ------------------ | Branch (358:7): [True: 0, False: 12.9k] ------------------ 359| 0| return if_match(oid, {2, 5, 4, 46}, "X520.DNQualifier"); 360| 0| case 0x7E14D: ------------------ | Branch (360:7): [True: 0, False: 12.9k] ------------------ 361| 0| return if_match(oid, {2, 5, 4, 65}, "X520.Pseudonym"); 362| 0| case 0x7F3F3: ------------------ | Branch (362:7): [True: 0, False: 12.9k] ------------------ 363| 0| return if_match(oid, {2, 5, 29, 14}, "X509v3.SubjectKeyIdentifier"); 364| 0| case 0x7F3F4: ------------------ | Branch (364:7): [True: 0, False: 12.9k] ------------------ 365| 0| return if_match(oid, {2, 5, 29, 15}, "X509v3.KeyUsage"); 366| 0| case 0x7F3F5: ------------------ | Branch (366:7): [True: 0, False: 12.9k] ------------------ 367| 0| return if_match(oid, {2, 5, 29, 16}, "X509v3.PrivateKeyUsagePeriod"); 368| 0| case 0x7F3F6: ------------------ | Branch (368:7): [True: 0, False: 12.9k] ------------------ 369| 0| return if_match(oid, {2, 5, 29, 17}, "X509v3.SubjectAlternativeName"); 370| 0| case 0x7F3F7: ------------------ | Branch (370:7): [True: 0, False: 12.9k] ------------------ 371| 0| return if_match(oid, {2, 5, 29, 18}, "X509v3.IssuerAlternativeName"); 372| 0| case 0x7F3F8: ------------------ | Branch (372:7): [True: 0, False: 12.9k] ------------------ 373| 0| return if_match(oid, {2, 5, 29, 19}, "X509v3.BasicConstraints"); 374| 0| case 0x7F3F9: ------------------ | Branch (374:7): [True: 0, False: 12.9k] ------------------ 375| 0| return if_match(oid, {2, 5, 29, 20}, "X509v3.CRLNumber"); 376| 0| case 0x7F3FA: ------------------ | Branch (376:7): [True: 0, False: 12.9k] ------------------ 377| 0| return if_match(oid, {2, 5, 29, 21}, "X509v3.ReasonCode"); 378| 0| case 0x7F3FC: ------------------ | Branch (378:7): [True: 0, False: 12.9k] ------------------ 379| 0| return if_match(oid, {2, 5, 29, 23}, "X509v3.HoldInstructionCode"); 380| 0| case 0x7F3FD: ------------------ | Branch (380:7): [True: 0, False: 12.9k] ------------------ 381| 0| return if_match(oid, {2, 5, 29, 24}, "X509v3.InvalidityDate"); 382| 0| case 0x7F401: ------------------ | Branch (382:7): [True: 0, False: 12.9k] ------------------ 383| 0| return if_match(oid, {2, 5, 29, 28}, "X509v3.CRLIssuingDistributionPoint"); 384| 0| case 0x7F403: ------------------ | Branch (384:7): [True: 0, False: 12.9k] ------------------ 385| 0| return if_match(oid, {2, 5, 29, 30}, "X509v3.NameConstraints"); 386| 0| case 0x7F404: ------------------ | Branch (386:7): [True: 0, False: 12.9k] ------------------ 387| 0| return if_match(oid, {2, 5, 29, 31}, "X509v3.CRLDistributionPoints"); 388| 0| case 0x7F405: ------------------ | Branch (388:7): [True: 0, False: 12.9k] ------------------ 389| 0| return if_match(oid, {2, 5, 29, 32}, "X509v3.CertificatePolicies"); 390| 0| case 0x7F408: ------------------ | Branch (390:7): [True: 0, False: 12.9k] ------------------ 391| 0| return if_match(oid, {2, 5, 29, 35}, "X509v3.AuthorityKeyIdentifier"); 392| 0| case 0x7F409: ------------------ | Branch (392:7): [True: 0, False: 12.9k] ------------------ 393| 0| return if_match(oid, {2, 5, 29, 36}, "X509v3.PolicyConstraints"); 394| 0| case 0x7F40A: ------------------ | Branch (394:7): [True: 0, False: 12.9k] ------------------ 395| 0| return if_match(oid, {2, 5, 29, 37}, "X509v3.ExtendedKeyUsage"); 396| 0| case 0x7F41D: ------------------ | Branch (396:7): [True: 0, False: 12.9k] ------------------ 397| 0| return if_match(oid, {2, 5, 29, 56}, "X509v3.NoRevocationAvailable"); 398| 0| case 0x80B84: ------------------ | Branch (398:7): [True: 0, False: 12.9k] ------------------ 399| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 1}, "AES-128/OCB"); 400| 0| case 0x80B85: ------------------ | Branch (400:7): [True: 0, False: 12.9k] ------------------ 401| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 2}, "AES-192/OCB"); 402| 0| case 0x80B86: ------------------ | Branch (402:7): [True: 0, False: 12.9k] ------------------ 403| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 3}, "AES-256/OCB"); 404| 0| case 0x80B87: ------------------ | Branch (404:7): [True: 0, False: 12.9k] ------------------ 405| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 4}, "Serpent/OCB"); 406| 0| case 0x80B88: ------------------ | Branch (406:7): [True: 0, False: 12.9k] ------------------ 407| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 5}, "Twofish/OCB"); 408| 0| case 0x80B89: ------------------ | Branch (408:7): [True: 0, False: 12.9k] ------------------ 409| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 6}, "Camellia-128/OCB"); 410| 0| case 0x80B8A: ------------------ | Branch (410:7): [True: 0, False: 12.9k] ------------------ 411| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 7}, "Camellia-192/OCB"); 412| 0| case 0x80B8B: ------------------ | Branch (412:7): [True: 0, False: 12.9k] ------------------ 413| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 8}, "Camellia-256/OCB"); 414| 0| case 0x80D06: ------------------ | Branch (414:7): [True: 0, False: 12.9k] ------------------ 415| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 1}, "AES-128/SIV"); 416| 0| case 0x80D07: ------------------ | Branch (416:7): [True: 0, False: 12.9k] ------------------ 417| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 2}, "AES-192/SIV"); 418| 0| case 0x80D08: ------------------ | Branch (418:7): [True: 0, False: 12.9k] ------------------ 419| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 3}, "AES-256/SIV"); 420| 0| case 0x80D09: ------------------ | Branch (420:7): [True: 0, False: 12.9k] ------------------ 421| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 4}, "Serpent/SIV"); 422| 0| case 0x80D0A: ------------------ | Branch (422:7): [True: 0, False: 12.9k] ------------------ 423| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 5}, "Twofish/SIV"); 424| 0| case 0x80D0B: ------------------ | Branch (424:7): [True: 0, False: 12.9k] ------------------ 425| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 6}, "Camellia-128/SIV"); 426| 0| case 0x80D0C: ------------------ | Branch (426:7): [True: 0, False: 12.9k] ------------------ 427| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 7}, "Camellia-192/SIV"); 428| 0| case 0x80D0D: ------------------ | Branch (428:7): [True: 0, False: 12.9k] ------------------ 429| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 8}, "Camellia-256/SIV"); 430| 0| case 0x80D0E: ------------------ | Branch (430:7): [True: 0, False: 12.9k] ------------------ 431| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 9}, "SM4/SIV"); 432| 0| case 0x84C6A: ------------------ | Branch (432:7): [True: 0, False: 12.9k] ------------------ 433| 0| return if_match(oid, {1, 2, 392, 200011, 61, 1, 1, 1, 2}, "Camellia-128/CBC"); 434| 0| case 0x84C6B: ------------------ | Branch (434:7): [True: 0, False: 12.9k] ------------------ 435| 0| return if_match(oid, {1, 2, 392, 200011, 61, 1, 1, 1, 3}, "Camellia-192/CBC"); 436| 0| case 0x84C6C: ------------------ | Branch (436:7): [True: 0, False: 12.9k] ------------------ 437| 0| return if_match(oid, {1, 2, 392, 200011, 61, 1, 1, 1, 4}, "Camellia-256/CBC"); 438| 0| case 0x88CD3: ------------------ | Branch (438:7): [True: 0, False: 12.9k] ------------------ 439| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 16, 3, 6}, "KeyWrap.TripleDES"); 440| 0| case 0x88CD5: ------------------ | Branch (440:7): [True: 0, False: 12.9k] ------------------ 441| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 16, 3, 8}, "Compression.Zlib"); 442| 0| case 0x88CDE: ------------------ | Branch (442:7): [True: 0, False: 12.9k] ------------------ 443| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 16, 3, 17}, "HSS-LMS"); 444| 0| case 0x88CDF: ------------------ | Branch (444:7): [True: 0, False: 12.9k] ------------------ 445| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 16, 3, 18}, "ChaCha20Poly1305"); 446| 0| case 0x92296: ------------------ | Branch (446:7): [True: 0, False: 12.9k] ------------------ 447| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 2}, "AES-128/CBC"); 448| 0| case 0x92299: ------------------ | Branch (448:7): [True: 0, False: 12.9k] ------------------ 449| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 5}, "KeyWrap.AES-128"); 450| 0| case 0x9229A: ------------------ | Branch (450:7): [True: 0, False: 12.9k] ------------------ 451| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 6}, "AES-128/GCM"); 452| 0| case 0x9229B: ------------------ | Branch (452:7): [True: 0, False: 12.9k] ------------------ 453| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 7}, "AES-128/CCM"); 454| 0| case 0x922AA: ------------------ | Branch (454:7): [True: 0, False: 12.9k] ------------------ 455| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 22}, "AES-192/CBC"); 456| 0| case 0x922AD: ------------------ | Branch (456:7): [True: 0, False: 12.9k] ------------------ 457| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 25}, "KeyWrap.AES-192"); 458| 0| case 0x922AE: ------------------ | Branch (458:7): [True: 0, False: 12.9k] ------------------ 459| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 26}, "AES-192/GCM"); 460| 0| case 0x922AF: ------------------ | Branch (460:7): [True: 0, False: 12.9k] ------------------ 461| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 27}, "AES-192/CCM"); 462| 0| case 0x922BE: ------------------ | Branch (462:7): [True: 0, False: 12.9k] ------------------ 463| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 42}, "AES-256/CBC"); 464| 0| case 0x922C1: ------------------ | Branch (464:7): [True: 0, False: 12.9k] ------------------ 465| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 45}, "KeyWrap.AES-256"); 466| 0| case 0x922C2: ------------------ | Branch (466:7): [True: 0, False: 12.9k] ------------------ 467| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 46}, "AES-256/GCM"); 468| 0| case 0x922C3: ------------------ | Branch (468:7): [True: 0, False: 12.9k] ------------------ 469| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 47}, "AES-256/CCM"); 470| 0| case 0x92356: ------------------ | Branch (470:7): [True: 0, False: 12.9k] ------------------ 471| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 1}, "SHA-256"); 472| 0| case 0x92357: ------------------ | Branch (472:7): [True: 0, False: 12.9k] ------------------ 473| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 2}, "SHA-384"); 474| 0| case 0x92358: ------------------ | Branch (474:7): [True: 0, False: 12.9k] ------------------ 475| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 3}, "SHA-512"); 476| 0| case 0x92359: ------------------ | Branch (476:7): [True: 0, False: 12.9k] ------------------ 477| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 4}, "SHA-224"); 478| 0| case 0x9235B: ------------------ | Branch (478:7): [True: 0, False: 12.9k] ------------------ 479| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 6}, "SHA-512-256"); 480| 0| case 0x9235C: ------------------ | Branch (480:7): [True: 0, False: 12.9k] ------------------ 481| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 7}, "SHA-3(224)"); 482| 0| case 0x9235D: ------------------ | Branch (482:7): [True: 0, False: 12.9k] ------------------ 483| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 8}, "SHA-3(256)"); 484| 0| case 0x9235E: ------------------ | Branch (484:7): [True: 0, False: 12.9k] ------------------ 485| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 9}, "SHA-3(384)"); 486| 0| case 0x9235F: ------------------ | Branch (486:7): [True: 0, False: 12.9k] ------------------ 487| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 10}, "SHA-3(512)"); 488| 0| case 0x92360: ------------------ | Branch (488:7): [True: 0, False: 12.9k] ------------------ 489| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 11}, "SHAKE-128"); 490| 0| case 0x92361: ------------------ | Branch (490:7): [True: 0, False: 12.9k] ------------------ 491| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 12}, "SHAKE-256"); 492| 0| case 0x92417: ------------------ | Branch (492:7): [True: 0, False: 12.9k] ------------------ 493| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 1}, "DSA/SHA-224"); 494| 0| case 0x92418: ------------------ | Branch (494:7): [True: 0, False: 12.9k] ------------------ 495| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 2}, "DSA/SHA-256"); 496| 0| case 0x92419: ------------------ | Branch (496:7): [True: 0, False: 12.9k] ------------------ 497| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 3}, "DSA/SHA-384"); 498| 0| case 0x9241A: ------------------ | Branch (498:7): [True: 0, False: 12.9k] ------------------ 499| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 4}, "DSA/SHA-512"); 500| 0| case 0x9241B: ------------------ | Branch (500:7): [True: 0, False: 12.9k] ------------------ 501| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 5}, "DSA/SHA-3(224)"); 502| 0| case 0x9241C: ------------------ | Branch (502:7): [True: 0, False: 12.9k] ------------------ 503| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 6}, "DSA/SHA-3(256)"); 504| 0| case 0x9241D: ------------------ | Branch (504:7): [True: 0, False: 12.9k] ------------------ 505| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 7}, "DSA/SHA-3(384)"); 506| 0| case 0x9241E: ------------------ | Branch (506:7): [True: 0, False: 12.9k] ------------------ 507| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 8}, "DSA/SHA-3(512)"); 508| 0| case 0x9241F: ------------------ | Branch (508:7): [True: 0, False: 12.9k] ------------------ 509| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 9}, "ECDSA/SHA-3(224)"); 510| 0| case 0x92420: ------------------ | Branch (510:7): [True: 0, False: 12.9k] ------------------ 511| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 10}, "ECDSA/SHA-3(256)"); 512| 0| case 0x92421: ------------------ | Branch (512:7): [True: 0, False: 12.9k] ------------------ 513| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 11}, "ECDSA/SHA-3(384)"); 514| 0| case 0x92422: ------------------ | Branch (514:7): [True: 0, False: 12.9k] ------------------ 515| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 12}, "ECDSA/SHA-3(512)"); 516| 0| case 0x92423: ------------------ | Branch (516:7): [True: 0, False: 12.9k] ------------------ 517| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 13}, "RSA/PKCS1v15(SHA-3(224))"); 518| 0| case 0x92424: ------------------ | Branch (518:7): [True: 0, False: 12.9k] ------------------ 519| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 14}, "RSA/PKCS1v15(SHA-3(256))"); 520| 0| case 0x92425: ------------------ | Branch (520:7): [True: 0, False: 12.9k] ------------------ 521| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 15}, "RSA/PKCS1v15(SHA-3(384))"); 522| 0| case 0x92426: ------------------ | Branch (522:7): [True: 0, False: 12.9k] ------------------ 523| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 16}, "RSA/PKCS1v15(SHA-3(512))"); 524| 0| case 0x92427: ------------------ | Branch (524:7): [True: 0, False: 12.9k] ------------------ 525| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 17}, "ML-DSA-4x4"); 526| 0| case 0x92428: ------------------ | Branch (526:7): [True: 0, False: 12.9k] ------------------ 527| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 18}, "ML-DSA-6x5"); 528| 0| case 0x92429: ------------------ | Branch (528:7): [True: 0, False: 12.9k] ------------------ 529| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 19}, "ML-DSA-8x7"); 530| 0| case 0x9242A: ------------------ | Branch (530:7): [True: 0, False: 12.9k] ------------------ 531| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 20}, "SLH-DSA-SHA2-128s"); 532| 0| case 0x9242B: ------------------ | Branch (532:7): [True: 0, False: 12.9k] ------------------ 533| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 21}, "SLH-DSA-SHA2-128f"); 534| 0| case 0x9242C: ------------------ | Branch (534:7): [True: 0, False: 12.9k] ------------------ 535| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 22}, "SLH-DSA-SHA2-192s"); 536| 0| case 0x9242D: ------------------ | Branch (536:7): [True: 0, False: 12.9k] ------------------ 537| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 23}, "SLH-DSA-SHA2-192f"); 538| 0| case 0x9242E: ------------------ | Branch (538:7): [True: 0, False: 12.9k] ------------------ 539| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 24}, "SLH-DSA-SHA2-256s"); 540| 0| case 0x9242F: ------------------ | Branch (540:7): [True: 0, False: 12.9k] ------------------ 541| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 25}, "SLH-DSA-SHA2-256f"); 542| 0| case 0x92430: ------------------ | Branch (542:7): [True: 0, False: 12.9k] ------------------ 543| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 26}, "SLH-DSA-SHAKE-128s"); 544| 0| case 0x92431: ------------------ | Branch (544:7): [True: 0, False: 12.9k] ------------------ 545| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 27}, "SLH-DSA-SHAKE-128f"); 546| 0| case 0x92432: ------------------ | Branch (546:7): [True: 0, False: 12.9k] ------------------ 547| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 28}, "SLH-DSA-SHAKE-192s"); 548| 0| case 0x92433: ------------------ | Branch (548:7): [True: 0, False: 12.9k] ------------------ 549| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 29}, "SLH-DSA-SHAKE-192f"); 550| 0| case 0x92434: ------------------ | Branch (550:7): [True: 0, False: 12.9k] ------------------ 551| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 30}, "SLH-DSA-SHAKE-256s"); 552| 0| case 0x92435: ------------------ | Branch (552:7): [True: 0, False: 12.9k] ------------------ 553| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 31}, "SLH-DSA-SHAKE-256f"); 554| 0| case 0x924D8: ------------------ | Branch (554:7): [True: 0, False: 12.9k] ------------------ 555| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 4, 1}, "ML-KEM-512"); 556| 0| case 0x924D9: ------------------ | Branch (556:7): [True: 0, False: 12.9k] ------------------ 557| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 4, 2}, "ML-KEM-768"); 558| 0| case 0x924DA: ------------------ | Branch (558:7): [True: 0, False: 12.9k] ------------------ 559| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 4, 3}, "ML-KEM-1024"); 560| 0| case 0x9479F: ------------------ | Branch (560:7): [True: 0, False: 12.9k] ------------------ 561| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 1, 1}, "PKIX.AuthorityInformationAccess"); 562| 0| case 0x947A5: ------------------ | Branch (562:7): [True: 0, False: 12.9k] ------------------ 563| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 1, 7}, "PKIX.IpAddrBlocks"); 564| 0| case 0x947A6: ------------------ | Branch (564:7): [True: 0, False: 12.9k] ------------------ 565| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 1, 8}, "PKIX.AutonomousSysIds"); 566| 0| case 0x947B8: ------------------ | Branch (566:7): [True: 0, False: 12.9k] ------------------ 567| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 1, 26}, "PKIX.TNAuthList"); 568| 0| case 0x94921: ------------------ | Branch (568:7): [True: 0, False: 12.9k] ------------------ 569| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 1}, "PKIX.ServerAuth"); 570| 0| case 0x94922: ------------------ | Branch (570:7): [True: 0, False: 12.9k] ------------------ 571| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 2}, "PKIX.ClientAuth"); 572| 0| case 0x94923: ------------------ | Branch (572:7): [True: 0, False: 12.9k] ------------------ 573| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 3}, "PKIX.CodeSigning"); 574| 0| case 0x94924: ------------------ | Branch (574:7): [True: 0, False: 12.9k] ------------------ 575| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 4}, "PKIX.EmailProtection"); 576| 0| case 0x94925: ------------------ | Branch (576:7): [True: 0, False: 12.9k] ------------------ 577| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 5}, "PKIX.IPsecEndSystem"); 578| 0| case 0x94926: ------------------ | Branch (578:7): [True: 0, False: 12.9k] ------------------ 579| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 6}, "PKIX.IPsecTunnel"); 580| 0| case 0x94927: ------------------ | Branch (580:7): [True: 0, False: 12.9k] ------------------ 581| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 7}, "PKIX.IPsecUser"); 582| 0| case 0x94928: ------------------ | Branch (582:7): [True: 0, False: 12.9k] ------------------ 583| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 8}, "PKIX.TimeStamping"); 584| 0| case 0x94929: ------------------ | Branch (584:7): [True: 0, False: 12.9k] ------------------ 585| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 9}, "PKIX.OCSPSigning"); 586| 0| case 0x94CEA: ------------------ | Branch (586:7): [True: 0, False: 12.9k] ------------------ 587| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 8, 5}, "PKIX.XMPPAddr"); 588| 0| case 0x954DB: ------------------ | Branch (588:7): [True: 0, False: 12.9k] ------------------ 589| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 311, 20, 2, 2}, "Microsoft SmartcardLogon"); 590| 0| case 0x954DC: ------------------ | Branch (590:7): [True: 0, False: 12.9k] ------------------ 591| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 311, 20, 2, 3}, "Microsoft UPN"); 592| 0| case 0x96B0E: ------------------ | Branch (592:7): [True: 0, False: 12.9k] ------------------ 593| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 48, 1}, "PKIX.OCSP"); 594| 0| case 0x96B0F: ------------------ | Branch (594:7): [True: 0, False: 12.9k] ------------------ 595| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 48, 2}, "PKIX.CertificateAuthorityIssuers"); 596| 0| case 0x96C77: ------------------ | Branch (596:7): [True: 0, False: 12.9k] ------------------ 597| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 1, 3}, "PBE-SHA1-3DES"); 598| 0| case 0x96C78: ------------------ | Branch (598:7): [True: 0, False: 12.9k] ------------------ 599| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 1, 4}, "PBE-SHA1-2DES"); 600| 0| case 0x9A008: ------------------ | Branch (600:7): [True: 0, False: 12.9k] ------------------ 601| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 1}, "brainpool160r1"); 602| 0| case 0x9A00A: ------------------ | Branch (602:7): [True: 0, False: 12.9k] ------------------ 603| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 3}, "brainpool192r1"); 604| 0| case 0x9A00C: ------------------ | Branch (604:7): [True: 0, False: 12.9k] ------------------ 605| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 5}, "brainpool224r1"); 606| 1| case 0x9A00E: ------------------ | Branch (606:7): [True: 1, False: 12.9k] ------------------ 607| 1| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 7}, "brainpool256r1"); 608| 0| case 0x9A010: ------------------ | Branch (608:7): [True: 0, False: 12.9k] ------------------ 609| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 9}, "brainpool320r1"); 610| 1| case 0x9A012: ------------------ | Branch (610:7): [True: 1, False: 12.9k] ------------------ 611| 1| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 11}, "brainpool384r1"); 612| 1| case 0x9A014: ------------------ | Branch (612:7): [True: 1, False: 12.9k] ------------------ 613| 1| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 13}, "brainpool512r1"); 614| 0| case 0xA0D61: ------------------ | Branch (614:7): [True: 0, False: 12.9k] ------------------ 615| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 3}, "McEliece"); 616| 0| case 0xA0D63: ------------------ | Branch (616:7): [True: 0, False: 12.9k] ------------------ 617| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 5}, "XMSS-draft6"); 618| 0| case 0xA0D66: ------------------ | Branch (618:7): [True: 0, False: 12.9k] ------------------ 619| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 8}, "XMSS-draft12"); 620| 0| case 0xA0D6B: ------------------ | Branch (620:7): [True: 0, False: 12.9k] ------------------ 621| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 13}, "HSS-LMS-Private-Key"); 622| 0| case 0xA0EE1: ------------------ | Branch (622:7): [True: 0, False: 12.9k] ------------------ 623| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 1}, "Serpent/CBC"); 624| 0| case 0xA0EE2: ------------------ | Branch (624:7): [True: 0, False: 12.9k] ------------------ 625| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2}, "Threefish-512/CBC"); 626| 0| case 0xA0EE3: ------------------ | Branch (626:7): [True: 0, False: 12.9k] ------------------ 627| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 3}, "Twofish/CBC"); 628| 0| case 0xA0F45: ------------------ | Branch (628:7): [True: 0, False: 12.9k] ------------------ 629| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 101}, "Serpent/GCM"); 630| 0| case 0xA0F46: ------------------ | Branch (630:7): [True: 0, False: 12.9k] ------------------ 631| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 102}, "Twofish/GCM"); 632| 0| case 0xA0FA2: ------------------ | Branch (632:7): [True: 0, False: 12.9k] ------------------ 633| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 4, 1}, "numsp256d1"); 634| 0| case 0xA0FA3: ------------------ | Branch (634:7): [True: 0, False: 12.9k] ------------------ 635| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 4, 2}, "numsp384d1"); 636| 0| case 0xA0FA4: ------------------ | Branch (636:7): [True: 0, False: 12.9k] ------------------ 637| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 4, 3}, "numsp512d1"); 638| 0| case 0xA244B: ------------------ | Branch (638:7): [True: 0, False: 12.9k] ------------------ 639| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 1}, "ClassicMcEliece_348864"); 640| 0| case 0xA244C: ------------------ | Branch (640:7): [True: 0, False: 12.9k] ------------------ 641| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 2}, "ClassicMcEliece_348864f"); 642| 0| case 0xA244D: ------------------ | Branch (642:7): [True: 0, False: 12.9k] ------------------ 643| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 3}, "ClassicMcEliece_460896"); 644| 0| case 0xA244E: ------------------ | Branch (644:7): [True: 0, False: 12.9k] ------------------ 645| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 4}, "ClassicMcEliece_460896f"); 646| 0| case 0xA244F: ------------------ | Branch (646:7): [True: 0, False: 12.9k] ------------------ 647| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 5}, "ClassicMcEliece_6688128"); 648| 0| case 0xA2450: ------------------ | Branch (648:7): [True: 0, False: 12.9k] ------------------ 649| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 6}, "ClassicMcEliece_6688128f"); 650| 0| case 0xA2451: ------------------ | Branch (650:7): [True: 0, False: 12.9k] ------------------ 651| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 7}, "ClassicMcEliece_6960119"); 652| 0| case 0xA2452: ------------------ | Branch (652:7): [True: 0, False: 12.9k] ------------------ 653| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 8}, "ClassicMcEliece_6960119f"); 654| 0| case 0xA2453: ------------------ | Branch (654:7): [True: 0, False: 12.9k] ------------------ 655| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 9}, "ClassicMcEliece_8192128"); 656| 0| case 0xA2454: ------------------ | Branch (656:7): [True: 0, False: 12.9k] ------------------ 657| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 10}, "ClassicMcEliece_8192128f"); 658| 0| case 0xAF989: ------------------ | Branch (658:7): [True: 0, False: 12.9k] ------------------ 659| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 1}, "RSA"); 660| 0| case 0xAF98A: ------------------ | Branch (660:7): [True: 0, False: 12.9k] ------------------ 661| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 2}, "RSA/PKCS1v15(MD2)"); 662| 0| case 0xAF98C: ------------------ | Branch (662:7): [True: 0, False: 12.9k] ------------------ 663| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 4}, "RSA/PKCS1v15(MD5)"); 664| 0| case 0xAF98D: ------------------ | Branch (664:7): [True: 0, False: 12.9k] ------------------ 665| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 5}, "RSA/PKCS1v15(SHA-1)"); 666| 0| case 0xAF98F: ------------------ | Branch (666:7): [True: 0, False: 12.9k] ------------------ 667| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 7}, "RSA/OAEP"); 668| 0| case 0xAF990: ------------------ | Branch (668:7): [True: 0, False: 12.9k] ------------------ 669| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 8}, "MGF1"); 670| 0| case 0xAF992: ------------------ | Branch (670:7): [True: 0, False: 12.9k] ------------------ 671| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 10}, "RSA/PSS"); 672| 0| case 0xAF993: ------------------ | Branch (672:7): [True: 0, False: 12.9k] ------------------ 673| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 11}, "RSA/PKCS1v15(SHA-256)"); 674| 0| case 0xAF994: ------------------ | Branch (674:7): [True: 0, False: 12.9k] ------------------ 675| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 12}, "RSA/PKCS1v15(SHA-384)"); 676| 0| case 0xAF995: ------------------ | Branch (676:7): [True: 0, False: 12.9k] ------------------ 677| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 13}, "RSA/PKCS1v15(SHA-512)"); 678| 0| case 0xAF996: ------------------ | Branch (678:7): [True: 0, False: 12.9k] ------------------ 679| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 14}, "RSA/PKCS1v15(SHA-224)"); 680| 0| case 0xAF998: ------------------ | Branch (680:7): [True: 0, False: 12.9k] ------------------ 681| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 16}, "RSA/PKCS1v15(SHA-512-256)"); 682| 0| case 0xAFC98: ------------------ | Branch (682:7): [True: 0, False: 12.9k] ------------------ 683| 0| return if_match(oid, {1, 2, 840, 113549, 1, 5, 12}, "PKCS5.PBKDF2"); 684| 0| case 0xAFC99: ------------------ | Branch (684:7): [True: 0, False: 12.9k] ------------------ 685| 0| return if_match(oid, {1, 2, 840, 113549, 1, 5, 13}, "PBE-PKCS5v20"); 686| 0| case 0xAFE0F: ------------------ | Branch (686:7): [True: 0, False: 12.9k] ------------------ 687| 0| return if_match(oid, {1, 2, 840, 113549, 1, 7, 1}, "PKCS7.Data"); 688| 0| case 0xAFE14: ------------------ | Branch (688:7): [True: 0, False: 12.9k] ------------------ 689| 0| return if_match(oid, {1, 2, 840, 113549, 1, 7, 6}, "PKCS7.EncryptedData"); 690| 0| case 0xAFF91: ------------------ | Branch (690:7): [True: 0, False: 12.9k] ------------------ 691| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 1}, "PKCS9.EmailAddress"); 692| 0| case 0xAFF92: ------------------ | Branch (692:7): [True: 0, False: 12.9k] ------------------ 693| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 2}, "PKCS9.UnstructuredName"); 694| 0| case 0xAFF93: ------------------ | Branch (694:7): [True: 0, False: 12.9k] ------------------ 695| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 3}, "PKCS9.ContentType"); 696| 0| case 0xAFF94: ------------------ | Branch (696:7): [True: 0, False: 12.9k] ------------------ 697| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 4}, "PKCS9.MessageDigest"); 698| 0| case 0xAFF97: ------------------ | Branch (698:7): [True: 0, False: 12.9k] ------------------ 699| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 7}, "PKCS9.ChallengePassword"); 700| 0| case 0xAFF9E: ------------------ | Branch (700:7): [True: 0, False: 12.9k] ------------------ 701| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 14}, "PKCS9.ExtensionRequest"); 702| 0| case 0xAFFA4: ------------------ | Branch (702:7): [True: 0, False: 12.9k] ------------------ 703| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 20}, "PKCS9.FriendlyName"); 704| 0| case 0xAFFA5: ------------------ | Branch (704:7): [True: 0, False: 12.9k] ------------------ 705| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 21}, "PKCS9.LocalKeyId"); 706| 0| case 0xC0226: ------------------ | Branch (706:7): [True: 0, False: 12.9k] ------------------ 707| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 11591, 4, 11}, "Scrypt"); 708| 0| case 0xC0A67: ------------------ | Branch (708:7): [True: 0, False: 12.9k] ------------------ 709| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 11591, 15, 1}, "OpenPGP.Ed25519"); 710| 0| case 0xC4CE5: ------------------ | Branch (710:7): [True: 0, False: 12.9k] ------------------ 711| 0| return if_match(oid, {1, 2, 643, 100, 1}, "GOST.OGRN"); 712| 0| case 0xC4D53: ------------------ | Branch (712:7): [True: 0, False: 12.9k] ------------------ 713| 0| return if_match(oid, {1, 2, 643, 100, 111}, "GOST.SubjectSigningTool"); 714| 0| case 0xC4D54: ------------------ | Branch (714:7): [True: 0, False: 12.9k] ------------------ 715| 0| return if_match(oid, {1, 2, 643, 100, 112}, "GOST.IssuerSigningTool"); 716| 0| case 0xC9C50: ------------------ | Branch (716:7): [True: 0, False: 12.9k] ------------------ 717| 0| return if_match(oid, {1, 2, 840, 10045, 3, 1, 1}, "secp192r1"); 718| 0| case 0xC9C51: ------------------ | Branch (718:7): [True: 0, False: 12.9k] ------------------ 719| 0| return if_match(oid, {1, 2, 840, 10045, 3, 1, 2}, "x962_p192v2"); 720| 0| case 0xC9C52: ------------------ | Branch (720:7): [True: 0, False: 12.9k] ------------------ 721| 0| return if_match(oid, {1, 2, 840, 10045, 3, 1, 3}, "x962_p192v3"); 722| 0| case 0xC9C53: ------------------ | Branch (722:7): [True: 0, False: 12.9k] ------------------ 723| 0| return if_match(oid, {1, 2, 840, 10045, 3, 1, 4}, "x962_p239v1"); 724| 0| case 0xC9C54: ------------------ | Branch (724:7): [True: 0, False: 12.9k] ------------------ 725| 0| return if_match(oid, {1, 2, 840, 10045, 3, 1, 5}, "x962_p239v2"); 726| 0| case 0xC9C55: ------------------ | Branch (726:7): [True: 0, False: 12.9k] ------------------ 727| 0| return if_match(oid, {1, 2, 840, 10045, 3, 1, 6}, "x962_p239v3"); 728| 1| case 0xC9C56: ------------------ | Branch (728:7): [True: 1, False: 12.9k] ------------------ 729| 1| return if_match(oid, {1, 2, 840, 10045, 3, 1, 7}, "secp256r1"); 730| 0| case 0xCFA13: ------------------ | Branch (730:7): [True: 0, False: 12.9k] ------------------ 731| 0| return if_match(oid, {1, 2, 840, 10040, 4, 1}, "DSA"); 732| 0| case 0xCFA15: ------------------ | Branch (732:7): [True: 0, False: 12.9k] ------------------ 733| 0| return if_match(oid, {1, 2, 840, 10040, 4, 3}, "DSA/SHA-1"); 734| 0| default: ------------------ | Branch (734:7): [True: 0, False: 12.9k] ------------------ 735| 0| return {}; 736| 12.9k| } 737| 12.9k|} _ZN5Botan7OID_Map22lookup_static_oid_nameENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 740| 30.7k|std::optional OID_Map::lookup_static_oid_name(std::string_view req) { 741| 30.7k| const uint32_t hc = hash_oid_name(req); 742| | 743| 30.7k| switch(hc) { 744| 0| case 0x00545: ------------------ | Branch (744:7): [True: 0, False: 30.7k] ------------------ 745| 0| return if_match(req, "Twofish/GCM", {1, 3, 6, 1, 4, 1, 25258, 3, 102}); 746| 0| case 0x00CF3: ------------------ | Branch (746:7): [True: 0, False: 30.7k] ------------------ 747| 0| return if_match(req, "SphincsPlus-sha2-192f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 4}); 748| 0| case 0x015FE: ------------------ | Branch (748:7): [True: 0, False: 30.7k] ------------------ 749| 0| return if_match(req, "FrodoKEM-640-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 14, 1}); 750| 0| case 0x01F9E: ------------------ | Branch (750:7): [True: 0, False: 30.7k] ------------------ 751| 0| return if_match(req, "MD5", {1, 2, 840, 113549, 2, 5}); 752| 0| case 0x02293: ------------------ | Branch (752:7): [True: 0, False: 30.7k] ------------------ 753| 0| return if_match(req, "SphincsPlus-shake-192f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 4}); 754| 0| case 0x02B93: ------------------ | Branch (754:7): [True: 0, False: 30.7k] ------------------ 755| 0| return if_match(req, "Microsoft SmartcardLogon", {1, 3, 6, 1, 4, 1, 311, 20, 2, 2}); 756| 0| case 0x041D5: ------------------ | Branch (756:7): [True: 0, False: 30.7k] ------------------ 757| 0| return if_match(req, "secp160k1", {1, 3, 132, 0, 9}); 758| 0| case 0x044B3: ------------------ | Branch (758:7): [True: 0, False: 30.7k] ------------------ 759| 0| return if_match(req, "Camellia-256/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 8}); 760| 0| case 0x048B2: ------------------ | Branch (760:7): [True: 0, False: 30.7k] ------------------ 761| 0| return if_match(req, "secp160r1", {1, 3, 132, 0, 8}); 762| 0| case 0x048B3: ------------------ | Branch (762:7): [True: 0, False: 30.7k] ------------------ 763| 0| return if_match(req, "secp160r2", {1, 3, 132, 0, 30}); 764| 0| case 0x05CDA: ------------------ | Branch (764:7): [True: 0, False: 30.7k] ------------------ 765| 0| return if_match(req, "X520.Country", {2, 5, 4, 6}); 766| 0| case 0x07783: ------------------ | Branch (766:7): [True: 0, False: 30.7k] ------------------ 767| 0| return if_match(req, "PKIX.ServerAuth", {1, 3, 6, 1, 5, 5, 7, 3, 1}); 768| 0| case 0x086C7: ------------------ | Branch (768:7): [True: 0, False: 30.7k] ------------------ 769| 0| return if_match(req, "numsp384d1", {1, 3, 6, 1, 4, 1, 25258, 4, 2}); 770| 186| case 0x08A92: ------------------ | Branch (770:7): [True: 186, False: 30.5k] ------------------ 771| 186| return if_match(req, "RSA/PKCS1v15(SHA-1)", {1, 2, 840, 113549, 1, 1, 5}); 772| 0| case 0x09EA0: ------------------ | Branch (772:7): [True: 0, False: 30.7k] ------------------ 773| 0| return if_match(req, "DES/CBC", {1, 3, 14, 3, 2, 7}); 774| 0| case 0x0B2D6: ------------------ | Branch (774:7): [True: 0, False: 30.7k] ------------------ 775| 0| return if_match(req, "ECDSA/SHA-3(512)", {2, 16, 840, 1, 101, 3, 4, 3, 12}); 776| 0| case 0x0BA72: ------------------ | Branch (776:7): [True: 0, False: 30.7k] ------------------ 777| 0| return if_match(req, "SphincsPlus-sha2-128s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 1}); 778| 0| case 0x0BE23: ------------------ | Branch (778:7): [True: 0, False: 30.7k] ------------------ 779| 0| return if_match(req, "ECGDSA", {1, 3, 36, 3, 3, 2, 5, 2, 1}); 780| 0| case 0x0C109: ------------------ | Branch (780:7): [True: 0, False: 30.7k] ------------------ 781| 0| return if_match(req, "PKCS9.FriendlyName", {1, 2, 840, 113549, 1, 9, 20}); 782| 0| case 0x0D012: ------------------ | Branch (782:7): [True: 0, False: 30.7k] ------------------ 783| 0| return if_match(req, "SphincsPlus-shake-128s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 1}); 784| 0| case 0x0DCE9: ------------------ | Branch (784:7): [True: 0, False: 30.7k] ------------------ 785| 0| return if_match(req, "ClassicMcEliece_8192128f", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 10}); 786| 0| case 0x0E52A: ------------------ | Branch (786:7): [True: 0, False: 30.7k] ------------------ 787| 0| return if_match(req, "numsp512d1", {1, 3, 6, 1, 4, 1, 25258, 4, 3}); 788| 0| case 0x0F9CC: ------------------ | Branch (788:7): [True: 0, False: 30.7k] ------------------ 789| 0| return if_match(req, "PKCS9.UnstructuredName", {1, 2, 840, 113549, 1, 9, 2}); 790| 0| case 0x0FF45: ------------------ | Branch (790:7): [True: 0, False: 30.7k] ------------------ 791| 0| return if_match(req, "Camellia-256/GCM", {0, 3, 4401, 5, 3, 1, 9, 46}); 792| 0| case 0x1033D: ------------------ | Branch (792:7): [True: 0, False: 30.7k] ------------------ 793| 0| return if_match(req, "DSA/SHA-3(384)", {2, 16, 840, 1, 101, 3, 4, 3, 7}); 794| 0| case 0x1139D: ------------------ | Branch (794:7): [True: 0, False: 30.7k] ------------------ 795| 0| return if_match(req, "secp192k1", {1, 3, 132, 0, 31}); 796| 0| case 0x113D6: ------------------ | Branch (796:7): [True: 0, False: 30.7k] ------------------ 797| 0| return if_match(req, "X520.DNQualifier", {2, 5, 4, 46}); 798| 0| case 0x11A7A: ------------------ | Branch (798:7): [True: 0, False: 30.7k] ------------------ 799| 0| return if_match(req, "secp192r1", {1, 2, 840, 10045, 3, 1, 1}); 800| 0| case 0x12096: ------------------ | Branch (800:7): [True: 0, False: 30.7k] ------------------ 801| 0| return if_match(req, "SM2_Kex", {1, 2, 156, 10197, 1, 301, 2}); 802| 0| case 0x13FC1: ------------------ | Branch (802:7): [True: 0, False: 30.7k] ------------------ 803| 0| return if_match(req, "X520.GenerationalQualifier", {2, 5, 4, 44}); 804| 0| case 0x1445B: ------------------ | Branch (804:7): [True: 0, False: 30.7k] ------------------ 805| 0| return if_match(req, "PKCS5.PBKDF2", {1, 2, 840, 113549, 1, 5, 12}); 806| 0| case 0x1495D: ------------------ | Branch (806:7): [True: 0, False: 30.7k] ------------------ 807| 0| return if_match(req, "eFrodoKEM-1344-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 17, 3}); 808| 0| case 0x14E30: ------------------ | Branch (808:7): [True: 0, False: 30.7k] ------------------ 809| 0| return if_match(req, "ClassicMcEliece_460896", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 3}); 810| 0| case 0x14FB1: ------------------ | Branch (810:7): [True: 0, False: 30.7k] ------------------ 811| 0| return if_match(req, "XMSS-draft12", {1, 3, 6, 1, 4, 1, 25258, 1, 8}); 812| 0| case 0x156E3: ------------------ | Branch (812:7): [True: 0, False: 30.7k] ------------------ 813| 0| return if_match(req, "Compression.Zlib", {1, 2, 840, 113549, 1, 9, 16, 3, 8}); 814| 0| case 0x1579E: ------------------ | Branch (814:7): [True: 0, False: 30.7k] ------------------ 815| 0| return if_match(req, "Streebog-512", {1, 2, 643, 7, 1, 1, 2, 3}); 816| 0| case 0x1701A: ------------------ | Branch (816:7): [True: 0, False: 30.7k] ------------------ 817| 0| return if_match(req, "X509v3.AnyExtendedKeyUsage", {2, 5, 29, 37, 0}); 818| 0| case 0x175EF: ------------------ | Branch (818:7): [True: 0, False: 30.7k] ------------------ 819| 0| return if_match(req, "Kyber-1024-90s-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 11, 3}); 820| 0| case 0x17709: ------------------ | Branch (820:7): [True: 0, False: 30.7k] ------------------ 821| 0| return if_match(req, "X520.GivenName", {2, 5, 4, 42}); 822| 0| case 0x17AD9: ------------------ | Branch (822:7): [True: 0, False: 30.7k] ------------------ 823| 0| return if_match(req, "RSA/PKCS1v15(SM3)", {1, 2, 156, 10197, 1, 504}); 824| 0| case 0x17CE2: ------------------ | Branch (824:7): [True: 0, False: 30.7k] ------------------ 825| 0| return if_match(req, "SLH-DSA-SHA2-256f", {2, 16, 840, 1, 101, 3, 4, 3, 25}); 826| 0| case 0x17CEF: ------------------ | Branch (826:7): [True: 0, False: 30.7k] ------------------ 827| 0| return if_match(req, "SLH-DSA-SHA2-256s", {2, 16, 840, 1, 101, 3, 4, 3, 24}); 828| 0| case 0x18618: ------------------ | Branch (828:7): [True: 0, False: 30.7k] ------------------ 829| 0| return if_match(req, "FrodoKEM-976-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 15, 2}); 830| 0| case 0x19480: ------------------ | Branch (830:7): [True: 0, False: 30.7k] ------------------ 831| 0| return if_match(req, "eFrodoKEM-1344-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 16, 3}); 832| 0| case 0x1958A: ------------------ | Branch (832:7): [True: 0, False: 30.7k] ------------------ 833| 0| return if_match(req, "X509v3.InvalidityDate", {2, 5, 29, 24}); 834| 0| case 0x19851: ------------------ | Branch (834:7): [True: 0, False: 30.7k] ------------------ 835| 0| return if_match(req, "DSA/SHA-1", {1, 2, 840, 10040, 4, 3}); 836| 0| case 0x1B2E7: ------------------ | Branch (836:7): [True: 0, False: 30.7k] ------------------ 837| 0| return if_match(req, "KeyWrap.AES-128", {2, 16, 840, 1, 101, 3, 4, 1, 5}); 838| 0| case 0x1B9BE: ------------------ | Branch (838:7): [True: 0, False: 30.7k] ------------------ 839| 0| return if_match(req, "KeyWrap.AES-192", {2, 16, 840, 1, 101, 3, 4, 1, 25}); 840| 0| case 0x1D439: ------------------ | Branch (840:7): [True: 0, False: 30.7k] ------------------ 841| 0| return if_match(req, "SphincsPlus-haraka-192f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 4}); 842| 0| case 0x2065B: ------------------ | Branch (842:7): [True: 0, False: 30.7k] ------------------ 843| 0| return if_match(req, "KeyWrap.CAST-128", {1, 2, 840, 113533, 7, 66, 15}); 844| 0| case 0x216A0: ------------------ | Branch (844:7): [True: 0, False: 30.7k] ------------------ 845| 0| return if_match(req, "ML-KEM-512", {2, 16, 840, 1, 101, 3, 4, 4, 1}); 846| 0| case 0x2216B: ------------------ | Branch (846:7): [True: 0, False: 30.7k] ------------------ 847| 0| return if_match(req, "GOST-34.10-2012-512", {1, 2, 643, 7, 1, 1, 1, 2}); 848| 0| case 0x22C2C: ------------------ | Branch (848:7): [True: 0, False: 30.7k] ------------------ 849| 0| return if_match(req, "ElGamal", {1, 3, 6, 1, 4, 1, 3029, 1, 2, 1}); 850| 0| case 0x2559A: ------------------ | Branch (850:7): [True: 0, False: 30.7k] ------------------ 851| 0| return if_match(req, "X520.Initials", {2, 5, 4, 43}); 852| 0| case 0x271AC: ------------------ | Branch (852:7): [True: 0, False: 30.7k] ------------------ 853| 0| return if_match(req, "PKIX.AutonomousSysIds", {1, 3, 6, 1, 5, 5, 7, 1, 8}); 854| 0| case 0x2808B: ------------------ | Branch (854:7): [True: 0, False: 30.7k] ------------------ 855| 0| return if_match(req, "PKCS7.Data", {1, 2, 840, 113549, 1, 7, 1}); 856| 0| case 0x281B8: ------------------ | Branch (856:7): [True: 0, False: 30.7k] ------------------ 857| 0| return if_match(req, "SphincsPlus-haraka-128s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 1}); 858| 0| case 0x29999: ------------------ | Branch (858:7): [True: 0, False: 30.7k] ------------------ 859| 0| return if_match(req, "DSA/SHA-3(256)", {2, 16, 840, 1, 101, 3, 4, 3, 6}); 860| 0| case 0x2A83D: ------------------ | Branch (860:7): [True: 0, False: 30.7k] ------------------ 861| 0| return if_match(req, "SHA-224", {2, 16, 840, 1, 101, 3, 4, 2, 4}); 862| 2.65k| case 0x2AB30: ------------------ | Branch (862:7): [True: 2.65k, False: 28.1k] ------------------ 863| 2.65k| return if_match(req, "SHA-256", {2, 16, 840, 1, 101, 3, 4, 2, 1}); 864| 0| case 0x2ABEF: ------------------ | Branch (864:7): [True: 0, False: 30.7k] ------------------ 865| 0| return if_match(req, "KeyWrap.AES-256", {2, 16, 840, 1, 101, 3, 4, 1, 45}); 866| 0| case 0x2BAEF: ------------------ | Branch (866:7): [True: 0, False: 30.7k] ------------------ 867| 0| return if_match(req, "SM2_Sig/SM3", {1, 2, 156, 10197, 1, 501}); 868| 0| case 0x2C39A: ------------------ | Branch (868:7): [True: 0, False: 30.7k] ------------------ 869| 0| return if_match(req, "ECGDSA/RIPEMD-160", {1, 3, 36, 3, 3, 2, 5, 4, 1}); 870| 0| case 0x2C54F: ------------------ | Branch (870:7): [True: 0, False: 30.7k] ------------------ 871| 0| return if_match(req, "ECDSA/SHA-3(224)", {2, 16, 840, 1, 101, 3, 4, 3, 9}); 872| 0| case 0x2EEA6: ------------------ | Branch (872:7): [True: 0, False: 30.7k] ------------------ 873| 0| return if_match(req, "RSA/PKCS1v15(RIPEMD-160)", {1, 3, 36, 3, 3, 1, 2}); 874| 0| case 0x2EFBA: ------------------ | Branch (874:7): [True: 0, False: 30.7k] ------------------ 875| 0| return if_match(req, "Kyber-512-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 7, 1}); 876| 0| case 0x2F0AD: ------------------ | Branch (876:7): [True: 0, False: 30.7k] ------------------ 877| 0| return if_match(req, "PKCS7.EncryptedData", {1, 2, 840, 113549, 1, 7, 6}); 878| 0| case 0x2F219: ------------------ | Branch (878:7): [True: 0, False: 30.7k] ------------------ 879| 0| return if_match(req, "PBE-SHA1-2DES", {1, 2, 840, 113549, 1, 12, 1, 4}); 880| 0| case 0x3133E: ------------------ | Branch (880:7): [True: 0, False: 30.7k] ------------------ 881| 0| return if_match(req, "SLH-DSA-SHA2-128f", {2, 16, 840, 1, 101, 3, 4, 3, 21}); 882| 0| case 0x3134B: ------------------ | Branch (882:7): [True: 0, False: 30.7k] ------------------ 883| 0| return if_match(req, "SLH-DSA-SHA2-128s", {2, 16, 840, 1, 101, 3, 4, 3, 20}); 884| 0| case 0x3160D: ------------------ | Branch (884:7): [True: 0, False: 30.7k] ------------------ 885| 0| return if_match(req, "RSA/PKCS1v15(SHA-3(224))", {2, 16, 840, 1, 101, 3, 4, 3, 13}); 886| 0| case 0x319E0: ------------------ | Branch (886:7): [True: 0, False: 30.7k] ------------------ 887| 0| return if_match(req, "GOST-34.10-2012-256/Streebog-256", {1, 2, 643, 7, 1, 1, 3, 2}); 888| 0| case 0x31B3D: ------------------ | Branch (888:7): [True: 0, False: 30.7k] ------------------ 889| 0| return if_match(req, "HMAC(SHA-512)", {1, 2, 840, 113549, 2, 11}); 890| 829| case 0x31C6D: ------------------ | Branch (890:7): [True: 829, False: 29.9k] ------------------ 891| 829| return if_match(req, "secp384r1", {1, 3, 132, 0, 34}); 892| 0| case 0x32899: ------------------ | Branch (892:7): [True: 0, False: 30.7k] ------------------ 893| 0| return if_match(req, "TripleDES/CBC", {1, 2, 840, 113549, 3, 7}); 894| 0| case 0x33D04: ------------------ | Branch (894:7): [True: 0, False: 30.7k] ------------------ 895| 0| return if_match(req, "PKCS12.SecretBag", {1, 2, 840, 113549, 1, 12, 10, 1, 5}); 896| 0| case 0x3615D: ------------------ | Branch (896:7): [True: 0, False: 30.7k] ------------------ 897| 0| return if_match(req, "FrodoKEM-976-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 14, 2}); 898| 0| case 0x361B8: ------------------ | Branch (898:7): [True: 0, False: 30.7k] ------------------ 899| 0| return if_match(req, "Ed25519", {1, 3, 101, 112}); 900| 0| case 0x3649D: ------------------ | Branch (900:7): [True: 0, False: 30.7k] ------------------ 901| 0| return if_match(req, "SHAKE-128", {2, 16, 840, 1, 101, 3, 4, 2, 11}); 902| 0| case 0x36693: ------------------ | Branch (902:7): [True: 0, False: 30.7k] ------------------ 903| 0| return if_match(req, "ClassicMcEliece_348864", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 1}); 904| 0| case 0x373C7: ------------------ | Branch (904:7): [True: 0, False: 30.7k] ------------------ 905| 0| return if_match(req, "ML-DSA-4x4", {2, 16, 840, 1, 101, 3, 4, 3, 17}); 906| 0| case 0x3750B: ------------------ | Branch (906:7): [True: 0, False: 30.7k] ------------------ 907| 0| return if_match(req, "ClassicMcEliece_8192128", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 9}); 908| 0| case 0x39890: ------------------ | Branch (908:7): [True: 0, False: 30.7k] ------------------ 909| 0| return if_match(req, "Ed448", {1, 3, 101, 113}); 910| 3.50k| case 0x3A438: ------------------ | Branch (910:7): [True: 3.50k, False: 27.2k] ------------------ 911| 3.50k| return if_match(req, "SHA-384", {2, 16, 840, 1, 101, 3, 4, 2, 2}); 912| 0| case 0x3A963: ------------------ | Branch (912:7): [True: 0, False: 30.7k] ------------------ 913| 0| return if_match(req, "DH", {1, 2, 840, 10046, 2, 1}); 914| 6.22k| case 0x3AC83: ------------------ | Branch (914:7): [True: 6.22k, False: 24.5k] ------------------ 915| 6.22k| return if_match(req, "MGF1", {1, 2, 840, 113549, 1, 1, 8}); 916| 0| case 0x3ACBA: ------------------ | Branch (916:7): [True: 0, False: 30.7k] ------------------ 917| 0| return if_match(req, "X509v3.IssuerAlternativeName", {2, 5, 29, 18}); 918| 0| case 0x3B273: ------------------ | Branch (918:7): [True: 0, False: 30.7k] ------------------ 919| 0| return if_match(req, "KeyWrap.TripleDES", {1, 2, 840, 113549, 1, 9, 16, 3, 6}); 920| 0| case 0x3B91E: ------------------ | Branch (920:7): [True: 0, False: 30.7k] ------------------ 921| 0| return if_match(req, "X509v3.PrivateKeyUsagePeriod", {2, 5, 29, 16}); 922| 0| case 0x3BC8A: ------------------ | Branch (922:7): [True: 0, False: 30.7k] ------------------ 923| 0| return if_match(req, "SLH-DSA-SHAKE-192f", {2, 16, 840, 1, 101, 3, 4, 3, 29}); 924| 0| case 0x3BC97: ------------------ | Branch (924:7): [True: 0, False: 30.7k] ------------------ 925| 0| return if_match(req, "SLH-DSA-SHAKE-192s", {2, 16, 840, 1, 101, 3, 4, 3, 28}); 926| 0| case 0x3D127: ------------------ | Branch (926:7): [True: 0, False: 30.7k] ------------------ 927| 0| return if_match(req, "DSA", {1, 2, 840, 10040, 4, 1}); 928| 0| case 0x3E249: ------------------ | Branch (928:7): [True: 0, False: 30.7k] ------------------ 929| 0| return if_match(req, "HSS-LMS", {1, 2, 840, 113549, 1, 9, 16, 3, 17}); 930| 0| case 0x3E7D5: ------------------ | Branch (930:7): [True: 0, False: 30.7k] ------------------ 931| 0| return if_match(req, "RSA/PKCS1v15(SHA-3(256))", {2, 16, 840, 1, 101, 3, 4, 3, 14}); 932| 0| case 0x3F748: ------------------ | Branch (932:7): [True: 0, False: 30.7k] ------------------ 933| 0| return if_match(req, "GOST.OGRN", {1, 2, 643, 100, 1}); 934| 0| case 0x3F99F: ------------------ | Branch (934:7): [True: 0, False: 30.7k] ------------------ 935| 0| return if_match(req, "X509v3.BasicConstraints", {2, 5, 29, 19}); 936| 0| case 0x40726: ------------------ | Branch (936:7): [True: 0, False: 30.7k] ------------------ 937| 0| return if_match(req, "SHA-3(512)", {2, 16, 840, 1, 101, 3, 4, 2, 10}); 938| 0| case 0x407BF: ------------------ | Branch (938:7): [True: 0, False: 30.7k] ------------------ 939| 0| return if_match(req, "ML-KEM-768", {2, 16, 840, 1, 101, 3, 4, 4, 2}); 940| 0| case 0x41334: ------------------ | Branch (940:7): [True: 0, False: 30.7k] ------------------ 941| 0| return if_match(req, "ECDSA/SHA-3(384)", {2, 16, 840, 1, 101, 3, 4, 3, 11}); 942| 0| case 0x42DF3: ------------------ | Branch (942:7): [True: 0, False: 30.7k] ------------------ 943| 0| return if_match(req, "X509v3.CRLDistributionPoints", {2, 5, 29, 31}); 944| 0| case 0x437FB: ------------------ | Branch (944:7): [True: 0, False: 30.7k] ------------------ 945| 0| return if_match(req, "brainpool160r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 1}); 946| 0| case 0x441F5: ------------------ | Branch (946:7): [True: 0, False: 30.7k] ------------------ 947| 0| return if_match(req, "gost_256A", {1, 2, 643, 7, 1, 2, 1, 1, 1}); 948| 0| case 0x441F6: ------------------ | Branch (948:7): [True: 0, False: 30.7k] ------------------ 949| 0| return if_match(req, "gost_256B", {1, 2, 643, 7, 1, 2, 1, 1, 2}); 950| 0| case 0x44221: ------------------ | Branch (950:7): [True: 0, False: 30.7k] ------------------ 951| 0| return if_match(req, "GOST-34.10-2012-512/Streebog-512", {1, 2, 643, 7, 1, 1, 3, 3}); 952| 0| case 0x44322: ------------------ | Branch (952:7): [True: 0, False: 30.7k] ------------------ 953| 0| return if_match(req, "ClassicMcEliece_6960119pc", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 3}); 954| 0| case 0x44973: ------------------ | Branch (954:7): [True: 0, False: 30.7k] ------------------ 955| 0| return if_match(req, "Kyber-512-90s-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 11, 1}); 956| 0| case 0x45C27: ------------------ | Branch (956:7): [True: 0, False: 30.7k] ------------------ 957| 0| return if_match(req, "RSA/PKCS1v15(SHA-512-256)", {1, 2, 840, 113549, 1, 1, 16}); 958| 0| case 0x45C85: ------------------ | Branch (958:7): [True: 0, False: 30.7k] ------------------ 959| 0| return if_match(req, "X509v3.ReasonCode", {2, 5, 29, 21}); 960| 0| case 0x45DA5: ------------------ | Branch (960:7): [True: 0, False: 30.7k] ------------------ 961| 0| return if_match(req, "SHAKE-256", {2, 16, 840, 1, 101, 3, 4, 2, 12}); 962| 0| case 0x4663C: ------------------ | Branch (962:7): [True: 0, False: 30.7k] ------------------ 963| 0| return if_match(req, "X509v3.PolicyConstraints", {2, 5, 29, 36}); 964| 0| case 0x480F7: ------------------ | Branch (964:7): [True: 0, False: 30.7k] ------------------ 965| 0| return if_match(req, "Serpent/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 4}); 966| 0| case 0x48627: ------------------ | Branch (966:7): [True: 0, False: 30.7k] ------------------ 967| 0| return if_match(req, "Dilithium-4x4-AES-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 10, 1}); 968| 0| case 0x48861: ------------------ | Branch (968:7): [True: 0, False: 30.7k] ------------------ 969| 0| return if_match(req, "ChaCha20Poly1305", {1, 2, 840, 113549, 1, 9, 16, 3, 18}); 970| 0| case 0x4A292: ------------------ | Branch (970:7): [True: 0, False: 30.7k] ------------------ 971| 0| return if_match(req, "frp256v1", {1, 2, 250, 1, 223, 101, 256, 1}); 972| 0| case 0x4A9EE: ------------------ | Branch (972:7): [True: 0, False: 30.7k] ------------------ 973| 0| return if_match(req, "ClassicMcEliece_6960119f", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 8}); 974| 0| case 0x4BF87: ------------------ | Branch (974:7): [True: 0, False: 30.7k] ------------------ 975| 0| return if_match(req, "PKIX.TNAuthList", {1, 3, 6, 1, 5, 5, 7, 1, 26}); 976| 0| case 0x4C088: ------------------ | Branch (976:7): [True: 0, False: 30.7k] ------------------ 977| 0| return if_match(req, "eFrodoKEM-976-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 17, 2}); 978| 0| case 0x4C513: ------------------ | Branch (978:7): [True: 0, False: 30.7k] ------------------ 979| 0| return if_match(req, "DSA/SHA-224", {2, 16, 840, 1, 101, 3, 4, 3, 1}); 980| 0| case 0x4C806: ------------------ | Branch (980:7): [True: 0, False: 30.7k] ------------------ 981| 0| return if_match(req, "DSA/SHA-256", {2, 16, 840, 1, 101, 3, 4, 3, 2}); 982| 0| case 0x4D740: ------------------ | Branch (982:7): [True: 0, False: 30.7k] ------------------ 983| 0| return if_match(req, "X509v3.AnyPolicy", {2, 5, 29, 32, 0}); 984| 44| case 0x4DE49: ------------------ | Branch (984:7): [True: 44, False: 30.7k] ------------------ 985| 44| return if_match(req, "RSA/PKCS1v15(SHA-512)", {1, 2, 840, 113549, 1, 1, 13}); 986| 0| case 0x4ED5D: ------------------ | Branch (986:7): [True: 0, False: 30.7k] ------------------ 987| 0| return if_match(req, "CAST-128/CBC", {1, 2, 840, 113533, 7, 66, 10}); 988| 0| case 0x4FCDC: ------------------ | Branch (988:7): [True: 0, False: 30.7k] ------------------ 989| 0| return if_match(req, "RSA", {1, 2, 840, 113549, 1, 1, 1}); 990| 0| case 0x501CB: ------------------ | Branch (990:7): [True: 0, False: 30.7k] ------------------ 991| 0| return if_match(req, "ECDSA/SHA-224", {1, 2, 840, 10045, 4, 3, 1}); 992| 0| case 0x50395: ------------------ | Branch (992:7): [True: 0, False: 30.7k] ------------------ 993| 0| return if_match(req, "GOST-34.10/GOST-R-34.11-94", {1, 2, 643, 2, 2, 3}); 994| 46| case 0x504BE: ------------------ | Branch (994:7): [True: 46, False: 30.7k] ------------------ 995| 46| return if_match(req, "ECDSA/SHA-256", {1, 2, 840, 10045, 4, 3, 2}); 996| 0| case 0x509C3: ------------------ | Branch (996:7): [True: 0, False: 30.7k] ------------------ 997| 0| return if_match(req, "brainpool192r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 3}); 998| 0| case 0x509F9: ------------------ | Branch (998:7): [True: 0, False: 30.7k] ------------------ 999| 0| return if_match(req, "PKCS9.ContentType", {1, 2, 840, 113549, 1, 9, 3}); 1000| 0| case 0x50B26: ------------------ | Branch (1000:7): [True: 0, False: 30.7k] ------------------ 1001| 0| return if_match(req, "FrodoKEM-640-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 15, 1}); 1002| 0| case 0x50D78: ------------------ | Branch (1002:7): [True: 0, False: 30.7k] ------------------ 1003| 0| return if_match(req, "x962_p192v2", {1, 2, 840, 10045, 3, 1, 2}); 1004| 0| case 0x50D79: ------------------ | Branch (1004:7): [True: 0, False: 30.7k] ------------------ 1005| 0| return if_match(req, "x962_p192v3", {1, 2, 840, 10045, 3, 1, 3}); 1006| 0| case 0x51DC6: ------------------ | Branch (1006:7): [True: 0, False: 30.7k] ------------------ 1007| 0| return if_match(req, "AES-128/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 1}); 1008| 0| case 0x52DB6: ------------------ | Branch (1008:7): [True: 0, False: 30.7k] ------------------ 1009| 0| return if_match(req, "HMAC(SHA-224)", {1, 2, 840, 113549, 2, 8}); 1010| 0| case 0x53E11: ------------------ | Branch (1010:7): [True: 0, False: 30.7k] ------------------ 1011| 0| return if_match(req, "FrodoKEM-1344-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 14, 3}); 1012| 0| case 0x54012: ------------------ | Branch (1012:7): [True: 0, False: 30.7k] ------------------ 1013| 0| return if_match(req, "PKIX.TimeStamping", {1, 3, 6, 1, 5, 5, 7, 3, 8}); 1014| 0| case 0x5407A: ------------------ | Branch (1014:7): [True: 0, False: 30.7k] ------------------ 1015| 0| return if_match(req, "Serpent/CBC", {1, 3, 6, 1, 4, 1, 25258, 3, 1}); 1016| 0| case 0x5576D: ------------------ | Branch (1016:7): [True: 0, False: 30.7k] ------------------ 1017| 0| return if_match(req, "SphincsPlus-sha2-128f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 2}); 1018| 0| case 0x55EF6: ------------------ | Branch (1018:7): [True: 0, False: 30.7k] ------------------ 1019| 0| return if_match(req, "AES-192/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 2}); 1020| 0| case 0x55FFA: ------------------ | Branch (1020:7): [True: 0, False: 30.7k] ------------------ 1021| 0| return if_match(req, "ML-DSA-6x5", {2, 16, 840, 1, 101, 3, 4, 3, 18}); 1022| 0| case 0x56826: ------------------ | Branch (1022:7): [True: 0, False: 30.7k] ------------------ 1023| 0| return if_match(req, "brainpool320r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 9}); 1024| 0| case 0x56D0D: ------------------ | Branch (1024:7): [True: 0, False: 30.7k] ------------------ 1025| 0| return if_match(req, "SphincsPlus-shake-128f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 2}); 1026| 0| case 0x57077: ------------------ | Branch (1026:7): [True: 0, False: 30.7k] ------------------ 1027| 0| return if_match(req, "XMSS-draft6", {1, 3, 6, 1, 4, 1, 25258, 1, 5}); 1028| 0| case 0x5818B: ------------------ | Branch (1028:7): [True: 0, False: 30.7k] ------------------ 1029| 0| return if_match(req, "ECGDSA/SHA-224", {1, 3, 36, 3, 3, 2, 5, 4, 3}); 1030| 0| case 0x5847E: ------------------ | Branch (1030:7): [True: 0, False: 30.7k] ------------------ 1031| 0| return if_match(req, "ECGDSA/SHA-256", {1, 3, 36, 3, 3, 2, 5, 4, 4}); 1032| 62| case 0x5898B: ------------------ | Branch (1032:7): [True: 62, False: 30.7k] ------------------ 1033| 62| return if_match(req, "SHA-512", {2, 16, 840, 1, 101, 3, 4, 2, 3}); 1034| 0| case 0x58991: ------------------ | Branch (1034:7): [True: 0, False: 30.7k] ------------------ 1035| 0| return if_match(req, "PKIX.OCSP.NoCheck", {1, 3, 6, 1, 5, 5, 7, 48, 1, 5}); 1036| 0| case 0x59717: ------------------ | Branch (1036:7): [True: 0, False: 30.7k] ------------------ 1037| 0| return if_match(req, "X509v3.SubjectKeyIdentifier", {2, 5, 29, 14}); 1038| 0| case 0x5A1E1: ------------------ | Branch (1038:7): [True: 0, False: 30.7k] ------------------ 1039| 0| return if_match(req, "PKCS12.KeyBag", {1, 2, 840, 113549, 1, 12, 10, 1, 1}); 1040| 0| case 0x5A570: ------------------ | Branch (1040:7): [True: 0, False: 30.7k] ------------------ 1041| 0| return if_match(req, "X520.CommonName", {2, 5, 4, 3}); 1042| 0| case 0x5A990: ------------------ | Branch (1042:7): [True: 0, False: 30.7k] ------------------ 1043| 0| return if_match(req, "ECDSA/SHA-3(256)", {2, 16, 840, 1, 101, 3, 4, 3, 10}); 1044| 0| case 0x5AB0E: ------------------ | Branch (1044:7): [True: 0, False: 30.7k] ------------------ 1045| 0| return if_match(req, "SphincsPlus-sha2-256s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 5}); 1046| 0| case 0x5AC4A: ------------------ | Branch (1046:7): [True: 0, False: 30.7k] ------------------ 1047| 0| return if_match(req, "X520.Surname", {2, 5, 4, 4}); 1048| 0| case 0x5AF2C: ------------------ | Branch (1048:7): [True: 0, False: 30.7k] ------------------ 1049| 0| return if_match(req, "ClassicMcEliece_8192128pc", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 5}); 1050| 0| case 0x5BC39: ------------------ | Branch (1050:7): [True: 0, False: 30.7k] ------------------ 1051| 0| return if_match(req, "X509v3.KeyUsage", {2, 5, 29, 15}); 1052| 0| case 0x5BDDB: ------------------ | Branch (1052:7): [True: 0, False: 30.7k] ------------------ 1053| 0| return if_match(req, "numsp256d1", {1, 3, 6, 1, 4, 1, 25258, 4, 1}); 1054| 0| case 0x5C0AE: ------------------ | Branch (1054:7): [True: 0, False: 30.7k] ------------------ 1055| 0| return if_match(req, "SphincsPlus-shake-256s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 5}); 1056| 0| case 0x5C10E: ------------------ | Branch (1056:7): [True: 0, False: 30.7k] ------------------ 1057| 0| return if_match(req, "DSA/SHA-384", {2, 16, 840, 1, 101, 3, 4, 3, 3}); 1058| 0| case 0x5CFE5: ------------------ | Branch (1058:7): [True: 0, False: 30.7k] ------------------ 1059| 0| return if_match(req, "PKCS9.X509Certificate", {1, 2, 840, 113549, 1, 9, 22, 1}); 1060| 0| case 0x5D1CF: ------------------ | Branch (1060:7): [True: 0, False: 30.7k] ------------------ 1061| 0| return if_match(req, "X520.SerialNumber", {2, 5, 4, 5}); 1062| 0| case 0x5D375: ------------------ | Branch (1062:7): [True: 0, False: 30.7k] ------------------ 1063| 0| return if_match(req, "SM4/OCB", {1, 2, 156, 10197, 1, 104, 100}); 1064| 0| case 0x5DD49: ------------------ | Branch (1064:7): [True: 0, False: 30.7k] ------------------ 1065| 0| return if_match(req, "AES-128/CBC", {2, 16, 840, 1, 101, 3, 4, 1, 2}); 1066| 0| case 0x5DE4E: ------------------ | Branch (1066:7): [True: 0, False: 30.7k] ------------------ 1067| 0| return if_match(req, "AES-128/CCM", {2, 16, 840, 1, 101, 3, 4, 1, 7}); 1068| 0| case 0x5DF23: ------------------ | Branch (1068:7): [True: 0, False: 30.7k] ------------------ 1069| 0| return if_match(req, "HMAC(SHA-512-256)", {1, 2, 840, 113549, 2, 13}); 1070| 0| case 0x5ED04: ------------------ | Branch (1070:7): [True: 0, False: 30.7k] ------------------ 1071| 0| return if_match(req, "SM2", {1, 2, 156, 10197, 1, 301, 1}); 1072| 0| case 0x5ED05: ------------------ | Branch (1072:7): [True: 0, False: 30.7k] ------------------ 1073| 0| return if_match(req, "SM3", {1, 2, 156, 10197, 1, 401}); 1074| 56| case 0x5FDC6: ------------------ | Branch (1074:7): [True: 56, False: 30.7k] ------------------ 1075| 56| return if_match(req, "ECDSA/SHA-384", {1, 2, 840, 10045, 4, 3, 3}); 1076| 0| case 0x6199F: ------------------ | Branch (1076:7): [True: 0, False: 30.7k] ------------------ 1077| 0| return if_match(req, "SHA-3(224)", {2, 16, 840, 1, 101, 3, 4, 2, 7}); 1078| 0| case 0x61E79: ------------------ | Branch (1078:7): [True: 0, False: 30.7k] ------------------ 1079| 0| return if_match(req, "AES-192/CBC", {2, 16, 840, 1, 101, 3, 4, 1, 22}); 1080| 0| case 0x61F7E: ------------------ | Branch (1080:7): [True: 0, False: 30.7k] ------------------ 1081| 0| return if_match(req, "AES-192/CCM", {2, 16, 840, 1, 101, 3, 4, 1, 27}); 1082| 0| case 0x64947: ------------------ | Branch (1082:7): [True: 0, False: 30.7k] ------------------ 1083| 0| return if_match(req, "OpenPGP.Ed25519", {1, 3, 6, 1, 4, 1, 11591, 15, 1}); 1084| 0| case 0x652E7: ------------------ | Branch (1084:7): [True: 0, False: 30.7k] ------------------ 1085| 0| return if_match(req, "sm2p256v1", {1, 2, 156, 10197, 1, 301}); 1086| 0| case 0x6697B: ------------------ | Branch (1086:7): [True: 0, False: 30.7k] ------------------ 1087| 0| return if_match(req, "FrodoKEM-1344-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 15, 3}); 1088| 0| case 0x67B2C: ------------------ | Branch (1088:7): [True: 0, False: 30.7k] ------------------ 1089| 0| return if_match(req, "X520.State", {2, 5, 4, 8}); 1090| 0| case 0x67B9B: ------------------ | Branch (1090:7): [True: 0, False: 30.7k] ------------------ 1091| 0| return if_match(req, "HMAC(SHA-384)", {1, 2, 840, 113549, 2, 10}); 1092| 0| case 0x67D86: ------------------ | Branch (1092:7): [True: 0, False: 30.7k] ------------------ 1093| 0| return if_match(req, "ECGDSA/SHA-384", {1, 3, 36, 3, 3, 2, 5, 4, 5}); 1094| 0| case 0x68A0B: ------------------ | Branch (1094:7): [True: 0, False: 30.7k] ------------------ 1095| 0| return if_match(req, "Camellia-128/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 6}); 1096| 0| case 0x68E33: ------------------ | Branch (1096:7): [True: 0, False: 30.7k] ------------------ 1097| 0| return if_match(req, "PKCS9.ExtensionRequest", {1, 2, 840, 113549, 1, 9, 14}); 1098| 6.45k| case 0x69126: ------------------ | Branch (1098:7): [True: 6.45k, False: 24.3k] ------------------ 1099| 6.45k| return if_match(req, "X509v3.SubjectAlternativeName", {2, 5, 29, 17}); 1100| 0| case 0x692F8: ------------------ | Branch (1100:7): [True: 0, False: 30.7k] ------------------ 1101| 0| return if_match(req, "SM4/CBC", {1, 2, 156, 10197, 1, 104, 2}); 1102| 0| case 0x695E1: ------------------ | Branch (1102:7): [True: 0, False: 30.7k] ------------------ 1103| 0| return if_match(req, "Dilithium-4x4-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 9, 1}); 1104| 0| case 0x696DC: ------------------ | Branch (1104:7): [True: 0, False: 30.7k] ------------------ 1105| 0| return if_match(req, "PKIX.IpAddrBlocks", {1, 3, 6, 1, 5, 5, 7, 1, 7}); 1106| 0| case 0x6A7CA: ------------------ | Branch (1106:7): [True: 0, False: 30.7k] ------------------ 1107| 0| return if_match(req, "ECDSA", {1, 2, 840, 10045, 2, 1}); 1108| 0| case 0x6BD26: ------------------ | Branch (1108:7): [True: 0, False: 30.7k] ------------------ 1109| 0| return if_match(req, "GOST.INN", {1, 2, 643, 3, 131, 1, 1}); 1110| 0| case 0x6CB3B: ------------------ | Branch (1110:7): [True: 0, False: 30.7k] ------------------ 1111| 0| return if_match(req, "Camellia-192/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 7}); 1112| 0| case 0x6E602: ------------------ | Branch (1112:7): [True: 0, False: 30.7k] ------------------ 1113| 0| return if_match(req, "Dilithium-8x7-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 9, 3}); 1114| 0| case 0x6F0C2: ------------------ | Branch (1114:7): [True: 0, False: 30.7k] ------------------ 1115| 0| return if_match(req, "RSA/PKCS1v15(SHA-224)", {1, 2, 840, 113549, 1, 1, 14}); 1116| 0| case 0x6F9F8: ------------------ | Branch (1116:7): [True: 0, False: 30.7k] ------------------ 1117| 0| return if_match(req, "PKCS12.SafeContentsBag", {1, 2, 840, 113549, 1, 12, 10, 1, 6}); 1118| 0| case 0x6FB26: ------------------ | Branch (1118:7): [True: 0, False: 30.7k] ------------------ 1119| 0| return if_match(req, "PKIX.AuthorityInformationAccess", {1, 3, 6, 1, 5, 5, 7, 1, 1}); 1120| 752| case 0x70BB6: ------------------ | Branch (1120:7): [True: 752, False: 30.0k] ------------------ 1121| 752| return if_match(req, "brainpool384r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 11}); 1122| 0| case 0x70EA6: ------------------ | Branch (1122:7): [True: 0, False: 30.7k] ------------------ 1123| 0| return if_match(req, "PKCS12.PKCS8ShroudedKeyBag", {1, 2, 840, 113549, 1, 12, 10, 1, 2}); 1124| 0| case 0x71EB3: ------------------ | Branch (1124:7): [True: 0, False: 30.7k] ------------------ 1125| 0| return if_match(req, "SphincsPlus-haraka-128f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 2}); 1126| 0| case 0x7382C: ------------------ | Branch (1126:7): [True: 0, False: 30.7k] ------------------ 1127| 0| return if_match(req, "ML-KEM-1024", {2, 16, 840, 1, 101, 3, 4, 4, 3}); 1128| 0| case 0x743BD: ------------------ | Branch (1128:7): [True: 0, False: 30.7k] ------------------ 1129| 0| return if_match(req, "AES-256/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 3}); 1130| 0| case 0x7498E: ------------------ | Branch (1130:7): [True: 0, False: 30.7k] ------------------ 1131| 0| return if_match(req, "Camellia-128/CBC", {1, 2, 392, 200011, 61, 1, 1, 1, 2}); 1132| 0| case 0x74C2E: ------------------ | Branch (1132:7): [True: 0, False: 30.7k] ------------------ 1133| 0| return if_match(req, "ML-DSA-8x7", {2, 16, 840, 1, 101, 3, 4, 3, 19}); 1134| 0| case 0x7505F: ------------------ | Branch (1134:7): [True: 0, False: 30.7k] ------------------ 1135| 0| return if_match(req, "PKIX.XMPPAddr", {1, 3, 6, 1, 5, 5, 7, 8, 5}); 1136| 0| case 0x7517A: ------------------ | Branch (1136:7): [True: 0, False: 30.7k] ------------------ 1137| 0| return if_match(req, "RSA/PKCS1v15(MD2)", {1, 2, 840, 113549, 1, 1, 2}); 1138| 0| case 0x7546B: ------------------ | Branch (1138:7): [True: 0, False: 30.7k] ------------------ 1139| 0| return if_match(req, "RSA/PKCS1v15(MD5)", {1, 2, 840, 113549, 1, 1, 4}); 1140| 0| case 0x75921: ------------------ | Branch (1140:7): [True: 0, False: 30.7k] ------------------ 1141| 0| return if_match(req, "ClassicMcEliece_348864f", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 2}); 1142| 0| case 0x76784: ------------------ | Branch (1142:7): [True: 0, False: 30.7k] ------------------ 1143| 0| return if_match(req, "SHA-3(384)", {2, 16, 840, 1, 101, 3, 4, 2, 9}); 1144| 0| case 0x768FD: ------------------ | Branch (1144:7): [True: 0, False: 30.7k] ------------------ 1145| 0| return if_match(req, "PKCS9.LocalKeyId", {1, 2, 840, 113549, 1, 9, 21}); 1146| 629| case 0x76A19: ------------------ | Branch (1146:7): [True: 629, False: 30.1k] ------------------ 1147| 629| return if_match(req, "brainpool512r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 13}); 1148| 0| case 0x77254: ------------------ | Branch (1148:7): [True: 0, False: 30.7k] ------------------ 1149| 0| return if_match(req, "SphincsPlus-haraka-256s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 5}); 1150| 0| case 0x77ADC: ------------------ | Branch (1150:7): [True: 0, False: 30.7k] ------------------ 1151| 0| return if_match(req, "secp224k1", {1, 3, 132, 0, 32}); 1152| 0| case 0x781B9: ------------------ | Branch (1152:7): [True: 0, False: 30.7k] ------------------ 1153| 0| return if_match(req, "secp224r1", {1, 3, 132, 0, 33}); 1154| 0| case 0x78ABE: ------------------ | Branch (1154:7): [True: 0, False: 30.7k] ------------------ 1155| 0| return if_match(req, "Camellia-192/CBC", {1, 2, 392, 200011, 61, 1, 1, 1, 3}); 1156| 0| case 0x792F2: ------------------ | Branch (1156:7): [True: 0, False: 30.7k] ------------------ 1157| 0| return if_match(req, "ClassicMcEliece_6688128pc", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 1}); 1158| 0| case 0x7A661: ------------------ | Branch (1158:7): [True: 0, False: 30.7k] ------------------ 1159| 0| return if_match(req, "DSA/SHA-512", {2, 16, 840, 1, 101, 3, 4, 3, 4}); 1160| 0| case 0x7A977: ------------------ | Branch (1160:7): [True: 0, False: 30.7k] ------------------ 1161| 0| return if_match(req, "X509v3.ExtendedKeyUsage", {2, 5, 29, 37}); 1162| 0| case 0x7AE67: ------------------ | Branch (1162:7): [True: 0, False: 30.7k] ------------------ 1163| 0| return if_match(req, "SM2_Enc", {1, 2, 156, 10197, 1, 301, 3}); 1164| 0| case 0x7B602: ------------------ | Branch (1164:7): [True: 0, False: 30.7k] ------------------ 1165| 0| return if_match(req, "Twofish/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 5}); 1166| 0| case 0x7B9A1: ------------------ | Branch (1166:7): [True: 0, False: 30.7k] ------------------ 1167| 0| return if_match(req, "SphincsPlus-sha2-192s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 3}); 1168| 0| case 0x7BB0A: ------------------ | Branch (1168:7): [True: 0, False: 30.7k] ------------------ 1169| 0| return if_match(req, "SLH-DSA-SHAKE-256f", {2, 16, 840, 1, 101, 3, 4, 3, 31}); 1170| 0| case 0x7BB17: ------------------ | Branch (1170:7): [True: 0, False: 30.7k] ------------------ 1171| 0| return if_match(req, "SLH-DSA-SHAKE-256s", {2, 16, 840, 1, 101, 3, 4, 3, 30}); 1172| 0| case 0x7BCF3: ------------------ | Branch (1172:7): [True: 0, False: 30.7k] ------------------ 1173| 0| return if_match(req, "PKIX.EmailProtection", {1, 3, 6, 1, 5, 5, 7, 3, 4}); 1174| 0| case 0x7CC2C: ------------------ | Branch (1174:7): [True: 0, False: 30.7k] ------------------ 1175| 0| return if_match(req, "SHA-512-256", {2, 16, 840, 1, 101, 3, 4, 2, 6}); 1176| 0| case 0x7CF41: ------------------ | Branch (1176:7): [True: 0, False: 30.7k] ------------------ 1177| 0| return if_match(req, "SphincsPlus-shake-192s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 3}); 1178| 0| case 0x7DB91: ------------------ | Branch (1178:7): [True: 0, False: 30.7k] ------------------ 1179| 0| return if_match(req, "GOST-34.10", {1, 2, 643, 2, 2, 19}); 1180| 44| case 0x7E319: ------------------ | Branch (1180:7): [True: 44, False: 30.7k] ------------------ 1181| 44| return if_match(req, "ECDSA/SHA-512", {1, 2, 840, 10045, 4, 3, 4}); 1182| 0| case 0x7E874: ------------------ | Branch (1182:7): [True: 0, False: 30.7k] ------------------ 1183| 0| return if_match(req, "ClassicMcEliece_6688128f", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 6}); 1184| 0| case 0x7EAAF: ------------------ | Branch (1184:7): [True: 0, False: 30.7k] ------------------ 1185| 0| return if_match(req, "eFrodoKEM-640-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 16, 1}); 1186| 0| case 0x7F51F: ------------------ | Branch (1186:7): [True: 0, False: 30.7k] ------------------ 1187| 0| return if_match(req, "PKIX.IPsecTunnel", {1, 3, 6, 1, 5, 5, 7, 3, 6}); 1188| 0| case 0x80272: ------------------ | Branch (1188:7): [True: 0, False: 30.7k] ------------------ 1189| 0| return if_match(req, "X520.Organization", {2, 5, 4, 10}); 1190| 0| case 0x80340: ------------------ | Branch (1190:7): [True: 0, False: 30.7k] ------------------ 1191| 0| return if_match(req, "AES-256/CBC", {2, 16, 840, 1, 101, 3, 4, 1, 42}); 1192| 0| case 0x80445: ------------------ | Branch (1192:7): [True: 0, False: 30.7k] ------------------ 1193| 0| return if_match(req, "AES-256/CCM", {2, 16, 840, 1, 101, 3, 4, 1, 47}); 1194| 0| case 0x811F7: ------------------ | Branch (1194:7): [True: 0, False: 30.7k] ------------------ 1195| 0| return if_match(req, "HMAC(SHA-256)", {1, 2, 840, 113549, 2, 9}); 1196| 0| case 0x82434: ------------------ | Branch (1196:7): [True: 0, False: 30.7k] ------------------ 1197| 0| return if_match(req, "PKCS9.X509CRL", {1, 2, 840, 113549, 1, 9, 23, 1}); 1198| 0| case 0x82B47: ------------------ | Branch (1198:7): [True: 0, False: 30.7k] ------------------ 1199| 0| return if_match(req, "Threefish-512/CBC", {1, 3, 6, 1, 4, 1, 25258, 3, 2}); 1200| 206| case 0x83EA7: ------------------ | Branch (1200:7): [True: 206, False: 30.5k] ------------------ 1201| 206| return if_match(req, "RSA/PKCS1v15(SHA-384)", {1, 2, 840, 113549, 1, 1, 12}); 1202| 0| case 0x84596: ------------------ | Branch (1202:7): [True: 0, False: 30.7k] ------------------ 1203| 0| return if_match(req, "eFrodoKEM-640-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 17, 1}); 1204| 0| case 0x8469F: ------------------ | Branch (1204:7): [True: 0, False: 30.7k] ------------------ 1205| 0| return if_match(req, "ClassicMcEliece_6960119pcf", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 4}); 1206| 0| case 0x84CA4: ------------------ | Branch (1206:7): [True: 0, False: 30.7k] ------------------ 1207| 0| return if_match(req, "secp256k1", {1, 3, 132, 0, 10}); 1208| 821| case 0x85381: ------------------ | Branch (1208:7): [True: 821, False: 29.9k] ------------------ 1209| 821| return if_match(req, "secp256r1", {1, 2, 840, 10045, 3, 1, 7}); 1210| 0| case 0x854FC: ------------------ | Branch (1210:7): [True: 0, False: 30.7k] ------------------ 1211| 0| return if_match(req, "PKIX.IPsecUser", {1, 3, 6, 1, 5, 5, 7, 3, 7}); 1212| 0| case 0x85F51: ------------------ | Branch (1212:7): [True: 0, False: 30.7k] ------------------ 1213| 0| return if_match(req, "Serpent/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 4}); 1214| 0| case 0x862D9: ------------------ | Branch (1214:7): [True: 0, False: 30.7k] ------------------ 1215| 0| return if_match(req, "ECGDSA/SHA-512", {1, 3, 36, 3, 3, 2, 5, 4, 6}); 1216| 0| case 0x87585: ------------------ | Branch (1216:7): [True: 0, False: 30.7k] ------------------ 1217| 0| return if_match(req, "Twofish/CBC", {1, 3, 6, 1, 4, 1, 25258, 3, 3}); 1218| 0| case 0x877D1: ------------------ | Branch (1218:7): [True: 0, False: 30.7k] ------------------ 1219| 0| return if_match(req, "PKCS9.EmailAddress", {1, 2, 840, 113549, 1, 9, 1}); 1220| 0| case 0x87D27: ------------------ | Branch (1220:7): [True: 0, False: 30.7k] ------------------ 1221| 0| return if_match(req, "PKIX.CertificateAuthorityIssuers", {1, 3, 6, 1, 5, 5, 7, 48, 2}); 1222| 0| case 0x87E42: ------------------ | Branch (1222:7): [True: 0, False: 30.7k] ------------------ 1223| 0| return if_match(req, "X509v3.AuthorityKeyIdentifier", {2, 5, 29, 35}); 1224| 32| case 0x889B1: ------------------ | Branch (1224:7): [True: 32, False: 30.7k] ------------------ 1225| 32| return if_match(req, "ECDSA/SHA-1", {1, 2, 840, 10045, 4, 1}); 1226| 0| case 0x89658: ------------------ | Branch (1226:7): [True: 0, False: 30.7k] ------------------ 1227| 0| return if_match(req, "PBE-PKCS5v20", {1, 2, 840, 113549, 1, 5, 13}); 1228| 0| case 0x8976D: ------------------ | Branch (1228:7): [True: 0, False: 30.7k] ------------------ 1229| 0| return if_match(req, "PKCS9.MessageDigest", {1, 2, 840, 113549, 1, 9, 4}); 1230| 0| case 0x8B002: ------------------ | Branch (1230:7): [True: 0, False: 30.7k] ------------------ 1231| 0| return if_match(req, "Camellia-256/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 8}); 1232| 0| case 0x8B935: ------------------ | Branch (1232:7): [True: 0, False: 30.7k] ------------------ 1233| 0| return if_match(req, "ClassicMcEliece_6688128", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 5}); 1234| 0| case 0x8BB11: ------------------ | Branch (1234:7): [True: 0, False: 30.7k] ------------------ 1235| 0| return if_match(req, "X509v3.NoRevocationAvailable", {2, 5, 29, 56}); 1236| 0| case 0x8CE3D: ------------------ | Branch (1236:7): [True: 0, False: 30.7k] ------------------ 1237| 0| return if_match(req, "PKCS9.ChallengePassword", {1, 2, 840, 113549, 1, 9, 7}); 1238| 0| case 0x8D45C: ------------------ | Branch (1238:7): [True: 0, False: 30.7k] ------------------ 1239| 0| return if_match(req, "ECKCDSA", {1, 0, 14888, 3, 0, 5}); 1240| 0| case 0x8E0C1: ------------------ | Branch (1240:7): [True: 0, False: 30.7k] ------------------ 1241| 0| return if_match(req, "X509v3.CertificatePolicies", {2, 5, 29, 32}); 1242| 0| case 0x8E39A: ------------------ | Branch (1242:7): [True: 0, False: 30.7k] ------------------ 1243| 0| return if_match(req, "HSS-LMS-Private-Key", {1, 3, 6, 1, 4, 1, 25258, 1, 13}); 1244| 0| case 0x8EC51: ------------------ | Branch (1244:7): [True: 0, False: 30.7k] ------------------ 1245| 0| return if_match(req, "Kyber-768-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 7, 2}); 1246| 0| case 0x8F94A: ------------------ | Branch (1246:7): [True: 0, False: 30.7k] ------------------ 1247| 0| return if_match(req, "Dilithium-6x5-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 9, 2}); 1248| 0| case 0x8FC20: ------------------ | Branch (1248:7): [True: 0, False: 30.7k] ------------------ 1249| 0| return if_match(req, "AES-128/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 1}); 1250| 0| case 0x8FDE0: ------------------ | Branch (1250:7): [True: 0, False: 30.7k] ------------------ 1251| 0| return if_match(req, "SHA-3(256)", {2, 16, 840, 1, 101, 3, 4, 2, 8}); 1252| 0| case 0x919E3: ------------------ | Branch (1252:7): [True: 0, False: 30.7k] ------------------ 1253| 0| return if_match(req, "Serpent/GCM", {1, 3, 6, 1, 4, 1, 25258, 3, 101}); 1254| 0| case 0x91C1A: ------------------ | Branch (1254:7): [True: 0, False: 30.7k] ------------------ 1255| 0| return if_match(req, "X25519", {1, 3, 101, 110}); 1256| 0| case 0x91DC4: ------------------ | Branch (1256:7): [True: 0, False: 30.7k] ------------------ 1257| 0| return if_match(req, "McEliece", {1, 3, 6, 1, 4, 1, 25258, 1, 3}); 1258| 0| case 0x93467: ------------------ | Branch (1258:7): [True: 0, False: 30.7k] ------------------ 1259| 0| return if_match(req, "Dilithium-6x5-AES-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 10, 2}); 1260| 0| case 0x93D50: ------------------ | Branch (1260:7): [True: 0, False: 30.7k] ------------------ 1261| 0| return if_match(req, "AES-192/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 2}); 1262| 0| case 0x95166: ------------------ | Branch (1262:7): [True: 0, False: 30.7k] ------------------ 1263| 0| return if_match(req, "SLH-DSA-SHAKE-128f", {2, 16, 840, 1, 101, 3, 4, 3, 27}); 1264| 0| case 0x95173: ------------------ | Branch (1264:7): [True: 0, False: 30.7k] ------------------ 1265| 0| return if_match(req, "SLH-DSA-SHAKE-128s", {2, 16, 840, 1, 101, 3, 4, 3, 26}); 1266| 0| case 0x952D6: ------------------ | Branch (1266:7): [True: 0, False: 30.7k] ------------------ 1267| 0| return if_match(req, "PKIX.OCSP", {1, 3, 6, 1, 5, 5, 7, 48, 1}); 1268| 0| case 0x959B9: ------------------ | Branch (1268:7): [True: 0, False: 30.7k] ------------------ 1269| 0| return if_match(req, "PKIX.IPsecEndSystem", {1, 3, 6, 1, 5, 5, 7, 3, 5}); 1270| 0| case 0x96F85: ------------------ | Branch (1270:7): [True: 0, False: 30.7k] ------------------ 1271| 0| return if_match(req, "Camellia-256/CBC", {1, 2, 392, 200011, 61, 1, 1, 1, 4}); 1272| 0| case 0x97D5E: ------------------ | Branch (1272:7): [True: 0, False: 30.7k] ------------------ 1273| 0| return if_match(req, "HMAC(SHA-1)", {1, 2, 840, 113549, 2, 7}); 1274| 0| case 0x9805C: ------------------ | Branch (1274:7): [True: 0, False: 30.7k] ------------------ 1275| 0| return if_match(req, "SEED/CBC", {1, 2, 410, 200004, 1, 4}); 1276| 0| case 0x980E7: ------------------ | Branch (1276:7): [True: 0, False: 30.7k] ------------------ 1277| 0| return if_match(req, "SphincsPlus-haraka-192s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 3}); 1278| 0| case 0x980F5: ------------------ | Branch (1278:7): [True: 0, False: 30.7k] ------------------ 1279| 0| return if_match(req, "GOST.SubjectSigningTool", {1, 2, 643, 100, 111}); 1280| 0| case 0x98B03: ------------------ | Branch (1280:7): [True: 0, False: 30.7k] ------------------ 1281| 0| return if_match(req, "XMSS", {0, 4, 0, 127, 0, 15, 1, 1, 13, 0}); 1282| 0| case 0x9A6B2: ------------------ | Branch (1282:7): [True: 0, False: 30.7k] ------------------ 1283| 0| return if_match(req, "ECKCDSA/SHA-1", {1, 2, 410, 200004, 1, 100, 4, 3}); 1284| 0| case 0x9B1CF: ------------------ | Branch (1284:7): [True: 0, False: 30.7k] ------------------ 1285| 0| return if_match(req, "SM4/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 9}); 1286| 0| case 0x9B6B2: ------------------ | Branch (1286:7): [True: 0, False: 30.7k] ------------------ 1287| 0| return if_match(req, "AES-128/GCM", {2, 16, 840, 1, 101, 3, 4, 1, 6}); 1288| 0| case 0x9B6BB: ------------------ | Branch (1288:7): [True: 0, False: 30.7k] ------------------ 1289| 0| return if_match(req, "X520.OrganizationalUnit", {2, 5, 4, 11}); 1290| 0| case 0x9B851: ------------------ | Branch (1290:7): [True: 0, False: 30.7k] ------------------ 1291| 0| return if_match(req, "OpenPGP.Curve25519", {1, 3, 6, 1, 4, 1, 3029, 1, 5, 1}); 1292| 0| case 0x9C80B: ------------------ | Branch (1292:7): [True: 0, False: 30.7k] ------------------ 1293| 0| return if_match(req, "SLH-DSA-SHA2-192f", {2, 16, 840, 1, 101, 3, 4, 3, 23}); 1294| 0| case 0x9C818: ------------------ | Branch (1294:7): [True: 0, False: 30.7k] ------------------ 1295| 0| return if_match(req, "SLH-DSA-SHA2-192s", {2, 16, 840, 1, 101, 3, 4, 3, 22}); 1296| 0| case 0x9CD2B: ------------------ | Branch (1296:7): [True: 0, False: 30.7k] ------------------ 1297| 0| return if_match(req, "Scrypt", {1, 3, 6, 1, 4, 1, 11591, 4, 11}); 1298| 0| case 0x9CDE1: ------------------ | Branch (1298:7): [True: 0, False: 30.7k] ------------------ 1299| 0| return if_match(req, "GOST-34.10-2012-256/SHA-256", {1, 3, 6, 1, 4, 1, 25258, 1, 6, 1}); 1300| 0| case 0x9CF73: ------------------ | Branch (1300:7): [True: 0, False: 30.7k] ------------------ 1301| 0| return if_match(req, "ClassicMcEliece_460896f", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 4}); 1302| 0| case 0x9D354: ------------------ | Branch (1302:7): [True: 0, False: 30.7k] ------------------ 1303| 0| return if_match(req, "RIPEMD-160", {1, 3, 36, 3, 2, 1}); 1304| 82| case 0x9D503: ------------------ | Branch (1304:7): [True: 82, False: 30.6k] ------------------ 1305| 82| return if_match(req, "RSA/PKCS1v15(SHA-256)", {1, 2, 840, 113549, 1, 1, 11}); 1306| 0| case 0x9EC88: ------------------ | Branch (1306:7): [True: 0, False: 30.7k] ------------------ 1307| 0| return if_match(req, "DSA/SHA-3(512)", {2, 16, 840, 1, 101, 3, 4, 3, 8}); 1308| 0| case 0x9EF36: ------------------ | Branch (1308:7): [True: 0, False: 30.7k] ------------------ 1309| 0| return if_match(req, "ClassicMcEliece_6960119", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 7}); 1310| 0| case 0x9F764: ------------------ | Branch (1310:7): [True: 0, False: 30.7k] ------------------ 1311| 0| return if_match(req, "X448", {1, 3, 101, 111}); 1312| 0| case 0x9F7E2: ------------------ | Branch (1312:7): [True: 0, False: 30.7k] ------------------ 1313| 0| return if_match(req, "AES-192/GCM", {2, 16, 840, 1, 101, 3, 4, 1, 26}); 1314| 0| case 0x9F9C5: ------------------ | Branch (1314:7): [True: 0, False: 30.7k] ------------------ 1315| 0| return if_match(req, "ClassicMcEliece_6688128pcf", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 2}); 1316| 0| case 0xA0805: ------------------ | Branch (1316:7): [True: 0, False: 30.7k] ------------------ 1317| 0| return if_match(req, "PKCS9.SDSICertificate", {1, 2, 840, 113549, 1, 9, 22, 2}); 1318| 0| case 0xA2B5B: ------------------ | Branch (1318:7): [True: 0, False: 30.7k] ------------------ 1319| 0| return if_match(req, "X509v3.CRLNumber", {2, 5, 29, 20}); 1320| 0| case 0xA3005: ------------------ | Branch (1320:7): [True: 0, False: 30.7k] ------------------ 1321| 0| return if_match(req, "X520.Title", {2, 5, 4, 12}); 1322| 0| case 0xA323F: ------------------ | Branch (1322:7): [True: 0, False: 30.7k] ------------------ 1323| 0| return if_match(req, "X509v3.NameConstraints", {2, 5, 29, 30}); 1324| 0| case 0xA3C55: ------------------ | Branch (1324:7): [True: 0, False: 30.7k] ------------------ 1325| 0| return if_match(req, "X520.Pseudonym", {2, 5, 4, 65}); 1326| 0| case 0xA4809: ------------------ | Branch (1326:7): [True: 0, False: 30.7k] ------------------ 1327| 0| return if_match(req, "SphincsPlus-sha2-256f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 6}); 1328| 712| case 0xA57AF: ------------------ | Branch (1328:7): [True: 712, False: 30.0k] ------------------ 1329| 712| return if_match(req, "secp521r1", {1, 3, 132, 0, 35}); 1330| 0| case 0xA5DA9: ------------------ | Branch (1330:7): [True: 0, False: 30.7k] ------------------ 1331| 0| return if_match(req, "SphincsPlus-shake-256f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 6}); 1332| 0| case 0xA6865: ------------------ | Branch (1332:7): [True: 0, False: 30.7k] ------------------ 1333| 0| return if_match(req, "Camellia-128/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 6}); 1334| 0| case 0xA6C61: ------------------ | Branch (1334:7): [True: 0, False: 30.7k] ------------------ 1335| 0| return if_match(req, "SM4/GCM", {1, 2, 156, 10197, 1, 104, 8}); 1336| 0| case 0xA8439: ------------------ | Branch (1336:7): [True: 0, False: 30.7k] ------------------ 1337| 0| return if_match(req, "PKCS12.CertBag", {1, 2, 840, 113549, 1, 12, 10, 1, 3}); 1338| 0| case 0xA9061: ------------------ | Branch (1338:7): [True: 0, False: 30.7k] ------------------ 1339| 0| return if_match(req, "Kyber-768-90s-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 11, 2}); 1340| 0| case 0xAA995: ------------------ | Branch (1340:7): [True: 0, False: 30.7k] ------------------ 1341| 0| return if_match(req, "Camellia-192/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 7}); 1342| 0| case 0xAAE2B: ------------------ | Branch (1342:7): [True: 0, False: 30.7k] ------------------ 1343| 0| return if_match(req, "Dilithium-8x7-AES-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 10, 3}); 1344| 0| case 0xABCED: ------------------ | Branch (1344:7): [True: 0, False: 30.7k] ------------------ 1345| 0| return if_match(req, "GOST.IssuerSigningTool", {1, 2, 643, 100, 112}); 1346| 0| case 0xABD24: ------------------ | Branch (1346:7): [True: 0, False: 30.7k] ------------------ 1347| 0| return if_match(req, "RSA/OAEP", {1, 2, 840, 113549, 1, 1, 7}); 1348| 0| case 0xAC2EC: ------------------ | Branch (1348:7): [True: 0, False: 30.7k] ------------------ 1349| 0| return if_match(req, "Streebog-256", {1, 2, 643, 7, 1, 1, 2, 2}); 1350| 0| case 0xAC3DD: ------------------ | Branch (1350:7): [True: 0, False: 30.7k] ------------------ 1351| 0| return if_match(req, "Certificate Comment", {2, 16, 840, 1, 113730, 1, 13}); 1352| 0| case 0xAC511: ------------------ | Branch (1352:7): [True: 0, False: 30.7k] ------------------ 1353| 0| return if_match(req, "PBE-SHA1-3DES", {1, 2, 840, 113549, 1, 12, 1, 3}); 1354| 0| case 0xAE6FE: ------------------ | Branch (1354:7): [True: 0, False: 30.7k] ------------------ 1355| 0| return if_match(req, "PKIX.ClientAuth", {1, 3, 6, 1, 5, 5, 7, 3, 2}); 1356| 0| case 0xAE8D3: ------------------ | Branch (1356:7): [True: 0, False: 30.7k] ------------------ 1357| 0| return if_match(req, "ClassicMcEliece_8192128pcf", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 6}); 1358| 0| case 0xAF476: ------------------ | Branch (1358:7): [True: 0, False: 30.7k] ------------------ 1359| 0| return if_match(req, "ECDH", {1, 3, 132, 1, 12}); 1360| 0| case 0xAFA6A: ------------------ | Branch (1360:7): [True: 0, False: 30.7k] ------------------ 1361| 0| return if_match(req, "RSA/PKCS1v15(SHA-3(384))", {2, 16, 840, 1, 101, 3, 4, 3, 15}); 1362| 0| case 0xB2217: ------------------ | Branch (1362:7): [True: 0, False: 30.7k] ------------------ 1363| 0| return if_match(req, "AES-256/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 3}); 1364| 0| case 0xB22F7: ------------------ | Branch (1364:7): [True: 0, False: 30.7k] ------------------ 1365| 0| return if_match(req, "Camellia-128/GCM", {0, 3, 4401, 5, 3, 1, 9, 6}); 1366| 0| case 0xB23DE: ------------------ | Branch (1366:7): [True: 0, False: 30.7k] ------------------ 1367| 0| return if_match(req, "X520.Locality", {2, 5, 4, 7}); 1368| 0| case 0xB2FBD: ------------------ | Branch (1368:7): [True: 0, False: 30.7k] ------------------ 1369| 0| return if_match(req, "ECKCDSA/SHA-224", {1, 2, 410, 200004, 1, 100, 4, 4}); 1370| 0| case 0xB32B0: ------------------ | Branch (1370:7): [True: 0, False: 30.7k] ------------------ 1371| 0| return if_match(req, "ECKCDSA/SHA-256", {1, 2, 410, 200004, 1, 100, 4, 5}); 1372| 0| case 0xB360E: ------------------ | Branch (1372:7): [True: 0, False: 30.7k] ------------------ 1373| 0| return if_match(req, "eFrodoKEM-976-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 16, 2}); 1374| 0| case 0xB4368: ------------------ | Branch (1374:7): [True: 0, False: 30.7k] ------------------ 1375| 0| return if_match(req, "ECGDSA/SHA-1", {1, 3, 36, 3, 3, 2, 5, 4, 2}); 1376| 0| case 0xB58CD: ------------------ | Branch (1376:7): [True: 0, False: 30.7k] ------------------ 1377| 0| return if_match(req, "RSA/PKCS1v15(SHA-3(512))", {2, 16, 840, 1, 101, 3, 4, 3, 16}); 1378| 0| case 0xB6427: ------------------ | Branch (1378:7): [True: 0, False: 30.7k] ------------------ 1379| 0| return if_match(req, "Camellia-192/GCM", {0, 3, 4401, 5, 3, 1, 9, 26}); 1380| 0| case 0xB7102: ------------------ | Branch (1380:7): [True: 0, False: 30.7k] ------------------ 1381| 0| return if_match(req, "brainpool224r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 5}); 1382| 0| case 0xB710D: ------------------ | Branch (1382:7): [True: 0, False: 30.7k] ------------------ 1383| 0| return if_match(req, "X509v3.CRLIssuingDistributionPoint", {2, 5, 29, 28}); 1384| 0| case 0xB72D4: ------------------ | Branch (1384:7): [True: 0, False: 30.7k] ------------------ 1385| 0| return if_match(req, "Microsoft UPN", {1, 3, 6, 1, 4, 1, 311, 20, 2, 3}); 1386| 6.22k| case 0xB73A5: ------------------ | Branch (1386:7): [True: 6.22k, False: 24.5k] ------------------ 1387| 6.22k| return if_match(req, "RSA/PSS", {1, 2, 840, 113549, 1, 1, 10}); 1388| 0| case 0xB84B3: ------------------ | Branch (1388:7): [True: 0, False: 30.7k] ------------------ 1389| 0| return if_match(req, "PKIX.CodeSigning", {1, 3, 6, 1, 5, 5, 7, 3, 3}); 1390| 0| case 0xB8CB9: ------------------ | Branch (1390:7): [True: 0, False: 30.7k] ------------------ 1391| 0| return if_match(req, "GOST-34.10-2012-256", {1, 2, 643, 7, 1, 1, 1, 1}); 1392| 0| case 0xB945C: ------------------ | Branch (1392:7): [True: 0, False: 30.7k] ------------------ 1393| 0| return if_match(req, "Twofish/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 5}); 1394| 0| case 0xB94E4: ------------------ | Branch (1394:7): [True: 0, False: 30.7k] ------------------ 1395| 0| return if_match(req, "gost_512A", {1, 2, 643, 7, 1, 2, 1, 2, 1}); 1396| 0| case 0xB94E5: ------------------ | Branch (1396:7): [True: 0, False: 30.7k] ------------------ 1397| 0| return if_match(req, "gost_512B", {1, 2, 643, 7, 1, 2, 1, 2, 2}); 1398| 0| case 0xBA1D8: ------------------ | Branch (1398:7): [True: 0, False: 30.7k] ------------------ 1399| 0| return if_match(req, "X520.StreetAddress", {2, 5, 4, 9}); 1400| 0| case 0xBCB45: ------------------ | Branch (1400:7): [True: 0, False: 30.7k] ------------------ 1401| 0| return if_match(req, "PKCS12.CRLBag", {1, 2, 840, 113549, 1, 12, 10, 1, 4}); 1402| 0| case 0xBCC82: ------------------ | Branch (1402:7): [True: 0, False: 30.7k] ------------------ 1403| 0| return if_match(req, "x962_p239v1", {1, 2, 840, 10045, 3, 1, 4}); 1404| 0| case 0xBCC83: ------------------ | Branch (1404:7): [True: 0, False: 30.7k] ------------------ 1405| 0| return if_match(req, "x962_p239v2", {1, 2, 840, 10045, 3, 1, 5}); 1406| 0| case 0xBCC84: ------------------ | Branch (1406:7): [True: 0, False: 30.7k] ------------------ 1407| 0| return if_match(req, "x962_p239v3", {1, 2, 840, 10045, 3, 1, 6}); 1408| 0| case 0xBD92B: ------------------ | Branch (1408:7): [True: 0, False: 30.7k] ------------------ 1409| 0| return if_match(req, "X509v3.HoldInstructionCode", {2, 5, 29, 23}); 1410| 0| case 0xBDCA9: ------------------ | Branch (1410:7): [True: 0, False: 30.7k] ------------------ 1411| 0| return if_match(req, "AES-256/GCM", {2, 16, 840, 1, 101, 3, 4, 1, 46}); 1412| 0| case 0xBE48D: ------------------ | Branch (1412:7): [True: 0, False: 30.7k] ------------------ 1413| 0| return if_match(req, "PKIX.OCSP.BasicResponse", {1, 3, 6, 1, 5, 5, 7, 48, 1, 1}); 1414| 0| case 0xBF71E: ------------------ | Branch (1414:7): [True: 0, False: 30.7k] ------------------ 1415| 0| return if_match(req, "Kyber-1024-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 7, 3}); 1416| 0| case 0xBFF01: ------------------ | Branch (1416:7): [True: 0, False: 30.7k] ------------------ 1417| 0| return if_match(req, "DSA/SHA-3(224)", {2, 16, 840, 1, 101, 3, 4, 3, 5}); 1418| 0| case 0xC0F4F: ------------------ | Branch (1418:7): [True: 0, False: 30.7k] ------------------ 1419| 0| return if_match(req, "SphincsPlus-haraka-256f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 6}); 1420| 0| case 0xC1875: ------------------ | Branch (1420:7): [True: 0, False: 30.7k] ------------------ 1421| 0| return if_match(req, "SHA-1", {1, 3, 14, 3, 2, 26}); 1422| 0| case 0xC28D1: ------------------ | Branch (1422:7): [True: 0, False: 30.7k] ------------------ 1423| 0| return if_match(req, "PKIX.OCSPSigning", {1, 3, 6, 1, 5, 5, 7, 3, 9}); 1424| 1.22k| case 0xC42CA: ------------------ | Branch (1424:7): [True: 1.22k, False: 29.5k] ------------------ 1425| 1.22k| return if_match(req, "brainpool256r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 7}); 1426| 0| default: ------------------ | Branch (1426:7): [True: 0, False: 30.7k] ------------------ 1427| 0| return {}; 1428| 30.7k| } 1429| 30.7k|} _ZN5Botan7OID_Map16load_oid2str_mapEv: 1431| 1|std::unordered_map OID_Map::load_oid2str_map() { 1432| 1| return { 1433| 1| {OID{2, 5, 8, 1, 1}, "RSA"}, 1434| 1| {OID{1, 3, 6, 1, 4, 1, 8301, 3, 1, 2, 9, 0, 38}, "secp521r1"}, 1435| 1| {OID{1, 2, 643, 2, 2, 35, 1}, "gost_256A"}, 1436| 1| {OID{1, 2, 643, 2, 2, 36, 0}, "gost_256A"}, 1437| 1| }; 1438| 1|} _ZN5Botan7OID_Map16load_str2oid_mapEv: 1440| 1|std::unordered_map OID_Map::load_str2oid_map() { 1441| 1| return { 1442| 1| {"Curve25519", OID{1, 3, 101, 110}}, 1443| 1| {"SM2_Sig", OID{1, 2, 156, 10197, 1, 301, 1}}, 1444| 1| {"RSA/EMSA3(MD2)", OID{1, 2, 840, 113549, 1, 1, 2}}, 1445| 1| {"RSA/EMSA3(MD5)", OID{1, 2, 840, 113549, 1, 1, 4}}, 1446| 1| {"RSA/EMSA3(SHA-1)", OID{1, 2, 840, 113549, 1, 1, 5}}, 1447| 1| {"RSA/EMSA3(SHA-256)", OID{1, 2, 840, 113549, 1, 1, 11}}, 1448| 1| {"RSA/EMSA3(SHA-384)", OID{1, 2, 840, 113549, 1, 1, 12}}, 1449| 1| {"RSA/EMSA3(SHA-512)", OID{1, 2, 840, 113549, 1, 1, 13}}, 1450| 1| {"RSA/EMSA3(SHA-224)", OID{1, 2, 840, 113549, 1, 1, 14}}, 1451| 1| {"RSA/EMSA3(SHA-512-256)", OID{1, 2, 840, 113549, 1, 1, 16}}, 1452| 1| {"RSA/EMSA3(SHA-3(224))", OID{2, 16, 840, 1, 101, 3, 4, 3, 13}}, 1453| 1| {"RSA/EMSA3(SHA-3(256))", OID{2, 16, 840, 1, 101, 3, 4, 3, 14}}, 1454| 1| {"RSA/EMSA3(SHA-3(384))", OID{2, 16, 840, 1, 101, 3, 4, 3, 15}}, 1455| 1| {"RSA/EMSA3(SHA-3(512))", OID{2, 16, 840, 1, 101, 3, 4, 3, 16}}, 1456| 1| {"RSA/EMSA3(SM3)", OID{1, 2, 156, 10197, 1, 504}}, 1457| 1| {"RSA/EMSA3(RIPEMD-160)", OID{1, 3, 36, 3, 3, 1, 2}}, 1458| 1| {"RSA/EMSA4", OID{1, 2, 840, 113549, 1, 1, 10}}, 1459| 1| {"PBES2", OID{1, 2, 840, 113549, 1, 5, 13}}, 1460| 1| }; 1461| 1|} static_oids.cpp:_ZN5Botan12_GLOBAL__N_18if_matchERKNS_3OIDESt16initializer_listIjENSt3__117basic_string_viewIcNS6_11char_traitsIcEEEE: 18| 12.9k|std::optional if_match(const OID& oid, std::initializer_list val, std::string_view name) { 19| 12.9k| if(oid.matches(val)) { ------------------ | Branch (19:7): [True: 12.9k, False: 0] ------------------ 20| 12.9k| return name; 21| 12.9k| } else { 22| 0| return {}; 23| 0| } 24| 12.9k|} static_oids.cpp:_ZN5Botan12_GLOBAL__N_113hash_oid_nameENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 34| 30.7k|uint32_t hash_oid_name(std::string_view s) { 35| 30.7k| uint64_t hash = 0x8188B31879A4879A; 36| | 37| 369k| for(const char c : s) { ------------------ | Branch (37:21): [True: 369k, False: 30.7k] ------------------ 38| 369k| hash *= 251; 39| 369k| hash += c; 40| 369k| } 41| | 42| 30.7k| return static_cast(hash % 805289); 43| 30.7k|} static_oids.cpp:_ZN5Botan12_GLOBAL__N_18if_matchENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_St16initializer_listIjE: 26| 30.7k|std::optional if_match(std::string_view req, std::string_view actual, std::initializer_list oid) { 27| 30.7k| if(req == actual) { ------------------ | Branch (27:7): [True: 30.7k, False: 0] ------------------ 28| 30.7k| return OID(oid); 29| 30.7k| } else { 30| 0| return {}; 31| 0| } 32| 30.7k|} _ZN5Botan20Buffered_Computation6updateENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 14| 9.14k|void Buffered_Computation::update(std::string_view str) { 15| 9.14k| add_data(as_span_of_bytes(str)); 16| 9.14k|} _ZN5Botan20Buffered_Computation9update_beEm: 30| 18.2k|void Buffered_Computation::update_be(uint64_t val) { 31| 18.2k| uint8_t inb[sizeof(val)]; 32| 18.2k| store_be(val, inb); 33| 18.2k| add_data({inb, sizeof(inb)}); 34| 18.2k|} _ZN5Botan20Buffered_Computation5finalENSt3__14spanIhLm18446744073709551615EEE: 54| 59.8k|void Buffered_Computation::final(std::span out) { 55| 59.8k| BOTAN_ARG_CHECK(out.size() >= output_length(), "provided output buffer has insufficient capacity"); ------------------ | | 35| 59.8k| do { \ | | 36| 59.8k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 59.8k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 59.8k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 59.8k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 59.8k] | | ------------------ ------------------ 56| 59.8k| final_result(out); 57| 59.8k|} _ZN5Botan18SymmetricAlgorithm7set_keyERKNS_11OctetStringE: 14| 9.14k|void SymmetricAlgorithm::set_key(const OctetString& key) { 15| 9.14k| set_key(std::span{key.begin(), key.length()}); 16| 9.14k|} _ZN5Botan18SymmetricAlgorithm7set_keyENSt3__14spanIKhLm18446744073709551615EEE: 22| 13.4k|void SymmetricAlgorithm::set_key(std::span key) { 23| 13.4k| if(!valid_keylength(key.size())) { ------------------ | Branch (23:7): [True: 0, False: 13.4k] ------------------ 24| 0| throw Invalid_Key_Length(name(), key.size()); 25| 0| } 26| 13.4k| key_schedule(key); 27| 13.4k|} _ZN5Botan11OctetStringC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 27| 11.4k|OctetString::OctetString(std::string_view hex_string) { 28| 11.4k| if(!hex_string.empty()) { ------------------ | Branch (28:7): [True: 0, False: 11.4k] ------------------ 29| 0| m_data.resize(1 + hex_string.length() / 2); 30| 0| m_data.resize(hex_decode(m_data.data(), hex_string)); 31| 0| } 32| 11.4k|} _ZNK5Botan7AES_12811parallelismEv: 807| 102|size_t AES_128::parallelism() const { 808| 102| return aes_parallelism(); 809| 102|} _ZNK5Botan7AES_25611parallelismEv: 815| 375|size_t AES_256::parallelism() const { 816| 375| return aes_parallelism(); 817| 375|} _ZNK5Botan7AES_12819has_keying_materialEv: 819| 2.15k|bool AES_128::has_keying_material() const { 820| 2.15k| return !m_EK.empty(); 821| 2.15k|} _ZNK5Botan7AES_25619has_keying_materialEv: 827| 1.67k|bool AES_256::has_keying_material() const { 828| 1.67k| return !m_EK.empty(); 829| 1.67k|} _ZNK5Botan7AES_1289encrypt_nEPKhPhm: 831| 1.83k|void AES_128::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 832| 1.83k| assert_key_material_set(); 833| | 834| 1.83k|#if defined(BOTAN_HAS_AES_VAES) 835| 1.83k| if(CPUID::has(CPUID::Feature::AVX2_AES)) { ------------------ | Branch (835:7): [True: 0, False: 1.83k] ------------------ 836| 0| return x86_vaes_encrypt_n(in, out, blocks); 837| 0| } 838| 1.83k|#endif 839| | 840| 1.83k|#if defined(BOTAN_HAS_HW_AES_SUPPORT) 841| 1.83k| if(CPUID::has(CPUID::Feature::HW_AES)) { ------------------ | Branch (841:7): [True: 1.83k, False: 0] ------------------ 842| 1.83k| return hw_aes_encrypt_n(in, out, blocks); 843| 1.83k| } 844| 0|#endif 845| | 846| 0|#if defined(BOTAN_HAS_AES_VPERM) 847| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (847:7): [True: 0, False: 0] ------------------ 848| 0| return vperm_encrypt_n(in, out, blocks); 849| 0| } 850| 0|#endif 851| | 852| 0| aes_encrypt_n(in, out, blocks, m_EK); 853| 0|} _ZNK5Botan7AES_1289decrypt_nEPKhPhm: 855| 178|void AES_128::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 856| 178| assert_key_material_set(); 857| | 858| 178|#if defined(BOTAN_HAS_AES_VAES) 859| 178| if(CPUID::has(CPUID::Feature::AVX2_AES)) { ------------------ | Branch (859:7): [True: 0, False: 178] ------------------ 860| 0| return x86_vaes_decrypt_n(in, out, blocks); 861| 0| } 862| 178|#endif 863| | 864| 178|#if defined(BOTAN_HAS_HW_AES_SUPPORT) 865| 178| if(CPUID::has(CPUID::Feature::HW_AES)) { ------------------ | Branch (865:7): [True: 178, False: 0] ------------------ 866| 178| return hw_aes_decrypt_n(in, out, blocks); 867| 178| } 868| 0|#endif 869| | 870| 0|#if defined(BOTAN_HAS_AES_VPERM) 871| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (871:7): [True: 0, False: 0] ------------------ 872| 0| return vperm_decrypt_n(in, out, blocks); 873| 0| } 874| 0|#endif 875| | 876| 0| aes_decrypt_n(in, out, blocks, m_DK); 877| 0|} _ZN5Botan7AES_12812key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 879| 135|void AES_128::key_schedule(std::span key) { 880| 135|#if defined(BOTAN_HAS_AES_NI) 881| 135| if(CPUID::has(CPUID::Feature::AESNI)) { ------------------ | Branch (881:7): [True: 135, False: 0] ------------------ 882| 135| return aesni_key_schedule(key.data(), key.size()); 883| 135| } 884| 0|#endif 885| | 886| 0|#if defined(BOTAN_HAS_AES_VAES) 887| 0| if(CPUID::has(CPUID::Feature::AVX2_AES)) { ------------------ | Branch (887:7): [True: 0, False: 0] ------------------ 888| 0| return aes_key_schedule(key.data(), key.size(), m_EK, m_DK, true); 889| 0| } 890| 0|#endif 891| | 892| 0|#if defined(BOTAN_HAS_HW_AES_SUPPORT) 893| 0| if(CPUID::has(CPUID::Feature::HW_AES)) { ------------------ | Branch (893:7): [True: 0, False: 0] ------------------ 894| 0| constexpr bool is_little_endian = std::endian::native == std::endian::little; 895| 0| return aes_key_schedule(key.data(), key.size(), m_EK, m_DK, is_little_endian); 896| 0| } 897| 0|#endif 898| | 899| 0|#if defined(BOTAN_HAS_AES_VPERM) 900| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (900:7): [True: 0, False: 0] ------------------ 901| 0| return vperm_key_schedule(key.data(), key.size()); 902| 0| } 903| 0|#endif 904| | 905| 0| aes_key_schedule(key.data(), key.size(), m_EK, m_DK); 906| 0|} _ZNK5Botan7AES_2569encrypt_nEPKhPhm: 995| 744|void AES_256::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 996| 744| assert_key_material_set(); 997| | 998| 744|#if defined(BOTAN_HAS_AES_VAES) 999| 744| if(CPUID::has(CPUID::Feature::AVX2_AES)) { ------------------ | Branch (999:7): [True: 0, False: 744] ------------------ 1000| 0| return x86_vaes_encrypt_n(in, out, blocks); 1001| 0| } 1002| 744|#endif 1003| | 1004| 744|#if defined(BOTAN_HAS_HW_AES_SUPPORT) 1005| 744| if(CPUID::has(CPUID::Feature::HW_AES)) { ------------------ | Branch (1005:7): [True: 744, False: 0] ------------------ 1006| 744| return hw_aes_encrypt_n(in, out, blocks); 1007| 744| } 1008| 0|#endif 1009| | 1010| 0|#if defined(BOTAN_HAS_AES_VPERM) 1011| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (1011:7): [True: 0, False: 0] ------------------ 1012| 0| return vperm_encrypt_n(in, out, blocks); 1013| 0| } 1014| 0|#endif 1015| | 1016| 0| aes_encrypt_n(in, out, blocks, m_EK); 1017| 0|} _ZNK5Botan7AES_2569decrypt_nEPKhPhm: 1019| 342|void AES_256::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 1020| 342| assert_key_material_set(); 1021| | 1022| 342|#if defined(BOTAN_HAS_AES_VAES) 1023| 342| if(CPUID::has(CPUID::Feature::AVX2_AES)) { ------------------ | Branch (1023:7): [True: 0, False: 342] ------------------ 1024| 0| return x86_vaes_decrypt_n(in, out, blocks); 1025| 0| } 1026| 342|#endif 1027| | 1028| 342|#if defined(BOTAN_HAS_HW_AES_SUPPORT) 1029| 342| if(CPUID::has(CPUID::Feature::HW_AES)) { ------------------ | Branch (1029:7): [True: 342, False: 0] ------------------ 1030| 342| return hw_aes_decrypt_n(in, out, blocks); 1031| 342| } 1032| 0|#endif 1033| | 1034| 0|#if defined(BOTAN_HAS_AES_VPERM) 1035| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (1035:7): [True: 0, False: 0] ------------------ 1036| 0| return vperm_decrypt_n(in, out, blocks); 1037| 0| } 1038| 0|#endif 1039| | 1040| 0| aes_decrypt_n(in, out, blocks, m_DK); 1041| 0|} _ZN5Botan7AES_25612key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 1043| 197|void AES_256::key_schedule(std::span key) { 1044| 197|#if defined(BOTAN_HAS_AES_NI) 1045| 197| if(CPUID::has(CPUID::Feature::AESNI)) { ------------------ | Branch (1045:7): [True: 197, False: 0] ------------------ 1046| 197| return aesni_key_schedule(key.data(), key.size()); 1047| 197| } 1048| 0|#endif 1049| | 1050| 0|#if defined(BOTAN_HAS_AES_VAES) 1051| 0| if(CPUID::has(CPUID::Feature::AVX2_AES)) { ------------------ | Branch (1051:7): [True: 0, False: 0] ------------------ 1052| 0| return aes_key_schedule(key.data(), key.size(), m_EK, m_DK, true); 1053| 0| } 1054| 0|#endif 1055| | 1056| 0|#if defined(BOTAN_HAS_HW_AES_SUPPORT) 1057| 0| if(CPUID::has(CPUID::Feature::HW_AES)) { ------------------ | Branch (1057:7): [True: 0, False: 0] ------------------ 1058| 0| constexpr bool is_little_endian = std::endian::native == std::endian::little; 1059| 0| return aes_key_schedule(key.data(), key.size(), m_EK, m_DK, is_little_endian); 1060| 0| } 1061| 0|#endif 1062| | 1063| 0|#if defined(BOTAN_HAS_AES_VPERM) 1064| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (1064:7): [True: 0, False: 0] ------------------ 1065| 0| return vperm_key_schedule(key.data(), key.size()); 1066| 0| } 1067| 0|#endif 1068| | 1069| 0| aes_key_schedule(key.data(), key.size(), m_EK, m_DK); 1070| 0|} aes.cpp:_ZN5Botan12_GLOBAL__N_115aes_parallelismEv: 748| 477|size_t aes_parallelism() { 749| 477|#if defined(BOTAN_HAS_AES_VAES) 750| 477| if(CPUID::has(CPUID::Feature::AVX2_AES)) { ------------------ | Branch (750:7): [True: 0, False: 477] ------------------ 751| 0| return 8; // pipelined 752| 0| } 753| 477|#endif 754| | 755| 477|#if defined(BOTAN_HAS_HW_AES_SUPPORT) 756| 477| if(CPUID::has(CPUID::Feature::HW_AES)) { ------------------ | Branch (756:7): [True: 477, False: 0] ------------------ 757| 477| return 4; // pipelined 758| 477| } 759| 0|#endif 760| | 761| 0|#if defined(BOTAN_HAS_AES_VPERM) 762| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (762:7): [True: 0, False: 0] ------------------ 763| 0| return 2; // pipelined 764| 0| } 765| 0|#endif 766| | 767| | // bitsliced: 768| 0| return 2; 769| 0|} _ZNK5Botan7AES_12816hw_aes_encrypt_nEPKhPhm: 134| 1.83k|BOTAN_FN_ISA_AESNI void AES_128::hw_aes_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 135| 1.83k| const SIMD_4x32 K0 = SIMD_4x32::load_le(&m_EK[4 * 0]); 136| 1.83k| const SIMD_4x32 K1 = SIMD_4x32::load_le(&m_EK[4 * 1]); 137| 1.83k| const SIMD_4x32 K2 = SIMD_4x32::load_le(&m_EK[4 * 2]); 138| 1.83k| const SIMD_4x32 K3 = SIMD_4x32::load_le(&m_EK[4 * 3]); 139| 1.83k| const SIMD_4x32 K4 = SIMD_4x32::load_le(&m_EK[4 * 4]); 140| 1.83k| const SIMD_4x32 K5 = SIMD_4x32::load_le(&m_EK[4 * 5]); 141| 1.83k| const SIMD_4x32 K6 = SIMD_4x32::load_le(&m_EK[4 * 6]); 142| 1.83k| const SIMD_4x32 K7 = SIMD_4x32::load_le(&m_EK[4 * 7]); 143| 1.83k| const SIMD_4x32 K8 = SIMD_4x32::load_le(&m_EK[4 * 8]); 144| 1.83k| const SIMD_4x32 K9 = SIMD_4x32::load_le(&m_EK[4 * 9]); 145| 1.83k| const SIMD_4x32 K10 = SIMD_4x32::load_le(&m_EK[4 * 10]); 146| | 147| 2.21k| while(blocks >= 4) { ------------------ | Branch (147:10): [True: 376, False: 1.83k] ------------------ 148| 376| SIMD_4x32 B0 = SIMD_4x32::load_le(in + 16 * 0); 149| 376| SIMD_4x32 B1 = SIMD_4x32::load_le(in + 16 * 1); 150| 376| SIMD_4x32 B2 = SIMD_4x32::load_le(in + 16 * 2); 151| 376| SIMD_4x32 B3 = SIMD_4x32::load_le(in + 16 * 3); 152| | 153| 376| keyxor(K0, B0, B1, B2, B3); 154| 376| aesenc(K1, B0, B1, B2, B3); 155| 376| aesenc(K2, B0, B1, B2, B3); 156| 376| aesenc(K3, B0, B1, B2, B3); 157| 376| aesenc(K4, B0, B1, B2, B3); 158| 376| aesenc(K5, B0, B1, B2, B3); 159| 376| aesenc(K6, B0, B1, B2, B3); 160| 376| aesenc(K7, B0, B1, B2, B3); 161| 376| aesenc(K8, B0, B1, B2, B3); 162| 376| aesenc(K9, B0, B1, B2, B3); 163| 376| aesenclast(K10, B0, B1, B2, B3); 164| | 165| 376| B0.store_le(out + 16 * 0); 166| 376| B1.store_le(out + 16 * 1); 167| 376| B2.store_le(out + 16 * 2); 168| 376| B3.store_le(out + 16 * 3); 169| | 170| 376| blocks -= 4; 171| 376| in += 4 * 16; 172| 376| out += 4 * 16; 173| 376| } 174| | 175| 3.58k| for(size_t i = 0; i != blocks; ++i) { ------------------ | Branch (175:22): [True: 1.74k, False: 1.83k] ------------------ 176| 1.74k| SIMD_4x32 B0 = SIMD_4x32::load_le(in + 16 * i); 177| | 178| 1.74k| B0 ^= K0; 179| 1.74k| aesenc(K1, B0); 180| 1.74k| aesenc(K2, B0); 181| 1.74k| aesenc(K3, B0); 182| 1.74k| aesenc(K4, B0); 183| 1.74k| aesenc(K5, B0); 184| 1.74k| aesenc(K6, B0); 185| 1.74k| aesenc(K7, B0); 186| 1.74k| aesenc(K8, B0); 187| 1.74k| aesenc(K9, B0); 188| 1.74k| aesenclast(K10, B0); 189| | 190| 1.74k| B0.store_le(out + 16 * i); 191| 1.74k| } 192| 1.83k|} _ZNK5Botan7AES_12816hw_aes_decrypt_nEPKhPhm: 197| 178|BOTAN_FN_ISA_AESNI void AES_128::hw_aes_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 198| 178| const SIMD_4x32 K0 = SIMD_4x32::load_le(&m_DK[4 * 0]); 199| 178| const SIMD_4x32 K1 = SIMD_4x32::load_le(&m_DK[4 * 1]); 200| 178| const SIMD_4x32 K2 = SIMD_4x32::load_le(&m_DK[4 * 2]); 201| 178| const SIMD_4x32 K3 = SIMD_4x32::load_le(&m_DK[4 * 3]); 202| 178| const SIMD_4x32 K4 = SIMD_4x32::load_le(&m_DK[4 * 4]); 203| 178| const SIMD_4x32 K5 = SIMD_4x32::load_le(&m_DK[4 * 5]); 204| 178| const SIMD_4x32 K6 = SIMD_4x32::load_le(&m_DK[4 * 6]); 205| 178| const SIMD_4x32 K7 = SIMD_4x32::load_le(&m_DK[4 * 7]); 206| 178| const SIMD_4x32 K8 = SIMD_4x32::load_le(&m_DK[4 * 8]); 207| 178| const SIMD_4x32 K9 = SIMD_4x32::load_le(&m_DK[4 * 9]); 208| 178| const SIMD_4x32 K10 = SIMD_4x32::load_le(&m_DK[4 * 10]); 209| | 210| 805| while(blocks >= 4) { ------------------ | Branch (210:10): [True: 627, False: 178] ------------------ 211| 627| SIMD_4x32 B0 = SIMD_4x32::load_le(in + 16 * 0); 212| 627| SIMD_4x32 B1 = SIMD_4x32::load_le(in + 16 * 1); 213| 627| SIMD_4x32 B2 = SIMD_4x32::load_le(in + 16 * 2); 214| 627| SIMD_4x32 B3 = SIMD_4x32::load_le(in + 16 * 3); 215| | 216| 627| keyxor(K0, B0, B1, B2, B3); 217| 627| aesdec(K1, B0, B1, B2, B3); 218| 627| aesdec(K2, B0, B1, B2, B3); 219| 627| aesdec(K3, B0, B1, B2, B3); 220| 627| aesdec(K4, B0, B1, B2, B3); 221| 627| aesdec(K5, B0, B1, B2, B3); 222| 627| aesdec(K6, B0, B1, B2, B3); 223| 627| aesdec(K7, B0, B1, B2, B3); 224| 627| aesdec(K8, B0, B1, B2, B3); 225| 627| aesdec(K9, B0, B1, B2, B3); 226| 627| aesdeclast(K10, B0, B1, B2, B3); 227| | 228| 627| B0.store_le(out + 16 * 0); 229| 627| B1.store_le(out + 16 * 1); 230| 627| B2.store_le(out + 16 * 2); 231| 627| B3.store_le(out + 16 * 3); 232| | 233| 627| blocks -= 4; 234| 627| in += 4 * 16; 235| 627| out += 4 * 16; 236| 627| } 237| | 238| 254| for(size_t i = 0; i != blocks; ++i) { ------------------ | Branch (238:22): [True: 76, False: 178] ------------------ 239| 76| SIMD_4x32 B0 = SIMD_4x32::load_le(in + 16 * i); 240| | 241| 76| B0 ^= K0; 242| 76| aesdec(K1, B0); 243| 76| aesdec(K2, B0); 244| 76| aesdec(K3, B0); 245| 76| aesdec(K4, B0); 246| 76| aesdec(K5, B0); 247| 76| aesdec(K6, B0); 248| 76| aesdec(K7, B0); 249| 76| aesdec(K8, B0); 250| 76| aesdec(K9, B0); 251| 76| aesdeclast(K10, B0); 252| | 253| 76| B0.store_le(out + 16 * i); 254| 76| } 255| 178|} _ZN5Botan7AES_12818aesni_key_scheduleEPKhm: 260| 135|BOTAN_FN_ISA_AESNI void AES_128::aesni_key_schedule(const uint8_t key[], size_t /*length*/) { 261| 135| m_EK.resize(44); 262| 135| m_DK.resize(44); 263| | 264| | // NOLINTBEGIN(portability-simd-intrinsics) TODO convert to using SIMD_4x32 265| | 266| 135| const __m128i K0 = _mm_loadu_si128(reinterpret_cast(key)); 267| 135| const __m128i K1 = aes_128_key_expansion<0x01>(K0, K0); 268| 135| const __m128i K2 = aes_128_key_expansion<0x02>(K1, K1); 269| 135| const __m128i K3 = aes_128_key_expansion<0x04>(K2, K2); 270| 135| const __m128i K4 = aes_128_key_expansion<0x08>(K3, K3); 271| 135| const __m128i K5 = aes_128_key_expansion<0x10>(K4, K4); 272| 135| const __m128i K6 = aes_128_key_expansion<0x20>(K5, K5); 273| 135| const __m128i K7 = aes_128_key_expansion<0x40>(K6, K6); 274| 135| const __m128i K8 = aes_128_key_expansion<0x80>(K7, K7); 275| 135| const __m128i K9 = aes_128_key_expansion<0x1B>(K8, K8); 276| 135| const __m128i K10 = aes_128_key_expansion<0x36>(K9, K9); 277| | 278| 135| __m128i* EK_mm = reinterpret_cast<__m128i*>(m_EK.data()); 279| 135| _mm_storeu_si128(EK_mm, K0); 280| 135| _mm_storeu_si128(EK_mm + 1, K1); 281| 135| _mm_storeu_si128(EK_mm + 2, K2); 282| 135| _mm_storeu_si128(EK_mm + 3, K3); 283| 135| _mm_storeu_si128(EK_mm + 4, K4); 284| 135| _mm_storeu_si128(EK_mm + 5, K5); 285| 135| _mm_storeu_si128(EK_mm + 6, K6); 286| 135| _mm_storeu_si128(EK_mm + 7, K7); 287| 135| _mm_storeu_si128(EK_mm + 8, K8); 288| 135| _mm_storeu_si128(EK_mm + 9, K9); 289| 135| _mm_storeu_si128(EK_mm + 10, K10); 290| | 291| | // Now generate decryption keys 292| | 293| 135| __m128i* DK_mm = reinterpret_cast<__m128i*>(m_DK.data()); 294| 135| _mm_storeu_si128(DK_mm, K10); 295| 135| _mm_storeu_si128(DK_mm + 1, _mm_aesimc_si128(K9)); 296| 135| _mm_storeu_si128(DK_mm + 2, _mm_aesimc_si128(K8)); 297| 135| _mm_storeu_si128(DK_mm + 3, _mm_aesimc_si128(K7)); 298| 135| _mm_storeu_si128(DK_mm + 4, _mm_aesimc_si128(K6)); 299| 135| _mm_storeu_si128(DK_mm + 5, _mm_aesimc_si128(K5)); 300| 135| _mm_storeu_si128(DK_mm + 6, _mm_aesimc_si128(K4)); 301| 135| _mm_storeu_si128(DK_mm + 7, _mm_aesimc_si128(K3)); 302| 135| _mm_storeu_si128(DK_mm + 8, _mm_aesimc_si128(K2)); 303| 135| _mm_storeu_si128(DK_mm + 9, _mm_aesimc_si128(K1)); 304| 135| _mm_storeu_si128(DK_mm + 10, K0); 305| | 306| | // NOLINTEND(portability-simd-intrinsics) 307| 135|} _ZNK5Botan7AES_25616hw_aes_encrypt_nEPKhPhm: 497| 744|BOTAN_FN_ISA_AESNI void AES_256::hw_aes_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 498| 744| const SIMD_4x32 K0 = SIMD_4x32::load_le(&m_EK[4 * 0]); 499| 744| const SIMD_4x32 K1 = SIMD_4x32::load_le(&m_EK[4 * 1]); 500| 744| const SIMD_4x32 K2 = SIMD_4x32::load_le(&m_EK[4 * 2]); 501| 744| const SIMD_4x32 K3 = SIMD_4x32::load_le(&m_EK[4 * 3]); 502| 744| const SIMD_4x32 K4 = SIMD_4x32::load_le(&m_EK[4 * 4]); 503| 744| const SIMD_4x32 K5 = SIMD_4x32::load_le(&m_EK[4 * 5]); 504| 744| const SIMD_4x32 K6 = SIMD_4x32::load_le(&m_EK[4 * 6]); 505| 744| const SIMD_4x32 K7 = SIMD_4x32::load_le(&m_EK[4 * 7]); 506| 744| const SIMD_4x32 K8 = SIMD_4x32::load_le(&m_EK[4 * 8]); 507| 744| const SIMD_4x32 K9 = SIMD_4x32::load_le(&m_EK[4 * 9]); 508| 744| const SIMD_4x32 K10 = SIMD_4x32::load_le(&m_EK[4 * 10]); 509| 744| const SIMD_4x32 K11 = SIMD_4x32::load_le(&m_EK[4 * 11]); 510| 744| const SIMD_4x32 K12 = SIMD_4x32::load_le(&m_EK[4 * 12]); 511| 744| const SIMD_4x32 K13 = SIMD_4x32::load_le(&m_EK[4 * 13]); 512| 744| const SIMD_4x32 K14 = SIMD_4x32::load_le(&m_EK[4 * 14]); 513| | 514| 1.54k| while(blocks >= 4) { ------------------ | Branch (514:10): [True: 804, False: 744] ------------------ 515| 804| SIMD_4x32 B0 = SIMD_4x32::load_le(in + 16 * 0); 516| 804| SIMD_4x32 B1 = SIMD_4x32::load_le(in + 16 * 1); 517| 804| SIMD_4x32 B2 = SIMD_4x32::load_le(in + 16 * 2); 518| 804| SIMD_4x32 B3 = SIMD_4x32::load_le(in + 16 * 3); 519| | 520| 804| keyxor(K0, B0, B1, B2, B3); 521| 804| aesenc(K1, B0, B1, B2, B3); 522| 804| aesenc(K2, B0, B1, B2, B3); 523| 804| aesenc(K3, B0, B1, B2, B3); 524| 804| aesenc(K4, B0, B1, B2, B3); 525| 804| aesenc(K5, B0, B1, B2, B3); 526| 804| aesenc(K6, B0, B1, B2, B3); 527| 804| aesenc(K7, B0, B1, B2, B3); 528| 804| aesenc(K8, B0, B1, B2, B3); 529| 804| aesenc(K9, B0, B1, B2, B3); 530| 804| aesenc(K10, B0, B1, B2, B3); 531| 804| aesenc(K11, B0, B1, B2, B3); 532| 804| aesenc(K12, B0, B1, B2, B3); 533| 804| aesenc(K13, B0, B1, B2, B3); 534| 804| aesenclast(K14, B0, B1, B2, B3); 535| | 536| 804| B0.store_le(out + 16 * 0); 537| 804| B1.store_le(out + 16 * 1); 538| 804| B2.store_le(out + 16 * 2); 539| 804| B3.store_le(out + 16 * 3); 540| | 541| 804| blocks -= 4; 542| 804| in += 4 * 16; 543| 804| out += 4 * 16; 544| 804| } 545| | 546| 1.28k| for(size_t i = 0; i != blocks; ++i) { ------------------ | Branch (546:22): [True: 543, False: 744] ------------------ 547| 543| SIMD_4x32 B0 = SIMD_4x32::load_le(in + 16 * i); 548| | 549| 543| B0 ^= K0; 550| | 551| 543| aesenc(K1, B0); 552| 543| aesenc(K2, B0); 553| 543| aesenc(K3, B0); 554| 543| aesenc(K4, B0); 555| 543| aesenc(K5, B0); 556| 543| aesenc(K6, B0); 557| 543| aesenc(K7, B0); 558| 543| aesenc(K8, B0); 559| 543| aesenc(K9, B0); 560| 543| aesenc(K10, B0); 561| 543| aesenc(K11, B0); 562| 543| aesenc(K12, B0); 563| 543| aesenc(K13, B0); 564| 543| aesenclast(K14, B0); 565| | 566| 543| B0.store_le(out + 16 * i); 567| 543| } 568| 744|} _ZNK5Botan7AES_25616hw_aes_decrypt_nEPKhPhm: 573| 342|BOTAN_FN_ISA_AESNI void AES_256::hw_aes_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 574| 342| const SIMD_4x32 K0 = SIMD_4x32::load_le(&m_DK[4 * 0]); 575| 342| const SIMD_4x32 K1 = SIMD_4x32::load_le(&m_DK[4 * 1]); 576| 342| const SIMD_4x32 K2 = SIMD_4x32::load_le(&m_DK[4 * 2]); 577| 342| const SIMD_4x32 K3 = SIMD_4x32::load_le(&m_DK[4 * 3]); 578| 342| const SIMD_4x32 K4 = SIMD_4x32::load_le(&m_DK[4 * 4]); 579| 342| const SIMD_4x32 K5 = SIMD_4x32::load_le(&m_DK[4 * 5]); 580| 342| const SIMD_4x32 K6 = SIMD_4x32::load_le(&m_DK[4 * 6]); 581| 342| const SIMD_4x32 K7 = SIMD_4x32::load_le(&m_DK[4 * 7]); 582| 342| const SIMD_4x32 K8 = SIMD_4x32::load_le(&m_DK[4 * 8]); 583| 342| const SIMD_4x32 K9 = SIMD_4x32::load_le(&m_DK[4 * 9]); 584| 342| const SIMD_4x32 K10 = SIMD_4x32::load_le(&m_DK[4 * 10]); 585| 342| const SIMD_4x32 K11 = SIMD_4x32::load_le(&m_DK[4 * 11]); 586| 342| const SIMD_4x32 K12 = SIMD_4x32::load_le(&m_DK[4 * 12]); 587| 342| const SIMD_4x32 K13 = SIMD_4x32::load_le(&m_DK[4 * 13]); 588| 342| const SIMD_4x32 K14 = SIMD_4x32::load_le(&m_DK[4 * 14]); 589| | 590| 1.57k| while(blocks >= 4) { ------------------ | Branch (590:10): [True: 1.23k, False: 342] ------------------ 591| 1.23k| SIMD_4x32 B0 = SIMD_4x32::load_le(in + 16 * 0); 592| 1.23k| SIMD_4x32 B1 = SIMD_4x32::load_le(in + 16 * 1); 593| 1.23k| SIMD_4x32 B2 = SIMD_4x32::load_le(in + 16 * 2); 594| 1.23k| SIMD_4x32 B3 = SIMD_4x32::load_le(in + 16 * 3); 595| | 596| 1.23k| keyxor(K0, B0, B1, B2, B3); 597| 1.23k| aesdec(K1, B0, B1, B2, B3); 598| 1.23k| aesdec(K2, B0, B1, B2, B3); 599| 1.23k| aesdec(K3, B0, B1, B2, B3); 600| 1.23k| aesdec(K4, B0, B1, B2, B3); 601| 1.23k| aesdec(K5, B0, B1, B2, B3); 602| 1.23k| aesdec(K6, B0, B1, B2, B3); 603| 1.23k| aesdec(K7, B0, B1, B2, B3); 604| 1.23k| aesdec(K8, B0, B1, B2, B3); 605| 1.23k| aesdec(K9, B0, B1, B2, B3); 606| 1.23k| aesdec(K10, B0, B1, B2, B3); 607| 1.23k| aesdec(K11, B0, B1, B2, B3); 608| 1.23k| aesdec(K12, B0, B1, B2, B3); 609| 1.23k| aesdec(K13, B0, B1, B2, B3); 610| 1.23k| aesdeclast(K14, B0, B1, B2, B3); 611| | 612| 1.23k| B0.store_le(out + 16 * 0); 613| 1.23k| B1.store_le(out + 16 * 1); 614| 1.23k| B2.store_le(out + 16 * 2); 615| 1.23k| B3.store_le(out + 16 * 3); 616| | 617| 1.23k| blocks -= 4; 618| 1.23k| in += 4 * 16; 619| 1.23k| out += 4 * 16; 620| 1.23k| } 621| | 622| 451| for(size_t i = 0; i != blocks; ++i) { ------------------ | Branch (622:22): [True: 109, False: 342] ------------------ 623| 109| SIMD_4x32 B0 = SIMD_4x32::load_le(in + 16 * i); 624| | 625| 109| B0 ^= K0; 626| | 627| 109| aesdec(K1, B0); 628| 109| aesdec(K2, B0); 629| 109| aesdec(K3, B0); 630| 109| aesdec(K4, B0); 631| 109| aesdec(K5, B0); 632| 109| aesdec(K6, B0); 633| 109| aesdec(K7, B0); 634| 109| aesdec(K8, B0); 635| 109| aesdec(K9, B0); 636| 109| aesdec(K10, B0); 637| 109| aesdec(K11, B0); 638| 109| aesdec(K12, B0); 639| 109| aesdec(K13, B0); 640| 109| aesdeclast(K14, B0); 641| | 642| 109| B0.store_le(out + 16 * i); 643| 109| } 644| 342|} _ZN5Botan7AES_25618aesni_key_scheduleEPKhm: 649| 197|BOTAN_FN_ISA_AESNI void AES_256::aesni_key_schedule(const uint8_t key[], size_t /*length*/) { 650| 197| m_EK.resize(60); 651| 197| m_DK.resize(60); 652| | 653| | // NOLINTBEGIN(portability-simd-intrinsics) TODO convert to using SIMD_4x32 654| | 655| 197| const __m128i K0 = _mm_loadu_si128(reinterpret_cast(key)); 656| 197| const __m128i K1 = _mm_loadu_si128(reinterpret_cast(key + 16)); 657| | 658| 197| const __m128i K2 = aes_128_key_expansion<0x01>(K0, K1); 659| 197| const __m128i K3 = aes_256_key_expansion(K1, K2); 660| | 661| 197| const __m128i K4 = aes_128_key_expansion<0x02>(K2, K3); 662| 197| const __m128i K5 = aes_256_key_expansion(K3, K4); 663| | 664| 197| const __m128i K6 = aes_128_key_expansion<0x04>(K4, K5); 665| 197| const __m128i K7 = aes_256_key_expansion(K5, K6); 666| | 667| 197| const __m128i K8 = aes_128_key_expansion<0x08>(K6, K7); 668| 197| const __m128i K9 = aes_256_key_expansion(K7, K8); 669| | 670| 197| const __m128i K10 = aes_128_key_expansion<0x10>(K8, K9); 671| 197| const __m128i K11 = aes_256_key_expansion(K9, K10); 672| | 673| 197| const __m128i K12 = aes_128_key_expansion<0x20>(K10, K11); 674| 197| const __m128i K13 = aes_256_key_expansion(K11, K12); 675| | 676| 197| const __m128i K14 = aes_128_key_expansion<0x40>(K12, K13); 677| | 678| 197| __m128i* EK_mm = reinterpret_cast<__m128i*>(m_EK.data()); 679| 197| _mm_storeu_si128(EK_mm, K0); 680| 197| _mm_storeu_si128(EK_mm + 1, K1); 681| 197| _mm_storeu_si128(EK_mm + 2, K2); 682| 197| _mm_storeu_si128(EK_mm + 3, K3); 683| 197| _mm_storeu_si128(EK_mm + 4, K4); 684| 197| _mm_storeu_si128(EK_mm + 5, K5); 685| 197| _mm_storeu_si128(EK_mm + 6, K6); 686| 197| _mm_storeu_si128(EK_mm + 7, K7); 687| 197| _mm_storeu_si128(EK_mm + 8, K8); 688| 197| _mm_storeu_si128(EK_mm + 9, K9); 689| 197| _mm_storeu_si128(EK_mm + 10, K10); 690| 197| _mm_storeu_si128(EK_mm + 11, K11); 691| 197| _mm_storeu_si128(EK_mm + 12, K12); 692| 197| _mm_storeu_si128(EK_mm + 13, K13); 693| 197| _mm_storeu_si128(EK_mm + 14, K14); 694| | 695| | // Now generate decryption keys 696| 197| __m128i* DK_mm = reinterpret_cast<__m128i*>(m_DK.data()); 697| 197| _mm_storeu_si128(DK_mm, K14); 698| 197| _mm_storeu_si128(DK_mm + 1, _mm_aesimc_si128(K13)); 699| 197| _mm_storeu_si128(DK_mm + 2, _mm_aesimc_si128(K12)); 700| 197| _mm_storeu_si128(DK_mm + 3, _mm_aesimc_si128(K11)); 701| 197| _mm_storeu_si128(DK_mm + 4, _mm_aesimc_si128(K10)); 702| 197| _mm_storeu_si128(DK_mm + 5, _mm_aesimc_si128(K9)); 703| 197| _mm_storeu_si128(DK_mm + 6, _mm_aesimc_si128(K8)); 704| 197| _mm_storeu_si128(DK_mm + 7, _mm_aesimc_si128(K7)); 705| 197| _mm_storeu_si128(DK_mm + 8, _mm_aesimc_si128(K6)); 706| 197| _mm_storeu_si128(DK_mm + 9, _mm_aesimc_si128(K5)); 707| 197| _mm_storeu_si128(DK_mm + 10, _mm_aesimc_si128(K4)); 708| 197| _mm_storeu_si128(DK_mm + 11, _mm_aesimc_si128(K3)); 709| 197| _mm_storeu_si128(DK_mm + 12, _mm_aesimc_si128(K2)); 710| 197| _mm_storeu_si128(DK_mm + 13, _mm_aesimc_si128(K1)); 711| 197| _mm_storeu_si128(DK_mm + 14, K0); 712| | 713| | // NOLINTEND(portability-simd-intrinsics) 714| 197|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_16keyxorENS_9SIMD_4x32ERS1_S2_S2_S2_: 72| 3.04k| SIMD_4x32 K, SIMD_4x32& B0, SIMD_4x32& B1, SIMD_4x32& B2, SIMD_4x32& B3) { 73| 3.04k| B0 ^= K; 74| 3.04k| B1 ^= K; 75| 3.04k| B2 ^= K; 76| 3.04k| B3 ^= K; 77| 3.04k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_16aesencENS_9SIMD_4x32ERS1_S2_S2_S2_: 84| 13.8k| SIMD_4x32 K, SIMD_4x32& B0, SIMD_4x32& B1, SIMD_4x32& B2, SIMD_4x32& B3) { 85| 13.8k| B0 = SIMD_4x32(_mm_aesenc_si128(B0.raw(), K.raw())); 86| 13.8k| B1 = SIMD_4x32(_mm_aesenc_si128(B1.raw(), K.raw())); 87| 13.8k| B2 = SIMD_4x32(_mm_aesenc_si128(B2.raw(), K.raw())); 88| 13.8k| B3 = SIMD_4x32(_mm_aesenc_si128(B3.raw(), K.raw())); 89| 13.8k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_110aesenclastENS_9SIMD_4x32ERS1_S2_S2_S2_: 96| 1.18k| SIMD_4x32 K, SIMD_4x32& B0, SIMD_4x32& B1, SIMD_4x32& B2, SIMD_4x32& B3) { 97| 1.18k| B0 = SIMD_4x32(_mm_aesenclast_si128(B0.raw(), K.raw())); 98| 1.18k| B1 = SIMD_4x32(_mm_aesenclast_si128(B1.raw(), K.raw())); 99| 1.18k| B2 = SIMD_4x32(_mm_aesenclast_si128(B2.raw(), K.raw())); 100| 1.18k| B3 = SIMD_4x32(_mm_aesenclast_si128(B3.raw(), K.raw())); 101| 1.18k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_16aesencENS_9SIMD_4x32ERS1_: 79| 22.7k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_AESNI void aesenc(SIMD_4x32 K, SIMD_4x32& B) { 80| 22.7k| B = SIMD_4x32(_mm_aesenc_si128(B.raw(), K.raw())); 81| 22.7k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_110aesenclastENS_9SIMD_4x32ERS1_: 91| 2.28k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_AESNI void aesenclast(SIMD_4x32 K, SIMD_4x32& B) { 92| 2.28k| B = SIMD_4x32(_mm_aesenclast_si128(B.raw(), K.raw())); 93| 2.28k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_16aesdecENS_9SIMD_4x32ERS1_S2_S2_S2_: 108| 21.6k| SIMD_4x32 K, SIMD_4x32& B0, SIMD_4x32& B1, SIMD_4x32& B2, SIMD_4x32& B3) { 109| 21.6k| B0 = SIMD_4x32(_mm_aesdec_si128(B0.raw(), K.raw())); 110| 21.6k| B1 = SIMD_4x32(_mm_aesdec_si128(B1.raw(), K.raw())); 111| 21.6k| B2 = SIMD_4x32(_mm_aesdec_si128(B2.raw(), K.raw())); 112| 21.6k| B3 = SIMD_4x32(_mm_aesdec_si128(B3.raw(), K.raw())); 113| 21.6k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_110aesdeclastENS_9SIMD_4x32ERS1_S2_S2_S2_: 120| 1.86k| SIMD_4x32 K, SIMD_4x32& B0, SIMD_4x32& B1, SIMD_4x32& B2, SIMD_4x32& B3) { 121| 1.86k| B0 = SIMD_4x32(_mm_aesdeclast_si128(B0.raw(), K.raw())); 122| 1.86k| B1 = SIMD_4x32(_mm_aesdeclast_si128(B1.raw(), K.raw())); 123| 1.86k| B2 = SIMD_4x32(_mm_aesdeclast_si128(B2.raw(), K.raw())); 124| 1.86k| B3 = SIMD_4x32(_mm_aesdeclast_si128(B3.raw(), K.raw())); 125| 1.86k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_16aesdecENS_9SIMD_4x32ERS1_: 103| 2.10k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_AESNI void aesdec(SIMD_4x32 K, SIMD_4x32& B) { 104| 2.10k| B = SIMD_4x32(_mm_aesdec_si128(B.raw(), K.raw())); 105| 2.10k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_110aesdeclastENS_9SIMD_4x32ERS1_: 115| 185|BOTAN_FORCE_INLINE BOTAN_FN_ISA_AESNI void aesdeclast(SIMD_4x32 K, SIMD_4x32& B) { 116| 185| B = SIMD_4x32(_mm_aesdeclast_si128(B.raw(), K.raw())); 117| 185|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_256_key_expansionEDv2_xS1_: 61| 1.18k|BOTAN_FN_ISA_AESNI __m128i aes_256_key_expansion(__m128i key, __m128i key2) { 62| 1.18k| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key2, 0x00); 63| 1.18k| key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(2, 2, 2, 2)); 64| | 65| 1.18k| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 66| 1.18k| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 67| | key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 68| 1.18k| return _mm_xor_si128(key, key_with_rcon); 69| 1.18k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh1EEEDv2_xS2_S2_: 22| 332|BOTAN_FN_ISA_AESNI inline __m128i aes_128_key_expansion(__m128i key, __m128i key_getting_rcon) { 23| 332| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon, RC); 24| 332| key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 332| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 26| 332| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 27| | key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 28| 332| return _mm_xor_si128(key, key_with_rcon); 29| 332|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh2EEEDv2_xS2_S2_: 22| 332|BOTAN_FN_ISA_AESNI inline __m128i aes_128_key_expansion(__m128i key, __m128i key_getting_rcon) { 23| 332| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon, RC); 24| 332| key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 332| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 26| 332| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 27| | key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 28| 332| return _mm_xor_si128(key, key_with_rcon); 29| 332|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh4EEEDv2_xS2_S2_: 22| 332|BOTAN_FN_ISA_AESNI inline __m128i aes_128_key_expansion(__m128i key, __m128i key_getting_rcon) { 23| 332| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon, RC); 24| 332| key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 332| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 26| 332| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 27| | key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 28| 332| return _mm_xor_si128(key, key_with_rcon); 29| 332|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh8EEEDv2_xS2_S2_: 22| 332|BOTAN_FN_ISA_AESNI inline __m128i aes_128_key_expansion(__m128i key, __m128i key_getting_rcon) { 23| 332| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon, RC); 24| 332| key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 332| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 26| 332| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 27| | key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 28| 332| return _mm_xor_si128(key, key_with_rcon); 29| 332|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh16EEEDv2_xS2_S2_: 22| 332|BOTAN_FN_ISA_AESNI inline __m128i aes_128_key_expansion(__m128i key, __m128i key_getting_rcon) { 23| 332| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon, RC); 24| 332| key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 332| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 26| 332| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 27| | key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 28| 332| return _mm_xor_si128(key, key_with_rcon); 29| 332|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh32EEEDv2_xS2_S2_: 22| 332|BOTAN_FN_ISA_AESNI inline __m128i aes_128_key_expansion(__m128i key, __m128i key_getting_rcon) { 23| 332| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon, RC); 24| 332| key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 332| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 26| 332| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 27| | key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 28| 332| return _mm_xor_si128(key, key_with_rcon); 29| 332|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh64EEEDv2_xS2_S2_: 22| 332|BOTAN_FN_ISA_AESNI inline __m128i aes_128_key_expansion(__m128i key, __m128i key_getting_rcon) { 23| 332| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon, RC); 24| 332| key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 332| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 26| 332| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 27| | key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 28| 332| return _mm_xor_si128(key, key_with_rcon); 29| 332|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh128EEEDv2_xS2_S2_: 22| 135|BOTAN_FN_ISA_AESNI inline __m128i aes_128_key_expansion(__m128i key, __m128i key_getting_rcon) { 23| 135| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon, RC); 24| 135| key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 135| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 26| 135| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 27| | key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 28| 135| return _mm_xor_si128(key, key_with_rcon); 29| 135|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh27EEEDv2_xS2_S2_: 22| 135|BOTAN_FN_ISA_AESNI inline __m128i aes_128_key_expansion(__m128i key, __m128i key_getting_rcon) { 23| 135| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon, RC); 24| 135| key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 135| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 26| 135| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 27| | key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 28| 135| return _mm_xor_si128(key, key_with_rcon); 29| 135|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh54EEEDv2_xS2_S2_: 22| 135|BOTAN_FN_ISA_AESNI inline __m128i aes_128_key_expansion(__m128i key, __m128i key_getting_rcon) { 23| 135| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon, RC); 24| 135| key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 135| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 26| 135| key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 27| | key = _mm_xor_si128(key, _mm_slli_si128(key, 4)); 28| 135| return _mm_xor_si128(key, key_with_rcon); 29| 135|} _ZN5Botan11BlockCipher6createENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 96| 407|std::unique_ptr BlockCipher::create(std::string_view algo, std::string_view provider) { 97| |#if defined(BOTAN_HAS_COMMONCRYPTO) 98| | if(provider.empty() || provider == "commoncrypto") { 99| | if(auto bc = make_commoncrypto_block_cipher(algo)) 100| | return bc; 101| | 102| | if(!provider.empty()) 103| | return nullptr; 104| | } 105| |#endif 106| | 107| | // TODO: CryptoAPI 108| | // TODO: /dev/crypto 109| | 110| | // Only base providers from here on out 111| 407| if(provider.empty() == false && provider != "base") { ------------------ | Branch (111:7): [True: 0, False: 407] | Branch (111:36): [True: 0, False: 0] ------------------ 112| 0| return nullptr; 113| 0| } 114| | 115| 407|#if defined(BOTAN_HAS_AES) 116| 407| if(algo == "AES-128") { ------------------ | Branch (116:7): [True: 135, False: 272] ------------------ 117| 135| return std::make_unique(); 118| 135| } 119| | 120| 272| if(algo == "AES-192") { ------------------ | Branch (120:7): [True: 0, False: 272] ------------------ 121| 0| return std::make_unique(); 122| 0| } 123| | 124| 272| if(algo == "AES-256") { ------------------ | Branch (124:7): [True: 197, False: 75] ------------------ 125| 197| return std::make_unique(); 126| 197| } 127| 75|#endif 128| | 129| 75|#if defined(BOTAN_HAS_ARIA) 130| 75| if(algo == "ARIA-128") { ------------------ | Branch (130:7): [True: 0, False: 75] ------------------ 131| 0| return std::make_unique(); 132| 0| } 133| | 134| 75| if(algo == "ARIA-192") { ------------------ | Branch (134:7): [True: 0, False: 75] ------------------ 135| 0| return std::make_unique(); 136| 0| } 137| | 138| 75| if(algo == "ARIA-256") { ------------------ | Branch (138:7): [True: 0, False: 75] ------------------ 139| 0| return std::make_unique(); 140| 0| } 141| 75|#endif 142| | 143| 75|#if defined(BOTAN_HAS_SERPENT) 144| 75| if(algo == "Serpent") { ------------------ | Branch (144:7): [True: 0, False: 75] ------------------ 145| 0| return std::make_unique(); 146| 0| } 147| 75|#endif 148| | 149| 75|#if defined(BOTAN_HAS_SHACAL2) 150| 75| if(algo == "SHACAL2") { ------------------ | Branch (150:7): [True: 0, False: 75] ------------------ 151| 0| return std::make_unique(); 152| 0| } 153| 75|#endif 154| | 155| 75|#if defined(BOTAN_HAS_TWOFISH) 156| 75| if(algo == "Twofish") { ------------------ | Branch (156:7): [True: 0, False: 75] ------------------ 157| 0| return std::make_unique(); 158| 0| } 159| 75|#endif 160| | 161| 75|#if defined(BOTAN_HAS_THREEFISH_512) 162| 75| if(algo == "Threefish-512") { ------------------ | Branch (162:7): [True: 0, False: 75] ------------------ 163| 0| return std::make_unique(); 164| 0| } 165| 75|#endif 166| | 167| 75|#if defined(BOTAN_HAS_BLOWFISH) 168| 75| if(algo == "Blowfish") { ------------------ | Branch (168:7): [True: 0, False: 75] ------------------ 169| 0| return std::make_unique(); 170| 0| } 171| 75|#endif 172| | 173| 75|#if defined(BOTAN_HAS_CAMELLIA) 174| 75| if(algo == "Camellia-128") { ------------------ | Branch (174:7): [True: 0, False: 75] ------------------ 175| 0| return std::make_unique(); 176| 0| } 177| | 178| 75| if(algo == "Camellia-192") { ------------------ | Branch (178:7): [True: 0, False: 75] ------------------ 179| 0| return std::make_unique(); 180| 0| } 181| | 182| 75| if(algo == "Camellia-256") { ------------------ | Branch (182:7): [True: 0, False: 75] ------------------ 183| 0| return std::make_unique(); 184| 0| } 185| 75|#endif 186| | 187| 75|#if defined(BOTAN_HAS_DES) 188| 75| if(algo == "DES") { ------------------ | Branch (188:7): [True: 0, False: 75] ------------------ 189| 0| return std::make_unique(); 190| 0| } 191| | 192| 75| if(algo == "TripleDES" || algo == "3DES" || algo == "DES-EDE") { ------------------ | Branch (192:7): [True: 0, False: 75] | Branch (192:30): [True: 75, False: 0] | Branch (192:48): [True: 0, False: 0] ------------------ 193| 75| return std::make_unique(); 194| 75| } 195| 0|#endif 196| | 197| 0|#if defined(BOTAN_HAS_NOEKEON) 198| 0| if(algo == "Noekeon") { ------------------ | Branch (198:7): [True: 0, False: 0] ------------------ 199| 0| return std::make_unique(); 200| 0| } 201| 0|#endif 202| | 203| 0|#if defined(BOTAN_HAS_CAST_128) 204| 0| if(algo == "CAST-128" || algo == "CAST5") { ------------------ | Branch (204:7): [True: 0, False: 0] | Branch (204:29): [True: 0, False: 0] ------------------ 205| 0| return std::make_unique(); 206| 0| } 207| 0|#endif 208| | 209| 0|#if defined(BOTAN_HAS_IDEA) 210| 0| if(algo == "IDEA") { ------------------ | Branch (210:7): [True: 0, False: 0] ------------------ 211| 0| return std::make_unique(); 212| 0| } 213| 0|#endif 214| | 215| 0|#if defined(BOTAN_HAS_KUZNYECHIK) 216| 0| if(algo == "Kuznyechik") { ------------------ | Branch (216:7): [True: 0, False: 0] ------------------ 217| 0| return std::make_unique(); 218| 0| } 219| 0|#endif 220| | 221| 0|#if defined(BOTAN_HAS_SEED) 222| 0| if(algo == "SEED") { ------------------ | Branch (222:7): [True: 0, False: 0] ------------------ 223| 0| return std::make_unique(); 224| 0| } 225| 0|#endif 226| | 227| 0|#if defined(BOTAN_HAS_SM4) 228| 0| if(algo == "SM4") { ------------------ | Branch (228:7): [True: 0, False: 0] ------------------ 229| 0| return std::make_unique(); 230| 0| } 231| 0|#endif 232| | 233| 0| const SCAN_Name req(algo); 234| | 235| 0|#if defined(BOTAN_HAS_GOST_28147_89) 236| 0| if(req.algo_name() == "GOST-28147-89") { ------------------ | Branch (236:7): [True: 0, False: 0] ------------------ 237| 0| return std::make_unique(req.arg(0, "R3411_94_TestParam")); 238| 0| } 239| 0|#endif 240| | 241| 0|#if defined(BOTAN_HAS_CASCADE) 242| 0| if(req.algo_name() == "Cascade" && req.arg_count() == 2) { ------------------ | Branch (242:7): [True: 0, False: 0] | Branch (242:39): [True: 0, False: 0] ------------------ 243| 0| auto c1 = BlockCipher::create(req.arg(0)); 244| 0| auto c2 = BlockCipher::create(req.arg(1)); 245| | 246| 0| if(c1 && c2) { ------------------ | Branch (246:10): [True: 0, False: 0] | Branch (246:16): [True: 0, False: 0] ------------------ 247| 0| return std::make_unique(std::move(c1), std::move(c2)); 248| 0| } 249| 0| } 250| 0|#endif 251| | 252| 0|#if defined(BOTAN_HAS_LION) 253| 0| if(req.algo_name() == "Lion" && req.arg_count_between(2, 3)) { ------------------ | Branch (253:7): [True: 0, False: 0] | Branch (253:36): [True: 0, False: 0] ------------------ 254| 0| auto hash = HashFunction::create(req.arg(0)); 255| 0| auto stream = StreamCipher::create(req.arg(1)); 256| | 257| 0| if(hash && stream) { ------------------ | Branch (257:10): [True: 0, False: 0] | Branch (257:18): [True: 0, False: 0] ------------------ 258| 0| const size_t block_size = req.arg_as_integer(2, 1024); 259| 0| return std::make_unique(std::move(hash), std::move(stream), block_size); 260| 0| } 261| 0| } 262| 0|#endif 263| | 264| 0| BOTAN_UNUSED(req); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 265| 0| BOTAN_UNUSED(provider); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 266| | 267| 0| return nullptr; 268| 0|} _ZN5Botan11BlockCipher15create_or_throwENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 271| 231|std::unique_ptr BlockCipher::create_or_throw(std::string_view algo, std::string_view provider) { 272| 231| if(auto bc = BlockCipher::create(algo, provider)) { ------------------ | Branch (272:12): [True: 231, False: 0] ------------------ 273| 231| return bc; 274| 231| } 275| 0| throw Lookup_Error("Block cipher", algo, provider); 276| 231|} _ZNK5Botan9TripleDES9encrypt_nEPKhPhm: 769| 125|void TripleDES::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 770| 125| assert_key_material_set(); 771| | 772| 125| const uint32_t* k1 = m_round_key.data(); 773| 125| const uint32_t* k2 = k1 + 16 * 48; 774| 125| const uint32_t* k3 = k2 + 16 * 48; 775| | 776| 125| uint32_t B[64]; 777| | 778| 125| while(blocks >= 32) { ------------------ | Branch (778:10): [True: 0, False: 125] ------------------ 779| 0| transpose_in(B, in, 32); 780| 0| des_encrypt(&B[0], &B[32], k1); 781| 0| des_decrypt(&B[32], &B[0], k2); 782| 0| des_encrypt(&B[0], &B[32], k3); 783| 0| transpose_out(out, B, 32); 784| | 785| 0| in += 32 * BLOCK_SIZE; 786| 0| out += 32 * BLOCK_SIZE; 787| 0| blocks -= 32; 788| 0| } 789| | 790| 125| if(blocks > 0) { ------------------ | Branch (790:7): [True: 125, False: 0] ------------------ 791| 125| transpose_in(B, in, blocks); 792| 125| des_encrypt(&B[0], &B[32], k1); 793| 125| des_decrypt(&B[32], &B[0], k2); 794| 125| des_encrypt(&B[0], &B[32], k3); 795| 125| transpose_out(out, B, blocks); 796| 125| } 797| 125|} _ZNK5Botan9TripleDES9decrypt_nEPKhPhm: 802| 99|void TripleDES::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 803| 99| assert_key_material_set(); 804| | 805| 99| const uint32_t* k1 = m_round_key.data(); 806| 99| const uint32_t* k2 = k1 + 16 * 48; 807| 99| const uint32_t* k3 = k2 + 16 * 48; 808| | 809| 99| uint32_t B[64]; 810| | 811| 382| while(blocks >= 32) { ------------------ | Branch (811:10): [True: 283, False: 99] ------------------ 812| 283| transpose_in(B, in, 32); 813| 283| des_decrypt(&B[0], &B[32], k3); 814| 283| des_encrypt(&B[32], &B[0], k2); 815| 283| des_decrypt(&B[0], &B[32], k1); 816| 283| transpose_out(out, B, 32); 817| | 818| 283| in += 32 * BLOCK_SIZE; 819| 283| out += 32 * BLOCK_SIZE; 820| 283| blocks -= 32; 821| 283| } 822| | 823| 99| if(blocks > 0) { ------------------ | Branch (823:7): [True: 39, False: 60] ------------------ 824| 39| transpose_in(B, in, blocks); 825| 39| des_decrypt(&B[0], &B[32], k3); 826| 39| des_encrypt(&B[32], &B[0], k2); 827| 39| des_decrypt(&B[0], &B[32], k1); 828| 39| transpose_out(out, B, blocks); 829| 39| } 830| 99|} _ZNK5Botan9TripleDES19has_keying_materialEv: 832| 224|bool TripleDES::has_keying_material() const { 833| 224| return !m_round_key.empty(); 834| 224|} _ZN5Botan9TripleDES12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 839| 75|void TripleDES::key_schedule(std::span key) { 840| 75| m_round_key.resize(3 * 16 * 48); 841| 75| des_key_schedule(m_round_key.data(), key.first(8).data()); 842| 75| des_key_schedule(m_round_key.data() + 16 * 48, key.subspan(8, 8).data()); 843| | 844| 75| if(key.size() == 24) { ------------------ | Branch (844:7): [True: 75, False: 0] ------------------ 845| 75| des_key_schedule(m_round_key.data() + 2 * 16 * 48, key.last(8).data()); 846| 75| } else { 847| 0| copy_mem(m_round_key.data() + 2 * 16 * 48, m_round_key.data(), 16 * 48); 848| 0| } 849| 75|} des.cpp:_ZN5Botan12_GLOBAL__N_112transpose_inEPjPKhm: 537| 447|void transpose_in(uint32_t B[64], const uint8_t in[], size_t n_blocks) { 538| 447| uint64_t M[32] = {}; 539| | 540| 447| load_be(M, in, n_blocks); 541| | 542| 447| des_transpose(M); 543| | 544| | // clang-format off 545| 447| static constexpr uint8_t IP[64] = { 546| 447| 57, 49, 41, 33, 25, 17, 9, 1, 547| 447| 59, 51, 43, 35, 27, 19, 11, 3, 548| 447| 61, 53, 45, 37, 29, 21, 13, 5, 549| 447| 63, 55, 47, 39, 31, 23, 15, 7, 550| 447| 56, 48, 40, 32, 24, 16, 8, 0, 551| 447| 58, 50, 42, 34, 26, 18, 10, 2, 552| 447| 60, 52, 44, 36, 28, 20, 12, 4, 553| 447| 62, 54, 46, 38, 30, 22, 14, 6 554| 447| }; 555| | // clang-format on 556| | 557| 29.0k| for(size_t i = 0; i < 64; ++i) { ------------------ | Branch (557:22): [True: 28.6k, False: 447] ------------------ 558| 28.6k| const uint8_t src = IP[i]; 559| 28.6k| if(src < 32) { ------------------ | Branch (559:10): [True: 14.3k, False: 14.3k] ------------------ 560| 14.3k| B[i] = static_cast(M[31 - src] >> 32); 561| 14.3k| } else { 562| 14.3k| B[i] = static_cast(M[63 - src]); 563| 14.3k| } 564| 28.6k| } 565| 447|} des.cpp:_ZN5Botan12_GLOBAL__N_113des_transposeEPm: 509| 894|void des_transpose(uint64_t M[32]) { 510| 15.1k| for(size_t i = 0; i != 16; ++i) { ------------------ | Branch (510:22): [True: 14.3k, False: 894] ------------------ 511| 14.3k| swap_bits(M[i], M[i + 16], 0x0000FFFF0000FFFF, 16); 512| 14.3k| } 513| | 514| 2.68k| for(size_t i = 0; i != 32; i += 16) { ------------------ | Branch (514:22): [True: 1.78k, False: 894] ------------------ 515| 16.0k| for(size_t j = 0; j != 8; ++j) { ------------------ | Branch (515:25): [True: 14.3k, False: 1.78k] ------------------ 516| 14.3k| swap_bits(M[i + j], M[i + j + 8], 0x00FF00FF00FF00FF, 8); 517| 14.3k| } 518| 1.78k| } 519| | 520| 4.47k| for(size_t i = 0; i != 32; i += 8) { ------------------ | Branch (520:22): [True: 3.57k, False: 894] ------------------ 521| 17.8k| for(size_t j = 0; j != 4; ++j) { ------------------ | Branch (521:25): [True: 14.3k, False: 3.57k] ------------------ 522| 14.3k| swap_bits(M[i + j + 0], M[i + j + 4], 0x0F0F0F0F0F0F0F0F, 4); 523| 14.3k| } 524| 3.57k| } 525| | 526| 8.04k| for(size_t i = 0; i != 32; i += 4) { ------------------ | Branch (526:22): [True: 7.15k, False: 894] ------------------ 527| 21.4k| for(size_t j = 0; j != 2; ++j) { ------------------ | Branch (527:25): [True: 14.3k, False: 7.15k] ------------------ 528| 14.3k| swap_bits(M[i + j + 0], M[i + j + 2], 0x3333333333333333, 2); 529| 14.3k| } 530| 7.15k| } 531| | 532| 15.1k| for(size_t i = 0; i != 32; i += 2) { ------------------ | Branch (532:22): [True: 14.3k, False: 894] ------------------ 533| 14.3k| swap_bits(M[i], M[i + 1], 0x5555555555555555, 1); 534| 14.3k| } 535| 894|} des.cpp:_ZN5Botan12_GLOBAL__N_111des_encryptEPjS1_PKj: 638| 572|void des_encrypt(uint32_t L[32], uint32_t R[32], const uint32_t round_key[]) { 639| 5.14k| for(size_t round = 0; round < 16; round += 2) { ------------------ | Branch (639:26): [True: 4.57k, False: 572] ------------------ 640| 4.57k| des_round(L, R, &round_key[round * 48]); 641| 4.57k| des_round(R, L, &round_key[(round + 1) * 48]); 642| 4.57k| } 643| 572|} des.cpp:_ZN5Botan12_GLOBAL__N_19des_roundEPjPKjS3_: 602| 21.4k|void des_round(uint32_t L[32], const uint32_t R[32], const uint32_t RK[48]) { 603| | // clang-format off 604| 21.4k| SBox1(R[31] ^ RK[ 0], R[ 0] ^ RK[ 1], R[ 1] ^ RK[ 2], 605| 21.4k| R[ 2] ^ RK[ 3], R[ 3] ^ RK[ 4], R[ 4] ^ RK[ 5], 606| 21.4k| L[ 8], L[16], L[22], L[30]); 607| | 608| 21.4k| SBox2(R[ 3] ^ RK[ 6], R[ 4] ^ RK[ 7], R[ 5] ^ RK[ 8], 609| 21.4k| R[ 6] ^ RK[ 9], R[ 7] ^ RK[10], R[ 8] ^ RK[11], 610| 21.4k| L[12], L[27], L[ 1], L[17]); 611| | 612| 21.4k| SBox3(R[ 7] ^ RK[12], R[ 8] ^ RK[13], R[ 9] ^ RK[14], 613| 21.4k| R[10] ^ RK[15], R[11] ^ RK[16], R[12] ^ RK[17], 614| 21.4k| L[23], L[15], L[29], L[ 5]); 615| | 616| 21.4k| SBox4(R[11] ^ RK[18], R[12] ^ RK[19], R[13] ^ RK[20], 617| 21.4k| R[14] ^ RK[21], R[15] ^ RK[22], R[16] ^ RK[23], 618| 21.4k| L[25], L[19], L[ 9], L[ 0]); 619| | 620| 21.4k| SBox5(R[15] ^ RK[24], R[16] ^ RK[25], R[17] ^ RK[26], 621| 21.4k| R[18] ^ RK[27], R[19] ^ RK[28], R[20] ^ RK[29], 622| 21.4k| L[ 7], L[13], L[24], L[ 2]); 623| | 624| 21.4k| SBox6(R[19] ^ RK[30], R[20] ^ RK[31], R[21] ^ RK[32], 625| 21.4k| R[22] ^ RK[33], R[23] ^ RK[34], R[24] ^ RK[35], 626| 21.4k| L[ 3], L[28], L[10], L[18]); 627| | 628| 21.4k| SBox7(R[23] ^ RK[36], R[24] ^ RK[37], R[25] ^ RK[38], 629| 21.4k| R[26] ^ RK[39], R[27] ^ RK[40], R[28] ^ RK[41], 630| 21.4k| L[31], L[11], L[21], L[ 6]); 631| | 632| 21.4k| SBox8(R[27] ^ RK[42], R[28] ^ RK[43], R[29] ^ RK[44], 633| 21.4k| R[30] ^ RK[45], R[31] ^ RK[46], R[ 0] ^ RK[47], 634| 21.4k| L[ 4], L[26], L[14], L[20]); 635| | // clang-format on 636| 21.4k|} des.cpp:_ZN5Botan12_GLOBAL__N_15SBox1ITkNS0_9BitsliceTEjEEvT_S2_S2_S2_S2_S2_RS2_S3_S3_S3_: 38| 21.4k|BOTAN_FORCE_INLINE void SBox1(T a1, T a2, T a3, T a4, T a5, T a6, T& out1, T& out2, T& out3, T& out4) { 39| 21.4k| const T x1 = a1 & ~a5; 40| 21.4k| const T x2 = a4 ^ x1; 41| 21.4k| const T x3 = a3 | a6; 42| 21.4k| const T x4 = a1 ^ a3; 43| 21.4k| const T x5 = x3 & x4; 44| 21.4k| const T x6 = a4 ^ x5; 45| 21.4k| const T x7 = x6 & ~x2; 46| | 47| 21.4k| const T x8 = a5 ^ a6; 48| 21.4k| const T x9 = a3 ^ x8; 49| 21.4k| const T x10 = x2 & ~x9; 50| 21.4k| const T x11 = a6 | x5; 51| 21.4k| const T x12 = x10 ^ x11; 52| 21.4k| const T x13 = x12 & ~x7; 53| | 54| 21.4k| const T x14 = a1 | a6; 55| 21.4k| const T x15 = x12 | x14; 56| 21.4k| const T x16 = a5 & ~x6; 57| 21.4k| const T x17 = x15 ^ x16; 58| | 59| 21.4k| const T x18 = a4 & ~x14; 60| 21.4k| const T x19 = x16 ^ x18; 61| 21.4k| const T x20 = x8 & ~x4; 62| 21.4k| const T x21 = x19 | x20; 63| | 64| 21.4k| const T x22 = a3 & ~x1; 65| 21.4k| const T x23 = x2 ^ x15; 66| 21.4k| const T x24 = x23 & ~x22; 67| 21.4k| const T x25 = ~x24; 68| 21.4k| const T x26 = x3 & x12; 69| 21.4k| const T x27 = x25 ^ x26; 70| 21.4k| const T x28 = x17 & ~a2; 71| 21.4k| const T x29 = x28 ^ x27; 72| 21.4k| out3 ^= x29; 73| | 74| 21.4k| const T x30 = x8 ^ x24; 75| 21.4k| const T x31 = x16 | x30; 76| 21.4k| const T x32 = x3 ^ x31; 77| 21.4k| const T x33 = a1 ^ x32; 78| 21.4k| const T x34 = x27 ^ x33; 79| 21.4k| const T x35 = x7 | a2; 80| 21.4k| const T x36 = x35 ^ x34; 81| 21.4k| out1 ^= x36; 82| | 83| 21.4k| const T x37 = x2 & ~x21; 84| 21.4k| const T x38 = x30 ^ x37; 85| 21.4k| const T x39 = x16 ^ x32; 86| 21.4k| const T x40 = x34 & ~x39; 87| 21.4k| const T x41 = x38 ^ x40; 88| 21.4k| const T x42 = a2 & ~x13; 89| 21.4k| const T x43 = x42 ^ x41; 90| 21.4k| out2 ^= x43; 91| | 92| 21.4k| const T x44 = x9 ^ x20; 93| 21.4k| const T x45 = x14 ^ x40; 94| 21.4k| const T x46 = x45 & ~x44; 95| 21.4k| const T x47 = x41 ^ x46; 96| 21.4k| const T x48 = x47 | a2; 97| 21.4k| const T x49 = x48 ^ x21; 98| 21.4k| out4 ^= x49; 99| 21.4k|} des.cpp:_ZN5Botan12_GLOBAL__N_15SBox2ITkNS0_9BitsliceTEjEEvT_S2_S2_S2_S2_S2_RS2_S3_S3_S3_: 102| 21.4k|BOTAN_FORCE_INLINE void SBox2(T a1, T a2, T a3, T a4, T a5, T a6, T& out1, T& out2, T& out3, T& out4) { 103| 21.4k| const T x1 = a2 ^ a5; 104| | 105| 21.4k| const T x2 = a1 & ~a6; 106| 21.4k| const T x3 = a5 & ~x2; 107| 21.4k| const T x4 = a2 | x3; 108| | 109| 21.4k| const T x5 = x1 & ~a6; 110| 21.4k| const T x6 = a1 & x1; 111| 21.4k| const T x7 = a5 ^ x6; 112| 21.4k| const T x8 = x7 & ~x5; 113| | 114| 21.4k| const T x9 = a3 & a6; 115| 21.4k| const T x10 = x3 ^ x5; 116| 21.4k| const T x11 = x4 & x10; 117| 21.4k| const T x12 = x11 & ~x9; 118| | 119| 21.4k| const T x13 = a3 & x11; 120| 21.4k| const T x14 = ~a1; 121| 21.4k| const T x15 = x13 ^ x14; 122| 21.4k| const T x16 = a6 ^ x1; 123| 21.4k| const T x17 = x16 & ~x9; 124| 21.4k| const T x18 = x15 ^ x17; 125| 21.4k| const T x19 = a4 & ~x12; 126| 21.4k| const T x20 = x19 ^ x18; 127| 21.4k| out2 ^= x20; 128| | 129| 21.4k| const T x21 = a2 & ~x17; 130| 21.4k| const T x22 = x7 ^ x21; 131| 21.4k| const T x23 = x15 & ~x22; 132| 21.4k| const T x24 = a3 ^ x16; 133| 21.4k| const T x25 = x23 ^ x24; 134| 21.4k| const T x26 = x4 & ~a4; 135| 21.4k| const T x27 = x26 ^ x25; 136| 21.4k| out1 ^= x27; 137| | 138| 21.4k| const T x28 = a2 & ~x9; 139| 21.4k| const T x29 = x24 | x28; 140| 21.4k| const T x30 = x4 ^ x18; 141| 21.4k| const T x31 = x9 | x30; 142| 21.4k| const T x32 = x29 ^ x31; 143| | 144| 21.4k| const T x33 = x11 ^ x18; 145| 21.4k| const T x34 = x25 ^ x33; 146| 21.4k| const T x35 = x31 & x34; 147| 21.4k| const T x36 = x1 & x29; 148| 21.4k| const T x37 = x35 ^ x36; 149| 21.4k| const T x38 = x37 | a4; 150| 21.4k| const T x39 = x38 ^ x32; 151| 21.4k| out3 ^= x39; 152| | 153| 21.4k| const T x40 = x37 & ~x22; 154| 21.4k| const T x41 = x16 | x30; 155| 21.4k| const T x42 = x40 ^ x41; 156| 21.4k| const T x43 = x8 | a4; 157| 21.4k| const T x44 = x43 ^ x42; 158| 21.4k| out4 ^= x44; 159| 21.4k|} des.cpp:_ZN5Botan12_GLOBAL__N_15SBox3ITkNS0_9BitsliceTEjEEvT_S2_S2_S2_S2_S2_RS2_S3_S3_S3_: 162| 21.4k|BOTAN_FORCE_INLINE void SBox3(T a1, T a2, T a3, T a4, T a5, T a6, T& out1, T& out2, T& out3, T& out4) { 163| 21.4k| const T x1 = a1 & ~a2; 164| 21.4k| const T x2 = a3 ^ a6; 165| 21.4k| const T x3 = x1 | x2; 166| 21.4k| const T x4 = a4 ^ a6; 167| 21.4k| const T x5 = x4 & ~a1; 168| 21.4k| const T x6 = x3 ^ x5; 169| | 170| 21.4k| const T x7 = a2 ^ x2; 171| 21.4k| const T x8 = x7 & ~a6; 172| 21.4k| const T x9 = x3 ^ x8; 173| 21.4k| const T x10 = x6 & ~x9; 174| | 175| 21.4k| const T x11 = a6 & x6; 176| 21.4k| const T x12 = a4 | x11; 177| 21.4k| const T x13 = a1 & x12; 178| 21.4k| const T x14 = x7 ^ x13; 179| 21.4k| const T x15 = x6 & ~a5; 180| 21.4k| const T x16 = x15 ^ x14; 181| 21.4k| out4 ^= x16; 182| | 183| 21.4k| const T x17 = x2 & x4; 184| 21.4k| const T x18 = a1 ^ a4; 185| 21.4k| const T x19 = x9 ^ x18; 186| 21.4k| const T x20 = a3 | x19; 187| 21.4k| const T x21 = x20 & ~x17; 188| | 189| 21.4k| const T x22 = x5 | x18; 190| 21.4k| const T x23 = x14 & ~x22; 191| 21.4k| const T x24 = a4 & a6; 192| 21.4k| const T x25 = x24 & ~a2; 193| 21.4k| const T x26 = x23 ^ x25; 194| | 195| 21.4k| const T x27 = x9 & x26; 196| 21.4k| const T x28 = x7 | x24; 197| 21.4k| const T x29 = x28 & ~x27; 198| 21.4k| const T x30 = a1 ^ x29; 199| 21.4k| const T x31 = x21 & a5; 200| 21.4k| const T x32 = x31 ^ x30; 201| 21.4k| out2 ^= x32; 202| | 203| 21.4k| const T x33 = x6 & ~a2; 204| 21.4k| const T x34 = x33 & ~a3; 205| 21.4k| const T x35 = ~x7; 206| 21.4k| const T x36 = x22 ^ x35; 207| 21.4k| const T x37 = x34 ^ x36; 208| 21.4k| const T x38 = a5 & ~x10; 209| 21.4k| const T x39 = x38 ^ x37; 210| 21.4k| out1 ^= x39; 211| | 212| 21.4k| const T x40 = x34 | x36; 213| 21.4k| const T x41 = x5 | x33; 214| 21.4k| const T x42 = x40 ^ x41; 215| 21.4k| const T x43 = a4 & ~x6; 216| 21.4k| const T x44 = x42 | x43; 217| 21.4k| const T x45 = a5 & ~x26; 218| 21.4k| const T x46 = x45 ^ x44; 219| 21.4k| out3 ^= x46; 220| 21.4k|} des.cpp:_ZN5Botan12_GLOBAL__N_15SBox4ITkNS0_9BitsliceTEjEEvT_S2_S2_S2_S2_S2_RS2_S3_S3_S3_: 223| 21.4k|BOTAN_FORCE_INLINE void SBox4(T a1, T a2, T a3, T a4, T a5, T a6, T& out1, T& out2, T& out3, T& out4) { 224| 21.4k| const T x1 = a1 ^ a3; 225| 21.4k| const T x2 = a3 ^ a5; 226| 21.4k| const T x3 = a2 | a4; 227| 21.4k| const T x4 = a5 ^ x3; 228| 21.4k| const T x5 = x2 & ~x4; 229| 21.4k| const T x6 = x2 & ~a2; 230| 21.4k| const T x7 = a4 ^ x6; 231| 21.4k| const T x8 = x1 | x7; 232| 21.4k| const T x9 = x8 & ~x5; 233| 21.4k| const T x10 = a2 ^ x9; 234| | 235| 21.4k| const T x11 = x7 & x10; 236| 21.4k| const T x12 = x2 & ~x11; 237| 21.4k| const T x13 = x1 ^ x10; 238| 21.4k| const T x14 = x13 & ~x12; 239| 21.4k| const T x15 = x5 ^ x14; 240| | 241| 21.4k| const T x16 = a2 ^ a4; 242| 21.4k| const T x17 = a5 | x6; 243| 21.4k| const T x18 = x13 ^ x17; 244| 21.4k| const T x19 = x18 & ~x16; 245| 21.4k| const T x20 = x9 ^ x19; 246| 21.4k| const T x21 = a6 & ~x15; 247| 21.4k| const T x22 = x21 ^ x20; 248| 21.4k| out1 ^= x22; 249| | 250| 21.4k| const T x23 = ~x20; 251| 21.4k| const T x24 = x15 & ~a6; 252| 21.4k| const T x25 = x24 ^ x23; 253| 21.4k| out2 ^= x25; 254| | 255| 21.4k| const T x26 = x15 ^ x23; 256| 21.4k| const T x27 = x26 & ~x16; 257| 21.4k| const T x28 = x11 | x27; 258| 21.4k| const T x29 = x18 ^ x28; 259| 21.4k| const T x30 = x10 | a6; 260| 21.4k| const T x31 = x30 ^ x29; 261| 21.4k| out3 ^= x31; 262| | 263| 21.4k| const T x32 = a6 & x10; 264| 21.4k| const T x33 = x32 ^ x29; 265| 21.4k| out4 ^= x33; 266| 21.4k|} des.cpp:_ZN5Botan12_GLOBAL__N_15SBox5ITkNS0_9BitsliceTEjEEvT_S2_S2_S2_S2_S2_RS2_S3_S3_S3_: 269| 21.4k|BOTAN_FORCE_INLINE void SBox5(T a1, T a2, T a3, T a4, T a5, T a6, T& out1, T& out2, T& out3, T& out4) { 270| 21.4k| const T x1 = a1 | a3; 271| 21.4k| const T x2 = x1 & ~a6; 272| 21.4k| const T x3 = a1 ^ x2; 273| 21.4k| const T x4 = a3 ^ x3; 274| 21.4k| const T x5 = a4 | x4; 275| | 276| 21.4k| const T x6 = x2 & ~a4; 277| 21.4k| const T x7 = a3 ^ x6; 278| 21.4k| const T x8 = a5 & x7; 279| 21.4k| const T x9 = a1 | x4; 280| 21.4k| const T x10 = x8 ^ x9; 281| 21.4k| const T x11 = a4 ^ x10; 282| | 283| 21.4k| const T x12 = a6 ^ x11; 284| 21.4k| const T x13 = x3 | x12; 285| 21.4k| const T x14 = a5 & x13; 286| 21.4k| const T x15 = x3 ^ x14; 287| 21.4k| const T x16 = a4 & x9; 288| 21.4k| const T x17 = x15 ^ x16; 289| | 290| 21.4k| const T x18 = x13 & ~a1; 291| 21.4k| const T x19 = x7 ^ x18; 292| 21.4k| const T x20 = a5 ^ x5; 293| 21.4k| const T x21 = x20 & ~x19; 294| 21.4k| const T x22 = ~x21; 295| 21.4k| const T x23 = x22 & ~a2; 296| 21.4k| const T x24 = x23 ^ x11; 297| 21.4k| out3 ^= x24; 298| | 299| 21.4k| const T x25 = x7 & ~x14; 300| 21.4k| const T x26 = x18 ^ x20; 301| 21.4k| const T x27 = x17 | x26; 302| 21.4k| const T x28 = x27 & ~x25; 303| 21.4k| const T x29 = x5 & ~x28; 304| | 305| 21.4k| const T x30 = x12 & x28; 306| 21.4k| const T x31 = x20 ^ x30; 307| 21.4k| const T x32 = x7 & x9; 308| 21.4k| const T x33 = x31 | x32; 309| 21.4k| const T x34 = x14 ^ x33; 310| 21.4k| const T x35 = x34 & a2; 311| 21.4k| const T x36 = x35 ^ x17; 312| 21.4k| out4 ^= x36; 313| | 314| 21.4k| const T x37 = x1 ^ x28; 315| 21.4k| const T x38 = a1 ^ x37; 316| 21.4k| const T x39 = a4 & x31; 317| 21.4k| const T x40 = x38 ^ x39; 318| 21.4k| const T x41 = x29 | a2; 319| 21.4k| const T x42 = x41 ^ x40; 320| 21.4k| out1 ^= x42; 321| | 322| 21.4k| const T x43 = x5 ^ x7; 323| 21.4k| const T x44 = x43 & ~x40; 324| 21.4k| const T x45 = x3 ^ x31; 325| 21.4k| const T x46 = x44 ^ x45; 326| 21.4k| const T x47 = x5 & a2; 327| 21.4k| const T x48 = x47 ^ x46; 328| 21.4k| out2 ^= x48; 329| 21.4k|} des.cpp:_ZN5Botan12_GLOBAL__N_15SBox6ITkNS0_9BitsliceTEjEEvT_S2_S2_S2_S2_S2_RS2_S3_S3_S3_: 332| 21.4k|BOTAN_FORCE_INLINE void SBox6(T a1, T a2, T a3, T a4, T a5, T a6, T& out1, T& out2, T& out3, T& out4) { 333| 21.4k| const T x1 = a2 ^ a5; 334| | 335| 21.4k| const T x2 = a2 | a6; 336| 21.4k| const T x3 = a1 & x2; 337| 21.4k| const T x4 = x1 ^ x3; 338| 21.4k| const T x5 = a6 ^ x4; 339| 21.4k| const T x6 = a5 & ~x5; 340| | 341| 21.4k| const T x7 = a1 & x5; 342| 21.4k| const T x8 = a2 ^ x7; 343| 21.4k| const T x9 = a1 ^ a3; 344| 21.4k| const T x10 = x8 | x9; 345| 21.4k| const T x11 = x4 ^ x10; 346| | 347| 21.4k| const T x12 = a3 & x11; 348| 21.4k| const T x13 = x12 & ~a6; 349| 21.4k| const T x14 = x6 | x8; 350| 21.4k| const T x15 = x13 ^ x14; 351| 21.4k| const T x16 = x15 & a4; 352| 21.4k| const T x17 = x16 ^ x11; 353| 21.4k| out4 ^= x17; 354| | 355| 21.4k| const T x18 = a2 ^ x10; 356| 21.4k| const T x19 = a6 & ~x18; 357| 21.4k| const T x20 = a3 ^ x19; 358| 21.4k| const T x21 = a5 & ~x12; 359| 21.4k| const T x22 = x20 | x21; 360| | 361| 21.4k| const T x23 = a2 | x9; 362| 21.4k| const T x24 = x15 ^ x23; 363| 21.4k| const T x25 = x3 | x22; 364| 21.4k| const T x26 = x24 ^ x25; 365| | 366| 21.4k| const T x27 = a1 | x11; 367| 21.4k| const T x28 = x14 & x27; 368| 21.4k| const T x29 = x20 ^ x28; 369| 21.4k| const T x30 = x29 & ~x13; 370| 21.4k| const T x31 = x6 | a4; 371| 21.4k| const T x32 = x31 ^ x30; 372| 21.4k| out3 ^= x32; 373| | 374| 21.4k| const T x33 = x4 ^ x29; 375| 21.4k| const T x34 = a5 & ~x33; 376| 21.4k| const T x35 = ~x23; 377| 21.4k| const T x36 = x18 ^ x35; 378| 21.4k| const T x37 = x34 ^ x36; 379| 21.4k| const T x38 = x37 & ~a4; 380| 21.4k| const T x39 = x38 ^ x26; 381| 21.4k| out2 ^= x39; 382| | 383| 21.4k| const T x40 = a6 ^ x7; 384| 21.4k| const T x41 = a1 ^ x20; 385| 21.4k| const T x42 = x40 & x41; 386| 21.4k| const T x43 = x12 ^ x36; 387| 21.4k| const T x44 = x42 ^ x43; 388| 21.4k| const T x45 = x22 & ~a4; 389| 21.4k| const T x46 = x45 ^ x44; 390| 21.4k| out1 ^= x46; 391| 21.4k|} des.cpp:_ZN5Botan12_GLOBAL__N_15SBox7ITkNS0_9BitsliceTEjEEvT_S2_S2_S2_S2_S2_RS2_S3_S3_S3_: 394| 21.4k|BOTAN_FORCE_INLINE void SBox7(T a1, T a2, T a3, T a4, T a5, T a6, T& out1, T& out2, T& out3, T& out4) { 395| 21.4k| const T x1 = a4 ^ a5; 396| 21.4k| const T x2 = a3 ^ x1; 397| 21.4k| const T x3 = a6 & x2; 398| 21.4k| const T x4 = a4 & x1; 399| 21.4k| const T x5 = a2 ^ x4; 400| 21.4k| const T x6 = x3 & x5; 401| | 402| 21.4k| const T x7 = a6 & x4; 403| 21.4k| const T x8 = a3 ^ x7; 404| 21.4k| const T x9 = x5 | x8; 405| 21.4k| const T x10 = a6 ^ x1; 406| 21.4k| const T x11 = x9 ^ x10; 407| 21.4k| const T x12 = a1 & ~x6; 408| 21.4k| const T x13 = x12 ^ x11; 409| 21.4k| out4 ^= x13; 410| | 411| 21.4k| const T x14 = a5 & ~x2; 412| 21.4k| const T x15 = x5 | x14; 413| 21.4k| const T x16 = x3 ^ x8; 414| 21.4k| const T x17 = x15 ^ x16; 415| | 416| 21.4k| const T x18 = x3 ^ x10; 417| 21.4k| const T x19 = a4 & ~x18; 418| 21.4k| const T x20 = x5 & ~x19; 419| 21.4k| const T x21 = a5 ^ x16; 420| 21.4k| const T x22 = x20 ^ x21; 421| | 422| 21.4k| const T x23 = x18 & ~x7; 423| 21.4k| const T x24 = x19 | x23; 424| 21.4k| const T x25 = a2 ^ x9; 425| 21.4k| const T x26 = x22 & x25; 426| 21.4k| const T x27 = x24 ^ x26; 427| 21.4k| const T x28 = x27 & a1; 428| 21.4k| const T x29 = x28 ^ x22; 429| 21.4k| out3 ^= x29; 430| | 431| 21.4k| const T x30 = x5 & ~a3; 432| 21.4k| const T x31 = x23 | x30; 433| 21.4k| const T x32 = x4 | x22; 434| 21.4k| const T x33 = x31 & x32; 435| 21.4k| const T x34 = x27 ^ x33; 436| | 437| 21.4k| const T x35 = x17 | x24; 438| 21.4k| const T x36 = x14 ^ x35; 439| 21.4k| const T x37 = a6 & x36; 440| 21.4k| const T x38 = x33 ^ x37; 441| 21.4k| const T x39 = x38 & ~a1; 442| 21.4k| const T x40 = x39 ^ x17; 443| 21.4k| out1 ^= x40; 444| | 445| 21.4k| const T x41 = ~x37; 446| 21.4k| const T x42 = a2 | x41; 447| 21.4k| const T x43 = x17 ^ x33; 448| 21.4k| const T x44 = x42 ^ x43; 449| 21.4k| const T x45 = x34 | a1; 450| 21.4k| const T x46 = x45 ^ x44; 451| 21.4k| out2 ^= x46; 452| 21.4k|} des.cpp:_ZN5Botan12_GLOBAL__N_15SBox8ITkNS0_9BitsliceTEjEEvT_S2_S2_S2_S2_S2_RS2_S3_S3_S3_: 455| 21.4k|BOTAN_FORCE_INLINE void SBox8(T a1, T a2, T a3, T a4, T a5, T a6, T& out1, T& out2, T& out3, T& out4) { 456| 21.4k| const T x1 = a3 & ~a2; 457| 21.4k| const T x2 = a5 & ~a3; 458| 21.4k| const T x3 = a4 ^ x2; 459| 21.4k| const T x4 = a1 & x3; 460| 21.4k| const T x5 = x4 & ~x1; 461| | 462| 21.4k| const T x6 = a2 & ~x3; 463| 21.4k| const T x7 = a1 | x6; 464| 21.4k| const T x8 = a2 & ~a3; 465| 21.4k| const T x9 = a5 ^ x8; 466| 21.4k| const T x10 = x7 & x9; 467| 21.4k| const T x11 = x4 | x10; 468| | 469| 21.4k| const T x12 = ~x3; 470| 21.4k| const T x13 = x10 ^ x12; 471| 21.4k| const T x14 = a3 & ~x7; 472| 21.4k| const T x15 = x13 ^ x14; 473| 21.4k| const T x16 = x1 ^ x15; 474| 21.4k| const T x17 = x5 | a6; 475| 21.4k| const T x18 = x17 ^ x16; 476| 21.4k| out2 ^= x18; 477| | 478| 21.4k| const T x19 = a1 ^ x16; 479| 21.4k| const T x20 = a5 & x19; 480| 21.4k| const T x21 = a2 ^ x15; 481| 21.4k| const T x22 = x20 ^ x21; 482| 21.4k| const T x23 = x6 ^ x22; 483| | 484| 21.4k| const T x24 = x11 ^ x22; 485| 21.4k| const T x25 = a2 | x24; 486| 21.4k| const T x26 = a5 ^ x19; 487| 21.4k| const T x27 = x25 ^ x26; 488| 21.4k| const T x28 = x11 & a6; 489| 21.4k| const T x29 = x28 ^ x27; 490| 21.4k| out3 ^= x29; 491| | 492| 21.4k| const T x30 = x9 ^ x23; 493| 21.4k| const T x31 = a4 | x21; 494| 21.4k| const T x32 = x30 ^ x31; 495| 21.4k| const T x33 = a1 ^ x32; 496| 21.4k| const T x34 = x33 & a6; 497| 21.4k| const T x35 = x34 ^ x23; 498| 21.4k| out4 ^= x35; 499| | 500| 21.4k| const T x36 = x30 & ~a4; 501| 21.4k| const T x37 = x27 & x36; 502| 21.4k| const T x38 = x5 ^ x32; 503| 21.4k| const T x39 = x37 ^ x38; 504| 21.4k| const T x40 = x39 | a6; 505| 21.4k| const T x41 = x40 ^ x23; 506| 21.4k| out1 ^= x41; 507| 21.4k|} des.cpp:_ZN5Botan12_GLOBAL__N_113transpose_outEPhPKjm: 567| 447|void transpose_out(uint8_t out[], const uint32_t B[64], size_t n_blocks) { 568| | // clang-format off 569| 447| static constexpr uint8_t FP[64] = { 570| 447| 39, 7, 47, 15, 55, 23, 63, 31, 571| 447| 38, 6, 46, 14, 54, 22, 62, 30, 572| 447| 37, 5, 45, 13, 53, 21, 61, 29, 573| 447| 36, 4, 44, 12, 52, 20, 60, 28, 574| 447| 35, 3, 43, 11, 51, 19, 59, 27, 575| 447| 34, 2, 42, 10, 50, 18, 58, 26, 576| 447| 33, 1, 41, 9, 49, 17, 57, 25, 577| 447| 32, 0, 40, 8, 48, 16, 56, 24 578| 447| }; 579| | // clang-format on 580| | 581| 447| uint64_t M[32]; 582| 14.7k| for(size_t i = 0; i != 32; ++i) { ------------------ | Branch (582:22): [True: 14.3k, False: 447] ------------------ 583| | // XOR with 32 here absorbs the DES output swap into the FP 584| 14.3k| M[i] = (static_cast(B[FP[31 - i] ^ 32]) << 32) | B[FP[63 - i] ^ 32]; 585| 14.3k| } 586| | 587| 447| des_transpose(M); 588| | 589| 10.3k| for(size_t i = 0; i != n_blocks; ++i) { ------------------ | Branch (589:22): [True: 9.88k, False: 447] ------------------ 590| 9.88k| store_be(out + i * 8, M[i]); 591| 9.88k| } 592| 447|} des.cpp:_ZN5Botan12_GLOBAL__N_111des_decryptEPjS1_PKj: 645| 769|void des_decrypt(uint32_t L[32], uint32_t R[32], const uint32_t round_key[]) { 646| 6.92k| for(size_t round = 16; round > 0; round -= 2) { ------------------ | Branch (646:27): [True: 6.15k, False: 769] ------------------ 647| 6.15k| des_round(L, R, &round_key[(round - 1) * 48]); 648| 6.15k| des_round(R, L, &round_key[(round - 2) * 48]); 649| 6.15k| } 650| 769|} des.cpp:_ZN5Botan12_GLOBAL__N_116des_key_scheduleEPjPKh: 656| 225|void des_key_schedule(uint32_t round_key[], const uint8_t key[8]) { 657| 225| static const uint8_t ROT[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1}; 658| | 659| 225| uint32_t C = ((key[7] & 0x80) << 20) | ((key[6] & 0x80) << 19) | ((key[5] & 0x80) << 18) | ((key[4] & 0x80) << 17) | 660| 225| ((key[3] & 0x80) << 16) | ((key[2] & 0x80) << 15) | ((key[1] & 0x80) << 14) | ((key[0] & 0x80) << 13) | 661| 225| ((key[7] & 0x40) << 13) | ((key[6] & 0x40) << 12) | ((key[5] & 0x40) << 11) | ((key[4] & 0x40) << 10) | 662| 225| ((key[3] & 0x40) << 9) | ((key[2] & 0x40) << 8) | ((key[1] & 0x40) << 7) | ((key[0] & 0x40) << 6) | 663| 225| ((key[7] & 0x20) << 6) | ((key[6] & 0x20) << 5) | ((key[5] & 0x20) << 4) | ((key[4] & 0x20) << 3) | 664| 225| ((key[3] & 0x20) << 2) | ((key[2] & 0x20) << 1) | ((key[1] & 0x20)) | ((key[0] & 0x20) >> 1) | 665| 225| ((key[7] & 0x10) >> 1) | ((key[6] & 0x10) >> 2) | ((key[5] & 0x10) >> 3) | ((key[4] & 0x10) >> 4); 666| 225| uint32_t D = ((key[7] & 0x02) << 26) | ((key[6] & 0x02) << 25) | ((key[5] & 0x02) << 24) | ((key[4] & 0x02) << 23) | 667| 225| ((key[3] & 0x02) << 22) | ((key[2] & 0x02) << 21) | ((key[1] & 0x02) << 20) | ((key[0] & 0x02) << 19) | 668| 225| ((key[7] & 0x04) << 17) | ((key[6] & 0x04) << 16) | ((key[5] & 0x04) << 15) | ((key[4] & 0x04) << 14) | 669| 225| ((key[3] & 0x04) << 13) | ((key[2] & 0x04) << 12) | ((key[1] & 0x04) << 11) | ((key[0] & 0x04) << 10) | 670| 225| ((key[7] & 0x08) << 8) | ((key[6] & 0x08) << 7) | ((key[5] & 0x08) << 6) | ((key[4] & 0x08) << 5) | 671| 225| ((key[3] & 0x08) << 4) | ((key[2] & 0x08) << 3) | ((key[1] & 0x08) << 2) | ((key[0] & 0x08) << 1) | 672| 225| ((key[3] & 0x10) >> 1) | ((key[2] & 0x10) >> 2) | ((key[1] & 0x10) >> 3) | ((key[0] & 0x10) >> 4); 673| | 674| 225| static const uint8_t PC2_C[24] = {13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, 675| 225| 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1}; 676| | 677| 225| static const uint8_t PC2_D[24] = {12, 23, 2, 8, 18, 26, 1, 11, 22, 16, 4, 19, 678| 225| 15, 20, 10, 27, 5, 24, 17, 13, 21, 7, 0, 3}; 679| | 680| 3.82k| for(size_t i = 0; i != 16; ++i) { ------------------ | Branch (680:22): [True: 3.60k, False: 225] ------------------ 681| 3.60k| C = ((C << ROT[i]) | (C >> (28 - ROT[i]))) & 0x0FFFFFFF; 682| 3.60k| D = ((D << ROT[i]) | (D >> (28 - ROT[i]))) & 0x0FFFFFFF; 683| | 684| 3.60k| uint32_t* rk = &round_key[i * 48]; 685| | 686| 90.0k| for(size_t j = 0; j < 24; ++j) { ------------------ | Branch (686:25): [True: 86.4k, False: 3.60k] ------------------ 687| 86.4k| const uint32_t bit = (C >> (27 - PC2_C[j])) & 1; 688| 86.4k| rk[j] = static_cast(0) - bit; 689| 86.4k| } 690| | 691| 90.0k| for(size_t j = 0; j < 24; ++j) { ------------------ | Branch (691:25): [True: 86.4k, False: 3.60k] ------------------ 692| 86.4k| const uint32_t bit = (D >> (27 - PC2_D[j])) & 1; 693| 86.4k| rk[24 + j] = static_cast(0) - bit; 694| 86.4k| } 695| 3.60k| } 696| 225|} _ZN5Botan13base64_decodeEPKcmb: 187| 12.9k|secure_vector base64_decode(const char input[], size_t input_length, bool ignore_ws) { 188| 12.9k| return base_decode_to_vec>(Base64(), input, input_length, ignore_ws); 189| 12.9k|} base64.cpp:_ZN5Botan12_GLOBAL__N_16Base6417decode_max_outputEm: 42| 25.8k| static constexpr size_t decode_max_output(size_t input_length) { 43| 25.8k| return (round_up(input_length, m_encoding_bytes_out) * m_encoding_bytes_in) / m_encoding_bytes_out; 44| 25.8k| } base64.cpp:_ZN5Botan12_GLOBAL__N_16Base6419lookup_binary_valueEc: 110| 5.34M|uint8_t Base64::lookup_binary_value(char input) noexcept { 111| 5.34M| auto has_zero_byte = [](uint64_t v) { return ((v - 0x0101010101010101) & ~(v) & 0x8080808080808080); }; 112| | 113| | // Assumes each byte is either 0x00 or 0x80 114| 5.34M| auto index_of_first_set_byte = [](uint64_t v) { 115| 5.34M| return ((((v - 1) & 0x0101010101010101) * 0x0101010101010101) >> 56) - 1; 116| 5.34M| }; 117| | 118| 5.34M| constexpr uint64_t lo = 0x0101010101010101; 119| | 120| 5.34M| const uint8_t x = static_cast(input); 121| | 122| 5.34M| const uint64_t x8 = x * lo; 123| | 124| | // Defines the valid ASCII ranges of base64, except the special chars (below) 125| 5.34M| constexpr uint64_t val_l = make_uint64(0, 0, 0, 0, 0, 'A', 'a', '0'); 126| 5.34M| constexpr uint64_t val_u = make_uint64(0, 0, 0, 0, 0, 26, 26, 10); 127| | 128| | // If x is in one of the ranges return a mask. Otherwise we xor in at the 129| | // high word which will be our invalid marker 130| 5.34M| auto v_mask = swar_in_range(x8, val_l, val_u) ^ 0x80000000; 131| | 132| | // This is the offset added to x to get the value 133| 5.34M| const uint64_t val_v = 0xbfb904 ^ (0xFF000000 - (x << 24)); 134| | 135| 5.34M| const uint8_t z = x + static_cast(val_v >> (8 * index_of_first_set_byte(v_mask))); 136| | 137| | // Valid base64 special characters, and some whitespace chars 138| 5.34M| constexpr uint64_t specials_i = make_uint64(0, '+', '/', '=', ' ', '\n', '\t', '\r'); 139| | 140| 5.34M| const uint64_t specials_v = 0x3e3f8180808080 ^ (static_cast(z) << 56); 141| | 142| 5.34M| const uint64_t smask = has_zero_byte(x8 ^ specials_i) ^ 0x8000000000000000; 143| | 144| 5.34M| return static_cast(specials_v >> (8 * index_of_first_set_byte(smask))); 145| 5.34M|} base64.cpp:_ZZN5Botan12_GLOBAL__N_16Base6419lookup_binary_valueEcENK3$_0clEm: 114| 10.6M| auto index_of_first_set_byte = [](uint64_t v) { 115| 10.6M| return ((((v - 1) & 0x0101010101010101) * 0x0101010101010101) >> 56) - 1; 116| 10.6M| }; base64.cpp:_ZZN5Botan12_GLOBAL__N_16Base6419lookup_binary_valueEcENK3$_1clEm: 111| 5.34M| auto has_zero_byte = [](uint64_t v) { return ((v - 0x0101010101010101) & ~(v) & 0x8080808080808080); }; base64.cpp:_ZN5Botan12_GLOBAL__N_16Base6414check_bad_charEhcb: 148| 5.34M|bool Base64::check_bad_char(uint8_t bin, char input, bool ignore_ws) { 149| 5.34M| if(bin <= 0x3F) { ------------------ | Branch (149:7): [True: 5.34M, False: 0] ------------------ 150| 5.34M| return true; 151| 5.34M| } else if(!(bin == 0x81 || (bin == 0x80 && ignore_ws))) { ------------------ | Branch (151:16): [True: 0, False: 0] | Branch (151:32): [True: 0, False: 0] | Branch (151:47): [True: 0, False: 0] ------------------ 152| 0| throw Invalid_Argument(fmt("base64_decode: invalid character '{}'", format_char_for_display(input))); 153| 0| } 154| 0| return false; 155| 5.34M|} base64.cpp:_ZN5Botan12_GLOBAL__N_16Base646decodeEPhPKh: 52| 1.33M| static void decode(uint8_t* out_ptr, const uint8_t decode_buf[4]) { 53| 1.33M| out_ptr[0] = (decode_buf[0] << 2) | (decode_buf[1] >> 4); 54| 1.33M| out_ptr[1] = (decode_buf[1] << 4) | (decode_buf[2] >> 2); 55| 1.33M| out_ptr[2] = (decode_buf[2] << 6) | decode_buf[3]; 56| 1.33M| } base64.cpp:_ZN5Botan12_GLOBAL__N_16Base6415bytes_to_removeEm: 58| 12.9k| static size_t bytes_to_remove(size_t final_truncate) { return final_truncate; } _ZN5Botan10hex_encodeEPcPKhmb: 34| 12.9k|void hex_encode(char output[], const uint8_t input[], size_t input_length, bool uppercase) { 35| 348k| for(size_t i = 0; i != input_length; ++i) { ------------------ | Branch (35:22): [True: 335k, False: 12.9k] ------------------ 36| 335k| const uint16_t h = hex_encode_2nibble(input[i], uppercase); 37| 335k| output[2 * i] = get_byte<0>(h); 38| 335k| output[2 * i + 1] = get_byte<1>(h); 39| 335k| } 40| 12.9k|} _ZN5Botan10hex_encodeEPKhmb: 42| 12.9k|std::string hex_encode(const uint8_t input[], size_t input_length, bool uppercase) { 43| 12.9k| std::string output(2 * input_length, 0); 44| | 45| 12.9k| if(input_length > 0) { ------------------ | Branch (45:7): [True: 12.9k, False: 0] ------------------ 46| 12.9k| hex_encode(&output.front(), input, input_length, uppercase); 47| 12.9k| } 48| | 49| 12.9k| return output; 50| 12.9k|} _ZN5Botan10hex_decodeEPhPKcmRmb: 72| 11.4k|size_t hex_decode(uint8_t output[], const char input[], size_t input_length, size_t& input_consumed, bool ignore_ws) { 73| 11.4k| uint8_t* out_ptr = output; 74| 11.4k| bool top_nibble = true; 75| | 76| 11.4k| clear_mem(output, input_length / 2); 77| | 78| 378k| for(size_t i = 0; i != input_length; ++i) { ------------------ | Branch (78:22): [True: 367k, False: 11.4k] ------------------ 79| 367k| const uint8_t bin = hex_char_to_bin(input[i]); 80| | 81| 367k| if(bin >= 0x10) { ------------------ | Branch (81:10): [True: 0, False: 367k] ------------------ 82| 0| if(bin == 0x80 && ignore_ws) { ------------------ | Branch (82:13): [True: 0, False: 0] | Branch (82:28): [True: 0, False: 0] ------------------ 83| 0| continue; 84| 0| } 85| | 86| 0| throw Invalid_Argument(fmt("hex_decode: invalid character '{}'", format_char_for_display(input[i]))); 87| 0| } 88| | 89| 367k| if(top_nibble) { ------------------ | Branch (89:10): [True: 183k, False: 183k] ------------------ 90| 183k| *out_ptr |= bin << 4; 91| 183k| } else { 92| 183k| *out_ptr |= bin; 93| 183k| } 94| | 95| 367k| top_nibble = !top_nibble; 96| 367k| if(top_nibble) { ------------------ | Branch (96:10): [True: 183k, False: 183k] ------------------ 97| 183k| ++out_ptr; 98| 183k| } 99| 367k| } 100| | 101| 11.4k| input_consumed = input_length; 102| 11.4k| const size_t written = (out_ptr - output); 103| | 104| | /* 105| | * We only got half of a uint8_t at the end; zap the half-written 106| | * output and mark it as unread 107| | */ 108| 11.4k| if(!top_nibble) { ------------------ | Branch (108:7): [True: 0, False: 11.4k] ------------------ 109| 0| *out_ptr = 0; 110| 0| input_consumed -= 1; 111| 0| } 112| | 113| 11.4k| return written; 114| 11.4k|} _ZN5Botan10hex_decodeEPhPKcmb: 116| 11.4k|size_t hex_decode(uint8_t output[], const char input[], size_t input_length, bool ignore_ws) { 117| 11.4k| size_t consumed = 0; 118| 11.4k| const size_t written = hex_decode(output, input, input_length, consumed, ignore_ws); 119| | 120| 11.4k| if(consumed != input_length) { ------------------ | Branch (120:7): [True: 0, False: 11.4k] ------------------ 121| 0| throw Invalid_Argument("hex_decode: input did not have full bytes"); 122| 0| } 123| | 124| 11.4k| return written; 125| 11.4k|} _ZN5Botan17hex_decode_lockedEPKcmb: 135| 11.4k|secure_vector hex_decode_locked(const char input[], size_t input_length, bool ignore_ws) { 136| 11.4k| secure_vector bin(1 + input_length / 2); 137| | 138| 11.4k| const size_t written = hex_decode(bin.data(), input, input_length, ignore_ws); 139| | 140| 11.4k| bin.resize(written); 141| 11.4k| return bin; 142| 11.4k|} _ZN5Botan17hex_decode_lockedENSt3__117basic_string_viewIcNS0_11char_traitsIcEEEEb: 144| 11.4k|secure_vector hex_decode_locked(std::string_view input, bool ignore_ws) { 145| 11.4k| return hex_decode_locked(input.data(), input.size(), ignore_ws); 146| 11.4k|} hex.cpp:_ZN5Botan12_GLOBAL__N_118hex_encode_2nibbleEhb: 21| 335k|uint16_t hex_encode_2nibble(uint8_t n8, bool uppercase) { 22| | // Offset for upper or lower case 'a' resp 23| 335k| const uint16_t a_mask = uppercase ? 0x0707 : 0x2727; ------------------ | Branch (23:28): [True: 335k, False: 0] ------------------ 24| | 25| 335k| const uint16_t n = (static_cast(n8 & 0xF0) << 4) | (n8 & 0x0F); 26| | // n >= 10? If so add offset 27| 335k| const uint16_t diff = swar_lt(0x0909, n) & a_mask; 28| | // Can't overflow between bytes, so don't need explicit SWAR addition: 29| 335k| return n + 0x3030 + diff; 30| 335k|} hex.cpp:_ZN5Botan12_GLOBAL__N_115hex_char_to_binEc: 54| 367k|uint8_t hex_char_to_bin(char input) { 55| | // Starts of valid value ranges (v_lo) and their lengths (v_range) 56| 367k| constexpr uint64_t v_lo = make_uint64(0, '0', 'a', 'A', ' ', '\n', '\t', '\r'); 57| 367k| constexpr uint64_t v_range = make_uint64(0, 10, 6, 6, 1, 1, 1, 1); 58| | 59| 367k| const uint8_t x = static_cast(input); 60| 367k| const uint64_t x8 = x * 0x0101010101010101; 61| | 62| 367k| const uint64_t v_mask = swar_in_range(x8, v_lo, v_range) ^ 0x8000000000000000; 63| | 64| | // This is the offset added to x to get the value we need 65| 367k| const uint64_t val_v = 0xd0a9c960767773 ^ static_cast(0xFF - x) << 56; 66| | 67| 367k| return x + static_cast(val_v >> (8 * index_of_first_set_byte(v_mask))); 68| 367k|} _ZN5Botan12HashFunction6createENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 111| 41.0k|std::unique_ptr HashFunction::create(std::string_view algo_spec, std::string_view provider) { 112| |#if defined(BOTAN_HAS_COMMONCRYPTO) 113| | if(provider.empty() || provider == "commoncrypto") { 114| | if(auto hash = make_commoncrypto_hash(algo_spec)) 115| | return hash; 116| | 117| | if(!provider.empty()) 118| | return nullptr; 119| | } 120| |#endif 121| | 122| 41.0k| if(provider.empty() == false && provider != "base") { ------------------ | Branch (122:7): [True: 0, False: 41.0k] | Branch (122:36): [True: 0, False: 0] ------------------ 123| 0| return nullptr; // unknown provider 124| 0| } 125| | 126| 41.0k|#if defined(BOTAN_HAS_SHA1) 127| 41.0k| if(algo_spec == "SHA-1") { ------------------ | Branch (127:7): [True: 6.59k, False: 34.4k] ------------------ 128| 6.59k| return std::make_unique(); 129| 6.59k| } 130| 34.4k|#endif 131| | 132| 34.4k|#if defined(BOTAN_HAS_SHA2_32) 133| 34.4k| if(algo_spec == "SHA-224") { ------------------ | Branch (133:7): [True: 0, False: 34.4k] ------------------ 134| 0| return std::make_unique(); 135| 0| } 136| | 137| 34.4k| if(algo_spec == "SHA-256") { ------------------ | Branch (137:7): [True: 33.8k, False: 618] ------------------ 138| 33.8k| return std::make_unique(); 139| 33.8k| } 140| 618|#endif 141| | 142| 618|#if defined(BOTAN_HAS_SHA2_64) 143| 618| if(algo_spec == "SHA-384") { ------------------ | Branch (143:7): [True: 618, False: 0] ------------------ 144| 618| return std::make_unique(); 145| 618| } 146| | 147| 0| if(algo_spec == "SHA-512") { ------------------ | Branch (147:7): [True: 0, False: 0] ------------------ 148| 0| return std::make_unique(); 149| 0| } 150| | 151| 0| if(algo_spec == "SHA-512-256") { ------------------ | Branch (151:7): [True: 0, False: 0] ------------------ 152| 0| return std::make_unique(); 153| 0| } 154| 0|#endif 155| | 156| 0|#if defined(BOTAN_HAS_RIPEMD_160) 157| 0| if(algo_spec == "RIPEMD-160") { ------------------ | Branch (157:7): [True: 0, False: 0] ------------------ 158| 0| return std::make_unique(); 159| 0| } 160| 0|#endif 161| | 162| 0|#if defined(BOTAN_HAS_WHIRLPOOL) 163| 0| if(algo_spec == "Whirlpool") { ------------------ | Branch (163:7): [True: 0, False: 0] ------------------ 164| 0| return std::make_unique(); 165| 0| } 166| 0|#endif 167| | 168| 0|#if defined(BOTAN_HAS_MD5) 169| 0| if(algo_spec == "MD5") { ------------------ | Branch (169:7): [True: 0, False: 0] ------------------ 170| 0| return std::make_unique(); 171| 0| } 172| 0|#endif 173| | 174| 0|#if defined(BOTAN_HAS_MD4) 175| 0| if(algo_spec == "MD4") { ------------------ | Branch (175:7): [True: 0, False: 0] ------------------ 176| 0| return std::make_unique(); 177| 0| } 178| 0|#endif 179| | 180| 0|#if defined(BOTAN_HAS_GOST_34_11) 181| 0| if(algo_spec == "GOST-R-34.11-94" || algo_spec == "GOST-34.11") { ------------------ | Branch (181:7): [True: 0, False: 0] | Branch (181:41): [True: 0, False: 0] ------------------ 182| 0| return std::make_unique(); 183| 0| } 184| 0|#endif 185| | 186| 0|#if defined(BOTAN_HAS_ADLER32) 187| 0| if(algo_spec == "Adler32") { ------------------ | Branch (187:7): [True: 0, False: 0] ------------------ 188| 0| return std::make_unique(); 189| 0| } 190| 0|#endif 191| | 192| 0|#if defined(BOTAN_HAS_ASCON_HASH256) 193| 0| if(algo_spec == "Ascon-Hash256") { ------------------ | Branch (193:7): [True: 0, False: 0] ------------------ 194| 0| return std::make_unique(); 195| 0| } 196| 0|#endif 197| | 198| 0|#if defined(BOTAN_HAS_CRC24) 199| 0| if(algo_spec == "CRC24") { ------------------ | Branch (199:7): [True: 0, False: 0] ------------------ 200| 0| return std::make_unique(); 201| 0| } 202| 0|#endif 203| | 204| 0|#if defined(BOTAN_HAS_CRC32) 205| 0| if(algo_spec == "CRC32") { ------------------ | Branch (205:7): [True: 0, False: 0] ------------------ 206| 0| return std::make_unique(); 207| 0| } 208| 0|#endif 209| | 210| 0|#if defined(BOTAN_HAS_STREEBOG) 211| 0| if(algo_spec == "Streebog-256") { ------------------ | Branch (211:7): [True: 0, False: 0] ------------------ 212| 0| return std::make_unique(256); 213| 0| } 214| 0| if(algo_spec == "Streebog-512") { ------------------ | Branch (214:7): [True: 0, False: 0] ------------------ 215| 0| return std::make_unique(512); 216| 0| } 217| 0|#endif 218| | 219| 0|#if defined(BOTAN_HAS_SM3) 220| 0| if(algo_spec == "SM3") { ------------------ | Branch (220:7): [True: 0, False: 0] ------------------ 221| 0| return std::make_unique(); 222| 0| } 223| 0|#endif 224| | 225| 0| const SCAN_Name req(algo_spec); 226| | 227| 0|#if defined(BOTAN_HAS_SKEIN_512) 228| 0| if(req.algo_name() == "Skein-512") { ------------------ | Branch (228:7): [True: 0, False: 0] ------------------ 229| 0| return std::make_unique(req.arg_as_integer(0, 512), req.arg(1, "")); 230| 0| } 231| 0|#endif 232| | 233| 0|#if defined(BOTAN_HAS_BLAKE2B) 234| 0| if(req.algo_name() == "Blake2b" || req.algo_name() == "BLAKE2b") { ------------------ | Branch (234:7): [True: 0, False: 0] | Branch (234:39): [True: 0, False: 0] ------------------ 235| 0| return std::make_unique(req.arg_as_integer(0, 512)); 236| 0| } 237| 0|#endif 238| | 239| 0|#if defined(BOTAN_HAS_BLAKE2S) 240| 0| if(req.algo_name() == "Blake2s" || req.algo_name() == "BLAKE2s") { ------------------ | Branch (240:7): [True: 0, False: 0] | Branch (240:39): [True: 0, False: 0] ------------------ 241| 0| return std::make_unique(req.arg_as_integer(0, 256)); 242| 0| } 243| 0|#endif 244| | 245| 0|#if defined(BOTAN_HAS_KECCAK) 246| 0| if(req.algo_name() == "Keccak-1600") { ------------------ | Branch (246:7): [True: 0, False: 0] ------------------ 247| 0| return std::make_unique(req.arg_as_integer(0, 512)); 248| 0| } 249| 0|#endif 250| | 251| 0|#if defined(BOTAN_HAS_SHA3) 252| 0| if(req.algo_name() == "SHA-3") { ------------------ | Branch (252:7): [True: 0, False: 0] ------------------ 253| 0| return std::make_unique(req.arg_as_integer(0, 512)); 254| 0| } 255| 0|#endif 256| | 257| 0|#if defined(BOTAN_HAS_SHAKE) 258| 0| if(req.algo_name() == "SHAKE-128" && req.arg_count() == 1) { ------------------ | Branch (258:7): [True: 0, False: 0] | Branch (258:41): [True: 0, False: 0] ------------------ 259| 0| return std::make_unique(req.arg_as_integer(0)); 260| 0| } 261| 0| if(req.algo_name() == "SHAKE-256" && req.arg_count() == 1) { ------------------ | Branch (261:7): [True: 0, False: 0] | Branch (261:41): [True: 0, False: 0] ------------------ 262| 0| return std::make_unique(req.arg_as_integer(0)); 263| 0| } 264| 0|#endif 265| | 266| 0|#if defined(BOTAN_HAS_PARALLEL_HASH) 267| 0| if(req.algo_name() == "Parallel") { ------------------ | Branch (267:7): [True: 0, False: 0] ------------------ 268| 0| std::vector> hashes; 269| | 270| 0| for(size_t i = 0; i != req.arg_count(); ++i) { ------------------ | Branch (270:25): [True: 0, False: 0] ------------------ 271| 0| auto h = HashFunction::create(req.arg(i)); 272| 0| if(!h) { ------------------ | Branch (272:13): [True: 0, False: 0] ------------------ 273| 0| return nullptr; 274| 0| } 275| 0| hashes.push_back(std::move(h)); 276| 0| } 277| | 278| 0| return std::make_unique(hashes); 279| 0| } 280| 0|#endif 281| | 282| 0|#if defined(BOTAN_HAS_TRUNCATED_HASH) 283| 0| if(req.algo_name() == "Truncated" && req.arg_count() == 2) { ------------------ | Branch (283:7): [True: 0, False: 0] | Branch (283:41): [True: 0, False: 0] ------------------ 284| 0| auto hash = HashFunction::create(req.arg(0)); 285| 0| if(!hash) { ------------------ | Branch (285:10): [True: 0, False: 0] ------------------ 286| 0| return nullptr; 287| 0| } 288| | 289| 0| return std::make_unique(std::move(hash), req.arg_as_integer(1)); 290| 0| } 291| 0|#endif 292| | 293| 0|#if defined(BOTAN_HAS_COMB4P) 294| 0| if(req.algo_name() == "Comb4P" && req.arg_count() == 2) { ------------------ | Branch (294:7): [True: 0, False: 0] | Branch (294:38): [True: 0, False: 0] ------------------ 295| 0| auto h1 = HashFunction::create(req.arg(0)); 296| 0| auto h2 = HashFunction::create(req.arg(1)); 297| | 298| 0| if(h1 && h2) { ------------------ | Branch (298:10): [True: 0, False: 0] | Branch (298:16): [True: 0, False: 0] ------------------ 299| 0| return std::make_unique(std::move(h1), std::move(h2)); 300| 0| } 301| 0| } 302| 0|#endif 303| | 304| 0| return nullptr; 305| 0|} _ZN5Botan12HashFunction15create_or_throwENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 308| 23.6k|std::unique_ptr HashFunction::create_or_throw(std::string_view algo, std::string_view provider) { 309| 23.6k| if(auto hash = HashFunction::create(algo, provider)) { ------------------ | Branch (309:12): [True: 23.6k, False: 0] ------------------ 310| 23.6k| return hash; 311| 23.6k| } 312| 0| throw Lookup_Error("Hash", algo, provider); 313| 23.6k|} _ZN5Botan5SHA_110compress_nERNSt3__16vectorIjNS_16secure_allocatorIjEEEENS1_4spanIKhLm18446744073709551615EEEm: 24| 26.6k|void SHA_1::compress_n(digest_type& digest, std::span input, size_t blocks) { 25| 26.6k| using namespace SHA1_F; 26| | 27| 26.6k|#if defined(BOTAN_HAS_SHA1_X86_SHA_NI) 28| 26.6k| if(CPUID::has(CPUID::Feature::SHA)) { ------------------ | Branch (28:7): [True: 26.6k, False: 0] ------------------ 29| 26.6k| return sha1_compress_x86(digest, input, blocks); 30| 26.6k| } 31| 0|#endif 32| | 33| |#if defined(BOTAN_HAS_SHA1_ARMV8) 34| | if(CPUID::has(CPUID::Feature::SHA1)) { 35| | return sha1_armv8_compress_n(digest, input, blocks); 36| | } 37| |#endif 38| | 39| 0|#if defined(BOTAN_HAS_SHA1_AVX2) 40| 0| if(CPUID::has(CPUID::Feature::AVX2, CPUID::Feature::BMI)) { ------------------ | Branch (40:7): [True: 0, False: 0] ------------------ 41| 0| return avx2_compress_n(digest, input, blocks); 42| 0| } 43| 0|#endif 44| | 45| 0|#if defined(BOTAN_HAS_SHA1_SIMD_4X32) 46| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (46:7): [True: 0, False: 0] ------------------ 47| 0| return simd_compress_n(digest, input, blocks); 48| 0| } 49| 0|#endif 50| | 51| 0| uint32_t A = digest[0]; 52| 0| uint32_t B = digest[1]; 53| 0| uint32_t C = digest[2]; 54| 0| uint32_t D = digest[3]; 55| 0| uint32_t E = digest[4]; 56| 0| std::array W{}; 57| 0| auto W_in = std::span{W}.first(); 58| | 59| 0| BufferSlicer in(input); 60| | 61| 0| for(size_t i = 0; i != blocks; ++i) { ------------------ | Branch (61:22): [True: 0, False: 0] ------------------ 62| 0| load_be(W_in, in.take()); 63| | 64| | // clang-format off 65| | 66| 0| for(size_t j = 16; j != 80; j += 8) { ------------------ | Branch (66:26): [True: 0, False: 0] ------------------ 67| 0| W[j + 0] = rotl<1>(W[j - 3] ^ W[j - 8] ^ W[j - 14] ^ W[j - 16]); 68| 0| W[j + 1] = rotl<1>(W[j - 2] ^ W[j - 7] ^ W[j - 13] ^ W[j - 15]); 69| 0| W[j + 2] = rotl<1>(W[j - 1] ^ W[j - 6] ^ W[j - 12] ^ W[j - 14]); 70| 0| W[j + 3] = rotl<1>(W[j ] ^ W[j - 5] ^ W[j - 11] ^ W[j - 13]); 71| 0| W[j + 4] = rotl<1>(W[j + 1] ^ W[j - 4] ^ W[j - 10] ^ W[j - 12]); 72| 0| W[j + 5] = rotl<1>(W[j + 2] ^ W[j - 3] ^ W[j - 9] ^ W[j - 11]); 73| 0| W[j + 6] = rotl<1>(W[j + 3] ^ W[j - 2] ^ W[j - 8] ^ W[j - 10]); 74| 0| W[j + 7] = rotl<1>(W[j + 4] ^ W[j - 1] ^ W[j - 7] ^ W[j - 9]); 75| 0| } 76| | 77| | // clang-format on 78| | 79| 0| F1(A, B, C, D, E, W[0] + K1); 80| 0| F1(E, A, B, C, D, W[1] + K1); 81| 0| F1(D, E, A, B, C, W[2] + K1); 82| 0| F1(C, D, E, A, B, W[3] + K1); 83| 0| F1(B, C, D, E, A, W[4] + K1); 84| 0| F1(A, B, C, D, E, W[5] + K1); 85| 0| F1(E, A, B, C, D, W[6] + K1); 86| 0| F1(D, E, A, B, C, W[7] + K1); 87| 0| F1(C, D, E, A, B, W[8] + K1); 88| 0| F1(B, C, D, E, A, W[9] + K1); 89| 0| F1(A, B, C, D, E, W[10] + K1); 90| 0| F1(E, A, B, C, D, W[11] + K1); 91| 0| F1(D, E, A, B, C, W[12] + K1); 92| 0| F1(C, D, E, A, B, W[13] + K1); 93| 0| F1(B, C, D, E, A, W[14] + K1); 94| 0| F1(A, B, C, D, E, W[15] + K1); 95| 0| F1(E, A, B, C, D, W[16] + K1); 96| 0| F1(D, E, A, B, C, W[17] + K1); 97| 0| F1(C, D, E, A, B, W[18] + K1); 98| 0| F1(B, C, D, E, A, W[19] + K1); 99| | 100| 0| F2(A, B, C, D, E, W[20] + K2); 101| 0| F2(E, A, B, C, D, W[21] + K2); 102| 0| F2(D, E, A, B, C, W[22] + K2); 103| 0| F2(C, D, E, A, B, W[23] + K2); 104| 0| F2(B, C, D, E, A, W[24] + K2); 105| 0| F2(A, B, C, D, E, W[25] + K2); 106| 0| F2(E, A, B, C, D, W[26] + K2); 107| 0| F2(D, E, A, B, C, W[27] + K2); 108| 0| F2(C, D, E, A, B, W[28] + K2); 109| 0| F2(B, C, D, E, A, W[29] + K2); 110| 0| F2(A, B, C, D, E, W[30] + K2); 111| 0| F2(E, A, B, C, D, W[31] + K2); 112| 0| F2(D, E, A, B, C, W[32] + K2); 113| 0| F2(C, D, E, A, B, W[33] + K2); 114| 0| F2(B, C, D, E, A, W[34] + K2); 115| 0| F2(A, B, C, D, E, W[35] + K2); 116| 0| F2(E, A, B, C, D, W[36] + K2); 117| 0| F2(D, E, A, B, C, W[37] + K2); 118| 0| F2(C, D, E, A, B, W[38] + K2); 119| 0| F2(B, C, D, E, A, W[39] + K2); 120| | 121| 0| F3(A, B, C, D, E, W[40] + K3); 122| 0| F3(E, A, B, C, D, W[41] + K3); 123| 0| F3(D, E, A, B, C, W[42] + K3); 124| 0| F3(C, D, E, A, B, W[43] + K3); 125| 0| F3(B, C, D, E, A, W[44] + K3); 126| 0| F3(A, B, C, D, E, W[45] + K3); 127| 0| F3(E, A, B, C, D, W[46] + K3); 128| 0| F3(D, E, A, B, C, W[47] + K3); 129| 0| F3(C, D, E, A, B, W[48] + K3); 130| 0| F3(B, C, D, E, A, W[49] + K3); 131| 0| F3(A, B, C, D, E, W[50] + K3); 132| 0| F3(E, A, B, C, D, W[51] + K3); 133| 0| F3(D, E, A, B, C, W[52] + K3); 134| 0| F3(C, D, E, A, B, W[53] + K3); 135| 0| F3(B, C, D, E, A, W[54] + K3); 136| 0| F3(A, B, C, D, E, W[55] + K3); 137| 0| F3(E, A, B, C, D, W[56] + K3); 138| 0| F3(D, E, A, B, C, W[57] + K3); 139| 0| F3(C, D, E, A, B, W[58] + K3); 140| 0| F3(B, C, D, E, A, W[59] + K3); 141| | 142| 0| F4(A, B, C, D, E, W[60] + K4); 143| 0| F4(E, A, B, C, D, W[61] + K4); 144| 0| F4(D, E, A, B, C, W[62] + K4); 145| 0| F4(C, D, E, A, B, W[63] + K4); 146| 0| F4(B, C, D, E, A, W[64] + K4); 147| 0| F4(A, B, C, D, E, W[65] + K4); 148| 0| F4(E, A, B, C, D, W[66] + K4); 149| 0| F4(D, E, A, B, C, W[67] + K4); 150| 0| F4(C, D, E, A, B, W[68] + K4); 151| 0| F4(B, C, D, E, A, W[69] + K4); 152| 0| F4(A, B, C, D, E, W[70] + K4); 153| 0| F4(E, A, B, C, D, W[71] + K4); 154| 0| F4(D, E, A, B, C, W[72] + K4); 155| 0| F4(C, D, E, A, B, W[73] + K4); 156| 0| F4(B, C, D, E, A, W[74] + K4); 157| 0| F4(A, B, C, D, E, W[75] + K4); 158| 0| F4(E, A, B, C, D, W[76] + K4); 159| 0| F4(D, E, A, B, C, W[77] + K4); 160| 0| F4(C, D, E, A, B, W[78] + K4); 161| 0| F4(B, C, D, E, A, W[79] + K4); 162| | 163| 0| A = (digest[0] += A); 164| 0| B = (digest[1] += B); 165| 0| C = (digest[2] += C); 166| 0| D = (digest[3] += D); 167| 0| E = (digest[4] += E); 168| 0| } 169| 0|} _ZN5Botan5SHA_14initERNSt3__16vectorIjNS_16secure_allocatorIjEEEE: 174| 19.8k|void SHA_1::init(digest_type& digest) { 175| 19.8k| digest.assign({0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0}); 176| 19.8k|} _ZN5Botan5SHA_18add_dataENSt3__14spanIKhLm18446744073709551615EEE: 214| 13.7k|void SHA_1::add_data(std::span input) { 215| 13.7k| m_md.update(input); 216| 13.7k|} _ZN5Botan5SHA_112final_resultENSt3__14spanIhLm18446744073709551615EEE: 218| 13.1k|void SHA_1::final_result(std::span output) { 219| 13.1k| m_md.final(output); 220| 13.1k|} _ZN5Botan5SHA_117sha1_compress_x86ERNSt3__16vectorIjNS_16secure_allocatorIjEEEENS1_4spanIKhLm18446744073709551615EEEm: 76| 26.6k| size_t blocks) { 77| 26.6k| const uint8_t* input = input_span.data(); 78| | 79| 26.6k| SIMD_4x32 ABCD = rev_words(SIMD_4x32::load_le(&digest[0])); // NOLINT(*-container-data-pointer) 80| 26.6k| SIMD_4x32 E0 = SIMD_4x32(0, 0, 0, digest[4]); 81| | 82| 93.6k| while(blocks > 0) { ------------------ | Branch (82:10): [True: 67.0k, False: 26.6k] ------------------ 83| | // Save current hash 84| 67.0k| const auto ABCD_SAVE = ABCD; 85| 67.0k| const auto E0_SAVE = E0; 86| | 87| 67.0k| auto W0 = rev_words(SIMD_4x32::load_be(input)); 88| 67.0k| auto W1 = rev_words(SIMD_4x32::load_be(input + 16)); 89| 67.0k| auto W2 = rev_words(SIMD_4x32::load_be(input + 32)); 90| 67.0k| auto W3 = rev_words(SIMD_4x32::load_be(input + 48)); 91| | 92| 67.0k| sha1_x86_first8<0>(ABCD, E0, W0, W1); 93| 67.0k| sha1_x86_rnds8<0>(ABCD, E0, W2, W3); 94| | 95| 67.0k| W0 = sha1_x86_msg1(W0, W1); 96| 67.0k| W1 = sha1_x86_msg1(W1, W2); 97| 67.0k| W0 ^= W2; 98| | 99| 67.0k| sha1_x86_next_msg(W3, W0, W1, W2); 100| 67.0k| sha1_x86_next_msg(W0, W1, W2, W3); 101| 67.0k| sha1_x86_rnds8<0, 1>(ABCD, E0, W0, W1); 102| | 103| 67.0k| sha1_x86_next_msg(W1, W2, W3, W0); 104| 67.0k| sha1_x86_next_msg(W2, W3, W0, W1); 105| 67.0k| sha1_x86_rnds8<1>(ABCD, E0, W2, W3); 106| | 107| 67.0k| sha1_x86_next_msg(W3, W0, W1, W2); 108| 67.0k| sha1_x86_next_msg(W0, W1, W2, W3); 109| 67.0k| sha1_x86_rnds8<1>(ABCD, E0, W0, W1); 110| | 111| 67.0k| sha1_x86_next_msg(W1, W2, W3, W0); 112| 67.0k| sha1_x86_next_msg(W2, W3, W0, W1); 113| 67.0k| sha1_x86_rnds8<2>(ABCD, E0, W2, W3); 114| | 115| 67.0k| sha1_x86_next_msg(W3, W0, W1, W2); 116| 67.0k| sha1_x86_next_msg(W0, W1, W2, W3); 117| 67.0k| sha1_x86_rnds8<2>(ABCD, E0, W0, W1); 118| | 119| 67.0k| sha1_x86_next_msg(W1, W2, W3, W0); 120| 67.0k| sha1_x86_next_msg(W2, W3, W0, W1); 121| 67.0k| sha1_x86_rnds8<2, 3>(ABCD, E0, W2, W3); 122| | 123| 67.0k| sha1_x86_next_msg(W3, W0, W1, W2); 124| 67.0k| sha1_x86_next_msg(W0, W1, W2, W3); 125| 67.0k| sha1_x86_rnds8<3>(ABCD, E0, W0, W1); 126| | 127| 67.0k| sha1_x86_next_msg(W1, W2, W3, W0); 128| 67.0k| sha1_x86_next_msg(W2, W3, W0, W1); 129| 67.0k| sha1_x86_rnds8<3>(ABCD, E0, W2, W3); 130| | 131| 67.0k| ABCD += ABCD_SAVE; 132| 67.0k| E0 = sha1_x86_nexte(E0, E0_SAVE); 133| | 134| 67.0k| input += 64; 135| 67.0k| blocks--; 136| 67.0k| } 137| | 138| 26.6k| rev_words(ABCD).store_le(&digest[0]); // NOLINT(*-container-data-pointer) 139| | digest[4] = _mm_extract_epi32(E0.raw(), 3); 140| 26.6k|} sha1_x86.cpp:_ZN5Botan12_GLOBAL__N_19rev_wordsERKNS_9SIMD_4x32E: 66| 321k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_SHANI SIMD_4x32 rev_words(const SIMD_4x32& v) { 67| | return SIMD_4x32(_mm_shuffle_epi32(v.raw(), 0b00011011)); 68| 321k|} sha1_x86.cpp:_ZN5Botan12_GLOBAL__N_113sha1_x86_msg1ERKNS_9SIMD_4x32ES3_: 29| 134k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_SHANI SIMD_4x32 sha1_x86_msg1(const SIMD_4x32& W0, const SIMD_4x32& W1) { 30| 134k| return SIMD_4x32(_mm_sha1msg1_epu32(W0.raw(), W1.raw())); 31| 134k|} sha1_x86.cpp:_ZN5Botan12_GLOBAL__N_117sha1_x86_next_msgERKNS_9SIMD_4x32ERS1_S4_S4_: 36| 1.07M| SIMD_4x32& W3) { 37| 1.07M| W3 = SIMD_4x32(_mm_sha1msg1_epu32(W3.raw(), W0.raw())); 38| 1.07M| W1 = SIMD_4x32(_mm_sha1msg2_epu32(W1.raw(), W0.raw())); 39| 1.07M| W2 ^= W0; 40| 1.07M|} sha1_x86.cpp:_ZN5Botan12_GLOBAL__N_114sha1_x86_nexteERKNS_9SIMD_4x32ES3_: 25| 1.34M|BOTAN_FORCE_INLINE BOTAN_FN_ISA_SHANI SIMD_4x32 sha1_x86_nexte(const SIMD_4x32& x, const SIMD_4x32& y) { 26| 1.34M| return SIMD_4x32(_mm_sha1nexte_epu32(x.raw(), y.raw())); 27| 1.34M|} sha1_x86.cpp:_ZN5Botan12_GLOBAL__N_115sha1_x86_first8ILh0ELh0EEEvRNS_9SIMD_4x32ES3_RKS2_S5_: 46| 67.0k| const SIMD_4x32& W1) { 47| 67.0k| auto TE = ABCD; 48| 67.0k| ABCD = SIMD_4x32(_mm_sha1rnds4_epu32(ABCD.raw(), (E + W0).raw(), R1)); 49| | 50| 67.0k| E = ABCD; 51| | ABCD = SIMD_4x32(_mm_sha1rnds4_epu32(ABCD.raw(), sha1_x86_nexte(TE, W1).raw(), R2)); 52| 67.0k|} sha1_x86.cpp:_ZN5Botan12_GLOBAL__N_114sha1_x86_rnds8ILh0ELh0EEEvRNS_9SIMD_4x32ES3_RKS2_S5_: 58| 67.0k| const SIMD_4x32& W1) { 59| 67.0k| auto TE = ABCD; 60| 67.0k| ABCD = SIMD_4x32(_mm_sha1rnds4_epu32(ABCD.raw(), sha1_x86_nexte(E, W0).raw(), R1)); 61| | 62| 67.0k| E = ABCD; 63| | ABCD = SIMD_4x32(_mm_sha1rnds4_epu32(ABCD.raw(), sha1_x86_nexte(TE, W1).raw(), R2)); 64| 67.0k|} sha1_x86.cpp:_ZN5Botan12_GLOBAL__N_114sha1_x86_rnds8ILh0ELh1EEEvRNS_9SIMD_4x32ES3_RKS2_S5_: 58| 67.0k| const SIMD_4x32& W1) { 59| 67.0k| auto TE = ABCD; 60| 67.0k| ABCD = SIMD_4x32(_mm_sha1rnds4_epu32(ABCD.raw(), sha1_x86_nexte(E, W0).raw(), R1)); 61| | 62| 67.0k| E = ABCD; 63| | ABCD = SIMD_4x32(_mm_sha1rnds4_epu32(ABCD.raw(), sha1_x86_nexte(TE, W1).raw(), R2)); 64| 67.0k|} sha1_x86.cpp:_ZN5Botan12_GLOBAL__N_114sha1_x86_rnds8ILh1ELh1EEEvRNS_9SIMD_4x32ES3_RKS2_S5_: 58| 134k| const SIMD_4x32& W1) { 59| 134k| auto TE = ABCD; 60| 134k| ABCD = SIMD_4x32(_mm_sha1rnds4_epu32(ABCD.raw(), sha1_x86_nexte(E, W0).raw(), R1)); 61| | 62| 134k| E = ABCD; 63| | ABCD = SIMD_4x32(_mm_sha1rnds4_epu32(ABCD.raw(), sha1_x86_nexte(TE, W1).raw(), R2)); 64| 134k|} sha1_x86.cpp:_ZN5Botan12_GLOBAL__N_114sha1_x86_rnds8ILh2ELh2EEEvRNS_9SIMD_4x32ES3_RKS2_S5_: 58| 134k| const SIMD_4x32& W1) { 59| 134k| auto TE = ABCD; 60| 134k| ABCD = SIMD_4x32(_mm_sha1rnds4_epu32(ABCD.raw(), sha1_x86_nexte(E, W0).raw(), R1)); 61| | 62| 134k| E = ABCD; 63| | ABCD = SIMD_4x32(_mm_sha1rnds4_epu32(ABCD.raw(), sha1_x86_nexte(TE, W1).raw(), R2)); 64| 134k|} sha1_x86.cpp:_ZN5Botan12_GLOBAL__N_114sha1_x86_rnds8ILh2ELh3EEEvRNS_9SIMD_4x32ES3_RKS2_S5_: 58| 67.0k| const SIMD_4x32& W1) { 59| 67.0k| auto TE = ABCD; 60| 67.0k| ABCD = SIMD_4x32(_mm_sha1rnds4_epu32(ABCD.raw(), sha1_x86_nexte(E, W0).raw(), R1)); 61| | 62| 67.0k| E = ABCD; 63| | ABCD = SIMD_4x32(_mm_sha1rnds4_epu32(ABCD.raw(), sha1_x86_nexte(TE, W1).raw(), R2)); 64| 67.0k|} sha1_x86.cpp:_ZN5Botan12_GLOBAL__N_114sha1_x86_rnds8ILh3ELh3EEEvRNS_9SIMD_4x32ES3_RKS2_S5_: 58| 134k| const SIMD_4x32& W1) { 59| 134k| auto TE = ABCD; 60| 134k| ABCD = SIMD_4x32(_mm_sha1rnds4_epu32(ABCD.raw(), sha1_x86_nexte(E, W0).raw(), R1)); 61| | 62| 134k| E = ABCD; 63| | ABCD = SIMD_4x32(_mm_sha1rnds4_epu32(ABCD.raw(), sha1_x86_nexte(TE, W1).raw(), R2)); 64| 134k|} _ZN5Botan7SHA_25615compress_digestERNSt3__16vectorIjNS_16secure_allocatorIjEEEENS1_4spanIKhLm18446744073709551615EEEm: 59| 164k| size_t blocks) { 60| 164k|#if defined(BOTAN_HAS_SHA2_32_X86) 61| 164k| if(CPUID::has(CPUID::Feature::SHA)) { ------------------ | Branch (61:7): [True: 164k, False: 0] ------------------ 62| 164k| return SHA_256::compress_digest_x86(digest, input, blocks); 63| 164k| } 64| 0|#endif 65| | 66| |#if defined(BOTAN_HAS_SHA2_32_ARMV8) 67| | if(CPUID::has(CPUID::Feature::SHA2)) { 68| | return SHA_256::compress_digest_armv8(digest, input, blocks); 69| | } 70| |#endif 71| | 72| 0|#if defined(BOTAN_HAS_SHA2_32_X86_AVX2) 73| 0| if(CPUID::has(CPUID::Feature::AVX2, CPUID::Feature::BMI)) { ------------------ | Branch (73:7): [True: 0, False: 0] ------------------ 74| 0| return SHA_256::compress_digest_x86_avx2(digest, input, blocks); 75| 0| } 76| 0|#endif 77| | 78| 0|#if defined(BOTAN_HAS_SHA2_32_SIMD) 79| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (79:7): [True: 0, False: 0] ------------------ 80| 0| return SHA_256::compress_digest_x86_simd(digest, input, blocks); 81| 0| } 82| 0|#endif 83| | 84| 0| uint32_t A = digest[0]; 85| 0| uint32_t B = digest[1]; 86| 0| uint32_t C = digest[2]; 87| 0| uint32_t D = digest[3]; 88| 0| uint32_t E = digest[4]; 89| 0| uint32_t F = digest[5]; 90| 0| uint32_t G = digest[6]; 91| 0| uint32_t H = digest[7]; 92| | 93| 0| std::array W{}; 94| | 95| 0| BufferSlicer in(input); 96| | 97| 0| for(size_t i = 0; i != blocks; ++i) { ------------------ | Branch (97:22): [True: 0, False: 0] ------------------ 98| 0| load_be(W, in.take()); 99| | 100| | // clang-format off 101| | 102| 0| SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x428A2F98); 103| 0| SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x71374491); 104| 0| SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0xB5C0FBCF); 105| 0| SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0xE9B5DBA5); 106| 0| SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x3956C25B); 107| 0| SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x59F111F1); 108| 0| SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x923F82A4); 109| 0| SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0xAB1C5ED5); 110| 0| SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xD807AA98); 111| 0| SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x12835B01); 112| 0| SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x243185BE); 113| 0| SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x550C7DC3); 114| 0| SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x72BE5D74); 115| 0| SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0x80DEB1FE); 116| 0| SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x9BDC06A7); 117| 0| SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC19BF174); 118| | 119| 0| SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0xE49B69C1); 120| 0| SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0xEFBE4786); 121| 0| SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x0FC19DC6); 122| 0| SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x240CA1CC); 123| 0| SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x2DE92C6F); 124| 0| SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4A7484AA); 125| 0| SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5CB0A9DC); 126| 0| SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x76F988DA); 127| 0| SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x983E5152); 128| 0| SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA831C66D); 129| 0| SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xB00327C8); 130| 0| SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xBF597FC7); 131| 0| SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xC6E00BF3); 132| 0| SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD5A79147); 133| 0| SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x06CA6351); 134| 0| SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x14292967); 135| | 136| 0| SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x27B70A85); 137| 0| SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x2E1B2138); 138| 0| SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x4D2C6DFC); 139| 0| SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x53380D13); 140| 0| SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x650A7354); 141| 0| SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x766A0ABB); 142| 0| SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x81C2C92E); 143| 0| SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x92722C85); 144| 0| SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xA2BFE8A1); 145| 0| SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA81A664B); 146| 0| SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xC24B8B70); 147| 0| SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xC76C51A3); 148| 0| SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xD192E819); 149| 0| SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD6990624); 150| 0| SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xF40E3585); 151| 0| SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x106AA070); 152| | 153| 0| SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x19A4C116); 154| 0| SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x1E376C08); 155| 0| SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x2748774C); 156| 0| SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x34B0BCB5); 157| 0| SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x391C0CB3); 158| 0| SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4ED8AA4A); 159| 0| SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5B9CCA4F); 160| 0| SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x682E6FF3); 161| 0| SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x748F82EE); 162| 0| SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x78A5636F); 163| 0| SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x84C87814); 164| 0| SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x8CC70208); 165| 0| SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x90BEFFFA); 166| 0| SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xA4506CEB); 167| 0| SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xBEF9A3F7); 168| 0| SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC67178F2); 169| | 170| | // clang-format on 171| | 172| 0| A = (digest[0] += A); 173| 0| B = (digest[1] += B); 174| 0| C = (digest[2] += C); 175| 0| D = (digest[3] += D); 176| 0| E = (digest[4] += E); 177| 0| F = (digest[5] += F); 178| 0| G = (digest[6] += G); 179| 0| H = (digest[7] += H); 180| 0| } 181| 0|} _ZN5Botan7SHA_25610compress_nERNSt3__16vectorIjNS_16secure_allocatorIjEEEENS1_4spanIKhLm18446744073709551615EEEm: 215| 164k|void SHA_256::compress_n(digest_type& digest, std::span input, size_t blocks) { 216| 164k| SHA_256::compress_digest(digest, input, blocks); 217| 164k|} _ZN5Botan7SHA_2564initERNSt3__16vectorIjNS_16secure_allocatorIjEEEE: 219| 123k|void SHA_256::init(digest_type& digest) { 220| 123k| digest.assign({0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19}); 221| 123k|} _ZN5Botan7SHA_2568add_dataENSt3__14spanIKhLm18446744073709551615EEE: 231| 181k|void SHA_256::add_data(std::span input) { 232| 181k| m_md.update(input); 233| 181k|} _ZN5Botan7SHA_25612final_resultENSt3__14spanIhLm18446744073709551615EEE: 235| 78.5k|void SHA_256::final_result(std::span output) { 236| 78.5k| m_md.final(output); 237| 78.5k|} _ZN5Botan7SHA_25619compress_digest_x86ERNSt3__16vectorIjNS_16secure_allocatorIjEEEENS1_4spanIKhLm18446744073709551615EEEm: 58| 164k| size_t blocks) { 59| 164k| alignas(64) static const uint32_t K[] = { 60| 164k| 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, 61| 164k| 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, 62| 164k| 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC, 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, 63| 164k| 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967, 64| 164k| 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, 65| 164k| 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, 66| 164k| 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, 67| 164k| 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2, 68| 164k| }; 69| | 70| 164k| const uint8_t* input = input_span.data(); 71| | 72| 164k| SIMD_4x32 S0 = SIMD_4x32::load_le(&digest[0]); // NOLINT(*container-data-pointer) 73| 164k| SIMD_4x32 S1 = SIMD_4x32::load_le(&digest[4]); 74| | 75| 164k| sha256_permute_state(S0, S1); 76| | 77| 374k| while(blocks > 0) { ------------------ | Branch (77:10): [True: 209k, False: 164k] ------------------ 78| 209k| const auto S0_SAVE = S0; 79| 209k| const auto S1_SAVE = S1; 80| | 81| 209k| auto W0 = SIMD_4x32::load_be(input); 82| 209k| auto W1 = SIMD_4x32::load_be(input + 16); 83| 209k| auto W2 = SIMD_4x32::load_be(input + 32); 84| 209k| auto W3 = SIMD_4x32::load_be(input + 48); 85| | 86| 209k| sha256_rnds4(S0, S1, W0, SIMD_4x32::load_le(&K[0])); 87| 209k| sha256_rnds4(S0, S1, W1, SIMD_4x32::load_le(&K[4])); 88| 209k| sha256_rnds4(S0, S1, W2, SIMD_4x32::load_le(&K[8])); 89| 209k| sha256_rnds4(S0, S1, W3, SIMD_4x32::load_le(&K[12])); 90| | 91| 209k| W0 = SIMD_4x32(_mm_sha256msg1_epu32(W0.raw(), W1.raw())); 92| 209k| W1 = SIMD_4x32(_mm_sha256msg1_epu32(W1.raw(), W2.raw())); 93| | 94| 209k| sha256_msg_exp(W2, W3, W0, W1); 95| | 96| 209k| sha256_rnds4(S0, S1, W0, SIMD_4x32::load_le(&K[4 * 4])); 97| 209k| sha256_rnds4(S0, S1, W1, SIMD_4x32::load_le(&K[4 * 5])); 98| | 99| 209k| sha256_msg_exp(W0, W1, W2, W3); 100| | 101| 209k| sha256_rnds4(S0, S1, W2, SIMD_4x32::load_le(&K[4 * 6])); 102| 209k| sha256_rnds4(S0, S1, W3, SIMD_4x32::load_le(&K[4 * 7])); 103| | 104| 209k| sha256_msg_exp(W2, W3, W0, W1); 105| | 106| 209k| sha256_rnds4(S0, S1, W0, SIMD_4x32::load_le(&K[4 * 8])); 107| 209k| sha256_rnds4(S0, S1, W1, SIMD_4x32::load_le(&K[4 * 9])); 108| | 109| 209k| sha256_msg_exp(W0, W1, W2, W3); 110| | 111| 209k| sha256_rnds4(S0, S1, W2, SIMD_4x32::load_le(&K[4 * 10])); 112| 209k| sha256_rnds4(S0, S1, W3, SIMD_4x32::load_le(&K[4 * 11])); 113| | 114| 209k| sha256_msg_exp(W2, W3, W0, W1); 115| | 116| 209k| sha256_rnds4(S0, S1, W0, SIMD_4x32::load_le(&K[4 * 12])); 117| 209k| sha256_rnds4(S0, S1, W1, SIMD_4x32::load_le(&K[4 * 13])); 118| | 119| 209k| sha256_msg_exp(W0, W1, W2, W3); 120| | 121| 209k| sha256_rnds4(S0, S1, W2, SIMD_4x32::load_le(&K[4 * 14])); 122| 209k| sha256_rnds4(S0, S1, W3, SIMD_4x32::load_le(&K[4 * 15])); 123| | 124| | // Add values back to state 125| 209k| S0 += S0_SAVE; 126| 209k| S1 += S1_SAVE; 127| | 128| 209k| input += 64; 129| 209k| blocks--; 130| 209k| } 131| | 132| 164k| sha256_permute_state(S1, S0); 133| | 134| 164k| S0.store_le(&digest[0]); // NOLINT(*container-data-pointer) 135| 164k| S1.store_le(&digest[4]); 136| 164k|} sha2_32_x86.cpp:_ZN5Botan12_GLOBAL__N_120sha256_permute_stateERNS_9SIMD_4x32ES2_: 43| 329k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_SHANI void sha256_permute_state(SIMD_4x32& S0, SIMD_4x32& S1) { 44| 329k| S0 = SIMD_4x32(_mm_shuffle_epi32(S0.raw(), 0b10110001)); // CDAB 45| 329k| S1 = SIMD_4x32(_mm_shuffle_epi32(S1.raw(), 0b00011011)); // EFGH 46| | 47| 329k| const auto T = SIMD_4x32::alignr8(S0, S1); // ABEF 48| | S1 = SIMD_4x32(_mm_blend_epi16(S1.raw(), S0.raw(), 0xF0)); // CDGH 49| 329k| S0 = T; 50| 329k|} sha2_32_x86.cpp:_ZN5Botan12_GLOBAL__N_112sha256_rnds4ERNS_9SIMD_4x32ES2_RKS1_S4_: 27| 3.35M| const SIMD_4x32& k) { 28| 3.35M| const auto mk = msg + k; 29| 3.35M| S1 = SIMD_4x32(_mm_sha256rnds2_epu32(S1.raw(), S0.raw(), mk.raw())); 30| 3.35M| S0 = SIMD_4x32(_mm_sha256rnds2_epu32(S0.raw(), S1.raw(), mk.shift_elems_right<2>().raw())); 31| 3.35M|} sha2_32_x86.cpp:_ZN5Botan12_GLOBAL__N_114sha256_msg_expERNS_9SIMD_4x32ES2_S2_S2_: 33| 1.25M|BOTAN_FORCE_INLINE BOTAN_FN_ISA_SHANI void sha256_msg_exp(SIMD_4x32& W0, SIMD_4x32& W1, SIMD_4x32& W2, SIMD_4x32& W3) { 34| 1.25M| W2 += SIMD_4x32::alignr4(W1, W0); 35| 1.25M| W0 = SIMD_4x32(_mm_sha256msg1_epu32(W0.raw(), W1.raw())); 36| 1.25M| W2 = SIMD_4x32(_mm_sha256msg2_epu32(W2.raw(), W1.raw())); 37| | 38| 1.25M| W3 += SIMD_4x32::alignr4(W2, W1); 39| 1.25M| W1 = SIMD_4x32(_mm_sha256msg1_epu32(W1.raw(), W2.raw())); 40| 1.25M| W3 = SIMD_4x32(_mm_sha256msg2_epu32(W3.raw(), W2.raw())); 41| 1.25M|} _ZN5Botan7SHA_51215compress_digestERNSt3__16vectorImNS_16secure_allocatorImEEEENS1_4spanIKhLm18446744073709551615EEEm: 56| 12.0k|void SHA_512::compress_digest(digest_type& digest, std::span input, size_t blocks) { 57| 12.0k|#if defined(BOTAN_HAS_SHA2_64_X86) 58| 12.0k| if(CPUID::has(CPUID::Feature::SHA512)) { ------------------ | Branch (58:7): [True: 0, False: 12.0k] ------------------ 59| 0| return compress_digest_x86(digest, input, blocks); 60| 0| } 61| 12.0k|#endif 62| | 63| |#if defined(BOTAN_HAS_SHA2_64_ARMV8) 64| | if(CPUID::has(CPUID::Feature::SHA2_512)) { 65| | return compress_digest_armv8(digest, input, blocks); 66| | } 67| |#endif 68| | 69| 12.0k|#if defined(BOTAN_HAS_SHA2_64_X86_AVX512) 70| 12.0k| if(CPUID::has(CPUID::Feature::AVX512, CPUID::Feature::BMI)) { ------------------ | Branch (70:7): [True: 0, False: 12.0k] ------------------ 71| 0| return compress_digest_x86_avx512(digest, input, blocks); 72| 0| } 73| 12.0k|#endif 74| | 75| 12.0k|#if defined(BOTAN_HAS_SHA2_64_X86_AVX2) 76| 12.0k| if(CPUID::has(CPUID::Feature::AVX2, CPUID::Feature::BMI)) { ------------------ | Branch (76:7): [True: 12.0k, False: 0] ------------------ 77| 12.0k| return compress_digest_x86_avx2(digest, input, blocks); 78| 12.0k| } 79| 0|#endif 80| | 81| 0| uint64_t A = digest[0]; 82| 0| uint64_t B = digest[1]; 83| 0| uint64_t C = digest[2]; 84| 0| uint64_t D = digest[3]; 85| 0| uint64_t E = digest[4]; 86| 0| uint64_t F = digest[5]; 87| 0| uint64_t G = digest[6]; 88| 0| uint64_t H = digest[7]; 89| | 90| 0| std::array W{}; 91| | 92| 0| BufferSlicer in(input); 93| | 94| 0| for(size_t i = 0; i != blocks; ++i) { ------------------ | Branch (94:22): [True: 0, False: 0] ------------------ 95| 0| load_be(W, in.take()); 96| | 97| | // clang-format off 98| | 99| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x428A2F98D728AE22); 100| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x7137449123EF65CD); 101| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0xB5C0FBCFEC4D3B2F); 102| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0xE9B5DBA58189DBBC); 103| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x3956C25BF348B538); 104| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x59F111F1B605D019); 105| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x923F82A4AF194F9B); 106| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0xAB1C5ED5DA6D8118); 107| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xD807AA98A3030242); 108| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x12835B0145706FBE); 109| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x243185BE4EE4B28C); 110| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x550C7DC3D5FFB4E2); 111| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x72BE5D74F27B896F); 112| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0x80DEB1FE3B1696B1); 113| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x9BDC06A725C71235); 114| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC19BF174CF692694); 115| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0xE49B69C19EF14AD2); 116| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0xEFBE4786384F25E3); 117| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x0FC19DC68B8CD5B5); 118| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x240CA1CC77AC9C65); 119| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x2DE92C6F592B0275); 120| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4A7484AA6EA6E483); 121| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5CB0A9DCBD41FBD4); 122| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x76F988DA831153B5); 123| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x983E5152EE66DFAB); 124| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA831C66D2DB43210); 125| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xB00327C898FB213F); 126| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xBF597FC7BEEF0EE4); 127| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xC6E00BF33DA88FC2); 128| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD5A79147930AA725); 129| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x06CA6351E003826F); 130| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x142929670A0E6E70); 131| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x27B70A8546D22FFC); 132| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x2E1B21385C26C926); 133| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x4D2C6DFC5AC42AED); 134| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x53380D139D95B3DF); 135| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x650A73548BAF63DE); 136| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x766A0ABB3C77B2A8); 137| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x81C2C92E47EDAEE6); 138| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x92722C851482353B); 139| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xA2BFE8A14CF10364); 140| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA81A664BBC423001); 141| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xC24B8B70D0F89791); 142| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xC76C51A30654BE30); 143| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xD192E819D6EF5218); 144| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD69906245565A910); 145| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xF40E35855771202A); 146| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x106AA07032BBD1B8); 147| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x19A4C116B8D2D0C8); 148| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x1E376C085141AB53); 149| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x2748774CDF8EEB99); 150| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x34B0BCB5E19B48A8); 151| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x391C0CB3C5C95A63); 152| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4ED8AA4AE3418ACB); 153| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5B9CCA4F7763E373); 154| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x682E6FF3D6B2B8A3); 155| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x748F82EE5DEFB2FC); 156| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x78A5636F43172F60); 157| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x84C87814A1F0AB72); 158| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x8CC702081A6439EC); 159| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x90BEFFFA23631E28); 160| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xA4506CEBDE82BDE9); 161| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xBEF9A3F7B2C67915); 162| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC67178F2E372532B); 163| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0xCA273ECEEA26619C); 164| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0xD186B8C721C0C207); 165| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0xEADA7DD6CDE0EB1E); 166| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0xF57D4F7FEE6ED178); 167| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x06F067AA72176FBA); 168| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x0A637DC5A2C898A6); 169| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x113F9804BEF90DAE); 170| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x1B710B35131C471B); 171| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x28DB77F523047D84); 172| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x32CAAB7B40C72493); 173| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x3C9EBE0A15C9BEBC); 174| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x431D67C49C100D4C); 175| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x4CC5D4BECB3E42B6); 176| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0x597F299CFC657E2A); 177| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x5FCB6FAB3AD6FAEC); 178| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x6C44198C4A475817); 179| | 180| | // clang-format on 181| | 182| 0| A = (digest[0] += A); 183| 0| B = (digest[1] += B); 184| 0| C = (digest[2] += C); 185| 0| D = (digest[3] += D); 186| 0| E = (digest[4] += E); 187| 0| F = (digest[5] += F); 188| 0| G = (digest[6] += G); 189| 0| H = (digest[7] += H); 190| 0| } 191| 0|} _ZN5Botan7SHA_38410compress_nERNSt3__16vectorImNS_16secure_allocatorImEEEENS1_4spanIKhLm18446744073709551615EEEm: 209| 12.0k|void SHA_384::compress_n(digest_type& digest, std::span input, size_t blocks) { 210| 12.0k| SHA_512::compress_digest(digest, input, blocks); 211| 12.0k|} _ZN5Botan7SHA_3844initERNSt3__16vectorImNS_16secure_allocatorImEEEE: 228| 6.31k|void SHA_384::init(digest_type& digest) { 229| 6.31k| digest.assign({0xCBBB9D5DC1059ED8, 230| 6.31k| 0x629A292A367CD507, 231| 6.31k| 0x9159015A3070DD17, 232| 6.31k| 0x152FECD8F70E5939, 233| 6.31k| 0x67332667FFC00B31, 234| 6.31k| 0x8EB44A8768581511, 235| 6.31k| 0xDB0C2E0D64F98FA7, 236| 6.31k| 0x47B5481DBEFA4FA4}); 237| 6.31k|} _ZN5Botan7SHA_3848add_dataENSt3__14spanIKhLm18446744073709551615EEE: 274| 12.9k|void SHA_384::add_data(std::span input) { 275| 12.9k| m_md.update(input); 276| 12.9k|} _ZN5Botan7SHA_38412final_resultENSt3__14spanIhLm18446744073709551615EEE: 286| 5.11k|void SHA_384::final_result(std::span output) { 287| 5.11k| m_md.final(output); 288| 5.11k|} _ZN5Botan7SHA_51224compress_digest_x86_avx2ERNSt3__16vectorImNS_16secure_allocatorImEEEENS1_4spanIKhLm18446744073709551615EEEm: 44| 12.0k| size_t blocks) { 45| | // clang-format off 46| 12.0k| alignas(64) const uint64_t K[80] = { 47| 12.0k| 0x428A2F98D728AE22, 0x7137449123EF65CD, 0xB5C0FBCFEC4D3B2F, 0xE9B5DBA58189DBBC, 48| 12.0k| 0x3956C25BF348B538, 0x59F111F1B605D019, 0x923F82A4AF194F9B, 0xAB1C5ED5DA6D8118, 49| 12.0k| 0xD807AA98A3030242, 0x12835B0145706FBE, 0x243185BE4EE4B28C, 0x550C7DC3D5FFB4E2, 50| 12.0k| 0x72BE5D74F27B896F, 0x80DEB1FE3B1696B1, 0x9BDC06A725C71235, 0xC19BF174CF692694, 51| 12.0k| 0xE49B69C19EF14AD2, 0xEFBE4786384F25E3, 0x0FC19DC68B8CD5B5, 0x240CA1CC77AC9C65, 52| 12.0k| 0x2DE92C6F592B0275, 0x4A7484AA6EA6E483, 0x5CB0A9DCBD41FBD4, 0x76F988DA831153B5, 53| 12.0k| 0x983E5152EE66DFAB, 0xA831C66D2DB43210, 0xB00327C898FB213F, 0xBF597FC7BEEF0EE4, 54| 12.0k| 0xC6E00BF33DA88FC2, 0xD5A79147930AA725, 0x06CA6351E003826F, 0x142929670A0E6E70, 55| 12.0k| 0x27B70A8546D22FFC, 0x2E1B21385C26C926, 0x4D2C6DFC5AC42AED, 0x53380D139D95B3DF, 56| 12.0k| 0x650A73548BAF63DE, 0x766A0ABB3C77B2A8, 0x81C2C92E47EDAEE6, 0x92722C851482353B, 57| 12.0k| 0xA2BFE8A14CF10364, 0xA81A664BBC423001, 0xC24B8B70D0F89791, 0xC76C51A30654BE30, 58| 12.0k| 0xD192E819D6EF5218, 0xD69906245565A910, 0xF40E35855771202A, 0x106AA07032BBD1B8, 59| 12.0k| 0x19A4C116B8D2D0C8, 0x1E376C085141AB53, 0x2748774CDF8EEB99, 0x34B0BCB5E19B48A8, 60| 12.0k| 0x391C0CB3C5C95A63, 0x4ED8AA4AE3418ACB, 0x5B9CCA4F7763E373, 0x682E6FF3D6B2B8A3, 61| 12.0k| 0x748F82EE5DEFB2FC, 0x78A5636F43172F60, 0x84C87814A1F0AB72, 0x8CC702081A6439EC, 62| 12.0k| 0x90BEFFFA23631E28, 0xA4506CEBDE82BDE9, 0xBEF9A3F7B2C67915, 0xC67178F2E372532B, 63| 12.0k| 0xCA273ECEEA26619C, 0xD186B8C721C0C207, 0xEADA7DD6CDE0EB1E, 0xF57D4F7FEE6ED178, 64| 12.0k| 0x06F067AA72176FBA, 0x0A637DC5A2C898A6, 0x113F9804BEF90DAE, 0x1B710B35131C471B, 65| 12.0k| 0x28DB77F523047D84, 0x32CAAB7B40C72493, 0x3C9EBE0A15C9BEBC, 0x431D67C49C100D4C, 66| 12.0k| 0x4CC5D4BECB3E42B6, 0x597F299CFC657E2A, 0x5FCB6FAB3AD6FAEC, 0x6C44198C4A475817, 67| 12.0k| }; 68| | // clang-format on 69| | 70| 12.0k| alignas(64) uint64_t W[16] = {0}; 71| 12.0k| alignas(64) uint64_t W2[80]; 72| | 73| 12.0k| uint64_t A = digest[0]; 74| 12.0k| uint64_t B = digest[1]; 75| 12.0k| uint64_t C = digest[2]; 76| 12.0k| uint64_t D = digest[3]; 77| 12.0k| uint64_t E = digest[4]; 78| 12.0k| uint64_t F = digest[5]; 79| 12.0k| uint64_t G = digest[6]; 80| 12.0k| uint64_t H = digest[7]; 81| | 82| 12.0k| const uint8_t* data = input.data(); 83| | 84| 12.4k| while(blocks >= 2) { ------------------ | Branch (84:10): [True: 373, False: 12.0k] ------------------ 85| 373| SIMD_4x64 WS[8]; 86| | 87| 3.35k| for(size_t i = 0; i < 8; i++) { ------------------ | Branch (87:25): [True: 2.98k, False: 373] ------------------ 88| 2.98k| WS[i] = SIMD_4x64::load_be2(&data[16 * i], &data[128 + 16 * i]); 89| 2.98k| auto WK = WS[i] + SIMD_4x64::broadcast_2x64(&K[2 * i]); 90| 2.98k| WK.store_le2(&W[2 * i], &W2[2 * i]); 91| 2.98k| } 92| | 93| 373| data += 2 * 128; 94| 373| blocks -= 2; 95| | 96| | // First 64 rounds of SHA-512 97| 1.86k| for(size_t r = 0; r != 64; r += 16) { ------------------ | Branch (97:25): [True: 1.49k, False: 373] ------------------ 98| 1.49k| auto w = sha512_next_w(WS) + SIMD_4x64::broadcast_2x64(&K[r + 16]); 99| 1.49k| SHA2_64_F(A, B, C, D, E, F, G, H, W[0]); 100| 1.49k| SHA2_64_F(H, A, B, C, D, E, F, G, W[1]); 101| 1.49k| w.store_le2(&W[0], &W2[r + 16]); 102| | 103| 1.49k| w = sha512_next_w(WS) + SIMD_4x64::broadcast_2x64(&K[r + 18]); 104| 1.49k| SHA2_64_F(G, H, A, B, C, D, E, F, W[2]); 105| 1.49k| SHA2_64_F(F, G, H, A, B, C, D, E, W[3]); 106| 1.49k| w.store_le2(&W[2], &W2[r + 18]); 107| | 108| 1.49k| w = sha512_next_w(WS) + SIMD_4x64::broadcast_2x64(&K[r + 20]); 109| 1.49k| SHA2_64_F(E, F, G, H, A, B, C, D, W[4]); 110| 1.49k| SHA2_64_F(D, E, F, G, H, A, B, C, W[5]); 111| 1.49k| w.store_le2(&W[4], &W2[r + 20]); 112| | 113| 1.49k| w = sha512_next_w(WS) + SIMD_4x64::broadcast_2x64(&K[r + 22]); 114| 1.49k| SHA2_64_F(C, D, E, F, G, H, A, B, W[6]); 115| 1.49k| SHA2_64_F(B, C, D, E, F, G, H, A, W[7]); 116| 1.49k| w.store_le2(&W[6], &W2[r + 22]); 117| | 118| 1.49k| w = sha512_next_w(WS) + SIMD_4x64::broadcast_2x64(&K[r + 24]); 119| 1.49k| SHA2_64_F(A, B, C, D, E, F, G, H, W[8]); 120| 1.49k| SHA2_64_F(H, A, B, C, D, E, F, G, W[9]); 121| 1.49k| w.store_le2(&W[8], &W2[r + 24]); 122| | 123| 1.49k| w = sha512_next_w(WS) + SIMD_4x64::broadcast_2x64(&K[r + 26]); 124| 1.49k| SHA2_64_F(G, H, A, B, C, D, E, F, W[10]); 125| 1.49k| SHA2_64_F(F, G, H, A, B, C, D, E, W[11]); 126| 1.49k| w.store_le2(&W[10], &W2[r + 26]); 127| | 128| 1.49k| w = sha512_next_w(WS) + SIMD_4x64::broadcast_2x64(&K[r + 28]); 129| 1.49k| SHA2_64_F(E, F, G, H, A, B, C, D, W[12]); 130| 1.49k| SHA2_64_F(D, E, F, G, H, A, B, C, W[13]); 131| 1.49k| w.store_le2(&W[12], &W2[r + 28]); 132| | 133| 1.49k| w = sha512_next_w(WS) + SIMD_4x64::broadcast_2x64(&K[r + 30]); 134| 1.49k| SHA2_64_F(C, D, E, F, G, H, A, B, W[14]); 135| 1.49k| SHA2_64_F(B, C, D, E, F, G, H, A, W[15]); 136| 1.49k| w.store_le2(&W[14], &W2[r + 30]); 137| 1.49k| } 138| | 139| | // Final 16 rounds of SHA-512 140| 373| SHA2_64_F(A, B, C, D, E, F, G, H, W[0]); 141| 373| SHA2_64_F(H, A, B, C, D, E, F, G, W[1]); 142| 373| SHA2_64_F(G, H, A, B, C, D, E, F, W[2]); 143| 373| SHA2_64_F(F, G, H, A, B, C, D, E, W[3]); 144| 373| SHA2_64_F(E, F, G, H, A, B, C, D, W[4]); 145| 373| SHA2_64_F(D, E, F, G, H, A, B, C, W[5]); 146| 373| SHA2_64_F(C, D, E, F, G, H, A, B, W[6]); 147| 373| SHA2_64_F(B, C, D, E, F, G, H, A, W[7]); 148| 373| SHA2_64_F(A, B, C, D, E, F, G, H, W[8]); 149| 373| SHA2_64_F(H, A, B, C, D, E, F, G, W[9]); 150| 373| SHA2_64_F(G, H, A, B, C, D, E, F, W[10]); 151| 373| SHA2_64_F(F, G, H, A, B, C, D, E, W[11]); 152| 373| SHA2_64_F(E, F, G, H, A, B, C, D, W[12]); 153| 373| SHA2_64_F(D, E, F, G, H, A, B, C, W[13]); 154| 373| SHA2_64_F(C, D, E, F, G, H, A, B, W[14]); 155| 373| SHA2_64_F(B, C, D, E, F, G, H, A, W[15]); 156| | 157| 373| A = (digest[0] += A); 158| 373| B = (digest[1] += B); 159| 373| C = (digest[2] += C); 160| 373| D = (digest[3] += D); 161| 373| E = (digest[4] += E); 162| 373| F = (digest[5] += F); 163| 373| G = (digest[6] += G); 164| 373| H = (digest[7] += H); 165| | 166| | // Second block of SHA-512 compression, with pre-expanded message 167| 373| SHA2_64_F(A, B, C, D, E, F, G, H, W2[0]); 168| 373| SHA2_64_F(H, A, B, C, D, E, F, G, W2[1]); 169| 373| SHA2_64_F(G, H, A, B, C, D, E, F, W2[2]); 170| 373| SHA2_64_F(F, G, H, A, B, C, D, E, W2[3]); 171| 373| SHA2_64_F(E, F, G, H, A, B, C, D, W2[4]); 172| 373| SHA2_64_F(D, E, F, G, H, A, B, C, W2[5]); 173| 373| SHA2_64_F(C, D, E, F, G, H, A, B, W2[6]); 174| 373| SHA2_64_F(B, C, D, E, F, G, H, A, W2[7]); 175| 373| SHA2_64_F(A, B, C, D, E, F, G, H, W2[8]); 176| 373| SHA2_64_F(H, A, B, C, D, E, F, G, W2[9]); 177| 373| SHA2_64_F(G, H, A, B, C, D, E, F, W2[10]); 178| 373| SHA2_64_F(F, G, H, A, B, C, D, E, W2[11]); 179| 373| SHA2_64_F(E, F, G, H, A, B, C, D, W2[12]); 180| 373| SHA2_64_F(D, E, F, G, H, A, B, C, W2[13]); 181| 373| SHA2_64_F(C, D, E, F, G, H, A, B, W2[14]); 182| 373| SHA2_64_F(B, C, D, E, F, G, H, A, W2[15]); 183| | 184| 373| SHA2_64_F(A, B, C, D, E, F, G, H, W2[16]); 185| 373| SHA2_64_F(H, A, B, C, D, E, F, G, W2[17]); 186| 373| SHA2_64_F(G, H, A, B, C, D, E, F, W2[18]); 187| 373| SHA2_64_F(F, G, H, A, B, C, D, E, W2[19]); 188| 373| SHA2_64_F(E, F, G, H, A, B, C, D, W2[20]); 189| 373| SHA2_64_F(D, E, F, G, H, A, B, C, W2[21]); 190| 373| SHA2_64_F(C, D, E, F, G, H, A, B, W2[22]); 191| 373| SHA2_64_F(B, C, D, E, F, G, H, A, W2[23]); 192| 373| SHA2_64_F(A, B, C, D, E, F, G, H, W2[24]); 193| 373| SHA2_64_F(H, A, B, C, D, E, F, G, W2[25]); 194| 373| SHA2_64_F(G, H, A, B, C, D, E, F, W2[26]); 195| 373| SHA2_64_F(F, G, H, A, B, C, D, E, W2[27]); 196| 373| SHA2_64_F(E, F, G, H, A, B, C, D, W2[28]); 197| 373| SHA2_64_F(D, E, F, G, H, A, B, C, W2[29]); 198| 373| SHA2_64_F(C, D, E, F, G, H, A, B, W2[30]); 199| 373| SHA2_64_F(B, C, D, E, F, G, H, A, W2[31]); 200| | 201| 373| SHA2_64_F(A, B, C, D, E, F, G, H, W2[32]); 202| 373| SHA2_64_F(H, A, B, C, D, E, F, G, W2[33]); 203| 373| SHA2_64_F(G, H, A, B, C, D, E, F, W2[34]); 204| 373| SHA2_64_F(F, G, H, A, B, C, D, E, W2[35]); 205| 373| SHA2_64_F(E, F, G, H, A, B, C, D, W2[36]); 206| 373| SHA2_64_F(D, E, F, G, H, A, B, C, W2[37]); 207| 373| SHA2_64_F(C, D, E, F, G, H, A, B, W2[38]); 208| 373| SHA2_64_F(B, C, D, E, F, G, H, A, W2[39]); 209| 373| SHA2_64_F(A, B, C, D, E, F, G, H, W2[40]); 210| 373| SHA2_64_F(H, A, B, C, D, E, F, G, W2[41]); 211| 373| SHA2_64_F(G, H, A, B, C, D, E, F, W2[42]); 212| 373| SHA2_64_F(F, G, H, A, B, C, D, E, W2[43]); 213| 373| SHA2_64_F(E, F, G, H, A, B, C, D, W2[44]); 214| 373| SHA2_64_F(D, E, F, G, H, A, B, C, W2[45]); 215| 373| SHA2_64_F(C, D, E, F, G, H, A, B, W2[46]); 216| 373| SHA2_64_F(B, C, D, E, F, G, H, A, W2[47]); 217| | 218| 373| SHA2_64_F(A, B, C, D, E, F, G, H, W2[48]); 219| 373| SHA2_64_F(H, A, B, C, D, E, F, G, W2[49]); 220| 373| SHA2_64_F(G, H, A, B, C, D, E, F, W2[50]); 221| 373| SHA2_64_F(F, G, H, A, B, C, D, E, W2[51]); 222| 373| SHA2_64_F(E, F, G, H, A, B, C, D, W2[52]); 223| 373| SHA2_64_F(D, E, F, G, H, A, B, C, W2[53]); 224| 373| SHA2_64_F(C, D, E, F, G, H, A, B, W2[54]); 225| 373| SHA2_64_F(B, C, D, E, F, G, H, A, W2[55]); 226| 373| SHA2_64_F(A, B, C, D, E, F, G, H, W2[56]); 227| 373| SHA2_64_F(H, A, B, C, D, E, F, G, W2[57]); 228| 373| SHA2_64_F(G, H, A, B, C, D, E, F, W2[58]); 229| 373| SHA2_64_F(F, G, H, A, B, C, D, E, W2[59]); 230| 373| SHA2_64_F(E, F, G, H, A, B, C, D, W2[60]); 231| 373| SHA2_64_F(D, E, F, G, H, A, B, C, W2[61]); 232| 373| SHA2_64_F(C, D, E, F, G, H, A, B, W2[62]); 233| 373| SHA2_64_F(B, C, D, E, F, G, H, A, W2[63]); 234| | 235| 373| SHA2_64_F(A, B, C, D, E, F, G, H, W2[64]); 236| 373| SHA2_64_F(H, A, B, C, D, E, F, G, W2[65]); 237| 373| SHA2_64_F(G, H, A, B, C, D, E, F, W2[66]); 238| 373| SHA2_64_F(F, G, H, A, B, C, D, E, W2[67]); 239| 373| SHA2_64_F(E, F, G, H, A, B, C, D, W2[68]); 240| 373| SHA2_64_F(D, E, F, G, H, A, B, C, W2[69]); 241| 373| SHA2_64_F(C, D, E, F, G, H, A, B, W2[70]); 242| 373| SHA2_64_F(B, C, D, E, F, G, H, A, W2[71]); 243| 373| SHA2_64_F(A, B, C, D, E, F, G, H, W2[72]); 244| 373| SHA2_64_F(H, A, B, C, D, E, F, G, W2[73]); 245| 373| SHA2_64_F(G, H, A, B, C, D, E, F, W2[74]); 246| 373| SHA2_64_F(F, G, H, A, B, C, D, E, W2[75]); 247| 373| SHA2_64_F(E, F, G, H, A, B, C, D, W2[76]); 248| 373| SHA2_64_F(D, E, F, G, H, A, B, C, W2[77]); 249| 373| SHA2_64_F(C, D, E, F, G, H, A, B, W2[78]); 250| 373| SHA2_64_F(B, C, D, E, F, G, H, A, W2[79]); 251| | 252| 373| A = (digest[0] += A); 253| 373| B = (digest[1] += B); 254| 373| C = (digest[2] += C); 255| 373| D = (digest[3] += D); 256| 373| E = (digest[4] += E); 257| 373| F = (digest[5] += F); 258| 373| G = (digest[6] += G); 259| 373| H = (digest[7] += H); 260| 373| } 261| | 262| 23.8k| while(blocks > 0) { ------------------ | Branch (262:10): [True: 11.7k, False: 12.0k] ------------------ 263| 11.7k| SIMD_2x64 WS[8]; 264| | 265| 105k| for(size_t i = 0; i < 8; i++) { ------------------ | Branch (265:25): [True: 94.1k, False: 11.7k] ------------------ 266| 94.1k| WS[i] = SIMD_2x64::load_be(&data[16 * i]); 267| 94.1k| auto WK = WS[i] + SIMD_2x64::load_le(&K[2 * i]); 268| 94.1k| WK.store_le(&W[2 * i]); 269| 94.1k| } 270| | 271| 11.7k| data += 128; 272| 11.7k| blocks -= 1; 273| | 274| | // First 64 rounds of SHA-512 275| 58.8k| for(size_t r = 0; r != 64; r += 16) { ------------------ | Branch (275:25): [True: 47.0k, False: 11.7k] ------------------ 276| 47.0k| auto w = sha512_next_w(WS) + SIMD_2x64::load_le(&K[r + 16]); 277| 47.0k| SHA2_64_F(A, B, C, D, E, F, G, H, W[0]); 278| 47.0k| SHA2_64_F(H, A, B, C, D, E, F, G, W[1]); 279| 47.0k| w.store_le(&W[0]); 280| | 281| 47.0k| w = sha512_next_w(WS) + SIMD_2x64::load_le(&K[r + 18]); 282| 47.0k| SHA2_64_F(G, H, A, B, C, D, E, F, W[2]); 283| 47.0k| SHA2_64_F(F, G, H, A, B, C, D, E, W[3]); 284| 47.0k| w.store_le(&W[2]); 285| | 286| 47.0k| w = sha512_next_w(WS) + SIMD_2x64::load_le(&K[r + 20]); 287| 47.0k| SHA2_64_F(E, F, G, H, A, B, C, D, W[4]); 288| 47.0k| SHA2_64_F(D, E, F, G, H, A, B, C, W[5]); 289| 47.0k| w.store_le(&W[4]); 290| | 291| 47.0k| w = sha512_next_w(WS) + SIMD_2x64::load_le(&K[r + 22]); 292| 47.0k| SHA2_64_F(C, D, E, F, G, H, A, B, W[6]); 293| 47.0k| SHA2_64_F(B, C, D, E, F, G, H, A, W[7]); 294| 47.0k| w.store_le(&W[6]); 295| | 296| 47.0k| w = sha512_next_w(WS) + SIMD_2x64::load_le(&K[r + 24]); 297| 47.0k| SHA2_64_F(A, B, C, D, E, F, G, H, W[8]); 298| 47.0k| SHA2_64_F(H, A, B, C, D, E, F, G, W[9]); 299| 47.0k| w.store_le(&W[8]); 300| | 301| 47.0k| w = sha512_next_w(WS) + SIMD_2x64::load_le(&K[r + 26]); 302| 47.0k| SHA2_64_F(G, H, A, B, C, D, E, F, W[10]); 303| 47.0k| SHA2_64_F(F, G, H, A, B, C, D, E, W[11]); 304| 47.0k| w.store_le(&W[10]); 305| | 306| 47.0k| w = sha512_next_w(WS) + SIMD_2x64::load_le(&K[r + 28]); 307| 47.0k| SHA2_64_F(E, F, G, H, A, B, C, D, W[12]); 308| 47.0k| SHA2_64_F(D, E, F, G, H, A, B, C, W[13]); 309| 47.0k| w.store_le(&W[12]); 310| | 311| 47.0k| w = sha512_next_w(WS) + SIMD_2x64::load_le(&K[r + 30]); 312| 47.0k| SHA2_64_F(C, D, E, F, G, H, A, B, W[14]); 313| 47.0k| SHA2_64_F(B, C, D, E, F, G, H, A, W[15]); 314| 47.0k| w.store_le(&W[14]); 315| 47.0k| } 316| | 317| | // Final 16 rounds of SHA-512 318| 11.7k| SHA2_64_F(A, B, C, D, E, F, G, H, W[0]); 319| 11.7k| SHA2_64_F(H, A, B, C, D, E, F, G, W[1]); 320| 11.7k| SHA2_64_F(G, H, A, B, C, D, E, F, W[2]); 321| 11.7k| SHA2_64_F(F, G, H, A, B, C, D, E, W[3]); 322| 11.7k| SHA2_64_F(E, F, G, H, A, B, C, D, W[4]); 323| 11.7k| SHA2_64_F(D, E, F, G, H, A, B, C, W[5]); 324| 11.7k| SHA2_64_F(C, D, E, F, G, H, A, B, W[6]); 325| 11.7k| SHA2_64_F(B, C, D, E, F, G, H, A, W[7]); 326| 11.7k| SHA2_64_F(A, B, C, D, E, F, G, H, W[8]); 327| 11.7k| SHA2_64_F(H, A, B, C, D, E, F, G, W[9]); 328| 11.7k| SHA2_64_F(G, H, A, B, C, D, E, F, W[10]); 329| 11.7k| SHA2_64_F(F, G, H, A, B, C, D, E, W[11]); 330| 11.7k| SHA2_64_F(E, F, G, H, A, B, C, D, W[12]); 331| 11.7k| SHA2_64_F(D, E, F, G, H, A, B, C, W[13]); 332| 11.7k| SHA2_64_F(C, D, E, F, G, H, A, B, W[14]); 333| 11.7k| SHA2_64_F(B, C, D, E, F, G, H, A, W[15]); 334| | 335| 11.7k| A = (digest[0] += A); 336| 11.7k| B = (digest[1] += B); 337| 11.7k| C = (digest[2] += C); 338| 11.7k| D = (digest[3] += D); 339| 11.7k| E = (digest[4] += E); 340| 11.7k| F = (digest[5] += F); 341| 11.7k| G = (digest[6] += G); 342| 11.7k| H = (digest[7] += H); 343| 11.7k| } 344| 12.0k|} sha2_64_avx2.cpp:_ZN5Botan12_GLOBAL__N_113sha512_next_wINS_9SIMD_4x64EEET_PS3_: 19| 11.9k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_AVX2_BMI2 SIMD_T sha512_next_w(SIMD_T x[8]) { 20| 11.9k| auto t0 = SIMD_T::alignr8(x[1], x[0]); 21| 11.9k| auto t1 = SIMD_T::alignr8(x[5], x[4]); 22| | 23| 11.9k| auto s0 = t0.template rotr<1>() ^ t0.template rotr<8>() ^ t0.template shr<7>(); 24| 11.9k| auto s1 = x[7].template rotr<19>() ^ x[7].template rotr<61>() ^ x[7].template shr<6>(); 25| | 26| 11.9k| auto nx = x[0] + s0 + s1 + t1; 27| | 28| 11.9k| x[0] = x[1]; 29| 11.9k| x[1] = x[2]; 30| 11.9k| x[2] = x[3]; 31| 11.9k| x[3] = x[4]; 32| 11.9k| x[4] = x[5]; 33| 11.9k| x[5] = x[6]; 34| 11.9k| x[6] = x[7]; 35| 11.9k| x[7] = nx; 36| | 37| 11.9k| return x[7]; 38| 11.9k|} sha2_64_avx2.cpp:_ZN5Botan12_GLOBAL__N_113sha512_next_wINS_9SIMD_2x64EEET_PS3_: 19| 376k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_AVX2_BMI2 SIMD_T sha512_next_w(SIMD_T x[8]) { 20| 376k| auto t0 = SIMD_T::alignr8(x[1], x[0]); 21| 376k| auto t1 = SIMD_T::alignr8(x[5], x[4]); 22| | 23| 376k| auto s0 = t0.template rotr<1>() ^ t0.template rotr<8>() ^ t0.template shr<7>(); 24| 376k| auto s1 = x[7].template rotr<19>() ^ x[7].template rotr<61>() ^ x[7].template shr<6>(); 25| | 26| 376k| auto nx = x[0] + s0 + s1 + t1; 27| | 28| 376k| x[0] = x[1]; 29| 376k| x[1] = x[2]; 30| 376k| x[2] = x[3]; 31| 376k| x[3] = x[4]; 32| 376k| x[4] = x[5]; 33| 376k| x[5] = x[6]; 34| 376k| x[6] = x[7]; 35| 376k| x[7] = nx; 36| | 37| 376k| return x[7]; 38| 376k|} _ZN5Botan3KDF6createENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 73| 1.55k|std::unique_ptr KDF::create(std::string_view algo_spec, std::string_view provider) { 74| 1.55k| const SCAN_Name req(algo_spec); 75| | 76| 1.55k|#if defined(BOTAN_HAS_HKDF) 77| 1.55k| if(req.algo_name() == "HKDF" && req.arg_count() == 1) { ------------------ | Branch (77:7): [True: 0, False: 1.55k] | Branch (77:36): [True: 0, False: 0] ------------------ 78| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (78:10): [True: 0, False: 0] | Branch (78:30): [True: 0, False: 0] ------------------ 79| 0| return kdf_create_mac_or_hash(req.arg(0)); 80| 0| } 81| 0| } 82| | 83| 1.55k| if(req.algo_name() == "HKDF-Extract" && req.arg_count() == 1) { ------------------ | Branch (83:7): [True: 0, False: 1.55k] | Branch (83:44): [True: 0, False: 0] ------------------ 84| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (84:10): [True: 0, False: 0] | Branch (84:30): [True: 0, False: 0] ------------------ 85| 0| return kdf_create_mac_or_hash(req.arg(0)); 86| 0| } 87| 0| } 88| | 89| 1.55k| if(req.algo_name() == "HKDF-Expand" && req.arg_count() == 1) { ------------------ | Branch (89:7): [True: 0, False: 1.55k] | Branch (89:43): [True: 0, False: 0] ------------------ 90| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (90:10): [True: 0, False: 0] | Branch (90:30): [True: 0, False: 0] ------------------ 91| 0| return kdf_create_mac_or_hash(req.arg(0)); 92| 0| } 93| 0| } 94| 1.55k|#endif 95| | 96| 1.55k|#if defined(BOTAN_HAS_KDF2) 97| 1.55k| if(req.algo_name() == "KDF2" && req.arg_count() == 1) { ------------------ | Branch (97:7): [True: 0, False: 1.55k] | Branch (97:36): [True: 0, False: 0] ------------------ 98| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (98:10): [True: 0, False: 0] | Branch (98:30): [True: 0, False: 0] ------------------ 99| 0| if(auto hash = HashFunction::create(req.arg(0))) { ------------------ | Branch (99:18): [True: 0, False: 0] ------------------ 100| 0| return std::make_unique(std::move(hash)); 101| 0| } 102| 0| } 103| 0| } 104| 1.55k|#endif 105| | 106| 1.55k|#if defined(BOTAN_HAS_KDF1_18033) 107| 1.55k| if(req.algo_name() == "KDF1-18033" && req.arg_count() == 1) { ------------------ | Branch (107:7): [True: 0, False: 1.55k] | Branch (107:42): [True: 0, False: 0] ------------------ 108| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (108:10): [True: 0, False: 0] | Branch (108:30): [True: 0, False: 0] ------------------ 109| 0| if(auto hash = HashFunction::create(req.arg(0))) { ------------------ | Branch (109:18): [True: 0, False: 0] ------------------ 110| 0| return std::make_unique(std::move(hash)); 111| 0| } 112| 0| } 113| 0| } 114| 1.55k|#endif 115| | 116| 1.55k|#if defined(BOTAN_HAS_KDF1) 117| 1.55k| if(req.algo_name() == "KDF1" && req.arg_count() == 1) { ------------------ | Branch (117:7): [True: 0, False: 1.55k] | Branch (117:36): [True: 0, False: 0] ------------------ 118| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (118:10): [True: 0, False: 0] | Branch (118:30): [True: 0, False: 0] ------------------ 119| 0| if(auto hash = HashFunction::create(req.arg(0))) { ------------------ | Branch (119:18): [True: 0, False: 0] ------------------ 120| 0| return std::make_unique(std::move(hash)); 121| 0| } 122| 0| } 123| 0| } 124| 1.55k|#endif 125| | 126| 1.55k|#if defined(BOTAN_HAS_TLS_V12_PRF) 127| 1.55k| if(req.algo_name() == "TLS-12-PRF" && req.arg_count() == 1) { ------------------ | Branch (127:7): [True: 1.55k, False: 0] | Branch (127:42): [True: 1.55k, False: 0] ------------------ 128| 1.55k| if(provider.empty() || provider == "base") { ------------------ | Branch (128:10): [True: 1.55k, False: 0] | Branch (128:30): [True: 0, False: 0] ------------------ 129| 1.55k| return kdf_create_mac_or_hash(req.arg(0)); 130| 1.55k| } 131| 1.55k| } 132| 0|#endif 133| | 134| 0|#if defined(BOTAN_HAS_X942_PRF) 135| 0| if(req.algo_name() == "X9.42-PRF" && req.arg_count() == 1) { ------------------ | Branch (135:7): [True: 0, False: 0] | Branch (135:41): [True: 0, False: 0] ------------------ 136| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (136:10): [True: 0, False: 0] | Branch (136:30): [True: 0, False: 0] ------------------ 137| 0| return std::make_unique(req.arg(0)); 138| 0| } 139| 0| } 140| 0|#endif 141| | 142| 0|#if defined(BOTAN_HAS_SP800_108) 143| 0| if(req.algo_name() == "SP800-108-Counter" && req.arg_count_between(1, 3)) { ------------------ | Branch (143:7): [True: 0, False: 0] | Branch (143:49): [True: 0, False: 0] ------------------ 144| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (144:10): [True: 0, False: 0] | Branch (144:30): [True: 0, False: 0] ------------------ 145| 0| return kdf_create_mac_or_hash( 146| 0| req.arg(0), req.arg_as_integer(1, 32), req.arg_as_integer(2, 32)); 147| 0| } 148| 0| } 149| | 150| 0| if(req.algo_name() == "SP800-108-Feedback" && req.arg_count_between(1, 3)) { ------------------ | Branch (150:7): [True: 0, False: 0] | Branch (150:50): [True: 0, False: 0] ------------------ 151| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (151:10): [True: 0, False: 0] | Branch (151:30): [True: 0, False: 0] ------------------ 152| 0| return kdf_create_mac_or_hash( 153| 0| req.arg(0), req.arg_as_integer(1, 32), req.arg_as_integer(2, 32)); 154| 0| } 155| 0| } 156| | 157| 0| if(req.algo_name() == "SP800-108-Pipeline" && req.arg_count_between(1, 3)) { ------------------ | Branch (157:7): [True: 0, False: 0] | Branch (157:50): [True: 0, False: 0] ------------------ 158| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (158:10): [True: 0, False: 0] | Branch (158:30): [True: 0, False: 0] ------------------ 159| 0| return kdf_create_mac_or_hash( 160| 0| req.arg(0), req.arg_as_integer(1, 32), req.arg_as_integer(2, 32)); 161| 0| } 162| 0| } 163| 0|#endif 164| | 165| 0|#if defined(BOTAN_HAS_SP800_56A) 166| 0| if(req.algo_name() == "SP800-56A" && req.arg_count() == 1) { ------------------ | Branch (166:7): [True: 0, False: 0] | Branch (166:41): [True: 0, False: 0] ------------------ 167| 0| if(auto hash = HashFunction::create(req.arg(0))) { ------------------ | Branch (167:15): [True: 0, False: 0] ------------------ 168| 0| return std::make_unique(std::move(hash)); 169| 0| } 170| 0| if(req.arg(0) == "KMAC-128") { ------------------ | Branch (170:10): [True: 0, False: 0] ------------------ 171| 0| return std::make_unique(); 172| 0| } 173| 0| if(req.arg(0) == "KMAC-256") { ------------------ | Branch (173:10): [True: 0, False: 0] ------------------ 174| 0| return std::make_unique(); 175| 0| } 176| 0| if(auto mac = MessageAuthenticationCode::create(req.arg(0))) { ------------------ | Branch (176:15): [True: 0, False: 0] ------------------ 177| 0| return std::make_unique(std::move(mac)); 178| 0| } 179| 0| } 180| 0|#endif 181| | 182| 0|#if defined(BOTAN_HAS_SP800_56C) 183| 0| if(req.algo_name() == "SP800-56C" && req.arg_count() == 1) { ------------------ | Branch (183:7): [True: 0, False: 0] | Branch (183:41): [True: 0, False: 0] ------------------ 184| 0| std::unique_ptr exp(kdf_create_mac_or_hash(req.arg(0), 32, 32)); 185| 0| if(exp) { ------------------ | Branch (185:10): [True: 0, False: 0] ------------------ 186| 0| if(auto mac = MessageAuthenticationCode::create(req.arg(0))) { ------------------ | Branch (186:18): [True: 0, False: 0] ------------------ 187| 0| return std::make_unique(std::move(mac), std::move(exp)); 188| 0| } 189| | 190| 0| if(auto mac = MessageAuthenticationCode::create(fmt("HMAC({})", req.arg(0)))) { ------------------ | Branch (190:18): [True: 0, False: 0] ------------------ 191| 0| return std::make_unique(std::move(mac), std::move(exp)); 192| 0| } 193| 0| } 194| 0| } 195| 0|#endif 196| | 197| 0| BOTAN_UNUSED(req); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 198| 0| BOTAN_UNUSED(provider); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 199| | 200| 0| return nullptr; 201| 0|} _ZN5Botan3KDF15create_or_throwENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 204| 1.55k|std::unique_ptr KDF::create_or_throw(std::string_view algo, std::string_view provider) { 205| 1.55k| if(auto kdf = KDF::create(algo, provider)) { ------------------ | Branch (205:12): [True: 1.55k, False: 0] ------------------ 206| 1.55k| return kdf; 207| 1.55k| } 208| 0| throw Lookup_Error("KDF", algo, provider); 209| 1.55k|} kdf.cpp:_ZN5Botan12_GLOBAL__N_122kdf_create_mac_or_hashINS_10TLS_12_PRFEJEEENSt3__110unique_ptrINS_3KDFENS3_14default_deleteIS5_EEEENS3_17basic_string_viewIcNS3_11char_traitsIcEEEEDpOT0_: 59| 1.55k|std::unique_ptr kdf_create_mac_or_hash(std::string_view nm, ParamTs&&... params) { 60| 1.55k| if(auto mac = MessageAuthenticationCode::create(fmt("HMAC({})", nm))) { ------------------ | Branch (60:12): [True: 1.55k, False: 0] ------------------ 61| 1.55k| return std::make_unique(std::move(mac), std::forward(params)...); 62| 1.55k| } 63| | 64| 0| if(auto mac = MessageAuthenticationCode::create(nm)) { ------------------ | Branch (64:12): [True: 0, False: 0] ------------------ 65| 0| return std::make_unique(std::move(mac), std::forward(params)...); 66| 0| } 67| | 68| 0| return nullptr; 69| 0|} _ZNK5Botan10TLS_12_PRF11perform_kdfENSt3__14spanIhLm18446744073709551615EEENS2_IKhLm18446744073709551615EEES5_S5_: 25| 2.91k| std::span label) const { 26| 2.91k| try { 27| 2.91k| m_mac->set_key(secret); 28| 2.91k| } catch(Invalid_Key_Length&) { 29| 0| throw Internal_Error(fmt("The premaster secret of {} bytes is too long for TLS-PRF", secret.size())); 30| 0| } 31| | 32| 2.91k| auto A = concat>(label, salt); 33| 2.91k| secure_vector h; 34| | 35| 2.91k| BufferStuffer o(key); 36| 9.96k| while(!o.full()) { ------------------ | Branch (36:10): [True: 7.05k, False: 2.91k] ------------------ 37| 7.05k| A = m_mac->process(A); 38| | 39| 7.05k| m_mac->update(A); 40| 7.05k| m_mac->update(label); 41| 7.05k| m_mac->update(salt); 42| 7.05k| m_mac->final(h); 43| | 44| 7.05k| const size_t writing = std::min(h.size(), o.remaining_capacity()); 45| 7.05k| xor_buf(o.next(writing), std::span{h}.first(writing)); 46| 7.05k| } 47| 2.91k|} _ZN5Botan4HMAC8add_dataENSt3__14spanIKhLm18446744073709551615EEE: 20| 65.3k|void HMAC::add_data(std::span input) { 21| 65.3k| assert_key_material_set(); 22| 65.3k| m_hash->update(input); 23| 65.3k|} _ZN5Botan4HMAC12final_resultENSt3__14spanIhLm18446744073709551615EEE: 28| 23.4k|void HMAC::final_result(std::span mac) { 29| 23.4k| assert_key_material_set(); 30| 23.4k| m_hash->final(mac); 31| 23.4k| m_hash->update(m_okey); 32| 23.4k| m_hash->update(mac.first(m_hash_output_length)); 33| 23.4k| m_hash->final(mac); 34| 23.4k| m_hash->update(m_ikey); 35| 23.4k|} _ZNK5Botan4HMAC8key_specEv: 37| 12.5k|Key_Length_Specification HMAC::key_spec() const { 38| | // Support very long lengths for things like PBKDF2 and the TLS PRF 39| 12.5k| return Key_Length_Specification(0, 8192); 40| 12.5k|} _ZNK5Botan4HMAC13output_lengthEv: 42| 32.8k|size_t HMAC::output_length() const { 43| 32.8k| return m_hash_output_length; 44| 32.8k|} _ZNK5Botan4HMAC19has_keying_materialEv: 46| 88.8k|bool HMAC::has_keying_material() const { 47| 88.8k| return !m_okey.empty(); 48| 88.8k|} _ZN5Botan4HMAC12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 53| 12.2k|void HMAC::key_schedule(std::span key) { 54| 12.2k| const uint8_t ipad = 0x36; 55| 12.2k| const uint8_t opad = 0x5C; 56| | 57| 12.2k| m_hash->clear(); 58| | 59| 12.2k| m_ikey.resize(m_hash_block_size); 60| 12.2k| m_okey.resize(m_hash_block_size); 61| | 62| 12.2k| clear_mem(m_ikey.data(), m_ikey.size()); 63| 12.2k| clear_mem(m_okey.data(), m_okey.size()); 64| | 65| | /* 66| | * Sometimes the HMAC key length itself is sensitive, as with PBKDF2 where it 67| | * reveals the length of the passphrase. Make some attempt to hide this to 68| | * side channels. Clearly if the secret is longer than the block size then the 69| | * branch to hash first reveals that. In addition, counting the number of 70| | * compression functions executed reveals the size at the granularity of the 71| | * hash function's block size. 72| | * 73| | * The greater concern is for smaller keys; being able to detect when a 74| | * passphrase is say 4 bytes may assist choosing weaker targets. Even though 75| | * the loop bounds are constant, we can only actually read key[0..length] so 76| | * it doesn't seem possible to make this computation truly constant time. 77| | * 78| | * We don't mind leaking if the length is exactly zero since that's 79| | * trivial to simply check. 80| | */ 81| | 82| 12.2k| if(key.size() > m_hash_block_size) { ------------------ | Branch (82:7): [True: 449, False: 11.8k] ------------------ 83| 449| m_hash->update(key); 84| 449| m_hash->final(m_ikey.data()); 85| 11.8k| } else if(key.size() >= 20) { ------------------ | Branch (85:14): [True: 2.69k, False: 9.14k] ------------------ 86| | // For long keys we just leak the length either it is a cryptovariable 87| | // or a long enough password that just the length is not a useful signal 88| 2.69k| copy_mem(std::span{m_ikey}.first(key.size()), key); 89| 9.14k| } else if(!key.empty()) { ------------------ | Branch (89:14): [True: 9.14k, False: 0] ------------------ 90| 594k| for(size_t i = 0, i_mod_length = 0; i != m_hash_block_size; ++i) { ------------------ | Branch (90:43): [True: 585k, False: 9.14k] ------------------ 91| | /* 92| | access key[i % length] but avoiding division due to variable 93| | time computation on some processors. 94| | */ 95| 585k| auto needs_reduction = CT::Mask::is_lte(key.size(), i_mod_length); 96| 585k| i_mod_length = needs_reduction.select(0, i_mod_length); 97| 585k| const uint8_t kb = key[i_mod_length]; 98| | 99| 585k| auto in_range = CT::Mask::is_lt(i, key.size()); 100| 585k| m_ikey[i] = static_cast(in_range.if_set_return(kb)); 101| 585k| i_mod_length += 1; 102| 585k| } 103| 9.14k| } 104| | 105| 836k| for(size_t i = 0; i != m_hash_block_size; ++i) { ------------------ | Branch (105:22): [True: 824k, False: 12.2k] ------------------ 106| 824k| m_ikey[i] ^= ipad; 107| 824k| m_okey[i] = m_ikey[i] ^ ipad ^ opad; 108| 824k| } 109| | 110| 12.2k| m_hash->update(m_ikey); 111| 12.2k|} _ZNK5Botan4HMAC4nameEv: 125| 333|std::string HMAC::name() const { 126| 333| return fmt("HMAC({})", m_hash->name()); 127| 333|} _ZN5Botan4HMACC2ENSt3__110unique_ptrINS_12HashFunctionENS1_14default_deleteIS3_EEEE: 140| 10.9k| m_hash(std::move(hash)), 141| 10.9k| m_hash_output_length(m_hash->output_length()), 142| 10.9k| m_hash_block_size(m_hash->hash_block_size()) { 143| 10.9k| BOTAN_ARG_CHECK(m_hash_block_size >= m_hash_output_length, "HMAC is not compatible with this hash function"); ------------------ | | 35| 10.9k| do { \ | | 36| 10.9k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 10.9k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 10.9k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 10.9k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 10.9k] | | ------------------ ------------------ 144| 10.9k|} _ZN5Botan25MessageAuthenticationCode6createENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 51| 10.9k| std::string_view provider) { 52| 10.9k| const SCAN_Name req(algo_spec); 53| | 54| 10.9k|#if defined(BOTAN_HAS_BLAKE2BMAC) 55| 10.9k| if(req.algo_name() == "Blake2b" || req.algo_name() == "BLAKE2b") { ------------------ | Branch (55:7): [True: 0, False: 10.9k] | Branch (55:39): [True: 0, False: 10.9k] ------------------ 56| 0| return std::make_unique(req.arg_as_integer(0, 512)); 57| 0| } 58| 10.9k|#endif 59| | 60| 10.9k|#if defined(BOTAN_HAS_GMAC) 61| 10.9k| if(req.algo_name() == "GMAC" && req.arg_count() == 1) { ------------------ | Branch (61:7): [True: 0, False: 10.9k] | Branch (61:36): [True: 0, False: 0] ------------------ 62| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (62:10): [True: 0, False: 0] | Branch (62:30): [True: 0, False: 0] ------------------ 63| 0| if(auto bc = BlockCipher::create(req.arg(0))) { ------------------ | Branch (63:18): [True: 0, False: 0] ------------------ 64| 0| return std::make_unique(std::move(bc)); 65| 0| } 66| 0| } 67| 0| } 68| 10.9k|#endif 69| | 70| 10.9k|#if defined(BOTAN_HAS_HMAC) 71| 10.9k| if(req.algo_name() == "HMAC" && req.arg_count() == 1) { ------------------ | Branch (71:7): [True: 10.9k, False: 0] | Branch (71:36): [True: 10.9k, False: 0] ------------------ 72| 10.9k| if(provider.empty() || provider == "base") { ------------------ | Branch (72:10): [True: 10.9k, False: 0] | Branch (72:30): [True: 0, False: 0] ------------------ 73| 10.9k| if(auto hash = HashFunction::create(req.arg(0))) { ------------------ | Branch (73:18): [True: 10.9k, False: 0] ------------------ 74| 10.9k| return std::make_unique(std::move(hash)); 75| 10.9k| } 76| 10.9k| } 77| 10.9k| } 78| 0|#endif 79| | 80| 0|#if defined(BOTAN_HAS_POLY1305) 81| 0| if(req.algo_name() == "Poly1305" && req.arg_count() == 0) { ------------------ | Branch (81:7): [True: 0, False: 0] | Branch (81:40): [True: 0, False: 0] ------------------ 82| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (82:10): [True: 0, False: 0] | Branch (82:30): [True: 0, False: 0] ------------------ 83| 0| return std::make_unique(); 84| 0| } 85| 0| } 86| 0|#endif 87| | 88| 0|#if defined(BOTAN_HAS_SIPHASH) 89| 0| if(req.algo_name() == "SipHash") { ------------------ | Branch (89:7): [True: 0, False: 0] ------------------ 90| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (90:10): [True: 0, False: 0] | Branch (90:30): [True: 0, False: 0] ------------------ 91| 0| return std::make_unique(req.arg_as_integer(0, 2), req.arg_as_integer(1, 4)); 92| 0| } 93| 0| } 94| 0|#endif 95| | 96| 0|#if defined(BOTAN_HAS_CMAC) 97| 0| if((req.algo_name() == "CMAC" || req.algo_name() == "OMAC") && req.arg_count() == 1) { ------------------ | Branch (97:8): [True: 0, False: 0] | Branch (97:37): [True: 0, False: 0] | Branch (97:67): [True: 0, False: 0] ------------------ 98| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (98:10): [True: 0, False: 0] | Branch (98:30): [True: 0, False: 0] ------------------ 99| 0| if(auto bc = BlockCipher::create(req.arg(0))) { ------------------ | Branch (99:18): [True: 0, False: 0] ------------------ 100| 0| return std::make_unique(std::move(bc)); 101| 0| } 102| 0| } 103| 0| } 104| 0|#endif 105| | 106| 0|#if defined(BOTAN_HAS_ANSI_X919_MAC) 107| 0| if(req.algo_name() == "X9.19-MAC") { ------------------ | Branch (107:7): [True: 0, False: 0] ------------------ 108| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (108:10): [True: 0, False: 0] | Branch (108:30): [True: 0, False: 0] ------------------ 109| 0| return std::make_unique(); 110| 0| } 111| 0| } 112| 0|#endif 113| | 114| 0|#if defined(BOTAN_HAS_KMAC) 115| 0| if(req.algo_name() == "KMAC-128") { ------------------ | Branch (115:7): [True: 0, False: 0] ------------------ 116| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (116:10): [True: 0, False: 0] | Branch (116:30): [True: 0, False: 0] ------------------ 117| 0| if(req.arg_count() != 1) { ------------------ | Branch (117:13): [True: 0, False: 0] ------------------ 118| 0| throw Invalid_Argument( 119| 0| "invalid algorithm specification for KMAC-128: need exactly one argument for output bit length"); 120| 0| } 121| 0| return std::make_unique(req.arg_as_integer(0)); 122| 0| } 123| 0| } 124| | 125| 0| if(req.algo_name() == "KMAC-256") { ------------------ | Branch (125:7): [True: 0, False: 0] ------------------ 126| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (126:10): [True: 0, False: 0] | Branch (126:30): [True: 0, False: 0] ------------------ 127| 0| if(req.arg_count() != 1) { ------------------ | Branch (127:13): [True: 0, False: 0] ------------------ 128| 0| throw Invalid_Argument( 129| 0| "invalid algorithm specification for KMAC-256: need exactly one argument for output bit length"); 130| 0| } 131| 0| return std::make_unique(req.arg_as_integer(0)); 132| 0| } 133| 0| } 134| 0|#endif 135| | 136| 0| BOTAN_UNUSED(req); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 137| 0| BOTAN_UNUSED(provider); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 138| | 139| 0| return nullptr; 140| 0|} _ZN5Botan25MessageAuthenticationCode15create_or_throwENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 148| 9.38k| std::string_view provider) { 149| 9.38k| if(auto mac = MessageAuthenticationCode::create(algo, provider)) { ------------------ | Branch (149:12): [True: 9.38k, False: 0] ------------------ 150| 9.38k| return mac; 151| 9.38k| } 152| 0| throw Lookup_Error("MAC", algo, provider); 153| 9.38k|} _ZN5Botan6BigInt17from_radix_digitsENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEm: 125| 36|BigInt BigInt::from_radix_digits(std::string_view digits, size_t radix) { 126| 36| if(radix == 16) { ------------------ | Branch (126:7): [True: 36, False: 0] ------------------ 127| 36| secure_vector binary; 128| | 129| 36| if(digits.size() % 2 == 1) { ------------------ | Branch (129:10): [True: 5, False: 31] ------------------ 130| | // Handle lack of leading 0 131| 5| const char buf0_with_leading_0[2] = {'0', digits[0]}; 132| | 133| 5| binary = hex_decode_locked(buf0_with_leading_0, 2); 134| | 135| 5| if(digits.size() > 1) { ------------------ | Branch (135:13): [True: 5, False: 0] ------------------ 136| 5| binary += hex_decode_locked(&digits[1], digits.size() - 1, false); 137| 5| } 138| 31| } else { 139| 31| binary = hex_decode_locked(digits, false); 140| 31| } 141| | 142| 36| return BigInt::from_bytes(binary); 143| 36| } else if(radix == 10) { ------------------ | Branch (143:14): [True: 0, False: 0] ------------------ 144| | // Use the largest power of 10 that fits in a word, accumulating 145| | // groups of digits into word-sized chunks to minimize the number 146| | // of multiprecision multiplications. 147| 0| constexpr word conversion_radix = decimal_conversion_radix(); 148| 0| constexpr size_t radix_digits = decimal_conversion_radix_digits(); 149| | 150| 0| BigInt r; 151| | 152| | // Handle the initial partial block (if digit count is not a multiple of radix_digits) 153| 0| const size_t partial_block = digits.size() % radix_digits; 154| | 155| 0| if(partial_block > 0) { ------------------ | Branch (155:10): [True: 0, False: 0] ------------------ 156| 0| word acc = 0; 157| 0| for(size_t i = 0; i < partial_block; ++i) { ------------------ | Branch (157:28): [True: 0, False: 0] ------------------ 158| 0| const char c = digits[i]; 159| 0| BOTAN_ARG_CHECK(c >= '0' && c <= '9', "Invalid decimal character"); ------------------ | | 35| 0| do { \ | | 36| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 0| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 0, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 0| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 0] | | ------------------ ------------------ 160| 0| acc = acc * 10 + static_cast(c - '0'); 161| 0| } 162| 0| r += acc; 163| 0| } 164| | 165| | // Process full blocks of radix_digits 166| 0| for(size_t i = partial_block; i != digits.size(); i += radix_digits) { ------------------ | Branch (166:37): [True: 0, False: 0] ------------------ 167| 0| word acc = 0; 168| 0| for(size_t j = 0; j < radix_digits; ++j) { ------------------ | Branch (168:28): [True: 0, False: 0] ------------------ 169| 0| const char c = digits[i + j]; 170| 0| BOTAN_ARG_CHECK(c >= '0' && c <= '9', "Invalid decimal character"); ------------------ | | 35| 0| do { \ | | 36| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 0| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 0, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 0| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 0] | | ------------------ ------------------ 171| 0| acc = acc * 10 + static_cast(c - '0'); 172| 0| } 173| 0| r *= conversion_radix; 174| 0| r += acc; 175| 0| } 176| | 177| 0| return r; 178| 0| } else { 179| 0| throw Invalid_Argument("BigInt::from_radix_digits unknown radix"); 180| 0| } 181| 36|} _ZN5Botan6BigIntmIERKS0_: 23| 101|BigInt& BigInt::operator-=(const BigInt& y) { 24| 101| if(&y == this) { ------------------ | Branch (24:7): [True: 0, False: 101] ------------------ 25| 0| this->clear(); 26| 0| this->set_sign(Positive); 27| 0| return *this; 28| 0| } 29| 101| return sub(y._data(), y.sig_words(), y.sign()); 30| 101|} _ZN5Botan6BigInt3addEPKmmNS0_4SignE: 32| 101|BigInt& BigInt::add(const word y[], size_t y_words, Sign y_sign) { 33| 101| const size_t x_sw = sig_words(); 34| | 35| 101| grow_to(std::max(x_sw, y_words) + 1); 36| | 37| 101| if(sign() == y_sign) { ------------------ | Branch (37:7): [True: 0, False: 101] ------------------ 38| 0| const word carry = bigint_add2(mutable_data(), size() - 1, y, y_words); 39| 0| mutable_data()[size() - 1] += carry; 40| 101| } else { 41| 101| const int32_t relative_size = bigint_cmp(_data(), x_sw, y, y_words); 42| | 43| 101| if(relative_size >= 0) { ------------------ | Branch (43:10): [True: 101, False: 0] ------------------ 44| | // *this >= y 45| 101| bigint_sub2(mutable_data(), x_sw, y, y_words); 46| 101| } else { 47| | // *this < y: compute *this = y - *this 48| 0| bigint_sub2_rev(mutable_data(), y, y_words); 49| 0| } 50| | 51| 101| if(relative_size < 0) { ------------------ | Branch (51:10): [True: 0, False: 101] ------------------ 52| 0| set_sign(y_sign); 53| 101| } else if(relative_size == 0) { ------------------ | Branch (53:17): [True: 0, False: 101] ------------------ 54| 0| set_sign(Positive); 55| 0| } 56| 101| } 57| | 58| 101| return (*this); 59| 101|} _ZN5Botan6BigIntlSEm: 269| 3|BigInt& BigInt::operator<<=(size_t shift) { 270| 3| if(shift >= 65536) { ------------------ | Branch (270:7): [True: 0, False: 3] ------------------ 271| 0| throw Invalid_Argument("BigInt left shift count too large"); 272| 0| } 273| | 274| 3| const size_t sw = sig_words(); 275| 3| const size_t new_size = sw + (shift + WordInfo::bits - 1) / WordInfo::bits; 276| | 277| 3| m_data.grow_to(new_size); 278| | 279| 3| bigint_shl1(m_data.mutable_data(), new_size, sw, shift); 280| | 281| 3| return (*this); 282| 3|} _ZN5Botan6BigIntrSEm: 287| 129|BigInt& BigInt::operator>>=(size_t shift) { 288| 129| bigint_shr1(m_data.mutable_data(), m_data.size(), shift); 289| | 290| 129| if(sig_words() == 0 && m_signedness == Negative) { ------------------ | Branch (290:7): [True: 0, False: 129] | Branch (290:27): [True: 0, False: 0] ------------------ 291| 0| m_signedness = Positive; 292| 0| } 293| | 294| 129| return (*this); 295| 129|} _ZN5Botan6BigInt4add2ERKS0_PKmmNS0_4SignE: 20| 18|BigInt BigInt::add2(const BigInt& x, const word y[], size_t y_size, BigInt::Sign y_sign) { 21| 18| const size_t x_sw = x.sig_words(); 22| | 23| 18| BigInt z = BigInt::with_capacity(std::max(x_sw, y_size) + 1); 24| | 25| 18| if(x.sign() == y_sign) { ------------------ | Branch (25:7): [True: 12, False: 6] ------------------ 26| 12| const word carry = bigint_add3(z.mutable_data(), x._data(), x_sw, y, y_size); 27| 12| z.mutable_data()[std::max(x_sw, y_size)] += carry; 28| 12| z.set_sign(x.sign()); 29| 12| } else { 30| 6| const int32_t relative_size = bigint_cmp(x.data(), x_sw, y, y_size); 31| | 32| 6| if(relative_size < 0) { ------------------ | Branch (32:10): [True: 0, False: 6] ------------------ 33| | // x < y so z = abs(y - x) 34| | // NOLINTNEXTLINE(*-suspicious-call-argument) intentionally swapping x and y here 35| 0| bigint_sub3(z.mutable_data(), y, y_size, x.data(), x_sw); 36| 0| z.set_sign(y_sign); 37| 6| } else if(relative_size == 0) { ------------------ | Branch (37:17): [True: 0, False: 6] ------------------ 38| | // Positive zero (nothing to do in this case) 39| 6| } else { 40| | /* 41| | * We know at this point that x >= y so if y_size is larger than 42| | * x_sw, we are guaranteed they are just leading zeros which can 43| | * be ignored 44| | */ 45| 6| y_size = std::min(x_sw, y_size); 46| 6| bigint_sub3(z.mutable_data(), x.data(), x_sw, y, y_size); 47| 6| z.set_sign(x.sign()); 48| 6| } 49| 6| } 50| | 51| 18| return z; 52| 18|} _ZN5BotanmlERKNS_6BigIntEm: 90| 84|BigInt operator*(const BigInt& x, word y) { 91| 84| const size_t x_sw = x.sig_words(); 92| | 93| 84| BigInt z = BigInt::with_capacity(x_sw + 1); 94| | 95| 84| if(x_sw > 0 && y > 0) { ------------------ | Branch (95:7): [True: 84, False: 0] | Branch (95:19): [True: 84, False: 0] ------------------ 96| 84| bigint_linmul3(z.mutable_data(), x._data(), x_sw, y); 97| 84| z.set_sign(x.sign()); 98| 84| } 99| | 100| 84| return z; 101| 84|} _ZN5BotanlsERKNS_6BigIntEm: 188| 18|BigInt operator<<(const BigInt& x, size_t shift) { 189| 18| if(shift >= 65536) { ------------------ | Branch (189:7): [True: 0, False: 18] ------------------ 190| 0| throw Invalid_Argument("BigInt left shift count too large"); 191| 0| } 192| | 193| 18| if(x.is_zero()) { ------------------ | Branch (193:7): [True: 0, False: 18] ------------------ 194| 0| return BigInt::zero(); 195| 0| } 196| | 197| 18| const size_t x_sw = x.sig_words(); 198| | 199| 18| const size_t new_size = x_sw + shift / WordInfo::bits + 1; 200| 18| BigInt y = BigInt::with_capacity(new_size); 201| 18| bigint_shl2(y.mutable_data(), new_size, x._data(), x_sw, shift); 202| 18| y.set_sign(x.sign()); 203| 18| return y; 204| 18|} _ZN5Botan6BigIntC2Em: 20| 6.24k|BigInt::BigInt(uint64_t n) { 21| 6.24k| if constexpr(sizeof(word) == 8) { 22| 6.24k| m_data.set_word_at(0, static_cast(n)); 23| | } else { 24| | m_data.set_word_at(1, static_cast(n >> 32)); 25| | m_data.set_word_at(0, static_cast(n)); 26| | } 27| 6.24k|} _ZN5Botan6BigInt8from_u64Em: 30| 6.22k|BigInt BigInt::from_u64(uint64_t n) { 31| 6.22k| return BigInt(n); 32| 6.22k|} _ZN5Botan6BigInt13with_capacityEm: 51| 132|BigInt BigInt::with_capacity(size_t size) { 52| 132| BigInt bn; 53| 132| bn.grow_to(size); 54| 132| return bn; 55| 132|} _ZN5Botan6BigInt11from_stringENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 57| 36|BigInt BigInt::from_string(std::string_view str) { 58| 36| size_t prefix_bytes = 0; 59| 36| bool negative = false; 60| 36| size_t radix = 10; 61| | 62| 36| if(!str.empty() && str[0] == '-') { ------------------ | Branch (62:7): [True: 36, False: 0] | Branch (62:23): [True: 0, False: 36] ------------------ 63| 0| prefix_bytes += 1; 64| 0| negative = true; 65| 0| } 66| | 67| 36| if(str.length() > prefix_bytes + 2 && str[prefix_bytes] == '0' && str[prefix_bytes + 1] == 'x') { ------------------ | Branch (67:7): [True: 36, False: 0] | Branch (67:42): [True: 36, False: 0] | Branch (67:70): [True: 36, False: 0] ------------------ 68| 36| prefix_bytes += 2; 69| 36| radix = 16; 70| 36| } 71| | 72| 36| BigInt r = BigInt::from_radix_digits(str.substr(prefix_bytes), radix); 73| | 74| 36| if(negative) { ------------------ | Branch (74:7): [True: 0, False: 36] ------------------ 75| 0| r.set_sign(Negative); 76| 36| } else { 77| 36| r.set_sign(Positive); 78| 36| } 79| | 80| 36| return r; 81| 36|} _ZN5Botan6BigInt10from_bytesENSt3__14spanIKhLm18446744073709551615EEE: 83| 31.1k|BigInt BigInt::from_bytes(std::span input) { 84| 31.1k| BigInt r; 85| 31.1k| r.assign_from_bytes(input); 86| 31.1k| return r; 87| 31.1k|} _ZNK5Botan6BigInt7byte_atEm: 118| 77.4k|uint8_t BigInt::byte_at(size_t n) const { 119| 77.4k| return get_byte_var(sizeof(word) - (n % sizeof(word)) - 1, word_at(n / sizeof(word))); 120| 77.4k|} _ZNK5Botan6BigInt8cmp_wordEm: 122| 28.0k|int32_t BigInt::cmp_word(word other) const { 123| 28.0k| if(signum() < 0) { ------------------ | Branch (123:7): [True: 0, False: 28.0k] ------------------ 124| 0| return -1; // other is positive ... 125| 0| } 126| | 127| 28.0k| const size_t sw = this->sig_words(); 128| 28.0k| if(sw > 1) { ------------------ | Branch (128:7): [True: 21.7k, False: 6.29k] ------------------ 129| 21.7k| return 1; // must be larger since other is just one word ... 130| 21.7k| } 131| | 132| 6.29k| return bigint_cmp(this->_data(), sw, &other, 1); 133| 28.0k|} _ZNK5Botan6BigInt3cmpERKS0_b: 138| 21.8k|int32_t BigInt::cmp(const BigInt& other, bool check_signs) const { 139| 21.8k| if(check_signs) { ------------------ | Branch (139:7): [True: 21.8k, False: 0] ------------------ 140| 21.8k| if(other.signum() >= 0 && this->signum() < 0) { ------------------ | Branch (140:10): [True: 21.8k, False: 0] | Branch (140:33): [True: 0, False: 21.8k] ------------------ 141| 0| return -1; 142| 0| } 143| | 144| 21.8k| if(other.signum() < 0 && this->signum() >= 0) { ------------------ | Branch (144:10): [True: 0, False: 21.8k] | Branch (144:32): [True: 0, False: 0] ------------------ 145| 0| return 1; 146| 0| } 147| | 148| 21.8k| if(other.signum() < 0 && this->signum() < 0) { ------------------ | Branch (148:10): [True: 0, False: 21.8k] | Branch (148:32): [True: 0, False: 0] ------------------ 149| 0| return (-bigint_cmp(this->_data(), this->size(), other._data(), other.size())); 150| 0| } 151| 21.8k| } 152| | 153| 21.8k| return bigint_cmp(this->_data(), this->size(), other._data(), other.size()); 154| 21.8k|} _ZNK5Botan6BigInt8is_equalERKS0_: 156| 12|bool BigInt::is_equal(const BigInt& other) const { 157| 12| if(this->sign() != other.sign()) { ------------------ | Branch (157:7): [True: 0, False: 12] ------------------ 158| 0| return false; 159| 0| } 160| | 161| 12| return bigint_ct_is_eq(this->_data(), this->size(), other._data(), other.size()).as_bool(); 162| 12|} _ZNK5Botan6BigInt12is_less_thanERKS0_: 164| 6|bool BigInt::is_less_than(const BigInt& other) const { 165| 6| if(this->signum() < 0 && other.signum() >= 0) { ------------------ | Branch (165:7): [True: 0, False: 6] | Branch (165:29): [True: 0, False: 0] ------------------ 166| 0| return true; 167| 0| } 168| | 169| 6| if(this->signum() >= 0 && other.signum() < 0) { ------------------ | Branch (169:7): [True: 6, False: 0] | Branch (169:30): [True: 0, False: 6] ------------------ 170| 0| return false; 171| 0| } 172| | 173| 6| if(other.signum() < 0 && this->signum() < 0) { ------------------ | Branch (173:7): [True: 0, False: 6] | Branch (173:29): [True: 0, False: 0] ------------------ 174| 0| return bigint_ct_is_lt(other._data(), other.size(), this->_data(), this->size()).as_bool(); 175| 0| } 176| | 177| 6| return bigint_ct_is_lt(this->_data(), this->size(), other._data(), other.size()).as_bool(); 178| 6|} _ZN5Botan6BigInt4Data11set_to_zeroEv: 191| 56.9k|void BigInt::Data::set_to_zero() { 192| 56.9k| m_reg.resize(m_reg.capacity()); 193| 56.9k| clear_mem(m_reg.data(), m_reg.size()); 194| 56.9k| m_sig_words = 0; 195| 56.9k|} _ZNK5Botan6BigInt4Data14calc_sig_wordsEv: 215| 54.3k|size_t BigInt::Data::calc_sig_words() const { 216| 54.3k| const size_t sz = m_reg.size(); 217| 54.3k| size_t sig = sz; 218| | 219| 54.3k| word sub = 1; 220| | 221| 503k| for(size_t i = 0; i != sz; ++i) { ------------------ | Branch (221:22): [True: 449k, False: 54.3k] ------------------ 222| 449k| const word w = m_reg[sz - i - 1]; 223| 449k| sub &= ct_is_zero(w); 224| 449k| sig -= sub; 225| 449k| } 226| | 227| | /* 228| | * This depends on the data so is poisoned, but unpoison it here as 229| | * later conditionals are made on the size. 230| | */ 231| 54.3k| CT::unpoison(sig); 232| | 233| 54.3k| return sig; 234| 54.3k|} _ZNK5Botan6BigInt5bytesEv: 294| 25.3k|size_t BigInt::bytes() const { 295| 25.3k| return round_up(bits(), 8) / 8; 296| 25.3k|} _ZNK5Botan6BigInt13top_bits_freeEv: 298| 38.3k|size_t BigInt::top_bits_free() const { 299| 38.3k| const size_t words = sig_words(); 300| | 301| 38.3k| const word top_word = word_at(words - 1); 302| 38.3k| const size_t bits_used = high_bit(CT::value_barrier(top_word)); 303| 38.3k| CT::unpoison(bits_used); 304| 38.3k| return WordInfo::bits - bits_used; 305| 38.3k|} _ZNK5Botan6BigInt4bitsEv: 307| 44.7k|size_t BigInt::bits() const { 308| 44.7k| const size_t words = sig_words(); 309| | 310| 44.7k| if(words == 0) { ------------------ | Branch (310:7): [True: 6.45k, False: 38.3k] ------------------ 311| 6.45k| return 0; 312| 6.45k| } 313| | 314| 38.3k| const size_t full_words = (words - 1) * WordInfo::bits; 315| 38.3k| const size_t top_bits = WordInfo::bits - top_bits_free(); 316| | 317| 38.3k| return full_words + top_bits; 318| 44.7k|} _ZN5Botan6BigInt12reduce_belowERKS0_RNSt3__16vectorImNS_16secure_allocatorImEEEE: 329| 18|size_t BigInt::reduce_below(const BigInt& p, secure_vector& ws) { 330| 18| if(p.signum() < 0 || this->signum() < 0) { ------------------ | Branch (330:7): [True: 0, False: 18] | Branch (330:25): [True: 0, False: 18] ------------------ 331| 0| throw Invalid_Argument("BigInt::reduce_below both values must be positive"); 332| 0| } 333| | 334| 18| const size_t p_words = p.sig_words(); 335| | 336| 18| if(size() < p_words + 1) { ------------------ | Branch (336:7): [True: 0, False: 18] ------------------ 337| 0| grow_to(p_words + 1); 338| 0| } 339| | 340| 18| if(ws.size() < p_words + 1) { ------------------ | Branch (340:7): [True: 18, False: 0] ------------------ 341| 18| ws.resize(p_words + 1); 342| 18| } 343| | 344| 18| clear_mem(ws.data(), ws.size()); 345| | 346| 18| size_t reductions = 0; 347| | 348| 18| for(;;) { 349| 18| const word borrow = bigint_sub3(ws.data(), _data(), p_words + 1, p._data(), p_words); 350| 18| if(borrow > 0) { ------------------ | Branch (350:10): [True: 18, False: 0] ------------------ 351| 18| break; 352| 18| } 353| | 354| 0| ++reductions; 355| 0| swap_reg(ws); 356| 0| } 357| | 358| 18| return reductions; 359| 18|} _ZNK5Botan6BigInt12serialize_toENSt3__14spanIhLm18446744073709551615EEE: 395| 12.6k|void BigInt::serialize_to(std::span output) const { 396| 12.6k| BOTAN_ARG_CHECK(this->bytes() <= output.size(), "Insufficient output space"); ------------------ | | 35| 12.6k| do { \ | | 36| 12.6k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 12.6k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 12.6k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 12.6k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 12.6k] | | ------------------ ------------------ 397| | 398| 12.6k| this->binary_encode(output.data(), output.size()); 399| 12.6k|} _ZNK5Botan6BigInt13binary_encodeEPhm: 404| 12.6k|void BigInt::binary_encode(uint8_t output[], size_t len) const { 405| 12.6k| const size_t full_words = len / sizeof(word); 406| 12.6k| const size_t extra_bytes = len % sizeof(word); 407| | 408| 25.5k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (408:22): [True: 12.9k, False: 12.6k] ------------------ 409| 12.9k| const word w = word_at(i); 410| 12.9k| store_be(w, output + (len - (i + 1) * sizeof(word))); 411| 12.9k| } 412| | 413| 12.6k| if(extra_bytes > 0) { ------------------ | Branch (413:7): [True: 6.22k, False: 6.45k] ------------------ 414| 6.22k| const word w = word_at(full_words); 415| | 416| 18.6k| for(size_t i = 0; i != extra_bytes; ++i) { ------------------ | Branch (416:25): [True: 12.4k, False: 6.22k] ------------------ 417| 12.4k| output[extra_bytes - i - 1] = get_byte_var(sizeof(word) - i - 1, w); 418| 12.4k| } 419| 6.22k| } 420| 12.6k|} _ZN5Botan6BigInt17assign_from_bytesENSt3__14spanIKhLm18446744073709551615EEE: 425| 56.9k|void BigInt::assign_from_bytes(std::span bytes) { 426| 56.9k| clear(); 427| | 428| 56.9k| const size_t length = bytes.size(); 429| 56.9k| const size_t full_words = length / sizeof(word); 430| 56.9k| const size_t extra_bytes = length % sizeof(word); 431| | 432| 56.9k| secure_vector reg((round_up(full_words + (extra_bytes > 0 ? 1 : 0), 8))); ------------------ | Branch (432:52): [True: 27.5k, False: 29.4k] ------------------ 433| | 434| 213k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (434:22): [True: 156k, False: 56.9k] ------------------ 435| 156k| reg[i] = load_be(bytes.last()); 436| 156k| bytes = bytes.first(bytes.size() - sizeof(word)); 437| 156k| } 438| | 439| 56.9k| if(!bytes.empty()) { ------------------ | Branch (439:7): [True: 27.5k, False: 29.4k] ------------------ 440| 27.5k| BOTAN_ASSERT_NOMSG(extra_bytes == bytes.size()); ------------------ | | 77| 27.5k| do { \ | | 78| 27.5k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 27.5k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 27.5k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 27.5k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 27.5k] | | ------------------ ------------------ 441| 27.5k| std::array last_partial_word = {0}; 442| 27.5k| copy_mem(std::span{last_partial_word}.last(extra_bytes), bytes); 443| 27.5k| reg[full_words] = load_be(last_partial_word); 444| 27.5k| } 445| | 446| 56.9k| m_data.swap(reg); 447| 56.9k|} _ZNK5Botan6BigInt20_const_time_unpoisonEv: 559| 129k|void BigInt::_const_time_unpoison() const { 560| 129k| CT::unpoison(m_data.const_data(), m_data.size()); 561| 129k|} _ZN5Botan20vartime_divide_pow2kEmRKNS_6BigIntE: 232| 18|BigInt vartime_divide_pow2k(size_t k, const BigInt& y_arg) { 233| 18| constexpr size_t WB = WordInfo::bits; 234| | 235| 18| BOTAN_ARG_CHECK(y_arg.signum() != 0, "Cannot divide by zero"); ------------------ | | 35| 18| do { \ | | 36| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 18| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 18] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18] | | ------------------ ------------------ 236| 18| BOTAN_ARG_CHECK(y_arg.signum() >= 0, "Negative divisor not supported"); ------------------ | | 35| 18| do { \ | | 36| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 18| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 18] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18] | | ------------------ ------------------ 237| 18| BOTAN_ARG_CHECK(k > 1, "Invalid k"); ------------------ | | 35| 18| do { \ | | 36| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 18| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 18] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18] | | ------------------ ------------------ 238| | 239| 18| BigInt y = y_arg; 240| | 241| 18| const size_t y_words = y.sig_words(); 242| | 243| 18| BOTAN_ASSERT_NOMSG(y_words > 0); ------------------ | | 77| 18| do { \ | | 78| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 18| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 18] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 18| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 18] | | ------------------ ------------------ 244| | 245| | // Calculate shifts needed to normalize y with high bit set 246| 18| const size_t shifts = y.top_bits_free(); 247| | 248| 18| if(shifts > 0) { ------------------ | Branch (248:7): [True: 3, False: 15] ------------------ 249| 3| y <<= shifts; 250| 3| } 251| | 252| 18| BigInt r; 253| 18| r.set_bit(k + shifts); // (2^k) << shifts 254| | 255| | // we know y has not changed size, since we only shifted up to set high bit 256| 18| const size_t t = y_words - 1; 257| 18| const size_t n = std::max(y_words, r.sig_words()) - 1; 258| | 259| 18| BOTAN_ASSERT_NOMSG(n >= t); ------------------ | | 77| 18| do { \ | | 78| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 18| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 18] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 18| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 18] | | ------------------ ------------------ 260| | 261| 18| BigInt q = BigInt::zero(); 262| 18| q.grow_to(n - t + 1); 263| | 264| 18| word* q_words = q.mutable_data(); 265| | 266| 18| BigInt shifted_y = y << (WB * (n - t)); 267| | 268| | // Set q_{n-t} to number of times r > shifted_y 269| 18| secure_vector ws; 270| 18| q_words[n - t] = r.reduce_below(shifted_y, ws); 271| | 272| 18| const word y_t0 = y.word_at(t); 273| 18| const word y_t1 = y.word_at(t - 1); 274| 18| BOTAN_DEBUG_ASSERT((y_t0 >> (WB - 1)) == 1); ------------------ | | 130| 18| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 18| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 18] | | ------------------ ------------------ 275| | 276| 18| const divide_precomp div_y_t0(y_t0); 277| | 278| 147| for(size_t i = n; i != t; --i) { ------------------ | Branch (278:22): [True: 129, False: 18] ------------------ 279| 129| const word x_i0 = r.word_at(i); 280| 129| const word x_i1 = r.word_at(i - 1); 281| 129| const word x_i2 = r.word_at(i - 2); 282| | 283| 129| word qit = (x_i0 == y_t0) ? WordInfo::max : div_y_t0.vartime_div_2to1(x_i0, x_i1); ------------------ | Branch (283:18): [True: 0, False: 129] ------------------ 284| | 285| | // Per HAC 14.23, this operation is required at most twice 286| 141| for(size_t j = 0; j != 2; ++j) { ------------------ | Branch (286:25): [True: 141, False: 0] ------------------ 287| 141| if(division_check_vartime(qit, y_t0, y_t1, x_i0, x_i1, x_i2)) { ------------------ | Branch (287:13): [True: 12, False: 129] ------------------ 288| 12| BOTAN_ASSERT_NOMSG(qit > 0); ------------------ | | 77| 12| do { \ | | 78| 12| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 12| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 12] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 12| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 12] | | ------------------ ------------------ 289| 12| qit--; 290| 129| } else { 291| 129| break; 292| 129| } 293| 141| } 294| | 295| 129| shifted_y >>= WB; 296| | // Now shifted_y == y << (WB * (i-t-1)) 297| | 298| | /* 299| | * Special case qit == 0 and qit == 1 which occurs relatively often here due to a 300| | * combination of the fixed 2^k and in many cases the typical structure of 301| | * public moduli (as this function is called by Barrett_Reduction::for_public_modulus). 302| | * 303| | * Over the test suite, about 5% of loop iterations have qit == 1 and 10% have qit == 0 304| | */ 305| | 306| 129| if(qit != 0) { ------------------ | Branch (306:10): [True: 101, False: 28] ------------------ 307| 101| if(qit == 1) { ------------------ | Branch (307:13): [True: 17, False: 84] ------------------ 308| 17| r -= shifted_y; 309| 84| } else { 310| 84| r -= qit * shifted_y; 311| 84| } 312| | 313| 101| if(r.signum() < 0) { ------------------ | Branch (313:13): [True: 0, False: 101] ------------------ 314| 0| BOTAN_ASSERT_NOMSG(qit > 0); ------------------ | | 77| 0| do { \ | | 78| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 0| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 0| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 0] | | ------------------ ------------------ 315| 0| qit--; 316| 0| r += shifted_y; 317| 0| BOTAN_ASSERT_NOMSG(r.signum() >= 0); ------------------ | | 77| 0| do { \ | | 78| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 0| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 0| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 0] | | ------------------ ------------------ 318| 0| } 319| 101| } 320| | 321| 129| q_words[i - t - 1] = qit; 322| 129| } 323| | 324| 18| return q; 325| 18|} divide.cpp:_ZN5Botan12_GLOBAL__N_122division_check_vartimeEmmmmmm: 34| 141|inline bool division_check_vartime(word q, word y2, word y1, word x3, word x2, word x1) { 35| | /* 36| | Compute (y3,y2,y1) = (y2,y1) * q 37| | and return true if (y3,y2,y1) > (x3,x2,x1) 38| | */ 39| | 40| 141| word y3 = 0; 41| 141| y1 = word_madd2(q, y1, &y3); 42| 141| y2 = word_madd2(q, y2, &y3); 43| | 44| 141| if(x3 != y3) { ------------------ | Branch (44:7): [True: 62, False: 79] ------------------ 45| 62| return (y3 > x3); 46| 62| } 47| 79| if(x2 != y2) { ------------------ | Branch (47:7): [True: 57, False: 22] ------------------ 48| 57| return (y2 > x2); 49| 57| } 50| 22| return (y1 > x1); 51| 79|} _ZN5Botan17bigint_comba_sqr4EPmPKm: 17| 2.41M|void bigint_comba_sqr4(word z[8], const word x[4]) { 18| 2.41M| word3 accum; 19| | 20| 2.41M| accum.mul(x[0], x[0]); 21| 2.41M| z[0] = accum.extract(); 22| 2.41M| accum.mul_x2(x[0], x[1]); 23| 2.41M| z[1] = accum.extract(); 24| 2.41M| accum.mul_x2(x[0], x[2]); 25| 2.41M| accum.mul(x[1], x[1]); 26| 2.41M| z[2] = accum.extract(); 27| 2.41M| accum.mul_x2(x[0], x[3]); 28| 2.41M| accum.mul_x2(x[1], x[2]); 29| 2.41M| z[3] = accum.extract(); 30| 2.41M| accum.mul_x2(x[1], x[3]); 31| 2.41M| accum.mul(x[2], x[2]); 32| 2.41M| z[4] = accum.extract(); 33| 2.41M| accum.mul_x2(x[2], x[3]); 34| 2.41M| z[5] = accum.extract(); 35| 2.41M| accum.mul(x[3], x[3]); 36| 2.41M| z[6] = accum.extract(); 37| 2.41M| z[7] = accum.extract(); 38| 2.41M|} _ZN5Botan17bigint_comba_mul4EPmPKmS2_: 43| 2.18M|void bigint_comba_mul4(word z[8], const word x[4], const word y[4]) { 44| 2.18M| word3 accum; 45| | 46| 2.18M| accum.mul(x[0], y[0]); 47| 2.18M| z[0] = accum.extract(); 48| 2.18M| accum.mul(x[0], y[1]); 49| 2.18M| accum.mul(x[1], y[0]); 50| 2.18M| z[1] = accum.extract(); 51| 2.18M| accum.mul(x[0], y[2]); 52| 2.18M| accum.mul(x[1], y[1]); 53| 2.18M| accum.mul(x[2], y[0]); 54| 2.18M| z[2] = accum.extract(); 55| 2.18M| accum.mul(x[0], y[3]); 56| 2.18M| accum.mul(x[1], y[2]); 57| 2.18M| accum.mul(x[2], y[1]); 58| 2.18M| accum.mul(x[3], y[0]); 59| 2.18M| z[3] = accum.extract(); 60| 2.18M| accum.mul(x[1], y[3]); 61| 2.18M| accum.mul(x[2], y[2]); 62| 2.18M| accum.mul(x[3], y[1]); 63| 2.18M| z[4] = accum.extract(); 64| 2.18M| accum.mul(x[2], y[3]); 65| 2.18M| accum.mul(x[3], y[2]); 66| 2.18M| z[5] = accum.extract(); 67| 2.18M| accum.mul(x[3], y[3]); 68| 2.18M| z[6] = accum.extract(); 69| 2.18M| z[7] = accum.extract(); 70| 2.18M|} _ZN5Botan17bigint_comba_sqr6EPmPKm: 75| 2.16M|void bigint_comba_sqr6(word z[12], const word x[6]) { 76| 2.16M| word3 accum; 77| | 78| 2.16M| accum.mul(x[0], x[0]); 79| 2.16M| z[0] = accum.extract(); 80| 2.16M| accum.mul_x2(x[0], x[1]); 81| 2.16M| z[1] = accum.extract(); 82| 2.16M| accum.mul_x2(x[0], x[2]); 83| 2.16M| accum.mul(x[1], x[1]); 84| 2.16M| z[2] = accum.extract(); 85| 2.16M| accum.mul_x2(x[0], x[3]); 86| 2.16M| accum.mul_x2(x[1], x[2]); 87| 2.16M| z[3] = accum.extract(); 88| 2.16M| accum.mul_x2(x[0], x[4]); 89| 2.16M| accum.mul_x2(x[1], x[3]); 90| 2.16M| accum.mul(x[2], x[2]); 91| 2.16M| z[4] = accum.extract(); 92| 2.16M| accum.mul_x2(x[0], x[5]); 93| 2.16M| accum.mul_x2(x[1], x[4]); 94| 2.16M| accum.mul_x2(x[2], x[3]); 95| 2.16M| z[5] = accum.extract(); 96| 2.16M| accum.mul_x2(x[1], x[5]); 97| 2.16M| accum.mul_x2(x[2], x[4]); 98| 2.16M| accum.mul(x[3], x[3]); 99| 2.16M| z[6] = accum.extract(); 100| 2.16M| accum.mul_x2(x[2], x[5]); 101| 2.16M| accum.mul_x2(x[3], x[4]); 102| 2.16M| z[7] = accum.extract(); 103| 2.16M| accum.mul_x2(x[3], x[5]); 104| 2.16M| accum.mul(x[4], x[4]); 105| 2.16M| z[8] = accum.extract(); 106| 2.16M| accum.mul_x2(x[4], x[5]); 107| 2.16M| z[9] = accum.extract(); 108| 2.16M| accum.mul(x[5], x[5]); 109| 2.16M| z[10] = accum.extract(); 110| 2.16M| z[11] = accum.extract(); 111| 2.16M|} _ZN5Botan17bigint_comba_mul6EPmPKmS2_: 116| 1.89M|void bigint_comba_mul6(word z[12], const word x[6], const word y[6]) { 117| 1.89M| word3 accum; 118| | 119| 1.89M| accum.mul(x[0], y[0]); 120| 1.89M| z[0] = accum.extract(); 121| 1.89M| accum.mul(x[0], y[1]); 122| 1.89M| accum.mul(x[1], y[0]); 123| 1.89M| z[1] = accum.extract(); 124| 1.89M| accum.mul(x[0], y[2]); 125| 1.89M| accum.mul(x[1], y[1]); 126| 1.89M| accum.mul(x[2], y[0]); 127| 1.89M| z[2] = accum.extract(); 128| 1.89M| accum.mul(x[0], y[3]); 129| 1.89M| accum.mul(x[1], y[2]); 130| 1.89M| accum.mul(x[2], y[1]); 131| 1.89M| accum.mul(x[3], y[0]); 132| 1.89M| z[3] = accum.extract(); 133| 1.89M| accum.mul(x[0], y[4]); 134| 1.89M| accum.mul(x[1], y[3]); 135| 1.89M| accum.mul(x[2], y[2]); 136| 1.89M| accum.mul(x[3], y[1]); 137| 1.89M| accum.mul(x[4], y[0]); 138| 1.89M| z[4] = accum.extract(); 139| 1.89M| accum.mul(x[0], y[5]); 140| 1.89M| accum.mul(x[1], y[4]); 141| 1.89M| accum.mul(x[2], y[3]); 142| 1.89M| accum.mul(x[3], y[2]); 143| 1.89M| accum.mul(x[4], y[1]); 144| 1.89M| accum.mul(x[5], y[0]); 145| 1.89M| z[5] = accum.extract(); 146| 1.89M| accum.mul(x[1], y[5]); 147| 1.89M| accum.mul(x[2], y[4]); 148| 1.89M| accum.mul(x[3], y[3]); 149| 1.89M| accum.mul(x[4], y[2]); 150| 1.89M| accum.mul(x[5], y[1]); 151| 1.89M| z[6] = accum.extract(); 152| 1.89M| accum.mul(x[2], y[5]); 153| 1.89M| accum.mul(x[3], y[4]); 154| 1.89M| accum.mul(x[4], y[3]); 155| 1.89M| accum.mul(x[5], y[2]); 156| 1.89M| z[7] = accum.extract(); 157| 1.89M| accum.mul(x[3], y[5]); 158| 1.89M| accum.mul(x[4], y[4]); 159| 1.89M| accum.mul(x[5], y[3]); 160| 1.89M| z[8] = accum.extract(); 161| 1.89M| accum.mul(x[4], y[5]); 162| 1.89M| accum.mul(x[5], y[4]); 163| 1.89M| z[9] = accum.extract(); 164| 1.89M| accum.mul(x[5], y[5]); 165| 1.89M| z[10] = accum.extract(); 166| 1.89M| z[11] = accum.extract(); 167| 1.89M|} _ZN5Botan17bigint_comba_sqr7EPmPKm: 172| 17.9k|void bigint_comba_sqr7(word z[14], const word x[7]) { 173| 17.9k| word3 accum; 174| | 175| 17.9k| accum.mul(x[0], x[0]); 176| 17.9k| z[0] = accum.extract(); 177| 17.9k| accum.mul_x2(x[0], x[1]); 178| 17.9k| z[1] = accum.extract(); 179| 17.9k| accum.mul_x2(x[0], x[2]); 180| 17.9k| accum.mul(x[1], x[1]); 181| 17.9k| z[2] = accum.extract(); 182| 17.9k| accum.mul_x2(x[0], x[3]); 183| 17.9k| accum.mul_x2(x[1], x[2]); 184| 17.9k| z[3] = accum.extract(); 185| 17.9k| accum.mul_x2(x[0], x[4]); 186| 17.9k| accum.mul_x2(x[1], x[3]); 187| 17.9k| accum.mul(x[2], x[2]); 188| 17.9k| z[4] = accum.extract(); 189| 17.9k| accum.mul_x2(x[0], x[5]); 190| 17.9k| accum.mul_x2(x[1], x[4]); 191| 17.9k| accum.mul_x2(x[2], x[3]); 192| 17.9k| z[5] = accum.extract(); 193| 17.9k| accum.mul_x2(x[0], x[6]); 194| 17.9k| accum.mul_x2(x[1], x[5]); 195| 17.9k| accum.mul_x2(x[2], x[4]); 196| 17.9k| accum.mul(x[3], x[3]); 197| 17.9k| z[6] = accum.extract(); 198| 17.9k| accum.mul_x2(x[1], x[6]); 199| 17.9k| accum.mul_x2(x[2], x[5]); 200| 17.9k| accum.mul_x2(x[3], x[4]); 201| 17.9k| z[7] = accum.extract(); 202| 17.9k| accum.mul_x2(x[2], x[6]); 203| 17.9k| accum.mul_x2(x[3], x[5]); 204| 17.9k| accum.mul(x[4], x[4]); 205| 17.9k| z[8] = accum.extract(); 206| 17.9k| accum.mul_x2(x[3], x[6]); 207| 17.9k| accum.mul_x2(x[4], x[5]); 208| 17.9k| z[9] = accum.extract(); 209| 17.9k| accum.mul_x2(x[4], x[6]); 210| 17.9k| accum.mul(x[5], x[5]); 211| 17.9k| z[10] = accum.extract(); 212| 17.9k| accum.mul_x2(x[5], x[6]); 213| 17.9k| z[11] = accum.extract(); 214| 17.9k| accum.mul(x[6], x[6]); 215| 17.9k| z[12] = accum.extract(); 216| 17.9k| z[13] = accum.extract(); 217| 17.9k|} _ZN5Botan17bigint_comba_mul7EPmPKmS2_: 222| 18.0k|void bigint_comba_mul7(word z[14], const word x[7], const word y[7]) { 223| 18.0k| word3 accum; 224| | 225| 18.0k| accum.mul(x[0], y[0]); 226| 18.0k| z[0] = accum.extract(); 227| 18.0k| accum.mul(x[0], y[1]); 228| 18.0k| accum.mul(x[1], y[0]); 229| 18.0k| z[1] = accum.extract(); 230| 18.0k| accum.mul(x[0], y[2]); 231| 18.0k| accum.mul(x[1], y[1]); 232| 18.0k| accum.mul(x[2], y[0]); 233| 18.0k| z[2] = accum.extract(); 234| 18.0k| accum.mul(x[0], y[3]); 235| 18.0k| accum.mul(x[1], y[2]); 236| 18.0k| accum.mul(x[2], y[1]); 237| 18.0k| accum.mul(x[3], y[0]); 238| 18.0k| z[3] = accum.extract(); 239| 18.0k| accum.mul(x[0], y[4]); 240| 18.0k| accum.mul(x[1], y[3]); 241| 18.0k| accum.mul(x[2], y[2]); 242| 18.0k| accum.mul(x[3], y[1]); 243| 18.0k| accum.mul(x[4], y[0]); 244| 18.0k| z[4] = accum.extract(); 245| 18.0k| accum.mul(x[0], y[5]); 246| 18.0k| accum.mul(x[1], y[4]); 247| 18.0k| accum.mul(x[2], y[3]); 248| 18.0k| accum.mul(x[3], y[2]); 249| 18.0k| accum.mul(x[4], y[1]); 250| 18.0k| accum.mul(x[5], y[0]); 251| 18.0k| z[5] = accum.extract(); 252| 18.0k| accum.mul(x[0], y[6]); 253| 18.0k| accum.mul(x[1], y[5]); 254| 18.0k| accum.mul(x[2], y[4]); 255| 18.0k| accum.mul(x[3], y[3]); 256| 18.0k| accum.mul(x[4], y[2]); 257| 18.0k| accum.mul(x[5], y[1]); 258| 18.0k| accum.mul(x[6], y[0]); 259| 18.0k| z[6] = accum.extract(); 260| 18.0k| accum.mul(x[1], y[6]); 261| 18.0k| accum.mul(x[2], y[5]); 262| 18.0k| accum.mul(x[3], y[4]); 263| 18.0k| accum.mul(x[4], y[3]); 264| 18.0k| accum.mul(x[5], y[2]); 265| 18.0k| accum.mul(x[6], y[1]); 266| 18.0k| z[7] = accum.extract(); 267| 18.0k| accum.mul(x[2], y[6]); 268| 18.0k| accum.mul(x[3], y[5]); 269| 18.0k| accum.mul(x[4], y[4]); 270| 18.0k| accum.mul(x[5], y[3]); 271| 18.0k| accum.mul(x[6], y[2]); 272| 18.0k| z[8] = accum.extract(); 273| 18.0k| accum.mul(x[3], y[6]); 274| 18.0k| accum.mul(x[4], y[5]); 275| 18.0k| accum.mul(x[5], y[4]); 276| 18.0k| accum.mul(x[6], y[3]); 277| 18.0k| z[9] = accum.extract(); 278| 18.0k| accum.mul(x[4], y[6]); 279| 18.0k| accum.mul(x[5], y[5]); 280| 18.0k| accum.mul(x[6], y[4]); 281| 18.0k| z[10] = accum.extract(); 282| 18.0k| accum.mul(x[5], y[6]); 283| 18.0k| accum.mul(x[6], y[5]); 284| 18.0k| z[11] = accum.extract(); 285| 18.0k| accum.mul(x[6], y[6]); 286| 18.0k| z[12] = accum.extract(); 287| 18.0k| z[13] = accum.extract(); 288| 18.0k|} _ZN5Botan17bigint_comba_sqr8EPmPKm: 293| 1.02M|void bigint_comba_sqr8(word z[16], const word x[8]) { 294| 1.02M| word3 accum; 295| | 296| 1.02M| accum.mul(x[0], x[0]); 297| 1.02M| z[0] = accum.extract(); 298| 1.02M| accum.mul_x2(x[0], x[1]); 299| 1.02M| z[1] = accum.extract(); 300| 1.02M| accum.mul_x2(x[0], x[2]); 301| 1.02M| accum.mul(x[1], x[1]); 302| 1.02M| z[2] = accum.extract(); 303| 1.02M| accum.mul_x2(x[0], x[3]); 304| 1.02M| accum.mul_x2(x[1], x[2]); 305| 1.02M| z[3] = accum.extract(); 306| 1.02M| accum.mul_x2(x[0], x[4]); 307| 1.02M| accum.mul_x2(x[1], x[3]); 308| 1.02M| accum.mul(x[2], x[2]); 309| 1.02M| z[4] = accum.extract(); 310| 1.02M| accum.mul_x2(x[0], x[5]); 311| 1.02M| accum.mul_x2(x[1], x[4]); 312| 1.02M| accum.mul_x2(x[2], x[3]); 313| 1.02M| z[5] = accum.extract(); 314| 1.02M| accum.mul_x2(x[0], x[6]); 315| 1.02M| accum.mul_x2(x[1], x[5]); 316| 1.02M| accum.mul_x2(x[2], x[4]); 317| 1.02M| accum.mul(x[3], x[3]); 318| 1.02M| z[6] = accum.extract(); 319| 1.02M| accum.mul_x2(x[0], x[7]); 320| 1.02M| accum.mul_x2(x[1], x[6]); 321| 1.02M| accum.mul_x2(x[2], x[5]); 322| 1.02M| accum.mul_x2(x[3], x[4]); 323| 1.02M| z[7] = accum.extract(); 324| 1.02M| accum.mul_x2(x[1], x[7]); 325| 1.02M| accum.mul_x2(x[2], x[6]); 326| 1.02M| accum.mul_x2(x[3], x[5]); 327| 1.02M| accum.mul(x[4], x[4]); 328| 1.02M| z[8] = accum.extract(); 329| 1.02M| accum.mul_x2(x[2], x[7]); 330| 1.02M| accum.mul_x2(x[3], x[6]); 331| 1.02M| accum.mul_x2(x[4], x[5]); 332| 1.02M| z[9] = accum.extract(); 333| 1.02M| accum.mul_x2(x[3], x[7]); 334| 1.02M| accum.mul_x2(x[4], x[6]); 335| 1.02M| accum.mul(x[5], x[5]); 336| 1.02M| z[10] = accum.extract(); 337| 1.02M| accum.mul_x2(x[4], x[7]); 338| 1.02M| accum.mul_x2(x[5], x[6]); 339| 1.02M| z[11] = accum.extract(); 340| 1.02M| accum.mul_x2(x[5], x[7]); 341| 1.02M| accum.mul(x[6], x[6]); 342| 1.02M| z[12] = accum.extract(); 343| 1.02M| accum.mul_x2(x[6], x[7]); 344| 1.02M| z[13] = accum.extract(); 345| 1.02M| accum.mul(x[7], x[7]); 346| 1.02M| z[14] = accum.extract(); 347| 1.02M| z[15] = accum.extract(); 348| 1.02M|} _ZN5Botan17bigint_comba_mul8EPmPKmS2_: 353| 942k|void bigint_comba_mul8(word z[16], const word x[8], const word y[8]) { 354| 942k| word3 accum; 355| | 356| 942k| accum.mul(x[0], y[0]); 357| 942k| z[0] = accum.extract(); 358| 942k| accum.mul(x[0], y[1]); 359| 942k| accum.mul(x[1], y[0]); 360| 942k| z[1] = accum.extract(); 361| 942k| accum.mul(x[0], y[2]); 362| 942k| accum.mul(x[1], y[1]); 363| 942k| accum.mul(x[2], y[0]); 364| 942k| z[2] = accum.extract(); 365| 942k| accum.mul(x[0], y[3]); 366| 942k| accum.mul(x[1], y[2]); 367| 942k| accum.mul(x[2], y[1]); 368| 942k| accum.mul(x[3], y[0]); 369| 942k| z[3] = accum.extract(); 370| 942k| accum.mul(x[0], y[4]); 371| 942k| accum.mul(x[1], y[3]); 372| 942k| accum.mul(x[2], y[2]); 373| 942k| accum.mul(x[3], y[1]); 374| 942k| accum.mul(x[4], y[0]); 375| 942k| z[4] = accum.extract(); 376| 942k| accum.mul(x[0], y[5]); 377| 942k| accum.mul(x[1], y[4]); 378| 942k| accum.mul(x[2], y[3]); 379| 942k| accum.mul(x[3], y[2]); 380| 942k| accum.mul(x[4], y[1]); 381| 942k| accum.mul(x[5], y[0]); 382| 942k| z[5] = accum.extract(); 383| 942k| accum.mul(x[0], y[6]); 384| 942k| accum.mul(x[1], y[5]); 385| 942k| accum.mul(x[2], y[4]); 386| 942k| accum.mul(x[3], y[3]); 387| 942k| accum.mul(x[4], y[2]); 388| 942k| accum.mul(x[5], y[1]); 389| 942k| accum.mul(x[6], y[0]); 390| 942k| z[6] = accum.extract(); 391| 942k| accum.mul(x[0], y[7]); 392| 942k| accum.mul(x[1], y[6]); 393| 942k| accum.mul(x[2], y[5]); 394| 942k| accum.mul(x[3], y[4]); 395| 942k| accum.mul(x[4], y[3]); 396| 942k| accum.mul(x[5], y[2]); 397| 942k| accum.mul(x[6], y[1]); 398| 942k| accum.mul(x[7], y[0]); 399| 942k| z[7] = accum.extract(); 400| 942k| accum.mul(x[1], y[7]); 401| 942k| accum.mul(x[2], y[6]); 402| 942k| accum.mul(x[3], y[5]); 403| 942k| accum.mul(x[4], y[4]); 404| 942k| accum.mul(x[5], y[3]); 405| 942k| accum.mul(x[6], y[2]); 406| 942k| accum.mul(x[7], y[1]); 407| 942k| z[8] = accum.extract(); 408| 942k| accum.mul(x[2], y[7]); 409| 942k| accum.mul(x[3], y[6]); 410| 942k| accum.mul(x[4], y[5]); 411| 942k| accum.mul(x[5], y[4]); 412| 942k| accum.mul(x[6], y[3]); 413| 942k| accum.mul(x[7], y[2]); 414| 942k| z[9] = accum.extract(); 415| 942k| accum.mul(x[3], y[7]); 416| 942k| accum.mul(x[4], y[6]); 417| 942k| accum.mul(x[5], y[5]); 418| 942k| accum.mul(x[6], y[4]); 419| 942k| accum.mul(x[7], y[3]); 420| 942k| z[10] = accum.extract(); 421| 942k| accum.mul(x[4], y[7]); 422| 942k| accum.mul(x[5], y[6]); 423| 942k| accum.mul(x[6], y[5]); 424| 942k| accum.mul(x[7], y[4]); 425| 942k| z[11] = accum.extract(); 426| 942k| accum.mul(x[5], y[7]); 427| 942k| accum.mul(x[6], y[6]); 428| 942k| accum.mul(x[7], y[5]); 429| 942k| z[12] = accum.extract(); 430| 942k| accum.mul(x[6], y[7]); 431| 942k| accum.mul(x[7], y[6]); 432| 942k| z[13] = accum.extract(); 433| 942k| accum.mul(x[7], y[7]); 434| 942k| z[14] = accum.extract(); 435| 942k| z[15] = accum.extract(); 436| 942k|} _ZN5Botan17bigint_comba_sqr9EPmPKm: 441| 1.41M|void bigint_comba_sqr9(word z[18], const word x[9]) { 442| 1.41M| word3 accum; 443| | 444| 1.41M| accum.mul(x[0], x[0]); 445| 1.41M| z[0] = accum.extract(); 446| 1.41M| accum.mul_x2(x[0], x[1]); 447| 1.41M| z[1] = accum.extract(); 448| 1.41M| accum.mul_x2(x[0], x[2]); 449| 1.41M| accum.mul(x[1], x[1]); 450| 1.41M| z[2] = accum.extract(); 451| 1.41M| accum.mul_x2(x[0], x[3]); 452| 1.41M| accum.mul_x2(x[1], x[2]); 453| 1.41M| z[3] = accum.extract(); 454| 1.41M| accum.mul_x2(x[0], x[4]); 455| 1.41M| accum.mul_x2(x[1], x[3]); 456| 1.41M| accum.mul(x[2], x[2]); 457| 1.41M| z[4] = accum.extract(); 458| 1.41M| accum.mul_x2(x[0], x[5]); 459| 1.41M| accum.mul_x2(x[1], x[4]); 460| 1.41M| accum.mul_x2(x[2], x[3]); 461| 1.41M| z[5] = accum.extract(); 462| 1.41M| accum.mul_x2(x[0], x[6]); 463| 1.41M| accum.mul_x2(x[1], x[5]); 464| 1.41M| accum.mul_x2(x[2], x[4]); 465| 1.41M| accum.mul(x[3], x[3]); 466| 1.41M| z[6] = accum.extract(); 467| 1.41M| accum.mul_x2(x[0], x[7]); 468| 1.41M| accum.mul_x2(x[1], x[6]); 469| 1.41M| accum.mul_x2(x[2], x[5]); 470| 1.41M| accum.mul_x2(x[3], x[4]); 471| 1.41M| z[7] = accum.extract(); 472| 1.41M| accum.mul_x2(x[0], x[8]); 473| 1.41M| accum.mul_x2(x[1], x[7]); 474| 1.41M| accum.mul_x2(x[2], x[6]); 475| 1.41M| accum.mul_x2(x[3], x[5]); 476| 1.41M| accum.mul(x[4], x[4]); 477| 1.41M| z[8] = accum.extract(); 478| 1.41M| accum.mul_x2(x[1], x[8]); 479| 1.41M| accum.mul_x2(x[2], x[7]); 480| 1.41M| accum.mul_x2(x[3], x[6]); 481| 1.41M| accum.mul_x2(x[4], x[5]); 482| 1.41M| z[9] = accum.extract(); 483| 1.41M| accum.mul_x2(x[2], x[8]); 484| 1.41M| accum.mul_x2(x[3], x[7]); 485| 1.41M| accum.mul_x2(x[4], x[6]); 486| 1.41M| accum.mul(x[5], x[5]); 487| 1.41M| z[10] = accum.extract(); 488| 1.41M| accum.mul_x2(x[3], x[8]); 489| 1.41M| accum.mul_x2(x[4], x[7]); 490| 1.41M| accum.mul_x2(x[5], x[6]); 491| 1.41M| z[11] = accum.extract(); 492| 1.41M| accum.mul_x2(x[4], x[8]); 493| 1.41M| accum.mul_x2(x[5], x[7]); 494| 1.41M| accum.mul(x[6], x[6]); 495| 1.41M| z[12] = accum.extract(); 496| 1.41M| accum.mul_x2(x[5], x[8]); 497| 1.41M| accum.mul_x2(x[6], x[7]); 498| 1.41M| z[13] = accum.extract(); 499| 1.41M| accum.mul_x2(x[6], x[8]); 500| 1.41M| accum.mul(x[7], x[7]); 501| 1.41M| z[14] = accum.extract(); 502| 1.41M| accum.mul_x2(x[7], x[8]); 503| 1.41M| z[15] = accum.extract(); 504| 1.41M| accum.mul(x[8], x[8]); 505| 1.41M| z[16] = accum.extract(); 506| 1.41M| z[17] = accum.extract(); 507| 1.41M|} _ZN5Botan17bigint_comba_mul9EPmPKmS2_: 512| 1.15M|void bigint_comba_mul9(word z[18], const word x[9], const word y[9]) { 513| 1.15M| word3 accum; 514| | 515| 1.15M| accum.mul(x[0], y[0]); 516| 1.15M| z[0] = accum.extract(); 517| 1.15M| accum.mul(x[0], y[1]); 518| 1.15M| accum.mul(x[1], y[0]); 519| 1.15M| z[1] = accum.extract(); 520| 1.15M| accum.mul(x[0], y[2]); 521| 1.15M| accum.mul(x[1], y[1]); 522| 1.15M| accum.mul(x[2], y[0]); 523| 1.15M| z[2] = accum.extract(); 524| 1.15M| accum.mul(x[0], y[3]); 525| 1.15M| accum.mul(x[1], y[2]); 526| 1.15M| accum.mul(x[2], y[1]); 527| 1.15M| accum.mul(x[3], y[0]); 528| 1.15M| z[3] = accum.extract(); 529| 1.15M| accum.mul(x[0], y[4]); 530| 1.15M| accum.mul(x[1], y[3]); 531| 1.15M| accum.mul(x[2], y[2]); 532| 1.15M| accum.mul(x[3], y[1]); 533| 1.15M| accum.mul(x[4], y[0]); 534| 1.15M| z[4] = accum.extract(); 535| 1.15M| accum.mul(x[0], y[5]); 536| 1.15M| accum.mul(x[1], y[4]); 537| 1.15M| accum.mul(x[2], y[3]); 538| 1.15M| accum.mul(x[3], y[2]); 539| 1.15M| accum.mul(x[4], y[1]); 540| 1.15M| accum.mul(x[5], y[0]); 541| 1.15M| z[5] = accum.extract(); 542| 1.15M| accum.mul(x[0], y[6]); 543| 1.15M| accum.mul(x[1], y[5]); 544| 1.15M| accum.mul(x[2], y[4]); 545| 1.15M| accum.mul(x[3], y[3]); 546| 1.15M| accum.mul(x[4], y[2]); 547| 1.15M| accum.mul(x[5], y[1]); 548| 1.15M| accum.mul(x[6], y[0]); 549| 1.15M| z[6] = accum.extract(); 550| 1.15M| accum.mul(x[0], y[7]); 551| 1.15M| accum.mul(x[1], y[6]); 552| 1.15M| accum.mul(x[2], y[5]); 553| 1.15M| accum.mul(x[3], y[4]); 554| 1.15M| accum.mul(x[4], y[3]); 555| 1.15M| accum.mul(x[5], y[2]); 556| 1.15M| accum.mul(x[6], y[1]); 557| 1.15M| accum.mul(x[7], y[0]); 558| 1.15M| z[7] = accum.extract(); 559| 1.15M| accum.mul(x[0], y[8]); 560| 1.15M| accum.mul(x[1], y[7]); 561| 1.15M| accum.mul(x[2], y[6]); 562| 1.15M| accum.mul(x[3], y[5]); 563| 1.15M| accum.mul(x[4], y[4]); 564| 1.15M| accum.mul(x[5], y[3]); 565| 1.15M| accum.mul(x[6], y[2]); 566| 1.15M| accum.mul(x[7], y[1]); 567| 1.15M| accum.mul(x[8], y[0]); 568| 1.15M| z[8] = accum.extract(); 569| 1.15M| accum.mul(x[1], y[8]); 570| 1.15M| accum.mul(x[2], y[7]); 571| 1.15M| accum.mul(x[3], y[6]); 572| 1.15M| accum.mul(x[4], y[5]); 573| 1.15M| accum.mul(x[5], y[4]); 574| 1.15M| accum.mul(x[6], y[3]); 575| 1.15M| accum.mul(x[7], y[2]); 576| 1.15M| accum.mul(x[8], y[1]); 577| 1.15M| z[9] = accum.extract(); 578| 1.15M| accum.mul(x[2], y[8]); 579| 1.15M| accum.mul(x[3], y[7]); 580| 1.15M| accum.mul(x[4], y[6]); 581| 1.15M| accum.mul(x[5], y[5]); 582| 1.15M| accum.mul(x[6], y[4]); 583| 1.15M| accum.mul(x[7], y[3]); 584| 1.15M| accum.mul(x[8], y[2]); 585| 1.15M| z[10] = accum.extract(); 586| 1.15M| accum.mul(x[3], y[8]); 587| 1.15M| accum.mul(x[4], y[7]); 588| 1.15M| accum.mul(x[5], y[6]); 589| 1.15M| accum.mul(x[6], y[5]); 590| 1.15M| accum.mul(x[7], y[4]); 591| 1.15M| accum.mul(x[8], y[3]); 592| 1.15M| z[11] = accum.extract(); 593| 1.15M| accum.mul(x[4], y[8]); 594| 1.15M| accum.mul(x[5], y[7]); 595| 1.15M| accum.mul(x[6], y[6]); 596| 1.15M| accum.mul(x[7], y[5]); 597| 1.15M| accum.mul(x[8], y[4]); 598| 1.15M| z[12] = accum.extract(); 599| 1.15M| accum.mul(x[5], y[8]); 600| 1.15M| accum.mul(x[6], y[7]); 601| 1.15M| accum.mul(x[7], y[6]); 602| 1.15M| accum.mul(x[8], y[5]); 603| 1.15M| z[13] = accum.extract(); 604| 1.15M| accum.mul(x[6], y[8]); 605| 1.15M| accum.mul(x[7], y[7]); 606| 1.15M| accum.mul(x[8], y[6]); 607| 1.15M| z[14] = accum.extract(); 608| 1.15M| accum.mul(x[7], y[8]); 609| 1.15M| accum.mul(x[8], y[7]); 610| 1.15M| z[15] = accum.extract(); 611| 1.15M| accum.mul(x[8], y[8]); 612| 1.15M| z[16] = accum.extract(); 613| 1.15M| z[17] = accum.extract(); 614| 1.15M|} _ZN5Botan12basecase_mulEPmmPKmmS2_m: 20| 16|void basecase_mul(word z[], size_t z_size, const word x[], size_t x_size, const word y[], size_t y_size) { 21| 16| if(z_size < x_size + y_size) { ------------------ | Branch (21:7): [True: 0, False: 16] ------------------ 22| 0| throw Invalid_Argument("basecase_mul z_size too small"); 23| 0| } 24| | 25| 16| const size_t x_size_8 = x_size - (x_size % 8); 26| | 27| 16| zeroize_buffer(z, z_size); 28| | 29| 168| for(size_t i = 0; i != y_size; ++i) { ------------------ | Branch (29:22): [True: 152, False: 16] ------------------ 30| 152| const word y_i = y[i]; 31| | 32| 152| word carry = 0; 33| | 34| 304| for(size_t j = 0; j != x_size_8; j += 8) { ------------------ | Branch (34:25): [True: 152, False: 152] ------------------ 35| 152| carry = word8_madd3(z + i + j, x + j, y_i, carry); 36| 152| } 37| | 38| 456| for(size_t j = x_size_8; j != x_size; ++j) { ------------------ | Branch (38:32): [True: 304, False: 152] ------------------ 39| 304| z[i + j] = word_madd3(x[j], y_i, z[i + j], &carry); 40| 304| } 41| | 42| 152| z[x_size + i] = carry; 43| 152| } 44| 16|} _ZN5Botan10bigint_mulEPmmPKmmmS2_mmS0_m: 292| 21.9k| size_t ws_size) { 293| 21.9k| zeroize_buffer(z, z_size); 294| | 295| 21.9k| if(x_sw == 1) { ------------------ | Branch (295:7): [True: 0, False: 21.9k] ------------------ 296| 0| bigint_linmul3(z, y, y_sw, x[0]); 297| 21.9k| } else if(y_sw == 1) { ------------------ | Branch (297:14): [True: 0, False: 21.9k] ------------------ 298| 0| bigint_linmul3(z, x, x_sw, y[0]); 299| 21.9k| } else if(sized_for_comba_mul<4>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (299:14): [True: 16.8k, False: 5.13k] ------------------ 300| 16.8k| bigint_comba_mul4(z, x, y); 301| 16.8k| } else if(sized_for_comba_mul<6>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (301:14): [True: 2.76k, False: 2.36k] ------------------ 302| 2.76k| bigint_comba_mul6(z, x, y); 303| 2.76k| } else if(sized_for_comba_mul<8>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (303:14): [True: 1.05k, False: 1.30k] ------------------ 304| 1.05k| bigint_comba_mul8(z, x, y); 305| 1.30k| } else if(sized_for_comba_mul<9>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (305:14): [True: 1.29k, False: 16] ------------------ 306| 1.29k| bigint_comba_mul9(z, x, y); 307| 1.29k| } else if(sized_for_comba_mul<16>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (307:14): [True: 0, False: 16] ------------------ 308| 0| bigint_comba_mul16(z, x, y); 309| 16| } else if(sized_for_comba_mul<24>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (309:14): [True: 0, False: 16] ------------------ 310| 0| bigint_comba_mul24(z, x, y); 311| 16| } else if(x_sw < KARATSUBA_MULTIPLY_THRESHOLD || y_sw < KARATSUBA_MULTIPLY_THRESHOLD || workspace == nullptr) { ------------------ | Branch (311:14): [True: 16, False: 0] | Branch (311:53): [True: 0, False: 0] | Branch (311:92): [True: 0, False: 0] ------------------ 312| 16| basecase_mul(z, z_size, x, x_sw, y, y_sw); 313| 16| } else { 314| 0| const size_t N = karatsuba_size(z_size, x_size, x_sw, y_size, y_sw); 315| | 316| 0| if(N > 0 && z_size >= 2 * N && ws_size >= 2 * N) { ------------------ | Branch (316:10): [True: 0, False: 0] | Branch (316:19): [True: 0, False: 0] | Branch (316:38): [True: 0, False: 0] ------------------ 317| 0| karatsuba_mul(z, x, y, N, workspace); 318| 0| } else { 319| 0| basecase_mul(z, z_size, x, x_sw, y, y_sw); 320| 0| } 321| 0| } 322| 21.9k|} _ZN5Botan10bigint_sqrEPmmPKmmmS0_m: 327| 18|void bigint_sqr(word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, word workspace[], size_t ws_size) { 328| 18| zeroize_buffer(z, z_size); 329| | 330| 18| BOTAN_ASSERT(z_size / 2 >= x_sw, "Output size is sufficient"); ------------------ | | 64| 18| do { \ | | 65| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 18| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 18] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 18| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 18] | | ------------------ ------------------ 331| | 332| 18| if(x_sw == 1) { ------------------ | Branch (332:7): [True: 0, False: 18] ------------------ 333| 0| bigint_linmul3(z, x, x_sw, x[0]); 334| 18| } else if(sized_for_comba_sqr<4>(x_sw, x_size, z_size)) { ------------------ | Branch (334:14): [True: 6, False: 12] ------------------ 335| 6| bigint_comba_sqr4(z, x); 336| 12| } else if(sized_for_comba_sqr<6>(x_sw, x_size, z_size)) { ------------------ | Branch (336:14): [True: 6, False: 6] ------------------ 337| 6| bigint_comba_sqr6(z, x); 338| 6| } else if(sized_for_comba_sqr<8>(x_sw, x_size, z_size)) { ------------------ | Branch (338:14): [True: 3, False: 3] ------------------ 339| 3| bigint_comba_sqr8(z, x); 340| 3| } else if(sized_for_comba_sqr<9>(x_sw, x_size, z_size)) { ------------------ | Branch (340:14): [True: 3, False: 0] ------------------ 341| 3| bigint_comba_sqr9(z, x); 342| 3| } else if(sized_for_comba_sqr<16>(x_sw, x_size, z_size)) { ------------------ | Branch (342:14): [True: 0, False: 0] ------------------ 343| 0| bigint_comba_sqr16(z, x); 344| 0| } else if(sized_for_comba_sqr<24>(x_sw, x_size, z_size)) { ------------------ | Branch (344:14): [True: 0, False: 0] ------------------ 345| 0| bigint_comba_sqr24(z, x); 346| 0| } else if(x_size < KARATSUBA_SQUARE_THRESHOLD || workspace == nullptr) { ------------------ | Branch (346:14): [True: 0, False: 0] | Branch (346:53): [True: 0, False: 0] ------------------ 347| 0| basecase_sqr(z, z_size, x, x_sw); 348| 0| } else { 349| 0| const size_t N = karatsuba_size(z_size, x_size, x_sw); 350| | 351| 0| if(N > 0 && z_size >= 2 * N && ws_size >= 2 * N) { ------------------ | Branch (351:10): [True: 0, False: 0] | Branch (351:19): [True: 0, False: 0] | Branch (351:38): [True: 0, False: 0] ------------------ 352| 0| karatsuba_sqr(z, x, N, workspace); 353| 0| } else { 354| 0| basecase_sqr(z, z_size, x, x_sw); 355| 0| } 356| 0| } 357| 18|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm4EEEbmmmmm: 272| 21.9k|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 21.9k| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 16.8k, False: 5.13k] | Branch (273:26): [True: 16.8k, False: 0] | Branch (273:42): [True: 16.8k, False: 0] | Branch (273:56): [True: 16.8k, False: 0] | Branch (273:72): [True: 16.8k, False: 0] ------------------ 274| 21.9k|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm6EEEbmmmmm: 272| 5.13k|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 5.13k| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 2.76k, False: 2.36k] | Branch (273:26): [True: 2.76k, False: 0] | Branch (273:42): [True: 2.76k, False: 0] | Branch (273:56): [True: 2.76k, False: 0] | Branch (273:72): [True: 2.76k, False: 0] ------------------ 274| 5.13k|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm8EEEbmmmmm: 272| 2.36k|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 2.36k| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 1.05k, False: 1.30k] | Branch (273:26): [True: 1.05k, False: 0] | Branch (273:42): [True: 1.05k, False: 0] | Branch (273:56): [True: 1.05k, False: 0] | Branch (273:72): [True: 1.05k, False: 0] ------------------ 274| 2.36k|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm9EEEbmmmmm: 272| 1.30k|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 1.30k| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 1.29k, False: 16] | Branch (273:26): [True: 1.29k, False: 0] | Branch (273:42): [True: 1.29k, False: 0] | Branch (273:56): [True: 1.29k, False: 0] | Branch (273:72): [True: 1.29k, False: 0] ------------------ 274| 1.30k|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm16EEEbmmmmm: 272| 16|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 16| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 16, False: 0] | Branch (273:26): [True: 8, False: 8] | Branch (273:42): [True: 8, False: 0] | Branch (273:56): [True: 8, False: 0] | Branch (273:72): [True: 0, False: 8] ------------------ 274| 16|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm24EEEbmmmmm: 272| 16|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 16| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 16, False: 0] | Branch (273:26): [True: 0, False: 16] | Branch (273:42): [True: 0, False: 0] | Branch (273:56): [True: 0, False: 0] | Branch (273:72): [True: 0, False: 0] ------------------ 274| 16|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_sqrILm4EEEbmmm: 277| 18|inline bool sized_for_comba_sqr(size_t x_sw, size_t x_size, size_t z_size) { 278| 18| return (x_sw <= SZ && x_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (278:12): [True: 6, False: 12] | Branch (278:26): [True: 6, False: 0] | Branch (278:42): [True: 6, False: 0] ------------------ 279| 18|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_sqrILm6EEEbmmm: 277| 12|inline bool sized_for_comba_sqr(size_t x_sw, size_t x_size, size_t z_size) { 278| 12| return (x_sw <= SZ && x_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (278:12): [True: 6, False: 6] | Branch (278:26): [True: 6, False: 0] | Branch (278:42): [True: 6, False: 0] ------------------ 279| 12|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_sqrILm8EEEbmmm: 277| 6|inline bool sized_for_comba_sqr(size_t x_sw, size_t x_size, size_t z_size) { 278| 6| return (x_sw <= SZ && x_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (278:12): [True: 3, False: 3] | Branch (278:26): [True: 3, False: 0] | Branch (278:42): [True: 3, False: 0] ------------------ 279| 6|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_sqrILm9EEEbmmm: 277| 3|inline bool sized_for_comba_sqr(size_t x_sw, size_t x_size, size_t z_size) { 278| 3| return (x_sw <= SZ && x_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (278:12): [True: 3, False: 0] | Branch (278:26): [True: 3, False: 0] | Branch (278:42): [True: 3, False: 0] ------------------ 279| 3|} _ZN5Botan25bigint_monty_redc_genericEPmPKmmS2_mmS0_: 91| 1.27k| word r[], const word z[], size_t z_size, const word p[], size_t p_size, word p_dash, word ws[]) { 92| 1.27k| BOTAN_ARG_CHECK(z_size >= 2 * p_size && p_size > 0, "Invalid sizes for bigint_monty_redc_generic"); ------------------ | | 35| 1.27k| do { \ | | 36| 1.27k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 2.54k| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 1.27k, False: 0] | | | Branch (37:12): [True: 1.27k, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 1.27k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 1.27k] | | ------------------ ------------------ 93| | 94| 1.27k| word3 accum; 95| | 96| 1.27k| accum.add(z[0]); 97| | 98| 1.27k| ws[0] = accum.monty_step(p[0], p_dash); 99| | 100| 11.4k| for(size_t i = 1; i != p_size; ++i) { ------------------ | Branch (100:22): [True: 10.1k, False: 1.27k] ------------------ 101| 10.1k| mul_rev_range(accum, ws, p, i); 102| 10.1k| accum.add(z[i]); 103| 10.1k| ws[i] = accum.monty_step(p[0], p_dash); 104| 10.1k| } 105| | 106| 11.4k| for(size_t i = 0; i != p_size - 1; ++i) { ------------------ | Branch (106:22): [True: 10.1k, False: 1.27k] ------------------ 107| 10.1k| mul_rev_range(accum, &ws[i + 1], &p[i], p_size - (i + 1)); 108| 10.1k| accum.add(z[p_size + i]); 109| 10.1k| ws[i] = accum.extract(); 110| 10.1k| } 111| | 112| 1.27k| accum.add(z[2 * p_size - 1]); 113| | 114| 1.27k| ws[p_size - 1] = accum.extract(); 115| | // w1 is the final part, which is not stored in the workspace 116| 1.27k| const word w1 = accum.extract(); 117| | 118| | /* 119| | * The result might need to be reduced mod p. To avoid a timing 120| | * channel, always perform the subtraction. If in the computation 121| | * of x - p a borrow is required then x was already < p. 122| | * 123| | * x starts at ws[0] and is p_size bytes long plus a possible high 124| | * digit left over in w1. 125| | * 126| | * x - p starts at z[0] and is also p_size bytes long 127| | * 128| | * If borrow was set after the subtraction, then x was already less 129| | * than p and the subtraction was not needed. In that case overwrite 130| | * z[0:p_size] with the original x in ws[0:p_size]. 131| | * 132| | * We only copy out p_size in the final step because we know 133| | * the Montgomery result is < P 134| | */ 135| | 136| 1.27k| bigint_monty_maybe_sub(p_size, r, w1, ws, p); 137| 1.27k|} mp_monty.cpp:_ZN5Botan12_GLOBAL__N_113mul_rev_rangeERNS_5word3ImEEPKmS5_m: 18| 20.3k|BOTAN_FORCE_INLINE void mul_rev_range(word3& accum, const word ws[], const word p[], size_t bound) { 19| | /* 20| | Unrolled version of: 21| | 22| | for(size_t i = 0; i < bound; ++i) { 23| | accum.mul(ws[i], p[bound - i]); 24| | } 25| | */ 26| | 27| 20.3k| size_t lower = 0; 28| 53.5k| while(lower < bound) { ------------------ | Branch (28:10): [True: 33.1k, False: 20.3k] ------------------ 29| 33.1k| const size_t upper = bound - lower; 30| | 31| 33.1k| if(upper >= 16) { ------------------ | Branch (31:10): [True: 0, False: 33.1k] ------------------ 32| 0| accum.mul(ws[lower], p[upper]); 33| 0| accum.mul(ws[lower + 1], p[upper - 1]); 34| 0| accum.mul(ws[lower + 2], p[upper - 2]); 35| 0| accum.mul(ws[lower + 3], p[upper - 3]); 36| 0| accum.mul(ws[lower + 4], p[upper - 4]); 37| 0| accum.mul(ws[lower + 5], p[upper - 5]); 38| 0| accum.mul(ws[lower + 6], p[upper - 6]); 39| 0| accum.mul(ws[lower + 7], p[upper - 7]); 40| 0| accum.mul(ws[lower + 8], p[upper - 8]); 41| 0| accum.mul(ws[lower + 9], p[upper - 9]); 42| 0| accum.mul(ws[lower + 10], p[upper - 10]); 43| 0| accum.mul(ws[lower + 11], p[upper - 11]); 44| 0| accum.mul(ws[lower + 12], p[upper - 12]); 45| 0| accum.mul(ws[lower + 13], p[upper - 13]); 46| 0| accum.mul(ws[lower + 14], p[upper - 14]); 47| 0| accum.mul(ws[lower + 15], p[upper - 15]); 48| 0| lower += 16; 49| 33.1k| } else if(upper >= 8) { ------------------ | Branch (49:17): [True: 2.54k, False: 30.5k] ------------------ 50| 2.54k| accum.mul(ws[lower], p[upper]); 51| 2.54k| accum.mul(ws[lower + 1], p[upper - 1]); 52| 2.54k| accum.mul(ws[lower + 2], p[upper - 2]); 53| 2.54k| accum.mul(ws[lower + 3], p[upper - 3]); 54| 2.54k| accum.mul(ws[lower + 4], p[upper - 4]); 55| 2.54k| accum.mul(ws[lower + 5], p[upper - 5]); 56| 2.54k| accum.mul(ws[lower + 6], p[upper - 6]); 57| 2.54k| accum.mul(ws[lower + 7], p[upper - 7]); 58| 2.54k| lower += 8; 59| 30.5k| } else if(upper >= 4) { ------------------ | Branch (59:17): [True: 10.1k, False: 20.3k] ------------------ 60| 10.1k| accum.mul(ws[lower], p[upper]); 61| 10.1k| accum.mul(ws[lower + 1], p[upper - 1]); 62| 10.1k| accum.mul(ws[lower + 2], p[upper - 2]); 63| 10.1k| accum.mul(ws[lower + 3], p[upper - 3]); 64| 10.1k| lower += 4; 65| 20.3k| } else if(upper >= 2) { ------------------ | Branch (65:17): [True: 10.1k, False: 10.1k] ------------------ 66| 10.1k| accum.mul(ws[lower], p[upper]); 67| 10.1k| accum.mul(ws[lower + 1], p[upper - 1]); 68| 10.1k| lower += 2; 69| 10.1k| } else { 70| 10.1k| accum.mul(ws[lower], p[upper]); 71| 10.1k| lower += 1; 72| 10.1k| } 73| 33.1k| } 74| 20.3k|} _ZN5Botan19bigint_monty_redc_4EPmPKmS2_mS0_: 12| 2.86M|void bigint_monty_redc_4(word r[4], const word z[8], const word p[4], word p_dash, word ws[4]) { 13| 2.86M| word3 accum; 14| 2.86M| accum.add(z[0]); 15| 2.86M| ws[0] = accum.monty_step(p[0], p_dash); 16| 2.86M| accum.mul(ws[0], p[1]); 17| 2.86M| accum.add(z[1]); 18| 2.86M| ws[1] = accum.monty_step(p[0], p_dash); 19| 2.86M| accum.mul(ws[0], p[2]); 20| 2.86M| accum.mul(ws[1], p[1]); 21| 2.86M| accum.add(z[2]); 22| 2.86M| ws[2] = accum.monty_step(p[0], p_dash); 23| 2.86M| accum.mul(ws[0], p[3]); 24| 2.86M| accum.mul(ws[1], p[2]); 25| 2.86M| accum.mul(ws[2], p[1]); 26| 2.86M| accum.add(z[3]); 27| 2.86M| ws[3] = accum.monty_step(p[0], p_dash); 28| 2.86M| accum.mul(ws[1], p[3]); 29| 2.86M| accum.mul(ws[2], p[2]); 30| 2.86M| accum.mul(ws[3], p[1]); 31| 2.86M| accum.add(z[4]); 32| 2.86M| ws[0] = accum.extract(); 33| 2.86M| accum.mul(ws[2], p[3]); 34| 2.86M| accum.mul(ws[3], p[2]); 35| 2.86M| accum.add(z[5]); 36| 2.86M| ws[1] = accum.extract(); 37| 2.86M| accum.mul(ws[3], p[3]); 38| 2.86M| accum.add(z[6]); 39| 2.86M| ws[2] = accum.extract(); 40| 2.86M| accum.add(z[7]); 41| 2.86M| ws[3] = accum.extract(); 42| 2.86M| const word w1 = accum.extract(); 43| 2.86M| bigint_monty_maybe_sub<4>(r, w1, ws, p); 44| 2.86M|} _ZN5Botan19bigint_monty_redc_6EPmPKmS2_mS0_: 46| 1.70M|void bigint_monty_redc_6(word r[6], const word z[12], const word p[6], word p_dash, word ws[6]) { 47| 1.70M| word3 accum; 48| 1.70M| accum.add(z[0]); 49| 1.70M| ws[0] = accum.monty_step(p[0], p_dash); 50| 1.70M| accum.mul(ws[0], p[1]); 51| 1.70M| accum.add(z[1]); 52| 1.70M| ws[1] = accum.monty_step(p[0], p_dash); 53| 1.70M| accum.mul(ws[0], p[2]); 54| 1.70M| accum.mul(ws[1], p[1]); 55| 1.70M| accum.add(z[2]); 56| 1.70M| ws[2] = accum.monty_step(p[0], p_dash); 57| 1.70M| accum.mul(ws[0], p[3]); 58| 1.70M| accum.mul(ws[1], p[2]); 59| 1.70M| accum.mul(ws[2], p[1]); 60| 1.70M| accum.add(z[3]); 61| 1.70M| ws[3] = accum.monty_step(p[0], p_dash); 62| 1.70M| accum.mul(ws[0], p[4]); 63| 1.70M| accum.mul(ws[1], p[3]); 64| 1.70M| accum.mul(ws[2], p[2]); 65| 1.70M| accum.mul(ws[3], p[1]); 66| 1.70M| accum.add(z[4]); 67| 1.70M| ws[4] = accum.monty_step(p[0], p_dash); 68| 1.70M| accum.mul(ws[0], p[5]); 69| 1.70M| accum.mul(ws[1], p[4]); 70| 1.70M| accum.mul(ws[2], p[3]); 71| 1.70M| accum.mul(ws[3], p[2]); 72| 1.70M| accum.mul(ws[4], p[1]); 73| 1.70M| accum.add(z[5]); 74| 1.70M| ws[5] = accum.monty_step(p[0], p_dash); 75| 1.70M| accum.mul(ws[1], p[5]); 76| 1.70M| accum.mul(ws[2], p[4]); 77| 1.70M| accum.mul(ws[3], p[3]); 78| 1.70M| accum.mul(ws[4], p[2]); 79| 1.70M| accum.mul(ws[5], p[1]); 80| 1.70M| accum.add(z[6]); 81| 1.70M| ws[0] = accum.extract(); 82| 1.70M| accum.mul(ws[2], p[5]); 83| 1.70M| accum.mul(ws[3], p[4]); 84| 1.70M| accum.mul(ws[4], p[3]); 85| 1.70M| accum.mul(ws[5], p[2]); 86| 1.70M| accum.add(z[7]); 87| 1.70M| ws[1] = accum.extract(); 88| 1.70M| accum.mul(ws[3], p[5]); 89| 1.70M| accum.mul(ws[4], p[4]); 90| 1.70M| accum.mul(ws[5], p[3]); 91| 1.70M| accum.add(z[8]); 92| 1.70M| ws[2] = accum.extract(); 93| 1.70M| accum.mul(ws[4], p[5]); 94| 1.70M| accum.mul(ws[5], p[4]); 95| 1.70M| accum.add(z[9]); 96| 1.70M| ws[3] = accum.extract(); 97| 1.70M| accum.mul(ws[5], p[5]); 98| 1.70M| accum.add(z[10]); 99| 1.70M| ws[4] = accum.extract(); 100| 1.70M| accum.add(z[11]); 101| 1.70M| ws[5] = accum.extract(); 102| 1.70M| const word w1 = accum.extract(); 103| 1.70M| bigint_monty_maybe_sub<6>(r, w1, ws, p); 104| 1.70M|} _ZN5Botan19bigint_monty_redc_8EPmPKmS2_mS0_: 106| 1.96M|void bigint_monty_redc_8(word r[8], const word z[16], const word p[8], word p_dash, word ws[8]) { 107| 1.96M| word3 accum; 108| 1.96M| accum.add(z[0]); 109| 1.96M| ws[0] = accum.monty_step(p[0], p_dash); 110| 1.96M| accum.mul(ws[0], p[1]); 111| 1.96M| accum.add(z[1]); 112| 1.96M| ws[1] = accum.monty_step(p[0], p_dash); 113| 1.96M| accum.mul(ws[0], p[2]); 114| 1.96M| accum.mul(ws[1], p[1]); 115| 1.96M| accum.add(z[2]); 116| 1.96M| ws[2] = accum.monty_step(p[0], p_dash); 117| 1.96M| accum.mul(ws[0], p[3]); 118| 1.96M| accum.mul(ws[1], p[2]); 119| 1.96M| accum.mul(ws[2], p[1]); 120| 1.96M| accum.add(z[3]); 121| 1.96M| ws[3] = accum.monty_step(p[0], p_dash); 122| 1.96M| accum.mul(ws[0], p[4]); 123| 1.96M| accum.mul(ws[1], p[3]); 124| 1.96M| accum.mul(ws[2], p[2]); 125| 1.96M| accum.mul(ws[3], p[1]); 126| 1.96M| accum.add(z[4]); 127| 1.96M| ws[4] = accum.monty_step(p[0], p_dash); 128| 1.96M| accum.mul(ws[0], p[5]); 129| 1.96M| accum.mul(ws[1], p[4]); 130| 1.96M| accum.mul(ws[2], p[3]); 131| 1.96M| accum.mul(ws[3], p[2]); 132| 1.96M| accum.mul(ws[4], p[1]); 133| 1.96M| accum.add(z[5]); 134| 1.96M| ws[5] = accum.monty_step(p[0], p_dash); 135| 1.96M| accum.mul(ws[0], p[6]); 136| 1.96M| accum.mul(ws[1], p[5]); 137| 1.96M| accum.mul(ws[2], p[4]); 138| 1.96M| accum.mul(ws[3], p[3]); 139| 1.96M| accum.mul(ws[4], p[2]); 140| 1.96M| accum.mul(ws[5], p[1]); 141| 1.96M| accum.add(z[6]); 142| 1.96M| ws[6] = accum.monty_step(p[0], p_dash); 143| 1.96M| accum.mul(ws[0], p[7]); 144| 1.96M| accum.mul(ws[1], p[6]); 145| 1.96M| accum.mul(ws[2], p[5]); 146| 1.96M| accum.mul(ws[3], p[4]); 147| 1.96M| accum.mul(ws[4], p[3]); 148| 1.96M| accum.mul(ws[5], p[2]); 149| 1.96M| accum.mul(ws[6], p[1]); 150| 1.96M| accum.add(z[7]); 151| 1.96M| ws[7] = accum.monty_step(p[0], p_dash); 152| 1.96M| accum.mul(ws[1], p[7]); 153| 1.96M| accum.mul(ws[2], p[6]); 154| 1.96M| accum.mul(ws[3], p[5]); 155| 1.96M| accum.mul(ws[4], p[4]); 156| 1.96M| accum.mul(ws[5], p[3]); 157| 1.96M| accum.mul(ws[6], p[2]); 158| 1.96M| accum.mul(ws[7], p[1]); 159| 1.96M| accum.add(z[8]); 160| 1.96M| ws[0] = accum.extract(); 161| 1.96M| accum.mul(ws[2], p[7]); 162| 1.96M| accum.mul(ws[3], p[6]); 163| 1.96M| accum.mul(ws[4], p[5]); 164| 1.96M| accum.mul(ws[5], p[4]); 165| 1.96M| accum.mul(ws[6], p[3]); 166| 1.96M| accum.mul(ws[7], p[2]); 167| 1.96M| accum.add(z[9]); 168| 1.96M| ws[1] = accum.extract(); 169| 1.96M| accum.mul(ws[3], p[7]); 170| 1.96M| accum.mul(ws[4], p[6]); 171| 1.96M| accum.mul(ws[5], p[5]); 172| 1.96M| accum.mul(ws[6], p[4]); 173| 1.96M| accum.mul(ws[7], p[3]); 174| 1.96M| accum.add(z[10]); 175| 1.96M| ws[2] = accum.extract(); 176| 1.96M| accum.mul(ws[4], p[7]); 177| 1.96M| accum.mul(ws[5], p[6]); 178| 1.96M| accum.mul(ws[6], p[5]); 179| 1.96M| accum.mul(ws[7], p[4]); 180| 1.96M| accum.add(z[11]); 181| 1.96M| ws[3] = accum.extract(); 182| 1.96M| accum.mul(ws[5], p[7]); 183| 1.96M| accum.mul(ws[6], p[6]); 184| 1.96M| accum.mul(ws[7], p[5]); 185| 1.96M| accum.add(z[12]); 186| 1.96M| ws[4] = accum.extract(); 187| 1.96M| accum.mul(ws[6], p[7]); 188| 1.96M| accum.mul(ws[7], p[6]); 189| 1.96M| accum.add(z[13]); 190| 1.96M| ws[5] = accum.extract(); 191| 1.96M| accum.mul(ws[7], p[7]); 192| 1.96M| accum.add(z[14]); 193| 1.96M| ws[6] = accum.extract(); 194| 1.96M| accum.add(z[15]); 195| 1.96M| ws[7] = accum.extract(); 196| 1.96M| const word w1 = accum.extract(); 197| 1.96M| bigint_monty_maybe_sub<8>(r, w1, ws, p); 198| 1.96M|} _ZN5Botan17Barrett_ReductionC2ERKNS_6BigIntES1_m: 17| 18| m_modulus(m), m_mu(std::move(mu)), m_mod_words(mw), m_modulus_bits(m.bits()) { 18| | // Give some extra space for Karatsuba 19| 18| m_modulus.grow_to(m_mod_words + 8); 20| 18| m_mu.grow_to(m_mod_words + 8); 21| 18|} _ZN5Botan17Barrett_Reduction18for_public_modulusERKNS_6BigIntE: 33| 18|Barrett_Reduction Barrett_Reduction::for_public_modulus(const BigInt& mod) { 34| 18| BOTAN_ARG_CHECK(mod.signum() > 0, "Modulus must be positive"); ------------------ | | 35| 18| do { \ | | 36| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 18| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 18] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18] | | ------------------ ------------------ 35| | 36| 18| const size_t mod_words = mod.sig_words(); 37| | 38| | // Compute mu = floor(2^{2k} / m) 39| 18| const size_t mu_bits = 2 * WordInfo::bits * mod_words; 40| 18| return Barrett_Reduction(mod, vartime_divide_pow2k(mu_bits, mod), mod_words); 41| 18|} _ZNK5Botan17Barrett_Reduction8multiplyERKNS_6BigIntES3_: 159| 18|BigInt Barrett_Reduction::multiply(const BigInt& x, const BigInt& y) const { 160| 18| BOTAN_ARG_CHECK(acceptable_barrett_input(x, m_modulus).as_bool(), "Invalid x param for Barrett multiply"); ------------------ | | 35| 18| do { \ | | 36| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 18| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 18] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18] | | ------------------ ------------------ 161| 18| BOTAN_ARG_CHECK(acceptable_barrett_input(y, m_modulus).as_bool(), "Invalid y param for Barrett multiply"); ------------------ | | 35| 18| do { \ | | 36| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 18| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 18] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18] | | ------------------ ------------------ 162| | 163| 18| secure_vector ws(2 * (m_mod_words + 2)); 164| 18| secure_vector xy(2 * m_mod_words); 165| | 166| 18| bigint_mul(xy.data(), 167| 18| xy.size(), 168| 18| x._data(), 169| 18| x.size(), 170| 18| std::min(x.size(), m_mod_words), 171| 18| y._data(), 172| 18| y.size(), 173| 18| std::min(y.size(), m_mod_words), 174| 18| ws.data(), 175| 18| ws.size()); 176| | 177| 18| return barrett_reduce(m_mod_words, m_modulus, m_mu, xy, ws); 178| 18|} _ZNK5Botan17Barrett_Reduction6squareERKNS_6BigIntE: 180| 18|BigInt Barrett_Reduction::square(const BigInt& x) const { 181| 18| BOTAN_ARG_CHECK(acceptable_barrett_input(x, m_modulus).as_bool(), "Invalid x param for Barrett square"); ------------------ | | 35| 18| do { \ | | 36| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 18| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 18] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18] | | ------------------ ------------------ 182| | 183| 18| secure_vector ws(2 * (m_mod_words + 2)); 184| 18| secure_vector x2(2 * m_mod_words); 185| | 186| 18| bigint_sqr(x2.data(), x2.size(), x._data(), x.size(), std::min(x.size(), m_mod_words), ws.data(), ws.size()); 187| | 188| 18| return barrett_reduce(m_mod_words, m_modulus, m_mu, x2, ws); 189| 18|} _ZNK5Botan17Barrett_Reduction6reduceERKNS_6BigIntE: 191| 12|BigInt Barrett_Reduction::reduce(const BigInt& x) const { 192| 12| BOTAN_ARG_CHECK(x.signum() >= 0, "Argument must be non-negative"); ------------------ | | 35| 12| do { \ | | 36| 12| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 12| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 12] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 12| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 12] | | ------------------ ------------------ 193| | 194| 12| const size_t x_sw = x.sig_words(); 195| 12| BOTAN_ARG_CHECK(x_sw <= 2 * m_mod_words, "Argument is too large for Barrett reduction"); ------------------ | | 35| 12| do { \ | | 36| 12| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 12| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 12] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 12| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 12] | | ------------------ ------------------ 196| | 197| 12| x.grow_to(2 * m_mod_words); 198| | 199| 12| secure_vector ws; 200| 12| return barrett_reduce(m_mod_words, m_modulus, m_mu, x._as_span(), ws); 201| 12|} barrett.cpp:_ZN5Botan12_GLOBAL__N_124acceptable_barrett_inputERKNS_6BigIntES3_: 151| 54|CT::Choice acceptable_barrett_input(const BigInt& x, const BigInt& modulus) { 152| 54| auto x_is_positive = CT::Choice::from_int(static_cast(x.signum() >= 0)); 153| 54| auto x_lt_mod = bigint_ct_is_lt(x._data(), x.size(), modulus._data(), modulus.sig_words()).as_choice(); 154| 54| return x_is_positive && x_lt_mod; 155| 54|} barrett.cpp:_ZN5Botan12_GLOBAL__N_114barrett_reduceEmRKNS_6BigIntES3_NSt3__14spanIKmLm18446744073709551615EEERNS4_6vectorImNS_16secure_allocatorImEEEE: 54| 48| size_t mod_words, const BigInt& modulus, const BigInt& mu, std::span x_words, secure_vector& ws) { 55| 48| BOTAN_ASSERT_NOMSG(modulus.sig_words() == mod_words); ------------------ | | 77| 48| do { \ | | 78| 48| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 48| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 48] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 48| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 48] | | ------------------ ------------------ 56| | 57| | // Caller must expand input to be at least this size 58| 48| BOTAN_ASSERT_NOMSG(x_words.size() >= 2 * mod_words); ------------------ | | 77| 48| do { \ | | 78| 48| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 48| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 48] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 48| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 48] | | ------------------ ------------------ 59| | 60| | // Normally mod_words + 1 but can be + 2 if the modulus is a power of 2 61| 48| const size_t mu_words = mu.sig_words(); 62| 48| BOTAN_ASSERT_NOMSG(mu_words <= mod_words + 2); ------------------ | | 77| 48| do { \ | | 78| 48| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 48| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 48] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 48| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 48] | | ------------------ ------------------ 63| | 64| 48| if(ws.size() < 2 * (mod_words + 2)) { ------------------ | Branch (64:7): [True: 12, False: 36] ------------------ 65| 12| ws.resize(2 * (mod_words + 2)); 66| 12| } 67| | 68| 48| CT::poison(x_words); 69| | 70| | /* 71| | * Following the notation of Handbook of Applied Cryptography 72| | * Algorithm 14.42 "Barrett modular reduction", page 604 73| | * 74| | * 75| | * Using `mu` for μ in the code 76| | */ 77| | 78| | // Compute q1 = floor(x / 2^(k - 1)) which is equivalent to ignoring the low (k-1) words 79| | 80| | // 2 * mod_words + 1 is sufficient, extra is to enable Karatsuba 81| 48| secure_vector r(2 * mu_words + 2); 82| | 83| 48| copy_mem(r.data(), x_words.data() + (mod_words - 1), mod_words + 1); 84| | 85| | // Now compute q2 = q1 * μ 86| | 87| | // We allocate more size than required since this allows Karatsuba more often; 88| | // just `mu_words + (mod_words + 1)` is sufficient 89| 48| const size_t q2_size = 2 * mu_words + 2; 90| | 91| 48| secure_vector q2(q2_size); 92| | 93| 48| bigint_mul( 94| 48| q2.data(), q2.size(), r.data(), r.size(), mod_words + 1, mu._data(), mu.size(), mu_words, ws.data(), ws.size()); 95| | 96| | // Compute r2 = (floor(q2 / b^(k+1)) * m) mod 2^(k+1) 97| | // The division/floor is again effected by just ignoring the low k + 1 words 98| 48| bigint_mul(r.data(), 99| 48| r.size(), 100| 48| &q2[mod_words + 1], // ignoring the low mod_words + 1 words of the first product 101| 48| q2.size() - (mod_words + 1), 102| 48| mod_words + 1, 103| 48| modulus._data(), 104| 48| modulus.size(), 105| 48| mod_words, 106| 48| ws.data(), 107| 48| ws.size()); 108| | 109| | // Clear the high words of the product, equivalent to computing mod 2^(k+1) 110| | // TODO add masked mul to avoid computing high bits at all 111| 48| clear_mem(std::span{r}.subspan(mod_words + 1)); 112| | 113| | // Compute r = r1 - r2 114| | 115| | // The return value of bigint_sub_abs isn't quite right for what we need here so first compare 116| 48| const int32_t relative_size = bigint_cmp(r.data(), mod_words + 1, x_words.data(), mod_words + 1); 117| | 118| 48| bigint_sub_abs(r.data(), r.data(), x_words.data(), mod_words + 1, ws.data()); 119| | 120| | /* 121| | If r is negative then we have to set r to r + 2^(k+1) 122| | 123| | However for r negative computing this sum is equivalent to computing 2^(k+1) - abs(r) 124| | */ 125| 48| clear_mem(ws.data(), mod_words + 2); 126| 48| ws[mod_words + 1] = 1; 127| 48| bigint_sub2(ws.data(), mod_words + 2, r.data(), mod_words + 2); 128| | 129| | // If relative_size > 0 then assign r to 2^(k+1) - r 130| 48| CT::Mask::is_equal(static_cast(relative_size), 1).select_n(r.data(), ws.data(), r.data(), mod_words + 2); 131| | 132| | /* 133| | * Per HAC Note 14.44 (ii) "step 4 is repeated at most twice since 0 ≤ r < 3m" 134| | */ 135| 48| const size_t bound = 2; 136| | 137| 48| BOTAN_ASSERT_NOMSG(r.size() >= mod_words + 1); ------------------ | | 77| 48| do { \ | | 78| 48| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 48| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 48] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 48| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 48] | | ------------------ ------------------ 138| 144| for(size_t i = 0; i != bound; ++i) { ------------------ | Branch (138:22): [True: 96, False: 48] ------------------ 139| 96| const word borrow = bigint_sub3(ws.data(), r.data(), mod_words + 1, modulus._data(), mod_words); 140| 96| CT::Mask::is_zero(borrow).select_n(r.data(), ws.data(), r.data(), mod_words + 1); 141| 96| } 142| | 143| 48| CT::unpoison(q2); 144| 48| CT::unpoison(r); 145| 48| CT::unpoison(ws); 146| 48| CT::unpoison(x_words); 147| | 148| 48| return BigInt::_from_words(r); 149| 48|} _ZN5Botan17Montgomery_Params4DataC2ERKNS_6BigIntERKNS_17Barrett_ReductionE: 40| 6|Montgomery_Params::Data::Data(const BigInt& p, const Barrett_Reduction& mod_p) { 41| 6| if(p.is_even() || p < 3) { ------------------ | Branch (41:7): [True: 0, False: 6] | Branch (41:22): [True: 0, False: 6] ------------------ 42| 0| throw Invalid_Argument("Montgomery_Params invalid modulus"); 43| 0| } 44| | 45| 6| m_p = p; 46| 6| m_p_words = m_p.sig_words(); 47| 6| m_p_dash = monty_inverse(m_p.word_at(0)); 48| | 49| 6| const BigInt r = BigInt::power_of_2(m_p_words * WordInfo::bits); 50| | 51| 6| m_r1 = mod_p.reduce(r); 52| 6| m_r2 = mod_p.square(m_r1); 53| 6| m_r3 = mod_p.multiply(m_r1, m_r2); 54| | 55| | // Barrett should be at least zero prefixing up to modulus size 56| 6| BOTAN_ASSERT_NOMSG(m_r1.size() >= m_p_words); ------------------ | | 77| 6| do { \ | | 78| 6| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 6| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 6] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 6| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 6] | | ------------------ ------------------ 57| 6| BOTAN_ASSERT_NOMSG(m_r2.size() >= m_p_words); ------------------ | | 77| 6| do { \ | | 78| 6| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 6| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 6] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 6| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 6] | | ------------------ ------------------ 58| 6| BOTAN_ASSERT_NOMSG(m_r3.size() >= m_p_words); ------------------ | | 77| 6| do { \ | | 78| 6| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 6| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 6] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 6| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 6] | | ------------------ ------------------ 59| 6|} _ZN5Botan17Montgomery_ParamsC2ERKNS_6BigIntERKNS_17Barrett_ReductionE: 62| 6| m_data(std::make_shared(p, mod_p)) {} _ZNK5Botan17Montgomery_Params3mulERKNS_6BigIntES3_RNSt3__16vectorImNS_16secure_allocatorImEEEE: 90| 12|BigInt Montgomery_Params::mul(const BigInt& x, const BigInt& y, secure_vector& ws) const { 91| 12| const size_t p_size = this->p_words(); 92| 12| BigInt z = BigInt::with_capacity(2 * p_size); 93| 12| this->mul(z, x, y, ws); 94| 12| return z; 95| 12|} _ZNK5Botan17Montgomery_Params3mulERNS_6BigIntERKS1_S4_RNSt3__16vectorImNS_16secure_allocatorImEEEE: 97| 12|void Montgomery_Params::mul(BigInt& z, const BigInt& x, const BigInt& y, secure_vector& ws) const { 98| 12| BOTAN_ARG_CHECK(&z != &x && &z != &y, "Montgomery_Params::mul output must not alias inputs"); ------------------ | | 35| 12| do { \ | | 36| 12| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 24| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 12, False: 0] | | | Branch (37:12): [True: 12, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 12| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 12] | | ------------------ ------------------ 99| | 100| 12| const size_t p_size = this->p_words(); 101| | 102| 12| if(ws.size() < 2 * p_size) { ------------------ | Branch (102:7): [True: 6, False: 6] ------------------ 103| 6| ws.resize(2 * p_size); 104| 6| } 105| | 106| 12| BOTAN_DEBUG_ASSERT(x.sig_words() <= p_size); ------------------ | | 130| 12| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 12| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 12] | | ------------------ ------------------ 107| 12| BOTAN_DEBUG_ASSERT(y.sig_words() <= p_size); ------------------ | | 130| 12| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 12| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 12] | | ------------------ ------------------ 108| | 109| 12| if(z.size() < 2 * p_size) { ------------------ | Branch (109:7): [True: 0, False: 12] ------------------ 110| 0| z.grow_to(2 * p_size); 111| 0| } 112| | 113| 12| bigint_mul(z.mutable_data(), 114| 12| z.size(), 115| 12| x._data(), 116| 12| x.size(), 117| 12| std::min(p_size, x.size()), 118| 12| y._data(), 119| 12| y.size(), 120| 12| std::min(p_size, y.size()), 121| 12| ws.data(), 122| 12| ws.size()); 123| | 124| 12| bigint_monty_redc_inplace(z.mutable_data(), this->p()._data(), p_size, this->p_dash(), ws.data(), ws.size()); 125| 12|} _ZNK5Botan17Montgomery_Params6mul_byERNS_6BigIntERKS1_RNSt3__16vectorImNS_16secure_allocatorImEEEE: 157| 21.8k|void Montgomery_Params::mul_by(BigInt& x, const BigInt& y, secure_vector& ws) const { 158| 21.8k| const size_t p_size = this->p_words(); 159| | 160| 21.8k| if(ws.size() < 4 * p_size) { ------------------ | Branch (160:7): [True: 10.9k, False: 10.9k] ------------------ 161| 10.9k| ws.resize(4 * p_size); 162| 10.9k| } 163| | 164| 21.8k| word* z_data = ws.data(); 165| 21.8k| word* ws_data = &ws[2 * p_size]; 166| | 167| 21.8k| BOTAN_DEBUG_ASSERT(x.sig_words() <= p_size); ------------------ | | 130| 21.8k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 21.8k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 21.8k] | | ------------------ ------------------ 168| | 169| 21.8k| bigint_mul(z_data, 170| 21.8k| 2 * p_size, 171| 21.8k| x._data(), 172| 21.8k| x.size(), 173| 21.8k| std::min(p_size, x.size()), 174| 21.8k| y._data(), 175| 21.8k| y.size(), 176| 21.8k| std::min(p_size, y.size()), 177| 21.8k| ws_data, 178| 21.8k| 2 * p_size); 179| | 180| 21.8k| bigint_monty_redc_inplace(z_data, this->p()._data(), p_size, this->p_dash(), ws_data, 2 * p_size); 181| | 182| 21.8k| if(x.size() < 2 * p_size) { ------------------ | Branch (182:7): [True: 5.01k, False: 16.8k] ------------------ 183| 5.01k| x.grow_to(2 * p_size); 184| 5.01k| } 185| 21.8k| copy_mem(x.mutable_data(), z_data, 2 * p_size); 186| 21.8k|} _ZN5Botan6PCurve15PrimeOrderCurve6Scalar8_zeroizeEv: 16| 9.22k|void PrimeOrderCurve::Scalar::_zeroize() { 17| 9.22k| secure_zeroize_buffer(m_value.data(), m_value.size() * sizeof(word)); 18| 9.22k|} _ZN5Botan6PCurve15PrimeOrderCurve15for_named_curveENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 32| 6|std::shared_ptr PrimeOrderCurve::for_named_curve(std::string_view name) { 33| 6|#if defined(BOTAN_HAS_PCURVES_SECP256R1) 34| 6| if(name == "secp256r1") { ------------------ | Branch (34:7): [True: 1, False: 5] ------------------ 35| 1| return PCurveInstance::secp256r1(); 36| 1| } 37| 5|#endif 38| | 39| 5|#if defined(BOTAN_HAS_PCURVES_SECP384R1) 40| 5| if(name == "secp384r1") { ------------------ | Branch (40:7): [True: 1, False: 4] ------------------ 41| 1| return PCurveInstance::secp384r1(); 42| 1| } 43| 4|#endif 44| | 45| 4|#if defined(BOTAN_HAS_PCURVES_SECP521R1) 46| 4| if(name == "secp521r1") { ------------------ | Branch (46:7): [True: 1, False: 3] ------------------ 47| 1| return PCurveInstance::secp521r1(); 48| 1| } 49| 3|#endif 50| | 51| 3|#if defined(BOTAN_HAS_PCURVES_BRAINPOOL256R1) 52| 3| if(name == "brainpool256r1") { ------------------ | Branch (52:7): [True: 1, False: 2] ------------------ 53| 1| return PCurveInstance::brainpool256r1(); 54| 1| } 55| 2|#endif 56| | 57| 2|#if defined(BOTAN_HAS_PCURVES_BRAINPOOL384R1) 58| 2| if(name == "brainpool384r1") { ------------------ | Branch (58:7): [True: 1, False: 1] ------------------ 59| 1| return PCurveInstance::brainpool384r1(); 60| 1| } 61| 1|#endif 62| | 63| 1|#if defined(BOTAN_HAS_PCURVES_BRAINPOOL512R1) 64| 1| if(name == "brainpool512r1") { ------------------ | Branch (64:7): [True: 1, False: 0] ------------------ 65| 1| return PCurveInstance::brainpool512r1(); 66| 1| } 67| 0|#endif 68| | 69| 0|#if defined(BOTAN_HAS_PCURVES_FRP256V1) 70| 0| if(name == "frp256v1") { ------------------ | Branch (70:7): [True: 0, False: 0] ------------------ 71| 0| return PCurveInstance::frp256v1(); 72| 0| } 73| 0|#endif 74| | 75| 0|#if defined(BOTAN_HAS_PCURVES_SECP192R1) 76| 0| if(name == "secp192r1") { ------------------ | Branch (76:7): [True: 0, False: 0] ------------------ 77| 0| return PCurveInstance::secp192r1(); 78| 0| } 79| 0|#endif 80| | 81| 0|#if defined(BOTAN_HAS_PCURVES_SECP224R1) 82| 0| if(name == "secp224r1") { ------------------ | Branch (82:7): [True: 0, False: 0] ------------------ 83| 0| return PCurveInstance::secp224r1(); 84| 0| } 85| 0|#endif 86| | 87| 0|#if defined(BOTAN_HAS_PCURVES_SECP256K1) 88| 0| if(name == "secp256k1") { ------------------ | Branch (88:7): [True: 0, False: 0] ------------------ 89| 0| return PCurveInstance::secp256k1(); 90| 0| } 91| 0|#endif 92| | 93| 0|#if defined(BOTAN_HAS_PCURVES_SM2P256V1) 94| 0| if(name == "sm2p256v1") { ------------------ | Branch (94:7): [True: 0, False: 0] ------------------ 95| 0| return PCurveInstance::sm2p256v1(); 96| 0| } 97| 0|#endif 98| | 99| 0|#if defined(BOTAN_HAS_PCURVES_NUMSP512D1) 100| 0| if(name == "numsp512d1") { ------------------ | Branch (100:7): [True: 0, False: 0] ------------------ 101| 0| return PCurveInstance::numsp512d1(); 102| 0| } 103| 0|#endif 104| | 105| 0| BOTAN_UNUSED(name); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 106| 0| return {}; 107| 0|} _ZN5Botan6PCurve14PCurveInstance14brainpool256r1Ev: 36| 1|std::shared_ptr PCurveInstance::brainpool256r1() { 37| 1| return PrimeOrderCurveImpl::instance(); 38| 1|} _ZN5Botan6PCurve14PCurveInstance14brainpool384r1Ev: 36| 1|std::shared_ptr PCurveInstance::brainpool384r1() { 37| 1| return PrimeOrderCurveImpl::instance(); 38| 1|} _ZN5Botan6PCurve14PCurveInstance14brainpool512r1Ev: 36| 1|std::shared_ptr PCurveInstance::brainpool512r1() { 37| 1| return PrimeOrderCurveImpl::instance(); 38| 1|} _ZN5Botan6PCurve14PCurveInstance9secp256r1Ev: 268| 1|std::shared_ptr PCurveInstance::secp256r1() { 269| 1| return PrimeOrderCurveImpl::instance(); 270| 1|} pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS1_9secp256r16ParamsES2_E11FieldParamsEE3oneEv: 77| 44.2k| constexpr static std::array one() { return std::array{1}; } pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS1_9secp256r16ParamsES2_E11FieldParamsEE4redcERKNSt3__15arrayImLm8EEE: 27| 1.74M| constexpr static std::array redc(const std::array& z) { 28| 1.74M| const int64_t X00 = get_uint32(z.data(), 0); 29| 1.74M| const int64_t X01 = get_uint32(z.data(), 1); 30| 1.74M| const int64_t X02 = get_uint32(z.data(), 2); 31| 1.74M| const int64_t X03 = get_uint32(z.data(), 3); 32| 1.74M| const int64_t X04 = get_uint32(z.data(), 4); 33| 1.74M| const int64_t X05 = get_uint32(z.data(), 5); 34| 1.74M| const int64_t X06 = get_uint32(z.data(), 6); 35| 1.74M| const int64_t X07 = get_uint32(z.data(), 7); 36| 1.74M| const int64_t X08 = get_uint32(z.data(), 8); 37| 1.74M| const int64_t X09 = get_uint32(z.data(), 9); 38| 1.74M| const int64_t X10 = get_uint32(z.data(), 10); 39| 1.74M| const int64_t X11 = get_uint32(z.data(), 11); 40| 1.74M| const int64_t X12 = get_uint32(z.data(), 12); 41| 1.74M| const int64_t X13 = get_uint32(z.data(), 13); 42| 1.74M| const int64_t X14 = get_uint32(z.data(), 14); 43| 1.74M| const int64_t X15 = get_uint32(z.data(), 15); 44| | 45| | // See SP 800-186 section G.1.2 46| 1.74M| const int64_t S0 = P256_4[0] + X00 + X08 + X09 - (X11 + X12 + X13 + X14); 47| 1.74M| const int64_t S1 = P256_4[1] + X01 + X09 + X10 - (X12 + X13 + X14 + X15); 48| 1.74M| const int64_t S2 = P256_4[2] + X02 + X10 + X11 - (X13 + X14 + X15); 49| 1.74M| const int64_t S3 = P256_4[3] + X03 + 2 * (X11 + X12) + X13 - (X15 + X08 + X09); 50| 1.74M| const int64_t S4 = P256_4[4] + X04 + 2 * (X12 + X13) + X14 - (X09 + X10); 51| 1.74M| const int64_t S5 = P256_4[5] + X05 + 2 * (X13 + X14) + X15 - (X10 + X11); 52| 1.74M| const int64_t S6 = P256_4[6] + X06 + X13 + X14 * 3 + X15 * 2 - (X08 + X09); 53| 1.74M| const int64_t S7 = P256_4[7] + X07 + X15 * 3 + X08 - (X10 + X11 + X12 + X13); 54| 1.74M| const int64_t S8 = P256_4[8]; 55| | 56| 1.74M| std::array r = {}; 57| | 58| 1.74M| SolinasAccum sum(r); 59| | 60| 1.74M| sum.accum(S0); 61| 1.74M| sum.accum(S1); 62| 1.74M| sum.accum(S2); 63| 1.74M| sum.accum(S3); 64| 1.74M| sum.accum(S4); 65| 1.74M| sum.accum(S5); 66| 1.74M| sum.accum(S6); 67| 1.74M| sum.accum(S7); 68| 1.74M| const auto S = sum.final_carry(S8); 69| | 70| 1.74M| BOTAN_DEBUG_ASSERT(S <= 8); ------------------ | | 130| 1.74M| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 1.74M| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 1.74M] | | ------------------ ------------------ 71| | 72| 1.74M| solinas_correct_redc(r, P, p256_mul_mod_256(S)); 73| | 74| 1.74M| return r; 75| 1.74M| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS1_9secp256r16ParamsES2_E11FieldParamsEE16p256_mul_mod_256Em: 89| 1.74M| constexpr static std::array p256_mul_mod_256(W i) { 90| 1.74M| static_assert(WordInfo::bits == 32 || WordInfo::bits == 64); 91| | 92| | // For small i, multiples of P-256 have a simple structure so it's faster to 93| | // compute the value directly vs a (constant time) table lookup 94| | 95| 1.74M| auto r = P; 96| | if constexpr(WordInfo::bits == 32) { 97| | r[7] -= i; 98| | r[6] += i; 99| | r[3] += i; 100| | r[0] -= i; 101| 1.74M| } else { 102| 1.74M| const uint64_t i32 = static_cast(i) << 32; 103| 1.74M| r[3] -= i32; 104| 1.74M| r[3] += i; 105| 1.74M| r[1] += i32; 106| 1.74M| r[0] -= i; 107| 1.74M| } 108| 1.74M| return r; 109| 1.74M| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp256r15Curve10fe_invert2ERKNS_6IntModINS1_12Secp256r1RepINS_13EllipticCurveINS2_6ParamsES5_E11FieldParamsEEEEE: 131| 1.11k| static constexpr FieldElement fe_invert2(const FieldElement& x) { 132| | // Generated using https://github.com/mmcloughlin/addchain 133| | 134| 1.11k| auto z = x.square(); 135| 1.11k| z *= x; 136| 1.11k| z = z.square(); 137| 1.11k| z *= x; 138| 1.11k| auto t0 = z; 139| 1.11k| t0.square_n(3); 140| 1.11k| t0 *= z; 141| 1.11k| auto t1 = t0; 142| 1.11k| t1.square_n(6); 143| 1.11k| t0 *= t1; 144| 1.11k| t0.square_n(3); 145| 1.11k| z *= t0; 146| 1.11k| t0 = z.square(); 147| 1.11k| t0 *= x; 148| 1.11k| t1 = t0; 149| 1.11k| t1.square_n(16); 150| 1.11k| t0 *= t1; 151| 1.11k| t0.square_n(15); 152| 1.11k| z *= t0; 153| 1.11k| t0.square_n(17); 154| 1.11k| t0 *= x; 155| 1.11k| t0.square_n(143); 156| 1.11k| t0 *= z; 157| 1.11k| t0.square_n(47); 158| 1.11k| z *= t0; 159| 1.11k| z.square_n(2); 160| | 161| 1.11k| return z; 162| 1.11k| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS1_9secp256r16ParamsES2_E11FieldParamsEE8from_repERKNSt3__15arrayImLm4EEE: 83| 17.1k| constexpr static std::array from_rep(const std::array& z) { return z; } pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS1_9secp256r16ParamsES2_E11FieldParamsEE6to_repERKNSt3__15arrayImLm4EEE: 79| 17.0k| constexpr static std::array to_rep(const std::array& x) { return x; } pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp256r15Curve7fe_sqrtERKNS_6IntModINS1_12Secp256r1RepINS_13EllipticCurveINS2_6ParamsES5_E11FieldParamsEEEEE: 165| 338| static constexpr FieldElement fe_sqrt(const FieldElement& x) { 166| | // Generated using addchain 167| 338| auto z = x.square(); 168| 338| z *= x; 169| 338| auto t0 = z; 170| 338| t0.square_n(2); 171| 338| z *= t0; 172| 338| t0 = z; 173| 338| t0.square_n(4); 174| 338| z *= t0; 175| 338| t0 = z; 176| 338| t0.square_n(8); 177| 338| z *= t0; 178| 338| t0 = z; 179| 338| t0.square_n(16); 180| 338| z *= t0; 181| 338| z.square_n(32); 182| 338| z *= x; 183| 338| z.square_n(96); 184| 338| z *= x; 185| 338| z.square_n(94); 186| 338| return z; 187| 338| } _ZN5Botan6PCurve14PCurveInstance9secp384r1Ev: 343| 1|std::shared_ptr PCurveInstance::secp384r1() { 344| 1| return PrimeOrderCurveImpl::instance(); 345| 1|} pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS1_9secp384r16ParamsES2_E11FieldParamsEE3oneEv: 88| 62.1k| constexpr static std::array one() { return std::array{1}; } pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS1_9secp384r16ParamsES2_E11FieldParamsEE4redcERKNSt3__15arrayImLm12EEE: 23| 2.36M| constexpr static std::array redc(const std::array& z) { 24| 2.36M| const int64_t X00 = get_uint32(z.data(), 0); 25| 2.36M| const int64_t X01 = get_uint32(z.data(), 1); 26| 2.36M| const int64_t X02 = get_uint32(z.data(), 2); 27| 2.36M| const int64_t X03 = get_uint32(z.data(), 3); 28| 2.36M| const int64_t X04 = get_uint32(z.data(), 4); 29| 2.36M| const int64_t X05 = get_uint32(z.data(), 5); 30| 2.36M| const int64_t X06 = get_uint32(z.data(), 6); 31| 2.36M| const int64_t X07 = get_uint32(z.data(), 7); 32| 2.36M| const int64_t X08 = get_uint32(z.data(), 8); 33| 2.36M| const int64_t X09 = get_uint32(z.data(), 9); 34| 2.36M| const int64_t X10 = get_uint32(z.data(), 10); 35| 2.36M| const int64_t X11 = get_uint32(z.data(), 11); 36| 2.36M| const int64_t X12 = get_uint32(z.data(), 12); 37| 2.36M| const int64_t X13 = get_uint32(z.data(), 13); 38| 2.36M| const int64_t X14 = get_uint32(z.data(), 14); 39| 2.36M| const int64_t X15 = get_uint32(z.data(), 15); 40| 2.36M| const int64_t X16 = get_uint32(z.data(), 16); 41| 2.36M| const int64_t X17 = get_uint32(z.data(), 17); 42| 2.36M| const int64_t X18 = get_uint32(z.data(), 18); 43| 2.36M| const int64_t X19 = get_uint32(z.data(), 19); 44| 2.36M| const int64_t X20 = get_uint32(z.data(), 20); 45| 2.36M| const int64_t X21 = get_uint32(z.data(), 21); 46| 2.36M| const int64_t X22 = get_uint32(z.data(), 22); 47| 2.36M| const int64_t X23 = get_uint32(z.data(), 23); 48| | 49| | // One copy of P-384 is added to prevent underflow 50| 2.36M| const int64_t S0 = 0xFFFFFFFF + X00 + X12 + X20 + X21 - X23; 51| 2.36M| const int64_t S1 = 0x00000000 + X01 + X13 + X22 + X23 - X12 - X20; 52| 2.36M| const int64_t S2 = 0x00000000 + X02 + X14 + X23 - X13 - X21; 53| 2.36M| const int64_t S3 = 0xFFFFFFFF + X03 + X12 + X15 + X20 + X21 - X14 - X22 - X23; 54| 2.36M| const int64_t S4 = 0xFFFFFFFE + X04 + X12 + X13 + X16 + X20 + X21 * 2 + X22 - X15 - X23 * 2; 55| 2.36M| const int64_t S5 = 0xFFFFFFFF + X05 + X13 + X14 + X17 + X21 + X22 * 2 + X23 - X16; 56| 2.36M| const int64_t S6 = 0xFFFFFFFF + X06 + X14 + X15 + X18 + X22 + X23 * 2 - X17; 57| 2.36M| const int64_t S7 = 0xFFFFFFFF + X07 + X15 + X16 + X19 + X23 - X18; 58| 2.36M| const int64_t S8 = 0xFFFFFFFF + X08 + X16 + X17 + X20 - X19; 59| 2.36M| const int64_t S9 = 0xFFFFFFFF + X09 + X17 + X18 + X21 - X20; 60| 2.36M| const int64_t SA = 0xFFFFFFFF + X10 + X18 + X19 + X22 - X21; 61| 2.36M| const int64_t SB = 0xFFFFFFFF + X11 + X19 + X20 + X23 - X22; 62| | 63| 2.36M| std::array r = {}; 64| | 65| 2.36M| SolinasAccum sum(r); 66| | 67| 2.36M| sum.accum(S0); 68| 2.36M| sum.accum(S1); 69| 2.36M| sum.accum(S2); 70| 2.36M| sum.accum(S3); 71| 2.36M| sum.accum(S4); 72| 2.36M| sum.accum(S5); 73| 2.36M| sum.accum(S6); 74| 2.36M| sum.accum(S7); 75| 2.36M| sum.accum(S8); 76| 2.36M| sum.accum(S9); 77| 2.36M| sum.accum(SA); 78| 2.36M| sum.accum(SB); 79| 2.36M| const auto S = sum.final_carry(0); 80| | 81| 2.36M| BOTAN_DEBUG_ASSERT(S <= 4); ------------------ | | 130| 2.36M| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 2.36M| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 2.36M] | | ------------------ ------------------ 82| | 83| 2.36M| solinas_correct_redc(r, P, p384_mul_mod_384(S)); 84| | 85| 2.36M| return r; 86| 2.36M| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS1_9secp384r16ParamsES2_E11FieldParamsEE16p384_mul_mod_384Em: 100| 2.36M| constexpr static std::array p384_mul_mod_384(W i) { 101| 2.36M| static_assert(WordInfo::bits == 32 || WordInfo::bits == 64); 102| | 103| | // For small i, multiples of P-384 have a simple structure so it's faster to 104| | // compute the value directly vs a (constant time) table lookup 105| | 106| 2.36M| auto r = P; 107| | if constexpr(WordInfo::bits == 32) { 108| | r[4] -= i; 109| | r[3] -= i; 110| | r[1] += i; 111| | r[0] -= i; 112| 2.36M| } else { 113| 2.36M| const uint64_t i32 = static_cast(i) << 32; 114| 2.36M| r[2] -= i; 115| 2.36M| r[1] -= i32; 116| 2.36M| r[0] += i32; 117| 2.36M| r[0] -= i; 118| 2.36M| } 119| 2.36M| return r; 120| 2.36M| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp384r15Curve10fe_invert2ERKNS_6IntModINS1_12Secp384r1RepINS_13EllipticCurveINS2_6ParamsES5_E11FieldParamsEEEEE: 142| 1.05k| static constexpr FieldElement fe_invert2(const FieldElement& x) { 143| | // From https://briansmith.org/ecc-inversion-addition-chains-01 144| | 145| 1.05k| FieldElement r = x.square(); 146| 1.05k| r *= x; 147| 1.05k| const auto x2 = r; 148| 1.05k| r = r.square(); 149| 1.05k| r *= x; 150| 1.05k| const auto x3 = r; 151| 1.05k| r.square_n(3); 152| 1.05k| r *= x3; 153| 1.05k| auto rl = r; 154| 1.05k| r.square_n(6); 155| 1.05k| r *= rl; 156| 1.05k| r.square_n(3); 157| 1.05k| r *= x3; 158| 1.05k| const auto x15 = r; 159| 1.05k| r.square_n(15); 160| 1.05k| r *= x15; 161| 1.05k| const auto x30 = r; 162| 1.05k| r.square_n(30); 163| 1.05k| r *= x30; 164| 1.05k| rl = r; 165| 1.05k| r.square_n(60); 166| 1.05k| r *= rl; 167| 1.05k| rl = r; 168| 1.05k| r.square_n(120); 169| 1.05k| r *= rl; 170| 1.05k| r.square_n(15); 171| 1.05k| r *= x15; 172| 1.05k| r.square_n(31); 173| 1.05k| r *= x30; 174| 1.05k| r.square_n(2); 175| 1.05k| r *= x2; 176| 1.05k| r.square_n(94); 177| 1.05k| r *= x30; 178| 1.05k| r.square_n(2); 179| | 180| 1.05k| return r; 181| 1.05k| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS1_9secp384r16ParamsES2_E11FieldParamsEE8from_repERKNSt3__15arrayImLm6EEE: 94| 3.87k| constexpr static std::array from_rep(const std::array& z) { return z; } pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS1_9secp384r16ParamsES2_E11FieldParamsEE6to_repERKNSt3__15arrayImLm6EEE: 90| 4.02k| constexpr static std::array to_rep(const std::array& x) { return x; } pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp384r15Curve7fe_sqrtERKNS_6IntModINS1_12Secp384r1RepINS_13EllipticCurveINS2_6ParamsES5_E11FieldParamsEEEEE: 183| 299| static constexpr FieldElement fe_sqrt(const FieldElement& x) { 184| | // Generated using https://github.com/mmcloughlin/addchain 185| | 186| 299| auto z = x.square(); 187| 299| z *= x; 188| 299| z = z.square(); 189| 299| auto t0 = x * z; 190| 299| z = t0; 191| 299| z.square_n(3); 192| 299| auto t1 = t0 * z; 193| 299| auto t2 = t1.square(); 194| 299| z = t2 * x; 195| 299| t2.square_n(5); 196| 299| t1 *= t2; 197| 299| t2 = t1; 198| 299| t2.square_n(12); 199| 299| t1 *= t2; 200| 299| t1.square_n(7); 201| 299| t1 *= z; 202| 299| z = t1.square(); 203| 299| z *= x; 204| 299| t2 = z; 205| 299| t2.square_n(31); 206| 299| t1 *= t2; 207| 299| t2 = t1; 208| 299| t2.square_n(63); 209| 299| t1 *= t2; 210| 299| t2 = t1; 211| 299| t2.square_n(126); 212| 299| t1 *= t2; 213| 299| t1.square_n(3); 214| 299| t0 *= t1; 215| 299| t0.square_n(33); 216| 299| z *= t0; 217| 299| z.square_n(64); 218| 299| z *= x; 219| 299| z.square_n(30); 220| 299| return z; 221| 299| } _ZN5Botan6PCurve14PCurveInstance9secp521r1Ev: 291| 1|std::shared_ptr PCurveInstance::secp521r1() { 292| 1| return PrimeOrderCurveImpl::instance(); 293| 1|} pcurves_secp521r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE3oneEv: 24| 68.2k| constexpr static std::array one() { return std::array{1}; } pcurves_secp521r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE4redcERKNSt3__15arrayImLm18EEE: 26| 2.56M| constexpr static std::array redc(const std::array& z) { 27| | // Regardless of word size (32 or 64) the top word is 9 bits long 28| 2.56M| constexpr W TOP_BITS = static_cast(0x1FF); 29| | // The 23 or 55 bits that should be cleared in the top word 30| 2.56M| constexpr W CLEARED_TOP_BITS = WordInfo::max ^ TOP_BITS; 31| | 32| | /* 33| | * Extract the high part of z (z >> 521) 34| | */ 35| 2.56M| std::array t; // NOLINT(*-member-init) 36| | 37| 25.6M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (37:28): [True: 23.0M, False: 2.56M] ------------------ 38| 23.0M| t[i] = z[(N - 1) + i] >> 9; 39| 23.0M| } 40| | 41| 23.0M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (41:28): [True: 20.5M, False: 2.56M] ------------------ 42| 20.5M| t[i] |= z[(N - 1) + i + 1] << (WordInfo::bits - 9); 43| 20.5M| } 44| | 45| | // Now t += z & (2**521-1) 46| 2.56M| W carry = 0; 47| 23.0M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (47:28): [True: 20.5M, False: 2.56M] ------------------ 48| 20.5M| t[i] = word_add(t[i], z[i], &carry); 49| 20.5M| } 50| | 51| | // Now add the (partial) top words; this can't carry out 52| | // since both inputs are at most 2**9-1 53| 2.56M| t[N - 1] += (z[N - 1] & TOP_BITS) + carry; 54| | 55| | /* 56| | Since the modulus P is exactly 2**521 - 1 the only way the computed 57| | result can be larger than P is if the top word is larger than TOP_BITS 58| | 59| | Since TOP_BITS has the low 9 bits set, we can check if t[N - 1] > TOP_BITS 60| | by checking if t[N - 1] >> 9 has any bits set. Doing it this way is 61| | faster than a standard comparison since CT::Mask::is_gt requires 62| | several bit operations. 63| | */ 64| | 65| 2.56M| const W is_over_p521 = ~CT::Mask::is_zero(t[N - 1] >> 9).value(); 66| | 67| | /* 68| | * Also must detect/handle x == P 69| | */ 70| 2.56M| const W is_eq_p521 = [&]() { 71| 2.56M| W sum = WordInfo::max; 72| 2.56M| for(size_t i = 0; i != N - 1; ++i) { 73| 2.56M| sum &= t[i]; 74| 2.56M| } 75| 2.56M| sum &= (CLEARED_TOP_BITS | t[N - 1]); 76| | 77| 2.56M| return CT::Mask::is_zero(sum ^ WordInfo::max).value(); 78| 2.56M| }(); 79| | 80| 2.56M| const W need_sub = is_over_p521 | is_eq_p521; 81| | 82| 2.56M| W borrow = 0; 83| 23.0M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (83:28): [True: 20.5M, False: 2.56M] ------------------ 84| 20.5M| t[i] = word_sub(t[i], need_sub & WordInfo::max, &borrow); 85| 20.5M| } 86| 2.56M| t[N - 1] = word_sub(t[N - 1], need_sub & TOP_BITS, &borrow); 87| | 88| 2.56M| return t; 89| 2.56M| } pcurves_secp521r1.cpp:_ZZN5Botan6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE4redcERKNSt3__15arrayImLm18EEEENKUlvE_clEv: 70| 2.56M| const W is_eq_p521 = [&]() { 71| 2.56M| W sum = WordInfo::max; 72| 23.0M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (72:31): [True: 20.5M, False: 2.56M] ------------------ 73| 20.5M| sum &= t[i]; 74| 20.5M| } 75| 2.56M| sum &= (CLEARED_TOP_BITS | t[N - 1]); 76| | 77| 2.56M| return CT::Mask::is_zero(sum ^ WordInfo::max).value(); 78| 2.56M| }(); pcurves_secp521r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp521r15Curve10fe_invert2ERKNS_6IntModINS2_7P521RepINS_13EllipticCurveINS2_6ParamsES5_E11FieldParamsEEEEE: 115| 872| static constexpr FieldElement fe_invert2(const FieldElement& x) { 116| | // Addition chain from https://eprint.iacr.org/2014/852.pdf page 6 117| | 118| 872| FieldElement r = x.square(); 119| 872| r *= x; 120| 872| r = r.square(); 121| 872| r *= x; 122| 872| FieldElement rl = r; 123| 872| r.square_n(3); 124| 872| r *= rl; 125| 872| r.square_n(1); 126| 872| r *= x; 127| 872| const auto a7 = r; 128| 872| r.square_n(1); 129| 872| r *= x; 130| 872| rl = r; 131| 872| r.square_n(8); 132| 872| r *= rl; 133| 872| rl = r; 134| 872| r.square_n(16); 135| 872| r *= rl; 136| 872| rl = r; 137| 872| r.square_n(32); 138| 872| r *= rl; 139| 872| rl = r; 140| 872| r.square_n(64); 141| 872| r *= rl; 142| 872| rl = r; 143| 872| r.square_n(128); 144| 872| r *= rl; 145| 872| rl = r; 146| 872| r.square_n(256); 147| 872| r *= rl; 148| 872| r.square_n(7); 149| 872| r *= a7; 150| 872| r.square_n(2); 151| | 152| 872| return r; 153| 872| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE8from_repERKNSt3__15arrayImLm9EEE: 95| 3.16k| constexpr static std::array from_rep(const std::array& z) { return z; } pcurves_secp521r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE6to_repERKNSt3__15arrayImLm9EEE: 91| 3.36k| constexpr static std::array to_rep(const std::array& x) { return x; } pcurves_secp521r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp521r15Curve7fe_sqrtERKNS_6IntModINS2_7P521RepINS_13EllipticCurveINS2_6ParamsES5_E11FieldParamsEEEEE: 155| 247| static constexpr FieldElement fe_sqrt(const FieldElement& x) { 156| 247| auto z = x; 157| 247| z.square_n(519); 158| 247| return z; 159| 247| } _ZN5Botan9AEAD_Mode15create_or_throwENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEENS_10Cipher_DirES5_: 51| 176| std::string_view provider) { 52| 176| if(auto aead = AEAD_Mode::create(algo, dir, provider)) { ------------------ | Branch (52:12): [True: 176, False: 0] ------------------ 53| 176| return aead; 54| 176| } 55| | 56| 0| throw Lookup_Error("AEAD", algo, provider); 57| 176|} _ZN5Botan9AEAD_Mode6createENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEENS_10Cipher_DirES5_: 59| 352|std::unique_ptr AEAD_Mode::create(std::string_view algo, Cipher_Dir dir, std::string_view provider) { 60| 352| BOTAN_UNUSED(provider); ------------------ | | 144| 352|#define BOTAN_UNUSED Botan::ignore_params ------------------ 61| 352|#if defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305) 62| 352| if(algo == "ChaCha20Poly1305") { ------------------ | Branch (62:7): [True: 0, False: 352] ------------------ 63| 0| if(dir == Cipher_Dir::Encryption) { ------------------ | Branch (63:10): [True: 0, False: 0] ------------------ 64| 0| return std::make_unique(); 65| 0| } else { 66| 0| return std::make_unique(); 67| 0| } 68| 0| } 69| 352|#endif 70| | 71| 352|#if defined(BOTAN_HAS_ASCON_AEAD128) 72| 352| if(algo == "Ascon-AEAD128") { ------------------ | Branch (72:7): [True: 0, False: 352] ------------------ 73| 0| if(dir == Cipher_Dir::Encryption) { ------------------ | Branch (73:10): [True: 0, False: 0] ------------------ 74| 0| return std::make_unique(); 75| 0| } else { 76| 0| return std::make_unique(); 77| 0| } 78| 0| } 79| 352|#endif 80| | 81| 352| if(algo.find('/') != std::string::npos) { ------------------ | Branch (81:7): [True: 176, False: 176] ------------------ 82| 176| const std::vector algo_parts = split_on(algo, '/'); 83| 176| const std::string_view cipher_name = algo_parts[0]; 84| 176| const std::vector mode_info = parse_algorithm_name(algo_parts[1]); 85| | 86| 176| if(mode_info.empty()) { ------------------ | Branch (86:10): [True: 0, False: 176] ------------------ 87| 0| return std::unique_ptr(); 88| 0| } 89| | 90| 176| std::ostringstream mode_name; 91| | 92| 176| mode_name << mode_info[0] << '(' << cipher_name; 93| 278| for(size_t i = 1; i < mode_info.size(); ++i) { ------------------ | Branch (93:25): [True: 102, False: 176] ------------------ 94| 102| mode_name << ',' << mode_info[i]; 95| 102| } 96| 176| for(size_t i = 2; i < algo_parts.size(); ++i) { ------------------ | Branch (96:25): [True: 0, False: 176] ------------------ 97| 0| mode_name << ',' << algo_parts[i]; 98| 0| } 99| 176| mode_name << ')'; 100| | 101| 176| return AEAD_Mode::create(mode_name.str(), dir); 102| 176| } 103| | 104| 176|#if defined(BOTAN_HAS_BLOCK_CIPHER) 105| | 106| 176| const SCAN_Name req(algo); 107| | 108| 176| if(req.arg_count() == 0) { ------------------ | Branch (108:7): [True: 0, False: 176] ------------------ 109| 0| return std::unique_ptr(); 110| 0| } 111| | 112| 176| auto bc = BlockCipher::create(req.arg(0), provider); 113| | 114| 176| if(!bc) { ------------------ | Branch (114:7): [True: 0, False: 176] ------------------ 115| 0| return std::unique_ptr(); 116| 0| } 117| | 118| 176| #if defined(BOTAN_HAS_AEAD_CCM) 119| 176| if(req.algo_name() == "CCM") { ------------------ | Branch (119:7): [True: 34, False: 142] ------------------ 120| 34| const size_t tag_len = req.arg_as_integer(1, 16); 121| 34| const size_t L_len = req.arg_as_integer(2, 3); 122| 34| if(dir == Cipher_Dir::Encryption) { ------------------ | Branch (122:10): [True: 6, False: 28] ------------------ 123| 6| return std::make_unique(std::move(bc), tag_len, L_len); 124| 28| } else { 125| 28| return std::make_unique(std::move(bc), tag_len, L_len); 126| 28| } 127| 34| } 128| 142| #endif 129| | 130| 142| #if defined(BOTAN_HAS_AEAD_GCM) 131| 142| if(req.algo_name() == "GCM") { ------------------ | Branch (131:7): [True: 62, False: 80] ------------------ 132| 62| const size_t tag_len = req.arg_as_integer(1, 16); 133| 62| if(dir == Cipher_Dir::Encryption) { ------------------ | Branch (133:10): [True: 9, False: 53] ------------------ 134| 9| return std::make_unique(std::move(bc), tag_len); 135| 53| } else { 136| 53| return std::make_unique(std::move(bc), tag_len); 137| 53| } 138| 62| } 139| 80| #endif 140| | 141| 80| #if defined(BOTAN_HAS_AEAD_OCB) 142| 80| if(req.algo_name() == "OCB") { ------------------ | Branch (142:7): [True: 80, False: 0] ------------------ 143| 80| const size_t tag_len = req.arg_as_integer(1, 16); 144| 80| if(dir == Cipher_Dir::Encryption) { ------------------ | Branch (144:10): [True: 29, False: 51] ------------------ 145| 29| return std::make_unique(std::move(bc), tag_len); 146| 51| } else { 147| 51| return std::make_unique(std::move(bc), tag_len); 148| 51| } 149| 80| } 150| 0| #endif 151| | 152| 0| #if defined(BOTAN_HAS_AEAD_EAX) 153| 0| if(req.algo_name() == "EAX") { ------------------ | Branch (153:7): [True: 0, False: 0] ------------------ 154| 0| const size_t tag_len = req.arg_as_integer(1, bc->block_size()); 155| 0| if(dir == Cipher_Dir::Encryption) { ------------------ | Branch (155:10): [True: 0, False: 0] ------------------ 156| 0| return std::make_unique(std::move(bc), tag_len); 157| 0| } else { 158| 0| return std::make_unique(std::move(bc), tag_len); 159| 0| } 160| 0| } 161| 0| #endif 162| | 163| 0| #if defined(BOTAN_HAS_AEAD_SIV) 164| 0| if(req.algo_name() == "SIV") { ------------------ | Branch (164:7): [True: 0, False: 0] ------------------ 165| 0| if(dir == Cipher_Dir::Encryption) { ------------------ | Branch (165:10): [True: 0, False: 0] ------------------ 166| 0| return std::make_unique(std::move(bc)); 167| 0| } else { 168| 0| return std::make_unique(std::move(bc)); 169| 0| } 170| 0| } 171| 0| #endif 172| | 173| 0|#endif 174| | 175| 0| return std::unique_ptr(); 176| 0|} _ZN5Botan8CCM_ModeC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEmm: 26| 34| m_tag_size(tag_size), m_L(L), m_cipher(std::move(cipher)) { 27| 34| if(m_cipher->block_size() != CCM_BS) { ------------------ | Branch (27:7): [True: 0, False: 34] ------------------ 28| 0| throw Invalid_Argument(m_cipher->name() + " cannot be used with CCM mode"); 29| 0| } 30| | 31| 34| if(L < 2 || L > 8) { ------------------ | Branch (31:7): [True: 0, False: 34] | Branch (31:16): [True: 0, False: 34] ------------------ 32| 0| throw Invalid_Argument(fmt("Invalid CCM L value {}", L)); 33| 0| } 34| | 35| 34| if(tag_size < 4 || tag_size > 16 || tag_size % 2 != 0) { ------------------ | Branch (35:7): [True: 0, False: 34] | Branch (35:23): [True: 0, False: 34] | Branch (35:40): [True: 0, False: 34] ------------------ 36| 0| throw Invalid_Argument(fmt("Invalid CCM tag length {}", tag_size)); 37| 0| } 38| 34|} _ZN5Botan8CCM_Mode5resetEv: 45| 11|void CCM_Mode::reset() { 46| 11| m_nonce.clear(); 47| 11| m_msg_buf.clear(); 48| 11| m_ad_buf.clear(); 49| 11|} _ZNK5Botan8CCM_Mode18valid_nonce_lengthEm: 55| 34|bool CCM_Mode::valid_nonce_length(size_t length) const { 56| 34| return (length == (15 - L())); 57| 34|} _ZNK5Botan8CCM_Mode8key_specEv: 76| 34|Key_Length_Specification CCM_Mode::key_spec() const { 77| 34| return m_cipher->key_spec(); 78| 34|} _ZN5Botan8CCM_Mode12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 84| 34|void CCM_Mode::key_schedule(std::span key) { 85| 34| m_cipher->set_key(key); 86| 34|} _ZN5Botan8CCM_Mode21set_associated_data_nEmNSt3__14spanIKhLm18446744073709551615EEE: 88| 34|void CCM_Mode::set_associated_data_n(size_t idx, std::span ad) { 89| 34| BOTAN_ARG_CHECK(idx == 0, "CCM: cannot handle non-zero index in set_associated_data_n"); ------------------ | | 35| 34| do { \ | | 36| 34| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 34| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 34] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 34| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 34] | | ------------------ ------------------ 90| | 91| 34| m_ad_buf.clear(); 92| | 93| 34| if(!ad.empty()) { ------------------ | Branch (93:7): [True: 34, False: 0] ------------------ 94| | // FIXME: support larger AD using length encoding rules 95| 34| BOTAN_ARG_CHECK(ad.size() < (0xFFFF - 0xFF), "Supported CCM AD length"); ------------------ | | 35| 34| do { \ | | 36| 34| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 34| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 34] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 34| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 34] | | ------------------ ------------------ 96| | 97| 34| m_ad_buf.push_back(get_byte<0>(static_cast(ad.size()))); 98| 34| m_ad_buf.push_back(get_byte<1>(static_cast(ad.size()))); 99| 34| m_ad_buf.insert(m_ad_buf.end(), ad.begin(), ad.end()); 100| 68| while(m_ad_buf.size() % CCM_BS != 0) { ------------------ | Branch (100:13): [True: 34, False: 34] ------------------ 101| 34| m_ad_buf.push_back(0); // pad with zeros to full block size 102| 34| } 103| 34| } 104| 34|} _ZN5Botan8CCM_Mode9start_msgEPKhm: 106| 34|void CCM_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) { 107| 34| if(!valid_nonce_length(nonce_len)) { ------------------ | Branch (107:7): [True: 0, False: 34] ------------------ 108| 0| throw Invalid_IV_Length(name(), nonce_len); 109| 0| } 110| | 111| 34| m_nonce.assign(nonce, nonce + nonce_len); 112| 34| m_msg_buf.clear(); 113| 34|} _ZN5Botan8CCM_Mode13encode_lengthEmPh: 130| 34|void CCM_Mode::encode_length(uint64_t len, uint8_t out[]) { 131| 34| const size_t len_bytes = L(); 132| | 133| 34| BOTAN_ASSERT_NOMSG(len_bytes >= 2 && len_bytes <= 8); ------------------ | | 77| 34| do { \ | | 78| 34| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 68| if(!(expr)) { \ | | ------------------ | | | Branch (79:12): [True: 34, False: 0] | | | Branch (79:12): [True: 34, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 34| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 34] | | ------------------ ------------------ 134| | 135| 136| for(size_t i = 0; i != len_bytes; ++i) { ------------------ | Branch (135:22): [True: 102, False: 34] ------------------ 136| 102| out[len_bytes - 1 - i] = get_byte_var(sizeof(uint64_t) - 1 - i, len); 137| 102| } 138| | 139| 34| if(len_bytes < 8 && (len >> (len_bytes * 8)) > 0) { ------------------ | Branch (139:7): [True: 34, False: 0] | Branch (139:24): [True: 0, False: 34] ------------------ 140| 0| throw Encoding_Error("CCM message length too long to encode in L field"); 141| 0| } 142| 34|} _ZN5Botan8CCM_Mode3incERNSt3__16vectorIhNS_16secure_allocatorIhEEEE: 144| 804|void CCM_Mode::inc(secure_vector& C) { 145| 805| for(size_t i = 0; i != C.size(); ++i) { ------------------ | Branch (145:22): [True: 805, False: 0] ------------------ 146| 805| uint8_t& b = C[C.size() - i - 1]; 147| 805| b += 1; 148| 805| if(b > 0) { ------------------ | Branch (148:10): [True: 804, False: 1] ------------------ 149| 804| break; 150| 804| } 151| 805| } 152| 804|} _ZN5Botan8CCM_Mode9format_b0Em: 154| 34|secure_vector CCM_Mode::format_b0(size_t sz) { 155| 34| if(m_nonce.size() != 15 - L()) { ------------------ | Branch (155:7): [True: 0, False: 34] ------------------ 156| 0| throw Invalid_State("CCM mode must set nonce"); 157| 0| } 158| 34| secure_vector B0(CCM_BS); 159| | 160| 34| const uint8_t b_flags = 161| 34| static_cast((!m_ad_buf.empty() ? 64 : 0) + (((tag_size() / 2) - 1) << 3) + (L() - 1)); ------------------ | Branch (161:29): [True: 34, False: 0] ------------------ 162| | 163| 34| B0[0] = b_flags; 164| 34| copy_mem(&B0[1], m_nonce.data(), m_nonce.size()); 165| 34| encode_length(sz, &B0[m_nonce.size() + 1]); 166| | 167| 34| return B0; 168| 34|} _ZN5Botan8CCM_Mode9format_c0Ev: 170| 34|secure_vector CCM_Mode::format_c0() { 171| 34| if(m_nonce.size() != 15 - L()) { ------------------ | Branch (171:7): [True: 0, False: 34] ------------------ 172| 0| throw Invalid_State("CCM mode must set nonce"); 173| 0| } 174| 34| secure_vector C(CCM_BS); 175| | 176| 34| const uint8_t a_flags = static_cast(L() - 1); 177| | 178| 34| C[0] = a_flags; 179| 34| copy_mem(&C[1], m_nonce.data(), m_nonce.size()); 180| | 181| 34| return C; 182| 34|} _ZN5Botan14CCM_Encryption10finish_msgERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 184| 11|void CCM_Encryption::finish_msg(secure_vector& buffer, size_t offset) { 185| 11| BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range"); ------------------ | | 35| 11| do { \ | | 36| 11| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 11| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 11] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 11| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 11] | | ------------------ ------------------ 186| | 187| 11| buffer.insert(buffer.begin() + offset, msg_buf().begin(), msg_buf().end()); 188| | 189| 11| const size_t sz = buffer.size() - offset; 190| 11| uint8_t* buf = buffer.data() + offset; 191| | 192| 11| const secure_vector& ad = ad_buf(); 193| 11| BOTAN_ARG_CHECK(ad.size() % CCM_BS == 0, "AD is block size multiple"); ------------------ | | 35| 11| do { \ | | 36| 11| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 11| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 11] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 11| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 11] | | ------------------ ------------------ 194| | 195| 11| const BlockCipher& E = cipher(); 196| | 197| 11| secure_vector T(CCM_BS); 198| 11| E.encrypt(format_b0(sz), T); 199| | 200| 22| for(size_t i = 0; i != ad.size(); i += CCM_BS) { ------------------ | Branch (200:22): [True: 11, False: 11] ------------------ 201| 11| xor_buf(T.data(), &ad[i], CCM_BS); 202| 11| E.encrypt(T); 203| 11| } 204| | 205| 11| secure_vector C = format_c0(); 206| 11| secure_vector S0(CCM_BS); 207| 11| E.encrypt(C, S0); 208| 11| inc(C); 209| | 210| 11| secure_vector X(CCM_BS); 211| | 212| 11| const uint8_t* buf_end = &buf[sz]; 213| | 214| 22| while(buf != buf_end) { ------------------ | Branch (214:10): [True: 11, False: 11] ------------------ 215| 11| const size_t to_proc = std::min(CCM_BS, buf_end - buf); 216| | 217| 11| xor_buf(T.data(), buf, to_proc); 218| 11| E.encrypt(T); 219| | 220| 11| E.encrypt(C, X); 221| 11| xor_buf(buf, X.data(), to_proc); 222| 11| inc(C); 223| | 224| 11| buf += to_proc; 225| 11| } 226| | 227| 11| T ^= S0; 228| | 229| 11| buffer += std::make_pair(T.data(), tag_size()); 230| | 231| 11| reset(); 232| 11|} _ZN5Botan14CCM_Decryption10finish_msgERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 234| 23|void CCM_Decryption::finish_msg(secure_vector& buffer, size_t offset) { 235| 23| BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range"); ------------------ | | 35| 23| do { \ | | 36| 23| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 23| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 23] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 23| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 23] | | ------------------ ------------------ 236| | 237| 23| buffer.insert(buffer.begin() + offset, msg_buf().begin(), msg_buf().end()); 238| | 239| 23| const size_t sz = buffer.size() - offset; 240| 23| uint8_t* buf = buffer.data() + offset; 241| | 242| 23| BOTAN_ARG_CHECK(sz >= tag_size(), "input did not include the tag"); ------------------ | | 35| 23| do { \ | | 36| 23| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 23| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 23] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 23| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 23] | | ------------------ ------------------ 243| | 244| 23| const secure_vector& ad = ad_buf(); 245| 23| BOTAN_ARG_CHECK(ad.size() % CCM_BS == 0, "AD is block size multiple"); ------------------ | | 35| 23| do { \ | | 36| 23| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 23| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 23] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 23| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 23] | | ------------------ ------------------ 246| | 247| 23| const BlockCipher& E = cipher(); 248| | 249| 23| secure_vector T(CCM_BS); 250| 23| E.encrypt(format_b0(sz - tag_size()), T); 251| | 252| 46| for(size_t i = 0; i != ad.size(); i += CCM_BS) { ------------------ | Branch (252:22): [True: 23, False: 23] ------------------ 253| 23| xor_buf(T.data(), &ad[i], CCM_BS); 254| 23| E.encrypt(T); 255| 23| } 256| | 257| 23| secure_vector C = format_c0(); 258| | 259| 23| secure_vector S0(CCM_BS); 260| 23| E.encrypt(C, S0); 261| 23| inc(C); 262| | 263| 23| secure_vector X(CCM_BS); 264| | 265| 23| const uint8_t* buf_end = &buf[sz - tag_size()]; 266| | 267| 782| while(buf != buf_end) { ------------------ | Branch (267:10): [True: 759, False: 23] ------------------ 268| 759| const size_t to_proc = std::min(CCM_BS, buf_end - buf); 269| | 270| 759| E.encrypt(C, X); 271| 759| xor_buf(buf, X.data(), to_proc); 272| 759| inc(C); 273| | 274| 759| xor_buf(T.data(), buf, to_proc); 275| 759| E.encrypt(T); 276| | 277| 759| buf += to_proc; 278| 759| } 279| | 280| 23| T ^= S0; 281| | 282| 23| if(!CT::is_equal(T.data(), buf_end, tag_size()).as_bool()) { ------------------ | Branch (282:7): [True: 23, False: 0] ------------------ 283| 23| clear_mem(std::span{buffer}.subspan(offset, sz - tag_size())); 284| 23| throw Invalid_Authentication_Tag("CCM tag check failed"); 285| 23| } 286| | 287| 0| buffer.resize(buffer.size() - tag_size()); 288| | 289| 0| reset(); 290| 0|} _ZN5Botan8GCM_ModeC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEm: 26| 62| m_tag_size(tag_size), m_cipher_name(cipher->name()) { 27| 62| if(cipher->block_size() != GCM_BS) { ------------------ | Branch (27:7): [True: 0, False: 62] ------------------ 28| 0| throw Invalid_Argument("Invalid block cipher for GCM"); 29| 0| } 30| | 31| | /* We allow any of the values 128, 120, 112, 104, or 96 bits as a tag size */ 32| | /* 64 bit tag is still supported but deprecated and will be removed in the future */ 33| 62| if(m_tag_size != 8 && (m_tag_size < 12 || m_tag_size > 16)) { ------------------ | Branch (33:7): [True: 62, False: 0] | Branch (33:27): [True: 0, False: 62] | Branch (33:46): [True: 0, False: 62] ------------------ 34| 0| throw Invalid_Argument(fmt("{} cannot use a tag of {} bytes", name(), m_tag_size)); 35| 0| } 36| | 37| 62| m_ctr = std::make_unique(std::move(cipher), 4); 38| 62| m_ghash = std::make_unique(); 39| 62|} _ZN5Botan8GCM_ModeD2Ev: 41| 62|GCM_Mode::~GCM_Mode() = default; _ZNK5Botan8GCM_Mode18valid_nonce_lengthEm: 69| 61|bool GCM_Mode::valid_nonce_length(size_t len) const { 70| | // GCM does not support empty nonces 71| 61| return (len > 0); 72| 61|} _ZNK5Botan8GCM_Mode8key_specEv: 74| 62|Key_Length_Specification GCM_Mode::key_spec() const { 75| 62| return m_ctr->key_spec(); 76| 62|} _ZN5Botan8GCM_Mode12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 82| 62|void GCM_Mode::key_schedule(std::span key) { 83| 62| m_ctr->set_key(key); 84| | 85| 62| std::array zeros{}; 86| 62| m_ctr->set_iv(zeros); 87| | 88| 62| uint8_t H[GCM_BS] = {0}; 89| 62| m_ctr->encipher(H); 90| 62| m_ghash->set_key(H); 91| 62|} _ZN5Botan8GCM_Mode21set_associated_data_nEmNSt3__14spanIKhLm18446744073709551615EEE: 93| 61|void GCM_Mode::set_associated_data_n(size_t idx, std::span ad) { 94| 61| BOTAN_ARG_CHECK(idx == 0, "GCM: cannot handle non-zero index in set_associated_data_n"); ------------------ | | 35| 61| do { \ | | 36| 61| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 61| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 61] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 61| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 61] | | ------------------ ------------------ 95| 61| m_ghash->set_associated_data(ad); 96| 61|} _ZN5Botan8GCM_Mode9start_msgEPKhm: 98| 61|void GCM_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) { 99| 61| if(!valid_nonce_length(nonce_len)) { ------------------ | Branch (99:7): [True: 0, False: 61] ------------------ 100| 0| throw Invalid_IV_Length(name(), nonce_len); 101| 0| } 102| | 103| 61| std::array y0 = {}; 104| | 105| 61| if(nonce_len == 12) { ------------------ | Branch (105:7): [True: 61, False: 0] ------------------ 106| 61| copy_mem(y0.data(), nonce, nonce_len); 107| 61| y0[15] = 1; 108| 61| } else { 109| 0| m_ghash->nonce_hash(std::span(y0), {nonce, nonce_len}); 110| 0| } 111| | 112| 61| m_ctr->set_iv(y0.data(), y0.size()); 113| | 114| 61| clear_mem(y0.data(), y0.size()); 115| 61| m_ctr->encipher(y0); 116| | 117| 61| m_ghash->start(y0); 118| 61| secure_scrub_memory(y0); 119| 61|} _ZN5Botan14GCM_Encryption10finish_msgERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 128| 17|void GCM_Encryption::finish_msg(secure_vector& buffer, size_t offset) { 129| 17| BOTAN_ARG_CHECK(offset <= buffer.size(), "Invalid offset"); ------------------ | | 35| 17| do { \ | | 36| 17| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 17| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 17] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 17| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 17] | | ------------------ ------------------ 130| 17| const size_t sz = buffer.size() - offset; 131| 17| uint8_t* buf = buffer.data() + offset; 132| | 133| 17| m_ctr->cipher(buf, buf, sz); 134| 17| m_ghash->update({buf, sz}); 135| | 136| 17| std::array mac = {0}; 137| 17| m_ghash->final(std::span(mac).first(tag_size())); 138| 17| buffer += std::make_pair(mac.data(), tag_size()); 139| 17|} _ZN5Botan14GCM_Decryption10finish_msgERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 148| 44|void GCM_Decryption::finish_msg(secure_vector& buffer, size_t offset) { 149| 44| BOTAN_ARG_CHECK(offset <= buffer.size(), "Invalid offset"); ------------------ | | 35| 44| do { \ | | 36| 44| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 44| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 44] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 44| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 44] | | ------------------ ------------------ 150| 44| const size_t sz = buffer.size() - offset; 151| 44| uint8_t* buf = buffer.data() + offset; 152| | 153| 44| BOTAN_ARG_CHECK(sz >= tag_size(), "input did not include the tag"); ------------------ | | 35| 44| do { \ | | 36| 44| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 44| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 44] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 44| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 44] | | ------------------ ------------------ 154| | 155| 44| const size_t remaining = sz - tag_size(); 156| | 157| | // handle any final input before the tag 158| 44| if(remaining > 0) { ------------------ | Branch (158:7): [True: 43, False: 1] ------------------ 159| 43| m_ghash->update({buf, remaining}); 160| 43| m_ctr->cipher(buf, buf, remaining); 161| 43| } 162| | 163| 44| std::array mac = {0}; 164| 44| m_ghash->final(std::span(mac).first(tag_size())); 165| | 166| 44| const uint8_t* included_tag = &buffer[remaining + offset]; 167| | 168| 44| if(!CT::is_equal(mac.data(), included_tag, tag_size()).as_bool()) { ------------------ | Branch (168:7): [True: 44, False: 0] ------------------ 169| 44| clear_mem(std::span{buffer}.subspan(offset, remaining)); 170| 44| throw Invalid_Authentication_Tag("GCM tag check failed"); 171| 44| } 172| | 173| 0| buffer.resize(offset + remaining); 174| 0|} _ZN5Botan8OCB_ModeC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEm: 163| 80| m_cipher(std::move(cipher)), 164| 80| m_checksum(m_cipher->parallel_bytes()), 165| 80| m_ad_hash(m_cipher->block_size()), 166| 80| m_tag_size(tag_size), 167| 80| m_block_size(m_cipher->block_size()), 168| 80| m_par_blocks(m_cipher->parallel_bytes() / m_block_size) { 169| 80| const size_t BS = block_size(); 170| | 171| | /* 172| | * draft-krovetz-ocb-wide-d1 specifies OCB for several other block 173| | * sizes but only 128, 192, 256 and 512 bit are currently supported 174| | * by this implementation. 175| | */ 176| 80| BOTAN_ARG_CHECK(BS == 16 || BS == 24 || BS == 32 || BS == 64, "Invalid block size for OCB"); ------------------ | | 35| 80| do { \ | | 36| 80| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 240| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 80, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 80| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 80] | | ------------------ ------------------ 177| | 178| 80| BOTAN_ARG_CHECK(m_tag_size % 4 == 0 && m_tag_size >= 8 && m_tag_size <= BS && m_tag_size <= 32, ------------------ | | 35| 80| do { \ | | 36| 80| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 480| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 80, False: 0] | | | Branch (37:12): [True: 80, False: 0] | | | Branch (37:12): [True: 80, False: 0] | | | Branch (37:12): [True: 80, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 80| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 80] | | ------------------ ------------------ 179| 80| "Invalid OCB tag length"); 180| 80|} _ZN5Botan8OCB_ModeD2Ev: 182| 80|OCB_Mode::~OCB_Mode() = default; _ZNK5Botan8OCB_Mode18valid_nonce_lengthEm: 200| 91|bool OCB_Mode::valid_nonce_length(size_t length) const { 201| 91| if(length == 0) { ------------------ | Branch (201:7): [True: 0, False: 91] ------------------ 202| 0| return false; 203| 0| } 204| 91| if(block_size() == 16) { ------------------ | Branch (204:7): [True: 91, False: 0] ------------------ 205| 91| return length < 16; 206| 91| } else { 207| 0| return length < (block_size() - 1); 208| 0| } 209| 91|} _ZNK5Botan8OCB_Mode8key_specEv: 223| 80|Key_Length_Specification OCB_Mode::key_spec() const { 224| 80| return m_cipher->key_spec(); 225| 80|} _ZNK5Botan8OCB_Mode19has_keying_materialEv: 227| 363|bool OCB_Mode::has_keying_material() const { 228| 363| return m_cipher->has_keying_material(); 229| 363|} _ZN5Botan8OCB_Mode12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 231| 80|void OCB_Mode::key_schedule(std::span key) { 232| 80| m_cipher->set_key(key); 233| 80| m_L = std::make_unique(*m_cipher); 234| 80|} _ZN5Botan8OCB_Mode21set_associated_data_nEmNSt3__14spanIKhLm18446744073709551615EEE: 236| 91|void OCB_Mode::set_associated_data_n(size_t idx, std::span ad) { 237| 91| BOTAN_ARG_CHECK(idx == 0, "OCB: cannot handle non-zero index in set_associated_data_n"); ------------------ | | 35| 91| do { \ | | 36| 91| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 91| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 91] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 91| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 91] | | ------------------ ------------------ 238| 91| assert_key_material_set(); 239| 91| m_ad_hash = ocb_hash(*m_L, *m_cipher, ad.data(), ad.size()); 240| 91|} _ZN5Botan8OCB_Mode12update_nonceEPKhm: 242| 91|const secure_vector& OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len) { 243| 91| const size_t BS = block_size(); 244| | 245| 91| BOTAN_ASSERT(BS == 16 || BS == 24 || BS == 32 || BS == 64, "OCB block size is supported"); ------------------ | | 64| 91| do { \ | | 65| 91| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 273| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 91, False: 0] | | | Branch (66:12): [True: 0, False: 0] | | | Branch (66:12): [True: 0, False: 0] | | | Branch (66:12): [True: 0, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 91| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 91] | | ------------------ ------------------ 246| | 247| | // NOLINTNEXTLINE(readability-avoid-nested-conditional-operator) 248| 91| const size_t MASKLEN = (BS == 16 ? 6 : ((BS == 24) ? 7 : 8)); ------------------ | Branch (248:28): [True: 91, False: 0] | Branch (248:44): [True: 0, False: 0] ------------------ 249| | 250| 91| const uint8_t BOTTOM_MASK = static_cast((static_cast(1) << MASKLEN) - 1); 251| | 252| 91| m_nonce_buf.resize(BS); 253| 91| clear_mem(m_nonce_buf.data(), m_nonce_buf.size()); 254| | 255| 91| copy_mem(&m_nonce_buf[BS - nonce_len], nonce, nonce_len); 256| 91| m_nonce_buf[0] = static_cast(((tag_size() * 8) % (BS * 8)) << (BS <= 16 ? 1 : 0)); ------------------ | Branch (256:76): [True: 91, False: 0] ------------------ 257| | 258| 91| m_nonce_buf[BS - nonce_len - 1] ^= 1; 259| | 260| 91| const uint8_t bottom = m_nonce_buf[BS - 1] & BOTTOM_MASK; 261| 91| m_nonce_buf[BS - 1] &= ~BOTTOM_MASK; 262| | 263| 91| const bool need_new_stretch = (m_last_nonce != m_nonce_buf); 264| | 265| 91| if(need_new_stretch) { ------------------ | Branch (265:7): [True: 66, False: 25] ------------------ 266| 66| m_last_nonce = m_nonce_buf; 267| | 268| 66| m_cipher->encrypt(m_nonce_buf); 269| | 270| | /* 271| | The loop bounds (BS vs BS/2) are derived from the relation 272| | between the block size and the MASKLEN. Using the terminology 273| | of draft-krovetz-ocb-wide, we have to derive enough bits in 274| | ShiftedKtop to read up to BLOCKLEN+bottom bits from Stretch. 275| | 276| | +----------+---------+-------+---------+ 277| | | BLOCKLEN | RESIDUE | SHIFT | MASKLEN | 278| | +----------+---------+-------+---------+ 279| | | 32 | 141 | 17 | 4 | 280| | | 64 | 27 | 25 | 5 | 281| | | 96 | 1601 | 33 | 6 | 282| | | 128 | 135 | 8 | 6 | 283| | | 192 | 135 | 40 | 7 | 284| | | 256 | 1061 | 1 | 8 | 285| | | 384 | 4109 | 80 | 8 | 286| | | 512 | 293 | 176 | 8 | 287| | | 1024 | 524355 | 352 | 9 | 288| | +----------+---------+-------+---------+ 289| | */ 290| 66| if(BS == 16) { ------------------ | Branch (290:10): [True: 66, False: 0] ------------------ 291| 594| for(size_t i = 0; i != BS / 2; ++i) { ------------------ | Branch (291:28): [True: 528, False: 66] ------------------ 292| 528| m_nonce_buf.push_back(m_nonce_buf[i] ^ m_nonce_buf[i + 1]); 293| 528| } 294| 66| } else if(BS == 24) { ------------------ | Branch (294:17): [True: 0, False: 0] ------------------ 295| 0| for(size_t i = 0; i != 16; ++i) { ------------------ | Branch (295:28): [True: 0, False: 0] ------------------ 296| 0| m_nonce_buf.push_back(m_nonce_buf[i] ^ m_nonce_buf[i + 5]); 297| 0| } 298| 0| } else if(BS == 32) { ------------------ | Branch (298:17): [True: 0, False: 0] ------------------ 299| 0| for(size_t i = 0; i != BS; ++i) { ------------------ | Branch (299:28): [True: 0, False: 0] ------------------ 300| 0| m_nonce_buf.push_back(m_nonce_buf[i] ^ (m_nonce_buf[i] << 1) ^ (m_nonce_buf[i + 1] >> 7)); 301| 0| } 302| 0| } else if(BS == 64) { ------------------ | Branch (302:17): [True: 0, False: 0] ------------------ 303| 0| for(size_t i = 0; i != BS / 2; ++i) { ------------------ | Branch (303:28): [True: 0, False: 0] ------------------ 304| 0| m_nonce_buf.push_back(m_nonce_buf[i] ^ m_nonce_buf[i + 22]); 305| 0| } 306| 0| } 307| | 308| 66| m_stretch = m_nonce_buf; 309| 66| } 310| | 311| | // now set the offset from stretch and bottom 312| 91| const size_t shift_bytes = bottom / 8; 313| 91| const size_t shift_bits = bottom % 8; 314| | 315| 91| BOTAN_ASSERT(m_stretch.size() >= BS + shift_bytes + 1, "Size ok"); ------------------ | | 64| 91| do { \ | | 65| 91| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 91| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 91] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 91| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 91] | | ------------------ ------------------ 316| | 317| 91| m_offset.resize(BS); 318| 1.54k| for(size_t i = 0; i != BS; ++i) { ------------------ | Branch (318:22): [True: 1.45k, False: 91] ------------------ 319| 1.45k| m_offset[i] = (m_stretch[i + shift_bytes] << shift_bits); 320| 1.45k| m_offset[i] |= (m_stretch[i + shift_bytes + 1] >> (8 - shift_bits)); 321| 1.45k| } 322| | 323| 91| return m_offset; 324| 91|} _ZN5Botan8OCB_Mode9start_msgEPKhm: 326| 91|void OCB_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) { 327| 91| if(!valid_nonce_length(nonce_len)) { ------------------ | Branch (327:7): [True: 0, False: 91] ------------------ 328| 0| throw Invalid_IV_Length(name(), nonce_len); 329| 0| } 330| | 331| 91| assert_key_material_set(); 332| | 333| 91| m_L->init(update_nonce(nonce, nonce_len)); 334| 91| zeroise(m_checksum); 335| 91| m_block_index = 0; 336| 91|} _ZN5Botan14OCB_Encryption7encryptEPhm: 338| 54|void OCB_Encryption::encrypt(uint8_t buffer[], size_t blocks) { 339| 54| assert_key_material_set(); 340| 54| BOTAN_STATE_CHECK(m_L->initialized()); ------------------ | | 51| 54| do { \ | | 52| 54| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 54| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 54] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 54| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 54] | | ------------------ ------------------ 341| | 342| 54| const size_t BS = block_size(); 343| | 344| 83| while(blocks > 0) { ------------------ | Branch (344:10): [True: 29, False: 54] ------------------ 345| 29| const size_t proc_blocks = std::min(blocks, par_blocks()); 346| 29| const size_t proc_bytes = proc_blocks * BS; 347| | 348| 29| const uint8_t* offsets = m_L->compute_offsets(m_block_index, proc_blocks); 349| | 350| 29| xor_buf(m_checksum.data(), buffer, proc_bytes); 351| | 352| 29| xor_buf(buffer, offsets, proc_bytes); 353| 29| m_cipher->encrypt_n(buffer, buffer, proc_blocks); 354| 29| xor_buf(buffer, offsets, proc_bytes); 355| | 356| 29| buffer += proc_bytes; 357| 29| blocks -= proc_blocks; 358| 29| m_block_index += proc_blocks; 359| 29| } 360| 54|} _ZN5Botan14OCB_Encryption10finish_msgERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 368| 54|void OCB_Encryption::finish_msg(secure_vector& buffer, size_t offset) { 369| 54| assert_key_material_set(); 370| 54| BOTAN_STATE_CHECK(m_L->initialized()); ------------------ | | 51| 54| do { \ | | 52| 54| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 54| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 54] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 54| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 54] | | ------------------ ------------------ 371| | 372| 54| const size_t BS = block_size(); 373| | 374| 54| BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range"); ------------------ | | 35| 54| do { \ | | 36| 54| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 54| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 54] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 54| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 54] | | ------------------ ------------------ 375| 54| const size_t sz = buffer.size() - offset; 376| 54| uint8_t* buf = buffer.data() + offset; 377| | 378| 54| secure_vector mac(BS); 379| | 380| 54| if(sz > 0) { ------------------ | Branch (380:7): [True: 54, False: 0] ------------------ 381| 54| const size_t final_full_blocks = sz / BS; 382| 54| const size_t remainder_bytes = sz - (final_full_blocks * BS); 383| | 384| 54| encrypt(buf, final_full_blocks); 385| 54| mac = m_L->offset(); 386| | 387| 54| if(remainder_bytes > 0) { ------------------ | Branch (387:10): [True: 25, False: 29] ------------------ 388| 25| BOTAN_ASSERT(remainder_bytes < BS, "Only a partial block left"); ------------------ | | 64| 25| do { \ | | 65| 25| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 25| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 25] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 25| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 25] | | ------------------ ------------------ 389| 25| uint8_t* remainder = &buf[sz - remainder_bytes]; 390| | 391| 25| xor_buf(m_checksum.data(), remainder, remainder_bytes); 392| 25| m_checksum[remainder_bytes] ^= 0x80; 393| | 394| | // Offset_* 395| 25| mac ^= m_L->star(); 396| | 397| 25| secure_vector pad(BS); 398| 25| m_cipher->encrypt(mac, pad); 399| 25| xor_buf(remainder, pad.data(), remainder_bytes); 400| 25| } 401| 54| } else { 402| 0| mac = m_L->offset(); 403| 0| } 404| | 405| | // now compute the tag 406| | 407| | // fold checksum 408| 918| for(size_t i = 0; i != m_checksum.size(); i += BS) { ------------------ | Branch (408:22): [True: 864, False: 54] ------------------ 409| 864| xor_buf(mac.data(), m_checksum.data() + i, BS); 410| 864| } 411| | 412| 54| xor_buf(mac.data(), m_L->dollar().data(), BS); 413| 54| m_cipher->encrypt(mac); 414| 54| xor_buf(mac.data(), m_ad_hash.data(), BS); 415| | 416| 54| buffer += std::make_pair(mac.data(), tag_size()); 417| | 418| 54| zeroise(m_checksum); 419| 54| m_block_index = 0; 420| 54|} _ZN5Botan14OCB_Decryption7decryptEPhm: 422| 36|void OCB_Decryption::decrypt(uint8_t buffer[], size_t blocks) { 423| 36| assert_key_material_set(); 424| 36| BOTAN_STATE_CHECK(m_L->initialized()); ------------------ | | 51| 36| do { \ | | 52| 36| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 36| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 36] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 36| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 36] | | ------------------ ------------------ 425| | 426| 36| const size_t BS = block_size(); 427| | 428| 205| while(blocks > 0) { ------------------ | Branch (428:10): [True: 169, False: 36] ------------------ 429| 169| const size_t proc_blocks = std::min(blocks, par_blocks()); 430| 169| const size_t proc_bytes = proc_blocks * BS; 431| | 432| 169| const uint8_t* offsets = m_L->compute_offsets(m_block_index, proc_blocks); 433| | 434| 169| xor_buf(buffer, offsets, proc_bytes); 435| 169| m_cipher->decrypt_n(buffer, buffer, proc_blocks); 436| 169| xor_buf(buffer, offsets, proc_bytes); 437| | 438| 169| xor_buf(m_checksum.data(), buffer, proc_bytes); 439| | 440| 169| buffer += proc_bytes; 441| 169| blocks -= proc_blocks; 442| 169| m_block_index += proc_blocks; 443| 169| } 444| 36|} _ZN5Botan14OCB_Decryption10finish_msgERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 452| 37|void OCB_Decryption::finish_msg(secure_vector& buffer, size_t offset) { 453| 37| assert_key_material_set(); 454| 37| BOTAN_STATE_CHECK(m_L->initialized()); ------------------ | | 51| 37| do { \ | | 52| 37| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 37| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 37] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 37| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 37] | | ------------------ ------------------ 455| | 456| 37| const size_t BS = block_size(); 457| | 458| 37| BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range"); ------------------ | | 35| 37| do { \ | | 36| 37| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 37| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 37] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 37| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 37] | | ------------------ ------------------ 459| 37| const size_t sz = buffer.size() - offset; 460| 37| uint8_t* buf = buffer.data() + offset; 461| | 462| 37| BOTAN_ARG_CHECK(sz >= tag_size(), "input did not include the tag"); ------------------ | | 35| 37| do { \ | | 36| 37| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 37| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 37] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 37| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 37] | | ------------------ ------------------ 463| | 464| 37| const size_t remaining = sz - tag_size(); 465| | 466| 37| secure_vector mac(BS); 467| | 468| 37| if(remaining > 0) { ------------------ | Branch (468:7): [True: 36, False: 1] ------------------ 469| 36| const size_t final_full_blocks = remaining / BS; 470| 36| const size_t final_bytes = remaining - (final_full_blocks * BS); 471| | 472| 36| decrypt(buf, final_full_blocks); 473| 36| mac ^= m_L->offset(); 474| | 475| 36| if(final_bytes > 0) { ------------------ | Branch (475:10): [True: 31, False: 5] ------------------ 476| 31| BOTAN_ASSERT(final_bytes < BS, "Only a partial block left"); ------------------ | | 64| 31| do { \ | | 65| 31| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 31| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 31] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 31| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 31] | | ------------------ ------------------ 477| | 478| 31| uint8_t* remainder = &buf[remaining - final_bytes]; 479| | 480| 31| mac ^= m_L->star(); 481| 31| secure_vector pad(BS); 482| 31| m_cipher->encrypt(mac, pad); // P_* 483| 31| xor_buf(remainder, pad.data(), final_bytes); 484| | 485| 31| xor_buf(m_checksum.data(), remainder, final_bytes); 486| 31| m_checksum[final_bytes] ^= 0x80; 487| 31| } 488| 36| } else { 489| 1| mac = m_L->offset(); 490| 1| } 491| | 492| | // compute the mac 493| | 494| | // fold checksum 495| 629| for(size_t i = 0; i != m_checksum.size(); i += BS) { ------------------ | Branch (495:22): [True: 592, False: 37] ------------------ 496| 592| xor_buf(mac.data(), m_checksum.data() + i, BS); 497| 592| } 498| | 499| 37| mac ^= m_L->dollar(); 500| 37| m_cipher->encrypt(mac); 501| 37| mac ^= m_ad_hash; 502| | 503| | // reset state 504| 37| zeroise(m_checksum); 505| 37| m_block_index = 0; 506| | 507| | // compare mac 508| 37| const uint8_t* included_tag = &buf[remaining]; 509| | 510| 37| if(!CT::is_equal(mac.data(), included_tag, tag_size()).as_bool()) { ------------------ | Branch (510:7): [True: 37, False: 0] ------------------ 511| 37| clear_mem(std::span{buffer}.subspan(offset, remaining)); 512| 37| throw Invalid_Authentication_Tag("OCB tag check failed"); 513| 37| } 514| | 515| | // remove tag from end of message 516| 0| buffer.resize(remaining + offset); 517| 0|} ocb.cpp:_ZN5Botan12_GLOBAL__N_18ocb_hashERKNS_10L_computerERKNS_11BlockCipherEPKhm: 129| 91|secure_vector ocb_hash(const L_computer& L, const BlockCipher& cipher, const uint8_t ad[], size_t ad_len) { 130| 91| const size_t BS = cipher.block_size(); 131| 91| secure_vector sum(BS); 132| 91| secure_vector offset(BS); 133| | 134| 91| secure_vector buf(BS); 135| | 136| 91| const size_t ad_blocks = (ad_len / BS); 137| 91| const size_t ad_remainder = (ad_len % BS); 138| | 139| 91| for(size_t i = 0; i != ad_blocks; ++i) { ------------------ | Branch (139:22): [True: 0, False: 91] ------------------ 140| | // this loop could run in parallel 141| 0| offset ^= L.get(var_ctz64(i + 1)); 142| 0| buf = offset; 143| 0| xor_buf(buf.data(), &ad[BS * i], BS); 144| 0| cipher.encrypt(buf); 145| 0| sum ^= buf; 146| 0| } 147| | 148| 91| if(ad_remainder > 0) { ------------------ | Branch (148:7): [True: 91, False: 0] ------------------ 149| 91| offset ^= L.star(); 150| 91| buf = offset; 151| 91| xor_buf(buf.data(), &ad[BS * ad_blocks], ad_remainder); 152| 91| buf[ad_remainder] ^= 0x80; 153| 91| cipher.encrypt(buf); 154| 91| sum ^= buf; 155| 91| } 156| | 157| 91| return sum; 158| 91|} _ZNK5Botan10L_computer3getEm: 58| 1.07k| const secure_vector& get(size_t i) const { 59| 1.08k| while(m_L.size() <= i) { ------------------ | Branch (59:16): [True: 3, False: 1.07k] ------------------ 60| 3| m_L.push_back(poly_double(m_L.back())); 61| 3| } 62| | 63| 1.07k| return m_L[i]; 64| 1.07k| } _ZN5Botan10L_computer11poly_doubleERKNSt3__16vectorIhNS_16secure_allocatorIhEEEE: 111| 723| static secure_vector poly_double(const secure_vector& in) { 112| 723| secure_vector out(in.size()); 113| 723| poly_double_n(out.data(), in.data(), out.size()); 114| 723| return out; 115| 723| } _ZN5Botan10L_computer4initERKNSt3__16vectorIhNS_16secure_allocatorIhEEEE: 48| 91| void init(const secure_vector& offset) { m_offset = offset; } _ZNK5Botan10L_computer11initializedEv: 50| 181| bool initialized() const { return !m_offset.empty(); } _ZN5Botan10L_computer15compute_offsetsEmm: 66| 198| const uint8_t* compute_offsets(uint64_t block_index, size_t blocks) { 67| 198| BOTAN_ASSERT(blocks <= m_max_blocks, "OCB offsets"); ------------------ | | 64| 198| do { \ | | 65| 198| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 198| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 198] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 198| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 198] | | ------------------ ------------------ 68| | 69| 198| uint8_t* offsets = m_offset_buf.data(); 70| | 71| 198| if(block_index % 4 == 0) { ------------------ | Branch (71:13): [True: 198, False: 0] ------------------ 72| 198| const secure_vector& L0 = get(0); 73| 198| const secure_vector& L1 = get(1); 74| | 75| 788| while(blocks >= 4) { ------------------ | Branch (75:19): [True: 590, False: 198] ------------------ 76| | // ntz(4*i+1) == 0 77| | // ntz(4*i+2) == 1 78| | // ntz(4*i+3) == 0 79| 590| block_index += 4; 80| 590| const size_t ntz4 = var_ctz64(block_index); 81| | 82| 590| xor_buf(offsets, m_offset.data(), L0.data(), m_BS); 83| 590| offsets += m_BS; 84| | 85| 590| xor_buf(offsets, offsets - m_BS, L1.data(), m_BS); 86| 590| offsets += m_BS; 87| | 88| 590| xor_buf(m_offset.data(), L1.data(), m_BS); 89| 590| copy_mem(offsets, m_offset.data(), m_BS); 90| 590| offsets += m_BS; 91| | 92| 590| xor_buf(m_offset.data(), get(ntz4).data(), m_BS); 93| 590| copy_mem(offsets, m_offset.data(), m_BS); 94| 590| offsets += m_BS; 95| | 96| 590| blocks -= 4; 97| 590| } 98| 198| } 99| | 100| 289| for(size_t i = 0; i != blocks; ++i) { // could be done in parallel ------------------ | Branch (100:28): [True: 91, False: 198] ------------------ 101| 91| const size_t ntz = var_ctz64(block_index + i + 1); 102| 91| xor_buf(m_offset.data(), get(ntz).data(), m_BS); 103| 91| copy_mem(offsets, m_offset.data(), m_BS); 104| 91| offsets += m_BS; 105| 91| } 106| | 107| 198| return m_offset_buf.data(); 108| 198| } _ZNK5Botan10L_computer6offsetEv: 56| 91| const secure_vector& offset() const { return m_offset; } _ZNK5Botan10L_computer4starEv: 52| 227| const secure_vector& star() const { return m_L_star; } _ZNK5Botan10L_computer6dollarEv: 54| 171| const secure_vector& dollar() const { return m_L_dollar; } _ZN5Botan10L_computerC2ERKNS_11BlockCipherE: 24| 80| m_BS(cipher.block_size()), m_max_blocks(cipher.parallel_bytes() / m_BS) { 25| 80| m_L_star.resize(m_BS); 26| 80| cipher.encrypt(m_L_star); 27| 80| m_L_dollar = poly_double(star()); 28| | 29| | // Preallocate the m_L vector to the maximum expected size to avoid 30| | // re-allocations during runtime. This had caused a use-after-free in 31| | // earlier versions, due to references into this buffer becoming stale 32| | // in `compute_offset()`, after calling `get()` in the hot path. 33| | // 34| | // Note, that the list member won't be pre-allocated, so the expected 35| | // memory overhead is negligible. 36| | // 37| | // See also https://github.com/randombit/botan/issues/3812 38| 80| m_L.reserve(65); 39| 80| m_L.push_back(poly_double(dollar())); 40| | 41| 640| while(m_L.size() < 8) { ------------------ | Branch (41:16): [True: 560, False: 80] ------------------ 42| 560| m_L.push_back(poly_double(m_L.back())); 43| 560| } 44| | 45| 80| m_offset_buf.resize(m_BS * m_max_blocks); 46| 80| } _ZN5Botan8CBC_ModeC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEENS2_INS_28BlockCipherModePaddingMethodENS4_IS7_EEEE: 20| 231| m_cipher(std::move(cipher)), m_padding(std::move(padding)), m_block_size(m_cipher->block_size()) { 21| 231| if(m_padding && !m_padding->valid_blocksize(m_block_size)) { ------------------ | Branch (21:7): [True: 231, False: 0] | Branch (21:20): [True: 0, False: 231] ------------------ 22| 0| throw Invalid_Argument(fmt("Padding {} cannot be used with {} in CBC mode", m_padding->name(), m_cipher->name())); 23| 0| } 24| 231|} _ZNK5Botan8CBC_Mode17ideal_granularityEv: 47| 171|size_t CBC_Mode::ideal_granularity() const { 48| 171| return cipher().parallel_bytes(); 49| 171|} _ZNK5Botan8CBC_Mode8key_specEv: 51| 231|Key_Length_Specification CBC_Mode::key_spec() const { 52| 231| return cipher().key_spec(); 53| 231|} _ZNK5Botan8CBC_Mode18valid_nonce_lengthEm: 59| 209|bool CBC_Mode::valid_nonce_length(size_t n) const { 60| 209| return (n == 0 || n == block_size()); ------------------ | Branch (60:12): [True: 0, False: 209] | Branch (60:22): [True: 209, False: 0] ------------------ 61| 209|} _ZN5Botan8CBC_Mode12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 67| 231|void CBC_Mode::key_schedule(std::span key) { 68| 231| m_cipher->set_key(key); 69| 231| m_state.clear(); 70| 231|} _ZN5Botan8CBC_Mode9start_msgEPKhm: 72| 209|void CBC_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) { 73| 209| if(!valid_nonce_length(nonce_len)) { ------------------ | Branch (73:7): [True: 0, False: 209] ------------------ 74| 0| throw Invalid_IV_Length(name(), nonce_len); 75| 0| } 76| | 77| | /* 78| | * A nonce of zero length means carry the last ciphertext value over 79| | * as the new IV, as unfortunately some protocols require this. If 80| | * this is the first message then we use an IV of all zeros. 81| | */ 82| 209| if(nonce_len > 0) { ------------------ | Branch (82:7): [True: 209, False: 0] ------------------ 83| 209| m_state.assign(nonce, nonce + nonce_len); 84| 209| } else if(m_state.empty()) { ------------------ | Branch (84:14): [True: 0, False: 0] ------------------ 85| 0| m_state.resize(m_cipher->block_size()); 86| 0| } 87| | // else leave the state alone 88| 209|} _ZN5Botan14CBC_Encryption11process_msgEPhm: 98| 107|size_t CBC_Encryption::process_msg(uint8_t buf[], size_t sz) { 99| 107| BOTAN_STATE_CHECK(state().empty() == false); ------------------ | | 51| 107| do { \ | | 52| 107| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 107| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 107] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 107| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 107] | | ------------------ ------------------ 100| 107| const size_t BS = block_size(); 101| | 102| 107| BOTAN_ARG_CHECK(sz % BS == 0, "CBC input is not full blocks"); ------------------ | | 35| 107| do { \ | | 36| 107| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 107| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 107] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 107| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 107] | | ------------------ ------------------ 103| 107| const size_t blocks = sz / BS; 104| | 105| 107| if(blocks > 0) { ------------------ | Branch (105:7): [True: 107, False: 0] ------------------ 106| 107| xor_buf(&buf[0], state_ptr(), BS); 107| 107| cipher().encrypt(&buf[0]); 108| | 109| 358| for(size_t i = 1; i != blocks; ++i) { ------------------ | Branch (109:25): [True: 251, False: 107] ------------------ 110| 251| xor_buf(&buf[BS * i], &buf[BS * (i - 1)], BS); 111| 251| cipher().encrypt(&buf[BS * i]); 112| 251| } 113| | 114| 107| state().assign(&buf[BS * (blocks - 1)], &buf[BS * blocks]); 115| 107| } 116| | 117| 107| return sz; 118| 107|} _ZN5Botan14CBC_Decryption11process_msgEPhm: 198| 102|size_t CBC_Decryption::process_msg(uint8_t buf[], size_t sz) { 199| 102| BOTAN_STATE_CHECK(state().empty() == false); ------------------ | | 51| 102| do { \ | | 52| 102| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 102| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 102] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 102| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 102] | | ------------------ ------------------ 200| | 201| 102| const size_t BS = block_size(); 202| | 203| 102| BOTAN_ARG_CHECK(sz % BS == 0, "Input is not full blocks"); ------------------ | | 35| 102| do { \ | | 36| 102| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 102| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 102] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 102| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 102] | | ------------------ ------------------ 204| 102| size_t blocks = sz / BS; 205| | 206| 552| while(blocks > 0) { ------------------ | Branch (206:10): [True: 450, False: 102] ------------------ 207| 450| const size_t to_proc = std::min(BS * blocks, m_tempbuf.size()); 208| | 209| 450| cipher().decrypt_n(buf, m_tempbuf.data(), to_proc / BS); 210| | 211| 450| xor_buf(m_tempbuf.data(), state_ptr(), BS); 212| 450| xor_buf(&m_tempbuf[BS], buf, to_proc - BS); 213| 450| copy_mem(state_ptr(), buf + (to_proc - BS), BS); 214| | 215| 450| copy_mem(buf, m_tempbuf.data(), to_proc); 216| | 217| 450| buf += to_proc; 218| 450| blocks -= to_proc / BS; 219| 450| } 220| | 221| 102| return sz; 222| 102|} _ZN5Botan9Gf448ElemC2ENSt3__14spanIKhLm56EEE: 356| 16|Gf448Elem::Gf448Elem(std::span x) /* NOLINT(*-member-init) */ { 357| 16| load_le(m_x, x); 358| 16|} _ZN5Botan9Gf448ElemC2Em: 360| 64.5k|Gf448Elem::Gf448Elem(uint64_t least_sig_word) /* NOLINT(*-member-init) */ { 361| 64.5k| clear_mem(m_x); 362| 64.5k| m_x[0] = least_sig_word; 363| 64.5k|} _ZNK5Botan9Gf448Elem8to_bytesENSt3__14spanIhLm56EEE: 365| 8|void Gf448Elem::to_bytes(std::span out) const { 366| 8| store_le(out, to_canonical(m_x)); 367| 8|} _ZNK5Botan9Gf448Elem8to_bytesEv: 369| 8|std::array Gf448Elem::to_bytes() const { 370| 8| std::array bytes{}; 371| 8| to_bytes(bytes); 372| 8| return bytes; 373| 8|} _ZN5Botan9Gf448Elem12ct_cond_swapENS_2CT4MaskImEERS0_: 375| 7.18k|void Gf448Elem::ct_cond_swap(CT::Mask mask, Gf448Elem& other) { 376| 57.4k| for(size_t i = 0; i < WORDS_448; ++i) { ------------------ | Branch (376:22): [True: 50.2k, False: 7.18k] ------------------ 377| 50.2k| mask.conditional_swap(m_x[i], other.m_x[i]); 378| 50.2k| } 379| 7.18k|} _ZNK5Botan9Gf448ElemplERKS0_: 385| 14.3k|Gf448Elem Gf448Elem::operator+(const Gf448Elem& other) const { 386| 14.3k| Gf448Elem res(0); 387| 14.3k| gf_add(res.m_x, m_x, other.m_x); 388| 14.3k| return res; 389| 14.3k|} _ZNK5Botan9Gf448ElemmiERKS0_: 391| 14.3k|Gf448Elem Gf448Elem::operator-(const Gf448Elem& other) const { 392| 14.3k| Gf448Elem res(0); 393| 14.3k| gf_sub(res.m_x, m_x, other.m_x); 394| 14.3k| return res; 395| 14.3k|} _ZNK5Botan9Gf448ElemmlERKS0_: 403| 17.9k|Gf448Elem Gf448Elem::operator*(const Gf448Elem& other) const { 404| 17.9k| Gf448Elem res(0); 405| 17.9k| gf_mul(res.m_x, m_x, other.m_x); 406| 17.9k| return res; 407| 17.9k|} _ZNK5Botan9Gf448ElemdvERKS0_: 409| 8|Gf448Elem Gf448Elem::operator/(const Gf448Elem& other) const { 410| 8| Gf448Elem res(0); 411| 8| gf_inv(res.m_x, other.m_x); 412| 8| gf_mul(res.m_x, m_x, res.m_x); 413| 8| return res; 414| 8|} _ZN5Botan7mul_a24ERKNS_9Gf448ElemE: 439| 3.58k|Gf448Elem mul_a24(const Gf448Elem& a) { 440| 3.58k| Gf448Elem res(0); 441| 3.58k| gf_mul_a24(res.words(), a.words()); 442| 3.58k| return res; 443| 3.58k|} _ZN5Botan6squareERKNS_9Gf448ElemE: 445| 14.3k|Gf448Elem square(const Gf448Elem& elem) { 446| 14.3k| Gf448Elem res(0); 447| 14.3k| gf_square(res.words(), elem.words()); 448| 14.3k| return res; 449| 14.3k|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_112to_canonicalENSt3__14spanIKmLm7EEE: 335| 8|std::array to_canonical(std::span in) { 336| 8| const std::array p = {0xffffffffffffffff, 337| 8| 0xffffffffffffffff, 338| 8| 0xffffffffffffffff, 339| 8| 0xfffffffeffffffff, 340| 8| 0xffffffffffffffff, 341| 8| 0xffffffffffffffff, 342| 8| 0xffffffffffffffff}; 343| | 344| 8| std::array in_minus_p; // NOLINT(*-member-init) 345| 8| uint64_t borrow = 0; 346| 64| for(size_t i = 0; i < WORDS_448; ++i) { ------------------ | Branch (346:22): [True: 56, False: 8] ------------------ 347| 56| in_minus_p[i] = word_sub(in[i], p[i], &borrow); 348| 56| } 349| 8| std::array out; // NOLINT(*-member-init) 350| 8| CT::Mask::expand(borrow).select_n(out.data(), in.data(), in_minus_p.data(), WORDS_448); 351| 8| return out; 352| 8|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_16gf_addENSt3__14spanImLm7EEENS2_IKmLm7EEES5_: 155| 14.3k| std::span b) { 156| 14.3k| std::array ws; // NOLINT(*-member-init) 157| | 158| 14.3k| uint64_t carry = 0; 159| 14.3k| ws[0] = word_add(a[0], b[0], &carry); 160| 14.3k| ws[1] = word_add(a[1], b[1], &carry); 161| 14.3k| ws[2] = word_add(a[2], b[2], &carry); 162| 14.3k| ws[3] = word_add(a[3], b[3], &carry); 163| 14.3k| ws[4] = word_add(a[4], b[4], &carry); 164| 14.3k| ws[5] = word_add(a[5], b[5], &carry); 165| 14.3k| ws[6] = word_add(a[6], b[6], &carry); 166| 14.3k| ws[7] = carry; 167| | 168| 14.3k| reduce_after_add(out, ws); 169| 14.3k|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_116reduce_after_addENSt3__14spanImLm7EEENS2_IKmLm8EEE: 27| 53.8k|void reduce_after_add(std::span h_3, std::span h_1) { 28| 53.8k| std::array h_2; /* NOLINT(*-member-init) */ 29| 53.8k| uint64_t carry = 0; 30| | 31| 53.8k| constexpr uint64_t zero = 0; 32| | 33| | // Line 27+ (of the paper's algorithm 1) 34| 53.8k| h_2[0] = word_add(h_1[0], h_1[7], &carry); 35| 53.8k| h_2[1] = word_add(h_1[1], zero, &carry); 36| 53.8k| h_2[2] = word_add(h_1[2], zero, &carry); 37| | 38| | // Line 30 39| 53.8k| h_2[3] = word_add(h_1[3], h_1[7] << 32, &carry); 40| | 41| | // Line 31+ 42| 53.8k| h_2[4] = word_add(h_1[4], zero, &carry); 43| 53.8k| h_2[5] = word_add(h_1[5], zero, &carry); 44| 53.8k| h_2[6] = word_add(h_1[6], zero, &carry); 45| | 46| 53.8k| h_2[7] = carry; 47| | 48| 53.8k| carry = 0; 49| 53.8k| h_3[0] = word_add(h_2[0], h_2[7], &carry); 50| 53.8k| h_3[1] = word_add(h_2[1], zero, &carry); 51| 53.8k| h_3[2] = word_add(h_2[2], zero, &carry); 52| | // Line 37 53| 53.8k| h_3[3] = h_2[3] + (h_2[7] << 32) + carry; 54| | 55| | // Line 38 56| 53.8k| h_3[4] = h_2[4]; 57| 53.8k| h_3[5] = h_2[5]; 58| 53.8k| h_3[6] = h_2[6]; 59| 53.8k|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_16gf_subENSt3__14spanImLm7EEENS2_IKmLm7EEES5_: 178| 14.3k| std::span b) { 179| 14.3k| std::array h_0; // NOLINT(*-member-init) 180| 14.3k| std::array h_1; // NOLINT(*-member-init) 181| | 182| 14.3k| uint64_t borrow = 0; 183| 14.3k| h_0[0] = word_sub(a[0], b[0], &borrow); 184| 14.3k| h_0[1] = word_sub(a[1], b[1], &borrow); 185| 14.3k| h_0[2] = word_sub(a[2], b[2], &borrow); 186| 14.3k| h_0[3] = word_sub(a[3], b[3], &borrow); 187| 14.3k| h_0[4] = word_sub(a[4], b[4], &borrow); 188| 14.3k| h_0[5] = word_sub(a[5], b[5], &borrow); 189| 14.3k| h_0[6] = word_sub(a[6], b[6], &borrow); 190| 14.3k| uint64_t delta = borrow; 191| 14.3k| uint64_t delta_p = delta << 32; 192| 14.3k| borrow = 0; 193| | 194| 14.3k| constexpr uint64_t zero = 0; 195| | 196| 14.3k| h_1[0] = word_sub(h_0[0], delta, &borrow); 197| 14.3k| h_1[1] = word_sub(h_0[1], zero, &borrow); 198| 14.3k| h_1[2] = word_sub(h_0[2], zero, &borrow); 199| 14.3k| h_1[3] = word_sub(h_0[3], delta_p, &borrow); 200| 14.3k| h_1[4] = word_sub(h_0[4], zero, &borrow); 201| 14.3k| h_1[5] = word_sub(h_0[5], zero, &borrow); 202| 14.3k| h_1[6] = word_sub(h_0[6], zero, &borrow); 203| | 204| 14.3k| delta = borrow; 205| 14.3k| delta_p = delta << 32; 206| 14.3k| borrow = 0; 207| | 208| 14.3k| out[0] = word_sub(h_1[0], delta, &borrow); 209| 14.3k| out[1] = word_sub(h_1[1], zero, &borrow); 210| 14.3k| out[2] = word_sub(h_1[2], zero, &borrow); 211| 14.3k| out[3] = word_sub(h_1[3], delta_p, &borrow); 212| 14.3k| out[4] = h_1[4]; 213| 14.3k| out[5] = h_1[5]; 214| 14.3k| out[6] = h_1[6]; 215| 14.3k|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_16gf_mulENSt3__14spanImLm7EEENS2_IKmLm7EEES5_: 141| 18.0k| std::span b) { 142| 18.0k| std::array ws; // NOLINT(*-member-init) 143| 18.0k| comba_mul<7>(ws.data(), a.data(), b.data()); 144| 18.0k| reduce_after_mul(out, ws); 145| 18.0k|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_116reduce_after_mulENSt3__14spanImLm7EEENS2_IKmLm14EEE: 66| 35.9k|void reduce_after_mul(std::span out, std::span in) { 67| 35.9k| std::array r; // NOLINT(*-member-init) 68| 35.9k| std::array s; // NOLINT(*-member-init) 69| 35.9k| std::array t_0; // NOLINT(*-member-init) 70| 35.9k| std::array h_1; // NOLINT(*-member-init) 71| | 72| 35.9k| uint64_t carry = 0; 73| | 74| | // Line 4 (of the paper's algorithm 1) 75| 35.9k| r[0] = word_add(in[0], in[7], &carry); 76| | 77| | // Line 5-7 78| 35.9k| r[1] = word_add(in[1], in[1 + 7], &carry); 79| 35.9k| r[2] = word_add(in[2], in[2 + 7], &carry); 80| 35.9k| r[3] = word_add(in[3], in[3 + 7], &carry); 81| 35.9k| r[4] = word_add(in[4], in[4 + 7], &carry); 82| 35.9k| r[5] = word_add(in[5], in[5 + 7], &carry); 83| 35.9k| r[6] = word_add(in[6], in[6 + 7], &carry); 84| 35.9k| r[7] = carry; 85| 35.9k| s[0] = r[0]; 86| 35.9k| s[1] = r[1]; 87| 35.9k| s[2] = r[2]; 88| | // Line 10 89| 35.9k| carry = 0; 90| 35.9k| s[3] = word_add(r[3], in[10] & 0xFFFFFFFF00000000, &carry); 91| | // Line 11-13 92| 35.9k| s[4] = word_add(r[4], in[4 + 7], &carry); 93| 35.9k| s[5] = word_add(r[5], in[5 + 7], &carry); 94| 35.9k| s[6] = word_add(r[6], in[6 + 7], &carry); 95| 35.9k| s[7] = r[7] + carry; 96| | 97| | // Line 15-17 98| 35.9k| t_0[0] = (in[0 + 11] << 32) | (in[0 + 10] >> 32); 99| 35.9k| t_0[1] = (in[1 + 11] << 32) | (in[1 + 10] >> 32); 100| 35.9k| t_0[2] = (in[2 + 11] << 32) | (in[2 + 10] >> 32); 101| | // Line 18 102| 35.9k| t_0[3] = (in[7] << 32) | (in[13] >> 32); 103| | // Line 19-21 104| 35.9k| t_0[4] = (in[4 + 4] << 32) | (in[4 + 3] >> 32); 105| 35.9k| t_0[5] = (in[5 + 4] << 32) | (in[5 + 3] >> 32); 106| 35.9k| t_0[6] = (in[6 + 4] << 32) | (in[6 + 3] >> 32); 107| 35.9k| carry = 0; 108| | // Line 23-25 109| 35.9k| h_1[0] = word_add(s[0], t_0[0], &carry); 110| 35.9k| h_1[1] = word_add(s[1], t_0[1], &carry); 111| 35.9k| h_1[2] = word_add(s[2], t_0[2], &carry); 112| 35.9k| h_1[3] = word_add(s[3], t_0[3], &carry); 113| 35.9k| h_1[4] = word_add(s[4], t_0[4], &carry); 114| 35.9k| h_1[5] = word_add(s[5], t_0[5], &carry); 115| 35.9k| h_1[6] = word_add(s[6], t_0[6], &carry); 116| 35.9k| h_1[7] = s[7] + carry; 117| | 118| 35.9k| reduce_after_add(out, h_1); 119| 35.9k|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_16gf_invENSt3__14spanImLm7EEENS2_IKmLm7EEE: 316| 8|void gf_inv(std::span out, std::span a) { 317| 8| std::array x222; // NOLINT(*-member-init) 318| 8| std::array x223; // NOLINT(*-member-init) 319| 8| gf_pow_2_222m1(x222, x223, a); 320| | 321| | // (x223 << 223 + x222) << 2 + 1 322| 8| std::array t; // NOLINT(*-member-init) 323| 8| gf_sqr_n(t, x223, 223); 324| 8| gf_mul(t, t, x222); 325| 8| gf_sqr_n(t, t, 2); 326| 8| gf_mul(out, t, a); 327| 8|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_110gf_mul_a24ENSt3__14spanImLm7EEENS2_IKmLm7EEE: 124| 3.58k|void gf_mul_a24(std::span out, std::span a) { 125| 3.58k| constexpr uint64_t A24 = 39081; 126| 3.58k| std::array ws; // NOLINT(*-member-init) 127| 3.58k| uint64_t carry = 0; 128| 3.58k| ws[0] = word_madd2(a[0], A24, &carry); 129| 3.58k| ws[1] = word_madd2(a[1], A24, &carry); 130| 3.58k| ws[2] = word_madd2(a[2], A24, &carry); 131| 3.58k| ws[3] = word_madd2(a[3], A24, &carry); 132| 3.58k| ws[4] = word_madd2(a[4], A24, &carry); 133| 3.58k| ws[5] = word_madd2(a[5], A24, &carry); 134| 3.58k| ws[6] = word_madd2(a[6], A24, &carry); 135| 3.58k| ws[7] = carry; 136| 3.58k| reduce_after_add(out, ws); 137| 3.58k|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_19gf_squareENSt3__14spanImLm7EEENS2_IKmLm7EEE: 147| 17.9k|void gf_square(std::span out, std::span a) { 148| 17.9k| std::array ws; // NOLINT(*-member-init) 149| 17.9k| comba_sqr<7>(ws.data(), a.data()); 150| 17.9k| reduce_after_mul(out, ws); 151| 17.9k|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_114gf_pow_2_222m1ENSt3__14spanImLm7EEES3_NS2_IKmLm7EEE: 245| 8| std::span a) { 246| 8| std::array t; // NOLINT(*-member-init) 247| | 248| | // _10 = a^2 249| 8| std::array a2; // NOLINT(*-member-init) 250| 8| gf_square(a2, a); 251| | 252| | // _11 = a^3 253| 8| std::array a3; // NOLINT(*-member-init) 254| 8| gf_mul(a3, a, a2); 255| | 256| | // _111 = a^7 257| 8| std::array a7; // NOLINT(*-member-init) 258| 8| gf_square(t, a3); 259| 8| gf_mul(a7, a, t); 260| | 261| | // _111111 = a^63 262| 8| std::array a63; // NOLINT(*-member-init) 263| 8| gf_sqr_n(t, a7, 3); 264| 8| gf_mul(a63, a7, t); 265| | 266| | // x12 = a^(2^12 - 1) 267| 8| std::array x12; // NOLINT(*-member-init) 268| 8| gf_sqr_n(t, a63, 6); 269| 8| gf_mul(x12, a63, t); 270| | 271| | // x24 = a^(2^24 - 1) 272| 8| std::array x24; // NOLINT(*-member-init) 273| 8| gf_sqr_n(t, x12, 12); 274| 8| gf_mul(x24, x12, t); 275| | 276| | // i34 = x24 << 6 = a^((2^24 - 1) * 2^6) 277| 8| std::array i34; // NOLINT(*-member-init) 278| 8| gf_sqr_n(i34, x24, 6); 279| | 280| | // x30 = a^(2^30 - 1) 281| 8| std::array x30; // NOLINT(*-member-init) 282| 8| gf_mul(x30, a63, i34); 283| | 284| | // x48 = a^(2^48 - 1) 285| 8| std::array x48; // NOLINT(*-member-init) 286| 8| gf_sqr_n(t, i34, 18); 287| 8| gf_mul(x48, x24, t); 288| | 289| | // x96 = a^(2^96 - 1) 290| 8| std::array x96; // NOLINT(*-member-init) 291| 8| gf_sqr_n(t, x48, 48); 292| 8| gf_mul(x96, x48, t); 293| | 294| | // x192 = a^(2^192 - 1) 295| 8| std::array x192; // NOLINT(*-member-init) 296| 8| gf_sqr_n(t, x96, 96); 297| 8| gf_mul(x192, x96, t); 298| | 299| | // x222 = a^(2^222 - 1) 300| 8| gf_sqr_n(t, x192, 30); 301| 8| gf_mul(x222, x30, t); 302| | 303| | // x223 = a^(2^223 - 1) 304| 8| gf_square(t, x222); 305| 8| gf_mul(x223, a, t); 306| 8|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_18gf_sqr_nENSt3__14spanImLm7EEENS2_IKmLm7EEEm: 218| 80|void gf_sqr_n(std::span out, std::span a, size_t n) { 219| 80| gf_square(out, a); 220| 3.55k| for(size_t i = 1; i < n; ++i) { ------------------ | Branch (220:22): [True: 3.47k, False: 80] ------------------ 221| 3.47k| gf_square(out, out); 222| 3.47k| } 223| 80|} _ZNK5Botan14X448_PublicKey19raw_public_key_bitsEv: 47| 8|std::vector X448_PublicKey::raw_public_key_bits() const { 48| 8| return {m_public.begin(), m_public.end()}; 49| 8|} _ZN5Botan14X448_PublicKeyC1ENSt3__14spanIKhLm18446744073709551615EEE: 62| 3|X448_PublicKey::X448_PublicKey(std::span pub) { 63| 3| BOTAN_ARG_CHECK(pub.size() == X448_LEN, "Invalid size for X448 public key"); ------------------ | | 35| 3| do { \ | | 36| 3| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 3| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 2, False: 1] | | ------------------ | | 38| 2| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 2| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 2| } \ | | 41| 3| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 3] | | ------------------ ------------------ 64| 3| copy_mem(m_public, pub); 65| 3|} _ZN5Botan15X448_PrivateKeyC1ENSt3__14spanIKhLm18446744073709551615EEE: 70| 7|X448_PrivateKey::X448_PrivateKey(std::span secret_key) { 71| 7| BOTAN_ARG_CHECK(secret_key.size() == X448_LEN, "Invalid size for X448 private key"); ------------------ | | 35| 7| do { \ | | 36| 7| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 7| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 7] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 7| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 7] | | ------------------ ------------------ 72| 7| m_private.assign(secret_key.begin(), secret_key.end()); 73| 7| auto scope = CT::scoped_poison(m_private); 74| 7| x448_basepoint_from_data(m_public, std::span(m_private).first()); 75| 7| CT::unpoison(m_public); 76| 7|} _ZN5Botan15X448_PrivateKeyC1ERNS_21RandomNumberGeneratorE: 78| 7|X448_PrivateKey::X448_PrivateKey(RandomNumberGenerator& rng) : X448_PrivateKey(rng.random_vec(X448_LEN)) {} _ZNK5Botan15X448_PrivateKey23create_key_agreement_opERNS_21RandomNumberGeneratorENSt3__117basic_string_viewIcNS3_11char_traitsIcEEEES7_: 148| 1| std::string_view provider) const { 149| 1| if(provider == "base" || provider.empty()) { ------------------ | Branch (149:7): [True: 0, False: 1] | Branch (149:29): [True: 1, False: 0] ------------------ 150| 1| return std::make_unique(m_private, params); 151| 1| } 152| 0| throw Provider_Not_Found(algo_name(), provider); 153| 1|} x448.cpp:_ZN5Botan12_GLOBAL__N_124x448_basepoint_from_dataENSt3__14spanIhLm56EEENS2_IKhLm56EEE: 22| 7|void x448_basepoint_from_data(std::span mypublic, std::span secret) { 23| 7| auto bp = x448_basepoint(decode_scalar(secret)); 24| 7| auto bp_bytes = encode_point(bp); 25| 7| copy_mem(mypublic, bp_bytes); 26| 7|} x448.cpp:_ZN5Botan12_GLOBAL__N_117X448_KA_OperationC2ENSt3__14spanIKhLm18446744073709551615EEENS2_17basic_string_viewIcNS2_11char_traitsIcEEEE: 104| 1| PK_Ops::Key_Agreement_with_KDF(kdf), m_sk(sk.begin(), sk.end()) { 105| 1| BOTAN_ARG_CHECK(sk.size() == X448_LEN, "Invalid size for X448 private key"); ------------------ | | 35| 1| do { \ | | 36| 1| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 1| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 1] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 1| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 1] | | ------------------ ------------------ 106| 1| } x448.cpp:_ZN5Botan12_GLOBAL__N_117X448_KA_Operation9raw_agreeEPKhm: 110| 1| secure_vector raw_agree(const uint8_t w_data[], size_t w_len) override { 111| 1| auto scope = CT::scoped_poison(m_sk); 112| | 113| 1| const std::span w(w_data, w_len); 114| 1| if(w.size() != X448_LEN) { ------------------ | Branch (114:13): [True: 0, False: 1] ------------------ 115| 0| throw Decoding_Error("Invalid size for X448 public key"); 116| 0| } 117| 1| const auto k = decode_scalar(m_sk); 118| 1| const auto u = decode_point(w); 119| | 120| 1| auto shared_secret = encode_point(x448(k, u)); 121| 1| CT::unpoison(shared_secret); 122| | 123| | // RFC 7748 Section 6.2 124| | // As with X25519, both sides MAY check, without leaking extra 125| | // information about the value of K, whether the resulting shared K 126| | // is the all-zero value and abort if so. 127| | // 128| | // TODO: once the generic Key Agreement operation creation is equipped 129| | // with a more flexible parameterization, this check could be 130| | // made optional. 131| | // For instance: `sk->agree().with_optional_sanity_checks(true)`. 132| | // See also: https://github.com/randombit/botan/pull/4318 133| 1| if(CT::all_zeros(shared_secret.data(), shared_secret.size()).as_bool()) { ------------------ | Branch (133:13): [True: 0, False: 1] ------------------ 134| 0| throw Invalid_Argument("X448 public point appears to be of low order"); 135| 0| } 136| | 137| 1| return shared_secret; 138| 1| } _ZN5Botan12encode_pointERKNS_6StrongINSt3__15arrayIhLm56EEENS_9Point448_EJEEE: 21| 8|secure_vector encode_point(const Point448& p) { 22| 8| return {p.begin(), p.end()}; 23| 8|} _ZN5Botan12decode_pointENSt3__14spanIKhLm18446744073709551615EEE: 25| 1|Point448 decode_point(std::span p_bytes) { 26| 1| BOTAN_ARG_CHECK(p_bytes.size() == X448_LEN, "Invalid size for X448 point"); ------------------ | | 35| 1| do { \ | | 36| 1| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 1| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 1] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 1| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 1] | | ------------------ ------------------ 27| 1| return typecast_copy(p_bytes); 28| 1|} _ZN5Botan13decode_scalarENSt3__14spanIKhLm18446744073709551615EEE: 30| 8|ScalarX448 decode_scalar(std::span scalar_bytes) { 31| 8| BOTAN_ARG_CHECK(scalar_bytes.size() == X448_LEN, "Invalid size for X448 scalar"); ------------------ | | 35| 8| do { \ | | 36| 8| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 8| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 8] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 8| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 8] | | ------------------ ------------------ 32| 8| auto buf = typecast_copy(scalar_bytes); 33| | 34| 8| buf[0] &= 0xfc; 35| 8| buf[55] |= 0x80; 36| | 37| 8| return buf; 38| 8|} _ZN5Botan14x448_basepointERKNS_6StrongINSt3__15arrayIhLm56EEENS_11ScalarX448_EJEEE: 41| 7|Point448 x448_basepoint(const ScalarX448& k) { 42| 7| const Point448 u({5}); 43| 7| return x448(k, u); 44| 7|} _ZN5Botan4x448ERKNS_6StrongINSt3__15arrayIhLm56EEENS_11ScalarX448_EJEEERKNS0_IS3_NS_9Point448_EJEEE: 48| 8|Point448 x448(const ScalarX448& k, const Point448& u) { 49| 8| const Gf448Elem x_1 = Gf448Elem(u.get()); 50| 8| Gf448Elem x_2 = Gf448Elem::one(); 51| 8| Gf448Elem z_2 = Gf448Elem::zero(); 52| 8| Gf448Elem x_3 = Gf448Elem(u.get()); 53| 8| Gf448Elem z_3 = Gf448Elem::one(); 54| 8| auto swap = CT::Mask::cleared(); 55| | 56| 3.59k| for(int16_t t = 448 - 1; t >= 0; --t) { ------------------ | Branch (56:29): [True: 3.58k, False: 8] ------------------ 57| 3.58k| auto k_t = CT::Mask::expand(get_bit(k, t)); 58| 3.58k| swap ^= k_t; 59| | 60| 3.58k| x_2.ct_cond_swap(swap, x_3); 61| 3.58k| z_2.ct_cond_swap(swap, z_3); 62| 3.58k| swap = k_t; 63| | 64| 3.58k| const auto A = x_2 + z_2; 65| 3.58k| const auto AA = square(A); 66| 3.58k| const auto B = x_2 - z_2; 67| 3.58k| const auto BB = square(B); 68| 3.58k| const auto E = AA - BB; 69| 3.58k| const auto C = x_3 + z_3; 70| 3.58k| const auto D = x_3 - z_3; 71| 3.58k| const auto DA = D * A; 72| 3.58k| const auto CB = C * B; 73| 3.58k| x_3 = square(DA + CB); 74| 3.58k| z_3 = x_1 * square(DA - CB); 75| 3.58k| x_2 = AA * BB; 76| 3.58k| z_2 = E * (AA + mul_a24(E)); 77| 3.58k| } 78| | 79| 8| x_2.ct_cond_swap(swap, x_3); 80| 8| z_2.ct_cond_swap(swap, z_3); 81| | 82| 8| const auto res = x_2 / z_2; 83| | 84| 8| return Point448(res.to_bytes()); 85| 8|} x448_internal.cpp:_ZN5Botan12_GLOBAL__N_17get_bitERKNS_6StrongINSt3__15arrayIhLm56EEENS_11ScalarX448_EJEEEm: 16| 3.58k|uint64_t get_bit(const ScalarX448& scalar, size_t bit) { 17| 3.58k| return (scalar[bit / 8] >> (bit % 8)) & 1; 18| 3.58k|} _ZN5Botan14EC_AffinePointC2ENSt3__110unique_ptrINS_19EC_AffinePoint_DataENS1_14default_deleteIS3_EEEE: 16| 4.46k|EC_AffinePoint::EC_AffinePoint(std::unique_ptr point) : m_point(std::move(point)) { 17| 4.46k| BOTAN_ASSERT_NONNULL(m_point); ------------------ | | 116| 4.46k| do { \ | | 117| 4.46k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 4.46k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 4.46k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 4.46k] | | ------------------ ------------------ 18| 4.46k|} _ZN5Botan14EC_AffinePointC2ERKS0_: 20| 3.39k|EC_AffinePoint::EC_AffinePoint(const EC_AffinePoint& other) : m_point(other.inner().clone()) {} _ZN5Botan14EC_AffinePointC2EOS0_: 22| 15.3k|EC_AffinePoint::EC_AffinePoint(EC_AffinePoint&& other) noexcept : m_point(std::move(other.m_point)) {} _ZN5Botan14EC_AffinePointC2ERKNS_8EC_GroupENSt3__14spanIKhLm18446744073709551615EEE: 36| 8.65k|EC_AffinePoint::EC_AffinePoint(const EC_Group& group, std::span bytes) { 37| 8.65k| m_point = group._data()->point_deserialize(bytes); 38| 8.65k| if(!m_point) { ------------------ | Branch (38:7): [True: 496, False: 8.15k] ------------------ 39| 496| throw Decoding_Error("Failed to deserialize elliptic curve point"); 40| 496| } 41| 8.65k|} _ZNK5Botan14EC_AffinePoint15to_legacy_pointEv: 45| 10.9k|EC_Point EC_AffinePoint::to_legacy_point() const { 46| 10.9k| return m_point->to_legacy_point(); 47| 10.9k|} _ZNK5Botan14EC_AffinePoint19field_element_bytesEv: 110| 4.46k|size_t EC_AffinePoint::field_element_bytes() const { 111| 4.46k| return inner().field_element_bytes(); 112| 4.46k|} _ZNK5Botan14EC_AffinePoint11is_identityEv: 114| 17.0k|bool EC_AffinePoint::is_identity() const { 115| 17.0k| return inner().is_identity(); 116| 17.0k|} _ZN5Botan14EC_AffinePointD2Ev: 148| 31.4k|EC_AffinePoint::~EC_AffinePoint() = default; _ZN5Botan14EC_AffinePoint11deserializeERKNS_8EC_GroupENSt3__14spanIKhLm18446744073709551615EEE: 150| 1.69k|std::optional EC_AffinePoint::deserialize(const EC_Group& group, std::span bytes) { 151| 1.69k| if(auto pt = group._data()->point_deserialize(bytes)) { ------------------ | Branch (151:12): [True: 1.69k, False: 0] ------------------ 152| 1.69k| return EC_AffinePoint(std::move(pt)); 153| 1.69k| } else { 154| 0| return {}; 155| 0| } 156| 1.69k|} _ZN5Botan14EC_AffinePoint5g_mulERKNS_9EC_ScalarERNS_21RandomNumberGeneratorE: 158| 2.77k|EC_AffinePoint EC_AffinePoint::g_mul(const EC_Scalar& scalar, RandomNumberGenerator& rng) { 159| 2.77k| auto pt = scalar._inner().group()->point_g_mul(scalar.inner(), rng); 160| 2.77k| return EC_AffinePoint(std::move(pt)); 161| 2.77k|} _ZNK5Botan14EC_AffinePoint10mul_x_onlyERKNS_9EC_ScalarERNS_21RandomNumberGeneratorE: 167| 1.69k|secure_vector EC_AffinePoint::mul_x_only(const EC_Scalar& scalar, RandomNumberGenerator& rng) const { 168| 1.69k| return inner().mul_x_only(scalar._inner(), rng); 169| 1.69k|} _ZNK5Botan14EC_AffinePoint9serializeENS_15EC_Point_FormatE: 194| 4.46k|std::vector EC_AffinePoint::serialize(EC_Point_Format format) const { 195| 4.46k| if(format == EC_Point_Format::Compressed) { ------------------ | Branch (195:7): [True: 27, False: 4.43k] ------------------ 196| 27| return this->serialize_compressed(); 197| 4.43k| } else if(format == EC_Point_Format::Uncompressed) { ------------------ | Branch (197:14): [True: 4.43k, False: 0] ------------------ 198| 4.43k| return this->serialize_uncompressed(); 199| 4.43k| } else { 200| | // The deprecated "hybrid" point encoding 201| | // TODO(Botan4) Remove this 202| 0| auto enc = this->serialize_uncompressed(); 203| 0| const bool y_is_odd = (enc[enc.size() - 1] & 0x01) == 0x01; 204| 0| enc.front() = y_is_odd ? 0x07 : 0x06; ------------------ | Branch (204:21): [True: 0, False: 0] ------------------ 205| 0| return enc; 206| 0| } 207| 4.46k|} _ZNK5Botan14EC_AffinePoint23serialize_compressed_toENSt3__14spanIhLm18446744073709551615EEE: 224| 27|void EC_AffinePoint::serialize_compressed_to(std::span bytes) const { 225| 27| BOTAN_STATE_CHECK(!this->is_identity()); ------------------ | | 51| 27| do { \ | | 52| 27| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 27| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 27] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 27| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 27] | | ------------------ ------------------ 226| 27| m_point->serialize_compressed_to(bytes); 227| 27|} _ZNK5Botan14EC_AffinePoint25serialize_uncompressed_toENSt3__14spanIhLm18446744073709551615EEE: 229| 4.43k|void EC_AffinePoint::serialize_uncompressed_to(std::span bytes) const { 230| 4.43k| BOTAN_STATE_CHECK(!this->is_identity()); ------------------ | | 51| 4.43k| do { \ | | 52| 4.43k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 4.43k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 4.43k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 4.43k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 4.43k] | | ------------------ ------------------ 231| 4.43k| m_point->serialize_uncompressed_to(bytes); 232| 4.43k|} _ZN5Botan8EC_Group13ec_group_dataEv: 231| 11.4k|EC_Group_Data_Map& EC_Group::ec_group_data() { 232| | /* 233| | * This exists purely to ensure the allocator is constructed before g_ec_data, 234| | * which ensures that its destructor runs after ~g_ec_data is complete. 235| | */ 236| | 237| 11.4k| static const Allocator_Initializer g_init_allocator; 238| 11.4k| static EC_Group_Data_Map g_ec_data; 239| 11.4k| return g_ec_data; 240| 11.4k|} _ZN5Botan8EC_Group18load_EC_group_infoEPKcS2_S2_S2_S2_S2_RKNS_3OIDE: 254| 6| const OID& oid) { 255| 6| BOTAN_ARG_CHECK(oid.has_value(), "EC_Group::load_EC_group_info OID must be set"); ------------------ | | 35| 6| do { \ | | 36| 6| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 6| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 6] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 6| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 6] | | ------------------ ------------------ 256| | 257| 6| const BigInt p(p_str); 258| 6| const BigInt a(a_str); 259| 6| const BigInt b(b_str); 260| 6| const BigInt g_x(g_x_str); 261| 6| const BigInt g_y(g_y_str); 262| 6| const BigInt order(order_str); 263| 6| const BigInt cofactor(1); // implicit 264| | 265| 6| return EC_Group_Data::create(p, a, b, g_x, g_y, order, cofactor, oid, EC_Group_Source::Builtin); 266| 6|} _ZN5Botan8EC_Group19DER_decode_EC_groupENSt3__14spanIKhLm18446744073709551615EEENS_15EC_Group_SourceE: 270| 6.45k| EC_Group_Source source) { 271| 6.45k| BER_Decoder dec(der, BER_Decoder::Limits::DER()); 272| | 273| 6.45k| auto next_obj_type = dec.peek_next_object().type_tag(); 274| | 275| 6.45k| if(next_obj_type == ASN1_Type::ObjectId) { ------------------ | Branch (275:7): [True: 6.45k, False: 0] ------------------ 276| 6.45k| OID oid; 277| 6.45k| dec.decode(oid); 278| | 279| 6.45k| auto data = ec_group_data().lookup(oid); 280| 6.45k| if(!data) { ------------------ | Branch (280:10): [True: 0, False: 6.45k] ------------------ 281| 0| throw Decoding_Error(fmt("Unknown namedCurve OID '{}'", oid.to_string())); 282| 0| } 283| | 284| 6.45k| return std::make_pair(data, false); 285| 6.45k| } else if(next_obj_type == ASN1_Type::Sequence) { ------------------ | Branch (285:14): [True: 0, False: 0] ------------------ 286| 0| BigInt p; 287| 0| BigInt a; 288| 0| BigInt b; 289| 0| BigInt order; 290| 0| BigInt cofactor; 291| 0| std::vector base_pt; 292| 0| std::vector seed; 293| | 294| 0| dec.start_sequence() 295| 0| .decode_and_check(1, "Unknown ECC param version code") 296| 0| .start_sequence() 297| 0| .decode_and_check(OID({1, 2, 840, 10045, 1, 1}), "Only prime ECC fields supported") 298| 0| .decode(p) 299| 0| .end_cons() 300| 0| .start_sequence() 301| 0| .decode_octet_string_bigint(a) 302| 0| .decode_octet_string_bigint(b) 303| 0| .decode_optional_string(seed, ASN1_Type::BitString, ASN1_Type::BitString, ASN1_Class::Universal) 304| 0| .end_cons() 305| 0| .decode(base_pt, ASN1_Type::OctetString) 306| 0| .decode(order) 307| 0| .decode(cofactor) 308| 0| .end_cons() 309| 0| .verify_end(); 310| | 311| | // TODO(Botan4) Require cofactor == 1 312| 0| if(cofactor <= 0 || cofactor >= 16) { ------------------ | Branch (312:10): [True: 0, False: 0] | Branch (312:27): [True: 0, False: 0] ------------------ 313| 0| throw Decoding_Error("Invalid ECC cofactor parameter"); 314| 0| } 315| | 316| 0| if(p.bits() < 112 || p.bits() > 521 || p.signum() < 0) { ------------------ | Branch (316:10): [True: 0, False: 0] | Branch (316:28): [True: 0, False: 0] | Branch (316:46): [True: 0, False: 0] ------------------ 317| 0| throw Decoding_Error("ECC p parameter is invalid size"); 318| 0| } 319| | 320| | // A can be zero 321| 0| if(a.signum() < 0 || a >= p) { ------------------ | Branch (321:10): [True: 0, False: 0] | Branch (321:28): [True: 0, False: 0] ------------------ 322| 0| throw Decoding_Error("Invalid ECC a parameter"); 323| 0| } 324| | 325| | // B must be > 0 326| 0| if(b.signum() <= 0 || b >= p) { ------------------ | Branch (326:10): [True: 0, False: 0] | Branch (326:29): [True: 0, False: 0] ------------------ 327| 0| throw Decoding_Error("Invalid ECC b parameter"); 328| 0| } 329| | 330| 0| if(order.signum() <= 0 || order >= 2 * p) { ------------------ | Branch (330:10): [True: 0, False: 0] | Branch (330:10): [True: 0, False: 0] | Branch (330:33): [True: 0, False: 0] ------------------ 331| 0| throw Decoding_Error("Invalid ECC group order"); 332| 0| } 333| | 334| 0| if(auto data = ec_group_data().lookup_from_params(p, a, b, base_pt, order, cofactor)) { ------------------ | Branch (334:15): [True: 0, False: 0] ------------------ 335| 0| return std::make_pair(data, true); 336| 0| } 337| | 338| | /* 339| | TODO(Botan4) the remaining code is used only to handle the case of decoding an EC_Group 340| | which is neither a builtin group nor a group that was registered by the application. 341| | It can all be removed and replaced with a throw 342| | */ 343| | 344| 0| auto mod_p = Barrett_Reduction::for_public_modulus(p); 345| 0| if(!is_bailie_psw_probable_prime(p, mod_p)) { ------------------ | Branch (345:10): [True: 0, False: 0] ------------------ 346| 0| throw Decoding_Error("ECC p parameter is not a prime"); 347| 0| } 348| | 349| 0| auto mod_order = Barrett_Reduction::for_public_modulus(order); 350| 0| if(!is_bailie_psw_probable_prime(order, mod_order)) { ------------------ | Branch (350:10): [True: 0, False: 0] ------------------ 351| 0| throw Decoding_Error("Invalid ECC order parameter"); 352| 0| } 353| | 354| 0| const size_t p_bytes = p.bytes(); 355| 0| if(base_pt.size() != 1 + p_bytes && base_pt.size() != 1 + 2 * p_bytes) { ------------------ | Branch (355:10): [True: 0, False: 0] | Branch (355:43): [True: 0, False: 0] ------------------ 356| 0| throw Decoding_Error("Invalid ECC base point encoding"); 357| 0| } 358| | 359| 0| auto [g_x, g_y] = [&]() { 360| 0| const uint8_t hdr = base_pt[0]; 361| | 362| 0| if(hdr == 0x04 && base_pt.size() == 1 + 2 * p_bytes) { 363| 0| const BigInt x = BigInt::from_bytes(std::span{base_pt}.subspan(1, p_bytes)); 364| 0| const BigInt y = BigInt::from_bytes(std::span{base_pt}.subspan(1 + p_bytes, p_bytes)); 365| | 366| 0| if(x < p && y < p) { 367| 0| return std::make_pair(x, y); 368| 0| } 369| 0| } else if((hdr == 0x02 || hdr == 0x03) && base_pt.size() == 1 + p_bytes) { 370| | // TODO(Botan4) remove this branch; we won't support compressed points 371| 0| const BigInt x = BigInt::from_bytes(std::span{base_pt}.subspan(1, p_bytes)); 372| 0| BigInt y = sqrt_modulo_prime(((x * x + a) * x + b) % p, p); 373| | 374| 0| if(x < p && y >= 0) { 375| 0| const bool y_mod_2 = (hdr & 0x01) == 1; 376| 0| if(y.get_bit(0) != y_mod_2) { 377| 0| y = p - y; 378| 0| } 379| | 380| 0| return std::make_pair(x, y); 381| 0| } 382| 0| } 383| | 384| 0| throw Decoding_Error("Invalid ECC base point encoding"); 385| 0| }(); 386| | 387| | // TODO(Botan4) we can remove this check since we'll only accept pre-registered groups 388| 0| auto y2 = mod_p.square(g_y); 389| 0| auto x3_ax_b = mod_p.reduce(mod_p.cube(g_x) + mod_p.multiply(a, g_x) + b); 390| 0| if(y2 != x3_ax_b) { ------------------ | Branch (390:10): [True: 0, False: 0] ------------------ 391| 0| throw Decoding_Error("Invalid ECC base point"); 392| 0| } 393| | 394| | /* 395| | * Create the group data without registering it in the global map. 396| | * 397| | * Applications that need persistent custom groups should register them 398| | * via the relevant EC_Group constructor 399| | */ 400| 0| auto data = EC_Group_Data::create(p, a, b, g_x, g_y, order, cofactor, OID(), source); 401| 0| return std::make_pair(data, true); 402| 0| } else if(next_obj_type == ASN1_Type::Null) { ------------------ | Branch (402:14): [True: 0, False: 0] ------------------ 403| 0| throw Decoding_Error("Decoding ImplicitCA ECC parameters is not supported"); 404| 0| } else { 405| 0| throw Decoding_Error( 406| 0| fmt("Unexpected tag {} while decoding ECC domain params", asn1_tag_to_string(next_obj_type))); 407| 0| } 408| 6.45k|} _ZN5Botan8EC_GroupD2Ev: 412| 53.4k|EC_Group::~EC_Group() = default; _ZN5Botan8EC_GroupC2ERKS0_: 414| 21.8k|EC_Group::EC_Group(const EC_Group&) = default; _ZN5Botan8EC_GroupC2EONSt3__110shared_ptrINS_13EC_Group_DataEEE: 419| 4.96k|EC_Group::EC_Group(std::shared_ptr&& data) : m_data(std::move(data)) {} _ZN5Botan8EC_Group9from_nameENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 478| 4.96k|EC_Group EC_Group::from_name(std::string_view name) { 479| 4.96k| std::shared_ptr data; 480| | 481| 4.96k| if(auto oid = OID::from_name(name)) { ------------------ | Branch (481:12): [True: 4.96k, False: 0] ------------------ 482| 4.96k| data = ec_group_data().lookup(oid.value()); 483| 4.96k| } 484| | 485| 4.96k| if(!data) { ------------------ | Branch (485:7): [True: 0, False: 4.96k] ------------------ 486| 0| throw Invalid_Argument(fmt("Unknown EC_Group '{}'", name)); 487| 0| } 488| | 489| 4.96k| return EC_Group(std::move(data)); 490| 4.96k|} _ZN5Botan8EC_GroupC2ENSt3__14spanIKhLm18446744073709551615EEE: 636| 6.45k|EC_Group::EC_Group(std::span der) { 637| 6.45k| auto data = DER_decode_EC_group(der, EC_Group_Source::ExternalSource); 638| 6.45k| m_data = data.first; 639| 6.45k| m_explicit_encoding = data.second; 640| 6.45k|} _ZNK5Botan8EC_Group4dataEv: 647| 22.4k|const EC_Group_Data& EC_Group::data() const { 648| 22.4k| if(m_data == nullptr) { ------------------ | Branch (648:7): [True: 0, False: 22.4k] ------------------ 649| 0| throw Invalid_State("EC_Group uninitialized"); 650| 0| } 651| 22.4k| return *m_data; 652| 22.4k|} _ZNK5Botan8EC_Group10get_p_bitsEv: 654| 1.69k|size_t EC_Group::get_p_bits() const { 655| 1.69k| return data().p_bits(); 656| 1.69k|} _ZNK5Botan8EC_Group15get_order_bytesEv: 666| 6.45k|size_t EC_Group::get_order_bytes() const { 667| 6.45k| return data().order_bytes(); 668| 6.45k|} _ZNK5Botan8EC_Group12has_cofactorEv: 734| 3.38k|bool EC_Group::has_cofactor() const { 735| 3.38k| return data().has_cofactor(); 736| 3.38k|} _ZNK5Botan8EC_Group13get_curve_oidEv: 738| 10.9k|const OID& EC_Group::get_curve_oid() const { 739| 10.9k| return data().oid(); 740| 10.9k|} _ZN5Botan17EC_Group_Data_Map6lookupERKNS_3OIDE: 54| 11.4k| std::shared_ptr lookup(const OID& oid) { 55| 11.4k| const lock_guard_type lock(m_mutex); 56| | 57| 22.9k| for(auto i : m_registered_curves) { ------------------ | Branch (57:21): [True: 22.9k, False: 6] ------------------ 58| 22.9k| if(i->oid() == oid) { ------------------ | Branch (58:16): [True: 11.4k, False: 11.4k] ------------------ 59| 11.4k| return i; 60| 11.4k| } 61| 22.9k| } 62| | 63| | // Not found, check hardcoded data 64| 6| std::shared_ptr data = EC_Group::EC_group_info(oid); 65| | 66| 6| if(data) { ------------------ | Branch (66:13): [True: 6, False: 0] ------------------ 67| | // The requested OID may be an alias for a curve whose canonical OID differs 68| | // TODO(Botan4) remove this once we require exactly one canonical OID per curve 69| 6| if(data->oid() != oid) { ------------------ | Branch (69:16): [True: 0, False: 6] ------------------ 70| 0| for(const auto& i : m_registered_curves) { ------------------ | Branch (70:34): [True: 0, False: 0] ------------------ 71| 0| if(i->oid() == data->oid()) { ------------------ | Branch (71:22): [True: 0, False: 0] ------------------ 72| 0| return i; 73| 0| } 74| 0| } 75| 0| } 76| | 77| 6| m_registered_curves.push_back(data); 78| 6| return data; 79| 6| } 80| | 81| | // Nope, unknown curve 82| 0| return std::shared_ptr(); 83| 6| } _ZN5Botan13EC_Group_DataD2Ev: 27| 6|EC_Group_Data::~EC_Group_Data() = default; _ZN5Botan13EC_Group_DataC2ERKNS_6BigIntES3_S3_S3_S3_S3_S3_RKNS_3OIDENS_15EC_Group_SourceE: 39| 6| m_p(p), 40| 6| m_a(a), 41| 6| m_b(b), 42| 6| m_g_x(g_x), 43| 6| m_g_y(g_y), 44| 6| m_order(order), 45| 6| m_cofactor(cofactor), 46| |#if defined(BOTAN_HAS_LEGACY_EC_POINT) 47| 6| m_mod_field(Barrett_Reduction::for_public_modulus(p)), 48| 6| m_mod_order(Barrett_Reduction::for_public_modulus(order)), 49| 6| m_monty(m_p, m_mod_field), 50| |#endif 51| 6| m_oid(oid), 52| 6| m_p_words(p.sig_words()), 53| 6| m_p_bits(p.bits()), 54| 6| m_order_bits(order.bits()), 55| 6| m_order_bytes((m_order_bits + 7) / 8), 56| 6| m_a_is_minus_3(a == p - 3), 57| 6| m_a_is_zero(a.is_zero()), 58| 6| m_has_cofactor(m_cofactor != 1), 59| 6| m_order_is_less_than_p(m_order < p), 60| 6| m_source(source) { 61| | // Verify the generator (x, y) satisfies y^2 = x^3 + a*x + b (mod p) 62| 6| auto mod_p = Barrett_Reduction::for_public_modulus(p); 63| 6| const BigInt y2 = mod_p.square(g_y); 64| 6| const BigInt x3_ax_b = mod_p.reduce(mod_p.cube(g_x) + mod_p.multiply(a, g_x) + b); 65| 6| if(y2 != x3_ax_b) { ------------------ | Branch (65:7): [True: 0, False: 6] ------------------ 66| 0| throw Invalid_Argument("EC_Group generator is not on the curve"); 67| 0| } 68| | 69| | // TODO(Botan4) we can assume/assert the OID is set 70| 6| if(!m_oid.empty()) { ------------------ | Branch (70:7): [True: 6, False: 0] ------------------ 71| 6| DER_Encoder der(m_der_named_curve); 72| 6| der.encode(m_oid); 73| | 74| 6| const std::string name = m_oid.human_name_or_empty(); 75| 6| if(!name.empty()) { ------------------ | Branch (75:10): [True: 6, False: 0] ------------------ 76| | // returns nullptr if unknown or not supported 77| 6| m_pcurve = PCurve::PrimeOrderCurve::for_named_curve(name); 78| 6| } 79| 6| if(m_pcurve) { ------------------ | Branch (79:10): [True: 6, False: 0] ------------------ 80| 6| m_engine = EC_Group_Engine::Optimized; 81| 6| } 82| 6| } 83| | 84| | // Try a generic pcurves instance 85| 6| if(!m_pcurve && !m_has_cofactor) { ------------------ | Branch (85:7): [True: 0, False: 6] | Branch (85:20): [True: 0, False: 0] ------------------ 86| 0| m_pcurve = PCurve::PrimeOrderCurve::from_params(p, a, b, g_x, g_y, order); 87| 0| if(m_pcurve) { ------------------ | Branch (87:10): [True: 0, False: 0] ------------------ 88| 0| m_engine = EC_Group_Engine::Generic; 89| 0| } 90| | // possibly still null here, if parameters unsuitable or if the 91| | // pcurves_generic module wasn't included in the build 92| 0| } 93| | 94| 6|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 95| 6| secure_vector ws; 96| 6| m_a_r = m_monty.mul(a, m_monty.R2(), ws); 97| 6| m_b_r = m_monty.mul(b, m_monty.R2(), ws); 98| 6| if(!m_pcurve) { ------------------ | Branch (98:7): [True: 0, False: 6] ------------------ 99| 0| m_engine = EC_Group_Engine::Legacy; 100| 0| } 101| |#else 102| | if(!m_pcurve) { 103| | if(m_oid.empty()) { 104| | throw Not_Implemented("EC_Group this group is not supported in this build configuration"); 105| | } else { 106| | throw Not_Implemented( 107| | fmt("EC_Group the group {} is not supported in this build configuration", oid.to_string())); 108| | } 109| | } 110| |#endif 111| 6|} _ZN5Botan13EC_Group_Data6createERKNS_6BigIntES3_S3_S3_S3_S3_S3_RKNS_3OIDENS_15EC_Group_SourceE: 121| 6| EC_Group_Source source) { 122| 6| auto group = std::make_shared(p, a, b, g_x, g_y, order, cofactor, oid, source); 123| | 124| 6|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 125| 6| group->m_curve = CurveGFp(group.get()); 126| 6| group->m_base_point = EC_Point(group->m_curve, g_x, g_y); 127| 6| if(!group->m_pcurve) { ------------------ | Branch (127:7): [True: 0, False: 6] ------------------ 128| 0| group->m_base_mult = std::make_unique(group->m_base_point, group->m_mod_order); 129| 0| } 130| 6|#endif 131| | 132| 6| return group; 133| 6|} _ZNK5Botan13EC_Group_Data13scalar_randomERNS_21RandomNumberGeneratorE: 293| 2.77k|std::unique_ptr EC_Group_Data::scalar_random(RandomNumberGenerator& rng) const { 294| 2.77k| if(m_pcurve) { ------------------ | Branch (294:7): [True: 2.77k, False: 0] ------------------ 295| 2.77k| return std::make_unique(shared_from_this(), m_pcurve->random_scalar(rng)); 296| 2.77k| } else { 297| 0|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 298| 0| return std::make_unique(shared_from_this(), 299| 0| BigInt::random_integer(rng, BigInt::one(), m_order)); 300| |#else 301| | throw Not_Implemented("Legacy EC interfaces disabled in this build configuration"); 302| |#endif 303| 0| } 304| 2.77k|} _ZNK5Botan13EC_Group_Data18scalar_deserializeENSt3__14spanIKhLm18446744073709551615EEE: 358| 6.45k|std::unique_ptr EC_Group_Data::scalar_deserialize(std::span bytes) const { 359| 6.45k| if(bytes.size() != m_order_bytes) { ------------------ | Branch (359:7): [True: 0, False: 6.45k] ------------------ 360| 0| return nullptr; 361| 0| } 362| | 363| 6.45k| if(m_pcurve) { ------------------ | Branch (363:7): [True: 6.45k, False: 0] ------------------ 364| 6.45k| if(auto s = m_pcurve->deserialize_scalar(bytes)) { ------------------ | Branch (364:15): [True: 6.45k, False: 0] ------------------ 365| 6.45k| return std::make_unique(shared_from_this(), *s); 366| 6.45k| } else { 367| 0| return nullptr; 368| 0| } 369| 6.45k| } else { 370| 0|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 371| 0| BigInt r(bytes); 372| | 373| 0| if(r.is_zero() || r >= m_order) { ------------------ | Branch (373:10): [True: 0, False: 0] | Branch (373:25): [True: 0, False: 0] ------------------ 374| 0| return nullptr; 375| 0| } 376| | 377| 0| return std::make_unique(shared_from_this(), std::move(r)); 378| |#else 379| | throw Not_Implemented("Legacy EC interfaces disabled in this build configuration"); 380| |#endif 381| 0| } 382| 6.45k|} _ZNK5Botan13EC_Group_Data17point_deserializeENSt3__14spanIKhLm18446744073709551615EEE: 384| 10.4k|std::unique_ptr EC_Group_Data::point_deserialize(std::span bytes) const { 385| | // The deprecated "hybrid" point format 386| | // TODO(Botan4) remove this 387| 10.4k| if(bytes.size() >= 1 + 2 * 4 && (bytes[0] == 0x06 || bytes[0] == 0x07)) { ------------------ | Branch (387:7): [True: 10.4k, False: 26] | Branch (387:37): [True: 123, False: 10.3k] | Branch (387:57): [True: 25, False: 10.3k] ------------------ 388| 148| const bool hdr_y_is_even = bytes[0] == 0x06; 389| 148| const bool y_is_even = (bytes.back() & 0x01) == 0; 390| | 391| 148| if(hdr_y_is_even == y_is_even) { ------------------ | Branch (391:10): [True: 145, False: 3] ------------------ 392| 145| std::vector sec1(bytes.begin(), bytes.end()); 393| 145| sec1[0] = 0x04; 394| 145| return this->point_deserialize(sec1); 395| 145| } 396| 148| } 397| | 398| 10.3k| try { 399| 10.3k| if(m_pcurve) { ------------------ | Branch (399:10): [True: 10.3k, False: 0] ------------------ 400| 10.3k| if(auto pt = m_pcurve->deserialize_point(bytes)) { ------------------ | Branch (400:18): [True: 9.84k, False: 496] ------------------ 401| 9.84k| return std::make_unique(shared_from_this(), std::move(*pt)); 402| 9.84k| } else { 403| 496| return {}; 404| 496| } 405| 10.3k| } else { 406| 0|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 407| 0| auto pt = Botan::OS2ECP(bytes, m_curve); 408| 0| return std::make_unique(shared_from_this(), std::move(pt)); 409| |#else 410| | throw Not_Implemented("Legacy EC interfaces disabled in this build configuration"); 411| |#endif 412| 0| } 413| 10.3k| } catch(...) { 414| 0| return {}; 415| 0| } 416| 10.3k|} _ZNK5Botan13EC_Group_Data11point_g_mulERKNS_14EC_Scalar_DataERNS_21RandomNumberGeneratorE: 466| 2.77k| RandomNumberGenerator& rng) const { 467| 2.77k| if(m_pcurve) { ------------------ | Branch (467:7): [True: 2.77k, False: 0] ------------------ 468| 2.77k| const auto& k = EC_Scalar_Data_PC::checked_ref(scalar); 469| 2.77k| auto pt = m_pcurve->point_to_affine(m_pcurve->mul_by_g(k.value(), rng)); 470| 2.77k| return std::make_unique(shared_from_this(), std::move(pt)); 471| 2.77k| } else { 472| 0|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 473| 0| const auto& group = scalar.group(); 474| 0| const auto& bn = EC_Scalar_Data_BN::checked_ref(scalar); 475| | 476| 0| BOTAN_STATE_CHECK(group->m_base_mult != nullptr); ------------------ | | 51| 0| do { \ | | 52| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 0| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 0] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 0| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 0] | | ------------------ ------------------ 477| 0| std::vector ws; 478| 0| auto pt = group->m_base_mult->mul(bn.value(), rng, m_order, ws); 479| 0| return std::make_unique(shared_from_this(), std::move(pt)); 480| |#else 481| | throw Not_Implemented("Legacy EC interfaces disabled in this build configuration"); 482| |#endif 483| 0| } 484| 2.77k|} _ZN5Botan17EC_Scalar_Data_PC11checked_refERKNS_14EC_Scalar_DataE: 14| 4.46k|const EC_Scalar_Data_PC& EC_Scalar_Data_PC::checked_ref(const EC_Scalar_Data& data) { 15| 4.46k| const auto* p = dynamic_cast(&data); 16| 4.46k| if(p == nullptr) { ------------------ | Branch (16:7): [True: 0, False: 4.46k] ------------------ 17| 0| throw Invalid_State("Failed conversion to EC_Scalar_Data_PC"); 18| 0| } 19| 4.46k| return *p; 20| 4.46k|} _ZNK5Botan17EC_Scalar_Data_PC5groupEv: 22| 31.0k|const std::shared_ptr& EC_Scalar_Data_PC::group() const { 23| 31.0k| return m_group; 24| 31.0k|} _ZNK5Botan17EC_Scalar_Data_PC5bytesEv: 26| 9.22k|size_t EC_Scalar_Data_PC::bytes() const { 27| 9.22k| return this->group()->order_bytes(); 28| 9.22k|} _ZNK5Botan17EC_Scalar_Data_PC5cloneEv: 30| 8.15k|std::unique_ptr EC_Scalar_Data_PC::clone() const { 31| 8.15k| return std::make_unique(this->group(), this->value()); 32| 8.15k|} _ZNK5Botan17EC_Scalar_Data_PC7is_zeroEv: 34| 9.22k|bool EC_Scalar_Data_PC::is_zero() const { 35| 9.22k| const auto& pcurve = this->group()->pcurve(); 36| 9.22k| return pcurve.scalar_is_zero(m_v); 37| 9.22k|} _ZN5Botan17EC_Scalar_Data_PC7zeroizeEv: 48| 9.22k|void EC_Scalar_Data_PC::zeroize() { 49| 9.22k| m_v._zeroize(); 50| 9.22k|} _ZNK5Botan17EC_Scalar_Data_PC12serialize_toENSt3__14spanIhLm18446744073709551615EEE: 81| 9.22k|void EC_Scalar_Data_PC::serialize_to(std::span bytes) const { 82| 9.22k| BOTAN_ARG_CHECK(bytes.size() == m_group->order_bytes(), "Invalid output length"); ------------------ | | 35| 9.22k| do { \ | | 36| 9.22k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 9.22k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 9.22k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 9.22k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 9.22k] | | ------------------ ------------------ 83| 9.22k| m_group->pcurve().serialize_scalar(bytes, m_v); 84| 9.22k|} _ZN5Botan22EC_AffinePoint_Data_PCC2ENSt3__110shared_ptrIKNS_13EC_Group_DataEEENS_6PCurve15PrimeOrderCurve11AffinePointE: 88| 16.0k| m_group(std::move(group)), m_pt(std::move(pt)) { 89| 16.0k| const auto& pcurve = m_group->pcurve(); 90| | 91| 16.0k| if(!pcurve.affine_point_is_identity(m_pt)) { ------------------ | Branch (91:7): [True: 15.9k, False: 14] ------------------ 92| 15.9k| m_xy.resize(1 + 2 * field_element_bytes()); 93| 15.9k| pcurve.serialize_point(m_xy, m_pt); 94| 15.9k| } 95| 16.0k|} _ZNK5Botan22EC_AffinePoint_Data_PC5cloneEv: 105| 3.39k|std::unique_ptr EC_AffinePoint_Data_PC::clone() const { 106| 3.39k| return std::make_unique(m_group, m_pt); 107| 3.39k|} _ZNK5Botan22EC_AffinePoint_Data_PC10mul_x_onlyERKNS_14EC_Scalar_DataERNS_21RandomNumberGeneratorE: 123| 1.69k| RandomNumberGenerator& rng) const { 124| 1.69k| BOTAN_ARG_CHECK(scalar.group() == m_group, "Curve mismatch"); ------------------ | | 35| 1.69k| do { \ | | 36| 1.69k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 1.69k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 1.69k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 1.69k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 1.69k] | | ------------------ ------------------ 125| 1.69k| const auto& k = EC_Scalar_Data_PC::checked_ref(scalar).value(); 126| 1.69k| return m_group->pcurve().mul_x_only(m_pt, k, rng); 127| 1.69k|} _ZNK5Botan22EC_AffinePoint_Data_PC19field_element_bytesEv: 129| 35.8k|size_t EC_AffinePoint_Data_PC::field_element_bytes() const { 130| 35.8k| return m_group->pcurve().field_element_bytes(); 131| 35.8k|} _ZNK5Botan22EC_AffinePoint_Data_PC11is_identityEv: 133| 32.5k|bool EC_AffinePoint_Data_PC::is_identity() const { 134| 32.5k| return m_xy.empty(); 135| 32.5k|} _ZNK5Botan22EC_AffinePoint_Data_PC14serialize_x_toENSt3__14spanIhLm18446744073709551615EEE: 137| 27|void EC_AffinePoint_Data_PC::serialize_x_to(std::span bytes) const { 138| 27| BOTAN_STATE_CHECK(!this->is_identity()); ------------------ | | 51| 27| do { \ | | 52| 27| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 27| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 27] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 27| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 27] | | ------------------ ------------------ 139| 27| const size_t fe_bytes = this->field_element_bytes(); 140| 27| BOTAN_ARG_CHECK(bytes.size() == fe_bytes, "Invalid output size"); ------------------ | | 35| 27| do { \ | | 36| 27| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 27| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 27] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 27| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 27] | | ------------------ ------------------ 141| 27| copy_mem(bytes, std::span{m_xy}.subspan(1, fe_bytes)); 142| 27|} _ZNK5Botan22EC_AffinePoint_Data_PC23serialize_compressed_toENSt3__14spanIhLm18446744073709551615EEE: 158| 27|void EC_AffinePoint_Data_PC::serialize_compressed_to(std::span bytes) const { 159| 27| BOTAN_STATE_CHECK(!this->is_identity()); ------------------ | | 51| 27| do { \ | | 52| 27| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 27| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 27] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 27| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 27] | | ------------------ ------------------ 160| 27| const size_t fe_bytes = this->field_element_bytes(); 161| 27| BOTAN_ARG_CHECK(bytes.size() == 1 + fe_bytes, "Invalid output size"); ------------------ | | 35| 27| do { \ | | 36| 27| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 27| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 27] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 27| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 27] | | ------------------ ------------------ 162| 27| const bool y_is_odd = (m_xy.back() & 0x01) == 0x01; 163| | 164| 27| BufferStuffer stuffer(bytes); 165| 27| stuffer.append(y_is_odd ? 0x03 : 0x02); ------------------ | Branch (165:19): [True: 12, False: 15] ------------------ 166| 27| this->serialize_x_to(stuffer.next(fe_bytes)); 167| 27|} _ZNK5Botan22EC_AffinePoint_Data_PC25serialize_uncompressed_toENSt3__14spanIhLm18446744073709551615EEE: 169| 4.43k|void EC_AffinePoint_Data_PC::serialize_uncompressed_to(std::span bytes) const { 170| 4.43k| BOTAN_STATE_CHECK(!this->is_identity()); ------------------ | | 51| 4.43k| do { \ | | 52| 4.43k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 4.43k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 4.43k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 4.43k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 4.43k] | | ------------------ ------------------ 171| 4.43k| const size_t fe_bytes = this->field_element_bytes(); 172| 4.43k| BOTAN_ARG_CHECK(bytes.size() == 1 + 2 * fe_bytes, "Invalid output size"); ------------------ | | 35| 4.43k| do { \ | | 36| 4.43k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 4.43k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 4.43k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 4.43k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 4.43k] | | ------------------ ------------------ 173| 4.43k| copy_mem(bytes, m_xy); 174| 4.43k|} _ZNK5Botan22EC_AffinePoint_Data_PC15to_legacy_pointEv: 177| 10.9k|EC_Point EC_AffinePoint_Data_PC::to_legacy_point() const { 178| 10.9k| if(this->is_identity()) { ------------------ | Branch (178:7): [True: 7, False: 10.9k] ------------------ 179| 7| return EC_Point(m_group->curve()); 180| 10.9k| } else { 181| 10.9k| const size_t fe_bytes = this->field_element_bytes(); 182| 10.9k| return EC_Point(m_group->curve(), 183| 10.9k| BigInt::from_bytes(std::span{m_xy}.subspan(1, fe_bytes)), 184| 10.9k| BigInt::from_bytes(std::span{m_xy}.last(fe_bytes))); 185| 10.9k| } 186| 10.9k|} _ZN5Botan8EC_Group13EC_group_infoERKNS_3OIDE: 16| 6|std::shared_ptr EC_Group::EC_group_info(const OID& oid) { 17| | // secp256r1 18| 6| if(oid == OID{1, 2, 840, 10045, 3, 1, 7}) { ------------------ | Branch (18:7): [True: 1, False: 5] ------------------ 19| 1| return load_EC_group_info( 20| 1| "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", 21| 1| "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", 22| 1| "0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", 23| 1| "0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", 24| 1| "0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", 25| 1| "0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", 26| 1| oid); 27| 1| } 28| | 29| | // secp384r1 30| 5| if(oid == OID{1, 3, 132, 0, 34}) { ------------------ | Branch (30:7): [True: 1, False: 4] ------------------ 31| 1| return load_EC_group_info( 32| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", 33| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", 34| 1| "0xB3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", 35| 1| "0xAA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", 36| 1| "0x3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", 37| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", 38| 1| oid); 39| 1| } 40| | 41| | // secp521r1 42| 4| if(oid == OID{1, 3, 132, 0, 35}) { ------------------ | Branch (42:7): [True: 1, False: 3] ------------------ 43| 1| return load_EC_group_info( 44| 1| "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 45| 1| "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", 46| 1| "0x51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", 47| 1| "0xC6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", 48| 1| "0x11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", 49| 1| "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", 50| 1| oid); 51| 1| } 52| | 53| | // brainpool160r1 54| 3| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 1}) { ------------------ | Branch (54:7): [True: 0, False: 3] ------------------ 55| 0| return load_EC_group_info( 56| 0| "0xE95E4A5F737059DC60DFC7AD95B3D8139515620F", 57| 0| "0x340E7BE2A280EB74E2BE61BADA745D97E8F7C300", 58| 0| "0x1E589A8595423412134FAA2DBDEC95C8D8675E58", 59| 0| "0xBED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3", 60| 0| "0x1667CB477A1A8EC338F94741669C976316DA6321", 61| 0| "0xE95E4A5F737059DC60DF5991D45029409E60FC09", 62| 0| oid); 63| 0| } 64| | 65| | // brainpool192r1 66| 3| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 3}) { ------------------ | Branch (66:7): [True: 0, False: 3] ------------------ 67| 0| return load_EC_group_info( 68| 0| "0xC302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297", 69| 0| "0x6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF", 70| 0| "0x469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9", 71| 0| "0xC0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6", 72| 0| "0x14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F", 73| 0| "0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", 74| 0| oid); 75| 0| } 76| | 77| | // brainpool224r1 78| 3| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 5}) { ------------------ | Branch (78:7): [True: 0, False: 3] ------------------ 79| 0| return load_EC_group_info( 80| 0| "0xD7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF", 81| 0| "0x68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43", 82| 0| "0x2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B", 83| 0| "0xD9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D", 84| 0| "0x58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD", 85| 0| "0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", 86| 0| oid); 87| 0| } 88| | 89| | // brainpool256r1 90| 3| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 7}) { ------------------ | Branch (90:7): [True: 1, False: 2] ------------------ 91| 1| return load_EC_group_info( 92| 1| "0xA9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", 93| 1| "0x7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", 94| 1| "0x26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", 95| 1| "0x8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", 96| 1| "0x547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", 97| 1| "0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", 98| 1| oid); 99| 1| } 100| | 101| | // brainpool320r1 102| 2| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 9}) { ------------------ | Branch (102:7): [True: 0, False: 2] ------------------ 103| 0| return load_EC_group_info( 104| 0| "0xD35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27", 105| 0| "0x3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4", 106| 0| "0x520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6", 107| 0| "0x43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611", 108| 0| "0x14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1", 109| 0| "0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", 110| 0| oid); 111| 0| } 112| | 113| | // brainpool384r1 114| 2| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 11}) { ------------------ | Branch (114:7): [True: 1, False: 1] ------------------ 115| 1| return load_EC_group_info( 116| 1| "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", 117| 1| "0x7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", 118| 1| "0x4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", 119| 1| "0x1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E", 120| 1| "0x8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", 121| 1| "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", 122| 1| oid); 123| 1| } 124| | 125| | // brainpool512r1 126| 1| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 13}) { ------------------ | Branch (126:7): [True: 1, False: 0] ------------------ 127| 1| return load_EC_group_info( 128| 1| "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", 129| 1| "0x7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", 130| 1| "0x3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", 131| 1| "0x81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822", 132| 1| "0x7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", 133| 1| "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", 134| 1| oid); 135| 1| } 136| | 137| | // frp256v1 138| 0| if(oid == OID{1, 2, 250, 1, 223, 101, 256, 1}) { ------------------ | Branch (138:7): [True: 0, False: 0] ------------------ 139| 0| return load_EC_group_info( 140| 0| "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C03", 141| 0| "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C00", 142| 0| "0xEE353FCA5428A9300D4ABA754A44C00FDFEC0C9AE4B1A1803075ED967B7BB73F", 143| 0| "0xB6B3D4C356C139EB31183D4749D423958C27D2DCAF98B70164C97A2DD98F5CFF", 144| 0| "0x6142E0F7C8B204911F9271F0F3ECEF8C2701C307E8E4C9E183115A1554062CFB", 145| 0| "0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1", 146| 0| oid); 147| 0| } 148| | 149| | // gost_256A 150| 0| if(oid == OID{1, 2, 643, 7, 1, 2, 1, 1, 1} || oid == OID{1, 2, 643, 2, 2, 35, 1} || oid == OID{1, 2, 643, 2, 2, 36, 0}) { ------------------ | Branch (150:7): [True: 0, False: 0] | Branch (150:7): [True: 0, False: 0] | Branch (150:50): [True: 0, False: 0] | Branch (150:88): [True: 0, False: 0] ------------------ 151| 0| return load_EC_group_info( 152| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97", 153| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94", 154| 0| "0xA6", 155| 0| "0x1", 156| 0| "0x8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14", 157| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893", 158| 0| OID{1, 2, 643, 7, 1, 2, 1, 1, 1}); 159| 0| } 160| | 161| | // gost_512A 162| 0| if(oid == OID{1, 2, 643, 7, 1, 2, 1, 2, 1}) { ------------------ | Branch (162:7): [True: 0, False: 0] ------------------ 163| 0| return load_EC_group_info( 164| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7", 165| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4", 166| 0| "0xE8C2505DEDFC86DDC1BD0B2B6667F1DA34B82574761CB0E879BD081CFD0B6265EE3CB090F30D27614CB4574010DA90DD862EF9D4EBEE4761503190785A71C760", 167| 0| "0x3", 168| 0| "0x7503CFE87A836AE3A61B8816E25450E6CE5E1C93ACF1ABC1778064FDCBEFA921DF1626BE4FD036E93D75E6A50E3A41E98028FE5FC235F5B889A589CB5215F2A4", 169| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275", 170| 0| oid); 171| 0| } 172| | 173| | // secp160k1 174| 0| if(oid == OID{1, 3, 132, 0, 9}) { ------------------ | Branch (174:7): [True: 0, False: 0] ------------------ 175| 0| return load_EC_group_info( 176| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 177| 0| "0x0", 178| 0| "0x7", 179| 0| "0x3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", 180| 0| "0x938CF935318FDCED6BC28286531733C3F03C4FEE", 181| 0| "0x100000000000000000001B8FA16DFAB9ACA16B6B3", 182| 0| oid); 183| 0| } 184| | 185| | // secp160r1 186| 0| if(oid == OID{1, 3, 132, 0, 8}) { ------------------ | Branch (186:7): [True: 0, False: 0] ------------------ 187| 0| return load_EC_group_info( 188| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", 189| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", 190| 0| "0x1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", 191| 0| "0x4A96B5688EF573284664698968C38BB913CBFC82", 192| 0| "0x23A628553168947D59DCC912042351377AC5FB32", 193| 0| "0x100000000000000000001F4C8F927AED3CA752257", 194| 0| oid); 195| 0| } 196| | 197| | // secp160r2 198| 0| if(oid == OID{1, 3, 132, 0, 30}) { ------------------ | Branch (198:7): [True: 0, False: 0] ------------------ 199| 0| return load_EC_group_info( 200| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 201| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", 202| 0| "0xB4E134D3FB59EB8BAB57274904664D5AF50388BA", 203| 0| "0x52DCB034293A117E1F4FF11B30F7199D3144CE6D", 204| 0| "0xFEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E", 205| 0| "0x100000000000000000000351EE786A818F3A1A16B", 206| 0| oid); 207| 0| } 208| | 209| | // secp192k1 210| 0| if(oid == OID{1, 3, 132, 0, 31}) { ------------------ | Branch (210:7): [True: 0, False: 0] ------------------ 211| 0| return load_EC_group_info( 212| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", 213| 0| "0x0", 214| 0| "0x3", 215| 0| "0xDB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", 216| 0| "0x9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", 217| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", 218| 0| oid); 219| 0| } 220| | 221| | // secp192r1 222| 0| if(oid == OID{1, 2, 840, 10045, 3, 1, 1}) { ------------------ | Branch (222:7): [True: 0, False: 0] ------------------ 223| 0| return load_EC_group_info( 224| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", 225| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", 226| 0| "0x64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", 227| 0| "0x188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", 228| 0| "0x7192B95FFC8DA78631011ED6B24CDD573F977A11E794811", 229| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", 230| 0| oid); 231| 0| } 232| | 233| | // secp224k1 234| 0| if(oid == OID{1, 3, 132, 0, 32}) { ------------------ | Branch (234:7): [True: 0, False: 0] ------------------ 235| 0| return load_EC_group_info( 236| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", 237| 0| "0x0", 238| 0| "0x5", 239| 0| "0xA1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", 240| 0| "0x7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", 241| 0| "0x10000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", 242| 0| oid); 243| 0| } 244| | 245| | // secp224r1 246| 0| if(oid == OID{1, 3, 132, 0, 33}) { ------------------ | Branch (246:7): [True: 0, False: 0] ------------------ 247| 0| return load_EC_group_info( 248| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", 249| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", 250| 0| "0xB4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", 251| 0| "0xB70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", 252| 0| "0xBD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", 253| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 254| 0| oid); 255| 0| } 256| | 257| | // secp256k1 258| 0| if(oid == OID{1, 3, 132, 0, 10}) { ------------------ | Branch (258:7): [True: 0, False: 0] ------------------ 259| 0| return load_EC_group_info( 260| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", 261| 0| "0x0", 262| 0| "0x7", 263| 0| "0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", 264| 0| "0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", 265| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 266| 0| oid); 267| 0| } 268| | 269| | // sm2p256v1 270| 0| if(oid == OID{1, 2, 156, 10197, 1, 301}) { ------------------ | Branch (270:7): [True: 0, False: 0] ------------------ 271| 0| return load_EC_group_info( 272| 0| "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF", 273| 0| "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC", 274| 0| "0x28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93", 275| 0| "0x32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7", 276| 0| "0xBC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0", 277| 0| "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123", 278| 0| oid); 279| 0| } 280| | 281| | // x962_p192v2 282| 0| if(oid == OID{1, 2, 840, 10045, 3, 1, 2}) { ------------------ | Branch (282:7): [True: 0, False: 0] ------------------ 283| 0| return load_EC_group_info( 284| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", 285| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", 286| 0| "0xCC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", 287| 0| "0xEEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", 288| 0| "0x6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15", 289| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31", 290| 0| oid); 291| 0| } 292| | 293| | // x962_p192v3 294| 0| if(oid == OID{1, 2, 840, 10045, 3, 1, 3}) { ------------------ | Branch (294:7): [True: 0, False: 0] ------------------ 295| 0| return load_EC_group_info( 296| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", 297| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", 298| 0| "0x22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", 299| 0| "0x7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", 300| 0| "0x38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0", 301| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13", 302| 0| oid); 303| 0| } 304| | 305| | // x962_p239v1 306| 0| if(oid == OID{1, 2, 840, 10045, 3, 1, 4}) { ------------------ | Branch (306:7): [True: 0, False: 0] ------------------ 307| 0| return load_EC_group_info( 308| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", 309| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", 310| 0| "0x6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", 311| 0| "0xFFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", 312| 0| "0x7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE", 313| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B", 314| 0| oid); 315| 0| } 316| | 317| | // x962_p239v2 318| 0| if(oid == OID{1, 2, 840, 10045, 3, 1, 5}) { ------------------ | Branch (318:7): [True: 0, False: 0] ------------------ 319| 0| return load_EC_group_info( 320| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", 321| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", 322| 0| "0x617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", 323| 0| "0x38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", 324| 0| "0x5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA", 325| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063", 326| 0| oid); 327| 0| } 328| | 329| | // x962_p239v3 330| 0| if(oid == OID{1, 2, 840, 10045, 3, 1, 6}) { ------------------ | Branch (330:7): [True: 0, False: 0] ------------------ 331| 0| return load_EC_group_info( 332| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", 333| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", 334| 0| "0x255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", 335| 0| "0x6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", 336| 0| "0x1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3", 337| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551", 338| 0| oid); 339| 0| } 340| | 341| | // numsp512d1 342| 0| if(oid == OID{1, 3, 6, 1, 4, 1, 25258, 4, 3}) { ------------------ | Branch (342:7): [True: 0, False: 0] ------------------ 343| 0| return load_EC_group_info( 344| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7", 345| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4", 346| 0| "0x1D99B", 347| 0| "0x2", 348| 0| "0x1C282EB23327F9711952C250EA61AD53FCC13031CF6DD336E0B9328433AFBDD8CC5A1C1F0C716FDC724DDE537C2B0ADB00BB3D08DC83755B205CC30D7F83CF28", 349| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5B3CA4FB94E7831B4FC258ED97D0BDC63B568B36607CD243CE153F390433555D", 350| 0| oid); 351| 0| } 352| | 353| 0| return std::shared_ptr(); 354| 0|} _ZN5Botan9EC_ScalarC2ENSt3__110unique_ptrINS_14EC_Scalar_DataENS1_14default_deleteIS3_EEEE: 22| 9.22k|EC_Scalar::EC_Scalar(std::unique_ptr scalar) : m_scalar(std::move(scalar)) { 23| 9.22k| BOTAN_ASSERT_NONNULL(m_scalar); ------------------ | | 116| 9.22k| do { \ | | 117| 9.22k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 9.22k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 9.22k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 9.22k] | | ------------------ ------------------ 24| 9.22k|} _ZN5Botan9EC_ScalarC2ERKS0_: 26| 8.15k|EC_Scalar::EC_Scalar(const EC_Scalar& other) : m_scalar(other.inner().clone()) {} _ZN5Botan9EC_ScalarC2EOS0_: 28| 18.4k|EC_Scalar::EC_Scalar(EC_Scalar&& other) noexcept : m_scalar(std::move(other.m_scalar)) {} _ZN5Botan9EC_ScalarD2Ev: 43| 35.8k|EC_Scalar::~EC_Scalar() = default; _ZN5Botan9EC_Scalar6randomERKNS_8EC_GroupERNS_21RandomNumberGeneratorE: 61| 2.77k|EC_Scalar EC_Scalar::random(const EC_Group& group, RandomNumberGenerator& rng) { 62| 2.77k| return EC_Scalar(group._data()->scalar_random(rng)); 63| 2.77k|} _ZNK5Botan9EC_Scalar9to_bigintEv: 77| 9.22k|BigInt EC_Scalar::to_bigint() const { 78| 9.22k| secure_vector bytes(m_scalar->bytes()); 79| 9.22k| m_scalar->serialize_to(bytes); 80| 9.22k| return BigInt::from_bytes(bytes); 81| 9.22k|} _ZN5Botan9EC_Scalar11deserializeERKNS_8EC_GroupENSt3__14spanIKhLm18446744073709551615EEE: 118| 6.45k|std::optional EC_Scalar::deserialize(const EC_Group& group, std::span bytes) { 119| 6.45k| if(auto v = group._data()->scalar_deserialize(bytes)) { ------------------ | Branch (119:12): [True: 6.45k, False: 0] ------------------ 120| 6.45k| return EC_Scalar(std::move(v)); 121| 6.45k| } else { 122| 0| return {}; 123| 0| } 124| 6.45k|} _ZNK5Botan9EC_Scalar7is_zeroEv: 133| 9.22k|bool EC_Scalar::is_zero() const { 134| 9.22k| return inner().is_zero(); 135| 9.22k|} _ZN5Botan9EC_Scalar7zeroizeEv: 169| 9.22k|void EC_Scalar::zeroize() { 170| 9.22k| m_scalar->zeroize(); 171| 9.22k|} _ZN5Botan8CurveGFpC2EPKNS_13EC_Group_DataE: 28| 6|CurveGFp::CurveGFp(const EC_Group_Data* group) : m_group(group) { 29| 6| BOTAN_ASSERT_NONNULL(m_group); ------------------ | | 116| 6| do { \ | | 117| 6| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 6] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 6| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 6] | | ------------------ ------------------ 30| 6|} _ZNK5Botan8CurveGFp5groupEv: 32| 21.8k|const EC_Group_Data& CurveGFp::group() const { 33| 21.8k| BOTAN_ASSERT_NONNULL(m_group); ------------------ | | 116| 21.8k| do { \ | | 117| 21.8k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 21.8k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 21.8k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 21.8k] | | ------------------ ------------------ 34| 21.8k| return *m_group; 35| 21.8k|} _ZN5Botan8EC_PointC2ERKNS_8CurveGFpE: 108| 7|EC_Point::EC_Point(const CurveGFp& curve) : m_curve(curve), m_x(0), m_y(curve.group().monty().R1()), m_z(0) {} _ZN5Botan8EC_PointC2ERKNS_8CurveGFpENS_6BigIntES4_: 115| 10.9k| m_curve(curve), m_x(std::move(x)), m_y(std::move(y)), m_z(m_curve.group().monty().R1()) { 116| 10.9k| const auto& group = m_curve.group(); 117| | 118| 10.9k| if(m_x < 0 || m_x >= group.p()) { ------------------ | Branch (118:7): [True: 0, False: 10.9k] | Branch (118:18): [True: 0, False: 10.9k] ------------------ 119| 0| throw Invalid_Argument("Invalid EC_Point affine x"); 120| 0| } 121| 10.9k| if(m_y < 0 || m_y >= group.p()) { ------------------ | Branch (121:7): [True: 0, False: 10.9k] | Branch (121:18): [True: 0, False: 10.9k] ------------------ 122| 0| throw Invalid_Argument("Invalid EC_Point affine y"); 123| 0| } 124| | 125| 10.9k| secure_vector monty_ws(monty_ws_size(group)); 126| | 127| 10.9k| to_rep(group, m_x, monty_ws); 128| 10.9k| to_rep(group, m_y, monty_ws); 129| 10.9k|} _ZN5Botan8EC_Point4swapERS0_: 792| 10.9k|void EC_Point::swap(EC_Point& other) noexcept { 793| 10.9k| m_curve.swap(other.m_curve); 794| 10.9k| m_x.swap(other.m_x); 795| 10.9k| m_y.swap(other.m_y); 796| 10.9k| m_z.swap(other.m_z); 797| 10.9k|} ec_point.cpp:_ZN5Botan12_GLOBAL__N_113monty_ws_sizeERKNS_13EC_Group_DataE: 102| 10.9k|size_t monty_ws_size(const EC_Group_Data& group) { 103| 10.9k| return 2 * group.p_words(); 104| 10.9k|} ec_point.cpp:_ZN5Botan12_GLOBAL__N_16to_repERKNS_13EC_Group_DataERNS_6BigIntERNSt3__16vectorImNS_16secure_allocatorImEEEE: 55| 21.8k|void to_rep(const EC_Group_Data& group, BigInt& x, secure_vector& ws) { 56| 21.8k| group.monty().mul_by(x, group.monty().R2(), ws); 57| 21.8k|} _ZN5Botan17EC_PublicKey_DataC2ENS_8EC_GroupENS_14EC_AffinePointE: 15| 10.9k| m_group(std::move(group)), m_point(std::move(pt)) { 16| 10.9k|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 17| 10.9k| m_legacy_point = m_point.to_legacy_point(); 18| 10.9k|#endif 19| | 20| | // Checking that the point lies on the curve is done in the deserialization 21| | // of EC_AffinePoint. 22| 10.9k| BOTAN_ARG_CHECK(!m_point.is_identity(), "ECC public key cannot be point at infinity"); ------------------ | | 35| 10.9k| do { \ | | 36| 10.9k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 10.9k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 7, False: 10.9k] | | ------------------ | | 38| 7| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 7| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 7| } \ | | 41| 10.9k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 10.9k] | | ------------------ ------------------ 23| 10.9k|} _ZN5Botan18EC_PrivateKey_DataC2ENS_8EC_GroupENS_9EC_ScalarE: 26| 9.22k| m_group(std::move(group)), m_scalar(std::move(x)), m_legacy_x(m_scalar.to_bigint()) { 27| | // Checking that the scalar is lower than the group order is ensured in the 28| | // deserialization of the EC_Scalar or during the random generation respectively. 29| 9.22k| BOTAN_ARG_CHECK(m_scalar.is_nonzero(), "ECC private key cannot be zero"); ------------------ | | 35| 9.22k| do { \ | | 36| 9.22k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 9.22k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 9.22k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 9.22k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 9.22k] | | ------------------ ------------------ 30| 9.22k|} _ZN5Botan18EC_PrivateKey_DataC2ERKNS_8EC_GroupENSt3__14spanIKhLm18446744073709551615EEE: 62| 6.45k| Botan::EC_PrivateKey_Data(group, decode_ec_secret_key_scalar(group, bytes)) {} _ZN5Botan18EC_PrivateKey_DataD2Ev: 64| 9.22k|EC_PrivateKey_Data::~EC_PrivateKey_Data() { 65| 9.22k| m_scalar.zeroize(); 66| 9.22k|} _ZNK5Botan18EC_PrivateKey_Data10public_keyERNS_21RandomNumberGeneratorEb: 69| 2.77k| bool with_modular_inverse) const { 70| 2.77k| auto public_point = [&] { 71| 2.77k| if(with_modular_inverse) { 72| 2.77k| return EC_AffinePoint::g_mul(m_scalar.invert(), rng); 73| 2.77k| } else { 74| 2.77k| return EC_AffinePoint::g_mul(m_scalar, rng); 75| 2.77k| } 76| 2.77k| }; 77| | 78| 2.77k| return std::make_shared(m_group, public_point()); 79| 2.77k|} ec_key_data.cpp:_ZN5Botan12_GLOBAL__N_127decode_ec_secret_key_scalarERKNS_8EC_GroupENSt3__14spanIKhLm18446744073709551615EEE: 34| 6.45k|EC_Scalar decode_ec_secret_key_scalar(const EC_Group& group, std::span bytes) { 35| 6.45k| const size_t order_bytes = group.get_order_bytes(); 36| | 37| 6.45k| if(bytes.size() < order_bytes) { ------------------ | Branch (37:7): [True: 0, False: 6.45k] ------------------ 38| | /* 39| | * Older versions had a bug which caused secret keys to not be encoded to 40| | * the full byte length of the order if there were leading zero bytes. This 41| | * was particularly a problem for P-521, where on average half of keys do 42| | * not have their high bit set and so can be encoded in 65 bytes, vs 66 43| | * bytes for the full order. 44| | * 45| | * To accommodate this, zero prefix the key if we see such a short input 46| | */ 47| 0| secure_vector padded_sk(order_bytes); 48| 0| copy_mem(std::span{padded_sk}.last(bytes.size()), bytes); 49| 0| return decode_ec_secret_key_scalar(group, padded_sk); 50| 0| } 51| | 52| 6.45k| if(auto s = EC_Scalar::deserialize(group, bytes)) { ------------------ | Branch (52:12): [True: 6.45k, False: 0] ------------------ 53| 6.45k| return s.value(); 54| 6.45k| } else { 55| 0| throw Decoding_Error("EC private key is invalid for this group"); 56| 0| } 57| 6.45k|} ec_key_data.cpp:_ZZNK5Botan18EC_PrivateKey_Data10public_keyERNS_21RandomNumberGeneratorEbENK3$_0clEv: 70| 2.77k| auto public_point = [&] { 71| 2.77k| if(with_modular_inverse) { ------------------ | Branch (71:10): [True: 0, False: 2.77k] ------------------ 72| 0| return EC_AffinePoint::g_mul(m_scalar.invert(), rng); 73| 2.77k| } else { 74| 2.77k| return EC_AffinePoint::g_mul(m_scalar, rng); 75| 2.77k| } 76| 2.77k| }; _ZNK5Botan12EC_PublicKey10key_lengthEv: 26| 1.69k|size_t EC_PublicKey::key_length() const { 27| 1.69k| return domain().get_p_bits(); 28| 1.69k|} _ZN5Botan12EC_PublicKeyC2ERKNS_8EC_GroupERKNS_14EC_AffinePointE: 54| 1.69k|EC_PublicKey::EC_PublicKey(const EC_Group& group, const EC_AffinePoint& pub_point) { 55| 1.69k| m_public_key = std::make_shared(group, pub_point); 56| 1.69k| m_domain_encoding = default_encoding_for(domain()); // NOLINT(*-prefer-member-initializer) 57| 1.69k|} _ZNK5Botan12EC_PublicKey6domainEv: 64| 14.3k|const EC_Group& EC_PublicKey::domain() const { 65| 14.3k| BOTAN_STATE_CHECK(m_public_key != nullptr); ------------------ | | 51| 14.3k| do { \ | | 52| 14.3k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 14.3k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 14.3k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 14.3k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 14.3k] | | ------------------ ------------------ 66| 14.3k| return m_public_key->group(); 67| 14.3k|} _ZNK5Botan12EC_PublicKey16_public_ec_pointEv: 76| 4.46k|const EC_AffinePoint& EC_PublicKey::_public_ec_point() const { 77| 4.46k| BOTAN_STATE_CHECK(m_public_key != nullptr); ------------------ | | 51| 4.46k| do { \ | | 52| 4.46k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 4.46k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 4.46k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 4.46k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 4.46k] | | ------------------ ------------------ 78| 4.46k| return m_public_key->public_key(); 79| 4.46k|} _ZNK5Botan12EC_PublicKey19raw_public_key_bitsEv: 90| 4.46k|std::vector EC_PublicKey::raw_public_key_bits() const { 91| 4.46k| return _public_ec_point().serialize(point_encoding()); 92| 4.46k|} _ZN5Botan12EC_PublicKey18set_point_encodingENS_15EC_Point_FormatE: 102| 2.77k|void EC_PublicKey::set_point_encoding(EC_Point_Format enc) { 103| 2.77k| if(enc != EC_Point_Format::Compressed && enc != EC_Point_Format::Uncompressed && enc != EC_Point_Format::Hybrid) { ------------------ | Branch (103:7): [True: 2.74k, False: 27] | Branch (103:45): [True: 0, False: 2.74k] | Branch (103:85): [True: 0, False: 0] ------------------ 104| 0| throw Invalid_Argument("Invalid point encoding for EC_PublicKey"); 105| 0| } 106| | 107| 2.77k| m_point_encoding = enc; 108| 2.77k|} _ZNK5Botan13EC_PrivateKey12_private_keyEv: 123| 1.69k|const EC_Scalar& EC_PrivateKey::_private_key() const { 124| 1.69k| BOTAN_STATE_CHECK(m_private_key != nullptr); ------------------ | | 51| 1.69k| do { \ | | 52| 1.69k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 1.69k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 1.69k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 1.69k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 1.69k] | | ------------------ ------------------ 125| 1.69k| return m_private_key->private_key(); 126| 1.69k|} _ZN5Botan13EC_PrivateKeyC2ERNS_21RandomNumberGeneratorERKNS_8EC_GroupEb: 143| 2.77k| m_with_modular_inverse(with_modular_inverse) { 144| 2.77k| auto scalar = EC_Scalar::random(ec_group, rng); 145| 2.77k| m_private_key = std::make_shared(ec_group, std::move(scalar)); 146| 2.77k| m_public_key = m_private_key->public_key(rng, with_modular_inverse); 147| 2.77k| m_domain_encoding = default_encoding_for(domain()); 148| 2.77k|} _ZN5Botan13EC_PrivateKeyC2ERKNS_19AlgorithmIdentifierENSt3__14spanIKhLm18446744073709551615EEEb: 179| 6.45k| m_with_modular_inverse(with_modular_inverse) { 180| 6.45k| const EC_Group group(alg_id.parameters()); 181| | 182| 6.45k| OID key_parameters; 183| 6.45k| secure_vector private_key_bits; 184| 6.45k| secure_vector public_key_bits; 185| | 186| 6.45k| BER_Decoder(key_bits, BER_Decoder::Limits::DER()) 187| 6.45k| .start_sequence() 188| 6.45k| .decode_and_check(1, "Unknown version code for ECC key") 189| 6.45k| .decode(private_key_bits, ASN1_Type::OctetString) 190| 6.45k| .decode_optional(key_parameters, ASN1_Type(0), ASN1_Class::ExplicitContextSpecific) 191| 6.45k| .decode_optional_string(public_key_bits, ASN1_Type::BitString, 1, ASN1_Class::ExplicitContextSpecific) 192| 6.45k| .end_cons() 193| 6.45k| .verify_end(); 194| | 195| 6.45k| m_private_key = std::make_shared(group, private_key_bits); 196| | 197| 6.45k| if(public_key_bits.empty()) { ------------------ | Branch (197:7): [True: 0, False: 6.45k] ------------------ 198| 0| m_public_key = m_private_key->public_key(with_modular_inverse); 199| 6.45k| } else { 200| 6.45k| m_public_key = std::make_shared(group, public_key_bits); 201| 6.45k| } 202| | 203| 6.45k| m_domain_encoding = default_encoding_for(domain()); 204| 6.45k|} ecc_key.cpp:_ZN5Botan12_GLOBAL__N_120default_encoding_forERKNS_8EC_GroupE: 36| 10.9k|EC_Group_Encoding default_encoding_for(const EC_Group& group) { 37| 10.9k| if(group.get_curve_oid().empty()) { ------------------ | Branch (37:7): [True: 0, False: 10.9k] ------------------ 38| 0| return EC_Group_Encoding::Explicit; 39| 10.9k| } else { 40| 10.9k| return EC_Group_Encoding::NamedCurve; 41| 10.9k| } 42| 10.9k|} _ZNK5Botan15ECDH_PrivateKey23create_key_agreement_opERNS_21RandomNumberGeneratorENSt3__117basic_string_viewIcNS3_11char_traitsIcEEEES7_: 97| 1.69k| std::string_view provider) const { 98| 1.69k| if(provider == "base" || provider.empty()) { ------------------ | Branch (98:7): [True: 0, False: 1.69k] | Branch (98:29): [True: 1.69k, False: 0] ------------------ 99| 1.69k| return std::make_unique(*this, params, rng); 100| 1.69k| } 101| | 102| 0| throw Provider_Not_Found(algo_name(), provider); 103| 1.69k|} ecdh.cpp:_ZN5Botan12_GLOBAL__N_117ECDH_KA_OperationC2ERKNS_15ECDH_PrivateKeyENSt3__117basic_string_viewIcNS5_11char_traitsIcEEEERNS_21RandomNumberGeneratorE: 30| 1.69k| PK_Ops::Key_Agreement_with_KDF(kdf), 31| 1.69k| m_group(key.domain()), 32| 1.69k| m_l_times_priv(mul_cofactor_inv(m_group, key._private_key())), 33| 1.69k| m_rng(rng) {} ecdh.cpp:_ZN5Botan12_GLOBAL__N_117ECDH_KA_Operation16mul_cofactor_invERKNS_8EC_GroupERKNS_9EC_ScalarE: 68| 1.69k| static EC_Scalar mul_cofactor_inv(const EC_Group& group, const EC_Scalar& x) { 69| | // We implement BSI TR-03111 ECKAEG which only matters in the (rare/deprecated) 70| | // case of a curve with cofactor. 71| | 72| 1.69k| if(group.has_cofactor()) { ------------------ | Branch (72:13): [True: 0, False: 1.69k] ------------------ 73| | // We could precompute this but cofactors are rare 74| 0| return x * EC_Scalar::from_bigint(group, group.get_cofactor()).invert_vartime(); 75| 1.69k| } else { 76| 1.69k| return x; 77| 1.69k| } 78| 1.69k| } ecdh.cpp:_ZN5Botan12_GLOBAL__N_117ECDH_KA_Operation9raw_agreeEPKhm: 37| 1.69k| secure_vector raw_agree(const uint8_t w[], size_t w_len) override { 38| 1.69k| const auto input_point = [&] { 39| 1.69k| if(m_group.has_cofactor()) { 40| 1.69k|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 41| 1.69k| return EC_AffinePoint(m_group, m_group.get_cofactor() * m_group.OS2ECP(w, w_len)); 42| |#else 43| | throw Not_Implemented( 44| | "Support for DH with cofactor adjustment not available in this build configuration"); 45| |#endif 46| 1.69k| } else { 47| 1.69k| if(auto point = EC_AffinePoint::deserialize(m_group, {w, w_len})) { 48| 1.69k| return *point; 49| 1.69k| } else { 50| 1.69k| throw Decoding_Error("ECDH - Invalid elliptic curve point: not on curve"); 51| 1.69k| } 52| 1.69k| } 53| 1.69k| }(); 54| | 55| | // Typical specs (such as BSI's TR-03111 Section 4.3.1) require that 56| | // we check the resulting point of the multiplication to not be the 57| | // point at infinity. However, since we ensure that our ECC private 58| | // scalar can never be zero, checking the peer's input point is 59| | // equivalent. 60| 1.69k| if(input_point.is_identity()) { ------------------ | Branch (60:13): [True: 0, False: 1.69k] ------------------ 61| 0| throw Decoding_Error("ECDH - Invalid elliptic curve point: identity"); 62| 0| } 63| | 64| 1.69k| return input_point.mul_x_only(m_l_times_priv, m_rng); 65| 1.69k| } ecdh.cpp:_ZZN5Botan12_GLOBAL__N_117ECDH_KA_Operation9raw_agreeEPKhmENKUlvE_clEv: 38| 1.69k| const auto input_point = [&] { 39| 1.69k| if(m_group.has_cofactor()) { ------------------ | Branch (39:16): [True: 0, False: 1.69k] ------------------ 40| 0|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 41| 0| return EC_AffinePoint(m_group, m_group.get_cofactor() * m_group.OS2ECP(w, w_len)); 42| |#else 43| | throw Not_Implemented( 44| | "Support for DH with cofactor adjustment not available in this build configuration"); 45| |#endif 46| 1.69k| } else { 47| 1.69k| if(auto point = EC_AffinePoint::deserialize(m_group, {w, w_len})) { ------------------ | Branch (47:24): [True: 1.69k, False: 0] ------------------ 48| 1.69k| return *point; 49| 1.69k| } else { 50| 0| throw Decoding_Error("ECDH - Invalid elliptic curve point: not on curve"); 51| 0| } 52| 1.69k| } 53| 1.69k| }(); _ZN5Botan8PEM_Code6decodeERNS_10DataSourceERNSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEE: 62| 12.9k|secure_vector decode(DataSource& source, std::string& label) { 63| 12.9k| const size_t RANDOM_CHAR_LIMIT = 8; 64| | 65| 12.9k| label.clear(); 66| | 67| 12.9k| const std::string PEM_HEADER1 = "-----BEGIN "; 68| 12.9k| const std::string PEM_HEADER2 = "-----"; 69| 12.9k| size_t position = 0; 70| | 71| 158k| while(position != PEM_HEADER1.length()) { ------------------ | Branch (71:10): [True: 145k, False: 12.9k] ------------------ 72| 145k| auto b = source.read_byte(); 73| | 74| 145k| if(!b) { ------------------ | Branch (74:10): [True: 44, False: 145k] ------------------ 75| 44| throw Decoding_Error("PEM: No PEM header found"); 76| 44| } 77| 145k| if(static_cast(*b) == PEM_HEADER1[position]) { ------------------ | Branch (77:10): [True: 142k, False: 2.92k] ------------------ 78| 142k| ++position; 79| 142k| } else if(position >= RANDOM_CHAR_LIMIT) { ------------------ | Branch (79:17): [True: 1, False: 2.92k] ------------------ 80| 1| throw Decoding_Error("PEM: Malformed PEM header"); 81| 2.92k| } else { 82| 2.92k| position = 0; 83| 2.92k| } 84| 145k| } 85| 12.9k| position = 0; 86| 219k| while(position != PEM_HEADER2.length()) { ------------------ | Branch (86:10): [True: 206k, False: 12.9k] ------------------ 87| 206k| auto b = source.read_byte(); 88| | 89| 206k| if(!b) { ------------------ | Branch (89:10): [True: 0, False: 206k] ------------------ 90| 0| throw Decoding_Error("PEM: No PEM header found"); 91| 0| } 92| 206k| if(static_cast(*b) == PEM_HEADER2[position]) { ------------------ | Branch (92:10): [True: 64.5k, False: 142k] ------------------ 93| 64.5k| ++position; 94| 142k| } else if(position > 0) { ------------------ | Branch (94:17): [True: 0, False: 142k] ------------------ 95| 0| throw Decoding_Error("PEM: Malformed PEM header"); 96| 0| } 97| | 98| 206k| if(position == 0) { ------------------ | Branch (98:10): [True: 142k, False: 64.5k] ------------------ 99| 142k| if(label.size() >= 128) { ------------------ | Branch (99:13): [True: 0, False: 142k] ------------------ 100| 0| throw Decoding_Error("PEM: Label too long"); 101| 0| } 102| 142k| label += static_cast(*b); 103| 142k| } 104| 206k| } 105| | 106| 12.9k| std::vector b64; 107| | 108| 12.9k| const std::string PEM_TRAILER = fmt("-----END {}-----", label); 109| 12.9k| position = 0; 110| 5.68M| while(position != PEM_TRAILER.length()) { ------------------ | Branch (110:10): [True: 5.67M, False: 12.9k] ------------------ 111| 5.67M| auto b = source.read_byte(); 112| | 113| 5.67M| if(!b) { ------------------ | Branch (113:10): [True: 0, False: 5.67M] ------------------ 114| 0| throw Decoding_Error("PEM: No PEM trailer found"); 115| 0| } 116| 5.67M| if(static_cast(*b) == PEM_TRAILER[position]) { ------------------ | Branch (116:10): [True: 322k, False: 5.34M] ------------------ 117| 322k| ++position; 118| 5.34M| } else if(position > 0) { ------------------ | Branch (118:17): [True: 0, False: 5.34M] ------------------ 119| 0| throw Decoding_Error("PEM: Malformed PEM trailer"); 120| 0| } 121| | 122| 5.67M| if(position == 0) { ------------------ | Branch (122:10): [True: 5.34M, False: 322k] ------------------ 123| 5.34M| b64.push_back(*b); 124| 5.34M| } 125| 5.67M| } 126| | 127| 12.9k| return base64_decode(b64.data(), b64.size()); 128| 12.9k|} _ZN5Botan8PEM_Code7matchesERNS_10DataSourceENSt3__117basic_string_viewIcNS3_11char_traitsIcEEEEm: 143| 252|bool matches(DataSource& source, std::string_view extra, size_t search_range) { 144| 252| const std::string PEM_HEADER = fmt("-----BEGIN {}", extra); 145| | 146| 252| secure_vector search_buf(search_range); 147| 252| const size_t got = source.peek(search_buf.data(), search_buf.size(), 0); 148| | 149| 252| if(got < PEM_HEADER.length()) { ------------------ | Branch (149:7): [True: 45, False: 207] ------------------ 150| 45| return false; 151| 45| } 152| | 153| 207| size_t index = 0; 154| | 155| 8.34k| for(size_t j = 0; j != got; ++j) { ------------------ | Branch (155:22): [True: 8.14k, False: 207] ------------------ 156| 8.14k| if(static_cast(search_buf[j]) == PEM_HEADER[index]) { ------------------ | Branch (156:10): [True: 379, False: 7.76k] ------------------ 157| 379| ++index; 158| 7.76k| } else { 159| 7.76k| index = 0; 160| 7.76k| } 161| | 162| 8.14k| if(index == PEM_HEADER.size()) { ------------------ | Branch (162:10): [True: 0, False: 8.14k] ------------------ 163| 0| return true; 164| 0| } 165| 8.14k| } 166| | 167| 207| return false; 168| 207|} _ZN5Botan16load_private_keyERKNS_19AlgorithmIdentifierENSt3__14spanIKhLm18446744073709551615EEE: 290| 6.45k| [[maybe_unused]] std::span key_bits) { 291| 6.45k| const std::string oid_str = alg_id.oid().to_formatted_string(); 292| 6.45k| const std::vector alg_info = split_on(oid_str, '/'); 293| 6.45k| const std::string_view alg_name = alg_info[0]; 294| | 295| 6.45k|#if defined(BOTAN_HAS_RSA) 296| 6.45k| if(alg_name == "RSA") { ------------------ | Branch (296:7): [True: 0, False: 6.45k] ------------------ 297| 0| return std::make_unique(alg_id, key_bits); 298| 0| } 299| 6.45k|#endif 300| | 301| 6.45k|#if defined(BOTAN_HAS_X25519) 302| 6.45k| if(alg_name == "X25519" || alg_name == "Curve25519") { ------------------ | Branch (302:7): [True: 0, False: 6.45k] | Branch (302:31): [True: 0, False: 6.45k] ------------------ 303| 0| return std::make_unique(alg_id, key_bits); 304| 0| } 305| 6.45k|#endif 306| | 307| 6.45k|#if defined(BOTAN_HAS_X448) 308| 6.45k| if(alg_name == "X448") { ------------------ | Branch (308:7): [True: 0, False: 6.45k] ------------------ 309| 0| return std::make_unique(alg_id, key_bits); 310| 0| } 311| 6.45k|#endif 312| | 313| 6.45k|#if defined(BOTAN_HAS_ECDSA) 314| 6.45k| if(alg_name == "ECDSA") { ------------------ | Branch (314:7): [True: 6.45k, False: 0] ------------------ 315| 6.45k| return std::make_unique(alg_id, key_bits); 316| 6.45k| } 317| 0|#endif 318| | 319| 0|#if defined(BOTAN_HAS_ECDH) 320| 0| if(alg_name == "ECDH") { ------------------ | Branch (320:7): [True: 0, False: 0] ------------------ 321| 0| return std::make_unique(alg_id, key_bits); 322| 0| } 323| 0|#endif 324| | 325| 0|#if defined(BOTAN_HAS_DIFFIE_HELLMAN) 326| 0| if(alg_name == "DH") { ------------------ | Branch (326:7): [True: 0, False: 0] ------------------ 327| 0| return std::make_unique(alg_id, key_bits); 328| 0| } 329| 0|#endif 330| | 331| 0|#if defined(BOTAN_HAS_DSA) 332| 0| if(alg_name == "DSA") { ------------------ | Branch (332:7): [True: 0, False: 0] ------------------ 333| 0| return std::make_unique(alg_id, key_bits); 334| 0| } 335| 0|#endif 336| | 337| 0|#if defined(BOTAN_HAS_FRODOKEM) 338| 0| if(alg_name == "FrodoKEM" || alg_name.starts_with("FrodoKEM-") || alg_name.starts_with("eFrodoKEM-")) { ------------------ | Branch (338:7): [True: 0, False: 0] | Branch (338:33): [True: 0, False: 0] | Branch (338:70): [True: 0, False: 0] ------------------ 339| 0| return std::make_unique(alg_id, key_bits); 340| 0| } 341| 0|#endif 342| | 343| 0|#if defined(BOTAN_HAS_KYBER) || defined(BOTAN_HAS_KYBER_90S) 344| 0| if(alg_name == "Kyber" || alg_name.starts_with("Kyber-")) { ------------------ | Branch (344:7): [True: 0, False: 0] | Branch (344:30): [True: 0, False: 0] ------------------ 345| 0| return std::make_unique(alg_id, key_bits); 346| 0| } 347| 0|#endif 348| | 349| 0|#if defined(BOTAN_HAS_ML_KEM) 350| 0| if(alg_name.starts_with("ML-KEM-")) { ------------------ | Branch (350:7): [True: 0, False: 0] ------------------ 351| 0| return std::make_unique(alg_id, key_bits); 352| 0| } 353| 0|#endif 354| | 355| 0|#if defined(BOTAN_HAS_MCELIECE) 356| 0| if(alg_name == "McEliece") { ------------------ | Branch (356:7): [True: 0, False: 0] ------------------ 357| 0| return std::make_unique(key_bits); 358| 0| } 359| 0|#endif 360| | 361| 0|#if defined(BOTAN_HAS_ECGDSA) 362| 0| if(alg_name == "ECGDSA") { ------------------ | Branch (362:7): [True: 0, False: 0] ------------------ 363| 0| return std::make_unique(alg_id, key_bits); 364| 0| } 365| 0|#endif 366| | 367| 0|#if defined(BOTAN_HAS_ECKCDSA) 368| 0| if(alg_name == "ECKCDSA") { ------------------ | Branch (368:7): [True: 0, False: 0] ------------------ 369| 0| return std::make_unique(alg_id, key_bits); 370| 0| } 371| 0|#endif 372| | 373| 0|#if defined(BOTAN_HAS_ED25519) 374| 0| if(alg_name == "Ed25519") { ------------------ | Branch (374:7): [True: 0, False: 0] ------------------ 375| 0| return std::make_unique(alg_id, key_bits); 376| 0| } 377| 0|#endif 378| | 379| 0|#if defined(BOTAN_HAS_ED448) 380| 0| if(alg_name == "Ed448") { ------------------ | Branch (380:7): [True: 0, False: 0] ------------------ 381| 0| return std::make_unique(alg_id, key_bits); 382| 0| } 383| 0|#endif 384| | 385| 0|#if defined(BOTAN_HAS_GOST_34_10_2001) 386| 0| if(alg_name == "GOST-34.10" || alg_name == "GOST-34.10-2012-256" || alg_name == "GOST-34.10-2012-512") { ------------------ | Branch (386:7): [True: 0, False: 0] | Branch (386:35): [True: 0, False: 0] | Branch (386:72): [True: 0, False: 0] ------------------ 387| 0| return std::make_unique(alg_id, key_bits); 388| 0| } 389| 0|#endif 390| | 391| 0|#if defined(BOTAN_HAS_SM2) 392| 0| if(alg_name == "SM2" || alg_name == "SM2_Sig" || alg_name == "SM2_Enc") { ------------------ | Branch (392:7): [True: 0, False: 0] | Branch (392:28): [True: 0, False: 0] | Branch (392:53): [True: 0, False: 0] ------------------ 393| 0| return std::make_unique(alg_id, key_bits); 394| 0| } 395| 0|#endif 396| | 397| 0|#if defined(BOTAN_HAS_ELGAMAL) 398| 0| if(alg_name == "ElGamal") { ------------------ | Branch (398:7): [True: 0, False: 0] ------------------ 399| 0| return std::make_unique(alg_id, key_bits); 400| 0| } 401| 0|#endif 402| | 403| 0|#if defined(BOTAN_HAS_XMSS_RFC8391) 404| 0| if(alg_name == "XMSS") { ------------------ | Branch (404:7): [True: 0, False: 0] ------------------ 405| 0| return std::make_unique(key_bits); 406| 0| } 407| 0|#endif 408| | 409| 0|#if defined(BOTAN_HAS_DILITHIUM) || defined(BOTAN_HAS_DILITHIUM_AES) 410| 0| if(alg_name == "Dilithium" || alg_name.starts_with("Dilithium-")) { ------------------ | Branch (410:7): [True: 0, False: 0] | Branch (410:34): [True: 0, False: 0] ------------------ 411| 0| return std::make_unique(alg_id, key_bits); 412| 0| } 413| 0|#endif 414| | 415| 0|#if defined(BOTAN_HAS_ML_DSA) 416| 0| if(alg_name.starts_with("ML-DSA-")) { ------------------ | Branch (416:7): [True: 0, False: 0] ------------------ 417| 0| return std::make_unique(alg_id, key_bits); 418| 0| } 419| 0|#endif 420| | 421| 0|#if defined(BOTAN_HAS_HSS_LMS) 422| 0| if(alg_name == "HSS-LMS-Private-Key") { ------------------ | Branch (422:7): [True: 0, False: 0] ------------------ 423| 0| return std::make_unique(key_bits); 424| 0| } 425| 0|#endif 426| | 427| 0|#if defined(BOTAN_HAS_SPHINCS_PLUS_WITH_SHA2) || defined(BOTAN_HAS_SPHINCS_PLUS_WITH_SHAKE) 428| 0| if(alg_name == "SPHINCS+" || alg_name.starts_with("SphincsPlus-")) { ------------------ | Branch (428:7): [True: 0, False: 0] | Branch (428:33): [True: 0, False: 0] ------------------ 429| 0| return std::make_unique(alg_id, key_bits); 430| 0| } 431| 0|#endif 432| | 433| 0|#if defined(BOTAN_HAS_SLH_DSA_WITH_SHA2) || defined(BOTAN_HAS_SLH_DSA_WITH_SHAKE) 434| 0| if(alg_name.starts_with("SLH-DSA-") || alg_name.starts_with("Hash-SLH-DSA-")) { ------------------ | Branch (434:7): [True: 0, False: 0] | Branch (434:43): [True: 0, False: 0] ------------------ 435| 0| return std::make_unique(alg_id, key_bits); 436| 0| } 437| 0|#endif 438| | 439| 0|#if defined(BOTAN_HAS_CLASSICMCELIECE) 440| 0| if(alg_name.starts_with("ClassicMcEliece")) { ------------------ | Branch (440:7): [True: 0, False: 0] ------------------ 441| 0| return std::make_unique(alg_id, key_bits); 442| 0| } 443| 0|#endif 444| | 445| 0| throw Decoding_Error(fmt("Unknown or unavailable public key algorithm '{}'", alg_name)); 446| 0|} _ZN5Botan22format_hex_fingerprintENSt3__14spanIKhLm18446744073709551615EEE: 45| 12.9k|std::string format_hex_fingerprint(std::span bits) { 46| 12.9k| const std::string hex = hex_encode(bits); 47| | 48| 12.9k| std::string fprint; 49| 12.9k| fprint.reserve(3 * bits.size()); 50| | 51| 348k| for(size_t i = 0; i != hex.size(); i += 2) { ------------------ | Branch (51:22): [True: 335k, False: 12.9k] ------------------ 52| 335k| if(i != 0) { ------------------ | Branch (52:10): [True: 322k, False: 12.9k] ------------------ 53| 322k| fprint.push_back(':'); 54| 322k| } 55| | 56| 335k| fprint.push_back(hex[i]); 57| 335k| fprint.push_back(hex[i + 1]); 58| 335k| } 59| | 60| 12.9k| return fprint; 61| 12.9k|} _ZN5Botan6PK_Ops22Key_Agreement_with_KDFC2ENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 77| 1.69k|PK_Ops::Key_Agreement_with_KDF::Key_Agreement_with_KDF(std::string_view kdf) { 78| 1.69k| if(kdf != "Raw") { ------------------ | Branch (78:7): [True: 0, False: 1.69k] ------------------ 79| 0| m_kdf = KDF::create_or_throw(kdf); 80| 0| } 81| 1.69k|} _ZN5Botan6PK_Ops22Key_Agreement_with_KDFD2Ev: 83| 1.69k|PK_Ops::Key_Agreement_with_KDF::~Key_Agreement_with_KDF() = default; _ZN5Botan6PK_Ops22Key_Agreement_with_KDF5agreeEmNSt3__14spanIKhLm18446744073709551615EEES5_: 87| 1.69k| std::span salt) { 88| 1.69k| if(!salt.empty() && m_kdf == nullptr) { ------------------ | Branch (88:7): [True: 0, False: 1.69k] | Branch (88:24): [True: 0, False: 0] ------------------ 89| 0| throw Invalid_Argument("PK_Key_Agreement::derive_key requires a KDF to use a salt"); 90| 0| } 91| | 92| 1.69k| secure_vector z = raw_agree(other_key.data(), other_key.size()); 93| 1.69k| if(m_kdf) { ------------------ | Branch (93:7): [True: 0, False: 1.69k] ------------------ 94| 0| return m_kdf->derive_key(key_len, z, salt.data(), salt.size()); 95| 0| } 96| 1.69k| return z; 97| 1.69k|} _ZN5Botan5PKCS88load_keyERNS_10DataSourceE: 350| 6.45k|std::unique_ptr load_key(DataSource& source) { 351| 6.45k| auto fail_fn = []() -> std::string { 352| 6.45k| throw PKCS8_Exception("Internal error: Attempt to read password for unencrypted key"); 353| 6.45k| }; 354| | 355| 6.45k| return load_key(source, fail_fn, false); 356| 6.45k|} pkcs8.cpp:_ZN5Botan5PKCS812_GLOBAL__N_18load_keyERNS_10DataSourceERKNSt3__18functionIFNS4_12basic_stringIcNS4_11char_traitsIcEENS4_9allocatorIcEEEEvEEEb: 302| 6.45k| bool is_encrypted) { 303| 6.45k| AlgorithmIdentifier alg_id; 304| 6.45k| secure_vector pkcs8_key = PKCS8_decode(source, get_pass, alg_id, is_encrypted); 305| | 306| 6.45k| const std::string alg_name = alg_id.oid().human_name_or_empty(); 307| 6.45k| if(alg_name.empty()) { ------------------ | Branch (307:7): [True: 0, False: 6.45k] ------------------ 308| 0| throw PKCS8_Exception(fmt("Unknown algorithm OID {}", alg_id.oid())); 309| 0| } 310| | 311| 6.45k| return load_private_key(alg_id, pkcs8_key); 312| 6.45k|} pkcs8.cpp:_ZN5Botan5PKCS812_GLOBAL__N_112PKCS8_decodeERNS_10DataSourceERKNSt3__18functionIFNS4_12basic_stringIcNS4_11char_traitsIcEENS4_9allocatorIcEEEEvEEERNS_19AlgorithmIdentifierEb: 49| 6.45k| bool is_encrypted) { 50| 6.45k| AlgorithmIdentifier pbe_alg_id; 51| 6.45k| secure_vector key_data; 52| 6.45k| secure_vector key; 53| | 54| 6.45k| try { 55| 6.45k| if(ASN1::maybe_BER(source) && !PEM_Code::matches(source)) { ------------------ | Branch (55:10): [True: 0, False: 6.45k] | Branch (55:37): [True: 0, False: 0] ------------------ 56| 0| if(is_encrypted) { ------------------ | Branch (56:13): [True: 0, False: 0] ------------------ 57| 0| key_data = PKCS8_extract(source, pbe_alg_id); 58| 0| } else { 59| | // todo read more efficiently 60| 0| while(auto b = source.read_byte()) { ------------------ | Branch (60:24): [True: 0, False: 0] ------------------ 61| 0| key_data.push_back(*b); 62| 0| } 63| 0| } 64| 6.45k| } else { 65| 6.45k| std::string label; 66| 6.45k| key_data = PEM_Code::decode(source, label); 67| | 68| | // todo remove autodetect for pem as well? 69| 6.45k| if(label == "PRIVATE KEY") { ------------------ | Branch (69:13): [True: 6.45k, False: 0] ------------------ 70| 6.45k| is_encrypted = false; 71| 6.45k| } else if(label == "ENCRYPTED PRIVATE KEY") { ------------------ | Branch (71:20): [True: 0, False: 0] ------------------ 72| 0| DataSource_Memory key_source(key_data); 73| 0| key_data = PKCS8_extract(key_source, pbe_alg_id); 74| 0| } else { 75| 0| throw PKCS8_Exception(fmt("Unknown PEM label '{}'", label)); 76| 0| } 77| 6.45k| } 78| | 79| 6.45k| if(key_data.empty()) { ------------------ | Branch (79:10): [True: 0, False: 6.45k] ------------------ 80| 0| throw PKCS8_Exception("No key data found"); 81| 0| } 82| 6.45k| } catch(Decoding_Error& e) { 83| 0| throw Decoding_Error("PKCS #8 private key decoding", e); 84| 0| } 85| | 86| 6.45k| try { 87| 6.45k| if(is_encrypted) { ------------------ | Branch (87:10): [True: 0, False: 6.45k] ------------------ 88| 0| if(pbe_alg_id.oid().to_formatted_string() != "PBE-PKCS5v20") { ------------------ | Branch (88:13): [True: 0, False: 0] ------------------ 89| 0| throw PKCS8_Exception(fmt("Unknown PBE type {}", pbe_alg_id.oid())); 90| 0| } 91| | 92| 0|#if defined(BOTAN_HAS_PKCS5_PBES2) 93| 0| key = pbes2_decrypt(key_data, get_passphrase(), pbe_alg_id.parameters()); 94| |#else 95| | BOTAN_UNUSED(get_passphrase); 96| | throw Decoding_Error("Private key is encrypted but PBES2 was disabled in build"); 97| |#endif 98| 6.45k| } else { 99| 6.45k| key = key_data; 100| 6.45k| } 101| | 102| 6.45k| BER_Decoder(key, BER_Decoder::Limits::DER()) 103| 6.45k| .start_sequence() 104| 6.45k| .decode_and_check(0, "Unknown PKCS #8 version number") 105| 6.45k| .decode(pk_alg_id) 106| 6.45k| .decode(key, ASN1_Type::OctetString) 107| 6.45k| .discard_remaining() 108| 6.45k| .end_cons() 109| 6.45k| .verify_end(); 110| 6.45k| } catch(std::exception& e) { 111| 0| throw Decoding_Error("PKCS #8 private key decoding", e); 112| 0| } 113| 6.45k| return key; 114| 6.45k|} _ZN5Botan16PK_Key_AgreementC2ERKNS_11Private_KeyERNS_21RandomNumberGeneratorENSt3__117basic_string_viewIcNS6_11char_traitsIcEEEESA_: 216| 1.69k| std::string_view provider) { 217| 1.69k| m_op = key.create_key_agreement_op(rng, kdf, provider); 218| 1.69k| if(!m_op) { ------------------ | Branch (218:7): [True: 0, False: 1.69k] ------------------ 219| 0| throw Invalid_Argument(fmt("Key type {} does not support key agreement", key.algo_name())); 220| 0| } 221| 1.69k|} _ZN5Botan16PK_Key_AgreementD2Ev: 223| 1.69k|PK_Key_Agreement::~PK_Key_Agreement() = default; _ZNK5Botan16PK_Key_Agreement10derive_keyEmNSt3__14spanIKhLm18446744073709551615EEENS1_17basic_string_viewIcNS1_11char_traitsIcEEEE: 241| 1.69k| std::string_view salt) const { 242| 1.69k| return this->derive_key(key_len, peer_key, as_span_of_bytes(salt)); 243| 1.69k|} _ZNK5Botan16PK_Key_Agreement10derive_keyEmNSt3__14spanIKhLm18446744073709551615EEES4_: 247| 1.69k| std::span salt) const { 248| 1.69k| return SymmetricKey(m_op->agree(key_len, peer_key, salt)); 249| 1.69k|} _ZN5Botan16curve25519_donnaEPhPKhS2_: 453| 20|void curve25519_donna(uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32]) { 454| 20| CT::poison(secret, 32); 455| 20| CT::poison(basepoint, 32); 456| | 457| 20| uint64_t bp[5]; 458| 20| uint64_t x[5]; 459| 20| uint64_t z[5]; 460| 20| uint64_t zmone[5]; 461| 20| uint8_t e[32]; 462| | 463| 20| copy_mem(e, secret, 32); 464| 20| e[0] &= 248; 465| 20| e[31] &= 127; 466| 20| e[31] |= 64; 467| | 468| 20| fexpand(bp, basepoint); 469| 20| cmult(x, z, e, bp); 470| 20| crecip(zmone, z); 471| 20| fmul(z, x, zmone); 472| 20| fcontract(mypublic, z); 473| | 474| 20| CT::unpoison(secret, 32); 475| 20| CT::unpoison(basepoint, 32); 476| 20| CT::unpoison(mypublic, 32); 477| 20|} donna.cpp:_ZN5Botan12_GLOBAL__N_17fexpandEPmPKh: 217| 20|inline void fexpand(uint64_t* out, const uint8_t* in) { 218| 20| out[0] = load_le(in, 0) & MASK_63; 219| 20| out[1] = (load_le(in + 6, 0) >> 3) & MASK_63; 220| 20| out[2] = (load_le(in + 12, 0) >> 6) & MASK_63; 221| 20| out[3] = (load_le(in + 19, 0) >> 1) & MASK_63; 222| 20| out[4] = (load_le(in + 24, 0) >> 12) & MASK_63; 223| 20|} donna.cpp:_ZN5Botan12_GLOBAL__N_15cmultEPmS1_PKhPKm: 364| 20|void cmult(uint64_t resultx[5], uint64_t resultz[5], const uint8_t n[32], const uint64_t q[5]) { 365| 20| uint64_t a[5] = {0}; // nqpqx 366| 20| uint64_t b[5] = {1}; // npqpz 367| 20| uint64_t c[5] = {1}; // nqx 368| 20| uint64_t d[5] = {0}; // nqz 369| 20| uint64_t e[5] = {0}; // npqqx2 370| 20| uint64_t f[5] = {1}; // npqqz2 371| 20| uint64_t g[5] = {0}; // nqx2 372| 20| uint64_t h[5] = {1}; // nqz2 373| | 374| 20| copy_mem(a, q, 5); 375| | 376| 660| for(size_t i = 0; i < 32; ++i) { ------------------ | Branch (376:22): [True: 640, False: 20] ------------------ 377| 640| const uint64_t si = n[31 - i]; 378| 640| const auto bit0 = CT::Mask::expand_bit(si, 7); 379| 640| const auto bit1 = CT::Mask::expand_bit(si, 6); 380| 640| const auto bit2 = CT::Mask::expand_bit(si, 5); 381| 640| const auto bit3 = CT::Mask::expand_bit(si, 4); 382| 640| const auto bit4 = CT::Mask::expand_bit(si, 3); 383| 640| const auto bit5 = CT::Mask::expand_bit(si, 2); 384| 640| const auto bit6 = CT::Mask::expand_bit(si, 1); 385| 640| const auto bit7 = CT::Mask::expand_bit(si, 0); 386| | 387| 640| swap_conditional(c, a, d, b, bit0); 388| 640| fmonty(g, h, e, f, c, d, a, b, q); 389| | 390| 640| swap_conditional(g, e, h, f, bit0 ^ bit1); 391| 640| fmonty(c, d, a, b, g, h, e, f, q); 392| | 393| 640| swap_conditional(c, a, d, b, bit1 ^ bit2); 394| 640| fmonty(g, h, e, f, c, d, a, b, q); 395| | 396| 640| swap_conditional(g, e, h, f, bit2 ^ bit3); 397| 640| fmonty(c, d, a, b, g, h, e, f, q); 398| | 399| 640| swap_conditional(c, a, d, b, bit3 ^ bit4); 400| 640| fmonty(g, h, e, f, c, d, a, b, q); 401| | 402| 640| swap_conditional(g, e, h, f, bit4 ^ bit5); 403| 640| fmonty(c, d, a, b, g, h, e, f, q); 404| | 405| 640| swap_conditional(c, a, d, b, bit5 ^ bit6); 406| 640| fmonty(g, h, e, f, c, d, a, b, q); 407| | 408| 640| swap_conditional(g, e, h, f, bit6 ^ bit7); 409| 640| fmonty(c, d, a, b, g, h, e, f, q); 410| | 411| 640| swap_conditional(c, a, d, b, bit7); 412| 640| } 413| | 414| 20| copy_mem(resultx, c, 5); 415| 20| copy_mem(resultz, d, 5); 416| 20|} donna.cpp:_ZN5Botan12_GLOBAL__N_116swap_conditionalEPmS1_S1_S1_NS_2CT4MaskImEE: 346| 5.76k|inline void swap_conditional(uint64_t a[5], uint64_t b[5], uint64_t c[5], uint64_t d[5], CT::Mask swap) { 347| 34.5k| for(size_t i = 0; i < 5; ++i) { ------------------ | Branch (347:22): [True: 28.8k, False: 5.76k] ------------------ 348| 28.8k| const uint64_t x0 = swap.if_set_return(a[i] ^ b[i]); 349| 28.8k| a[i] ^= x0; 350| 28.8k| b[i] ^= x0; 351| | 352| 28.8k| const uint64_t x1 = swap.if_set_return(c[i] ^ d[i]); 353| 28.8k| c[i] ^= x1; 354| 28.8k| d[i] ^= x1; 355| 28.8k| } 356| 5.76k|} donna.cpp:_ZN5Botan12_GLOBAL__N_16fmontyEPmS1_S1_S1_S1_S1_S1_S1_PKm: 308| 5.12k| const uint64_t q_minus_q_dash[5]) { 309| 5.12k| uint64_t zzz[5]; 310| 5.12k| uint64_t xx[5]; 311| 5.12k| uint64_t zz[5]; 312| 5.12k| uint64_t xxprime[5]; 313| 5.12k| uint64_t zzprime[5]; 314| 5.12k| uint64_t zzzprime[5]; 315| | 316| 5.12k| fadd_sub(in_q_z, in_q_x); 317| 5.12k| fadd_sub(in_q_dash_z, in_q_dash_x); 318| | 319| 5.12k| fmul(xxprime, in_q_dash_x, in_q_z); 320| 5.12k| fmul(zzprime, in_q_dash_z, in_q_x); 321| | 322| 5.12k| fadd_sub(zzprime, xxprime); 323| | 324| 5.12k| fsquare(result_q_plus_q_dash_x, xxprime); 325| 5.12k| fsquare(zzzprime, zzprime); 326| 5.12k| fmul(result_q_plus_q_dash_z, zzzprime, q_minus_q_dash); 327| | 328| 5.12k| fsquare(xx, in_q_x); 329| 5.12k| fsquare(zz, in_q_z); 330| 5.12k| fmul(result_two_q_x, xx, zz); 331| | 332| 5.12k| fdifference_backwards(zz, xx); // does zz = xx - zz 333| 5.12k| fscalar_product(zzz, zz, 121665); 334| 5.12k| fsum(zzz, xx); 335| | 336| 5.12k| fmul(result_two_q_z, zz, zzz); 337| 5.12k|} donna.cpp:_ZN5Botan12_GLOBAL__N_18fadd_subEPmS1_: 76| 15.3k|inline void fadd_sub(uint64_t x[5], uint64_t y[5]) { 77| | // TODO merge these and avoid the tmp array 78| 15.3k| uint64_t tmp[5]; 79| 15.3k| copy_mem(tmp, y, 5); 80| 15.3k| fsum(y, x); 81| 15.3k| fdifference_backwards(x, tmp); // does x - z 82| 15.3k|} donna.cpp:_ZN5Botan12_GLOBAL__N_17fsquareEPmPKmm: 169| 20.7k|inline void fsquare(uint64_t out[5], const uint64_t in[5], size_t count = 1) { 170| 20.7k| uint64_t r0 = in[0]; 171| 20.7k| uint64_t r1 = in[1]; 172| 20.7k| uint64_t r2 = in[2]; 173| 20.7k| uint64_t r3 = in[3]; 174| 20.7k| uint64_t r4 = in[4]; 175| | 176| 46.2k| for(size_t i = 0; i != count; ++i) { ------------------ | Branch (176:22): [True: 25.5k, False: 20.7k] ------------------ 177| 25.5k| const uint64_t d0 = r0 * 2; 178| 25.5k| const uint64_t d1 = r1 * 2; 179| 25.5k| const uint64_t d2 = r2 * 2 * 19; 180| 25.5k| const uint64_t d419 = r4 * 19; 181| 25.5k| const uint64_t d4 = d419 * 2; 182| | 183| 25.5k| const uint128_t t0 = uint128_t(r0) * r0 + uint128_t(d4) * r1 + uint128_t(d2) * (r3); 184| 25.5k| uint128_t t1 = uint128_t(d0) * r1 + uint128_t(d4) * r2 + uint128_t(r3) * (r3 * 19); 185| 25.5k| uint128_t t2 = uint128_t(d0) * r2 + uint128_t(r1) * r1 + uint128_t(d4) * (r3); 186| 25.5k| uint128_t t3 = uint128_t(d0) * r3 + uint128_t(d1) * r2 + uint128_t(r4) * (d419); 187| 25.5k| uint128_t t4 = uint128_t(d0) * r4 + uint128_t(d1) * r3 + uint128_t(r2) * (r2); 188| | 189| 25.5k| r0 = t0 & MASK_63; 190| 25.5k| t1 += carry_shift(t0, 51); 191| 25.5k| r1 = t1 & MASK_63; 192| 25.5k| t2 += carry_shift(t1, 51); 193| 25.5k| r2 = t2 & MASK_63; 194| 25.5k| t3 += carry_shift(t2, 51); 195| 25.5k| r3 = t3 & MASK_63; 196| 25.5k| t4 += carry_shift(t3, 51); 197| 25.5k| r4 = t4 & MASK_63; 198| 25.5k| uint64_t c = carry_shift(t4, 51); 199| | 200| 25.5k| r0 += c * 19; 201| 25.5k| c = r0 >> 51U; 202| 25.5k| r0 = r0 & MASK_63; 203| 25.5k| r1 += c; 204| 25.5k| c = r1 >> 51U; 205| 25.5k| r1 = r1 & MASK_63; 206| 25.5k| r2 += c; 207| 25.5k| } 208| | 209| 20.7k| out[0] = r0; 210| 20.7k| out[1] = r1; 211| 20.7k| out[2] = r2; 212| 20.7k| out[3] = r3; 213| 20.7k| out[4] = r4; 214| 20.7k|} donna.cpp:_ZN5Botan12_GLOBAL__N_121fdifference_backwardsEPmPKm: 64| 20.4k|inline void fdifference_backwards(uint64_t out[5], const uint64_t in[5]) { 65| | /* 152 is 19 << 3 */ 66| 20.4k| const uint64_t two54m152 = (static_cast(1) << 54) - 152; 67| 20.4k| const uint64_t two54m8 = (static_cast(1) << 54) - 8; 68| | 69| 20.4k| out[0] = in[0] + two54m152 - out[0]; 70| 20.4k| out[1] = in[1] + two54m8 - out[1]; 71| 20.4k| out[2] = in[2] + two54m8 - out[2]; 72| 20.4k| out[3] = in[3] + two54m8 - out[3]; 73| 20.4k| out[4] = in[4] + two54m8 - out[4]; 74| 20.4k|} donna.cpp:_ZN5Botan12_GLOBAL__N_115fscalar_productEPmPKmm: 87| 5.12k|inline void fscalar_product(uint64_t out[5], const uint64_t in[5], const uint64_t scalar) { 88| 5.12k| uint128_t a = uint128_t(in[0]) * scalar; 89| 5.12k| out[0] = a & MASK_63; 90| | 91| 5.12k| a = uint128_t(in[1]) * scalar + carry_shift(a, 51); 92| 5.12k| out[1] = a & MASK_63; 93| | 94| 5.12k| a = uint128_t(in[2]) * scalar + carry_shift(a, 51); 95| 5.12k| out[2] = a & MASK_63; 96| | 97| 5.12k| a = uint128_t(in[3]) * scalar + carry_shift(a, 51); 98| 5.12k| out[3] = a & MASK_63; 99| | 100| 5.12k| a = uint128_t(in[4]) * scalar + carry_shift(a, 51); 101| 5.12k| out[4] = a & MASK_63; 102| | 103| 5.12k| out[0] += carry_shift(a, 51) * 19; 104| 5.12k|} donna.cpp:_ZN5Botan12_GLOBAL__N_14fsumEPmPKm: 50| 20.4k|inline void fsum(uint64_t out[5], const uint64_t in[5]) { 51| 20.4k| out[0] += in[0]; 52| 20.4k| out[1] += in[1]; 53| 20.4k| out[2] += in[2]; 54| 20.4k| out[3] += in[3]; 55| 20.4k| out[4] += in[4]; 56| 20.4k|} donna.cpp:_ZN5Botan12_GLOBAL__N_16crecipEPmPKm: 421| 20|void crecip(uint64_t out[5], const uint64_t z[5]) { 422| 20| uint64_t a[5]; 423| 20| uint64_t b[5]; 424| 20| uint64_t c[5]; 425| 20| uint64_t t0[5]; 426| | 427| 20| fsquare(a, z); // 2 428| 20| fsquare(t0, a, 2); // 8 429| 20| fmul(b, t0, z); // 9 430| 20| fmul(a, b, a); // 11 431| 20| fsquare(t0, a); // 22 432| 20| fmul(b, t0, b); // 2^5 - 2^0 = 31 433| 20| fsquare(t0, b, 5); // 2^10 - 2^5 434| 20| fmul(b, t0, b); // 2^10 - 2^0 435| 20| fsquare(t0, b, 10); // 2^20 - 2^10 436| 20| fmul(c, t0, b); // 2^20 - 2^0 437| 20| fsquare(t0, c, 20); // 2^40 - 2^20 438| 20| fmul(t0, t0, c); // 2^40 - 2^0 439| 20| fsquare(t0, t0, 10); // 2^50 - 2^10 440| 20| fmul(b, t0, b); // 2^50 - 2^0 441| 20| fsquare(t0, b, 50); // 2^100 - 2^50 442| 20| fmul(c, t0, b); // 2^100 - 2^0 443| 20| fsquare(t0, c, 100); // 2^200 - 2^100 444| 20| fmul(t0, t0, c); // 2^200 - 2^0 445| 20| fsquare(t0, t0, 50); // 2^250 - 2^50 446| 20| fmul(t0, t0, b); // 2^250 - 2^0 447| 20| fsquare(t0, t0, 5); // 2^255 - 2^5 448| 20| fmul(out, t0, a); // 2^255 - 21 449| 20|} donna.cpp:_ZN5Botan12_GLOBAL__N_14fmulEPmPKmS3_: 114| 25.8k|inline void fmul(uint64_t out[5], const uint64_t in[5], const uint64_t in2[5]) { 115| 25.8k| const auto s0 = uint128_t(in2[0]); 116| 25.8k| const auto s1 = uint128_t(in2[1]); 117| 25.8k| const auto s2 = uint128_t(in2[2]); 118| 25.8k| const auto s3 = uint128_t(in2[3]); 119| 25.8k| const auto s4 = uint128_t(in2[4]); 120| | 121| 25.8k| uint64_t r0 = in[0]; 122| 25.8k| uint64_t r1 = in[1]; 123| 25.8k| uint64_t r2 = in[2]; 124| 25.8k| uint64_t r3 = in[3]; 125| 25.8k| uint64_t r4 = in[4]; 126| | 127| 25.8k| uint128_t t0 = r0 * s0; 128| 25.8k| uint128_t t1 = r0 * s1 + r1 * s0; 129| 25.8k| uint128_t t2 = r0 * s2 + r2 * s0 + r1 * s1; 130| 25.8k| uint128_t t3 = r0 * s3 + r3 * s0 + r1 * s2 + r2 * s1; 131| 25.8k| uint128_t t4 = r0 * s4 + r4 * s0 + r3 * s1 + r1 * s3 + r2 * s2; 132| | 133| 25.8k| r4 *= 19; 134| 25.8k| r1 *= 19; 135| 25.8k| r2 *= 19; 136| 25.8k| r3 *= 19; 137| | 138| 25.8k| t0 += r4 * s1 + r1 * s4 + r2 * s3 + r3 * s2; 139| 25.8k| t1 += r4 * s2 + r2 * s4 + r3 * s3; 140| 25.8k| t2 += r4 * s3 + r3 * s4; 141| 25.8k| t3 += r4 * s4; 142| | 143| 25.8k| r0 = t0 & MASK_63; 144| 25.8k| t1 += carry_shift(t0, 51); 145| 25.8k| r1 = t1 & MASK_63; 146| 25.8k| t2 += carry_shift(t1, 51); 147| 25.8k| r2 = t2 & MASK_63; 148| 25.8k| t3 += carry_shift(t2, 51); 149| 25.8k| r3 = t3 & MASK_63; 150| 25.8k| t4 += carry_shift(t3, 51); 151| 25.8k| r4 = t4 & MASK_63; 152| 25.8k| uint64_t c = carry_shift(t4, 51); 153| | 154| 25.8k| r0 += c * 19; 155| 25.8k| c = r0 >> 51U; 156| 25.8k| r0 = r0 & MASK_63; 157| 25.8k| r1 += c; 158| 25.8k| c = r1 >> 51U; 159| 25.8k| r1 = r1 & MASK_63; 160| 25.8k| r2 += c; 161| | 162| 25.8k| out[0] = r0; 163| 25.8k| out[1] = r1; 164| 25.8k| out[2] = r2; 165| 25.8k| out[3] = r3; 166| 25.8k| out[4] = r4; 167| 25.8k|} donna.cpp:_ZN5Botan12_GLOBAL__N_19fcontractEPhPKm: 228| 20|inline void fcontract(uint8_t* out, const uint64_t input[5]) { 229| 20| auto t0 = uint128_t(input[0]); 230| 20| auto t1 = uint128_t(input[1]); 231| 20| auto t2 = uint128_t(input[2]); 232| 20| auto t3 = uint128_t(input[3]); 233| 20| auto t4 = uint128_t(input[4]); 234| | 235| 60| for(size_t i = 0; i != 2; ++i) { ------------------ | Branch (235:22): [True: 40, False: 20] ------------------ 236| 40| t1 += t0 >> 51U; 237| 40| t0 &= MASK_63; 238| 40| t2 += t1 >> 51U; 239| 40| t1 &= MASK_63; 240| 40| t3 += t2 >> 51U; 241| 40| t2 &= MASK_63; 242| 40| t4 += t3 >> 51U; 243| 40| t3 &= MASK_63; 244| 40| t0 += (t4 >> 51U) * 19; 245| 40| t4 &= MASK_63; 246| 40| } 247| | 248| | /* now t is between 0 and 2^255-1, properly carried. */ 249| | /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */ 250| | 251| 20| t0 += 19; 252| | 253| 20| t1 += t0 >> 51U; 254| 20| t0 &= MASK_63; 255| 20| t2 += t1 >> 51U; 256| 20| t1 &= MASK_63; 257| 20| t3 += t2 >> 51U; 258| 20| t2 &= MASK_63; 259| 20| t4 += t3 >> 51U; 260| 20| t3 &= MASK_63; 261| 20| t0 += (t4 >> 51U) * 19; 262| 20| t4 &= MASK_63; 263| | 264| | /* now between 19 and 2^255-1 in both cases, and offset by 19. */ 265| | 266| 20| t0 += 0x8000000000000 - 19; 267| 20| t1 += 0x8000000000000 - 1; 268| 20| t2 += 0x8000000000000 - 1; 269| 20| t3 += 0x8000000000000 - 1; 270| 20| t4 += 0x8000000000000 - 1; 271| | 272| | /* now between 2^255 and 2^256-20, and offset by 2^255. */ 273| | 274| 20| t1 += t0 >> 51U; 275| 20| t0 &= MASK_63; 276| 20| t2 += t1 >> 51U; 277| 20| t1 &= MASK_63; 278| 20| t3 += t2 >> 51U; 279| 20| t2 &= MASK_63; 280| 20| t4 += t3 >> 51U; 281| 20| t3 &= MASK_63; 282| 20| t4 &= MASK_63; 283| | 284| 20| store_le(out, 285| 20| combine_lower(t0, 0, t1, 51), 286| 20| combine_lower(t1, 13, t2, 38), 287| 20| combine_lower(t2, 26, t3, 25), 288| 20| combine_lower(t3, 39, t4, 12)); 289| 20|} _ZN5Botan20curve25519_basepointEPhPKh: 19| 17|void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32]) { 20| 17| const uint8_t basepoint[32] = {9}; 21| 17| curve25519_donna(mypublic, secret, basepoint); 22| 17|} _ZN5Botan16X25519_PublicKeyC1ENSt3__14spanIKhLm18446744073709551615EEE: 51| 11|X25519_PublicKey::X25519_PublicKey(std::span pub) { 52| 11| m_public.assign(pub.begin(), pub.end()); 53| | 54| 11| size_check(m_public.size(), "public key"); 55| 11|} _ZNK5Botan16X25519_PublicKey19raw_public_key_bitsEv: 57| 20|std::vector X25519_PublicKey::raw_public_key_bits() const { 58| 20| return m_public; 59| 20|} _ZN5Botan17X25519_PrivateKeyC1ERNS_21RandomNumberGeneratorE: 79| 17|X25519_PrivateKey::X25519_PrivateKey(RandomNumberGenerator& rng) { 80| 17| m_private = rng.random_vec(32); 81| 17| m_public.resize(32); 82| 17| curve25519_basepoint(m_public.data(), m_private.data()); 83| 17|} _ZNK5Botan17X25519_PrivateKey5agreeEPKhm: 107| 3|secure_vector X25519_PrivateKey::agree(const uint8_t w[], size_t w_len) const { 108| 3| size_check(w_len, "public value"); 109| 3| return curve25519(m_private, w); 110| 3|} _ZNK5Botan17X25519_PrivateKey23create_key_agreement_opERNS_21RandomNumberGeneratorENSt3__117basic_string_viewIcNS3_11char_traitsIcEEEES7_: 151| 3| std::string_view provider) const { 152| 3| if(provider == "base" || provider.empty()) { ------------------ | Branch (152:7): [True: 0, False: 3] | Branch (152:29): [True: 3, False: 0] ------------------ 153| 3| return std::make_unique(*this, params); 154| 3| } 155| 0| throw Provider_Not_Found(algo_name(), provider); 156| 3|} x25519.cpp:_ZN5Botan12_GLOBAL__N_110size_checkEmPKc: 26| 14|void size_check(size_t size, const char* thing) { 27| 14| if(size != 32) { ------------------ | Branch (27:7): [True: 8, False: 6] ------------------ 28| 8| throw Decoding_Error(fmt("Invalid size {} for X25519 {}", size, thing)); 29| 8| } 30| 14|} x25519.cpp:_ZN5Botan12_GLOBAL__N_110curve25519ERKNSt3__16vectorIhNS_16secure_allocatorIhEEEEPKh: 32| 3|secure_vector curve25519(const secure_vector& secret, const uint8_t pubval[32]) { 33| 3| secure_vector out(32); 34| 3| curve25519_donna(out.data(), secret.data(), pubval); 35| 3| return out; 36| 3|} x25519.cpp:_ZN5Botan12_GLOBAL__N_119X25519_KA_OperationC2ERKNS_17X25519_PrivateKeyENSt3__117basic_string_viewIcNS5_11char_traitsIcEEEE: 120| 3| PK_Ops::Key_Agreement_with_KDF(kdf), m_key(key) {} x25519.cpp:_ZN5Botan12_GLOBAL__N_119X25519_KA_Operation9raw_agreeEPKhm: 124| 3| secure_vector raw_agree(const uint8_t w[], size_t w_len) override { 125| 3| auto shared_key = m_key.agree(w, w_len); 126| | 127| | // RFC 7748 Section 6.1 128| | // Both [parties] MAY check, without leaking extra information about 129| | // the value of K, whether K is the all-zero value and abort if so. 130| | // 131| | // TODO: once the generic Key Agreement operation creation is equipped 132| | // with a more flexible parameterization, this check could be 133| | // made optional. 134| | // For instance: `sk->agree().with_optional_sanity_checks(true)`. 135| | // See also: https://github.com/randombit/botan/pull/4318 136| 3| if(CT::all_zeros(shared_key.data(), shared_key.size()).as_bool()) { ------------------ | Branch (136:13): [True: 1, False: 2] ------------------ 137| 1| throw Invalid_Argument("X25519 public point appears to be of low order"); 138| 1| } 139| | 140| 2| return shared_key; 141| 3| } _ZN5Botan10ChaCha_RNGC2ENSt3__14spanIKhLm18446744073709551615EEE: 20| 1|ChaCha_RNG::ChaCha_RNG(std::span seed) { 21| 1| m_hmac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-256)"); 22| 1| m_chacha = StreamCipher::create_or_throw("ChaCha(20)"); 23| 1| clear(); 24| 1| add_entropy(seed); 25| 1|} _ZN5Botan10ChaCha_RNG11clear_stateEv: 50| 1|void ChaCha_RNG::clear_state() { 51| 1| m_hmac->set_key(std::vector(m_hmac->output_length(), 0x00)); 52| 1| m_chacha->set_key(m_hmac->final()); 53| 1|} _ZN5Botan10ChaCha_RNG15generate_outputENSt3__14spanIhLm18446744073709551615EEENS2_IKhLm18446744073709551615EEE: 55| 37.3k|void ChaCha_RNG::generate_output(std::span output, std::span input) { 56| 37.3k| BOTAN_ASSERT_NOMSG(!output.empty()); ------------------ | | 77| 37.3k| do { \ | | 78| 37.3k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 37.3k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 37.3k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 37.3k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 37.3k] | | ------------------ ------------------ 57| | 58| 37.3k| if(!input.empty()) { ------------------ | Branch (58:7): [True: 0, False: 37.3k] ------------------ 59| 0| update(input); 60| 0| } 61| | 62| 37.3k| m_chacha->write_keystream(output); 63| 37.3k|} _ZN5Botan10ChaCha_RNG6updateENSt3__14spanIKhLm18446744073709551615EEE: 65| 1|void ChaCha_RNG::update(std::span input) { 66| 1| m_hmac->update(input); 67| 1| m_chacha->set_key(m_hmac->final()); 68| 1| const auto mac_key = m_chacha->keystream_bytes(m_hmac->output_length()); 69| 1| m_hmac->set_key(mac_key); 70| 1|} _ZNK5Botan10ChaCha_RNG14security_levelEv: 72| 1|size_t ChaCha_RNG::security_level() const { 73| 1| return 256; 74| 1|} _ZN5Botan12Stateful_RNG5clearEv: 15| 1|void Stateful_RNG::clear() { 16| 1| const lock_guard_type lock(m_mutex); 17| 1| m_reseed_counter = 0; 18| 1| m_last_pid = 0; 19| 1| clear_state(); 20| 1|} _ZNK5Botan12Stateful_RNG9is_seededEv: 27| 59.6k|bool Stateful_RNG::is_seeded() const { 28| 59.6k| const lock_guard_type lock(m_mutex); 29| 59.6k| return m_reseed_counter > 0; 30| 59.6k|} _ZN5Botan12Stateful_RNG23generate_batched_outputENSt3__14spanIhLm18446744073709551615EEENS2_IKhLm18446744073709551615EEE: 39| 37.3k|void Stateful_RNG::generate_batched_output(std::span output, std::span input) { 40| 37.3k| BOTAN_ASSERT_NOMSG(!output.empty()); ------------------ | | 77| 37.3k| do { \ | | 78| 37.3k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 37.3k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 37.3k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 37.3k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 37.3k] | | ------------------ ------------------ 41| | 42| 37.3k| const size_t max_per_request = max_number_of_bytes_per_request(); 43| | 44| 37.3k| if(max_per_request == 0) { ------------------ | Branch (44:7): [True: 37.3k, False: 0] ------------------ 45| | // no limit 46| 37.3k| reseed_check(); 47| 37.3k| this->generate_output(output, input); 48| 37.3k| } else { 49| 0| while(!output.empty()) { ------------------ | Branch (49:13): [True: 0, False: 0] ------------------ 50| 0| const size_t this_req = std::min(max_per_request, output.size()); 51| | 52| 0| reseed_check(); 53| 0| this->generate_output(output.subspan(0, this_req), input); 54| | 55| | // only include the input for the first iteration 56| 0| input = {}; 57| | 58| 0| output = output.subspan(this_req); 59| 0| } 60| 0| } 61| 37.3k|} _ZN5Botan12Stateful_RNG21fill_bytes_with_inputENSt3__14spanIhLm18446744073709551615EEENS2_IKhLm18446744073709551615EEE: 63| 37.3k|void Stateful_RNG::fill_bytes_with_input(std::span output, std::span input) { 64| 37.3k| const lock_guard_type lock(m_mutex); 65| | 66| 37.3k| if(output.empty()) { ------------------ | Branch (66:7): [True: 1, False: 37.3k] ------------------ 67| | // Special case for exclusively adding entropy to the stateful RNG. 68| 1| this->update(input); 69| | 70| 1| if(8 * input.size() >= security_level()) { ------------------ | Branch (70:10): [True: 1, False: 0] ------------------ 71| 1| reset_reseed_counter(); 72| 1| } 73| 37.3k| } else { 74| 37.3k| generate_batched_output(output, input); 75| 37.3k| } 76| 37.3k|} _ZN5Botan12Stateful_RNG20reset_reseed_counterEv: 100| 1|void Stateful_RNG::reset_reseed_counter() { 101| | // Lock is held whenever this function is called 102| 1| m_reseed_counter = 1; 103| 1|} _ZN5Botan12Stateful_RNG12reseed_checkEv: 105| 37.3k|void Stateful_RNG::reseed_check() { 106| | // Lock is held whenever this function is called 107| | 108| 37.3k| const uint32_t cur_pid = OS::get_process_id(); 109| | 110| 37.3k| const bool fork_detected = (m_last_pid > 0) && (cur_pid != m_last_pid); ------------------ | Branch (110:31): [True: 0, False: 37.3k] | Branch (110:51): [True: 0, False: 0] ------------------ 111| | 112| 37.3k| if(is_seeded() == false || fork_detected || (m_reseed_interval > 0 && m_reseed_counter >= m_reseed_interval)) { ------------------ | Branch (112:7): [True: 0, False: 37.3k] | Branch (112:31): [True: 0, False: 37.3k] | Branch (112:49): [True: 0, False: 37.3k] | Branch (112:74): [True: 0, False: 0] ------------------ 113| 0| m_reseed_counter = 0; 114| 0| m_last_pid = cur_pid; 115| | 116| 0| if(m_underlying_rng != nullptr) { ------------------ | Branch (116:10): [True: 0, False: 0] ------------------ 117| 0| reseed_from_rng(*m_underlying_rng, security_level()); 118| 0| } 119| | 120| 0| if(m_entropy_sources != nullptr) { ------------------ | Branch (120:10): [True: 0, False: 0] ------------------ 121| 0| reseed_from_sources(*m_entropy_sources, security_level()); 122| 0| } 123| | 124| 0| if(!is_seeded()) { ------------------ | Branch (124:10): [True: 0, False: 0] ------------------ 125| 0| if(fork_detected) { ------------------ | Branch (125:13): [True: 0, False: 0] ------------------ 126| 0| throw Invalid_State("Detected use of fork but cannot reseed DRBG"); 127| 0| } else { 128| 0| throw PRNG_Unseeded(name()); 129| 0| } 130| 0| } 131| 37.3k| } else { 132| 37.3k| BOTAN_ASSERT(m_reseed_counter != 0, "RNG is seeded"); ------------------ | | 64| 37.3k| do { \ | | 65| 37.3k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 37.3k| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 37.3k] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 37.3k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 37.3k] | | ------------------ ------------------ 133| 37.3k| m_reseed_counter += 1; 134| 37.3k| } 135| 37.3k|} _ZN5Botan6ChaChaC2Em: 85| 1|ChaCha::ChaCha(size_t rounds) : m_rounds(rounds) { 86| 1| BOTAN_ARG_CHECK(m_rounds == 8 || m_rounds == 12 || m_rounds == 20, "ChaCha only supports 8, 12 or 20 rounds"); ------------------ | | 35| 1| do { \ | | 36| 1| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 4| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 0, False: 1] | | | Branch (37:12): [True: 0, False: 1] | | | Branch (37:12): [True: 1, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 1| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 1] | | ------------------ ------------------ 87| 1|} _ZN5Botan6ChaCha11parallelismEv: 89| 2|size_t ChaCha::parallelism() { 90| 2|#if defined(BOTAN_HAS_CHACHA_AVX512) 91| 2| if(CPUID::has(CPUID::Feature::AVX512)) { ------------------ | Branch (91:7): [True: 0, False: 2] ------------------ 92| 0| return 16; 93| 0| } 94| 2|#endif 95| | 96| 2|#if defined(BOTAN_HAS_CHACHA_AVX2) 97| 2| if(CPUID::has(CPUID::Feature::AVX2)) { ------------------ | Branch (97:7): [True: 2, False: 0] ------------------ 98| 2| return 8; 99| 2| } 100| 0|#endif 101| | 102| 0| return 4; 103| 2|} _ZN5Botan6ChaCha6chachaEPhmPjm: 127| 2.81k|void ChaCha::chacha(uint8_t output[], size_t output_blocks, uint32_t state[16], size_t rounds) { 128| 2.81k| BOTAN_ASSERT(rounds % 2 == 0, "Valid rounds"); ------------------ | | 64| 2.81k| do { \ | | 65| 2.81k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 2.81k| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 2.81k] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 2.81k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 2.81k] | | ------------------ ------------------ 129| | 130| 2.81k|#if defined(BOTAN_HAS_CHACHA_AVX512) 131| 2.81k| if(CPUID::has(CPUID::Feature::AVX512)) { ------------------ | Branch (131:7): [True: 0, False: 2.81k] ------------------ 132| 0| while(output_blocks >= 16) { ------------------ | Branch (132:13): [True: 0, False: 0] ------------------ 133| 0| ChaCha::chacha_avx512_x16(output, state, rounds); 134| 0| output += 16 * 64; 135| 0| output_blocks -= 16; 136| 0| } 137| 0| } 138| 2.81k|#endif 139| | 140| 2.81k|#if defined(BOTAN_HAS_CHACHA_AVX2) 141| 2.81k| if(CPUID::has(CPUID::Feature::AVX2)) { ------------------ | Branch (141:7): [True: 2.81k, False: 0] ------------------ 142| 5.63k| while(output_blocks >= 8) { ------------------ | Branch (142:13): [True: 2.81k, False: 2.81k] ------------------ 143| 2.81k| ChaCha::chacha_avx2_x8(output, state, rounds); 144| 2.81k| output += 8 * 64; 145| 2.81k| output_blocks -= 8; 146| 2.81k| } 147| 2.81k| } 148| 2.81k|#endif 149| | 150| 2.81k|#if defined(BOTAN_HAS_CHACHA_SIMD32) 151| 2.81k| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (151:7): [True: 2.81k, False: 0] ------------------ 152| 2.81k| while(output_blocks >= 4) { ------------------ | Branch (152:13): [True: 0, False: 2.81k] ------------------ 153| 0| ChaCha::chacha_simd32_x4(output, state, rounds); 154| 0| output += 4 * 64; 155| 0| output_blocks -= 4; 156| 0| } 157| 2.81k| } 158| 2.81k|#endif 159| | 160| | // TODO interleave rounds 161| 2.81k| for(size_t i = 0; i != output_blocks; ++i) { ------------------ | Branch (161:22): [True: 0, False: 2.81k] ------------------ 162| 0| uint32_t x00 = state[0]; 163| 0| uint32_t x01 = state[1]; 164| 0| uint32_t x02 = state[2]; 165| 0| uint32_t x03 = state[3]; 166| 0| uint32_t x04 = state[4]; 167| 0| uint32_t x05 = state[5]; 168| 0| uint32_t x06 = state[6]; 169| 0| uint32_t x07 = state[7]; 170| 0| uint32_t x08 = state[8]; 171| 0| uint32_t x09 = state[9]; 172| 0| uint32_t x10 = state[10]; 173| 0| uint32_t x11 = state[11]; 174| 0| uint32_t x12 = state[12]; 175| 0| uint32_t x13 = state[13]; 176| 0| uint32_t x14 = state[14]; 177| 0| uint32_t x15 = state[15]; 178| | 179| 0| for(size_t r = 0; r != rounds / 2; ++r) { ------------------ | Branch (179:25): [True: 0, False: 0] ------------------ 180| 0| chacha_quarter_round(x00, x04, x08, x12); 181| 0| chacha_quarter_round(x01, x05, x09, x13); 182| 0| chacha_quarter_round(x02, x06, x10, x14); 183| 0| chacha_quarter_round(x03, x07, x11, x15); 184| | 185| 0| chacha_quarter_round(x00, x05, x10, x15); 186| 0| chacha_quarter_round(x01, x06, x11, x12); 187| 0| chacha_quarter_round(x02, x07, x08, x13); 188| 0| chacha_quarter_round(x03, x04, x09, x14); 189| 0| } 190| | 191| 0| x00 += state[0]; 192| 0| x01 += state[1]; 193| 0| x02 += state[2]; 194| 0| x03 += state[3]; 195| 0| x04 += state[4]; 196| 0| x05 += state[5]; 197| 0| x06 += state[6]; 198| 0| x07 += state[7]; 199| 0| x08 += state[8]; 200| 0| x09 += state[9]; 201| 0| x10 += state[10]; 202| 0| x11 += state[11]; 203| 0| x12 += state[12]; 204| 0| x13 += state[13]; 205| 0| x14 += state[14]; 206| 0| x15 += state[15]; 207| | 208| 0| store_le(x00, output + 64 * i + 4 * 0); 209| 0| store_le(x01, output + 64 * i + 4 * 1); 210| 0| store_le(x02, output + 64 * i + 4 * 2); 211| 0| store_le(x03, output + 64 * i + 4 * 3); 212| 0| store_le(x04, output + 64 * i + 4 * 4); 213| 0| store_le(x05, output + 64 * i + 4 * 5); 214| 0| store_le(x06, output + 64 * i + 4 * 6); 215| 0| store_le(x07, output + 64 * i + 4 * 7); 216| 0| store_le(x08, output + 64 * i + 4 * 8); 217| 0| store_le(x09, output + 64 * i + 4 * 9); 218| 0| store_le(x10, output + 64 * i + 4 * 10); 219| 0| store_le(x11, output + 64 * i + 4 * 11); 220| 0| store_le(x12, output + 64 * i + 4 * 12); 221| 0| store_le(x13, output + 64 * i + 4 * 13); 222| 0| store_le(x14, output + 64 * i + 4 * 14); 223| 0| store_le(x15, output + 64 * i + 4 * 15); 224| | 225| 0| state[12]++; 226| 0| if(state[12] == 0) { ------------------ | Branch (226:10): [True: 0, False: 0] ------------------ 227| 0| state[13] += 1; 228| 0| } 229| 0| } 230| 2.81k|} _ZN5Botan6ChaCha18generate_keystreamEPhm: 255| 37.3k|void ChaCha::generate_keystream(uint8_t out[], size_t length) { 256| 37.3k| assert_key_material_set(); 257| | 258| 40.1k| while(length >= m_buffer.size() - m_position) { ------------------ | Branch (258:10): [True: 2.81k, False: 37.3k] ------------------ 259| 2.81k| const size_t available = m_buffer.size() - m_position; 260| | 261| | // TODO: this could write directly to the output buffer 262| | // instead of bouncing it through m_buffer first 263| 2.81k| copy_mem(out, &m_buffer[m_position], available); 264| 2.81k| chacha(m_buffer.data(), m_buffer.size() / 64, m_state.data(), m_rounds); 265| | 266| 2.81k| length -= available; 267| 2.81k| out += available; 268| 2.81k| m_position = 0; 269| 2.81k| } 270| | 271| 37.3k| copy_mem(out, &m_buffer[m_position], length); 272| | 273| 37.3k| m_position += length; 274| 37.3k|} _ZN5Botan6ChaCha16initialize_stateEv: 276| 2|void ChaCha::initialize_state() { 277| 2| static const uint32_t TAU[] = {0x61707865, 0x3120646e, 0x79622d36, 0x6b206574}; 278| | 279| 2| static const uint32_t SIGMA[] = {0x61707865, 0x3320646e, 0x79622d32, 0x6b206574}; 280| | 281| 2| m_state[4] = m_key[0]; 282| 2| m_state[5] = m_key[1]; 283| 2| m_state[6] = m_key[2]; 284| 2| m_state[7] = m_key[3]; 285| | 286| 2| if(m_key.size() == 4) { ------------------ | Branch (286:7): [True: 0, False: 2] ------------------ 287| 0| m_state[0] = TAU[0]; 288| 0| m_state[1] = TAU[1]; 289| 0| m_state[2] = TAU[2]; 290| 0| m_state[3] = TAU[3]; 291| | 292| 0| m_state[8] = m_key[0]; 293| 0| m_state[9] = m_key[1]; 294| 0| m_state[10] = m_key[2]; 295| 0| m_state[11] = m_key[3]; 296| 2| } else { 297| 2| m_state[0] = SIGMA[0]; 298| 2| m_state[1] = SIGMA[1]; 299| 2| m_state[2] = SIGMA[2]; 300| 2| m_state[3] = SIGMA[3]; 301| | 302| 2| m_state[8] = m_key[4]; 303| 2| m_state[9] = m_key[5]; 304| 2| m_state[10] = m_key[6]; 305| 2| m_state[11] = m_key[7]; 306| 2| } 307| | 308| 2| m_state[12] = 0; 309| 2| m_state[13] = 0; 310| 2| m_state[14] = 0; 311| 2| m_state[15] = 0; 312| | 313| 2| m_position = 0; 314| 2|} _ZNK5Botan6ChaCha19has_keying_materialEv: 316| 37.3k|bool ChaCha::has_keying_material() const { 317| 37.3k| return !m_state.empty(); 318| 37.3k|} _ZN5Botan6ChaCha12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 327| 2|void ChaCha::key_schedule(std::span key) { 328| 2| m_key.resize(key.size() / 4); 329| 2| load_le(m_key.data(), key.data(), m_key.size()); 330| | 331| 2| m_state.resize(16); 332| | 333| 2| const size_t chacha_block = 64; 334| 2| m_buffer.resize(parallelism() * chacha_block); 335| | 336| 2| set_iv(nullptr, 0); 337| 2|} _ZNK5Botan6ChaCha8key_specEv: 343| 2|Key_Length_Specification ChaCha::key_spec() const { 344| 2| return Key_Length_Specification(16, 32, 16); 345| 2|} _ZNK5Botan6ChaCha15valid_iv_lengthEm: 351| 2|bool ChaCha::valid_iv_length(size_t iv_len) const { 352| 2| return (iv_len == 0 || iv_len == 8 || iv_len == 12 || iv_len == 24); ------------------ | Branch (352:12): [True: 2, False: 0] | Branch (352:27): [True: 0, False: 0] | Branch (352:42): [True: 0, False: 0] | Branch (352:58): [True: 0, False: 0] ------------------ 353| 2|} _ZN5Botan6ChaCha12set_iv_bytesEPKhm: 355| 2|void ChaCha::set_iv_bytes(const uint8_t iv[], size_t length) { 356| 2| assert_key_material_set(); 357| | 358| 2| if(!valid_iv_length(length)) { ------------------ | Branch (358:7): [True: 0, False: 2] ------------------ 359| 0| throw Invalid_IV_Length(name(), length); 360| 0| } 361| | 362| 2| initialize_state(); 363| | 364| 2| if(length == 0) { ------------------ | Branch (364:7): [True: 2, False: 0] ------------------ 365| | // Treat zero length IV same as an all-zero IV 366| 2| m_state[14] = 0; 367| 2| m_state[15] = 0; 368| 2| } else if(length == 8) { ------------------ | Branch (368:14): [True: 0, False: 0] ------------------ 369| 0| m_state[14] = load_le(iv, 0); 370| 0| m_state[15] = load_le(iv, 1); 371| 0| } else if(length == 12) { ------------------ | Branch (371:14): [True: 0, False: 0] ------------------ 372| 0| m_state[13] = load_le(iv, 0); 373| 0| m_state[14] = load_le(iv, 1); 374| 0| m_state[15] = load_le(iv, 2); 375| 0| } else if(length == 24) { ------------------ | Branch (375:14): [True: 0, False: 0] ------------------ 376| 0| m_state[12] = load_le(iv, 0); 377| 0| m_state[13] = load_le(iv, 1); 378| 0| m_state[14] = load_le(iv, 2); 379| 0| m_state[15] = load_le(iv, 3); 380| | 381| 0| secure_vector hc(8); 382| 0| hchacha(hc.data(), m_state.data(), m_rounds); 383| | 384| 0| m_state[4] = hc[0]; 385| 0| m_state[5] = hc[1]; 386| 0| m_state[6] = hc[2]; 387| 0| m_state[7] = hc[3]; 388| 0| m_state[8] = hc[4]; 389| 0| m_state[9] = hc[5]; 390| 0| m_state[10] = hc[6]; 391| 0| m_state[11] = hc[7]; 392| 0| m_state[12] = 0; 393| 0| m_state[13] = 0; 394| 0| m_state[14] = load_le(iv, 4); 395| 0| m_state[15] = load_le(iv, 5); 396| 0| } 397| | 398| 2| chacha(m_buffer.data(), m_buffer.size() / 64, m_state.data(), m_rounds); 399| 2| m_position = 0; 400| 2|} _ZN5Botan6ChaCha14chacha_avx2_x8EPhPjm: 15| 2.81k|void BOTAN_FN_ISA_AVX2 ChaCha::chacha_avx2_x8(uint8_t output[64 * 8], uint32_t state[16], size_t rounds) { 16| 2.81k| SIMD_8x32::reset_registers(); 17| | 18| 2.81k| BOTAN_ASSERT(rounds % 2 == 0, "Valid rounds"); ------------------ | | 64| 2.81k| do { \ | | 65| 2.81k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 2.81k| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 2.81k] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 2.81k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 2.81k] | | ------------------ ------------------ 19| 2.81k| const SIMD_8x32 CTR0 = SIMD_8x32(0, 1, 2, 3, 4, 5, 6, 7); 20| | 21| 2.81k| const uint32_t C = 0xFFFFFFFF - state[12]; 22| | // NOLINTNEXTLINE(*-implicit-bool-conversion) 23| 2.81k| const SIMD_8x32 CTR1 = SIMD_8x32(0, C < 1, C < 2, C < 3, C < 4, C < 5, C < 6, C < 7); 24| | 25| 2.81k| SIMD_8x32 R00 = SIMD_8x32::splat(state[0]); 26| 2.81k| SIMD_8x32 R01 = SIMD_8x32::splat(state[1]); 27| 2.81k| SIMD_8x32 R02 = SIMD_8x32::splat(state[2]); 28| 2.81k| SIMD_8x32 R03 = SIMD_8x32::splat(state[3]); 29| 2.81k| SIMD_8x32 R04 = SIMD_8x32::splat(state[4]); 30| 2.81k| SIMD_8x32 R05 = SIMD_8x32::splat(state[5]); 31| 2.81k| SIMD_8x32 R06 = SIMD_8x32::splat(state[6]); 32| 2.81k| SIMD_8x32 R07 = SIMD_8x32::splat(state[7]); 33| 2.81k| SIMD_8x32 R08 = SIMD_8x32::splat(state[8]); 34| 2.81k| SIMD_8x32 R09 = SIMD_8x32::splat(state[9]); 35| 2.81k| SIMD_8x32 R10 = SIMD_8x32::splat(state[10]); 36| 2.81k| SIMD_8x32 R11 = SIMD_8x32::splat(state[11]); 37| 2.81k| SIMD_8x32 R12 = SIMD_8x32::splat(state[12]) + CTR0; 38| 2.81k| SIMD_8x32 R13 = SIMD_8x32::splat(state[13]) + CTR1; 39| 2.81k| SIMD_8x32 R14 = SIMD_8x32::splat(state[14]); 40| 2.81k| SIMD_8x32 R15 = SIMD_8x32::splat(state[15]); 41| | 42| 30.9k| for(size_t r = 0; r != rounds / 2; ++r) { ------------------ | Branch (42:22): [True: 28.1k, False: 2.81k] ------------------ 43| 28.1k| R00 += R04; 44| 28.1k| R01 += R05; 45| 28.1k| R02 += R06; 46| 28.1k| R03 += R07; 47| | 48| 28.1k| R12 ^= R00; 49| 28.1k| R13 ^= R01; 50| 28.1k| R14 ^= R02; 51| 28.1k| R15 ^= R03; 52| | 53| 28.1k| R12 = R12.rotl<16>(); 54| 28.1k| R13 = R13.rotl<16>(); 55| 28.1k| R14 = R14.rotl<16>(); 56| 28.1k| R15 = R15.rotl<16>(); 57| | 58| 28.1k| R08 += R12; 59| 28.1k| R09 += R13; 60| 28.1k| R10 += R14; 61| 28.1k| R11 += R15; 62| | 63| 28.1k| R04 ^= R08; 64| 28.1k| R05 ^= R09; 65| 28.1k| R06 ^= R10; 66| 28.1k| R07 ^= R11; 67| | 68| 28.1k| R04 = R04.rotl<12>(); 69| 28.1k| R05 = R05.rotl<12>(); 70| 28.1k| R06 = R06.rotl<12>(); 71| 28.1k| R07 = R07.rotl<12>(); 72| | 73| 28.1k| R00 += R04; 74| 28.1k| R01 += R05; 75| 28.1k| R02 += R06; 76| 28.1k| R03 += R07; 77| | 78| 28.1k| R12 ^= R00; 79| 28.1k| R13 ^= R01; 80| 28.1k| R14 ^= R02; 81| 28.1k| R15 ^= R03; 82| | 83| 28.1k| R12 = R12.rotl<8>(); 84| 28.1k| R13 = R13.rotl<8>(); 85| 28.1k| R14 = R14.rotl<8>(); 86| 28.1k| R15 = R15.rotl<8>(); 87| | 88| 28.1k| R08 += R12; 89| 28.1k| R09 += R13; 90| 28.1k| R10 += R14; 91| 28.1k| R11 += R15; 92| | 93| 28.1k| R04 ^= R08; 94| 28.1k| R05 ^= R09; 95| 28.1k| R06 ^= R10; 96| 28.1k| R07 ^= R11; 97| | 98| 28.1k| R04 = R04.rotl<7>(); 99| 28.1k| R05 = R05.rotl<7>(); 100| 28.1k| R06 = R06.rotl<7>(); 101| 28.1k| R07 = R07.rotl<7>(); 102| | 103| 28.1k| R00 += R05; 104| 28.1k| R01 += R06; 105| 28.1k| R02 += R07; 106| 28.1k| R03 += R04; 107| | 108| 28.1k| R15 ^= R00; 109| 28.1k| R12 ^= R01; 110| 28.1k| R13 ^= R02; 111| 28.1k| R14 ^= R03; 112| | 113| 28.1k| R15 = R15.rotl<16>(); 114| 28.1k| R12 = R12.rotl<16>(); 115| 28.1k| R13 = R13.rotl<16>(); 116| 28.1k| R14 = R14.rotl<16>(); 117| | 118| 28.1k| R10 += R15; 119| 28.1k| R11 += R12; 120| 28.1k| R08 += R13; 121| 28.1k| R09 += R14; 122| | 123| 28.1k| R05 ^= R10; 124| 28.1k| R06 ^= R11; 125| 28.1k| R07 ^= R08; 126| 28.1k| R04 ^= R09; 127| | 128| 28.1k| R05 = R05.rotl<12>(); 129| 28.1k| R06 = R06.rotl<12>(); 130| 28.1k| R07 = R07.rotl<12>(); 131| 28.1k| R04 = R04.rotl<12>(); 132| | 133| 28.1k| R00 += R05; 134| 28.1k| R01 += R06; 135| 28.1k| R02 += R07; 136| 28.1k| R03 += R04; 137| | 138| 28.1k| R15 ^= R00; 139| 28.1k| R12 ^= R01; 140| 28.1k| R13 ^= R02; 141| 28.1k| R14 ^= R03; 142| | 143| 28.1k| R15 = R15.rotl<8>(); 144| 28.1k| R12 = R12.rotl<8>(); 145| 28.1k| R13 = R13.rotl<8>(); 146| 28.1k| R14 = R14.rotl<8>(); 147| | 148| 28.1k| R10 += R15; 149| 28.1k| R11 += R12; 150| 28.1k| R08 += R13; 151| 28.1k| R09 += R14; 152| | 153| 28.1k| R05 ^= R10; 154| 28.1k| R06 ^= R11; 155| 28.1k| R07 ^= R08; 156| 28.1k| R04 ^= R09; 157| | 158| 28.1k| R05 = R05.rotl<7>(); 159| 28.1k| R06 = R06.rotl<7>(); 160| 28.1k| R07 = R07.rotl<7>(); 161| 28.1k| R04 = R04.rotl<7>(); 162| 28.1k| } 163| | 164| 2.81k| R00 += SIMD_8x32::splat(state[0]); 165| 2.81k| R01 += SIMD_8x32::splat(state[1]); 166| 2.81k| R02 += SIMD_8x32::splat(state[2]); 167| 2.81k| R03 += SIMD_8x32::splat(state[3]); 168| 2.81k| R04 += SIMD_8x32::splat(state[4]); 169| 2.81k| R05 += SIMD_8x32::splat(state[5]); 170| 2.81k| R06 += SIMD_8x32::splat(state[6]); 171| 2.81k| R07 += SIMD_8x32::splat(state[7]); 172| 2.81k| R08 += SIMD_8x32::splat(state[8]); 173| 2.81k| R09 += SIMD_8x32::splat(state[9]); 174| 2.81k| R10 += SIMD_8x32::splat(state[10]); 175| 2.81k| R11 += SIMD_8x32::splat(state[11]); 176| 2.81k| R12 += SIMD_8x32::splat(state[12]) + CTR0; 177| 2.81k| R13 += SIMD_8x32::splat(state[13]) + CTR1; 178| 2.81k| R14 += SIMD_8x32::splat(state[14]); 179| 2.81k| R15 += SIMD_8x32::splat(state[15]); 180| | 181| 2.81k| SIMD_8x32::transpose(R00, R01, R02, R03, R04, R05, R06, R07); 182| 2.81k| SIMD_8x32::transpose(R08, R09, R10, R11, R12, R13, R14, R15); 183| | 184| 2.81k| R00.store_le(output); 185| 2.81k| R08.store_le(output + 32 * 1); 186| 2.81k| R01.store_le(output + 32 * 2); 187| 2.81k| R09.store_le(output + 32 * 3); 188| 2.81k| R02.store_le(output + 32 * 4); 189| 2.81k| R10.store_le(output + 32 * 5); 190| 2.81k| R03.store_le(output + 32 * 6); 191| 2.81k| R11.store_le(output + 32 * 7); 192| 2.81k| R04.store_le(output + 32 * 8); 193| 2.81k| R12.store_le(output + 32 * 9); 194| 2.81k| R05.store_le(output + 32 * 10); 195| 2.81k| R13.store_le(output + 32 * 11); 196| 2.81k| R06.store_le(output + 32 * 12); 197| 2.81k| R14.store_le(output + 32 * 13); 198| 2.81k| R07.store_le(output + 32 * 14); 199| 2.81k| R15.store_le(output + 32 * 15); 200| | 201| 2.81k| SIMD_8x32::zero_registers(); 202| | 203| 2.81k| state[12] += 8; 204| 2.81k| if(state[12] < 8) { ------------------ | Branch (204:7): [True: 0, False: 2.81k] ------------------ 205| 0| state[13]++; 206| 0| } 207| 2.81k|} _ZN5Botan6CTR_BEC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEm: 31| 62| m_cipher(std::move(cipher)), 32| 62| m_block_size(m_cipher->block_size()), 33| 62| m_ctr_size(ctr_size), 34| 62| m_ctr_blocks(m_cipher->parallel_bytes() / m_block_size), 35| 62| m_counter(m_cipher->parallel_bytes()), 36| 62| m_pad(m_counter.size()), 37| 62| m_pad_pos(0) { 38| 62| BOTAN_ARG_CHECK(m_ctr_size >= 4 && m_ctr_size <= m_block_size, "Invalid CTR-BE counter size"); ------------------ | | 35| 62| do { \ | | 36| 62| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 124| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 62, False: 0] | | | Branch (37:12): [True: 62, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 62| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 62] | | ------------------ ------------------ 39| 62|} _ZNK5Botan6CTR_BE15valid_iv_lengthEm: 53| 185|bool CTR_BE::valid_iv_length(size_t iv_len) const { 54| 185| return (iv_len <= m_block_size); 55| 185|} _ZNK5Botan6CTR_BE8key_specEv: 61| 124|Key_Length_Specification CTR_BE::key_spec() const { 62| 124| return m_cipher->key_spec(); 63| 124|} _ZNK5Botan6CTR_BE19has_keying_materialEv: 69| 368|bool CTR_BE::has_keying_material() const { 70| 368| return m_cipher->has_keying_material(); 71| 368|} _ZN5Botan6CTR_BE12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 73| 62|void CTR_BE::key_schedule(std::span key) { 74| 62| m_cipher->set_key(key); 75| | 76| | // Set a default all-zeros IV 77| 62| set_iv(nullptr, 0); 78| 62|} _ZN5Botan6CTR_BE12cipher_bytesEPKhPhm: 88| 183|void CTR_BE::cipher_bytes(const uint8_t in[], uint8_t out[], size_t length) { 89| 183| assert_key_material_set(); 90| | 91| 183| const uint8_t* pad_bits = m_pad.data(); 92| 183| const size_t pad_size = m_pad.size(); 93| | 94| | /* Consume any already computed keystream in m_pad */ 95| | 96| 183| if(m_pad_pos > 0) { ------------------ | Branch (96:7): [True: 60, False: 123] ------------------ 97| 60| const size_t avail = pad_size - m_pad_pos; 98| 60| const size_t take = std::min(length, avail); 99| 60| xor_buf(out, in, pad_bits + m_pad_pos, take); 100| 60| length -= take; 101| 60| in += take; 102| 60| out += take; 103| 60| m_pad_pos += take; 104| | 105| 60| if(take == avail) { ------------------ | Branch (105:10): [True: 26, False: 34] ------------------ 106| 26| add_counter(m_ctr_blocks); 107| 26| m_cipher->encrypt_n(m_counter.data(), m_pad.data(), m_ctr_blocks); 108| 26| m_pad_pos = 0; 109| 26| } 110| 60| } 111| | 112| | /* Bulk processing */ 113| | 114| 183| [[maybe_unused]] const bool can_use_bs16_ctr4_fastpath = m_block_size == 16 && m_ctr_size == 4 && pad_size % 64 == 0; ------------------ | Branch (114:61): [True: 183, False: 0] | Branch (114:83): [True: 183, False: 0] | Branch (114:102): [True: 183, False: 0] ------------------ 115| | 116| 183|#if defined(BOTAN_HAS_CTR_BE_AVX2) 117| 183| if(length >= pad_size && can_use_bs16_ctr4_fastpath && CPUID::has(CPUID::Feature::AVX2)) { ------------------ | Branch (117:7): [True: 16, False: 167] | Branch (117:29): [True: 16, False: 0] | Branch (117:59): [True: 16, False: 0] ------------------ 118| 16| const size_t consumed = ctr_proc_bs16_ctr4_avx2(in, out, length); 119| 16| in += consumed; 120| 16| out += consumed; 121| 16| length -= consumed; 122| 16| } 123| 183|#endif 124| | 125| 183|#if defined(BOTAN_HAS_CTR_BE_SIMD32) 126| 183| if(length >= pad_size && can_use_bs16_ctr4_fastpath && CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (126:7): [True: 0, False: 183] | Branch (126:29): [True: 0, False: 0] | Branch (126:59): [True: 0, False: 0] ------------------ 127| 0| const size_t consumed = ctr_proc_bs16_ctr4_simd32(in, out, length); 128| 0| in += consumed; 129| 0| out += consumed; 130| 0| length -= consumed; 131| 0| } 132| 183|#endif 133| | 134| 183| while(length >= pad_size) { ------------------ | Branch (134:10): [True: 0, False: 183] ------------------ 135| 0| xor_buf(out, in, pad_bits, pad_size); 136| 0| length -= pad_size; 137| 0| in += pad_size; 138| 0| out += pad_size; 139| | 140| 0| add_counter(m_ctr_blocks); 141| 0| m_cipher->encrypt_n(m_counter.data(), m_pad.data(), m_ctr_blocks); 142| 0| } 143| | 144| | /* Now if length > 0 then we have some remaining text, and m_pad is full - consume as required */ 145| 183| if(length > 0) { ------------------ | Branch (145:7): [True: 149, False: 34] ------------------ 146| 149| xor_buf(out, in, pad_bits, length); 147| 149| m_pad_pos = length; 148| 149| } 149| 183|} _ZN5Botan6CTR_BE12set_iv_bytesEPKhm: 180| 185|void CTR_BE::set_iv_bytes(const uint8_t iv[], size_t iv_len) { 181| 185| if(!valid_iv_length(iv_len)) { ------------------ | Branch (181:7): [True: 0, False: 185] ------------------ 182| 0| throw Invalid_IV_Length(name(), iv_len); 183| 0| } 184| | 185| 185| m_iv.resize(m_block_size); 186| 185| zeroise(m_iv); 187| 185| copy_mem(m_iv.data(), iv, iv_len); 188| | 189| 185| seek(0); 190| 185|} _ZN5Botan6CTR_BE11add_counterEm: 192| 26|void CTR_BE::add_counter(const uint64_t counter) { 193| 26| const size_t ctr_size = m_ctr_size; 194| 26| const size_t ctr_blocks = m_ctr_blocks; 195| 26| const size_t BS = m_block_size; 196| | 197| 26| if(ctr_size == 4) { ------------------ | Branch (197:7): [True: 26, False: 0] ------------------ 198| 26| const size_t off = (BS - 4); 199| 26| const uint32_t low32 = static_cast(counter + load_be(&m_counter[off], 0)); 200| | 201| 442| for(size_t i = 0; i != ctr_blocks; ++i) { ------------------ | Branch (201:25): [True: 416, False: 26] ------------------ 202| 416| store_be(uint32_t(low32 + i), &m_counter[i * BS + off]); 203| 416| } 204| 26| } else if(ctr_size == 8) { ------------------ | Branch (204:14): [True: 0, False: 0] ------------------ 205| 0| const size_t off = (BS - 8); 206| 0| const uint64_t low64 = counter + load_be(&m_counter[off], 0); 207| | 208| 0| for(size_t i = 0; i != ctr_blocks; ++i) { ------------------ | Branch (208:25): [True: 0, False: 0] ------------------ 209| 0| store_be(uint64_t(low64 + i), &m_counter[i * BS + off]); 210| 0| } 211| 0| } else if(ctr_size == 16) { ------------------ | Branch (211:14): [True: 0, False: 0] ------------------ 212| 0| const size_t off = (BS - 16); 213| 0| uint64_t b0 = load_be(&m_counter[off], 0); 214| 0| uint64_t b1 = load_be(&m_counter[off], 1); 215| 0| b1 += counter; 216| 0| b0 += (b1 < counter) ? 1 : 0; // carry ------------------ | Branch (216:13): [True: 0, False: 0] ------------------ 217| | 218| 0| for(size_t i = 0; i != ctr_blocks; ++i) { ------------------ | Branch (218:25): [True: 0, False: 0] ------------------ 219| 0| store_be(b0, &m_counter[i * BS + off]); 220| 0| store_be(b1, &m_counter[i * BS + off + 8]); 221| 0| b1 += 1; 222| 0| if(b1 == 0) { ------------------ | Branch (222:13): [True: 0, False: 0] ------------------ 223| 0| b0 += 1; // carry 224| 0| } 225| 0| } 226| 0| } else { 227| 0| for(size_t i = 0; i != ctr_blocks; ++i) { ------------------ | Branch (227:25): [True: 0, False: 0] ------------------ 228| 0| uint64_t local_counter = counter; 229| 0| uint16_t carry = static_cast(local_counter); 230| 0| for(size_t j = 0; (carry > 0 || local_counter > 0) && j != ctr_size; ++j) { ------------------ | Branch (230:29): [True: 0, False: 0] | Branch (230:42): [True: 0, False: 0] | Branch (230:64): [True: 0, False: 0] ------------------ 231| 0| const size_t off = i * BS + (BS - 1 - j); 232| 0| const uint16_t cnt = static_cast(m_counter[off]) + carry; 233| 0| m_counter[off] = static_cast(cnt); 234| 0| local_counter = (local_counter >> 8); 235| 0| carry = (cnt >> 8) + static_cast(local_counter); 236| 0| } 237| 0| } 238| 0| } 239| 26|} _ZN5Botan6CTR_BE4seekEm: 241| 185|void CTR_BE::seek(uint64_t offset) { 242| 185| assert_key_material_set(); 243| | 244| 185| const uint64_t base_counter = m_ctr_blocks * (offset / m_counter.size()); 245| | 246| 185| zeroise(m_counter); 247| 185| BOTAN_ASSERT_NOMSG(m_counter.size() >= m_iv.size()); ------------------ | | 77| 185| do { \ | | 78| 185| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 185| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 185] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 185| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 185] | | ------------------ ------------------ 248| 185| copy_mem(m_counter.data(), m_iv.data(), m_iv.size()); 249| | 250| 185| const size_t BS = m_block_size; 251| | 252| | // Set m_counter blocks to IV, IV + 1, ... IV + n 253| | 254| 185| if(m_ctr_size == 4 && BS >= 8) { ------------------ | Branch (254:7): [True: 185, False: 0] | Branch (254:26): [True: 185, False: 0] ------------------ 255| 185| const uint32_t low32 = load_be(&m_counter[BS - 4], 0); 256| | 257| 185| if(m_ctr_blocks >= 4 && is_power_of_2(m_ctr_blocks)) { ------------------ | Branch (257:10): [True: 185, False: 0] | Branch (257:31): [True: 185, False: 0] ------------------ 258| 185| size_t written = 1; 259| 925| while(written < m_ctr_blocks) { ------------------ | Branch (259:16): [True: 740, False: 185] ------------------ 260| 740| copy_mem(&m_counter[written * BS], &m_counter[0], BS * written); // NOLINT(*container-data-pointer) 261| 740| written *= 2; 262| 740| } 263| 185| } else { 264| 0| for(size_t i = 1; i != m_ctr_blocks; ++i) { ------------------ | Branch (264:28): [True: 0, False: 0] ------------------ 265| 0| copy_mem(&m_counter[i * BS], &m_counter[0], BS - 4); // NOLINT(*container-data-pointer) 266| 0| } 267| 0| } 268| | 269| 2.96k| for(size_t i = 1; i != m_ctr_blocks; ++i) { ------------------ | Branch (269:25): [True: 2.77k, False: 185] ------------------ 270| 2.77k| const uint32_t c = static_cast(low32 + i); 271| 2.77k| store_be(c, &m_counter[(BS - 4) + i * BS]); 272| 2.77k| } 273| 185| } else { 274| | // do everything sequentially: 275| 0| for(size_t i = 1; i != m_ctr_blocks; ++i) { ------------------ | Branch (275:25): [True: 0, False: 0] ------------------ 276| 0| copy_mem(&m_counter[i * BS], &m_counter[(i - 1) * BS], BS); 277| | 278| 0| for(size_t j = 0; j != m_ctr_size; ++j) { ------------------ | Branch (278:28): [True: 0, False: 0] ------------------ 279| 0| uint8_t& c = m_counter[i * BS + (BS - 1 - j)]; 280| 0| c += 1; 281| 0| if(c > 0) { ------------------ | Branch (281:16): [True: 0, False: 0] ------------------ 282| 0| break; 283| 0| } 284| 0| } 285| 0| } 286| 0| } 287| | 288| 185| if(base_counter > 0) { ------------------ | Branch (288:7): [True: 0, False: 185] ------------------ 289| 0| add_counter(base_counter); 290| 0| } 291| | 292| 185| m_cipher->encrypt_n(m_counter.data(), m_pad.data(), m_ctr_blocks); 293| 185| m_pad_pos = offset % m_counter.size(); 294| 185|} _ZN5Botan6CTR_BE23ctr_proc_bs16_ctr4_avx2EPKhPhm: 15| 16|size_t CTR_BE::ctr_proc_bs16_ctr4_avx2(const uint8_t* in, uint8_t* out, size_t length) { 16| 16| BOTAN_ASSERT_NOMSG(m_pad.size() % 64 == 0); ------------------ | | 77| 16| do { \ | | 78| 16| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 16| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 16] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 16| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 16] | | ------------------ ------------------ 17| 16| BOTAN_DEBUG_ASSERT(m_counter.size() == m_pad.size()); ------------------ | | 130| 16| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 16| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 16] | | ------------------ ------------------ 18| | 19| 16| const size_t pad_size = m_pad.size(); 20| 16| if(length < pad_size) { ------------------ | Branch (20:7): [True: 0, False: 16] ------------------ 21| 0| return 0; 22| 0| } 23| | 24| 16| const size_t ctr_blocks = m_ctr_blocks; 25| | 26| | /* 27| | * Byte swap table that swaps only the counter bytes and not the nonce bytes 28| | */ 29| 16| const SIMD_8x32 bswap_ctr( 30| 16| 0x03020100, 0x07060504, 0x0B0A0908, 0x0C0D0E0F, 0x03020100, 0x07060504, 0x0B0A0908, 0x0C0D0E0F); 31| | 32| | // Load the starting counter value, bswap the counter field itself so we can add 33| 16| const SIMD_8x32 starting_ctr = SIMD_8x32::byte_shuffle(SIMD_8x32::load_le128(m_counter.data()), bswap_ctr); 34| | 35| | // Counter is incremented 4 blocks at a time (2 per register, 2 registers) 36| 16| const SIMD_8x32 inc4(0, 0, 0, 4); 37| | 38| 16| const uint32_t N = static_cast(ctr_blocks); 39| 16| SIMD_8x32 batch_ctr0 = starting_ctr + SIMD_8x32(0, 0, 0, N, 0, 0, 0, N + 1); 40| 16| SIMD_8x32 batch_ctr1 = starting_ctr + SIMD_8x32(0, 0, 0, N + 2, 0, 0, 0, N + 3); 41| 16| const uint8_t* pad_buf = m_pad.data(); 42| 16| uint8_t* ctr_buf = m_counter.data(); 43| | 44| 16| const size_t ctr_block_quads = ctr_blocks / 4; 45| | 46| 16| size_t processed = 0; 47| | 48| 100| while(length >= pad_size) { ------------------ | Branch (48:10): [True: 84, False: 16] ------------------ 49| 420| for(size_t i = 0; i != ctr_block_quads; ++i) { ------------------ | Branch (49:25): [True: 336, False: 84] ------------------ 50| 336| const size_t off = i * 64; 51| | 52| | // Store and update the counters 53| 336| SIMD_8x32::byte_shuffle(batch_ctr0, bswap_ctr).store_le(ctr_buf + off); 54| 336| SIMD_8x32::byte_shuffle(batch_ctr1, bswap_ctr).store_le(ctr_buf + off + 32); 55| 336| batch_ctr0 += inc4; 56| 336| batch_ctr1 += inc4; 57| | 58| 336| const auto p0 = SIMD_8x32::load_le(pad_buf + off); 59| 336| const auto p1 = SIMD_8x32::load_le(pad_buf + off + 32); 60| | 61| 336| auto i0 = SIMD_8x32::load_le(in + off); 62| 336| auto i1 = SIMD_8x32::load_le(in + off + 32); 63| | 64| 336| i0 ^= p0; 65| 336| i1 ^= p1; 66| | 67| 336| i0.store_le(out + off); 68| 336| i1.store_le(out + off + 32); 69| 336| } 70| | 71| 84| in += pad_size; 72| 84| out += pad_size; 73| 84| length -= pad_size; 74| 84| processed += pad_size; 75| | 76| | // Regenerate the pad buffer 77| 84| m_cipher->encrypt_n(m_counter.data(), m_pad.data(), ctr_blocks); 78| 84| } 79| | 80| 16| return processed; 81| 16|} _ZN5Botan12StreamCipher6createENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 40| 1|std::unique_ptr StreamCipher::create(std::string_view algo_spec, std::string_view provider) { 41| 1|#if defined(BOTAN_HAS_SHAKE_CIPHER) 42| 1| if(algo_spec == "SHAKE-128" || algo_spec == "SHAKE-128-XOF") { ------------------ | Branch (42:7): [True: 0, False: 1] | Branch (42:35): [True: 0, False: 1] ------------------ 43| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (43:10): [True: 0, False: 0] | Branch (43:30): [True: 0, False: 0] ------------------ 44| 0| return std::make_unique(); 45| 0| } 46| 0| } 47| | 48| 1| if(algo_spec == "SHAKE-256" || algo_spec == "SHAKE-256-XOF") { ------------------ | Branch (48:7): [True: 0, False: 1] | Branch (48:35): [True: 0, False: 1] ------------------ 49| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (49:10): [True: 0, False: 0] | Branch (49:30): [True: 0, False: 0] ------------------ 50| 0| return std::make_unique(); 51| 0| } 52| 0| } 53| 1|#endif 54| | 55| 1|#if defined(BOTAN_HAS_CHACHA) 56| 1| if(algo_spec == "ChaCha20") { ------------------ | Branch (56:7): [True: 0, False: 1] ------------------ 57| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (57:10): [True: 0, False: 0] | Branch (57:30): [True: 0, False: 0] ------------------ 58| 0| return std::make_unique(20); 59| 0| } 60| 0| } 61| 1|#endif 62| | 63| 1|#if defined(BOTAN_HAS_SALSA20) 64| 1| if(algo_spec == "Salsa20") { ------------------ | Branch (64:7): [True: 0, False: 1] ------------------ 65| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (65:10): [True: 0, False: 0] | Branch (65:30): [True: 0, False: 0] ------------------ 66| 0| return std::make_unique(); 67| 0| } 68| 0| } 69| 1|#endif 70| | 71| 1| const SCAN_Name req(algo_spec); 72| | 73| 1|#if defined(BOTAN_HAS_CTR_BE) 74| 1| if((req.algo_name() == "CTR-BE" || req.algo_name() == "CTR") && req.arg_count_between(1, 2)) { ------------------ | Branch (74:8): [True: 0, False: 1] | Branch (74:39): [True: 0, False: 1] | Branch (74:68): [True: 0, False: 0] ------------------ 75| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (75:10): [True: 0, False: 0] | Branch (75:30): [True: 0, False: 0] ------------------ 76| 0| auto cipher = BlockCipher::create(req.arg(0)); 77| 0| if(cipher) { ------------------ | Branch (77:13): [True: 0, False: 0] ------------------ 78| 0| const size_t ctr_size = req.arg_as_integer(1, cipher->block_size()); 79| 0| return std::make_unique(std::move(cipher), ctr_size); 80| 0| } 81| 0| } 82| 0| } 83| 1|#endif 84| | 85| 1|#if defined(BOTAN_HAS_CHACHA) 86| 1| if(req.algo_name() == "ChaCha") { ------------------ | Branch (86:7): [True: 1, False: 0] ------------------ 87| 1| if(provider.empty() || provider == "base") { ------------------ | Branch (87:10): [True: 1, False: 0] | Branch (87:30): [True: 0, False: 0] ------------------ 88| 1| return std::make_unique(req.arg_as_integer(0, 20)); 89| 1| } 90| 1| } 91| 0|#endif 92| | 93| 0|#if defined(BOTAN_HAS_OFB) 94| 0| if(req.algo_name() == "OFB" && req.arg_count() == 1) { ------------------ | Branch (94:7): [True: 0, False: 0] | Branch (94:35): [True: 0, False: 0] ------------------ 95| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (95:10): [True: 0, False: 0] | Branch (95:30): [True: 0, False: 0] ------------------ 96| 0| if(auto cipher = BlockCipher::create(req.arg(0))) { ------------------ | Branch (96:18): [True: 0, False: 0] ------------------ 97| 0| return std::make_unique(std::move(cipher)); 98| 0| } 99| 0| } 100| 0| } 101| 0|#endif 102| | 103| 0|#if defined(BOTAN_HAS_RC4) 104| | 105| 0| if(req.algo_name() == "RC4" || req.algo_name() == "ARC4" || req.algo_name() == "MARK-4") { ------------------ | Branch (105:7): [True: 0, False: 0] | Branch (105:35): [True: 0, False: 0] | Branch (105:64): [True: 0, False: 0] ------------------ 106| 0| const size_t skip = (req.algo_name() == "MARK-4") ? 256 : req.arg_as_integer(0, 0); ------------------ | Branch (106:27): [True: 0, False: 0] ------------------ 107| | 108| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (108:10): [True: 0, False: 0] | Branch (108:30): [True: 0, False: 0] ------------------ 109| 0| return std::make_unique(skip); 110| 0| } 111| 0| } 112| | 113| 0|#endif 114| | 115| 0| BOTAN_UNUSED(req); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 116| 0| BOTAN_UNUSED(provider); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 117| | 118| 0| return nullptr; 119| 0|} _ZN5Botan12StreamCipher15create_or_throwENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 122| 1|std::unique_ptr StreamCipher::create_or_throw(std::string_view algo, std::string_view provider) { 123| 1| if(auto sc = StreamCipher::create(algo, provider)) { ------------------ | Branch (123:12): [True: 1, False: 0] ------------------ 124| 1| return sc; 125| 1| } 126| 0| throw Lookup_Error("Stream cipher", algo, provider); 127| 1|} _ZN5Botan19Credentials_Manager3pskERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEES9_S9_: 29| 11.3k| const std::string& identity) { 30| 11.3k| auto side = [&] { 31| 11.3k| if(type == "tls-client") { 32| 11.3k| return TLS::Connection_Side::Client; 33| 11.3k| } else if(type == "tls-server") { 34| 11.3k| return TLS::Connection_Side::Server; 35| 11.3k| } else { 36| 11.3k| throw Internal_Error(fmt("No PSK set for type {}", type)); 37| 11.3k| } 38| 11.3k| }(); 39| | 40| | // New applications should use the appropriate credentials methods. This is a 41| | // retrofit of the behaviour before Botan 3.2.0 and will be removed in a 42| | // future major release. 43| | // 44| | // TODO: deprecate `psk("...", "session-ticket" | "dtls-cookie-secret")` 45| 11.3k| if(side == TLS::Connection_Side::Server && context == "session-ticket") { ------------------ | Branch (45:7): [True: 11.3k, False: 0] | Branch (45:47): [True: 0, False: 11.3k] ------------------ 46| 0| if(auto key = session_ticket_key(); !key.empty()) { ------------------ | Branch (46:43): [True: 0, False: 0] ------------------ 47| 0| return SymmetricKey(std::move(key)); 48| 0| } 49| 11.3k| } else if(side == TLS::Connection_Side::Server && context == "dtls-cookie-secret") { ------------------ | Branch (49:14): [True: 11.3k, False: 0] | Branch (49:54): [True: 9.14k, False: 2.25k] ------------------ 50| 9.14k| if(auto key = dtls_cookie_secret(); !key.empty()) { ------------------ | Branch (50:43): [True: 9.14k, False: 0] ------------------ 51| 9.14k| return SymmetricKey(std::move(key)); 52| 9.14k| } 53| 9.14k| } else /* context is a host name */ { 54| | // Assuming that find_preshared_keys returns _exactly_ one or no keys when 55| | // searching for a single specific identity. 56| 2.25k| if(auto psks = find_preshared_keys(context, side, {identity}); psks.size() == 1) { ------------------ | Branch (56:70): [True: 2.22k, False: 30] ------------------ 57| 2.22k| return SymmetricKey(psks.front().extract_master_secret()); 58| 2.22k| } 59| 2.25k| } 60| | 61| 30| throw Internal_Error(fmt("No PSK set for identity {}", identity)); 62| 11.3k|} _ZN5Botan19Credentials_Manager19find_preshared_keysENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEENS_3TLS15Connection_SideERKNS1_6vectorINS1_12basic_stringIcS4_NS1_9allocatorIcEEEENSA_ISC_EEEERKNS1_8optionalISC_EE: 67| 30| const std::optional& /* prf */) { 68| 30| return {}; 69| 30|} _ZN5Botan19Credentials_Manager15find_cert_chainERKNSt3__16vectorINS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS6_IS8_EEEERKNS2_INS_19AlgorithmIdentifierENS6_ISD_EEEERKNS2_INS_7X509_DNENS6_ISI_EEEERKS8_SO_: 88| 6.12k| const std::string& context) { 89| 6.12k| return cert_chain(key_types, cert_signature_schemes, type, context); 90| 6.12k|} _ZN5Botan19Credentials_Manager22cert_chain_single_typeERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEERKNS1_6vectorINS_19AlgorithmIdentifierENS5_ISB_EEEES9_S9_: 109| 6.12k| const std::string& context) { 110| 6.12k| return find_cert_chain({cert_key_type}, cert_signature_schemes, std::vector(), type, context); 111| 6.12k|} _ZN5Botan19Credentials_Manager31trusted_certificate_authoritiesERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEES9_: 134| 2.88k| const std::string& /*unused*/) { 135| 2.88k| return std::vector(); 136| 2.88k|} credentials_manager.cpp:_ZZN5Botan19Credentials_Manager3pskERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEES9_S9_ENK3$_0clEv: 30| 11.3k| auto side = [&] { 31| 11.3k| if(type == "tls-client") { ------------------ | Branch (31:10): [True: 0, False: 11.3k] ------------------ 32| 0| return TLS::Connection_Side::Client; 33| 11.3k| } else if(type == "tls-server") { ------------------ | Branch (33:17): [True: 11.3k, False: 0] ------------------ 34| 11.3k| return TLS::Connection_Side::Server; 35| 11.3k| } else { 36| 0| throw Internal_Error(fmt("No PSK set for type {}", type)); 37| 0| } 38| 11.3k| }(); _ZN5Botan3TLS18Certificate_VerifyC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 20| 50|Certificate_Verify::Certificate_Verify(const std::vector& buf) { 21| 50| TLS_Data_Reader reader("CertificateVerify", buf); 22| | 23| 50| m_scheme = Signature_Scheme(reader.get_uint16_t()); 24| | // Somewhat oddly, the signature really is allowed to be empty in a CertificateVerify 25| 50| m_signature = reader.get_range(2, 0, 65535); 26| 50| reader.assert_done(); 27| | 28| 50| if(!m_scheme.is_set()) { ------------------ | Branch (28:7): [True: 3, False: 47] ------------------ 29| 3| throw Decoding_Error("Counterparty did not send hash/sig IDS"); 30| 3| } 31| 50|} _ZN5Botan3TLS17make_hello_randomERNS_21RandomNumberGeneratorERNS0_9CallbacksERKNS0_6PolicyE: 25| 5.78k|std::vector make_hello_random(RandomNumberGenerator& rng, Callbacks& cb, const Policy& policy) { 26| 5.78k| auto buf = rng.random_vec>(32); 27| | 28| 5.78k| if(policy.hash_hello_random()) { ------------------ | Branch (28:7): [True: 5.78k, False: 0] ------------------ 29| 5.78k| auto sha256 = HashFunction::create_or_throw("SHA-256"); 30| 5.78k| sha256->update(buf); 31| 5.78k| sha256->final(buf); 32| 5.78k| } 33| | 34| | // TLS 1.3 does not require the insertion of a timestamp in the client hello 35| | // random. When offering both TLS 1.2 and 1.3 we nevertheless comply with the 36| | // legacy specification. 37| 5.78k| if(policy.include_time_in_hello_random() && (policy.allow_tls12() || policy.allow_dtls12())) { ------------------ | Branch (37:7): [True: 5.78k, False: 0] | Branch (37:49): [True: 5.78k, False: 0] | Branch (37:73): [True: 0, False: 0] ------------------ 38| 5.78k| const uint32_t time32 = static_cast(std::chrono::system_clock::to_time_t(cb.tls_current_timestamp())); 39| | 40| 5.78k| store_be(time32, buf.data()); 41| 5.78k| } 42| | 43| 5.78k| return buf; 44| 5.78k|} _ZN5Botan3TLS21Client_Hello_InternalC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 46| 16.7k|Client_Hello_Internal::Client_Hello_Internal(const std::vector& buf) { 47| | /* 48| | Minimum possible client hello 49| | 50| | version: 2 bytes 51| | random: 32 bytes 52| | session_id len: 1 byte 53| | ciphersuite_len: 2 54| | ciphersuite (single): 2 55| | compression_len: 1 56| | compression (single): 1 57| | */ 58| | 59| 16.7k| constexpr size_t MinimumClientHelloBytes = 2 + 32 + 1 + 2 + 2 + 1 + 1; 60| 16.7k| if(buf.size() < MinimumClientHelloBytes) { ------------------ | Branch (60:7): [True: 20, False: 16.7k] ------------------ 61| 20| throw Decoding_Error("Client_Hello: Packet corrupted"); 62| 20| } 63| | 64| 16.7k| TLS_Data_Reader reader("ClientHello", buf); 65| | 66| 16.7k| const uint8_t major_version = reader.get_byte(); 67| 16.7k| const uint8_t minor_version = reader.get_byte(); 68| | 69| 16.7k| m_legacy_version = Protocol_Version(major_version, minor_version); 70| | 71| | // DTLS has an additional 1 byte cookie length field 72| 16.7k| if(m_legacy_version.is_datagram_protocol() && buf.size() < MinimumClientHelloBytes + 1) { ------------------ | Branch (72:7): [True: 9.85k, False: 6.90k] | Branch (72:50): [True: 3, False: 9.85k] ------------------ 73| 3| throw Decoding_Error("Client_Hello: DTLS packet corrupted"); 74| 3| } 75| | 76| 16.7k| m_random = reader.get_fixed(32); 77| 16.7k| m_session_id = Session_ID(reader.get_range(1, 0, 32)); 78| | 79| 16.7k| if(m_legacy_version.is_datagram_protocol()) { ------------------ | Branch (79:7): [True: 9.83k, False: 6.91k] ------------------ 80| 9.83k| auto sha256 = HashFunction::create_or_throw("SHA-256"); 81| 9.83k| sha256->update(reader.get_data_read_so_far()); 82| | 83| 9.83k| m_hello_cookie = reader.get_range(1, 0, 255); 84| | 85| 9.83k| sha256->update(reader.get_remaining()); 86| 9.83k| m_cookie_input_bits = sha256->final_stdvec(); 87| 9.83k| } 88| | 89| 16.7k| m_suites = reader.get_range_vector(2, 1, 32767); 90| 16.7k| m_comp_methods = reader.get_range_vector(1, 1, 255); 91| | 92| 16.7k| m_extensions.deserialize(reader, Connection_Side::Client, Handshake_Type::ClientHello); 93| 16.7k|} _ZNK5Botan3TLS21Client_Hello_Internal7versionEv: 95| 3.72k|Protocol_Version Client_Hello_Internal::version() const { 96| | // RFC 8446 4.2.1 97| | // If [the "supported_versions"] extension is not present, servers 98| | // which are compliant with this specification and which also support 99| | // TLS 1.2 MUST negotiate TLS 1.2 or prior as specified in [RFC5246], 100| | // even if ClientHello.legacy_version is 0x0304 or later. 101| | // 102| | // RFC 8446 4.2.1 103| | // Servers MUST be prepared to receive ClientHellos that include 104| | // [the supported_versions] extension but do not include 0x0304 in 105| | // the list of versions. 106| | // 107| | // RFC 8446 4.1.2 108| | // TLS 1.3 ClientHellos are identified as having a legacy_version of 109| | // 0x0303 and a supported_versions extension present with 0x0304 as 110| | // the highest version indicated therein. 111| 3.72k| if(!extensions().has() || ------------------ | Branch (111:7): [True: 3.63k, False: 86] ------------------ 112| 3.69k| !extensions().get()->supports(Protocol_Version::TLS_V13)) { ------------------ | Branch (112:7): [True: 55, False: 31] ------------------ 113| | // The exact legacy_version is ignored we just inspect it to 114| | // distinguish TLS and DTLS. 115| 3.69k| return (m_legacy_version.is_datagram_protocol()) ? Protocol_Version::DTLS_V12 : Protocol_Version::TLS_V12; ------------------ | Branch (115:14): [True: 507, False: 3.18k] ------------------ 116| 3.69k| } 117| | 118| | // Note: The Client_Hello_13 class will make sure that legacy_version 119| | // is exactly 0x0303 (aka ossified TLS 1.2) 120| 31| return Protocol_Version::TLS_V13; 121| 3.72k|} _ZN5Botan3TLS12Client_HelloC2EOS1_: 123| 33.1k|Client_Hello::Client_Hello(Client_Hello&&) noexcept = default; _ZN5Botan3TLS12Client_HelloD2Ev: 126| 49.2k|Client_Hello::~Client_Hello() = default; _ZN5Botan3TLS12Client_HelloC2ENSt3__110unique_ptrINS0_21Client_Hello_InternalENS2_14default_deleteIS4_EEEE: 133| 16.1k|Client_Hello::Client_Hello(std::unique_ptr data) : m_data(std::move(data)) { 134| 16.1k| BOTAN_ASSERT_NONNULL(m_data); ------------------ | | 116| 16.1k| do { \ | | 117| 16.1k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 16.1k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 16.1k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 16.1k] | | ------------------ ------------------ 135| 16.1k|} _ZNK5Botan3TLS12Client_Hello4typeEv: 137| 3.67k|Handshake_Type Client_Hello::type() const { 138| 3.67k| return Handshake_Type::ClientHello; 139| 3.67k|} _ZNK5Botan3TLS12Client_Hello14legacy_versionEv: 141| 12.4k|Protocol_Version Client_Hello::legacy_version() const { 142| 12.4k| return m_data->legacy_version(); 143| 12.4k|} _ZNK5Botan3TLS12Client_Hello6randomEv: 145| 1.45k|const std::vector& Client_Hello::random() const { 146| 1.45k| return m_data->random(); 147| 1.45k|} _ZNK5Botan3TLS12Client_Hello10session_idEv: 149| 3.04k|const Session_ID& Client_Hello::session_id() const { 150| 3.04k| return m_data->session_id(); 151| 3.04k|} _ZNK5Botan3TLS12Client_Hello19compression_methodsEv: 153| 12.3k|const std::vector& Client_Hello::compression_methods() const { 154| 12.3k| return m_data->comp_methods(); 155| 12.3k|} _ZNK5Botan3TLS12Client_Hello12ciphersuitesEv: 157| 3.06k|const std::vector& Client_Hello::ciphersuites() const { 158| 3.06k| return m_data->ciphersuites(); 159| 3.06k|} _ZNK5Botan3TLS12Client_Hello15extension_typesEv: 161| 2.79k|std::set Client_Hello::extension_types() const { 162| 2.79k| return m_data->extensions().extension_types(); 163| 2.79k|} _ZNK5Botan3TLS12Client_Hello10extensionsEv: 165| 3.06k|const Extensions& Client_Hello::extensions() const { 166| 3.06k| return m_data->extensions(); 167| 3.06k|} _ZNK5Botan3TLS12Client_Hello17cookie_input_dataEv: 200| 9.14k|std::vector Client_Hello::cookie_input_data() const { 201| 9.14k| BOTAN_STATE_CHECK(!m_data->hello_cookie_input_bits().empty()); ------------------ | | 51| 9.14k| do { \ | | 52| 9.14k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 9.14k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 9.14k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 9.14k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 9.14k] | | ------------------ ------------------ 202| | 203| 9.14k| return m_data->hello_cookie_input_bits(); 204| 9.14k|} _ZNK5Botan3TLS12Client_Hello13offered_suiteEt: 209| 12.4k|bool Client_Hello::offered_suite(uint16_t ciphersuite) const { 210| 12.4k| return std::find(m_data->ciphersuites().cbegin(), m_data->ciphersuites().cend(), ciphersuite) != 211| 12.4k| m_data->ciphersuites().cend(); 212| 12.4k|} _ZNK5Botan3TLS12Client_Hello17signature_schemesEv: 214| 6.11k|std::vector Client_Hello::signature_schemes() const { 215| 6.11k| if(const Signature_Algorithms* sigs = m_data->extensions().get()) { ------------------ | Branch (215:35): [True: 297, False: 5.82k] ------------------ 216| 297| return sigs->supported_schemes(); 217| 297| } 218| 5.82k| return {}; 219| 6.11k|} _ZNK5Botan3TLS12Client_Hello29certificate_signature_schemesEv: 221| 3.06k|std::vector Client_Hello::certificate_signature_schemes() const { 222| | // RFC 8446 4.2.3 223| | // If no "signature_algorithms_cert" extension is present, then the 224| | // "signature_algorithms" extension also applies to signatures appearing 225| | // in certificates. 226| 3.06k| if(const Signature_Algorithms_Cert* sigs = m_data->extensions().get()) { ------------------ | Branch (226:40): [True: 9, False: 3.05k] ------------------ 227| 9| return sigs->supported_schemes(); 228| 3.05k| } else { 229| 3.05k| return signature_schemes(); 230| 3.05k| } 231| 3.06k|} _ZNK5Botan3TLS12Client_Hello20supported_ecc_curvesEv: 233| 5.85k|std::vector Client_Hello::supported_ecc_curves() const { 234| 5.85k| if(const Supported_Groups* groups = m_data->extensions().get()) { ------------------ | Branch (234:31): [True: 5.67k, False: 180] ------------------ 235| 5.67k| return groups->ec_groups(); 236| 5.67k| } 237| 180| return {}; 238| 5.85k|} _ZNK5Botan3TLS12Client_Hello19supported_dh_groupsEv: 240| 6.12k|std::vector Client_Hello::supported_dh_groups() const { 241| 6.12k| if(const Supported_Groups* groups = m_data->extensions().get()) { ------------------ | Branch (241:31): [True: 5.76k, False: 360] ------------------ 242| 5.76k| return groups->dh_groups(); 243| 5.76k| } 244| 360| return std::vector(); 245| 6.12k|} _ZNK5Botan3TLS12Client_Hello12sni_hostnameEv: 247| 8.30k|std::string Client_Hello::sni_hostname() const { 248| 8.30k| if(const Server_Name_Indicator* sni = m_data->extensions().get()) { ------------------ | Branch (248:36): [True: 2, False: 8.30k] ------------------ 249| 2| return sni->host_name(); 250| 2| } 251| 8.30k| return ""; 252| 8.30k|} _ZNK5Botan3TLS12Client_Hello18supported_versionsEv: 254| 12.4k|std::vector Client_Hello::supported_versions() const { 255| 12.4k| if(const Supported_Versions* versions = m_data->extensions().get()) { ------------------ | Branch (255:33): [True: 421, False: 11.9k] ------------------ 256| 421| return versions->versions(); 257| 421| } 258| 11.9k| return {}; 259| 12.4k|} _ZNK5Botan3TLS12Client_Hello13supports_alpnEv: 261| 3.07k|bool Client_Hello::supports_alpn() const { 262| 3.07k| return m_data->extensions().has(); 263| 3.07k|} _ZNK5Botan3TLS12Client_Hello14next_protocolsEv: 269| 16|std::vector Client_Hello::next_protocols() const { 270| 16| if(auto* alpn = m_data->extensions().get()) { ------------------ | Branch (270:13): [True: 16, False: 0] ------------------ 271| 16| return alpn->protocols(); 272| 16| } 273| 0| return {}; 274| 16|} _ZNK5Botan3TLS12Client_Hello6cookieEv: 283| 9.14k|const std::vector& Client_Hello::cookie() const { 284| 9.14k| return m_data->hello_cookie(); 285| 9.14k|} _ZN5Botan3TLS20Client_Hello_12_ShimC2ENSt3__110unique_ptrINS0_21Client_Hello_InternalENS2_14default_deleteIS4_EEEE: 288| 16.1k| Client_Hello(std::move(data)) {} _ZN5Botan3TLS24make_server_hello_randomERNS_21RandomNumberGeneratorENS0_16Protocol_VersionERNS0_9CallbacksERKNS0_6PolicyE: 27| 2.89k| const Policy& policy) { 28| 2.89k| auto random = make_hello_random(rng, cb, policy); 29| | 30| | // RFC 8446 4.1.3 31| | // TLS 1.3 has a downgrade protection mechanism embedded in the server's 32| | // random value. TLS 1.3 servers which negotiate TLS 1.2 or below in 33| | // response to a ClientHello MUST set the last 8 bytes of their Random 34| | // value specially in their ServerHello. 35| | // 36| | // If negotiating TLS 1.2, TLS 1.3 servers MUST set the last 8 bytes of 37| | // their Random value to the bytes: [DOWNGRADE_TLS12] 38| 2.89k| if(offered_version.is_pre_tls_13() && policy.allow_tls13()) { ------------------ | Branch (38:7): [True: 2.89k, False: 0] | Branch (38:42): [True: 2.89k, False: 0] ------------------ 39| 2.89k| constexpr size_t downgrade_signal_length = sizeof(DOWNGRADE_TLS12); 40| 2.89k| BOTAN_ASSERT_NOMSG(random.size() >= downgrade_signal_length); ------------------ | | 77| 2.89k| do { \ | | 78| 2.89k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 2.89k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 2.89k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 2.89k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 2.89k] | | ------------------ ------------------ 41| 2.89k| const auto lastbytes = std::span{random}.last(downgrade_signal_length); 42| 2.89k| store_be(DOWNGRADE_TLS12, lastbytes); 43| 2.89k| } 44| | 45| 2.89k| return random; 46| 2.89k|} _ZN5Botan3TLS21Server_Hello_InternalC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 48| 118|Server_Hello_Internal::Server_Hello_Internal(const std::vector& buf) { 49| 118| if(buf.size() < 38) { ------------------ | Branch (49:7): [True: 2, False: 116] ------------------ 50| 2| throw Decoding_Error("Server_Hello: Packet corrupted"); 51| 2| } 52| | 53| 116| TLS_Data_Reader reader("ServerHello", buf); 54| | 55| 116| const uint8_t major_version = reader.get_byte(); 56| 116| const uint8_t minor_version = reader.get_byte(); 57| | 58| 116| m_legacy_version = Protocol_Version(major_version, minor_version); 59| | 60| | // RFC 8446 4.1.3 61| | // Upon receiving a message with type server_hello, implementations MUST 62| | // first examine the Random value and, if it matches this value, process 63| | // it as described in Section 4.1.4 [Hello Retry Request]). 64| 116| m_random = reader.get_fixed(32); 65| 116| m_is_hello_retry_request = CT::is_equal(m_random, HELLO_RETRY_REQUEST_MARKER).as_bool(); 66| | 67| 116| m_session_id = Session_ID(reader.get_range(1, 0, 32)); 68| 116| m_ciphersuite = reader.get_uint16_t(); 69| 116| m_comp_method = reader.get_byte(); 70| | 71| | // Note that this code path might parse a TLS 1.2 (or older) server hello message that 72| | // is nevertheless marked as being a 'hello retry request' (potentially maliciously). 73| | // Extension parsing will however not be affected by the associated flag. 74| | // Only after parsing the extensions will the upstream code be able to decide 75| | // whether we're dealing with TLS 1.3 or older. 76| 116| m_extensions.deserialize(reader, 77| 116| Connection_Side::Server, 78| 116| m_is_hello_retry_request ? Handshake_Type::HelloRetryRequest : Handshake_Type::ServerHello); ------------------ | Branch (78:29): [True: 0, False: 116] ------------------ 79| 116|} _ZNK5Botan3TLS21Server_Hello_Internal7versionEv: 81| 3.03k|Protocol_Version Server_Hello_Internal::version() const { 82| | // RFC 8446 4.2.1 83| | // A server which negotiates a version of TLS prior to TLS 1.3 MUST set 84| | // ServerHello.version and MUST NOT send the "supported_versions" 85| | // extension. A server which negotiates TLS 1.3 MUST respond by sending 86| | // a "supported_versions" extension containing the selected version 87| | // value (0x0304). 88| | // 89| | // Note: Here we just take a message parsing decision, further validation of 90| | // the extension's contents is done later. 91| 3.03k| return (extensions().has()) ? Protocol_Version::TLS_V13 : m_legacy_version; ------------------ | Branch (91:11): [True: 46, False: 2.98k] ------------------ 92| 3.03k|} _ZN5Botan3TLS12Server_HelloC2ENSt3__110unique_ptrINS0_21Server_Hello_InternalENS2_14default_deleteIS4_EEEE: 94| 2.93k|Server_Hello::Server_Hello(std::unique_ptr data) : m_data(std::move(data)) {} _ZN5Botan3TLS12Server_HelloC2EOS1_: 96| 161|Server_Hello::Server_Hello(Server_Hello&&) noexcept = default; _ZN5Botan3TLS12Server_HelloD2Ev: 99| 3.10k|Server_Hello::~Server_Hello() = default; _ZNK5Botan3TLS12Server_Hello9serializeEv: 104| 2.89k|std::vector Server_Hello::serialize() const { 105| 2.89k| std::vector buf; 106| 2.89k| buf.reserve(1024); // working around GCC warning 107| | 108| 2.89k| buf.push_back(m_data->legacy_version().major_version()); 109| 2.89k| buf.push_back(m_data->legacy_version().minor_version()); 110| 2.89k| buf += m_data->random(); 111| | 112| 2.89k| append_tls_length_value(buf, m_data->session_id().get(), 1); 113| | 114| 2.89k| buf.push_back(get_byte<0>(m_data->ciphersuite())); 115| 2.89k| buf.push_back(get_byte<1>(m_data->ciphersuite())); 116| | 117| 2.89k| buf.push_back(m_data->comp_method()); 118| | 119| 2.89k| buf += m_data->extensions().serialize(Connection_Side::Server); 120| | 121| 2.89k| return buf; 122| 2.89k|} _ZNK5Botan3TLS12Server_Hello4typeEv: 124| 8.67k|Handshake_Type Server_Hello::type() const { 125| 8.67k| return Handshake_Type::ServerHello; 126| 8.67k|} _ZNK5Botan3TLS12Server_Hello14legacy_versionEv: 128| 146|Protocol_Version Server_Hello::legacy_version() const { 129| 146| return m_data->legacy_version(); 130| 146|} _ZNK5Botan3TLS12Server_Hello6randomEv: 132| 1.45k|const std::vector& Server_Hello::random() const { 133| 1.45k| return m_data->random(); 134| 1.45k|} _ZNK5Botan3TLS12Server_Hello18compression_methodEv: 136| 413|uint8_t Server_Hello::compression_method() const { 137| 413| return m_data->comp_method(); 138| 413|} _ZNK5Botan3TLS12Server_Hello10session_idEv: 140| 312|const Session_ID& Server_Hello::session_id() const { 141| 312| return m_data->session_id(); 142| 312|} _ZNK5Botan3TLS12Server_Hello11ciphersuiteEv: 144| 3.10k|uint16_t Server_Hello::ciphersuite() const { 145| 3.10k| return m_data->ciphersuite(); 146| 3.10k|} _ZNK5Botan3TLS12Server_Hello10extensionsEv: 152| 6|const Extensions& Server_Hello::extensions() const { 153| 6| return m_data->extensions(); 154| 6|} _ZN5Botan3TLS20Server_Hello_12_ShimC2ENSt3__110unique_ptrINS0_21Server_Hello_InternalENS2_14default_deleteIS4_EEEE: 160| 2.91k| Server_Hello(std::move(data)) { 161| 2.91k| if(!m_data->version().is_pre_tls_13()) { ------------------ | Branch (161:7): [True: 0, False: 2.91k] ------------------ 162| 0| throw TLS_Exception(Alert::ProtocolVersion, "Expected server hello of (D)TLS 1.2 or lower"); 163| 0| } 164| 2.91k|} _ZN5Botan3TLS14Certificate_12D2Ev: 22| 3|Certificate_12::~Certificate_12() = default; _ZN5Botan3TLS14Certificate_12C2ERNS0_12Handshake_IOERNS0_14Handshake_HashERKNSt3__16vectorINS_16X509_CertificateENS6_9allocatorIS8_EEEE: 28| 3| m_certs(cert_list) { 29| 3| hash.update(io.send(*this)); 30| 3|} _ZNK5Botan3TLS14Certificate_129serializeEv: 90| 3|std::vector Certificate_12::serialize() const { 91| 3| std::vector buf(3); 92| | 93| 3| for(const auto& cert : m_certs) { ------------------ | Branch (93:25): [True: 3, False: 3] ------------------ 94| 3| const auto raw_cert = cert.BER_encode(); 95| 3| const size_t cert_size = raw_cert.size(); 96| 12| for(size_t j = 0; j != 3; ++j) { ------------------ | Branch (96:25): [True: 9, False: 3] ------------------ 97| 9| buf.push_back(get_byte_var(j + 1, static_cast(cert_size))); 98| 9| } 99| 3| buf += raw_cert; 100| 3| } 101| | 102| 3| const size_t buf_size = buf.size() - 3; 103| 12| for(size_t i = 0; i != 3; ++i) { ------------------ | Branch (103:22): [True: 9, False: 3] ------------------ 104| 9| buf[i] = get_byte_var(i + 1, static_cast(buf_size)); 105| 9| } 106| | 107| 3| return buf; 108| 3|} _ZNK5Botan3TLS15Client_Hello_1228prefers_compressed_ec_pointsEv: 29| 2.77k|bool Client_Hello_12::prefers_compressed_ec_points() const { 30| 2.77k| if(const Supported_Point_Formats* ecc_formats = m_data->extensions().get()) { ------------------ | Branch (30:38): [True: 40, False: 2.73k] ------------------ 31| 40| return ecc_formats->prefers_compressed(); 32| 40| } 33| 2.73k| return false; 34| 2.77k|} _ZNK5Botan3TLS15Client_Hello_1220secure_renegotiationEv: 36| 6.17k|bool Client_Hello_12::secure_renegotiation() const { 37| 6.17k| return m_data->extensions().has(); 38| 6.17k|} _ZNK5Botan3TLS15Client_Hello_1218renegotiation_infoEv: 40| 156|std::vector Client_Hello_12::renegotiation_info() const { 41| 156| if(const Renegotiation_Extension* reneg = m_data->extensions().get()) { ------------------ | Branch (41:38): [True: 156, False: 0] ------------------ 42| 156| return reneg->renegotiation_info(); 43| 156| } 44| 0| return {}; 45| 156|} _ZNK5Botan3TLS15Client_Hello_1223supports_session_ticketEv: 47| 2.89k|bool Client_Hello_12::supports_session_ticket() const { 48| 2.89k| return m_data->extensions().has(); 49| 2.89k|} _ZNK5Botan3TLS15Client_Hello_1214session_ticketEv: 51| 3.06k|Session_Ticket Client_Hello_12::session_ticket() const { 52| 3.06k| if(auto* ticket = m_data->extensions().get()) { ------------------ | Branch (52:13): [True: 24, False: 3.04k] ------------------ 53| 24| return ticket->contents(); 54| 24| } 55| 3.04k| return {}; 56| 3.06k|} _ZNK5Botan3TLS15Client_Hello_1214session_handleEv: 58| 3.06k|std::optional Client_Hello_12::session_handle() const { 59| | // RFC 5077 3.4 60| | // If a ticket is presented by the client, the server MUST NOT attempt 61| | // to use the Session ID in the ClientHello for stateful session 62| | // resumption. 63| 3.06k| if(auto ticket = session_ticket(); !ticket.empty()) { ------------------ | Branch (63:39): [True: 20, False: 3.04k] ------------------ 64| 20| return Session_Handle(ticket); 65| 3.04k| } else if(const auto& id = session_id(); !id.empty()) { ------------------ | Branch (65:45): [True: 1, False: 3.04k] ------------------ 66| 1| return Session_Handle(id); 67| 3.04k| } else { 68| 3.04k| return std::nullopt; 69| 3.04k| } 70| 3.06k|} _ZNK5Botan3TLS15Client_Hello_1231supports_extended_master_secretEv: 72| 6.07k|bool Client_Hello_12::supports_extended_master_secret() const { 73| 6.07k| return m_data->extensions().has(); 74| 6.07k|} _ZNK5Botan3TLS15Client_Hello_1228supports_cert_status_messageEv: 76| 2.89k|bool Client_Hello_12::supports_cert_status_message() const { 77| 2.89k| return m_data->extensions().has(); 78| 2.89k|} _ZNK5Botan3TLS15Client_Hello_1225supports_encrypt_then_macEv: 80| 1.95k|bool Client_Hello_12::supports_encrypt_then_mac() const { 81| 1.95k| return m_data->extensions().has(); 82| 1.95k|} _ZN5Botan3TLS15Client_Hello_12C2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 266| 12.5k| Client_Hello_12(std::make_unique(buf)) {} _ZN5Botan3TLS15Client_Hello_12C2ENSt3__110unique_ptrINS0_21Client_Hello_InternalENS2_14default_deleteIS4_EEEE: 268| 12.4k|Client_Hello_12::Client_Hello_12(std::unique_ptr data) : Client_Hello_12_Shim(std::move(data)) { 269| 12.4k| const uint16_t TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF; 270| | 271| 12.4k| if(offered_suite(static_cast(TLS_EMPTY_RENEGOTIATION_INFO_SCSV))) { ------------------ | Branch (271:7): [True: 3.21k, False: 9.21k] ------------------ 272| 3.21k| if(const Renegotiation_Extension* reneg = m_data->extensions().get()) { ------------------ | Branch (272:41): [True: 50, False: 3.16k] ------------------ 273| 50| if(!reneg->renegotiation_info().empty()) { ------------------ | Branch (273:13): [True: 1, False: 49] ------------------ 274| 1| throw TLS_Exception(Alert::HandshakeFailure, "Client sent renegotiation SCSV and non-empty extension"); 275| 1| } 276| 3.16k| } else { 277| | // add fake extension 278| 3.16k| m_data->extensions().add(new Renegotiation_Extension()); // NOLINT(*-owning-memory) 279| 3.16k| } 280| 3.21k| } 281| 12.4k|} _ZN5Botan3TLS19Client_Key_ExchangeC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEERKNS0_15Handshake_StateEPKNS_11Private_KeyERNS_19Credentials_ManagerERKNS0_6PolicyERNS_21RandomNumberGeneratorE: 244| 2.26k| RandomNumberGenerator& rng) { 245| 2.26k| const Kex_Algo kex_algo = state.ciphersuite().kex_method(); 246| | 247| 2.26k| if(kex_algo == Kex_Algo::STATIC_RSA) { ------------------ | Branch (247:7): [True: 0, False: 2.26k] ------------------ 248| 0| BOTAN_ASSERT(state.server_certs() && !state.server_certs()->cert_chain().empty(), ------------------ | | 64| 0| do { \ | | 65| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 0| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 0, False: 0] | | | Branch (66:12): [True: 0, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 0| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 0] | | ------------------ ------------------ 249| 0| "RSA key exchange negotiated so server sent a certificate"); 250| | 251| 0| if(server_rsa_kex_key == nullptr) { ------------------ | Branch (251:10): [True: 0, False: 0] ------------------ 252| 0| throw Internal_Error("Expected RSA kex but no server kex key set"); 253| 0| } 254| | 255| 0| if(server_rsa_kex_key->algo_name() != "RSA") { ------------------ | Branch (255:10): [True: 0, False: 0] ------------------ 256| 0| throw Internal_Error("Expected RSA key but got " + server_rsa_kex_key->algo_name()); 257| 0| } 258| | 259| 0| TLS_Data_Reader reader("ClientKeyExchange", contents); 260| | // RFC 5246 7.4.7.1: encrypted_pre_master_secret<1..2^16-1>. 261| 0| const std::vector encrypted_pre_master = reader.get_range(2, 1, 65535); 262| 0| reader.assert_done(); 263| | 264| 0| const PK_Decryptor_EME decryptor(*server_rsa_kex_key, rng, "PKCS1v15"); 265| | 266| 0| const uint8_t client_major = state.client_hello()->legacy_version().major_version(); 267| 0| const uint8_t client_minor = state.client_hello()->legacy_version().minor_version(); 268| | 269| | /* 270| | * PK_Decryptor::decrypt_or_random will return a random value if 271| | * either the length does not match the expected value or if the 272| | * version number embedded in the PMS does not match the one sent 273| | * in the client hello. 274| | */ 275| 0| const size_t expected_plaintext_size = 48; 276| 0| const size_t expected_content_size = 2; 277| 0| const uint8_t expected_content_bytes[expected_content_size] = {client_major, client_minor}; 278| 0| const uint8_t expected_content_pos[expected_content_size] = {0, 1}; 279| | 280| 0| m_pre_master = decryptor.decrypt_or_random(encrypted_pre_master.data(), 281| 0| encrypted_pre_master.size(), 282| 0| expected_plaintext_size, 283| 0| rng, 284| 0| expected_content_bytes, 285| 0| expected_content_pos, 286| 0| expected_content_size); 287| 2.26k| } else { 288| 2.26k| TLS_Data_Reader reader("ClientKeyExchange", contents); 289| | 290| 2.26k| SymmetricKey psk; 291| | 292| 2.26k| if(key_exchange_is_psk(kex_algo)) { ------------------ | Branch (292:10): [True: 2.26k, False: 0] ------------------ 293| 2.26k| m_psk_identity = reader.get_string(2, 0, 65535); 294| | 295| 2.26k| try { 296| 2.26k| psk = creds.psk("tls-server", state.client_hello()->sni_hostname(), m_psk_identity.value()); 297| 2.26k| } catch(...) { 298| | // Treat any lookup failure for the identity sent by the client as 299| | // "no PSK for this identity" and let the logic below handle it 300| 30| } 301| | 302| 2.26k| if(psk.empty()) { ------------------ | Branch (302:13): [True: 30, False: 2.22k] ------------------ 303| 30| if(policy.hide_unknown_users()) { ------------------ | Branch (303:16): [True: 0, False: 30] ------------------ 304| 0| psk = SymmetricKey(rng, 16); 305| 30| } else { 306| 30| throw TLS_Exception(Alert::UnknownPSKIdentity, "No PSK for identifier " + m_psk_identity.value()); 307| 30| } 308| 30| } 309| 2.25k| } 310| | 311| 2.22k| if(kex_algo == Kex_Algo::PSK) { ------------------ | Branch (311:10): [True: 5, False: 2.21k] ------------------ 312| 5| reader.assert_done(); 313| 5| const std::vector zeros(psk.length()); 314| 5| append_tls_length_value(m_pre_master, zeros, 2); 315| 5| append_tls_length_value(m_pre_master, psk.bits_of(), 2); 316| 2.21k| } else if(kex_algo == Kex_Algo::DH || kex_algo == Kex_Algo::ECDH || kex_algo == Kex_Algo::ECDHE_PSK) { ------------------ | Branch (316:17): [True: 0, False: 2.21k] | Branch (316:45): [True: 0, False: 2.21k] | Branch (316:75): [True: 2.21k, False: 0] ------------------ 317| 2.21k| const PK_Key_Agreement_Key& ka_key = state.server_kex()->server_kex_key(); 318| | 319| 2.21k| const std::vector client_pubkey = (ka_key.algo_name() == "DH") ------------------ | Branch (319:53): [True: 0, False: 2.21k] ------------------ 320| 2.21k| ? reader.get_range(2, 1, 65535) 321| 2.21k| : reader.get_range(1, 1, 255); 322| | 323| 2.21k| const auto shared_group = state.server_kex()->shared_group(); 324| 2.21k| BOTAN_STATE_CHECK(shared_group && shared_group.value() != Group_Params::NONE); ------------------ | | 51| 2.21k| do { \ | | 52| 2.21k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 4.42k| if(!(expr)) { \ | | ------------------ | | | Branch (53:12): [True: 2.20k, False: 6] | | | Branch (53:12): [True: 2.20k, False: 0] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 2.21k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 2.21k] | | ------------------ ------------------ 325| | 326| 2.21k| try { 327| 2.21k| auto shared_secret = 328| 2.21k| state.callbacks().tls_ephemeral_key_agreement(shared_group.value(), ka_key, client_pubkey, rng, policy); 329| | 330| 2.21k| if(ka_key.algo_name() == "DH") { ------------------ | Branch (330:16): [True: 0, False: 2.21k] ------------------ 331| 0| shared_secret = CT::strip_leading_zeros(shared_secret); 332| 0| } 333| | 334| 2.21k| if(kex_algo == Kex_Algo::ECDHE_PSK) { ------------------ | Branch (334:16): [True: 1.69k, False: 520] ------------------ 335| 1.69k| append_tls_length_value(m_pre_master, shared_secret, 2); 336| 1.69k| append_tls_length_value(m_pre_master, psk.bits_of(), 2); 337| 1.69k| } else { 338| 520| m_pre_master = shared_secret; 339| 520| } 340| 2.21k| } catch(Invalid_Argument& e) { 341| 0| throw TLS_Exception(Alert::IllegalParameter, e.what()); 342| 514| } catch(TLS_Exception&) { 343| 514| throw; // rethrow 344| 514| } catch(std::exception&) { 345| | /* 346| | * Something failed in the DH/ECDH computation. To avoid possible 347| | * attacks which are based on triggering and detecting some edge 348| | * failure condition, randomize the pre-master output and carry on, 349| | * allowing the protocol to fail later in the finished checks. 350| | */ 351| 0| rng.random_vec(m_pre_master, ka_key.public_value().size()); 352| 0| } 353| | 354| 1.69k| reader.assert_done(); 355| 1.69k| } else { 356| 0| throw Internal_Error("Client_Key_Exchange: Unknown key exchange negotiated"); 357| 0| } 358| 2.22k| } 359| 2.26k|} _ZN5Botan3TLS11Finished_12C2ERNS0_12Handshake_IOERNS0_15Handshake_StateENS0_15Connection_SideE: 44| 104|Finished_12::Finished_12(Handshake_IO& io, Handshake_State& state, Connection_Side side) { 45| 104| m_verification_data = finished_compute_verify_12(state, side); 46| 104| state.hash().update(io.send(*this)); 47| 104|} _ZNK5Botan3TLS11Finished_126verifyERKNS0_15Handshake_StateENS0_15Connection_SideE: 49| 104|bool Finished_12::verify(const Handshake_State& state, Connection_Side side) const { 50| 104| std::vector computed_verify = finished_compute_verify_12(state, side); 51| | 52| 104|#if defined(BOTAN_UNSAFE_FUZZER_MODE) 53| 104| return true; 54| |#else 55| | return CT::is_equal(m_verification_data, computed_verify).as_bool(); 56| |#endif 57| 104|} msg_finished_12.cpp:_ZN5Botan3TLS12_GLOBAL__N_126finished_compute_verify_12ERKNS0_15Handshake_StateENS0_15Connection_SideE: 23| 208|std::vector finished_compute_verify_12(const Handshake_State& state, Connection_Side side) { 24| 208| const uint8_t TLS_CLIENT_LABEL[] = { 25| 208| 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64}; 26| | 27| 208| const uint8_t TLS_SERVER_LABEL[] = { 28| 208| 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64}; 29| | 30| 208| auto prf = state.protocol_specific_prf(); 31| | 32| 208| std::vector input; 33| 208| std::vector label; 34| 208| label += (side == Connection_Side::Client) ? std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL)) ------------------ | Branch (34:13): [True: 104, False: 104] ------------------ 35| 208| : std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL)); 36| | 37| 208| input += state.hash().final(state.ciphersuite().prf_algo()); 38| | 39| 208| return unlock(prf->derive_key(12, state.session_keys().master_secret(), input, label)); 40| 208|} _ZN5Botan3TLS20Hello_Verify_RequestC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEENS2_17basic_string_viewIcNS2_11char_traitsIcEEEERKNS_11OctetStringE: 35| 9.14k| const SymmetricKey& secret_key) { 36| 9.14k| auto hmac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-256)"); 37| 9.14k| hmac->set_key(secret_key); 38| | 39| 9.14k| hmac->update_be(static_cast(client_hello_bits.size())); 40| 9.14k| hmac->update(client_hello_bits); 41| 9.14k| hmac->update_be(static_cast(client_identity.size())); 42| 9.14k| hmac->update(client_identity); 43| | 44| 9.14k| m_cookie.resize(hmac->output_length()); 45| 9.14k| hmac->final(m_cookie.data()); 46| 9.14k|} _ZNK5Botan3TLS20Hello_Verify_Request9serializeEv: 48| 9.14k|std::vector Hello_Verify_Request::serialize() const { 49| | /* DTLS 1.2 server implementations SHOULD use DTLS version 1.0 50| | regardless of the version of TLS that is expected to be 51| | negotiated (RFC 6347, section 4.2.1) 52| | */ 53| | 54| 9.14k| const Protocol_Version format_version(254, 255); // DTLS 1.0 55| | 56| 9.14k| std::vector bits; 57| 9.14k| bits.push_back(format_version.major_version()); 58| 9.14k| bits.push_back(format_version.minor_version()); 59| 9.14k| append_tls_length_value(bits, m_cookie, 1); 60| 9.14k| return bits; 61| 9.14k|} _ZN5Botan3TLS15Server_Hello_12C2ERNS0_12Handshake_IOERNS0_14Handshake_HashERKNS0_6PolicyERNS0_9CallbacksERNS_21RandomNumberGeneratorERKNSt3__16vectorIhNSD_9allocatorIhEEEERKNS0_15Client_Hello_12ERKNS1_8SettingsENSD_17basic_string_viewIcNSD_11char_traitsIcEEEE: 31| 2.89k| Server_Hello_12(std::make_unique( 32| 2.89k| server_settings.protocol_version(), 33| 2.89k| server_settings.session_id(), 34| 2.89k| make_server_hello_random(rng, server_settings.protocol_version(), cb, policy), 35| 2.89k| server_settings.ciphersuite(), 36| 2.89k| uint8_t(0))) { 37| | // NOLINTBEGIN(*-owning-memory) 38| 2.89k| if(client_hello.supports_extended_master_secret()) { ------------------ | Branch (38:7): [True: 2.89k, False: 0] ------------------ 39| 2.89k| m_data->extensions().add(new Extended_Master_Secret); 40| 2.89k| } 41| | 42| | // Sending the extension back does not commit us to sending a stapled response 43| 2.89k| if(client_hello.supports_cert_status_message() && policy.support_cert_status_message()) { ------------------ | Branch (43:7): [True: 74, False: 2.81k] | Branch (43:54): [True: 74, False: 0] ------------------ 44| 74| m_data->extensions().add(new Certificate_Status_Request); 45| 74| } 46| | 47| 2.89k| if(!next_protocol.empty() && client_hello.supports_alpn()) { ------------------ | Branch (47:7): [True: 10, False: 2.88k] | Branch (47:33): [True: 10, False: 0] ------------------ 48| 10| m_data->extensions().add(new Application_Layer_Protocol_Notification(next_protocol)); 49| 10| } 50| | 51| 2.89k| const auto c = Ciphersuite::by_id(m_data->ciphersuite()); 52| | 53| 2.89k| if(c && c->cbc_ciphersuite() && client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac()) { ------------------ | Branch (53:7): [True: 2.89k, False: 0] | Branch (53:12): [True: 1.95k, False: 939] | Branch (53:36): [True: 55, False: 1.89k] | Branch (53:80): [True: 55, False: 0] ------------------ 54| 55| m_data->extensions().add(new Encrypt_then_MAC); 55| 55| } 56| | 57| 2.89k| if(c && c->ecc_ciphersuite() && client_hello.extension_types().contains(Extension_Code::EcPointFormats)) { ------------------ | Branch (57:7): [True: 2.89k, False: 0] | Branch (57:7): [True: 40, False: 2.85k] | Branch (57:12): [True: 2.79k, False: 94] | Branch (57:36): [True: 40, False: 2.75k] ------------------ 58| 40| m_data->extensions().add(new Supported_Point_Formats(policy.use_ecc_point_compression())); 59| 40| } 60| | 61| 2.89k| if(client_hello.secure_renegotiation()) { ------------------ | Branch (61:7): [True: 110, False: 2.78k] ------------------ 62| 110| m_data->extensions().add(new Renegotiation_Extension(reneg_info)); 63| 110| } 64| | 65| 2.89k| if(client_hello.supports_session_ticket() && server_settings.offer_session_ticket()) { ------------------ | Branch (65:7): [True: 15, False: 2.87k] | Branch (65:49): [True: 0, False: 15] ------------------ 66| 0| m_data->extensions().add(new Session_Ticket_Extension()); 67| 0| } 68| | 69| 2.89k| if(m_data->legacy_version().is_datagram_protocol()) { ------------------ | Branch (69:7): [True: 0, False: 2.89k] ------------------ 70| 0| const std::vector server_srtp = policy.srtp_profiles(); 71| 0| const std::vector client_srtp = client_hello.srtp_profiles(); 72| | 73| 0| if(!server_srtp.empty() && !client_srtp.empty()) { ------------------ | Branch (73:10): [True: 0, False: 0] | Branch (73:34): [True: 0, False: 0] ------------------ 74| 0| uint16_t shared = 0; 75| | // always using server preferences for now 76| 0| for(auto s_srtp : server_srtp) { ------------------ | Branch (76:26): [True: 0, False: 0] ------------------ 77| 0| for(auto c_srtp : client_srtp) { ------------------ | Branch (77:29): [True: 0, False: 0] ------------------ 78| 0| if(shared == 0 && s_srtp == c_srtp) { ------------------ | Branch (78:19): [True: 0, False: 0] | Branch (78:34): [True: 0, False: 0] ------------------ 79| 0| shared = s_srtp; 80| 0| } 81| 0| } 82| 0| } 83| | 84| 0| if(shared != 0) { ------------------ | Branch (84:13): [True: 0, False: 0] ------------------ 85| 0| m_data->extensions().add(new SRTP_Protection_Profiles(shared)); 86| 0| } 87| 0| } 88| 0| } 89| | // NOLINTEND(*-owning-memory) 90| | 91| 2.89k| cb.tls_modify_extensions(m_data->extensions(), Connection_Side::Server, type()); 92| | 93| 2.89k| hash.update(io.send(*this)); 94| 2.89k|} _ZN5Botan3TLS15Server_Hello_12C2ENSt3__110unique_ptrINS0_21Server_Hello_InternalENS2_14default_deleteIS4_EEEE: 151| 2.89k|Server_Hello_12::Server_Hello_12(std::unique_ptr data) : Server_Hello_12_Shim(std::move(data)) {} _ZNK5Botan3TLS15Server_Hello_1220secure_renegotiationEv: 153| 2.99k|bool Server_Hello_12::secure_renegotiation() const { 154| 2.99k| return m_data->extensions().has(); 155| 2.99k|} _ZNK5Botan3TLS15Server_Hello_1218renegotiation_infoEv: 157| 110|std::vector Server_Hello_12::renegotiation_info() const { 158| 110| if(const Renegotiation_Extension* reneg = m_data->extensions().get()) { ------------------ | Branch (158:38): [True: 110, False: 0] ------------------ 159| 110| return reneg->renegotiation_info(); 160| 110| } 161| 0| return std::vector(); 162| 110|} _ZNK5Botan3TLS15Server_Hello_1231supports_extended_master_secretEv: 164| 1.55k|bool Server_Hello_12::supports_extended_master_secret() const { 165| 1.55k| return m_data->extensions().has(); 166| 1.55k|} _ZNK5Botan3TLS15Server_Hello_1225supports_encrypt_then_macEv: 168| 511|bool Server_Hello_12::supports_encrypt_then_mac() const { 169| 511| return m_data->extensions().has(); 170| 511|} _ZNK5Botan3TLS15Server_Hello_1223supports_session_ticketEv: 176| 312|bool Server_Hello_12::supports_session_ticket() const { 177| 312| return m_data->extensions().has(); 178| 312|} _ZNK5Botan3TLS15Server_Hello_1212srtp_profileEv: 180| 104|uint16_t Server_Hello_12::srtp_profile() const { 181| 104| if(auto* srtp = m_data->extensions().get()) { ------------------ | Branch (181:13): [True: 0, False: 104] ------------------ 182| 0| auto prof = srtp->profiles(); 183| 0| if(prof.size() != 1 || prof[0] == 0) { ------------------ | Branch (183:10): [True: 0, False: 0] | Branch (183:30): [True: 0, False: 0] ------------------ 184| 0| throw Decoding_Error("Server sent malformed DTLS-SRTP extension"); 185| 0| } 186| 0| return prof[0]; 187| 0| } 188| | 189| 104| return 0; 190| 104|} _ZN5Botan3TLS17Server_Hello_DoneC2ERNS0_12Handshake_IOERNS0_14Handshake_HashE: 209| 2.88k|Server_Hello_Done::Server_Hello_Done(Handshake_IO& io, Handshake_Hash& hash) { 210| 2.88k| hash.update(io.send(*this)); 211| 2.88k|} _ZNK5Botan3TLS17Server_Hello_Done9serializeEv: 225| 2.88k|std::vector Server_Hello_Done::serialize() const { 226| 2.88k| return std::vector(); 227| 2.88k|} _ZN5Botan3TLS19Server_Key_ExchangeD2Ev: 26| 2.88k|Server_Key_Exchange::~Server_Key_Exchange() = default; _ZN5Botan3TLS19Server_Key_ExchangeC2ERNS0_12Handshake_IOERNS0_15Handshake_StateERKNS0_6PolicyERNS_19Credentials_ManagerERNS_21RandomNumberGeneratorEPKNS_11Private_KeyE: 36| 2.88k| const Private_Key* signing_key) { 37| 2.88k| const std::string hostname = state.client_hello()->sni_hostname(); 38| 2.88k| const Kex_Algo kex_algo = state.ciphersuite().kex_method(); 39| | 40| 2.88k| if(kex_algo == Kex_Algo::PSK || kex_algo == Kex_Algo::ECDHE_PSK) { ------------------ | Branch (40:7): [True: 94, False: 2.79k] | Branch (40:36): [True: 2.79k, False: 0] ------------------ 41| 2.88k| const std::string identity_hint = creds.psk_identity_hint("tls-server", hostname); 42| | 43| 2.88k| append_tls_length_value(m_params, identity_hint, 2); 44| 2.88k| } 45| | 46| 2.88k| if(kex_algo == Kex_Algo::DH) { ------------------ | Branch (46:7): [True: 0, False: 2.88k] ------------------ 47| 0| const std::vector dh_groups = state.client_hello()->supported_dh_groups(); 48| | 49| 0| m_shared_group = Group_Params::NONE; 50| | 51| | /* 52| | RFC 7919 requires that if the client sends any groups in the FFDHE 53| | range, that we must select one of these. If this is not possible, 54| | then we are required to reject the connection. 55| | 56| | If the client did not send any DH groups, but did offer DH ciphersuites 57| | and we selected one, then consult the policy for which DH group to pick. 58| | */ 59| | 60| 0| if(dh_groups.empty()) { ------------------ | Branch (60:10): [True: 0, False: 0] ------------------ 61| 0| m_shared_group = policy.default_dh_group(); 62| 0| } else { 63| 0| m_shared_group = policy.choose_key_exchange_group(dh_groups, {}); 64| 0| } 65| | 66| 0| if(m_shared_group.value() == Group_Params::NONE) { ------------------ | Branch (66:10): [True: 0, False: 0] ------------------ 67| 0| throw TLS_Exception(Alert::HandshakeFailure, "Could not agree on a DH group with the client"); 68| 0| } 69| | 70| | // The policy had better return a group we know about: 71| 0| BOTAN_ASSERT(m_shared_group.value().is_dh_named_group(), "DH ciphersuite is using a known finite field group"); ------------------ | | 64| 0| do { \ | | 65| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 0| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 0| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 0] | | ------------------ ------------------ 72| | 73| | // Note: TLS 1.2 allows defining and using arbitrary DH groups (additional 74| | // to the named and standardized ones). This API doesn't allow the 75| | // server to make use of that at the moment. TLS 1.3 does not 76| | // provide this flexibility! 77| | // 78| | // A possible implementation strategy in case one would ever need that: 79| | // `Policy::default_dh_group()` could return a `std::variant`, allowing it to define arbitrary groups. 81| 0| m_kex_key = state.callbacks().tls_generate_ephemeral_key(m_shared_group.value(), rng); 82| 0| auto* dh = dynamic_cast(m_kex_key.get()); 83| 0| if(dh == nullptr) { ------------------ | Branch (83:10): [True: 0, False: 0] ------------------ 84| 0| throw TLS_Exception(Alert::InternalError, "Application did not provide a Diffie-Hellman key"); 85| 0| } 86| | 87| 0| append_tls_length_value(m_params, dh->get_int_field("p").serialize(), 2); 88| 0| append_tls_length_value(m_params, dh->get_int_field("g").serialize(), 2); 89| 0| append_tls_length_value(m_params, dh->public_value(), 2); 90| 2.88k| } else if(kex_algo == Kex_Algo::ECDH || kex_algo == Kex_Algo::ECDHE_PSK) { ------------------ | Branch (90:14): [True: 0, False: 2.88k] | Branch (90:44): [True: 2.79k, False: 94] ------------------ 91| 2.79k| const std::vector ec_groups = state.client_hello()->supported_ecc_curves(); 92| | 93| 2.79k| if(ec_groups.empty()) { ------------------ | Branch (93:10): [True: 0, False: 2.79k] ------------------ 94| 0| throw Internal_Error("Client sent no ECC extension but we negotiated ECDH"); 95| 0| } 96| | 97| 2.79k| m_shared_group = policy.choose_key_exchange_group(ec_groups, {}); 98| | 99| 2.79k| if(m_shared_group.value() == Group_Params::NONE) { ------------------ | Branch (99:10): [True: 0, False: 2.79k] ------------------ 100| 0| throw TLS_Exception(Alert::HandshakeFailure, "No shared ECC group with client"); 101| 0| } 102| | 103| 2.79k| m_kex_key = [&] { 104| 2.79k| if(m_shared_group->is_ecdh_named_curve()) { 105| 2.79k| const auto pubkey_point_format = state.client_hello()->prefers_compressed_ec_points() 106| 2.79k| ? EC_Point_Format::Compressed 107| 2.79k| : EC_Point_Format::Uncompressed; 108| 2.79k| return state.callbacks().tls12_generate_ephemeral_ecdh_key(*m_shared_group, rng, pubkey_point_format); 109| 2.79k| } else { 110| 2.79k| return state.callbacks().tls_generate_ephemeral_key(*m_shared_group, rng); 111| 2.79k| } 112| 2.79k| }(); 113| | 114| 2.79k| if(!m_kex_key) { ------------------ | Branch (114:10): [True: 0, False: 2.79k] ------------------ 115| 0| throw TLS_Exception(Alert::InternalError, "Application did not provide an EC key"); 116| 0| } 117| | 118| 2.79k| const uint16_t named_curve_id = m_shared_group.value().wire_code(); 119| 2.79k| m_params.push_back(3); // named curve 120| 2.79k| m_params.push_back(get_byte<0>(named_curve_id)); 121| 2.79k| m_params.push_back(get_byte<1>(named_curve_id)); 122| | 123| | // Note: In contrast to public_value(), raw_public_key_bits() takes the 124| | // point format (compressed vs. uncompressed) into account that was set 125| | // in its construction within tls_generate_ephemeral_key(). 126| 2.79k| append_tls_length_value(m_params, m_kex_key->raw_public_key_bits(), 1); 127| 2.79k| } else if(kex_algo != Kex_Algo::PSK) { ------------------ | Branch (127:14): [True: 0, False: 94] ------------------ 128| 0| throw Internal_Error("Server_Key_Exchange: Unknown kex type " + kex_method_to_string(kex_algo)); 129| 0| } 130| | 131| 2.88k| if(state.ciphersuite().signature_used()) { ------------------ | Branch (131:7): [True: 0, False: 2.88k] ------------------ 132| 0| BOTAN_ASSERT(signing_key, "Signing key was set"); ------------------ | | 64| 0| do { \ | | 65| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 0| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 0| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 0] | | ------------------ ------------------ 133| | 134| 0| const std::pair format = 135| 0| state.choose_sig_format(*signing_key, m_scheme, false, policy); 136| | 137| 0| std::vector buf = state.client_hello()->random(); 138| | 139| 0| buf += state.server_hello()->random(); 140| 0| buf += params(); 141| | 142| 0| m_signature = state.callbacks().tls_sign_message(*signing_key, rng, format.first, format.second, buf); 143| 0| } 144| | 145| 2.88k| state.hash().update(io.send(*this)); 146| 2.88k|} _ZNK5Botan3TLS19Server_Key_Exchange9serializeEv: 197| 2.88k|std::vector Server_Key_Exchange::serialize() const { 198| 2.88k| std::vector buf = params(); 199| | 200| 2.88k| if(!m_signature.empty()) { ------------------ | Branch (200:7): [True: 0, False: 2.88k] ------------------ 201| 0| if(m_scheme.is_set()) { ------------------ | Branch (201:10): [True: 0, False: 0] ------------------ 202| 0| buf.push_back(get_byte<0>(m_scheme.wire_code())); 203| 0| buf.push_back(get_byte<1>(m_scheme.wire_code())); 204| 0| } 205| | 206| 0| append_tls_length_value(buf, m_signature, 2); 207| 0| } 208| | 209| 2.88k| return buf; 210| 2.88k|} _ZNK5Botan3TLS19Server_Key_Exchange14server_kex_keyEv: 239| 2.21k|const PK_Key_Agreement_Key& Server_Key_Exchange::server_kex_key() const { 240| 2.21k| BOTAN_ASSERT_NONNULL(m_kex_key); ------------------ | | 116| 2.21k| do { \ | | 117| 2.21k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 2.21k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 2.21k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 2.21k] | | ------------------ ------------------ 241| 2.21k| return *m_kex_key; 242| 2.21k|} msg_server_kex.cpp:_ZZN5Botan3TLS19Server_Key_ExchangeC1ERNS0_12Handshake_IOERNS0_15Handshake_StateERKNS0_6PolicyERNS_19Credentials_ManagerERNS_21RandomNumberGeneratorEPKNS_11Private_KeyEENK3$_0clEv: 103| 2.79k| m_kex_key = [&] { 104| 2.79k| if(m_shared_group->is_ecdh_named_curve()) { ------------------ | Branch (104:13): [True: 2.77k, False: 24] ------------------ 105| 2.77k| const auto pubkey_point_format = state.client_hello()->prefers_compressed_ec_points() ------------------ | Branch (105:46): [True: 27, False: 2.74k] ------------------ 106| 2.77k| ? EC_Point_Format::Compressed 107| 2.77k| : EC_Point_Format::Uncompressed; 108| 2.77k| return state.callbacks().tls12_generate_ephemeral_ecdh_key(*m_shared_group, rng, pubkey_point_format); 109| 2.77k| } else { 110| 24| return state.callbacks().tls_generate_ephemeral_key(*m_shared_group, rng); 111| 24| } 112| 2.79k| }(); _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_ModeD2Ev: 25| 231|TLS_CBC_HMAC_AEAD_Mode::~TLS_CBC_HMAC_AEAD_Mode() = default; _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_ModeC2ENS_10Cipher_DirENSt3__110unique_ptrINS_11BlockCipherENS3_14default_deleteIS5_EEEENS4_INS_25MessageAuthenticationCodeENS6_IS9_EEEEmmRKNS0_16Protocol_VersionEb: 37| 231| m_mac(std::move(mac)), 38| 231| m_cipher_name(cipher->name()), 39| 231| m_mac_name(m_mac->name()), 40| 231| m_cipher_keylen(cipher_keylen), 41| 231| m_block_size(cipher->block_size()), 42| 231| m_iv_size(m_block_size), 43| 231| m_mac_keylen(mac_keylen), 44| 231| m_tag_size(m_mac->output_length()), 45| 231| m_use_encrypt_then_mac(use_encrypt_then_mac), 46| 231| m_is_datagram(version.is_datagram_protocol()) { 47| 231| BOTAN_ASSERT_NOMSG(m_mac->valid_keylength(m_mac_keylen)); ------------------ | | 77| 231| do { \ | | 78| 231| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 231| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 231] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 231| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 231] | | ------------------ ------------------ 48| 231| BOTAN_ASSERT_NOMSG(cipher->valid_keylength(m_cipher_keylen)); ------------------ | | 77| 231| do { \ | | 78| 231| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 231| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 231] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 231| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 231] | | ------------------ ------------------ 49| | 50| 231| auto null_padding = std::make_unique(); 51| 231| if(dir == Cipher_Dir::Encryption) { ------------------ | Branch (51:7): [True: 60, False: 171] ------------------ 52| 60| m_cbc = std::make_unique(std::move(cipher), std::move(null_padding)); 53| 171| } else { 54| 171| m_cbc = std::make_unique(std::move(cipher), std::move(null_padding)); 55| 171| } 56| 231|} _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode18valid_nonce_lengthEm: 82| 223|bool TLS_CBC_HMAC_AEAD_Mode::valid_nonce_length(size_t nl) const { 83| 223| if(m_cbc_state.empty()) { ------------------ | Branch (83:7): [True: 176, False: 47] ------------------ 84| 176| return nl == block_size(); 85| 176| } 86| 47| return nl == iv_size(); 87| 223|} _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode8key_specEv: 89| 231|Key_Length_Specification TLS_CBC_HMAC_AEAD_Mode::key_spec() const { 90| 231| return Key_Length_Specification(m_cipher_keylen + m_mac_keylen); 91| 231|} _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 97| 231|void TLS_CBC_HMAC_AEAD_Mode::key_schedule(std::span key) { 98| | // Both keys are of fixed length specified by the ciphersuite 99| | 100| 231| if(key.size() != m_cipher_keylen + m_mac_keylen) { ------------------ | Branch (100:7): [True: 0, False: 231] ------------------ 101| 0| throw Invalid_Key_Length(name(), key.size()); 102| 0| } 103| | 104| 231| mac().set_key(key.first(m_mac_keylen)); 105| 231| cbc().set_key(key.subspan(m_mac_keylen, m_cipher_keylen)); 106| 231|} _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode9start_msgEPKhm: 108| 223|void TLS_CBC_HMAC_AEAD_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) { 109| 223| if(!valid_nonce_length(nonce_len)) { ------------------ | Branch (109:7): [True: 0, False: 223] ------------------ 110| 0| throw Invalid_IV_Length(name(), nonce_len); 111| 0| } 112| | 113| 223| m_msg.clear(); 114| | 115| 223| if(nonce_len > 0) { ------------------ | Branch (115:7): [True: 223, False: 0] ------------------ 116| 223| m_cbc_state.assign(nonce, nonce + nonce_len); 117| 223| } 118| 223|} _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode11process_msgEPhm: 120| 223|size_t TLS_CBC_HMAC_AEAD_Mode::process_msg(uint8_t buf[], size_t sz) { 121| 223| m_msg.insert(m_msg.end(), buf, buf + sz); 122| 223| return 0; 123| 223|} _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode19assoc_data_with_lenEt: 125| 104|std::vector TLS_CBC_HMAC_AEAD_Mode::assoc_data_with_len(uint16_t len) { 126| 104| std::vector ad = m_ad; 127| 104| BOTAN_ASSERT(ad.size() == 13, "Expected AAD size"); ------------------ | | 64| 104| do { \ | | 65| 104| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 104| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 104] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 104| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 104] | | ------------------ ------------------ 128| 104| ad[11] = get_byte<0>(len); 129| 104| ad[12] = get_byte<1>(len); 130| 104| return ad; 131| 104|} _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode21set_associated_data_nEmNSt3__14spanIKhLm18446744073709551615EEE: 133| 223|void TLS_CBC_HMAC_AEAD_Mode::set_associated_data_n(size_t idx, std::span ad) { 134| 223| BOTAN_ARG_CHECK(idx == 0, "TLS 1.2 CBC/HMAC: cannot handle non-zero index in set_associated_data_n"); ------------------ | | 35| 223| do { \ | | 36| 223| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 223| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 223] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 223| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 223] | | ------------------ ------------------ 135| 223| if(ad.size() != 13) { ------------------ | Branch (135:7): [True: 0, False: 223] ------------------ 136| 0| throw Invalid_Argument("Invalid TLS AEAD associated data length"); 137| 0| } 138| 223| m_ad.assign(ad.begin(), ad.end()); 139| 223|} _ZN5Botan3TLS28TLS_CBC_HMAC_AEAD_EncryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS2_14default_deleteIS4_EEEENS3_INS_25MessageAuthenticationCodeENS5_IS8_EEEEmmRKNS0_16Protocol_VersionEb: 147| 60| TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir::Encryption, 148| 60| std::move(cipher), 149| 60| std::move(mac), 150| 60| cipher_keylen, 151| 60| mac_keylen, 152| 60| version, 153| 60| use_encrypt_then_mac) {} _ZN5Botan3TLS28TLS_CBC_HMAC_AEAD_Encryption21set_associated_data_nEmNSt3__14spanIKhLm18446744073709551615EEE: 155| 107|void TLS_CBC_HMAC_AEAD_Encryption::set_associated_data_n(size_t idx, std::span ad) { 156| 107| TLS_CBC_HMAC_AEAD_Mode::set_associated_data_n(idx, ad); 157| | 158| 107| if(use_encrypt_then_mac()) { ------------------ | Branch (158:7): [True: 18, False: 89] ------------------ 159| | // AAD hack for EtM 160| | // EtM uses ciphertext size instead of plaintext size for AEAD input 161| 18| const uint16_t pt_size = make_uint16(assoc_data()[11], assoc_data()[12]); 162| 18| const uint16_t enc_size = static_cast(round_up(iv_size() + pt_size + 1, block_size())); 163| 18| assoc_data()[11] = get_byte<0, uint16_t>(enc_size); 164| 18| assoc_data()[12] = get_byte<1, uint16_t>(enc_size); 165| 18| } 166| 107|} _ZN5Botan3TLS28TLS_CBC_HMAC_AEAD_Encryption18cbc_encrypt_recordERNSt3__16vectorIhNS_16secure_allocatorIhEEEEmm: 170| 107| size_t padding_length) { 171| | // We always do short padding: 172| 107| BOTAN_ASSERT_NOMSG(padding_length <= 16); ------------------ | | 77| 107| do { \ | | 78| 107| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 107| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 107] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 107| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 107] | | ------------------ ------------------ 173| | 174| 107| buffer.resize(buffer.size() + padding_length); 175| | 176| 107| const uint8_t padding_val = static_cast(padding_length - 1); 177| | 178| 107| CT::poison(&padding_val, 1); 179| 107| CT::poison(&padding_length, 1); 180| 107| CT::poison(buffer.data(), buffer.size()); 181| | 182| 107| const size_t last_block_starts = buffer.size() - block_size(); 183| 107| const size_t padding_starts = buffer.size() - padding_length; 184| 1.57k| for(size_t i = last_block_starts; i != buffer.size(); ++i) { ------------------ | Branch (184:38): [True: 1.46k, False: 107] ------------------ 185| 1.46k| auto add_padding = CT::Mask(CT::Mask::is_gte(i, padding_starts)); 186| 1.46k| buffer[i] = add_padding.select(padding_val, buffer[i]); 187| 1.46k| } 188| | 189| 107| CT::unpoison(padding_val); 190| 107| CT::unpoison(padding_length); 191| 107| CT::unpoison(buffer.data(), buffer.size()); 192| | 193| 107| cbc().start(cbc_state()); 194| 107| cbc().process(&buffer[offset], buffer.size() - offset); 195| | 196| 107| cbc_state().assign(buffer.data() + (buffer.size() - block_size()), buffer.data() + buffer.size()); 197| 107|} _ZNK5Botan3TLS28TLS_CBC_HMAC_AEAD_Encryption13output_lengthEm: 199| 107|size_t TLS_CBC_HMAC_AEAD_Encryption::output_length(size_t input_length) const { 200| 107| return round_up(input_length + 1 + (use_encrypt_then_mac() ? 0 : tag_size()), block_size()) + ------------------ | Branch (200:40): [True: 18, False: 89] ------------------ 201| 107| (use_encrypt_then_mac() ? tag_size() : 0); ------------------ | Branch (201:12): [True: 18, False: 89] ------------------ 202| 107|} _ZN5Botan3TLS28TLS_CBC_HMAC_AEAD_Encryption10finish_msgERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 204| 107|void TLS_CBC_HMAC_AEAD_Encryption::finish_msg(secure_vector& buffer, size_t offset) { 205| 107| update(buffer, offset); 206| | 207| 107| const size_t msg_size = msg().size(); 208| | 209| 107| const size_t input_size = msg_size + 1 + (use_encrypt_then_mac() ? 0 : tag_size()); ------------------ | Branch (209:46): [True: 18, False: 89] ------------------ 210| 107| const size_t enc_size = round_up(input_size, block_size()); 211| 107| BOTAN_DEBUG_ASSERT(enc_size % block_size() == 0); ------------------ | | 130| 107| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 107| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 107] | | ------------------ ------------------ 212| | 213| 107| const uint8_t padding_val = static_cast(enc_size - input_size); 214| 107| const size_t padding_length = static_cast(padding_val) + 1; 215| | 216| 107| buffer.reserve(offset + msg_size + padding_length + tag_size()); 217| 107| buffer.resize(offset + msg_size); 218| 107| if(msg_size > 0) { ------------------ | Branch (218:7): [True: 107, False: 0] ------------------ 219| 107| copy_mem(&buffer[offset], msg().data(), msg_size); 220| 107| } 221| | 222| 107| mac().update(assoc_data()); 223| | 224| 107| if(use_encrypt_then_mac()) { ------------------ | Branch (224:7): [True: 18, False: 89] ------------------ 225| 18| if(iv_size() > 0) { ------------------ | Branch (225:10): [True: 18, False: 0] ------------------ 226| 18| mac().update(cbc_state()); 227| 18| } 228| | 229| 18| cbc_encrypt_record(buffer, offset, padding_length); 230| 18| mac().update(&buffer[offset], enc_size); 231| 18| buffer.resize(buffer.size() + tag_size()); 232| 18| mac().final(&buffer[buffer.size() - tag_size()]); 233| 89| } else { 234| 89| if(msg_size > 0) { ------------------ | Branch (234:10): [True: 89, False: 0] ------------------ 235| 89| mac().update(&buffer[offset], msg_size); 236| 89| } 237| 89| buffer.resize(buffer.size() + tag_size()); 238| 89| mac().final(&buffer[buffer.size() - tag_size()]); 239| 89| cbc_encrypt_record(buffer, offset, padding_length); 240| 89| } 241| 107|} _ZN5Botan3TLS21check_tls_cbc_paddingEPKhm: 254| 102|uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len) { 255| 102| if(record_len == 0 || record_len > 0xFFFF) { ------------------ | Branch (255:7): [True: 0, False: 102] | Branch (255:26): [True: 0, False: 102] ------------------ 256| 0| return 0; 257| 0| } 258| | 259| 102| const uint16_t rec16 = static_cast(record_len); 260| | 261| | /* 262| | * TLS v1.0 and up require all the padding bytes be the same value 263| | * and allows up to 255 bytes. 264| | */ 265| | 266| 102| const uint16_t to_check = std::min(256, static_cast(record_len)); 267| 102| const uint8_t pad_byte = record[record_len - 1]; 268| 102| const uint16_t pad_bytes = 1 + pad_byte; 269| | 270| 102| auto pad_invalid = CT::Mask::is_lt(rec16, pad_bytes); 271| | 272| 22.5k| for(uint16_t i = rec16 - to_check; i != rec16; ++i) { ------------------ | Branch (272:39): [True: 22.4k, False: 102] ------------------ 273| 22.4k| const uint16_t offset = rec16 - i; 274| 22.4k| const auto in_pad_range = CT::Mask::is_lte(offset, pad_bytes); 275| 22.4k| const auto pad_correct = CT::Mask::is_equal(record[i], pad_byte); 276| 22.4k| pad_invalid |= in_pad_range & ~pad_correct; 277| 22.4k| } 278| | 279| 102| return pad_invalid.if_not_set_return(pad_bytes); 280| 102|} _ZN5Botan3TLS28TLS_CBC_HMAC_AEAD_DecryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS2_14default_deleteIS4_EEEENS3_INS_25MessageAuthenticationCodeENS5_IS8_EEEEmmRKNS0_16Protocol_VersionEb: 288| 171| TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir::Decryption, 289| 171| std::move(cipher), 290| 171| std::move(mac), 291| 171| cipher_keylen, 292| 171| mac_keylen, 293| 171| version, 294| 171| use_encrypt_then_mac) {} _ZN5Botan3TLS28TLS_CBC_HMAC_AEAD_Decryption18cbc_decrypt_recordEPhm: 296| 102|void TLS_CBC_HMAC_AEAD_Decryption::cbc_decrypt_record(uint8_t record_contents[], size_t record_len) { 297| 102| if(record_len == 0 || record_len % block_size() != 0) { ------------------ | Branch (297:7): [True: 0, False: 102] | Branch (297:26): [True: 0, False: 102] ------------------ 298| 0| throw Decoding_Error("Received TLS CBC ciphertext with invalid length"); 299| 0| } 300| | 301| 102| cbc().start(cbc_state()); 302| 102| cbc_state().assign(record_contents + record_len - block_size(), record_contents + record_len); 303| | 304| 102| cbc().process(record_contents, record_len); 305| 102|} _ZNK5Botan3TLS28TLS_CBC_HMAC_AEAD_Decryption13output_lengthEm: 307| 116|size_t TLS_CBC_HMAC_AEAD_Decryption::output_length(size_t /*input_length*/) const { 308| | /* 309| | * We don't know this because the padding is arbitrary 310| | */ 311| 116| return 0; 312| 116|} _ZN5Botan3TLS28TLS_CBC_HMAC_AEAD_Decryption31perform_additional_compressionsEmm: 356| 102|void TLS_CBC_HMAC_AEAD_Decryption::perform_additional_compressions(size_t plen, size_t padlen) { 357| 102| const bool is_sha384 = mac().name() == "HMAC(SHA-384)"; 358| 102| const uint16_t block_size = is_sha384 ? 128 : 64; ------------------ | Branch (358:32): [True: 18, False: 84] ------------------ 359| 102| const uint16_t max_bytes_in_first_block = is_sha384 ? 111 : 55; ------------------ | Branch (359:46): [True: 18, False: 84] ------------------ 360| | 361| | // number of maximum MACed bytes 362| 102| const uint16_t L1 = static_cast(13 + plen - tag_size()); 363| | // number of current MACed bytes (L1 - padlen) 364| | // Here the Lucky 13 paper is different because the padlen length in the paper 365| | // does not count the last message byte. 366| 102| const uint16_t L2 = static_cast(13 + plen - padlen - tag_size()); 367| | // From the paper, for SHA-256/SHA-1 compute: ceil((L1-55)/64) and ceil((L2-55)/64) 368| | // ceil((L1-55)/64) = floor((L1+64-1-55)/64) 369| | // Here we compute number of compressions for SHA-* in general 370| 102| const uint16_t max_compresssions = ((L1 + block_size - 1 - max_bytes_in_first_block) / block_size); 371| 102| const uint16_t current_compressions = ((L2 + block_size - 1 - max_bytes_in_first_block) / block_size); 372| | // number of additional compressions we have to perform 373| 102| const uint16_t add_compressions = max_compresssions - current_compressions; 374| 102| const uint16_t equal = CT::Mask::is_equal(max_compresssions, current_compressions).if_set_return(1); 375| | // We compute the data length we need to achieve the number of compressions. 376| | // If there are no compressions, we just add 55/111 dummy bytes so that no 377| | // compression is performed. 378| 102| const uint16_t data_len = block_size * add_compressions + equal * max_bytes_in_first_block; 379| 102| std::vector data(data_len); 380| 102| mac().update(data); 381| | // we do not need to clear the MAC since the connection is broken anyway 382| 102|} _ZN5Botan3TLS28TLS_CBC_HMAC_AEAD_Decryption10finish_msgERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 384| 116|void TLS_CBC_HMAC_AEAD_Decryption::finish_msg(secure_vector& buffer, size_t offset) { 385| 116| update(buffer, offset); 386| 116| buffer.resize(offset); 387| | 388| 116| const size_t record_len = msg().size(); 389| 116| uint8_t* record_contents = msg().data(); 390| | 391| | // This early exit does not leak info because all the values compared are public 392| 116| if(record_len < tag_size() || (record_len - (use_encrypt_then_mac() ? tag_size() : 0)) % block_size() != 0) { ------------------ | Branch (392:7): [True: 0, False: 116] | Branch (392:34): [True: 12, False: 104] | Branch (392:49): [True: 2, False: 114] ------------------ 393| 12| throw TLS_Exception(Alert::BadRecordMac, "Message authentication failure"); 394| 12| } 395| | 396| 104| if(use_encrypt_then_mac()) { ------------------ | Branch (396:7): [True: 2, False: 102] ------------------ 397| 2| const size_t enc_size = record_len - tag_size(); 398| 2| const size_t enc_iv_size = enc_size + iv_size(); 399| | 400| 2| BOTAN_ASSERT_NOMSG(enc_iv_size <= 0xFFFF); ------------------ | | 77| 2| do { \ | | 78| 2| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 2| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 2] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 2| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 2] | | ------------------ ------------------ 401| | 402| 2| mac().update(assoc_data_with_len(static_cast(enc_iv_size))); 403| 2| if(iv_size() > 0) { ------------------ | Branch (403:10): [True: 2, False: 0] ------------------ 404| 2| mac().update(cbc_state()); 405| 2| } 406| 2| mac().update(record_contents, enc_size); 407| | 408| 2| std::vector mac_buf(tag_size()); 409| 2| mac().final(mac_buf.data()); 410| | 411| 2| const size_t mac_offset = enc_size; 412| | 413| 2| const auto mac_ok = CT::is_equal(&record_contents[mac_offset], mac_buf.data(), tag_size()); 414| | 415| 2| if(!mac_ok.as_bool()) { ------------------ | Branch (415:10): [True: 2, False: 0] ------------------ 416| 2| throw TLS_Exception(Alert::BadRecordMac, "Message authentication failure"); 417| 2| } 418| | 419| 0| cbc_decrypt_record(record_contents, enc_size); 420| | 421| | // 0 if padding was invalid, otherwise 1 + padding_bytes 422| 0| const uint16_t pad_size = check_tls_cbc_padding(record_contents, enc_size); 423| | 424| | // No oracle here, whoever sent us this had the key since MAC check passed 425| 0| if(pad_size == 0) { ------------------ | Branch (425:10): [True: 0, False: 0] ------------------ 426| 0| throw TLS_Exception(Alert::BadRecordMac, "Message authentication failure"); 427| 0| } 428| | 429| 0| const uint8_t* plaintext_block = &record_contents[0]; 430| 0| const size_t plaintext_length = enc_size - pad_size; 431| | 432| 0| buffer.insert(buffer.end(), plaintext_block, plaintext_block + plaintext_length); 433| 102| } else { 434| 102| cbc_decrypt_record(record_contents, record_len); 435| | 436| 102| CT::poison(record_contents, record_len); 437| | 438| | // 0 if padding was invalid, otherwise 1 + padding_bytes 439| 102| uint16_t pad_size = check_tls_cbc_padding(record_contents, record_len); 440| | 441| | /* 442| | This mask is zero if there is not enough room in the packet to get a valid MAC. 443| | 444| | We have to accept empty packets, since otherwise we are not compatible 445| | with how OpenSSL's countermeasure for fixing BEAST in TLS 1.0 CBC works 446| | (sending empty records, instead of 1/(n-1) splitting) 447| | */ 448| | 449| | // We know the cast cannot overflow as pad_size <= 256 && tag_size <= 32 450| 102| const auto size_ok_mask = 451| 102| CT::Mask::is_lte(static_cast(tag_size() + pad_size), static_cast(record_len)); 452| | 453| 102| pad_size = size_ok_mask.if_set_return(pad_size); 454| | 455| 102| CT::unpoison(record_contents, record_len); 456| | 457| | /* 458| | This is unpoisoned sooner than it should. The pad_size leaks to plaintext_length and 459| | then to the timing channel in the MAC computation described in the Lucky 13 paper. 460| | */ 461| 102| CT::unpoison(pad_size); 462| | 463| 102| const uint8_t* plaintext_block = &record_contents[0]; 464| 102| const uint16_t plaintext_length = static_cast(record_len - tag_size() - pad_size); 465| | 466| 102| mac().update(assoc_data_with_len(plaintext_length)); 467| 102| mac().update(plaintext_block, plaintext_length); 468| | 469| 102| std::vector mac_buf(tag_size()); 470| 102| mac().final(mac_buf.data()); 471| | 472| 102| const size_t mac_offset = record_len - (tag_size() + pad_size); 473| | 474| 102| const auto mac_ok = CT::is_equal(&record_contents[mac_offset], mac_buf.data(), tag_size()); 475| | 476| 102| const auto ok_mask = size_ok_mask & CT::Mask::expand(mac_ok) & CT::Mask::expand(pad_size); 477| | 478| 102| CT::unpoison(ok_mask); 479| | 480| 102| if(ok_mask.as_bool()) { ------------------ | Branch (480:10): [True: 0, False: 102] ------------------ 481| 0| buffer.insert(buffer.end(), plaintext_block, plaintext_block + plaintext_length); 482| 102| } else { 483| 102| perform_additional_compressions(record_len, pad_size); 484| | 485| | /* 486| | * In DTLS case we have to finish computing the MAC since we require the 487| | * MAC state be reset for future packets. This extra timing channel may 488| | * be exploitable in a Lucky13 variant. 489| | */ 490| 102| if(is_datagram_protocol()) { ------------------ | Branch (490:13): [True: 0, False: 102] ------------------ 491| 0| mac().final(mac_buf); 492| 0| } 493| 102| throw TLS_Exception(Alert::BadRecordMac, "Message authentication failure"); 494| 102| } 495| 102| } 496| 104|} _ZN5Botan3TLS15Channel_Impl_12C2ERKNSt3__110shared_ptrINS0_9CallbacksEEERKNS3_INS0_15Session_ManagerEEERKNS3_INS_21RandomNumberGeneratorEEERKNS3_IKNS0_6PolicyEEEbbm: 34| 4.44k| m_is_server(is_server), 35| 4.44k| m_is_datagram(is_datagram), 36| 4.44k| m_callbacks(callbacks), 37| 4.44k| m_session_manager(session_manager), 38| 4.44k| m_policy(policy), 39| 4.44k| m_rng(rng), 40| 4.44k| m_has_been_closed(false) { 41| 4.44k| BOTAN_ASSERT_NONNULL(m_callbacks); ------------------ | | 116| 4.44k| do { \ | | 117| 4.44k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 4.44k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 4.44k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 4.44k] | | ------------------ ------------------ 42| 4.44k| BOTAN_ASSERT_NONNULL(m_session_manager); ------------------ | | 116| 4.44k| do { \ | | 117| 4.44k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 4.44k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 4.44k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 4.44k] | | ------------------ ------------------ 43| 4.44k| BOTAN_ASSERT_NONNULL(m_rng); ------------------ | | 116| 4.44k| do { \ | | 117| 4.44k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 4.44k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 4.44k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 4.44k] | | ------------------ ------------------ 44| 4.44k| BOTAN_ASSERT_NONNULL(m_policy); ------------------ | | 116| 4.44k| do { \ | | 117| 4.44k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 4.44k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 4.44k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 4.44k] | | ------------------ ------------------ 45| | 46| | /* epoch 0 is plaintext, thus null cipher state */ 47| 4.44k| m_write_cipher_states[0] = nullptr; 48| 4.44k| m_read_cipher_states[0] = nullptr; 49| | 50| 4.44k| m_writebuf.reserve(reserved_io_buffer_size); 51| 4.44k| m_readbuf.reserve(reserved_io_buffer_size); 52| 4.44k|} _ZN5Botan3TLS15Channel_Impl_1211reset_stateEv: 54| 2.86k|void Channel_Impl_12::reset_state() { 55| 2.86k| m_active_state.reset(); 56| 2.86k| m_pending_state.reset(); 57| 2.86k| m_readbuf.clear(); 58| 2.86k| m_write_cipher_states.clear(); 59| 2.86k| m_read_cipher_states.clear(); 60| 2.86k|} _ZN5Botan3TLS15Channel_Impl_12D2Ev: 77| 4.44k|Channel_Impl_12::~Channel_Impl_12() = default; _ZNK5Botan3TLS15Channel_Impl_1216sequence_numbersEv: 79| 43.1k|Connection_Sequence_Numbers& Channel_Impl_12::sequence_numbers() const { 80| 43.1k| BOTAN_ASSERT(m_sequence_numbers, "Have a sequence numbers object"); ------------------ | | 64| 43.1k| do { \ | | 65| 43.1k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 43.1k| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 43.1k] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 43.1k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 43.1k] | | ------------------ ------------------ 81| 43.1k| return *m_sequence_numbers; 82| 43.1k|} _ZNK5Botan3TLS15Channel_Impl_1223read_cipher_state_epochEt: 84| 282|std::shared_ptr Channel_Impl_12::read_cipher_state_epoch(uint16_t epoch) const { 85| 282| auto i = m_read_cipher_states.find(epoch); 86| 282| if(i == m_read_cipher_states.end()) { ------------------ | Branch (86:7): [True: 58, False: 224] ------------------ 87| 58| throw Internal_Error("TLS::Channel_Impl_12 No read cipherstate for epoch " + std::to_string(epoch)); 88| 58| } 89| 224| return i->second; 90| 282|} _ZNK5Botan3TLS15Channel_Impl_1224write_cipher_state_epochEt: 92| 20.8k|std::shared_ptr Channel_Impl_12::write_cipher_state_epoch(uint16_t epoch) const { 93| 20.8k| auto i = m_write_cipher_states.find(epoch); 94| 20.8k| if(i == m_write_cipher_states.end()) { ------------------ | Branch (94:7): [True: 0, False: 20.8k] ------------------ 95| 0| throw Internal_Error("TLS::Channel_Impl_12 No write cipherstate for epoch " + std::to_string(epoch)); 96| 0| } 97| 20.8k| return i->second; 98| 20.8k|} _ZNK5Botan3TLS15Channel_Impl_1221external_psk_identityEv: 107| 104|std::optional Channel_Impl_12::external_psk_identity() const { 108| 104| if(m_active_state.has_value()) { ------------------ | Branch (108:7): [True: 0, False: 104] ------------------ 109| 0| return m_active_state->psk_identity(); 110| 0| } 111| 104| if(const auto* state = pending_state()) { ------------------ | Branch (111:19): [True: 104, False: 0] ------------------ 112| 104| return state->psk_identity(); 113| 104| } 114| 0| return std::nullopt; 115| 104|} _ZN5Botan3TLS15Channel_Impl_1222create_handshake_stateENS0_16Protocol_VersionE: 117| 4.24k|Handshake_State& Channel_Impl_12::create_handshake_state(Protocol_Version version) { 118| 4.24k| if(pending_state() != nullptr) { ------------------ | Branch (118:7): [True: 0, False: 4.24k] ------------------ 119| 0| throw Internal_Error("create_handshake_state called during handshake"); 120| 0| } 121| | 122| 4.24k| if(m_active_state.has_value()) { ------------------ | Branch (122:7): [True: 0, False: 4.24k] ------------------ 123| 0| const Protocol_Version active_version = m_active_state->version(); 124| | 125| 0| if(active_version.is_datagram_protocol() != version.is_datagram_protocol()) { ------------------ | Branch (125:10): [True: 0, False: 0] ------------------ 126| 0| throw TLS_Exception(Alert::ProtocolVersion, 127| 0| "Active state using version " + active_version.to_string() + " cannot change to " + 128| 0| version.to_string() + " in pending"); 129| 0| } 130| 0| } 131| | 132| 4.24k| if(!m_sequence_numbers) { ------------------ | Branch (132:7): [True: 4.24k, False: 0] ------------------ 133| 4.24k| if(version.is_datagram_protocol()) { ------------------ | Branch (133:10): [True: 569, False: 3.67k] ------------------ 134| 569| m_sequence_numbers = std::make_unique(); 135| 3.67k| } else { 136| 3.67k| m_sequence_numbers = std::make_unique(); 137| 3.67k| } 138| 4.24k| } 139| | 140| 4.24k| using namespace std::placeholders; 141| | 142| 4.24k| std::unique_ptr io; 143| 4.24k| if(version.is_datagram_protocol()) { ------------------ | Branch (143:7): [True: 569, False: 3.67k] ------------------ 144| 569| const uint16_t mtu = static_cast(policy().dtls_default_mtu()); 145| 569| const size_t initial_timeout_ms = policy().dtls_initial_timeout(); 146| 569| const size_t max_timeout_ms = policy().dtls_maximum_timeout(); 147| | 148| 569| auto send_record_f = [this](uint16_t epoch, Record_Type record_type, const std::vector& record) { 149| 569| send_record_under_epoch(epoch, record_type, record); 150| 569| }; 151| 569| io = std::make_unique(send_record_f, 152| 569| sequence_numbers(), 153| 569| mtu, 154| 569| initial_timeout_ms, 155| 569| max_timeout_ms, 156| 569| policy().maximum_handshake_message_size()); 157| 3.67k| } else { 158| 3.67k| auto send_record_f = [this](Record_Type rec_type, const std::vector& record) { 159| 3.67k| send_record(rec_type, record); 160| 3.67k| }; 161| 3.67k| io = std::make_unique(send_record_f); 162| 3.67k| } 163| | 164| 4.24k| m_pending_state = new_handshake_state(std::move(io)); 165| | 166| 4.24k| if(m_active_state.has_value()) { ------------------ | Branch (166:7): [True: 0, False: 4.24k] ------------------ 167| 0| m_pending_state->set_version(m_active_state->version()); 168| 0| } 169| | 170| 4.24k| return *m_pending_state; 171| 4.24k|} _ZN5Botan3TLS15Channel_Impl_1225change_cipher_spec_readerENS0_15Connection_SideE: 202| 303|void Channel_Impl_12::change_cipher_spec_reader(Connection_Side side) { 203| 303| const auto* pending = pending_state(); 204| | 205| 303| BOTAN_ASSERT(pending && pending->server_hello(), "Have received server hello"); ------------------ | | 64| 303| do { \ | | 65| 303| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 606| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 303, False: 0] | | | Branch (66:12): [True: 303, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 303| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 303] | | ------------------ ------------------ 206| | 207| 303| if(pending->server_hello()->compression_method() != 0) { ------------------ | Branch (207:7): [True: 0, False: 303] ------------------ 208| 0| throw Internal_Error("Negotiated unknown compression algorithm"); 209| 0| } 210| | 211| 303| sequence_numbers().new_read_cipher_state(); 212| | 213| 303| const uint16_t epoch = sequence_numbers().current_read_epoch(); 214| | 215| 303| BOTAN_ASSERT(!m_read_cipher_states.contains(epoch), "No read cipher state currently set for next epoch"); ------------------ | | 64| 303| do { \ | | 65| 303| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 303| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 303] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 303| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 303] | | ------------------ ------------------ 216| | 217| | // flip side as we are reading 218| 303| auto read_state = std::make_shared( 219| 303| pending->version(), 220| 303| (side == Connection_Side::Client) ? Connection_Side::Server : Connection_Side::Client, ------------------ | Branch (220:7): [True: 0, False: 303] ------------------ 221| 303| false, 222| 303| pending->ciphersuite(), 223| 303| pending->session_keys(), 224| 303| pending->server_hello()->supports_encrypt_then_mac()); 225| | 226| 303| m_read_cipher_states[epoch] = read_state; 227| 303|} _ZN5Botan3TLS15Channel_Impl_1225change_cipher_spec_writerENS0_15Connection_SideE: 229| 104|void Channel_Impl_12::change_cipher_spec_writer(Connection_Side side) { 230| 104| const auto* pending = pending_state(); 231| | 232| 104| BOTAN_ASSERT(pending && pending->server_hello(), "Have received server hello"); ------------------ | | 64| 104| do { \ | | 65| 104| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 208| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 104, False: 0] | | | Branch (66:12): [True: 104, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 104| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 104] | | ------------------ ------------------ 233| | 234| 104| if(pending->server_hello()->compression_method() != 0) { ------------------ | Branch (234:7): [True: 0, False: 104] ------------------ 235| 0| throw Internal_Error("Negotiated unknown compression algorithm"); 236| 0| } 237| | 238| 104| sequence_numbers().new_write_cipher_state(); 239| | 240| 104| const uint16_t epoch = sequence_numbers().current_write_epoch(); 241| | 242| 104| BOTAN_ASSERT(!m_write_cipher_states.contains(epoch), "No write cipher state currently set for next epoch"); ------------------ | | 64| 104| do { \ | | 65| 104| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 104| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 104] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 104| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 104] | | ------------------ ------------------ 243| | 244| 104| auto write_state = std::make_shared(pending->version(), 245| 104| side, 246| 104| true, 247| 104| pending->ciphersuite(), 248| 104| pending->session_keys(), 249| 104| pending->server_hello()->supports_encrypt_then_mac()); 250| | 251| 104| m_write_cipher_states[epoch] = write_state; 252| 104|} _ZNK5Botan3TLS15Channel_Impl_129is_closedEv: 262| 3.52k|bool Channel_Impl_12::is_closed() const { 263| 3.52k| return m_has_been_closed; 264| 3.52k|} _ZN5Botan3TLS15Channel_Impl_1216activate_sessionEv: 266| 104|void Channel_Impl_12::activate_session() { 267| 104| BOTAN_ASSERT_NONNULL(m_pending_state); ------------------ | | 116| 104| do { \ | | 117| 104| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 104] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 104| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 104] | | ------------------ ------------------ 268| | 269| 104| const auto& state = *m_pending_state; 270| | 271| 104| if(!state.version().is_datagram_protocol()) { ------------------ | Branch (271:7): [True: 104, False: 0] ------------------ 272| | // TLS is easy just remove all but the current state 273| 104| const uint16_t current_epoch = sequence_numbers().current_write_epoch(); 274| | 275| 104| const auto not_current_epoch = [current_epoch](uint16_t epoch) { return (epoch != current_epoch); }; 276| | 277| 104| map_remove_if(not_current_epoch, m_write_cipher_states); 278| 104| map_remove_if(not_current_epoch, m_read_cipher_states); 279| 104| } 280| | 281| | // For DTLS, keep the handshake IO for last-flight retransmission. 282| 104| if(m_is_datagram) { ------------------ | Branch (282:7): [True: 0, False: 104] ------------------ 283| 0| m_active_state = Active_Connection_State_12(state, application_protocol(), m_pending_state->take_handshake_io()); 284| 104| } else { 285| 104| m_active_state = Active_Connection_State_12(state, application_protocol()); 286| 104| } 287| | 288| 104| m_pending_state.reset(); 289| | 290| 104| callbacks().tls_session_activated(); 291| 104|} _ZN5Botan3TLS15Channel_Impl_129from_peerENSt3__14spanIKhLm18446744073709551615EEE: 293| 4.44k|size_t Channel_Impl_12::from_peer(std::span data) { 294| 4.44k| const bool allow_epoch0_restart = m_is_datagram && m_is_server && policy().allow_dtls_epoch0_restart(); ------------------ | Branch (294:38): [True: 765, False: 3.67k] | Branch (294:55): [True: 765, False: 0] | Branch (294:70): [True: 0, False: 765] ------------------ 295| | 296| 4.44k| const auto* input = data.data(); 297| 4.44k| auto input_size = data.size(); 298| | 299| 4.44k| try { 300| 25.5k| while(input_size > 0) { ------------------ | Branch (300:13): [True: 22.0k, False: 3.49k] ------------------ 301| 22.0k| size_t consumed = 0; 302| | 303| 22.0k| auto get_epoch = [this](uint16_t epoch) { return read_cipher_state_epoch(epoch); }; 304| | 305| 22.0k| const Record_Header record = read_record(m_is_datagram, 306| 22.0k| m_readbuf, 307| 22.0k| input, 308| 22.0k| input_size, 309| 22.0k| consumed, 310| 22.0k| m_record_buf, 311| 22.0k| m_sequence_numbers.get(), 312| 22.0k| get_epoch, 313| 22.0k| allow_epoch0_restart); 314| | 315| 22.0k| const size_t needed = record.needed(); 316| | 317| 22.0k| BOTAN_ASSERT(consumed > 0, "Got to eat something"); ------------------ | | 64| 22.0k| do { \ | | 65| 22.0k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 22.0k| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 22.0k] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 22.0k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 22.0k] | | ------------------ ------------------ 318| | 319| 22.0k| BOTAN_ASSERT(consumed <= input_size, "Record reader consumed sane amount"); ------------------ | | 64| 22.0k| do { \ | | 65| 22.0k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 22.0k| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 22.0k] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 22.0k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 22.0k] | | ------------------ ------------------ 320| | 321| 22.0k| input += consumed; 322| 22.0k| input_size -= consumed; 323| | 324| 22.0k| BOTAN_ASSERT(input_size == 0 || needed == 0, "Got a full record or consumed all input"); ------------------ | | 64| 22.0k| do { \ | | 65| 22.0k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 40.8k| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 3.21k, False: 18.8k] | | | Branch (66:12): [True: 18.8k, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 22.0k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 22.0k] | | ------------------ ------------------ 325| | 326| 22.0k| if(input_size == 0 && needed != 0) { ------------------ | Branch (326:13): [True: 2.34k, False: 19.6k] | Branch (326:32): [True: 596, False: 1.74k] ------------------ 327| 596| return needed; // need more data to complete record 328| 596| } 329| | 330| | // Ignore invalid records in DTLS 331| 21.4k| if(m_is_datagram && record.type() == Record_Type::Invalid) { ------------------ | Branch (331:13): [True: 2.81k, False: 18.6k] | Branch (331:30): [True: 270, False: 2.54k] ------------------ 332| 270| return 0; 333| 270| } 334| | 335| 21.1k| if(m_record_buf.size() > MAX_PLAINTEXT_SIZE) { ------------------ | Branch (335:13): [True: 0, False: 21.1k] ------------------ 336| 0| throw TLS_Exception(Alert::RecordOverflow, "TLS plaintext record is larger than allowed maximum"); 337| 0| } 338| | 339| 21.1k| const bool epoch0_restart = m_is_datagram && record.epoch() == 0 && m_active_state.has_value(); ------------------ | Branch (339:38): [True: 2.54k, False: 18.6k] | Branch (339:55): [True: 2.54k, False: 0] | Branch (339:78): [True: 0, False: 2.54k] ------------------ 340| 21.1k| BOTAN_ASSERT_IMPLICATION(epoch0_restart, allow_epoch0_restart, "Allowed state"); ------------------ | | 103| 21.1k| do { \ | | 104| 21.1k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 105| 21.1k| if((expr1) && !(expr2)) { \ | | ------------------ | | | Branch (105:10): [True: 0, False: 21.1k] | | | Branch (105:21): [True: 0, False: 0] | | ------------------ | | 106| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 107| 0| Botan::assertion_failure(#expr1 " implies " #expr2, msg, __func__, __FILE__, __LINE__); \ | | 108| 0| } \ | | 109| 21.1k| } while(0) | | ------------------ | | | Branch (109:12): [Folded, False: 21.1k] | | ------------------ ------------------ 341| | 342| 21.1k| const bool initial_record = epoch0_restart || (pending_state() == nullptr && !m_active_state.has_value()); ------------------ | Branch (342:38): [True: 868, False: 20.2k] | Branch (342:57): [True: 6.29k, False: 13.9k] | Branch (342:87): [True: 6.29k, False: 0] ------------------ 343| 21.1k| bool initial_handshake_message = false; 344| 21.1k| if(record.type() == Record_Type::Handshake && !m_record_buf.empty()) { ------------------ | Branch (344:13): [True: 17.9k, False: 3.17k] | Branch (344:56): [True: 17.5k, False: 430] ------------------ 345| 17.5k| const Handshake_Type type = static_cast(m_record_buf[0]); 346| 17.5k| initial_handshake_message = (type == Handshake_Type::ClientHello); 347| 17.5k| } 348| | 349| 21.1k| if(record.type() != Record_Type::Alert) { ------------------ | Branch (349:13): [True: 18.1k, False: 3.03k] ------------------ 350| 18.1k| if(initial_record) { ------------------ | Branch (350:16): [True: 4.29k, False: 13.8k] ------------------ 351| | // For initial records just check for basic sanity 352| 4.29k| if(record.version().major_version() != 3 && record.version().major_version() != 0xFE) { ------------------ | Branch (352:19): [True: 614, False: 3.67k] | Branch (352:19): [True: 16, False: 4.27k] | Branch (352:60): [True: 16, False: 598] ------------------ 353| 16| throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version in initial record"); 354| 16| } 355| 13.8k| } else if(const auto* pending = pending_state()) { ------------------ | Branch (355:35): [True: 13.8k, False: 0] ------------------ 356| 13.8k| if(pending->server_hello() != nullptr && !initial_handshake_message && ------------------ | Branch (356:19): [True: 2.83k, False: 10.9k] | Branch (356:19): [True: 11, False: 13.8k] | Branch (356:57): [True: 2.69k, False: 146] ------------------ 357| 2.69k| record.version() != pending->version()) { ------------------ | Branch (357:19): [True: 11, False: 2.68k] ------------------ 358| 11| throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version"); 359| 11| } 360| 13.8k| } else if(m_active_state.has_value()) { ------------------ | Branch (360:23): [True: 0, False: 0] ------------------ 361| 0| if(record.version() != m_active_state->version() && !initial_handshake_message) { ------------------ | Branch (361:19): [True: 0, False: 0] | Branch (361:19): [True: 0, False: 0] | Branch (361:68): [True: 0, False: 0] ------------------ 362| 0| throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version"); 363| 0| } 364| 0| } 365| 18.1k| } 366| | 367| 21.1k| if(record.type() == Record_Type::Handshake || record.type() == Record_Type::ChangeCipherSpec) { ------------------ | Branch (367:13): [True: 18.8k, False: 2.29k] | Branch (367:56): [True: 66, False: 2.23k] ------------------ 368| 18.0k| if(m_has_been_closed) { ------------------ | Branch (368:16): [True: 1, False: 18.0k] ------------------ 369| 1| throw TLS_Exception(Alert::UnexpectedMessage, "Received handshake data after connection closure"); 370| 1| } 371| 18.0k| process_handshake_ccs(m_record_buf, record.sequence(), record.type(), record.version(), epoch0_restart); 372| 18.0k| } else if(record.type() == Record_Type::ApplicationData) { ------------------ | Branch (372:20): [True: 11, False: 3.08k] ------------------ 373| 11| if(m_has_been_closed) { ------------------ | Branch (373:16): [True: 1, False: 10] ------------------ 374| 1| throw TLS_Exception(Alert::UnexpectedMessage, "Received application data after connection closure"); 375| 1| } 376| 10| if(pending_state() != nullptr) { ------------------ | Branch (376:16): [True: 3, False: 7] ------------------ 377| 3| throw TLS_Exception(Alert::UnexpectedMessage, "Can't interleave application and handshake data"); 378| 3| } 379| 7| process_application_data(record.sequence(), m_record_buf); 380| 3.08k| } else if(record.type() == Record_Type::Alert) { ------------------ | Branch (380:20): [True: 2.16k, False: 921] ------------------ 381| 2.16k| process_alert(m_record_buf); 382| 2.16k| } else if(record.type() != Record_Type::Invalid) { ------------------ | Branch (382:20): [True: 53, False: 868] ------------------ 383| 53| throw Unexpected_Message("Unexpected record type " + std::to_string(static_cast(record.type())) + 384| 53| " from counterparty"); 385| 53| } 386| 21.1k| } 387| | 388| 3.49k| return 0; // on a record boundary 389| 4.44k| } catch(TLS_Exception& e) { 390| 2.13k| send_fatal_alert(e.type()); 391| 2.13k| throw; 392| 2.13k| } catch(Invalid_Authentication_Tag&) { 393| 104| send_fatal_alert(Alert::BadRecordMac); 394| 104| throw; 395| 630| } catch(Decoding_Error&) { 396| 630| send_fatal_alert(Alert::DecodeError); 397| 630| throw; 398| 630| } catch(...) { 399| 3| send_fatal_alert(Alert::InternalError); 400| 3| throw; 401| 3| } 402| 4.44k|} _ZN5Botan3TLS15Channel_Impl_1221process_handshake_ccsERKNSt3__16vectorIhNS_16secure_allocatorIhEEEEmNS0_11Record_TypeENS0_16Protocol_VersionEb: 408| 18.0k| bool epoch0_restart) { 409| 18.0k| if(!m_pending_state) { ------------------ | Branch (409:7): [True: 4.24k, False: 13.7k] ------------------ 410| | // No pending handshake, possibly new: 411| 4.24k| if(record_version.is_datagram_protocol() && !epoch0_restart) { ------------------ | Branch (411:10): [True: 569, False: 3.67k] | Branch (411:51): [True: 569, False: 0] ------------------ 412| 569| if(m_sequence_numbers) { ------------------ | Branch (412:13): [True: 0, False: 569] ------------------ 413| | /* 414| | * Might be a peer retransmit under epoch - 1 in which 415| | * case we must retransmit last flight 416| | */ 417| 0| sequence_numbers().read_accept(record_sequence); 418| | 419| 0| const uint16_t epoch = record_sequence >> 48; 420| | 421| 0| const uint16_t current_epoch = sequence_numbers().current_read_epoch(); 422| 0| if(epoch == current_epoch) { ------------------ | Branch (422:16): [True: 0, False: 0] ------------------ 423| 0| create_handshake_state(record_version); 424| 0| } else if(current_epoch > 0 && epoch == current_epoch - 1) { ------------------ | Branch (424:23): [True: 0, False: 0] | Branch (424:44): [True: 0, False: 0] ------------------ 425| 0| BOTAN_ASSERT(m_active_state.has_value() && m_active_state->dtls_handshake_io(), ------------------ | | 64| 0| do { \ | | 65| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 0| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 0, False: 0] | | | Branch (66:12): [True: 0, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 0| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 0] | | ------------------ ------------------ 426| 0| "Have DTLS handshake IO for retransmission"); 427| 0| m_active_state->dtls_handshake_io()->add_record( 428| 0| record.data(), record.size(), record_type, record_sequence); 429| 0| } 430| 569| } else { 431| 569| create_handshake_state(record_version); 432| 569| } 433| 3.67k| } else { 434| 3.67k| create_handshake_state(record_version); 435| 3.67k| } 436| 4.24k| } 437| | 438| | // May have been created in above conditional 439| 18.0k| if(m_pending_state) { ------------------ | Branch (439:7): [True: 18.0k, False: 0] ------------------ 440| 18.0k| m_pending_state->handshake_io().add_record(record.data(), record.size(), record_type, record_sequence); 441| | 442| 33.4k| while(auto* pending = m_pending_state.get()) { ------------------ | Branch (442:19): [True: 31.5k, False: 1.88k] ------------------ 443| 31.5k| auto msg = pending->get_next_handshake_msg(policy().maximum_handshake_message_size()); 444| | 445| 31.5k| if(msg.first == Handshake_Type::None) { // no full handshake yet ------------------ | Branch (445:13): [True: 16.0k, False: 15.4k] ------------------ 446| 16.0k| break; 447| 16.0k| } 448| | 449| 15.4k| process_handshake_msg(*pending, msg.first, msg.second, epoch0_restart); 450| | 451| 15.4k| if(!m_pending_state) { ------------------ | Branch (451:13): [True: 104, False: 15.3k] ------------------ 452| 104| break; 453| 104| } 454| 15.4k| } 455| 18.0k| } 456| 18.0k|} _ZN5Botan3TLS15Channel_Impl_1224process_application_dataEmRKNSt3__16vectorIhNS_16secure_allocatorIhEEEE: 458| 7|void Channel_Impl_12::process_application_data(uint64_t seq_no, const secure_vector& record) { 459| 7| if(!m_active_state.has_value()) { ------------------ | Branch (459:7): [True: 7, False: 0] ------------------ 460| 7| throw Unexpected_Message("Application data before handshake done"); 461| 7| } 462| | 463| | // ApplicationData must arrive under a non-zero read epoch 464| 0| const uint16_t read_epoch = 465| 0| m_is_datagram ? static_cast(seq_no >> 48) : sequence_numbers().current_read_epoch(); ------------------ | Branch (465:7): [True: 0, False: 0] ------------------ 466| 0| if(read_epoch == 0) { ------------------ | Branch (466:7): [True: 0, False: 0] ------------------ 467| 0| throw Unexpected_Message("Application data received in unexpected read epoch"); 468| 0| } 469| | 470| 0| callbacks().tls_record_received(seq_no, record); 471| 0|} _ZN5Botan3TLS15Channel_Impl_1213process_alertERKNSt3__16vectorIhNS_16secure_allocatorIhEEEE: 473| 2.16k|void Channel_Impl_12::process_alert(const secure_vector& record) { 474| 2.16k| const Alert alert_msg(record); 475| | 476| | // RFC 5246 7.2.2: 477| | // no_renegotiation 478| | // Sent by the client in response to a hello request or by the 479| | // server in response to a client hello after initial handshaking. 480| 2.16k| if(alert_msg.type() == Alert::NoRenegotiation && m_active_state.has_value()) { ------------------ | Branch (480:7): [True: 208, False: 1.95k] | Branch (480:53): [True: 0, False: 208] ------------------ 481| 0| m_pending_state.reset(); 482| 0| } 483| | 484| 2.16k| callbacks().tls_alert(alert_msg); 485| | 486| | // If the alert is fatal on an active session, prevent later resumptions 487| 2.16k| if(alert_msg.is_fatal() && m_active_state.has_value()) { ------------------ | Branch (487:7): [True: 1.57k, False: 597] | Branch (487:31): [True: 0, False: 1.57k] ------------------ 488| 0| const auto& sid = m_active_state->session_id(); 489| 0| if(!sid.empty()) { ------------------ | Branch (489:10): [True: 0, False: 0] ------------------ 490| 0| session_manager().remove(Session_Handle(sid)); 491| 0| } 492| 0| } 493| | 494| 2.16k| if(alert_msg.type() == Alert::CloseNotify) { ------------------ | Branch (494:7): [True: 651, False: 1.51k] ------------------ 495| | // TLS 1.2 requires us to immediately react with our "close_notify", 496| | // the return value of the application's callback has no effect on that. 497| 651| callbacks().tls_peer_closed_connection(); 498| 651| send_warning_alert(Alert::CloseNotify); // reply in kind 499| 651| } 500| | 501| 2.16k| if(alert_msg.type() == Alert::CloseNotify || alert_msg.is_fatal()) { ------------------ | Branch (501:7): [True: 677, False: 1.49k] | Branch (501:49): [True: 945, False: 545] ------------------ 502| 1.59k| m_has_been_closed = true; 503| 1.59k| } 504| 2.16k|} _ZN5Botan3TLS15Channel_Impl_1212write_recordEPNS0_23Connection_Cipher_StateEtNS0_11Record_TypeEPKhm: 510| 20.8k| size_t length) { 511| 20.8k| BOTAN_ASSERT(m_pending_state || m_active_state.has_value(), "Some connection state exists"); ------------------ | | 64| 20.8k| do { \ | | 65| 20.8k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 20.9k| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 20.7k, False: 85] | | | Branch (66:12): [True: 85, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 20.8k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 20.8k] | | ------------------ ------------------ 512| | 513| 20.8k| const Protocol_Version record_version = (m_pending_state) ? (m_pending_state->version()) : m_active_state->version(); ------------------ | Branch (513:44): [True: 20.7k, False: 85] ------------------ 514| | 515| 20.8k| const uint64_t next_seq = sequence_numbers().next_write_sequence(epoch); 516| | 517| 20.8k| if(cipher_state == nullptr) { ------------------ | Branch (517:7): [True: 20.6k, False: 189] ------------------ 518| 20.6k| TLS::write_unencrypted_record(m_writebuf, record_type, record_version, next_seq, input, length); 519| 20.6k| } else { 520| 189| TLS::write_record(m_writebuf, record_type, record_version, next_seq, input, length, *cipher_state, rng()); 521| 189| } 522| | 523| 20.8k| callbacks().tls_emit_data(m_writebuf); 524| 20.8k|} _ZN5Botan3TLS15Channel_Impl_1217send_record_arrayEtNS0_11Record_TypeEPKhm: 526| 20.8k|void Channel_Impl_12::send_record_array(uint16_t epoch, Record_Type type, const uint8_t input[], size_t length) { 527| 20.8k| if(length == 0) { ------------------ | Branch (527:7): [True: 0, False: 20.8k] ------------------ 528| 0| return; 529| 0| } 530| | 531| 20.8k| auto cipher_state = write_cipher_state_epoch(epoch); 532| | 533| 41.6k| while(length > 0) { ------------------ | Branch (533:10): [True: 20.8k, False: 20.8k] ------------------ 534| 20.8k| const size_t sending = std::min(length, MAX_PLAINTEXT_SIZE); 535| 20.8k| write_record(cipher_state.get(), epoch, type, input, sending); 536| | 537| 20.8k| input += sending; 538| 20.8k| length -= sending; 539| 20.8k| } 540| 20.8k|} _ZN5Botan3TLS15Channel_Impl_1211send_recordENS0_11Record_TypeERKNSt3__16vectorIhNS3_9allocatorIhEEEE: 542| 20.8k|void Channel_Impl_12::send_record(Record_Type record_type, const std::vector& record) { 543| 20.8k| send_record_array(sequence_numbers().current_write_epoch(), record_type, record.data(), record.size()); 544| 20.8k|} _ZN5Botan3TLS15Channel_Impl_1210send_alertERKNS0_5AlertE: 560| 3.52k|void Channel_Impl_12::send_alert(const Alert& alert) { 561| 3.52k| const bool ready_to_send_anything = !is_closed() && m_sequence_numbers; ------------------ | Branch (561:40): [True: 2.87k, False: 641] | Branch (561:56): [True: 2.80k, False: 74] ------------------ 562| 3.52k| if(alert.is_valid() && ready_to_send_anything) { ------------------ | Branch (562:7): [True: 3.52k, False: 0] | Branch (562:27): [True: 2.80k, False: 715] ------------------ 563| 2.80k| try { 564| 2.80k| send_record(Record_Type::Alert, alert.serialize()); 565| 2.80k| } catch(...) { /* swallow it */ 566| 0| } 567| 2.80k| } 568| | 569| 3.52k| if(alert.type() == Alert::NoRenegotiation && m_active_state.has_value()) { ------------------ | Branch (569:7): [True: 0, False: 3.52k] | Branch (569:49): [True: 0, False: 0] ------------------ 570| 0| m_pending_state.reset(); 571| 0| } 572| | 573| 3.52k| if(alert.is_fatal()) { ------------------ | Branch (573:7): [True: 2.86k, False: 651] ------------------ 574| 2.86k| if(m_active_state.has_value()) { ------------------ | Branch (574:10): [True: 85, False: 2.78k] ------------------ 575| 85| const auto& sid = m_active_state->session_id(); 576| 85| if(!sid.empty()) { ------------------ | Branch (576:13): [True: 85, False: 0] ------------------ 577| 85| session_manager().remove(Session_Handle(sid)); 578| 85| } 579| 85| } 580| 2.86k| reset_state(); 581| 2.86k| } 582| | 583| 3.52k| if(alert.type() == Alert::CloseNotify || alert.is_fatal()) { ------------------ | Branch (583:7): [True: 651, False: 2.86k] | Branch (583:45): [True: 2.86k, False: 0] ------------------ 584| 3.52k| m_has_been_closed = true; 585| 3.52k| } 586| 3.52k|} _ZN5Botan3TLS15Channel_Impl_1226secure_renegotiation_checkEPKNS0_15Client_Hello_12E: 588| 3.18k|void Channel_Impl_12::secure_renegotiation_check(const Client_Hello_12* client_hello) { 589| 3.18k| BOTAN_ASSERT_NONNULL(client_hello); ------------------ | | 116| 3.18k| do { \ | | 117| 3.18k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 3.18k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 3.18k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 3.18k] | | ------------------ ------------------ 590| 3.18k| const bool secure_renegotiation = client_hello->secure_renegotiation(); 591| | 592| 3.18k| if(m_active_state && m_active_state->client_supports_secure_renegotiation() != secure_renegotiation) { ------------------ | Branch (592:7): [True: 0, False: 3.18k] | Branch (592:25): [True: 0, False: 0] ------------------ 593| 0| throw TLS_Exception(Alert::HandshakeFailure, "Client changed its mind about secure renegotiation"); 594| 0| } 595| | 596| 3.18k| if(secure_renegotiation) { ------------------ | Branch (596:7): [True: 156, False: 3.02k] ------------------ 597| 156| const std::vector& data = client_hello->renegotiation_info(); 598| | 599| 156| const auto expected = secure_renegotiation_data_for_client_hello(); 600| 156| if(!CT::is_equal(data, expected).as_bool()) { ------------------ | Branch (600:10): [True: 2, False: 154] ------------------ 601| 2| throw TLS_Exception(Alert::HandshakeFailure, "Client sent bad values for secure renegotiation"); 602| 2| } 603| 156| } 604| 3.18k|} _ZN5Botan3TLS15Channel_Impl_1226secure_renegotiation_checkEPKNS0_15Server_Hello_12E: 606| 2.89k|void Channel_Impl_12::secure_renegotiation_check(const Server_Hello_12* server_hello) { 607| 2.89k| BOTAN_ASSERT_NONNULL(server_hello); ------------------ | | 116| 2.89k| do { \ | | 117| 2.89k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 2.89k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 2.89k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 2.89k] | | ------------------ ------------------ 608| 2.89k| const bool secure_renegotiation = server_hello->secure_renegotiation(); 609| | 610| 2.89k| if(m_active_state && m_active_state->server_supports_secure_renegotiation() != secure_renegotiation) { ------------------ | Branch (610:7): [True: 0, False: 2.89k] | Branch (610:25): [True: 0, False: 0] ------------------ 611| 0| throw TLS_Exception(Alert::HandshakeFailure, "Server changed its mind about secure renegotiation"); 612| 0| } 613| | 614| 2.89k| if(secure_renegotiation) { ------------------ | Branch (614:7): [True: 110, False: 2.78k] ------------------ 615| 110| const std::vector& data = server_hello->renegotiation_info(); 616| | 617| 110| const auto expected = secure_renegotiation_data_for_server_hello(); 618| 110| if(!CT::is_equal(data, expected).as_bool()) { ------------------ | Branch (618:10): [True: 0, False: 110] ------------------ 619| 0| throw TLS_Exception(Alert::HandshakeFailure, "Server sent bad values for secure renegotiation"); 620| 0| } 621| 110| } 622| 2.89k|} _ZNK5Botan3TLS15Channel_Impl_1242secure_renegotiation_data_for_client_helloEv: 624| 156|std::vector Channel_Impl_12::secure_renegotiation_data_for_client_hello() const { 625| 156| if(m_active_state.has_value()) { ------------------ | Branch (625:7): [True: 0, False: 156] ------------------ 626| 0| return m_active_state->client_finished_verify_data(); 627| 0| } 628| 156| return std::vector(); 629| 156|} _ZNK5Botan3TLS15Channel_Impl_1242secure_renegotiation_data_for_server_helloEv: 631| 3.00k|std::vector Channel_Impl_12::secure_renegotiation_data_for_server_hello() const { 632| 3.00k| if(m_active_state.has_value()) { ------------------ | Branch (632:7): [True: 0, False: 3.00k] ------------------ 633| 0| return concat(m_active_state->client_finished_verify_data(), m_active_state->server_finished_verify_data()); 634| 3.00k| } else { 635| 3.00k| return {}; 636| 3.00k| } 637| 3.00k|} tls_channel_impl_12.cpp:_ZZN5Botan3TLS15Channel_Impl_1222create_handshake_stateENS0_16Protocol_VersionEENK3$_1clENS0_11Record_TypeERKNSt3__16vectorIhNS5_9allocatorIhEEEE: 158| 18.0k| auto send_record_f = [this](Record_Type rec_type, const std::vector& record) { 159| 18.0k| send_record(rec_type, record); 160| 18.0k| }; tls_channel_impl_12.cpp:_ZZN5Botan3TLS15Channel_Impl_1216activate_sessionEvENK3$_0clEt: 275| 416| const auto not_current_epoch = [current_epoch](uint16_t epoch) { return (epoch != current_epoch); }; tls_channel_impl_12.cpp:_ZZN5Botan3TLS15Channel_Impl_129from_peerENSt3__14spanIKhLm18446744073709551615EEEENK3$_0clEt: 303| 282| auto get_epoch = [this](uint16_t epoch) { return read_cipher_state_epoch(epoch); }; _ZN5Botan3TLS26Active_Connection_State_12D2Ev: 15| 208|Active_Connection_State_12::~Active_Connection_State_12() = default; _ZN5Botan3TLS26Active_Connection_State_12C2EOS1_: 16| 104|Active_Connection_State_12::Active_Connection_State_12(Active_Connection_State_12&&) noexcept = default; _ZN5Botan3TLS26Active_Connection_State_12C2ERKNS0_15Handshake_StateENSt3__112basic_stringIcNS5_11char_traitsIcEENS5_9allocatorIcEEEE: 20| 104| m_version(state.version()), 21| 104| m_ciphersuite_code(state.server_hello()->ciphersuite()), 22| 104| m_application_protocol(std::move(application_protocol)), 23| 104| m_peer_certs(state.peer_cert_chain()), 24| 104| m_client_random(state.client_hello()->random()), 25| 104| m_psk_identity(state.psk_identity()), 26| 104| m_server_random(state.server_hello()->random()), 27| 104| m_session_id(state.server_hello()->session_id()), 28| 104| m_master_secret(state.session_keys().master_secret()), 29| 104| m_prf_algo(state.ciphersuite().prf_algo()), 30| 104| m_client_supports_secure_renegotiation(state.client_hello()->secure_renegotiation()), 31| 104| m_server_supports_secure_renegotiation(state.server_hello()->secure_renegotiation()), 32| 104| m_client_finished_verify_data(state.client_finished()->verify_data()), 33| 104| m_server_finished_verify_data(state.server_finished()->verify_data()), 34| 104| m_supports_extended_master_secret(state.server_hello()->supports_extended_master_secret()) {} _ZN5Botan3TLS23Renegotiation_ExtensionC2ERNS0_15TLS_Data_ReaderEt: 24| 201| m_reneg_data(reader.get_range(1, 0, 255)) { 25| 201| if(m_reneg_data.size() + 1 != extension_size) { ------------------ | Branch (25:7): [True: 8, False: 193] ------------------ 26| 8| throw Decoding_Error("Bad encoding for secure renegotiation extn"); 27| 8| } 28| 201|} _ZNK5Botan3TLS23Renegotiation_Extension9serializeENS0_15Connection_SideE: 30| 110|std::vector Renegotiation_Extension::serialize(Connection_Side /*whoami*/) const { 31| 110| std::vector buf; 32| 110| append_tls_length_value(buf, m_reneg_data, 1); 33| 110| return buf; 34| 110|} _ZNK5Botan3TLS23Supported_Point_Formats9serializeENS0_15Connection_SideE: 36| 40|std::vector Supported_Point_Formats::serialize(Connection_Side /*whoami*/) const { 37| | // if this extension is sent, it MUST include uncompressed (RFC 4492, section 5.1) 38| 40| if(m_prefers_compressed) { ------------------ | Branch (38:7): [True: 0, False: 40] ------------------ 39| 0| return std::vector{2, ANSIX962_COMPRESSED_PRIME, UNCOMPRESSED}; 40| 40| } else { 41| 40| return std::vector{1, UNCOMPRESSED}; 42| 40| } 43| 40|} _ZN5Botan3TLS23Supported_Point_FormatsC2ERNS0_15TLS_Data_ReaderEt: 45| 206|Supported_Point_Formats::Supported_Point_Formats(TLS_Data_Reader& reader, uint16_t extension_size) { 46| 206| const uint8_t len = reader.get_byte(); 47| | 48| 206| if(len + 1 != extension_size) { ------------------ | Branch (48:7): [True: 11, False: 195] ------------------ 49| 11| throw Decoding_Error("Inconsistent length field in supported point formats list"); 50| 11| } 51| | 52| 195| bool includes_uncompressed = false; 53| 817| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (53:22): [True: 811, False: 6] ------------------ 54| 811| const uint8_t format = reader.get_byte(); 55| | 56| 811| if(static_cast(format) == UNCOMPRESSED) { ------------------ | Branch (56:10): [True: 55, False: 756] ------------------ 57| 55| m_prefers_compressed = false; 58| 55| reader.discard_next(len - i - 1); 59| 55| return; 60| 756| } else if(static_cast(format) == ANSIX962_COMPRESSED_PRIME) { ------------------ | Branch (60:17): [True: 134, False: 622] ------------------ 61| 134| m_prefers_compressed = true; 62| 134| std::vector remaining_formats = reader.get_fixed(len - i - 1); 63| 134| includes_uncompressed = 64| 134| std::any_of(std::begin(remaining_formats), std::end(remaining_formats), [](uint8_t remaining_format) { 65| 134| return static_cast(remaining_format) == UNCOMPRESSED; 66| 134| }); 67| 134| break; 68| 134| } 69| | 70| | // ignore ANSIX962_COMPRESSED_CHAR2, we don't support these curves 71| 811| } 72| | 73| | // RFC 4492 5.1.: 74| | // If the Supported Point Formats Extension is indeed sent, it MUST contain the value 0 (uncompressed) 75| | // as one of the items in the list of point formats. 76| | // Note: 77| | // RFC 8422 5.1.2. explicitly requires this check, 78| | // but only if the Supported Groups extension was sent. 79| 140| if(!includes_uncompressed) { ------------------ | Branch (79:7): [True: 12, False: 128] ------------------ 80| 12| throw TLS_Exception(Alert::IllegalParameter, 81| 12| "Supported Point Formats Extension must contain the uncompressed point format"); 82| 12| } 83| 140|} _ZN5Botan3TLS24Session_Ticket_ExtensionC2ERNS0_15TLS_Data_ReaderEtNS0_15Connection_SideE: 87| 175| Connection_Side from) { 88| | // RFC 5077 3.2: in a ServerHello the SessionTicket extension is just a 89| | // flag indicating that a NewSessionTicket handshake message will follow; 90| | // its extension_data MUST be empty. A ticket body is only valid in a 91| | // ClientHello. 92| 175| if(from == Connection_Side::Server && extension_size != 0) { ------------------ | Branch (92:7): [True: 12, False: 163] | Branch (92:42): [True: 3, False: 9] ------------------ 93| 3| throw Decoding_Error("Server sent a non-empty SessionTicket extension"); 94| 3| } 95| 172| m_ticket = Session_Ticket(reader.get_elem>(extension_size)); 96| 172|} _ZN5Botan3TLS22Extended_Master_SecretC2ERNS0_15TLS_Data_ReaderEt: 98| 6.12k|Extended_Master_Secret::Extended_Master_Secret(TLS_Data_Reader& /*unused*/, uint16_t extension_size) { 99| 6.12k| if(extension_size != 0) { ------------------ | Branch (99:7): [True: 2, False: 6.12k] ------------------ 100| 2| throw Decoding_Error("Invalid extended_master_secret extension"); 101| 2| } 102| 6.12k|} _ZNK5Botan3TLS22Extended_Master_Secret9serializeENS0_15Connection_SideE: 104| 2.89k|std::vector Extended_Master_Secret::serialize(Connection_Side /*whoami*/) const { 105| 2.89k| return std::vector(); 106| 2.89k|} _ZN5Botan3TLS16Encrypt_then_MACC2ERNS0_15TLS_Data_ReaderEt: 108| 145|Encrypt_then_MAC::Encrypt_then_MAC(TLS_Data_Reader& /*unused*/, uint16_t extension_size) { 109| 145| if(extension_size != 0) { ------------------ | Branch (109:7): [True: 5, False: 140] ------------------ 110| 5| throw Decoding_Error("Invalid encrypt_then_mac extension"); 111| 5| } 112| 145|} _ZNK5Botan3TLS16Encrypt_then_MAC9serializeENS0_15Connection_SideE: 114| 55|std::vector Encrypt_then_MAC::serialize(Connection_Side /*whoami*/) const { 115| 55| return std::vector(); 116| 55|} tls_extensions_12.cpp:_ZZN5Botan3TLS23Supported_Point_FormatsC1ERNS0_15TLS_Data_ReaderEtENK3$_0clEh: 64| 625| std::any_of(std::begin(remaining_formats), std::end(remaining_formats), [](uint8_t remaining_format) { 65| 625| return static_cast(remaining_format) == UNCOMPRESSED; 66| 625| }); _ZNK5Botan3TLS14Handshake_Hash5finalENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 17| 1.55k|secure_vector Handshake_Hash::final(std::string_view mac_algo) const { 18| 1.55k| std::string hash_algo(mac_algo); 19| 1.55k| if(hash_algo == "SHA-1") { ------------------ | Branch (19:7): [True: 737, False: 822] ------------------ 20| 737| hash_algo = "SHA-256"; 21| 737| } 22| | 23| 1.55k| auto hash = HashFunction::create_or_throw(hash_algo); 24| 1.55k| hash->update(m_data); 25| 1.55k| return hash->final(); 26| 1.55k|} _ZNK5Botan3TLS19Stream_Handshake_IO22initial_record_versionEv: 52| 3.67k|Protocol_Version Stream_Handshake_IO::initial_record_version() const { 53| 3.67k| return Protocol_Version::TLS_V12; 54| 3.67k|} _ZN5Botan3TLS19Stream_Handshake_IO10add_recordEPKhmNS0_11Record_TypeEm: 59| 17.2k| uint64_t /*sequence_number*/) { 60| 17.2k| if(record_type == Record_Type::Handshake) { ------------------ | Branch (60:7): [True: 17.1k, False: 18] ------------------ 61| 17.1k| m_queue.insert(m_queue.end(), record, record + record_len); 62| 17.1k| } else if(record_type == Record_Type::ChangeCipherSpec) { ------------------ | Branch (62:14): [True: 18, False: 0] ------------------ 63| 18| if(record_len != 1 || record[0] != 1) { ------------------ | Branch (63:10): [True: 2, False: 16] | Branch (63:29): [True: 5, False: 11] ------------------ 64| 7| throw Decoding_Error("Invalid ChangeCipherSpec"); 65| 7| } 66| | 67| | // Pretend it's a regular handshake message of zero length 68| 11| const uint8_t ccs_hs[] = {static_cast(Handshake_Type::HandshakeCCS), 0, 0, 0}; 69| 11| m_queue.insert(m_queue.end(), ccs_hs, ccs_hs + sizeof(ccs_hs)); 70| 11| } else { 71| 0| throw Decoding_Error("Unknown message type " + std::to_string(static_cast(record_type)) + 72| 0| " in handshake processing"); 73| 0| } 74| 17.2k|} _ZN5Botan3TLS19Stream_Handshake_IO15get_next_recordEbm: 77| 30.8k| size_t max_message_size) { 78| 30.8k| if(m_queue.size() >= 4) { ------------------ | Branch (78:7): [True: 17.8k, False: 12.9k] ------------------ 79| 17.8k| const Handshake_Type type = static_cast(m_queue[0]); 80| | 81| 17.8k| const size_t rec_length = make_uint32(0, m_queue[1], m_queue[2], m_queue[3]); 82| | 83| | // If we are expecting a CCS but the next queued message is not a CCS, 84| | // the peer has skipped the CCS message. This can happen when the peer 85| | // sends an encrypted Finished without the preceding CCS, in which case 86| | // the encrypted bytes are misinterpreted as a handshake message. 87| 17.8k| if(expecting_ccs) { ------------------ | Branch (87:10): [True: 475, False: 17.4k] ------------------ 88| 475| const bool is_ccs = (type == Handshake_Type::HandshakeCCS && rec_length == 0); ------------------ | Branch (88:31): [True: 324, False: 151] | Branch (88:71): [True: 303, False: 21] ------------------ 89| 475| if(!is_ccs) { ------------------ | Branch (89:13): [True: 172, False: 303] ------------------ 90| 172| throw TLS_Exception(Alert::UnexpectedMessage, "Expected ChangeCipherSpec but got a handshake message"); 91| 172| } 92| 17.4k| } else { 93| 17.4k| verify_is_expected_wire_handshake_type(type); 94| | 95| 17.4k| if(max_message_size > 0 && rec_length > max_message_size) { ------------------ | Branch (95:13): [True: 17.4k, False: 3] | Branch (95:37): [True: 32, False: 17.3k] ------------------ 96| 32| throw TLS_Exception( 97| 32| Alert::HandshakeFailure, 98| 32| Botan::fmt("Handshake message is {} bytes, policy maximum is {}", rec_length, max_message_size)); 99| 32| } 100| 17.4k| } 101| | 102| 17.6k| const size_t length = 4 + rec_length; 103| | 104| 17.6k| if(m_queue.size() >= length) { ------------------ | Branch (104:10): [True: 15.2k, False: 2.44k] ------------------ 105| 15.2k| const std::vector contents(m_queue.begin() + 4, m_queue.begin() + length); 106| | 107| 15.2k| m_queue.erase(m_queue.begin(), m_queue.begin() + length); 108| | 109| 15.2k| return std::make_pair(type, contents); 110| 15.2k| } 111| 17.6k| } 112| | 113| 15.4k| return std::make_pair(Handshake_Type::None, std::vector()); 114| 30.8k|} _ZNK5Botan3TLS19Stream_Handshake_IO6formatERKNSt3__16vectorIhNS2_9allocatorIhEEEENS0_14Handshake_TypeE: 116| 32.8k|std::vector Stream_Handshake_IO::format(const std::vector& msg, Handshake_Type type) const { 117| 32.8k| std::vector send_buf(4 + msg.size()); 118| | 119| 32.8k| const size_t buf_size = msg.size(); 120| | 121| 32.8k| send_buf[0] = static_cast(type); 122| | 123| 32.8k| store_be24(&send_buf[1], buf_size); 124| | 125| 32.8k| if(!msg.empty()) { ------------------ | Branch (125:7): [True: 29.9k, False: 2.89k] ------------------ 126| 29.9k| copy_mem(&send_buf[4], msg.data(), msg.size()); 127| 29.9k| } 128| | 129| 32.8k| return send_buf; 130| 32.8k|} _ZN5Botan3TLS19Stream_Handshake_IO4sendERKNS0_17Handshake_MessageE: 136| 18.0k|std::vector Stream_Handshake_IO::send(const Handshake_Message& msg) { 137| 18.0k| const std::vector msg_bits = msg.serialize(); 138| | 139| 18.0k| if(msg.type() == Handshake_Type::HandshakeCCS) { ------------------ | Branch (139:7): [True: 104, False: 17.9k] ------------------ 140| 104| m_send_hs(Record_Type::ChangeCipherSpec, msg_bits); 141| 104| return std::vector(); // not included in handshake hashes 142| 104| } 143| | 144| 17.9k| auto buf = format(msg_bits, msg.wire_type()); 145| 17.9k| m_send_hs(Record_Type::Handshake, buf); 146| 17.9k| return buf; 147| 18.0k|} _ZNK5Botan3TLS21Datagram_Handshake_IO22initial_record_versionEv: 149| 569|Protocol_Version Datagram_Handshake_IO::initial_record_version() const { 150| 569| return Protocol_Version::DTLS_V12; 151| 569|} _ZNK5Botan3TLS21Datagram_Handshake_IO14have_more_dataEv: 179| 5|bool Datagram_Handshake_IO::have_more_data() const { 180| 5| return false; 181| 5|} _ZN5Botan3TLS21Datagram_Handshake_IO10add_recordEPKhmNS0_11Record_TypeEm: 207| 831| uint64_t record_sequence) { 208| 831| const uint16_t epoch = static_cast(record_sequence >> 48); 209| | 210| 831| if(record_type == Record_Type::ChangeCipherSpec) { ------------------ | Branch (210:7): [True: 47, False: 784] ------------------ 211| 47| if(record_len != 1 || record[0] != 1) { ------------------ | Branch (211:10): [True: 9, False: 38] | Branch (211:29): [True: 7, False: 31] ------------------ 212| 16| throw Decoding_Error("Invalid ChangeCipherSpec"); 213| 16| } 214| | 215| | // TODO: check this is otherwise empty 216| 31| m_ccs_epochs.insert(epoch); 217| 31| return; 218| 47| } 219| | 220| 784| const size_t DTLS_HANDSHAKE_HEADER_LEN = 12; 221| | 222| 2.26k| while(record_len > 0) { ------------------ | Branch (222:10): [True: 1.67k, False: 585] ------------------ 223| 1.67k| if(record_len < DTLS_HANDSHAKE_HEADER_LEN) { ------------------ | Branch (223:10): [True: 126, False: 1.54k] ------------------ 224| 126| return; // completely bogus? at least degenerate/weird 225| 126| } 226| | 227| 1.54k| const Handshake_Type msg_type = static_cast(record[0]); 228| | 229| 1.54k| verify_is_expected_wire_handshake_type(msg_type); 230| | 231| 1.54k| const size_t msg_len = load_be24(&record[1]); 232| | 233| 1.54k| if(m_max_handshake_msg_size > 0 && msg_len > m_max_handshake_msg_size) { ------------------ | Branch (233:10): [True: 1.54k, False: 4] | Branch (233:42): [True: 44, False: 1.50k] ------------------ 234| 44| throw TLS_Exception( 235| 44| Alert::HandshakeFailure, 236| 44| Botan::fmt("Handshake message is {} bytes, policy maximum is {}", msg_len, m_max_handshake_msg_size)); 237| 44| } 238| | 239| 1.50k| const uint16_t message_seq = load_be(&record[4], 0); 240| 1.50k| const size_t fragment_offset = load_be24(&record[6]); 241| 1.50k| const size_t fragment_length = load_be24(&record[9]); 242| | 243| 1.50k| const size_t total_size = DTLS_HANDSHAKE_HEADER_LEN + fragment_length; 244| | 245| 1.50k| if(record_len < total_size) { ------------------ | Branch (245:10): [True: 29, False: 1.47k] ------------------ 246| 29| throw Decoding_Error("Bad lengths in DTLS header"); 247| 29| } 248| | 249| | // Bound the out-of-order reassembly window. 250| 1.47k| constexpr uint16_t reassembly_window = 16; 251| | 252| | // Independently cap total bytes committed to in-flight reassembly slots 253| 1.47k| const size_t max_pending = 4 * m_max_handshake_msg_size; 254| | 255| 1.47k| if(message_seq >= m_in_message_seq && (message_seq - m_in_message_seq) < reassembly_window) { ------------------ | Branch (255:10): [True: 1.47k, False: 4] | Branch (255:45): [True: 1.23k, False: 240] ------------------ 256| 1.23k| auto [it, inserted] = m_messages.try_emplace(message_seq); 257| 1.23k| if(inserted) { ------------------ | Branch (257:13): [True: 364, False: 868] ------------------ 258| 364| if(m_max_handshake_msg_size > 0 && m_pending_reassembly_bytes + msg_len > max_pending) { ------------------ | Branch (258:16): [True: 364, False: 0] | Branch (258:48): [True: 0, False: 364] ------------------ 259| 0| m_messages.erase(it); 260| 0| record += total_size; 261| 0| record_len -= total_size; 262| 0| continue; 263| 0| } 264| 364| m_pending_reassembly_bytes += msg_len; 265| 364| } 266| 1.23k| it->second.add_fragment( 267| 1.23k| &record[DTLS_HANDSHAKE_HEADER_LEN], fragment_length, fragment_offset, epoch, msg_type, msg_len); 268| 1.23k| } else { 269| | // TODO: detect retransmitted flight 270| 244| } 271| | 272| 1.47k| record += total_size; 273| 1.47k| record_len -= total_size; 274| 1.47k| } 275| 784|} _ZN5Botan3TLS21Datagram_Handshake_IO15get_next_recordEbm: 278| 652| size_t /*max_message_size*/) { 279| | // Expecting a message means the last flight is concluded 280| 652| if(!m_flights.rbegin()->empty()) { ------------------ | Branch (280:7): [True: 0, False: 652] ------------------ 281| 0| m_flights.push_back(std::vector()); 282| 0| } 283| | 284| 652| if(expecting_ccs) { ------------------ | Branch (284:7): [True: 0, False: 652] ------------------ 285| 0| if(!m_messages.empty()) { ------------------ | Branch (285:10): [True: 0, False: 0] ------------------ 286| 0| const uint16_t current_epoch = m_messages.begin()->second.epoch(); 287| | 288| 0| if(m_ccs_epochs.contains(current_epoch)) { ------------------ | Branch (288:13): [True: 0, False: 0] ------------------ 289| 0| return std::make_pair(Handshake_Type::HandshakeCCS, std::vector()); 290| 0| } 291| 0| } 292| 0| return std::make_pair(Handshake_Type::None, std::vector()); 293| 0| } 294| | 295| 652| auto i = m_messages.find(m_in_message_seq); 296| | 297| 652| if(i == m_messages.end() || !i->second.complete()) { ------------------ | Branch (297:7): [True: 540, False: 112] | Branch (297:7): [True: 608, False: 44] | Branch (297:32): [True: 68, False: 44] ------------------ 298| 608| return std::make_pair(Handshake_Type::None, std::vector()); 299| 608| } 300| | 301| 44| m_in_message_seq += 1; 302| | 303| 44| auto result = i->second.message(); 304| | 305| | // Free the reassembly buffer for this delivered slot and uncommit its 306| | // bytes against the cap. The entry itself stays in m_messages because 307| | // the expecting_ccs branch above uses m_messages.begin()->second.epoch() 308| | // as an epoch-0 sentinel; it only needs the metadata, not the buffers. 309| 44| BOTAN_ASSERT_NOMSG(m_pending_reassembly_bytes >= i->second.msg_length()); ------------------ | | 77| 44| do { \ | | 78| 44| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 44| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 44] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 44| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 44] | | ------------------ ------------------ 310| 44| m_pending_reassembly_bytes -= i->second.msg_length(); 311| 44| i->second.release_buffers(); 312| | 313| 44| return result; 314| 652|} _ZN5Botan3TLS21Datagram_Handshake_IO20Handshake_Reassembly15release_buffersEv: 316| 44|void Datagram_Handshake_IO::Handshake_Reassembly::release_buffers() { 317| 44| m_received_mask.clear(); 318| 44| m_received_mask.shrink_to_fit(); 319| 44| m_message.clear(); 320| 44| m_message.shrink_to_fit(); 321| 44|} _ZN5Botan3TLS21Datagram_Handshake_IO20Handshake_Reassembly12add_fragmentEPKhmmtNS0_14Handshake_TypeEm: 328| 1.23k| size_t msg_length) { 329| 1.23k| if(m_msg_type == Handshake_Type::None) { ------------------ | Branch (329:7): [True: 364, False: 868] ------------------ 330| | // First fragment for this message_seq 331| 364| m_epoch = epoch; 332| 364| m_msg_type = msg_type; 333| 364| m_msg_length = msg_length; 334| 364| m_message.resize(msg_length); 335| 364| m_received_mask.assign(msg_length, 0); 336| 868| } else { 337| 868| if(msg_type != m_msg_type || msg_length != m_msg_length || epoch != m_epoch) { ------------------ | Branch (337:10): [True: 14, False: 854] | Branch (337:36): [True: 25, False: 829] | Branch (337:66): [True: 0, False: 829] ------------------ 338| 39| throw Decoding_Error("Inconsistent values in fragmented DTLS handshake header"); 339| 39| } 340| | 341| 829| if(complete()) { ------------------ | Branch (341:10): [True: 758, False: 71] ------------------ 342| 758| return; // already have entire message, ignore this 343| 758| } 344| 829| } 345| | 346| 435| if(fragment_offset > m_msg_length) { ------------------ | Branch (346:7): [True: 32, False: 403] ------------------ 347| 32| throw Decoding_Error("Fragment offset past end of message"); 348| 32| } 349| | 350| 403| if(fragment_offset + fragment_length > m_msg_length) { ------------------ | Branch (350:7): [True: 5, False: 398] ------------------ 351| 5| throw Decoding_Error("Fragment overlaps past end of message"); 352| 5| } 353| | 354| 398| BOTAN_ASSERT_NOMSG(m_received_mask.size() == m_msg_length); ------------------ | | 77| 398| do { \ | | 78| 398| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 398| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 398] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 398| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 398] | | ------------------ ------------------ 355| | 356| 950| for(size_t i = 0; i != fragment_length; ++i) { ------------------ | Branch (356:22): [True: 562, False: 388] ------------------ 357| 562| const size_t off = fragment_offset + i; 358| 562| if(m_received_mask[off] != 0) { ------------------ | Branch (358:10): [True: 94, False: 468] ------------------ 359| | // RFC 6347 4.2.3 permits overlapping retransmissions, but the 360| | // overlapping bytes must agree. 361| 94| if(m_message[off] != fragment[i]) { ------------------ | Branch (361:13): [True: 10, False: 84] ------------------ 362| 10| throw Decoding_Error("Inconsistent overlapping DTLS handshake fragment"); 363| 10| } 364| 468| } else { 365| 468| m_message[off] = fragment[i]; 366| 468| m_received_mask[off] = 1; 367| 468| ++m_bytes_received; 368| 468| } 369| 562| } 370| 398|} _ZNK5Botan3TLS21Datagram_Handshake_IO20Handshake_Reassembly8completeEv: 372| 985|bool Datagram_Handshake_IO::Handshake_Reassembly::complete() const { 373| 985| return (m_msg_type != Handshake_Type::None && m_bytes_received == m_msg_length); ------------------ | Branch (373:12): [True: 985, False: 0] | Branch (373:50): [True: 846, False: 139] ------------------ 374| 985|} _ZNK5Botan3TLS21Datagram_Handshake_IO20Handshake_Reassembly7messageEv: 376| 44|std::pair> Datagram_Handshake_IO::Handshake_Reassembly::message() const { 377| 44| if(!complete()) { ------------------ | Branch (377:7): [True: 0, False: 44] ------------------ 378| 0| throw Internal_Error("Datagram_Handshake_IO - message not complete"); 379| 0| } 380| | 381| 44| return std::make_pair(m_msg_type, m_message); 382| 44|} _ZNK5Botan3TLS21Datagram_Handshake_IO15format_fragmentEPKhmjjNS0_14Handshake_TypeEt: 389| 5| uint16_t msg_sequence) const { 390| 5| std::vector send_buf(12 + frag_len); 391| | 392| 5| send_buf[0] = static_cast(type); 393| | 394| 5| store_be24(&send_buf[1], msg_len); 395| | 396| 5| store_be(msg_sequence, &send_buf[4]); 397| | 398| 5| store_be24(&send_buf[6], frag_offset); 399| 5| store_be24(&send_buf[9], frag_len); 400| | 401| 5| if(frag_len > 0) { ------------------ | Branch (401:7): [True: 1, False: 4] ------------------ 402| 1| copy_mem(&send_buf[12], fragment, frag_len); 403| 1| } 404| | 405| 5| return send_buf; 406| 5|} _ZNK5Botan3TLS21Datagram_Handshake_IO12format_w_seqERKNSt3__16vectorIhNS2_9allocatorIhEEEENS0_14Handshake_TypeEt: 410| 5| uint16_t msg_sequence) const { 411| 5| return format_fragment(msg.data(), msg.size(), 0, static_cast(msg.size()), type, msg_sequence); 412| 5|} _ZNK5Botan3TLS21Datagram_Handshake_IO6formatERKNSt3__16vectorIhNS2_9allocatorIhEEEENS0_14Handshake_TypeE: 414| 5|std::vector Datagram_Handshake_IO::format(const std::vector& msg, Handshake_Type type) const { 415| 5| BOTAN_ASSERT_NOMSG(m_in_message_seq > 0); ------------------ | | 77| 5| do { \ | | 78| 5| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 5| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 5] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 5| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 5] | | ------------------ ------------------ 416| 5| return format_w_seq(msg, type, m_in_message_seq - 1); 417| 5|} tls_handshake_io.cpp:_ZN5Botan3TLS12_GLOBAL__N_138verify_is_expected_wire_handshake_typeENS0_14Handshake_TypeE: 28| 18.9k|void verify_is_expected_wire_handshake_type(Handshake_Type type) { 29| 18.9k| switch(type) { 30| 0| case Handshake_Type::HelloRetryRequest: ------------------ | Branch (30:7): [True: 0, False: 18.9k] ------------------ 31| 4| case Handshake_Type::HandshakeCCS: ------------------ | Branch (31:7): [True: 4, False: 18.9k] ------------------ 32| 7| case Handshake_Type::None: ------------------ | Branch (32:7): [True: 3, False: 18.9k] ------------------ 33| 7| throw TLS_Exception(Alert::UnexpectedMessage, "Invalid handshake message type"); 34| 18.9k| default: ------------------ | Branch (34:7): [True: 18.9k, False: 7] ------------------ 35| 18.9k| break; 36| 18.9k| } 37| 18.9k|} tls_handshake_io.cpp:_ZN5Botan3TLS12_GLOBAL__N_110store_be24EPhm: 39| 32.8k|void store_be24(uint8_t out[3], size_t val) { 40| 32.8k| out[0] = get_byte<1>(static_cast(val)); 41| 32.8k| out[1] = get_byte<2>(static_cast(val)); 42| 32.8k| out[2] = get_byte<3>(static_cast(val)); 43| 32.8k|} tls_handshake_io.cpp:_ZN5Botan3TLS12_GLOBAL__N_19load_be24EPKh: 23| 4.54k|inline size_t load_be24(const uint8_t q[3]) { 24| 4.54k| return make_uint32(0, q[0], q[1], q[2]); 25| 4.54k|} _ZN5Botan3TLS15Handshake_StateD2Ev: 28| 4.24k|Handshake_State::~Handshake_State() = default; _ZN5Botan3TLS15Handshake_StateC2ENSt3__110unique_ptrINS0_12Handshake_IOENS2_14default_deleteIS4_EEEERNS0_9CallbacksE: 31| 4.24k| m_callbacks(cb), m_handshake_io(std::move(io)), m_version(m_handshake_io->initial_record_version()) {} _ZN5Botan3TLS15Handshake_State12note_messageERKNS0_17Handshake_MessageE: 33| 22.6k|void Handshake_State::note_message(const Handshake_Message& msg) { 34| 22.6k| m_callbacks.tls_inspect_handshake_msg(msg); 35| 22.6k|} _ZN5Botan3TLS15Handshake_State12client_helloENSt3__110unique_ptrINS0_15Client_Hello_12ENS2_14default_deleteIS4_EEEE: 47| 21.5k|void Handshake_State::client_hello(std::unique_ptr client_hello) { 48| | // Legacy behavior (exception to the rule): Allow client_hello to be nullptr to reset state. 49| 21.5k| if(client_hello == nullptr) { ------------------ | Branch (49:7): [True: 9.14k, False: 12.4k] ------------------ 50| 9.14k| m_client_hello.reset(); 51| 9.14k| hash().reset(); 52| 12.4k| } else { 53| 12.4k| m_client_hello = std::move(client_hello); 54| 12.4k| note_message(*m_client_hello); 55| 12.4k| } 56| 21.5k|} _ZN5Botan3TLS15Handshake_State12server_helloENSt3__110unique_ptrINS0_15Server_Hello_12ENS2_14default_deleteIS4_EEEE: 58| 2.89k|void Handshake_State::server_hello(std::unique_ptr server_hello) { 59| 2.89k| BOTAN_ASSERT_NONNULL(server_hello); ------------------ | | 116| 2.89k| do { \ | | 117| 2.89k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 2.89k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 2.89k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 2.89k] | | ------------------ ------------------ 60| 2.89k| m_server_hello = std::move(server_hello); 61| 2.89k| m_ciphersuite = Ciphersuite::by_id(m_server_hello->ciphersuite()); 62| 2.89k| note_message(*m_server_hello); 63| 2.89k|} _ZN5Botan3TLS15Handshake_State12server_certsENSt3__110unique_ptrINS0_14Certificate_12ENS2_14default_deleteIS4_EEEE: 65| 3|void Handshake_State::server_certs(std::unique_ptr server_certs) { 66| 3| BOTAN_ASSERT_NONNULL(server_certs); ------------------ | | 116| 3| do { \ | | 117| 3| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 3] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 3| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 3] | | ------------------ ------------------ 67| 3| m_server_certs = std::move(server_certs); 68| 3| note_message(*m_server_certs); 69| 3|} _ZN5Botan3TLS15Handshake_State10server_kexENSt3__110unique_ptrINS0_19Server_Key_ExchangeENS2_14default_deleteIS4_EEEE: 77| 2.88k|void Handshake_State::server_kex(std::unique_ptr server_kex) { 78| 2.88k| BOTAN_ASSERT_NONNULL(server_kex); ------------------ | | 116| 2.88k| do { \ | | 117| 2.88k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 2.88k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 2.88k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 2.88k] | | ------------------ ------------------ 79| 2.88k| m_server_kex = std::move(server_kex); 80| 2.88k| note_message(*m_server_kex); 81| 2.88k|} _ZN5Botan3TLS15Handshake_State17server_hello_doneENSt3__110unique_ptrINS0_17Server_Hello_DoneENS2_14default_deleteIS4_EEEE: 89| 2.88k|void Handshake_State::server_hello_done(std::unique_ptr server_hello_done) { 90| 2.88k| BOTAN_ASSERT_NONNULL(server_hello_done); ------------------ | | 116| 2.88k| do { \ | | 117| 2.88k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 2.88k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 2.88k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 2.88k] | | ------------------ ------------------ 91| 2.88k| m_server_hello_done = std::move(server_hello_done); 92| 2.88k| note_message(*m_server_hello_done); 93| 2.88k|} _ZN5Botan3TLS15Handshake_State10client_kexENSt3__110unique_ptrINS0_19Client_Key_ExchangeENS2_14default_deleteIS4_EEEE: 101| 1.35k|void Handshake_State::client_kex(std::unique_ptr client_kex) { 102| 1.35k| BOTAN_ASSERT_NONNULL(client_kex); ------------------ | | 116| 1.35k| do { \ | | 117| 1.35k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 1.35k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 1.35k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 1.35k] | | ------------------ ------------------ 103| 1.35k| m_client_kex = std::move(client_kex); 104| 1.35k| note_message(*m_client_kex); 105| 1.35k|} _ZN5Botan3TLS15Handshake_State15server_finishedENSt3__110unique_ptrINS0_11Finished_12ENS2_14default_deleteIS4_EEEE: 125| 104|void Handshake_State::server_finished(std::unique_ptr server_finished) { 126| 104| BOTAN_ASSERT_NONNULL(server_finished); ------------------ | | 116| 104| do { \ | | 117| 104| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 104] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 104| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 104] | | ------------------ ------------------ 127| 104| m_server_finished = std::move(server_finished); 128| 104| note_message(*m_server_finished); 129| 104|} _ZN5Botan3TLS15Handshake_State15client_finishedENSt3__110unique_ptrINS0_11Finished_12ENS2_14default_deleteIS4_EEEE: 131| 104|void Handshake_State::client_finished(std::unique_ptr client_finished) { 132| 104| BOTAN_ASSERT_NONNULL(client_finished); ------------------ | | 116| 104| do { \ | | 117| 104| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 104] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 104| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 104] | | ------------------ ------------------ 133| 104| m_client_finished = std::move(client_finished); 134| 104| note_message(*m_client_finished); 135| 104|} _ZNK5Botan3TLS15Handshake_State11ciphersuiteEv: 137| 14.5k|const Ciphersuite& Handshake_State::ciphersuite() const { 138| 14.5k| if(!m_ciphersuite.has_value()) { ------------------ | Branch (138:7): [True: 0, False: 14.5k] ------------------ 139| 0| throw Invalid_State("Cipher suite is not set"); 140| 0| } 141| 14.5k| return m_ciphersuite.value(); 142| 14.5k|} _ZNK5Botan3TLS15Handshake_State12psk_identityEv: 144| 208|std::optional Handshake_State::psk_identity() const { 145| 208| if(!m_client_kex) { ------------------ | Branch (145:7): [True: 0, False: 208] ------------------ 146| 0| return std::nullopt; 147| 0| } 148| 208| return m_client_kex->psk_identity(); 149| 208|} _ZN5Botan3TLS15Handshake_State11set_versionERKNS0_16Protocol_VersionE: 151| 12.3k|void Handshake_State::set_version(const Protocol_Version& version) { 152| 12.3k| m_version = version; 153| 12.3k|} _ZN5Botan3TLS15Handshake_State20compute_session_keysEv: 155| 1.35k|void Handshake_State::compute_session_keys() { 156| 1.35k| BOTAN_ASSERT_NONNULL(client_kex()); ------------------ | | 116| 1.35k| do { \ | | 117| 1.35k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 1.35k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 1.35k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 1.35k] | | ------------------ ------------------ 157| 1.35k| m_session_keys = Session_Keys(this, client_kex()->pre_master_secret(), false); 158| 1.35k|} _ZN5Botan3TLS15Handshake_State21confirm_transition_toENS0_14Handshake_TypeE: 164| 15.2k|void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) { 165| 15.2k| m_transitions.confirm_transition_to(handshake_msg); 166| 15.2k|} _ZN5Botan3TLS15Handshake_State17set_expected_nextENS0_14Handshake_TypeE: 168| 18.9k|void Handshake_State::set_expected_next(Handshake_Type handshake_msg) { 169| 18.9k| m_transitions.set_expected_next(handshake_msg); 170| 18.9k|} _ZNK5Botan3TLS15Handshake_State22received_handshake_msgENS0_14Handshake_TypeE: 172| 2.26k|bool Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) const { 173| 2.26k| return m_transitions.received_handshake_msg(handshake_msg); 174| 2.26k|} _ZN5Botan3TLS15Handshake_State22get_next_handshake_msgEm: 176| 31.5k|std::pair> Handshake_State::get_next_handshake_msg(size_t max_handshake_msg_size) { 177| 31.5k| return m_handshake_io->get_next_record(m_transitions.change_cipher_spec_expected(), max_handshake_msg_size); 178| 31.5k|} _ZNK5Botan3TLS15Handshake_State21protocol_specific_prfEv: 192| 1.55k|std::unique_ptr Handshake_State::protocol_specific_prf() const { 193| 1.55k| return m_callbacks.tls12_protocol_specific_kdf(ciphersuite().prf_algo()); 194| 1.55k|} _ZN5Botan3TLS23Connection_Cipher_StateD2Ev: 33| 407|Connection_Cipher_State::~Connection_Cipher_State() = default; _ZN5Botan3TLS23Connection_Cipher_StateC2ENS0_16Protocol_VersionENS0_15Connection_SideEbRKNS0_11CiphersuiteERKNS0_12Session_KeysEb: 40| 407| bool uses_encrypt_then_mac) { 41| | // NOLINTBEGIN(*-prefer-member-initializer) 42| 407| m_nonce_format = suite.nonce_format(); 43| 407| m_nonce_bytes_from_record = suite.nonce_bytes_from_record(version); 44| 407| m_nonce_bytes_from_handshake = suite.nonce_bytes_from_handshake(); 45| | 46| 407| const secure_vector& aead_key = keys.aead_key(side); 47| 407| m_nonce = keys.nonce(side); 48| | // NOLINTEND(*-prefer-member-initializer) 49| | 50| 407| BOTAN_ASSERT_NOMSG(m_nonce.size() == m_nonce_bytes_from_handshake); ------------------ | | 77| 407| do { \ | | 78| 407| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 407| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 407] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 407| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 407] | | ------------------ ------------------ 51| | 52| 407| if(nonce_format() == Nonce_Format::CBC_MODE) { ------------------ | Branch (52:7): [True: 231, False: 176] ------------------ 53| 231|#if defined(BOTAN_HAS_TLS_CBC) 54| | // legacy CBC+HMAC mode 55| 231| auto mac = MessageAuthenticationCode::create_or_throw(fmt("HMAC({})", suite.mac_algo())); 56| 231| auto cipher = BlockCipher::create_or_throw(suite.cipher_algo()); 57| | 58| 231| if(our_side) { ------------------ | Branch (58:10): [True: 60, False: 171] ------------------ 59| 60| m_aead = std::make_unique(std::move(cipher), 60| 60| std::move(mac), 61| 60| suite.cipher_keylen(), 62| 60| suite.mac_keylen(), 63| 60| version, 64| 60| uses_encrypt_then_mac); 65| 171| } else { 66| 171| m_aead = std::make_unique(std::move(cipher), 67| 171| std::move(mac), 68| 171| suite.cipher_keylen(), 69| 171| suite.mac_keylen(), 70| 171| version, 71| 171| uses_encrypt_then_mac); 72| 171| } 73| | 74| |#else 75| | BOTAN_UNUSED(uses_encrypt_then_mac); 76| | throw Internal_Error("Negotiated disabled TLS CBC+HMAC ciphersuite"); 77| |#endif 78| 231| } else if(nonce_format() == Nonce_Format::NULL_CIPHER) { ------------------ | Branch (78:14): [True: 0, False: 176] ------------------ 79| |#if defined(BOTAN_HAS_TLS_NULL) 80| | auto mac = MessageAuthenticationCode::create_or_throw(fmt("HMAC({})", suite.mac_algo())); 81| | 82| | if(our_side) { 83| | m_aead = std::make_unique(std::move(mac), suite.mac_keylen()); 84| | } else { 85| | m_aead = std::make_unique(std::move(mac), suite.mac_keylen()); 86| | } 87| |#else 88| 0| throw Internal_Error("Negotiated disabled TLS NULL ciphersuite"); 89| 0|#endif 90| 176| } else { 91| 176| m_aead = 92| 176| AEAD_Mode::create_or_throw(suite.cipher_algo(), our_side ? Cipher_Dir::Encryption : Cipher_Dir::Decryption); ------------------ | Branch (92:58): [True: 44, False: 132] ------------------ 93| 176| } 94| | 95| 407| m_aead->set_key(aead_key); 96| 407|} _ZN5Botan3TLS23Connection_Cipher_State10aead_nonceEmRNS_21RandomNumberGeneratorE: 98| 189|std::vector Connection_Cipher_State::aead_nonce(uint64_t seq, RandomNumberGenerator& rng) { 99| 189| switch(m_nonce_format) { ------------------ | Branch (99:11): [True: 189, False: 0] ------------------ 100| 0| case Nonce_Format::NULL_CIPHER: { ------------------ | Branch (100:7): [True: 0, False: 189] ------------------ 101| 0| return std::vector{}; 102| 0| } 103| 107| case Nonce_Format::CBC_MODE: { ------------------ | Branch (103:7): [True: 107, False: 82] ------------------ 104| 107| std::vector nonce(nonce_bytes_from_record()); 105| 107| rng.randomize(nonce.data(), nonce.size()); 106| 107| return nonce; 107| 0| } 108| 54| case Nonce_Format::AEAD_XOR_12: { ------------------ | Branch (108:7): [True: 54, False: 135] ------------------ 109| 54| BOTAN_ASSERT_NOMSG(m_nonce.size() == 12); ------------------ | | 77| 54| do { \ | | 78| 54| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 54| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 54] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 54| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 54] | | ------------------ ------------------ 110| 54| std::vector nonce(12); 111| 54| store_be(seq, nonce.data() + 4); 112| 54| xor_buf(nonce, m_nonce.data(), m_nonce.size()); 113| 54| return nonce; 114| 0| } 115| 28| case Nonce_Format::AEAD_IMPLICIT_4: { ------------------ | Branch (115:7): [True: 28, False: 161] ------------------ 116| 28| BOTAN_ASSERT_NOMSG(m_nonce.size() == 4); ------------------ | | 77| 28| do { \ | | 78| 28| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 28| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 28] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 28| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 28] | | ------------------ ------------------ 117| 28| std::vector nonce(12); 118| 28| copy_mem(&nonce[0], m_nonce.data(), 4); // NOLINT(*container-data-pointer) 119| 28| store_be(seq, &nonce[nonce_bytes_from_handshake()]); 120| 28| return nonce; 121| 0| } 122| 189| } 123| | 124| 0| throw Invalid_State("Unknown nonce format specified"); 125| 189|} _ZN5Botan3TLS23Connection_Cipher_State10aead_nonceEPKhmm: 127| 224|std::vector Connection_Cipher_State::aead_nonce(const uint8_t record[], size_t record_len, uint64_t seq) { 128| 224| switch(m_nonce_format) { ------------------ | Branch (128:11): [True: 224, False: 0] ------------------ 129| 0| case Nonce_Format::NULL_CIPHER: { ------------------ | Branch (129:7): [True: 0, False: 224] ------------------ 130| 0| return std::vector{}; 131| 0| } 132| 118| case Nonce_Format::CBC_MODE: { ------------------ | Branch (132:7): [True: 118, False: 106] ------------------ 133| 118| if(record_len < nonce_bytes_from_record()) { ------------------ | Branch (133:13): [True: 1, False: 117] ------------------ 134| 1| throw Decoding_Error("Invalid CBC packet too short to be valid"); 135| 1| } 136| 117| std::vector nonce(record, record + nonce_bytes_from_record()); 137| 117| return nonce; 138| 118| } 139| 38| case Nonce_Format::AEAD_XOR_12: { ------------------ | Branch (139:7): [True: 38, False: 186] ------------------ 140| 38| BOTAN_ASSERT_NOMSG(m_nonce.size() == 12); ------------------ | | 77| 38| do { \ | | 78| 38| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 38| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 38] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 38| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 38] | | ------------------ ------------------ 141| 38| std::vector nonce(12); 142| 38| store_be(seq, nonce.data() + 4); 143| 38| xor_buf(nonce, m_nonce.data(), m_nonce.size()); 144| 38| return nonce; 145| 118| } 146| 68| case Nonce_Format::AEAD_IMPLICIT_4: { ------------------ | Branch (146:7): [True: 68, False: 156] ------------------ 147| 68| BOTAN_ASSERT_NOMSG(m_nonce.size() == 4); ------------------ | | 77| 68| do { \ | | 78| 68| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 68| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 68] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 68| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 68] | | ------------------ ------------------ 148| 68| if(record_len < nonce_bytes_from_record()) { ------------------ | Branch (148:13): [True: 1, False: 67] ------------------ 149| 1| throw Decoding_Error("Invalid AEAD packet too short to be valid"); 150| 1| } 151| 67| std::vector nonce(12); 152| 67| copy_mem(&nonce[0], m_nonce.data(), 4); // NOLINT(*container-data-pointer) 153| 67| copy_mem(&nonce[nonce_bytes_from_handshake()], record, nonce_bytes_from_record()); 154| 67| return nonce; 155| 68| } 156| 224| } 157| | 158| 0| throw Invalid_State("Unknown nonce format specified"); 159| 224|} _ZN5Botan3TLS23Connection_Cipher_State9format_adEmNS0_11Record_TypeENS0_16Protocol_VersionEt: 164| 409| uint16_t msg_length) { 165| 409| std::vector ad(13); 166| | 167| 409| store_be(msg_sequence, &ad[0]); // NOLINT(*container-data-pointer) 168| 409| ad[8] = static_cast(msg_type); 169| 409| ad[9] = version.major_version(); 170| 409| ad[10] = version.minor_version(); 171| 409| ad[11] = get_byte<0>(msg_length); 172| 409| ad[12] = get_byte<1>(msg_length); 173| | 174| 409| return ad; 175| 409|} _ZN5Botan3TLS24write_unencrypted_recordERNSt3__16vectorIhNS_16secure_allocatorIhEEEENS0_11Record_TypeENS0_16Protocol_VersionEmPKhm: 210| 20.6k| size_t message_len) { 211| 20.6k| if(record_type == Record_Type::ApplicationData) { ------------------ | Branch (211:7): [True: 0, False: 20.6k] ------------------ 212| 0| throw Internal_Error("Writing an unencrypted TLS application data record"); 213| 0| } 214| 20.6k| write_record_header(output, record_type, version, record_sequence); 215| 20.6k| append_u16_len(output, message_len); 216| 20.6k| output.insert(output.end(), message, message + message_len); 217| 20.6k|} _ZN5Botan3TLS12write_recordERNSt3__16vectorIhNS_16secure_allocatorIhEEEENS0_11Record_TypeENS0_16Protocol_VersionEmPKhmRNS0_23Connection_Cipher_StateERNS_21RandomNumberGeneratorE: 226| 189| RandomNumberGenerator& rng) { 227| 189| write_record_header(output, record_type, version, record_sequence); 228| | 229| 189| AEAD_Mode& aead = cs.aead(); 230| 189| std::vector aad = cs.format_ad(record_sequence, record_type, version, static_cast(message_len)); 231| | 232| 189| const size_t ctext_size = aead.output_length(message_len); 233| | 234| 189| const size_t rec_size = ctext_size + cs.nonce_bytes_from_record(); 235| | 236| 189| aead.set_associated_data(aad); 237| | 238| 189| const std::vector nonce = cs.aead_nonce(record_sequence, rng); 239| | 240| 189| append_u16_len(output, rec_size); 241| | 242| 189| if(cs.nonce_bytes_from_record() > 0) { ------------------ | Branch (242:7): [True: 135, False: 54] ------------------ 243| 135| if(cs.nonce_format() == Nonce_Format::CBC_MODE) { ------------------ | Branch (243:10): [True: 107, False: 28] ------------------ 244| 107| output += nonce; 245| 107| } else { 246| 28| output += std::make_pair(&nonce[cs.nonce_bytes_from_handshake()], cs.nonce_bytes_from_record()); 247| 28| } 248| 135| } 249| | 250| 189| const size_t header_size = output.size(); 251| 189| output += std::make_pair(message, message_len); 252| | 253| 189| aead.start(nonce); 254| 189| aead.finish(output, header_size); 255| | 256| 189| BOTAN_ASSERT(output.size() < MAX_CIPHERTEXT_SIZE, "Produced ciphertext larger than protocol allows"); ------------------ | | 64| 189| do { \ | | 65| 189| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 189| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 189] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 189| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 189] | | ------------------ ------------------ 257| 189|} _ZN5Botan3TLS11read_recordEbRNSt3__16vectorIhNS_16secure_allocatorIhEEEEPKhmRmS6_PNS0_27Connection_Sequence_NumbersERKNS1_8functionIFNS1_10shared_ptrINS0_23Connection_Cipher_StateEEEtEEEb: 514| 22.0k| bool allow_epoch0_restart) { 515| 22.0k| if(is_datagram) { ------------------ | Branch (515:7): [True: 2.81k, False: 19.2k] ------------------ 516| 2.81k| return read_dtls_record( 517| 2.81k| readbuf, input, input_len, consumed, recbuf, sequence_numbers, get_cipherstate, allow_epoch0_restart); 518| 19.2k| } else { 519| 19.2k| return read_tls_record(readbuf, input, input_len, consumed, recbuf, sequence_numbers, get_cipherstate); 520| 19.2k| } 521| 22.0k|} tls_record.cpp:_ZN5Botan3TLS12_GLOBAL__N_119write_record_headerERNSt3__16vectorIhNS_16secure_allocatorIhEEEENS0_11Record_TypeENS0_16Protocol_VersionEm: 189| 20.8k| uint64_t record_sequence) { 190| 20.8k| output.clear(); 191| | 192| 20.8k| output.push_back(static_cast(record_type)); 193| 20.8k| output.push_back(version.major_version()); 194| 20.8k| output.push_back(version.minor_version()); 195| | 196| 20.8k| if(version.is_datagram_protocol()) { ------------------ | Branch (196:7): [True: 9.66k, False: 11.1k] ------------------ 197| 86.9k| for(size_t i = 0; i != 8; ++i) { ------------------ | Branch (197:25): [True: 77.2k, False: 9.66k] ------------------ 198| 77.2k| output.push_back(get_byte_var(i, record_sequence)); 199| 77.2k| } 200| 9.66k| } 201| 20.8k|} tls_record.cpp:_ZN5Botan3TLS12_GLOBAL__N_114append_u16_lenERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 179| 20.8k|inline void append_u16_len(secure_vector& output, size_t len_field) { 180| 20.8k| const uint16_t len16 = static_cast(len_field); 181| 20.8k| BOTAN_ASSERT_EQUAL(len_field, len16, "No truncation"); ------------------ | | 90| 20.8k| do { \ | | 91| 20.8k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 92| 20.8k| if((expr1) != (expr2)) { \ | | ------------------ | | | Branch (92:10): [True: 0, False: 20.8k] | | ------------------ | | 93| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 94| 0| Botan::assertion_failure(#expr1 " == " #expr2, assertion_made, __func__, __FILE__, __LINE__); \ | | 95| 0| } \ | | 96| 20.8k| } while(0) | | ------------------ | | | Branch (96:12): [Folded, False: 20.8k] | | ------------------ ------------------ 182| 20.8k| output.push_back(get_byte<0>(len16)); 183| 20.8k| output.push_back(get_byte<1>(len16)); 184| 20.8k|} tls_record.cpp:_ZN5Botan3TLS12_GLOBAL__N_116read_dtls_recordERNSt3__16vectorIhNS_16secure_allocatorIhEEEEPKhmRmS7_PNS0_27Connection_Sequence_NumbersERKNS2_8functionIFNS2_10shared_ptrINS0_23Connection_Cipher_StateEEEtEEEb: 428| 2.81k| bool allow_epoch0_restart) { 429| 2.81k| if(readbuf.size() < DTLS_HEADER_SIZE) { ------------------ | Branch (429:7): [True: 2.81k, False: 0] ------------------ 430| | // header incomplete 431| 2.81k| if(fill_buffer_to(readbuf, input, input_len, consumed, DTLS_HEADER_SIZE) != 0) { ------------------ | Branch (431:10): [True: 46, False: 2.77k] ------------------ 432| 46| readbuf.clear(); 433| 46| return Record_Header(0); 434| 46| } 435| | 436| 2.77k| BOTAN_ASSERT_EQUAL(readbuf.size(), DTLS_HEADER_SIZE, "Have an entire header"); ------------------ | | 90| 2.77k| do { \ | | 91| 2.77k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 92| 2.77k| if((expr1) != (expr2)) { \ | | ------------------ | | | Branch (92:10): [True: 0, False: 2.77k] | | ------------------ | | 93| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 94| 0| Botan::assertion_failure(#expr1 " == " #expr2, assertion_made, __func__, __FILE__, __LINE__); \ | | 95| 0| } \ | | 96| 2.77k| } while(0) | | ------------------ | | | Branch (96:12): [Folded, False: 2.77k] | | ------------------ ------------------ 437| 2.77k| } 438| | 439| 2.77k| const Protocol_Version version(readbuf[1], readbuf[2]); 440| | 441| 2.77k| if(version.is_datagram_protocol() == false) { ------------------ | Branch (441:7): [True: 30, False: 2.74k] ------------------ 442| 30| readbuf.clear(); 443| 30| return Record_Header(0); 444| 30| } 445| | 446| 2.74k| const size_t record_size = make_uint16(readbuf[DTLS_HEADER_SIZE - 2], readbuf[DTLS_HEADER_SIZE - 1]); 447| | 448| 2.74k| if(record_size > MAX_CIPHERTEXT_SIZE) { ------------------ | Branch (448:7): [True: 6, False: 2.73k] ------------------ 449| | // Too large to be valid, ignore it 450| 6| readbuf.clear(); 451| 6| return Record_Header(0); 452| 6| } 453| | 454| 2.73k| if(fill_buffer_to(readbuf, input, input_len, consumed, DTLS_HEADER_SIZE + record_size) != 0) { ------------------ | Branch (454:7): [True: 41, False: 2.69k] ------------------ 455| | // Truncated packet? 456| 41| readbuf.clear(); 457| 41| return Record_Header(0); 458| 41| } 459| | 460| 2.69k| BOTAN_ASSERT_EQUAL(static_cast(DTLS_HEADER_SIZE) + record_size, readbuf.size(), "Have the full record"); ------------------ | | 90| 2.69k| do { \ | | 91| 2.69k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 92| 2.69k| if((expr1) != (expr2)) { \ | | ------------------ | | | Branch (92:10): [True: 0, False: 2.69k] | | ------------------ | | 93| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 94| 0| Botan::assertion_failure(#expr1 " == " #expr2, assertion_made, __func__, __FILE__, __LINE__); \ | | 95| 0| } \ | | 96| 2.69k| } while(0) | | ------------------ | | | Branch (96:12): [Folded, False: 2.69k] | | ------------------ ------------------ 461| | 462| 2.69k| const Record_Type type = static_cast(readbuf[0]); 463| | 464| 2.69k| const uint64_t sequence = load_be(&readbuf[3], 0); 465| 2.69k| const uint16_t epoch = (sequence >> 48); 466| | 467| 2.69k| const bool already_seen = sequence_numbers != nullptr && sequence_numbers->already_seen(sequence); ------------------ | Branch (467:30): [True: 425, False: 2.27k] | Branch (467:61): [True: 78, False: 347] ------------------ 468| | 469| 2.69k| if(already_seen && !(epoch == 0 && allow_epoch0_restart)) { ------------------ | Branch (469:7): [True: 78, False: 2.61k] | Branch (469:25): [True: 78, False: 0] | Branch (469:39): [True: 0, False: 78] ------------------ 470| 78| readbuf.clear(); 471| 78| return Record_Header(0); 472| 78| } 473| | 474| 2.61k| if(epoch == 0) { ------------------ | Branch (474:7): [True: 2.55k, False: 58] ------------------ 475| | // Unencrypted initial handshake 476| 2.55k| recbuf.assign(readbuf.begin() + DTLS_HEADER_SIZE, readbuf.begin() + DTLS_HEADER_SIZE + record_size); 477| 2.55k| readbuf.clear(); 478| 2.55k| if(sequence_numbers != nullptr) { ------------------ | Branch (478:10): [True: 319, False: 2.24k] ------------------ 479| 319| sequence_numbers->read_accept(sequence); 480| 319| } 481| 2.55k| return Record_Header(sequence, version, type); 482| 2.55k| } 483| | 484| 58| try { 485| | // Otherwise, decrypt, check MAC, return plaintext 486| 58| auto cs = get_cipherstate(epoch); 487| | 488| 58| BOTAN_ASSERT(cs, "Have cipherstate for this epoch"); ------------------ | | 64| 58| do { \ | | 65| 58| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 58| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 58] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 58| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 58] | | ------------------ ------------------ 489| | 490| 58| decrypt_record(recbuf, &readbuf[DTLS_HEADER_SIZE], record_size, sequence, version, type, *cs); 491| 58| } catch(std::exception&) { 492| 58| readbuf.clear(); 493| 58| return Record_Header(0); 494| 58| } 495| | 496| 0| if(sequence_numbers != nullptr) { ------------------ | Branch (496:7): [True: 0, False: 0] ------------------ 497| 0| sequence_numbers->read_accept(sequence); 498| 0| } 499| | 500| 0| readbuf.clear(); 501| 0| return Record_Header(sequence, version, type); 502| 58|} tls_record.cpp:_ZN5Botan3TLS12_GLOBAL__N_114fill_buffer_toERNSt3__16vectorIhNS_16secure_allocatorIhEEEERPKhRmSB_m: 262| 42.9k| secure_vector& readbuf, const uint8_t*& input, size_t& input_size, size_t& input_consumed, size_t desired) { 263| 42.9k| if(readbuf.size() >= desired) { ------------------ | Branch (263:7): [True: 667, False: 42.3k] ------------------ 264| 667| return 0; // already have it 265| 667| } 266| | 267| 42.3k| const size_t taken = std::min(input_size, desired - readbuf.size()); 268| | 269| 42.3k| readbuf.insert(readbuf.end(), input, input + taken); 270| 42.3k| input_consumed += taken; 271| 42.3k| input_size -= taken; 272| 42.3k| input += taken; 273| | 274| 42.3k| return (desired - readbuf.size()); // how many bytes do we still need? 275| 42.9k|} tls_record.cpp:_ZN5Botan3TLS12_GLOBAL__N_114decrypt_recordERNSt3__16vectorIhNS_16secure_allocatorIhEEEEPhmmNS0_16Protocol_VersionENS0_11Record_TypeERNS0_23Connection_Cipher_StateE: 283| 224| Connection_Cipher_State& cs) { 284| 224| AEAD_Mode& aead = cs.aead(); 285| | 286| 224| const std::vector nonce = cs.aead_nonce(record_contents, record_len, record_sequence); 287| 224| const uint8_t* msg = &record_contents[cs.nonce_bytes_from_record()]; 288| 224| const size_t msg_length = record_len - cs.nonce_bytes_from_record(); 289| | 290| | /* 291| | * This early rejection is based just on public information (length of the 292| | * encrypted packet) and so does not leak any information. We used to use 293| | * decode_error here which really is more appropriate, but that confuses some 294| | * tools which are attempting automated detection of padding oracles, 295| | * including older versions of TLS-Attacker. 296| | */ 297| 224| if(msg_length < aead.minimum_final_size()) { ------------------ | Branch (297:7): [True: 2, False: 222] ------------------ 298| 2| throw TLS_Exception(Alert::BadRecordMac, "AEAD packet is shorter than the tag"); 299| 2| } 300| | 301| 222| const size_t ptext_size = aead.output_length(msg_length); 302| | 303| 222| aead.set_associated_data( 304| 222| cs.format_ad(record_sequence, record_type, record_version, static_cast(ptext_size))); 305| | 306| 222| aead.start(nonce); 307| | 308| 222| output.assign(msg, msg + msg_length); 309| 222| aead.finish(output, 0); 310| 222|} tls_record.cpp:_ZN5Botan3TLS12_GLOBAL__N_115read_tls_recordERNSt3__16vectorIhNS_16secure_allocatorIhEEEEPKhmRmS7_PNS0_27Connection_Sequence_NumbersERKNS2_8functionIFNS2_10shared_ptrINS0_23Connection_Cipher_StateEEEtEEE: 318| 19.2k| const get_cipherstate_fn& get_cipherstate) { 319| 19.2k| if(readbuf.size() < TLS_HEADER_SIZE) { ------------------ | Branch (319:7): [True: 19.2k, False: 0] ------------------ 320| | // header incomplete 321| 19.2k| if(const size_t needed = fill_buffer_to(readbuf, input, input_len, consumed, TLS_HEADER_SIZE)) { ------------------ | Branch (321:23): [True: 333, False: 18.8k] ------------------ 322| 333| return Record_Header(needed); 323| 333| } 324| | 325| 18.8k| BOTAN_ASSERT_EQUAL(readbuf.size(), TLS_HEADER_SIZE, "Have an entire header"); ------------------ | | 90| 18.8k| do { \ | | 91| 18.8k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 92| 18.8k| if((expr1) != (expr2)) { \ | | ------------------ | | | Branch (92:10): [True: 0, False: 18.8k] | | ------------------ | | 93| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 94| 0| Botan::assertion_failure(#expr1 " == " #expr2, assertion_made, __func__, __FILE__, __LINE__); \ | | 95| 0| } \ | | 96| 18.8k| } while(0) | | ------------------ | | | Branch (96:12): [Folded, False: 18.8k] | | ------------------ ------------------ 326| 18.8k| } 327| | 328| | /* 329| | Verify that the record type and record version are within some expected 330| | range, so we can quickly reject totally invalid packets. 331| | 332| | Unfortunately we cannot be more strict about the record number than just 333| | checking the major version, at least at this level, due to this requirement 334| | in RFC 7568 335| | 336| | TLS servers MUST accept any value {03,XX} (including {03,00}) as 337| | the record layer version number for ClientHello 338| | */ 339| 18.8k| const bool bad_record_type = readbuf[0] < 20 || readbuf[0] > 23; ------------------ | Branch (339:33): [True: 271, False: 18.6k] | Branch (339:52): [True: 315, False: 18.2k] ------------------ 340| 18.8k| const bool bad_record_version = readbuf[1] != 3; 341| | 342| 18.8k| if(bad_record_type || bad_record_version) { ------------------ | Branch (342:7): [True: 586, False: 18.2k] | Branch (342:26): [True: 37, False: 18.2k] ------------------ 343| | // We know we read up to at least the 5 byte TLS header 344| 623| const std::string first5 = std::string(reinterpret_cast(readbuf.data()), 5); 345| | 346| 623| if(first5 == "GET /" || first5 == "PUT /" || first5 == "POST " || first5 == "HEAD ") { ------------------ | Branch (346:10): [True: 4, False: 619] | Branch (346:31): [True: 3, False: 616] | Branch (346:52): [True: 2, False: 614] | Branch (346:73): [True: 1, False: 613] ------------------ 347| 10| throw TLS_Exception(Alert::ProtocolVersion, "Client sent plaintext HTTP request instead of TLS handshake"); 348| 10| } 349| | 350| 613| if(first5 == "CONNE") { ------------------ | Branch (350:10): [True: 1, False: 612] ------------------ 351| 1| throw TLS_Exception(Alert::ProtocolVersion, 352| 1| "Client sent plaintext HTTP proxy CONNECT request instead of TLS handshake"); 353| 1| } 354| | 355| 612| if(bad_record_type) { ------------------ | Branch (355:10): [True: 575, False: 37] ------------------ 356| | // RFC 5246 Section 6. 357| | // If a TLS implementation receives an unexpected record type, it MUST 358| | // send an unexpected_message alert. 359| 575| throw TLS_Exception(Alert::UnexpectedMessage, "TLS record type had unexpected value"); 360| 575| } 361| 37| throw TLS_Exception(Alert::ProtocolVersion, "TLS record version had unexpected value"); 362| 612| } 363| | 364| 18.2k| const Protocol_Version version(readbuf[1], readbuf[2]); 365| | 366| 18.2k| if(version.is_datagram_protocol()) { ------------------ | Branch (366:7): [True: 0, False: 18.2k] ------------------ 367| 0| throw TLS_Exception(Alert::ProtocolVersion, "Expected TLS but got a record with DTLS version"); 368| 0| } 369| | 370| 18.2k| const size_t record_size = make_uint16(readbuf[TLS_HEADER_SIZE - 2], readbuf[TLS_HEADER_SIZE - 1]); 371| | 372| 18.2k| if(record_size > MAX_CIPHERTEXT_SIZE) { ------------------ | Branch (372:7): [True: 11, False: 18.2k] ------------------ 373| 11| throw TLS_Exception(Alert::RecordOverflow, "Received a record that exceeds maximum size"); 374| 11| } 375| | 376| 18.2k| if(record_size == 0) { ------------------ | Branch (376:7): [True: 10, False: 18.2k] ------------------ 377| 10| throw TLS_Exception(Alert::DecodeError, "Received a completely empty record"); 378| 10| } 379| | 380| 18.2k| if(const size_t needed = fill_buffer_to(readbuf, input, input_len, consumed, TLS_HEADER_SIZE + record_size)) { ------------------ | Branch (380:20): [True: 263, False: 17.9k] ------------------ 381| 263| return Record_Header(needed); 382| 263| } 383| | 384| 17.9k| BOTAN_ASSERT_EQUAL(static_cast(TLS_HEADER_SIZE) + record_size, readbuf.size(), "Have the full record"); ------------------ | | 90| 17.9k| do { \ | | 91| 17.9k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 92| 17.9k| if((expr1) != (expr2)) { \ | | ------------------ | | | Branch (92:10): [True: 0, False: 17.9k] | | ------------------ | | 93| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 94| 0| Botan::assertion_failure(#expr1 " == " #expr2, assertion_made, __func__, __FILE__, __LINE__); \ | | 95| 0| } \ | | 96| 17.9k| } while(0) | | ------------------ | | | Branch (96:12): [Folded, False: 17.9k] | | ------------------ ------------------ 385| | 386| 17.9k| const Record_Type type = static_cast(readbuf[0]); 387| | 388| 17.9k| uint16_t epoch = 0; 389| | 390| 17.9k| uint64_t sequence = 0; 391| 17.9k| if(sequence_numbers != nullptr) { ------------------ | Branch (391:7): [True: 13.9k, False: 4.05k] ------------------ 392| 13.9k| sequence = sequence_numbers->next_read_sequence(); 393| 13.9k| epoch = sequence_numbers->current_read_epoch(); 394| 13.9k| } else { 395| | // server initial handshake case 396| 4.05k| epoch = 0; 397| 4.05k| } 398| | 399| 17.9k| if(epoch == 0) { ------------------ | Branch (399:7): [True: 17.7k, False: 224] ------------------ 400| | // Unencrypted initial handshake 401| 17.7k| recbuf.assign(readbuf.begin() + TLS_HEADER_SIZE, readbuf.begin() + TLS_HEADER_SIZE + record_size); 402| 17.7k| readbuf.clear(); 403| 17.7k| return Record_Header(sequence, version, type); 404| 17.7k| } 405| | 406| | // Otherwise, decrypt, check MAC, return plaintext 407| 224| auto cs = get_cipherstate(epoch); 408| | 409| 224| BOTAN_ASSERT(cs, "Have cipherstate for this epoch"); ------------------ | | 64| 224| do { \ | | 65| 224| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 224| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 224] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 224| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 224] | | ------------------ ------------------ 410| | 411| 224| decrypt_record(recbuf, &readbuf[TLS_HEADER_SIZE], record_size, sequence, version, type, *cs); 412| | 413| 224| if(sequence_numbers != nullptr) { ------------------ | Branch (413:7): [True: 0, False: 224] ------------------ 414| 0| sequence_numbers->read_accept(sequence); 415| 0| } 416| | 417| 224| readbuf.clear(); 418| 224| return Record_Header(sequence, version, type); 419| 17.9k|} _ZN5Botan3TLS14Server_Impl_12C2ERKNSt3__110shared_ptrINS0_9CallbacksEEERKNS3_INS0_15Session_ManagerEEERKNS3_INS_19Credentials_ManagerEEERKNS3_IKNS0_6PolicyEEERKNS3_INS_21RandomNumberGeneratorEEEbm: 271| 765| Channel_Impl_12(callbacks, session_manager, rng, policy, true, is_datagram, io_buf_sz), m_creds(creds) { 272| 765| BOTAN_ASSERT_NONNULL(m_creds); ------------------ | | 116| 765| do { \ | | 117| 765| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 765] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 765| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 765] | | ------------------ ------------------ 273| 765|} _ZN5Botan3TLS14Server_Impl_12C2ERKNS0_12Channel_Impl21Downgrade_InformationE: 276| 3.67k| Channel_Impl_12(downgrade_info.callbacks, 277| 3.67k| downgrade_info.session_manager, 278| 3.67k| downgrade_info.rng, 279| 3.67k| downgrade_info.policy, 280| 3.67k| true /* is_server*/, 281| 3.67k| false /* TLS 1.3 does not support DTLS yet */, 282| 3.67k| downgrade_info.io_buffer_size), 283| 3.67k| m_creds(downgrade_info.creds) {} _ZN5Botan3TLS14Server_Impl_1219new_handshake_stateENSt3__110unique_ptrINS0_12Handshake_IOENS2_14default_deleteIS4_EEEE: 285| 4.24k|std::unique_ptr Server_Impl_12::new_handshake_state(std::unique_ptr io) { 286| 4.24k| auto state = std::make_unique(std::move(io), callbacks()); 287| 4.24k| state->set_expected_next(Handshake_Type::ClientHello); 288| 4.24k| return state; 289| 4.24k|} _ZN5Botan3TLS14Server_Impl_1224process_client_hello_msgERNS0_22Server_Handshake_StateERKNSt3__16vectorIhNS4_9allocatorIhEEEEb: 360| 12.5k| bool epoch0_restart) { 361| 12.5k| BOTAN_ASSERT_IMPLICATION(epoch0_restart, active_state().has_value(), "Can't restart with a dead connection"); ------------------ | | 103| 12.5k| do { \ | | 104| 12.5k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 105| 12.5k| if((expr1) && !(expr2)) { \ | | ------------------ | | | Branch (105:10): [True: 0, False: 12.5k] | | | Branch (105:21): [True: 0, False: 0] | | ------------------ | | 106| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 107| 0| Botan::assertion_failure(#expr1 " implies " #expr2, msg, __func__, __FILE__, __LINE__); \ | | 108| 0| } \ | | 109| 12.5k| } while(0) | | ------------------ | | | Branch (109:12): [Folded, False: 12.5k] | | ------------------ ------------------ 362| | 363| 12.5k| const bool initial_handshake = epoch0_restart || !active_state().has_value(); ------------------ | Branch (363:35): [True: 0, False: 12.5k] | Branch (363:53): [True: 12.5k, False: 0] ------------------ 364| | 365| 12.5k| if(initial_handshake == false && policy().allow_client_initiated_renegotiation() == false) { ------------------ | Branch (365:7): [True: 0, False: 12.5k] | Branch (365:37): [True: 0, False: 0] ------------------ 366| 0| if(policy().abort_connection_on_undesired_renegotiation()) { ------------------ | Branch (366:10): [True: 0, False: 0] ------------------ 367| 0| throw TLS_Exception(Alert::NoRenegotiation, "Server policy prohibits renegotiation"); 368| 0| } else { 369| 0| send_warning_alert(Alert::NoRenegotiation); 370| 0| } 371| 0| return; 372| 0| } 373| | 374| 12.5k| if(!policy().allow_insecure_renegotiation() && !(initial_handshake || secure_renegotiation_supported())) { ------------------ | Branch (374:7): [True: 12.5k, False: 0] | Branch (374:53): [True: 12.5k, False: 0] | Branch (374:74): [True: 0, False: 0] ------------------ 375| 0| send_warning_alert(Alert::NoRenegotiation); 376| 0| return; 377| 0| } 378| | 379| 12.5k| if(pending_state.handshake_io().have_more_data()) { ------------------ | Branch (379:7): [True: 18, False: 12.5k] ------------------ 380| 18| throw TLS_Exception(Alert::UnexpectedMessage, "Have data remaining in buffer after ClientHello"); 381| 18| } 382| | 383| 12.5k| pending_state.client_hello(std::make_unique(contents)); 384| 12.5k| const Protocol_Version client_offer = pending_state.client_hello()->legacy_version(); 385| 12.5k| const bool datagram = client_offer.is_datagram_protocol(); 386| | 387| 12.5k| if(datagram) { ------------------ | Branch (387:7): [True: 9.19k, False: 3.32k] ------------------ 388| 9.19k| if(client_offer.major_version() == 0xFF) { ------------------ | Branch (388:10): [True: 3, False: 9.19k] ------------------ 389| 3| throw TLS_Exception(Alert::ProtocolVersion, "Client offered DTLS version with major version 0xFF"); 390| 3| } 391| 9.19k| } else { 392| 3.32k| if(client_offer.major_version() < 3) { ------------------ | Branch (392:10): [True: 10, False: 3.31k] ------------------ 393| 10| throw TLS_Exception(Alert::ProtocolVersion, "Client offered TLS version with major version under 3"); 394| 10| } 395| 3.31k| if(client_offer.major_version() == 3 && client_offer.minor_version() == 0) { ------------------ | Branch (395:10): [True: 12, False: 3.30k] | Branch (395:47): [True: 2, False: 10] ------------------ 396| 2| throw TLS_Exception(Alert::ProtocolVersion, "Client offered SSLv3 which is not supported"); 397| 2| } 398| 3.31k| } 399| | 400| | /* 401| | * BoGo test suite expects that we will send the hello verify with a record 402| | * version matching the version that is eventually negotiated. This is wrong 403| | * but harmless, so go with it. Also doing the version negotiation step first 404| | * allows to immediately close the connection with an alert if the client has 405| | * offered a version that we are not going to negotiate anyway, instead of 406| | * making them first do the cookie exchange and then telling them no. 407| | * 408| | * There is no issue with amplification here, since the alert is just 2 bytes. 409| | */ 410| 12.5k| const Protocol_Version negotiated_version = 411| 12.5k| select_version(policy(), 412| 12.5k| client_offer, 413| 12.5k| active_state().has_value() ? active_state()->version() : Protocol_Version(), ------------------ | Branch (413:22): [True: 0, False: 12.5k] ------------------ 414| 12.5k| pending_state.client_hello()->supported_versions()); 415| | 416| 12.5k| pending_state.set_version(negotiated_version); 417| | 418| 12.5k| const auto compression_methods = pending_state.client_hello()->compression_methods(); 419| 12.5k| if(!value_exists(compression_methods, uint8_t(0))) { ------------------ | Branch (419:7): [True: 34, False: 12.4k] ------------------ 420| 34| throw TLS_Exception(Alert::IllegalParameter, "Client did not offer NULL compression"); 421| 34| } 422| | 423| 12.4k| if(initial_handshake && datagram) { ------------------ | Branch (423:7): [True: 12.3k, False: 141] | Branch (423:28): [True: 9.14k, False: 3.18k] ------------------ 424| 9.14k| SymmetricKey cookie_secret; 425| | 426| 9.14k| try { 427| 9.14k| cookie_secret = m_creds->psk("tls-server", "dtls-cookie-secret", ""); 428| 9.14k| } catch(...) {} 429| | 430| 9.14k| if(!cookie_secret.empty()) { ------------------ | Branch (430:10): [True: 9.14k, False: 0] ------------------ 431| 9.14k| const std::string client_identity = callbacks().tls_peer_network_identity(); 432| 9.14k| const Hello_Verify_Request verify( 433| 9.14k| pending_state.client_hello()->cookie_input_data(), client_identity, cookie_secret); 434| | 435| 9.14k| if(!CT::is_equal(pending_state.client_hello()->cookie(), verify.cookie()).as_bool()) { ------------------ | Branch (435:13): [True: 9.14k, False: 1] ------------------ 436| 9.14k| if(epoch0_restart) { ------------------ | Branch (436:16): [True: 0, False: 9.14k] ------------------ 437| 0| pending_state.handshake_io().send_under_epoch(verify, 0); 438| 9.14k| } else { 439| 9.14k| pending_state.handshake_io().send(verify); 440| 9.14k| } 441| | 442| 9.14k| pending_state.client_hello(nullptr); 443| 9.14k| pending_state.set_expected_next(Handshake_Type::ClientHello); 444| 9.14k| return; 445| 9.14k| } 446| 9.14k| } else if(epoch0_restart) { ------------------ | Branch (446:17): [True: 0, False: 0] ------------------ 447| 0| throw TLS_Exception(Alert::HandshakeFailure, "Reuse of DTLS association requires DTLS cookie secret be set"); 448| 0| } 449| 9.14k| } 450| | 451| 3.32k| if(epoch0_restart) { ------------------ | Branch (451:7): [True: 0, False: 3.32k] ------------------ 452| | // If we reached here then we were able to verify the cookie 453| 0| reset_active_association_state(); 454| 0| } 455| | 456| 3.32k| secure_renegotiation_check(pending_state.client_hello()); 457| | 458| | // RFC 7627 / RFC 9325 4.4: optionally require Extended Master Secret 459| 3.32k| if(policy().require_extended_master_secret() && !pending_state.client_hello()->supports_extended_master_secret()) { ------------------ | Branch (459:7): [True: 3.17k, False: 143] | Branch (459:52): [True: 113, False: 3.06k] ------------------ 460| 113| throw TLS_Exception(Alert::HandshakeFailure, 461| 113| "Policy requires the Extended Master Secret extension but the client did not send it"); 462| 113| } 463| | 464| | // RFC 7627 5.3 has an explicit MUST regarding EMS mismatch on resumption 465| | // 466| | // "If the original session used the 'extended_master_secret' 467| | // extension but the new ClientHello does not contain it, the 468| | // server MUST abort the abbreviated handshake." 469| | // 470| | // There is apparently no RFC requirement that a client must not drop EMS between the 471| | // initial negotiation and a renegotiation... but there is also no RFC requirement 472| | // that we must accept it. So we don't. 473| 3.20k| if(const auto& active = active_state()) { ------------------ | Branch (473:19): [True: 0, False: 3.20k] ------------------ 474| 0| const bool ems_pending = pending_state.client_hello()->supports_extended_master_secret(); 475| 0| if(active->supports_extended_master_secret() == true && ems_pending == false) { ------------------ | Branch (475:10): [True: 0, False: 0] | Branch (475:63): [True: 0, False: 0] ------------------ 476| 0| throw TLS_Exception(Alert::HandshakeFailure, 477| 0| "Renegotiation ClientHello dropped the Extended Master Secret extension"); 478| 0| } 479| 0| } 480| | 481| 3.20k| callbacks().tls_examine_extensions( 482| 3.20k| pending_state.client_hello()->extensions(), Connection_Side::Client, Handshake_Type::ClientHello); 483| | 484| 3.20k| const auto session_handle = pending_state.client_hello()->session_handle(); 485| | 486| 3.20k| std::optional session_info; 487| 3.20k| if(pending_state.allow_session_resumption() && session_handle.has_value()) { ------------------ | Branch (487:7): [True: 3.06k, False: 143] | Branch (487:51): [True: 21, False: 3.04k] ------------------ 488| 21| session_info = check_for_resume( 489| 21| session_handle.value(), session_manager(), callbacks(), policy(), pending_state.client_hello()); 490| 21| } 491| | 492| 3.20k| m_next_protocol = ""; 493| 3.20k| if(pending_state.client_hello()->supports_alpn()) { ------------------ | Branch (493:7): [True: 16, False: 3.19k] ------------------ 494| 16| const auto offered = pending_state.client_hello()->next_protocols(); 495| 16| m_next_protocol = callbacks().tls_server_choose_app_protocol(offered); 496| | // RFC 7301 3.2: if a protocol is selected, the server MUST select one 497| | // of the protocols advertised by the client. An empty return signals 498| | // "no ALPN" and is allowed. 499| 16| if(!m_next_protocol.empty() && !value_exists(offered, m_next_protocol)) { ------------------ | Branch (499:10): [True: 16, False: 0] | Branch (499:38): [True: 2, False: 14] ------------------ 500| 2| throw TLS_Exception(Alert::InternalError, "Application chose an ALPN protocol that the client did not offer"); 501| 2| } 502| 16| } 503| | 504| 3.20k| if(session_info.has_value()) { ------------------ | Branch (504:7): [True: 0, False: 3.20k] ------------------ 505| 0| this->session_resume(pending_state, {session_info.value(), session_handle.value()}); 506| 3.20k| } else { 507| | // new session 508| 3.20k| this->session_create(pending_state); 509| 3.20k| } 510| 3.20k|} _ZN5Botan3TLS14Server_Impl_1231process_client_key_exchange_msgERNS0_22Server_Handshake_StateERKNSt3__16vectorIhNS4_9allocatorIhEEEE: 525| 2.26k| const std::vector& contents) { 526| 2.26k| if(pending_state.received_handshake_msg(Handshake_Type::Certificate) && !pending_state.client_certs()->empty()) { ------------------ | Branch (526:7): [True: 0, False: 2.26k] | Branch (526:76): [True: 0, False: 0] ------------------ 527| 0| pending_state.set_expected_next(Handshake_Type::CertificateVerify); 528| 2.26k| } else { 529| 2.26k| pending_state.set_expected_next(Handshake_Type::HandshakeCCS); 530| 2.26k| } 531| | 532| 2.26k| pending_state.client_kex(std::make_unique( 533| 2.26k| contents, pending_state, pending_state.server_rsa_kex_key(), *m_creds, policy(), rng())); 534| | 535| 2.26k| pending_state.compute_session_keys(); 536| 2.26k| if(policy().allow_ssl_key_log_file()) { ------------------ | Branch (536:7): [True: 0, False: 2.26k] ------------------ 537| | // draft-thomson-tls-keylogfile-00 Section 3.2 538| | // An implementation of TLS 1.2 (and also earlier versions) use 539| | // the label "CLIENT_RANDOM" to identify the "master" secret for 540| | // the connection. 541| 0| callbacks().tls_ssl_key_log_data( 542| 0| "CLIENT_RANDOM", pending_state.client_hello()->random(), pending_state.session_keys().master_secret()); 543| 0| } 544| 2.26k|} _ZN5Botan3TLS14Server_Impl_1230process_change_cipher_spec_msgERNS0_22Server_Handshake_StateE: 546| 303|void Server_Impl_12::process_change_cipher_spec_msg(Server_Handshake_State& pending_state) { 547| 303| pending_state.set_expected_next(Handshake_Type::Finished); 548| 303| change_cipher_spec_reader(Connection_Side::Server); 549| 303|} _ZN5Botan3TLS14Server_Impl_1220process_finished_msgERNS0_22Server_Handshake_StateENS0_14Handshake_TypeERKNSt3__16vectorIhNS5_9allocatorIhEEEE: 601| 112| const std::vector& contents) { 602| 112| pending_state.set_expected_next(Handshake_Type::None); 603| | 604| 112| if(pending_state.handshake_io().have_more_data()) { ------------------ | Branch (604:7): [True: 8, False: 104] ------------------ 605| 8| throw TLS_Exception(Alert::UnexpectedMessage, "Have data remaining in buffer after Finished"); 606| 8| } 607| | 608| 104| pending_state.client_finished(std::make_unique(contents)); 609| | 610| 104| if(!pending_state.client_finished()->verify(pending_state, Connection_Side::Client)) { ------------------ | Branch (610:7): [True: 0, False: 104] ------------------ 611| 0| throw TLS_Exception(Alert::DecryptError, "Finished message didn't verify"); 612| 0| } 613| | 614| 104| if(pending_state.server_finished() == nullptr) { ------------------ | Branch (614:7): [True: 104, False: 0] ------------------ 615| | // already sent finished if resuming, so this is a new session 616| | 617| 104| pending_state.hash().update(pending_state.handshake_io().format(contents, type)); 618| | 619| 104| Session session_info(pending_state.session_keys().master_secret(), 620| 104| pending_state.server_hello()->legacy_version(), 621| 104| pending_state.server_hello()->ciphersuite(), 622| 104| Connection_Side::Server, 623| 104| pending_state.server_hello()->supports_extended_master_secret(), 624| 104| pending_state.server_hello()->supports_encrypt_then_mac(), 625| 104| pending_state.peer_cert_chain(), 626| 104| Server_Information(pending_state.client_hello()->sni_hostname()), 627| 104| pending_state.server_hello()->srtp_profile(), 628| 104| callbacks().tls_current_timestamp()); 629| | 630| | // Give the application a chance for a final veto before fully 631| | // establishing the connection. 632| 104| callbacks().tls_session_established([&, this] { 633| 104| Session_Summary summary(session_info, pending_state.is_a_resumption(), external_psk_identity()); 634| 104| summary.set_session_id(pending_state.server_hello()->session_id()); 635| 104| return summary; 636| 104| }()); 637| | 638| 104| if(callbacks().tls_should_persist_resumption_information(session_info)) { ------------------ | Branch (638:10): [True: 104, False: 0] ------------------ 639| 104| auto handle = session_manager().establish(session_info, 640| 104| pending_state.server_hello()->session_id(), 641| 104| !pending_state.server_hello()->supports_session_ticket()); 642| | 643| 104| if(pending_state.server_hello()->supports_session_ticket() && handle.has_value() && handle->is_ticket()) { ------------------ | Branch (643:13): [True: 0, False: 104] | Branch (643:72): [True: 0, False: 0] | Branch (643:94): [True: 0, False: 0] ------------------ 644| 0| pending_state.new_session_ticket(std::make_unique( 645| 0| pending_state.handshake_io(), 646| 0| pending_state.hash(), 647| 0| handle->ticket().value(), 648| 0| static_cast(policy().session_ticket_lifetime().count()))); 649| 0| } 650| 104| } 651| | 652| 104| if(pending_state.new_session_ticket() == nullptr && pending_state.server_hello()->supports_session_ticket()) { ------------------ | Branch (652:10): [True: 104, False: 0] | Branch (652:59): [True: 0, False: 104] ------------------ 653| 0| pending_state.new_session_ticket( 654| 0| std::make_unique(pending_state.handshake_io(), pending_state.hash())); 655| 0| } 656| | 657| 104| pending_state.handshake_io().send(Change_Cipher_Spec()); 658| | 659| 104| change_cipher_spec_writer(Connection_Side::Server); 660| | 661| 104| pending_state.server_finished( 662| 104| std::make_unique(pending_state.handshake_io(), pending_state, Connection_Side::Server)); 663| 104| } 664| | 665| 104| activate_session(); 666| 104|} _ZN5Botan3TLS14Server_Impl_1221process_handshake_msgERNS0_15Handshake_StateENS0_14Handshake_TypeERKNSt3__16vectorIhNS5_9allocatorIhEEEEb: 674| 15.2k| bool epoch0_restart) { 675| 15.2k| Server_Handshake_State& state = dynamic_cast(state_base); 676| 15.2k| state.confirm_transition_to(type); 677| | 678| | /* 679| | * The change cipher spec message isn't technically a handshake 680| | * message so it's not included in the hash. The finished and 681| | * certificate verify messages are verified based on the current 682| | * state of the hash *before* this message so we delay adding them 683| | * to the hash computation until we've processed them below. 684| | */ 685| 15.2k| if(type != Handshake_Type::HandshakeCCS && type != Handshake_Type::Finished && ------------------ | Branch (685:7): [True: 14.9k, False: 369] | Branch (685:47): [True: 14.8k, False: 112] ------------------ 686| 14.8k| type != Handshake_Type::CertificateVerify) { ------------------ | Branch (686:7): [True: 14.8k, False: 0] ------------------ 687| 14.8k| state.hash().update(state.handshake_io().format(contents, type)); 688| 14.8k| } 689| | 690| 15.2k| switch(type) { 691| 12.5k| case Handshake_Type::ClientHello: ------------------ | Branch (691:7): [True: 12.5k, False: 2.74k] ------------------ 692| 12.5k| return this->process_client_hello_msg(state, contents, epoch0_restart); 693| | 694| 0| case Handshake_Type::Certificate: ------------------ | Branch (694:7): [True: 0, False: 15.2k] ------------------ 695| 0| return this->process_certificate_msg(state, contents); 696| | 697| 2.26k| case Handshake_Type::ClientKeyExchange: ------------------ | Branch (697:7): [True: 2.26k, False: 13.0k] ------------------ 698| 2.26k| return this->process_client_key_exchange_msg(state, contents); 699| | 700| 0| case Handshake_Type::CertificateVerify: ------------------ | Branch (700:7): [True: 0, False: 15.2k] ------------------ 701| 0| return this->process_certificate_verify_msg(state, type, contents); 702| | 703| 303| case Handshake_Type::HandshakeCCS: ------------------ | Branch (703:7): [True: 303, False: 14.9k] ------------------ 704| 303| return this->process_change_cipher_spec_msg(state); 705| | 706| 112| case Handshake_Type::Finished: ------------------ | Branch (706:7): [True: 112, False: 15.1k] ------------------ 707| 112| return this->process_finished_msg(state, type, contents); 708| | 709| 0| default: ------------------ | Branch (709:7): [True: 0, False: 15.2k] ------------------ 710| 0| throw Unexpected_Message("Unknown handshake message received"); 711| 15.2k| } 712| 15.2k|} _ZN5Botan3TLS14Server_Impl_1214session_createERNS0_22Server_Handshake_StateE: 787| 3.06k|void Server_Impl_12::session_create(Server_Handshake_State& pending_state) { 788| 3.06k| std::map> cert_chains; 789| | 790| 3.06k| const std::string sni_hostname = pending_state.client_hello()->sni_hostname(); 791| | 792| | // RFC 8446 1.3 793| | // The "signature_algorithms_cert" extension allows a client to indicate 794| | // which signature algorithms it can validate in X.509 certificates. 795| | // 796| | // RFC 8446 4.2.3 797| | // TLS 1.2 implementations SHOULD also process this extension. 798| 3.06k| const auto cert_signature_schemes = pending_state.client_hello()->certificate_signature_schemes(); 799| 3.06k| cert_chains = get_server_certs(sni_hostname, cert_signature_schemes, *m_creds); 800| | 801| 3.06k| if(!sni_hostname.empty() && cert_chains.empty()) { ------------------ | Branch (801:7): [True: 1, False: 3.06k] | Branch (801:32): [True: 0, False: 1] ------------------ 802| 0| cert_chains = get_server_certs("", cert_signature_schemes, *m_creds); 803| | 804| | /* 805| | * Only send the unrecognized_name alert if we couldn't 806| | * find any certs for the requested name but did find at 807| | * least one cert to use in general. That avoids sending an 808| | * unrecognized_name when a server is configured for purely 809| | * anonymous/PSK operation. 810| | */ 811| 0| if(!cert_chains.empty()) { ------------------ | Branch (811:10): [True: 0, False: 0] ------------------ 812| 0| send_warning_alert(Alert::UnrecognizedName); 813| 0| } 814| 0| } 815| | 816| 3.06k| const uint16_t ciphersuite = 817| 3.06k| choose_ciphersuite(policy(), pending_state.version(), cert_chains, *pending_state.client_hello()); 818| | 819| 3.06k| const Server_Hello_12::Settings srv_settings(Session_ID(make_hello_random(rng(), callbacks(), policy())), 820| 3.06k| pending_state.version(), 821| 3.06k| ciphersuite, 822| 3.06k| session_manager().emits_session_tickets()); 823| | 824| 3.06k| pending_state.server_hello(std::make_unique(pending_state.handshake_io(), 825| 3.06k| pending_state.hash(), 826| 3.06k| policy(), 827| 3.06k| callbacks(), 828| 3.06k| rng(), 829| 3.06k| secure_renegotiation_data_for_server_hello(), 830| 3.06k| *pending_state.client_hello(), 831| 3.06k| srv_settings, 832| 3.06k| m_next_protocol)); 833| | 834| 3.06k| secure_renegotiation_check(pending_state.server_hello()); 835| | 836| 3.06k| const Ciphersuite& pending_suite = pending_state.ciphersuite(); 837| | 838| 3.06k| std::shared_ptr private_key; 839| | 840| 3.06k| if(pending_suite.is_certificate_required()) { ------------------ | Branch (840:7): [True: 3, False: 3.06k] ------------------ 841| 3| const std::string algo_used = pending_suite.signature_used() ? pending_suite.sig_algo() : "RSA"; ------------------ | Branch (841:37): [True: 3, False: 0] ------------------ 842| | 843| 3| BOTAN_ASSERT(!cert_chains[algo_used].empty(), "Attempting to send empty certificate chain"); ------------------ | | 64| 3| do { \ | | 65| 3| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 3| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 3] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 3| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 3] | | ------------------ ------------------ 844| | 845| 3| pending_state.server_certs( 846| 3| std::make_unique(pending_state.handshake_io(), pending_state.hash(), cert_chains[algo_used])); 847| | 848| 3| if(pending_state.client_hello()->supports_cert_status_message() && pending_state.is_a_resumption() == false) { ------------------ | Branch (848:10): [True: 1, False: 2] | Branch (848:74): [True: 1, False: 0] ------------------ 849| 1| auto* csr = pending_state.client_hello()->extensions().get(); 850| | // csr is non-null if client_hello()->supports_cert_status_message() 851| 1| BOTAN_ASSERT_NOMSG(csr != nullptr); ------------------ | | 77| 1| do { \ | | 78| 1| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 1| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 1] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 1| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 1] | | ------------------ ------------------ 852| 1| const auto resp_bytes = callbacks().tls_provide_cert_status(cert_chains[algo_used], *csr); 853| 1| if(!resp_bytes.empty()) { ------------------ | Branch (853:13): [True: 0, False: 1] ------------------ 854| 0| pending_state.server_cert_status( 855| 0| std::make_unique(pending_state.handshake_io(), pending_state.hash(), resp_bytes)); 856| 0| } 857| 1| } 858| | 859| 3| private_key = m_creds->private_key_for(pending_state.server_certs()->cert_chain()[0], "tls-server", sni_hostname); 860| | 861| 3| if(!private_key) { ------------------ | Branch (861:10): [True: 3, False: 0] ------------------ 862| 3| throw Internal_Error("No private key located for associated server cert"); 863| 3| } 864| 3| } 865| | 866| 3.06k| if(pending_suite.kex_method() == Kex_Algo::STATIC_RSA) { ------------------ | Branch (866:7): [True: 0, False: 3.06k] ------------------ 867| 0| pending_state.set_server_rsa_kex_key(private_key); 868| 3.06k| } else { 869| 3.06k| pending_state.server_kex(std::make_unique( 870| 3.06k| pending_state.handshake_io(), pending_state, policy(), *m_creds, rng(), private_key.get())); 871| 3.06k| } 872| | 873| 3.06k| auto trusted_CAs = m_creds->trusted_certificate_authorities("tls-server", sni_hostname); 874| | 875| 3.06k| std::vector client_auth_CAs; 876| | 877| 3.06k| for(auto* store : trusted_CAs) { ------------------ | Branch (877:20): [True: 0, False: 3.06k] ------------------ 878| 0| auto subjects = store->all_subjects(); 879| 0| client_auth_CAs.insert(client_auth_CAs.end(), subjects.begin(), subjects.end()); 880| 0| } 881| | 882| 3.06k| const bool request_cert = (client_auth_CAs.empty() == false) || policy().request_client_certificate_authentication(); ------------------ | Branch (882:30): [True: 172, False: 2.88k] | Branch (882:68): [True: 0, False: 2.88k] ------------------ 883| | 884| | // RFC 5246 7.4.4: supported_signature_algorithms<2..2^16-2> 885| | // Without at least one acceptable scheme we cannot construct a valid 886| | // CertificateRequest, so client cert auth is unreachable regardless. 887| 3.06k| const bool can_request_cert = !policy().acceptable_signature_schemes().empty(); 888| | 889| 3.06k| if(request_cert && can_request_cert && pending_state.ciphersuite().is_certificate_required()) { ------------------ | Branch (889:7): [True: 0, False: 3.06k] | Branch (889:23): [True: 0, False: 0] | Branch (889:43): [True: 0, False: 0] ------------------ 890| 0| pending_state.cert_req(std::make_unique( 891| 0| pending_state.handshake_io(), pending_state.hash(), policy(), client_auth_CAs)); 892| | 893| | /* 894| | SSLv3 allowed clients to skip the Certificate message entirely 895| | if they wanted. In TLS v1.0 and later clients must send a 896| | (possibly empty) Certificate message 897| | */ 898| 0| pending_state.set_expected_next(Handshake_Type::Certificate); 899| 3.06k| } else { 900| 3.06k| pending_state.set_expected_next(Handshake_Type::ClientKeyExchange); 901| 3.06k| } 902| | 903| 3.06k| pending_state.server_hello_done( 904| 3.06k| std::make_unique(pending_state.handshake_io(), pending_state.hash())); 905| 3.06k|} tls_server_impl_12.cpp:_ZN5Botan3TLS12_GLOBAL__N_114select_versionERKNS0_6PolicyENS0_16Protocol_VersionES5_RKNSt3__16vectorIS5_NS6_9allocatorIS5_EEEE: 305| 12.4k| const std::vector& supported_versions) { 306| 12.4k| const bool is_datagram = client_offer.is_datagram_protocol(); 307| 12.4k| const bool initial_handshake = (active_version.valid() == false); 308| | 309| 12.4k| if(!supported_versions.empty()) { ------------------ | Branch (309:7): [True: 421, False: 11.9k] ------------------ 310| 421| if(is_datagram) { ------------------ | Branch (310:10): [True: 406, False: 15] ------------------ 311| 406| if(policy.allow_dtls12() && value_exists(supported_versions, Protocol_Version(Protocol_Version::DTLS_V12))) { ------------------ | Branch (311:13): [True: 406, False: 0] | Branch (311:13): [True: 380, False: 26] | Branch (311:38): [True: 380, False: 26] ------------------ 312| 380| return Protocol_Version::DTLS_V12; 313| 380| } 314| 26| throw TLS_Exception(Alert::ProtocolVersion, "No shared DTLS version"); 315| 406| } else { 316| 15| if(policy.allow_tls12() && value_exists(supported_versions, Protocol_Version(Protocol_Version::TLS_V12))) { ------------------ | Branch (316:13): [True: 15, False: 0] | Branch (316:13): [True: 5, False: 10] | Branch (316:37): [True: 5, False: 10] ------------------ 317| 5| return Protocol_Version::TLS_V12; 318| 5| } 319| 10| throw TLS_Exception(Alert::ProtocolVersion, "No shared TLS version"); 320| 15| } 321| 421| } 322| | 323| 11.9k| if(!initial_handshake) { ------------------ | Branch (323:7): [True: 0, False: 11.9k] ------------------ 324| | /* 325| | * If this is a renegotiation, and the client has offered a 326| | * later version than what it initially negotiated, negotiate 327| | * the old version. This matches OpenSSL's behavior. If the 328| | * client is offering a version earlier than what it initially 329| | * negotiated, reject as a probable attack. 330| | */ 331| 0| if(active_version > client_offer) { ------------------ | Branch (331:10): [True: 0, False: 0] ------------------ 332| 0| throw TLS_Exception( 333| 0| Alert::ProtocolVersion, 334| 0| "Client negotiated " + active_version.to_string() + " then renegotiated with " + client_offer.to_string()); 335| 0| } else { 336| 0| return active_version; 337| 0| } 338| 0| } 339| | 340| 11.9k| if(is_datagram) { ------------------ | Branch (340:7): [True: 8.78k, False: 3.20k] ------------------ 341| 8.78k| if(policy.allow_dtls12() && client_offer >= Protocol_Version::DTLS_V12) { ------------------ | Branch (341:10): [True: 8.78k, False: 0] | Branch (341:10): [True: 8.77k, False: 6] | Branch (341:35): [True: 8.77k, False: 6] ------------------ 342| 8.77k| return Protocol_Version::DTLS_V12; 343| 8.77k| } 344| 8.78k| } else { 345| 3.20k| if(policy.allow_tls12() && client_offer >= Protocol_Version::TLS_V12) { ------------------ | Branch (345:10): [True: 3.20k, False: 0] | Branch (345:10): [True: 3.20k, False: 1] | Branch (345:34): [True: 3.20k, False: 1] ------------------ 346| 3.20k| return Protocol_Version::TLS_V12; 347| 3.20k| } 348| 3.20k| } 349| | 350| 7| throw TLS_Exception(Alert::ProtocolVersion, 351| 7| "Client version " + client_offer.to_string() + " is unacceptable by policy"); 352| 11.9k|} _ZNK5Botan3TLS22Server_Handshake_State24allow_session_resumptionEv: 34| 3.06k| bool allow_session_resumption() const { return m_allow_session_resumption; } tls_server_impl_12.cpp:_ZN5Botan3TLS12_GLOBAL__N_116check_for_resumeERKNS0_14Session_HandleERNS0_15Session_ManagerERNS0_9CallbacksERKNS0_6PolicyEPKNS0_15Client_Hello_12E: 79| 21| const Client_Hello_12* client_hello) { 80| 21| auto session = session_manager.retrieve(handle_to_resume, cb, policy); 81| 21| if(!session.has_value()) { ------------------ | Branch (81:7): [True: 21, False: 0] ------------------ 82| 21| return std::nullopt; 83| 21| } 84| | 85| | // wrong version 86| 0| if(client_hello->legacy_version() != session->version()) { ------------------ | Branch (86:7): [True: 0, False: 0] ------------------ 87| 0| return std::nullopt; 88| 0| } 89| | 90| | // client didn't send original ciphersuite 91| 0| if(!value_exists(client_hello->ciphersuites(), session->ciphersuite_code())) { ------------------ | Branch (91:7): [True: 0, False: 0] ------------------ 92| 0| return std::nullopt; 93| 0| } 94| | 95| | // client sent a different SNI hostname 96| 0| if(!client_hello->sni_hostname().empty() && client_hello->sni_hostname() != session->server_info().hostname()) { ------------------ | Branch (96:7): [True: 0, False: 0] | Branch (96:7): [True: 0, False: 0] | Branch (96:48): [True: 0, False: 0] ------------------ 97| 0| return std::nullopt; 98| 0| } 99| | 100| | // Checking extended_master_secret on resume (RFC 7627 section 5.3) 101| 0| if(client_hello->supports_extended_master_secret() != session->supports_extended_master_secret()) { ------------------ | Branch (101:7): [True: 0, False: 0] ------------------ 102| 0| if(!session->supports_extended_master_secret()) { ------------------ | Branch (102:10): [True: 0, False: 0] ------------------ 103| 0| return std::nullopt; // force new handshake with extended master secret 104| 0| } else { 105| | /* 106| | Client previously negotiated session with extended master secret, 107| | but has now attempted to resume without the extension: abort 108| | */ 109| 0| throw TLS_Exception(Alert::HandshakeFailure, "Client resumed extended ms session without sending extension"); 110| 0| } 111| 0| } 112| | 113| | // Checking encrypt_then_mac on resume (RFC 7366 section 3.1) 114| 0| if(!client_hello->supports_encrypt_then_mac() && session->supports_encrypt_then_mac()) { ------------------ | Branch (114:7): [True: 0, False: 0] | Branch (114:53): [True: 0, False: 0] ------------------ 115| | /* 116| | Client previously negotiated session with Encrypt-then-MAC, 117| | but has now attempted to resume without the extension: abort 118| | */ 119| 0| throw TLS_Exception(Alert::HandshakeFailure, "Client resumed Encrypt-then-MAC session without sending extension"); 120| 0| } 121| | 122| 0| return session; 123| 0|} _ZN5Botan3TLS22Server_Handshake_State18server_rsa_kex_keyEv: 30| 2.26k| Private_Key* server_rsa_kex_key() { return m_server_rsa_kex_key.get(); } _ZNK5Botan3TLS22Server_Handshake_State15peer_cert_chainEv: 48| 208| std::vector peer_cert_chain() const override { 49| 208| if(!m_resume_peer_certs.empty()) { ------------------ | Branch (49:13): [True: 0, False: 208] ------------------ 50| 0| return m_resume_peer_certs; 51| 0| } 52| 208| if(client_certs() != nullptr) { ------------------ | Branch (52:13): [True: 0, False: 208] ------------------ 53| 0| return client_certs()->cert_chain(); 54| 0| } 55| 208| return {}; 56| 208| } tls_server_impl_12.cpp:_ZZN5Botan3TLS14Server_Impl_1220process_finished_msgERNS0_22Server_Handshake_StateENS0_14Handshake_TypeERKNSt3__16vectorIhNS5_9allocatorIhEEEEENK3$_0clEv: 632| 104| callbacks().tls_session_established([&, this] { 633| 104| Session_Summary summary(session_info, pending_state.is_a_resumption(), external_psk_identity()); 634| 104| summary.set_session_id(pending_state.server_hello()->session_id()); 635| 104| return summary; 636| 104| }()); tls_server_impl_12.cpp:_ZN5Botan3TLS12_GLOBAL__N_116get_server_certsENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEERKNS2_6vectorINS0_16Signature_SchemeENS2_9allocatorIS8_EEEERNS_19Credentials_ManagerE: 245| 3.06k| std::string_view hostname, const std::vector& cert_sig_schemes, Credentials_Manager& creds) { 246| 3.06k| const std::vector cert_types = {"RSA", "ECDSA"}; 247| | 248| 3.06k| std::map> cert_chains; 249| | 250| 6.12k| for(const auto& cert_type : cert_types) { ------------------ | Branch (250:30): [True: 6.12k, False: 3.06k] ------------------ 251| 6.12k| const std::vector certs = creds.cert_chain_single_type( 252| 6.12k| cert_type, to_algorithm_identifiers(cert_sig_schemes), "tls-server", std::string(hostname)); 253| | 254| 6.12k| if(!certs.empty()) { ------------------ | Branch (254:10): [True: 3.06k, False: 3.06k] ------------------ 255| 3.06k| cert_chains[cert_type] = certs; 256| 3.06k| } 257| 6.12k| } 258| | 259| 3.06k| return cert_chains; 260| 3.06k|} tls_server_impl_12.cpp:_ZN5Botan3TLS12_GLOBAL__N_118choose_ciphersuiteERKNS0_6PolicyENS0_16Protocol_VersionERKNSt3__13mapINS6_12basic_stringIcNS6_11char_traitsIcEENS6_9allocatorIcEEEENS6_6vectorINS_16X509_CertificateENSB_ISF_EEEENS6_4lessISD_EENSB_INS6_4pairIKSD_SH_EEEEEERKNS0_15Client_Hello_12E: 131| 3.06k| const Client_Hello_12& client_hello) { 132| 3.06k| const bool our_choice = policy.server_uses_own_ciphersuite_preferences(); 133| 3.06k| const std::vector& client_suites = client_hello.ciphersuites(); 134| 3.06k| const std::vector server_suites = policy.ciphersuite_list(version); 135| | 136| 3.06k| if(server_suites.empty()) { ------------------ | Branch (136:7): [True: 0, False: 3.06k] ------------------ 137| 0| throw TLS_Exception(Alert::HandshakeFailure, "Policy forbids us from negotiating any ciphersuite"); 138| 0| } 139| | 140| 3.06k| const bool have_shared_ecc_curve = 141| 3.06k| (policy.choose_key_exchange_group(client_hello.supported_ecc_curves(), {}) != Group_Params::NONE); 142| | 143| 3.06k| const bool client_supports_ffdhe_groups = !client_hello.supported_dh_groups().empty(); 144| | 145| 3.06k| const bool have_shared_dh_group = 146| 3.06k| (policy.choose_key_exchange_group(client_hello.supported_dh_groups(), {}) != Group_Params::NONE); 147| | 148| 3.06k| const std::unordered_set client_suite_set(client_suites.begin(), client_suites.end()); 149| | 150| 3.06k| const std::vector allowed_sig_schemes = policy.allowed_signature_schemes(); 151| 3.06k| const std::vector client_sig_methods = client_hello.signature_schemes(); 152| | 153| | // Algorithm names (eg "RSA", "ECDSA") for which the client offered at least 154| | // one signature_scheme that is available, is in our policy, and uses a hash we accept. 155| 3.06k| const std::unordered_set client_sig_algs = [&] { 156| 3.06k| std::unordered_set allowed_codes; 157| 3.06k| allowed_codes.reserve(allowed_sig_schemes.size()); 158| 3.06k| for(auto s : allowed_sig_schemes) { 159| 3.06k| allowed_codes.insert(static_cast(s.wire_code())); 160| 3.06k| } 161| 3.06k| std::unordered_set result; 162| 3.06k| for(const Signature_Scheme scheme : client_sig_methods) { 163| 3.06k| if(!scheme.is_available()) { 164| 3.06k| continue; 165| 3.06k| } 166| 3.06k| if(!allowed_codes.contains(static_cast(scheme.wire_code()))) { 167| 3.06k| continue; 168| 3.06k| } 169| 3.06k| if(!policy.allowed_signature_hash(scheme.hash_function_name())) { 170| 3.06k| continue; 171| 3.06k| } 172| 3.06k| result.insert(scheme.algorithm_name()); 173| 3.06k| } 174| 3.06k| return result; 175| 3.06k| }(); 176| | 177| | /* 178| | Walk down one list in preference order 179| | */ 180| 3.06k| const std::vector& pref_list = our_choice ? server_suites : client_suites; ------------------ | Branch (180:45): [True: 3.06k, False: 0] ------------------ 181| | 182| 3.06k| auto in_other_list = [&](uint16_t suite_id) { 183| | // server_suites is small and policy-controlled 184| 3.06k| return our_choice ? client_suite_set.contains(suite_id) : value_exists(server_suites, suite_id); 185| 3.06k| }; 186| | 187| 166k| for(auto suite_id : pref_list) { ------------------ | Branch (187:22): [True: 166k, False: 172] ------------------ 188| 166k| if(!in_other_list(suite_id)) { ------------------ | Branch (188:10): [True: 163k, False: 3.06k] ------------------ 189| 163k| continue; 190| 163k| } 191| | 192| 3.06k| const auto suite = Ciphersuite::by_id(suite_id); 193| | 194| 3.06k| if(!suite.has_value() || !suite->valid()) { ------------------ | Branch (194:10): [True: 0, False: 3.06k] | Branch (194:32): [True: 0, False: 3.06k] ------------------ 195| 0| continue; 196| 0| } 197| | 198| 3.06k| if(have_shared_ecc_curve == false && suite->ecc_ciphersuite()) { ------------------ | Branch (198:10): [True: 164, False: 2.89k] | Branch (198:44): [True: 38, False: 126] ------------------ 199| 38| continue; 200| 38| } 201| | 202| 3.02k| if(suite->kex_method() == Kex_Algo::DH && client_supports_ffdhe_groups && !have_shared_dh_group) { ------------------ | Branch (202:10): [True: 37, False: 2.98k] | Branch (202:49): [True: 20, False: 17] | Branch (202:81): [True: 8, False: 12] ------------------ 203| 8| continue; 204| 8| } 205| | 206| | // For non-anon ciphersuites 207| 3.01k| if(suite->is_certificate_required()) { ------------------ | Branch (207:10): [True: 125, False: 2.88k] ------------------ 208| 125| const std::string cert_algo = suite->signature_used() ? suite->sig_algo() : "RSA"; ------------------ | Branch (208:40): [True: 109, False: 16] ------------------ 209| | 210| | // Do we have any certificates for this sig? 211| 125| if(!cert_chains.contains(cert_algo)) { ------------------ | Branch (211:13): [True: 111, False: 14] ------------------ 212| 111| continue; 213| 111| } 214| 125| } 215| | 216| 2.90k| if(suite->signature_used()) { ------------------ | Branch (216:10): [True: 14, False: 2.88k] ------------------ 217| | // The client's signature_algorithms list might not include a scheme 218| | // matching this suite's sig_algo (e.g. the client offered ECDSA 219| | // schemes but we're considering an RSA suite). That's just a 220| | // mismatch on this candidate, not a handshake-fatal condition - try 221| | // the next suite. The final "Can't agree on a ciphersuite" throw 222| | // below fires only if no candidate works. 223| 14| if(!client_sig_algs.contains(suite->sig_algo())) { ------------------ | Branch (223:13): [True: 11, False: 3] ------------------ 224| 11| continue; 225| 11| } 226| 14| } 227| | 228| 2.89k| return suite_id; 229| 2.90k| } 230| | 231| | // RFC 7919 Section 4. 232| | // If the [Supported Groups] extension is present 233| | // with FFDHE groups, none of the client’s offered groups are acceptable 234| | // by the server, and none of the client’s proposed non-FFDHE cipher 235| | // suites are acceptable to the server, the server MUST end the 236| | // connection with a fatal TLS alert of type insufficient_security(71). 237| 172| if(client_supports_ffdhe_groups && !have_shared_dh_group) { ------------------ | Branch (237:7): [True: 38, False: 134] | Branch (237:39): [True: 23, False: 15] ------------------ 238| 23| throw TLS_Exception(Alert::InsufficientSecurity, "Can't agree on a sufficiently strong ciphersuite with client"); 239| 23| } 240| | 241| 149| throw TLS_Exception(Alert::HandshakeFailure, "Can't agree on a ciphersuite with client"); 242| 172|} tls_server_impl_12.cpp:_ZZN5Botan3TLS12_GLOBAL__N_118choose_ciphersuiteERKNS0_6PolicyENS0_16Protocol_VersionERKNSt3__13mapINS6_12basic_stringIcNS6_11char_traitsIcEENS6_9allocatorIcEEEENS6_6vectorINS_16X509_CertificateENSB_ISF_EEEENS6_4lessISD_EENSB_INS6_4pairIKSD_SH_EEEEEERKNS0_15Client_Hello_12EENK3$_0clEv: 155| 3.06k| const std::unordered_set client_sig_algs = [&] { 156| 3.06k| std::unordered_set allowed_codes; 157| 3.06k| allowed_codes.reserve(allowed_sig_schemes.size()); 158| 27.5k| for(auto s : allowed_sig_schemes) { ------------------ | Branch (158:18): [True: 27.5k, False: 3.06k] ------------------ 159| 27.5k| allowed_codes.insert(static_cast(s.wire_code())); 160| 27.5k| } 161| 3.06k| std::unordered_set result; 162| 16.7k| for(const Signature_Scheme scheme : client_sig_methods) { ------------------ | Branch (162:41): [True: 16.7k, False: 3.06k] ------------------ 163| 16.7k| if(!scheme.is_available()) { ------------------ | Branch (163:13): [True: 13.3k, False: 3.34k] ------------------ 164| 13.3k| continue; 165| 13.3k| } 166| 3.34k| if(!allowed_codes.contains(static_cast(scheme.wire_code()))) { ------------------ | Branch (166:13): [True: 0, False: 3.34k] ------------------ 167| 0| continue; 168| 0| } 169| 3.34k| if(!policy.allowed_signature_hash(scheme.hash_function_name())) { ------------------ | Branch (169:13): [True: 0, False: 3.34k] ------------------ 170| 0| continue; 171| 0| } 172| 3.34k| result.insert(scheme.algorithm_name()); 173| 3.34k| } 174| 3.06k| return result; 175| 3.06k| }(); tls_server_impl_12.cpp:_ZZN5Botan3TLS12_GLOBAL__N_118choose_ciphersuiteERKNS0_6PolicyENS0_16Protocol_VersionERKNSt3__13mapINS6_12basic_stringIcNS6_11char_traitsIcEENS6_9allocatorIcEEEENS6_6vectorINS_16X509_CertificateENSB_ISF_EEEENS6_4lessISD_EENSB_INS6_4pairIKSD_SH_EEEEEERKNS0_15Client_Hello_12EENK3$_1clEt: 182| 166k| auto in_other_list = [&](uint16_t suite_id) { 183| | // server_suites is small and policy-controlled 184| 166k| return our_choice ? client_suite_set.contains(suite_id) : value_exists(server_suites, suite_id); ------------------ | Branch (184:14): [True: 166k, False: 0] ------------------ 185| 166k| }; _ZNK5Botan3TLS22Server_Handshake_State15is_a_resumptionEv: 46| 105| bool is_a_resumption() const { return m_is_a_resumption; } _ZN5Botan3TLS22Server_Handshake_StateC2ENSt3__110unique_ptrINS0_12Handshake_IOENS2_14default_deleteIS4_EEEERNS0_9CallbacksE: 28| 4.24k| Server_Handshake_State(std::unique_ptr io, Callbacks& cb) : Handshake_State(std::move(io), cb) {} _ZN5Botan3TLS12Session_KeysC2EPKNS0_15Handshake_StateERKNSt3__16vectorIhNS_16secure_allocatorIhEEEEb: 22| 1.35k| bool resuming) { 23| 1.35k| BOTAN_ASSERT_NONNULL(state); ------------------ | | 116| 1.35k| do { \ | | 117| 1.35k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 1.35k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 1.35k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 1.35k] | | ------------------ ------------------ 24| 1.35k| BOTAN_ASSERT_NONNULL(state->client_hello()); ------------------ | | 116| 1.35k| do { \ | | 117| 1.35k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 1.35k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 1.35k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 1.35k] | | ------------------ ------------------ 25| 1.35k| BOTAN_ASSERT_NONNULL(state->server_hello()); ------------------ | | 116| 1.35k| do { \ | | 117| 1.35k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 1.35k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 1.35k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 1.35k] | | ------------------ ------------------ 26| | 27| 1.35k| const auto& suite = state->ciphersuite(); 28| 1.35k| BOTAN_STATE_CHECK(suite.valid()); ------------------ | | 51| 1.35k| do { \ | | 52| 1.35k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 1.35k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 1.35k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 1.35k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 1.35k] | | ------------------ ------------------ 29| | 30| 1.35k| const size_t cipher_keylen = suite.cipher_keylen(); 31| 1.35k| const size_t mac_keylen = suite.mac_keylen(); 32| 1.35k| const size_t cipher_nonce_bytes = suite.nonce_bytes_from_handshake(); 33| | 34| 1.35k| const bool extended_master_secret = state->server_hello()->supports_extended_master_secret(); 35| | 36| 1.35k| const size_t prf_gen = 2 * (mac_keylen + cipher_keylen + cipher_nonce_bytes); 37| | 38| 1.35k| const uint8_t MASTER_SECRET_MAGIC[] = {0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74}; 39| | 40| 1.35k| const uint8_t EXT_MASTER_SECRET_MAGIC[] = {0x65, 0x78, 0x74, 0x65, 0x6E, 0x64, 0x65, 0x64, 0x20, 0x6D, 0x61, 41| 1.35k| 0x73, 0x74, 0x65, 0x72, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74}; 42| | 43| 1.35k| const uint8_t KEY_GEN_MAGIC[] = {0x6B, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6E, 0x73, 0x69, 0x6F, 0x6E}; 44| | 45| 1.35k| auto prf = state->protocol_specific_prf(); 46| | 47| 1.35k| if(resuming) { ------------------ | Branch (47:7): [True: 0, False: 1.35k] ------------------ 48| | // This is actually the master secret saved as part of the session 49| 0| m_master_sec = pre_master_secret; 50| 1.35k| } else { 51| 1.35k| std::vector salt; 52| 1.35k| std::vector label; 53| 1.35k| if(extended_master_secret) { ------------------ | Branch (53:10): [True: 1.35k, False: 0] ------------------ 54| 1.35k| label.assign(EXT_MASTER_SECRET_MAGIC, EXT_MASTER_SECRET_MAGIC + sizeof(EXT_MASTER_SECRET_MAGIC)); 55| 1.35k| salt += state->hash().final(suite.prf_algo()); 56| 1.35k| } else { 57| 0| label.assign(MASTER_SECRET_MAGIC, MASTER_SECRET_MAGIC + sizeof(MASTER_SECRET_MAGIC)); 58| 0| salt += state->client_hello()->random(); 59| 0| salt += state->server_hello()->random(); 60| 0| } 61| | 62| 1.35k| m_master_sec = prf->derive_key(48, pre_master_secret, salt, label); 63| 1.35k| } 64| | 65| 1.35k| std::vector salt; 66| 1.35k| std::vector label; 67| 1.35k| label.assign(KEY_GEN_MAGIC, KEY_GEN_MAGIC + sizeof(KEY_GEN_MAGIC)); 68| 1.35k| salt += state->server_hello()->random(); 69| 1.35k| salt += state->client_hello()->random(); 70| | 71| 1.35k| const secure_vector prf_output = prf->derive_key( 72| 1.35k| prf_gen, m_master_sec.data(), m_master_sec.size(), salt.data(), salt.size(), label.data(), label.size()); 73| | 74| 1.35k| const uint8_t* key_data = prf_output.data(); 75| | 76| 1.35k| m_c_aead.resize(mac_keylen + cipher_keylen); 77| 1.35k| m_s_aead.resize(mac_keylen + cipher_keylen); 78| | 79| | // NOLINTBEGIN(readability-container-data-pointer) 80| 1.35k| copy_mem(&m_c_aead[0], key_data, mac_keylen); 81| 1.35k| copy_mem(&m_s_aead[0], key_data + mac_keylen, mac_keylen); 82| | // NOLINTEND(readability-container-data-pointer) 83| | 84| | // Key is not used for NULL suites 85| 1.35k| if(cipher_keylen > 0) { ------------------ | Branch (85:7): [True: 1.35k, False: 0] ------------------ 86| 1.35k| copy_mem(&m_c_aead[mac_keylen], key_data + 2 * mac_keylen, cipher_keylen); 87| 1.35k| copy_mem(&m_s_aead[mac_keylen], key_data + 2 * mac_keylen + cipher_keylen, cipher_keylen); 88| 1.35k| } else { 89| 0| BOTAN_STATE_CHECK(suite.null_ciphersuite()); ------------------ | | 51| 0| do { \ | | 52| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 0| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 0] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 0| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 0] | | ------------------ ------------------ 90| 0| } 91| | 92| 1.35k| if(cipher_nonce_bytes > 0) { ------------------ | Branch (92:7): [True: 417, False: 934] ------------------ 93| 417| const uint8_t* c_nonce_bytes = key_data + 2 * (mac_keylen + cipher_keylen); 94| 417| m_c_nonce.assign(c_nonce_bytes, c_nonce_bytes + cipher_nonce_bytes); 95| | 96| 417| const uint8_t* s_nonce_bytes = key_data + 2 * (mac_keylen + cipher_keylen) + cipher_nonce_bytes; 97| 417| m_s_nonce.assign(s_nonce_bytes, s_nonce_bytes + cipher_nonce_bytes); 98| 417| } 99| 1.35k|} _ZN5Botan3TLS21Certificate_Verify_13C2ERKNSt3__16vectorIhNS2_9allocatorIhEEEENS0_15Connection_SideE: 87| 50| Certificate_Verify(buf), m_side(side) { 88| 50| if(!m_scheme.is_available()) { ------------------ | Branch (88:7): [True: 20, False: 30] ------------------ 89| 20| throw TLS_Exception(Alert::IllegalParameter, "Peer sent unknown signature scheme"); 90| 20| } 91| | 92| 30| if(!m_scheme.is_compatible_with(Protocol_Version::TLS_V13)) { ------------------ | Branch (92:7): [True: 3, False: 27] ------------------ 93| 3| throw TLS_Exception(Alert::IllegalParameter, "Peer sent signature algorithm that is not suitable for TLS 1.3"); 94| 3| } 95| 30|} _ZN5Botan3TLS14Certificate_1317Certificate_EntryC2ERNS0_15TLS_Data_ReaderENS0_15Connection_SideENS0_16Certificate_TypeE: 274| 309| Certificate_Type cert_type) { 275| 309| if(cert_type == Certificate_Type::X509) { ------------------ | Branch (275:7): [True: 309, False: 0] ------------------ 276| | // RFC 8446 4.2.2 277| | // [...] each CertificateEntry contains a DER-encoded X.509 278| | // certificate. 279| 309| const auto cert_bytes = reader.get_tls_length_value(3); 280| 309| try { 281| 309| m_certificate = std::make_unique(cert_bytes); 282| 309| m_raw_public_key = m_certificate->subject_public_key(); 283| 309| } catch(Exception& e) { 284| | // bad_certificate would make more sense but BoGo expects decoding_error 285| 298| throw TLS_Exception(Alert::DecodeError, e.what()); 286| 298| } 287| 309| } else if(cert_type == Certificate_Type::RawPublicKey) { ------------------ | Branch (287:14): [True: 0, False: 0] ------------------ 288| | // RFC 7250 3. 289| | // This specification uses raw public keys whereby the already 290| | // available encoding used in a PKIX certificate in the form of a 291| | // SubjectPublicKeyInfo structure is reused. 292| 0| try { 293| 0| m_raw_public_key = X509::load_key(reader.get_tls_length_value(3)); 294| 0| } catch(Exception& e) { 295| 0| throw TLS_Exception(Alert::DecodeError, e.what()); 296| 0| } 297| 0| } else { 298| 0| throw TLS_Exception(Alert::InternalError, "Unknown certificate type"); 299| 0| } 300| | 301| | // Extensions are simply tacked at the end of the certificate entry. This 302| | // is a departure from the typical "tag-length-value" in a sense that the 303| | // Extensions deserializer needs the length value of the extensions. 304| 0| const size_t extensions_length = reader.peek_uint16_t(); 305| 0| const auto exts_buf = reader.get_fixed(extensions_length + 2); 306| 0| TLS_Data_Reader exts_reader("extensions reader", exts_buf); 307| 0| m_extensions.deserialize(exts_reader, side, Handshake_Type::Certificate); 308| | 309| 0| if(cert_type == Certificate_Type::X509) { ------------------ | Branch (309:7): [True: 0, False: 0] ------------------ 310| | // RFC 8446 4.4.2 311| | // Valid extensions for server certificates at present include the 312| | // OCSP Status extension [RFC6066] and the SignedCertificateTimestamp 313| | // extension [RFC6962]; future extensions may be defined for this 314| | // message as well. 315| | // 316| | // RFC 8446 4.4.2.1 317| | // A server MAY request that a client present an OCSP response with its 318| | // certificate by sending an empty "status_request" extension in its 319| | // CertificateRequest message. 320| 0| if(m_extensions.contains_implemented_extensions_other_than({ ------------------ | Branch (320:10): [True: 0, False: 0] ------------------ 321| 0| Extension_Code::CertificateStatusRequest, 322| | // Extension_Code::SignedCertificateTimestamp 323| 0| })) { 324| 0| throw TLS_Exception(Alert::IllegalParameter, "Certificate Entry contained an extension that is not allowed"); 325| 0| } 326| 0| } else if(m_extensions.contains_implemented_extensions_other_than({})) { ------------------ | Branch (326:14): [True: 0, False: 0] ------------------ 327| 0| throw TLS_Exception( 328| 0| Alert::IllegalParameter, 329| 0| "Certificate Entry holding something else than a certificate contained unexpected extensions"); 330| 0| } 331| 0|} _ZN5Botan3TLS14Certificate_13C2ERKNSt3__16vectorIhNS2_9allocatorIhEEEERKNS0_6PolicyENS0_15Connection_SideENS0_16Certificate_TypeE: 368| 352| m_side(side) { 369| 352| TLS_Data_Reader reader("cert message reader", buf); 370| | 371| 352| m_request_context = reader.get_range(1, 0, 255); 372| | 373| | // RFC 8446 4.4.2 374| | // [...] in the case of server authentication, this field SHALL be zero length. 375| 352| if(m_side == Connection_Side::Server && !m_request_context.empty()) { ------------------ | Branch (375:7): [True: 0, False: 352] | Branch (375:44): [True: 0, False: 0] ------------------ 376| 0| throw TLS_Exception(Alert::IllegalParameter, "Server Certificate message must not contain a request context"); 377| 0| } 378| | 379| 352| const auto cert_entries_len = reader.get_uint24_t(); 380| | 381| 352| if(reader.remaining_bytes() != cert_entries_len) { ------------------ | Branch (381:7): [True: 33, False: 319] ------------------ 382| 33| throw TLS_Exception(Alert::DecodeError, "Certificate: Message malformed"); 383| 33| } 384| | 385| 319| const size_t max_size = policy.maximum_certificate_chain_size(); 386| 319| if(max_size > 0 && cert_entries_len > max_size) { ------------------ | Branch (386:7): [True: 311, False: 8] | Branch (386:23): [True: 0, False: 311] ------------------ 387| 0| throw Decoding_Error("Certificate chain exceeds policy specified maximum size"); 388| 0| } 389| | 390| 628| while(reader.has_remaining()) { ------------------ | Branch (390:10): [True: 309, False: 319] ------------------ 391| 309| m_entries.emplace_back(reader, side, cert_type); 392| 309| } 393| | 394| | // RFC 8446 4.4.2 395| | // The server's certificate_list MUST always be non-empty. A client 396| | // will send an empty certificate_list if it does not have an 397| | // appropriate certificate to send in response to the server's 398| | // authentication request. 399| 319| if(m_entries.empty()) { ------------------ | Branch (399:7): [True: 2, False: 317] ------------------ 400| | // RFC 8446 4.4.2.4 401| | // If the server supplies an empty Certificate message, the client MUST 402| | // abort the handshake with a "decode_error" alert. 403| 2| if(m_side == Connection_Side::Server) { ------------------ | Branch (403:10): [True: 0, False: 2] ------------------ 404| 0| throw TLS_Exception(Alert::DecodeError, "No certificates sent by server"); 405| 0| } 406| | 407| 2| return; 408| 2| } 409| | 410| 317| BOTAN_ASSERT_NOMSG(!m_entries.empty()); ------------------ | | 77| 317| do { \ | | 78| 317| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 317| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 317] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 317| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 317] | | ------------------ ------------------ 411| | 412| | // RFC 8446 4.4.2.2 413| | // The certificate type MUST be X.509v3 [RFC5280], unless explicitly 414| | // negotiated otherwise (e.g., [RFC7250]). 415| | // 416| | // TLS 1.0 through 1.3 all seem to require that the certificate be 417| | // precisely a v3 certificate. In fact the strict wording would seem 418| | // to require that every certificate in the chain be v3. But often 419| | // the intermediates are outside of the control of the server. 420| | // But, require that the leaf certificate be v3. 421| 317| if(cert_type == Certificate_Type::X509 && m_entries.front().certificate().x509_version() != 3) { ------------------ | Branch (421:7): [True: 0, False: 317] | Branch (421:46): [True: 0, False: 0] ------------------ 422| 0| throw TLS_Exception(Alert::BadCertificate, "The leaf certificate must be v3"); 423| 0| } 424| | 425| | // RFC 8446 4.4.2 426| | // If the RawPublicKey certificate type was negotiated, then the 427| | // certificate_list MUST contain no more than one CertificateEntry. 428| 317| if(cert_type == Certificate_Type::RawPublicKey && m_entries.size() != 1) { ------------------ | Branch (428:7): [True: 0, False: 317] | Branch (428:54): [True: 0, False: 0] ------------------ 429| 0| throw TLS_Exception(Alert::IllegalParameter, "Certificate message contained more than one RawPublicKey"); 430| 0| } 431| | 432| | // Validate the provided (certificate) public key against our policy 433| 317| auto pubkey = public_key(); 434| 317| policy.check_peer_key_acceptable(*pubkey); 435| | 436| 317| if(!policy.allowed_signature_method(pubkey->algo_name())) { ------------------ | Branch (436:7): [True: 0, False: 317] ------------------ 437| 0| throw TLS_Exception(Alert::HandshakeFailure, "Rejecting " + pubkey->algo_name() + " signature"); 438| 0| } 439| 317|} _ZN5Botan3TLS22Certificate_Request_13C2ERKNSt3__16vectorIhNS2_9allocatorIhEEEENS0_15Connection_SideE: 25| 1|Certificate_Request_13::Certificate_Request_13(const std::vector& buf, const Connection_Side side) { 26| 1| TLS_Data_Reader reader("Certificate_Request_13", buf); 27| | 28| | // RFC 8446 4.3.2 29| | // A server which is authenticating with a certificate MAY optionally 30| | // request a certificate from the client. 31| 1| if(side != Connection_Side::Server) { ------------------ | Branch (31:7): [True: 1, False: 0] ------------------ 32| 1| throw TLS_Exception(Alert::UnexpectedMessage, "Received a Certificate_Request message from a client"); 33| 1| } 34| | 35| 0| m_context = reader.get_tls_length_value(1); 36| 0| m_extensions.deserialize(reader, side, type()); 37| | 38| | // RFC 8446 4.3.2 39| | // The "signature_algorithms" extension MUST be specified, and other 40| | // extensions may optionally be included if defined for this message. 41| | // Clients MUST ignore unrecognized extensions. 42| | 43| 0| if(!m_extensions.has()) { ------------------ | Branch (43:7): [True: 0, False: 0] ------------------ 44| 0| throw TLS_Exception(Alert::MissingExtension, 45| 0| "Certificate_Request message did not provide a signature_algorithms extension"); 46| 0| } 47| | 48| | // RFC 8446 4.2. 49| | // The table below indicates the messages where a given extension may 50| | // appear [...]. If an implementation receives an extension which it 51| | // recognizes and which is not specified for the message in which it 52| | // appears, it MUST abort the handshake with an "illegal_parameter" alert. 53| | // 54| | // For Certificate Request said table states: 55| | // "status_request", "signature_algorithms", "signed_certificate_timestamp", 56| | // "certificate_authorities", "oid_filters", "signature_algorithms_cert", 57| 0| const std::set allowed_extensions = { 58| 0| Extension_Code::CertificateStatusRequest, 59| 0| Extension_Code::SignatureAlgorithms, 60| | // Extension_Code::SignedCertificateTimestamp, // NYI 61| 0| Extension_Code::CertificateAuthorities, 62| | // Extension_Code::OidFilters, // NYI 63| 0| Extension_Code::CertSignatureAlgorithms, 64| 0| }; 65| | 66| 0| if(m_extensions.contains_implemented_extensions_other_than(allowed_extensions)) { ------------------ | Branch (66:7): [True: 0, False: 0] ------------------ 67| 0| throw TLS_Exception(Alert::IllegalParameter, "Certificate Request contained an extension that is not allowed"); 68| 0| } 69| | 70| 0| reader.assert_done(); 71| 0|} _ZN5Botan3TLS15Client_Hello_13C2ENSt3__110unique_ptrINS0_21Client_Hello_InternalENS2_14default_deleteIS4_EEEE: 30| 31|Client_Hello_13::Client_Hello_13(std::unique_ptr data) : Client_Hello(std::move(data)) { 31| 31| const auto& exts = m_data->extensions(); 32| | 33| | // RFC 8446 4.1.2 34| | // TLS 1.3 ClientHellos are identified as having a legacy_version of 35| | // 0x0303 and a "supported_versions" extension present with 0x0304 as the 36| | // highest version indicated therein. 37| | // 38| | // Note that we already checked for "supported_versions" before entering this 39| | // c'tor in `Client_Hello_13::parse()`. This is just to be doubly sure. 40| 31| BOTAN_ASSERT_NOMSG(exts.has()); ------------------ | | 77| 31| do { \ | | 78| 31| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 31| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 31] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 31| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 31] | | ------------------ ------------------ 41| | 42| | // RFC 8446 4.2.1 43| | // Servers MAY abort the handshake upon receiving a ClientHello with 44| | // legacy_version 0x0304 or later. 45| 31| if(m_data->legacy_version().is_tls_13_or_later()) { ------------------ | Branch (45:7): [True: 17, False: 14] ------------------ 46| 17| throw TLS_Exception(Alert::DecodeError, "TLS 1.3 Client Hello has invalid legacy_version"); 47| 17| } 48| | 49| | // RFC 8446 D.5 50| | // Any endpoint receiving a Hello message with ClientHello.legacy_version [...] 51| | // set to 0x0300 MUST abort the handshake with a "protocol_version" alert. 52| 14| if(m_data->legacy_version().major_version() == 3 && m_data->legacy_version().minor_version() == 0) { ------------------ | Branch (52:7): [True: 1, False: 13] | Branch (52:7): [True: 1, False: 13] | Branch (52:56): [True: 1, False: 0] ------------------ 53| 1| throw TLS_Exception(Alert::ProtocolVersion, "TLS 1.3 Client Hello has invalid legacy_version"); 54| 1| } 55| | 56| | // RFC 8446 4.1.2 57| | // For every TLS 1.3 ClientHello, [the compression method] MUST contain 58| | // exactly one byte, set to zero, [...]. If a TLS 1.3 ClientHello is 59| | // received with any other value in this field, the server MUST abort the 60| | // handshake with an "illegal_parameter" alert. 61| 13| if(m_data->comp_methods().size() != 1 || m_data->comp_methods().front() != 0) { ------------------ | Branch (61:7): [True: 8, False: 5] | Branch (61:45): [True: 2, False: 3] ------------------ 62| 10| throw TLS_Exception(Alert::IllegalParameter, "Client did not offer NULL compression"); 63| 10| } 64| | 65| | // RFC 8446 4.2.9 66| | // A client MUST provide a "psk_key_exchange_modes" extension if it 67| | // offers a "pre_shared_key" extension. If clients offer "pre_shared_key" 68| | // without a "psk_key_exchange_modes" extension, servers MUST abort 69| | // the handshake. 70| 3| if(exts.has()) { ------------------ | Branch (70:7): [True: 0, False: 3] ------------------ 71| 0| if(!exts.has()) { ------------------ | Branch (71:10): [True: 0, False: 0] ------------------ 72| 0| throw TLS_Exception(Alert::MissingExtension, 73| 0| "Client Hello offered a PSK without a psk_key_exchange_modes extension"); 74| 0| } 75| | 76| | // RFC 8446 4.2.11 77| | // The "pre_shared_key" extension MUST be the last extension in the 78| | // ClientHello [...]. Servers MUST check that it is the last extension 79| | // and otherwise fail the handshake with an "illegal_parameter" alert. 80| 0| if(exts.last_added() != Extension_Code::PresharedKey) { ------------------ | Branch (80:10): [True: 0, False: 0] ------------------ 81| 0| throw TLS_Exception(Alert::IllegalParameter, "PSK extension was not at the very end of the Client Hello"); 82| 0| } 83| 0| } 84| | 85| | // RFC 8446 9.2 86| | // [A TLS 1.3 ClientHello] message MUST meet the following requirements: 87| | // 88| | // - If not containing a "pre_shared_key" extension, it MUST contain 89| | // both a "signature_algorithms" extension and a "supported_groups" 90| | // extension. 91| | // 92| | // - If containing a "supported_groups" extension, it MUST also contain 93| | // a "key_share" extension, and vice versa. An empty 94| | // KeyShare.client_shares vector is permitted. 95| | // 96| | // Servers receiving a ClientHello which does not conform to these 97| | // requirements MUST abort the handshake with a "missing_extension" 98| | // alert. 99| 3| if(!exts.has()) { ------------------ | Branch (99:7): [True: 3, False: 0] ------------------ 100| 3| if(!exts.has() || !exts.has()) { ------------------ | Branch (100:10): [True: 1, False: 2] | Branch (100:43): [True: 1, False: 1] ------------------ 101| 2| throw TLS_Exception( 102| 2| Alert::MissingExtension, 103| 2| "Non-PSK Client Hello did not contain supported_groups and signature_algorithms extensions"); 104| 2| } 105| 3| } 106| 1| if(exts.has() != exts.has()) { ------------------ | Branch (106:7): [True: 1, False: 0] ------------------ 107| 1| throw TLS_Exception(Alert::MissingExtension, 108| 1| "Client Hello must either contain both key_share and supported_groups extensions or neither"); 109| 1| } 110| | 111| 0| if(exts.has()) { ------------------ | Branch (111:7): [True: 0, False: 0] ------------------ 112| 0| auto* const supported_ext = exts.get(); 113| 0| BOTAN_ASSERT_NONNULL(supported_ext); ------------------ | | 116| 0| do { \ | | 117| 0| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 0] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 0| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 0] | | ------------------ ------------------ 114| 0| const auto supports = supported_ext->groups(); 115| 0| const auto offers = exts.get()->offered_groups(); 116| | 117| | // RFC 8446 4.2.8 118| | // Each KeyShareEntry value MUST correspond to a group offered in the 119| | // "supported_groups" extension and MUST appear in the same order. 120| | // [...] 121| | // Clients MUST NOT offer any KeyShareEntry values for groups not 122| | // listed in the client's "supported_groups" extension. 123| | // 124| | // Servers MAY check for violations of these rules and abort the 125| | // handshake with an "illegal_parameter" alert if one is violated. 126| | // 127| | // Note: We can assume that both `offers` and `supports` are unique lists 128| | // as this is ensured in the parsing code of the extensions. 129| | // 130| | // Since offers must appear in the same order as supports, a single 131| | // forward sweep of `supports` suffices: after finding each offered group 132| | // we advance past its position so the next offered group is searched for 133| | // only in the remaining suffix. 134| 0| auto supports_it = supports.begin(); 135| 0| for(const auto offered : offers) { ------------------ | Branch (135:30): [True: 0, False: 0] ------------------ 136| 0| supports_it = std::find(supports_it, supports.end(), offered); 137| 0| if(supports_it == supports.end()) { ------------------ | Branch (137:13): [True: 0, False: 0] ------------------ 138| 0| throw TLS_Exception(Alert::IllegalParameter, 139| 0| "Offered key exchange groups do not align with claimed supported groups"); 140| 0| } 141| 0| ++supports_it; 142| 0| } 143| 0| } 144| | 145| | // TODO: Reject oid_filters extension if found (which is the only known extension that 146| | // must not occur in the TLS 1.3 client hello. 147| | // RFC 8446 4.2.5 148| | // [The oid_filters extension] MUST only be sent in the CertificateRequest message. 149| 0|} _ZN5Botan3TLS15Client_Hello_135parseERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 286| 4.25k|std::variant Client_Hello_13::parse(const std::vector& buf) { 287| 4.25k| auto data = std::make_unique(buf); 288| 4.25k| const auto version = data->version(); 289| | 290| 4.25k| if(version.is_pre_tls_13()) { ------------------ | Branch (290:7): [True: 3.69k, False: 565] ------------------ 291| 3.69k| return Client_Hello_12_Shim(std::move(data)); 292| 3.69k| } else { 293| 565| return Client_Hello_13(std::move(data)); 294| 565| } 295| 4.25k|} _ZN5Botan3TLS20Encrypted_ExtensionsC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 134| 591|Encrypted_Extensions::Encrypted_Extensions(const std::vector& buf) { 135| 591| TLS_Data_Reader reader("encrypted extensions reader", buf); 136| | 137| | // Encrypted Extensions contains a list of extensions. This list may legally 138| | // be empty. However, in that case we should at least see a two-byte length 139| | // field that reads 0x00 0x00. 140| 591| if(buf.size() < 2) { ------------------ | Branch (140:7): [True: 3, False: 588] ------------------ 141| 3| throw TLS_Exception(Alert::DecodeError, "Server sent an empty Encrypted Extensions message"); 142| 3| } 143| | 144| 588| m_extensions.deserialize(reader, Connection_Side::Server, type()); 145| | 146| | // RFC 8446 4.2 147| | // If an implementation receives an extension which it recognizes and 148| | // which is not specified for the message in which it appears, it MUST 149| | // abort the handshake with an "illegal_parameter" alert. 150| | // 151| | // Note that we cannot encounter any extensions that we don't recognize here, 152| | // since only extensions we previously offered are allowed in EE. 153| 588| const auto allowed_exts = std::set{ 154| | // Allowed extensions listed in RFC 8446 and implemented in Botan 155| 588| Extension_Code::ServerNameIndication, 156| | // MAX_FRAGMENT_LENGTH 157| 588| Extension_Code::SupportedGroups, 158| 588| Extension_Code::UseSrtp, 159| | // HEARTBEAT 160| 588| Extension_Code::ApplicationLayerProtocolNegotiation, 161| | // RFC 7250 162| 588| Extension_Code::ClientCertificateType, 163| 588| Extension_Code::ServerCertificateType, 164| | // EARLY_DATA 165| | 166| | // Allowed extensions not listed in RFC 8446 but acceptable as Botan implements them 167| 588| Extension_Code::RecordSizeLimit, 168| 588| }; 169| 588| if(m_extensions.contains_implemented_extensions_other_than(allowed_exts)) { ------------------ | Branch (169:7): [True: 52, False: 536] ------------------ 170| 52| throw TLS_Exception(Alert::IllegalParameter, "Encrypted Extensions contained an extension that is not allowed"); 171| 52| } 172| | 173| 536| reader.assert_done(); 174| 536|} _ZN5Botan3TLS15Server_Hello_135parseERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 85| 118| const std::vector& buf) { 86| 118| auto data = std::make_unique(buf); 87| 118| const auto version = data->version(); 88| | 89| | // server hello that appears to be pre-TLS 1.3, takes precedence over... 90| 118| if(version.is_pre_tls_13()) { ------------------ | Branch (90:7): [True: 23, False: 95] ------------------ 91| 23| return Server_Hello_12_Shim(std::move(data)); 92| 23| } 93| | 94| | // ... the TLS 1.3 "special case" aka. Hello_Retry_Request 95| 95| if(version == Protocol_Version::TLS_V13) { ------------------ | Branch (95:7): [True: 24, False: 71] ------------------ 96| 24| if(data->is_hello_retry_request()) { ------------------ | Branch (96:10): [True: 0, False: 24] ------------------ 97| 0| return Hello_Retry_Request(std::move(data)); 98| 0| } 99| | 100| 24| return Server_Hello_13(std::move(data)); 101| 24| } 102| | 103| 71| throw TLS_Exception(Alert::ProtocolVersion, "unexpected server hello version: " + version.to_string()); 104| 95|} _ZNK5Botan3TLS15Server_Hello_1316basic_validationEv: 109| 24|void Server_Hello_13::basic_validation() const { 110| 24| BOTAN_ASSERT_NOMSG(m_data->version() == Protocol_Version::TLS_V13); ------------------ | | 77| 24| do { \ | | 78| 24| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 24| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 24] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 24| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 24] | | ------------------ ------------------ 111| | 112| | // Note: checks that cannot be performed without contextual information 113| | // are done in the specific TLS client implementation. 114| | // Note: The Supported_Version extension makes sure internally that 115| | // exactly one entry is provided. 116| | 117| | // Note: Hello Retry Request basic validation is equivalent with the 118| | // basic validations required for Server Hello 119| | // 120| | // RFC 8446 4.1.4 121| | // Upon receipt of a HelloRetryRequest, the client MUST check the 122| | // legacy_version, [...], and legacy_compression_method as specified in 123| | // Section 4.1.3 and then process the extensions, starting with determining 124| | // the version using "supported_versions". 125| | 126| | // RFC 8446 4.1.3 127| | // In TLS 1.3, [...] the legacy_version field MUST be set to 0x0303 128| 24| if(legacy_version() != Protocol_Version::TLS_V12) { ------------------ | Branch (128:7): [True: 18, False: 6] ------------------ 129| 18| throw TLS_Exception(Alert::ProtocolVersion, 130| 18| "legacy_version '" + legacy_version().to_string() + "' is not allowed"); 131| 18| } 132| | 133| | // RFC 8446 4.1.3 134| | // legacy_compression_method: A single byte which MUST have the value 0. 135| 6| if(compression_method() != 0x00) { ------------------ | Branch (135:7): [True: 1, False: 5] ------------------ 136| 1| throw TLS_Exception(Alert::DecodeError, "compression is not supported in TLS 1.3"); 137| 1| } 138| | 139| | // RFC 8446 4.1.3 140| | // All TLS 1.3 ServerHello messages MUST contain the "supported_versions" extension. 141| 5| if(!extensions().has()) { ------------------ | Branch (141:7): [True: 0, False: 5] ------------------ 142| 0| throw TLS_Exception(Alert::MissingExtension, "server hello did not contain 'supported version' extension"); 143| 0| } 144| | 145| | // RFC 8446 4.2.1 146| | // A server which negotiates TLS 1.3 MUST respond by sending 147| | // a "supported_versions" extension containing the selected version 148| | // value (0x0304). 149| 5| if(selected_version() != Protocol_Version::TLS_V13) { ------------------ | Branch (149:7): [True: 4, False: 1] ------------------ 150| 4| throw TLS_Exception(Alert::IllegalParameter, "TLS 1.3 Server Hello selected a different version"); 151| 4| } 152| 5|} _ZN5Botan3TLS15Server_Hello_13C2ENSt3__110unique_ptrINS0_21Server_Hello_InternalENS2_14default_deleteIS4_EEEENS1_16Server_Hello_TagE: 156| 24| Server_Hello(std::move(data)) { 157| 24| BOTAN_ASSERT_NOMSG(!m_data->is_hello_retry_request()); ------------------ | | 77| 24| do { \ | | 78| 24| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 24| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 24] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 24| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 24] | | ------------------ ------------------ 158| 24| basic_validation(); 159| | 160| 24| const auto& exts = extensions(); 161| | 162| | // RFC 8446 4.1.3 163| | // The ServerHello MUST only include extensions which are required to 164| | // establish the cryptographic context and negotiate the protocol version. 165| | // [...] 166| | // Other extensions (see Section 4.2) are sent separately in the 167| | // EncryptedExtensions message. 168| | // 169| | // Note that further validation dependent on the client hello is done in the 170| | // TLS client implementation. 171| 24| const std::set allowed = { 172| 24| Extension_Code::KeyShare, 173| 24| Extension_Code::SupportedVersions, 174| 24| Extension_Code::PresharedKey, 175| 24| }; 176| | 177| | // As the ServerHello shall only contain essential extensions, we don't give 178| | // any slack for extensions not implemented by Botan here. 179| 24| if(exts.contains_other_than(allowed)) { ------------------ | Branch (179:7): [True: 1, False: 23] ------------------ 180| 1| throw TLS_Exception(Alert::UnsupportedExtension, "Server Hello contained an extension that is not allowed"); 181| 1| } 182| | 183| | // RFC 8446 4.1.3 184| | // Current ServerHello messages additionally contain 185| | // either the "pre_shared_key" extension or the "key_share" 186| | // extension, or both [...]. 187| 23| if(!exts.has() && !exts.has()) { ------------------ | Branch (187:7): [True: 0, False: 23] | Branch (187:33): [True: 0, False: 0] ------------------ 188| 0| throw TLS_Exception(Alert::MissingExtension, "server hello must contain key exchange information"); 189| 0| } 190| 23|} _ZNK5Botan3TLS15Server_Hello_1316selected_versionEv: 353| 5|Protocol_Version Server_Hello_13::selected_version() const { 354| 5| auto* const versions_ext = m_data->extensions().get(); 355| 5| BOTAN_ASSERT_NOMSG(versions_ext); ------------------ | | 77| 5| do { \ | | 78| 5| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 5| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 5] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 5| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 5] | | ------------------ ------------------ 356| 5| const auto& versions = versions_ext->versions(); 357| 5| BOTAN_ASSERT_NOMSG(versions.size() == 1); ------------------ | | 77| 5| do { \ | | 78| 5| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 5| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 5] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 5| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 5] | | ------------------ ------------------ 358| 5| return versions.front(); 359| 5|} _ZN5Botan3TLS15Channel_Impl_13C2ERKNSt3__110shared_ptrINS0_9CallbacksEEERKNS3_INS0_15Session_ManagerEEERKNS3_INS_19Credentials_ManagerEEERKNS3_INS_21RandomNumberGeneratorEEERKNS3_IKNS0_6PolicyEEEb: 46| 5.69k| m_side(is_server ? Connection_Side::Server : Connection_Side::Client), ------------------ | Branch (46:14): [True: 5.69k, False: 0] ------------------ 47| 5.69k| m_callbacks(callbacks), 48| 5.69k| m_session_manager(session_manager), 49| 5.69k| m_credentials_manager(credentials_manager), 50| 5.69k| m_rng(rng), 51| 5.69k| m_policy(policy), 52| 5.69k| m_record_layer(m_side), 53| 5.69k| m_handshake_layer(m_side), 54| 5.69k| m_can_read(true), 55| 5.69k| m_can_write(true), 56| 5.69k| m_opportunistic_key_update(false), 57| 5.69k| m_first_message_sent(false), 58| 5.69k| m_first_message_received(false) { 59| 5.69k| BOTAN_ASSERT_NONNULL(m_callbacks); ------------------ | | 116| 5.69k| do { \ | | 117| 5.69k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 5.69k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 5.69k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 5.69k] | | ------------------ ------------------ 60| 5.69k| BOTAN_ASSERT_NONNULL(m_session_manager); ------------------ | | 116| 5.69k| do { \ | | 117| 5.69k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 5.69k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 5.69k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 5.69k] | | ------------------ ------------------ 61| 5.69k| BOTAN_ASSERT_NONNULL(m_credentials_manager); ------------------ | | 116| 5.69k| do { \ | | 117| 5.69k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 5.69k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 5.69k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 5.69k] | | ------------------ ------------------ 62| 5.69k| BOTAN_ASSERT_NONNULL(m_rng); ------------------ | | 116| 5.69k| do { \ | | 117| 5.69k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 5.69k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 5.69k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 5.69k] | | ------------------ ------------------ 63| 5.69k| BOTAN_ASSERT_NONNULL(m_policy); ------------------ | | 116| 5.69k| do { \ | | 117| 5.69k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 5.69k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 5.69k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 5.69k] | | ------------------ ------------------ 64| 5.69k|} _ZN5Botan3TLS15Channel_Impl_13D2Ev: 66| 5.69k|Channel_Impl_13::~Channel_Impl_13() = default; _ZN5Botan3TLS15Channel_Impl_139from_peerENSt3__14spanIKhLm18446744073709551615EEE: 68| 5.69k|size_t Channel_Impl_13::from_peer(std::span data) { 69| 5.69k| BOTAN_STATE_CHECK(!is_downgrading()); ------------------ | | 51| 5.69k| do { \ | | 52| 5.69k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 5.69k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 5.69k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 5.69k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 5.69k] | | ------------------ ------------------ 70| | 71| | // RFC 8446 6.1 72| | // Any data received after a closure alert has been received MUST be ignored. 73| 5.69k| if(!m_can_read) { ------------------ | Branch (73:7): [True: 0, False: 5.69k] ------------------ 74| 0| return 0; 75| 0| } 76| | 77| 5.69k| try { 78| 5.69k| if(expects_downgrade()) { ------------------ | Branch (78:10): [True: 5.69k, False: 0] ------------------ 79| 5.69k| preserve_peer_transcript(data); 80| 5.69k| } 81| | 82| 5.69k| m_record_layer.copy_data(data); 83| | 84| 13.6k| while(true) { ------------------ | Branch (84:13): [True: 11.9k, Folded] ------------------ 85| | // RFC 8446 6.1 86| | // Any data received after a closure alert has been received MUST be ignored. 87| | // 88| | // ... this data might already be in the record layer's read buffer. 89| 11.9k| if(!m_can_read) { ------------------ | Branch (89:13): [True: 24, False: 11.9k] ------------------ 90| 24| return 0; 91| 24| } 92| | 93| 11.9k| auto result = m_record_layer.next_record(m_cipher_state.get()); 94| | 95| 11.9k| if(std::holds_alternative(result)) { ------------------ | Branch (95:13): [True: 143, False: 11.7k] ------------------ 96| 143| return std::get(result); 97| 143| } 98| | 99| 11.7k| const auto& record = std::get(result); 100| | 101| | // RFC 8446 5.1 102| | // Handshake messages MUST NOT be interleaved with other record types. 103| 11.7k| if(record.type != Record_Type::Handshake && m_handshake_layer.has_pending_data()) { ------------------ | Branch (103:13): [True: 1.00k, False: 10.7k] | Branch (103:54): [True: 2, False: 1.00k] ------------------ 104| 2| throw Unexpected_Message("Expected remainder of a handshake message"); 105| 2| } 106| | 107| 11.7k| if(record.type == Record_Type::Handshake) { ------------------ | Branch (107:13): [True: 10.6k, False: 1.08k] ------------------ 108| 10.6k| m_handshake_layer.copy_data(record.fragment); 109| | 110| 10.6k| if(!is_handshake_complete()) { ------------------ | Branch (110:16): [True: 10.6k, False: 0] ------------------ 111| 10.8k| while(auto handshake_msg = m_handshake_layer.next_message(policy(), m_transcript_hash)) { ------------------ | Branch (111:27): [True: 3.87k, False: 6.97k] ------------------ 112| | // RFC 8446 5.1 113| | // Handshake messages MUST NOT span key changes. Implementations 114| | // MUST verify that all messages immediately preceding a key change 115| | // align with a record boundary; if not, then they MUST terminate the 116| | // connection with an "unexpected_message" alert. Because the 117| | // ClientHello, EndOfEarlyData, ServerHello, Finished, and KeyUpdate 118| | // messages can immediately precede a key change, implementations 119| | // MUST send these messages in alignment with a record boundary. 120| | // 121| | // Note: Hello_Retry_Request was added to the list below although it cannot immediately precede a key change. 122| | // However, there cannot be any further sensible messages in the record after HRR. 123| | // 124| | // Note: Server_Hello_12 was deliberately not included in the check below because in TLS 1.2 Server Hello and 125| | // other handshake messages can be legally coalesced in a single record. 126| | // 127| 3.87k| if(holds_any_of(handshake_msg.value()) && 132| 3.70k| m_handshake_layer.has_pending_data()) { ------------------ | Branch (132:22): [True: 22, False: 3.68k] ------------------ 133| 22| throw Unexpected_Message("Unexpected additional handshake message data found in record"); 134| 22| } 135| | 136| 3.85k| process_handshake_msg(std::move(handshake_msg.value())); 137| | 138| 3.85k| if(is_downgrading()) { ------------------ | Branch (138:22): [True: 3.67k, False: 175] ------------------ 139| | // Downgrade to TLS 1.2 was detected. Stop everything we do and await being replaced by a 1.2 implementation. 140| 3.67k| return 0; 141| 3.67k| } else if(m_downgrade_info != nullptr) { ------------------ | Branch (141:29): [True: 0, False: 175] ------------------ 142| | // We received a TLS 1.3 error alert that could have been a TLS 1.2 warning alert. 143| | // Now that we know that we are talking to a TLS 1.3 server, shut down. 144| 0| if(m_downgrade_info->received_tls_13_error_alert) { ------------------ | Branch (144:25): [True: 0, False: 0] ------------------ 145| 0| shutdown(); 146| 0| } 147| | 148| | // Downgrade can only be indicated in the first received peer message. This was not the case. 149| 0| m_downgrade_info.reset(); 150| 0| } 151| | 152| | // After the initial handshake message is received, the record 153| | // layer must be more restrictive. 154| | // See RFC 8446 5.1 regarding "legacy_record_version" 155| 175| if(!m_first_message_received) { ------------------ | Branch (155:22): [True: 0, False: 175] ------------------ 156| 0| m_record_layer.disable_receiving_compat_mode(); 157| 0| m_first_message_received = true; 158| 0| } 159| 175| } 160| 10.6k| } else { 161| 0| while(auto handshake_msg = m_handshake_layer.next_post_handshake_message(policy())) { ------------------ | Branch (161:27): [True: 0, False: 0] ------------------ 162| 0| process_post_handshake_msg(std::move(handshake_msg.value())); 163| 0| } 164| 0| } 165| 10.6k| } else if(record.type == Record_Type::ChangeCipherSpec) { ------------------ | Branch (165:20): [True: 1, False: 1.08k] ------------------ 166| 1| process_dummy_change_cipher_spec(); 167| 1.08k| } else if(record.type == Record_Type::ApplicationData) { ------------------ | Branch (167:20): [True: 0, False: 1.08k] ------------------ 168| 0| BOTAN_ASSERT_NONNULL(m_cipher_state); ------------------ | | 116| 0| do { \ | | 117| 0| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 0] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 0| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 0] | | ------------------ ------------------ 169| 0| if(!m_cipher_state->can_decrypt_application_traffic()) { ------------------ | Branch (169:16): [True: 0, False: 0] ------------------ 170| 0| throw Unexpected_Message("Application data received before handshake completion"); 171| 0| } 172| | /* 173| | The record sequence number is set in Record_Layer::next_record only when 174| | the record contents are decrypted under the current set of traffic keys 175| | */ 176| 0| if(!record.seq_no.has_value()) { ------------------ | Branch (176:16): [True: 0, False: 0] ------------------ 177| 0| throw Unexpected_Message("Application data must have a sequence number"); 178| 0| } 179| 0| callbacks().tls_record_received(record.seq_no.value(), record.fragment); 180| 1.08k| } else if(record.type == Record_Type::Alert) { ------------------ | Branch (180:20): [True: 1.00k, False: 82] ------------------ 181| 1.00k| process_alert(record.fragment); 182| 1.00k| } else { 183| 82| throw Unexpected_Message("Unexpected record type " + std::to_string(static_cast(record.type)) + 184| 82| " from counterparty"); 185| 82| } 186| 11.7k| } 187| 5.69k| } catch(TLS_Exception& e) { 188| 957| send_fatal_alert(e.type()); 189| 957| throw; 190| 957| } catch(Invalid_Authentication_Tag&) { 191| | // RFC 8446 5.2 192| | // If the decryption fails, the receiver MUST terminate the connection 193| | // with a "bad_record_mac" alert. 194| 0| send_fatal_alert(Alert::BadRecordMac); 195| 0| throw; 196| 889| } catch(Decoding_Error&) { 197| 889| send_fatal_alert(Alert::DecodeError); 198| 889| throw; 199| 889| } catch(...) { 200| 2| send_fatal_alert(Alert::InternalError); 201| 2| throw; 202| 2| } 203| 5.69k|} _ZN5Botan3TLS15Channel_Impl_1310send_alertERKNS0_5AlertE: 299| 1.86k|void Channel_Impl_13::send_alert(const Alert& alert) { 300| 1.86k| if(alert.is_valid() && m_can_write) { ------------------ | Branch (300:7): [True: 1.86k, False: 0] | Branch (300:27): [True: 1.86k, False: 2] ------------------ 301| 1.86k| try { 302| 1.86k| send_record(Record_Type::Alert, alert.serialize()); 303| 1.86k| } catch(...) { /* swallow it */ 304| 0| } 305| 1.86k| } 306| | 307| | // Note: In TLS 1.3 sending a CloseNotify must not immediately lead to closing the reading end. 308| | // RFC 8446 6.1 309| | // Each party MUST send a "close_notify" alert before closing its write 310| | // side of the connection, unless it has already sent some error alert. 311| | // This does not have any effect on its read side of the connection. 312| 1.86k| if(is_close_notify_alert(alert) && m_can_write) { ------------------ | Branch (312:7): [True: 18, False: 1.84k] | Branch (312:39): [True: 16, False: 2] ------------------ 313| 16| m_can_write = false; 314| 16| if(m_cipher_state) { ------------------ | Branch (314:10): [True: 0, False: 16] ------------------ 315| 0| m_cipher_state->clear_write_keys(); 316| 0| } 317| 16| } 318| | 319| 1.86k| if(is_error_alert(alert)) { ------------------ | Branch (319:7): [True: 1.84k, False: 18] ------------------ 320| 1.84k| shutdown(); 321| 1.84k| } 322| 1.86k|} _ZN5Botan3TLS15Channel_Impl_1311send_recordENS0_11Record_TypeERKNSt3__16vectorIhNS3_9allocatorIhEEEE: 344| 1.86k|void Channel_Impl_13::send_record(Record_Type type, const std::vector& record) { 345| 1.86k| BOTAN_STATE_CHECK(!is_downgrading()); ------------------ | | 51| 1.86k| do { \ | | 52| 1.86k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 1.86k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 1.86k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 1.86k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 1.86k] | | ------------------ ------------------ 346| 1.86k| BOTAN_STATE_CHECK(m_can_write); ------------------ | | 51| 1.86k| do { \ | | 52| 1.86k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 1.86k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 1.86k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 1.86k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 1.86k] | | ------------------ ------------------ 347| | 348| 1.86k| auto to_write = m_record_layer.prepare_records(type, record, m_cipher_state.get()); 349| | 350| | // After the initial handshake message is sent, the record layer must 351| | // adhere to a more strict record specification. Note that for the 352| | // server case this is a NOOP. 353| | // See (RFC 8446 5.1. regarding "legacy_record_version") 354| 1.86k| if(!m_first_message_sent && type == Record_Type::Handshake) { ------------------ | Branch (354:7): [True: 1.86k, False: 0] | Branch (354:32): [True: 0, False: 1.86k] ------------------ 355| 0| m_record_layer.disable_sending_compat_mode(); 356| 0| m_first_message_sent = true; 357| 0| } 358| | 359| | // The dummy CCS must not be prepended if the following record is 360| | // an unprotected Alert record. 361| 1.86k| if(prepend_ccs() && (m_cipher_state || type != Record_Type::Alert)) { ------------------ | Branch (361:7): [True: 0, False: 1.86k] | Branch (361:25): [True: 0, False: 0] | Branch (361:43): [True: 0, False: 0] ------------------ 362| 0| std::array ccs_content = {0x01}; 363| 0| const auto ccs = m_record_layer.prepare_records(Record_Type::ChangeCipherSpec, ccs_content, m_cipher_state.get()); 364| 0| to_write = concat(ccs, to_write); 365| 0| } 366| | 367| 1.86k| callbacks().tls_emit_data(to_write); 368| 1.86k|} _ZN5Botan3TLS15Channel_Impl_1313process_alertERKNSt3__16vectorIhNS_16secure_allocatorIhEEEE: 370| 1.00k|void Channel_Impl_13::process_alert(const secure_vector& record) { 371| 1.00k| const Alert alert(record); 372| | 373| 1.00k| if(is_close_notify_alert(alert)) { ------------------ | Branch (373:7): [True: 18, False: 982] ------------------ 374| 18| m_can_read = false; 375| 18| if(m_cipher_state) { ------------------ | Branch (375:10): [True: 0, False: 18] ------------------ 376| 0| m_cipher_state->clear_read_keys(); 377| 0| } 378| 18| m_record_layer.clear_read_buffer(); 379| 18| } 380| | 381| | // user canceled alerts are ignored 382| | 383| | // RFC 8446 5. 384| | // All the alerts listed in Section 6.2 MUST be sent with 385| | // AlertLevel=fatal and MUST be treated as error alerts when received 386| | // regardless of the AlertLevel in the message. Unknown Alert types 387| | // MUST be treated as error alerts. 388| 1.00k| if(is_error_alert(alert) && !alert.is_fatal()) { ------------------ | Branch (388:7): [True: 688, False: 312] | Branch (388:32): [True: 682, False: 6] ------------------ 389| | // In TLS 1.2 error alerts might be marked as 'warnings' and would not 390| | // demand an immediate shutdown. Until we are sure to talk to a TLS 1.3 391| | // peer we must defer the shutdown and refrain from raising a decode 392| | // error. 393| 682| if(expects_downgrade()) { ------------------ | Branch (393:10): [True: 682, False: 0] ------------------ 394| 682| m_downgrade_info->received_tls_13_error_alert = true; 395| 682| } else { 396| 0| throw TLS_Exception(Alert::DecodeError, "Error alert not marked fatal"); // will shutdown in send_alert 397| 0| } 398| 682| } 399| | 400| 1.00k| if(alert.is_fatal()) { ------------------ | Branch (400:7): [True: 8, False: 992] ------------------ 401| 8| shutdown(); 402| 8| } 403| | 404| 1.00k| callbacks().tls_alert(alert); 405| | 406| | // Respond with our "close_notify" if the application requests us to. 407| 1.00k| if(is_close_notify_alert(alert) && callbacks().tls_peer_closed_connection()) { ------------------ | Branch (407:7): [True: 18, False: 982] | Branch (407:39): [True: 18, False: 0] ------------------ 408| 18| close(); 409| 18| } 410| 1.00k|} _ZN5Botan3TLS15Channel_Impl_138shutdownEv: 412| 1.85k|void Channel_Impl_13::shutdown() { 413| | // RFC 8446 6.2 414| | // Upon transmission or receipt of a fatal alert message, both 415| | // parties MUST immediately close the connection. 416| 1.85k| m_can_read = false; 417| 1.85k| m_can_write = false; 418| 1.85k| m_cipher_state.reset(); 419| 1.85k| m_active_state.reset(); 420| 1.85k|} _ZN5Botan3TLS15Channel_Impl_1316expect_downgradeERKNS0_18Server_InformationERKNSt3__16vectorINS5_12basic_stringIcNS5_11char_traitsIcEENS5_9allocatorIcEEEENSA_ISC_EEEE: 423| 5.69k| const std::vector& next_protocols) { 424| 5.69k| Downgrade_Information di{ 425| 5.69k| {}, 426| 5.69k| {}, 427| 5.69k| {}, 428| 5.69k| server_info, 429| 5.69k| next_protocols, 430| 5.69k| Botan::TLS::Channel::IO_BUF_DEFAULT_SIZE, 431| 5.69k| m_callbacks, 432| 5.69k| m_session_manager, 433| 5.69k| m_credentials_manager, 434| 5.69k| m_rng, 435| 5.69k| m_policy, 436| 5.69k| false, // received_tls_13_error_alert 437| 5.69k| false // will_downgrade 438| 5.69k| }; 439| 5.69k| m_downgrade_info = std::make_unique(std::move(di)); 440| 5.69k|} tls_channel_impl_13.cpp:_ZN12_GLOBAL__N_121is_close_notify_alertERKN5Botan3TLS5AlertE: 27| 6.68k|bool is_close_notify_alert(const Botan::TLS::Alert& alert) { 28| 6.68k| return alert.type() == Botan::TLS::Alert::CloseNotify; 29| 6.68k|} tls_channel_impl_13.cpp:_ZN12_GLOBAL__N_114is_error_alertERKN5Botan3TLS5AlertE: 31| 2.85k|bool is_error_alert(const Botan::TLS::Alert& alert) { 32| | // In TLS 1.3 all alerts except for closure alerts are considered error alerts. 33| | // (RFC 8446 6.) 34| 2.85k| return !is_close_notify_alert(alert) && !is_user_canceled_alert(alert); ------------------ | Branch (34:11): [True: 2.81k, False: 36] | Branch (34:44): [True: 2.53k, False: 279] ------------------ 35| 2.85k|} tls_channel_impl_13.cpp:_ZN12_GLOBAL__N_122is_user_canceled_alertERKN5Botan3TLS5AlertE: 23| 2.81k|bool is_user_canceled_alert(const Botan::TLS::Alert& alert) { 24| 2.81k| return alert.type() == Botan::TLS::Alert::UserCanceled; 25| 2.81k|} _ZN5Botan3TLS6CookieC2ERNS0_15TLS_Data_ReaderEt: 26| 66|Cookie::Cookie(TLS_Data_Reader& reader, uint16_t extension_size) { 27| | // RFC 8446 4.2.2 28| | // struct { 29| | // opaque cookie<1..2^16-1>; 30| | // } Cookie; 31| | // 32| | // The wire form requires a 2-byte length field plus at least one byte of 33| | // cookie data, so the minimum extension size is 3 bytes. 34| 66| if(extension_size < 3) { ------------------ | Branch (34:7): [True: 3, False: 63] ------------------ 35| 3| throw Decoding_Error("Empty cookie extension is illegal"); 36| 3| } 37| | 38| 63| const uint16_t len = reader.get_uint16_t(); 39| | 40| 63| if(static_cast(len) + 2 != extension_size) { ------------------ | Branch (40:7): [True: 14, False: 49] ------------------ 41| 14| throw Decoding_Error("Inconsistent length in cookie extension"); 42| 14| } 43| | 44| 49| m_cookie = reader.get_fixed(len); 45| 49|} _ZN5Botan3TLS22PSK_Key_Exchange_ModesC2ERNS0_15TLS_Data_ReaderEt: 65| 847|PSK_Key_Exchange_Modes::PSK_Key_Exchange_Modes(TLS_Data_Reader& reader, uint16_t extension_size) { 66| | // RFC 8446 4.2.9 67| | // struct { 68| | // PskKeyExchangeMode ke_modes<1..255>; 69| | // } PskKeyExchangeModes; 70| | // 71| | // The wire form is a 1-byte length followed by mode_count mode bytes, 72| | // with mode_count in [1, 255], so the extension size is in [2, 256]. 73| 847| if(extension_size < 2) { ------------------ | Branch (73:7): [True: 2, False: 845] ------------------ 74| 2| throw Decoding_Error("Empty psk_key_exchange_modes extension is illegal"); 75| 2| } 76| | 77| 845| const auto mode_count = reader.get_byte(); 78| 845| if(static_cast(mode_count) + 1 != extension_size) { ------------------ | Branch (78:7): [True: 8, False: 837] ------------------ 79| 8| throw Decoding_Error("Inconsistent length in psk_key_exchange_modes extension"); 80| 8| } 81| | 82| 7.71k| for(uint16_t i = 0; i < mode_count; ++i) { ------------------ | Branch (82:24): [True: 6.87k, False: 837] ------------------ 83| 6.87k| const auto mode = static_cast(reader.get_byte()); 84| 6.87k| if(mode == PSK_Key_Exchange_Mode::PSK_KE || mode == PSK_Key_Exchange_Mode::PSK_DHE_KE) { ------------------ | Branch (84:10): [True: 3.10k, False: 3.76k] | Branch (84:51): [True: 352, False: 3.41k] ------------------ 85| 3.46k| m_modes.push_back(mode); 86| 3.46k| } 87| 6.87k| } 88| 837|} _ZN5Botan3TLS23Certificate_AuthoritiesC2ERNS0_15TLS_Data_ReaderEt: 106| 351|Certificate_Authorities::Certificate_Authorities(TLS_Data_Reader& reader, uint16_t extension_size) { 107| 351| if(extension_size < 2) { ------------------ | Branch (107:7): [True: 4, False: 347] ------------------ 108| 4| throw Decoding_Error("Empty certificate_authorities extension is illegal"); 109| 4| } 110| | 111| 347| const uint16_t purported_size = reader.get_uint16_t(); 112| | 113| 347| if(reader.remaining_bytes() != purported_size) { ------------------ | Branch (113:7): [True: 11, False: 336] ------------------ 114| 11| throw Decoding_Error("Inconsistent length in certificate_authorities extension"); 115| 11| } 116| | 117| | // RFC 8446 4.2.4: DistinguishedName authorities<3..2^16-1>; 118| 336| if(purported_size < 3) { ------------------ | Branch (118:7): [True: 2, False: 334] ------------------ 119| 2| throw Decoding_Error("Empty certificate_authorities list is illegal"); 120| 2| } 121| | 122| 679| while(reader.has_remaining()) { ------------------ | Branch (122:10): [True: 345, False: 334] ------------------ 123| | // RFC 8446 4.2.4: opaque DistinguishedName<1..2^16-1> 124| 345| const std::vector name_bits = reader.get_range(2, 1, 65535); 125| | 126| 345| BER_Decoder decoder(name_bits, BER_Decoder::Limits::DER()); 127| 345| m_distinguished_names.emplace_back(); 128| 345| decoder.decode(m_distinguished_names.back()).verify_end(); 129| 345| } 130| 334|} _ZN5Botan3TLS19EarlyDataIndicationC2ERNS0_15TLS_Data_ReaderEtNS0_14Handshake_TypeE: 149| 41| Handshake_Type message_type) { 150| 41| if(message_type == Handshake_Type::NewSessionTicket) { ------------------ | Branch (150:7): [True: 0, False: 41] ------------------ 151| 0| if(extension_size != 4) { ------------------ | Branch (151:10): [True: 0, False: 0] ------------------ 152| 0| throw TLS_Exception(Alert::DecodeError, 153| 0| "Received an early_data extension in a NewSessionTicket message " 154| 0| "without maximum early data size indication"); 155| 0| } 156| | 157| 0| m_max_early_data_size = reader.get_uint32_t(); 158| 41| } else if(extension_size != 0) { ------------------ | Branch (158:14): [True: 3, False: 38] ------------------ 159| 3| throw TLS_Exception(Alert::DecodeError, 160| 3| "Received an early_data extension containing an unexpected data " 161| 3| "size indication"); 162| 3| } 163| 41|} _ZNK5Botan3TLS19EarlyDataIndication5emptyEv: 165| 8|bool EarlyDataIndication::empty() const { 166| | // This extension may be empty by definition but still carry information 167| 8| return false; 168| 8|} _ZN5Botan3TLS9Key_ShareC2ERNS0_15TLS_Data_ReaderEtNS0_14Handshake_TypeE: 401| 91|Key_Share::Key_Share(TLS_Data_Reader& reader, uint16_t extension_size, Handshake_Type message_type) { 402| 91| if(message_type == Handshake_Type::ClientHello) { ------------------ | Branch (402:7): [True: 81, False: 10] ------------------ 403| 81| m_impl = std::make_unique(Key_Share_ClientHello(reader, extension_size)); 404| 81| } else if(message_type == Handshake_Type::HelloRetryRequest) { ------------------ | Branch (404:14): [True: 0, False: 10] ------------------ 405| | // Connection_Side::Server 406| 0| m_impl = std::make_unique(Key_Share_HelloRetryRequest(reader, extension_size)); 407| 10| } else if(message_type == Handshake_Type::ServerHello) { ------------------ | Branch (407:14): [True: 8, False: 2] ------------------ 408| | // Connection_Side::Server 409| 8| m_impl = std::make_unique(Key_Share_ServerHello(reader, extension_size)); 410| 8| } else { 411| 2| throw Invalid_Argument(std::string("cannot create a Key_Share extension for message of type: ") + 412| 2| handshake_type_to_string(message_type)); 413| 2| } 414| 91|} _ZN5Botan3TLS9Key_ShareD2Ev: 433| 59|Key_Share::~Key_Share() = default; _ZNK5Botan3TLS9Key_Share5emptyEv: 439| 1|bool Key_Share::empty() const { 440| 1| return std::visit([](const auto& key_share) { return key_share.empty(); }, m_impl->key_share); 441| 1|} tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ClientHelloC2ERNS0_15TLS_Data_ReaderEt: 185| 81| Key_Share_ClientHello(TLS_Data_Reader& reader, uint16_t /* extension_size */) { 186| | // The reader is per-extension (Extensions::deserialize binds it to 187| | // exactly extension_size bytes). Enforce that the inner 188| | // client_shares length matches what the outer extension has left, 189| | // then let the entry loop consume everything; extn_reader's 190| | // assert_done() at the deserialize call site catches any leftover. 191| 81| const auto client_key_share_length = reader.get_uint16_t(); 192| 81| if(reader.remaining_bytes() != client_key_share_length) { ------------------ | Branch (192:13): [True: 12, False: 69] ------------------ 193| 12| throw TLS_Exception(Alert::DecodeError, "Inconsistent length in client KeyShare extension"); 194| 12| } 195| | 196| 69| std::unordered_set seen_groups; 197| 198| while(reader.has_remaining()) { ------------------ | Branch (197:16): [True: 134, False: 64] ------------------ 198| | // Each KeyShareEntry is at least 4 bytes (group + 2-byte length). 199| | // Cleaner failure than the reader underflow we'd otherwise hit 200| | // when the inner buffer ends mid-entry. 201| 134| if(reader.remaining_bytes() < 4) { ------------------ | Branch (201:16): [True: 4, False: 130] ------------------ 202| 4| throw TLS_Exception(Alert::DecodeError, "Not enough data to read another KeyShareEntry"); 203| 4| } 204| | 205| 130| Key_Share_Entry new_entry(reader); 206| | 207| | // RFC 8446 4.2.8 208| | // Clients MUST NOT offer multiple KeyShareEntry values for the same 209| | // group. [...] 210| | // Servers MAY check for violations of these rules and abort the 211| | // handshake with an "illegal_parameter" alert if one is violated. 212| 130| if(!seen_groups.insert(new_entry.group().wire_code()).second) { ------------------ | Branch (212:16): [True: 1, False: 129] ------------------ 213| 1| throw TLS_Exception(Alert::IllegalParameter, "Received multiple key share entries for the same group"); 214| 1| } 215| | 216| 129| m_client_shares.emplace_back(std::move(new_entry)); 217| 129| } 218| 69| } tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_115Key_Share_EntryC2ERNS0_15TLS_Data_ReaderE: 47| 138| explicit Key_Share_Entry(TLS_Data_Reader& reader) { 48| | // TODO check that the group actually exists before casting... 49| 138| m_group = static_cast(reader.get_uint16_t()); 50| | // RFC 8446 4.2.8: opaque key_exchange<1..2^16-1> 51| 138| m_key_exchange = reader.get_range(2, 1, 65535); 52| 138| } tls_extensions_key_share.cpp:_ZNK5Botan3TLS12_GLOBAL__N_115Key_Share_Entry5groupEv: 105| 121| Named_Group group() const { return m_group; } tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ClientHelloD2Ev: 243| 162| ~Key_Share_ClientHello() = default; tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ServerHelloC2ERNS0_15TLS_Data_ReaderEt: 145| 8| Key_Share_ServerHello(TLS_Data_Reader& reader, uint16_t /*len*/) : m_server_share(reader) {} tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ServerHelloD2Ev: 153| 15| ~Key_Share_ServerHello() = default; tls_extensions_key_share.cpp:_ZZNK5Botan3TLS9Key_Share5emptyEvENK3$_0clINS0_12_GLOBAL__N_121Key_Share_ClientHelloEEEDaRKT_: 440| 1| return std::visit([](const auto& key_share) { return key_share.empty(); }, m_impl->key_share); tls_extensions_key_share.cpp:_ZNK5Botan3TLS12_GLOBAL__N_121Key_Share_ClientHello5emptyEv: 288| 1| bool empty() const { 289| | // RFC 8446 4.2.8 290| | // Clients MAY send an empty client_shares vector in order to request 291| | // group selection from the server, at the cost of an additional round 292| | // trip [...]. 293| 1| return false; 294| 1| } tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ClientHelloC2EOS2_: 248| 108| Key_Share_ClientHello(Key_Share_ClientHello&&) = default; tls_extensions_key_share.cpp:_ZN5Botan3TLS9Key_Share14Key_Share_ImplC2ENSt3__17variantIJNS0_12_GLOBAL__N_121Key_Share_ClientHelloENS5_21Key_Share_ServerHelloENS5_27Key_Share_HelloRetryRequestEEEE: 396| 59| explicit Key_Share_Impl(Key_Share_Type ks) : key_share(std::move(ks)) {} tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ServerHelloC2EOS2_: 158| 10| Key_Share_ServerHello(Key_Share_ServerHello&&) = default; _ZN5Botan3TLS3PSKC2ERNS0_15TLS_Data_ReaderEtNS0_14Handshake_TypeE: 142| 93|PSK::PSK(TLS_Data_Reader& reader, uint16_t extension_size, Handshake_Type message_type) { 143| 93| if(message_type == Handshake_Type::ServerHello) { ------------------ | Branch (143:7): [True: 4, False: 89] ------------------ 144| 4| if(extension_size != 2) { ------------------ | Branch (144:10): [True: 1, False: 3] ------------------ 145| 1| throw TLS_Exception(Alert::DecodeError, "Server provided a malformed PSK extension"); 146| 1| } 147| | 148| 3| const uint16_t selected_id = reader.get_uint16_t(); 149| 3| m_impl = std::make_unique(Server_PSK(selected_id)); 150| 89| } else if(message_type == Handshake_Type::ClientHello) { ------------------ | Branch (150:14): [True: 86, False: 3] ------------------ 151| 86| const auto identities_length = reader.get_uint16_t(); 152| 86| const auto identities_offset = reader.read_so_far(); 153| | 154| 86| std::vector psk_identities; 155| 786| while(reader.has_remaining() && (reader.read_so_far() - identities_offset) < identities_length) { ------------------ | Branch (155:13): [True: 759, False: 27] | Branch (155:39): [True: 700, False: 59] ------------------ 156| | /* Per RFC 8446 PskIdentity is 157| | 158| | struct { 159| | opaque identity<1..2^16-1>; 160| | uint32 obfuscated_ticket_age; 161| | } PskIdentity; 162| | 163| | so we should reject an empty identity. However BoGo seems to expect 164| | being able to send us such an identity, so for now we accept it. 165| | */ 166| | 167| 700| auto identity = reader.get_tls_length_value(2); 168| 700| const auto obfuscated_ticket_age = reader.get_uint32_t(); 169| 700| psk_identities.emplace_back(std::move(identity), obfuscated_ticket_age); 170| 700| } 171| | 172| 86| if(psk_identities.empty()) { ------------------ | Branch (172:10): [True: 1, False: 85] ------------------ 173| 1| throw TLS_Exception(Alert::DecodeError, "Empty PSK list"); 174| 1| } 175| | 176| 85| if(reader.read_so_far() - identities_offset != identities_length) { ------------------ | Branch (176:10): [True: 14, False: 71] ------------------ 177| 14| throw TLS_Exception(Alert::DecodeError, "Inconsistent PSK identity list"); 178| 14| } 179| | 180| 71| const auto binders_length = reader.get_uint16_t(); 181| 71| const auto binders_offset = reader.read_so_far(); 182| | 183| 71| if(binders_length == 0) { ------------------ | Branch (183:10): [True: 1, False: 70] ------------------ 184| 1| throw TLS_Exception(Alert::DecodeError, "Empty PSK binders list"); 185| 1| } 186| | 187| 70| std::vector psks; 188| 339| for(auto& psk_identity : psk_identities) { ------------------ | Branch (188:30): [True: 339, False: 62] ------------------ 189| 339| if(!reader.has_remaining() || reader.read_so_far() - binders_offset >= binders_length) { ------------------ | Branch (189:13): [True: 3, False: 336] | Branch (189:40): [True: 5, False: 331] ------------------ 190| 8| throw TLS_Exception(Alert::IllegalParameter, "Not enough PSK binders"); 191| 8| } 192| | 193| | // RFC 8446 4.2.11 declares PskBinderEntry opaque<32..255>, but we accept any 194| | // 0..255 length here and let validate_binder reject, which yields a bad_record_mac 195| | // alert rather than decode_error. BoringSSL behaves the same way and BoGo has 196| | // tests that specifically expect this. 197| | 198| 331| psks.emplace_back(std::move(psk_identity), reader.get_tls_length_value(1)); 199| 331| } 200| | 201| 62| if(reader.read_so_far() - binders_offset != binders_length) { ------------------ | Branch (201:10): [True: 24, False: 38] ------------------ 202| 24| throw TLS_Exception(Alert::IllegalParameter, "Too many PSK binders"); 203| 24| } 204| | 205| 38| m_impl = std::make_unique(std::move(psks)); 206| 38| } else { 207| 3| throw TLS_Exception(Alert::DecodeError, "Found a PSK extension in an unexpected handshake message"); 208| 3| } 209| 93|} _ZN5Botan3TLS3PSKD2Ev: 231| 14|PSK::~PSK() = default; tls_extensions_psk.cpp:_ZN5Botan3TLS12_GLOBAL__N_110Server_PSKC2Et: 109| 3| explicit Server_PSK(uint16_t id) : m_selected_identity(id), m_session_to_resume_or_psk(std::monostate()) {} tls_extensions_psk.cpp:_ZN5Botan3TLS12_GLOBAL__N_110Client_PSKC2ENS0_11PskIdentityENSt3__16vectorIhNS4_9allocatorIhEEEE: 56| 325| m_identity(std::move(id)), m_binder(std::move(bndr)), m_is_resumption(false) {} tls_extensions_psk.cpp:_ZN5Botan3TLS3PSK12PSK_InternalC2ENS0_12_GLOBAL__N_110Server_PSKE: 134| 3| explicit PSK_Internal(Server_PSK srv_psk) : psk(std::move(srv_psk)) {} tls_extensions_psk.cpp:_ZN5Botan3TLS3PSK12PSK_InternalC2ENSt3__16vectorINS0_12_GLOBAL__N_110Client_PSKENS3_9allocatorIS6_EEEE: 136| 11| explicit PSK_Internal(std::vector clt_psks) : psk(std::move(clt_psks)) {} _ZN5Botan3TLS15Handshake_Layer9copy_dataENSt3__14spanIKhLm18446744073709551615EEE: 22| 10.6k|void Handshake_Layer::copy_data(std::span data_from_peer) { 23| | // Compact consumed data before appending new data 24| 10.6k| BOTAN_ASSERT_NOMSG(m_read_offset <= m_read_buffer.size()); ------------------ | | 77| 10.6k| do { \ | | 78| 10.6k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 10.6k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 10.6k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 10.6k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 10.6k] | | ------------------ ------------------ 25| 10.6k| if(m_read_offset > 0) { ------------------ | Branch (25:7): [True: 0, False: 10.6k] ------------------ 26| 0| m_read_buffer.erase(m_read_buffer.begin(), m_read_buffer.begin() + m_read_offset); 27| 0| m_read_offset = 0; 28| 0| } 29| | 30| 10.6k| m_read_buffer.insert(m_read_buffer.end(), data_from_peer.begin(), data_from_peer.end()); 31| 10.6k|} _ZN5Botan3TLS15Handshake_Layer12next_messageERKNS0_6PolicyERNS0_21Transcript_Hash_StateE: 141| 10.6k| Transcript_Hash_State& transcript_hash) { 142| 10.6k| BOTAN_ASSERT_NOMSG(m_read_offset <= m_read_buffer.size()); ------------------ | | 77| 10.6k| do { \ | | 78| 10.6k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 10.6k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 10.6k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 10.6k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 10.6k] | | ------------------ ------------------ 143| 10.6k| auto pending = std::span{m_read_buffer}.subspan(m_read_offset); 144| 10.6k| TLS::TLS_Data_Reader reader("handshake message", pending); 145| | 146| 10.6k| auto msg = parse_message(reader, policy, m_peer, m_certificate_type); 147| 10.6k| if(msg.has_value()) { ------------------ | Branch (147:7): [True: 3.87k, False: 6.79k] ------------------ 148| 3.87k| transcript_hash.update(pending.first(reader.read_so_far())); 149| 3.87k| m_read_offset += reader.read_so_far(); 150| 3.87k| BOTAN_ASSERT_NOMSG(m_read_offset <= m_read_buffer.size()); ------------------ | | 77| 3.87k| do { \ | | 78| 3.87k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 3.87k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 3.87k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 3.87k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 3.87k] | | ------------------ ------------------ 151| | 152| 3.87k| if(m_read_offset == m_read_buffer.size()) { ------------------ | Branch (152:10): [True: 3.82k, False: 47] ------------------ 153| 3.82k| m_read_buffer.clear(); 154| 3.82k| m_read_offset = 0; 155| 3.82k| } 156| 3.87k| } 157| | 158| 10.6k| return msg; 159| 10.6k|} tls_handshake_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_113parse_messageINSt3__17variantIJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimENS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEEEENS3_8optionalIT_EERNS0_15TLS_Data_ReaderERKNS0_6PolicyENS0_15Connection_SideENS0_16Certificate_TypeE: 78| 10.6k| const Certificate_Type cert_type) { 79| | // read the message header 80| 10.6k| if(reader.remaining_bytes() < HEADER_LENGTH) { ------------------ | Branch (80:7): [True: 68, False: 10.6k] ------------------ 81| 68| return std::nullopt; 82| 68| } 83| | 84| 10.6k| const Handshake_Type type = handshake_type_from_byte(reader.get_byte()); 85| | 86| | // make sure we have received the full message 87| 10.6k| const size_t msg_len = reader.get_uint24_t(); 88| | 89| | // TODO(Botan4) this is split out due to a GCC 11 ICE, can be inlined 90| 10.6k| verify_handshake_message_size(msg_len, policy.maximum_handshake_message_size()); 91| | 92| 10.6k| if(reader.remaining_bytes() < msg_len) { ------------------ | Branch (92:7): [True: 5.17k, False: 5.42k] ------------------ 93| 5.17k| return std::nullopt; 94| 5.17k| } 95| | 96| | // create the message 97| 5.42k| const auto msg = reader.get_fixed(msg_len); 98| 5.42k| if constexpr(std::is_same_v) { 99| 5.42k| switch(type) { 100| | // Client Hello and Server Hello messages are ambiguous. Both may come 101| | // from non-TLS 1.3 peers. Hence, their parsing is somewhat different. 102| 4.25k| case Handshake_Type::ClientHello: ------------------ | Branch (102:10): [True: 4.25k, False: 1.17k] ------------------ 103| | // ... might be TLS 1.2 Client Hello or TLS 1.3 Client Hello 104| 4.25k| return generalize_to(Client_Hello_13::parse(msg)); 105| 118| case Handshake_Type::ServerHello: ------------------ | Branch (105:10): [True: 118, False: 5.30k] ------------------ 106| | // ... might be TLS 1.2 Server Hello or TLS 1.3 Server Hello or 107| | // a TLS 1.3 Hello Retry Request disguising as a Server Hello 108| 118| return generalize_to(Server_Hello_13::parse(msg)); 109| | // case Handshake_Type::EndOfEarlyData: 110| | // return End_Of_Early_Data(msg); 111| 591| case Handshake_Type::EncryptedExtensions: ------------------ | Branch (111:10): [True: 591, False: 4.83k] ------------------ 112| 591| return Encrypted_Extensions(msg); 113| 352| case Handshake_Type::Certificate: ------------------ | Branch (113:10): [True: 352, False: 5.07k] ------------------ 114| 352| return Certificate_13(msg, policy, peer_side, cert_type); 115| 1| case Handshake_Type::CertificateRequest: ------------------ | Branch (115:10): [True: 1, False: 5.42k] ------------------ 116| 1| return Certificate_Request_13(msg, peer_side); 117| 50| case Handshake_Type::CertificateVerify: ------------------ | Branch (117:10): [True: 50, False: 5.37k] ------------------ 118| 50| return Certificate_Verify_13(msg, peer_side); 119| 15| case Handshake_Type::Finished: ------------------ | Branch (119:10): [True: 15, False: 5.41k] ------------------ 120| 15| return Finished_13(msg); 121| 0| default: ------------------ | Branch (121:10): [True: 0, False: 5.42k] ------------------ 122| 0| BOTAN_ASSERT(false, "cannot be reached"); // make sure to update handshake_type_from_byte ------------------ | | 64| 0| do { \ | | 65| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 0| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, Folded] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 0| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 0] | | ------------------ ------------------ 123| 5.42k| } 124| | } else { 125| | BOTAN_UNUSED(peer_side); 126| | 127| | switch(type) { 128| | case Handshake_Type::NewSessionTicket: 129| | return New_Session_Ticket_13(msg, peer_side); 130| | case Handshake_Type::KeyUpdate: 131| | return Key_Update(msg); 132| | default: 133| | BOTAN_ASSERT(false, "cannot be reached"); // make sure to update handshake_type_from_byte 134| | } 135| | } 136| 5.42k|} tls_handshake_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_124handshake_type_from_byteINSt3__17variantIJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimENS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEEEENS0_14Handshake_TypeEh: 38| 10.6k|Handshake_Type handshake_type_from_byte(uint8_t byte_value) { 39| 10.6k| const auto type = static_cast(byte_value); 40| | 41| 10.6k| if constexpr(std::is_same_v) { 42| 10.6k| switch(type) { 43| 5.99k| case Handshake_Type::ClientHello: ------------------ | Branch (43:10): [True: 5.99k, False: 4.61k] ------------------ 44| 6.36k| case Handshake_Type::ServerHello: ------------------ | Branch (44:10): [True: 367, False: 10.2k] ------------------ 45| | // case Handshake_Type::EndOfEarlyData: // NYI: needs PSK/resumption support -- won't be offered in Client Hello for now 46| 7.28k| case Handshake_Type::EncryptedExtensions: ------------------ | Branch (46:10): [True: 927, False: 9.67k] ------------------ 47| 8.31k| case Handshake_Type::Certificate: ------------------ | Branch (47:10): [True: 1.03k, False: 9.57k] ------------------ 48| 9.68k| case Handshake_Type::CertificateRequest: ------------------ | Branch (48:10): [True: 1.36k, False: 9.23k] ------------------ 49| 9.98k| case Handshake_Type::CertificateVerify: ------------------ | Branch (49:10): [True: 303, False: 10.3k] ------------------ 50| 10.5k| case Handshake_Type::Finished: ------------------ | Branch (50:10): [True: 601, False: 10.0k] ------------------ 51| 10.5k| return type; 52| 15| default: ------------------ | Branch (52:10): [True: 15, False: 10.5k] ------------------ 53| 15| throw TLS_Exception(AlertType::UnexpectedMessage, "Unknown handshake message received"); 54| 10.6k| } 55| | } else { 56| | switch(type) { 57| | case Handshake_Type::NewSessionTicket: 58| | case Handshake_Type::KeyUpdate: 59| | // case Handshake_Type::CertificateRequest: // NYI: post-handshake client auth (RFC 8446 4.6.2) -- won't be offered in Client Hello for now 60| | return type; 61| | default: 62| | throw TLS_Exception(AlertType::UnexpectedMessage, "Unknown post-handshake message received"); 63| | } 64| | } 65| 10.6k|} tls_handshake_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_129verify_handshake_message_sizeEmm: 67| 10.5k|void verify_handshake_message_size(size_t msg_len, size_t max_size) { 68| 10.5k| if(max_size > 0 && msg_len > max_size) { ------------------ | Branch (68:7): [True: 10.5k, False: 0] | Branch (68:23): [True: 28, False: 10.5k] ------------------ 69| 28| throw TLS_Exception(Alert::HandshakeFailure, 70| 28| Botan::fmt("Handshake message is {} bytes, policy maximum is {}", msg_len, max_size)); 71| 28| } 72| 10.5k|} _ZN5Botan3TLS8Internal23Handshake_State_13_Base5storeENS0_20Client_Hello_12_ShimEb: 26| 3.67k|Client_Hello_12_Shim& Handshake_State_13_Base::store(Client_Hello_12_Shim client_hello, const bool /*from_peer*/) { 27| 3.67k| m_client_hello_12 = std::move(client_hello); 28| 3.67k| return m_client_hello_12.value(); 29| 3.67k|} _ZN5Botan3TLS8Internal23Handshake_State_13_Base5storeENS0_14Certificate_13Eb: 58| 2|Certificate_13& Handshake_State_13_Base::store(Certificate_13 certificate, const bool from_peer) { 59| 2| auto& target = ((m_side == Connection_Side::Client) == from_peer) ? m_server_certificate : m_client_certificate; ------------------ | Branch (59:19): [True: 0, False: 2] ------------------ 60| 2| target = std::move(certificate); 61| 2| return target.value(); 62| 2|} _ZN5Botan3TLS8Internal23Handshake_State_13_Base5storeENS0_21Certificate_Verify_13Eb: 64| 6|Certificate_Verify_13& Handshake_State_13_Base::store(Certificate_Verify_13 certificate_verify, const bool from_peer) { 65| 6| auto& target = 66| 6| ((m_side == Connection_Side::Client) == from_peer) ? m_server_certificate_verify : m_client_certificate_verify; ------------------ | Branch (66:7): [True: 0, False: 6] ------------------ 67| 6| target = std::move(certificate_verify); 68| 6| return target.value(); 69| 6|} _ZN5Botan3TLS8Internal23Handshake_State_13_Base5storeENS0_11Finished_13Eb: 71| 6|Finished_13& Handshake_State_13_Base::store(Finished_13 finished, const bool from_peer) { 72| 6| auto& target = ((m_side == Connection_Side::Client) == from_peer) ? m_server_finished : m_client_finished; ------------------ | Branch (72:19): [True: 0, False: 6] ------------------ 73| 6| target = std::move(finished); 74| 6| return target.value(); 75| 6|} _ZN5Botan3TLS12Record_LayerC2ENS0_15Connection_SideE: 148| 5.69k| m_side(side), 149| 5.69k| m_outgoing_record_size_limit(MAX_PLAINTEXT_SIZE + 1 /* content type byte */), 150| 5.69k| m_incoming_record_size_limit(MAX_PLAINTEXT_SIZE + 1 /* content type byte */) 151| | 152| | // RFC 8446 5.1 153| | // legacy_record_version: MUST be set to 0x0303 for all records 154| | // generated by a TLS 1.3 implementation other than an initial 155| | // ClientHello [...], where it MAY also be 0x0301 for compatibility 156| | // purposes. 157| | // 158| | // Additionally, older peers might send other values while requesting a 159| | // protocol downgrade. I.e. we need to be able to tolerate/emit legacy 160| | // values until we negotiated a TLS 1.3 compliant connection. 161| | // 162| | // As a client: we may initially emit the compatibility version and 163| | // accept a wider range of incoming legacy record versions. 164| | // As a server: we start with emitting the specified legacy version of 0x0303 165| | // but must also allow a wider range of incoming legacy values. 166| | // 167| | // Once TLS 1.3 is negotiateed, the implementations will disable these 168| | // compatibility modes accordingly or a protocol downgrade will transfer 169| | // the marshalling responsibility to our TLS 1.2 implementation. 170| | , 171| 5.69k| m_sending_compat_mode(m_side == Connection_Side::Client), 172| 5.69k| m_receiving_compat_mode(true) {} _ZN5Botan3TLS12Record_Layer9copy_dataENSt3__14spanIKhLm18446744073709551615EEE: 174| 5.69k|void Record_Layer::copy_data(std::span data) { 175| | // Compact consumed data before appending new data 176| 5.69k| BOTAN_ASSERT_NOMSG(m_read_offset <= m_read_buffer.size()); ------------------ | | 77| 5.69k| do { \ | | 78| 5.69k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 5.69k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 5.69k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 5.69k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 5.69k] | | ------------------ ------------------ 177| 5.69k| if(m_read_offset > 0) { ------------------ | Branch (177:7): [True: 0, False: 5.69k] ------------------ 178| 0| m_read_buffer.erase(m_read_buffer.begin(), m_read_buffer.begin() + m_read_offset); 179| 0| m_read_offset = 0; 180| 0| } 181| | 182| 5.69k| m_read_buffer.insert(m_read_buffer.end(), data.begin(), data.end()); 183| 5.69k|} _ZNK5Botan3TLS12Record_Layer15prepare_recordsENS0_11Record_TypeENSt3__14spanIKhLm18446744073709551615EEEPNS0_12Cipher_StateE: 187| 1.86k| Cipher_State* cipher_state) const { 188| | // RFC 8446 5. 189| | // Note that [change_cipher_spec records] may appear at a point at the 190| | // handshake where the implementation is expecting protected records. 191| | // 192| | // RFC 8446 5. 193| | // An implementation which receives [...] a protected change_cipher_spec 194| | // record MUST abort the handshake [...]. 195| | // 196| | // ... hence, CHANGE_CIPHER_SPEC is never protected, even if a usable cipher 197| | // state was passed to this method. 198| 1.86k| const bool protect = cipher_state != nullptr && type != Record_Type::ChangeCipherSpec; ------------------ | Branch (198:25): [True: 0, False: 1.86k] | Branch (198:52): [True: 0, False: 0] ------------------ 199| | 200| | // RFC 8446 5.1 201| 1.86k| BOTAN_ASSERT(protect || type != Record_Type::ApplicationData, ------------------ | | 64| 1.86k| do { \ | | 65| 1.86k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 3.72k| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 0, False: 1.86k] | | | Branch (66:12): [True: 1.86k, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 1.86k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 1.86k] | | ------------------ ------------------ 202| 1.86k| "Application Data records MUST NOT be written to the wire unprotected"); 203| | 204| | // RFC 8446 5.1 205| | // "MUST NOT sent zero-length fragments of Handshake types" 206| | // "a record with an Alert type MUST contain exactly one message" [of non-zero length] 207| | // "Zero-length fragments of Application Data MAY be sent" 208| 1.86k| BOTAN_ASSERT(!data.empty() || type == Record_Type::ApplicationData, ------------------ | | 64| 1.86k| do { \ | | 65| 1.86k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 1.86k| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 1.86k, False: 0] | | | Branch (66:12): [True: 0, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 1.86k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 1.86k] | | ------------------ ------------------ 209| 1.86k| "zero-length fragments of types other than application data are not allowed"); 210| | 211| 1.86k| if(type == Record_Type::ChangeCipherSpec && !verify_change_cipher_spec(data.begin(), data.size())) { ------------------ | Branch (211:7): [True: 0, False: 1.86k] | Branch (211:48): [True: 0, False: 0] ------------------ 212| 0| throw Invalid_Argument("TLS 1.3 deprecated CHANGE_CIPHER_SPEC"); 213| 0| } 214| | 215| 1.86k| std::vector output; 216| | 217| | // RFC 8446 5.2 218| | // type: The TLSPlaintext.type value containing the content type of the record. 219| 1.86k| constexpr size_t content_type_tag_length = 1; 220| | 221| | // RFC 8449 4. 222| | // When the "record_size_limit" extension is negotiated, an endpoint 223| | // MUST NOT generate a protected record with plaintext that is larger 224| | // than the RecordSizeLimit value it receives from its peer. 225| | // Unprotected messages are not subject to this limit. 226| 1.86k| const size_t max_plaintext_size = 227| 1.86k| (protect) ? m_outgoing_record_size_limit - content_type_tag_length : static_cast(MAX_PLAINTEXT_SIZE); ------------------ | Branch (227:7): [True: 0, False: 1.86k] ------------------ 228| | 229| 1.86k| const auto records = std::max((data.size() + max_plaintext_size - 1) / max_plaintext_size, size_t(1)); 230| 1.86k| auto output_length = records * TLS_HEADER_SIZE; 231| 1.86k| if(protect) { ------------------ | Branch (231:7): [True: 0, False: 1.86k] ------------------ 232| | // n-1 full records of size max_plaintext_size 233| 0| output_length += 234| 0| (records - 1) * cipher_state->encrypt_output_length(max_plaintext_size + content_type_tag_length); 235| | // last record with size of remaining data 236| 0| output_length += cipher_state->encrypt_output_length(data.size() - ((records - 1) * max_plaintext_size) + 237| 0| content_type_tag_length); 238| 1.86k| } else { 239| 1.86k| output_length += data.size(); 240| 1.86k| } 241| 1.86k| output.reserve(output_length); 242| | 243| 1.86k| size_t pt_offset = 0; 244| 1.86k| size_t to_process = data.size(); 245| | 246| | // For protected records we need to write at least one encrypted fragment, 247| | // even if the plaintext size is zero. This happens only for Application 248| | // Data types. 249| 1.86k| BOTAN_ASSERT_NOMSG(to_process != 0 || protect); ------------------ | | 77| 1.86k| do { \ | | 78| 1.86k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 1.86k| if(!(expr)) { \ | | ------------------ | | | Branch (79:12): [True: 1.86k, False: 0] | | | Branch (79:12): [True: 0, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 1.86k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 1.86k] | | ------------------ ------------------ 250| | // NOLINTNEXTLINE(*-avoid-do-while) 251| 1.86k| do { 252| 1.86k| const size_t pt_size = std::min(to_process, max_plaintext_size); 253| 1.86k| const size_t ct_size = 254| 1.86k| (!protect) ? pt_size : cipher_state->encrypt_output_length(pt_size + content_type_tag_length); ------------------ | Branch (254:10): [True: 1.86k, False: 0] ------------------ 255| 1.86k| const auto pt_type = (!protect) ? type : Record_Type::ApplicationData; ------------------ | Branch (255:28): [True: 1.86k, False: 0] ------------------ 256| | 257| | // RFC 8446 5.1 258| | // MUST be set to 0x0303 for all records generated by a TLS 1.3 259| | // implementation other than an initial ClientHello [...], where 260| | // it MAY also be 0x0301 for compatibility purposes. 261| 1.86k| const auto record_header = TLSPlaintext_Header(pt_type, ct_size, m_sending_compat_mode).serialized(); 262| | 263| 1.86k| output.insert(output.end(), record_header.cbegin(), record_header.cend()); 264| | 265| 1.86k| auto pt_fragment = data.subspan(pt_offset, pt_size); 266| 1.86k| if(protect) { ------------------ | Branch (266:10): [True: 0, False: 1.86k] ------------------ 267| 0| secure_vector fragment; 268| 0| fragment.reserve(ct_size); 269| | 270| | // assemble TLSInnerPlaintext structure 271| 0| fragment.insert(fragment.end(), pt_fragment.begin(), pt_fragment.end()); 272| 0| fragment.push_back(static_cast(type)); 273| | // TODO: zero padding could go here, see RFC 8446 5.4 274| | 275| 0| cipher_state->encrypt_record_fragment(record_header, fragment); 276| 0| BOTAN_ASSERT_NOMSG(fragment.size() == ct_size); ------------------ | | 77| 0| do { \ | | 78| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 0| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 0| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 0] | | ------------------ ------------------ 277| | 278| 0| output.insert(output.end(), fragment.cbegin(), fragment.cend()); 279| 1.86k| } else { 280| 1.86k| output.insert(output.end(), pt_fragment.begin(), pt_fragment.end()); 281| 1.86k| } 282| | 283| 1.86k| pt_offset += pt_size; 284| 1.86k| to_process -= pt_size; 285| 1.86k| } while(to_process > 0); ------------------ | Branch (285:12): [True: 0, False: 1.86k] ------------------ 286| | 287| 1.86k| BOTAN_ASSERT_NOMSG(output.size() == output_length); ------------------ | | 77| 1.86k| do { \ | | 78| 1.86k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 1.86k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 1.86k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 1.86k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 1.86k] | | ------------------ ------------------ 288| 1.86k| return output; 289| 1.86k|} _ZN5Botan3TLS12Record_Layer11next_recordEPNS0_12Cipher_StateE: 291| 11.9k|Record_Layer::ReadResult Record_Layer::next_record(Cipher_State* cipher_state) { 292| 11.9k| const auto remaining = m_read_buffer.size() - m_read_offset; 293| | 294| 11.9k| if(remaining < TLS_HEADER_SIZE) { ------------------ | Branch (294:7): [True: 100, False: 11.8k] ------------------ 295| 100| return TLS_HEADER_SIZE - remaining; 296| 100| } 297| | 298| 11.8k| const auto header_begin = m_read_buffer.cbegin() + m_read_offset; 299| 11.8k| const auto header_end = header_begin + TLS_HEADER_SIZE; 300| | 301| | // The first received record(s) are likely a client or server hello. To be able to 302| | // perform protocol downgrades we must be less vigorous with the record's 303| | // legacy version. Hence, `check_tls13_version` is `false` for the first record(s). 304| 11.8k| const TLSPlaintext_Header plaintext_header({header_begin, header_end}, !m_receiving_compat_mode); 305| | 306| | // After the key exchange phase of the handshake is completed and record protection is engaged, 307| | // cipher_state is set. At this point, only protected traffic (and CCS) is allowed. 308| | // 309| | // RFC 8446 2. 310| | // - Key Exchange: Establish shared keying material and select the 311| | // cryptographic parameters. Everything after this phase is 312| | // encrypted. 313| | // RFC 8446 5. 314| | // An implementation may receive an unencrypted [CCS] at any time 315| 11.8k| if(cipher_state != nullptr && plaintext_header.type() != Record_Type::ApplicationData && ------------------ | Branch (315:7): [True: 0, False: 11.8k] | Branch (315:34): [True: 0, False: 0] ------------------ 316| 0| plaintext_header.type() != Record_Type::ChangeCipherSpec && ------------------ | Branch (316:7): [True: 0, False: 0] ------------------ 317| 0| (!cipher_state->must_expect_unprotected_alert_traffic() || plaintext_header.type() != Record_Type::Alert)) { ------------------ | Branch (317:8): [True: 0, False: 0] | Branch (317:66): [True: 0, False: 0] ------------------ 318| 0| throw TLS_Exception(Alert::UnexpectedMessage, "unprotected record received where protected traffic was expected"); 319| 0| } 320| | 321| 11.8k| if(remaining < TLS_HEADER_SIZE + plaintext_header.fragment_length()) { ------------------ | Branch (321:7): [True: 43, False: 11.7k] ------------------ 322| 43| return TLS_HEADER_SIZE + plaintext_header.fragment_length() - remaining; 323| 43| } 324| | 325| 11.7k| const auto fragment_begin = header_end; 326| 11.7k| const auto fragment_end = fragment_begin + plaintext_header.fragment_length(); 327| | 328| 11.7k| if(plaintext_header.type() == Record_Type::ChangeCipherSpec && ------------------ | Branch (328:7): [True: 14, False: 11.7k] ------------------ 329| 14| !verify_change_cipher_spec(fragment_begin, plaintext_header.fragment_length())) { ------------------ | Branch (329:7): [True: 12, False: 2] ------------------ 330| 12| throw TLS_Exception(Alert::UnexpectedMessage, "malformed change cipher spec record received"); 331| 12| } 332| | 333| 11.7k| Record record(plaintext_header.type(), secure_vector(fragment_begin, fragment_end)); 334| 11.7k| m_read_offset += TLS_HEADER_SIZE + plaintext_header.fragment_length(); 335| | 336| | // If all buffered data has been consumed, release the buffer memory 337| | // to avoid retaining peak allocation on idle connections. 338| 11.7k| if(m_read_offset == m_read_buffer.size()) { ------------------ | Branch (338:7): [True: 2.00k, False: 9.74k] ------------------ 339| 2.00k| zap(m_read_buffer); 340| 2.00k| m_read_offset = 0; 341| 2.00k| } 342| | 343| 11.7k| if(record.type == Record_Type::ApplicationData) { ------------------ | Branch (343:7): [True: 6, False: 11.7k] ------------------ 344| 6| if(cipher_state == nullptr) { ------------------ | Branch (344:10): [True: 6, False: 0] ------------------ 345| | // This could also mean a misuse of the interface, i.e. failing to provide a valid 346| | // cipher_state to parse_records when receiving valid (encrypted) Application Data. 347| 6| throw TLS_Exception(Alert::UnexpectedMessage, "premature Application Data received"); 348| 6| } 349| | 350| 0| if(record.fragment.size() < cipher_state->minimum_decryption_input_length()) { ------------------ | Branch (350:10): [True: 0, False: 0] ------------------ 351| 0| throw TLS_Exception(Alert::BadRecordMac, "incomplete record mac received"); 352| 0| } 353| | 354| 0| if(cipher_state->decrypt_output_length(record.fragment.size()) > m_incoming_record_size_limit) { ------------------ | Branch (354:10): [True: 0, False: 0] ------------------ 355| 0| throw TLS_Exception(Alert::RecordOverflow, "Received an encrypted record that exceeds maximum plaintext size"); 356| 0| } 357| | 358| 0| record.seq_no = cipher_state->decrypt_record_fragment(plaintext_header.serialized(), record.fragment); 359| | 360| | // Remove record padding (RFC 8446 5.4). The TLSInnerPlaintext layout is 361| | // content || content_type || zero_padding 362| 0| auto seen_nonzero = CT::Mask::cleared(); 363| 0| uint8_t content_type_byte = 0; 364| 0| size_t content_index = 0; 365| 0| for(size_t i = record.fragment.size(); i-- > 0;) { ------------------ | Branch (365:46): [True: 0, False: 0] ------------------ 366| 0| const uint8_t b = record.fragment[i]; 367| 0| const auto byte_is_nonzero = CT::Mask::expand(b); 368| | // Set on the first non-zero byte we encounter scanning right-to-left. 369| 0| const auto first_nonzero = byte_is_nonzero & ~seen_nonzero; 370| 0| content_type_byte = first_nonzero.select(b, content_type_byte); 371| 0| content_index = CT::Mask::expand(first_nonzero.value()).select(i, content_index); 372| 0| seen_nonzero |= byte_is_nonzero; 373| 0| } 374| | 375| 0| if(!seen_nonzero.as_bool()) { ------------------ | Branch (375:10): [True: 0, False: 0] ------------------ 376| | // RFC 8446 5.4 377| | // If a receiving implementation does not 378| | // find a non-zero octet in the cleartext, it MUST terminate the 379| | // connection with an "unexpected_message" alert. 380| 0| throw TLS_Exception(Alert::UnexpectedMessage, "No content type found in encrypted record"); 381| 0| } 382| | 383| | // hydrate the actual content type from TLSInnerPlaintext 384| 0| record.type = read_record_type(content_type_byte); 385| | 386| 0| if(record.type == Record_Type::ChangeCipherSpec) { ------------------ | Branch (386:10): [True: 0, False: 0] ------------------ 387| | // RFC 8446 5 388| | // An implementation [...] which receives a protected change_cipher_spec record MUST 389| | // abort the handshake with an "unexpected_message" alert. 390| 0| throw TLS_Exception(Alert::UnexpectedMessage, "protected change cipher spec received"); 391| 0| } 392| | 393| | // Truncate to drop the content_type byte and padding. resize() on a 394| | // vector of trivially-destructible elements is bookkeeping-only and 395| | // does not allocate or iterate over the dropped suffix. 396| 0| record.fragment.resize(content_index); 397| | 398| | // RFC 8446 5.4 399| | // Implementations MUST NOT send Handshake and Alert records that have 400| | // a zero-length TLSInnerPlaintext.content; if such a message is 401| | // received, the receiving implementation MUST terminate the connection 402| | // with an "unexpected_message" alert. 403| 0| if(record.fragment.empty() && record.type != Record_Type::ApplicationData) { ------------------ | Branch (403:10): [True: 0, False: 0] | Branch (403:37): [True: 0, False: 0] ------------------ 404| 0| throw TLS_Exception(Alert::UnexpectedMessage, 405| 0| "Received a protected record with empty TLSInnerPlaintext content"); 406| 0| } 407| 0| } 408| | 409| 11.7k| return record; 410| 11.7k|} tls_record_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_119TLSPlaintext_HeaderC2ENS0_11Record_TypeEmb: 118| 1.86k| m_type(record_type), 119| 1.86k| m_legacy_version(use_compatibility_version ? 0x0301 : 0x0303) // RFC 8446 5.1 ------------------ | Branch (119:30): [True: 0, False: 1.86k] ------------------ 120| | , 121| 1.86k| m_fragment_length(static_cast(frgmnt_length)), 122| 1.86k| m_serialized({ 123| 1.86k| static_cast(m_type), 124| 1.86k| m_legacy_version.major_version(), 125| 1.86k| m_legacy_version.minor_version(), 126| 1.86k| get_byte<0>(m_fragment_length), 127| 1.86k| get_byte<1>(m_fragment_length), 128| 1.86k| }) {} tls_record_layer_13.cpp:_ZNK5Botan3TLS12_GLOBAL__N_119TLSPlaintext_Header10serializedEv: 136| 1.86k| const std::vector& serialized() const { return m_serialized; } tls_record_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_119TLSPlaintext_HeaderC2ENSt3__16vectorIhNS3_9allocatorIhEEEEb: 55| 11.8k| TLSPlaintext_Header(std::vector hdr, const bool check_tls13_version) { 56| | // NOLINTBEGIN(*-prefer-member-initializer) 57| 11.8k| m_type = read_record_type(hdr[0]); 58| 11.8k| m_legacy_version = Protocol_Version(make_uint16(hdr[1], hdr[2])); 59| 11.8k| m_fragment_length = make_uint16(hdr[3], hdr[4]); 60| 11.8k| m_serialized = std::move(hdr); 61| | // NOLINTEND(*-prefer-member-initializer) 62| | 63| | // If no full version check is requested, we just verify the practically 64| | // ossified major version number. 65| 11.8k| if(m_legacy_version.major_version() != 0x03) { ------------------ | Branch (65:13): [True: 24, False: 11.7k] ------------------ 66| 24| throw TLS_Exception(Alert::IllegalParameter, "Received unexpected record version"); 67| 24| } 68| | 69| | // RFC 8446 5.1 70| | // legacy_record_version: MUST be set to 0x0303 for all records 71| | // generated by a TLS 1.3 implementation 72| 11.7k| if(check_tls13_version && m_legacy_version.version_code() != 0x0303) { ------------------ | Branch (72:13): [True: 0, False: 11.7k] | Branch (72:36): [True: 0, False: 0] ------------------ 73| 0| throw TLS_Exception(Alert::IllegalParameter, "Received unexpected record version"); 74| 0| } 75| | 76| | // RFC 8446 5.1 77| | // Implementations MUST NOT send zero-length fragments of Handshake 78| | // types, even if those fragments contain padding. 79| | // 80| | // Zero-length fragments of Application Data MAY be sent, as they are 81| | // potentially useful as a traffic analysis countermeasure. 82| 11.7k| if(m_fragment_length == 0 && type() != Record_Type::ApplicationData) { ------------------ | Branch (82:13): [True: 7, False: 11.7k] | Branch (82:39): [True: 2, False: 5] ------------------ 83| 2| throw TLS_Exception(Alert::DecodeError, "empty record received"); 84| 2| } 85| | 86| 11.7k| if(m_type == Record_Type::ApplicationData) { ------------------ | Branch (86:13): [True: 27, False: 11.7k] ------------------ 87| | // RFC 8446 5.2 88| | // The length [...] is the sum of the lengths of the content and the 89| | // padding, plus one for the inner content type, plus any expansion 90| | // added by the AEAD algorithm. The length MUST NOT exceed 2^14 + 256 bytes. 91| | // 92| | // Note: Limits imposed by a "record_size_limit" extension do not come 93| | // into play here, as those limits are on the plaintext _not_ the 94| | // encrypted data. Constricted devices must be able to deal with 95| | // data overhead inflicted by the AEAD. 96| 27| if(m_fragment_length > MAX_CIPHERTEXT_SIZE_TLS13) { ------------------ | Branch (96:16): [True: 3, False: 24] ------------------ 97| 3| throw TLS_Exception(Alert::RecordOverflow, "Received an encrypted record that exceeds maximum size"); 98| 3| } 99| 11.7k| } else { 100| | // RFC 8446 5.1 101| | // The length MUST NOT exceed 2^14 bytes. An endpoint that receives a record that 102| | // exceeds this length MUST terminate the connection with a "record_overflow" alert. 103| | // 104| | // RFC 8449 4. 105| | // When the "record_size_limit" extension is negotiated, an endpoint 106| | // MUST NOT generate a protected record with plaintext that is larger 107| | // than the RecordSizeLimit value it receives from its peer. 108| | // -> Unprotected messages are not subject to this limit. <- 109| 11.7k| if(m_fragment_length > MAX_PLAINTEXT_SIZE) { ------------------ | Branch (109:16): [True: 8, False: 11.7k] ------------------ 110| 8| throw TLS_Exception(Alert::RecordOverflow, "Received a record that exceeds maximum size"); 111| 8| } 112| 11.7k| } 113| 11.7k| } tls_record_layer_13.cpp:_ZNK5Botan3TLS12_GLOBAL__N_119TLSPlaintext_Header4typeEv: 130| 23.3k| Record_Type type() const { return m_type; } tls_record_layer_13.cpp:_ZNK5Botan3TLS12_GLOBAL__N_119TLSPlaintext_Header15fragment_lengthEv: 132| 35.1k| uint16_t fragment_length() const { return m_fragment_length; } tls_record_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_116read_record_typeEh: 36| 11.8k|Record_Type read_record_type(const uint8_t type_byte) { 37| | // RFC 8446 5. 38| | // If a TLS implementation receives an unexpected record type, 39| | // it MUST terminate the connection with an "unexpected_message" alert. 40| 11.8k| if(type_byte != static_cast(Record_Type::ApplicationData) && ------------------ | Branch (40:7): [True: 11.7k, False: 28] ------------------ 41| 11.7k| type_byte != static_cast(Record_Type::Handshake) && ------------------ | Branch (41:7): [True: 1.05k, False: 10.7k] ------------------ 42| 1.05k| type_byte != static_cast(Record_Type::Alert) && ------------------ | Branch (42:7): [True: 45, False: 1.01k] ------------------ 43| 45| type_byte != static_cast(Record_Type::ChangeCipherSpec)) { ------------------ | Branch (43:7): [True: 27, False: 18] ------------------ 44| 27| throw TLS_Exception(Alert::UnexpectedMessage, "TLS record type had unexpected value"); 45| 27| } 46| | 47| 11.7k| return static_cast(type_byte); 48| 11.8k|} tls_record_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_125verify_change_cipher_specINSt3__111__wrap_iterIPKhEEEEbT_m: 24| 14|bool verify_change_cipher_spec(const IteratorT data, const size_t size) { 25| | // RFC 8446 5. 26| | // An implementation may receive an unencrypted record of type 27| | // change_cipher_spec consisting of the single byte value 0x01 28| | // at any time [...]. An implementation which receives any other 29| | // change_cipher_spec value or which receives a protected 30| | // change_cipher_spec record MUST abort the handshake [...]. 31| 14| const size_t expected_fragment_length = 1; 32| 14| const uint8_t expected_fragment_byte = 0x01; 33| 14| return (size == expected_fragment_length && *data == expected_fragment_byte); ------------------ | Branch (33:12): [True: 10, False: 4] | Branch (33:48): [True: 2, False: 8] ------------------ 34| 14|} _ZN5Botan3TLS14Server_Impl_13C2ERKNSt3__110shared_ptrINS0_9CallbacksEEERKNS3_INS0_15Session_ManagerEEERKNS3_INS_19Credentials_ManagerEEERKNS3_IKNS0_6PolicyEEERKNS3_INS_21RandomNumberGeneratorEEE: 28| 5.69k| Channel_Impl_13(callbacks, session_manager, credentials_manager, rng, policy, true /* is_server */), 29| 5.69k| m_handshake(std::make_unique()) { 30| 5.69k|#if defined(BOTAN_HAS_TLS_12) 31| 5.69k| if(policy->allow_tls12()) { ------------------ | Branch (31:7): [True: 5.69k, False: 0] ------------------ 32| 5.69k| expect_downgrade({}, {}); 33| 5.69k| } 34| 5.69k|#endif 35| | 36| 5.69k| m_handshake->transitions.set_expected_next(Handshake_Type::ClientHello); 37| 5.69k|} _ZN5Botan3TLS14Server_Impl_1321process_handshake_msgENSt3__17variantIJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimENS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEE: 152| 3.85k|void Server_Impl_13::process_handshake_msg(Handshake_Message_13 message) { 153| 3.85k| BOTAN_STATE_CHECK(m_handshake != nullptr); ------------------ | | 51| 3.85k| do { \ | | 52| 3.85k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 3.85k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 3.85k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 3.85k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 3.85k] | | ------------------ ------------------ 154| | 155| 3.85k| std::visit( 156| 3.85k| [&](auto msg) { 157| | // first verify that the message was expected by the state machine... 158| 3.85k| m_handshake->transitions.confirm_transition_to(msg.get().type()); 159| | 160| | // ... then allow the library user to abort on their discretion 161| 3.85k| callbacks().tls_inspect_handshake_msg(msg.get()); 162| | 163| | // ... finally handle the message 164| 3.85k| handle(msg.get()); 165| 3.85k| }, 166| 3.85k| m_handshake->state.received(std::move(message))); 167| 3.85k|} _ZN5Botan3TLS14Server_Impl_1332process_dummy_change_cipher_specEv: 180| 1|void Server_Impl_13::process_dummy_change_cipher_spec() { 181| | // RFC 8446 5. 182| | // If an implementation detects a change_cipher_spec record received before 183| | // the first ClientHello message or after the peer's Finished message, it MUST be 184| | // treated as an unexpected record type [("unexpected_message" alert)]. 185| 1| if(!m_handshake || !m_handshake->state.has_client_hello() || m_handshake->state.has_client_finished()) { ------------------ | Branch (185:7): [True: 0, False: 1] | Branch (185:23): [True: 1, False: 0] | Branch (185:65): [True: 0, False: 0] ------------------ 186| 1| throw TLS_Exception(Alert::UnexpectedMessage, "Received an unexpected dummy Change Cipher Spec"); 187| 1| } 188| | 189| | // RFC 8446 5. 190| | // An implementation may receive an unencrypted record of type change_cipher_spec [...] 191| | // at any time after the first ClientHello message has been sent or received 192| | // and before the peer's Finished message has been received [...] 193| | // and MUST simply drop it without further processing. 194| | // 195| | // ... no further processing. 196| 1|} _ZNK5Botan3TLS14Server_Impl_1321is_handshake_completeEv: 198| 10.6k|bool Server_Impl_13::is_handshake_complete() const { 199| 10.6k| return m_active_state.has_value() || (m_handshake != nullptr && m_handshake->state.has_client_finished()); ------------------ | Branch (199:11): [True: 0, False: 10.6k] | Branch (199:42): [True: 10.6k, False: 0] | Branch (199:68): [True: 0, False: 10.6k] ------------------ 200| 10.6k|} _ZN5Botan3TLS14Server_Impl_139downgradeEv: 212| 3.67k|void Server_Impl_13::downgrade() { 213| 3.67k| BOTAN_ASSERT_NOMSG(expects_downgrade()); ------------------ | | 77| 3.67k| do { \ | | 78| 3.67k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 3.67k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 3.67k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 3.67k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 3.67k] | | ------------------ ------------------ 214| | 215| 3.67k| request_downgrade(); 216| | 217| | // After this, no further messages are expected here because this instance 218| | // will be replaced by a Server_Impl_12. 219| 3.67k| m_handshake->transitions.set_expected_next({}); 220| 3.67k|} _ZN5Botan3TLS14Server_Impl_136handleERKNS0_20Client_Hello_12_ShimE: 458| 3.67k|void Server_Impl_13::handle(const Client_Hello_12_Shim& ch) { 459| | // The detailed handling of the TLS 1.2 compliant Client Hello is left to 460| | // the TLS 1.2 server implementation. 461| 3.67k| BOTAN_UNUSED(ch); ------------------ | | 144| 3.67k|#define BOTAN_UNUSED Botan::ignore_params ------------------ 462| 3.67k| BOTAN_ASSERT_NONNULL(m_handshake); ------------------ | | 116| 3.67k| do { \ | | 117| 3.67k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 3.67k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 3.67k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 3.67k] | | ------------------ ------------------ 463| | 464| | // After we sent a Hello Retry Request we must not accept a downgrade. 465| 3.67k| if(m_handshake->state.has_hello_retry_request()) { ------------------ | Branch (465:7): [True: 0, False: 3.67k] ------------------ 466| 0| throw TLS_Exception(Alert::UnexpectedMessage, "Received a TLS 1.2 Client Hello after Hello Retry Request"); 467| 0| } 468| | 469| | // RFC 8446 Appendix D.2 470| | // If the "supported_versions" extension is absent and the server only 471| | // supports versions greater than ClientHello.legacy_version, the server 472| | // MUST abort the handshake with a "protocol_version" alert. 473| | // 474| | // If we're not expecting a downgrade, we only support TLS 1.3. 475| 3.67k| if(!expects_downgrade()) { ------------------ | Branch (475:7): [True: 0, False: 3.67k] ------------------ 476| 0| throw TLS_Exception(Alert::ProtocolVersion, "Received a legacy Client Hello"); 477| 0| } 478| | 479| 3.67k| downgrade(); 480| 3.67k|} tls_server_impl_13.cpp:_ZZN5Botan3TLS14Server_Impl_1321process_handshake_msgENSt3__17variantIJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimENS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEEENK3$_0clINS2_17reference_wrapperIS5_EEEEDaT_: 156| 3.67k| [&](auto msg) { 157| | // first verify that the message was expected by the state machine... 158| 3.67k| m_handshake->transitions.confirm_transition_to(msg.get().type()); 159| | 160| | // ... then allow the library user to abort on their discretion 161| 3.67k| callbacks().tls_inspect_handshake_msg(msg.get()); 162| | 163| | // ... finally handle the message 164| 3.67k| handle(msg.get()); 165| 3.67k| }, tls_server_impl_13.cpp:_ZZN5Botan3TLS14Server_Impl_1321process_handshake_msgENSt3__17variantIJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimENS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEEENK3$_0clINS2_17reference_wrapperISA_EEEEDaT_: 156| 2| [&](auto msg) { 157| | // first verify that the message was expected by the state machine... 158| 2| m_handshake->transitions.confirm_transition_to(msg.get().type()); 159| | 160| | // ... then allow the library user to abort on their discretion 161| 2| callbacks().tls_inspect_handshake_msg(msg.get()); 162| | 163| | // ... finally handle the message 164| 2| handle(msg.get()); 165| 2| }, tls_server_impl_13.cpp:_ZZN5Botan3TLS14Server_Impl_1321process_handshake_msgENSt3__17variantIJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimENS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEEENK3$_0clINS2_17reference_wrapperISC_EEEEDaT_: 156| 6| [&](auto msg) { 157| | // first verify that the message was expected by the state machine... 158| 6| m_handshake->transitions.confirm_transition_to(msg.get().type()); 159| | 160| | // ... then allow the library user to abort on their discretion 161| 6| callbacks().tls_inspect_handshake_msg(msg.get()); 162| | 163| | // ... finally handle the message 164| 6| handle(msg.get()); 165| 6| }, tls_server_impl_13.cpp:_ZZN5Botan3TLS14Server_Impl_1321process_handshake_msgENSt3__17variantIJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimENS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEEENK3$_0clINS2_17reference_wrapperISD_EEEEDaT_: 156| 6| [&](auto msg) { 157| | // first verify that the message was expected by the state machine... 158| 6| m_handshake->transitions.confirm_transition_to(msg.get().type()); 159| | 160| | // ... then allow the library user to abort on their discretion 161| 6| callbacks().tls_inspect_handshake_msg(msg.get()); 162| | 163| | // ... finally handle the message 164| 6| handle(msg.get()); 165| 6| }, _ZN5Botan3TLS21Transcript_Hash_StateC2Ev: 24| 5.69k|Transcript_Hash_State::Transcript_Hash_State() = default; _ZN5Botan3TLS21Transcript_Hash_StateD2Ev: 26| 5.69k|Transcript_Hash_State::~Transcript_Hash_State() = default; _ZN5Botan3TLS21Transcript_Hash_State6updateENSt3__14spanIKhLm18446744073709551615EEE: 155| 3.87k|void Transcript_Hash_State::update(std::span serialized_message_s) { 156| 3.87k| const auto* serialized_message = serialized_message_s.data(); 157| 3.87k| auto serialized_message_length = serialized_message_s.size(); 158| 3.87k| if(m_hash != nullptr) { ------------------ | Branch (158:7): [True: 0, False: 3.87k] ------------------ 159| 0| auto truncation_mark = serialized_message_length; 160| | 161| | // Check whether we should generate a truncated hash for supporting PSK 162| | // binder calculation or verification. See RFC 8446 4.2.11.2. 163| 0| if(serialized_message_length > 0 && *serialized_message == static_cast(Handshake_Type::ClientHello)) { ------------------ | Branch (163:10): [True: 0, False: 0] | Branch (163:43): [True: 0, False: 0] ------------------ 164| 0| truncation_mark = find_client_hello_truncation_mark(serialized_message_s); 165| 0| } 166| | 167| 0| if(truncation_mark < serialized_message_length) { ------------------ | Branch (167:10): [True: 0, False: 0] ------------------ 168| 0| m_hash->update(serialized_message, truncation_mark); 169| 0| m_truncated = read_hash_state(m_hash); 170| 0| m_hash->update(serialized_message + truncation_mark, serialized_message_length - truncation_mark); 171| 0| } else { 172| 0| m_truncated.clear(); 173| 0| m_hash->update(serialized_message, serialized_message_length); 174| 0| } 175| | 176| 0| m_previous = std::exchange(m_current, read_hash_state(m_hash)); 177| 3.87k| } else { 178| 3.87k| m_unprocessed_transcript.push_back( 179| 3.87k| std::vector(serialized_message, serialized_message + serialized_message_length)); 180| 3.87k| } 181| 3.87k|} _ZN5Botan3TLS5AlertC2ERKNSt3__16vectorIhNS_16secure_allocatorIhEEEE: 14| 3.16k|Alert::Alert(const secure_vector& buf) { 15| 3.16k| if(buf.size() != 2) { ------------------ | Branch (15:7): [True: 29, False: 3.13k] ------------------ 16| 29| throw Decoding_Error("Bad size (" + std::to_string(buf.size()) + ") for TLS alert message"); 17| 29| } 18| | 19| 3.13k| if(buf[0] == 1) { ------------------ | Branch (19:7): [True: 1.54k, False: 1.59k] ------------------ 20| 1.54k| m_fatal = false; 21| 1.59k| } else if(buf[0] == 2) { ------------------ | Branch (21:14): [True: 1.57k, False: 12] ------------------ 22| 1.57k| m_fatal = true; 23| 1.57k| } else { 24| 12| throw TLS_Exception(Alert::IllegalParameter, "Bad code for TLS alert level"); 25| 12| } 26| | 27| 3.12k| const uint8_t dc = buf[1]; 28| | 29| 3.12k| m_type_code = static_cast(dc); 30| 3.12k|} _ZNK5Botan3TLS5Alert9serializeEv: 32| 4.66k|std::vector Alert::serialize() const { 33| 4.66k| return std::vector({static_cast(is_fatal() ? 2 : 1), static_cast(type())}); ------------------ | Branch (33:54): [True: 4.65k, False: 19] ------------------ 34| 4.66k|} _ZN5Botan3TLS18kdf_algo_to_stringENS0_8KDF_AlgoE: 17| 3.22k|std::string kdf_algo_to_string(KDF_Algo algo) { 18| 3.22k| switch(algo) { ------------------ | Branch (18:11): [True: 3.22k, False: 0] ------------------ 19| 1.50k| case KDF_Algo::SHA_1: ------------------ | Branch (19:7): [True: 1.50k, False: 1.71k] ------------------ 20| 1.50k| return "SHA-1"; 21| 1.13k| case KDF_Algo::SHA_256: ------------------ | Branch (21:7): [True: 1.13k, False: 2.08k] ------------------ 22| 1.13k| return "SHA-256"; 23| 581| case KDF_Algo::SHA_384: ------------------ | Branch (23:7): [True: 581, False: 2.64k] ------------------ 24| 581| return "SHA-384"; 25| 3.22k| } 26| | 27| 0| throw Invalid_State("kdf_algo_to_string unknown enum value"); 28| 3.22k|} _ZN5Botan3TLS20kex_method_to_stringENS0_8Kex_AlgoE: 30| 104|std::string kex_method_to_string(Kex_Algo method) { 31| 104| switch(method) { ------------------ | Branch (31:11): [True: 104, False: 0] ------------------ 32| 0| case Kex_Algo::STATIC_RSA: ------------------ | Branch (32:7): [True: 0, False: 104] ------------------ 33| 0| return "RSA"; 34| 0| case Kex_Algo::DH: ------------------ | Branch (34:7): [True: 0, False: 104] ------------------ 35| 0| return "DH"; 36| 0| case Kex_Algo::ECDH: ------------------ | Branch (36:7): [True: 0, False: 104] ------------------ 37| 0| return "ECDH"; 38| 0| case Kex_Algo::PSK: ------------------ | Branch (38:7): [True: 0, False: 104] ------------------ 39| 0| return "PSK"; 40| 104| case Kex_Algo::ECDHE_PSK: ------------------ | Branch (40:7): [True: 104, False: 0] ------------------ 41| 104| return "ECDHE_PSK"; 42| 0| case Kex_Algo::DHE_PSK: ------------------ | Branch (42:7): [True: 0, False: 104] ------------------ 43| 0| return "DHE_PSK"; 44| 0| case Kex_Algo::KEM: ------------------ | Branch (44:7): [True: 0, False: 104] ------------------ 45| 0| return "KEM"; 46| 0| case Kex_Algo::KEM_PSK: ------------------ | Branch (46:7): [True: 0, False: 104] ------------------ 47| 0| return "KEM_PSK"; 48| 0| case Kex_Algo::HYBRID: ------------------ | Branch (48:7): [True: 0, False: 104] ------------------ 49| 0| return "HYBRID"; 50| 0| case Kex_Algo::HYBRID_PSK: ------------------ | Branch (50:7): [True: 0, False: 104] ------------------ 51| 0| return "HYBRID_PSK"; 52| 0| case Kex_Algo::UNDEFINED: ------------------ | Branch (52:7): [True: 0, False: 104] ------------------ 53| 0| return "UNDEFINED"; 54| 104| } 55| | 56| 0| throw Invalid_State("kex_method_to_string unknown enum value"); 57| 104|} _ZN5Botan3TLS21auth_method_to_stringENS0_11Auth_MethodE: 107| 126|std::string auth_method_to_string(Auth_Method method) { 108| 126| switch(method) { ------------------ | Branch (108:11): [True: 126, False: 0] ------------------ 109| 95| case Auth_Method::RSA: ------------------ | Branch (109:7): [True: 95, False: 31] ------------------ 110| 95| return "RSA"; 111| 31| case Auth_Method::ECDSA: ------------------ | Branch (111:7): [True: 31, False: 95] ------------------ 112| 31| return "ECDSA"; 113| 0| case Auth_Method::IMPLICIT: ------------------ | Branch (113:7): [True: 0, False: 126] ------------------ 114| 0| return "IMPLICIT"; 115| 0| case Auth_Method::UNDEFINED: ------------------ | Branch (115:7): [True: 0, False: 126] ------------------ 116| 0| return "UNDEFINED"; 117| 126| } 118| | 119| 0| throw Invalid_State("auth_method_to_string unknown enum value"); 120| 126|} _ZNK5Botan3TLS12Group_Params9to_stringEv: 393| 4.96k|std::optional Group_Params::to_string() const { 394| 4.96k| switch(m_code) { 395| 821| case Group_Params::SECP256R1: ------------------ | Branch (395:7): [True: 821, False: 4.14k] ------------------ 396| 821| return "secp256r1"; 397| 829| case Group_Params::SECP384R1: ------------------ | Branch (397:7): [True: 829, False: 4.13k] ------------------ 398| 829| return "secp384r1"; 399| 712| case Group_Params::SECP521R1: ------------------ | Branch (399:7): [True: 712, False: 4.25k] ------------------ 400| 712| return "secp521r1"; 401| 1.22k| case Group_Params::BRAINPOOL256R1: ------------------ | Branch (401:7): [True: 1.22k, False: 3.74k] ------------------ 402| 1.22k| return "brainpool256r1"; 403| 752| case Group_Params::BRAINPOOL384R1: ------------------ | Branch (403:7): [True: 752, False: 4.21k] ------------------ 404| 752| return "brainpool384r1"; 405| 629| case Group_Params::BRAINPOOL512R1: ------------------ | Branch (405:7): [True: 629, False: 4.33k] ------------------ 406| 629| return "brainpool512r1"; 407| 0| case Group_Params::X25519: ------------------ | Branch (407:7): [True: 0, False: 4.96k] ------------------ 408| 0| return "x25519"; 409| 0| case Group_Params::X448: ------------------ | Branch (409:7): [True: 0, False: 4.96k] ------------------ 410| 0| return "x448"; 411| | 412| 0| case Group_Params::FFDHE_2048: ------------------ | Branch (412:7): [True: 0, False: 4.96k] ------------------ 413| 0| return "ffdhe/ietf/2048"; 414| 0| case Group_Params::FFDHE_3072: ------------------ | Branch (414:7): [True: 0, False: 4.96k] ------------------ 415| 0| return "ffdhe/ietf/3072"; 416| 0| case Group_Params::FFDHE_4096: ------------------ | Branch (416:7): [True: 0, False: 4.96k] ------------------ 417| 0| return "ffdhe/ietf/4096"; 418| 0| case Group_Params::FFDHE_6144: ------------------ | Branch (418:7): [True: 0, False: 4.96k] ------------------ 419| 0| return "ffdhe/ietf/6144"; 420| 0| case Group_Params::FFDHE_8192: ------------------ | Branch (420:7): [True: 0, False: 4.96k] ------------------ 421| 0| return "ffdhe/ietf/8192"; 422| | 423| 0| case Group_Params::ML_KEM_512: ------------------ | Branch (423:7): [True: 0, False: 4.96k] ------------------ 424| 0| return "ML-KEM-512"; 425| 0| case Group_Params::ML_KEM_768: ------------------ | Branch (425:7): [True: 0, False: 4.96k] ------------------ 426| 0| return "ML-KEM-768"; 427| 0| case Group_Params::ML_KEM_1024: ------------------ | Branch (427:7): [True: 0, False: 4.96k] ------------------ 428| 0| return "ML-KEM-1024"; 429| | 430| 0| case Group_Params::eFRODOKEM_640_SHAKE_OQS: ------------------ | Branch (430:7): [True: 0, False: 4.96k] ------------------ 431| 0| return "eFrodoKEM-640-SHAKE"; 432| 0| case Group_Params::eFRODOKEM_976_SHAKE_OQS: ------------------ | Branch (432:7): [True: 0, False: 4.96k] ------------------ 433| 0| return "eFrodoKEM-976-SHAKE"; 434| 0| case Group_Params::eFRODOKEM_1344_SHAKE_OQS: ------------------ | Branch (434:7): [True: 0, False: 4.96k] ------------------ 435| 0| return "eFrodoKEM-1344-SHAKE"; 436| 0| case Group_Params::eFRODOKEM_640_AES_OQS: ------------------ | Branch (436:7): [True: 0, False: 4.96k] ------------------ 437| 0| return "eFrodoKEM-640-AES"; 438| 0| case Group_Params::eFRODOKEM_976_AES_OQS: ------------------ | Branch (438:7): [True: 0, False: 4.96k] ------------------ 439| 0| return "eFrodoKEM-976-AES"; 440| 0| case Group_Params::eFRODOKEM_1344_AES_OQS: ------------------ | Branch (440:7): [True: 0, False: 4.96k] ------------------ 441| 0| return "eFrodoKEM-1344-AES"; 442| | 443| 0| case Group_Params::HYBRID_X25519_eFRODOKEM_640_SHAKE_OQS: ------------------ | Branch (443:7): [True: 0, False: 4.96k] ------------------ 444| 0| return "x25519/eFrodoKEM-640-SHAKE"; 445| 0| case Group_Params::HYBRID_X25519_eFRODOKEM_640_AES_OQS: ------------------ | Branch (445:7): [True: 0, False: 4.96k] ------------------ 446| 0| return "x25519/eFrodoKEM-640-AES"; 447| 0| case Group_Params::HYBRID_X448_eFRODOKEM_976_SHAKE_OQS: ------------------ | Branch (447:7): [True: 0, False: 4.96k] ------------------ 448| 0| return "x448/eFrodoKEM-976-SHAKE"; 449| 0| case Group_Params::HYBRID_X448_eFRODOKEM_976_AES_OQS: ------------------ | Branch (449:7): [True: 0, False: 4.96k] ------------------ 450| 0| return "x448/eFrodoKEM-976-AES"; 451| 0| case Group_Params::HYBRID_SECP256R1_eFRODOKEM_640_SHAKE_OQS: ------------------ | Branch (451:7): [True: 0, False: 4.96k] ------------------ 452| 0| return "secp256r1/eFrodoKEM-640-SHAKE"; 453| 0| case Group_Params::HYBRID_SECP256R1_eFRODOKEM_640_AES_OQS: ------------------ | Branch (453:7): [True: 0, False: 4.96k] ------------------ 454| 0| return "secp256r1/eFrodoKEM-640-AES"; 455| 0| case Group_Params::HYBRID_SECP384R1_eFRODOKEM_976_SHAKE_OQS: ------------------ | Branch (455:7): [True: 0, False: 4.96k] ------------------ 456| 0| return "secp384r1/eFrodoKEM-976-SHAKE"; 457| 0| case Group_Params::HYBRID_SECP384R1_eFRODOKEM_976_AES_OQS: ------------------ | Branch (457:7): [True: 0, False: 4.96k] ------------------ 458| 0| return "secp384r1/eFrodoKEM-976-AES"; 459| 0| case Group_Params::HYBRID_SECP521R1_eFRODOKEM_1344_SHAKE_OQS: ------------------ | Branch (459:7): [True: 0, False: 4.96k] ------------------ 460| 0| return "secp521r1/eFrodoKEM-1344-SHAKE"; 461| 0| case Group_Params::HYBRID_SECP521R1_eFRODOKEM_1344_AES_OQS: ------------------ | Branch (461:7): [True: 0, False: 4.96k] ------------------ 462| 0| return "secp521r1/eFrodoKEM-1344-AES"; 463| | 464| 0| case Group_Params::HYBRID_X25519_ML_KEM_768: ------------------ | Branch (464:7): [True: 0, False: 4.96k] ------------------ 465| 0| return "x25519/ML-KEM-768"; 466| 0| case Group_Params::HYBRID_SECP256R1_ML_KEM_768: ------------------ | Branch (466:7): [True: 0, False: 4.96k] ------------------ 467| 0| return "secp256r1/ML-KEM-768"; 468| 0| case Group_Params::HYBRID_SECP384R1_ML_KEM_1024: ------------------ | Branch (468:7): [True: 0, False: 4.96k] ------------------ 469| 0| return "secp384r1/ML-KEM-1024"; 470| | 471| 0| default: ------------------ | Branch (471:7): [True: 0, False: 4.96k] ------------------ 472| 0| return std::nullopt; 473| 4.96k| } 474| 4.96k|} _ZN5Botan3TLS9Callbacks25tls_inspect_handshake_msgERKNS0_17Handshake_MessageE: 49| 26.3k|void TLS::Callbacks::tls_inspect_handshake_msg(const Handshake_Message& /*unused*/) { 50| | // default is no op 51| 26.3k|} _ZN5Botan3TLS9Callbacks25tls_peer_network_identityEv: 57| 9.14k|std::string TLS::Callbacks::tls_peer_network_identity() { 58| 9.14k| return ""; 59| 9.14k|} _ZN5Botan3TLS9Callbacks21tls_current_timestampEv: 61| 5.88k|std::chrono::system_clock::time_point TLS::Callbacks::tls_current_timestamp() { 62| 5.88k| return std::chrono::system_clock::now(); 63| 5.88k|} _ZN5Botan3TLS9Callbacks21tls_modify_extensionsERNS0_10ExtensionsENS0_15Connection_SideENS0_14Handshake_TypeE: 67| 2.89k| Handshake_Type /*unused*/) {} _ZN5Botan3TLS9Callbacks22tls_examine_extensionsERKNS0_10ExtensionsENS0_15Connection_SideENS0_14Handshake_TypeE: 71| 3.06k| Handshake_Type /*unused*/) {} _ZN5Botan3TLS9Callbacks41tls_should_persist_resumption_informationERKNS0_7SessionE: 73| 104|bool TLS::Callbacks::tls_should_persist_resumption_information(const Session& session) { 74| | // RFC 5077 3.3 75| | // The ticket_lifetime_hint field contains a hint from the server about 76| | // how long the ticket should be stored. A value of zero is reserved to 77| | // indicate that the lifetime of the ticket is unspecified. 78| | // 79| | // RFC 8446 4.6.1 80| | // [A ticket_lifetime] of zero indicates that the ticket should be discarded 81| | // immediately. 82| | // 83| | // By default we opt to keep all sessions, except for TLS 1.3 with a lifetime 84| | // hint of zero. 85| 104| return session.lifetime_hint().count() > 0 || session.version().is_pre_tls_13(); ------------------ | Branch (85:11): [True: 104, False: 0] | Branch (85:50): [True: 0, False: 0] ------------------ 86| 104|} _ZN5Botan3TLS9Callbacks31tls_deserialize_peer_public_keyERKNSt3__17variantIJNS0_12Group_ParamsENS_8DL_GroupEEEENS2_4spanIKhLm18446744073709551615EEE: 191| 2.20k| const std::variant& group, std::span key_bits) { 192| 2.20k| if(is_dh_group(group)) { ------------------ | Branch (192:7): [True: 0, False: 2.20k] ------------------ 193| | // TLS 1.2 allows specifying arbitrary DL_Group parameters in-lieu of 194| | // a standardized DH group identifier. 195| 0| const auto dl_group = get_dl_group(group); 196| | 197| 0| auto Y = BigInt::from_bytes(key_bits); 198| | 199| | /* 200| | * A basic check for key validity. As we do not know q here we 201| | * cannot check that Y is in the right subgroup. However since 202| | * our key is ephemeral there does not seem to be any 203| | * advantage to bogus keys anyway. 204| | */ 205| 0| if(Y <= 1 || Y >= dl_group.get_p() - 1) { ------------------ | Branch (205:10): [True: 0, False: 0] | Branch (205:10): [True: 0, False: 0] | Branch (205:20): [True: 0, False: 0] ------------------ 206| 0| throw Decoding_Error("Server sent bad DH key for DHE exchange"); 207| 0| } 208| | 209| 0| return std::make_unique(dl_group, Y); 210| 0| } 211| | 212| | // The special case for TLS 1.2 with an explicit DH group definition is 213| | // handled above. All other cases are based on the opaque group definition. 214| 2.20k| BOTAN_ASSERT_NOMSG(std::holds_alternative(group)); ------------------ | | 77| 2.20k| do { \ | | 78| 2.20k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 2.20k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 2.20k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 2.20k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 2.20k] | | ------------------ ------------------ 215| 2.20k| const auto group_params = std::get(group); 216| | 217| 2.20k| if(group_params.is_ecdh_named_curve()) { ------------------ | Branch (217:7): [True: 2.19k, False: 14] ------------------ 218| 2.19k| const auto ec_group = EC_Group::from_name(group_params.to_string().value()); 219| 2.19k| return std::make_unique(ec_group, EC_AffinePoint(ec_group, key_bits)); 220| 2.19k| } 221| | 222| 14|#if defined(BOTAN_HAS_X25519) 223| 14| if(group_params.is_x25519()) { ------------------ | Branch (223:7): [True: 11, False: 3] ------------------ 224| 11| return std::make_unique(key_bits); 225| 11| } 226| 3|#endif 227| | 228| 3|#if defined(BOTAN_HAS_X448) 229| 3| if(group_params.is_x448()) { ------------------ | Branch (229:7): [True: 3, False: 0] ------------------ 230| 3| return std::make_unique(key_bits); 231| 3| } 232| 0|#endif 233| | 234| 0|#if defined(BOTAN_HAS_TLS_13_PQC) 235| 0| if(group_params.is_pqc_hybrid()) { ------------------ | Branch (235:7): [True: 0, False: 0] ------------------ 236| 0| return Hybrid_KEM_PublicKey::load_for_group(group_params, key_bits); 237| 0| } 238| 0|#endif 239| | 240| 0|#if defined(BOTAN_HAS_ML_KEM) 241| 0| if(group_params.is_pure_ml_kem()) { ------------------ | Branch (241:7): [True: 0, False: 0] ------------------ 242| 0| return std::make_unique(key_bits, ML_KEM_Mode(group_params.to_string().value())); 243| 0| } 244| 0|#endif 245| | 246| 0|#if defined(BOTAN_HAS_FRODOKEM) 247| 0| if(group_params.is_pure_frodokem()) { ------------------ | Branch (247:7): [True: 0, False: 0] ------------------ 248| 0| return std::make_unique(key_bits, FrodoKEMMode(group_params.to_string().value())); 249| 0| } 250| 0|#endif 251| | 252| 0| throw Decoding_Error("cannot create a key offering without a group definition"); 253| 0|} _ZN5Botan3TLS9Callbacks26tls_generate_ephemeral_keyERKNSt3__17variantIJNS0_12Group_ParamsENS_8DL_GroupEEEERNS_21RandomNumberGeneratorE: 343| 2.79k| const std::variant& group, RandomNumberGenerator& rng) { 344| 2.79k| if(is_dh_group(group)) { ------------------ | Branch (344:7): [True: 0, False: 2.79k] ------------------ 345| 0| const DL_Group dl_group = get_dl_group(group); 346| 0| return std::make_unique(rng, dl_group); 347| 0| } 348| | 349| 2.79k| BOTAN_ASSERT_NOMSG(std::holds_alternative(group)); ------------------ | | 77| 2.79k| do { \ | | 78| 2.79k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 2.79k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 2.79k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 2.79k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 2.79k] | | ------------------ ------------------ 350| 2.79k| const auto group_params = std::get(group); 351| | 352| 2.79k| if(group_params.is_ecdh_named_curve()) { ------------------ | Branch (352:7): [True: 2.77k, False: 24] ------------------ 353| 2.77k| const auto ec_group = EC_Group::from_name(group_params.to_string().value()); 354| 2.77k| return std::make_unique(rng, ec_group); 355| 2.77k| } 356| | 357| 24|#if defined(BOTAN_HAS_X25519) 358| 24| if(group_params.is_x25519()) { ------------------ | Branch (358:7): [True: 17, False: 7] ------------------ 359| 17| return std::make_unique(rng); 360| 17| } 361| 7|#endif 362| | 363| 7|#if defined(BOTAN_HAS_X448) 364| 7| if(group_params.is_x448()) { ------------------ | Branch (364:7): [True: 7, False: 0] ------------------ 365| 7| return std::make_unique(rng); 366| 7| } 367| 0|#endif 368| | 369| 0| if(group_params.is_kem()) { ------------------ | Branch (369:7): [True: 0, False: 0] ------------------ 370| 0| throw TLS_Exception(Alert::IllegalParameter, "cannot generate an ephemeral KEX key for a KEM"); 371| 0| } 372| | 373| 0| throw TLS_Exception(Alert::DecodeError, "cannot create a key offering without a group definition"); 374| 0|} _ZN5Botan3TLS9Callbacks33tls12_generate_ephemeral_ecdh_keyENS0_12Group_ParamsERNS_21RandomNumberGeneratorENS_15EC_Point_FormatE: 377| 2.77k| TLS::Group_Params group, RandomNumberGenerator& rng, EC_Point_Format tls12_ecc_pubkey_encoding_format) { 378| | // Delegating to the "universal" callback to obtain an ECDH key pair 379| 2.77k| auto key = tls_generate_ephemeral_key(group, rng); 380| | 381| | // For ordinary ECDH key pairs (that are derived from `ECDH_PublicKey`), we 382| | // set the internal point encoding flag for the key before passing it on into 383| | // the TLS 1.2 implementation. For user-defined keypair types (e.g. to 384| | // offload to some crypto hardware) inheriting from Botan's `ECDH_PublicKey` 385| | // might not be feasible. Such users should consider overriding this 386| | // ECDH-specific callback and ensure that their custom class handles the 387| | // public point encoding as requested by `tls12_ecc_pubkey_encoding_format`. 388| 2.77k| if(auto* ecc_key = dynamic_cast(key.get())) { ------------------ | Branch (388:13): [True: 2.77k, False: 0] ------------------ 389| 2.77k| ecc_key->set_point_encoding(tls12_ecc_pubkey_encoding_format); 390| 2.77k| } 391| | 392| 2.77k| return key; 393| 2.77k|} _ZN5Botan3TLS9Callbacks27tls_ephemeral_key_agreementERKNSt3__17variantIJNS0_12Group_ParamsENS_8DL_GroupEEEERKNS_20PK_Key_Agreement_KeyERKNS2_6vectorIhNS2_9allocatorIhEEEERNS_21RandomNumberGeneratorERKNS0_6PolicyE: 400| 2.20k| const Policy& policy) { 401| 2.20k| const auto kex_pub_key = [&]() { 402| 2.20k| try { 403| 2.20k| return tls_deserialize_peer_public_key(group, public_value); 404| 2.20k| } catch(const Decoding_Error& ex) { 405| | // This exception means that the public key was invalid. However, 406| | // TLS' DecodeError would imply that a protocol message was invalid. 407| 2.20k| throw TLS_Exception(Alert::IllegalParameter, ex.what()); 408| 2.20k| } catch(const Invalid_Argument& ex) { 409| 2.20k| throw TLS_Exception(Alert::IllegalParameter, ex.what()); 410| 2.20k| } 411| 2.20k| }(); 412| | 413| 2.20k| BOTAN_ASSERT_NONNULL(kex_pub_key); ------------------ | | 116| 2.20k| do { \ | | 117| 2.20k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 2.20k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 2.20k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 2.20k] | | ------------------ ------------------ 414| 2.20k| policy.check_peer_key_acceptable(*kex_pub_key); 415| | 416| | // RFC 8422 - 5.11. 417| | // With X25519 and X448, a receiving party MUST check whether the 418| | // computed premaster secret is the all-zero value and abort the 419| | // handshake if so, as described in Section 6 of [RFC7748]. 420| | // 421| | // This is done within the key agreement operation and throws 422| | // an Invalid_Argument exception if the shared secret is all-zero. 423| 2.20k| try { 424| 2.20k| const PK_Key_Agreement ka(private_key, rng, "Raw"); 425| 2.20k| return ka.derive_key(0, kex_pub_key->raw_public_key_bits()).bits_of(); 426| 2.20k| } catch(const Invalid_Argument& ex) { 427| 1| throw TLS_Exception(Alert::IllegalParameter, ex.what()); 428| 1| } 429| 2.20k|} _ZN5Botan3TLS9Callbacks23tls_session_establishedERKNS0_15Session_SummaryE: 431| 104|void TLS::Callbacks::tls_session_established(const Session_Summary& session) { 432| 104| BOTAN_UNUSED(session); ------------------ | | 144| 104|#define BOTAN_UNUSED Botan::ignore_params ------------------ 433| 104|} _ZN5Botan3TLS9Callbacks23tls_provide_cert_statusERKNSt3__16vectorINS_16X509_CertificateENS2_9allocatorIS4_EEEERKNS0_26Certificate_Status_RequestE: 436| 1| const Certificate_Status_Request& csr) { 437| 1| BOTAN_UNUSED(chain, csr); ------------------ | | 144| 1|#define BOTAN_UNUSED Botan::ignore_params ------------------ 438| 1| return std::vector(); 439| 1|} _ZNK5Botan3TLS9Callbacks27tls12_protocol_specific_kdfENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 459| 1.55k|std::unique_ptr TLS::Callbacks::tls12_protocol_specific_kdf(std::string_view prf_algo) const { 460| 1.55k| if(prf_algo == "MD5" || prf_algo == "SHA-1") { ------------------ | Branch (460:7): [True: 0, False: 1.55k] | Branch (460:28): [True: 737, False: 822] ------------------ 461| 737| return KDF::create_or_throw("TLS-12-PRF(SHA-256)"); 462| 737| } 463| | 464| 822| return KDF::create_or_throw(Botan::fmt("TLS-12-PRF({})", prf_algo)); 465| 1.55k|} tls_callbacks.cpp:_ZN5Botan12_GLOBAL__N_111is_dh_groupERKNSt3__17variantIJNS_3TLS12Group_ParamsENS_8DL_GroupEEEE: 172| 5.00k|bool is_dh_group(const std::variant& group) { 173| 5.00k| return std::holds_alternative(group) || std::get(group).is_dh_named_group(); ------------------ | Branch (173:11): [True: 0, False: 5.00k] | Branch (173:54): [True: 0, False: 5.00k] ------------------ 174| 5.00k|} tls_callbacks.cpp:_ZZN5Botan3TLS9Callbacks27tls_ephemeral_key_agreementERKNSt3__17variantIJNS0_12Group_ParamsENS_8DL_GroupEEEERKNS_20PK_Key_Agreement_KeyERKNS2_6vectorIhNS2_9allocatorIhEEEERNS_21RandomNumberGeneratorERKNS0_6PolicyEENK3$_0clEv: 401| 2.20k| const auto kex_pub_key = [&]() { 402| 2.20k| try { 403| 2.20k| return tls_deserialize_peer_public_key(group, public_value); 404| 2.20k| } catch(const Decoding_Error& ex) { 405| | // This exception means that the public key was invalid. However, 406| | // TLS' DecodeError would imply that a protocol message was invalid. 407| 504| throw TLS_Exception(Alert::IllegalParameter, ex.what()); 408| 504| } catch(const Invalid_Argument& ex) { 409| 9| throw TLS_Exception(Alert::IllegalParameter, ex.what()); 410| 9| } 411| 2.20k| }(); _ZNK5Botan3TLS11Ciphersuite26nonce_bytes_from_handshakeEv: 16| 1.75k|size_t Ciphersuite::nonce_bytes_from_handshake() const { 17| 1.75k| switch(m_nonce_format) { ------------------ | Branch (17:11): [True: 1.75k, False: 0] ------------------ 18| 1.16k| case Nonce_Format::CBC_MODE: ------------------ | Branch (18:7): [True: 1.16k, False: 593] ------------------ 19| 1.16k| return 0; 20| 185| case Nonce_Format::AEAD_IMPLICIT_4: ------------------ | Branch (20:7): [True: 185, False: 1.57k] ------------------ 21| 185| return 4; 22| 408| case Nonce_Format::AEAD_XOR_12: ------------------ | Branch (22:7): [True: 408, False: 1.35k] ------------------ 23| 408| return 12; 24| 0| case Nonce_Format::NULL_CIPHER: ------------------ | Branch (24:7): [True: 0, False: 1.75k] ------------------ 25| 0| return 0; 26| 1.75k| } 27| | 28| 0| throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value"); 29| 1.75k|} _ZNK5Botan3TLS11Ciphersuite23nonce_bytes_from_recordENS0_16Protocol_VersionE: 31| 407|size_t Ciphersuite::nonce_bytes_from_record(Protocol_Version version) const { 32| 407| BOTAN_UNUSED(version); ------------------ | | 144| 407|#define BOTAN_UNUSED Botan::ignore_params ------------------ 33| 407| switch(m_nonce_format) { ------------------ | Branch (33:11): [True: 407, False: 0] ------------------ 34| 231| case Nonce_Format::CBC_MODE: ------------------ | Branch (34:7): [True: 231, False: 176] ------------------ 35| 231| return cipher_algo() == "3DES" ? 8 : 16; ------------------ | Branch (35:17): [True: 75, False: 156] ------------------ 36| 96| case Nonce_Format::AEAD_IMPLICIT_4: ------------------ | Branch (36:7): [True: 96, False: 311] ------------------ 37| 96| return 8; 38| 80| case Nonce_Format::AEAD_XOR_12: ------------------ | Branch (38:7): [True: 80, False: 327] ------------------ 39| 80| case Nonce_Format::NULL_CIPHER: ------------------ | Branch (39:7): [True: 0, False: 407] ------------------ 40| 80| return 0; 41| 407| } 42| | 43| 0| throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value"); 44| 407|} _ZNK5Botan3TLS11Ciphersuite15ecc_ciphersuiteEv: 73| 3.05k|bool Ciphersuite::ecc_ciphersuite() const { 74| 3.05k| return kex_method() == Kex_Algo::ECDH || kex_method() == Kex_Algo::ECDHE_PSK || auth_method() == Auth_Method::ECDSA; ------------------ | Branch (74:11): [True: 11, False: 3.04k] | Branch (74:45): [True: 2.82k, False: 220] | Branch (74:84): [True: 0, False: 220] ------------------ 75| 3.05k|} _ZNK5Botan3TLS11Ciphersuite17usable_in_versionENS0_16Protocol_VersionE: 77| 288k|bool Ciphersuite::usable_in_version(Protocol_Version version) const { 78| | // RFC 8446 B.4.: 79| | // Although TLS 1.3 uses the same cipher suite space as previous 80| | // versions of TLS, TLS 1.3 cipher suites are defined differently, only 81| | // specifying the symmetric ciphers, and cannot be used for TLS 1.2. 82| | // Similarly, cipher suites for TLS 1.2 and lower cannot be used with 83| | // TLS 1.3. 84| | // 85| | // Currently cipher suite codes {0x13,0x01} through {0x13,0x05} are 86| | // allowed for TLS 1.3. This may change in the future. 87| 288k| const auto is_legacy_suite = (ciphersuite_code() & 0xFF00) != 0x1300; 88| 288k| return version.is_pre_tls_13() == is_legacy_suite; 89| 288k|} _ZNK5Botan3TLS11Ciphersuite15cbc_ciphersuiteEv: 91| 2.89k|bool Ciphersuite::cbc_ciphersuite() const { 92| 2.89k| return (mac_algo() != "AEAD" && cipher_algo() != "NULL"); ------------------ | Branch (92:12): [True: 1.95k, False: 939] | Branch (92:36): [True: 1.95k, False: 0] ------------------ 93| 2.89k|} _ZNK5Botan3TLS11Ciphersuite14signature_usedEv: 103| 11.8k|bool Ciphersuite::signature_used() const { 104| 11.8k| return auth_method() != Auth_Method::IMPLICIT; 105| 11.8k|} _ZNK5Botan3TLS11Ciphersuite23is_certificate_requiredEv: 107| 5.90k|bool Ciphersuite::is_certificate_required() const { 108| 5.90k| return signature_used() || kex_method() == Kex_Algo::STATIC_RSA; ------------------ | Branch (108:11): [True: 112, False: 5.79k] | Branch (108:31): [True: 16, False: 5.77k] ------------------ 109| 5.90k|} _ZN5Botan3TLS11Ciphersuite5by_idEt: 111| 8.94k|std::optional Ciphersuite::by_id(uint16_t suite) { 112| 8.94k| const std::vector& all_suites = all_known_ciphersuites(); 113| 8.94k| auto s = std::lower_bound(all_suites.begin(), all_suites.end(), suite); 114| | 115| 8.94k| if(s != all_suites.end() && s->ciphersuite_code() == suite) { ------------------ | Branch (115:7): [True: 8.94k, False: 0] | Branch (115:7): [True: 8.94k, False: 0] | Branch (115:32): [True: 8.94k, False: 0] ------------------ 116| 8.94k| return *s; 117| 8.94k| } 118| | 119| 0| return std::nullopt; // some unknown ciphersuite 120| 8.94k|} _ZN5Botan3TLS10ExtensionsD2Ev: 138| 21.2k|Extensions::~Extensions() = default; _ZNK5Botan3TLS10Extensions3hasENS0_14Extension_CodeE: 140| 112k|bool Extensions::has(Extension_Code type) const { 141| 112k| return m_extensions.contains(type); 142| 112k|} _ZNK5Botan3TLS10Extensions3getENS0_14Extension_CodeE: 144| 87.0k|Extension* Extensions::get(Extension_Code type) const { 145| 87.0k| const auto i = m_extensions.find(type); 146| | 147| 87.0k| if(i == m_extensions.end()) { ------------------ | Branch (147:7): [True: 65.7k, False: 21.3k] ------------------ 148| 65.7k| return nullptr; 149| 65.7k| } else { 150| 21.3k| return i->second.get(); 151| 21.3k| } 152| 87.0k|} _ZN5Botan3TLS10Extensions3addENSt3__110unique_ptrINS0_9ExtensionENS2_14default_deleteIS4_EEEE: 154| 58.8k|void Extensions::add(std::unique_ptr extn) { 155| 58.8k| const auto type = extn->type(); 156| 58.8k| if(has(type)) { ------------------ | Branch (156:7): [True: 0, False: 58.8k] ------------------ 157| 0| throw Invalid_Argument("cannot add the same extension twice: " + std::to_string(static_cast(type))); 158| 0| } 159| | 160| 58.8k| m_extension_codes.push_back(type); 161| 58.8k| m_extensions.emplace(type, std::move(extn)); 162| 58.8k|} _ZN5Botan3TLS10Extensions11deserializeERNS0_15TLS_Data_ReaderENS0_15Connection_SideENS0_14Handshake_TypeE: 164| 17.3k|void Extensions::deserialize(TLS_Data_Reader& reader, const Connection_Side from, const Handshake_Type message_type) { 165| 17.3k| if(reader.has_remaining()) { ------------------ | Branch (165:7): [True: 11.0k, False: 6.27k] ------------------ 166| 11.0k| const uint16_t all_extn_size = reader.get_uint16_t(); 167| | 168| 11.0k| if(reader.remaining_bytes() != all_extn_size) { ------------------ | Branch (168:10): [True: 39, False: 11.0k] ------------------ 169| 39| throw Decoding_Error("Bad extension size"); 170| 39| } 171| | 172| 64.3k| while(reader.has_remaining()) { ------------------ | Branch (172:13): [True: 53.3k, False: 11.0k] ------------------ 173| 53.3k| const uint16_t extension_code = reader.get_uint16_t(); 174| 53.3k| const uint16_t extension_size = reader.get_uint16_t(); 175| | 176| 53.3k| const auto type = static_cast(extension_code); 177| | 178| 53.3k| if(this->has(type)) { ------------------ | Branch (178:13): [True: 3, False: 53.3k] ------------------ 179| 3| throw TLS_Exception(TLS::Alert::DecodeError, "Peer sent duplicated extensions"); 180| 3| } 181| | 182| | // TODO offer a function on reader that returns a byte range as a reference 183| | // to avoid this copy of the extension data 184| 53.3k| const std::vector extn_data = reader.get_fixed(extension_size); 185| 53.3k| m_raw_extension_data[type] = extn_data; 186| 53.3k| TLS_Data_Reader extn_reader("Extension", extn_data); 187| 53.3k| this->add(make_extension(extn_reader, type, from, message_type)); 188| 53.3k| extn_reader.assert_done(); 189| 53.3k| } 190| 11.0k| } 191| 17.3k|} _ZNK5Botan3TLS10Extensions19contains_other_thanERKNSt3__13setINS0_14Extension_CodeENS2_4lessIS4_EENS2_9allocatorIS4_EEEEb: 194| 191| const bool allow_unknown_extensions) const { 195| 191| const auto found = extension_types(); 196| | 197| 191| std::vector diff; 198| 191| std::set_difference( 199| 191| found.cbegin(), found.end(), allowed_extensions.cbegin(), allowed_extensions.cend(), std::back_inserter(diff)); 200| | 201| 191| if(allow_unknown_extensions) { ------------------ | Branch (201:7): [True: 190, False: 1] ------------------ 202| | // Go through the found unexpected extensions whether any of those 203| | // is known to this TLS implementation. 204| 190| const auto itr = std::find_if(diff.cbegin(), diff.cend(), [this](const auto ext_type) { 205| 190| const auto ext = get(ext_type); 206| 190| return ext && ext->is_implemented(); 207| 190| }); 208| | 209| | // ... if yes, `contains_other_than` is true 210| 190| return itr != diff.cend(); 211| 190| } 212| | 213| 1| return !diff.empty(); 214| 191|} _ZNK5Botan3TLS10Extensions9serializeENS0_15Connection_SideE: 229| 2.89k|std::vector Extensions::serialize(Connection_Side whoami) const { 230| 2.89k| std::vector buf(2); // 2 bytes for length field 231| | 232| | // Serialize in the order extensions were added, which matters for TLS 1.3 233| 3.18k| for(const auto extn_type : m_extension_codes) { ------------------ | Branch (233:29): [True: 3.18k, False: 2.89k] ------------------ 234| 3.18k| const auto& extn = m_extensions.at(extn_type); 235| | 236| 3.18k| if(extn->empty()) { ------------------ | Branch (236:10): [True: 0, False: 3.18k] ------------------ 237| 0| continue; 238| 0| } 239| | 240| 3.18k| const uint16_t extn_code = static_cast(extn_type); 241| | 242| 3.18k| const std::vector extn_val = extn->serialize(whoami); 243| | 244| | // Each extension carries a uint16 length prefix. 245| 3.18k| BOTAN_ASSERT_NOMSG(extn_val.size() <= 0xFFFF); ------------------ | | 77| 3.18k| do { \ | | 78| 3.18k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 3.18k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 3.18k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 3.18k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 3.18k] | | ------------------ ------------------ 246| | 247| 3.18k| buf.push_back(get_byte<0>(extn_code)); 248| 3.18k| buf.push_back(get_byte<1>(extn_code)); 249| | 250| 3.18k| buf.push_back(get_byte<0>(static_cast(extn_val.size()))); 251| 3.18k| buf.push_back(get_byte<1>(static_cast(extn_val.size()))); 252| | 253| 3.18k| buf += extn_val; 254| 3.18k| } 255| | 256| | // The outer extensions block is itself uint16-length-prefixed. 257| 2.89k| BOTAN_ASSERT_NOMSG(buf.size() - 2 <= 0xFFFF); ------------------ | | 77| 2.89k| do { \ | | 78| 2.89k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 2.89k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 2.89k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 2.89k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 2.89k] | | ------------------ ------------------ 258| 2.89k| const uint16_t extn_size = static_cast(buf.size() - 2); 259| | 260| 2.89k| buf[0] = get_byte<0>(extn_size); 261| 2.89k| buf[1] = get_byte<1>(extn_size); 262| | 263| | // avoid sending a completely empty extensions block 264| 2.89k| if(buf.size() == 2) { ------------------ | Branch (264:7): [True: 0, False: 2.89k] ------------------ 265| 0| return std::vector(); 266| 0| } 267| | 268| 2.89k| return buf; 269| 2.89k|} _ZNK5Botan3TLS10Extensions15extension_typesEv: 271| 2.98k|std::set Extensions::extension_types() const { 272| 2.98k| std::set offers; 273| 21.5k| for(const auto& [extn_type, extn] : m_extensions) { ------------------ | Branch (273:38): [True: 21.5k, False: 2.98k] ------------------ 274| | // Consistent with serialize(): empty extensions are not placed on 275| | // the wire so they must not appear in the "offered" set either. 276| 21.5k| if(!extn->empty()) { ------------------ | Branch (276:10): [True: 21.5k, False: 4] ------------------ 277| 21.5k| offers.insert(extn_type); 278| 21.5k| } 279| 21.5k| } 280| 2.98k| return offers; 281| 2.98k|} _ZN5Botan3TLS17Unknown_ExtensionC2ENS0_14Extension_CodeERNS0_15TLS_Data_ReaderEt: 311| 35.6k| m_type(type), m_value(reader.get_fixed(extension_size)) {} _ZN5Botan3TLS21Server_Name_IndicatorC2ERNS0_15TLS_Data_ReaderEtNS0_15Connection_SideE: 317| 95|Server_Name_Indicator::Server_Name_Indicator(TLS_Data_Reader& reader, uint16_t extension_size, Connection_Side from) { 318| | /* 319| | RFC 6066 Section 3 320| | 321| | A server that receives a client hello containing the "server_name" 322| | extension MAY use the information contained in the extension to guide 323| | its selection of an appropriate certificate to return to the client, 324| | and/or other aspects of security policy. In this event, the server 325| | SHALL include an extension of type "server_name" in the (extended) 326| | server hello. The "extension_data" field of this extension SHALL be 327| | empty. 328| | */ 329| 95| if(from == Connection_Side::Server) { ------------------ | Branch (329:7): [True: 43, False: 52] ------------------ 330| 43| if(extension_size != 0) { ------------------ | Branch (330:10): [True: 5, False: 38] ------------------ 331| 5| throw TLS_Exception(Alert::IllegalParameter, "Server sent non-empty SNI extension"); 332| 5| } 333| 52| } else { 334| | // Clients are required to send at least one name in the SNI 335| 52| if(extension_size == 0) { ------------------ | Branch (335:10): [True: 6, False: 46] ------------------ 336| 6| throw TLS_Exception(Alert::IllegalParameter, "Client sent empty SNI extension"); 337| 6| } 338| | 339| 46| const uint16_t name_bytes = reader.get_uint16_t(); 340| | 341| | // RFC 6066 3: a ServerName carrying a host_name (the only NameType 342| | // currently defined and the only one this implementation acts on) 343| | // requires at least 1 byte name_type + 2 byte length + 1 byte HostName. 344| 46| if(name_bytes + 2 != extension_size || name_bytes < 4) { ------------------ | Branch (344:10): [True: 20, False: 26] | Branch (344:46): [True: 1, False: 25] ------------------ 345| 21| throw Decoding_Error("Bad encoding of SNI extension"); 346| 21| } 347| | 348| 25| BOTAN_ASSERT_NOMSG(reader.remaining_bytes() == name_bytes); ------------------ | | 77| 25| do { \ | | 78| 25| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 25| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 25] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 25| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 25] | | ------------------ ------------------ 349| | 350| 80| while(reader.has_remaining()) { ------------------ | Branch (350:13): [True: 59, False: 21] ------------------ 351| 59| const uint8_t name_type = reader.get_byte(); 352| | 353| 59| if(name_type == 0) { ------------------ | Branch (353:13): [True: 20, False: 39] ------------------ 354| | /* 355| | RFC 6066 Section 3 356| | The ServerNameList MUST NOT contain more than one name of the same name_type. 357| | */ 358| 20| if(!m_sni_host_name.empty()) { ------------------ | Branch (358:16): [True: 4, False: 16] ------------------ 359| 4| throw Decoding_Error("TLS ServerNameIndicator contains more than one host_name"); 360| 4| } 361| 16| m_sni_host_name = reader.get_string(2, 1, 65535); 362| 39| } else { 363| | /* 364| | Unknown name type - skip its length-prefixed value and continue 365| | 366| | RFC 6066 Section 3 367| | For backward compatibility, all future data structures associated 368| | with new NameTypes MUST begin with a 16-bit length field. 369| | */ 370| 39| const uint16_t unknown_name_len = reader.get_uint16_t(); 371| 39| reader.discard_next(unknown_name_len); 372| 39| } 373| 59| } 374| 25| } 375| 95|} _ZN5Botan3TLS39Application_Layer_Protocol_NotificationC2ENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 426| 10|Application_Layer_Protocol_Notification::Application_Layer_Protocol_Notification(std::string_view protocol) { 427| 10| BOTAN_ARG_CHECK(!protocol.empty(), "ALPN protocol name must not be empty"); ------------------ | | 35| 10| do { \ | | 36| 10| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 10| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 10] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 10| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 10] | | ------------------ ------------------ 428| 10| BOTAN_ARG_CHECK(protocol.size() < 256, "ALPN protocol name too long"); ------------------ | | 35| 10| do { \ | | 36| 10| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 10| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 10] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 10| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 10] | | ------------------ ------------------ 429| 10| m_protocols.emplace_back(protocol); 430| 10|} _ZN5Botan3TLS39Application_Layer_Protocol_NotificationC2ERNS0_15TLS_Data_ReaderEtNS0_15Connection_SideE: 443| 101| Connection_Side from) { 444| 101| if(extension_size < 2) { ------------------ | Branch (444:7): [True: 5, False: 96] ------------------ 445| 5| throw Decoding_Error("ALPN extension cannot be empty"); 446| 5| } 447| | 448| 96| const uint16_t name_bytes = reader.get_uint16_t(); 449| | 450| 96| size_t bytes_remaining = extension_size - 2; 451| | 452| 96| if(name_bytes != bytes_remaining) { ------------------ | Branch (452:7): [True: 10, False: 86] ------------------ 453| 10| throw Decoding_Error("Bad encoding of ALPN extension, bad length field"); 454| 10| } 455| | 456| | // RFC 7301 3.1: ProtocolName protocol_name_list<2..2^16-1> 457| 86| if(name_bytes == 0) { ------------------ | Branch (457:7): [True: 1, False: 85] ------------------ 458| 1| throw Decoding_Error("Empty ALPN protocol_name_list not allowed"); 459| 1| } 460| | 461| 1.14k| while(bytes_remaining > 0) { ------------------ | Branch (461:10): [True: 1.06k, False: 79] ------------------ 462| 1.06k| const std::string p = reader.get_string(1, 0, 255); 463| | 464| 1.06k| if(bytes_remaining < p.size() + 1) { ------------------ | Branch (464:10): [True: 0, False: 1.06k] ------------------ 465| 0| throw Decoding_Error("Bad encoding of ALPN, length field too long"); 466| 0| } 467| | 468| 1.06k| if(p.empty()) { ------------------ | Branch (468:10): [True: 6, False: 1.05k] ------------------ 469| 6| throw Decoding_Error("Empty ALPN protocol not allowed"); 470| 6| } 471| | 472| 1.05k| bytes_remaining -= (p.size() + 1); 473| | 474| 1.05k| m_protocols.push_back(p); 475| 1.05k| } 476| | 477| | // RFC 7301 3.1 478| | // The "extension_data" field of the [...] extension is structured the 479| | // same as described above for the client "extension_data", except that 480| | // the "ProtocolNameList" MUST contain exactly one "ProtocolName". 481| 79| if(from == Connection_Side::Server && m_protocols.size() != 1) { ------------------ | Branch (481:7): [True: 10, False: 69] | Branch (481:42): [True: 6, False: 4] ------------------ 482| 6| throw TLS_Exception( 483| 6| Alert::DecodeError, 484| 6| "Server sent " + std::to_string(m_protocols.size()) + " protocols in ALPN extension response"); 485| 6| } 486| 79|} _ZNK5Botan3TLS39Application_Layer_Protocol_Notification9serializeENS0_15Connection_SideE: 493| 10|std::vector Application_Layer_Protocol_Notification::serialize(Connection_Side /*whoami*/) const { 494| 10| std::vector buf(2); 495| | 496| 10| for(auto&& proto : m_protocols) { ------------------ | Branch (496:21): [True: 10, False: 10] ------------------ 497| 10| if(proto.length() >= 256) { ------------------ | Branch (497:10): [True: 0, False: 10] ------------------ 498| 0| throw TLS_Exception(Alert::InternalError, "ALPN name too long"); 499| 0| } 500| 10| if(!proto.empty()) { ------------------ | Branch (500:10): [True: 10, False: 0] ------------------ 501| 10| append_tls_length_value(buf, proto, 1); 502| 10| } 503| 10| } 504| | 505| | // RFC 7301 3.1: ProtocolName protocol_name_list<2..2^16-1>; 506| 10| BOTAN_ASSERT_NOMSG(buf.size() - 2 <= 0xFFFF); ------------------ | | 77| 10| do { \ | | 78| 10| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 10| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 10] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 10| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 10] | | ------------------ ------------------ 507| 10| buf[0] = get_byte<0>(static_cast(buf.size() - 2)); 508| 10| buf[1] = get_byte<1>(static_cast(buf.size() - 2)); 509| | 510| 10| return buf; 511| 10|} _ZN5Botan3TLS21Certificate_Type_BaseC2ERNS0_15TLS_Data_ReaderEtNS0_15Connection_SideE: 549| 256| m_from(from) { 550| 256| if(extension_size == 0) { ------------------ | Branch (550:7): [True: 5, False: 251] ------------------ 551| 5| throw Decoding_Error("Certificate type extension cannot be empty"); 552| 5| } 553| | 554| 251| if(from == Connection_Side::Client) { ------------------ | Branch (554:7): [True: 237, False: 14] ------------------ 555| 237| const auto type_bytes = reader.get_tls_length_value(1); 556| 237| if(static_cast(extension_size) != type_bytes.size() + 1) { ------------------ | Branch (556:10): [True: 1, False: 236] ------------------ 557| 1| throw Decoding_Error("certificate type extension had inconsistent length"); 558| 1| } 559| | // RFC 7250 4: {client,server}_certificate_types<1..2^8-1> so must be non-empty 560| 236| if(type_bytes.empty()) { ------------------ | Branch (560:10): [True: 1, False: 235] ------------------ 561| 1| throw Decoding_Error("Certificate type extension contains no types"); 562| 1| } 563| 235| std::transform( 564| 235| type_bytes.begin(), type_bytes.end(), std::back_inserter(m_certificate_types), [](const auto type_byte) { 565| 235| return static_cast(type_byte); 566| 235| }); 567| 235| } else { 568| | // RFC 7250 4.2 569| | // Note that only a single value is permitted in the 570| | // server_certificate_type extension when carried in the server hello. 571| 14| if(extension_size != 1) { ------------------ | Branch (571:10): [True: 2, False: 12] ------------------ 572| 2| throw Decoding_Error("Server's certificate type extension must be of length 1"); 573| 2| } 574| 12| const auto type_byte = reader.get_byte(); 575| 12| m_certificate_types.push_back(static_cast(type_byte)); 576| 12| } 577| 251|} _ZNK5Botan3TLS16Supported_Groups9ec_groupsEv: 622| 5.67k|std::vector Supported_Groups::ec_groups() const { 623| 5.67k| std::vector ec; 624| 24.3k| for(auto g : m_groups) { ------------------ | Branch (624:15): [True: 24.3k, False: 5.67k] ------------------ 625| 24.3k| if(g.is_pure_ecc_group()) { ------------------ | Branch (625:10): [True: 5.77k, False: 18.5k] ------------------ 626| 5.77k| ec.push_back(g); 627| 5.77k| } 628| 24.3k| } 629| 5.67k| return ec; 630| 5.67k|} _ZNK5Botan3TLS16Supported_Groups9dh_groupsEv: 632| 5.76k|std::vector Supported_Groups::dh_groups() const { 633| 5.76k| std::vector dh; 634| 26.0k| for(auto g : m_groups) { ------------------ | Branch (634:15): [True: 26.0k, False: 5.76k] ------------------ 635| 26.0k| if(g.is_in_ffdhe_range()) { ------------------ | Branch (635:10): [True: 858, False: 25.1k] ------------------ 636| 858| dh.push_back(g); 637| 858| } 638| 26.0k| } 639| 5.76k| return dh; 640| 5.76k|} _ZN5Botan3TLS16Supported_GroupsC2ERNS0_15TLS_Data_ReaderEt: 662| 5.91k|Supported_Groups::Supported_Groups(TLS_Data_Reader& reader, uint16_t extension_size) { 663| 5.91k| const uint16_t len = reader.get_uint16_t(); 664| | 665| 5.91k| if(len + 2 != extension_size) { ------------------ | Branch (665:7): [True: 19, False: 5.89k] ------------------ 666| 19| throw Decoding_Error("Inconsistent length field in supported groups list"); 667| 19| } 668| | 669| | // RFC 8446 4.2.7: NamedGroup named_group_list<2..2^16-1>; 670| 5.89k| if(len == 0) { ------------------ | Branch (670:7): [True: 1, False: 5.89k] ------------------ 671| 1| throw Decoding_Error("Empty supported groups list"); 672| 1| } 673| | 674| 5.89k| if(len % 2 == 1) { ------------------ | Branch (674:7): [True: 1, False: 5.89k] ------------------ 675| 1| throw Decoding_Error("Supported groups list of strange size"); 676| 1| } 677| | 678| 5.89k| const size_t elems = len / 2; 679| | 680| 5.89k| std::unordered_set seen; 681| 37.6k| for(size_t i = 0; i != elems; ++i) { ------------------ | Branch (681:22): [True: 31.8k, False: 5.89k] ------------------ 682| 31.8k| const auto group = static_cast(reader.get_uint16_t()); 683| | // Note: RFC 8446 does not explicitly enforce that groups must be unique. 684| 31.8k| if(seen.insert(group.wire_code()).second) { ------------------ | Branch (684:10): [True: 28.1k, False: 3.65k] ------------------ 685| 28.1k| m_groups.push_back(group); 686| 28.1k| } 687| 31.8k| } 688| 5.89k|} _ZN5Botan3TLS20Signature_AlgorithmsC2ERNS0_15TLS_Data_ReaderEt: 734| 321| m_schemes(parse_signature_algorithms(reader, extension_size)) {} _ZN5Botan3TLS25Signature_Algorithms_CertC2ERNS0_15TLS_Data_ReaderEt: 741| 36| m_schemes(parse_signature_algorithms(reader, extension_size)) {} _ZN5Botan3TLS24SRTP_Protection_ProfilesC2ERNS0_15TLS_Data_ReaderEt: 743| 71|SRTP_Protection_Profiles::SRTP_Protection_Profiles(TLS_Data_Reader& reader, uint16_t extension_size) { 744| | // RFC 5764 4.1.1: UseSRTPData consists of 745| | // SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; 746| | // opaque srtp_mki<0..255>; 747| | // for a wire size of 2 (profiles len) + 2*N + 1 (mki len) + mki_bytes, 748| | // with N >= 1. 749| 71| if(extension_size < 5) { ------------------ | Branch (749:7): [True: 2, False: 69] ------------------ 750| 2| throw Decoding_Error("Truncated SRTP protection extension"); 751| 2| } 752| 69| const size_t max_profile_pairs = (static_cast(extension_size) - 3) / 2; 753| 69| m_pp = reader.get_range(2, 1, max_profile_pairs); 754| 69| const std::vector mki = reader.get_range(1, 0, 255); 755| | 756| 69| if(m_pp.size() * 2 + mki.size() + 3 != extension_size) { ------------------ | Branch (756:7): [True: 8, False: 61] ------------------ 757| 8| throw Decoding_Error("Bad encoding for SRTP protection extension"); 758| 8| } 759| | 760| 61| if(!mki.empty()) { ------------------ | Branch (760:7): [True: 1, False: 60] ------------------ 761| 1| throw Decoding_Error("Unhandled non-empty MKI for SRTP protection extension"); 762| 1| } 763| 61|} _ZN5Botan3TLS18Supported_VersionsC2ERNS0_15TLS_Data_ReaderEtNS0_15Connection_SideE: 838| 543|Supported_Versions::Supported_Versions(TLS_Data_Reader& reader, uint16_t extension_size, Connection_Side from) { 839| 543| if(from == Connection_Side::Server) { ------------------ | Branch (839:7): [True: 27, False: 516] ------------------ 840| 27| if(extension_size != 2) { ------------------ | Branch (840:10): [True: 2, False: 25] ------------------ 841| 2| throw Decoding_Error("Server sent invalid supported_versions extension"); 842| 2| } 843| 25| m_versions.push_back(Protocol_Version(reader.get_uint16_t())); 844| 516| } else { 845| 516| auto versions = reader.get_range(1, 1, 127); 846| | 847| 2.10k| for(auto v : versions) { ------------------ | Branch (847:18): [True: 2.10k, False: 516] ------------------ 848| 2.10k| m_versions.push_back(Protocol_Version(v)); 849| 2.10k| } 850| | 851| 516| if(extension_size != 1 + 2 * versions.size()) { ------------------ | Branch (851:10): [True: 6, False: 510] ------------------ 852| 6| throw Decoding_Error("Client sent invalid supported_versions extension"); 853| 6| } 854| 516| } 855| 543|} _ZNK5Botan3TLS18Supported_Versions8supportsENS0_16Protocol_VersionE: 857| 86|bool Supported_Versions::supports(Protocol_Version version) const { 858| 468| for(auto v : m_versions) { ------------------ | Branch (858:15): [True: 468, False: 55] ------------------ 859| 468| if(version == v) { ------------------ | Branch (859:10): [True: 31, False: 437] ------------------ 860| 31| return true; 861| 31| } 862| 468| } 863| 55| return false; 864| 86|} _ZN5Botan3TLS17Record_Size_LimitC2ERNS0_15TLS_Data_ReaderEtNS0_15Connection_SideE: 872| 35|Record_Size_Limit::Record_Size_Limit(TLS_Data_Reader& reader, uint16_t extension_size, Connection_Side from) { 873| 35| if(extension_size != 2) { ------------------ | Branch (873:7): [True: 1, False: 34] ------------------ 874| 1| throw TLS_Exception(Alert::DecodeError, "invalid record_size_limit extension"); 875| 1| } 876| | 877| 34| m_limit = reader.get_uint16_t(); 878| | 879| | // RFC 8449 4. 880| | // This value is the length of the plaintext of a protected record. 881| | // The value includes the content type and padding added in TLS 1.3 (that 882| | // is, the complete length of TLSInnerPlaintext). 883| | // 884| | // A server MUST NOT enforce this restriction; a client might advertise 885| | // a higher limit that is enabled by an extension or version the server 886| | // does not understand. A client MAY abort the handshake with an 887| | // "illegal_parameter" alert. 888| | // 889| | // Note: We are currently supporting this extension in TLS 1.3 only, hence 890| | // we check for the TLS 1.3 limit. The TLS 1.2 limit would not include 891| | // the "content type byte" and hence be one byte less! 892| 34| if(m_limit > MAX_PLAINTEXT_SIZE + 1 /* encrypted content type byte */ && from == Connection_Side::Server) { ------------------ | Branch (892:7): [True: 10, False: 24] | Branch (892:77): [True: 2, False: 8] ------------------ 893| 2| throw TLS_Exception(Alert::IllegalParameter, 894| 2| "Server requested a record size limit larger than the protocol's maximum"); 895| 2| } 896| | 897| | // RFC 8449 4. 898| | // Endpoints MUST NOT send a "record_size_limit" extension with a value 899| | // smaller than 64. An endpoint MUST treat receipt of a smaller value 900| | // as a fatal error and generate an "illegal_parameter" alert. 901| 32| if(m_limit < 64) { ------------------ | Branch (901:7): [True: 4, False: 28] ------------------ 902| 4| throw TLS_Exception(Alert::IllegalParameter, "Received a record size limit smaller than 64 bytes"); 903| 4| } 904| 32|} tls_extensions.cpp:_ZN5Botan3TLS12_GLOBAL__N_114make_extensionERNS0_15TLS_Data_ReaderENS0_14Extension_CodeENS0_15Connection_SideENS0_14Handshake_TypeE: 39| 53.2k| const Handshake_Type message_type) { 40| | // This cast is safe because we read exactly a 16 bit length field for 41| | // the extension in Extensions::deserialize 42| 53.2k| const uint16_t size = static_cast(reader.remaining_bytes()); 43| 53.2k| switch(code) { ------------------ | Branch (43:11): [True: 17.6k, False: 35.6k] ------------------ 44| 95| case Extension_Code::ServerNameIndication: ------------------ | Branch (44:7): [True: 95, False: 53.1k] ------------------ 45| 95| return std::make_unique(reader, size, from); 46| | 47| 5.91k| case Extension_Code::SupportedGroups: ------------------ | Branch (47:7): [True: 5.91k, False: 47.3k] ------------------ 48| 5.91k| return std::make_unique(reader, size); 49| | 50| 1.88k| case Extension_Code::CertificateStatusRequest: ------------------ | Branch (50:7): [True: 1.88k, False: 51.3k] ------------------ 51| 1.88k| return std::make_unique(reader, size, message_type, from); 52| | 53| 321| case Extension_Code::SignatureAlgorithms: ------------------ | Branch (53:7): [True: 321, False: 52.9k] ------------------ 54| 321| return std::make_unique(reader, size); 55| | 56| 36| case Extension_Code::CertSignatureAlgorithms: ------------------ | Branch (56:7): [True: 36, False: 53.2k] ------------------ 57| 36| return std::make_unique(reader, size); 58| | 59| 71| case Extension_Code::UseSrtp: ------------------ | Branch (59:7): [True: 71, False: 53.2k] ------------------ 60| 71| return std::make_unique(reader, size); 61| | 62| 101| case Extension_Code::ApplicationLayerProtocolNegotiation: ------------------ | Branch (62:7): [True: 101, False: 53.1k] ------------------ 63| 101| return std::make_unique(reader, size, from); 64| | 65| 158| case Extension_Code::ClientCertificateType: ------------------ | Branch (65:7): [True: 158, False: 53.1k] ------------------ 66| 158| return std::make_unique(reader, size, from); 67| | 68| 98| case Extension_Code::ServerCertificateType: ------------------ | Branch (68:7): [True: 98, False: 53.1k] ------------------ 69| 98| return std::make_unique(reader, size, from); 70| | 71| 35| case Extension_Code::RecordSizeLimit: ------------------ | Branch (71:7): [True: 35, False: 53.2k] ------------------ 72| 35| return std::make_unique(reader, size, from); 73| | 74| 543| case Extension_Code::SupportedVersions: ------------------ | Branch (74:7): [True: 543, False: 52.7k] ------------------ 75| 543| return std::make_unique(reader, size, from); 76| | 77| 1| case Extension_Code::Padding: ------------------ | Branch (77:7): [True: 1, False: 53.2k] ------------------ 78| 1| break; // RFC 7685, recognized but not implemented; falls through to Unknown_Extension 79| | 80| 0|#if defined(BOTAN_HAS_TLS_12) 81| 206| case Extension_Code::EcPointFormats: ------------------ | Branch (81:7): [True: 206, False: 53.0k] ------------------ 82| 206| return std::make_unique(reader, size); 83| | 84| 201| case Extension_Code::SafeRenegotiation: ------------------ | Branch (84:7): [True: 201, False: 53.0k] ------------------ 85| 201| return std::make_unique(reader, size); 86| | 87| 6.12k| case Extension_Code::ExtendedMasterSecret: ------------------ | Branch (87:7): [True: 6.12k, False: 47.1k] ------------------ 88| 6.12k| return std::make_unique(reader, size); 89| | 90| 145| case Extension_Code::EncryptThenMac: ------------------ | Branch (90:7): [True: 145, False: 53.1k] ------------------ 91| 145| return std::make_unique(reader, size); 92| | 93| 175| case Extension_Code::SessionTicket: ------------------ | Branch (93:7): [True: 175, False: 53.0k] ------------------ 94| 175| return std::make_unique(reader, size, from); 95| |#else 96| | case Extension_Code::EcPointFormats: 97| | case Extension_Code::SafeRenegotiation: 98| | case Extension_Code::ExtendedMasterSecret: 99| | case Extension_Code::EncryptThenMac: 100| | case Extension_Code::SessionTicket: 101| | break; // considered as 'unknown extension' 102| |#endif 103| | 104| 0|#if defined(BOTAN_HAS_TLS_13) 105| 93| case Extension_Code::PresharedKey: ------------------ | Branch (105:7): [True: 93, False: 53.1k] ------------------ 106| 93| return std::make_unique(reader, size, message_type); 107| | 108| 41| case Extension_Code::EarlyData: ------------------ | Branch (108:7): [True: 41, False: 53.2k] ------------------ 109| 41| return std::make_unique(reader, size, message_type); 110| | 111| 66| case Extension_Code::Cookie: ------------------ | Branch (111:7): [True: 66, False: 53.2k] ------------------ 112| 66| return std::make_unique(reader, size); 113| | 114| 847| case Extension_Code::PskKeyExchangeModes: ------------------ | Branch (114:7): [True: 847, False: 52.4k] ------------------ 115| 847| return std::make_unique(reader, size); 116| | 117| 351| case Extension_Code::CertificateAuthorities: ------------------ | Branch (117:7): [True: 351, False: 52.9k] ------------------ 118| 351| return std::make_unique(reader, size); 119| | 120| 91| case Extension_Code::KeyShare: ------------------ | Branch (120:7): [True: 91, False: 53.1k] ------------------ 121| 91| return std::make_unique(reader, size, message_type); 122| |#else 123| | case Extension_Code::PresharedKey: 124| | case Extension_Code::EarlyData: 125| | case Extension_Code::Cookie: 126| | case Extension_Code::PskKeyExchangeModes: 127| | case Extension_Code::CertificateAuthorities: 128| | case Extension_Code::KeyShare: 129| | break; // considered as 'unknown extension' 130| |#endif 131| 53.2k| } 132| | 133| 35.6k| return std::make_unique(code, reader, size); 134| 53.2k|} tls_extensions.cpp:_ZZNK5Botan3TLS10Extensions19contains_other_thanERKNSt3__13setINS0_14Extension_CodeENS2_4lessIS4_EENS2_9allocatorIS4_EEEEbENK3$_0clIS4_EEDaT_: 204| 428| const auto itr = std::find_if(diff.cbegin(), diff.cend(), [this](const auto ext_type) { 205| 428| const auto ext = get(ext_type); 206| 428| return ext && ext->is_implemented(); ------------------ | Branch (206:17): [True: 428, False: 0] | Branch (206:24): [True: 52, False: 376] ------------------ 207| 428| }); tls_extensions.cpp:_ZZN5Botan3TLS21Certificate_Type_BaseC1ERNS0_15TLS_Data_ReaderEtNS0_15Connection_SideEENK3$_0clIhEEDaT_: 564| 1.47k| type_bytes.begin(), type_bytes.end(), std::back_inserter(m_certificate_types), [](const auto type_byte) { 565| 1.47k| return static_cast(type_byte); 566| 1.47k| }); tls_extensions.cpp:_ZN5Botan3TLS12_GLOBAL__N_126parse_signature_algorithmsERNS0_15TLS_Data_ReaderEt: 710| 357|std::vector parse_signature_algorithms(TLS_Data_Reader& reader, uint16_t extension_size) { 711| 357| uint16_t len = reader.get_uint16_t(); 712| | 713| 357| if(len + 2 != extension_size || len % 2 == 1 || len == 0) { ------------------ | Branch (713:7): [True: 16, False: 341] | Branch (713:36): [True: 1, False: 340] | Branch (713:52): [True: 1, False: 339] ------------------ 714| 16| throw Decoding_Error("Bad encoding on signature algorithms extension"); 715| 16| } 716| | 717| 341| std::vector schemes; 718| 341| schemes.reserve(len / 2); 719| 34.3k| while(len > 0) { ------------------ | Branch (719:10): [True: 33.9k, False: 341] ------------------ 720| 33.9k| schemes.emplace_back(reader.get_uint16_t()); 721| 33.9k| len -= 2; 722| 33.9k| } 723| | 724| 341| return schemes; 725| 357|} _ZN5Botan3TLS26Certificate_Status_RequestC2ERNS0_15TLS_Data_ReaderEtNS0_14Handshake_TypeENS0_15Connection_SideE: 104| 1.88k| Connection_Side from) { 105| | // This parser needs to take TLS 1.2 and TLS 1.3 into account. The 106| | // extension's content and structure is dependent on the context it 107| | // was sent in (i.e. the enclosing handshake message). Below is a list 108| | // of handshake messages this can appear in. 109| | // 110| | // TLS 1.2 111| | // * Client Hello 112| | // * Server Hello 113| | // 114| | // TLS 1.3 115| | // * Client Hello 116| | // * Certificate Request 117| | // * Certificate (Entry) 118| | 119| | // RFC 6066 8. 120| | // In order to indicate their desire to receive certificate status 121| | // information, clients MAY include an extension of type "status_request" 122| | // in the (extended) client hello. 123| 1.88k| if(message_type == Handshake_Type::ClientHello) { ------------------ | Branch (123:7): [True: 1.87k, False: 11] ------------------ 124| 1.87k| m_impl = std::make_unique( 125| 1.87k| RFC6066_Certificate_Status_Request(reader, extension_size)); 126| 1.87k| } 127| | 128| | // RFC 6066 8. 129| | // If a server returns a "CertificateStatus" message, then the server MUST 130| | // have included an extension of type "status_request" with empty 131| | // "extension_data" in the extended server hello. 132| | // 133| | // RFC 8446 4.4.2.1 134| | // A server MAY request that a client present an OCSP response with its 135| | // certificate by sending an empty "status_request" extension in its 136| | // CertificateRequest message. 137| 11| else if(message_type == Handshake_Type::ServerHello || message_type == Handshake_Type::CertificateRequest) { ------------------ | Branch (137:12): [True: 8, False: 3] | Branch (137:59): [True: 0, False: 3] ------------------ 138| 8| m_impl = std::make_unique( 139| 8| RFC6066_Empty_Certificate_Status_Request(extension_size)); 140| 8| } 141| | 142| | // RFC 8446 4.4.2.1 143| | // In TLS 1.3, the server's OCSP information is carried in an extension 144| | // in the CertificateEntry [in a Certificate handshake message] [...]. 145| | // Specifically, the body of the "status_request" extension from the 146| | // server MUST be a CertificateStatus structure as defined in [RFC6066] 147| | // [...]. 148| | // 149| | // RFC 8446 4.4.2.1 150| | // If the client opts to send an OCSP response, the body of its 151| | // "status_request" extension MUST be a CertificateStatus structure as 152| | // defined in [RFC6066]. 153| 3| else if(message_type == Handshake_Type::Certificate) { ------------------ | Branch (153:12): [True: 0, False: 3] ------------------ 154| 0| m_impl = std::make_unique( 155| 0| Certificate_Status(reader.get_fixed(extension_size), from)); 156| 0| } 157| | 158| | // all other contexts are not allowed for this extension 159| 3| else { 160| 3| throw TLS_Exception(Alert::UnsupportedExtension, 161| 3| "Server sent a Certificate_Status_Request extension in an unsupported context"); 162| 3| } 163| 1.88k|} _ZN5Botan3TLS26Certificate_Status_RequestC2Ev: 166| 74| m_impl(std::make_unique(RFC6066_Empty_Certificate_Status_Request())) {} _ZN5Botan3TLS26Certificate_Status_RequestD2Ev: 176| 1.93k|Certificate_Status_Request::~Certificate_Status_Request() = default; _ZNK5Botan3TLS26Certificate_Status_Request9serializeENS0_15Connection_SideE: 184| 74|std::vector Certificate_Status_Request::serialize(Connection_Side /*side*/) const { 185| 74| BOTAN_ASSERT_NONNULL(m_impl); ------------------ | | 116| 74| do { \ | | 117| 74| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 74] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 74| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 74] | | ------------------ ------------------ 186| 74| return std::visit([](const auto& c) { return c.serialize(); }, m_impl->content); 187| 74|} tls_extensions_cert_status_req.cpp:_ZN5Botan3TLS12_GLOBAL__N_134RFC6066_Certificate_Status_RequestC2ERNS0_15TLS_Data_ReaderEt: 38| 1.87k| RFC6066_Certificate_Status_Request(TLS_Data_Reader& reader, uint16_t extension_size) { 39| 1.87k| if(extension_size == 0) { ------------------ | Branch (39:13): [True: 2, False: 1.87k] ------------------ 40| 2| throw Decoding_Error("Received an unexpectedly empty Certificate_Status_Request"); 41| 2| } 42| | 43| 1.87k| const uint8_t type = reader.get_byte(); 44| 1.87k| if(type == 1 /* ocsp */) { ------------------ | Branch (44:13): [True: 30, False: 1.84k] ------------------ 45| | // RFC 6066 Section 8: OCSP CertificateStatusRequest is 46| | // ResponderID responder_id_list<0..2^16-1>; 47| | // Extensions request_extensions; 48| | // 49| | // for a total wire size of 1 (status_type) + 2 (resp_id_list len) 50| | // + len_resp_id_list + 2 (request_ext len) + len_requ_ext. 51| 30| if(extension_size < 5) { ------------------ | Branch (51:16): [True: 2, False: 28] ------------------ 52| 2| throw Decoding_Error("Truncated OCSP CertificateStatusRequest"); 53| 2| } 54| 28| const size_t len_resp_id_list = reader.get_uint16_t(); 55| 28| if(len_resp_id_list > static_cast(extension_size) - 5) { ------------------ | Branch (55:16): [True: 7, False: 21] ------------------ 56| 7| throw Decoding_Error("Inconsistent length in OCSP CertificateStatusRequest"); 57| 7| } 58| 21| ocsp_names = reader.get_fixed(len_resp_id_list); 59| 21| const size_t len_requ_ext = reader.get_uint16_t(); 60| 21| if(len_resp_id_list + len_requ_ext + 5 != extension_size) { ------------------ | Branch (60:16): [True: 8, False: 13] ------------------ 61| 8| throw Decoding_Error("Inconsistent length in OCSP CertificateStatusRequest"); 62| 8| } 63| 13| extension_bytes = reader.get_fixed(len_requ_ext); 64| 1.84k| } else { 65| | // RFC 6066 does not specify anything but 'ocsp' and we 66| | // don't support anything else either. 67| 1.84k| reader.discard_next(extension_size - 1); 68| 1.84k| } 69| 1.87k| } tls_extensions_cert_status_req.cpp:_ZN5Botan3TLS12_GLOBAL__N_140RFC6066_Empty_Certificate_Status_RequestC2Et: 24| 8| explicit RFC6066_Empty_Certificate_Status_Request(uint16_t extension_size) { 25| 8| if(extension_size != 0) { ------------------ | Branch (25:13): [True: 1, False: 7] ------------------ 26| 1| throw Decoding_Error("Received an unexpectedly non-empty Certificate_Status_Request"); 27| 1| } 28| 8| } tls_extensions_cert_status_req.cpp:_ZZNK5Botan3TLS26Certificate_Status_Request9serializeENS0_15Connection_SideEENK3$_0clINS0_12_GLOBAL__N_140RFC6066_Empty_Certificate_Status_RequestEEEDaRKT_: 186| 74| return std::visit([](const auto& c) { return c.serialize(); }, m_impl->content); tls_extensions_cert_status_req.cpp:_ZNK5Botan3TLS12_GLOBAL__N_140RFC6066_Empty_Certificate_Status_Request9serializeEv: 30| 74| std::vector serialize() const { return {}; } tls_extensions_cert_status_req.cpp:_ZN5Botan3TLS35Certificate_Status_Request_InternalC2ENSt3__17variantIJNS0_12_GLOBAL__N_140RFC6066_Empty_Certificate_Status_RequestENS4_34RFC6066_Certificate_Status_RequestENS0_18Certificate_StatusEEEE: 96| 1.93k| explicit Certificate_Status_Request_Internal(Contents c) : content(std::move(c)) {} _ZN5Botan3TLS11ExternalPSK21extract_master_secretEv: 16| 2.22k|secure_vector ExternalPSK::extract_master_secret() { 17| 2.22k| BOTAN_STATE_CHECK(!m_master_secret.empty()); ------------------ | | 51| 2.22k| do { \ | | 52| 2.22k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 2.22k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 2.22k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 2.22k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 2.22k] | | ------------------ ------------------ 18| 2.22k| return std::exchange(m_master_secret, {}); 19| 2.22k|} _ZNK5Botan3TLS21Handshake_Transitions22received_handshake_msgENS0_14Handshake_TypeE: 125| 2.26k|bool Handshake_Transitions::received_handshake_msg(Handshake_Type msg_type) const { 126| 2.26k| const uint32_t mask = bitmask_for_handshake_type(msg_type); 127| | 128| 2.26k| return (m_hand_received_mask & mask) != 0; 129| 2.26k|} _ZN5Botan3TLS21Handshake_Transitions21confirm_transition_toENS0_14Handshake_TypeE: 131| 18.9k|void Handshake_Transitions::confirm_transition_to(Handshake_Type msg_type) { 132| 18.9k| const uint32_t mask = bitmask_for_handshake_type(msg_type); 133| | 134| 18.9k| m_hand_received_mask |= mask; 135| | 136| 18.9k| const bool ok = (m_hand_expecting_mask & mask) != 0; // overlap? 137| | 138| 18.9k| if(!ok) { ------------------ | Branch (138:7): [True: 63, False: 18.9k] ------------------ 139| 63| const uint32_t seen_so_far = m_hand_received_mask & ~mask; 140| | 141| 63| std::ostringstream msg; 142| | 143| 63| msg << "Unexpected state transition in handshake got a " << handshake_type_to_string(msg_type); 144| | 145| 63| if(m_hand_expecting_mask == 0) { ------------------ | Branch (145:10): [True: 0, False: 63] ------------------ 146| 0| msg << " not expecting messages"; 147| 63| } else { 148| 63| msg << " expected " << handshake_mask_to_string(m_hand_expecting_mask, '|'); 149| 63| } 150| | 151| 63| if(seen_so_far != 0) { ------------------ | Branch (151:10): [True: 17, False: 46] ------------------ 152| 17| msg << " seen " << handshake_mask_to_string(seen_so_far, '+'); 153| 17| } 154| | 155| 63| throw Unexpected_Message(msg.str()); 156| 63| } 157| | 158| | /* We don't know what to expect next, so force a call to 159| | set_expected_next; if it doesn't happen, the next transition 160| | check will always fail which is what we want. 161| | */ 162| 18.9k| m_hand_expecting_mask = 0; 163| 18.9k|} _ZN5Botan3TLS21Handshake_Transitions17set_expected_nextENS0_14Handshake_TypeE: 165| 28.3k|void Handshake_Transitions::set_expected_next(Handshake_Type msg_type) { 166| 28.3k| m_hand_expecting_mask |= bitmask_for_handshake_type(msg_type); 167| 28.3k|} _ZNK5Botan3TLS21Handshake_Transitions27change_cipher_spec_expectedEv: 175| 31.5k|bool Handshake_Transitions::change_cipher_spec_expected() const { 176| 31.5k| return (bitmask_for_handshake_type(Handshake_Type::HandshakeCCS) & m_hand_expecting_mask) != 0; 177| 31.5k|} tls_handshake_transitions.cpp:_ZN5Botan3TLS12_GLOBAL__N_126bitmask_for_handshake_typeENS0_14Handshake_TypeE: 19| 82.5k|uint32_t bitmask_for_handshake_type(Handshake_Type type) { 20| 82.5k| switch(type) { ------------------ | Branch (20:11): [True: 82.5k, False: 17] ------------------ 21| 82| case Handshake_Type::HelloVerifyRequest: ------------------ | Branch (21:7): [True: 82, False: 82.4k] ------------------ 22| 82| return (1 << 0); 23| | 24| 3.79k| case Handshake_Type::HelloRequest: ------------------ | Branch (24:7): [True: 3.79k, False: 78.7k] ------------------ 25| 3.79k| return (1 << 1); 26| | 27| 35.3k| case Handshake_Type::ClientHello: ------------------ | Branch (27:7): [True: 35.3k, False: 47.1k] ------------------ 28| 35.3k| return (1 << 2); 29| | 30| 80| case Handshake_Type::ServerHello: ------------------ | Branch (30:7): [True: 80, False: 82.4k] ------------------ 31| 80| return (1 << 3); 32| | 33| 2.35k| case Handshake_Type::Certificate: ------------------ | Branch (33:7): [True: 2.35k, False: 80.2k] ------------------ 34| 2.35k| return (1 << 4); 35| | 36| 81| case Handshake_Type::CertificateUrl: ------------------ | Branch (36:7): [True: 81, False: 82.4k] ------------------ 37| 81| return (1 << 5); 38| | 39| 81| case Handshake_Type::CertificateStatus: ------------------ | Branch (39:7): [True: 81, False: 82.4k] ------------------ 40| 81| return (1 << 6); 41| | 42| 81| case Handshake_Type::ServerKeyExchange: ------------------ | Branch (42:7): [True: 81, False: 82.4k] ------------------ 43| 81| return (1 << 7); 44| | 45| 81| case Handshake_Type::CertificateRequest: ------------------ | Branch (45:7): [True: 81, False: 82.4k] ------------------ 46| 81| return (1 << 8); 47| | 48| 83| case Handshake_Type::ServerHelloDone: ------------------ | Branch (48:7): [True: 83, False: 82.4k] ------------------ 49| 83| return (1 << 9); 50| | 51| 86| case Handshake_Type::CertificateVerify: ------------------ | Branch (51:7): [True: 86, False: 82.4k] ------------------ 52| 86| return (1 << 10); 53| | 54| 5.23k| case Handshake_Type::ClientKeyExchange: ------------------ | Branch (54:7): [True: 5.23k, False: 77.3k] ------------------ 55| 5.23k| return (1 << 11); 56| | 57| 81| case Handshake_Type::NewSessionTicket: ------------------ | Branch (57:7): [True: 81, False: 82.4k] ------------------ 58| 81| return (1 << 12); 59| | 60| 34.1k| case Handshake_Type::HandshakeCCS: ------------------ | Branch (60:7): [True: 34.1k, False: 48.3k] ------------------ 61| 34.1k| return (1 << 13); 62| | 63| 501| case Handshake_Type::Finished: ------------------ | Branch (63:7): [True: 501, False: 82.0k] ------------------ 64| 501| return (1 << 14); 65| | 66| 80| case Handshake_Type::EndOfEarlyData: // RFC 8446 ------------------ | Branch (66:7): [True: 80, False: 82.4k] ------------------ 67| 80| return (1 << 15); 68| | 69| 81| case Handshake_Type::EncryptedExtensions: // RFC 8446 ------------------ | Branch (69:7): [True: 81, False: 82.4k] ------------------ 70| 81| return (1 << 16); 71| | 72| 80| case Handshake_Type::KeyUpdate: // RFC 8446 ------------------ | Branch (72:7): [True: 80, False: 82.4k] ------------------ 73| 80| return (1 << 17); 74| | 75| 0| case Handshake_Type::HelloRetryRequest: // RFC 8446 ------------------ | Branch (75:7): [True: 0, False: 82.5k] ------------------ 76| 0| return (1 << 18); 77| | 78| | // allow explicitly disabling new handshakes 79| 112| case Handshake_Type::None: ------------------ | Branch (79:7): [True: 112, False: 82.4k] ------------------ 80| 112| return 0; 81| 82.5k| } 82| | 83| 17| throw TLS_Exception(Alert::UnexpectedMessage, 84| 17| "Unknown TLS handshake message type " + std::to_string(static_cast(type))); 85| 82.5k|} tls_handshake_transitions.cpp:_ZN5Botan3TLS12_GLOBAL__N_124handshake_mask_to_stringEjc: 87| 80|std::string handshake_mask_to_string(uint32_t mask, char combiner) { 88| 80| const Handshake_Type types[] = {Handshake_Type::HelloVerifyRequest, 89| 80| Handshake_Type::HelloRequest, 90| 80| Handshake_Type::ClientHello, 91| 80| Handshake_Type::ServerHello, 92| 80| Handshake_Type::Certificate, 93| 80| Handshake_Type::CertificateUrl, 94| 80| Handshake_Type::CertificateStatus, 95| 80| Handshake_Type::ServerKeyExchange, 96| 80| Handshake_Type::CertificateRequest, 97| 80| Handshake_Type::ServerHelloDone, 98| 80| Handshake_Type::CertificateVerify, 99| 80| Handshake_Type::ClientKeyExchange, 100| 80| Handshake_Type::NewSessionTicket, 101| 80| Handshake_Type::HandshakeCCS, 102| 80| Handshake_Type::Finished, 103| 80| Handshake_Type::EndOfEarlyData, 104| 80| Handshake_Type::EncryptedExtensions, 105| 80| Handshake_Type::KeyUpdate}; 106| | 107| 80| std::ostringstream o; 108| 80| bool empty = true; 109| | 110| 1.44k| for(auto&& t : types) { ------------------ | Branch (110:17): [True: 1.44k, False: 80] ------------------ 111| 1.44k| if((mask & bitmask_for_handshake_type(t)) != 0) { ------------------ | Branch (111:10): [True: 93, False: 1.34k] ------------------ 112| 93| if(!empty) { ------------------ | Branch (112:13): [True: 13, False: 80] ------------------ 113| 13| o << combiner; 114| 13| } 115| 93| o << handshake_type_to_string(t); 116| 93| empty = false; 117| 93| } 118| 1.44k| } 119| | 120| 80| return o.str(); 121| 80|} _ZN5Botan3TLS24handshake_type_to_stringENS0_14Handshake_TypeE: 15| 158|const char* handshake_type_to_string(Handshake_Type type) { 16| 158| switch(type) { ------------------ | Branch (16:11): [True: 158, False: 0] ------------------ 17| 2| case Handshake_Type::HelloVerifyRequest: ------------------ | Branch (17:7): [True: 2, False: 156] ------------------ 18| 2| return "hello_verify_request"; 19| | 20| 33| case Handshake_Type::HelloRequest: ------------------ | Branch (20:7): [True: 33, False: 125] ------------------ 21| 33| return "hello_request"; 22| | 23| 70| case Handshake_Type::ClientHello: ------------------ | Branch (23:7): [True: 70, False: 88] ------------------ 24| 70| return "client_hello"; 25| | 26| 0| case Handshake_Type::ServerHello: ------------------ | Branch (26:7): [True: 0, False: 158] ------------------ 27| 0| return "server_hello"; 28| | 29| 0| case Handshake_Type::HelloRetryRequest: ------------------ | Branch (29:7): [True: 0, False: 158] ------------------ 30| 0| return "hello_retry_request"; 31| | 32| 3| case Handshake_Type::Certificate: ------------------ | Branch (32:7): [True: 3, False: 155] ------------------ 33| 3| return "certificate"; 34| | 35| 1| case Handshake_Type::CertificateUrl: ------------------ | Branch (35:7): [True: 1, False: 157] ------------------ 36| 1| return "certificate_url"; 37| | 38| 1| case Handshake_Type::CertificateStatus: ------------------ | Branch (38:7): [True: 1, False: 157] ------------------ 39| 1| return "certificate_status"; 40| | 41| 1| case Handshake_Type::ServerKeyExchange: ------------------ | Branch (41:7): [True: 1, False: 157] ------------------ 42| 1| return "server_key_exchange"; 43| | 44| 1| case Handshake_Type::CertificateRequest: ------------------ | Branch (44:7): [True: 1, False: 157] ------------------ 45| 1| return "certificate_request"; 46| | 47| 3| case Handshake_Type::ServerHelloDone: ------------------ | Branch (47:7): [True: 3, False: 155] ------------------ 48| 3| return "server_hello_done"; 49| | 50| 6| case Handshake_Type::CertificateVerify: ------------------ | Branch (50:7): [True: 6, False: 152] ------------------ 51| 6| return "certificate_verify"; 52| | 53| 13| case Handshake_Type::ClientKeyExchange: ------------------ | Branch (53:7): [True: 13, False: 145] ------------------ 54| 13| return "client_key_exchange"; 55| | 56| 1| case Handshake_Type::NewSessionTicket: ------------------ | Branch (56:7): [True: 1, False: 157] ------------------ 57| 1| return "new_session_ticket"; 58| | 59| 7| case Handshake_Type::HandshakeCCS: ------------------ | Branch (59:7): [True: 7, False: 151] ------------------ 60| 7| return "change_cipher_spec"; 61| | 62| 13| case Handshake_Type::Finished: ------------------ | Branch (62:7): [True: 13, False: 145] ------------------ 63| 13| return "finished"; 64| | 65| 0| case Handshake_Type::EndOfEarlyData: ------------------ | Branch (65:7): [True: 0, False: 158] ------------------ 66| 0| return "end_of_early_data"; 67| | 68| 3| case Handshake_Type::EncryptedExtensions: ------------------ | Branch (68:7): [True: 3, False: 155] ------------------ 69| 3| return "encrypted_extensions"; 70| | 71| 0| case Handshake_Type::KeyUpdate: ------------------ | Branch (71:7): [True: 0, False: 158] ------------------ 72| 0| return "key_update"; 73| | 74| 0| case Handshake_Type::None: ------------------ | Branch (74:7): [True: 0, False: 158] ------------------ 75| 0| return "invalid"; 76| 158| } 77| | 78| 0| throw TLS_Exception(Alert::UnexpectedMessage, 79| 0| "Unknown TLS handshake message type " + std::to_string(static_cast(type))); 80| 158|} _ZNK5Botan3TLS6Policy22allow_ssl_key_log_fileEv: 25| 1.35k|bool Policy::allow_ssl_key_log_file() const { 26| 1.35k| return false; 27| 1.35k|} _ZNK5Botan3TLS6Policy25allowed_signature_schemesEv: 29| 5.95k|std::vector Policy::allowed_signature_schemes() const { 30| 5.95k| std::vector schemes; 31| | 32| 53.5k| for(const Signature_Scheme scheme : Signature_Scheme::all_available_schemes()) { ------------------ | Branch (32:38): [True: 53.5k, False: 5.95k] ------------------ 33| 53.5k| const bool sig_allowed = allowed_signature_method(scheme.algorithm_name()); 34| 53.5k| const bool hash_allowed = allowed_signature_hash(scheme.hash_function_name()); 35| | 36| 53.5k| if(sig_allowed && hash_allowed) { ------------------ | Branch (36:10): [True: 53.5k, False: 0] | Branch (36:25): [True: 53.5k, False: 0] ------------------ 37| 53.5k| schemes.push_back(scheme); 38| 53.5k| } 39| 53.5k| } 40| | 41| 5.95k| return schemes; 42| 5.95k|} _ZNK5Botan3TLS6Policy28acceptable_signature_schemesEv: 44| 2.88k|std::vector Policy::acceptable_signature_schemes() const { 45| 2.88k| return this->allowed_signature_schemes(); 46| 2.88k|} _ZNK5Botan3TLS6Policy24allowed_signature_hashesEv: 73| 56.9k|std::vector Policy::allowed_signature_hashes() const { 74| 56.9k| return { 75| 56.9k| "SHA-512", 76| 56.9k| "SHA-384", 77| 56.9k| "SHA-256", 78| 56.9k| }; 79| 56.9k|} _ZNK5Botan3TLS6Policy25allowed_signature_methodsEv: 105| 53.5k|std::vector Policy::allowed_signature_methods() const { 106| 53.5k| return { 107| 53.5k| "ECDSA", "RSA", 108| | //"IMPLICIT", 109| 53.5k| }; 110| 53.5k|} _ZNK5Botan3TLS6Policy24allowed_signature_methodENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 112| 53.5k|bool Policy::allowed_signature_method(std::string_view sig_method) const { 113| 53.5k| return value_exists(allowed_signature_methods(), sig_method); 114| 53.5k|} _ZNK5Botan3TLS6Policy22allowed_signature_hashENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 116| 56.9k|bool Policy::allowed_signature_hash(std::string_view sig_hash) const { 117| 56.9k| return value_exists(allowed_signature_hashes(), sig_hash); 118| 56.9k|} _ZNK5Botan3TLS6Policy25use_ecc_point_compressionEv: 120| 40|bool Policy::use_ecc_point_compression() const { 121| 40| return false; 122| 40|} _ZNK5Botan3TLS6Policy25choose_key_exchange_groupERKNSt3__16vectorINS0_12Group_ParamsENS2_9allocatorIS4_EEEES9_: 125| 8.92k| const std::vector& offered_by_peer) const { 126| 8.92k| if(supported_by_peer.empty()) { ------------------ | Branch (126:7): [True: 2.97k, False: 5.95k] ------------------ 127| 2.97k| return Group_Params::NONE; 128| 2.97k| } 129| | 130| 5.95k| const auto our_groups = key_exchange_groups(); 131| | 132| | // First check if the peer sent a PQ share of a group we also support 133| 5.95k| for(auto share : offered_by_peer) { ------------------ | Branch (133:19): [True: 0, False: 5.95k] ------------------ 134| 0| if(share.is_post_quantum() && value_exists(our_groups, share)) { ------------------ | Branch (134:10): [True: 0, False: 0] | Branch (134:37): [True: 0, False: 0] ------------------ 135| 0| return share; 136| 0| } 137| 0| } 138| | 139| | // Then check if the peer offered a PQ algo we also support 140| 6.20k| for(auto share : supported_by_peer) { ------------------ | Branch (140:19): [True: 6.20k, False: 5.95k] ------------------ 141| 6.20k| if(share.is_post_quantum() && value_exists(our_groups, share)) { ------------------ | Branch (141:10): [True: 0, False: 6.20k] | Branch (141:37): [True: 0, False: 0] ------------------ 142| 0| return share; 143| 0| } 144| 6.20k| } 145| | 146| | // Prefer groups that were offered by the peer for the sake of saving 147| | // an additional round trip. For TLS 1.2, this won't be used. 148| 5.95k| for(auto g : offered_by_peer) { ------------------ | Branch (148:15): [True: 0, False: 5.95k] ------------------ 149| 0| if(value_exists(our_groups, g)) { ------------------ | Branch (149:10): [True: 0, False: 0] ------------------ 150| 0| return g; 151| 0| } 152| 0| } 153| | 154| | // If no pre-offered groups fit our supported set, we prioritize our 155| | // own preference. 156| 47.6k| for(auto g : our_groups) { ------------------ | Branch (156:15): [True: 47.6k, False: 258] ------------------ 157| 47.6k| if(value_exists(supported_by_peer, g)) { ------------------ | Branch (157:10): [True: 5.69k, False: 41.9k] ------------------ 158| 5.69k| return g; 159| 5.69k| } 160| 47.6k| } 161| | 162| 258| return Group_Params::NONE; 163| 5.95k|} _ZNK5Botan3TLS6Policy19key_exchange_groupsEv: 178| 5.95k|std::vector Policy::key_exchange_groups() const { 179| 5.95k| return { 180| | // clang-format off 181| 5.95k|#if defined(BOTAN_HAS_X25519) 182| 5.95k| Group_Params::X25519, 183| 5.95k|#endif 184| | 185| 5.95k| Group_Params::SECP256R1, 186| | 187| 5.95k|#if defined(BOTAN_HAS_ML_KEM) && defined(BOTAN_HAS_TLS_13_PQC) 188| | 189| 5.95k|#if defined(BOTAN_HAS_X25519) 190| 5.95k| Group_Params_Code::HYBRID_X25519_ML_KEM_768, 191| 5.95k|#endif 192| | 193| 5.95k| Group_Params_Code::HYBRID_SECP256R1_ML_KEM_768, 194| 5.95k| Group_Params_Code::HYBRID_SECP384R1_ML_KEM_1024, 195| 5.95k|#endif 196| | 197| 5.95k|#if defined(BOTAN_HAS_X448) 198| 5.95k| Group_Params::X448, 199| 5.95k|#endif 200| | 201| 5.95k| Group_Params::SECP384R1, 202| 5.95k| Group_Params::SECP521R1, 203| | 204| 5.95k| Group_Params::BRAINPOOL256R1, 205| 5.95k| Group_Params::BRAINPOOL384R1, 206| 5.95k| Group_Params::BRAINPOOL512R1, 207| | 208| 5.95k| Group_Params::FFDHE_2048, 209| 5.95k| Group_Params::FFDHE_3072, 210| | 211| | // clang-format on 212| 5.95k| }; 213| 5.95k|} _ZNK5Botan3TLS6Policy23minimum_ecdh_group_sizeEv: 257| 1.69k|size_t Policy::minimum_ecdh_group_size() const { 258| | // x25519 is smallest curve currently supported for TLS key exchange 259| 1.69k| return 255; 260| 1.69k|} _ZNK5Botan3TLS6Policy25check_peer_key_acceptableERKNS_10Public_KeyE: 281| 1.69k|void Policy::check_peer_key_acceptable(const Public_Key& public_key) const { 282| 1.69k| const std::string algo_name = public_key.algo_name(); 283| | 284| 1.69k| const size_t keylength = public_key.key_length(); 285| 1.69k| size_t expected_keylength = 0; 286| | 287| 1.69k| if(algo_name == "RSA") { ------------------ | Branch (287:7): [True: 0, False: 1.69k] ------------------ 288| 0| expected_keylength = minimum_rsa_bits(); 289| 1.69k| } else if(algo_name == "DH") { ------------------ | Branch (289:14): [True: 0, False: 1.69k] ------------------ 290| 0| expected_keylength = minimum_dh_group_size(); 291| 1.69k| } else if(algo_name == "ECDH" || algo_name == "X25519" || algo_name == "X448") { ------------------ | Branch (291:14): [True: 1.69k, False: 4] | Branch (291:37): [True: 3, False: 1] | Branch (291:62): [True: 1, False: 0] ------------------ 292| 1.69k| expected_keylength = minimum_ecdh_group_size(); 293| 1.69k| } else if(algo_name == "ECDSA") { ------------------ | Branch (293:14): [True: 0, False: 0] ------------------ 294| 0| expected_keylength = minimum_ecdsa_group_size(); 295| 0| } 296| | // else some other algo, so leave expected_keylength as zero and the check is a no-op 297| | 298| 1.69k| if(keylength < expected_keylength) { ------------------ | Branch (298:7): [True: 0, False: 1.69k] ------------------ 299| 0| throw TLS_Exception(Alert::InsufficientSecurity, 300| 0| "Peer sent " + std::to_string(keylength) + " bit " + algo_name + 301| 0| " key" 302| 0| ", policy requires at least " + 303| 0| std::to_string(expected_keylength)); 304| 0| } 305| 1.69k|} _ZNK5Botan3TLS6Policy27acceptable_protocol_versionENS0_16Protocol_VersionE: 323| 6.45k|bool Policy::acceptable_protocol_version(Protocol_Version version) const { 324| 6.45k|#if defined(BOTAN_HAS_TLS_13) 325| 6.45k| if(version == Protocol_Version::TLS_V13 && allow_tls13()) { ------------------ | Branch (325:7): [True: 5.69k, False: 765] | Branch (325:7): [True: 5.69k, False: 765] | Branch (325:47): [True: 5.69k, False: 0] ------------------ 326| 5.69k| return true; 327| 5.69k| } 328| 765|#endif 329| | 330| 765|#if defined(BOTAN_HAS_TLS_12) 331| 765| if(version == Protocol_Version::TLS_V12 && allow_tls12()) { ------------------ | Branch (331:7): [True: 0, False: 765] | Branch (331:7): [True: 0, False: 765] | Branch (331:47): [True: 0, False: 0] ------------------ 332| 0| return true; 333| 0| } 334| | 335| 765| if(version == Protocol_Version::DTLS_V12 && allow_dtls12()) { ------------------ | Branch (335:7): [True: 765, False: 0] | Branch (335:7): [True: 765, False: 0] | Branch (335:48): [True: 765, False: 0] ------------------ 336| 765| return true; 337| 765| } 338| 0|#endif 339| | 340| 0| BOTAN_UNUSED(version); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 341| 0| return false; 342| 765|} _ZNK5Botan3TLS6Policy24latest_supported_versionEb: 344| 6.45k|Protocol_Version Policy::latest_supported_version(bool datagram) const { 345| 6.45k| if(datagram) { ------------------ | Branch (345:7): [True: 765, False: 5.69k] ------------------ 346| 765| if(acceptable_protocol_version(Protocol_Version::DTLS_V12)) { ------------------ | Branch (346:10): [True: 765, False: 0] ------------------ 347| 765| return Protocol_Version::DTLS_V12; 348| 765| } 349| 5.69k| } else { 350| 5.69k| if(acceptable_protocol_version(Protocol_Version::TLS_V13)) { ------------------ | Branch (350:10): [True: 5.69k, False: 0] ------------------ 351| 5.69k| return Protocol_Version::TLS_V13; 352| 5.69k| } 353| 0| if(acceptable_protocol_version(Protocol_Version::TLS_V12)) { ------------------ | Branch (353:10): [True: 0, False: 0] ------------------ 354| 0| return Protocol_Version::TLS_V12; 355| 0| } 356| 0| } 357| | 358| 0| throw Invalid_State("Policy forbids all available TLS version"); 359| 6.45k|} _ZNK5Botan3TLS6Policy28allow_insecure_renegotiationEv: 374| 12.5k|bool Policy::allow_insecure_renegotiation() const { 375| 12.5k| return false; 376| 12.5k|} _ZNK5Botan3TLS6Policy11allow_tls12Ev: 378| 14.6k|bool Policy::allow_tls12() const { 379| 14.6k|#if defined(BOTAN_HAS_TLS_12) 380| 14.6k| return true; 381| |#else 382| | return false; 383| |#endif 384| 14.6k|} _ZNK5Botan3TLS6Policy11allow_tls13Ev: 386| 8.58k|bool Policy::allow_tls13() const { 387| 8.58k|#if defined(BOTAN_HAS_TLS_13) 388| 8.58k| return true; 389| |#else 390| | return false; 391| |#endif 392| 8.58k|} _ZNK5Botan3TLS6Policy12allow_dtls12Ev: 394| 9.95k|bool Policy::allow_dtls12() const { 395| 9.95k|#if defined(BOTAN_HAS_TLS_12) 396| 9.95k| return true; 397| |#else 398| | return false; 399| |#endif 400| 9.95k|} _ZNK5Botan3TLS6Policy28include_time_in_hello_randomEv: 402| 5.78k|bool Policy::include_time_in_hello_random() const { 403| 5.78k| return true; 404| 5.78k|} _ZNK5Botan3TLS6Policy18hide_unknown_usersEv: 406| 30|bool Policy::hide_unknown_users() const { 407| 30| return false; 408| 30|} _ZNK5Botan3TLS6Policy39server_uses_own_ciphersuite_preferencesEv: 410| 3.06k|bool Policy::server_uses_own_ciphersuite_preferences() const { 411| 3.06k| return true; 412| 3.06k|} _ZNK5Botan3TLS6Policy26negotiate_encrypt_then_macEv: 414| 55|bool Policy::negotiate_encrypt_then_mac() const { 415| 55| return true; 416| 55|} _ZNK5Botan3TLS6Policy30require_extended_master_secretEv: 418| 3.17k|bool Policy::require_extended_master_secret() const { 419| 3.17k| return true; 420| 3.17k|} _ZNK5Botan3TLS6Policy27support_cert_status_messageEv: 426| 74|bool Policy::support_cert_status_message() const { 427| 74| return true; 428| 74|} _ZNK5Botan3TLS6Policy17hash_hello_randomEv: 438| 5.78k|bool Policy::hash_hello_random() const { 439| 5.78k| return true; 440| 5.78k|} _ZNK5Botan3TLS6Policy41require_client_certificate_authenticationEv: 446| 2.88k|bool Policy::require_client_certificate_authentication() const { 447| 2.88k| return false; 448| 2.88k|} _ZNK5Botan3TLS6Policy41request_client_certificate_authenticationEv: 450| 2.88k|bool Policy::request_client_certificate_authentication() const { 451| 2.88k| return require_client_certificate_authentication(); 452| 2.88k|} _ZNK5Botan3TLS6Policy25allow_dtls_epoch0_restartEv: 466| 765|bool Policy::allow_dtls_epoch0_restart() const { 467| 765| return false; 468| 765|} _ZNK5Botan3TLS6Policy30maximum_handshake_message_sizeEv: 470| 42.6k|size_t Policy::maximum_handshake_message_size() const { 471| 42.6k| return 65536; 472| 42.6k|} _ZNK5Botan3TLS6Policy30maximum_certificate_chain_sizeEv: 474| 311|size_t Policy::maximum_certificate_chain_size() const { 475| 311| return 65536; 476| 311|} _ZNK5Botan3TLS6Policy20dtls_initial_timeoutEv: 487| 569|size_t Policy::dtls_initial_timeout() const { 488| 569| return 1 * 1000; 489| 569|} _ZNK5Botan3TLS6Policy20dtls_maximum_timeoutEv: 491| 569|size_t Policy::dtls_maximum_timeout() const { 492| 569| return 60 * 1000; 493| 569|} _ZNK5Botan3TLS6Policy16dtls_default_mtuEv: 495| 569|size_t Policy::dtls_default_mtu() const { 496| | // default MTU is IPv6 min MTU minus UDP/IP headers 497| 569| return 1280 - 40 - 8; 498| 569|} _ZNK5Botan3TLS15TLS_Data_Reader15assert_at_leastEm: 14| 577k|void TLS_Data_Reader::assert_at_least(size_t n) const { 15| 577k| const size_t left = remaining_bytes(); 16| 577k| if(left < n) { ------------------ | Branch (16:7): [True: 316, False: 577k] ------------------ 17| 316| throw_decode_error(fmt("Expected {} bytes remaining, only {} left", n, left)); 18| 316| } 19| 577k|} _ZNK5Botan3TLS15TLS_Data_Reader18throw_decode_errorENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 21| 764|void TLS_Data_Reader::throw_decode_error(std::string_view why) const { 22| 764| throw Decoding_Error(fmt("Invalid {}: {}", m_typename, why)); 23| 764|} _ZN5Botan3TLS6ServerC2ERKNSt3__110shared_ptrINS0_9CallbacksEEERKNS3_INS0_15Session_ManagerEEERKNS3_INS_19Credentials_ManagerEEERKNS3_IKNS0_6PolicyEEERKNS3_INS_21RandomNumberGeneratorEEEbm: 36| 6.45k| size_t io_buf_sz) { 37| 6.45k| const auto max_version = policy->latest_supported_version(is_datagram); 38| | 39| 6.45k|#if defined(BOTAN_HAS_TLS_13) 40| 6.45k| if(!max_version.is_pre_tls_13()) { ------------------ | Branch (40:7): [True: 5.69k, False: 765] ------------------ 41| 5.69k| m_impl = std::make_unique(callbacks, session_manager, creds, policy, rng); 42| | 43| 5.69k| if(m_impl->expects_downgrade()) { ------------------ | Branch (43:10): [True: 5.69k, False: 0] ------------------ 44| 5.69k| m_impl->set_io_buffer_size(io_buf_sz); 45| 5.69k| } 46| | 47| 5.69k| return; 48| 5.69k| } 49| 765|#endif 50| | 51| 765|#if defined(BOTAN_HAS_TLS_12) 52| 765| if(max_version.is_pre_tls_13()) { ------------------ | Branch (52:7): [True: 765, False: 0] ------------------ 53| 765| m_impl = std::make_unique(callbacks, session_manager, creds, policy, rng, is_datagram, io_buf_sz); 54| 765| return; 55| 765| } 56| 0|#endif 57| | 58| 0| BOTAN_UNUSED(max_version, callbacks, session_manager, creds, policy, rng, is_datagram, io_buf_sz); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 59| 0| throw Not_Implemented("Requested TLS server version is not available in this build"); 60| 765|} _ZN5Botan3TLS6ServerD2Ev: 62| 6.45k|Server::~Server() = default; _ZN5Botan3TLS6Server9from_peerENSt3__14spanIKhLm18446744073709551615EEE: 64| 6.45k|size_t Server::from_peer(std::span data) { 65| 6.45k| auto read = m_impl->from_peer(data); 66| | 67| 6.45k|#if defined(BOTAN_HAS_TLS_12) 68| | // If TLS 1.2 is not available, we will never downgrade, the downgrade info 69| | // won't even be created and `is_downgrading()` would always return false. 70| 6.45k| if(m_impl->is_downgrading()) { ------------------ | Branch (70:7): [True: 3.67k, False: 2.78k] ------------------ 71| 3.67k| auto info = m_impl->extract_downgrade_info(); 72| 3.67k| m_impl = std::make_unique(*info); 73| | 74| | // replay peer data received so far 75| 3.67k| read = m_impl->from_peer(info->peer_transcript); 76| 3.67k| } 77| 6.45k|#endif 78| | 79| 6.45k| return read; 80| 6.45k|} _ZNK5Botan3TLS14Session_Handle20validate_constraintsEv: 34| 106|void Session_Handle::validate_constraints() const { 35| 106| std::visit(overloaded{ 36| 106| [](const Session_ID& id) { 37| | // RFC 5246 7.4.1.2 38| | // opaque SessionID<0..32>; 39| 106| BOTAN_ARG_CHECK(!id.empty(), "Session ID must not be empty"); 40| 106| BOTAN_ARG_CHECK(id.size() <= 32, "Session ID cannot be longer than 32 bytes"); 41| 106| }, 42| 106| [](const Session_Ticket& ticket) { 43| 106| BOTAN_ARG_CHECK(!ticket.empty(), "Ticket most not be empty"); 44| 106| BOTAN_ARG_CHECK(ticket.size() <= std::numeric_limits::max(), 45| 106| "Ticket cannot be longer than 64kB"); 46| 106| }, 47| 106| [](const Opaque_Session_Handle& handle) { 48| | // RFC 8446 4.6.1 49| | // opaque ticket<1..2^16-1>; 50| 106| BOTAN_ARG_CHECK(!handle.empty(), "Opaque session handle must not be empty"); 51| 106| BOTAN_ARG_CHECK(handle.size() <= std::numeric_limits::max(), 52| 106| "Opaque session handle cannot be longer than 64kB"); 53| 106| }, 54| 106| }, 55| 106| m_handle); 56| 106|} _ZN5Botan3TLS12Session_BaseD2Ev: 94| 208|Session_Base::~Session_Base() = default; _ZN5Botan3TLS12Session_BaseC2ERKS1_: 96| 104|Session_Base::Session_Base(const Session_Base& other) = default; _ZN5Botan3TLS12Session_BaseC2ENSt3__16chrono10time_pointINS3_12system_clockENS3_8durationIxNS2_5ratioILl1ELl1000000EEEEEEENS0_16Protocol_VersionEtNS0_15Connection_SideEtbbRKNS2_6vectorINS_16X509_CertificateENS2_9allocatorISE_EEEENS2_10shared_ptrIKNS_10Public_KeyEEENS0_18Server_InformationE: 112| 104| m_start_time(start_time), 113| 104| m_version(version), 114| 104| m_ciphersuite(ciphersuite), 115| 104| m_connection_side(connection_side), 116| 104| m_srtp_profile(srtp_profile), 117| 104| m_extended_master_secret(extended_master_secret), 118| 104| m_encrypt_then_mac(encrypt_then_mac), 119| 104| m_peer_certs(peer_certs), 120| 104| m_peer_raw_public_key(std::move(peer_raw_public_key)), 121| 104| m_server_info(std::move(server_info)) {} _ZNK5Botan3TLS12Session_Base11ciphersuiteEv: 123| 104|Ciphersuite Session_Base::ciphersuite() const { 124| 104| auto suite = Ciphersuite::by_id(m_ciphersuite); 125| 104| if(!suite.has_value()) { ------------------ | Branch (125:7): [True: 0, False: 104] ------------------ 126| 0| throw Decoding_Error("Failed to find cipher suite for ID " + std::to_string(m_ciphersuite)); 127| 0| } 128| 104| return suite.value(); 129| 104|} _ZN5Botan3TLS15Session_SummaryC2ERKNS0_12Session_BaseEbNSt3__18optionalINS5_12basic_stringIcNS5_11char_traitsIcEENS5_9allocatorIcEEEEEE: 134| 104| Session_Base(base), m_external_psk_identity(std::move(psk_identity)), m_was_resumption(was_resumption) { 135| 104| BOTAN_ARG_CHECK(version().is_pre_tls_13(), "Instantiated a TLS 1.2 session summary with an newer TLS version"); ------------------ | | 35| 104| do { \ | | 36| 104| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 104| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 104] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 104| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 104] | | ------------------ ------------------ 136| | 137| 104| const auto cs = ciphersuite(); 138| 104| m_kex_algo = cs.kex_algo(); 139| 104|} _ZN5Botan3TLS7SessionC2ERKNSt3__16vectorIhNS_16secure_allocatorIhEEEENS0_16Protocol_VersionEtNS0_15Connection_SideEbbRKNS3_INS_16X509_CertificateENS2_9allocatorISB_EEEERKNS0_18Server_InformationEtNS2_6chrono10time_pointINSK_12system_clockENSK_8durationIxNS2_5ratioILl1ELl1000000EEEEEEENSN_IxNSO_ILl1ELl1EEEEE: 250| 104| Session_Base(current_timestamp, 251| 104| version, 252| 104| ciphersuite, 253| 104| side, 254| 104| srtp_profile, 255| 104| extended_master_secret, 256| 104| encrypt_then_mac, 257| 104| certs, 258| 104| nullptr, // RFC 7250 (raw public keys) is NYI for TLS 1.2 259| 104| server_info), 260| 104| m_master_secret(master_secret), 261| 104| m_early_data_allowed(false), 262| 104| m_max_early_data_bytes(0), 263| 104| m_ticket_age_add(0), 264| 104| m_lifetime_hint(lifetime_hint) { 265| 104| BOTAN_ARG_CHECK(version.is_pre_tls_13(), "Instantiated a TLS 1.2 session object with a TLS version newer than 1.2"); ------------------ | | 35| 104| do { \ | | 36| 104| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 104| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 104] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 104| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 104] | | ------------------ ------------------ 266| 104|} tls_session.cpp:_ZZNK5Botan3TLS14Session_Handle20validate_constraintsEvENK3$_0clERKNS_6StrongINSt3__16vectorIhNS4_9allocatorIhEEEENS0_11Session_ID_EJEEE: 36| 86| [](const Session_ID& id) { 37| | // RFC 5246 7.4.1.2 38| | // opaque SessionID<0..32>; 39| 86| BOTAN_ARG_CHECK(!id.empty(), "Session ID must not be empty"); ------------------ | | 35| 86| do { \ | | 36| 86| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 86| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 86] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 86| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 86] | | ------------------ ------------------ 40| 86| BOTAN_ARG_CHECK(id.size() <= 32, "Session ID cannot be longer than 32 bytes"); ------------------ | | 35| 86| do { \ | | 36| 86| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 86| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 86] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 86| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 86] | | ------------------ ------------------ 41| 86| }, tls_session.cpp:_ZZNK5Botan3TLS14Session_Handle20validate_constraintsEvENK3$_1clERKNS_6StrongINSt3__16vectorIhNS4_9allocatorIhEEEENS0_15Session_Ticket_EJEEE: 42| 20| [](const Session_Ticket& ticket) { 43| 20| BOTAN_ARG_CHECK(!ticket.empty(), "Ticket most not be empty"); ------------------ | | 35| 20| do { \ | | 36| 20| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 20| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 20] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 20| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 20] | | ------------------ ------------------ 44| 20| BOTAN_ARG_CHECK(ticket.size() <= std::numeric_limits::max(), ------------------ | | 35| 20| do { \ | | 36| 20| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 20| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 20] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 20| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 20] | | ------------------ ------------------ 45| 20| "Ticket cannot be longer than 64kB"); 46| 20| }, _ZN5Botan3TLS15Session_ManagerC2ERKNSt3__110shared_ptrINS_21RandomNumberGeneratorEEE: 24| 6.45k|Session_Manager::Session_Manager(const std::shared_ptr& rng) : m_rng(rng) { 25| 6.45k| BOTAN_ASSERT_NONNULL(m_rng); ------------------ | | 116| 6.45k| do { \ | | 117| 6.45k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 6.45k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 6.45k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 6.45k] | | ------------------ ------------------ 26| 6.45k|} _ZN5Botan3TLS15Session_Manager8retrieveERKNS0_14Session_HandleERNS0_9CallbacksERKNS0_6PolicyE: 45| 21| const Policy& policy) { 46| | // Retrieving a session for a given handle does not require locking on this 47| | // level. Concurrent threads might handle the removal of an expired ticket 48| | // more than once, but removing an already removed ticket is a harmless NOOP. 49| | 50| 21| auto session = retrieve_one(handle); 51| 21| if(!session.has_value()) { ------------------ | Branch (51:7): [True: 21, False: 0] ------------------ 52| 21| return std::nullopt; 53| 21| } 54| | 55| | // A value of '0' means: No policy restrictions. 56| 0| const std::chrono::seconds policy_lifetime = 57| 0| (policy.session_ticket_lifetime().count() > 0) ? policy.session_ticket_lifetime() : std::chrono::seconds::max(); ------------------ | Branch (57:7): [True: 0, False: 0] ------------------ 58| | 59| | // RFC 5077 3.3 -- "Old Session Tickets" 60| | // A server MAY treat a ticket as valid for a shorter or longer period of 61| | // time than what is stated in the ticket_lifetime_hint. 62| | // 63| | // RFC 5246 F.1.4 -- TLS 1.2 64| | // If either party suspects that the session may have been compromised, or 65| | // that certificates may have expired or been revoked, it should force a 66| | // full handshake. An upper limit of 24 hours is suggested for session ID 67| | // lifetimes. 68| | // 69| | // RFC 8446 4.6.1 -- TLS 1.3 70| | // A server MAY treat a ticket as valid for a shorter period of time than 71| | // what is stated in the ticket_lifetime. 72| | // 73| | // Note: This disregards what is stored in the session (e.g. "lifetime_hint") 74| | // and only takes the local policy into account. The lifetime stored in 75| | // the sessions was taken from the same policy anyways and changes by 76| | // the application should have an immediate effect. 77| 0| const auto ticket_age = 78| 0| std::chrono::duration_cast(callbacks.tls_current_timestamp() - session->start_time()); 79| 0| const bool expired = ticket_age > policy_lifetime; 80| | 81| 0| if(expired) { ------------------ | Branch (81:7): [True: 0, False: 0] ------------------ 82| 0| remove(handle); 83| 0| return std::nullopt; 84| 0| } else { 85| 0| return session; 86| 0| } 87| 0|} _ZN5Botan3TLS20Session_Manager_NoopC2Ev: 16| 6.45k|Session_Manager_Noop::Session_Manager_Noop() : Session_Manager(std::make_shared()) {} _ZN5Botan3TLS20Session_Manager_Noop9establishERKNS0_7SessionERKNSt3__18optionalINS_6StrongINS5_6vectorIhNS5_9allocatorIhEEEENS0_11Session_ID_EJEEEEEb: 20| 104| bool /*tls12_no_ticket*/) { 21| 104| return {}; 22| 104|} _ZN5Botan3TLS20Session_Manager_Noop12retrieve_oneERKNS0_14Session_HandleE: 24| 21|std::optional Session_Manager_Noop::retrieve_one(const Session_Handle& /*handle*/) { 25| 21| return {}; 26| 21|} _ZN5Botan3TLS16Signature_Scheme21all_available_schemesEv: 17| 22.6k|const std::vector& Signature_Scheme::all_available_schemes() { 18| | /* 19| | * This is ordered in some approximate order of preference 20| | */ 21| 22.6k| static const std::vector all_schemes = { 22| | 23| | // EdDSA 25519 is currently not supported as a signature scheme for certificates 24| | // certificate authentication. 25| | // See: https://github.com/randombit/botan/pull/2958#discussion_r851294715 26| | // 27| | // #if defined(BOTAN_HAS_ED25519) 28| | // EDDSA_25519, 29| | // #endif 30| | 31| 22.6k| RSA_PSS_SHA384, 32| 22.6k| RSA_PSS_SHA256, 33| 22.6k| RSA_PSS_SHA512, 34| | 35| 22.6k| RSA_PKCS1_SHA384, 36| 22.6k| RSA_PKCS1_SHA512, 37| 22.6k| RSA_PKCS1_SHA256, 38| | 39| 22.6k| ECDSA_SHA384, 40| 22.6k| ECDSA_SHA512, 41| 22.6k| ECDSA_SHA256, 42| 22.6k| }; 43| | 44| 22.6k| return all_schemes; 45| 22.6k|} _ZN5Botan3TLS16Signature_SchemeC2Ev: 47| 2.93k|Signature_Scheme::Signature_Scheme() : m_code(NONE) {} _ZN5Botan3TLS16Signature_SchemeC2Et: 49| 34.0k|Signature_Scheme::Signature_Scheme(uint16_t wire_code) : Signature_Scheme(Signature_Scheme::Code(wire_code)) {} _ZN5Botan3TLS16Signature_SchemeC2ENS1_4CodeE: 51| 34.0k|Signature_Scheme::Signature_Scheme(Signature_Scheme::Code wire_code) : m_code(wire_code) {} _ZNK5Botan3TLS16Signature_Scheme12is_availableEv: 53| 16.7k|bool Signature_Scheme::is_available() const noexcept { 54| 16.7k| return value_exists(Signature_Scheme::all_available_schemes(), *this); 55| 16.7k|} _ZNK5Botan3TLS16Signature_Scheme6is_setEv: 57| 32|bool Signature_Scheme::is_set() const noexcept { 58| 32| return m_code != NONE; 59| 32|} _ZNK5Botan3TLS16Signature_Scheme18hash_function_nameEv: 98| 56.9k|std::string Signature_Scheme::hash_function_name() const noexcept { 99| 56.9k| switch(m_code) { 100| 0| case RSA_PKCS1_SHA1: ------------------ | Branch (100:7): [True: 0, False: 56.9k] ------------------ 101| 0| case ECDSA_SHA1: ------------------ | Branch (101:7): [True: 0, False: 56.9k] ------------------ 102| 0| return "SHA-1"; 103| | 104| 5.97k| case ECDSA_SHA256: ------------------ | Branch (104:7): [True: 5.97k, False: 50.9k] ------------------ 105| 11.9k| case RSA_PKCS1_SHA256: ------------------ | Branch (105:7): [True: 5.99k, False: 50.9k] ------------------ 106| 19.2k| case RSA_PSS_SHA256: ------------------ | Branch (106:7): [True: 7.28k, False: 49.6k] ------------------ 107| 19.2k| return "SHA-256"; 108| | 109| 5.98k| case ECDSA_SHA384: ------------------ | Branch (109:7): [True: 5.98k, False: 50.9k] ------------------ 110| 12.0k| case RSA_PKCS1_SHA384: ------------------ | Branch (110:7): [True: 6.05k, False: 50.8k] ------------------ 111| 19.7k| case RSA_PSS_SHA384: ------------------ | Branch (111:7): [True: 7.70k, False: 49.2k] ------------------ 112| 19.7k| return "SHA-384"; 113| | 114| 5.97k| case ECDSA_SHA512: ------------------ | Branch (114:7): [True: 5.97k, False: 50.9k] ------------------ 115| 11.9k| case RSA_PKCS1_SHA512: ------------------ | Branch (115:7): [True: 5.97k, False: 50.9k] ------------------ 116| 17.9k| case RSA_PSS_SHA512: ------------------ | Branch (116:7): [True: 5.98k, False: 50.9k] ------------------ 117| 17.9k| return "SHA-512"; 118| | 119| 0| case EDDSA_25519: ------------------ | Branch (119:7): [True: 0, False: 56.9k] ------------------ 120| 0| case EDDSA_448: ------------------ | Branch (120:7): [True: 0, False: 56.9k] ------------------ 121| 0| return "Pure"; 122| | 123| 0| default: ------------------ | Branch (123:7): [True: 0, False: 56.9k] ------------------ 124| 0| return "Unknown hash function"; 125| 56.9k| } 126| 56.9k|} _ZNK5Botan3TLS16Signature_Scheme14algorithm_nameEv: 164| 56.9k|std::string Signature_Scheme::algorithm_name() const noexcept { 165| 56.9k| switch(m_code) { 166| 0| case RSA_PKCS1_SHA1: ------------------ | Branch (166:7): [True: 0, False: 56.9k] ------------------ 167| 5.99k| case RSA_PKCS1_SHA256: ------------------ | Branch (167:7): [True: 5.99k, False: 50.9k] ------------------ 168| 12.0k| case RSA_PKCS1_SHA384: ------------------ | Branch (168:7): [True: 6.05k, False: 50.8k] ------------------ 169| 18.0k| case RSA_PKCS1_SHA512: ------------------ | Branch (169:7): [True: 5.97k, False: 50.9k] ------------------ 170| 25.3k| case RSA_PSS_SHA256: ------------------ | Branch (170:7): [True: 7.27k, False: 49.6k] ------------------ 171| 33.0k| case RSA_PSS_SHA384: ------------------ | Branch (171:7): [True: 7.70k, False: 49.2k] ------------------ 172| 38.9k| case RSA_PSS_SHA512: ------------------ | Branch (172:7): [True: 5.98k, False: 50.9k] ------------------ 173| 38.9k| return "RSA"; 174| | 175| 0| case ECDSA_SHA1: ------------------ | Branch (175:7): [True: 0, False: 56.9k] ------------------ 176| 5.97k| case ECDSA_SHA256: ------------------ | Branch (176:7): [True: 5.97k, False: 50.9k] ------------------ 177| 11.9k| case ECDSA_SHA384: ------------------ | Branch (177:7): [True: 5.98k, False: 50.9k] ------------------ 178| 17.9k| case ECDSA_SHA512: ------------------ | Branch (178:7): [True: 5.97k, False: 50.9k] ------------------ 179| 17.9k| return "ECDSA"; 180| | 181| 0| case EDDSA_25519: ------------------ | Branch (181:7): [True: 0, False: 56.9k] ------------------ 182| 0| return "Ed25519"; 183| | 184| 0| case EDDSA_448: ------------------ | Branch (184:7): [True: 0, False: 56.9k] ------------------ 185| 0| return "Ed448"; 186| | 187| 0| default: ------------------ | Branch (187:7): [True: 0, False: 56.9k] ------------------ 188| 0| return "Unknown algorithm"; 189| 56.9k| } 190| 56.9k|} _ZNK5Botan3TLS16Signature_Scheme20algorithm_identifierEv: 230| 33.4k|AlgorithmIdentifier Signature_Scheme::algorithm_identifier() const noexcept { 231| 33.4k| switch(m_code) { 232| 186| case RSA_PKCS1_SHA1: ------------------ | Branch (232:7): [True: 186, False: 33.2k] ------------------ 233| 186| return AlgorithmIdentifier(OID::from_string("RSA/PKCS1v15(SHA-1)"), AlgorithmIdentifier::USE_NULL_PARAM); 234| 82| case RSA_PKCS1_SHA256: ------------------ | Branch (234:7): [True: 82, False: 33.3k] ------------------ 235| 82| return AlgorithmIdentifier(OID::from_string("RSA/PKCS1v15(SHA-256)"), AlgorithmIdentifier::USE_NULL_PARAM); 236| 206| case RSA_PKCS1_SHA384: ------------------ | Branch (236:7): [True: 206, False: 33.2k] ------------------ 237| 206| return AlgorithmIdentifier(OID::from_string("RSA/PKCS1v15(SHA-384)"), AlgorithmIdentifier::USE_NULL_PARAM); 238| 44| case RSA_PKCS1_SHA512: ------------------ | Branch (238:7): [True: 44, False: 33.4k] ------------------ 239| 44| return AlgorithmIdentifier(OID::from_string("RSA/PKCS1v15(SHA-512)"), AlgorithmIdentifier::USE_NULL_PARAM); 240| | 241| 32| case ECDSA_SHA1: ------------------ | Branch (241:7): [True: 32, False: 33.4k] ------------------ 242| 32| return AlgorithmIdentifier(OID::from_string("ECDSA/SHA-1"), AlgorithmIdentifier::USE_EMPTY_PARAM); 243| 46| case ECDSA_SHA256: ------------------ | Branch (243:7): [True: 46, False: 33.4k] ------------------ 244| 46| return AlgorithmIdentifier(OID::from_string("ECDSA/SHA-256"), AlgorithmIdentifier::USE_EMPTY_PARAM); 245| 56| case ECDSA_SHA384: ------------------ | Branch (245:7): [True: 56, False: 33.4k] ------------------ 246| 56| return AlgorithmIdentifier(OID::from_string("ECDSA/SHA-384"), AlgorithmIdentifier::USE_EMPTY_PARAM); 247| 44| case ECDSA_SHA512: ------------------ | Branch (247:7): [True: 44, False: 33.4k] ------------------ 248| 44| return AlgorithmIdentifier(OID::from_string("ECDSA/SHA-512"), AlgorithmIdentifier::USE_EMPTY_PARAM); 249| | 250| 2.65k| case RSA_PSS_SHA256: ------------------ | Branch (250:7): [True: 2.65k, False: 30.8k] ------------------ 251| 2.65k| return AlgorithmIdentifier(OID::from_string("RSA/PSS"), PSS_Params("SHA-256", 32).serialize()); 252| 3.50k| case RSA_PSS_SHA384: ------------------ | Branch (252:7): [True: 3.50k, False: 29.9k] ------------------ 253| 3.50k| return AlgorithmIdentifier(OID::from_string("RSA/PSS"), PSS_Params("SHA-384", 48).serialize()); 254| 62| case RSA_PSS_SHA512: ------------------ | Branch (254:7): [True: 62, False: 33.4k] ------------------ 255| 62| return AlgorithmIdentifier(OID::from_string("RSA/PSS"), PSS_Params("SHA-512", 64).serialize()); 256| | 257| 26.5k| default: ------------------ | Branch (257:7): [True: 26.5k, False: 6.91k] ------------------ 258| | // Note that Ed25519 and Ed448 end up here 259| 26.5k| return AlgorithmIdentifier(); 260| 33.4k| } 261| 33.4k|} _ZNK5Botan3TLS16Signature_Scheme18is_compatible_withERKNS0_16Protocol_VersionE: 287| 9|bool Signature_Scheme::is_compatible_with(const Protocol_Version& protocol_version) const noexcept { 288| | // RFC 8446 4.4.3: 289| | // The SHA-1 algorithm MUST NOT be used in any signatures of 290| | // CertificateVerify messages. 291| | // 292| | // Note that Botan enforces that for TLS 1.2 as well. 293| 9| if(hash_function_name() == "SHA-1") { ------------------ | Branch (293:7): [True: 0, False: 9] ------------------ 294| 0| return false; 295| 0| } 296| | 297| | // RFC 8446 4.4.3: 298| | // RSA signatures MUST use an RSASSA-PSS algorithm, regardless of whether 299| | // RSASSA-PKCS1-v1_5 algorithms appear in "signature_algorithms". 300| | // 301| | // Note that this is enforced for TLS 1.3 and above only. 302| 9| if(!protocol_version.is_pre_tls_13() && (m_code == RSA_PKCS1_SHA1 || m_code == RSA_PKCS1_SHA256 || ------------------ | Branch (302:7): [True: 9, False: 0] | Branch (302:45): [True: 0, False: 9] | Branch (302:73): [True: 1, False: 8] ------------------ 303| 8| m_code == RSA_PKCS1_SHA384 || m_code == RSA_PKCS1_SHA512)) { ------------------ | Branch (303:45): [True: 1, False: 7] | Branch (303:75): [True: 1, False: 6] ------------------ 304| 3| return false; 305| 3| } 306| | 307| 6| return true; 308| 9|} _ZN5Botan3TLS24to_algorithm_identifiersERKNSt3__16vectorINS0_16Signature_SchemeENS1_9allocatorIS3_EEEE: 336| 6.12k|std::vector to_algorithm_identifiers(const std::vector& schemes) { 337| 6.12k| std::vector result; 338| 6.12k| result.reserve(schemes.size()); 339| 33.4k| for(const auto& scheme : schemes) { ------------------ | Branch (339:27): [True: 33.4k, False: 6.12k] ------------------ 340| 33.4k| result.push_back(scheme.algorithm_identifier()); 341| 33.4k| } 342| 6.12k| return result; 343| 6.12k|} _ZN5Botan3TLS11Ciphersuite15is_known_usableEt: 338| 102|bool Ciphersuite::is_known_usable(uint16_t code) { 339| 102| static constexpr auto codes = available_ciphersuites(); 340| 102| return std::binary_search(codes.begin(), codes.end(), code); 341| 102|} _ZN5Botan3TLS11Ciphersuite22all_known_ciphersuitesEv: 344| 12.0k|const std::vector& Ciphersuite::all_known_ciphersuites() { 345| | // clang-format off 346| | 347| | // Note that this list of ciphersuites is ordered by id! 348| 12.0k| static const std::vector g_ciphersuite_list = { 349| 12.0k| Ciphersuite(0x000A, "RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 350| 12.0k| Ciphersuite(0x0016, "DHE_RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 351| 12.0k| Ciphersuite(0x002C, "PSK_WITH_NULL_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "NULL", 0, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::NULL_CIPHER), 352| 12.0k| Ciphersuite(0x002F, "RSA_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 353| 12.0k| Ciphersuite(0x0033, "DHE_RSA_WITH_AES_128_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 354| 12.0k| Ciphersuite(0x0035, "RSA_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 355| 12.0k| Ciphersuite(0x0039, "DHE_RSA_WITH_AES_256_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 356| 12.0k| Ciphersuite(0x003C, "RSA_WITH_AES_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), 357| 12.0k| Ciphersuite(0x003D, "RSA_WITH_AES_256_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256", 32, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), 358| 12.0k| Ciphersuite(0x0067, "DHE_RSA_WITH_AES_128_CBC_SHA256", Auth_Method::RSA, Kex_Algo::DH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), 359| 12.0k| Ciphersuite(0x006B, "DHE_RSA_WITH_AES_256_CBC_SHA256", Auth_Method::RSA, Kex_Algo::DH, "AES-256", 32, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), 360| 12.0k| Ciphersuite(0x008B, "PSK_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 361| 12.0k| Ciphersuite(0x008C, "PSK_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 362| 12.0k| Ciphersuite(0x008D, "PSK_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 363| 12.0k| Ciphersuite(0x009C, "RSA_WITH_AES_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 364| 12.0k| Ciphersuite(0x009D, "RSA_WITH_AES_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 365| 12.0k| Ciphersuite(0x009E, "DHE_RSA_WITH_AES_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::DH, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 366| 12.0k| Ciphersuite(0x009F, "DHE_RSA_WITH_AES_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::DH, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 367| 12.0k| Ciphersuite(0x00A8, "PSK_WITH_AES_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 368| 12.0k| Ciphersuite(0x00A9, "PSK_WITH_AES_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 369| 12.0k| Ciphersuite(0x00AE, "PSK_WITH_AES_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), 370| 12.0k| Ciphersuite(0x00AF, "PSK_WITH_AES_256_CBC_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), 371| 12.0k| Ciphersuite(0x00B0, "PSK_WITH_NULL_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "NULL", 0, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::NULL_CIPHER), 372| 12.0k| Ciphersuite(0x00B1, "PSK_WITH_NULL_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "NULL", 0, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::NULL_CIPHER), 373| 12.0k| Ciphersuite(0x1301, "AES_128_GCM_SHA256", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 374| 12.0k| Ciphersuite(0x1302, "AES_256_GCM_SHA384", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 375| 12.0k| Ciphersuite(0x1303, "CHACHA20_POLY1305_SHA256", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 376| 12.0k| Ciphersuite(0x1304, "AES_128_CCM_SHA256", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 377| 12.0k| Ciphersuite(0x1305, "AES_128_CCM_8_SHA256", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 378| 12.0k| Ciphersuite(0xC006, "ECDHE_ECDSA_WITH_NULL_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "NULL", 0, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::NULL_CIPHER), 379| 12.0k| Ciphersuite(0xC008, "ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 380| 12.0k| Ciphersuite(0xC009, "ECDHE_ECDSA_WITH_AES_128_CBC_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 381| 12.0k| Ciphersuite(0xC00A, "ECDHE_ECDSA_WITH_AES_256_CBC_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 382| 12.0k| Ciphersuite(0xC010, "ECDHE_RSA_WITH_NULL_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "NULL", 0, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::NULL_CIPHER), 383| 12.0k| Ciphersuite(0xC012, "ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 384| 12.0k| Ciphersuite(0xC013, "ECDHE_RSA_WITH_AES_128_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 385| 12.0k| Ciphersuite(0xC014, "ECDHE_RSA_WITH_AES_256_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 386| 12.0k| Ciphersuite(0xC023, "ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), 387| 12.0k| Ciphersuite(0xC024, "ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), 388| 12.0k| Ciphersuite(0xC027, "ECDHE_RSA_WITH_AES_128_CBC_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), 389| 12.0k| Ciphersuite(0xC028, "ECDHE_RSA_WITH_AES_256_CBC_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), 390| 12.0k| Ciphersuite(0xC02B, "ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 391| 12.0k| Ciphersuite(0xC02C, "ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 392| 12.0k| Ciphersuite(0xC02F, "ECDHE_RSA_WITH_AES_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 393| 12.0k| Ciphersuite(0xC030, "ECDHE_RSA_WITH_AES_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 394| 12.0k| Ciphersuite(0xC034, "ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 395| 12.0k| Ciphersuite(0xC035, "ECDHE_PSK_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 396| 12.0k| Ciphersuite(0xC036, "ECDHE_PSK_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 397| 12.0k| Ciphersuite(0xC037, "ECDHE_PSK_WITH_AES_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), 398| 12.0k| Ciphersuite(0xC038, "ECDHE_PSK_WITH_AES_256_CBC_SHA384", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), 399| 12.0k| Ciphersuite(0xC039, "ECDHE_PSK_WITH_NULL_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "NULL", 0, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::NULL_CIPHER), 400| 12.0k| Ciphersuite(0xC03A, "ECDHE_PSK_WITH_NULL_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "NULL", 0, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::NULL_CIPHER), 401| 12.0k| Ciphersuite(0xC03B, "ECDHE_PSK_WITH_NULL_SHA384", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "NULL", 0, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::NULL_CIPHER), 402| 12.0k| Ciphersuite(0xC050, "RSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 403| 12.0k| Ciphersuite(0xC051, "RSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 404| 12.0k| Ciphersuite(0xC052, "DHE_RSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::DH, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 405| 12.0k| Ciphersuite(0xC053, "DHE_RSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::DH, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 406| 12.0k| Ciphersuite(0xC05C, "ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 407| 12.0k| Ciphersuite(0xC05D, "ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 408| 12.0k| Ciphersuite(0xC060, "ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 409| 12.0k| Ciphersuite(0xC061, "ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 410| 12.0k| Ciphersuite(0xC06A, "PSK_WITH_ARIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 411| 12.0k| Ciphersuite(0xC06B, "PSK_WITH_ARIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 412| 12.0k| Ciphersuite(0xC07A, "RSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 413| 12.0k| Ciphersuite(0xC07B, "RSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 414| 12.0k| Ciphersuite(0xC07C, "DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::DH, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 415| 12.0k| Ciphersuite(0xC07D, "DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::DH, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 416| 12.0k| Ciphersuite(0xC086, "ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 417| 12.0k| Ciphersuite(0xC087, "ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 418| 12.0k| Ciphersuite(0xC08A, "ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 419| 12.0k| Ciphersuite(0xC08B, "ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 420| 12.0k| Ciphersuite(0xC08E, "PSK_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 421| 12.0k| Ciphersuite(0xC08F, "PSK_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 422| 12.0k| Ciphersuite(0xC09C, "RSA_WITH_AES_128_CCM", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 423| 12.0k| Ciphersuite(0xC09D, "RSA_WITH_AES_256_CCM", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 424| 12.0k| Ciphersuite(0xC09E, "DHE_RSA_WITH_AES_128_CCM", Auth_Method::RSA, Kex_Algo::DH, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 425| 12.0k| Ciphersuite(0xC09F, "DHE_RSA_WITH_AES_256_CCM", Auth_Method::RSA, Kex_Algo::DH, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 426| 12.0k| Ciphersuite(0xC0A0, "RSA_WITH_AES_128_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 427| 12.0k| Ciphersuite(0xC0A1, "RSA_WITH_AES_256_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 428| 12.0k| Ciphersuite(0xC0A2, "DHE_RSA_WITH_AES_128_CCM_8", Auth_Method::RSA, Kex_Algo::DH, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 429| 12.0k| Ciphersuite(0xC0A3, "DHE_RSA_WITH_AES_256_CCM_8", Auth_Method::RSA, Kex_Algo::DH, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 430| 12.0k| Ciphersuite(0xC0A4, "PSK_WITH_AES_128_CCM", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 431| 12.0k| Ciphersuite(0xC0A5, "PSK_WITH_AES_256_CCM", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 432| 12.0k| Ciphersuite(0xC0A8, "PSK_WITH_AES_128_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 433| 12.0k| Ciphersuite(0xC0A9, "PSK_WITH_AES_256_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 434| 12.0k| Ciphersuite(0xC0AC, "ECDHE_ECDSA_WITH_AES_128_CCM", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 435| 12.0k| Ciphersuite(0xC0AD, "ECDHE_ECDSA_WITH_AES_256_CCM", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 436| 12.0k| Ciphersuite(0xC0AE, "ECDHE_ECDSA_WITH_AES_128_CCM_8", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 437| 12.0k| Ciphersuite(0xC0AF, "ECDHE_ECDSA_WITH_AES_256_CCM_8", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 438| 12.0k| Ciphersuite(0xCCA8, "ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 439| 12.0k| Ciphersuite(0xCCA9, "ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 440| 12.0k| Ciphersuite(0xCCAA, "DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::RSA, Kex_Algo::DH, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 441| 12.0k| Ciphersuite(0xCCAB, "PSK_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 442| 12.0k| Ciphersuite(0xCCAC, "ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 443| 12.0k| Ciphersuite(0xD001, "ECDHE_PSK_WITH_AES_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 444| 12.0k| Ciphersuite(0xD002, "ECDHE_PSK_WITH_AES_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 445| 12.0k| Ciphersuite(0xD003, "ECDHE_PSK_WITH_AES_128_CCM_8_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 446| 12.0k| Ciphersuite(0xD005, "ECDHE_PSK_WITH_AES_128_CCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 447| 12.0k| Ciphersuite(0xFFC3, "ECDHE_RSA_WITH_AES_256_OCB_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 448| 12.0k| Ciphersuite(0xFFC5, "ECDHE_ECDSA_WITH_AES_256_OCB_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 449| 12.0k| Ciphersuite(0xFFC7, "PSK_WITH_AES_256_OCB_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 450| 12.0k| Ciphersuite(0xFFCB, "ECDHE_PSK_WITH_AES_256_OCB_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 451| 12.0k| }; 452| | 453| | // clang-format on 454| | 455| 12.0k| return g_ciphersuite_list; 456| 12.0k|} _ZNK5Botan3TLS16Protocol_Version9to_stringEv: 34| 71|std::string Protocol_Version::to_string() const { 35| 71| const uint8_t maj = major_version(); 36| 71| const uint8_t min = minor_version(); 37| | 38| 71| if(maj == 3 && min == 0) { ------------------ | Branch (38:7): [True: 11, False: 60] | Branch (38:19): [True: 1, False: 10] ------------------ 39| 1| return "SSL v3"; 40| 1| } 41| | 42| 70| if(maj == 3 && min >= 1) { // TLS v1.x ------------------ | Branch (42:7): [True: 10, False: 60] | Branch (42:19): [True: 10, False: 0] ------------------ 43| 10| return "TLS v1." + std::to_string(min - 1); 44| 10| } 45| | 46| 60| if(maj == 254) { // DTLS 1.x ------------------ | Branch (46:7): [True: 11, False: 49] ------------------ 47| 11| return "DTLS v1." + std::to_string(255 - min); 48| 11| } 49| | 50| | // Some very new or very old protocol (or bogus data) 51| 49| return "Unknown " + std::to_string(maj) + "." + std::to_string(min); 52| 60|} _ZNK5Botan3TLS16Protocol_Version20is_datagram_protocolEv: 54| 485k|bool Protocol_Version::is_datagram_protocol() const { 55| 485k| return major_version() > 250; 56| 485k|} _ZNK5Botan3TLS16Protocol_Version13is_pre_tls_13Ev: 58| 305k|bool Protocol_Version::is_pre_tls_13() const { 59| 305k| return (!is_datagram_protocol() && *this <= Protocol_Version::TLS_V12) || ------------------ | Branch (59:12): [True: 303k, False: 2.06k] | Branch (59:39): [True: 297k, False: 5.79k] ------------------ 60| 7.86k| (is_datagram_protocol() && *this <= Protocol_Version::DTLS_V12); ------------------ | Branch (60:12): [True: 2.06k, False: 5.79k] | Branch (60:38): [True: 2.05k, False: 12] ------------------ 61| 305k|} _ZNK5Botan3TLS16Protocol_Version18is_tls_13_or_laterEv: 63| 31|bool Protocol_Version::is_tls_13_or_later() const { 64| 31| return (!is_datagram_protocol() && *this >= Protocol_Version::TLS_V13) || ------------------ | Branch (64:12): [True: 22, False: 9] | Branch (64:39): [True: 10, False: 12] ------------------ 65| 21| (is_datagram_protocol() && *this >= Protocol_Version::DTLS_V13); ------------------ | Branch (65:12): [True: 9, False: 12] | Branch (65:38): [True: 7, False: 2] ------------------ 66| 31|} _ZNK5Botan3TLS16Protocol_VersiongtERKS1_: 68| 17.6k|bool Protocol_Version::operator>(const Protocol_Version& other) const { 69| 17.6k| if(this->is_datagram_protocol() != other.is_datagram_protocol()) { ------------------ | Branch (69:7): [True: 0, False: 17.6k] ------------------ 70| 0| throw TLS_Exception(Alert::ProtocolVersion, "Version comparing " + to_string() + " with " + other.to_string()); 71| 0| } 72| | 73| 17.6k| if(this->is_datagram_protocol()) { ------------------ | Branch (73:7): [True: 8.65k, False: 9.03k] ------------------ 74| 8.65k| return m_version < other.m_version; // goes backwards 75| 8.65k| } 76| | 77| 9.03k| return m_version > other.m_version; 78| 17.6k|} _ZNK5Botan3TLS16Protocol_Version5validEv: 80| 12.4k|bool Protocol_Version::valid() const { 81| 12.4k| const uint8_t maj = major_version(); 82| 12.4k| const uint8_t min = minor_version(); 83| | 84| 12.4k| if(maj == 3 && min <= 4) { ------------------ | Branch (84:7): [True: 0, False: 12.4k] | Branch (84:19): [True: 0, False: 0] ------------------ 85| | // 3.0: SSLv3 86| | // 3.1: TLS 1.0 87| | // 3.2: TLS 1.1 88| | // 3.3: TLS 1.2 89| | // 3.4: TLS 1.3 90| 0| return true; 91| 0| } 92| | 93| 12.4k| if(maj == 254 && (min == 253 || min == 255)) { ------------------ | Branch (93:7): [True: 0, False: 12.4k] | Branch (93:22): [True: 0, False: 0] | Branch (93:36): [True: 0, False: 0] ------------------ 94| | // 254.253: DTLS 1.2 95| | // 254.255: DTLS 1.0 96| 0| return true; 97| 0| } 98| | 99| 12.4k| return false; 100| 12.4k|} _ZN5Botan15allocate_memoryEmm: 21| 594k|BOTAN_MALLOC_FN void* allocate_memory(size_t elems, size_t elem_size) { 22| 594k| if(elems == 0 || elem_size == 0) { ------------------ | Branch (22:7): [True: 0, False: 594k] | Branch (22:21): [True: 0, False: 594k] ------------------ 23| 0| return nullptr; 24| 0| } 25| | 26| | // Some calloc implementations do not check for overflow (?!?) 27| 594k| if(!checked_mul(elems, elem_size).has_value()) { ------------------ | Branch (27:7): [True: 0, False: 594k] ------------------ 28| 0| throw std::bad_alloc(); 29| 0| } 30| | 31| |#if defined(BOTAN_HAS_LOCKING_ALLOCATOR) 32| | // NOLINTNEXTLINE(*-const-correctness) bug in clang-tidy 33| | if(void* p = mlock_allocator::instance().allocate(elems, elem_size)) { 34| | return p; 35| | } 36| |#endif 37| | 38| |#if defined(BOTAN_TARGET_OS_HAS_ALLOC_CONCEAL) 39| | void* ptr = ::calloc_conceal(elems, elem_size); 40| |#else 41| | // NOLINTNEXTLINE(*-const-correctness) bug in clang-tidy 42| 594k| void* ptr = std::calloc(elems, elem_size); // NOLINT(*-no-malloc,*-owning-memory) 43| 594k|#endif 44| 594k| if(ptr == nullptr) { ------------------ | Branch (44:7): [True: 0, False: 594k] ------------------ 45| 0| [[unlikely]] throw std::bad_alloc(); 46| 0| } 47| 594k| return ptr; 48| 594k|} _ZN5Botan17deallocate_memoryEPvmm: 50| 594k|void deallocate_memory(void* p, size_t elems, size_t elem_size) { 51| 594k| if(p == nullptr) { ------------------ | Branch (51:7): [True: 0, False: 594k] ------------------ 52| 0| [[unlikely]] return; 53| 0| } 54| | 55| 594k| secure_scrub_memory(p, elems * elem_size); 56| | 57| |#if defined(BOTAN_HAS_LOCKING_ALLOCATOR) 58| | if(mlock_allocator::instance().deallocate(p, elems, elem_size)) { 59| | return; 60| | } 61| |#endif 62| | 63| 594k| std::free(p); // NOLINT(*-no-malloc,*-owning-memory) 64| 594k|} _ZN5Botan20initialize_allocatorEv: 66| 1|void initialize_allocator() { 67| |#if defined(BOTAN_HAS_LOCKING_ALLOCATOR) 68| | mlock_allocator::instance(); 69| |#endif 70| 1|} _ZN5Botan22throw_invalid_argumentEPKcS1_S1_: 23| 9|void throw_invalid_argument(const char* message, const char* func, const char* file) { 24| 9| throw Invalid_Argument(fmt("{} in {}:{}", message, func, file)); 25| 9|} _ZN5Botan13is_valid_utf8ERKNSt3__112basic_stringIcNS0_11char_traitsIcEENS0_9allocatorIcEEEE: 106| 12.9k|bool is_valid_utf8(const std::string& utf8) { 107| 12.9k| try { 108| 12.9k| size_t pos = 0; 109| 233k| while(pos < utf8.size()) { ------------------ | Branch (109:13): [True: 220k, False: 12.9k] ------------------ 110| 220k| const uint32_t c = next_utf8_codepoint(utf8, pos); 111| 220k| BOTAN_UNUSED(c); ------------------ | | 144| 220k|#define BOTAN_UNUSED Botan::ignore_params ------------------ 112| 220k| } 113| 12.9k| } catch(Decoding_Error&) { 114| 28| return false; 115| 28| } 116| 12.9k| return true; 117| 12.9k|} _ZN5Botan12ucs2_to_utf8EPKhm: 119| 18|std::string ucs2_to_utf8(const uint8_t ucs2[], size_t len) { 120| 18| if(len % 2 != 0) { ------------------ | Branch (120:7): [True: 1, False: 17] ------------------ 121| 1| throw Decoding_Error("Invalid length for UCS-2 string"); 122| 1| } 123| | 124| 17| const size_t chars = len / 2; 125| | 126| 17| std::string s; 127| 179| for(size_t i = 0; i != chars; ++i) { ------------------ | Branch (127:22): [True: 162, False: 17] ------------------ 128| 162| const uint32_t c = load_be(ucs2, i); 129| 162| append_utf8_for(s, c); 130| 162| } 131| | 132| 17| return s; 133| 18|} _ZN5Botan12ucs4_to_utf8EPKhm: 153| 48|std::string ucs4_to_utf8(const uint8_t ucs4[], size_t len) { 154| 48| if(len % 4 != 0) { ------------------ | Branch (154:7): [True: 1, False: 47] ------------------ 155| 1| throw Decoding_Error("Invalid length for UCS-4 string"); 156| 1| } 157| | 158| 47| const size_t chars = len / 4; 159| | 160| 47| std::string s; 161| 190| for(size_t i = 0; i != chars; ++i) { ------------------ | Branch (161:22): [True: 143, False: 47] ------------------ 162| 143| const uint32_t c = load_be(ucs4, i); 163| 143| append_utf8_for(s, c); 164| 143| } 165| | 166| 47| return s; 167| 48|} _ZN5Botan14latin1_to_utf8EPKhm: 188| 13|std::string latin1_to_utf8(const uint8_t chars[], size_t len) { 189| 13| std::string s; 190| 203| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (190:22): [True: 190, False: 13] ------------------ 191| 190| const uint32_t c = static_cast(chars[i]); 192| 190| append_utf8_for(s, c); 193| 190| } 194| 13| return s; 195| 13|} charset.cpp:_ZN5Botan12_GLOBAL__N_119next_utf8_codepointERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEERm: 52| 220k|uint32_t next_utf8_codepoint(const std::string& utf8, size_t& pos) { 53| 220k| auto read_continuation = [&]() -> uint32_t { 54| 220k| if(pos >= utf8.size()) { 55| 220k| throw Decoding_Error("Invalid UTF-8 sequence"); 56| 220k| } 57| 220k| const uint8_t b = static_cast(utf8[pos++]); 58| 220k| if((b & 0xC0) != 0x80) { 59| 220k| throw Decoding_Error("Invalid UTF-8 sequence"); 60| 220k| } 61| 220k| return b & 0x3F; 62| 220k| }; 63| | 64| 220k| const uint8_t lead = static_cast(utf8[pos++]); 65| 220k| uint32_t c = 0; 66| | 67| 220k| if(lead <= 0x7F) { ------------------ | Branch (67:7): [True: 220k, False: 99] ------------------ 68| 220k| c = lead; 69| 220k| } else if((lead & 0xE0) == 0xC0) { ------------------ | Branch (69:14): [True: 16, False: 83] ------------------ 70| 16| c = (lead & 0x1F) << 6; 71| 16| c |= read_continuation(); 72| 16| if(c < 0x80) { ------------------ | Branch (72:10): [True: 1, False: 15] ------------------ 73| 1| throw Decoding_Error("Overlong UTF-8 sequence"); 74| 1| } 75| 83| } else if((lead & 0xF0) == 0xE0) { ------------------ | Branch (75:14): [True: 43, False: 40] ------------------ 76| 43| c = (lead & 0x0F) << 12; 77| 43| c |= read_continuation() << 6; 78| 43| c |= read_continuation(); 79| 43| if(c < 0x800) { ------------------ | Branch (79:10): [True: 1, False: 42] ------------------ 80| 1| throw Decoding_Error("Overlong UTF-8 sequence"); 81| 1| } 82| 43| } else if((lead & 0xF8) == 0xF0) { ------------------ | Branch (82:14): [True: 26, False: 14] ------------------ 83| 26| c = (lead & 0x07) << 18; 84| 26| c |= read_continuation() << 12; 85| 26| c |= read_continuation() << 6; 86| 26| c |= read_continuation(); 87| 26| if(c < 0x10000) { ------------------ | Branch (87:10): [True: 1, False: 25] ------------------ 88| 1| throw Decoding_Error("Overlong UTF-8 sequence"); 89| 1| } 90| 26| } else { 91| 14| throw Decoding_Error("Invalid UTF-8 sequence"); 92| 14| } 93| | 94| 220k| if(c > 0x10FFFF) { ------------------ | Branch (94:7): [True: 1, False: 220k] ------------------ 95| 1| throw Decoding_Error("UTF-8 sequence encodes value outside Unicode range"); 96| 1| } 97| 220k| if(c >= 0xD800 && c < 0xE000) { ------------------ | Branch (97:7): [True: 28, False: 220k] | Branch (97:22): [True: 1, False: 27] ------------------ 98| 1| throw Decoding_Error("UTF-8 sequence encodes surrogate code point"); 99| 1| } 100| | 101| 220k| return c; 102| 220k|} charset.cpp:_ZZN5Botan12_GLOBAL__N_119next_utf8_codepointERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEERmENK3$_0clEv: 53| 177| auto read_continuation = [&]() -> uint32_t { 54| 177| if(pos >= utf8.size()) { ------------------ | Branch (54:10): [True: 2, False: 175] ------------------ 55| 2| throw Decoding_Error("Invalid UTF-8 sequence"); 56| 2| } 57| 175| const uint8_t b = static_cast(utf8[pos++]); 58| 175| if((b & 0xC0) != 0x80) { ------------------ | Branch (58:10): [True: 7, False: 168] ------------------ 59| 7| throw Decoding_Error("Invalid UTF-8 sequence"); 60| 7| } 61| 168| return b & 0x3F; 62| 175| }; charset.cpp:_ZN5Botan12_GLOBAL__N_115append_utf8_forERNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEj: 18| 495|void append_utf8_for(std::string& s, uint32_t c) { 19| 495| if(c >= 0xD800 && c < 0xE000) { ------------------ | Branch (19:7): [True: 174, False: 321] | Branch (19:22): [True: 7, False: 167] ------------------ 20| 7| throw Decoding_Error("Invalid Unicode character"); 21| 7| } 22| | 23| 488| if(c <= 0x7F) { ------------------ | Branch (23:7): [True: 140, False: 348] ------------------ 24| 140| const uint8_t b0 = static_cast(c); 25| 140| s.push_back(static_cast(b0)); 26| 348| } else if(c <= 0x7FF) { ------------------ | Branch (26:14): [True: 111, False: 237] ------------------ 27| 111| const uint8_t b0 = 0xC0 | static_cast(c >> 6); 28| 111| const uint8_t b1 = 0x80 | static_cast(c & 0x3F); 29| 111| s.push_back(static_cast(b0)); 30| 111| s.push_back(static_cast(b1)); 31| 237| } else if(c <= 0xFFFF) { ------------------ | Branch (31:14): [True: 131, False: 106] ------------------ 32| 131| const uint8_t b0 = 0xE0 | static_cast(c >> 12); 33| 131| const uint8_t b1 = 0x80 | static_cast((c >> 6) & 0x3F); 34| 131| const uint8_t b2 = 0x80 | static_cast(c & 0x3F); 35| 131| s.push_back(static_cast(b0)); 36| 131| s.push_back(static_cast(b1)); 37| 131| s.push_back(static_cast(b2)); 38| 131| } else if(c <= 0x10FFFF) { ------------------ | Branch (38:14): [True: 66, False: 40] ------------------ 39| 66| const uint8_t b0 = 0xF0 | static_cast(c >> 18); 40| 66| const uint8_t b1 = 0x80 | static_cast((c >> 12) & 0x3F); 41| 66| const uint8_t b2 = 0x80 | static_cast((c >> 6) & 0x3F); 42| 66| const uint8_t b3 = 0x80 | static_cast(c & 0x3F); 43| 66| s.push_back(static_cast(b0)); 44| 66| s.push_back(static_cast(b1)); 45| 66| s.push_back(static_cast(b2)); 46| 66| s.push_back(static_cast(b3)); 47| 66| } else { 48| 40| throw Decoding_Error("Invalid Unicode character"); 49| 40| } 50| 488|} _ZN5Botan5CPUID10CPUID_DataC2Ev: 80| 1|CPUID::CPUID_Data::CPUID_Data() { 81| | // NOLINTBEGIN(*-prefer-member-initializer) 82| 1|#if defined(BOTAN_HAS_CPUID_DETECTION) 83| 1| m_processor_features = detect_cpu_features(~cleared_cpuid_bits()); 84| |#else 85| | m_processor_features = 0; 86| |#endif 87| | // NOLINTEND(*-prefer-member-initializer) 88| 1|} cpuid.cpp:_ZN5Botan12_GLOBAL__N_118cleared_cpuid_bitsEv: 59| 1|uint32_t cleared_cpuid_bits() { 60| 1| uint32_t cleared = 0; 61| | 62| 1| #if defined(BOTAN_HAS_OS_UTILS) 63| 1| std::string clear_cpuid_env; 64| 1| if(OS::read_env_variable(clear_cpuid_env, "BOTAN_CLEAR_CPUID")) { ------------------ | Branch (64:7): [True: 0, False: 1] ------------------ 65| 0| for(const auto& cpuid : split_on(clear_cpuid_env, ',')) { ------------------ | Branch (65:29): [True: 0, False: 0] ------------------ 66| 0| if(auto bit = CPUID::bit_from_string(cpuid)) { ------------------ | Branch (66:18): [True: 0, False: 0] ------------------ 67| 0| cleared |= bit->as_u32(); 68| 0| } 69| 0| } 70| 0| } 71| 1| #endif 72| | 73| 1| return cleared; 74| 1|} _ZN5Botan5CPUID10CPUID_Data19detect_cpu_featuresEj: 62| 1|uint32_t CPUID::CPUID_Data::detect_cpu_features(uint32_t allowed) { 63| 1| enum class x86_CPUID_1_bits : uint64_t { 64| 1| RDTSC = (1ULL << 4), 65| 1| SSE2 = (1ULL << 26), 66| 1| CLMUL = (1ULL << 33), 67| 1| SSSE3 = (1ULL << 41), 68| 1| SSE41 = (1ULL << 51), 69| 1| AESNI = (1ULL << 57), 70| | // AVX + OSXSAVE 71| 1| OSXSAVE = (1ULL << 59) | (1ULL << 60), 72| 1| RDRAND = (1ULL << 62) 73| 1| }; 74| | 75| 1| enum class x86_CPUID_7_bits : uint64_t { 76| 1| BMI1 = (1ULL << 3), 77| 1| AVX2 = (1ULL << 5), 78| 1| BMI2 = (1ULL << 8), 79| 1| BMI_1_AND_2 = BMI1 | BMI2, 80| 1| AVX512_F = (1ULL << 16), 81| 1| AVX512_DQ = (1ULL << 17), 82| 1| RDSEED = (1ULL << 18), 83| 1| ADX = (1ULL << 19), 84| 1| AVX512_IFMA = (1ULL << 21), 85| 1| SHA = (1ULL << 29), 86| 1| AVX512_BW = (1ULL << 30), 87| 1| AVX512_VL = (1ULL << 31), 88| 1| AVX512_VBMI = (1ULL << 33), 89| 1| AVX512_VBMI2 = (1ULL << 38), 90| 1| GFNI = (1ULL << 40), 91| 1| AVX512_VAES = (1ULL << 41), 92| 1| AVX512_VCLMUL = (1ULL << 42), 93| 1| AVX512_VBITALG = (1ULL << 44), 94| | 95| | /* 96| | We only enable AVX512 support if all of the below flags are available 97| | 98| | This is more than we strictly need for most uses, however it also has 99| | the effect of preventing execution of AVX512 codepaths on cores that 100| | have serious downclocking problems when AVX512 code executes, 101| | especially Intel Skylake. 102| | 103| | VBMI2/VBITALG are the key flags here as they restrict us to Intel Ice 104| | Lake/Rocket Lake, or AMD Zen4, all of which do not have penalties for 105| | executing AVX512. 106| | 107| | There is nothing stopping some future processor from supporting the 108| | above flags and having AVX512 penalties, but maybe you should not have 109| | bought such a processor. 110| | */ 111| 1| AVX512_PROFILE = 112| 1| AVX512_F | AVX512_DQ | AVX512_IFMA | AVX512_BW | AVX512_VL | AVX512_VBMI | AVX512_VBMI2 | AVX512_VBITALG, 113| 1| }; 114| | 115| | // NOLINTNEXTLINE(performance-enum-size) 116| 1| enum class x86_CPUID_7_1_bits : uint64_t { 117| 1| SHA512 = (1 << 0), 118| 1| SM3 = (1 << 1), 119| 1| SM4 = (1 << 2), 120| 1| }; 121| | 122| 1| uint32_t feat = 0; 123| 1| uint32_t cpuid[4] = {0}; 124| 1| bool has_os_ymm_support = false; 125| 1| bool has_os_zmm_support = false; 126| | 127| | // CPUID 0: vendor identification, max sublevel 128| 1| invoke_cpuid(0, cpuid); 129| | 130| 1| const uint32_t max_supported_sublevel = cpuid[0]; 131| | 132| 1| if(max_supported_sublevel >= 1) { ------------------ | Branch (132:7): [True: 1, False: 0] ------------------ 133| | // CPUID 1: feature bits 134| 1| invoke_cpuid(1, cpuid); 135| 1| const uint64_t flags0 = (static_cast(cpuid[2]) << 32) | cpuid[3]; 136| | 137| 1| feat |= if_set(flags0, x86_CPUID_1_bits::RDTSC, CPUFeature::Bit::RDTSC, allowed); 138| | 139| 1| feat |= if_set(flags0, x86_CPUID_1_bits::RDRAND, CPUFeature::Bit::RDRAND, allowed); 140| | 141| 1| feat |= if_set(flags0, x86_CPUID_1_bits::SSE2, CPUFeature::Bit::SSE2, allowed); 142| | 143| 1| if(is_set(feat, CPUFeature::Bit::SSE2)) { ------------------ | Branch (143:10): [True: 1, False: 0] ------------------ 144| 1| feat |= if_set(flags0, x86_CPUID_1_bits::SSSE3, CPUFeature::Bit::SSSE3, allowed); 145| | 146| 1| if(is_set(feat, CPUFeature::Bit::SSSE3)) { ------------------ | Branch (146:13): [True: 1, False: 0] ------------------ 147| 1| feat |= if_set(flags0, x86_CPUID_1_bits::CLMUL, CPUFeature::Bit::CLMUL, allowed); 148| 1| feat |= if_set(flags0, x86_CPUID_1_bits::AESNI, CPUFeature::Bit::AESNI, allowed); 149| 1| } 150| | 151| 1| const uint64_t osxsave64 = static_cast(x86_CPUID_1_bits::OSXSAVE); 152| 1| if((flags0 & osxsave64) == osxsave64) { ------------------ | Branch (152:13): [True: 1, False: 0] ------------------ 153| 1| const uint64_t xcr_flags = xgetbv(); 154| 1| if((xcr_flags & 0x6) == 0x6) { ------------------ | Branch (154:16): [True: 1, False: 0] ------------------ 155| 1| has_os_ymm_support = true; 156| 1| has_os_zmm_support = (xcr_flags & 0xE0) == 0xE0; 157| 1| } 158| 1| } 159| 1| } 160| 1| } 161| | 162| 1| if(max_supported_sublevel >= 7) { ------------------ | Branch (162:7): [True: 1, False: 0] ------------------ 163| 1| clear_mem(cpuid, 4); 164| 1| invoke_cpuid_sublevel(7, 0, cpuid); 165| | 166| 1| const uint64_t flags7 = (static_cast(cpuid[2]) << 32) | cpuid[1]; 167| | 168| 1| clear_mem(cpuid, 4); 169| 1| invoke_cpuid_sublevel(7, 1, cpuid); 170| 1| const uint32_t flags7_1 = cpuid[0]; 171| | 172| 1| feat |= if_set(flags7, x86_CPUID_7_bits::RDSEED, CPUFeature::Bit::RDSEED, allowed); 173| 1| feat |= if_set(flags7, x86_CPUID_7_bits::ADX, CPUFeature::Bit::ADX, allowed); 174| | 175| | /* 176| | We only set the BMI bit if both BMI1 and BMI2 are supported, since 177| | typically we want to use both extensions in the same code. 178| | */ 179| 1| feat |= if_set(flags7, x86_CPUID_7_bits::BMI_1_AND_2, CPUFeature::Bit::BMI, allowed); 180| | 181| 1| if(is_set(feat, CPUFeature::Bit::SSSE3)) { ------------------ | Branch (181:10): [True: 1, False: 0] ------------------ 182| 1| feat |= if_set(flags7, x86_CPUID_7_bits::SHA, CPUFeature::Bit::SHA, allowed); 183| 1| feat |= if_set(flags7_1, x86_CPUID_7_1_bits::SM3, CPUFeature::Bit::SM3, allowed); 184| | 185| | // We only consider AVX2 if SSSE3 is supported 186| 1| if(has_os_ymm_support) { ------------------ | Branch (186:13): [True: 1, False: 0] ------------------ 187| 1| feat |= if_set(flags7, x86_CPUID_7_bits::AVX2, CPUFeature::Bit::AVX2, allowed); 188| | 189| 1| if(is_set(feat, CPUFeature::Bit::AVX2)) { ------------------ | Branch (189:16): [True: 1, False: 0] ------------------ 190| 1| feat |= if_set(flags7, x86_CPUID_7_bits::GFNI, CPUFeature::Bit::GFNI, allowed); 191| 1| feat |= if_set(flags7, x86_CPUID_7_bits::AVX512_VAES, CPUFeature::Bit::AVX2_AES, allowed); 192| 1| feat |= if_set(flags7, x86_CPUID_7_bits::AVX512_VCLMUL, CPUFeature::Bit::AVX2_CLMUL, allowed); 193| 1| feat |= if_set(flags7_1, x86_CPUID_7_1_bits::SHA512, CPUFeature::Bit::SHA512, allowed); 194| 1| feat |= if_set(flags7_1, x86_CPUID_7_1_bits::SM4, CPUFeature::Bit::SM4, allowed); 195| | 196| | // Likewise we only consider AVX-512 if AVX2 is supported 197| 1| if(has_os_zmm_support) { ------------------ | Branch (197:19): [True: 0, False: 1] ------------------ 198| 0| feat |= if_set(flags7, x86_CPUID_7_bits::AVX512_PROFILE, CPUFeature::Bit::AVX512, allowed); 199| | 200| 0| if(is_set(feat, CPUFeature::Bit::AVX512)) { ------------------ | Branch (200:22): [True: 0, False: 0] ------------------ 201| 0| feat |= if_set(flags7, x86_CPUID_7_bits::AVX512_VAES, CPUFeature::Bit::AVX512_AES, allowed); 202| 0| feat |= if_set(flags7, x86_CPUID_7_bits::AVX512_VCLMUL, CPUFeature::Bit::AVX512_CLMUL, allowed); 203| 0| } 204| 0| } 205| 1| } 206| 1| } 207| 1| } 208| 1| } 209| | 210| |/* 211| | * If we don't have access to CPUID, we can still safely assume that 212| | * any x86-64 processor has SSE2 and RDTSC 213| | */ 214| 1|#if defined(BOTAN_TARGET_ARCH_IS_X86_64) 215| 1| if(feat == 0) { ------------------ | Branch (215:7): [True: 0, False: 1] ------------------ 216| 0| feat |= CPUFeature::Bit::SSE2 & allowed; 217| 0| feat |= CPUFeature::Bit::RDTSC & allowed; 218| 0| } 219| 1|#endif 220| | 221| 1| return feat; 222| 1|} cpuid_x86.cpp:_ZN5Botan12_GLOBAL__N_112invoke_cpuidEjPj: 24| 2|void invoke_cpuid(uint32_t type, uint32_t out[4]) { 25| 2| clear_mem(out, 4); 26| | 27| 2|#if defined(BOTAN_USE_GCC_INLINE_ASM) 28| | // NOLINTNEXTLINE(*-no-assembler) 29| 2| asm volatile("cpuid\n\t" : "=a"(out[0]), "=b"(out[1]), "=c"(out[2]), "=d"(out[3]) : "0"(type)); 30| | 31| |#elif defined(BOTAN_BUILD_COMPILER_IS_MSVC) 32| | __cpuid((int*)out, type); 33| | 34| |#else 35| | BOTAN_UNUSED(type); 36| | #warning "No way of calling x86 cpuid instruction for this compiler" 37| |#endif 38| 2|} cpuid_x86.cpp:_ZN5Botan12_GLOBAL__N_16xgetbvEv: 56| 1|BOTAN_FUNC_ISA("xsave") uint64_t xgetbv() { 57| | return _xgetbv(0); 58| 1|} cpuid_x86.cpp:_ZN5Botan12_GLOBAL__N_121invoke_cpuid_sublevelEjjPj: 40| 2|void invoke_cpuid_sublevel(uint32_t type, uint32_t level, uint32_t out[4]) { 41| 2| clear_mem(out, 4); 42| | 43| 2|#if defined(BOTAN_USE_GCC_INLINE_ASM) 44| | // NOLINTNEXTLINE(*-no-assembler) 45| 2| asm volatile("cpuid\n\t" : "=a"(out[0]), "=b"(out[1]), "=c"(out[2]), "=d"(out[3]) : "0"(type), "2"(level)); 46| | 47| |#elif defined(BOTAN_BUILD_COMPILER_IS_MSVC) 48| | __cpuidex((int*)out, type, level); 49| | 50| |#else 51| | BOTAN_UNUSED(type, level); 52| | #warning "No way of calling x86 cpuid instruction for this compiler" 53| |#endif 54| 2|} _ZN5Botan10DataSource9read_byteERh: 27| 3.96M|size_t DataSource::read_byte(uint8_t& out) { 28| 3.96M| return read(&out, 1); 29| 3.96M|} _ZN5Botan10DataSource9read_byteEv: 34| 6.52M|std::optional DataSource::read_byte() { 35| 6.52M| uint8_t b = 0; 36| 6.52M| if(this->read(&b, 1) == 1) { ------------------ | Branch (36:7): [True: 6.50M, False: 12.9k] ------------------ 37| 6.50M| return b; 38| 6.50M| } else { 39| 12.9k| return {}; 40| 12.9k| } 41| 6.52M|} _ZNK5Botan10DataSource9peek_byteERh: 46| 13.2k|size_t DataSource::peek_byte(uint8_t& out) const { 47| 13.2k| return peek(&out, 1, 0); 48| 13.2k|} _ZN5Botan17DataSource_Memory4readEPhm: 73| 6.56M|size_t DataSource_Memory::read(uint8_t out[], size_t length) { 74| 6.56M| const size_t got = std::min(m_source.size() - m_offset, length); 75| 6.56M| copy_mem(out, m_source.data() + m_offset, got); 76| 6.56M| m_offset += got; 77| 6.56M| return got; 78| 6.56M|} _ZN5Botan17DataSource_Memory15check_availableEm: 80| 175k|bool DataSource_Memory::check_available(size_t n) { 81| 175k| return (n <= (m_source.size() - m_offset)); 82| 175k|} _ZNK5Botan17DataSource_Memory4peekEPhmm: 87| 13.4k|size_t DataSource_Memory::peek(uint8_t out[], size_t length, size_t peek_offset) const { 88| 13.4k| const size_t bytes_left = m_source.size() - m_offset; 89| 13.4k| if(peek_offset >= bytes_left) { ------------------ | Branch (89:7): [True: 1, False: 13.4k] ------------------ 90| 1| return 0; 91| 1| } 92| | 93| 13.4k| const size_t got = std::min(bytes_left - peek_offset, length); 94| 13.4k| copy_mem(out, &m_source[m_offset + peek_offset], got); 95| 13.4k| return got; 96| 13.4k|} _ZNK5Botan17DataSource_Memory11end_of_dataEv: 101| 123k|bool DataSource_Memory::end_of_data() const { 102| 123k| return (m_offset == m_source.size()); 103| 123k|} _ZN5Botan17DataSource_MemoryC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 108| 12.9k|DataSource_Memory::DataSource_Memory(std::string_view in) : DataSource_Memory(as_span_of_bytes(in)) {} _ZN5Botan9ExceptionC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 71| 5.44k|Exception::Exception(std::string_view msg) : m_msg(msg) {} _ZN5Botan9ExceptionC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEERKSt9exception: 73| 297|Exception::Exception(std::string_view msg, const std::exception& e) : m_msg(fmt("{} failed with {}", msg, e.what())) {} _ZN5Botan9ExceptionC2EPKcNSt3__117basic_string_viewIcNS3_11char_traitsIcEEEE: 75| 196|Exception::Exception(const char* prefix, std::string_view msg) : m_msg(fmt("{} {}", prefix, msg)) {} _ZN5Botan16Invalid_ArgumentC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 77| 12|Invalid_Argument::Invalid_Argument(std::string_view msg) : Exception(msg) {} _ZN5Botan14Internal_ErrorC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 99| 91|Internal_Error::Internal_Error(std::string_view err) : Exception("Internal error:", err) {} _ZN5Botan14Decoding_ErrorC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 125| 2.34k|Decoding_Error::Decoding_Error(std::string_view name) : Exception(name) {} _ZN5Botan14Decoding_ErrorC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEERKSt9exception: 130| 297|Decoding_Error::Decoding_Error(std::string_view msg, const std::exception& e) : Exception(msg, e) {} _ZN5Botan26Invalid_Authentication_TagC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 133| 104| Exception("Invalid authentication tag:", msg) {} _ZN5Botan15Stream_IO_ErrorC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 135| 1|Stream_IO_Error::Stream_IO_Error(std::string_view err) : Exception("I/O error:", err) {} _ZN5Botan5GHASH14ghash_multiplyENSt3__14spanIhLm16EEENS2_IKhLm18446744073709551615EEEm: 44| 219|void GHASH::ghash_multiply(std::span x, std::span input, size_t blocks) { 45| 219| BOTAN_ASSERT_NOMSG(input.size() % GCM_BS == 0); ------------------ | | 77| 219| do { \ | | 78| 219| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 219| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 219] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 219| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 219] | | ------------------ ------------------ 46| | 47| 219|#if defined(BOTAN_HAS_GHASH_AVX512_CLMUL) 48| 219| if(CPUID::has(CPUID::Feature::AVX512_CLMUL)) { ------------------ | Branch (48:7): [True: 0, False: 219] ------------------ 49| 0| BOTAN_ASSERT_NOMSG(!m_H_pow.empty()); ------------------ | | 77| 0| do { \ | | 78| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 0| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 0| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 0] | | ------------------ ------------------ 50| 0| return ghash_multiply_avx512_clmul(x.data(), m_H_pow.data(), input.data(), blocks); 51| 0| } 52| 219|#endif 53| | 54| 219|#if defined(BOTAN_HAS_GHASH_CLMUL_CPU) 55| 219| if(CPUID::has(CPUID::Feature::HW_CLMUL)) { ------------------ | Branch (55:7): [True: 219, False: 0] ------------------ 56| 219| BOTAN_ASSERT_NOMSG(!m_H_pow.empty()); ------------------ | | 77| 219| do { \ | | 78| 219| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 219| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 219] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 219| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 219] | | ------------------ ------------------ 57| 219| return ghash_multiply_cpu(x.data(), m_H_pow, input.data(), blocks); 58| 219| } 59| 0|#endif 60| | 61| 0|#if defined(BOTAN_HAS_GHASH_CLMUL_VPERM) 62| 0| if(CPUID::has(CPUID::Feature::SIMD_2X64)) { ------------------ | Branch (62:7): [True: 0, False: 0] ------------------ 63| 0| return ghash_multiply_vperm(x.data(), m_HM.data(), input.data(), blocks); 64| 0| } 65| 0|#endif 66| | 67| 0| auto scope = CT::scoped_poison(x); 68| | 69| 0| auto X = load_be>(x); 70| | 71| 0| BufferSlicer in(input); 72| 0| for(size_t b = 0; b != blocks; ++b) { ------------------ | Branch (72:22): [True: 0, False: 0] ------------------ 73| 0| const auto I = load_be>(in.take()); 74| 0| X[0] ^= I[0]; 75| 0| X[1] ^= I[1]; 76| | 77| 0| std::array Z{}; 78| | 79| 0| for(size_t i = 0; i != 64; ++i) { ------------------ | Branch (79:25): [True: 0, False: 0] ------------------ 80| 0| const auto X0MASK = CT::Mask::expand_top_bit(X[0]); 81| 0| const auto X1MASK = CT::Mask::expand_top_bit(X[1]); 82| | 83| 0| X[0] <<= 1; 84| 0| X[1] <<= 1; 85| | 86| 0| Z[0] = X0MASK.select(Z[0] ^ m_HM[4 * i], Z[0]); 87| 0| Z[1] = X0MASK.select(Z[1] ^ m_HM[4 * i + 1], Z[1]); 88| | 89| 0| Z[0] = X1MASK.select(Z[0] ^ m_HM[4 * i + 2], Z[0]); 90| 0| Z[1] = X1MASK.select(Z[1] ^ m_HM[4 * i + 3], Z[1]); 91| 0| } 92| | 93| 0| X[0] = Z[0]; 94| 0| X[1] = Z[1]; 95| 0| } 96| | 97| 0| store_be(x, X); 98| 0|} _ZNK5Botan5GHASH19has_keying_materialEv: 100| 182|bool GHASH::has_keying_material() const { 101| 182| return !m_HM.empty() || !m_H_pow.empty(); ------------------ | Branch (101:11): [True: 0, False: 182] | Branch (101:28): [True: 182, False: 0] ------------------ 102| 182|} _ZN5Botan5GHASH12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 104| 62|void GHASH::key_schedule(std::span key) { 105| 62| m_H_ad = {0}; 106| 62| m_ad_len = 0; 107| 62| m_text_len = 0; 108| | 109| 62| BOTAN_ASSERT_NOMSG(key.size() == GCM_BS); ------------------ | | 77| 62| do { \ | | 78| 62| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 62| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 62] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 62| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 62] | | ------------------ ------------------ 110| 62| auto H = load_be>(key.first()); 111| | 112| 62|#if defined(BOTAN_HAS_GHASH_AVX512_CLMUL) 113| 62| if(CPUID::has(CPUID::Feature::AVX512_CLMUL)) { ------------------ | Branch (113:7): [True: 0, False: 62] ------------------ 114| 0| zap(m_HM); 115| 0| if(m_H_pow.size() != 32) { ------------------ | Branch (115:10): [True: 0, False: 0] ------------------ 116| 0| m_H_pow.resize(32); 117| 0| } 118| 0| ghash_precompute_avx512_clmul(key.data(), m_H_pow.data()); 119| | // m_HM left empty 120| 0| return; 121| 0| } 122| 62|#endif 123| | 124| 62|#if defined(BOTAN_HAS_GHASH_CLMUL_CPU) 125| 62| if(CPUID::has(CPUID::Feature::HW_CLMUL)) { ------------------ | Branch (125:7): [True: 62, False: 0] ------------------ 126| 62| zap(m_HM); 127| 62| ghash_precompute_cpu(key.data(), m_H_pow); 128| | // m_HM left empty 129| 62| return; 130| 62| } 131| 0|#endif 132| | 133| 0| const uint64_t R = 0xE100000000000000; 134| | 135| 0| if(m_HM.size() != 256) { ------------------ | Branch (135:7): [True: 0, False: 0] ------------------ 136| 0| m_HM.resize(256); 137| 0| } 138| | 139| | // precompute the multiples of H 140| 0| for(size_t i = 0; i != 2; ++i) { ------------------ | Branch (140:22): [True: 0, False: 0] ------------------ 141| 0| for(size_t j = 0; j != 64; ++j) { ------------------ | Branch (141:25): [True: 0, False: 0] ------------------ 142| | /* 143| | we interleave H^1, H^65, H^2, H^66, H3, H67, H4, H68 144| | to make indexing nicer in the multiplication code 145| | */ 146| 0| m_HM[4 * j + 2 * i] = H[0]; 147| 0| m_HM[4 * j + 2 * i + 1] = H[1]; 148| | 149| | // GCM's bit ops are reversed so we carry out of the bottom 150| 0| const uint64_t carry = CT::Mask::expand(H[1] & 1).if_set_return(R); 151| 0| H[1] = (H[1] >> 1) | (H[0] << 63); 152| 0| H[0] = (H[0] >> 1) ^ carry; 153| 0| } 154| 0| } 155| 0|} _ZN5Botan5GHASH5startENSt3__14spanIKhLm18446744073709551615EEE: 157| 61|void GHASH::start(std::span nonce) { 158| 61| BOTAN_ARG_CHECK(nonce.size() == 16, "GHASH requires a 128-bit nonce"); ------------------ | | 35| 61| do { \ | | 36| 61| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 61| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 61] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 61| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 61] | | ------------------ ------------------ 159| 61| auto& n = m_nonce.emplace(); 160| 61| copy_mem(n, nonce); 161| 61| copy_mem(m_ghash, m_H_ad); 162| 61| m_buffer.clear(); 163| 61| m_text_len = 0; 164| 61|} _ZN5Botan5GHASH19set_associated_dataENSt3__14spanIKhLm18446744073709551615EEE: 166| 61|void GHASH::set_associated_data(std::span input) { 167| 61| BOTAN_STATE_CHECK(!m_nonce); ------------------ | | 51| 61| do { \ | | 52| 61| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 61| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 61] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 61| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 61] | | ------------------ ------------------ 168| | 169| 61| assert_key_material_set(); 170| 61| m_H_ad = {0}; 171| 61| ghash_update(m_H_ad, input); 172| 61| ghash_zeropad(m_H_ad); 173| 61| m_ad_len = input.size(); 174| 61|} _ZN5Botan5GHASH6updateENSt3__14spanIKhLm18446744073709551615EEE: 190| 60|void GHASH::update(std::span input) { 191| 60| assert_key_material_set(); 192| 60| BOTAN_STATE_CHECK(m_nonce); ------------------ | | 51| 60| do { \ | | 52| 60| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 60| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 60] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 60| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 60] | | ------------------ ------------------ 193| 60| ghash_update(m_ghash, input); 194| 60| m_text_len += input.size(); 195| | 196| | // NIST SP 800-38D limits plaintext/ciphertext to 2^39 - 256 bits 197| 60| constexpr uint64_t GHASH_MAX_BYTES = (((static_cast(1) << 39)) - 256) / 8; 198| 60| if(m_text_len > GHASH_MAX_BYTES) { ------------------ | Branch (198:7): [True: 0, False: 60] ------------------ 199| 0| throw Invalid_State("GCM message length limit exceeded"); 200| 0| } 201| 60|} _ZN5Botan5GHASH5finalENSt3__14spanIhLm18446744073709551615EEE: 203| 61|void GHASH::final(std::span mac) { 204| 61| BOTAN_ARG_CHECK(!mac.empty() && mac.size() <= GCM_BS, "GHASH output length"); ------------------ | | 35| 61| do { \ | | 36| 61| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 122| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 61, False: 0] | | | Branch (37:12): [True: 61, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 61| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 61] | | ------------------ ------------------ 205| 61| BOTAN_STATE_CHECK(m_nonce); ------------------ | | 51| 61| do { \ | | 52| 61| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 61| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 61] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 61| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 61] | | ------------------ ------------------ 206| 61| assert_key_material_set(); 207| | 208| 61| ghash_zeropad(m_ghash); 209| 61| ghash_final_block(m_ghash, m_ad_len, m_text_len); 210| | 211| 61| xor_buf(mac, std::span{m_ghash}.first(mac.size()), std::span{*m_nonce}.first(mac.size())); 212| | 213| 61| secure_scrub_memory(m_ghash); 214| 61| m_text_len = 0; 215| 61| m_nonce.reset(); 216| 61|} _ZN5Botan5GHASH12ghash_updateENSt3__14spanIhLm16EEENS2_IKhLm18446744073709551615EEE: 245| 121|void GHASH::ghash_update(std::span x, std::span input) { 246| 121| BufferSlicer in(input); 247| 279| while(!in.empty()) { ------------------ | Branch (247:10): [True: 158, False: 121] ------------------ 248| 158| if(const auto one_block = m_buffer.handle_unaligned_data(in)) { ------------------ | Branch (248:21): [True: 0, False: 158] ------------------ 249| 0| ghash_multiply(x, one_block.value(), 1); 250| 0| } 251| | 252| 158| if(m_buffer.in_alignment()) { ------------------ | Branch (252:10): [True: 51, False: 107] ------------------ 253| 51| const auto [aligned_data, full_blocks] = m_buffer.aligned_data_to_process(in); 254| 51| if(full_blocks > 0) { ------------------ | Branch (254:13): [True: 51, False: 0] ------------------ 255| 51| ghash_multiply(x, aligned_data, full_blocks); 256| 51| } 257| 51| } 258| 158| } 259| 121| BOTAN_ASSERT_NOMSG(in.empty()); ------------------ | | 77| 121| do { \ | | 78| 121| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 121| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 121] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 121| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 121] | | ------------------ ------------------ 260| 121|} _ZN5Botan5GHASH13ghash_zeropadENSt3__14spanIhLm16EEE: 262| 122|void GHASH::ghash_zeropad(std::span x) { 263| 122| if(!m_buffer.in_alignment()) { ------------------ | Branch (263:7): [True: 107, False: 15] ------------------ 264| 107| m_buffer.fill_up_with_zeros(); 265| 107| ghash_multiply(x, m_buffer.consume(), 1); 266| 107| } 267| 122|} _ZN5Botan5GHASH17ghash_final_blockENSt3__14spanIhLm16EEEmm: 269| 61|void GHASH::ghash_final_block(std::span x, uint64_t ad_len, uint64_t text_len) { 270| 61| BOTAN_STATE_CHECK(m_buffer.in_alignment()); ------------------ | | 51| 61| do { \ | | 52| 61| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 61| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 61] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 61| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 61] | | ------------------ ------------------ 271| 61| const auto final_block = store_be(8 * ad_len, 8 * text_len); 272| 61| ghash_multiply(x, final_block, 1); 273| 61|} _ZN5Botan5GHASH20ghash_precompute_cpuEPKhRNSt3__16vectorImNS_16secure_allocatorImEEEE: 81| 62|void BOTAN_FN_ISA_CLMUL GHASH::ghash_precompute_cpu(const uint8_t H_bytes[16], secure_vector& H_pow) { 82| 62| const SIMD_4x32 H1 = mulx_polyval(reverse_vector(SIMD_4x32::load_le(H_bytes))); 83| 62| const SIMD_4x32 H2 = polyval_multiply(H1, H1); 84| 62| const SIMD_4x32 H3 = polyval_multiply(H1, H2); 85| 62| const SIMD_4x32 H4 = polyval_multiply(H2, H2); 86| | 87| 62| H_pow.reserve(2 * 8); 88| 62| H_pow.resize(2 * 4); 89| 62| H1.store_le(&H_pow[0]); // NOLINT(*-container-data-pointer) 90| 62| H2.store_le(&H_pow[2]); 91| 62| H3.store_le(&H_pow[4]); 92| 62| H4.store_le(&H_pow[6]); 93| 62|} _ZN5Botan5GHASH18ghash_multiply_cpuEPhRNSt3__16vectorImNS_16secure_allocatorImEEEEPKhm: 98| 219| size_t blocks) { 99| 219| BOTAN_ASSERT_NOMSG(H_pow.size() == 2 * 4 || H_pow.size() == 2 * 8); ------------------ | | 77| 219| do { \ | | 78| 219| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 278| if(!(expr)) { \ | | ------------------ | | | Branch (79:12): [True: 160, False: 59] | | | Branch (79:12): [True: 59, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 219| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 219] | | ------------------ ------------------ 100| | 101| 219| const SIMD_4x32 H1 = SIMD_4x32::load_le(&H_pow[0]); // NOLINT(*-container-data-pointer) 102| | 103| 219| SIMD_4x32 a = reverse_vector(SIMD_4x32::load_le(x)); 104| | 105| 219| if(blocks >= 8) { ------------------ | Branch (105:7): [True: 31, False: 188] ------------------ 106| 31| const SIMD_4x32 H2 = SIMD_4x32::load_le(&H_pow[2]); 107| 31| const SIMD_4x32 H3 = SIMD_4x32::load_le(&H_pow[4]); 108| 31| const SIMD_4x32 H4 = SIMD_4x32::load_le(&H_pow[6]); 109| | 110| 31| if(H_pow.size() < 2 * 8) { ------------------ | Branch (110:10): [True: 31, False: 0] ------------------ 111| 31| H_pow.resize(2 * 8); 112| 31| const SIMD_4x32 H5 = polyval_multiply(H4, H1); 113| 31| const SIMD_4x32 H6 = polyval_multiply(H4, H2); 114| 31| const SIMD_4x32 H7 = polyval_multiply(H4, H3); 115| 31| const SIMD_4x32 H8 = polyval_multiply(H4, H4); 116| 31| H5.store_le(&H_pow[8]); 117| 31| H6.store_le(&H_pow[10]); 118| 31| H7.store_le(&H_pow[12]); 119| 31| H8.store_le(&H_pow[14]); 120| 31| } 121| | 122| 31| const SIMD_4x32 H5 = SIMD_4x32::load_le(&H_pow[8]); 123| 31| const SIMD_4x32 H6 = SIMD_4x32::load_le(&H_pow[10]); 124| 31| const SIMD_4x32 H7 = SIMD_4x32::load_le(&H_pow[12]); 125| 31| const SIMD_4x32 H8 = SIMD_4x32::load_le(&H_pow[14]); 126| | 127| 260| while(blocks >= 8) { ------------------ | Branch (127:13): [True: 229, False: 31] ------------------ 128| 229| const SIMD_4x32 m0 = reverse_vector(SIMD_4x32::load_le(input)); 129| 229| const SIMD_4x32 m1 = reverse_vector(SIMD_4x32::load_le(input + 16 * 1)); 130| 229| const SIMD_4x32 m2 = reverse_vector(SIMD_4x32::load_le(input + 16 * 2)); 131| 229| const SIMD_4x32 m3 = reverse_vector(SIMD_4x32::load_le(input + 16 * 3)); 132| 229| const SIMD_4x32 m4 = reverse_vector(SIMD_4x32::load_le(input + 16 * 4)); 133| 229| const SIMD_4x32 m5 = reverse_vector(SIMD_4x32::load_le(input + 16 * 5)); 134| 229| const SIMD_4x32 m6 = reverse_vector(SIMD_4x32::load_le(input + 16 * 6)); 135| 229| const SIMD_4x32 m7 = reverse_vector(SIMD_4x32::load_le(input + 16 * 7)); 136| | 137| 229| a = polyval_multiply_x8(H1, H2, H3, H4, H5, H6, H7, H8, m7, m6, m5, m4, m3, m2, m1, m0 ^ a); 138| | 139| 229| input += 8 * 16; 140| 229| blocks -= 8; 141| 229| } 142| 31| } 143| | 144| 219| if(blocks >= 4) { ------------------ | Branch (144:7): [True: 23, False: 196] ------------------ 145| 23| const SIMD_4x32 H2 = SIMD_4x32::load_le(&H_pow[2]); 146| 23| const SIMD_4x32 H3 = SIMD_4x32::load_le(&H_pow[4]); 147| 23| const SIMD_4x32 H4 = SIMD_4x32::load_le(&H_pow[6]); 148| | 149| 46| while(blocks >= 4) { ------------------ | Branch (149:13): [True: 23, False: 23] ------------------ 150| 23| const SIMD_4x32 m0 = reverse_vector(SIMD_4x32::load_le(input)); 151| 23| const SIMD_4x32 m1 = reverse_vector(SIMD_4x32::load_le(input + 16 * 1)); 152| 23| const SIMD_4x32 m2 = reverse_vector(SIMD_4x32::load_le(input + 16 * 2)); 153| 23| const SIMD_4x32 m3 = reverse_vector(SIMD_4x32::load_le(input + 16 * 3)); 154| | 155| 23| a ^= m0; 156| 23| a = polyval_multiply_x4(H1, H2, H3, H4, m3, m2, m1, a); 157| | 158| 23| input += 4 * 16; 159| 23| blocks -= 4; 160| 23| } 161| 23| } 162| | 163| 467| for(size_t i = 0; i != blocks; ++i) { ------------------ | Branch (163:22): [True: 248, False: 219] ------------------ 164| 248| const SIMD_4x32 m = reverse_vector(SIMD_4x32::load_le(input + 16 * i)); 165| | 166| 248| a ^= m; 167| 248| a = polyval_multiply(H1, a); 168| 248| } 169| | 170| 219| a = reverse_vector(a); 171| 219| a.store_le(x); 172| 219|} ghash_cpu.cpp:_ZN5Botan12_GLOBAL__N_119polyval_multiply_x8ERKNS_9SIMD_4x32ES3_S3_S3_S3_S3_S3_S3_S3_S3_S3_S3_S3_S3_S3_S3_: 56| 229| const SIMD_4x32& X8) { 57| 229| const SIMD_4x32 lo = clmul<0x00>(H1, X1) ^ clmul<0x00>(H2, X2) ^ clmul<0x00>(H3, X3) ^ clmul<0x00>(H4, X4) ^ 58| 229| clmul<0x00>(H5, X5) ^ clmul<0x00>(H6, X6) ^ clmul<0x00>(H7, X7) ^ clmul<0x00>(H8, X8); 59| | 60| 229| const SIMD_4x32 hi = clmul<0x11>(H1, X1) ^ clmul<0x11>(H2, X2) ^ clmul<0x11>(H3, X3) ^ clmul<0x11>(H4, X4) ^ 61| 229| clmul<0x11>(H5, X5) ^ clmul<0x11>(H6, X6) ^ clmul<0x11>(H7, X7) ^ clmul<0x11>(H8, X8); 62| | 63| 229| SIMD_4x32 mid; 64| | 65| 229| mid ^= clmul<0x00>(H1 ^ H1.shift_elems_right<2>(), X1 ^ X1.shift_elems_right<2>()); 66| 229| mid ^= clmul<0x00>(H2 ^ H2.shift_elems_right<2>(), X2 ^ X2.shift_elems_right<2>()); 67| 229| mid ^= clmul<0x00>(H3 ^ H3.shift_elems_right<2>(), X3 ^ X3.shift_elems_right<2>()); 68| 229| mid ^= clmul<0x00>(H4 ^ H4.shift_elems_right<2>(), X4 ^ X4.shift_elems_right<2>()); 69| 229| mid ^= clmul<0x00>(H5 ^ H5.shift_elems_right<2>(), X5 ^ X5.shift_elems_right<2>()); 70| 229| mid ^= clmul<0x00>(H6 ^ H6.shift_elems_right<2>(), X6 ^ X6.shift_elems_right<2>()); 71| 229| mid ^= clmul<0x00>(H7 ^ H7.shift_elems_right<2>(), X7 ^ X7.shift_elems_right<2>()); 72| 229| mid ^= clmul<0x00>(H8 ^ H8.shift_elems_right<2>(), X8 ^ X8.shift_elems_right<2>()); 73| 229| mid ^= lo; 74| 229| mid ^= hi; 75| | 76| 229| return polyval_reduce(hi ^ mid.shift_elems_right<2>(), lo ^ mid.shift_elems_left<2>()); 77| 229|} ghash_cpu.cpp:_ZN5Botan12_GLOBAL__N_119polyval_multiply_x4ERKNS_9SIMD_4x32ES3_S3_S3_S3_S3_S3_S3_: 25| 23| const SIMD_4x32& X4) { 26| 23| const SIMD_4x32 lo = (clmul<0x00>(H1, X1) ^ clmul<0x00>(H2, X2)) ^ (clmul<0x00>(H3, X3) ^ clmul<0x00>(H4, X4)); 27| 23| const SIMD_4x32 hi = (clmul<0x11>(H1, X1) ^ clmul<0x11>(H2, X2)) ^ (clmul<0x11>(H3, X3) ^ clmul<0x11>(H4, X4)); 28| | 29| 23| SIMD_4x32 mid; 30| | 31| 23| mid ^= clmul<0x00>(H1 ^ H1.shift_elems_right<2>(), X1 ^ X1.shift_elems_right<2>()); 32| 23| mid ^= clmul<0x00>(H2 ^ H2.shift_elems_right<2>(), X2 ^ X2.shift_elems_right<2>()); 33| 23| mid ^= clmul<0x00>(H3 ^ H3.shift_elems_right<2>(), X3 ^ X3.shift_elems_right<2>()); 34| 23| mid ^= clmul<0x00>(H4 ^ H4.shift_elems_right<2>(), X4 ^ X4.shift_elems_right<2>()); 35| 23| mid ^= lo; 36| 23| mid ^= hi; 37| | 38| 23| return polyval_reduce(hi ^ mid.shift_elems_right<2>(), lo ^ mid.shift_elems_left<2>()); 39| 23|} _ZN5Botan19secure_scrub_memoryEPvm: 25| 1.74M|void secure_scrub_memory(void* ptr, size_t n) { 26| 1.74M| return secure_zeroize_buffer(ptr, n); 27| 1.74M|} _ZN5Botan21secure_zeroize_bufferEPvm: 29| 1.80M|void secure_zeroize_buffer(void* ptr, size_t n) { 30| 1.80M| if(n == 0) { ------------------ | Branch (30:7): [True: 675k, False: 1.12M] ------------------ 31| 675k| return; 32| 675k| } 33| | 34| |#if defined(BOTAN_TARGET_OS_HAS_RTLSECUREZEROMEMORY) 35| | ::RtlSecureZeroMemory(ptr, n); 36| | 37| |#elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_BZERO) 38| 1.12M| ::explicit_bzero(ptr, n); 39| | 40| |#elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_MEMSET) 41| | (void)::explicit_memset(ptr, 0, n); 42| | 43| |#else 44| | /* 45| | * Call memset through a static volatile pointer, which the compiler should 46| | * not elide. This construct should be safe in conforming compilers, but who 47| | * knows. This has been checked to generate the expected code, which saves the 48| | * memset address in the data segment and unconditionally loads and jumps to 49| | * that address, with the following targets: 50| | * 51| | * x86-64: Clang 19, GCC 6, 11, 13, 14 52| | * riscv64: GCC 14 53| | * aarch64: GCC 14 54| | * armv7: GCC 14 55| | * 56| | * Actually all of them generated the expected jump even without marking the 57| | * function pointer as volatile. However this seems worth including as an 58| | * additional precaution. 59| | */ 60| | static void* (*const volatile memset_ptr)(void*, int, size_t) = std::memset; 61| | (memset_ptr)(ptr, 0, n); 62| |#endif 63| 1.12M|} _ZN5Botan2OS14get_process_idEv: 76| 37.3k|uint32_t OS::get_process_id() { 77| 37.3k|#if defined(BOTAN_TARGET_OS_HAS_POSIX1) 78| 37.3k| return ::getpid(); 79| |#elif defined(BOTAN_TARGET_OS_HAS_WIN32) 80| | return ::GetCurrentProcessId(); 81| |#elif defined(BOTAN_TARGET_OS_IS_LLVM) || defined(BOTAN_TARGET_OS_IS_NONE) 82| | return 0; // truly no meaningful value 83| |#else 84| | #error "Missing get_process_id" 85| |#endif 86| 37.3k|} _ZN5Botan2OS17read_env_variableERNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS1_17basic_string_viewIcS4_EE: 448| 1|bool OS::read_env_variable(std::string& value_out, std::string_view name_view) { 449| 1| value_out = ""; 450| | 451| 1| if(running_in_privileged_state()) { ------------------ | Branch (451:7): [True: 0, False: 1] ------------------ 452| 0| return false; 453| 0| } 454| | 455| |#if defined(BOTAN_TARGET_OS_HAS_WIN32) && \ 456| | (defined(BOTAN_BUILD_COMPILER_IS_MSVC) || defined(BOTAN_BUILD_COMPILER_IS_CLANGCL)) 457| | const std::string name(name_view); 458| | char val[128] = {0}; 459| | size_t req_size = 0; 460| | if(getenv_s(&req_size, val, sizeof(val), name.c_str()) == 0) { 461| | // Microsoft's implementation always writes a terminating \0, 462| | // and includes it in the reported length of the environment variable 463| | // if a value exists. 464| | if(req_size > 0 && val[req_size - 1] == '\0') { 465| | value_out = std::string(val); 466| | } else { 467| | value_out = std::string(val, req_size); 468| | } 469| | return true; 470| | } 471| |#else 472| 1| const std::string name(name_view); 473| 1| if(const char* val = std::getenv(name.c_str())) { ------------------ | Branch (473:19): [True: 0, False: 1] ------------------ 474| 0| value_out = val; 475| 0| return true; 476| 0| } 477| 1|#endif 478| | 479| 1| return false; 480| 1|} os_utils.cpp:_ZN5Botan12_GLOBAL__N_110get_auxvalENSt3__18optionalImEE: 118| 1|std::optional get_auxval(std::optional id) { 119| 1| if(id) { ------------------ | Branch (119:7): [True: 1, False: 0] ------------------ 120| 1|#if defined(BOTAN_TARGET_OS_HAS_GETAUXVAL) 121| 1| return ::getauxval(*id); 122| |#elif defined(BOTAN_TARGET_OS_HAS_ELF_AUX_INFO) 123| | unsigned long auxinfo = 0; 124| | if(::elf_aux_info(static_cast(*id), &auxinfo, sizeof(auxinfo)) == 0) { 125| | return auxinfo; 126| | } 127| |#endif 128| 1| } 129| | 130| 0| return {}; 131| 1|} os_utils.cpp:_ZN5Botan12_GLOBAL__N_127running_in_privileged_stateEv: 152| 1|bool running_in_privileged_state() { 153| 1|#if defined(AT_SECURE) 154| 1| if(auto at_secure = get_auxval(AT_SECURE)) { ------------------ | Branch (154:12): [True: 1, False: 0] ------------------ 155| 1| return at_secure != 0; 156| 1| } 157| 0|#endif 158| | 159| 0|#if defined(BOTAN_TARGET_OS_HAS_POSIX1) 160| 0| return (::getuid() != ::geteuid()) || (::getgid() != ::getegid()); ------------------ | Branch (160:11): [True: 0, False: 0] | Branch (160:42): [True: 0, False: 0] ------------------ 161| |#else 162| | return false; 163| |#endif 164| 1|} _ZN5Botan9to_u32bitENSt3__117basic_string_viewIcNS0_11char_traitsIcEEEE: 30| 77.5k|uint32_t to_u32bit(std::string_view str_view) { 31| 77.5k| const std::string str(str_view); 32| | 33| | // std::stoul is not strict enough. Ensure that str is digit only [0-9]* 34| 155k| for(const char chr : str) { ------------------ | Branch (34:23): [True: 155k, False: 77.5k] ------------------ 35| 155k| if(chr < '0' || chr > '9') { ------------------ | Branch (35:10): [True: 0, False: 155k] | Branch (35:23): [True: 0, False: 155k] ------------------ 36| 0| throw Invalid_Argument("to_u32bit invalid decimal string '" + str + "'"); 37| 0| } 38| 155k| } 39| | 40| 77.5k| const unsigned long int x = std::stoul(str); 41| | 42| 77.5k| if constexpr(sizeof(unsigned long int) > 4) { 43| | // x might be uint64 44| 77.5k| if(x > std::numeric_limits::max()) { ------------------ | Branch (44:10): [True: 0, False: 77.5k] ------------------ 45| 0| throw Invalid_Argument("Integer value of " + str + " exceeds 32 bit range"); 46| 0| } 47| 77.5k| } 48| | 49| 77.5k| return static_cast(x); 50| 77.5k|} _ZN5Botan20parse_algorithm_nameENSt3__117basic_string_viewIcNS0_11char_traitsIcEEEE: 55| 176|std::vector parse_algorithm_name(std::string_view scan_name) { 56| 176| if(scan_name.find('(') == std::string::npos && scan_name.find(')') == std::string::npos) { ------------------ | Branch (56:7): [True: 74, False: 102] | Branch (56:51): [True: 74, False: 0] ------------------ 57| 74| return {std::string(scan_name)}; 58| 74| } 59| | 60| 102| std::string name(scan_name); 61| 102| std::string substring; 62| 102| std::vector elems; 63| 102| size_t level = 0; 64| | 65| 102| elems.push_back(name.substr(0, name.find('('))); 66| 102| name = name.substr(name.find('(')); 67| | 68| 386| for(auto i = name.begin(); i != name.end(); ++i) { ------------------ | Branch (68:31): [True: 386, False: 0] ------------------ 69| 386| const char c = *i; 70| | 71| 386| if(c == '(') { ------------------ | Branch (71:10): [True: 102, False: 284] ------------------ 72| 102| ++level; 73| 102| } 74| 386| if(c == ')') { ------------------ | Branch (74:10): [True: 102, False: 284] ------------------ 75| 102| if(level == 1 && i == name.end() - 1) { ------------------ | Branch (75:13): [True: 102, False: 0] | Branch (75:13): [True: 102, False: 0] | Branch (75:27): [True: 102, False: 0] ------------------ 76| 102| if(elems.size() == 1) { ------------------ | Branch (76:16): [True: 102, False: 0] ------------------ 77| 102| elems.push_back(substring.substr(1)); 78| 102| } else { 79| 0| elems.push_back(substring); 80| 0| } 81| 102| return elems; 82| 102| } 83| | 84| 0| if(level == 0 || (level == 1 && i != name.end() - 1)) { ------------------ | Branch (84:13): [True: 0, False: 0] | Branch (84:13): [True: 0, False: 0] | Branch (84:28): [True: 0, False: 0] | Branch (84:42): [True: 0, False: 0] ------------------ 85| 0| throw Invalid_Algorithm_Name(scan_name); 86| 0| } 87| 0| --level; 88| 0| } 89| | 90| 284| if(c == ',' && level == 1) { ------------------ | Branch (90:10): [True: 0, False: 284] | Branch (90:22): [True: 0, False: 0] ------------------ 91| 0| if(elems.size() == 1) { ------------------ | Branch (91:13): [True: 0, False: 0] ------------------ 92| 0| elems.push_back(substring.substr(1)); 93| 0| } else { 94| 0| elems.push_back(substring); 95| 0| } 96| 0| substring.clear(); 97| 284| } else { 98| 284| substring += c; 99| 284| } 100| 284| } 101| | 102| 0| if(!substring.empty()) { ------------------ | Branch (102:7): [True: 0, False: 0] ------------------ 103| 0| throw Invalid_Algorithm_Name(scan_name); 104| 0| } 105| | 106| 0| return elems; 107| 0|} _ZN5Botan8split_onENSt3__117basic_string_viewIcNS0_11char_traitsIcEEEEc: 109| 6.63k|std::vector split_on(std::string_view str, char delim) { 110| 6.63k| std::vector elems; 111| 6.63k| if(str.empty()) { ------------------ | Branch (111:7): [True: 0, False: 6.63k] ------------------ 112| 0| return elems; 113| 0| } 114| | 115| 6.63k| std::string substr; 116| 34.6k| for(const char c : str) { ------------------ | Branch (116:21): [True: 34.6k, False: 6.63k] ------------------ 117| 34.6k| if(c == delim) { ------------------ | Branch (117:10): [True: 176, False: 34.4k] ------------------ 118| 176| if(!substr.empty()) { ------------------ | Branch (118:13): [True: 176, False: 0] ------------------ 119| 176| elems.push_back(substr); 120| 176| } 121| 176| substr.clear(); 122| 34.4k| } else { 123| 34.4k| substr += c; 124| 34.4k| } 125| 34.6k| } 126| | 127| 6.63k| if(substr.empty()) { ------------------ | Branch (127:7): [True: 0, False: 6.63k] ------------------ 128| 0| throw Invalid_Argument(fmt("Unable to split string '{}", str)); 129| 0| } 130| 6.63k| elems.push_back(substr); 131| | 132| 6.63k| return elems; 133| 6.63k|} _ZN5Botan31check_and_canonicalize_dns_nameENSt3__117basic_string_viewIcNS0_11char_traitsIcEEEE: 393| 6.45k|std::string check_and_canonicalize_dns_name(std::string_view name) { 394| 6.45k| if(name.size() > 255) { ------------------ | Branch (394:7): [True: 0, False: 6.45k] ------------------ 395| 0| throw Decoding_Error("DNS name exceeds maximum allowed length"); 396| 0| } 397| | 398| 6.45k| if(name.empty()) { ------------------ | Branch (398:7): [True: 0, False: 6.45k] ------------------ 399| 0| throw Decoding_Error("DNS name cannot be empty"); 400| 0| } 401| | 402| 6.45k| if(name.starts_with(".") || name.ends_with(".")) { ------------------ | Branch (402:7): [True: 0, False: 6.45k] | Branch (402:32): [True: 0, False: 6.45k] ------------------ 403| 0| throw Decoding_Error("DNS name cannot start or end with a dot"); 404| 0| } 405| | 406| | /* 407| | * Table mapping uppercase to lowercase and only including values for valid DNS names 408| | * namely A-Z, a-z, 0-9, hyphen, and dot, plus '*' for wildcarding. (RFC 1035) 409| | */ 410| | // clang-format off 411| 6.45k| constexpr uint8_t DNS_CHAR_MAPPING[128] = { 412| 6.45k| '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', 413| 6.45k| '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', 414| 6.45k| '\0', '\0', '\0', '\0', '*', '\0', '\0', '-', '.', '\0', '0', '1', '2', '3', '4', '5', '6', '7', '8', 415| 6.45k| '9', '\0', '\0', '\0', '\0', '\0', '\0', '\0', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 416| 6.45k| 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '\0', '\0', '\0', '\0', 417| 6.45k| '\0', '\0', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 418| 6.45k| 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '\0', '\0', '\0', '\0', '\0', 419| 6.45k| }; 420| | // clang-format on 421| | 422| 6.45k| std::string canon; 423| 6.45k| canon.reserve(name.size()); 424| | 425| | // RFC 1035: DNS labels must not exceed 63 characters 426| 6.45k| size_t current_label_length = 0; 427| | 428| 64.5k| for(size_t i = 0; i != name.size(); ++i) { ------------------ | Branch (428:22): [True: 58.1k, False: 6.45k] ------------------ 429| 58.1k| const char c = name[i]; 430| | 431| 58.1k| if(c == '.') { ------------------ | Branch (431:10): [True: 0, False: 58.1k] ------------------ 432| 0| if(i > 0 && name[i - 1] == '.') { ------------------ | Branch (432:13): [True: 0, False: 0] | Branch (432:22): [True: 0, False: 0] ------------------ 433| 0| throw Decoding_Error("DNS name contains sequential period chars"); 434| 0| } 435| | 436| 0| if(current_label_length == 0) { ------------------ | Branch (436:13): [True: 0, False: 0] ------------------ 437| 0| throw Decoding_Error("DNS name contains empty label"); 438| 0| } 439| 0| current_label_length = 0; // Reset for next label 440| 58.1k| } else { 441| 58.1k| current_label_length++; 442| | 443| 58.1k| if(current_label_length > 63) { // RFC 1035 Maximum DNS label length ------------------ | Branch (443:13): [True: 0, False: 58.1k] ------------------ 444| 0| throw Decoding_Error("DNS name label exceeds maximum length of 63 characters"); 445| 0| } 446| 58.1k| } 447| | 448| 58.1k| const uint8_t cu = static_cast(c); 449| 58.1k| if(cu >= 128) { ------------------ | Branch (449:10): [True: 0, False: 58.1k] ------------------ 450| 0| throw Decoding_Error("DNS name must not contain any extended ASCII code points"); 451| 0| } 452| 58.1k| const uint8_t mapped = DNS_CHAR_MAPPING[cu]; 453| 58.1k| if(mapped == 0) { ------------------ | Branch (453:10): [True: 0, False: 58.1k] ------------------ 454| 0| throw Decoding_Error("DNS name includes invalid character"); 455| 0| } 456| | 457| 58.1k| if(mapped == '-') { ------------------ | Branch (457:10): [True: 0, False: 58.1k] ------------------ 458| 0| if(i == 0 || (i > 0 && name[i - 1] == '.')) { ------------------ | Branch (458:13): [True: 0, False: 0] | Branch (458:24): [True: 0, False: 0] | Branch (458:33): [True: 0, False: 0] ------------------ 459| 0| throw Decoding_Error("DNS name has label with leading hyphen"); 460| 0| } else if(i == name.size() - 1 || (i < name.size() - 1 && name[i + 1] == '.')) { ------------------ | Branch (460:20): [True: 0, False: 0] | Branch (460:45): [True: 0, False: 0] | Branch (460:68): [True: 0, False: 0] ------------------ 461| 0| throw Decoding_Error("DNS name has label with trailing hyphen"); 462| 0| } 463| 0| } 464| 58.1k| canon.push_back(static_cast(mapped)); 465| 58.1k| } 466| | 467| 6.45k| if(current_label_length == 0) { ------------------ | Branch (467:7): [True: 0, False: 6.45k] ------------------ 468| 0| throw Decoding_Error("DNS name contains empty label"); 469| 0| } 470| 6.45k| return canon; 471| 6.45k|} _ZN5Botan13poly_double_nEPhPKhm: 81| 723|void poly_double_n(uint8_t out[], const uint8_t in[], size_t n) { 82| 723| switch(n) { 83| 0| case 8: ------------------ | Branch (83:7): [True: 0, False: 723] ------------------ 84| 0| return poly_double<1, MinWeightPolynomial::P64>(out, in); 85| 723| case 16: ------------------ | Branch (85:7): [True: 723, False: 0] ------------------ 86| 723| return poly_double<2, MinWeightPolynomial::P128>(out, in); 87| 0| case 24: ------------------ | Branch (87:7): [True: 0, False: 723] ------------------ 88| 0| return poly_double<3, MinWeightPolynomial::P192>(out, in); 89| 0| case 32: ------------------ | Branch (89:7): [True: 0, False: 723] ------------------ 90| 0| return poly_double<4, MinWeightPolynomial::P256>(out, in); 91| 0| case 64: ------------------ | Branch (91:7): [True: 0, False: 723] ------------------ 92| 0| return poly_double<8, MinWeightPolynomial::P512>(out, in); 93| 0| case 128: ------------------ | Branch (93:7): [True: 0, False: 723] ------------------ 94| 0| return poly_double<16, MinWeightPolynomial::P1024>(out, in); 95| 0| default: ------------------ | Branch (95:7): [True: 0, False: 723] ------------------ 96| 0| throw Invalid_Argument("Unsupported size for poly_double_n"); 97| 723| } 98| 723|} poly_dbl.cpp:_ZN5Botan12_GLOBAL__N_111poly_doubleILm2ELNS0_19MinWeightPolynomialE135EEEvPhPKh: 44| 723|void poly_double(uint8_t out[], const uint8_t in[]) { 45| 723| uint64_t W[LIMBS]; 46| 723| load_be(W, in, LIMBS); 47| | 48| 723| const uint64_t carry = return_carry

(W[0]); 49| | 50| 723| if constexpr(LIMBS > 0) { 51| 1.44k| for(size_t i = 0; i != LIMBS - 1; ++i) { ------------------ | Branch (51:25): [True: 723, False: 723] ------------------ 52| 723| W[i] = (W[i] << 1) ^ (W[i + 1] >> 63); 53| 723| } 54| 723| } 55| | 56| 723| W[LIMBS - 1] = (W[LIMBS - 1] << 1) ^ carry; 57| | 58| 723| copy_out_be(std::span(out, LIMBS * 8), W); 59| 723|} poly_dbl.cpp:_ZN5Botan12_GLOBAL__N_112return_carryILNS0_19MinWeightPolynomialE135EEEmm: 39| 723|inline uint64_t return_carry(uint64_t c) { 40| 723| return CT::Mask::expand_top_bit(c).if_set_return(static_cast(P)); 41| 723|} _ZN5Botan9SCAN_NameC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 58| 12.6k|SCAN_Name::SCAN_Name(std::string_view algo_spec) : m_orig_algo_spec(algo_spec) { 59| 12.6k| if(algo_spec.empty()) { ------------------ | Branch (59:7): [True: 0, False: 12.6k] ------------------ 60| 0| throw Invalid_Argument("Expected algorithm name, got empty string"); 61| 0| } 62| | 63| 12.6k| std::vector> name; 64| 12.6k| size_t level = 0; 65| 12.6k| std::pair accum = std::make_pair(level, ""); 66| | 67| 12.6k| const std::string decoding_error = "Bad SCAN name '" + m_orig_algo_spec + "': "; 68| | 69| 173k| for(const char c : algo_spec) { ------------------ | Branch (69:21): [True: 173k, False: 12.6k] ------------------ 70| 173k| if(c == '/' || c == ',' || c == '(' || c == ')') { ------------------ | Branch (70:10): [True: 0, False: 173k] | Branch (70:22): [True: 102, False: 173k] | Branch (70:34): [True: 12.6k, False: 161k] | Branch (70:46): [True: 12.6k, False: 148k] ------------------ 71| 25.4k| if(c == '(') { ------------------ | Branch (71:13): [True: 12.6k, False: 12.7k] ------------------ 72| 12.6k| ++level; 73| 12.7k| } else if(c == ')') { ------------------ | Branch (73:20): [True: 12.6k, False: 102] ------------------ 74| 12.6k| if(level == 0) { ------------------ | Branch (74:16): [True: 0, False: 12.6k] ------------------ 75| 0| throw Decoding_Error(decoding_error + "Mismatched parens"); 76| 0| } 77| 12.6k| --level; 78| 12.6k| } 79| | 80| 25.4k| if(c == '/' && level > 0) { ------------------ | Branch (80:13): [True: 0, False: 25.4k] | Branch (80:25): [True: 0, False: 0] ------------------ 81| 0| accum.second.push_back(c); 82| 25.4k| } else { 83| 25.4k| if(!accum.second.empty()) { ------------------ | Branch (83:16): [True: 25.4k, False: 0] ------------------ 84| 25.4k| name.push_back(accum); 85| 25.4k| } 86| 25.4k| accum = std::make_pair(level, ""); 87| 25.4k| } 88| 148k| } else { 89| 148k| accum.second.push_back(c); 90| 148k| } 91| 173k| } 92| | 93| 12.6k| if(!accum.second.empty()) { ------------------ | Branch (93:7): [True: 0, False: 12.6k] ------------------ 94| 0| name.push_back(accum); 95| 0| } 96| | 97| 12.6k| if(level != 0) { ------------------ | Branch (97:7): [True: 0, False: 12.6k] ------------------ 98| 0| throw Decoding_Error(decoding_error + "Missing close paren"); 99| 0| } 100| | 101| 12.6k| if(name.empty()) { ------------------ | Branch (101:7): [True: 0, False: 12.6k] ------------------ 102| 0| throw Decoding_Error(decoding_error + "Empty name"); 103| 0| } 104| | 105| 12.6k| m_alg_name = name[0].second; 106| | 107| 12.6k| bool in_modes = false; 108| | 109| 25.4k| for(size_t i = 1; i != name.size(); ++i) { ------------------ | Branch (109:22): [True: 12.7k, False: 12.6k] ------------------ 110| 12.7k| if(name[i].first == 0) { ------------------ | Branch (110:10): [True: 0, False: 12.7k] ------------------ 111| 0| m_mode_info.push_back(make_arg(name, i)); 112| 0| in_modes = true; 113| 12.7k| } else if(name[i].first == 1 && !in_modes) { ------------------ | Branch (113:17): [True: 12.7k, False: 0] | Branch (113:39): [True: 12.7k, False: 0] ------------------ 114| 12.7k| m_args.push_back(make_arg(name, i)); 115| 12.7k| } 116| 12.7k| } 117| 12.6k|} _ZNK5Botan9SCAN_Name3argEm: 119| 12.6k|std::string SCAN_Name::arg(size_t i) const { 120| 12.6k| if(i >= arg_count()) { ------------------ | Branch (120:7): [True: 0, False: 12.6k] ------------------ 121| 0| throw Invalid_Argument("SCAN_Name::arg " + std::to_string(i) + " out of range for '" + to_string() + "'"); 122| 0| } 123| 12.6k| return m_args[i]; 124| 12.6k|} _ZNK5Botan9SCAN_Name14arg_as_integerEmm: 133| 211|size_t SCAN_Name::arg_as_integer(size_t i, size_t def_value) const { 134| 211| if(i >= arg_count()) { ------------------ | Branch (134:7): [True: 108, False: 103] ------------------ 135| 108| return def_value; 136| 108| } 137| 103| return to_u32bit(m_args[i]); 138| 211|} scan_name.cpp:_ZN5Botan12_GLOBAL__N_18make_argERKNSt3__16vectorINS1_4pairImNS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEEENS7_ISA_EEEEm: 17| 12.7k|std::string make_arg(const std::vector>& name, size_t start) { 18| 12.7k| std::string output = name[start].second; 19| 12.7k| size_t level = name[start].first; 20| | 21| 12.7k| size_t paren_depth = 0; 22| | 23| 12.7k| for(size_t i = start + 1; i != name.size(); ++i) { ------------------ | Branch (23:30): [True: 102, False: 12.6k] ------------------ 24| 102| if(name[i].first <= name[start].first) { ------------------ | Branch (24:10): [True: 102, False: 0] ------------------ 25| 102| break; 26| 102| } 27| | 28| 0| if(name[i].first > level) { ------------------ | Branch (28:10): [True: 0, False: 0] ------------------ 29| 0| output += "(" + name[i].second; 30| 0| ++paren_depth; 31| 0| } else if(name[i].first < level) { ------------------ | Branch (31:17): [True: 0, False: 0] ------------------ 32| 0| for(size_t j = name[i].first; j < level; j++) { ------------------ | Branch (32:40): [True: 0, False: 0] ------------------ 33| 0| output += ")"; 34| 0| --paren_depth; 35| 0| } 36| 0| output += "," + name[i].second; 37| 0| } else { 38| 0| if(output[output.size() - 1] != '(') { ------------------ | Branch (38:13): [True: 0, False: 0] ------------------ 39| 0| output += ","; 40| 0| } 41| 0| output += name[i].second; 42| 0| } 43| | 44| 0| level = name[i].first; 45| 0| } 46| | 47| 12.7k| for(size_t i = 0; i != paren_depth; ++i) { ------------------ | Branch (47:22): [True: 0, False: 12.7k] ------------------ 48| 0| output += ")"; 49| 0| } 50| | 51| 12.7k| return output; 52| 12.7k|} _ZNK5Botan15AlternativeName5countEv: 62| 6.45k|size_t AlternativeName::count() const { 63| 6.45k| const auto sum = checked_add(m_dns.size(), 64| 6.45k| m_uri.size(), 65| 6.45k| m_email.size(), 66| 6.45k| m_ipv4_addr.size(), 67| 6.45k| m_ipv6_addr.size(), 68| 6.45k| m_dn_names.size(), 69| 6.45k| m_other_name_values.size(), 70| 6.45k| m_registered_ids.size()); 71| | 72| 6.45k| BOTAN_ASSERT_NOMSG(sum.has_value()); ------------------ | | 77| 6.45k| do { \ | | 78| 6.45k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 6.45k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 6.45k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 6.45k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 6.45k] | | ------------------ ------------------ 73| 6.45k| return sum.value(); 74| 6.45k|} _ZNK5Botan15AlternativeName9has_itemsEv: 76| 6.45k|bool AlternativeName::has_items() const { 77| 6.45k| return this->count() > 0; 78| 6.45k|} _ZN5Botan15AlternativeName11decode_fromERNS_11BER_DecoderE: 144| 6.45k|void AlternativeName::decode_from(BER_Decoder& source) { 145| 6.45k| BER_Decoder names = source.start_sequence(); 146| | 147| 12.9k| while(names.more_items()) { ------------------ | Branch (147:10): [True: 6.45k, False: 6.45k] ------------------ 148| 6.45k| const BER_Object obj = names.get_next_object(); 149| | 150| 6.45k| if(obj.is_a(0, ASN1_Class::ExplicitContextSpecific)) { ------------------ | Branch (150:10): [True: 0, False: 6.45k] ------------------ 151| 0| BER_Decoder othername(obj, names.limits()); 152| | 153| 0| OID oid; 154| 0| othername.decode(oid); 155| 0| if(othername.more_items()) { ------------------ | Branch (155:13): [True: 0, False: 0] ------------------ 156| 0| const BER_Object othername_value_outer = othername.get_next_object(); 157| 0| othername.verify_end(); 158| | 159| 0| if(!othername_value_outer.is_a(0, ASN1_Class::ExplicitContextSpecific)) { ------------------ | Branch (159:16): [True: 0, False: 0] ------------------ 160| 0| throw Decoding_Error("Invalid tags on otherName value"); 161| 0| } 162| | 163| 0| BER_Decoder othername_value_inner(othername_value_outer, names.limits()); 164| | 165| 0| const BER_Object value = othername_value_inner.get_next_object(); 166| 0| othername_value_inner.verify_end(); 167| | 168| | // Capture the inner ANY value verbatim so applications can retrieve 169| | // it regardless of its ASN.1 form. 170| 0| std::vector raw_value; 171| 0| DER_Encoder(raw_value).add_object(value.type_tag(), value.class_tag(), value.data()); 172| 0| m_other_name_values.insert(OtherNameValue{oid, std::move(raw_value)}); 173| | 174| | // Populate old string view for compatibility 175| 0| if(ASN1_String::is_string_type(value.type()) && value.get_class() == ASN1_Class::Universal) { ------------------ | Branch (175:16): [True: 0, False: 0] | Branch (175:61): [True: 0, False: 0] ------------------ 176| 0| try { 177| 0| m_othernames.insert(std::make_pair(oid, ASN1_String(ASN1::to_string(value), value.type()))); 178| 0| } catch(const Invalid_Argument&) { // NOLINT(*-empty-catch) 179| 0| } 180| 0| } 181| 0| } 182| 6.45k| } else if(obj.is_a(1, ASN1_Class::ContextSpecific)) { ------------------ | Branch (182:17): [True: 0, False: 6.45k] ------------------ 183| 0| add_email(ASN1::to_string(obj)); 184| 6.45k| } else if(obj.is_a(2, ASN1_Class::ContextSpecific)) { ------------------ | Branch (184:17): [True: 6.45k, False: 0] ------------------ 185| 6.45k| m_dns.insert(check_and_canonicalize_dns_name(ASN1::to_string(obj))); 186| 6.45k| } else if(obj.is_a(4, ASN1_Class::ContextSpecific | ASN1_Class::Constructed)) { ------------------ | Branch (186:17): [True: 0, False: 0] ------------------ 187| 0| BER_Decoder dec(obj, names.limits()); 188| 0| X509_DN dn; 189| 0| dec.decode(dn).verify_end(); 190| 0| this->add_dn(dn); 191| 0| } else if(obj.is_a(6, ASN1_Class::ContextSpecific)) { ------------------ | Branch (191:17): [True: 0, False: 0] ------------------ 192| 0| this->add_uri(ASN1::to_string(obj)); 193| 0| } else if(obj.is_a(7, ASN1_Class::ContextSpecific)) { ------------------ | Branch (193:17): [True: 0, False: 0] ------------------ 194| 0| if(obj.length() == 4) { ------------------ | Branch (194:13): [True: 0, False: 0] ------------------ 195| 0| const uint32_t ip = load_be(obj.bits(), 0); 196| 0| this->add_ipv4_address(ip); 197| 0| } else if(obj.length() == 16) { ------------------ | Branch (197:20): [True: 0, False: 0] ------------------ 198| 0| const IPv6Address ip(std::span{obj.bits(), 16}); 199| 0| this->add_ipv6_address(ip); 200| 0| } else { 201| 0| throw Decoding_Error("Invalid IP constraint neither IPv4 or IPv6"); 202| 0| } 203| 0| } else if(obj.is_a(8, ASN1_Class::ContextSpecific)) { ------------------ | Branch (203:17): [True: 0, False: 0] ------------------ 204| | // [8] registeredID is IMPLICIT OBJECT IDENTIFIER. 205| 0| OID oid; 206| 0| names.decode_implicit(obj, oid, ASN1_Type::ObjectId, ASN1_Class::Universal); 207| 0| this->add_registered_id(oid); 208| 0| } 209| 6.45k| } 210| 6.45k|} _ZN5Botan13x500_name_cmpENSt3__117basic_string_viewIcNS0_11char_traitsIcEEEES4_: 82| 19.3k|bool x500_name_cmp(std::string_view name1, std::string_view name2) { 83| 19.3k| X500_Char_Iterator it1(name1); 84| 19.3k| X500_Char_Iterator it2(name2); 85| | 86| 174k| while(true) { ------------------ | Branch (86:10): [True: 174k, Folded] ------------------ 87| 174k| const auto c1 = it1.next(); 88| 174k| const auto c2 = it2.next(); 89| | 90| 174k| if(c1 != c2) { ------------------ | Branch (90:10): [True: 0, False: 174k] ------------------ 91| 0| return false; 92| 0| } 93| 174k| if(!c1.has_value() && !c2.has_value()) { ------------------ | Branch (93:10): [True: 19.3k, False: 154k] | Branch (93:29): [True: 19.3k, False: 0] ------------------ 94| 19.3k| return true; 95| 19.3k| } 96| 174k| } 97| 19.3k|} _ZN5Botan7X509_DN13add_attributeERKNS_3OIDERKNS_11ASN1_StringE: 109| 38.7k|void X509_DN::add_attribute(const OID& oid, const ASN1_String& str) { 110| 38.7k| if(str.empty()) { ------------------ | Branch (110:7): [True: 4, False: 38.7k] ------------------ 111| 4| return; 112| 4| } 113| | 114| 38.7k| m_rdn.push_back(std::make_pair(oid, str)); 115| 38.7k| m_dn_bits.clear(); 116| 38.7k|} _ZNK5Botan7X509_DN14get_attributesEv: 121| 12.9k|std::multimap X509_DN::get_attributes() const { 122| 12.9k| std::multimap retval; 123| | 124| 38.7k| for(const auto& i : m_rdn) { ------------------ | Branch (124:22): [True: 38.7k, False: 12.9k] ------------------ 125| 38.7k| retval.emplace(i.first, i.second.value()); 126| 38.7k| } 127| 12.9k| return retval; 128| 12.9k|} _ZN5BotaneqERKNS_7X509_DNES2_: 229| 6.45k|bool operator==(const X509_DN& dn1, const X509_DN& dn2) { 230| 6.45k| auto attr1 = dn1.get_attributes(); 231| 6.45k| auto attr2 = dn2.get_attributes(); 232| | 233| 6.45k| if(attr1.size() != attr2.size()) { ------------------ | Branch (233:7): [True: 0, False: 6.45k] ------------------ 234| 0| return false; 235| 0| } 236| | 237| 6.45k| auto p1 = attr1.begin(); 238| 6.45k| auto p2 = attr2.begin(); 239| | 240| 25.8k| while(true) { ------------------ | Branch (240:10): [True: 25.8k, Folded] ------------------ 241| 25.8k| if(p1 == attr1.end() && p2 == attr2.end()) { ------------------ | Branch (241:10): [True: 6.45k, False: 19.3k] | Branch (241:10): [True: 6.45k, False: 19.3k] | Branch (241:31): [True: 6.45k, False: 0] ------------------ 242| 6.45k| break; 243| 6.45k| } 244| 19.3k| if(p1 == attr1.end()) { ------------------ | Branch (244:10): [True: 0, False: 19.3k] ------------------ 245| 0| return false; 246| 0| } 247| 19.3k| if(p2 == attr2.end()) { ------------------ | Branch (247:10): [True: 0, False: 19.3k] ------------------ 248| 0| return false; 249| 0| } 250| 19.3k| if(p1->first != p2->first) { ------------------ | Branch (250:10): [True: 0, False: 19.3k] ------------------ 251| 0| return false; 252| 0| } 253| 19.3k| if(!x500_name_cmp(p1->second, p2->second)) { ------------------ | Branch (253:10): [True: 0, False: 19.3k] ------------------ 254| 0| return false; 255| 0| } 256| 19.3k| ++p1; 257| 19.3k| ++p2; 258| 19.3k| } 259| 6.45k| return true; 260| 6.45k|} _ZN5Botan7X509_DN11decode_fromERNS_11BER_DecoderE: 338| 13.2k|void X509_DN::decode_from(BER_Decoder& source) { 339| 13.2k| std::vector bits; 340| | 341| 13.2k| source.start_sequence().raw_bytes(bits).end_cons(); 342| | 343| 13.2k| BER_Decoder sequence(bits, source.limits()); 344| | 345| 13.2k| m_rdn.clear(); 346| | 347| 52.3k| while(sequence.more_items()) { ------------------ | Branch (347:10): [True: 39.0k, False: 13.2k] ------------------ 348| 39.0k| BER_Decoder rdn = sequence.start_set(); 349| | 350| 78.0k| while(rdn.more_items()) { ------------------ | Branch (350:13): [True: 38.9k, False: 39.0k] ------------------ 351| 38.9k| OID oid; 352| 38.9k| ASN1_String str; 353| | 354| 38.9k| rdn.start_sequence() 355| 38.9k| .decode(oid) 356| 38.9k| .decode(str) // TODO support Any 357| 38.9k| .end_cons(); 358| | 359| 38.9k| add_attribute(oid, str); 360| 38.9k| } 361| 39.0k| } 362| | 363| | // Have to assign last as add_attribute zaps m_dn_bits 364| 13.2k| m_dn_bits = bits; 365| 13.2k|} x509_dn.cpp:_ZN5Botan12_GLOBAL__N_118X500_Char_IteratorC2ENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 30| 38.7k| explicit X500_Char_Iterator(std::string_view s) : m_str(s), m_pos(0) { 31| | // Skip leading whitespace 32| 38.7k| while(m_pos < m_str.size() && is_space(m_str[m_pos])) { ------------------ | Branch (32:16): [True: 38.7k, False: 0] | Branch (32:40): [True: 0, False: 38.7k] ------------------ 33| 0| ++m_pos; 34| 0| } 35| 38.7k| } x509_dn.cpp:_ZN5Botan12_GLOBAL__N_118X500_Char_Iterator4nextEv: 38| 348k| std::optional next() { 39| 348k| if(m_pos >= m_str.size()) { ------------------ | Branch (39:13): [True: 38.7k, False: 309k] ------------------ 40| 38.7k| return std::nullopt; 41| 38.7k| } 42| | 43| 309k| if(is_space(m_str[m_pos])) { ------------------ | Branch (43:13): [True: 25.8k, False: 284k] ------------------ 44| | // Skip the entire whitespace run 45| 51.6k| while(m_pos < m_str.size() && is_space(m_str[m_pos])) { ------------------ | Branch (45:19): [True: 51.6k, False: 0] | Branch (45:43): [True: 25.8k, False: 25.8k] ------------------ 46| 25.8k| ++m_pos; 47| 25.8k| } 48| | // Emit a single space only if more content follows (strip trailing ws) 49| 25.8k| if(m_pos < m_str.size()) { ------------------ | Branch (49:16): [True: 25.8k, False: 0] ------------------ 50| 25.8k| return ' '; 51| 25.8k| } 52| 0| return std::nullopt; 53| 25.8k| } 54| | 55| 284k| const char c = m_str[m_pos++]; 56| | // Locale-independent ASCII fold; RFC 5280 DN matching does not depend on libc locale 57| 284k| if(c >= 'A' && c <= 'Z') { ------------------ | Branch (57:13): [True: 271k, False: 12.9k] | Branch (57:25): [True: 77.4k, False: 193k] ------------------ 58| 77.4k| return static_cast(c + ('a' - 'A')); 59| 77.4k| } 60| 206k| return c; 61| 284k| } x509_dn.cpp:_ZN5Botan12_GLOBAL__N_18is_spaceEc: 21| 400k|bool is_space(char c) { 22| 400k| return c == ' ' || c == '\t'; ------------------ | Branch (22:11): [True: 51.6k, False: 348k] | Branch (22:23): [True: 0, False: 348k] ------------------ 23| 400k|} _ZN5Botan10Extensions15create_extn_objERKNS_3OIDEbRKNSt3__16vectorIhNS4_9allocatorIhEEEE: 130| 25.8k| const std::vector& body) { 131| 25.8k| auto extn = extension_from_oid(oid); 132| | 133| 25.8k| if(!extn) { ------------------ | Branch (133:7): [True: 0, False: 25.8k] ------------------ 134| | // some other unknown extension type 135| 0| extn = std::make_unique(oid, critical); 136| 25.8k| } else { 137| 25.8k| try { 138| 25.8k| extn->decode_inner(body); 139| 25.8k| return extn; 140| 25.8k| } catch(const Exception&) { 141| | // OID was recognized but contents failed to decode 142| 0| extn = std::make_unique(oid, critical, /*failed_to_decode=*/true); 143| 0| } 144| 25.8k| } 145| | 146| | // This is always Unknown_Extension: 147| 0| extn->decode_inner(body); 148| 0| return extn; 149| 25.8k|} _ZNK5Botan10Extensions15Extensions_Info3objEv: 151| 25.8k|const Certificate_Extension& Extensions::Extensions_Info::obj() const { 152| 25.8k| BOTAN_ASSERT_NONNULL(m_obj.get()); ------------------ | | 116| 25.8k| do { \ | | 117| 25.8k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 25.8k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 25.8k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 25.8k] | | ------------------ ------------------ 153| 25.8k| return *m_obj; 154| 25.8k|} _ZNK5Botan10Extensions13extension_setERKNS_3OIDE: 213| 6.45k|bool Extensions::extension_set(const OID& oid) const { 214| 6.45k| return m_extension_info.contains(oid); 215| 6.45k|} _ZNK5Botan10Extensions20get_extension_objectERKNS_3OIDE: 234| 71.0k|const Certificate_Extension* Extensions::get_extension_object(const OID& oid) const { 235| 71.0k| auto extn = m_extension_info.find(oid); 236| 71.0k| if(extn == m_extension_info.end()) { ------------------ | Branch (236:7): [True: 45.2k, False: 25.8k] ------------------ 237| 45.2k| return nullptr; 238| 45.2k| } 239| | 240| 25.8k| return &extn->second.obj(); 241| 71.0k|} _ZN5Botan10Extensions11decode_fromERNS_11BER_DecoderE: 290| 6.45k|void Extensions::decode_from(BER_Decoder& from_source) { 291| 6.45k| m_extension_oids.clear(); 292| 6.45k| m_extension_info.clear(); 293| | 294| 6.45k| BER_Decoder sequence = from_source.start_sequence(); 295| | 296| 32.2k| while(sequence.more_items()) { ------------------ | Branch (296:10): [True: 25.8k, False: 6.45k] ------------------ 297| 25.8k| OID oid; 298| 25.8k| bool critical = false; 299| 25.8k| std::vector bits; 300| | 301| 25.8k| sequence.start_sequence() 302| 25.8k| .decode(oid) 303| 25.8k| .decode_optional(critical, ASN1_Type::Boolean, ASN1_Class::Universal, false) 304| 25.8k| .decode(bits, ASN1_Type::OctetString) 305| 25.8k| .end_cons(); 306| | 307| 25.8k| auto obj = create_extn_obj(oid, critical, bits); 308| 25.8k| Extensions_Info info(critical, bits, std::move(obj)); 309| | 310| | // RFC 5280 4.2: "A certificate MUST NOT include more than one 311| | // instance of a particular extension." 312| 25.8k| if(!m_extension_info.emplace(oid, info).second) { ------------------ | Branch (312:10): [True: 0, False: 25.8k] ------------------ 313| 0| throw Decoding_Error("Duplicate certificate extension encountered"); 314| 0| } 315| 25.8k| m_extension_oids.push_back(oid); 316| 25.8k| } 317| 6.45k| sequence.verify_end(); 318| 6.45k|} _ZN5Botan14Cert_Extension17Basic_ConstraintsC2Ebm: 323| 6.45k| Basic_Constraints(is_ca, is_ca ? std::optional(path_length_constraint) : std::nullopt) {} ------------------ | Branch (323:32): [True: 0, False: 6.45k] ------------------ _ZN5Botan14Cert_Extension17Basic_ConstraintsC2EbNSt3__18optionalImEE: 326| 6.45k| m_is_ca(is_ca), m_path_length_constraint(path_length_constraint) { 327| 6.45k| if(!m_is_ca && m_path_length_constraint.has_value()) { ------------------ | Branch (327:7): [True: 6.45k, False: 0] | Branch (327:19): [True: 0, False: 6.45k] ------------------ 328| | // RFC 5280 Sec 4.2.1.9 "CAs MUST NOT include the pathLenConstraint field unless the cA boolean is asserted" 329| 0| throw Invalid_Argument( 330| 0| "Basic_Constraints nonsensical to set a path length constraint for a non-CA basicConstraints"); 331| 0| } 332| 6.45k|} _ZN5Botan14Cert_Extension17Basic_Constraints12decode_innerERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 363| 6.45k|void Basic_Constraints::decode_inner(const std::vector& in) { 364| | /* 365| | * RFC 5280 Section 4.2.1.9 366| | * 367| | * BasicConstraints ::= SEQUENCE { 368| | * cA BOOLEAN DEFAULT FALSE, 369| | * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 370| | */ 371| 6.45k| BER_Decoder(in, BER_Decoder::Limits::DER()) 372| 6.45k| .start_sequence() 373| 6.45k| .decode_optional(m_is_ca, ASN1_Type::Boolean, ASN1_Class::Universal, false) 374| 6.45k| .decode_optional(m_path_length_constraint, ASN1_Type::Integer, ASN1_Class::Universal) 375| 6.45k| .end_cons() 376| 6.45k| .verify_end(); 377| | 378| | /* RFC 5280 Section 4.2.1.9: 379| | * "CAs MUST NOT include the pathLenConstraint field unless the cA boolean 380| | * is asserted and the key usage extension asserts the keyCertSign bit" */ 381| 6.45k| if(!m_is_ca && m_path_length_constraint.has_value()) { ------------------ | Branch (381:7): [True: 6.45k, False: 0] | Branch (381:19): [True: 0, False: 6.45k] ------------------ 382| 0| throw Decoding_Error("BasicConstraints pathLenConstraint must not be present when cA is FALSE"); 383| 0| } 384| 6.45k|} _ZN5Botan14Cert_Extension14Subject_Key_ID12decode_innerERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 454| 6.45k|void Subject_Key_ID::decode_inner(const std::vector& in) { 455| | /* RFC 5280 Section 4.2.1.2 - SubjectKeyIdentifier ::= KeyIdentifier */ 456| 6.45k| BER_Decoder(in, BER_Decoder::Limits::DER()).decode(m_key_id, ASN1_Type::OctetString).verify_end(); 457| | 458| 6.45k| if(m_key_id.empty()) { ------------------ | Branch (458:7): [True: 0, False: 6.45k] ------------------ 459| 0| throw Decoding_Error("SubjectKeyIdentifier must not be empty"); 460| 0| } 461| 6.45k| if(m_key_id.size() > MaximumKeyIdentifierLength) { ------------------ | Branch (461:7): [True: 0, False: 6.45k] ------------------ 462| 0| throw Decoding_Error( 463| 0| fmt("SubjectKeyIdentifier length {} exceeds limit of {} bytes", m_key_id.size(), MaximumKeyIdentifierLength)); 464| 0| } 465| 6.45k|} _ZN5Botan14Cert_Extension16Authority_Key_ID12decode_innerERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 500| 6.45k|void Authority_Key_ID::decode_inner(const std::vector& in) { 501| | /* 502| | * RFC 5280 Section 4.2.1.1 503| | * 504| | * AuthorityKeyIdentifier ::= SEQUENCE { 505| | * keyIdentifier [0] KeyIdentifier OPTIONAL, 506| | * authorityCertIssuer [1] GeneralNames OPTIONAL, 507| | * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } 508| | */ 509| 6.45k| BER_Decoder ber(in, BER_Decoder::Limits::DER()); 510| 6.45k| BER_Decoder seq = ber.start_sequence(); 511| | 512| 6.45k| const bool key_id_present = seq.peek_next_object().is_a(0, ASN1_Class::ContextSpecific); 513| | 514| 6.45k| seq.decode_optional_string(m_key_id, ASN1_Type::OctetString, 0).discard_remaining().end_cons(); 515| 6.45k| ber.verify_end(); 516| | 517| 6.45k| if(key_id_present) { ------------------ | Branch (517:7): [True: 6.45k, False: 0] ------------------ 518| 6.45k| if(m_key_id.empty()) { ------------------ | Branch (518:10): [True: 0, False: 6.45k] ------------------ 519| 0| throw Decoding_Error("AuthorityKeyIdentifier keyIdentifier must not be empty"); 520| 0| } 521| 6.45k| if(m_key_id.size() > MaximumKeyIdentifierLength) { ------------------ | Branch (521:10): [True: 0, False: 6.45k] ------------------ 522| 0| throw Decoding_Error(fmt("AuthorityKeyIdentifier keyIdentifier length {} exceeds limit of {} bytes", 523| 0| m_key_id.size(), 524| 0| MaximumKeyIdentifierLength)); 525| 0| } 526| 6.45k| } 527| 6.45k|} _ZN5Botan14Cert_Extension24Subject_Alternative_Name12decode_innerERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 550| 6.45k|void Subject_Alternative_Name::decode_inner(const std::vector& in) { 551| | /* RFC 5280 Section 4.2.1.6 - SubjectAltName ::= GeneralNames 552| | * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName */ 553| 6.45k| BER_Decoder(in, BER_Decoder::Limits::DER()).decode(m_alt_name).verify_end(); 554| 6.45k| if(!m_alt_name.has_items()) { ------------------ | Branch (554:7): [True: 0, False: 6.45k] ------------------ 555| 0| throw Decoding_Error("SubjectAlternativeName extension must contain at least one GeneralName"); 556| 0| } 557| 6.45k|} x509_ext.cpp:_ZN5Botan12_GLOBAL__N_118extension_from_oidERKNS_3OIDE: 38| 25.8k|std::unique_ptr extension_from_oid(const OID& oid) { 39| 25.8k| if(auto iso_ext = is_sub_element_of(oid, {2, 5, 29})) { ------------------ | Branch (39:12): [True: 25.8k, False: 0] ------------------ 40| | // NOLINTNEXTLINE(*-switch-missing-default-case) 41| 25.8k| switch(*iso_ext) { ------------------ | Branch (41:14): [True: 25.8k, False: 0] ------------------ 42| 6.45k| case 14: ------------------ | Branch (42:10): [True: 6.45k, False: 19.3k] ------------------ 43| 6.45k| return make_extension(oid); 44| 0| case 15: ------------------ | Branch (44:10): [True: 0, False: 25.8k] ------------------ 45| 0| return make_extension(oid); 46| 6.45k| case 17: ------------------ | Branch (46:10): [True: 6.45k, False: 19.3k] ------------------ 47| 6.45k| return make_extension(oid); 48| 0| case 18: ------------------ | Branch (48:10): [True: 0, False: 25.8k] ------------------ 49| 0| return make_extension(oid); 50| 6.45k| case 19: ------------------ | Branch (50:10): [True: 6.45k, False: 19.3k] ------------------ 51| 6.45k| return make_extension(oid); 52| 0| case 20: ------------------ | Branch (52:10): [True: 0, False: 25.8k] ------------------ 53| 0| return make_extension(oid); 54| 0| case 21: ------------------ | Branch (54:10): [True: 0, False: 25.8k] ------------------ 55| 0| return make_extension(oid); 56| 0| case 28: ------------------ | Branch (56:10): [True: 0, False: 25.8k] ------------------ 57| 0| return make_extension(oid); 58| 0| case 30: ------------------ | Branch (58:10): [True: 0, False: 25.8k] ------------------ 59| 0| return make_extension(oid); 60| 0| case 31: ------------------ | Branch (60:10): [True: 0, False: 25.8k] ------------------ 61| 0| return make_extension(oid); 62| 0| case 32: ------------------ | Branch (62:10): [True: 0, False: 25.8k] ------------------ 63| 0| return make_extension(oid); 64| 6.45k| case 35: ------------------ | Branch (64:10): [True: 6.45k, False: 19.3k] ------------------ 65| 6.45k| return make_extension(oid); 66| 0| case 37: ------------------ | Branch (66:10): [True: 0, False: 25.8k] ------------------ 67| 0| return make_extension(oid); 68| 0| case 56: ------------------ | Branch (68:10): [True: 0, False: 25.8k] ------------------ 69| 0| return make_extension(oid); 70| 25.8k| } 71| 25.8k| } 72| | 73| 0| if(auto pkix_ext = is_sub_element_of(oid, {1, 3, 6, 1, 5, 5, 7, 1})) { ------------------ | Branch (73:12): [True: 0, False: 0] ------------------ 74| | // NOLINTNEXTLINE(*-switch-missing-default-case) 75| 0| switch(*pkix_ext) { ------------------ | Branch (75:14): [True: 0, False: 0] ------------------ 76| 0| case 1: ------------------ | Branch (76:10): [True: 0, False: 0] ------------------ 77| 0| return make_extension(oid); 78| 0| case 7: ------------------ | Branch (78:10): [True: 0, False: 0] ------------------ 79| 0| return make_extension(oid); 80| 0| case 8: ------------------ | Branch (80:10): [True: 0, False: 0] ------------------ 81| 0| return make_extension(oid); 82| 0| case 26: ------------------ | Branch (82:10): [True: 0, False: 0] ------------------ 83| 0| return make_extension(oid); 84| 0| } 85| 0| } 86| | 87| 0| if(oid == Cert_Extension::OCSP_NoCheck::static_oid()) { ------------------ | Branch (87:7): [True: 0, False: 0] ------------------ 88| 0| return make_extension(oid); 89| 0| } 90| | 91| 0| return nullptr; // unknown 92| 0|} x509_ext.cpp:_ZN5Botan12_GLOBAL__N_114make_extensionITkNSt3__112derived_fromINS_21Certificate_ExtensionEEENS_14Cert_Extension14Subject_Key_IDEEEDaRKNS_3OIDE: 33| 6.45k|auto make_extension([[maybe_unused]] const OID& oid) { 34| 6.45k| BOTAN_DEBUG_ASSERT(oid == T::static_oid()); ------------------ | | 130| 6.45k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 6.45k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 6.45k] | | ------------------ ------------------ 35| 6.45k| return std::make_unique(); 36| 6.45k|} x509_ext.cpp:_ZN5Botan12_GLOBAL__N_114make_extensionITkNSt3__112derived_fromINS_21Certificate_ExtensionEEENS_14Cert_Extension24Subject_Alternative_NameEEEDaRKNS_3OIDE: 33| 6.45k|auto make_extension([[maybe_unused]] const OID& oid) { 34| 6.45k| BOTAN_DEBUG_ASSERT(oid == T::static_oid()); ------------------ | | 130| 6.45k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 6.45k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 6.45k] | | ------------------ ------------------ 35| 6.45k| return std::make_unique(); 36| 6.45k|} x509_ext.cpp:_ZN5Botan12_GLOBAL__N_114make_extensionITkNSt3__112derived_fromINS_21Certificate_ExtensionEEENS_14Cert_Extension17Basic_ConstraintsEEEDaRKNS_3OIDE: 33| 6.45k|auto make_extension([[maybe_unused]] const OID& oid) { 34| 6.45k| BOTAN_DEBUG_ASSERT(oid == T::static_oid()); ------------------ | | 130| 6.45k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 6.45k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 6.45k] | | ------------------ ------------------ 35| 6.45k| return std::make_unique(); 36| 6.45k|} x509_ext.cpp:_ZN5Botan12_GLOBAL__N_114make_extensionITkNSt3__112derived_fromINS_21Certificate_ExtensionEEENS_14Cert_Extension16Authority_Key_IDEEEDaRKNS_3OIDE: 33| 6.45k|auto make_extension([[maybe_unused]] const OID& oid) { 34| 6.45k| BOTAN_DEBUG_ASSERT(oid == T::static_oid()); ------------------ | | 130| 6.45k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 6.45k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 6.45k] | | ------------------ ------------------ 35| 6.45k| return std::make_unique(); 36| 6.45k|} _ZN5Botan11X509_Object9load_dataERNS_10DataSourceE: 24| 6.75k|void X509_Object::load_data(DataSource& in) { 25| 6.75k| try { 26| 6.75k| if(ASN1::maybe_BER(in) && !PEM_Code::matches(in)) { ------------------ | Branch (26:10): [True: 252, False: 6.50k] | Branch (26:33): [True: 252, False: 0] ------------------ 27| 252| BER_Decoder dec(in, BER_Decoder::Limits::DER()); 28| 252| decode_from(dec); 29| | // Call to verify_end omitted here since we have to sometimes decode 30| | // multiple certificates encoded sequentially in a DataSource 31| 6.50k| } else { 32| 6.50k| std::string got_label; 33| 6.50k| DataSource_Memory ber(PEM_Code::decode(in, got_label)); 34| | 35| 6.50k| if(got_label != PEM_label()) { ------------------ | Branch (35:13): [True: 0, False: 6.50k] ------------------ 36| 0| bool is_alternate = false; 37| 0| for(const std::string_view alt_label : alternate_PEM_labels()) { ------------------ | Branch (37:50): [True: 0, False: 0] ------------------ 38| 0| if(got_label == alt_label) { ------------------ | Branch (38:19): [True: 0, False: 0] ------------------ 39| 0| is_alternate = true; 40| 0| break; 41| 0| } 42| 0| } 43| | 44| 0| if(!is_alternate) { ------------------ | Branch (44:16): [True: 0, False: 0] ------------------ 45| 0| throw Decoding_Error("Unexpected PEM label for " + PEM_label() + " of " + got_label); 46| 0| } 47| 0| } 48| | 49| 6.50k| BER_Decoder dec(ber, BER_Decoder::Limits::DER()); 50| 6.50k| decode_from(dec); 51| | // Call to verify_end omitted here since we have to sometimes decode 52| | // multiple certificates encoded sequentially in a DataSource 53| 6.50k| } 54| 6.75k| } catch(Decoding_Error& e) { 55| 297| throw Decoding_Error(PEM_label() + " decoding", e); 56| 297| } 57| 6.75k|} _ZNK5Botan11X509_Object9signatureEv: 59| 6.46k|const std::vector& X509_Object::signature() const { 60| 6.46k| if(!m_signed_data) { ------------------ | Branch (60:7): [True: 0, False: 6.46k] ------------------ 61| 0| throw Invalid_State("X509_Object uninitialized"); 62| 0| } 63| 6.46k| return m_signed_data->m_sig; 64| 6.46k|} _ZNK5Botan11X509_Object11signed_bodyEv: 66| 12.9k|const std::vector& X509_Object::signed_body() const { 67| 12.9k| if(!m_signed_data) { ------------------ | Branch (67:7): [True: 0, False: 12.9k] ------------------ 68| 0| throw Invalid_State("X509_Object uninitialized"); 69| 0| } 70| 12.9k| return m_signed_data->m_tbs_bits; 71| 12.9k|} _ZNK5Botan11X509_Object19signature_algorithmEv: 73| 12.9k|const AlgorithmIdentifier& X509_Object::signature_algorithm() const { 74| 12.9k| if(!m_signed_data) { ------------------ | Branch (74:7): [True: 0, False: 12.9k] ------------------ 75| 0| throw Invalid_State("X509_Object uninitialized"); 76| 0| } 77| 12.9k| return m_signed_data->m_sig_algo; 78| 12.9k|} _ZNK5Botan11X509_Object11encode_intoERNS_11DER_EncoderE: 80| 6.46k|void X509_Object::encode_into(DER_Encoder& to) const { 81| 6.46k| to.start_sequence() 82| 6.46k| .start_sequence() 83| 6.46k| .raw_bytes(signed_body()) 84| 6.46k| .end_cons() 85| 6.46k| .encode(signature_algorithm()) 86| 6.46k| .encode(signature(), ASN1_Type::BitString) 87| 6.46k| .end_cons(); 88| 6.46k|} _ZN5Botan11X509_Object11decode_fromERNS_11BER_DecoderE: 93| 6.71k|void X509_Object::decode_from(BER_Decoder& from) { 94| 6.71k| auto data = std::make_shared(); 95| | 96| 6.71k| from.start_sequence() 97| 6.71k| .start_sequence() 98| 6.71k| .raw_bytes(data->m_tbs_bits) 99| 6.71k| .end_cons() 100| 6.71k| .decode(data->m_sig_algo) 101| 6.71k| .decode(data->m_sig, ASN1_Type::BitString) 102| 6.71k| .end_cons(); 103| | 104| 6.71k| m_signed_data = std::move(data); 105| 6.71k| force_decode(); 106| 6.71k|} _ZN5Botan16X509_CertificateD2Ev: 76| 12.5k|X509_Certificate::~X509_Certificate() = default; _ZNK5Botan16X509_Certificate9PEM_labelEv: 78| 6.75k|std::string X509_Certificate::PEM_label() const { 79| 6.75k| return "CERTIFICATE"; 80| 6.75k|} _ZN5Botan16X509_CertificateC2ERNS_10DataSourceE: 86| 6.45k|X509_Certificate::X509_Certificate(DataSource& src) { 87| 6.45k| load_data(src); 88| 6.45k|} _ZN5Botan16X509_CertificateC2ENSt3__14spanIKhLm18446744073709551615EEE: 90| 298|X509_Certificate::X509_Certificate(std::span in) { 91| 298| DataSource_Memory src(in); 92| 298| load_data(src); 93| 298|} _ZN5Botan16X509_Certificate12force_decodeEv: 338| 6.51k|void X509_Certificate::force_decode() { 339| 6.51k| m_data.reset(); 340| 6.51k| m_data = parse_x509_cert_body(*this); 341| 6.51k|} x509cert.cpp:_ZN5Botan12_GLOBAL__N_120parse_x509_cert_bodyERKNS_11X509_ObjectE: 104| 6.51k|std::unique_ptr parse_x509_cert_body(const X509_Object& obj) { 105| 6.51k| auto data = std::make_unique(); 106| | 107| 6.51k| BigInt serial_bn; 108| 6.51k| BER_Object public_key; 109| 6.51k| BER_Object v3_exts_data; 110| | 111| 6.51k| BER_Decoder(obj.signed_body(), BER_Decoder::Limits::DER()) 112| 6.51k| .decode_optional(data->m_version, ASN1_Type(0), ASN1_Class::Constructed | ASN1_Class::ContextSpecific) 113| 6.51k| .decode(serial_bn) 114| 6.51k| .decode(data->m_sig_algo_inner) 115| 6.51k| .decode(data->m_issuer_dn) 116| 6.51k| .start_sequence() 117| 6.51k| .decode(data->m_not_before) 118| 6.51k| .decode(data->m_not_after) 119| 6.51k| .end_cons() 120| 6.51k| .decode(data->m_subject_dn) 121| 6.51k| .get_next(public_key) 122| 6.51k| .decode_optional_string(data->m_v2_issuer_key_id, ASN1_Type::BitString, 1) 123| 6.51k| .decode_optional_string(data->m_v2_subject_key_id, ASN1_Type::BitString, 2) 124| 6.51k| .get_next(v3_exts_data) 125| 6.51k| .verify_end("TBSCertificate has extra data after extensions block"); 126| | 127| 6.51k| if(data->m_version > 2) { ------------------ | Branch (127:7): [True: 0, False: 6.51k] ------------------ 128| 0| throw Decoding_Error("Unknown X.509 cert version " + std::to_string(data->m_version)); 129| 0| } 130| 6.51k| if(obj.signature_algorithm() != data->m_sig_algo_inner) { ------------------ | Branch (130:7): [True: 0, False: 6.51k] ------------------ 131| 0| throw Decoding_Error("X.509 Certificate had differing algorithm identifiers in inner and outer ID fields"); 132| 0| } 133| | 134| 6.51k| public_key.assert_is_a(ASN1_Type::Sequence, ASN1_Class::Constructed, "X.509 certificate public key"); 135| | 136| | // for general sanity convert wire version (0 based) to standards version (v1 .. v3) 137| 6.51k| data->m_version += 1; 138| | 139| 6.51k| data->m_serial = serial_bn.serialize(); 140| | // crude method to save the serial's sign; will get lost during decoding, otherwise 141| 6.51k| data->m_serial_negative = serial_bn.signum() < 0; 142| 6.51k| data->m_subject_dn_bits = ASN1::put_in_sequence(data->m_subject_dn.get_bits()); 143| 6.51k| data->m_issuer_dn_bits = ASN1::put_in_sequence(data->m_issuer_dn.get_bits()); 144| | 145| 6.51k| data->m_subject_public_key_bits.assign(public_key.bits(), public_key.bits() + public_key.length()); 146| | 147| 6.51k| data->m_subject_public_key_bits_seq = ASN1::put_in_sequence(data->m_subject_public_key_bits); 148| | 149| 6.51k| BER_Decoder(data->m_subject_public_key_bits, BER_Decoder::Limits::DER()) 150| 6.51k| .decode(data->m_subject_public_key_algid) 151| 6.51k| .decode(data->m_subject_public_key_bitstring, ASN1_Type::BitString) 152| 6.51k| .verify_end(); 153| | 154| 6.51k| if(v3_exts_data.is_a(3, ASN1_Class::Constructed | ASN1_Class::ContextSpecific)) { ------------------ | Branch (154:7): [True: 6.45k, False: 58] ------------------ 155| | // Path validation will reject a v1/v2 cert with v3 extensions 156| 6.45k| BER_Decoder(v3_exts_data, BER_Decoder::Limits::DER()).decode(data->m_v3_extensions).verify_end(); 157| 6.45k| } else if(v3_exts_data.is_set()) { ------------------ | Branch (157:14): [True: 0, False: 58] ------------------ 158| 0| throw BER_Bad_Tag("Unknown tag in X.509 cert", v3_exts_data.tagging()); 159| 0| } 160| | 161| | // Now cache some fields from the extensions 162| 6.51k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (162:19): [True: 0, False: 6.51k] ------------------ 163| 0| data->m_key_constraints = ext->get_constraints(); 164| | /* 165| | RFC 5280: When the keyUsage extension appears in a certificate, 166| | at least one of the bits MUST be set to 1. 167| | */ 168| 0| if(data->m_key_constraints.empty()) { ------------------ | Branch (168:10): [True: 0, False: 0] ------------------ 169| 0| throw Decoding_Error("Certificate has invalid encoding for KeyUsage"); 170| 0| } 171| 0| } 172| | 173| 6.51k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (173:19): [True: 6.45k, False: 58] ------------------ 174| 6.45k| data->m_subject_key_id = ext->get_key_id(); 175| 6.45k| } 176| | 177| 6.51k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (177:19): [True: 6.45k, False: 58] ------------------ 178| 6.45k| data->m_authority_key_id = ext->get_key_id(); 179| 6.45k| } 180| | 181| 6.51k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (181:19): [True: 0, False: 6.51k] ------------------ 182| 0| data->m_name_constraints = ext->get_name_constraints(); 183| 0| } 184| | 185| 6.51k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (185:19): [True: 0, False: 6.51k] ------------------ 186| 0| data->m_extended_key_usage = ext->object_identifiers(); 187| | /* 188| | RFC 5280 section 4.2.1.12 189| | 190| | "This extension indicates one or more purposes ..." 191| | 192| | "If the extension is present, then the certificate MUST only be 193| | used for one of the purposes indicated." 194| | 195| | Thus we reject an EKU extension which is empty, since this indicates 196| | the certificate cannot be used for any purpose. 197| | */ 198| 0| if(data->m_extended_key_usage.empty()) { ------------------ | Branch (198:10): [True: 0, False: 0] ------------------ 199| 0| throw Decoding_Error("Certificate has invalid empty EKU extension"); 200| 0| } 201| 0| } 202| | 203| 6.51k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (203:19): [True: 6.45k, False: 58] ------------------ 204| | /* 205| | * RFC 5280 4.2.1.9 requires that conforming CAs "MUST mark the 206| | * extension [basicConstraints] as critical in such certificates" 207| | * but places no such requirement on validators. 208| | */ 209| 6.45k| if(ext->is_ca() == true) { ------------------ | Branch (209:10): [True: 0, False: 6.45k] ------------------ 210| | /* 211| | * RFC 5280 section 4.2.1.3 requires that CAs include KeyUsage in all 212| | * intermediate CA certificates they issue. Currently we accept it being 213| | * missing, as do most other implementations. But it may be worth 214| | * removing this entirely, or alternately adding a warning level 215| | * validation failure for it. 216| | */ 217| 0| const bool allowed_by_ku = 218| 0| data->m_key_constraints.includes(Key_Constraints::KeyCertSign) || data->m_key_constraints.empty(); ------------------ | Branch (218:13): [True: 0, False: 0] | Branch (218:79): [True: 0, False: 0] ------------------ 219| | 220| | /* 221| | * If the extended key usages are set then we must restrict the usage in 222| | * accordance with it as well. 223| | * 224| | * RFC 5280 does not define any extended key usages compatible with certificate 225| | * signing, but some CAs use serverAuth, clientAuth, OCSPSigning, or AnyExtendedKeyUsage 226| | * for this purpose, even though clearly all of these (besides AEKU) are invalid. 227| | * This check at least allows excluding a certificate which is set for only eg 228| | * timestamping or code signing, and that seems about the best we can possibly enforce. 229| | * OpenSSL, BoringSSL, and Go all completely ignore EKUs in determining ability to 230| | * issue certs. 231| | */ 232| 0| const bool allowed_by_ext_ku = [](const std::vector& ext_ku) -> bool { 233| 0| if(ext_ku.empty()) { 234| 0| return true; 235| 0| } 236| | 237| 0| const auto server_auth = OID::from_name("PKIX.ServerAuth"); 238| 0| const auto client_auth = OID::from_name("PKIX.ClientAuth"); 239| 0| const auto ocsp_sign = OID::from_name("PKIX.OCSPSigning"); 240| 0| const auto any_eku = OID::from_name("X509v3.AnyExtendedKeyUsage"); 241| | 242| 0| for(const auto& oid : ext_ku) { 243| 0| if(oid == any_eku || oid == server_auth || oid == client_auth || oid == ocsp_sign) { 244| 0| return true; 245| 0| } 246| 0| } 247| | 248| 0| return false; 249| 0| }(data->m_extended_key_usage); 250| | 251| 0| if(allowed_by_ku && allowed_by_ext_ku) { ------------------ | Branch (251:13): [True: 0, False: 0] | Branch (251:30): [True: 0, False: 0] ------------------ 252| 0| data->m_is_ca_certificate = true; 253| 0| data->m_path_len_constraint = ext->path_length_constraint(); 254| 0| } 255| 0| } 256| 6.45k| } 257| | 258| 6.51k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (258:19): [True: 0, False: 6.51k] ------------------ 259| 0| data->m_issuer_alt_name = ext->get_alt_name(); 260| 0| } 261| | 262| 6.51k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (262:19): [True: 6.45k, False: 58] ------------------ 263| 6.45k| data->m_subject_alt_name = ext->get_alt_name(); 264| 6.45k| } 265| | 266| | // This will be set even if SAN parsing failed entirely eg due to a decoding error 267| | // or if the SAN is empty. This is used to guard against using the CN for domain 268| | // name checking. 269| 6.51k| const auto san_oid = OID::from_string("X509v3.SubjectAlternativeName"); 270| 6.51k| data->m_subject_alt_name_exists = data->m_v3_extensions.extension_set(san_oid); 271| | 272| 6.51k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (272:19): [True: 0, False: 6.51k] ------------------ 273| 0| data->m_cert_policies = ext->get_policy_oids(); 274| 0| } 275| | 276| 6.51k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (276:19): [True: 0, False: 6.51k] ------------------ 277| 0| data->m_ocsp_responders = ext->ocsp_responders(); 278| 0| data->m_ca_issuers = ext->ca_issuers(); 279| 0| } 280| | 281| 6.51k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (281:19): [True: 0, False: 6.51k] ------------------ 282| 0| data->m_crl_distribution_points = ext->crl_distribution_urls(); 283| 0| } 284| | 285| | /* 286| | Determine if this certificate appears to be self-issued (subject == issuer). 287| | This is only a heuristic used for path building so it's ok it is not precise. 288| | The self-signature is verified during path validation. 289| | */ 290| 6.51k| if(data->m_subject_dn == data->m_issuer_dn) { ------------------ | Branch (290:7): [True: 6.45k, False: 58] ------------------ 291| 6.45k| if(!data->m_subject_key_id.empty() && !data->m_authority_key_id.empty()) { ------------------ | Branch (291:10): [True: 6.45k, False: 0] | Branch (291:45): [True: 6.45k, False: 0] ------------------ 292| | /* 293| | Both SKID and AKID are set so we can reliably determine self-signed vs 294| | self-issued by comparing the two 295| | */ 296| 6.45k| data->m_self_signed = (data->m_subject_key_id == data->m_authority_key_id); 297| 6.45k| } else { 298| | /* 299| | Without both SKID and AKID we can't determine with certainty. Assume 300| | self-signed since that's by far the common case. 301| | */ 302| 0| data->m_self_signed = true; 303| 0| } 304| 6.45k| } 305| | 306| 6.51k| const std::vector full_encoding = obj.BER_encode(); 307| | 308| 6.51k| if(auto sha1 = HashFunction::create("SHA-1")) { ------------------ | Branch (308:12): [True: 6.45k, False: 58] ------------------ 309| 6.45k| sha1->update(data->m_subject_public_key_bitstring); 310| 6.45k| data->m_subject_public_key_bitstring_sha1 = sha1->final_stdvec(); 311| | // otherwise left as empty, and we will throw if subject_public_key_bitstring_sha1 is called 312| | 313| 6.45k| sha1->update(full_encoding); 314| 6.45k| sha1->final(data->m_cert_data_sha1); 315| 6.45k| data->m_fingerprint_sha1 = format_hex_fingerprint(data->m_cert_data_sha1); 316| 6.45k| } 317| | 318| | // SHA-256 is a hard dependency of this module 319| 6.51k| auto sha256 = HashFunction::create_or_throw("SHA-256"); 320| 6.51k| sha256->update(data->m_issuer_dn_bits); 321| 6.51k| data->m_issuer_dn_bits_sha256 = sha256->final_stdvec(); 322| | 323| 6.51k| sha256->update(data->m_subject_dn_bits); 324| 6.51k| data->m_subject_dn_bits_sha256 = sha256->final_stdvec(); 325| | 326| 6.51k| sha256->update(full_encoding); 327| 6.51k| sha256->final(data->m_cert_data_sha256); 328| 6.51k| data->m_fingerprint_sha256 = format_hex_fingerprint(data->m_cert_data_sha256); 329| | 330| 6.51k| return data; 331| 6.51k|}