_ZNK5Botan7AES_1284nameEv: 28| 123| std::string name() const override { return "AES-128"; } _ZNK5Botan7AES_2564nameEv: 119| 149| std::string name() const override { return "AES-256"; } _ZN5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EED2Ev: 64| 41.4k| ~AlignmentBuffer() { secure_zeroize_buffer(m_buffer.data(), sizeof(T) * m_buffer.size()); } _ZN5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EEC2Ev: 62| 41.4k| AlignmentBuffer() = default; _ZN5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE5clearEv: 71| 169k| void clear() { 72| 169k| zeroize_buffer(m_buffer.data(), m_buffer.size()); 73| 169k| m_position = 0; 74| 169k| } _ZN5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EEC2Ev: 62| 764| AlignmentBuffer() = default; _ZN5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE5clearEv: 71| 7.34k| void clear() { 72| 7.34k| zeroize_buffer(m_buffer.data(), m_buffer.size()); 73| 7.34k| m_position = 0; 74| 7.34k| } _ZN5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EED2Ev: 64| 764| ~AlignmentBuffer() { secure_zeroize_buffer(m_buffer.data(), sizeof(T) * m_buffer.size()); } _ZN5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE21handle_unaligned_dataERNS_12BufferSlicerE: 166| 248k| [[nodiscard]] std::optional> handle_unaligned_data(BufferSlicer& slicer) { 167| | // When the final block is to be deferred, we would need to store and 168| | // hold a buffer that contains exactly one block until more data is 169| | // passed or it is explicitly consumed. 170| 248k| const size_t defer = (defers_final_block()) ? 1 : 0; ------------------ | Branch (170:31): [True: 0, False: 248k] ------------------ 171| | 172| 248k| if(in_alignment() && slicer.remaining() >= m_buffer.size() + defer) { ------------------ | Branch (172:13): [True: 208k, False: 39.3k] | Branch (172:31): [True: 85.3k, False: 123k] ------------------ 173| | // We are currently in alignment and the passed-in data source 174| | // contains enough data to benefit from aligned processing. 175| | // Therefore, we don't copy anything into the intermittent buffer. 176| 85.3k| return std::nullopt; 177| 85.3k| } 178| | 179| | // Fill the buffer with as much input data as needed to reach alignment 180| | // or until the input source is depleted. 181| 162k| const auto elements_to_consume = std::min(m_buffer.size() - m_position, slicer.remaining()); 182| 162k| append(slicer.take(elements_to_consume)); 183| | 184| | // If we collected enough data, we push out one full block. When 185| | // deferring the final block is enabled, we additionally check that 186| | // more input data is available to continue processing a consecutive 187| | // block. 188| 162k| if(ready_to_consume() && (!defers_final_block() || !slicer.empty())) { ------------------ | Branch (188:13): [True: 6.62k, False: 156k] | Branch (188:36): [True: 6.62k, False: 0] | Branch (188:61): [True: 0, False: 0] ------------------ 189| 6.62k| return consume(); 190| 156k| } else { 191| 156k| return std::nullopt; 192| 156k| } 193| 162k| } _ZNK5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE18defers_final_blockEv: 233| 346k| constexpr bool defers_final_block() const { 234| 346k| return FINAL_BLOCK_STRATEGY == AlignmentBufferFinalBlock::must_be_deferred; 235| 346k| } _ZN5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE6appendENSt3__14spanIKhLm18446744073709551615EEE: 90| 279k| void append(std::span elements) { 91| 279k| BOTAN_ASSERT_NOMSG(elements.size() <= elements_until_alignment()); ------------------ | | 77| 279k| do { \ | | 78| 279k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 279k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 279k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 279k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 279k] | | ------------------ ------------------ 92| 279k| std::copy(elements.begin(), elements.end(), m_buffer.begin() + m_position); 93| 279k| m_position += elements.size(); 94| 279k| } _ZNK5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE24elements_until_alignmentEv: 221| 661k| size_t elements_until_alignment() const { return m_buffer.size() - m_position; } _ZNK5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE16ready_to_consumeEv: 231| 582k| bool ready_to_consume() const { return m_position == m_buffer.size(); } _ZN5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE7consumeEv: 200| 155k| [[nodiscard]] std::span consume() { 201| 155k| BOTAN_ASSERT_NOMSG(ready_to_consume()); ------------------ | | 77| 155k| do { \ | | 78| 155k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 155k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 155k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 155k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 155k] | | ------------------ ------------------ 202| 155k| m_position = 0; 203| 155k| return m_buffer; 204| 155k| } _ZNK5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE12in_alignmentEv: 226| 587k| bool in_alignment() const { return m_position == 0; } _ZNK5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE23aligned_data_to_processERNS_12BufferSlicerE: 126| 91.9k| [[nodiscard]] std::tuple, size_t> aligned_data_to_process(BufferSlicer& slicer) const { 127| 91.9k| BOTAN_ASSERT_NOMSG(in_alignment()); ------------------ | | 77| 91.9k| do { \ | | 78| 91.9k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 91.9k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 91.9k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 91.9k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 91.9k] | | ------------------ ------------------ 128| | 129| | // When the final block is to be deferred, the last block must not be 130| | // selected for processing if there is no (unaligned) extra input data. 131| 91.9k| const size_t defer = (defers_final_block()) ? 1 : 0; ------------------ | Branch (131:31): [True: 0, False: 91.9k] ------------------ 132| 91.9k| const size_t full_blocks_to_process = (slicer.remaining() - defer) / m_buffer.size(); 133| 91.9k| return {slicer.take(full_blocks_to_process * m_buffer.size()), full_blocks_to_process}; 134| 91.9k| } _ZN5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE18fill_up_with_zerosEv: 79| 148k| void fill_up_with_zeros() { 80| 148k| if(!ready_to_consume()) { ------------------ | Branch (80:13): [True: 148k, False: 79] ------------------ 81| 148k| zeroize_buffer(&m_buffer[m_position], elements_until_alignment()); 82| 148k| m_position = m_buffer.size(); 83| 148k| } 84| 148k| } _ZN5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE20directly_modify_lastEm: 113| 116k| std::span directly_modify_last(size_t elements) { 114| 116k| BOTAN_ASSERT_NOMSG(size() >= elements); ------------------ | | 77| 116k| do { \ | | 78| 116k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 116k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 116k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 116k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 116k] | | ------------------ ------------------ 115| 116k| return std::span(m_buffer).last(elements); 116| 116k| } _ZNK5Botan15AlignmentBufferIhLm64ELNS_25AlignmentBufferFinalBlockE0EE4sizeEv: 217| 116k| constexpr size_t size() const { return m_buffer.size(); } _ZN5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE21handle_unaligned_dataERNS_12BufferSlicerE: 166| 15.2k| [[nodiscard]] std::optional> handle_unaligned_data(BufferSlicer& slicer) { 167| | // When the final block is to be deferred, we would need to store and 168| | // hold a buffer that contains exactly one block until more data is 169| | // passed or it is explicitly consumed. 170| 15.2k| const size_t defer = (defers_final_block()) ? 1 : 0; ------------------ | Branch (170:31): [True: 0, False: 15.2k] ------------------ 171| | 172| 15.2k| if(in_alignment() && slicer.remaining() >= m_buffer.size() + defer) { ------------------ | Branch (172:13): [True: 12.4k, False: 2.77k] | Branch (172:31): [True: 6.57k, False: 5.91k] ------------------ 173| | // We are currently in alignment and the passed-in data source 174| | // contains enough data to benefit from aligned processing. 175| | // Therefore, we don't copy anything into the intermittent buffer. 176| 6.57k| return std::nullopt; 177| 6.57k| } 178| | 179| | // Fill the buffer with as much input data as needed to reach alignment 180| | // or until the input source is depleted. 181| 8.69k| const auto elements_to_consume = std::min(m_buffer.size() - m_position, slicer.remaining()); 182| 8.69k| append(slicer.take(elements_to_consume)); 183| | 184| | // If we collected enough data, we push out one full block. When 185| | // deferring the final block is enabled, we additionally check that 186| | // more input data is available to continue processing a consecutive 187| | // block. 188| 8.69k| if(ready_to_consume() && (!defers_final_block() || !slicer.empty())) { ------------------ | Branch (188:13): [True: 18, False: 8.67k] | Branch (188:36): [True: 18, False: 0] | Branch (188:61): [True: 0, False: 0] ------------------ 189| 18| return consume(); 190| 8.67k| } else { 191| 8.67k| return std::nullopt; 192| 8.67k| } 193| 8.69k| } _ZNK5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE18defers_final_blockEv: 233| 21.8k| constexpr bool defers_final_block() const { 234| 21.8k| return FINAL_BLOCK_STRATEGY == AlignmentBufferFinalBlock::must_be_deferred; 235| 21.8k| } _ZN5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE6appendENSt3__14spanIKhLm18446744073709551615EEE: 90| 14.5k| void append(std::span elements) { 91| 14.5k| BOTAN_ASSERT_NOMSG(elements.size() <= elements_until_alignment()); ------------------ | | 77| 14.5k| do { \ | | 78| 14.5k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 14.5k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 14.5k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 14.5k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 14.5k] | | ------------------ ------------------ 92| 14.5k| std::copy(elements.begin(), elements.end(), m_buffer.begin() + m_position); 93| 14.5k| m_position += elements.size(); 94| 14.5k| } _ZNK5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE24elements_until_alignmentEv: 221| 33.5k| size_t elements_until_alignment() const { return m_buffer.size() - m_position; } _ZNK5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE16ready_to_consumeEv: 231| 29.0k| bool ready_to_consume() const { return m_position == m_buffer.size(); } _ZN5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE7consumeEv: 200| 7.25k| [[nodiscard]] std::span consume() { 201| 7.25k| BOTAN_ASSERT_NOMSG(ready_to_consume()); ------------------ | | 77| 7.25k| do { \ | | 78| 7.25k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 7.25k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 7.25k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 7.25k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 7.25k] | | ------------------ ------------------ 202| 7.25k| m_position = 0; 203| 7.25k| return m_buffer; 204| 7.25k| } _ZNK5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE12in_alignmentEv: 226| 37.1k| bool in_alignment() const { return m_position == 0; } _ZNK5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE23aligned_data_to_processERNS_12BufferSlicerE: 126| 6.59k| [[nodiscard]] std::tuple, size_t> aligned_data_to_process(BufferSlicer& slicer) const { 127| 6.59k| BOTAN_ASSERT_NOMSG(in_alignment()); ------------------ | | 77| 6.59k| do { \ | | 78| 6.59k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 6.59k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 6.59k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 6.59k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 6.59k] | | ------------------ ------------------ 128| | 129| | // When the final block is to be deferred, the last block must not be 130| | // selected for processing if there is no (unaligned) extra input data. 131| 6.59k| const size_t defer = (defers_final_block()) ? 1 : 0; ------------------ | Branch (131:31): [True: 0, False: 6.59k] ------------------ 132| 6.59k| const size_t full_blocks_to_process = (slicer.remaining() - defer) / m_buffer.size(); 133| 6.59k| return {slicer.take(full_blocks_to_process * m_buffer.size()), full_blocks_to_process}; 134| 6.59k| } _ZN5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE18fill_up_with_zerosEv: 79| 7.23k| void fill_up_with_zeros() { 80| 7.23k| if(!ready_to_consume()) { ------------------ | Branch (80:13): [True: 7.23k, False: 0] ------------------ 81| 7.23k| zeroize_buffer(&m_buffer[m_position], elements_until_alignment()); 82| 7.23k| m_position = m_buffer.size(); 83| 7.23k| } 84| 7.23k| } _ZN5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE20directly_modify_lastEm: 113| 5.88k| std::span directly_modify_last(size_t elements) { 114| 5.88k| BOTAN_ASSERT_NOMSG(size() >= elements); ------------------ | | 77| 5.88k| do { \ | | 78| 5.88k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 5.88k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 5.88k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 5.88k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 5.88k] | | ------------------ ------------------ 115| 5.88k| return std::span(m_buffer).last(elements); 116| 5.88k| } _ZNK5Botan15AlignmentBufferIhLm128ELNS_25AlignmentBufferFinalBlockE0EE4sizeEv: 217| 5.88k| constexpr size_t size() const { return m_buffer.size(); } _ZN5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EEC2Ev: 62| 93| AlignmentBuffer() = default; _ZN5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EED2Ev: 64| 93| ~AlignmentBuffer() { secure_zeroize_buffer(m_buffer.data(), sizeof(T) * m_buffer.size()); } _ZN5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE5clearEv: 71| 182| void clear() { 72| 182| zeroize_buffer(m_buffer.data(), m_buffer.size()); 73| 182| m_position = 0; 74| 182| } _ZN5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE21handle_unaligned_dataERNS_12BufferSlicerE: 166| 225| [[nodiscard]] std::optional> handle_unaligned_data(BufferSlicer& slicer) { 167| | // When the final block is to be deferred, we would need to store and 168| | // hold a buffer that contains exactly one block until more data is 169| | // passed or it is explicitly consumed. 170| 225| const size_t defer = (defers_final_block()) ? 1 : 0; ------------------ | Branch (170:31): [True: 0, False: 225] ------------------ 171| | 172| 225| if(in_alignment() && slicer.remaining() >= m_buffer.size() + defer) { ------------------ | Branch (172:13): [True: 225, False: 0] | Branch (172:31): [True: 71, False: 154] ------------------ 173| | // We are currently in alignment and the passed-in data source 174| | // contains enough data to benefit from aligned processing. 175| | // Therefore, we don't copy anything into the intermittent buffer. 176| 71| return std::nullopt; 177| 71| } 178| | 179| | // Fill the buffer with as much input data as needed to reach alignment 180| | // or until the input source is depleted. 181| 154| const auto elements_to_consume = std::min(m_buffer.size() - m_position, slicer.remaining()); 182| 154| append(slicer.take(elements_to_consume)); 183| | 184| | // If we collected enough data, we push out one full block. When 185| | // deferring the final block is enabled, we additionally check that 186| | // more input data is available to continue processing a consecutive 187| | // block. 188| 154| if(ready_to_consume() && (!defers_final_block() || !slicer.empty())) { ------------------ | Branch (188:13): [True: 0, False: 154] | Branch (188:36): [True: 0, False: 0] | Branch (188:61): [True: 0, False: 0] ------------------ 189| 0| return consume(); 190| 154| } else { 191| 154| return std::nullopt; 192| 154| } 193| 154| } _ZNK5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE18defers_final_blockEv: 233| 296| constexpr bool defers_final_block() const { 234| 296| return FINAL_BLOCK_STRATEGY == AlignmentBufferFinalBlock::must_be_deferred; 235| 296| } _ZNK5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE16ready_to_consumeEv: 231| 462| bool ready_to_consume() const { return m_position == m_buffer.size(); } _ZNK5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE12in_alignmentEv: 226| 788| bool in_alignment() const { return m_position == 0; } _ZNK5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE23aligned_data_to_processERNS_12BufferSlicerE: 126| 71| [[nodiscard]] std::tuple, size_t> aligned_data_to_process(BufferSlicer& slicer) const { 127| 71| BOTAN_ASSERT_NOMSG(in_alignment()); ------------------ | | 77| 71| do { \ | | 78| 71| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 71| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 71] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 71| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 71] | | ------------------ ------------------ 128| | 129| | // When the final block is to be deferred, the last block must not be 130| | // selected for processing if there is no (unaligned) extra input data. 131| 71| const size_t defer = (defers_final_block()) ? 1 : 0; ------------------ | Branch (131:31): [True: 0, False: 71] ------------------ 132| 71| const size_t full_blocks_to_process = (slicer.remaining() - defer) / m_buffer.size(); 133| 71| return {slicer.take(full_blocks_to_process * m_buffer.size()), full_blocks_to_process}; 134| 71| } _ZN5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE6appendENSt3__14spanIKhLm18446744073709551615EEE: 90| 154| void append(std::span elements) { 91| 154| BOTAN_ASSERT_NOMSG(elements.size() <= elements_until_alignment()); ------------------ | | 77| 154| do { \ | | 78| 154| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 154| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 154] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 154| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 154] | | ------------------ ------------------ 92| 154| std::copy(elements.begin(), elements.end(), m_buffer.begin() + m_position); 93| 154| m_position += elements.size(); 94| 154| } _ZNK5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE24elements_until_alignmentEv: 221| 308| size_t elements_until_alignment() const { return m_buffer.size() - m_position; } _ZN5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE18fill_up_with_zerosEv: 79| 154| void fill_up_with_zeros() { 80| 154| if(!ready_to_consume()) { ------------------ | Branch (80:13): [True: 154, False: 0] ------------------ 81| 154| zeroize_buffer(&m_buffer[m_position], elements_until_alignment()); 82| 154| m_position = m_buffer.size(); 83| 154| } 84| 154| } _ZN5Botan15AlignmentBufferIhLm16ELNS_25AlignmentBufferFinalBlockE0EE7consumeEv: 200| 154| [[nodiscard]] std::span consume() { 201| 154| BOTAN_ASSERT_NOMSG(ready_to_consume()); ------------------ | | 77| 154| do { \ | | 78| 154| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 154| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 154] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 154| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 154] | | ------------------ ------------------ 202| 154| m_position = 0; 203| 154| return m_buffer; 204| 154| } _ZNK5Botan17Barrett_Reduction4cubeERKNS_6BigIntE: 66| 6| BigInt cube(const BigInt& x) const { return this->multiply(x, this->square(x)); } _ZN5Botan10ct_is_zeroITkNSt3__117unsigned_integralEhEET_S2_: 37| 2.87k|BOTAN_FORCE_INLINE constexpr T ct_is_zero(T x) { 38| 2.87k| return ct_expand_top_bit(~x & (x - 1)); 39| 2.87k|} _ZN5Botan17ct_expand_top_bitITkNSt3__117unsigned_integralEhEET_S2_: 28| 2.87k|BOTAN_FORCE_INLINE constexpr T ct_expand_top_bit(T a) { 29| 2.87k| const T top = CT::value_barrier(a >> (sizeof(T) * 8 - 1)); 30| 2.87k| return static_cast(0) - top; 31| 2.87k|} _ZN5Botan9var_ctz64Em: 180| 805|BOTAN_FORCE_INLINE constexpr size_t var_ctz64(uint64_t n) { 181| 805|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_ctzll) 182| 805| if(n == 0) { ------------------ | Branch (182:7): [True: 0, False: 805] ------------------ 183| 0| return 64; 184| 0| } 185| 805| return __builtin_ctzll(n); 186| |#else 187| | return ctz(n); 188| |#endif 189| 805|} _ZN5Botan17ct_expand_top_bitITkNSt3__117unsigned_integralEmEET_S2_: 28| 35.7M|BOTAN_FORCE_INLINE constexpr T ct_expand_top_bit(T a) { 29| 35.7M| const T top = CT::value_barrier(a >> (sizeof(T) * 8 - 1)); 30| 35.7M| return static_cast(0) - top; 31| 35.7M|} _ZN5Botan10ct_is_zeroITkNSt3__117unsigned_integralEmEET_S2_: 37| 34.1M|BOTAN_FORCE_INLINE constexpr T ct_is_zero(T x) { 38| 34.1M| return ct_expand_top_bit(~x & (x - 1)); 39| 34.1M|} _ZN5Botan6chooseITkNSt3__117unsigned_integralEmEET_S2_S2_S2_: 216| 198M|BOTAN_FORCE_INLINE constexpr T choose(T mask, T a, T b) { 217| | //return (mask & a) | (~mask & b); 218| 198M| return (b ^ (mask & (a ^ b))); 219| 198M|} _ZN5Botan17ct_if_is_zero_retITkNSt3__117unsigned_integralEjEEmT_m: 45| 195k|BOTAN_FORCE_INLINE constexpr size_t ct_if_is_zero_ret(T x, size_t s) { 46| | /* 47| | Similar to `return ct_is_zero(x) & s` but has to account for possibility that 48| | sizeof(T) is smaller than sizeof(size_t) which would lead to incomplete masking 49| | */ 50| 195k| const T a = ~x & (x - 1); 51| 195k| const size_t a_top = static_cast(CT::value_barrier(a >> (sizeof(T) * 8 - 1))); 52| 195k| const size_t mask = static_cast(0) - a_top; 53| 195k| return mask & s; 54| 195k|} _ZN5Botan8high_bitITkNSt3__117unsigned_integralEjEEmT_: 73| 39.1k|BOTAN_FORCE_INLINE constexpr size_t high_bit(T n) { 74| 39.1k| size_t hb = 0; 75| | 76| 234k| for(size_t s = 8 * sizeof(T) / 2; s > 0; s /= 2) { ------------------ | Branch (76:38): [True: 195k, False: 39.1k] ------------------ 77| | // Equivalent to: ((n >> s) == 0) ? 0 : s; 78| 195k| const size_t z = s - ct_if_is_zero_ret(n >> s, s); 79| 195k| hb += z; 80| 195k| n >>= z; 81| 195k| } 82| | 83| 39.1k| hb += n; 84| | 85| 39.1k| return hb; 86| 39.1k|} _ZN5Botan17significant_bytesITkNSt3__117unsigned_integralEmEEmT_: 94| 14.0k|BOTAN_FORCE_INLINE constexpr size_t significant_bytes(T n) { 95| 14.0k| size_t b = 0; 96| | 97| 56.3k| for(size_t s = 8 * sizeof(T) / 2; s >= 8; s /= 2) { ------------------ | Branch (97:38): [True: 42.2k, False: 14.0k] ------------------ 98| | // Equivalent to: ((n >> s) == 0) ? 0 : s; 99| 42.2k| const size_t z = s - ct_if_is_zero_ret(n >> s, s); 100| 42.2k| b += z / 8; 101| 42.2k| n >>= z; 102| 42.2k| } 103| | 104| 14.0k| b += (n != 0); 105| | 106| 14.0k| return b; 107| 14.0k|} _ZN5Botan17ct_if_is_zero_retITkNSt3__117unsigned_integralEmEEmT_m: 45| 286k|BOTAN_FORCE_INLINE constexpr size_t ct_if_is_zero_ret(T x, size_t s) { 46| | /* 47| | Similar to `return ct_is_zero(x) & s` but has to account for possibility that 48| | sizeof(T) is smaller than sizeof(size_t) which would lead to incomplete masking 49| | */ 50| 286k| const T a = ~x & (x - 1); 51| 286k| const size_t a_top = static_cast(CT::value_barrier(a >> (sizeof(T) * 8 - 1))); 52| 286k| const size_t mask = static_cast(0) - a_top; 53| 286k| return mask & s; 54| 286k|} _ZN5Botan9swap_bitsITkNSt3__117unsigned_integralEmEEvRT_S3_S2_m: 202| 80.0k|BOTAN_FORCE_INLINE constexpr void swap_bits(T& x, T& y, T mask, size_t shift) { 203| 80.0k| const T swap = ((x >> shift) ^ y) & mask; 204| 80.0k| x ^= swap << shift; 205| 80.0k| y ^= swap; 206| 80.0k|} _ZN5Botan6chooseITkNSt3__117unsigned_integralEjEET_S2_S2_S2_: 216| 33.8M|BOTAN_FORCE_INLINE constexpr T choose(T mask, T a, T b) { 217| | //return (mask & a) | (~mask & b); 218| 33.8M| return (b ^ (mask & (a ^ b))); 219| 33.8M|} _ZN5Botan8majorityITkNSt3__117unsigned_integralEjEET_S2_S2_S2_: 222| 16.9M|BOTAN_FORCE_INLINE constexpr T majority(T a, T b, T c) { 223| | /* 224| | Considering each bit of a, b, c individually 225| | 226| | If a xor b is set, then c is the deciding vote. 227| | 228| | If a xor b is not set then either a and b are both set or both unset. 229| | In either case the value of c doesn't matter, and examining b (or a) 230| | allows us to determine which case we are in. 231| | */ 232| 16.9M| return choose(a ^ b, c, b); 233| 16.9M|} _ZN5Botan13is_power_of_2ITkNSt3__117unsigned_integralEmEEbT_: 62| 275|BOTAN_FORCE_INLINE constexpr bool is_power_of_2(T arg) { 63| 275| return (arg != 0) && (arg != 1) && ((arg & static_cast(arg - 1)) == 0); ------------------ | Branch (63:11): [True: 275, False: 0] | Branch (63:25): [True: 275, False: 0] | Branch (63:39): [True: 275, False: 0] ------------------ 64| 275|} _ZN5Botan8majorityITkNSt3__117unsigned_integralEmEET_S2_S2_S2_: 222| 1.15M|BOTAN_FORCE_INLINE constexpr T majority(T a, T b, T c) { 223| | /* 224| | Considering each bit of a, b, c individually 225| | 226| | If a xor b is set, then c is the deciding vote. 227| | 228| | If a xor b is not set then either a and b are both set or both unset. 229| | In either case the value of c doesn't matter, and examining b (or a) 230| | allows us to determine which case we are in. 231| | */ 232| 1.15M| return choose(a ^ b, c, b); 233| 1.15M|} _ZN5Botan8high_bitITkNSt3__117unsigned_integralEmEEmT_: 73| 40.7k|BOTAN_FORCE_INLINE constexpr size_t high_bit(T n) { 74| 40.7k| size_t hb = 0; 75| | 76| 285k| for(size_t s = 8 * sizeof(T) / 2; s > 0; s /= 2) { ------------------ | Branch (76:38): [True: 244k, False: 40.7k] ------------------ 77| | // Equivalent to: ((n >> s) == 0) ? 0 : s; 78| 244k| const size_t z = s - ct_if_is_zero_ret(n >> s, s); 79| 244k| hb += z; 80| 244k| n >>= z; 81| 244k| } 82| | 83| 40.7k| hb += n; 84| | 85| 40.7k| return hb; 86| 40.7k|} _ZN5Botan6chooseITkNSt3__117unsigned_integralEhEET_S2_S2_S2_: 216| 2.06k|BOTAN_FORCE_INLINE constexpr T choose(T mask, T a, T b) { 217| | //return (mask & a) | (~mask & b); 218| 2.06k| return (b ^ (mask & (a ^ b))); 219| 2.06k|} _ZN5Botan17ct_expand_top_bitITkNSt3__117unsigned_integralEtEET_S2_: 28| 44.6k|BOTAN_FORCE_INLINE constexpr T ct_expand_top_bit(T a) { 29| 44.6k| const T top = CT::value_barrier(a >> (sizeof(T) * 8 - 1)); 30| 44.6k| return static_cast(0) - top; 31| 44.6k|} _ZN5Botan10ct_is_zeroITkNSt3__117unsigned_integralEtEET_S2_: 37| 22.3k|BOTAN_FORCE_INLINE constexpr T ct_is_zero(T x) { 38| 22.3k| return ct_expand_top_bit(~x & (x - 1)); 39| 22.3k|} _ZN5Botan13reverse_bytesITkNSt3__117unsigned_integralEmQooooooeqstT_Li1EeqstS2_Li2EeqstS2_Li4EeqstS2_Li8EEES2_S2_: 27| 989k|inline constexpr T reverse_bytes(T x) { 28| | if constexpr(sizeof(T) == 1) { 29| | return x; 30| | } else if constexpr(sizeof(T) == 2) { 31| |#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap16) 32| | return static_cast(__builtin_bswap16(x)); 33| |#else 34| | return static_cast((x << 8) | (x >> 8)); 35| |#endif 36| | } else if constexpr(sizeof(T) == 4) { 37| |#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap32) 38| | return static_cast(__builtin_bswap32(x)); 39| |#else 40| | // MSVC at least recognizes this as a bswap 41| | return static_cast(((x & 0x000000FF) << 24) | ((x & 0x0000FF00) << 8) | ((x & 0x00FF0000) >> 8) | 42| | ((x & 0xFF000000) >> 24)); 43| |#endif 44| 989k| } else if constexpr(sizeof(T) == 8) { 45| 989k|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap64) 46| 989k| return static_cast(__builtin_bswap64(x)); 47| |#else 48| | uint32_t hi = static_cast(x >> 32); 49| | uint32_t lo = static_cast(x); 50| | 51| | hi = reverse_bytes(hi); 52| | lo = reverse_bytes(lo); 53| | 54| | return (static_cast(lo) << 32) | hi; 55| |#endif 56| 989k| } 57| 989k|} _ZN5Botan13reverse_bytesITkNSt3__117unsigned_integralEtQooooooeqstT_Li1EeqstS2_Li2EeqstS2_Li4EeqstS2_Li8EEES2_S2_: 27| 52.6k|inline constexpr T reverse_bytes(T x) { 28| | if constexpr(sizeof(T) == 1) { 29| | return x; 30| 52.6k| } else if constexpr(sizeof(T) == 2) { 31| 52.6k|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap16) 32| 52.6k| return static_cast(__builtin_bswap16(x)); 33| |#else 34| | return static_cast((x << 8) | (x >> 8)); 35| |#endif 36| | } else if constexpr(sizeof(T) == 4) { 37| |#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap32) 38| | return static_cast(__builtin_bswap32(x)); 39| |#else 40| | // MSVC at least recognizes this as a bswap 41| | return static_cast(((x & 0x000000FF) << 24) | ((x & 0x0000FF00) << 8) | ((x & 0x00FF0000) >> 8) | 42| | ((x & 0xFF000000) >> 24)); 43| |#endif 44| | } else if constexpr(sizeof(T) == 8) { 45| |#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap64) 46| | return static_cast(__builtin_bswap64(x)); 47| |#else 48| | uint32_t hi = static_cast(x >> 32); 49| | uint32_t lo = static_cast(x); 50| | 51| | hi = reverse_bytes(hi); 52| | lo = reverse_bytes(lo); 53| | 54| | return (static_cast(lo) << 32) | hi; 55| |#endif 56| | } 57| 52.6k|} _ZN5Botan13reverse_bytesITkNSt3__117unsigned_integralEjQooooooeqstT_Li1EeqstS2_Li2EeqstS2_Li4EeqstS2_Li8EEES2_S2_: 27| 859k|inline constexpr T reverse_bytes(T x) { 28| | if constexpr(sizeof(T) == 1) { 29| | return x; 30| | } else if constexpr(sizeof(T) == 2) { 31| |#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap16) 32| | return static_cast(__builtin_bswap16(x)); 33| |#else 34| | return static_cast((x << 8) | (x >> 8)); 35| |#endif 36| 859k| } else if constexpr(sizeof(T) == 4) { 37| 859k|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap32) 38| 859k| return static_cast(__builtin_bswap32(x)); 39| |#else 40| | // MSVC at least recognizes this as a bswap 41| | return static_cast(((x & 0x000000FF) << 24) | ((x & 0x0000FF00) << 8) | ((x & 0x00FF0000) >> 8) | 42| | ((x & 0xFF000000) >> 24)); 43| |#endif 44| | } else if constexpr(sizeof(T) == 8) { 45| |#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_bswap64) 46| | return static_cast(__builtin_bswap64(x)); 47| |#else 48| | uint32_t hi = static_cast(x >> 32); 49| | uint32_t lo = static_cast(x); 50| | 51| | hi = reverse_bytes(hi); 52| | lo = reverse_bytes(lo); 53| | 54| | return (static_cast(lo) << 32) | hi; 55| |#endif 56| | } 57| 859k|} _ZN5Botan12BufferSlicerC2ENSt3__14spanIKhLm18446744073709551615EEE: 25| 397k| explicit BufferSlicer(std::span buffer) : m_remaining(buffer) {} _ZN5Botan12BufferSlicer4takeEm: 37| 830k| std::span take(const size_t count) { 38| 830k| BOTAN_STATE_CHECK(remaining() >= count); ------------------ | | 51| 830k| do { \ | | 52| 830k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 830k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 830k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 830k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 830k] | | ------------------ ------------------ 39| 830k| auto result = m_remaining.first(count); 40| 830k| m_remaining = m_remaining.subspan(count); 41| 830k| return result; 42| 830k| } _ZNK5Botan12BufferSlicer9remainingEv: 66| 1.32M| size_t remaining() const { return m_remaining.size(); } _ZN5Botan12BufferSlicer9take_byteEv: 57| 481k| uint8_t take_byte() { return take(1)[0]; } _ZNK5Botan12BufferSlicer5emptyEv: 68| 1.49M| bool empty() const { return m_remaining.empty(); } _ZN5Botan13BufferStufferC2ENSt3__14spanIhLm18446744073709551615EEE: 26| 20.5k| constexpr explicit BufferStuffer(std::span buffer) : m_buffer(buffer) {} _ZN5Botan13BufferStuffer4nextEm: 32| 25.0k| constexpr std::span next(size_t bytes) { 33| 25.0k| BOTAN_STATE_CHECK(m_buffer.size() >= bytes); ------------------ | | 51| 25.0k| do { \ | | 52| 25.0k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 25.0k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 25.0k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 25.0k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 25.0k] | | ------------------ ------------------ 34| | 35| 25.0k| auto result = m_buffer.first(bytes); 36| 25.0k| m_buffer = m_buffer.subspan(bytes); 37| 25.0k| return result; 38| 25.0k| } _ZN5Botan13BufferStuffer6appendEhm: 64| 17.3k| constexpr void append(uint8_t b, size_t repeat = 1) { 65| 17.3k| auto sink = next(repeat); 66| 17.3k| std::fill(sink.begin(), sink.end(), b); 67| 17.3k| } _ZNK5Botan13BufferStuffer4fullEv: 69| 10.8k| constexpr bool full() const { return m_buffer.empty(); } _ZNK5Botan13BufferStuffer18remaining_capacityEv: 71| 7.61k| constexpr size_t remaining_capacity() const { return m_buffer.size(); } _ZN5Botan13BufferStuffer4nextILm32EEENSt3__14spanIhXT_EEEv: 41| 23.9k| constexpr std::span next() { 42| 23.9k| BOTAN_STATE_CHECK(m_buffer.size() >= bytes); ------------------ | | 51| 23.9k| do { \ | | 52| 23.9k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 23.9k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 23.9k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 23.9k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 23.9k] | | ------------------ ------------------ 43| | 44| 23.9k| auto result = m_buffer.first(); 45| 23.9k| m_buffer = m_buffer.subspan(bytes); 46| 23.9k| return result; 47| 23.9k| } _ZN5Botan13BufferStuffer4nextILm48EEENSt3__14spanIhXT_EEEv: 41| 5.81k| constexpr std::span next() { 42| 5.81k| BOTAN_STATE_CHECK(m_buffer.size() >= bytes); ------------------ | | 51| 5.81k| do { \ | | 52| 5.81k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 5.81k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 5.81k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 5.81k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 5.81k] | | ------------------ ------------------ 43| | 44| 5.81k| auto result = m_buffer.first(); 45| 5.81k| m_buffer = m_buffer.subspan(bytes); 46| 5.81k| return result; 47| 5.81k| } _ZN5Botan13BufferStuffer4nextILm64EEENSt3__14spanIhXT_EEEv: 41| 1.99k| constexpr std::span next() { 42| 1.99k| BOTAN_STATE_CHECK(m_buffer.size() >= bytes); ------------------ | | 51| 1.99k| do { \ | | 52| 1.99k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 1.99k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 1.99k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 1.99k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 1.99k] | | ------------------ ------------------ 43| | 44| 1.99k| auto result = m_buffer.first(); 45| 1.99k| m_buffer = m_buffer.subspan(bytes); 46| 1.99k| return result; 47| 1.99k| } _ZN5Botan13BufferStuffer4nextILm66EEENSt3__14spanIhXT_EEEv: 41| 2.86k| constexpr std::span next() { 42| 2.86k| BOTAN_STATE_CHECK(m_buffer.size() >= bytes); ------------------ | | 51| 2.86k| do { \ | | 52| 2.86k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 2.86k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 2.86k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 2.86k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 2.86k] | | ------------------ ------------------ 43| | 44| 2.86k| auto result = m_buffer.first(); 45| 2.86k| m_buffer = m_buffer.subspan(bytes); 46| 2.86k| return result; 47| 2.86k| } _ZN5Botan14CBC_EncryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEENS2_INS_28BlockCipherModePaddingMethodENS4_IS7_EEEE: 79| 82| CBC_Mode(std::move(cipher), std::move(padding)) {} _ZN5Botan14CBC_DecryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEENS2_INS_28BlockCipherModePaddingMethodENS4_IS7_EEEE: 120| 172| CBC_Mode(std::move(cipher), std::move(padding)), m_tempbuf(ideal_granularity()) {} _ZNK5Botan8CBC_Mode6cipherEv: 45| 1.32k| const BlockCipher& cipher() const { return *m_cipher; } _ZNK5Botan8CBC_Mode10block_sizeEv: 52| 492| size_t block_size() const { return m_block_size; } _ZN5Botan8CBC_Mode5stateEv: 54| 393| secure_vector& state() { return m_state; } _ZN5Botan8CBC_Mode9state_ptrEv: 56| 955| uint8_t* state_ptr() { return m_state.data(); } _ZN5Botan14CCM_EncryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEmm: 95| 8| CCM_Mode(std::move(cipher), tag_size, L) {} _ZN5Botan14CCM_DecryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEmm: 118| 32| CCM_Mode(std::move(cipher), tag_size, L) {} _ZNK5Botan8CCM_Mode8tag_sizeEv: 47| 276| size_t tag_size() const final { return m_tag_size; } _ZNK5Botan8CCM_Mode1LEv: 54| 240| size_t L() const { return m_L; } _ZNK5Botan8CCM_Mode6cipherEv: 56| 40| const BlockCipher& cipher() const { return *m_cipher; } _ZNK5Botan8CCM_Mode6ad_bufEv: 62| 40| const secure_vector& ad_buf() const { return m_ad_buf; } _ZN5Botan8CCM_Mode7msg_bufEv: 64| 80| secure_vector& msg_buf() { return m_msg_buf; } _ZNK5Botan14CCM_Encryption13output_lengthEm: 97| 14| size_t output_length(size_t input_length) const override { return input_length + tag_size(); } _ZNK5Botan14CCM_Decryption13output_lengthEm: 120| 26| size_t output_length(size_t input_length) const override { 121| 26| BOTAN_ARG_CHECK(input_length >= tag_size(), "Sufficient input"); ------------------ | | 35| 26| do { \ | | 36| 26| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 26| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 26] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 26| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 26] | | ------------------ ------------------ 122| 26| return input_length - tag_size(); 123| 26| } _ZNK5Botan14CCM_Decryption18minimum_final_sizeEv: 125| 26| size_t minimum_final_size() const override { return tag_size(); } base64.cpp:_ZN5Botan11base_decodeINS_12_GLOBAL__N_16Base64EEEmRKT_PhPKcmRmbb: 124| 14.0k| bool ignore_ws = true) { 125| | // TODO(Botan4) Check if we can use just base. or Base:: here instead 126| 14.0k| constexpr size_t decoding_bytes_in = std::remove_reference_t::decoding_bytes_in(); 127| 14.0k| constexpr size_t decoding_bytes_out = std::remove_reference_t::decoding_bytes_out(); 128| | 129| 14.0k| uint8_t* out_ptr = output; 130| 14.0k| std::array decode_buf{}; 131| 14.0k| size_t decode_buf_pos = 0; 132| 14.0k| size_t final_truncate = 0; 133| | 134| 14.0k| clear_mem(output, base.decode_max_output(input_length)); 135| | 136| 5.84M| for(size_t i = 0; i != input_length; ++i) { ------------------ | Branch (136:22): [True: 5.83M, False: 14.0k] ------------------ 137| 5.83M| const uint8_t bin = base.lookup_binary_value(input[i]); 138| | 139| | // This call might throw Invalid_Argument 140| 5.83M| if(base.check_bad_char(bin, input[i], ignore_ws)) { ------------------ | Branch (140:10): [True: 5.83M, False: 0] ------------------ 141| 5.83M| decode_buf[decode_buf_pos] = bin; 142| 5.83M| ++decode_buf_pos; 143| 5.83M| } 144| | 145| | /* 146| | * If we're at the end of the input, pad with 0s and truncate 147| | */ 148| 5.83M| if(final_inputs && (i == input_length - 1)) { ------------------ | Branch (148:10): [True: 5.83M, False: 0] | Branch (148:26): [True: 14.0k, False: 5.81M] ------------------ 149| 14.0k| if(decode_buf_pos) { ------------------ | Branch (149:13): [True: 14.0k, False: 0] ------------------ 150| 14.0k| for(size_t j = decode_buf_pos; j < decoding_bytes_in; ++j) { ------------------ | Branch (150:44): [True: 0, False: 14.0k] ------------------ 151| 0| decode_buf[j] = 0; 152| 0| } 153| | 154| 14.0k| final_truncate = decoding_bytes_in - decode_buf_pos; 155| 14.0k| decode_buf_pos = decoding_bytes_in; 156| 14.0k| } 157| 14.0k| } 158| | 159| 5.83M| if(decode_buf_pos == decoding_bytes_in) { ------------------ | Branch (159:10): [True: 1.45M, False: 4.37M] ------------------ 160| 1.45M| base.decode(out_ptr, decode_buf.data()); 161| | 162| 1.45M| out_ptr += decoding_bytes_out; 163| 1.45M| decode_buf_pos = 0; 164| 1.45M| input_consumed = i + 1; 165| 1.45M| } 166| 5.83M| } 167| | 168| 14.0k| while(input_consumed < input_length && base.lookup_binary_value(input[input_consumed]) == 0x80) { ------------------ | Branch (168:10): [True: 0, False: 14.0k] | Branch (168:43): [True: 0, False: 0] ------------------ 169| 0| ++input_consumed; 170| 0| } 171| | 172| 14.0k| const size_t written = (out_ptr - output) - base.bytes_to_remove(final_truncate); 173| | 174| 14.0k| return written; 175| 14.0k|} base64.cpp:_ZN5Botan16base_decode_fullINS_12_GLOBAL__N_16Base64EEEmRKT_PhPKcmb: 178| 14.0k|size_t base_decode_full(const Base& base, uint8_t output[], const char input[], size_t input_length, bool ignore_ws) { 179| 14.0k| size_t consumed = 0; 180| 14.0k| const size_t written = base_decode(base, output, input, input_length, consumed, true, ignore_ws); 181| | 182| 14.0k| if(consumed != input_length) { ------------------ | Branch (182:7): [True: 0, False: 14.0k] ------------------ 183| 0| throw Invalid_Argument(base.name() + " decoding failed, input did not have full bytes"); 184| 0| } 185| | 186| 14.0k| return written; 187| 14.0k|} base64.cpp:_ZN5Botan18base_decode_to_vecINSt3__16vectorIhNS_16secure_allocatorIhEEEENS_12_GLOBAL__N_16Base64EEET_RKT0_PKcmb: 190| 14.0k|Vector base_decode_to_vec(const Base& base, const char input[], size_t input_length, bool ignore_ws) { 191| 14.0k| const size_t output_length = base.decode_max_output(input_length); 192| 14.0k| Vector bin(output_length); 193| | 194| 14.0k| const size_t written = base_decode_full(base, bin.data(), input, input_length, ignore_ws); 195| | 196| 14.0k| bin.resize(written); 197| 14.0k| return bin; 198| 14.0k|} _ZN5Botan6concatINSt3__16vectorIhNS_16secure_allocatorIhEEEETpTkNS_6ranges14spanable_rangeEJRNS1_4spanIKhLm18446744073709551615EEESA_EEEDaDpOT0_Q10all_same_vIDpNS1_11conditionalIXsr21__is_primary_templateINS1_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS1_6ranges5__cpo5beginEEclsr3stdE7declvalIRSB_EEEEEEEEE5valueENS1_26indirectly_readable_traitsISK_EESL_E4type10value_typeEE: 92| 3.19k|{ 93| | if constexpr(std::same_as) { 94| | // Try to auto-detect a reasonable output type given the input ranges 95| | static_assert(sizeof...(Rs) > 0, "Cannot auto-detect the output type if not a single input range is provided."); 96| | using candidate_result_t = std::remove_cvref_t>>; 97| | using result_range_value_t = std::remove_cvref_t>; 98| | 99| | if constexpr((ranges::statically_spanable_range && ...)) { 100| | // If all input ranges have a static extent, we can calculate the total size at compile time 101| | // and therefore can use a statically sized output container. This is constexpr. 102| | constexpr size_t total_size = (decltype(std::span{ranges})::extent + ... + 0); 103| | using out_array_t = std::array; 104| | return detail::concatenate(std::forward(ranges)...); 105| | } else { 106| | // If at least one input range has a dynamic extent, we must use a dynamically allocated output container. 107| | // We assume that the user wants to use the first input range's container type as output type. 108| | static_assert( 109| | concepts::reservable_container, 110| | "First input range has static extent, but a dynamically allocated output range is required. Please explicitly specify a dynamically allocatable output type."); 111| | return detail::concatenate(std::forward(ranges)...); 112| | } 113| 3.19k| } else { 114| | // The caller has explicitly specified the output type 115| 3.19k| return detail::concatenate(std::forward(ranges)...); 116| 3.19k| } 117| 3.19k|} _ZN5Botan6detail11concatenateITkNS_6ranges14spanable_rangeENSt3__16vectorIhNS_16secure_allocatorIhEEEETpTkNS2_14spanable_rangeEJRNS3_4spanIKhLm18446744073709551615EEESB_EEET_DpOT0_Qoosr8conceptsE20reservable_containerISC_Esr6rangesE25statically_spanable_rangeISC_E: 33| 3.19k|{ 34| 3.19k| OutR result{}; 35| | 36| | // Prepare and validate the output range and construct a lambda that does the 37| | // actual filling of the result buffer. 38| | // (if no input ranges are given, GCC claims that fill_fn is unused) 39| 3.19k| [[maybe_unused]] auto fill_fn = [&] { 40| 3.19k| if constexpr(concepts::reservable_container) { 41| | // dynamically allocate the correct result byte length 42| 3.19k| const size_t total_size = (ranges.size() + ... + 0); 43| 3.19k| result.reserve(total_size); 44| | 45| | // fill the result buffer using a back-inserter 46| 3.19k| return [&result](auto&& range) { 47| 3.19k| std::copy( 48| 3.19k| std::ranges::begin(range), std::ranges::end(range), std::back_inserter(unwrap_strong_type(result))); 49| 3.19k| }; 50| 3.19k| } else { 51| 3.19k| if constexpr((ranges::statically_spanable_range && ... && true)) { 52| | // all input ranges have a static extent, so check the total size at compile time 53| | // (work around an issue in MSVC that warns `total_size` is unused) 54| 3.19k| [[maybe_unused]] constexpr size_t total_size = (decltype(std::span{ranges})::extent + ... + 0); 55| 3.19k| static_assert(result.size() == total_size, "size of result buffer does not match the sum of input buffers"); 56| 3.19k| } else { 57| | // at least one input range has a dynamic extent, so check the total size at runtime 58| 3.19k| const size_t total_size = (ranges.size() + ... + 0); 59| 3.19k| BOTAN_ARG_CHECK(result.size() == total_size, 60| 3.19k| "result buffer has static extent that does not match the sum of input buffers"); 61| 3.19k| } 62| | 63| | // fill the result buffer and hold the current output-iterator position 64| 3.19k| return [itr = std::ranges::begin(result)](auto&& range) mutable { 65| 3.19k| std::copy(std::ranges::begin(range), std::ranges::end(range), itr); 66| 3.19k| std::advance(itr, std::ranges::size(range)); 67| 3.19k| }; 68| 3.19k| } 69| 3.19k| }(); 70| | 71| | // perform the actual concatenation 72| 3.19k| (fill_fn(std::forward(ranges)), ...); 73| | 74| 3.19k| return result; 75| 3.19k|} _ZZN5Botan6detail11concatenateITkNS_6ranges14spanable_rangeENSt3__16vectorIhNS_16secure_allocatorIhEEEETpTkNS2_14spanable_rangeEJRNS3_4spanIKhLm18446744073709551615EEESB_EEET_DpOT0_Qoosr8conceptsE20reservable_containerISC_Esr6rangesE25statically_spanable_rangeISC_EENKUlvE_clEv: 39| 3.19k| [[maybe_unused]] auto fill_fn = [&] { 40| 3.19k| if constexpr(concepts::reservable_container) { 41| | // dynamically allocate the correct result byte length 42| 3.19k| const size_t total_size = (ranges.size() + ... + 0); 43| 3.19k| result.reserve(total_size); 44| | 45| | // fill the result buffer using a back-inserter 46| 3.19k| return [&result](auto&& range) { 47| 3.19k| std::copy( 48| 3.19k| std::ranges::begin(range), std::ranges::end(range), std::back_inserter(unwrap_strong_type(result))); 49| 3.19k| }; 50| | } else { 51| | if constexpr((ranges::statically_spanable_range && ... && true)) { 52| | // all input ranges have a static extent, so check the total size at compile time 53| | // (work around an issue in MSVC that warns `total_size` is unused) 54| | [[maybe_unused]] constexpr size_t total_size = (decltype(std::span{ranges})::extent + ... + 0); 55| | static_assert(result.size() == total_size, "size of result buffer does not match the sum of input buffers"); 56| | } else { 57| | // at least one input range has a dynamic extent, so check the total size at runtime 58| | const size_t total_size = (ranges.size() + ... + 0); 59| | BOTAN_ARG_CHECK(result.size() == total_size, 60| | "result buffer has static extent that does not match the sum of input buffers"); 61| | } 62| | 63| | // fill the result buffer and hold the current output-iterator position 64| | return [itr = std::ranges::begin(result)](auto&& range) mutable { 65| | std::copy(std::ranges::begin(range), std::ranges::end(range), itr); 66| | std::advance(itr, std::ranges::size(range)); 67| | }; 68| | } 69| 3.19k| }(); _ZZZN5Botan6detail11concatenateITkNS_6ranges14spanable_rangeENSt3__16vectorIhNS_16secure_allocatorIhEEEETpTkNS2_14spanable_rangeEJRNS3_4spanIKhLm18446744073709551615EEESB_EEET_DpOT0_Qoosr8conceptsE20reservable_containerISC_Esr6rangesE25statically_spanable_rangeISC_EENKUlvE_clEvENKUlOSC_E_clISB_EEDaSH_: 46| 6.39k| return [&result](auto&& range) { 47| 6.39k| std::copy( 48| 6.39k| std::ranges::begin(range), std::ranges::end(range), std::back_inserter(unwrap_strong_type(result))); 49| 6.39k| }; _ZN5Botan5CPUID3hasENS_10CPUFeatureE: 94| 274k| static bool has(CPUID::Feature feat) { return state().has_bit(feat.as_u32()); } _ZN5Botan5CPUID3hasENS_10CPUFeatureES1_: 99| 268k| static bool has(CPUID::Feature feat1, CPUID::Feature feat2) { 100| 268k| return state().has_bit(feat1.as_u32() | feat2.as_u32()); 101| 268k| } _ZN5Botan5CPUID6is_setEjNS_10CPUFeatureE: 127| 4| static inline bool is_set(uint32_t allowed, CPUID::Feature bit) { 128| 4| const uint32_t feat_bit = bit.as_u32(); 129| 4| return ((allowed & feat_bit) == feat_bit); 130| 4| } _ZNK5Botan5CPUID10CPUID_Data7has_bitEj: 144| 542k| bool has_bit(uint32_t bit) const { return (m_processor_features & bit) == bit; } _ZN5Botan5CPUID5stateEv: 156| 542k| static CPUID_Data& state() { 157| 542k| static CPUID::CPUID_Data g_cpuid; 158| 542k| return g_cpuid; 159| 542k| } cpuid_x86.cpp:_ZN5Botan5CPUID6if_setIZNS0_10CPUID_Data19detect_cpu_featuresEjE16x86_CPUID_1_bitsEEjmT_NS_10CPUFeatureEj: 117| 6| static inline uint32_t if_set(uint64_t cpuid, T flag, CPUID::Feature bit, uint32_t allowed) { 118| 6| const uint64_t flag64 = static_cast(flag); 119| 6| if((cpuid & flag64) == flag64) { ------------------ | Branch (119:13): [True: 6, False: 0] ------------------ 120| 6| return (bit.as_u32() & allowed); 121| 6| } else { 122| 0| return 0; 123| 0| } 124| 6| } cpuid_x86.cpp:_ZN5Botan5CPUID6if_setIZNS0_10CPUID_Data19detect_cpu_featuresEjE16x86_CPUID_7_bitsEEjmT_NS_10CPUFeatureEj: 117| 8| static inline uint32_t if_set(uint64_t cpuid, T flag, CPUID::Feature bit, uint32_t allowed) { 118| 8| const uint64_t flag64 = static_cast(flag); 119| 8| if((cpuid & flag64) == flag64) { ------------------ | Branch (119:13): [True: 4, False: 4] ------------------ 120| 4| return (bit.as_u32() & allowed); 121| 4| } else { 122| 4| return 0; 123| 4| } 124| 8| } cpuid_x86.cpp:_ZN5Botan5CPUID6if_setIZNS0_10CPUID_Data19detect_cpu_featuresEjE18x86_CPUID_7_1_bitsEEjmT_NS_10CPUFeatureEj: 117| 3| static inline uint32_t if_set(uint64_t cpuid, T flag, CPUID::Feature bit, uint32_t allowed) { 118| 3| const uint64_t flag64 = static_cast(flag); 119| 3| if((cpuid & flag64) == flag64) { ------------------ | Branch (119:13): [True: 0, False: 3] ------------------ 120| 0| return (bit.as_u32() & allowed); 121| 3| } else { 122| 3| return 0; 123| 3| } 124| 3| } _ZN5Botan10CPUFeatureC2ENS0_3BitE: 51| 810k| CPUFeature(Bit b) : m_bit(b) {} // NOLINT(*-explicit-conversions) _ZNK5Botan10CPUFeature6as_u32Ev: 53| 810k| uint32_t as_u32() const { return static_cast(m_bit); } _ZN5Botan2CT8is_equalIhEENS0_4MaskIT_EEPKS3_S6_m: 798| 924|constexpr inline CT::Mask is_equal(const T x[], const T y[], size_t len) { 799| 924| if(std::is_constant_evaluated()) { ------------------ | Branch (799:7): [Folded, False: 924] ------------------ 800| 0| T difference = 0; 801| | 802| 0| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (802:25): [True: 0, False: 0] ------------------ 803| 0| difference = difference | (x[i] ^ y[i]); 804| 0| } 805| | 806| 0| return CT::Mask::is_zero(difference); 807| 924| } else { 808| 924| volatile T difference = 0; 809| | 810| 15.1k| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (810:25): [True: 14.1k, False: 924] ------------------ 811| 14.1k| difference = difference | (x[i] ^ y[i]); 812| 14.1k| } 813| | 814| 924| return CT::Mask::is_zero(difference); 815| 924| } 816| 924|} _ZN5Botan2CT4MaskIhE7is_zeroEh: 437| 2.87k| static constexpr Mask is_zero(T x) { return Mask(ct_is_zero(value_barrier(x))); } _ZN5Botan2CT4MaskIhEC2Eh: 637| 11.3k| constexpr explicit Mask(T m) : m_mask(m) {} _ZNK5Botan2CT4MaskIhE7as_boolEv: 614| 9.29k| constexpr bool as_bool() const { return unpoisoned_value() != 0; } _ZNK5Botan2CT4MaskIhE16unpoisoned_valueEv: 598| 11.2k| constexpr T unpoisoned_value() const { 599| 11.2k| T r = value(); 600| 11.2k| CT::unpoison(r); 601| 11.2k| return r; 602| 11.2k| } _ZNK5Botan2CT4MaskIhE5valueEv: 630| 13.4k| constexpr T value() const { return value_barrier(m_mask); } _ZN5Botan2CT8unpoisonITkNSt3__18integralEhEEvRKT_: 112| 11.3k|constexpr void unpoison(const T& p) { 113| 11.3k| unpoison(&p, 1); 114| 11.3k|} _ZN5Botan2CT8unpoisonIhEEvPKT_m: 67| 16.5k|constexpr inline void unpoison(const T* p, size_t n) { 68| |#if defined(BOTAN_HAS_VALGRIND) 69| | if(!std::is_constant_evaluated()) { 70| | VALGRIND_MAKE_MEM_DEFINED(p, n * sizeof(T)); 71| | } 72| |#endif 73| | 74| 16.5k| BOTAN_UNUSED(p, n); ------------------ | | 144| 16.5k|#define BOTAN_UNUSED Botan::ignore_params ------------------ 75| 16.5k|} _ZN5Botan2CT6Choice9from_maskEm: 303| 11.5M| constexpr static Choice from_mask(underlying_type v) { return Choice(v); } _ZN5Botan2CT6Choice2noEv: 307| 1.80k| constexpr static Choice no() { return Choice(0); } _ZNK5Botan2CT6ChoicentEv: 309| 400k| constexpr Choice operator!() const { return Choice(~value()); } _ZNK5Botan2CT6ChoiceaaERKS1_: 311| 1.51M| constexpr Choice operator&&(const Choice& other) const { return Choice(value() & other.value()); } _ZNK5Botan2CT6ChoiceooERKS1_: 313| 45.8k| constexpr Choice operator||(const Choice& other) const { return Choice(value() | other.value()); } _ZNK5Botan2CT6ChoiceneERKS1_: 315| 1.79k| constexpr Choice operator!=(const Choice& other) const { return Choice(value() ^ other.value()); } _ZNK5Botan2CT6Choice7as_boolEv: 329| 462k| constexpr bool as_bool() const { return m_value != 0; } _ZNK5Botan2CT6Choice5valueEv: 332| 13.7M| constexpr underlying_type value() const { return value_barrier(m_value); } _ZN5Botan2CT6ChoiceC2Em: 341| 13.4M| constexpr explicit Choice(underlying_type v) : m_value(CT::value_barrier(v)) {} _ZN5Botan2CT4MaskImE7is_zeroEm: 437| 33.6M| static constexpr Mask is_zero(T x) { return Mask(ct_is_zero(value_barrier(x))); } _ZNK5Botan2CT4MaskImE5valueEv: 630| 52.9M| constexpr T value() const { return value_barrier(m_mask); } _ZNK5Botan2CT4MaskImEcoEv: 533| 16.7M| constexpr Mask operator~() const { return Mask(~value()); } _ZN5Botan2CT4MaskImE6expandEm: 392| 16.2M| static constexpr Mask expand(T v) { return ~Mask::is_zero(value_barrier(v)); } _ZNK5Botan2CT4MaskImE6selectEmm: 548| 1.76M| constexpr T select(T x, T y) const { return choose(value(), x, y); } _ZNK5Botan2CT4MaskImE16conditional_swapImEEvRT_S5_QlestTL0__stS4_: 587| 75.4k| { 588| 75.4k| auto cnd = Mask(*this); 589| 75.4k| U t0 = cnd.select(y, x); 590| 75.4k| U t1 = cnd.select(x, y); 591| 75.4k| x = t0; 592| 75.4k| y = t1; 593| 75.4k| } _ZN5Botan2CT6poisonIhEEvPKT_m: 56| 5.32k|constexpr inline void poison(const T* p, size_t n) { 57| |#if defined(BOTAN_HAS_VALGRIND) 58| | if(!std::is_constant_evaluated()) { 59| | VALGRIND_MAKE_MEM_UNDEFINED(p, n * sizeof(T)); 60| | } 61| |#endif 62| | 63| 5.32k| BOTAN_UNUSED(p, n); ------------------ | | 144| 5.32k|#define BOTAN_UNUSED Botan::ignore_params ------------------ 64| 5.32k|} _ZN5Botan2CT8unpoisonItEEvPKT_m: 67| 297|constexpr inline void unpoison(const T* p, size_t n) { 68| |#if defined(BOTAN_HAS_VALGRIND) 69| | if(!std::is_constant_evaluated()) { 70| | VALGRIND_MAKE_MEM_DEFINED(p, n * sizeof(T)); 71| | } 72| |#endif 73| | 74| 297| BOTAN_UNUSED(p, n); ------------------ | | 144| 297|#define BOTAN_UNUSED Botan::ignore_params ------------------ 75| 297|} _ZN5Botan2CT4MaskImE14expand_top_bitEm: 415| 1.60M| static constexpr Mask expand_top_bit(T v) { return Mask(ct_expand_top_bit(v)); } _ZN5Botan2CT4MaskImEC2Em: 637| 52.3M| constexpr explicit Mask(T m) : m_mask(m) {} _ZN5Botan2CT4MaskImE5is_ltEmm: 450| 1.60M| static constexpr Mask is_lt(T x, T y) { 451| 1.60M| T u = x ^ ((x ^ y) | ((x - y) ^ x)); 452| 1.60M| return Mask::expand_top_bit(u); 453| 1.60M| } _ZNK5Botan2CT4MaskImE13if_set_returnEm: 538| 610k| constexpr T if_set_return(T x) const { return value() & x; } _ZN5Botan2CT4MaskImE8is_equalEmm: 442| 9.62M| static constexpr Mask is_equal(T x, T y) { 443| 9.62M| const T diff = value_barrier(x) ^ value_barrier(y); 444| 9.62M| return Mask::is_zero(diff); 445| 9.62M| } _ZN5Botan2CT8unpoisonITkNSt3__18integralEmEEvRKT_: 112| 11.6M|constexpr void unpoison(const T& p) { 113| 11.6M| unpoison(&p, 1); 114| 11.6M|} _ZN5Botan2CT8unpoisonImEEvPKT_m: 67| 11.8M|constexpr inline void unpoison(const T* p, size_t n) { 68| |#if defined(BOTAN_HAS_VALGRIND) 69| | if(!std::is_constant_evaluated()) { 70| | VALGRIND_MAKE_MEM_DEFINED(p, n * sizeof(T)); 71| | } 72| |#endif 73| | 74| 11.8M| BOTAN_UNUSED(p, n); ------------------ | | 144| 11.8M|#define BOTAN_UNUSED Botan::ignore_params ------------------ 75| 11.8M|} _ZNK5Botan2CT4MaskImE7as_boolEv: 614| 56.6k| constexpr bool as_bool() const { return unpoisoned_value() != 0; } _ZNK5Botan2CT4MaskImE16unpoisoned_valueEv: 598| 11.5M| constexpr T unpoisoned_value() const { 599| 11.5M| T r = value(); 600| 11.5M| CT::unpoison(r); 601| 11.5M| return r; 602| 11.5M| } _ZNK5Botan2CT4MaskImE11select_maskES2_S2_: 559| 287k| Mask select_mask(Mask x, Mask y) const { return Mask(select(x.value(), y.value())); } _ZN5Botan2CT4MaskImEaNES2_: 494| 49| Mask& operator&=(Mask o) { 495| 49| m_mask &= o.value(); 496| 49| return (*this); 497| 49| } _ZNK5Botan2CT4MaskImE8select_nEPmPKmS5_m: 565| 10.8M| constexpr void select_n(T output[], const T x[], const T y[], size_t len) const { 566| 10.8M| const T mask = value(); 567| 74.3M| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (567:28): [True: 63.4M, False: 10.8M] ------------------ 568| 63.4M| output[i] = choose(mask, x[i], y[i]); 569| 63.4M| } 570| 10.8M| } _ZNK5Botan2CT4MaskIhE6selectEhh: 548| 2.06k| constexpr T select(T x, T y) const { return choose(value(), x, y); } _ZNK5Botan2CT4MaskImE9as_choiceEv: 619| 11.5M| constexpr CT::Choice as_choice() const { 620| 11.5M| if constexpr(sizeof(T) >= sizeof(Choice::underlying_type)) { 621| 11.5M| return CT::Choice::from_mask(static_cast(unpoisoned_value())); 622| | } else { 623| | return CT::Choice::from_int(unpoisoned_value()); 624| | } 625| 11.5M| } _ZN5Botan2CT6poisonImEEvPKT_m: 56| 14.8k|constexpr inline void poison(const T* p, size_t n) { 57| |#if defined(BOTAN_HAS_VALGRIND) 58| | if(!std::is_constant_evaluated()) { 59| | VALGRIND_MAKE_MEM_UNDEFINED(p, n * sizeof(T)); 60| | } 61| |#endif 62| | 63| 14.8k| BOTAN_UNUSED(p, n); ------------------ | | 144| 14.8k|#define BOTAN_UNUSED Botan::ignore_params ------------------ 64| 14.8k|} _ZN5Botan2CT4MaskImE6is_gteEmm: 468| 2.06k| static constexpr Mask is_gte(T x, T y) { return ~Mask::is_lt(x, y); } _ZN5Botan2CT20conditional_copy_memImEENS0_4MaskIT_EES3_PS3_PKS3_S7_m: 738| 48|constexpr inline Mask conditional_copy_mem(T cnd, T* dest, const T* if_set, const T* if_unset, size_t elems) { 739| 48| const auto mask = CT::Mask::expand(cnd); 740| 48| return CT::conditional_copy_mem(mask, dest, if_set, if_unset, elems); 741| 48|} _ZN5Botan2CT20conditional_copy_memImEENS0_4MaskIT_EES4_PS3_PKS3_S7_m: 732| 48|constexpr inline Mask conditional_copy_mem(Mask mask, T* dest, const T* if_set, const T* if_unset, size_t elems) { 733| 48| mask.select_n(dest, if_set, if_unset, elems); 734| 48| return mask; 735| 48|} _ZN5Botan2CTeoENS0_4MaskImEES2_: 523| 4.25k| friend Mask operator^(Mask x, Mask y) { return Mask(x.value() ^ y.value()); } _ZN5Botan2CT8is_equalIhEENS0_4MaskIT_EENSt3__14spanIKS3_Lm18446744073709551615EEES8_: 825| 9.15k|constexpr inline CT::Mask is_equal(std::span x, std::span y) { 826| 9.15k| if(x.size() != y.size()) { ------------------ | Branch (826:7): [True: 8.46k, False: 693] ------------------ 827| 8.46k| return CT::Mask::cleared(); 828| 8.46k| } 829| | 830| 693| return is_equal(x.data(), y.data(), x.size()); 831| 9.15k|} _ZN5Botan2CT4MaskIhE7clearedEv: 387| 8.46k| static constexpr Mask cleared() { return Mask(0); } _ZN5Botan2CT13scoped_poisonIJNSt3__16vectorIhNS_16secure_allocatorIhEEEEEQaaaagtsZT_Li0Efraa10poisonableIT_Efraa12unpoisonableIS7_EEEDaDpRKS7_: 222| 12|[[nodiscard]] constexpr auto scoped_poison(const Ts&... xs) { 223| 12| auto scope = scoped_cleanup([&] { unpoison_all(xs...); }); 224| 12| poison_all(xs...); 225| 12| return scope; 226| 12|} _ZN5Botan2CT10poison_allITpTkNS0_10poisonableEJNSt3__16vectorIhNS_16secure_allocatorIhEEEEEQgtsZT_Li0EEEvDpRKT_: 201| 12|constexpr void poison_all(const Ts&... ts) { 202| 12| (poison(ts), ...); 203| 12|} _ZN5Botan2CT6poisonITkNS_6ranges14spanable_rangeENSt3__16vectorIhNS_16secure_allocatorIhEEEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEnt17custom_poisonableISC_EEEvRKSC_: 121| 12|constexpr void poison(const R& r) { 122| 12| const std::span s{r}; 123| 12| poison(s.data(), s.size()); 124| 12|} _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__15arrayIhLm56EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt19custom_unpoisonableISA_EEEvRKSA_: 128| 10|constexpr void unpoison(const R& r) { 129| 10| const std::span s{r}; 130| 10| unpoison(s.data(), s.size()); 131| 10|} _ZZN5Botan2CT13scoped_poisonIJNSt3__16vectorIhNS_16secure_allocatorIhEEEEEQaaaagtsZT_Li0Efraa10poisonableIT_Efraa12unpoisonableIS7_EEEDaDpRKS7_ENKUlvE_clEv: 223| 12| auto scope = scoped_cleanup([&] { unpoison_all(xs...); }); _ZN5Botan2CT12unpoison_allITpTkNS0_12unpoisonableEJNSt3__16vectorIhNS_16secure_allocatorIhEEEEEQgtsZT_Li0EEEvDpRKT_: 207| 12|constexpr void unpoison_all(const Ts&... ts) { 208| 12| (unpoison(ts), ...); 209| 12|} _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__16vectorIhNS_16secure_allocatorIhEEEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEnt19custom_unpoisonableISC_EEEvRKSC_: 128| 14|constexpr void unpoison(const R& r) { 129| 14| const std::span s{r}; 130| 14| unpoison(s.data(), s.size()); 131| 14|} _ZN5Botan2CT9all_zerosIhEENS0_4MaskIT_EEPKS3_m: 785| 5|constexpr inline CT::Mask all_zeros(const T elem[], size_t len) { 786| 5| T sum = 0; 787| 213| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (787:22): [True: 208, False: 5] ------------------ 788| 208| sum |= elem[i]; 789| 208| } 790| 5| return CT::Mask::is_zero(sum); 791| 5|} _ZN5Botan2CT4MaskImE7clearedEv: 387| 12| static constexpr Mask cleared() { return Mask(0); } _ZN5Botan2CT4MaskImEeOES2_: 502| 5.37k| Mask& operator^=(Mask o) { 503| 5.37k| m_mask ^= o.value(); 504| 5.37k| return (*this); 505| 5.37k| } _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__16vectorImNS_16secure_allocatorImEEEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEnt19custom_unpoisonableISC_EEEvRKSC_: 128| 144|constexpr void unpoison(const R& r) { 129| 144| const std::span s{r}; 130| 144| unpoison(s.data(), s.size()); 131| 144|} _ZN5Botan2CT9all_zerosImEENS0_4MaskIT_EEPKS3_m: 785| 2.37M|constexpr inline CT::Mask all_zeros(const T elem[], size_t len) { 786| 2.37M| T sum = 0; 787| 17.0M| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (787:22): [True: 14.6M, False: 2.37M] ------------------ 788| 14.6M| sum |= elem[i]; 789| 14.6M| } 790| 2.37M| return CT::Mask::is_zero(sum); 791| 2.37M|} _ZN5Botan2CT4MaskItEC2Et: 637| 111k| constexpr explicit Mask(T m) : m_mask(m) {} _ZN5Botan2CT4MaskItE14expand_top_bitEt: 415| 22.2k| static constexpr Mask expand_top_bit(T v) { return Mask(ct_expand_top_bit(v)); } _ZNK5Botan2CT4MaskItEcoEv: 533| 44.4k| constexpr Mask operator~() const { return Mask(~value()); } _ZNK5Botan2CT4MaskItE5valueEv: 630| 111k| constexpr T value() const { return value_barrier(m_mask); } _ZNK5Botan2CT4MaskItE7as_boolEv: 614| 99| constexpr bool as_bool() const { return unpoisoned_value() != 0; } _ZNK5Botan2CT4MaskItE16unpoisoned_valueEv: 598| 99| constexpr T unpoisoned_value() const { 599| 99| T r = value(); 600| 99| CT::unpoison(r); 601| 99| return r; 602| 99| } _ZN5Botan2CT8unpoisonITkNSt3__18integralEtEEvRKT_: 112| 297|constexpr void unpoison(const T& p) { 113| 297| unpoison(&p, 1); 114| 297|} _ZN5Botan2CT4MaskIhE8is_equalEhh: 442| 1.94k| static constexpr Mask is_equal(T x, T y) { 443| 1.94k| const T diff = value_barrier(x) ^ value_barrier(y); 444| 1.94k| return Mask::is_zero(diff); 445| 1.94k| } _ZN5Botan2CT4MaskIhEC2ImEENS1_IT_EE: 375| 2.06k| constexpr explicit Mask(Mask o) : m_mask(static_cast(o.value())) { 376| 2.06k| static_assert(sizeof(U) > sizeof(T), "sizes ok"); 377| 2.06k| } _ZN5Botan2CT4MaskImE6is_lteEmm: 463| 552k| static constexpr Mask is_lte(T x, T y) { return ~Mask::is_gt(x, y); } _ZN5Botan2CT4MaskImE5is_gtEmm: 458| 552k| static constexpr Mask is_gt(T x, T y) { return Mask::is_lt(y, x); } _ZN5Botan2CT6Choice8from_intIjQaasr3stdE17unsigned_integralIT_Entsr3stdE7same_asIbS3_EEES1_S3_: 268| 54| constexpr static Choice from_int(T v) { 269| 54| if constexpr(sizeof(T) <= sizeof(underlying_type)) { 270| 54| return !Choice(ct_is_zero(v)); 271| | } else { 272| | // Mask of T that is either |0| or |1| 273| | const T v_is_0 = ct_is_zero(value_barrier(v)); 274| | 275| | // We want the mask to be set if v != 0 so we must check that 276| | // v_is_0 is itself zero. 277| | // 278| | // Also sizeof(T) may not equal sizeof(underlying_type) so we must 279| | // use ct_is_zero. It's ok to either truncate or 280| | // zero extend v_is_0 to 32 bits since we know it is |0| or |1| 281| | // so even just the low bit is sufficient. 282| | return Choice(ct_is_zero(static_cast(v_is_0))); 283| | } 284| 54| } _ZN5Botan2CT6poisonITkNS_6ranges14spanable_rangeENSt3__14spanIKmLm18446744073709551615EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEnt17custom_poisonableISB_EEEvRKSB_: 121| 48|constexpr void poison(const R& r) { 122| 48| const std::span s{r}; 123| 48| poison(s.data(), s.size()); 124| 48|} _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__14spanIKmLm18446744073709551615EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEnt19custom_unpoisonableISB_EEEvRKSB_: 128| 48|constexpr void unpoison(const R& r) { 129| 48| const std::span s{r}; 130| 48| unpoison(s.data(), s.size()); 131| 48|} _ZN5Botan2CT22conditional_assign_memImEENS0_4MaskIT_EES3_PS3_PKS3_m: 749| 10.8M|constexpr inline Mask conditional_assign_mem(T cnd, T* dest, const T* src, size_t elems) { 750| 10.8M| const auto mask = CT::Mask::expand(cnd); 751| 10.8M| mask.select_n(dest, src, dest, elems); 752| 10.8M| return mask; 753| 10.8M|} _ZNK5Botan2CT6Choice12into_bitmaskImQaasr3stdE17unsigned_integralIT_Entsr3stdE7same_asIbS3_EEES3_v: 291| 10.2M| constexpr T into_bitmask() const { 292| 10.2M| if constexpr(sizeof(T) <= sizeof(underlying_type)) { 293| | // The inner mask is already |0| or |1| so just truncate 294| 10.2M| return static_cast(value()); 295| | } else { 296| | return ~ct_is_zero(value()); 297| | } 298| 10.2M| } pcurves_brainpool256r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES4_E11FieldParamsEEEEES9_EEEEvRKT_: 138| 1.28k|constexpr void poison(const T& x) { 139| 1.28k| x._const_time_poison(); 140| 1.28k|} pcurves_brainpool256r1.cpp:_ZN5Botan2CT10poison_allITpTkNS0_10poisonableEJNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 201| 1.28k|constexpr void poison_all(const Ts&... ts) { 202| 1.28k| (poison(ts), ...); 203| 1.28k|} pcurves_brainpool256r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEEEEvRKT_: 138| 3.85k|constexpr void poison(const T& x) { 139| 3.85k| x._const_time_poison(); 140| 3.85k|} _ZN5Botan2CT6poisonITkNS_6ranges14spanable_rangeENSt3__15arrayImLm4EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt17custom_poisonableISA_EEEvRKSA_: 121| 6.54k|constexpr void poison(const R& r) { 122| 6.54k| const std::span s{r}; 123| 6.54k| poison(s.data(), s.size()); 124| 6.54k|} pcurves_brainpool256r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES4_E11FieldParamsEEEEES9_EEEEvRKT_: 143| 1.28k|constexpr void unpoison(const T& x) { 144| 1.28k| x._const_time_unpoison(); 145| 1.28k|} pcurves_brainpool256r1.cpp:_ZN5Botan2CT12unpoison_allITpTkNS0_12unpoisonableEJNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 207| 1.28k|constexpr void unpoison_all(const Ts&... ts) { 208| 1.28k| (unpoison(ts), ...); 209| 1.28k|} pcurves_brainpool256r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEEEEvRKT_: 143| 3.85k|constexpr void unpoison(const T& x) { 144| 3.85k| x._const_time_unpoison(); 145| 3.85k|} _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__15arrayImLm4EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt19custom_unpoisonableISA_EEEvRKSA_: 128| 6.54k|constexpr void unpoison(const R& r) { 129| 6.54k| const std::span s{r}; 130| 6.54k| unpoison(s.data(), s.size()); 131| 6.54k|} _ZN5Botan2CT8is_equalImEENS0_4MaskIT_EEPKS3_S6_m: 798| 14.1k|constexpr inline CT::Mask is_equal(const T x[], const T y[], size_t len) { 799| 14.1k| if(std::is_constant_evaluated()) { ------------------ | Branch (799:7): [Folded, False: 14.1k] ------------------ 800| 0| T difference = 0; 801| | 802| 0| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (802:25): [True: 0, False: 0] ------------------ 803| 0| difference = difference | (x[i] ^ y[i]); 804| 0| } 805| | 806| 0| return CT::Mask::is_zero(difference); 807| 14.1k| } else { 808| 14.1k| volatile T difference = 0; 809| | 810| 82.9k| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (810:25): [True: 68.8k, False: 14.1k] ------------------ 811| 68.8k| difference = difference | (x[i] ^ y[i]); 812| 68.8k| } 813| | 814| 14.1k| return CT::Mask::is_zero(difference); 815| 14.1k| } 816| 14.1k|} _ZNK5Botan2CT4MaskIhE9as_choiceEv: 619| 1.94k| constexpr CT::Choice as_choice() const { 620| | if constexpr(sizeof(T) >= sizeof(Choice::underlying_type)) { 621| | return CT::Choice::from_mask(static_cast(unpoisoned_value())); 622| 1.94k| } else { 623| 1.94k| return CT::Choice::from_int(unpoisoned_value()); 624| 1.94k| } 625| 1.94k| } _ZN5Botan2CT6Choice8from_intIhQaasr3stdE17unsigned_integralIT_Entsr3stdE7same_asIbS3_EEES1_S3_: 268| 1.94k| constexpr static Choice from_int(T v) { 269| 1.94k| if constexpr(sizeof(T) <= sizeof(underlying_type)) { 270| 1.94k| return !Choice(ct_is_zero(v)); 271| | } else { 272| | // Mask of T that is either |0| or |1| 273| | const T v_is_0 = ct_is_zero(value_barrier(v)); 274| | 275| | // We want the mask to be set if v != 0 so we must check that 276| | // v_is_0 is itself zero. 277| | // 278| | // Also sizeof(T) may not equal sizeof(underlying_type) so we must 279| | // use ct_is_zero. It's ok to either truncate or 280| | // zero extend v_is_0 to 32 bits since we know it is |0| or |1| 281| | // so even just the low bit is sufficient. 282| | return Choice(ct_is_zero(static_cast(v_is_0))); 283| | } 284| 1.94k| } pcurves_brainpool256r1.cpp:_ZN5Botan2CT6OptionINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEEEC2ESC_NS0_6ChoiceE: 653| 568| constexpr Option(T v, Choice valid) : m_has_value(valid), m_value(std::move(v)) {} pcurves_brainpool256r1.cpp:_ZNK5Botan2CT6OptionINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEEE19as_optional_vartimeEv: 710| 568| constexpr std::optional as_optional_vartime() const { 711| 568| if(m_has_value.as_bool()) { ------------------ | Branch (711:13): [True: 554, False: 14] ------------------ 712| 554| return {m_value}; 713| 554| } else { 714| 14| return {}; 715| 14| } 716| 568| } _ZN5Botan2CT6Choice8from_intImQaasr3stdE17unsigned_integralIT_Entsr3stdE7same_asIbS3_EEES1_S3_: 268| 1.79k| constexpr static Choice from_int(T v) { 269| 1.79k| if constexpr(sizeof(T) <= sizeof(underlying_type)) { 270| 1.79k| return !Choice(ct_is_zero(v)); 271| | } else { 272| | // Mask of T that is either |0| or |1| 273| | const T v_is_0 = ct_is_zero(value_barrier(v)); 274| | 275| | // We want the mask to be set if v != 0 so we must check that 276| | // v_is_0 is itself zero. 277| | // 278| | // Also sizeof(T) may not equal sizeof(underlying_type) so we must 279| | // use ct_is_zero. It's ok to either truncate or 280| | // zero extend v_is_0 to 32 bits since we know it is |0| or |1| 281| | // so even just the low bit is sufficient. 282| | return Choice(ct_is_zero(static_cast(v_is_0))); 283| | } 284| 1.79k| } pcurves_brainpool384r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES4_E11FieldParamsEEEEES9_EEEEvRKT_: 138| 676|constexpr void poison(const T& x) { 139| 676| x._const_time_poison(); 140| 676|} pcurves_brainpool384r1.cpp:_ZN5Botan2CT10poison_allITpTkNS0_10poisonableEJNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 201| 676|constexpr void poison_all(const Ts&... ts) { 202| 676| (poison(ts), ...); 203| 676|} pcurves_brainpool384r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEEEEvRKT_: 138| 2.02k|constexpr void poison(const T& x) { 139| 2.02k| x._const_time_poison(); 140| 2.02k|} _ZN5Botan2CT6poisonITkNS_6ranges14spanable_rangeENSt3__15arrayImLm6EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt17custom_poisonableISA_EEEvRKSA_: 121| 4.40k|constexpr void poison(const R& r) { 122| 4.40k| const std::span s{r}; 123| 4.40k| poison(s.data(), s.size()); 124| 4.40k|} pcurves_brainpool384r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES4_E11FieldParamsEEEEES9_EEEEvRKT_: 143| 676|constexpr void unpoison(const T& x) { 144| 676| x._const_time_unpoison(); 145| 676|} pcurves_brainpool384r1.cpp:_ZN5Botan2CT12unpoison_allITpTkNS0_12unpoisonableEJNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 207| 676|constexpr void unpoison_all(const Ts&... ts) { 208| 676| (unpoison(ts), ...); 209| 676|} pcurves_brainpool384r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEEEEvRKT_: 143| 2.02k|constexpr void unpoison(const T& x) { 144| 2.02k| x._const_time_unpoison(); 145| 2.02k|} _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__15arrayImLm6EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt19custom_unpoisonableISA_EEEvRKSA_: 128| 4.40k|constexpr void unpoison(const R& r) { 129| 4.40k| const std::span s{r}; 130| 4.40k| unpoison(s.data(), s.size()); 131| 4.40k|} pcurves_brainpool384r1.cpp:_ZN5Botan2CT6OptionINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEEEC2ESC_NS0_6ChoiceE: 653| 245| constexpr Option(T v, Choice valid) : m_has_value(valid), m_value(std::move(v)) {} pcurves_brainpool384r1.cpp:_ZNK5Botan2CT6OptionINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEEE19as_optional_vartimeEv: 710| 245| constexpr std::optional as_optional_vartime() const { 711| 245| if(m_has_value.as_bool()) { ------------------ | Branch (711:13): [True: 184, False: 61] ------------------ 712| 184| return {m_value}; 713| 184| } else { 714| 61| return {}; 715| 61| } 716| 245| } pcurves_brainpool512r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES4_E11FieldParamsEEEEES9_EEEEvRKT_: 138| 549|constexpr void poison(const T& x) { 139| 549| x._const_time_poison(); 140| 549|} pcurves_brainpool512r1.cpp:_ZN5Botan2CT10poison_allITpTkNS0_10poisonableEJNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 201| 549|constexpr void poison_all(const Ts&... ts) { 202| 549| (poison(ts), ...); 203| 549|} pcurves_brainpool512r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEEEEvRKT_: 138| 1.64k|constexpr void poison(const T& x) { 139| 1.64k| x._const_time_poison(); 140| 1.64k|} _ZN5Botan2CT6poisonITkNS_6ranges14spanable_rangeENSt3__15arrayImLm8EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt17custom_poisonableISA_EEEvRKSA_: 121| 1.64k|constexpr void poison(const R& r) { 122| 1.64k| const std::span s{r}; 123| 1.64k| poison(s.data(), s.size()); 124| 1.64k|} pcurves_brainpool512r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES4_E11FieldParamsEEEEES9_EEEEvRKT_: 143| 549|constexpr void unpoison(const T& x) { 144| 549| x._const_time_unpoison(); 145| 549|} pcurves_brainpool512r1.cpp:_ZN5Botan2CT12unpoison_allITpTkNS0_12unpoisonableEJNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 207| 549|constexpr void unpoison_all(const Ts&... ts) { 208| 549| (unpoison(ts), ...); 209| 549|} pcurves_brainpool512r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEEEEvRKT_: 143| 1.64k|constexpr void unpoison(const T& x) { 144| 1.64k| x._const_time_unpoison(); 145| 1.64k|} _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__15arrayImLm8EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt19custom_unpoisonableISA_EEEvRKSA_: 128| 1.64k|constexpr void unpoison(const R& r) { 129| 1.64k| const std::span s{r}; 130| 1.64k| unpoison(s.data(), s.size()); 131| 1.64k|} pcurves_brainpool512r1.cpp:_ZN5Botan2CT6OptionINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEEEC2ESC_NS0_6ChoiceE: 653| 203| constexpr Option(T v, Choice valid) : m_has_value(valid), m_value(std::move(v)) {} pcurves_brainpool512r1.cpp:_ZNK5Botan2CT6OptionINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEEE19as_optional_vartimeEv: 710| 203| constexpr std::optional as_optional_vartime() const { 711| 203| if(m_has_value.as_bool()) { ------------------ | Branch (711:13): [True: 149, False: 54] ------------------ 712| 149| return {m_value}; 713| 149| } else { 714| 54| return {}; 715| 54| } 716| 203| } _ZN5Botan2CT6poisonITkNS_6ranges14spanable_rangeENSt3__15arrayImLm9EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt17custom_poisonableISA_EEEvRKSA_: 121| 2.04k|constexpr void poison(const R& r) { 122| 2.04k| const std::span s{r}; 123| 2.04k| poison(s.data(), s.size()); 124| 2.04k|} _ZN5Botan2CT8unpoisonITkNS_6ranges14spanable_rangeENSt3__15arrayImLm9EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEnt19custom_unpoisonableISA_EEEvRKSA_: 128| 2.04k|constexpr void unpoison(const R& r) { 129| 2.04k| const std::span s{r}; 130| 2.04k| unpoison(s.data(), s.size()); 131| 2.04k|} pcurves_secp256r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS5_9secp256r16ParamsES6_E11FieldParamsEEEEES9_EEEEvRKT_: 138| 895|constexpr void poison(const T& x) { 139| 895| x._const_time_poison(); 140| 895|} pcurves_secp256r1.cpp:_ZN5Botan2CT10poison_allITpTkNS0_10poisonableEJNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 201| 895|constexpr void poison_all(const Ts&... ts) { 202| 895| (poison(ts), ...); 203| 895|} pcurves_secp256r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEEEEvRKT_: 138| 2.68k|constexpr void poison(const T& x) { 139| 2.68k| x._const_time_poison(); 140| 2.68k|} pcurves_secp256r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS5_9secp256r16ParamsES6_E11FieldParamsEEEEES9_EEEEvRKT_: 143| 895|constexpr void unpoison(const T& x) { 144| 895| x._const_time_unpoison(); 145| 895|} pcurves_secp256r1.cpp:_ZN5Botan2CT12unpoison_allITpTkNS0_12unpoisonableEJNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 207| 895|constexpr void unpoison_all(const Ts&... ts) { 208| 895| (unpoison(ts), ...); 209| 895|} pcurves_secp256r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEEEEvRKT_: 143| 2.68k|constexpr void unpoison(const T& x) { 144| 2.68k| x._const_time_unpoison(); 145| 2.68k|} pcurves_secp256r1.cpp:_ZN5Botan2CT6OptionINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEEEC2ESC_NS0_6ChoiceE: 653| 370| constexpr Option(T v, Choice valid) : m_has_value(valid), m_value(std::move(v)) {} pcurves_secp256r1.cpp:_ZNK5Botan2CT6OptionINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEEE19as_optional_vartimeEv: 710| 370| constexpr std::optional as_optional_vartime() const { 711| 370| if(m_has_value.as_bool()) { ------------------ | Branch (711:13): [True: 362, False: 8] ------------------ 712| 362| return {m_value}; 713| 362| } else { 714| 8| return {}; 715| 8| } 716| 370| } pcurves_secp384r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS5_9secp384r16ParamsES6_E11FieldParamsEEEEES9_EEEEvRKT_: 138| 793|constexpr void poison(const T& x) { 139| 793| x._const_time_poison(); 140| 793|} pcurves_secp384r1.cpp:_ZN5Botan2CT10poison_allITpTkNS0_10poisonableEJNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 201| 793|constexpr void poison_all(const Ts&... ts) { 202| 793| (poison(ts), ...); 203| 793|} pcurves_secp384r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEEEEvRKT_: 138| 2.37k|constexpr void poison(const T& x) { 139| 2.37k| x._const_time_poison(); 140| 2.37k|} pcurves_secp384r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS5_9secp384r16ParamsES6_E11FieldParamsEEEEES9_EEEEvRKT_: 143| 793|constexpr void unpoison(const T& x) { 144| 793| x._const_time_unpoison(); 145| 793|} pcurves_secp384r1.cpp:_ZN5Botan2CT12unpoison_allITpTkNS0_12unpoisonableEJNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 207| 793|constexpr void unpoison_all(const Ts&... ts) { 208| 793| (unpoison(ts), ...); 209| 793|} pcurves_secp384r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEEEEvRKT_: 143| 2.37k|constexpr void unpoison(const T& x) { 144| 2.37k| x._const_time_unpoison(); 145| 2.37k|} pcurves_secp384r1.cpp:_ZN5Botan2CT6OptionINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEEEC2ESC_NS0_6ChoiceE: 653| 298| constexpr Option(T v, Choice valid) : m_has_value(valid), m_value(std::move(v)) {} pcurves_secp384r1.cpp:_ZNK5Botan2CT6OptionINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEEE19as_optional_vartimeEv: 710| 298| constexpr std::optional as_optional_vartime() const { 711| 298| if(m_has_value.as_bool()) { ------------------ | Branch (711:13): [True: 296, False: 2] ------------------ 712| 296| return {m_value}; 713| 296| } else { 714| 2| return {}; 715| 2| } 716| 298| } pcurves_secp521r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS6_6ParamsES7_E11FieldParamsEEEEES9_EEEEvRKT_: 138| 680|constexpr void poison(const T& x) { 139| 680| x._const_time_poison(); 140| 680|} pcurves_secp521r1.cpp:_ZN5Botan2CT10poison_allITpTkNS0_10poisonableEJNS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 201| 680|constexpr void poison_all(const Ts&... ts) { 202| 680| (poison(ts), ...); 203| 680|} pcurves_secp521r1.cpp:_ZN5Botan2CT6poisonITkNS0_17custom_poisonableENS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEEEEvRKT_: 138| 2.04k|constexpr void poison(const T& x) { 139| 2.04k| x._const_time_poison(); 140| 2.04k|} pcurves_secp521r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS6_6ParamsES7_E11FieldParamsEEEEES9_EEEEvRKT_: 143| 680|constexpr void unpoison(const T& x) { 144| 680| x._const_time_unpoison(); 145| 680|} pcurves_secp521r1.cpp:_ZN5Botan2CT12unpoison_allITpTkNS0_12unpoisonableEJNS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEESC_SC_EQgtsZT_Li0EEEvDpRKT_: 207| 680|constexpr void unpoison_all(const Ts&... ts) { 208| 680| (unpoison(ts), ...); 209| 680|} pcurves_secp521r1.cpp:_ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEEEEvRKT_: 143| 2.04k|constexpr void unpoison(const T& x) { 144| 2.04k| x._const_time_unpoison(); 145| 2.04k|} pcurves_secp521r1.cpp:_ZN5Botan2CT6OptionINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEEEC2ESC_NS0_6ChoiceE: 653| 255| constexpr Option(T v, Choice valid) : m_has_value(valid), m_value(std::move(v)) {} pcurves_secp521r1.cpp:_ZNK5Botan2CT6OptionINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEEE19as_optional_vartimeEv: 710| 255| constexpr std::optional as_optional_vartime() const { 711| 255| if(m_has_value.as_bool()) { ------------------ | Branch (711:13): [True: 251, False: 4] ------------------ 712| 251| return {m_value}; 713| 251| } else { 714| 4| return {}; 715| 4| } 716| 255| } _ZNK5Botan2CT4MaskItE13if_set_returnEt: 538| 198| constexpr T if_set_return(T x) const { return value() & x; } _ZN5Botan2CT4MaskItE7is_zeroEt: 437| 22.3k| static constexpr Mask is_zero(T x) { return Mask(ct_is_zero(value_barrier(x))); } _ZN5Botan2CT4MaskItE5is_ltEtt: 450| 22.2k| static constexpr Mask is_lt(T x, T y) { 451| 22.2k| T u = x ^ ((x ^ y) | ((x - y) ^ x)); 452| 22.2k| return Mask::expand_top_bit(u); 453| 22.2k| } _ZN5Botan2CT4MaskItE5is_gtEtt: 458| 22.1k| static constexpr Mask is_gt(T x, T y) { return Mask::is_lt(y, x); } _ZN5Botan2CT4MaskItE6is_lteEtt: 463| 22.1k| static constexpr Mask is_lte(T x, T y) { return ~Mask::is_gt(x, y); } _ZN5Botan2CT4MaskItE8is_equalEtt: 442| 22.1k| static constexpr Mask is_equal(T x, T y) { 443| 22.1k| const T diff = value_barrier(x) ^ value_barrier(y); 444| 22.1k| return Mask::is_zero(diff); 445| 22.1k| } _ZN5Botan2CT4MaskItE6expandEt: 392| 99| static constexpr Mask expand(T v) { return ~Mask::is_zero(value_barrier(v)); } _ZN5Botan2CT4MaskImE10expand_bitEmm: 421| 4.86k| static constexpr Mask expand_bit(T v, size_t bit) { 422| 4.86k| return CT::Mask::expand_top_bit(v << (sizeof(v) * 8 - 1 - bit)); 423| 4.86k| } _ZNK5Botan2CT4MaskItE17if_not_set_returnEt: 543| 99| constexpr T if_not_set_return(T x) const { return ~value() & x; } _ZN5Botan2CT4MaskItE6expandIhEES2_NS1_IT_EE: 429| 99| static constexpr Mask expand(Mask m) { 430| 99| static_assert(sizeof(U) < sizeof(T), "sizes ok"); 431| 99| return ~Mask::is_zero(m.value()); 432| 99| } _ZN5Botan2CT8unpoisonITkNS0_19custom_unpoisonableENS0_4MaskItEEEEvRKT_: 143| 99|constexpr void unpoison(const T& x) { 144| 99| x._const_time_unpoison(); 145| 99|} _ZNK5Botan2CT4MaskItE20_const_time_unpoisonEv: 634| 99| constexpr void _const_time_unpoison() const { CT::unpoison(m_mask); } _ZN5Botan2CTanENS0_4MaskItEES2_: 518| 22.2k| friend Mask operator&(Mask x, Mask y) { return Mask(x.value() & y.value()); } _ZN5Botan2CT4MaskItEoRES2_: 510| 22.0k| Mask& operator|=(Mask o) { 511| 22.0k| m_mask |= o.value(); 512| 22.0k| return (*this); 513| 22.0k| } _ZN5Botan9Gf448Elem3oneEv: 64| 24| static Gf448Elem one() { return Gf448Elem(1); } _ZN5Botan9Gf448Elem4zeroEv: 59| 12| static Gf448Elem zero() { return Gf448Elem(0); } _ZN5Botan9Gf448Elem5wordsEv: 120| 26.8k| std::span words() { return m_x; } _ZNK5Botan9Gf448Elem5wordsEv: 128| 26.8k| std::span words() const { return m_x; } _ZNK5Botan9TripleDES4nameEv: 50| 75| std::string name() const override { return "TripleDES"; } _ZNK5Botan9TripleDES11parallelismEv: 54| 56| size_t parallelism() const override { return 32; } _ZN5Botan11carry_shiftEom: 139| 268k|inline uint64_t carry_shift(const uint128_t a, size_t shift) { 140| 268k| return static_cast(a >> shift); 141| 268k|} _ZN5Botan13combine_lowerEomom: 143| 76|inline uint64_t combine_lower(const uint128_t a, size_t s1, const uint128_t b, size_t s2) { 144| 76| return static_cast((a >> s1) | (b << s2)); 145| 76|} _ZNK5Botan13EC_Group_Data3oidEv: 165| 38.2k| const OID& oid() const { return m_oid; } _ZNK5Botan13EC_Group_Data1pEv: 169| 23.8k| const BigInt& p() const { return m_p; } _ZNK5Botan13EC_Group_Data5curveEv: 180| 11.9k| const CurveGFp& curve() const { return m_curve; } _ZNK5Botan13EC_Group_Data5montyEv: 184| 59.6k| const Montgomery_Params& monty() const { return m_monty; } _ZNK5Botan13EC_Group_Data12has_cofactorEv: 195| 3.59k| bool has_cofactor() const { return m_has_cofactor; } _ZNK5Botan13EC_Group_Data7p_wordsEv: 201| 11.9k| size_t p_words() const { return m_p_words; } _ZNK5Botan13EC_Group_Data6p_bitsEv: 203| 1.79k| size_t p_bits() const { return m_p_bits; } _ZNK5Botan13EC_Group_Data11order_bytesEv: 209| 27.2k| size_t order_bytes() const { return m_order_bytes; } _ZNK5Botan13EC_Group_Data6pcurveEv: 282| 78.4k| const PCurve::PrimeOrderCurve& pcurve() const { 283| 78.4k| BOTAN_ASSERT_NONNULL(m_pcurve); ------------------ | | 116| 78.4k| do { \ | | 117| 78.4k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 78.4k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 78.4k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 78.4k] | | ------------------ ------------------ 284| 78.4k| return *m_pcurve; 285| 78.4k| } _ZN5Botan19EC_AffinePoint_DataD2Ev: 73| 17.3k| virtual ~EC_AffinePoint_Data() = default; _ZN5Botan14EC_Scalar_DataD2Ev: 38| 18.9k| virtual ~EC_Scalar_Data() = default; _ZNK5Botan17EC_Scalar_Data_PC5valueEv: 53| 13.7k| const auto& value() const { return m_v; } _ZN5Botan17EC_Scalar_Data_PCC2ENSt3__110shared_ptrIKNS_13EC_Group_DataEEENS_6PCurve15PrimeOrderCurve6ScalarE: 19| 18.9k| m_group(std::move(group)), m_v(std::move(v)) {} _ZNK5Botan17EC_PublicKey_Data5groupEv: 31| 15.5k| const EC_Group& group() const { return m_group; } _ZNK5Botan17EC_PublicKey_Data10public_keyEv: 33| 4.87k| const EC_AffinePoint& public_key() const { return m_point; } _ZNK5Botan18EC_PrivateKey_Data11private_keyEv: 74| 1.79k| const EC_Scalar& private_key() const { return m_scalar; } _ZN5Botan17EC_PublicKey_DataC2ERKNS_8EC_GroupENSt3__14spanIKhLm18446744073709551615EEE: 29| 7.04k| EC_PublicKey_Data(group, EC_AffinePoint(group, bytes)) {} _ZN5Botan3fmtIJNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEEEES7_NS1_17basic_string_viewIcS4_EEDpRKT_: 53| 14.7k|std::string fmt(std::string_view format, const T&... args) { 54| 14.7k| std::ostringstream oss; 55| 14.7k| oss.imbue(std::locale::classic()); 56| 14.7k| fmt_detail::do_fmt(oss, format, args...); 57| 14.7k| return oss.str(); 58| 14.7k|} _ZN5Botan10fmt_detail6do_fmtINSt3__112basic_stringIcNS2_11char_traitsIcEENS2_9allocatorIcEEEEJEEEvRNS2_19basic_ostringstreamIcS5_S7_EENS2_17basic_string_viewIcS5_EERKT_DpRKT0_: 25| 14.7k|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 14.7k| size_t i = 0; 27| | 28| 146k| while(i < format.size()) { ------------------ | Branch (28:10): [True: 146k, False: 0] ------------------ 29| 146k| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 14.7k, False: 131k] | Branch (29:30): [True: 14.7k, False: 0] | Branch (29:59): [True: 14.7k, False: 0] ------------------ 30| 14.7k| oss << val; 31| 14.7k| return do_fmt(oss, format.substr(i + 2), rest...); 32| 131k| } else { 33| 131k| oss << format[i]; 34| 131k| } 35| | 36| 131k| i += 1; 37| 131k| } 38| 14.7k|} _ZN5Botan10fmt_detail6do_fmtERNSt3__119basic_ostringstreamIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS1_17basic_string_viewIcS4_EE: 20| 20.1k|inline void do_fmt(std::ostringstream& oss, std::string_view format) { 21| 20.1k| oss << format; 22| 20.1k|} _ZN5Botan3fmtIJNSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEEEENS1_12basic_stringIcS4_NS1_9allocatorIcEEEES5_DpRKT_: 53| 3.52k|std::string fmt(std::string_view format, const T&... args) { 54| 3.52k| std::ostringstream oss; 55| 3.52k| oss.imbue(std::locale::classic()); 56| 3.52k| fmt_detail::do_fmt(oss, format, args...); 57| 3.52k| return oss.str(); 58| 3.52k|} _ZN5Botan10fmt_detail6do_fmtINSt3__117basic_string_viewIcNS2_11char_traitsIcEEEEJEEEvRNS2_19basic_ostringstreamIcS5_NS2_9allocatorIcEEEES6_RKT_DpRKT0_: 25| 4.50k|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 4.50k| size_t i = 0; 27| | 28| 31.9k| while(i < format.size()) { ------------------ | Branch (28:10): [True: 31.9k, False: 0] ------------------ 29| 31.9k| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 4.50k, False: 27.4k] | Branch (29:30): [True: 4.50k, False: 0] | Branch (29:59): [True: 4.50k, False: 0] ------------------ 30| 4.50k| oss << val; 31| 4.50k| return do_fmt(oss, format.substr(i + 2), rest...); 32| 27.4k| } else { 33| 27.4k| oss << format[i]; 34| 27.4k| } 35| | 36| 27.4k| i += 1; 37| 27.4k| } 38| 4.50k|} _ZN5Botan3fmtIJPKcS2_S2_EEENSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEENS3_17basic_string_viewIcS6_EEDpRKT_: 53| 12|std::string fmt(std::string_view format, const T&... args) { 54| 12| std::ostringstream oss; 55| 12| oss.imbue(std::locale::classic()); 56| 12| fmt_detail::do_fmt(oss, format, args...); 57| 12| return oss.str(); 58| 12|} _ZN5Botan10fmt_detail6do_fmtIPKcJS3_S3_EEEvRNSt3__119basic_ostringstreamIcNS4_11char_traitsIcEENS4_9allocatorIcEEEENS4_17basic_string_viewIcS7_EERKT_DpRKT0_: 25| 12|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 12| size_t i = 0; 27| | 28| 12| while(i < format.size()) { ------------------ | Branch (28:10): [True: 12, False: 0] ------------------ 29| 12| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 12, False: 0] | Branch (29:30): [True: 12, False: 0] | Branch (29:59): [True: 12, False: 0] ------------------ 30| 12| oss << val; 31| 12| return do_fmt(oss, format.substr(i + 2), rest...); 32| 12| } else { 33| 0| oss << format[i]; 34| 0| } 35| | 36| 0| i += 1; 37| 0| } 38| 12|} _ZN5Botan10fmt_detail6do_fmtIPKcJS3_EEEvRNSt3__119basic_ostringstreamIcNS4_11char_traitsIcEENS4_9allocatorIcEEEENS4_17basic_string_viewIcS7_EERKT_DpRKT0_: 25| 12|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 12| size_t i = 0; 27| | 28| 60| while(i < format.size()) { ------------------ | Branch (28:10): [True: 60, False: 0] ------------------ 29| 60| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 12, False: 48] | Branch (29:30): [True: 12, False: 0] | Branch (29:59): [True: 12, False: 0] ------------------ 30| 12| oss << val; 31| 12| return do_fmt(oss, format.substr(i + 2), rest...); 32| 48| } else { 33| 48| oss << format[i]; 34| 48| } 35| | 36| 48| i += 1; 37| 48| } 38| 12|} _ZN5Botan10fmt_detail6do_fmtIPKcJEEEvRNSt3__119basic_ostringstreamIcNS4_11char_traitsIcEENS4_9allocatorIcEEEENS4_17basic_string_viewIcS7_EERKT_DpRKT0_: 25| 367|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 367| size_t i = 0; 27| | 28| 4.98k| while(i < format.size()) { ------------------ | Branch (28:10): [True: 4.98k, False: 0] ------------------ 29| 4.98k| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 367, False: 4.62k] | Branch (29:30): [True: 367, False: 0] | Branch (29:59): [True: 367, False: 0] ------------------ 30| 367| oss << val; 31| 367| return do_fmt(oss, format.substr(i + 2), rest...); 32| 4.62k| } else { 33| 4.62k| oss << format[i]; 34| 4.62k| } 35| | 36| 4.62k| i += 1; 37| 4.62k| } 38| 367|} _ZN5Botan3fmtIJNSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEPKcEEENS1_12basic_stringIcS4_NS1_9allocatorIcEEEES5_DpRKT_: 53| 348|std::string fmt(std::string_view format, const T&... args) { 54| 348| std::ostringstream oss; 55| 348| oss.imbue(std::locale::classic()); 56| 348| fmt_detail::do_fmt(oss, format, args...); 57| 348| return oss.str(); 58| 348|} _ZN5Botan10fmt_detail6do_fmtINSt3__117basic_string_viewIcNS2_11char_traitsIcEEEEJPKcEEEvRNS2_19basic_ostringstreamIcS5_NS2_9allocatorIcEEEES6_RKT_DpRKT0_: 25| 348|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 348| size_t i = 0; 27| | 28| 348| while(i < format.size()) { ------------------ | Branch (28:10): [True: 348, False: 0] ------------------ 29| 348| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 348, False: 0] | Branch (29:30): [True: 348, False: 0] | Branch (29:59): [True: 348, False: 0] ------------------ 30| 348| oss << val; 31| 348| return do_fmt(oss, format.substr(i + 2), rest...); 32| 348| } else { 33| 0| oss << format[i]; 34| 0| } 35| | 36| 0| i += 1; 37| 0| } 38| 348|} _ZN5Botan3fmtIJPKcNSt3__117basic_string_viewIcNS3_11char_traitsIcEEEEEEENS3_12basic_stringIcS6_NS3_9allocatorIcEEEES7_DpRKT_: 53| 985|std::string fmt(std::string_view format, const T&... args) { 54| 985| std::ostringstream oss; 55| 985| oss.imbue(std::locale::classic()); 56| 985| fmt_detail::do_fmt(oss, format, args...); 57| 985| return oss.str(); 58| 985|} _ZN5Botan10fmt_detail6do_fmtIPKcJNSt3__117basic_string_viewIcNS4_11char_traitsIcEEEEEEEvRNS4_19basic_ostringstreamIcS7_NS4_9allocatorIcEEEES8_RKT_DpRKT0_: 25| 985|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 985| size_t i = 0; 27| | 28| 7.06k| while(i < format.size()) { ------------------ | Branch (28:10): [True: 7.06k, False: 0] ------------------ 29| 7.06k| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 985, False: 6.08k] | Branch (29:30): [True: 985, False: 0] | Branch (29:59): [True: 985, False: 0] ------------------ 30| 985| oss << val; 31| 985| return do_fmt(oss, format.substr(i + 2), rest...); 32| 6.08k| } else { 33| 6.08k| oss << format[i]; 34| 6.08k| } 35| | 36| 6.08k| i += 1; 37| 6.08k| } 38| 985|} _ZN5Botan10fmt_detail6do_fmtImJEEEvRNSt3__119basic_ostringstreamIcNS2_11char_traitsIcEENS2_9allocatorIcEEEENS2_17basic_string_viewIcS5_EERKT_DpRKT0_: 25| 425|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 425| size_t i = 0; 27| | 28| 10.4k| while(i < format.size()) { ------------------ | Branch (28:10): [True: 10.4k, False: 0] ------------------ 29| 10.4k| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 425, False: 10.0k] | Branch (29:30): [True: 425, False: 0] | Branch (29:59): [True: 425, False: 0] ------------------ 30| 425| oss << val; 31| 425| return do_fmt(oss, format.substr(i + 2), rest...); 32| 10.0k| } else { 33| 10.0k| oss << format[i]; 34| 10.0k| } 35| | 36| 10.0k| i += 1; 37| 10.0k| } 38| 425|} _ZN5Botan3fmtIJmmEEENSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS1_17basic_string_viewIcS4_EEDpRKT_: 53| 425|std::string fmt(std::string_view format, const T&... args) { 54| 425| std::ostringstream oss; 55| 425| oss.imbue(std::locale::classic()); 56| 425| fmt_detail::do_fmt(oss, format, args...); 57| 425| return oss.str(); 58| 425|} _ZN5Botan10fmt_detail6do_fmtImJmEEEvRNSt3__119basic_ostringstreamIcNS2_11char_traitsIcEENS2_9allocatorIcEEEENS2_17basic_string_viewIcS5_EERKT_DpRKT0_: 25| 425|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 425| size_t i = 0; 27| | 28| 5.40k| while(i < format.size()) { ------------------ | Branch (28:10): [True: 5.40k, False: 0] ------------------ 29| 5.40k| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 425, False: 4.97k] | Branch (29:30): [True: 425, False: 0] | Branch (29:59): [True: 425, False: 0] ------------------ 30| 425| oss << val; 31| 425| return do_fmt(oss, format.substr(i + 2), rest...); 32| 4.97k| } else { 33| 4.97k| oss << format[i]; 34| 4.97k| } 35| | 36| 4.97k| i += 1; 37| 4.97k| } 38| 425|} _ZN5Botan10fmt_detail6do_fmtIjJEEEvRNSt3__119basic_ostringstreamIcNS2_11char_traitsIcEENS2_9allocatorIcEEEENS2_17basic_string_viewIcS5_EERKT_DpRKT0_: 25| 70|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 70| size_t i = 0; 27| | 28| 166| while(i < format.size()) { ------------------ | Branch (28:10): [True: 166, False: 0] ------------------ 29| 166| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 70, False: 96] | Branch (29:30): [True: 70, False: 0] | Branch (29:59): [True: 70, False: 0] ------------------ 30| 70| oss << val; 31| 70| return do_fmt(oss, format.substr(i + 2), rest...); 32| 96| } else { 33| 96| oss << format[i]; 34| 96| } 35| | 36| 96| i += 1; 37| 96| } 38| 70|} _ZN5Botan3fmtIJNSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEjEEENS1_12basic_stringIcS4_NS1_9allocatorIcEEEES5_DpRKT_: 53| 26|std::string fmt(std::string_view format, const T&... args) { 54| 26| std::ostringstream oss; 55| 26| oss.imbue(std::locale::classic()); 56| 26| fmt_detail::do_fmt(oss, format, args...); 57| 26| return oss.str(); 58| 26|} _ZN5Botan10fmt_detail6do_fmtINSt3__117basic_string_viewIcNS2_11char_traitsIcEEEEJjEEEvRNS2_19basic_ostringstreamIcS5_NS2_9allocatorIcEEEES6_RKT_DpRKT0_: 25| 26|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 26| size_t i = 0; 27| | 28| 26| while(i < format.size()) { ------------------ | Branch (28:10): [True: 26, False: 0] ------------------ 29| 26| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 26, False: 0] | Branch (29:30): [True: 26, False: 0] | Branch (29:59): [True: 26, False: 0] ------------------ 30| 26| oss << val; 31| 26| return do_fmt(oss, format.substr(i + 2), rest...); 32| 26| } else { 33| 0| oss << format[i]; 34| 0| } 35| | 36| 0| i += 1; 37| 0| } 38| 26|} _ZN5Botan3fmtIJjjEEENSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS1_17basic_string_viewIcS4_EEDpRKT_: 53| 44|std::string fmt(std::string_view format, const T&... args) { 54| 44| std::ostringstream oss; 55| 44| oss.imbue(std::locale::classic()); 56| 44| fmt_detail::do_fmt(oss, format, args...); 57| 44| return oss.str(); 58| 44|} _ZN5Botan10fmt_detail6do_fmtIjJjEEEvRNSt3__119basic_ostringstreamIcNS2_11char_traitsIcEENS2_9allocatorIcEEEENS2_17basic_string_viewIcS5_EERKT_DpRKT0_: 25| 44|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 44| size_t i = 0; 27| | 28| 1.49k| while(i < format.size()) { ------------------ | Branch (28:10): [True: 1.49k, False: 0] ------------------ 29| 1.49k| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 44, False: 1.45k] | Branch (29:30): [True: 44, False: 0] | Branch (29:59): [True: 44, False: 0] ------------------ 30| 44| oss << val; 31| 44| return do_fmt(oss, format.substr(i + 2), rest...); 32| 1.45k| } else { 33| 1.45k| oss << format[i]; 34| 1.45k| } 35| | 36| 1.45k| i += 1; 37| 1.45k| } 38| 44|} _ZN5Botan3fmtIJmPKcEEENSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEENS3_17basic_string_viewIcS6_EEDpRKT_: 53| 7|std::string fmt(std::string_view format, const T&... args) { 54| 7| std::ostringstream oss; 55| 7| oss.imbue(std::locale::classic()); 56| 7| fmt_detail::do_fmt(oss, format, args...); 57| 7| return oss.str(); 58| 7|} _ZN5Botan10fmt_detail6do_fmtImJPKcEEEvRNSt3__119basic_ostringstreamIcNS4_11char_traitsIcEENS4_9allocatorIcEEEENS4_17basic_string_viewIcS7_EERKT_DpRKT0_: 25| 7|void do_fmt(std::ostringstream& oss, std::string_view format, const T& val, const Ts&... rest) { 26| 7| size_t i = 0; 27| | 28| 98| while(i < format.size()) { ------------------ | Branch (28:10): [True: 98, False: 0] ------------------ 29| 98| if(format[i] == '{' && (format.size() > (i + 1)) && format.at(i + 1) == '}') { ------------------ | Branch (29:10): [True: 7, False: 91] | Branch (29:30): [True: 7, False: 0] | Branch (29:59): [True: 7, False: 0] ------------------ 30| 7| oss << val; 31| 7| return do_fmt(oss, format.substr(i + 2), rest...); 32| 91| } else { 33| 91| oss << format[i]; 34| 91| } 35| | 36| 91| i += 1; 37| 91| } 38| 7|} _ZN5Botan14GCM_EncryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEm: 80| 17| GCM_Mode(std::move(cipher), tag_size) {} _ZN5Botan14GCM_DecryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEm: 101| 76| GCM_Mode(std::move(cipher), tag_size) {} _ZNK5Botan8GCM_Mode8tag_sizeEv: 40| 504| size_t tag_size() const final { return m_tag_size; } _ZNK5Botan14GCM_Encryption13output_lengthEm: 82| 30| size_t output_length(size_t input_length) const override { return input_length + tag_size(); } _ZNK5Botan14GCM_Decryption13output_lengthEm: 103| 59| size_t output_length(size_t input_length) const override { 104| 59| BOTAN_ARG_CHECK(input_length >= tag_size(), "Sufficient input"); ------------------ | | 35| 59| do { \ | | 36| 59| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 59| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 59] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 59| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 59] | | ------------------ ------------------ 105| 59| return input_length - tag_size(); 106| 59| } _ZNK5Botan14GCM_Decryption18minimum_final_sizeEv: 108| 60| size_t minimum_final_size() const override { return tag_size(); } _ZNK5Botan5GHASH8key_specEv: 42| 93| Key_Length_Specification key_spec() const override { return Key_Length_Specification(16); } _ZN5Botan7swar_ltITkNSt3__117unsigned_integralEtEET_S2_S2_: 91| 366k|constexpr T swar_lt(T a, T b) { 92| | // The constant 0x808080... as a T 93| 366k| constexpr T hi1 = (static_cast(-1) / 255) << 7; 94| | // The constant 0x7F7F7F... as a T 95| 366k| constexpr T lo7 = static_cast(~hi1); 96| 366k| T r = (lo7 - a + b) & hi1; 97| | // Currently the mask is 80 if lt, otherwise 00. Convert to FF/00 98| 366k| return (r << 1) - (r >> 7); 99| 366k|} _ZN5Botan13swar_in_rangeITkNSt3__117unsigned_integralEmEET_S2_S2_S2_: 114| 6.18M|constexpr T swar_in_range(T v, T lower, T upper) { 115| | // The constant 0x808080... as a T 116| 6.18M| constexpr T hi1 = (static_cast(-1) / 255) << 7; 117| | // The constant 0x7F7F7F... as a T 118| 6.18M| constexpr T lo7 = ~hi1; 119| | 120| 6.18M| const T sub = ((v | hi1) - (lower & lo7)) ^ ((v ^ (~lower)) & hi1); 121| 6.18M| const T a_lo = sub & lo7; 122| 6.18M| const T a_hi = sub & hi1; 123| 6.18M| return (lo7 - a_lo + upper) & hi1 & ~a_hi; 124| 6.18M|} _ZN5Botan23index_of_first_set_byteITkNSt3__117unsigned_integralEmEEmT_: 130| 355k|constexpr size_t index_of_first_set_byte(T v) { 131| | // The constant 0x010101... as a T 132| 355k| constexpr T lo1 = (static_cast(-1) / 255); 133| | // The constant 0x808080... as a T 134| 355k| constexpr T hi1 = lo1 << 7; 135| | // How many bits to shift in order to get the top byte 136| 355k| constexpr size_t bits = (sizeof(T) * 8) - 8; 137| | 138| 355k| return static_cast((((((v & hi1) - 1) & lo1) * lo1) >> bits) - 1); 139| 355k|} _ZN5Botan11checked_mulITkNSt3__117unsigned_integralEmEENS1_8optionalIT_EES3_S3_: 46| 631k|constexpr inline std::optional checked_mul(T a, T b) { 47| | // Multiplication by 1U is a hack to work around C's insane 48| | // integer promotion rules. 49| | // https://stackoverflow.com/questions/24795651 50| 631k| const T r = (1U * a) * b; 51| | // If a == 0 then the multiply certainly did not overflow 52| | // Otherwise r / a == b unless overflow occurred 53| 631k| if(a != 0 && r / a != b) { ------------------ | Branch (53:7): [True: 631k, False: 0] | Branch (53:17): [True: 0, False: 631k] ------------------ 54| 0| return {}; 55| 0| } 56| 631k| return r; 57| 631k|} _ZN5Botan11checked_addITkNSt3__117unsigned_integralEjEENS1_8optionalIT_EES3_S3_: 19| 25.8k|constexpr inline std::optional checked_add(T a, T b) { 20| 25.8k| const T r = a + b; 21| 25.8k| if(r < a || r < b) { ------------------ | Branch (21:7): [True: 0, False: 25.8k] | Branch (21:16): [True: 0, False: 25.8k] ------------------ 22| 0| return {}; 23| 0| } 24| 25.8k| return r; 25| 25.8k|} _ZN5Botan11checked_addITkNSt3__117unsigned_integralEmTpTkNS1_17unsigned_integralEJmmEQ10all_same_vIT_DpT0_EEENS1_8optionalIS2_EES2_S2_S4_: 37| 7.04k|constexpr inline std::optional checked_add(T a, T b, Ts... rest) { 38| 7.04k| if(auto r = checked_add(a, b)) { ------------------ | Branch (38:12): [True: 7.04k, False: 0] ------------------ 39| 7.04k| return checked_add(r.value(), rest...); 40| 7.04k| } else { 41| 0| return {}; 42| 0| } 43| 7.04k|} _ZN5Botan11checked_addITkNSt3__117unsigned_integralEmEENS1_8optionalIT_EES3_S3_: 19| 49.3k|constexpr inline std::optional checked_add(T a, T b) { 20| 49.3k| const T r = a + b; 21| 49.3k| if(r < a || r < b) { ------------------ | Branch (21:7): [True: 0, False: 49.3k] | Branch (21:16): [True: 0, False: 49.3k] ------------------ 22| 0| return {}; 23| 0| } 24| 49.3k| return r; 25| 49.3k|} _ZN5Botan11checked_addITkNSt3__117unsigned_integralEmTpTkNS1_17unsigned_integralEJmEQ10all_same_vIT_DpT0_EEENS1_8optionalIS2_EES2_S2_S4_: 37| 7.04k|constexpr inline std::optional checked_add(T a, T b, Ts... rest) { 38| 7.04k| if(auto r = checked_add(a, b)) { ------------------ | Branch (38:12): [True: 7.04k, False: 0] ------------------ 39| 7.04k| return checked_add(r.value(), rest...); 40| 7.04k| } else { 41| 0| return {}; 42| 0| } 43| 7.04k|} _ZN5Botan11checked_addITkNSt3__117unsigned_integralEmTpTkNS1_17unsigned_integralEJmmmmmmEQ10all_same_vIT_DpT0_EEENS1_8optionalIS2_EES2_S2_S4_: 37| 7.04k|constexpr inline std::optional checked_add(T a, T b, Ts... rest) { 38| 7.04k| if(auto r = checked_add(a, b)) { ------------------ | Branch (38:12): [True: 7.04k, False: 0] ------------------ 39| 7.04k| return checked_add(r.value(), rest...); 40| 7.04k| } else { 41| 0| return {}; 42| 0| } 43| 7.04k|} _ZN5Botan11checked_addITkNSt3__117unsigned_integralEmTpTkNS1_17unsigned_integralEJmmmmmEQ10all_same_vIT_DpT0_EEENS1_8optionalIS2_EES2_S2_S4_: 37| 7.04k|constexpr inline std::optional checked_add(T a, T b, Ts... rest) { 38| 7.04k| if(auto r = checked_add(a, b)) { ------------------ | Branch (38:12): [True: 7.04k, False: 0] ------------------ 39| 7.04k| return checked_add(r.value(), rest...); 40| 7.04k| } else { 41| 0| return {}; 42| 0| } 43| 7.04k|} _ZN5Botan11checked_addITkNSt3__117unsigned_integralEmTpTkNS1_17unsigned_integralEJmmmmEQ10all_same_vIT_DpT0_EEENS1_8optionalIS2_EES2_S2_S4_: 37| 7.04k|constexpr inline std::optional checked_add(T a, T b, Ts... rest) { 38| 7.04k| if(auto r = checked_add(a, b)) { ------------------ | Branch (38:12): [True: 7.04k, False: 0] ------------------ 39| 7.04k| return checked_add(r.value(), rest...); 40| 7.04k| } else { 41| 0| return {}; 42| 0| } 43| 7.04k|} _ZN5Botan11checked_addITkNSt3__117unsigned_integralEmTpTkNS1_17unsigned_integralEJmmmEQ10all_same_vIT_DpT0_EEENS1_8optionalIS2_EES2_S2_S4_: 37| 7.04k|constexpr inline std::optional checked_add(T a, T b, Ts... rest) { 38| 7.04k| if(auto r = checked_add(a, b)) { ------------------ | Branch (38:12): [True: 7.04k, False: 0] ------------------ 39| 7.04k| return checked_add(r.value(), rest...); 40| 7.04k| } else { 41| 0| return {}; 42| 0| } 43| 7.04k|} _ZN5Botan8get_byteILm0EtEEhT0_QltT_stS1_: 81| 407k|{ 82| 407k| const size_t shift = ((~B) & (sizeof(T) - 1)) << 3; 83| 407k| return static_cast((input >> shift) & 0xFF); 84| 407k|} _ZN5Botan8get_byteILm1EtEEhT0_QltT_stS1_: 81| 407k|{ 82| 407k| const size_t shift = ((~B) & (sizeof(T) - 1)) << 3; 83| 407k| return static_cast((input >> shift) & 0xFF); 84| 407k|} _ZN5Botan11make_uint16Ehh: 92| 266k|inline constexpr uint16_t make_uint16(uint8_t i0, uint8_t i1) { 93| 266k| return static_cast((static_cast(i0) << 8) | i1); 94| 266k|} _ZN5Botan11make_uint32Ehhhh: 104| 36.2k|inline constexpr uint32_t make_uint32(uint8_t i0, uint8_t i1, uint8_t i2, uint8_t i3) { 105| 36.2k| return ((static_cast(i0) << 24) | (static_cast(i1) << 16) | (static_cast(i2) << 8) | 106| 36.2k| (static_cast(i3))); 107| 36.2k|} _ZN5Botan8store_beINS_6detail10AutoDetectEJRKmPhEEEDaDpOT0_: 745| 136k|inline constexpr auto store_be(ParamTs&&... params) { 746| 136k| return detail::store_any(std::forward(params)...); 747| 136k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEmQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asIT1_S5_EEEvS6_Ph: 711| 154k|inline constexpr void store_any(T in, uint8_t out[]) { 712| | // asserts that *out points to enough bytes to write into 713| 154k| store_any(in, std::span(out, sizeof(T))); 714| 154k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm8EEEQsr3stdE7same_asIS4_T0_EEEvT1_OT2_: 646| 154k|inline constexpr void store_any(T in, OutR&& out_range) { 647| 154k| store_any(in, std::forward(out_range)); 648| 154k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm8EEEQnt15custom_storableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEEvS9_OT1_: 525| 487k|inline constexpr void store_any(WrappedInT wrapped_in, OutR&& out_range) { 526| 487k| const auto in = detail::unwrap_strong_type_or_enum(wrapped_in); 527| 487k| using InT = decltype(in); 528| 487k| ranges::assert_exact_byte_length(out_range); 529| 487k| const std::span out{out_range}; 530| | 531| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 532| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 533| | // in a `constexpr` context. 534| 487k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (534:7): [Folded, False: 487k] ------------------ 535| 0| return fallback_store_any(in, std::forward(out_range)); 536| 487k| } else { 537| | if constexpr(sizeof(InT) == 1) { 538| | out[0] = static_cast(in); 539| | } else if constexpr(endianness == std::endian::native) { 540| | typecast_copy(out, in); 541| 487k| } else { 542| 487k| static_assert(opposite(endianness) == std::endian::native); 543| 487k| typecast_copy(out, reverse_bytes(in)); 544| 487k| } 545| 487k| } 546| 487k|} _ZN5Botan6detail26unwrap_strong_type_or_enumITkNS0_20unsigned_integralishEmEEDaT_: 190| 490k|constexpr auto unwrap_strong_type_or_enum(InT t) { 191| | if constexpr(std::is_enum_v) { 192| | // TODO: C++23: use std::to_underlying(in) instead 193| | return static_cast>(t); 194| 490k| } else { 195| 490k| return Botan::unwrap_strong_type(t); 196| 490k| } 197| 490k|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmEET0_PKhm: 454| 284k|inline constexpr OutT load_any(const uint8_t in[], size_t off) { 455| | // asserts that *in points to enough bytes to read at offset off 456| 284k| constexpr size_t out_size = sizeof(OutT); 457| 284k| return load_any(std::span(in + off * out_size, out_size)); 458| 284k|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm8EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_: 278| 468k|inline constexpr WrappedOutT load_any(InR&& in_range) { 279| 468k| using OutT = detail::wrapped_type; 280| 468k| ranges::assert_exact_byte_length(in_range); 281| | 282| 468k| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 468k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { 287| 468k| return fallback_load_any(std::forward(in_range)); 288| 468k| } else { 289| 468k| const std::span in{in_range}; 290| 468k| if constexpr(sizeof(OutT) == 1) { 291| 468k| return static_cast(in[0]); 292| 468k| } else if constexpr(endianness == std::endian::native) { 293| 468k| return typecast_copy(in); 294| 468k| } else { 295| 468k| static_assert(opposite(endianness) == std::endian::native); 296| 468k| return reverse_bytes(typecast_copy(in)); 297| 468k| } 298| 468k| } 299| 468k| }()); 300| 468k|} _ZN5Botan6detail24wrap_strong_type_or_enumITkNS0_20unsigned_integralishEmTkNSt3__117unsigned_integralEmEEDaT0_: 200| 498k|constexpr auto wrap_strong_type_or_enum(T t) { 201| | if constexpr(std::is_enum_v) { 202| | return static_cast(t); 203| 498k| } else { 204| 498k| return Botan::wrap_strong_type(t); 205| 498k| } 206| 498k|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm8EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_ENKUlvE_clEv: 282| 468k| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 468k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (286:10): [Folded, False: 468k] ------------------ 287| 0| return fallback_load_any(std::forward(in_range)); 288| 468k| } else { 289| 468k| const std::span in{in_range}; 290| | if constexpr(sizeof(OutT) == 1) { 291| | return static_cast(in[0]); 292| | } else if constexpr(endianness == std::endian::native) { 293| | return typecast_copy(in); 294| 468k| } else { 295| 468k| static_assert(opposite(endianness) == std::endian::native); 296| 468k| return reverse_bytes(typecast_copy(in)); 297| 468k| } 298| 468k| } 299| 468k| }()); _ZN5Botan7load_beItJPKhRmEEEDaDpOT0_: 504| 51.1k|inline constexpr auto load_be(ParamTs&&... params) { 505| 51.1k| return detail::load_any(std::forward(params)...); 506| 51.1k|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEtEET0_PKhm: 454| 52.6k|inline constexpr OutT load_any(const uint8_t in[], size_t off) { 455| | // asserts that *in points to enough bytes to read at offset off 456| 52.6k| constexpr size_t out_size = sizeof(OutT); 457| 52.6k| return load_any(std::span(in + off * out_size, out_size)); 458| 52.6k|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEtTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm2EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_: 278| 52.6k|inline constexpr WrappedOutT load_any(InR&& in_range) { 279| 52.6k| using OutT = detail::wrapped_type; 280| 52.6k| ranges::assert_exact_byte_length(in_range); 281| | 282| 52.6k| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 52.6k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { 287| 52.6k| return fallback_load_any(std::forward(in_range)); 288| 52.6k| } else { 289| 52.6k| const std::span in{in_range}; 290| 52.6k| if constexpr(sizeof(OutT) == 1) { 291| 52.6k| return static_cast(in[0]); 292| 52.6k| } else if constexpr(endianness == std::endian::native) { 293| 52.6k| return typecast_copy(in); 294| 52.6k| } else { 295| 52.6k| static_assert(opposite(endianness) == std::endian::native); 296| 52.6k| return reverse_bytes(typecast_copy(in)); 297| 52.6k| } 298| 52.6k| } 299| 52.6k| }()); 300| 52.6k|} _ZN5Botan6detail24wrap_strong_type_or_enumITkNS0_20unsigned_integralishEtTkNSt3__117unsigned_integralEtEEDaT0_: 200| 52.6k|constexpr auto wrap_strong_type_or_enum(T t) { 201| | if constexpr(std::is_enum_v) { 202| | return static_cast(t); 203| 52.6k| } else { 204| 52.6k| return Botan::wrap_strong_type(t); 205| 52.6k| } 206| 52.6k|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEtTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm2EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_ENKUlvE_clEv: 282| 52.6k| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 52.6k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (286:10): [Folded, False: 52.6k] ------------------ 287| 0| return fallback_load_any(std::forward(in_range)); 288| 52.6k| } else { 289| 52.6k| const std::span in{in_range}; 290| | if constexpr(sizeof(OutT) == 1) { 291| | return static_cast(in[0]); 292| | } else if constexpr(endianness == std::endian::native) { 293| | return typecast_copy(in); 294| 52.6k| } else { 295| 52.6k| static_assert(opposite(endianness) == std::endian::native); 296| 52.6k| return reverse_bytes(typecast_copy(in)); 297| 52.6k| } 298| 52.6k| } 299| 52.6k| }()); _ZN5Botan7load_beIjJPKhRmEEEDaDpOT0_: 504| 192|inline constexpr auto load_be(ParamTs&&... params) { 505| 192| return detail::load_any(std::forward(params)...); 506| 192|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEjEET0_PKhm: 454| 502|inline constexpr OutT load_any(const uint8_t in[], size_t off) { 455| | // asserts that *in points to enough bytes to read at offset off 456| 502| constexpr size_t out_size = sizeof(OutT); 457| 502| return load_any(std::span(in + off * out_size, out_size)); 458| 502|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEjTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm4EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_: 278| 502|inline constexpr WrappedOutT load_any(InR&& in_range) { 279| 502| using OutT = detail::wrapped_type; 280| 502| ranges::assert_exact_byte_length(in_range); 281| | 282| 502| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 502| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { 287| 502| return fallback_load_any(std::forward(in_range)); 288| 502| } else { 289| 502| const std::span in{in_range}; 290| 502| if constexpr(sizeof(OutT) == 1) { 291| 502| return static_cast(in[0]); 292| 502| } else if constexpr(endianness == std::endian::native) { 293| 502| return typecast_copy(in); 294| 502| } else { 295| 502| static_assert(opposite(endianness) == std::endian::native); 296| 502| return reverse_bytes(typecast_copy(in)); 297| 502| } 298| 502| } 299| 502| }()); 300| 502|} _ZN5Botan6detail24wrap_strong_type_or_enumITkNS0_20unsigned_integralishEjTkNSt3__117unsigned_integralEjEEDaT0_: 200| 502|constexpr auto wrap_strong_type_or_enum(T t) { 201| | if constexpr(std::is_enum_v) { 202| | return static_cast(t); 203| 502| } else { 204| 502| return Botan::wrap_strong_type(t); 205| 502| } 206| 502|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEjTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm4EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_ENKUlvE_clEv: 282| 502| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 502| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (286:10): [Folded, False: 502] ------------------ 287| 0| return fallback_load_any(std::forward(in_range)); 288| 502| } else { 289| 502| const std::span in{in_range}; 290| | if constexpr(sizeof(OutT) == 1) { 291| | return static_cast(in[0]); 292| | } else if constexpr(endianness == std::endian::native) { 293| | return typecast_copy(in); 294| 502| } else { 295| 502| static_assert(opposite(endianness) == std::endian::native); 296| 502| return reverse_bytes(typecast_copy(in)); 297| 502| } 298| 502| } 299| 502| }()); _ZN5Botan8get_byteILm1EjEEhT0_QltT_stS1_: 81| 33.3k|{ 82| 33.3k| const size_t shift = ((~B) & (sizeof(T) - 1)) << 3; 83| 33.3k| return static_cast((input >> shift) & 0xFF); 84| 33.3k|} _ZN5Botan8get_byteILm2EjEEhT0_QltT_stS1_: 81| 33.3k|{ 82| 33.3k| const size_t shift = ((~B) & (sizeof(T) - 1)) << 3; 83| 33.3k| return static_cast((input >> shift) & 0xFF); 84| 33.3k|} _ZN5Botan8get_byteILm3EjEEhT0_QltT_stS1_: 81| 33.3k|{ 82| 33.3k| const size_t shift = ((~B) & (sizeof(T) - 1)) << 3; 83| 33.3k| return static_cast((input >> shift) & 0xFF); 84| 33.3k|} _ZN5Botan12get_byte_varImEEhmT_: 69| 227k|inline constexpr uint8_t get_byte_var(size_t byte_num, T input) { 70| 227k| return static_cast(input >> (((~byte_num) & (sizeof(T) - 1)) << 3)); 71| 227k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEtQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asIT1_S5_EEEvS6_Ph: 711| 8|inline constexpr void store_any(T in, uint8_t out[]) { 712| | // asserts that *out points to enough bytes to write into 713| 8| store_any(in, std::span(out, sizeof(T))); 714| 8|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEtTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm2EEEQsr3stdE7same_asIS4_T0_EEEvT1_OT2_: 646| 8|inline constexpr void store_any(T in, OutR&& out_range) { 647| 8| store_any(in, std::forward(out_range)); 648| 8|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEtTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm2EEEQnt15custom_storableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEEvS9_OT1_: 525| 8|inline constexpr void store_any(WrappedInT wrapped_in, OutR&& out_range) { 526| 8| const auto in = detail::unwrap_strong_type_or_enum(wrapped_in); 527| 8| using InT = decltype(in); 528| 8| ranges::assert_exact_byte_length(out_range); 529| 8| const std::span out{out_range}; 530| | 531| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 532| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 533| | // in a `constexpr` context. 534| 8| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (534:7): [Folded, False: 8] ------------------ 535| 0| return fallback_store_any(in, std::forward(out_range)); 536| 8| } else { 537| | if constexpr(sizeof(InT) == 1) { 538| | out[0] = static_cast(in); 539| | } else if constexpr(endianness == std::endian::native) { 540| | typecast_copy(out, in); 541| 8| } else { 542| 8| static_assert(opposite(endianness) == std::endian::native); 543| 8| typecast_copy(out, reverse_bytes(in)); 544| 8| } 545| 8| } 546| 8|} _ZN5Botan6detail26unwrap_strong_type_or_enumITkNS0_20unsigned_integralishEtEEDaT_: 190| 8|constexpr auto unwrap_strong_type_or_enum(InT t) { 191| | if constexpr(std::is_enum_v) { 192| | // TODO: C++23: use std::to_underlying(in) instead 193| | return static_cast>(t); 194| 8| } else { 195| 8| return Botan::unwrap_strong_type(t); 196| 8| } 197| 8|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEjQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asIT1_S5_EEEvS6_Ph: 711| 11.1k|inline constexpr void store_any(T in, uint8_t out[]) { 712| | // asserts that *out points to enough bytes to write into 713| 11.1k| store_any(in, std::span(out, sizeof(T))); 714| 11.1k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEjTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm4EEEQsr3stdE7same_asIS4_T0_EEEvT1_OT2_: 646| 11.1k|inline constexpr void store_any(T in, OutR&& out_range) { 647| 11.1k| store_any(in, std::forward(out_range)); 648| 11.1k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEjTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm4EEEQnt15custom_storableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEEvS9_OT1_: 525| 859k|inline constexpr void store_any(WrappedInT wrapped_in, OutR&& out_range) { 526| 859k| const auto in = detail::unwrap_strong_type_or_enum(wrapped_in); 527| 859k| using InT = decltype(in); 528| 859k| ranges::assert_exact_byte_length(out_range); 529| 859k| const std::span out{out_range}; 530| | 531| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 532| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 533| | // in a `constexpr` context. 534| 859k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (534:7): [Folded, False: 859k] ------------------ 535| 0| return fallback_store_any(in, std::forward(out_range)); 536| 859k| } else { 537| | if constexpr(sizeof(InT) == 1) { 538| | out[0] = static_cast(in); 539| | } else if constexpr(endianness == std::endian::native) { 540| | typecast_copy(out, in); 541| 859k| } else { 542| 859k| static_assert(opposite(endianness) == std::endian::native); 543| 859k| typecast_copy(out, reverse_bytes(in)); 544| 859k| } 545| 859k| } 546| 859k|} _ZN5Botan6detail26unwrap_strong_type_or_enumITkNS0_20unsigned_integralishEjEEDaT_: 190| 859k|constexpr auto unwrap_strong_type_or_enum(InT t) { 191| | if constexpr(std::is_enum_v) { 192| | // TODO: C++23: use std::to_underlying(in) instead 193| | return static_cast>(t); 194| 859k| } else { 195| 859k| return Botan::unwrap_strong_type(t); 196| 859k| } 197| 859k|} _ZN5Botan8store_beINS_6detail10AutoDetectEJRmRA8_hEEEDaDpOT0_: 745| 17.2k|inline constexpr auto store_be(ParamTs&&... params) { 746| 17.2k| return detail::store_any(std::forward(params)...); 747| 17.2k|} _ZN5Botan6detail9store_anyILNSt3__16endianE57005ETkNS0_20unsigned_integralishEmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm8EEEQnt15custom_storableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEEvS9_OT1_: 525| 76|inline constexpr void store_any(WrappedInT wrapped_in, OutR&& out_range) { 526| 76| const auto in = detail::unwrap_strong_type_or_enum(wrapped_in); 527| 76| using InT = decltype(in); 528| 76| ranges::assert_exact_byte_length(out_range); 529| 76| const std::span out{out_range}; 530| | 531| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 532| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 533| | // in a `constexpr` context. 534| 76| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (534:7): [Folded, False: 76] ------------------ 535| 0| return fallback_store_any(in, std::forward(out_range)); 536| 76| } else { 537| | if constexpr(sizeof(InT) == 1) { 538| | out[0] = static_cast(in); 539| 76| } else if constexpr(endianness == std::endian::native) { 540| 76| typecast_copy(out, in); 541| | } else { 542| | static_assert(opposite(endianness) == std::endian::native); 543| | typecast_copy(out, reverse_bytes(in)); 544| | } 545| 76| } 546| 76|} _ZN5Botan7load_beImJRA32_mRPKhRmEEEDaDpOT0_: 504| 500|inline constexpr auto load_be(ParamTs&&... params) { 505| 500| return detail::load_any(std::forward(params)...); 506| 500|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206EmTkNS0_20unsigned_integralishEmQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asIT1_S5_EEEvPS6_PKhm: 483| 500|inline constexpr void load_any(T out[], const uint8_t in[], size_t count) { 484| | // asserts that *in and *out point to the correct amount of memory 485| 500| load_any(std::span(out, count), std::span(in, count * sizeof(T))); 486| 500|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeENS2_4spanImLm18446744073709551615EEETkNS4_16contiguous_rangeIhEENS5_IKhLm18446744073709551615EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISH_EESI_E4type10value_typeEEoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISP_SN_EEEvOSE_RKT2_: 355| 500|inline constexpr void load_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 356| 500| ranges::assert_equal_byte_lengths(out, in); 357| 500| using element_type = std::ranges::range_value_t; 358| | 359| 500| auto load_elementwise = [&] { 360| 500| constexpr size_t bytes_per_element = sizeof(element_type); 361| 500| std::span in_s(in); 362| 500| for(auto& out_elem : out) { 363| 500| out_elem = load_any(in_s.template first()); 364| 500| in_s = in_s.subspan(bytes_per_element); 365| 500| } 366| 500| }; 367| | 368| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 369| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 370| | // in a `constexpr` context. 371| 500| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (371:7): [Folded, False: 500] ------------------ 372| 0| load_elementwise(); 373| 500| } else { 374| | if constexpr(endianness == std::endian::native && !custom_loadable) { 375| | typecast_copy(out, in); 376| 500| } else { 377| 500| load_elementwise(); 378| 500| } 379| 500| } 380| 500|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeENS2_4spanImLm18446744073709551615EEETkNS4_16contiguous_rangeIhEENS5_IKhLm18446744073709551615EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISH_EESI_E4type10value_typeEEoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISP_SN_EEEvOSE_RKT2_ENKUlvE_clEv: 359| 500| auto load_elementwise = [&] { 360| 500| constexpr size_t bytes_per_element = sizeof(element_type); 361| 500| std::span in_s(in); 362| 11.0k| for(auto& out_elem : out) { ------------------ | Branch (362:26): [True: 11.0k, False: 500] ------------------ 363| 11.0k| out_elem = load_any(in_s.template first()); 364| 11.0k| in_s = in_s.subspan(bytes_per_element); 365| 11.0k| } 366| 500| }; _ZN5Botan8store_beINS_6detail10AutoDetectEJPhRmEEEDaDpOT0_: 745| 11.0k|inline constexpr auto store_be(ParamTs&&... params) { 746| 11.0k| return detail::store_any(std::forward(params)...); 747| 11.0k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEmTpTkNS0_20unsigned_integralishEJEQaaoosr3stdE7same_asIS4_T0_Esr3stdE7same_asIT1_S5_E10all_same_vIS6_DpT2_EEEvPhS6_S8_: 723| 11.0k|inline constexpr void store_any(uint8_t out[], T0 in0, Ts... ins) { 724| 11.0k| constexpr auto bytes = sizeof(in0) + (sizeof(ins) + ... + 0); 725| | // asserts that *out points to the correct amount of memory 726| 11.0k| store_any(std::span(out, bytes), in0, ins...); 727| 11.0k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm8EEETpTkNS0_20unsigned_integralishEJmEQaagtsZT2_Li0Eooaasr3stdE7same_asINS0_10AutoDetectET0_E10all_same_vIDpT2_Eaa20unsigned_integralishIS9_E10all_same_vIS9_SB_EEEvOT1_SB_: 582| 332k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, Ts... ins) { 583| 332k| ranges::assert_exact_byte_length<(sizeof(Ts) + ...)>(out); 584| 332k| auto store_one = [off = 0](auto o, T i) mutable { 585| 332k| store_any(i, o.subspan(off).template first()); 586| 332k| off += sizeof(T); 587| 332k| }; 588| | 589| 332k| (store_one(std::span{out}, ins), ...); 590| 332k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm8EEETpTkNS0_20unsigned_integralishEJmEQaagtsZT2_Li0Eooaasr3stdE7same_asINS0_10AutoDetectET0_E10all_same_vIDpT2_Eaa20unsigned_integralishIS9_E10all_same_vIS9_SB_EEEvOT1_SB_ENUlTyS9_T_E_clImS7_EEDaS9_SE_: 584| 332k| auto store_one = [off = 0](auto o, T i) mutable { 585| 332k| store_any(i, o.subspan(off).template first()); 586| 332k| off += sizeof(T); 587| 332k| }; _ZN5Botan7load_leImJPKhiEEEDaDpOT0_: 495| 76|inline constexpr auto load_le(ParamTs&&... params) { 496| 76| return detail::load_any(std::forward(params)...); 497| 76|} _ZN5Botan6detail8load_anyILNSt3__16endianE57005ETkNS0_20unsigned_integralishEmEET0_PKhm: 454| 95|inline constexpr OutT load_any(const uint8_t in[], size_t off) { 455| | // asserts that *in points to enough bytes to read at offset off 456| 95| constexpr size_t out_size = sizeof(OutT); 457| 95| return load_any(std::span(in + off * out_size, out_size)); 458| 95|} _ZN5Botan6detail8load_anyILNSt3__16endianE57005ETkNS0_20unsigned_integralishEmTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm8EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_: 278| 95|inline constexpr WrappedOutT load_any(InR&& in_range) { 279| 95| using OutT = detail::wrapped_type; 280| 95| ranges::assert_exact_byte_length(in_range); 281| | 282| 95| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 95| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { 287| 95| return fallback_load_any(std::forward(in_range)); 288| 95| } else { 289| 95| const std::span in{in_range}; 290| 95| if constexpr(sizeof(OutT) == 1) { 291| 95| return static_cast(in[0]); 292| 95| } else if constexpr(endianness == std::endian::native) { 293| 95| return typecast_copy(in); 294| 95| } else { 295| 95| static_assert(opposite(endianness) == std::endian::native); 296| 95| return reverse_bytes(typecast_copy(in)); 297| 95| } 298| 95| } 299| 95| }()); 300| 95|} _ZZN5Botan6detail8load_anyILNSt3__16endianE57005ETkNS0_20unsigned_integralishEmTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm8EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_ENKUlvE_clEv: 282| 95| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 95| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (286:10): [Folded, False: 95] ------------------ 287| 0| return fallback_load_any(std::forward(in_range)); 288| 95| } else { 289| 95| const std::span in{in_range}; 290| | if constexpr(sizeof(OutT) == 1) { 291| | return static_cast(in[0]); 292| 95| } else if constexpr(endianness == std::endian::native) { 293| 95| return typecast_copy(in); 294| | } else { 295| | static_assert(opposite(endianness) == std::endian::native); 296| | return reverse_bytes(typecast_copy(in)); 297| | } 298| 95| } 299| 95| }()); _ZN5Botan7load_leImJRPKhiEEEDaDpOT0_: 495| 19|inline constexpr auto load_le(ParamTs&&... params) { 496| 19| return detail::load_any(std::forward(params)...); 497| 19|} _ZN5Botan12get_byte_varIjEEhmT_: 69| 24|inline constexpr uint8_t get_byte_var(size_t byte_num, T input) { 70| 24| return static_cast(input >> (((~byte_num) & (sizeof(T) - 1)) << 3)); 71| 24|} _ZN5Botan11copy_out_beITkNS_6ranges14spanable_rangeENSt3__16vectorIjNS_16secure_allocatorIjEEEEEEvNS2_4spanIhLm18446744073709551615EEERKT_: 773| 116k|inline void copy_out_be(std::span out, const InR& in) { 774| 116k| using T = std::ranges::range_value_t; 775| 116k| std::span in_s{in}; 776| 116k| const auto remaining_bytes = detail::copy_out_any_word_aligned_portion(out, in_s); 777| | 778| | // copy remaining bytes as a partial word 779| 116k| for(size_t i = 0; i < remaining_bytes; ++i) { ------------------ | Branch (779:22): [True: 0, False: 116k] ------------------ 780| 0| out[i] = get_byte_var(i, in_s.front()); 781| 0| } 782| 116k|} _ZN5Botan6detail33copy_out_any_word_aligned_portionILNSt3__16endianE64206ETkNS0_20unsigned_integralishEjEEmRNS2_4spanIhLm18446744073709551615EEERNS4_IKT0_Lm18446744073709551615EEE: 752| 116k|inline size_t copy_out_any_word_aligned_portion(std::span& out, std::span& in) { 753| 116k| const size_t full_words = out.size() / sizeof(T); 754| 116k| const size_t full_word_bytes = full_words * sizeof(T); 755| 116k| const size_t remaining_bytes = out.size() - full_word_bytes; 756| 116k| BOTAN_ASSERT_NOMSG(in.size_bytes() >= full_word_bytes + remaining_bytes); ------------------ | | 77| 116k| do { \ | | 78| 116k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 116k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 116k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 116k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 116k] | | ------------------ ------------------ 757| | 758| | // copy full words 759| 116k| store_any(out.first(full_word_bytes), in.first(full_words)); 760| 116k| out = out.subspan(full_word_bytes); 761| 116k| in = in.subspan(full_words); 762| | 763| 116k| return remaining_bytes; 764| 116k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206EjTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm18446744073709551615EEETkNS4_14spanable_rangeENS6_IKjLm18446744073709551615EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_: 603| 116k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 116k| ranges::assert_equal_byte_lengths(out, in); 605| 116k| using element_type = std::ranges::range_value_t; 606| | 607| 116k| auto store_elementwise = [&] { 608| 116k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 116k| std::span out_s(out); 610| 116k| for(auto in_elem : in) { 611| 116k| store_any(out_s.template first(), in_elem); 612| 116k| out_s = out_s.subspan(bytes_per_element); 613| 116k| } 614| 116k| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 116k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 116k] ------------------ 620| 0| store_elementwise(); 621| 116k| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 116k| } else { 625| 116k| store_elementwise(); 626| 116k| } 627| 116k| } 628| 116k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EjTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm18446744073709551615EEETkNS4_14spanable_rangeENS6_IKjLm18446744073709551615EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_ENKUlvE_clEv: 607| 116k| auto store_elementwise = [&] { 608| 116k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 116k| std::span out_s(out); 610| 848k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 848k, False: 116k] ------------------ 611| 848k| store_any(out_s.template first(), in_elem); 612| 848k| out_s = out_s.subspan(bytes_per_element); 613| 848k| } 614| 116k| }; _ZN5Botan6detail9store_anyILNSt3__16endianE64206EjTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm4EEETpTkNS0_20unsigned_integralishEJjEQaagtsZT2_Li0Eooaasr3stdE7same_asINS0_10AutoDetectET0_E10all_same_vIDpT2_Eaa20unsigned_integralishIS9_E10all_same_vIS9_SB_EEEvOT1_SB_: 582| 848k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, Ts... ins) { 583| 848k| ranges::assert_exact_byte_length<(sizeof(Ts) + ...)>(out); 584| 848k| auto store_one = [off = 0](auto o, T i) mutable { 585| 848k| store_any(i, o.subspan(off).template first()); 586| 848k| off += sizeof(T); 587| 848k| }; 588| | 589| 848k| (store_one(std::span{out}, ins), ...); 590| 848k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EjTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm4EEETpTkNS0_20unsigned_integralishEJjEQaagtsZT2_Li0Eooaasr3stdE7same_asINS0_10AutoDetectET0_E10all_same_vIDpT2_Eaa20unsigned_integralishIS9_E10all_same_vIS9_SB_EEEvOT1_SB_ENUlTyS9_T_E_clIjS7_EEDaS9_SE_: 584| 848k| auto store_one = [off = 0](auto o, T i) mutable { 585| 848k| store_any(i, o.subspan(off).template first()); 586| 848k| off += sizeof(T); 587| 848k| }; _ZN5Botan11copy_out_beITkNS_6ranges14spanable_rangeENSt3__16vectorImNS_16secure_allocatorImEEEEEEvNS2_4spanIhLm18446744073709551615EEERKT_: 773| 5.88k|inline void copy_out_be(std::span out, const InR& in) { 774| 5.88k| using T = std::ranges::range_value_t; 775| 5.88k| std::span in_s{in}; 776| 5.88k| const auto remaining_bytes = detail::copy_out_any_word_aligned_portion(out, in_s); 777| | 778| | // copy remaining bytes as a partial word 779| 5.88k| for(size_t i = 0; i < remaining_bytes; ++i) { ------------------ | Branch (779:22): [True: 0, False: 5.88k] ------------------ 780| 0| out[i] = get_byte_var(i, in_s.front()); 781| 0| } 782| 5.88k|} _ZN5Botan6detail33copy_out_any_word_aligned_portionILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmEEmRNS2_4spanIhLm18446744073709551615EEERNS4_IKT0_Lm18446744073709551615EEE: 752| 6.57k|inline size_t copy_out_any_word_aligned_portion(std::span& out, std::span& in) { 753| 6.57k| const size_t full_words = out.size() / sizeof(T); 754| 6.57k| const size_t full_word_bytes = full_words * sizeof(T); 755| 6.57k| const size_t remaining_bytes = out.size() - full_word_bytes; 756| 6.57k| BOTAN_ASSERT_NOMSG(in.size_bytes() >= full_word_bytes + remaining_bytes); ------------------ | | 77| 6.57k| do { \ | | 78| 6.57k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 6.57k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 6.57k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 6.57k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 6.57k] | | ------------------ ------------------ 757| | 758| | // copy full words 759| 6.57k| store_any(out.first(full_word_bytes), in.first(full_words)); 760| 6.57k| out = out.subspan(full_word_bytes); 761| 6.57k| in = in.subspan(full_words); 762| | 763| 6.57k| return remaining_bytes; 764| 6.57k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm18446744073709551615EEETkNS4_14spanable_rangeENS6_IKmLm18446744073709551615EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_: 603| 6.57k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 6.57k| ranges::assert_equal_byte_lengths(out, in); 605| 6.57k| using element_type = std::ranges::range_value_t; 606| | 607| 6.57k| auto store_elementwise = [&] { 608| 6.57k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 6.57k| std::span out_s(out); 610| 6.57k| for(auto in_elem : in) { 611| 6.57k| store_any(out_s.template first(), in_elem); 612| 6.57k| out_s = out_s.subspan(bytes_per_element); 613| 6.57k| } 614| 6.57k| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 6.57k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 6.57k] ------------------ 620| 0| store_elementwise(); 621| 6.57k| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 6.57k| } else { 625| 6.57k| store_elementwise(); 626| 6.57k| } 627| 6.57k| } 628| 6.57k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm18446744073709551615EEETkNS4_14spanable_rangeENS6_IKmLm18446744073709551615EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_ENKUlvE_clEv: 607| 6.57k| auto store_elementwise = [&] { 608| 6.57k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 6.57k| std::span out_s(out); 610| 36.6k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 36.6k, False: 6.57k] ------------------ 611| 36.6k| store_any(out_s.template first(), in_elem); 612| 36.6k| out_s = out_s.subspan(bytes_per_element); 613| 36.6k| } 614| 6.57k| }; _ZN5Botan6detail8load_anyILNSt3__16endianE57005ENS0_10AutoDetectETkNS0_20unsigned_integralishEmQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asIT1_S5_EEEvPS6_PKhm: 483| 4.87k|inline constexpr void load_any(T out[], const uint8_t in[], size_t count) { 484| | // asserts that *in and *out point to the correct amount of memory 485| 4.87k| load_any(std::span(out, count), std::span(in, count * sizeof(T))); 486| 4.87k|} _ZN5Botan6detail8load_anyILNSt3__16endianE57005ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeENS2_4spanImLm18446744073709551615EEETkNS5_16contiguous_rangeIhEENS6_IKhLm18446744073709551615EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISI_EESJ_E4type10value_typeEEoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISP_SO_EEEvOSF_RKT2_: 355| 4.87k|inline constexpr void load_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 356| 4.87k| ranges::assert_equal_byte_lengths(out, in); 357| 4.87k| using element_type = std::ranges::range_value_t; 358| | 359| 4.87k| auto load_elementwise = [&] { 360| 4.87k| constexpr size_t bytes_per_element = sizeof(element_type); 361| 4.87k| std::span in_s(in); 362| 4.87k| for(auto& out_elem : out) { 363| 4.87k| out_elem = load_any(in_s.template first()); 364| 4.87k| in_s = in_s.subspan(bytes_per_element); 365| 4.87k| } 366| 4.87k| }; 367| | 368| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 369| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 370| | // in a `constexpr` context. 371| 4.87k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (371:7): [Folded, False: 4.87k] ------------------ 372| 0| load_elementwise(); 373| 4.87k| } else { 374| 4.87k| if constexpr(endianness == std::endian::native && !custom_loadable) { 375| 4.87k| typecast_copy(out, in); 376| | } else { 377| | load_elementwise(); 378| | } 379| 4.87k| } 380| 4.87k|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEmQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asIT1_S5_EEEvPS6_PKhm: 483| 697|inline constexpr void load_any(T out[], const uint8_t in[], size_t count) { 484| | // asserts that *in and *out point to the correct amount of memory 485| 697| load_any(std::span(out, count), std::span(in, count * sizeof(T))); 486| 697|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeENS2_4spanImLm18446744073709551615EEETkNS5_16contiguous_rangeIhEENS6_IKhLm18446744073709551615EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISI_EESJ_E4type10value_typeEEoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISP_SO_EEEvOSF_RKT2_: 355| 697|inline constexpr void load_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 356| 697| ranges::assert_equal_byte_lengths(out, in); 357| 697| using element_type = std::ranges::range_value_t; 358| | 359| 697| auto load_elementwise = [&] { 360| 697| constexpr size_t bytes_per_element = sizeof(element_type); 361| 697| std::span in_s(in); 362| 697| for(auto& out_elem : out) { 363| 697| out_elem = load_any(in_s.template first()); 364| 697| in_s = in_s.subspan(bytes_per_element); 365| 697| } 366| 697| }; 367| | 368| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 369| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 370| | // in a `constexpr` context. 371| 697| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (371:7): [Folded, False: 697] ------------------ 372| 0| load_elementwise(); 373| 697| } else { 374| | if constexpr(endianness == std::endian::native && !custom_loadable) { 375| | typecast_copy(out, in); 376| 697| } else { 377| 697| load_elementwise(); 378| 697| } 379| 697| } 380| 697|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeENS2_4spanImLm18446744073709551615EEETkNS5_16contiguous_rangeIhEENS6_IKhLm18446744073709551615EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISI_EESJ_E4type10value_typeEEoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISP_SO_EEEvOSF_RKT2_ENKUlvE_clEv: 359| 697| auto load_elementwise = [&] { 360| 697| constexpr size_t bytes_per_element = sizeof(element_type); 361| 697| std::span in_s(in); 362| 1.39k| for(auto& out_elem : out) { ------------------ | Branch (362:26): [True: 1.39k, False: 697] ------------------ 363| 1.39k| out_elem = load_any(in_s.template first()); 364| 1.39k| in_s = in_s.subspan(bytes_per_element); 365| 1.39k| } 366| 697| }; _ZN5Botan7load_beImJNSt3__14spanIKhLm8EEEEEEDaDpOT0_: 504| 171k|inline constexpr auto load_be(ParamTs&&... params) { 505| 171k| return detail::load_any(std::forward(params)...); 506| 171k|} _ZN5Botan7load_beImJRNSt3__15arrayIhLm8EEEEEEDaDpOT0_: 504| 29.9k|inline constexpr auto load_be(ParamTs&&... params) { 505| 29.9k| return detail::load_any(std::forward(params)...); 506| 29.9k|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmTkNS_6ranges16contiguous_rangeIhEERNS2_5arrayIhLm8EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_: 278| 29.9k|inline constexpr WrappedOutT load_any(InR&& in_range) { 279| 29.9k| using OutT = detail::wrapped_type; 280| 29.9k| ranges::assert_exact_byte_length(in_range); 281| | 282| 29.9k| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 29.9k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { 287| 29.9k| return fallback_load_any(std::forward(in_range)); 288| 29.9k| } else { 289| 29.9k| const std::span in{in_range}; 290| 29.9k| if constexpr(sizeof(OutT) == 1) { 291| 29.9k| return static_cast(in[0]); 292| 29.9k| } else if constexpr(endianness == std::endian::native) { 293| 29.9k| return typecast_copy(in); 294| 29.9k| } else { 295| 29.9k| static_assert(opposite(endianness) == std::endian::native); 296| 29.9k| return reverse_bytes(typecast_copy(in)); 297| 29.9k| } 298| 29.9k| } 299| 29.9k| }()); 300| 29.9k|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmTkNS_6ranges16contiguous_rangeIhEERNS2_5arrayIhLm8EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_ENKUlvE_clEv: 282| 29.9k| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 29.9k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (286:10): [Folded, False: 29.9k] ------------------ 287| 0| return fallback_load_any(std::forward(in_range)); 288| 29.9k| } else { 289| 29.9k| const std::span in{in_range}; 290| | if constexpr(sizeof(OutT) == 1) { 291| | return static_cast(in[0]); 292| | } else if constexpr(endianness == std::endian::native) { 293| | return typecast_copy(in); 294| 29.9k| } else { 295| 29.9k| static_assert(opposite(endianness) == std::endian::native); 296| 29.9k| return reverse_bytes(typecast_copy(in)); 297| 29.9k| } 298| 29.9k| } 299| 29.9k| }()); _ZN5Botan8store_beINS_6detail10AutoDetectEJRmPhEEEDaDpOT0_: 745| 608|inline constexpr auto store_be(ParamTs&&... params) { 746| 608| return detail::store_any(std::forward(params)...); 747| 608|} _ZN5Botan8store_beINS_6detail10AutoDetectEJRKjPhEEEDaDpOT0_: 745| 10.5k|inline constexpr auto store_be(ParamTs&&... params) { 746| 10.5k| return detail::store_any(std::forward(params)...); 747| 10.5k|} _ZN5Botan8store_beINS_6detail10AutoDetectEJjPhEEEDaDpOT0_: 745| 560|inline constexpr auto store_be(ParamTs&&... params) { 746| 560| return detail::store_any(std::forward(params)...); 747| 560|} _ZN5Botan7load_leIjJPjPKhmEEEDaDpOT0_: 495| 2|inline constexpr auto load_le(ParamTs&&... params) { 496| 2| return detail::load_any(std::forward(params)...); 497| 2|} _ZN5Botan6detail8load_anyILNSt3__16endianE57005EjTkNS0_20unsigned_integralishEjQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asIT1_S5_EEEvPS6_PKhm: 483| 2|inline constexpr void load_any(T out[], const uint8_t in[], size_t count) { 484| | // asserts that *in and *out point to the correct amount of memory 485| 2| load_any(std::span(out, count), std::span(in, count * sizeof(T))); 486| 2|} _ZN5Botan6detail8load_anyILNSt3__16endianE57005EjTkNS_6ranges23contiguous_output_rangeENS2_4spanIjLm18446744073709551615EEETkNS4_16contiguous_rangeIhEENS5_IKhLm18446744073709551615EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISH_EESI_E4type10value_typeEEoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISP_SN_EEEvOSE_RKT2_: 355| 2|inline constexpr void load_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 356| 2| ranges::assert_equal_byte_lengths(out, in); 357| 2| using element_type = std::ranges::range_value_t; 358| | 359| 2| auto load_elementwise = [&] { 360| 2| constexpr size_t bytes_per_element = sizeof(element_type); 361| 2| std::span in_s(in); 362| 2| for(auto& out_elem : out) { 363| 2| out_elem = load_any(in_s.template first()); 364| 2| in_s = in_s.subspan(bytes_per_element); 365| 2| } 366| 2| }; 367| | 368| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 369| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 370| | // in a `constexpr` context. 371| 2| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (371:7): [Folded, False: 2] ------------------ 372| 0| load_elementwise(); 373| 2| } else { 374| 2| if constexpr(endianness == std::endian::native && !custom_loadable) { 375| 2| typecast_copy(out, in); 376| | } else { 377| | load_elementwise(); 378| | } 379| 2| } 380| 2|} _ZN5Botan7load_beIjJPhiEEEDaDpOT0_: 504| 310|inline constexpr auto load_be(ParamTs&&... params) { 505| 310| return detail::load_any(std::forward(params)...); 506| 310|} _ZN5Botan7load_beImJPhiEEEDaDpOT0_: 504| 2.03k|inline constexpr auto load_be(ParamTs&&... params) { 505| 2.03k| return detail::load_any(std::forward(params)...); 506| 2.03k|} _ZN5Botan8store_beINS_6detail10AutoDetectEJRKmRKNSt3__14spanIhLm18446744073709551615EEEEEEDaDpOT0_: 745| 3.22k|inline constexpr auto store_be(ParamTs&&... params) { 746| 3.22k| return detail::store_any(std::forward(params)...); 747| 3.22k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS0_20unsigned_integralishEmTkNS_6ranges23contiguous_output_rangeIhEERKNS2_4spanIhLm18446744073709551615EEEQsr3stdE7same_asIS4_T0_EEEvT1_OT2_: 646| 3.22k|inline constexpr void store_any(T in, OutR&& out_range) { 647| 3.22k| store_any(in, std::forward(out_range)); 648| 3.22k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEmTkNS_6ranges23contiguous_output_rangeIhEERKNS2_4spanIhLm18446744073709551615EEEQnt15custom_storableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEEvSB_OT1_: 525| 3.22k|inline constexpr void store_any(WrappedInT wrapped_in, OutR&& out_range) { 526| 3.22k| const auto in = detail::unwrap_strong_type_or_enum(wrapped_in); 527| 3.22k| using InT = decltype(in); 528| 3.22k| ranges::assert_exact_byte_length(out_range); 529| 3.22k| const std::span out{out_range}; 530| | 531| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 532| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 533| | // in a `constexpr` context. 534| 3.22k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (534:7): [Folded, False: 3.22k] ------------------ 535| 0| return fallback_store_any(in, std::forward(out_range)); 536| 3.22k| } else { 537| | if constexpr(sizeof(InT) == 1) { 538| | out[0] = static_cast(in); 539| | } else if constexpr(endianness == std::endian::native) { 540| | typecast_copy(out, in); 541| 3.22k| } else { 542| 3.22k| static_assert(opposite(endianness) == std::endian::native); 543| 3.22k| typecast_copy(out, reverse_bytes(in)); 544| 3.22k| } 545| 3.22k| } 546| 3.22k|} _ZN5Botan7load_beIhJPKhRmEEEDaDpOT0_: 504| 2.10M|inline constexpr auto load_be(ParamTs&&... params) { 505| 2.10M| return detail::load_any(std::forward(params)...); 506| 2.10M|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEhEET0_PKhm: 454| 2.10M|inline constexpr OutT load_any(const uint8_t in[], size_t off) { 455| | // asserts that *in points to enough bytes to read at offset off 456| 2.10M| constexpr size_t out_size = sizeof(OutT); 457| 2.10M| return load_any(std::span(in + off * out_size, out_size)); 458| 2.10M|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEhTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm1EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_: 278| 2.10M|inline constexpr WrappedOutT load_any(InR&& in_range) { 279| 2.10M| using OutT = detail::wrapped_type; 280| 2.10M| ranges::assert_exact_byte_length(in_range); 281| | 282| 2.10M| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 2.10M| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { 287| 2.10M| return fallback_load_any(std::forward(in_range)); 288| 2.10M| } else { 289| 2.10M| const std::span in{in_range}; 290| 2.10M| if constexpr(sizeof(OutT) == 1) { 291| 2.10M| return static_cast(in[0]); 292| 2.10M| } else if constexpr(endianness == std::endian::native) { 293| 2.10M| return typecast_copy(in); 294| 2.10M| } else { 295| 2.10M| static_assert(opposite(endianness) == std::endian::native); 296| 2.10M| return reverse_bytes(typecast_copy(in)); 297| 2.10M| } 298| 2.10M| } 299| 2.10M| }()); 300| 2.10M|} _ZN5Botan6detail24wrap_strong_type_or_enumITkNS0_20unsigned_integralishEhTkNSt3__117unsigned_integralEhEEDaT0_: 200| 2.10M|constexpr auto wrap_strong_type_or_enum(T t) { 201| | if constexpr(std::is_enum_v) { 202| | return static_cast(t); 203| 2.10M| } else { 204| 2.10M| return Botan::wrap_strong_type(t); 205| 2.10M| } 206| 2.10M|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206ETkNS0_20unsigned_integralishEhTkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm1EEEQnt15custom_loadableINS0_19wrapped_type_helperIu14__remove_cvrefIT0_EE4typeEEEESA_OT1_ENKUlvE_clEv: 282| 2.10M| return detail::wrap_strong_type_or_enum([&]() -> OutT { 283| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 284| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 285| | // in a `constexpr` context. 286| 2.10M| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (286:10): [Folded, False: 2.10M] ------------------ 287| 0| return fallback_load_any(std::forward(in_range)); 288| 2.10M| } else { 289| 2.10M| const std::span in{in_range}; 290| 2.10M| if constexpr(sizeof(OutT) == 1) { 291| 2.10M| return static_cast(in[0]); 292| | } else if constexpr(endianness == std::endian::native) { 293| | return typecast_copy(in); 294| | } else { 295| | static_assert(opposite(endianness) == std::endian::native); 296| | return reverse_bytes(typecast_copy(in)); 297| | } 298| 2.10M| } 299| 2.10M| }()); _ZN5Botan12get_byte_varIhEEhmT_: 69| 798k|inline constexpr uint8_t get_byte_var(size_t byte_num, T input) { 70| 798k| return static_cast(input >> (((~byte_num) & (sizeof(T) - 1)) << 3)); 71| 798k|} _ZN5Botan7load_beINSt3__15arrayImLm2EEEJNS1_4spanIKhLm16EEEEEEDaDpOT0_: 504| 93|inline constexpr auto load_be(ParamTs&&... params) { 505| 93| return detail::load_any(std::forward(params)...); 506| 93|} _ZN5Botan6detail8load_anyILNSt3__16endianE64206ENS2_5arrayImLm2EEETkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm16EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Eaaoosr6rangesE25statically_spanable_rangeISC_Esr8conceptsE19resizable_containerISC_E20unsigned_integralishINSC_10value_typeEEEEDaOT1_: 397| 93|inline constexpr auto load_any(InR&& in_range) { 398| 93| auto out = []([[maybe_unused]] const auto& in) { 399| 93| if constexpr(std::same_as) { 400| 93| if constexpr(ranges::statically_spanable_range) { 401| 93| constexpr size_t extent = decltype(std::span{in})::extent; 402| | 403| | // clang-format off 404| 93| using type = 405| 93| std::conditional_t>>>; 409| | // clang-format on 410| | 411| 93| static_assert( 412| 93| !std::is_void_v, 413| 93| "Cannot determine the output type based on a statically sized bytearray with length other than those: 1, 2, 4, 8"); 414| | 415| 93| return type{}; 416| 93| } else { 417| 93| static_assert( 418| 93| !std::same_as, 419| 93| "cannot infer return type from a dynamic range at compile time, please specify it explicitly"); 420| 93| } 421| 93| } else if constexpr(concepts::resizable_container) { 422| 93| const size_t in_bytes = std::span{in}.size_bytes(); 423| 93| constexpr size_t out_elem_bytes = sizeof(typename OutT::value_type); 424| 93| BOTAN_ARG_CHECK(in_bytes % out_elem_bytes == 0, 425| 93| "Input range is not word-aligned with the requested output range"); 426| 93| return OutT(in_bytes / out_elem_bytes); 427| 93| } else { 428| 93| return OutT{}; 429| 93| } 430| 93| }(in_range); 431| | 432| 93| using out_type = decltype(out); 433| | if constexpr(unsigned_integralish) { 434| | out = load_any(std::forward(in_range)); 435| 93| } else { 436| 93| static_assert(ranges::contiguous_range); 437| 93| using out_range_type = std::ranges::range_value_t; 438| 93| load_any(out, std::forward(in_range)); 439| 93| } 440| 93| return out; 441| 93|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206ENS2_5arrayImLm2EEETkNS_6ranges16contiguous_rangeIhEENS2_4spanIKhLm16EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Eaaoosr6rangesE25statically_spanable_rangeISC_Esr8conceptsE19resizable_containerISC_E20unsigned_integralishINSC_10value_typeEEEEDaOT1_ENKUlRKT_E_clISA_EEDaSI_: 398| 93| auto out = []([[maybe_unused]] const auto& in) { 399| | if constexpr(std::same_as) { 400| | if constexpr(ranges::statically_spanable_range) { 401| | constexpr size_t extent = decltype(std::span{in})::extent; 402| | 403| | // clang-format off 404| | using type = 405| | std::conditional_t>>>; 409| | // clang-format on 410| | 411| | static_assert( 412| | !std::is_void_v, 413| | "Cannot determine the output type based on a statically sized bytearray with length other than those: 1, 2, 4, 8"); 414| | 415| | return type{}; 416| | } else { 417| | static_assert( 418| | !std::same_as, 419| | "cannot infer return type from a dynamic range at compile time, please specify it explicitly"); 420| | } 421| | } else if constexpr(concepts::resizable_container) { 422| | const size_t in_bytes = std::span{in}.size_bytes(); 423| | constexpr size_t out_elem_bytes = sizeof(typename OutT::value_type); 424| | BOTAN_ARG_CHECK(in_bytes % out_elem_bytes == 0, 425| | "Input range is not word-aligned with the requested output range"); 426| | return OutT(in_bytes / out_elem_bytes); 427| 93| } else { 428| 93| return OutT{}; 429| 93| } 430| 93| }(in_range); _ZN5Botan6detail8load_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeERNS2_5arrayImLm2EEETkNS4_16contiguous_rangeIhEENS2_4spanIKhLm16EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISR_SP_EEEvOSG_RKT2_: 355| 93|inline constexpr void load_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 356| 93| ranges::assert_equal_byte_lengths(out, in); 357| 93| using element_type = std::ranges::range_value_t; 358| | 359| 93| auto load_elementwise = [&] { 360| 93| constexpr size_t bytes_per_element = sizeof(element_type); 361| 93| std::span in_s(in); 362| 93| for(auto& out_elem : out) { 363| 93| out_elem = load_any(in_s.template first()); 364| 93| in_s = in_s.subspan(bytes_per_element); 365| 93| } 366| 93| }; 367| | 368| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 369| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 370| | // in a `constexpr` context. 371| 93| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (371:7): [Folded, False: 93] ------------------ 372| 0| load_elementwise(); 373| 93| } else { 374| | if constexpr(endianness == std::endian::native && !custom_loadable) { 375| | typecast_copy(out, in); 376| 93| } else { 377| 93| load_elementwise(); 378| 93| } 379| 93| } 380| 93|} _ZZN5Botan6detail8load_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeERNS2_5arrayImLm2EEETkNS4_16contiguous_rangeIhEENS2_4spanIKhLm16EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISR_SP_EEEvOSG_RKT2_ENKUlvE_clEv: 359| 93| auto load_elementwise = [&] { 360| 93| constexpr size_t bytes_per_element = sizeof(element_type); 361| 93| std::span in_s(in); 362| 186| for(auto& out_elem : out) { ------------------ | Branch (362:26): [True: 186, False: 93] ------------------ 363| 186| out_elem = load_any(in_s.template first()); 364| 186| in_s = in_s.subspan(bytes_per_element); 365| 186| } 366| 93| }; _ZN5Botan8store_beINS_6detail10AutoDetectEJmmEEEDaDpOT0_: 745| 89|inline constexpr auto store_be(ParamTs&&... params) { 746| 89| return detail::store_any(std::forward(params)...); 747| 89|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETpTkNS0_20unsigned_integralishEJmmEQ10all_same_vIDpT1_EEEDaS6_: 696| 89|inline constexpr auto store_any(Ts... ins) { 697| 89| return store_any(std::array{ins...}); 698| 89|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges14spanable_rangeENS2_5arrayImLm2EEEQoooosr3stdE7same_asIS4_T0_Eaasr6rangesE25statically_spanable_rangeIS8_Esr3stdE21default_initializableIS8_Esr8conceptsE21resizable_byte_bufferIS8_EEEDaOT1_: 663| 89|inline constexpr auto store_any(InR&& in_range) { 664| 89| auto out = []([[maybe_unused]] const auto& in) { 665| 89| if constexpr(std::same_as) { 666| 89| if constexpr(ranges::statically_spanable_range) { 667| 89| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 89| return std::array(); 669| 89| } else { 670| 89| static_assert( 671| 89| !std::same_as, 672| 89| "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| 89| } 674| 89| } else if constexpr(concepts::resizable_byte_buffer) { 675| 89| return OutR(std::span{in}.size_bytes()); 676| 89| } else { 677| 89| return OutR{}; 678| 89| } 679| 89| }(in_range); 680| | 681| 89| store_any>(out, std::forward(in_range)); 682| 89| return out; 683| 89|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges14spanable_rangeENS2_5arrayImLm2EEEQoooosr3stdE7same_asIS4_T0_Eaasr6rangesE25statically_spanable_rangeIS8_Esr3stdE21default_initializableIS8_Esr8conceptsE21resizable_byte_bufferIS8_EEEDaOT1_ENKUlRKT_E_clIS7_EEDaSD_: 664| 89| auto out = []([[maybe_unused]] const auto& in) { 665| 89| if constexpr(std::same_as) { 666| 89| if constexpr(ranges::statically_spanable_range) { 667| 89| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 89| return std::array(); 669| | } else { 670| | static_assert( 671| | !std::same_as, 672| | "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| | } 674| | } else if constexpr(concepts::resizable_byte_buffer) { 675| | return OutR(std::span{in}.size_bytes()); 676| | } else { 677| | return OutR{}; 678| | } 679| 89| }(in_range); _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_5arrayIhLm16EEETkNS4_14spanable_rangeENS6_ImLm2EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_: 603| 89|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 89| ranges::assert_equal_byte_lengths(out, in); 605| 89| using element_type = std::ranges::range_value_t; 606| | 607| 89| auto store_elementwise = [&] { 608| 89| constexpr size_t bytes_per_element = sizeof(element_type); 609| 89| std::span out_s(out); 610| 89| for(auto in_elem : in) { 611| 89| store_any(out_s.template first(), in_elem); 612| 89| out_s = out_s.subspan(bytes_per_element); 613| 89| } 614| 89| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 89| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 89] ------------------ 620| 0| store_elementwise(); 621| 89| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 89| } else { 625| 89| store_elementwise(); 626| 89| } 627| 89| } 628| 89|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_5arrayIhLm16EEETkNS4_14spanable_rangeENS6_ImLm2EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_ENKUlvE_clEv: 607| 89| auto store_elementwise = [&] { 608| 89| constexpr size_t bytes_per_element = sizeof(element_type); 609| 89| std::span out_s(out); 610| 178| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 178, False: 89] ------------------ 611| 178| store_any(out_s.template first(), in_elem); 612| 178| out_s = out_s.subspan(bytes_per_element); 613| 178| } 614| 89| }; _ZN5Botan7load_beINS_6detail10AutoDetectEJRA2_mRPKhmEEEDaDpOT0_: 504| 697|inline constexpr auto load_be(ParamTs&&... params) { 505| 697| return detail::load_any(std::forward(params)...); 506| 697|} _ZN5Botan11copy_out_beITkNS_6ranges14spanable_rangeEA2_mEEvNSt3__14spanIhLm18446744073709551615EEERKT_: 773| 697|inline void copy_out_be(std::span out, const InR& in) { 774| 697| using T = std::ranges::range_value_t; 775| 697| std::span in_s{in}; 776| 697| const auto remaining_bytes = detail::copy_out_any_word_aligned_portion(out, in_s); 777| | 778| | // copy remaining bytes as a partial word 779| 697| for(size_t i = 0; i < remaining_bytes; ++i) { ------------------ | Branch (779:22): [True: 0, False: 697] ------------------ 780| 0| out[i] = get_byte_var(i, in_s.front()); 781| 0| } 782| 697|} _ZN5Botan7load_leINS_6detail10AutoDetectEJRA4_mRA8_hRKmEEEDaDpOT0_: 495| 2.18k|inline constexpr auto load_le(ParamTs&&... params) { 496| 2.18k| return detail::load_any(std::forward(params)...); 497| 2.18k|} _ZN5Botan8store_beINSt3__16vectorIhNS1_9allocatorIhEEEEJRA8_mEEEDaDpOT0_: 745| 2.18k|inline constexpr auto store_be(ParamTs&&... params) { 746| 2.18k| return detail::store_any(std::forward(params)...); 747| 2.18k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS2_6vectorIhNS2_9allocatorIhEEEETkNS_6ranges14spanable_rangeERA8_mQoooosr3stdE7same_asINS0_10AutoDetectET0_Eaasr6rangesE25statically_spanable_rangeISC_Esr3stdE21default_initializableISC_Esr8conceptsE21resizable_byte_bufferISC_EEEDaOT1_: 663| 2.18k|inline constexpr auto store_any(InR&& in_range) { 664| 2.18k| auto out = []([[maybe_unused]] const auto& in) { 665| 2.18k| if constexpr(std::same_as) { 666| 2.18k| if constexpr(ranges::statically_spanable_range) { 667| 2.18k| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 2.18k| return std::array(); 669| 2.18k| } else { 670| 2.18k| static_assert( 671| 2.18k| !std::same_as, 672| 2.18k| "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| 2.18k| } 674| 2.18k| } else if constexpr(concepts::resizable_byte_buffer) { 675| 2.18k| return OutR(std::span{in}.size_bytes()); 676| 2.18k| } else { 677| 2.18k| return OutR{}; 678| 2.18k| } 679| 2.18k| }(in_range); 680| | 681| 2.18k| store_any>(out, std::forward(in_range)); 682| 2.18k| return out; 683| 2.18k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS2_6vectorIhNS2_9allocatorIhEEEETkNS_6ranges14spanable_rangeERA8_mQoooosr3stdE7same_asINS0_10AutoDetectET0_Eaasr6rangesE25statically_spanable_rangeISC_Esr3stdE21default_initializableISC_Esr8conceptsE21resizable_byte_bufferISC_EEEDaOT1_ENKUlRKT_E_clIS9_EEDaSH_: 664| 2.18k| auto out = []([[maybe_unused]] const auto& in) { 665| | if constexpr(std::same_as) { 666| | if constexpr(ranges::statically_spanable_range) { 667| | constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| | return std::array(); 669| | } else { 670| | static_assert( 671| | !std::same_as, 672| | "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| | } 674| 2.18k| } else if constexpr(concepts::resizable_byte_buffer) { 675| 2.18k| return OutR(std::span{in}.size_bytes()); 676| | } else { 677| | return OutR{}; 678| | } 679| 2.18k| }(in_range); _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_6vectorIhNS2_9allocatorIhEEEETkNS4_14spanable_rangeEA8_mQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISD_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISL_EESM_E4type10value_typeEEEEvOT1_RKSI_: 603| 2.18k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 2.18k| ranges::assert_equal_byte_lengths(out, in); 605| 2.18k| using element_type = std::ranges::range_value_t; 606| | 607| 2.18k| auto store_elementwise = [&] { 608| 2.18k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 2.18k| std::span out_s(out); 610| 2.18k| for(auto in_elem : in) { 611| 2.18k| store_any(out_s.template first(), in_elem); 612| 2.18k| out_s = out_s.subspan(bytes_per_element); 613| 2.18k| } 614| 2.18k| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 2.18k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 2.18k] ------------------ 620| 0| store_elementwise(); 621| 2.18k| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 2.18k| } else { 625| 2.18k| store_elementwise(); 626| 2.18k| } 627| 2.18k| } 628| 2.18k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_6vectorIhNS2_9allocatorIhEEEETkNS4_14spanable_rangeEA8_mQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISD_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISL_EESM_E4type10value_typeEEEEvOT1_RKSI_ENKUlvE_clEv: 607| 2.18k| auto store_elementwise = [&] { 608| 2.18k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 2.18k| std::span out_s(out); 610| 17.4k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 17.4k, False: 2.18k] ------------------ 611| 17.4k| store_any(out_s.template first(), in_elem); 612| 17.4k| out_s = out_s.subspan(bytes_per_element); 613| 17.4k| } 614| 2.18k| }; _ZN5Botan8store_beINS_6detail10AutoDetectEJRNSt3__14spanIhLm32EEERNS3_5arrayImLm4EEEEEEDaDpOT0_: 745| 33.1k|inline constexpr auto store_be(ParamTs&&... params) { 746| 33.1k| return detail::store_any(std::forward(params)...); 747| 33.1k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm32EEETkNS5_14spanable_rangeENS2_5arrayImLm4EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_: 603| 33.1k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 33.1k| ranges::assert_equal_byte_lengths(out, in); 605| 33.1k| using element_type = std::ranges::range_value_t; 606| | 607| 33.1k| auto store_elementwise = [&] { 608| 33.1k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 33.1k| std::span out_s(out); 610| 33.1k| for(auto in_elem : in) { 611| 33.1k| store_any(out_s.template first(), in_elem); 612| 33.1k| out_s = out_s.subspan(bytes_per_element); 613| 33.1k| } 614| 33.1k| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 33.1k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 33.1k] ------------------ 620| 0| store_elementwise(); 621| 33.1k| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 33.1k| } else { 625| 33.1k| store_elementwise(); 626| 33.1k| } 627| 33.1k| } 628| 33.1k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm32EEETkNS5_14spanable_rangeENS2_5arrayImLm4EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_ENKUlvE_clEv: 607| 33.1k| auto store_elementwise = [&] { 608| 33.1k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 33.1k| std::span out_s(out); 610| 132k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 132k, False: 33.1k] ------------------ 611| 132k| store_any(out_s.template first(), in_elem); 612| 132k| out_s = out_s.subspan(bytes_per_element); 613| 132k| } 614| 33.1k| }; _ZN5Botan7load_beImJPKhmEEEDaDpOT0_: 504| 282k|inline constexpr auto load_be(ParamTs&&... params) { 505| 282k| return detail::load_any(std::forward(params)...); 506| 282k|} _ZN5Botan7load_leINS_6detail10AutoDetectEJRA6_mRA8_hRKmEEEDaDpOT0_: 495| 1.46k|inline constexpr auto load_le(ParamTs&&... params) { 496| 1.46k| return detail::load_any(std::forward(params)...); 497| 1.46k|} _ZN5Botan8store_beINSt3__16vectorIhNS1_9allocatorIhEEEEJRA12_mEEEDaDpOT0_: 745| 1.46k|inline constexpr auto store_be(ParamTs&&... params) { 746| 1.46k| return detail::store_any(std::forward(params)...); 747| 1.46k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS2_6vectorIhNS2_9allocatorIhEEEETkNS_6ranges14spanable_rangeERA12_mQoooosr3stdE7same_asINS0_10AutoDetectET0_Eaasr6rangesE25statically_spanable_rangeISC_Esr3stdE21default_initializableISC_Esr8conceptsE21resizable_byte_bufferISC_EEEDaOT1_: 663| 1.46k|inline constexpr auto store_any(InR&& in_range) { 664| 1.46k| auto out = []([[maybe_unused]] const auto& in) { 665| 1.46k| if constexpr(std::same_as) { 666| 1.46k| if constexpr(ranges::statically_spanable_range) { 667| 1.46k| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 1.46k| return std::array(); 669| 1.46k| } else { 670| 1.46k| static_assert( 671| 1.46k| !std::same_as, 672| 1.46k| "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| 1.46k| } 674| 1.46k| } else if constexpr(concepts::resizable_byte_buffer) { 675| 1.46k| return OutR(std::span{in}.size_bytes()); 676| 1.46k| } else { 677| 1.46k| return OutR{}; 678| 1.46k| } 679| 1.46k| }(in_range); 680| | 681| 1.46k| store_any>(out, std::forward(in_range)); 682| 1.46k| return out; 683| 1.46k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS2_6vectorIhNS2_9allocatorIhEEEETkNS_6ranges14spanable_rangeERA12_mQoooosr3stdE7same_asINS0_10AutoDetectET0_Eaasr6rangesE25statically_spanable_rangeISC_Esr3stdE21default_initializableISC_Esr8conceptsE21resizable_byte_bufferISC_EEEDaOT1_ENKUlRKT_E_clIS9_EEDaSH_: 664| 1.46k| auto out = []([[maybe_unused]] const auto& in) { 665| | if constexpr(std::same_as) { 666| | if constexpr(ranges::statically_spanable_range) { 667| | constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| | return std::array(); 669| | } else { 670| | static_assert( 671| | !std::same_as, 672| | "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| | } 674| 1.46k| } else if constexpr(concepts::resizable_byte_buffer) { 675| 1.46k| return OutR(std::span{in}.size_bytes()); 676| | } else { 677| | return OutR{}; 678| | } 679| 1.46k| }(in_range); _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_6vectorIhNS2_9allocatorIhEEEETkNS4_14spanable_rangeEA12_mQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISD_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISL_EESM_E4type10value_typeEEEEvOT1_RKSI_: 603| 1.46k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 1.46k| ranges::assert_equal_byte_lengths(out, in); 605| 1.46k| using element_type = std::ranges::range_value_t; 606| | 607| 1.46k| auto store_elementwise = [&] { 608| 1.46k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 1.46k| std::span out_s(out); 610| 1.46k| for(auto in_elem : in) { 611| 1.46k| store_any(out_s.template first(), in_elem); 612| 1.46k| out_s = out_s.subspan(bytes_per_element); 613| 1.46k| } 614| 1.46k| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 1.46k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 1.46k] ------------------ 620| 0| store_elementwise(); 621| 1.46k| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 1.46k| } else { 625| 1.46k| store_elementwise(); 626| 1.46k| } 627| 1.46k| } 628| 1.46k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_6vectorIhNS2_9allocatorIhEEEETkNS4_14spanable_rangeEA12_mQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISD_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISL_EESM_E4type10value_typeEEEEvOT1_RKSI_ENKUlvE_clEv: 607| 1.46k| auto store_elementwise = [&] { 608| 1.46k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 1.46k| std::span out_s(out); 610| 17.6k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 17.6k, False: 1.46k] ------------------ 611| 17.6k| store_any(out_s.template first(), in_elem); 612| 17.6k| out_s = out_s.subspan(bytes_per_element); 613| 17.6k| } 614| 1.46k| }; _ZN5Botan8store_beINS_6detail10AutoDetectEJRNSt3__14spanIhLm48EEERNS3_5arrayImLm6EEEEEEDaDpOT0_: 745| 7.28k|inline constexpr auto store_be(ParamTs&&... params) { 746| 7.28k| return detail::store_any(std::forward(params)...); 747| 7.28k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm48EEETkNS5_14spanable_rangeENS2_5arrayImLm6EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_: 603| 7.28k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 7.28k| ranges::assert_equal_byte_lengths(out, in); 605| 7.28k| using element_type = std::ranges::range_value_t; 606| | 607| 7.28k| auto store_elementwise = [&] { 608| 7.28k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 7.28k| std::span out_s(out); 610| 7.28k| for(auto in_elem : in) { 611| 7.28k| store_any(out_s.template first(), in_elem); 612| 7.28k| out_s = out_s.subspan(bytes_per_element); 613| 7.28k| } 614| 7.28k| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 7.28k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 7.28k] ------------------ 620| 0| store_elementwise(); 621| 7.28k| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 7.28k| } else { 625| 7.28k| store_elementwise(); 626| 7.28k| } 627| 7.28k| } 628| 7.28k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm48EEETkNS5_14spanable_rangeENS2_5arrayImLm6EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_ENKUlvE_clEv: 607| 7.28k| auto store_elementwise = [&] { 608| 7.28k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 7.28k| std::span out_s(out); 610| 43.7k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 43.7k, False: 7.28k] ------------------ 611| 43.7k| store_any(out_s.template first(), in_elem); 612| 43.7k| out_s = out_s.subspan(bytes_per_element); 613| 43.7k| } 614| 7.28k| }; _ZN5Botan7load_leINS_6detail10AutoDetectEJRA8_mRA8_hRKmEEEDaDpOT0_: 495| 549|inline constexpr auto load_le(ParamTs&&... params) { 496| 549| return detail::load_any(std::forward(params)...); 497| 549|} _ZN5Botan8store_beINSt3__16vectorIhNS1_9allocatorIhEEEEJRA16_mEEEDaDpOT0_: 745| 549|inline constexpr auto store_be(ParamTs&&... params) { 746| 549| return detail::store_any(std::forward(params)...); 747| 549|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS2_6vectorIhNS2_9allocatorIhEEEETkNS_6ranges14spanable_rangeERA16_mQoooosr3stdE7same_asINS0_10AutoDetectET0_Eaasr6rangesE25statically_spanable_rangeISC_Esr3stdE21default_initializableISC_Esr8conceptsE21resizable_byte_bufferISC_EEEDaOT1_: 663| 549|inline constexpr auto store_any(InR&& in_range) { 664| 549| auto out = []([[maybe_unused]] const auto& in) { 665| 549| if constexpr(std::same_as) { 666| 549| if constexpr(ranges::statically_spanable_range) { 667| 549| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 549| return std::array(); 669| 549| } else { 670| 549| static_assert( 671| 549| !std::same_as, 672| 549| "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| 549| } 674| 549| } else if constexpr(concepts::resizable_byte_buffer) { 675| 549| return OutR(std::span{in}.size_bytes()); 676| 549| } else { 677| 549| return OutR{}; 678| 549| } 679| 549| }(in_range); 680| | 681| 549| store_any>(out, std::forward(in_range)); 682| 549| return out; 683| 549|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS2_6vectorIhNS2_9allocatorIhEEEETkNS_6ranges14spanable_rangeERA16_mQoooosr3stdE7same_asINS0_10AutoDetectET0_Eaasr6rangesE25statically_spanable_rangeISC_Esr3stdE21default_initializableISC_Esr8conceptsE21resizable_byte_bufferISC_EEEDaOT1_ENKUlRKT_E_clIS9_EEDaSH_: 664| 549| auto out = []([[maybe_unused]] const auto& in) { 665| | if constexpr(std::same_as) { 666| | if constexpr(ranges::statically_spanable_range) { 667| | constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| | return std::array(); 669| | } else { 670| | static_assert( 671| | !std::same_as, 672| | "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| | } 674| 549| } else if constexpr(concepts::resizable_byte_buffer) { 675| 549| return OutR(std::span{in}.size_bytes()); 676| | } else { 677| | return OutR{}; 678| | } 679| 549| }(in_range); _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_6vectorIhNS2_9allocatorIhEEEETkNS4_14spanable_rangeEA16_mQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISD_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISL_EESM_E4type10value_typeEEEEvOT1_RKSI_: 603| 549|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 549| ranges::assert_equal_byte_lengths(out, in); 605| 549| using element_type = std::ranges::range_value_t; 606| | 607| 549| auto store_elementwise = [&] { 608| 549| constexpr size_t bytes_per_element = sizeof(element_type); 609| 549| std::span out_s(out); 610| 549| for(auto in_elem : in) { 611| 549| store_any(out_s.template first(), in_elem); 612| 549| out_s = out_s.subspan(bytes_per_element); 613| 549| } 614| 549| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 549| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 549] ------------------ 620| 0| store_elementwise(); 621| 549| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 549| } else { 625| 549| store_elementwise(); 626| 549| } 627| 549| } 628| 549|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_6vectorIhNS2_9allocatorIhEEEETkNS4_14spanable_rangeEA16_mQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISD_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISL_EESM_E4type10value_typeEEEEvOT1_RKSI_ENKUlvE_clEv: 607| 549| auto store_elementwise = [&] { 608| 549| constexpr size_t bytes_per_element = sizeof(element_type); 609| 549| std::span out_s(out); 610| 8.78k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 8.78k, False: 549] ------------------ 611| 8.78k| store_any(out_s.template first(), in_elem); 612| 8.78k| out_s = out_s.subspan(bytes_per_element); 613| 8.78k| } 614| 549| }; _ZN5Botan8store_beINS_6detail10AutoDetectEJRNSt3__14spanIhLm64EEERNS3_5arrayImLm8EEEEEEDaDpOT0_: 745| 2.54k|inline constexpr auto store_be(ParamTs&&... params) { 746| 2.54k| return detail::store_any(std::forward(params)...); 747| 2.54k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm64EEETkNS5_14spanable_rangeENS2_5arrayImLm8EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_: 603| 2.54k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 2.54k| ranges::assert_equal_byte_lengths(out, in); 605| 2.54k| using element_type = std::ranges::range_value_t; 606| | 607| 2.54k| auto store_elementwise = [&] { 608| 2.54k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 2.54k| std::span out_s(out); 610| 2.54k| for(auto in_elem : in) { 611| 2.54k| store_any(out_s.template first(), in_elem); 612| 2.54k| out_s = out_s.subspan(bytes_per_element); 613| 2.54k| } 614| 2.54k| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 2.54k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 2.54k] ------------------ 620| 0| store_elementwise(); 621| 2.54k| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 2.54k| } else { 625| 2.54k| store_elementwise(); 626| 2.54k| } 627| 2.54k| } 628| 2.54k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm64EEETkNS5_14spanable_rangeENS2_5arrayImLm8EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_ENKUlvE_clEv: 607| 2.54k| auto store_elementwise = [&] { 608| 2.54k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 2.54k| std::span out_s(out); 610| 20.3k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 20.3k, False: 2.54k] ------------------ 611| 20.3k| store_any(out_s.template first(), in_elem); 612| 20.3k| out_s = out_s.subspan(bytes_per_element); 613| 20.3k| } 614| 2.54k| }; _ZN5Botan8store_beINS_6detail10AutoDetectEJRNSt3__15arrayImLm9EEEEEEDaDpOT0_: 745| 3.54k|inline constexpr auto store_be(ParamTs&&... params) { 746| 3.54k| return detail::store_any(std::forward(params)...); 747| 3.54k|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges14spanable_rangeERNS2_5arrayImLm9EEEQoooosr3stdE7same_asIS4_T0_Eaasr6rangesE25statically_spanable_rangeIS9_Esr3stdE21default_initializableIS9_Esr8conceptsE21resizable_byte_bufferIS9_EEEDaOT1_: 663| 3.54k|inline constexpr auto store_any(InR&& in_range) { 664| 3.54k| auto out = []([[maybe_unused]] const auto& in) { 665| 3.54k| if constexpr(std::same_as) { 666| 3.54k| if constexpr(ranges::statically_spanable_range) { 667| 3.54k| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 3.54k| return std::array(); 669| 3.54k| } else { 670| 3.54k| static_assert( 671| 3.54k| !std::same_as, 672| 3.54k| "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| 3.54k| } 674| 3.54k| } else if constexpr(concepts::resizable_byte_buffer) { 675| 3.54k| return OutR(std::span{in}.size_bytes()); 676| 3.54k| } else { 677| 3.54k| return OutR{}; 678| 3.54k| } 679| 3.54k| }(in_range); 680| | 681| 3.54k| store_any>(out, std::forward(in_range)); 682| 3.54k| return out; 683| 3.54k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS0_10AutoDetectETkNS_6ranges14spanable_rangeERNS2_5arrayImLm9EEEQoooosr3stdE7same_asIS4_T0_Eaasr6rangesE25statically_spanable_rangeIS9_Esr3stdE21default_initializableIS9_Esr8conceptsE21resizable_byte_bufferIS9_EEEDaOT1_ENKUlRKT_E_clIS7_EEDaSE_: 664| 3.54k| auto out = []([[maybe_unused]] const auto& in) { 665| 3.54k| if constexpr(std::same_as) { 666| 3.54k| if constexpr(ranges::statically_spanable_range) { 667| 3.54k| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 3.54k| return std::array(); 669| | } else { 670| | static_assert( 671| | !std::same_as, 672| | "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| | } 674| | } else if constexpr(concepts::resizable_byte_buffer) { 675| | return OutR(std::span{in}.size_bytes()); 676| | } else { 677| | return OutR{}; 678| | } 679| 3.54k| }(in_range); _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_5arrayIhLm72EEETkNS4_14spanable_rangeENS6_ImLm9EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_: 603| 3.54k|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 3.54k| ranges::assert_equal_byte_lengths(out, in); 605| 3.54k| using element_type = std::ranges::range_value_t; 606| | 607| 3.54k| auto store_elementwise = [&] { 608| 3.54k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 3.54k| std::span out_s(out); 610| 3.54k| for(auto in_elem : in) { 611| 3.54k| store_any(out_s.template first(), in_elem); 612| 3.54k| out_s = out_s.subspan(bytes_per_element); 613| 3.54k| } 614| 3.54k| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 3.54k| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 3.54k] ------------------ 620| 0| store_elementwise(); 621| 3.54k| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 3.54k| } else { 625| 3.54k| store_elementwise(); 626| 3.54k| } 627| 3.54k| } 628| 3.54k|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_5arrayIhLm72EEETkNS4_14spanable_rangeENS6_ImLm9EEEQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISB_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEEvOT1_RKSG_ENKUlvE_clEv: 607| 3.54k| auto store_elementwise = [&] { 608| 3.54k| constexpr size_t bytes_per_element = sizeof(element_type); 609| 3.54k| std::span out_s(out); 610| 31.9k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 31.9k, False: 3.54k] ------------------ 611| 31.9k| store_any(out_s.template first(), in_elem); 612| 31.9k| out_s = out_s.subspan(bytes_per_element); 613| 31.9k| } 614| 3.54k| }; _ZN5Botan7load_leINS_6detail10AutoDetectEJRA9_mRA8_hRKmEEEDaDpOT0_: 495| 680|inline constexpr auto load_le(ParamTs&&... params) { 496| 680| return detail::load_any(std::forward(params)...); 497| 680|} _ZN5Botan8store_beINSt3__16vectorIhNS1_9allocatorIhEEEEJRA18_mEEEDaDpOT0_: 745| 680|inline constexpr auto store_be(ParamTs&&... params) { 746| 680| return detail::store_any(std::forward(params)...); 747| 680|} _ZN5Botan6detail9store_anyILNSt3__16endianE64206ENS2_6vectorIhNS2_9allocatorIhEEEETkNS_6ranges14spanable_rangeERA18_mQoooosr3stdE7same_asINS0_10AutoDetectET0_Eaasr6rangesE25statically_spanable_rangeISC_Esr3stdE21default_initializableISC_Esr8conceptsE21resizable_byte_bufferISC_EEEDaOT1_: 663| 680|inline constexpr auto store_any(InR&& in_range) { 664| 680| auto out = []([[maybe_unused]] const auto& in) { 665| 680| if constexpr(std::same_as) { 666| 680| if constexpr(ranges::statically_spanable_range) { 667| 680| constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| 680| return std::array(); 669| 680| } else { 670| 680| static_assert( 671| 680| !std::same_as, 672| 680| "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| 680| } 674| 680| } else if constexpr(concepts::resizable_byte_buffer) { 675| 680| return OutR(std::span{in}.size_bytes()); 676| 680| } else { 677| 680| return OutR{}; 678| 680| } 679| 680| }(in_range); 680| | 681| 680| store_any>(out, std::forward(in_range)); 682| 680| return out; 683| 680|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206ENS2_6vectorIhNS2_9allocatorIhEEEETkNS_6ranges14spanable_rangeERA18_mQoooosr3stdE7same_asINS0_10AutoDetectET0_Eaasr6rangesE25statically_spanable_rangeISC_Esr3stdE21default_initializableISC_Esr8conceptsE21resizable_byte_bufferISC_EEEDaOT1_ENKUlRKT_E_clIS9_EEDaSH_: 664| 680| auto out = []([[maybe_unused]] const auto& in) { 665| | if constexpr(std::same_as) { 666| | if constexpr(ranges::statically_spanable_range) { 667| | constexpr size_t bytes = decltype(std::span{in})::extent * sizeof(std::ranges::range_value_t); 668| | return std::array(); 669| | } else { 670| | static_assert( 671| | !std::same_as, 672| | "cannot infer a suitable result container type from the given parameters at compile time, please specify it explicitly"); 673| | } 674| 680| } else if constexpr(concepts::resizable_byte_buffer) { 675| 680| return OutR(std::span{in}.size_bytes()); 676| | } else { 677| | return OutR{}; 678| | } 679| 680| }(in_range); _ZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_6vectorIhNS2_9allocatorIhEEEETkNS4_14spanable_rangeEA18_mQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISD_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISL_EESM_E4type10value_typeEEEEvOT1_RKSI_: 603| 680|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 680| ranges::assert_equal_byte_lengths(out, in); 605| 680| using element_type = std::ranges::range_value_t; 606| | 607| 680| auto store_elementwise = [&] { 608| 680| constexpr size_t bytes_per_element = sizeof(element_type); 609| 680| std::span out_s(out); 610| 680| for(auto in_elem : in) { 611| 680| store_any(out_s.template first(), in_elem); 612| 680| out_s = out_s.subspan(bytes_per_element); 613| 680| } 614| 680| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 680| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 680] ------------------ 620| 0| store_elementwise(); 621| 680| } else { 622| | if constexpr(endianness == std::endian::native && !custom_storable) { 623| | typecast_copy(out, in); 624| 680| } else { 625| 680| store_elementwise(); 626| 680| } 627| 680| } 628| 680|} _ZZN5Botan6detail9store_anyILNSt3__16endianE64206EmTkNS_6ranges23contiguous_output_rangeIhEERNS2_6vectorIhNS2_9allocatorIhEEEETkNS4_14spanable_rangeEA18_mQoosr3stdE7same_asINS0_10AutoDetectET0_Esr3stdE7same_asISD_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISL_EESM_E4type10value_typeEEEEvOT1_RKSI_ENKUlvE_clEv: 607| 680| auto store_elementwise = [&] { 608| 680| constexpr size_t bytes_per_element = sizeof(element_type); 609| 680| std::span out_s(out); 610| 12.2k| for(auto in_elem : in) { ------------------ | Branch (610:24): [True: 12.2k, False: 680] ------------------ 611| 12.2k| store_any(out_s.template first(), in_elem); 612| 12.2k| out_s = out_s.subspan(bytes_per_element); 613| 12.2k| } 614| 680| }; _ZN5Botan7load_leINS_6detail10AutoDetectEJRNSt3__15arrayImLm7EEERNS3_4spanIKhLm56EEEEEEDaDpOT0_: 495| 24|inline constexpr auto load_le(ParamTs&&... params) { 496| 24| return detail::load_any(std::forward(params)...); 497| 24|} _ZN5Botan6detail8load_anyILNSt3__16endianE57005ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeERNS2_5arrayImLm7EEETkNS5_16contiguous_rangeIhEENS2_4spanIKhLm56EEEQaa20unsigned_integralishINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT1_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISR_SQ_EEEvOSH_RKT2_: 355| 24|inline constexpr void load_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 356| 24| ranges::assert_equal_byte_lengths(out, in); 357| 24| using element_type = std::ranges::range_value_t; 358| | 359| 24| auto load_elementwise = [&] { 360| 24| constexpr size_t bytes_per_element = sizeof(element_type); 361| 24| std::span in_s(in); 362| 24| for(auto& out_elem : out) { 363| 24| out_elem = load_any(in_s.template first()); 364| 24| in_s = in_s.subspan(bytes_per_element); 365| 24| } 366| 24| }; 367| | 368| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 369| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 370| | // in a `constexpr` context. 371| 24| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (371:7): [Folded, False: 24] ------------------ 372| 0| load_elementwise(); 373| 24| } else { 374| 24| if constexpr(endianness == std::endian::native && !custom_loadable) { 375| 24| typecast_copy(out, in); 376| | } else { 377| | load_elementwise(); 378| | } 379| 24| } 380| 24|} _ZN5Botan8store_leINS_6detail10AutoDetectEJRNSt3__14spanIhLm56EEENS3_5arrayImLm7EEEEEEDaDpOT0_: 736| 12|inline constexpr auto store_le(ParamTs&&... params) { 737| 12| return detail::store_any(std::forward(params)...); 738| 12|} _ZN5Botan6detail9store_anyILNSt3__16endianE57005ENS0_10AutoDetectETkNS_6ranges23contiguous_output_rangeIhEERNS2_4spanIhLm56EEETkNS5_14spanable_rangeENS2_5arrayImLm7EEEQoosr3stdE7same_asIS4_T0_Esr3stdE7same_asISC_NS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT2_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISK_EESL_E4type10value_typeEEEEvOT1_RKSH_: 603| 12|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 604| 12| ranges::assert_equal_byte_lengths(out, in); 605| 12| using element_type = std::ranges::range_value_t; 606| | 607| 12| auto store_elementwise = [&] { 608| 12| constexpr size_t bytes_per_element = sizeof(element_type); 609| 12| std::span out_s(out); 610| 12| for(auto in_elem : in) { 611| 12| store_any(out_s.template first(), in_elem); 612| 12| out_s = out_s.subspan(bytes_per_element); 613| 12| } 614| 12| }; 615| | 616| | // At compile time we cannot use `typecast_copy` as it uses `std::memcpy` 617| | // internally to copy ranges on a byte-by-byte basis, which is not allowed 618| | // in a `constexpr` context. 619| 12| if(std::is_constant_evaluated()) /* TODO: C++23: if consteval {} */ { ------------------ | Branch (619:7): [Folded, False: 12] ------------------ 620| 0| store_elementwise(); 621| 12| } else { 622| 12| if constexpr(endianness == std::endian::native && !custom_storable) { 623| 12| typecast_copy(out, in); 624| | } else { 625| | store_elementwise(); 626| | } 627| 12| } 628| 12|} _ZN5Botan8store_leINS_6detail10AutoDetectEJRPhmmmmEEEDaDpOT0_: 736| 19|inline constexpr auto store_le(ParamTs&&... params) { 737| 19| return detail::store_any(std::forward(params)...); 738| 19|} _ZN5Botan6detail9store_anyILNSt3__16endianE57005ENS0_10AutoDetectETkNS0_20unsigned_integralishEmTpTkNS0_20unsigned_integralishEJmmmEQaaoosr3stdE7same_asIS4_T0_Esr3stdE7same_asIT1_S5_E10all_same_vIS6_DpT2_EEEvPhS6_S8_: 723| 19|inline constexpr void store_any(uint8_t out[], T0 in0, Ts... ins) { 724| 19| constexpr auto bytes = sizeof(in0) + (sizeof(ins) + ... + 0); 725| | // asserts that *out points to the correct amount of memory 726| 19| store_any(std::span(out, bytes), in0, ins...); 727| 19|} _ZN5Botan6detail9store_anyILNSt3__16endianE57005EmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm32EEETpTkNS0_20unsigned_integralishEJmmmmEQaagtsZT2_Li0Eooaasr3stdE7same_asINS0_10AutoDetectET0_E10all_same_vIDpT2_Eaa20unsigned_integralishIS9_E10all_same_vIS9_SB_EEEvOT1_SB_: 582| 19|inline constexpr void store_any(OutR&& out /* NOLINT(*-std-forward) */, Ts... ins) { 583| 19| ranges::assert_exact_byte_length<(sizeof(Ts) + ...)>(out); 584| 19| auto store_one = [off = 0](auto o, T i) mutable { 585| 19| store_any(i, o.subspan(off).template first()); 586| 19| off += sizeof(T); 587| 19| }; 588| | 589| 19| (store_one(std::span{out}, ins), ...); 590| 19|} _ZZN5Botan6detail9store_anyILNSt3__16endianE57005EmTkNS_6ranges23contiguous_output_rangeIhEENS2_4spanIhLm32EEETpTkNS0_20unsigned_integralishEJmmmmEQaagtsZT2_Li0Eooaasr3stdE7same_asINS0_10AutoDetectET0_E10all_same_vIDpT2_Eaa20unsigned_integralishIS9_E10all_same_vIS9_SB_EEEvOT1_SB_ENUlTyS9_T_E_clImS7_EEDaS9_SE_: 584| 76| auto store_one = [off = 0](auto o, T i) mutable { 585| 76| store_any(i, o.subspan(off).template first()); 586| 76| off += sizeof(T); 587| 76| }; _ZN5Botan7load_beItJPKhiEEEDaDpOT0_: 504| 1.49k|inline constexpr auto load_be(ParamTs&&... params) { 505| 1.49k| return detail::load_any(std::forward(params)...); 506| 1.49k|} _ZN5Botan8store_beINS_6detail10AutoDetectEJRtPhEEEDaDpOT0_: 745| 8|inline constexpr auto store_be(ParamTs&&... params) { 746| 8| return detail::store_any(std::forward(params)...); 747| 8|} _ZN5Botan18MerkleDamgard_HashINS_5SHA_1EEC2Ev: 42| 7.17k| MerkleDamgard_Hash() { clear(); } _ZN5Botan18MerkleDamgard_HashINS_5SHA_1EE5clearEv: 70| 35.7k| void clear() { 71| 35.7k| MD::init(m_digest); 72| 35.7k| m_buffer.clear(); 73| 35.7k| m_count = 0; 74| 35.7k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_256EEC2Ev: 42| 34.2k| MerkleDamgard_Hash() { clear(); } _ZN5Botan18MerkleDamgard_HashINS_7SHA_256EE5clearEv: 70| 133k| void clear() { 71| 133k| MD::init(m_digest); 72| 133k| m_buffer.clear(); 73| 133k| m_count = 0; 74| 133k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_384EEC2Ev: 42| 764| MerkleDamgard_Hash() { clear(); } _ZN5Botan18MerkleDamgard_HashINS_7SHA_384EE5clearEv: 70| 7.34k| void clear() { 71| 7.34k| MD::init(m_digest); 72| 7.34k| m_buffer.clear(); 73| 7.34k| m_count = 0; 74| 7.34k| } _ZN5Botan18MerkleDamgard_HashINS_5SHA_1EE6updateENSt3__14spanIKhLm18446744073709551615EEE: 44| 29.0k| void update(std::span input) { 45| 29.0k| BufferSlicer in(input); 46| | 47| 72.2k| while(!in.empty()) { ------------------ | Branch (47:16): [True: 43.1k, False: 29.0k] ------------------ 48| 43.1k| if(const auto one_block = m_buffer.handle_unaligned_data(in)) { ------------------ | Branch (48:27): [True: 59, False: 43.1k] ------------------ 49| 59| MD::compress_n(m_digest, one_block.value(), 1); 50| 59| } 51| | 52| 43.1k| if(m_buffer.in_alignment()) { ------------------ | Branch (52:16): [True: 14.5k, False: 28.6k] ------------------ 53| 14.5k| const auto [aligned_data, full_blocks] = m_buffer.aligned_data_to_process(in); 54| 14.5k| if(full_blocks > 0) { ------------------ | Branch (54:19): [True: 14.5k, False: 5] ------------------ 55| 14.5k| MD::compress_n(m_digest, aligned_data, full_blocks); 56| 14.5k| } 57| 14.5k| } 58| 43.1k| } 59| | 60| 29.0k| m_count += input.size(); 61| 29.0k| } _ZN5Botan18MerkleDamgard_HashINS_5SHA_1EE5finalENSt3__14spanIhLm18446744073709551615EEE: 63| 28.4k| void final(std::span output) { 64| 28.4k| append_padding_bit(); 65| 28.4k| append_counter_and_finalize(); 66| 28.4k| copy_output(output); 67| 28.4k| clear(); 68| 28.4k| } _ZN5Botan18MerkleDamgard_HashINS_5SHA_1EE18append_padding_bitEv: 77| 28.4k| void append_padding_bit() { 78| 28.4k| BOTAN_ASSERT_NOMSG(!m_buffer.ready_to_consume()); ------------------ | | 77| 28.4k| do { \ | | 78| 28.4k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 28.4k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 28.4k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 28.4k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 28.4k] | | ------------------ ------------------ 79| 28.4k| if constexpr(MD::bit_endianness == MD_Endian::Big) { 80| 28.4k| const uint8_t final_byte = 0x80; 81| 28.4k| m_buffer.append({&final_byte, 1}); 82| | } else { 83| | const uint8_t final_byte = 0x01; 84| | m_buffer.append({&final_byte, 1}); 85| | } 86| 28.4k| } _ZN5Botan18MerkleDamgard_HashINS_5SHA_1EE27append_counter_and_finalizeEv: 88| 28.4k| void append_counter_and_finalize() { 89| | // Compress the remaining data if the final data block does not provide 90| | // enough space for the counter bytes. 91| 28.4k| if(m_buffer.elements_until_alignment() < MD::ctr_bytes) { ------------------ | Branch (91:13): [True: 14.1k, False: 14.3k] ------------------ 92| 14.1k| m_buffer.fill_up_with_zeros(); 93| 14.1k| MD::compress_n(m_digest, m_buffer.consume(), 1); 94| 14.1k| } 95| | 96| | // Make sure that any remaining bytes in the very last block are zero. 97| 28.4k| BOTAN_ASSERT_NOMSG(m_buffer.elements_until_alignment() >= MD::ctr_bytes); ------------------ | | 77| 28.4k| do { \ | | 78| 28.4k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 28.4k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 28.4k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 28.4k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 28.4k] | | ------------------ ------------------ 98| 28.4k| m_buffer.fill_up_with_zeros(); 99| | 100| | // Replace a bunch of the right-most zero-padding with the counter bytes. 101| 28.4k| const uint64_t bit_count = m_count * 8; 102| 28.4k| auto last_bytes = m_buffer.directly_modify_last(sizeof(bit_count)); 103| 28.4k| if constexpr(MD::byte_endianness == MD_Endian::Big) { 104| 28.4k| store_be(bit_count, last_bytes.data()); 105| | } else { 106| | store_le(bit_count, last_bytes.data()); 107| | } 108| | 109| | // Compress the very last block. 110| 28.4k| MD::compress_n(m_digest, m_buffer.consume(), 1); 111| 28.4k| } _ZN5Botan18MerkleDamgard_HashINS_5SHA_1EE11copy_outputENSt3__14spanIhLm18446744073709551615EEE: 113| 28.4k| void copy_output(std::span output) { 114| 28.4k| BOTAN_ASSERT_NOMSG(output.size() >= MD::output_bytes); ------------------ | | 77| 28.4k| do { \ | | 78| 28.4k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 28.4k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 28.4k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 28.4k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 28.4k] | | ------------------ ------------------ 115| | 116| 28.4k| if constexpr(MD::byte_endianness == MD_Endian::Big) { 117| 28.4k| copy_out_be(output.first(MD::output_bytes), m_digest); 118| | } else { 119| | copy_out_le(output.first(MD::output_bytes), m_digest); 120| | } 121| 28.4k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_256EE6updateENSt3__14spanIKhLm18446744073709551615EEE: 44| 189k| void update(std::span input) { 45| 189k| BufferSlicer in(input); 46| | 47| 394k| while(!in.empty()) { ------------------ | Branch (47:16): [True: 204k, False: 189k] ------------------ 48| 204k| if(const auto one_block = m_buffer.handle_unaligned_data(in)) { ------------------ | Branch (48:27): [True: 6.57k, False: 198k] ------------------ 49| 6.57k| MD::compress_n(m_digest, one_block.value(), 1); 50| 6.57k| } 51| | 52| 204k| if(m_buffer.in_alignment()) { ------------------ | Branch (52:16): [True: 77.3k, False: 127k] ------------------ 53| 77.3k| const auto [aligned_data, full_blocks] = m_buffer.aligned_data_to_process(in); 54| 77.3k| if(full_blocks > 0) { ------------------ | Branch (54:19): [True: 70.8k, False: 6.49k] ------------------ 55| 70.8k| MD::compress_n(m_digest, aligned_data, full_blocks); 56| 70.8k| } 57| 77.3k| } 58| 204k| } 59| | 60| 189k| m_count += input.size(); 61| 189k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_256EE5finalENSt3__14spanIhLm18446744073709551615EEE: 63| 88.2k| void final(std::span output) { 64| 88.2k| append_padding_bit(); 65| 88.2k| append_counter_and_finalize(); 66| 88.2k| copy_output(output); 67| 88.2k| clear(); 68| 88.2k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_256EE18append_padding_bitEv: 77| 88.2k| void append_padding_bit() { 78| 88.2k| BOTAN_ASSERT_NOMSG(!m_buffer.ready_to_consume()); ------------------ | | 77| 88.2k| do { \ | | 78| 88.2k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 88.2k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 88.2k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 88.2k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 88.2k] | | ------------------ ------------------ 79| 88.2k| if constexpr(MD::bit_endianness == MD_Endian::Big) { 80| 88.2k| const uint8_t final_byte = 0x80; 81| 88.2k| m_buffer.append({&final_byte, 1}); 82| | } else { 83| | const uint8_t final_byte = 0x01; 84| | m_buffer.append({&final_byte, 1}); 85| | } 86| 88.2k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_256EE27append_counter_and_finalizeEv: 88| 88.2k| void append_counter_and_finalize() { 89| | // Compress the remaining data if the final data block does not provide 90| | // enough space for the counter bytes. 91| 88.2k| if(m_buffer.elements_until_alignment() < MD::ctr_bytes) { ------------------ | Branch (91:13): [True: 17.6k, False: 70.6k] ------------------ 92| 17.6k| m_buffer.fill_up_with_zeros(); 93| 17.6k| MD::compress_n(m_digest, m_buffer.consume(), 1); 94| 17.6k| } 95| | 96| | // Make sure that any remaining bytes in the very last block are zero. 97| 88.2k| BOTAN_ASSERT_NOMSG(m_buffer.elements_until_alignment() >= MD::ctr_bytes); ------------------ | | 77| 88.2k| do { \ | | 78| 88.2k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 88.2k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 88.2k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 88.2k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 88.2k] | | ------------------ ------------------ 98| 88.2k| m_buffer.fill_up_with_zeros(); 99| | 100| | // Replace a bunch of the right-most zero-padding with the counter bytes. 101| 88.2k| const uint64_t bit_count = m_count * 8; 102| 88.2k| auto last_bytes = m_buffer.directly_modify_last(sizeof(bit_count)); 103| 88.2k| if constexpr(MD::byte_endianness == MD_Endian::Big) { 104| 88.2k| store_be(bit_count, last_bytes.data()); 105| | } else { 106| | store_le(bit_count, last_bytes.data()); 107| | } 108| | 109| | // Compress the very last block. 110| 88.2k| MD::compress_n(m_digest, m_buffer.consume(), 1); 111| 88.2k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_256EE11copy_outputENSt3__14spanIhLm18446744073709551615EEE: 113| 88.2k| void copy_output(std::span output) { 114| 88.2k| BOTAN_ASSERT_NOMSG(output.size() >= MD::output_bytes); ------------------ | | 77| 88.2k| do { \ | | 78| 88.2k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 88.2k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 88.2k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 88.2k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 88.2k] | | ------------------ ------------------ 115| | 116| 88.2k| if constexpr(MD::byte_endianness == MD_Endian::Big) { 117| 88.2k| copy_out_be(output.first(MD::output_bytes), m_digest); 118| | } else { 119| | copy_out_le(output.first(MD::output_bytes), m_digest); 120| | } 121| 88.2k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_384EE6updateENSt3__14spanIKhLm18446744073709551615EEE: 44| 14.9k| void update(std::span input) { 45| 14.9k| BufferSlicer in(input); 46| | 47| 30.1k| while(!in.empty()) { ------------------ | Branch (47:16): [True: 15.2k, False: 14.9k] ------------------ 48| 15.2k| if(const auto one_block = m_buffer.handle_unaligned_data(in)) { ------------------ | Branch (48:27): [True: 18, False: 15.2k] ------------------ 49| 18| MD::compress_n(m_digest, one_block.value(), 1); 50| 18| } 51| | 52| 15.2k| if(m_buffer.in_alignment()) { ------------------ | Branch (52:16): [True: 6.59k, False: 8.67k] ------------------ 53| 6.59k| const auto [aligned_data, full_blocks] = m_buffer.aligned_data_to_process(in); 54| 6.59k| if(full_blocks > 0) { ------------------ | Branch (54:19): [True: 6.59k, False: 2] ------------------ 55| 6.59k| MD::compress_n(m_digest, aligned_data, full_blocks); 56| 6.59k| } 57| 6.59k| } 58| 15.2k| } 59| | 60| 14.9k| m_count += input.size(); 61| 14.9k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_384EE5finalENSt3__14spanIhLm18446744073709551615EEE: 63| 5.88k| void final(std::span output) { 64| 5.88k| append_padding_bit(); 65| 5.88k| append_counter_and_finalize(); 66| 5.88k| copy_output(output); 67| 5.88k| clear(); 68| 5.88k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_384EE18append_padding_bitEv: 77| 5.88k| void append_padding_bit() { 78| 5.88k| BOTAN_ASSERT_NOMSG(!m_buffer.ready_to_consume()); ------------------ | | 77| 5.88k| do { \ | | 78| 5.88k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 5.88k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 5.88k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 5.88k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 5.88k] | | ------------------ ------------------ 79| 5.88k| if constexpr(MD::bit_endianness == MD_Endian::Big) { 80| 5.88k| const uint8_t final_byte = 0x80; 81| 5.88k| m_buffer.append({&final_byte, 1}); 82| | } else { 83| | const uint8_t final_byte = 0x01; 84| | m_buffer.append({&final_byte, 1}); 85| | } 86| 5.88k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_384EE27append_counter_and_finalizeEv: 88| 5.88k| void append_counter_and_finalize() { 89| | // Compress the remaining data if the final data block does not provide 90| | // enough space for the counter bytes. 91| 5.88k| if(m_buffer.elements_until_alignment() < MD::ctr_bytes) { ------------------ | Branch (91:13): [True: 1.35k, False: 4.52k] ------------------ 92| 1.35k| m_buffer.fill_up_with_zeros(); 93| 1.35k| MD::compress_n(m_digest, m_buffer.consume(), 1); 94| 1.35k| } 95| | 96| | // Make sure that any remaining bytes in the very last block are zero. 97| 5.88k| BOTAN_ASSERT_NOMSG(m_buffer.elements_until_alignment() >= MD::ctr_bytes); ------------------ | | 77| 5.88k| do { \ | | 78| 5.88k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 5.88k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 5.88k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 5.88k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 5.88k] | | ------------------ ------------------ 98| 5.88k| m_buffer.fill_up_with_zeros(); 99| | 100| | // Replace a bunch of the right-most zero-padding with the counter bytes. 101| 5.88k| const uint64_t bit_count = m_count * 8; 102| 5.88k| auto last_bytes = m_buffer.directly_modify_last(sizeof(bit_count)); 103| 5.88k| if constexpr(MD::byte_endianness == MD_Endian::Big) { 104| 5.88k| store_be(bit_count, last_bytes.data()); 105| | } else { 106| | store_le(bit_count, last_bytes.data()); 107| | } 108| | 109| | // Compress the very last block. 110| 5.88k| MD::compress_n(m_digest, m_buffer.consume(), 1); 111| 5.88k| } _ZN5Botan18MerkleDamgard_HashINS_7SHA_384EE11copy_outputENSt3__14spanIhLm18446744073709551615EEE: 113| 5.88k| void copy_output(std::span output) { 114| 5.88k| BOTAN_ASSERT_NOMSG(output.size() >= MD::output_bytes); ------------------ | | 77| 5.88k| do { \ | | 78| 5.88k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 5.88k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 5.88k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 5.88k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 5.88k] | | ------------------ ------------------ 115| | 116| 5.88k| if constexpr(MD::byte_endianness == MD_Endian::Big) { 117| 5.88k| copy_out_be(output.first(MD::output_bytes), m_digest); 118| | } else { 119| | copy_out_le(output.first(MD::output_bytes), m_digest); 120| | } 121| 5.88k| } _ZN5Botan16as_span_of_bytesENSt3__117basic_string_viewIcNS0_11char_traitsIcEEEE: 68| 27.7k|inline std::span as_span_of_bytes(std::string_view s) { 69| 27.7k| return as_span_of_bytes(s.data(), s.size()); 70| 27.7k|} _ZN5Botan16as_span_of_bytesEPKcm: 59| 27.7k|inline std::span as_span_of_bytes(const char* s, size_t len) { 60| 27.7k| const uint8_t* b = reinterpret_cast(s); 61| 27.7k| return std::span{b, len}; 62| 27.7k|} _ZN5Botan15bytes_to_stringENSt3__14spanIKhLm18446744073709551615EEE: 76| 66.9k|inline std::string bytes_to_string(std::span bytes) { 77| 66.9k| return std::string(reinterpret_cast(bytes.data()), bytes.size()); 78| 66.9k|} _ZN5Botan14zeroize_bufferITkNSt3__117unsigned_integralEhEEvPT_m: 37| 332k|inline void zeroize_buffer(T buf[], size_t n) { 38| 332k| if(n > 0) { ------------------ | Branch (38:7): [True: 332k, False: 0] ------------------ 39| 332k| std::memset(buf, 0, sizeof(T) * n); 40| 332k| } 41| 332k|} _ZN5Botan21unchecked_copy_memoryITkNSt3__117unsigned_integralEmEEvPT_PKS2_m: 44| 150|inline void unchecked_copy_memory(T* out, const T* in, size_t n) { 45| 150| if(in != nullptr && out != nullptr && n > 0) { ------------------ | Branch (45:7): [True: 150, False: 0] | Branch (45:24): [True: 150, False: 0] | Branch (45:42): [True: 150, False: 0] ------------------ 46| 150| std::memmove(out, in, sizeof(T) * n); 47| 150| } 48| 150|} _ZN5Botan14zeroize_bufferITkNSt3__117unsigned_integralEmEEvPT_m: 37| 48.0k|inline void zeroize_buffer(T buf[], size_t n) { 38| 48.0k| if(n > 0) { ------------------ | Branch (38:7): [True: 48.0k, False: 3] ------------------ 39| 48.0k| std::memset(buf, 0, sizeof(T) * n); 40| 48.0k| } 41| 48.0k|} _ZNK5Botan12Null_Padding15valid_blocksizeEm: 172| 254| bool valid_blocksize(size_t /*block_size*/) const override { return true; } _ZN5Botan28BlockCipherModePaddingMethodD2Ev: 78| 254| virtual ~BlockCipherModePaddingMethod() = default; _ZNK5Botan17Montgomery_Params1pEv: 41| 23.8k| const BigInt& p() const { return m_data->p(); } _ZNK5Botan17Montgomery_Params2R1Ev: 43| 11.9k| const BigInt& R1() const { return m_data->r1(); } _ZNK5Botan17Montgomery_Params2R2Ev: 45| 23.8k| const BigInt& R2() const { return m_data->r2(); } _ZNK5Botan17Montgomery_Params6p_dashEv: 49| 23.8k| word p_dash() const { return m_data->p_dash(); } _ZNK5Botan17Montgomery_Params7p_wordsEv: 51| 23.8k| size_t p_words() const { return m_data->p_size(); } _ZNK5Botan17Montgomery_Params4Data1pEv: 76| 23.8k| const BigInt& p() const { return m_p; } _ZNK5Botan17Montgomery_Params4Data2r1Ev: 78| 11.9k| const BigInt& r1() const { return m_r1; } _ZNK5Botan17Montgomery_Params4Data2r2Ev: 80| 23.8k| const BigInt& r2() const { return m_r2; } _ZNK5Botan17Montgomery_Params4Data6p_dashEv: 84| 23.8k| word p_dash() const { return m_p_dash; } _ZNK5Botan17Montgomery_Params4Data6p_sizeEv: 86| 23.8k| size_t p_size() const { return m_p_words; } _ZN5Botan10word8_add3ITkNS_8WordTypeEmEET_PS1_PKS1_S4_S1_: 294| 4|inline constexpr auto word8_add3(W z[8], const W x[8], const W y[8], W carry) -> W { 295| 4|#if defined(BOTAN_MP_USE_X86_64_ASM) 296| 4| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (296:7): [True: 0, Folded] | Branch (296:36): [True: 0, Folded] ------------------ 297| 4| asm volatile(ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "adcq")) 298| 4| : [carry] "=r"(carry) 299| 4| : [x] "r"(x), [y] "r"(y), [z] "r"(z), "0"(carry) 300| 4| : "cc", "memory"); 301| 4| return carry; 302| 4| } 303| 0|#endif 304| | 305| 0| z[0] = word_add(x[0], y[0], &carry); 306| 0| z[1] = word_add(x[1], y[1], &carry); 307| 0| z[2] = word_add(x[2], y[2], &carry); 308| 0| z[3] = word_add(x[3], y[3], &carry); 309| 0| z[4] = word_add(x[4], y[4], &carry); 310| 0| z[5] = word_add(x[5], y[5], &carry); 311| 0| z[6] = word_add(x[6], y[6], &carry); 312| 0| z[7] = word_add(x[7], y[7], &carry); 313| 0| return carry; 314| 4|} _ZN5Botan8word_addITkNS_8WordTypeEmEET_S1_S1_PS1_: 231| 85.2M|inline constexpr auto word_add(W x, W y, W* carry) -> W { 232| 85.2M|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_addc) 233| 85.2M| if(!std::is_constant_evaluated()) { ------------------ | Branch (233:7): [True: 85.2M, Folded] ------------------ 234| | if constexpr(std::same_as) { 235| | return __builtin_addc(x, y, *carry & 1, carry); 236| 85.2M| } else if constexpr(std::same_as) { 237| 85.2M| return __builtin_addcl(x, y, *carry & 1, carry); 238| | } else if constexpr(std::same_as) { 239| | return __builtin_addcll(x, y, *carry & 1, carry); 240| | } 241| 85.2M| } 242| 0|#endif 243| | 244| | if constexpr(WordInfo::dword_is_native && use_dword_for_word_add) { 245| | /* 246| | TODO(Botan4) this is largely a performance hack for GCCs that don't 247| | support __builtin_addc, if we increase the minimum supported version of 248| | GCC to GCC 14 then we can remove this and not worry about it 249| | */ 250| | const W cb = *carry & 1; 251| | const auto s = typename WordInfo::dword(x) + y + cb; 252| | *carry = static_cast(s >> WordInfo::bits); 253| | return static_cast(s); 254| 85.2M| } else { 255| 85.2M| const W cb = *carry & 1; 256| 85.2M| W z = x + y; 257| 85.2M| W c1 = (z < x); 258| 85.2M| z += cb; 259| 85.2M| *carry = c1 | (z < cb); 260| 85.2M| return z; 261| 85.2M| } 262| 85.2M|} _ZN5Botan10word8_sub3ITkNS_8WordTypeEmEET_PS1_PKS1_S4_S1_: 371| 2.53k|inline constexpr auto word8_sub3(W z[8], const W x[8], const W y[8], W carry) -> W { 372| 2.53k|#if defined(BOTAN_MP_USE_X86_64_ASM) 373| 2.53k| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (373:7): [True: 0, Folded] | Branch (373:36): [True: 0, Folded] ------------------ 374| 2.53k| asm volatile(ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "sbbq")) 375| 2.53k| : [carry] "=r"(carry) 376| 2.53k| : [x] "r"(x), [y] "r"(y), [z] "r"(z), "0"(carry) 377| 2.53k| : "cc", "memory"); 378| 2.53k| return carry; 379| 2.53k| } 380| 0|#endif 381| | 382| 0| z[0] = word_sub(x[0], y[0], &carry); 383| 0| z[1] = word_sub(x[1], y[1], &carry); 384| 0| z[2] = word_sub(x[2], y[2], &carry); 385| 0| z[3] = word_sub(x[3], y[3], &carry); 386| 0| z[4] = word_sub(x[4], y[4], &carry); 387| 0| z[5] = word_sub(x[5], y[5], &carry); 388| 0| z[6] = word_sub(x[6], y[6], &carry); 389| 0| z[7] = word_sub(x[7], y[7], &carry); 390| 0| return carry; 391| 2.53k|} _ZN5Botan8word_subITkNS_8WordTypeEmEET_S1_S1_PS1_: 320| 142M|inline constexpr auto word_sub(W x, W y, W* carry) -> W { 321| 142M|#if BOTAN_COMPILER_HAS_BUILTIN(__builtin_subc) 322| 142M| if(!std::is_constant_evaluated()) { ------------------ | Branch (322:7): [True: 142M, Folded] ------------------ 323| | if constexpr(std::same_as) { 324| | return __builtin_subc(x, y, *carry & 1, carry); 325| 142M| } else if constexpr(std::same_as) { 326| 142M| return __builtin_subcl(x, y, *carry & 1, carry); 327| | } else if constexpr(std::same_as) { 328| | return __builtin_subcll(x, y, *carry & 1, carry); 329| | } 330| 142M| } 331| 0|#endif 332| | 333| 0| const W cb = *carry & 1; 334| 142M| W t0 = x - y; 335| 142M| W c1 = (t0 > x); 336| 142M| W z = t0 - cb; 337| 142M| *carry = c1 | (z > t0); 338| 142M| return z; 339| 142M|} _ZN5Botan13word8_linmul3ITkNS_8WordTypeEmEET_PS1_PKS1_S1_S1_: 397| 51|inline constexpr auto word8_linmul3(W z[8], const W x[8], W y, W carry) -> W { 398| 51|#if defined(BOTAN_MP_USE_X86_64_ASM) 399| 51| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (399:7): [True: 0, Folded] | Branch (399:36): [True: 0, Folded] ------------------ 400| 51| asm(DO_8_TIMES(LINMUL_OP, "z") 401| 51| : [carry] "=r"(carry) 402| 51| : [z] "r"(z), [x] "r"(x), [y] "rm"(y), "0"(carry) 403| 51| : "cc", "%rax", "%rdx", "memory"); 404| 51| return carry; 405| 51| } 406| 0|#endif 407| | 408| 0| z[0] = word_madd2(x[0], y, &carry); 409| 0| z[1] = word_madd2(x[1], y, &carry); 410| 0| z[2] = word_madd2(x[2], y, &carry); 411| 0| z[3] = word_madd2(x[3], y, &carry); 412| 0| z[4] = word_madd2(x[4], y, &carry); 413| 0| z[5] = word_madd2(x[5], y, &carry); 414| 0| z[6] = word_madd2(x[6], y, &carry); 415| 0| z[7] = word_madd2(x[7], y, &carry); 416| 0| return carry; 417| 51|} _ZN5Botan10word_madd2ITkNS_8WordTypeEmEET_S1_S1_PS1_: 90| 38.2k|inline constexpr auto word_madd2(W a, W b, W* c) -> W { 91| 38.2k|#if defined(BOTAN_MP_USE_X86_64_ASM) 92| 38.2k| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (92:7): [True: 0, Folded] | Branch (92:36): [True: 0, Folded] ------------------ 93| 38.2k| asm(R"( 94| 38.2k| mulq %[b] 95| 38.2k| addq %[c],%[a] 96| 38.2k| adcq $0,%[carry] 97| 38.2k| )" 98| 38.2k| : [a] "=a"(a), [b] "=rm"(b), [carry] "=&d"(*c) 99| 38.2k| : "0"(a), "1"(b), [c] "g"(*c) 100| 38.2k| : "cc"); 101| | 102| 38.2k| return a; 103| 38.2k| } 104| |#elif defined(BOTAN_MP_USE_AARCH64_ASM) 105| | if(std::same_as && !std::is_constant_evaluated()) { 106| | W lo = 0; 107| | W hi = 0; 108| | asm(R"( 109| | mul %[lo], %[a], %[b] 110| | umulh %[hi], %[a], %[b] 111| | adds %[lo], %[lo], %[c] 112| | adc %[hi], %[hi], xzr 113| | )" 114| | : [lo] "=&r"(lo), [hi] "=&r"(hi) 115| | : [a] "r"(a), [b] "r"(b), [c] "r"(*c) 116| | : "cc"); 117| | 118| | *c = hi; 119| | return lo; 120| | } 121| |#endif 122| | 123| 0| typedef typename WordInfo::dword dword; 124| 0| const dword s = dword(a) * b + *c; 125| 0| *c = static_cast(s >> WordInfo::bits); 126| 0| return static_cast(s); 127| 38.2k|} _ZN5Botan11word8_madd3ITkNS_8WordTypeEmEET_PS1_PKS1_S1_S1_: 423| 152|inline constexpr auto word8_madd3(W z[8], const W x[8], W y, W carry) -> W { 424| 152|#if defined(BOTAN_MP_USE_X86_64_ASM) 425| 152| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (425:7): [True: 0, Folded] | Branch (425:36): [True: 0, Folded] ------------------ 426| 152| asm(DO_8_TIMES(MULADD_OP, "") 427| 152| : [carry] "=r"(carry) 428| 152| : [z] "r"(z), [x] "r"(x), [y] "rm"(y), "0"(carry) 429| 152| : "cc", "%rax", "%rdx", "memory"); 430| 152| return carry; 431| 152| } 432| 0|#endif 433| | 434| 0| z[0] = word_madd3(x[0], y, z[0], &carry); 435| 0| z[1] = word_madd3(x[1], y, z[1], &carry); 436| 0| z[2] = word_madd3(x[2], y, z[2], &carry); 437| 0| z[3] = word_madd3(x[3], y, z[3], &carry); 438| 0| z[4] = word_madd3(x[4], y, z[4], &carry); 439| 0| z[5] = word_madd3(x[5], y, z[5], &carry); 440| 0| z[6] = word_madd3(x[6], y, z[6], &carry); 441| 0| z[7] = word_madd3(x[7], y, z[7], &carry); 442| 0| return carry; 443| 152|} _ZN5Botan10word_madd3ITkNS_8WordTypeEmEET_S1_S1_S1_PS1_: 133| 304|inline constexpr auto word_madd3(W a, W b, W c, W* d) -> W { 134| 304|#if defined(BOTAN_MP_USE_X86_64_ASM) 135| 304| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (135:7): [True: 0, Folded] | Branch (135:36): [True: 0, Folded] ------------------ 136| 304| asm(R"( 137| 304| mulq %[b] 138| 304| 139| 304| addq %[c],%[a] 140| 304| adcq $0,%[carry] 141| 304| 142| 304| addq %[d],%[a] 143| 304| adcq $0,%[carry] 144| 304| )" 145| 304| : [a] "=a"(a), [b] "=rm"(b), [carry] "=&d"(*d) 146| 304| : "0"(a), "1"(b), [c] "g"(c), [d] "g"(*d) 147| 304| : "cc"); 148| | 149| 304| return a; 150| 304| } 151| |#elif defined(BOTAN_MP_USE_AARCH64_ASM) 152| | if(std::same_as && !std::is_constant_evaluated()) { 153| | W lo = 0; 154| | W hi = 0; 155| | asm(R"( 156| | mul %[lo], %[a], %[b] 157| | umulh %[hi], %[a], %[b] 158| | adds %[lo], %[lo], %[c] 159| | adc %[hi], %[hi], xzr 160| | adds %[lo], %[lo], %[d] 161| | adc %[hi], %[hi], xzr 162| | )" 163| | : [lo] "=&r"(lo), [hi] "=&r"(hi) 164| | : [a] "r"(a), [b] "r"(b), [c] "r"(c), [d] "r"(*d) 165| | : "cc"); 166| | 167| | *d = hi; 168| | return lo; 169| | } 170| |#endif 171| | 172| 0| typedef typename WordInfo::dword dword; 173| 0| const dword s = dword(a) * b + c + *d; 174| 0| *d = static_cast(s >> WordInfo::bits); 175| 0| return static_cast(s); 176| 304|} _ZN5Botan10word8_add2ITkNS_8WordTypeEmEET_PS1_PKS1_S1_: 268| 1.70k|inline constexpr auto word8_add2(W x[8], const W y[8], W carry) -> W { 269| 1.70k|#if defined(BOTAN_MP_USE_X86_64_ASM) 270| 1.70k| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (270:7): [True: 0, Folded] | Branch (270:36): [True: 0, Folded] ------------------ 271| 1.70k| asm volatile(ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "adcq")) 272| 1.70k| : [carry] "=r"(carry) 273| 1.70k| : [x] "r"(x), [y] "r"(y), "0"(carry) 274| 1.70k| : "cc", "memory"); 275| 1.70k| return carry; 276| 1.70k| } 277| 0|#endif 278| | 279| 0| x[0] = word_add(x[0], y[0], &carry); 280| 0| x[1] = word_add(x[1], y[1], &carry); 281| 0| x[2] = word_add(x[2], y[2], &carry); 282| 0| x[3] = word_add(x[3], y[3], &carry); 283| 0| x[4] = word_add(x[4], y[4], &carry); 284| 0| x[5] = word_add(x[5], y[5], &carry); 285| 0| x[6] = word_add(x[6], y[6], &carry); 286| 0| x[7] = word_add(x[7], y[7], &carry); 287| 0| return carry; 288| 1.70k|} _ZN5Botan10word8_sub2ITkNS_8WordTypeEmEET_PS1_PKS1_S1_: 345| 118|inline constexpr auto word8_sub2(W x[8], const W y[8], W carry) -> W { 346| 118|#if defined(BOTAN_MP_USE_X86_64_ASM) 347| 118| if(std::same_as && !std::is_constant_evaluated()) { ------------------ | Branch (347:7): [True: 0, Folded] | Branch (347:36): [True: 0, Folded] ------------------ 348| 118| asm volatile(ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "sbbq")) 349| 118| : [carry] "=r"(carry) 350| 118| : [x] "r"(x), [y] "r"(y), "0"(carry) 351| 118| : "cc", "memory"); 352| 118| return carry; 353| 118| } 354| 0|#endif 355| | 356| 0| x[0] = word_sub(x[0], y[0], &carry); 357| 0| x[1] = word_sub(x[1], y[1], &carry); 358| 0| x[2] = word_sub(x[2], y[2], &carry); 359| 0| x[3] = word_sub(x[3], y[3], &carry); 360| 0| x[4] = word_sub(x[4], y[4], &carry); 361| 0| x[5] = word_sub(x[5], y[5], &carry); 362| 0| x[6] = word_sub(x[6], y[6], &carry); 363| 0| x[7] = word_sub(x[7], y[7], &carry); 364| 0| return carry; 365| 118|} _ZN5Botan5word3ImEC2Ev: 458| 21.1M| constexpr word3() : m_w(0) {} _ZN5Botan5word3ImE3mulEmm: 460| 567M| inline constexpr void mul(W x, W y) { m_w += static_cast(x) * y; } _ZN5Botan5word3ImE7extractEv: 466| 221M| inline constexpr W extract() { 467| 221M| W r = static_cast(m_w); 468| 221M| m_w >>= WordInfo::bits; 469| 221M| return r; 470| 221M| } _ZN5Botan5word3ImE6mul_x2Emm: 462| 134M| inline constexpr void mul_x2(W x, W y) { m_w += static_cast(x) * y * 2; } _ZN5Botan5word3ImE3addEm: 464| 80.0M| inline constexpr void add(W x) { m_w += x; } _ZN5Botan5word3ImE10monty_stepEmm: 472| 40.0M| inline constexpr W monty_step(W p0, W p_dash) { 473| 40.0M| const W w0 = static_cast(m_w); 474| 40.0M| const W r = w0 * p_dash; 475| 40.0M| mul(r, p0); 476| 40.0M| m_w >>= WordInfo::bits; 477| 40.0M| return r; 478| 40.0M| } _ZN5Botan11bigint_add3ITkNS_8WordTypeEmEET_PS1_PKS1_mS4_m: 120| 12|inline constexpr auto bigint_add3(W z[], const W x[], size_t x_size, const W y[], size_t y_size) -> W { 121| 12| if(x_size < y_size) { ------------------ | Branch (121:7): [True: 0, False: 12] ------------------ 122| 0| return bigint_add3(z, y, y_size, x, x_size); 123| 0| } 124| | 125| 12| W carry = 0; 126| | 127| 12| const size_t blocks = y_size - (y_size % 8); 128| | 129| 16| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (129:22): [True: 4, False: 12] ------------------ 130| 4| carry = word8_add3(z + i, x + i, y + i, carry); 131| 4| } 132| | 133| 54| for(size_t i = blocks; i != y_size; ++i) { ------------------ | Branch (133:27): [True: 42, False: 12] ------------------ 134| 42| z[i] = word_add(x[i], y[i], &carry); 135| 42| } 136| | 137| 12| for(size_t i = y_size; i != x_size; ++i) { ------------------ | Branch (137:27): [True: 0, False: 12] ------------------ 138| 0| z[i] = word_add(x[i], static_cast(0), &carry); 139| 0| } 140| | 141| 12| return carry; 142| 12|} _ZN5Botan10bigint_cmpITkNS_8WordTypeEmEEiPKT_mS3_m: 439| 30.3k|inline constexpr int32_t bigint_cmp(const W x[], size_t x_size, const W y[], size_t y_size) { 440| 30.3k| static_assert(sizeof(W) >= sizeof(uint32_t), "Size assumption"); 441| | 442| 30.3k| const W LT = static_cast(-1); 443| 30.3k| const W EQ = 0; 444| 30.3k| const W GT = 1; 445| | 446| 30.3k| const size_t common_elems = std::min(x_size, y_size); 447| | 448| 30.3k| W result = EQ; // until found otherwise 449| | 450| 239k| for(size_t i = 0; i != common_elems; i++) { ------------------ | Branch (450:22): [True: 209k, False: 30.3k] ------------------ 451| 209k| const auto is_eq = CT::Mask::is_equal(x[i], y[i]); 452| 209k| const auto is_lt = CT::Mask::is_lt(x[i], y[i]); 453| | 454| 209k| result = is_eq.select(result, is_lt.select(LT, GT)); 455| 209k| } 456| | 457| 30.3k| if(x_size < y_size) { ------------------ | Branch (457:7): [True: 3, False: 30.3k] ------------------ 458| 3| W mask = 0; 459| 6| for(size_t i = x_size; i != y_size; i++) { ------------------ | Branch (459:30): [True: 3, False: 3] ------------------ 460| 3| mask |= y[i]; 461| 3| } 462| | 463| | // If any bits were set in high part of y, then x < y 464| 3| result = CT::Mask::is_zero(mask).select(result, LT); 465| 30.3k| } else if(y_size < x_size) { ------------------ | Branch (465:14): [True: 23, False: 30.3k] ------------------ 466| 23| W mask = 0; 467| 71| for(size_t i = y_size; i != x_size; i++) { ------------------ | Branch (467:30): [True: 48, False: 23] ------------------ 468| 48| mask |= x[i]; 469| 48| } 470| | 471| | // If any bits were set in high part of x, then x > y 472| 23| result = CT::Mask::is_zero(mask).select(result, GT); 473| 23| } 474| | 475| 30.3k| CT::unpoison(result); 476| 30.3k| BOTAN_DEBUG_ASSERT(result == LT || result == GT || result == EQ); ------------------ | | 130| 30.3k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 30.3k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 30.3k] | | ------------------ ------------------ 477| 30.3k| return static_cast(result); 478| 30.3k|} _ZN5Botan11bigint_sub3ITkNS_8WordTypeEmEET_PS1_PKS1_mS4_m: 192| 2.50k|inline constexpr auto bigint_sub3(W z[], const W x[], size_t x_size, const W y[], size_t y_size) -> W { 193| 2.50k| W borrow = 0; 194| | 195| 2.50k| BOTAN_ASSERT(x_size >= y_size, "Expected sizes"); ------------------ | | 64| 2.50k| do { \ | | 65| 2.50k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 2.50k| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 2.50k] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 2.50k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 2.50k] | | ------------------ ------------------ 196| | 197| 2.50k| const size_t blocks = y_size - (y_size % 8); 198| | 199| 3.64k| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (199:22): [True: 1.13k, False: 2.50k] ------------------ 200| 1.13k| borrow = word8_sub3(z + i, x + i, y + i, borrow); 201| 1.13k| } 202| | 203| 10.1k| for(size_t i = blocks; i != y_size; ++i) { ------------------ | Branch (203:27): [True: 7.67k, False: 2.50k] ------------------ 204| 7.67k| z[i] = word_sub(x[i], y[i], &borrow); 205| 7.67k| } 206| | 207| 2.64k| for(size_t i = y_size; i != x_size; ++i) { ------------------ | Branch (207:27): [True: 145, False: 2.50k] ------------------ 208| 145| z[i] = word_sub(x[i], static_cast(0), &borrow); 209| 145| } 210| | 211| 2.50k| return borrow; 212| 2.50k|} _ZN5Botan14bigint_linmul3ITkNS_8WordTypeEmEEvPT_PKS1_mS1_: 416| 84|inline constexpr void bigint_linmul3(W z[], const W x[], size_t x_size, W y) { 417| 84| const size_t blocks = x_size - (x_size % 8); 418| | 419| 84| W carry = 0; 420| | 421| 135| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (421:22): [True: 51, False: 84] ------------------ 422| 51| carry = word8_linmul3(z + i, x + i, y, carry); 423| 51| } 424| | 425| 427| for(size_t i = blocks; i != x_size; ++i) { ------------------ | Branch (425:27): [True: 343, False: 84] ------------------ 426| 343| z[i] = word_madd2(x[i], y, &carry); 427| 343| } 428| | 429| 84| z[x_size] = carry; 430| 84|} _ZN5Botan14divide_precompImEC2Em: 574| 18| explicit constexpr divide_precomp(W divisor) : m_divisor(divisor) { 575| 18| BOTAN_ARG_CHECK(m_divisor != 0, "Division by zero"); ------------------ | | 35| 18| do { \ | | 36| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 18| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 18] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18] | | ------------------ ------------------ 576| 18| } _ZNK5Botan14divide_precompImE16vartime_div_2to1Emm: 581| 129| inline constexpr W vartime_div_2to1(W n1, W n0) const { 582| 129| BOTAN_ASSERT_NOMSG(n1 < m_divisor); ------------------ | | 77| 129| do { \ | | 78| 129| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 129| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 129] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 129| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 129] | | ------------------ ------------------ 583| | 584| 129| if(m_divisor == WordInfo::max) { ------------------ | Branch (584:13): [True: 51, False: 78] ------------------ 585| 51| return vartime_div_2to1_max_d(n1, n0); 586| 51| } 587| | 588| 78| if(m_divisor == WordInfo::top_bit) { ------------------ | Branch (588:13): [True: 0, False: 78] ------------------ 589| | // Simply a shift by N-1 bits 590| 0| return (n1 << 1) | (n0 >> (WordInfo::bits - 1)); 591| 0| } 592| | 593| 78| if(!std::is_constant_evaluated()) { ------------------ | Branch (593:13): [True: 78, Folded] ------------------ 594| 78|#if defined(BOTAN_MP_USE_X86_64_ASM) 595| 78| if constexpr(std::same_as) { 596| 78| W quotient = 0; 597| 78| W remainder = 0; 598| | // NOLINTNEXTLINE(*-no-assembler) 599| 78| asm("divq %[v]" : "=a"(quotient), "=d"(remainder) : [v] "r"(m_divisor), "a"(n0), "d"(n1) : "cc"); 600| 78| return quotient; 601| 78| } 602| 0|#endif 603| | 604| 0|#if !defined(BOTAN_BUILD_COMPILER_IS_CLANGCL) 605| | 606| | /* clang-cl has a bug where on encountering a 128/64 division it emits 607| | * a call to __udivti3() but then fails to link the relevant builtin into 608| | * the binary, causing a link failure. Work around this by simply omitting 609| | * such code for clang-cl 610| | * 611| | * See https://github.com/llvm/llvm-project/issues/25679 612| | */ 613| 78| if constexpr(WordInfo::dword_is_native) { 614| 78| typename WordInfo::dword n = n1; 615| 78| n <<= WordInfo::bits; 616| 78| n |= n0; 617| 78| return static_cast(n / m_divisor); 618| 78| } 619| 78|#endif 620| 78| } 621| | 622| 0| W high = n1; 623| 78| W quotient = 0; 624| | 625| 78| for(size_t i = 0; i != WordInfo::bits; ++i) { ------------------ | Branch (625:28): [True: 0, False: 78] ------------------ 626| 0| const W high_top_bit = high >> (WordInfo::bits - 1); 627| | 628| 0| high <<= 1; 629| 0| high |= (n0 >> (WordInfo::bits - 1 - i)) & 1; 630| 0| quotient <<= 1; 631| | 632| 0| if(high_top_bit || high >= m_divisor) { ------------------ | Branch (632:16): [True: 0, False: 0] | Branch (632:32): [True: 0, False: 0] ------------------ 633| 0| high -= m_divisor; 634| 0| quotient |= 1; 635| 0| } 636| 0| } 637| | 638| 78| return quotient; 639| 78| } _ZN5Botan14divide_precompImE22vartime_div_2to1_max_dEmm: 657| 51| static inline constexpr W vartime_div_2to1_max_d(W n1, W n0) { 658| | /* 659| | Use k to refer to WordInfo::bits 660| | 661| | We are dividing n = (n1 * 2^k) + n0 by 2^k - 1 662| | 663| | Recall that 2^k = 1 (mod 2^k - 1) 664| | 665| | Rewrite n = n1*2^k + n0 as n1*(2^k - 1) + n1 + n0 666| | 667| | The result of dividing n by (2^k - 1) will be equal to 668| | (n1*(2^k-1) + n1 + n0) / (2^k-1) = 669| | n1 + ((n1 + n0) / (2^k-1) 670| | 671| | Use c to refer to ((n1 + n0) / (2^k-1)) 672| | 673| | If (n1 + n0) < (2^k - 1) then c is 0 674| | If (n1 + n0) >= (2^k - 1) then c is 1 675| | 676| | Since n1 < 2^k - 1 [*] and n0 <= 2^k - 1 it is impossible for (n1 + n0) / (2^k -1) 677| | to be greater than 1. 678| | 679| | [*] We require n1 be strictly less than the divisor to ensure that the 680| | output fits in a single word; this is checked at the start of vartime_div_2to1. 681| | */ 682| | 683| 51| const W s = n0 + n1; 684| | // did n0 + n1 overflow? or does (n0 + n1) == 2^k - 1? if either, c == 1 685| 51| if(s < n0 || s == WordInfo::max) { ------------------ | Branch (685:13): [True: 5, False: 46] | Branch (685:23): [True: 0, False: 46] ------------------ 686| 5| n1 += 1; 687| 5| } 688| | 689| 51| return n1; 690| 51| } _ZN5Botan11bigint_shl2ITkNS_8WordTypeEmEEvPT_mPKS1_mm: 355| 18|inline constexpr void bigint_shl2(W y[], size_t y_size, const W x[], size_t x_size, size_t shift) { 356| 18| const size_t word_shift = shift / WordInfo::bits; 357| 18| const size_t bit_shift = shift % WordInfo::bits; 358| | 359| 18| BOTAN_ASSERT_NOMSG(word_shift <= y_size); ------------------ | | 77| 18| do { \ | | 78| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 18| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 18] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 18| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 18] | | ------------------ ------------------ 360| 18| BOTAN_ASSERT_NOMSG(x_size < y_size - word_shift); ------------------ | | 77| 18| do { \ | | 78| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 18| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 18] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 18| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 18] | | ------------------ ------------------ 361| | 362| 18| unchecked_copy_memory(y + word_shift, x, x_size); 363| 18| zeroize_buffer(y, word_shift); 364| 18| zeroize_buffer(y + word_shift + x_size, y_size - word_shift - x_size); 365| | 366| 18| const auto carry_mask = CT::Mask::expand(bit_shift); 367| 18| const W carry_shift = carry_mask.if_set_return(WordInfo::bits - bit_shift); 368| | 369| 18| W carry = 0; 370| 147| for(size_t i = word_shift; i != x_size + word_shift + 1; ++i) { ------------------ | Branch (370:31): [True: 129, False: 18] ------------------ 371| 129| const W w = y[i]; 372| 129| y[i] = (w << bit_shift) | carry; 373| 129| carry = carry_mask.if_set_return(w >> carry_shift); 374| 129| } 375| 18|} _ZN5Botan17bigint_monty_redcEPmPKmS2_mmS0_m: 924| 23.8k| word r[], const word z[], const word p[], size_t p_size, word p_dash, word ws[], size_t ws_size) { 925| 23.8k| const size_t z_size = 2 * p_size; 926| | 927| 23.8k| BOTAN_ARG_CHECK(ws_size >= p_size, "Montgomery reduction workspace too small"); ------------------ | | 35| 23.8k| do { \ | | 36| 23.8k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 23.8k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 23.8k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 23.8k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 23.8k] | | ------------------ ------------------ 928| | 929| 23.8k| if(p_size == 4) { ------------------ | Branch (929:7): [True: 18.4k, False: 5.41k] ------------------ 930| 18.4k| bigint_monty_redc_4(r, z, p, p_dash, ws); 931| 18.4k| } else if(p_size == 6) { ------------------ | Branch (931:14): [True: 2.94k, False: 2.46k] ------------------ 932| 2.94k| bigint_monty_redc_6(r, z, p, p_dash, ws); 933| 2.94k| } else if(p_size == 8) { ------------------ | Branch (933:14): [True: 1.10k, False: 1.36k] ------------------ 934| 1.10k| bigint_monty_redc_8(r, z, p, p_dash, ws); 935| 1.36k| } else if(p_size == 12) { ------------------ | Branch (935:14): [True: 0, False: 1.36k] ------------------ 936| 0| bigint_monty_redc_12(r, z, p, p_dash, ws); 937| 1.36k| } else if(p_size == 16) { ------------------ | Branch (937:14): [True: 0, False: 1.36k] ------------------ 938| 0| bigint_monty_redc_16(r, z, p, p_dash, ws); 939| 1.36k| } else if(p_size == 24) { ------------------ | Branch (939:14): [True: 0, False: 1.36k] ------------------ 940| 0| bigint_monty_redc_24(r, z, p, p_dash, ws); 941| 1.36k| } else if(p_size == 32) { ------------------ | Branch (941:14): [True: 0, False: 1.36k] ------------------ 942| 0| bigint_monty_redc_32(r, z, p, p_dash, ws); 943| 1.36k| } else { 944| 1.36k| bigint_monty_redc_generic(r, z, z_size, p, p_size, p_dash, ws); 945| 1.36k| } 946| 23.8k|} _ZN5Botan25bigint_monty_redc_inplaceEPmPKmmmS0_m: 948| 23.8k|inline void bigint_monty_redc_inplace(word z[], const word p[], size_t p_size, word p_dash, word ws[], size_t ws_size) { 949| 23.8k| bigint_monty_redc(z, z, p, p_size, p_dash, ws, ws_size); 950| 23.8k| zeroize_buffer(z + p_size, p_size); 951| 23.8k|} _ZN5Botan15bigint_ct_is_eqITkNS_8WordTypeEmEENS_2CT4MaskIT_EEPKS3_mS6_m: 519| 12|inline constexpr auto bigint_ct_is_eq(const W x[], size_t x_size, const W y[], size_t y_size) -> CT::Mask { 520| 12| const size_t common_elems = std::min(x_size, y_size); 521| | 522| 12| W diff = 0; 523| | 524| 166| for(size_t i = 0; i != common_elems; i++) { ------------------ | Branch (524:22): [True: 154, False: 12] ------------------ 525| 154| diff |= (x[i] ^ y[i]); 526| 154| } 527| | 528| | // If any bits were set in high part of x/y, then they are not equal 529| 12| if(x_size < y_size) { ------------------ | Branch (529:7): [True: 1, False: 11] ------------------ 530| 9| for(size_t i = x_size; i != y_size; i++) { ------------------ | Branch (530:30): [True: 8, False: 1] ------------------ 531| 8| diff |= y[i]; 532| 8| } 533| 11| } else if(y_size < x_size) { ------------------ | Branch (533:14): [True: 0, False: 11] ------------------ 534| 0| for(size_t i = y_size; i != x_size; i++) { ------------------ | Branch (534:30): [True: 0, False: 0] ------------------ 535| 0| diff |= x[i]; 536| 0| } 537| 0| } 538| | 539| 12| return CT::Mask::is_zero(diff); 540| 12|} _ZN5Botan15bigint_ct_is_ltITkNS_8WordTypeEmEENS_2CT4MaskIT_EEPKS3_mS6_mb: 487| 56.6k| -> CT::Mask { 488| 56.6k| const size_t common_elems = std::min(x_size, y_size); 489| | 490| 56.6k| auto is_lt = CT::Mask::expand(lt_or_equal); 491| | 492| 343k| for(size_t i = 0; i != common_elems; i++) { ------------------ | Branch (492:22): [True: 287k, False: 56.6k] ------------------ 493| 287k| const auto eq = CT::Mask::is_equal(x[i], y[i]); 494| 287k| const auto lt = CT::Mask::is_lt(x[i], y[i]); 495| 287k| is_lt = eq.select_mask(is_lt, lt); 496| 287k| } 497| | 498| 56.6k| if(x_size < y_size) { ------------------ | Branch (498:7): [True: 0, False: 56.6k] ------------------ 499| 0| W mask = 0; 500| 0| for(size_t i = x_size; i != y_size; i++) { ------------------ | Branch (500:30): [True: 0, False: 0] ------------------ 501| 0| mask |= y[i]; 502| 0| } 503| | // If any bits were set in high part of y, then is_lt should be forced true 504| 0| is_lt |= CT::Mask::expand(mask); 505| 56.6k| } else if(y_size < x_size) { ------------------ | Branch (505:14): [True: 49, False: 56.5k] ------------------ 506| 49| W mask = 0; 507| 388| for(size_t i = y_size; i != x_size; i++) { ------------------ | Branch (507:30): [True: 339, False: 49] ------------------ 508| 339| mask |= x[i]; 509| 339| } 510| | 511| | // If any bits were set in high part of x, then is_lt should be false 512| 49| is_lt &= CT::Mask::is_zero(mask); 513| 49| } 514| | 515| 56.6k| return is_lt; 516| 56.6k|} _ZN5Botan11bigint_shl1ITkNS_8WordTypeEmEEvPT_mmm: 309| 3|inline constexpr void bigint_shl1(W x[], size_t x_size, size_t x_words, size_t shift) { 310| 3| const size_t word_shift = shift / WordInfo::bits; 311| 3| const size_t bit_shift = shift % WordInfo::bits; 312| | 313| 3| BOTAN_ASSERT_NOMSG(word_shift <= x_size); ------------------ | | 77| 3| do { \ | | 78| 3| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 3| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 3] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 3| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 3] | | ------------------ ------------------ 314| 3| BOTAN_ASSERT_NOMSG(x_words <= x_size - word_shift); ------------------ | | 77| 3| do { \ | | 78| 3| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 3| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 3] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 3| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 3] | | ------------------ ------------------ 315| | 316| 3| unchecked_copy_memory(x + word_shift, x, x_words); 317| 3| zeroize_buffer(x, word_shift); 318| | 319| 3| const auto carry_mask = CT::Mask::expand(bit_shift); 320| 3| const W carry_shift = carry_mask.if_set_return(WordInfo::bits - bit_shift); 321| | 322| 3| W carry = 0; 323| 33| for(size_t i = word_shift; i != x_size; ++i) { ------------------ | Branch (323:31): [True: 30, False: 3] ------------------ 324| 30| const W w = x[i]; 325| 30| x[i] = (w << bit_shift) | carry; 326| 30| carry = carry_mask.if_set_return(w >> carry_shift); 327| 30| } 328| 3|} _ZN5Botan14bigint_sub_absITkNS_8WordTypeEmEENS_2CT4MaskIT_EEPS3_PKS3_S7_mS5_: 279| 48|inline constexpr auto bigint_sub_abs(W z[], const W x[], const W y[], size_t N, W ws[]) -> CT::Mask { 280| | // Subtract in both direction then conditional copy out the result 281| | 282| 48| W* ws0 = ws; 283| 48| W* ws1 = ws + N; 284| | 285| 48| W borrow0 = 0; 286| 48| W borrow1 = 0; 287| | 288| 48| const size_t blocks = N - (N % 8); 289| | 290| 64| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (290:22): [True: 16, False: 48] ------------------ 291| 16| borrow0 = word8_sub3(ws0 + i, x + i, y + i, borrow0); 292| 16| borrow1 = word8_sub3(ws1 + i, y + i, x + i, borrow1); 293| 16| } 294| | 295| 264| for(size_t i = blocks; i != N; ++i) { ------------------ | Branch (295:27): [True: 216, False: 48] ------------------ 296| 216| ws0[i] = word_sub(x[i], y[i], &borrow0); 297| 216| ws1[i] = word_sub(y[i], x[i], &borrow1); 298| 216| } 299| | 300| 48| return CT::conditional_copy_mem(borrow0, z, ws1, ws0, N); 301| 48|} _ZN5Botan11bigint_add2ITkNS_8WordTypeEmEET_PS1_mPKS1_m: 94| 6.21k|inline constexpr auto bigint_add2(W x[], size_t x_size, const W y[], size_t y_size) -> W { 95| 6.21k| W carry = 0; 96| | 97| 6.21k| BOTAN_ASSERT(x_size >= y_size, "Expected sizes"); ------------------ | | 64| 6.21k| do { \ | | 65| 6.21k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 6.21k| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 6.21k] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 6.21k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 6.21k] | | ------------------ ------------------ 98| | 99| 6.21k| const size_t blocks = y_size - (y_size % 8); 100| | 101| 7.91k| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (101:22): [True: 1.70k, False: 6.21k] ------------------ 102| 1.70k| carry = word8_add2(x + i, y + i, carry); 103| 1.70k| } 104| | 105| 29.0k| for(size_t i = blocks; i != y_size; ++i) { ------------------ | Branch (105:27): [True: 22.8k, False: 6.21k] ------------------ 106| 22.8k| x[i] = word_add(x[i], y[i], &carry); 107| 22.8k| } 108| | 109| 34.2k| for(size_t i = y_size; i != x_size; ++i) { ------------------ | Branch (109:27): [True: 28.0k, False: 6.21k] ------------------ 110| 28.0k| x[i] = word_add(x[i], static_cast(0), &carry); 111| 28.0k| } 112| | 113| 6.21k| return carry; 114| 6.21k|} _ZN5Botan11bigint_sub2ITkNS_8WordTypeEmEET_PS1_mPKS1_m: 148| 149|inline constexpr auto bigint_sub2(W x[], size_t x_size, const W y[], size_t y_size) -> W { 149| 149| W borrow = 0; 150| | 151| 149| BOTAN_ASSERT(x_size >= y_size, "Expected sizes"); ------------------ | | 64| 149| do { \ | | 65| 149| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 149| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 149] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 149| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 149] | | ------------------ ------------------ 152| | 153| 149| const size_t blocks = y_size - (y_size % 8); 154| | 155| 267| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (155:22): [True: 118, False: 149] ------------------ 156| 118| borrow = word8_sub2(x + i, y + i, borrow); 157| 118| } 158| | 159| 616| for(size_t i = blocks; i != y_size; ++i) { ------------------ | Branch (159:27): [True: 467, False: 149] ------------------ 160| 467| x[i] = word_sub(x[i], y[i], &borrow); 161| 467| } 162| | 163| 166| for(size_t i = y_size; i != x_size; ++i) { ------------------ | Branch (163:27): [True: 17, False: 149] ------------------ 164| 17| x[i] = word_sub(x[i], static_cast(0), &borrow); 165| 17| } 166| | 167| 149| return borrow; 168| 149|} _ZN5Botan11bigint_shr1ITkNS_8WordTypeEmEEvPT_mm: 331| 129|inline constexpr void bigint_shr1(W x[], size_t x_size, size_t shift) { 332| 129| const size_t word_shift = shift / WordInfo::bits; 333| 129| const size_t bit_shift = shift % WordInfo::bits; 334| | 335| 129| const size_t top = x_size >= word_shift ? (x_size - word_shift) : 0; ------------------ | Branch (335:23): [True: 129, False: 0] ------------------ 336| | 337| 129| if(top > 0) { ------------------ | Branch (337:7): [True: 129, False: 0] ------------------ 338| 129| unchecked_copy_memory(x, x + word_shift, top); 339| 129| } 340| 129| zeroize_buffer(x + top, std::min(word_shift, x_size)); 341| | 342| 129| const auto carry_mask = CT::Mask::expand(bit_shift); 343| 129| const W carry_shift = carry_mask.if_set_return(WordInfo::bits - bit_shift); 344| | 345| 129| W carry = 0; 346| | 347| 2.52k| for(size_t i = 0; i != top; ++i) { ------------------ | Branch (347:22): [True: 2.39k, False: 129] ------------------ 348| 2.39k| const W w = x[top - i - 1]; 349| 2.39k| x[top - i - 1] = (w >> bit_shift) | carry; 350| 2.39k| carry = carry_mask.if_set_return(w << carry_shift); 351| 2.39k| } 352| 129|} _ZN5Botan13monty_inverseITkNS_8WordTypeEmEET_S1_: 703| 6|inline constexpr auto monty_inverse(W a) -> W { 704| 6| BOTAN_ARG_CHECK(a % 2 == 1, "Cannot compute Montgomery inverse of an even integer"); ------------------ | | 35| 6| do { \ | | 36| 6| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 6| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 6] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 6| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 6] | | ------------------ ------------------ 705| | 706| | // Newton's Method, following https://lemire.me/blog/2017/09/18/computing-the-inverse-of-odd-integers/ 707| | 708| 6| constexpr size_t iter = WordInfo::bits == 64 ? 4 : 3; ------------------ | Branch (708:28): [True: 0, Folded] ------------------ 709| | 710| | // Initial guess provides 5 bits of accuracy 711| 6| W r = (3 * a) ^ 2; 712| | 713| | // Each iteration doubles the accuracy 714| 30| for(size_t i = 0; i != iter; ++i) { ------------------ | Branch (714:22): [True: 24, False: 6] ------------------ 715| 24| r = r * (2 - r * a); 716| 24| } 717| | 718| | // Now invert in addition space 719| 6| r = (WordInfo::max - r) + 1; 720| | 721| 6| return r; 722| 6|} _ZN5Botan22bigint_monty_maybe_subITkNS_8WordTypeEmEEvmPT_S1_PKS1_S4_: 225| 1.36k|inline constexpr void bigint_monty_maybe_sub(size_t N, W z[], W x0, const W x[], const W p[]) { 226| 1.36k| W borrow = 0; 227| | 228| 1.36k| const size_t blocks = N - (N % 8); 229| | 230| 2.72k| for(size_t i = 0; i != blocks; i += 8) { ------------------ | Branch (230:22): [True: 1.36k, False: 1.36k] ------------------ 231| 1.36k| borrow = word8_sub3(z + i, x + i, p + i, borrow); 232| 1.36k| } 233| | 234| 2.72k| for(size_t i = blocks; i != N; ++i) { ------------------ | Branch (234:27): [True: 1.36k, False: 1.36k] ------------------ 235| 1.36k| z[i] = word_sub(x[i], p[i], &borrow); 236| 1.36k| } 237| | 238| 1.36k| borrow = (x0 - borrow) > x0; 239| | 240| 1.36k| CT::conditional_assign_mem(borrow, z, x, N); 241| 1.36k|} _ZN5Botan9comba_sqrILm4ETkNS_8WordTypeEmEEvPT0_PKS1_: 854| 2.64M|constexpr inline void comba_sqr(W z[2 * N], const W x[N]) { 855| 2.64M| if(!std::is_constant_evaluated()) { ------------------ | Branch (855:7): [True: 2.64M, Folded] ------------------ 856| 2.64M| if constexpr(std::same_as && N == 4) { 857| 2.64M| return bigint_comba_sqr4(z, x); 858| 2.64M| } 859| | if constexpr(std::same_as && N == 6) { 860| | return bigint_comba_sqr6(z, x); 861| | } 862| | if constexpr(std::same_as && N == 7) { 863| | return bigint_comba_sqr7(z, x); 864| | } 865| | if constexpr(std::same_as && N == 8) { 866| | return bigint_comba_sqr8(z, x); 867| | } 868| | if constexpr(std::same_as && N == 9) { 869| | return bigint_comba_sqr9(z, x); 870| | } 871| | if constexpr(std::same_as && N == 16) { 872| | return bigint_comba_sqr16(z, x); 873| | } 874| 2.64M| } 875| | 876| 0| word3 accum; 877| | 878| 2.64M| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (878:22): [True: 0, False: 2.64M] ------------------ 879| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (879:28): [True: 0, False: 0] ------------------ 880| 0| const size_t end = std::min(N, i + 1); 881| | 882| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (882:29): [True: 0, False: 0] ------------------ 883| 0| accum.mul(x[j], x[i - j]); 884| 0| } 885| 0| z[i] = accum.extract(); 886| 0| } 887| 2.64M|} _ZN5Botan22bigint_monty_maybe_subILm4ETkNS_8WordTypeEmEEvPT0_S1_PKS1_S4_: 254| 4.59M|inline constexpr void bigint_monty_maybe_sub(W z[N], W x0, const W x[N], const W y[N]) { 255| 4.59M| W borrow = 0; 256| | 257| 22.9M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (257:22): [True: 18.3M, False: 4.59M] ------------------ 258| 18.3M| z[i] = word_sub(x[i], y[i], &borrow); 259| 18.3M| } 260| | 261| 4.59M| borrow = (x0 - borrow) > x0; 262| | 263| 4.59M| CT::conditional_assign_mem(borrow, z, x, N); 264| 4.59M|} _ZN5Botan9comba_mulILm4ETkNS_8WordTypeEmEEvPT0_PKS1_S4_: 818| 2.37M|constexpr inline void comba_mul(W z[2 * N], const W x[N], const W y[N]) { 819| 2.37M| if(!std::is_constant_evaluated()) { ------------------ | Branch (819:7): [True: 2.37M, Folded] ------------------ 820| 2.37M| if constexpr(std::same_as && N == 4) { 821| 2.37M| return bigint_comba_mul4(z, x, y); 822| 2.37M| } 823| | if constexpr(std::same_as && N == 6) { 824| | return bigint_comba_mul6(z, x, y); 825| | } 826| | if constexpr(std::same_as && N == 7) { 827| | return bigint_comba_mul7(z, x, y); 828| | } 829| | if constexpr(std::same_as && N == 8) { 830| | return bigint_comba_mul8(z, x, y); 831| | } 832| | if constexpr(std::same_as && N == 9) { 833| | return bigint_comba_mul9(z, x, y); 834| | } 835| | if constexpr(std::same_as && N == 16) { 836| | return bigint_comba_mul16(z, x, y); 837| | } 838| 2.37M| } 839| | 840| 0| word3 accum; 841| | 842| 2.37M| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (842:22): [True: 0, False: 2.37M] ------------------ 843| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (843:28): [True: 0, False: 0] ------------------ 844| 0| const size_t end = std::min(N, i + 1); 845| | 846| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (846:29): [True: 0, False: 0] ------------------ 847| 0| accum.mul(x[j], y[i - j]); 848| 0| } 849| 0| z[i] = accum.extract(); 850| 0| } 851| 2.37M|} _ZN5Botan10shift_leftILm1ETkNS_8WordTypeEmLm4EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 907k|inline constexpr W shift_left(std::array& x) { 726| 907k| static_assert(N >= 1, "Invalid input size"); 727| 907k| static_assert(S > 0, "Zero shift not supported"); 728| 907k| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 907k| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 3.62M| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 2.72M, False: 907k] ------------------ 733| 2.72M| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 2.72M| } 735| 907k| x[0] <<= S; 736| | 737| 907k| return carry; 738| 907k|} _ZN5Botan16read_window_bitsILm4EmLm4EEEmNSt3__14spanIKT0_XT1_EEEm: 1071| 154k|constexpr size_t read_window_bits(std::span words, size_t offset) { 1072| 154k| static_assert(WindowBits >= 1 && WindowBits <= 7); 1073| | 1074| 154k| constexpr uint8_t WindowMask = static_cast(1 << WindowBits) - 1; 1075| | 1076| 154k| constexpr size_t W_bits = sizeof(W) * 8; 1077| 154k| const auto bit_shift = offset % W_bits; 1078| 154k| const auto word_offset = words.size() - 1 - (offset / W_bits); 1079| | 1080| 154k| const bool single_byte_window = bit_shift <= (W_bits - WindowBits) || word_offset == 0; ------------------ | Branch (1080:36): [True: 154k, False: 0] | Branch (1080:74): [True: 0, False: 0] ------------------ 1081| | 1082| 154k| const auto w0 = words[word_offset]; 1083| | 1084| 154k| if(single_byte_window) { ------------------ | Branch (1084:7): [True: 154k, False: 0] ------------------ 1085| 154k| return (w0 >> bit_shift) & WindowMask; 1086| 154k| } else { 1087| | // Otherwise we must join two words and extract the result 1088| 0| const auto w1 = words[word_offset - 1]; 1089| 0| const auto combined = ((w0 >> bit_shift) | (w1 << (W_bits - bit_shift))); 1090| 0| return combined & WindowMask; 1091| 0| } 1092| 154k|} _ZN5Botan11shift_rightILm1ETkNS_8WordTypeEmLm4EEET0_RNSt3__15arrayIS1_XT1_EEE: 741| 53.6k|inline constexpr W shift_right(std::array& x) { 742| 53.6k| static_assert(N >= 1, "Invalid input size"); 743| 53.6k| static_assert(S > 0, "Zero shift not supported"); 744| 53.6k| static_assert(S < WordInfo::bits, "Shift too large"); 745| | 746| 53.6k| const W carry = x[0] << (WordInfo::bits - S); 747| | 748| 214k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (748:22): [True: 161k, False: 53.6k] ------------------ 749| 161k| x[i] = (x[i] >> S) | (x[i + 1] << (WordInfo::bits - S)); 750| 161k| } 751| 53.6k| x[N - 1] >>= S; 752| | 753| 53.6k| return carry; 754| 53.6k|} _ZN5Botan16read_window_bitsILm7EhLm18446744073709551615EEEmNSt3__14spanIKT0_XT1_EEEm: 1071| 214k|constexpr size_t read_window_bits(std::span words, size_t offset) { 1072| 214k| static_assert(WindowBits >= 1 && WindowBits <= 7); 1073| | 1074| 214k| constexpr uint8_t WindowMask = static_cast(1 << WindowBits) - 1; 1075| | 1076| 214k| constexpr size_t W_bits = sizeof(W) * 8; 1077| 214k| const auto bit_shift = offset % W_bits; 1078| 214k| const auto word_offset = words.size() - 1 - (offset / W_bits); 1079| | 1080| 214k| const bool single_byte_window = bit_shift <= (W_bits - WindowBits) || word_offset == 0; ------------------ | Branch (1080:36): [True: 55.9k, False: 158k] | Branch (1080:74): [True: 0, False: 158k] ------------------ 1081| | 1082| 214k| const auto w0 = words[word_offset]; 1083| | 1084| 214k| if(single_byte_window) { ------------------ | Branch (1084:7): [True: 55.9k, False: 158k] ------------------ 1085| 55.9k| return (w0 >> bit_shift) & WindowMask; 1086| 158k| } else { 1087| | // Otherwise we must join two words and extract the result 1088| 158k| const auto w1 = words[word_offset - 1]; 1089| 158k| const auto combined = ((w0 >> bit_shift) | (w1 << (W_bits - bit_shift))); 1090| 158k| return combined & WindowMask; 1091| 158k| } 1092| 214k|} _ZN5Botan16read_window_bitsILm6EhLm18446744073709551615EEEmNSt3__14spanIKT0_XT1_EEEm: 1071| 141k|constexpr size_t read_window_bits(std::span words, size_t offset) { 1072| 141k| static_assert(WindowBits >= 1 && WindowBits <= 7); 1073| | 1074| 141k| constexpr uint8_t WindowMask = static_cast(1 << WindowBits) - 1; 1075| | 1076| 141k| constexpr size_t W_bits = sizeof(W) * 8; 1077| 141k| const auto bit_shift = offset % W_bits; 1078| 141k| const auto word_offset = words.size() - 1 - (offset / W_bits); 1079| | 1080| 141k| const bool single_byte_window = bit_shift <= (W_bits - WindowBits) || word_offset == 0; ------------------ | Branch (1080:36): [True: 53.5k, False: 87.6k] | Branch (1080:74): [True: 0, False: 87.6k] ------------------ 1081| | 1082| 141k| const auto w0 = words[word_offset]; 1083| | 1084| 141k| if(single_byte_window) { ------------------ | Branch (1084:7): [True: 53.5k, False: 87.6k] ------------------ 1085| 53.5k| return (w0 >> bit_shift) & WindowMask; 1086| 87.6k| } else { 1087| | // Otherwise we must join two words and extract the result 1088| 87.6k| const auto w1 = words[word_offset - 1]; 1089| 87.6k| const auto combined = ((w0 >> bit_shift) | (w1 << (W_bits - bit_shift))); 1090| 87.6k| return combined & WindowMask; 1091| 87.6k| } 1092| 141k|} _ZN5Botan9comba_sqrILm6ETkNS_8WordTypeEmEEvPT0_PKS1_: 854| 2.28M|constexpr inline void comba_sqr(W z[2 * N], const W x[N]) { 855| 2.28M| if(!std::is_constant_evaluated()) { ------------------ | Branch (855:7): [True: 2.28M, Folded] ------------------ 856| | if constexpr(std::same_as && N == 4) { 857| | return bigint_comba_sqr4(z, x); 858| | } 859| 2.28M| if constexpr(std::same_as && N == 6) { 860| 2.28M| return bigint_comba_sqr6(z, x); 861| 2.28M| } 862| | if constexpr(std::same_as && N == 7) { 863| | return bigint_comba_sqr7(z, x); 864| | } 865| | if constexpr(std::same_as && N == 8) { 866| | return bigint_comba_sqr8(z, x); 867| | } 868| | if constexpr(std::same_as && N == 9) { 869| | return bigint_comba_sqr9(z, x); 870| | } 871| | if constexpr(std::same_as && N == 16) { 872| | return bigint_comba_sqr16(z, x); 873| | } 874| 2.28M| } 875| | 876| 0| word3 accum; 877| | 878| 2.28M| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (878:22): [True: 0, False: 2.28M] ------------------ 879| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (879:28): [True: 0, False: 0] ------------------ 880| 0| const size_t end = std::min(N, i + 1); 881| | 882| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (882:29): [True: 0, False: 0] ------------------ 883| 0| accum.mul(x[j], x[i - j]); 884| 0| } 885| 0| z[i] = accum.extract(); 886| 0| } 887| 2.28M|} _ZN5Botan22bigint_monty_maybe_subILm6ETkNS_8WordTypeEmEEvPT0_S1_PKS1_S4_: 254| 3.02M|inline constexpr void bigint_monty_maybe_sub(W z[N], W x0, const W x[N], const W y[N]) { 255| 3.02M| W borrow = 0; 256| | 257| 21.1M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (257:22): [True: 18.1M, False: 3.02M] ------------------ 258| 18.1M| z[i] = word_sub(x[i], y[i], &borrow); 259| 18.1M| } 260| | 261| 3.02M| borrow = (x0 - borrow) > x0; 262| | 263| 3.02M| CT::conditional_assign_mem(borrow, z, x, N); 264| 3.02M|} _ZN5Botan9comba_mulILm6ETkNS_8WordTypeEmEEvPT0_PKS1_S4_: 818| 2.00M|constexpr inline void comba_mul(W z[2 * N], const W x[N], const W y[N]) { 819| 2.00M| if(!std::is_constant_evaluated()) { ------------------ | Branch (819:7): [True: 2.00M, Folded] ------------------ 820| | if constexpr(std::same_as && N == 4) { 821| | return bigint_comba_mul4(z, x, y); 822| | } 823| 2.00M| if constexpr(std::same_as && N == 6) { 824| 2.00M| return bigint_comba_mul6(z, x, y); 825| 2.00M| } 826| | if constexpr(std::same_as && N == 7) { 827| | return bigint_comba_mul7(z, x, y); 828| | } 829| | if constexpr(std::same_as && N == 8) { 830| | return bigint_comba_mul8(z, x, y); 831| | } 832| | if constexpr(std::same_as && N == 9) { 833| | return bigint_comba_mul9(z, x, y); 834| | } 835| | if constexpr(std::same_as && N == 16) { 836| | return bigint_comba_mul16(z, x, y); 837| | } 838| 2.00M| } 839| | 840| 0| word3 accum; 841| | 842| 2.00M| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (842:22): [True: 0, False: 2.00M] ------------------ 843| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (843:28): [True: 0, False: 0] ------------------ 844| 0| const size_t end = std::min(N, i + 1); 845| | 846| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (846:29): [True: 0, False: 0] ------------------ 847| 0| accum.mul(x[j], y[i - j]); 848| 0| } 849| 0| z[i] = accum.extract(); 850| 0| } 851| 2.00M|} _ZN5Botan10shift_leftILm1ETkNS_8WordTypeEmLm6EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 711k|inline constexpr W shift_left(std::array& x) { 726| 711k| static_assert(N >= 1, "Invalid input size"); 727| 711k| static_assert(S > 0, "Zero shift not supported"); 728| 711k| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 711k| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 4.26M| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 3.55M, False: 711k] ------------------ 733| 3.55M| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 3.55M| } 735| 711k| x[0] <<= S; 736| | 737| 711k| return carry; 738| 711k|} _ZN5Botan16read_window_bitsILm5EmLm6EEEmNSt3__14spanIKT0_XT1_EEEm: 1071| 85.0k|constexpr size_t read_window_bits(std::span words, size_t offset) { 1072| 85.0k| static_assert(WindowBits >= 1 && WindowBits <= 7); 1073| | 1074| 85.0k| constexpr uint8_t WindowMask = static_cast(1 << WindowBits) - 1; 1075| | 1076| 85.0k| constexpr size_t W_bits = sizeof(W) * 8; 1077| 85.0k| const auto bit_shift = offset % W_bits; 1078| 85.0k| const auto word_offset = words.size() - 1 - (offset / W_bits); 1079| | 1080| 85.0k| const bool single_byte_window = bit_shift <= (W_bits - WindowBits) || word_offset == 0; ------------------ | Branch (1080:36): [True: 79.5k, False: 5.52k] | Branch (1080:74): [True: 1.10k, False: 4.42k] ------------------ 1081| | 1082| 85.0k| const auto w0 = words[word_offset]; 1083| | 1084| 85.0k| if(single_byte_window) { ------------------ | Branch (1084:7): [True: 80.6k, False: 4.42k] ------------------ 1085| 80.6k| return (w0 >> bit_shift) & WindowMask; 1086| 80.6k| } else { 1087| | // Otherwise we must join two words and extract the result 1088| 4.42k| const auto w1 = words[word_offset - 1]; 1089| 4.42k| const auto combined = ((w0 >> bit_shift) | (w1 << (W_bits - bit_shift))); 1090| 4.42k| return combined & WindowMask; 1091| 4.42k| } 1092| 85.0k|} _ZN5Botan11shift_rightILm1ETkNS_8WordTypeEmLm6EEET0_RNSt3__15arrayIS1_XT1_EEE: 741| 43.4k|inline constexpr W shift_right(std::array& x) { 742| 43.4k| static_assert(N >= 1, "Invalid input size"); 743| 43.4k| static_assert(S > 0, "Zero shift not supported"); 744| 43.4k| static_assert(S < WordInfo::bits, "Shift too large"); 745| | 746| 43.4k| const W carry = x[0] << (WordInfo::bits - S); 747| | 748| 260k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (748:22): [True: 217k, False: 43.4k] ------------------ 749| 217k| x[i] = (x[i] >> S) | (x[i + 1] << (WordInfo::bits - S)); 750| 217k| } 751| 43.4k| x[N - 1] >>= S; 752| | 753| 43.4k| return carry; 754| 43.4k|} _ZN5Botan9comba_sqrILm8ETkNS_8WordTypeEmEEvPT0_PKS1_: 854| 1.05M|constexpr inline void comba_sqr(W z[2 * N], const W x[N]) { 855| 1.05M| if(!std::is_constant_evaluated()) { ------------------ | Branch (855:7): [True: 1.05M, Folded] ------------------ 856| | if constexpr(std::same_as && N == 4) { 857| | return bigint_comba_sqr4(z, x); 858| | } 859| | if constexpr(std::same_as && N == 6) { 860| | return bigint_comba_sqr6(z, x); 861| | } 862| | if constexpr(std::same_as && N == 7) { 863| | return bigint_comba_sqr7(z, x); 864| | } 865| 1.05M| if constexpr(std::same_as && N == 8) { 866| 1.05M| return bigint_comba_sqr8(z, x); 867| 1.05M| } 868| | if constexpr(std::same_as && N == 9) { 869| | return bigint_comba_sqr9(z, x); 870| | } 871| | if constexpr(std::same_as && N == 16) { 872| | return bigint_comba_sqr16(z, x); 873| | } 874| 1.05M| } 875| | 876| 0| word3 accum; 877| | 878| 1.05M| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (878:22): [True: 0, False: 1.05M] ------------------ 879| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (879:28): [True: 0, False: 0] ------------------ 880| 0| const size_t end = std::min(N, i + 1); 881| | 882| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (882:29): [True: 0, False: 0] ------------------ 883| 0| accum.mul(x[j], x[i - j]); 884| 0| } 885| 0| z[i] = accum.extract(); 886| 0| } 887| 1.05M|} _ZN5Botan22bigint_monty_maybe_subILm8ETkNS_8WordTypeEmEEvPT0_S1_PKS1_S4_: 254| 2.56M|inline constexpr void bigint_monty_maybe_sub(W z[N], W x0, const W x[N], const W y[N]) { 255| 2.56M| W borrow = 0; 256| | 257| 23.0M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (257:22): [True: 20.5M, False: 2.56M] ------------------ 258| 20.5M| z[i] = word_sub(x[i], y[i], &borrow); 259| 20.5M| } 260| | 261| 2.56M| borrow = (x0 - borrow) > x0; 262| | 263| 2.56M| CT::conditional_assign_mem(borrow, z, x, N); 264| 2.56M|} _ZN5Botan9comba_mulILm8ETkNS_8WordTypeEmEEvPT0_PKS1_S4_: 818| 974k|constexpr inline void comba_mul(W z[2 * N], const W x[N], const W y[N]) { 819| 974k| if(!std::is_constant_evaluated()) { ------------------ | Branch (819:7): [True: 974k, Folded] ------------------ 820| | if constexpr(std::same_as && N == 4) { 821| | return bigint_comba_mul4(z, x, y); 822| | } 823| | if constexpr(std::same_as && N == 6) { 824| | return bigint_comba_mul6(z, x, y); 825| | } 826| | if constexpr(std::same_as && N == 7) { 827| | return bigint_comba_mul7(z, x, y); 828| | } 829| 974k| if constexpr(std::same_as && N == 8) { 830| 974k| return bigint_comba_mul8(z, x, y); 831| 974k| } 832| | if constexpr(std::same_as && N == 9) { 833| | return bigint_comba_mul9(z, x, y); 834| | } 835| | if constexpr(std::same_as && N == 16) { 836| | return bigint_comba_mul16(z, x, y); 837| | } 838| 974k| } 839| | 840| 0| word3 accum; 841| | 842| 974k| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (842:22): [True: 0, False: 974k] ------------------ 843| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (843:28): [True: 0, False: 0] ------------------ 844| 0| const size_t end = std::min(N, i + 1); 845| | 846| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (846:29): [True: 0, False: 0] ------------------ 847| 0| accum.mul(x[j], y[i - j]); 848| 0| } 849| 0| z[i] = accum.extract(); 850| 0| } 851| 974k|} _ZN5Botan10shift_leftILm1ETkNS_8WordTypeEmLm8EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 296k|inline constexpr W shift_left(std::array& x) { 726| 296k| static_assert(N >= 1, "Invalid input size"); 727| 296k| static_assert(S > 0, "Zero shift not supported"); 728| 296k| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 296k| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 2.37M| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 2.07M, False: 296k] ------------------ 733| 2.07M| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 2.07M| } 735| 296k| x[0] <<= S; 736| | 737| 296k| return carry; 738| 296k|} _ZN5Botan16read_window_bitsILm5EmLm8EEEmNSt3__14spanIKT0_XT1_EEEm: 1071| 92.8k|constexpr size_t read_window_bits(std::span words, size_t offset) { 1072| 92.8k| static_assert(WindowBits >= 1 && WindowBits <= 7); 1073| | 1074| 92.8k| constexpr uint8_t WindowMask = static_cast(1 << WindowBits) - 1; 1075| | 1076| 92.8k| constexpr size_t W_bits = sizeof(W) * 8; 1077| 92.8k| const auto bit_shift = offset % W_bits; 1078| 92.8k| const auto word_offset = words.size() - 1 - (offset / W_bits); 1079| | 1080| 92.8k| const bool single_byte_window = bit_shift <= (W_bits - WindowBits) || word_offset == 0; ------------------ | Branch (1080:36): [True: 86.4k, False: 6.30k] | Branch (1080:74): [True: 901, False: 5.40k] ------------------ 1081| | 1082| 92.8k| const auto w0 = words[word_offset]; 1083| | 1084| 92.8k| if(single_byte_window) { ------------------ | Branch (1084:7): [True: 87.3k, False: 5.40k] ------------------ 1085| 87.3k| return (w0 >> bit_shift) & WindowMask; 1086| 87.3k| } else { 1087| | // Otherwise we must join two words and extract the result 1088| 5.40k| const auto w1 = words[word_offset - 1]; 1089| 5.40k| const auto combined = ((w0 >> bit_shift) | (w1 << (W_bits - bit_shift))); 1090| 5.40k| return combined & WindowMask; 1091| 5.40k| } 1092| 92.8k|} _ZN5Botan11shift_rightILm1ETkNS_8WordTypeEmLm8EEET0_RNSt3__15arrayIS1_XT1_EEE: 741| 18.5k|inline constexpr W shift_right(std::array& x) { 742| 18.5k| static_assert(N >= 1, "Invalid input size"); 743| 18.5k| static_assert(S > 0, "Zero shift not supported"); 744| 18.5k| static_assert(S < WordInfo::bits, "Shift too large"); 745| | 746| 18.5k| const W carry = x[0] << (WordInfo::bits - S); 747| | 748| 148k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (748:22): [True: 129k, False: 18.5k] ------------------ 749| 129k| x[i] = (x[i] >> S) | (x[i + 1] << (WordInfo::bits - S)); 750| 129k| } 751| 18.5k| x[N - 1] >>= S; 752| | 753| 18.5k| return carry; 754| 18.5k|} _ZN5Botan10shift_leftILm1ETkNS_8WordTypeEmLm9EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 491k|inline constexpr W shift_left(std::array& x) { 726| 491k| static_assert(N >= 1, "Invalid input size"); 727| 491k| static_assert(S > 0, "Zero shift not supported"); 728| 491k| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 491k| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 4.41M| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 3.92M, False: 491k] ------------------ 733| 3.92M| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 3.92M| } 735| 491k| x[0] <<= S; 736| | 737| 491k| return carry; 738| 491k|} _ZN5Botan22bigint_monty_maybe_subILm9ETkNS_8WordTypeEmEEvPT0_S1_PKS1_S4_: 254| 719k|inline constexpr void bigint_monty_maybe_sub(W z[N], W x0, const W x[N], const W y[N]) { 255| 719k| W borrow = 0; 256| | 257| 7.19M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (257:22): [True: 6.47M, False: 719k] ------------------ 258| 6.47M| z[i] = word_sub(x[i], y[i], &borrow); 259| 6.47M| } 260| | 261| 719k| borrow = (x0 - borrow) > x0; 262| | 263| 719k| CT::conditional_assign_mem(borrow, z, x, N); 264| 719k|} _ZN5Botan11shift_rightILm1ETkNS_8WordTypeEmLm9EEET0_RNSt3__15arrayIS1_XT1_EEE: 741| 30.3k|inline constexpr W shift_right(std::array& x) { 742| 30.3k| static_assert(N >= 1, "Invalid input size"); 743| 30.3k| static_assert(S > 0, "Zero shift not supported"); 744| 30.3k| static_assert(S < WordInfo::bits, "Shift too large"); 745| | 746| 30.3k| const W carry = x[0] << (WordInfo::bits - S); 747| | 748| 273k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (748:22): [True: 242k, False: 30.3k] ------------------ 749| 242k| x[i] = (x[i] >> S) | (x[i + 1] << (WordInfo::bits - S)); 750| 242k| } 751| 30.3k| x[N - 1] >>= S; 752| | 753| 30.3k| return carry; 754| 30.3k|} _ZN5Botan9comba_sqrILm9ETkNS_8WordTypeEmEEvPT0_PKS1_: 854| 1.49M|constexpr inline void comba_sqr(W z[2 * N], const W x[N]) { 855| 1.49M| if(!std::is_constant_evaluated()) { ------------------ | Branch (855:7): [True: 1.49M, Folded] ------------------ 856| | if constexpr(std::same_as && N == 4) { 857| | return bigint_comba_sqr4(z, x); 858| | } 859| | if constexpr(std::same_as && N == 6) { 860| | return bigint_comba_sqr6(z, x); 861| | } 862| | if constexpr(std::same_as && N == 7) { 863| | return bigint_comba_sqr7(z, x); 864| | } 865| | if constexpr(std::same_as && N == 8) { 866| | return bigint_comba_sqr8(z, x); 867| | } 868| 1.49M| if constexpr(std::same_as && N == 9) { 869| 1.49M| return bigint_comba_sqr9(z, x); 870| 1.49M| } 871| | if constexpr(std::same_as && N == 16) { 872| | return bigint_comba_sqr16(z, x); 873| | } 874| 1.49M| } 875| | 876| 0| word3 accum; 877| | 878| 1.49M| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (878:22): [True: 0, False: 1.49M] ------------------ 879| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (879:28): [True: 0, False: 0] ------------------ 880| 0| const size_t end = std::min(N, i + 1); 881| | 882| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (882:29): [True: 0, False: 0] ------------------ 883| 0| accum.mul(x[j], x[i - j]); 884| 0| } 885| 0| z[i] = accum.extract(); 886| 0| } 887| 1.49M|} _ZN5Botan9comba_mulILm9ETkNS_8WordTypeEmEEvPT0_PKS1_S4_: 818| 1.22M|constexpr inline void comba_mul(W z[2 * N], const W x[N], const W y[N]) { 819| 1.22M| if(!std::is_constant_evaluated()) { ------------------ | Branch (819:7): [True: 1.22M, Folded] ------------------ 820| | if constexpr(std::same_as && N == 4) { 821| | return bigint_comba_mul4(z, x, y); 822| | } 823| | if constexpr(std::same_as && N == 6) { 824| | return bigint_comba_mul6(z, x, y); 825| | } 826| | if constexpr(std::same_as && N == 7) { 827| | return bigint_comba_mul7(z, x, y); 828| | } 829| | if constexpr(std::same_as && N == 8) { 830| | return bigint_comba_mul8(z, x, y); 831| | } 832| 1.22M| if constexpr(std::same_as && N == 9) { 833| 1.22M| return bigint_comba_mul9(z, x, y); 834| 1.22M| } 835| | if constexpr(std::same_as && N == 16) { 836| | return bigint_comba_mul16(z, x, y); 837| | } 838| 1.22M| } 839| | 840| 0| word3 accum; 841| | 842| 1.22M| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (842:22): [True: 0, False: 1.22M] ------------------ 843| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (843:28): [True: 0, False: 0] ------------------ 844| 0| const size_t end = std::min(N, i + 1); 845| | 846| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (846:29): [True: 0, False: 0] ------------------ 847| 0| accum.mul(x[j], y[i - j]); 848| 0| } 849| 0| z[i] = accum.extract(); 850| 0| } 851| 1.22M|} _ZN5Botan10shift_leftILm16ETkNS_8WordTypeEmLm9EEET0_RNSt3__15arrayIS1_XT1_EEE: 725| 4.03k|inline constexpr W shift_left(std::array& x) { 726| 4.03k| static_assert(N >= 1, "Invalid input size"); 727| 4.03k| static_assert(S > 0, "Zero shift not supported"); 728| 4.03k| static_assert(S < WordInfo::bits, "Shift too large"); 729| | 730| 4.03k| const W carry = x[N - 1] >> (WordInfo::bits - S); 731| | 732| 36.3k| for(size_t i = N - 1; i != 0; --i) { ------------------ | Branch (732:26): [True: 32.2k, False: 4.03k] ------------------ 733| 32.2k| x[i] = (x[i] << S) | (x[i - 1] >> (WordInfo::bits - S)); 734| 32.2k| } 735| 4.03k| x[0] <<= S; 736| | 737| 4.03k| return carry; 738| 4.03k|} _ZN5Botan9comba_mulILm7ETkNS_8WordTypeEmEEvPT0_PKS1_S4_: 818| 27.0k|constexpr inline void comba_mul(W z[2 * N], const W x[N], const W y[N]) { 819| 27.0k| if(!std::is_constant_evaluated()) { ------------------ | Branch (819:7): [True: 27.0k, Folded] ------------------ 820| | if constexpr(std::same_as && N == 4) { 821| | return bigint_comba_mul4(z, x, y); 822| | } 823| | if constexpr(std::same_as && N == 6) { 824| | return bigint_comba_mul6(z, x, y); 825| | } 826| 27.0k| if constexpr(std::same_as && N == 7) { 827| 27.0k| return bigint_comba_mul7(z, x, y); 828| 27.0k| } 829| | if constexpr(std::same_as && N == 8) { 830| | return bigint_comba_mul8(z, x, y); 831| | } 832| | if constexpr(std::same_as && N == 9) { 833| | return bigint_comba_mul9(z, x, y); 834| | } 835| | if constexpr(std::same_as && N == 16) { 836| | return bigint_comba_mul16(z, x, y); 837| | } 838| 27.0k| } 839| | 840| 0| word3 accum; 841| | 842| 27.0k| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (842:22): [True: 0, False: 27.0k] ------------------ 843| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (843:28): [True: 0, False: 0] ------------------ 844| 0| const size_t end = std::min(N, i + 1); 845| | 846| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (846:29): [True: 0, False: 0] ------------------ 847| 0| accum.mul(x[j], y[i - j]); 848| 0| } 849| 0| z[i] = accum.extract(); 850| 0| } 851| 27.0k|} _ZN5Botan9comba_sqrILm7ETkNS_8WordTypeEmEEvPT0_PKS1_: 854| 26.8k|constexpr inline void comba_sqr(W z[2 * N], const W x[N]) { 855| 26.8k| if(!std::is_constant_evaluated()) { ------------------ | Branch (855:7): [True: 26.8k, Folded] ------------------ 856| | if constexpr(std::same_as && N == 4) { 857| | return bigint_comba_sqr4(z, x); 858| | } 859| | if constexpr(std::same_as && N == 6) { 860| | return bigint_comba_sqr6(z, x); 861| | } 862| 26.8k| if constexpr(std::same_as && N == 7) { 863| 26.8k| return bigint_comba_sqr7(z, x); 864| 26.8k| } 865| | if constexpr(std::same_as && N == 8) { 866| | return bigint_comba_sqr8(z, x); 867| | } 868| | if constexpr(std::same_as && N == 9) { 869| | return bigint_comba_sqr9(z, x); 870| | } 871| | if constexpr(std::same_as && N == 16) { 872| | return bigint_comba_sqr16(z, x); 873| | } 874| 26.8k| } 875| | 876| 0| word3 accum; 877| | 878| 26.8k| for(size_t i = 0; i != 2 * N; ++i) { ------------------ | Branch (878:22): [True: 0, False: 26.8k] ------------------ 879| 0| const size_t start = i + 1 < N ? 0 : i + 1 - N; ------------------ | Branch (879:28): [True: 0, False: 0] ------------------ 880| 0| const size_t end = std::min(N, i + 1); 881| | 882| 0| for(size_t j = start; j != end; ++j) { ------------------ | Branch (882:29): [True: 0, False: 0] ------------------ 883| 0| accum.mul(x[j], x[i - j]); 884| 0| } 885| 0| z[i] = accum.extract(); 886| 0| } 887| 26.8k|} _ZN5Botan14OCB_EncryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEm: 102| 22| OCB_Mode(std::move(cipher), tag_size) {} _ZN5Botan14OCB_DecryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEm: 121| 55| OCB_Mode(std::move(cipher), tag_size) {} _ZNK5Botan8OCB_Mode8tag_sizeEv: 47| 441| size_t tag_size() const final { return m_tag_size; } _ZNK5Botan8OCB_Mode10block_sizeEv: 64| 423| size_t block_size() const { return m_block_size; } _ZNK5Botan8OCB_Mode10par_blocksEv: 66| 223| size_t par_blocks() const { return m_par_blocks; } _ZNK5Botan14OCB_Encryption13output_lengthEm: 104| 42| size_t output_length(size_t input_length) const override { return input_length + tag_size(); } _ZNK5Botan14OCB_Decryption13output_lengthEm: 123| 45| size_t output_length(size_t input_length) const override { 124| 45| BOTAN_ASSERT(input_length >= tag_size(), "Sufficient input"); ------------------ | | 64| 45| do { \ | | 65| 45| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 45| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 45] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 45| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 45] | | ------------------ ------------------ 125| 45| return input_length - tag_size(); 126| 45| } _ZNK5Botan14OCB_Decryption18minimum_final_sizeEv: 128| 45| size_t minimum_final_size() const override { return tag_size(); } _ZN5Botan6PCurve15PrimeOrderCurve6ScalarD2Ev: 72| 55.0k| ~Scalar() = default; _ZN5Botan6PCurve15PrimeOrderCurve11AffinePointD2Ev: 100| 59.0k| ~AffinePoint() = default; _ZN5Botan6PCurve15PrimeOrderCurve15ProjectivePointD2Ev: 134| 3.08k| ~ProjectivePoint() = default; _ZN5Botan6PCurve15PrimeOrderCurve6ScalarC2EOS2_: 69| 29.0k| Scalar(Scalar&& other) = default; _ZN5Botan6PCurve15PrimeOrderCurve6ScalarC2ERKS2_: 68| 15.8k| Scalar(const Scalar& other) = default; _ZN5Botan6PCurve15PrimeOrderCurve11AffinePointC2EOS2_: 97| 41.6k| AffinePoint(AffinePoint&& other) = default; _ZN5Botan6PCurve15PrimeOrderCurve11AffinePointC2ERKS2_: 96| 3.60k| AffinePoint(const AffinePoint& other) = default; _ZNK5Botan6PCurve15PrimeOrderCurve6Scalar6_curveEv: 76| 25.1k| const auto& _curve() const { return m_curve; } _ZNK5Botan6PCurve15PrimeOrderCurve6Scalar6_valueEv: 78| 25.1k| const auto& _value() const { return m_value; } _ZN5Botan6PCurve15PrimeOrderCurve6Scalar7_createENSt3__110shared_ptrIKS1_EENS3_5arrayImLm9EEE: 80| 10.1k| static Scalar _create(CurvePtr curve, StorageUnit v) { return Scalar(std::move(curve), v); } _ZN5Botan6PCurve15PrimeOrderCurve6ScalarC2ENSt3__110shared_ptrIKS1_EENS3_5arrayImLm9EEE: 83| 10.1k| Scalar(CurvePtr curve, StorageUnit v) : m_curve(std::move(curve)), m_value(v) {} _ZNK5Botan6PCurve15PrimeOrderCurve11AffinePoint6_curveEv: 104| 36.4k| const auto& _curve() const { return m_curve; } _ZNK5Botan6PCurve15PrimeOrderCurve11AffinePoint2_xEv: 106| 36.4k| const auto& _x() const { return m_x; } _ZNK5Botan6PCurve15PrimeOrderCurve11AffinePoint2_yEv: 108| 36.4k| const auto& _y() const { return m_y; } _ZN5Botan6PCurve15PrimeOrderCurve11AffinePoint7_createENSt3__110shared_ptrIKS1_EENS3_5arrayImLm9EEES8_: 110| 13.7k| static AffinePoint _create(CurvePtr curve, StorageUnit x, StorageUnit y) { 111| 13.7k| return AffinePoint(std::move(curve), x, y); 112| 13.7k| } _ZN5Botan6PCurve15PrimeOrderCurve11AffinePointC2ENSt3__110shared_ptrIKS1_EENS3_5arrayImLm9EEES8_: 115| 13.7k| AffinePoint(CurvePtr curve, StorageUnit x, StorageUnit y) : m_curve(std::move(curve)), m_x(x), m_y(y) {} _ZNK5Botan6PCurve15PrimeOrderCurve15ProjectivePoint6_curveEv: 136| 3.08k| const auto& _curve() const { return m_curve; } _ZNK5Botan6PCurve15PrimeOrderCurve15ProjectivePoint2_xEv: 138| 3.08k| const auto& _x() const { return m_x; } _ZNK5Botan6PCurve15PrimeOrderCurve15ProjectivePoint2_yEv: 140| 3.08k| const auto& _y() const { return m_y; } _ZNK5Botan6PCurve15PrimeOrderCurve15ProjectivePoint2_zEv: 142| 3.08k| const auto& _z() const { return m_z; } _ZN5Botan6PCurve15PrimeOrderCurve15ProjectivePoint7_createENSt3__110shared_ptrIKS1_EENS3_5arrayImLm9EEES8_S8_: 144| 3.08k| static ProjectivePoint _create(CurvePtr curve, StorageUnit x, StorageUnit y, StorageUnit z) { 145| 3.08k| return ProjectivePoint(std::move(curve), x, y, z); 146| 3.08k| } _ZN5Botan6PCurve15PrimeOrderCurve15ProjectivePointC2ENSt3__110shared_ptrIKS1_EENS3_5arrayImLm9EEES8_S8_: 150| 3.08k| m_curve(std::move(curve)), m_x(x), m_y(y), m_z(z) {} _ZN5Botan6PCurve15PrimeOrderCurveD2Ev: 163| 6| virtual ~PrimeOrderCurve() = default; pcurves_brainpool256r1.cpp:_ZN5Botan11dbl_genericINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_RKT0_: 397| 5.26k|inline constexpr ProjectivePoint dbl_generic(const ProjectivePoint& pt, const FieldElement& A) { 398| | // Cost: 1M + 3S + 1A + 1*3 399| 5.26k| const auto z2 = pt.z().square(); 400| 5.26k| const auto m = pt.x().square().mul3() + A * z2.square(); 401| | 402| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 403| 5.26k| const auto y2 = pt.y().square(); 404| 5.26k| const auto s = pt.x().mul4() * y2; 405| 5.26k| const auto nx = m.square() - s.mul2(); 406| 5.26k| const auto ny = m * (s - nx) - y2.square().mul8(); 407| 5.26k| const auto nz = pt.y().mul2() * pt.z(); 408| | 409| 5.26k| return ProjectivePoint(nx, ny, nz); 410| 5.26k|} pcurves_brainpool256r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 735|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 735| const auto a_is_identity = a.is_identity(); 189| 735| const auto b_is_identity = b.is_identity(); 190| | 191| 735| const auto Z1Z1 = a.z().square(); 192| 735| const auto Z2Z2 = b.z().square(); 193| 735| const auto U1 = a.x() * Z2Z2; 194| 735| const auto U2 = b.x() * Z1Z1; 195| 735| const auto S1 = a.y() * b.z() * Z2Z2; 196| 735| const auto S2 = b.y() * a.z() * Z1Z1; 197| 735| const auto H = U2 - U1; 198| 735| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 735| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 735] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 735| const auto HH = H.square(); 215| 735| const auto HHH = H * HH; 216| 735| const auto V = U1 * HH; 217| 735| const auto t2 = r.square(); 218| 735| const auto t3 = V + V; 219| 735| const auto t4 = t2 - HHH; 220| 735| auto X3 = t4 - t3; 221| 735| const auto t5 = V - X3; 222| 735| const auto t6 = S1 * HHH; 223| 735| const auto t7 = r * t5; 224| 735| auto Y3 = t7 - t6; 225| 735| const auto t8 = b.z() * H; 226| 735| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 735| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 735| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 735| return ProjectivePoint(X3, Y3, Z3); 235| 735|} pcurves_brainpool256r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 1.56k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 1.56k, False: 1] ------------------ 117| 1.56k| any_identity = any_identity || pt.is_identity(); 118| 1.56k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 1.56k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 1.56k, False: 1] ------------------ 146| 1.56k| c.push_back(c[i - 1] * projective[i].z()); 147| 1.56k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 1.56k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 1.56k, False: 1] ------------------ 158| 1.56k| const auto& p = projective[i]; 159| | 160| 1.56k| const auto z_inv = s_inv * c[i - 1]; 161| 1.56k| const auto z2_inv = z_inv.square(); 162| 1.56k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 1.56k| s_inv = s_inv * p.z(); 165| | 166| 1.56k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 1.56k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_brainpool256r1.cpp:_ZN5Botan9to_affineINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveEEEDaRKNT_15ProjectivePointE: 76| 731|inline constexpr auto to_affine(const typename C::ProjectivePoint& pt) { 77| | // Not strictly required right? - default should work as long 78| | // as (0,0) is identity and invert returns 0 on 0 79| | 80| | if constexpr(curve_supports_fe_invert2) { 81| | const auto z2_inv = C::fe_invert2(pt.z()); 82| | const auto z3_inv = z2_inv.square() * pt.z(); 83| | return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 84| 731| } else { 85| 731| const auto z_inv = invert_field_element(pt.z()); 86| 731| const auto z2_inv = z_inv.square(); 87| 731| const auto z3_inv = z_inv * z2_inv; 88| 731| return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 89| 731| } 90| 731|} pcurves_brainpool256r1.cpp:_ZN5Botan20invert_field_elementINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveEEEDaRKNT_12FieldElementE: 35| 1.83k|inline constexpr auto invert_field_element(const typename C::FieldElement& fe) { 36| | if constexpr(curve_supports_fe_invert2) { 37| | return C::fe_invert2(fe) * fe; 38| 1.83k| } else { 39| 1.83k| return fe.invert(); 40| 1.83k| } 41| 1.83k|} pcurves_brainpool256r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_brainpool256r1.cpp:_ZN5Botan22point_add_or_sub_mixedINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_NS_2CT6ChoiceERKT1_: 296| 66.6k| const FieldElement& one) { 297| 66.6k| const auto a_is_identity = a.is_identity(); 298| 66.6k| const auto b_is_identity = b.is_identity(); 299| | 300| | /* 301| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 302| | 303| | Cost: 8M + 3S + 6add + 1*2 304| | */ 305| | 306| 66.6k| auto by = b.y(); 307| 66.6k| by.conditional_assign(sub, by.negate()); 308| | 309| 66.6k| const auto Z1Z1 = a.z().square(); 310| 66.6k| const auto U2 = b.x() * Z1Z1; 311| 66.6k| const auto S2 = by * a.z() * Z1Z1; 312| 66.6k| const auto H = U2 - a.x(); 313| 66.6k| const auto r = S2 - a.y(); 314| | 315| | /* Risky conditional 316| | * 317| | * This implementation uses projective coordinates, which do not have an efficient complete 318| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 319| | * 320| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 321| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 322| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 323| | * (the identity element) 324| | */ 325| 66.6k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (325:7): [True: 0, False: 66.6k] ------------------ 326| 0| return a.dbl(); 327| 0| } 328| | 329| 66.6k| const auto HH = H.square(); 330| 66.6k| const auto HHH = H * HH; 331| 66.6k| const auto V = a.x() * HH; 332| 66.6k| const auto t2 = r.square(); 333| 66.6k| const auto t3 = V + V; 334| 66.6k| const auto t4 = t2 - HHH; 335| 66.6k| auto X3 = t4 - t3; 336| 66.6k| const auto t5 = V - X3; 337| 66.6k| const auto t6 = a.y() * HHH; 338| 66.6k| const auto t7 = r * t5; 339| 66.6k| auto Y3 = t7 - t6; 340| 66.6k| auto Z3 = a.z() * H; 341| | 342| | // if a is identity then return b 343| 66.6k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), by, one); 344| | 345| | // if b is identity then return a 346| 66.6k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 347| | 348| 66.6k| return ProjectivePoint(X3, Y3, Z3); 349| 66.6k|} pcurves_brainpool256r1.cpp:_ZN5Botan11to_affine_xINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveEEEDaRKNT_15ProjectivePointE: 96| 554|auto to_affine_x(const typename C::ProjectivePoint& pt) { 97| | if constexpr(curve_supports_fe_invert2) { 98| | return pt.x() * C::fe_invert2(pt.z()); 99| 554| } else { 100| 554| const auto z_inv = invert_field_element(pt.z()); 101| 554| const auto z2_inv = z_inv.square(); 102| 554| return pt.x() * z2_inv; 103| 554| } 104| 554|} pcurves_brainpool256r1.cpp:_ZN5Botan15point_add_mixedINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_RKT1_: 240| 3.87k| const FieldElement& one) { 241| 3.87k| const auto a_is_identity = a.is_identity(); 242| 3.87k| const auto b_is_identity = b.is_identity(); 243| | 244| | /* 245| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 246| | 247| | Cost: 8M + 3S + 6add + 1*2 248| | */ 249| | 250| 3.87k| const auto Z1Z1 = a.z().square(); 251| 3.87k| const auto U2 = b.x() * Z1Z1; 252| 3.87k| const auto S2 = b.y() * a.z() * Z1Z1; 253| 3.87k| const auto H = U2 - a.x(); 254| 3.87k| const auto r = S2 - a.y(); 255| | 256| | /* Risky conditional 257| | * 258| | * This implementation uses projective coordinates, which do not have an efficient complete 259| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 260| | * 261| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 262| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 263| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 264| | * (the identity element) 265| | */ 266| 3.87k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (266:7): [True: 0, False: 3.87k] ------------------ 267| 0| return a.dbl(); 268| 0| } 269| | 270| 3.87k| const auto HH = H.square(); 271| 3.87k| const auto HHH = H * HH; 272| 3.87k| const auto V = a.x() * HH; 273| 3.87k| const auto t2 = r.square(); 274| 3.87k| const auto t3 = V + V; 275| 3.87k| const auto t4 = t2 - HHH; 276| 3.87k| auto X3 = t4 - t3; 277| 3.87k| const auto t5 = V - X3; 278| 3.87k| const auto t6 = a.y() * HHH; 279| 3.87k| const auto t7 = r * t5; 280| 3.87k| auto Y3 = t7 - t6; 281| 3.87k| auto Z3 = a.z() * H; 282| | 283| | // if a is identity then return b 284| 3.87k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), one); 285| | 286| | // if b is identity then return a 287| 3.87k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 288| | 289| 3.87k| return ProjectivePoint(X3, Y3, Z3); 290| 3.87k|} pcurves_brainpool256r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 554|auto to_affine_batch(std::span projective) { 108| 554| using AffinePoint = typename C::AffinePoint; 109| | 110| 554| const size_t N = projective.size(); 111| 554| std::vector affine; 112| 554| affine.reserve(N); 113| | 114| 554| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 8.86k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 8.86k, False: 554] ------------------ 117| 8.86k| any_identity = any_identity || pt.is_identity(); 118| 8.86k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 554| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 554] | Branch (126:17): [True: 0, False: 554] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 554| } else { 134| 554| std::vector c; 135| 554| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 554| c.push_back(projective[0].z()); 145| 8.86k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 8.31k, False: 554] ------------------ 146| 8.31k| c.push_back(c[i - 1] * projective[i].z()); 147| 8.31k| } 148| | 149| 554| auto s_inv = [&]() { 150| 554| if constexpr(VariableTime) { 151| 554| return c[N - 1].invert_vartime(); 152| 554| } else { 153| 554| return invert_field_element(c[N - 1]); 154| 554| } 155| 554| }(); 156| | 157| 8.86k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 8.31k, False: 554] ------------------ 158| 8.31k| const auto& p = projective[i]; 159| | 160| 8.31k| const auto z_inv = s_inv * c[i - 1]; 161| 8.31k| const auto z2_inv = z_inv.square(); 162| 8.31k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 8.31k| s_inv = s_inv * p.z(); 165| | 166| 8.31k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 8.31k| } 168| | 169| 554| const auto z2_inv = s_inv.square(); 170| 554| const auto z3_inv = s_inv * z2_inv; 171| 554| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 554| std::reverse(affine.begin(), affine.end()); 173| 554| return affine; 174| 554| } 175| | 176| 0| return affine; 177| 554|} pcurves_brainpool256r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 554| auto s_inv = [&]() { 150| | if constexpr(VariableTime) { 151| | return c[N - 1].invert_vartime(); 152| 554| } else { 153| 554| return invert_field_element(c[N - 1]); 154| 554| } 155| 554| }(); pcurves_brainpool256r1.cpp:_ZN5Botan13dbl_n_genericINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_RKT0_m: 477| 31.5k|inline constexpr ProjectivePoint dbl_n_generic(const ProjectivePoint& pt, const FieldElement& A, size_t n) { 478| 31.5k| auto nx = pt.x(); 479| 31.5k| auto ny = pt.y().mul2(); 480| 31.5k| auto nz = pt.z(); 481| 31.5k| auto w = nz.square().square() * A; 482| | 483| | // Conditional ok: loop iteration count is public 484| 189k| while(n > 0) { ------------------ | Branch (484:10): [True: 157k, False: 31.5k] ------------------ 485| 157k| const auto ny2 = ny.square(); 486| 157k| const auto ny4 = ny2.square(); 487| 157k| const auto t1 = nx.square().mul3() + w; 488| 157k| const auto t2 = nx * ny2; 489| 157k| nx = t1.square() - t2.mul2(); 490| 157k| nz *= ny; 491| 157k| ny = t1 * (t2 - nx).mul2() - ny4; 492| 157k| n--; 493| | // Conditional ok: loop iteration count is public 494| 157k| if(n > 0) { ------------------ | Branch (494:10): [True: 126k, False: 31.5k] ------------------ 495| 126k| w *= ny4; 496| 126k| } 497| 157k| } 498| 31.5k| return ProjectivePoint(nx, ny.div2(), nz); 499| 31.5k|} pcurves_brainpool256r1.cpp:_ZN5Botan18sqrt_field_elementINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveEEENS_2CT6OptionINT_12FieldElementEEERKS8_: 60| 568|inline constexpr CT::Option sqrt_field_element(const typename C::FieldElement& fe) { 61| | if constexpr(curve_supports_fe_sqrt) { 62| | auto z = C::fe_sqrt(fe); 63| | // Zero out the return value if it would otherwise be incorrect 64| | const CT::Choice correct = (z.square() == fe); 65| | z.conditional_assign(!correct, C::FieldElement::zero()); 66| | return CT::Option(z, correct); 67| 568| } else { 68| 568| return fe.sqrt(); 69| 568| } 70| 568|} pcurves_brainpool384r1.cpp:_ZN5Botan11dbl_genericINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_RKT0_: 397| 2.71k|inline constexpr ProjectivePoint dbl_generic(const ProjectivePoint& pt, const FieldElement& A) { 398| | // Cost: 1M + 3S + 1A + 1*3 399| 2.71k| const auto z2 = pt.z().square(); 400| 2.71k| const auto m = pt.x().square().mul3() + A * z2.square(); 401| | 402| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 403| 2.71k| const auto y2 = pt.y().square(); 404| 2.71k| const auto s = pt.x().mul4() * y2; 405| 2.71k| const auto nx = m.square() - s.mul2(); 406| 2.71k| const auto ny = m * (s - nx) - y2.square().mul8(); 407| 2.71k| const auto nz = pt.y().mul2() * pt.z(); 408| | 409| 2.71k| return ProjectivePoint(nx, ny, nz); 410| 2.71k|} pcurves_brainpool384r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 1.09k|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 1.09k| const auto a_is_identity = a.is_identity(); 189| 1.09k| const auto b_is_identity = b.is_identity(); 190| | 191| 1.09k| const auto Z1Z1 = a.z().square(); 192| 1.09k| const auto Z2Z2 = b.z().square(); 193| 1.09k| const auto U1 = a.x() * Z2Z2; 194| 1.09k| const auto U2 = b.x() * Z1Z1; 195| 1.09k| const auto S1 = a.y() * b.z() * Z2Z2; 196| 1.09k| const auto S2 = b.y() * a.z() * Z1Z1; 197| 1.09k| const auto H = U2 - U1; 198| 1.09k| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 1.09k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 1.09k] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 1.09k| const auto HH = H.square(); 215| 1.09k| const auto HHH = H * HH; 216| 1.09k| const auto V = U1 * HH; 217| 1.09k| const auto t2 = r.square(); 218| 1.09k| const auto t3 = V + V; 219| 1.09k| const auto t4 = t2 - HHH; 220| 1.09k| auto X3 = t4 - t3; 221| 1.09k| const auto t5 = V - X3; 222| 1.09k| const auto t6 = S1 * HHH; 223| 1.09k| const auto t7 = r * t5; 224| 1.09k| auto Y3 = t7 - t6; 225| 1.09k| const auto t8 = b.z() * H; 226| 1.09k| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 1.09k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 1.09k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 1.09k| return ProjectivePoint(X3, Y3, Z3); 235| 1.09k|} pcurves_brainpool384r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 2.33k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 2.33k, False: 1] ------------------ 117| 2.33k| any_identity = any_identity || pt.is_identity(); 118| 2.33k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 2.33k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 2.33k, False: 1] ------------------ 146| 2.33k| c.push_back(c[i - 1] * projective[i].z()); 147| 2.33k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 2.33k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 2.33k, False: 1] ------------------ 158| 2.33k| const auto& p = projective[i]; 159| | 160| 2.33k| const auto z_inv = s_inv * c[i - 1]; 161| 2.33k| const auto z2_inv = z_inv.square(); 162| 2.33k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 2.33k| s_inv = s_inv * p.z(); 165| | 166| 2.33k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 2.33k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_brainpool384r1.cpp:_ZN5Botan9to_affineINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveEEEDaRKNT_15ProjectivePointE: 76| 492|inline constexpr auto to_affine(const typename C::ProjectivePoint& pt) { 77| | // Not strictly required right? - default should work as long 78| | // as (0,0) is identity and invert returns 0 on 0 79| | 80| | if constexpr(curve_supports_fe_invert2) { 81| | const auto z2_inv = C::fe_invert2(pt.z()); 82| | const auto z3_inv = z2_inv.square() * pt.z(); 83| | return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 84| 492| } else { 85| 492| const auto z_inv = invert_field_element(pt.z()); 86| 492| const auto z2_inv = z_inv.square(); 87| 492| const auto z3_inv = z_inv * z2_inv; 88| 492| return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 89| 492| } 90| 492|} pcurves_brainpool384r1.cpp:_ZN5Botan20invert_field_elementINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveEEEDaRKNT_12FieldElementE: 35| 860|inline constexpr auto invert_field_element(const typename C::FieldElement& fe) { 36| | if constexpr(curve_supports_fe_invert2) { 37| | return C::fe_invert2(fe) * fe; 38| 860| } else { 39| 860| return fe.invert(); 40| 860| } 41| 860|} pcurves_brainpool384r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_brainpool384r1.cpp:_ZN5Botan22point_add_or_sub_mixedINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_NS_2CT6ChoiceERKT1_: 296| 51.2k| const FieldElement& one) { 297| 51.2k| const auto a_is_identity = a.is_identity(); 298| 51.2k| const auto b_is_identity = b.is_identity(); 299| | 300| | /* 301| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 302| | 303| | Cost: 8M + 3S + 6add + 1*2 304| | */ 305| | 306| 51.2k| auto by = b.y(); 307| 51.2k| by.conditional_assign(sub, by.negate()); 308| | 309| 51.2k| const auto Z1Z1 = a.z().square(); 310| 51.2k| const auto U2 = b.x() * Z1Z1; 311| 51.2k| const auto S2 = by * a.z() * Z1Z1; 312| 51.2k| const auto H = U2 - a.x(); 313| 51.2k| const auto r = S2 - a.y(); 314| | 315| | /* Risky conditional 316| | * 317| | * This implementation uses projective coordinates, which do not have an efficient complete 318| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 319| | * 320| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 321| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 322| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 323| | * (the identity element) 324| | */ 325| 51.2k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (325:7): [True: 0, False: 51.2k] ------------------ 326| 0| return a.dbl(); 327| 0| } 328| | 329| 51.2k| const auto HH = H.square(); 330| 51.2k| const auto HHH = H * HH; 331| 51.2k| const auto V = a.x() * HH; 332| 51.2k| const auto t2 = r.square(); 333| 51.2k| const auto t3 = V + V; 334| 51.2k| const auto t4 = t2 - HHH; 335| 51.2k| auto X3 = t4 - t3; 336| 51.2k| const auto t5 = V - X3; 337| 51.2k| const auto t6 = a.y() * HHH; 338| 51.2k| const auto t7 = r * t5; 339| 51.2k| auto Y3 = t7 - t6; 340| 51.2k| auto Z3 = a.z() * H; 341| | 342| | // if a is identity then return b 343| 51.2k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), by, one); 344| | 345| | // if b is identity then return a 346| 51.2k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 347| | 348| 51.2k| return ProjectivePoint(X3, Y3, Z3); 349| 51.2k|} pcurves_brainpool384r1.cpp:_ZN5Botan11to_affine_xINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveEEEDaRKNT_15ProjectivePointE: 96| 184|auto to_affine_x(const typename C::ProjectivePoint& pt) { 97| | if constexpr(curve_supports_fe_invert2) { 98| | return pt.x() * C::fe_invert2(pt.z()); 99| 184| } else { 100| 184| const auto z_inv = invert_field_element(pt.z()); 101| 184| const auto z2_inv = z_inv.square(); 102| 184| return pt.x() * z2_inv; 103| 184| } 104| 184|} pcurves_brainpool384r1.cpp:_ZN5Botan15point_add_mixedINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_RKT1_: 240| 1.28k| const FieldElement& one) { 241| 1.28k| const auto a_is_identity = a.is_identity(); 242| 1.28k| const auto b_is_identity = b.is_identity(); 243| | 244| | /* 245| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 246| | 247| | Cost: 8M + 3S + 6add + 1*2 248| | */ 249| | 250| 1.28k| const auto Z1Z1 = a.z().square(); 251| 1.28k| const auto U2 = b.x() * Z1Z1; 252| 1.28k| const auto S2 = b.y() * a.z() * Z1Z1; 253| 1.28k| const auto H = U2 - a.x(); 254| 1.28k| const auto r = S2 - a.y(); 255| | 256| | /* Risky conditional 257| | * 258| | * This implementation uses projective coordinates, which do not have an efficient complete 259| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 260| | * 261| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 262| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 263| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 264| | * (the identity element) 265| | */ 266| 1.28k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (266:7): [True: 0, False: 1.28k] ------------------ 267| 0| return a.dbl(); 268| 0| } 269| | 270| 1.28k| const auto HH = H.square(); 271| 1.28k| const auto HHH = H * HH; 272| 1.28k| const auto V = a.x() * HH; 273| 1.28k| const auto t2 = r.square(); 274| 1.28k| const auto t3 = V + V; 275| 1.28k| const auto t4 = t2 - HHH; 276| 1.28k| auto X3 = t4 - t3; 277| 1.28k| const auto t5 = V - X3; 278| 1.28k| const auto t6 = a.y() * HHH; 279| 1.28k| const auto t7 = r * t5; 280| 1.28k| auto Y3 = t7 - t6; 281| 1.28k| auto Z3 = a.z() * H; 282| | 283| | // if a is identity then return b 284| 1.28k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), one); 285| | 286| | // if b is identity then return a 287| 1.28k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 288| | 289| 1.28k| return ProjectivePoint(X3, Y3, Z3); 290| 1.28k|} pcurves_brainpool384r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 184|auto to_affine_batch(std::span projective) { 108| 184| using AffinePoint = typename C::AffinePoint; 109| | 110| 184| const size_t N = projective.size(); 111| 184| std::vector affine; 112| 184| affine.reserve(N); 113| | 114| 184| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 2.94k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 2.94k, False: 184] ------------------ 117| 2.94k| any_identity = any_identity || pt.is_identity(); 118| 2.94k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 184| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 184] | Branch (126:17): [True: 0, False: 184] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 184| } else { 134| 184| std::vector c; 135| 184| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 184| c.push_back(projective[0].z()); 145| 2.94k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 2.76k, False: 184] ------------------ 146| 2.76k| c.push_back(c[i - 1] * projective[i].z()); 147| 2.76k| } 148| | 149| 184| auto s_inv = [&]() { 150| 184| if constexpr(VariableTime) { 151| 184| return c[N - 1].invert_vartime(); 152| 184| } else { 153| 184| return invert_field_element(c[N - 1]); 154| 184| } 155| 184| }(); 156| | 157| 2.94k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 2.76k, False: 184] ------------------ 158| 2.76k| const auto& p = projective[i]; 159| | 160| 2.76k| const auto z_inv = s_inv * c[i - 1]; 161| 2.76k| const auto z2_inv = z_inv.square(); 162| 2.76k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 2.76k| s_inv = s_inv * p.z(); 165| | 166| 2.76k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 2.76k| } 168| | 169| 184| const auto z2_inv = s_inv.square(); 170| 184| const auto z3_inv = s_inv * z2_inv; 171| 184| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 184| std::reverse(affine.begin(), affine.end()); 173| 184| return affine; 174| 184| } 175| | 176| 0| return affine; 177| 184|} pcurves_brainpool384r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 184| auto s_inv = [&]() { 150| | if constexpr(VariableTime) { 151| | return c[N - 1].invert_vartime(); 152| 184| } else { 153| 184| return invert_field_element(c[N - 1]); 154| 184| } 155| 184| }(); pcurves_brainpool384r1.cpp:_ZN5Botan13dbl_n_genericINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_RKT0_m: 477| 15.8k|inline constexpr ProjectivePoint dbl_n_generic(const ProjectivePoint& pt, const FieldElement& A, size_t n) { 478| 15.8k| auto nx = pt.x(); 479| 15.8k| auto ny = pt.y().mul2(); 480| 15.8k| auto nz = pt.z(); 481| 15.8k| auto w = nz.square().square() * A; 482| | 483| | // Conditional ok: loop iteration count is public 484| 94.9k| while(n > 0) { ------------------ | Branch (484:10): [True: 79.1k, False: 15.8k] ------------------ 485| 79.1k| const auto ny2 = ny.square(); 486| 79.1k| const auto ny4 = ny2.square(); 487| 79.1k| const auto t1 = nx.square().mul3() + w; 488| 79.1k| const auto t2 = nx * ny2; 489| 79.1k| nx = t1.square() - t2.mul2(); 490| 79.1k| nz *= ny; 491| 79.1k| ny = t1 * (t2 - nx).mul2() - ny4; 492| 79.1k| n--; 493| | // Conditional ok: loop iteration count is public 494| 79.1k| if(n > 0) { ------------------ | Branch (494:10): [True: 63.2k, False: 15.8k] ------------------ 495| 63.2k| w *= ny4; 496| 63.2k| } 497| 79.1k| } 498| 15.8k| return ProjectivePoint(nx, ny.div2(), nz); 499| 15.8k|} pcurves_brainpool384r1.cpp:_ZN5Botan18sqrt_field_elementINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveEEENS_2CT6OptionINT_12FieldElementEEERKS8_: 60| 245|inline constexpr CT::Option sqrt_field_element(const typename C::FieldElement& fe) { 61| | if constexpr(curve_supports_fe_sqrt) { 62| | auto z = C::fe_sqrt(fe); 63| | // Zero out the return value if it would otherwise be incorrect 64| | const CT::Choice correct = (z.square() == fe); 65| | z.conditional_assign(!correct, C::FieldElement::zero()); 66| | return CT::Option(z, correct); 67| 245| } else { 68| 245| return fe.sqrt(); 69| 245| } 70| 245|} pcurves_brainpool512r1.cpp:_ZN5Botan11dbl_genericINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_RKT0_: 397| 2.84k|inline constexpr ProjectivePoint dbl_generic(const ProjectivePoint& pt, const FieldElement& A) { 398| | // Cost: 1M + 3S + 1A + 1*3 399| 2.84k| const auto z2 = pt.z().square(); 400| 2.84k| const auto m = pt.x().square().mul3() + A * z2.square(); 401| | 402| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 403| 2.84k| const auto y2 = pt.y().square(); 404| 2.84k| const auto s = pt.x().mul4() * y2; 405| 2.84k| const auto nx = m.square() - s.mul2(); 406| 2.84k| const auto ny = m * (s - nx) - y2.square().mul8(); 407| 2.84k| const auto nz = pt.y().mul2() * pt.z(); 408| | 409| 2.84k| return ProjectivePoint(nx, ny, nz); 410| 2.84k|} pcurves_brainpool512r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 1.45k|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 1.45k| const auto a_is_identity = a.is_identity(); 189| 1.45k| const auto b_is_identity = b.is_identity(); 190| | 191| 1.45k| const auto Z1Z1 = a.z().square(); 192| 1.45k| const auto Z2Z2 = b.z().square(); 193| 1.45k| const auto U1 = a.x() * Z2Z2; 194| 1.45k| const auto U2 = b.x() * Z1Z1; 195| 1.45k| const auto S1 = a.y() * b.z() * Z2Z2; 196| 1.45k| const auto S2 = b.y() * a.z() * Z1Z1; 197| 1.45k| const auto H = U2 - U1; 198| 1.45k| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 1.45k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 1.45k] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 1.45k| const auto HH = H.square(); 215| 1.45k| const auto HHH = H * HH; 216| 1.45k| const auto V = U1 * HH; 217| 1.45k| const auto t2 = r.square(); 218| 1.45k| const auto t3 = V + V; 219| 1.45k| const auto t4 = t2 - HHH; 220| 1.45k| auto X3 = t4 - t3; 221| 1.45k| const auto t5 = V - X3; 222| 1.45k| const auto t6 = S1 * HHH; 223| 1.45k| const auto t7 = r * t5; 224| 1.45k| auto Y3 = t7 - t6; 225| 1.45k| const auto t8 = b.z() * H; 226| 1.45k| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 1.45k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 1.45k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 1.45k| return ProjectivePoint(X3, Y3, Z3); 235| 1.45k|} pcurves_brainpool512r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 3.10k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 3.10k, False: 1] ------------------ 117| 3.10k| any_identity = any_identity || pt.is_identity(); 118| 3.10k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 3.10k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 3.10k, False: 1] ------------------ 146| 3.10k| c.push_back(c[i - 1] * projective[i].z()); 147| 3.10k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 3.10k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 3.10k, False: 1] ------------------ 158| 3.10k| const auto& p = projective[i]; 159| | 160| 3.10k| const auto z_inv = s_inv * c[i - 1]; 161| 3.10k| const auto z2_inv = z_inv.square(); 162| 3.10k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 3.10k| s_inv = s_inv * p.z(); 165| | 166| 3.10k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 3.10k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_brainpool512r1.cpp:_ZN5Botan9to_affineINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveEEEDaRKNT_15ProjectivePointE: 76| 400|inline constexpr auto to_affine(const typename C::ProjectivePoint& pt) { 77| | // Not strictly required right? - default should work as long 78| | // as (0,0) is identity and invert returns 0 on 0 79| | 80| | if constexpr(curve_supports_fe_invert2) { 81| | const auto z2_inv = C::fe_invert2(pt.z()); 82| | const auto z3_inv = z2_inv.square() * pt.z(); 83| | return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 84| 400| } else { 85| 400| const auto z_inv = invert_field_element(pt.z()); 86| 400| const auto z2_inv = z_inv.square(); 87| 400| const auto z3_inv = z_inv * z2_inv; 88| 400| return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 89| 400| } 90| 400|} pcurves_brainpool512r1.cpp:_ZN5Botan20invert_field_elementINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveEEEDaRKNT_12FieldElementE: 35| 698|inline constexpr auto invert_field_element(const typename C::FieldElement& fe) { 36| | if constexpr(curve_supports_fe_invert2) { 37| | return C::fe_invert2(fe) * fe; 38| 698| } else { 39| 698| return fe.invert(); 40| 698| } 41| 698|} pcurves_brainpool512r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_brainpool512r1.cpp:_ZN5Botan22point_add_or_sub_mixedINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_NS_2CT6ChoiceERKT1_: 296| 55.5k| const FieldElement& one) { 297| 55.5k| const auto a_is_identity = a.is_identity(); 298| 55.5k| const auto b_is_identity = b.is_identity(); 299| | 300| | /* 301| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 302| | 303| | Cost: 8M + 3S + 6add + 1*2 304| | */ 305| | 306| 55.5k| auto by = b.y(); 307| 55.5k| by.conditional_assign(sub, by.negate()); 308| | 309| 55.5k| const auto Z1Z1 = a.z().square(); 310| 55.5k| const auto U2 = b.x() * Z1Z1; 311| 55.5k| const auto S2 = by * a.z() * Z1Z1; 312| 55.5k| const auto H = U2 - a.x(); 313| 55.5k| const auto r = S2 - a.y(); 314| | 315| | /* Risky conditional 316| | * 317| | * This implementation uses projective coordinates, which do not have an efficient complete 318| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 319| | * 320| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 321| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 322| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 323| | * (the identity element) 324| | */ 325| 55.5k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (325:7): [True: 0, False: 55.5k] ------------------ 326| 0| return a.dbl(); 327| 0| } 328| | 329| 55.5k| const auto HH = H.square(); 330| 55.5k| const auto HHH = H * HH; 331| 55.5k| const auto V = a.x() * HH; 332| 55.5k| const auto t2 = r.square(); 333| 55.5k| const auto t3 = V + V; 334| 55.5k| const auto t4 = t2 - HHH; 335| 55.5k| auto X3 = t4 - t3; 336| 55.5k| const auto t5 = V - X3; 337| 55.5k| const auto t6 = a.y() * HHH; 338| 55.5k| const auto t7 = r * t5; 339| 55.5k| auto Y3 = t7 - t6; 340| 55.5k| auto Z3 = a.z() * H; 341| | 342| | // if a is identity then return b 343| 55.5k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), by, one); 344| | 345| | // if b is identity then return a 346| 55.5k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 347| | 348| 55.5k| return ProjectivePoint(X3, Y3, Z3); 349| 55.5k|} pcurves_brainpool512r1.cpp:_ZN5Botan11to_affine_xINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveEEEDaRKNT_15ProjectivePointE: 96| 149|auto to_affine_x(const typename C::ProjectivePoint& pt) { 97| | if constexpr(curve_supports_fe_invert2) { 98| | return pt.x() * C::fe_invert2(pt.z()); 99| 149| } else { 100| 149| const auto z_inv = invert_field_element(pt.z()); 101| 149| const auto z2_inv = z_inv.square(); 102| 149| return pt.x() * z2_inv; 103| 149| } 104| 149|} pcurves_brainpool512r1.cpp:_ZN5Botan15point_add_mixedINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_RKT1_: 240| 1.04k| const FieldElement& one) { 241| 1.04k| const auto a_is_identity = a.is_identity(); 242| 1.04k| const auto b_is_identity = b.is_identity(); 243| | 244| | /* 245| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 246| | 247| | Cost: 8M + 3S + 6add + 1*2 248| | */ 249| | 250| 1.04k| const auto Z1Z1 = a.z().square(); 251| 1.04k| const auto U2 = b.x() * Z1Z1; 252| 1.04k| const auto S2 = b.y() * a.z() * Z1Z1; 253| 1.04k| const auto H = U2 - a.x(); 254| 1.04k| const auto r = S2 - a.y(); 255| | 256| | /* Risky conditional 257| | * 258| | * This implementation uses projective coordinates, which do not have an efficient complete 259| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 260| | * 261| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 262| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 263| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 264| | * (the identity element) 265| | */ 266| 1.04k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (266:7): [True: 0, False: 1.04k] ------------------ 267| 0| return a.dbl(); 268| 0| } 269| | 270| 1.04k| const auto HH = H.square(); 271| 1.04k| const auto HHH = H * HH; 272| 1.04k| const auto V = a.x() * HH; 273| 1.04k| const auto t2 = r.square(); 274| 1.04k| const auto t3 = V + V; 275| 1.04k| const auto t4 = t2 - HHH; 276| 1.04k| auto X3 = t4 - t3; 277| 1.04k| const auto t5 = V - X3; 278| 1.04k| const auto t6 = a.y() * HHH; 279| 1.04k| const auto t7 = r * t5; 280| 1.04k| auto Y3 = t7 - t6; 281| 1.04k| auto Z3 = a.z() * H; 282| | 283| | // if a is identity then return b 284| 1.04k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), one); 285| | 286| | // if b is identity then return a 287| 1.04k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 288| | 289| 1.04k| return ProjectivePoint(X3, Y3, Z3); 290| 1.04k|} pcurves_brainpool512r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 149|auto to_affine_batch(std::span projective) { 108| 149| using AffinePoint = typename C::AffinePoint; 109| | 110| 149| const size_t N = projective.size(); 111| 149| std::vector affine; 112| 149| affine.reserve(N); 113| | 114| 149| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 2.38k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 2.38k, False: 149] ------------------ 117| 2.38k| any_identity = any_identity || pt.is_identity(); 118| 2.38k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 149| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 149] | Branch (126:17): [True: 0, False: 149] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 149| } else { 134| 149| std::vector c; 135| 149| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 149| c.push_back(projective[0].z()); 145| 2.38k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 2.23k, False: 149] ------------------ 146| 2.23k| c.push_back(c[i - 1] * projective[i].z()); 147| 2.23k| } 148| | 149| 149| auto s_inv = [&]() { 150| 149| if constexpr(VariableTime) { 151| 149| return c[N - 1].invert_vartime(); 152| 149| } else { 153| 149| return invert_field_element(c[N - 1]); 154| 149| } 155| 149| }(); 156| | 157| 2.38k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 2.23k, False: 149] ------------------ 158| 2.23k| const auto& p = projective[i]; 159| | 160| 2.23k| const auto z_inv = s_inv * c[i - 1]; 161| 2.23k| const auto z2_inv = z_inv.square(); 162| 2.23k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 2.23k| s_inv = s_inv * p.z(); 165| | 166| 2.23k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 2.23k| } 168| | 169| 149| const auto z2_inv = s_inv.square(); 170| 149| const auto z3_inv = s_inv * z2_inv; 171| 149| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 149| std::reverse(affine.begin(), affine.end()); 173| 149| return affine; 174| 149| } 175| | 176| 0| return affine; 177| 149|} pcurves_brainpool512r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 149| auto s_inv = [&]() { 150| | if constexpr(VariableTime) { 151| | return c[N - 1].invert_vartime(); 152| 149| } else { 153| 149| return invert_field_element(c[N - 1]); 154| 149| } 155| 149| }(); pcurves_brainpool512r1.cpp:_ZN5Botan13dbl_n_genericINS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES3_E11FieldParamsEEEEES8_EESC_EET_RKSE_RKT0_m: 477| 17.1k|inline constexpr ProjectivePoint dbl_n_generic(const ProjectivePoint& pt, const FieldElement& A, size_t n) { 478| 17.1k| auto nx = pt.x(); 479| 17.1k| auto ny = pt.y().mul2(); 480| 17.1k| auto nz = pt.z(); 481| 17.1k| auto w = nz.square().square() * A; 482| | 483| | // Conditional ok: loop iteration count is public 484| 102k| while(n > 0) { ------------------ | Branch (484:10): [True: 85.6k, False: 17.1k] ------------------ 485| 85.6k| const auto ny2 = ny.square(); 486| 85.6k| const auto ny4 = ny2.square(); 487| 85.6k| const auto t1 = nx.square().mul3() + w; 488| 85.6k| const auto t2 = nx * ny2; 489| 85.6k| nx = t1.square() - t2.mul2(); 490| 85.6k| nz *= ny; 491| 85.6k| ny = t1 * (t2 - nx).mul2() - ny4; 492| 85.6k| n--; 493| | // Conditional ok: loop iteration count is public 494| 85.6k| if(n > 0) { ------------------ | Branch (494:10): [True: 68.5k, False: 17.1k] ------------------ 495| 68.5k| w *= ny4; 496| 68.5k| } 497| 85.6k| } 498| 17.1k| return ProjectivePoint(nx, ny.div2(), nz); 499| 17.1k|} pcurves_brainpool512r1.cpp:_ZN5Botan18sqrt_field_elementINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveEEENS_2CT6OptionINT_12FieldElementEEERKS8_: 60| 203|inline constexpr CT::Option sqrt_field_element(const typename C::FieldElement& fe) { 61| | if constexpr(curve_supports_fe_sqrt) { 62| | auto z = C::fe_sqrt(fe); 63| | // Zero out the return value if it would otherwise be incorrect 64| | const CT::Choice correct = (z.square() == fe); 65| | z.conditional_assign(!correct, C::FieldElement::zero()); 66| | return CT::Option(z, correct); 67| 203| } else { 68| 203| return fe.sqrt(); 69| 203| } 70| 203|} pcurves_secp256r1.cpp:_ZN5Botan13dbl_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEES8_EEEET_RKSE_: 362| 3.72k|inline constexpr ProjectivePoint dbl_a_minus_3(const ProjectivePoint& pt) { 363| | /* 364| | if a == -3 then 365| | 3*x^2 + a*z^4 == 3*x^2 - 3*z^4 == 3*(x^2-z^4) == 3*(x-z^2)*(x+z^2) 366| | */ 367| 3.72k| const auto z2 = pt.z().square(); 368| 3.72k| const auto m = (pt.x() - z2).mul3() * (pt.x() + z2); 369| | 370| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 371| 3.72k| const auto y2 = pt.y().square(); 372| 3.72k| const auto s = pt.x().mul4() * y2; 373| 3.72k| const auto nx = m.square() - s.mul2(); 374| 3.72k| const auto ny = m * (s - nx) - y2.square().mul8(); 375| 3.72k| const auto nz = pt.y().mul2() * pt.z(); 376| | 377| 3.72k| return ProjectivePoint(nx, ny, nz); 378| 3.72k|} pcurves_secp256r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 735|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 735| const auto a_is_identity = a.is_identity(); 189| 735| const auto b_is_identity = b.is_identity(); 190| | 191| 735| const auto Z1Z1 = a.z().square(); 192| 735| const auto Z2Z2 = b.z().square(); 193| 735| const auto U1 = a.x() * Z2Z2; 194| 735| const auto U2 = b.x() * Z1Z1; 195| 735| const auto S1 = a.y() * b.z() * Z2Z2; 196| 735| const auto S2 = b.y() * a.z() * Z1Z1; 197| 735| const auto H = U2 - U1; 198| 735| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 735| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 735] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 735| const auto HH = H.square(); 215| 735| const auto HHH = H * HH; 216| 735| const auto V = U1 * HH; 217| 735| const auto t2 = r.square(); 218| 735| const auto t3 = V + V; 219| 735| const auto t4 = t2 - HHH; 220| 735| auto X3 = t4 - t3; 221| 735| const auto t5 = V - X3; 222| 735| const auto t6 = S1 * HHH; 223| 735| const auto t7 = r * t5; 224| 735| auto Y3 = t7 - t6; 225| 735| const auto t8 = b.z() * H; 226| 735| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 735| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 735| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 735| return ProjectivePoint(X3, Y3, Z3); 235| 735|} pcurves_secp256r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp256r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 1.56k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 1.56k, False: 1] ------------------ 117| 1.56k| any_identity = any_identity || pt.is_identity(); 118| 1.56k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 1.56k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 1.56k, False: 1] ------------------ 146| 1.56k| c.push_back(c[i - 1] * projective[i].z()); 147| 1.56k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 1.56k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 1.56k, False: 1] ------------------ 158| 1.56k| const auto& p = projective[i]; 159| | 160| 1.56k| const auto z_inv = s_inv * c[i - 1]; 161| 1.56k| const auto z2_inv = z_inv.square(); 162| 1.56k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 1.56k| s_inv = s_inv * p.z(); 165| | 166| 1.56k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 1.56k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_secp256r1.cpp:_ZN5Botan9to_affineINS_6PCurve12_GLOBAL__N_19secp256r15CurveEEEDaRKNT_15ProjectivePointE: 76| 533|inline constexpr auto to_affine(const typename C::ProjectivePoint& pt) { 77| | // Not strictly required right? - default should work as long 78| | // as (0,0) is identity and invert returns 0 on 0 79| | 80| 533| if constexpr(curve_supports_fe_invert2) { 81| 533| const auto z2_inv = C::fe_invert2(pt.z()); 82| 533| const auto z3_inv = z2_inv.square() * pt.z(); 83| 533| return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 84| | } else { 85| | const auto z_inv = invert_field_element(pt.z()); 86| | const auto z2_inv = z_inv.square(); 87| | const auto z3_inv = z_inv * z2_inv; 88| | return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 89| | } 90| 533|} pcurves_secp256r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp256r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_secp256r1.cpp:_ZN5Botan22point_add_or_sub_mixedINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_NS_2CT6ChoiceERKT1_: 296| 46.2k| const FieldElement& one) { 297| 46.2k| const auto a_is_identity = a.is_identity(); 298| 46.2k| const auto b_is_identity = b.is_identity(); 299| | 300| | /* 301| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 302| | 303| | Cost: 8M + 3S + 6add + 1*2 304| | */ 305| | 306| 46.2k| auto by = b.y(); 307| 46.2k| by.conditional_assign(sub, by.negate()); 308| | 309| 46.2k| const auto Z1Z1 = a.z().square(); 310| 46.2k| const auto U2 = b.x() * Z1Z1; 311| 46.2k| const auto S2 = by * a.z() * Z1Z1; 312| 46.2k| const auto H = U2 - a.x(); 313| 46.2k| const auto r = S2 - a.y(); 314| | 315| | /* Risky conditional 316| | * 317| | * This implementation uses projective coordinates, which do not have an efficient complete 318| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 319| | * 320| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 321| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 322| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 323| | * (the identity element) 324| | */ 325| 46.2k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (325:7): [True: 0, False: 46.2k] ------------------ 326| 0| return a.dbl(); 327| 0| } 328| | 329| 46.2k| const auto HH = H.square(); 330| 46.2k| const auto HHH = H * HH; 331| 46.2k| const auto V = a.x() * HH; 332| 46.2k| const auto t2 = r.square(); 333| 46.2k| const auto t3 = V + V; 334| 46.2k| const auto t4 = t2 - HHH; 335| 46.2k| auto X3 = t4 - t3; 336| 46.2k| const auto t5 = V - X3; 337| 46.2k| const auto t6 = a.y() * HHH; 338| 46.2k| const auto t7 = r * t5; 339| 46.2k| auto Y3 = t7 - t6; 340| 46.2k| auto Z3 = a.z() * H; 341| | 342| | // if a is identity then return b 343| 46.2k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), by, one); 344| | 345| | // if b is identity then return a 346| 46.2k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 347| | 348| 46.2k| return ProjectivePoint(X3, Y3, Z3); 349| 46.2k|} pcurves_secp256r1.cpp:_ZN5Botan11to_affine_xINS_6PCurve12_GLOBAL__N_19secp256r15CurveEEEDaRKNT_15ProjectivePointE: 96| 362|auto to_affine_x(const typename C::ProjectivePoint& pt) { 97| 362| if constexpr(curve_supports_fe_invert2) { 98| 362| return pt.x() * C::fe_invert2(pt.z()); 99| | } else { 100| | const auto z_inv = invert_field_element(pt.z()); 101| | const auto z2_inv = z_inv.square(); 102| | return pt.x() * z2_inv; 103| | } 104| 362|} pcurves_secp256r1.cpp:_ZN5Botan15point_add_mixedINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_RKT1_: 240| 2.53k| const FieldElement& one) { 241| 2.53k| const auto a_is_identity = a.is_identity(); 242| 2.53k| const auto b_is_identity = b.is_identity(); 243| | 244| | /* 245| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 246| | 247| | Cost: 8M + 3S + 6add + 1*2 248| | */ 249| | 250| 2.53k| const auto Z1Z1 = a.z().square(); 251| 2.53k| const auto U2 = b.x() * Z1Z1; 252| 2.53k| const auto S2 = b.y() * a.z() * Z1Z1; 253| 2.53k| const auto H = U2 - a.x(); 254| 2.53k| const auto r = S2 - a.y(); 255| | 256| | /* Risky conditional 257| | * 258| | * This implementation uses projective coordinates, which do not have an efficient complete 259| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 260| | * 261| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 262| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 263| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 264| | * (the identity element) 265| | */ 266| 2.53k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (266:7): [True: 0, False: 2.53k] ------------------ 267| 0| return a.dbl(); 268| 0| } 269| | 270| 2.53k| const auto HH = H.square(); 271| 2.53k| const auto HHH = H * HH; 272| 2.53k| const auto V = a.x() * HH; 273| 2.53k| const auto t2 = r.square(); 274| 2.53k| const auto t3 = V + V; 275| 2.53k| const auto t4 = t2 - HHH; 276| 2.53k| auto X3 = t4 - t3; 277| 2.53k| const auto t5 = V - X3; 278| 2.53k| const auto t6 = a.y() * HHH; 279| 2.53k| const auto t7 = r * t5; 280| 2.53k| auto Y3 = t7 - t6; 281| 2.53k| auto Z3 = a.z() * H; 282| | 283| | // if a is identity then return b 284| 2.53k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), one); 285| | 286| | // if b is identity then return a 287| 2.53k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 288| | 289| 2.53k| return ProjectivePoint(X3, Y3, Z3); 290| 2.53k|} pcurves_secp256r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp256r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 362|auto to_affine_batch(std::span projective) { 108| 362| using AffinePoint = typename C::AffinePoint; 109| | 110| 362| const size_t N = projective.size(); 111| 362| std::vector affine; 112| 362| affine.reserve(N); 113| | 114| 362| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 5.79k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 5.79k, False: 362] ------------------ 117| 5.79k| any_identity = any_identity || pt.is_identity(); 118| 5.79k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 362| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 362] | Branch (126:17): [True: 0, False: 362] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 362| } else { 134| 362| std::vector c; 135| 362| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 362| c.push_back(projective[0].z()); 145| 5.79k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 5.43k, False: 362] ------------------ 146| 5.43k| c.push_back(c[i - 1] * projective[i].z()); 147| 5.43k| } 148| | 149| 362| auto s_inv = [&]() { 150| 362| if constexpr(VariableTime) { 151| 362| return c[N - 1].invert_vartime(); 152| 362| } else { 153| 362| return invert_field_element(c[N - 1]); 154| 362| } 155| 362| }(); 156| | 157| 5.79k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 5.43k, False: 362] ------------------ 158| 5.43k| const auto& p = projective[i]; 159| | 160| 5.43k| const auto z_inv = s_inv * c[i - 1]; 161| 5.43k| const auto z2_inv = z_inv.square(); 162| 5.43k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 5.43k| s_inv = s_inv * p.z(); 165| | 166| 5.43k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 5.43k| } 168| | 169| 362| const auto z2_inv = s_inv.square(); 170| 362| const auto z3_inv = s_inv * z2_inv; 171| 362| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 362| std::reverse(affine.begin(), affine.end()); 173| 362| return affine; 174| 362| } 175| | 176| 0| return affine; 177| 362|} pcurves_secp256r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp256r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 362| auto s_inv = [&]() { 150| | if constexpr(VariableTime) { 151| | return c[N - 1].invert_vartime(); 152| 362| } else { 153| 362| return invert_field_element(c[N - 1]); 154| 362| } 155| 362| }(); pcurves_secp256r1.cpp:_ZN5Botan20invert_field_elementINS_6PCurve12_GLOBAL__N_19secp256r15CurveEEEDaRKNT_12FieldElementE: 35| 362|inline constexpr auto invert_field_element(const typename C::FieldElement& fe) { 36| 362| if constexpr(curve_supports_fe_invert2) { 37| 362| return C::fe_invert2(fe) * fe; 38| | } else { 39| | return fe.invert(); 40| | } 41| 362|} pcurves_secp256r1.cpp:_ZN5Botan15dbl_n_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS4_9secp256r16ParamsES5_E11FieldParamsEEEEES8_EEEET_RKSE_m: 432| 20.6k|inline constexpr ProjectivePoint dbl_n_a_minus_3(const ProjectivePoint& pt, size_t n) { 433| 20.6k| auto nx = pt.x(); 434| 20.6k| auto ny = pt.y().mul2(); 435| 20.6k| auto nz = pt.z(); 436| 20.6k| auto w = nz.square().square(); 437| | 438| | // Conditional ok: loop iteration count is public 439| 123k| while(n > 0) { ------------------ | Branch (439:10): [True: 103k, False: 20.6k] ------------------ 440| 103k| const auto ny2 = ny.square(); 441| 103k| const auto ny4 = ny2.square(); 442| 103k| const auto t1 = (nx.square() - w).mul3(); 443| 103k| const auto t2 = nx * ny2; 444| 103k| nx = t1.square() - t2.mul2(); 445| 103k| nz *= ny; 446| 103k| ny = t1 * (t2 - nx).mul2() - ny4; 447| 103k| n--; 448| | // Conditional ok: loop iteration count is public 449| 103k| if(n > 0) { ------------------ | Branch (449:10): [True: 82.5k, False: 20.6k] ------------------ 450| 82.5k| w *= ny4; 451| 82.5k| } 452| 103k| } 453| 20.6k| return ProjectivePoint(nx, ny.div2(), nz); 454| 20.6k|} pcurves_secp256r1.cpp:_ZN5Botan18sqrt_field_elementINS_6PCurve12_GLOBAL__N_19secp256r15CurveEEENS_2CT6OptionINT_12FieldElementEEERKS8_: 60| 370|inline constexpr CT::Option sqrt_field_element(const typename C::FieldElement& fe) { 61| 370| if constexpr(curve_supports_fe_sqrt) { 62| 370| auto z = C::fe_sqrt(fe); 63| | // Zero out the return value if it would otherwise be incorrect 64| 370| const CT::Choice correct = (z.square() == fe); 65| 370| z.conditional_assign(!correct, C::FieldElement::zero()); 66| 370| return CT::Option(z, correct); 67| | } else { 68| | return fe.sqrt(); 69| | } 70| 370|} pcurves_secp384r1.cpp:_ZN5Botan13dbl_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEES8_EEEET_RKSE_: 362| 3.60k|inline constexpr ProjectivePoint dbl_a_minus_3(const ProjectivePoint& pt) { 363| | /* 364| | if a == -3 then 365| | 3*x^2 + a*z^4 == 3*x^2 - 3*z^4 == 3*(x^2-z^4) == 3*(x-z^2)*(x+z^2) 366| | */ 367| 3.60k| const auto z2 = pt.z().square(); 368| 3.60k| const auto m = (pt.x() - z2).mul3() * (pt.x() + z2); 369| | 370| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 371| 3.60k| const auto y2 = pt.y().square(); 372| 3.60k| const auto s = pt.x().mul4() * y2; 373| 3.60k| const auto nx = m.square() - s.mul2(); 374| 3.60k| const auto ny = m * (s - nx) - y2.square().mul8(); 375| 3.60k| const auto nz = pt.y().mul2() * pt.z(); 376| | 377| 3.60k| return ProjectivePoint(nx, ny, nz); 378| 3.60k|} pcurves_secp384r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 1.09k|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 1.09k| const auto a_is_identity = a.is_identity(); 189| 1.09k| const auto b_is_identity = b.is_identity(); 190| | 191| 1.09k| const auto Z1Z1 = a.z().square(); 192| 1.09k| const auto Z2Z2 = b.z().square(); 193| 1.09k| const auto U1 = a.x() * Z2Z2; 194| 1.09k| const auto U2 = b.x() * Z1Z1; 195| 1.09k| const auto S1 = a.y() * b.z() * Z2Z2; 196| 1.09k| const auto S2 = b.y() * a.z() * Z1Z1; 197| 1.09k| const auto H = U2 - U1; 198| 1.09k| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 1.09k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 1.09k] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 1.09k| const auto HH = H.square(); 215| 1.09k| const auto HHH = H * HH; 216| 1.09k| const auto V = U1 * HH; 217| 1.09k| const auto t2 = r.square(); 218| 1.09k| const auto t3 = V + V; 219| 1.09k| const auto t4 = t2 - HHH; 220| 1.09k| auto X3 = t4 - t3; 221| 1.09k| const auto t5 = V - X3; 222| 1.09k| const auto t6 = S1 * HHH; 223| 1.09k| const auto t7 = r * t5; 224| 1.09k| auto Y3 = t7 - t6; 225| 1.09k| const auto t8 = b.z() * H; 226| 1.09k| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 1.09k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 1.09k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 1.09k| return ProjectivePoint(X3, Y3, Z3); 235| 1.09k|} pcurves_secp384r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp384r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 2.33k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 2.33k, False: 1] ------------------ 117| 2.33k| any_identity = any_identity || pt.is_identity(); 118| 2.33k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 2.33k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 2.33k, False: 1] ------------------ 146| 2.33k| c.push_back(c[i - 1] * projective[i].z()); 147| 2.33k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 2.33k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 2.33k, False: 1] ------------------ 158| 2.33k| const auto& p = projective[i]; 159| | 160| 2.33k| const auto z_inv = s_inv * c[i - 1]; 161| 2.33k| const auto z2_inv = z_inv.square(); 162| 2.33k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 2.33k| s_inv = s_inv * p.z(); 165| | 166| 2.33k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 2.33k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_secp384r1.cpp:_ZN5Botan9to_affineINS_6PCurve12_GLOBAL__N_19secp384r15CurveEEEDaRKNT_15ProjectivePointE: 76| 497|inline constexpr auto to_affine(const typename C::ProjectivePoint& pt) { 77| | // Not strictly required right? - default should work as long 78| | // as (0,0) is identity and invert returns 0 on 0 79| | 80| 497| if constexpr(curve_supports_fe_invert2) { 81| 497| const auto z2_inv = C::fe_invert2(pt.z()); 82| 497| const auto z3_inv = z2_inv.square() * pt.z(); 83| 497| return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 84| | } else { 85| | const auto z_inv = invert_field_element(pt.z()); 86| | const auto z2_inv = z_inv.square(); 87| | const auto z3_inv = z_inv * z2_inv; 88| | return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 89| | } 90| 497|} pcurves_secp384r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp384r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_secp384r1.cpp:_ZN5Botan22point_add_or_sub_mixedINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_NS_2CT6ChoiceERKT1_: 296| 61.2k| const FieldElement& one) { 297| 61.2k| const auto a_is_identity = a.is_identity(); 298| 61.2k| const auto b_is_identity = b.is_identity(); 299| | 300| | /* 301| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 302| | 303| | Cost: 8M + 3S + 6add + 1*2 304| | */ 305| | 306| 61.2k| auto by = b.y(); 307| 61.2k| by.conditional_assign(sub, by.negate()); 308| | 309| 61.2k| const auto Z1Z1 = a.z().square(); 310| 61.2k| const auto U2 = b.x() * Z1Z1; 311| 61.2k| const auto S2 = by * a.z() * Z1Z1; 312| 61.2k| const auto H = U2 - a.x(); 313| 61.2k| const auto r = S2 - a.y(); 314| | 315| | /* Risky conditional 316| | * 317| | * This implementation uses projective coordinates, which do not have an efficient complete 318| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 319| | * 320| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 321| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 322| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 323| | * (the identity element) 324| | */ 325| 61.2k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (325:7): [True: 0, False: 61.2k] ------------------ 326| 0| return a.dbl(); 327| 0| } 328| | 329| 61.2k| const auto HH = H.square(); 330| 61.2k| const auto HHH = H * HH; 331| 61.2k| const auto V = a.x() * HH; 332| 61.2k| const auto t2 = r.square(); 333| 61.2k| const auto t3 = V + V; 334| 61.2k| const auto t4 = t2 - HHH; 335| 61.2k| auto X3 = t4 - t3; 336| 61.2k| const auto t5 = V - X3; 337| 61.2k| const auto t6 = a.y() * HHH; 338| 61.2k| const auto t7 = r * t5; 339| 61.2k| auto Y3 = t7 - t6; 340| 61.2k| auto Z3 = a.z() * H; 341| | 342| | // if a is identity then return b 343| 61.2k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), by, one); 344| | 345| | // if b is identity then return a 346| 61.2k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 347| | 348| 61.2k| return ProjectivePoint(X3, Y3, Z3); 349| 61.2k|} pcurves_secp384r1.cpp:_ZN5Botan11to_affine_xINS_6PCurve12_GLOBAL__N_19secp384r15CurveEEEDaRKNT_15ProjectivePointE: 96| 296|auto to_affine_x(const typename C::ProjectivePoint& pt) { 97| 296| if constexpr(curve_supports_fe_invert2) { 98| 296| return pt.x() * C::fe_invert2(pt.z()); 99| | } else { 100| | const auto z_inv = invert_field_element(pt.z()); 101| | const auto z2_inv = z_inv.square(); 102| | return pt.x() * z2_inv; 103| | } 104| 296|} pcurves_secp384r1.cpp:_ZN5Botan15point_add_mixedINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_RKT1_: 240| 2.07k| const FieldElement& one) { 241| 2.07k| const auto a_is_identity = a.is_identity(); 242| 2.07k| const auto b_is_identity = b.is_identity(); 243| | 244| | /* 245| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 246| | 247| | Cost: 8M + 3S + 6add + 1*2 248| | */ 249| | 250| 2.07k| const auto Z1Z1 = a.z().square(); 251| 2.07k| const auto U2 = b.x() * Z1Z1; 252| 2.07k| const auto S2 = b.y() * a.z() * Z1Z1; 253| 2.07k| const auto H = U2 - a.x(); 254| 2.07k| const auto r = S2 - a.y(); 255| | 256| | /* Risky conditional 257| | * 258| | * This implementation uses projective coordinates, which do not have an efficient complete 259| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 260| | * 261| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 262| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 263| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 264| | * (the identity element) 265| | */ 266| 2.07k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (266:7): [True: 0, False: 2.07k] ------------------ 267| 0| return a.dbl(); 268| 0| } 269| | 270| 2.07k| const auto HH = H.square(); 271| 2.07k| const auto HHH = H * HH; 272| 2.07k| const auto V = a.x() * HH; 273| 2.07k| const auto t2 = r.square(); 274| 2.07k| const auto t3 = V + V; 275| 2.07k| const auto t4 = t2 - HHH; 276| 2.07k| auto X3 = t4 - t3; 277| 2.07k| const auto t5 = V - X3; 278| 2.07k| const auto t6 = a.y() * HHH; 279| 2.07k| const auto t7 = r * t5; 280| 2.07k| auto Y3 = t7 - t6; 281| 2.07k| auto Z3 = a.z() * H; 282| | 283| | // if a is identity then return b 284| 2.07k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), one); 285| | 286| | // if b is identity then return a 287| 2.07k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 288| | 289| 2.07k| return ProjectivePoint(X3, Y3, Z3); 290| 2.07k|} pcurves_secp384r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp384r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 296|auto to_affine_batch(std::span projective) { 108| 296| using AffinePoint = typename C::AffinePoint; 109| | 110| 296| const size_t N = projective.size(); 111| 296| std::vector affine; 112| 296| affine.reserve(N); 113| | 114| 296| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 4.73k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 4.73k, False: 296] ------------------ 117| 4.73k| any_identity = any_identity || pt.is_identity(); 118| 4.73k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 296| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 296] | Branch (126:17): [True: 0, False: 296] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 296| } else { 134| 296| std::vector c; 135| 296| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 296| c.push_back(projective[0].z()); 145| 4.73k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 4.44k, False: 296] ------------------ 146| 4.44k| c.push_back(c[i - 1] * projective[i].z()); 147| 4.44k| } 148| | 149| 296| auto s_inv = [&]() { 150| 296| if constexpr(VariableTime) { 151| 296| return c[N - 1].invert_vartime(); 152| 296| } else { 153| 296| return invert_field_element(c[N - 1]); 154| 296| } 155| 296| }(); 156| | 157| 4.73k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 4.44k, False: 296] ------------------ 158| 4.44k| const auto& p = projective[i]; 159| | 160| 4.44k| const auto z_inv = s_inv * c[i - 1]; 161| 4.44k| const auto z2_inv = z_inv.square(); 162| 4.44k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 4.44k| s_inv = s_inv * p.z(); 165| | 166| 4.44k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 4.44k| } 168| | 169| 296| const auto z2_inv = s_inv.square(); 170| 296| const auto z3_inv = s_inv * z2_inv; 171| 296| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 296| std::reverse(affine.begin(), affine.end()); 173| 296| return affine; 174| 296| } 175| | 176| 0| return affine; 177| 296|} pcurves_secp384r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp384r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 296| auto s_inv = [&]() { 150| | if constexpr(VariableTime) { 151| | return c[N - 1].invert_vartime(); 152| 296| } else { 153| 296| return invert_field_element(c[N - 1]); 154| 296| } 155| 296| }(); pcurves_secp384r1.cpp:_ZN5Botan20invert_field_elementINS_6PCurve12_GLOBAL__N_19secp384r15CurveEEEDaRKNT_12FieldElementE: 35| 296|inline constexpr auto invert_field_element(const typename C::FieldElement& fe) { 36| 296| if constexpr(curve_supports_fe_invert2) { 37| 296| return C::fe_invert2(fe) * fe; 38| | } else { 39| | return fe.invert(); 40| | } 41| 296|} pcurves_secp384r1.cpp:_ZN5Botan15dbl_n_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS4_9secp384r16ParamsES5_E11FieldParamsEEEEES8_EEEET_RKSE_m: 432| 25.4k|inline constexpr ProjectivePoint dbl_n_a_minus_3(const ProjectivePoint& pt, size_t n) { 433| 25.4k| auto nx = pt.x(); 434| 25.4k| auto ny = pt.y().mul2(); 435| 25.4k| auto nz = pt.z(); 436| 25.4k| auto w = nz.square().square(); 437| | 438| | // Conditional ok: loop iteration count is public 439| 152k| while(n > 0) { ------------------ | Branch (439:10): [True: 127k, False: 25.4k] ------------------ 440| 127k| const auto ny2 = ny.square(); 441| 127k| const auto ny4 = ny2.square(); 442| 127k| const auto t1 = (nx.square() - w).mul3(); 443| 127k| const auto t2 = nx * ny2; 444| 127k| nx = t1.square() - t2.mul2(); 445| 127k| nz *= ny; 446| 127k| ny = t1 * (t2 - nx).mul2() - ny4; 447| 127k| n--; 448| | // Conditional ok: loop iteration count is public 449| 127k| if(n > 0) { ------------------ | Branch (449:10): [True: 101k, False: 25.4k] ------------------ 450| 101k| w *= ny4; 451| 101k| } 452| 127k| } 453| 25.4k| return ProjectivePoint(nx, ny.div2(), nz); 454| 25.4k|} pcurves_secp384r1.cpp:_ZN5Botan18sqrt_field_elementINS_6PCurve12_GLOBAL__N_19secp384r15CurveEEENS_2CT6OptionINT_12FieldElementEEERKS8_: 60| 298|inline constexpr CT::Option sqrt_field_element(const typename C::FieldElement& fe) { 61| 298| if constexpr(curve_supports_fe_sqrt) { 62| 298| auto z = C::fe_sqrt(fe); 63| | // Zero out the return value if it would otherwise be incorrect 64| 298| const CT::Choice correct = (z.square() == fe); 65| 298| z.conditional_assign(!correct, C::FieldElement::zero()); 66| 298| return CT::Option(z, correct); 67| | } else { 68| | return fe.sqrt(); 69| | } 70| 298|} pcurves_secp521r1.cpp:_ZN5Botan13dbl_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EEEET_RKSE_: 362| 3.65k|inline constexpr ProjectivePoint dbl_a_minus_3(const ProjectivePoint& pt) { 363| | /* 364| | if a == -3 then 365| | 3*x^2 + a*z^4 == 3*x^2 - 3*z^4 == 3*(x^2-z^4) == 3*(x-z^2)*(x+z^2) 366| | */ 367| 3.65k| const auto z2 = pt.z().square(); 368| 3.65k| const auto m = (pt.x() - z2).mul3() * (pt.x() + z2); 369| | 370| | // Remaining cost: 3M + 3S + 3A + 2*2 + 1*4 + 1*8 371| 3.65k| const auto y2 = pt.y().square(); 372| 3.65k| const auto s = pt.x().mul4() * y2; 373| 3.65k| const auto nx = m.square() - s.mul2(); 374| 3.65k| const auto ny = m * (s - nx) - y2.square().mul8(); 375| 3.65k| const auto nz = pt.y().mul2() * pt.z(); 376| | 377| 3.65k| return ProjectivePoint(nx, ny, nz); 378| 3.65k|} pcurves_secp521r1.cpp:_ZN5Botan9point_addINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EESC_EET_RKSE_SG_: 187| 1.45k|inline constexpr ProjectivePoint point_add(const ProjectivePoint& a, const ProjectivePoint& b) { 188| 1.45k| const auto a_is_identity = a.is_identity(); 189| 1.45k| const auto b_is_identity = b.is_identity(); 190| | 191| 1.45k| const auto Z1Z1 = a.z().square(); 192| 1.45k| const auto Z2Z2 = b.z().square(); 193| 1.45k| const auto U1 = a.x() * Z2Z2; 194| 1.45k| const auto U2 = b.x() * Z1Z1; 195| 1.45k| const auto S1 = a.y() * b.z() * Z2Z2; 196| 1.45k| const auto S2 = b.y() * a.z() * Z1Z1; 197| 1.45k| const auto H = U2 - U1; 198| 1.45k| const auto r = S2 - S1; 199| | 200| | /* Risky conditional 201| | * 202| | * This implementation uses projective coordinates, which do not have an efficient complete 203| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 204| | * 205| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 206| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 207| | * in which case at the end we'll set z to a.z * b.z * H = 0, resulting in the correct 208| | * output (the identity element) 209| | */ 210| 1.45k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (210:7): [True: 0, False: 1.45k] ------------------ 211| 0| return a.dbl(); 212| 0| } 213| | 214| 1.45k| const auto HH = H.square(); 215| 1.45k| const auto HHH = H * HH; 216| 1.45k| const auto V = U1 * HH; 217| 1.45k| const auto t2 = r.square(); 218| 1.45k| const auto t3 = V + V; 219| 1.45k| const auto t4 = t2 - HHH; 220| 1.45k| auto X3 = t4 - t3; 221| 1.45k| const auto t5 = V - X3; 222| 1.45k| const auto t6 = S1 * HHH; 223| 1.45k| const auto t7 = r * t5; 224| 1.45k| auto Y3 = t7 - t6; 225| 1.45k| const auto t8 = b.z() * H; 226| 1.45k| auto Z3 = a.z() * t8; 227| | 228| | // if a is identity then return b 229| 1.45k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), b.z()); 230| | 231| | // if b is identity then return a 232| 1.45k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 233| | 234| 1.45k| return ProjectivePoint(X3, Y3, Z3); 235| 1.45k|} pcurves_secp521r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp521r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 1|auto to_affine_batch(std::span projective) { 108| 1| using AffinePoint = typename C::AffinePoint; 109| | 110| 1| const size_t N = projective.size(); 111| 1| std::vector affine; 112| 1| affine.reserve(N); 113| | 114| 1| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 3.10k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 3.10k, False: 1] ------------------ 117| 3.10k| any_identity = any_identity || pt.is_identity(); 118| 3.10k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 1| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 1] | Branch (126:17): [True: 0, False: 1] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 1| } else { 134| 1| std::vector c; 135| 1| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 1| c.push_back(projective[0].z()); 145| 3.10k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 3.10k, False: 1] ------------------ 146| 3.10k| c.push_back(c[i - 1] * projective[i].z()); 147| 3.10k| } 148| | 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| 1| } else { 153| 1| return invert_field_element(c[N - 1]); 154| 1| } 155| 1| }(); 156| | 157| 3.10k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 3.10k, False: 1] ------------------ 158| 3.10k| const auto& p = projective[i]; 159| | 160| 3.10k| const auto z_inv = s_inv * c[i - 1]; 161| 3.10k| const auto z2_inv = z_inv.square(); 162| 3.10k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 3.10k| s_inv = s_inv * p.z(); 165| | 166| 3.10k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 3.10k| } 168| | 169| 1| const auto z2_inv = s_inv.square(); 170| 1| const auto z3_inv = s_inv * z2_inv; 171| 1| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 1| std::reverse(affine.begin(), affine.end()); 173| 1| return affine; 174| 1| } 175| | 176| 0| return affine; 177| 1|} pcurves_secp521r1.cpp:_ZN5Botan9to_affineINS_6PCurve12_GLOBAL__N_19secp521r15CurveEEEDaRKNT_15ProjectivePointE: 76| 429|inline constexpr auto to_affine(const typename C::ProjectivePoint& pt) { 77| | // Not strictly required right? - default should work as long 78| | // as (0,0) is identity and invert returns 0 on 0 79| | 80| 429| if constexpr(curve_supports_fe_invert2) { 81| 429| const auto z2_inv = C::fe_invert2(pt.z()); 82| 429| const auto z3_inv = z2_inv.square() * pt.z(); 83| 429| return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 84| | } else { 85| | const auto z_inv = invert_field_element(pt.z()); 86| | const auto z2_inv = z_inv.square(); 87| | const auto z3_inv = z_inv * z2_inv; 88| | return typename C::AffinePoint(pt.x() * z2_inv, pt.y() * z3_inv); 89| | } 90| 429|} pcurves_secp521r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp521r15CurveELb1EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 1| auto s_inv = [&]() { 150| 1| if constexpr(VariableTime) { 151| 1| return c[N - 1].invert_vartime(); 152| | } else { 153| | return invert_field_element(c[N - 1]); 154| | } 155| 1| }(); pcurves_secp521r1.cpp:_ZN5Botan22point_add_or_sub_mixedINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_NS_2CT6ChoiceERKT1_: 296| 70.0k| const FieldElement& one) { 297| 70.0k| const auto a_is_identity = a.is_identity(); 298| 70.0k| const auto b_is_identity = b.is_identity(); 299| | 300| | /* 301| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 302| | 303| | Cost: 8M + 3S + 6add + 1*2 304| | */ 305| | 306| 70.0k| auto by = b.y(); 307| 70.0k| by.conditional_assign(sub, by.negate()); 308| | 309| 70.0k| const auto Z1Z1 = a.z().square(); 310| 70.0k| const auto U2 = b.x() * Z1Z1; 311| 70.0k| const auto S2 = by * a.z() * Z1Z1; 312| 70.0k| const auto H = U2 - a.x(); 313| 70.0k| const auto r = S2 - a.y(); 314| | 315| | /* Risky conditional 316| | * 317| | * This implementation uses projective coordinates, which do not have an efficient complete 318| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 319| | * 320| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 321| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 322| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 323| | * (the identity element) 324| | */ 325| 70.0k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (325:7): [True: 0, False: 70.0k] ------------------ 326| 0| return a.dbl(); 327| 0| } 328| | 329| 70.0k| const auto HH = H.square(); 330| 70.0k| const auto HHH = H * HH; 331| 70.0k| const auto V = a.x() * HH; 332| 70.0k| const auto t2 = r.square(); 333| 70.0k| const auto t3 = V + V; 334| 70.0k| const auto t4 = t2 - HHH; 335| 70.0k| auto X3 = t4 - t3; 336| 70.0k| const auto t5 = V - X3; 337| 70.0k| const auto t6 = a.y() * HHH; 338| 70.0k| const auto t7 = r * t5; 339| 70.0k| auto Y3 = t7 - t6; 340| 70.0k| auto Z3 = a.z() * H; 341| | 342| | // if a is identity then return b 343| 70.0k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), by, one); 344| | 345| | // if b is identity then return a 346| 70.0k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 347| | 348| 70.0k| return ProjectivePoint(X3, Y3, Z3); 349| 70.0k|} pcurves_secp521r1.cpp:_ZN5Botan11to_affine_xINS_6PCurve12_GLOBAL__N_19secp521r15CurveEEEDaRKNT_15ProjectivePointE: 96| 251|auto to_affine_x(const typename C::ProjectivePoint& pt) { 97| 251| if constexpr(curve_supports_fe_invert2) { 98| 251| return pt.x() * C::fe_invert2(pt.z()); 99| | } else { 100| | const auto z_inv = invert_field_element(pt.z()); 101| | const auto z2_inv = z_inv.square(); 102| | return pt.x() * z2_inv; 103| | } 104| 251|} pcurves_secp521r1.cpp:_ZN5Botan15point_add_mixedINS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EENS_16AffineCurvePointISC_EESC_EET_RKSG_RKT0_RKT1_: 240| 1.75k| const FieldElement& one) { 241| 1.75k| const auto a_is_identity = a.is_identity(); 242| 1.75k| const auto b_is_identity = b.is_identity(); 243| | 244| | /* 245| | https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-1998-cmo-2 246| | 247| | Cost: 8M + 3S + 6add + 1*2 248| | */ 249| | 250| 1.75k| const auto Z1Z1 = a.z().square(); 251| 1.75k| const auto U2 = b.x() * Z1Z1; 252| 1.75k| const auto S2 = b.y() * a.z() * Z1Z1; 253| 1.75k| const auto H = U2 - a.x(); 254| 1.75k| const auto r = S2 - a.y(); 255| | 256| | /* Risky conditional 257| | * 258| | * This implementation uses projective coordinates, which do not have an efficient complete 259| | * addition formula. We rely on the design of the multiplication algorithms to avoid doublings. 260| | * 261| | * This conditional only comes into play for the actual doubling case, not x + (-x) which 262| | * is another exceptional case in some circumstances. Here if a == -b then H == 0 && r != 0, 263| | * in which case at the end we'll set z to a.z * H = 0, resulting in the correct output 264| | * (the identity element) 265| | */ 266| 1.75k| if((r.is_zero() && H.is_zero() && !(a_is_identity && b_is_identity)).as_bool()) { ------------------ | Branch (266:7): [True: 0, False: 1.75k] ------------------ 267| 0| return a.dbl(); 268| 0| } 269| | 270| 1.75k| const auto HH = H.square(); 271| 1.75k| const auto HHH = H * HH; 272| 1.75k| const auto V = a.x() * HH; 273| 1.75k| const auto t2 = r.square(); 274| 1.75k| const auto t3 = V + V; 275| 1.75k| const auto t4 = t2 - HHH; 276| 1.75k| auto X3 = t4 - t3; 277| 1.75k| const auto t5 = V - X3; 278| 1.75k| const auto t6 = a.y() * HHH; 279| 1.75k| const auto t7 = r * t5; 280| 1.75k| auto Y3 = t7 - t6; 281| 1.75k| auto Z3 = a.z() * H; 282| | 283| | // if a is identity then return b 284| 1.75k| FieldElement::conditional_assign(X3, Y3, Z3, a_is_identity, b.x(), b.y(), one); 285| | 286| | // if b is identity then return a 287| 1.75k| FieldElement::conditional_assign(X3, Y3, Z3, b_is_identity, a.x(), a.y(), a.z()); 288| | 289| 1.75k| return ProjectivePoint(X3, Y3, Z3); 290| 1.75k|} pcurves_secp521r1.cpp:_ZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp521r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEE: 107| 251|auto to_affine_batch(std::span projective) { 108| 251| using AffinePoint = typename C::AffinePoint; 109| | 110| 251| const size_t N = projective.size(); 111| 251| std::vector affine; 112| 251| affine.reserve(N); 113| | 114| 251| CT::Choice any_identity = CT::Choice::no(); 115| | 116| 4.01k| for(const auto& pt : projective) { ------------------ | Branch (116:23): [True: 4.01k, False: 251] ------------------ 117| 4.01k| any_identity = any_identity || pt.is_identity(); 118| 4.01k| } 119| | 120| | // Conditional acceptable: N is public. State of points is not necessarily 121| | // public, but we don't leak which point was the identity. In practice with 122| | // the algorithms currently in use, the only time an identity can occur is 123| | // during mul2 where the two points g/h have a small relation (ie h = g*k for 124| | // some k < 16) 125| | 126| 251| if(N <= 2 || any_identity.as_bool()) { ------------------ | Branch (126:7): [True: 0, False: 251] | Branch (126:17): [True: 0, False: 251] ------------------ 127| | // If there are identity elements, using the batch inversion gets 128| | // tricky. It can be done, but this should be a rare situation so 129| | // just punt to the serial conversion if it occurs 130| 0| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (130:25): [True: 0, False: 0] ------------------ 131| 0| affine.push_back(to_affine(projective[i])); 132| 0| } 133| 251| } else { 134| 251| std::vector c; 135| 251| c.reserve(N); 136| | 137| | /* 138| | Batch projective->affine using Montgomery's trick 139| | 140| | See Algorithm 2.26 in "Guide to Elliptic Curve Cryptography" 141| | (Hankerson, Menezes, Vanstone) 142| | */ 143| | 144| 251| c.push_back(projective[0].z()); 145| 4.01k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (145:25): [True: 3.76k, False: 251] ------------------ 146| 3.76k| c.push_back(c[i - 1] * projective[i].z()); 147| 3.76k| } 148| | 149| 251| auto s_inv = [&]() { 150| 251| if constexpr(VariableTime) { 151| 251| return c[N - 1].invert_vartime(); 152| 251| } else { 153| 251| return invert_field_element(c[N - 1]); 154| 251| } 155| 251| }(); 156| | 157| 4.01k| for(size_t i = N - 1; i > 0; --i) { ------------------ | Branch (157:29): [True: 3.76k, False: 251] ------------------ 158| 3.76k| const auto& p = projective[i]; 159| | 160| 3.76k| const auto z_inv = s_inv * c[i - 1]; 161| 3.76k| const auto z2_inv = z_inv.square(); 162| 3.76k| const auto z3_inv = z_inv * z2_inv; 163| | 164| 3.76k| s_inv = s_inv * p.z(); 165| | 166| 3.76k| affine.push_back(AffinePoint(p.x() * z2_inv, p.y() * z3_inv)); 167| 3.76k| } 168| | 169| 251| const auto z2_inv = s_inv.square(); 170| 251| const auto z3_inv = s_inv * z2_inv; 171| 251| affine.push_back(AffinePoint(projective[0].x() * z2_inv, projective[0].y() * z3_inv)); 172| 251| std::reverse(affine.begin(), affine.end()); 173| 251| return affine; 174| 251| } 175| | 176| 0| return affine; 177| 251|} pcurves_secp521r1.cpp:_ZZN5Botan15to_affine_batchINS_6PCurve12_GLOBAL__N_19secp521r15CurveELb0EEEDaNSt3__14spanIKNT_15ProjectivePointELm18446744073709551615EEEENKUlvE_clEv: 149| 251| auto s_inv = [&]() { 150| | if constexpr(VariableTime) { 151| | return c[N - 1].invert_vartime(); 152| 251| } else { 153| 251| return invert_field_element(c[N - 1]); 154| 251| } 155| 251| }(); pcurves_secp521r1.cpp:_ZN5Botan20invert_field_elementINS_6PCurve12_GLOBAL__N_19secp521r15CurveEEEDaRKNT_12FieldElementE: 35| 251|inline constexpr auto invert_field_element(const typename C::FieldElement& fe) { 36| 251| if constexpr(curve_supports_fe_invert2) { 37| 251| return C::fe_invert2(fe) * fe; 38| | } else { 39| | return fe.invert(); 40| | } 41| 251|} pcurves_secp521r1.cpp:_ZN5Botan15dbl_n_a_minus_3INS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS5_6ParamsES6_E11FieldParamsEEEEES8_EEEET_RKSE_m: 432| 28.8k|inline constexpr ProjectivePoint dbl_n_a_minus_3(const ProjectivePoint& pt, size_t n) { 433| 28.8k| auto nx = pt.x(); 434| 28.8k| auto ny = pt.y().mul2(); 435| 28.8k| auto nz = pt.z(); 436| 28.8k| auto w = nz.square().square(); 437| | 438| | // Conditional ok: loop iteration count is public 439| 173k| while(n > 0) { ------------------ | Branch (439:10): [True: 144k, False: 28.8k] ------------------ 440| 144k| const auto ny2 = ny.square(); 441| 144k| const auto ny4 = ny2.square(); 442| 144k| const auto t1 = (nx.square() - w).mul3(); 443| 144k| const auto t2 = nx * ny2; 444| 144k| nx = t1.square() - t2.mul2(); 445| 144k| nz *= ny; 446| 144k| ny = t1 * (t2 - nx).mul2() - ny4; 447| 144k| n--; 448| | // Conditional ok: loop iteration count is public 449| 144k| if(n > 0) { ------------------ | Branch (449:10): [True: 115k, False: 28.8k] ------------------ 450| 115k| w *= ny4; 451| 115k| } 452| 144k| } 453| 28.8k| return ProjectivePoint(nx, ny.div2(), nz); 454| 28.8k|} pcurves_secp521r1.cpp:_ZN5Botan18sqrt_field_elementINS_6PCurve12_GLOBAL__N_19secp521r15CurveEEENS_2CT6OptionINT_12FieldElementEEERKS8_: 60| 255|inline constexpr CT::Option sqrt_field_element(const typename C::FieldElement& fe) { 61| 255| if constexpr(curve_supports_fe_sqrt) { 62| 255| auto z = C::fe_sqrt(fe); 63| | // Zero out the return value if it would otherwise be incorrect 64| 255| const CT::Choice correct = (z.square() == fe); 65| 255| z.conditional_assign(!correct, C::FieldElement::zero()); 66| 255| return CT::Option(z, correct); 67| | } else { 68| | return fe.sqrt(); 69| | } 70| 255|} pcurves_brainpool256r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1.84k| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1.84k| auto x = pt.x(); 1027| 1.84k| auto y = pt.y(); 1028| 1.84k| auto z = FieldElement::one(); 1029| | 1030| 1.84k| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1.84k| return ProjectiveCurvePoint(x, y, z); 1033| 1.84k| } pcurves_brainpool256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE1xEv: 971| 1.88M| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE1yEv: 976| 1.82M| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE3oneEv: 200| 75.3k| static constexpr Self one() { return Self(Rep::one()); } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E11FieldParamsEE3oneEv: 99| 75.3k| constexpr static std::array one() { return R1; } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 4.20M| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1.84k| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1.84k| const W mask = cond.into_bitmask(); 412| | 413| 9.20k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 7.36k, False: 1.84k] ------------------ 414| 7.36k| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 7.36k| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 7.36k| x.m_val[i] = nx; 417| 7.36k| y.m_val[i] = ny; 418| 7.36k| } 419| 1.84k| } pcurves_brainpool256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE11is_identityEv: 928| 79.0k| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE7is_zeroEv: 225| 388k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 112k| m_x(x), m_y(y), m_z(z) {} pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E3dblEv: 1121| 5.26k| constexpr Self dbl() const { 1122| | if constexpr(Self::A_is_minus_3) { 1123| | return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| 5.26k| } else { 1127| 5.26k| return dbl_generic(*this, A); 1128| 5.26k| } 1129| 5.26k| } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E1zEv: 1172| 438k| constexpr const FieldElement& z() const { return m_z; } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE6squareEv: 426| 978k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 978k| std::array z; // NOLINT(*-member-init) 428| 978k| comba_sqr(z.data(), this->data()); 429| 978k| return Self(Rep::redc(z)); 430| 978k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4dataEv: 896| 4.59M| constexpr const W* data() const { return m_val.data(); } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E11FieldParamsEE4redcERKNSt3__15arrayImLm8EEE: 104| 3.06M| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 3.06M| } else { 108| 3.06M| return monty_redc(z, P, P_dash); 109| 3.06M| } 110| 3.06M| } pcurves_brainpool256r1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEESC_: 265| 401k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 401k| std::array t; // NOLINT(*-member-init) 267| | 268| 401k| W carry = 0; 269| 2.00M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 1.60M, False: 401k] ------------------ 270| 1.60M| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 1.60M| } 272| | 273| 401k| std::array r; // NOLINT(*-member-init) 274| 401k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 401k| return Self(r); 276| 401k| } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E1xEv: 1162| 271k| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4mul3Ev: 335| 163k| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_brainpool256r1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEESC_: 346| 1.02M| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 1.02M| std::array z; // NOLINT(*-member-init) 348| 1.02M| comba_mul(z.data(), a.data(), b.data()); 349| 1.02M| return Self(Rep::redc(z)); 350| 1.02M| } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E1yEv: 1167| 271k| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4mul4Ev: 338| 5.26k| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_brainpool256r1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEESC_: 281| 917k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 917k| std::array r; // NOLINT(*-member-init) 283| 917k| W carry = 0; 284| 4.58M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 3.66M, False: 917k] ------------------ 285| 3.66M| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 3.66M| } 287| | 288| 917k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 917k| carry = 0; 291| | 292| 4.58M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 3.66M, False: 917k] ------------------ 293| 3.66M| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 3.66M| } 295| | 296| 917k| return Self(r); 297| 917k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4mul2Ev: 325| 547k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 547k| std::array t = value(); 327| 547k| const W carry = shift_left<1>(t); 328| | 329| 547k| std::array r; // NOLINT(*-member-init) 330| 547k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 547k| return Self(r); 332| 547k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE5valueEv: 894| 578k| constexpr const std::array& value() const { return m_val; } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4mul8Ev: 341| 5.26k| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_brainpool256r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_EESE_: 1064| 735| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 735| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 83.0k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 143k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 143k| const W mask = cond.into_bitmask(); 397| | 398| 719k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 575k, False: 143k] ------------------ 399| 575k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 575k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 575k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 575k| } 403| 143k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE6invertEv: 538| 1.83k| constexpr Self invert() const { return pow_vartime(Self::P_MINUS_2); } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE11pow_vartimeERKNSt3__15arrayImLm4EEE: 477| 2.40k| constexpr Self pow_vartime(const std::array& exp) const { 478| 2.40k| constexpr size_t WindowBits = (Self::BITS <= 256) ? 4 : 5; ------------------ | Branch (478:40): [True: 0, Folded] ------------------ 479| 2.40k| constexpr size_t WindowElements = (1 << WindowBits) - 1; 480| | 481| 2.40k| constexpr size_t Windows = (Self::BITS + WindowBits - 1) / WindowBits; 482| | 483| | /* 484| | A simple fixed width window modular multiplication. 485| | 486| | TODO: investigate using sliding window here 487| | */ 488| | 489| 2.40k| std::array tbl; 490| | 491| 2.40k| tbl[0] = (*this); 492| | 493| 36.1k| for(size_t i = 1; i != WindowElements; ++i) { ------------------ | Branch (493:28): [True: 33.6k, False: 2.40k] ------------------ 494| | // Conditional ok: table indexes are public here 495| 33.6k| if(i % 2 == 1) { ------------------ | Branch (495:16): [True: 16.8k, False: 16.8k] ------------------ 496| 16.8k| tbl[i] = tbl[i / 2].square(); 497| 16.8k| } else { 498| 16.8k| tbl[i] = tbl[i - 1] * tbl[0]; 499| 16.8k| } 500| 33.6k| } 501| | 502| 2.40k| auto r = Self::one(); 503| | 504| 2.40k| const size_t w0 = read_window_bits(std::span{exp}, (Windows - 1) * WindowBits); 505| | 506| | // Conditional ok: this function is variable time 507| 2.40k| if(w0 > 0) { ------------------ | Branch (507:13): [True: 2.40k, False: 0] ------------------ 508| 2.40k| r = tbl[w0 - 1]; 509| 2.40k| } 510| | 511| 154k| for(size_t i = 1; i != Windows; ++i) { ------------------ | Branch (511:28): [True: 151k, False: 2.40k] ------------------ 512| 151k| r.square_n(WindowBits); 513| | 514| 151k| const size_t w = read_window_bits(std::span{exp}, (Windows - i - 1) * WindowBits); 515| | 516| | // Conditional ok: this function is variable time 517| 151k| if(w > 0) { ------------------ | Branch (517:16): [True: 140k, False: 10.7k] ------------------ 518| 140k| r *= tbl[w - 1]; 519| 140k| } 520| 151k| } 521| | 522| 2.40k| return r; 523| 2.40k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEC2Ev: 180| 36.1k| constexpr IntMod() : m_val({}) {} pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE8square_nEm: 439| 151k| constexpr void square_n(size_t n) { 440| 151k| std::array z; // NOLINT(*-member-init) 441| 758k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 606k, False: 151k] ------------------ 442| 606k| comba_sqr(z.data(), this->data()); 443| 606k| m_val = Rep::redc(z); 444| 606k| } 445| 151k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEmLERKSA_: 355| 440k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 440k| std::array z; // NOLINT(*-member-init) 357| 440k| comba_mul(z.data(), data(), other.data()); 358| 440k| m_val = Rep::redc(z); 359| 440k| return (*this); 360| 440k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 177| for(;;) { 618| | // Conditional ok: this function is variable time 619| 177| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 176] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 176| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 176| std::array r; // NOLINT(*-member-init) 640| 176| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 176| if(carry == 0) { ------------------ | Branch (643:16): [True: 94, False: 82] ------------------ 644| | // b > a 645| 94| b.m_val = r; 646| 94| x = nx; 647| 94| Self::_invert_vartime_div2_helper(b, x); 648| 94| } else { 649| | // We know this can't underflow because a > b 650| 82| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 82| a.m_val = r; 652| 82| y = nx; 653| 82| Self::_invert_vartime_div2_helper(a, y); 654| 82| } 655| 176| } 656| 1| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4zeroEv: 195| 137k| static constexpr Self zero() { return Self(std::array{0}); } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E11FieldParamsEE8from_repERKNSt3__15arrayImLm4EEE: 137| 7.00k| constexpr static std::array from_rep(const std::array& z) { 138| 7.00k| std::array ze = {}; 139| 7.00k| copy_mem(std::span{ze}.template first(), z); 140| 7.00k| return Self::redc(ze); 141| 7.00k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 178| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 178| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 553| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 375, False: 178] ------------------ 552| 375| shift_right<1>(a.m_val); 553| | 554| 375| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 375| if(borrow) { ------------------ | Branch (557:16): [True: 193, False: 182] ------------------ 558| 193| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 193| } 560| 375| } 561| 178| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE6negateEv: 452| 68.5k| constexpr Self negate() const { 453| 68.5k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 68.5k| std::array r; // NOLINT(*-member-init) 456| 68.5k| W carry = 0; 457| 342k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 274k, False: 68.5k] ------------------ 458| 274k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 274k| } 460| | 461| 68.5k| return Self(r); 462| 68.5k| } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E11FieldParamsEE6to_repERKNSt3__15arrayImLm4EEE: 115| 6.84k| constexpr static std::array to_rep(const std::array& x) { 116| 6.84k| std::array z; // NOLINT(*-member-init) 117| 6.84k| comba_mul(z.data(), x.data(), R2.data()); 118| 6.84k| return Self::redc(z); 119| 6.84k| } pcurves_brainpool256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 86.6k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 5.87k| std::array stash_value() const { 760| 5.87k| static_assert(L >= N); 761| 5.87k| std::array stash = {}; 762| 29.3k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 23.4k, False: 5.87k] ------------------ 763| 23.4k| stash[i] = m_val[i]; 764| 23.4k| } 765| 5.87k| return stash; 766| 5.87k| } pcurves_brainpool256r1.cpp:_ZNK5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1407| 731| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1408| 731| const BlindedScalar scalar(s, rng); 1409| 731| return basemul_booth_exec(m_table, scalar, rng); 1410| 731| } pcurves_brainpool256r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm7EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 731| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 731| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 731, Folded] | Branch (1308:33): [True: 731, False: 0] ------------------ 1309| 731| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 731| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 731| constexpr size_t n_words = C::Words; 1313| | 1314| 731| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 731| rng.randomize(maskb, MaskBytes); 1316| | 1317| 731| W mask[n_words] = {0}; 1318| 731| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 731| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 731| if constexpr(ExcessBits > 0) { 1323| 731| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 731| mask[MaskWords - 1] &= ExcessMask; 1325| 731| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 731| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 731| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 731| mask[0] |= 1; 1331| | 1332| 731| W mask_n[2 * n_words] = {0}; 1333| | 1334| 731| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 731| comba_mul(mask_n, mask, C::NW.data()); 1338| 731| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 731| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 731| m_bytes = store_be>(mask_n); 1342| 731| m_bits = C::Scalar::BITS + BlindingBits; 1343| 731| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 731| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 731| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE8to_wordsEv: 734| 1.28k| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E12ScalarParamsEE8from_repERKNSt3__15arrayImLm4EEE: 137| 2.01k| constexpr static std::array from_rep(const std::array& z) { 138| 2.01k| std::array ze = {}; 139| 2.01k| copy_mem(std::span{ze}.template first(), z); 140| 2.01k| return Self::redc(ze); 141| 2.01k| } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E12ScalarParamsEE4redcERKNSt3__15arrayImLm8EEE: 104| 2.74k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 2.74k| } else { 108| 2.74k| return monty_redc(z, P, P_dash); 109| 2.74k| } 110| 2.74k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm32EEE: 739| 731| constexpr void serialize_to(std::span bytes) const { 740| 731| auto v = Rep::from_rep(m_val); 741| 731| std::reverse(v.begin(), v.end()); 742| | 743| 731| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 731| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 731| } pcurves_brainpool256r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm7EE4bitsEv: 1305| 731| size_t bits() const { return m_bits; } pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E18conditional_assignENS_2CT6ChoiceERKSC_: 1084| 1.28k| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 1085| 1.28k| FieldElement::conditional_assign(m_x, m_y, m_z, cond, pt.x(), pt.y(), pt.z()); 1086| 1.28k| } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E6negateEv: 1134| 1.28k| constexpr Self negate() const { return Self(x(), y().negate(), z()); } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E18_const_time_poisonEv: 1174| 1.28k| constexpr void _const_time_poison() const { CT::poison_all(m_x, m_y, m_z); } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE18_const_time_poisonEv: 889| 3.85k| constexpr void _const_time_poison() const { CT::poison(m_val); } pcurves_brainpool256r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm7EE10get_windowEm: 1353| 35.8k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 35.8k| return read_window_bits(std::span{m_bytes}, offset); 1356| 35.8k| } pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E10add_or_subERKSC_RKNS_16AffineCurvePointISB_EENS_2CT6ChoiceE: 1096| 66.6k| constexpr static Self add_or_sub(const Self& a, const AffinePoint& b, CT::Choice sub) { 1097| 66.6k| return point_add_or_sub_mixed(a, b, sub, FieldElement::one()); 1098| 66.6k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE18conditional_assignENS_2CT6ChoiceERKSA_: 367| 67.7k| constexpr void conditional_assign(CT::Choice cond, const Self& nx) { 368| 67.7k| const W mask = cond.into_bitmask(); 369| | 370| 338k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (370:28): [True: 271k, False: 67.7k] ------------------ 371| 271k| m_val[i] = Botan::choose(mask, nx.m_val[i], m_val[i]); 372| 271k| } 373| 67.7k| } pcurves_brainpool256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE9ct_selectENSt3__14spanIKSC_Lm18446744073709551615EEEm: 955| 35.8k| static constexpr auto ct_select(std::span pts, size_t idx) { 956| 35.8k| auto result = Self::identity(pts[0]); 957| | 958| | // Intentionally wrapping; set to maximum size_t if idx == 0 959| 35.8k| const size_t idx1 = static_cast(idx - 1); 960| 1.18M| for(size_t i = 0; i != pts.size(); ++i) { ------------------ | Branch (960:28): [True: 1.14M, False: 35.8k] ------------------ 961| 1.14M| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 962| 1.14M| result.conditional_assign(found, pts[i]); 963| 1.14M| } 964| | 965| 35.8k| return result; 966| 35.8k| } pcurves_brainpool256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE8identityERKSC_: 924| 67.9k| static constexpr Self identity(const Self& /*unused*/) { 925| 67.9k| return Self(FieldElement::zero(), FieldElement::zero()); 926| 67.9k| } pcurves_brainpool256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE18conditional_assignENS_2CT6ChoiceERKSC_: 981| 1.66M| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 982| 1.66M| FieldElement::conditional_assign(m_x, m_y, cond, pt.x(), pt.y()); 983| 1.66M| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE18conditional_assignERSA_SB_NS_2CT6ChoiceERKSA_SF_: 380| 1.66M| static constexpr void conditional_assign(Self& x, Self& y, CT::Choice cond, const Self& nx, const Self& ny) { 381| 1.66M| const W mask = cond.into_bitmask(); 382| | 383| 8.30M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (383:28): [True: 6.64M, False: 1.66M] ------------------ 384| 6.64M| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 385| 6.64M| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 386| 6.64M| } 387| 1.66M| } pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E13randomize_repERNS_21RandomNumberGeneratorE: 1142| 5.14k| void randomize_rep(RandomNumberGenerator& rng) { 1143| | // In certain contexts we may be called with a Null_RNG; in that case the 1144| | // caller is accepting that randomization will not occur 1145| | 1146| | // Conditional ok: caller's RNG state (seeded vs not) is presumed public 1147| 5.14k| if(rng.is_seeded()) { ------------------ | Branch (1147:13): [True: 5.14k, False: 0] ------------------ 1148| 5.14k| auto r = FieldElement::random(rng); 1149| | 1150| 5.14k| auto r2 = r.square(); 1151| 5.14k| auto r3 = r2 * r; 1152| | 1153| 5.14k| m_x *= r2; 1154| 5.14k| m_y *= r3; 1155| 5.14k| m_z *= r; 1156| 5.14k| } 1157| 5.14k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 5.14k| static Self random(RandomNumberGenerator& rng) { 852| 5.14k| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 5.14k| std::array buf{}; 855| | 856| 7.70k| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 7.70k, False: 0] ------------------ 857| 7.70k| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 7.70k| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 5.14k, False: 2.56k] ------------------ 868| 5.14k| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 5.14k, False: 0] ------------------ 869| 5.14k| return s.value(); 870| 5.14k| } 871| 5.14k| } 872| 7.70k| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 5.14k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 9.41k| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 9.41k| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 9.41k] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 9.41k| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 9.41k| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 2.57k, False: 6.84k] ------------------ 802| 2.57k| return {}; 803| 2.57k| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 6.84k| return Self::from_words(words); 807| 9.41k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE10from_wordsILm4EEESA_NSt3__15arrayImXT_EEE: 211| 6.84k| static constexpr Self from_words(std::array w) { 212| 6.84k| if constexpr(L == N) { 213| 6.84k| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 6.84k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE10is_nonzeroEv: 230| 5.14k| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E20_const_time_unpoisonEv: 1176| 1.28k| constexpr void _const_time_unpoison() const { CT::unpoison_all(m_x, m_y, m_z); } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE20_const_time_unpoisonEv: 891| 3.85k| constexpr void _const_time_unpoison() const { CT::unpoison(m_val); } pcurves_brainpool256r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm7EED2Ev: 1358| 731| ~BlindedScalarBits() { 1359| 731| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 731| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 731| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 2.74k| static Self from_stash(const std::array& stash) { 775| 2.74k| static_assert(L >= N); 776| 2.74k| std::array val = {}; 777| 13.7k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 10.9k, False: 2.74k] ------------------ 778| 10.9k| val[i] = stash[i]; 779| 10.9k| } 780| 2.74k| return Self(val); 781| 2.74k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 3.47k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE12serialize_toENSt3__14spanIhLm32EEE: 739| 6.44k| constexpr void serialize_to(std::span bytes) const { 740| 6.44k| auto v = Rep::from_rep(m_val); 741| 6.44k| std::reverse(v.begin(), v.end()); 742| | 743| 6.44k| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 6.44k| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 6.44k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 731| std::array stash_value() const { 760| 731| static_assert(L >= N); 761| 731| std::array stash = {}; 762| 3.65k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 2.92k, False: 731] ------------------ 763| 2.92k| stash[i] = m_val[i]; 764| 2.92k| } 765| 731| return stash; 766| 731| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 15.0k| static Self from_stash(const std::array& stash) { 775| 15.0k| static_assert(L >= N); 776| 15.0k| std::array val = {}; 777| 75.4k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 60.3k, False: 15.0k] ------------------ 778| 60.3k| val[i] = stash[i]; 779| 60.3k| } 780| 15.0k| return Self(val); 781| 15.0k| } pcurves_brainpool256r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm4EEC2ERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1487| 554| explicit WindowedBoothMulTable(const AffinePoint& p) : m_table(varpoint_setup(p)) {} pcurves_brainpool256r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_EERKNS_16AffineCurvePointISB_EE: 1066| 3.87k| friend constexpr Self operator+(const Self& a, const AffinePoint& b) { return Self::add_mixed(a, b); } pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E9add_mixedERKSC_RKNS_16AffineCurvePointISB_EE: 1091| 3.87k| constexpr static Self add_mixed(const Self& a, const AffinePoint& b) { 1092| 3.87k| return point_add_mixed(a, b, FieldElement::one()); 1093| 3.87k| } pcurves_brainpool256r1.cpp:_ZNK5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm4EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1489| 554| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1490| 554| const BlindedScalar bits(s, rng); 1491| | 1492| 554| const size_t scalar_bits = bits.bits(); 1493| 554| const size_t full_windows = compute_full_windows(scalar_bits + 1, WindowBits); 1494| 554| const size_t initial_shift = compute_initial_shift(scalar_bits + 1, WindowBits); 1495| | 1496| 554| BOTAN_DEBUG_ASSERT(full_windows * WindowBits + initial_shift == scalar_bits + 1); ------------------ | | 130| 554| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 554| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 554] | | ------------------ ------------------ 1497| 554| BOTAN_DEBUG_ASSERT(initial_shift > 0); ------------------ | | 130| 554| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 554| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 554] | | ------------------ ------------------ 1498| | 1499| 554| auto accum = ProjectivePoint::identity(); 1500| 554| CT::poison(accum); 1501| | 1502| 32.1k| for(size_t i = 0; i != full_windows; ++i) { ------------------ | Branch (1502:28): [True: 31.5k, False: 554] ------------------ 1503| 31.5k| const size_t idx = scalar_bits - initial_shift - WindowBits * i; 1504| | 1505| 31.5k| const size_t w_i = bits.get_window(idx); 1506| 31.5k| const auto [tidx, tneg] = booth_recode(w_i); 1507| | 1508| | // Conditional ok: loop iteration count is public 1509| 31.5k| if(i == 0) { ------------------ | Branch (1509:16): [True: 554, False: 31.0k] ------------------ 1510| 554| accum = ProjectivePoint::from_affine(m_table.ct_select(tidx)); 1511| 554| accum.conditional_assign(tneg, accum.negate()); 1512| 31.0k| } else { 1513| 31.0k| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1514| 31.0k| } 1515| | 1516| 31.5k| accum = accum.dbl_n(WindowBits); 1517| | 1518| | // Conditional ok: loop iteration count is public 1519| 31.5k| if(i <= 3) { ------------------ | Branch (1519:16): [True: 2.21k, False: 29.3k] ------------------ 1520| 2.21k| accum.randomize_rep(rng); 1521| 2.21k| } 1522| 31.5k| } 1523| | 1524| | // final window (note one bit shorter than previous reads) 1525| 554| const size_t w_l = bits.get_window(0) & ((1 << WindowBits) - 1); 1526| 554| const auto [tidx, tneg] = booth_recode(w_l << 1); 1527| 554| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1528| | 1529| 554| CT::unpoison(accum); 1530| 554| return accum; 1531| 554| } pcurves_brainpool256r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 554| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 554| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 554, Folded] | Branch (1308:33): [True: 554, False: 0] ------------------ 1309| 554| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 554| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 554| constexpr size_t n_words = C::Words; 1313| | 1314| 554| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 554| rng.randomize(maskb, MaskBytes); 1316| | 1317| 554| W mask[n_words] = {0}; 1318| 554| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 554| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 554| if constexpr(ExcessBits > 0) { 1323| 554| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 554| mask[MaskWords - 1] &= ExcessMask; 1325| 554| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 554| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 554| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 554| mask[0] |= 1; 1331| | 1332| 554| W mask_n[2 * n_words] = {0}; 1333| | 1334| 554| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 554| comba_mul(mask_n, mask, C::NW.data()); 1338| 554| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 554| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 554| m_bytes = store_be>(mask_n); 1342| 554| m_bits = C::Scalar::BITS + BlindingBits; 1343| 554| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 554| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 554| } pcurves_brainpool256r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6EE4bitsEv: 1305| 554| size_t bits() const { return m_bits; } pcurves_brainpool256r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm4EE20compute_full_windowsEmm: 1468| 554| static constexpr size_t compute_full_windows(size_t sb, size_t wb) { 1469| 554| if(sb % wb == 0) { ------------------ | Branch (1469:13): [True: 0, False: 554] ------------------ 1470| 0| return (sb - 1) / wb; 1471| 554| } else { 1472| 554| return sb / wb; 1473| 554| } 1474| 554| } pcurves_brainpool256r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm4EE21compute_initial_shiftEmm: 1476| 554| static constexpr size_t compute_initial_shift(size_t sb, size_t wb) { 1477| 554| if(sb % wb == 0) { ------------------ | Branch (1477:13): [True: 0, False: 554] ------------------ 1478| 0| return wb; 1479| 554| } else { 1480| 554| return sb - (sb / wb) * wb; 1481| 554| } 1482| 554| } pcurves_brainpool256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E8identityEv: 1038| 554| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::one(), FieldElement::zero()); } pcurves_brainpool256r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6EE10get_windowEm: 1353| 32.1k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 32.1k| return read_window_bits(std::span{m_bytes}, offset); 1356| 32.1k| } pcurves_brainpool256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEES7_E5dbl_nEm: 1108| 31.5k| constexpr Self dbl_n(size_t n) const { 1109| | if constexpr(Self::A_is_minus_3) { 1110| | return dbl_n_a_minus_3(*this, n); 1111| | } else if constexpr(Self::A_is_zero) { 1112| | return dbl_n_a_zero(*this, n); 1113| 31.5k| } else { 1114| 31.5k| return dbl_n_generic(*this, A, n); 1115| 31.5k| } 1116| 31.5k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4div2Ev: 302| 31.5k| Self div2() const { 303| | // The inverse of 2 modulo P is (P/2)+1; this avoids a constexpr time 304| | // general inversion, which some compilers can't handle 305| 31.5k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 306| | 307| | // We could multiply by INV_2 but there is a better way ... 308| | 309| 31.5k| std::array t = value(); 310| 31.5k| const W borrow = shift_right<1>(t); 311| | 312| | // If value was odd, add (P/2)+1 313| 31.5k| const auto mask = CT::Mask::expand(borrow).value(); 314| | 315| 31.5k| W carry = 0; 316| | 317| 157k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (317:28): [True: 126k, False: 31.5k] ------------------ 318| 126k| t[i] = word_add(t[i], INV_2[i] & mask, &carry); 319| 126k| } 320| | 321| 31.5k| return Self(t); 322| 31.5k| } pcurves_brainpool256r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6EED2Ev: 1358| 554| ~BlindedScalarBits() { 1359| 554| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 554| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 554| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE7is_zeroEv: 225| 1.46k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEEeqERKSA_: 722| 1.86k| constexpr CT::Choice operator==(const Self& other) const { 723| 1.86k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 1.86k| } pcurves_brainpool256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE8identityEv: 921| 1| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::zero()); } pcurves_brainpool256r1.cpp:_ZN5Botan13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsENS_13MontgomeryRepEE7x3_ax_bERKNS_6IntModINS5_INS6_11FieldParamsEEEEE: 1275| 1.86k| static constexpr FieldElement x3_ax_b(const FieldElement& x) { return (x.square() + A) * x + B; } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE4sqrtEv: 663| 568| constexpr CT::Option sqrt() const { 664| 568| if constexpr(Self::P_MOD_4 == 3) { 665| | // The easy case for square root is when p == 3 (mod 4) 666| | 667| 568| constexpr auto P_PLUS_1_OVER_4 = p_plus_1_over_4(P); 668| 568| auto z = pow_vartime(P_PLUS_1_OVER_4); 669| | 670| | // Zero out the return value if it would otherwise be incorrect 671| 568| const CT::Choice correct = (z.square() == *this); 672| 568| z.conditional_assign(!correct, Self::zero()); 673| 568| return CT::Option(z, correct); 674| | } else { 675| | // Shanks-Tonelli, following I.4 in RFC 9380 676| | 677| | /* 678| | Constants: 679| | 1. c1, the largest integer such that 2^c1 divides q - 1. 680| | 2. c2 = (q - 1) / (2^c1) # Integer arithmetic 681| | 3. c3 = (c2 - 1) / 2 # Integer arithmetic 682| | 4. c4, a non-square value in F 683| | 5. c5 = c4^c2 in F 684| | */ 685| | constexpr auto C1_C2 = shanks_tonelli_c1c2(Self::P); 686| | constexpr std::array C3 = shanks_tonelli_c3(C1_C2.second); 687| | constexpr std::array P_MINUS_1_OVER_2 = p_minus_1_over_2(Self::P); 688| | constexpr Self C4 = shanks_tonelli_c4(P_MINUS_1_OVER_2); 689| | constexpr Self C5 = C4.pow_vartime(C1_C2.second); 690| | 691| | const Self& x = (*this); 692| | 693| | auto z = x.pow_vartime(C3); 694| | auto t = z.square(); 695| | t *= x; 696| | z *= x; 697| | auto b = t; 698| | auto c = C5; 699| | 700| | for(size_t i = C1_C2.first; i >= 2; i--) { 701| | b.square_n(i - 2); 702| | const CT::Choice e = b.is_one(); 703| | z.conditional_assign(!e, z * c); 704| | c.square_n(1); 705| | t.conditional_assign(!e, t * c); 706| | b = t; 707| | } 708| | 709| | // Zero out the return value if it would otherwise be incorrect 710| | const CT::Choice correct = (z.square() == *this); 711| | z.conditional_assign(!correct, Self::zero()); 712| | return CT::Option(z, correct); 713| | } 714| 568| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE12correct_signENS_2CT6ChoiceE: 248| 554| constexpr Self correct_sign(CT::Choice even) const { 249| 554| const auto flip = (even != this->is_even()); 250| 554| return Self::choose(flip, this->negate(), *this); 251| 554| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE7is_evenEv: 240| 554| constexpr CT::Choice is_even() const { 241| 554| auto v = Rep::from_rep(m_val); 242| 554| return !CT::Choice::from_int(v[0] & 0x01); 243| 554| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E11FieldParamsEEEE6chooseENS_2CT6ChoiceERKSA_SE_: 256| 554| static constexpr Self choose(CT::Choice choice, const Self& x, const Self& y) { 257| 554| auto r = y; 258| 554| r.conditional_assign(choice, x); 259| 554| return r; 260| 554| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 1.06k| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 1.06k| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 1.06k] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 1.06k| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 1.06k| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 330, False: 731] ------------------ 802| 330| return {}; 803| 330| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 731| return Self::from_words(words); 807| 1.06k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE10from_wordsILm4EEESA_NSt3__15arrayImXT_EEE: 211| 731| static constexpr Self from_words(std::array w) { 212| 731| if constexpr(L == N) { 213| 731| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 731| } pcurves_brainpool256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES0_E12ScalarParamsEE6to_repERKNSt3__15arrayImLm4EEE: 115| 731| constexpr static std::array to_rep(const std::array& x) { 116| 731| std::array z; // NOLINT(*-member-init) 117| 731| comba_mul(z.data(), x.data(), R2.data()); 118| 731| return Self::redc(z); 119| 731| } pcurves_brainpool256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES2_E11FieldParamsEEEEEE12serialize_toENSt3__14spanIhLm65EEE: 941| 2.94k| constexpr void serialize_to(std::span bytes) const { 942| 2.94k| BOTAN_STATE_CHECK(this->is_identity().as_bool() == false); ------------------ | | 51| 2.94k| do { \ | | 52| 2.94k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 2.94k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 2.94k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 2.94k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 2.94k] | | ------------------ ------------------ 943| 2.94k| BufferStuffer pack(bytes); 944| 2.94k| pack.append(0x04); 945| 2.94k| x().serialize_to(pack.next()); 946| 2.94k| y().serialize_to(pack.next()); 947| 2.94k| BOTAN_DEBUG_ASSERT(pack.full()); ------------------ | | 130| 2.94k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 2.94k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 2.94k] | | ------------------ ------------------ 948| 2.94k| } pcurves_brainpool256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 731| static Self random(RandomNumberGenerator& rng) { 852| 731| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 731| std::array buf{}; 855| | 856| 1.06k| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 1.06k, False: 0] ------------------ 857| 1.06k| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 1.06k| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 731, False: 330] ------------------ 868| 731| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 731, False: 0] ------------------ 869| 731| return s.value(); 870| 731| } 871| 731| } 872| 1.06k| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 731| } pcurves_brainpool256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool256r16ParamsES1_E12ScalarParamsEEEE10is_nonzeroEv: 230| 731| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_brainpool384r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 861| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 861| auto x = pt.x(); 1027| 861| auto y = pt.y(); 1028| 861| auto z = FieldElement::one(); 1029| | 1030| 861| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 861| return ProjectiveCurvePoint(x, y, z); 1033| 861| } pcurves_brainpool384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE1xEv: 971| 1.57M| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE1yEv: 976| 1.51M| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE3oneEv: 200| 54.6k| static constexpr Self one() { return Self(Rep::one()); } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E11FieldParamsEE3oneEv: 99| 54.6k| constexpr static std::array one() { return R1; } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEC2ENSt3__15arrayImLm6EEE: 898| 2.52M| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 861| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 861| const W mask = cond.into_bitmask(); 412| | 413| 6.02k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 5.16k, False: 861] ------------------ 414| 5.16k| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 5.16k| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 5.16k| x.m_val[i] = nx; 417| 5.16k| y.m_val[i] = ny; 418| 5.16k| } 419| 861| } pcurves_brainpool384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE11is_identityEv: 928| 56.3k| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE7is_zeroEv: 225| 282k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 74.3k| m_x(x), m_y(y), m_z(z) {} pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E3dblEv: 1121| 2.71k| constexpr Self dbl() const { 1122| | if constexpr(Self::A_is_minus_3) { 1123| | return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| 2.71k| } else { 1127| 2.71k| return dbl_generic(*this, A); 1128| 2.71k| } 1129| 2.71k| } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E1zEv: 1172| 313k| constexpr const FieldElement& z() const { return m_z; } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE6squareEv: 426| 553k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 553k| std::array z; // NOLINT(*-member-init) 428| 553k| comba_sqr(z.data(), this->data()); 429| 553k| return Self(Rep::redc(z)); 430| 553k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4dataEv: 896| 2.83M| constexpr const W* data() const { return m_val.data(); } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E11FieldParamsEE4redcERKNSt3__15arrayImLm12EEE: 104| 1.88M| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 1.88M| } else { 108| 1.88M| return monty_redc(z, P, P_dash); 109| 1.88M| } 110| 1.88M| } pcurves_brainpool384r1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEESC_: 265| 219k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 219k| std::array t; // NOLINT(*-member-init) 267| | 268| 219k| W carry = 0; 269| 1.53M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 1.31M, False: 219k] ------------------ 270| 1.31M| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 1.31M| } 272| | 273| 219k| std::array r; // NOLINT(*-member-init) 274| 219k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 219k| return Self(r); 276| 219k| } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E1xEv: 1162| 191k| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4mul3Ev: 335| 81.8k| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_brainpool384r1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEESC_: 346| 671k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 671k| std::array z; // NOLINT(*-member-init) 348| 671k| comba_mul(z.data(), a.data(), b.data()); 349| 671k| return Self(Rep::redc(z)); 350| 671k| } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E1yEv: 1167| 190k| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4mul4Ev: 338| 2.71k| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_brainpool384r1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEESC_: 281| 567k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 567k| std::array r; // NOLINT(*-member-init) 283| 567k| W carry = 0; 284| 3.97M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 3.40M, False: 567k] ------------------ 285| 3.40M| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 3.40M| } 287| | 288| 567k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 567k| carry = 0; 291| | 292| 3.97M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 3.40M, False: 567k] ------------------ 293| 3.40M| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 3.40M| } 295| | 296| 567k| return Self(r); 297| 567k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4mul2Ev: 325| 274k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 274k| std::array t = value(); 327| 274k| const W carry = shift_left<1>(t); 328| | 329| 274k| std::array r; // NOLINT(*-member-init) 330| 274k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 274k| return Self(r); 332| 274k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE5valueEv: 894| 290k| constexpr const std::array& value() const { return m_val; } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4mul8Ev: 341| 2.71k| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_brainpool384r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_EESE_: 1064| 1.09k| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 1.09k| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 60.1k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 107k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 107k| const W mask = cond.into_bitmask(); 397| | 398| 755k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 647k, False: 107k] ------------------ 399| 647k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 647k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 647k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 647k| } 403| 107k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE6invertEv: 538| 860| constexpr Self invert() const { return pow_vartime(Self::P_MINUS_2); } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE11pow_vartimeERKNSt3__15arrayImLm6EEE: 477| 1.10k| constexpr Self pow_vartime(const std::array& exp) const { 478| 1.10k| constexpr size_t WindowBits = (Self::BITS <= 256) ? 4 : 5; ------------------ | Branch (478:40): [Folded, False: 1.10k] ------------------ 479| 1.10k| constexpr size_t WindowElements = (1 << WindowBits) - 1; 480| | 481| 1.10k| constexpr size_t Windows = (Self::BITS + WindowBits - 1) / WindowBits; 482| | 483| | /* 484| | A simple fixed width window modular multiplication. 485| | 486| | TODO: investigate using sliding window here 487| | */ 488| | 489| 1.10k| std::array tbl; 490| | 491| 1.10k| tbl[0] = (*this); 492| | 493| 34.2k| for(size_t i = 1; i != WindowElements; ++i) { ------------------ | Branch (493:28): [True: 33.1k, False: 1.10k] ------------------ 494| | // Conditional ok: table indexes are public here 495| 33.1k| if(i % 2 == 1) { ------------------ | Branch (495:16): [True: 16.5k, False: 16.5k] ------------------ 496| 16.5k| tbl[i] = tbl[i / 2].square(); 497| 16.5k| } else { 498| 16.5k| tbl[i] = tbl[i - 1] * tbl[0]; 499| 16.5k| } 500| 33.1k| } 501| | 502| 1.10k| auto r = Self::one(); 503| | 504| 1.10k| const size_t w0 = read_window_bits(std::span{exp}, (Windows - 1) * WindowBits); 505| | 506| | // Conditional ok: this function is variable time 507| 1.10k| if(w0 > 0) { ------------------ | Branch (507:13): [True: 1.10k, False: 0] ------------------ 508| 1.10k| r = tbl[w0 - 1]; 509| 1.10k| } 510| | 511| 85.0k| for(size_t i = 1; i != Windows; ++i) { ------------------ | Branch (511:28): [True: 83.9k, False: 1.10k] ------------------ 512| 83.9k| r.square_n(WindowBits); 513| | 514| 83.9k| const size_t w = read_window_bits(std::span{exp}, (Windows - i - 1) * WindowBits); 515| | 516| | // Conditional ok: this function is variable time 517| 83.9k| if(w > 0) { ------------------ | Branch (517:16): [True: 80.4k, False: 3.56k] ------------------ 518| 80.4k| r *= tbl[w - 1]; 519| 80.4k| } 520| 83.9k| } 521| | 522| 1.10k| return r; 523| 1.10k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEC2Ev: 180| 34.2k| constexpr IntMod() : m_val({}) {} pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE8square_nEm: 439| 83.9k| constexpr void square_n(size_t n) { 440| 83.9k| std::array z; // NOLINT(*-member-init) 441| 503k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 419k, False: 83.9k] ------------------ 442| 419k| comba_sqr(z.data(), this->data()); 443| 419k| m_val = Rep::redc(z); 444| 419k| } 445| 83.9k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEmLERKSA_: 355| 230k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 230k| std::array z; // NOLINT(*-member-init) 357| 230k| comba_mul(z.data(), data(), other.data()); 358| 230k| m_val = Rep::redc(z); 359| 230k| return (*this); 360| 230k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 262| for(;;) { 618| | // Conditional ok: this function is variable time 619| 262| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 261] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 261| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 261| std::array r; // NOLINT(*-member-init) 640| 261| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 261| if(carry == 0) { ------------------ | Branch (643:16): [True: 128, False: 133] ------------------ 644| | // b > a 645| 128| b.m_val = r; 646| 128| x = nx; 647| 128| Self::_invert_vartime_div2_helper(b, x); 648| 133| } else { 649| | // We know this can't underflow because a > b 650| 133| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 133| a.m_val = r; 652| 133| y = nx; 653| 133| Self::_invert_vartime_div2_helper(a, y); 654| 133| } 655| 261| } 656| 1| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4zeroEv: 195| 104k| static constexpr Self zero() { return Self(std::array{0}); } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E11FieldParamsEE8from_repERKNSt3__15arrayImLm6EEE: 137| 2.82k| constexpr static std::array from_rep(const std::array& z) { 138| 2.82k| std::array ze = {}; 139| 2.82k| copy_mem(std::span{ze}.template first(), z); 140| 2.82k| return Self::redc(ze); 141| 2.82k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 263| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 263| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 814| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 551, False: 263] ------------------ 552| 551| shift_right<1>(a.m_val); 553| | 554| 551| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 551| if(borrow) { ------------------ | Branch (557:16): [True: 291, False: 260] ------------------ 558| 291| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 291| } 560| 551| } 561| 263| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE6negateEv: 452| 52.1k| constexpr Self negate() const { 453| 52.1k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 52.1k| std::array r; // NOLINT(*-member-init) 456| 52.1k| W carry = 0; 457| 364k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 312k, False: 52.1k] ------------------ 458| 312k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 312k| } 460| | 461| 52.1k| return Self(r); 462| 52.1k| } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E11FieldParamsEE6to_repERKNSt3__15arrayImLm6EEE: 115| 3.46k| constexpr static std::array to_rep(const std::array& x) { 116| 3.46k| std::array z; // NOLINT(*-member-init) 117| 3.46k| comba_mul(z.data(), x.data(), R2.data()); 118| 3.46k| return Self::redc(z); 119| 3.46k| } pcurves_brainpool384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 60.7k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 3.19k| std::array stash_value() const { 760| 3.19k| static_assert(L >= N); 761| 3.19k| std::array stash = {}; 762| 22.3k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 19.1k, False: 3.19k] ------------------ 763| 19.1k| stash[i] = m_val[i]; 764| 19.1k| } 765| 3.19k| return stash; 766| 3.19k| } pcurves_brainpool384r1.cpp:_ZNK5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1407| 492| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1408| 492| const BlindedScalar scalar(s, rng); 1409| 492| return basemul_booth_exec(m_table, scalar, rng); 1410| 492| } pcurves_brainpool384r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm7EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 492| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 492| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 492, Folded] | Branch (1308:33): [True: 492, False: 0] ------------------ 1309| 492| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 492| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 492| constexpr size_t n_words = C::Words; 1313| | 1314| 492| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 492| rng.randomize(maskb, MaskBytes); 1316| | 1317| 492| W mask[n_words] = {0}; 1318| 492| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 492| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 492| if constexpr(ExcessBits > 0) { 1323| 492| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 492| mask[MaskWords - 1] &= ExcessMask; 1325| 492| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 492| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 492| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 492| mask[0] |= 1; 1331| | 1332| 492| W mask_n[2 * n_words] = {0}; 1333| | 1334| 492| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 492| comba_mul(mask_n, mask, C::NW.data()); 1338| 492| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 492| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 492| m_bytes = store_be>(mask_n); 1342| 492| m_bits = C::Scalar::BITS + BlindingBits; 1343| 492| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 492| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 492| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE8to_wordsEv: 734| 676| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E12ScalarParamsEE8from_repERKNSt3__15arrayImLm6EEE: 137| 1.16k| constexpr static std::array from_rep(const std::array& z) { 138| 1.16k| std::array ze = {}; 139| 1.16k| copy_mem(std::span{ze}.template first(), z); 140| 1.16k| return Self::redc(ze); 141| 1.16k| } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E12ScalarParamsEE4redcERKNSt3__15arrayImLm12EEE: 104| 1.66k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 1.66k| } else { 108| 1.66k| return monty_redc(z, P, P_dash); 109| 1.66k| } 110| 1.66k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm48EEE: 739| 492| constexpr void serialize_to(std::span bytes) const { 740| 492| auto v = Rep::from_rep(m_val); 741| 492| std::reverse(v.begin(), v.end()); 742| | 743| 492| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 492| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 492| } pcurves_brainpool384r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm7EE4bitsEv: 1305| 492| size_t bits() const { return m_bits; } pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E18conditional_assignENS_2CT6ChoiceERKSC_: 1084| 676| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 1085| 676| FieldElement::conditional_assign(m_x, m_y, m_z, cond, pt.x(), pt.y(), pt.z()); 1086| 676| } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E6negateEv: 1134| 676| constexpr Self negate() const { return Self(x(), y().negate(), z()); } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E18_const_time_poisonEv: 1174| 676| constexpr void _const_time_poison() const { CT::poison_all(m_x, m_y, m_z); } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE18_const_time_poisonEv: 889| 2.02k| constexpr void _const_time_poison() const { CT::poison(m_val); } pcurves_brainpool384r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm7EE10get_windowEm: 1353| 35.9k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 35.9k| return read_window_bits(std::span{m_bytes}, offset); 1356| 35.9k| } pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E10add_or_subERKSC_RKNS_16AffineCurvePointISB_EENS_2CT6ChoiceE: 1096| 51.2k| constexpr static Self add_or_sub(const Self& a, const AffinePoint& b, CT::Choice sub) { 1097| 51.2k| return point_add_or_sub_mixed(a, b, sub, FieldElement::one()); 1098| 51.2k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE18conditional_assignENS_2CT6ChoiceERKSA_: 367| 51.6k| constexpr void conditional_assign(CT::Choice cond, const Self& nx) { 368| 51.6k| const W mask = cond.into_bitmask(); 369| | 370| 361k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (370:28): [True: 310k, False: 51.6k] ------------------ 371| 310k| m_val[i] = Botan::choose(mask, nx.m_val[i], m_val[i]); 372| 310k| } 373| 51.6k| } pcurves_brainpool384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE9ct_selectENSt3__14spanIKSC_Lm18446744073709551615EEEm: 955| 35.9k| static constexpr auto ct_select(std::span pts, size_t idx) { 956| 35.9k| auto result = Self::identity(pts[0]); 957| | 958| | // Intentionally wrapping; set to maximum size_t if idx == 0 959| 35.9k| const size_t idx1 = static_cast(idx - 1); 960| 1.18M| for(size_t i = 0; i != pts.size(); ++i) { ------------------ | Branch (960:28): [True: 1.14M, False: 35.9k] ------------------ 961| 1.14M| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 962| 1.14M| result.conditional_assign(found, pts[i]); 963| 1.14M| } 964| | 965| 35.9k| return result; 966| 35.9k| } pcurves_brainpool384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE8identityERKSC_: 924| 51.9k| static constexpr Self identity(const Self& /*unused*/) { 925| 51.9k| return Self(FieldElement::zero(), FieldElement::zero()); 926| 51.9k| } pcurves_brainpool384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE18conditional_assignENS_2CT6ChoiceERKSC_: 981| 1.40M| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 982| 1.40M| FieldElement::conditional_assign(m_x, m_y, cond, pt.x(), pt.y()); 983| 1.40M| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE18conditional_assignERSA_SB_NS_2CT6ChoiceERKSA_SF_: 380| 1.40M| static constexpr void conditional_assign(Self& x, Self& y, CT::Choice cond, const Self& nx, const Self& ny) { 381| 1.40M| const W mask = cond.into_bitmask(); 382| | 383| 9.83M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (383:28): [True: 8.43M, False: 1.40M] ------------------ 384| 8.43M| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 385| 8.43M| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 386| 8.43M| } 387| 1.40M| } pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E13randomize_repERNS_21RandomNumberGeneratorE: 1142| 2.70k| void randomize_rep(RandomNumberGenerator& rng) { 1143| | // In certain contexts we may be called with a Null_RNG; in that case the 1144| | // caller is accepting that randomization will not occur 1145| | 1146| | // Conditional ok: caller's RNG state (seeded vs not) is presumed public 1147| 2.70k| if(rng.is_seeded()) { ------------------ | Branch (1147:13): [True: 2.70k, False: 0] ------------------ 1148| 2.70k| auto r = FieldElement::random(rng); 1149| | 1150| 2.70k| auto r2 = r.square(); 1151| 2.70k| auto r3 = r2 * r; 1152| | 1153| 2.70k| m_x *= r2; 1154| 2.70k| m_y *= r3; 1155| 2.70k| m_z *= r; 1156| 2.70k| } 1157| 2.70k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 2.70k| static Self random(RandomNumberGenerator& rng) { 852| 2.70k| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 2.70k| std::array buf{}; 855| | 856| 4.91k| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 4.91k, False: 0] ------------------ 857| 4.91k| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 4.91k| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 2.70k, False: 2.21k] ------------------ 868| 2.70k| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 2.70k, False: 0] ------------------ 869| 2.70k| return s.value(); 870| 2.70k| } 871| 2.70k| } 872| 4.91k| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 2.70k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 5.69k| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 5.69k| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 5.69k] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 5.69k| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 5.69k| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 2.22k, False: 3.46k] ------------------ 802| 2.22k| return {}; 803| 2.22k| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 3.46k| return Self::from_words(words); 807| 5.69k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE10from_wordsILm6EEESA_NSt3__15arrayImXT_EEE: 211| 3.46k| static constexpr Self from_words(std::array w) { 212| 3.46k| if constexpr(L == N) { 213| 3.46k| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 3.46k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE10is_nonzeroEv: 230| 2.70k| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E20_const_time_unpoisonEv: 1176| 676| constexpr void _const_time_unpoison() const { CT::unpoison_all(m_x, m_y, m_z); } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE20_const_time_unpoisonEv: 891| 2.02k| constexpr void _const_time_unpoison() const { CT::unpoison(m_val); } pcurves_brainpool384r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm7EED2Ev: 1358| 492| ~BlindedScalarBits() { 1359| 492| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 492| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 492| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 1.66k| static Self from_stash(const std::array& stash) { 775| 1.66k| static_assert(L >= N); 776| 1.66k| std::array val = {}; 777| 11.6k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 9.96k, False: 1.66k] ------------------ 778| 9.96k| val[i] = stash[i]; 779| 9.96k| } 780| 1.66k| return Self(val); 781| 1.66k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEEC2ENSt3__15arrayImLm6EEE: 898| 2.15k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE12serialize_toENSt3__14spanIhLm48EEE: 739| 2.64k| constexpr void serialize_to(std::span bytes) const { 740| 2.64k| auto v = Rep::from_rep(m_val); 741| 2.64k| std::reverse(v.begin(), v.end()); 742| | 743| 2.64k| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 2.64k| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 2.64k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 492| std::array stash_value() const { 760| 492| static_assert(L >= N); 761| 492| std::array stash = {}; 762| 3.44k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 2.95k, False: 492] ------------------ 763| 2.95k| stash[i] = m_val[i]; 764| 2.95k| } 765| 492| return stash; 766| 492| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 6.76k| static Self from_stash(const std::array& stash) { 775| 6.76k| static_assert(L >= N); 776| 6.76k| std::array val = {}; 777| 47.3k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 40.5k, False: 6.76k] ------------------ 778| 40.5k| val[i] = stash[i]; 779| 40.5k| } 780| 6.76k| return Self(val); 781| 6.76k| } pcurves_brainpool384r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm4EEC2ERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1487| 184| explicit WindowedBoothMulTable(const AffinePoint& p) : m_table(varpoint_setup(p)) {} pcurves_brainpool384r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_EERKNS_16AffineCurvePointISB_EE: 1066| 1.28k| friend constexpr Self operator+(const Self& a, const AffinePoint& b) { return Self::add_mixed(a, b); } pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E9add_mixedERKSC_RKNS_16AffineCurvePointISB_EE: 1091| 1.28k| constexpr static Self add_mixed(const Self& a, const AffinePoint& b) { 1092| 1.28k| return point_add_mixed(a, b, FieldElement::one()); 1093| 1.28k| } pcurves_brainpool384r1.cpp:_ZNK5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm4EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1489| 184| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1490| 184| const BlindedScalar bits(s, rng); 1491| | 1492| 184| const size_t scalar_bits = bits.bits(); 1493| 184| const size_t full_windows = compute_full_windows(scalar_bits + 1, WindowBits); 1494| 184| const size_t initial_shift = compute_initial_shift(scalar_bits + 1, WindowBits); 1495| | 1496| 184| BOTAN_DEBUG_ASSERT(full_windows * WindowBits + initial_shift == scalar_bits + 1); ------------------ | | 130| 184| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 184| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 184] | | ------------------ ------------------ 1497| 184| BOTAN_DEBUG_ASSERT(initial_shift > 0); ------------------ | | 130| 184| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 184| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 184] | | ------------------ ------------------ 1498| | 1499| 184| auto accum = ProjectivePoint::identity(); 1500| 184| CT::poison(accum); 1501| | 1502| 16.0k| for(size_t i = 0; i != full_windows; ++i) { ------------------ | Branch (1502:28): [True: 15.8k, False: 184] ------------------ 1503| 15.8k| const size_t idx = scalar_bits - initial_shift - WindowBits * i; 1504| | 1505| 15.8k| const size_t w_i = bits.get_window(idx); 1506| 15.8k| const auto [tidx, tneg] = booth_recode(w_i); 1507| | 1508| | // Conditional ok: loop iteration count is public 1509| 15.8k| if(i == 0) { ------------------ | Branch (1509:16): [True: 184, False: 15.6k] ------------------ 1510| 184| accum = ProjectivePoint::from_affine(m_table.ct_select(tidx)); 1511| 184| accum.conditional_assign(tneg, accum.negate()); 1512| 15.6k| } else { 1513| 15.6k| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1514| 15.6k| } 1515| | 1516| 15.8k| accum = accum.dbl_n(WindowBits); 1517| | 1518| | // Conditional ok: loop iteration count is public 1519| 15.8k| if(i <= 3) { ------------------ | Branch (1519:16): [True: 736, False: 15.0k] ------------------ 1520| 736| accum.randomize_rep(rng); 1521| 736| } 1522| 15.8k| } 1523| | 1524| | // final window (note one bit shorter than previous reads) 1525| 184| const size_t w_l = bits.get_window(0) & ((1 << WindowBits) - 1); 1526| 184| const auto [tidx, tneg] = booth_recode(w_l << 1); 1527| 184| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1528| | 1529| 184| CT::unpoison(accum); 1530| 184| return accum; 1531| 184| } pcurves_brainpool384r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 184| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 184| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 184, Folded] | Branch (1308:33): [True: 184, False: 0] ------------------ 1309| 184| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 184| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 184| constexpr size_t n_words = C::Words; 1313| | 1314| 184| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 184| rng.randomize(maskb, MaskBytes); 1316| | 1317| 184| W mask[n_words] = {0}; 1318| 184| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 184| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 184| if constexpr(ExcessBits > 0) { 1323| 184| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 184| mask[MaskWords - 1] &= ExcessMask; 1325| 184| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 184| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 184| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 184| mask[0] |= 1; 1331| | 1332| 184| W mask_n[2 * n_words] = {0}; 1333| | 1334| 184| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 184| comba_mul(mask_n, mask, C::NW.data()); 1338| 184| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 184| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 184| m_bytes = store_be>(mask_n); 1342| 184| m_bits = C::Scalar::BITS + BlindingBits; 1343| 184| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 184| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 184| } pcurves_brainpool384r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6EE4bitsEv: 1305| 184| size_t bits() const { return m_bits; } pcurves_brainpool384r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm4EE20compute_full_windowsEmm: 1468| 184| static constexpr size_t compute_full_windows(size_t sb, size_t wb) { 1469| 184| if(sb % wb == 0) { ------------------ | Branch (1469:13): [True: 0, False: 184] ------------------ 1470| 0| return (sb - 1) / wb; 1471| 184| } else { 1472| 184| return sb / wb; 1473| 184| } 1474| 184| } pcurves_brainpool384r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm4EE21compute_initial_shiftEmm: 1476| 184| static constexpr size_t compute_initial_shift(size_t sb, size_t wb) { 1477| 184| if(sb % wb == 0) { ------------------ | Branch (1477:13): [True: 0, False: 184] ------------------ 1478| 0| return wb; 1479| 184| } else { 1480| 184| return sb - (sb / wb) * wb; 1481| 184| } 1482| 184| } pcurves_brainpool384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E8identityEv: 1038| 184| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::one(), FieldElement::zero()); } pcurves_brainpool384r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6EE10get_windowEm: 1353| 16.0k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 16.0k| return read_window_bits(std::span{m_bytes}, offset); 1356| 16.0k| } pcurves_brainpool384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEES7_E5dbl_nEm: 1108| 15.8k| constexpr Self dbl_n(size_t n) const { 1109| | if constexpr(Self::A_is_minus_3) { 1110| | return dbl_n_a_minus_3(*this, n); 1111| | } else if constexpr(Self::A_is_zero) { 1112| | return dbl_n_a_zero(*this, n); 1113| 15.8k| } else { 1114| 15.8k| return dbl_n_generic(*this, A, n); 1115| 15.8k| } 1116| 15.8k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4div2Ev: 302| 15.8k| Self div2() const { 303| | // The inverse of 2 modulo P is (P/2)+1; this avoids a constexpr time 304| | // general inversion, which some compilers can't handle 305| 15.8k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 306| | 307| | // We could multiply by INV_2 but there is a better way ... 308| | 309| 15.8k| std::array t = value(); 310| 15.8k| const W borrow = shift_right<1>(t); 311| | 312| | // If value was odd, add (P/2)+1 313| 15.8k| const auto mask = CT::Mask::expand(borrow).value(); 314| | 315| 15.8k| W carry = 0; 316| | 317| 110k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (317:28): [True: 94.9k, False: 15.8k] ------------------ 318| 94.9k| t[i] = word_add(t[i], INV_2[i] & mask, &carry); 319| 94.9k| } 320| | 321| 15.8k| return Self(t); 322| 15.8k| } pcurves_brainpool384r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6EED2Ev: 1358| 184| ~BlindedScalarBits() { 1359| 184| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 184| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 184| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE7is_zeroEv: 225| 984| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEEeqERKSA_: 722| 989| constexpr CT::Choice operator==(const Self& other) const { 723| 989| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 989| } pcurves_brainpool384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE8identityEv: 921| 1| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::zero()); } pcurves_brainpool384r1.cpp:_ZN5Botan13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsENS_13MontgomeryRepEE7x3_ax_bERKNS_6IntModINS5_INS6_11FieldParamsEEEEE: 1275| 989| static constexpr FieldElement x3_ax_b(const FieldElement& x) { return (x.square() + A) * x + B; } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE4sqrtEv: 663| 245| constexpr CT::Option sqrt() const { 664| 245| if constexpr(Self::P_MOD_4 == 3) { 665| | // The easy case for square root is when p == 3 (mod 4) 666| | 667| 245| constexpr auto P_PLUS_1_OVER_4 = p_plus_1_over_4(P); 668| 245| auto z = pow_vartime(P_PLUS_1_OVER_4); 669| | 670| | // Zero out the return value if it would otherwise be incorrect 671| 245| const CT::Choice correct = (z.square() == *this); 672| 245| z.conditional_assign(!correct, Self::zero()); 673| 245| return CT::Option(z, correct); 674| | } else { 675| | // Shanks-Tonelli, following I.4 in RFC 9380 676| | 677| | /* 678| | Constants: 679| | 1. c1, the largest integer such that 2^c1 divides q - 1. 680| | 2. c2 = (q - 1) / (2^c1) # Integer arithmetic 681| | 3. c3 = (c2 - 1) / 2 # Integer arithmetic 682| | 4. c4, a non-square value in F 683| | 5. c5 = c4^c2 in F 684| | */ 685| | constexpr auto C1_C2 = shanks_tonelli_c1c2(Self::P); 686| | constexpr std::array C3 = shanks_tonelli_c3(C1_C2.second); 687| | constexpr std::array P_MINUS_1_OVER_2 = p_minus_1_over_2(Self::P); 688| | constexpr Self C4 = shanks_tonelli_c4(P_MINUS_1_OVER_2); 689| | constexpr Self C5 = C4.pow_vartime(C1_C2.second); 690| | 691| | const Self& x = (*this); 692| | 693| | auto z = x.pow_vartime(C3); 694| | auto t = z.square(); 695| | t *= x; 696| | z *= x; 697| | auto b = t; 698| | auto c = C5; 699| | 700| | for(size_t i = C1_C2.first; i >= 2; i--) { 701| | b.square_n(i - 2); 702| | const CT::Choice e = b.is_one(); 703| | z.conditional_assign(!e, z * c); 704| | c.square_n(1); 705| | t.conditional_assign(!e, t * c); 706| | b = t; 707| | } 708| | 709| | // Zero out the return value if it would otherwise be incorrect 710| | const CT::Choice correct = (z.square() == *this); 711| | z.conditional_assign(!correct, Self::zero()); 712| | return CT::Option(z, correct); 713| | } 714| 245| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE12correct_signENS_2CT6ChoiceE: 248| 184| constexpr Self correct_sign(CT::Choice even) const { 249| 184| const auto flip = (even != this->is_even()); 250| 184| return Self::choose(flip, this->negate(), *this); 251| 184| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE7is_evenEv: 240| 184| constexpr CT::Choice is_even() const { 241| 184| auto v = Rep::from_rep(m_val); 242| 184| return !CT::Choice::from_int(v[0] & 0x01); 243| 184| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E11FieldParamsEEEE6chooseENS_2CT6ChoiceERKSA_SE_: 256| 184| static constexpr Self choose(CT::Choice choice, const Self& x, const Self& y) { 257| 184| auto r = y; 258| 184| r.conditional_assign(choice, x); 259| 184| return r; 260| 184| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 865| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 865| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 865] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 865| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 865| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 373, False: 492] ------------------ 802| 373| return {}; 803| 373| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 492| return Self::from_words(words); 807| 865| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE10from_wordsILm6EEESA_NSt3__15arrayImXT_EEE: 211| 492| static constexpr Self from_words(std::array w) { 212| 492| if constexpr(L == N) { 213| 492| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 492| } pcurves_brainpool384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES0_E12ScalarParamsEE6to_repERKNSt3__15arrayImLm6EEE: 115| 492| constexpr static std::array to_rep(const std::array& x) { 116| 492| std::array z; // NOLINT(*-member-init) 117| 492| comba_mul(z.data(), x.data(), R2.data()); 118| 492| return Self::redc(z); 119| 492| } pcurves_brainpool384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES2_E11FieldParamsEEEEEE12serialize_toENSt3__14spanIhLm97EEE: 941| 1.22k| constexpr void serialize_to(std::span bytes) const { 942| 1.22k| BOTAN_STATE_CHECK(this->is_identity().as_bool() == false); ------------------ | | 51| 1.22k| do { \ | | 52| 1.22k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 1.22k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 1.22k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 1.22k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 1.22k] | | ------------------ ------------------ 943| 1.22k| BufferStuffer pack(bytes); 944| 1.22k| pack.append(0x04); 945| 1.22k| x().serialize_to(pack.next()); 946| 1.22k| y().serialize_to(pack.next()); 947| 1.22k| BOTAN_DEBUG_ASSERT(pack.full()); ------------------ | | 130| 1.22k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 1.22k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 1.22k] | | ------------------ ------------------ 948| 1.22k| } pcurves_brainpool384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 492| static Self random(RandomNumberGenerator& rng) { 852| 492| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 492| std::array buf{}; 855| | 856| 865| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 865, False: 0] ------------------ 857| 865| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 865| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 492, False: 373] ------------------ 868| 492| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 492, False: 0] ------------------ 869| 492| return s.value(); 870| 492| } 871| 492| } 872| 865| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 492| } pcurves_brainpool384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool384r16ParamsES1_E12ScalarParamsEEEE10is_nonzeroEv: 230| 492| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_brainpool512r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 699| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 699| auto x = pt.x(); 1027| 699| auto y = pt.y(); 1028| 699| auto z = FieldElement::one(); 1029| | 1030| 699| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 699| return ProjectiveCurvePoint(x, y, z); 1033| 699| } pcurves_brainpool512r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE1xEv: 971| 1.69M| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool512r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE1yEv: 976| 1.63M| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE3oneEv: 200| 58.3k| static constexpr Self one() { return Self(Rep::one()); } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E11FieldParamsEE3oneEv: 99| 58.3k| constexpr static std::array one() { return R1; } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEC2ENSt3__15arrayImLm8EEE: 898| 2.71M| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 699| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 699| const W mask = cond.into_bitmask(); 412| | 413| 6.29k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 5.59k, False: 699] ------------------ 414| 5.59k| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 5.59k| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 5.59k| x.m_val[i] = nx; 417| 5.59k| y.m_val[i] = ny; 418| 5.59k| } 419| 699| } pcurves_brainpool512r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE11is_identityEv: 928| 59.6k| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE7is_zeroEv: 225| 302k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 79.8k| m_x(x), m_y(y), m_z(z) {} pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E3dblEv: 1121| 2.84k| constexpr Self dbl() const { 1122| | if constexpr(Self::A_is_minus_3) { 1123| | return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| 2.84k| } else { 1127| 2.84k| return dbl_generic(*this, A); 1128| 2.84k| } 1129| 2.84k| } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E1zEv: 1172| 338k| constexpr const FieldElement& z() const { return m_z; } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE6squareEv: 426| 592k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 592k| std::array z; // NOLINT(*-member-init) 428| 592k| comba_sqr(z.data(), this->data()); 429| 592k| return Self(Rep::redc(z)); 430| 592k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4dataEv: 896| 3.05M| constexpr const W* data() const { return m_val.data(); } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E11FieldParamsEE4redcERKNSt3__15arrayImLm16EEE: 104| 2.02M| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 2.02M| } else { 108| 2.02M| return monty_redc(z, P, P_dash); 109| 2.02M| } 110| 2.02M| } pcurves_brainpool512r1.cpp:_ZN5BotanplERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEESC_: 265| 237k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 237k| std::array t; // NOLINT(*-member-init) 267| | 268| 237k| W carry = 0; 269| 2.13M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 1.89M, False: 237k] ------------------ 270| 1.89M| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 1.89M| } 272| | 273| 237k| std::array r; // NOLINT(*-member-init) 274| 237k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 237k| return Self(r); 276| 237k| } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E1xEv: 1162| 205k| constexpr const FieldElement& x() const { return m_x; } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4mul3Ev: 335| 88.5k| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_brainpool512r1.cpp:_ZN5BotanmlERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEESC_: 346| 720k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 720k| std::array z; // NOLINT(*-member-init) 348| 720k| comba_mul(z.data(), a.data(), b.data()); 349| 720k| return Self(Rep::redc(z)); 350| 720k| } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E1yEv: 1167| 205k| constexpr const FieldElement& y() const { return m_y; } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4mul4Ev: 338| 2.84k| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_brainpool512r1.cpp:_ZN5BotanmiERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEESC_: 281| 613k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 613k| std::array r; // NOLINT(*-member-init) 283| 613k| W carry = 0; 284| 5.52M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 4.90M, False: 613k] ------------------ 285| 4.90M| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 4.90M| } 287| | 288| 613k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 613k| carry = 0; 291| | 292| 5.52M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 4.90M, False: 613k] ------------------ 293| 4.90M| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 4.90M| } 295| | 296| 613k| return Self(r); 297| 613k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4mul2Ev: 325| 296k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 296k| std::array t = value(); 327| 296k| const W carry = shift_left<1>(t); 328| | 329| 296k| std::array r; // NOLINT(*-member-init) 330| 296k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 296k| return Self(r); 332| 296k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE5valueEv: 894| 314k| constexpr const std::array& value() const { return m_val; } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4mul8Ev: 341| 2.84k| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_brainpool512r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_EESE_: 1064| 1.45k| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 1.45k| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 65.1k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 116k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 116k| const W mask = cond.into_bitmask(); 397| | 398| 1.04M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 932k, False: 116k] ------------------ 399| 932k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 932k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 932k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 932k| } 403| 116k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE6invertEv: 538| 698| constexpr Self invert() const { return pow_vartime(Self::P_MINUS_2); } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE11pow_vartimeERKNSt3__15arrayImLm8EEE: 477| 901| constexpr Self pow_vartime(const std::array& exp) const { 478| 901| constexpr size_t WindowBits = (Self::BITS <= 256) ? 4 : 5; ------------------ | Branch (478:40): [Folded, False: 901] ------------------ 479| 901| constexpr size_t WindowElements = (1 << WindowBits) - 1; 480| | 481| 901| constexpr size_t Windows = (Self::BITS + WindowBits - 1) / WindowBits; 482| | 483| | /* 484| | A simple fixed width window modular multiplication. 485| | 486| | TODO: investigate using sliding window here 487| | */ 488| | 489| 901| std::array tbl; 490| | 491| 901| tbl[0] = (*this); 492| | 493| 27.9k| for(size_t i = 1; i != WindowElements; ++i) { ------------------ | Branch (493:28): [True: 27.0k, False: 901] ------------------ 494| | // Conditional ok: table indexes are public here 495| 27.0k| if(i % 2 == 1) { ------------------ | Branch (495:16): [True: 13.5k, False: 13.5k] ------------------ 496| 13.5k| tbl[i] = tbl[i / 2].square(); 497| 13.5k| } else { 498| 13.5k| tbl[i] = tbl[i - 1] * tbl[0]; 499| 13.5k| } 500| 27.0k| } 501| | 502| 901| auto r = Self::one(); 503| | 504| 901| const size_t w0 = read_window_bits(std::span{exp}, (Windows - 1) * WindowBits); 505| | 506| | // Conditional ok: this function is variable time 507| 901| if(w0 > 0) { ------------------ | Branch (507:13): [True: 698, False: 203] ------------------ 508| 698| r = tbl[w0 - 1]; 509| 698| } 510| | 511| 92.8k| for(size_t i = 1; i != Windows; ++i) { ------------------ | Branch (511:28): [True: 91.9k, False: 901] ------------------ 512| 91.9k| r.square_n(WindowBits); 513| | 514| 91.9k| const size_t w = read_window_bits(std::span{exp}, (Windows - i - 1) * WindowBits); 515| | 516| | // Conditional ok: this function is variable time 517| 91.9k| if(w > 0) { ------------------ | Branch (517:16): [True: 89.4k, False: 2.41k] ------------------ 518| 89.4k| r *= tbl[w - 1]; 519| 89.4k| } 520| 91.9k| } 521| | 522| 901| return r; 523| 901| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEC2Ev: 180| 27.9k| constexpr IntMod() : m_val({}) {} pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE8square_nEm: 439| 91.9k| constexpr void square_n(size_t n) { 440| 91.9k| std::array z; // NOLINT(*-member-init) 441| 551k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 459k, False: 91.9k] ------------------ 442| 459k| comba_sqr(z.data(), this->data()); 443| 459k| m_val = Rep::redc(z); 444| 459k| } 445| 91.9k| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEmLERKSA_: 355| 250k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 250k| std::array z; // NOLINT(*-member-init) 357| 250k| comba_mul(z.data(), data(), other.data()); 358| 250k| m_val = Rep::redc(z); 359| 250k| return (*this); 360| 250k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 366| for(;;) { 618| | // Conditional ok: this function is variable time 619| 366| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 365] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 365| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 365| std::array r; // NOLINT(*-member-init) 640| 365| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 365| if(carry == 0) { ------------------ | Branch (643:16): [True: 175, False: 190] ------------------ 644| | // b > a 645| 175| b.m_val = r; 646| 175| x = nx; 647| 175| Self::_invert_vartime_div2_helper(b, x); 648| 190| } else { 649| | // We know this can't underflow because a > b 650| 190| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 190| a.m_val = r; 652| 190| y = nx; 653| 190| Self::_invert_vartime_div2_helper(a, y); 654| 190| } 655| 365| } 656| 1| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4zeroEv: 195| 112k| static constexpr Self zero() { return Self(std::array{0}); } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E11FieldParamsEE8from_repERKNSt3__15arrayImLm8EEE: 137| 2.29k| constexpr static std::array from_rep(const std::array& z) { 138| 2.29k| std::array ze = {}; 139| 2.29k| copy_mem(std::span{ze}.template first(), z); 140| 2.29k| return Self::redc(ze); 141| 2.29k| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 367| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 367| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 1.08k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 713, False: 367] ------------------ 552| 713| shift_right<1>(a.m_val); 553| | 554| 713| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 713| if(borrow) { ------------------ | Branch (557:16): [True: 362, False: 351] ------------------ 558| 362| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 362| } 560| 713| } 561| 367| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE6negateEv: 452| 56.2k| constexpr Self negate() const { 453| 56.2k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 56.2k| std::array r; // NOLINT(*-member-init) 456| 56.2k| W carry = 0; 457| 506k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 449k, False: 56.2k] ------------------ 458| 449k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 449k| } 460| | 461| 56.2k| return Self(r); 462| 56.2k| } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E11FieldParamsEE6to_repERKNSt3__15arrayImLm8EEE: 115| 2.77k| constexpr static std::array to_rep(const std::array& x) { 116| 2.77k| std::array z; // NOLINT(*-member-init) 117| 2.77k| comba_mul(z.data(), x.data(), R2.data()); 118| 2.77k| return Self::redc(z); 119| 2.77k| } pcurves_brainpool512r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 64.4k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 2.59k| std::array stash_value() const { 760| 2.59k| static_assert(L >= N); 761| 2.59k| std::array stash = {}; 762| 23.3k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 20.7k, False: 2.59k] ------------------ 763| 20.7k| stash[i] = m_val[i]; 764| 20.7k| } 765| 2.59k| return stash; 766| 2.59k| } pcurves_brainpool512r1.cpp:_ZNK5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1407| 400| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1408| 400| const BlindedScalar scalar(s, rng); 1409| 400| return basemul_booth_exec(m_table, scalar, rng); 1410| 400| } pcurves_brainpool512r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm7EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 400| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 400| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 400, Folded] | Branch (1308:33): [True: 400, False: 0] ------------------ 1309| 400| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 400| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 400| constexpr size_t n_words = C::Words; 1313| | 1314| 400| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 400| rng.randomize(maskb, MaskBytes); 1316| | 1317| 400| W mask[n_words] = {0}; 1318| 400| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 400| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| | if constexpr(ExcessBits > 0) { 1323| | constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| | mask[MaskWords - 1] &= ExcessMask; 1325| | } 1326| | 1327| | // Set top and bottom bits of mask 1328| 400| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 400| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 400| mask[0] |= 1; 1331| | 1332| 400| W mask_n[2 * n_words] = {0}; 1333| | 1334| 400| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 400| comba_mul(mask_n, mask, C::NW.data()); 1338| 400| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 400| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 400| m_bytes = store_be>(mask_n); 1342| 400| m_bits = C::Scalar::BITS + BlindingBits; 1343| 400| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 400| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 400| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE8to_wordsEv: 734| 549| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E12ScalarParamsEE8from_repERKNSt3__15arrayImLm8EEE: 137| 949| constexpr static std::array from_rep(const std::array& z) { 138| 949| std::array ze = {}; 139| 949| copy_mem(std::span{ze}.template first(), z); 140| 949| return Self::redc(ze); 141| 949| } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E12ScalarParamsEE4redcERKNSt3__15arrayImLm16EEE: 104| 1.34k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 1.34k| } else { 108| 1.34k| return monty_redc(z, P, P_dash); 109| 1.34k| } 110| 1.34k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm64EEE: 739| 400| constexpr void serialize_to(std::span bytes) const { 740| 400| auto v = Rep::from_rep(m_val); 741| 400| std::reverse(v.begin(), v.end()); 742| | 743| 400| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 400| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 400| } pcurves_brainpool512r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm7EE4bitsEv: 1305| 400| size_t bits() const { return m_bits; } pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E18conditional_assignENS_2CT6ChoiceERKSC_: 1084| 549| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 1085| 549| FieldElement::conditional_assign(m_x, m_y, m_z, cond, pt.x(), pt.y(), pt.z()); 1086| 549| } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E6negateEv: 1134| 549| constexpr Self negate() const { return Self(x(), y().negate(), z()); } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E18_const_time_poisonEv: 1174| 549| constexpr void _const_time_poison() const { CT::poison_all(m_x, m_y, m_z); } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE18_const_time_poisonEv: 889| 1.64k| constexpr void _const_time_poison() const { CT::poison(m_val); } pcurves_brainpool512r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm7EE10get_windowEm: 1353| 38.8k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 38.8k| return read_window_bits(std::span{m_bytes}, offset); 1356| 38.8k| } pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E10add_or_subERKSC_RKNS_16AffineCurvePointISB_EENS_2CT6ChoiceE: 1096| 55.5k| constexpr static Self add_or_sub(const Self& a, const AffinePoint& b, CT::Choice sub) { 1097| 55.5k| return point_add_or_sub_mixed(a, b, sub, FieldElement::one()); 1098| 55.5k| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE18conditional_assignENS_2CT6ChoiceERKSA_: 367| 55.8k| constexpr void conditional_assign(CT::Choice cond, const Self& nx) { 368| 55.8k| const W mask = cond.into_bitmask(); 369| | 370| 502k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (370:28): [True: 447k, False: 55.8k] ------------------ 371| 447k| m_val[i] = Botan::choose(mask, nx.m_val[i], m_val[i]); 372| 447k| } 373| 55.8k| } pcurves_brainpool512r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE9ct_selectENSt3__14spanIKSC_Lm18446744073709551615EEEm: 955| 38.8k| static constexpr auto ct_select(std::span pts, size_t idx) { 956| 38.8k| auto result = Self::identity(pts[0]); 957| | 958| | // Intentionally wrapping; set to maximum size_t if idx == 0 959| 38.8k| const size_t idx1 = static_cast(idx - 1); 960| 1.28M| for(size_t i = 0; i != pts.size(); ++i) { ------------------ | Branch (960:28): [True: 1.24M, False: 38.8k] ------------------ 961| 1.24M| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 962| 1.24M| result.conditional_assign(found, pts[i]); 963| 1.24M| } 964| | 965| 38.8k| return result; 966| 38.8k| } pcurves_brainpool512r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE8identityERKSC_: 924| 56.0k| static constexpr Self identity(const Self& /*unused*/) { 925| 56.0k| return Self(FieldElement::zero(), FieldElement::zero()); 926| 56.0k| } pcurves_brainpool512r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE18conditional_assignENS_2CT6ChoiceERKSC_: 981| 1.51M| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 982| 1.51M| FieldElement::conditional_assign(m_x, m_y, cond, pt.x(), pt.y()); 983| 1.51M| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE18conditional_assignERSA_SB_NS_2CT6ChoiceERKSA_SF_: 380| 1.51M| static constexpr void conditional_assign(Self& x, Self& y, CT::Choice cond, const Self& nx, const Self& ny) { 381| 1.51M| const W mask = cond.into_bitmask(); 382| | 383| 13.6M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (383:28): [True: 12.1M, False: 1.51M] ------------------ 384| 12.1M| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 385| 12.1M| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 386| 12.1M| } 387| 1.51M| } pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E13randomize_repERNS_21RandomNumberGeneratorE: 1142| 2.19k| void randomize_rep(RandomNumberGenerator& rng) { 1143| | // In certain contexts we may be called with a Null_RNG; in that case the 1144| | // caller is accepting that randomization will not occur 1145| | 1146| | // Conditional ok: caller's RNG state (seeded vs not) is presumed public 1147| 2.19k| if(rng.is_seeded()) { ------------------ | Branch (1147:13): [True: 2.19k, False: 0] ------------------ 1148| 2.19k| auto r = FieldElement::random(rng); 1149| | 1150| 2.19k| auto r2 = r.square(); 1151| 2.19k| auto r3 = r2 * r; 1152| | 1153| 2.19k| m_x *= r2; 1154| 2.19k| m_y *= r3; 1155| 2.19k| m_z *= r; 1156| 2.19k| } 1157| 2.19k| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 2.19k| static Self random(RandomNumberGenerator& rng) { 852| 2.19k| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 2.19k| std::array buf{}; 855| | 856| 3.30k| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 3.30k, False: 0] ------------------ 857| 3.30k| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 3.30k| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 2.19k, False: 1.11k] ------------------ 868| 2.19k| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 2.19k, False: 0] ------------------ 869| 2.19k| return s.value(); 870| 2.19k| } 871| 2.19k| } 872| 3.30k| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 2.19k| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 3.89k| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 3.89k| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 3.89k] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 3.89k| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 3.89k| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 1.11k, False: 2.77k] ------------------ 802| 1.11k| return {}; 803| 1.11k| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 2.77k| return Self::from_words(words); 807| 3.89k| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE10from_wordsILm8EEESA_NSt3__15arrayImXT_EEE: 211| 2.77k| static constexpr Self from_words(std::array w) { 212| 2.77k| if constexpr(L == N) { 213| 2.77k| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 2.77k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE10is_nonzeroEv: 230| 2.19k| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E20_const_time_unpoisonEv: 1176| 549| constexpr void _const_time_unpoison() const { CT::unpoison_all(m_x, m_y, m_z); } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE20_const_time_unpoisonEv: 891| 1.64k| constexpr void _const_time_unpoison() const { CT::unpoison(m_val); } pcurves_brainpool512r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm7EED2Ev: 1358| 400| ~BlindedScalarBits() { 1359| 400| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 400| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 400| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 1.34k| static Self from_stash(const std::array& stash) { 775| 1.34k| static_assert(L >= N); 776| 1.34k| std::array val = {}; 777| 12.1k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 10.7k, False: 1.34k] ------------------ 778| 10.7k| val[i] = stash[i]; 779| 10.7k| } 780| 1.34k| return Self(val); 781| 1.34k| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEEC2ENSt3__15arrayImLm8EEE: 898| 1.74k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE12serialize_toENSt3__14spanIhLm64EEE: 739| 2.14k| constexpr void serialize_to(std::span bytes) const { 740| 2.14k| auto v = Rep::from_rep(m_val); 741| 2.14k| std::reverse(v.begin(), v.end()); 742| | 743| 2.14k| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 2.14k| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 2.14k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 400| std::array stash_value() const { 760| 400| static_assert(L >= N); 761| 400| std::array stash = {}; 762| 3.60k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 3.20k, False: 400] ------------------ 763| 3.20k| stash[i] = m_val[i]; 764| 3.20k| } 765| 400| return stash; 766| 400| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 5.48k| static Self from_stash(const std::array& stash) { 775| 5.48k| static_assert(L >= N); 776| 5.48k| std::array val = {}; 777| 49.3k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 43.8k, False: 5.48k] ------------------ 778| 43.8k| val[i] = stash[i]; 779| 43.8k| } 780| 5.48k| return Self(val); 781| 5.48k| } pcurves_brainpool512r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm4EEC2ERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1487| 149| explicit WindowedBoothMulTable(const AffinePoint& p) : m_table(varpoint_setup(p)) {} pcurves_brainpool512r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_EERKNS_16AffineCurvePointISB_EE: 1066| 1.04k| friend constexpr Self operator+(const Self& a, const AffinePoint& b) { return Self::add_mixed(a, b); } pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E9add_mixedERKSC_RKNS_16AffineCurvePointISB_EE: 1091| 1.04k| constexpr static Self add_mixed(const Self& a, const AffinePoint& b) { 1092| 1.04k| return point_add_mixed(a, b, FieldElement::one()); 1093| 1.04k| } pcurves_brainpool512r1.cpp:_ZNK5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm4EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1489| 149| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1490| 149| const BlindedScalar bits(s, rng); 1491| | 1492| 149| const size_t scalar_bits = bits.bits(); 1493| 149| const size_t full_windows = compute_full_windows(scalar_bits + 1, WindowBits); 1494| 149| const size_t initial_shift = compute_initial_shift(scalar_bits + 1, WindowBits); 1495| | 1496| 149| BOTAN_DEBUG_ASSERT(full_windows * WindowBits + initial_shift == scalar_bits + 1); ------------------ | | 130| 149| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 149| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 149] | | ------------------ ------------------ 1497| 149| BOTAN_DEBUG_ASSERT(initial_shift > 0); ------------------ | | 130| 149| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 149| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 149] | | ------------------ ------------------ 1498| | 1499| 149| auto accum = ProjectivePoint::identity(); 1500| 149| CT::poison(accum); 1501| | 1502| 17.2k| for(size_t i = 0; i != full_windows; ++i) { ------------------ | Branch (1502:28): [True: 17.1k, False: 149] ------------------ 1503| 17.1k| const size_t idx = scalar_bits - initial_shift - WindowBits * i; 1504| | 1505| 17.1k| const size_t w_i = bits.get_window(idx); 1506| 17.1k| const auto [tidx, tneg] = booth_recode(w_i); 1507| | 1508| | // Conditional ok: loop iteration count is public 1509| 17.1k| if(i == 0) { ------------------ | Branch (1509:16): [True: 149, False: 16.9k] ------------------ 1510| 149| accum = ProjectivePoint::from_affine(m_table.ct_select(tidx)); 1511| 149| accum.conditional_assign(tneg, accum.negate()); 1512| 16.9k| } else { 1513| 16.9k| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1514| 16.9k| } 1515| | 1516| 17.1k| accum = accum.dbl_n(WindowBits); 1517| | 1518| | // Conditional ok: loop iteration count is public 1519| 17.1k| if(i <= 3) { ------------------ | Branch (1519:16): [True: 596, False: 16.5k] ------------------ 1520| 596| accum.randomize_rep(rng); 1521| 596| } 1522| 17.1k| } 1523| | 1524| | // final window (note one bit shorter than previous reads) 1525| 149| const size_t w_l = bits.get_window(0) & ((1 << WindowBits) - 1); 1526| 149| const auto [tidx, tneg] = booth_recode(w_l << 1); 1527| 149| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1528| | 1529| 149| CT::unpoison(accum); 1530| 149| return accum; 1531| 149| } pcurves_brainpool512r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 149| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 149| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 149, Folded] | Branch (1308:33): [True: 149, False: 0] ------------------ 1309| 149| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 149| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 149| constexpr size_t n_words = C::Words; 1313| | 1314| 149| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 149| rng.randomize(maskb, MaskBytes); 1316| | 1317| 149| W mask[n_words] = {0}; 1318| 149| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 149| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| | if constexpr(ExcessBits > 0) { 1323| | constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| | mask[MaskWords - 1] &= ExcessMask; 1325| | } 1326| | 1327| | // Set top and bottom bits of mask 1328| 149| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 149| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 149| mask[0] |= 1; 1331| | 1332| 149| W mask_n[2 * n_words] = {0}; 1333| | 1334| 149| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 149| comba_mul(mask_n, mask, C::NW.data()); 1338| 149| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 149| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 149| m_bytes = store_be>(mask_n); 1342| 149| m_bits = C::Scalar::BITS + BlindingBits; 1343| 149| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 149| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 149| } pcurves_brainpool512r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6EE4bitsEv: 1305| 149| size_t bits() const { return m_bits; } pcurves_brainpool512r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm4EE20compute_full_windowsEmm: 1468| 149| static constexpr size_t compute_full_windows(size_t sb, size_t wb) { 1469| 149| if(sb % wb == 0) { ------------------ | Branch (1469:13): [True: 0, False: 149] ------------------ 1470| 0| return (sb - 1) / wb; 1471| 149| } else { 1472| 149| return sb / wb; 1473| 149| } 1474| 149| } pcurves_brainpool512r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm4EE21compute_initial_shiftEmm: 1476| 149| static constexpr size_t compute_initial_shift(size_t sb, size_t wb) { 1477| 149| if(sb % wb == 0) { ------------------ | Branch (1477:13): [True: 0, False: 149] ------------------ 1478| 0| return wb; 1479| 149| } else { 1480| 149| return sb - (sb / wb) * wb; 1481| 149| } 1482| 149| } pcurves_brainpool512r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E8identityEv: 1038| 149| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::one(), FieldElement::zero()); } pcurves_brainpool512r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6EE10get_windowEm: 1353| 17.2k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 17.2k| return read_window_bits(std::span{m_bytes}, offset); 1356| 17.2k| } pcurves_brainpool512r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEES7_E5dbl_nEm: 1108| 17.1k| constexpr Self dbl_n(size_t n) const { 1109| | if constexpr(Self::A_is_minus_3) { 1110| | return dbl_n_a_minus_3(*this, n); 1111| | } else if constexpr(Self::A_is_zero) { 1112| | return dbl_n_a_zero(*this, n); 1113| 17.1k| } else { 1114| 17.1k| return dbl_n_generic(*this, A, n); 1115| 17.1k| } 1116| 17.1k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4div2Ev: 302| 17.1k| Self div2() const { 303| | // The inverse of 2 modulo P is (P/2)+1; this avoids a constexpr time 304| | // general inversion, which some compilers can't handle 305| 17.1k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 306| | 307| | // We could multiply by INV_2 but there is a better way ... 308| | 309| 17.1k| std::array t = value(); 310| 17.1k| const W borrow = shift_right<1>(t); 311| | 312| | // If value was odd, add (P/2)+1 313| 17.1k| const auto mask = CT::Mask::expand(borrow).value(); 314| | 315| 17.1k| W carry = 0; 316| | 317| 154k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (317:28): [True: 137k, False: 17.1k] ------------------ 318| 137k| t[i] = word_add(t[i], INV_2[i] & mask, &carry); 319| 137k| } 320| | 321| 17.1k| return Self(t); 322| 17.1k| } pcurves_brainpool512r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6EED2Ev: 1358| 149| ~BlindedScalarBits() { 1359| 149| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 149| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 149| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE7is_zeroEv: 225| 800| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEEeqERKSA_: 722| 791| constexpr CT::Choice operator==(const Self& other) const { 723| 791| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 791| } pcurves_brainpool512r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE8identityEv: 921| 1| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::zero()); } pcurves_brainpool512r1.cpp:_ZN5Botan13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsENS_13MontgomeryRepEE7x3_ax_bERKNS_6IntModINS5_INS6_11FieldParamsEEEEE: 1275| 791| static constexpr FieldElement x3_ax_b(const FieldElement& x) { return (x.square() + A) * x + B; } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE4sqrtEv: 663| 203| constexpr CT::Option sqrt() const { 664| 203| if constexpr(Self::P_MOD_4 == 3) { 665| | // The easy case for square root is when p == 3 (mod 4) 666| | 667| 203| constexpr auto P_PLUS_1_OVER_4 = p_plus_1_over_4(P); 668| 203| auto z = pow_vartime(P_PLUS_1_OVER_4); 669| | 670| | // Zero out the return value if it would otherwise be incorrect 671| 203| const CT::Choice correct = (z.square() == *this); 672| 203| z.conditional_assign(!correct, Self::zero()); 673| 203| return CT::Option(z, correct); 674| | } else { 675| | // Shanks-Tonelli, following I.4 in RFC 9380 676| | 677| | /* 678| | Constants: 679| | 1. c1, the largest integer such that 2^c1 divides q - 1. 680| | 2. c2 = (q - 1) / (2^c1) # Integer arithmetic 681| | 3. c3 = (c2 - 1) / 2 # Integer arithmetic 682| | 4. c4, a non-square value in F 683| | 5. c5 = c4^c2 in F 684| | */ 685| | constexpr auto C1_C2 = shanks_tonelli_c1c2(Self::P); 686| | constexpr std::array C3 = shanks_tonelli_c3(C1_C2.second); 687| | constexpr std::array P_MINUS_1_OVER_2 = p_minus_1_over_2(Self::P); 688| | constexpr Self C4 = shanks_tonelli_c4(P_MINUS_1_OVER_2); 689| | constexpr Self C5 = C4.pow_vartime(C1_C2.second); 690| | 691| | const Self& x = (*this); 692| | 693| | auto z = x.pow_vartime(C3); 694| | auto t = z.square(); 695| | t *= x; 696| | z *= x; 697| | auto b = t; 698| | auto c = C5; 699| | 700| | for(size_t i = C1_C2.first; i >= 2; i--) { 701| | b.square_n(i - 2); 702| | const CT::Choice e = b.is_one(); 703| | z.conditional_assign(!e, z * c); 704| | c.square_n(1); 705| | t.conditional_assign(!e, t * c); 706| | b = t; 707| | } 708| | 709| | // Zero out the return value if it would otherwise be incorrect 710| | const CT::Choice correct = (z.square() == *this); 711| | z.conditional_assign(!correct, Self::zero()); 712| | return CT::Option(z, correct); 713| | } 714| 203| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE12correct_signENS_2CT6ChoiceE: 248| 149| constexpr Self correct_sign(CT::Choice even) const { 249| 149| const auto flip = (even != this->is_even()); 250| 149| return Self::choose(flip, this->negate(), *this); 251| 149| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE7is_evenEv: 240| 149| constexpr CT::Choice is_even() const { 241| 149| auto v = Rep::from_rep(m_val); 242| 149| return !CT::Choice::from_int(v[0] & 0x01); 243| 149| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E11FieldParamsEEEE6chooseENS_2CT6ChoiceERKSA_SE_: 256| 149| static constexpr Self choose(CT::Choice choice, const Self& x, const Self& y) { 257| 149| auto r = y; 258| 149| r.conditional_assign(choice, x); 259| 149| return r; 260| 149| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 589| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 589| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 589] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 589| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 589| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 189, False: 400] ------------------ 802| 189| return {}; 803| 189| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 400| return Self::from_words(words); 807| 589| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE10from_wordsILm8EEESA_NSt3__15arrayImXT_EEE: 211| 400| static constexpr Self from_words(std::array w) { 212| 400| if constexpr(L == N) { 213| 400| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 400| } pcurves_brainpool512r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES0_E12ScalarParamsEE6to_repERKNSt3__15arrayImLm8EEE: 115| 400| constexpr static std::array to_rep(const std::array& x) { 116| 400| std::array z; // NOLINT(*-member-init) 117| 400| comba_mul(z.data(), x.data(), R2.data()); 118| 400| return Self::redc(z); 119| 400| } pcurves_brainpool512r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES2_E11FieldParamsEEEEEE12serialize_toENSt3__14spanIhLm129EEE: 941| 996| constexpr void serialize_to(std::span bytes) const { 942| 996| BOTAN_STATE_CHECK(this->is_identity().as_bool() == false); ------------------ | | 51| 996| do { \ | | 52| 996| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 996| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 996] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 996| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 996] | | ------------------ ------------------ 943| 996| BufferStuffer pack(bytes); 944| 996| pack.append(0x04); 945| 996| x().serialize_to(pack.next()); 946| 996| y().serialize_to(pack.next()); 947| 996| BOTAN_DEBUG_ASSERT(pack.full()); ------------------ | | 130| 996| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 996| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 996] | | ------------------ ------------------ 948| 996| } pcurves_brainpool512r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 400| static Self random(RandomNumberGenerator& rng) { 852| 400| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 400| std::array buf{}; 855| | 856| 589| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 589, False: 0] ------------------ 857| 589| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 589| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 400, False: 189] ------------------ 868| 400| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 400, False: 0] ------------------ 869| 400| return s.value(); 870| 400| } 871| 400| } 872| 589| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 400| } pcurves_brainpool512r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_114brainpool512r16ParamsES1_E12ScalarParamsEEEE10is_nonzeroEv: 230| 400| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_secp256r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS2_12Secp256r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1.25k| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1.25k| auto x = pt.x(); 1027| 1.25k| auto y = pt.y(); 1028| 1.25k| auto z = FieldElement::one(); 1029| | 1030| 1.25k| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1.25k| return ProjectiveCurvePoint(x, y, z); 1033| 1.25k| } pcurves_secp256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE1xEv: 971| 1.35M| constexpr const FieldElement& x() const { return m_x; } pcurves_secp256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE1yEv: 976| 1.31M| constexpr const FieldElement& y() const { return m_y; } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE3oneEv: 200| 50.3k| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 2.86M| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1.25k| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1.25k| const W mask = cond.into_bitmask(); 412| | 413| 6.29k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 5.03k, False: 1.25k] ------------------ 414| 5.03k| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 5.03k| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 5.03k| x.m_val[i] = nx; 417| 5.03k| y.m_val[i] = ny; 418| 5.03k| } 419| 1.25k| } pcurves_secp256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE11is_identityEv: 928| 68.5k| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE7is_zeroEv: 225| 297k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 76.8k| m_x(x), m_y(y), m_z(z) {} pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E3dblEv: 1121| 3.72k| constexpr Self dbl() const { 1122| 3.72k| if constexpr(Self::A_is_minus_3) { 1123| 3.72k| return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| | } else { 1127| | return dbl_generic(*this, A); 1128| | } 1129| 3.72k| } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E1zEv: 1172| 305k| constexpr const FieldElement& z() const { return m_z; } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE6squareEv: 426| 650k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 650k| std::array z; // NOLINT(*-member-init) 428| 650k| comba_sqr(z.data(), this->data()); 429| 650k| return Self(Rep::redc(z)); 430| 650k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4dataEv: 896| 2.90M| constexpr const W* data() const { return m_val.data(); } pcurves_secp256r1.cpp:_ZN5BotanmlERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEEESC_: 346| 677k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 677k| std::array z; // NOLINT(*-member-init) 348| 677k| comba_mul(z.data(), a.data(), b.data()); 349| 677k| return Self(Rep::redc(z)); 350| 677k| } pcurves_secp256r1.cpp:_ZN5BotanmiERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEEESC_: 281| 724k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 724k| std::array r; // NOLINT(*-member-init) 283| 724k| W carry = 0; 284| 3.62M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 2.89M, False: 724k] ------------------ 285| 2.89M| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 2.89M| } 287| | 288| 724k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 724k| carry = 0; 291| | 292| 3.62M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 2.89M, False: 724k] ------------------ 293| 2.89M| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 2.89M| } 295| | 296| 724k| return Self(r); 297| 724k| } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E1xEv: 1162| 191k| constexpr const FieldElement& x() const { return m_x; } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4mul3Ev: 335| 106k| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_secp256r1.cpp:_ZN5BotanplERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEEESC_: 265| 176k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 176k| std::array t; // NOLINT(*-member-init) 267| | 268| 176k| W carry = 0; 269| 884k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 707k, False: 176k] ------------------ 270| 707k| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 707k| } 272| | 273| 176k| std::array r; // NOLINT(*-member-init) 274| 176k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 176k| return Self(r); 276| 176k| } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E1yEv: 1167| 187k| constexpr const FieldElement& y() const { return m_y; } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4mul4Ev: 338| 3.72k| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4mul2Ev: 325| 359k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 359k| std::array t = value(); 327| 359k| const W carry = shift_left<1>(t); 328| | 329| 359k| std::array r; // NOLINT(*-member-init) 330| 359k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 359k| return Self(r); 332| 359k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE5valueEv: 894| 380k| constexpr const std::array& value() const { return m_val; } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4mul8Ev: 341| 3.72k| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_secp256r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_EESE_: 1064| 735| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 735| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 57.9k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 99.8k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 99.8k| const W mask = cond.into_bitmask(); 397| | 398| 499k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 399k, False: 99.8k] ------------------ 399| 399k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 399k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 399k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 399k| } 403| 99.8k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEEmLERKSA_: 355| 212k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 212k| std::array z; // NOLINT(*-member-init) 357| 212k| comba_mul(z.data(), data(), other.data()); 358| 212k| m_val = Rep::redc(z); 359| 212k| return (*this); 360| 212k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE8square_nEm: 439| 13.9k| constexpr void square_n(size_t n) { 440| 13.9k| std::array z; // NOLINT(*-member-init) 441| 423k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 410k, False: 13.9k] ------------------ 442| 410k| comba_sqr(z.data(), this->data()); 443| 410k| m_val = Rep::redc(z); 444| 410k| } 445| 13.9k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 176| for(;;) { 618| | // Conditional ok: this function is variable time 619| 176| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 175] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 175| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 175| std::array r; // NOLINT(*-member-init) 640| 175| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 175| if(carry == 0) { ------------------ | Branch (643:16): [True: 85, False: 90] ------------------ 644| | // b > a 645| 85| b.m_val = r; 646| 85| x = nx; 647| 85| Self::_invert_vartime_div2_helper(b, x); 648| 90| } else { 649| | // We know this can't underflow because a > b 650| 90| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 90| a.m_val = r; 652| 90| y = nx; 653| 90| Self::_invert_vartime_div2_helper(a, y); 654| 90| } 655| 175| } 656| 1| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4zeroEv: 195| 95.3k| static constexpr Self zero() { return Self(std::array{0}); } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 177| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 177| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 545| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 368, False: 177] ------------------ 552| 368| shift_right<1>(a.m_val); 553| | 554| 368| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 368| if(borrow) { ------------------ | Branch (557:16): [True: 129, False: 239] ------------------ 558| 129| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 129| } 560| 368| } 561| 177| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE6negateEv: 452| 47.4k| constexpr Self negate() const { 453| 47.4k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 47.4k| std::array r; // NOLINT(*-member-init) 456| 47.4k| W carry = 0; 457| 237k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 189k, False: 47.4k] ------------------ 458| 189k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 189k| } 460| | 461| 47.4k| return Self(r); 462| 47.4k| } pcurves_secp256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 81.1k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 18.2k| std::array stash_value() const { 760| 18.2k| static_assert(L >= N); 761| 18.2k| std::array stash = {}; 762| 91.0k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 72.8k, False: 18.2k] ------------------ 763| 72.8k| stash[i] = m_val[i]; 764| 72.8k| } 765| 18.2k| return stash; 766| 18.2k| } pcurves_secp256r1.cpp:_ZNK5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp256r1RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1407| 533| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1408| 533| const BlindedScalar scalar(s, rng); 1409| 533| return basemul_booth_exec(m_table, scalar, rng); 1410| 533| } pcurves_secp256r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm7EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp256r1RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 533| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 533| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 533, Folded] | Branch (1308:33): [True: 533, False: 0] ------------------ 1309| 533| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 533| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 533| constexpr size_t n_words = C::Words; 1313| | 1314| 533| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 533| rng.randomize(maskb, MaskBytes); 1316| | 1317| 533| W mask[n_words] = {0}; 1318| 533| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 533| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 533| if constexpr(ExcessBits > 0) { 1323| 533| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 533| mask[MaskWords - 1] &= ExcessMask; 1325| 533| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 533| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 533| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 533| mask[0] |= 1; 1331| | 1332| 533| W mask_n[2 * n_words] = {0}; 1333| | 1334| 533| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 533| comba_mul(mask_n, mask, C::NW.data()); 1338| 533| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 533| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 533| m_bytes = store_be>(mask_n); 1342| 533| m_bits = C::Scalar::BITS + BlindingBits; 1343| 533| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 533| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 533| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE8to_wordsEv: 734| 895| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS3_12Secp256r1RepEE12ScalarParamsEE8from_repERKNSt3__15arrayImLm4EEE: 137| 8.47k| constexpr static std::array from_rep(const std::array& z) { 138| 8.47k| std::array ze = {}; 139| 8.47k| copy_mem(std::span{ze}.template first(), z); 140| 8.47k| return Self::redc(ze); 141| 8.47k| } pcurves_secp256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS3_12Secp256r1RepEE12ScalarParamsEE4redcERKNSt3__15arrayImLm8EEE: 104| 16.0k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 16.0k| } else { 108| 16.0k| return monty_redc(z, P, P_dash); 109| 16.0k| } 110| 16.0k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm32EEE: 739| 7.57k| constexpr void serialize_to(std::span bytes) const { 740| 7.57k| auto v = Rep::from_rep(m_val); 741| 7.57k| std::reverse(v.begin(), v.end()); 742| | 743| 7.57k| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 7.57k| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 7.57k| } pcurves_secp256r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm7EE4bitsEv: 1305| 533| size_t bits() const { return m_bits; } pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E18conditional_assignENS_2CT6ChoiceERKSC_: 1084| 895| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 1085| 895| FieldElement::conditional_assign(m_x, m_y, m_z, cond, pt.x(), pt.y(), pt.z()); 1086| 895| } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E6negateEv: 1134| 895| constexpr Self negate() const { return Self(x(), y().negate(), z()); } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E18_const_time_poisonEv: 1174| 895| constexpr void _const_time_poison() const { CT::poison_all(m_x, m_y, m_z); } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE18_const_time_poisonEv: 889| 2.68k| constexpr void _const_time_poison() const { CT::poison(m_val); } pcurves_secp256r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm7EE10get_windowEm: 1353| 26.1k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 26.1k| return read_window_bits(std::span{m_bytes}, offset); 1356| 26.1k| } pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E10add_or_subERKSC_RKNS_16AffineCurvePointISB_EENS_2CT6ChoiceE: 1096| 46.2k| constexpr static Self add_or_sub(const Self& a, const AffinePoint& b, CT::Choice sub) { 1097| 46.2k| return point_add_or_sub_mixed(a, b, sub, FieldElement::one()); 1098| 46.2k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE18conditional_assignENS_2CT6ChoiceERKSA_: 367| 46.9k| constexpr void conditional_assign(CT::Choice cond, const Self& nx) { 368| 46.9k| const W mask = cond.into_bitmask(); 369| | 370| 234k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (370:28): [True: 187k, False: 46.9k] ------------------ 371| 187k| m_val[i] = Botan::choose(mask, nx.m_val[i], m_val[i]); 372| 187k| } 373| 46.9k| } pcurves_secp256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE9ct_selectENSt3__14spanIKSC_Lm18446744073709551615EEEm: 955| 26.1k| static constexpr auto ct_select(std::span pts, size_t idx) { 956| 26.1k| auto result = Self::identity(pts[0]); 957| | 958| | // Intentionally wrapping; set to maximum size_t if idx == 0 959| 26.1k| const size_t idx1 = static_cast(idx - 1); 960| 861k| for(size_t i = 0; i != pts.size(); ++i) { ------------------ | Branch (960:28): [True: 835k, False: 26.1k] ------------------ 961| 835k| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 962| 835k| result.conditional_assign(found, pts[i]); 963| 835k| } 964| | 965| 26.1k| return result; 966| 26.1k| } pcurves_secp256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE8identityERKSC_: 924| 47.1k| static constexpr Self identity(const Self& /*unused*/) { 925| 47.1k| return Self(FieldElement::zero(), FieldElement::zero()); 926| 47.1k| } pcurves_secp256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE18conditional_assignENS_2CT6ChoiceERKSC_: 981| 1.17M| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 982| 1.17M| FieldElement::conditional_assign(m_x, m_y, cond, pt.x(), pt.y()); 983| 1.17M| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE18conditional_assignERSA_SB_NS_2CT6ChoiceERKSA_SF_: 380| 1.17M| static constexpr void conditional_assign(Self& x, Self& y, CT::Choice cond, const Self& nx, const Self& ny) { 381| 1.17M| const W mask = cond.into_bitmask(); 382| | 383| 5.85M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (383:28): [True: 4.68M, False: 1.17M] ------------------ 384| 4.68M| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 385| 4.68M| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 386| 4.68M| } 387| 1.17M| } pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E13randomize_repERNS_21RandomNumberGeneratorE: 1142| 3.58k| void randomize_rep(RandomNumberGenerator& rng) { 1143| | // In certain contexts we may be called with a Null_RNG; in that case the 1144| | // caller is accepting that randomization will not occur 1145| | 1146| | // Conditional ok: caller's RNG state (seeded vs not) is presumed public 1147| 3.58k| if(rng.is_seeded()) { ------------------ | Branch (1147:13): [True: 3.58k, False: 0] ------------------ 1148| 3.58k| auto r = FieldElement::random(rng); 1149| | 1150| 3.58k| auto r2 = r.square(); 1151| 3.58k| auto r3 = r2 * r; 1152| | 1153| 3.58k| m_x *= r2; 1154| 3.58k| m_y *= r3; 1155| 3.58k| m_z *= r; 1156| 3.58k| } 1157| 3.58k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 3.58k| static Self random(RandomNumberGenerator& rng) { 852| 3.58k| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 3.58k| std::array buf{}; 855| | 856| 3.58k| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 3.58k, False: 0] ------------------ 857| 3.58k| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 3.58k| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 3.58k, False: 0] ------------------ 868| 3.58k| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 3.58k, False: 0] ------------------ 869| 3.58k| return s.value(); 870| 3.58k| } 871| 3.58k| } 872| 3.58k| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 3.58k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 18.7k| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 18.7k| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 18.7k] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 18.7k| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 18.7k| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 6, False: 18.7k] ------------------ 802| 6| return {}; 803| 6| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 18.7k| return Self::from_words(words); 807| 18.7k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE10from_wordsILm4EEESA_NSt3__15arrayImXT_EEE: 211| 18.7k| static constexpr Self from_words(std::array w) { 212| 18.7k| if constexpr(L == N) { 213| 18.7k| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 18.7k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE10is_nonzeroEv: 230| 3.58k| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E20_const_time_unpoisonEv: 1176| 895| constexpr void _const_time_unpoison() const { CT::unpoison_all(m_x, m_y, m_z); } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE20_const_time_unpoisonEv: 891| 2.68k| constexpr void _const_time_unpoison() const { CT::unpoison(m_val); } pcurves_secp256r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm7EED2Ev: 1358| 533| ~BlindedScalarBits() { 1359| 533| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 533| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 533| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE10from_stashILm9EEESB_RKNSt3__15arrayImXT_EEE: 774| 16.0k| static Self from_stash(const std::array& stash) { 775| 16.0k| static_assert(L >= N); 776| 16.0k| std::array val = {}; 777| 80.2k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 64.1k, False: 16.0k] ------------------ 778| 64.1k| val[i] = stash[i]; 779| 64.1k| } 780| 16.0k| return Self(val); 781| 16.0k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEEC2ENSt3__15arrayImLm4EEE: 898| 23.6k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE12serialize_toENSt3__14spanIhLm32EEE: 739| 18.4k| constexpr void serialize_to(std::span bytes) const { 740| 18.4k| auto v = Rep::from_rep(m_val); 741| 18.4k| std::reverse(v.begin(), v.end()); 742| | 743| 18.4k| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 18.4k| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 18.4k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 7.57k| std::array stash_value() const { 760| 7.57k| static_assert(L >= N); 761| 7.57k| std::array stash = {}; 762| 37.8k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 30.3k, False: 7.57k] ------------------ 763| 30.3k| stash[i] = m_val[i]; 764| 30.3k| } 765| 7.57k| return stash; 766| 7.57k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 38.4k| static Self from_stash(const std::array& stash) { 775| 38.4k| static_assert(L >= N); 776| 38.4k| std::array val = {}; 777| 192k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 153k, False: 38.4k] ------------------ 778| 153k| val[i] = stash[i]; 779| 153k| } 780| 38.4k| return Self(val); 781| 38.4k| } pcurves_secp256r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm4EEC2ERKNS_16AffineCurvePointINS_6IntModINS2_12Secp256r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1487| 362| explicit WindowedBoothMulTable(const AffinePoint& p) : m_table(varpoint_setup(p)) {} pcurves_secp256r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_EERKNS_16AffineCurvePointISB_EE: 1066| 2.53k| friend constexpr Self operator+(const Self& a, const AffinePoint& b) { return Self::add_mixed(a, b); } pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E9add_mixedERKSC_RKNS_16AffineCurvePointISB_EE: 1091| 2.53k| constexpr static Self add_mixed(const Self& a, const AffinePoint& b) { 1092| 2.53k| return point_add_mixed(a, b, FieldElement::one()); 1093| 2.53k| } pcurves_secp256r1.cpp:_ZNK5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm4EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp256r1RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1489| 362| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1490| 362| const BlindedScalar bits(s, rng); 1491| | 1492| 362| const size_t scalar_bits = bits.bits(); 1493| 362| const size_t full_windows = compute_full_windows(scalar_bits + 1, WindowBits); 1494| 362| const size_t initial_shift = compute_initial_shift(scalar_bits + 1, WindowBits); 1495| | 1496| 362| BOTAN_DEBUG_ASSERT(full_windows * WindowBits + initial_shift == scalar_bits + 1); ------------------ | | 130| 362| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 362| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 362] | | ------------------ ------------------ 1497| 362| BOTAN_DEBUG_ASSERT(initial_shift > 0); ------------------ | | 130| 362| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 362| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 362] | | ------------------ ------------------ 1498| | 1499| 362| auto accum = ProjectivePoint::identity(); 1500| 362| CT::poison(accum); 1501| | 1502| 20.9k| for(size_t i = 0; i != full_windows; ++i) { ------------------ | Branch (1502:28): [True: 20.6k, False: 362] ------------------ 1503| 20.6k| const size_t idx = scalar_bits - initial_shift - WindowBits * i; 1504| | 1505| 20.6k| const size_t w_i = bits.get_window(idx); 1506| 20.6k| const auto [tidx, tneg] = booth_recode(w_i); 1507| | 1508| | // Conditional ok: loop iteration count is public 1509| 20.6k| if(i == 0) { ------------------ | Branch (1509:16): [True: 362, False: 20.2k] ------------------ 1510| 362| accum = ProjectivePoint::from_affine(m_table.ct_select(tidx)); 1511| 362| accum.conditional_assign(tneg, accum.negate()); 1512| 20.2k| } else { 1513| 20.2k| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1514| 20.2k| } 1515| | 1516| 20.6k| accum = accum.dbl_n(WindowBits); 1517| | 1518| | // Conditional ok: loop iteration count is public 1519| 20.6k| if(i <= 3) { ------------------ | Branch (1519:16): [True: 1.44k, False: 19.1k] ------------------ 1520| 1.44k| accum.randomize_rep(rng); 1521| 1.44k| } 1522| 20.6k| } 1523| | 1524| | // final window (note one bit shorter than previous reads) 1525| 362| const size_t w_l = bits.get_window(0) & ((1 << WindowBits) - 1); 1526| 362| const auto [tidx, tneg] = booth_recode(w_l << 1); 1527| 362| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1528| | 1529| 362| CT::unpoison(accum); 1530| 362| return accum; 1531| 362| } pcurves_secp256r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp256r1RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 362| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 362| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 362, Folded] | Branch (1308:33): [True: 362, False: 0] ------------------ 1309| 362| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 362| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 362| constexpr size_t n_words = C::Words; 1313| | 1314| 362| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 362| rng.randomize(maskb, MaskBytes); 1316| | 1317| 362| W mask[n_words] = {0}; 1318| 362| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 362| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 362| if constexpr(ExcessBits > 0) { 1323| 362| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 362| mask[MaskWords - 1] &= ExcessMask; 1325| 362| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 362| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 362| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 362| mask[0] |= 1; 1331| | 1332| 362| W mask_n[2 * n_words] = {0}; 1333| | 1334| 362| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 362| comba_mul(mask_n, mask, C::NW.data()); 1338| 362| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 362| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 362| m_bytes = store_be>(mask_n); 1342| 362| m_bits = C::Scalar::BITS + BlindingBits; 1343| 362| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 362| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 362| } pcurves_secp256r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6EE4bitsEv: 1305| 362| size_t bits() const { return m_bits; } pcurves_secp256r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm4EE20compute_full_windowsEmm: 1468| 362| static constexpr size_t compute_full_windows(size_t sb, size_t wb) { 1469| 362| if(sb % wb == 0) { ------------------ | Branch (1469:13): [True: 0, False: 362] ------------------ 1470| 0| return (sb - 1) / wb; 1471| 362| } else { 1472| 362| return sb / wb; 1473| 362| } 1474| 362| } pcurves_secp256r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm4EE21compute_initial_shiftEmm: 1476| 362| static constexpr size_t compute_initial_shift(size_t sb, size_t wb) { 1477| 362| if(sb % wb == 0) { ------------------ | Branch (1477:13): [True: 0, False: 362] ------------------ 1478| 0| return wb; 1479| 362| } else { 1480| 362| return sb - (sb / wb) * wb; 1481| 362| } 1482| 362| } pcurves_secp256r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E8identityEv: 1038| 362| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::one(), FieldElement::zero()); } pcurves_secp256r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6EE10get_windowEm: 1353| 20.9k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 20.9k| return read_window_bits(std::span{m_bytes}, offset); 1356| 20.9k| } pcurves_secp256r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEES7_E5dbl_nEm: 1108| 20.6k| constexpr Self dbl_n(size_t n) const { 1109| 20.6k| if constexpr(Self::A_is_minus_3) { 1110| 20.6k| return dbl_n_a_minus_3(*this, n); 1111| | } else if constexpr(Self::A_is_zero) { 1112| | return dbl_n_a_zero(*this, n); 1113| | } else { 1114| | return dbl_n_generic(*this, A, n); 1115| | } 1116| 20.6k| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE4div2Ev: 302| 20.6k| Self div2() const { 303| | // The inverse of 2 modulo P is (P/2)+1; this avoids a constexpr time 304| | // general inversion, which some compilers can't handle 305| 20.6k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 306| | 307| | // We could multiply by INV_2 but there is a better way ... 308| | 309| 20.6k| std::array t = value(); 310| 20.6k| const W borrow = shift_right<1>(t); 311| | 312| | // If value was odd, add (P/2)+1 313| 20.6k| const auto mask = CT::Mask::expand(borrow).value(); 314| | 315| 20.6k| W carry = 0; 316| | 317| 103k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (317:28): [True: 82.5k, False: 20.6k] ------------------ 318| 82.5k| t[i] = word_add(t[i], INV_2[i] & mask, &carry); 319| 82.5k| } 320| | 321| 20.6k| return Self(t); 322| 20.6k| } pcurves_secp256r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6EED2Ev: 1358| 362| ~BlindedScalarBits() { 1359| 362| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 362| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 362| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE7is_zeroEv: 225| 15.1k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEEeqERKSA_: 722| 8.31k| constexpr CT::Choice operator==(const Self& other) const { 723| 8.31k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 8.31k| } pcurves_secp256r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE8identityEv: 921| 2| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::zero()); } pcurves_secp256r1.cpp:_ZN5Botan13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS2_12Secp256r1RepEE7x3_ax_bERKNS_6IntModINS5_INS6_11FieldParamsEEEEE: 1275| 8.31k| static constexpr FieldElement x3_ax_b(const FieldElement& x) { return (x.square() + A) * x + B; } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE12correct_signENS_2CT6ChoiceE: 248| 362| constexpr Self correct_sign(CT::Choice even) const { 249| 362| const auto flip = (even != this->is_even()); 250| 362| return Self::choose(flip, this->negate(), *this); 251| 362| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE7is_evenEv: 240| 362| constexpr CT::Choice is_even() const { 241| 362| auto v = Rep::from_rep(m_val); 242| 362| return !CT::Choice::from_int(v[0] & 0x01); 243| 362| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS2_9secp256r16ParamsES3_E11FieldParamsEEEE6chooseENS_2CT6ChoiceERKSA_SE_: 256| 362| static constexpr Self choose(CT::Choice choice, const Self& x, const Self& y) { 257| 362| auto r = y; 258| 362| r.conditional_assign(choice, x); 259| 362| return r; 260| 362| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 7.57k| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 7.57k| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 7.57k] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 7.57k| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 7.57k| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 7.57k] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 7.57k| return Self::from_words(words); 807| 7.57k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE10from_wordsILm4EEESB_NSt3__15arrayImXT_EEE: 211| 7.57k| static constexpr Self from_words(std::array w) { 212| 7.57k| if constexpr(L == N) { 213| 7.57k| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 7.57k| } pcurves_secp256r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS3_12Secp256r1RepEE12ScalarParamsEE6to_repERKNSt3__15arrayImLm4EEE: 115| 7.57k| constexpr static std::array to_rep(const std::array& x) { 116| 7.57k| std::array z; // NOLINT(*-member-init) 117| 7.57k| comba_mul(z.data(), x.data(), R2.data()); 118| 7.57k| return Self::redc(z); 119| 7.57k| } pcurves_secp256r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS3_9secp256r16ParamsES4_E11FieldParamsEEEEEE12serialize_toENSt3__14spanIhLm65EEE: 941| 9.02k| constexpr void serialize_to(std::span bytes) const { 942| 9.02k| BOTAN_STATE_CHECK(this->is_identity().as_bool() == false); ------------------ | | 51| 9.02k| do { \ | | 52| 9.02k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 9.02k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 9.02k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 9.02k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 9.02k] | | ------------------ ------------------ 943| 9.02k| BufferStuffer pack(bytes); 944| 9.02k| pack.append(0x04); 945| 9.02k| x().serialize_to(pack.next()); 946| 9.02k| y().serialize_to(pack.next()); 947| 9.02k| BOTAN_DEBUG_ASSERT(pack.full()); ------------------ | | 130| 9.02k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 9.02k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 9.02k] | | ------------------ ------------------ 948| 9.02k| } pcurves_secp256r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 533| static Self random(RandomNumberGenerator& rng) { 852| 533| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 533| std::array buf{}; 855| | 856| 533| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 533, False: 0] ------------------ 857| 533| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 533| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 533, False: 0] ------------------ 868| 533| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 533, False: 0] ------------------ 869| 533| return s.value(); 870| 533| } 871| 533| } 872| 533| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 533| } pcurves_secp256r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp256r16ParamsENS4_12Secp256r1RepEE12ScalarParamsEEEE10is_nonzeroEv: 230| 533| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_secp384r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS2_12Secp384r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 1.09k| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 1.09k| auto x = pt.x(); 1027| 1.09k| auto y = pt.y(); 1028| 1.09k| auto z = FieldElement::one(); 1029| | 1030| 1.09k| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 1.09k| return ProjectiveCurvePoint(x, y, z); 1033| 1.09k| } pcurves_secp384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE1xEv: 971| 1.77M| constexpr const FieldElement& x() const { return m_x; } pcurves_secp384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE1yEv: 976| 1.71M| constexpr const FieldElement& y() const { return m_y; } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE3oneEv: 200| 64.6k| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEEC2ENSt3__15arrayImLm6EEE: 898| 3.46M| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 1.09k| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 1.09k| const W mask = cond.into_bitmask(); 412| | 413| 7.63k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 6.54k, False: 1.09k] ------------------ 414| 6.54k| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 6.54k| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 6.54k| x.m_val[i] = nx; 417| 6.54k| y.m_val[i] = ny; 418| 6.54k| } 419| 1.09k| } pcurves_secp384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE11is_identityEv: 928| 68.2k| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE7is_zeroEv: 225| 341k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 96.1k| m_x(x), m_y(y), m_z(z) {} pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E3dblEv: 1121| 3.60k| constexpr Self dbl() const { 1122| 3.60k| if constexpr(Self::A_is_minus_3) { 1123| 3.60k| return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| | } else { 1127| | return dbl_generic(*this, A); 1128| | } 1129| 3.60k| } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E1zEv: 1172| 384k| constexpr const FieldElement& z() const { return m_z; } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE6squareEv: 426| 785k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 785k| std::array z; // NOLINT(*-member-init) 428| 785k| comba_sqr(z.data(), this->data()); 429| 785k| return Self(Rep::redc(z)); 430| 785k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4dataEv: 896| 3.56M| constexpr const W* data() const { return m_val.data(); } pcurves_secp384r1.cpp:_ZN5BotanmlERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEEESC_: 346| 837k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 837k| std::array z; // NOLINT(*-member-init) 348| 837k| comba_mul(z.data(), a.data(), b.data()); 349| 837k| return Self(Rep::redc(z)); 350| 837k| } pcurves_secp384r1.cpp:_ZN5BotanmiERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEEESC_: 281| 909k| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 909k| std::array r; // NOLINT(*-member-init) 283| 909k| W carry = 0; 284| 6.36M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 5.45M, False: 909k] ------------------ 285| 5.45M| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 5.45M| } 287| | 288| 909k| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 909k| carry = 0; 291| | 292| 6.36M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 5.45M, False: 909k] ------------------ 293| 5.45M| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 5.45M| } 295| | 296| 909k| return Self(r); 297| 909k| } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E1xEv: 1162| 240k| constexpr const FieldElement& x() const { return m_x; } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4mul3Ev: 335| 130k| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_secp384r1.cpp:_ZN5BotanplERKNS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEEESC_: 265| 201k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 201k| std::array t; // NOLINT(*-member-init) 267| | 268| 201k| W carry = 0; 269| 1.41M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 1.20M, False: 201k] ------------------ 270| 1.20M| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 1.20M| } 272| | 273| 201k| std::array r; // NOLINT(*-member-init) 274| 201k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 201k| return Self(r); 276| 201k| } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E1yEv: 1167| 236k| constexpr const FieldElement& y() const { return m_y; } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4mul4Ev: 338| 3.60k| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4mul2Ev: 325| 436k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 436k| std::array t = value(); 327| 436k| const W carry = shift_left<1>(t); 328| | 329| 436k| std::array r; // NOLINT(*-member-init) 330| 436k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 436k| return Self(r); 332| 436k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE5valueEv: 894| 461k| constexpr const std::array& value() const { return m_val; } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4mul8Ev: 341| 3.60k| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_secp384r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_EESE_: 1064| 1.09k| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 1.09k| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 72.8k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 129k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 129k| const W mask = cond.into_bitmask(); 397| | 398| 907k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 777k, False: 129k] ------------------ 399| 777k| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 777k| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 777k| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 777k| } 403| 129k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEEmLERKSA_: 355| 256k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 256k| std::array z; // NOLINT(*-member-init) 357| 256k| comba_mul(z.data(), data(), other.data()); 358| 256k| m_val = Rep::redc(z); 359| 256k| return (*this); 360| 256k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE8square_nEm: 439| 16.3k| constexpr void square_n(size_t n) { 440| 16.3k| std::array z; // NOLINT(*-member-init) 441| 543k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 527k, False: 16.3k] ------------------ 442| 527k| comba_sqr(z.data(), this->data()); 443| 527k| m_val = Rep::redc(z); 444| 527k| } 445| 16.3k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 252| for(;;) { 618| | // Conditional ok: this function is variable time 619| 252| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 251] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 251| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 251| std::array r; // NOLINT(*-member-init) 640| 251| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 251| if(carry == 0) { ------------------ | Branch (643:16): [True: 118, False: 133] ------------------ 644| | // b > a 645| 118| b.m_val = r; 646| 118| x = nx; 647| 118| Self::_invert_vartime_div2_helper(b, x); 648| 133| } else { 649| | // We know this can't underflow because a > b 650| 133| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 133| a.m_val = r; 652| 133| y = nx; 653| 133| Self::_invert_vartime_div2_helper(a, y); 654| 133| } 655| 251| } 656| 1| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4zeroEv: 195| 124k| static constexpr Self zero() { return Self(std::array{0}); } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 253| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 253| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 809| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 556, False: 253] ------------------ 552| 556| shift_right<1>(a.m_val); 553| | 554| 556| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 556| if(borrow) { ------------------ | Branch (557:16): [True: 248, False: 308] ------------------ 558| 248| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 248| } 560| 556| } 561| 253| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE6negateEv: 452| 62.3k| constexpr Self negate() const { 453| 62.3k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 62.3k| std::array r; // NOLINT(*-member-init) 456| 62.3k| W carry = 0; 457| 436k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 373k, False: 62.3k] ------------------ 458| 373k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 373k| } 460| | 461| 62.3k| return Self(r); 462| 62.3k| } pcurves_secp384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 73.8k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 3.67k| std::array stash_value() const { 760| 3.67k| static_assert(L >= N); 761| 3.67k| std::array stash = {}; 762| 25.7k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 22.0k, False: 3.67k] ------------------ 763| 22.0k| stash[i] = m_val[i]; 764| 22.0k| } 765| 3.67k| return stash; 766| 3.67k| } pcurves_secp384r1.cpp:_ZNK5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp384r1RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1407| 497| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1408| 497| const BlindedScalar scalar(s, rng); 1409| 497| return basemul_booth_exec(m_table, scalar, rng); 1410| 497| } pcurves_secp384r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm7EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp384r1RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 497| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 497| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 497, Folded] | Branch (1308:33): [True: 497, False: 0] ------------------ 1309| 497| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 497| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 497| constexpr size_t n_words = C::Words; 1313| | 1314| 497| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 497| rng.randomize(maskb, MaskBytes); 1316| | 1317| 497| W mask[n_words] = {0}; 1318| 497| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 497| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 497| if constexpr(ExcessBits > 0) { 1323| 497| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 497| mask[MaskWords - 1] &= ExcessMask; 1325| 497| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 497| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 497| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 497| mask[0] |= 1; 1331| | 1332| 497| W mask_n[2 * n_words] = {0}; 1333| | 1334| 497| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 497| comba_mul(mask_n, mask, C::NW.data()); 1338| 497| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 497| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 497| m_bytes = store_be>(mask_n); 1342| 497| m_bits = C::Scalar::BITS + BlindingBits; 1343| 497| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 497| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 497| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE8to_wordsEv: 734| 793| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS3_12Secp384r1RepEE12ScalarParamsEE8from_repERKNSt3__15arrayImLm6EEE: 137| 1.29k| constexpr static std::array from_rep(const std::array& z) { 138| 1.29k| std::array ze = {}; 139| 1.29k| copy_mem(std::span{ze}.template first(), z); 140| 1.29k| return Self::redc(ze); 141| 1.29k| } pcurves_secp384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS3_12Secp384r1RepEE12ScalarParamsEE4redcERKNSt3__15arrayImLm12EEE: 104| 1.78k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 1.78k| } else { 108| 1.78k| return monty_redc(z, P, P_dash); 109| 1.78k| } 110| 1.78k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm48EEE: 739| 497| constexpr void serialize_to(std::span bytes) const { 740| 497| auto v = Rep::from_rep(m_val); 741| 497| std::reverse(v.begin(), v.end()); 742| | 743| 497| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 497| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 497| } pcurves_secp384r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm7EE4bitsEv: 1305| 497| size_t bits() const { return m_bits; } pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E18conditional_assignENS_2CT6ChoiceERKSC_: 1084| 793| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 1085| 793| FieldElement::conditional_assign(m_x, m_y, m_z, cond, pt.x(), pt.y(), pt.z()); 1086| 793| } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E6negateEv: 1134| 793| constexpr Self negate() const { return Self(x(), y().negate(), z()); } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E18_const_time_poisonEv: 1174| 793| constexpr void _const_time_poison() const { CT::poison_all(m_x, m_y, m_z); } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE18_const_time_poisonEv: 889| 2.37k| constexpr void _const_time_poison() const { CT::poison(m_val); } pcurves_secp384r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm7EE10get_windowEm: 1353| 36.2k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 36.2k| return read_window_bits(std::span{m_bytes}, offset); 1356| 36.2k| } pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E10add_or_subERKSC_RKNS_16AffineCurvePointISB_EENS_2CT6ChoiceE: 1096| 61.2k| constexpr static Self add_or_sub(const Self& a, const AffinePoint& b, CT::Choice sub) { 1097| 61.2k| return point_add_or_sub_mixed(a, b, sub, FieldElement::one()); 1098| 61.2k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE18conditional_assignENS_2CT6ChoiceERKSA_: 367| 61.8k| constexpr void conditional_assign(CT::Choice cond, const Self& nx) { 368| 61.8k| const W mask = cond.into_bitmask(); 369| | 370| 432k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (370:28): [True: 371k, False: 61.8k] ------------------ 371| 371k| m_val[i] = Botan::choose(mask, nx.m_val[i], m_val[i]); 372| 371k| } 373| 61.8k| } pcurves_secp384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE9ct_selectENSt3__14spanIKSC_Lm18446744073709551615EEEm: 955| 36.2k| static constexpr auto ct_select(std::span pts, size_t idx) { 956| 36.2k| auto result = Self::identity(pts[0]); 957| | 958| | // Intentionally wrapping; set to maximum size_t if idx == 0 959| 36.2k| const size_t idx1 = static_cast(idx - 1); 960| 1.19M| for(size_t i = 0; i != pts.size(); ++i) { ------------------ | Branch (960:28): [True: 1.16M, False: 36.2k] ------------------ 961| 1.16M| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 962| 1.16M| result.conditional_assign(found, pts[i]); 963| 1.16M| } 964| | 965| 36.2k| return result; 966| 36.2k| } pcurves_secp384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE8identityERKSC_: 924| 62.0k| static constexpr Self identity(const Self& /*unused*/) { 925| 62.0k| return Self(FieldElement::zero(), FieldElement::zero()); 926| 62.0k| } pcurves_secp384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE18conditional_assignENS_2CT6ChoiceERKSC_: 981| 1.57M| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 982| 1.57M| FieldElement::conditional_assign(m_x, m_y, cond, pt.x(), pt.y()); 983| 1.57M| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE18conditional_assignERSA_SB_NS_2CT6ChoiceERKSA_SF_: 380| 1.57M| static constexpr void conditional_assign(Self& x, Self& y, CT::Choice cond, const Self& nx, const Self& ny) { 381| 1.57M| const W mask = cond.into_bitmask(); 382| | 383| 11.0M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (383:28): [True: 9.43M, False: 1.57M] ------------------ 384| 9.43M| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 385| 9.43M| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 386| 9.43M| } 387| 1.57M| } pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E13randomize_repERNS_21RandomNumberGeneratorE: 1142| 3.17k| void randomize_rep(RandomNumberGenerator& rng) { 1143| | // In certain contexts we may be called with a Null_RNG; in that case the 1144| | // caller is accepting that randomization will not occur 1145| | 1146| | // Conditional ok: caller's RNG state (seeded vs not) is presumed public 1147| 3.17k| if(rng.is_seeded()) { ------------------ | Branch (1147:13): [True: 3.17k, False: 0] ------------------ 1148| 3.17k| auto r = FieldElement::random(rng); 1149| | 1150| 3.17k| auto r2 = r.square(); 1151| 3.17k| auto r3 = r2 * r; 1152| | 1153| 3.17k| m_x *= r2; 1154| 3.17k| m_y *= r3; 1155| 3.17k| m_z *= r; 1156| 3.17k| } 1157| 3.17k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 3.17k| static Self random(RandomNumberGenerator& rng) { 852| 3.17k| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 3.17k| std::array buf{}; 855| | 856| 3.17k| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 3.17k, False: 0] ------------------ 857| 3.17k| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 3.17k| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 3.17k, False: 0] ------------------ 868| 3.17k| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 3.17k, False: 0] ------------------ 869| 3.17k| return s.value(); 870| 3.17k| } 871| 3.17k| } 872| 3.17k| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 3.17k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 4.17k| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 4.17k| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 4.17k] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 4.17k| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 4.17k| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 6, False: 4.16k] ------------------ 802| 6| return {}; 803| 6| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 4.16k| return Self::from_words(words); 807| 4.17k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE10from_wordsILm6EEESA_NSt3__15arrayImXT_EEE: 211| 4.16k| static constexpr Self from_words(std::array w) { 212| 4.16k| if constexpr(L == N) { 213| 4.16k| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 4.16k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE10is_nonzeroEv: 230| 3.17k| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E20_const_time_unpoisonEv: 1176| 793| constexpr void _const_time_unpoison() const { CT::unpoison_all(m_x, m_y, m_z); } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE20_const_time_unpoisonEv: 891| 2.37k| constexpr void _const_time_unpoison() const { CT::unpoison(m_val); } pcurves_secp384r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm7EED2Ev: 1358| 497| ~BlindedScalarBits() { 1359| 497| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 497| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 497| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE10from_stashILm9EEESB_RKNSt3__15arrayImXT_EEE: 774| 1.78k| static Self from_stash(const std::array& stash) { 775| 1.78k| static_assert(L >= N); 776| 1.78k| std::array val = {}; 777| 12.5k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 10.7k, False: 1.78k] ------------------ 778| 10.7k| val[i] = stash[i]; 779| 10.7k| } 780| 1.78k| return Self(val); 781| 1.78k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEEC2ENSt3__15arrayImLm6EEE: 898| 2.28k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE12serialize_toENSt3__14spanIhLm48EEE: 739| 3.65k| constexpr void serialize_to(std::span bytes) const { 740| 3.65k| auto v = Rep::from_rep(m_val); 741| 3.65k| std::reverse(v.begin(), v.end()); 742| | 743| 3.65k| if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| 3.65k| store_be(bytes, v); 745| | } else { 746| | // Remove leading zero bytes 747| | const auto padded_bytes = store_be(v); 748| | constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| | copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| | } 751| 3.65k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 497| std::array stash_value() const { 760| 497| static_assert(L >= N); 761| 497| std::array stash = {}; 762| 3.47k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 2.98k, False: 497] ------------------ 763| 2.98k| stash[i] = m_val[i]; 764| 2.98k| } 765| 497| return stash; 766| 497| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 8.81k| static Self from_stash(const std::array& stash) { 775| 8.81k| static_assert(L >= N); 776| 8.81k| std::array val = {}; 777| 61.7k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 52.9k, False: 8.81k] ------------------ 778| 52.9k| val[i] = stash[i]; 779| 52.9k| } 780| 8.81k| return Self(val); 781| 8.81k| } pcurves_secp384r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm4EEC2ERKNS_16AffineCurvePointINS_6IntModINS2_12Secp384r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1487| 296| explicit WindowedBoothMulTable(const AffinePoint& p) : m_table(varpoint_setup(p)) {} pcurves_secp384r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_EERKNS_16AffineCurvePointISB_EE: 1066| 2.07k| friend constexpr Self operator+(const Self& a, const AffinePoint& b) { return Self::add_mixed(a, b); } pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E9add_mixedERKSC_RKNS_16AffineCurvePointISB_EE: 1091| 2.07k| constexpr static Self add_mixed(const Self& a, const AffinePoint& b) { 1092| 2.07k| return point_add_mixed(a, b, FieldElement::one()); 1093| 2.07k| } pcurves_secp384r1.cpp:_ZNK5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm4EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp384r1RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1489| 296| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1490| 296| const BlindedScalar bits(s, rng); 1491| | 1492| 296| const size_t scalar_bits = bits.bits(); 1493| 296| const size_t full_windows = compute_full_windows(scalar_bits + 1, WindowBits); 1494| 296| const size_t initial_shift = compute_initial_shift(scalar_bits + 1, WindowBits); 1495| | 1496| 296| BOTAN_DEBUG_ASSERT(full_windows * WindowBits + initial_shift == scalar_bits + 1); ------------------ | | 130| 296| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 296| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 296] | | ------------------ ------------------ 1497| 296| BOTAN_DEBUG_ASSERT(initial_shift > 0); ------------------ | | 130| 296| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 296| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 296] | | ------------------ ------------------ 1498| | 1499| 296| auto accum = ProjectivePoint::identity(); 1500| 296| CT::poison(accum); 1501| | 1502| 25.7k| for(size_t i = 0; i != full_windows; ++i) { ------------------ | Branch (1502:28): [True: 25.4k, False: 296] ------------------ 1503| 25.4k| const size_t idx = scalar_bits - initial_shift - WindowBits * i; 1504| | 1505| 25.4k| const size_t w_i = bits.get_window(idx); 1506| 25.4k| const auto [tidx, tneg] = booth_recode(w_i); 1507| | 1508| | // Conditional ok: loop iteration count is public 1509| 25.4k| if(i == 0) { ------------------ | Branch (1509:16): [True: 296, False: 25.1k] ------------------ 1510| 296| accum = ProjectivePoint::from_affine(m_table.ct_select(tidx)); 1511| 296| accum.conditional_assign(tneg, accum.negate()); 1512| 25.1k| } else { 1513| 25.1k| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1514| 25.1k| } 1515| | 1516| 25.4k| accum = accum.dbl_n(WindowBits); 1517| | 1518| | // Conditional ok: loop iteration count is public 1519| 25.4k| if(i <= 3) { ------------------ | Branch (1519:16): [True: 1.18k, False: 24.2k] ------------------ 1520| 1.18k| accum.randomize_rep(rng); 1521| 1.18k| } 1522| 25.4k| } 1523| | 1524| | // final window (note one bit shorter than previous reads) 1525| 296| const size_t w_l = bits.get_window(0) & ((1 << WindowBits) - 1); 1526| 296| const auto [tidx, tneg] = booth_recode(w_l << 1); 1527| 296| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1528| | 1529| 296| CT::unpoison(accum); 1530| 296| return accum; 1531| 296| } pcurves_secp384r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp384r1RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 296| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 296| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 296, Folded] | Branch (1308:33): [True: 296, False: 0] ------------------ 1309| 296| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 296| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 296| constexpr size_t n_words = C::Words; 1313| | 1314| 296| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 296| rng.randomize(maskb, MaskBytes); 1316| | 1317| 296| W mask[n_words] = {0}; 1318| 296| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 296| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 296| if constexpr(ExcessBits > 0) { 1323| 296| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 296| mask[MaskWords - 1] &= ExcessMask; 1325| 296| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 296| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 296| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 296| mask[0] |= 1; 1331| | 1332| 296| W mask_n[2 * n_words] = {0}; 1333| | 1334| 296| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 296| comba_mul(mask_n, mask, C::NW.data()); 1338| 296| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 296| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 296| m_bytes = store_be>(mask_n); 1342| 296| m_bits = C::Scalar::BITS + BlindingBits; 1343| 296| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 296| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 296| } pcurves_secp384r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6EE4bitsEv: 1305| 296| size_t bits() const { return m_bits; } pcurves_secp384r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm4EE20compute_full_windowsEmm: 1468| 296| static constexpr size_t compute_full_windows(size_t sb, size_t wb) { 1469| 296| if(sb % wb == 0) { ------------------ | Branch (1469:13): [True: 0, False: 296] ------------------ 1470| 0| return (sb - 1) / wb; 1471| 296| } else { 1472| 296| return sb / wb; 1473| 296| } 1474| 296| } pcurves_secp384r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm4EE21compute_initial_shiftEmm: 1476| 296| static constexpr size_t compute_initial_shift(size_t sb, size_t wb) { 1477| 296| if(sb % wb == 0) { ------------------ | Branch (1477:13): [True: 0, False: 296] ------------------ 1478| 0| return wb; 1479| 296| } else { 1480| 296| return sb - (sb / wb) * wb; 1481| 296| } 1482| 296| } pcurves_secp384r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E8identityEv: 1038| 296| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::one(), FieldElement::zero()); } pcurves_secp384r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6EE10get_windowEm: 1353| 25.7k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 25.7k| return read_window_bits(std::span{m_bytes}, offset); 1356| 25.7k| } pcurves_secp384r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEES7_E5dbl_nEm: 1108| 25.4k| constexpr Self dbl_n(size_t n) const { 1109| 25.4k| if constexpr(Self::A_is_minus_3) { 1110| 25.4k| return dbl_n_a_minus_3(*this, n); 1111| | } else if constexpr(Self::A_is_zero) { 1112| | return dbl_n_a_zero(*this, n); 1113| | } else { 1114| | return dbl_n_generic(*this, A, n); 1115| | } 1116| 25.4k| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE4div2Ev: 302| 25.4k| Self div2() const { 303| | // The inverse of 2 modulo P is (P/2)+1; this avoids a constexpr time 304| | // general inversion, which some compilers can't handle 305| 25.4k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 306| | 307| | // We could multiply by INV_2 but there is a better way ... 308| | 309| 25.4k| std::array t = value(); 310| 25.4k| const W borrow = shift_right<1>(t); 311| | 312| | // If value was odd, add (P/2)+1 313| 25.4k| const auto mask = CT::Mask::expand(borrow).value(); 314| | 315| 25.4k| W carry = 0; 316| | 317| 178k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (317:28): [True: 152k, False: 25.4k] ------------------ 318| 152k| t[i] = word_add(t[i], INV_2[i] & mask, &carry); 319| 152k| } 320| | 321| 25.4k| return Self(t); 322| 25.4k| } pcurves_secp384r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6EED2Ev: 1358| 296| ~BlindedScalarBits() { 1359| 296| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 296| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 296| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE7is_zeroEv: 225| 994| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEEeqERKSA_: 722| 1.14k| constexpr CT::Choice operator==(const Self& other) const { 723| 1.14k| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 1.14k| } pcurves_secp384r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE8identityEv: 921| 3| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::zero()); } pcurves_secp384r1.cpp:_ZN5Botan13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS2_12Secp384r1RepEE7x3_ax_bERKNS_6IntModINS5_INS6_11FieldParamsEEEEE: 1275| 1.14k| static constexpr FieldElement x3_ax_b(const FieldElement& x) { return (x.square() + A) * x + B; } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE12correct_signENS_2CT6ChoiceE: 248| 296| constexpr Self correct_sign(CT::Choice even) const { 249| 296| const auto flip = (even != this->is_even()); 250| 296| return Self::choose(flip, this->negate(), *this); 251| 296| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE7is_evenEv: 240| 296| constexpr CT::Choice is_even() const { 241| 296| auto v = Rep::from_rep(m_val); 242| 296| return !CT::Choice::from_int(v[0] & 0x01); 243| 296| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS2_9secp384r16ParamsES3_E11FieldParamsEEEE6chooseENS_2CT6ChoiceERKSA_SE_: 256| 296| static constexpr Self choose(CT::Choice choice, const Self& x, const Self& y) { 257| 296| auto r = y; 258| 296| r.conditional_assign(choice, x); 259| 296| return r; 260| 296| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 497| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 497| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 497] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 497| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 497| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 497] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 497| return Self::from_words(words); 807| 497| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE10from_wordsILm6EEESB_NSt3__15arrayImXT_EEE: 211| 497| static constexpr Self from_words(std::array w) { 212| 497| if constexpr(L == N) { 213| 497| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 497| } pcurves_secp384r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS3_12Secp384r1RepEE12ScalarParamsEE6to_repERKNSt3__15arrayImLm6EEE: 115| 497| constexpr static std::array to_rep(const std::array& x) { 116| 497| std::array z; // NOLINT(*-member-init) 117| 497| comba_mul(z.data(), x.data(), R2.data()); 118| 497| return Self::redc(z); 119| 497| } pcurves_secp384r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS3_9secp384r16ParamsES4_E11FieldParamsEEEEEE12serialize_toENSt3__14spanIhLm97EEE: 941| 1.68k| constexpr void serialize_to(std::span bytes) const { 942| 1.68k| BOTAN_STATE_CHECK(this->is_identity().as_bool() == false); ------------------ | | 51| 1.68k| do { \ | | 52| 1.68k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 1.68k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 1.68k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 1.68k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 1.68k] | | ------------------ ------------------ 943| 1.68k| BufferStuffer pack(bytes); 944| 1.68k| pack.append(0x04); 945| 1.68k| x().serialize_to(pack.next()); 946| 1.68k| y().serialize_to(pack.next()); 947| 1.68k| BOTAN_DEBUG_ASSERT(pack.full()); ------------------ | | 130| 1.68k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 1.68k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 1.68k] | | ------------------ ------------------ 948| 1.68k| } pcurves_secp384r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 497| static Self random(RandomNumberGenerator& rng) { 852| 497| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 497| std::array buf{}; 855| | 856| 497| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 497, False: 0] ------------------ 857| 497| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| | if constexpr(Self::BITS % 8 != 0) { 862| | constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| | buf[0] &= mask; 864| | } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 497| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 497, False: 0] ------------------ 868| 497| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 497, False: 0] ------------------ 869| 497| return s.value(); 870| 497| } 871| 497| } 872| 497| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 497| } pcurves_secp384r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp384r16ParamsENS4_12Secp384r1RepEE12ScalarParamsEEEE10is_nonzeroEv: 230| 497| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_secp521r1.cpp:_ZN5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6EEC2ERKNS_16AffineCurvePointINS_6IntModINS3_7P521RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1405| 1| m_table(basemul_booth_setup(p, BlindedScalar::Bits + 1)) {} pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E11from_affineERKNS_16AffineCurvePointISB_EE: 1016| 932| static constexpr Self from_affine(const AffinePoint& pt) { 1017| | /* 1018| | * If the point is the identity element (x=0, y=0) then instead of 1019| | * creating (x, y, 1) = (0, 0, 1) we want our projective identity 1020| | * encoding of (0, 1, 0) 1021| | * 1022| | * Which we can achieve by a conditional swap of y and z if the 1023| | * affine point is the identity. 1024| | */ 1025| | 1026| 932| auto x = pt.x(); 1027| 932| auto y = pt.y(); 1028| 932| auto z = FieldElement::one(); 1029| | 1030| 932| FieldElement::conditional_swap(pt.is_identity(), y, z); 1031| | 1032| 932| return ProjectiveCurvePoint(x, y, z); 1033| 932| } pcurves_secp521r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE1xEv: 971| 2.02M| constexpr const FieldElement& x() const { return m_x; } pcurves_secp521r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE1yEv: 976| 1.95M| constexpr const FieldElement& y() const { return m_y; } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE3oneEv: 200| 72.9k| static constexpr Self one() { return Self(Rep::one()); } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEC2ENSt3__15arrayImLm9EEE: 898| 3.90M| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE16conditional_swapENS_2CT6ChoiceERSA_SD_: 410| 932| static constexpr void conditional_swap(CT::Choice cond, Self& x, Self& y) { 411| 932| const W mask = cond.into_bitmask(); 412| | 413| 9.32k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (413:28): [True: 8.38k, False: 932] ------------------ 414| 8.38k| auto nx = Botan::choose(mask, y.m_val[i], x.m_val[i]); 415| 8.38k| auto ny = Botan::choose(mask, x.m_val[i], y.m_val[i]); 416| 8.38k| x.m_val[i] = nx; 417| 8.38k| y.m_val[i] = ny; 418| 8.38k| } 419| 932| } pcurves_secp521r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE11is_identityEv: 928| 76.0k| constexpr CT::Choice is_identity() const { return x().is_zero() && y().is_zero(); } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE7is_zeroEv: 225| 383k| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EC2ERKSB_SE_SE_: 1056| 108k| m_x(x), m_y(y), m_z(z) {} pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E3dblEv: 1121| 3.65k| constexpr Self dbl() const { 1122| 3.65k| if constexpr(Self::A_is_minus_3) { 1123| 3.65k| return dbl_a_minus_3(*this); 1124| | } else if constexpr(Self::A_is_zero) { 1125| | return dbl_a_zero(*this); 1126| | } else { 1127| | return dbl_generic(*this, A); 1128| | } 1129| 3.65k| } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1zEv: 1172| 434k| constexpr const FieldElement& z() const { return m_z; } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6squareEv: 426| 885k| constexpr BOTAN_FORCE_INLINE Self square() const { 427| 885k| std::array z; // NOLINT(*-member-init) 428| 885k| comba_sqr(z.data(), this->data()); 429| 885k| return Self(Rep::redc(z)); 430| 885k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4dataEv: 896| 4.01M| constexpr const W* data() const { return m_val.data(); } pcurves_secp521r1.cpp:_ZN5BotanmlERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 346| 942k| friend constexpr BOTAN_FORCE_INLINE Self operator*(const Self& a, const Self& b) { 347| 942k| std::array z; // NOLINT(*-member-init) 348| 942k| comba_mul(z.data(), a.data(), b.data()); 349| 942k| return Self(Rep::redc(z)); 350| 942k| } pcurves_secp521r1.cpp:_ZN5BotanmiERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 281| 1.03M| friend constexpr BOTAN_FORCE_INLINE Self operator-(const Self& a, const Self& b) { 282| 1.03M| std::array r; // NOLINT(*-member-init) 283| 1.03M| W carry = 0; 284| 10.3M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (284:28): [True: 9.28M, False: 1.03M] ------------------ 285| 9.28M| r[i] = word_sub(a.m_val[i], b.m_val[i], &carry); 286| 9.28M| } 287| | 288| 1.03M| const auto mask = CT::Mask::expand(carry).value(); 289| | 290| 1.03M| carry = 0; 291| | 292| 10.3M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (292:28): [True: 9.28M, False: 1.03M] ------------------ 293| 9.28M| r[i] = word_add(r[i], P[i] & mask, &carry); 294| 9.28M| } 295| | 296| 1.03M| return Self(r); 297| 1.03M| } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1xEv: 1162| 270k| constexpr const FieldElement& x() const { return m_x; } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul3Ev: 335| 147k| constexpr inline Self mul3() const { return mul2() + (*this); } pcurves_secp521r1.cpp:_ZN5BotanplERKNS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEESC_: 265| 227k| friend constexpr BOTAN_FORCE_INLINE Self operator+(const Self& a, const Self& b) { 266| 227k| std::array t; // NOLINT(*-member-init) 267| | 268| 227k| W carry = 0; 269| 2.27M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (269:28): [True: 2.04M, False: 227k] ------------------ 270| 2.04M| t[i] = word_add(a.m_val[i], b.m_val[i], &carry); 271| 2.04M| } 272| | 273| 227k| std::array r; // NOLINT(*-member-init) 274| 227k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 275| 227k| return Self(r); 276| 227k| } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E1yEv: 1167| 266k| constexpr const FieldElement& y() const { return m_y; } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul4Ev: 338| 3.65k| constexpr inline Self mul4() const { return mul2().mul2(); } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul2Ev: 325| 491k| constexpr BOTAN_FORCE_INLINE Self mul2() const { 326| 491k| std::array t = value(); 327| 491k| const W carry = shift_left<1>(t); 328| | 329| 491k| std::array r; // NOLINT(*-member-init) 330| 491k| bigint_monty_maybe_sub(r.data(), carry, t.data(), P.data()); 331| 491k| return Self(r); 332| 491k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE5valueEv: 894| 519k| constexpr const std::array& value() const { return m_val; } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4mul8Ev: 341| 3.65k| constexpr inline Self mul8() const { return mul2().mul2().mul2(); } pcurves_secp521r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EESE_: 1064| 1.45k| friend constexpr Self operator+(const Self& a, const Self& b) { return Self::add(a, b); } pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E3addERKSC_SE_: 1103| 1.45k| constexpr static Self add(const Self& a, const Self& b) { return point_add(a, b); } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E11is_identityEv: 1082| 82.0k| constexpr CT::Choice is_identity() const { return z().is_zero(); } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE18conditional_assignERSA_SB_SB_NS_2CT6ChoiceERKSA_SF_SF_: 395| 147k| Self& x, Self& y, Self& z, CT::Choice cond, const Self& nx, const Self& ny, const Self& nz) { 396| 147k| const W mask = cond.into_bitmask(); 397| | 398| 1.47M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (398:28): [True: 1.32M, False: 147k] ------------------ 399| 1.32M| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 400| 1.32M| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 401| 1.32M| z.m_val[i] = Botan::choose(mask, nz.m_val[i], z.m_val[i]); 402| 1.32M| } 403| 147k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEmLERKSA_: 355| 279k| constexpr BOTAN_FORCE_INLINE Self& operator*=(const Self& other) { 356| 279k| std::array z; // NOLINT(*-member-init) 357| 279k| comba_mul(z.data(), data(), other.data()); 358| 279k| m_val = Rep::redc(z); 359| 279k| return (*this); 360| 279k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE8square_nEm: 439| 10.4k| constexpr void square_n(size_t n) { 440| 10.4k| std::array z; // NOLINT(*-member-init) 441| 625k| for(size_t i = 0; i != n; ++i) { ------------------ | Branch (441:28): [True: 614k, False: 10.4k] ------------------ 442| 614k| comba_sqr(z.data(), this->data()); 443| 614k| m_val = Rep::redc(z); 444| 614k| } 445| 10.4k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE14invert_vartimeEv: 598| 1| constexpr Self invert_vartime() const { 599| | // Conditional ok: this function is variable time 600| 1| if(this->is_zero().as_bool()) { ------------------ | Branch (600:13): [True: 0, False: 1] ------------------ 601| 0| return Self::zero(); 602| 0| } 603| | 604| 1| auto x = Self(std::array{1}); // 1 in standard domain 605| 1| auto b = Self(this->to_words()); // *this in standard domain 606| | 607| | // First loop iteration 608| 1| Self::_invert_vartime_div2_helper(b, x); 609| | 610| 1| auto a = b.negate(); 611| | // y += x but y is zero at the outset 612| 1| auto y = x; 613| | 614| | // First half of second loop iteration 615| 1| Self::_invert_vartime_div2_helper(a, y); 616| | 617| 350| for(;;) { 618| | // Conditional ok: this function is variable time 619| 350| if(a.m_val == b.m_val) { ------------------ | Branch (619:16): [True: 1, False: 349] ------------------ 620| | // At this point it should be that a == b == 1 621| 1| auto r = y.negate(); 622| | 623| | // Convert back to Montgomery if required 624| 1| r.m_val = Rep::to_rep(r.m_val); 625| 1| return r; 626| 1| } 627| | 628| 349| auto nx = x + y; 629| | 630| | /* 631| | * Otherwise either b > a or a > b 632| | * 633| | * If b > a we want to set b to b - a 634| | * Otherwise we want to set a to a - b 635| | * 636| | * Compute r = b - a and check if it underflowed 637| | * If it did not then we are in the b > a path 638| | */ 639| 349| std::array r; // NOLINT(*-member-init) 640| 349| const word carry = bigint_sub3(r.data(), b.data(), N, a.data(), N); 641| | 642| | // Conditional ok: this function is variable time 643| 349| if(carry == 0) { ------------------ | Branch (643:16): [True: 170, False: 179] ------------------ 644| | // b > a 645| 170| b.m_val = r; 646| 170| x = nx; 647| 170| Self::_invert_vartime_div2_helper(b, x); 648| 179| } else { 649| | // We know this can't underflow because a > b 650| 179| bigint_sub3(r.data(), a.data(), N, b.data(), N); 651| 179| a.m_val = r; 652| 179| y = nx; 653| 179| Self::_invert_vartime_div2_helper(a, y); 654| 179| } 655| 349| } 656| 1| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4zeroEv: 195| 142k| static constexpr Self zero() { return Self(std::array{0}); } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE8to_wordsEv: 734| 1| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE27_invert_vartime_div2_helperERSA_SB_: 547| 351| static constexpr void _invert_vartime_div2_helper(Self& a, Self& x) { 548| 351| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 549| | 550| | // Conditional ok: this function is variable time 551| 1.09k| while((a.m_val[0] & 1) != 1) { ------------------ | Branch (551:16): [True: 742, False: 351] ------------------ 552| 742| shift_right<1>(a.m_val); 553| | 554| 742| const W borrow = shift_right<1>(x.m_val); 555| | 556| | // Conditional ok: this function is variable time 557| 742| if(borrow) { ------------------ | Branch (557:16): [True: 109, False: 633] ------------------ 558| 109| bigint_add2(x.m_val.data(), N, INV_2.data(), N); 559| 109| } 560| 742| } 561| 351| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6negateEv: 452| 70.9k| constexpr Self negate() const { 453| 70.9k| const W x_is_zero = ~CT::all_zeros(this->data(), N).value(); 454| | 455| 70.9k| std::array r; // NOLINT(*-member-init) 456| 70.9k| W carry = 0; 457| 709k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (457:28): [True: 638k, False: 70.9k] ------------------ 458| 638k| r[i] = word_sub(P[i] & x_is_zero, m_val[i], &carry); 459| 638k| } 460| | 461| 70.9k| return Self(r); 462| 70.9k| } pcurves_secp521r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEEC2ERKSB_SE_: 917| 81.9k| constexpr AffineCurvePoint(const FieldElement& x, const FieldElement& y) : m_x(x), m_y(y) {} pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 3.15k| std::array stash_value() const { 760| 3.15k| static_assert(L >= N); 761| 3.15k| std::array stash = {}; 762| 31.5k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 28.3k, False: 3.15k] ------------------ 763| 28.3k| stash[i] = m_val[i]; 764| 28.3k| } 765| 3.15k| return stash; 766| 3.15k| } pcurves_secp521r1.cpp:_ZNK5Botan23PrecomputedBaseMulTableINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS3_7P521RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1407| 429| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1408| 429| const BlindedScalar scalar(s, rng); 1409| 429| return basemul_booth_exec(m_table, scalar, rng); 1410| 429| } pcurves_secp521r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm7EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS3_7P521RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 429| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 429| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 429, Folded] | Branch (1308:33): [True: 429, False: 0] ------------------ 1309| 429| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 429| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 429| constexpr size_t n_words = C::Words; 1313| | 1314| 429| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 429| rng.randomize(maskb, MaskBytes); 1316| | 1317| 429| W mask[n_words] = {0}; 1318| 429| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 429| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 429| if constexpr(ExcessBits > 0) { 1323| 429| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 429| mask[MaskWords - 1] &= ExcessMask; 1325| 429| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 429| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 429| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 429| mask[0] |= 1; 1331| | 1332| 429| W mask_n[2 * n_words] = {0}; 1333| | 1334| 429| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 429| comba_mul(mask_n, mask, C::NW.data()); 1338| 429| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 429| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 429| m_bytes = store_be>(mask_n); 1342| 429| m_bits = C::Scalar::BITS + BlindingBits; 1343| 429| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 429| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 429| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE8to_wordsEv: 734| 680| constexpr std::array to_words() const { return Rep::from_rep(m_val); } pcurves_secp521r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS4_7P521RepEE12ScalarParamsEE8from_repERKNSt3__15arrayImLm9EEE: 137| 1.10k| constexpr static std::array from_rep(const std::array& z) { 138| 1.10k| std::array ze = {}; 139| 1.10k| copy_mem(std::span{ze}.template first(), z); 140| 1.10k| return Self::redc(ze); 141| 1.10k| } pcurves_secp521r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS4_7P521RepEE12ScalarParamsEE4redcERKNSt3__15arrayImLm18EEE: 104| 1.53k| constexpr static std::array redc(const std::array& z) { 105| | if constexpr(P_dash == 1) { 106| | return monty_redc_pdash1(z, P); 107| 1.53k| } else { 108| 1.53k| return monty_redc(z, P, P_dash); 109| 1.53k| } 110| 1.53k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE12serialize_toENSt3__14spanIhLm66EEE: 739| 429| constexpr void serialize_to(std::span bytes) const { 740| 429| auto v = Rep::from_rep(m_val); 741| 429| std::reverse(v.begin(), v.end()); 742| | 743| | if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| | store_be(bytes, v); 745| 429| } else { 746| | // Remove leading zero bytes 747| 429| const auto padded_bytes = store_be(v); 748| 429| constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| 429| copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| 429| } 751| 429| } pcurves_secp521r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm7EE4bitsEv: 1305| 429| size_t bits() const { return m_bits; } pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E18conditional_assignENS_2CT6ChoiceERKSC_: 1084| 680| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 1085| 680| FieldElement::conditional_assign(m_x, m_y, m_z, cond, pt.x(), pt.y(), pt.z()); 1086| 680| } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E6negateEv: 1134| 680| constexpr Self negate() const { return Self(x(), y().negate(), z()); } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E18_const_time_poisonEv: 1174| 680| constexpr void _const_time_poison() const { CT::poison_all(m_x, m_y, m_z); } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE18_const_time_poisonEv: 889| 2.04k| constexpr void _const_time_poison() const { CT::poison(m_val); } pcurves_secp521r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm7EE10get_windowEm: 1353| 41.6k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 41.6k| return read_window_bits(std::span{m_bytes}, offset); 1356| 41.6k| } pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E10add_or_subERKSC_RKNS_16AffineCurvePointISB_EENS_2CT6ChoiceE: 1096| 70.0k| constexpr static Self add_or_sub(const Self& a, const AffinePoint& b, CT::Choice sub) { 1097| 70.0k| return point_add_or_sub_mixed(a, b, sub, FieldElement::one()); 1098| 70.0k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE18conditional_assignENS_2CT6ChoiceERKSA_: 367| 70.5k| constexpr void conditional_assign(CT::Choice cond, const Self& nx) { 368| 70.5k| const W mask = cond.into_bitmask(); 369| | 370| 705k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (370:28): [True: 634k, False: 70.5k] ------------------ 371| 634k| m_val[i] = Botan::choose(mask, nx.m_val[i], m_val[i]); 372| 634k| } 373| 70.5k| } pcurves_secp521r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE9ct_selectENSt3__14spanIKSC_Lm18446744073709551615EEEm: 955| 41.6k| static constexpr auto ct_select(std::span pts, size_t idx) { 956| 41.6k| auto result = Self::identity(pts[0]); 957| | 958| | // Intentionally wrapping; set to maximum size_t if idx == 0 959| 41.6k| const size_t idx1 = static_cast(idx - 1); 960| 1.37M| for(size_t i = 0; i != pts.size(); ++i) { ------------------ | Branch (960:28): [True: 1.33M, False: 41.6k] ------------------ 961| 1.33M| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 962| 1.33M| result.conditional_assign(found, pts[i]); 963| 1.33M| } 964| | 965| 41.6k| return result; 966| 41.6k| } pcurves_secp521r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE8identityERKSC_: 924| 70.7k| static constexpr Self identity(const Self& /*unused*/) { 925| 70.7k| return Self(FieldElement::zero(), FieldElement::zero()); 926| 70.7k| } pcurves_secp521r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE18conditional_assignENS_2CT6ChoiceERKSC_: 981| 1.79M| constexpr void conditional_assign(CT::Choice cond, const Self& pt) { 982| 1.79M| FieldElement::conditional_assign(m_x, m_y, cond, pt.x(), pt.y()); 983| 1.79M| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE18conditional_assignERSA_SB_NS_2CT6ChoiceERKSA_SF_: 380| 1.79M| static constexpr void conditional_assign(Self& x, Self& y, CT::Choice cond, const Self& nx, const Self& ny) { 381| 1.79M| const W mask = cond.into_bitmask(); 382| | 383| 17.9M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (383:28): [True: 16.1M, False: 1.79M] ------------------ 384| 16.1M| x.m_val[i] = Botan::choose(mask, nx.m_val[i], x.m_val[i]); 385| 16.1M| y.m_val[i] = Botan::choose(mask, ny.m_val[i], y.m_val[i]); 386| 16.1M| } 387| 1.79M| } pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E13randomize_repERNS_21RandomNumberGeneratorE: 1142| 2.72k| void randomize_rep(RandomNumberGenerator& rng) { 1143| | // In certain contexts we may be called with a Null_RNG; in that case the 1144| | // caller is accepting that randomization will not occur 1145| | 1146| | // Conditional ok: caller's RNG state (seeded vs not) is presumed public 1147| 2.72k| if(rng.is_seeded()) { ------------------ | Branch (1147:13): [True: 2.72k, False: 0] ------------------ 1148| 2.72k| auto r = FieldElement::random(rng); 1149| | 1150| 2.72k| auto r2 = r.square(); 1151| 2.72k| auto r3 = r2 * r; 1152| | 1153| 2.72k| m_x *= r2; 1154| 2.72k| m_y *= r3; 1155| 2.72k| m_z *= r; 1156| 2.72k| } 1157| 2.72k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 2.72k| static Self random(RandomNumberGenerator& rng) { 852| 2.72k| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 2.72k| std::array buf{}; 855| | 856| 2.72k| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 2.72k, False: 0] ------------------ 857| 2.72k| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| 2.72k| if constexpr(Self::BITS % 8 != 0) { 862| 2.72k| constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| 2.72k| buf[0] &= mask; 864| 2.72k| } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 2.72k| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 2.72k, False: 0] ------------------ 868| 2.72k| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 2.72k, False: 0] ------------------ 869| 2.72k| return s.value(); 870| 2.72k| } 871| 2.72k| } 872| 2.72k| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 2.72k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 3.60k| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 3.60k| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 3.60k] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 3.60k| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 3.60k| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 5, False: 3.60k] ------------------ 802| 5| return {}; 803| 5| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 3.60k| return Self::from_words(words); 807| 3.60k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE10from_wordsILm9EEESA_NSt3__15arrayImXT_EEE: 211| 3.60k| static constexpr Self from_words(std::array w) { 212| 3.60k| if constexpr(L == N) { 213| 3.60k| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 3.60k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE10is_nonzeroEv: 230| 2.72k| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E20_const_time_unpoisonEv: 1176| 680| constexpr void _const_time_unpoison() const { CT::unpoison_all(m_x, m_y, m_z); } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE20_const_time_unpoisonEv: 891| 2.04k| constexpr void _const_time_unpoison() const { CT::unpoison(m_val); } pcurves_secp521r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm7EED2Ev: 1358| 429| ~BlindedScalarBits() { 1359| 429| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 429| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 429| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE10from_stashILm9EEESB_RKNSt3__15arrayImXT_EEE: 774| 1.53k| static Self from_stash(const std::array& stash) { 775| 1.53k| static_assert(L >= N); 776| 1.53k| std::array val = {}; 777| 15.3k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 13.8k, False: 1.53k] ------------------ 778| 13.8k| val[i] = stash[i]; 779| 13.8k| } 780| 1.53k| return Self(val); 781| 1.53k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEEC2ENSt3__15arrayImLm9EEE: 898| 1.96k| explicit constexpr IntMod(std::array v) : m_val(v) {} pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE12serialize_toENSt3__14spanIhLm66EEE: 739| 3.11k| constexpr void serialize_to(std::span bytes) const { 740| 3.11k| auto v = Rep::from_rep(m_val); 741| 3.11k| std::reverse(v.begin(), v.end()); 742| | 743| | if constexpr(Self::BYTES == N * WordInfo::bytes) { 744| | store_be(bytes, v); 745| 3.11k| } else { 746| | // Remove leading zero bytes 747| 3.11k| const auto padded_bytes = store_be(v); 748| 3.11k| constexpr size_t extra = N * WordInfo::bytes - Self::BYTES; 749| 3.11k| copy_mem(bytes, std::span{padded_bytes}.template subspan()); 750| 3.11k| } 751| 3.11k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE11stash_valueILm9EEENSt3__15arrayImXT_EEEv: 759| 429| std::array stash_value() const { 760| 429| static_assert(L >= N); 761| 429| std::array stash = {}; 762| 4.29k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (762:28): [True: 3.86k, False: 429] ------------------ 763| 3.86k| stash[i] = m_val[i]; 764| 3.86k| } 765| 429| return stash; 766| 429| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE10from_stashILm9EEESA_RKNSt3__15arrayImXT_EEE: 774| 7.52k| static Self from_stash(const std::array& stash) { 775| 7.52k| static_assert(L >= N); 776| 7.52k| std::array val = {}; 777| 75.2k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (777:28): [True: 67.7k, False: 7.52k] ------------------ 778| 67.7k| val[i] = stash[i]; 779| 67.7k| } 780| 7.52k| return Self(val); 781| 7.52k| } pcurves_secp521r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm4EEC2ERKNS_16AffineCurvePointINS_6IntModINS3_7P521RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 1487| 251| explicit WindowedBoothMulTable(const AffinePoint& p) : m_table(varpoint_setup(p)) {} pcurves_secp521r1.cpp:_ZN5BotanplERKNS_20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_EERKNS_16AffineCurvePointISB_EE: 1066| 1.75k| friend constexpr Self operator+(const Self& a, const AffinePoint& b) { return Self::add_mixed(a, b); } pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E9add_mixedERKSC_RKNS_16AffineCurvePointISB_EE: 1091| 1.75k| constexpr static Self add_mixed(const Self& a, const AffinePoint& b) { 1092| 1.75k| return point_add_mixed(a, b, FieldElement::one()); 1093| 1.75k| } pcurves_secp521r1.cpp:_ZNK5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm4EE3mulERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS3_7P521RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1489| 251| ProjectivePoint mul(const Scalar& s, RandomNumberGenerator& rng) const { 1490| 251| const BlindedScalar bits(s, rng); 1491| | 1492| 251| const size_t scalar_bits = bits.bits(); 1493| 251| const size_t full_windows = compute_full_windows(scalar_bits + 1, WindowBits); 1494| 251| const size_t initial_shift = compute_initial_shift(scalar_bits + 1, WindowBits); 1495| | 1496| 251| BOTAN_DEBUG_ASSERT(full_windows * WindowBits + initial_shift == scalar_bits + 1); ------------------ | | 130| 251| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 251| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 251] | | ------------------ ------------------ 1497| 251| BOTAN_DEBUG_ASSERT(initial_shift > 0); ------------------ | | 130| 251| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 251| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 251] | | ------------------ ------------------ 1498| | 1499| 251| auto accum = ProjectivePoint::identity(); 1500| 251| CT::poison(accum); 1501| | 1502| 29.1k| for(size_t i = 0; i != full_windows; ++i) { ------------------ | Branch (1502:28): [True: 28.8k, False: 251] ------------------ 1503| 28.8k| const size_t idx = scalar_bits - initial_shift - WindowBits * i; 1504| | 1505| 28.8k| const size_t w_i = bits.get_window(idx); 1506| 28.8k| const auto [tidx, tneg] = booth_recode(w_i); 1507| | 1508| | // Conditional ok: loop iteration count is public 1509| 28.8k| if(i == 0) { ------------------ | Branch (1509:16): [True: 251, False: 28.6k] ------------------ 1510| 251| accum = ProjectivePoint::from_affine(m_table.ct_select(tidx)); 1511| 251| accum.conditional_assign(tneg, accum.negate()); 1512| 28.6k| } else { 1513| 28.6k| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1514| 28.6k| } 1515| | 1516| 28.8k| accum = accum.dbl_n(WindowBits); 1517| | 1518| | // Conditional ok: loop iteration count is public 1519| 28.8k| if(i <= 3) { ------------------ | Branch (1519:16): [True: 1.00k, False: 27.8k] ------------------ 1520| 1.00k| accum.randomize_rep(rng); 1521| 1.00k| } 1522| 28.8k| } 1523| | 1524| | // final window (note one bit shorter than previous reads) 1525| 251| const size_t w_l = bits.get_window(0) & ((1 << WindowBits) - 1); 1526| 251| const auto [tidx, tneg] = booth_recode(w_l << 1); 1527| 251| accum = ProjectivePoint::add_or_sub(accum, m_table.ct_select(tidx), tneg); 1528| | 1529| 251| CT::unpoison(accum); 1530| 251| return accum; 1531| 251| } pcurves_secp521r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6EEC2ERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS3_7P521RepEE12ScalarParamsEEEEERNS_21RandomNumberGeneratorE: 1307| 251| BlindedScalarBits(const typename C::Scalar& scalar, RandomNumberGenerator& rng) { 1308| 251| if(BlindingBits > 0 && rng.is_seeded()) { ------------------ | Branch (1308:13): [True: 251, Folded] | Branch (1308:33): [True: 251, False: 0] ------------------ 1309| 251| constexpr size_t MaskWords = (BlindingBits + WordInfo::bits - 1) / WordInfo::bits; 1310| 251| constexpr size_t MaskBytes = MaskWords * WordInfo::bytes; 1311| | 1312| 251| constexpr size_t n_words = C::Words; 1313| | 1314| 251| uint8_t maskb[MaskBytes + (BlindingBits == 0 ? 1 : 0)] = {0}; 1315| 251| rng.randomize(maskb, MaskBytes); 1316| | 1317| 251| W mask[n_words] = {0}; 1318| 251| load_le(mask, maskb, MaskWords); 1319| | 1320| | // Mask to exactly BlindingBits 1321| 251| constexpr size_t ExcessBits = MaskWords * WordInfo::bits - BlindingBits; 1322| 251| if constexpr(ExcessBits > 0) { 1323| 251| constexpr W ExcessMask = (static_cast(1) << (WordInfo::bits - ExcessBits)) - 1; 1324| 251| mask[MaskWords - 1] &= ExcessMask; 1325| 251| } 1326| | 1327| | // Set top and bottom bits of mask 1328| 251| constexpr size_t TopMaskBit = (BlindingBits - 1) % WordInfo::bits; 1329| 251| mask[(BlindingBits - 1) / WordInfo::bits] |= static_cast(1) << TopMaskBit; 1330| 251| mask[0] |= 1; 1331| | 1332| 251| W mask_n[2 * n_words] = {0}; 1333| | 1334| 251| const auto sw = scalar.to_words(); 1335| | 1336| | // Compute masked scalar s + k*n 1337| 251| comba_mul(mask_n, mask, C::NW.data()); 1338| 251| bigint_add2(mask_n, 2 * n_words, sw.data(), sw.size()); 1339| | 1340| 251| std::reverse(mask_n, mask_n + 2 * n_words); 1341| 251| m_bytes = store_be>(mask_n); 1342| 251| m_bits = C::Scalar::BITS + BlindingBits; 1343| 251| } else { 1344| | // No RNG available, skip blinding 1345| 0| m_bytes.resize(C::Scalar::BYTES); 1346| 0| scalar.serialize_to(std::span{m_bytes}.template first()); 1347| 0| m_bits = C::Scalar::BITS; 1348| 0| } 1349| | 1350| 251| CT::poison(m_bytes.data(), m_bytes.size()); 1351| 251| } pcurves_secp521r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6EE4bitsEv: 1305| 251| size_t bits() const { return m_bits; } pcurves_secp521r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm4EE20compute_full_windowsEmm: 1468| 251| static constexpr size_t compute_full_windows(size_t sb, size_t wb) { 1469| 251| if(sb % wb == 0) { ------------------ | Branch (1469:13): [True: 0, False: 251] ------------------ 1470| 0| return (sb - 1) / wb; 1471| 251| } else { 1472| 251| return sb / wb; 1473| 251| } 1474| 251| } pcurves_secp521r1.cpp:_ZN5Botan21WindowedBoothMulTableINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm4EE21compute_initial_shiftEmm: 1476| 251| static constexpr size_t compute_initial_shift(size_t sb, size_t wb) { 1477| 251| if(sb % wb == 0) { ------------------ | Branch (1477:13): [True: 0, False: 251] ------------------ 1478| 0| return wb; 1479| 251| } else { 1480| 251| return sb - (sb / wb) * wb; 1481| 251| } 1482| 251| } pcurves_secp521r1.cpp:_ZN5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E8identityEv: 1038| 251| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::one(), FieldElement::zero()); } pcurves_secp521r1.cpp:_ZNK5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6EE10get_windowEm: 1353| 29.1k| size_t get_window(size_t offset) const { 1354| | // Extract a WindowBits sized window out of s, depending on offset. 1355| 29.1k| return read_window_bits(std::span{m_bytes}, offset); 1356| 29.1k| } pcurves_secp521r1.cpp:_ZNK5Botan20ProjectiveCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEES7_E5dbl_nEm: 1108| 28.8k| constexpr Self dbl_n(size_t n) const { 1109| 28.8k| if constexpr(Self::A_is_minus_3) { 1110| 28.8k| return dbl_n_a_minus_3(*this, n); 1111| | } else if constexpr(Self::A_is_zero) { 1112| | return dbl_n_a_zero(*this, n); 1113| | } else { 1114| | return dbl_n_generic(*this, A, n); 1115| | } 1116| 28.8k| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE4div2Ev: 302| 28.8k| Self div2() const { 303| | // The inverse of 2 modulo P is (P/2)+1; this avoids a constexpr time 304| | // general inversion, which some compilers can't handle 305| 28.8k| constexpr auto INV_2 = p_div_2_plus_1(Rep::P); 306| | 307| | // We could multiply by INV_2 but there is a better way ... 308| | 309| 28.8k| std::array t = value(); 310| 28.8k| const W borrow = shift_right<1>(t); 311| | 312| | // If value was odd, add (P/2)+1 313| 28.8k| const auto mask = CT::Mask::expand(borrow).value(); 314| | 315| 28.8k| W carry = 0; 316| | 317| 288k| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (317:28): [True: 259k, False: 28.8k] ------------------ 318| 259k| t[i] = word_add(t[i], INV_2[i] & mask, &carry); 319| 259k| } 320| | 321| 28.8k| return Self(t); 322| 28.8k| } pcurves_secp521r1.cpp:_ZN5Botan17BlindedScalarBitsINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6EED2Ev: 1358| 251| ~BlindedScalarBits() { 1359| 251| secure_zeroize_buffer(m_bytes.data(), m_bytes.size()); 1360| 251| CT::unpoison(m_bytes.data(), m_bytes.size()); 1361| 251| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE7is_zeroEv: 225| 858| constexpr CT::Choice is_zero() const { return CT::all_zeros(m_val.data(), m_val.size()).as_choice(); } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEEeqERKSA_: 722| 997| constexpr CT::Choice operator==(const Self& other) const { 723| 997| return CT::is_equal(this->data(), other.data(), N).as_choice(); 724| 997| } pcurves_secp521r1.cpp:_ZN5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE8identityEv: 921| 1| static constexpr Self identity() { return Self(FieldElement::zero(), FieldElement::zero()); } pcurves_secp521r1.cpp:_ZN5Botan13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS3_7P521RepEE7x3_ax_bERKNS_6IntModINS5_INS6_11FieldParamsEEEEE: 1275| 997| static constexpr FieldElement x3_ax_b(const FieldElement& x) { return (x.square() + A) * x + B; } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE12correct_signENS_2CT6ChoiceE: 248| 251| constexpr Self correct_sign(CT::Choice even) const { 249| 251| const auto flip = (even != this->is_even()); 250| 251| return Self::choose(flip, this->negate(), *this); 251| 251| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE7is_evenEv: 240| 251| constexpr CT::Choice is_even() const { 241| 251| auto v = Rep::from_rep(m_val); 242| 251| return !CT::Choice::from_int(v[0] & 0x01); 243| 251| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS3_6ParamsES4_E11FieldParamsEEEE6chooseENS_2CT6ChoiceERKSA_SE_: 256| 251| static constexpr Self choose(CT::Choice choice, const Self& x, const Self& y) { 257| 251| auto r = y; 258| 251| r.conditional_assign(choice, x); 259| 251| return r; 260| 251| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE11deserializeENSt3__14spanIKhLm18446744073709551615EEE: 792| 429| static std::optional deserialize(std::span bytes) { 793| | // Conditional ok: input length is public 794| 429| if(bytes.size() != Self::BYTES) { ------------------ | Branch (794:13): [True: 0, False: 429] ------------------ 795| 0| return {}; 796| 0| } 797| | 798| 429| const auto words = bytes_to_words(bytes.first()); 799| | 800| | // Conditional acceptable: std::optional is implicitly not constant time 801| 429| if(!bigint_ct_is_lt(words.data(), N, P.data(), N).as_bool()) { ------------------ | Branch (801:13): [True: 0, False: 429] ------------------ 802| 0| return {}; 803| 0| } 804| | 805| | // Safe because we checked above that words is an integer < P 806| 429| return Self::from_words(words); 807| 429| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE10from_wordsILm9EEESB_NSt3__15arrayImXT_EEE: 211| 429| static constexpr Self from_words(std::array w) { 212| 429| if constexpr(L == N) { 213| 429| return Self(Rep::to_rep(w)); 214| | } else { 215| | static_assert(L < N); 216| | std::array ew = {}; 217| | copy_mem(std::span{ew}.template first(), w); 218| | return Self(Rep::to_rep(ew)); 219| | } 220| 429| } pcurves_secp521r1.cpp:_ZN5Botan13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS4_7P521RepEE12ScalarParamsEE6to_repERKNSt3__15arrayImLm9EEE: 115| 429| constexpr static std::array to_rep(const std::array& x) { 116| 429| std::array z; // NOLINT(*-member-init) 117| 429| comba_mul(z.data(), x.data(), R2.data()); 118| 429| return Self::redc(z); 119| 429| } pcurves_secp521r1.cpp:_ZNK5Botan16AffineCurvePointINS_6IntModINS_6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS4_6ParamsES5_E11FieldParamsEEEEEE12serialize_toENSt3__14spanIhLm133EEE: 941| 1.43k| constexpr void serialize_to(std::span bytes) const { 942| 1.43k| BOTAN_STATE_CHECK(this->is_identity().as_bool() == false); ------------------ | | 51| 1.43k| do { \ | | 52| 1.43k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 1.43k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 1.43k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 1.43k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 1.43k] | | ------------------ ------------------ 943| 1.43k| BufferStuffer pack(bytes); 944| 1.43k| pack.append(0x04); 945| 1.43k| x().serialize_to(pack.next()); 946| 1.43k| y().serialize_to(pack.next()); 947| 1.43k| BOTAN_DEBUG_ASSERT(pack.full()); ------------------ | | 130| 1.43k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 1.43k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 1.43k] | | ------------------ ------------------ 948| 1.43k| } pcurves_secp521r1.cpp:_ZN5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE6randomERNS_21RandomNumberGeneratorE: 851| 429| static Self random(RandomNumberGenerator& rng) { 852| 429| constexpr size_t MAX_ATTEMPTS = 1000; 853| | 854| 429| std::array buf{}; 855| | 856| 429| for(size_t i = 0; i != MAX_ATTEMPTS; ++i) { ------------------ | Branch (856:28): [True: 429, False: 0] ------------------ 857| 429| rng.randomize(buf); 858| | 859| | // Zero off high bits that if set would certainly cause us 860| | // to be out of range 861| 429| if constexpr(Self::BITS % 8 != 0) { 862| 429| constexpr uint8_t mask = 0xFF >> (8 - (Self::BITS % 8)); 863| 429| buf[0] &= mask; 864| 429| } 865| | 866| | // Conditionals ok: rejection sampling reveals only values we didn't use 867| 429| if(auto s = Self::deserialize(buf)) { ------------------ | Branch (867:21): [True: 429, False: 0] ------------------ 868| 429| if(s.value().is_nonzero().as_bool()) { ------------------ | Branch (868:19): [True: 429, False: 0] ------------------ 869| 429| return s.value(); 870| 429| } 871| 429| } 872| 429| } 873| | 874| 0| throw Internal_Error("Failed to generate random Scalar within bounded number of attempts"); 875| 429| } pcurves_secp521r1.cpp:_ZNK5Botan6IntModINS_13MontgomeryRepINS_13EllipticCurveINS_6PCurve12_GLOBAL__N_19secp521r16ParamsENS5_7P521RepEE12ScalarParamsEEEE10is_nonzeroEv: 230| 429| constexpr CT::Choice is_nonzero() const { return !is_zero(); } pcurves_brainpool256r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 50| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 49, False: 1] ------------------ 270| 49| table.push_back(accum); 271| | 272| 1.56k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 1.51k, False: 49] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 1.51k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 784, False: 735] ------------------ 275| 784| table.emplace_back(table[i + j / 2].dbl()); 276| 784| } else { 277| 735| table.emplace_back(table[i + j - 1] + table[i]); 278| 735| } 279| 1.51k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 49| accum = table[i + WindowElements - 1].dbl(); 284| 49| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_brainpool256r1.cpp:_ZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorE: 308| 731| RandomNumberGenerator& rng) { 309| 731| static constexpr size_t WindowElements = 1 << (WindowBits - 1); 310| | 311| 731| const size_t windows = (scalar.bits() + WindowBits) / WindowBits; 312| | 313| 731| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 731| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 731| const size_t raw = w_bits << 1; 317| 731| const auto [tidx, tneg] = booth_recode(raw); 318| 731| const auto tbl_0 = table.first(WindowElements); 319| | 320| 731| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 731| pt.conditional_assign(tneg, pt.negate()); 322| 731| CT::poison(pt); 323| 731| pt.randomize_rep(rng); 324| 731| return pt; 325| 731| }(); 326| | 327| 35.8k| for(size_t i = 1; i != windows; ++i) { ------------------ | Branch (327:22): [True: 35.0k, False: 731] ------------------ 328| | // Extract W+1 bits overlapping by 1 with the previous window 329| 35.0k| const size_t bit_pos = WindowBits * i - 1; 330| 35.0k| const size_t raw = scalar.get_window(bit_pos); 331| 35.0k| const auto [tidx, tneg] = booth_recode(raw); 332| | 333| 35.0k| const auto tbl_i = table.subspan(WindowElements * i, WindowElements); 334| | 335| 35.0k| accum = C::ProjectivePoint::add_or_sub(accum, C::AffinePoint::ct_select(tbl_i, tidx), tneg); 336| | 337| | // Conditional ok: loop iteration count is public 338| 35.0k| if(i <= 3) { ------------------ | Branch (338:10): [True: 2.19k, False: 32.8k] ------------------ 339| 2.19k| accum.randomize_rep(rng); 340| 2.19k| } 341| 35.0k| } 342| | 343| 731| CT::unpoison(accum); 344| 731| return accum; 345| 731|} pcurves_brainpool256r1.cpp:_ZZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorEENKUlvE_clEv: 313| 731| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 731| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 731| const size_t raw = w_bits << 1; 317| 731| const auto [tidx, tneg] = booth_recode(raw); 318| 731| const auto tbl_0 = table.first(WindowElements); 319| | 320| 731| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 731| pt.conditional_assign(tneg, pt.negate()); 322| 731| CT::poison(pt); 323| 731| pt.randomize_rep(rng); 324| 731| return pt; 325| 731| }(); _ZN5Botan12booth_recodeILm6ETkNSt3__117unsigned_integralEmEENS1_4pairImNS_2CT6ChoiceEEET0_: 294| 214k|constexpr std::pair booth_recode(T x) { 295| 214k| static_assert(WindowBits >= 1 && WindowBits <= 8); 296| | 297| 214k| auto s_mask = CT::Mask::expand(x >> WindowBits); 298| 214k| const T neg_x = (1 << (WindowBits + 1)) - x - 1; 299| 214k| T d = s_mask.select(neg_x, x); 300| 214k| d = (d >> 1) + (d & 1); 301| | 302| 214k| return std::make_pair(static_cast(d), s_mask.as_choice()); 303| 214k|} pcurves_brainpool256r1.cpp:_ZN5Botan14varpoint_setupINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm16EEENS_16AffinePointTableIT_Lm0EEERKNS6_11AffinePointE: 351| 554|AffinePointTable varpoint_setup(const typename C::AffinePoint& p) { 352| 554| static_assert(TableSize > 2); 353| | 354| 554| std::vector table; 355| 554| table.reserve(TableSize); 356| 554| table.push_back(C::ProjectivePoint::from_affine(p)); 357| | 358| 8.86k| for(size_t i = 1; i != TableSize; ++i) { ------------------ | Branch (358:22): [True: 8.31k, False: 554] ------------------ 359| | // Conditional ok: loop iteration count is public 360| 8.31k| if(i % 2 == 1) { ------------------ | Branch (360:10): [True: 4.43k, False: 3.87k] ------------------ 361| 4.43k| table.push_back(table[i / 2].dbl()); 362| 4.43k| } else { 363| 3.87k| table.push_back(table[i - 1] + p); 364| 3.87k| } 365| 8.31k| } 366| | 367| 554| return AffinePointTable(table); 368| 554|} pcurves_brainpool256r1.cpp:_ZN5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm0EEC2ENSt3__14spanIKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsESA_E11FieldParamsEEEEESC_EELm18446744073709551615EEE: 70| 554| explicit AffinePointTable(std::span pts) { 71| 554| BOTAN_ASSERT_NOMSG(pts.size() > 1); ------------------ | | 77| 554| do { \ | | 78| 554| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 554| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 554] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 554| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 554] | | ------------------ ------------------ 72| | 73| | if constexpr(R > 0) { 74| | BOTAN_ASSERT_NOMSG(pts.size() % R == 0); 75| | } 76| | 77| | // TODO scatter/gather with SIMD lookup 78| 554| m_table = to_affine_batch(pts); 79| 554| } _ZN5Botan12booth_recodeILm5ETkNSt3__117unsigned_integralEmEENS1_4pairImNS_2CT6ChoiceEEET0_: 294| 141k|constexpr std::pair booth_recode(T x) { 295| 141k| static_assert(WindowBits >= 1 && WindowBits <= 8); 296| | 297| 141k| auto s_mask = CT::Mask::expand(x >> WindowBits); 298| 141k| const T neg_x = (1 << (WindowBits + 1)) - x - 1; 299| 141k| T d = s_mask.select(neg_x, x); 300| 141k| d = (d >> 1) + (d & 1); 301| | 302| 141k| return std::make_pair(static_cast(d), s_mask.as_choice()); 303| 141k|} pcurves_brainpool256r1.cpp:_ZNK5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_114brainpool256r15CurveELm0EE9ct_selectEmQL_ZNS_16AffinePointTable16WholeRangeSearchEE: 86| 32.1k| { 87| 32.1k| BOTAN_DEBUG_ASSERT(idx < m_table.size() + 1); ------------------ | | 130| 32.1k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 32.1k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 32.1k] | | ------------------ ------------------ 88| | 89| 32.1k| auto result = AffinePoint::identity(m_table[0]); 90| | 91| | // Intentionally wrapping; set to maximum size_t if idx == 0 92| 32.1k| const size_t idx1 = static_cast(idx - 1); 93| 546k| for(size_t i = 0; i != m_table.size(); ++i) { ------------------ | Branch (93:28): [True: 514k, False: 32.1k] ------------------ 94| 514k| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 95| 514k| result.conditional_assign(found, m_table[i]); 96| 514k| } 97| | 98| 32.1k| return result; 99| 32.1k| } pcurves_brainpool384r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 74| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 73, False: 1] ------------------ 270| 73| table.push_back(accum); 271| | 272| 2.33k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 2.26k, False: 73] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 2.26k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 1.16k, False: 1.09k] ------------------ 275| 1.16k| table.emplace_back(table[i + j / 2].dbl()); 276| 1.16k| } else { 277| 1.09k| table.emplace_back(table[i + j - 1] + table[i]); 278| 1.09k| } 279| 2.26k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 73| accum = table[i + WindowElements - 1].dbl(); 284| 73| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_brainpool384r1.cpp:_ZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorE: 308| 492| RandomNumberGenerator& rng) { 309| 492| static constexpr size_t WindowElements = 1 << (WindowBits - 1); 310| | 311| 492| const size_t windows = (scalar.bits() + WindowBits) / WindowBits; 312| | 313| 492| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 492| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 492| const size_t raw = w_bits << 1; 317| 492| const auto [tidx, tneg] = booth_recode(raw); 318| 492| const auto tbl_0 = table.first(WindowElements); 319| | 320| 492| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 492| pt.conditional_assign(tneg, pt.negate()); 322| 492| CT::poison(pt); 323| 492| pt.randomize_rep(rng); 324| 492| return pt; 325| 492| }(); 326| | 327| 35.9k| for(size_t i = 1; i != windows; ++i) { ------------------ | Branch (327:22): [True: 35.4k, False: 492] ------------------ 328| | // Extract W+1 bits overlapping by 1 with the previous window 329| 35.4k| const size_t bit_pos = WindowBits * i - 1; 330| 35.4k| const size_t raw = scalar.get_window(bit_pos); 331| 35.4k| const auto [tidx, tneg] = booth_recode(raw); 332| | 333| 35.4k| const auto tbl_i = table.subspan(WindowElements * i, WindowElements); 334| | 335| 35.4k| accum = C::ProjectivePoint::add_or_sub(accum, C::AffinePoint::ct_select(tbl_i, tidx), tneg); 336| | 337| | // Conditional ok: loop iteration count is public 338| 35.4k| if(i <= 3) { ------------------ | Branch (338:10): [True: 1.47k, False: 33.9k] ------------------ 339| 1.47k| accum.randomize_rep(rng); 340| 1.47k| } 341| 35.4k| } 342| | 343| 492| CT::unpoison(accum); 344| 492| return accum; 345| 492|} pcurves_brainpool384r1.cpp:_ZZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorEENKUlvE_clEv: 313| 492| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 492| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 492| const size_t raw = w_bits << 1; 317| 492| const auto [tidx, tneg] = booth_recode(raw); 318| 492| const auto tbl_0 = table.first(WindowElements); 319| | 320| 492| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 492| pt.conditional_assign(tneg, pt.negate()); 322| 492| CT::poison(pt); 323| 492| pt.randomize_rep(rng); 324| 492| return pt; 325| 492| }(); pcurves_brainpool384r1.cpp:_ZN5Botan14varpoint_setupINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm16EEENS_16AffinePointTableIT_Lm0EEERKNS6_11AffinePointE: 351| 184|AffinePointTable varpoint_setup(const typename C::AffinePoint& p) { 352| 184| static_assert(TableSize > 2); 353| | 354| 184| std::vector table; 355| 184| table.reserve(TableSize); 356| 184| table.push_back(C::ProjectivePoint::from_affine(p)); 357| | 358| 2.94k| for(size_t i = 1; i != TableSize; ++i) { ------------------ | Branch (358:22): [True: 2.76k, False: 184] ------------------ 359| | // Conditional ok: loop iteration count is public 360| 2.76k| if(i % 2 == 1) { ------------------ | Branch (360:10): [True: 1.47k, False: 1.28k] ------------------ 361| 1.47k| table.push_back(table[i / 2].dbl()); 362| 1.47k| } else { 363| 1.28k| table.push_back(table[i - 1] + p); 364| 1.28k| } 365| 2.76k| } 366| | 367| 184| return AffinePointTable(table); 368| 184|} pcurves_brainpool384r1.cpp:_ZN5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm0EEC2ENSt3__14spanIKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsESA_E11FieldParamsEEEEESC_EELm18446744073709551615EEE: 70| 184| explicit AffinePointTable(std::span pts) { 71| 184| BOTAN_ASSERT_NOMSG(pts.size() > 1); ------------------ | | 77| 184| do { \ | | 78| 184| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 184| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 184] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 184| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 184] | | ------------------ ------------------ 72| | 73| | if constexpr(R > 0) { 74| | BOTAN_ASSERT_NOMSG(pts.size() % R == 0); 75| | } 76| | 77| | // TODO scatter/gather with SIMD lookup 78| 184| m_table = to_affine_batch(pts); 79| 184| } pcurves_brainpool384r1.cpp:_ZNK5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_114brainpool384r15CurveELm0EE9ct_selectEmQL_ZNS_16AffinePointTable16WholeRangeSearchEE: 86| 16.0k| { 87| 16.0k| BOTAN_DEBUG_ASSERT(idx < m_table.size() + 1); ------------------ | | 130| 16.0k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 16.0k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 16.0k] | | ------------------ ------------------ 88| | 89| 16.0k| auto result = AffinePoint::identity(m_table[0]); 90| | 91| | // Intentionally wrapping; set to maximum size_t if idx == 0 92| 16.0k| const size_t idx1 = static_cast(idx - 1); 93| 272k| for(size_t i = 0; i != m_table.size(); ++i) { ------------------ | Branch (93:28): [True: 256k, False: 16.0k] ------------------ 94| 256k| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 95| 256k| result.conditional_assign(found, m_table[i]); 96| 256k| } 97| | 98| 16.0k| return result; 99| 16.0k| } pcurves_brainpool512r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 98| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 97, False: 1] ------------------ 270| 97| table.push_back(accum); 271| | 272| 3.10k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 3.00k, False: 97] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 3.00k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 1.55k, False: 1.45k] ------------------ 275| 1.55k| table.emplace_back(table[i + j / 2].dbl()); 276| 1.55k| } else { 277| 1.45k| table.emplace_back(table[i + j - 1] + table[i]); 278| 1.45k| } 279| 3.00k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 97| accum = table[i + WindowElements - 1].dbl(); 284| 97| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_brainpool512r1.cpp:_ZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorE: 308| 400| RandomNumberGenerator& rng) { 309| 400| static constexpr size_t WindowElements = 1 << (WindowBits - 1); 310| | 311| 400| const size_t windows = (scalar.bits() + WindowBits) / WindowBits; 312| | 313| 400| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 400| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 400| const size_t raw = w_bits << 1; 317| 400| const auto [tidx, tneg] = booth_recode(raw); 318| 400| const auto tbl_0 = table.first(WindowElements); 319| | 320| 400| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 400| pt.conditional_assign(tneg, pt.negate()); 322| 400| CT::poison(pt); 323| 400| pt.randomize_rep(rng); 324| 400| return pt; 325| 400| }(); 326| | 327| 38.8k| for(size_t i = 1; i != windows; ++i) { ------------------ | Branch (327:22): [True: 38.4k, False: 400] ------------------ 328| | // Extract W+1 bits overlapping by 1 with the previous window 329| 38.4k| const size_t bit_pos = WindowBits * i - 1; 330| 38.4k| const size_t raw = scalar.get_window(bit_pos); 331| 38.4k| const auto [tidx, tneg] = booth_recode(raw); 332| | 333| 38.4k| const auto tbl_i = table.subspan(WindowElements * i, WindowElements); 334| | 335| 38.4k| accum = C::ProjectivePoint::add_or_sub(accum, C::AffinePoint::ct_select(tbl_i, tidx), tneg); 336| | 337| | // Conditional ok: loop iteration count is public 338| 38.4k| if(i <= 3) { ------------------ | Branch (338:10): [True: 1.20k, False: 37.2k] ------------------ 339| 1.20k| accum.randomize_rep(rng); 340| 1.20k| } 341| 38.4k| } 342| | 343| 400| CT::unpoison(accum); 344| 400| return accum; 345| 400|} pcurves_brainpool512r1.cpp:_ZZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorEENKUlvE_clEv: 313| 400| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 400| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 400| const size_t raw = w_bits << 1; 317| 400| const auto [tidx, tneg] = booth_recode(raw); 318| 400| const auto tbl_0 = table.first(WindowElements); 319| | 320| 400| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 400| pt.conditional_assign(tneg, pt.negate()); 322| 400| CT::poison(pt); 323| 400| pt.randomize_rep(rng); 324| 400| return pt; 325| 400| }(); pcurves_brainpool512r1.cpp:_ZN5Botan14varpoint_setupINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm16EEENS_16AffinePointTableIT_Lm0EEERKNS6_11AffinePointE: 351| 149|AffinePointTable varpoint_setup(const typename C::AffinePoint& p) { 352| 149| static_assert(TableSize > 2); 353| | 354| 149| std::vector table; 355| 149| table.reserve(TableSize); 356| 149| table.push_back(C::ProjectivePoint::from_affine(p)); 357| | 358| 2.38k| for(size_t i = 1; i != TableSize; ++i) { ------------------ | Branch (358:22): [True: 2.23k, False: 149] ------------------ 359| | // Conditional ok: loop iteration count is public 360| 2.23k| if(i % 2 == 1) { ------------------ | Branch (360:10): [True: 1.19k, False: 1.04k] ------------------ 361| 1.19k| table.push_back(table[i / 2].dbl()); 362| 1.19k| } else { 363| 1.04k| table.push_back(table[i - 1] + p); 364| 1.04k| } 365| 2.23k| } 366| | 367| 149| return AffinePointTable(table); 368| 149|} pcurves_brainpool512r1.cpp:_ZN5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm0EEC2ENSt3__14spanIKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsESA_E11FieldParamsEEEEESC_EELm18446744073709551615EEE: 70| 149| explicit AffinePointTable(std::span pts) { 71| 149| BOTAN_ASSERT_NOMSG(pts.size() > 1); ------------------ | | 77| 149| do { \ | | 78| 149| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 149| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 149] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 149| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 149] | | ------------------ ------------------ 72| | 73| | if constexpr(R > 0) { 74| | BOTAN_ASSERT_NOMSG(pts.size() % R == 0); 75| | } 76| | 77| | // TODO scatter/gather with SIMD lookup 78| 149| m_table = to_affine_batch(pts); 79| 149| } pcurves_brainpool512r1.cpp:_ZNK5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_114brainpool512r15CurveELm0EE9ct_selectEmQL_ZNS_16AffinePointTable16WholeRangeSearchEE: 86| 17.2k| { 87| 17.2k| BOTAN_DEBUG_ASSERT(idx < m_table.size() + 1); ------------------ | | 130| 17.2k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 17.2k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 17.2k] | | ------------------ ------------------ 88| | 89| 17.2k| auto result = AffinePoint::identity(m_table[0]); 90| | 91| | // Intentionally wrapping; set to maximum size_t if idx == 0 92| 17.2k| const size_t idx1 = static_cast(idx - 1); 93| 293k| for(size_t i = 0; i != m_table.size(); ++i) { ------------------ | Branch (93:28): [True: 276k, False: 17.2k] ------------------ 94| 276k| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 95| 276k| result.conditional_assign(found, m_table[i]); 96| 276k| } 97| | 98| 17.2k| return result; 99| 17.2k| } pcurves_secp256r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 50| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 49, False: 1] ------------------ 270| 49| table.push_back(accum); 271| | 272| 1.56k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 1.51k, False: 49] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 1.51k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 784, False: 735] ------------------ 275| 784| table.emplace_back(table[i + j / 2].dbl()); 276| 784| } else { 277| 735| table.emplace_back(table[i + j - 1] + table[i]); 278| 735| } 279| 1.51k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 49| accum = table[i + WindowElements - 1].dbl(); 284| 49| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_secp256r1.cpp:_ZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorE: 308| 533| RandomNumberGenerator& rng) { 309| 533| static constexpr size_t WindowElements = 1 << (WindowBits - 1); 310| | 311| 533| const size_t windows = (scalar.bits() + WindowBits) / WindowBits; 312| | 313| 533| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 533| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 533| const size_t raw = w_bits << 1; 317| 533| const auto [tidx, tneg] = booth_recode(raw); 318| 533| const auto tbl_0 = table.first(WindowElements); 319| | 320| 533| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 533| pt.conditional_assign(tneg, pt.negate()); 322| 533| CT::poison(pt); 323| 533| pt.randomize_rep(rng); 324| 533| return pt; 325| 533| }(); 326| | 327| 26.1k| for(size_t i = 1; i != windows; ++i) { ------------------ | Branch (327:22): [True: 25.5k, False: 533] ------------------ 328| | // Extract W+1 bits overlapping by 1 with the previous window 329| 25.5k| const size_t bit_pos = WindowBits * i - 1; 330| 25.5k| const size_t raw = scalar.get_window(bit_pos); 331| 25.5k| const auto [tidx, tneg] = booth_recode(raw); 332| | 333| 25.5k| const auto tbl_i = table.subspan(WindowElements * i, WindowElements); 334| | 335| 25.5k| accum = C::ProjectivePoint::add_or_sub(accum, C::AffinePoint::ct_select(tbl_i, tidx), tneg); 336| | 337| | // Conditional ok: loop iteration count is public 338| 25.5k| if(i <= 3) { ------------------ | Branch (338:10): [True: 1.59k, False: 23.9k] ------------------ 339| 1.59k| accum.randomize_rep(rng); 340| 1.59k| } 341| 25.5k| } 342| | 343| 533| CT::unpoison(accum); 344| 533| return accum; 345| 533|} pcurves_secp256r1.cpp:_ZZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorEENKUlvE_clEv: 313| 533| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 533| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 533| const size_t raw = w_bits << 1; 317| 533| const auto [tidx, tneg] = booth_recode(raw); 318| 533| const auto tbl_0 = table.first(WindowElements); 319| | 320| 533| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 533| pt.conditional_assign(tneg, pt.negate()); 322| 533| CT::poison(pt); 323| 533| pt.randomize_rep(rng); 324| 533| return pt; 325| 533| }(); pcurves_secp256r1.cpp:_ZN5Botan14varpoint_setupINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm16EEENS_16AffinePointTableIT_Lm0EEERKNS6_11AffinePointE: 351| 362|AffinePointTable varpoint_setup(const typename C::AffinePoint& p) { 352| 362| static_assert(TableSize > 2); 353| | 354| 362| std::vector table; 355| 362| table.reserve(TableSize); 356| 362| table.push_back(C::ProjectivePoint::from_affine(p)); 357| | 358| 5.79k| for(size_t i = 1; i != TableSize; ++i) { ------------------ | Branch (358:22): [True: 5.43k, False: 362] ------------------ 359| | // Conditional ok: loop iteration count is public 360| 5.43k| if(i % 2 == 1) { ------------------ | Branch (360:10): [True: 2.89k, False: 2.53k] ------------------ 361| 2.89k| table.push_back(table[i / 2].dbl()); 362| 2.89k| } else { 363| 2.53k| table.push_back(table[i - 1] + p); 364| 2.53k| } 365| 5.43k| } 366| | 367| 362| return AffinePointTable(table); 368| 362|} pcurves_secp256r1.cpp:_ZN5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm0EEC2ENSt3__14spanIKNS_20ProjectiveCurvePointINS_6IntModINS2_12Secp256r1RepINS_13EllipticCurveINS3_6ParamsESA_E11FieldParamsEEEEESC_EELm18446744073709551615EEE: 70| 362| explicit AffinePointTable(std::span pts) { 71| 362| BOTAN_ASSERT_NOMSG(pts.size() > 1); ------------------ | | 77| 362| do { \ | | 78| 362| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 362| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 362] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 362| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 362] | | ------------------ ------------------ 72| | 73| | if constexpr(R > 0) { 74| | BOTAN_ASSERT_NOMSG(pts.size() % R == 0); 75| | } 76| | 77| | // TODO scatter/gather with SIMD lookup 78| 362| m_table = to_affine_batch(pts); 79| 362| } pcurves_secp256r1.cpp:_ZNK5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_19secp256r15CurveELm0EE9ct_selectEmQL_ZNS_16AffinePointTable16WholeRangeSearchEE: 86| 20.9k| { 87| 20.9k| BOTAN_DEBUG_ASSERT(idx < m_table.size() + 1); ------------------ | | 130| 20.9k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 20.9k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 20.9k] | | ------------------ ------------------ 88| | 89| 20.9k| auto result = AffinePoint::identity(m_table[0]); 90| | 91| | // Intentionally wrapping; set to maximum size_t if idx == 0 92| 20.9k| const size_t idx1 = static_cast(idx - 1); 93| 356k| for(size_t i = 0; i != m_table.size(); ++i) { ------------------ | Branch (93:28): [True: 335k, False: 20.9k] ------------------ 94| 335k| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 95| 335k| result.conditional_assign(found, m_table[i]); 96| 335k| } 97| | 98| 20.9k| return result; 99| 20.9k| } pcurves_secp384r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 74| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 73, False: 1] ------------------ 270| 73| table.push_back(accum); 271| | 272| 2.33k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 2.26k, False: 73] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 2.26k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 1.16k, False: 1.09k] ------------------ 275| 1.16k| table.emplace_back(table[i + j / 2].dbl()); 276| 1.16k| } else { 277| 1.09k| table.emplace_back(table[i + j - 1] + table[i]); 278| 1.09k| } 279| 2.26k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 73| accum = table[i + WindowElements - 1].dbl(); 284| 73| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_secp384r1.cpp:_ZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorE: 308| 497| RandomNumberGenerator& rng) { 309| 497| static constexpr size_t WindowElements = 1 << (WindowBits - 1); 310| | 311| 497| const size_t windows = (scalar.bits() + WindowBits) / WindowBits; 312| | 313| 497| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 497| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 497| const size_t raw = w_bits << 1; 317| 497| const auto [tidx, tneg] = booth_recode(raw); 318| 497| const auto tbl_0 = table.first(WindowElements); 319| | 320| 497| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 497| pt.conditional_assign(tneg, pt.negate()); 322| 497| CT::poison(pt); 323| 497| pt.randomize_rep(rng); 324| 497| return pt; 325| 497| }(); 326| | 327| 36.2k| for(size_t i = 1; i != windows; ++i) { ------------------ | Branch (327:22): [True: 35.7k, False: 497] ------------------ 328| | // Extract W+1 bits overlapping by 1 with the previous window 329| 35.7k| const size_t bit_pos = WindowBits * i - 1; 330| 35.7k| const size_t raw = scalar.get_window(bit_pos); 331| 35.7k| const auto [tidx, tneg] = booth_recode(raw); 332| | 333| 35.7k| const auto tbl_i = table.subspan(WindowElements * i, WindowElements); 334| | 335| 35.7k| accum = C::ProjectivePoint::add_or_sub(accum, C::AffinePoint::ct_select(tbl_i, tidx), tneg); 336| | 337| | // Conditional ok: loop iteration count is public 338| 35.7k| if(i <= 3) { ------------------ | Branch (338:10): [True: 1.49k, False: 34.2k] ------------------ 339| 1.49k| accum.randomize_rep(rng); 340| 1.49k| } 341| 35.7k| } 342| | 343| 497| CT::unpoison(accum); 344| 497| return accum; 345| 497|} pcurves_secp384r1.cpp:_ZZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorEENKUlvE_clEv: 313| 497| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 497| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 497| const size_t raw = w_bits << 1; 317| 497| const auto [tidx, tneg] = booth_recode(raw); 318| 497| const auto tbl_0 = table.first(WindowElements); 319| | 320| 497| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 497| pt.conditional_assign(tneg, pt.negate()); 322| 497| CT::poison(pt); 323| 497| pt.randomize_rep(rng); 324| 497| return pt; 325| 497| }(); pcurves_secp384r1.cpp:_ZN5Botan14varpoint_setupINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm16EEENS_16AffinePointTableIT_Lm0EEERKNS6_11AffinePointE: 351| 296|AffinePointTable varpoint_setup(const typename C::AffinePoint& p) { 352| 296| static_assert(TableSize > 2); 353| | 354| 296| std::vector table; 355| 296| table.reserve(TableSize); 356| 296| table.push_back(C::ProjectivePoint::from_affine(p)); 357| | 358| 4.73k| for(size_t i = 1; i != TableSize; ++i) { ------------------ | Branch (358:22): [True: 4.44k, False: 296] ------------------ 359| | // Conditional ok: loop iteration count is public 360| 4.44k| if(i % 2 == 1) { ------------------ | Branch (360:10): [True: 2.36k, False: 2.07k] ------------------ 361| 2.36k| table.push_back(table[i / 2].dbl()); 362| 2.36k| } else { 363| 2.07k| table.push_back(table[i - 1] + p); 364| 2.07k| } 365| 4.44k| } 366| | 367| 296| return AffinePointTable(table); 368| 296|} pcurves_secp384r1.cpp:_ZN5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm0EEC2ENSt3__14spanIKNS_20ProjectiveCurvePointINS_6IntModINS2_12Secp384r1RepINS_13EllipticCurveINS3_6ParamsESA_E11FieldParamsEEEEESC_EELm18446744073709551615EEE: 70| 296| explicit AffinePointTable(std::span pts) { 71| 296| BOTAN_ASSERT_NOMSG(pts.size() > 1); ------------------ | | 77| 296| do { \ | | 78| 296| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 296| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 296] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 296| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 296] | | ------------------ ------------------ 72| | 73| | if constexpr(R > 0) { 74| | BOTAN_ASSERT_NOMSG(pts.size() % R == 0); 75| | } 76| | 77| | // TODO scatter/gather with SIMD lookup 78| 296| m_table = to_affine_batch(pts); 79| 296| } pcurves_secp384r1.cpp:_ZNK5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_19secp384r15CurveELm0EE9ct_selectEmQL_ZNS_16AffinePointTable16WholeRangeSearchEE: 86| 25.7k| { 87| 25.7k| BOTAN_DEBUG_ASSERT(idx < m_table.size() + 1); ------------------ | | 130| 25.7k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 25.7k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 25.7k] | | ------------------ ------------------ 88| | 89| 25.7k| auto result = AffinePoint::identity(m_table[0]); 90| | 91| | // Intentionally wrapping; set to maximum size_t if idx == 0 92| 25.7k| const size_t idx1 = static_cast(idx - 1); 93| 437k| for(size_t i = 0; i != m_table.size(); ++i) { ------------------ | Branch (93:28): [True: 412k, False: 25.7k] ------------------ 94| 412k| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 95| 412k| result.conditional_assign(found, m_table[i]); 96| 412k| } 97| | 98| 25.7k| return result; 99| 25.7k| } pcurves_secp521r1.cpp:_ZN5Botan19basemul_booth_setupINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6EEENSt3__16vectorINT_11AffinePointENS5_9allocatorIS8_EEEERKS8_m: 254| 1|std::vector basemul_booth_setup(const typename C::AffinePoint& p, size_t max_scalar_bits) { 255| 1| static_assert(WindowBits >= 1 && WindowBits <= 8); 256| | 257| | // 2^(W-1) elements per window [1*base .. 2^(W-1)*base] 258| 1| constexpr size_t WindowElements = 1 << (WindowBits - 1); 259| | 260| 1| const size_t Windows = (max_scalar_bits + WindowBits - 1) / WindowBits; 261| | 262| 1| const size_t TableSize = Windows * WindowElements; 263| | 264| 1| std::vector table; 265| 1| table.reserve(TableSize); 266| | 267| 1| auto accum = C::ProjectivePoint::from_affine(p); 268| | 269| 98| for(size_t i = 0; i != TableSize; i += WindowElements) { ------------------ | Branch (269:22): [True: 97, False: 1] ------------------ 270| 97| table.push_back(accum); 271| | 272| 3.10k| for(size_t j = 1; j != WindowElements; ++j) { ------------------ | Branch (272:25): [True: 3.00k, False: 97] ------------------ 273| | // Conditional ok: loop iteration count is public 274| 3.00k| if(j % 2 == 1) { ------------------ | Branch (274:13): [True: 1.55k, False: 1.45k] ------------------ 275| 1.55k| table.emplace_back(table[i + j / 2].dbl()); 276| 1.55k| } else { 277| 1.45k| table.emplace_back(table[i + j - 1] + table[i]); 278| 1.45k| } 279| 3.00k| } 280| | 281| | // Advance to next window's base: 2^W * current_base 282| | // The last entry is 2^(W-1) * base, so doubling gives 2^W * base 283| 97| accum = table[i + WindowElements - 1].dbl(); 284| 97| } 285| | 286| | // Variable time batch conversion is fine since generator is public 287| 1| return to_affine_batch(table); 288| 1|} pcurves_secp521r1.cpp:_ZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorE: 308| 429| RandomNumberGenerator& rng) { 309| 429| static constexpr size_t WindowElements = 1 << (WindowBits - 1); 310| | 311| 429| const size_t windows = (scalar.bits() + WindowBits) / WindowBits; 312| | 313| 429| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 429| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 429| const size_t raw = w_bits << 1; 317| 429| const auto [tidx, tneg] = booth_recode(raw); 318| 429| const auto tbl_0 = table.first(WindowElements); 319| | 320| 429| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 429| pt.conditional_assign(tneg, pt.negate()); 322| 429| CT::poison(pt); 323| 429| pt.randomize_rep(rng); 324| 429| return pt; 325| 429| }(); 326| | 327| 41.6k| for(size_t i = 1; i != windows; ++i) { ------------------ | Branch (327:22): [True: 41.1k, False: 429] ------------------ 328| | // Extract W+1 bits overlapping by 1 with the previous window 329| 41.1k| const size_t bit_pos = WindowBits * i - 1; 330| 41.1k| const size_t raw = scalar.get_window(bit_pos); 331| 41.1k| const auto [tidx, tneg] = booth_recode(raw); 332| | 333| 41.1k| const auto tbl_i = table.subspan(WindowElements * i, WindowElements); 334| | 335| 41.1k| accum = C::ProjectivePoint::add_or_sub(accum, C::AffinePoint::ct_select(tbl_i, tidx), tneg); 336| | 337| | // Conditional ok: loop iteration count is public 338| 41.1k| if(i <= 3) { ------------------ | Branch (338:10): [True: 1.28k, False: 39.8k] ------------------ 339| 1.28k| accum.randomize_rep(rng); 340| 1.28k| } 341| 41.1k| } 342| | 343| 429| CT::unpoison(accum); 344| 429| return accum; 345| 429|} pcurves_secp521r1.cpp:_ZZN5Botan18basemul_booth_execINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm6ENS_17BlindedScalarBitsIS4_Lm7EEEEENT_15ProjectivePointENSt3__14spanIKNS7_11AffinePointELm18446744073709551615EEERKT1_RNS_21RandomNumberGeneratorEENKUlvE_clEv: 313| 429| auto accum = [&]() { 314| | // First window: extract W bits, shift left 1 to insert implicit carry in of zero 315| 429| const size_t w_bits = scalar.get_window(0) & ((1 << WindowBits) - 1); 316| 429| const size_t raw = w_bits << 1; 317| 429| const auto [tidx, tneg] = booth_recode(raw); 318| 429| const auto tbl_0 = table.first(WindowElements); 319| | 320| 429| auto pt = C::ProjectivePoint::from_affine(C::AffinePoint::ct_select(tbl_0, tidx)); 321| 429| pt.conditional_assign(tneg, pt.negate()); 322| 429| CT::poison(pt); 323| 429| pt.randomize_rep(rng); 324| 429| return pt; 325| 429| }(); pcurves_secp521r1.cpp:_ZN5Botan14varpoint_setupINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm16EEENS_16AffinePointTableIT_Lm0EEERKNS6_11AffinePointE: 351| 251|AffinePointTable varpoint_setup(const typename C::AffinePoint& p) { 352| 251| static_assert(TableSize > 2); 353| | 354| 251| std::vector table; 355| 251| table.reserve(TableSize); 356| 251| table.push_back(C::ProjectivePoint::from_affine(p)); 357| | 358| 4.01k| for(size_t i = 1; i != TableSize; ++i) { ------------------ | Branch (358:22): [True: 3.76k, False: 251] ------------------ 359| | // Conditional ok: loop iteration count is public 360| 3.76k| if(i % 2 == 1) { ------------------ | Branch (360:10): [True: 2.00k, False: 1.75k] ------------------ 361| 2.00k| table.push_back(table[i / 2].dbl()); 362| 2.00k| } else { 363| 1.75k| table.push_back(table[i - 1] + p); 364| 1.75k| } 365| 3.76k| } 366| | 367| 251| return AffinePointTable(table); 368| 251|} pcurves_secp521r1.cpp:_ZN5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm0EEC2ENSt3__14spanIKNS_20ProjectiveCurvePointINS_6IntModINS3_7P521RepINS_13EllipticCurveINS3_6ParamsESA_E11FieldParamsEEEEESC_EELm18446744073709551615EEE: 70| 251| explicit AffinePointTable(std::span pts) { 71| 251| BOTAN_ASSERT_NOMSG(pts.size() > 1); ------------------ | | 77| 251| do { \ | | 78| 251| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 251| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 251] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 251| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 251] | | ------------------ ------------------ 72| | 73| | if constexpr(R > 0) { 74| | BOTAN_ASSERT_NOMSG(pts.size() % R == 0); 75| | } 76| | 77| | // TODO scatter/gather with SIMD lookup 78| 251| m_table = to_affine_batch(pts); 79| 251| } pcurves_secp521r1.cpp:_ZNK5Botan16AffinePointTableINS_6PCurve12_GLOBAL__N_19secp521r15CurveELm0EE9ct_selectEmQL_ZNS_16AffinePointTable16WholeRangeSearchEE: 86| 29.1k| { 87| 29.1k| BOTAN_DEBUG_ASSERT(idx < m_table.size() + 1); ------------------ | | 130| 29.1k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 29.1k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 29.1k] | | ------------------ ------------------ 88| | 89| 29.1k| auto result = AffinePoint::identity(m_table[0]); 90| | 91| | // Intentionally wrapping; set to maximum size_t if idx == 0 92| 29.1k| const size_t idx1 = static_cast(idx - 1); 93| 494k| for(size_t i = 0; i != m_table.size(); ++i) { ------------------ | Branch (93:28): [True: 465k, False: 29.1k] ------------------ 94| 465k| const auto found = CT::Mask::is_equal(idx1, i).as_choice(); 95| 465k| result.conditional_assign(found, m_table[i]); 96| 465k| } 97| | 98| 29.1k| return result; 99| 29.1k| } _ZN5Botan10get_uint32ITkNS_8WordTypeEmEEjPKT_m: 33| 88.9M|constexpr uint32_t get_uint32(const W xw[], size_t i) { 34| 88.9M| static_assert(WordInfo::bits == 32 || WordInfo::bits == 64); 35| | 36| | if constexpr(WordInfo::bits == 32) { 37| | return xw[i]; 38| 88.9M| } else { 39| 88.9M| return static_cast(xw[i / 2] >> ((i % 2) * 32)); 40| 88.9M| } 41| 88.9M|} _ZN5Botan12SolinasAccumImLm4EEC2ERNSt3__15arrayImLm4EEE: 50| 1.95M| constexpr explicit SolinasAccum(std::array& r) : m_r(r) {} _ZN5Botan12SolinasAccumImLm4EE5accumEl: 52| 15.6M| constexpr void accum(int64_t v) { 53| 15.6M| BOTAN_DEBUG_ASSERT(m_idx < N32); ------------------ | | 130| 15.6M| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 15.6M| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 15.6M] | | ------------------ ------------------ 54| | 55| 15.6M| m_S += v; 56| 15.6M| const uint32_t r = static_cast(m_S); 57| 15.6M| m_S >>= 32; 58| | 59| | if constexpr(WordInfo::bits == 32) { 60| | m_r[m_idx] = r; 61| 15.6M| } else { 62| 15.6M| m_r[m_idx / 2] |= static_cast(r) << (32 * (m_idx % 2)); 63| 15.6M| } 64| | 65| 15.6M| m_idx += 1; 66| 15.6M| } _ZN5Botan12SolinasAccumImLm4EE11final_carryEl: 68| 1.95M| constexpr W final_carry(int64_t C) { 69| 1.95M| m_S += C; 70| 1.95M| BOTAN_DEBUG_ASSERT(m_S >= 0); ------------------ | | 130| 1.95M| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 1.95M| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 1.95M] | | ------------------ ------------------ 71| 1.95M| return static_cast(m_S); 72| 1.95M| } _ZN5Botan20solinas_correct_redcILm4ETkNS_8WordTypeEmEEvRNSt3__15arrayIT0_XT_EEERKS4_S7_: 84| 1.95M|constexpr inline void solinas_correct_redc(std::array& r, const std::array& P, const std::array& C) { 85| 1.95M| W borrow = 0; 86| 9.75M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (86:22): [True: 7.80M, False: 1.95M] ------------------ 87| 7.80M| r[i] = word_sub(r[i], C[i], &borrow); 88| 7.80M| } 89| | 90| | // borrow is either 0 or 1, perfect for setting up a mask without extra work 91| 1.95M| const W mask = CT::value_barrier(0 - borrow); 92| | 93| 1.95M| W carry = 0; 94| | 95| 9.75M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (95:22): [True: 7.80M, False: 1.95M] ------------------ 96| 7.80M| r[i] = word_add(r[i], P[i] & mask, &carry); 97| 7.80M| } 98| 1.95M|} _ZN5Botan12SolinasAccumImLm6EEC2ERNSt3__15arrayImLm6EEE: 50| 2.40M| constexpr explicit SolinasAccum(std::array& r) : m_r(r) {} _ZN5Botan12SolinasAccumImLm6EE5accumEl: 52| 28.8M| constexpr void accum(int64_t v) { 53| 28.8M| BOTAN_DEBUG_ASSERT(m_idx < N32); ------------------ | | 130| 28.8M| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 28.8M| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 28.8M] | | ------------------ ------------------ 54| | 55| 28.8M| m_S += v; 56| 28.8M| const uint32_t r = static_cast(m_S); 57| 28.8M| m_S >>= 32; 58| | 59| | if constexpr(WordInfo::bits == 32) { 60| | m_r[m_idx] = r; 61| 28.8M| } else { 62| 28.8M| m_r[m_idx / 2] |= static_cast(r) << (32 * (m_idx % 2)); 63| 28.8M| } 64| | 65| 28.8M| m_idx += 1; 66| 28.8M| } _ZN5Botan12SolinasAccumImLm6EE11final_carryEl: 68| 2.40M| constexpr W final_carry(int64_t C) { 69| 2.40M| m_S += C; 70| 2.40M| BOTAN_DEBUG_ASSERT(m_S >= 0); ------------------ | | 130| 2.40M| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 2.40M| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 2.40M] | | ------------------ ------------------ 71| 2.40M| return static_cast(m_S); 72| 2.40M| } _ZN5Botan20solinas_correct_redcILm6ETkNS_8WordTypeEmEEvRNSt3__15arrayIT0_XT_EEERKS4_S7_: 84| 2.40M|constexpr inline void solinas_correct_redc(std::array& r, const std::array& P, const std::array& C) { 85| 2.40M| W borrow = 0; 86| 16.8M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (86:22): [True: 14.4M, False: 2.40M] ------------------ 87| 14.4M| r[i] = word_sub(r[i], C[i], &borrow); 88| 14.4M| } 89| | 90| | // borrow is either 0 or 1, perfect for setting up a mask without extra work 91| 2.40M| const W mask = CT::value_barrier(0 - borrow); 92| | 93| 2.40M| W carry = 0; 94| | 95| 16.8M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (95:22): [True: 14.4M, False: 2.40M] ------------------ 96| 14.4M| r[i] = word_add(r[i], P[i] & mask, &carry); 97| 14.4M| } 98| 2.40M|} _ZN5Botan10monty_redcITkNS_8WordTypeEmLm4EEENSt3__15arrayIT_XT0_EEERKNS2_IS3_XmlLi2ET0_EEERKS4_S3_: 110| 3.08M| -> std::array { 111| 3.08M| static_assert(N >= 1); 112| | 113| 3.08M| std::array ws; // NOLINT(*-member-init) 114| 3.08M| std::array r; // NOLINT(*-member-init) 115| | 116| | // Conditional ok: the parameter size is public 117| 3.08M| if(!std::is_constant_evaluated()) { ------------------ | Branch (117:7): [True: 3.08M, Folded] ------------------ 118| | // This range ensures we cover fields of 256, 384 and 512 bits for both 32 and 64 bit words 119| 3.08M| if constexpr(N == 4) { 120| 3.08M| bigint_monty_redc_4(r.data(), z.data(), p.data(), p_dash, ws.data()); 121| 3.08M| return r; 122| | } else if constexpr(N == 6) { 123| | bigint_monty_redc_6(r.data(), z.data(), p.data(), p_dash, ws.data()); 124| | return r; 125| | } else if constexpr(N == 8) { 126| | bigint_monty_redc_8(r.data(), z.data(), p.data(), p_dash, ws.data()); 127| | return r; 128| | } else if constexpr(N == 12) { 129| | bigint_monty_redc_12(r.data(), z.data(), p.data(), p_dash, ws.data()); 130| | return r; 131| | } else if constexpr(N == 16) { 132| | bigint_monty_redc_16(r.data(), z.data(), p.data(), p_dash, ws.data()); 133| | return r; 134| | } 135| 3.08M| } 136| | 137| 0| word3 accum; 138| | 139| 3.08M| accum.add(z[0]); 140| | 141| 3.08M| ws[0] = accum.monty_step(p[0], p_dash); 142| | 143| 3.08M| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (143:22): [True: 0, False: 3.08M] ------------------ 144| 0| for(size_t j = 0; j < i; ++j) { ------------------ | Branch (144:25): [True: 0, False: 0] ------------------ 145| 0| accum.mul(ws[j], p[i - j]); 146| 0| } 147| | 148| 0| accum.add(z[i]); 149| | 150| 0| ws[i] = accum.monty_step(p[0], p_dash); 151| 0| } 152| | 153| 3.08M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (153:22): [True: 0, False: 3.08M] ------------------ 154| 0| for(size_t j = i + 1; j != N; ++j) { ------------------ | Branch (154:29): [True: 0, False: 0] ------------------ 155| 0| accum.mul(ws[j], p[N + i - j]); 156| 0| } 157| | 158| 0| accum.add(z[N + i]); 159| | 160| 0| ws[i] = accum.extract(); 161| 0| } 162| | 163| 3.08M| accum.add(z[2 * N - 1]); 164| | 165| 3.08M| ws[N - 1] = accum.extract(); 166| | // w1 is the final part, which is not stored in the workspace 167| 3.08M| const W w1 = accum.extract(); 168| | 169| 3.08M| bigint_monty_maybe_sub(r.data(), w1, ws.data(), p.data()); 170| | 171| 3.08M| return r; 172| 3.08M|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm4ELm32EEEDaNSt3__14spanIKhXT1_EEE: 287| 36.8k|inline constexpr auto bytes_to_words(std::span bytes) { 288| 36.8k| static_assert(L <= WordInfo::bytes * N); 289| | 290| 36.8k| std::array r = {}; 291| | 292| 36.8k| constexpr size_t full_words = L / WordInfo::bytes; 293| 36.8k| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 36.8k| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 184k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 147k, False: 36.8k] ------------------ 298| 147k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 147k| } 300| | 301| | if constexpr(extra_bytes > 0) { 302| | constexpr size_t shift = extra_bytes * 8; 303| | shift_left(r); 304| | 305| | for(size_t i = 0; i != extra_bytes; ++i) { 306| | const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| | r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| | } 309| | } 310| | 311| 36.8k| return r; 312| 36.8k|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm8ELm64EEEDaNSt3__14spanIKhXT1_EEE: 287| 4.48k|inline constexpr auto bytes_to_words(std::span bytes) { 288| 4.48k| static_assert(L <= WordInfo::bytes * N); 289| | 290| 4.48k| std::array r = {}; 291| | 292| 4.48k| constexpr size_t full_words = L / WordInfo::bytes; 293| 4.48k| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 4.48k| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 40.3k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 35.8k, False: 4.48k] ------------------ 298| 35.8k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 35.8k| } 300| | 301| | if constexpr(extra_bytes > 0) { 302| | constexpr size_t shift = extra_bytes * 8; 303| | shift_left(r); 304| | 305| | for(size_t i = 0; i != extra_bytes; ++i) { 306| | const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| | r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| | } 309| | } 310| | 311| 4.48k| return r; 312| 4.48k|} _ZN5Botan10monty_redcITkNS_8WordTypeEmLm6EEENSt3__15arrayIT_XT0_EEERKNS2_IS3_XmlLi2ET0_EEERKS4_S3_: 110| 1.88M| -> std::array { 111| 1.88M| static_assert(N >= 1); 112| | 113| 1.88M| std::array ws; // NOLINT(*-member-init) 114| 1.88M| std::array r; // NOLINT(*-member-init) 115| | 116| | // Conditional ok: the parameter size is public 117| 1.88M| if(!std::is_constant_evaluated()) { ------------------ | Branch (117:7): [True: 1.88M, Folded] ------------------ 118| | // This range ensures we cover fields of 256, 384 and 512 bits for both 32 and 64 bit words 119| | if constexpr(N == 4) { 120| | bigint_monty_redc_4(r.data(), z.data(), p.data(), p_dash, ws.data()); 121| | return r; 122| 1.88M| } else if constexpr(N == 6) { 123| 1.88M| bigint_monty_redc_6(r.data(), z.data(), p.data(), p_dash, ws.data()); 124| 1.88M| return r; 125| | } else if constexpr(N == 8) { 126| | bigint_monty_redc_8(r.data(), z.data(), p.data(), p_dash, ws.data()); 127| | return r; 128| | } else if constexpr(N == 12) { 129| | bigint_monty_redc_12(r.data(), z.data(), p.data(), p_dash, ws.data()); 130| | return r; 131| | } else if constexpr(N == 16) { 132| | bigint_monty_redc_16(r.data(), z.data(), p.data(), p_dash, ws.data()); 133| | return r; 134| | } 135| 1.88M| } 136| | 137| 0| word3 accum; 138| | 139| 1.88M| accum.add(z[0]); 140| | 141| 1.88M| ws[0] = accum.monty_step(p[0], p_dash); 142| | 143| 1.88M| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (143:22): [True: 0, False: 1.88M] ------------------ 144| 0| for(size_t j = 0; j < i; ++j) { ------------------ | Branch (144:25): [True: 0, False: 0] ------------------ 145| 0| accum.mul(ws[j], p[i - j]); 146| 0| } 147| | 148| 0| accum.add(z[i]); 149| | 150| 0| ws[i] = accum.monty_step(p[0], p_dash); 151| 0| } 152| | 153| 1.88M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (153:22): [True: 0, False: 1.88M] ------------------ 154| 0| for(size_t j = i + 1; j != N; ++j) { ------------------ | Branch (154:29): [True: 0, False: 0] ------------------ 155| 0| accum.mul(ws[j], p[N + i - j]); 156| 0| } 157| | 158| 0| accum.add(z[N + i]); 159| | 160| 0| ws[i] = accum.extract(); 161| 0| } 162| | 163| 1.88M| accum.add(z[2 * N - 1]); 164| | 165| 1.88M| ws[N - 1] = accum.extract(); 166| | // w1 is the final part, which is not stored in the workspace 167| 1.88M| const W w1 = accum.extract(); 168| | 169| 1.88M| bigint_monty_maybe_sub(r.data(), w1, ws.data(), p.data()); 170| | 171| 1.88M| return r; 172| 1.88M|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm6ELm48EEEDaNSt3__14spanIKhXT1_EEE: 287| 11.2k|inline constexpr auto bytes_to_words(std::span bytes) { 288| 11.2k| static_assert(L <= WordInfo::bytes * N); 289| | 290| 11.2k| std::array r = {}; 291| | 292| 11.2k| constexpr size_t full_words = L / WordInfo::bytes; 293| 11.2k| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 11.2k| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 78.6k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 67.3k, False: 11.2k] ------------------ 298| 67.3k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 67.3k| } 300| | 301| | if constexpr(extra_bytes > 0) { 302| | constexpr size_t shift = extra_bytes * 8; 303| | shift_left(r); 304| | 305| | for(size_t i = 0; i != extra_bytes; ++i) { 306| | const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| | r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| | } 309| | } 310| | 311| 11.2k| return r; 312| 11.2k|} _ZN5Botan10monty_redcITkNS_8WordTypeEmLm8EEENSt3__15arrayIT_XT0_EEERKNS2_IS3_XmlLi2ET0_EEERKS4_S3_: 110| 2.02M| -> std::array { 111| 2.02M| static_assert(N >= 1); 112| | 113| 2.02M| std::array ws; // NOLINT(*-member-init) 114| 2.02M| std::array r; // NOLINT(*-member-init) 115| | 116| | // Conditional ok: the parameter size is public 117| 2.02M| if(!std::is_constant_evaluated()) { ------------------ | Branch (117:7): [True: 2.02M, Folded] ------------------ 118| | // This range ensures we cover fields of 256, 384 and 512 bits for both 32 and 64 bit words 119| | if constexpr(N == 4) { 120| | bigint_monty_redc_4(r.data(), z.data(), p.data(), p_dash, ws.data()); 121| | return r; 122| | } else if constexpr(N == 6) { 123| | bigint_monty_redc_6(r.data(), z.data(), p.data(), p_dash, ws.data()); 124| | return r; 125| 2.02M| } else if constexpr(N == 8) { 126| 2.02M| bigint_monty_redc_8(r.data(), z.data(), p.data(), p_dash, ws.data()); 127| 2.02M| return r; 128| | } else if constexpr(N == 12) { 129| | bigint_monty_redc_12(r.data(), z.data(), p.data(), p_dash, ws.data()); 130| | return r; 131| | } else if constexpr(N == 16) { 132| | bigint_monty_redc_16(r.data(), z.data(), p.data(), p_dash, ws.data()); 133| | return r; 134| | } 135| 2.02M| } 136| | 137| 0| word3 accum; 138| | 139| 2.02M| accum.add(z[0]); 140| | 141| 2.02M| ws[0] = accum.monty_step(p[0], p_dash); 142| | 143| 2.02M| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (143:22): [True: 0, False: 2.02M] ------------------ 144| 0| for(size_t j = 0; j < i; ++j) { ------------------ | Branch (144:25): [True: 0, False: 0] ------------------ 145| 0| accum.mul(ws[j], p[i - j]); 146| 0| } 147| | 148| 0| accum.add(z[i]); 149| | 150| 0| ws[i] = accum.monty_step(p[0], p_dash); 151| 0| } 152| | 153| 2.02M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (153:22): [True: 0, False: 2.02M] ------------------ 154| 0| for(size_t j = i + 1; j != N; ++j) { ------------------ | Branch (154:29): [True: 0, False: 0] ------------------ 155| 0| accum.mul(ws[j], p[N + i - j]); 156| 0| } 157| | 158| 0| accum.add(z[N + i]); 159| | 160| 0| ws[i] = accum.extract(); 161| 0| } 162| | 163| 2.02M| accum.add(z[2 * N - 1]); 164| | 165| 2.02M| ws[N - 1] = accum.extract(); 166| | // w1 is the final part, which is not stored in the workspace 167| 2.02M| const W w1 = accum.extract(); 168| | 169| 2.02M| bigint_monty_maybe_sub(r.data(), w1, ws.data(), p.data()); 170| | 171| 2.02M| return r; 172| 2.02M|} _ZN5Botan10monty_redcITkNS_8WordTypeEmLm9EEENSt3__15arrayIT_XT0_EEERKNS2_IS3_XmlLi2ET0_EEERKS4_S3_: 110| 1.53k| -> std::array { 111| 1.53k| static_assert(N >= 1); 112| | 113| 1.53k| std::array ws; // NOLINT(*-member-init) 114| 1.53k| std::array r; // NOLINT(*-member-init) 115| | 116| | // Conditional ok: the parameter size is public 117| 1.53k| if(!std::is_constant_evaluated()) { ------------------ | Branch (117:7): [True: 1.53k, Folded] ------------------ 118| | // This range ensures we cover fields of 256, 384 and 512 bits for both 32 and 64 bit words 119| | if constexpr(N == 4) { 120| | bigint_monty_redc_4(r.data(), z.data(), p.data(), p_dash, ws.data()); 121| | return r; 122| | } else if constexpr(N == 6) { 123| | bigint_monty_redc_6(r.data(), z.data(), p.data(), p_dash, ws.data()); 124| | return r; 125| | } else if constexpr(N == 8) { 126| | bigint_monty_redc_8(r.data(), z.data(), p.data(), p_dash, ws.data()); 127| | return r; 128| | } else if constexpr(N == 12) { 129| | bigint_monty_redc_12(r.data(), z.data(), p.data(), p_dash, ws.data()); 130| | return r; 131| 1.53k| } else if constexpr(N == 16) { 132| 1.53k| bigint_monty_redc_16(r.data(), z.data(), p.data(), p_dash, ws.data()); 133| 1.53k| return r; 134| 1.53k| } 135| 1.53k| } 136| | 137| 1.53k| word3 accum; 138| | 139| 1.53k| accum.add(z[0]); 140| | 141| 1.53k| ws[0] = accum.monty_step(p[0], p_dash); 142| | 143| 13.8k| for(size_t i = 1; i != N; ++i) { ------------------ | Branch (143:22): [True: 12.3k, False: 1.53k] ------------------ 144| 67.6k| for(size_t j = 0; j < i; ++j) { ------------------ | Branch (144:25): [True: 55.3k, False: 12.3k] ------------------ 145| 55.3k| accum.mul(ws[j], p[i - j]); 146| 55.3k| } 147| | 148| 12.3k| accum.add(z[i]); 149| | 150| 12.3k| ws[i] = accum.monty_step(p[0], p_dash); 151| 12.3k| } 152| | 153| 13.8k| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (153:22): [True: 12.3k, False: 1.53k] ------------------ 154| 67.6k| for(size_t j = i + 1; j != N; ++j) { ------------------ | Branch (154:29): [True: 55.3k, False: 12.3k] ------------------ 155| 55.3k| accum.mul(ws[j], p[N + i - j]); 156| 55.3k| } 157| | 158| 12.3k| accum.add(z[N + i]); 159| | 160| 12.3k| ws[i] = accum.extract(); 161| 12.3k| } 162| | 163| 1.53k| accum.add(z[2 * N - 1]); 164| | 165| 1.53k| ws[N - 1] = accum.extract(); 166| | // w1 is the final part, which is not stored in the workspace 167| 1.53k| const W w1 = accum.extract(); 168| | 169| 1.53k| bigint_monty_maybe_sub(r.data(), w1, ws.data(), p.data()); 170| | 171| 1.53k| return r; 172| 1.53k|} _ZN5Botan14bytes_to_wordsITkNS_8WordTypeEmLm9ELm66EEEDaNSt3__14spanIKhXT1_EEE: 287| 4.03k|inline constexpr auto bytes_to_words(std::span bytes) { 288| 4.03k| static_assert(L <= WordInfo::bytes * N); 289| | 290| 4.03k| std::array r = {}; 291| | 292| 4.03k| constexpr size_t full_words = L / WordInfo::bytes; 293| 4.03k| constexpr size_t extra_bytes = L % WordInfo::bytes; 294| | 295| 4.03k| static_assert(full_words + (extra_bytes ? 1 : 0) <= N); 296| | 297| 36.3k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (297:22): [True: 32.2k, False: 4.03k] ------------------ 298| 32.2k| r[i] = load_be(bytes.data(), full_words - 1 - i); 299| 32.2k| } 300| | 301| 4.03k| if constexpr(extra_bytes > 0) { 302| 4.03k| constexpr size_t shift = extra_bytes * 8; 303| 4.03k| shift_left(r); 304| | 305| 12.1k| for(size_t i = 0; i != extra_bytes; ++i) { ------------------ | Branch (305:25): [True: 8.07k, False: 4.03k] ------------------ 306| 8.07k| const W b0 = bytes[WordInfo::bytes * full_words + i]; 307| 8.07k| r[0] |= (b0 << (8 * (extra_bytes - 1 - i))); 308| 8.07k| } 309| 4.03k| } 310| | 311| 4.03k| return r; 312| 4.03k|} pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE8instanceEv: 338| 13.2k| static std::shared_ptr instance() { 339| 13.2k| static auto g_curve = std::make_shared>(); 340| 13.2k| return g_curve; 341| 13.2k| } pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE19field_element_bytesEv: 36| 6.80k| size_t field_element_bytes() const override { return C::FieldElement::BYTES; } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE8mul_by_gERKNS0_15PrimeOrderCurve6ScalarERNS_21RandomNumberGeneratorE: 38| 731| ProjectivePoint mul_by_g(const Scalar& scalar, RandomNumberGenerator& rng) const override { 39| 731| return stash(m_mul_by_g.mul(from_stash(scalar), rng)); 40| 731| } pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE5stashERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEESA_EE: 370| 731| static ProjectivePoint stash(const typename C::ProjectivePoint& pt) { 371| 731| auto x_w = pt.x().template stash_value(); 372| 731| auto y_w = pt.y().template stash_value(); 373| 731| auto z_w = pt.z().template stash_value(); 374| 731| return ProjectivePoint::_create(instance(), x_w, y_w, z_w); 375| 731| } pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 2.74k| static typename C::Scalar from_stash(const Scalar& s) { 349| 2.74k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 2.74k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 2.74k| return C::Scalar::from_stash(s._value()); 353| 2.74k| } pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEE: 344| 731| static Scalar stash(const typename C::Scalar& s) { 345| 731| return Scalar::_create(instance(), s.template stash_value()); 346| 731| } pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE10from_stashERKNS0_15PrimeOrderCurve11AffinePointE: 361| 6.45k| static typename C::AffinePoint from_stash(const AffinePoint& pt) { 362| 6.45k| if(pt._curve() != instance()) { ------------------ | Branch (362:13): [True: 0, False: 6.45k] ------------------ 363| 0| throw Invalid_Argument("Curve mismatch"); 364| 0| } 365| 6.45k| auto x = C::FieldElement::from_stash(pt._x()); 366| 6.45k| auto y = C::FieldElement::from_stash(pt._y()); 367| 6.45k| return typename C::AffinePoint(x, y); 368| 6.45k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE10mul_x_onlyERKNS0_15PrimeOrderCurve11AffinePointERKNS6_6ScalarERNS_21RandomNumberGeneratorE: 49| 554| RandomNumberGenerator& rng) const override { 50| 554| auto tbl = WindowedBoothMulTable(from_stash(pt)); 51| 554| auto result = tbl.mul(from_stash(scalar), rng); 52| 554| BOTAN_STATE_CHECK(!result.is_identity().as_bool()); ------------------ | | 51| 554| do { \ | | 52| 554| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 554| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 554] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 554| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 554] | | ------------------ ------------------ 53| 554| auto pt_x = to_affine_x(result); 54| 554| secure_vector x_bytes(C::FieldElement::BYTES); 55| 554| pt_x.serialize_to(std::span{x_bytes}); 56| 554| return x_bytes; 57| 554| } pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE5stashERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 355| 1.84k| static AffinePoint stash(const typename C::AffinePoint& pt) { 356| 1.84k| auto x_w = pt.x().template stash_value(); 357| 1.84k| auto y_w = pt.y().template stash_value(); 358| 1.84k| return AffinePoint::_create(instance(), x_w, y_w); 359| 1.84k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE17deserialize_pointENSt3__14spanIKhLm18446744073709551615EEE: 242| 1.15k| std::optional deserialize_point(std::span bytes) const override { 243| | // The identity element (see SEC1 section 2.3.4) 244| | // TODO(Botan4) remove this - we should reject the identity encoding 245| 1.15k| if(bytes.size() == 1 && bytes[0] == 0x00) { ------------------ | Branch (245:13): [True: 2, False: 1.15k] | Branch (245:34): [True: 1, False: 1] ------------------ 246| 1| return stash(C::AffinePoint::identity()); 247| 1| } 248| | 249| 1.15k| constexpr size_t FieldElementBytes = C::FieldElement::BYTES; 250| 1.15k| constexpr size_t CompressedBytes = C::FieldElement::BYTES + 1; 251| 1.15k| constexpr size_t UncompressedBytes = 2 * C::FieldElement::BYTES + 1; 252| | 253| 1.15k| if(bytes.size() == UncompressedBytes && bytes[0] == 0x04) { ------------------ | Branch (253:13): [True: 572, False: 584] | Branch (253:50): [True: 571, False: 1] ------------------ 254| 571| const auto encoded_point = bytes.subspan(1); 255| 571| auto x = C::FieldElement::deserialize(encoded_point.first(FieldElementBytes)); 256| 571| auto y = C::FieldElement::deserialize(encoded_point.last(FieldElementBytes)); 257| | 258| 571| if(x && y) { ------------------ | Branch (258:16): [True: 570, False: 1] | Branch (258:21): [True: 569, False: 1] ------------------ 259| | // Check that y^2 = x^3 + ax + b 260| 569| const auto lhs = (*y).square(); 261| 569| const auto rhs = C::x3_ax_b(*x); 262| 569| const auto valid = (lhs == rhs); 263| 569| if(valid.as_bool()) { ------------------ | Branch (263:19): [True: 554, False: 15] ------------------ 264| 554| return stash(typename C::AffinePoint(*x, *y)); 265| 554| } 266| 569| } 267| 585| } else if(bytes.size() == CompressedBytes && (bytes[0] == 0x02 || bytes[0] == 0x03)) { ------------------ | Branch (267:20): [True: 575, False: 10] | Branch (267:56): [True: 336, False: 239] | Branch (267:76): [True: 233, False: 6] ------------------ 268| 569| const CT::Choice y_is_even = CT::Mask::is_equal(bytes[0], 0x02).as_choice(); 269| | 270| 569| if(auto x = C::FieldElement::deserialize(bytes.subspan(1, FieldElementBytes))) { ------------------ | Branch (270:21): [True: 568, False: 1] ------------------ 271| 568| if(auto y = sqrt_field_element(C::x3_ax_b(*x)).as_optional_vartime()) { ------------------ | Branch (271:24): [True: 554, False: 14] ------------------ 272| 554| return stash(typename C::AffinePoint(*x, y->correct_sign(y_is_even))); 273| 554| } 274| 568| } 275| 569| } 276| | 277| 48| return {}; 278| 1.15k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE15point_to_affineERKNS0_15PrimeOrderCurve15ProjectivePointE: 192| 731| AffinePoint point_to_affine(const ProjectivePoint& pt) const override { 193| 731| auto affine = to_affine(from_stash(pt)); 194| | 195| 731| const auto y2 = affine.y().square(); 196| 731| const auto x3_ax_b = C::x3_ax_b(affine.x()); 197| 731| const auto valid_point = affine.is_identity() || (y2 == x3_ax_b); 198| | 199| 731| BOTAN_ASSERT(valid_point.as_bool(), "Computed point is on the curve"); ------------------ | | 64| 731| do { \ | | 65| 731| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 731| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 731] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 731| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 731] | | ------------------ ------------------ 200| | 201| 731| return stash(affine); 202| 731| } pcurves_brainpool256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE10from_stashERKNS0_15PrimeOrderCurve15ProjectivePointE: 377| 731| static typename C::ProjectivePoint from_stash(const ProjectivePoint& pt) { 378| 731| if(pt._curve() != instance()) { ------------------ | Branch (378:13): [True: 0, False: 731] ------------------ 379| 0| throw Invalid_Argument("Curve mismatch"); 380| 0| } 381| 731| auto x = C::FieldElement::from_stash(pt._x()); 382| 731| auto y = C::FieldElement::from_stash(pt._y()); 383| 731| auto z = C::FieldElement::from_stash(pt._z()); 384| 731| return typename C::ProjectivePoint(x, y, z); 385| 731| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE24affine_point_is_identityERKNS0_15PrimeOrderCurve11AffinePointE: 210| 2.94k| bool affine_point_is_identity(const AffinePoint& pt) const override { 211| 2.94k| return from_stash(pt).is_identity().as_bool(); 212| 2.94k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE15serialize_pointENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve11AffinePointE: 214| 2.94k| void serialize_point(std::span bytes, const AffinePoint& pt) const override { 215| 2.94k| BOTAN_ARG_CHECK(bytes.size() == C::AffinePoint::BYTES, "Invalid length for serialize_point"); ------------------ | | 35| 2.94k| do { \ | | 36| 2.94k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 2.94k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 2.94k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 2.94k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 2.94k] | | ------------------ ------------------ 216| 2.94k| from_stash(pt).serialize_to(bytes.subspan<0, C::AffinePoint::BYTES>()); 217| 2.94k| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 731| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 731| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 731| do { \ | | 36| 731| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 731| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 731] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 731| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 731] | | ------------------ ------------------ 221| 731| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 731| } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 731| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_brainpool256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool256r15CurveEE13random_scalarERNS_21RandomNumberGeneratorE: 334| 731| Scalar random_scalar(RandomNumberGenerator& rng) const override { return stash(C::Scalar::random(rng)); } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE8instanceEv: 338| 6.64k| static std::shared_ptr instance() { 339| 6.64k| static auto g_curve = std::make_shared>(); 340| 6.64k| return g_curve; 341| 6.64k| } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE19field_element_bytesEv: 36| 3.29k| size_t field_element_bytes() const override { return C::FieldElement::BYTES; } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE8mul_by_gERKNS0_15PrimeOrderCurve6ScalarERNS_21RandomNumberGeneratorE: 38| 492| ProjectivePoint mul_by_g(const Scalar& scalar, RandomNumberGenerator& rng) const override { 39| 492| return stash(m_mul_by_g.mul(from_stash(scalar), rng)); 40| 492| } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE5stashERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEESA_EE: 370| 492| static ProjectivePoint stash(const typename C::ProjectivePoint& pt) { 371| 492| auto x_w = pt.x().template stash_value(); 372| 492| auto y_w = pt.y().template stash_value(); 373| 492| auto z_w = pt.z().template stash_value(); 374| 492| return ProjectivePoint::_create(instance(), x_w, y_w, z_w); 375| 492| } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 1.66k| static typename C::Scalar from_stash(const Scalar& s) { 349| 1.66k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 1.66k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 1.66k| return C::Scalar::from_stash(s._value()); 353| 1.66k| } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEE: 344| 492| static Scalar stash(const typename C::Scalar& s) { 345| 492| return Scalar::_create(instance(), s.template stash_value()); 346| 492| } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE10from_stashERKNS0_15PrimeOrderCurve11AffinePointE: 361| 2.64k| static typename C::AffinePoint from_stash(const AffinePoint& pt) { 362| 2.64k| if(pt._curve() != instance()) { ------------------ | Branch (362:13): [True: 0, False: 2.64k] ------------------ 363| 0| throw Invalid_Argument("Curve mismatch"); 364| 0| } 365| 2.64k| auto x = C::FieldElement::from_stash(pt._x()); 366| 2.64k| auto y = C::FieldElement::from_stash(pt._y()); 367| 2.64k| return typename C::AffinePoint(x, y); 368| 2.64k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE10mul_x_onlyERKNS0_15PrimeOrderCurve11AffinePointERKNS6_6ScalarERNS_21RandomNumberGeneratorE: 49| 184| RandomNumberGenerator& rng) const override { 50| 184| auto tbl = WindowedBoothMulTable(from_stash(pt)); 51| 184| auto result = tbl.mul(from_stash(scalar), rng); 52| 184| BOTAN_STATE_CHECK(!result.is_identity().as_bool()); ------------------ | | 51| 184| do { \ | | 52| 184| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 184| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 184] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 184| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 184] | | ------------------ ------------------ 53| 184| auto pt_x = to_affine_x(result); 54| 184| secure_vector x_bytes(C::FieldElement::BYTES); 55| 184| pt_x.serialize_to(std::span{x_bytes}); 56| 184| return x_bytes; 57| 184| } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE5stashERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 355| 861| static AffinePoint stash(const typename C::AffinePoint& pt) { 356| 861| auto x_w = pt.x().template stash_value(); 357| 861| auto y_w = pt.y().template stash_value(); 358| 861| return AffinePoint::_create(instance(), x_w, y_w); 359| 861| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE17deserialize_pointENSt3__14spanIKhLm18446744073709551615EEE: 242| 532| std::optional deserialize_point(std::span bytes) const override { 243| | // The identity element (see SEC1 section 2.3.4) 244| | // TODO(Botan4) remove this - we should reject the identity encoding 245| 532| if(bytes.size() == 1 && bytes[0] == 0x00) { ------------------ | Branch (245:13): [True: 3, False: 529] | Branch (245:34): [True: 1, False: 2] ------------------ 246| 1| return stash(C::AffinePoint::identity()); 247| 1| } 248| | 249| 531| constexpr size_t FieldElementBytes = C::FieldElement::BYTES; 250| 531| constexpr size_t CompressedBytes = C::FieldElement::BYTES + 1; 251| 531| constexpr size_t UncompressedBytes = 2 * C::FieldElement::BYTES + 1; 252| | 253| 531| if(bytes.size() == UncompressedBytes && bytes[0] == 0x04) { ------------------ | Branch (253:13): [True: 271, False: 260] | Branch (253:50): [True: 267, False: 4] ------------------ 254| 267| const auto encoded_point = bytes.subspan(1); 255| 267| auto x = C::FieldElement::deserialize(encoded_point.first(FieldElementBytes)); 256| 267| auto y = C::FieldElement::deserialize(encoded_point.last(FieldElementBytes)); 257| | 258| 267| if(x && y) { ------------------ | Branch (258:16): [True: 264, False: 3] | Branch (258:21): [True: 252, False: 12] ------------------ 259| | // Check that y^2 = x^3 + ax + b 260| 252| const auto lhs = (*y).square(); 261| 252| const auto rhs = C::x3_ax_b(*x); 262| 252| const auto valid = (lhs == rhs); 263| 252| if(valid.as_bool()) { ------------------ | Branch (263:19): [True: 184, False: 68] ------------------ 264| 184| return stash(typename C::AffinePoint(*x, *y)); 265| 184| } 266| 252| } 267| 267| } else if(bytes.size() == CompressedBytes && (bytes[0] == 0x02 || bytes[0] == 0x03)) { ------------------ | Branch (267:20): [True: 249, False: 15] | Branch (267:56): [True: 233, False: 16] | Branch (267:76): [True: 13, False: 3] ------------------ 268| 246| const CT::Choice y_is_even = CT::Mask::is_equal(bytes[0], 0x02).as_choice(); 269| | 270| 246| if(auto x = C::FieldElement::deserialize(bytes.subspan(1, FieldElementBytes))) { ------------------ | Branch (270:21): [True: 245, False: 1] ------------------ 271| 245| if(auto y = sqrt_field_element(C::x3_ax_b(*x)).as_optional_vartime()) { ------------------ | Branch (271:24): [True: 184, False: 61] ------------------ 272| 184| return stash(typename C::AffinePoint(*x, y->correct_sign(y_is_even))); 273| 184| } 274| 245| } 275| 246| } 276| | 277| 163| return {}; 278| 531| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE15point_to_affineERKNS0_15PrimeOrderCurve15ProjectivePointE: 192| 492| AffinePoint point_to_affine(const ProjectivePoint& pt) const override { 193| 492| auto affine = to_affine(from_stash(pt)); 194| | 195| 492| const auto y2 = affine.y().square(); 196| 492| const auto x3_ax_b = C::x3_ax_b(affine.x()); 197| 492| const auto valid_point = affine.is_identity() || (y2 == x3_ax_b); 198| | 199| 492| BOTAN_ASSERT(valid_point.as_bool(), "Computed point is on the curve"); ------------------ | | 64| 492| do { \ | | 65| 492| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 492| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 492] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 492| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 492] | | ------------------ ------------------ 200| | 201| 492| return stash(affine); 202| 492| } pcurves_brainpool384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE10from_stashERKNS0_15PrimeOrderCurve15ProjectivePointE: 377| 492| static typename C::ProjectivePoint from_stash(const ProjectivePoint& pt) { 378| 492| if(pt._curve() != instance()) { ------------------ | Branch (378:13): [True: 0, False: 492] ------------------ 379| 0| throw Invalid_Argument("Curve mismatch"); 380| 0| } 381| 492| auto x = C::FieldElement::from_stash(pt._x()); 382| 492| auto y = C::FieldElement::from_stash(pt._y()); 383| 492| auto z = C::FieldElement::from_stash(pt._z()); 384| 492| return typename C::ProjectivePoint(x, y, z); 385| 492| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE24affine_point_is_identityERKNS0_15PrimeOrderCurve11AffinePointE: 210| 1.23k| bool affine_point_is_identity(const AffinePoint& pt) const override { 211| 1.23k| return from_stash(pt).is_identity().as_bool(); 212| 1.23k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE15serialize_pointENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve11AffinePointE: 214| 1.22k| void serialize_point(std::span bytes, const AffinePoint& pt) const override { 215| 1.22k| BOTAN_ARG_CHECK(bytes.size() == C::AffinePoint::BYTES, "Invalid length for serialize_point"); ------------------ | | 35| 1.22k| do { \ | | 36| 1.22k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 1.22k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 1.22k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 1.22k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 1.22k] | | ------------------ ------------------ 216| 1.22k| from_stash(pt).serialize_to(bytes.subspan<0, C::AffinePoint::BYTES>()); 217| 1.22k| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 492| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 492| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 492| do { \ | | 36| 492| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 492| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 492] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 492| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 492] | | ------------------ ------------------ 221| 492| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 492| } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 492| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_brainpool384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool384r15CurveEE13random_scalarERNS_21RandomNumberGeneratorE: 334| 492| Scalar random_scalar(RandomNumberGenerator& rng) const override { return stash(C::Scalar::random(rng)); } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE8instanceEv: 338| 5.39k| static std::shared_ptr instance() { 339| 5.39k| static auto g_curve = std::make_shared>(); 340| 5.39k| return g_curve; 341| 5.39k| } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE19field_element_bytesEv: 36| 2.65k| size_t field_element_bytes() const override { return C::FieldElement::BYTES; } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE8mul_by_gERKNS0_15PrimeOrderCurve6ScalarERNS_21RandomNumberGeneratorE: 38| 400| ProjectivePoint mul_by_g(const Scalar& scalar, RandomNumberGenerator& rng) const override { 39| 400| return stash(m_mul_by_g.mul(from_stash(scalar), rng)); 40| 400| } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE5stashERKNS_20ProjectiveCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEESA_EE: 370| 400| static ProjectivePoint stash(const typename C::ProjectivePoint& pt) { 371| 400| auto x_w = pt.x().template stash_value(); 372| 400| auto y_w = pt.y().template stash_value(); 373| 400| auto z_w = pt.z().template stash_value(); 374| 400| return ProjectivePoint::_create(instance(), x_w, y_w, z_w); 375| 400| } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 1.34k| static typename C::Scalar from_stash(const Scalar& s) { 349| 1.34k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 1.34k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 1.34k| return C::Scalar::from_stash(s._value()); 353| 1.34k| } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES7_E12ScalarParamsEEEEE: 344| 400| static Scalar stash(const typename C::Scalar& s) { 345| 400| return Scalar::_create(instance(), s.template stash_value()); 346| 400| } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE10from_stashERKNS0_15PrimeOrderCurve11AffinePointE: 361| 2.14k| static typename C::AffinePoint from_stash(const AffinePoint& pt) { 362| 2.14k| if(pt._curve() != instance()) { ------------------ | Branch (362:13): [True: 0, False: 2.14k] ------------------ 363| 0| throw Invalid_Argument("Curve mismatch"); 364| 0| } 365| 2.14k| auto x = C::FieldElement::from_stash(pt._x()); 366| 2.14k| auto y = C::FieldElement::from_stash(pt._y()); 367| 2.14k| return typename C::AffinePoint(x, y); 368| 2.14k| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE10mul_x_onlyERKNS0_15PrimeOrderCurve11AffinePointERKNS6_6ScalarERNS_21RandomNumberGeneratorE: 49| 149| RandomNumberGenerator& rng) const override { 50| 149| auto tbl = WindowedBoothMulTable(from_stash(pt)); 51| 149| auto result = tbl.mul(from_stash(scalar), rng); 52| 149| BOTAN_STATE_CHECK(!result.is_identity().as_bool()); ------------------ | | 51| 149| do { \ | | 52| 149| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 149| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 149] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 149| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 149] | | ------------------ ------------------ 53| 149| auto pt_x = to_affine_x(result); 54| 149| secure_vector x_bytes(C::FieldElement::BYTES); 55| 149| pt_x.serialize_to(std::span{x_bytes}); 56| 149| return x_bytes; 57| 149| } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE5stashERKNS_16AffineCurvePointINS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 355| 699| static AffinePoint stash(const typename C::AffinePoint& pt) { 356| 699| auto x_w = pt.x().template stash_value(); 357| 699| auto y_w = pt.y().template stash_value(); 358| 699| return AffinePoint::_create(instance(), x_w, y_w); 359| 699| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE17deserialize_pointENSt3__14spanIKhLm18446744073709551615EEE: 242| 408| std::optional deserialize_point(std::span bytes) const override { 243| | // The identity element (see SEC1 section 2.3.4) 244| | // TODO(Botan4) remove this - we should reject the identity encoding 245| 408| if(bytes.size() == 1 && bytes[0] == 0x00) { ------------------ | Branch (245:13): [True: 4, False: 404] | Branch (245:34): [True: 1, False: 3] ------------------ 246| 1| return stash(C::AffinePoint::identity()); 247| 1| } 248| | 249| 407| constexpr size_t FieldElementBytes = C::FieldElement::BYTES; 250| 407| constexpr size_t CompressedBytes = C::FieldElement::BYTES + 1; 251| 407| constexpr size_t UncompressedBytes = 2 * C::FieldElement::BYTES + 1; 252| | 253| 407| if(bytes.size() == UncompressedBytes && bytes[0] == 0x04) { ------------------ | Branch (253:13): [True: 191, False: 216] | Branch (253:50): [True: 190, False: 1] ------------------ 254| 190| const auto encoded_point = bytes.subspan(1); 255| 190| auto x = C::FieldElement::deserialize(encoded_point.first(FieldElementBytes)); 256| 190| auto y = C::FieldElement::deserialize(encoded_point.last(FieldElementBytes)); 257| | 258| 190| if(x && y) { ------------------ | Branch (258:16): [True: 189, False: 1] | Branch (258:21): [True: 188, False: 1] ------------------ 259| | // Check that y^2 = x^3 + ax + b 260| 188| const auto lhs = (*y).square(); 261| 188| const auto rhs = C::x3_ax_b(*x); 262| 188| const auto valid = (lhs == rhs); 263| 188| if(valid.as_bool()) { ------------------ | Branch (263:19): [True: 149, False: 39] ------------------ 264| 149| return stash(typename C::AffinePoint(*x, *y)); 265| 149| } 266| 188| } 267| 217| } else if(bytes.size() == CompressedBytes && (bytes[0] == 0x02 || bytes[0] == 0x03)) { ------------------ | Branch (267:20): [True: 207, False: 10] | Branch (267:56): [True: 178, False: 29] | Branch (267:76): [True: 26, False: 3] ------------------ 268| 204| const CT::Choice y_is_even = CT::Mask::is_equal(bytes[0], 0x02).as_choice(); 269| | 270| 204| if(auto x = C::FieldElement::deserialize(bytes.subspan(1, FieldElementBytes))) { ------------------ | Branch (270:21): [True: 203, False: 1] ------------------ 271| 203| if(auto y = sqrt_field_element(C::x3_ax_b(*x)).as_optional_vartime()) { ------------------ | Branch (271:24): [True: 149, False: 54] ------------------ 272| 149| return stash(typename C::AffinePoint(*x, y->correct_sign(y_is_even))); 273| 149| } 274| 203| } 275| 204| } 276| | 277| 109| return {}; 278| 407| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE15point_to_affineERKNS0_15PrimeOrderCurve15ProjectivePointE: 192| 400| AffinePoint point_to_affine(const ProjectivePoint& pt) const override { 193| 400| auto affine = to_affine(from_stash(pt)); 194| | 195| 400| const auto y2 = affine.y().square(); 196| 400| const auto x3_ax_b = C::x3_ax_b(affine.x()); 197| 400| const auto valid_point = affine.is_identity() || (y2 == x3_ax_b); 198| | 199| 400| BOTAN_ASSERT(valid_point.as_bool(), "Computed point is on the curve"); ------------------ | | 64| 400| do { \ | | 65| 400| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 400| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 400] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 400| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 400] | | ------------------ ------------------ 200| | 201| 400| return stash(affine); 202| 400| } pcurves_brainpool512r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE10from_stashERKNS0_15PrimeOrderCurve15ProjectivePointE: 377| 400| static typename C::ProjectivePoint from_stash(const ProjectivePoint& pt) { 378| 400| if(pt._curve() != instance()) { ------------------ | Branch (378:13): [True: 0, False: 400] ------------------ 379| 0| throw Invalid_Argument("Curve mismatch"); 380| 0| } 381| 400| auto x = C::FieldElement::from_stash(pt._x()); 382| 400| auto y = C::FieldElement::from_stash(pt._y()); 383| 400| auto z = C::FieldElement::from_stash(pt._z()); 384| 400| return typename C::ProjectivePoint(x, y, z); 385| 400| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE24affine_point_is_identityERKNS0_15PrimeOrderCurve11AffinePointE: 210| 998| bool affine_point_is_identity(const AffinePoint& pt) const override { 211| 998| return from_stash(pt).is_identity().as_bool(); 212| 998| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE15serialize_pointENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve11AffinePointE: 214| 996| void serialize_point(std::span bytes, const AffinePoint& pt) const override { 215| 996| BOTAN_ARG_CHECK(bytes.size() == C::AffinePoint::BYTES, "Invalid length for serialize_point"); ------------------ | | 35| 996| do { \ | | 36| 996| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 996| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 996] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 996| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 996] | | ------------------ ------------------ 216| 996| from_stash(pt).serialize_to(bytes.subspan<0, C::AffinePoint::BYTES>()); 217| 996| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 400| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 400| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 400| do { \ | | 36| 400| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 400| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 400] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 400| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 400] | | ------------------ ------------------ 221| 400| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 400| } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 400| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_brainpool512r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_114brainpool512r15CurveEE13random_scalarERNS_21RandomNumberGeneratorE: 334| 400| Scalar random_scalar(RandomNumberGenerator& rng) const override { return stash(C::Scalar::random(rng)); } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE8instanceEv: 338| 51.4k| static std::shared_ptr instance() { 339| 51.4k| static auto g_curve = std::make_shared>(); 340| 51.4k| return g_curve; 341| 51.4k| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE19field_element_bytesEv: 36| 18.7k| size_t field_element_bytes() const override { return C::FieldElement::BYTES; } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE8mul_by_gERKNS0_15PrimeOrderCurve6ScalarERNS_21RandomNumberGeneratorE: 38| 533| ProjectivePoint mul_by_g(const Scalar& scalar, RandomNumberGenerator& rng) const override { 39| 533| return stash(m_mul_by_g.mul(from_stash(scalar), rng)); 40| 533| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE5stashERKNS_20ProjectiveCurvePointINS_6IntModINS2_12Secp256r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEESA_EE: 370| 533| static ProjectivePoint stash(const typename C::ProjectivePoint& pt) { 371| 533| auto x_w = pt.x().template stash_value(); 372| 533| auto y_w = pt.y().template stash_value(); 373| 533| auto z_w = pt.z().template stash_value(); 374| 533| return ProjectivePoint::_create(instance(), x_w, y_w, z_w); 375| 533| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 16.0k| static typename C::Scalar from_stash(const Scalar& s) { 349| 16.0k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 16.0k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 16.0k| return C::Scalar::from_stash(s._value()); 353| 16.0k| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp256r1RepEE12ScalarParamsEEEEE: 344| 7.57k| static Scalar stash(const typename C::Scalar& s) { 345| 7.57k| return Scalar::_create(instance(), s.template stash_value()); 346| 7.57k| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE10from_stashERKNS0_15PrimeOrderCurve11AffinePointE: 361| 18.4k| static typename C::AffinePoint from_stash(const AffinePoint& pt) { 362| 18.4k| if(pt._curve() != instance()) { ------------------ | Branch (362:13): [True: 0, False: 18.4k] ------------------ 363| 0| throw Invalid_Argument("Curve mismatch"); 364| 0| } 365| 18.4k| auto x = C::FieldElement::from_stash(pt._x()); 366| 18.4k| auto y = C::FieldElement::from_stash(pt._y()); 367| 18.4k| return typename C::AffinePoint(x, y); 368| 18.4k| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE10mul_x_onlyERKNS0_15PrimeOrderCurve11AffinePointERKNS6_6ScalarERNS_21RandomNumberGeneratorE: 49| 362| RandomNumberGenerator& rng) const override { 50| 362| auto tbl = WindowedBoothMulTable(from_stash(pt)); 51| 362| auto result = tbl.mul(from_stash(scalar), rng); 52| 362| BOTAN_STATE_CHECK(!result.is_identity().as_bool()); ------------------ | | 51| 362| do { \ | | 52| 362| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 362| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 362] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 362| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 362] | | ------------------ ------------------ 53| 362| auto pt_x = to_affine_x(result); 54| 362| secure_vector x_bytes(C::FieldElement::BYTES); 55| 362| pt_x.serialize_to(std::span{x_bytes}); 56| 362| return x_bytes; 57| 362| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE5stashERKNS_16AffineCurvePointINS_6IntModINS2_12Secp256r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 355| 8.30k| static AffinePoint stash(const typename C::AffinePoint& pt) { 356| 8.30k| auto x_w = pt.x().template stash_value(); 357| 8.30k| auto y_w = pt.y().template stash_value(); 358| 8.30k| return AffinePoint::_create(instance(), x_w, y_w); 359| 8.30k| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE17deserialize_pointENSt3__14spanIKhLm18446744073709551615EEE: 242| 7.81k| std::optional deserialize_point(std::span bytes) const override { 243| | // The identity element (see SEC1 section 2.3.4) 244| | // TODO(Botan4) remove this - we should reject the identity encoding 245| 7.81k| if(bytes.size() == 1 && bytes[0] == 0x00) { ------------------ | Branch (245:13): [True: 5, False: 7.80k] | Branch (245:34): [True: 2, False: 3] ------------------ 246| 2| return stash(C::AffinePoint::identity()); 247| 2| } 248| | 249| 7.81k| constexpr size_t FieldElementBytes = C::FieldElement::BYTES; 250| 7.81k| constexpr size_t CompressedBytes = C::FieldElement::BYTES + 1; 251| 7.81k| constexpr size_t UncompressedBytes = 2 * C::FieldElement::BYTES + 1; 252| | 253| 7.81k| if(bytes.size() == UncompressedBytes && bytes[0] == 0x04) { ------------------ | Branch (253:13): [True: 7.41k, False: 392] | Branch (253:50): [True: 7.41k, False: 4] ------------------ 254| 7.41k| const auto encoded_point = bytes.subspan(1); 255| 7.41k| auto x = C::FieldElement::deserialize(encoded_point.first(FieldElementBytes)); 256| 7.41k| auto y = C::FieldElement::deserialize(encoded_point.last(FieldElementBytes)); 257| | 258| 7.41k| if(x && y) { ------------------ | Branch (258:16): [True: 7.41k, False: 1] | Branch (258:21): [True: 7.41k, False: 1] ------------------ 259| | // Check that y^2 = x^3 + ax + b 260| 7.41k| const auto lhs = (*y).square(); 261| 7.41k| const auto rhs = C::x3_ax_b(*x); 262| 7.41k| const auto valid = (lhs == rhs); 263| 7.41k| if(valid.as_bool()) { ------------------ | Branch (263:19): [True: 7.40k, False: 8] ------------------ 264| 7.40k| return stash(typename C::AffinePoint(*x, *y)); 265| 7.40k| } 266| 7.41k| } 267| 7.41k| } else if(bytes.size() == CompressedBytes && (bytes[0] == 0x02 || bytes[0] == 0x03)) { ------------------ | Branch (267:20): [True: 380, False: 16] | Branch (267:56): [True: 152, False: 228] | Branch (267:76): [True: 221, False: 7] ------------------ 268| 373| const CT::Choice y_is_even = CT::Mask::is_equal(bytes[0], 0x02).as_choice(); 269| | 270| 373| if(auto x = C::FieldElement::deserialize(bytes.subspan(1, FieldElementBytes))) { ------------------ | Branch (270:21): [True: 370, False: 3] ------------------ 271| 370| if(auto y = sqrt_field_element(C::x3_ax_b(*x)).as_optional_vartime()) { ------------------ | Branch (271:24): [True: 362, False: 8] ------------------ 272| 362| return stash(typename C::AffinePoint(*x, y->correct_sign(y_is_even))); 273| 362| } 274| 370| } 275| 373| } 276| | 277| 44| return {}; 278| 7.81k| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE18deserialize_scalarENSt3__14spanIKhLm18446744073709551615EEE: 224| 7.04k| std::optional deserialize_scalar(std::span bytes) const override { 225| 7.04k| if(auto scalar = C::Scalar::deserialize(bytes)) { ------------------ | Branch (225:18): [True: 7.04k, False: 0] ------------------ 226| 7.04k| if(!scalar->is_zero().as_bool()) { ------------------ | Branch (226:16): [True: 7.04k, False: 0] ------------------ 227| 7.04k| return stash(*scalar); 228| 7.04k| } 229| 7.04k| } 230| | 231| 0| return {}; 232| 7.04k| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE15point_to_affineERKNS0_15PrimeOrderCurve15ProjectivePointE: 192| 533| AffinePoint point_to_affine(const ProjectivePoint& pt) const override { 193| 533| auto affine = to_affine(from_stash(pt)); 194| | 195| 533| const auto y2 = affine.y().square(); 196| 533| const auto x3_ax_b = C::x3_ax_b(affine.x()); 197| 533| const auto valid_point = affine.is_identity() || (y2 == x3_ax_b); 198| | 199| 533| BOTAN_ASSERT(valid_point.as_bool(), "Computed point is on the curve"); ------------------ | | 64| 533| do { \ | | 65| 533| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 533| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 533] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 533| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 533] | | ------------------ ------------------ 200| | 201| 533| return stash(affine); 202| 533| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE10from_stashERKNS0_15PrimeOrderCurve15ProjectivePointE: 377| 533| static typename C::ProjectivePoint from_stash(const ProjectivePoint& pt) { 378| 533| if(pt._curve() != instance()) { ------------------ | Branch (378:13): [True: 0, False: 533] ------------------ 379| 0| throw Invalid_Argument("Curve mismatch"); 380| 0| } 381| 533| auto x = C::FieldElement::from_stash(pt._x()); 382| 533| auto y = C::FieldElement::from_stash(pt._y()); 383| 533| auto z = C::FieldElement::from_stash(pt._z()); 384| 533| return typename C::ProjectivePoint(x, y, z); 385| 533| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE24affine_point_is_identityERKNS0_15PrimeOrderCurve11AffinePointE: 210| 9.02k| bool affine_point_is_identity(const AffinePoint& pt) const override { 211| 9.02k| return from_stash(pt).is_identity().as_bool(); 212| 9.02k| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE15serialize_pointENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve11AffinePointE: 214| 9.02k| void serialize_point(std::span bytes, const AffinePoint& pt) const override { 215| 9.02k| BOTAN_ARG_CHECK(bytes.size() == C::AffinePoint::BYTES, "Invalid length for serialize_point"); ------------------ | | 35| 9.02k| do { \ | | 36| 9.02k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 9.02k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 9.02k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 9.02k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 9.02k] | | ------------------ ------------------ 216| 9.02k| from_stash(pt).serialize_to(bytes.subspan<0, C::AffinePoint::BYTES>()); 217| 9.02k| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 7.57k| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 7.57k| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 7.57k| do { \ | | 36| 7.57k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 7.57k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 7.57k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 7.57k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 7.57k] | | ------------------ ------------------ 221| 7.57k| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 7.57k| } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 7.57k| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_secp256r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp256r15CurveEE13random_scalarERNS_21RandomNumberGeneratorE: 334| 533| Scalar random_scalar(RandomNumberGenerator& rng) const override { return stash(C::Scalar::random(rng)); } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE8instanceEv: 338| 8.03k| static std::shared_ptr instance() { 339| 8.03k| static auto g_curve = std::make_shared>(); 340| 8.03k| return g_curve; 341| 8.03k| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE19field_element_bytesEv: 36| 4.06k| size_t field_element_bytes() const override { return C::FieldElement::BYTES; } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE8mul_by_gERKNS0_15PrimeOrderCurve6ScalarERNS_21RandomNumberGeneratorE: 38| 497| ProjectivePoint mul_by_g(const Scalar& scalar, RandomNumberGenerator& rng) const override { 39| 497| return stash(m_mul_by_g.mul(from_stash(scalar), rng)); 40| 497| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE5stashERKNS_20ProjectiveCurvePointINS_6IntModINS2_12Secp384r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEESA_EE: 370| 497| static ProjectivePoint stash(const typename C::ProjectivePoint& pt) { 371| 497| auto x_w = pt.x().template stash_value(); 372| 497| auto y_w = pt.y().template stash_value(); 373| 497| auto z_w = pt.z().template stash_value(); 374| 497| return ProjectivePoint::_create(instance(), x_w, y_w, z_w); 375| 497| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 1.78k| static typename C::Scalar from_stash(const Scalar& s) { 349| 1.78k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 1.78k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 1.78k| return C::Scalar::from_stash(s._value()); 353| 1.78k| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS2_12Secp384r1RepEE12ScalarParamsEEEEE: 344| 497| static Scalar stash(const typename C::Scalar& s) { 345| 497| return Scalar::_create(instance(), s.template stash_value()); 346| 497| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE10from_stashERKNS0_15PrimeOrderCurve11AffinePointE: 361| 3.66k| static typename C::AffinePoint from_stash(const AffinePoint& pt) { 362| 3.66k| if(pt._curve() != instance()) { ------------------ | Branch (362:13): [True: 0, False: 3.66k] ------------------ 363| 0| throw Invalid_Argument("Curve mismatch"); 364| 0| } 365| 3.66k| auto x = C::FieldElement::from_stash(pt._x()); 366| 3.66k| auto y = C::FieldElement::from_stash(pt._y()); 367| 3.66k| return typename C::AffinePoint(x, y); 368| 3.66k| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE10mul_x_onlyERKNS0_15PrimeOrderCurve11AffinePointERKNS6_6ScalarERNS_21RandomNumberGeneratorE: 49| 296| RandomNumberGenerator& rng) const override { 50| 296| auto tbl = WindowedBoothMulTable(from_stash(pt)); 51| 296| auto result = tbl.mul(from_stash(scalar), rng); 52| 296| BOTAN_STATE_CHECK(!result.is_identity().as_bool()); ------------------ | | 51| 296| do { \ | | 52| 296| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 296| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 296] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 296| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 296] | | ------------------ ------------------ 53| 296| auto pt_x = to_affine_x(result); 54| 296| secure_vector x_bytes(C::FieldElement::BYTES); 55| 296| pt_x.serialize_to(std::span{x_bytes}); 56| 296| return x_bytes; 57| 296| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE5stashERKNS_16AffineCurvePointINS_6IntModINS2_12Secp384r1RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 355| 1.09k| static AffinePoint stash(const typename C::AffinePoint& pt) { 356| 1.09k| auto x_w = pt.x().template stash_value(); 357| 1.09k| auto y_w = pt.y().template stash_value(); 358| 1.09k| return AffinePoint::_create(instance(), x_w, y_w); 359| 1.09k| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE17deserialize_pointENSt3__14spanIKhLm18446744073709551615EEE: 242| 668| std::optional deserialize_point(std::span bytes) const override { 243| | // The identity element (see SEC1 section 2.3.4) 244| | // TODO(Botan4) remove this - we should reject the identity encoding 245| 668| if(bytes.size() == 1 && bytes[0] == 0x00) { ------------------ | Branch (245:13): [True: 6, False: 662] | Branch (245:34): [True: 3, False: 3] ------------------ 246| 3| return stash(C::AffinePoint::identity()); 247| 3| } 248| | 249| 665| constexpr size_t FieldElementBytes = C::FieldElement::BYTES; 250| 665| constexpr size_t CompressedBytes = C::FieldElement::BYTES + 1; 251| 665| constexpr size_t UncompressedBytes = 2 * C::FieldElement::BYTES + 1; 252| | 253| 665| if(bytes.size() == UncompressedBytes && bytes[0] == 0x04) { ------------------ | Branch (253:13): [True: 351, False: 314] | Branch (253:50): [True: 350, False: 1] ------------------ 254| 350| const auto encoded_point = bytes.subspan(1); 255| 350| auto x = C::FieldElement::deserialize(encoded_point.first(FieldElementBytes)); 256| 350| auto y = C::FieldElement::deserialize(encoded_point.last(FieldElementBytes)); 257| | 258| 350| if(x && y) { ------------------ | Branch (258:16): [True: 348, False: 2] | Branch (258:21): [True: 347, False: 1] ------------------ 259| | // Check that y^2 = x^3 + ax + b 260| 347| const auto lhs = (*y).square(); 261| 347| const auto rhs = C::x3_ax_b(*x); 262| 347| const auto valid = (lhs == rhs); 263| 347| if(valid.as_bool()) { ------------------ | Branch (263:19): [True: 296, False: 51] ------------------ 264| 296| return stash(typename C::AffinePoint(*x, *y)); 265| 296| } 266| 347| } 267| 350| } else if(bytes.size() == CompressedBytes && (bytes[0] == 0x02 || bytes[0] == 0x03)) { ------------------ | Branch (267:20): [True: 306, False: 9] | Branch (267:56): [True: 239, False: 67] | Branch (267:76): [True: 61, False: 6] ------------------ 268| 300| const CT::Choice y_is_even = CT::Mask::is_equal(bytes[0], 0x02).as_choice(); 269| | 270| 300| if(auto x = C::FieldElement::deserialize(bytes.subspan(1, FieldElementBytes))) { ------------------ | Branch (270:21): [True: 298, False: 2] ------------------ 271| 298| if(auto y = sqrt_field_element(C::x3_ax_b(*x)).as_optional_vartime()) { ------------------ | Branch (271:24): [True: 296, False: 2] ------------------ 272| 296| return stash(typename C::AffinePoint(*x, y->correct_sign(y_is_even))); 273| 296| } 274| 298| } 275| 300| } 276| | 277| 73| return {}; 278| 665| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE15point_to_affineERKNS0_15PrimeOrderCurve15ProjectivePointE: 192| 497| AffinePoint point_to_affine(const ProjectivePoint& pt) const override { 193| 497| auto affine = to_affine(from_stash(pt)); 194| | 195| 497| const auto y2 = affine.y().square(); 196| 497| const auto x3_ax_b = C::x3_ax_b(affine.x()); 197| 497| const auto valid_point = affine.is_identity() || (y2 == x3_ax_b); 198| | 199| 497| BOTAN_ASSERT(valid_point.as_bool(), "Computed point is on the curve"); ------------------ | | 64| 497| do { \ | | 65| 497| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 497| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 497] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 497| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 497] | | ------------------ ------------------ 200| | 201| 497| return stash(affine); 202| 497| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE10from_stashERKNS0_15PrimeOrderCurve15ProjectivePointE: 377| 497| static typename C::ProjectivePoint from_stash(const ProjectivePoint& pt) { 378| 497| if(pt._curve() != instance()) { ------------------ | Branch (378:13): [True: 0, False: 497] ------------------ 379| 0| throw Invalid_Argument("Curve mismatch"); 380| 0| } 381| 497| auto x = C::FieldElement::from_stash(pt._x()); 382| 497| auto y = C::FieldElement::from_stash(pt._y()); 383| 497| auto z = C::FieldElement::from_stash(pt._z()); 384| 497| return typename C::ProjectivePoint(x, y, z); 385| 497| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE24affine_point_is_identityERKNS0_15PrimeOrderCurve11AffinePointE: 210| 1.68k| bool affine_point_is_identity(const AffinePoint& pt) const override { 211| 1.68k| return from_stash(pt).is_identity().as_bool(); 212| 1.68k| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE15serialize_pointENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve11AffinePointE: 214| 1.68k| void serialize_point(std::span bytes, const AffinePoint& pt) const override { 215| 1.68k| BOTAN_ARG_CHECK(bytes.size() == C::AffinePoint::BYTES, "Invalid length for serialize_point"); ------------------ | | 35| 1.68k| do { \ | | 36| 1.68k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 1.68k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 1.68k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 1.68k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 1.68k] | | ------------------ ------------------ 216| 1.68k| from_stash(pt).serialize_to(bytes.subspan<0, C::AffinePoint::BYTES>()); 217| 1.68k| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 497| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 497| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 497| do { \ | | 36| 497| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 497| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 497] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 497| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 497] | | ------------------ ------------------ 221| 497| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 497| } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 497| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_secp384r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp384r15CurveEE13random_scalarERNS_21RandomNumberGeneratorE: 334| 497| Scalar random_scalar(RandomNumberGenerator& rng) const override { return stash(C::Scalar::random(rng)); } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE8instanceEv: 338| 6.87k| static std::shared_ptr instance() { 339| 6.87k| static auto g_curve = std::make_shared>(); 340| 6.87k| return g_curve; 341| 6.87k| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEEC2Ev: 336| 1| PrimeOrderCurveImpl() : m_mul_by_g(C::G) {} pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE19field_element_bytesEv: 36| 3.47k| size_t field_element_bytes() const override { return C::FieldElement::BYTES; } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE8mul_by_gERKNS0_15PrimeOrderCurve6ScalarERNS_21RandomNumberGeneratorE: 38| 429| ProjectivePoint mul_by_g(const Scalar& scalar, RandomNumberGenerator& rng) const override { 39| 429| return stash(m_mul_by_g.mul(from_stash(scalar), rng)); 40| 429| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE5stashERKNS_20ProjectiveCurvePointINS_6IntModINS3_7P521RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEESA_EE: 370| 429| static ProjectivePoint stash(const typename C::ProjectivePoint& pt) { 371| 429| auto x_w = pt.x().template stash_value(); 372| 429| auto y_w = pt.y().template stash_value(); 373| 429| auto z_w = pt.z().template stash_value(); 374| 429| return ProjectivePoint::_create(instance(), x_w, y_w, z_w); 375| 429| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE10from_stashERKNS0_15PrimeOrderCurve6ScalarE: 348| 1.53k| static typename C::Scalar from_stash(const Scalar& s) { 349| 1.53k| if(s._curve() != instance()) { ------------------ | Branch (349:13): [True: 0, False: 1.53k] ------------------ 350| 0| throw Invalid_Argument("Curve mismatch"); 351| 0| } 352| 1.53k| return C::Scalar::from_stash(s._value()); 353| 1.53k| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE5stashERKNS_6IntModINS_13MontgomeryRepINS_13EllipticCurveINS3_6ParamsENS3_7P521RepEE12ScalarParamsEEEEE: 344| 429| static Scalar stash(const typename C::Scalar& s) { 345| 429| return Scalar::_create(instance(), s.template stash_value()); 346| 429| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE10from_stashERKNS0_15PrimeOrderCurve11AffinePointE: 361| 3.11k| static typename C::AffinePoint from_stash(const AffinePoint& pt) { 362| 3.11k| if(pt._curve() != instance()) { ------------------ | Branch (362:13): [True: 0, False: 3.11k] ------------------ 363| 0| throw Invalid_Argument("Curve mismatch"); 364| 0| } 365| 3.11k| auto x = C::FieldElement::from_stash(pt._x()); 366| 3.11k| auto y = C::FieldElement::from_stash(pt._y()); 367| 3.11k| return typename C::AffinePoint(x, y); 368| 3.11k| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE10mul_x_onlyERKNS0_15PrimeOrderCurve11AffinePointERKNS6_6ScalarERNS_21RandomNumberGeneratorE: 49| 251| RandomNumberGenerator& rng) const override { 50| 251| auto tbl = WindowedBoothMulTable(from_stash(pt)); 51| 251| auto result = tbl.mul(from_stash(scalar), rng); 52| 251| BOTAN_STATE_CHECK(!result.is_identity().as_bool()); ------------------ | | 51| 251| do { \ | | 52| 251| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 251| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 251] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 251| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 251] | | ------------------ ------------------ 53| 251| auto pt_x = to_affine_x(result); 54| 251| secure_vector x_bytes(C::FieldElement::BYTES); 55| 251| pt_x.serialize_to(std::span{x_bytes}); 56| 251| return x_bytes; 57| 251| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE5stashERKNS_16AffineCurvePointINS_6IntModINS3_7P521RepINS_13EllipticCurveINS3_6ParamsES8_E11FieldParamsEEEEEEE: 355| 932| static AffinePoint stash(const typename C::AffinePoint& pt) { 356| 932| auto x_w = pt.x().template stash_value(); 357| 932| auto y_w = pt.y().template stash_value(); 358| 932| return AffinePoint::_create(instance(), x_w, y_w); 359| 932| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE17deserialize_pointENSt3__14spanIKhLm18446744073709551615EEE: 242| 584| std::optional deserialize_point(std::span bytes) const override { 243| | // The identity element (see SEC1 section 2.3.4) 244| | // TODO(Botan4) remove this - we should reject the identity encoding 245| 584| if(bytes.size() == 1 && bytes[0] == 0x00) { ------------------ | Branch (245:13): [True: 2, False: 582] | Branch (245:34): [True: 1, False: 1] ------------------ 246| 1| return stash(C::AffinePoint::identity()); 247| 1| } 248| | 249| 583| constexpr size_t FieldElementBytes = C::FieldElement::BYTES; 250| 583| constexpr size_t CompressedBytes = C::FieldElement::BYTES + 1; 251| 583| constexpr size_t UncompressedBytes = 2 * C::FieldElement::BYTES + 1; 252| | 253| 583| if(bytes.size() == UncompressedBytes && bytes[0] == 0x04) { ------------------ | Branch (253:13): [True: 317, False: 266] | Branch (253:50): [True: 315, False: 2] ------------------ 254| 315| const auto encoded_point = bytes.subspan(1); 255| 315| auto x = C::FieldElement::deserialize(encoded_point.first(FieldElementBytes)); 256| 315| auto y = C::FieldElement::deserialize(encoded_point.last(FieldElementBytes)); 257| | 258| 315| if(x && y) { ------------------ | Branch (258:16): [True: 314, False: 1] | Branch (258:21): [True: 313, False: 1] ------------------ 259| | // Check that y^2 = x^3 + ax + b 260| 313| const auto lhs = (*y).square(); 261| 313| const auto rhs = C::x3_ax_b(*x); 262| 313| const auto valid = (lhs == rhs); 263| 313| if(valid.as_bool()) { ------------------ | Branch (263:19): [True: 251, False: 62] ------------------ 264| 251| return stash(typename C::AffinePoint(*x, *y)); 265| 251| } 266| 313| } 267| 315| } else if(bytes.size() == CompressedBytes && (bytes[0] == 0x02 || bytes[0] == 0x03)) { ------------------ | Branch (267:20): [True: 258, False: 10] | Branch (267:56): [True: 23, False: 235] | Branch (267:76): [True: 234, False: 1] ------------------ 268| 257| const CT::Choice y_is_even = CT::Mask::is_equal(bytes[0], 0x02).as_choice(); 269| | 270| 257| if(auto x = C::FieldElement::deserialize(bytes.subspan(1, FieldElementBytes))) { ------------------ | Branch (270:21): [True: 255, False: 2] ------------------ 271| 255| if(auto y = sqrt_field_element(C::x3_ax_b(*x)).as_optional_vartime()) { ------------------ | Branch (271:24): [True: 251, False: 4] ------------------ 272| 251| return stash(typename C::AffinePoint(*x, y->correct_sign(y_is_even))); 273| 251| } 274| 255| } 275| 257| } 276| | 277| 81| return {}; 278| 583| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE15point_to_affineERKNS0_15PrimeOrderCurve15ProjectivePointE: 192| 429| AffinePoint point_to_affine(const ProjectivePoint& pt) const override { 193| 429| auto affine = to_affine(from_stash(pt)); 194| | 195| 429| const auto y2 = affine.y().square(); 196| 429| const auto x3_ax_b = C::x3_ax_b(affine.x()); 197| 429| const auto valid_point = affine.is_identity() || (y2 == x3_ax_b); 198| | 199| 429| BOTAN_ASSERT(valid_point.as_bool(), "Computed point is on the curve"); ------------------ | | 64| 429| do { \ | | 65| 429| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 429| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 429] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 429| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 429] | | ------------------ ------------------ 200| | 201| 429| return stash(affine); 202| 429| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE10from_stashERKNS0_15PrimeOrderCurve15ProjectivePointE: 377| 429| static typename C::ProjectivePoint from_stash(const ProjectivePoint& pt) { 378| 429| if(pt._curve() != instance()) { ------------------ | Branch (378:13): [True: 0, False: 429] ------------------ 379| 0| throw Invalid_Argument("Curve mismatch"); 380| 0| } 381| 429| auto x = C::FieldElement::from_stash(pt._x()); 382| 429| auto y = C::FieldElement::from_stash(pt._y()); 383| 429| auto z = C::FieldElement::from_stash(pt._z()); 384| 429| return typename C::ProjectivePoint(x, y, z); 385| 429| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE24affine_point_is_identityERKNS0_15PrimeOrderCurve11AffinePointE: 210| 1.43k| bool affine_point_is_identity(const AffinePoint& pt) const override { 211| 1.43k| return from_stash(pt).is_identity().as_bool(); 212| 1.43k| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE15serialize_pointENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve11AffinePointE: 214| 1.43k| void serialize_point(std::span bytes, const AffinePoint& pt) const override { 215| 1.43k| BOTAN_ARG_CHECK(bytes.size() == C::AffinePoint::BYTES, "Invalid length for serialize_point"); ------------------ | | 35| 1.43k| do { \ | | 36| 1.43k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 1.43k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 1.43k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 1.43k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 1.43k] | | ------------------ ------------------ 216| 1.43k| from_stash(pt).serialize_to(bytes.subspan<0, C::AffinePoint::BYTES>()); 217| 1.43k| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE16serialize_scalarENSt3__14spanIhLm18446744073709551615EEERKNS0_15PrimeOrderCurve6ScalarE: 219| 429| void serialize_scalar(std::span bytes, const Scalar& scalar) const override { 220| 429| BOTAN_ARG_CHECK(bytes.size() == C::Scalar::BYTES, "Invalid length to serialize_scalar"); ------------------ | | 35| 429| do { \ | | 36| 429| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 429| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 429] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 429| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 429] | | ------------------ ------------------ 221| 429| return from_stash(scalar).serialize_to(bytes.subspan<0, C::Scalar::BYTES>()); 222| 429| } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE14scalar_is_zeroERKNS0_15PrimeOrderCurve6ScalarE: 326| 429| bool scalar_is_zero(const Scalar& s) const override { return from_stash(s).is_zero().as_bool(); } pcurves_secp521r1.cpp:_ZNK5Botan6PCurve19PrimeOrderCurveImplINS0_12_GLOBAL__N_19secp521r15CurveEE13random_scalarERNS_21RandomNumberGeneratorE: 334| 429| Scalar random_scalar(RandomNumberGenerator& rng) const override { return stash(C::Scalar::random(rng)); } _ZN5Botan12mulx_polyvalERKNS_9SIMD_4x32E: 92| 93|BOTAN_FORCE_INLINE SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 mulx_polyval(const SIMD_4x32& h) { 93| 93| const auto V = SIMD_4x32(0x00000001, 0x00000000, 0x00000000, 0xc2000000); 94| | 95| | // Bitmask set iff the top bit of h is set 96| 93| const auto mask = h.top_bit_mask(); 97| | 98| | // Extract the top bits of the words and move them into place as the low bit of the next word 99| 93| auto top_bits = h.shr<31>().shift_elems_left<1>(); 100| | 101| | // The main shift, adding back in the top bits that are otherwise lost 102| 93| auto shifted_h = h.shl<1>() | top_bits; 103| | 104| 93| return shifted_h ^ (mask & V); 105| 93|} _ZN5Botan14reverse_vectorERKNS_9SIMD_4x32E: 16| 4.84k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_SIMD_4X32 SIMD_4x32 reverse_vector(const SIMD_4x32& in) { 17| 4.84k|#if defined(BOTAN_SIMD_USE_SSSE3) 18| 4.84k| const __m128i BSWAP_MASK = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); 19| 4.84k| return SIMD_4x32(_mm_shuffle_epi8(in.raw(), BSWAP_MASK)); 20| |#elif defined(BOTAN_SIMD_USE_NEON) 21| | const uint8_t maskb[16] = {15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0}; 22| | const uint8x16_t mask = vld1q_u8(maskb); 23| | return SIMD_4x32(vreinterpretq_u32_u8(vqtbl1q_u8(vreinterpretq_u8_u32(in.raw()), mask))); 24| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 25| | const __vector unsigned char mask = {15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0}; 26| | return SIMD_4x32(vec_perm(in.raw(), in.raw(), mask)); 27| |#endif 28| 4.84k|} _ZN5Botan16polyval_multiplyERKNS_9SIMD_4x32ES2_: 128| 794|BOTAN_FORCE_INLINE SIMD_4x32 BOTAN_FN_ISA_CLMUL polyval_multiply(const SIMD_4x32& H, const SIMD_4x32& x) { 129| 794| SIMD_4x32 hi = clmul<0x11>(H, x); 130| 794| const SIMD_4x32 mid = clmul<0x10>(H, x) ^ clmul<0x01>(H, x); 131| 794| SIMD_4x32 lo = clmul<0x00>(H, x); 132| | 133| 794| hi ^= mid.shift_elems_right<2>(); 134| 794| lo ^= mid.shift_elems_left<2>(); 135| | 136| 794| return polyval_reduce(hi, lo); 137| 794|} _ZN5Botan5clmulILi17EEENS_9SIMD_4x32ERKS1_S3_: 31| 4.57k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_CLMUL SIMD_4x32 clmul(const SIMD_4x32& H, const SIMD_4x32& x) { 32| 4.57k| static_assert(M == 0x00 || M == 0x01 || M == 0x10 || M == 0x11, "Valid clmul mode"); 33| | 34| 4.57k|#if defined(BOTAN_SIMD_USE_SSSE3) 35| 4.57k| return SIMD_4x32(_mm_clmulepi64_si128(x.raw(), H.raw(), M)); 36| |#elif defined(BOTAN_SIMD_USE_NEON) 37| | const uint64_t a = vgetq_lane_u64(vreinterpretq_u64_u32(x.raw()), M & 0x01); 38| | const uint64_t b = vgetq_lane_u64(vreinterpretq_u64_u32(H.raw()), (M & 0x10) >> 4); 39| | 40| | #if defined(BOTAN_BUILD_COMPILER_IS_MSVC) 41| | __n64 a1 = {a}, b1 = {b}; 42| | return SIMD_4x32(vmull_p64(a1, b1)); 43| | #else 44| | return SIMD_4x32(reinterpret_cast(vmull_p64(a, b))); 45| | #endif 46| | 47| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 48| | const SIMD_4x32 mask_lo = SIMD_4x32(0, 0, 0xFFFFFFFF, 0xFFFFFFFF); 49| | constexpr uint8_t flip = (std::endian::native == std::endian::big) ? 0x11 : 0x00; 50| | 51| | SIMD_4x32 i1 = x; 52| | SIMD_4x32 i2 = H; 53| | 54| | if constexpr(std::endian::native == std::endian::big) { 55| | i1 = reverse_vector(i1).bswap(); 56| | i2 = reverse_vector(i2).bswap(); 57| | } 58| | 59| | if constexpr(M == (0x11 ^ flip)) { 60| | i1 &= mask_lo; 61| | i2 &= mask_lo; 62| | } else if constexpr(M == (0x10 ^ flip)) { 63| | i1 = i1.shift_elems_left<2>(); 64| | } else if constexpr(M == (0x01 ^ flip)) { 65| | i2 = i2.shift_elems_left<2>(); 66| | } else if constexpr(M == (0x00 ^ flip)) { 67| | i1 = mask_lo.andc(i1); 68| | i2 = mask_lo.andc(i2); 69| | } 70| | 71| | auto i1v = reinterpret_cast<__vector unsigned long long>(i1.raw()); 72| | auto i2v = reinterpret_cast<__vector unsigned long long>(i2.raw()); 73| | 74| | #if BOTAN_COMPILER_HAS_BUILTIN(__builtin_crypto_vpmsumd) 75| | auto rv = __builtin_crypto_vpmsumd(i1v, i2v); 76| | #else 77| | auto rv = __builtin_altivec_crypto_vpmsumd(i1v, i2v); 78| | #endif 79| | 80| | auto z = SIMD_4x32(reinterpret_cast<__vector unsigned int>(rv)); 81| | 82| | if constexpr(std::endian::native == std::endian::big) { 83| | z = reverse_vector(z).bswap(); 84| | } 85| | 86| | return z; 87| |#endif 88| 4.57k|} _ZN5Botan5clmulILi16EEENS_9SIMD_4x32ERKS1_S3_: 31| 794|BOTAN_FORCE_INLINE BOTAN_FN_ISA_CLMUL SIMD_4x32 clmul(const SIMD_4x32& H, const SIMD_4x32& x) { 32| 794| static_assert(M == 0x00 || M == 0x01 || M == 0x10 || M == 0x11, "Valid clmul mode"); 33| | 34| 794|#if defined(BOTAN_SIMD_USE_SSSE3) 35| 794| return SIMD_4x32(_mm_clmulepi64_si128(x.raw(), H.raw(), M)); 36| |#elif defined(BOTAN_SIMD_USE_NEON) 37| | const uint64_t a = vgetq_lane_u64(vreinterpretq_u64_u32(x.raw()), M & 0x01); 38| | const uint64_t b = vgetq_lane_u64(vreinterpretq_u64_u32(H.raw()), (M & 0x10) >> 4); 39| | 40| | #if defined(BOTAN_BUILD_COMPILER_IS_MSVC) 41| | __n64 a1 = {a}, b1 = {b}; 42| | return SIMD_4x32(vmull_p64(a1, b1)); 43| | #else 44| | return SIMD_4x32(reinterpret_cast(vmull_p64(a, b))); 45| | #endif 46| | 47| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 48| | const SIMD_4x32 mask_lo = SIMD_4x32(0, 0, 0xFFFFFFFF, 0xFFFFFFFF); 49| | constexpr uint8_t flip = (std::endian::native == std::endian::big) ? 0x11 : 0x00; 50| | 51| | SIMD_4x32 i1 = x; 52| | SIMD_4x32 i2 = H; 53| | 54| | if constexpr(std::endian::native == std::endian::big) { 55| | i1 = reverse_vector(i1).bswap(); 56| | i2 = reverse_vector(i2).bswap(); 57| | } 58| | 59| | if constexpr(M == (0x11 ^ flip)) { 60| | i1 &= mask_lo; 61| | i2 &= mask_lo; 62| | } else if constexpr(M == (0x10 ^ flip)) { 63| | i1 = i1.shift_elems_left<2>(); 64| | } else if constexpr(M == (0x01 ^ flip)) { 65| | i2 = i2.shift_elems_left<2>(); 66| | } else if constexpr(M == (0x00 ^ flip)) { 67| | i1 = mask_lo.andc(i1); 68| | i2 = mask_lo.andc(i2); 69| | } 70| | 71| | auto i1v = reinterpret_cast<__vector unsigned long long>(i1.raw()); 72| | auto i2v = reinterpret_cast<__vector unsigned long long>(i2.raw()); 73| | 74| | #if BOTAN_COMPILER_HAS_BUILTIN(__builtin_crypto_vpmsumd) 75| | auto rv = __builtin_crypto_vpmsumd(i1v, i2v); 76| | #else 77| | auto rv = __builtin_altivec_crypto_vpmsumd(i1v, i2v); 78| | #endif 79| | 80| | auto z = SIMD_4x32(reinterpret_cast<__vector unsigned int>(rv)); 81| | 82| | if constexpr(std::endian::native == std::endian::big) { 83| | z = reverse_vector(z).bswap(); 84| | } 85| | 86| | return z; 87| |#endif 88| 794|} _ZN5Botan5clmulILi1EEENS_9SIMD_4x32ERKS1_S3_: 31| 794|BOTAN_FORCE_INLINE BOTAN_FN_ISA_CLMUL SIMD_4x32 clmul(const SIMD_4x32& H, const SIMD_4x32& x) { 32| 794| static_assert(M == 0x00 || M == 0x01 || M == 0x10 || M == 0x11, "Valid clmul mode"); 33| | 34| 794|#if defined(BOTAN_SIMD_USE_SSSE3) 35| 794| return SIMD_4x32(_mm_clmulepi64_si128(x.raw(), H.raw(), M)); 36| |#elif defined(BOTAN_SIMD_USE_NEON) 37| | const uint64_t a = vgetq_lane_u64(vreinterpretq_u64_u32(x.raw()), M & 0x01); 38| | const uint64_t b = vgetq_lane_u64(vreinterpretq_u64_u32(H.raw()), (M & 0x10) >> 4); 39| | 40| | #if defined(BOTAN_BUILD_COMPILER_IS_MSVC) 41| | __n64 a1 = {a}, b1 = {b}; 42| | return SIMD_4x32(vmull_p64(a1, b1)); 43| | #else 44| | return SIMD_4x32(reinterpret_cast(vmull_p64(a, b))); 45| | #endif 46| | 47| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 48| | const SIMD_4x32 mask_lo = SIMD_4x32(0, 0, 0xFFFFFFFF, 0xFFFFFFFF); 49| | constexpr uint8_t flip = (std::endian::native == std::endian::big) ? 0x11 : 0x00; 50| | 51| | SIMD_4x32 i1 = x; 52| | SIMD_4x32 i2 = H; 53| | 54| | if constexpr(std::endian::native == std::endian::big) { 55| | i1 = reverse_vector(i1).bswap(); 56| | i2 = reverse_vector(i2).bswap(); 57| | } 58| | 59| | if constexpr(M == (0x11 ^ flip)) { 60| | i1 &= mask_lo; 61| | i2 &= mask_lo; 62| | } else if constexpr(M == (0x10 ^ flip)) { 63| | i1 = i1.shift_elems_left<2>(); 64| | } else if constexpr(M == (0x01 ^ flip)) { 65| | i2 = i2.shift_elems_left<2>(); 66| | } else if constexpr(M == (0x00 ^ flip)) { 67| | i1 = mask_lo.andc(i1); 68| | i2 = mask_lo.andc(i2); 69| | } 70| | 71| | auto i1v = reinterpret_cast<__vector unsigned long long>(i1.raw()); 72| | auto i2v = reinterpret_cast<__vector unsigned long long>(i2.raw()); 73| | 74| | #if BOTAN_COMPILER_HAS_BUILTIN(__builtin_crypto_vpmsumd) 75| | auto rv = __builtin_crypto_vpmsumd(i1v, i2v); 76| | #else 77| | auto rv = __builtin_altivec_crypto_vpmsumd(i1v, i2v); 78| | #endif 79| | 80| | auto z = SIMD_4x32(reinterpret_cast<__vector unsigned int>(rv)); 81| | 82| | if constexpr(std::endian::native == std::endian::big) { 83| | z = reverse_vector(z).bswap(); 84| | } 85| | 86| | return z; 87| |#endif 88| 794|} _ZN5Botan5clmulILi0EEENS_9SIMD_4x32ERKS1_S3_: 31| 10.9k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_CLMUL SIMD_4x32 clmul(const SIMD_4x32& H, const SIMD_4x32& x) { 32| 10.9k| static_assert(M == 0x00 || M == 0x01 || M == 0x10 || M == 0x11, "Valid clmul mode"); 33| | 34| 10.9k|#if defined(BOTAN_SIMD_USE_SSSE3) 35| 10.9k| return SIMD_4x32(_mm_clmulepi64_si128(x.raw(), H.raw(), M)); 36| |#elif defined(BOTAN_SIMD_USE_NEON) 37| | const uint64_t a = vgetq_lane_u64(vreinterpretq_u64_u32(x.raw()), M & 0x01); 38| | const uint64_t b = vgetq_lane_u64(vreinterpretq_u64_u32(H.raw()), (M & 0x10) >> 4); 39| | 40| | #if defined(BOTAN_BUILD_COMPILER_IS_MSVC) 41| | __n64 a1 = {a}, b1 = {b}; 42| | return SIMD_4x32(vmull_p64(a1, b1)); 43| | #else 44| | return SIMD_4x32(reinterpret_cast(vmull_p64(a, b))); 45| | #endif 46| | 47| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 48| | const SIMD_4x32 mask_lo = SIMD_4x32(0, 0, 0xFFFFFFFF, 0xFFFFFFFF); 49| | constexpr uint8_t flip = (std::endian::native == std::endian::big) ? 0x11 : 0x00; 50| | 51| | SIMD_4x32 i1 = x; 52| | SIMD_4x32 i2 = H; 53| | 54| | if constexpr(std::endian::native == std::endian::big) { 55| | i1 = reverse_vector(i1).bswap(); 56| | i2 = reverse_vector(i2).bswap(); 57| | } 58| | 59| | if constexpr(M == (0x11 ^ flip)) { 60| | i1 &= mask_lo; 61| | i2 &= mask_lo; 62| | } else if constexpr(M == (0x10 ^ flip)) { 63| | i1 = i1.shift_elems_left<2>(); 64| | } else if constexpr(M == (0x01 ^ flip)) { 65| | i2 = i2.shift_elems_left<2>(); 66| | } else if constexpr(M == (0x00 ^ flip)) { 67| | i1 = mask_lo.andc(i1); 68| | i2 = mask_lo.andc(i2); 69| | } 70| | 71| | auto i1v = reinterpret_cast<__vector unsigned long long>(i1.raw()); 72| | auto i2v = reinterpret_cast<__vector unsigned long long>(i2.raw()); 73| | 74| | #if BOTAN_COMPILER_HAS_BUILTIN(__builtin_crypto_vpmsumd) 75| | auto rv = __builtin_crypto_vpmsumd(i1v, i2v); 76| | #else 77| | auto rv = __builtin_altivec_crypto_vpmsumd(i1v, i2v); 78| | #endif 79| | 80| | auto z = SIMD_4x32(reinterpret_cast<__vector unsigned int>(rv)); 81| | 82| | if constexpr(std::endian::native == std::endian::big) { 83| | z = reverse_vector(z).bswap(); 84| | } 85| | 86| | return z; 87| |#endif 88| 10.9k|} _ZN5Botan14polyval_reduceERKNS_9SIMD_4x32ES2_: 107| 1.28k|BOTAN_FORCE_INLINE SIMD_4x32 BOTAN_FN_ISA_CLMUL polyval_reduce(const SIMD_4x32& hi, const SIMD_4x32& lo) { 108| 1.28k| const SIMD_4x32 V(0, 0xC2000000, 0, 0); 109| | 110| | /* 111| | Montgomery reduction 112| | Input: 256-bit operand [X3 : X2 : X1 : X0] 113| | [A1 : A0] = X0 • 0xc200000000000000 114| | [B1 : B0] = [X0 ⨁ A1 : X1 ⨁ A0] 115| | [C1 : C0] = B0 • 0xc200000000000000 116| | [D1 : D0] = [B0 ⨁ C1 : B1 ⨁ C0] 117| | Output: [D1 ⨁ X3 : D0 ⨁ X2] 118| | */ 119| | 120| 1.28k| const auto A = clmul<0x00>(lo, V); 121| 1.28k| const auto B = A ^ lo.swap_halves(); 122| 1.28k| const auto C = clmul<0x00>(B, V); 123| 1.28k| const auto D = C ^ B.swap_halves(); 124| | 125| 1.28k| return D ^ hi; 126| 1.28k|} _ZN5Botan10TLS_12_PRFC2ENSt3__110unique_ptrINS_25MessageAuthenticationCodeENS1_14default_deleteIS3_EEEE: 28| 1.72k| explicit TLS_12_PRF(std::unique_ptr mac) : m_mac(std::move(mac)) {} _ZN5Botan4rotlILm5ETkNSt3__117unsigned_integralEjEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 25| 8.07M|{ 26| 8.07M| return static_cast((input << ROT) | (input >> (8 * sizeof(T) - ROT))); 27| 8.07M|} _ZN5Botan4rotrILm2ETkNSt3__117unsigned_integralEjEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 14.8M|{ 38| 14.8M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 14.8M|} _ZN5Botan4rotrILm22ETkNSt3__117unsigned_integralEjEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 14.8M|{ 38| 14.8M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 14.8M|} _ZN5Botan4rotrILm13ETkNSt3__117unsigned_integralEjEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 14.8M|{ 38| 14.8M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 14.8M|} _ZN5Botan3rhoILm2ELm13ELm22ETkNSt3__117unsigned_integralEjEET2_S2_: 53| 14.8M|BOTAN_FORCE_INLINE constexpr T rho(T x) { 54| 14.8M| return rotr(x) ^ rotr(x) ^ rotr(x); 55| 14.8M|} _ZN5Botan3rhoILm6ELm11ELm25ETkNSt3__117unsigned_integralEjEET2_S2_: 53| 14.8M|BOTAN_FORCE_INLINE constexpr T rho(T x) { 54| 14.8M| return rotr(x) ^ rotr(x) ^ rotr(x); 55| 14.8M|} _ZN5Botan4rotrILm6ETkNSt3__117unsigned_integralEjEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 14.8M|{ 38| 14.8M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 14.8M|} _ZN5Botan4rotrILm11ETkNSt3__117unsigned_integralEjEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 14.8M|{ 38| 14.8M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 14.8M|} _ZN5Botan4rotrILm25ETkNSt3__117unsigned_integralEjEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 14.8M|{ 38| 14.8M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 14.8M|} _ZN5Botan4rotrILm39ETkNSt3__117unsigned_integralEmEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 1.15M|{ 38| 1.15M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 1.15M|} _ZN5Botan4rotrILm34ETkNSt3__117unsigned_integralEmEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 1.15M|{ 38| 1.15M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 1.15M|} _ZN5Botan4rotrILm14ETkNSt3__117unsigned_integralEmEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 1.15M|{ 38| 1.15M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 1.15M|} _ZN5Botan4rotlILm30ETkNSt3__117unsigned_integralEjEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 25| 8.07M|{ 26| 8.07M| return static_cast((input << ROT) | (input >> (8 * sizeof(T) - ROT))); 27| 8.07M|} _ZN5Botan3rhoILm14ELm18ELm41ETkNSt3__117unsigned_integralEmEET2_S2_: 53| 1.15M|BOTAN_FORCE_INLINE constexpr T rho(T x) { 54| 1.15M| return rotr(x) ^ rotr(x) ^ rotr(x); 55| 1.15M|} _ZN5Botan4rotrILm18ETkNSt3__117unsigned_integralEmEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 1.15M|{ 38| 1.15M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 1.15M|} _ZN5Botan4rotrILm41ETkNSt3__117unsigned_integralEmEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 1.15M|{ 38| 1.15M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 1.15M|} _ZN5Botan3rhoILm28ELm34ELm39ETkNSt3__117unsigned_integralEmEET2_S2_: 53| 1.15M|BOTAN_FORCE_INLINE constexpr T rho(T x) { 54| 1.15M| return rotr(x) ^ rotr(x) ^ rotr(x); 55| 1.15M|} _ZN5Botan4rotrILm28ETkNSt3__117unsigned_integralEmEET0_S2_QaagtT_Li0EltT_mlLi8EstS2_: 37| 1.15M|{ 38| 1.15M| return static_cast((input >> ROT) | (input << (8 * sizeof(T) - ROT))); 39| 1.15M|} _ZN5Botan8round_upEmm: 26| 117k|constexpr inline size_t round_up(size_t n, size_t align_to) { 27| | // Arguably returning n in this case would also be sensible 28| 117k| BOTAN_ARG_CHECK(align_to != 0, "align_to must not be 0"); ------------------ | | 35| 117k| do { \ | | 36| 117k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 117k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 117k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 117k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 117k] | | ------------------ ------------------ 29| | 30| 117k| if(n % align_to > 0) { ------------------ | Branch (30:7): [True: 73.5k, False: 43.7k] ------------------ 31| 73.5k| const size_t adj = align_to - (n % align_to); 32| 73.5k| BOTAN_ARG_CHECK(n + adj >= n, "Integer overflow during rounding"); ------------------ | | 35| 73.5k| do { \ | | 36| 73.5k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 73.5k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 73.5k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 73.5k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 73.5k] | | ------------------ ------------------ 33| 73.5k| n += adj; 34| 73.5k| } 35| 117k| return n; 36| 117k|} _ZNK5Botan9SCAN_Name9arg_countEv: 49| 25.3k| size_t arg_count() const { return m_args.size(); } _ZNK5Botan9SCAN_Name9algo_nameEv: 44| 55.0k| const std::string& algo_name() const { return m_alg_name; } _ZN5Botan14scoped_cleanupIZNS_2CT13scoped_poisonIJNSt3__16vectorIhNS_16secure_allocatorIhEEEEEQaaaagtsZT_Li0Efraa10poisonableIT_Efraa12unpoisonableIS8_EEEDaDpRKS8_EUlvE_EC2ESC_: 26| 12| explicit scoped_cleanup(FunT cleanup) : m_cleanup(std::move(cleanup)) {} _ZN5Botan14scoped_cleanupIZNS_2CT13scoped_poisonIJNSt3__16vectorIhNS_16secure_allocatorIhEEEEEQaaaagtsZT_Li0Efraa10poisonableIT_Efraa12unpoisonableIS8_EEEDaDpRKS8_EUlvE_EC2EOSD_: 31| 12| scoped_cleanup(scoped_cleanup&& other) noexcept : m_cleanup(std::move(other.m_cleanup)) { other.disengage(); } _ZN5Botan14scoped_cleanupIZNS_2CT13scoped_poisonIJNSt3__16vectorIhNS_16secure_allocatorIhEEEEEQaaaagtsZT_Li0Efraa10poisonableIT_Efraa12unpoisonableIS8_EEEDaDpRKS8_EUlvE_E9disengageEv: 50| 12| void disengage() noexcept { m_cleanup.reset(); } _ZN5Botan14scoped_cleanupIZNS_2CT13scoped_poisonIJNSt3__16vectorIhNS_16secure_allocatorIhEEEEEQaaaagtsZT_Li0Efraa10poisonableIT_Efraa12unpoisonableIS8_EEEDaDpRKS8_EUlvE_ED2Ev: 41| 24| ~scoped_cleanup() { 42| 24| if(m_cleanup.has_value()) { ------------------ | Branch (42:13): [True: 12, False: 12] ------------------ 43| 12| (*m_cleanup)(); // NOLINT(bugprone-exception-escape) clang-tidy bug 44| 12| } 45| 24| } _ZNK5Botan5SHA_14nameEv: 32| 199| std::string name() const override { return "SHA-1"; } _ZNK5Botan5SHA_113output_lengthEv: 34| 28.5k| size_t output_length() const override { return 20; } _ZNK5Botan5SHA_115hash_block_sizeEv: 36| 135| size_t hash_block_size() const override { return block_bytes; } _ZN5Botan5SHA_15clearEv: 44| 135| void clear() override { m_md.clear(); } _ZN5Botan6SHA1_F2F1EjRjjjS1_j: 21| 2.01M|inline void F1(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uint32_t M) { 22| 2.01M| E += choose(B, C, D) + M + rotl<5>(A); 23| 2.01M| B = rotl<30>(B); 24| 2.01M|} _ZN5Botan6SHA1_F2F2EjRjjjS1_j: 26| 2.01M|inline void F2(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uint32_t M) { 27| 2.01M| E += (B ^ C ^ D) + M + rotl<5>(A); 28| 2.01M| B = rotl<30>(B); 29| 2.01M|} _ZN5Botan6SHA1_F2F3EjRjjjS1_j: 31| 2.01M|inline void F3(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uint32_t M) { 32| 2.01M| E += majority(B, C, D) + M + rotl<5>(A); 33| 2.01M| B = rotl<30>(B); 34| 2.01M|} _ZN5Botan6SHA1_F2F4EjRjjjS1_j: 37| 2.01M|inline void F4(uint32_t A, uint32_t& B, uint32_t C, uint32_t D, uint32_t& E, uint32_t M) { 38| 2.01M| E += (B ^ C ^ D) + M + rotl<5>(A); 39| 2.01M| B = rotl<30>(B); 40| 2.01M|} _ZNK5Botan7SHA_2564nameEv: 73| 67| std::string name() const override { return "SHA-256"; } _ZNK5Botan7SHA_25613output_lengthEv: 75| 98.3k| size_t output_length() const override { return output_bytes; } _ZNK5Botan7SHA_25615hash_block_sizeEv: 77| 10.0k| size_t hash_block_size() const override { return block_bytes; } _ZN5Botan7SHA_2565clearEv: 83| 11.2k| void clear() override { m_md.clear(); } _ZN5Botan9SHA2_32_FEjjjRjjjjS0_j: 42| 14.8M| uint32_t A, uint32_t B, uint32_t C, uint32_t& D, uint32_t E, uint32_t F, uint32_t G, uint32_t& H, uint32_t M) { 43| 14.8M| H += rho<6, 11, 25>(E) + choose(E, F, G) + M; 44| 14.8M| D += H; 45| 14.8M| H += rho<2, 13, 22>(A) + majority(A, B, C); 46| 14.8M|} _ZNK5Botan7SHA_3844nameEv: 32| 87| std::string name() const override { return "SHA-384"; } _ZNK5Botan7SHA_38413output_lengthEv: 34| 6.29k| size_t output_length() const override { return output_bytes; } _ZNK5Botan7SHA_38415hash_block_sizeEv: 36| 416| size_t hash_block_size() const override { return block_bytes; } _ZN5Botan7SHA_3845clearEv: 44| 698| void clear() override { m_md.clear(); } _ZN5Botan9SHA2_64_FEmmmRmmmmS0_m: 42| 1.15M| uint64_t A, uint64_t B, uint64_t C, uint64_t& D, uint64_t E, uint64_t F, uint64_t G, uint64_t& H, uint64_t M) { 43| 1.15M| H += rho<14, 18, 41>(E) + choose(E, F, G) + M; 44| 1.15M| D += H; 45| 1.15M| H += rho<28, 34, 39>(A) + majority(A, B, C); 46| 1.15M|} _ZN5Botan9SIMD_2x64C2Ev: 50| 107k| m_simd(_mm_setzero_si128()) 51| |#elif defined(BOTAN_SIMD_USE_SIMD128) 52| | m_simd(wasm_u64x2_const_splat(0)) 53| |#endif 54| 107k| { 55| 107k| } _ZN5Botan9SIMD_2x647load_beEPKv: 90| 107k| static SIMD_2x64 BOTAN_FN_ISA_SIMD_2X64 load_be(const void* in) { return SIMD_2x64::load_le(in).bswap(); } _ZNK5Botan9SIMD_2x645bswapEv: 100| 107k| SIMD_2x64 BOTAN_FN_ISA_SIMD_2X64 bswap() const { 101| 107k|#if defined(BOTAN_SIMD_USE_SSSE3) 102| 107k| const auto idx = _mm_set_epi8(8, 9, 10, 11, 12, 13, 14, 15, 0, 1, 2, 3, 4, 5, 6, 7); 103| 107k| return SIMD_2x64(_mm_shuffle_epi8(m_simd, idx)); 104| |#elif defined(BOTAN_SIMD_USE_SIMD128) 105| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 7, 6, 5, 4, 3, 2, 1, 0, 15, 14, 13, 12, 11, 10, 9, 8)); 106| |#endif 107| 107k| } _ZN5Botan9SIMD_2x64C2EDv2_x: 316| 4.20M| explicit BOTAN_FN_ISA_SIMD_2X64 SIMD_2x64(native_simd_type x) : m_simd(x) {} _ZNK5Botan9SIMD_2x64plERKS0_: 144| 1.83M| SIMD_2x64 BOTAN_FN_ISA_SIMD_2X64 operator+(const SIMD_2x64& other) const { 145| 1.83M| SIMD_2x64 retval(*this); 146| 1.83M| retval += other; 147| 1.83M| return retval; 148| 1.83M| } _ZN5Botan9SIMD_2x64pLERKS0_: 156| 1.83M| void BOTAN_FN_ISA_SIMD_2X64 operator+=(const SIMD_2x64& other) { 157| 1.83M|#if defined(BOTAN_SIMD_USE_SSSE3) 158| 1.83M| m_simd = _mm_add_epi64(m_simd, other.m_simd); 159| |#elif defined(BOTAN_SIMD_USE_SIMD128) 160| | m_simd = wasm_i64x2_add(m_simd, other.m_simd); 161| |#endif 162| 1.83M| } _ZN5Botan9SIMD_2x647load_leEPKv: 82| 647k| static SIMD_2x64 BOTAN_FN_ISA_SIMD_2X64 load_le(const void* in) { 83| 647k|#if defined(BOTAN_SIMD_USE_SSSE3) 84| 647k| return SIMD_2x64(_mm_loadu_si128(reinterpret_cast(in))); 85| |#elif defined(BOTAN_SIMD_USE_SIMD128) 86| | return SIMD_2x64(wasm_v128_load(in)); 87| |#endif 88| 647k| } _ZNK5Botan9SIMD_2x648store_leEPm: 126| 539k| void BOTAN_FN_ISA_SIMD_2X64 store_le(uint64_t out[2]) const { this->store_le(reinterpret_cast(out)); } _ZNK5Botan9SIMD_2x648store_leEPh: 128| 539k| void BOTAN_FN_ISA_SIMD_2X64 store_le(uint8_t out[]) const { 129| 539k|#if defined(BOTAN_SIMD_USE_SSSE3) 130| 539k| _mm_storeu_si128(reinterpret_cast<__m128i*>(out), m_simd); 131| |#elif defined(BOTAN_SIMD_USE_SIMD128) 132| | wasm_v128_store(out, m_simd); 133| |#endif 134| 539k| } _ZN5Botan9SIMD_2x647alignr8ERKS0_S2_: 240| 863k| static SIMD_2x64 BOTAN_FN_ISA_SIMD_2X64 alignr8(const SIMD_2x64& a, const SIMD_2x64& b) { 241| 863k|#if defined(BOTAN_SIMD_USE_SSSE3) 242| 863k| return SIMD_2x64(_mm_alignr_epi8(a.m_simd, b.m_simd, 8)); 243| |#elif defined(BOTAN_SIMD_USE_SIMD128) 244| | return SIMD_2x64( 245| | wasm_i8x16_shuffle(b.m_simd, a.m_simd, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)); 246| |#endif 247| 863k| } _ZNK5Botan9SIMD_2x644rotrILm1EEES0_vQaagtT_Li0EltT_Li64E: 184| 431k| { 185| 431k|#if defined(BOTAN_SIMD_USE_SSSE3) 186| | if constexpr(ROT == 8) { 187| | auto tab = _mm_setr_epi8(1, 2, 3, 4, 5, 6, 7, 0, 9, 10, 11, 12, 13, 14, 15, 8); 188| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 189| | } else if constexpr(ROT == 16) { 190| | auto tab = _mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9); 191| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 192| | } else if constexpr(ROT == 24) { 193| | auto tab = _mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10); 194| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 195| | } else if constexpr(ROT == 32) { 196| | auto tab = _mm_setr_epi8(4, 5, 6, 7, 0, 1, 2, 3, 12, 13, 14, 15, 8, 9, 10, 11); 197| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 198| 431k| } else { 199| 431k| return SIMD_2x64(_mm_or_si128(_mm_srli_epi64(m_simd, static_cast(ROT)), 200| 431k| _mm_slli_epi64(m_simd, static_cast(64 - ROT)))); 201| 431k| } 202| |#elif defined(BOTAN_SIMD_USE_SIMD128) 203| | if constexpr(ROT == 8) { 204| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 1, 2, 3, 4, 5, 6, 7, 0, 9, 10, 11, 12, 13, 14, 15, 8)); 205| | } else if constexpr(ROT == 16) { 206| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)); 207| | } else if constexpr(ROT == 24) { 208| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)); 209| | } else if constexpr(ROT == 32) { 210| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 4, 5, 6, 7, 0, 1, 2, 3, 12, 13, 14, 15, 8, 9, 10, 11)); 211| | } else { 212| | return SIMD_2x64(wasm_v128_or(wasm_u64x2_shr(m_simd, ROT), wasm_i64x2_shl(m_simd, 64 - ROT))); 213| | } 214| |#endif 215| 431k| } _ZNK5Botan9SIMD_2x64eoERKS0_: 150| 1.72M| SIMD_2x64 BOTAN_FN_ISA_SIMD_2X64 operator^(const SIMD_2x64& other) const { 151| 1.72M| SIMD_2x64 retval(*this); 152| 1.72M| retval ^= other; 153| 1.72M| return retval; 154| 1.72M| } _ZN5Botan9SIMD_2x64eOERKS0_: 164| 1.72M| void BOTAN_FN_ISA_SIMD_2X64 operator^=(const SIMD_2x64& other) { 165| 1.72M|#if defined(BOTAN_SIMD_USE_SSSE3) 166| 1.72M| m_simd = _mm_xor_si128(m_simd, other.m_simd); 167| |#elif defined(BOTAN_SIMD_USE_SIMD128) 168| | m_simd = wasm_v128_xor(m_simd, other.m_simd); 169| |#endif 170| 1.72M| } _ZNK5Botan9SIMD_2x644rotrILm8EEES0_vQaagtT_Li0EltT_Li64E: 184| 431k| { 185| 431k|#if defined(BOTAN_SIMD_USE_SSSE3) 186| 431k| if constexpr(ROT == 8) { 187| 431k| auto tab = _mm_setr_epi8(1, 2, 3, 4, 5, 6, 7, 0, 9, 10, 11, 12, 13, 14, 15, 8); 188| 431k| return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 189| | } else if constexpr(ROT == 16) { 190| | auto tab = _mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9); 191| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 192| | } else if constexpr(ROT == 24) { 193| | auto tab = _mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10); 194| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 195| | } else if constexpr(ROT == 32) { 196| | auto tab = _mm_setr_epi8(4, 5, 6, 7, 0, 1, 2, 3, 12, 13, 14, 15, 8, 9, 10, 11); 197| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 198| | } else { 199| | return SIMD_2x64(_mm_or_si128(_mm_srli_epi64(m_simd, static_cast(ROT)), 200| | _mm_slli_epi64(m_simd, static_cast(64 - ROT)))); 201| | } 202| |#elif defined(BOTAN_SIMD_USE_SIMD128) 203| | if constexpr(ROT == 8) { 204| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 1, 2, 3, 4, 5, 6, 7, 0, 9, 10, 11, 12, 13, 14, 15, 8)); 205| | } else if constexpr(ROT == 16) { 206| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)); 207| | } else if constexpr(ROT == 24) { 208| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)); 209| | } else if constexpr(ROT == 32) { 210| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 4, 5, 6, 7, 0, 1, 2, 3, 12, 13, 14, 15, 8, 9, 10, 11)); 211| | } else { 212| | return SIMD_2x64(wasm_v128_or(wasm_u64x2_shr(m_simd, ROT), wasm_i64x2_shl(m_simd, 64 - ROT))); 213| | } 214| |#endif 215| 431k| } _ZNK5Botan9SIMD_2x643shrILi7EEES0_v: 223| 431k| SIMD_2x64 BOTAN_FN_ISA_SIMD_2X64 shr() const noexcept { 224| 431k|#if defined(BOTAN_SIMD_USE_SSSE3) 225| 431k| return SIMD_2x64(_mm_srli_epi64(m_simd, SHIFT)); 226| |#elif defined(BOTAN_SIMD_USE_SIMD128) 227| | return SIMD_2x64(wasm_u64x2_shr(m_simd, SHIFT)); 228| |#endif 229| 431k| } _ZNK5Botan9SIMD_2x644rotrILm19EEES0_vQaagtT_Li0EltT_Li64E: 184| 431k| { 185| 431k|#if defined(BOTAN_SIMD_USE_SSSE3) 186| | if constexpr(ROT == 8) { 187| | auto tab = _mm_setr_epi8(1, 2, 3, 4, 5, 6, 7, 0, 9, 10, 11, 12, 13, 14, 15, 8); 188| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 189| | } else if constexpr(ROT == 16) { 190| | auto tab = _mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9); 191| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 192| | } else if constexpr(ROT == 24) { 193| | auto tab = _mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10); 194| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 195| | } else if constexpr(ROT == 32) { 196| | auto tab = _mm_setr_epi8(4, 5, 6, 7, 0, 1, 2, 3, 12, 13, 14, 15, 8, 9, 10, 11); 197| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 198| 431k| } else { 199| 431k| return SIMD_2x64(_mm_or_si128(_mm_srli_epi64(m_simd, static_cast(ROT)), 200| 431k| _mm_slli_epi64(m_simd, static_cast(64 - ROT)))); 201| 431k| } 202| |#elif defined(BOTAN_SIMD_USE_SIMD128) 203| | if constexpr(ROT == 8) { 204| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 1, 2, 3, 4, 5, 6, 7, 0, 9, 10, 11, 12, 13, 14, 15, 8)); 205| | } else if constexpr(ROT == 16) { 206| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)); 207| | } else if constexpr(ROT == 24) { 208| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)); 209| | } else if constexpr(ROT == 32) { 210| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 4, 5, 6, 7, 0, 1, 2, 3, 12, 13, 14, 15, 8, 9, 10, 11)); 211| | } else { 212| | return SIMD_2x64(wasm_v128_or(wasm_u64x2_shr(m_simd, ROT), wasm_i64x2_shl(m_simd, 64 - ROT))); 213| | } 214| |#endif 215| 431k| } _ZNK5Botan9SIMD_2x644rotrILm61EEES0_vQaagtT_Li0EltT_Li64E: 184| 431k| { 185| 431k|#if defined(BOTAN_SIMD_USE_SSSE3) 186| | if constexpr(ROT == 8) { 187| | auto tab = _mm_setr_epi8(1, 2, 3, 4, 5, 6, 7, 0, 9, 10, 11, 12, 13, 14, 15, 8); 188| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 189| | } else if constexpr(ROT == 16) { 190| | auto tab = _mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9); 191| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 192| | } else if constexpr(ROT == 24) { 193| | auto tab = _mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10); 194| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 195| | } else if constexpr(ROT == 32) { 196| | auto tab = _mm_setr_epi8(4, 5, 6, 7, 0, 1, 2, 3, 12, 13, 14, 15, 8, 9, 10, 11); 197| | return SIMD_2x64(_mm_shuffle_epi8(m_simd, tab)); 198| 431k| } else { 199| 431k| return SIMD_2x64(_mm_or_si128(_mm_srli_epi64(m_simd, static_cast(ROT)), 200| 431k| _mm_slli_epi64(m_simd, static_cast(64 - ROT)))); 201| 431k| } 202| |#elif defined(BOTAN_SIMD_USE_SIMD128) 203| | if constexpr(ROT == 8) { 204| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 1, 2, 3, 4, 5, 6, 7, 0, 9, 10, 11, 12, 13, 14, 15, 8)); 205| | } else if constexpr(ROT == 16) { 206| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)); 207| | } else if constexpr(ROT == 24) { 208| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)); 209| | } else if constexpr(ROT == 32) { 210| | return SIMD_2x64(wasm_i8x16_shuffle(m_simd, m_simd, 4, 5, 6, 7, 0, 1, 2, 3, 12, 13, 14, 15, 8, 9, 10, 11)); 211| | } else { 212| | return SIMD_2x64(wasm_v128_or(wasm_u64x2_shr(m_simd, ROT), wasm_i64x2_shl(m_simd, 64 - ROT))); 213| | } 214| |#endif 215| 431k| } _ZNK5Botan9SIMD_2x643shrILi6EEES0_v: 223| 431k| SIMD_2x64 BOTAN_FN_ISA_SIMD_2X64 shr() const noexcept { 224| 431k|#if defined(BOTAN_SIMD_USE_SSSE3) 225| 431k| return SIMD_2x64(_mm_srli_epi64(m_simd, SHIFT)); 226| |#elif defined(BOTAN_SIMD_USE_SIMD128) 227| | return SIMD_2x64(wasm_u64x2_shr(m_simd, SHIFT)); 228| |#endif 229| 431k| } _ZN5Botan9SIMD_4x32C2Ev: 86| 733k| BOTAN_FN_ISA_SIMD_4X32 SIMD_4x32() noexcept { 87| 733k|#if defined(BOTAN_SIMD_USE_SSSE3) 88| 733k| m_simd = _mm_setzero_si128(); 89| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 90| | m_simd = vec_splat_u32(0); 91| |#elif defined(BOTAN_SIMD_USE_NEON) 92| | m_simd = vdupq_n_u32(0); 93| |#elif defined(BOTAN_SIMD_USE_LSX) 94| | m_simd = __lsx_vldi(0); 95| |#elif defined(BOTAN_SIMD_USE_SIMD128) 96| | m_simd = wasm_u32x4_const_splat(0); 97| |#endif 98| 733k| } _ZN5Botan9SIMD_4x3212byte_shuffleERKS0_S2_: 803| 4.39M| static inline SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 byte_shuffle(const SIMD_4x32& tbl, const SIMD_4x32& idx) { 804| 4.39M|#if defined(BOTAN_SIMD_USE_SSSE3) 805| 4.39M| return SIMD_4x32(_mm_shuffle_epi8(tbl.raw(), idx.raw())); 806| |#elif defined(BOTAN_SIMD_USE_NEON) 807| | const uint8x16_t tbl8 = vreinterpretq_u8_u32(tbl.raw()); 808| | const uint8x16_t idx8 = vreinterpretq_u8_u32(idx.raw()); 809| | 810| | #if defined(BOTAN_TARGET_ARCH_IS_ARM32) 811| | const uint8x8x2_t tbl2 = {vget_low_u8(tbl8), vget_high_u8(tbl8)}; 812| | 813| | return SIMD_4x32( 814| | vreinterpretq_u32_u8(vcombine_u8(vtbl2_u8(tbl2, vget_low_u8(idx8)), vtbl2_u8(tbl2, vget_high_u8(idx8))))); 815| | #else 816| | return SIMD_4x32(vreinterpretq_u32_u8(vqtbl1q_u8(tbl8, idx8))); 817| | #endif 818| | 819| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 820| | const auto r = vec_perm(reinterpret_cast<__vector signed char>(tbl.raw()), 821| | reinterpret_cast<__vector signed char>(tbl.raw()), 822| | reinterpret_cast<__vector unsigned char>(idx.raw())); 823| | return SIMD_4x32(reinterpret_cast<__vector unsigned int>(r)); 824| |#elif defined(BOTAN_SIMD_USE_LSX) 825| | return SIMD_4x32(__lsx_vshuf_b(tbl.raw(), tbl.raw(), idx.raw())); 826| |#elif defined(BOTAN_SIMD_USE_SIMD128) 827| | return SIMD_4x32(wasm_i8x16_swizzle(tbl.raw(), idx.raw())); 828| |#endif 829| 4.39M| } _ZNK5Botan9SIMD_4x323rawEv: 942| 35.0M| native_simd_type BOTAN_FN_ISA_SIMD_4X32 raw() const noexcept { return m_simd; } _ZN5Botan9SIMD_4x32C2EDv2_x: 944| 42.1M| explicit BOTAN_FN_ISA_SIMD_4X32 SIMD_4x32(native_simd_type x) noexcept : m_simd(x) {} _ZN5Botan9SIMD_4x327load_leEPKv: 162| 3.74M| static SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 load_le(const void* in) noexcept { 163| 3.74M|#if defined(BOTAN_SIMD_USE_SSSE3) 164| 3.74M| return SIMD_4x32(_mm_loadu_si128(reinterpret_cast(in))); 165| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 166| | uint32_t R0 = Botan::load_le(reinterpret_cast(in), 0); 167| | uint32_t R1 = Botan::load_le(reinterpret_cast(in), 1); 168| | uint32_t R2 = Botan::load_le(reinterpret_cast(in), 2); 169| | uint32_t R3 = Botan::load_le(reinterpret_cast(in), 3); 170| | __vector unsigned int val = {R0, R1, R2, R3}; 171| | return SIMD_4x32(val); 172| |#elif defined(BOTAN_SIMD_USE_NEON) 173| | SIMD_4x32 l(vld1q_u32(static_cast(in))); 174| | if constexpr(std::endian::native == std::endian::big) { 175| | return l.bswap(); 176| | } else { 177| | return l; 178| | } 179| |#elif defined(BOTAN_SIMD_USE_LSX) 180| | return SIMD_4x32(__lsx_vld(in, 0)); 181| |#elif defined(BOTAN_SIMD_USE_SIMD128) 182| | return SIMD_4x32(wasm_v128_load(in)); 183| |#endif 184| 3.74M| } _ZN5Botan9SIMD_4x32C2Ejjjj: 103| 4.39M| BOTAN_FN_ISA_SIMD_4X32 SIMD_4x32(uint32_t B0, uint32_t B1, uint32_t B2, uint32_t B3) noexcept { 104| 4.39M|#if defined(BOTAN_SIMD_USE_SSSE3) 105| 4.39M| m_simd = _mm_set_epi32(B3, B2, B1, B0); 106| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 107| | __vector unsigned int val = {B0, B1, B2, B3}; 108| | m_simd = val; 109| |#elif defined(BOTAN_SIMD_USE_NEON) 110| | // Better way to do this? 111| | const uint32_t B[4] = {B0, B1, B2, B3}; 112| | m_simd = vld1q_u32(B); 113| |#elif defined(BOTAN_SIMD_USE_LSX) 114| | // Better way to do this? 115| | const uint32_t B[4] = {B0, B1, B2, B3}; 116| | m_simd = __lsx_vld(B, 0); 117| |#elif defined(BOTAN_SIMD_USE_SIMD128) 118| | m_simd = wasm_u32x4_make(B0, B1, B2, B3); 119| |#endif 120| 4.39M| } _ZNK5Botan9SIMD_4x32anERKS0_: 421| 93| SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 operator&(const SIMD_4x32& other) const noexcept { 422| 93| SIMD_4x32 retval(*this); 423| 93| retval &= other; 424| 93| return retval; 425| 93| } _ZN5Botan9SIMD_4x32aNERKS0_: 485| 93| void BOTAN_FN_ISA_SIMD_4X32 operator&=(const SIMD_4x32& other) noexcept { 486| 93|#if defined(BOTAN_SIMD_USE_SSSE3) 487| 93| m_simd = _mm_and_si128(m_simd, other.m_simd); 488| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 489| | m_simd = vec_and(m_simd, other.m_simd); 490| |#elif defined(BOTAN_SIMD_USE_NEON) 491| | m_simd = vandq_u32(m_simd, other.m_simd); 492| |#elif defined(BOTAN_SIMD_USE_LSX) 493| | m_simd = __lsx_vand_v(m_simd, other.m_simd); 494| |#elif defined(BOTAN_SIMD_USE_SIMD128) 495| | m_simd = wasm_v128_and(m_simd, other.m_simd); 496| |#endif 497| 93| } _ZNK5Botan9SIMD_4x32eoERKS0_: 403| 11.0M| SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 operator^(const SIMD_4x32& other) const noexcept { 404| 11.0M| SIMD_4x32 retval(*this); 405| 11.0M| retval ^= other; 406| 11.0M| return retval; 407| 11.0M| } _ZNK5Botan9SIMD_4x3211swap_halvesEv: 934| 2.56k| inline SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 swap_halves() const { 935| 2.56k|#if defined(BOTAN_SIMD_USE_SSSE3) 936| 2.56k| return SIMD_4x32(_mm_shuffle_epi32(raw(), 0b01001110)); 937| |#else 938| | return SIMD_4x32::alignr8(*this, *this); 939| |#endif 940| 2.56k| } _ZN5Botan9SIMD_4x32eOERKS0_: 455| 17.6M| void BOTAN_FN_ISA_SIMD_4X32 operator^=(const SIMD_4x32& other) noexcept { 456| 17.6M|#if defined(BOTAN_SIMD_USE_SSSE3) 457| 17.6M| m_simd = _mm_xor_si128(m_simd, other.m_simd); 458| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 459| | m_simd = vec_xor(m_simd, other.m_simd); 460| |#elif defined(BOTAN_SIMD_USE_NEON) 461| | m_simd = veorq_u32(m_simd, other.m_simd); 462| |#elif defined(BOTAN_SIMD_USE_LSX) 463| | m_simd = __lsx_vxor_v(m_simd, other.m_simd); 464| |#elif defined(BOTAN_SIMD_USE_SIMD128) 465| | m_simd = wasm_v128_xor(m_simd, other.m_simd); 466| |#endif 467| 17.6M| } _ZNK5Botan9SIMD_4x32orERKS0_: 412| 93| SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 operator|(const SIMD_4x32& other) const noexcept { 413| 93| SIMD_4x32 retval(*this); 414| 93| retval |= other; 415| 93| return retval; 416| 93| } _ZN5Botan9SIMD_4x32oRERKS0_: 471| 93| void BOTAN_FN_ISA_SIMD_4X32 operator|=(const SIMD_4x32& other) noexcept { 472| 93|#if defined(BOTAN_SIMD_USE_SSSE3) 473| 93| m_simd = _mm_or_si128(m_simd, other.m_simd); 474| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 475| | m_simd = vec_or(m_simd, other.m_simd); 476| |#elif defined(BOTAN_SIMD_USE_NEON) 477| | m_simd = vorrq_u32(m_simd, other.m_simd); 478| |#elif defined(BOTAN_SIMD_USE_LSX) 479| | m_simd = __lsx_vor_v(m_simd, other.m_simd); 480| |#elif defined(BOTAN_SIMD_USE_SIMD128) 481| | m_simd = wasm_v128_or(m_simd, other.m_simd); 482| |#endif 483| 93| } _ZNK5Botan9SIMD_4x328store_leEPh: 234| 2.96M| void BOTAN_FN_ISA_SIMD_4X32 store_le(uint8_t out[]) const noexcept { 235| 2.96M|#if defined(BOTAN_SIMD_USE_SSSE3) 236| | 237| 2.96M| _mm_storeu_si128(reinterpret_cast<__m128i*>(out), raw()); 238| | 239| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 240| | 241| | union { 242| | __vector unsigned int V; 243| | uint32_t R[4]; 244| | } vec{}; 245| | 246| | // NOLINTNEXTLINE(*-union-access) 247| | vec.V = raw(); 248| | // NOLINTNEXTLINE(*-union-access) 249| | Botan::store_le(out, vec.R[0], vec.R[1], vec.R[2], vec.R[3]); 250| | 251| |#elif defined(BOTAN_SIMD_USE_NEON) 252| | if constexpr(std::endian::native == std::endian::little) { 253| | vst1q_u8(out, vreinterpretq_u8_u32(m_simd)); 254| | } else { 255| | vst1q_u8(out, vreinterpretq_u8_u32(bswap().m_simd)); 256| | } 257| |#elif defined(BOTAN_SIMD_USE_LSX) 258| | __lsx_vst(raw(), out, 0); 259| |#elif defined(BOTAN_SIMD_USE_SIMD128) 260| | wasm_v128_store(out, m_simd); 261| |#endif 262| 2.96M| } _ZN5Botan9SIMD_4x327load_beEPKv: 189| 732k| static SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 load_be(const void* in) noexcept { 190| 732k|#if defined(BOTAN_SIMD_USE_SSSE3) || defined(BOTAN_SIMD_USE_LSX) || defined(BOTAN_SIMD_USE_SIMD128) 191| 732k| return load_le(in).bswap(); 192| | 193| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 194| | uint32_t R0 = Botan::load_be(reinterpret_cast(in), 0); 195| | uint32_t R1 = Botan::load_be(reinterpret_cast(in), 1); 196| | uint32_t R2 = Botan::load_be(reinterpret_cast(in), 2); 197| | uint32_t R3 = Botan::load_be(reinterpret_cast(in), 3); 198| | __vector unsigned int val = {R0, R1, R2, R3}; 199| | return SIMD_4x32(val); 200| | 201| |#elif defined(BOTAN_SIMD_USE_NEON) 202| | SIMD_4x32 l(vld1q_u32(static_cast(in))); 203| | if constexpr(std::endian::native == std::endian::little) { 204| | return l.bswap(); 205| | } else { 206| | return l; 207| | } 208| |#endif 209| 732k| } _ZNK5Botan9SIMD_4x328store_leEPj: 219| 2.94M| void BOTAN_FN_ISA_SIMD_4X32 store_le(uint32_t out[4]) const noexcept { 220| 2.94M| this->store_le(reinterpret_cast(out)); 221| 2.94M| } _ZNK5Botan9SIMD_4x328store_leEPm: 227| 540| void BOTAN_FN_ISA_SIMD_4X32 store_le(uint64_t out[2]) const noexcept { 228| 540| this->store_le(reinterpret_cast(out)); 229| 540| } _ZNK5Botan9SIMD_4x32plERKS0_: 385| 2.93M| SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 operator+(const SIMD_4x32& other) const noexcept { 386| 2.93M| SIMD_4x32 retval(*this); 387| 2.93M| retval += other; 388| 2.93M| return retval; 389| 2.93M| } _ZN5Botan9SIMD_4x32pLERKS0_: 427| 11.7M| void BOTAN_FN_ISA_SIMD_4X32 operator+=(const SIMD_4x32& other) noexcept { 428| 11.7M|#if defined(BOTAN_SIMD_USE_SSSE3) 429| 11.7M| m_simd = _mm_add_epi32(m_simd, other.m_simd); 430| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 431| | m_simd = vec_add(m_simd, other.m_simd); 432| |#elif defined(BOTAN_SIMD_USE_NEON) 433| | m_simd = vaddq_u32(m_simd, other.m_simd); 434| |#elif defined(BOTAN_SIMD_USE_LSX) 435| | m_simd = __lsx_vadd_w(m_simd, other.m_simd); 436| |#elif defined(BOTAN_SIMD_USE_SIMD128) 437| | m_simd = wasm_i32x4_add(m_simd, other.m_simd); 438| |#endif 439| 11.7M| } _ZNK5Botan9SIMD_4x325bswapEv: 576| 732k| BOTAN_FN_ISA_SIMD_4X32 SIMD_4x32 bswap() const noexcept { 577| 732k|#if defined(BOTAN_SIMD_USE_SSSE3) 578| 732k| const auto idx = _mm_set_epi8(12, 13, 14, 15, 8, 9, 10, 11, 4, 5, 6, 7, 0, 1, 2, 3); 579| | 580| 732k| return SIMD_4x32(_mm_shuffle_epi8(raw(), idx)); 581| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 582| | #ifdef BOTAN_SIMD_USE_VSX 583| | return SIMD_4x32(vec_revb(m_simd)); 584| | #else 585| | const __vector unsigned char rev[1] = { 586| | {3, 2, 1, 0, 7, 6, 5, 4, 11, 10, 9, 8, 15, 14, 13, 12}, 587| | }; 588| | 589| | return SIMD_4x32(vec_perm(m_simd, m_simd, rev[0])); 590| | #endif 591| | 592| |#elif defined(BOTAN_SIMD_USE_NEON) 593| | return SIMD_4x32(vreinterpretq_u32_u8(vrev32q_u8(vreinterpretq_u8_u32(m_simd)))); 594| |#elif defined(BOTAN_SIMD_USE_LSX) 595| | return SIMD_4x32(__lsx_vshuf4i_b(m_simd, 0b00011011)); 596| |#elif defined(BOTAN_SIMD_USE_SIMD128) 597| | return SIMD_4x32(wasm_i8x16_shuffle(m_simd, m_simd, 3, 2, 1, 0, 7, 6, 5, 4, 11, 10, 9, 8, 15, 14, 13, 12)); 598| |#endif 599| 732k| } _ZNK5Botan9SIMD_4x3212top_bit_maskEv: 909| 93| inline SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 top_bit_mask() const { 910| 93|#if defined(BOTAN_SIMD_USE_SSSE3) 911| 93| return SIMD_4x32(_mm_shuffle_epi32(_mm_srai_epi32(raw(), 31), 0b11111111)); 912| |#elif defined(BOTAN_SIMD_USE_NEON) 913| | #if defined(BOTAN_TARGET_ARCH_IS_ARM32) 914| | int32x4_t v = vshrq_n_s32(vreinterpretq_s32_u32(raw()), 31); 915| | int32x2_t hi = vget_high_s32(v); 916| | return SIMD_4x32(vreinterpretq_u32_s32(vdupq_lane_s32(hi, 1))); 917| | #else 918| | return SIMD_4x32(vreinterpretq_u32_s32(vdupq_laneq_s32(vshrq_n_s32(vreinterpretq_s32_u32(raw()), 31), 3))); 919| | #endif 920| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 921| | const __vector unsigned int shift = vec_splats(31U); 922| | const __vector signed int shifted = vec_sra(reinterpret_cast<__vector signed int>(raw()), shift); 923| | return SIMD_4x32(reinterpret_cast<__vector unsigned int>(vec_splat(shifted, 3))); 924| |#elif defined(BOTAN_SIMD_USE_LSX) 925| | return SIMD_4x32(__lsx_vshuf4i_w(__lsx_vsrai_w(raw(), 31), 0xFF)); 926| |#elif defined(BOTAN_SIMD_USE_SIMD128) 927| | return SIMD_4x32(wasm_i32x4_splat(wasm_i32x4_extract_lane(wasm_i32x4_shr(raw(), 31), 3))); 928| |#endif 929| 93| } _ZNK5Botan9SIMD_4x323shlILi14EEES0_vQaagtT_Li0EltT_Li32E: 502| 2.19M| { 503| 2.19M|#if defined(BOTAN_SIMD_USE_SSSE3) 504| 2.19M| return SIMD_4x32(_mm_slli_epi32(m_simd, SHIFT)); 505| | 506| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 507| | const unsigned int s = static_cast(SHIFT); 508| | const __vector unsigned int shifts = {s, s, s, s}; 509| | return SIMD_4x32(vec_sl(m_simd, shifts)); 510| |#elif defined(BOTAN_SIMD_USE_NEON) 511| | return SIMD_4x32(vshlq_n_u32(m_simd, SHIFT)); 512| |#elif defined(BOTAN_SIMD_USE_LSX) 513| | return SIMD_4x32(__lsx_vslli_w(m_simd, SHIFT)); 514| |#elif defined(BOTAN_SIMD_USE_SIMD128) 515| | return SIMD_4x32(wasm_i32x4_shl(m_simd, SHIFT)); 516| |#endif 517| 2.19M| } _ZNK5Botan9SIMD_4x323shrILi7EEES0_v: 520| 2.19M| SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 shr() const noexcept { 521| 2.19M|#if defined(BOTAN_SIMD_USE_SSSE3) 522| 2.19M| return SIMD_4x32(_mm_srli_epi32(m_simd, SHIFT)); 523| | 524| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 525| | const unsigned int s = static_cast(SHIFT); 526| | const __vector unsigned int shifts = {s, s, s, s}; 527| | return SIMD_4x32(vec_sr(m_simd, shifts)); 528| |#elif defined(BOTAN_SIMD_USE_NEON) 529| | return SIMD_4x32(vshrq_n_u32(m_simd, SHIFT)); 530| |#elif defined(BOTAN_SIMD_USE_LSX) 531| | return SIMD_4x32(__lsx_vsrli_w(m_simd, SHIFT)); 532| |#elif defined(BOTAN_SIMD_USE_SIMD128) 533| | return SIMD_4x32(wasm_u32x4_shr(m_simd, SHIFT)); 534| |#endif 535| 2.19M| } _ZNK5Botan9SIMD_4x323shrILi3EEES0_v: 520| 2.19M| SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 shr() const noexcept { 521| 2.19M|#if defined(BOTAN_SIMD_USE_SSSE3) 522| 2.19M| return SIMD_4x32(_mm_srli_epi32(m_simd, SHIFT)); 523| | 524| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 525| | const unsigned int s = static_cast(SHIFT); 526| | const __vector unsigned int shifts = {s, s, s, s}; 527| | return SIMD_4x32(vec_sr(m_simd, shifts)); 528| |#elif defined(BOTAN_SIMD_USE_NEON) 529| | return SIMD_4x32(vshrq_n_u32(m_simd, SHIFT)); 530| |#elif defined(BOTAN_SIMD_USE_LSX) 531| | return SIMD_4x32(__lsx_vsrli_w(m_simd, SHIFT)); 532| |#elif defined(BOTAN_SIMD_USE_SIMD128) 533| | return SIMD_4x32(wasm_u32x4_shr(m_simd, SHIFT)); 534| |#endif 535| 2.19M| } _ZNK5Botan9SIMD_4x323shrILi11EEES0_v: 520| 2.19M| SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 shr() const noexcept { 521| 2.19M|#if defined(BOTAN_SIMD_USE_SSSE3) 522| 2.19M| return SIMD_4x32(_mm_srli_epi32(m_simd, SHIFT)); 523| | 524| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 525| | const unsigned int s = static_cast(SHIFT); 526| | const __vector unsigned int shifts = {s, s, s, s}; 527| | return SIMD_4x32(vec_sr(m_simd, shifts)); 528| |#elif defined(BOTAN_SIMD_USE_NEON) 529| | return SIMD_4x32(vshrq_n_u32(m_simd, SHIFT)); 530| |#elif defined(BOTAN_SIMD_USE_LSX) 531| | return SIMD_4x32(__lsx_vsrli_w(m_simd, SHIFT)); 532| |#elif defined(BOTAN_SIMD_USE_SIMD128) 533| | return SIMD_4x32(wasm_u32x4_shr(m_simd, SHIFT)); 534| |#endif 535| 2.19M| } _ZNK5Botan9SIMD_4x323shlILi11EEES0_vQaagtT_Li0EltT_Li32E: 502| 2.19M| { 503| 2.19M|#if defined(BOTAN_SIMD_USE_SSSE3) 504| 2.19M| return SIMD_4x32(_mm_slli_epi32(m_simd, SHIFT)); 505| | 506| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 507| | const unsigned int s = static_cast(SHIFT); 508| | const __vector unsigned int shifts = {s, s, s, s}; 509| | return SIMD_4x32(vec_sl(m_simd, shifts)); 510| |#elif defined(BOTAN_SIMD_USE_NEON) 511| | return SIMD_4x32(vshlq_n_u32(m_simd, SHIFT)); 512| |#elif defined(BOTAN_SIMD_USE_LSX) 513| | return SIMD_4x32(__lsx_vslli_w(m_simd, SHIFT)); 514| |#elif defined(BOTAN_SIMD_USE_SIMD128) 515| | return SIMD_4x32(wasm_i32x4_shl(m_simd, SHIFT)); 516| |#endif 517| 2.19M| } _ZNK5Botan9SIMD_4x323shrILi10EEES0_v: 520| 4.39M| SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 shr() const noexcept { 521| 4.39M|#if defined(BOTAN_SIMD_USE_SSSE3) 522| 4.39M| return SIMD_4x32(_mm_srli_epi32(m_simd, SHIFT)); 523| | 524| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 525| | const unsigned int s = static_cast(SHIFT); 526| | const __vector unsigned int shifts = {s, s, s, s}; 527| | return SIMD_4x32(vec_sr(m_simd, shifts)); 528| |#elif defined(BOTAN_SIMD_USE_NEON) 529| | return SIMD_4x32(vshrq_n_u32(m_simd, SHIFT)); 530| |#elif defined(BOTAN_SIMD_USE_LSX) 531| | return SIMD_4x32(__lsx_vsrli_w(m_simd, SHIFT)); 532| |#elif defined(BOTAN_SIMD_USE_SIMD128) 533| | return SIMD_4x32(wasm_u32x4_shr(m_simd, SHIFT)); 534| |#endif 535| 4.39M| } _ZNK5Botan9SIMD_4x3217shift_elems_rightILm2EEES0_vQleT_Li3E: 641| 8.83k| { 642| 8.83k|#if defined(BOTAN_SIMD_USE_SSSE3) 643| 8.83k| return SIMD_4x32(_mm_srli_si128(raw(), 4 * I)); 644| |#elif defined(BOTAN_SIMD_USE_NEON) 645| | return SIMD_4x32(vextq_u32(raw(), vdupq_n_u32(0), I)); 646| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 647| | const __vector unsigned int zero = vec_splat_u32(0); 648| | 649| | const __vector unsigned char shuf[3] = { 650| | {4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19}, 651| | {8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23}, 652| | {12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27}, 653| | }; 654| | 655| | return SIMD_4x32(vec_perm(raw(), zero, shuf[I - 1])); 656| |#elif defined(BOTAN_SIMD_USE_LSX) 657| | return SIMD_4x32(__lsx_vbsrl_v(raw(), 4 * I)); 658| |#elif defined(BOTAN_SIMD_USE_SIMD128) 659| | if constexpr(I == 0) { 660| | return SIMD_4x32(m_simd); 661| | } 662| | 663| | const auto zero = wasm_u32x4_const_splat(0); 664| | if constexpr(I == 1) { 665| | return SIMD_4x32( 666| | wasm_i8x16_shuffle(m_simd, zero, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 16, 16, 16)); 667| | } 668| | if constexpr(I == 2) { 669| | return SIMD_4x32( 670| | wasm_i8x16_shuffle(m_simd, zero, 8, 9, 10, 11, 12, 13, 14, 15, 16, 16, 16, 16, 16, 16, 16, 16)); 671| | } 672| | 673| | return SIMD_4x32( 674| | wasm_i8x16_shuffle(m_simd, zero, 12, 13, 14, 15, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16)); 675| |#endif 676| 8.83k| } _ZNK5Botan9SIMD_4x323shrILi31EEES0_v: 520| 93| SIMD_4x32 BOTAN_FN_ISA_SIMD_4X32 shr() const noexcept { 521| 93|#if defined(BOTAN_SIMD_USE_SSSE3) 522| 93| return SIMD_4x32(_mm_srli_epi32(m_simd, SHIFT)); 523| | 524| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 525| | const unsigned int s = static_cast(SHIFT); 526| | const __vector unsigned int shifts = {s, s, s, s}; 527| | return SIMD_4x32(vec_sr(m_simd, shifts)); 528| |#elif defined(BOTAN_SIMD_USE_NEON) 529| | return SIMD_4x32(vshrq_n_u32(m_simd, SHIFT)); 530| |#elif defined(BOTAN_SIMD_USE_LSX) 531| | return SIMD_4x32(__lsx_vsrli_w(m_simd, SHIFT)); 532| |#elif defined(BOTAN_SIMD_USE_SIMD128) 533| | return SIMD_4x32(wasm_u32x4_shr(m_simd, SHIFT)); 534| |#endif 535| 93| } _ZNK5Botan9SIMD_4x3216shift_elems_leftILm1EEES0_vQleT_Li3E: 604| 13.7k| { 605| 13.7k|#if defined(BOTAN_SIMD_USE_SSSE3) 606| 13.7k| return SIMD_4x32(_mm_slli_si128(raw(), 4 * I)); 607| |#elif defined(BOTAN_SIMD_USE_NEON) 608| | return SIMD_4x32(vextq_u32(vdupq_n_u32(0), raw(), 4 - I)); 609| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 610| | const __vector unsigned int zero = vec_splat_u32(0); 611| | 612| | const __vector unsigned char shuf[3] = { 613| | {16, 17, 18, 19, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11}, 614| | {16, 17, 18, 19, 20, 21, 22, 23, 0, 1, 2, 3, 4, 5, 6, 7}, 615| | {16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 0, 1, 2, 3}, 616| | }; 617| | 618| | return SIMD_4x32(vec_perm(raw(), zero, shuf[I - 1])); 619| |#elif defined(BOTAN_SIMD_USE_LSX) 620| | return SIMD_4x32(__lsx_vbsll_v(raw(), 4 * I)); 621| |#elif defined(BOTAN_SIMD_USE_SIMD128) 622| | if constexpr(I == 0) { 623| | return SIMD_4x32(m_simd); 624| | } 625| | 626| | const auto zero = wasm_u32x4_const_splat(0); 627| | if constexpr(I == 1) { 628| | return SIMD_4x32(wasm_i8x16_shuffle(m_simd, zero, 16, 16, 16, 16, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11)); 629| | } 630| | if constexpr(I == 2) { 631| | return SIMD_4x32(wasm_i8x16_shuffle(m_simd, zero, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 2, 3, 4, 5, 6, 7)); 632| | } 633| | 634| | return SIMD_4x32(wasm_i8x16_shuffle(m_simd, zero, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 2, 3)); 635| |#endif 636| 13.7k| } _ZNK5Botan9SIMD_4x323shlILi1EEES0_vQaagtT_Li0EltT_Li32E: 502| 93| { 503| 93|#if defined(BOTAN_SIMD_USE_SSSE3) 504| 93| return SIMD_4x32(_mm_slli_epi32(m_simd, SHIFT)); 505| | 506| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 507| | const unsigned int s = static_cast(SHIFT); 508| | const __vector unsigned int shifts = {s, s, s, s}; 509| | return SIMD_4x32(vec_sl(m_simd, shifts)); 510| |#elif defined(BOTAN_SIMD_USE_NEON) 511| | return SIMD_4x32(vshlq_n_u32(m_simd, SHIFT)); 512| |#elif defined(BOTAN_SIMD_USE_LSX) 513| | return SIMD_4x32(__lsx_vslli_w(m_simd, SHIFT)); 514| |#elif defined(BOTAN_SIMD_USE_SIMD128) 515| | return SIMD_4x32(wasm_i32x4_shl(m_simd, SHIFT)); 516| |#endif 517| 93| } _ZNK5Botan9SIMD_4x3216shift_elems_leftILm2EEES0_vQleT_Li3E: 604| 1.28k| { 605| 1.28k|#if defined(BOTAN_SIMD_USE_SSSE3) 606| 1.28k| return SIMD_4x32(_mm_slli_si128(raw(), 4 * I)); 607| |#elif defined(BOTAN_SIMD_USE_NEON) 608| | return SIMD_4x32(vextq_u32(vdupq_n_u32(0), raw(), 4 - I)); 609| |#elif defined(BOTAN_SIMD_USE_ALTIVEC) 610| | const __vector unsigned int zero = vec_splat_u32(0); 611| | 612| | const __vector unsigned char shuf[3] = { 613| | {16, 17, 18, 19, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11}, 614| | {16, 17, 18, 19, 20, 21, 22, 23, 0, 1, 2, 3, 4, 5, 6, 7}, 615| | {16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 0, 1, 2, 3}, 616| | }; 617| | 618| | return SIMD_4x32(vec_perm(raw(), zero, shuf[I - 1])); 619| |#elif defined(BOTAN_SIMD_USE_LSX) 620| | return SIMD_4x32(__lsx_vbsll_v(raw(), 4 * I)); 621| |#elif defined(BOTAN_SIMD_USE_SIMD128) 622| | if constexpr(I == 0) { 623| | return SIMD_4x32(m_simd); 624| | } 625| | 626| | const auto zero = wasm_u32x4_const_splat(0); 627| | if constexpr(I == 1) { 628| | return SIMD_4x32(wasm_i8x16_shuffle(m_simd, zero, 16, 16, 16, 16, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11)); 629| | } 630| | if constexpr(I == 2) { 631| | return SIMD_4x32(wasm_i8x16_shuffle(m_simd, zero, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 2, 3, 4, 5, 6, 7)); 632| | } 633| | 634| | return SIMD_4x32(wasm_i8x16_shuffle(m_simd, zero, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 2, 3)); 635| |#endif 636| 1.28k| } _ZN5Botan9SIMD_4x64C2Ev: 34| 3.76k| BOTAN_FN_ISA_SIMD_4X64 SIMD_4x64() : m_simd(_mm256_setzero_si256()) {} _ZNK5Botan9SIMD_4x645bswapEv: 56| 3.76k| SIMD_4x64 BOTAN_FN_ISA_SIMD_4X64 bswap() const { 57| 3.76k| const auto idx = _mm256_set_epi8( 58| 3.76k| 8, 9, 10, 11, 12, 13, 14, 15, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0, 1, 2, 3, 4, 5, 6, 7); 59| | 60| 3.76k| return SIMD_4x64(_mm256_shuffle_epi8(m_simd, idx)); 61| 3.76k| } _ZN5Botan9SIMD_4x64C2EDv4_x: 196| 146k| explicit BOTAN_FN_ISA_SIMD_4X64 SIMD_4x64(__m256i x) : m_simd(x) {} _ZN5Botan9SIMD_4x64eOERKS0_: 103| 60.2k| BOTAN_FN_ISA_SIMD_4X64 void operator^=(const SIMD_4x64& other) { 104| 60.2k| m_simd = _mm256_xor_si256(m_simd, other.m_simd); 105| 60.2k| } _ZNK5Botan9SIMD_4x64eoERKS0_: 81| 60.2k| SIMD_4x64 BOTAN_FN_ISA_SIMD_4X64 operator^(const SIMD_4x64& other) const { 82| 60.2k| SIMD_4x64 retval(*this); 83| 60.2k| retval ^= other; 84| 60.2k| return retval; 85| 60.2k| } _ZN5Botan9SIMD_4x648load_le2EPKvS2_: 37| 3.76k| static BOTAN_FN_ISA_SIMD_4X64 SIMD_4x64 load_le2(const void* lo, const void* hi) { 38| 3.76k| return SIMD_4x64( 39| 3.76k| _mm256_loadu2_m128i(reinterpret_cast(lo), reinterpret_cast(hi))); 40| 3.76k| } _ZN5Botan9SIMD_4x648load_be2EPKvS2_: 42| 3.76k| static BOTAN_FN_ISA_SIMD_4X64 SIMD_4x64 load_be2(const void* lo, const void* hi) { 43| 3.76k| return SIMD_4x64::load_le2(lo, hi).bswap(); 44| 3.76k| } _ZN5Botan9SIMD_4x6414broadcast_2x64EPKm: 52| 18.8k| static BOTAN_FN_ISA_SIMD_4X64 SIMD_4x64 broadcast_2x64(const uint64_t* in) { 53| 18.8k| return SIMD_4x64(_mm256_broadcastsi128_si256(_mm_loadu_si128(reinterpret_cast(in)))); 54| 18.8k| } _ZN5Botan9SIMD_4x649store_le2EPvS1_: 69| 18.8k| BOTAN_FN_ISA_SIMD_4X64 void store_le2(void* outh, void* outl) { 70| 18.8k| _mm256_storeu2_m128i(reinterpret_cast<__m128i*>(outh), reinterpret_cast<__m128i*>(outl), m_simd); 71| 18.8k| } _ZNK5Botan9SIMD_4x64plERKS0_: 75| 64.0k| SIMD_4x64 BOTAN_FN_ISA_SIMD_4X64 operator+(const SIMD_4x64& other) const { 76| 64.0k| SIMD_4x64 retval(*this); 77| 64.0k| retval += other; 78| 64.0k| return retval; 79| 64.0k| } _ZN5Botan9SIMD_4x64pLERKS0_: 99| 64.0k| BOTAN_FN_ISA_SIMD_4X64 void operator+=(const SIMD_4x64& other) { 100| 64.0k| m_simd = _mm256_add_epi64(m_simd, other.m_simd); 101| 64.0k| } _ZN5Botan9SIMD_4x647alignr8ERKS0_S2_: 162| 30.1k| static SIMD_4x64 BOTAN_FN_ISA_SIMD_4X64 alignr8(const SIMD_4x64& a, const SIMD_4x64& b) { 163| | return SIMD_4x64(_mm256_alignr_epi8(a.m_simd, b.m_simd, 8)); 164| 30.1k| } _ZNK5Botan9SIMD_4x644rotrILm1EEES0_vQaagtT_Li0EltT_Li64E: 116| 15.0k| { 117| |#if defined(__AVX512VL__) 118| | return SIMD_4x64(_mm256_ror_epi64(m_simd, ROT)); 119| |#else 120| | if constexpr(ROT == 8) { 121| | auto shuf_rot_8 = 122| | _mm256_set_epi64x(0x080f0e0d0c0b0a09, 0x0007060504030201, 0x080f0e0d0c0b0a09, 0x0007060504030201); 123| | 124| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_8)); 125| | } else if constexpr(ROT == 16) { 126| | auto shuf_rot_16 = 127| | _mm256_set_epi64x(0x09080f0e0d0c0b0a, 0x0100070605040302, 0x09080f0e0d0c0b0a, 0x0100070605040302); 128| | 129| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_16)); 130| | } else if constexpr(ROT == 24) { 131| | auto shuf_rot_24 = 132| | _mm256_set_epi64x(0x0a09080f0e0d0c0b, 0x0201000706050403, 0x0a09080f0e0d0c0b, 0x0201000706050403); 133| | 134| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_24)); 135| | } else if constexpr(ROT == 32) { 136| | auto shuf_rot_32 = 137| | _mm256_set_epi64x(0x0b0a09080f0e0d0c, 0x0302010007060504, 0x0b0a09080f0e0d0c, 0x0302010007060504); 138| | 139| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_32)); 140| 15.0k| } else { 141| 15.0k| return SIMD_4x64(_mm256_or_si256(_mm256_srli_epi64(m_simd, static_cast(ROT)), 142| 15.0k| _mm256_slli_epi64(m_simd, static_cast(64 - ROT)))); 143| 15.0k| } 144| 15.0k|#endif 145| 15.0k| } _ZNK5Botan9SIMD_4x644rotrILm8EEES0_vQaagtT_Li0EltT_Li64E: 116| 15.0k| { 117| |#if defined(__AVX512VL__) 118| | return SIMD_4x64(_mm256_ror_epi64(m_simd, ROT)); 119| |#else 120| 15.0k| if constexpr(ROT == 8) { 121| 15.0k| auto shuf_rot_8 = 122| 15.0k| _mm256_set_epi64x(0x080f0e0d0c0b0a09, 0x0007060504030201, 0x080f0e0d0c0b0a09, 0x0007060504030201); 123| | 124| 15.0k| return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_8)); 125| | } else if constexpr(ROT == 16) { 126| | auto shuf_rot_16 = 127| | _mm256_set_epi64x(0x09080f0e0d0c0b0a, 0x0100070605040302, 0x09080f0e0d0c0b0a, 0x0100070605040302); 128| | 129| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_16)); 130| | } else if constexpr(ROT == 24) { 131| | auto shuf_rot_24 = 132| | _mm256_set_epi64x(0x0a09080f0e0d0c0b, 0x0201000706050403, 0x0a09080f0e0d0c0b, 0x0201000706050403); 133| | 134| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_24)); 135| | } else if constexpr(ROT == 32) { 136| | auto shuf_rot_32 = 137| | _mm256_set_epi64x(0x0b0a09080f0e0d0c, 0x0302010007060504, 0x0b0a09080f0e0d0c, 0x0302010007060504); 138| | 139| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_32)); 140| | } else { 141| | return SIMD_4x64(_mm256_or_si256(_mm256_srli_epi64(m_simd, static_cast(ROT)), 142| | _mm256_slli_epi64(m_simd, static_cast(64 - ROT)))); 143| | } 144| 15.0k|#endif 145| 15.0k| } _ZNK5Botan9SIMD_4x643shrILi7EEES0_v: 153| 15.0k| SIMD_4x64 BOTAN_FN_ISA_SIMD_4X64 shr() const noexcept { 154| 15.0k| return SIMD_4x64(_mm256_srli_epi64(m_simd, SHIFT)); 155| 15.0k| } _ZNK5Botan9SIMD_4x644rotrILm19EEES0_vQaagtT_Li0EltT_Li64E: 116| 15.0k| { 117| |#if defined(__AVX512VL__) 118| | return SIMD_4x64(_mm256_ror_epi64(m_simd, ROT)); 119| |#else 120| | if constexpr(ROT == 8) { 121| | auto shuf_rot_8 = 122| | _mm256_set_epi64x(0x080f0e0d0c0b0a09, 0x0007060504030201, 0x080f0e0d0c0b0a09, 0x0007060504030201); 123| | 124| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_8)); 125| | } else if constexpr(ROT == 16) { 126| | auto shuf_rot_16 = 127| | _mm256_set_epi64x(0x09080f0e0d0c0b0a, 0x0100070605040302, 0x09080f0e0d0c0b0a, 0x0100070605040302); 128| | 129| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_16)); 130| | } else if constexpr(ROT == 24) { 131| | auto shuf_rot_24 = 132| | _mm256_set_epi64x(0x0a09080f0e0d0c0b, 0x0201000706050403, 0x0a09080f0e0d0c0b, 0x0201000706050403); 133| | 134| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_24)); 135| | } else if constexpr(ROT == 32) { 136| | auto shuf_rot_32 = 137| | _mm256_set_epi64x(0x0b0a09080f0e0d0c, 0x0302010007060504, 0x0b0a09080f0e0d0c, 0x0302010007060504); 138| | 139| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_32)); 140| 15.0k| } else { 141| 15.0k| return SIMD_4x64(_mm256_or_si256(_mm256_srli_epi64(m_simd, static_cast(ROT)), 142| 15.0k| _mm256_slli_epi64(m_simd, static_cast(64 - ROT)))); 143| 15.0k| } 144| 15.0k|#endif 145| 15.0k| } _ZNK5Botan9SIMD_4x644rotrILm61EEES0_vQaagtT_Li0EltT_Li64E: 116| 15.0k| { 117| |#if defined(__AVX512VL__) 118| | return SIMD_4x64(_mm256_ror_epi64(m_simd, ROT)); 119| |#else 120| | if constexpr(ROT == 8) { 121| | auto shuf_rot_8 = 122| | _mm256_set_epi64x(0x080f0e0d0c0b0a09, 0x0007060504030201, 0x080f0e0d0c0b0a09, 0x0007060504030201); 123| | 124| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_8)); 125| | } else if constexpr(ROT == 16) { 126| | auto shuf_rot_16 = 127| | _mm256_set_epi64x(0x09080f0e0d0c0b0a, 0x0100070605040302, 0x09080f0e0d0c0b0a, 0x0100070605040302); 128| | 129| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_16)); 130| | } else if constexpr(ROT == 24) { 131| | auto shuf_rot_24 = 132| | _mm256_set_epi64x(0x0a09080f0e0d0c0b, 0x0201000706050403, 0x0a09080f0e0d0c0b, 0x0201000706050403); 133| | 134| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_24)); 135| | } else if constexpr(ROT == 32) { 136| | auto shuf_rot_32 = 137| | _mm256_set_epi64x(0x0b0a09080f0e0d0c, 0x0302010007060504, 0x0b0a09080f0e0d0c, 0x0302010007060504); 138| | 139| | return SIMD_4x64(_mm256_shuffle_epi8(m_simd, shuf_rot_32)); 140| 15.0k| } else { 141| 15.0k| return SIMD_4x64(_mm256_or_si256(_mm256_srli_epi64(m_simd, static_cast(ROT)), 142| 15.0k| _mm256_slli_epi64(m_simd, static_cast(64 - ROT)))); 143| 15.0k| } 144| 15.0k|#endif 145| 15.0k| } _ZNK5Botan9SIMD_4x643shrILi6EEES0_v: 153| 15.0k| SIMD_4x64 BOTAN_FN_ISA_SIMD_4X64 shr() const noexcept { 154| 15.0k| return SIMD_4x64(_mm256_srli_epi64(m_simd, SHIFT)); 155| 15.0k| } _ZN5Botan9SIMD_8x32C2Ev: 30| 99.1k| BOTAN_FORCE_INLINE SIMD_8x32() noexcept : m_avx2(_mm256_setzero_si256()) {} _ZN5Botan9SIMD_8x32C2Ejjjjjjjj: 46| 120k| uint32_t B7) noexcept { 47| | // NOLINTNEXTLINE(*-prefer-member-initializer) 48| 120k| m_avx2 = _mm256_set_epi32(B7, B6, B5, B4, B3, B2, B1, B0); 49| 120k| } _ZN5Botan9SIMD_8x32C2Ejjjj: 52| 594k| explicit SIMD_8x32(uint32_t B0, uint32_t B1, uint32_t B2, uint32_t B3) noexcept { 53| | // NOLINTNEXTLINE(*-prefer-member-initializer) 54| 594k| m_avx2 = _mm256_set_epi32(B3, B2, B1, B0, B3, B2, B1, B0); 55| 594k| } _ZN5Botan9SIMD_8x325splatEj: 58| 764k| static SIMD_8x32 splat(uint32_t B) noexcept { return SIMD_8x32(_mm256_set1_epi32(B)); } _ZN5Botan9SIMD_8x327load_leEPKh: 61| 117k| static SIMD_8x32 load_le(const uint8_t* in) noexcept { 62| 117k| return SIMD_8x32(_mm256_loadu_si256(reinterpret_cast(in))); 63| 117k| } _ZN5Botan9SIMD_8x3210load_le128EPKh: 71| 22| static SIMD_8x32 load_le128(const uint8_t* in) noexcept { 72| 22| return SIMD_8x32(_mm256_broadcastsi128_si256(_mm_loadu_si128(reinterpret_cast(in)))); 73| 22| } _ZN5Botan9SIMD_8x3210load_le128EPKj: 76| 396k| static SIMD_8x32 load_le128(const uint32_t* in) noexcept { 77| 396k| return SIMD_8x32(_mm256_broadcastsi128_si256(_mm_loadu_si128(reinterpret_cast(in)))); 78| 396k| } _ZN5Botan9SIMD_8x327load_beEPKh: 81| 114k| static SIMD_8x32 load_be(const uint8_t* in) noexcept { return load_le(in).bswap(); } _ZNK5Botan9SIMD_8x328store_leEPh: 84| 52.1k| void store_le(uint8_t out[]) const noexcept { _mm256_storeu_si256(reinterpret_cast<__m256i*>(out), m_avx2); } _ZNK5Botan9SIMD_8x328store_leEPj: 87| 571k| void store_le(uint32_t out[]) const noexcept { _mm256_storeu_si256(reinterpret_cast<__m256i*>(out), m_avx2); } _ZN5Botan9SIMD_8x3210load_be128EPKhS2_: 101| 186k| static SIMD_8x32 load_be128(const uint8_t in1[], const uint8_t in2[]) noexcept { 102| 186k| return SIMD_8x32( 103| 186k| _mm256_loadu2_m128i(reinterpret_cast(in2), reinterpret_cast(in1))) 104| 186k| .bswap(); 105| 186k| } _ZNK5Botan9SIMD_8x3211store_le128EPjS1_: 108| 834k| void store_le128(uint32_t out1[], uint32_t out2[]) const noexcept { 109| 834k| _mm256_storeu2_m128i(reinterpret_cast<__m128i*>(out2), reinterpret_cast<__m128i*>(out1), raw()); 110| 834k| } _ZNK5Botan9SIMD_8x32plERKS0_: 164| 1.41M| SIMD_8x32 operator+(const SIMD_8x32& other) const noexcept { 165| 1.41M| SIMD_8x32 retval(*this); 166| 1.41M| retval += other; 167| 1.41M| return retval; 168| 1.41M| } _ZNK5Botan9SIMD_8x32eoERKS0_: 178| 1.94M| SIMD_8x32 operator^(const SIMD_8x32& other) const noexcept { 179| 1.94M| SIMD_8x32 retval(*this); 180| 1.94M| retval ^= other; 181| 1.94M| return retval; 182| 1.94M| } _ZN5Botan9SIMD_8x32pLERKS0_: 199| 3.64M| void operator+=(const SIMD_8x32& other) { m_avx2 = _mm256_add_epi32(m_avx2, other.m_avx2); } _ZN5Botan9SIMD_8x32eOERKS0_: 205| 7.04M| void operator^=(const SIMD_8x32& other) { m_avx2 = _mm256_xor_si256(m_avx2, other.m_avx2); } _ZNK5Botan9SIMD_8x325bswapEv: 238| 300k| SIMD_8x32 bswap() const noexcept { 239| 300k| alignas(32) const uint8_t BSWAP_TBL[32] = {3, 2, 1, 0, 7, 6, 5, 4, 11, 10, 9, 8, 15, 14, 13, 12, 240| 300k| 19, 18, 17, 16, 23, 22, 21, 20, 27, 26, 25, 24, 31, 30, 29, 28}; 241| | 242| 300k| const __m256i bswap = _mm256_load_si256(reinterpret_cast(BSWAP_TBL)); 243| | 244| 300k| const __m256i output = _mm256_shuffle_epi8(m_avx2, bswap); 245| | 246| 300k| return SIMD_8x32(output); 247| 300k| } _ZN5Botan9SIMD_8x329transposeERS0_S1_S1_S1_: 264| 12.2k| static void transpose(SIMD_8x32& B0, SIMD_8x32& B1, SIMD_8x32& B2, SIMD_8x32& B3) noexcept { 265| 12.2k| const __m256i T0 = _mm256_unpacklo_epi32(B0.m_avx2, B1.m_avx2); 266| 12.2k| const __m256i T1 = _mm256_unpacklo_epi32(B2.m_avx2, B3.m_avx2); 267| 12.2k| const __m256i T2 = _mm256_unpackhi_epi32(B0.m_avx2, B1.m_avx2); 268| 12.2k| const __m256i T3 = _mm256_unpackhi_epi32(B2.m_avx2, B3.m_avx2); 269| | 270| 12.2k| B0.m_avx2 = _mm256_unpacklo_epi64(T0, T1); 271| 12.2k| B1.m_avx2 = _mm256_unpackhi_epi64(T0, T1); 272| 12.2k| B2.m_avx2 = _mm256_unpacklo_epi64(T2, T3); 273| 12.2k| B3.m_avx2 = _mm256_unpackhi_epi64(T2, T3); 274| 12.2k| } _ZN5Botan9SIMD_8x329transposeERS0_S1_S1_S1_S1_S1_S1_S1_: 302| 6.14k| SIMD_8x32& B7) noexcept { 303| 6.14k| transpose(B0, B1, B2, B3); 304| 6.14k| transpose(B4, B5, B6, B7); 305| | 306| 6.14k| swap_tops(B0, B4); 307| 6.14k| swap_tops(B1, B5); 308| 6.14k| swap_tops(B2, B6); 309| 6.14k| swap_tops(B3, B7); 310| 6.14k| } _ZN5Botan9SIMD_8x3212byte_shuffleERKS0_S2_: 330| 596k| static inline SIMD_8x32 BOTAN_FN_ISA_AVX2 byte_shuffle(const SIMD_8x32& tbl, const SIMD_8x32& idx) { 331| 596k| return SIMD_8x32(_mm256_shuffle_epi8(tbl.raw(), idx.raw())); 332| 596k| } _ZN5Botan9SIMD_8x3215reset_registersEv: 335| 3.07k| static void reset_registers() noexcept { _mm256_zeroupper(); } _ZN5Botan9SIMD_8x3214zero_registersEv: 338| 3.07k| static void zero_registers() noexcept { _mm256_zeroall(); } _ZNK5Botan9SIMD_8x323rawEv: 340| 8.32M| __m256i BOTAN_FN_ISA_AVX2 raw() const noexcept { return m_avx2; } _ZN5Botan9SIMD_8x32C2EDv4_x: 343| 12.8M| explicit SIMD_8x32(__m256i x) noexcept : m_avx2(x) {} _ZN5Botan9SIMD_8x329swap_topsERS0_S1_: 347| 24.5k| static void swap_tops(SIMD_8x32& A, SIMD_8x32& B) { 348| 24.5k| auto T0 = SIMD_8x32(_mm256_permute2x128_si256(A.raw(), B.raw(), 0 + (2 << 4))); 349| | auto T1 = SIMD_8x32(_mm256_permute2x128_si256(A.raw(), B.raw(), 1 + (3 << 4))); 350| 24.5k| A = T0; 351| 24.5k| B = T1; 352| 24.5k| } _ZNK5Botan9SIMD_8x324rotlILm7EEES0_vQaagtT_Li0EltT_Li32E: 118| 245k| { 119| |#if defined(__AVX512VL__) 120| | return SIMD_8x32(_mm256_rol_epi32(m_avx2, ROT)); 121| |#else 122| | if constexpr(ROT == 8) { 123| | const __m256i shuf_rotl_8 = 124| | _mm256_set_epi64x(0x0e0d0c0f'0a09080b, 0x06050407'02010003, 0x0e0d0c0f'0a09080b, 0x06050407'02010003); 125| | 126| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_8)); 127| | } else if constexpr(ROT == 16) { 128| | const __m256i shuf_rotl_16 = 129| | _mm256_set_epi64x(0x0d0c0f0e'09080b0a, 0x05040706'01000302, 0x0d0c0f0e'09080b0a, 0x05040706'01000302); 130| | 131| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_16)); 132| | } else if constexpr(ROT == 24) { 133| | const __m256i shuf_rotl_24 = 134| | _mm256_set_epi64x(0x0c0f0e0d'080b0a09, 0x04070605'00030201, 0x0c0f0e0d'080b0a09, 0x04070605'00030201); 135| | 136| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_24)); 137| 245k| } else { 138| 245k| return SIMD_8x32(_mm256_xor_si256(_mm256_slli_epi32(m_avx2, static_cast(ROT)), 139| 245k| _mm256_srli_epi32(m_avx2, static_cast(32 - ROT)))); 140| 245k| } 141| 245k|#endif 142| 245k| } _ZNK5Botan9SIMD_8x324rotlILm1EEES0_vQaagtT_Li0EltT_Li32E: 118| 1.26M| { 119| |#if defined(__AVX512VL__) 120| | return SIMD_8x32(_mm256_rol_epi32(m_avx2, ROT)); 121| |#else 122| | if constexpr(ROT == 8) { 123| | const __m256i shuf_rotl_8 = 124| | _mm256_set_epi64x(0x0e0d0c0f'0a09080b, 0x06050407'02010003, 0x0e0d0c0f'0a09080b, 0x06050407'02010003); 125| | 126| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_8)); 127| | } else if constexpr(ROT == 16) { 128| | const __m256i shuf_rotl_16 = 129| | _mm256_set_epi64x(0x0d0c0f0e'09080b0a, 0x05040706'01000302, 0x0d0c0f0e'09080b0a, 0x05040706'01000302); 130| | 131| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_16)); 132| | } else if constexpr(ROT == 24) { 133| | const __m256i shuf_rotl_24 = 134| | _mm256_set_epi64x(0x0c0f0e0d'080b0a09, 0x04070605'00030201, 0x0c0f0e0d'080b0a09, 0x04070605'00030201); 135| | 136| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_24)); 137| 1.26M| } else { 138| 1.26M| return SIMD_8x32(_mm256_xor_si256(_mm256_slli_epi32(m_avx2, static_cast(ROT)), 139| 1.26M| _mm256_srli_epi32(m_avx2, static_cast(32 - ROT)))); 140| 1.26M| } 141| 1.26M|#endif 142| 1.26M| } _ZNK5Botan9SIMD_8x324rotlILm2EEES0_vQaagtT_Li0EltT_Li32E: 118| 807k| { 119| |#if defined(__AVX512VL__) 120| | return SIMD_8x32(_mm256_rol_epi32(m_avx2, ROT)); 121| |#else 122| | if constexpr(ROT == 8) { 123| | const __m256i shuf_rotl_8 = 124| | _mm256_set_epi64x(0x0e0d0c0f'0a09080b, 0x06050407'02010003, 0x0e0d0c0f'0a09080b, 0x06050407'02010003); 125| | 126| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_8)); 127| | } else if constexpr(ROT == 16) { 128| | const __m256i shuf_rotl_16 = 129| | _mm256_set_epi64x(0x0d0c0f0e'09080b0a, 0x05040706'01000302, 0x0d0c0f0e'09080b0a, 0x05040706'01000302); 130| | 131| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_16)); 132| | } else if constexpr(ROT == 24) { 133| | const __m256i shuf_rotl_24 = 134| | _mm256_set_epi64x(0x0c0f0e0d'080b0a09, 0x04070605'00030201, 0x0c0f0e0d'080b0a09, 0x04070605'00030201); 135| | 136| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_24)); 137| 807k| } else { 138| 807k| return SIMD_8x32(_mm256_xor_si256(_mm256_slli_epi32(m_avx2, static_cast(ROT)), 139| 807k| _mm256_srli_epi32(m_avx2, static_cast(32 - ROT)))); 140| 807k| } 141| 807k|#endif 142| 807k| } _ZNK5Botan9SIMD_8x323shlILi14EEES0_v: 217| 297k| BOTAN_FN_ISA_AVX2 SIMD_8x32 shl() const noexcept { 218| 297k| return SIMD_8x32(_mm256_slli_epi32(m_avx2, SHIFT)); 219| 297k| } _ZNK5Botan9SIMD_8x323shrILi7EEES0_v: 222| 297k| BOTAN_FN_ISA_AVX2 SIMD_8x32 shr() const noexcept { 223| 297k| return SIMD_8x32(_mm256_srli_epi32(m_avx2, SHIFT)); 224| 297k| } _ZNK5Botan9SIMD_8x323shrILi3EEES0_v: 222| 297k| BOTAN_FN_ISA_AVX2 SIMD_8x32 shr() const noexcept { 223| 297k| return SIMD_8x32(_mm256_srli_epi32(m_avx2, SHIFT)); 224| 297k| } _ZNK5Botan9SIMD_8x323shrILi11EEES0_v: 222| 297k| BOTAN_FN_ISA_AVX2 SIMD_8x32 shr() const noexcept { 223| 297k| return SIMD_8x32(_mm256_srli_epi32(m_avx2, SHIFT)); 224| 297k| } _ZNK5Botan9SIMD_8x323shlILi11EEES0_v: 217| 297k| BOTAN_FN_ISA_AVX2 SIMD_8x32 shl() const noexcept { 218| 297k| return SIMD_8x32(_mm256_slli_epi32(m_avx2, SHIFT)); 219| 297k| } _ZNK5Botan9SIMD_8x323shrILi10EEES0_v: 222| 594k| BOTAN_FN_ISA_AVX2 SIMD_8x32 shr() const noexcept { 223| 594k| return SIMD_8x32(_mm256_srli_epi32(m_avx2, SHIFT)); 224| 594k| } _ZNK5Botan9SIMD_8x324rotlILm16EEES0_vQaagtT_Li0EltT_Li32E: 118| 245k| { 119| |#if defined(__AVX512VL__) 120| | return SIMD_8x32(_mm256_rol_epi32(m_avx2, ROT)); 121| |#else 122| | if constexpr(ROT == 8) { 123| | const __m256i shuf_rotl_8 = 124| | _mm256_set_epi64x(0x0e0d0c0f'0a09080b, 0x06050407'02010003, 0x0e0d0c0f'0a09080b, 0x06050407'02010003); 125| | 126| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_8)); 127| 245k| } else if constexpr(ROT == 16) { 128| 245k| const __m256i shuf_rotl_16 = 129| 245k| _mm256_set_epi64x(0x0d0c0f0e'09080b0a, 0x05040706'01000302, 0x0d0c0f0e'09080b0a, 0x05040706'01000302); 130| | 131| 245k| return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_16)); 132| | } else if constexpr(ROT == 24) { 133| | const __m256i shuf_rotl_24 = 134| | _mm256_set_epi64x(0x0c0f0e0d'080b0a09, 0x04070605'00030201, 0x0c0f0e0d'080b0a09, 0x04070605'00030201); 135| | 136| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_24)); 137| | } else { 138| | return SIMD_8x32(_mm256_xor_si256(_mm256_slli_epi32(m_avx2, static_cast(ROT)), 139| | _mm256_srli_epi32(m_avx2, static_cast(32 - ROT)))); 140| | } 141| 245k|#endif 142| 245k| } _ZNK5Botan9SIMD_8x324rotlILm12EEES0_vQaagtT_Li0EltT_Li32E: 118| 245k| { 119| |#if defined(__AVX512VL__) 120| | return SIMD_8x32(_mm256_rol_epi32(m_avx2, ROT)); 121| |#else 122| | if constexpr(ROT == 8) { 123| | const __m256i shuf_rotl_8 = 124| | _mm256_set_epi64x(0x0e0d0c0f'0a09080b, 0x06050407'02010003, 0x0e0d0c0f'0a09080b, 0x06050407'02010003); 125| | 126| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_8)); 127| | } else if constexpr(ROT == 16) { 128| | const __m256i shuf_rotl_16 = 129| | _mm256_set_epi64x(0x0d0c0f0e'09080b0a, 0x05040706'01000302, 0x0d0c0f0e'09080b0a, 0x05040706'01000302); 130| | 131| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_16)); 132| | } else if constexpr(ROT == 24) { 133| | const __m256i shuf_rotl_24 = 134| | _mm256_set_epi64x(0x0c0f0e0d'080b0a09, 0x04070605'00030201, 0x0c0f0e0d'080b0a09, 0x04070605'00030201); 135| | 136| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_24)); 137| 245k| } else { 138| 245k| return SIMD_8x32(_mm256_xor_si256(_mm256_slli_epi32(m_avx2, static_cast(ROT)), 139| 245k| _mm256_srli_epi32(m_avx2, static_cast(32 - ROT)))); 140| 245k| } 141| 245k|#endif 142| 245k| } _ZNK5Botan9SIMD_8x324rotlILm8EEES0_vQaagtT_Li0EltT_Li32E: 118| 245k| { 119| |#if defined(__AVX512VL__) 120| | return SIMD_8x32(_mm256_rol_epi32(m_avx2, ROT)); 121| |#else 122| 245k| if constexpr(ROT == 8) { 123| 245k| const __m256i shuf_rotl_8 = 124| 245k| _mm256_set_epi64x(0x0e0d0c0f'0a09080b, 0x06050407'02010003, 0x0e0d0c0f'0a09080b, 0x06050407'02010003); 125| | 126| 245k| return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_8)); 127| | } else if constexpr(ROT == 16) { 128| | const __m256i shuf_rotl_16 = 129| | _mm256_set_epi64x(0x0d0c0f0e'09080b0a, 0x05040706'01000302, 0x0d0c0f0e'09080b0a, 0x05040706'01000302); 130| | 131| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_16)); 132| | } else if constexpr(ROT == 24) { 133| | const __m256i shuf_rotl_24 = 134| | _mm256_set_epi64x(0x0c0f0e0d'080b0a09, 0x04070605'00030201, 0x0c0f0e0d'080b0a09, 0x04070605'00030201); 135| | 136| | return SIMD_8x32(_mm256_shuffle_epi8(m_avx2, shuf_rotl_24)); 137| | } else { 138| | return SIMD_8x32(_mm256_xor_si256(_mm256_slli_epi32(m_avx2, static_cast(ROT)), 139| | _mm256_srli_epi32(m_avx2, static_cast(32 - ROT)))); 140| | } 141| 245k|#endif 142| 245k| } _ZN5Botan12value_existsINSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS1_17basic_string_viewIcS4_EEEEbRKNS1_6vectorIT_NS5_ISB_EEEERKT0_: 44| 122k|bool value_exists(const std::vector& vec, const V& val) { 45| 226k| for(const auto& elem : vec) { ------------------ | Branch (45:25): [True: 226k, False: 0] ------------------ 46| 226k| if(elem == val) { ------------------ | Branch (46:10): [True: 122k, False: 103k] ------------------ 47| 122k| return true; 48| 122k| } 49| 226k| } 50| 0| return false; 51| 122k|} _ZN5Botan12value_existsINS_3TLS12Group_ParamsES2_EEbRKNSt3__16vectorIT_NS3_9allocatorIS5_EEEERKT0_: 44| 53.7k|bool value_exists(const std::vector& vec, const V& val) { 45| 55.7k| for(const auto& elem : vec) { ------------------ | Branch (45:25): [True: 55.7k, False: 47.4k] ------------------ 46| 55.7k| if(elem == val) { ------------------ | Branch (46:10): [True: 6.31k, False: 49.4k] ------------------ 47| 6.31k| return true; 48| 6.31k| } 49| 55.7k| } 50| 47.4k| return false; 51| 53.7k|} _ZN5Botan12value_existsINSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEES7_EEbRKNS1_6vectorIT_NS5_IS9_EEEERKT0_: 44| 16|bool value_exists(const std::vector& vec, const V& val) { 45| 16| for(const auto& elem : vec) { ------------------ | Branch (45:25): [True: 16, False: 2] ------------------ 46| 16| if(elem == val) { ------------------ | Branch (46:10): [True: 14, False: 2] ------------------ 47| 14| return true; 48| 14| } 49| 16| } 50| 2| return false; 51| 16|} _ZN5Botan12value_existsINS_3TLS16Signature_SchemeES2_EEbRKNSt3__16vectorIT_NS3_9allocatorIS5_EEEERKT0_: 44| 16.3k|bool value_exists(const std::vector& vec, const V& val) { 45| 121k| for(const auto& elem : vec) { ------------------ | Branch (45:25): [True: 121k, False: 12.7k] ------------------ 46| 121k| if(elem == val) { ------------------ | Branch (46:10): [True: 3.51k, False: 118k] ------------------ 47| 3.51k| return true; 48| 3.51k| } 49| 121k| } 50| 12.7k| return false; 51| 16.3k|} _ZN5Botan12value_existsINS_3TLS16Protocol_VersionES2_EEbRKNSt3__16vectorIT_NS3_9allocatorIS5_EEEERKT0_: 44| 420|bool value_exists(const std::vector& vec, const V& val) { 45| 1.43k| for(const auto& elem : vec) { ------------------ | Branch (45:25): [True: 1.43k, False: 42] ------------------ 46| 1.43k| if(elem == val) { ------------------ | Branch (46:10): [True: 378, False: 1.05k] ------------------ 47| 378| return true; 48| 378| } 49| 1.43k| } 50| 42| return false; 51| 420|} _ZN5Botan12value_existsIhhEEbRKNSt3__16vectorIT_NS1_9allocatorIS3_EEEERKT0_: 44| 12.1k|bool value_exists(const std::vector& vec, const V& val) { 45| 13.8k| for(const auto& elem : vec) { ------------------ | Branch (45:25): [True: 13.8k, False: 41] ------------------ 46| 13.8k| if(elem == val) { ------------------ | Branch (46:10): [True: 12.1k, False: 1.71k] ------------------ 47| 12.1k| return true; 48| 12.1k| } 49| 13.8k| } 50| 41| return false; 51| 12.1k|} tls_channel_impl_12.cpp:_ZN5Botan13map_remove_ifINSt3__13mapItNS1_10shared_ptrINS_3TLS23Connection_Cipher_StateEEENS1_4lessItEENS1_9allocatorINS1_4pairIKtS6_EEEEEEZNS4_15Channel_Impl_1216activate_sessionEvE3$_0EEvT0_RT_: 54| 258|void map_remove_if(Pred pred, T& assoc) { 55| 258| auto i = assoc.begin(); 56| 774| while(i != assoc.end()) { ------------------ | Branch (56:10): [True: 516, False: 258] ------------------ 57| 516| if(pred(i->first)) { ------------------ | Branch (57:10): [True: 258, False: 258] ------------------ 58| 258| assoc.erase(i++); 59| 258| } else { 60| 258| i++; 61| 258| } 62| 516| } 63| 258|} _ZN5Botan12holds_any_ofIJNS_3TLS20Client_Hello_12_ShimENS1_15Client_Hello_13ENS1_15Server_Hello_13ENS1_19Hello_Retry_RequestENS1_11Finished_13EEJS3_S2_S4_NS1_20Server_Hello_12_ShimES5_NS1_20Encrypted_ExtensionsENS1_14Certificate_13ENS1_22Certificate_Request_13ENS1_21Certificate_Verify_13ES6_EEEbRKNSt3__17variantIJDpT0_EEE: 66| 4.21k|constexpr bool holds_any_of(const std::variant& v) noexcept { 67| 5.65k| return (std::holds_alternative(v) || ...); ------------------ | Branch (67:12): [True: 0, False: 206] | Branch (67:12): [True: 11, False: 195] | Branch (67:12): [True: 0, False: 206] | Branch (67:12): [True: 0, False: 206] | Branch (67:12): [True: 4.01k, False: 206] ------------------ 68| 4.21k|} _ZN5Botan13generalize_toINSt3__17variantIJNS_3TLS15Client_Hello_13ENS3_20Client_Hello_12_ShimENS3_15Server_Hello_13ENS3_20Server_Hello_12_ShimENS3_19Hello_Retry_RequestENS3_20Encrypted_ExtensionsENS3_14Certificate_13ENS3_22Certificate_Request_13ENS3_21Certificate_Verify_13ENS3_11Finished_13EEEEJS4_S5_EEET_NS2_IJDpT0_EEE: 102| 4.01k|constexpr GeneralVariantT generalize_to(std::variant specific) { 103| 4.01k| static_assert( 104| 4.01k| is_generalizable_to(specific), 105| 4.01k| "Desired general type must be implicitly constructible by all types of the specialized std::variant<>"); 106| 4.01k| return std::visit([](auto s) -> GeneralVariantT { return s; }, std::move(specific)); 107| 4.01k|} _ZZN5Botan13generalize_toINSt3__17variantIJNS_3TLS15Client_Hello_13ENS3_20Client_Hello_12_ShimENS3_15Server_Hello_13ENS3_20Server_Hello_12_ShimENS3_19Hello_Retry_RequestENS3_20Encrypted_ExtensionsENS3_14Certificate_13ENS3_22Certificate_Request_13ENS3_21Certificate_Verify_13ENS3_11Finished_13EEEEJS4_S5_EEET_NS2_IJDpT0_EEEENKUlSF_E_clIS5_EESE_SF_: 106| 4.01k| return std::visit([](auto s) -> GeneralVariantT { return s; }, std::move(specific)); _ZN5Botan13generalize_toINSt3__17variantIJNS_3TLS15Client_Hello_13ENS3_20Client_Hello_12_ShimENS3_15Server_Hello_13ENS3_20Server_Hello_12_ShimENS3_19Hello_Retry_RequestENS3_20Encrypted_ExtensionsENS3_14Certificate_13ENS3_22Certificate_Request_13ENS3_21Certificate_Verify_13ENS3_11Finished_13EEEEJS8_S6_S7_EEET_NS2_IJDpT0_EEE: 102| 18|constexpr GeneralVariantT generalize_to(std::variant specific) { 103| 18| static_assert( 104| 18| is_generalizable_to(specific), 105| 18| "Desired general type must be implicitly constructible by all types of the specialized std::variant<>"); 106| 18| return std::visit([](auto s) -> GeneralVariantT { return s; }, std::move(specific)); 107| 18|} _ZZN5Botan13generalize_toINSt3__17variantIJNS_3TLS15Client_Hello_13ENS3_20Client_Hello_12_ShimENS3_15Server_Hello_13ENS3_20Server_Hello_12_ShimENS3_19Hello_Retry_RequestENS3_20Encrypted_ExtensionsENS3_14Certificate_13ENS3_22Certificate_Request_13ENS3_21Certificate_Verify_13ENS3_11Finished_13EEEEJS8_S6_S7_EEET_NS2_IJDpT0_EEEENKUlSF_E_clIS7_EESE_SF_: 106| 18| return std::visit([](auto s) -> GeneralVariantT { return s; }, std::move(specific)); _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode8tag_sizeEv: 43| 1.63k| size_t tag_size() const final { return m_tag_size; } _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode7iv_sizeEv: 74| 125| size_t iv_size() const { return m_iv_size; } _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode10block_sizeEv: 76| 1.12k| size_t block_size() const { return m_block_size; } _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode20use_encrypt_then_macEv: 78| 950| bool use_encrypt_then_mac() const { return m_use_encrypt_then_mac; } _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode20is_datagram_protocolEv: 80| 99| bool is_datagram_protocol() const { return m_is_datagram; } _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode3cbcEv: 82| 746| Cipher_Mode& cbc() const { return *m_cbc; } _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode3macEv: 84| 1.22k| MessageAuthenticationCode& mac() const { return *m_mac; } _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode9cbc_stateEv: 86| 522| secure_vector& cbc_state() { return m_cbc_state; } _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode10assoc_dataEv: 88| 259| std::vector& assoc_data() { return m_ad; } _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode3msgEv: 90| 522| secure_vector& msg() { return m_msg; } _ZNK5Botan3TLS28TLS_CBC_HMAC_AEAD_Decryption18minimum_final_sizeEv: 159| 115| size_t minimum_final_size() const override { return tag_size(); } _ZNK5Botan3TLS12Channel_Impl17expects_downgradeEv: 276| 20.9k| bool expects_downgrade() const { return m_downgrade_info != nullptr; } _ZN5Botan3TLS12Channel_Impl18set_io_buffer_sizeEm: 237| 6.25k| void set_io_buffer_size(size_t io_buf_sz) { 238| 6.25k| BOTAN_STATE_CHECK(m_downgrade_info); ------------------ | | 51| 6.25k| do { \ | | 52| 6.25k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 6.25k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 6.25k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 6.25k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 6.25k] | | ------------------ ------------------ 239| 6.25k| m_downgrade_info->io_buffer_size = io_buf_sz; 240| 6.25k| } _ZNK5Botan3TLS12Channel_Impl14is_downgradingEv: 269| 16.9k| bool is_downgrading() const { return m_downgrade_info && m_downgrade_info->will_downgrade; } ------------------ | Branch (269:44): [True: 16.5k, False: 442] | Branch (269:64): [True: 7.99k, False: 8.51k] ------------------ _ZN5Botan3TLS12Channel_Impl22extract_downgrade_infoEv: 274| 3.99k| std::unique_ptr extract_downgrade_info() { return std::exchange(m_downgrade_info, {}); } _ZN5Botan3TLS12Channel_Impl18send_warning_alertENS0_9AlertTypeE: 66| 520| void send_warning_alert(Alert::Type type) { send_alert(Alert(type, false)); } _ZN5Botan3TLS12Channel_Impl16send_fatal_alertENS0_9AlertTypeE: 71| 4.78k| void send_fatal_alert(Alert::Type type) { send_alert(Alert(type, true)); } _ZN5Botan3TLS12Channel_Impl5closeEv: 76| 14| void close() { send_warning_alert(Alert::CloseNotify); } _ZN5Botan3TLS12Channel_Impl24preserve_peer_transcriptENSt3__14spanIKhLm18446744073709551615EEE: 224| 6.25k| void preserve_peer_transcript(std::span input) { 225| 6.25k| BOTAN_STATE_CHECK(m_downgrade_info); ------------------ | | 51| 6.25k| do { \ | | 52| 6.25k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 6.25k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 6.25k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 6.25k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 6.25k] | | ------------------ ------------------ 226| 6.25k| m_downgrade_info->peer_transcript.insert(m_downgrade_info->peer_transcript.end(), input.begin(), input.end()); 227| 6.25k| } _ZN5Botan3TLS12Channel_Impl17request_downgradeEv: 250| 3.99k| void request_downgrade() { 251| 3.99k| BOTAN_STATE_CHECK(m_downgrade_info && !m_downgrade_info->will_downgrade); ------------------ | | 51| 3.99k| do { \ | | 52| 3.99k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 7.99k| if(!(expr)) { \ | | ------------------ | | | Branch (53:12): [True: 3.99k, False: 0] | | | Branch (53:12): [True: 3.99k, False: 0] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 3.99k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 3.99k] | | ------------------ ------------------ 252| 3.99k| m_downgrade_info->will_downgrade = true; 253| 3.99k| } _ZN5Botan3TLS12Channel_ImplC2Ev: 185| 11.0k| Channel_Impl() = default; _ZN5Botan3TLS12Channel_ImplD2Ev: 36| 11.0k| virtual ~Channel_Impl() = default; _ZNK5Botan3TLS15Channel_Impl_1212active_stateEv: 153| 27.9k| const std::optional& active_state() const { return m_active_state; } _ZN5Botan3TLS15Channel_Impl_123rngEv: 179| 12.2k| RandomNumberGenerator& rng() { return *m_rng; } _ZN5Botan3TLS15Channel_Impl_1215session_managerEv: 181| 3.48k| Session_Manager& session_manager() { return *m_session_manager; } _ZNK5Botan3TLS15Channel_Impl_126policyEv: 183| 86.1k| const Policy& policy() const { return *m_policy; } _ZNK5Botan3TLS15Channel_Impl_129callbacksEv: 185| 46.7k| Callbacks& callbacks() const { return *m_callbacks; } _ZNK5Botan3TLS15Channel_Impl_1213pending_stateEv: 209| 38.1k| const Handshake_State* pending_state() const { return m_pending_state.get(); } _ZN5Botan3TLS15Channel_Impl_1311prepend_ccsEv: 232| 2.09k| virtual bool prepend_ccs() { return false; } _ZNK5Botan3TLS15Channel_Impl_139callbacksEv: 267| 6.86k| Callbacks& callbacks() const { return *m_callbacks; } _ZNK5Botan3TLS15Channel_Impl_136policyEv: 275| 12.5k| const Policy& policy() const { return *m_policy; } _ZN5Botan3TLS13Secret_LoggerD2Ev: 34| 6.25k| virtual ~Secret_Logger() = default; _ZNK5Botan3TLS26Active_Connection_State_127versionEv: 47| 104| Protocol_Version version() const { return m_version; } _ZNK5Botan3TLS26Active_Connection_State_1210session_idEv: 61| 104| const Session_ID& session_id() const { return m_session_id; } _ZN5Botan3TLS14Handshake_Hash6updateERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 23| 24.6k| void update(const std::vector& in) { m_data += in; } _ZN5Botan3TLS14Handshake_Hash5resetEv: 29| 8.63k| void reset() { m_data.clear(); } _ZN5Botan3TLS19Stream_Handshake_IOC2ENSt3__18functionIFvNS0_11Record_TypeERKNS2_6vectorIhNS2_9allocatorIhEEEEEEE: 86| 3.99k| explicit Stream_Handshake_IO(writer_fn writer) : m_send_hs(std::move(writer)) {} _ZNK5Botan3TLS19Stream_Handshake_IO14have_more_dataEv: 92| 12.4k| bool have_more_data() const override { return !m_queue.empty(); } _ZN5Botan3TLS21Datagram_Handshake_IOC2ENSt3__18functionIFvtNS0_11Record_TypeERKNS2_6vectorIhNS2_9allocatorIhEEEEEEERNS0_27Connection_Sequence_NumbersEtmmm: 124| 596| m_seqs(seq), 125| 596| m_flights(1), 126| 596| m_initial_timeout(initial_timeout_ms), 127| 596| m_max_timeout(max_timeout_ms), 128| 596| m_send_hs(std::move(writer)), 129| 596| m_mtu(mtu), 130| 596| m_max_handshake_msg_size(max_handshake_msg_size) {} _ZNK5Botan3TLS21Datagram_Handshake_IO20Handshake_Reassembly10msg_lengthEv: 184| 112| size_t msg_length() const { return m_msg_length; } _ZN5Botan3TLS12Handshake_IOC2Ev: 69| 4.59k| Handshake_IO() = default; _ZN5Botan3TLS12Handshake_IOD2Ev: 76| 4.59k| virtual ~Handshake_IO() = default; _ZN5Botan3TLS15Handshake_LayerC2ENS0_15Connection_SideE: 31| 6.25k| m_peer(whoami == Connection_Side::Server ? Connection_Side::Client : Connection_Side::Server) ------------------ | Branch (31:20): [True: 6.25k, False: 0] ------------------ 32| | // RFC 8446 4.4.2 33| | // If the corresponding certificate type extension 34| | // ("server_certificate_type" or "client_certificate_type") was not 35| | // negotiated in EncryptedExtensions, or the X.509 certificate type 36| | // was negotiated, then each CertificateEntry contains a DER-encoded 37| | // X.509 certificate. 38| | // 39| | // We need the certificate_type info to parse Certificate messages. 40| | , 41| 6.25k| m_certificate_type(Certificate_Type::X509) {} _ZNK5Botan3TLS15Handshake_Layer16has_pending_dataEv: 95| 4.80k| bool has_pending_data() const { return m_read_offset < m_read_buffer.size(); } _ZN5Botan3TLS15Handshake_State12handshake_ioEv: 71| 63.9k| Handshake_IO& handshake_io() { return *m_handshake_io; } _ZNK5Botan3TLS15Handshake_State12client_helloEv: 135| 99.6k| const Client_Hello_12* client_hello() const { return m_client_hello.get(); } _ZNK5Botan3TLS15Handshake_State12client_certsEv: 147| 258| const Certificate_12* client_certs() const { return m_client_certs.get(); } _ZNK5Botan3TLS15Handshake_State12session_keysEv: 169| 980| const Session_Keys& session_keys() const { return m_session_keys; } _ZN5Botan3TLS15Handshake_State4hashEv: 177| 33.2k| Handshake_Hash& hash() { return m_handshake_hash; } _ZNK5Botan3TLS15Handshake_State15client_finishedEv: 161| 258| const Finished_12* client_finished() const { return m_client_finished.get(); } _ZNK5Botan3TLS15Handshake_State15server_finishedEv: 159| 258| const Finished_12* server_finished() const { return m_server_finished.get(); } _ZNK5Botan3TLS15Handshake_State12server_helloEv: 137| 24.4k| const Server_Hello_12* server_hello() const { return m_server_hello.get(); } _ZNK5Botan3TLS15Handshake_State18new_session_ticketEv: 157| 129| const New_Session_Ticket_12* new_session_ticket() const { return m_new_session_ticket.get(); } _ZNK5Botan3TLS15Handshake_State7versionEv: 110| 31.2k| Protocol_Version version() const { return m_version; } _ZNK5Botan3TLS15Handshake_State12server_certsEv: 139| 4| const Certificate_12* server_certs() const { return m_server_certs.get(); } _ZNK5Botan3TLS15Handshake_State10server_kexEv: 141| 4.68k| const Server_Key_Exchange* server_kex() const { return m_server_kex.get(); } _ZNK5Botan3TLS15Handshake_State10client_kexEv: 149| 2.93k| const Client_Key_Exchange* client_kex() const { return m_client_kex.get(); } _ZNK5Botan3TLS15Handshake_State9callbacksEv: 171| 5.44k| Callbacks& callbacks() const { return m_callbacks; } _ZNK5Botan3TLS15Handshake_State4hashEv: 179| 1.72k| const Handshake_Hash& hash() const { return m_handshake_hash; } _ZNK5Botan3TLS8Internal23Handshake_State_13_Base16has_client_helloEv: 24| 1| bool has_client_hello() const { return m_client_hello.has_value(); } _ZNK5Botan3TLS8Internal23Handshake_State_13_Base23has_hello_retry_requestEv: 32| 3.99k| bool has_hello_retry_request() const { return m_hello_retry_request.has_value(); } _ZNK5Botan3TLS8Internal23Handshake_State_13_Base19has_client_finishedEv: 38| 12.5k| bool has_client_finished() const { return m_client_finished.has_value(); } _ZN5Botan3TLS8Internal23Handshake_State_13_BaseC2ENS0_15Connection_SideE: 76| 6.25k| explicit Handshake_State_13_Base(Connection_Side whoami) : m_side(whoami) {} _ZN5Botan3TLS18Handshake_State_13ILNS0_15Connection_SideE2ENSt3__17variantIJNS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEENS4_IJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimES9_SB_SC_EEENS4_IJNS0_10Key_UpdateEEEEE8receivedENS4_IJSE_SF_S5_S6_S7_S8_S9_SA_SB_SC_EEE: 162| 4.19k| decltype(auto) received(Handshake_Message_13 message) { 163| 4.19k| return std::visit( 164| 4.19k| [&](auto msg) -> detail::as_wrapped_references_t { 165| 4.19k| if constexpr(std::is_constructible_v) { 166| 4.19k| return std::reference_wrapper(store(std::move(msg), true)); 167| 4.19k| } else { 168| 4.19k| throw TLS_Exception(AlertType::UnexpectedMessage, "received an illegal handshake message"); 169| 4.19k| } 170| 4.19k| }, 171| 4.19k| std::move(message)); 172| 4.19k| } _ZZN5Botan3TLS18Handshake_State_13ILNS0_15Connection_SideE2ENSt3__17variantIJNS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEENS4_IJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimES9_SB_SC_EEENS4_IJNS0_10Key_UpdateEEEEE8receivedENS4_IJSE_SF_S5_S6_S7_S8_S9_SA_SB_SC_EEEENKUlT_E_clISF_EENS4_IJNS3_17reference_wrapperISE_EENSO_ISF_EENSO_IS9_EENSO_ISB_EENSO_ISC_EEEEESL_: 164| 3.99k| [&](auto msg) -> detail::as_wrapped_references_t { 165| 3.99k| if constexpr(std::is_constructible_v) { 166| 3.99k| return std::reference_wrapper(store(std::move(msg), true)); 167| | } else { 168| | throw TLS_Exception(AlertType::UnexpectedMessage, "received an illegal handshake message"); 169| | } 170| 3.99k| }, _ZZN5Botan3TLS18Handshake_State_13ILNS0_15Connection_SideE2ENSt3__17variantIJNS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEENS4_IJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimES9_SB_SC_EEENS4_IJNS0_10Key_UpdateEEEEE8receivedENS4_IJSE_SF_S5_S6_S7_S8_S9_SA_SB_SC_EEEENKUlT_E_clIS6_EENS4_IJNS3_17reference_wrapperISE_EENSO_ISF_EENSO_IS9_EENSO_ISB_EENSO_ISC_EEEEESL_: 164| 18| [&](auto msg) -> detail::as_wrapped_references_t { 165| | if constexpr(std::is_constructible_v) { 166| | return std::reference_wrapper(store(std::move(msg), true)); 167| 18| } else { 168| 18| throw TLS_Exception(AlertType::UnexpectedMessage, "received an illegal handshake message"); 169| 18| } 170| 18| }, _ZZN5Botan3TLS18Handshake_State_13ILNS0_15Connection_SideE2ENSt3__17variantIJNS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEENS4_IJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimES9_SB_SC_EEENS4_IJNS0_10Key_UpdateEEEEE8receivedENS4_IJSE_SF_S5_S6_S7_S8_S9_SA_SB_SC_EEEENKUlT_E_clIS8_EENS4_IJNS3_17reference_wrapperISE_EENSO_ISF_EENSO_IS9_EENSO_ISB_EENSO_ISC_EEEEESL_: 164| 166| [&](auto msg) -> detail::as_wrapped_references_t { 165| | if constexpr(std::is_constructible_v) { 166| | return std::reference_wrapper(store(std::move(msg), true)); 167| 166| } else { 168| 166| throw TLS_Exception(AlertType::UnexpectedMessage, "received an illegal handshake message"); 169| 166| } 170| 166| }, _ZZN5Botan3TLS18Handshake_State_13ILNS0_15Connection_SideE2ENSt3__17variantIJNS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEENS4_IJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimES9_SB_SC_EEENS4_IJNS0_10Key_UpdateEEEEE8receivedENS4_IJSE_SF_S5_S6_S7_S8_S9_SA_SB_SC_EEEENKUlT_E_clIS9_EENS4_IJNS3_17reference_wrapperISE_EENSO_ISF_EENSO_IS9_EENSO_ISB_EENSO_ISC_EEEEESL_: 164| 5| [&](auto msg) -> detail::as_wrapped_references_t { 165| 5| if constexpr(std::is_constructible_v) { 166| 5| return std::reference_wrapper(store(std::move(msg), true)); 167| | } else { 168| | throw TLS_Exception(AlertType::UnexpectedMessage, "received an illegal handshake message"); 169| | } 170| 5| }, _ZZN5Botan3TLS18Handshake_State_13ILNS0_15Connection_SideE2ENSt3__17variantIJNS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEENS4_IJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimES9_SB_SC_EEENS4_IJNS0_10Key_UpdateEEEEE8receivedENS4_IJSE_SF_S5_S6_S7_S8_S9_SA_SB_SC_EEEENKUlT_E_clISB_EENS4_IJNS3_17reference_wrapperISE_EENSO_ISF_EENSO_IS9_EENSO_ISB_EENSO_ISC_EEEEESL_: 164| 6| [&](auto msg) -> detail::as_wrapped_references_t { 165| 6| if constexpr(std::is_constructible_v) { 166| 6| return std::reference_wrapper(store(std::move(msg), true)); 167| | } else { 168| | throw TLS_Exception(AlertType::UnexpectedMessage, "received an illegal handshake message"); 169| | } 170| 6| }, _ZZN5Botan3TLS18Handshake_State_13ILNS0_15Connection_SideE2ENSt3__17variantIJNS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEENS4_IJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimES9_SB_SC_EEENS4_IJNS0_10Key_UpdateEEEEE8receivedENS4_IJSE_SF_S5_S6_S7_S8_S9_SA_SB_SC_EEEENKUlT_E_clISC_EENS4_IJNS3_17reference_wrapperISE_EENSO_ISF_EENSO_IS9_EENSO_ISB_EENSO_ISC_EEEEESL_: 164| 4| [&](auto msg) -> detail::as_wrapped_references_t { 165| 4| if constexpr(std::is_constructible_v) { 166| 4| return std::reference_wrapper(store(std::move(msg), true)); 167| | } else { 168| | throw TLS_Exception(AlertType::UnexpectedMessage, "received an illegal handshake message"); 169| | } 170| 4| }, _ZN5Botan3TLS18Handshake_State_13ILNS0_15Connection_SideE2ENSt3__17variantIJNS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEENS4_IJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimES9_SB_SC_EEENS4_IJNS0_10Key_UpdateEEEEEC2Ev: 142| 6.25k| Handshake_State_13() : Handshake_State_13_Base(whoami) {} _ZNK5Botan3TLS21Server_Hello_Internal10extensionsEv: 144| 3.38k| const Extensions& extensions() const { return m_extensions; } _ZNK5Botan3TLS21Server_Hello_Internal14legacy_versionEv: 132| 9.86k| Protocol_Version legacy_version() const { return m_legacy_version; } _ZNK5Botan3TLS21Server_Hello_Internal6randomEv: 136| 4.82k| const std::vector& random() const { return m_random; } _ZNK5Botan3TLS21Server_Hello_Internal10session_idEv: 134| 3.61k| const Session_ID& session_id() const { return m_session_id; } _ZNK5Botan3TLS21Server_Hello_Internal11ciphersuiteEv: 138| 13.1k| uint16_t ciphersuite() const { return m_ciphersuite; } _ZNK5Botan3TLS21Server_Hello_Internal11comp_methodEv: 140| 3.70k| uint8_t comp_method() const { return m_comp_method; } _ZN5Botan3TLS21Server_Hello_Internal10extensionsEv: 146| 16.5k| Extensions& extensions() { return m_extensions; } _ZNK5Botan3TLS21Client_Hello_Internal14legacy_versionEv: 74| 12.2k| Protocol_Version legacy_version() const { return m_legacy_version; } _ZNK5Botan3TLS21Client_Hello_Internal10session_idEv: 76| 3.37k| const Session_ID& session_id() const { return m_session_id; } _ZNK5Botan3TLS21Client_Hello_Internal6randomEv: 78| 1.59k| const std::vector& random() const { return m_random; } _ZNK5Botan3TLS21Client_Hello_Internal12ciphersuitesEv: 80| 40.1k| const std::vector& ciphersuites() const { return m_suites; } _ZNK5Botan3TLS21Client_Hello_Internal12comp_methodsEv: 82| 12.1k| const std::vector& comp_methods() const { return m_comp_methods; } _ZNK5Botan3TLS21Client_Hello_Internal12hello_cookieEv: 84| 8.63k| const std::vector& hello_cookie() const { return m_hello_cookie; } _ZNK5Botan3TLS21Client_Hello_Internal23hello_cookie_input_bitsEv: 86| 17.2k| const std::vector& hello_cookie_input_bits() const { return m_cookie_input_bits; } _ZNK5Botan3TLS21Client_Hello_Internal10extensionsEv: 88| 4.13k| const Extensions& extensions() const { return m_extensions; } _ZN5Botan3TLS21Client_Hello_Internal10extensionsEv: 90| 88.8k| Extensions& extensions() { return m_extensions; } _ZN5Botan3TLS21Server_Hello_InternalC2ENS0_16Protocol_VersionENS_6StrongINSt3__16vectorIhNS4_9allocatorIhEEEENS0_11Session_ID_EJEEES8_thb: 123| 3.22k| m_legacy_version(lv), 124| 3.22k| m_session_id(std::move(sid)), 125| 3.22k| m_random(std::move(r)), 126| 3.22k| m_is_hello_retry_request(is_hrr), 127| 3.22k| m_ciphersuite(cs), 128| 3.22k| m_comp_method(cm) {} _ZNK5Botan3TLS21Server_Hello_Internal22is_hello_retry_requestEv: 142| 72| bool is_hello_retry_request() const { return m_is_hello_retry_request; } _ZN5Botan3TLS15TLS_Data_ReaderC2EPKcNSt3__14spanIKhLm18446744073709551615EEE: 27| 89.4k| m_typename(type), m_buf(buf_in), m_offset(0) {} _ZN5Botan3TLS15TLS_Data_Reader8get_byteEv: 83| 105k| uint8_t get_byte() { 84| 105k| assert_at_least(1); 85| 105k| const uint8_t result = m_buf[m_offset]; 86| 105k| m_offset += 1; 87| 105k| return result; 88| 105k| } _ZN5Botan3TLS15TLS_Data_Reader12get_uint16_tEv: 71| 219k| uint16_t get_uint16_t() { 72| 219k| assert_at_least(2); 73| 219k| const uint16_t result = make_uint16(m_buf[m_offset], m_buf[m_offset + 1]); 74| 219k| m_offset += 2; 75| 219k| return result; 76| 219k| } _ZN5Botan3TLS15TLS_Data_Reader9get_fixedIhEENSt3__16vectorIT_NS3_9allocatorIS5_EEEEm: 129| 118k| std::vector get_fixed(size_t size) { 130| 118k| return get_elem>(size); 131| 118k| } _ZN5Botan3TLS15TLS_Data_Reader8get_elemIhNSt3__16vectorIhNS3_9allocatorIhEEEEEET0_m: 91| 169k| Container get_elem(size_t num_elems) { 92| 169k| assert_at_least(num_elems * sizeof(T)); 93| | 94| 169k| Container result(num_elems); 95| | 96| 2.27M| for(size_t i = 0; i != num_elems; ++i) { ------------------ | Branch (96:28): [True: 2.10M, False: 169k] ------------------ 97| 2.10M| result[i] = load_be(&m_buf[m_offset], i); 98| 2.10M| } 99| | 100| 169k| m_offset += num_elems * sizeof(T); 101| | 102| 169k| return result; 103| 169k| } _ZN5Botan3TLS15TLS_Data_Reader9get_rangeIhEENSt3__16vectorIT_NS3_9allocatorIS5_EEEEmmm: 110| 30.0k| std::vector get_range(size_t len_bytes, size_t min_elems, size_t max_elems) { 111| 30.0k| const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems); 112| | 113| 30.0k| return get_elem>(num_elems); 114| 30.0k| } _ZN5Botan3TLS15TLS_Data_Reader13get_num_elemsEmmmm: 148| 67.8k| size_t get_num_elems(size_t len_bytes, size_t T_size, size_t min_elems, size_t max_elems) { 149| 67.8k| const size_t byte_length = get_length_field(len_bytes); 150| | 151| 67.8k| if(byte_length % T_size != 0) { ------------------ | Branch (151:13): [True: 17, False: 67.8k] ------------------ 152| 17| throw_decode_error("Size isn't multiple of T"); 153| 17| } 154| | 155| 67.8k| const size_t num_elems = byte_length / T_size; 156| | 157| 67.8k| if(num_elems < min_elems || num_elems > max_elems) { ------------------ | Branch (157:13): [True: 60, False: 67.8k] | Branch (157:38): [True: 38, False: 67.7k] ------------------ 158| 64| throw_decode_error("Length field outside parameters"); 159| 64| } 160| | 161| 67.8k| return num_elems; 162| 67.8k| } _ZN5Botan3TLS15TLS_Data_Reader16get_length_fieldEm: 134| 69.5k| size_t get_length_field(size_t len_bytes) { 135| 69.5k| assert_at_least(len_bytes); 136| | 137| 69.5k| if(len_bytes == 1) { ------------------ | Branch (137:13): [True: 48.5k, False: 21.0k] ------------------ 138| 48.5k| return get_byte(); 139| 48.5k| } else if(len_bytes == 2) { ------------------ | Branch (139:20): [True: 20.6k, False: 379] ------------------ 140| 20.6k| return get_uint16_t(); 141| 20.6k| } else if(len_bytes == 3) { ------------------ | Branch (141:20): [True: 359, False: 20] ------------------ 142| 359| return get_uint24_t(); 143| 359| } 144| | 145| 20| throw_decode_error("Bad length size"); 146| 20| } _ZN5Botan3TLS15TLS_Data_Reader12get_uint24_tEv: 64| 13.2k| uint32_t get_uint24_t() { 65| 13.2k| assert_at_least(3); 66| 13.2k| const uint32_t result = make_uint32(0, m_buf[m_offset], m_buf[m_offset + 1], m_buf[m_offset + 2]); 67| 13.2k| m_offset += 3; 68| 13.2k| return result; 69| 13.2k| } _ZN5Botan3TLS23append_tls_length_valueIhNSt3__19allocatorIhEES4_EEvRNS2_6vectorIhT0_EERKNS5_IT_T1_EEm: 209| 15.1k| size_t tag_size) { 210| 15.1k| append_tls_length_value(buf, std::span{vals}, tag_size); 211| 15.1k|} _ZN5Botan3TLS23append_tls_length_valueIhNSt3__19allocatorIhEEEEvRNS2_6vectorIhT0_EENS2_4spanIKT_Lm18446744073709551615EEEm: 202| 18.3k|inline void append_tls_length_value(std::vector& buf, std::span vals, size_t tag_size) { 203| 18.3k| append_tls_length_value(buf, vals.data(), vals.size(), tag_size); 204| 18.3k|} _ZN5Botan3TLS23append_tls_length_valueIhNSt3__19allocatorIhEEEEvRNS2_6vectorIhT0_EEPKT_mm: 180| 18.3k| size_t tag_size) { 181| 18.3k| const size_t T_size = sizeof(T); 182| 18.3k| const size_t val_bytes = T_size * vals_size; 183| | 184| 18.3k| BOTAN_ARG_CHECK(tag_size == 1 || tag_size == 2 || tag_size == 3, "Invalid TLS tag size"); ------------------ | | 35| 18.3k| do { \ | | 36| 18.3k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 39.9k| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 15.1k, False: 3.22k] | | | Branch (37:12): [True: 3.22k, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18.3k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18.3k] | | ------------------ ------------------ 185| | 186| 18.3k| const size_t max_possible_size = (1 << (8 * tag_size)) - 1; 187| | 188| 18.3k| BOTAN_ARG_CHECK(val_bytes <= max_possible_size, "Value too large to encode"); ------------------ | | 35| 18.3k| do { \ | | 36| 18.3k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 18.3k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 18.3k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18.3k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18.3k] | | ------------------ ------------------ 189| | 190| 39.9k| for(size_t i = 0; i != tag_size; ++i) { ------------------ | Branch (190:22): [True: 21.6k, False: 18.3k] ------------------ 191| 21.6k| buf.push_back(get_byte_var(sizeof(val_bytes) - tag_size + i, val_bytes)); 192| 21.6k| } 193| | 194| 709k| for(size_t i = 0; i != vals_size; ++i) { ------------------ | Branch (194:22): [True: 690k, False: 18.3k] ------------------ 195| 1.38M| for(size_t j = 0; j != T_size; ++j) { ------------------ | Branch (195:25): [True: 690k, False: 690k] ------------------ 196| 690k| buf.push_back(get_byte_var(j, vals[i])); 197| 690k| } 198| 690k| } 199| 18.3k|} _ZNK5Botan3TLS15TLS_Data_Reader11assert_doneEv: 29| 57.4k| void assert_done() const { 30| 57.4k| if(has_remaining()) { ------------------ | Branch (30:13): [True: 350, False: 57.0k] ------------------ 31| 350| throw_decode_error("Extra bytes at end of message"); 32| 350| } 33| 57.4k| } _ZNK5Botan3TLS15TLS_Data_Reader11read_so_farEv: 35| 9.69k| size_t read_so_far() const { return m_offset; } _ZNK5Botan3TLS15TLS_Data_Reader15remaining_bytesEv: 37| 834k| size_t remaining_bytes() const { return m_buf.size() - m_offset; } _ZNK5Botan3TLS15TLS_Data_Reader13has_remainingEv: 39| 143k| bool has_remaining() const { return (remaining_bytes() > 0); } _ZN5Botan3TLS15TLS_Data_Reader13get_remainingEv: 41| 9.32k| std::vector get_remaining() { 42| 9.32k| const std::span rest = m_buf.subspan(m_offset); 43| 9.32k| return std::vector(rest.begin(), rest.end()); 44| 9.32k| } _ZN5Botan3TLS15TLS_Data_Reader20get_data_read_so_farEv: 46| 9.34k| std::vector get_data_read_so_far() { 47| 9.34k| const std::span first = m_buf.first(m_offset); 48| 9.34k| return std::vector(first.begin(), first.end()); 49| 9.34k| } _ZN5Botan3TLS15TLS_Data_Reader12discard_nextEm: 51| 1.52k| void discard_next(size_t bytes) { 52| 1.52k| assert_at_least(bytes); 53| 1.52k| m_offset += bytes; 54| 1.52k| } _ZN5Botan3TLS15TLS_Data_Reader12get_uint32_tEv: 56| 654| uint32_t get_uint32_t() { 57| 654| assert_at_least(4); 58| 654| const uint32_t result = 59| 654| make_uint32(m_buf[m_offset], m_buf[m_offset + 1], m_buf[m_offset + 2], m_buf[m_offset + 3]); 60| 654| m_offset += 4; 61| 654| return result; 62| 654| } _ZN5Botan3TLS15TLS_Data_Reader20get_tls_length_valueEm: 105| 1.69k| std::vector get_tls_length_value(size_t len_bytes) { 106| 1.69k| return get_fixed(get_length_field(len_bytes)); 107| 1.69k| } _ZN5Botan3TLS15TLS_Data_Reader10get_stringEmmm: 123| 3.49k| std::string get_string(size_t len_bytes, size_t min_bytes, size_t max_bytes) { 124| 3.49k| std::vector v = get_range_vector(len_bytes, min_bytes, max_bytes); 125| 3.49k| return bytes_to_string(v); 126| 3.49k| } _ZN5Botan3TLS15TLS_Data_Reader16get_range_vectorIhEENSt3__16vectorIT_NS3_9allocatorIS5_EEEEmmm: 117| 20.3k| std::vector get_range_vector(size_t len_bytes, size_t min_elems, size_t max_elems) { 118| 20.3k| const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems); 119| | 120| 20.3k| return get_elem>(num_elems); 121| 20.3k| } _ZN5Botan3TLS23append_tls_length_valueINSt3__19allocatorIhEEEEvRNS2_6vectorIhT_EENS2_17basic_string_viewIcNS2_11char_traitsIcEEEEm: 214| 3.23k|inline void append_tls_length_value(std::vector& buf, std::string_view str, size_t tag_size) { 215| 3.23k| append_tls_length_value(buf, as_span_of_bytes(str), tag_size); 216| 3.23k|} _ZN5Botan3TLS15TLS_Data_Reader9get_rangeItEENSt3__16vectorIT_NS3_9allocatorIS5_EEEEmmm: 110| 604| std::vector get_range(size_t len_bytes, size_t min_elems, size_t max_elems) { 111| 604| const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems); 112| | 113| 604| return get_elem>(num_elems); 114| 604| } _ZN5Botan3TLS15TLS_Data_Reader8get_elemItNSt3__16vectorItNS3_9allocatorItEEEEEET0_m: 91| 17.4k| Container get_elem(size_t num_elems) { 92| 17.4k| assert_at_least(num_elems * sizeof(T)); 93| | 94| 17.4k| Container result(num_elems); 95| | 96| 68.3k| for(size_t i = 0; i != num_elems; ++i) { ------------------ | Branch (96:28): [True: 50.8k, False: 17.4k] ------------------ 97| 50.8k| result[i] = load_be(&m_buf[m_offset], i); 98| 50.8k| } 99| | 100| 17.4k| m_offset += num_elems * sizeof(T); 101| | 102| 17.4k| return result; 103| 17.4k| } _ZN5Botan3TLS15TLS_Data_Reader16get_range_vectorItEENSt3__16vectorIT_NS3_9allocatorIS5_EEEEmmm: 117| 16.9k| std::vector get_range_vector(size_t len_bytes, size_t min_elems, size_t max_elems) { 118| 16.9k| const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems); 119| | 120| 16.9k| return get_elem>(num_elems); 121| 16.9k| } _ZN5Botan3TLS23append_tls_length_valueIhNS_16secure_allocatorIhEENSt3__19allocatorIhEEEEvRNS4_6vectorIhT0_EERKNS7_IT_T1_EEm: 209| 4| size_t tag_size) { 210| 4| append_tls_length_value(buf, std::span{vals}, tag_size); 211| 4|} _ZN5Botan3TLS23append_tls_length_valueIhNS_16secure_allocatorIhEEEEvRNSt3__16vectorIhT0_EENS4_4spanIKT_Lm18446744073709551615EEEm: 202| 3.60k|inline void append_tls_length_value(std::vector& buf, std::span vals, size_t tag_size) { 203| 3.60k| append_tls_length_value(buf, vals.data(), vals.size(), tag_size); 204| 3.60k|} _ZN5Botan3TLS23append_tls_length_valueIhNS_16secure_allocatorIhEEEEvRNSt3__16vectorIhT0_EEPKT_mm: 180| 3.60k| size_t tag_size) { 181| 3.60k| const size_t T_size = sizeof(T); 182| 3.60k| const size_t val_bytes = T_size * vals_size; 183| | 184| 3.60k| BOTAN_ARG_CHECK(tag_size == 1 || tag_size == 2 || tag_size == 3, "Invalid TLS tag size"); ------------------ | | 35| 3.60k| do { \ | | 36| 3.60k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 10.8k| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 0, False: 3.60k] | | | Branch (37:12): [True: 3.60k, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 3.60k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 3.60k] | | ------------------ ------------------ 185| | 186| 3.60k| const size_t max_possible_size = (1 << (8 * tag_size)) - 1; 187| | 188| 3.60k| BOTAN_ARG_CHECK(val_bytes <= max_possible_size, "Value too large to encode"); ------------------ | | 35| 3.60k| do { \ | | 36| 3.60k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 3.60k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 3.60k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 3.60k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 3.60k] | | ------------------ ------------------ 189| | 190| 10.8k| for(size_t i = 0; i != tag_size; ++i) { ------------------ | Branch (190:22): [True: 7.21k, False: 3.60k] ------------------ 191| 7.21k| buf.push_back(get_byte_var(sizeof(val_bytes) - tag_size + i, val_bytes)); 192| 7.21k| } 193| | 194| 111k| for(size_t i = 0; i != vals_size; ++i) { ------------------ | Branch (194:22): [True: 107k, False: 3.60k] ------------------ 195| 214k| for(size_t j = 0; j != T_size; ++j) { ------------------ | Branch (195:25): [True: 107k, False: 107k] ------------------ 196| 107k| buf.push_back(get_byte_var(j, vals[i])); 197| 107k| } 198| 107k| } 199| 3.60k|} _ZN5Botan3TLS23append_tls_length_valueIhNS_16secure_allocatorIhEES3_EEvRNSt3__16vectorIhT0_EERKNS5_IT_T1_EEm: 209| 3.60k| size_t tag_size) { 210| 3.60k| append_tls_length_value(buf, std::span{vals}, tag_size); 211| 3.60k|} _ZNK5Botan3TLS13Record_Header6neededEv: 91| 20.4k| size_t needed() const { return m_needed; } _ZNK5Botan3TLS13Record_Header4typeEv: 105| 83.4k| Record_Type type() const { 106| 83.4k| BOTAN_ASSERT_NOMSG(m_needed == 0); ------------------ | | 77| 83.4k| do { \ | | 78| 83.4k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 83.4k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 83.4k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 83.4k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 83.4k] | | ------------------ ------------------ 107| 83.4k| return m_type; 108| 83.4k| } _ZNK5Botan3TLS13Record_Header5epochEv: 103| 1.89k| uint16_t epoch() const { return static_cast(sequence() >> 48); } _ZNK5Botan3TLS13Record_Header7versionEv: 93| 26.1k| Protocol_Version version() const { 94| 26.1k| BOTAN_ASSERT_NOMSG(m_needed == 0); ------------------ | | 77| 26.1k| do { \ | | 78| 26.1k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 26.1k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 26.1k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 26.1k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 26.1k] | | ------------------ ------------------ 95| 26.1k| return m_version; 96| 26.1k| } _ZNK5Botan3TLS13Record_Header8sequenceEv: 98| 19.9k| uint64_t sequence() const { 99| 19.9k| BOTAN_ASSERT_NOMSG(m_needed == 0); ------------------ | | 77| 19.9k| do { \ | | 78| 19.9k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 19.9k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 19.9k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 19.9k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 19.9k] | | ------------------ ------------------ 100| 19.9k| return m_sequence; 101| 19.9k| } _ZN5Botan3TLS23Connection_Cipher_State4aeadEv: 58| 481| AEAD_Mode& aead() { 59| 481| BOTAN_ASSERT_NONNULL(m_aead.get()); ------------------ | | 116| 481| do { \ | | 117| 481| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 481] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 481| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 481] | | ------------------ ------------------ 60| 481| return *m_aead; 61| 481| } _ZNK5Botan3TLS23Connection_Cipher_State26nonce_bytes_from_handshakeEv: 69| 174| size_t nonce_bytes_from_handshake() const { return m_nonce_bytes_from_handshake; } _ZNK5Botan3TLS23Connection_Cipher_State23nonce_bytes_from_recordEv: 71| 1.55k| size_t nonce_bytes_from_record() const { return m_nonce_bytes_from_record; } _ZNK5Botan3TLS23Connection_Cipher_State12nonce_formatEv: 73| 865| Nonce_Format nonce_format() const { return m_nonce_format; } _ZN5Botan3TLS13Record_HeaderC2EmNS0_16Protocol_VersionENS0_11Record_TypeE: 87| 19.5k| m_needed(0), m_sequence(sequence), m_version(version), m_type(type) {} _ZN5Botan3TLS13Record_HeaderC2Em: 89| 930| explicit Record_Header(size_t needed) : m_needed(needed), m_sequence(0), m_type(Record_Type::Invalid) {} _ZN5Botan3TLS6RecordC2ENS0_11Record_TypeENSt3__16vectorIhNS_16secure_allocatorIhEEEE: 33| 13.3k| type(record_type), fragment(std::move(frgmnt)), seq_no(std::nullopt) {} _ZN5Botan3TLS12Record_Layer17clear_read_bufferEv: 82| 14| void clear_read_buffer() { 83| 14| zap(m_read_buffer); 84| 14| m_read_offset = 0; 85| 14| } _ZN5Botan3TLS25Datagram_Sequence_NumbersC2Ev: 89| 596| Datagram_Sequence_Numbers() { Datagram_Sequence_Numbers::reset(); } _ZN5Botan3TLS25Datagram_Sequence_Numbers5resetEv: 91| 596| void reset() override { 92| 596| m_write_seqs.clear(); 93| 596| m_write_seqs[0] = 0; 94| 596| m_write_epoch = 0; 95| 596| m_read_epoch = 0; 96| 596| m_window_highest = 0; 97| 596| m_window_bits = 0; 98| 596| } _ZN5Botan3TLS27Connection_Sequence_NumbersD2Ev: 20| 4.59k| virtual ~Connection_Sequence_Numbers() = default; _ZNK5Botan3TLS25Datagram_Sequence_Numbers19current_write_epochEv: 109| 287| uint16_t current_write_epoch() const override { return m_write_epoch; } _ZN5Botan3TLS25Datagram_Sequence_Numbers19next_write_sequenceEt: 111| 287| uint64_t next_write_sequence(uint16_t epoch) override { 112| 287| auto i = m_write_seqs.find(epoch); 113| 287| BOTAN_ASSERT(i != m_write_seqs.end(), "Found epoch"); ------------------ | | 64| 287| do { \ | | 65| 287| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 287| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 287] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 287| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 287] | | ------------------ ------------------ 114| 287| if(i->second > 0x0000FFFFFFFFFFFF) { ------------------ | Branch (114:13): [True: 0, False: 287] ------------------ 115| 0| throw Invalid_State("DTLS write sequence number overflow"); 116| 0| } 117| 287| return (static_cast(epoch) << 48) | i->second++; 118| 287| } _ZNK5Botan3TLS25Datagram_Sequence_Numbers12already_seenEm: 122| 406| bool already_seen(uint64_t sequence) const override { 123| 406| const size_t window_size = sizeof(m_window_bits) * 8; 124| | 125| 406| if(sequence > m_window_highest) { ------------------ | Branch (125:13): [True: 311, False: 95] ------------------ 126| 311| return false; 127| 311| } 128| | 129| 95| const uint64_t offset = m_window_highest - sequence; 130| | 131| 95| if(offset >= window_size) { ------------------ | Branch (131:13): [True: 70, False: 25] ------------------ 132| 70| return true; // really old? 133| 70| } 134| | 135| 25| return (((m_window_bits >> offset) & 1) == 1); 136| 95| } _ZN5Botan3TLS25Datagram_Sequence_Numbers11read_acceptEm: 138| 305| void read_accept(uint64_t sequence) override { 139| 305| const size_t window_size = sizeof(m_window_bits) * 8; 140| | 141| 305| if(sequence > m_window_highest) { ------------------ | Branch (141:13): [True: 284, False: 21] ------------------ 142| | // We've received a later sequence which advances our window 143| 284| const uint64_t offset = sequence - m_window_highest; 144| 284| m_window_highest += offset; 145| | 146| 284| if(offset >= window_size) { ------------------ | Branch (146:16): [True: 258, False: 26] ------------------ 147| 258| m_window_bits = 0; 148| 258| } else { 149| 26| m_window_bits <<= offset; 150| 26| } 151| | 152| 284| m_window_bits |= 0x01; 153| 284| } else { 154| 21| const uint64_t offset = m_window_highest - sequence; 155| | 156| 21| if(offset < window_size) { ------------------ | Branch (156:16): [True: 21, False: 0] ------------------ 157| | // We've received an old sequence but still within our window 158| 21| m_window_bits |= (static_cast(1) << offset); 159| 21| } else { 160| | // This occurs only if we have reset state (DTLS reconnection case) 161| 0| m_window_highest = sequence; 162| 0| m_window_bits = 0; 163| 0| } 164| 21| } 165| 305| } _ZN5Botan3TLS23Stream_Sequence_NumbersC2Ev: 39| 3.99k| Stream_Sequence_Numbers() : m_write_seq_no(0), m_read_seq_no(0), m_read_epoch(0), m_write_epoch(0) {} _ZN5Botan3TLS23Stream_Sequence_Numbers21new_read_cipher_stateEv: 48| 335| void new_read_cipher_state() override { 49| 335| m_read_seq_no = 0; 50| 335| m_read_epoch++; 51| 335| } _ZN5Botan3TLS23Stream_Sequence_Numbers22new_write_cipher_stateEv: 53| 129| void new_write_cipher_state() override { 54| 129| m_write_seq_no = 0; 55| 129| m_write_epoch++; 56| 129| } _ZNK5Botan3TLS23Stream_Sequence_Numbers18current_read_epochEv: 58| 13.8k| uint16_t current_read_epoch() const override { return m_read_epoch; } _ZNK5Botan3TLS23Stream_Sequence_Numbers19current_write_epochEv: 60| 21.1k| uint16_t current_write_epoch() const override { return m_write_epoch; } _ZN5Botan3TLS23Stream_Sequence_Numbers19next_write_sequenceEt: 62| 20.9k| uint64_t next_write_sequence(uint16_t /*epoch*/) override { 63| 20.9k| if(m_write_seq_no == std::numeric_limits::max()) { ------------------ | Branch (63:13): [True: 0, False: 20.9k] ------------------ 64| 0| throw Invalid_State("TLS 1.2 write sequence number overflow"); 65| 0| } 66| 20.9k| return m_write_seq_no++; 67| 20.9k| } _ZN5Botan3TLS23Stream_Sequence_Numbers18next_read_sequenceEv: 69| 13.5k| uint64_t next_read_sequence() override { return m_read_seq_no; } _ZNK5Botan3TLS14Server_Impl_1220application_protocolEv: 64| 129| std::string application_protocol() const override { return m_next_protocol; } _ZNK5Botan3TLS12Session_Keys13master_secretEv: 46| 516| const secure_vector& master_secret() const { return m_master_sec; } _ZNK5Botan3TLS12Session_Keys15client_aead_keyEv: 26| 335| const secure_vector& client_aead_key() const { return m_c_aead; } _ZNK5Botan3TLS12Session_Keys15server_aead_keyEv: 31| 129| const secure_vector& server_aead_key() const { return m_s_aead; } _ZNK5Botan3TLS12Session_Keys12client_nonceEv: 36| 335| const std::vector& client_nonce() const { return m_c_nonce; } _ZNK5Botan3TLS12Session_Keys12server_nonceEv: 41| 129| const std::vector& server_nonce() const { return m_s_nonce; } _ZNK5Botan3TLS12Session_Keys8aead_keyENS0_15Connection_SideE: 48| 464| const secure_vector& aead_key(Connection_Side side) const { 49| 464| return (side == Connection_Side::Client) ? client_aead_key() : server_aead_key(); ------------------ | Branch (49:17): [True: 335, False: 129] ------------------ 50| 464| } _ZNK5Botan3TLS12Session_Keys5nonceENS0_15Connection_SideE: 52| 464| const std::vector& nonce(Connection_Side side) const { 53| 464| return (side == Connection_Side::Client) ? client_nonce() : server_nonce(); ------------------ | Branch (53:17): [True: 335, False: 129] ------------------ 54| 464| } _ZN5Botan3TLS12Session_KeysC2Ev: 56| 4.59k| Session_Keys() = default; _ZN5Botan2CT13value_barrierITkNSt3__117unsigned_integralEhQntsr3stdE7same_asIbT_EEES3_S3_: 43| 23.0k|constexpr inline T value_barrier(T x) { 44| 23.0k| if(std::is_constant_evaluated()) { ------------------ | Branch (44:7): [Folded, False: 23.0k] ------------------ 45| 0| return x; 46| 23.0k| } else { 47| 23.0k|#if defined(BOTAN_CT_VALUE_BARRIER_USE_ASM) 48| | /* 49| | * We may want a "stronger" statement such as 50| | * asm volatile("" : "+r,m"(x) : : "memory); 51| | * (see https://theunixzoo.co.uk/blog/2021-10-14-preventing-optimisations.html) 52| | * however the current approach seems sufficient with current compilers, 53| | * and is minimally damaging with regards to degrading code generation. 54| | */ 55| 23.0k| asm("" : "+r"(x) : /* no input */); // NOLINT(*-no-assembler) 56| 23.0k| return x; 57| |#elif defined(BOTAN_CT_VALUE_BARRIER_USE_VOLATILE) 58| | volatile T vx = x; 59| | return vx; 60| |#else 61| | return x; 62| |#endif 63| 23.0k| } 64| 23.0k|} _ZN5Botan2CT13value_barrierITkNSt3__117unsigned_integralEmQntsr3stdE7same_asIbT_EEES3_S3_: 43| 189M|constexpr inline T value_barrier(T x) { 44| 189M| if(std::is_constant_evaluated()) { ------------------ | Branch (44:7): [Folded, False: 189M] ------------------ 45| 0| return x; 46| 189M| } else { 47| 189M|#if defined(BOTAN_CT_VALUE_BARRIER_USE_ASM) 48| | /* 49| | * We may want a "stronger" statement such as 50| | * asm volatile("" : "+r,m"(x) : : "memory); 51| | * (see https://theunixzoo.co.uk/blog/2021-10-14-preventing-optimisations.html) 52| | * however the current approach seems sufficient with current compilers, 53| | * and is minimally damaging with regards to degrading code generation. 54| | */ 55| 189M| asm("" : "+r"(x) : /* no input */); // NOLINT(*-no-assembler) 56| 189M| return x; 57| |#elif defined(BOTAN_CT_VALUE_BARRIER_USE_VOLATILE) 58| | volatile T vx = x; 59| | return vx; 60| |#else 61| | return x; 62| |#endif 63| 189M| } 64| 189M|} _ZN5Botan2CT13value_barrierITkNSt3__117unsigned_integralEjQntsr3stdE7same_asIbT_EEES3_S3_: 43| 195k|constexpr inline T value_barrier(T x) { 44| 195k| if(std::is_constant_evaluated()) { ------------------ | Branch (44:7): [Folded, False: 195k] ------------------ 45| 0| return x; 46| 195k| } else { 47| 195k|#if defined(BOTAN_CT_VALUE_BARRIER_USE_ASM) 48| | /* 49| | * We may want a "stronger" statement such as 50| | * asm volatile("" : "+r,m"(x) : : "memory); 51| | * (see https://theunixzoo.co.uk/blog/2021-10-14-preventing-optimisations.html) 52| | * however the current approach seems sufficient with current compilers, 53| | * and is minimally damaging with regards to degrading code generation. 54| | */ 55| 195k| asm("" : "+r"(x) : /* no input */); // NOLINT(*-no-assembler) 56| 195k| return x; 57| |#elif defined(BOTAN_CT_VALUE_BARRIER_USE_VOLATILE) 58| | volatile T vx = x; 59| | return vx; 60| |#else 61| | return x; 62| |#endif 63| 195k| } 64| 195k|} _ZN5Botan2CT13value_barrierITkNSt3__117unsigned_integralEtQntsr3stdE7same_asIbT_EEES3_S3_: 43| 222k|constexpr inline T value_barrier(T x) { 44| 222k| if(std::is_constant_evaluated()) { ------------------ | Branch (44:7): [Folded, False: 222k] ------------------ 45| 0| return x; 46| 222k| } else { 47| 222k|#if defined(BOTAN_CT_VALUE_BARRIER_USE_ASM) 48| | /* 49| | * We may want a "stronger" statement such as 50| | * asm volatile("" : "+r,m"(x) : : "memory); 51| | * (see https://theunixzoo.co.uk/blog/2021-10-14-preventing-optimisations.html) 52| | * however the current approach seems sufficient with current compilers, 53| | * and is minimally damaging with regards to degrading code generation. 54| | */ 55| 222k| asm("" : "+r"(x) : /* no input */); // NOLINT(*-no-assembler) 56| 222k| return x; 57| |#elif defined(BOTAN_CT_VALUE_BARRIER_USE_VOLATILE) 58| | volatile T vx = x; 59| | return vx; 60| |#else 61| | return x; 62| |#endif 63| 222k| } 64| 222k|} _ZN5Botan17is_sub_element_ofERKNS_3OIDESt16initializer_listIjE: 20| 28.1k|inline std::optional is_sub_element_of(const OID& oid, std::initializer_list prefix) { 21| 28.1k| const auto& c = oid.get_components(); 22| | 23| 28.1k| if(c.size() != prefix.size() + 1) { ------------------ | Branch (23:7): [True: 0, False: 28.1k] ------------------ 24| 0| return {}; 25| 0| } 26| | 27| 28.1k| if(!std::equal(c.begin(), c.end() - 1, prefix.begin(), prefix.end())) { ------------------ | Branch (27:7): [True: 0, False: 28.1k] ------------------ 28| 0| return {}; 29| 0| } 30| | 31| 28.1k| return c[c.size() - 1]; 32| 28.1k|} _ZN5Botan9AEAD_Mode19set_associated_dataENSt3__14spanIKhLm18446744073709551615EEE: 59| 477| void set_associated_data(std::span ad) { set_associated_data_n(0, ad); } _ZN5Botan21Allocator_InitializerC2Ev: 50| 1| Allocator_Initializer() { initialize_allocator(); } _ZN5Botan11ASN1_ObjectC2ERKS0_: 118| 101k| ASN1_Object(const ASN1_Object&) = default; _ZN5Botan11ASN1_ObjectD2Ev: 122| 821k| virtual ~ASN1_Object() = default; _ZN5Botan11ASN1_ObjectC2EOS0_: 120| 262k| ASN1_Object(ASN1_Object&&) = default; _ZNK5Botan10BER_Object6is_setEv: 138| 1.56M| bool is_set() const { return m_type_tag != ASN1_Type::NoObject; } _ZNK5Botan10BER_Object7taggingEv: 140| 636k| uint32_t tagging() const { return type_tag() | class_tag(); } _ZNK5Botan10BER_Object8type_tagEv: 142| 643k| ASN1_Type type_tag() const { return m_type_tag; } _ZNK5Botan10BER_Object9class_tagEv: 144| 714k| ASN1_Class class_tag() const { return m_class_tag; } _ZNK5Botan10BER_Object4typeEv: 146| 113k| ASN1_Type type() const { return m_type_tag; } _ZNK5Botan10BER_Object9get_classEv: 148| 56.6k| ASN1_Class get_class() const { return m_class_tag; } _ZNK5Botan10BER_Object4bitsEv: 150| 5.11M| const uint8_t* bits() const { return m_value.data(); } _ZNK5Botan10BER_Object6lengthEv: 152| 10.9M| size_t length() const { return m_value.size(); } _ZNK5Botan10BER_Object4dataEv: 154| 218k| std::span data() const { return std::span{m_value}; } _ZN5Botan10BER_Object12mutable_bitsEm: 171| 530k| uint8_t* mutable_bits(size_t length) { 172| 530k| m_value.resize(length); 173| 530k| return m_value.data(); 174| 530k| } _ZNK5Botan3OID5emptyEv: 265| 44.1k| bool empty() const { return m_id.empty(); } _ZNK5Botan3OID9has_valueEv: 271| 32.2k| bool has_value() const { return !empty(); } _ZNK5Botan3OIDeqERKS0_: 301| 54.5k| bool operator==(const OID& other) const { return m_id == other.m_id; } _ZNK5Botan3OID14get_componentsEv: 321| 732k| const std::vector& get_components() const { 322| 732k| return m_id; 323| 732k| } _ZNK5Botan11ASN1_String5valueEv: 365| 42.2k| const std::string& value() const { return m_utf8_str; } _ZNK5Botan19AlgorithmIdentifier3oidEv: 407| 54.0k| const OID& oid() const { return m_oid; } _ZNK5Botan19AlgorithmIdentifier10parametersEv: 409| 32.8k| const std::vector& parameters() const { return m_parameters; } _ZNK5Botan19AlgorithmIdentifier20parameters_are_emptyEv: 419| 14.0k| bool parameters_are_empty() const { return m_parameters.empty(); } _ZNK5Botan19AlgorithmIdentifier28parameters_are_null_or_emptyEv: 421| 14.0k| bool parameters_are_null_or_empty() const { return parameters_are_empty() || parameters_are_null(); } ------------------ | Branch (421:58): [True: 14.0k, False: 0] | Branch (421:84): [True: 0, False: 0] ------------------ _ZN5BotanorENS_10ASN1_ClassES0_: 78| 320k|inline ASN1_Class operator|(ASN1_Class x, ASN1_Class y) { 79| 320k| return static_cast(static_cast(x) | static_cast(y)); 80| 320k|} _ZN5BotanorENS_9ASN1_TypeENS_10ASN1_ClassE: 82| 636k|inline uint32_t operator|(ASN1_Type x, ASN1_Class y) { 83| 636k| return static_cast(x) | static_cast(y); 84| 636k|} _ZN5BotanorENS_10ASN1_ClassENS_9ASN1_TypeE: 86| 106k|inline uint32_t operator|(ASN1_Class x, ASN1_Type y) { 87| 106k| return static_cast(x) | static_cast(y); 88| 106k|} _ZN5BotanneERKNS_3OIDES2_: 342| 7.04k|inline bool operator!=(const OID& a, const OID& b) { 343| 7.04k| return !(a == b); 344| 7.04k|} _ZNKSt3__14hashIN5Botan3OIDEEclERKS2_: 441| 4| size_t operator()(const Botan::OID& oid) const noexcept { return static_cast(oid.hash_code()); } _ZN5Botan19AlgorithmIdentifierC2Ev: 399| 61.0k| AlgorithmIdentifier() = default; _ZN5Botan11ASN1_ObjectC2Ev: 117| 456k| ASN1_Object() = default; _ZN5Botan3OIDC2Ev: 220| 152k| explicit OID() = default; _ZN5Botan11ASN1_ObjectaSERKS0_: 119| 14.0k| ASN1_Object& operator=(const ASN1_Object&) = default; _ZN5Botan10BER_ObjectC2Ev: 130| 970k| BER_Object() = default; _ZN5Botan10BER_ObjectaSEOS0_: 135| 253k| BER_Object& operator=(BER_Object&& other) = default; _ZN5Botan10BER_ObjectC2EOS0_: 133| 290k| BER_Object(BER_Object&& other) = default; _ZN5Botan9ASN1_TimeC2Ev: 39| 14.2k| ASN1_Time() = default; _ZN5Botan13ignore_paramsIJNSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEEEEvDpRKT_: 142| 420|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan13ignore_paramsIJNS_3TLS15Session_SummaryEEEEvDpRKT_: 142| 129|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan13ignore_paramsIJNSt3__16vectorINS_16X509_CertificateENS1_9allocatorIS3_EEEENS_3TLS26Certificate_Status_RequestEEEEvDpRKT_: 142| 2|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan13ignore_paramsIJNS_3TLS16Protocol_VersionEEEEvDpRKT_: 142| 464|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan13ignore_paramsIJPKhmEEEvDpRKT_: 142| 21.9k|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan13ignore_paramsIJjEEEvDpRKT_: 142| 240k|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan13ignore_paramsIJPKtmEEEvDpRKT_: 142| 297|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan13ignore_paramsIJPKmmEEEvDpRKT_: 142| 11.8M|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan13ignore_paramsIJNS_3TLS20Client_Hello_12_ShimEEEEvDpRKT_: 142| 3.99k|constexpr void ignore_params([[maybe_unused]] const T&... args) {} _ZN5Botan11BER_Decoder6Limits3DEREv: 35| 78.2k| static Limits DER() { return Limits(false, 0); } _ZN5Botan11BER_Decoder6LimitsC2Ebm: 54| 78.2k| m_allow_ber(allow_ber), m_max_nested_indef(max_nested_indef) {} _ZN5Botan11BER_Decoder14start_sequenceEv: 160| 177k| BER_Decoder start_sequence() { return start_cons(ASN1_Type::Sequence, ASN1_Class::Universal); } _ZN5Botan11BER_Decoder16decode_and_checkImEERS0_RKT_NSt3__117basic_string_viewIcNS6_11char_traitsIcEEEE: 327| 14.0k| BER_Decoder& decode_and_check(const T& expected, std::string_view error_msg) { 328| 14.0k| T actual; 329| 14.0k| decode(actual); 330| | 331| 14.0k| if(actual != expected) { ------------------ | Branch (331:13): [True: 0, False: 14.0k] ------------------ 332| 0| throw Decoding_Error(error_msg); 333| 0| } 334| | 335| 14.0k| return (*this); 336| 14.0k| } _ZN5Botan11BER_Decoder6decodeERm: 225| 21.1k| BER_Decoder& decode(size_t& out) { return decode(out, ASN1_Type::Integer, ASN1_Class::Universal); } _ZN5Botan11BER_Decoder6decodeINS_16secure_allocatorIhEEEERS0_RNSt3__16vectorIhT_EENS_9ASN1_TypeE: 242| 21.1k| BER_Decoder& decode(std::vector& out, ASN1_Type real_type) { 243| 21.1k| return decode(out, real_type, real_type, ASN1_Class::Universal); 244| 21.1k| } _ZNK5Botan11BER_Decoder6Limits18allow_ber_encodingEv: 44| 1.17M| bool allow_ber_encoding() const { return m_allow_ber; } _ZNK5Botan11BER_Decoder6Limits20require_der_encodingEv: 46| 643k| bool require_der_encoding() const { return !allow_ber_encoding(); } _ZN5Botan11BER_DecoderC2ERKNS_10BER_ObjectENS0_6LimitsE: 81| 21.1k| BER_Decoder(obj.data(), limits) {} _ZNK5Botan11BER_Decoder6limitsEv: 98| 234k| Limits limits() const { return m_limits; } _ZN5Botan11BER_Decoder8get_nextERNS_10BER_ObjectE: 106| 14.0k| BER_Decoder& get_next(BER_Object& ber) { 107| 14.0k| ber = get_next_object(); 108| 14.0k| return (*this); 109| 14.0k| } _ZN5Botan11BER_Decoder9start_setEv: 162| 42.4k| BER_Decoder start_set() { return start_cons(ASN1_Type::Set, ASN1_Class::Universal); } _ZN5Botan11BER_Decoder6decodeERNS_6BigIntE: 230| 7.11k| BER_Decoder& decode(BigInt& out) { return decode(out, ASN1_Type::Integer, ASN1_Class::Universal); } _ZN5Botan11BER_Decoder6decodeINSt3__19allocatorIhEEEERS0_RNS2_6vectorIhT_EENS_9ASN1_TypeE: 242| 49.4k| BER_Decoder& decode(std::vector& out, ASN1_Type real_type) { 243| 49.4k| return decode(out, real_type, real_type, ASN1_Class::Universal); 244| 49.4k| } _ZN5Botan11BER_Decoder9raw_bytesINSt3__19allocatorIhEEEERS0_RNS2_6vectorIhT_EE: 203| 49.8k| BER_Decoder& raw_bytes(std::vector& out) { 204| 49.8k| out.clear(); 205| 3.74M| for(;;) { 206| 3.74M| if(auto next = this->read_next_byte()) { ------------------ | Branch (206:21): [True: 3.69M, False: 49.8k] ------------------ 207| 3.69M| out.push_back(*next); 208| 3.69M| } else { 209| 49.8k| break; 210| 49.8k| } 211| 3.74M| } 212| 49.8k| return (*this); 213| 49.8k| } _ZN5Botan11BER_Decoder15decode_optionalImEERS0_RT_NS_9ASN1_TypeENS_10ASN1_ClassERKS3_: 285| 7.11k| BER_Decoder& decode_optional(T& out, ASN1_Type type_tag, ASN1_Class class_tag, const T& default_value = T()) { 286| 7.11k| std::optional optval; 287| 7.11k| this->decode_optional(optval, type_tag, class_tag); 288| 7.11k| out = optval ? *optval : default_value; ------------------ | Branch (288:16): [True: 7.04k, False: 74] ------------------ 289| 7.11k| return (*this); 290| 7.11k| } _ZN5Botan11BER_Decoder15decode_optionalImEERS0_RNSt3__18optionalIT_EENS_9ASN1_TypeENS_10ASN1_ClassE: 394| 14.1k|BER_Decoder& BER_Decoder::decode_optional(std::optional& optval, ASN1_Type type_tag, ASN1_Class class_tag) { 395| 14.1k| BER_Object obj = get_next_object(); 396| | 397| 14.1k| if(obj.is_a(type_tag, class_tag)) { ------------------ | Branch (397:7): [True: 7.04k, False: 7.11k] ------------------ 398| 7.04k| T out{}; 399| 7.04k| if(class_tag == ASN1_Class::ExplicitContextSpecific) { ------------------ | Branch (399:10): [True: 7.04k, False: 0] ------------------ 400| 7.04k| BER_Decoder(obj, m_limits).decode(out).verify_end(); 401| 7.04k| } else { 402| 0| this->push_back(std::move(obj)); 403| 0| this->decode(out, type_tag, class_tag); 404| 0| } 405| 7.04k| optval = std::move(out); 406| 7.11k| } else { 407| 7.11k| this->push_back(std::move(obj)); 408| 7.11k| optval = std::nullopt; 409| 7.11k| } 410| | 411| 14.1k| return (*this); 412| 14.1k|} _ZN5Botan11BER_Decoder22decode_optional_stringINSt3__19allocatorIhEEEERS0_RNS2_6vectorIhT_EENS_9ASN1_TypeEjNS_10ASN1_ClassE: 345| 21.1k| ASN1_Class class_tag = ASN1_Class::ContextSpecific) { 346| 21.1k| BER_Object obj = get_next_object(); 347| | 348| 21.1k| const ASN1_Type type_tag = static_cast(expected_tag); 349| | 350| 21.1k| if(obj.is_a(type_tag, class_tag)) { ------------------ | Branch (350:13): [True: 7.04k, False: 14.0k] ------------------ 351| 7.04k| if(class_tag == ASN1_Class::ExplicitContextSpecific) { ------------------ | Branch (351:16): [True: 0, False: 7.04k] ------------------ 352| 0| BER_Decoder(obj, m_limits).decode(out, real_type).verify_end(); 353| 7.04k| } else { 354| 7.04k| push_back(std::move(obj)); 355| 7.04k| decode(out, real_type, type_tag, class_tag); 356| 7.04k| } 357| 14.0k| } else { 358| 14.0k| out.clear(); 359| 14.0k| push_back(std::move(obj)); 360| 14.0k| } 361| | 362| 21.1k| return (*this); 363| 21.1k| } _ZN5Botan11BER_Decoder15decode_optionalIbEERS0_RT_NS_9ASN1_TypeENS_10ASN1_ClassERKS3_: 285| 35.2k| BER_Decoder& decode_optional(T& out, ASN1_Type type_tag, ASN1_Class class_tag, const T& default_value = T()) { 286| 35.2k| std::optional optval; 287| 35.2k| this->decode_optional(optval, type_tag, class_tag); 288| 35.2k| out = optval ? *optval : default_value; ------------------ | Branch (288:16): [True: 7.04k, False: 28.1k] ------------------ 289| 35.2k| return (*this); 290| 35.2k| } _ZN5Botan11BER_Decoder15decode_optionalIbEERS0_RNSt3__18optionalIT_EENS_9ASN1_TypeENS_10ASN1_ClassE: 394| 35.2k|BER_Decoder& BER_Decoder::decode_optional(std::optional& optval, ASN1_Type type_tag, ASN1_Class class_tag) { 395| 35.2k| BER_Object obj = get_next_object(); 396| | 397| 35.2k| if(obj.is_a(type_tag, class_tag)) { ------------------ | Branch (397:7): [True: 7.04k, False: 28.1k] ------------------ 398| 7.04k| T out{}; 399| 7.04k| if(class_tag == ASN1_Class::ExplicitContextSpecific) { ------------------ | Branch (399:10): [True: 0, False: 7.04k] ------------------ 400| 0| BER_Decoder(obj, m_limits).decode(out).verify_end(); 401| 7.04k| } else { 402| 7.04k| this->push_back(std::move(obj)); 403| 7.04k| this->decode(out, type_tag, class_tag); 404| 7.04k| } 405| 7.04k| optval = std::move(out); 406| 28.1k| } else { 407| 28.1k| this->push_back(std::move(obj)); 408| 28.1k| optval = std::nullopt; 409| 28.1k| } 410| | 411| 35.2k| return (*this); 412| 35.2k|} _ZN5Botan11BER_Decoder15decode_optionalINS_3OIDEEERS0_RT_NS_9ASN1_TypeENS_10ASN1_ClassERKS4_: 285| 7.04k| BER_Decoder& decode_optional(T& out, ASN1_Type type_tag, ASN1_Class class_tag, const T& default_value = T()) { 286| 7.04k| std::optional optval; 287| 7.04k| this->decode_optional(optval, type_tag, class_tag); 288| 7.04k| out = optval ? *optval : default_value; ------------------ | Branch (288:16): [True: 0, False: 7.04k] ------------------ 289| 7.04k| return (*this); 290| 7.04k| } _ZN5Botan11BER_Decoder15decode_optionalINS_3OIDEEERS0_RNSt3__18optionalIT_EENS_9ASN1_TypeENS_10ASN1_ClassE: 394| 7.04k|BER_Decoder& BER_Decoder::decode_optional(std::optional& optval, ASN1_Type type_tag, ASN1_Class class_tag) { 395| 7.04k| BER_Object obj = get_next_object(); 396| | 397| 7.04k| if(obj.is_a(type_tag, class_tag)) { ------------------ | Branch (397:7): [True: 0, False: 7.04k] ------------------ 398| 0| T out{}; 399| 0| if(class_tag == ASN1_Class::ExplicitContextSpecific) { ------------------ | Branch (399:10): [True: 0, False: 0] ------------------ 400| 0| BER_Decoder(obj, m_limits).decode(out).verify_end(); 401| 0| } else { 402| 0| this->push_back(std::move(obj)); 403| 0| this->decode(out, type_tag, class_tag); 404| 0| } 405| 0| optval = std::move(out); 406| 7.04k| } else { 407| 7.04k| this->push_back(std::move(obj)); 408| 7.04k| optval = std::nullopt; 409| 7.04k| } 410| | 411| 7.04k| return (*this); 412| 7.04k|} _ZN5Botan11BER_Decoder22decode_optional_stringINS_16secure_allocatorIhEEEERS0_RNSt3__16vectorIhT_EENS_9ASN1_TypeEjNS_10ASN1_ClassE: 345| 7.04k| ASN1_Class class_tag = ASN1_Class::ContextSpecific) { 346| 7.04k| BER_Object obj = get_next_object(); 347| | 348| 7.04k| const ASN1_Type type_tag = static_cast(expected_tag); 349| | 350| 7.04k| if(obj.is_a(type_tag, class_tag)) { ------------------ | Branch (350:13): [True: 7.04k, False: 0] ------------------ 351| 7.04k| if(class_tag == ASN1_Class::ExplicitContextSpecific) { ------------------ | Branch (351:16): [True: 7.04k, False: 0] ------------------ 352| 7.04k| BER_Decoder(obj, m_limits).decode(out, real_type).verify_end(); 353| 7.04k| } else { 354| 0| push_back(std::move(obj)); 355| 0| decode(out, real_type, type_tag, class_tag); 356| 0| } 357| 7.04k| } else { 358| 0| out.clear(); 359| 0| push_back(std::move(obj)); 360| 0| } 361| | 362| 7.04k| return (*this); 363| 7.04k| } _ZN5BotangeERKNS_6BigIntES2_: 1174| 23.8k|inline bool operator>=(const BigInt& a, const BigInt& b) { 1175| 23.8k| return (a.cmp(b) >= 0); 1176| 23.8k|} _ZN5BotanmiERKNS_6BigIntEm: 1141| 6|inline BigInt operator-(const BigInt& x, word y) { 1142| 6| return BigInt::add2(x, &y, 1, BigInt::Negative); 1143| 6|} _ZN5Botan6BigIntD2Ev: 185| 140k| ~BigInt() { _const_time_unpoison(); } _ZN5Botan6BigInt4zeroEv: 50| 18| static BigInt zero() { return BigInt(); } _ZN5Botan6BigIntC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 98| 36| explicit BigInt(std::string_view str) { *this = BigInt::from_string(str); } _ZN5Botan6BigIntC2EOS0_: 183| 23.8k| BigInt(BigInt&& other) noexcept { this->swap(other); } _ZN5Botan6BigIntaSEOS0_: 190| 66| BigInt& operator=(BigInt&& other) noexcept { 191| 66| if(this != &other) { ------------------ | Branch (191:13): [True: 66, False: 0] ------------------ 192| 66| this->swap(other); 193| 66| } 194| | 195| 66| return (*this); 196| 66| } _ZN5Botan6BigInt4swapERS0_: 207| 59.7k| void swap(BigInt& other) noexcept { 208| 59.7k| m_data.swap(other.m_data); 209| 59.7k| std::swap(m_signedness, other.m_signedness); 210| 59.7k| } _ZN5Botan6BigInt3subEPKmmNS0_4SignE: 332| 101| BigInt& sub(const word y[], size_t y_words, Sign sign) { 333| 101| return add(y, y_words, sign == Positive ? Negative : Positive); ------------------ | Branch (333:33): [True: 101, False: 0] ------------------ 334| 101| } _ZN5Botan6BigInt5clearEv: 415| 62.1k| void clear() { 416| 62.1k| m_data.set_to_zero(); 417| 62.1k| m_signedness = Positive; 418| 62.1k| } _ZNK5Botan6BigInt7is_evenEv: 455| 6| bool is_even() const { return !get_bit(0); } _ZNK5Botan6BigInt6signumEv: 467| 160k| int signum() const { 468| 160k| if(sig_words() == 0) { ------------------ | Branch (468:13): [True: 7.04k, False: 153k] ------------------ 469| 7.04k| return 0; 470| 7.04k| } 471| 153k| return (sign() == Negative) ? -1 : 1; ------------------ | Branch (471:17): [True: 0, False: 153k] ------------------ 472| 160k| } _ZNK5Botan6BigInt7is_zeroEv: 484| 44| bool is_zero() const { return sig_words() == 0; } _ZN5Botan6BigInt7set_bitEm: 490| 24| void set_bit(size_t n) { conditionally_set_bit(n, true); } _ZN5Botan6BigInt21conditionally_set_bitEmb: 500| 24| void conditionally_set_bit(size_t n, bool set_it) { 501| 24| const size_t which = n / (sizeof(word) * 8); 502| 24| const word mask = static_cast(set_it) << (n % (sizeof(word) * 8)); 503| 24| m_data.set_word_at(which, word_at(which) | mask); 504| 24| } _ZNK5Botan6BigInt7get_bitEm: 523| 6| bool get_bit(size_t n) const { return ((word_at(n / (sizeof(word) * 8)) >> (n % (sizeof(word) * 8))) & 1) == 1; } _ZNK5Botan6BigInt7word_atEm: 574| 146k| word word_at(size_t n) const { return m_data.get_word_at(n); } _ZNK5Botan6BigInt4signEv: 604| 153k| Sign sign() const { return (m_signedness); } _ZNK5Botan6BigInt12reverse_signEv: 609| 20| Sign reverse_sign() const { 610| 20| if(sign() == Positive) { ------------------ | Branch (610:13): [True: 20, False: 0] ------------------ 611| 20| return Negative; 612| 20| } 613| 0| return Positive; 614| 20| } _ZN5Botan6BigInt9flip_signEv: 619| 20| BOTAN_DEPRECATED("Deprecated no replacement") void flip_sign() { set_sign(reverse_sign()); } _ZN5Botan6BigInt8set_signENS0_4SignE: 625| 176| void set_sign(Sign sign) { 626| 176| if(sign == Negative && is_zero()) { ------------------ | Branch (626:13): [True: 20, False: 156] | Branch (626:33): [True: 0, False: 20] ------------------ 627| 0| sign = Positive; 628| 0| } 629| | 630| 176| m_signedness = sign; 631| 176| } _ZNK5Botan6BigInt4sizeEv: 642| 167k| size_t size() const { return m_data.size(); } _ZNK5Botan6BigInt9sig_wordsEv: 648| 279k| size_t sig_words() const { return m_data.sig_words(); } _ZN5Botan6BigInt12mutable_dataEv: 673| 24.1k| BOTAN_DEPRECATED("Deprecated no replacement") word* mutable_data() { return m_data.mutable_data(); } _ZNK5Botan6BigInt4dataEv: 679| 12| BOTAN_DEPRECATED("Deprecated no replacement") const word* data() const { return m_data.const_data(); } _ZNK5Botan6BigInt7grow_toEm: 699| 5.70k| BOTAN_DEPRECATED("Deprecated no replacement") void grow_to(size_t n) const { m_data.grow_to(n); } _ZN5Botan6BigInt10power_of_2Em: 856| 6| static BigInt power_of_2(size_t n) { 857| 6| BigInt b; 858| 6| b.set_bit(n); 859| 6| return b; 860| 6| } _ZNK5Botan6BigInt8_as_spanEv: 962| 12| std::span _as_span() const { return m_data.const_span(); } _ZNK5Botan6BigInt5_dataEv: 972| 126k| const word* _data() const { return m_data.const_data(); } _ZN5Botan6BigInt18_assign_from_bytesENSt3__14spanIKhLm18446744073709551615EEE: 983| 28.1k| void _assign_from_bytes(std::span bytes) { assign_from_bytes(bytes); } _ZN5Botan6BigInt11_from_wordsERNSt3__16vectorImNS_16secure_allocatorImEEEE: 991| 48| static BigInt _from_words(secure_vector& words) { 992| 48| BigInt bn; 993| 48| bn.m_data.swap(words); 994| 48| return bn; 995| 48| } _ZN5Botan6BigInt4Data12mutable_dataEv: 1022| 24.2k| word* mutable_data() { 1023| 24.2k| invalidate_sig_words(); 1024| 24.2k| return m_reg.data(); 1025| 24.2k| } _ZNK5Botan6BigInt4Data10const_dataEv: 1027| 266k| const word* const_data() const { return m_reg.data(); } _ZNK5Botan6BigInt4Data10const_spanEv: 1029| 12| std::span const_span() const { return std::span{m_reg}; } _ZNK5Botan6BigInt4Data11get_word_atEm: 1038| 146k| word get_word_at(size_t n) const { 1039| 146k| if(n < m_reg.size()) { ------------------ | Branch (1039:19): [True: 146k, False: 24] ------------------ 1040| 146k| return m_reg[n]; 1041| 146k| } 1042| 24| return 0; 1043| 146k| } _ZN5Botan6BigInt4Data11set_word_atEmm: 1045| 6.31k| void set_word_at(size_t i, word w) { 1046| 6.31k| invalidate_sig_words(); 1047| 6.31k| if(i >= m_reg.size()) { ------------------ | Branch (1047:19): [True: 6.31k, False: 0] ------------------ 1048| 6.31k| if(w == 0) { ------------------ | Branch (1048:22): [True: 18, False: 6.29k] ------------------ 1049| 18| return; 1050| 18| } 1051| 6.29k| grow_to(i + 1); 1052| 6.29k| } 1053| 6.29k| m_reg[i] = w; 1054| 6.29k| } _ZNK5Botan6BigInt4Data7grow_toEm: 1065| 12.0k| void grow_to(size_t n) const { 1066| 12.0k| if(n > size()) { ------------------ | Branch (1066:19): [True: 11.8k, False: 119] ------------------ 1067| 11.8k| if(n <= m_reg.capacity()) { ------------------ | Branch (1067:22): [True: 0, False: 11.8k] ------------------ 1068| 0| m_reg.resize(n); 1069| 11.8k| } else { 1070| 11.8k| m_reg.resize(n + (8 - (n % 8))); 1071| 11.8k| } 1072| 11.8k| } 1073| 12.0k| } _ZNK5Botan6BigInt4Data4sizeEv: 1075| 320k| size_t size() const { return m_reg.size(); } _ZN5Botan6BigInt4Data4swapERS1_: 1090| 59.7k| void swap(Data& other) noexcept { 1091| 59.7k| m_reg.swap(other.m_reg); 1092| 59.7k| std::swap(m_sig_words, other.m_sig_words); 1093| 59.7k| } _ZN5Botan6BigInt4Data4swapERNSt3__16vectorImNS_16secure_allocatorImEEEE: 1095| 62.2k| void swap(secure_vector& reg) noexcept { 1096| 62.2k| m_reg.swap(reg); 1097| 62.2k| invalidate_sig_words(); 1098| 62.2k| } _ZNK5Botan6BigInt4Data20invalidate_sig_wordsEv: 1100| 92.8k| void invalidate_sig_words() const noexcept { m_sig_words = sig_words_npos; } _ZNK5Botan6BigInt4Data9sig_wordsEv: 1102| 279k| size_t sig_words() const { 1103| 279k| if(m_sig_words == sig_words_npos) { ------------------ | Branch (1103:19): [True: 58.7k, False: 220k] ------------------ 1104| 58.7k| m_sig_words = calc_sig_words(); 1105| 58.7k| } 1106| 279k| return m_sig_words; 1107| 279k| } _ZN5BotanplERKNS_6BigIntES2_: 1125| 12|inline BigInt operator+(const BigInt& x, const BigInt& y) { 1126| 12| return BigInt::add2(x, y._data(), y.sig_words(), y.sign()); 1127| 12|} _ZN5BotanmlEmRKNS_6BigIntE: 1148| 84|inline BigInt operator*(word x, const BigInt& y) { 1149| 84| return y * x; 1150| 84|} _ZN5BotaneqERKNS_6BigIntES2_: 1162| 6|inline bool operator==(const BigInt& a, const BigInt& b) { 1163| 6| return a.is_equal(b); 1164| 6|} _ZN5BotanneERKNS_6BigIntES2_: 1166| 6|inline bool operator!=(const BigInt& a, const BigInt& b) { 1167| 6| return !a.is_equal(b); 1168| 6|} _ZN5BotanltERKNS_6BigIntES2_: 1178| 6|inline bool operator<(const BigInt& a, const BigInt& b) { 1179| 6| return a.is_less_than(b); 1180| 6|} _ZN5BotaneqERKNS_6BigIntEm: 1186| 6.26k|inline bool operator==(const BigInt& a, word b) { 1187| 6.26k| return (a.cmp_word(b) == 0); 1188| 6.26k|} _ZN5BotanneERKNS_6BigIntEm: 1190| 6|inline bool operator!=(const BigInt& a, word b) { 1191| 6| return (a.cmp_word(b) != 0); 1192| 6|} _ZN5BotanltERKNS_6BigIntEm: 1202| 23.8k|inline bool operator<(const BigInt& a, word b) { 1203| 23.8k| return (a.cmp_word(b) < 0); 1204| 23.8k|} _ZNK5Botan6BigInt9serializeINSt3__16vectorIhNS2_9allocatorIhEEEEEET_m: 747| 13.3k| T serialize(size_t len) const { 748| | // TODO this supports std::vector and secure_vector 749| | // it would be nice if this also could work with std::array as in 750| | // bn.serialize_to>(32); 751| 13.3k| T out(len); 752| 13.3k| this->serialize_to(out); 753| 13.3k| return out; 754| 13.3k| } _ZNK5Botan6BigInt9serializeINSt3__16vectorIhNS2_9allocatorIhEEEEEET_v: 760| 7.04k| T serialize() const { 761| 7.04k| return serialize(this->bytes()); 762| 7.04k| } _ZN5Botan6BigIntC2ERKS0_: 88| 12.0k| BigInt(const BigInt& other) = default; _ZN5Botan6BigIntC2Ev: 45| 98.3k| BigInt() = default; _ZN5Botan6BigIntaSERKS0_: 201| 6| BigInt& operator=(const BigInt&) = default; _ZNK5Botan11BlockCipher14parallel_bytesEv: 67| 589| size_t parallel_bytes() const { return parallelism() * block_size() * BlockCipher::ParallelismMult; } _ZNK5Botan11BlockCipher7encryptEPh: 99| 491| void encrypt(uint8_t block[]) const { encrypt_n(block, block, 1); } _ZNK5Botan11BlockCipher7encryptENSt3__14spanIhLm18446744073709551615EEE: 113| 1.60k| void encrypt(std::span block) const { 114| 1.60k| return encrypt_n(block.data(), block.data(), block.size() / block_size()); 115| 1.60k| } _ZNK5Botan11BlockCipher7encryptENSt3__14spanIKhLm18446744073709551615EEENS2_IhLm18446744073709551615EEE: 130| 1.36k| void encrypt(std::span in, std::span out) const { 131| 1.36k| return encrypt_n(in.data(), out.data(), in.size() / block_size()); 132| 1.36k| } _ZNK5Botan25Block_Cipher_Fixed_ParamsILm16ELm16ELm0ELm1ENS_11BlockCipherEE8key_specEv: 216| 449| Key_Length_Specification key_spec() const final { return Key_Length_Specification(KMIN, KMAX, KMOD); } _ZNK5Botan25Block_Cipher_Fixed_ParamsILm16ELm16ELm0ELm1ENS_11BlockCipherEE10block_sizeEv: 214| 2.97k| size_t block_size() const final { return BS; } _ZNK5Botan25Block_Cipher_Fixed_ParamsILm16ELm32ELm0ELm1ENS_11BlockCipherEE8key_specEv: 216| 601| Key_Length_Specification key_spec() const final { return Key_Length_Specification(KMIN, KMAX, KMOD); } _ZNK5Botan25Block_Cipher_Fixed_ParamsILm16ELm32ELm0ELm1ENS_11BlockCipherEE10block_sizeEv: 214| 1.42k| size_t block_size() const final { return BS; } _ZNK5Botan25Block_Cipher_Fixed_ParamsILm8ELm16ELm24ELm8ENS_11BlockCipherEE8key_specEv: 216| 225| Key_Length_Specification key_spec() const final { return Key_Length_Specification(KMIN, KMAX, KMOD); } _ZNK5Botan25Block_Cipher_Fixed_ParamsILm8ELm16ELm24ELm8ENS_11BlockCipherEE10block_sizeEv: 214| 206| size_t block_size() const final { return BS; } _ZN5Botan20Buffered_Computation6updateEPKhm: 34| 248| void update(const uint8_t in[], size_t length) { add_data({in, length}); } _ZN5Botan20Buffered_Computation6updateENSt3__14spanIKhLm18446744073709551615EEE: 40| 273k| void update(std::span in) { add_data(in); } _ZN5Botan20Buffered_Computation5finalEPh: 69| 9.38k| void final(uint8_t out[]) { final_result({out, output_length()}); } _ZN5Botan20Buffered_Computation12final_stdvecEv: 83| 30.4k| std::vector final_stdvec() { return final>(); } _ZN5Botan20Buffered_Computation5finalITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS3_9allocatorIhEEEEEET_v: 77| 30.4k| T final() { 78| 30.4k| T output(output_length()); 79| 30.4k| final_result(output); 80| 30.4k| return output; 81| 30.4k| } _ZN5Botan20Buffered_Computation5finalITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEEET_v: 77| 9.33k| T final() { 78| 9.33k| T output(output_length()); 79| 9.33k| final_result(output); 80| 9.33k| return output; 81| 9.33k| } _ZN5Botan20Buffered_ComputationD2Ev: 130| 52.8k| virtual ~Buffered_Computation() = default; _ZN5Botan20Buffered_Computation5finalITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEEEvRT_: 88| 7.61k| void final(T& out) { 89| 7.61k| out.resize(output_length()); 90| 7.61k| final_result(out); 91| 7.61k| } _ZN5Botan20Buffered_Computation7processITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEEET_NS3_4spanIKhLm18446744073709551615EEE: 125| 7.61k| T process(std::span in) { 126| 7.61k| update(in); 127| 7.61k| return final(); 128| 7.61k| } _ZN5Botan20Buffered_Computation5finalITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS3_9allocatorIhEEEEEEvRT_: 88| 6.45k| void final(T& out) { 89| 6.45k| out.resize(output_length()); 90| 6.45k| final_result(out); 91| 6.45k| } _ZNK5Botan10ChaCha_RNG31max_number_of_bytes_per_requestEv: 108| 40.8k| size_t max_number_of_bytes_per_request() const override { return 0; } _ZN5Botan11Cipher_Mode5startENSt3__14spanIKhLm18446744073709551615EEE: 97| 723| void start(std::span nonce) { start_msg(nonce.data(), nonce.size()); } _ZN5Botan11Cipher_Mode6finishERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 178| 477| void finish(secure_vector& final_block, size_t offset = 0) { finish_msg(final_block, offset); } _ZN5Botan11Cipher_Mode7processENSt3__14spanIhLm18446744073709551615EEE: 131| 261| size_t process(std::span msg) { return this->process_msg(msg.data(), msg.size()); } _ZN5Botan11Cipher_Mode7processEPhm: 133| 246| size_t process(uint8_t msg[], size_t msg_len) { return this->process_msg(msg, msg_len); } _ZN5Botan11Cipher_Mode6updateITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEEEvRT_m: 148| 261| void update(T& buffer, size_t offset = 0) { 149| 261| const size_t written = process(std::span(buffer).subspan(offset)); 150| 261| buffer.resize(offset + written); 151| 261| } _ZN5Botan19Credentials_ManagerD2Ev: 42| 7.04k| virtual ~Credentials_Manager() = default; _ZN5Botan8CurveGFp4swapERS0_: 69| 11.9k| void swap(CurveGFp& other) noexcept { std::swap(m_group, other.m_group); } _ZN5Botan8CurveGFpC2Ev: 62| 11.9k| CurveGFp() = default; _ZN5Botan10DataSourceD2Ev: 101| 340k| virtual ~DataSource() = default; _ZN5Botan17DataSource_MemoryC2ENSt3__16vectorIhNS_16secure_allocatorIhEEEE: 135| 7.04k| explicit DataSource_Memory(secure_vector in) : m_source(std::move(in)), m_offset(0) {} _ZN5Botan17DataSource_MemoryC2ENSt3__14spanIKhLm18446744073709551615EEE: 141| 113k| explicit DataSource_Memory(std::span in) : m_source(in.begin(), in.end()), m_offset(0) {} _ZN5Botan10DataSourceC2Ev: 100| 340k| DataSource() = default; _ZN5Botan11DER_Encoder14start_sequenceEv: 67| 67.3k| DER_Encoder& start_sequence() { return start_cons(ASN1_Type::Sequence, ASN1_Class::Universal); } _ZN5Botan11DER_Encoder12DER_SequenceD2Ev: 244| 284k| ~DER_Sequence() = default; _ZN5Botan11DER_Encoder6encodeINSt3__19allocatorIhEEEERS0_RKNS2_6vectorIhT_EENS_9ASN1_TypeE: 98| 7.04k| DER_Encoder& encode(const std::vector& vec, ASN1_Type real_type) { 99| 7.04k| return encode(vec.data(), vec.size(), real_type); 100| 7.04k| } _ZN5Botan11DER_Encoder22start_context_specificEj: 71| 18.7k| DER_Encoder& start_context_specific(uint32_t tag) { 72| 18.7k| return start_cons(ASN1_Type(tag), ASN1_Class::ContextSpecific); 73| 18.7k| } _ZN5Botan11DER_Encoder9raw_bytesENSt3__14spanIKhLm18446744073709551615EEE: 89| 32.8k| DER_Encoder& raw_bytes(std::span val) { return raw_bytes(val.data(), val.size()); } _ZN5Botan11DER_Encoder10add_objectENS_9ASN1_TypeENS_10ASN1_ClassENSt3__14spanIKhLm18446744073709551615EEE: 185| 39.1k| DER_Encoder& add_object(ASN1_Type type_tag, ASN1_Class class_tag, std::span rep) { 186| 39.1k| return add_object(type_tag, class_tag, rep.data(), rep.size()); 187| 39.1k| } _ZN5Botan11DER_Encoder10add_objectENS_9ASN1_TypeENS_10ASN1_ClassERKNSt3__16vectorIhNS3_9allocatorIhEEEE: 189| 25.8k| DER_Encoder& add_object(ASN1_Type type_tag, ASN1_Class class_tag, const std::vector& rep) { 190| 25.8k| return add_object(type_tag, class_tag, std::span{rep}); 191| 25.8k| } _ZN5Botan11DER_Encoder10add_objectENS_9ASN1_TypeENS_10ASN1_ClassERKNSt3__16vectorIhNS_16secure_allocatorIhEEEE: 193| 7.04k| DER_Encoder& add_object(ASN1_Type type_tag, ASN1_Class class_tag, const secure_vector& rep) { 194| 7.04k| return add_object(type_tag, class_tag, std::span{rep}); 195| 7.04k| } _ZN5Botan11DER_Encoder12DER_SequenceC2EOS1_: 229| 198k| m_type_tag(seq.m_type_tag), 230| 198k| m_class_tag(seq.m_class_tag), 231| 198k| m_contents(std::move(seq.m_contents)), 232| 198k| m_set_contents(std::move(seq.m_set_contents)) {} _ZN5Botan7DNSNameC2ENSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEE: 78| 7.04k| explicit DNSName(std::string canonical) : m_name(std::move(canonical)) {} _ZNK5Botan14EC_AffinePoint5innerEv: 274| 28.8k| const EC_AffinePoint_Data& inner() const { return *m_point; } _ZNK5Botan14EC_AffinePoint22serialize_uncompressedITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS3_9allocatorIhEEEEEET_v: 203| 4.81k| T serialize_uncompressed() const { 204| 4.81k| T bytes(1 + 2 * this->field_element_bytes()); 205| 4.81k| this->serialize_uncompressed_to(bytes); 206| 4.81k| return bytes; 207| 4.81k| } _ZNK5Botan14EC_AffinePoint20serialize_compressedITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS3_9allocatorIhEEEEEET_v: 213| 59| T serialize_compressed() const { 214| 59| T bytes(1 + this->field_element_bytes()); 215| 59| this->serialize_compressed_to(bytes); 216| 59| return bytes; 217| 59| } _ZNK5Botan8EC_Group5_dataEv: 458| 21.2k| const std::shared_ptr& _data() const { return m_data; } _ZN5Botan8EC_GroupC2EOS0_: 221| 22.0k| EC_Group(EC_Group&&) = default; _ZN5Botan8EC_PointaSEOS0_: 72| 11.9k| EC_Point& operator=(EC_Point&& other) noexcept { 73| 11.9k| if(this != &other) { ------------------ | Branch (73:13): [True: 11.9k, False: 0] ------------------ 74| 11.9k| this->swap(other); 75| 11.9k| } 76| 11.9k| return (*this); 77| 11.9k| } _ZN5Botan8EC_PointD2Ev: 79| 23.8k| ~EC_Point() = default; _ZN5Botan8EC_PointC2Ev: 46| 11.9k| EC_Point() = default; _ZNK5Botan9EC_Scalar10is_nonzeroEv: 161| 10.1k| bool is_nonzero() const { return !is_zero(); } _ZNK5Botan9EC_Scalar6_innerEv: 244| 4.87k| const EC_Scalar_Data& _inner() const { return inner(); } _ZNK5Botan9EC_Scalar5innerEv: 253| 26.9k| const EC_Scalar_Data& inner() const { return *m_scalar; } _ZN5Botan12EC_PublicKeyC2Ev: 137| 10.1k| EC_PublicKey() = default; _ZN5Botan12EC_PublicKeyD2Ev: 42| 11.9k| ~EC_PublicKey() override = default; _ZN5Botan13EC_PrivateKeyD2Ev: 170| 10.1k| ~EC_PrivateKey() override = default; _ZNK5Botan12EC_PublicKey14point_encodingEv: 102| 4.87k| EC_Point_Format point_encoding() const { return m_point_encoding; } _ZN5Botan14ECDH_PublicKeyC1ERKNS_8EC_GroupERKNS_14EC_AffinePointE: 44| 1.80k| ECDH_PublicKey(const EC_Group& group, const EC_AffinePoint& public_key) : EC_PublicKey(group, public_key) {} _ZN5Botan15ECDH_PrivateKeyC1ERNS_21RandomNumberGeneratorERKNS_8EC_GroupE: 101| 3.08k| ECDH_PrivateKey(RandomNumberGenerator& rng, const EC_Group& group) : EC_PrivateKey(rng, group) {} _ZN5Botan14ECDH_PublicKeyC2Ev: 67| 3.08k| ECDH_PublicKey() = default; _ZNK5Botan14ECDH_PublicKey9algo_nameEv: 50| 5.91k| std::string algo_name() const override { return "ECDH"; } _ZN5Botan16ECDSA_PrivateKeyC1ERKNS_19AlgorithmIdentifierENSt3__14spanIKhLm18446744073709551615EEE: 98| 7.04k| EC_PrivateKey(alg_id, key_bits) {} _ZN5Botan15ECDSA_PublicKeyC2Ev: 79| 7.04k| ECDSA_PublicKey() = default; _ZNK5Botan9Exception4whatEv: 94| 1.23k| const char* what() const noexcept override { return m_msg.c_str(); } _ZN5Botan10hex_encodeENSt3__14spanIKhLm18446744073709551615EEEb: 43| 14.0k|inline std::string hex_encode(std::span input, bool uppercase = true) { 44| 14.0k| return hex_encode(input.data(), input.size(), uppercase); 45| 14.0k|} _ZN5Botan3KDFD2Ev: 27| 1.72k| virtual ~KDF() = default; _ZNK5Botan3KDF10derive_keyITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEEET_mNS3_4spanIKhLm18446744073709551615EEESB_SB_: 143| 3.19k| std::span label) const { 144| 3.19k| T key(key_len); 145| 3.19k| perform_kdf(key, secret, salt, label); 146| 3.19k| return key; 147| 3.19k| } _ZNK5Botan3KDF10derive_keyITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEEET_mPKhmSA_mSA_m: 97| 1.46k| size_t label_len = 0) const { 98| 1.46k| return derive_key(key_len, {secret, secret_len}, {salt, salt_len}, {label, label_len}); 99| 1.46k| } _ZN5Botan9clear_memIhEEvPT_m: 118| 49.4k|inline constexpr void clear_mem(T* ptr, size_t n) { 119| 49.4k| clear_bytes(ptr, sizeof(T) * n); 120| 49.4k|} _ZN5Botan11clear_bytesEPvm: 101| 208k|inline constexpr void clear_bytes(void* ptr, size_t bytes) { 102| 208k| if(bytes > 0) { ------------------ | Branch (102:7): [True: 146k, False: 62.2k] ------------------ 103| 146k| std::memset(ptr, 0, bytes); 104| 146k| } 105| 208k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERNSt3__15arrayImLm4EEETkNS1_16contiguous_rangeENS2_4spanIhLm32EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS8_IXsr21__is_primary_templateINS9_Iu14__remove_cvrefIDTclL_ZNSB_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSH_ISP_EESQ_E4type10value_typeEEEEvOSM_RKSC_: 176| 13.6k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 13.6k| ranges::assert_equal_byte_lengths(out, in); 178| 13.6k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 13.6k|} _ZN5Botan13typecast_copyINSt3__15arrayImLm4EEETkNS_6ranges16contiguous_rangeENS1_4spanIhLm32EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vIS7_Esr3stdE23is_trivially_copyable_vINS1_11conditionalIXsr21__is_primary_templateINS1_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS1_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS1_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEEES7_RKSC_: 210| 13.6k|inline constexpr ToT typecast_copy(const FromR& src) { 211| 13.6k| ToT dst; // NOLINT(*-member-init) 212| 13.6k| typecast_copy(dst, src); 213| 13.6k| return dst; 214| 13.6k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERNSt3__15arrayImLm4EEETkNS1_16contiguous_rangeENS2_4spanIKhLm32EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISG_EESH_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS9_IXsr21__is_primary_templateINSA_Iu14__remove_cvrefIDTclL_ZNSC_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSI_ISQ_EESR_E4type10value_typeEEEEvOSN_RKSD_: 176| 14.4k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 14.4k| ranges::assert_equal_byte_lengths(out, in); 178| 14.4k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 14.4k|} _ZN5Botan13typecast_copyINSt3__15arrayImLm4EEETkNS_6ranges16contiguous_rangeENS1_4spanIKhLm32EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vIS8_Esr3stdE23is_trivially_copyable_vINS1_11conditionalIXsr21__is_primary_templateINS1_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS1_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS1_26indirectly_readable_traitsISG_EESH_E4type10value_typeEEEES8_RKSD_: 210| 14.4k|inline constexpr ToT typecast_copy(const FromR& src) { 211| 14.4k| ToT dst; // NOLINT(*-member-init) 212| 14.4k| typecast_copy(dst, src); 213| 14.4k| return dst; 214| 14.4k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeENSt3__14spanIhLm32EEETkNS1_16contiguous_rangeENS2_5arrayImLm4EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEEEvOSL_RKSB_: 176| 14.0k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 14.0k| ranges::assert_equal_byte_lengths(out, in); 178| 14.0k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 14.0k|} _ZN5Botan7xor_bufITkNS_6ranges23contiguous_output_rangeIhEENSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeIhEENS4_IKhLm18446744073709551615EEEEEvOT_OT0_: 342| 7.74k| ranges::contiguous_range auto&& in) { 343| 7.74k| ranges::assert_equal_byte_lengths(out, in); 344| | 345| 7.74k| std::span o(out); 346| 7.74k| std::span i(in); 347| | 348| 16.5k| for(; o.size_bytes() >= 32; o = o.subspan(32), i = i.subspan(32)) { ------------------ | Branch (348:10): [True: 8.85k, False: 7.74k] ------------------ 349| 8.85k| auto x = typecast_copy>(o.template first<32>()); 350| 8.85k| const auto y = typecast_copy>(i.template first<32>()); 351| | 352| 8.85k| x[0] ^= y[0]; 353| 8.85k| x[1] ^= y[1]; 354| 8.85k| x[2] ^= y[2]; 355| 8.85k| x[3] ^= y[3]; 356| | 357| 8.85k| typecast_copy(o.template first<32>(), x); 358| 8.85k| } 359| | 360| 118k| for(size_t off = 0; off != o.size_bytes(); ++off) { ------------------ | Branch (360:24): [True: 110k, False: 7.74k] ------------------ 361| 110k| o[off] ^= i[off]; 362| 110k| } 363| 7.74k|} _ZN5Botan7xor_bufITkNS_6ranges23contiguous_output_rangeIhEENSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeIhEENS4_IKhLm18446744073709551615EEETkNS6_IhEES8_EEvOT_OT0_OT1_: 373| 1.72k| ranges::contiguous_range auto&& in2) { 374| 1.72k| ranges::assert_equal_byte_lengths(out, in1, in2); 375| | 376| 1.72k| std::span o{out}; 377| 1.72k| std::span i1{in1}; 378| 1.72k| std::span i2{in2}; 379| | 380| 2.13k| for(; o.size_bytes() >= 32; o = o.subspan(32), i1 = i1.subspan(32), i2 = i2.subspan(32)) { ------------------ | Branch (380:10): [True: 404, False: 1.72k] ------------------ 381| 404| auto x = typecast_copy>(i1.template first<32>()); 382| 404| const auto y = typecast_copy>(i2.template first<32>()); 383| | 384| 404| x[0] ^= y[0]; 385| 404| x[1] ^= y[1]; 386| 404| x[2] ^= y[2]; 387| 404| x[3] ^= y[3]; 388| | 389| 404| typecast_copy(o.template first<32>(), x); 390| 404| } 391| | 392| 29.1k| for(size_t off = 0; off != o.size_bytes(); ++off) { ------------------ | Branch (392:24): [True: 27.4k, False: 1.72k] ------------------ 393| 27.4k| o[off] = i1[off] ^ i2[off]; 394| 27.4k| } 395| 1.72k|} _ZN5Botan7xor_bufEPhPKhm: 403| 7.65k|inline void xor_buf(uint8_t out[], const uint8_t in[], size_t length) { 404| | // simply assumes that *out and *in point to "length" allocated bytes at least 405| 7.65k| xor_buf(std::span{out, length}, std::span{in, length}); 406| 7.65k|} _ZN5Botan7xor_bufEPhPKhS2_m: 415| 1.72k|inline void xor_buf(uint8_t out[], const uint8_t in[], const uint8_t in2[], size_t length) { 416| | // simply assumes that *out, *in, and *in2 point to "length" allocated bytes at least 417| 1.72k| xor_buf(std::span{out, length}, std::span{in, length}, std::span{in2, length}); 418| 1.72k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm8EEEmQaaaasr3stdE23is_trivially_copyable_vIT0_Entsr3std6rangesE5rangeIS7_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEEEvOSC_RKS7_: 199| 487k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromT& in) { 200| 487k| typecast_copy(out, std::span(&in, 1)); 201| 487k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm8EEETkNS1_16contiguous_rangeENS3_IKmLm1EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISG_EESH_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS9_IXsr21__is_primary_templateINSA_Iu14__remove_cvrefIDTclL_ZNSC_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSI_ISQ_EESR_E4type10value_typeEEEEvOSN_RKSD_: 176| 487k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 487k| ranges::assert_equal_byte_lengths(out, in); 178| 487k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 487k|} _ZN5Botan13typecast_copyImTkNS_6ranges16contiguous_rangeENSt3__14spanIKhLm8EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vIS6_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEEES6_RKSB_: 210| 468k|inline constexpr ToT typecast_copy(const FromR& src) { 211| 468k| ToT dst; // NOLINT(*-member-init) 212| 468k| typecast_copy(dst, src); 213| 468k| return dst; 214| 468k|} _ZN5Botan13typecast_copyImTkNS_6ranges16contiguous_rangeENSt3__14spanIKhLm8EEEQaaaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIT_Entsr3std6rangesE5rangeISK_EEEvRSK_RKSA_: 188| 468k|inline constexpr void typecast_copy(ToT& out, const FromR& in) { 189| 468k| typecast_copy(std::span(&out, 1), in); 190| 468k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm1EEETkNS1_16contiguous_rangeENS3_IKhLm8EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEEEvOSL_RKSB_: 176| 468k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 468k| ranges::assert_equal_byte_lengths(out, in); 178| 468k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 468k|} _ZN5Botan13typecast_copyItTkNS_6ranges16contiguous_rangeENSt3__14spanIKhLm2EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vIS6_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEEES6_RKSB_: 210| 52.6k|inline constexpr ToT typecast_copy(const FromR& src) { 211| 52.6k| ToT dst; // NOLINT(*-member-init) 212| 52.6k| typecast_copy(dst, src); 213| 52.6k| return dst; 214| 52.6k|} _ZN5Botan13typecast_copyItTkNS_6ranges16contiguous_rangeENSt3__14spanIKhLm2EEEQaaaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIT_Entsr3std6rangesE5rangeISK_EEEvRSK_RKSA_: 188| 52.6k|inline constexpr void typecast_copy(ToT& out, const FromR& in) { 189| 52.6k| typecast_copy(std::span(&out, 1), in); 190| 52.6k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeENSt3__14spanItLm1EEETkNS1_16contiguous_rangeENS3_IKhLm2EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEEEvOSL_RKSB_: 176| 52.6k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 52.6k| ranges::assert_equal_byte_lengths(out, in); 178| 52.6k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 52.6k|} _ZN5Botan13typecast_copyIjTkNS_6ranges16contiguous_rangeENSt3__14spanIKhLm4EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vIS6_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEEES6_RKSB_: 210| 502|inline constexpr ToT typecast_copy(const FromR& src) { 211| 502| ToT dst; // NOLINT(*-member-init) 212| 502| typecast_copy(dst, src); 213| 502| return dst; 214| 502|} _ZN5Botan13typecast_copyIjTkNS_6ranges16contiguous_rangeENSt3__14spanIKhLm4EEEQaaaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIT_Entsr3std6rangesE5rangeISK_EEEvRSK_RKSA_: 188| 502|inline constexpr void typecast_copy(ToT& out, const FromR& in) { 189| 502| typecast_copy(std::span(&out, 1), in); 190| 502|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeENSt3__14spanIjLm1EEETkNS1_16contiguous_rangeENS3_IKhLm4EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEEEvOSL_RKSB_: 176| 502|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 502| ranges::assert_equal_byte_lengths(out, in); 178| 502| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 502|} _ZN5Botan8copy_memIhQsr3stdE12is_trivial_vIu7__decayIT_EEEEvPS1_PKS1_m: 144| 12.0M|inline constexpr void copy_mem(T* out, const T* in, size_t n) { 145| 12.0M| BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, "If n > 0 then args are not null"); ------------------ | | 103| 12.0M| do { \ | | 104| 12.0M| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 105| 24.0M| if((expr1) && !(expr2)) { \ | | ------------------ | | | Branch (105:10): [True: 12.0M, False: 86.6k] | | | Branch (105:23): [True: 12.0M, False: 0] | | | Branch (105:23): [True: 12.0M, False: 0] | | ------------------ | | 106| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 107| 0| Botan::assertion_failure(#expr1 " implies " #expr2, msg, __func__, __FILE__, __LINE__); \ | | 108| 0| } \ | | 109| 12.0M| } while(0) | | ------------------ | | | Branch (109:12): [Folded, False: 12.0M] | | ------------------ ------------------ 146| | 147| 12.0M| if(in != nullptr && out != nullptr && n > 0) { ------------------ | Branch (147:7): [True: 12.0M, False: 14.2k] | Branch (147:24): [True: 12.0M, False: 7.27k] | Branch (147:42): [True: 12.0M, False: 65.2k] ------------------ 148| 12.0M| std::memmove(out, in, sizeof(T) * n); 149| 12.0M| } 150| 12.0M|} _ZN5Botan19secure_scrub_memoryITkNS_6ranges23contiguous_output_rangeERNSt3__16vectorIhNS2_9allocatorIhEEEEEEvOT_: 59| 1.26M|void secure_scrub_memory(ranges::contiguous_output_range auto&& data) { 60| 1.26M| secure_scrub_memory(std::ranges::data(data), ranges::size_bytes(data)); 61| 1.26M|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm2EEEtQaaaasr3stdE23is_trivially_copyable_vIT0_Entsr3std6rangesE5rangeIS7_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEEEvOSC_RKS7_: 199| 8|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromT& in) { 200| 8| typecast_copy(out, std::span(&in, 1)); 201| 8|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm2EEETkNS1_16contiguous_rangeENS3_IKtLm1EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISG_EESH_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS9_IXsr21__is_primary_templateINSA_Iu14__remove_cvrefIDTclL_ZNSC_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSI_ISQ_EESR_E4type10value_typeEEEEvOSN_RKSD_: 176| 8|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 8| ranges::assert_equal_byte_lengths(out, in); 178| 8| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 8|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm4EEEjQaaaasr3stdE23is_trivially_copyable_vIT0_Entsr3std6rangesE5rangeIS7_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEEEvOSC_RKS7_: 199| 859k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromT& in) { 200| 859k| typecast_copy(out, std::span(&in, 1)); 201| 859k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm4EEETkNS1_16contiguous_rangeENS3_IKjLm1EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISG_EESH_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS9_IXsr21__is_primary_templateINSA_Iu14__remove_cvrefIDTclL_ZNSC_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSI_ISQ_EESR_E4type10value_typeEEEEvOSN_RKSD_: 176| 859k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 859k| ranges::assert_equal_byte_lengths(out, in); 178| 859k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 859k|} _ZN5Botan9clear_memIjEEvPT_m: 118| 6|inline constexpr void clear_mem(T* ptr, size_t n) { 119| 6| clear_bytes(ptr, sizeof(T) * n); 120| 6|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERNSt3__14spanImLm18446744073709551615EEETkNS1_16contiguous_rangeENS3_IKhLm18446744073709551615EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS8_IXsr21__is_primary_templateINS9_Iu14__remove_cvrefIDTclL_ZNSB_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSH_ISP_EESQ_E4type10value_typeEEEEvOSM_RKSC_: 176| 4.87k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 4.87k| ranges::assert_equal_byte_lengths(out, in); 178| 4.87k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 4.87k|} _ZN5Botan8copy_memImQsr3stdE12is_trivial_vIu7__decayIT_EEEEvPS1_PKS1_m: 144| 38.5k|inline constexpr void copy_mem(T* out, const T* in, size_t n) { 145| 38.5k| BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, "If n > 0 then args are not null"); ------------------ | | 103| 38.5k| do { \ | | 104| 38.5k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 105| 77.1k| if((expr1) && !(expr2)) { \ | | ------------------ | | | Branch (105:10): [True: 38.5k, False: 0] | | | Branch (105:23): [True: 38.5k, False: 0] | | | Branch (105:23): [True: 38.5k, False: 0] | | ------------------ | | 106| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 107| 0| Botan::assertion_failure(#expr1 " implies " #expr2, msg, __func__, __FILE__, __LINE__); \ | | 108| 0| } \ | | 109| 38.5k| } while(0) | | ------------------ | | | Branch (109:12): [Folded, False: 38.5k] | | ------------------ ------------------ 146| | 147| 38.5k| if(in != nullptr && out != nullptr && n > 0) { ------------------ | Branch (147:7): [True: 38.5k, False: 0] | Branch (147:24): [True: 38.5k, False: 0] | Branch (147:42): [True: 38.5k, False: 0] ------------------ 148| 38.5k| std::memmove(out, in, sizeof(T) * n); 149| 38.5k| } 150| 38.5k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeERNSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeENS3_IKhLm18446744073709551615EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeENS8_IXsr21__is_primary_templateINS9_Iu14__remove_cvrefIDTclL_ZNSB_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSH_ISP_EESQ_E4type10value_typeEEsr3stdE23is_trivially_copyable_vISU_EEEvOSC_RKSM_: 160| 59|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 59| ranges::assert_equal_byte_lengths(out, in); 162| 59| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 59] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 59| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 59, False: 0] ------------------ 165| 59| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 59| } 167| 59|} _ZN5Botan7xor_bufITkNS_6ranges23contiguous_output_rangeIhEENSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeIhEES5_EEvOT_OT0_: 342| 7.61k| ranges::contiguous_range auto&& in) { 343| 7.61k| ranges::assert_equal_byte_lengths(out, in); 344| | 345| 7.61k| std::span o(out); 346| 7.61k| std::span i(in); 347| | 348| 12.3k| for(; o.size_bytes() >= 32; o = o.subspan(32), i = i.subspan(32)) { ------------------ | Branch (348:10): [True: 4.78k, False: 7.61k] ------------------ 349| 4.78k| auto x = typecast_copy>(o.template first<32>()); 350| 4.78k| const auto y = typecast_copy>(i.template first<32>()); 351| | 352| 4.78k| x[0] ^= y[0]; 353| 4.78k| x[1] ^= y[1]; 354| 4.78k| x[2] ^= y[2]; 355| 4.78k| x[3] ^= y[3]; 356| | 357| 4.78k| typecast_copy(o.template first<32>(), x); 358| 4.78k| } 359| | 360| 71.2k| for(size_t off = 0; off != o.size_bytes(); ++off) { ------------------ | Branch (360:24): [True: 63.6k, False: 7.61k] ------------------ 361| 63.6k| o[off] ^= i[off]; 362| 63.6k| } 363| 7.61k|} _ZN5Botan9clear_memImEEvPT_m: 118| 62.2k|inline constexpr void clear_mem(T* ptr, size_t n) { 119| 62.2k| clear_bytes(ptr, sizeof(T) * n); 120| 62.2k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeENS3_IKhLm18446744073709551615EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeENS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIST_EEEvOSB_RKSL_: 160| 32.9k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 32.9k| ranges::assert_equal_byte_lengths(out, in); 162| 32.9k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 32.9k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 32.9k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 32.9k, False: 0] ------------------ 165| 32.9k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 32.9k| } 167| 32.9k|} _ZN5Botan13typecast_copyImTkNS_6ranges16contiguous_rangeENSt3__14spanIhLm8EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vIS5_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEEES5_RKSA_: 210| 29.9k|inline constexpr ToT typecast_copy(const FromR& src) { 211| 29.9k| ToT dst; // NOLINT(*-member-init) 212| 29.9k| typecast_copy(dst, src); 213| 29.9k| return dst; 214| 29.9k|} _ZN5Botan13typecast_copyImTkNS_6ranges16contiguous_rangeENSt3__14spanIhLm8EEEQaaaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISC_EESD_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIT_Entsr3std6rangesE5rangeISJ_EEEvRSJ_RKS9_: 188| 29.9k|inline constexpr void typecast_copy(ToT& out, const FromR& in) { 189| 29.9k| typecast_copy(std::span(&out, 1), in); 190| 29.9k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm1EEETkNS1_16contiguous_rangeENS3_IhLm8EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS6_IXsr21__is_primary_templateINS7_Iu14__remove_cvrefIDTclL_ZNS9_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSF_ISN_EESO_E4type10value_typeEEEEvOSK_RKSA_: 176| 29.9k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 29.9k| ranges::assert_equal_byte_lengths(out, in); 178| 29.9k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 29.9k|} _ZN5Botan9clear_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanIhLm18446744073709551615EEEEEvOT_Qsr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRS5_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEE: 132| 130|{ 133| 130| clear_bytes(std::ranges::data(mem), ranges::size_bytes(mem)); 134| 130|} _ZN5BotaneOINS_16secure_allocatorIhEES2_EERNSt3__16vectorIhT_EES7_RKNS4_IhT0_EE: 445| 406|std::vector& operator^=(std::vector& out, const std::vector& in) { 446| 406| if(out.size() < in.size()) { ------------------ | Branch (446:7): [True: 0, False: 406] ------------------ 447| 0| out.resize(in.size()); 448| 0| } 449| | 450| 406| xor_buf(std::span{out}.first(in.size()), in); 451| 406| return out; 452| 406|} _ZN5Botan7xor_bufITkNS_6ranges23contiguous_output_rangeIhEENSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeIhEERKNS3_6vectorIhNS_16secure_allocatorIhEEEEEEvOT_OT0_: 342| 406| ranges::contiguous_range auto&& in) { 343| 406| ranges::assert_equal_byte_lengths(out, in); 344| | 345| 406| std::span o(out); 346| 406| std::span i(in); 347| | 348| 406| for(; o.size_bytes() >= 32; o = o.subspan(32), i = i.subspan(32)) { ------------------ | Branch (348:10): [True: 0, False: 406] ------------------ 349| 0| auto x = typecast_copy>(o.template first<32>()); 350| 0| const auto y = typecast_copy>(i.template first<32>()); 351| | 352| 0| x[0] ^= y[0]; 353| 0| x[1] ^= y[1]; 354| 0| x[2] ^= y[2]; 355| 0| x[3] ^= y[3]; 356| | 357| 0| typecast_copy(o.template first<32>(), x); 358| 0| } 359| | 360| 6.90k| for(size_t off = 0; off != o.size_bytes(); ++off) { ------------------ | Branch (360:24): [True: 6.49k, False: 406] ------------------ 361| 6.49k| o[off] ^= i[off]; 362| 6.49k| } 363| 406|} _ZN5Botan19secure_scrub_memoryITkNS_6ranges23contiguous_output_rangeERNSt3__15arrayIhLm16EEEEEvOT_: 59| 271|void secure_scrub_memory(ranges::contiguous_output_range auto&& data) { 60| 271| secure_scrub_memory(std::ranges::data(data), ranges::size_bytes(data)); 61| 271|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeERNSt3__15arrayIhLm56EEETkNS1_16contiguous_rangeENS2_4spanIKhLm18446744073709551615EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISG_EESH_E4type10value_typeENS9_IXsr21__is_primary_templateINSA_Iu14__remove_cvrefIDTclL_ZNSC_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSI_ISQ_EESR_E4type10value_typeEEsr3stdE23is_trivially_copyable_vISV_EEEvOSD_RKSN_: 160| 2|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 2| ranges::assert_equal_byte_lengths(out, in); 162| 2| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 2] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 2| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 2, False: 0] ------------------ 165| 2| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 2| } 167| 2|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeERNSt3__14spanIhLm56EEETkNS1_16contiguous_rangeENS2_6vectorIhNS_16secure_allocatorIhEEEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISH_EESI_E4type10value_typeENSA_IXsr21__is_primary_templateINSB_Iu14__remove_cvrefIDTclL_ZNSD_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSJ_ISR_EESS_E4type10value_typeEEsr3stdE23is_trivially_copyable_vISW_EEEvOSE_RKSO_: 160| 10|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 10| ranges::assert_equal_byte_lengths(out, in); 162| 10| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 10] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 10| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 10, False: 0] ------------------ 165| 10| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 10| } 167| 10|} _ZN5Botan13typecast_copyINS_6StrongINSt3__15arrayIhLm56EEENS_9Point448_EJEEETkNS_6ranges16contiguous_rangeENS2_4spanIKhLm18446744073709551615EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vISB_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEESB_RKSG_: 210| 2|inline constexpr ToT typecast_copy(const FromR& src) { 211| 2| ToT dst; // NOLINT(*-member-init) 212| 2| typecast_copy(dst, src); 213| 2| return dst; 214| 2|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERNS_6StrongINSt3__15arrayIhLm56EEENS_9Point448_EJEEETkNS1_16contiguous_rangeENS3_4spanIKhLm18446744073709551615EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINSC_IXsr21__is_primary_templateINSD_Iu14__remove_cvrefIDTclL_ZNSF_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSL_IST_EESU_E4type10value_typeEEEEvOSQ_RKSG_: 176| 2|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 2| ranges::assert_equal_byte_lengths(out, in); 178| 2| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 2|} _ZN5Botan13typecast_copyINS_6StrongINSt3__15arrayIhLm56EEENS_11ScalarX448_EJEEETkNS_6ranges16contiguous_rangeENS2_4spanIKhLm18446744073709551615EEEQaaaasr3stdE26is_default_constructible_vIT_Esr3stdE23is_trivially_copyable_vISB_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEEESB_RKSG_: 210| 12|inline constexpr ToT typecast_copy(const FromR& src) { 211| 12| ToT dst; // NOLINT(*-member-init) 212| 12| typecast_copy(dst, src); 213| 12| return dst; 214| 12|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERNS_6StrongINSt3__15arrayIhLm56EEENS_11ScalarX448_EJEEETkNS1_16contiguous_rangeENS3_4spanIKhLm18446744073709551615EEEQaasr3stdE23is_trivially_copyable_vINS3_11conditionalIXsr21__is_primary_templateINS3_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS3_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS3_26indirectly_readable_traitsISJ_EESK_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINSC_IXsr21__is_primary_templateINSD_Iu14__remove_cvrefIDTclL_ZNSF_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSL_IST_EESU_E4type10value_typeEEEEvOSQ_RKSG_: 176| 12|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 12| ranges::assert_equal_byte_lengths(out, in); 178| 12| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 12|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeERNSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeENS2_6vectorIhNS_16secure_allocatorIhEEEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISH_EESI_E4type10value_typeENSA_IXsr21__is_primary_templateINSB_Iu14__remove_cvrefIDTclL_ZNSD_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSJ_ISR_EESS_E4type10value_typeEEsr3stdE23is_trivially_copyable_vISW_EEEvOSE_RKSO_: 160| 4.81k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 4.81k| ranges::assert_equal_byte_lengths(out, in); 162| 4.81k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 4.81k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 4.81k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 4.81k, False: 0] ------------------ 165| 4.81k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 4.81k| } 167| 4.81k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERNSt3__14spanIjLm18446744073709551615EEETkNS1_16contiguous_rangeENS3_IKhLm18446744073709551615EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS8_IXsr21__is_primary_templateINS9_Iu14__remove_cvrefIDTclL_ZNSB_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSH_ISP_EESQ_E4type10value_typeEEEEvOSM_RKSC_: 176| 2|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 2| ranges::assert_equal_byte_lengths(out, in); 178| 2| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 2|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm18446744073709551615EEEmQaaaasr3stdE23is_trivially_copyable_vIT0_Entsr3std6rangesE5rangeIS7_Esr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEEEvOSC_RKS7_: 199| 3.22k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromT& in) { 200| 3.22k| typecast_copy(out, std::span(&in, 1)); 201| 3.22k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERKNSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeENS3_IKmLm1EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISG_EESH_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS9_IXsr21__is_primary_templateINSA_Iu14__remove_cvrefIDTclL_ZNSC_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSI_ISQ_EESR_E4type10value_typeEEEEvOSN_RKSD_: 176| 3.22k|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 3.22k| ranges::assert_equal_byte_lengths(out, in); 178| 3.22k| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 3.22k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeERNSt3__15arrayIhLm16EEETkNS1_16contiguous_rangeENS2_4spanIKhLm18446744073709551615EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISG_EESH_E4type10value_typeENS9_IXsr21__is_primary_templateINSA_Iu14__remove_cvrefIDTclL_ZNSC_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSI_ISQ_EESR_E4type10value_typeEEsr3stdE23is_trivially_copyable_vISV_EEEvOSD_RKSN_: 160| 89|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 89| ranges::assert_equal_byte_lengths(out, in); 162| 89| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 89] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 89| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 89, False: 0] ------------------ 165| 89| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 89| } 167| 89|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeERNSt3__15arrayIhLm16EEETkNS1_16contiguous_rangeES4_Qaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeENS6_IXsr21__is_primary_templateINS7_Iu14__remove_cvrefIDTclL_ZNS9_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSF_ISN_EESO_E4type10value_typeEEsr3stdE23is_trivially_copyable_vISS_EEEvOSA_RKSK_: 160| 89|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 89| ranges::assert_equal_byte_lengths(out, in); 162| 89| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 89] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 89| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 89, False: 0] ------------------ 165| 89| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 89| } 167| 89|} _ZN5Botan7xor_bufITkNS_6ranges23contiguous_output_rangeIhEERNSt3__14spanIhLm18446744073709551615EEETkNS1_16contiguous_rangeIhEES5_TkNS7_IhEES5_EEvOT_OT0_OT1_: 373| 89| ranges::contiguous_range auto&& in2) { 374| 89| ranges::assert_equal_byte_lengths(out, in1, in2); 375| | 376| 89| std::span o{out}; 377| 89| std::span i1{in1}; 378| 89| std::span i2{in2}; 379| | 380| 89| for(; o.size_bytes() >= 32; o = o.subspan(32), i1 = i1.subspan(32), i2 = i2.subspan(32)) { ------------------ | Branch (380:10): [True: 0, False: 89] ------------------ 381| 0| auto x = typecast_copy>(i1.template first<32>()); 382| 0| const auto y = typecast_copy>(i2.template first<32>()); 383| | 384| 0| x[0] ^= y[0]; 385| 0| x[1] ^= y[1]; 386| 0| x[2] ^= y[2]; 387| 0| x[3] ^= y[3]; 388| | 389| 0| typecast_copy(o.template first<32>(), x); 390| 0| } 391| | 392| 1.51k| for(size_t off = 0; off != o.size_bytes(); ++off) { ------------------ | Branch (392:24): [True: 1.42k, False: 89] ------------------ 393| 1.42k| o[off] = i1[off] ^ i2[off]; 394| 1.42k| } 395| 89|} _ZN5Botan9clear_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm18446744073709551615EEEEEvOT_Qsr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRS5_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISD_EESE_E4type10value_typeEE: 132| 48|{ 133| 48| clear_bytes(std::ranges::data(mem), ranges::size_bytes(mem)); 134| 48|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm4EEETkNS1_16contiguous_rangeENS2_5arrayImLm4EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeENS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIST_EEEvOSB_RKSL_: 160| 17.4k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 17.4k| ranges::assert_equal_byte_lengths(out, in); 162| 17.4k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 17.4k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 17.4k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 17.4k, False: 0] ------------------ 165| 17.4k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 17.4k| } 167| 17.4k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm6EEETkNS1_16contiguous_rangeENS2_5arrayImLm6EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeENS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIST_EEEvOSB_RKSL_: 160| 5.28k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 5.28k| ranges::assert_equal_byte_lengths(out, in); 162| 5.28k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 5.28k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 5.28k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 5.28k, False: 0] ------------------ 165| 5.28k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 5.28k| } 167| 5.28k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm8EEETkNS1_16contiguous_rangeENS2_5arrayImLm8EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeENS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIST_EEEvOSB_RKSL_: 160| 3.24k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 3.24k| ranges::assert_equal_byte_lengths(out, in); 162| 3.24k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 3.24k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 3.24k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 3.24k, False: 0] ------------------ 165| 3.24k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 3.24k| } 167| 3.24k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeENSt3__14spanImLm9EEETkNS1_16contiguous_rangeENS2_5arrayImLm9EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeENS7_IXsr21__is_primary_templateINS8_Iu14__remove_cvrefIDTclL_ZNSA_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSG_ISO_EESP_E4type10value_typeEEsr3stdE23is_trivially_copyable_vIST_EEEvOSB_RKSL_: 160| 1.10k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 1.10k| ranges::assert_equal_byte_lengths(out, in); 162| 1.10k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 1.10k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 1.10k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 1.10k, False: 0] ------------------ 165| 1.10k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 1.10k| } 167| 1.10k|} _ZN5Botan8copy_memITkNS_6ranges23contiguous_output_rangeERNSt3__14spanIhLm66EEETkNS1_16contiguous_rangeENS3_IKhLm66EEEQaasr3stdE9is_same_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeENS8_IXsr21__is_primary_templateINS9_Iu14__remove_cvrefIDTclL_ZNSB_5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENSH_ISP_EESQ_E4type10value_typeEEsr3stdE23is_trivially_copyable_vISU_EEEvOSC_RKSM_: 160| 3.54k|inline constexpr void copy_mem(OutR&& out /* NOLINT(*-std-forward) */, const InR& in) { 161| 3.54k| ranges::assert_equal_byte_lengths(out, in); 162| 3.54k| if(std::is_constant_evaluated()) { ------------------ | Branch (162:7): [Folded, False: 3.54k] ------------------ 163| 0| std::copy(std::ranges::begin(in), std::ranges::end(in), std::ranges::begin(out)); 164| 3.54k| } else if(ranges::size_bytes(out) > 0) { ------------------ | Branch (164:14): [True: 3.54k, False: 0] ------------------ 165| 3.54k| std::memmove(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 166| 3.54k| } 167| 3.54k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERNSt3__15arrayImLm7EEETkNS1_16contiguous_rangeENS2_4spanIKhLm56EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISG_EESH_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS9_IXsr21__is_primary_templateINSA_Iu14__remove_cvrefIDTclL_ZNSC_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSI_ISQ_EESR_E4type10value_typeEEEEvOSN_RKSD_: 176| 24|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 24| ranges::assert_equal_byte_lengths(out, in); 178| 24| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 24|} _ZN5Botan9clear_memITkNS_6ranges23contiguous_output_rangeERNSt3__15arrayImLm7EEEEEvOT_Qsr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRS6_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISE_EESF_E4type10value_typeEE: 132| 96.8k|{ 133| 96.8k| clear_bytes(std::ranges::data(mem), ranges::size_bytes(mem)); 134| 96.8k|} _ZN5Botan13typecast_copyITkNS_6ranges23contiguous_output_rangeERNSt3__14spanIhLm56EEETkNS1_16contiguous_rangeENS2_5arrayImLm7EEEQaasr3stdE23is_trivially_copyable_vINS2_11conditionalIXsr21__is_primary_templateINS2_15iterator_traitsIu14__remove_cvrefIDTclL_ZNS2_6ranges5__cpo5beginEEclsr3stdE7declvalIRT0_EEEEEEEEE5valueENS2_26indirectly_readable_traitsISF_EESG_E4type10value_typeEEsr3stdE23is_trivially_copyable_vINS8_IXsr21__is_primary_templateINS9_Iu14__remove_cvrefIDTclL_ZNSB_5beginEEclsr3stdE7declvalIRT_EEEEEEEEE5valueENSH_ISP_EESQ_E4type10value_typeEEEEvOSM_RKSC_: 176| 12|inline constexpr void typecast_copy(ToR&& out /* NOLINT(*-std-forward) */, const FromR& in) { 177| 12| ranges::assert_equal_byte_lengths(out, in); 178| 12| std::memcpy(std::ranges::data(out), std::ranges::data(in), ranges::size_bytes(out)); 179| 12|} _ZN5Botan7xor_bufINSt3__19allocatorIhEEEEvRNS1_6vectorIhT_EEPKhm: 429| 87|void xor_buf(std::vector& out, const uint8_t* in, size_t n) { 430| 87| BOTAN_ARG_CHECK(out.size() >= n, "output vector is too small"); ------------------ | | 35| 87| do { \ | | 36| 87| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 87| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 87] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 87| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 87] | | ------------------ ------------------ 431| | // simply assumes that *in points to "n" allocated bytes at least 432| 87| xor_buf(std::span{out}.first(n), std::span{in, n}); 433| 87|} _ZN5Botan14Asymmetric_KeyD2Ev: 62| 11.9k| virtual ~Asymmetric_Key() = default; _ZN5Botan6PK_Ops13Key_AgreementD2Ev: 147| 1.80k| virtual ~Key_Agreement() = default; _ZN5Botan15Key_ConstraintsC2Ev: 164| 7.11k| Key_Constraints() : m_value(0) {} _ZNK5Botan7X509_DN8get_bitsEv: 87| 14.0k| const std::vector& get_bits() const { return m_dn_bits; } _ZNK5Botan7X509_DN4rdnsEv: 107| 14.0k| const std::vector>>& rdns() const { return m_rdn; } _ZN5Botan10Extensions15Extensions_InfoC2EbRKNSt3__16vectorIhNS2_9allocatorIhEEEENS2_10unique_ptrINS_21Certificate_ExtensionENS2_14default_deleteISA_EEEE: 885| 28.1k| m_obj(std::move(ext)), m_bits(encoding), m_critical(critical) {} _ZN5Botan10ExtensionsC2Ev: 861| 7.11k| Extensions() = default; _ZN5Botan10ExtensionsD2Ev: 869| 7.11k| ~Extensions() override = default; _ZN5Botan7X509_DNC2Ev: 48| 14.6k| X509_DN() = default; _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension16Authority_Key_IDEEEPKT_RKNS_3OIDE: 727| 7.04k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 728| 7.04k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (728:42): [True: 7.04k, False: 0] ------------------ 729| | // Unknown_Extension oid_name is empty 730| 7.04k| if(extn->oid_name().empty()) { ------------------ | Branch (730:16): [True: 0, False: 7.04k] ------------------ 731| 0| return nullptr; 732| 7.04k| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (732:32): [True: 7.04k, False: 0] ------------------ 733| 7.04k| return extn_as_T; 734| 7.04k| } else { 735| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 736| 0| } 737| 7.04k| } 738| | 739| 0| return nullptr; 740| 7.04k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension23CRL_Distribution_PointsEEEPKT_RKNS_3OIDE: 727| 7.04k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 728| 7.04k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (728:42): [True: 0, False: 7.04k] ------------------ 729| | // Unknown_Extension oid_name is empty 730| 0| if(extn->oid_name().empty()) { ------------------ | Branch (730:16): [True: 0, False: 0] ------------------ 731| 0| return nullptr; 732| 0| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (732:32): [True: 0, False: 0] ------------------ 733| 0| return extn_as_T; 734| 0| } else { 735| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 736| 0| } 737| 0| } 738| | 739| 7.04k| return nullptr; 740| 7.04k| } _ZN5Botan15NameConstraintsC2Ev: 608| 7.11k| NameConstraints() = default; _ZN5Botan21Certificate_ExtensionD2Ev: 701| 28.1k| virtual ~Certificate_Extension() = default; _ZN5Botan15AlternativeNameC2Ev: 201| 21.2k| AlternativeName() = default; _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension17Basic_ConstraintsEEEPKT_RKNS_3OIDE: 727| 7.04k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 728| 7.04k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (728:42): [True: 7.04k, False: 0] ------------------ 729| | // Unknown_Extension oid_name is empty 730| 7.04k| if(extn->oid_name().empty()) { ------------------ | Branch (730:16): [True: 0, False: 7.04k] ------------------ 731| 0| return nullptr; 732| 7.04k| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (732:32): [True: 7.04k, False: 0] ------------------ 733| 7.04k| return extn_as_T; 734| 7.04k| } else { 735| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 736| 0| } 737| 7.04k| } 738| | 739| 0| return nullptr; 740| 7.04k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension28Authority_Information_AccessEEEPKT_RKNS_3OIDE: 727| 7.04k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 728| 7.04k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (728:42): [True: 0, False: 7.04k] ------------------ 729| | // Unknown_Extension oid_name is empty 730| 0| if(extn->oid_name().empty()) { ------------------ | Branch (730:16): [True: 0, False: 0] ------------------ 731| 0| return nullptr; 732| 0| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (732:32): [True: 0, False: 0] ------------------ 733| 0| return extn_as_T; 734| 0| } else { 735| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 736| 0| } 737| 0| } 738| | 739| 7.04k| return nullptr; 740| 7.04k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension9Key_UsageEEEPKT_RKNS_3OIDE: 727| 7.04k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 728| 7.04k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (728:42): [True: 0, False: 7.04k] ------------------ 729| | // Unknown_Extension oid_name is empty 730| 0| if(extn->oid_name().empty()) { ------------------ | Branch (730:16): [True: 0, False: 0] ------------------ 731| 0| return nullptr; 732| 0| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (732:32): [True: 0, False: 0] ------------------ 733| 0| return extn_as_T; 734| 0| } else { 735| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 736| 0| } 737| 0| } 738| | 739| 7.04k| return nullptr; 740| 7.04k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension14Subject_Key_IDEEEPKT_RKNS_3OIDE: 727| 7.04k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 728| 7.04k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (728:42): [True: 7.04k, False: 0] ------------------ 729| | // Unknown_Extension oid_name is empty 730| 7.04k| if(extn->oid_name().empty()) { ------------------ | Branch (730:16): [True: 0, False: 7.04k] ------------------ 731| 0| return nullptr; 732| 7.04k| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (732:32): [True: 7.04k, False: 0] ------------------ 733| 7.04k| return extn_as_T; 734| 7.04k| } else { 735| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 736| 0| } 737| 7.04k| } 738| | 739| 0| return nullptr; 740| 7.04k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension16Name_ConstraintsEEEPKT_RKNS_3OIDE: 727| 7.04k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 728| 7.04k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (728:42): [True: 0, False: 7.04k] ------------------ 729| | // Unknown_Extension oid_name is empty 730| 0| if(extn->oid_name().empty()) { ------------------ | Branch (730:16): [True: 0, False: 0] ------------------ 731| 0| return nullptr; 732| 0| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (732:32): [True: 0, False: 0] ------------------ 733| 0| return extn_as_T; 734| 0| } else { 735| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 736| 0| } 737| 0| } 738| | 739| 7.04k| return nullptr; 740| 7.04k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension18Extended_Key_UsageEEEPKT_RKNS_3OIDE: 727| 7.04k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 728| 7.04k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (728:42): [True: 0, False: 7.04k] ------------------ 729| | // Unknown_Extension oid_name is empty 730| 0| if(extn->oid_name().empty()) { ------------------ | Branch (730:16): [True: 0, False: 0] ------------------ 731| 0| return nullptr; 732| 0| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (732:32): [True: 0, False: 0] ------------------ 733| 0| return extn_as_T; 734| 0| } else { 735| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 736| 0| } 737| 0| } 738| | 739| 7.04k| return nullptr; 740| 7.04k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension23Issuer_Alternative_NameEEEPKT_RKNS_3OIDE: 727| 7.04k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 728| 7.04k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (728:42): [True: 0, False: 7.04k] ------------------ 729| | // Unknown_Extension oid_name is empty 730| 0| if(extn->oid_name().empty()) { ------------------ | Branch (730:16): [True: 0, False: 0] ------------------ 731| 0| return nullptr; 732| 0| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (732:32): [True: 0, False: 0] ------------------ 733| 0| return extn_as_T; 734| 0| } else { 735| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 736| 0| } 737| 0| } 738| | 739| 7.04k| return nullptr; 740| 7.04k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension24Subject_Alternative_NameEEEPKT_RKNS_3OIDE: 727| 7.04k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 728| 7.04k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (728:42): [True: 7.04k, False: 0] ------------------ 729| | // Unknown_Extension oid_name is empty 730| 7.04k| if(extn->oid_name().empty()) { ------------------ | Branch (730:16): [True: 0, False: 7.04k] ------------------ 731| 0| return nullptr; 732| 7.04k| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (732:32): [True: 7.04k, False: 0] ------------------ 733| 7.04k| return extn_as_T; 734| 7.04k| } else { 735| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 736| 0| } 737| 7.04k| } 738| | 739| 0| return nullptr; 740| 7.04k| } _ZNK5Botan10Extensions23get_extension_object_asINS_14Cert_Extension20Certificate_PoliciesEEEPKT_RKNS_3OIDE: 727| 7.04k| const T* get_extension_object_as(const OID& oid = T::static_oid()) const { 728| 7.04k| if(const Certificate_Extension* extn = get_extension_object(oid)) { ------------------ | Branch (728:42): [True: 0, False: 7.04k] ------------------ 729| | // Unknown_Extension oid_name is empty 730| 0| if(extn->oid_name().empty()) { ------------------ | Branch (730:16): [True: 0, False: 0] ------------------ 731| 0| return nullptr; 732| 0| } else if(const T* extn_as_T = dynamic_cast(extn)) { ------------------ | Branch (732:32): [True: 0, False: 0] ------------------ 733| 0| return extn_as_T; 734| 0| } else { 735| 0| throw Decoding_Error("Exception::get_extension_object_as dynamic_cast failed"); 736| 0| } 737| 0| } 738| | 739| 7.04k| return nullptr; 740| 7.04k| } _ZN5Botan6ranges24assert_exact_byte_lengthILm32ETkNS0_14spanable_rangeENSt3__14spanIhLm32EEEEEvRKT0_: 77| 13.6k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 13.6k| const std::span s{r}; 79| 13.6k| if constexpr(statically_spanable_range) { 80| 13.6k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 13.6k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayImLm4EEETpTkNS0_14spanable_rangeEJNS2_4spanIhLm32EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 13.6k|{ 101| 13.6k| const std::span s0{r0}; 102| | 103| 13.6k| if constexpr(statically_spanable_range) { 104| 13.6k| constexpr size_t expected_size = s0.size_bytes(); 105| 13.6k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 13.6k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__15arrayImLm4EEEEEmRKT_: 59| 28.0k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 28.0k| return std::span{r}.size_bytes(); 61| 28.0k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm32ETkNS0_14spanable_rangeENSt3__14spanIKhLm32EEEEEvRKT0_: 77| 14.4k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 14.4k| const std::span s{r}; 79| 14.4k| if constexpr(statically_spanable_range) { 80| 14.4k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 14.4k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayImLm4EEETpTkNS0_14spanable_rangeEJNS2_4spanIKhLm32EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 14.4k|{ 101| 14.4k| const std::span s0{r0}; 102| | 103| 14.4k| if constexpr(statically_spanable_range) { 104| 14.4k| constexpr size_t expected_size = s0.size_bytes(); 105| 14.4k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 14.4k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm32ETkNS0_14spanable_rangeENSt3__15arrayImLm4EEEEEvRKT0_: 77| 64.7k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 64.7k| const std::span s{r}; 79| 64.7k| if constexpr(statically_spanable_range) { 80| 64.7k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 64.7k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm32EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm4EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 47.2k|{ 101| 47.2k| const std::span s0{r0}; 102| | 103| 47.2k| if constexpr(statically_spanable_range) { 104| 47.2k| constexpr size_t expected_size = s0.size_bytes(); 105| 47.2k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 47.2k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm32EEEEEmRKT_: 59| 14.0k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 14.0k| return std::span{r}.size_bytes(); 61| 14.0k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEETpTkNS0_14spanable_rangeEJNS3_IKhLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 40.7k|{ 101| 40.7k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 40.7k| } else { 107| 40.7k| const size_t expected_size = s0.size_bytes(); 108| 40.7k| const bool correct_size = 109| 40.7k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 40.7k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 40.7k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 40.7k| } 115| 40.7k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEETpTkNS0_14spanable_rangeEJNS3_IKhLm18446744073709551615EEES6_EEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 1.72k|{ 101| 1.72k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 1.72k| } else { 107| 1.72k| const size_t expected_size = s0.size_bytes(); 108| 1.72k| const bool correct_size = 109| 3.45k| ((std::span>{rs}.size_bytes() == expected_size) && ...); ------------------ | Branch (109:11): [True: 1.72k, False: 0] | Branch (109:11): [True: 1.72k, False: 0] ------------------ 110| | 111| 1.72k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 1.72k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 1.72k| } 115| 1.72k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm8ETkNS0_14spanable_rangeENSt3__14spanIhLm8EEEEEvRKT0_: 77| 849k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 849k| const std::span s{r}; 79| 849k| if constexpr(statically_spanable_range) { 80| 849k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 849k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm8EEETpTkNS0_14spanable_rangeEJNS3_IKmLm1EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 487k|{ 101| 487k| const std::span s0{r0}; 102| | 103| 487k| if constexpr(statically_spanable_range) { 104| 487k| constexpr size_t expected_size = s0.size_bytes(); 105| 487k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 487k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm8ETkNS0_14spanable_rangeENSt3__14spanIKmLm1EEEEEvRKT0_: 77| 487k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 487k| const std::span s{r}; 79| 487k| if constexpr(statically_spanable_range) { 80| 487k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 487k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm8EEEEEmRKT_: 59| 487k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 487k| return std::span{r}.size_bytes(); 61| 487k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm8ETkNS0_14spanable_rangeENSt3__14spanIKhLm8EEEEEvRKT0_: 77| 937k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 937k| const std::span s{r}; 79| 937k| if constexpr(statically_spanable_range) { 80| 937k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 937k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm1EEETpTkNS0_14spanable_rangeEJNS3_IKhLm8EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 468k|{ 101| 468k| const std::span s0{r0}; 102| | 103| 468k| if constexpr(statically_spanable_range) { 104| 468k| constexpr size_t expected_size = s0.size_bytes(); 105| 468k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 468k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm1EEEEEmRKT_: 59| 498k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 498k| return std::span{r}.size_bytes(); 61| 498k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm2ETkNS0_14spanable_rangeENSt3__14spanIKhLm2EEEEEvRKT0_: 77| 105k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 105k| const std::span s{r}; 79| 105k| if constexpr(statically_spanable_range) { 80| 105k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 105k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanItLm1EEETpTkNS0_14spanable_rangeEJNS3_IKhLm2EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 52.6k|{ 101| 52.6k| const std::span s0{r0}; 102| | 103| 52.6k| if constexpr(statically_spanable_range) { 104| 52.6k| constexpr size_t expected_size = s0.size_bytes(); 105| 52.6k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 52.6k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanItLm1EEEEEmRKT_: 59| 52.6k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 52.6k| return std::span{r}.size_bytes(); 61| 52.6k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm4ETkNS0_14spanable_rangeENSt3__14spanIKhLm4EEEEEvRKT0_: 77| 1.00k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 1.00k| const std::span s{r}; 79| 1.00k| if constexpr(statically_spanable_range) { 80| 1.00k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 1.00k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIjLm1EEETpTkNS0_14spanable_rangeEJNS3_IKhLm4EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 502|{ 101| 502| const std::span s0{r0}; 102| | 103| 502| if constexpr(statically_spanable_range) { 104| 502| constexpr size_t expected_size = s0.size_bytes(); 105| 502| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 502|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIjLm1EEEEEmRKT_: 59| 502|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 502| return std::span{r}.size_bytes(); 61| 502|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__16vectorIhNS2_9allocatorIhEEEEEEmRKT_: 59| 1.26M|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 1.26M| return std::span{r}.size_bytes(); 61| 1.26M|} _ZN5Botan6ranges24assert_exact_byte_lengthILm2ETkNS0_14spanable_rangeENSt3__14spanIhLm2EEEEEvRKT0_: 77| 8|inline constexpr void assert_exact_byte_length(const R& r) { 78| 8| const std::span s{r}; 79| 8| if constexpr(statically_spanable_range) { 80| 8| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 8|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm2EEETpTkNS0_14spanable_rangeEJNS3_IKtLm1EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 8|{ 101| 8| const std::span s0{r0}; 102| | 103| 8| if constexpr(statically_spanable_range) { 104| 8| constexpr size_t expected_size = s0.size_bytes(); 105| 8| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 8|} _ZN5Botan6ranges24assert_exact_byte_lengthILm2ETkNS0_14spanable_rangeENSt3__14spanIKtLm1EEEEEvRKT0_: 77| 8|inline constexpr void assert_exact_byte_length(const R& r) { 78| 8| const std::span s{r}; 79| 8| if constexpr(statically_spanable_range) { 80| 8| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 8|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm2EEEEEmRKT_: 59| 8|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 8| return std::span{r}.size_bytes(); 61| 8|} _ZN5Botan6ranges24assert_exact_byte_lengthILm4ETkNS0_14spanable_rangeENSt3__14spanIhLm4EEEEEvRKT0_: 77| 1.70M|inline constexpr void assert_exact_byte_length(const R& r) { 78| 1.70M| const std::span s{r}; 79| 1.70M| if constexpr(statically_spanable_range) { 80| 1.70M| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 1.70M|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm4EEETpTkNS0_14spanable_rangeEJNS3_IKjLm1EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 859k|{ 101| 859k| const std::span s0{r0}; 102| | 103| 859k| if constexpr(statically_spanable_range) { 104| 859k| constexpr size_t expected_size = s0.size_bytes(); 105| 859k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 859k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm4ETkNS0_14spanable_rangeENSt3__14spanIKjLm1EEEEEvRKT0_: 77| 859k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 859k| const std::span s{r}; 79| 859k| if constexpr(statically_spanable_range) { 80| 859k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 859k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm4EEEEEmRKT_: 59| 859k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 859k| return std::span{r}.size_bytes(); 61| 859k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm16ETkNS0_14spanable_rangeENSt3__14spanIKhLm16EEEEEvRKT0_: 77| 93|inline constexpr void assert_exact_byte_length(const R& r) { 78| 93| const std::span s{r}; 79| 93| if constexpr(statically_spanable_range) { 80| 93| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 93|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm18446744073709551615EEETpTkNS0_14spanable_rangeEJNS3_IKhLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 10.9k|{ 101| 10.9k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 10.9k| } else { 107| 10.9k| const size_t expected_size = s0.size_bytes(); 108| 10.9k| const bool correct_size = 109| 10.9k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 10.9k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 10.9k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 10.9k| } 115| 10.9k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIjLm18446744073709551615EEETpTkNS0_14spanable_rangeEJNS3_IKhLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 4|{ 101| 4| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 4| } else { 107| 4| const size_t expected_size = s0.size_bytes(); 108| 4| const bool correct_size = 109| 4| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 4| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 4] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 4| } 115| 4|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEETpTkNS0_14spanable_rangeEJNS3_IKjLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 116k|{ 101| 116k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 116k| } else { 107| 116k| const size_t expected_size = s0.size_bytes(); 108| 116k| const bool correct_size = 109| 116k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 116k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 116k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 116k| } 115| 116k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEEEEmRKT_: 59| 79.0k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 79.0k| return std::span{r}.size_bytes(); 61| 79.0k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEETpTkNS0_14spanable_rangeEJNS3_IKmLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 6.57k|{ 101| 6.57k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 6.57k| } else { 107| 6.57k| const size_t expected_size = s0.size_bytes(); 108| 6.57k| const bool correct_size = 109| 6.57k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 6.57k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 6.57k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 6.57k| } 115| 6.57k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm18446744073709551615EEEEEmRKT_: 59| 4.92k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 4.92k| return std::span{r}.size_bytes(); 61| 4.92k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEETpTkNS0_14spanable_rangeEJS4_EEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 7.61k|{ 101| 7.61k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 7.61k| } else { 107| 7.61k| const size_t expected_size = s0.size_bytes(); 108| 7.61k| const bool correct_size = 109| 7.61k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 7.61k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 7.61k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 7.61k| } 115| 7.61k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm8ETkNS0_14spanable_rangeENSt3__15arrayIhLm8EEEEEvRKT0_: 77| 29.9k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 29.9k| const std::span s{r}; 79| 29.9k| if constexpr(statically_spanable_range) { 80| 29.9k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 29.9k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm1EEETpTkNS0_14spanable_rangeEJNS3_IhLm8EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 29.9k|{ 101| 29.9k| const std::span s0{r0}; 102| | 103| 29.9k| if constexpr(statically_spanable_range) { 104| 29.9k| constexpr size_t expected_size = s0.size_bytes(); 105| 29.9k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 29.9k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayImLm2EEETpTkNS0_14spanable_rangeEJNS2_4spanIKhLm16EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 93|{ 101| 93| const std::span s0{r0}; 102| | 103| 93| if constexpr(statically_spanable_range) { 104| 93| constexpr size_t expected_size = s0.size_bytes(); 105| 93| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 93|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__15arrayIhLm16EEEEEmRKT_: 59| 627|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 627| return std::span{r}.size_bytes(); 61| 627|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEETpTkNS0_14spanable_rangeEJNS2_6vectorIhNS_16secure_allocatorIhEEEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 5.22k|{ 101| 5.22k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 5.22k| } else { 107| 5.22k| const size_t expected_size = s0.size_bytes(); 108| 5.22k| const bool correct_size = 109| 5.22k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 5.22k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 5.22k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 5.22k| } 115| 5.22k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayIhLm56EEETpTkNS0_14spanable_rangeEJNS2_4spanIKhLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 2|{ 101| 2| const std::span s0{r0}; 102| | 103| 2| if constexpr(statically_spanable_range) { 104| 2| constexpr size_t expected_size = s0.size_bytes(); 105| 2| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 2|} _ZN5Botan6ranges24assert_exact_byte_lengthILm56ETkNS0_14spanable_rangeENSt3__14spanIKhLm18446744073709551615EEEEEvRKT0_: 77| 2|inline constexpr void assert_exact_byte_length(const R& r) { 78| 2| const std::span s{r}; 79| | if constexpr(statically_spanable_range) { 80| | static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| 2| } else { 82| 2| if(s.size_bytes() != expected) { ------------------ | Branch (82:10): [True: 0, False: 2] ------------------ 83| 0| memory_region_size_violation(); 84| 0| } 85| 2| } 86| 2|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__15arrayIhLm56EEEEEmRKT_: 59| 4|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 4| return std::span{r}.size_bytes(); 61| 4|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm56EEETpTkNS0_14spanable_rangeEJNS2_6vectorIhNS_16secure_allocatorIhEEEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 10|{ 101| 10| const std::span s0{r0}; 102| | 103| 10| if constexpr(statically_spanable_range) { 104| 10| constexpr size_t expected_size = s0.size_bytes(); 105| 10| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 10|} _ZN5Botan6ranges24assert_exact_byte_lengthILm56ETkNS0_14spanable_rangeENSt3__16vectorIhNS_16secure_allocatorIhEEEEEEvRKT0_: 77| 10|inline constexpr void assert_exact_byte_length(const R& r) { 78| 10| const std::span s{r}; 79| | if constexpr(statically_spanable_range) { 80| | static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| 10| } else { 82| 10| if(s.size_bytes() != expected) { ------------------ | Branch (82:10): [True: 0, False: 10] ------------------ 83| 0| memory_region_size_violation(); 84| 0| } 85| 10| } 86| 10|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm56EEEEEmRKT_: 59| 32|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 32| return std::span{r}.size_bytes(); 61| 32|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENS_6StrongINSt3__15arrayIhLm56EEENS_9Point448_EJEEETpTkNS0_14spanable_rangeEJNS3_4spanIKhLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 2|{ 101| 2| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 2| } else { 107| 2| const size_t expected_size = s0.size_bytes(); 108| 2| const bool correct_size = 109| 2| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 2| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 2] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 2| } 115| 2|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENS_6StrongINSt3__15arrayIhLm56EEENS_9Point448_EJEEEEEmRKT_: 59| 2|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 2| return std::span{r}.size_bytes(); 61| 2|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENS_6StrongINSt3__15arrayIhLm56EEENS_11ScalarX448_EJEEETpTkNS0_14spanable_rangeEJNS3_4spanIKhLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 12|{ 101| 12| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 12| } else { 107| 12| const size_t expected_size = s0.size_bytes(); 108| 12| const bool correct_size = 109| 12| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 12| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 12] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 12| } 115| 12|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENS_6StrongINSt3__15arrayIhLm56EEENS_11ScalarX448_EJEEEEEmRKT_: 59| 12|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 12| return std::span{r}.size_bytes(); 61| 12|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__15arrayImLm7EEEEEmRKT_: 59| 96.8k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 96.8k| return std::span{r}.size_bytes(); 61| 96.8k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayIhLm16EEETpTkNS0_14spanable_rangeEJNS3_ImLm2EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 89|{ 101| 89| const std::span s0{r0}; 102| | 103| 89| if constexpr(statically_spanable_range) { 104| 89| constexpr size_t expected_size = s0.size_bytes(); 105| 89| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 89|} _ZN5Botan6ranges24assert_exact_byte_lengthILm16ETkNS0_14spanable_rangeENSt3__15arrayImLm2EEEEEvRKT0_: 77| 89|inline constexpr void assert_exact_byte_length(const R& r) { 78| 89| const std::span s{r}; 79| 89| if constexpr(statically_spanable_range) { 80| 89| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 89|} _ZN5Botan6ranges24assert_exact_byte_lengthILm16ETkNS0_14spanable_rangeENSt3__15arrayIhLm16EEEEEvRKT0_: 77| 89|inline constexpr void assert_exact_byte_length(const R& r) { 78| 89| const std::span s{r}; 79| 89| if constexpr(statically_spanable_range) { 80| 89| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 89|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIjLm18446744073709551615EEEEEmRKT_: 59| 2|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 2| return std::span{r}.size_bytes(); 61| 2|} _ZN5Botan6ranges24assert_exact_byte_lengthILm8ETkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEEEEvRKT0_: 77| 3.22k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 3.22k| const std::span s{r}; 79| | if constexpr(statically_spanable_range) { 80| | static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| 3.22k| } else { 82| 3.22k| if(s.size_bytes() != expected) { ------------------ | Branch (82:10): [True: 0, False: 3.22k] ------------------ 83| 0| memory_region_size_violation(); 84| 0| } 85| 3.22k| } 86| 3.22k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEETpTkNS0_14spanable_rangeEJNS3_IKmLm1EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 3.22k|{ 101| 3.22k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 3.22k| } else { 107| 3.22k| const size_t expected_size = s0.size_bytes(); 108| 3.22k| const bool correct_size = 109| 3.22k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 3.22k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 3.22k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 3.22k| } 115| 3.22k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm1ETkNS0_14spanable_rangeENSt3__14spanIKhLm1EEEEEvRKT0_: 77| 2.10M|inline constexpr void assert_exact_byte_length(const R& r) { 78| 2.10M| const std::span s{r}; 79| 2.10M| if constexpr(statically_spanable_range) { 80| 2.10M| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 2.10M|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayIhLm16EEETpTkNS0_14spanable_rangeEJNS2_4spanIKhLm18446744073709551615EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 89|{ 101| 89| const std::span s0{r0}; 102| | 103| 89| if constexpr(statically_spanable_range) { 104| 89| constexpr size_t expected_size = s0.size_bytes(); 105| 89| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 89|} _ZN5Botan6ranges24assert_exact_byte_lengthILm16ETkNS0_14spanable_rangeENSt3__14spanIKhLm18446744073709551615EEEEEvRKT0_: 77| 89|inline constexpr void assert_exact_byte_length(const R& r) { 78| 89| const std::span s{r}; 79| | if constexpr(statically_spanable_range) { 80| | static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| 89| } else { 82| 89| if(s.size_bytes() != expected) { ------------------ | Branch (82:10): [True: 0, False: 89] ------------------ 83| 0| memory_region_size_violation(); 84| 0| } 85| 89| } 86| 89|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayIhLm16EEETpTkNS0_14spanable_rangeEJS4_EEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 89|{ 101| 89| const std::span s0{r0}; 102| | 103| 89| if constexpr(statically_spanable_range) { 104| 89| constexpr size_t expected_size = s0.size_bytes(); 105| 89| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 89|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm18446744073709551615EEETpTkNS0_14spanable_rangeEJS4_S4_EEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 89|{ 101| 89| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 89| } else { 107| 89| const size_t expected_size = s0.size_bytes(); 108| 89| const bool correct_size = 109| 178| ((std::span>{rs}.size_bytes() == expected_size) && ...); ------------------ | Branch (109:11): [True: 89, False: 0] | Branch (109:11): [True: 89, False: 0] ------------------ 110| | 111| 89| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 89] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 89| } 115| 89|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm4EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm4EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 17.4k|{ 101| 17.4k| const std::span s0{r0}; 102| | 103| 17.4k| if constexpr(statically_spanable_range) { 104| 17.4k| constexpr size_t expected_size = s0.size_bytes(); 105| 17.4k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 17.4k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm4EEEEEmRKT_: 59| 34.9k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 34.9k| return std::span{r}.size_bytes(); 61| 34.9k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__16vectorIhNS2_9allocatorIhEEEETpTkNS0_14spanable_rangeEJA8_mEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 2.18k|{ 101| 2.18k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 2.18k| } else { 107| 2.18k| const size_t expected_size = s0.size_bytes(); 108| 2.18k| const bool correct_size = 109| 2.18k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 2.18k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 2.18k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 2.18k| } 115| 2.18k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm6EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm6EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 5.28k|{ 101| 5.28k| const std::span s0{r0}; 102| | 103| 5.28k| if constexpr(statically_spanable_range) { 104| 5.28k| constexpr size_t expected_size = s0.size_bytes(); 105| 5.28k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 5.28k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm48ETkNS0_14spanable_rangeENSt3__15arrayImLm6EEEEEvRKT0_: 77| 12.5k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 12.5k| const std::span s{r}; 79| 12.5k| if constexpr(statically_spanable_range) { 80| 12.5k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 12.5k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm6EEEEEmRKT_: 59| 10.5k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 10.5k| return std::span{r}.size_bytes(); 61| 10.5k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__16vectorIhNS2_9allocatorIhEEEETpTkNS0_14spanable_rangeEJA12_mEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 1.46k|{ 101| 1.46k| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 1.46k| } else { 107| 1.46k| const size_t expected_size = s0.size_bytes(); 108| 1.46k| const bool correct_size = 109| 1.46k| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 1.46k| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 1.46k] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 1.46k| } 115| 1.46k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm48EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm6EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 7.28k|{ 101| 7.28k| const std::span s0{r0}; 102| | 103| 7.28k| if constexpr(statically_spanable_range) { 104| 7.28k| constexpr size_t expected_size = s0.size_bytes(); 105| 7.28k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 7.28k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm8EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm8EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 3.24k|{ 101| 3.24k| const std::span s0{r0}; 102| | 103| 3.24k| if constexpr(statically_spanable_range) { 104| 3.24k| constexpr size_t expected_size = s0.size_bytes(); 105| 3.24k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 3.24k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm64ETkNS0_14spanable_rangeENSt3__15arrayImLm8EEEEEvRKT0_: 77| 5.78k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 5.78k| const std::span s{r}; 79| 5.78k| if constexpr(statically_spanable_range) { 80| 5.78k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 5.78k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm8EEEEEmRKT_: 59| 6.48k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 6.48k| return std::span{r}.size_bytes(); 61| 6.48k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__16vectorIhNS2_9allocatorIhEEEETpTkNS0_14spanable_rangeEJA16_mEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 549|{ 101| 549| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 549| } else { 107| 549| const size_t expected_size = s0.size_bytes(); 108| 549| const bool correct_size = 109| 549| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 549| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 549] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 549| } 115| 549|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm64EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm8EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 2.54k|{ 101| 2.54k| const std::span s0{r0}; 102| | 103| 2.54k| if constexpr(statically_spanable_range) { 104| 2.54k| constexpr size_t expected_size = s0.size_bytes(); 105| 2.54k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 2.54k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanImLm9EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm9EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 1.10k|{ 101| 1.10k| const std::span s0{r0}; 102| | 103| 1.10k| if constexpr(statically_spanable_range) { 104| 1.10k| constexpr size_t expected_size = s0.size_bytes(); 105| 1.10k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 1.10k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm72ETkNS0_14spanable_rangeENSt3__15arrayImLm9EEEEEvRKT0_: 77| 4.65k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 4.65k| const std::span s{r}; 79| 4.65k| if constexpr(statically_spanable_range) { 80| 4.65k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 4.65k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanImLm9EEEEEmRKT_: 59| 2.21k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 2.21k| return std::span{r}.size_bytes(); 61| 2.21k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayIhLm72EEETpTkNS0_14spanable_rangeEJNS3_ImLm9EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 3.54k|{ 101| 3.54k| const std::span s0{r0}; 102| | 103| 3.54k| if constexpr(statically_spanable_range) { 104| 3.54k| constexpr size_t expected_size = s0.size_bytes(); 105| 3.54k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 3.54k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__16vectorIhNS2_9allocatorIhEEEETpTkNS0_14spanable_rangeEJA18_mEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 680|{ 101| 680| const std::span s0{r0}; 102| | 103| | if constexpr(statically_spanable_range) { 104| | constexpr size_t expected_size = s0.size_bytes(); 105| | (assert_exact_byte_length(rs), ...); 106| 680| } else { 107| 680| const size_t expected_size = s0.size_bytes(); 108| 680| const bool correct_size = 109| 680| ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| 680| if(!correct_size) { ------------------ | Branch (111:10): [True: 0, False: 680] ------------------ 112| 0| memory_region_size_violation(); 113| 0| } 114| 680| } 115| 680|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm66EEETpTkNS0_14spanable_rangeEJNS3_IKhLm66EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 3.54k|{ 101| 3.54k| const std::span s0{r0}; 102| | 103| 3.54k| if constexpr(statically_spanable_range) { 104| 3.54k| constexpr size_t expected_size = s0.size_bytes(); 105| 3.54k| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 3.54k|} _ZN5Botan6ranges24assert_exact_byte_lengthILm66ETkNS0_14spanable_rangeENSt3__14spanIKhLm66EEEEEvRKT0_: 77| 3.54k|inline constexpr void assert_exact_byte_length(const R& r) { 78| 3.54k| const std::span s{r}; 79| 3.54k| if constexpr(statically_spanable_range) { 80| 3.54k| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 3.54k|} _ZN5Botan6ranges10size_bytesITkNS0_14spanable_rangeENSt3__14spanIhLm66EEEEEmRKT_: 59| 7.09k|inline constexpr size_t size_bytes(const spanable_range auto& r) { 60| 7.09k| return std::span{r}.size_bytes(); 61| 7.09k|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__15arrayImLm7EEETpTkNS0_14spanable_rangeEJNS2_4spanIKhLm56EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 48|{ 101| 48| const std::span s0{r0}; 102| | 103| 48| if constexpr(statically_spanable_range) { 104| 48| constexpr size_t expected_size = s0.size_bytes(); 105| 48| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 48|} _ZN5Botan6ranges24assert_exact_byte_lengthILm56ETkNS0_14spanable_rangeENSt3__14spanIKhLm56EEEEEvRKT0_: 77| 48|inline constexpr void assert_exact_byte_length(const R& r) { 78| 48| const std::span s{r}; 79| 48| if constexpr(statically_spanable_range) { 80| 48| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 48|} _ZN5Botan6ranges25assert_equal_byte_lengthsITkNS0_14spanable_rangeENSt3__14spanIhLm56EEETpTkNS0_14spanable_rangeEJNS2_5arrayImLm7EEEEEEvRKT_DpRKT0_QgtsZT0_Li0E: 100| 24|{ 101| 24| const std::span s0{r0}; 102| | 103| 24| if constexpr(statically_spanable_range) { 104| 24| constexpr size_t expected_size = s0.size_bytes(); 105| 24| (assert_exact_byte_length(rs), ...); 106| | } else { 107| | const size_t expected_size = s0.size_bytes(); 108| | const bool correct_size = 109| | ((std::span>{rs}.size_bytes() == expected_size) && ...); 110| | 111| | if(!correct_size) { 112| | memory_region_size_violation(); 113| | } 114| | } 115| 24|} _ZN5Botan6ranges24assert_exact_byte_lengthILm56ETkNS0_14spanable_rangeENSt3__15arrayImLm7EEEEEvRKT0_: 77| 24|inline constexpr void assert_exact_byte_length(const R& r) { 78| 24| const std::span s{r}; 79| 24| if constexpr(statically_spanable_range) { 80| 24| static_assert(s.size_bytes() == expected, "memory region does not have expected byte lengths"); 81| | } else { 82| | if(s.size_bytes() != expected) { 83| | memory_region_size_violation(); 84| | } 85| | } 86| 24|} _ZN5Botan21RandomNumberGeneratorD2Ev: 52| 7.04k| virtual ~RandomNumberGenerator() = default; _ZN5Botan21RandomNumberGenerator9randomizeENSt3__14spanIhLm18446744073709551615EEE: 75| 40.8k| void randomize(std::span output) { this->fill_bytes_with_input(output, {}); } _ZN5Botan21RandomNumberGenerator9randomizeEPhm: 77| 5.02k| void randomize(uint8_t output[], size_t length) { this->randomize(std::span(output, length)); } _ZN5Botan21RandomNumberGenerator11add_entropyENSt3__14spanIKhLm18446744073709551615EEE: 98| 1| void add_entropy(std::span input) { this->fill_bytes_with_input({}, input); } _ZN5Botan21RandomNumberGenerator10random_vecENSt3__14spanIhLm18446744073709551615EEE: 204| 6.48k| void random_vec(std::span v) { this->randomize(v); } _ZN5Botan21RandomNumberGeneratorC2Ev: 54| 7.04k| RandomNumberGenerator() = default; _ZN5Botan21RandomNumberGenerator10random_vecITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS3_9allocatorIhEEEEEEvRT_m: 215| 6.45k| void random_vec(T& v, size_t bytes) { 216| 6.45k| v.resize(bytes); 217| 6.45k| random_vec(v); 218| 6.45k| } _ZN5Botan21RandomNumberGenerator10random_vecITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEQsr3stdE21default_initializableIT_EEES8_m: 230| 26| T random_vec(size_t bytes) { 231| 26| T result; 232| 26| random_vec(result, bytes); 233| 26| return result; 234| 26| } _ZN5Botan21RandomNumberGenerator10random_vecITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEEEvRT_m: 215| 26| void random_vec(T& v, size_t bytes) { 216| 26| v.resize(bytes); 217| 26| random_vec(v); 218| 26| } _ZN5Botan21RandomNumberGenerator10random_vecITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS3_9allocatorIhEEEEQsr3stdE21default_initializableIT_EEES8_m: 230| 6.45k| T random_vec(size_t bytes) { 231| 6.45k| T result; 232| 6.45k| random_vec(result, bytes); 233| 6.45k| return result; 234| 6.45k| } _ZN5Botan16secure_allocatorIhE8allocateEm: 52| 477k| T* allocate(std::size_t n) { return static_cast(allocate_memory(n, sizeof(T))); } _ZN5Botan16secure_allocatorIhE10deallocateEPhm: 54| 477k| void deallocate(T* p, std::size_t n) { deallocate_memory(p, n, sizeof(T)); } _ZN5BotanneIhhEEbRKNS_16secure_allocatorIT_EERKNS1_IT0_EE: 63| 34.0k|inline bool operator!=(const secure_allocator& /*a*/, const secure_allocator& /*b*/) { 64| 34.0k| return false; 65| 34.0k|} _ZN5Botan16secure_allocatorIjE10deallocateEPjm: 54| 42.3k| void deallocate(T* p, std::size_t n) { deallocate_memory(p, n, sizeof(T)); } _ZN5Botan16secure_allocatorImE10deallocateEPmm: 54| 111k| void deallocate(T* p, std::size_t n) { deallocate_memory(p, n, sizeof(T)); } _ZN5Botan16secure_allocatorImE8allocateEm: 52| 111k| T* allocate(std::size_t n) { return static_cast(allocate_memory(n, sizeof(T))); } _ZN5Botan3zapIhNSt3__19allocatorIhEEEEvRNS1_6vectorIT_T0_EE: 157| 2.60k|void zap(std::vector& vec) { 158| 2.60k| zeroise(vec); 159| 2.60k| vec.clear(); 160| 2.60k| vec.shrink_to_fit(); 161| 2.60k|} _ZN5Botan7zeroiseIhNSt3__19allocatorIhEEEEvRNS1_6vectorIT_T0_EE: 137| 2.87k|void zeroise(std::vector& vec) { 138| 309k| for(size_t i = 0; i != vec.size(); ++i) { ------------------ | Branch (138:22): [True: 307k, False: 2.87k] ------------------ 139| 307k| vec[i] = static_cast(0); 140| 307k| } 141| 2.87k|} _ZN5BotanpLIhNSt3__19allocatorIhEES3_EERNS1_6vectorIT_T0_EES8_RKNS4_IS5_T1_EE: 92| 37.7k|std::vector& operator+=(std::vector& out, const std::vector& in) { 93| 37.7k| out.insert(out.end(), in.begin(), in.end()); 94| 37.7k| return out; 95| 37.7k|} _ZN5BotanpLIhNSt3__19allocatorIhEENS_16secure_allocatorIhEEEERNS1_6vectorIT_T0_EESA_RKNS6_IS7_T1_EE: 92| 1.72k|std::vector& operator+=(std::vector& out, const std::vector& in) { 93| 1.72k| out.insert(out.end(), in.begin(), in.end()); 94| 1.72k| return out; 95| 1.72k|} _ZN5BotanpLIhNS_16secure_allocatorIhEES2_EERNSt3__16vectorIT_T0_EES8_RKNS4_IS5_T1_EE: 92| 5|std::vector& operator+=(std::vector& out, const std::vector& in) { 93| 5| out.insert(out.end(), in.begin(), in.end()); 94| 5| return out; 95| 5|} _ZN5BotanpLIhNS_16secure_allocatorIhEEmEERNSt3__16vectorIT_T0_EES8_RKNS3_4pairIPKS5_T1_EE: 110| 230k|std::vector& operator+=(std::vector& out, const std::pair& in) { 111| 230k| out.insert(out.end(), in.first, in.first + in.second); 112| 230k| return out; 113| 230k|} _ZN5BotanpLIhNS_16secure_allocatorIhEENSt3__19allocatorIhEEEERNS3_6vectorIT_T0_EESA_RKNS6_IS7_T1_EE: 92| 147|std::vector& operator+=(std::vector& out, const std::vector& in) { 93| 147| out.insert(out.end(), in.begin(), in.end()); 94| 147| return out; 95| 147|} _ZN5Botan16secure_allocatorIjE8allocateEm: 52| 42.3k| T* allocate(std::size_t n) { return static_cast(allocate_memory(n, sizeof(T))); } _ZN5Botan3zapImNS_16secure_allocatorImEEEEvRNSt3__16vectorIT_T0_EE: 157| 93|void zap(std::vector& vec) { 158| 93| zeroise(vec); 159| 93| vec.clear(); 160| 93| vec.shrink_to_fit(); 161| 93|} _ZN5Botan7zeroiseImNS_16secure_allocatorImEEEEvRNSt3__16vectorIT_T0_EE: 137| 93|void zeroise(std::vector& vec) { 138| 93| for(size_t i = 0; i != vec.size(); ++i) { ------------------ | Branch (138:22): [True: 0, False: 93] ------------------ 139| 0| vec[i] = static_cast(0); 140| 0| } 141| 93|} _ZN5Botan7zeroiseIhNS_16secure_allocatorIhEEEEvRNSt3__16vectorIT_T0_EE: 137| 931|void zeroise(std::vector& vec) { 138| 140k| for(size_t i = 0; i != vec.size(); ++i) { ------------------ | Branch (138:22): [True: 139k, False: 931] ------------------ 139| 139k| vec[i] = static_cast(0); 140| 139k| } 141| 931|} _ZN5BotanpLIhNS_16secure_allocatorIhEEmEERNSt3__16vectorIT_T0_EES8_RKNS3_4pairIPS5_T1_EE: 116| 86|std::vector& operator+=(std::vector& out, const std::pair& in) { 117| 86| out.insert(out.end(), in.first, in.first + in.second); 118| 86| return out; 119| 86|} _ZN5Botan6unlockIhEENSt3__16vectorIT_NS1_9allocatorIS3_EEEERKNS2_IS3_NS_16secure_allocatorIS3_EEEE: 85| 258|std::vector unlock(const secure_vector& in) { 86| 258| return std::vector(in.begin(), in.end()); 87| 258|} _ZN5BotanpLIhNSt3__19allocatorIhEEmEERNS1_6vectorIT_T0_EES8_RKNS1_4pairIPKS5_T1_EE: 110| 258|std::vector& operator+=(std::vector& out, const std::pair& in) { 111| 258| out.insert(out.end(), in.first, in.first + in.second); 112| 258| return out; 113| 258|} _ZN5Botan12Stateful_RNGC2Ev: 58| 1| Stateful_RNG() : m_reseed_interval(0) {} _ZN5Botan12StreamCipher6cipherEPKhPhm: 59| 270| void cipher(const uint8_t in[], uint8_t out[], size_t len) { cipher_bytes(in, out, len); } _ZN5Botan12StreamCipher15write_keystreamENSt3__14spanIhLm18446744073709551615EEE: 86| 40.8k| void write_keystream(std::span out) { generate_keystream(out.data(), out.size()); } _ZN5Botan12StreamCipher8encipherENSt3__14spanIhLm18446744073709551615EEE: 122| 182| void encipher(std::span inout) { cipher(inout.data(), inout.data(), inout.size()); } _ZN5Botan12StreamCipher6set_ivEPKhm: 166| 184| void set_iv(const uint8_t iv[], size_t iv_len) { set_iv_bytes(iv, iv_len); } _ZN5Botan12StreamCipher6set_ivENSt3__14spanIKhLm18446744073709551615EEE: 173| 93| void set_iv(std::span iv) { set_iv_bytes(iv.data(), iv.size()); } _ZN5Botan12StreamCipher15keystream_bytesITkNS_8concepts21resizable_byte_bufferENSt3__16vectorIhNS_16secure_allocatorIhEEEEEET_m: 96| 1| T keystream_bytes(size_t bytes) { 97| 1| T out(bytes); 98| 1| write_keystream(out); 99| 1| return out; 100| 1| } _ZNKR5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEE3getEv: 87| 10.3k| constexpr const T& get() const& { return m_value; } _ZNK5Botan6detail29Container_Strong_Adapter_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEE4sizeEv: 141| 130| size_type size() const noexcept(noexcept(this->get().size())) { return this->get().size(); } _ZN5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEED2Ev: 81| 51.8k| ~Strong_Base() = default; _ZNK5Botan6detail29Container_Strong_Adapter_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEE5emptyEvQsr8conceptsE9has_emptyIT_E: 145| 7.00k| { 146| 7.00k| return this->get().empty(); 147| 7.00k| } _ZN5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEEC2ES6_: 83| 20.4k| constexpr explicit Strong_Base(T v) : m_value(std::move(v)) {} _ZN5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEEC2EOS7_: 78| 6.73k| Strong_Base(Strong_Base&&) noexcept = default; _ZN5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEEC2ERKS7_: 77| 3.77k| Strong_Base(const Strong_Base&) = default; _ZN5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEEC2Ev: 76| 20.8k| Strong_Base() = default; _ZN5Botan6detail11Strong_BaseINSt3__16vectorIhNS2_9allocatorIhEEEEEaSEOS7_: 80| 17.3k| Strong_Base& operator=(Strong_Base&&) noexcept = default; _ZN5Botan18unwrap_strong_typeIRmEEDcOT_: 243| 490k|[[nodiscard]] constexpr decltype(auto) unwrap_strong_type(T&& t) { 244| 490k| if constexpr(!concepts::strong_type>) { 245| | // If the parameter type isn't a strong type, return it as is. 246| 490k| return std::forward(t); 247| | } else { 248| | // Unwrap the strong type and return the underlying value. 249| | return std::forward(t).get(); 250| | } 251| 490k|} _ZN5Botan16wrap_strong_typeImRmQoosr3stdE18constructible_fromIT_T0_Eaasr8conceptsE11strong_typeIS2_Esr3stdE18constructible_fromINS2_12wrapped_typeES3_EEEDcOS3_: 268| 498k|[[nodiscard]] constexpr decltype(auto) wrap_strong_type(ParamT&& t) { 269| 498k| if constexpr(std::same_as, T>) { 270| | // Noop, if the parameter type already is the desired return type. 271| 498k| return std::forward(t); 272| | } else if constexpr(std::constructible_from) { 273| | // Implicit conversion from the parameter type to the return type. 274| | return T{std::forward(t)}; 275| | } else { 276| | // Explicitly calling the wrapped type's constructor to support 277| | // implicit conversions on types that mark their constructors as explicit. 278| | static_assert(concepts::strong_type && std::constructible_from); 279| | return T{typename T::wrapped_type{std::forward(t)}}; 280| | } 281| 498k|} _ZN5Botan16wrap_strong_typeItRtQoosr3stdE18constructible_fromIT_T0_Eaasr8conceptsE11strong_typeIS2_Esr3stdE18constructible_fromINS2_12wrapped_typeES3_EEEDcOS3_: 268| 52.6k|[[nodiscard]] constexpr decltype(auto) wrap_strong_type(ParamT&& t) { 269| 52.6k| if constexpr(std::same_as, T>) { 270| | // Noop, if the parameter type already is the desired return type. 271| 52.6k| return std::forward(t); 272| | } else if constexpr(std::constructible_from) { 273| | // Implicit conversion from the parameter type to the return type. 274| | return T{std::forward(t)}; 275| | } else { 276| | // Explicitly calling the wrapped type's constructor to support 277| | // implicit conversions on types that mark their constructors as explicit. 278| | static_assert(concepts::strong_type && std::constructible_from); 279| | return T{typename T::wrapped_type{std::forward(t)}}; 280| | } 281| 52.6k|} _ZN5Botan16wrap_strong_typeIjRjQoosr3stdE18constructible_fromIT_T0_Eaasr8conceptsE11strong_typeIS2_Esr3stdE18constructible_fromINS2_12wrapped_typeES3_EEEDcOS3_: 268| 502|[[nodiscard]] constexpr decltype(auto) wrap_strong_type(ParamT&& t) { 269| 502| if constexpr(std::same_as, T>) { 270| | // Noop, if the parameter type already is the desired return type. 271| 502| return std::forward(t); 272| | } else if constexpr(std::constructible_from) { 273| | // Implicit conversion from the parameter type to the return type. 274| | return T{std::forward(t)}; 275| | } else { 276| | // Explicitly calling the wrapped type's constructor to support 277| | // implicit conversions on types that mark their constructors as explicit. 278| | static_assert(concepts::strong_type && std::constructible_from); 279| | return T{typename T::wrapped_type{std::forward(t)}}; 280| | } 281| 502|} _ZN5Botan18unwrap_strong_typeIRtEEDcOT_: 243| 8|[[nodiscard]] constexpr decltype(auto) unwrap_strong_type(T&& t) { 244| 8| if constexpr(!concepts::strong_type>) { 245| | // If the parameter type isn't a strong type, return it as is. 246| 8| return std::forward(t); 247| | } else { 248| | // Unwrap the strong type and return the underlying value. 249| | return std::forward(t).get(); 250| | } 251| 8|} _ZN5Botan18unwrap_strong_typeIRjEEDcOT_: 243| 859k|[[nodiscard]] constexpr decltype(auto) unwrap_strong_type(T&& t) { 244| 859k| if constexpr(!concepts::strong_type>) { 245| | // If the parameter type isn't a strong type, return it as is. 246| 859k| return std::forward(t); 247| | } else { 248| | // Unwrap the strong type and return the underlying value. 249| | return std::forward(t).get(); 250| | } 251| 859k|} _ZN5Botan18unwrap_strong_typeIRNSt3__16vectorIhNS_16secure_allocatorIhEEEEEEDcOT_: 243| 6.39k|[[nodiscard]] constexpr decltype(auto) unwrap_strong_type(T&& t) { 244| 6.39k| if constexpr(!concepts::strong_type>) { 245| | // If the parameter type isn't a strong type, return it as is. 246| 6.39k| return std::forward(t); 247| | } else { 248| | // Unwrap the strong type and return the underlying value. 249| | return std::forward(t).get(); 250| | } 251| 6.39k|} _ZNK5Botan6detail29Container_Strong_Adapter_BaseINSt3__15arrayIhLm56EEEE5beginEv: 127| 12| decltype(auto) begin() const noexcept(noexcept(this->get().begin())) { return this->get().begin(); } _ZNK5Botan6detail29Container_Strong_Adapter_BaseINSt3__15arrayIhLm56EEEE3endEv: 131| 12| decltype(auto) end() const noexcept(noexcept(this->get().end())) { return this->get().end(); } _ZNK5Botan6detail14Strong_AdapterINSt3__15arrayIhLm56EEEE4dataEv: 200| 28| decltype(auto) data() const noexcept(noexcept(this->get().data())) { return this->get().data(); } _ZNK5Botan6detail29Container_Strong_Adapter_BaseINSt3__15arrayIhLm56EEEE4sizeEv: 141| 28| size_type size() const noexcept(noexcept(this->get().size())) { return this->get().size(); } _ZN5Botan6detail14Strong_AdapterINSt3__15arrayIhLm56EEEE4dataEv: 198| 14| decltype(auto) data() noexcept(noexcept(this->get().data())) { return this->get().data(); } _ZNR5Botan6detail11Strong_BaseINSt3__15arrayIhLm56EEEE3getEv: 85| 38| constexpr T& get() & { return m_value; } _ZN5Botan6detail29Container_Strong_Adapter_BaseINSt3__15arrayIhLm56EEEEixIiEEDcOT_: 167| 24| decltype(auto) operator[](U&& i) noexcept(noexcept(this->get().operator[](i))) { 168| 24| return this->get()[std::forward(i)]; 169| 24| } _ZNKR5Botan6detail11Strong_BaseINSt3__15arrayIhLm56EEEE3getEv: 87| 5.48k| constexpr const T& get() const& { return m_value; } _ZNK5Botan6detail29Container_Strong_Adapter_BaseINSt3__15arrayIhLm56EEEEixImEEDcOT_: 162| 5.37k| decltype(auto) operator[](U&& i) const noexcept(noexcept(this->get().operator[](i))) { 163| 5.37k| return this->get()[std::forward(i)]; 164| 5.37k| } _ZN5Botan6detail11Strong_BaseINSt3__15arrayIhLm56EEEEC2ES4_: 83| 12| constexpr explicit Strong_Base(T v) : m_value(std::move(v)) {} _ZN5Botan16wrap_strong_typeIhRhQoosr3stdE18constructible_fromIT_T0_Eaasr8conceptsE11strong_typeIS2_Esr3stdE18constructible_fromINS2_12wrapped_typeES3_EEEDcOS3_: 268| 2.10M|[[nodiscard]] constexpr decltype(auto) wrap_strong_type(ParamT&& t) { 269| 2.10M| if constexpr(std::same_as, T>) { 270| | // Noop, if the parameter type already is the desired return type. 271| 2.10M| return std::forward(t); 272| | } else if constexpr(std::constructible_from) { 273| | // Implicit conversion from the parameter type to the return type. 274| | return T{std::forward(t)}; 275| | } else { 276| | // Explicitly calling the wrapped type's constructor to support 277| | // implicit conversions on types that mark their constructors as explicit. 278| | static_assert(concepts::strong_type && std::constructible_from); 279| | return T{typename T::wrapped_type{std::forward(t)}}; 280| | } 281| 2.10M|} _ZN5Botan24Key_Length_SpecificationC2Em: 28| 347| explicit Key_Length_Specification(size_t keylen) : m_min_keylen(keylen), m_max_keylen(keylen), m_keylen_mod(1) {} _ZN5Botan24Key_Length_SpecificationC2Emmm: 37| 13.6k| m_min_keylen(min_k), m_max_keylen(max_k > 0 ? max_k : min_k), m_keylen_mod(k_mod) {} ------------------ | Branch (37:47): [True: 12.5k, False: 1.05k] ------------------ _ZNK5Botan24Key_Length_Specification15valid_keylengthEm: 43| 13.9k| bool valid_keylength(size_t length) const { 44| 13.9k| return ((length >= m_min_keylen) && (length <= m_max_keylen) && (length % m_keylen_mod == 0)); ------------------ | Branch (44:18): [True: 13.9k, False: 0] | Branch (44:46): [True: 13.9k, False: 0] | Branch (44:74): [True: 13.9k, False: 0] ------------------ 45| 13.9k| } _ZNK5Botan18SymmetricAlgorithm15valid_keylengthEm: 113| 13.9k| bool valid_keylength(size_t length) const { return key_spec().valid_keylength(length); } _ZNK5Botan18SymmetricAlgorithm23assert_key_material_setEv: 145| 136k| void assert_key_material_set() const { assert_key_material_set(has_keying_material()); } _ZNK5Botan18SymmetricAlgorithm23assert_key_material_setEb: 147| 136k| void assert_key_material_set(bool predicate) const { 148| 136k| if(!predicate) { ------------------ | Branch (148:13): [True: 0, False: 136k] ------------------ 149| 0| throw_key_not_set_error(); 150| 0| } 151| 136k| } _ZN5Botan18SymmetricAlgorithmD2Ev: 81| 11.9k| virtual ~SymmetricAlgorithm() = default; _ZN5Botan18SymmetricAlgorithmC2Ev: 80| 11.9k| SymmetricAlgorithm() = default; _ZNK5Botan11OctetString6lengthEv: 27| 8.63k| size_t length() const { return m_data.size(); } _ZNK5Botan11OctetString5emptyEv: 31| 11.0k| bool empty() const { return m_data.empty(); } _ZNK5Botan11OctetString7bits_ofEv: 36| 3.60k| secure_vector bits_of() const { return m_data; } _ZNK5Botan11OctetString5beginEv: 41| 8.63k| const uint8_t* begin() const { return m_data.data(); } _ZN5Botan11OctetStringC2ENSt3__16vectorIhNS_16secure_allocatorIhEEEE: 99| 12.7k| explicit OctetString(secure_vector in) : m_data(std::move(in)) {} _ZNK5Botan3TLS5Alert8is_validEv: 78| 5.30k| bool is_valid() const { return (m_type_code != AlertType::None); } _ZNK5Botan3TLS5Alert8is_fatalEv: 93| 14.2k| bool is_fatal() const { return m_fatal; } _ZNK5Botan3TLS5Alert4typeEv: 100| 24.7k| Type type() const { return m_type_code; } _ZN5Botan3TLS5AlertC2ENS0_9AlertTypeEb: 126| 5.30k| m_fatal(fatal), m_type_code(type_code) {} _ZN5Botan3TLS12Group_ParamsC2Ev: 141| 159| constexpr Group_Params() : m_code(Group_Params_Code::NONE) {} _ZN5Botan3TLS12Group_ParamsC2ENS0_17Group_Params_CodeE: 144| 3.57k| constexpr Group_Params(Group_Params_Code code) : m_code(code) {} _ZN5Botan3TLS12Group_ParamsC2Et: 147| 34.9k| constexpr Group_Params(uint16_t code) : m_code(static_cast(code)) {} _ZNK5Botan3TLS12Group_ParamseqENS0_17Group_Params_CodeE: 154| 12.2k| constexpr bool operator==(Group_Params_Code code) const { return m_code == code; } _ZNK5Botan3TLS12Group_ParamseqES1_: 156| 55.7k| constexpr bool operator==(Group_Params other) const { return m_code == other.m_code; } _ZNK5Botan3TLS12Group_Params9wire_codeEv: 162| 84.7k| constexpr uint16_t wire_code() const { return static_cast(m_code); } _ZNK5Botan3TLS12Group_Params9is_x25519Ev: 169| 26.8k| constexpr bool is_x25519() const { return m_code == Group_Params_Code::X25519; } _ZNK5Botan3TLS12Group_Params7is_x448Ev: 171| 26.7k| constexpr bool is_x448() const { return m_code == Group_Params_Code::X448; } _ZNK5Botan3TLS12Group_Params19is_ecdh_named_curveEv: 173| 35.2k| constexpr bool is_ecdh_named_curve() const { 174| 35.2k| return m_code == Group_Params_Code::SECP256R1 || m_code == Group_Params_Code::SECP384R1 || ------------------ | Branch (174:17): [True: 2.55k, False: 32.6k] | Branch (174:59): [True: 2.36k, False: 30.3k] ------------------ 175| 30.3k| m_code == Group_Params_Code::SECP521R1 || m_code == Group_Params_Code::BRAINPOOL256R1 || ------------------ | Branch (175:17): [True: 2.07k, False: 28.2k] | Branch (175:59): [True: 3.54k, False: 24.7k] ------------------ 176| 24.7k| m_code == Group_Params_Code::BRAINPOOL384R1 || m_code == Group_Params_Code::BRAINPOOL512R1; ------------------ | Branch (176:17): [True: 2.37k, False: 22.3k] | Branch (176:64): [True: 1.88k, False: 20.4k] ------------------ 177| 35.2k| } _ZNK5Botan3TLS12Group_Params17is_in_ffdhe_rangeEv: 179| 28.4k| constexpr bool is_in_ffdhe_range() const { 180| | // See RFC 7919 181| 28.4k| return wire_code() >= 256 && wire_code() < 512; ------------------ | Branch (181:17): [True: 18.2k, False: 10.1k] | Branch (181:39): [True: 1.13k, False: 17.1k] ------------------ 182| 28.4k| } _ZNK5Botan3TLS12Group_Params17is_dh_named_groupEv: 184| 5.44k| constexpr bool is_dh_named_group() const { 185| 5.44k| return m_code == Group_Params_Code::FFDHE_2048 || m_code == Group_Params_Code::FFDHE_3072 || ------------------ | Branch (185:17): [True: 0, False: 5.44k] | Branch (185:60): [True: 0, False: 5.44k] ------------------ 186| 5.44k| m_code == Group_Params_Code::FFDHE_4096 || m_code == Group_Params_Code::FFDHE_6144 || ------------------ | Branch (186:17): [True: 0, False: 5.44k] | Branch (186:60): [True: 0, False: 5.44k] ------------------ 187| 5.44k| m_code == Group_Params_Code::FFDHE_8192; ------------------ | Branch (187:17): [True: 0, False: 5.44k] ------------------ 188| 5.44k| } _ZNK5Botan3TLS12Group_Params14is_pure_ml_kemEv: 190| 6.95k| constexpr bool is_pure_ml_kem() const { 191| 6.95k| return m_code == Group_Params_Code::ML_KEM_512 || m_code == Group_Params_Code::ML_KEM_768 || ------------------ | Branch (191:17): [True: 0, False: 6.95k] | Branch (191:60): [True: 0, False: 6.95k] ------------------ 192| 6.95k| m_code == Group_Params_Code::ML_KEM_1024; ------------------ | Branch (192:17): [True: 0, False: 6.95k] ------------------ 193| 6.95k| } _ZNK5Botan3TLS12Group_Params16is_pure_frodokemEv: 195| 6.95k| constexpr bool is_pure_frodokem() const { 196| 6.95k| return m_code == Group_Params_Code::eFRODOKEM_640_SHAKE_OQS || ------------------ | Branch (196:17): [True: 0, False: 6.95k] ------------------ 197| 6.95k| m_code == Group_Params_Code::eFRODOKEM_976_SHAKE_OQS || ------------------ | Branch (197:17): [True: 0, False: 6.95k] ------------------ 198| 6.95k| m_code == Group_Params_Code::eFRODOKEM_1344_SHAKE_OQS || ------------------ | Branch (198:17): [True: 0, False: 6.95k] ------------------ 199| 6.95k| m_code == Group_Params_Code::eFRODOKEM_640_AES_OQS || ------------------ | Branch (199:17): [True: 0, False: 6.95k] ------------------ 200| 6.95k| m_code == Group_Params_Code::eFRODOKEM_976_AES_OQS || ------------------ | Branch (200:17): [True: 0, False: 6.95k] ------------------ 201| 6.95k| m_code == Group_Params_Code::eFRODOKEM_1344_AES_OQS; ------------------ | Branch (201:17): [True: 0, False: 6.95k] ------------------ 202| 6.95k| } _ZNK5Botan3TLS12Group_Params17is_pure_ecc_groupEv: 204| 26.7k| constexpr bool is_pure_ecc_group() const { return is_x25519() || is_x448() || is_ecdh_named_curve(); } ------------------ | Branch (204:57): [True: 34, False: 26.7k] | Branch (204:72): [True: 28, False: 26.6k] | Branch (204:85): [True: 6.32k, False: 20.3k] ------------------ _ZNK5Botan3TLS12Group_Params15is_post_quantumEv: 206| 6.95k| constexpr bool is_post_quantum() const { 207| 6.95k| BOTAN_DIAGNOSTIC_PUSH 208| 6.95k| BOTAN_DIAGNOSTIC_IGNORE_DEPRECATED_DECLARATIONS 209| | 210| 6.95k| return is_pure_ml_kem() || is_pure_frodokem() || is_pqc_hybrid(); ------------------ | Branch (210:17): [True: 0, False: 6.95k] | Branch (210:37): [True: 0, False: 6.95k] | Branch (210:59): [True: 0, False: 6.95k] ------------------ 211| | 212| 6.95k| BOTAN_DIAGNOSTIC_POP 213| 6.95k| } _ZNK5Botan3TLS12Group_Params20is_pqc_hybrid_ml_kemEv: 215| 6.95k| constexpr bool is_pqc_hybrid_ml_kem() const { 216| 6.95k| return m_code == Group_Params_Code::HYBRID_SECP256R1_ML_KEM_768 || ------------------ | Branch (216:17): [True: 0, False: 6.95k] ------------------ 217| 6.95k| m_code == Group_Params_Code::HYBRID_SECP384R1_ML_KEM_1024 || ------------------ | Branch (217:17): [True: 0, False: 6.95k] ------------------ 218| 6.95k| m_code == Group_Params_Code::HYBRID_X25519_ML_KEM_768; ------------------ | Branch (218:17): [True: 0, False: 6.95k] ------------------ 219| 6.95k| } _ZNK5Botan3TLS12Group_Params22is_pqc_hybrid_frodokemEv: 221| 6.95k| constexpr bool is_pqc_hybrid_frodokem() const { 222| 6.95k| return m_code == Group_Params_Code::HYBRID_X25519_eFRODOKEM_640_SHAKE_OQS || ------------------ | Branch (222:17): [True: 0, False: 6.95k] ------------------ 223| 6.95k| m_code == Group_Params_Code::HYBRID_X25519_eFRODOKEM_640_AES_OQS || ------------------ | Branch (223:17): [True: 0, False: 6.95k] ------------------ 224| 6.95k| m_code == Group_Params_Code::HYBRID_X448_eFRODOKEM_976_SHAKE_OQS || ------------------ | Branch (224:17): [True: 0, False: 6.95k] ------------------ 225| 6.95k| m_code == Group_Params_Code::HYBRID_X448_eFRODOKEM_976_AES_OQS || ------------------ | Branch (225:17): [True: 0, False: 6.95k] ------------------ 226| 6.95k| m_code == Group_Params_Code::HYBRID_SECP256R1_eFRODOKEM_640_SHAKE_OQS || ------------------ | Branch (226:17): [True: 0, False: 6.95k] ------------------ 227| 6.95k| m_code == Group_Params_Code::HYBRID_SECP256R1_eFRODOKEM_640_AES_OQS || ------------------ | Branch (227:17): [True: 0, False: 6.95k] ------------------ 228| 6.95k| m_code == Group_Params_Code::HYBRID_SECP384R1_eFRODOKEM_976_SHAKE_OQS || ------------------ | Branch (228:17): [True: 0, False: 6.95k] ------------------ 229| 6.95k| m_code == Group_Params_Code::HYBRID_SECP384R1_eFRODOKEM_976_AES_OQS || ------------------ | Branch (229:17): [True: 0, False: 6.95k] ------------------ 230| 6.95k| m_code == Group_Params_Code::HYBRID_SECP521R1_eFRODOKEM_1344_SHAKE_OQS || ------------------ | Branch (230:17): [True: 0, False: 6.95k] ------------------ 231| 6.95k| m_code == Group_Params_Code::HYBRID_SECP521R1_eFRODOKEM_1344_AES_OQS; ------------------ | Branch (231:17): [True: 0, False: 6.95k] ------------------ 232| 6.95k| } _ZNK5Botan3TLS12Group_Params13is_pqc_hybridEv: 234| 6.95k| constexpr bool is_pqc_hybrid() const { return is_pqc_hybrid_ml_kem() || is_pqc_hybrid_frodokem(); } ------------------ | Branch (234:53): [True: 0, False: 6.95k] | Branch (234:79): [True: 0, False: 6.95k] ------------------ _ZN5Botan3TLS19key_exchange_is_pskENS0_8Kex_AlgoE: 274| 2.38k|inline bool key_exchange_is_psk(Kex_Algo m) { 275| 2.38k| return (m == Kex_Algo::PSK || m == Kex_Algo::ECDHE_PSK || m == Kex_Algo::DHE_PSK); ------------------ | Branch (275:12): [True: 9, False: 2.37k] | Branch (275:34): [True: 2.37k, False: 0] | Branch (275:62): [True: 0, False: 0] ------------------ 276| 2.38k|} _ZN5Botan3TLS9CallbacksD2Ev: 59| 7.04k| virtual ~Callbacks() = default; _ZN5Botan3TLS9Callbacks21tls_session_activatedEv: 154| 129| virtual void tls_session_activated() {} _ZN5Botan3TLS9Callbacks26tls_peer_closed_connectionEv: 176| 520| virtual bool tls_peer_closed_connection() { return true; } _ZN5Botan3TLS7Channel13received_dataENSt3__14spanIKhLm18446744073709551615EEE: 58| 7.04k| size_t received_data(std::span data) { return this->from_peer(data); } _ZN5Botan3TLS7ChannelC2Ev: 47| 7.04k| Channel() = default; _ZN5Botan3TLS7ChannelD2Ev: 39| 7.04k| virtual ~Channel() = default; _ZNK5Botan3TLS11Ciphersuite5validEv: 141| 351k| bool valid() const { return m_usable; } _ZNK5Botan3TLS11Ciphersuite16ciphersuite_codeEv: 62| 697k| uint16_t ciphersuite_code() const { return m_ciphersuite_code; } _ZNK5Botan3TLS11Ciphersuite8kex_algoEv: 102| 129| std::string kex_algo() const { return kex_method_to_string(kex_method()); } _ZNK5Botan3TLS11Ciphersuite10kex_methodEv: 104| 25.6k| Kex_Algo kex_method() const { return m_kex_algo; } _ZNK5Botan3TLS11Ciphersuite8sig_algoEv: 109| 133| std::string sig_algo() const { return auth_method_to_string(auth_method()); } _ZNK5Botan3TLS11Ciphersuite11auth_methodEv: 111| 13.6k| Auth_Method auth_method() const { return m_auth_method; } _ZNK5Botan3TLS11Ciphersuite11cipher_algoEv: 116| 2.86k| std::string cipher_algo() const { return m_cipher_algo; } _ZNK5Botan3TLS11Ciphersuite8mac_algoEv: 121| 3.48k| std::string mac_algo() const { return m_mac_algo; } _ZNK5Botan3TLS11Ciphersuite8prf_algoEv: 123| 3.58k| std::string prf_algo() const { return kdf_algo_to_string(m_prf_algo); } _ZNK5Botan3TLS11Ciphersuite13cipher_keylenEv: 128| 1.72k| size_t cipher_keylen() const { return m_cipher_keylen; } _ZNK5Botan3TLS11Ciphersuite12nonce_formatEv: 134| 464| Nonce_Format nonce_format() const { return m_nonce_format; } _ZNK5Botan3TLS11Ciphersuite10mac_keylenEv: 136| 1.72k| size_t mac_keylen() const { return m_mac_keylen; } _ZNK5Botan3TLS11CiphersuiteltEt: 147| 66.4k| bool operator<(const uint16_t c) const { return ciphersuite_code() < c; } _ZN5Botan3TLS11CiphersuiteC2EtPKcNS0_11Auth_MethodENS0_8Kex_AlgoES3_mS3_mNS0_8KDF_AlgoENS0_12Nonce_FormatE: 162| 102| m_ciphersuite_code(ciphersuite_code), 163| 102| m_iana_id(iana_id), 164| 102| m_auth_method(auth_method), 165| 102| m_kex_algo(kex_algo), 166| 102| m_prf_algo(prf_algo), 167| 102| m_nonce_format(nonce_format), 168| 102| m_cipher_algo(cipher_algo), 169| 102| m_mac_algo(mac_algo), 170| 102| m_cipher_keylen(cipher_keylen), 171| 102| m_mac_keylen(mac_keylen), 172| 102| m_usable(is_known_usable(ciphersuite_code)) {} _ZN5Botan3TLS13TLS_ExceptionC2ENS0_9AlertTypeENSt3__117basic_string_viewIcNS3_11char_traitsIcEEEE: 24| 3.03k| Exception(err_msg), m_alert_type(type) {} _ZNK5Botan3TLS13TLS_Exception4typeEv: 21| 3.03k| Alert::Type type() const { return m_alert_type; } _ZN5Botan3TLS18Unexpected_MessageC2ENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 39| 150| explicit Unexpected_Message(std::string_view err) : TLS_Exception(AlertType::UnexpectedMessage, err) {} _ZNK5Botan3TLS9Extension14is_implementedEv: 100| 62| virtual bool is_implemented() const { return true; } _ZN5Botan3TLS21Server_Name_Indicator11static_typeEv: 110| 9.19k| static Extension_Code static_type() { return Extension_Code::ServerNameIndication; } _ZNK5Botan3TLS21Server_Name_Indicator4typeEv: 112| 68| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS21Server_Name_Indicator9host_nameEv: 118| 7| std::string host_name() const { return m_sni_host_name; } _ZNK5Botan3TLS21Server_Name_Indicator5emptyEv: 122| 34| bool empty() const override { return false; } _ZN5Botan3TLS39Application_Layer_Protocol_Notification11static_typeEv: 135| 3.48k| static Extension_Code static_type() { return Extension_Code::ApplicationLayerProtocolNegotiation; } _ZNK5Botan3TLS39Application_Layer_Protocol_Notification4typeEv: 137| 66| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS39Application_Layer_Protocol_Notification9protocolsEv: 139| 16| const std::vector& protocols() const { return m_protocols; } _ZNK5Botan3TLS39Application_Layer_Protocol_Notification5emptyEv: 157| 11| bool empty() const override { return m_protocols.empty(); } _ZNK5Botan3TLS21Certificate_Type_Base5emptyEv: 189| 27| bool empty() const override { 190| | // RFC 7250 4.1 191| | // If the client has no remaining certificate types to send in the 192| | // client hello, other than the default X.509 type, it MUST omit the 193| | // entire client[/server]_certificate_type extension [...]. 194| 27| return m_from == Connection_Side::Client && m_certificate_types.size() == 1 && ------------------ | Branch (194:17): [True: 14, False: 13] | Branch (194:54): [True: 5, False: 9] ------------------ 195| 5| m_certificate_types.front() == Certificate_Type::X509; ------------------ | Branch (195:17): [True: 1, False: 4] ------------------ 196| 27| } _ZN5Botan3TLS23Client_Certificate_Type11static_typeEv: 212| 178| static Extension_Code static_type() { return Extension_Code::ClientCertificateType; } _ZNK5Botan3TLS23Client_Certificate_Type4typeEv: 214| 178| Extension_Code type() const override { return static_type(); } _ZN5Botan3TLS23Server_Certificate_Type11static_typeEv: 226| 213| static Extension_Code static_type() { return Extension_Code::ServerCertificateType; } _ZNK5Botan3TLS23Server_Certificate_Type4typeEv: 228| 213| Extension_Code type() const override { return static_type(); } _ZN5Botan3TLS16Supported_Groups11static_typeEv: 236| 19.7k| static Extension_Code static_type() { return Extension_Code::SupportedGroups; } _ZNK5Botan3TLS16Supported_Groups4typeEv: 238| 6.46k| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS16Supported_Groups5emptyEv: 254| 3.14k| bool empty() const override { return m_groups.empty(); } _ZN5Botan3TLS20Signature_Algorithms11static_typeEv: 265| 7.09k| static Extension_Code static_type() { return Extension_Code::SignatureAlgorithms; } _ZNK5Botan3TLS20Signature_Algorithms4typeEv: 267| 313| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS20Signature_Algorithms17supported_schemesEv: 269| 307| const std::vector& supported_schemes() const { return m_schemes; } _ZNK5Botan3TLS20Signature_Algorithms5emptyEv: 273| 15| bool empty() const override { return m_schemes.empty(); } _ZN5Botan3TLS25Signature_Algorithms_Cert11static_typeEv: 298| 3.41k| static Extension_Code static_type() { return Extension_Code::CertSignatureAlgorithms; } _ZNK5Botan3TLS25Signature_Algorithms_Cert4typeEv: 300| 25| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS25Signature_Algorithms_Cert17supported_schemesEv: 302| 9| const std::vector& supported_schemes() const { return m_schemes; } _ZNK5Botan3TLS25Signature_Algorithms_Cert5emptyEv: 306| 4| bool empty() const override { return m_schemes.empty(); } _ZN5Botan3TLS24SRTP_Protection_Profiles11static_typeEv: 321| 166| static Extension_Code static_type() { return Extension_Code::UseSrtp; } _ZNK5Botan3TLS24SRTP_Protection_Profiles4typeEv: 323| 37| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS24SRTP_Protection_Profiles5emptyEv: 329| 1| bool empty() const override { return m_pp.empty(); } _ZN5Botan3TLS26Certificate_Status_Request11static_typeEv: 348| 4.72k| static Extension_Code static_type() { return Extension_Code::CertificateStatusRequest; } _ZNK5Botan3TLS26Certificate_Status_Request4typeEv: 350| 1.48k| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS26Certificate_Status_Request5emptyEv: 354| 204| bool empty() const override { return false; } _ZN5Botan3TLS18Supported_Versions11static_typeEv: 386| 20.3k| static Extension_Code static_type() { return Extension_Code::SupportedVersions; } _ZNK5Botan3TLS18Supported_Versions4typeEv: 388| 555| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS18Supported_Versions5emptyEv: 392| 2| bool empty() const override { return m_versions.empty(); } _ZNK5Botan3TLS18Supported_Versions8versionsEv: 402| 434| const std::vector& versions() const { return m_versions; } _ZN5Botan3TLS17Record_Size_Limit11static_typeEv: 417| 34| static Extension_Code static_type() { return Extension_Code::RecordSizeLimit; } _ZNK5Botan3TLS17Record_Size_Limit4typeEv: 419| 34| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS17Record_Size_Limit5emptyEv: 429| 23| bool empty() const override { return m_limit == 0; } _ZNK5Botan3TLS17Unknown_Extension5emptyEv: 446| 16.8k| bool empty() const override { return false; } _ZNK5Botan3TLS17Unknown_Extension4typeEv: 448| 37.4k| Extension_Code type() const override { return m_type; } _ZNK5Botan3TLS17Unknown_Extension14is_implementedEv: 450| 413| bool is_implemented() const override { return false; } _ZN5Botan3TLS10Extensions3addEPNS0_9ExtensionE: 482| 6.33k| void add(Extension* extn) { add(std::unique_ptr(extn)); } _ZNK5Botan3TLS10Extensions42contains_implemented_extensions_other_thanERKNSt3__13setINS0_14Extension_CodeENS2_4lessIS4_EENS2_9allocatorIS4_EEEE: 503| 228| bool contains_implemented_extensions_other_than(const std::set& allowed_extensions) const { 504| 228| return contains_other_than(allowed_extensions, true); 505| 228| } _ZNK5Botan3TLS10Extensions3getINS0_9Key_ShareEEEPT_v: 465| 1| T* get() const { 466| 1| return dynamic_cast(get(T::static_type())); 467| 1| } _ZN5Botan3TLS10ExtensionsC2Ev: 535| 21.3k| Extensions() = default; _ZNK5Botan3TLS10Extensions3hasINS0_18Supported_VersionsEEEbv: 470| 7.47k| bool has() const { 471| 7.47k| return get() != nullptr; 472| 7.47k| } _ZNK5Botan3TLS10Extensions3getINS0_18Supported_VersionsEEEPT_v: 465| 19.8k| T* get() const { 466| 19.8k| return dynamic_cast(get(T::static_type())); 467| 19.8k| } _ZNK5Botan3TLS10Extensions3getINS0_26Certificate_Status_RequestEEEPT_v: 465| 3.23k| T* get() const { 466| 3.23k| return dynamic_cast(get(T::static_type())); 467| 3.23k| } _ZN5Botan3TLS9ExtensionD2Ev: 102| 62.6k| virtual ~Extension() = default; _ZNK5Botan3TLS10Extensions3hasINS0_16Supported_GroupsEEEbv: 470| 4| bool has() const { 471| 4| return get() != nullptr; 472| 4| } _ZNK5Botan3TLS10Extensions3hasINS0_9Key_ShareEEEbv: 470| 1| bool has() const { 471| 1| return get() != nullptr; 472| 1| } _ZNK5Botan3TLS10Extensions3getINS0_16Supported_GroupsEEEPT_v: 465| 13.2k| T* get() const { 466| 13.2k| return dynamic_cast(get(T::static_type())); 467| 13.2k| } _ZNK5Botan3TLS10Extensions3hasINS0_3PSKEEEbv: 470| 6| bool has() const { 471| 6| return get() != nullptr; 472| 6| } _ZNK5Botan3TLS10Extensions3getINS0_3PSKEEEPT_v: 465| 6| T* get() const { 466| 6| return dynamic_cast(get(T::static_type())); 467| 6| } _ZN5Botan3TLS10ExtensionsC2EOS1_: 538| 664| Extensions(Extensions&&) = default; _ZNK5Botan3TLS10Extensions3hasINS0_26Certificate_Status_RequestEEEbv: 470| 3.23k| bool has() const { 471| 3.23k| return get() != nullptr; 472| 3.23k| } _ZNK5Botan3TLS10Extensions3getINS0_20Signature_AlgorithmsEEEPT_v: 465| 6.78k| T* get() const { 466| 6.78k| return dynamic_cast(get(T::static_type())); 467| 6.78k| } _ZNK5Botan3TLS10Extensions3getINS0_25Signature_Algorithms_CertEEEPT_v: 465| 3.39k| T* get() const { 466| 3.39k| return dynamic_cast(get(T::static_type())); 467| 3.39k| } _ZNK5Botan3TLS10Extensions3getINS0_21Server_Name_IndicatorEEEPT_v: 465| 9.12k| T* get() const { 466| 9.12k| return dynamic_cast(get(T::static_type())); 467| 9.12k| } _ZNK5Botan3TLS10Extensions3hasINS0_39Application_Layer_Protocol_NotificationEEEbv: 470| 3.40k| bool has() const { 471| 3.40k| return get() != nullptr; 472| 3.40k| } _ZNK5Botan3TLS10Extensions3hasINS0_20Signature_AlgorithmsEEEbv: 470| 2| bool has() const { 471| 2| return get() != nullptr; 472| 2| } _ZNK5Botan3TLS10Extensions3getINS0_39Application_Layer_Protocol_NotificationEEEPT_v: 465| 3.42k| T* get() const { 466| 3.42k| return dynamic_cast(get(T::static_type())); 467| 3.42k| } _ZNK5Botan3TLS10Extensions3getINS0_24SRTP_Protection_ProfilesEEEPT_v: 465| 129| T* get() const { 466| 129| return dynamic_cast(get(T::static_type())); 467| 129| } _ZNK5Botan3TLS10Extensions3getINS0_23Supported_Point_FormatsEEEPT_v: 465| 3.08k| T* get() const { 466| 3.08k| return dynamic_cast(get(T::static_type())); 467| 3.08k| } _ZNK5Botan3TLS10Extensions3hasINS0_23Renegotiation_ExtensionEEEbv: 470| 10.2k| bool has() const { 471| 10.2k| return get() != nullptr; 472| 10.2k| } _ZNK5Botan3TLS10Extensions3getINS0_23Renegotiation_ExtensionEEEPT_v: 465| 13.2k| T* get() const { 466| 13.2k| return dynamic_cast(get(T::static_type())); 467| 13.2k| } _ZNK5Botan3TLS10Extensions3hasINS0_24Session_Ticket_ExtensionEEEbv: 470| 3.61k| bool has() const { 471| 3.61k| return get() != nullptr; 472| 3.61k| } _ZNK5Botan3TLS10Extensions3getINS0_24Session_Ticket_ExtensionEEEPT_v: 465| 7.01k| T* get() const { 466| 7.01k| return dynamic_cast(get(T::static_type())); 467| 7.01k| } _ZNK5Botan3TLS10Extensions3hasINS0_22Extended_Master_SecretEEEbv: 470| 8.45k| bool has() const { 471| 8.45k| return get() != nullptr; 472| 8.45k| } _ZNK5Botan3TLS10Extensions3getINS0_22Extended_Master_SecretEEEPT_v: 465| 8.45k| T* get() const { 466| 8.45k| return dynamic_cast(get(T::static_type())); 467| 8.45k| } _ZNK5Botan3TLS10Extensions3hasINS0_16Encrypt_then_MACEEEbv: 470| 2.74k| bool has() const { 471| 2.74k| return get() != nullptr; 472| 2.74k| } _ZNK5Botan3TLS10Extensions3getINS0_16Encrypt_then_MACEEEPT_v: 465| 2.74k| T* get() const { 466| 2.74k| return dynamic_cast(get(T::static_type())); 467| 2.74k| } _ZN5Botan3TLS23Renegotiation_Extension11static_typeEv: 31| 16.2k| static Extension_Code static_type() { return Extension_Code::SafeRenegotiation; } _ZNK5Botan3TLS23Renegotiation_Extension4typeEv: 33| 2.96k| Extension_Code type() const override { return static_type(); } _ZN5Botan3TLS23Renegotiation_ExtensionC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 37| 175| explicit Renegotiation_Extension(const std::vector& bits) : m_reneg_data(bits) {} _ZNK5Botan3TLS23Renegotiation_Extension18renegotiation_infoEv: 41| 448| const std::vector& renegotiation_info() const { return m_reneg_data; } _ZNK5Botan3TLS23Renegotiation_Extension5emptyEv: 45| 289| bool empty() const override { return false; } // always send this _ZN5Botan3TLS24Session_Ticket_Extension11static_typeEv: 56| 7.21k| static Extension_Code static_type() { return Extension_Code::SessionTicket; } _ZNK5Botan3TLS24Session_Ticket_Extension4typeEv: 58| 202| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS24Session_Ticket_Extension8contentsEv: 63| 32| const Session_Ticket& contents() const { return m_ticket; } _ZNK5Botan3TLS24Session_Ticket_Extension5emptyEv: 82| 24| bool empty() const override { return false; } _ZN5Botan3TLS23Supported_Point_Formats11static_typeEv: 99| 3.51k| static Extension_Code static_type() { return Extension_Code::EcPointFormats; } _ZNK5Botan3TLS23Supported_Point_Formats4typeEv: 101| 437| Extension_Code type() const override { return static_type(); } _ZN5Botan3TLS23Supported_Point_FormatsC2Eb: 105| 112| explicit Supported_Point_Formats(bool prefer_compressed) : m_prefers_compressed(prefer_compressed) {} _ZNK5Botan3TLS23Supported_Point_Formats5emptyEv: 109| 229| bool empty() const override { return false; } _ZNK5Botan3TLS23Supported_Point_Formats18prefers_compressedEv: 111| 111| bool prefers_compressed() const { return m_prefers_compressed; } _ZN5Botan3TLS22Extended_Master_Secret11static_typeEv: 122| 18.4k| static Extension_Code static_type() { return Extension_Code::ExtendedMasterSecret; } _ZNK5Botan3TLS22Extended_Master_Secret4typeEv: 124| 9.98k| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS22Extended_Master_Secret5emptyEv: 128| 6.34k| bool empty() const override { return false; } _ZN5Botan3TLS16Encrypt_then_MAC11static_typeEv: 140| 3.10k| static Extension_Code static_type() { return Extension_Code::EncryptThenMac; } _ZNK5Botan3TLS16Encrypt_then_MAC4typeEv: 142| 365| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS16Encrypt_then_MAC5emptyEv: 146| 229| bool empty() const override { return false; } _ZN5Botan3TLS22Extended_Master_SecretC2Ev: 130| 3.22k| Extended_Master_Secret() = default; _ZN5Botan3TLS16Encrypt_then_MACC2Ev: 148| 112| Encrypt_then_MAC() = default; _ZN5Botan3TLS23Renegotiation_ExtensionC2Ev: 35| 2.59k| Renegotiation_Extension() = default; _ZN5Botan3TLS9Key_Share11static_typeEv: 212| 60| static Extension_Code static_type() { return Extension_Code::KeyShare; } _ZN5Botan3TLS6Cookie11static_typeEv: 44| 45| static Extension_Code static_type() { return Extension_Code::Cookie; } _ZNK5Botan3TLS6Cookie4typeEv: 46| 45| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS6Cookie5emptyEv: 50| 5| bool empty() const override { return m_cookie.empty(); } _ZN5Botan3TLS22PSK_Key_Exchange_Modes11static_typeEv: 67| 718| static Extension_Code static_type() { return Extension_Code::PskKeyExchangeModes; } _ZNK5Botan3TLS22PSK_Key_Exchange_Modes4typeEv: 69| 718| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS22PSK_Key_Exchange_Modes5emptyEv: 73| 29| bool empty() const override { return m_modes.empty(); } _ZN5Botan3TLS23Certificate_Authorities11static_typeEv: 90| 3| static Extension_Code static_type() { return Extension_Code::CertificateAuthorities; } _ZNK5Botan3TLS23Certificate_Authorities4typeEv: 92| 3| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS23Certificate_Authorities5emptyEv: 96| 1| bool empty() const override { return m_distinguished_names.empty(); } _ZN5Botan3TLS3PSK11static_typeEv: 112| 18| static Extension_Code static_type() { return Extension_Code::PresharedKey; } _ZNK5Botan3TLS3PSK4typeEv: 114| 12| Extension_Code type() const override { return static_type(); } _ZNK5Botan3TLS9Key_Share4typeEv: 214| 59| Extension_Code type() const override { return static_type(); } _ZN5Botan3TLS19EarlyDataIndication11static_typeEv: 306| 42| static Extension_Code static_type() { return Extension_Code::EarlyData; } _ZNK5Botan3TLS19EarlyDataIndication4typeEv: 308| 42| Extension_Code type() const override { return static_type(); } _ZN5Botan3TLS11ExternalPSKC2ENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEES6_NS2_6vectorIhNS_16secure_allocatorIhEEEE: 31| 2.35k| m_identity(identity), m_prf_algo(prf_algo), m_master_secret(std::move(psk)), m_is_imported(false) {} _ZN5Botan3TLS11ExternalPSKD2Ev: 28| 2.35k| ~ExternalPSK() = default; _ZN5Botan3TLS17Handshake_MessageD2Ev: 50| 75.4k| virtual ~Handshake_Message() = default; _ZNK5Botan3TLS17Handshake_Message9wire_typeEv: 39| 18.4k| virtual Handshake_Type wire_type() const { 40| | // Usually equal to the Handshake_Type enum value, 41| | // with the exception of TLS 1.3 Hello Retry Request. 42| 18.4k| return type(); 43| 18.4k| } _ZN5Botan3TLS17Handshake_MessageC2Ev: 51| 38.5k| Handshake_Message() = default; _ZN5Botan3TLS17Handshake_MessageC2EOS1_: 53| 36.9k| Handshake_Message(Handshake_Message&&) = default; _ZNK5Botan3TLS8Finished4typeEv: 274| 262| Handshake_Type type() const override { return Handshake_Type::Finished; } _ZNK5Botan3TLS8Finished9serializeEv: 278| 129| std::vector serialize() const override { return m_verification_data; } _ZNK5Botan3TLS20Hello_Verify_Request4typeEv: 61| 17.2k| Handshake_Type type() const override { return Handshake_Type::HelloVerifyRequest; } _ZNK5Botan3TLS20Hello_Verify_Request6cookieEv: 63| 8.63k| const std::vector& cookie() const { return m_cookie; } _ZNK5Botan3TLS18Certificate_Verify4typeEv: 253| 6| Handshake_Type type() const override { return Handshake_Type::CertificateVerify; } _ZN5Botan3TLS8FinishedC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 272| 140| explicit Finished(const std::vector& buf) : m_verification_data(buf) {} _ZNK5Botan3TLS8Finished11verify_dataEv: 276| 258| std::vector verify_data() const { return m_verification_data; } _ZNK5Botan3TLS14Certificate_1210cert_chainEv: 211| 4| const std::vector& cert_chain() const { return m_certs; } _ZNK5Botan3TLS18Change_Cipher_Spec4typeEv: 416| 129| Handshake_Type type() const override { return Handshake_Type::HandshakeCCS; } _ZNK5Botan3TLS18Change_Cipher_Spec9serializeEv: 418| 129| std::vector serialize() const override { return std::vector(1, 1); } _ZN5Botan3TLS15Server_Hello_128SettingsC2ENS_6StrongINSt3__16vectorIhNS4_9allocatorIhEEEENS0_11Session_ID_EJEEENS0_16Protocol_VersionEtb: 97| 3.22k| m_new_session_id(std::move(new_session_id)), 98| 3.22k| m_new_session_version(new_session_version), 99| 3.22k| m_ciphersuite(ciphersuite), 100| 3.22k| m_offer_session_ticket(offer_session_ticket) {} _ZNK5Botan3TLS15Server_Hello_128Settings10session_idEv: 102| 3.22k| const Session_ID& session_id() const { return m_new_session_id; } _ZNK5Botan3TLS15Server_Hello_128Settings16protocol_versionEv: 104| 6.45k| Protocol_Version protocol_version() const { return m_new_session_version; } _ZNK5Botan3TLS15Server_Hello_128Settings11ciphersuiteEv: 106| 3.22k| uint16_t ciphersuite() const { return m_ciphersuite; } _ZNK5Botan3TLS15Server_Hello_128Settings20offer_session_ticketEv: 108| 23| bool offer_session_ticket() const { return m_offer_session_ticket; } _ZNK5Botan3TLS19Client_Key_Exchange17pre_master_secretEv: 174| 1.46k| const secure_vector& pre_master_secret() const { return m_pre_master; } _ZNK5Botan3TLS19Client_Key_Exchange12psk_identityEv: 179| 258| const std::optional& psk_identity() const { return m_psk_identity; } _ZNK5Botan3TLS14Certificate_124typeEv: 209| 8| Handshake_Type type() const override { return Handshake_Type::Certificate; } _ZNK5Botan3TLS19Server_Key_Exchange4typeEv: 324| 6.44k| Handshake_Type type() const override { return Handshake_Type::ServerKeyExchange; } _ZNK5Botan3TLS19Server_Key_Exchange6paramsEv: 326| 3.22k| const std::vector& params() const { return m_params; } _ZNK5Botan3TLS19Server_Key_Exchange12shared_groupEv: 337| 2.33k| const std::optional& shared_group() const { return m_shared_group; } _ZNK5Botan3TLS17Server_Hello_Done4typeEv: 375| 6.44k| Handshake_Type type() const override { return Handshake_Type::ServerHelloDone; } _ZNK5Botan3TLS20Encrypted_Extensions4typeEv: 155| 680| Handshake_Type type() const override { return Handshake_Type::EncryptedExtensions; } _ZNK5Botan3TLS14Certificate_134typeEv: 204| 5| Handshake_Type type() const override { return Handshake_Type::Certificate; } _ZN5Botan3TLS6PolicyD2Ev: 610| 7.04k| virtual ~Policy() = default; _ZN5Botan3TLS11PskIdentityC2ENSt3__16vectorIhNS2_9allocatorIhEEEEj: 41| 648| m_identity(std::move(identity)), m_obfuscated_age(obfuscated_age) {} _ZN5Botan3TLS18Server_InformationC2ENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEEt: 32| 7.17k| m_hostname(hostname), m_port(port) {} _ZN5Botan3TLS18Server_InformationC2Ev: 24| 6.25k| Server_Information() = default; _ZNK5Botan3TLS7Session13lifetime_hintEv: 350| 129| std::chrono::seconds lifetime_hint() const { return m_lifetime_hint; } _ZNK5Botan3TLS12Session_Base7versionEv: 74| 129| Protocol_Version version() const { return m_version; } _ZN5Botan3TLS15Session_Summary14set_session_idENS_6StrongINSt3__16vectorIhNS3_9allocatorIhEEEENS0_11Session_ID_EJEEE: 220| 129| void set_session_id(Session_ID id) { m_session_id = std::move(id); } _ZN5Botan3TLS14Session_HandleC2ENS_6StrongINSt3__16vectorIhNS3_9allocatorIhEEEENS0_11Session_ID_EJEEE: 59| 106| Session_Handle(Session_ID id) : m_handle(std::move(id)) { validate_constraints(); } _ZN5Botan3TLS14Session_HandleC2ENS_6StrongINSt3__16vectorIhNS3_9allocatorIhEEEENS0_15Session_Ticket_EJEEE: 70| 24| Session_Handle(Session_Ticket ticket) : m_handle(std::move(ticket)) { validate_constraints(); } _ZN5Botan3TLS15Session_ManagerD2Ev: 217| 7.04k| virtual ~Session_Manager() = default; _ZN5Botan3TLS15Session_Manager21emits_session_ticketsEv: 215| 3.22k| virtual bool emits_session_tickets() { return false; } _ZN5Botan3TLS20Session_Manager_Noop6removeERKNS0_14Session_HandleE: 33| 104| size_t remove(const Session_Handle& /*session*/) override { return 0; } _ZNK5Botan3TLS16Signature_Scheme9wire_codeEv: 74| 34.0k| Signature_Scheme::Code wire_code() const noexcept { return m_code; } _ZNK5Botan3TLS16Signature_SchemeeqERKS1_: 106| 121k| bool operator==(const Signature_Scheme& rhs) const { return m_code == rhs.m_code; } _ZN5Botan3TLS16Protocol_VersionC2Ev: 54| 43.7k| Protocol_Version() : m_version(0) {} _ZN5Botan3TLS16Protocol_VersionC2Et: 56| 457k| explicit Protocol_Version(uint16_t code) : m_version(code) {} _ZN5Botan3TLS16Protocol_VersionC2ENS0_12Version_CodeE: 62| 393k| Protocol_Version(static_cast(named_version)) {} _ZN5Botan3TLS16Protocol_VersionC2Ehh: 69| 45.9k| Protocol_Version(static_cast((static_cast(major) << 8) | minor)) {} _ZNK5Botan3TLS16Protocol_Version13major_versionEv: 84| 604k| uint8_t major_version() const { return static_cast(m_version >> 8); } _ZNK5Botan3TLS16Protocol_Version13minor_versionEv: 89| 47.9k| uint8_t minor_version() const { return static_cast(m_version & 0xFF); } _ZNK5Botan3TLS16Protocol_VersioneqERKS1_: 123| 366k| bool operator==(const Protocol_Version& other) const { return (m_version == other.m_version); } _ZNK5Botan3TLS16Protocol_VersionneERKS1_: 128| 2.87k| bool operator!=(const Protocol_Version& other) const { return (m_version != other.m_version); } _ZNK5Botan3TLS16Protocol_VersiongeERKS1_: 138| 18.2k| bool operator>=(const Protocol_Version& other) const { return (*this == other || *this > other); } ------------------ | Branch (138:70): [True: 186, False: 18.0k] | Branch (138:88): [True: 18.0k, False: 57] ------------------ _ZNK5Botan3TLS16Protocol_VersionltERKS1_: 143| 6.41k| bool operator<(const Protocol_Version& other) const { return !(*this >= other); } _ZNK5Botan3TLS16Protocol_VersionleERKS1_: 148| 337k| bool operator<=(const Protocol_Version& other) const { return (*this == other || *this < other); } ------------------ | Branch (148:70): [True: 331k, False: 6.41k] | Branch (148:88): [True: 34, False: 6.37k] ------------------ _ZNK5Botan16X25519_PublicKey9algo_nameEv: 16| 15| std::string algo_name() const override { return "X25519"; } _ZNK5Botan16X25519_PublicKey10key_lengthEv: 20| 3| size_t key_length() const override { return 255; } _ZN5Botan16X25519_PublicKeyC2Ev: 52| 16| X25519_PublicKey() = default; _ZNK5Botan14X448_PublicKey9algo_nameEv: 34| 8| std::string algo_name() const override { return "X448"; } _ZNK5Botan14X448_PublicKey10key_lengthEv: 38| 2| size_t key_length() const override { return 448; } _ZN5Botan14X448_PublicKeyC2Ev: 57| 10| X448_PublicKey() = default; _ZNK5Botan14Cert_Extension17Basic_Constraints5is_caEv: 51| 7.04k| bool is_ca() const { return m_is_ca; } _ZN5Botan14Cert_Extension17Basic_Constraints10static_oidEv: 55| 7.04k| static OID static_oid() { return OID({2, 5, 29, 19}); } _ZNK5Botan14Cert_Extension17Basic_Constraints8oid_nameEv: 60| 14.0k| std::string oid_name() const override { return "X509v3.BasicConstraints"; } _ZN5Botan14Cert_Extension9Key_Usage10static_oidEv: 86| 7.04k| static OID static_oid() { return OID({2, 5, 29, 15}); } _ZNK5Botan14Cert_Extension14Subject_Key_ID10get_key_idEv: 118| 7.04k| const std::vector& get_key_id() const { return m_key_id; } _ZN5Botan14Cert_Extension14Subject_Key_ID10static_oidEv: 120| 7.04k| static OID static_oid() { return OID({2, 5, 29, 14}); } _ZNK5Botan14Cert_Extension14Subject_Key_ID8oid_nameEv: 125| 7.04k| std::string oid_name() const override { return "X509v3.SubjectKeyIdentifier"; } _ZNK5Botan14Cert_Extension16Authority_Key_ID10get_key_idEv: 150| 7.04k| const std::vector& get_key_id() const { return m_key_id; } _ZN5Botan14Cert_Extension16Authority_Key_ID10static_oidEv: 152| 7.04k| static OID static_oid() { return OID({2, 5, 29, 35}); } _ZNK5Botan14Cert_Extension16Authority_Key_ID8oid_nameEv: 157| 7.04k| std::string oid_name() const override { return "X509v3.AuthorityKeyIdentifier"; } _ZNK5Botan14Cert_Extension24Subject_Alternative_Name12get_alt_nameEv: 174| 7.04k| const AlternativeName& get_alt_name() const { return m_alt_name; } _ZN5Botan14Cert_Extension24Subject_Alternative_Name10static_oidEv: 176| 7.04k| static OID static_oid() { return OID({2, 5, 29, 17}); } _ZN5Botan14Cert_Extension24Subject_Alternative_NameC2ERKNS_15AlternativeNameE: 184| 7.04k| explicit Subject_Alternative_Name(const AlternativeName& name = AlternativeName()) : m_alt_name(name) {} _ZNK5Botan14Cert_Extension24Subject_Alternative_Name8oid_nameEv: 187| 7.04k| std::string oid_name() const override { return "X509v3.SubjectAlternativeName"; } _ZN5Botan14Cert_Extension23Issuer_Alternative_Name10static_oidEv: 206| 7.04k| static OID static_oid() { return OID({2, 5, 29, 18}); } _ZN5Botan14Cert_Extension18Extended_Key_Usage10static_oidEv: 244| 7.04k| static OID static_oid() { return OID({2, 5, 29, 37}); } _ZN5Botan14Cert_Extension16Name_Constraints10static_oidEv: 282| 7.04k| static OID static_oid() { return OID({2, 5, 29, 30}); } _ZN5Botan14Cert_Extension20Certificate_Policies10static_oidEv: 314| 7.04k| static OID static_oid() { return OID({2, 5, 29, 32}); } _ZN5Botan14Cert_Extension28Authority_Information_Access10static_oidEv: 371| 7.04k| static OID static_oid() { return OID({1, 3, 6, 1, 5, 5, 7, 1, 1}); } _ZN5Botan14Cert_Extension23CRL_Distribution_Points10static_oidEv: 487| 7.04k| static OID static_oid() { return OID({2, 5, 29, 31}); } _ZN5Botan14Cert_Extension14Subject_Key_IDC2Ev: 108| 7.04k| Subject_Key_ID() = default; _ZN5Botan14Cert_Extension16Authority_Key_IDC2Ev: 146| 7.04k| Authority_Key_ID() = default; _ZN5Botan11X509_ObjectC2Ev: 120| 7.39k| X509_Object() = default; _ZN5Botan16X509_CertificateC2ERKS0_: 541| 6.79k| X509_Certificate(const X509_Certificate& other) = default; LLVMFuzzerInitialize: 28| 2|extern "C" int LLVMFuzzerInitialize(int* /*argc*/, char*** /*argv*/) { 29| | /* 30| | * This disables the mlock pool, as overwrites within the pool are 31| | * opaque to ASan or other instrumentation. 32| | */ 33| 2| ::setenv("BOTAN_MLOCK_POOL_SIZE", "0", 1); 34| 2| return 0; 35| 2|} LLVMFuzzerTestOneInput: 39| 7.05k|extern "C" int LLVMFuzzerTestOneInput(const uint8_t in[], size_t len) { 40| 7.05k| if(len <= max_fuzzer_input_size) { ------------------ | Branch (40:7): [True: 7.04k, False: 6] ------------------ 41| 7.04k| try { 42| 7.04k| fuzz(std::span(in, len)); 43| 7.04k| } catch(const std::exception& e) { 44| 0| std::cerr << "Uncaught exception from fuzzer driver " << e.what() << "\n"; 45| 0| abort(); 46| 0| } catch(...) { 47| 0| std::cerr << "Uncaught exception from fuzzer driver (unknown type)\n"; 48| 0| abort(); 49| 0| } 50| 7.04k| } 51| 7.05k| return 0; 52| 7.05k|} _Z20fuzzer_rng_as_sharedv: 56| 7.04k|inline std::shared_ptr fuzzer_rng_as_shared() { 57| 7.04k| static const std::shared_ptr rng = 58| 7.04k| std::make_shared(Botan::secure_vector(32)); 59| 7.04k| return rng; 60| 7.04k|} _Z4fuzzNSt3__14spanIKhLm18446744073709551615EEE: 175| 7.04k|void fuzz(std::span in) { 176| 7.04k| if(in.size() <= 1) { ------------------ | Branch (176:7): [True: 1, False: 7.04k] ------------------ 177| 1| return; 178| 1| } 179| | 180| 7.04k| auto session_manager = std::make_shared(); 181| 7.04k| auto policy = std::make_shared(); 182| 7.04k| const Botan::TLS::Server_Information info("server.name", 443); 183| 7.04k| auto creds = std::make_shared(); 184| 7.04k| auto callbacks = std::make_shared(); 185| | 186| 7.04k| const bool is_datagram = (in[0] & 1) == 1; 187| | 188| 7.04k| Botan::TLS::Server server(callbacks, session_manager, creds, policy, fuzzer_rng_as_shared(), is_datagram); 189| | 190| 7.04k| try { 191| 7.04k| server.received_data(in.subspan(1, in.size() - 1)); 192| 7.04k| } catch(const std::exception& e) {} 193| 7.04k|} tls_server.cpp:_ZNK12_GLOBAL__N_117Fuzzer_TLS_Policy16ciphersuite_listEN5Botan3TLS16Protocol_VersionE: 122| 3.39k| std::vector ciphersuite_list(Botan::TLS::Protocol_Version version) const override { 123| 3.39k| std::vector ciphersuites; 124| | 125| 346k| for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites()) { ------------------ | Branch (125:27): [True: 346k, False: 3.39k] ------------------ 126| 346k| if(suite.valid() and suite.usable_in_version(version)) { ------------------ | Branch (126:16): [True: 319k, False: 27.1k] | Branch (126:34): [True: 302k, False: 16.9k] ------------------ 127| 302k| ciphersuites.push_back(suite.ciphersuite_code()); 128| 302k| } 129| 346k| } 130| | 131| 3.39k| return ciphersuites; 132| 3.39k| } tls_server.cpp:_ZN12_GLOBAL__N_123Fuzzer_TLS_Server_CredsC2Ev: 49| 7.04k| Fuzzer_TLS_Server_Creds() { 50| 7.04k| Botan::DataSource_Memory cert_in(fixed_ecdsa_cert); 51| 7.04k| m_ecdsa_cert = std::make_unique(cert_in); 52| | 53| 7.04k| Botan::DataSource_Memory key_in(fixed_ecdsa_key); 54| 7.04k| m_ecdsa_key.reset(Botan::PKCS8::load_key(key_in).release()); 55| 7.04k| } tls_server.cpp:_ZN12_GLOBAL__N_123Fuzzer_TLS_Server_Creds10cert_chainERKNSt3__16vectorINS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS6_IS8_EEEERKNS2_IN5Botan19AlgorithmIdentifierENS6_ISE_EEEERKS8_SK_: 61| 6.78k| const std::string& /*hostname*/) override { 62| 6.78k| std::vector v; 63| | 64| 6.78k| for(const auto& algo : algos) { ------------------ | Branch (64:31): [True: 6.78k, False: 3.39k] ------------------ 65| 6.78k| if(algo == "ECDSA") { ------------------ | Branch (65:16): [True: 3.39k, False: 3.39k] ------------------ 66| 3.39k| v.push_back(*m_ecdsa_cert); 67| 3.39k| break; 68| 3.39k| } 69| 6.78k| } 70| | 71| 6.78k| return v; 72| 6.78k| } tls_server.cpp:_ZN12_GLOBAL__N_123Fuzzer_TLS_Server_Creds15private_key_forERKN5Botan16X509_CertificateERKNSt3__112basic_stringIcNS5_11char_traitsIcEENS5_9allocatorIcEEEESD_: 76| 4| const std::string& /*context*/) override { 77| 4| if(type == "ECDSA") { ------------------ | Branch (77:13): [True: 0, False: 4] ------------------ 78| 0| return m_ecdsa_key; 79| 0| } 80| 4| return nullptr; 81| 4| } tls_server.cpp:_ZN12_GLOBAL__N_123Fuzzer_TLS_Server_Creds18dtls_cookie_secretEv: 87| 8.63k| Botan::secure_vector dtls_cookie_secret() override { 88| 8.63k| return Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899"); 89| 8.63k| } tls_server.cpp:_ZN12_GLOBAL__N_123Fuzzer_TLS_Server_Creds17psk_identity_hintERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEES9_: 91| 3.22k| std::string psk_identity_hint(const std::string& /*type*/, const std::string& /*context*/) override { 92| 3.22k| return "psk_hint"; 93| 3.22k| } tls_server.cpp:_ZN12_GLOBAL__N_123Fuzzer_TLS_Server_Creds19find_preshared_keysENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEN5Botan3TLS15Connection_SideERKNS1_6vectorINS1_12basic_stringIcS4_NS1_9allocatorIcEEEENSB_ISD_EEEERKNS1_8optionalISD_EE: 105| 2.38k| const std::optional& prf = std::nullopt) override { 106| 2.38k| if(!identities.empty() && std::find(identities.begin(), identities.end(), "psk_id") == identities.end()) { ------------------ | Branch (106:13): [True: 2.38k, False: 0] | Branch (106:13): [True: 30, False: 2.35k] | Branch (106:36): [True: 30, False: 2.35k] ------------------ 107| 30| return Botan::Credentials_Manager::find_preshared_keys(host, whoami, identities, prf); 108| 30| } 109| | 110| 2.35k| std::vector psks; 111| 2.35k| psks.emplace_back("psk_id", "SHA-256", Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899")); 112| 2.35k| return psks; 113| 2.38k| } tls_server.cpp:_ZN12_GLOBAL__N_127Fuzzer_TLS_Server_Callbacks13tls_emit_dataENSt3__14spanIKhLm18446744073709551615EEE: 137| 23.3k| void tls_emit_data(std::span /*data*/) override { 138| | // discard 139| 23.3k| } tls_server.cpp:_ZN12_GLOBAL__N_127Fuzzer_TLS_Server_Callbacks9tls_alertEN5Botan3TLS5AlertE: 145| 2.18k| void tls_alert(Botan::TLS::Alert /*alert*/) override { 146| | // ignore alert 147| 2.18k| } tls_server.cpp:_ZN12_GLOBAL__N_127Fuzzer_TLS_Server_Callbacks30tls_server_choose_app_protocolERKNSt3__16vectorINS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS6_IS8_EEEE: 149| 16| std::string tls_server_choose_app_protocol(const std::vector& client_protos) override { 150| 16| if(client_protos.size() > 1) { ------------------ | Branch (150:13): [True: 14, False: 2] ------------------ 151| 14| return client_protos[0]; 152| 14| } else { 153| 2| return "fuzzy"; 154| 2| } 155| 16| } _ZN5Botan19AlgorithmIdentifierC2ERKNS_3OIDERKNSt3__16vectorIhNS4_9allocatorIhEEEE: 19| 12.5k| m_oid(oid), m_parameters(param) {} _ZN5Botan19AlgorithmIdentifierC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEERKNS1_6vectorIhNS1_9allocatorIhEEEE: 25| 6.26k| AlgorithmIdentifier(OID::from_string(oid), param) {} _ZN5Botan19AlgorithmIdentifierC2ERKNS_3OIDENS0_15Encoding_OptionE: 30| 956|AlgorithmIdentifier::AlgorithmIdentifier(const OID& oid, Encoding_Option option) : m_oid(oid) { 31| 956| constexpr uint8_t DER_NULL[] = {0x05, 0x00}; 32| | 33| 956| if(option == USE_NULL_PARAM) { ------------------ | Branch (33:7): [True: 756, False: 200] ------------------ 34| 756| m_parameters.assign(DER_NULL, DER_NULL + 2); 35| 756| } 36| 956|} _ZN5Botan19AlgorithmIdentifierC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEENS0_15Encoding_OptionE: 41| 6.26k|AlgorithmIdentifier::AlgorithmIdentifier(std::string_view oid, Encoding_Option option) : m_oid(OID::from_string(oid)) { 42| 6.26k| constexpr uint8_t DER_NULL[2] = {0x05, 0x00}; 43| | 44| 6.26k| if(option == USE_NULL_PARAM) { ------------------ | Branch (44:7): [True: 6.26k, False: 0] ------------------ 45| 6.26k| m_parameters.assign(DER_NULL, DER_NULL + 2); 46| 6.26k| } 47| 6.26k|} _ZN5BotaneqERKNS_19AlgorithmIdentifierES2_: 53| 7.04k|bool operator==(const AlgorithmIdentifier& a1, const AlgorithmIdentifier& a2) { 54| 7.04k| if(a1.oid() != a2.oid()) { ------------------ | Branch (54:7): [True: 0, False: 7.04k] ------------------ 55| 0| return false; 56| 0| } 57| | 58| | /* 59| | * Treat NULL and empty as equivalent 60| | */ 61| 7.04k| if(a1.parameters_are_null_or_empty() && a2.parameters_are_null_or_empty()) { ------------------ | Branch (61:7): [True: 7.04k, False: 0] | Branch (61:44): [True: 7.04k, False: 0] ------------------ 62| 7.04k| return true; 63| 7.04k| } 64| | 65| 0| return (a1.parameters() == a2.parameters()); 66| 7.04k|} _ZN5BotanneERKNS_19AlgorithmIdentifierES2_: 68| 7.04k|bool operator!=(const AlgorithmIdentifier& a1, const AlgorithmIdentifier& a2) { 69| 7.04k| return !(a1 == a2); 70| 7.04k|} _ZNK5Botan19AlgorithmIdentifier11encode_intoERNS_11DER_EncoderE: 75| 25.8k|void AlgorithmIdentifier::encode_into(DER_Encoder& codec) const { 76| 25.8k| codec.start_sequence().encode(oid()).raw_bytes(parameters()).end_cons(); 77| 25.8k|} _ZN5Botan19AlgorithmIdentifier11decode_fromERNS_11BER_DecoderE: 82| 28.3k|void AlgorithmIdentifier::decode_from(BER_Decoder& codec) { 83| 28.3k| codec.start_sequence().decode(m_oid).raw_bytes(m_parameters).end_cons(); 84| 28.3k|} _ZNK5Botan11ASN1_Object10BER_encodeEv: 20| 13.3k|std::vector ASN1_Object::BER_encode() const { 21| 13.3k| std::vector output; 22| 13.3k| DER_Encoder der(output); 23| 13.3k| this->encode_into(der); 24| 13.3k| return output; 25| 13.3k|} _ZN5Botan10BER_ObjectD2Ev: 27| 1.26M|BER_Object::~BER_Object() { 28| 1.26M| secure_scrub_memory(m_value); 29| 1.26M|} _ZNK5Botan10BER_Object11assert_is_aENS_9ASN1_TypeENS_10ASN1_ClassENSt3__117basic_string_viewIcNS3_11char_traitsIcEEEE: 34| 339k|void BER_Object::assert_is_a(ASN1_Type expected_type_tag, ASN1_Class expected_class_tag, std::string_view descr) const { 35| 339k| if(!this->is_a(expected_type_tag, expected_class_tag)) { ------------------ | Branch (35:7): [True: 162, False: 339k] ------------------ 36| 162| std::stringstream msg; 37| | 38| 162| msg << "Tag mismatch when decoding " << descr << " got "; 39| | 40| 162| if(m_class_tag == ASN1_Class::NoObject && m_type_tag == ASN1_Type::NoObject) { ------------------ | Branch (40:10): [True: 6, False: 156] | Branch (40:49): [True: 6, False: 0] ------------------ 41| 6| msg << "EOF"; 42| 156| } else { 43| 156| if(m_class_tag == ASN1_Class::Universal || m_class_tag == ASN1_Class::Constructed) { ------------------ | Branch (43:13): [True: 28, False: 128] | Branch (43:53): [True: 63, False: 65] ------------------ 44| 91| msg << asn1_tag_to_string(m_type_tag); 45| 91| } else { 46| 65| msg << std::to_string(static_cast(m_type_tag)); 47| 65| } 48| | 49| 156| msg << "/" << asn1_class_to_string(m_class_tag); 50| 156| } 51| | 52| 162| msg << " expected "; 53| | 54| 162| if(expected_class_tag == ASN1_Class::Universal || expected_class_tag == ASN1_Class::Constructed) { ------------------ | Branch (54:10): [True: 60, False: 102] | Branch (54:57): [True: 102, False: 0] ------------------ 55| 162| msg << asn1_tag_to_string(expected_type_tag); 56| 162| } else { 57| 0| msg << std::to_string(static_cast(expected_type_tag)); 58| 0| } 59| | 60| 162| msg << "/" << asn1_class_to_string(expected_class_tag); 61| | 62| 162| throw BER_Decoding_Error(msg.str()); 63| 162| } 64| 339k|} _ZNK5Botan10BER_Object4is_aENS_9ASN1_TypeENS_10ASN1_ClassE: 66| 459k|bool BER_Object::is_a(ASN1_Type expected_type_tag, ASN1_Class expected_class_tag) const { 67| 459k| return (m_type_tag == expected_type_tag && m_class_tag == expected_class_tag); ------------------ | Branch (67:12): [True: 388k, False: 70.6k] | Branch (67:47): [True: 388k, False: 7] ------------------ 68| 459k|} _ZNK5Botan10BER_Object4is_aEiNS_10ASN1_ClassE: 70| 35.2k|bool BER_Object::is_a(int expected_type_tag, ASN1_Class expected_class_tag) const { 71| 35.2k| return is_a(ASN1_Type(expected_type_tag), expected_class_tag); 72| 35.2k|} _ZN5Botan10BER_Object11set_taggingENS_9ASN1_TypeENS_10ASN1_ClassE: 74| 544k|void BER_Object::set_tagging(ASN1_Type type_tag, ASN1_Class class_tag) { 75| 544k| m_type_tag = type_tag; 76| 544k| m_class_tag = class_tag; 77| 544k|} _ZN5Botan20asn1_class_to_stringENS_10ASN1_ClassE: 79| 318|std::string asn1_class_to_string(ASN1_Class type) { 80| 318| switch(type) { 81| 88| case ASN1_Class::Universal: ------------------ | Branch (81:7): [True: 88, False: 230] ------------------ 82| 88| return "UNIVERSAL"; 83| 165| case ASN1_Class::Constructed: ------------------ | Branch (83:7): [True: 165, False: 153] ------------------ 84| 165| return "CONSTRUCTED"; 85| 2| case ASN1_Class::ContextSpecific: ------------------ | Branch (85:7): [True: 2, False: 316] ------------------ 86| 2| return "CONTEXT_SPECIFIC"; 87| 3| case ASN1_Class::Application: ------------------ | Branch (87:7): [True: 3, False: 315] ------------------ 88| 3| return "APPLICATION"; 89| 2| case ASN1_Class::Private: ------------------ | Branch (89:7): [True: 2, False: 316] ------------------ 90| 2| return "PRIVATE"; 91| 0| case ASN1_Class::NoObject: ------------------ | Branch (91:7): [True: 0, False: 318] ------------------ 92| 0| return "NO_OBJECT"; 93| 58| default: ------------------ | Branch (93:7): [True: 58, False: 260] ------------------ 94| 58| return "CLASS(" + std::to_string(static_cast(type)) + ")"; 95| 318| } 96| 318|} _ZN5Botan18asn1_tag_to_stringENS_9ASN1_TypeE: 98| 290|std::string asn1_tag_to_string(ASN1_Type type) { 99| 290| switch(type) { 100| 102| case ASN1_Type::Sequence: ------------------ | Branch (100:7): [True: 102, False: 188] ------------------ 101| 102| return "SEQUENCE"; 102| | 103| 4| case ASN1_Type::Set: ------------------ | Branch (103:7): [True: 4, False: 286] ------------------ 104| 4| return "SET"; 105| | 106| 2| case ASN1_Type::PrintableString: ------------------ | Branch (106:7): [True: 2, False: 288] ------------------ 107| 2| return "PRINTABLE STRING"; 108| | 109| 3| case ASN1_Type::NumericString: ------------------ | Branch (109:7): [True: 3, False: 287] ------------------ 110| 3| return "NUMERIC STRING"; 111| | 112| 4| case ASN1_Type::Ia5String: ------------------ | Branch (112:7): [True: 4, False: 286] ------------------ 113| 4| return "IA5 STRING"; 114| | 115| 1| case ASN1_Type::TeletexString: ------------------ | Branch (115:7): [True: 1, False: 289] ------------------ 116| 1| return "T61 STRING"; 117| | 118| 31| case ASN1_Type::Utf8String: ------------------ | Branch (118:7): [True: 31, False: 259] ------------------ 119| 31| return "UTF8 STRING"; 120| | 121| 3| case ASN1_Type::VisibleString: ------------------ | Branch (121:7): [True: 3, False: 287] ------------------ 122| 3| return "VISIBLE STRING"; 123| | 124| 1| case ASN1_Type::BmpString: ------------------ | Branch (124:7): [True: 1, False: 289] ------------------ 125| 1| return "BMP STRING"; 126| | 127| 2| case ASN1_Type::UniversalString: ------------------ | Branch (127:7): [True: 2, False: 288] ------------------ 128| 2| return "UNIVERSAL STRING"; 129| | 130| 1| case ASN1_Type::UtcTime: ------------------ | Branch (130:7): [True: 1, False: 289] ------------------ 131| 1| return "UTC TIME"; 132| | 133| 2| case ASN1_Type::GeneralizedTime: ------------------ | Branch (133:7): [True: 2, False: 288] ------------------ 134| 2| return "GENERALIZED TIME"; 135| | 136| 1| case ASN1_Type::OctetString: ------------------ | Branch (136:7): [True: 1, False: 289] ------------------ 137| 1| return "OCTET STRING"; 138| | 139| 18| case ASN1_Type::BitString: ------------------ | Branch (139:7): [True: 18, False: 272] ------------------ 140| 18| return "BIT STRING"; 141| | 142| 1| case ASN1_Type::Enumerated: ------------------ | Branch (142:7): [True: 1, False: 289] ------------------ 143| 1| return "ENUMERATED"; 144| | 145| 50| case ASN1_Type::Integer: ------------------ | Branch (145:7): [True: 50, False: 240] ------------------ 146| 50| return "INTEGER"; 147| | 148| 1| case ASN1_Type::Null: ------------------ | Branch (148:7): [True: 1, False: 289] ------------------ 149| 1| return "NULL"; 150| | 151| 1| case ASN1_Type::ObjectId: ------------------ | Branch (151:7): [True: 1, False: 289] ------------------ 152| 1| return "OBJECT"; 153| | 154| 3| case ASN1_Type::Boolean: ------------------ | Branch (154:7): [True: 3, False: 287] ------------------ 155| 3| return "BOOLEAN"; 156| | 157| 0| case ASN1_Type::NoObject: ------------------ | Branch (157:7): [True: 0, False: 290] ------------------ 158| 0| return "NO_OBJECT"; 159| | 160| 59| default: ------------------ | Branch (160:7): [True: 59, False: 231] ------------------ 161| 59| return "TAG(" + std::to_string(static_cast(type)) + ")"; 162| 290| } 163| 290|} _ZN5Botan18BER_Decoding_ErrorC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 168| 449|BER_Decoding_Error::BER_Decoding_Error(std::string_view err) : Decoding_Error(fmt("BER: {}", err)) {} _ZN5Botan11BER_Bad_TagC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEj: 170| 26|BER_Bad_Tag::BER_Bad_Tag(std::string_view str, uint32_t tagging) : BER_Decoding_Error(fmt("{}: {}", str, tagging)) {} _ZN5Botan4ASN115put_in_sequenceERKNSt3__16vectorIhNS1_9allocatorIhEEEE: 177| 21.1k|std::vector put_in_sequence(const std::vector& contents) { 178| 21.1k| return ASN1::put_in_sequence(contents.data(), contents.size()); 179| 21.1k|} _ZN5Botan4ASN115put_in_sequenceEPKhm: 181| 21.1k|std::vector put_in_sequence(const uint8_t bits[], size_t len) { 182| 21.1k| std::vector output; 183| 21.1k| DER_Encoder(output).start_sequence().raw_bytes(bits, len).end_cons(); 184| 21.1k| return output; 185| 21.1k|} _ZN5Botan4ASN19to_stringERKNS_10BER_ObjectE: 190| 63.4k|std::string to_string(const BER_Object& obj) { 191| 63.4k| return bytes_to_string(obj.data()); 192| 63.4k|} _ZN5Botan4ASN19maybe_BERERNS_10DataSourceE: 197| 14.4k|bool maybe_BER(DataSource& source) { 198| 14.4k| uint8_t first_u8 = 0; 199| 14.4k| if(source.peek_byte(first_u8) == 0) { ------------------ | Branch (199:7): [True: 1, False: 14.4k] ------------------ 200| 1| BOTAN_ASSERT_EQUAL(source.read_byte(first_u8), 0, "Expected EOF"); ------------------ | | 90| 1| do { \ | | 91| 1| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 92| 1| if((expr1) != (expr2)) { \ | | ------------------ | | | Branch (92:10): [True: 0, False: 1] | | ------------------ | | 93| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 94| 0| Botan::assertion_failure(#expr1 " == " #expr2, assertion_made, __func__, __FILE__, __LINE__); \ | | 95| 0| } \ | | 96| 1| } while(0) | | ------------------ | | | Branch (96:12): [Folded, False: 1] | | ------------------ ------------------ 201| 1| throw Stream_IO_Error("ASN1::maybe_BER: Source was empty"); 202| 1| } 203| | 204| 14.4k| const auto cons_seq = static_cast(ASN1_Class::Constructed) | static_cast(ASN1_Type::Sequence); 205| 14.4k| return first_u8 == cons_seq; 206| 14.4k|} _ZN5Botan3OID9from_nameENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 72| 5.40k|std::optional OID::from_name(std::string_view name) { 73| 5.40k| if(name.empty()) { ------------------ | Branch (73:7): [True: 0, False: 5.40k] ------------------ 74| 0| throw Invalid_Argument("OID::from_name argument must be non-empty"); 75| 0| } 76| | 77| 5.40k| OID o = OID_Map::global_registry().str2oid(name); 78| 5.40k| if(o.has_value()) { ------------------ | Branch (78:7): [True: 5.40k, False: 0] ------------------ 79| 5.40k| return std::optional(o); 80| 5.40k| } 81| | 82| 0| return std::nullopt; 83| 5.40k|} _ZN5Botan3OID11from_stringENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 86| 26.7k|OID OID::from_string(std::string_view str) { 87| 26.7k| if(str.empty()) { ------------------ | Branch (87:7): [True: 0, False: 26.7k] ------------------ 88| 0| throw Invalid_Argument("OID::from_string argument must be non-empty"); 89| 0| } 90| | 91| 26.7k| OID o = OID_Map::global_registry().str2oid(str); 92| 26.7k| if(o.has_value()) { ------------------ | Branch (92:7): [True: 26.7k, False: 0] ------------------ 93| 26.7k| return o; 94| 26.7k| } 95| | 96| | // Try to parse as a dotted decimal 97| 0| try { 98| 0| return OID(str); 99| 0| } catch(...) {} 100| | 101| 0| throw Lookup_Error(fmt("No OID associated with name '{}'", str)); 102| 0|} _ZN5Botan3OIDC2ESt16initializer_listIjE: 104| 109k|OID::OID(std::initializer_list init) : m_id(init) { 105| 109k| oid_valid_check(m_id); 106| 109k|} _ZNK5Botan3OID19to_formatted_stringEv: 139| 7.04k|std::string OID::to_formatted_string() const { 140| 7.04k| std::string s = this->human_name_or_empty(); 141| 7.04k| if(!s.empty()) { ------------------ | Branch (141:7): [True: 7.04k, False: 0] ------------------ 142| 7.04k| return s; 143| 7.04k| } 144| 0| return this->to_string(); 145| 7.04k|} _ZNK5Botan3OID19human_name_or_emptyEv: 147| 14.0k|std::string OID::human_name_or_empty() const { 148| 14.0k| return OID_Map::global_registry().oid2str(*this); 149| 14.0k|} _ZNK5Botan3OID7matchesESt16initializer_listIjE: 155| 14.0k|bool OID::matches(std::initializer_list other) const { 156| | // TODO: once all target compilers support it, use std::ranges::equal 157| 14.0k| return std::equal(m_id.begin(), m_id.end(), other.begin(), other.end()); 158| 14.0k|} _ZNK5Botan3OID9hash_codeEv: 160| 14.0k|uint64_t OID::hash_code() const { 161| | // If this is changed also update gen_oids.py to match 162| 14.0k| uint64_t hash = 0x621F302327D9A49A; 163| 84.5k| for(auto id : m_id) { ------------------ | Branch (163:16): [True: 84.5k, False: 14.0k] ------------------ 164| 84.5k| hash *= 193; 165| 84.5k| hash += id; 166| 84.5k| } 167| 14.0k| return hash; 168| 14.0k|} _ZN5BotanltERKNS_3OIDES2_: 173| 352k|bool operator<(const OID& a, const OID& b) { 174| 352k| const std::vector& oid1 = a.get_components(); 175| 352k| const std::vector& oid2 = b.get_components(); 176| | 177| 352k| return std::lexicographical_compare(oid1.begin(), oid1.end(), oid2.begin(), oid2.end()); 178| 352k|} _ZNK5Botan3OID11encode_intoERNS_11DER_EncoderE: 183| 25.8k|void OID::encode_into(DER_Encoder& der) const { 184| 25.8k| if(m_id.size() < 2) { ------------------ | Branch (184:7): [True: 0, False: 25.8k] ------------------ 185| 0| throw Invalid_Argument("OID::encode_into: OID is invalid"); 186| 0| } 187| | 188| 25.8k| auto append = [](std::vector& encoding, uint32_t z) { 189| 25.8k| if(z <= 0x7F) { 190| 25.8k| encoding.push_back(static_cast(z)); 191| 25.8k| } else { 192| 25.8k| const size_t z7 = (high_bit(z) + 7 - 1) / 7; 193| | 194| 25.8k| for(size_t j = 0; j != z7; ++j) { 195| 25.8k| uint8_t zp = static_cast(z >> (7 * (z7 - j - 1)) & 0x7F); 196| | 197| 25.8k| if(j != z7 - 1) { 198| 25.8k| zp |= 0x80; 199| 25.8k| } 200| | 201| 25.8k| encoding.push_back(zp); 202| 25.8k| } 203| 25.8k| } 204| 25.8k| }; 205| | 206| 25.8k| std::vector encoding; 207| | 208| | // We know 40 * root can't overflow because root is between 0 and 2 209| 25.8k| auto first = checked_add(40 * m_id[0], m_id[1]); 210| 25.8k| BOTAN_ASSERT_NOMSG(first.has_value()); ------------------ | | 77| 25.8k| do { \ | | 78| 25.8k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 25.8k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 25.8k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 25.8k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 25.8k] | | ------------------ ------------------ 211| | 212| 25.8k| append(encoding, *first); 213| | 214| 180k| for(size_t i = 2; i != m_id.size(); ++i) { ------------------ | Branch (214:22): [True: 154k, False: 25.8k] ------------------ 215| 154k| append(encoding, m_id[i]); 216| 154k| } 217| 25.8k| der.add_object(ASN1_Type::ObjectId, ASN1_Class::Universal, encoding); 218| 25.8k|} _ZN5Botan3OID11decode_fromERNS_11BER_DecoderE: 223| 106k|void OID::decode_from(BER_Decoder& decoder) { 224| 106k| const BER_Object obj = decoder.get_next_object(); 225| 106k| if(obj.tagging() != (ASN1_Class::Universal | ASN1_Type::ObjectId)) { ------------------ | Branch (225:7): [True: 26, False: 106k] ------------------ 226| 26| throw BER_Bad_Tag("Error decoding OID, unknown tag", obj.tagging()); 227| 26| } 228| | 229| 106k| if(obj.length() == 0) { ------------------ | Branch (229:7): [True: 1, False: 106k] ------------------ 230| 1| throw BER_Decoding_Error("OID encoding is too short"); 231| 1| } 232| | 233| 106k| auto consume = [](BufferSlicer& data) -> uint32_t { 234| 106k| BOTAN_ASSERT_NOMSG(!data.empty()); 235| 106k| uint32_t b = data.take_byte(); 236| | 237| 106k| if(b > 0x7F) { 238| 106k| b &= 0x7F; 239| | 240| | // Even BER requires that the OID have minimal length, ie that 241| | // the first byte of a multibyte encoding cannot be zero 242| | // See X.690 section 8.19.2 243| 106k| if(b == 0) { 244| 106k| throw Decoding_Error("Leading zero byte in multibyte OID encoding"); 245| 106k| } 246| | 247| 106k| while(true) { 248| 106k| if(data.empty()) { 249| 106k| throw Decoding_Error("Truncated OID value"); 250| 106k| } 251| | 252| 106k| const uint8_t next = data.take_byte(); 253| 106k| const bool more = (next & 0x80) == 0x80; 254| 106k| const uint8_t value = next & 0x7F; 255| | 256| 106k| if((b >> (32 - 7)) != 0) { 257| 106k| throw Decoding_Error("OID component overflow"); 258| 106k| } 259| | 260| 106k| b = (b << 7) | value; 261| | 262| 106k| if(!more) { 263| 106k| break; 264| 106k| } 265| 106k| } 266| 106k| } 267| | 268| 106k| return b; 269| 106k| }; 270| | 271| 106k| BufferSlicer data(obj.data()); 272| 106k| std::vector parts; 273| 516k| while(!data.empty()) { ------------------ | Branch (273:10): [True: 410k, False: 106k] ------------------ 274| 410k| const uint32_t comp = consume(data); 275| | 276| 410k| if(parts.empty()) { ------------------ | Branch (276:10): [True: 106k, False: 304k] ------------------ 277| | // divide into root and second arc 278| | 279| 106k| const uint32_t root_arc = [](uint32_t b0) -> uint32_t { 280| 106k| if(b0 < 40) { 281| 106k| return 0; 282| 106k| } else if(b0 < 80) { 283| 106k| return 1; 284| 106k| } else { 285| 106k| return 2; 286| 106k| } 287| 106k| }(comp); 288| | 289| 106k| parts.push_back(root_arc); 290| 106k| BOTAN_ASSERT_NOMSG(comp >= 40 * root_arc); ------------------ | | 77| 106k| do { \ | | 78| 106k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 106k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 106k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 106k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 106k] | | ------------------ ------------------ 291| 106k| parts.push_back(comp - 40 * root_arc); 292| 304k| } else { 293| 304k| parts.push_back(comp); 294| 304k| } 295| 410k| } 296| | 297| 106k| m_id = parts; 298| 106k|} asn1_oid.cpp:_ZN5Botan12_GLOBAL__N_115oid_valid_checkENSt3__14spanIKjLm18446744073709551615EEE: 26| 109k|void oid_valid_check(std::span oid) { 27| 109k| BOTAN_ARG_CHECK(oid.size() >= 2, "OID too short to be valid"); ------------------ | | 35| 109k| do { \ | | 36| 109k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 109k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 109k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 109k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 109k] | | ------------------ ------------------ 28| 109k| BOTAN_ARG_CHECK(oid[0] <= 2, "OID root out of range"); ------------------ | | 35| 109k| do { \ | | 36| 109k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 109k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 109k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 109k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 109k] | | ------------------ ------------------ 29| 109k| BOTAN_ARG_CHECK(oid[1] <= 39 || oid[0] == 2, "OID second arc too large"); ------------------ | | 35| 109k| do { \ | | 36| 109k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 109k| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 109k, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 109k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 109k] | | ------------------ ------------------ 30| | // This last is a limitation of using 32 bit integers when decoding 31| | // not a limitation of ASN.1 object identifiers in general 32| 109k| BOTAN_ARG_CHECK(oid[1] <= 0xFFFFFFAF, "OID second arc too large"); ------------------ | | 35| 109k| do { \ | | 36| 109k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 109k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 109k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 109k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 109k] | | ------------------ ------------------ 33| 109k|} asn1_oid.cpp:_ZZNK5Botan3OID11encode_intoERNS_11DER_EncoderEENK3$_0clERNSt3__16vectorIhNS4_9allocatorIhEEEEj: 188| 180k| auto append = [](std::vector& encoding, uint32_t z) { 189| 180k| if(z <= 0x7F) { ------------------ | Branch (189:10): [True: 141k, False: 39.1k] ------------------ 190| 141k| encoding.push_back(static_cast(z)); 191| 141k| } else { 192| 39.1k| const size_t z7 = (high_bit(z) + 7 - 1) / 7; 193| | 194| 123k| for(size_t j = 0; j != z7; ++j) { ------------------ | Branch (194:28): [True: 84.5k, False: 39.1k] ------------------ 195| 84.5k| uint8_t zp = static_cast(z >> (7 * (z7 - j - 1)) & 0x7F); 196| | 197| 84.5k| if(j != z7 - 1) { ------------------ | Branch (197:16): [True: 45.4k, False: 39.1k] ------------------ 198| 45.4k| zp |= 0x80; 199| 45.4k| } 200| | 201| 84.5k| encoding.push_back(zp); 202| 84.5k| } 203| 39.1k| } 204| 180k| }; asn1_oid.cpp:_ZZN5Botan3OID11decode_fromERNS_11BER_DecoderEENK3$_0clERNS_12BufferSlicerE: 233| 410k| auto consume = [](BufferSlicer& data) -> uint32_t { 234| 410k| BOTAN_ASSERT_NOMSG(!data.empty()); ------------------ | | 77| 410k| do { \ | | 78| 410k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 410k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 410k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 410k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 410k] | | ------------------ ------------------ 235| 410k| uint32_t b = data.take_byte(); 236| | 237| 410k| if(b > 0x7F) { ------------------ | Branch (237:10): [True: 70.7k, False: 339k] ------------------ 238| 70.7k| b &= 0x7F; 239| | 240| | // Even BER requires that the OID have minimal length, ie that 241| | // the first byte of a multibyte encoding cannot be zero 242| | // See X.690 section 8.19.2 243| 70.7k| if(b == 0) { ------------------ | Branch (243:13): [True: 3, False: 70.7k] ------------------ 244| 3| throw Decoding_Error("Leading zero byte in multibyte OID encoding"); 245| 3| } 246| | 247| 71.0k| while(true) { ------------------ | Branch (247:16): [True: 71.0k, Folded] ------------------ 248| 71.0k| if(data.empty()) { ------------------ | Branch (248:16): [True: 9, False: 71.0k] ------------------ 249| 9| throw Decoding_Error("Truncated OID value"); 250| 9| } 251| | 252| 71.0k| const uint8_t next = data.take_byte(); 253| 71.0k| const bool more = (next & 0x80) == 0x80; 254| 71.0k| const uint8_t value = next & 0x7F; 255| | 256| 71.0k| if((b >> (32 - 7)) != 0) { ------------------ | Branch (256:16): [True: 21, False: 71.0k] ------------------ 257| 21| throw Decoding_Error("OID component overflow"); 258| 21| } 259| | 260| 71.0k| b = (b << 7) | value; 261| | 262| 71.0k| if(!more) { ------------------ | Branch (262:16): [True: 70.7k, False: 291] ------------------ 263| 70.7k| break; 264| 70.7k| } 265| 71.0k| } 266| 70.7k| } 267| | 268| 410k| return b; 269| 410k| }; asn1_oid.cpp:_ZZN5Botan3OID11decode_fromERNS_11BER_DecoderEENK3$_1clEj: 279| 106k| const uint32_t root_arc = [](uint32_t b0) -> uint32_t { 280| 106k| if(b0 < 40) { ------------------ | Branch (280:16): [True: 178, False: 105k] ------------------ 281| 178| return 0; 282| 105k| } else if(b0 < 80) { ------------------ | Branch (282:23): [True: 35.2k, False: 70.5k] ------------------ 283| 35.2k| return 1; 284| 70.5k| } else { 285| 70.5k| return 2; 286| 70.5k| } 287| 106k| }(comp); _ZN5Botan11ASN1_StringC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEENS_9ASN1_TypeE: 135| 42.5k|ASN1_String::ASN1_String(std::string_view str, ASN1_Type t) : m_utf8_str(str), m_tag(t) { 136| 42.5k| if(!is_utf8_subset_string_type(m_tag)) { ------------------ | Branch (136:7): [True: 0, False: 42.5k] ------------------ 137| 0| throw Invalid_Argument("ASN1_String only supports encoding to UTF-8 or a UTF-8 subset"); 138| 0| } 139| | 140| 42.5k| if(!is_valid_asn1_string_content(m_utf8_str, m_tag)) { ------------------ | Branch (140:7): [True: 0, False: 42.5k] ------------------ 141| 0| throw Invalid_Argument(fmt("ASN1_String: Invalid {} encoding", asn1_tag_to_string(m_tag))); 142| 0| } 143| 42.5k|} _ZN5Botan11ASN1_StringC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 145| 42.5k|ASN1_String::ASN1_String(std::string_view str) : ASN1_String(str, choose_encoding(str)) {} _ZN5Botan11ASN1_String11decode_fromERNS_11BER_DecoderE: 162| 42.5k|void ASN1_String::decode_from(BER_Decoder& source) { 163| 42.5k| const BER_Object obj = source.get_next_object(); 164| | 165| 42.5k| if(obj.get_class() != ASN1_Class::Universal || !is_asn1_string_type(obj.type())) { ------------------ | Branch (165:7): [True: 20, False: 42.4k] | Branch (165:51): [True: 38, False: 42.4k] ------------------ 166| 44| auto typ = static_cast(obj.type()); 167| 44| auto cls = static_cast(obj.get_class()); 168| 44| throw Decoding_Error(fmt("ASN1_String: Unknown string type {}/{}", typ, cls)); 169| 44| } 170| | 171| 42.4k| m_tag = obj.type(); 172| 42.4k| m_data.assign(obj.bits(), obj.bits() + obj.length()); 173| | 174| 42.4k| if(m_tag == ASN1_Type::BmpString) { ------------------ | Branch (174:7): [True: 23, False: 42.4k] ------------------ 175| 23| m_utf8_str = ucs2_to_utf8(m_data); 176| 42.4k| } else if(m_tag == ASN1_Type::UniversalString) { ------------------ | Branch (176:14): [True: 58, False: 42.3k] ------------------ 177| 58| m_utf8_str = ucs4_to_utf8(m_data); 178| 42.3k| } else if(m_tag == ASN1_Type::TeletexString) { ------------------ | Branch (178:14): [True: 24, False: 42.3k] ------------------ 179| | /* 180| | TeletexString is nominally ITU T.61 not ISO-8859-1 but it seems 181| | the majority of implementations actually used that charset here. 182| | */ 183| 24| m_utf8_str = latin1_to_utf8(m_data); 184| 42.3k| } else { 185| | // All other supported string types are UTF-8 or some subset thereof 186| 42.3k| m_utf8_str = ASN1::to_string(obj); 187| | 188| 42.3k| if(!is_valid_asn1_string_content(m_utf8_str, m_tag)) { ------------------ | Branch (188:10): [True: 37, False: 42.3k] ------------------ 189| 37| throw Decoding_Error(fmt("ASN1_String: Invalid {} encoding", asn1_tag_to_string(m_tag))); 190| 37| } 191| 42.3k| } 192| 42.4k|} asn1_str.cpp:_ZN5Botan12_GLOBAL__N_119is_asn1_string_typeENS_9ASN1_TypeE: 99| 42.4k|bool is_asn1_string_type(ASN1_Type tag) { 100| 42.4k| return (is_utf8_subset_string_type(tag) || tag == ASN1_Type::TeletexString || tag == ASN1_Type::BmpString || ------------------ | Branch (100:12): [True: 42.3k, False: 143] | Branch (100:47): [True: 24, False: 119] | Branch (100:82): [True: 23, False: 96] ------------------ 101| 96| tag == ASN1_Type::UniversalString); ------------------ | Branch (101:12): [True: 58, False: 38] ------------------ 102| 42.4k|} asn1_str.cpp:_ZN5Botan12_GLOBAL__N_126is_utf8_subset_string_typeENS_9ASN1_TypeE: 94| 169k|bool is_utf8_subset_string_type(ASN1_Type tag) { 95| 169k| return (tag == ASN1_Type::NumericString || tag == ASN1_Type::PrintableString || tag == ASN1_Type::VisibleString || ------------------ | Branch (95:12): [True: 4, False: 169k] | Branch (95:47): [True: 141k, False: 28.4k] | Branch (95:84): [True: 20, False: 28.4k] ------------------ 96| 28.4k| tag == ASN1_Type::Ia5String || tag == ASN1_Type::Utf8String); ------------------ | Branch (96:12): [True: 24, False: 28.4k] | Branch (96:43): [True: 28.2k, False: 143] ------------------ 97| 169k|} asn1_str.cpp:_ZN5Botan12_GLOBAL__N_128is_valid_asn1_string_contentERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS_9ASN1_TypeE: 104| 84.8k|bool is_valid_asn1_string_content(const std::string& str, ASN1_Type tag) { 105| 84.8k| BOTAN_ASSERT_NOMSG(is_utf8_subset_string_type(tag)); ------------------ | | 77| 84.8k| do { \ | | 78| 84.8k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 84.8k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 84.8k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 84.8k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 84.8k] | | ------------------ ------------------ 106| | 107| 84.8k| switch(tag) { 108| 14.1k| case ASN1_Type::Utf8String: ------------------ | Branch (108:7): [True: 14.1k, False: 70.7k] ------------------ 109| 14.1k| return is_valid_utf8(str); 110| 2| case ASN1_Type::NumericString: ------------------ | Branch (110:7): [True: 2, False: 84.8k] ------------------ 111| 70.7k| case ASN1_Type::PrintableString: ------------------ | Branch (111:7): [True: 70.7k, False: 14.1k] ------------------ 112| 70.7k| case ASN1_Type::Ia5String: ------------------ | Branch (112:7): [True: 12, False: 84.8k] ------------------ 113| 70.7k| case ASN1_Type::VisibleString: ------------------ | Branch (113:7): [True: 10, False: 84.8k] ------------------ 114| 70.7k| return g_char_validator.valid_encoding(str, tag); 115| 0| default: ------------------ | Branch (115:7): [True: 0, False: 84.8k] ------------------ 116| 0| return false; 117| 84.8k| } 118| 84.8k|} asn1_str.cpp:_ZNK5Botan12_GLOBAL__N_131ASN1_String_Codepoint_Validator14valid_encodingENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEENS_9ASN1_TypeE: 25| 113k| constexpr bool valid_encoding(std::string_view str, ASN1_Type tag) const { 26| 113k| const uint8_t mask = mask_for(tag); 27| 113k| for(const char c : str) { ------------------ | Branch (27:27): [True: 98.7k, False: 113k] ------------------ 28| 98.7k| const uint8_t codepoint = static_cast(c); 29| 98.7k| const bool is_valid = (m_table[codepoint] & mask) != 0; 30| | 31| 98.7k| if(!is_valid) { ------------------ | Branch (31:16): [True: 7, False: 98.6k] ------------------ 32| 7| return false; 33| 7| } 34| 98.7k| } 35| | 36| 113k| return true; 37| 113k| } asn1_str.cpp:_ZN5Botan12_GLOBAL__N_131ASN1_String_Codepoint_Validator8mask_forENS_9ASN1_TypeE: 45| 113k| static constexpr uint8_t mask_for(ASN1_Type tag) { 46| 113k| switch(tag) { 47| 2| case ASN1_Type::NumericString: ------------------ | Branch (47:13): [True: 2, False: 113k] ------------------ 48| 2| return Numeric_String; 49| 113k| case ASN1_Type::PrintableString: ------------------ | Branch (49:13): [True: 113k, False: 24] ------------------ 50| 113k| return Printable_String; 51| 12| case ASN1_Type::Ia5String: ------------------ | Branch (51:13): [True: 12, False: 113k] ------------------ 52| 12| return IA5_String; 53| 10| case ASN1_Type::VisibleString: ------------------ | Branch (53:13): [True: 10, False: 113k] ------------------ 54| 10| return Visible_String; 55| 0| default: ------------------ | Branch (55:13): [True: 0, False: 113k] ------------------ 56| 0| return 0; 57| 113k| } 58| 113k| } asn1_str.cpp:_ZN5Botan12_GLOBAL__N_115choose_encodingENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 120| 42.5k|ASN1_Type choose_encoding(std::string_view str) { 121| 42.5k| if(g_char_validator.valid_encoding(str, ASN1_Type::PrintableString)) { ------------------ | Branch (121:7): [True: 42.5k, False: 0] ------------------ 122| 42.5k| return ASN1_Type::PrintableString; 123| 42.5k| } else { 124| 0| return ASN1_Type::Utf8String; 125| 0| } 126| 42.5k|} _ZN5Botan9ASN1_Time11decode_fromERNS_11BER_DecoderE: 59| 14.0k|void ASN1_Time::decode_from(BER_Decoder& source) { 60| 14.0k| const BER_Object ber_time = source.get_next_object(); 61| | 62| 14.0k| if(ber_time.get_class() != ASN1_Class::Universal || ------------------ | Branch (62:7): [True: 0, False: 14.0k] ------------------ 63| 14.0k| (ber_time.type() != ASN1_Type::UtcTime && ber_time.type() != ASN1_Type::GeneralizedTime)) { ------------------ | Branch (63:8): [True: 0, False: 14.0k] | Branch (63:49): [True: 0, False: 0] ------------------ 64| 0| throw Decoding_Error(fmt("ASN1_Time: Unexpected tag {}/{}", 65| 0| static_cast(ber_time.type()), 66| 0| static_cast(ber_time.get_class()))); 67| 0| } 68| | 69| 14.0k| try { 70| 14.0k| set_to(ASN1::to_string(ber_time), ber_time.type()); 71| 14.0k| } catch(Invalid_Argument& e) { 72| 0| throw Decoding_Error(fmt("Invalid ASN1_Time encoding: {}", e.what())); 73| 0| } 74| 14.0k|} _ZN5Botan9ASN1_Time6set_toENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEENS_9ASN1_TypeE: 176| 14.0k|void ASN1_Time::set_to(std::string_view t_spec, ASN1_Type spec_tag) { 177| 14.0k| BOTAN_ARG_CHECK(spec_tag == ASN1_Type::UtcTime || spec_tag == ASN1_Type::GeneralizedTime, ------------------ | | 35| 14.0k| do { \ | | 36| 14.0k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 14.0k| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 14.0k, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 14.0k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 14.0k] | | ------------------ ------------------ 178| 14.0k| "Invalid tag for ASN1_Time"); 179| | 180| 14.0k| if(spec_tag == ASN1_Type::GeneralizedTime) { ------------------ | Branch (180:7): [True: 0, False: 14.0k] ------------------ 181| 0| BOTAN_ARG_CHECK(t_spec.size() == 15, "Invalid GeneralizedTime input string"); ------------------ | | 35| 0| do { \ | | 36| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 0| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 0| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 0] | | ------------------ ------------------ 182| 14.0k| } else if(spec_tag == ASN1_Type::UtcTime) { ------------------ | Branch (182:14): [True: 14.0k, False: 0] ------------------ 183| 14.0k| BOTAN_ARG_CHECK(t_spec.size() == 13, "Invalid UTCTime input string"); ------------------ | | 35| 14.0k| do { \ | | 36| 14.0k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 14.0k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 14.0k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 14.0k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 14.0k] | | ------------------ ------------------ 184| 14.0k| } 185| | 186| 14.0k| BOTAN_ARG_CHECK(t_spec.back() == 'Z', "Botan does not support ASN1 times with timezones other than Z"); ------------------ | | 35| 14.0k| do { \ | | 36| 14.0k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 14.0k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 14.0k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 14.0k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 14.0k] | | ------------------ ------------------ 187| | 188| 14.0k| const size_t field_len = 2; 189| | 190| 14.0k| const size_t year_start = 0; 191| 14.0k| const size_t year_len = (spec_tag == ASN1_Type::UtcTime) ? 2 : 4; ------------------ | Branch (191:28): [True: 14.0k, False: 0] ------------------ 192| 14.0k| const size_t month_start = year_start + year_len; 193| 14.0k| const size_t day_start = month_start + field_len; 194| 14.0k| const size_t hour_start = day_start + field_len; 195| 14.0k| const size_t min_start = hour_start + field_len; 196| 14.0k| const size_t sec_start = min_start + field_len; 197| | 198| 14.0k| m_year = to_u32bit(t_spec.substr(year_start, year_len)); 199| 14.0k| m_month = to_u32bit(t_spec.substr(month_start, field_len)); 200| 14.0k| m_day = to_u32bit(t_spec.substr(day_start, field_len)); 201| 14.0k| m_hour = to_u32bit(t_spec.substr(hour_start, field_len)); 202| 14.0k| m_minute = to_u32bit(t_spec.substr(min_start, field_len)); 203| 14.0k| m_second = to_u32bit(t_spec.substr(sec_start, field_len)); 204| 14.0k| m_tag = spec_tag; 205| | 206| 14.0k| if(spec_tag == ASN1_Type::UtcTime) { ------------------ | Branch (206:7): [True: 14.0k, False: 0] ------------------ 207| 14.0k| if(m_year >= 50) { ------------------ | Branch (207:10): [True: 0, False: 14.0k] ------------------ 208| 0| m_year += 1900; 209| 14.0k| } else { 210| 14.0k| m_year += 2000; 211| 14.0k| } 212| 14.0k| } 213| | 214| 14.0k| if(!passes_sanity_check()) { ------------------ | Branch (214:7): [True: 0, False: 14.0k] ------------------ 215| 0| throw Invalid_Argument(fmt("ASN1_Time string '{}' does not seem to be valid", t_spec)); 216| 0| } 217| 14.0k|} _ZNK5Botan9ASN1_Time19passes_sanity_checkEv: 222| 14.0k|bool ASN1_Time::passes_sanity_check() const { 223| | // AppVeyor's trust store includes a cert with expiration date in 3016 ... 224| 14.0k| if(m_year < 1950 || m_year > 3100) { ------------------ | Branch (224:7): [True: 0, False: 14.0k] | Branch (224:24): [True: 0, False: 14.0k] ------------------ 225| 0| return false; 226| 0| } 227| 14.0k| if(m_month == 0 || m_month > 12) { ------------------ | Branch (227:7): [True: 0, False: 14.0k] | Branch (227:23): [True: 0, False: 14.0k] ------------------ 228| 0| return false; 229| 0| } 230| | 231| 14.0k| const uint32_t days_in_month[12] = {31, 28 + 1, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; 232| | 233| 14.0k| if(m_day == 0 || m_day > days_in_month[m_month - 1]) { ------------------ | Branch (233:7): [True: 0, False: 14.0k] | Branch (233:21): [True: 0, False: 14.0k] ------------------ 234| 0| return false; 235| 0| } 236| | 237| 14.0k| if(m_month == 2 && m_day == 29) { ------------------ | Branch (237:7): [True: 0, False: 14.0k] | Branch (237:23): [True: 0, False: 0] ------------------ 238| 0| if(m_year % 4 != 0) { ------------------ | Branch (238:10): [True: 0, False: 0] ------------------ 239| 0| return false; // not a leap year 240| 0| } 241| | 242| 0| if(m_year % 100 == 0 && m_year % 400 != 0) { ------------------ | Branch (242:10): [True: 0, False: 0] | Branch (242:31): [True: 0, False: 0] ------------------ 243| 0| return false; 244| 0| } 245| 0| } 246| | 247| 14.0k| if(m_hour >= 24 || m_minute >= 60 || m_second > 60) { ------------------ | Branch (247:7): [True: 0, False: 14.0k] | Branch (247:23): [True: 0, False: 14.0k] | Branch (247:41): [True: 0, False: 14.0k] ------------------ 248| 0| return false; 249| 0| } 250| | 251| 14.0k| if(m_tag == ASN1_Type::UtcTime) { ------------------ | Branch (251:7): [True: 14.0k, False: 0] ------------------ 252| | /* 253| | UTCTime limits the value of components such that leap seconds 254| | are not covered. See "UNIVERSAL 23" in "Information technology 255| | Abstract Syntax Notation One (ASN.1): Specification of basic notation" 256| | 257| | http://www.itu.int/ITU-T/studygroups/com17/languages/ 258| | */ 259| 14.0k| if(m_second > 59) { ------------------ | Branch (259:10): [True: 0, False: 14.0k] ------------------ 260| 0| return false; 261| 0| } 262| 14.0k| } 263| | 264| 14.0k| return true; 265| 14.0k|} _ZN5Botan11BER_DecoderD2Ev: 366| 326k|BER_Decoder::~BER_Decoder() = default; _ZNK5Botan11BER_Decoder10more_itemsEv: 371| 190k|bool BER_Decoder::more_items() const { 372| 190k| if(m_source->end_of_data() && !m_pushed.is_set()) { ------------------ | Branch (372:7): [True: 70.4k, False: 120k] | Branch (372:34): [True: 70.4k, False: 0] ------------------ 373| 70.4k| return false; 374| 70.4k| } 375| 120k| return true; 376| 190k|} _ZN5Botan11BER_Decoder10verify_endEv: 381| 77.5k|BER_Decoder& BER_Decoder::verify_end() { 382| 77.5k| return verify_end("BER_Decoder::verify_end called, but data remains"); 383| 77.5k|} _ZN5Botan11BER_Decoder10verify_endENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 388| 84.5k|BER_Decoder& BER_Decoder::verify_end(std::string_view err) { 389| 84.5k| if(!m_source->end_of_data() || m_pushed.is_set()) { ------------------ | Branch (389:7): [True: 19, False: 84.5k] | Branch (389:35): [True: 0, False: 84.5k] ------------------ 390| 19| throw Decoding_Error(err); 391| 19| } 392| 84.5k| return (*this); 393| 84.5k|} _ZN5Botan11BER_Decoder17discard_remainingEv: 398| 14.0k|BER_Decoder& BER_Decoder::discard_remaining() { 399| 14.0k| m_pushed = BER_Object(); 400| 14.0k| uint8_t buf = 0; 401| 14.0k| while(m_source->read_byte(buf) != 0) {} ------------------ | Branch (401:10): [True: 0, False: 14.0k] ------------------ 402| 14.0k| return (*this); 403| 14.0k|} _ZN5Botan11BER_Decoder14read_next_byteEv: 405| 3.74M|std::optional BER_Decoder::read_next_byte() { 406| 3.74M| BOTAN_ASSERT_NOMSG(m_source != nullptr); ------------------ | | 77| 3.74M| do { \ | | 78| 3.74M| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 3.74M| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 3.74M] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 3.74M| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 3.74M] | | ------------------ ------------------ 407| 3.74M| uint8_t b = 0; 408| 3.74M| if(m_source->read_byte(b) != 0) { ------------------ | Branch (408:7): [True: 3.69M, False: 49.8k] ------------------ 409| 3.69M| return b; 410| 3.69M| } else { 411| 49.8k| return {}; 412| 49.8k| } 413| 3.74M|} _ZN5Botan11BER_Decoder16peek_next_objectEv: 415| 14.0k|const BER_Object& BER_Decoder::peek_next_object() { 416| 14.0k| if(!m_pushed.is_set()) { ------------------ | Branch (416:7): [True: 14.0k, False: 0] ------------------ 417| 14.0k| m_pushed = get_next_object(); 418| 14.0k| } 419| | 420| 14.0k| return m_pushed; 421| 14.0k|} _ZN5Botan11BER_Decoder15get_next_objectEv: 426| 615k|BER_Object BER_Decoder::get_next_object() { 427| 615k| BER_Object next; 428| | 429| 615k| if(m_pushed.is_set()) { ------------------ | Branch (429:7): [True: 70.5k, False: 544k] ------------------ 430| 70.5k| std::swap(next, m_pushed); 431| 70.5k| return next; 432| 70.5k| } 433| | 434| 544k| for(;;) { 435| 544k| ASN1_Type type_tag = ASN1_Type::NoObject; 436| 544k| ASN1_Class class_tag = ASN1_Class::NoObject; 437| 544k| decode_tag(m_source, type_tag, class_tag); 438| 544k| next.set_tagging(type_tag, class_tag); 439| 544k| if(next.is_set() == false) { // no more objects ------------------ | Branch (439:10): [True: 14.0k, False: 530k] ------------------ 440| 14.0k| return next; 441| 14.0k| } 442| | 443| 530k| const size_t allow_indef = m_limits.allow_ber_encoding() ? m_limits.max_nested_indefinite_length() : 0; ------------------ | Branch (443:34): [True: 0, False: 530k] ------------------ 444| 530k| const bool der_mode = m_limits.require_der_encoding(); 445| 530k| const auto dl = decode_length(m_source, allow_indef, der_mode, is_constructed(class_tag)); 446| | 447| | // Per X.690 8.1.5 the only valid EOC encoding is the two-octet 448| | // sequence 0x00 0x00. Reject any other length encoding on a tag of 449| | // (Eoc, Universal) before we consume the "content" bytes. 450| 530k| if(type_tag == ASN1_Type::Eoc && class_tag == ASN1_Class::Universal && ------------------ | Branch (450:10): [True: 14.1k, False: 516k] | Branch (450:40): [True: 42, False: 14.0k] ------------------ 451| 42| (dl.content_length() != 0 || dl.indefinite_length())) { ------------------ | Branch (451:11): [True: 26, False: 16] | Branch (451:39): [True: 0, False: 16] ------------------ 452| 26| throw BER_Decoding_Error("EOC marker with non-zero length"); 453| 26| } 454| | 455| 530k| if(!m_source->check_available(dl.total_length())) { ------------------ | Branch (455:10): [True: 117, False: 530k] ------------------ 456| 117| throw BER_Decoding_Error("Value truncated"); 457| 117| } 458| | 459| 530k| uint8_t* out = next.mutable_bits(dl.content_length()); 460| 530k| if(m_source->read(out, dl.content_length()) != dl.content_length()) { ------------------ | Branch (460:10): [True: 0, False: 530k] ------------------ 461| 0| throw BER_Decoding_Error("Value truncated"); 462| 0| } 463| | 464| 530k| if(dl.indefinite_length()) { ------------------ | Branch (464:10): [True: 0, False: 530k] ------------------ 465| | // After reading the data consume the 2-byte EOC 466| 0| uint8_t eoc[2] = {0xFF, 0xFF}; 467| 0| if(m_source->read(eoc, 2) != 2 || eoc[0] != 0x00 || eoc[1] != 0x00) { ------------------ | Branch (467:13): [True: 0, False: 0] | Branch (467:44): [True: 0, False: 0] | Branch (467:62): [True: 0, False: 0] ------------------ 468| 0| throw BER_Decoding_Error("Missing or malformed EOC marker"); 469| 0| } 470| 0| } 471| | 472| 530k| if(next.tagging() == static_cast(ASN1_Type::Eoc)) { ------------------ | Branch (472:10): [True: 16, False: 530k] ------------------ 473| 16| if(m_limits.require_der_encoding()) { ------------------ | Branch (473:13): [True: 16, False: 0] ------------------ 474| 16| throw BER_Decoding_Error("Detected EOC marker in DER structure"); 475| 16| } 476| 0| continue; 477| 530k| } else { 478| 530k| break; 479| 530k| } 480| 530k| } 481| | 482| 530k| return next; 483| 544k|} _ZN5Botan11BER_Decoder9push_backEONS_10BER_ObjectE: 507| 70.5k|void BER_Decoder::push_back(BER_Object&& obj) { 508| 70.5k| if(m_pushed.is_set()) { ------------------ | Branch (508:7): [True: 0, False: 70.5k] ------------------ 509| 0| throw Invalid_State("BER_Decoder: Only one push back is allowed"); 510| 0| } 511| 70.5k| m_pushed = std::move(obj); 512| 70.5k|} _ZN5Botan11BER_Decoder10start_consENS_9ASN1_TypeENS_10ASN1_ClassE: 514| 220k|BER_Decoder BER_Decoder::start_cons(ASN1_Type type_tag, ASN1_Class class_tag) { 515| 220k| BER_Object obj = get_next_object(); 516| 220k| obj.assert_is_a(type_tag, class_tag | ASN1_Class::Constructed); 517| 220k| BER_Decoder child(std::move(obj), this); 518| 220k| return child; 519| 220k|} _ZN5Botan11BER_Decoder8end_consEv: 524| 162k|BER_Decoder& BER_Decoder::end_cons() { 525| 162k| if(m_parent == nullptr) { ------------------ | Branch (525:7): [True: 0, False: 162k] ------------------ 526| 0| throw Invalid_State("BER_Decoder::end_cons called with null parent"); 527| 0| } 528| 162k| if(!m_source->end_of_data() || m_pushed.is_set()) { ------------------ | Branch (528:7): [True: 28, False: 162k] | Branch (528:35): [True: 0, False: 162k] ------------------ 529| 28| throw Decoding_Error("BER_Decoder::end_cons called with data left"); 530| 28| } 531| 162k| return (*m_parent); 532| 162k|} _ZN5Botan11BER_DecoderC2EONS_10BER_ObjectEPS0_: 535| 219k| m_limits(parent != nullptr ? parent->limits() : BER_Decoder::Limits::BER()), m_parent(parent) { ------------------ | Branch (535:16): [True: 219k, False: 0] ------------------ 536| 219k| m_data_src = std::make_unique(std::move(obj)); 537| 219k| m_source = m_data_src.get(); 538| 219k|} _ZN5Botan11BER_DecoderC2ERNS_10DataSourceENS0_6LimitsE: 543| 7.34k|BER_Decoder::BER_Decoder(DataSource& src, Limits limits) : m_limits(limits), m_source(&src) {} _ZN5Botan11BER_DecoderC2ENSt3__14spanIKhLm18446744073709551615EEENS0_6LimitsE: 548| 99.3k|BER_Decoder::BER_Decoder(std::span buf, Limits limits) : m_limits(limits) { 549| 99.3k| m_data_src = std::make_unique(buf); 550| 99.3k| m_source = m_data_src.get(); 551| 99.3k|} _ZN5Botan11BER_Decoder6decodeERNS_11ASN1_ObjectENS_9ASN1_TypeENS_10ASN1_ClassE: 560| 212k|BER_Decoder& BER_Decoder::decode(ASN1_Object& obj, ASN1_Type /*unused*/, ASN1_Class /*unused*/) { 561| 212k| obj.decode_from(*this); 562| 212k| return (*this); 563| 212k|} _ZN5Botan11BER_Decoder6decodeERbNS_9ASN1_TypeENS_10ASN1_ClassE: 587| 7.04k|BER_Decoder& BER_Decoder::decode(bool& out, ASN1_Type type_tag, ASN1_Class class_tag) { 588| 7.04k| const BER_Object obj = get_next_object(); 589| 7.04k| obj.assert_is_a(type_tag, class_tag); 590| | 591| 7.04k| if(obj.length() != 1) { ------------------ | Branch (591:7): [True: 0, False: 7.04k] ------------------ 592| 0| throw BER_Decoding_Error("BER boolean value had invalid size"); 593| 0| } 594| | 595| 7.04k| const uint8_t val = obj.bits()[0]; 596| | 597| | // DER requires boolean values to be exactly 0x00 or 0xFF 598| 7.04k| if(m_limits.require_der_encoding() && val != 0x00 && val != 0xFF) { ------------------ | Branch (598:7): [True: 7.04k, False: 0] | Branch (598:42): [True: 7.04k, False: 0] | Branch (598:57): [True: 0, False: 7.04k] ------------------ 599| 0| throw BER_Decoding_Error("Detected non-canonical boolean encoding in DER structure"); 600| 0| } 601| | 602| 7.04k| out = (val != 0) ? true : false; ------------------ | Branch (602:10): [True: 7.04k, False: 0] ------------------ 603| | 604| 7.04k| return (*this); 605| 7.04k|} _ZN5Botan11BER_Decoder6decodeERmNS_9ASN1_TypeENS_10ASN1_ClassE: 610| 21.1k|BER_Decoder& BER_Decoder::decode(size_t& out, ASN1_Type type_tag, ASN1_Class class_tag) { 611| 21.1k| BigInt integer; 612| 21.1k| decode(integer, type_tag, class_tag); 613| | 614| 21.1k| if(integer.signum() < 0) { ------------------ | Branch (614:7): [True: 0, False: 21.1k] ------------------ 615| 0| throw BER_Decoding_Error("Decoded small integer value was negative"); 616| 0| } 617| | 618| 21.1k| if(integer.bits() > 32) { ------------------ | Branch (618:7): [True: 0, False: 21.1k] ------------------ 619| 0| throw BER_Decoding_Error("Decoded integer value larger than expected"); 620| 0| } 621| | 622| 21.1k| out = 0; 623| 105k| for(size_t i = 0; i != 4; ++i) { ------------------ | Branch (623:22): [True: 84.5k, False: 21.1k] ------------------ 624| 84.5k| out = (out << 8) | integer.byte_at(3 - i); 625| 84.5k| } 626| | 627| 21.1k| return (*this); 628| 21.1k|} _ZN5Botan11BER_Decoder6decodeERNS_6BigIntENS_9ASN1_TypeENS_10ASN1_ClassE: 660| 28.2k|BER_Decoder& BER_Decoder::decode(BigInt& out, ASN1_Type type_tag, ASN1_Class class_tag) { 661| 28.2k| const BER_Object obj = get_next_object(); 662| 28.2k| obj.assert_is_a(type_tag, class_tag); 663| | 664| | // DER requires minimal INTEGER encoding (X.690 section 8.3.2) 665| 28.2k| if(m_limits.require_der_encoding()) { ------------------ | Branch (665:7): [True: 28.1k, False: 46] ------------------ 666| 28.1k| if(obj.length() == 0) { ------------------ | Branch (666:10): [True: 1, False: 28.1k] ------------------ 667| 1| throw BER_Decoding_Error("Detected empty INTEGER encoding in DER structure"); 668| 1| } 669| 28.1k| if(obj.length() > 1) { ------------------ | Branch (669:10): [True: 7.06k, False: 21.1k] ------------------ 670| 7.06k| if(obj.bits()[0] == 0x00 && (obj.bits()[1] & 0x80) == 0) { ------------------ | Branch (670:13): [True: 7.04k, False: 23] | Branch (670:38): [True: 1, False: 7.04k] ------------------ 671| 1| throw BER_Decoding_Error("Detected non-minimal INTEGER encoding in DER structure"); 672| 1| } 673| 7.06k| if(obj.bits()[0] == 0xFF && (obj.bits()[1] & 0x80) != 0) { ------------------ | Branch (673:13): [True: 9, False: 7.05k] | Branch (673:38): [True: 1, False: 8] ------------------ 674| 1| throw BER_Decoding_Error("Detected non-minimal INTEGER encoding in DER structure"); 675| 1| } 676| 7.06k| } 677| 28.1k| } 678| | 679| 28.2k| if(obj.length() == 0) { ------------------ | Branch (679:7): [True: 0, False: 28.2k] ------------------ 680| 0| out.clear(); 681| 28.2k| } else { 682| 28.2k| const uint8_t first = obj.bits()[0]; 683| 28.2k| const bool negative = (first & 0x80) == 0x80; 684| | 685| 28.2k| if(negative) { ------------------ | Branch (685:10): [True: 20, False: 28.2k] ------------------ 686| 20| secure_vector vec(obj.bits(), obj.bits() + obj.length()); 687| 41| for(size_t i = obj.length(); i > 0; --i) { ------------------ | Branch (687:39): [True: 41, False: 0] ------------------ 688| 41| const bool gt0 = (vec[i - 1] > 0); 689| 41| vec[i - 1] -= 1; 690| 41| if(gt0) { ------------------ | Branch (690:16): [True: 20, False: 21] ------------------ 691| 20| break; 692| 20| } 693| 41| } 694| 108| for(size_t i = 0; i != obj.length(); ++i) { ------------------ | Branch (694:28): [True: 88, False: 20] ------------------ 695| 88| vec[i] = ~vec[i]; 696| 88| } 697| 20| out._assign_from_bytes(vec); 698| 20| out.flip_sign(); 699| 28.2k| } else { 700| 28.2k| out._assign_from_bytes(obj.data()); 701| 28.2k| } 702| 28.2k| } 703| | 704| 28.2k| return (*this); 705| 28.2k|} _ZN5Botan11BER_Decoder6decodeERNSt3__16vectorIhNS_16secure_allocatorIhEEEENS_9ASN1_TypeES7_NS_10ASN1_ClassE: 769| 21.1k| ASN1_Class class_tag) { 770| 21.1k| if(real_type != ASN1_Type::OctetString && real_type != ASN1_Type::BitString) { ------------------ | Branch (770:7): [True: 7.04k, False: 14.0k] | Branch (770:46): [True: 0, False: 7.04k] ------------------ 771| 0| throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", static_cast(real_type)); 772| 0| } 773| | 774| 21.1k| asn1_decode_binary_string( 775| 21.1k| buffer, get_next_object(), real_type, type_tag, class_tag, m_limits.require_der_encoding()); 776| 21.1k| return (*this); 777| 21.1k|} _ZN5Botan11BER_Decoder6decodeERNSt3__16vectorIhNS1_9allocatorIhEEEENS_9ASN1_TypeES7_NS_10ASN1_ClassE: 782| 56.4k| ASN1_Class class_tag) { 783| 56.4k| if(real_type != ASN1_Type::OctetString && real_type != ASN1_Type::BitString) { ------------------ | Branch (783:7): [True: 14.2k, False: 42.2k] | Branch (783:46): [True: 0, False: 14.2k] ------------------ 784| 0| throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", static_cast(real_type)); 785| 0| } 786| | 787| 56.4k| asn1_decode_binary_string( 788| 56.4k| buffer, get_next_object(), real_type, type_tag, class_tag, m_limits.require_der_encoding()); 789| 56.4k| return (*this); 790| 56.4k|} ber_dec.cpp:_ZN5Botan12_GLOBAL__N_110decode_tagEPNS_10DataSourceERNS_9ASN1_TypeERNS_10ASN1_ClassE: 27| 544k|size_t decode_tag(DataSource* ber, ASN1_Type& type_tag, ASN1_Class& class_tag) { 28| 544k| auto b = ber->read_byte(); 29| | 30| 544k| if(!b) { ------------------ | Branch (30:7): [True: 14.0k, False: 530k] ------------------ 31| 14.0k| type_tag = ASN1_Type::NoObject; 32| 14.0k| class_tag = ASN1_Class::NoObject; 33| 14.0k| return 0; 34| 14.0k| } 35| | 36| 530k| if((*b & 0x1F) != 0x1F) { ------------------ | Branch (36:7): [True: 530k, False: 211] ------------------ 37| 530k| type_tag = ASN1_Type(*b & 0x1F); 38| 530k| class_tag = ASN1_Class(*b & 0xE0); 39| 530k| return 1; 40| 530k| } 41| | 42| 211| size_t tag_bytes = 1; 43| 211| class_tag = ASN1_Class(*b & 0xE0); 44| | 45| 211| uint32_t tag_buf = 0; 46| 733| while(true) { ------------------ | Branch (46:10): [True: 733, Folded] ------------------ 47| 733| b = ber->read_byte(); 48| 733| if(!b) { ------------------ | Branch (48:10): [True: 5, False: 728] ------------------ 49| 5| throw BER_Decoding_Error("Long-form tag truncated"); 50| 5| } 51| 728| if((tag_buf >> 24) != 0) { ------------------ | Branch (51:10): [True: 7, False: 721] ------------------ 52| 7| throw BER_Decoding_Error("Long-form tag overflowed 32 bits"); 53| 7| } 54| | // This is required even by BER (see X.690 section 8.1.2.4.2 sentence c). 55| | // Bits 7-1 of the first subsequent octet must not be all zero; this rules 56| | // out both 0x80 (continuation with no data) and 0x00 (a long-form encoding 57| | // of tag value 0, which collides with the EOC marker). 58| 721| if(tag_bytes == 1 && (*b & 0x7F) == 0) { ------------------ | Branch (58:10): [True: 210, False: 511] | Branch (58:28): [True: 2, False: 208] ------------------ 59| 2| throw BER_Decoding_Error("Long form tag with leading zero"); 60| 2| } 61| 719| ++tag_bytes; 62| 719| tag_buf = (tag_buf << 7) | (*b & 0x7F); 63| 719| if((*b & 0x80) == 0) { ------------------ | Branch (63:10): [True: 197, False: 522] ------------------ 64| 197| break; 65| 197| } 66| 719| } 67| | // Per X.690 8.1.2.2, tag values 0-30 shall be encoded in the short form. 68| | // Long-form encoding is reserved for tag values >= 31 (X.690 8.1.2.3). 69| | // This is unconditional and applies to BER as well as DER. 70| 197| if(tag_buf <= 30) { ------------------ | Branch (70:7): [True: 5, False: 192] ------------------ 71| 5| throw BER_Decoding_Error("Long-form tag encoding used for small tag value"); 72| 5| } 73| | 74| 192| if(tag_buf == static_cast(ASN1_Type::NoObject)) { ------------------ | Branch (74:7): [True: 1, False: 191] ------------------ 75| 1| throw BER_Decoding_Error("Tag value collides with internal sentinel"); 76| 1| } 77| | 78| | // NOLINTNEXTLINE(clang-analyzer-optin.core.EnumCastOutOfRange) 79| 191| type_tag = ASN1_Type(tag_buf); 80| 191| return tag_bytes; 81| 192|} ber_dec.cpp:_ZN5Botan12_GLOBAL__N_113decode_lengthEPNS_10DataSourceEmbb: 126| 530k|BerDecodedLength decode_length(DataSource* ber, size_t allow_indef, bool der_mode, bool constructed) { 127| 530k| uint8_t b = 0; 128| 530k| if(ber->read_byte(b) == 0) { ------------------ | Branch (128:7): [True: 30, False: 530k] ------------------ 129| 30| throw BER_Decoding_Error("Length field not found"); 130| 30| } 131| 530k| if((b & 0x80) == 0) { ------------------ | Branch (131:7): [True: 509k, False: 21.2k] ------------------ 132| 509k| return BerDecodedLength(b, 1); 133| 509k| } 134| | 135| 21.2k| const size_t num_length_bytes = (b & 0x7F); 136| 21.2k| if(num_length_bytes > 4) { ------------------ | Branch (136:7): [True: 16, False: 21.2k] ------------------ 137| 16| throw BER_Decoding_Error("Length field is too large"); 138| 16| } 139| | 140| 21.2k| const size_t field_size = 1 + num_length_bytes; 141| | 142| 21.2k| if(num_length_bytes == 0) { ------------------ | Branch (142:7): [True: 9, False: 21.2k] ------------------ 143| 9| if(der_mode) { ------------------ | Branch (143:10): [True: 9, False: 0] ------------------ 144| 9| throw BER_Decoding_Error("Detected indefinite-length encoding in DER structure"); 145| 9| } else if(!constructed) { ------------------ | Branch (145:17): [True: 0, False: 0] ------------------ 146| | // Indefinite length is only valid for constructed types (X.690 8.1.3.2) 147| 0| throw BER_Decoding_Error("Indefinite-length encoding used with non-constructed type"); 148| 0| } else if(allow_indef == 0) { ------------------ | Branch (148:17): [True: 0, False: 0] ------------------ 149| 0| throw BER_Decoding_Error("Nested EOC markers too deep, rejecting to avoid stack exhaustion"); 150| 0| } else { 151| | // find_eoc returns bytes up to and including the EOC marker. 152| | // Return the content length; the caller consumes the EOC separately. 153| 0| const size_t eoc_len = find_eoc(ber, /*base_offset=*/0, allow_indef - 1); 154| 0| if(eoc_len < 2) { ------------------ | Branch (154:13): [True: 0, False: 0] ------------------ 155| 0| throw BER_Decoding_Error("Invalid EOC encoding"); 156| 0| } 157| 0| return BerDecodedLength::indefinite(eoc_len - 2, field_size); 158| 0| } 159| 9| } 160| | 161| 21.2k| size_t length = 0; 162| | 163| 56.7k| for(size_t i = 0; i != num_length_bytes; ++i) { ------------------ | Branch (163:22): [True: 35.5k, False: 21.2k] ------------------ 164| 35.5k| if(ber->read_byte(b) == 0) { ------------------ | Branch (164:10): [True: 3, False: 35.5k] ------------------ 165| 3| throw BER_Decoding_Error("Corrupted length field"); 166| 3| } 167| | // Can't overflow since we already checked that num_length_bytes <= 4 168| 35.5k| length = (length << 8) | b; 169| 35.5k| } 170| | 171| | // DER requires shortest possible length encoding 172| 21.2k| if(der_mode) { ------------------ | Branch (172:7): [True: 21.2k, False: 0] ------------------ 173| 21.2k| if(length < 128) { ------------------ | Branch (173:10): [True: 5, False: 21.2k] ------------------ 174| 5| throw BER_Decoding_Error("Detected non-canonical length encoding in DER structure"); 175| 5| } 176| 21.2k| if(num_length_bytes > 1 && length < (size_t(1) << ((num_length_bytes - 1) * 8))) { ------------------ | Branch (176:10): [True: 14.1k, False: 7.04k] | Branch (176:34): [True: 1, False: 14.1k] ------------------ 177| 1| throw BER_Decoding_Error("Detected non-canonical length encoding in DER structure"); 178| 1| } 179| 21.2k| } 180| | 181| 21.2k| return BerDecodedLength(length, field_size); 182| 21.2k|} ber_dec.cpp:_ZN5Botan12_GLOBAL__N_116BerDecodedLengthC2Emm: 99| 530k| BerDecodedLength(content_length, field_length, false) {} ber_dec.cpp:_ZN5Botan12_GLOBAL__N_116BerDecodedLengthC2Emmb: 116| 530k| m_content_length(content_length), m_field_length(field_length), m_indefinite(indefinite) {} ber_dec.cpp:_ZN5Botan12_GLOBAL__N_114is_constructedENS_10ASN1_ClassE: 20| 608k|bool is_constructed(ASN1_Class class_tag) { 21| 608k| return (static_cast(class_tag) & static_cast(ASN1_Class::Constructed)) != 0; 22| 608k|} ber_dec.cpp:_ZNK5Botan12_GLOBAL__N_116BerDecodedLength14content_lengthEv: 105| 1.59M| size_t content_length() const { return m_content_length; } ber_dec.cpp:_ZNK5Botan12_GLOBAL__N_116BerDecodedLength17indefinite_lengthEv: 112| 530k| bool indefinite_length() const { return m_indefinite; } ber_dec.cpp:_ZNK5Botan12_GLOBAL__N_116BerDecodedLength12total_lengthEv: 108| 530k| size_t total_length() const { return m_indefinite ? m_content_length + 2 : m_content_length; } ------------------ | Branch (108:44): [True: 0, False: 530k] ------------------ ber_dec.cpp:_ZN5Botan12_GLOBAL__N_120DataSource_BERObjectC2EONS_10BER_ObjectE: 357| 219k| explicit DataSource_BERObject(BER_Object&& obj) : m_obj(std::move(obj)) {} ber_dec.cpp:_ZN5Botan12_GLOBAL__N_120DataSource_BERObject4readEPhm: 327| 4.80M| size_t read(uint8_t out[], size_t length) override { 328| 4.80M| BOTAN_ASSERT_NOMSG(m_offset <= m_obj.length()); ------------------ | | 77| 4.80M| do { \ | | 78| 4.80M| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 4.80M| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 4.80M] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 4.80M| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 4.80M] | | ------------------ ------------------ 329| 4.80M| const size_t got = std::min(m_obj.length() - m_offset, length); 330| 4.80M| copy_mem(out, m_obj.bits() + m_offset, got); 331| 4.80M| m_offset += got; 332| 4.80M| return got; 333| 4.80M| } ber_dec.cpp:_ZN5Botan12_GLOBAL__N_120DataSource_BERObject15check_availableEm: 348| 339k| bool check_available(size_t n) override { 349| 339k| BOTAN_ASSERT_NOMSG(m_offset <= m_obj.length()); ------------------ | | 77| 339k| do { \ | | 78| 339k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 339k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 339k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 339k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 339k] | | ------------------ ------------------ 350| 339k| return (n <= (m_obj.length() - m_offset)); 351| 339k| } ber_dec.cpp:_ZNK5Botan12_GLOBAL__N_120DataSource_BERObject11end_of_dataEv: 353| 303k| bool end_of_data() const override { return get_bytes_read() == m_obj.length(); } ber_dec.cpp:_ZNK5Botan12_GLOBAL__N_120DataSource_BERObject14get_bytes_readEv: 355| 303k| size_t get_bytes_read() const override { return m_offset; } ber_dec.cpp:_ZN5Botan12_GLOBAL__N_125asn1_decode_binary_stringINS_16secure_allocatorIhEEEEvRNSt3__16vectorIhT_EERKNS_10BER_ObjectENS_9ASN1_TypeESC_NS_10ASN1_ClassEb: 719| 21.1k| bool require_der) { 720| 21.1k| obj.assert_is_a(type_tag, class_tag); 721| | 722| | // DER requires BIT STRING and OCTET STRING to use primitive encoding 723| 21.1k| if(require_der && is_constructed(obj)) { ------------------ | Branch (723:7): [True: 21.1k, False: 0] | Branch (723:22): [True: 0, False: 21.1k] ------------------ 724| 0| throw BER_Decoding_Error("Detected constructed string encoding in DER structure"); 725| 0| } 726| | 727| 21.1k| if(real_type == ASN1_Type::OctetString) { ------------------ | Branch (727:7): [True: 14.0k, False: 7.04k] ------------------ 728| 14.0k| buffer.assign(obj.bits(), obj.bits() + obj.length()); 729| 14.0k| } else { 730| 7.04k| if(obj.length() == 0) { ------------------ | Branch (730:10): [True: 0, False: 7.04k] ------------------ 731| 0| throw BER_Decoding_Error("Invalid BIT STRING"); 732| 0| } 733| | 734| 7.04k| const uint8_t unused_bits = obj.bits()[0]; 735| | 736| 7.04k| if(unused_bits >= 8) { ------------------ | Branch (736:10): [True: 0, False: 7.04k] ------------------ 737| 0| throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); 738| 0| } 739| | 740| | // Empty BIT STRING with unused bits > 0 ... 741| 7.04k| if(unused_bits > 0 && obj.length() < 2) { ------------------ | Branch (741:10): [True: 0, False: 7.04k] | Branch (741:29): [True: 0, False: 0] ------------------ 742| 0| throw BER_Decoding_Error("Invalid BIT STRING"); 743| 0| } 744| | 745| | // DER requires unused bits in BIT STRING to be zero (X.690 section 11.2.2) 746| 7.04k| if(require_der && unused_bits > 0) { ------------------ | Branch (746:10): [True: 7.04k, False: 0] | Branch (746:25): [True: 0, False: 7.04k] ------------------ 747| 0| const uint8_t last_byte = obj.bits()[obj.length() - 1]; 748| 0| if((last_byte & ((1 << unused_bits) - 1)) != 0) { ------------------ | Branch (748:13): [True: 0, False: 0] ------------------ 749| 0| throw BER_Decoding_Error("Detected non-zero padding bits in BIT STRING in DER structure"); 750| 0| } 751| 0| } 752| | 753| 7.04k| buffer.resize(obj.length() - 1); 754| | 755| 7.04k| if(obj.length() > 1) { ------------------ | Branch (755:10): [True: 7.04k, False: 0] ------------------ 756| 7.04k| copy_mem(buffer.data(), obj.bits() + 1, obj.length() - 1); 757| 7.04k| } 758| 7.04k| } 759| 21.1k|} ber_dec.cpp:_ZN5Botan12_GLOBAL__N_114is_constructedERKNS_10BER_ObjectE: 709| 77.5k|bool is_constructed(const BER_Object& obj) { 710| 77.5k| return is_constructed(obj.class_tag()); 711| 77.5k|} ber_dec.cpp:_ZN5Botan12_GLOBAL__N_125asn1_decode_binary_stringINSt3__19allocatorIhEEEEvRNS2_6vectorIhT_EERKNS_10BER_ObjectENS_9ASN1_TypeESC_NS_10ASN1_ClassEb: 719| 56.4k| bool require_der) { 720| 56.4k| obj.assert_is_a(type_tag, class_tag); 721| | 722| | // DER requires BIT STRING and OCTET STRING to use primitive encoding 723| 56.4k| if(require_der && is_constructed(obj)) { ------------------ | Branch (723:7): [True: 56.4k, False: 15] | Branch (723:22): [True: 0, False: 56.4k] ------------------ 724| 0| throw BER_Decoding_Error("Detected constructed string encoding in DER structure"); 725| 0| } 726| | 727| 56.4k| if(real_type == ASN1_Type::OctetString) { ------------------ | Branch (727:7): [True: 42.2k, False: 14.1k] ------------------ 728| 42.2k| buffer.assign(obj.bits(), obj.bits() + obj.length()); 729| 42.2k| } else { 730| 14.1k| if(obj.length() == 0) { ------------------ | Branch (730:10): [True: 3, False: 14.1k] ------------------ 731| 3| throw BER_Decoding_Error("Invalid BIT STRING"); 732| 3| } 733| | 734| 14.1k| const uint8_t unused_bits = obj.bits()[0]; 735| | 736| 14.1k| if(unused_bits >= 8) { ------------------ | Branch (736:10): [True: 2, False: 14.1k] ------------------ 737| 2| throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); 738| 2| } 739| | 740| | // Empty BIT STRING with unused bits > 0 ... 741| 14.1k| if(unused_bits > 0 && obj.length() < 2) { ------------------ | Branch (741:10): [True: 31, False: 14.1k] | Branch (741:29): [True: 2, False: 29] ------------------ 742| 2| throw BER_Decoding_Error("Invalid BIT STRING"); 743| 2| } 744| | 745| | // DER requires unused bits in BIT STRING to be zero (X.690 section 11.2.2) 746| 14.1k| if(require_der && unused_bits > 0) { ------------------ | Branch (746:10): [True: 14.1k, False: 15] | Branch (746:25): [True: 29, False: 14.1k] ------------------ 747| 29| const uint8_t last_byte = obj.bits()[obj.length() - 1]; 748| 29| if((last_byte & ((1 << unused_bits) - 1)) != 0) { ------------------ | Branch (748:13): [True: 7, False: 22] ------------------ 749| 7| throw BER_Decoding_Error("Detected non-zero padding bits in BIT STRING in DER structure"); 750| 7| } 751| 29| } 752| | 753| 14.1k| buffer.resize(obj.length() - 1); 754| | 755| 14.1k| if(obj.length() > 1) { ------------------ | Branch (755:10): [True: 14.1k, False: 18] ------------------ 756| 14.1k| copy_mem(buffer.data(), obj.bits() + 1, obj.length() - 1); 757| 14.1k| } 758| 14.1k| } 759| 56.4k|} _ZN5Botan11DER_EncoderC2ERNSt3__16vectorIhNS1_9allocatorIhEEEE: 72| 40.7k|DER_Encoder::DER_Encoder(std::vector& vec) { 73| 40.7k| m_append_output = [&vec](const uint8_t b[], size_t l) { vec.insert(vec.end(), b, b + l); }; 74| 40.7k|} _ZN5Botan11DER_Encoder12DER_Sequence13push_contentsERS0_: 79| 86.1k|void DER_Encoder::DER_Sequence::push_contents(DER_Encoder& der) { 80| 86.1k| const auto real_class_tag = m_class_tag | ASN1_Class::Constructed; 81| | 82| 86.1k| if(m_type_tag == ASN1_Type::Set && m_class_tag == ASN1_Class::Universal) { ------------------ | Branch (82:7): [True: 0, False: 86.1k] | Branch (82:39): [True: 0, False: 0] ------------------ 83| 0| std::sort(m_set_contents.begin(), m_set_contents.end()); 84| 0| for(const auto& set_elem : m_set_contents) { ------------------ | Branch (84:32): [True: 0, False: 0] ------------------ 85| 0| m_contents += set_elem; 86| 0| } 87| 0| m_set_contents.clear(); 88| 0| } 89| | 90| 86.1k| der.add_object(m_type_tag, real_class_tag, m_contents.data(), m_contents.size()); 91| 86.1k| m_contents.clear(); 92| 86.1k|} _ZN5Botan11DER_Encoder12DER_Sequence9add_bytesEPKhm: 97| 54.0k|void DER_Encoder::DER_Sequence::add_bytes(const uint8_t data[], size_t length) { 98| 54.0k| if(m_type_tag == ASN1_Type::Set && m_class_tag == ASN1_Class::Universal) { ------------------ | Branch (98:7): [True: 0, False: 54.0k] | Branch (98:39): [True: 0, False: 0] ------------------ 99| 0| m_set_contents.push_back(secure_vector(data, data + length)); 100| 54.0k| } else { 101| 54.0k| m_contents += std::make_pair(data, length); 102| 54.0k| } 103| 54.0k|} _ZN5Botan11DER_Encoder12DER_Sequence9add_bytesEPKhmS3_m: 105| 84.5k|void DER_Encoder::DER_Sequence::add_bytes(const uint8_t hdr[], size_t hdr_len, const uint8_t val[], size_t val_len) { 106| 84.5k| if(m_type_tag == ASN1_Type::Set && m_class_tag == ASN1_Class::Universal) { ------------------ | Branch (106:7): [True: 0, False: 84.5k] | Branch (106:39): [True: 0, False: 0] ------------------ 107| 0| secure_vector m; 108| 0| m.reserve(hdr_len + val_len); 109| 0| m += std::make_pair(hdr, hdr_len); 110| 0| m += std::make_pair(val, val_len); 111| 0| m_set_contents.push_back(std::move(m)); 112| 84.5k| } else { 113| 84.5k| m_contents += std::make_pair(hdr, hdr_len); 114| 84.5k| m_contents += std::make_pair(val, val_len); 115| 84.5k| } 116| 84.5k|} _ZN5Botan11DER_Encoder12DER_SequenceC2ENS_9ASN1_TypeENS_10ASN1_ClassE: 129| 86.1k| m_type_tag(type_tag), m_class_tag(class_tag) {} _ZN5Botan11DER_Encoder10start_consENS_9ASN1_TypeENS_10ASN1_ClassE: 165| 86.1k|DER_Encoder& DER_Encoder::start_cons(ASN1_Type type_tag, ASN1_Class class_tag) { 166| 86.1k| m_subsequences.push_back(DER_Sequence(type_tag, class_tag)); 167| 86.1k| return (*this); 168| 86.1k|} _ZN5Botan11DER_Encoder8end_consEv: 173| 86.1k|DER_Encoder& DER_Encoder::end_cons() { 174| 86.1k| if(m_subsequences.empty()) { ------------------ | Branch (174:7): [True: 0, False: 86.1k] ------------------ 175| 0| throw Invalid_State("DER_Encoder::end_cons: No such sequence"); 176| 0| } 177| | 178| 86.1k| DER_Sequence last_seq = std::move(m_subsequences[m_subsequences.size() - 1]); 179| 86.1k| m_subsequences.pop_back(); 180| 86.1k| last_seq.push_contents(*this); 181| | 182| 86.1k| return (*this); 183| 86.1k|} _ZN5Botan11DER_Encoder9raw_bytesEPKhm: 202| 54.0k|DER_Encoder& DER_Encoder::raw_bytes(const uint8_t bytes[], size_t length) { 203| 54.0k| if(!m_subsequences.empty()) { ------------------ | Branch (203:7): [True: 54.0k, False: 0] ------------------ 204| 54.0k| m_subsequences[m_subsequences.size() - 1].add_bytes(bytes, length); 205| 54.0k| } else if(m_append_output) { ------------------ | Branch (205:14): [True: 0, False: 0] ------------------ 206| 0| m_append_output(bytes, length); 207| 0| } else { 208| 0| m_default_outbuf += std::make_pair(bytes, length); 209| 0| } 210| | 211| 54.0k| return (*this); 212| 54.0k|} _ZN5Botan11DER_Encoder10add_objectENS_9ASN1_TypeENS_10ASN1_ClassEPKhm: 244| 125k|DER_Encoder& DER_Encoder::add_object(ASN1_Type type_tag, ASN1_Class class_tag, const uint8_t rep[], size_t length) { 245| 125k| std::vector hdr; 246| 125k| encode_tag(hdr, type_tag, class_tag); 247| 125k| encode_length(hdr, length); 248| | 249| 125k| if(!m_subsequences.empty()) { ------------------ | Branch (249:7): [True: 84.5k, False: 40.7k] ------------------ 250| 84.5k| m_subsequences[m_subsequences.size() - 1].add_bytes(hdr.data(), hdr.size(), rep, length); 251| 84.5k| } else if(m_append_output) { ------------------ | Branch (251:14): [True: 40.7k, False: 0] ------------------ 252| 40.7k| m_append_output(hdr.data(), hdr.size()); 253| 40.7k| m_append_output(rep, length); 254| 40.7k| } else { 255| 0| m_default_outbuf += hdr; 256| 0| m_default_outbuf += std::make_pair(rep, length); 257| 0| } 258| | 259| 125k| return (*this); 260| 125k|} _ZN5Botan11DER_Encoder6encodeEm: 279| 6.26k|DER_Encoder& DER_Encoder::encode(size_t n) { 280| 6.26k| return encode(BigInt::from_u64(n), ASN1_Type::Integer, ASN1_Class::Universal); 281| 6.26k|} _ZN5Botan11DER_Encoder6encodeEPKhmNS_9ASN1_TypeE: 293| 7.04k|DER_Encoder& DER_Encoder::encode(const uint8_t bytes[], size_t length, ASN1_Type real_type) { 294| 7.04k| return encode(bytes, length, real_type, real_type, ASN1_Class::Universal); 295| 7.04k|} _ZN5Botan11DER_Encoder6encodeERKNS_6BigIntENS_9ASN1_TypeENS_10ASN1_ClassE: 315| 6.26k|DER_Encoder& DER_Encoder::encode(const BigInt& n, ASN1_Type type_tag, ASN1_Class class_tag) { 316| 6.26k| if(n == 0) { ------------------ | Branch (316:7): [True: 0, False: 6.26k] ------------------ 317| 0| return add_object(type_tag, class_tag, 0); 318| 0| } 319| | 320| | // Serialize magnitude with one extra leading byte 321| 6.26k| auto contents = n.serialize(n.bytes() + 1); 322| | 323| 6.26k| if(n.signum() < 0) { ------------------ | Branch (323:7): [True: 0, False: 6.26k] ------------------ 324| | // Two's complement: bitwise NOT then increment 325| 0| for(auto& byte : contents) { ------------------ | Branch (325:22): [True: 0, False: 0] ------------------ 326| 0| byte = ~byte; 327| 0| } 328| 0| for(size_t i = contents.size(); i > 0; --i) { ------------------ | Branch (328:39): [True: 0, False: 0] ------------------ 329| 0| if(++contents[i - 1] != 0) { ------------------ | Branch (329:13): [True: 0, False: 0] ------------------ 330| 0| break; 331| 0| } 332| 0| } 333| 0| } 334| | 335| | /* 336| | * DER requires the leading byte be emitted only if it required 337| | */ 338| 6.26k| BOTAN_ASSERT_NOMSG(contents.size() >= 2); ------------------ | | 77| 6.26k| do { \ | | 78| 6.26k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 6.26k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 6.26k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 6.26k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 6.26k] | | ------------------ ------------------ 339| 6.26k| const bool leading_byte_redundant = 340| 6.26k| (contents[0] == 0x00 && (contents[1] & 0x80) == 0) || (contents[0] == 0xFF && (contents[1] & 0x80) != 0); ------------------ | Branch (340:8): [True: 6.26k, False: 0] | Branch (340:31): [True: 6.26k, False: 0] | Branch (340:62): [True: 0, False: 0] | Branch (340:85): [True: 0, False: 0] ------------------ 341| 6.26k| auto encoding = std::span{contents}.subspan(leading_byte_redundant ? 1 : 0); ------------------ | Branch (341:48): [True: 6.26k, False: 0] ------------------ 342| | 343| 6.26k| return add_object(type_tag, class_tag, encoding); 344| 6.26k|} _ZN5Botan11DER_Encoder6encodeEPKhmNS_9ASN1_TypeES3_NS_10ASN1_ClassE: 350| 7.04k| const uint8_t bytes[], size_t length, ASN1_Type real_type, ASN1_Type type_tag, ASN1_Class class_tag) { 351| 7.04k| if(real_type != ASN1_Type::OctetString && real_type != ASN1_Type::BitString) { ------------------ | Branch (351:7): [True: 7.04k, False: 0] | Branch (351:46): [True: 0, False: 7.04k] ------------------ 352| 0| throw Invalid_Argument("DER_Encoder: Invalid tag for byte/bit string"); 353| 0| } 354| | 355| 7.04k| if(real_type == ASN1_Type::BitString) { ------------------ | Branch (355:7): [True: 7.04k, False: 0] ------------------ 356| 7.04k| secure_vector encoded; 357| 7.04k| encoded.push_back(0); 358| 7.04k| encoded += std::make_pair(bytes, length); 359| 7.04k| return add_object(type_tag, class_tag, encoded); 360| 7.04k| } else { 361| 0| return add_object(type_tag, class_tag, bytes, length); 362| 0| } 363| 7.04k|} _ZN5Botan11DER_Encoder6encodeERKNS_11ASN1_ObjectE: 365| 51.6k|DER_Encoder& DER_Encoder::encode(const ASN1_Object& obj) { 366| 51.6k| obj.encode_into(*this); 367| 51.6k| return (*this); 368| 51.6k|} der_enc.cpp:_ZN5Botan12_GLOBAL__N_110encode_tagERNSt3__16vectorIhNS1_9allocatorIhEEEENS_9ASN1_TypeENS_10ASN1_ClassE: 25| 125k|void encode_tag(std::vector& encoded_tag, ASN1_Type type_tag_e, ASN1_Class class_tag_e) { 26| 125k| const uint32_t type_tag = static_cast(type_tag_e); 27| 125k| const uint32_t class_tag = static_cast(class_tag_e); 28| | 29| 125k| if((class_tag | 0xE0) != 0xE0) { ------------------ | Branch (29:7): [True: 0, False: 125k] ------------------ 30| 0| throw Encoding_Error(fmt("DER_Encoder: Invalid class tag {}", std::to_string(class_tag))); 31| 0| } 32| | 33| 125k| if(type_tag <= 30) { ------------------ | Branch (33:7): [True: 125k, False: 0] ------------------ 34| 125k| encoded_tag.push_back(static_cast(type_tag | class_tag)); 35| 125k| } else { 36| 0| size_t blocks = high_bit(static_cast(type_tag)) + 6; 37| 0| blocks = (blocks - (blocks % 7)) / 7; 38| | 39| 0| BOTAN_ASSERT_NOMSG(blocks > 0); ------------------ | | 77| 0| do { \ | | 78| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 0| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 0| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 0] | | ------------------ ------------------ 40| | 41| 0| encoded_tag.push_back(static_cast(class_tag | 0x1F)); 42| 0| for(size_t i = 0; i != blocks - 1; ++i) { ------------------ | Branch (42:25): [True: 0, False: 0] ------------------ 43| 0| encoded_tag.push_back(0x80 | ((type_tag >> 7 * (blocks - i - 1)) & 0x7F)); 44| 0| } 45| 0| encoded_tag.push_back(type_tag & 0x7F); 46| 0| } 47| 125k|} der_enc.cpp:_ZN5Botan12_GLOBAL__N_113encode_lengthERNSt3__16vectorIhNS1_9allocatorIhEEEEm: 52| 125k|void encode_length(std::vector& encoded_length, size_t length) { 53| 125k| if(length <= 127) { ------------------ | Branch (53:7): [True: 111k, False: 14.0k] ------------------ 54| 111k| encoded_length.push_back(static_cast(length)); 55| 111k| } else { 56| 14.0k| const size_t bytes_needed = significant_bytes(length); 57| | 58| 14.0k| encoded_length.push_back(static_cast(0x80 | bytes_needed)); 59| | 60| 42.2k| for(size_t i = sizeof(length) - bytes_needed; i < sizeof(length); ++i) { ------------------ | Branch (60:53): [True: 28.1k, False: 14.0k] ------------------ 61| 28.1k| encoded_length.push_back(get_byte_var(i, length)); 62| 28.1k| } 63| 14.0k| } 64| 125k|} der_enc.cpp:_ZZN5Botan11DER_EncoderC1ERNSt3__16vectorIhNS1_9allocatorIhEEEEENK3$_0clEPKhm: 73| 81.4k| m_append_output = [&vec](const uint8_t b[], size_t l) { vec.insert(vec.end(), b, b + l); }; _ZN5Botan7OID_MapC2Ev: 11| 1|OID_Map::OID_Map() { 12| 1| m_str2oid = OID_Map::load_str2oid_map(); 13| 1| m_oid2str = OID_Map::load_oid2str_map(); 14| 1|} _ZN5Botan7OID_Map15global_registryEv: 16| 46.2k|OID_Map& OID_Map::global_registry() { 17| 46.2k| static OID_Map g_map; 18| 46.2k| return g_map; 19| 46.2k|} _ZN5Botan7OID_Map7oid2strERKNS_3OIDE: 69| 14.0k|std::string OID_Map::oid2str(const OID& oid) { 70| 14.0k| if(auto name = lookup_static_oid(oid)) { ------------------ | Branch (70:12): [True: 14.0k, False: 0] ------------------ 71| 14.0k| return std::string(*name); 72| 14.0k| } 73| | 74| 0| const lock_guard_type lock(m_mutex); 75| | 76| 0| auto i = m_oid2str.find(oid); 77| 0| if(i != m_oid2str.end()) { ------------------ | Branch (77:7): [True: 0, False: 0] ------------------ 78| 0| return i->second; 79| 0| } 80| | 81| 0| return ""; 82| 0|} _ZN5Botan7OID_Map7str2oidENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 84| 32.2k|OID OID_Map::str2oid(std::string_view str) { 85| 32.2k| if(auto oid = lookup_static_oid_name(str)) { ------------------ | Branch (85:12): [True: 32.2k, False: 0] ------------------ 86| 32.2k| return std::move(*oid); 87| 32.2k| } 88| | 89| 0| const lock_guard_type lock(m_mutex); 90| 0| auto i = m_str2oid.find(std::string(str)); 91| 0| if(i != m_str2oid.end()) { ------------------ | Branch (91:7): [True: 0, False: 0] ------------------ 92| 0| return i->second; 93| 0| } 94| | 95| 0| return OID(); 96| 0|} _ZN5Botan10PSS_ParamsC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEm: 33| 6.26k| m_hash(hash_fn, AlgorithmIdentifier::USE_NULL_PARAM), 34| 6.26k| m_mgf("MGF1", m_hash.BER_encode()), 35| 6.26k| m_mgf_hash(m_hash), 36| 6.26k| m_salt_len(salt_len), 37| 6.26k| m_trailer_field(1) {} _ZNK5Botan10PSS_Params9serializeEv: 45| 6.26k|std::vector PSS_Params::serialize() const { 46| 6.26k| std::vector output; 47| 6.26k| DER_Encoder(output).encode(*this); 48| 6.26k| return output; 49| 6.26k|} _ZNK5Botan10PSS_Params11encode_intoERNS_11DER_EncoderE: 51| 6.26k|void PSS_Params::encode_into(DER_Encoder& to) const { 52| 6.26k| to.start_sequence() 53| 6.26k| .start_context_specific(0) 54| 6.26k| .encode(m_hash) 55| 6.26k| .end_cons() 56| 6.26k| .start_context_specific(1) 57| 6.26k| .encode(m_mgf) 58| 6.26k| .end_cons() 59| 6.26k| .start_context_specific(2) 60| 6.26k| .encode(m_salt_len) 61| 6.26k| .end_cons() 62| 6.26k| .end_cons(); 63| 6.26k|} _ZN5Botan7OID_Map17lookup_static_oidERKNS_3OIDE: 48| 14.0k|std::optional OID_Map::lookup_static_oid(const OID& oid) { 49| 14.0k| const uint32_t hc = static_cast(oid.hash_code() % 858701); 50| | 51| 14.0k| switch(hc) { 52| 0| case 0x01506: ------------------ | Branch (52:7): [True: 0, False: 14.0k] ------------------ 53| 0| return if_match(oid, {1, 2, 840, 10045, 4, 3, 1}, "ECDSA/SHA-224"); 54| 0| case 0x01507: ------------------ | Branch (54:7): [True: 0, False: 14.0k] ------------------ 55| 0| return if_match(oid, {1, 2, 840, 10045, 4, 3, 2}, "ECDSA/SHA-256"); 56| 0| case 0x01508: ------------------ | Branch (56:7): [True: 0, False: 14.0k] ------------------ 57| 0| return if_match(oid, {1, 2, 840, 10045, 4, 3, 3}, "ECDSA/SHA-384"); 58| 0| case 0x01509: ------------------ | Branch (58:7): [True: 0, False: 14.0k] ------------------ 59| 0| return if_match(oid, {1, 2, 840, 10045, 4, 3, 4}, "ECDSA/SHA-512"); 60| 0| case 0x04C1E: ------------------ | Branch (60:7): [True: 0, False: 14.0k] ------------------ 61| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 3029, 1, 2, 1}, "ElGamal"); 62| 0| case 0x04E61: ------------------ | Branch (62:7): [True: 0, False: 14.0k] ------------------ 63| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 3029, 1, 5, 1}, "OpenPGP.Curve25519"); 64| 0| case 0x0779B: ------------------ | Branch (64:7): [True: 0, False: 14.0k] ------------------ 65| 0| return if_match(oid, {1, 2, 840, 113549, 2, 5}, "MD5"); 66| 0| case 0x0779D: ------------------ | Branch (66:7): [True: 0, False: 14.0k] ------------------ 67| 0| return if_match(oid, {1, 2, 840, 113549, 2, 7}, "HMAC(SHA-1)"); 68| 0| case 0x0779E: ------------------ | Branch (68:7): [True: 0, False: 14.0k] ------------------ 69| 0| return if_match(oid, {1, 2, 840, 113549, 2, 8}, "HMAC(SHA-224)"); 70| 0| case 0x0779F: ------------------ | Branch (70:7): [True: 0, False: 14.0k] ------------------ 71| 0| return if_match(oid, {1, 2, 840, 113549, 2, 9}, "HMAC(SHA-256)"); 72| 0| case 0x077A0: ------------------ | Branch (72:7): [True: 0, False: 14.0k] ------------------ 73| 0| return if_match(oid, {1, 2, 840, 113549, 2, 10}, "HMAC(SHA-384)"); 74| 0| case 0x077A1: ------------------ | Branch (74:7): [True: 0, False: 14.0k] ------------------ 75| 0| return if_match(oid, {1, 2, 840, 113549, 2, 11}, "HMAC(SHA-512)"); 76| 0| case 0x077A3: ------------------ | Branch (76:7): [True: 0, False: 14.0k] ------------------ 77| 0| return if_match(oid, {1, 2, 840, 113549, 2, 13}, "HMAC(SHA-512-256)"); 78| 0| case 0x0785E: ------------------ | Branch (78:7): [True: 0, False: 14.0k] ------------------ 79| 0| return if_match(oid, {1, 2, 840, 113549, 3, 7}, "TripleDES/CBC"); 80| 0| case 0x0C904: ------------------ | Branch (80:7): [True: 0, False: 14.0k] ------------------ 81| 0| return if_match(oid, {1, 0, 14888, 3, 0, 5}, "ECKCDSA"); 82| 0| case 0x11547: ------------------ | Branch (82:7): [True: 0, False: 14.0k] ------------------ 83| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 1}, "SphincsPlus-shake-128s-r3.1"); 84| 0| case 0x11548: ------------------ | Branch (84:7): [True: 0, False: 14.0k] ------------------ 85| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 2}, "SphincsPlus-shake-128f-r3.1"); 86| 0| case 0x11549: ------------------ | Branch (86:7): [True: 0, False: 14.0k] ------------------ 87| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 3}, "SphincsPlus-shake-192s-r3.1"); 88| 0| case 0x1154A: ------------------ | Branch (88:7): [True: 0, False: 14.0k] ------------------ 89| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 4}, "SphincsPlus-shake-192f-r3.1"); 90| 0| case 0x1154B: ------------------ | Branch (90:7): [True: 0, False: 14.0k] ------------------ 91| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 5}, "SphincsPlus-shake-256s-r3.1"); 92| 0| case 0x1154C: ------------------ | Branch (92:7): [True: 0, False: 14.0k] ------------------ 93| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 6}, "SphincsPlus-shake-256f-r3.1"); 94| 0| case 0x11608: ------------------ | Branch (94:7): [True: 0, False: 14.0k] ------------------ 95| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 1}, "SphincsPlus-sha2-128s-r3.1"); 96| 0| case 0x11609: ------------------ | Branch (96:7): [True: 0, False: 14.0k] ------------------ 97| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 2}, "SphincsPlus-sha2-128f-r3.1"); 98| 0| case 0x1160A: ------------------ | Branch (98:7): [True: 0, False: 14.0k] ------------------ 99| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 3}, "SphincsPlus-sha2-192s-r3.1"); 100| 0| case 0x1160B: ------------------ | Branch (100:7): [True: 0, False: 14.0k] ------------------ 101| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 4}, "SphincsPlus-sha2-192f-r3.1"); 102| 0| case 0x1160C: ------------------ | Branch (102:7): [True: 0, False: 14.0k] ------------------ 103| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 5}, "SphincsPlus-sha2-256s-r3.1"); 104| 0| case 0x1160D: ------------------ | Branch (104:7): [True: 0, False: 14.0k] ------------------ 105| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 6}, "SphincsPlus-sha2-256f-r3.1"); 106| 0| case 0x116C9: ------------------ | Branch (106:7): [True: 0, False: 14.0k] ------------------ 107| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 1}, "SphincsPlus-haraka-128s-r3.1"); 108| 0| case 0x116CA: ------------------ | Branch (108:7): [True: 0, False: 14.0k] ------------------ 109| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 2}, "SphincsPlus-haraka-128f-r3.1"); 110| 0| case 0x116CB: ------------------ | Branch (110:7): [True: 0, False: 14.0k] ------------------ 111| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 3}, "SphincsPlus-haraka-192s-r3.1"); 112| 0| case 0x116CC: ------------------ | Branch (112:7): [True: 0, False: 14.0k] ------------------ 113| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 4}, "SphincsPlus-haraka-192f-r3.1"); 114| 0| case 0x116CD: ------------------ | Branch (114:7): [True: 0, False: 14.0k] ------------------ 115| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 5}, "SphincsPlus-haraka-256s-r3.1"); 116| 0| case 0x116CE: ------------------ | Branch (116:7): [True: 0, False: 14.0k] ------------------ 117| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 6}, "SphincsPlus-haraka-256f-r3.1"); 118| 0| case 0x1533B: ------------------ | Branch (118:7): [True: 0, False: 14.0k] ------------------ 119| 0| return if_match(oid, {1, 2, 156, 10197, 1, 104, 2}, "SM4/CBC"); 120| 0| case 0x15341: ------------------ | Branch (120:7): [True: 0, False: 14.0k] ------------------ 121| 0| return if_match(oid, {1, 2, 156, 10197, 1, 104, 8}, "SM4/GCM"); 122| 0| case 0x1539D: ------------------ | Branch (122:7): [True: 0, False: 14.0k] ------------------ 123| 0| return if_match(oid, {1, 2, 156, 10197, 1, 104, 100}, "SM4/OCB"); 124| 0| case 0x187D7: ------------------ | Branch (124:7): [True: 0, False: 14.0k] ------------------ 125| 0| return if_match(oid, {1, 3, 14, 3, 2, 7}, "DES/CBC"); 126| 0| case 0x187EA: ------------------ | Branch (126:7): [True: 0, False: 14.0k] ------------------ 127| 0| return if_match(oid, {1, 3, 14, 3, 2, 26}, "SHA-1"); 128| 0| case 0x19933: ------------------ | Branch (128:7): [True: 0, False: 14.0k] ------------------ 129| 0| return if_match(oid, {1, 3, 132, 0, 8}, "secp160r1"); 130| 0| case 0x19934: ------------------ | Branch (130:7): [True: 0, False: 14.0k] ------------------ 131| 0| return if_match(oid, {1, 3, 132, 0, 9}, "secp160k1"); 132| 0| case 0x19935: ------------------ | Branch (132:7): [True: 0, False: 14.0k] ------------------ 133| 0| return if_match(oid, {1, 3, 132, 0, 10}, "secp256k1"); 134| 0| case 0x19949: ------------------ | Branch (134:7): [True: 0, False: 14.0k] ------------------ 135| 0| return if_match(oid, {1, 3, 132, 0, 30}, "secp160r2"); 136| 0| case 0x1994A: ------------------ | Branch (136:7): [True: 0, False: 14.0k] ------------------ 137| 0| return if_match(oid, {1, 3, 132, 0, 31}, "secp192k1"); 138| 0| case 0x1994B: ------------------ | Branch (138:7): [True: 0, False: 14.0k] ------------------ 139| 0| return if_match(oid, {1, 3, 132, 0, 32}, "secp224k1"); 140| 0| case 0x1994C: ------------------ | Branch (140:7): [True: 0, False: 14.0k] ------------------ 141| 0| return if_match(oid, {1, 3, 132, 0, 33}, "secp224r1"); 142| 1| case 0x1994D: ------------------ | Branch (142:7): [True: 1, False: 14.0k] ------------------ 143| 1| return if_match(oid, {1, 3, 132, 0, 34}, "secp384r1"); 144| 1| case 0x1994E: ------------------ | Branch (144:7): [True: 1, False: 14.0k] ------------------ 145| 1| return if_match(oid, {1, 3, 132, 0, 35}, "secp521r1"); 146| 0| case 0x199F8: ------------------ | Branch (146:7): [True: 0, False: 14.0k] ------------------ 147| 0| return if_match(oid, {1, 3, 132, 1, 12}, "ECDH"); 148| 0| case 0x1E7BF: ------------------ | Branch (148:7): [True: 0, False: 14.0k] ------------------ 149| 0| return if_match(oid, {1, 2, 156, 10197, 1, 301, 1}, "SM2"); 150| 0| case 0x1E7C0: ------------------ | Branch (150:7): [True: 0, False: 14.0k] ------------------ 151| 0| return if_match(oid, {1, 2, 156, 10197, 1, 301, 2}, "SM2_Kex"); 152| 0| case 0x1E7C1: ------------------ | Branch (152:7): [True: 0, False: 14.0k] ------------------ 153| 0| return if_match(oid, {1, 2, 156, 10197, 1, 301, 3}, "SM2_Enc"); 154| 0| case 0x21960: ------------------ | Branch (154:7): [True: 0, False: 14.0k] ------------------ 155| 0| return if_match(oid, {1, 3, 36, 3, 3, 1, 2}, "RSA/PKCS1v15(RIPEMD-160)"); 156| 0| case 0x2198A: ------------------ | Branch (156:7): [True: 0, False: 14.0k] ------------------ 157| 0| return if_match(oid, {1, 2, 840, 113533, 7, 66, 10}, "CAST-128/CBC"); 158| 0| case 0x2198F: ------------------ | Branch (158:7): [True: 0, False: 14.0k] ------------------ 159| 0| return if_match(oid, {1, 2, 840, 113533, 7, 66, 15}, "KeyWrap.CAST-128"); 160| 0| case 0x227C0: ------------------ | Branch (160:7): [True: 0, False: 14.0k] ------------------ 161| 0| return if_match(oid, {1, 3, 101, 110}, "X25519"); 162| 0| case 0x227C1: ------------------ | Branch (162:7): [True: 0, False: 14.0k] ------------------ 163| 0| return if_match(oid, {1, 3, 101, 111}, "X448"); 164| 0| case 0x227C2: ------------------ | Branch (164:7): [True: 0, False: 14.0k] ------------------ 165| 0| return if_match(oid, {1, 3, 101, 112}, "Ed25519"); 166| 0| case 0x227C3: ------------------ | Branch (166:7): [True: 0, False: 14.0k] ------------------ 167| 0| return if_match(oid, {1, 3, 101, 113}, "Ed448"); 168| 0| case 0x27565: ------------------ | Branch (168:7): [True: 0, False: 14.0k] ------------------ 169| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 48, 1, 1}, "PKIX.OCSP.BasicResponse"); 170| 0| case 0x27569: ------------------ | Branch (170:7): [True: 0, False: 14.0k] ------------------ 171| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 48, 1, 5}, "PKIX.OCSP.NoCheck"); 172| 0| case 0x29F7C: ------------------ | Branch (172:7): [True: 0, False: 14.0k] ------------------ 173| 0| return if_match(oid, {1, 2, 410, 200004, 1, 100, 4, 3}, "ECKCDSA/SHA-1"); 174| 0| case 0x29F7D: ------------------ | Branch (174:7): [True: 0, False: 14.0k] ------------------ 175| 0| return if_match(oid, {1, 2, 410, 200004, 1, 100, 4, 4}, "ECKCDSA/SHA-224"); 176| 0| case 0x29F7E: ------------------ | Branch (176:7): [True: 0, False: 14.0k] ------------------ 177| 0| return if_match(oid, {1, 2, 410, 200004, 1, 100, 4, 5}, "ECKCDSA/SHA-256"); 178| 0| case 0x2AC3B: ------------------ | Branch (178:7): [True: 0, False: 14.0k] ------------------ 179| 0| return if_match(oid, {2, 5, 29, 32, 0}, "X509v3.AnyPolicy"); 180| 0| case 0x2B000: ------------------ | Branch (180:7): [True: 0, False: 14.0k] ------------------ 181| 0| return if_match(oid, {2, 5, 29, 37, 0}, "X509v3.AnyExtendedKeyUsage"); 182| 14.0k| case 0x2B5C9: ------------------ | Branch (182:7): [True: 14.0k, False: 6] ------------------ 183| 14.0k| return if_match(oid, {1, 2, 840, 10045, 2, 1}, "ECDSA"); 184| 0| case 0x2B74B: ------------------ | Branch (184:7): [True: 0, False: 14.0k] ------------------ 185| 0| return if_match(oid, {1, 2, 840, 10045, 4, 1}, "ECDSA/SHA-1"); 186| 0| case 0x3474A: ------------------ | Branch (186:7): [True: 0, False: 14.0k] ------------------ 187| 0| return if_match(oid, {1, 2, 840, 10046, 2, 1}, "DH"); 188| 0| case 0x38D6D: ------------------ | Branch (188:7): [True: 0, False: 14.0k] ------------------ 189| 0| return if_match(oid, {1, 2, 643, 7, 1, 2, 1, 1, 1}, "gost_256A"); 190| 0| case 0x38D6E: ------------------ | Branch (190:7): [True: 0, False: 14.0k] ------------------ 191| 0| return if_match(oid, {1, 2, 643, 7, 1, 2, 1, 1, 2}, "gost_256B"); 192| 0| case 0x38E2E: ------------------ | Branch (192:7): [True: 0, False: 14.0k] ------------------ 193| 0| return if_match(oid, {1, 2, 643, 7, 1, 2, 1, 2, 1}, "gost_512A"); 194| 0| case 0x38E2F: ------------------ | Branch (194:7): [True: 0, False: 14.0k] ------------------ 195| 0| return if_match(oid, {1, 2, 643, 7, 1, 2, 1, 2, 2}, "gost_512B"); 196| 0| case 0x38F2C: ------------------ | Branch (196:7): [True: 0, False: 14.0k] ------------------ 197| 0| return if_match(oid, {1, 2, 643, 2, 2, 3}, "GOST-34.10/GOST-R-34.11-94"); 198| 0| case 0x38F3C: ------------------ | Branch (198:7): [True: 0, False: 14.0k] ------------------ 199| 0| return if_match(oid, {1, 2, 643, 2, 2, 19}, "GOST-34.10"); 200| 0| case 0x3D7B8: ------------------ | Branch (200:7): [True: 0, False: 14.0k] ------------------ 201| 0| return if_match(oid, {0, 3, 4401, 5, 3, 1, 9, 6}, "Camellia-128/GCM"); 202| 0| case 0x3D7CC: ------------------ | Branch (202:7): [True: 0, False: 14.0k] ------------------ 203| 0| return if_match(oid, {0, 3, 4401, 5, 3, 1, 9, 26}, "Camellia-192/GCM"); 204| 0| case 0x3D7E0: ------------------ | Branch (204:7): [True: 0, False: 14.0k] ------------------ 205| 0| return if_match(oid, {0, 3, 4401, 5, 3, 1, 9, 46}, "Camellia-256/GCM"); 206| 0| case 0x3F20F: ------------------ | Branch (206:7): [True: 0, False: 14.0k] ------------------ 207| 0| return if_match(oid, {1, 3, 36, 3, 2, 1}, "RIPEMD-160"); 208| 0| case 0x4266E: ------------------ | Branch (208:7): [True: 0, False: 14.0k] ------------------ 209| 0| return if_match(oid, {0, 4, 0, 127, 0, 15, 1, 1, 13, 0}, "XMSS"); 210| 0| case 0x478C4: ------------------ | Branch (210:7): [True: 0, False: 14.0k] ------------------ 211| 0| return if_match(oid, {1, 2, 410, 200004, 1, 4}, "SEED/CBC"); 212| 0| case 0x47D98: ------------------ | Branch (212:7): [True: 0, False: 14.0k] ------------------ 213| 0| return if_match(oid, {1, 2, 156, 10197, 1, 301}, "sm2p256v1"); 214| 0| case 0x47DFC: ------------------ | Branch (214:7): [True: 0, False: 14.0k] ------------------ 215| 0| return if_match(oid, {1, 2, 156, 10197, 1, 401}, "SM3"); 216| 0| case 0x47E60: ------------------ | Branch (216:7): [True: 0, False: 14.0k] ------------------ 217| 0| return if_match(oid, {1, 2, 156, 10197, 1, 501}, "SM2_Sig/SM3"); 218| 0| case 0x47E63: ------------------ | Branch (218:7): [True: 0, False: 14.0k] ------------------ 219| 0| return if_match(oid, {1, 2, 156, 10197, 1, 504}, "RSA/PKCS1v15(SM3)"); 220| 0| case 0x52B13: ------------------ | Branch (220:7): [True: 0, False: 14.0k] ------------------ 221| 0| return if_match(oid, {1, 2, 643, 3, 131, 1, 1}, "GOST.INN"); 222| 0| case 0x635AE: ------------------ | Branch (222:7): [True: 0, False: 14.0k] ------------------ 223| 0| return if_match(oid, {1, 2, 250, 1, 223, 101, 256, 1}, "frp256v1"); 224| 0| case 0x6A784: ------------------ | Branch (224:7): [True: 0, False: 14.0k] ------------------ 225| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 1}, "PKCS12.KeyBag"); 226| 0| case 0x6A785: ------------------ | Branch (226:7): [True: 0, False: 14.0k] ------------------ 227| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 2}, "PKCS12.PKCS8ShroudedKeyBag"); 228| 0| case 0x6A786: ------------------ | Branch (228:7): [True: 0, False: 14.0k] ------------------ 229| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 3}, "PKCS12.CertBag"); 230| 0| case 0x6A787: ------------------ | Branch (230:7): [True: 0, False: 14.0k] ------------------ 231| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 4}, "PKCS12.CRLBag"); 232| 0| case 0x6A788: ------------------ | Branch (232:7): [True: 0, False: 14.0k] ------------------ 233| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 5}, "PKCS12.SecretBag"); 234| 0| case 0x6A789: ------------------ | Branch (234:7): [True: 0, False: 14.0k] ------------------ 235| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 10, 1, 6}, "PKCS12.SafeContentsBag"); 236| 0| case 0x6EB86: ------------------ | Branch (236:7): [True: 0, False: 14.0k] ------------------ 237| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 6, 1}, "GOST-34.10-2012-256/SHA-256"); 238| 0| case 0x6EC47: ------------------ | Branch (238:7): [True: 0, False: 14.0k] ------------------ 239| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 7, 1}, "Kyber-512-r3"); 240| 0| case 0x6EC48: ------------------ | Branch (240:7): [True: 0, False: 14.0k] ------------------ 241| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 7, 2}, "Kyber-768-r3"); 242| 0| case 0x6EC49: ------------------ | Branch (242:7): [True: 0, False: 14.0k] ------------------ 243| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 7, 3}, "Kyber-1024-r3"); 244| 0| case 0x6EDC9: ------------------ | Branch (244:7): [True: 0, False: 14.0k] ------------------ 245| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 9, 1}, "Dilithium-4x4-r3"); 246| 0| case 0x6EDCA: ------------------ | Branch (246:7): [True: 0, False: 14.0k] ------------------ 247| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 9, 2}, "Dilithium-6x5-r3"); 248| 0| case 0x6EDCB: ------------------ | Branch (248:7): [True: 0, False: 14.0k] ------------------ 249| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 9, 3}, "Dilithium-8x7-r3"); 250| 0| case 0x6EE8A: ------------------ | Branch (250:7): [True: 0, False: 14.0k] ------------------ 251| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 10, 1}, "Dilithium-4x4-AES-r3"); 252| 0| case 0x6EE8B: ------------------ | Branch (252:7): [True: 0, False: 14.0k] ------------------ 253| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 10, 2}, "Dilithium-6x5-AES-r3"); 254| 0| case 0x6EE8C: ------------------ | Branch (254:7): [True: 0, False: 14.0k] ------------------ 255| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 10, 3}, "Dilithium-8x7-AES-r3"); 256| 0| case 0x6EF4B: ------------------ | Branch (256:7): [True: 0, False: 14.0k] ------------------ 257| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 11, 1}, "Kyber-512-90s-r3"); 258| 0| case 0x6EF4C: ------------------ | Branch (258:7): [True: 0, False: 14.0k] ------------------ 259| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 11, 2}, "Kyber-768-90s-r3"); 260| 0| case 0x6EF4D: ------------------ | Branch (260:7): [True: 0, False: 14.0k] ------------------ 261| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 11, 3}, "Kyber-1024-90s-r3"); 262| 0| case 0x6F18E: ------------------ | Branch (262:7): [True: 0, False: 14.0k] ------------------ 263| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 14, 1}, "FrodoKEM-640-SHAKE"); 264| 0| case 0x6F18F: ------------------ | Branch (264:7): [True: 0, False: 14.0k] ------------------ 265| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 14, 2}, "FrodoKEM-976-SHAKE"); 266| 0| case 0x6F190: ------------------ | Branch (266:7): [True: 0, False: 14.0k] ------------------ 267| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 14, 3}, "FrodoKEM-1344-SHAKE"); 268| 0| case 0x6F24F: ------------------ | Branch (268:7): [True: 0, False: 14.0k] ------------------ 269| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 15, 1}, "FrodoKEM-640-AES"); 270| 0| case 0x6F250: ------------------ | Branch (270:7): [True: 0, False: 14.0k] ------------------ 271| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 15, 2}, "FrodoKEM-976-AES"); 272| 0| case 0x6F251: ------------------ | Branch (272:7): [True: 0, False: 14.0k] ------------------ 273| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 15, 3}, "FrodoKEM-1344-AES"); 274| 0| case 0x6F310: ------------------ | Branch (274:7): [True: 0, False: 14.0k] ------------------ 275| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 16, 1}, "eFrodoKEM-640-SHAKE"); 276| 0| case 0x6F311: ------------------ | Branch (276:7): [True: 0, False: 14.0k] ------------------ 277| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 16, 2}, "eFrodoKEM-976-SHAKE"); 278| 0| case 0x6F312: ------------------ | Branch (278:7): [True: 0, False: 14.0k] ------------------ 279| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 16, 3}, "eFrodoKEM-1344-SHAKE"); 280| 0| case 0x6F3D1: ------------------ | Branch (280:7): [True: 0, False: 14.0k] ------------------ 281| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 17, 1}, "eFrodoKEM-640-AES"); 282| 0| case 0x6F3D2: ------------------ | Branch (282:7): [True: 0, False: 14.0k] ------------------ 283| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 17, 2}, "eFrodoKEM-976-AES"); 284| 0| case 0x6F3D3: ------------------ | Branch (284:7): [True: 0, False: 14.0k] ------------------ 285| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 17, 3}, "eFrodoKEM-1344-AES"); 286| 0| case 0x6F492: ------------------ | Branch (286:7): [True: 0, False: 14.0k] ------------------ 287| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 1}, "ClassicMcEliece_6688128pc"); 288| 0| case 0x6F493: ------------------ | Branch (288:7): [True: 0, False: 14.0k] ------------------ 289| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 2}, "ClassicMcEliece_6688128pcf"); 290| 0| case 0x6F494: ------------------ | Branch (290:7): [True: 0, False: 14.0k] ------------------ 291| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 3}, "ClassicMcEliece_6960119pc"); 292| 0| case 0x6F495: ------------------ | Branch (292:7): [True: 0, False: 14.0k] ------------------ 293| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 4}, "ClassicMcEliece_6960119pcf"); 294| 0| case 0x6F496: ------------------ | Branch (294:7): [True: 0, False: 14.0k] ------------------ 295| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 5}, "ClassicMcEliece_8192128pc"); 296| 0| case 0x6F497: ------------------ | Branch (296:7): [True: 0, False: 14.0k] ------------------ 297| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 18, 6}, "ClassicMcEliece_8192128pcf"); 298| 0| case 0x6F79D: ------------------ | Branch (298:7): [True: 0, False: 14.0k] ------------------ 299| 0| return if_match(oid, {2, 16, 840, 1, 113730, 1, 13}, "Certificate Comment"); 300| 0| case 0x701A0: ------------------ | Branch (300:7): [True: 0, False: 14.0k] ------------------ 301| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 2, 1}, "ECGDSA"); 302| 0| case 0x70322: ------------------ | Branch (302:7): [True: 0, False: 14.0k] ------------------ 303| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 1}, "ECGDSA/RIPEMD-160"); 304| 0| case 0x70323: ------------------ | Branch (304:7): [True: 0, False: 14.0k] ------------------ 305| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 2}, "ECGDSA/SHA-1"); 306| 0| case 0x70324: ------------------ | Branch (306:7): [True: 0, False: 14.0k] ------------------ 307| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 3}, "ECGDSA/SHA-224"); 308| 0| case 0x70325: ------------------ | Branch (308:7): [True: 0, False: 14.0k] ------------------ 309| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 4}, "ECGDSA/SHA-256"); 310| 0| case 0x70326: ------------------ | Branch (310:7): [True: 0, False: 14.0k] ------------------ 311| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 5}, "ECGDSA/SHA-384"); 312| 0| case 0x70327: ------------------ | Branch (312:7): [True: 0, False: 14.0k] ------------------ 313| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 5, 4, 6}, "ECGDSA/SHA-512"); 314| 0| case 0x72B21: ------------------ | Branch (314:7): [True: 0, False: 14.0k] ------------------ 315| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 1, 1}, "GOST-34.10-2012-256"); 316| 0| case 0x72B22: ------------------ | Branch (316:7): [True: 0, False: 14.0k] ------------------ 317| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 1, 2}, "GOST-34.10-2012-512"); 318| 0| case 0x72BE3: ------------------ | Branch (318:7): [True: 0, False: 14.0k] ------------------ 319| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 2, 2}, "Streebog-256"); 320| 0| case 0x72BE4: ------------------ | Branch (320:7): [True: 0, False: 14.0k] ------------------ 321| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 2, 3}, "Streebog-512"); 322| 0| case 0x72CA4: ------------------ | Branch (322:7): [True: 0, False: 14.0k] ------------------ 323| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 3, 2}, "GOST-34.10-2012-256/Streebog-256"); 324| 0| case 0x72CA5: ------------------ | Branch (324:7): [True: 0, False: 14.0k] ------------------ 325| 0| return if_match(oid, {1, 2, 643, 7, 1, 1, 3, 3}, "GOST-34.10-2012-512/Streebog-512"); 326| 0| case 0x7C7C7: ------------------ | Branch (326:7): [True: 0, False: 14.0k] ------------------ 327| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 22, 1}, "PKCS9.X509Certificate"); 328| 0| case 0x7C7C8: ------------------ | Branch (328:7): [True: 0, False: 14.0k] ------------------ 329| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 22, 2}, "PKCS9.SDSICertificate"); 330| 0| case 0x7C888: ------------------ | Branch (330:7): [True: 0, False: 14.0k] ------------------ 331| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 23, 1}, "PKCS9.X509CRL"); 332| 0| case 0x7E10F: ------------------ | Branch (332:7): [True: 0, False: 14.0k] ------------------ 333| 0| return if_match(oid, {2, 5, 4, 3}, "X520.CommonName"); 334| 0| case 0x7E110: ------------------ | Branch (334:7): [True: 0, False: 14.0k] ------------------ 335| 0| return if_match(oid, {2, 5, 4, 4}, "X520.Surname"); 336| 0| case 0x7E111: ------------------ | Branch (336:7): [True: 0, False: 14.0k] ------------------ 337| 0| return if_match(oid, {2, 5, 4, 5}, "X520.SerialNumber"); 338| 0| case 0x7E112: ------------------ | Branch (338:7): [True: 0, False: 14.0k] ------------------ 339| 0| return if_match(oid, {2, 5, 4, 6}, "X520.Country"); 340| 0| case 0x7E113: ------------------ | Branch (340:7): [True: 0, False: 14.0k] ------------------ 341| 0| return if_match(oid, {2, 5, 4, 7}, "X520.Locality"); 342| 0| case 0x7E114: ------------------ | Branch (342:7): [True: 0, False: 14.0k] ------------------ 343| 0| return if_match(oid, {2, 5, 4, 8}, "X520.State"); 344| 0| case 0x7E115: ------------------ | Branch (344:7): [True: 0, False: 14.0k] ------------------ 345| 0| return if_match(oid, {2, 5, 4, 9}, "X520.StreetAddress"); 346| 0| case 0x7E116: ------------------ | Branch (346:7): [True: 0, False: 14.0k] ------------------ 347| 0| return if_match(oid, {2, 5, 4, 10}, "X520.Organization"); 348| 0| case 0x7E117: ------------------ | Branch (348:7): [True: 0, False: 14.0k] ------------------ 349| 0| return if_match(oid, {2, 5, 4, 11}, "X520.OrganizationalUnit"); 350| 0| case 0x7E118: ------------------ | Branch (350:7): [True: 0, False: 14.0k] ------------------ 351| 0| return if_match(oid, {2, 5, 4, 12}, "X520.Title"); 352| 0| case 0x7E136: ------------------ | Branch (352:7): [True: 0, False: 14.0k] ------------------ 353| 0| return if_match(oid, {2, 5, 4, 42}, "X520.GivenName"); 354| 0| case 0x7E137: ------------------ | Branch (354:7): [True: 0, False: 14.0k] ------------------ 355| 0| return if_match(oid, {2, 5, 4, 43}, "X520.Initials"); 356| 0| case 0x7E138: ------------------ | Branch (356:7): [True: 0, False: 14.0k] ------------------ 357| 0| return if_match(oid, {2, 5, 4, 44}, "X520.GenerationalQualifier"); 358| 0| case 0x7E13A: ------------------ | Branch (358:7): [True: 0, False: 14.0k] ------------------ 359| 0| return if_match(oid, {2, 5, 4, 46}, "X520.DNQualifier"); 360| 0| case 0x7E14D: ------------------ | Branch (360:7): [True: 0, False: 14.0k] ------------------ 361| 0| return if_match(oid, {2, 5, 4, 65}, "X520.Pseudonym"); 362| 0| case 0x7F3F3: ------------------ | Branch (362:7): [True: 0, False: 14.0k] ------------------ 363| 0| return if_match(oid, {2, 5, 29, 14}, "X509v3.SubjectKeyIdentifier"); 364| 0| case 0x7F3F4: ------------------ | Branch (364:7): [True: 0, False: 14.0k] ------------------ 365| 0| return if_match(oid, {2, 5, 29, 15}, "X509v3.KeyUsage"); 366| 0| case 0x7F3F5: ------------------ | Branch (366:7): [True: 0, False: 14.0k] ------------------ 367| 0| return if_match(oid, {2, 5, 29, 16}, "X509v3.PrivateKeyUsagePeriod"); 368| 0| case 0x7F3F6: ------------------ | Branch (368:7): [True: 0, False: 14.0k] ------------------ 369| 0| return if_match(oid, {2, 5, 29, 17}, "X509v3.SubjectAlternativeName"); 370| 0| case 0x7F3F7: ------------------ | Branch (370:7): [True: 0, False: 14.0k] ------------------ 371| 0| return if_match(oid, {2, 5, 29, 18}, "X509v3.IssuerAlternativeName"); 372| 0| case 0x7F3F8: ------------------ | Branch (372:7): [True: 0, False: 14.0k] ------------------ 373| 0| return if_match(oid, {2, 5, 29, 19}, "X509v3.BasicConstraints"); 374| 0| case 0x7F3F9: ------------------ | Branch (374:7): [True: 0, False: 14.0k] ------------------ 375| 0| return if_match(oid, {2, 5, 29, 20}, "X509v3.CRLNumber"); 376| 0| case 0x7F3FA: ------------------ | Branch (376:7): [True: 0, False: 14.0k] ------------------ 377| 0| return if_match(oid, {2, 5, 29, 21}, "X509v3.ReasonCode"); 378| 0| case 0x7F3FC: ------------------ | Branch (378:7): [True: 0, False: 14.0k] ------------------ 379| 0| return if_match(oid, {2, 5, 29, 23}, "X509v3.HoldInstructionCode"); 380| 0| case 0x7F3FD: ------------------ | Branch (380:7): [True: 0, False: 14.0k] ------------------ 381| 0| return if_match(oid, {2, 5, 29, 24}, "X509v3.InvalidityDate"); 382| 0| case 0x7F401: ------------------ | Branch (382:7): [True: 0, False: 14.0k] ------------------ 383| 0| return if_match(oid, {2, 5, 29, 28}, "X509v3.CRLIssuingDistributionPoint"); 384| 0| case 0x7F403: ------------------ | Branch (384:7): [True: 0, False: 14.0k] ------------------ 385| 0| return if_match(oid, {2, 5, 29, 30}, "X509v3.NameConstraints"); 386| 0| case 0x7F404: ------------------ | Branch (386:7): [True: 0, False: 14.0k] ------------------ 387| 0| return if_match(oid, {2, 5, 29, 31}, "X509v3.CRLDistributionPoints"); 388| 0| case 0x7F405: ------------------ | Branch (388:7): [True: 0, False: 14.0k] ------------------ 389| 0| return if_match(oid, {2, 5, 29, 32}, "X509v3.CertificatePolicies"); 390| 0| case 0x7F408: ------------------ | Branch (390:7): [True: 0, False: 14.0k] ------------------ 391| 0| return if_match(oid, {2, 5, 29, 35}, "X509v3.AuthorityKeyIdentifier"); 392| 0| case 0x7F409: ------------------ | Branch (392:7): [True: 0, False: 14.0k] ------------------ 393| 0| return if_match(oid, {2, 5, 29, 36}, "X509v3.PolicyConstraints"); 394| 0| case 0x7F40A: ------------------ | Branch (394:7): [True: 0, False: 14.0k] ------------------ 395| 0| return if_match(oid, {2, 5, 29, 37}, "X509v3.ExtendedKeyUsage"); 396| 0| case 0x7F41D: ------------------ | Branch (396:7): [True: 0, False: 14.0k] ------------------ 397| 0| return if_match(oid, {2, 5, 29, 56}, "X509v3.NoRevocationAvailable"); 398| 0| case 0x80B84: ------------------ | Branch (398:7): [True: 0, False: 14.0k] ------------------ 399| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 1}, "AES-128/OCB"); 400| 0| case 0x80B85: ------------------ | Branch (400:7): [True: 0, False: 14.0k] ------------------ 401| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 2}, "AES-192/OCB"); 402| 0| case 0x80B86: ------------------ | Branch (402:7): [True: 0, False: 14.0k] ------------------ 403| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 3}, "AES-256/OCB"); 404| 0| case 0x80B87: ------------------ | Branch (404:7): [True: 0, False: 14.0k] ------------------ 405| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 4}, "Serpent/OCB"); 406| 0| case 0x80B88: ------------------ | Branch (406:7): [True: 0, False: 14.0k] ------------------ 407| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 5}, "Twofish/OCB"); 408| 0| case 0x80B89: ------------------ | Branch (408:7): [True: 0, False: 14.0k] ------------------ 409| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 6}, "Camellia-128/OCB"); 410| 0| case 0x80B8A: ------------------ | Branch (410:7): [True: 0, False: 14.0k] ------------------ 411| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 7}, "Camellia-192/OCB"); 412| 0| case 0x80B8B: ------------------ | Branch (412:7): [True: 0, False: 14.0k] ------------------ 413| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2, 8}, "Camellia-256/OCB"); 414| 0| case 0x80D06: ------------------ | Branch (414:7): [True: 0, False: 14.0k] ------------------ 415| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 1}, "AES-128/SIV"); 416| 0| case 0x80D07: ------------------ | Branch (416:7): [True: 0, False: 14.0k] ------------------ 417| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 2}, "AES-192/SIV"); 418| 0| case 0x80D08: ------------------ | Branch (418:7): [True: 0, False: 14.0k] ------------------ 419| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 3}, "AES-256/SIV"); 420| 0| case 0x80D09: ------------------ | Branch (420:7): [True: 0, False: 14.0k] ------------------ 421| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 4}, "Serpent/SIV"); 422| 0| case 0x80D0A: ------------------ | Branch (422:7): [True: 0, False: 14.0k] ------------------ 423| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 5}, "Twofish/SIV"); 424| 0| case 0x80D0B: ------------------ | Branch (424:7): [True: 0, False: 14.0k] ------------------ 425| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 6}, "Camellia-128/SIV"); 426| 0| case 0x80D0C: ------------------ | Branch (426:7): [True: 0, False: 14.0k] ------------------ 427| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 7}, "Camellia-192/SIV"); 428| 0| case 0x80D0D: ------------------ | Branch (428:7): [True: 0, False: 14.0k] ------------------ 429| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 8}, "Camellia-256/SIV"); 430| 0| case 0x80D0E: ------------------ | Branch (430:7): [True: 0, False: 14.0k] ------------------ 431| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 4, 9}, "SM4/SIV"); 432| 0| case 0x84C6A: ------------------ | Branch (432:7): [True: 0, False: 14.0k] ------------------ 433| 0| return if_match(oid, {1, 2, 392, 200011, 61, 1, 1, 1, 2}, "Camellia-128/CBC"); 434| 0| case 0x84C6B: ------------------ | Branch (434:7): [True: 0, False: 14.0k] ------------------ 435| 0| return if_match(oid, {1, 2, 392, 200011, 61, 1, 1, 1, 3}, "Camellia-192/CBC"); 436| 0| case 0x84C6C: ------------------ | Branch (436:7): [True: 0, False: 14.0k] ------------------ 437| 0| return if_match(oid, {1, 2, 392, 200011, 61, 1, 1, 1, 4}, "Camellia-256/CBC"); 438| 0| case 0x88CD3: ------------------ | Branch (438:7): [True: 0, False: 14.0k] ------------------ 439| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 16, 3, 6}, "KeyWrap.TripleDES"); 440| 0| case 0x88CD5: ------------------ | Branch (440:7): [True: 0, False: 14.0k] ------------------ 441| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 16, 3, 8}, "Compression.Zlib"); 442| 0| case 0x88CDE: ------------------ | Branch (442:7): [True: 0, False: 14.0k] ------------------ 443| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 16, 3, 17}, "HSS-LMS"); 444| 0| case 0x88CDF: ------------------ | Branch (444:7): [True: 0, False: 14.0k] ------------------ 445| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 16, 3, 18}, "ChaCha20Poly1305"); 446| 0| case 0x92296: ------------------ | Branch (446:7): [True: 0, False: 14.0k] ------------------ 447| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 2}, "AES-128/CBC"); 448| 0| case 0x92299: ------------------ | Branch (448:7): [True: 0, False: 14.0k] ------------------ 449| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 5}, "KeyWrap.AES-128"); 450| 0| case 0x9229A: ------------------ | Branch (450:7): [True: 0, False: 14.0k] ------------------ 451| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 6}, "AES-128/GCM"); 452| 0| case 0x9229B: ------------------ | Branch (452:7): [True: 0, False: 14.0k] ------------------ 453| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 7}, "AES-128/CCM"); 454| 0| case 0x922AA: ------------------ | Branch (454:7): [True: 0, False: 14.0k] ------------------ 455| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 22}, "AES-192/CBC"); 456| 0| case 0x922AD: ------------------ | Branch (456:7): [True: 0, False: 14.0k] ------------------ 457| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 25}, "KeyWrap.AES-192"); 458| 0| case 0x922AE: ------------------ | Branch (458:7): [True: 0, False: 14.0k] ------------------ 459| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 26}, "AES-192/GCM"); 460| 0| case 0x922AF: ------------------ | Branch (460:7): [True: 0, False: 14.0k] ------------------ 461| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 27}, "AES-192/CCM"); 462| 0| case 0x922BE: ------------------ | Branch (462:7): [True: 0, False: 14.0k] ------------------ 463| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 42}, "AES-256/CBC"); 464| 0| case 0x922C1: ------------------ | Branch (464:7): [True: 0, False: 14.0k] ------------------ 465| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 45}, "KeyWrap.AES-256"); 466| 0| case 0x922C2: ------------------ | Branch (466:7): [True: 0, False: 14.0k] ------------------ 467| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 46}, "AES-256/GCM"); 468| 0| case 0x922C3: ------------------ | Branch (468:7): [True: 0, False: 14.0k] ------------------ 469| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 1, 47}, "AES-256/CCM"); 470| 0| case 0x92356: ------------------ | Branch (470:7): [True: 0, False: 14.0k] ------------------ 471| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 1}, "SHA-256"); 472| 0| case 0x92357: ------------------ | Branch (472:7): [True: 0, False: 14.0k] ------------------ 473| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 2}, "SHA-384"); 474| 0| case 0x92358: ------------------ | Branch (474:7): [True: 0, False: 14.0k] ------------------ 475| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 3}, "SHA-512"); 476| 0| case 0x92359: ------------------ | Branch (476:7): [True: 0, False: 14.0k] ------------------ 477| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 4}, "SHA-224"); 478| 0| case 0x9235B: ------------------ | Branch (478:7): [True: 0, False: 14.0k] ------------------ 479| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 6}, "SHA-512-256"); 480| 0| case 0x9235C: ------------------ | Branch (480:7): [True: 0, False: 14.0k] ------------------ 481| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 7}, "SHA-3(224)"); 482| 0| case 0x9235D: ------------------ | Branch (482:7): [True: 0, False: 14.0k] ------------------ 483| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 8}, "SHA-3(256)"); 484| 0| case 0x9235E: ------------------ | Branch (484:7): [True: 0, False: 14.0k] ------------------ 485| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 9}, "SHA-3(384)"); 486| 0| case 0x9235F: ------------------ | Branch (486:7): [True: 0, False: 14.0k] ------------------ 487| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 10}, "SHA-3(512)"); 488| 0| case 0x92360: ------------------ | Branch (488:7): [True: 0, False: 14.0k] ------------------ 489| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 11}, "SHAKE-128"); 490| 0| case 0x92361: ------------------ | Branch (490:7): [True: 0, False: 14.0k] ------------------ 491| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 2, 12}, "SHAKE-256"); 492| 0| case 0x92417: ------------------ | Branch (492:7): [True: 0, False: 14.0k] ------------------ 493| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 1}, "DSA/SHA-224"); 494| 0| case 0x92418: ------------------ | Branch (494:7): [True: 0, False: 14.0k] ------------------ 495| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 2}, "DSA/SHA-256"); 496| 0| case 0x92419: ------------------ | Branch (496:7): [True: 0, False: 14.0k] ------------------ 497| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 3}, "DSA/SHA-384"); 498| 0| case 0x9241A: ------------------ | Branch (498:7): [True: 0, False: 14.0k] ------------------ 499| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 4}, "DSA/SHA-512"); 500| 0| case 0x9241B: ------------------ | Branch (500:7): [True: 0, False: 14.0k] ------------------ 501| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 5}, "DSA/SHA-3(224)"); 502| 0| case 0x9241C: ------------------ | Branch (502:7): [True: 0, False: 14.0k] ------------------ 503| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 6}, "DSA/SHA-3(256)"); 504| 0| case 0x9241D: ------------------ | Branch (504:7): [True: 0, False: 14.0k] ------------------ 505| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 7}, "DSA/SHA-3(384)"); 506| 0| case 0x9241E: ------------------ | Branch (506:7): [True: 0, False: 14.0k] ------------------ 507| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 8}, "DSA/SHA-3(512)"); 508| 0| case 0x9241F: ------------------ | Branch (508:7): [True: 0, False: 14.0k] ------------------ 509| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 9}, "ECDSA/SHA-3(224)"); 510| 0| case 0x92420: ------------------ | Branch (510:7): [True: 0, False: 14.0k] ------------------ 511| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 10}, "ECDSA/SHA-3(256)"); 512| 0| case 0x92421: ------------------ | Branch (512:7): [True: 0, False: 14.0k] ------------------ 513| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 11}, "ECDSA/SHA-3(384)"); 514| 0| case 0x92422: ------------------ | Branch (514:7): [True: 0, False: 14.0k] ------------------ 515| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 12}, "ECDSA/SHA-3(512)"); 516| 0| case 0x92423: ------------------ | Branch (516:7): [True: 0, False: 14.0k] ------------------ 517| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 13}, "RSA/PKCS1v15(SHA-3(224))"); 518| 0| case 0x92424: ------------------ | Branch (518:7): [True: 0, False: 14.0k] ------------------ 519| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 14}, "RSA/PKCS1v15(SHA-3(256))"); 520| 0| case 0x92425: ------------------ | Branch (520:7): [True: 0, False: 14.0k] ------------------ 521| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 15}, "RSA/PKCS1v15(SHA-3(384))"); 522| 0| case 0x92426: ------------------ | Branch (522:7): [True: 0, False: 14.0k] ------------------ 523| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 16}, "RSA/PKCS1v15(SHA-3(512))"); 524| 0| case 0x92427: ------------------ | Branch (524:7): [True: 0, False: 14.0k] ------------------ 525| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 17}, "ML-DSA-4x4"); 526| 0| case 0x92428: ------------------ | Branch (526:7): [True: 0, False: 14.0k] ------------------ 527| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 18}, "ML-DSA-6x5"); 528| 0| case 0x92429: ------------------ | Branch (528:7): [True: 0, False: 14.0k] ------------------ 529| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 19}, "ML-DSA-8x7"); 530| 0| case 0x9242A: ------------------ | Branch (530:7): [True: 0, False: 14.0k] ------------------ 531| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 20}, "SLH-DSA-SHA2-128s"); 532| 0| case 0x9242B: ------------------ | Branch (532:7): [True: 0, False: 14.0k] ------------------ 533| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 21}, "SLH-DSA-SHA2-128f"); 534| 0| case 0x9242C: ------------------ | Branch (534:7): [True: 0, False: 14.0k] ------------------ 535| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 22}, "SLH-DSA-SHA2-192s"); 536| 0| case 0x9242D: ------------------ | Branch (536:7): [True: 0, False: 14.0k] ------------------ 537| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 23}, "SLH-DSA-SHA2-192f"); 538| 0| case 0x9242E: ------------------ | Branch (538:7): [True: 0, False: 14.0k] ------------------ 539| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 24}, "SLH-DSA-SHA2-256s"); 540| 0| case 0x9242F: ------------------ | Branch (540:7): [True: 0, False: 14.0k] ------------------ 541| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 25}, "SLH-DSA-SHA2-256f"); 542| 0| case 0x92430: ------------------ | Branch (542:7): [True: 0, False: 14.0k] ------------------ 543| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 26}, "SLH-DSA-SHAKE-128s"); 544| 0| case 0x92431: ------------------ | Branch (544:7): [True: 0, False: 14.0k] ------------------ 545| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 27}, "SLH-DSA-SHAKE-128f"); 546| 0| case 0x92432: ------------------ | Branch (546:7): [True: 0, False: 14.0k] ------------------ 547| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 28}, "SLH-DSA-SHAKE-192s"); 548| 0| case 0x92433: ------------------ | Branch (548:7): [True: 0, False: 14.0k] ------------------ 549| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 29}, "SLH-DSA-SHAKE-192f"); 550| 0| case 0x92434: ------------------ | Branch (550:7): [True: 0, False: 14.0k] ------------------ 551| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 30}, "SLH-DSA-SHAKE-256s"); 552| 0| case 0x92435: ------------------ | Branch (552:7): [True: 0, False: 14.0k] ------------------ 553| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 3, 31}, "SLH-DSA-SHAKE-256f"); 554| 0| case 0x924D8: ------------------ | Branch (554:7): [True: 0, False: 14.0k] ------------------ 555| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 4, 1}, "ML-KEM-512"); 556| 0| case 0x924D9: ------------------ | Branch (556:7): [True: 0, False: 14.0k] ------------------ 557| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 4, 2}, "ML-KEM-768"); 558| 0| case 0x924DA: ------------------ | Branch (558:7): [True: 0, False: 14.0k] ------------------ 559| 0| return if_match(oid, {2, 16, 840, 1, 101, 3, 4, 4, 3}, "ML-KEM-1024"); 560| 0| case 0x9479F: ------------------ | Branch (560:7): [True: 0, False: 14.0k] ------------------ 561| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 1, 1}, "PKIX.AuthorityInformationAccess"); 562| 0| case 0x947A5: ------------------ | Branch (562:7): [True: 0, False: 14.0k] ------------------ 563| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 1, 7}, "PKIX.IpAddrBlocks"); 564| 0| case 0x947A6: ------------------ | Branch (564:7): [True: 0, False: 14.0k] ------------------ 565| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 1, 8}, "PKIX.AutonomousSysIds"); 566| 0| case 0x947B8: ------------------ | Branch (566:7): [True: 0, False: 14.0k] ------------------ 567| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 1, 26}, "PKIX.TNAuthList"); 568| 0| case 0x94921: ------------------ | Branch (568:7): [True: 0, False: 14.0k] ------------------ 569| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 1}, "PKIX.ServerAuth"); 570| 0| case 0x94922: ------------------ | Branch (570:7): [True: 0, False: 14.0k] ------------------ 571| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 2}, "PKIX.ClientAuth"); 572| 0| case 0x94923: ------------------ | Branch (572:7): [True: 0, False: 14.0k] ------------------ 573| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 3}, "PKIX.CodeSigning"); 574| 0| case 0x94924: ------------------ | Branch (574:7): [True: 0, False: 14.0k] ------------------ 575| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 4}, "PKIX.EmailProtection"); 576| 0| case 0x94925: ------------------ | Branch (576:7): [True: 0, False: 14.0k] ------------------ 577| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 5}, "PKIX.IPsecEndSystem"); 578| 0| case 0x94926: ------------------ | Branch (578:7): [True: 0, False: 14.0k] ------------------ 579| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 6}, "PKIX.IPsecTunnel"); 580| 0| case 0x94927: ------------------ | Branch (580:7): [True: 0, False: 14.0k] ------------------ 581| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 7}, "PKIX.IPsecUser"); 582| 0| case 0x94928: ------------------ | Branch (582:7): [True: 0, False: 14.0k] ------------------ 583| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 8}, "PKIX.TimeStamping"); 584| 0| case 0x94929: ------------------ | Branch (584:7): [True: 0, False: 14.0k] ------------------ 585| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 3, 9}, "PKIX.OCSPSigning"); 586| 0| case 0x94CEA: ------------------ | Branch (586:7): [True: 0, False: 14.0k] ------------------ 587| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 8, 5}, "PKIX.XMPPAddr"); 588| 0| case 0x94CEE: ------------------ | Branch (588:7): [True: 0, False: 14.0k] ------------------ 589| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 8, 9}, "PKIX.SmtpUTF8Mailbox"); 590| 0| case 0x954DB: ------------------ | Branch (590:7): [True: 0, False: 14.0k] ------------------ 591| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 311, 20, 2, 2}, "Microsoft SmartcardLogon"); 592| 0| case 0x954DC: ------------------ | Branch (592:7): [True: 0, False: 14.0k] ------------------ 593| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 311, 20, 2, 3}, "Microsoft UPN"); 594| 0| case 0x96B0E: ------------------ | Branch (594:7): [True: 0, False: 14.0k] ------------------ 595| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 48, 1}, "PKIX.OCSP"); 596| 0| case 0x96B0F: ------------------ | Branch (596:7): [True: 0, False: 14.0k] ------------------ 597| 0| return if_match(oid, {1, 3, 6, 1, 5, 5, 7, 48, 2}, "PKIX.CertificateAuthorityIssuers"); 598| 0| case 0x96C77: ------------------ | Branch (598:7): [True: 0, False: 14.0k] ------------------ 599| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 1, 3}, "PBE-SHA1-3DES"); 600| 0| case 0x96C78: ------------------ | Branch (600:7): [True: 0, False: 14.0k] ------------------ 601| 0| return if_match(oid, {1, 2, 840, 113549, 1, 12, 1, 4}, "PBE-SHA1-2DES"); 602| 0| case 0x9A008: ------------------ | Branch (602:7): [True: 0, False: 14.0k] ------------------ 603| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 1}, "brainpool160r1"); 604| 0| case 0x9A00A: ------------------ | Branch (604:7): [True: 0, False: 14.0k] ------------------ 605| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 3}, "brainpool192r1"); 606| 0| case 0x9A00C: ------------------ | Branch (606:7): [True: 0, False: 14.0k] ------------------ 607| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 5}, "brainpool224r1"); 608| 1| case 0x9A00E: ------------------ | Branch (608:7): [True: 1, False: 14.0k] ------------------ 609| 1| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 7}, "brainpool256r1"); 610| 0| case 0x9A010: ------------------ | Branch (610:7): [True: 0, False: 14.0k] ------------------ 611| 0| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 9}, "brainpool320r1"); 612| 1| case 0x9A012: ------------------ | Branch (612:7): [True: 1, False: 14.0k] ------------------ 613| 1| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 11}, "brainpool384r1"); 614| 1| case 0x9A014: ------------------ | Branch (614:7): [True: 1, False: 14.0k] ------------------ 615| 1| return if_match(oid, {1, 3, 36, 3, 3, 2, 8, 1, 1, 13}, "brainpool512r1"); 616| 0| case 0xA0D61: ------------------ | Branch (616:7): [True: 0, False: 14.0k] ------------------ 617| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 3}, "McEliece"); 618| 0| case 0xA0D63: ------------------ | Branch (618:7): [True: 0, False: 14.0k] ------------------ 619| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 5}, "XMSS-draft6"); 620| 0| case 0xA0D66: ------------------ | Branch (620:7): [True: 0, False: 14.0k] ------------------ 621| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 8}, "XMSS-draft12"); 622| 0| case 0xA0D6B: ------------------ | Branch (622:7): [True: 0, False: 14.0k] ------------------ 623| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 1, 13}, "HSS-LMS-Private-Key"); 624| 0| case 0xA0EE1: ------------------ | Branch (624:7): [True: 0, False: 14.0k] ------------------ 625| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 1}, "Serpent/CBC"); 626| 0| case 0xA0EE2: ------------------ | Branch (626:7): [True: 0, False: 14.0k] ------------------ 627| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 2}, "Threefish-512/CBC"); 628| 0| case 0xA0EE3: ------------------ | Branch (628:7): [True: 0, False: 14.0k] ------------------ 629| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 3}, "Twofish/CBC"); 630| 0| case 0xA0F45: ------------------ | Branch (630:7): [True: 0, False: 14.0k] ------------------ 631| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 101}, "Serpent/GCM"); 632| 0| case 0xA0F46: ------------------ | Branch (632:7): [True: 0, False: 14.0k] ------------------ 633| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 3, 102}, "Twofish/GCM"); 634| 0| case 0xA0FA2: ------------------ | Branch (634:7): [True: 0, False: 14.0k] ------------------ 635| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 4, 1}, "numsp256d1"); 636| 0| case 0xA0FA3: ------------------ | Branch (636:7): [True: 0, False: 14.0k] ------------------ 637| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 4, 2}, "numsp384d1"); 638| 0| case 0xA0FA4: ------------------ | Branch (638:7): [True: 0, False: 14.0k] ------------------ 639| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 25258, 4, 3}, "numsp512d1"); 640| 0| case 0xA244B: ------------------ | Branch (640:7): [True: 0, False: 14.0k] ------------------ 641| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 1}, "ClassicMcEliece_348864"); 642| 0| case 0xA244C: ------------------ | Branch (642:7): [True: 0, False: 14.0k] ------------------ 643| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 2}, "ClassicMcEliece_348864f"); 644| 0| case 0xA244D: ------------------ | Branch (644:7): [True: 0, False: 14.0k] ------------------ 645| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 3}, "ClassicMcEliece_460896"); 646| 0| case 0xA244E: ------------------ | Branch (646:7): [True: 0, False: 14.0k] ------------------ 647| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 4}, "ClassicMcEliece_460896f"); 648| 0| case 0xA244F: ------------------ | Branch (648:7): [True: 0, False: 14.0k] ------------------ 649| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 5}, "ClassicMcEliece_6688128"); 650| 0| case 0xA2450: ------------------ | Branch (650:7): [True: 0, False: 14.0k] ------------------ 651| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 6}, "ClassicMcEliece_6688128f"); 652| 0| case 0xA2451: ------------------ | Branch (652:7): [True: 0, False: 14.0k] ------------------ 653| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 7}, "ClassicMcEliece_6960119"); 654| 0| case 0xA2452: ------------------ | Branch (654:7): [True: 0, False: 14.0k] ------------------ 655| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 8}, "ClassicMcEliece_6960119f"); 656| 0| case 0xA2453: ------------------ | Branch (656:7): [True: 0, False: 14.0k] ------------------ 657| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 9}, "ClassicMcEliece_8192128"); 658| 0| case 0xA2454: ------------------ | Branch (658:7): [True: 0, False: 14.0k] ------------------ 659| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 22554, 5, 1, 10}, "ClassicMcEliece_8192128f"); 660| 0| case 0xAF989: ------------------ | Branch (660:7): [True: 0, False: 14.0k] ------------------ 661| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 1}, "RSA"); 662| 0| case 0xAF98A: ------------------ | Branch (662:7): [True: 0, False: 14.0k] ------------------ 663| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 2}, "RSA/PKCS1v15(MD2)"); 664| 0| case 0xAF98C: ------------------ | Branch (664:7): [True: 0, False: 14.0k] ------------------ 665| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 4}, "RSA/PKCS1v15(MD5)"); 666| 0| case 0xAF98D: ------------------ | Branch (666:7): [True: 0, False: 14.0k] ------------------ 667| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 5}, "RSA/PKCS1v15(SHA-1)"); 668| 0| case 0xAF98F: ------------------ | Branch (668:7): [True: 0, False: 14.0k] ------------------ 669| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 7}, "RSA/OAEP"); 670| 0| case 0xAF990: ------------------ | Branch (670:7): [True: 0, False: 14.0k] ------------------ 671| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 8}, "MGF1"); 672| 0| case 0xAF992: ------------------ | Branch (672:7): [True: 0, False: 14.0k] ------------------ 673| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 10}, "RSA/PSS"); 674| 0| case 0xAF993: ------------------ | Branch (674:7): [True: 0, False: 14.0k] ------------------ 675| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 11}, "RSA/PKCS1v15(SHA-256)"); 676| 0| case 0xAF994: ------------------ | Branch (676:7): [True: 0, False: 14.0k] ------------------ 677| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 12}, "RSA/PKCS1v15(SHA-384)"); 678| 0| case 0xAF995: ------------------ | Branch (678:7): [True: 0, False: 14.0k] ------------------ 679| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 13}, "RSA/PKCS1v15(SHA-512)"); 680| 0| case 0xAF996: ------------------ | Branch (680:7): [True: 0, False: 14.0k] ------------------ 681| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 14}, "RSA/PKCS1v15(SHA-224)"); 682| 0| case 0xAF998: ------------------ | Branch (682:7): [True: 0, False: 14.0k] ------------------ 683| 0| return if_match(oid, {1, 2, 840, 113549, 1, 1, 16}, "RSA/PKCS1v15(SHA-512-256)"); 684| 0| case 0xAFC98: ------------------ | Branch (684:7): [True: 0, False: 14.0k] ------------------ 685| 0| return if_match(oid, {1, 2, 840, 113549, 1, 5, 12}, "PKCS5.PBKDF2"); 686| 0| case 0xAFC99: ------------------ | Branch (686:7): [True: 0, False: 14.0k] ------------------ 687| 0| return if_match(oid, {1, 2, 840, 113549, 1, 5, 13}, "PBE-PKCS5v20"); 688| 0| case 0xAFE0F: ------------------ | Branch (688:7): [True: 0, False: 14.0k] ------------------ 689| 0| return if_match(oid, {1, 2, 840, 113549, 1, 7, 1}, "PKCS7.Data"); 690| 0| case 0xAFE14: ------------------ | Branch (690:7): [True: 0, False: 14.0k] ------------------ 691| 0| return if_match(oid, {1, 2, 840, 113549, 1, 7, 6}, "PKCS7.EncryptedData"); 692| 0| case 0xAFF91: ------------------ | Branch (692:7): [True: 0, False: 14.0k] ------------------ 693| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 1}, "PKCS9.EmailAddress"); 694| 0| case 0xAFF92: ------------------ | Branch (694:7): [True: 0, False: 14.0k] ------------------ 695| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 2}, "PKCS9.UnstructuredName"); 696| 0| case 0xAFF93: ------------------ | Branch (696:7): [True: 0, False: 14.0k] ------------------ 697| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 3}, "PKCS9.ContentType"); 698| 0| case 0xAFF94: ------------------ | Branch (698:7): [True: 0, False: 14.0k] ------------------ 699| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 4}, "PKCS9.MessageDigest"); 700| 0| case 0xAFF97: ------------------ | Branch (700:7): [True: 0, False: 14.0k] ------------------ 701| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 7}, "PKCS9.ChallengePassword"); 702| 0| case 0xAFF9E: ------------------ | Branch (702:7): [True: 0, False: 14.0k] ------------------ 703| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 14}, "PKCS9.ExtensionRequest"); 704| 0| case 0xAFFA4: ------------------ | Branch (704:7): [True: 0, False: 14.0k] ------------------ 705| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 20}, "PKCS9.FriendlyName"); 706| 0| case 0xAFFA5: ------------------ | Branch (706:7): [True: 0, False: 14.0k] ------------------ 707| 0| return if_match(oid, {1, 2, 840, 113549, 1, 9, 21}, "PKCS9.LocalKeyId"); 708| 0| case 0xC0226: ------------------ | Branch (708:7): [True: 0, False: 14.0k] ------------------ 709| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 11591, 4, 11}, "Scrypt"); 710| 0| case 0xC0A67: ------------------ | Branch (710:7): [True: 0, False: 14.0k] ------------------ 711| 0| return if_match(oid, {1, 3, 6, 1, 4, 1, 11591, 15, 1}, "OpenPGP.Ed25519"); 712| 0| case 0xC4CE5: ------------------ | Branch (712:7): [True: 0, False: 14.0k] ------------------ 713| 0| return if_match(oid, {1, 2, 643, 100, 1}, "GOST.OGRN"); 714| 0| case 0xC4D53: ------------------ | Branch (714:7): [True: 0, False: 14.0k] ------------------ 715| 0| return if_match(oid, {1, 2, 643, 100, 111}, "GOST.SubjectSigningTool"); 716| 0| case 0xC4D54: ------------------ | Branch (716:7): [True: 0, False: 14.0k] ------------------ 717| 0| return if_match(oid, {1, 2, 643, 100, 112}, "GOST.IssuerSigningTool"); 718| 0| case 0xC9C50: ------------------ | Branch (718:7): [True: 0, False: 14.0k] ------------------ 719| 0| return if_match(oid, {1, 2, 840, 10045, 3, 1, 1}, "secp192r1"); 720| 0| case 0xC9C51: ------------------ | Branch (720:7): [True: 0, False: 14.0k] ------------------ 721| 0| return if_match(oid, {1, 2, 840, 10045, 3, 1, 2}, "x962_p192v2"); 722| 0| case 0xC9C52: ------------------ | Branch (722:7): [True: 0, False: 14.0k] ------------------ 723| 0| return if_match(oid, {1, 2, 840, 10045, 3, 1, 3}, "x962_p192v3"); 724| 0| case 0xC9C53: ------------------ | Branch (724:7): [True: 0, False: 14.0k] ------------------ 725| 0| return if_match(oid, {1, 2, 840, 10045, 3, 1, 4}, "x962_p239v1"); 726| 0| case 0xC9C54: ------------------ | Branch (726:7): [True: 0, False: 14.0k] ------------------ 727| 0| return if_match(oid, {1, 2, 840, 10045, 3, 1, 5}, "x962_p239v2"); 728| 0| case 0xC9C55: ------------------ | Branch (728:7): [True: 0, False: 14.0k] ------------------ 729| 0| return if_match(oid, {1, 2, 840, 10045, 3, 1, 6}, "x962_p239v3"); 730| 1| case 0xC9C56: ------------------ | Branch (730:7): [True: 1, False: 14.0k] ------------------ 731| 1| return if_match(oid, {1, 2, 840, 10045, 3, 1, 7}, "secp256r1"); 732| 0| case 0xCFA13: ------------------ | Branch (732:7): [True: 0, False: 14.0k] ------------------ 733| 0| return if_match(oid, {1, 2, 840, 10040, 4, 1}, "DSA"); 734| 0| case 0xCFA15: ------------------ | Branch (734:7): [True: 0, False: 14.0k] ------------------ 735| 0| return if_match(oid, {1, 2, 840, 10040, 4, 3}, "DSA/SHA-1"); 736| 0| default: ------------------ | Branch (736:7): [True: 0, False: 14.0k] ------------------ 737| 0| return {}; 738| 14.0k| } 739| 14.0k|} _ZN5Botan7OID_Map22lookup_static_oid_nameENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 742| 32.2k|std::optional OID_Map::lookup_static_oid_name(std::string_view req) { 743| 32.2k| const uint32_t hc = hash_oid_name(req); 744| | 745| 32.2k| switch(hc) { 746| 0| case 0x00545: ------------------ | Branch (746:7): [True: 0, False: 32.2k] ------------------ 747| 0| return if_match(req, "Twofish/GCM", {1, 3, 6, 1, 4, 1, 25258, 3, 102}); 748| 0| case 0x00CF3: ------------------ | Branch (748:7): [True: 0, False: 32.2k] ------------------ 749| 0| return if_match(req, "SphincsPlus-sha2-192f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 4}); 750| 0| case 0x015FE: ------------------ | Branch (750:7): [True: 0, False: 32.2k] ------------------ 751| 0| return if_match(req, "FrodoKEM-640-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 14, 1}); 752| 0| case 0x01F9E: ------------------ | Branch (752:7): [True: 0, False: 32.2k] ------------------ 753| 0| return if_match(req, "MD5", {1, 2, 840, 113549, 2, 5}); 754| 0| case 0x02293: ------------------ | Branch (754:7): [True: 0, False: 32.2k] ------------------ 755| 0| return if_match(req, "SphincsPlus-shake-192f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 4}); 756| 0| case 0x02B93: ------------------ | Branch (756:7): [True: 0, False: 32.2k] ------------------ 757| 0| return if_match(req, "Microsoft SmartcardLogon", {1, 3, 6, 1, 4, 1, 311, 20, 2, 2}); 758| 0| case 0x041D5: ------------------ | Branch (758:7): [True: 0, False: 32.2k] ------------------ 759| 0| return if_match(req, "secp160k1", {1, 3, 132, 0, 9}); 760| 0| case 0x044B3: ------------------ | Branch (760:7): [True: 0, False: 32.2k] ------------------ 761| 0| return if_match(req, "Camellia-256/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 8}); 762| 0| case 0x048B2: ------------------ | Branch (762:7): [True: 0, False: 32.2k] ------------------ 763| 0| return if_match(req, "secp160r1", {1, 3, 132, 0, 8}); 764| 0| case 0x048B3: ------------------ | Branch (764:7): [True: 0, False: 32.2k] ------------------ 765| 0| return if_match(req, "secp160r2", {1, 3, 132, 0, 30}); 766| 0| case 0x05CDA: ------------------ | Branch (766:7): [True: 0, False: 32.2k] ------------------ 767| 0| return if_match(req, "X520.Country", {2, 5, 4, 6}); 768| 0| case 0x07783: ------------------ | Branch (768:7): [True: 0, False: 32.2k] ------------------ 769| 0| return if_match(req, "PKIX.ServerAuth", {1, 3, 6, 1, 5, 5, 7, 3, 1}); 770| 0| case 0x086C7: ------------------ | Branch (770:7): [True: 0, False: 32.2k] ------------------ 771| 0| return if_match(req, "numsp384d1", {1, 3, 6, 1, 4, 1, 25258, 4, 2}); 772| 180| case 0x08A92: ------------------ | Branch (772:7): [True: 180, False: 32.0k] ------------------ 773| 180| return if_match(req, "RSA/PKCS1v15(SHA-1)", {1, 2, 840, 113549, 1, 1, 5}); 774| 0| case 0x09EA0: ------------------ | Branch (774:7): [True: 0, False: 32.2k] ------------------ 775| 0| return if_match(req, "DES/CBC", {1, 3, 14, 3, 2, 7}); 776| 0| case 0x0B2D6: ------------------ | Branch (776:7): [True: 0, False: 32.2k] ------------------ 777| 0| return if_match(req, "ECDSA/SHA-3(512)", {2, 16, 840, 1, 101, 3, 4, 3, 12}); 778| 0| case 0x0BA72: ------------------ | Branch (778:7): [True: 0, False: 32.2k] ------------------ 779| 0| return if_match(req, "SphincsPlus-sha2-128s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 1}); 780| 0| case 0x0BE23: ------------------ | Branch (780:7): [True: 0, False: 32.2k] ------------------ 781| 0| return if_match(req, "ECGDSA", {1, 3, 36, 3, 3, 2, 5, 2, 1}); 782| 0| case 0x0C109: ------------------ | Branch (782:7): [True: 0, False: 32.2k] ------------------ 783| 0| return if_match(req, "PKCS9.FriendlyName", {1, 2, 840, 113549, 1, 9, 20}); 784| 0| case 0x0D012: ------------------ | Branch (784:7): [True: 0, False: 32.2k] ------------------ 785| 0| return if_match(req, "SphincsPlus-shake-128s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 1}); 786| 0| case 0x0DCE9: ------------------ | Branch (786:7): [True: 0, False: 32.2k] ------------------ 787| 0| return if_match(req, "ClassicMcEliece_8192128f", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 10}); 788| 0| case 0x0E52A: ------------------ | Branch (788:7): [True: 0, False: 32.2k] ------------------ 789| 0| return if_match(req, "numsp512d1", {1, 3, 6, 1, 4, 1, 25258, 4, 3}); 790| 0| case 0x0F9CC: ------------------ | Branch (790:7): [True: 0, False: 32.2k] ------------------ 791| 0| return if_match(req, "PKCS9.UnstructuredName", {1, 2, 840, 113549, 1, 9, 2}); 792| 0| case 0x0FF45: ------------------ | Branch (792:7): [True: 0, False: 32.2k] ------------------ 793| 0| return if_match(req, "Camellia-256/GCM", {0, 3, 4401, 5, 3, 1, 9, 46}); 794| 0| case 0x1033D: ------------------ | Branch (794:7): [True: 0, False: 32.2k] ------------------ 795| 0| return if_match(req, "DSA/SHA-3(384)", {2, 16, 840, 1, 101, 3, 4, 3, 7}); 796| 0| case 0x1139D: ------------------ | Branch (796:7): [True: 0, False: 32.2k] ------------------ 797| 0| return if_match(req, "secp192k1", {1, 3, 132, 0, 31}); 798| 0| case 0x113D6: ------------------ | Branch (798:7): [True: 0, False: 32.2k] ------------------ 799| 0| return if_match(req, "X520.DNQualifier", {2, 5, 4, 46}); 800| 0| case 0x11A7A: ------------------ | Branch (800:7): [True: 0, False: 32.2k] ------------------ 801| 0| return if_match(req, "secp192r1", {1, 2, 840, 10045, 3, 1, 1}); 802| 0| case 0x12096: ------------------ | Branch (802:7): [True: 0, False: 32.2k] ------------------ 803| 0| return if_match(req, "SM2_Kex", {1, 2, 156, 10197, 1, 301, 2}); 804| 0| case 0x13FC1: ------------------ | Branch (804:7): [True: 0, False: 32.2k] ------------------ 805| 0| return if_match(req, "X520.GenerationalQualifier", {2, 5, 4, 44}); 806| 0| case 0x1445B: ------------------ | Branch (806:7): [True: 0, False: 32.2k] ------------------ 807| 0| return if_match(req, "PKCS5.PBKDF2", {1, 2, 840, 113549, 1, 5, 12}); 808| 0| case 0x1495D: ------------------ | Branch (808:7): [True: 0, False: 32.2k] ------------------ 809| 0| return if_match(req, "eFrodoKEM-1344-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 17, 3}); 810| 0| case 0x14E30: ------------------ | Branch (810:7): [True: 0, False: 32.2k] ------------------ 811| 0| return if_match(req, "ClassicMcEliece_460896", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 3}); 812| 0| case 0x14FB1: ------------------ | Branch (812:7): [True: 0, False: 32.2k] ------------------ 813| 0| return if_match(req, "XMSS-draft12", {1, 3, 6, 1, 4, 1, 25258, 1, 8}); 814| 0| case 0x156E3: ------------------ | Branch (814:7): [True: 0, False: 32.2k] ------------------ 815| 0| return if_match(req, "Compression.Zlib", {1, 2, 840, 113549, 1, 9, 16, 3, 8}); 816| 0| case 0x1579E: ------------------ | Branch (816:7): [True: 0, False: 32.2k] ------------------ 817| 0| return if_match(req, "Streebog-512", {1, 2, 643, 7, 1, 1, 2, 3}); 818| 0| case 0x1701A: ------------------ | Branch (818:7): [True: 0, False: 32.2k] ------------------ 819| 0| return if_match(req, "X509v3.AnyExtendedKeyUsage", {2, 5, 29, 37, 0}); 820| 0| case 0x175EF: ------------------ | Branch (820:7): [True: 0, False: 32.2k] ------------------ 821| 0| return if_match(req, "Kyber-1024-90s-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 11, 3}); 822| 0| case 0x17709: ------------------ | Branch (822:7): [True: 0, False: 32.2k] ------------------ 823| 0| return if_match(req, "X520.GivenName", {2, 5, 4, 42}); 824| 0| case 0x17AD9: ------------------ | Branch (824:7): [True: 0, False: 32.2k] ------------------ 825| 0| return if_match(req, "RSA/PKCS1v15(SM3)", {1, 2, 156, 10197, 1, 504}); 826| 0| case 0x17CE2: ------------------ | Branch (826:7): [True: 0, False: 32.2k] ------------------ 827| 0| return if_match(req, "SLH-DSA-SHA2-256f", {2, 16, 840, 1, 101, 3, 4, 3, 25}); 828| 0| case 0x17CEF: ------------------ | Branch (828:7): [True: 0, False: 32.2k] ------------------ 829| 0| return if_match(req, "SLH-DSA-SHA2-256s", {2, 16, 840, 1, 101, 3, 4, 3, 24}); 830| 0| case 0x18618: ------------------ | Branch (830:7): [True: 0, False: 32.2k] ------------------ 831| 0| return if_match(req, "FrodoKEM-976-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 15, 2}); 832| 0| case 0x19480: ------------------ | Branch (832:7): [True: 0, False: 32.2k] ------------------ 833| 0| return if_match(req, "eFrodoKEM-1344-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 16, 3}); 834| 0| case 0x1958A: ------------------ | Branch (834:7): [True: 0, False: 32.2k] ------------------ 835| 0| return if_match(req, "X509v3.InvalidityDate", {2, 5, 29, 24}); 836| 0| case 0x19851: ------------------ | Branch (836:7): [True: 0, False: 32.2k] ------------------ 837| 0| return if_match(req, "DSA/SHA-1", {1, 2, 840, 10040, 4, 3}); 838| 0| case 0x1B2E7: ------------------ | Branch (838:7): [True: 0, False: 32.2k] ------------------ 839| 0| return if_match(req, "KeyWrap.AES-128", {2, 16, 840, 1, 101, 3, 4, 1, 5}); 840| 0| case 0x1B9BE: ------------------ | Branch (840:7): [True: 0, False: 32.2k] ------------------ 841| 0| return if_match(req, "KeyWrap.AES-192", {2, 16, 840, 1, 101, 3, 4, 1, 25}); 842| 0| case 0x1D439: ------------------ | Branch (842:7): [True: 0, False: 32.2k] ------------------ 843| 0| return if_match(req, "SphincsPlus-haraka-192f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 4}); 844| 0| case 0x2065B: ------------------ | Branch (844:7): [True: 0, False: 32.2k] ------------------ 845| 0| return if_match(req, "KeyWrap.CAST-128", {1, 2, 840, 113533, 7, 66, 15}); 846| 0| case 0x216A0: ------------------ | Branch (846:7): [True: 0, False: 32.2k] ------------------ 847| 0| return if_match(req, "ML-KEM-512", {2, 16, 840, 1, 101, 3, 4, 4, 1}); 848| 0| case 0x2216B: ------------------ | Branch (848:7): [True: 0, False: 32.2k] ------------------ 849| 0| return if_match(req, "GOST-34.10-2012-512", {1, 2, 643, 7, 1, 1, 1, 2}); 850| 0| case 0x22C2C: ------------------ | Branch (850:7): [True: 0, False: 32.2k] ------------------ 851| 0| return if_match(req, "ElGamal", {1, 3, 6, 1, 4, 1, 3029, 1, 2, 1}); 852| 0| case 0x2559A: ------------------ | Branch (852:7): [True: 0, False: 32.2k] ------------------ 853| 0| return if_match(req, "X520.Initials", {2, 5, 4, 43}); 854| 0| case 0x271AC: ------------------ | Branch (854:7): [True: 0, False: 32.2k] ------------------ 855| 0| return if_match(req, "PKIX.AutonomousSysIds", {1, 3, 6, 1, 5, 5, 7, 1, 8}); 856| 0| case 0x2808B: ------------------ | Branch (856:7): [True: 0, False: 32.2k] ------------------ 857| 0| return if_match(req, "PKCS7.Data", {1, 2, 840, 113549, 1, 7, 1}); 858| 0| case 0x281B8: ------------------ | Branch (858:7): [True: 0, False: 32.2k] ------------------ 859| 0| return if_match(req, "SphincsPlus-haraka-128s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 1}); 860| 0| case 0x29999: ------------------ | Branch (860:7): [True: 0, False: 32.2k] ------------------ 861| 0| return if_match(req, "DSA/SHA-3(256)", {2, 16, 840, 1, 101, 3, 4, 3, 6}); 862| 0| case 0x2A83D: ------------------ | Branch (862:7): [True: 0, False: 32.2k] ------------------ 863| 0| return if_match(req, "SHA-224", {2, 16, 840, 1, 101, 3, 4, 2, 4}); 864| 2.59k| case 0x2AB30: ------------------ | Branch (864:7): [True: 2.59k, False: 29.6k] ------------------ 865| 2.59k| return if_match(req, "SHA-256", {2, 16, 840, 1, 101, 3, 4, 2, 1}); 866| 0| case 0x2ABEF: ------------------ | Branch (866:7): [True: 0, False: 32.2k] ------------------ 867| 0| return if_match(req, "KeyWrap.AES-256", {2, 16, 840, 1, 101, 3, 4, 1, 45}); 868| 0| case 0x2BAEF: ------------------ | Branch (868:7): [True: 0, False: 32.2k] ------------------ 869| 0| return if_match(req, "SM2_Sig/SM3", {1, 2, 156, 10197, 1, 501}); 870| 0| case 0x2C39A: ------------------ | Branch (870:7): [True: 0, False: 32.2k] ------------------ 871| 0| return if_match(req, "ECGDSA/RIPEMD-160", {1, 3, 36, 3, 3, 2, 5, 4, 1}); 872| 0| case 0x2C54F: ------------------ | Branch (872:7): [True: 0, False: 32.2k] ------------------ 873| 0| return if_match(req, "ECDSA/SHA-3(224)", {2, 16, 840, 1, 101, 3, 4, 3, 9}); 874| 0| case 0x2EEA6: ------------------ | Branch (874:7): [True: 0, False: 32.2k] ------------------ 875| 0| return if_match(req, "RSA/PKCS1v15(RIPEMD-160)", {1, 3, 36, 3, 3, 1, 2}); 876| 0| case 0x2EFBA: ------------------ | Branch (876:7): [True: 0, False: 32.2k] ------------------ 877| 0| return if_match(req, "Kyber-512-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 7, 1}); 878| 0| case 0x2F0AD: ------------------ | Branch (878:7): [True: 0, False: 32.2k] ------------------ 879| 0| return if_match(req, "PKCS7.EncryptedData", {1, 2, 840, 113549, 1, 7, 6}); 880| 0| case 0x2F219: ------------------ | Branch (880:7): [True: 0, False: 32.2k] ------------------ 881| 0| return if_match(req, "PBE-SHA1-2DES", {1, 2, 840, 113549, 1, 12, 1, 4}); 882| 0| case 0x3133E: ------------------ | Branch (882:7): [True: 0, False: 32.2k] ------------------ 883| 0| return if_match(req, "SLH-DSA-SHA2-128f", {2, 16, 840, 1, 101, 3, 4, 3, 21}); 884| 0| case 0x3134B: ------------------ | Branch (884:7): [True: 0, False: 32.2k] ------------------ 885| 0| return if_match(req, "SLH-DSA-SHA2-128s", {2, 16, 840, 1, 101, 3, 4, 3, 20}); 886| 0| case 0x3160D: ------------------ | Branch (886:7): [True: 0, False: 32.2k] ------------------ 887| 0| return if_match(req, "RSA/PKCS1v15(SHA-3(224))", {2, 16, 840, 1, 101, 3, 4, 3, 13}); 888| 0| case 0x319E0: ------------------ | Branch (888:7): [True: 0, False: 32.2k] ------------------ 889| 0| return if_match(req, "GOST-34.10-2012-256/Streebog-256", {1, 2, 643, 7, 1, 1, 3, 2}); 890| 0| case 0x31B3D: ------------------ | Branch (890:7): [True: 0, False: 32.2k] ------------------ 891| 0| return if_match(req, "HMAC(SHA-512)", {1, 2, 840, 113549, 2, 11}); 892| 869| case 0x31C6D: ------------------ | Branch (892:7): [True: 869, False: 31.3k] ------------------ 893| 869| return if_match(req, "secp384r1", {1, 3, 132, 0, 34}); 894| 0| case 0x32899: ------------------ | Branch (894:7): [True: 0, False: 32.2k] ------------------ 895| 0| return if_match(req, "TripleDES/CBC", {1, 2, 840, 113549, 3, 7}); 896| 0| case 0x33C9C: ------------------ | Branch (896:7): [True: 0, False: 32.2k] ------------------ 897| 0| return if_match(req, "PKIX.SmtpUTF8Mailbox", {1, 3, 6, 1, 5, 5, 7, 8, 9}); 898| 0| case 0x33D04: ------------------ | Branch (898:7): [True: 0, False: 32.2k] ------------------ 899| 0| return if_match(req, "PKCS12.SecretBag", {1, 2, 840, 113549, 1, 12, 10, 1, 5}); 900| 0| case 0x3615D: ------------------ | Branch (900:7): [True: 0, False: 32.2k] ------------------ 901| 0| return if_match(req, "FrodoKEM-976-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 14, 2}); 902| 0| case 0x361B8: ------------------ | Branch (902:7): [True: 0, False: 32.2k] ------------------ 903| 0| return if_match(req, "Ed25519", {1, 3, 101, 112}); 904| 0| case 0x3649D: ------------------ | Branch (904:7): [True: 0, False: 32.2k] ------------------ 905| 0| return if_match(req, "SHAKE-128", {2, 16, 840, 1, 101, 3, 4, 2, 11}); 906| 0| case 0x36693: ------------------ | Branch (906:7): [True: 0, False: 32.2k] ------------------ 907| 0| return if_match(req, "ClassicMcEliece_348864", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 1}); 908| 0| case 0x373C7: ------------------ | Branch (908:7): [True: 0, False: 32.2k] ------------------ 909| 0| return if_match(req, "ML-DSA-4x4", {2, 16, 840, 1, 101, 3, 4, 3, 17}); 910| 0| case 0x3750B: ------------------ | Branch (910:7): [True: 0, False: 32.2k] ------------------ 911| 0| return if_match(req, "ClassicMcEliece_8192128", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 9}); 912| 0| case 0x39890: ------------------ | Branch (912:7): [True: 0, False: 32.2k] ------------------ 913| 0| return if_match(req, "Ed448", {1, 3, 101, 113}); 914| 3.48k| case 0x3A438: ------------------ | Branch (914:7): [True: 3.48k, False: 28.7k] ------------------ 915| 3.48k| return if_match(req, "SHA-384", {2, 16, 840, 1, 101, 3, 4, 2, 2}); 916| 0| case 0x3A963: ------------------ | Branch (916:7): [True: 0, False: 32.2k] ------------------ 917| 0| return if_match(req, "DH", {1, 2, 840, 10046, 2, 1}); 918| 6.26k| case 0x3AC83: ------------------ | Branch (918:7): [True: 6.26k, False: 25.9k] ------------------ 919| 6.26k| return if_match(req, "MGF1", {1, 2, 840, 113549, 1, 1, 8}); 920| 0| case 0x3ACBA: ------------------ | Branch (920:7): [True: 0, False: 32.2k] ------------------ 921| 0| return if_match(req, "X509v3.IssuerAlternativeName", {2, 5, 29, 18}); 922| 0| case 0x3B273: ------------------ | Branch (922:7): [True: 0, False: 32.2k] ------------------ 923| 0| return if_match(req, "KeyWrap.TripleDES", {1, 2, 840, 113549, 1, 9, 16, 3, 6}); 924| 0| case 0x3B91E: ------------------ | Branch (924:7): [True: 0, False: 32.2k] ------------------ 925| 0| return if_match(req, "X509v3.PrivateKeyUsagePeriod", {2, 5, 29, 16}); 926| 0| case 0x3BC8A: ------------------ | Branch (926:7): [True: 0, False: 32.2k] ------------------ 927| 0| return if_match(req, "SLH-DSA-SHAKE-192f", {2, 16, 840, 1, 101, 3, 4, 3, 29}); 928| 0| case 0x3BC97: ------------------ | Branch (928:7): [True: 0, False: 32.2k] ------------------ 929| 0| return if_match(req, "SLH-DSA-SHAKE-192s", {2, 16, 840, 1, 101, 3, 4, 3, 28}); 930| 0| case 0x3D127: ------------------ | Branch (930:7): [True: 0, False: 32.2k] ------------------ 931| 0| return if_match(req, "DSA", {1, 2, 840, 10040, 4, 1}); 932| 0| case 0x3E249: ------------------ | Branch (932:7): [True: 0, False: 32.2k] ------------------ 933| 0| return if_match(req, "HSS-LMS", {1, 2, 840, 113549, 1, 9, 16, 3, 17}); 934| 0| case 0x3E7D5: ------------------ | Branch (934:7): [True: 0, False: 32.2k] ------------------ 935| 0| return if_match(req, "RSA/PKCS1v15(SHA-3(256))", {2, 16, 840, 1, 101, 3, 4, 3, 14}); 936| 0| case 0x3F748: ------------------ | Branch (936:7): [True: 0, False: 32.2k] ------------------ 937| 0| return if_match(req, "GOST.OGRN", {1, 2, 643, 100, 1}); 938| 0| case 0x3F99F: ------------------ | Branch (938:7): [True: 0, False: 32.2k] ------------------ 939| 0| return if_match(req, "X509v3.BasicConstraints", {2, 5, 29, 19}); 940| 0| case 0x40726: ------------------ | Branch (940:7): [True: 0, False: 32.2k] ------------------ 941| 0| return if_match(req, "SHA-3(512)", {2, 16, 840, 1, 101, 3, 4, 2, 10}); 942| 0| case 0x407BF: ------------------ | Branch (942:7): [True: 0, False: 32.2k] ------------------ 943| 0| return if_match(req, "ML-KEM-768", {2, 16, 840, 1, 101, 3, 4, 4, 2}); 944| 0| case 0x41334: ------------------ | Branch (944:7): [True: 0, False: 32.2k] ------------------ 945| 0| return if_match(req, "ECDSA/SHA-3(384)", {2, 16, 840, 1, 101, 3, 4, 3, 11}); 946| 0| case 0x42DF3: ------------------ | Branch (946:7): [True: 0, False: 32.2k] ------------------ 947| 0| return if_match(req, "X509v3.CRLDistributionPoints", {2, 5, 29, 31}); 948| 0| case 0x437FB: ------------------ | Branch (948:7): [True: 0, False: 32.2k] ------------------ 949| 0| return if_match(req, "brainpool160r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 1}); 950| 0| case 0x441F5: ------------------ | Branch (950:7): [True: 0, False: 32.2k] ------------------ 951| 0| return if_match(req, "gost_256A", {1, 2, 643, 7, 1, 2, 1, 1, 1}); 952| 0| case 0x441F6: ------------------ | Branch (952:7): [True: 0, False: 32.2k] ------------------ 953| 0| return if_match(req, "gost_256B", {1, 2, 643, 7, 1, 2, 1, 1, 2}); 954| 0| case 0x44221: ------------------ | Branch (954:7): [True: 0, False: 32.2k] ------------------ 955| 0| return if_match(req, "GOST-34.10-2012-512/Streebog-512", {1, 2, 643, 7, 1, 1, 3, 3}); 956| 0| case 0x44322: ------------------ | Branch (956:7): [True: 0, False: 32.2k] ------------------ 957| 0| return if_match(req, "ClassicMcEliece_6960119pc", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 3}); 958| 0| case 0x44973: ------------------ | Branch (958:7): [True: 0, False: 32.2k] ------------------ 959| 0| return if_match(req, "Kyber-512-90s-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 11, 1}); 960| 0| case 0x45C27: ------------------ | Branch (960:7): [True: 0, False: 32.2k] ------------------ 961| 0| return if_match(req, "RSA/PKCS1v15(SHA-512-256)", {1, 2, 840, 113549, 1, 1, 16}); 962| 0| case 0x45C85: ------------------ | Branch (962:7): [True: 0, False: 32.2k] ------------------ 963| 0| return if_match(req, "X509v3.ReasonCode", {2, 5, 29, 21}); 964| 0| case 0x45DA5: ------------------ | Branch (964:7): [True: 0, False: 32.2k] ------------------ 965| 0| return if_match(req, "SHAKE-256", {2, 16, 840, 1, 101, 3, 4, 2, 12}); 966| 0| case 0x4663C: ------------------ | Branch (966:7): [True: 0, False: 32.2k] ------------------ 967| 0| return if_match(req, "X509v3.PolicyConstraints", {2, 5, 29, 36}); 968| 0| case 0x480F7: ------------------ | Branch (968:7): [True: 0, False: 32.2k] ------------------ 969| 0| return if_match(req, "Serpent/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 4}); 970| 0| case 0x48627: ------------------ | Branch (970:7): [True: 0, False: 32.2k] ------------------ 971| 0| return if_match(req, "Dilithium-4x4-AES-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 10, 1}); 972| 0| case 0x48861: ------------------ | Branch (972:7): [True: 0, False: 32.2k] ------------------ 973| 0| return if_match(req, "ChaCha20Poly1305", {1, 2, 840, 113549, 1, 9, 16, 3, 18}); 974| 0| case 0x4A292: ------------------ | Branch (974:7): [True: 0, False: 32.2k] ------------------ 975| 0| return if_match(req, "frp256v1", {1, 2, 250, 1, 223, 101, 256, 1}); 976| 0| case 0x4A9EE: ------------------ | Branch (976:7): [True: 0, False: 32.2k] ------------------ 977| 0| return if_match(req, "ClassicMcEliece_6960119f", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 8}); 978| 0| case 0x4BF87: ------------------ | Branch (978:7): [True: 0, False: 32.2k] ------------------ 979| 0| return if_match(req, "PKIX.TNAuthList", {1, 3, 6, 1, 5, 5, 7, 1, 26}); 980| 0| case 0x4C088: ------------------ | Branch (980:7): [True: 0, False: 32.2k] ------------------ 981| 0| return if_match(req, "eFrodoKEM-976-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 17, 2}); 982| 0| case 0x4C513: ------------------ | Branch (982:7): [True: 0, False: 32.2k] ------------------ 983| 0| return if_match(req, "DSA/SHA-224", {2, 16, 840, 1, 101, 3, 4, 3, 1}); 984| 0| case 0x4C806: ------------------ | Branch (984:7): [True: 0, False: 32.2k] ------------------ 985| 0| return if_match(req, "DSA/SHA-256", {2, 16, 840, 1, 101, 3, 4, 3, 2}); 986| 0| case 0x4D740: ------------------ | Branch (986:7): [True: 0, False: 32.2k] ------------------ 987| 0| return if_match(req, "X509v3.AnyPolicy", {2, 5, 29, 32, 0}); 988| 222| case 0x4DE49: ------------------ | Branch (988:7): [True: 222, False: 31.9k] ------------------ 989| 222| return if_match(req, "RSA/PKCS1v15(SHA-512)", {1, 2, 840, 113549, 1, 1, 13}); 990| 0| case 0x4ED5D: ------------------ | Branch (990:7): [True: 0, False: 32.2k] ------------------ 991| 0| return if_match(req, "CAST-128/CBC", {1, 2, 840, 113533, 7, 66, 10}); 992| 0| case 0x4FCDC: ------------------ | Branch (992:7): [True: 0, False: 32.2k] ------------------ 993| 0| return if_match(req, "RSA", {1, 2, 840, 113549, 1, 1, 1}); 994| 0| case 0x501CB: ------------------ | Branch (994:7): [True: 0, False: 32.2k] ------------------ 995| 0| return if_match(req, "ECDSA/SHA-224", {1, 2, 840, 10045, 4, 3, 1}); 996| 0| case 0x50395: ------------------ | Branch (996:7): [True: 0, False: 32.2k] ------------------ 997| 0| return if_match(req, "GOST-34.10/GOST-R-34.11-94", {1, 2, 643, 2, 2, 3}); 998| 52| case 0x504BE: ------------------ | Branch (998:7): [True: 52, False: 32.1k] ------------------ 999| 52| return if_match(req, "ECDSA/SHA-256", {1, 2, 840, 10045, 4, 3, 2}); 1000| 0| case 0x509C3: ------------------ | Branch (1000:7): [True: 0, False: 32.2k] ------------------ 1001| 0| return if_match(req, "brainpool192r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 3}); 1002| 0| case 0x509F9: ------------------ | Branch (1002:7): [True: 0, False: 32.2k] ------------------ 1003| 0| return if_match(req, "PKCS9.ContentType", {1, 2, 840, 113549, 1, 9, 3}); 1004| 0| case 0x50B26: ------------------ | Branch (1004:7): [True: 0, False: 32.2k] ------------------ 1005| 0| return if_match(req, "FrodoKEM-640-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 15, 1}); 1006| 0| case 0x50D78: ------------------ | Branch (1006:7): [True: 0, False: 32.2k] ------------------ 1007| 0| return if_match(req, "x962_p192v2", {1, 2, 840, 10045, 3, 1, 2}); 1008| 0| case 0x50D79: ------------------ | Branch (1008:7): [True: 0, False: 32.2k] ------------------ 1009| 0| return if_match(req, "x962_p192v3", {1, 2, 840, 10045, 3, 1, 3}); 1010| 0| case 0x51DC6: ------------------ | Branch (1010:7): [True: 0, False: 32.2k] ------------------ 1011| 0| return if_match(req, "AES-128/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 1}); 1012| 0| case 0x52DB6: ------------------ | Branch (1012:7): [True: 0, False: 32.2k] ------------------ 1013| 0| return if_match(req, "HMAC(SHA-224)", {1, 2, 840, 113549, 2, 8}); 1014| 0| case 0x53E11: ------------------ | Branch (1014:7): [True: 0, False: 32.2k] ------------------ 1015| 0| return if_match(req, "FrodoKEM-1344-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 14, 3}); 1016| 0| case 0x54012: ------------------ | Branch (1016:7): [True: 0, False: 32.2k] ------------------ 1017| 0| return if_match(req, "PKIX.TimeStamping", {1, 3, 6, 1, 5, 5, 7, 3, 8}); 1018| 0| case 0x5407A: ------------------ | Branch (1018:7): [True: 0, False: 32.2k] ------------------ 1019| 0| return if_match(req, "Serpent/CBC", {1, 3, 6, 1, 4, 1, 25258, 3, 1}); 1020| 0| case 0x5576D: ------------------ | Branch (1020:7): [True: 0, False: 32.2k] ------------------ 1021| 0| return if_match(req, "SphincsPlus-sha2-128f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 2}); 1022| 0| case 0x55EF6: ------------------ | Branch (1022:7): [True: 0, False: 32.2k] ------------------ 1023| 0| return if_match(req, "AES-192/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 2}); 1024| 0| case 0x55FFA: ------------------ | Branch (1024:7): [True: 0, False: 32.2k] ------------------ 1025| 0| return if_match(req, "ML-DSA-6x5", {2, 16, 840, 1, 101, 3, 4, 3, 18}); 1026| 0| case 0x56826: ------------------ | Branch (1026:7): [True: 0, False: 32.2k] ------------------ 1027| 0| return if_match(req, "brainpool320r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 9}); 1028| 0| case 0x56D0D: ------------------ | Branch (1028:7): [True: 0, False: 32.2k] ------------------ 1029| 0| return if_match(req, "SphincsPlus-shake-128f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 2}); 1030| 0| case 0x57077: ------------------ | Branch (1030:7): [True: 0, False: 32.2k] ------------------ 1031| 0| return if_match(req, "XMSS-draft6", {1, 3, 6, 1, 4, 1, 25258, 1, 5}); 1032| 0| case 0x5818B: ------------------ | Branch (1032:7): [True: 0, False: 32.2k] ------------------ 1033| 0| return if_match(req, "ECGDSA/SHA-224", {1, 3, 36, 3, 3, 2, 5, 4, 3}); 1034| 0| case 0x5847E: ------------------ | Branch (1034:7): [True: 0, False: 32.2k] ------------------ 1035| 0| return if_match(req, "ECGDSA/SHA-256", {1, 3, 36, 3, 3, 2, 5, 4, 4}); 1036| 184| case 0x5898B: ------------------ | Branch (1036:7): [True: 184, False: 32.0k] ------------------ 1037| 184| return if_match(req, "SHA-512", {2, 16, 840, 1, 101, 3, 4, 2, 3}); 1038| 0| case 0x58991: ------------------ | Branch (1038:7): [True: 0, False: 32.2k] ------------------ 1039| 0| return if_match(req, "PKIX.OCSP.NoCheck", {1, 3, 6, 1, 5, 5, 7, 48, 1, 5}); 1040| 0| case 0x59717: ------------------ | Branch (1040:7): [True: 0, False: 32.2k] ------------------ 1041| 0| return if_match(req, "X509v3.SubjectKeyIdentifier", {2, 5, 29, 14}); 1042| 0| case 0x5A1E1: ------------------ | Branch (1042:7): [True: 0, False: 32.2k] ------------------ 1043| 0| return if_match(req, "PKCS12.KeyBag", {1, 2, 840, 113549, 1, 12, 10, 1, 1}); 1044| 0| case 0x5A570: ------------------ | Branch (1044:7): [True: 0, False: 32.2k] ------------------ 1045| 0| return if_match(req, "X520.CommonName", {2, 5, 4, 3}); 1046| 0| case 0x5A990: ------------------ | Branch (1046:7): [True: 0, False: 32.2k] ------------------ 1047| 0| return if_match(req, "ECDSA/SHA-3(256)", {2, 16, 840, 1, 101, 3, 4, 3, 10}); 1048| 0| case 0x5AB0E: ------------------ | Branch (1048:7): [True: 0, False: 32.2k] ------------------ 1049| 0| return if_match(req, "SphincsPlus-sha2-256s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 5}); 1050| 0| case 0x5AC4A: ------------------ | Branch (1050:7): [True: 0, False: 32.2k] ------------------ 1051| 0| return if_match(req, "X520.Surname", {2, 5, 4, 4}); 1052| 0| case 0x5AF2C: ------------------ | Branch (1052:7): [True: 0, False: 32.2k] ------------------ 1053| 0| return if_match(req, "ClassicMcEliece_8192128pc", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 5}); 1054| 0| case 0x5BC39: ------------------ | Branch (1054:7): [True: 0, False: 32.2k] ------------------ 1055| 0| return if_match(req, "X509v3.KeyUsage", {2, 5, 29, 15}); 1056| 0| case 0x5BDDB: ------------------ | Branch (1056:7): [True: 0, False: 32.2k] ------------------ 1057| 0| return if_match(req, "numsp256d1", {1, 3, 6, 1, 4, 1, 25258, 4, 1}); 1058| 0| case 0x5C0AE: ------------------ | Branch (1058:7): [True: 0, False: 32.2k] ------------------ 1059| 0| return if_match(req, "SphincsPlus-shake-256s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 5}); 1060| 0| case 0x5C10E: ------------------ | Branch (1060:7): [True: 0, False: 32.2k] ------------------ 1061| 0| return if_match(req, "DSA/SHA-384", {2, 16, 840, 1, 101, 3, 4, 3, 3}); 1062| 0| case 0x5CFE5: ------------------ | Branch (1062:7): [True: 0, False: 32.2k] ------------------ 1063| 0| return if_match(req, "PKCS9.X509Certificate", {1, 2, 840, 113549, 1, 9, 22, 1}); 1064| 0| case 0x5D1CF: ------------------ | Branch (1064:7): [True: 0, False: 32.2k] ------------------ 1065| 0| return if_match(req, "X520.SerialNumber", {2, 5, 4, 5}); 1066| 0| case 0x5D375: ------------------ | Branch (1066:7): [True: 0, False: 32.2k] ------------------ 1067| 0| return if_match(req, "SM4/OCB", {1, 2, 156, 10197, 1, 104, 100}); 1068| 0| case 0x5DD49: ------------------ | Branch (1068:7): [True: 0, False: 32.2k] ------------------ 1069| 0| return if_match(req, "AES-128/CBC", {2, 16, 840, 1, 101, 3, 4, 1, 2}); 1070| 0| case 0x5DE4E: ------------------ | Branch (1070:7): [True: 0, False: 32.2k] ------------------ 1071| 0| return if_match(req, "AES-128/CCM", {2, 16, 840, 1, 101, 3, 4, 1, 7}); 1072| 0| case 0x5DF23: ------------------ | Branch (1072:7): [True: 0, False: 32.2k] ------------------ 1073| 0| return if_match(req, "HMAC(SHA-512-256)", {1, 2, 840, 113549, 2, 13}); 1074| 0| case 0x5ED04: ------------------ | Branch (1074:7): [True: 0, False: 32.2k] ------------------ 1075| 0| return if_match(req, "SM2", {1, 2, 156, 10197, 1, 301, 1}); 1076| 0| case 0x5ED05: ------------------ | Branch (1076:7): [True: 0, False: 32.2k] ------------------ 1077| 0| return if_match(req, "SM3", {1, 2, 156, 10197, 1, 401}); 1078| 58| case 0x5FDC6: ------------------ | Branch (1078:7): [True: 58, False: 32.1k] ------------------ 1079| 58| return if_match(req, "ECDSA/SHA-384", {1, 2, 840, 10045, 4, 3, 3}); 1080| 0| case 0x6199F: ------------------ | Branch (1080:7): [True: 0, False: 32.2k] ------------------ 1081| 0| return if_match(req, "SHA-3(224)", {2, 16, 840, 1, 101, 3, 4, 2, 7}); 1082| 0| case 0x61E79: ------------------ | Branch (1082:7): [True: 0, False: 32.2k] ------------------ 1083| 0| return if_match(req, "AES-192/CBC", {2, 16, 840, 1, 101, 3, 4, 1, 22}); 1084| 0| case 0x61F7E: ------------------ | Branch (1084:7): [True: 0, False: 32.2k] ------------------ 1085| 0| return if_match(req, "AES-192/CCM", {2, 16, 840, 1, 101, 3, 4, 1, 27}); 1086| 0| case 0x64947: ------------------ | Branch (1086:7): [True: 0, False: 32.2k] ------------------ 1087| 0| return if_match(req, "OpenPGP.Ed25519", {1, 3, 6, 1, 4, 1, 11591, 15, 1}); 1088| 0| case 0x652E7: ------------------ | Branch (1088:7): [True: 0, False: 32.2k] ------------------ 1089| 0| return if_match(req, "sm2p256v1", {1, 2, 156, 10197, 1, 301}); 1090| 0| case 0x6697B: ------------------ | Branch (1090:7): [True: 0, False: 32.2k] ------------------ 1091| 0| return if_match(req, "FrodoKEM-1344-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 15, 3}); 1092| 0| case 0x67B2C: ------------------ | Branch (1092:7): [True: 0, False: 32.2k] ------------------ 1093| 0| return if_match(req, "X520.State", {2, 5, 4, 8}); 1094| 0| case 0x67B9B: ------------------ | Branch (1094:7): [True: 0, False: 32.2k] ------------------ 1095| 0| return if_match(req, "HMAC(SHA-384)", {1, 2, 840, 113549, 2, 10}); 1096| 0| case 0x67D86: ------------------ | Branch (1096:7): [True: 0, False: 32.2k] ------------------ 1097| 0| return if_match(req, "ECGDSA/SHA-384", {1, 3, 36, 3, 3, 2, 5, 4, 5}); 1098| 0| case 0x68A0B: ------------------ | Branch (1098:7): [True: 0, False: 32.2k] ------------------ 1099| 0| return if_match(req, "Camellia-128/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 6}); 1100| 0| case 0x68E33: ------------------ | Branch (1100:7): [True: 0, False: 32.2k] ------------------ 1101| 0| return if_match(req, "PKCS9.ExtensionRequest", {1, 2, 840, 113549, 1, 9, 14}); 1102| 7.04k| case 0x69126: ------------------ | Branch (1102:7): [True: 7.04k, False: 25.1k] ------------------ 1103| 7.04k| return if_match(req, "X509v3.SubjectAlternativeName", {2, 5, 29, 17}); 1104| 0| case 0x692F8: ------------------ | Branch (1104:7): [True: 0, False: 32.2k] ------------------ 1105| 0| return if_match(req, "SM4/CBC", {1, 2, 156, 10197, 1, 104, 2}); 1106| 0| case 0x695E1: ------------------ | Branch (1106:7): [True: 0, False: 32.2k] ------------------ 1107| 0| return if_match(req, "Dilithium-4x4-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 9, 1}); 1108| 0| case 0x696DC: ------------------ | Branch (1108:7): [True: 0, False: 32.2k] ------------------ 1109| 0| return if_match(req, "PKIX.IpAddrBlocks", {1, 3, 6, 1, 5, 5, 7, 1, 7}); 1110| 0| case 0x6A7CA: ------------------ | Branch (1110:7): [True: 0, False: 32.2k] ------------------ 1111| 0| return if_match(req, "ECDSA", {1, 2, 840, 10045, 2, 1}); 1112| 0| case 0x6BD26: ------------------ | Branch (1112:7): [True: 0, False: 32.2k] ------------------ 1113| 0| return if_match(req, "GOST.INN", {1, 2, 643, 3, 131, 1, 1}); 1114| 0| case 0x6CB3B: ------------------ | Branch (1114:7): [True: 0, False: 32.2k] ------------------ 1115| 0| return if_match(req, "Camellia-192/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 7}); 1116| 0| case 0x6E602: ------------------ | Branch (1116:7): [True: 0, False: 32.2k] ------------------ 1117| 0| return if_match(req, "Dilithium-8x7-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 9, 3}); 1118| 0| case 0x6F0C2: ------------------ | Branch (1118:7): [True: 0, False: 32.2k] ------------------ 1119| 0| return if_match(req, "RSA/PKCS1v15(SHA-224)", {1, 2, 840, 113549, 1, 1, 14}); 1120| 0| case 0x6F9F8: ------------------ | Branch (1120:7): [True: 0, False: 32.2k] ------------------ 1121| 0| return if_match(req, "PKCS12.SafeContentsBag", {1, 2, 840, 113549, 1, 12, 10, 1, 6}); 1122| 0| case 0x6FB26: ------------------ | Branch (1122:7): [True: 0, False: 32.2k] ------------------ 1123| 0| return if_match(req, "PKIX.AuthorityInformationAccess", {1, 3, 6, 1, 5, 5, 7, 1, 1}); 1124| 840| case 0x70BB6: ------------------ | Branch (1124:7): [True: 840, False: 31.3k] ------------------ 1125| 840| return if_match(req, "brainpool384r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 11}); 1126| 0| case 0x70EA6: ------------------ | Branch (1126:7): [True: 0, False: 32.2k] ------------------ 1127| 0| return if_match(req, "PKCS12.PKCS8ShroudedKeyBag", {1, 2, 840, 113549, 1, 12, 10, 1, 2}); 1128| 0| case 0x71EB3: ------------------ | Branch (1128:7): [True: 0, False: 32.2k] ------------------ 1129| 0| return if_match(req, "SphincsPlus-haraka-128f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 2}); 1130| 0| case 0x7382C: ------------------ | Branch (1130:7): [True: 0, False: 32.2k] ------------------ 1131| 0| return if_match(req, "ML-KEM-1024", {2, 16, 840, 1, 101, 3, 4, 4, 3}); 1132| 0| case 0x743BD: ------------------ | Branch (1132:7): [True: 0, False: 32.2k] ------------------ 1133| 0| return if_match(req, "AES-256/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 3}); 1134| 0| case 0x7498E: ------------------ | Branch (1134:7): [True: 0, False: 32.2k] ------------------ 1135| 0| return if_match(req, "Camellia-128/CBC", {1, 2, 392, 200011, 61, 1, 1, 1, 2}); 1136| 0| case 0x74C2E: ------------------ | Branch (1136:7): [True: 0, False: 32.2k] ------------------ 1137| 0| return if_match(req, "ML-DSA-8x7", {2, 16, 840, 1, 101, 3, 4, 3, 19}); 1138| 0| case 0x7505F: ------------------ | Branch (1138:7): [True: 0, False: 32.2k] ------------------ 1139| 0| return if_match(req, "PKIX.XMPPAddr", {1, 3, 6, 1, 5, 5, 7, 8, 5}); 1140| 0| case 0x7517A: ------------------ | Branch (1140:7): [True: 0, False: 32.2k] ------------------ 1141| 0| return if_match(req, "RSA/PKCS1v15(MD2)", {1, 2, 840, 113549, 1, 1, 2}); 1142| 0| case 0x7546B: ------------------ | Branch (1142:7): [True: 0, False: 32.2k] ------------------ 1143| 0| return if_match(req, "RSA/PKCS1v15(MD5)", {1, 2, 840, 113549, 1, 1, 4}); 1144| 0| case 0x75921: ------------------ | Branch (1144:7): [True: 0, False: 32.2k] ------------------ 1145| 0| return if_match(req, "ClassicMcEliece_348864f", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 2}); 1146| 0| case 0x76784: ------------------ | Branch (1146:7): [True: 0, False: 32.2k] ------------------ 1147| 0| return if_match(req, "SHA-3(384)", {2, 16, 840, 1, 101, 3, 4, 2, 9}); 1148| 0| case 0x768FD: ------------------ | Branch (1148:7): [True: 0, False: 32.2k] ------------------ 1149| 0| return if_match(req, "PKCS9.LocalKeyId", {1, 2, 840, 113549, 1, 9, 21}); 1150| 659| case 0x76A19: ------------------ | Branch (1150:7): [True: 659, False: 31.5k] ------------------ 1151| 659| return if_match(req, "brainpool512r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 13}); 1152| 0| case 0x77254: ------------------ | Branch (1152:7): [True: 0, False: 32.2k] ------------------ 1153| 0| return if_match(req, "SphincsPlus-haraka-256s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 5}); 1154| 0| case 0x77ADC: ------------------ | Branch (1154:7): [True: 0, False: 32.2k] ------------------ 1155| 0| return if_match(req, "secp224k1", {1, 3, 132, 0, 32}); 1156| 0| case 0x781B9: ------------------ | Branch (1156:7): [True: 0, False: 32.2k] ------------------ 1157| 0| return if_match(req, "secp224r1", {1, 3, 132, 0, 33}); 1158| 0| case 0x78ABE: ------------------ | Branch (1158:7): [True: 0, False: 32.2k] ------------------ 1159| 0| return if_match(req, "Camellia-192/CBC", {1, 2, 392, 200011, 61, 1, 1, 1, 3}); 1160| 0| case 0x792F2: ------------------ | Branch (1160:7): [True: 0, False: 32.2k] ------------------ 1161| 0| return if_match(req, "ClassicMcEliece_6688128pc", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 1}); 1162| 0| case 0x7A661: ------------------ | Branch (1162:7): [True: 0, False: 32.2k] ------------------ 1163| 0| return if_match(req, "DSA/SHA-512", {2, 16, 840, 1, 101, 3, 4, 3, 4}); 1164| 0| case 0x7A977: ------------------ | Branch (1164:7): [True: 0, False: 32.2k] ------------------ 1165| 0| return if_match(req, "X509v3.ExtendedKeyUsage", {2, 5, 29, 37}); 1166| 0| case 0x7AE67: ------------------ | Branch (1166:7): [True: 0, False: 32.2k] ------------------ 1167| 0| return if_match(req, "SM2_Enc", {1, 2, 156, 10197, 1, 301, 3}); 1168| 0| case 0x7B602: ------------------ | Branch (1168:7): [True: 0, False: 32.2k] ------------------ 1169| 0| return if_match(req, "Twofish/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 5}); 1170| 0| case 0x7B9A1: ------------------ | Branch (1170:7): [True: 0, False: 32.2k] ------------------ 1171| 0| return if_match(req, "SphincsPlus-sha2-192s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 3}); 1172| 0| case 0x7BB0A: ------------------ | Branch (1172:7): [True: 0, False: 32.2k] ------------------ 1173| 0| return if_match(req, "SLH-DSA-SHAKE-256f", {2, 16, 840, 1, 101, 3, 4, 3, 31}); 1174| 0| case 0x7BB17: ------------------ | Branch (1174:7): [True: 0, False: 32.2k] ------------------ 1175| 0| return if_match(req, "SLH-DSA-SHAKE-256s", {2, 16, 840, 1, 101, 3, 4, 3, 30}); 1176| 0| case 0x7BCF3: ------------------ | Branch (1176:7): [True: 0, False: 32.2k] ------------------ 1177| 0| return if_match(req, "PKIX.EmailProtection", {1, 3, 6, 1, 5, 5, 7, 3, 4}); 1178| 0| case 0x7CC2C: ------------------ | Branch (1178:7): [True: 0, False: 32.2k] ------------------ 1179| 0| return if_match(req, "SHA-512-256", {2, 16, 840, 1, 101, 3, 4, 2, 6}); 1180| 0| case 0x7CF41: ------------------ | Branch (1180:7): [True: 0, False: 32.2k] ------------------ 1181| 0| return if_match(req, "SphincsPlus-shake-192s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 3}); 1182| 0| case 0x7DB91: ------------------ | Branch (1182:7): [True: 0, False: 32.2k] ------------------ 1183| 0| return if_match(req, "GOST-34.10", {1, 2, 643, 2, 2, 19}); 1184| 52| case 0x7E319: ------------------ | Branch (1184:7): [True: 52, False: 32.1k] ------------------ 1185| 52| return if_match(req, "ECDSA/SHA-512", {1, 2, 840, 10045, 4, 3, 4}); 1186| 0| case 0x7E874: ------------------ | Branch (1186:7): [True: 0, False: 32.2k] ------------------ 1187| 0| return if_match(req, "ClassicMcEliece_6688128f", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 6}); 1188| 0| case 0x7EAAF: ------------------ | Branch (1188:7): [True: 0, False: 32.2k] ------------------ 1189| 0| return if_match(req, "eFrodoKEM-640-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 16, 1}); 1190| 0| case 0x7F51F: ------------------ | Branch (1190:7): [True: 0, False: 32.2k] ------------------ 1191| 0| return if_match(req, "PKIX.IPsecTunnel", {1, 3, 6, 1, 5, 5, 7, 3, 6}); 1192| 0| case 0x80272: ------------------ | Branch (1192:7): [True: 0, False: 32.2k] ------------------ 1193| 0| return if_match(req, "X520.Organization", {2, 5, 4, 10}); 1194| 0| case 0x80340: ------------------ | Branch (1194:7): [True: 0, False: 32.2k] ------------------ 1195| 0| return if_match(req, "AES-256/CBC", {2, 16, 840, 1, 101, 3, 4, 1, 42}); 1196| 0| case 0x80445: ------------------ | Branch (1196:7): [True: 0, False: 32.2k] ------------------ 1197| 0| return if_match(req, "AES-256/CCM", {2, 16, 840, 1, 101, 3, 4, 1, 47}); 1198| 0| case 0x811F7: ------------------ | Branch (1198:7): [True: 0, False: 32.2k] ------------------ 1199| 0| return if_match(req, "HMAC(SHA-256)", {1, 2, 840, 113549, 2, 9}); 1200| 0| case 0x82434: ------------------ | Branch (1200:7): [True: 0, False: 32.2k] ------------------ 1201| 0| return if_match(req, "PKCS9.X509CRL", {1, 2, 840, 113549, 1, 9, 23, 1}); 1202| 0| case 0x82B47: ------------------ | Branch (1202:7): [True: 0, False: 32.2k] ------------------ 1203| 0| return if_match(req, "Threefish-512/CBC", {1, 3, 6, 1, 4, 1, 25258, 3, 2}); 1204| 252| case 0x83EA7: ------------------ | Branch (1204:7): [True: 252, False: 31.9k] ------------------ 1205| 252| return if_match(req, "RSA/PKCS1v15(SHA-384)", {1, 2, 840, 113549, 1, 1, 12}); 1206| 0| case 0x84596: ------------------ | Branch (1206:7): [True: 0, False: 32.2k] ------------------ 1207| 0| return if_match(req, "eFrodoKEM-640-AES", {1, 3, 6, 1, 4, 1, 25258, 1, 17, 1}); 1208| 0| case 0x8469F: ------------------ | Branch (1208:7): [True: 0, False: 32.2k] ------------------ 1209| 0| return if_match(req, "ClassicMcEliece_6960119pcf", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 4}); 1210| 0| case 0x84CA4: ------------------ | Branch (1210:7): [True: 0, False: 32.2k] ------------------ 1211| 0| return if_match(req, "secp256k1", {1, 3, 132, 0, 10}); 1212| 941| case 0x85381: ------------------ | Branch (1212:7): [True: 941, False: 31.2k] ------------------ 1213| 941| return if_match(req, "secp256r1", {1, 2, 840, 10045, 3, 1, 7}); 1214| 0| case 0x854FC: ------------------ | Branch (1214:7): [True: 0, False: 32.2k] ------------------ 1215| 0| return if_match(req, "PKIX.IPsecUser", {1, 3, 6, 1, 5, 5, 7, 3, 7}); 1216| 0| case 0x85F51: ------------------ | Branch (1216:7): [True: 0, False: 32.2k] ------------------ 1217| 0| return if_match(req, "Serpent/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 4}); 1218| 0| case 0x862D9: ------------------ | Branch (1218:7): [True: 0, False: 32.2k] ------------------ 1219| 0| return if_match(req, "ECGDSA/SHA-512", {1, 3, 36, 3, 3, 2, 5, 4, 6}); 1220| 0| case 0x87585: ------------------ | Branch (1220:7): [True: 0, False: 32.2k] ------------------ 1221| 0| return if_match(req, "Twofish/CBC", {1, 3, 6, 1, 4, 1, 25258, 3, 3}); 1222| 0| case 0x877D1: ------------------ | Branch (1222:7): [True: 0, False: 32.2k] ------------------ 1223| 0| return if_match(req, "PKCS9.EmailAddress", {1, 2, 840, 113549, 1, 9, 1}); 1224| 0| case 0x87D27: ------------------ | Branch (1224:7): [True: 0, False: 32.2k] ------------------ 1225| 0| return if_match(req, "PKIX.CertificateAuthorityIssuers", {1, 3, 6, 1, 5, 5, 7, 48, 2}); 1226| 0| case 0x87E42: ------------------ | Branch (1226:7): [True: 0, False: 32.2k] ------------------ 1227| 0| return if_match(req, "X509v3.AuthorityKeyIdentifier", {2, 5, 29, 35}); 1228| 38| case 0x889B1: ------------------ | Branch (1228:7): [True: 38, False: 32.1k] ------------------ 1229| 38| return if_match(req, "ECDSA/SHA-1", {1, 2, 840, 10045, 4, 1}); 1230| 0| case 0x89658: ------------------ | Branch (1230:7): [True: 0, False: 32.2k] ------------------ 1231| 0| return if_match(req, "PBE-PKCS5v20", {1, 2, 840, 113549, 1, 5, 13}); 1232| 0| case 0x8976D: ------------------ | Branch (1232:7): [True: 0, False: 32.2k] ------------------ 1233| 0| return if_match(req, "PKCS9.MessageDigest", {1, 2, 840, 113549, 1, 9, 4}); 1234| 0| case 0x8B002: ------------------ | Branch (1234:7): [True: 0, False: 32.2k] ------------------ 1235| 0| return if_match(req, "Camellia-256/OCB", {1, 3, 6, 1, 4, 1, 25258, 3, 2, 8}); 1236| 0| case 0x8B935: ------------------ | Branch (1236:7): [True: 0, False: 32.2k] ------------------ 1237| 0| return if_match(req, "ClassicMcEliece_6688128", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 5}); 1238| 0| case 0x8BB11: ------------------ | Branch (1238:7): [True: 0, False: 32.2k] ------------------ 1239| 0| return if_match(req, "X509v3.NoRevocationAvailable", {2, 5, 29, 56}); 1240| 0| case 0x8CE3D: ------------------ | Branch (1240:7): [True: 0, False: 32.2k] ------------------ 1241| 0| return if_match(req, "PKCS9.ChallengePassword", {1, 2, 840, 113549, 1, 9, 7}); 1242| 0| case 0x8D45C: ------------------ | Branch (1242:7): [True: 0, False: 32.2k] ------------------ 1243| 0| return if_match(req, "ECKCDSA", {1, 0, 14888, 3, 0, 5}); 1244| 0| case 0x8E0C1: ------------------ | Branch (1244:7): [True: 0, False: 32.2k] ------------------ 1245| 0| return if_match(req, "X509v3.CertificatePolicies", {2, 5, 29, 32}); 1246| 0| case 0x8E39A: ------------------ | Branch (1246:7): [True: 0, False: 32.2k] ------------------ 1247| 0| return if_match(req, "HSS-LMS-Private-Key", {1, 3, 6, 1, 4, 1, 25258, 1, 13}); 1248| 0| case 0x8EC51: ------------------ | Branch (1248:7): [True: 0, False: 32.2k] ------------------ 1249| 0| return if_match(req, "Kyber-768-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 7, 2}); 1250| 0| case 0x8F94A: ------------------ | Branch (1250:7): [True: 0, False: 32.2k] ------------------ 1251| 0| return if_match(req, "Dilithium-6x5-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 9, 2}); 1252| 0| case 0x8FC20: ------------------ | Branch (1252:7): [True: 0, False: 32.2k] ------------------ 1253| 0| return if_match(req, "AES-128/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 1}); 1254| 0| case 0x8FDE0: ------------------ | Branch (1254:7): [True: 0, False: 32.2k] ------------------ 1255| 0| return if_match(req, "SHA-3(256)", {2, 16, 840, 1, 101, 3, 4, 2, 8}); 1256| 0| case 0x919E3: ------------------ | Branch (1256:7): [True: 0, False: 32.2k] ------------------ 1257| 0| return if_match(req, "Serpent/GCM", {1, 3, 6, 1, 4, 1, 25258, 3, 101}); 1258| 0| case 0x91C1A: ------------------ | Branch (1258:7): [True: 0, False: 32.2k] ------------------ 1259| 0| return if_match(req, "X25519", {1, 3, 101, 110}); 1260| 0| case 0x91DC4: ------------------ | Branch (1260:7): [True: 0, False: 32.2k] ------------------ 1261| 0| return if_match(req, "McEliece", {1, 3, 6, 1, 4, 1, 25258, 1, 3}); 1262| 0| case 0x93467: ------------------ | Branch (1262:7): [True: 0, False: 32.2k] ------------------ 1263| 0| return if_match(req, "Dilithium-6x5-AES-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 10, 2}); 1264| 0| case 0x93D50: ------------------ | Branch (1264:7): [True: 0, False: 32.2k] ------------------ 1265| 0| return if_match(req, "AES-192/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 2}); 1266| 0| case 0x95166: ------------------ | Branch (1266:7): [True: 0, False: 32.2k] ------------------ 1267| 0| return if_match(req, "SLH-DSA-SHAKE-128f", {2, 16, 840, 1, 101, 3, 4, 3, 27}); 1268| 0| case 0x95173: ------------------ | Branch (1268:7): [True: 0, False: 32.2k] ------------------ 1269| 0| return if_match(req, "SLH-DSA-SHAKE-128s", {2, 16, 840, 1, 101, 3, 4, 3, 26}); 1270| 0| case 0x952D6: ------------------ | Branch (1270:7): [True: 0, False: 32.2k] ------------------ 1271| 0| return if_match(req, "PKIX.OCSP", {1, 3, 6, 1, 5, 5, 7, 48, 1}); 1272| 0| case 0x959B9: ------------------ | Branch (1272:7): [True: 0, False: 32.2k] ------------------ 1273| 0| return if_match(req, "PKIX.IPsecEndSystem", {1, 3, 6, 1, 5, 5, 7, 3, 5}); 1274| 0| case 0x96F85: ------------------ | Branch (1274:7): [True: 0, False: 32.2k] ------------------ 1275| 0| return if_match(req, "Camellia-256/CBC", {1, 2, 392, 200011, 61, 1, 1, 1, 4}); 1276| 0| case 0x97D5E: ------------------ | Branch (1276:7): [True: 0, False: 32.2k] ------------------ 1277| 0| return if_match(req, "HMAC(SHA-1)", {1, 2, 840, 113549, 2, 7}); 1278| 0| case 0x9805C: ------------------ | Branch (1278:7): [True: 0, False: 32.2k] ------------------ 1279| 0| return if_match(req, "SEED/CBC", {1, 2, 410, 200004, 1, 4}); 1280| 0| case 0x980E7: ------------------ | Branch (1280:7): [True: 0, False: 32.2k] ------------------ 1281| 0| return if_match(req, "SphincsPlus-haraka-192s-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 3}); 1282| 0| case 0x980F5: ------------------ | Branch (1282:7): [True: 0, False: 32.2k] ------------------ 1283| 0| return if_match(req, "GOST.SubjectSigningTool", {1, 2, 643, 100, 111}); 1284| 0| case 0x98B03: ------------------ | Branch (1284:7): [True: 0, False: 32.2k] ------------------ 1285| 0| return if_match(req, "XMSS", {0, 4, 0, 127, 0, 15, 1, 1, 13, 0}); 1286| 0| case 0x9A6B2: ------------------ | Branch (1286:7): [True: 0, False: 32.2k] ------------------ 1287| 0| return if_match(req, "ECKCDSA/SHA-1", {1, 2, 410, 200004, 1, 100, 4, 3}); 1288| 0| case 0x9B1CF: ------------------ | Branch (1288:7): [True: 0, False: 32.2k] ------------------ 1289| 0| return if_match(req, "SM4/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 9}); 1290| 0| case 0x9B6B2: ------------------ | Branch (1290:7): [True: 0, False: 32.2k] ------------------ 1291| 0| return if_match(req, "AES-128/GCM", {2, 16, 840, 1, 101, 3, 4, 1, 6}); 1292| 0| case 0x9B6BB: ------------------ | Branch (1292:7): [True: 0, False: 32.2k] ------------------ 1293| 0| return if_match(req, "X520.OrganizationalUnit", {2, 5, 4, 11}); 1294| 0| case 0x9B851: ------------------ | Branch (1294:7): [True: 0, False: 32.2k] ------------------ 1295| 0| return if_match(req, "OpenPGP.Curve25519", {1, 3, 6, 1, 4, 1, 3029, 1, 5, 1}); 1296| 0| case 0x9C80B: ------------------ | Branch (1296:7): [True: 0, False: 32.2k] ------------------ 1297| 0| return if_match(req, "SLH-DSA-SHA2-192f", {2, 16, 840, 1, 101, 3, 4, 3, 23}); 1298| 0| case 0x9C818: ------------------ | Branch (1298:7): [True: 0, False: 32.2k] ------------------ 1299| 0| return if_match(req, "SLH-DSA-SHA2-192s", {2, 16, 840, 1, 101, 3, 4, 3, 22}); 1300| 0| case 0x9CD2B: ------------------ | Branch (1300:7): [True: 0, False: 32.2k] ------------------ 1301| 0| return if_match(req, "Scrypt", {1, 3, 6, 1, 4, 1, 11591, 4, 11}); 1302| 0| case 0x9CDE1: ------------------ | Branch (1302:7): [True: 0, False: 32.2k] ------------------ 1303| 0| return if_match(req, "GOST-34.10-2012-256/SHA-256", {1, 3, 6, 1, 4, 1, 25258, 1, 6, 1}); 1304| 0| case 0x9CF73: ------------------ | Branch (1304:7): [True: 0, False: 32.2k] ------------------ 1305| 0| return if_match(req, "ClassicMcEliece_460896f", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 4}); 1306| 0| case 0x9D354: ------------------ | Branch (1306:7): [True: 0, False: 32.2k] ------------------ 1307| 0| return if_match(req, "RIPEMD-160", {1, 3, 36, 3, 2, 1}); 1308| 102| case 0x9D503: ------------------ | Branch (1308:7): [True: 102, False: 32.1k] ------------------ 1309| 102| return if_match(req, "RSA/PKCS1v15(SHA-256)", {1, 2, 840, 113549, 1, 1, 11}); 1310| 0| case 0x9EC88: ------------------ | Branch (1310:7): [True: 0, False: 32.2k] ------------------ 1311| 0| return if_match(req, "DSA/SHA-3(512)", {2, 16, 840, 1, 101, 3, 4, 3, 8}); 1312| 0| case 0x9EF36: ------------------ | Branch (1312:7): [True: 0, False: 32.2k] ------------------ 1313| 0| return if_match(req, "ClassicMcEliece_6960119", {1, 3, 6, 1, 4, 1, 22554, 5, 1, 7}); 1314| 0| case 0x9F764: ------------------ | Branch (1314:7): [True: 0, False: 32.2k] ------------------ 1315| 0| return if_match(req, "X448", {1, 3, 101, 111}); 1316| 0| case 0x9F7E2: ------------------ | Branch (1316:7): [True: 0, False: 32.2k] ------------------ 1317| 0| return if_match(req, "AES-192/GCM", {2, 16, 840, 1, 101, 3, 4, 1, 26}); 1318| 0| case 0x9F9C5: ------------------ | Branch (1318:7): [True: 0, False: 32.2k] ------------------ 1319| 0| return if_match(req, "ClassicMcEliece_6688128pcf", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 2}); 1320| 0| case 0xA0805: ------------------ | Branch (1320:7): [True: 0, False: 32.2k] ------------------ 1321| 0| return if_match(req, "PKCS9.SDSICertificate", {1, 2, 840, 113549, 1, 9, 22, 2}); 1322| 0| case 0xA2B5B: ------------------ | Branch (1322:7): [True: 0, False: 32.2k] ------------------ 1323| 0| return if_match(req, "X509v3.CRLNumber", {2, 5, 29, 20}); 1324| 0| case 0xA3005: ------------------ | Branch (1324:7): [True: 0, False: 32.2k] ------------------ 1325| 0| return if_match(req, "X520.Title", {2, 5, 4, 12}); 1326| 0| case 0xA323F: ------------------ | Branch (1326:7): [True: 0, False: 32.2k] ------------------ 1327| 0| return if_match(req, "X509v3.NameConstraints", {2, 5, 29, 30}); 1328| 0| case 0xA3C55: ------------------ | Branch (1328:7): [True: 0, False: 32.2k] ------------------ 1329| 0| return if_match(req, "X520.Pseudonym", {2, 5, 4, 65}); 1330| 0| case 0xA4809: ------------------ | Branch (1330:7): [True: 0, False: 32.2k] ------------------ 1331| 0| return if_match(req, "SphincsPlus-sha2-256f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 2, 6}); 1332| 762| case 0xA57AF: ------------------ | Branch (1332:7): [True: 762, False: 31.4k] ------------------ 1333| 762| return if_match(req, "secp521r1", {1, 3, 132, 0, 35}); 1334| 0| case 0xA5DA9: ------------------ | Branch (1334:7): [True: 0, False: 32.2k] ------------------ 1335| 0| return if_match(req, "SphincsPlus-shake-256f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 1, 6}); 1336| 0| case 0xA6865: ------------------ | Branch (1336:7): [True: 0, False: 32.2k] ------------------ 1337| 0| return if_match(req, "Camellia-128/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 6}); 1338| 0| case 0xA6C61: ------------------ | Branch (1338:7): [True: 0, False: 32.2k] ------------------ 1339| 0| return if_match(req, "SM4/GCM", {1, 2, 156, 10197, 1, 104, 8}); 1340| 0| case 0xA8439: ------------------ | Branch (1340:7): [True: 0, False: 32.2k] ------------------ 1341| 0| return if_match(req, "PKCS12.CertBag", {1, 2, 840, 113549, 1, 12, 10, 1, 3}); 1342| 0| case 0xA9061: ------------------ | Branch (1342:7): [True: 0, False: 32.2k] ------------------ 1343| 0| return if_match(req, "Kyber-768-90s-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 11, 2}); 1344| 0| case 0xAA995: ------------------ | Branch (1344:7): [True: 0, False: 32.2k] ------------------ 1345| 0| return if_match(req, "Camellia-192/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 7}); 1346| 0| case 0xAAE2B: ------------------ | Branch (1346:7): [True: 0, False: 32.2k] ------------------ 1347| 0| return if_match(req, "Dilithium-8x7-AES-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 10, 3}); 1348| 0| case 0xABCED: ------------------ | Branch (1348:7): [True: 0, False: 32.2k] ------------------ 1349| 0| return if_match(req, "GOST.IssuerSigningTool", {1, 2, 643, 100, 112}); 1350| 0| case 0xABD24: ------------------ | Branch (1350:7): [True: 0, False: 32.2k] ------------------ 1351| 0| return if_match(req, "RSA/OAEP", {1, 2, 840, 113549, 1, 1, 7}); 1352| 0| case 0xAC2EC: ------------------ | Branch (1352:7): [True: 0, False: 32.2k] ------------------ 1353| 0| return if_match(req, "Streebog-256", {1, 2, 643, 7, 1, 1, 2, 2}); 1354| 0| case 0xAC3DD: ------------------ | Branch (1354:7): [True: 0, False: 32.2k] ------------------ 1355| 0| return if_match(req, "Certificate Comment", {2, 16, 840, 1, 113730, 1, 13}); 1356| 0| case 0xAC511: ------------------ | Branch (1356:7): [True: 0, False: 32.2k] ------------------ 1357| 0| return if_match(req, "PBE-SHA1-3DES", {1, 2, 840, 113549, 1, 12, 1, 3}); 1358| 0| case 0xAE6FE: ------------------ | Branch (1358:7): [True: 0, False: 32.2k] ------------------ 1359| 0| return if_match(req, "PKIX.ClientAuth", {1, 3, 6, 1, 5, 5, 7, 3, 2}); 1360| 0| case 0xAE8D3: ------------------ | Branch (1360:7): [True: 0, False: 32.2k] ------------------ 1361| 0| return if_match(req, "ClassicMcEliece_8192128pcf", {1, 3, 6, 1, 4, 1, 25258, 1, 18, 6}); 1362| 0| case 0xAF476: ------------------ | Branch (1362:7): [True: 0, False: 32.2k] ------------------ 1363| 0| return if_match(req, "ECDH", {1, 3, 132, 1, 12}); 1364| 0| case 0xAFA6A: ------------------ | Branch (1364:7): [True: 0, False: 32.2k] ------------------ 1365| 0| return if_match(req, "RSA/PKCS1v15(SHA-3(384))", {2, 16, 840, 1, 101, 3, 4, 3, 15}); 1366| 0| case 0xB2217: ------------------ | Branch (1366:7): [True: 0, False: 32.2k] ------------------ 1367| 0| return if_match(req, "AES-256/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 3}); 1368| 0| case 0xB22F7: ------------------ | Branch (1368:7): [True: 0, False: 32.2k] ------------------ 1369| 0| return if_match(req, "Camellia-128/GCM", {0, 3, 4401, 5, 3, 1, 9, 6}); 1370| 0| case 0xB23DE: ------------------ | Branch (1370:7): [True: 0, False: 32.2k] ------------------ 1371| 0| return if_match(req, "X520.Locality", {2, 5, 4, 7}); 1372| 0| case 0xB2FBD: ------------------ | Branch (1372:7): [True: 0, False: 32.2k] ------------------ 1373| 0| return if_match(req, "ECKCDSA/SHA-224", {1, 2, 410, 200004, 1, 100, 4, 4}); 1374| 0| case 0xB32B0: ------------------ | Branch (1374:7): [True: 0, False: 32.2k] ------------------ 1375| 0| return if_match(req, "ECKCDSA/SHA-256", {1, 2, 410, 200004, 1, 100, 4, 5}); 1376| 0| case 0xB360E: ------------------ | Branch (1376:7): [True: 0, False: 32.2k] ------------------ 1377| 0| return if_match(req, "eFrodoKEM-976-SHAKE", {1, 3, 6, 1, 4, 1, 25258, 1, 16, 2}); 1378| 0| case 0xB4368: ------------------ | Branch (1378:7): [True: 0, False: 32.2k] ------------------ 1379| 0| return if_match(req, "ECGDSA/SHA-1", {1, 3, 36, 3, 3, 2, 5, 4, 2}); 1380| 0| case 0xB58CD: ------------------ | Branch (1380:7): [True: 0, False: 32.2k] ------------------ 1381| 0| return if_match(req, "RSA/PKCS1v15(SHA-3(512))", {2, 16, 840, 1, 101, 3, 4, 3, 16}); 1382| 0| case 0xB6427: ------------------ | Branch (1382:7): [True: 0, False: 32.2k] ------------------ 1383| 0| return if_match(req, "Camellia-192/GCM", {0, 3, 4401, 5, 3, 1, 9, 26}); 1384| 0| case 0xB7102: ------------------ | Branch (1384:7): [True: 0, False: 32.2k] ------------------ 1385| 0| return if_match(req, "brainpool224r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 5}); 1386| 0| case 0xB710D: ------------------ | Branch (1386:7): [True: 0, False: 32.2k] ------------------ 1387| 0| return if_match(req, "X509v3.CRLIssuingDistributionPoint", {2, 5, 29, 28}); 1388| 0| case 0xB72D4: ------------------ | Branch (1388:7): [True: 0, False: 32.2k] ------------------ 1389| 0| return if_match(req, "Microsoft UPN", {1, 3, 6, 1, 4, 1, 311, 20, 2, 3}); 1390| 6.26k| case 0xB73A5: ------------------ | Branch (1390:7): [True: 6.26k, False: 25.9k] ------------------ 1391| 6.26k| return if_match(req, "RSA/PSS", {1, 2, 840, 113549, 1, 1, 10}); 1392| 0| case 0xB84B3: ------------------ | Branch (1392:7): [True: 0, False: 32.2k] ------------------ 1393| 0| return if_match(req, "PKIX.CodeSigning", {1, 3, 6, 1, 5, 5, 7, 3, 3}); 1394| 0| case 0xB8CB9: ------------------ | Branch (1394:7): [True: 0, False: 32.2k] ------------------ 1395| 0| return if_match(req, "GOST-34.10-2012-256", {1, 2, 643, 7, 1, 1, 1, 1}); 1396| 0| case 0xB945C: ------------------ | Branch (1396:7): [True: 0, False: 32.2k] ------------------ 1397| 0| return if_match(req, "Twofish/SIV", {1, 3, 6, 1, 4, 1, 25258, 3, 4, 5}); 1398| 0| case 0xB94E4: ------------------ | Branch (1398:7): [True: 0, False: 32.2k] ------------------ 1399| 0| return if_match(req, "gost_512A", {1, 2, 643, 7, 1, 2, 1, 2, 1}); 1400| 0| case 0xB94E5: ------------------ | Branch (1400:7): [True: 0, False: 32.2k] ------------------ 1401| 0| return if_match(req, "gost_512B", {1, 2, 643, 7, 1, 2, 1, 2, 2}); 1402| 0| case 0xBA1D8: ------------------ | Branch (1402:7): [True: 0, False: 32.2k] ------------------ 1403| 0| return if_match(req, "X520.StreetAddress", {2, 5, 4, 9}); 1404| 0| case 0xBCB45: ------------------ | Branch (1404:7): [True: 0, False: 32.2k] ------------------ 1405| 0| return if_match(req, "PKCS12.CRLBag", {1, 2, 840, 113549, 1, 12, 10, 1, 4}); 1406| 0| case 0xBCC82: ------------------ | Branch (1406:7): [True: 0, False: 32.2k] ------------------ 1407| 0| return if_match(req, "x962_p239v1", {1, 2, 840, 10045, 3, 1, 4}); 1408| 0| case 0xBCC83: ------------------ | Branch (1408:7): [True: 0, False: 32.2k] ------------------ 1409| 0| return if_match(req, "x962_p239v2", {1, 2, 840, 10045, 3, 1, 5}); 1410| 0| case 0xBCC84: ------------------ | Branch (1410:7): [True: 0, False: 32.2k] ------------------ 1411| 0| return if_match(req, "x962_p239v3", {1, 2, 840, 10045, 3, 1, 6}); 1412| 0| case 0xBD92B: ------------------ | Branch (1412:7): [True: 0, False: 32.2k] ------------------ 1413| 0| return if_match(req, "X509v3.HoldInstructionCode", {2, 5, 29, 23}); 1414| 0| case 0xBDCA9: ------------------ | Branch (1414:7): [True: 0, False: 32.2k] ------------------ 1415| 0| return if_match(req, "AES-256/GCM", {2, 16, 840, 1, 101, 3, 4, 1, 46}); 1416| 0| case 0xBE48D: ------------------ | Branch (1416:7): [True: 0, False: 32.2k] ------------------ 1417| 0| return if_match(req, "PKIX.OCSP.BasicResponse", {1, 3, 6, 1, 5, 5, 7, 48, 1, 1}); 1418| 0| case 0xBF71E: ------------------ | Branch (1418:7): [True: 0, False: 32.2k] ------------------ 1419| 0| return if_match(req, "Kyber-1024-r3", {1, 3, 6, 1, 4, 1, 25258, 1, 7, 3}); 1420| 0| case 0xBFF01: ------------------ | Branch (1420:7): [True: 0, False: 32.2k] ------------------ 1421| 0| return if_match(req, "DSA/SHA-3(224)", {2, 16, 840, 1, 101, 3, 4, 3, 5}); 1422| 0| case 0xC0F4F: ------------------ | Branch (1422:7): [True: 0, False: 32.2k] ------------------ 1423| 0| return if_match(req, "SphincsPlus-haraka-256f-r3.1", {1, 3, 6, 1, 4, 1, 25258, 1, 12, 3, 6}); 1424| 0| case 0xC1875: ------------------ | Branch (1424:7): [True: 0, False: 32.2k] ------------------ 1425| 0| return if_match(req, "SHA-1", {1, 3, 14, 3, 2, 26}); 1426| 0| case 0xC28D1: ------------------ | Branch (1426:7): [True: 0, False: 32.2k] ------------------ 1427| 0| return if_match(req, "PKIX.OCSPSigning", {1, 3, 6, 1, 5, 5, 7, 3, 9}); 1428| 1.33k| case 0xC42CA: ------------------ | Branch (1428:7): [True: 1.33k, False: 30.8k] ------------------ 1429| 1.33k| return if_match(req, "brainpool256r1", {1, 3, 36, 3, 3, 2, 8, 1, 1, 7}); 1430| 0| default: ------------------ | Branch (1430:7): [True: 0, False: 32.2k] ------------------ 1431| 0| return {}; 1432| 32.2k| } 1433| 32.2k|} _ZN5Botan7OID_Map16load_oid2str_mapEv: 1435| 1|std::unordered_map OID_Map::load_oid2str_map() { 1436| 1| return { 1437| 1| {OID{2, 5, 8, 1, 1}, "RSA"}, 1438| 1| {OID{1, 3, 6, 1, 4, 1, 8301, 3, 1, 2, 9, 0, 38}, "secp521r1"}, 1439| 1| {OID{1, 2, 643, 2, 2, 35, 1}, "gost_256A"}, 1440| 1| {OID{1, 2, 643, 2, 2, 36, 0}, "gost_256A"}, 1441| 1| }; 1442| 1|} _ZN5Botan7OID_Map16load_str2oid_mapEv: 1444| 1|std::unordered_map OID_Map::load_str2oid_map() { 1445| 1| return { 1446| 1| {"Curve25519", OID{1, 3, 101, 110}}, 1447| 1| {"SM2_Sig", OID{1, 2, 156, 10197, 1, 301, 1}}, 1448| 1| {"RSA/EMSA3(MD2)", OID{1, 2, 840, 113549, 1, 1, 2}}, 1449| 1| {"RSA/EMSA3(MD5)", OID{1, 2, 840, 113549, 1, 1, 4}}, 1450| 1| {"RSA/EMSA3(SHA-1)", OID{1, 2, 840, 113549, 1, 1, 5}}, 1451| 1| {"RSA/EMSA3(SHA-256)", OID{1, 2, 840, 113549, 1, 1, 11}}, 1452| 1| {"RSA/EMSA3(SHA-384)", OID{1, 2, 840, 113549, 1, 1, 12}}, 1453| 1| {"RSA/EMSA3(SHA-512)", OID{1, 2, 840, 113549, 1, 1, 13}}, 1454| 1| {"RSA/EMSA3(SHA-224)", OID{1, 2, 840, 113549, 1, 1, 14}}, 1455| 1| {"RSA/EMSA3(SHA-512-256)", OID{1, 2, 840, 113549, 1, 1, 16}}, 1456| 1| {"RSA/EMSA3(SHA-3(224))", OID{2, 16, 840, 1, 101, 3, 4, 3, 13}}, 1457| 1| {"RSA/EMSA3(SHA-3(256))", OID{2, 16, 840, 1, 101, 3, 4, 3, 14}}, 1458| 1| {"RSA/EMSA3(SHA-3(384))", OID{2, 16, 840, 1, 101, 3, 4, 3, 15}}, 1459| 1| {"RSA/EMSA3(SHA-3(512))", OID{2, 16, 840, 1, 101, 3, 4, 3, 16}}, 1460| 1| {"RSA/EMSA3(SM3)", OID{1, 2, 156, 10197, 1, 504}}, 1461| 1| {"RSA/EMSA3(RIPEMD-160)", OID{1, 3, 36, 3, 3, 1, 2}}, 1462| 1| {"RSA/EMSA4", OID{1, 2, 840, 113549, 1, 1, 10}}, 1463| 1| {"PBES2", OID{1, 2, 840, 113549, 1, 5, 13}}, 1464| 1| }; 1465| 1|} static_oids.cpp:_ZN5Botan12_GLOBAL__N_18if_matchERKNS_3OIDESt16initializer_listIjENSt3__117basic_string_viewIcNS6_11char_traitsIcEEEE: 18| 14.0k|std::optional if_match(const OID& oid, std::initializer_list val, std::string_view name) { 19| 14.0k| if(oid.matches(val)) { ------------------ | Branch (19:7): [True: 14.0k, False: 0] ------------------ 20| 14.0k| return name; 21| 14.0k| } else { 22| 0| return {}; 23| 0| } 24| 14.0k|} static_oids.cpp:_ZN5Botan12_GLOBAL__N_113hash_oid_nameENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 34| 32.2k|uint32_t hash_oid_name(std::string_view s) { 35| 32.2k| uint64_t hash = 0x8188B31879A4879A; 36| | 37| 397k| for(const char c : s) { ------------------ | Branch (37:21): [True: 397k, False: 32.2k] ------------------ 38| 397k| hash *= 251; 39| 397k| hash += c; 40| 397k| } 41| | 42| 32.2k| return static_cast(hash % 805289); 43| 32.2k|} static_oids.cpp:_ZN5Botan12_GLOBAL__N_18if_matchENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_St16initializer_listIjE: 26| 32.2k|std::optional if_match(std::string_view req, std::string_view actual, std::initializer_list oid) { 27| 32.2k| if(req == actual) { ------------------ | Branch (27:7): [True: 32.2k, False: 0] ------------------ 28| 32.2k| return OID(oid); 29| 32.2k| } else { 30| 0| return {}; 31| 0| } 32| 32.2k|} _ZN5Botan20Buffered_Computation6updateENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 14| 8.63k|void Buffered_Computation::update(std::string_view str) { 15| 8.63k| add_data(as_span_of_bytes(str)); 16| 8.63k|} _ZN5Botan20Buffered_Computation9update_beEm: 30| 17.2k|void Buffered_Computation::update_be(uint64_t val) { 31| 17.2k| uint8_t inb[sizeof(val)]; 32| 17.2k| store_be(val, inb); 33| 17.2k| add_data({inb, sizeof(inb)}); 34| 17.2k|} _ZN5Botan20Buffered_Computation5finalENSt3__14spanIhLm18446744073709551615EEE: 54| 83.4k|void Buffered_Computation::final(std::span out) { 55| 83.4k| BOTAN_ARG_CHECK(out.size() >= output_length(), "provided output buffer has insufficient capacity"); ------------------ | | 35| 83.4k| do { \ | | 36| 83.4k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 83.4k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 83.4k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 83.4k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 83.4k] | | ------------------ ------------------ 56| 83.4k| final_result(out); 57| 83.4k|} _ZN5Botan18SymmetricAlgorithm7set_keyERKNS_11OctetStringE: 14| 8.63k|void SymmetricAlgorithm::set_key(const OctetString& key) { 15| 8.63k| set_key(std::span{key.begin(), key.length()}); 16| 8.63k|} _ZN5Botan18SymmetricAlgorithm7set_keyENSt3__14spanIKhLm18446744073709551615EEE: 22| 13.4k|void SymmetricAlgorithm::set_key(std::span key) { 23| 13.4k| if(!valid_keylength(key.size())) { ------------------ | Branch (23:7): [True: 0, False: 13.4k] ------------------ 24| 0| throw Invalid_Key_Length(name(), key.size()); 25| 0| } 26| 13.4k| key_schedule(key); 27| 13.4k|} _ZN5Botan11OctetStringC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 27| 11.0k|OctetString::OctetString(std::string_view hex_string) { 28| 11.0k| if(!hex_string.empty()) { ------------------ | Branch (28:7): [True: 0, False: 11.0k] ------------------ 29| 0| m_data.resize(1 + hex_string.length() / 2); 30| 0| m_data.resize(hex_decode(m_data.data(), hex_string)); 31| 0| } 32| 11.0k|} _ZNK5Botan7AES_12811parallelismEv: 807| 120|size_t AES_128::parallelism() const { 808| 120| return aes_parallelism(); 809| 120|} _ZNK5Botan7AES_25611parallelismEv: 815| 413|size_t AES_256::parallelism() const { 816| 413| return aes_parallelism(); 817| 413|} _ZNK5Botan7AES_12819has_keying_materialEv: 819| 3.19k|bool AES_128::has_keying_material() const { 820| 3.19k| return !m_EK.empty(); 821| 3.19k|} _ZNK5Botan7AES_25619has_keying_materialEv: 827| 2.02k|bool AES_256::has_keying_material() const { 828| 2.02k| return !m_EK.empty(); 829| 2.02k|} _ZNK5Botan7AES_1289encrypt_nEPKhPhm: 831| 2.86k|void AES_128::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 832| 2.86k| assert_key_material_set(); 833| | 834| 2.86k|#if defined(BOTAN_HAS_AES_VAES) 835| 2.86k| if(CPUID::has(CPUID::Feature::AVX2_AES)) { ------------------ | Branch (835:7): [True: 0, False: 2.86k] ------------------ 836| 0| return x86_vaes_encrypt_n(in, out, blocks); 837| 0| } 838| 2.86k|#endif 839| | 840| 2.86k|#if defined(BOTAN_HAS_HW_AES_SUPPORT) 841| 2.86k| if(CPUID::has(CPUID::Feature::HW_AES)) { ------------------ | Branch (841:7): [True: 2.86k, False: 0] ------------------ 842| 2.86k| return hw_aes_encrypt_n(in, out, blocks); 843| 2.86k| } 844| 0|#endif 845| | 846| 0|#if defined(BOTAN_HAS_AES_VPERM) 847| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (847:7): [True: 0, False: 0] ------------------ 848| 0| return vperm_encrypt_n(in, out, blocks); 849| 0| } 850| 0|#endif 851| | 852| 0| aes_encrypt_n(in, out, blocks, m_EK); 853| 0|} _ZNK5Botan7AES_1289decrypt_nEPKhPhm: 855| 158|void AES_128::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 856| 158| assert_key_material_set(); 857| | 858| 158|#if defined(BOTAN_HAS_AES_VAES) 859| 158| if(CPUID::has(CPUID::Feature::AVX2_AES)) { ------------------ | Branch (859:7): [True: 0, False: 158] ------------------ 860| 0| return x86_vaes_decrypt_n(in, out, blocks); 861| 0| } 862| 158|#endif 863| | 864| 158|#if defined(BOTAN_HAS_HW_AES_SUPPORT) 865| 158| if(CPUID::has(CPUID::Feature::HW_AES)) { ------------------ | Branch (865:7): [True: 158, False: 0] ------------------ 866| 158| return hw_aes_decrypt_n(in, out, blocks); 867| 158| } 868| 0|#endif 869| | 870| 0|#if defined(BOTAN_HAS_AES_VPERM) 871| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (871:7): [True: 0, False: 0] ------------------ 872| 0| return vperm_decrypt_n(in, out, blocks); 873| 0| } 874| 0|#endif 875| | 876| 0| aes_decrypt_n(in, out, blocks, m_DK); 877| 0|} _ZN5Botan7AES_12812key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 879| 163|void AES_128::key_schedule(std::span key) { 880| 163|#if defined(BOTAN_HAS_AES_NI) 881| 163| if(CPUID::has(CPUID::Feature::AESNI)) { ------------------ | Branch (881:7): [True: 163, False: 0] ------------------ 882| 163| return aesni_key_schedule(key.data(), key.size()); 883| 163| } 884| 0|#endif 885| | 886| 0|#if defined(BOTAN_HAS_AES_VAES) 887| 0| if(CPUID::has(CPUID::Feature::AVX2_AES)) { ------------------ | Branch (887:7): [True: 0, False: 0] ------------------ 888| 0| return aes_key_schedule(key.data(), key.size(), m_EK, m_DK, true); 889| 0| } 890| 0|#endif 891| | 892| 0|#if defined(BOTAN_HAS_HW_AES_SUPPORT) 893| 0| if(CPUID::has(CPUID::Feature::HW_AES)) { ------------------ | Branch (893:7): [True: 0, False: 0] ------------------ 894| 0| constexpr bool is_little_endian = std::endian::native == std::endian::little; 895| 0| return aes_key_schedule(key.data(), key.size(), m_EK, m_DK, is_little_endian); 896| 0| } 897| 0|#endif 898| | 899| 0|#if defined(BOTAN_HAS_AES_VPERM) 900| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (900:7): [True: 0, False: 0] ------------------ 901| 0| return vperm_key_schedule(key.data(), key.size()); 902| 0| } 903| 0|#endif 904| | 905| 0| aes_key_schedule(key.data(), key.size(), m_EK, m_DK); 906| 0|} _ZNK5Botan7AES_2569encrypt_nEPKhPhm: 995| 971|void AES_256::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 996| 971| assert_key_material_set(); 997| | 998| 971|#if defined(BOTAN_HAS_AES_VAES) 999| 971| if(CPUID::has(CPUID::Feature::AVX2_AES)) { ------------------ | Branch (999:7): [True: 0, False: 971] ------------------ 1000| 0| return x86_vaes_encrypt_n(in, out, blocks); 1001| 0| } 1002| 971|#endif 1003| | 1004| 971|#if defined(BOTAN_HAS_HW_AES_SUPPORT) 1005| 971| if(CPUID::has(CPUID::Feature::HW_AES)) { ------------------ | Branch (1005:7): [True: 971, False: 0] ------------------ 1006| 971| return hw_aes_encrypt_n(in, out, blocks); 1007| 971| } 1008| 0|#endif 1009| | 1010| 0|#if defined(BOTAN_HAS_AES_VPERM) 1011| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (1011:7): [True: 0, False: 0] ------------------ 1012| 0| return vperm_encrypt_n(in, out, blocks); 1013| 0| } 1014| 0|#endif 1015| | 1016| 0| aes_encrypt_n(in, out, blocks, m_EK); 1017| 0|} _ZNK5Botan7AES_2569decrypt_nEPKhPhm: 1019| 339|void AES_256::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 1020| 339| assert_key_material_set(); 1021| | 1022| 339|#if defined(BOTAN_HAS_AES_VAES) 1023| 339| if(CPUID::has(CPUID::Feature::AVX2_AES)) { ------------------ | Branch (1023:7): [True: 0, False: 339] ------------------ 1024| 0| return x86_vaes_decrypt_n(in, out, blocks); 1025| 0| } 1026| 339|#endif 1027| | 1028| 339|#if defined(BOTAN_HAS_HW_AES_SUPPORT) 1029| 339| if(CPUID::has(CPUID::Feature::HW_AES)) { ------------------ | Branch (1029:7): [True: 339, False: 0] ------------------ 1030| 339| return hw_aes_decrypt_n(in, out, blocks); 1031| 339| } 1032| 0|#endif 1033| | 1034| 0|#if defined(BOTAN_HAS_AES_VPERM) 1035| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (1035:7): [True: 0, False: 0] ------------------ 1036| 0| return vperm_decrypt_n(in, out, blocks); 1037| 0| } 1038| 0|#endif 1039| | 1040| 0| aes_decrypt_n(in, out, blocks, m_DK); 1041| 0|} _ZN5Botan7AES_25612key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 1043| 226|void AES_256::key_schedule(std::span key) { 1044| 226|#if defined(BOTAN_HAS_AES_NI) 1045| 226| if(CPUID::has(CPUID::Feature::AESNI)) { ------------------ | Branch (1045:7): [True: 226, False: 0] ------------------ 1046| 226| return aesni_key_schedule(key.data(), key.size()); 1047| 226| } 1048| 0|#endif 1049| | 1050| 0|#if defined(BOTAN_HAS_AES_VAES) 1051| 0| if(CPUID::has(CPUID::Feature::AVX2_AES)) { ------------------ | Branch (1051:7): [True: 0, False: 0] ------------------ 1052| 0| return aes_key_schedule(key.data(), key.size(), m_EK, m_DK, true); 1053| 0| } 1054| 0|#endif 1055| | 1056| 0|#if defined(BOTAN_HAS_HW_AES_SUPPORT) 1057| 0| if(CPUID::has(CPUID::Feature::HW_AES)) { ------------------ | Branch (1057:7): [True: 0, False: 0] ------------------ 1058| 0| constexpr bool is_little_endian = std::endian::native == std::endian::little; 1059| 0| return aes_key_schedule(key.data(), key.size(), m_EK, m_DK, is_little_endian); 1060| 0| } 1061| 0|#endif 1062| | 1063| 0|#if defined(BOTAN_HAS_AES_VPERM) 1064| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (1064:7): [True: 0, False: 0] ------------------ 1065| 0| return vperm_key_schedule(key.data(), key.size()); 1066| 0| } 1067| 0|#endif 1068| | 1069| 0| aes_key_schedule(key.data(), key.size(), m_EK, m_DK); 1070| 0|} aes.cpp:_ZN5Botan12_GLOBAL__N_115aes_parallelismEv: 748| 533|size_t aes_parallelism() { 749| 533|#if defined(BOTAN_HAS_AES_VAES) 750| 533| if(CPUID::has(CPUID::Feature::AVX2_AES)) { ------------------ | Branch (750:7): [True: 0, False: 533] ------------------ 751| 0| return 8; // pipelined 752| 0| } 753| 533|#endif 754| | 755| 533|#if defined(BOTAN_HAS_HW_AES_SUPPORT) 756| 533| if(CPUID::has(CPUID::Feature::HW_AES)) { ------------------ | Branch (756:7): [True: 533, False: 0] ------------------ 757| 533| return 4; // pipelined 758| 533| } 759| 0|#endif 760| | 761| 0|#if defined(BOTAN_HAS_AES_VPERM) 762| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (762:7): [True: 0, False: 0] ------------------ 763| 0| return 2; // pipelined 764| 0| } 765| 0|#endif 766| | 767| | // bitsliced: 768| 0| return 2; 769| 0|} _ZNK5Botan7AES_12816hw_aes_encrypt_nEPKhPhm: 135| 2.86k|BOTAN_FN_ISA_AESNI void AES_128::hw_aes_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 136| 2.86k| const SIMD_4x32 K0 = SIMD_4x32::load_le(&m_EK[4 * 0]); 137| 2.86k| const SIMD_4x32 K1 = SIMD_4x32::load_le(&m_EK[4 * 1]); 138| 2.86k| const SIMD_4x32 K2 = SIMD_4x32::load_le(&m_EK[4 * 2]); 139| 2.86k| const SIMD_4x32 K3 = SIMD_4x32::load_le(&m_EK[4 * 3]); 140| 2.86k| const SIMD_4x32 K4 = SIMD_4x32::load_le(&m_EK[4 * 4]); 141| 2.86k| const SIMD_4x32 K5 = SIMD_4x32::load_le(&m_EK[4 * 5]); 142| 2.86k| const SIMD_4x32 K6 = SIMD_4x32::load_le(&m_EK[4 * 6]); 143| 2.86k| const SIMD_4x32 K7 = SIMD_4x32::load_le(&m_EK[4 * 7]); 144| 2.86k| const SIMD_4x32 K8 = SIMD_4x32::load_le(&m_EK[4 * 8]); 145| 2.86k| const SIMD_4x32 K9 = SIMD_4x32::load_le(&m_EK[4 * 9]); 146| 2.86k| const SIMD_4x32 K10 = SIMD_4x32::load_le(&m_EK[4 * 10]); 147| | 148| 3.43k| while(blocks >= 4) { ------------------ | Branch (148:10): [True: 572, False: 2.86k] ------------------ 149| 572| SIMD_4x32 B0 = SIMD_4x32::load_le(in + 16 * 0); 150| 572| SIMD_4x32 B1 = SIMD_4x32::load_le(in + 16 * 1); 151| 572| SIMD_4x32 B2 = SIMD_4x32::load_le(in + 16 * 2); 152| 572| SIMD_4x32 B3 = SIMD_4x32::load_le(in + 16 * 3); 153| | 154| 572| keyxor(K0, B0, B1, B2, B3); 155| 572| aesenc(K1, B0, B1, B2, B3); 156| 572| aesenc(K2, B0, B1, B2, B3); 157| 572| aesenc(K3, B0, B1, B2, B3); 158| 572| aesenc(K4, B0, B1, B2, B3); 159| 572| aesenc(K5, B0, B1, B2, B3); 160| 572| aesenc(K6, B0, B1, B2, B3); 161| 572| aesenc(K7, B0, B1, B2, B3); 162| 572| aesenc(K8, B0, B1, B2, B3); 163| 572| aesenc(K9, B0, B1, B2, B3); 164| 572| aesenclast(K10, B0, B1, B2, B3); 165| | 166| 572| B0.store_le(out + 16 * 0); 167| 572| B1.store_le(out + 16 * 1); 168| 572| B2.store_le(out + 16 * 2); 169| 572| B3.store_le(out + 16 * 3); 170| | 171| 572| blocks -= 4; 172| 572| in += 4 * 16; 173| 572| out += 4 * 16; 174| 572| } 175| | 176| 5.57k| for(size_t i = 0; i != blocks; ++i) { ------------------ | Branch (176:22): [True: 2.71k, False: 2.86k] ------------------ 177| 2.71k| SIMD_4x32 B0 = SIMD_4x32::load_le(in + 16 * i); 178| | 179| 2.71k| B0 ^= K0; 180| 2.71k| aesenc(K1, B0); 181| 2.71k| aesenc(K2, B0); 182| 2.71k| aesenc(K3, B0); 183| 2.71k| aesenc(K4, B0); 184| 2.71k| aesenc(K5, B0); 185| 2.71k| aesenc(K6, B0); 186| 2.71k| aesenc(K7, B0); 187| 2.71k| aesenc(K8, B0); 188| 2.71k| aesenc(K9, B0); 189| 2.71k| aesenclast(K10, B0); 190| | 191| 2.71k| B0.store_le(out + 16 * i); 192| 2.71k| } 193| 2.86k|} _ZNK5Botan7AES_12816hw_aes_decrypt_nEPKhPhm: 198| 158|BOTAN_FN_ISA_AESNI void AES_128::hw_aes_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 199| 158| const SIMD_4x32 K0 = SIMD_4x32::load_le(&m_DK[4 * 0]); 200| 158| const SIMD_4x32 K1 = SIMD_4x32::load_le(&m_DK[4 * 1]); 201| 158| const SIMD_4x32 K2 = SIMD_4x32::load_le(&m_DK[4 * 2]); 202| 158| const SIMD_4x32 K3 = SIMD_4x32::load_le(&m_DK[4 * 3]); 203| 158| const SIMD_4x32 K4 = SIMD_4x32::load_le(&m_DK[4 * 4]); 204| 158| const SIMD_4x32 K5 = SIMD_4x32::load_le(&m_DK[4 * 5]); 205| 158| const SIMD_4x32 K6 = SIMD_4x32::load_le(&m_DK[4 * 6]); 206| 158| const SIMD_4x32 K7 = SIMD_4x32::load_le(&m_DK[4 * 7]); 207| 158| const SIMD_4x32 K8 = SIMD_4x32::load_le(&m_DK[4 * 8]); 208| 158| const SIMD_4x32 K9 = SIMD_4x32::load_le(&m_DK[4 * 9]); 209| 158| const SIMD_4x32 K10 = SIMD_4x32::load_le(&m_DK[4 * 10]); 210| | 211| 714| while(blocks >= 4) { ------------------ | Branch (211:10): [True: 556, False: 158] ------------------ 212| 556| SIMD_4x32 B0 = SIMD_4x32::load_le(in + 16 * 0); 213| 556| SIMD_4x32 B1 = SIMD_4x32::load_le(in + 16 * 1); 214| 556| SIMD_4x32 B2 = SIMD_4x32::load_le(in + 16 * 2); 215| 556| SIMD_4x32 B3 = SIMD_4x32::load_le(in + 16 * 3); 216| | 217| 556| keyxor(K0, B0, B1, B2, B3); 218| 556| aesdec(K1, B0, B1, B2, B3); 219| 556| aesdec(K2, B0, B1, B2, B3); 220| 556| aesdec(K3, B0, B1, B2, B3); 221| 556| aesdec(K4, B0, B1, B2, B3); 222| 556| aesdec(K5, B0, B1, B2, B3); 223| 556| aesdec(K6, B0, B1, B2, B3); 224| 556| aesdec(K7, B0, B1, B2, B3); 225| 556| aesdec(K8, B0, B1, B2, B3); 226| 556| aesdec(K9, B0, B1, B2, B3); 227| 556| aesdeclast(K10, B0, B1, B2, B3); 228| | 229| 556| B0.store_le(out + 16 * 0); 230| 556| B1.store_le(out + 16 * 1); 231| 556| B2.store_le(out + 16 * 2); 232| 556| B3.store_le(out + 16 * 3); 233| | 234| 556| blocks -= 4; 235| 556| in += 4 * 16; 236| 556| out += 4 * 16; 237| 556| } 238| | 239| 216| for(size_t i = 0; i != blocks; ++i) { ------------------ | Branch (239:22): [True: 58, False: 158] ------------------ 240| 58| SIMD_4x32 B0 = SIMD_4x32::load_le(in + 16 * i); 241| | 242| 58| B0 ^= K0; 243| 58| aesdec(K1, B0); 244| 58| aesdec(K2, B0); 245| 58| aesdec(K3, B0); 246| 58| aesdec(K4, B0); 247| 58| aesdec(K5, B0); 248| 58| aesdec(K6, B0); 249| 58| aesdec(K7, B0); 250| 58| aesdec(K8, B0); 251| 58| aesdec(K9, B0); 252| 58| aesdeclast(K10, B0); 253| | 254| 58| B0.store_le(out + 16 * i); 255| 58| } 256| 158|} _ZN5Botan7AES_12818aesni_key_scheduleEPKhm: 261| 163|BOTAN_FN_ISA_AESNI void AES_128::aesni_key_schedule(const uint8_t key[], size_t /*length*/) { 262| 163| m_EK.resize(44); 263| 163| m_DK.resize(44); 264| | 265| 163| const SIMD_4x32 K0 = SIMD_4x32::load_le(key); 266| 163| const SIMD_4x32 K1 = aes_128_key_expansion<0x01>(K0, K0); 267| 163| const SIMD_4x32 K2 = aes_128_key_expansion<0x02>(K1, K1); 268| 163| const SIMD_4x32 K3 = aes_128_key_expansion<0x04>(K2, K2); 269| 163| const SIMD_4x32 K4 = aes_128_key_expansion<0x08>(K3, K3); 270| 163| const SIMD_4x32 K5 = aes_128_key_expansion<0x10>(K4, K4); 271| 163| const SIMD_4x32 K6 = aes_128_key_expansion<0x20>(K5, K5); 272| 163| const SIMD_4x32 K7 = aes_128_key_expansion<0x40>(K6, K6); 273| 163| const SIMD_4x32 K8 = aes_128_key_expansion<0x80>(K7, K7); 274| 163| const SIMD_4x32 K9 = aes_128_key_expansion<0x1B>(K8, K8); 275| 163| const SIMD_4x32 K10 = aes_128_key_expansion<0x36>(K9, K9); 276| | 277| 163| K0.store_le(&m_EK[4 * 0]); 278| 163| K1.store_le(&m_EK[4 * 1]); 279| 163| K2.store_le(&m_EK[4 * 2]); 280| 163| K3.store_le(&m_EK[4 * 3]); 281| 163| K4.store_le(&m_EK[4 * 4]); 282| 163| K5.store_le(&m_EK[4 * 5]); 283| 163| K6.store_le(&m_EK[4 * 6]); 284| 163| K7.store_le(&m_EK[4 * 7]); 285| 163| K8.store_le(&m_EK[4 * 8]); 286| 163| K9.store_le(&m_EK[4 * 9]); 287| 163| K10.store_le(&m_EK[4 * 10]); 288| | 289| | // Now generate decryption keys 290| 163| K10.store_le(&m_DK[4 * 0]); 291| 163| aesimc(K9).store_le(&m_DK[4 * 1]); 292| 163| aesimc(K8).store_le(&m_DK[4 * 2]); 293| 163| aesimc(K7).store_le(&m_DK[4 * 3]); 294| 163| aesimc(K6).store_le(&m_DK[4 * 4]); 295| 163| aesimc(K5).store_le(&m_DK[4 * 5]); 296| 163| aesimc(K4).store_le(&m_DK[4 * 6]); 297| 163| aesimc(K3).store_le(&m_DK[4 * 7]); 298| 163| aesimc(K2).store_le(&m_DK[4 * 8]); 299| 163| aesimc(K1).store_le(&m_DK[4 * 9]); 300| 163| K0.store_le(&m_DK[4 * 10]); 301| 163|} _ZNK5Botan7AES_25616hw_aes_encrypt_nEPKhPhm: 483| 971|BOTAN_FN_ISA_AESNI void AES_256::hw_aes_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 484| 971| const SIMD_4x32 K0 = SIMD_4x32::load_le(&m_EK[4 * 0]); 485| 971| const SIMD_4x32 K1 = SIMD_4x32::load_le(&m_EK[4 * 1]); 486| 971| const SIMD_4x32 K2 = SIMD_4x32::load_le(&m_EK[4 * 2]); 487| 971| const SIMD_4x32 K3 = SIMD_4x32::load_le(&m_EK[4 * 3]); 488| 971| const SIMD_4x32 K4 = SIMD_4x32::load_le(&m_EK[4 * 4]); 489| 971| const SIMD_4x32 K5 = SIMD_4x32::load_le(&m_EK[4 * 5]); 490| 971| const SIMD_4x32 K6 = SIMD_4x32::load_le(&m_EK[4 * 6]); 491| 971| const SIMD_4x32 K7 = SIMD_4x32::load_le(&m_EK[4 * 7]); 492| 971| const SIMD_4x32 K8 = SIMD_4x32::load_le(&m_EK[4 * 8]); 493| 971| const SIMD_4x32 K9 = SIMD_4x32::load_le(&m_EK[4 * 9]); 494| 971| const SIMD_4x32 K10 = SIMD_4x32::load_le(&m_EK[4 * 10]); 495| 971| const SIMD_4x32 K11 = SIMD_4x32::load_le(&m_EK[4 * 11]); 496| 971| const SIMD_4x32 K12 = SIMD_4x32::load_le(&m_EK[4 * 12]); 497| 971| const SIMD_4x32 K13 = SIMD_4x32::load_le(&m_EK[4 * 13]); 498| 971| const SIMD_4x32 K14 = SIMD_4x32::load_le(&m_EK[4 * 14]); 499| | 500| 2.38k| while(blocks >= 4) { ------------------ | Branch (500:10): [True: 1.41k, False: 971] ------------------ 501| 1.41k| SIMD_4x32 B0 = SIMD_4x32::load_le(in + 16 * 0); 502| 1.41k| SIMD_4x32 B1 = SIMD_4x32::load_le(in + 16 * 1); 503| 1.41k| SIMD_4x32 B2 = SIMD_4x32::load_le(in + 16 * 2); 504| 1.41k| SIMD_4x32 B3 = SIMD_4x32::load_le(in + 16 * 3); 505| | 506| 1.41k| keyxor(K0, B0, B1, B2, B3); 507| 1.41k| aesenc(K1, B0, B1, B2, B3); 508| 1.41k| aesenc(K2, B0, B1, B2, B3); 509| 1.41k| aesenc(K3, B0, B1, B2, B3); 510| 1.41k| aesenc(K4, B0, B1, B2, B3); 511| 1.41k| aesenc(K5, B0, B1, B2, B3); 512| 1.41k| aesenc(K6, B0, B1, B2, B3); 513| 1.41k| aesenc(K7, B0, B1, B2, B3); 514| 1.41k| aesenc(K8, B0, B1, B2, B3); 515| 1.41k| aesenc(K9, B0, B1, B2, B3); 516| 1.41k| aesenc(K10, B0, B1, B2, B3); 517| 1.41k| aesenc(K11, B0, B1, B2, B3); 518| 1.41k| aesenc(K12, B0, B1, B2, B3); 519| 1.41k| aesenc(K13, B0, B1, B2, B3); 520| 1.41k| aesenclast(K14, B0, B1, B2, B3); 521| | 522| 1.41k| B0.store_le(out + 16 * 0); 523| 1.41k| B1.store_le(out + 16 * 1); 524| 1.41k| B2.store_le(out + 16 * 2); 525| 1.41k| B3.store_le(out + 16 * 3); 526| | 527| 1.41k| blocks -= 4; 528| 1.41k| in += 4 * 16; 529| 1.41k| out += 4 * 16; 530| 1.41k| } 531| | 532| 1.58k| for(size_t i = 0; i != blocks; ++i) { ------------------ | Branch (532:22): [True: 617, False: 971] ------------------ 533| 617| SIMD_4x32 B0 = SIMD_4x32::load_le(in + 16 * i); 534| | 535| 617| B0 ^= K0; 536| | 537| 617| aesenc(K1, B0); 538| 617| aesenc(K2, B0); 539| 617| aesenc(K3, B0); 540| 617| aesenc(K4, B0); 541| 617| aesenc(K5, B0); 542| 617| aesenc(K6, B0); 543| 617| aesenc(K7, B0); 544| 617| aesenc(K8, B0); 545| 617| aesenc(K9, B0); 546| 617| aesenc(K10, B0); 547| 617| aesenc(K11, B0); 548| 617| aesenc(K12, B0); 549| 617| aesenc(K13, B0); 550| 617| aesenclast(K14, B0); 551| | 552| 617| B0.store_le(out + 16 * i); 553| 617| } 554| 971|} _ZNK5Botan7AES_25616hw_aes_decrypt_nEPKhPhm: 559| 339|BOTAN_FN_ISA_AESNI void AES_256::hw_aes_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 560| 339| const SIMD_4x32 K0 = SIMD_4x32::load_le(&m_DK[4 * 0]); 561| 339| const SIMD_4x32 K1 = SIMD_4x32::load_le(&m_DK[4 * 1]); 562| 339| const SIMD_4x32 K2 = SIMD_4x32::load_le(&m_DK[4 * 2]); 563| 339| const SIMD_4x32 K3 = SIMD_4x32::load_le(&m_DK[4 * 3]); 564| 339| const SIMD_4x32 K4 = SIMD_4x32::load_le(&m_DK[4 * 4]); 565| 339| const SIMD_4x32 K5 = SIMD_4x32::load_le(&m_DK[4 * 5]); 566| 339| const SIMD_4x32 K6 = SIMD_4x32::load_le(&m_DK[4 * 6]); 567| 339| const SIMD_4x32 K7 = SIMD_4x32::load_le(&m_DK[4 * 7]); 568| 339| const SIMD_4x32 K8 = SIMD_4x32::load_le(&m_DK[4 * 8]); 569| 339| const SIMD_4x32 K9 = SIMD_4x32::load_le(&m_DK[4 * 9]); 570| 339| const SIMD_4x32 K10 = SIMD_4x32::load_le(&m_DK[4 * 10]); 571| 339| const SIMD_4x32 K11 = SIMD_4x32::load_le(&m_DK[4 * 11]); 572| 339| const SIMD_4x32 K12 = SIMD_4x32::load_le(&m_DK[4 * 12]); 573| 339| const SIMD_4x32 K13 = SIMD_4x32::load_le(&m_DK[4 * 13]); 574| 339| const SIMD_4x32 K14 = SIMD_4x32::load_le(&m_DK[4 * 14]); 575| | 576| 1.55k| while(blocks >= 4) { ------------------ | Branch (576:10): [True: 1.21k, False: 339] ------------------ 577| 1.21k| SIMD_4x32 B0 = SIMD_4x32::load_le(in + 16 * 0); 578| 1.21k| SIMD_4x32 B1 = SIMD_4x32::load_le(in + 16 * 1); 579| 1.21k| SIMD_4x32 B2 = SIMD_4x32::load_le(in + 16 * 2); 580| 1.21k| SIMD_4x32 B3 = SIMD_4x32::load_le(in + 16 * 3); 581| | 582| 1.21k| keyxor(K0, B0, B1, B2, B3); 583| 1.21k| aesdec(K1, B0, B1, B2, B3); 584| 1.21k| aesdec(K2, B0, B1, B2, B3); 585| 1.21k| aesdec(K3, B0, B1, B2, B3); 586| 1.21k| aesdec(K4, B0, B1, B2, B3); 587| 1.21k| aesdec(K5, B0, B1, B2, B3); 588| 1.21k| aesdec(K6, B0, B1, B2, B3); 589| 1.21k| aesdec(K7, B0, B1, B2, B3); 590| 1.21k| aesdec(K8, B0, B1, B2, B3); 591| 1.21k| aesdec(K9, B0, B1, B2, B3); 592| 1.21k| aesdec(K10, B0, B1, B2, B3); 593| 1.21k| aesdec(K11, B0, B1, B2, B3); 594| 1.21k| aesdec(K12, B0, B1, B2, B3); 595| 1.21k| aesdec(K13, B0, B1, B2, B3); 596| 1.21k| aesdeclast(K14, B0, B1, B2, B3); 597| | 598| 1.21k| B0.store_le(out + 16 * 0); 599| 1.21k| B1.store_le(out + 16 * 1); 600| 1.21k| B2.store_le(out + 16 * 2); 601| 1.21k| B3.store_le(out + 16 * 3); 602| | 603| 1.21k| blocks -= 4; 604| 1.21k| in += 4 * 16; 605| 1.21k| out += 4 * 16; 606| 1.21k| } 607| | 608| 450| for(size_t i = 0; i != blocks; ++i) { ------------------ | Branch (608:22): [True: 111, False: 339] ------------------ 609| 111| SIMD_4x32 B0 = SIMD_4x32::load_le(in + 16 * i); 610| | 611| 111| B0 ^= K0; 612| | 613| 111| aesdec(K1, B0); 614| 111| aesdec(K2, B0); 615| 111| aesdec(K3, B0); 616| 111| aesdec(K4, B0); 617| 111| aesdec(K5, B0); 618| 111| aesdec(K6, B0); 619| 111| aesdec(K7, B0); 620| 111| aesdec(K8, B0); 621| 111| aesdec(K9, B0); 622| 111| aesdec(K10, B0); 623| 111| aesdec(K11, B0); 624| 111| aesdec(K12, B0); 625| 111| aesdec(K13, B0); 626| 111| aesdeclast(K14, B0); 627| | 628| 111| B0.store_le(out + 16 * i); 629| 111| } 630| 339|} _ZN5Botan7AES_25618aesni_key_scheduleEPKhm: 635| 226|BOTAN_FN_ISA_AESNI void AES_256::aesni_key_schedule(const uint8_t key[], size_t /*length*/) { 636| 226| m_EK.resize(60); 637| 226| m_DK.resize(60); 638| | 639| 226| const SIMD_4x32 K0 = SIMD_4x32::load_le(key); 640| 226| const SIMD_4x32 K1 = SIMD_4x32::load_le(key + 16); 641| | 642| 226| const SIMD_4x32 K2 = aes_128_key_expansion<0x01>(K0, K1); 643| 226| const SIMD_4x32 K3 = aes_256_key_expansion(K1, K2); 644| | 645| 226| const SIMD_4x32 K4 = aes_128_key_expansion<0x02>(K2, K3); 646| 226| const SIMD_4x32 K5 = aes_256_key_expansion(K3, K4); 647| | 648| 226| const SIMD_4x32 K6 = aes_128_key_expansion<0x04>(K4, K5); 649| 226| const SIMD_4x32 K7 = aes_256_key_expansion(K5, K6); 650| | 651| 226| const SIMD_4x32 K8 = aes_128_key_expansion<0x08>(K6, K7); 652| 226| const SIMD_4x32 K9 = aes_256_key_expansion(K7, K8); 653| | 654| 226| const SIMD_4x32 K10 = aes_128_key_expansion<0x10>(K8, K9); 655| 226| const SIMD_4x32 K11 = aes_256_key_expansion(K9, K10); 656| | 657| 226| const SIMD_4x32 K12 = aes_128_key_expansion<0x20>(K10, K11); 658| 226| const SIMD_4x32 K13 = aes_256_key_expansion(K11, K12); 659| | 660| 226| const SIMD_4x32 K14 = aes_128_key_expansion<0x40>(K12, K13); 661| | 662| 226| K0.store_le(&m_EK[4 * 0]); 663| 226| K1.store_le(&m_EK[4 * 1]); 664| 226| K2.store_le(&m_EK[4 * 2]); 665| 226| K3.store_le(&m_EK[4 * 3]); 666| 226| K4.store_le(&m_EK[4 * 4]); 667| 226| K5.store_le(&m_EK[4 * 5]); 668| 226| K6.store_le(&m_EK[4 * 6]); 669| 226| K7.store_le(&m_EK[4 * 7]); 670| 226| K8.store_le(&m_EK[4 * 8]); 671| 226| K9.store_le(&m_EK[4 * 9]); 672| 226| K10.store_le(&m_EK[4 * 10]); 673| 226| K11.store_le(&m_EK[4 * 11]); 674| 226| K12.store_le(&m_EK[4 * 12]); 675| 226| K13.store_le(&m_EK[4 * 13]); 676| 226| K14.store_le(&m_EK[4 * 14]); 677| | 678| 226| K14.store_le(&m_DK[4 * 0]); 679| 226| aesimc(K13).store_le(&m_DK[4 * 1]); 680| 226| aesimc(K12).store_le(&m_DK[4 * 2]); 681| 226| aesimc(K11).store_le(&m_DK[4 * 3]); 682| 226| aesimc(K10).store_le(&m_DK[4 * 4]); 683| 226| aesimc(K9).store_le(&m_DK[4 * 5]); 684| 226| aesimc(K8).store_le(&m_DK[4 * 6]); 685| 226| aesimc(K7).store_le(&m_DK[4 * 7]); 686| 226| aesimc(K6).store_le(&m_DK[4 * 8]); 687| 226| aesimc(K5).store_le(&m_DK[4 * 9]); 688| 226| aesimc(K4).store_le(&m_DK[4 * 10]); 689| 226| aesimc(K3).store_le(&m_DK[4 * 11]); 690| 226| aesimc(K2).store_le(&m_DK[4 * 12]); 691| 226| aesimc(K1).store_le(&m_DK[4 * 13]); 692| 226| K0.store_le(&m_DK[4 * 14]); 693| 226|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_16keyxorENS_9SIMD_4x32ERS1_S2_S2_S2_: 69| 3.75k| SIMD_4x32 K, SIMD_4x32& B0, SIMD_4x32& B1, SIMD_4x32& B2, SIMD_4x32& B3) { 70| 3.75k| B0 ^= K; 71| 3.75k| B1 ^= K; 72| 3.75k| B2 ^= K; 73| 3.75k| B3 ^= K; 74| 3.75k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_16aesencENS_9SIMD_4x32ERS1_S2_S2_S2_: 81| 23.5k| SIMD_4x32 K, SIMD_4x32& B0, SIMD_4x32& B1, SIMD_4x32& B2, SIMD_4x32& B3) { 82| 23.5k| B0 = SIMD_4x32(_mm_aesenc_si128(B0.raw(), K.raw())); 83| 23.5k| B1 = SIMD_4x32(_mm_aesenc_si128(B1.raw(), K.raw())); 84| 23.5k| B2 = SIMD_4x32(_mm_aesenc_si128(B2.raw(), K.raw())); 85| 23.5k| B3 = SIMD_4x32(_mm_aesenc_si128(B3.raw(), K.raw())); 86| 23.5k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_110aesenclastENS_9SIMD_4x32ERS1_S2_S2_S2_: 93| 1.98k| SIMD_4x32 K, SIMD_4x32& B0, SIMD_4x32& B1, SIMD_4x32& B2, SIMD_4x32& B3) { 94| 1.98k| B0 = SIMD_4x32(_mm_aesenclast_si128(B0.raw(), K.raw())); 95| 1.98k| B1 = SIMD_4x32(_mm_aesenclast_si128(B1.raw(), K.raw())); 96| 1.98k| B2 = SIMD_4x32(_mm_aesenclast_si128(B2.raw(), K.raw())); 97| 1.98k| B3 = SIMD_4x32(_mm_aesenclast_si128(B3.raw(), K.raw())); 98| 1.98k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_16aesencENS_9SIMD_4x32ERS1_: 76| 32.4k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_AESNI void aesenc(SIMD_4x32 K, SIMD_4x32& B) { 77| 32.4k| B = SIMD_4x32(_mm_aesenc_si128(B.raw(), K.raw())); 78| 32.4k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_110aesenclastENS_9SIMD_4x32ERS1_: 88| 3.33k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_AESNI void aesenclast(SIMD_4x32 K, SIMD_4x32& B) { 89| 3.33k| B = SIMD_4x32(_mm_aesenclast_si128(B.raw(), K.raw())); 90| 3.33k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_16aesdecENS_9SIMD_4x32ERS1_S2_S2_S2_: 105| 20.7k| SIMD_4x32 K, SIMD_4x32& B0, SIMD_4x32& B1, SIMD_4x32& B2, SIMD_4x32& B3) { 106| 20.7k| B0 = SIMD_4x32(_mm_aesdec_si128(B0.raw(), K.raw())); 107| 20.7k| B1 = SIMD_4x32(_mm_aesdec_si128(B1.raw(), K.raw())); 108| 20.7k| B2 = SIMD_4x32(_mm_aesdec_si128(B2.raw(), K.raw())); 109| 20.7k| B3 = SIMD_4x32(_mm_aesdec_si128(B3.raw(), K.raw())); 110| 20.7k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_110aesdeclastENS_9SIMD_4x32ERS1_S2_S2_S2_: 117| 1.76k| SIMD_4x32 K, SIMD_4x32& B0, SIMD_4x32& B1, SIMD_4x32& B2, SIMD_4x32& B3) { 118| 1.76k| B0 = SIMD_4x32(_mm_aesdeclast_si128(B0.raw(), K.raw())); 119| 1.76k| B1 = SIMD_4x32(_mm_aesdeclast_si128(B1.raw(), K.raw())); 120| 1.76k| B2 = SIMD_4x32(_mm_aesdeclast_si128(B2.raw(), K.raw())); 121| 1.76k| B3 = SIMD_4x32(_mm_aesdeclast_si128(B3.raw(), K.raw())); 122| 1.76k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_16aesdecENS_9SIMD_4x32ERS1_: 100| 1.96k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_AESNI void aesdec(SIMD_4x32 K, SIMD_4x32& B) { 101| 1.96k| B = SIMD_4x32(_mm_aesdec_si128(B.raw(), K.raw())); 102| 1.96k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_110aesdeclastENS_9SIMD_4x32ERS1_: 112| 169|BOTAN_FORCE_INLINE BOTAN_FN_ISA_AESNI void aesdeclast(SIMD_4x32 K, SIMD_4x32& B) { 113| 169| B = SIMD_4x32(_mm_aesdeclast_si128(B.raw(), K.raw())); 114| 169|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_16aesimcENS_9SIMD_4x32E: 124| 4.40k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_AESNI SIMD_4x32 aesimc(SIMD_4x32 B) { 125| 4.40k| return SIMD_4x32(_mm_aesimc_si128(B.raw())); 126| 4.40k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_256_key_expansionENS_9SIMD_4x32ES1_: 57| 1.35k|BOTAN_FN_ISA_AESNI SIMD_4x32 aes_256_key_expansion(SIMD_4x32 key, SIMD_4x32 key2) { 58| 1.35k| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key2.raw(), 0x00); 59| 1.35k| key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(2, 2, 2, 2)); 60| | 61| 1.35k| key ^= key.shift_elems_left<1>(); 62| 1.35k| key ^= key.shift_elems_left<1>(); 63| 1.35k| key ^= key.shift_elems_left<1>(); 64| 1.35k| key ^= SIMD_4x32(key_with_rcon); 65| 1.35k| return key; 66| 1.35k|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh1EEENS_9SIMD_4x32ES2_S2_: 22| 389|BOTAN_FN_ISA_AESNI inline SIMD_4x32 aes_128_key_expansion(SIMD_4x32 key, SIMD_4x32 key_getting_rcon) { 23| 389| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon.raw(), RC); 24| | key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 389| key ^= key.shift_elems_left<1>(); 26| 389| key ^= key.shift_elems_left<1>(); 27| 389| key ^= key.shift_elems_left<1>(); 28| 389| key ^= SIMD_4x32(key_with_rcon); 29| 389| return key; 30| 389|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh2EEENS_9SIMD_4x32ES2_S2_: 22| 389|BOTAN_FN_ISA_AESNI inline SIMD_4x32 aes_128_key_expansion(SIMD_4x32 key, SIMD_4x32 key_getting_rcon) { 23| 389| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon.raw(), RC); 24| | key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 389| key ^= key.shift_elems_left<1>(); 26| 389| key ^= key.shift_elems_left<1>(); 27| 389| key ^= key.shift_elems_left<1>(); 28| 389| key ^= SIMD_4x32(key_with_rcon); 29| 389| return key; 30| 389|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh4EEENS_9SIMD_4x32ES2_S2_: 22| 389|BOTAN_FN_ISA_AESNI inline SIMD_4x32 aes_128_key_expansion(SIMD_4x32 key, SIMD_4x32 key_getting_rcon) { 23| 389| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon.raw(), RC); 24| | key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 389| key ^= key.shift_elems_left<1>(); 26| 389| key ^= key.shift_elems_left<1>(); 27| 389| key ^= key.shift_elems_left<1>(); 28| 389| key ^= SIMD_4x32(key_with_rcon); 29| 389| return key; 30| 389|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh8EEENS_9SIMD_4x32ES2_S2_: 22| 389|BOTAN_FN_ISA_AESNI inline SIMD_4x32 aes_128_key_expansion(SIMD_4x32 key, SIMD_4x32 key_getting_rcon) { 23| 389| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon.raw(), RC); 24| | key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 389| key ^= key.shift_elems_left<1>(); 26| 389| key ^= key.shift_elems_left<1>(); 27| 389| key ^= key.shift_elems_left<1>(); 28| 389| key ^= SIMD_4x32(key_with_rcon); 29| 389| return key; 30| 389|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh16EEENS_9SIMD_4x32ES2_S2_: 22| 389|BOTAN_FN_ISA_AESNI inline SIMD_4x32 aes_128_key_expansion(SIMD_4x32 key, SIMD_4x32 key_getting_rcon) { 23| 389| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon.raw(), RC); 24| | key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 389| key ^= key.shift_elems_left<1>(); 26| 389| key ^= key.shift_elems_left<1>(); 27| 389| key ^= key.shift_elems_left<1>(); 28| 389| key ^= SIMD_4x32(key_with_rcon); 29| 389| return key; 30| 389|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh32EEENS_9SIMD_4x32ES2_S2_: 22| 389|BOTAN_FN_ISA_AESNI inline SIMD_4x32 aes_128_key_expansion(SIMD_4x32 key, SIMD_4x32 key_getting_rcon) { 23| 389| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon.raw(), RC); 24| | key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 389| key ^= key.shift_elems_left<1>(); 26| 389| key ^= key.shift_elems_left<1>(); 27| 389| key ^= key.shift_elems_left<1>(); 28| 389| key ^= SIMD_4x32(key_with_rcon); 29| 389| return key; 30| 389|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh64EEENS_9SIMD_4x32ES2_S2_: 22| 389|BOTAN_FN_ISA_AESNI inline SIMD_4x32 aes_128_key_expansion(SIMD_4x32 key, SIMD_4x32 key_getting_rcon) { 23| 389| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon.raw(), RC); 24| | key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 389| key ^= key.shift_elems_left<1>(); 26| 389| key ^= key.shift_elems_left<1>(); 27| 389| key ^= key.shift_elems_left<1>(); 28| 389| key ^= SIMD_4x32(key_with_rcon); 29| 389| return key; 30| 389|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh128EEENS_9SIMD_4x32ES2_S2_: 22| 163|BOTAN_FN_ISA_AESNI inline SIMD_4x32 aes_128_key_expansion(SIMD_4x32 key, SIMD_4x32 key_getting_rcon) { 23| 163| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon.raw(), RC); 24| | key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 163| key ^= key.shift_elems_left<1>(); 26| 163| key ^= key.shift_elems_left<1>(); 27| 163| key ^= key.shift_elems_left<1>(); 28| 163| key ^= SIMD_4x32(key_with_rcon); 29| 163| return key; 30| 163|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh27EEENS_9SIMD_4x32ES2_S2_: 22| 163|BOTAN_FN_ISA_AESNI inline SIMD_4x32 aes_128_key_expansion(SIMD_4x32 key, SIMD_4x32 key_getting_rcon) { 23| 163| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon.raw(), RC); 24| | key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 163| key ^= key.shift_elems_left<1>(); 26| 163| key ^= key.shift_elems_left<1>(); 27| 163| key ^= key.shift_elems_left<1>(); 28| 163| key ^= SIMD_4x32(key_with_rcon); 29| 163| return key; 30| 163|} aes_ni.cpp:_ZN5Botan12_GLOBAL__N_121aes_128_key_expansionILh54EEENS_9SIMD_4x32ES2_S2_: 22| 163|BOTAN_FN_ISA_AESNI inline SIMD_4x32 aes_128_key_expansion(SIMD_4x32 key, SIMD_4x32 key_getting_rcon) { 23| 163| __m128i key_with_rcon = _mm_aeskeygenassist_si128(key_getting_rcon.raw(), RC); 24| | key_with_rcon = _mm_shuffle_epi32(key_with_rcon, _MM_SHUFFLE(3, 3, 3, 3)); 25| 163| key ^= key.shift_elems_left<1>(); 26| 163| key ^= key.shift_elems_left<1>(); 27| 163| key ^= key.shift_elems_left<1>(); 28| 163| key ^= SIMD_4x32(key_with_rcon); 29| 163| return key; 30| 163|} _ZN5Botan11BlockCipher6createENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 96| 464|std::unique_ptr BlockCipher::create(std::string_view algo, std::string_view provider) { 97| |#if defined(BOTAN_HAS_COMMONCRYPTO) 98| | if(provider.empty() || provider == "commoncrypto") { 99| | if(auto bc = make_commoncrypto_block_cipher(algo)) 100| | return bc; 101| | 102| | if(!provider.empty()) 103| | return nullptr; 104| | } 105| |#endif 106| | 107| | // TODO: CryptoAPI 108| | // TODO: /dev/crypto 109| | 110| | // Only base providers from here on out 111| 464| if(provider.empty() == false && provider != "base") { ------------------ | Branch (111:7): [True: 0, False: 464] | Branch (111:36): [True: 0, False: 0] ------------------ 112| 0| return nullptr; 113| 0| } 114| | 115| 464|#if defined(BOTAN_HAS_AES) 116| 464| if(algo == "AES-128") { ------------------ | Branch (116:7): [True: 163, False: 301] ------------------ 117| 163| return std::make_unique(); 118| 163| } 119| | 120| 301| if(algo == "AES-192") { ------------------ | Branch (120:7): [True: 0, False: 301] ------------------ 121| 0| return std::make_unique(); 122| 0| } 123| | 124| 301| if(algo == "AES-256") { ------------------ | Branch (124:7): [True: 226, False: 75] ------------------ 125| 226| return std::make_unique(); 126| 226| } 127| 75|#endif 128| | 129| 75|#if defined(BOTAN_HAS_ARIA) 130| 75| if(algo == "ARIA-128") { ------------------ | Branch (130:7): [True: 0, False: 75] ------------------ 131| 0| return std::make_unique(); 132| 0| } 133| | 134| 75| if(algo == "ARIA-192") { ------------------ | Branch (134:7): [True: 0, False: 75] ------------------ 135| 0| return std::make_unique(); 136| 0| } 137| | 138| 75| if(algo == "ARIA-256") { ------------------ | Branch (138:7): [True: 0, False: 75] ------------------ 139| 0| return std::make_unique(); 140| 0| } 141| 75|#endif 142| | 143| 75|#if defined(BOTAN_HAS_SERPENT) 144| 75| if(algo == "Serpent") { ------------------ | Branch (144:7): [True: 0, False: 75] ------------------ 145| 0| return std::make_unique(); 146| 0| } 147| 75|#endif 148| | 149| 75|#if defined(BOTAN_HAS_SHACAL2) 150| 75| if(algo == "SHACAL2") { ------------------ | Branch (150:7): [True: 0, False: 75] ------------------ 151| 0| return std::make_unique(); 152| 0| } 153| 75|#endif 154| | 155| 75|#if defined(BOTAN_HAS_TWOFISH) 156| 75| if(algo == "Twofish") { ------------------ | Branch (156:7): [True: 0, False: 75] ------------------ 157| 0| return std::make_unique(); 158| 0| } 159| 75|#endif 160| | 161| 75|#if defined(BOTAN_HAS_THREEFISH_512) 162| 75| if(algo == "Threefish-512") { ------------------ | Branch (162:7): [True: 0, False: 75] ------------------ 163| 0| return std::make_unique(); 164| 0| } 165| 75|#endif 166| | 167| 75|#if defined(BOTAN_HAS_BLOWFISH) 168| 75| if(algo == "Blowfish") { ------------------ | Branch (168:7): [True: 0, False: 75] ------------------ 169| 0| return std::make_unique(); 170| 0| } 171| 75|#endif 172| | 173| 75|#if defined(BOTAN_HAS_CAMELLIA) 174| 75| if(algo == "Camellia-128") { ------------------ | Branch (174:7): [True: 0, False: 75] ------------------ 175| 0| return std::make_unique(); 176| 0| } 177| | 178| 75| if(algo == "Camellia-192") { ------------------ | Branch (178:7): [True: 0, False: 75] ------------------ 179| 0| return std::make_unique(); 180| 0| } 181| | 182| 75| if(algo == "Camellia-256") { ------------------ | Branch (182:7): [True: 0, False: 75] ------------------ 183| 0| return std::make_unique(); 184| 0| } 185| 75|#endif 186| | 187| 75|#if defined(BOTAN_HAS_DES) 188| 75| if(algo == "DES") { ------------------ | Branch (188:7): [True: 0, False: 75] ------------------ 189| 0| return std::make_unique(); 190| 0| } 191| | 192| 75| if(algo == "TripleDES" || algo == "3DES" || algo == "DES-EDE") { ------------------ | Branch (192:7): [True: 0, False: 75] | Branch (192:30): [True: 75, False: 0] | Branch (192:48): [True: 0, False: 0] ------------------ 193| 75| return std::make_unique(); 194| 75| } 195| 0|#endif 196| | 197| 0|#if defined(BOTAN_HAS_NOEKEON) 198| 0| if(algo == "Noekeon") { ------------------ | Branch (198:7): [True: 0, False: 0] ------------------ 199| 0| return std::make_unique(); 200| 0| } 201| 0|#endif 202| | 203| 0|#if defined(BOTAN_HAS_CAST_128) 204| 0| if(algo == "CAST-128" || algo == "CAST5") { ------------------ | Branch (204:7): [True: 0, False: 0] | Branch (204:29): [True: 0, False: 0] ------------------ 205| 0| return std::make_unique(); 206| 0| } 207| 0|#endif 208| | 209| 0|#if defined(BOTAN_HAS_IDEA) 210| 0| if(algo == "IDEA") { ------------------ | Branch (210:7): [True: 0, False: 0] ------------------ 211| 0| return std::make_unique(); 212| 0| } 213| 0|#endif 214| | 215| 0|#if defined(BOTAN_HAS_KUZNYECHIK) 216| 0| if(algo == "Kuznyechik") { ------------------ | Branch (216:7): [True: 0, False: 0] ------------------ 217| 0| return std::make_unique(); 218| 0| } 219| 0|#endif 220| | 221| 0|#if defined(BOTAN_HAS_SEED) 222| 0| if(algo == "SEED") { ------------------ | Branch (222:7): [True: 0, False: 0] ------------------ 223| 0| return std::make_unique(); 224| 0| } 225| 0|#endif 226| | 227| 0|#if defined(BOTAN_HAS_SM4) 228| 0| if(algo == "SM4") { ------------------ | Branch (228:7): [True: 0, False: 0] ------------------ 229| 0| return std::make_unique(); 230| 0| } 231| 0|#endif 232| | 233| 0| const SCAN_Name req(algo); 234| | 235| 0|#if defined(BOTAN_HAS_GOST_28147_89) 236| 0| if(req.algo_name() == "GOST-28147-89") { ------------------ | Branch (236:7): [True: 0, False: 0] ------------------ 237| 0| return std::make_unique(req.arg(0, "R3411_94_TestParam")); 238| 0| } 239| 0|#endif 240| | 241| 0|#if defined(BOTAN_HAS_CASCADE) 242| 0| if(req.algo_name() == "Cascade" && req.arg_count() == 2) { ------------------ | Branch (242:7): [True: 0, False: 0] | Branch (242:39): [True: 0, False: 0] ------------------ 243| 0| auto c1 = BlockCipher::create(req.arg(0)); 244| 0| auto c2 = BlockCipher::create(req.arg(1)); 245| | 246| 0| if(c1 && c2) { ------------------ | Branch (246:10): [True: 0, False: 0] | Branch (246:16): [True: 0, False: 0] ------------------ 247| 0| return std::make_unique(std::move(c1), std::move(c2)); 248| 0| } 249| 0| } 250| 0|#endif 251| | 252| 0|#if defined(BOTAN_HAS_LION) 253| 0| if(req.algo_name() == "Lion" && req.arg_count_between(2, 3)) { ------------------ | Branch (253:7): [True: 0, False: 0] | Branch (253:36): [True: 0, False: 0] ------------------ 254| 0| auto hash = HashFunction::create(req.arg(0)); 255| 0| auto stream = StreamCipher::create(req.arg(1)); 256| | 257| 0| if(hash && stream) { ------------------ | Branch (257:10): [True: 0, False: 0] | Branch (257:18): [True: 0, False: 0] ------------------ 258| 0| const size_t block_size = req.arg_as_integer(2, 1024); 259| 0| return std::make_unique(std::move(hash), std::move(stream), block_size); 260| 0| } 261| 0| } 262| 0|#endif 263| | 264| 0| BOTAN_UNUSED(req); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 265| 0| BOTAN_UNUSED(provider); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 266| | 267| 0| return nullptr; 268| 0|} _ZN5Botan11BlockCipher15create_or_throwENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 271| 254|std::unique_ptr BlockCipher::create_or_throw(std::string_view algo, std::string_view provider) { 272| 254| if(auto bc = BlockCipher::create(algo, provider)) { ------------------ | Branch (272:12): [True: 254, False: 0] ------------------ 273| 254| return bc; 274| 254| } 275| 0| throw Lookup_Error("Block cipher", algo, provider); 276| 254|} _ZNK5Botan9TripleDES9encrypt_nEPKhPhm: 769| 144|void TripleDES::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 770| 144| assert_key_material_set(); 771| | 772| 144| const uint32_t* k1 = m_round_key.data(); 773| 144| const uint32_t* k2 = k1 + 16 * 48; 774| 144| const uint32_t* k3 = k2 + 16 * 48; 775| | 776| 144| uint32_t B[64]; 777| | 778| 144| while(blocks >= 32) { ------------------ | Branch (778:10): [True: 0, False: 144] ------------------ 779| 0| transpose_in(B, in, 32); 780| 0| des_encrypt(&B[0], &B[32], k1); 781| 0| des_decrypt(&B[32], &B[0], k2); 782| 0| des_encrypt(&B[0], &B[32], k3); 783| 0| transpose_out(out, B, 32); 784| | 785| 0| in += 32 * BLOCK_SIZE; 786| 0| out += 32 * BLOCK_SIZE; 787| 0| blocks -= 32; 788| 0| } 789| | 790| 144| if(blocks > 0) { ------------------ | Branch (790:7): [True: 144, False: 0] ------------------ 791| 144| transpose_in(B, in, blocks); 792| 144| des_encrypt(&B[0], &B[32], k1); 793| 144| des_decrypt(&B[32], &B[0], k2); 794| 144| des_encrypt(&B[0], &B[32], k3); 795| 144| transpose_out(out, B, blocks); 796| 144| } 797| 144|} _ZNK5Botan9TripleDES9decrypt_nEPKhPhm: 802| 108|void TripleDES::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const { 803| 108| assert_key_material_set(); 804| | 805| 108| const uint32_t* k1 = m_round_key.data(); 806| 108| const uint32_t* k2 = k1 + 16 * 48; 807| 108| const uint32_t* k3 = k2 + 16 * 48; 808| | 809| 108| uint32_t B[64]; 810| | 811| 426| while(blocks >= 32) { ------------------ | Branch (811:10): [True: 318, False: 108] ------------------ 812| 318| transpose_in(B, in, 32); 813| 318| des_decrypt(&B[0], &B[32], k3); 814| 318| des_encrypt(&B[32], &B[0], k2); 815| 318| des_decrypt(&B[0], &B[32], k1); 816| 318| transpose_out(out, B, 32); 817| | 818| 318| in += 32 * BLOCK_SIZE; 819| 318| out += 32 * BLOCK_SIZE; 820| 318| blocks -= 32; 821| 318| } 822| | 823| 108| if(blocks > 0) { ------------------ | Branch (823:7): [True: 38, False: 70] ------------------ 824| 38| transpose_in(B, in, blocks); 825| 38| des_decrypt(&B[0], &B[32], k3); 826| 38| des_encrypt(&B[32], &B[0], k2); 827| 38| des_decrypt(&B[0], &B[32], k1); 828| 38| transpose_out(out, B, blocks); 829| 38| } 830| 108|} _ZNK5Botan9TripleDES19has_keying_materialEv: 832| 252|bool TripleDES::has_keying_material() const { 833| 252| return !m_round_key.empty(); 834| 252|} _ZN5Botan9TripleDES12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 839| 75|void TripleDES::key_schedule(std::span key) { 840| 75| m_round_key.resize(3 * 16 * 48); 841| 75| des_key_schedule(m_round_key.data(), key.first(8).data()); 842| 75| des_key_schedule(m_round_key.data() + 16 * 48, key.subspan(8, 8).data()); 843| | 844| 75| if(key.size() == 24) { ------------------ | Branch (844:7): [True: 75, False: 0] ------------------ 845| 75| des_key_schedule(m_round_key.data() + 2 * 16 * 48, key.last(8).data()); 846| 75| } else { 847| 0| copy_mem(m_round_key.data() + 2 * 16 * 48, m_round_key.data(), 16 * 48); 848| 0| } 849| 75|} des.cpp:_ZN5Botan12_GLOBAL__N_112transpose_inEPjPKhm: 537| 500|void transpose_in(uint32_t B[64], const uint8_t in[], size_t n_blocks) { 538| 500| uint64_t M[32] = {}; 539| | 540| 500| load_be(M, in, n_blocks); 541| | 542| 500| des_transpose(M); 543| | 544| | // clang-format off 545| 500| static constexpr uint8_t IP[64] = { 546| 500| 57, 49, 41, 33, 25, 17, 9, 1, 547| 500| 59, 51, 43, 35, 27, 19, 11, 3, 548| 500| 61, 53, 45, 37, 29, 21, 13, 5, 549| 500| 63, 55, 47, 39, 31, 23, 15, 7, 550| 500| 56, 48, 40, 32, 24, 16, 8, 0, 551| 500| 58, 50, 42, 34, 26, 18, 10, 2, 552| 500| 60, 52, 44, 36, 28, 20, 12, 4, 553| 500| 62, 54, 46, 38, 30, 22, 14, 6 554| 500| }; 555| | // clang-format on 556| | 557| 32.5k| for(size_t i = 0; i < 64; ++i) { ------------------ | Branch (557:22): [True: 32.0k, False: 500] ------------------ 558| 32.0k| const uint8_t src = IP[i]; 559| 32.0k| if(src < 32) { ------------------ | Branch (559:10): [True: 16.0k, False: 16.0k] ------------------ 560| 16.0k| B[i] = static_cast(M[31 - src] >> 32); 561| 16.0k| } else { 562| 16.0k| B[i] = static_cast(M[63 - src]); 563| 16.0k| } 564| 32.0k| } 565| 500|} des.cpp:_ZN5Botan12_GLOBAL__N_113des_transposeEPm: 509| 1.00k|void des_transpose(uint64_t M[32]) { 510| 17.0k| for(size_t i = 0; i != 16; ++i) { ------------------ | Branch (510:22): [True: 16.0k, False: 1.00k] ------------------ 511| 16.0k| swap_bits(M[i], M[i + 16], 0x0000FFFF0000FFFF, 16); 512| 16.0k| } 513| | 514| 3.00k| for(size_t i = 0; i != 32; i += 16) { ------------------ | Branch (514:22): [True: 2.00k, False: 1.00k] ------------------ 515| 18.0k| for(size_t j = 0; j != 8; ++j) { ------------------ | Branch (515:25): [True: 16.0k, False: 2.00k] ------------------ 516| 16.0k| swap_bits(M[i + j], M[i + j + 8], 0x00FF00FF00FF00FF, 8); 517| 16.0k| } 518| 2.00k| } 519| | 520| 5.00k| for(size_t i = 0; i != 32; i += 8) { ------------------ | Branch (520:22): [True: 4.00k, False: 1.00k] ------------------ 521| 20.0k| for(size_t j = 0; j != 4; ++j) { ------------------ | Branch (521:25): [True: 16.0k, False: 4.00k] ------------------ 522| 16.0k| swap_bits(M[i + j + 0], M[i + j + 4], 0x0F0F0F0F0F0F0F0F, 4); 523| 16.0k| } 524| 4.00k| } 525| | 526| 9.00k| for(size_t i = 0; i != 32; i += 4) { ------------------ | Branch (526:22): [True: 8.00k, False: 1.00k] ------------------ 527| 24.0k| for(size_t j = 0; j != 2; ++j) { ------------------ | Branch (527:25): [True: 16.0k, False: 8.00k] ------------------ 528| 16.0k| swap_bits(M[i + j + 0], M[i + j + 2], 0x3333333333333333, 2); 529| 16.0k| } 530| 8.00k| } 531| | 532| 17.0k| for(size_t i = 0; i != 32; i += 2) { ------------------ | Branch (532:22): [True: 16.0k, False: 1.00k] ------------------ 533| 16.0k| swap_bits(M[i], M[i + 1], 0x5555555555555555, 1); 534| 16.0k| } 535| 1.00k|} des.cpp:_ZN5Botan12_GLOBAL__N_111des_encryptEPjS1_PKj: 638| 644|void des_encrypt(uint32_t L[32], uint32_t R[32], const uint32_t round_key[]) { 639| 5.79k| for(size_t round = 0; round < 16; round += 2) { ------------------ | Branch (639:26): [True: 5.15k, False: 644] ------------------ 640| 5.15k| des_round(L, R, &round_key[round * 48]); 641| 5.15k| des_round(R, L, &round_key[(round + 1) * 48]); 642| 5.15k| } 643| 644|} des.cpp:_ZN5Botan12_GLOBAL__N_19des_roundEPjPKjS3_: 602| 24.0k|void des_round(uint32_t L[32], const uint32_t R[32], const uint32_t RK[48]) { 603| | // clang-format off 604| 24.0k| SBox1(R[31] ^ RK[ 0], R[ 0] ^ RK[ 1], R[ 1] ^ RK[ 2], 605| 24.0k| R[ 2] ^ RK[ 3], R[ 3] ^ RK[ 4], R[ 4] ^ RK[ 5], 606| 24.0k| L[ 8], L[16], L[22], L[30]); 607| | 608| 24.0k| SBox2(R[ 3] ^ RK[ 6], R[ 4] ^ RK[ 7], R[ 5] ^ RK[ 8], 609| 24.0k| R[ 6] ^ RK[ 9], R[ 7] ^ RK[10], R[ 8] ^ RK[11], 610| 24.0k| L[12], L[27], L[ 1], L[17]); 611| | 612| 24.0k| SBox3(R[ 7] ^ RK[12], R[ 8] ^ RK[13], R[ 9] ^ RK[14], 613| 24.0k| R[10] ^ RK[15], R[11] ^ RK[16], R[12] ^ RK[17], 614| 24.0k| L[23], L[15], L[29], L[ 5]); 615| | 616| 24.0k| SBox4(R[11] ^ RK[18], R[12] ^ RK[19], R[13] ^ RK[20], 617| 24.0k| R[14] ^ RK[21], R[15] ^ RK[22], R[16] ^ RK[23], 618| 24.0k| L[25], L[19], L[ 9], L[ 0]); 619| | 620| 24.0k| SBox5(R[15] ^ RK[24], R[16] ^ RK[25], R[17] ^ RK[26], 621| 24.0k| R[18] ^ RK[27], R[19] ^ RK[28], R[20] ^ RK[29], 622| 24.0k| L[ 7], L[13], L[24], L[ 2]); 623| | 624| 24.0k| SBox6(R[19] ^ RK[30], R[20] ^ RK[31], R[21] ^ RK[32], 625| 24.0k| R[22] ^ RK[33], R[23] ^ RK[34], R[24] ^ RK[35], 626| 24.0k| L[ 3], L[28], L[10], L[18]); 627| | 628| 24.0k| SBox7(R[23] ^ RK[36], R[24] ^ RK[37], R[25] ^ RK[38], 629| 24.0k| R[26] ^ RK[39], R[27] ^ RK[40], R[28] ^ RK[41], 630| 24.0k| L[31], L[11], L[21], L[ 6]); 631| | 632| 24.0k| SBox8(R[27] ^ RK[42], R[28] ^ RK[43], R[29] ^ RK[44], 633| 24.0k| R[30] ^ RK[45], R[31] ^ RK[46], R[ 0] ^ RK[47], 634| 24.0k| L[ 4], L[26], L[14], L[20]); 635| | // clang-format on 636| 24.0k|} des.cpp:_ZN5Botan12_GLOBAL__N_15SBox1ITkNS0_9BitsliceTEjEEvT_S2_S2_S2_S2_S2_RS2_S3_S3_S3_: 38| 24.0k|BOTAN_FORCE_INLINE void SBox1(T a1, T a2, T a3, T a4, T a5, T a6, T& out1, T& out2, T& out3, T& out4) { 39| 24.0k| const T x1 = a1 & ~a5; 40| 24.0k| const T x2 = a4 ^ x1; 41| 24.0k| const T x3 = a3 | a6; 42| 24.0k| const T x4 = a1 ^ a3; 43| 24.0k| const T x5 = x3 & x4; 44| 24.0k| const T x6 = a4 ^ x5; 45| 24.0k| const T x7 = x6 & ~x2; 46| | 47| 24.0k| const T x8 = a5 ^ a6; 48| 24.0k| const T x9 = a3 ^ x8; 49| 24.0k| const T x10 = x2 & ~x9; 50| 24.0k| const T x11 = a6 | x5; 51| 24.0k| const T x12 = x10 ^ x11; 52| 24.0k| const T x13 = x12 & ~x7; 53| | 54| 24.0k| const T x14 = a1 | a6; 55| 24.0k| const T x15 = x12 | x14; 56| 24.0k| const T x16 = a5 & ~x6; 57| 24.0k| const T x17 = x15 ^ x16; 58| | 59| 24.0k| const T x18 = a4 & ~x14; 60| 24.0k| const T x19 = x16 ^ x18; 61| 24.0k| const T x20 = x8 & ~x4; 62| 24.0k| const T x21 = x19 | x20; 63| | 64| 24.0k| const T x22 = a3 & ~x1; 65| 24.0k| const T x23 = x2 ^ x15; 66| 24.0k| const T x24 = x23 & ~x22; 67| 24.0k| const T x25 = ~x24; 68| 24.0k| const T x26 = x3 & x12; 69| 24.0k| const T x27 = x25 ^ x26; 70| 24.0k| const T x28 = x17 & ~a2; 71| 24.0k| const T x29 = x28 ^ x27; 72| 24.0k| out3 ^= x29; 73| | 74| 24.0k| const T x30 = x8 ^ x24; 75| 24.0k| const T x31 = x16 | x30; 76| 24.0k| const T x32 = x3 ^ x31; 77| 24.0k| const T x33 = a1 ^ x32; 78| 24.0k| const T x34 = x27 ^ x33; 79| 24.0k| const T x35 = x7 | a2; 80| 24.0k| const T x36 = x35 ^ x34; 81| 24.0k| out1 ^= x36; 82| | 83| 24.0k| const T x37 = x2 & ~x21; 84| 24.0k| const T x38 = x30 ^ x37; 85| 24.0k| const T x39 = x16 ^ x32; 86| 24.0k| const T x40 = x34 & ~x39; 87| 24.0k| const T x41 = x38 ^ x40; 88| 24.0k| const T x42 = a2 & ~x13; 89| 24.0k| const T x43 = x42 ^ x41; 90| 24.0k| out2 ^= x43; 91| | 92| 24.0k| const T x44 = x9 ^ x20; 93| 24.0k| const T x45 = x14 ^ x40; 94| 24.0k| const T x46 = x45 & ~x44; 95| 24.0k| const T x47 = x41 ^ x46; 96| 24.0k| const T x48 = x47 | a2; 97| 24.0k| const T x49 = x48 ^ x21; 98| 24.0k| out4 ^= x49; 99| 24.0k|} des.cpp:_ZN5Botan12_GLOBAL__N_15SBox2ITkNS0_9BitsliceTEjEEvT_S2_S2_S2_S2_S2_RS2_S3_S3_S3_: 102| 24.0k|BOTAN_FORCE_INLINE void SBox2(T a1, T a2, T a3, T a4, T a5, T a6, T& out1, T& out2, T& out3, T& out4) { 103| 24.0k| const T x1 = a2 ^ a5; 104| | 105| 24.0k| const T x2 = a1 & ~a6; 106| 24.0k| const T x3 = a5 & ~x2; 107| 24.0k| const T x4 = a2 | x3; 108| | 109| 24.0k| const T x5 = x1 & ~a6; 110| 24.0k| const T x6 = a1 & x1; 111| 24.0k| const T x7 = a5 ^ x6; 112| 24.0k| const T x8 = x7 & ~x5; 113| | 114| 24.0k| const T x9 = a3 & a6; 115| 24.0k| const T x10 = x3 ^ x5; 116| 24.0k| const T x11 = x4 & x10; 117| 24.0k| const T x12 = x11 & ~x9; 118| | 119| 24.0k| const T x13 = a3 & x11; 120| 24.0k| const T x14 = ~a1; 121| 24.0k| const T x15 = x13 ^ x14; 122| 24.0k| const T x16 = a6 ^ x1; 123| 24.0k| const T x17 = x16 & ~x9; 124| 24.0k| const T x18 = x15 ^ x17; 125| 24.0k| const T x19 = a4 & ~x12; 126| 24.0k| const T x20 = x19 ^ x18; 127| 24.0k| out2 ^= x20; 128| | 129| 24.0k| const T x21 = a2 & ~x17; 130| 24.0k| const T x22 = x7 ^ x21; 131| 24.0k| const T x23 = x15 & ~x22; 132| 24.0k| const T x24 = a3 ^ x16; 133| 24.0k| const T x25 = x23 ^ x24; 134| 24.0k| const T x26 = x4 & ~a4; 135| 24.0k| const T x27 = x26 ^ x25; 136| 24.0k| out1 ^= x27; 137| | 138| 24.0k| const T x28 = a2 & ~x9; 139| 24.0k| const T x29 = x24 | x28; 140| 24.0k| const T x30 = x4 ^ x18; 141| 24.0k| const T x31 = x9 | x30; 142| 24.0k| const T x32 = x29 ^ x31; 143| | 144| 24.0k| const T x33 = x11 ^ x18; 145| 24.0k| const T x34 = x25 ^ x33; 146| 24.0k| const T x35 = x31 & x34; 147| 24.0k| const T x36 = x1 & x29; 148| 24.0k| const T x37 = x35 ^ x36; 149| 24.0k| const T x38 = x37 | a4; 150| 24.0k| const T x39 = x38 ^ x32; 151| 24.0k| out3 ^= x39; 152| | 153| 24.0k| const T x40 = x37 & ~x22; 154| 24.0k| const T x41 = x16 | x30; 155| 24.0k| const T x42 = x40 ^ x41; 156| 24.0k| const T x43 = x8 | a4; 157| 24.0k| const T x44 = x43 ^ x42; 158| 24.0k| out4 ^= x44; 159| 24.0k|} des.cpp:_ZN5Botan12_GLOBAL__N_15SBox3ITkNS0_9BitsliceTEjEEvT_S2_S2_S2_S2_S2_RS2_S3_S3_S3_: 162| 24.0k|BOTAN_FORCE_INLINE void SBox3(T a1, T a2, T a3, T a4, T a5, T a6, T& out1, T& out2, T& out3, T& out4) { 163| 24.0k| const T x1 = a1 & ~a2; 164| 24.0k| const T x2 = a3 ^ a6; 165| 24.0k| const T x3 = x1 | x2; 166| 24.0k| const T x4 = a4 ^ a6; 167| 24.0k| const T x5 = x4 & ~a1; 168| 24.0k| const T x6 = x3 ^ x5; 169| | 170| 24.0k| const T x7 = a2 ^ x2; 171| 24.0k| const T x8 = x7 & ~a6; 172| 24.0k| const T x9 = x3 ^ x8; 173| 24.0k| const T x10 = x6 & ~x9; 174| | 175| 24.0k| const T x11 = a6 & x6; 176| 24.0k| const T x12 = a4 | x11; 177| 24.0k| const T x13 = a1 & x12; 178| 24.0k| const T x14 = x7 ^ x13; 179| 24.0k| const T x15 = x6 & ~a5; 180| 24.0k| const T x16 = x15 ^ x14; 181| 24.0k| out4 ^= x16; 182| | 183| 24.0k| const T x17 = x2 & x4; 184| 24.0k| const T x18 = a1 ^ a4; 185| 24.0k| const T x19 = x9 ^ x18; 186| 24.0k| const T x20 = a3 | x19; 187| 24.0k| const T x21 = x20 & ~x17; 188| | 189| 24.0k| const T x22 = x5 | x18; 190| 24.0k| const T x23 = x14 & ~x22; 191| 24.0k| const T x24 = a4 & a6; 192| 24.0k| const T x25 = x24 & ~a2; 193| 24.0k| const T x26 = x23 ^ x25; 194| | 195| 24.0k| const T x27 = x9 & x26; 196| 24.0k| const T x28 = x7 | x24; 197| 24.0k| const T x29 = x28 & ~x27; 198| 24.0k| const T x30 = a1 ^ x29; 199| 24.0k| const T x31 = x21 & a5; 200| 24.0k| const T x32 = x31 ^ x30; 201| 24.0k| out2 ^= x32; 202| | 203| 24.0k| const T x33 = x6 & ~a2; 204| 24.0k| const T x34 = x33 & ~a3; 205| 24.0k| const T x35 = ~x7; 206| 24.0k| const T x36 = x22 ^ x35; 207| 24.0k| const T x37 = x34 ^ x36; 208| 24.0k| const T x38 = a5 & ~x10; 209| 24.0k| const T x39 = x38 ^ x37; 210| 24.0k| out1 ^= x39; 211| | 212| 24.0k| const T x40 = x34 | x36; 213| 24.0k| const T x41 = x5 | x33; 214| 24.0k| const T x42 = x40 ^ x41; 215| 24.0k| const T x43 = a4 & ~x6; 216| 24.0k| const T x44 = x42 | x43; 217| 24.0k| const T x45 = a5 & ~x26; 218| 24.0k| const T x46 = x45 ^ x44; 219| 24.0k| out3 ^= x46; 220| 24.0k|} des.cpp:_ZN5Botan12_GLOBAL__N_15SBox4ITkNS0_9BitsliceTEjEEvT_S2_S2_S2_S2_S2_RS2_S3_S3_S3_: 223| 24.0k|BOTAN_FORCE_INLINE void SBox4(T a1, T a2, T a3, T a4, T a5, T a6, T& out1, T& out2, T& out3, T& out4) { 224| 24.0k| const T x1 = a1 ^ a3; 225| 24.0k| const T x2 = a3 ^ a5; 226| 24.0k| const T x3 = a2 | a4; 227| 24.0k| const T x4 = a5 ^ x3; 228| 24.0k| const T x5 = x2 & ~x4; 229| 24.0k| const T x6 = x2 & ~a2; 230| 24.0k| const T x7 = a4 ^ x6; 231| 24.0k| const T x8 = x1 | x7; 232| 24.0k| const T x9 = x8 & ~x5; 233| 24.0k| const T x10 = a2 ^ x9; 234| | 235| 24.0k| const T x11 = x7 & x10; 236| 24.0k| const T x12 = x2 & ~x11; 237| 24.0k| const T x13 = x1 ^ x10; 238| 24.0k| const T x14 = x13 & ~x12; 239| 24.0k| const T x15 = x5 ^ x14; 240| | 241| 24.0k| const T x16 = a2 ^ a4; 242| 24.0k| const T x17 = a5 | x6; 243| 24.0k| const T x18 = x13 ^ x17; 244| 24.0k| const T x19 = x18 & ~x16; 245| 24.0k| const T x20 = x9 ^ x19; 246| 24.0k| const T x21 = a6 & ~x15; 247| 24.0k| const T x22 = x21 ^ x20; 248| 24.0k| out1 ^= x22; 249| | 250| 24.0k| const T x23 = ~x20; 251| 24.0k| const T x24 = x15 & ~a6; 252| 24.0k| const T x25 = x24 ^ x23; 253| 24.0k| out2 ^= x25; 254| | 255| 24.0k| const T x26 = x15 ^ x23; 256| 24.0k| const T x27 = x26 & ~x16; 257| 24.0k| const T x28 = x11 | x27; 258| 24.0k| const T x29 = x18 ^ x28; 259| 24.0k| const T x30 = x10 | a6; 260| 24.0k| const T x31 = x30 ^ x29; 261| 24.0k| out3 ^= x31; 262| | 263| 24.0k| const T x32 = a6 & x10; 264| 24.0k| const T x33 = x32 ^ x29; 265| 24.0k| out4 ^= x33; 266| 24.0k|} des.cpp:_ZN5Botan12_GLOBAL__N_15SBox5ITkNS0_9BitsliceTEjEEvT_S2_S2_S2_S2_S2_RS2_S3_S3_S3_: 269| 24.0k|BOTAN_FORCE_INLINE void SBox5(T a1, T a2, T a3, T a4, T a5, T a6, T& out1, T& out2, T& out3, T& out4) { 270| 24.0k| const T x1 = a1 | a3; 271| 24.0k| const T x2 = x1 & ~a6; 272| 24.0k| const T x3 = a1 ^ x2; 273| 24.0k| const T x4 = a3 ^ x3; 274| 24.0k| const T x5 = a4 | x4; 275| | 276| 24.0k| const T x6 = x2 & ~a4; 277| 24.0k| const T x7 = a3 ^ x6; 278| 24.0k| const T x8 = a5 & x7; 279| 24.0k| const T x9 = a1 | x4; 280| 24.0k| const T x10 = x8 ^ x9; 281| 24.0k| const T x11 = a4 ^ x10; 282| | 283| 24.0k| const T x12 = a6 ^ x11; 284| 24.0k| const T x13 = x3 | x12; 285| 24.0k| const T x14 = a5 & x13; 286| 24.0k| const T x15 = x3 ^ x14; 287| 24.0k| const T x16 = a4 & x9; 288| 24.0k| const T x17 = x15 ^ x16; 289| | 290| 24.0k| const T x18 = x13 & ~a1; 291| 24.0k| const T x19 = x7 ^ x18; 292| 24.0k| const T x20 = a5 ^ x5; 293| 24.0k| const T x21 = x20 & ~x19; 294| 24.0k| const T x22 = ~x21; 295| 24.0k| const T x23 = x22 & ~a2; 296| 24.0k| const T x24 = x23 ^ x11; 297| 24.0k| out3 ^= x24; 298| | 299| 24.0k| const T x25 = x7 & ~x14; 300| 24.0k| const T x26 = x18 ^ x20; 301| 24.0k| const T x27 = x17 | x26; 302| 24.0k| const T x28 = x27 & ~x25; 303| 24.0k| const T x29 = x5 & ~x28; 304| | 305| 24.0k| const T x30 = x12 & x28; 306| 24.0k| const T x31 = x20 ^ x30; 307| 24.0k| const T x32 = x7 & x9; 308| 24.0k| const T x33 = x31 | x32; 309| 24.0k| const T x34 = x14 ^ x33; 310| 24.0k| const T x35 = x34 & a2; 311| 24.0k| const T x36 = x35 ^ x17; 312| 24.0k| out4 ^= x36; 313| | 314| 24.0k| const T x37 = x1 ^ x28; 315| 24.0k| const T x38 = a1 ^ x37; 316| 24.0k| const T x39 = a4 & x31; 317| 24.0k| const T x40 = x38 ^ x39; 318| 24.0k| const T x41 = x29 | a2; 319| 24.0k| const T x42 = x41 ^ x40; 320| 24.0k| out1 ^= x42; 321| | 322| 24.0k| const T x43 = x5 ^ x7; 323| 24.0k| const T x44 = x43 & ~x40; 324| 24.0k| const T x45 = x3 ^ x31; 325| 24.0k| const T x46 = x44 ^ x45; 326| 24.0k| const T x47 = x5 & a2; 327| 24.0k| const T x48 = x47 ^ x46; 328| 24.0k| out2 ^= x48; 329| 24.0k|} des.cpp:_ZN5Botan12_GLOBAL__N_15SBox6ITkNS0_9BitsliceTEjEEvT_S2_S2_S2_S2_S2_RS2_S3_S3_S3_: 332| 24.0k|BOTAN_FORCE_INLINE void SBox6(T a1, T a2, T a3, T a4, T a5, T a6, T& out1, T& out2, T& out3, T& out4) { 333| 24.0k| const T x1 = a2 ^ a5; 334| | 335| 24.0k| const T x2 = a2 | a6; 336| 24.0k| const T x3 = a1 & x2; 337| 24.0k| const T x4 = x1 ^ x3; 338| 24.0k| const T x5 = a6 ^ x4; 339| 24.0k| const T x6 = a5 & ~x5; 340| | 341| 24.0k| const T x7 = a1 & x5; 342| 24.0k| const T x8 = a2 ^ x7; 343| 24.0k| const T x9 = a1 ^ a3; 344| 24.0k| const T x10 = x8 | x9; 345| 24.0k| const T x11 = x4 ^ x10; 346| | 347| 24.0k| const T x12 = a3 & x11; 348| 24.0k| const T x13 = x12 & ~a6; 349| 24.0k| const T x14 = x6 | x8; 350| 24.0k| const T x15 = x13 ^ x14; 351| 24.0k| const T x16 = x15 & a4; 352| 24.0k| const T x17 = x16 ^ x11; 353| 24.0k| out4 ^= x17; 354| | 355| 24.0k| const T x18 = a2 ^ x10; 356| 24.0k| const T x19 = a6 & ~x18; 357| 24.0k| const T x20 = a3 ^ x19; 358| 24.0k| const T x21 = a5 & ~x12; 359| 24.0k| const T x22 = x20 | x21; 360| | 361| 24.0k| const T x23 = a2 | x9; 362| 24.0k| const T x24 = x15 ^ x23; 363| 24.0k| const T x25 = x3 | x22; 364| 24.0k| const T x26 = x24 ^ x25; 365| | 366| 24.0k| const T x27 = a1 | x11; 367| 24.0k| const T x28 = x14 & x27; 368| 24.0k| const T x29 = x20 ^ x28; 369| 24.0k| const T x30 = x29 & ~x13; 370| 24.0k| const T x31 = x6 | a4; 371| 24.0k| const T x32 = x31 ^ x30; 372| 24.0k| out3 ^= x32; 373| | 374| 24.0k| const T x33 = x4 ^ x29; 375| 24.0k| const T x34 = a5 & ~x33; 376| 24.0k| const T x35 = ~x23; 377| 24.0k| const T x36 = x18 ^ x35; 378| 24.0k| const T x37 = x34 ^ x36; 379| 24.0k| const T x38 = x37 & ~a4; 380| 24.0k| const T x39 = x38 ^ x26; 381| 24.0k| out2 ^= x39; 382| | 383| 24.0k| const T x40 = a6 ^ x7; 384| 24.0k| const T x41 = a1 ^ x20; 385| 24.0k| const T x42 = x40 & x41; 386| 24.0k| const T x43 = x12 ^ x36; 387| 24.0k| const T x44 = x42 ^ x43; 388| 24.0k| const T x45 = x22 & ~a4; 389| 24.0k| const T x46 = x45 ^ x44; 390| 24.0k| out1 ^= x46; 391| 24.0k|} des.cpp:_ZN5Botan12_GLOBAL__N_15SBox7ITkNS0_9BitsliceTEjEEvT_S2_S2_S2_S2_S2_RS2_S3_S3_S3_: 394| 24.0k|BOTAN_FORCE_INLINE void SBox7(T a1, T a2, T a3, T a4, T a5, T a6, T& out1, T& out2, T& out3, T& out4) { 395| 24.0k| const T x1 = a4 ^ a5; 396| 24.0k| const T x2 = a3 ^ x1; 397| 24.0k| const T x3 = a6 & x2; 398| 24.0k| const T x4 = a4 & x1; 399| 24.0k| const T x5 = a2 ^ x4; 400| 24.0k| const T x6 = x3 & x5; 401| | 402| 24.0k| const T x7 = a6 & x4; 403| 24.0k| const T x8 = a3 ^ x7; 404| 24.0k| const T x9 = x5 | x8; 405| 24.0k| const T x10 = a6 ^ x1; 406| 24.0k| const T x11 = x9 ^ x10; 407| 24.0k| const T x12 = a1 & ~x6; 408| 24.0k| const T x13 = x12 ^ x11; 409| 24.0k| out4 ^= x13; 410| | 411| 24.0k| const T x14 = a5 & ~x2; 412| 24.0k| const T x15 = x5 | x14; 413| 24.0k| const T x16 = x3 ^ x8; 414| 24.0k| const T x17 = x15 ^ x16; 415| | 416| 24.0k| const T x18 = x3 ^ x10; 417| 24.0k| const T x19 = a4 & ~x18; 418| 24.0k| const T x20 = x5 & ~x19; 419| 24.0k| const T x21 = a5 ^ x16; 420| 24.0k| const T x22 = x20 ^ x21; 421| | 422| 24.0k| const T x23 = x18 & ~x7; 423| 24.0k| const T x24 = x19 | x23; 424| 24.0k| const T x25 = a2 ^ x9; 425| 24.0k| const T x26 = x22 & x25; 426| 24.0k| const T x27 = x24 ^ x26; 427| 24.0k| const T x28 = x27 & a1; 428| 24.0k| const T x29 = x28 ^ x22; 429| 24.0k| out3 ^= x29; 430| | 431| 24.0k| const T x30 = x5 & ~a3; 432| 24.0k| const T x31 = x23 | x30; 433| 24.0k| const T x32 = x4 | x22; 434| 24.0k| const T x33 = x31 & x32; 435| 24.0k| const T x34 = x27 ^ x33; 436| | 437| 24.0k| const T x35 = x17 | x24; 438| 24.0k| const T x36 = x14 ^ x35; 439| 24.0k| const T x37 = a6 & x36; 440| 24.0k| const T x38 = x33 ^ x37; 441| 24.0k| const T x39 = x38 & ~a1; 442| 24.0k| const T x40 = x39 ^ x17; 443| 24.0k| out1 ^= x40; 444| | 445| 24.0k| const T x41 = ~x37; 446| 24.0k| const T x42 = a2 | x41; 447| 24.0k| const T x43 = x17 ^ x33; 448| 24.0k| const T x44 = x42 ^ x43; 449| 24.0k| const T x45 = x34 | a1; 450| 24.0k| const T x46 = x45 ^ x44; 451| 24.0k| out2 ^= x46; 452| 24.0k|} des.cpp:_ZN5Botan12_GLOBAL__N_15SBox8ITkNS0_9BitsliceTEjEEvT_S2_S2_S2_S2_S2_RS2_S3_S3_S3_: 455| 24.0k|BOTAN_FORCE_INLINE void SBox8(T a1, T a2, T a3, T a4, T a5, T a6, T& out1, T& out2, T& out3, T& out4) { 456| 24.0k| const T x1 = a3 & ~a2; 457| 24.0k| const T x2 = a5 & ~a3; 458| 24.0k| const T x3 = a4 ^ x2; 459| 24.0k| const T x4 = a1 & x3; 460| 24.0k| const T x5 = x4 & ~x1; 461| | 462| 24.0k| const T x6 = a2 & ~x3; 463| 24.0k| const T x7 = a1 | x6; 464| 24.0k| const T x8 = a2 & ~a3; 465| 24.0k| const T x9 = a5 ^ x8; 466| 24.0k| const T x10 = x7 & x9; 467| 24.0k| const T x11 = x4 | x10; 468| | 469| 24.0k| const T x12 = ~x3; 470| 24.0k| const T x13 = x10 ^ x12; 471| 24.0k| const T x14 = a3 & ~x7; 472| 24.0k| const T x15 = x13 ^ x14; 473| 24.0k| const T x16 = x1 ^ x15; 474| 24.0k| const T x17 = x5 | a6; 475| 24.0k| const T x18 = x17 ^ x16; 476| 24.0k| out2 ^= x18; 477| | 478| 24.0k| const T x19 = a1 ^ x16; 479| 24.0k| const T x20 = a5 & x19; 480| 24.0k| const T x21 = a2 ^ x15; 481| 24.0k| const T x22 = x20 ^ x21; 482| 24.0k| const T x23 = x6 ^ x22; 483| | 484| 24.0k| const T x24 = x11 ^ x22; 485| 24.0k| const T x25 = a2 | x24; 486| 24.0k| const T x26 = a5 ^ x19; 487| 24.0k| const T x27 = x25 ^ x26; 488| 24.0k| const T x28 = x11 & a6; 489| 24.0k| const T x29 = x28 ^ x27; 490| 24.0k| out3 ^= x29; 491| | 492| 24.0k| const T x30 = x9 ^ x23; 493| 24.0k| const T x31 = a4 | x21; 494| 24.0k| const T x32 = x30 ^ x31; 495| 24.0k| const T x33 = a1 ^ x32; 496| 24.0k| const T x34 = x33 & a6; 497| 24.0k| const T x35 = x34 ^ x23; 498| 24.0k| out4 ^= x35; 499| | 500| 24.0k| const T x36 = x30 & ~a4; 501| 24.0k| const T x37 = x27 & x36; 502| 24.0k| const T x38 = x5 ^ x32; 503| 24.0k| const T x39 = x37 ^ x38; 504| 24.0k| const T x40 = x39 | a6; 505| 24.0k| const T x41 = x40 ^ x23; 506| 24.0k| out1 ^= x41; 507| 24.0k|} des.cpp:_ZN5Botan12_GLOBAL__N_113transpose_outEPhPKjm: 567| 500|void transpose_out(uint8_t out[], const uint32_t B[64], size_t n_blocks) { 568| | // clang-format off 569| 500| static constexpr uint8_t FP[64] = { 570| 500| 39, 7, 47, 15, 55, 23, 63, 31, 571| 500| 38, 6, 46, 14, 54, 22, 62, 30, 572| 500| 37, 5, 45, 13, 53, 21, 61, 29, 573| 500| 36, 4, 44, 12, 52, 20, 60, 28, 574| 500| 35, 3, 43, 11, 51, 19, 59, 27, 575| 500| 34, 2, 42, 10, 50, 18, 58, 26, 576| 500| 33, 1, 41, 9, 49, 17, 57, 25, 577| 500| 32, 0, 40, 8, 48, 16, 56, 24 578| 500| }; 579| | // clang-format on 580| | 581| 500| uint64_t M[32]; 582| 16.5k| for(size_t i = 0; i != 32; ++i) { ------------------ | Branch (582:22): [True: 16.0k, False: 500] ------------------ 583| | // XOR with 32 here absorbs the DES output swap into the FP 584| 16.0k| M[i] = (static_cast(B[FP[31 - i] ^ 32]) << 32) | B[FP[63 - i] ^ 32]; 585| 16.0k| } 586| | 587| 500| des_transpose(M); 588| | 589| 11.5k| for(size_t i = 0; i != n_blocks; ++i) { ------------------ | Branch (589:22): [True: 11.0k, False: 500] ------------------ 590| 11.0k| store_be(out + i * 8, M[i]); 591| 11.0k| } 592| 500|} des.cpp:_ZN5Botan12_GLOBAL__N_111des_decryptEPjS1_PKj: 645| 856|void des_decrypt(uint32_t L[32], uint32_t R[32], const uint32_t round_key[]) { 646| 7.70k| for(size_t round = 16; round > 0; round -= 2) { ------------------ | Branch (646:27): [True: 6.84k, False: 856] ------------------ 647| 6.84k| des_round(L, R, &round_key[(round - 1) * 48]); 648| 6.84k| des_round(R, L, &round_key[(round - 2) * 48]); 649| 6.84k| } 650| 856|} des.cpp:_ZN5Botan12_GLOBAL__N_116des_key_scheduleEPjPKh: 656| 225|void des_key_schedule(uint32_t round_key[], const uint8_t key[8]) { 657| 225| static const uint8_t ROT[16] = {1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1}; 658| | 659| 225| uint32_t C = ((key[7] & 0x80) << 20) | ((key[6] & 0x80) << 19) | ((key[5] & 0x80) << 18) | ((key[4] & 0x80) << 17) | 660| 225| ((key[3] & 0x80) << 16) | ((key[2] & 0x80) << 15) | ((key[1] & 0x80) << 14) | ((key[0] & 0x80) << 13) | 661| 225| ((key[7] & 0x40) << 13) | ((key[6] & 0x40) << 12) | ((key[5] & 0x40) << 11) | ((key[4] & 0x40) << 10) | 662| 225| ((key[3] & 0x40) << 9) | ((key[2] & 0x40) << 8) | ((key[1] & 0x40) << 7) | ((key[0] & 0x40) << 6) | 663| 225| ((key[7] & 0x20) << 6) | ((key[6] & 0x20) << 5) | ((key[5] & 0x20) << 4) | ((key[4] & 0x20) << 3) | 664| 225| ((key[3] & 0x20) << 2) | ((key[2] & 0x20) << 1) | ((key[1] & 0x20)) | ((key[0] & 0x20) >> 1) | 665| 225| ((key[7] & 0x10) >> 1) | ((key[6] & 0x10) >> 2) | ((key[5] & 0x10) >> 3) | ((key[4] & 0x10) >> 4); 666| 225| uint32_t D = ((key[7] & 0x02) << 26) | ((key[6] & 0x02) << 25) | ((key[5] & 0x02) << 24) | ((key[4] & 0x02) << 23) | 667| 225| ((key[3] & 0x02) << 22) | ((key[2] & 0x02) << 21) | ((key[1] & 0x02) << 20) | ((key[0] & 0x02) << 19) | 668| 225| ((key[7] & 0x04) << 17) | ((key[6] & 0x04) << 16) | ((key[5] & 0x04) << 15) | ((key[4] & 0x04) << 14) | 669| 225| ((key[3] & 0x04) << 13) | ((key[2] & 0x04) << 12) | ((key[1] & 0x04) << 11) | ((key[0] & 0x04) << 10) | 670| 225| ((key[7] & 0x08) << 8) | ((key[6] & 0x08) << 7) | ((key[5] & 0x08) << 6) | ((key[4] & 0x08) << 5) | 671| 225| ((key[3] & 0x08) << 4) | ((key[2] & 0x08) << 3) | ((key[1] & 0x08) << 2) | ((key[0] & 0x08) << 1) | 672| 225| ((key[3] & 0x10) >> 1) | ((key[2] & 0x10) >> 2) | ((key[1] & 0x10) >> 3) | ((key[0] & 0x10) >> 4); 673| | 674| 225| static const uint8_t PC2_C[24] = {13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, 675| 225| 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1}; 676| | 677| 225| static const uint8_t PC2_D[24] = {12, 23, 2, 8, 18, 26, 1, 11, 22, 16, 4, 19, 678| 225| 15, 20, 10, 27, 5, 24, 17, 13, 21, 7, 0, 3}; 679| | 680| 3.82k| for(size_t i = 0; i != 16; ++i) { ------------------ | Branch (680:22): [True: 3.60k, False: 225] ------------------ 681| 3.60k| C = ((C << ROT[i]) | (C >> (28 - ROT[i]))) & 0x0FFFFFFF; 682| 3.60k| D = ((D << ROT[i]) | (D >> (28 - ROT[i]))) & 0x0FFFFFFF; 683| | 684| 3.60k| uint32_t* rk = &round_key[i * 48]; 685| | 686| 90.0k| for(size_t j = 0; j < 24; ++j) { ------------------ | Branch (686:25): [True: 86.4k, False: 3.60k] ------------------ 687| 86.4k| const uint32_t bit = (C >> (27 - PC2_C[j])) & 1; 688| 86.4k| rk[j] = static_cast(0) - bit; 689| 86.4k| } 690| | 691| 90.0k| for(size_t j = 0; j < 24; ++j) { ------------------ | Branch (691:25): [True: 86.4k, False: 3.60k] ------------------ 692| 86.4k| const uint32_t bit = (D >> (27 - PC2_D[j])) & 1; 693| 86.4k| rk[24 + j] = static_cast(0) - bit; 694| 86.4k| } 695| 3.60k| } 696| 225|} _ZN5Botan13base64_decodeEPKcmb: 187| 14.0k|secure_vector base64_decode(const char input[], size_t input_length, bool ignore_ws) { 188| 14.0k| return base_decode_to_vec>(Base64(), input, input_length, ignore_ws); 189| 14.0k|} base64.cpp:_ZN5Botan12_GLOBAL__N_16Base6417decode_max_outputEm: 42| 28.1k| static constexpr size_t decode_max_output(size_t input_length) { 43| 28.1k| return (round_up(input_length, m_encoding_bytes_out) * m_encoding_bytes_in) / m_encoding_bytes_out; 44| 28.1k| } base64.cpp:_ZN5Botan12_GLOBAL__N_16Base6419lookup_binary_valueEc: 110| 5.83M|uint8_t Base64::lookup_binary_value(char input) noexcept { 111| 5.83M| auto has_zero_byte = [](uint64_t v) { return ((v - 0x0101010101010101) & ~(v) & 0x8080808080808080); }; 112| | 113| | // Assumes each byte is either 0x00 or 0x80 114| 5.83M| auto index_of_first_set_byte = [](uint64_t v) { 115| 5.83M| return ((((v - 1) & 0x0101010101010101) * 0x0101010101010101) >> 56) - 1; 116| 5.83M| }; 117| | 118| 5.83M| constexpr uint64_t lo = 0x0101010101010101; 119| | 120| 5.83M| const uint8_t x = static_cast(input); 121| | 122| 5.83M| const uint64_t x8 = x * lo; 123| | 124| | // Defines the valid ASCII ranges of base64, except the special chars (below) 125| 5.83M| constexpr uint64_t val_l = make_uint64(0, 0, 0, 0, 0, 'A', 'a', '0'); 126| 5.83M| constexpr uint64_t val_u = make_uint64(0, 0, 0, 0, 0, 26, 26, 10); 127| | 128| | // If x is in one of the ranges return a mask. Otherwise we xor in at the 129| | // high word which will be our invalid marker 130| 5.83M| auto v_mask = swar_in_range(x8, val_l, val_u) ^ 0x80000000; 131| | 132| | // This is the offset added to x to get the value 133| 5.83M| const uint64_t val_v = 0xbfb904 ^ (0xFF000000 - (x << 24)); 134| | 135| 5.83M| const uint8_t z = x + static_cast(val_v >> (8 * index_of_first_set_byte(v_mask))); 136| | 137| | // Valid base64 special characters, and some whitespace chars 138| 5.83M| constexpr uint64_t specials_i = make_uint64(0, '+', '/', '=', ' ', '\n', '\t', '\r'); 139| | 140| 5.83M| const uint64_t specials_v = 0x3e3f8180808080 ^ (static_cast(z) << 56); 141| | 142| 5.83M| const uint64_t smask = has_zero_byte(x8 ^ specials_i) ^ 0x8000000000000000; 143| | 144| 5.83M| return static_cast(specials_v >> (8 * index_of_first_set_byte(smask))); 145| 5.83M|} base64.cpp:_ZZN5Botan12_GLOBAL__N_16Base6419lookup_binary_valueEcENK3$_0clEm: 114| 11.6M| auto index_of_first_set_byte = [](uint64_t v) { 115| 11.6M| return ((((v - 1) & 0x0101010101010101) * 0x0101010101010101) >> 56) - 1; 116| 11.6M| }; base64.cpp:_ZZN5Botan12_GLOBAL__N_16Base6419lookup_binary_valueEcENK3$_1clEm: 111| 5.83M| auto has_zero_byte = [](uint64_t v) { return ((v - 0x0101010101010101) & ~(v) & 0x8080808080808080); }; base64.cpp:_ZN5Botan12_GLOBAL__N_16Base6414check_bad_charEhcb: 148| 5.83M|bool Base64::check_bad_char(uint8_t bin, char input, bool ignore_ws) { 149| 5.83M| if(bin <= 0x3F) { ------------------ | Branch (149:7): [True: 5.83M, False: 0] ------------------ 150| 5.83M| return true; 151| 5.83M| } else if(!(bin == 0x81 || (bin == 0x80 && ignore_ws))) { ------------------ | Branch (151:16): [True: 0, False: 0] | Branch (151:32): [True: 0, False: 0] | Branch (151:47): [True: 0, False: 0] ------------------ 152| 0| throw Invalid_Argument(fmt("base64_decode: invalid character '{}'", format_char_for_display(input))); 153| 0| } 154| 0| return false; 155| 5.83M|} base64.cpp:_ZN5Botan12_GLOBAL__N_16Base646decodeEPhPKh: 52| 1.45M| static void decode(uint8_t* out_ptr, const uint8_t decode_buf[4]) { 53| 1.45M| out_ptr[0] = (decode_buf[0] << 2) | (decode_buf[1] >> 4); 54| 1.45M| out_ptr[1] = (decode_buf[1] << 4) | (decode_buf[2] >> 2); 55| 1.45M| out_ptr[2] = (decode_buf[2] << 6) | decode_buf[3]; 56| 1.45M| } base64.cpp:_ZN5Botan12_GLOBAL__N_16Base6415bytes_to_removeEm: 58| 14.0k| static size_t bytes_to_remove(size_t final_truncate) { return final_truncate; } _ZN5Botan10hex_encodeEPcPKhmb: 34| 14.0k|void hex_encode(char output[], const uint8_t input[], size_t input_length, bool uppercase) { 35| 380k| for(size_t i = 0; i != input_length; ++i) { ------------------ | Branch (35:22): [True: 366k, False: 14.0k] ------------------ 36| 366k| const uint16_t h = hex_encode_2nibble(input[i], uppercase); 37| 366k| output[2 * i] = get_byte<0>(h); 38| 366k| output[2 * i + 1] = get_byte<1>(h); 39| 366k| } 40| 14.0k|} _ZN5Botan10hex_encodeEPKhmb: 42| 14.0k|std::string hex_encode(const uint8_t input[], size_t input_length, bool uppercase) { 43| 14.0k| std::string output(2 * input_length, 0); 44| | 45| 14.0k| if(input_length > 0) { ------------------ | Branch (45:7): [True: 14.0k, False: 0] ------------------ 46| 14.0k| hex_encode(&output.front(), input, input_length, uppercase); 47| 14.0k| } 48| | 49| 14.0k| return output; 50| 14.0k|} _ZN5Botan10hex_decodeEPhPKcmRmb: 72| 11.0k|size_t hex_decode(uint8_t output[], const char input[], size_t input_length, size_t& input_consumed, bool ignore_ws) { 73| 11.0k| uint8_t* out_ptr = output; 74| 11.0k| bool top_nibble = true; 75| | 76| 11.0k| clear_mem(output, input_length / 2); 77| | 78| 366k| for(size_t i = 0; i != input_length; ++i) { ------------------ | Branch (78:22): [True: 355k, False: 11.0k] ------------------ 79| 355k| const uint8_t bin = hex_char_to_bin(input[i]); 80| | 81| 355k| if(bin >= 0x10) { ------------------ | Branch (81:10): [True: 0, False: 355k] ------------------ 82| 0| if(bin == 0x80 && ignore_ws) { ------------------ | Branch (82:13): [True: 0, False: 0] | Branch (82:28): [True: 0, False: 0] ------------------ 83| 0| continue; 84| 0| } 85| | 86| 0| throw Invalid_Argument(fmt("hex_decode: invalid character '{}'", format_char_for_display(input[i]))); 87| 0| } 88| | 89| 355k| if(top_nibble) { ------------------ | Branch (89:10): [True: 177k, False: 177k] ------------------ 90| 177k| *out_ptr |= bin << 4; 91| 177k| } else { 92| 177k| *out_ptr |= bin; 93| 177k| } 94| | 95| 355k| top_nibble = !top_nibble; 96| 355k| if(top_nibble) { ------------------ | Branch (96:10): [True: 177k, False: 177k] ------------------ 97| 177k| ++out_ptr; 98| 177k| } 99| 355k| } 100| | 101| 11.0k| input_consumed = input_length; 102| 11.0k| const size_t written = (out_ptr - output); 103| | 104| | /* 105| | * We only got half of a uint8_t at the end; zap the half-written 106| | * output and mark it as unread 107| | */ 108| 11.0k| if(!top_nibble) { ------------------ | Branch (108:7): [True: 0, False: 11.0k] ------------------ 109| 0| *out_ptr = 0; 110| 0| input_consumed -= 1; 111| 0| } 112| | 113| 11.0k| return written; 114| 11.0k|} _ZN5Botan10hex_decodeEPhPKcmb: 116| 11.0k|size_t hex_decode(uint8_t output[], const char input[], size_t input_length, bool ignore_ws) { 117| 11.0k| size_t consumed = 0; 118| 11.0k| const size_t written = hex_decode(output, input, input_length, consumed, ignore_ws); 119| | 120| 11.0k| if(consumed != input_length) { ------------------ | Branch (120:7): [True: 0, False: 11.0k] ------------------ 121| 0| throw Invalid_Argument("hex_decode: input did not have full bytes"); 122| 0| } 123| | 124| 11.0k| return written; 125| 11.0k|} _ZN5Botan17hex_decode_lockedEPKcmb: 135| 11.0k|secure_vector hex_decode_locked(const char input[], size_t input_length, bool ignore_ws) { 136| 11.0k| secure_vector bin(1 + input_length / 2); 137| | 138| 11.0k| const size_t written = hex_decode(bin.data(), input, input_length, ignore_ws); 139| | 140| 11.0k| bin.resize(written); 141| 11.0k| return bin; 142| 11.0k|} _ZN5Botan17hex_decode_lockedENSt3__117basic_string_viewIcNS0_11char_traitsIcEEEEb: 144| 11.0k|secure_vector hex_decode_locked(std::string_view input, bool ignore_ws) { 145| 11.0k| return hex_decode_locked(input.data(), input.size(), ignore_ws); 146| 11.0k|} hex.cpp:_ZN5Botan12_GLOBAL__N_118hex_encode_2nibbleEhb: 21| 366k|uint16_t hex_encode_2nibble(uint8_t n8, bool uppercase) { 22| | // Offset for upper or lower case 'a' resp 23| 366k| const uint16_t a_mask = uppercase ? 0x0707 : 0x2727; ------------------ | Branch (23:28): [True: 366k, False: 0] ------------------ 24| | 25| 366k| const uint16_t n = (static_cast(n8 & 0xF0) << 4) | (n8 & 0x0F); 26| | // n >= 10? If so add offset 27| 366k| const uint16_t diff = swar_lt(0x0909, n) & a_mask; 28| | // Can't overflow between bytes, so don't need explicit SWAR addition: 29| 366k| return n + 0x3030 + diff; 30| 366k|} hex.cpp:_ZN5Botan12_GLOBAL__N_115hex_char_to_binEc: 54| 355k|uint8_t hex_char_to_bin(char input) { 55| | // Starts of valid value ranges (v_lo) and their lengths (v_range) 56| 355k| constexpr uint64_t v_lo = make_uint64(0, '0', 'a', 'A', ' ', '\n', '\t', '\r'); 57| 355k| constexpr uint64_t v_range = make_uint64(0, 10, 6, 6, 1, 1, 1, 1); 58| | 59| 355k| const uint8_t x = static_cast(input); 60| 355k| const uint64_t x8 = x * 0x0101010101010101; 61| | 62| 355k| const uint64_t v_mask = swar_in_range(x8, v_lo, v_range) ^ 0x8000000000000000; 63| | 64| | // This is the offset added to x to get the value we need 65| 355k| const uint64_t val_v = 0xd0a9c960767773 ^ static_cast(0xFF - x) << 56; 66| | 67| 355k| return x + static_cast(val_v >> (8 * index_of_first_set_byte(v_mask))); 68| 355k|} _ZN5Botan12HashFunction6createENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 111| 42.2k|std::unique_ptr HashFunction::create(std::string_view algo_spec, std::string_view provider) { 112| |#if defined(BOTAN_HAS_COMMONCRYPTO) 113| | if(provider.empty() || provider == "commoncrypto") { 114| | if(auto hash = make_commoncrypto_hash(algo_spec)) 115| | return hash; 116| | 117| | if(!provider.empty()) 118| | return nullptr; 119| | } 120| |#endif 121| | 122| 42.2k| if(provider.empty() == false && provider != "base") { ------------------ | Branch (122:7): [True: 0, False: 42.2k] | Branch (122:36): [True: 0, False: 0] ------------------ 123| 0| return nullptr; // unknown provider 124| 0| } 125| | 126| 42.2k|#if defined(BOTAN_HAS_SHA1) 127| 42.2k| if(algo_spec == "SHA-1") { ------------------ | Branch (127:7): [True: 7.17k, False: 35.0k] ------------------ 128| 7.17k| return std::make_unique(); 129| 7.17k| } 130| 35.0k|#endif 131| | 132| 35.0k|#if defined(BOTAN_HAS_SHA2_32) 133| 35.0k| if(algo_spec == "SHA-224") { ------------------ | Branch (133:7): [True: 0, False: 35.0k] ------------------ 134| 0| return std::make_unique(); 135| 0| } 136| | 137| 35.0k| if(algo_spec == "SHA-256") { ------------------ | Branch (137:7): [True: 34.2k, False: 764] ------------------ 138| 34.2k| return std::make_unique(); 139| 34.2k| } 140| 764|#endif 141| | 142| 764|#if defined(BOTAN_HAS_SHA2_64) 143| 764| if(algo_spec == "SHA-384") { ------------------ | Branch (143:7): [True: 764, False: 0] ------------------ 144| 764| return std::make_unique(); 145| 764| } 146| | 147| 0| if(algo_spec == "SHA-512") { ------------------ | Branch (147:7): [True: 0, False: 0] ------------------ 148| 0| return std::make_unique(); 149| 0| } 150| | 151| 0| if(algo_spec == "SHA-512-256") { ------------------ | Branch (151:7): [True: 0, False: 0] ------------------ 152| 0| return std::make_unique(); 153| 0| } 154| 0|#endif 155| | 156| 0|#if defined(BOTAN_HAS_RIPEMD_160) 157| 0| if(algo_spec == "RIPEMD-160") { ------------------ | Branch (157:7): [True: 0, False: 0] ------------------ 158| 0| return std::make_unique(); 159| 0| } 160| 0|#endif 161| | 162| 0|#if defined(BOTAN_HAS_WHIRLPOOL) 163| 0| if(algo_spec == "Whirlpool") { ------------------ | Branch (163:7): [True: 0, False: 0] ------------------ 164| 0| return std::make_unique(); 165| 0| } 166| 0|#endif 167| | 168| 0|#if defined(BOTAN_HAS_MD5) 169| 0| if(algo_spec == "MD5") { ------------------ | Branch (169:7): [True: 0, False: 0] ------------------ 170| 0| return std::make_unique(); 171| 0| } 172| 0|#endif 173| | 174| 0|#if defined(BOTAN_HAS_MD4) 175| 0| if(algo_spec == "MD4") { ------------------ | Branch (175:7): [True: 0, False: 0] ------------------ 176| 0| return std::make_unique(); 177| 0| } 178| 0|#endif 179| | 180| 0|#if defined(BOTAN_HAS_GOST_34_11) 181| 0| if(algo_spec == "GOST-R-34.11-94" || algo_spec == "GOST-34.11") { ------------------ | Branch (181:7): [True: 0, False: 0] | Branch (181:41): [True: 0, False: 0] ------------------ 182| 0| return std::make_unique(); 183| 0| } 184| 0|#endif 185| | 186| 0|#if defined(BOTAN_HAS_ADLER32) 187| 0| if(algo_spec == "Adler32") { ------------------ | Branch (187:7): [True: 0, False: 0] ------------------ 188| 0| return std::make_unique(); 189| 0| } 190| 0|#endif 191| | 192| 0|#if defined(BOTAN_HAS_ASCON_HASH256) 193| 0| if(algo_spec == "Ascon-Hash256") { ------------------ | Branch (193:7): [True: 0, False: 0] ------------------ 194| 0| return std::make_unique(); 195| 0| } 196| 0|#endif 197| | 198| 0|#if defined(BOTAN_HAS_CRC24) 199| 0| if(algo_spec == "CRC24") { ------------------ | Branch (199:7): [True: 0, False: 0] ------------------ 200| 0| return std::make_unique(); 201| 0| } 202| 0|#endif 203| | 204| 0|#if defined(BOTAN_HAS_CRC32) 205| 0| if(algo_spec == "CRC32") { ------------------ | Branch (205:7): [True: 0, False: 0] ------------------ 206| 0| return std::make_unique(); 207| 0| } 208| 0|#endif 209| | 210| 0|#if defined(BOTAN_HAS_STREEBOG) 211| 0| if(algo_spec == "Streebog-256") { ------------------ | Branch (211:7): [True: 0, False: 0] ------------------ 212| 0| return std::make_unique(256); 213| 0| } 214| 0| if(algo_spec == "Streebog-512") { ------------------ | Branch (214:7): [True: 0, False: 0] ------------------ 215| 0| return std::make_unique(512); 216| 0| } 217| 0|#endif 218| | 219| 0|#if defined(BOTAN_HAS_SM3) 220| 0| if(algo_spec == "SM3") { ------------------ | Branch (220:7): [True: 0, False: 0] ------------------ 221| 0| return std::make_unique(); 222| 0| } 223| 0|#endif 224| | 225| 0| const SCAN_Name req(algo_spec); 226| | 227| 0|#if defined(BOTAN_HAS_SKEIN_512) 228| 0| if(req.algo_name() == "Skein-512") { ------------------ | Branch (228:7): [True: 0, False: 0] ------------------ 229| 0| return std::make_unique(req.arg_as_integer(0, 512), req.arg(1, "")); 230| 0| } 231| 0|#endif 232| | 233| 0|#if defined(BOTAN_HAS_BLAKE2B) 234| 0| if(req.algo_name() == "Blake2b" || req.algo_name() == "BLAKE2b") { ------------------ | Branch (234:7): [True: 0, False: 0] | Branch (234:39): [True: 0, False: 0] ------------------ 235| 0| return std::make_unique(req.arg_as_integer(0, 512)); 236| 0| } 237| 0|#endif 238| | 239| 0|#if defined(BOTAN_HAS_BLAKE2S) 240| 0| if(req.algo_name() == "Blake2s" || req.algo_name() == "BLAKE2s") { ------------------ | Branch (240:7): [True: 0, False: 0] | Branch (240:39): [True: 0, False: 0] ------------------ 241| 0| return std::make_unique(req.arg_as_integer(0, 256)); 242| 0| } 243| 0|#endif 244| | 245| 0|#if defined(BOTAN_HAS_KECCAK) 246| 0| if(req.algo_name() == "Keccak-1600") { ------------------ | Branch (246:7): [True: 0, False: 0] ------------------ 247| 0| return std::make_unique(req.arg_as_integer(0, 512)); 248| 0| } 249| 0|#endif 250| | 251| 0|#if defined(BOTAN_HAS_SHA3) 252| 0| if(req.algo_name() == "SHA-3") { ------------------ | Branch (252:7): [True: 0, False: 0] ------------------ 253| 0| return std::make_unique(req.arg_as_integer(0, 512)); 254| 0| } 255| 0|#endif 256| | 257| 0|#if defined(BOTAN_HAS_SHAKE) 258| 0| if(req.algo_name() == "SHAKE-128" && req.arg_count() == 1) { ------------------ | Branch (258:7): [True: 0, False: 0] | Branch (258:41): [True: 0, False: 0] ------------------ 259| 0| return std::make_unique(req.arg_as_integer(0)); 260| 0| } 261| 0| if(req.algo_name() == "SHAKE-256" && req.arg_count() == 1) { ------------------ | Branch (261:7): [True: 0, False: 0] | Branch (261:41): [True: 0, False: 0] ------------------ 262| 0| return std::make_unique(req.arg_as_integer(0)); 263| 0| } 264| 0|#endif 265| | 266| 0|#if defined(BOTAN_HAS_PARALLEL_HASH) 267| 0| if(req.algo_name() == "Parallel") { ------------------ | Branch (267:7): [True: 0, False: 0] ------------------ 268| 0| std::vector> hashes; 269| | 270| 0| for(size_t i = 0; i != req.arg_count(); ++i) { ------------------ | Branch (270:25): [True: 0, False: 0] ------------------ 271| 0| auto h = HashFunction::create(req.arg(i)); 272| 0| if(!h) { ------------------ | Branch (272:13): [True: 0, False: 0] ------------------ 273| 0| return nullptr; 274| 0| } 275| 0| hashes.push_back(std::move(h)); 276| 0| } 277| | 278| 0| return std::make_unique(hashes); 279| 0| } 280| 0|#endif 281| | 282| 0|#if defined(BOTAN_HAS_TRUNCATED_HASH) 283| 0| if(req.algo_name() == "Truncated" && req.arg_count() == 2) { ------------------ | Branch (283:7): [True: 0, False: 0] | Branch (283:41): [True: 0, False: 0] ------------------ 284| 0| auto hash = HashFunction::create(req.arg(0)); 285| 0| if(!hash) { ------------------ | Branch (285:10): [True: 0, False: 0] ------------------ 286| 0| return nullptr; 287| 0| } 288| | 289| 0| return std::make_unique(std::move(hash), req.arg_as_integer(1)); 290| 0| } 291| 0|#endif 292| | 293| 0|#if defined(BOTAN_HAS_COMB4P) 294| 0| if(req.algo_name() == "Comb4P" && req.arg_count() == 2) { ------------------ | Branch (294:7): [True: 0, False: 0] | Branch (294:38): [True: 0, False: 0] ------------------ 295| 0| auto h1 = HashFunction::create(req.arg(0)); 296| 0| auto h2 = HashFunction::create(req.arg(1)); 297| | 298| 0| if(h1 && h2) { ------------------ | Branch (298:10): [True: 0, False: 0] | Branch (298:16): [True: 0, False: 0] ------------------ 299| 0| return std::make_unique(std::move(h1), std::move(h2)); 300| 0| } 301| 0| } 302| 0|#endif 303| | 304| 0| return nullptr; 305| 0|} _ZN5Botan12HashFunction15create_or_throwENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 308| 24.5k|std::unique_ptr HashFunction::create_or_throw(std::string_view algo, std::string_view provider) { 309| 24.5k| if(auto hash = HashFunction::create(algo, provider)) { ------------------ | Branch (309:12): [True: 24.5k, False: 0] ------------------ 310| 24.5k| return hash; 311| 24.5k| } 312| 0| throw Lookup_Error("Hash", algo, provider); 313| 24.5k|} _ZN5Botan5SHA_110compress_nERNSt3__16vectorIjNS_16secure_allocatorIjEEEENS1_4spanIKhLm18446744073709551615EEEm: 24| 57.1k|void SHA_1::compress_n(digest_type& digest, std::span input, size_t blocks) { 25| 57.1k| using namespace SHA1_F; 26| | 27| 57.1k|#if defined(BOTAN_HAS_SHA1_X86_SHA_NI) 28| 57.1k| if(CPUID::has(CPUID::Feature::SHA)) { ------------------ | Branch (28:7): [True: 0, False: 57.1k] ------------------ 29| 0| return sha1_compress_x86(digest, input, blocks); 30| 0| } 31| 57.1k|#endif 32| | 33| |#if defined(BOTAN_HAS_SHA1_ARMV8) 34| | if(CPUID::has(CPUID::Feature::SHA1)) { 35| | return sha1_armv8_compress_n(digest, input, blocks); 36| | } 37| |#endif 38| | 39| 57.1k|#if defined(BOTAN_HAS_SHA1_AVX2) 40| 57.1k| if(CPUID::has(CPUID::Feature::AVX2, CPUID::Feature::BMI)) { ------------------ | Branch (40:7): [True: 57.1k, False: 0] ------------------ 41| 57.1k| return avx2_compress_n(digest, input, blocks); 42| 57.1k| } 43| 0|#endif 44| | 45| 0|#if defined(BOTAN_HAS_SHA1_SIMD_4X32) 46| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (46:7): [True: 0, False: 0] ------------------ 47| 0| return simd_compress_n(digest, input, blocks); 48| 0| } 49| 0|#endif 50| | 51| 0| uint32_t A = digest[0]; 52| 0| uint32_t B = digest[1]; 53| 0| uint32_t C = digest[2]; 54| 0| uint32_t D = digest[3]; 55| 0| uint32_t E = digest[4]; 56| 0| std::array W{}; 57| 0| auto W_in = std::span{W}.first(); 58| | 59| 0| BufferSlicer in(input); 60| | 61| 0| for(size_t i = 0; i != blocks; ++i) { ------------------ | Branch (61:22): [True: 0, False: 0] ------------------ 62| 0| load_be(W_in, in.take()); 63| | 64| | // clang-format off 65| | 66| 0| for(size_t j = 16; j != 80; j += 8) { ------------------ | Branch (66:26): [True: 0, False: 0] ------------------ 67| 0| W[j + 0] = rotl<1>(W[j - 3] ^ W[j - 8] ^ W[j - 14] ^ W[j - 16]); 68| 0| W[j + 1] = rotl<1>(W[j - 2] ^ W[j - 7] ^ W[j - 13] ^ W[j - 15]); 69| 0| W[j + 2] = rotl<1>(W[j - 1] ^ W[j - 6] ^ W[j - 12] ^ W[j - 14]); 70| 0| W[j + 3] = rotl<1>(W[j ] ^ W[j - 5] ^ W[j - 11] ^ W[j - 13]); 71| 0| W[j + 4] = rotl<1>(W[j + 1] ^ W[j - 4] ^ W[j - 10] ^ W[j - 12]); 72| 0| W[j + 5] = rotl<1>(W[j + 2] ^ W[j - 3] ^ W[j - 9] ^ W[j - 11]); 73| 0| W[j + 6] = rotl<1>(W[j + 3] ^ W[j - 2] ^ W[j - 8] ^ W[j - 10]); 74| 0| W[j + 7] = rotl<1>(W[j + 4] ^ W[j - 1] ^ W[j - 7] ^ W[j - 9]); 75| 0| } 76| | 77| | // clang-format on 78| | 79| 0| F1(A, B, C, D, E, W[0] + K1); 80| 0| F1(E, A, B, C, D, W[1] + K1); 81| 0| F1(D, E, A, B, C, W[2] + K1); 82| 0| F1(C, D, E, A, B, W[3] + K1); 83| 0| F1(B, C, D, E, A, W[4] + K1); 84| 0| F1(A, B, C, D, E, W[5] + K1); 85| 0| F1(E, A, B, C, D, W[6] + K1); 86| 0| F1(D, E, A, B, C, W[7] + K1); 87| 0| F1(C, D, E, A, B, W[8] + K1); 88| 0| F1(B, C, D, E, A, W[9] + K1); 89| 0| F1(A, B, C, D, E, W[10] + K1); 90| 0| F1(E, A, B, C, D, W[11] + K1); 91| 0| F1(D, E, A, B, C, W[12] + K1); 92| 0| F1(C, D, E, A, B, W[13] + K1); 93| 0| F1(B, C, D, E, A, W[14] + K1); 94| 0| F1(A, B, C, D, E, W[15] + K1); 95| 0| F1(E, A, B, C, D, W[16] + K1); 96| 0| F1(D, E, A, B, C, W[17] + K1); 97| 0| F1(C, D, E, A, B, W[18] + K1); 98| 0| F1(B, C, D, E, A, W[19] + K1); 99| | 100| 0| F2(A, B, C, D, E, W[20] + K2); 101| 0| F2(E, A, B, C, D, W[21] + K2); 102| 0| F2(D, E, A, B, C, W[22] + K2); 103| 0| F2(C, D, E, A, B, W[23] + K2); 104| 0| F2(B, C, D, E, A, W[24] + K2); 105| 0| F2(A, B, C, D, E, W[25] + K2); 106| 0| F2(E, A, B, C, D, W[26] + K2); 107| 0| F2(D, E, A, B, C, W[27] + K2); 108| 0| F2(C, D, E, A, B, W[28] + K2); 109| 0| F2(B, C, D, E, A, W[29] + K2); 110| 0| F2(A, B, C, D, E, W[30] + K2); 111| 0| F2(E, A, B, C, D, W[31] + K2); 112| 0| F2(D, E, A, B, C, W[32] + K2); 113| 0| F2(C, D, E, A, B, W[33] + K2); 114| 0| F2(B, C, D, E, A, W[34] + K2); 115| 0| F2(A, B, C, D, E, W[35] + K2); 116| 0| F2(E, A, B, C, D, W[36] + K2); 117| 0| F2(D, E, A, B, C, W[37] + K2); 118| 0| F2(C, D, E, A, B, W[38] + K2); 119| 0| F2(B, C, D, E, A, W[39] + K2); 120| | 121| 0| F3(A, B, C, D, E, W[40] + K3); 122| 0| F3(E, A, B, C, D, W[41] + K3); 123| 0| F3(D, E, A, B, C, W[42] + K3); 124| 0| F3(C, D, E, A, B, W[43] + K3); 125| 0| F3(B, C, D, E, A, W[44] + K3); 126| 0| F3(A, B, C, D, E, W[45] + K3); 127| 0| F3(E, A, B, C, D, W[46] + K3); 128| 0| F3(D, E, A, B, C, W[47] + K3); 129| 0| F3(C, D, E, A, B, W[48] + K3); 130| 0| F3(B, C, D, E, A, W[49] + K3); 131| 0| F3(A, B, C, D, E, W[50] + K3); 132| 0| F3(E, A, B, C, D, W[51] + K3); 133| 0| F3(D, E, A, B, C, W[52] + K3); 134| 0| F3(C, D, E, A, B, W[53] + K3); 135| 0| F3(B, C, D, E, A, W[54] + K3); 136| 0| F3(A, B, C, D, E, W[55] + K3); 137| 0| F3(E, A, B, C, D, W[56] + K3); 138| 0| F3(D, E, A, B, C, W[57] + K3); 139| 0| F3(C, D, E, A, B, W[58] + K3); 140| 0| F3(B, C, D, E, A, W[59] + K3); 141| | 142| 0| F4(A, B, C, D, E, W[60] + K4); 143| 0| F4(E, A, B, C, D, W[61] + K4); 144| 0| F4(D, E, A, B, C, W[62] + K4); 145| 0| F4(C, D, E, A, B, W[63] + K4); 146| 0| F4(B, C, D, E, A, W[64] + K4); 147| 0| F4(A, B, C, D, E, W[65] + K4); 148| 0| F4(E, A, B, C, D, W[66] + K4); 149| 0| F4(D, E, A, B, C, W[67] + K4); 150| 0| F4(C, D, E, A, B, W[68] + K4); 151| 0| F4(B, C, D, E, A, W[69] + K4); 152| 0| F4(A, B, C, D, E, W[70] + K4); 153| 0| F4(E, A, B, C, D, W[71] + K4); 154| 0| F4(D, E, A, B, C, W[72] + K4); 155| 0| F4(C, D, E, A, B, W[73] + K4); 156| 0| F4(B, C, D, E, A, W[74] + K4); 157| 0| F4(A, B, C, D, E, W[75] + K4); 158| 0| F4(E, A, B, C, D, W[76] + K4); 159| 0| F4(D, E, A, B, C, W[77] + K4); 160| 0| F4(C, D, E, A, B, W[78] + K4); 161| 0| F4(B, C, D, E, A, W[79] + K4); 162| | 163| 0| A = (digest[0] += A); 164| 0| B = (digest[1] += B); 165| 0| C = (digest[2] += C); 166| 0| D = (digest[3] += D); 167| 0| E = (digest[4] += E); 168| 0| } 169| 0|} _ZN5Botan5SHA_14initERNSt3__16vectorIjNS_16secure_allocatorIjEEEE: 174| 35.7k|void SHA_1::init(digest_type& digest) { 175| 35.7k| digest.assign({0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0}); 176| 35.7k|} _ZN5Botan5SHA_18add_dataENSt3__14spanIKhLm18446744073709551615EEE: 214| 29.0k|void SHA_1::add_data(std::span input) { 215| 29.0k| m_md.update(input); 216| 29.0k|} _ZN5Botan5SHA_112final_resultENSt3__14spanIhLm18446744073709551615EEE: 218| 28.4k|void SHA_1::final_result(std::span output) { 219| 28.4k| m_md.final(output); 220| 28.4k|} _ZN5Botan5SHA_115avx2_compress_nERNSt3__16vectorIjNS_16secure_allocatorIjEEEENS1_4spanIKhLm18446744073709551615EEEm: 144| 57.1k|void BOTAN_FN_ISA_AVX2_BMI2 SHA_1::avx2_compress_n(digest_type& digest, std::span input, size_t blocks) { 145| 57.1k| using namespace SHA1_F; 146| | 147| 57.1k| const SIMD_8x32 K11 = SIMD_8x32::splat(K1); 148| 57.1k| const SIMD_8x32 K22 = SIMD_8x32::splat(K2); 149| 57.1k| const SIMD_8x32 K33 = SIMD_8x32::splat(K3); 150| 57.1k| const SIMD_8x32 K44 = SIMD_8x32::splat(K4); 151| | 152| 57.1k| const SIMD_8x32 K12(K1, K1, K1, K1, K2, K2, K2, K2); 153| 57.1k| const SIMD_8x32 K34(K3, K3, K3, K3, K4, K4, K4, K4); 154| | 155| 57.1k| uint32_t A = digest[0]; 156| 57.1k| uint32_t B = digest[1]; 157| 57.1k| uint32_t C = digest[2]; 158| 57.1k| uint32_t D = digest[3]; 159| 57.1k| uint32_t E = digest[4]; 160| | 161| 57.1k| BufferSlicer in(input); 162| | 163| 79.0k| while(blocks >= 2) { ------------------ | Branch (163:10): [True: 21.9k, False: 57.1k] ------------------ 164| 21.9k| const auto block = in.take(2 * block_bytes); 165| 21.9k| blocks -= 2; 166| | 167| 21.9k| uint32_t W2[80] = {0}; 168| | 169| 21.9k| uint32_t PT[4]; 170| | 171| | // NOLINTNEXTLINE(*-container-data-pointer) 172| 21.9k| SIMD_8x32 XW0 = SIMD_8x32::load_be128(&block[0], &block[64]); 173| 21.9k| SIMD_8x32 XW1 = SIMD_8x32::load_be128(&block[16], &block[80]); 174| 21.9k| SIMD_8x32 XW2 = SIMD_8x32::load_be128(&block[32], &block[96]); 175| 21.9k| SIMD_8x32 XW3 = SIMD_8x32::load_be128(&block[48], &block[112]); 176| | 177| 21.9k| SIMD_8x32 P0 = XW0 + SIMD_8x32::splat(K1); 178| 21.9k| SIMD_8x32 P1 = XW1 + SIMD_8x32::splat(K1); 179| 21.9k| SIMD_8x32 P2 = XW2 + SIMD_8x32::splat(K1); 180| 21.9k| SIMD_8x32 P3 = XW3 + SIMD_8x32::splat(K1); 181| | 182| | // NOLINTBEGIN(readability-suspicious-call-argument) XW rotation 183| | 184| 21.9k| P0.store_le128(PT, &W2[0]); 185| 21.9k| P0 = sha1_avx2_next_w(XW0, XW1, XW2, XW3) + SIMD_8x32::splat(K1); 186| 21.9k| F1(A, B, C, D, E, PT[0]); 187| 21.9k| F1(E, A, B, C, D, PT[1]); 188| 21.9k| F1(D, E, A, B, C, PT[2]); 189| 21.9k| F1(C, D, E, A, B, PT[3]); 190| | 191| 21.9k| P1.store_le128(PT, &W2[4]); 192| 21.9k| P1 = sha1_avx2_next_w(XW1, XW2, XW3, XW0) + SIMD_8x32::splat(K2); 193| 21.9k| F1(B, C, D, E, A, PT[0]); 194| 21.9k| F1(A, B, C, D, E, PT[1]); 195| 21.9k| F1(E, A, B, C, D, PT[2]); 196| 21.9k| F1(D, E, A, B, C, PT[3]); 197| | 198| 21.9k| P2.store_le128(PT, &W2[8]); 199| 21.9k| P2 = sha1_avx2_next_w(XW2, XW3, XW0, XW1) + SIMD_8x32::splat(K2); 200| 21.9k| F1(C, D, E, A, B, PT[0]); 201| 21.9k| F1(B, C, D, E, A, PT[1]); 202| 21.9k| F1(A, B, C, D, E, PT[2]); 203| 21.9k| F1(E, A, B, C, D, PT[3]); 204| | 205| 21.9k| P3.store_le128(PT, &W2[12]); 206| 21.9k| P3 = sha1_avx2_next_w(XW3, XW0, XW1, XW2) + SIMD_8x32::splat(K2); 207| 21.9k| F1(D, E, A, B, C, PT[0]); 208| 21.9k| F1(C, D, E, A, B, PT[1]); 209| 21.9k| F1(B, C, D, E, A, PT[2]); 210| 21.9k| F1(A, B, C, D, E, PT[3]); 211| | 212| 21.9k| P0.store_le128(PT, &W2[16]); 213| 21.9k| P0 = sha1_avx2_next_w(XW0, XW1, XW2, XW3) + SIMD_8x32::splat(K2); 214| 21.9k| F1(E, A, B, C, D, PT[0]); 215| 21.9k| F1(D, E, A, B, C, PT[1]); 216| 21.9k| F1(C, D, E, A, B, PT[2]); 217| 21.9k| F1(B, C, D, E, A, PT[3]); 218| | 219| 21.9k| P1.store_le128(PT, &W2[20]); 220| 21.9k| P1 = sha1_avx2_next_w(XW1, XW2, XW3, XW0) + SIMD_8x32::splat(K2); 221| 21.9k| F2(A, B, C, D, E, PT[0]); 222| 21.9k| F2(E, A, B, C, D, PT[1]); 223| 21.9k| F2(D, E, A, B, C, PT[2]); 224| 21.9k| F2(C, D, E, A, B, PT[3]); 225| | 226| 21.9k| P2.store_le128(PT, &W2[24]); 227| 21.9k| P2 = sha1_avx2_next_w(XW2, XW3, XW0, XW1) + SIMD_8x32::splat(K3); 228| 21.9k| F2(B, C, D, E, A, PT[0]); 229| 21.9k| F2(A, B, C, D, E, PT[1]); 230| 21.9k| F2(E, A, B, C, D, PT[2]); 231| 21.9k| F2(D, E, A, B, C, PT[3]); 232| | 233| 21.9k| P3.store_le128(PT, &W2[28]); 234| 21.9k| P3 = sha1_avx2_next_w(XW3, XW0, XW1, XW2) + SIMD_8x32::splat(K3); 235| 21.9k| F2(C, D, E, A, B, PT[0]); 236| 21.9k| F2(B, C, D, E, A, PT[1]); 237| 21.9k| F2(A, B, C, D, E, PT[2]); 238| 21.9k| F2(E, A, B, C, D, PT[3]); 239| | 240| 21.9k| P0.store_le128(PT, &W2[32]); 241| 21.9k| P0 = sha1_avx2_next_w(XW0, XW1, XW2, XW3) + SIMD_8x32::splat(K3); 242| 21.9k| F2(D, E, A, B, C, PT[0]); 243| 21.9k| F2(C, D, E, A, B, PT[1]); 244| 21.9k| F2(B, C, D, E, A, PT[2]); 245| 21.9k| F2(A, B, C, D, E, PT[3]); 246| | 247| 21.9k| P1.store_le128(PT, &W2[36]); 248| 21.9k| P1 = sha1_avx2_next_w(XW1, XW2, XW3, XW0) + SIMD_8x32::splat(K3); 249| 21.9k| F2(E, A, B, C, D, PT[0]); 250| 21.9k| F2(D, E, A, B, C, PT[1]); 251| 21.9k| F2(C, D, E, A, B, PT[2]); 252| 21.9k| F2(B, C, D, E, A, PT[3]); 253| | 254| 21.9k| P2.store_le128(PT, &W2[40]); 255| 21.9k| P2 = sha1_avx2_next_w(XW2, XW3, XW0, XW1) + SIMD_8x32::splat(K3); 256| 21.9k| F3(A, B, C, D, E, PT[0]); 257| 21.9k| F3(E, A, B, C, D, PT[1]); 258| 21.9k| F3(D, E, A, B, C, PT[2]); 259| 21.9k| F3(C, D, E, A, B, PT[3]); 260| | 261| 21.9k| P3.store_le128(PT, &W2[44]); 262| 21.9k| P3 = sha1_avx2_next_w(XW3, XW0, XW1, XW2) + SIMD_8x32::splat(K4); 263| 21.9k| F3(B, C, D, E, A, PT[0]); 264| 21.9k| F3(A, B, C, D, E, PT[1]); 265| 21.9k| F3(E, A, B, C, D, PT[2]); 266| 21.9k| F3(D, E, A, B, C, PT[3]); 267| | 268| 21.9k| P0.store_le128(PT, &W2[48]); 269| 21.9k| P0 = sha1_avx2_next_w(XW0, XW1, XW2, XW3) + SIMD_8x32::splat(K4); 270| 21.9k| F3(C, D, E, A, B, PT[0]); 271| 21.9k| F3(B, C, D, E, A, PT[1]); 272| 21.9k| F3(A, B, C, D, E, PT[2]); 273| 21.9k| F3(E, A, B, C, D, PT[3]); 274| | 275| 21.9k| P1.store_le128(PT, &W2[52]); 276| 21.9k| P1 = sha1_avx2_next_w(XW1, XW2, XW3, XW0) + SIMD_8x32::splat(K4); 277| 21.9k| F3(D, E, A, B, C, PT[0]); 278| 21.9k| F3(C, D, E, A, B, PT[1]); 279| 21.9k| F3(B, C, D, E, A, PT[2]); 280| 21.9k| F3(A, B, C, D, E, PT[3]); 281| | 282| 21.9k| P2.store_le128(PT, &W2[56]); 283| 21.9k| P2 = sha1_avx2_next_w(XW2, XW3, XW0, XW1) + SIMD_8x32::splat(K4); 284| 21.9k| F3(E, A, B, C, D, PT[0]); 285| 21.9k| F3(D, E, A, B, C, PT[1]); 286| 21.9k| F3(C, D, E, A, B, PT[2]); 287| 21.9k| F3(B, C, D, E, A, PT[3]); 288| | 289| 21.9k| P3.store_le128(PT, &W2[60]); 290| 21.9k| P3 = sha1_avx2_next_w(XW3, XW0, XW1, XW2) + SIMD_8x32::splat(K4); 291| 21.9k| F4(A, B, C, D, E, PT[0]); 292| 21.9k| F4(E, A, B, C, D, PT[1]); 293| 21.9k| F4(D, E, A, B, C, PT[2]); 294| 21.9k| F4(C, D, E, A, B, PT[3]); 295| | 296| 21.9k| P0.store_le128(PT, &W2[64]); 297| 21.9k| F4(B, C, D, E, A, PT[0]); 298| 21.9k| F4(A, B, C, D, E, PT[1]); 299| 21.9k| F4(E, A, B, C, D, PT[2]); 300| 21.9k| F4(D, E, A, B, C, PT[3]); 301| | 302| 21.9k| P1.store_le128(PT, &W2[68]); 303| 21.9k| F4(C, D, E, A, B, PT[0]); 304| 21.9k| F4(B, C, D, E, A, PT[1]); 305| 21.9k| F4(A, B, C, D, E, PT[2]); 306| 21.9k| F4(E, A, B, C, D, PT[3]); 307| | 308| 21.9k| P2.store_le128(PT, &W2[72]); 309| 21.9k| F4(D, E, A, B, C, PT[0]); 310| 21.9k| F4(C, D, E, A, B, PT[1]); 311| 21.9k| F4(B, C, D, E, A, PT[2]); 312| 21.9k| F4(A, B, C, D, E, PT[3]); 313| | 314| 21.9k| P3.store_le128(PT, &W2[76]); 315| 21.9k| F4(E, A, B, C, D, PT[0]); 316| 21.9k| F4(D, E, A, B, C, PT[1]); 317| 21.9k| F4(C, D, E, A, B, PT[2]); 318| 21.9k| F4(B, C, D, E, A, PT[3]); 319| | 320| | // NOLINTEND(readability-suspicious-call-argument) 321| | 322| 21.9k| A = (digest[0] += A); 323| 21.9k| B = (digest[1] += B); 324| 21.9k| C = (digest[2] += C); 325| 21.9k| D = (digest[3] += D); 326| 21.9k| E = (digest[4] += E); 327| | 328| | // Second block with pre-expanded message 329| 21.9k| F1(A, B, C, D, E, W2[0]); 330| 21.9k| F1(E, A, B, C, D, W2[1]); 331| 21.9k| F1(D, E, A, B, C, W2[2]); 332| 21.9k| F1(C, D, E, A, B, W2[3]); 333| 21.9k| F1(B, C, D, E, A, W2[4]); 334| 21.9k| F1(A, B, C, D, E, W2[5]); 335| 21.9k| F1(E, A, B, C, D, W2[6]); 336| 21.9k| F1(D, E, A, B, C, W2[7]); 337| 21.9k| F1(C, D, E, A, B, W2[8]); 338| 21.9k| F1(B, C, D, E, A, W2[9]); 339| 21.9k| F1(A, B, C, D, E, W2[10]); 340| 21.9k| F1(E, A, B, C, D, W2[11]); 341| 21.9k| F1(D, E, A, B, C, W2[12]); 342| 21.9k| F1(C, D, E, A, B, W2[13]); 343| 21.9k| F1(B, C, D, E, A, W2[14]); 344| 21.9k| F1(A, B, C, D, E, W2[15]); 345| 21.9k| F1(E, A, B, C, D, W2[16]); 346| 21.9k| F1(D, E, A, B, C, W2[17]); 347| 21.9k| F1(C, D, E, A, B, W2[18]); 348| 21.9k| F1(B, C, D, E, A, W2[19]); 349| 21.9k| F2(A, B, C, D, E, W2[20]); 350| 21.9k| F2(E, A, B, C, D, W2[21]); 351| 21.9k| F2(D, E, A, B, C, W2[22]); 352| 21.9k| F2(C, D, E, A, B, W2[23]); 353| 21.9k| F2(B, C, D, E, A, W2[24]); 354| 21.9k| F2(A, B, C, D, E, W2[25]); 355| 21.9k| F2(E, A, B, C, D, W2[26]); 356| 21.9k| F2(D, E, A, B, C, W2[27]); 357| 21.9k| F2(C, D, E, A, B, W2[28]); 358| 21.9k| F2(B, C, D, E, A, W2[29]); 359| 21.9k| F2(A, B, C, D, E, W2[30]); 360| 21.9k| F2(E, A, B, C, D, W2[31]); 361| 21.9k| F2(D, E, A, B, C, W2[32]); 362| 21.9k| F2(C, D, E, A, B, W2[33]); 363| 21.9k| F2(B, C, D, E, A, W2[34]); 364| 21.9k| F2(A, B, C, D, E, W2[35]); 365| 21.9k| F2(E, A, B, C, D, W2[36]); 366| 21.9k| F2(D, E, A, B, C, W2[37]); 367| 21.9k| F2(C, D, E, A, B, W2[38]); 368| 21.9k| F2(B, C, D, E, A, W2[39]); 369| 21.9k| F3(A, B, C, D, E, W2[40]); 370| 21.9k| F3(E, A, B, C, D, W2[41]); 371| 21.9k| F3(D, E, A, B, C, W2[42]); 372| 21.9k| F3(C, D, E, A, B, W2[43]); 373| 21.9k| F3(B, C, D, E, A, W2[44]); 374| 21.9k| F3(A, B, C, D, E, W2[45]); 375| 21.9k| F3(E, A, B, C, D, W2[46]); 376| 21.9k| F3(D, E, A, B, C, W2[47]); 377| 21.9k| F3(C, D, E, A, B, W2[48]); 378| 21.9k| F3(B, C, D, E, A, W2[49]); 379| 21.9k| F3(A, B, C, D, E, W2[50]); 380| 21.9k| F3(E, A, B, C, D, W2[51]); 381| 21.9k| F3(D, E, A, B, C, W2[52]); 382| 21.9k| F3(C, D, E, A, B, W2[53]); 383| 21.9k| F3(B, C, D, E, A, W2[54]); 384| 21.9k| F3(A, B, C, D, E, W2[55]); 385| 21.9k| F3(E, A, B, C, D, W2[56]); 386| 21.9k| F3(D, E, A, B, C, W2[57]); 387| 21.9k| F3(C, D, E, A, B, W2[58]); 388| 21.9k| F3(B, C, D, E, A, W2[59]); 389| 21.9k| F4(A, B, C, D, E, W2[60]); 390| 21.9k| F4(E, A, B, C, D, W2[61]); 391| 21.9k| F4(D, E, A, B, C, W2[62]); 392| 21.9k| F4(C, D, E, A, B, W2[63]); 393| 21.9k| F4(B, C, D, E, A, W2[64]); 394| 21.9k| F4(A, B, C, D, E, W2[65]); 395| 21.9k| F4(E, A, B, C, D, W2[66]); 396| 21.9k| F4(D, E, A, B, C, W2[67]); 397| 21.9k| F4(C, D, E, A, B, W2[68]); 398| 21.9k| F4(B, C, D, E, A, W2[69]); 399| 21.9k| F4(A, B, C, D, E, W2[70]); 400| 21.9k| F4(E, A, B, C, D, W2[71]); 401| 21.9k| F4(D, E, A, B, C, W2[72]); 402| 21.9k| F4(C, D, E, A, B, W2[73]); 403| 21.9k| F4(B, C, D, E, A, W2[74]); 404| 21.9k| F4(A, B, C, D, E, W2[75]); 405| 21.9k| F4(E, A, B, C, D, W2[76]); 406| 21.9k| F4(D, E, A, B, C, W2[77]); 407| 21.9k| F4(C, D, E, A, B, W2[78]); 408| 21.9k| F4(B, C, D, E, A, W2[79]); 409| | 410| 21.9k| A = (digest[0] += A); 411| 21.9k| B = (digest[1] += B); 412| 21.9k| C = (digest[2] += C); 413| 21.9k| D = (digest[3] += D); 414| 21.9k| E = (digest[4] += E); 415| 21.9k| } 416| | 417| 114k| for(size_t i = 0; i != blocks; ++i) { ------------------ | Branch (417:22): [True: 57.1k, False: 57.1k] ------------------ 418| 57.1k| uint32_t PT[8]; 419| | 420| 57.1k| const auto block = in.take(block_bytes); 421| | 422| 57.1k| SIMD_8x32 W0 = SIMD_8x32::load_be(&block[0]); // NOLINT(*-container-data-pointer) 423| 57.1k| SIMD_8x32 W2 = SIMD_8x32::load_be(&block[32]); 424| | 425| 57.1k| SIMD_8x32 P0 = W0 + K11; 426| 57.1k| SIMD_8x32 P2 = W2 + K11; 427| | 428| 57.1k| P0.store_le(PT); 429| 57.1k| P0 = sha1_avx2_next_w2(W0, W2) + K12; 430| | 431| 57.1k| F1(A, B, C, D, E, PT[0]); 432| 57.1k| F1(E, A, B, C, D, PT[1]); 433| 57.1k| F1(D, E, A, B, C, PT[2]); 434| 57.1k| F1(C, D, E, A, B, PT[3]); 435| 57.1k| F1(B, C, D, E, A, PT[4]); 436| 57.1k| F1(A, B, C, D, E, PT[5]); 437| 57.1k| F1(E, A, B, C, D, PT[6]); 438| 57.1k| F1(D, E, A, B, C, PT[7]); 439| | 440| 57.1k| P2.store_le(PT); 441| 57.1k| P2 = sha1_avx2_next_w2(W2, W0) + K22; 442| | 443| 57.1k| F1(C, D, E, A, B, PT[0]); 444| 57.1k| F1(B, C, D, E, A, PT[1]); 445| 57.1k| F1(A, B, C, D, E, PT[2]); 446| 57.1k| F1(E, A, B, C, D, PT[3]); 447| 57.1k| F1(D, E, A, B, C, PT[4]); 448| 57.1k| F1(C, D, E, A, B, PT[5]); 449| 57.1k| F1(B, C, D, E, A, PT[6]); 450| 57.1k| F1(A, B, C, D, E, PT[7]); 451| | 452| 57.1k| P0.store_le(PT); 453| 57.1k| P0 = sha1_avx2_next_w2(W0, W2) + K22; 454| | 455| 57.1k| F1(E, A, B, C, D, PT[0]); 456| 57.1k| F1(D, E, A, B, C, PT[1]); 457| 57.1k| F1(C, D, E, A, B, PT[2]); 458| 57.1k| F1(B, C, D, E, A, PT[3]); 459| 57.1k| F2(A, B, C, D, E, PT[4]); 460| 57.1k| F2(E, A, B, C, D, PT[5]); 461| 57.1k| F2(D, E, A, B, C, PT[6]); 462| 57.1k| F2(C, D, E, A, B, PT[7]); 463| | 464| 57.1k| P2.store_le(PT); 465| 57.1k| P2 = sha1_avx2_next_w2(W2, W0) + K33; 466| | 467| 57.1k| F2(B, C, D, E, A, PT[0]); 468| 57.1k| F2(A, B, C, D, E, PT[1]); 469| 57.1k| F2(E, A, B, C, D, PT[2]); 470| 57.1k| F2(D, E, A, B, C, PT[3]); 471| 57.1k| F2(C, D, E, A, B, PT[4]); 472| 57.1k| F2(B, C, D, E, A, PT[5]); 473| 57.1k| F2(A, B, C, D, E, PT[6]); 474| 57.1k| F2(E, A, B, C, D, PT[7]); 475| | 476| 57.1k| P0.store_le(PT); 477| 57.1k| P0 = sha1_avx2_next_w2(W0, W2) + K33; 478| | 479| 57.1k| F2(D, E, A, B, C, PT[0]); 480| 57.1k| F2(C, D, E, A, B, PT[1]); 481| 57.1k| F2(B, C, D, E, A, PT[2]); 482| 57.1k| F2(A, B, C, D, E, PT[3]); 483| 57.1k| F2(E, A, B, C, D, PT[4]); 484| 57.1k| F2(D, E, A, B, C, PT[5]); 485| 57.1k| F2(C, D, E, A, B, PT[6]); 486| 57.1k| F2(B, C, D, E, A, PT[7]); 487| | 488| 57.1k| P2.store_le(PT); 489| 57.1k| P2 = sha1_avx2_next_w2(W2, W0) + K34; 490| | 491| 57.1k| F3(A, B, C, D, E, PT[0]); 492| 57.1k| F3(E, A, B, C, D, PT[1]); 493| 57.1k| F3(D, E, A, B, C, PT[2]); 494| 57.1k| F3(C, D, E, A, B, PT[3]); 495| 57.1k| F3(B, C, D, E, A, PT[4]); 496| 57.1k| F3(A, B, C, D, E, PT[5]); 497| 57.1k| F3(E, A, B, C, D, PT[6]); 498| 57.1k| F3(D, E, A, B, C, PT[7]); 499| | 500| 57.1k| P0.store_le(PT); 501| 57.1k| P0 = sha1_avx2_next_w2(W0, W2) + K44; 502| | 503| 57.1k| F3(C, D, E, A, B, PT[0]); 504| 57.1k| F3(B, C, D, E, A, PT[1]); 505| 57.1k| F3(A, B, C, D, E, PT[2]); 506| 57.1k| F3(E, A, B, C, D, PT[3]); 507| 57.1k| F3(D, E, A, B, C, PT[4]); 508| 57.1k| F3(C, D, E, A, B, PT[5]); 509| 57.1k| F3(B, C, D, E, A, PT[6]); 510| 57.1k| F3(A, B, C, D, E, PT[7]); 511| | 512| 57.1k| P2.store_le(PT); 513| 57.1k| P2 = sha1_avx2_next_w2(W2, W0) + K44; 514| | 515| 57.1k| F3(E, A, B, C, D, PT[0]); 516| 57.1k| F3(D, E, A, B, C, PT[1]); 517| 57.1k| F3(C, D, E, A, B, PT[2]); 518| 57.1k| F3(B, C, D, E, A, PT[3]); 519| 57.1k| F4(A, B, C, D, E, PT[4]); 520| 57.1k| F4(E, A, B, C, D, PT[5]); 521| 57.1k| F4(D, E, A, B, C, PT[6]); 522| 57.1k| F4(C, D, E, A, B, PT[7]); 523| | 524| 57.1k| P0.store_le(PT); 525| | 526| 57.1k| F4(B, C, D, E, A, PT[0]); 527| 57.1k| F4(A, B, C, D, E, PT[1]); 528| 57.1k| F4(E, A, B, C, D, PT[2]); 529| 57.1k| F4(D, E, A, B, C, PT[3]); 530| 57.1k| F4(C, D, E, A, B, PT[4]); 531| 57.1k| F4(B, C, D, E, A, PT[5]); 532| 57.1k| F4(A, B, C, D, E, PT[6]); 533| 57.1k| F4(E, A, B, C, D, PT[7]); 534| | 535| 57.1k| P2.store_le(PT); 536| | 537| 57.1k| F4(D, E, A, B, C, PT[0]); 538| 57.1k| F4(C, D, E, A, B, PT[1]); 539| 57.1k| F4(B, C, D, E, A, PT[2]); 540| 57.1k| F4(A, B, C, D, E, PT[3]); 541| 57.1k| F4(E, A, B, C, D, PT[4]); 542| 57.1k| F4(D, E, A, B, C, PT[5]); 543| 57.1k| F4(C, D, E, A, B, PT[6]); 544| 57.1k| F4(B, C, D, E, A, PT[7]); 545| | 546| 57.1k| A = (digest[0] += A); 547| 57.1k| B = (digest[1] += B); 548| 57.1k| C = (digest[2] += C); 549| 57.1k| D = (digest[3] += D); 550| 57.1k| E = (digest[4] += E); 551| 57.1k| } 552| 57.1k|} sha1_avx2.cpp:_ZN5Botan12_GLOBAL__N_116sha1_avx2_next_wERNS_9SIMD_8x32ES1_S1_S1_: 27| 350k| SIMD_8x32 XW3) { 28| 350k| SIMD_8x32 T0 = XW0; // W[t-16..t-13] 29| 350k| T0 ^= SIMD_8x32(_mm256_alignr_epi8(XW1.raw(), XW0.raw(), 8)); 30| 350k| T0 ^= XW2; // W[t-8..t-5] 31| 350k| T0 ^= SIMD_8x32(_mm256_srli_si256(XW3.raw(), 4)); // W[t-3..t-1] || 0 32| | 33| | /* unrotated W[t]..W[t+2] in T0 ... still need W[t+3] */ 34| | 35| | // Extract w[t+0] into T2 36| 350k| auto T2 = SIMD_8x32(_mm256_slli_si256(T0.raw(), 3 * 4)); 37| | 38| | // Main rotation 39| 350k| T0 = T0.rotl<1>(); 40| | 41| | // Rotation of W[t+3] has rot by 2 to account for us working on non-rotated words 42| 350k| T2 = T2.rotl<2>(); 43| | 44| | // Merge rol(W[t+0], 1) into W[t+3] 45| 350k| T0 ^= T2; 46| | 47| 350k| XW0 = T0; 48| 350k| return T0; 49| 350k|} sha1_avx2.cpp:_ZN5Botan12_GLOBAL__N_117sha1_avx2_next_w2ERNS_9SIMD_8x32ES1_: 115| 456k|BOTAN_FN_ISA_AVX2_BMI2 BOTAN_FORCE_INLINE SIMD_8x32 sha1_avx2_next_w2(SIMD_8x32& W0, SIMD_8x32 W2) { 116| | // W[j-16..j-9] ^ W[j-8...j-1] 117| 456k| auto WN = W0 ^ W2; 118| | 119| | // XOR in W[j-3..j-1] || 0 || 0 || 0 || W[j-8...j-7] 120| 456k| WN ^= permute_words<5, 6, 7, -1, -1, -1, 0, 1>(W2); 121| | 122| | // XOR in W[j-14...j-9] || 0 || 0 123| 456k| WN ^= permute_words<2, 3, 4, 5, 6, 7, -1, -1>(W0); 124| | 125| | // Extract W[j...j+2], rotate, and XOR into W[j+3...j+5] 126| 456k| auto T0 = permute_words<-1, -1, -1, 0, 1, 2, -1, -1>(WN).rotl<2>(); 127| 456k| WN = WN.rotl<1>(); // main block rotation 128| | 129| 456k| WN ^= T0; 130| | 131| | // Extract W[j+3...j+4], rotate, and XOR into W[j+6...j+7] 132| 456k| WN ^= permute_words<-1, -1, -1, -1, -1, -1, 3, 4>(WN).rotl<1>(); 133| | 134| 456k| W0 = WN; 135| 456k| return WN; 136| 456k|} sha1_avx2.cpp:_ZN5Botan12_GLOBAL__N_113permute_wordsILi5ELi6ELi7ELin1ELin1ELin1ELi0ELi1EEENS_9SIMD_8x32ES2_: 58| 456k|BOTAN_FN_ISA_AVX2_BMI2 BOTAN_FORCE_INLINE SIMD_8x32 permute_words(SIMD_8x32 v) { 59| 456k| const __m256i tbl = _mm256_setr_epi32(I0, I1, I2, I3, I4, I5, I6, I7); 60| 456k| const __m256i mask = _mm256_setr_epi32(I0 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (60:43): [True: 456k, Folded] ------------------ 61| 456k| I1 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (61:43): [True: 456k, Folded] ------------------ 62| 456k| I2 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (62:43): [True: 456k, Folded] ------------------ 63| 456k| I3 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (63:43): [Folded, False: 456k] ------------------ 64| 456k| I4 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (64:43): [Folded, False: 456k] ------------------ 65| 456k| I5 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (65:43): [Folded, False: 456k] ------------------ 66| 456k| I6 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (66:43): [True: 456k, Folded] ------------------ 67| 456k| I7 >= 0 ? 0xFFFFFFFF : 0); ------------------ | Branch (67:43): [True: 456k, Folded] ------------------ 68| | 69| 456k| return SIMD_8x32(_mm256_and_si256(mask, _mm256_permutevar8x32_epi32(v.raw(), tbl))); 70| 456k|} sha1_avx2.cpp:_ZN5Botan12_GLOBAL__N_113permute_wordsILi2ELi3ELi4ELi5ELi6ELi7ELin1ELin1EEENS_9SIMD_8x32ES2_: 58| 456k|BOTAN_FN_ISA_AVX2_BMI2 BOTAN_FORCE_INLINE SIMD_8x32 permute_words(SIMD_8x32 v) { 59| 456k| const __m256i tbl = _mm256_setr_epi32(I0, I1, I2, I3, I4, I5, I6, I7); 60| 456k| const __m256i mask = _mm256_setr_epi32(I0 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (60:43): [True: 456k, Folded] ------------------ 61| 456k| I1 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (61:43): [True: 456k, Folded] ------------------ 62| 456k| I2 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (62:43): [True: 456k, Folded] ------------------ 63| 456k| I3 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (63:43): [True: 456k, Folded] ------------------ 64| 456k| I4 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (64:43): [True: 456k, Folded] ------------------ 65| 456k| I5 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (65:43): [True: 456k, Folded] ------------------ 66| 456k| I6 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (66:43): [Folded, False: 456k] ------------------ 67| 456k| I7 >= 0 ? 0xFFFFFFFF : 0); ------------------ | Branch (67:43): [Folded, False: 456k] ------------------ 68| | 69| 456k| return SIMD_8x32(_mm256_and_si256(mask, _mm256_permutevar8x32_epi32(v.raw(), tbl))); 70| 456k|} sha1_avx2.cpp:_ZN5Botan12_GLOBAL__N_113permute_wordsILin1ELin1ELin1ELi0ELi1ELi2ELin1ELin1EEENS_9SIMD_8x32ES2_: 58| 456k|BOTAN_FN_ISA_AVX2_BMI2 BOTAN_FORCE_INLINE SIMD_8x32 permute_words(SIMD_8x32 v) { 59| 456k| const __m256i tbl = _mm256_setr_epi32(I0, I1, I2, I3, I4, I5, I6, I7); 60| 456k| const __m256i mask = _mm256_setr_epi32(I0 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (60:43): [Folded, False: 456k] ------------------ 61| 456k| I1 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (61:43): [Folded, False: 456k] ------------------ 62| 456k| I2 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (62:43): [Folded, False: 456k] ------------------ 63| 456k| I3 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (63:43): [True: 456k, Folded] ------------------ 64| 456k| I4 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (64:43): [True: 456k, Folded] ------------------ 65| 456k| I5 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (65:43): [True: 456k, Folded] ------------------ 66| 456k| I6 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (66:43): [Folded, False: 456k] ------------------ 67| 456k| I7 >= 0 ? 0xFFFFFFFF : 0); ------------------ | Branch (67:43): [Folded, False: 456k] ------------------ 68| | 69| 456k| return SIMD_8x32(_mm256_and_si256(mask, _mm256_permutevar8x32_epi32(v.raw(), tbl))); 70| 456k|} sha1_avx2.cpp:_ZN5Botan12_GLOBAL__N_113permute_wordsILin1ELin1ELin1ELin1ELin1ELin1ELi3ELi4EEENS_9SIMD_8x32ES2_: 58| 456k|BOTAN_FN_ISA_AVX2_BMI2 BOTAN_FORCE_INLINE SIMD_8x32 permute_words(SIMD_8x32 v) { 59| 456k| const __m256i tbl = _mm256_setr_epi32(I0, I1, I2, I3, I4, I5, I6, I7); 60| 456k| const __m256i mask = _mm256_setr_epi32(I0 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (60:43): [Folded, False: 456k] ------------------ 61| 456k| I1 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (61:43): [Folded, False: 456k] ------------------ 62| 456k| I2 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (62:43): [Folded, False: 456k] ------------------ 63| 456k| I3 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (63:43): [Folded, False: 456k] ------------------ 64| 456k| I4 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (64:43): [Folded, False: 456k] ------------------ 65| 456k| I5 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (65:43): [Folded, False: 456k] ------------------ 66| 456k| I6 >= 0 ? 0xFFFFFFFF : 0, ------------------ | Branch (66:43): [True: 456k, Folded] ------------------ 67| 456k| I7 >= 0 ? 0xFFFFFFFF : 0); ------------------ | Branch (67:43): [True: 456k, Folded] ------------------ 68| | 69| 456k| return SIMD_8x32(_mm256_and_si256(mask, _mm256_permutevar8x32_epi32(v.raw(), tbl))); 70| 456k|} _ZN5Botan7SHA_25615compress_digestERNSt3__16vectorIjNS_16secure_allocatorIjEEEENS1_4spanIKhLm18446744073709551615EEEm: 59| 183k| size_t blocks) { 60| 183k|#if defined(BOTAN_HAS_SHA2_32_X86) 61| 183k| if(CPUID::has(CPUID::Feature::SHA)) { ------------------ | Branch (61:7): [True: 0, False: 183k] ------------------ 62| 0| return SHA_256::compress_digest_x86(digest, input, blocks); 63| 0| } 64| 183k|#endif 65| | 66| |#if defined(BOTAN_HAS_SHA2_32_ARMV8) 67| | if(CPUID::has(CPUID::Feature::SHA2)) { 68| | return SHA_256::compress_digest_armv8(digest, input, blocks); 69| | } 70| |#endif 71| | 72| 183k|#if defined(BOTAN_HAS_SHA2_32_X86_AVX2) 73| 183k| if(CPUID::has(CPUID::Feature::AVX2, CPUID::Feature::BMI)) { ------------------ | Branch (73:7): [True: 183k, False: 0] ------------------ 74| 183k| return SHA_256::compress_digest_x86_avx2(digest, input, blocks); 75| 183k| } 76| 0|#endif 77| | 78| 0|#if defined(BOTAN_HAS_SHA2_32_SIMD) 79| 0| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (79:7): [True: 0, False: 0] ------------------ 80| 0| return SHA_256::compress_digest_x86_simd(digest, input, blocks); 81| 0| } 82| 0|#endif 83| | 84| 0| uint32_t A = digest[0]; 85| 0| uint32_t B = digest[1]; 86| 0| uint32_t C = digest[2]; 87| 0| uint32_t D = digest[3]; 88| 0| uint32_t E = digest[4]; 89| 0| uint32_t F = digest[5]; 90| 0| uint32_t G = digest[6]; 91| 0| uint32_t H = digest[7]; 92| | 93| 0| std::array W{}; 94| | 95| 0| BufferSlicer in(input); 96| | 97| 0| for(size_t i = 0; i != blocks; ++i) { ------------------ | Branch (97:22): [True: 0, False: 0] ------------------ 98| 0| load_be(W, in.take()); 99| | 100| | // clang-format off 101| | 102| 0| SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x428A2F98); 103| 0| SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x71374491); 104| 0| SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0xB5C0FBCF); 105| 0| SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0xE9B5DBA5); 106| 0| SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x3956C25B); 107| 0| SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x59F111F1); 108| 0| SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x923F82A4); 109| 0| SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0xAB1C5ED5); 110| 0| SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xD807AA98); 111| 0| SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x12835B01); 112| 0| SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x243185BE); 113| 0| SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x550C7DC3); 114| 0| SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x72BE5D74); 115| 0| SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0x80DEB1FE); 116| 0| SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x9BDC06A7); 117| 0| SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC19BF174); 118| | 119| 0| SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0xE49B69C1); 120| 0| SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0xEFBE4786); 121| 0| SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x0FC19DC6); 122| 0| SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x240CA1CC); 123| 0| SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x2DE92C6F); 124| 0| SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4A7484AA); 125| 0| SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5CB0A9DC); 126| 0| SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x76F988DA); 127| 0| SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x983E5152); 128| 0| SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA831C66D); 129| 0| SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xB00327C8); 130| 0| SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xBF597FC7); 131| 0| SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xC6E00BF3); 132| 0| SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD5A79147); 133| 0| SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x06CA6351); 134| 0| SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x14292967); 135| | 136| 0| SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x27B70A85); 137| 0| SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x2E1B2138); 138| 0| SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x4D2C6DFC); 139| 0| SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x53380D13); 140| 0| SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x650A7354); 141| 0| SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x766A0ABB); 142| 0| SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x81C2C92E); 143| 0| SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x92722C85); 144| 0| SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xA2BFE8A1); 145| 0| SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA81A664B); 146| 0| SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xC24B8B70); 147| 0| SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xC76C51A3); 148| 0| SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xD192E819); 149| 0| SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD6990624); 150| 0| SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xF40E3585); 151| 0| SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x106AA070); 152| | 153| 0| SHA2_32_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x19A4C116); 154| 0| SHA2_32_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x1E376C08); 155| 0| SHA2_32_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x2748774C); 156| 0| SHA2_32_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x34B0BCB5); 157| 0| SHA2_32_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x391C0CB3); 158| 0| SHA2_32_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4ED8AA4A); 159| 0| SHA2_32_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5B9CCA4F); 160| 0| SHA2_32_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x682E6FF3); 161| 0| SHA2_32_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x748F82EE); 162| 0| SHA2_32_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x78A5636F); 163| 0| SHA2_32_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x84C87814); 164| 0| SHA2_32_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x8CC70208); 165| 0| SHA2_32_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x90BEFFFA); 166| 0| SHA2_32_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xA4506CEB); 167| 0| SHA2_32_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xBEF9A3F7); 168| 0| SHA2_32_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC67178F2); 169| | 170| | // clang-format on 171| | 172| 0| A = (digest[0] += A); 173| 0| B = (digest[1] += B); 174| 0| C = (digest[2] += C); 175| 0| D = (digest[3] += D); 176| 0| E = (digest[4] += E); 177| 0| F = (digest[5] += F); 178| 0| G = (digest[6] += G); 179| 0| H = (digest[7] += H); 180| 0| } 181| 0|} _ZN5Botan7SHA_25610compress_nERNSt3__16vectorIjNS_16secure_allocatorIjEEEENS1_4spanIKhLm18446744073709551615EEEm: 215| 183k|void SHA_256::compress_n(digest_type& digest, std::span input, size_t blocks) { 216| 183k| SHA_256::compress_digest(digest, input, blocks); 217| 183k|} _ZN5Botan7SHA_2564initERNSt3__16vectorIjNS_16secure_allocatorIjEEEE: 219| 133k|void SHA_256::init(digest_type& digest) { 220| 133k| digest.assign({0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19}); 221| 133k|} _ZN5Botan7SHA_2568add_dataENSt3__14spanIKhLm18446744073709551615EEE: 231| 189k|void SHA_256::add_data(std::span input) { 232| 189k| m_md.update(input); 233| 189k|} _ZN5Botan7SHA_25612final_resultENSt3__14spanIhLm18446744073709551615EEE: 235| 88.2k|void SHA_256::final_result(std::span output) { 236| 88.2k| m_md.final(output); 237| 88.2k|} _ZN5Botan7SHA_25624compress_digest_x86_avx2ERNSt3__16vectorIjNS_16secure_allocatorIjEEEENS1_4spanIKhLm18446744073709551615EEEm: 100| 183k| digest_type& digest, std::span input, size_t blocks) { 101| | // clang-format off 102| | 103| 183k| alignas(64) const uint32_t K[64] = { 104| 183k| 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, 105| 183k| 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, 106| 183k| 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC, 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, 107| 183k| 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967, 108| 183k| 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, 109| 183k| 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, 110| 183k| 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, 111| 183k| 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2}; 112| | 113| | // clang-format on 114| | 115| 183k| alignas(64) uint32_t W[16]; 116| 183k| alignas(64) uint32_t W2[64]; 117| | 118| 183k| uint32_t A = digest[0]; 119| 183k| uint32_t B = digest[1]; 120| 183k| uint32_t C = digest[2]; 121| 183k| uint32_t D = digest[3]; 122| 183k| uint32_t E = digest[4]; 123| 183k| uint32_t F = digest[5]; 124| 183k| uint32_t G = digest[6]; 125| 183k| uint32_t H = digest[7]; 126| | 127| 183k| const uint8_t* data = input.data(); 128| | 129| 208k| while(blocks >= 2) { ------------------ | Branch (129:10): [True: 24.7k, False: 183k] ------------------ 130| 24.7k| SIMD_8x32 WS[4]; 131| | 132| 123k| for(size_t i = 0; i < 4; i++) { ------------------ | Branch (132:25): [True: 99.1k, False: 24.7k] ------------------ 133| 99.1k| WS[i] = SIMD_8x32::load_be128(&data[16 * i], &data[64 + 16 * i]); 134| 99.1k| auto WK = WS[i] + SIMD_8x32::load_le128(&K[4 * i]); 135| 99.1k| WK.store_le128(&W[4 * i], &W2[4 * i]); 136| 99.1k| } 137| | 138| 24.7k| data += 2 * 64; 139| 24.7k| blocks -= 2; 140| | 141| 99.1k| for(size_t r = 0; r != 48; r += 16) { ------------------ | Branch (141:25): [True: 74.3k, False: 24.7k] ------------------ 142| 74.3k| auto w = next_w(WS) + SIMD_8x32::load_le128(&K[r + 16]); 143| | 144| 74.3k| SHA2_32_F(A, B, C, D, E, F, G, H, W[0]); 145| 74.3k| SHA2_32_F(H, A, B, C, D, E, F, G, W[1]); 146| 74.3k| SHA2_32_F(G, H, A, B, C, D, E, F, W[2]); 147| 74.3k| SHA2_32_F(F, G, H, A, B, C, D, E, W[3]); 148| | 149| 74.3k| w.store_le128(&W[0], &W2[r + 16]); 150| | 151| 74.3k| w = next_w(WS) + SIMD_8x32::load_le128(&K[r + 20]); 152| | 153| 74.3k| SHA2_32_F(E, F, G, H, A, B, C, D, W[4]); 154| 74.3k| SHA2_32_F(D, E, F, G, H, A, B, C, W[5]); 155| 74.3k| SHA2_32_F(C, D, E, F, G, H, A, B, W[6]); 156| 74.3k| SHA2_32_F(B, C, D, E, F, G, H, A, W[7]); 157| | 158| 74.3k| w.store_le128(&W[4], &W2[r + 20]); 159| | 160| 74.3k| w = next_w(WS) + SIMD_8x32::load_le128(&K[r + 24]); 161| | 162| 74.3k| SHA2_32_F(A, B, C, D, E, F, G, H, W[8]); 163| 74.3k| SHA2_32_F(H, A, B, C, D, E, F, G, W[9]); 164| 74.3k| SHA2_32_F(G, H, A, B, C, D, E, F, W[10]); 165| 74.3k| SHA2_32_F(F, G, H, A, B, C, D, E, W[11]); 166| | 167| 74.3k| w.store_le128(&W[8], &W2[r + 24]); 168| | 169| 74.3k| w = next_w(WS) + SIMD_8x32::load_le128(&K[r + 28]); 170| | 171| 74.3k| SHA2_32_F(E, F, G, H, A, B, C, D, W[12]); 172| 74.3k| SHA2_32_F(D, E, F, G, H, A, B, C, W[13]); 173| 74.3k| SHA2_32_F(C, D, E, F, G, H, A, B, W[14]); 174| 74.3k| SHA2_32_F(B, C, D, E, F, G, H, A, W[15]); 175| | 176| 74.3k| w.store_le128(&W[12], &W2[r + 28]); 177| 74.3k| } 178| | 179| 24.7k| SHA2_32_F(A, B, C, D, E, F, G, H, W[0]); 180| 24.7k| SHA2_32_F(H, A, B, C, D, E, F, G, W[1]); 181| 24.7k| SHA2_32_F(G, H, A, B, C, D, E, F, W[2]); 182| 24.7k| SHA2_32_F(F, G, H, A, B, C, D, E, W[3]); 183| 24.7k| SHA2_32_F(E, F, G, H, A, B, C, D, W[4]); 184| 24.7k| SHA2_32_F(D, E, F, G, H, A, B, C, W[5]); 185| 24.7k| SHA2_32_F(C, D, E, F, G, H, A, B, W[6]); 186| 24.7k| SHA2_32_F(B, C, D, E, F, G, H, A, W[7]); 187| 24.7k| SHA2_32_F(A, B, C, D, E, F, G, H, W[8]); 188| 24.7k| SHA2_32_F(H, A, B, C, D, E, F, G, W[9]); 189| 24.7k| SHA2_32_F(G, H, A, B, C, D, E, F, W[10]); 190| 24.7k| SHA2_32_F(F, G, H, A, B, C, D, E, W[11]); 191| 24.7k| SHA2_32_F(E, F, G, H, A, B, C, D, W[12]); 192| 24.7k| SHA2_32_F(D, E, F, G, H, A, B, C, W[13]); 193| 24.7k| SHA2_32_F(C, D, E, F, G, H, A, B, W[14]); 194| 24.7k| SHA2_32_F(B, C, D, E, F, G, H, A, W[15]); 195| | 196| 24.7k| A = (digest[0] += A); 197| 24.7k| B = (digest[1] += B); 198| 24.7k| C = (digest[2] += C); 199| 24.7k| D = (digest[3] += D); 200| 24.7k| E = (digest[4] += E); 201| 24.7k| F = (digest[5] += F); 202| 24.7k| G = (digest[6] += G); 203| 24.7k| H = (digest[7] += H); 204| | 205| | // Now the second block, with already expanded message 206| 24.7k| SHA2_32_F(A, B, C, D, E, F, G, H, W2[0]); 207| 24.7k| SHA2_32_F(H, A, B, C, D, E, F, G, W2[1]); 208| 24.7k| SHA2_32_F(G, H, A, B, C, D, E, F, W2[2]); 209| 24.7k| SHA2_32_F(F, G, H, A, B, C, D, E, W2[3]); 210| 24.7k| SHA2_32_F(E, F, G, H, A, B, C, D, W2[4]); 211| 24.7k| SHA2_32_F(D, E, F, G, H, A, B, C, W2[5]); 212| 24.7k| SHA2_32_F(C, D, E, F, G, H, A, B, W2[6]); 213| 24.7k| SHA2_32_F(B, C, D, E, F, G, H, A, W2[7]); 214| 24.7k| SHA2_32_F(A, B, C, D, E, F, G, H, W2[8]); 215| 24.7k| SHA2_32_F(H, A, B, C, D, E, F, G, W2[9]); 216| 24.7k| SHA2_32_F(G, H, A, B, C, D, E, F, W2[10]); 217| 24.7k| SHA2_32_F(F, G, H, A, B, C, D, E, W2[11]); 218| 24.7k| SHA2_32_F(E, F, G, H, A, B, C, D, W2[12]); 219| 24.7k| SHA2_32_F(D, E, F, G, H, A, B, C, W2[13]); 220| 24.7k| SHA2_32_F(C, D, E, F, G, H, A, B, W2[14]); 221| 24.7k| SHA2_32_F(B, C, D, E, F, G, H, A, W2[15]); 222| | 223| 24.7k| SHA2_32_F(A, B, C, D, E, F, G, H, W2[16]); 224| 24.7k| SHA2_32_F(H, A, B, C, D, E, F, G, W2[17]); 225| 24.7k| SHA2_32_F(G, H, A, B, C, D, E, F, W2[18]); 226| 24.7k| SHA2_32_F(F, G, H, A, B, C, D, E, W2[19]); 227| 24.7k| SHA2_32_F(E, F, G, H, A, B, C, D, W2[20]); 228| 24.7k| SHA2_32_F(D, E, F, G, H, A, B, C, W2[21]); 229| 24.7k| SHA2_32_F(C, D, E, F, G, H, A, B, W2[22]); 230| 24.7k| SHA2_32_F(B, C, D, E, F, G, H, A, W2[23]); 231| 24.7k| SHA2_32_F(A, B, C, D, E, F, G, H, W2[24]); 232| 24.7k| SHA2_32_F(H, A, B, C, D, E, F, G, W2[25]); 233| 24.7k| SHA2_32_F(G, H, A, B, C, D, E, F, W2[26]); 234| 24.7k| SHA2_32_F(F, G, H, A, B, C, D, E, W2[27]); 235| 24.7k| SHA2_32_F(E, F, G, H, A, B, C, D, W2[28]); 236| 24.7k| SHA2_32_F(D, E, F, G, H, A, B, C, W2[29]); 237| 24.7k| SHA2_32_F(C, D, E, F, G, H, A, B, W2[30]); 238| 24.7k| SHA2_32_F(B, C, D, E, F, G, H, A, W2[31]); 239| | 240| 24.7k| SHA2_32_F(A, B, C, D, E, F, G, H, W2[32]); 241| 24.7k| SHA2_32_F(H, A, B, C, D, E, F, G, W2[33]); 242| 24.7k| SHA2_32_F(G, H, A, B, C, D, E, F, W2[34]); 243| 24.7k| SHA2_32_F(F, G, H, A, B, C, D, E, W2[35]); 244| 24.7k| SHA2_32_F(E, F, G, H, A, B, C, D, W2[36]); 245| 24.7k| SHA2_32_F(D, E, F, G, H, A, B, C, W2[37]); 246| 24.7k| SHA2_32_F(C, D, E, F, G, H, A, B, W2[38]); 247| 24.7k| SHA2_32_F(B, C, D, E, F, G, H, A, W2[39]); 248| 24.7k| SHA2_32_F(A, B, C, D, E, F, G, H, W2[40]); 249| 24.7k| SHA2_32_F(H, A, B, C, D, E, F, G, W2[41]); 250| 24.7k| SHA2_32_F(G, H, A, B, C, D, E, F, W2[42]); 251| 24.7k| SHA2_32_F(F, G, H, A, B, C, D, E, W2[43]); 252| 24.7k| SHA2_32_F(E, F, G, H, A, B, C, D, W2[44]); 253| 24.7k| SHA2_32_F(D, E, F, G, H, A, B, C, W2[45]); 254| 24.7k| SHA2_32_F(C, D, E, F, G, H, A, B, W2[46]); 255| 24.7k| SHA2_32_F(B, C, D, E, F, G, H, A, W2[47]); 256| | 257| 24.7k| SHA2_32_F(A, B, C, D, E, F, G, H, W2[48]); 258| 24.7k| SHA2_32_F(H, A, B, C, D, E, F, G, W2[49]); 259| 24.7k| SHA2_32_F(G, H, A, B, C, D, E, F, W2[50]); 260| 24.7k| SHA2_32_F(F, G, H, A, B, C, D, E, W2[51]); 261| 24.7k| SHA2_32_F(E, F, G, H, A, B, C, D, W2[52]); 262| 24.7k| SHA2_32_F(D, E, F, G, H, A, B, C, W2[53]); 263| 24.7k| SHA2_32_F(C, D, E, F, G, H, A, B, W2[54]); 264| 24.7k| SHA2_32_F(B, C, D, E, F, G, H, A, W2[55]); 265| 24.7k| SHA2_32_F(A, B, C, D, E, F, G, H, W2[56]); 266| 24.7k| SHA2_32_F(H, A, B, C, D, E, F, G, W2[57]); 267| 24.7k| SHA2_32_F(G, H, A, B, C, D, E, F, W2[58]); 268| 24.7k| SHA2_32_F(F, G, H, A, B, C, D, E, W2[59]); 269| 24.7k| SHA2_32_F(E, F, G, H, A, B, C, D, W2[60]); 270| 24.7k| SHA2_32_F(D, E, F, G, H, A, B, C, W2[61]); 271| 24.7k| SHA2_32_F(C, D, E, F, G, H, A, B, W2[62]); 272| 24.7k| SHA2_32_F(B, C, D, E, F, G, H, A, W2[63]); 273| | 274| 24.7k| A = (digest[0] += A); 275| 24.7k| B = (digest[1] += B); 276| 24.7k| C = (digest[2] += C); 277| 24.7k| D = (digest[3] += D); 278| 24.7k| E = (digest[4] += E); 279| 24.7k| F = (digest[5] += F); 280| 24.7k| G = (digest[6] += G); 281| 24.7k| H = (digest[7] += H); 282| 24.7k| } 283| | 284| 366k| while(blocks > 0) { ------------------ | Branch (284:10): [True: 183k, False: 183k] ------------------ 285| 183k| SIMD_4x32 WS[4]; 286| | 287| 915k| for(size_t i = 0; i < 4; i++) { ------------------ | Branch (287:25): [True: 732k, False: 183k] ------------------ 288| 732k| WS[i] = SIMD_4x32::load_be(&data[16 * i]); 289| 732k| auto WK = WS[i] + SIMD_4x32::load_le(&K[4 * i]); 290| 732k| WK.store_le(&W[4 * i]); 291| 732k| } 292| | 293| 183k| data += 64; 294| 183k| blocks -= 1; 295| | 296| 732k| for(size_t r = 0; r != 48; r += 16) { ------------------ | Branch (296:25): [True: 549k, False: 183k] ------------------ 297| 549k| auto w = next_w(WS) + SIMD_4x32::load_le(&K[r + 16]); 298| | 299| 549k| SHA2_32_F(A, B, C, D, E, F, G, H, W[0]); 300| 549k| SHA2_32_F(H, A, B, C, D, E, F, G, W[1]); 301| 549k| SHA2_32_F(G, H, A, B, C, D, E, F, W[2]); 302| 549k| SHA2_32_F(F, G, H, A, B, C, D, E, W[3]); 303| | 304| 549k| w.store_le(&W[0]); 305| | 306| 549k| w = next_w(WS) + SIMD_4x32::load_le(&K[r + 20]); 307| | 308| 549k| SHA2_32_F(E, F, G, H, A, B, C, D, W[4]); 309| 549k| SHA2_32_F(D, E, F, G, H, A, B, C, W[5]); 310| 549k| SHA2_32_F(C, D, E, F, G, H, A, B, W[6]); 311| 549k| SHA2_32_F(B, C, D, E, F, G, H, A, W[7]); 312| | 313| 549k| w.store_le(&W[4]); 314| | 315| 549k| w = next_w(WS) + SIMD_4x32::load_le(&K[r + 24]); 316| | 317| 549k| SHA2_32_F(A, B, C, D, E, F, G, H, W[8]); 318| 549k| SHA2_32_F(H, A, B, C, D, E, F, G, W[9]); 319| 549k| SHA2_32_F(G, H, A, B, C, D, E, F, W[10]); 320| 549k| SHA2_32_F(F, G, H, A, B, C, D, E, W[11]); 321| | 322| 549k| w.store_le(&W[8]); 323| | 324| 549k| w = next_w(WS) + SIMD_4x32::load_le(&K[r + 28]); 325| | 326| 549k| SHA2_32_F(E, F, G, H, A, B, C, D, W[12]); 327| 549k| SHA2_32_F(D, E, F, G, H, A, B, C, W[13]); 328| 549k| SHA2_32_F(C, D, E, F, G, H, A, B, W[14]); 329| 549k| SHA2_32_F(B, C, D, E, F, G, H, A, W[15]); 330| | 331| 549k| w.store_le(&W[12]); 332| 549k| } 333| | 334| 183k| SHA2_32_F(A, B, C, D, E, F, G, H, W[0]); 335| 183k| SHA2_32_F(H, A, B, C, D, E, F, G, W[1]); 336| 183k| SHA2_32_F(G, H, A, B, C, D, E, F, W[2]); 337| 183k| SHA2_32_F(F, G, H, A, B, C, D, E, W[3]); 338| 183k| SHA2_32_F(E, F, G, H, A, B, C, D, W[4]); 339| 183k| SHA2_32_F(D, E, F, G, H, A, B, C, W[5]); 340| 183k| SHA2_32_F(C, D, E, F, G, H, A, B, W[6]); 341| 183k| SHA2_32_F(B, C, D, E, F, G, H, A, W[7]); 342| 183k| SHA2_32_F(A, B, C, D, E, F, G, H, W[8]); 343| 183k| SHA2_32_F(H, A, B, C, D, E, F, G, W[9]); 344| 183k| SHA2_32_F(G, H, A, B, C, D, E, F, W[10]); 345| 183k| SHA2_32_F(F, G, H, A, B, C, D, E, W[11]); 346| 183k| SHA2_32_F(E, F, G, H, A, B, C, D, W[12]); 347| 183k| SHA2_32_F(D, E, F, G, H, A, B, C, W[13]); 348| 183k| SHA2_32_F(C, D, E, F, G, H, A, B, W[14]); 349| 183k| SHA2_32_F(B, C, D, E, F, G, H, A, W[15]); 350| | 351| 183k| A = (digest[0] += A); 352| 183k| B = (digest[1] += B); 353| 183k| C = (digest[2] += C); 354| 183k| D = (digest[3] += D); 355| 183k| E = (digest[4] += E); 356| 183k| F = (digest[5] += F); 357| 183k| G = (digest[6] += G); 358| 183k| H = (digest[7] += H); 359| 183k| } 360| 183k|} sha2_32_avx2.cpp:_ZN5Botan12_GLOBAL__N_16next_wINS_9SIMD_8x32EEET_PS3_: 50| 297k|BOTAN_FN_ISA_AVX2_BMI2 BOTAN_FORCE_INLINE SIMD_T next_w(SIMD_T x[4]) { 51| 297k| constexpr size_t sigma0_0 = 7; 52| 297k| constexpr size_t sigma0_1 = 18; 53| 297k| constexpr size_t sigma0_2 = 3; 54| 297k| constexpr size_t sigma1_0 = 17; 55| 297k| constexpr size_t sigma1_1 = 19; 56| 297k| constexpr size_t sigma1_2 = 10; 57| | 58| 297k| const SIMD_T lo_mask = SIMD_T(0x03020100, 0x0b0a0908, 0x80808080, 0x80808080); 59| 297k| const SIMD_T hi_mask = SIMD_T(0x80808080, 0x80808080, 0x03020100, 0x0b0a0908); 60| | 61| 297k| auto t0 = alignr4(x[1], x[0]); 62| 297k| x[0] += alignr4(x[3], x[2]); 63| | 64| 297k| auto t1 = t0.template shl<32 - sigma0_1>(); 65| 297k| auto t2 = t0.template shr(); 66| 297k| auto t3 = t0.template shr(); 67| 297k| t0 = t3 ^ t2; 68| | 69| 297k| t3 = shuffle_32<0b11111010>(x[3]); 70| 297k| t2 = t2.template shr(); 71| 297k| t0 ^= t1 ^ t2; 72| 297k| t1 = t1.template shl(); 73| 297k| t2 = t3.template shr(); 74| 297k| t3 = shr64(t3); 75| 297k| x[0] += t0 ^ t1; 76| | 77| 297k| t2 ^= t3; 78| 297k| t3 = shr64(t3); 79| 297k| x[0] += SIMD_T::byte_shuffle(t2 ^ t3, lo_mask); 80| | 81| 297k| t3 = shuffle_32<0b01010000>(x[0]); 82| 297k| t2 = t3.template shr(); 83| 297k| t3 = shr64(t3); 84| 297k| t2 ^= t3; 85| 297k| t3 = shr64(t3); 86| 297k| x[0] += SIMD_T::byte_shuffle(t2 ^ t3, hi_mask); 87| | 88| 297k| const auto tmp = x[0]; 89| 297k| x[0] = x[1]; 90| 297k| x[1] = x[2]; 91| 297k| x[2] = x[3]; 92| 297k| x[3] = tmp; 93| | 94| 297k| return x[3]; 95| 297k|} sha2_32_avx2.cpp:_ZN5Botan12_GLOBAL__N_17alignr4ERKNS_9SIMD_8x32ES3_: 35| 594k|BOTAN_FN_ISA_AVX2_BMI2 inline SIMD_8x32 alignr4(const SIMD_8x32& a, const SIMD_8x32& b) { 36| | return SIMD_8x32(_mm256_alignr_epi8(a.raw(), b.raw(), 4)); 37| 594k|} sha2_32_avx2.cpp:_ZN5Botan12_GLOBAL__N_110shuffle_32ILh250EEENS_9SIMD_8x32ERKS2_: 45| 297k|BOTAN_FN_ISA_AVX2_BMI2 inline SIMD_8x32 shuffle_32(const SIMD_8x32& a) { 46| | return SIMD_8x32(_mm256_shuffle_epi32(a.raw(), S)); 47| 297k|} sha2_32_avx2.cpp:_ZN5Botan12_GLOBAL__N_15shr64ILm17EEENS_9SIMD_8x32ERKS2_: 40| 594k|BOTAN_FN_ISA_AVX2_BMI2 inline SIMD_8x32 shr64(const SIMD_8x32& a) { 41| 594k| return SIMD_8x32(_mm256_srli_epi64(a.raw(), S)); 42| 594k|} sha2_32_avx2.cpp:_ZN5Botan12_GLOBAL__N_15shr64ILm2EEENS_9SIMD_8x32ERKS2_: 40| 594k|BOTAN_FN_ISA_AVX2_BMI2 inline SIMD_8x32 shr64(const SIMD_8x32& a) { 41| 594k| return SIMD_8x32(_mm256_srli_epi64(a.raw(), S)); 42| 594k|} sha2_32_avx2.cpp:_ZN5Botan12_GLOBAL__N_110shuffle_32ILh80EEENS_9SIMD_8x32ERKS2_: 45| 297k|BOTAN_FN_ISA_AVX2_BMI2 inline SIMD_8x32 shuffle_32(const SIMD_8x32& a) { 46| | return SIMD_8x32(_mm256_shuffle_epi32(a.raw(), S)); 47| 297k|} sha2_32_avx2.cpp:_ZN5Botan12_GLOBAL__N_16next_wINS_9SIMD_4x32EEET_PS3_: 50| 2.19M|BOTAN_FN_ISA_AVX2_BMI2 BOTAN_FORCE_INLINE SIMD_T next_w(SIMD_T x[4]) { 51| 2.19M| constexpr size_t sigma0_0 = 7; 52| 2.19M| constexpr size_t sigma0_1 = 18; 53| 2.19M| constexpr size_t sigma0_2 = 3; 54| 2.19M| constexpr size_t sigma1_0 = 17; 55| 2.19M| constexpr size_t sigma1_1 = 19; 56| 2.19M| constexpr size_t sigma1_2 = 10; 57| | 58| 2.19M| const SIMD_T lo_mask = SIMD_T(0x03020100, 0x0b0a0908, 0x80808080, 0x80808080); 59| 2.19M| const SIMD_T hi_mask = SIMD_T(0x80808080, 0x80808080, 0x03020100, 0x0b0a0908); 60| | 61| 2.19M| auto t0 = alignr4(x[1], x[0]); 62| 2.19M| x[0] += alignr4(x[3], x[2]); 63| | 64| 2.19M| auto t1 = t0.template shl<32 - sigma0_1>(); 65| 2.19M| auto t2 = t0.template shr(); 66| 2.19M| auto t3 = t0.template shr(); 67| 2.19M| t0 = t3 ^ t2; 68| | 69| 2.19M| t3 = shuffle_32<0b11111010>(x[3]); 70| 2.19M| t2 = t2.template shr(); 71| 2.19M| t0 ^= t1 ^ t2; 72| 2.19M| t1 = t1.template shl(); 73| 2.19M| t2 = t3.template shr(); 74| 2.19M| t3 = shr64(t3); 75| 2.19M| x[0] += t0 ^ t1; 76| | 77| 2.19M| t2 ^= t3; 78| 2.19M| t3 = shr64(t3); 79| 2.19M| x[0] += SIMD_T::byte_shuffle(t2 ^ t3, lo_mask); 80| | 81| 2.19M| t3 = shuffle_32<0b01010000>(x[0]); 82| 2.19M| t2 = t3.template shr(); 83| 2.19M| t3 = shr64(t3); 84| 2.19M| t2 ^= t3; 85| 2.19M| t3 = shr64(t3); 86| 2.19M| x[0] += SIMD_T::byte_shuffle(t2 ^ t3, hi_mask); 87| | 88| 2.19M| const auto tmp = x[0]; 89| 2.19M| x[0] = x[1]; 90| 2.19M| x[1] = x[2]; 91| 2.19M| x[2] = x[3]; 92| 2.19M| x[3] = tmp; 93| | 94| 2.19M| return x[3]; 95| 2.19M|} sha2_32_avx2.cpp:_ZN5Botan12_GLOBAL__N_17alignr4ERKNS_9SIMD_4x32ES3_: 21| 4.39M|BOTAN_FN_ISA_AVX2_BMI2 inline SIMD_4x32 alignr4(const SIMD_4x32& a, const SIMD_4x32& b) { 22| | return SIMD_4x32(_mm_alignr_epi8(a.raw(), b.raw(), 4)); 23| 4.39M|} sha2_32_avx2.cpp:_ZN5Botan12_GLOBAL__N_110shuffle_32ILh250EEENS_9SIMD_4x32ERKS2_: 31| 2.19M|BOTAN_FN_ISA_AVX2_BMI2 inline SIMD_4x32 shuffle_32(const SIMD_4x32& a) { 32| | return SIMD_4x32(_mm_shuffle_epi32(a.raw(), S)); 33| 2.19M|} sha2_32_avx2.cpp:_ZN5Botan12_GLOBAL__N_15shr64ILm17EEENS_9SIMD_4x32ERKS2_: 26| 4.39M|BOTAN_FN_ISA_AVX2_BMI2 inline SIMD_4x32 shr64(const SIMD_4x32& a) { 27| 4.39M| return SIMD_4x32(_mm_srli_epi64(a.raw(), S)); 28| 4.39M|} sha2_32_avx2.cpp:_ZN5Botan12_GLOBAL__N_15shr64ILm2EEENS_9SIMD_4x32ERKS2_: 26| 4.39M|BOTAN_FN_ISA_AVX2_BMI2 inline SIMD_4x32 shr64(const SIMD_4x32& a) { 27| 4.39M| return SIMD_4x32(_mm_srli_epi64(a.raw(), S)); 28| 4.39M|} sha2_32_avx2.cpp:_ZN5Botan12_GLOBAL__N_110shuffle_32ILh80EEENS_9SIMD_4x32ERKS2_: 31| 2.19M|BOTAN_FN_ISA_AVX2_BMI2 inline SIMD_4x32 shuffle_32(const SIMD_4x32& a) { 32| | return SIMD_4x32(_mm_shuffle_epi32(a.raw(), S)); 33| 2.19M|} _ZN5Botan7SHA_51215compress_digestERNSt3__16vectorImNS_16secure_allocatorImEEEENS1_4spanIKhLm18446744073709551615EEEm: 56| 13.8k|void SHA_512::compress_digest(digest_type& digest, std::span input, size_t blocks) { 57| 13.8k|#if defined(BOTAN_HAS_SHA2_64_X86) 58| 13.8k| if(CPUID::has(CPUID::Feature::SHA512)) { ------------------ | Branch (58:7): [True: 0, False: 13.8k] ------------------ 59| 0| return compress_digest_x86(digest, input, blocks); 60| 0| } 61| 13.8k|#endif 62| | 63| |#if defined(BOTAN_HAS_SHA2_64_ARMV8) 64| | if(CPUID::has(CPUID::Feature::SHA2_512)) { 65| | return compress_digest_armv8(digest, input, blocks); 66| | } 67| |#endif 68| | 69| 13.8k|#if defined(BOTAN_HAS_SHA2_64_X86_AVX512) 70| 13.8k| if(CPUID::has(CPUID::Feature::AVX512, CPUID::Feature::BMI)) { ------------------ | Branch (70:7): [True: 0, False: 13.8k] ------------------ 71| 0| return compress_digest_x86_avx512(digest, input, blocks); 72| 0| } 73| 13.8k|#endif 74| | 75| 13.8k|#if defined(BOTAN_HAS_SHA2_64_X86_AVX2) 76| 13.8k| if(CPUID::has(CPUID::Feature::AVX2, CPUID::Feature::BMI)) { ------------------ | Branch (76:7): [True: 13.8k, False: 0] ------------------ 77| 13.8k| return compress_digest_x86_avx2(digest, input, blocks); 78| 13.8k| } 79| 0|#endif 80| | 81| 0| uint64_t A = digest[0]; 82| 0| uint64_t B = digest[1]; 83| 0| uint64_t C = digest[2]; 84| 0| uint64_t D = digest[3]; 85| 0| uint64_t E = digest[4]; 86| 0| uint64_t F = digest[5]; 87| 0| uint64_t G = digest[6]; 88| 0| uint64_t H = digest[7]; 89| | 90| 0| std::array W{}; 91| | 92| 0| BufferSlicer in(input); 93| | 94| 0| for(size_t i = 0; i != blocks; ++i) { ------------------ | Branch (94:22): [True: 0, False: 0] ------------------ 95| 0| load_be(W, in.take()); 96| | 97| | // clang-format off 98| | 99| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x428A2F98D728AE22); 100| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x7137449123EF65CD); 101| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0xB5C0FBCFEC4D3B2F); 102| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0xE9B5DBA58189DBBC); 103| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x3956C25BF348B538); 104| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x59F111F1B605D019); 105| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x923F82A4AF194F9B); 106| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0xAB1C5ED5DA6D8118); 107| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xD807AA98A3030242); 108| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x12835B0145706FBE); 109| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x243185BE4EE4B28C); 110| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x550C7DC3D5FFB4E2); 111| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x72BE5D74F27B896F); 112| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0x80DEB1FE3B1696B1); 113| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x9BDC06A725C71235); 114| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC19BF174CF692694); 115| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0xE49B69C19EF14AD2); 116| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0xEFBE4786384F25E3); 117| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x0FC19DC68B8CD5B5); 118| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x240CA1CC77AC9C65); 119| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x2DE92C6F592B0275); 120| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4A7484AA6EA6E483); 121| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5CB0A9DCBD41FBD4); 122| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x76F988DA831153B5); 123| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x983E5152EE66DFAB); 124| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA831C66D2DB43210); 125| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xB00327C898FB213F); 126| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xBF597FC7BEEF0EE4); 127| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xC6E00BF33DA88FC2); 128| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD5A79147930AA725); 129| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x06CA6351E003826F); 130| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x142929670A0E6E70); 131| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x27B70A8546D22FFC); 132| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x2E1B21385C26C926); 133| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x4D2C6DFC5AC42AED); 134| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x53380D139D95B3DF); 135| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x650A73548BAF63DE); 136| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x766A0ABB3C77B2A8); 137| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x81C2C92E47EDAEE6); 138| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x92722C851482353B); 139| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0xA2BFE8A14CF10364); 140| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0xA81A664BBC423001); 141| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0xC24B8B70D0F89791); 142| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0xC76C51A30654BE30); 143| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0xD192E819D6EF5218); 144| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xD69906245565A910); 145| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xF40E35855771202A); 146| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x106AA07032BBD1B8); 147| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0x19A4C116B8D2D0C8); 148| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0x1E376C085141AB53); 149| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0x2748774CDF8EEB99); 150| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0x34B0BCB5E19B48A8); 151| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x391C0CB3C5C95A63); 152| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x4ED8AA4AE3418ACB); 153| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x5B9CCA4F7763E373); 154| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x682E6FF3D6B2B8A3); 155| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x748F82EE5DEFB2FC); 156| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x78A5636F43172F60); 157| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x84C87814A1F0AB72); 158| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x8CC702081A6439EC); 159| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x90BEFFFA23631E28); 160| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0xA4506CEBDE82BDE9); 161| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0xBEF9A3F7B2C67915); 162| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0xC67178F2E372532B); 163| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 0], W[14], W[ 9], W[ 1], 0xCA273ECEEA26619C); 164| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 1], W[15], W[10], W[ 2], 0xD186B8C721C0C207); 165| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[ 2], W[ 0], W[11], W[ 3], 0xEADA7DD6CDE0EB1E); 166| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[ 3], W[ 1], W[12], W[ 4], 0xF57D4F7FEE6ED178); 167| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[ 4], W[ 2], W[13], W[ 5], 0x06F067AA72176FBA); 168| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[ 5], W[ 3], W[14], W[ 6], 0x0A637DC5A2C898A6); 169| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[ 6], W[ 4], W[15], W[ 7], 0x113F9804BEF90DAE); 170| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[ 7], W[ 5], W[ 0], W[ 8], 0x1B710B35131C471B); 171| 0| SHA2_64_F(A, B, C, D, E, F, G, H, W[ 8], W[ 6], W[ 1], W[ 9], 0x28DB77F523047D84); 172| 0| SHA2_64_F(H, A, B, C, D, E, F, G, W[ 9], W[ 7], W[ 2], W[10], 0x32CAAB7B40C72493); 173| 0| SHA2_64_F(G, H, A, B, C, D, E, F, W[10], W[ 8], W[ 3], W[11], 0x3C9EBE0A15C9BEBC); 174| 0| SHA2_64_F(F, G, H, A, B, C, D, E, W[11], W[ 9], W[ 4], W[12], 0x431D67C49C100D4C); 175| 0| SHA2_64_F(E, F, G, H, A, B, C, D, W[12], W[10], W[ 5], W[13], 0x4CC5D4BECB3E42B6); 176| 0| SHA2_64_F(D, E, F, G, H, A, B, C, W[13], W[11], W[ 6], W[14], 0x597F299CFC657E2A); 177| 0| SHA2_64_F(C, D, E, F, G, H, A, B, W[14], W[12], W[ 7], W[15], 0x5FCB6FAB3AD6FAEC); 178| 0| SHA2_64_F(B, C, D, E, F, G, H, A, W[15], W[13], W[ 8], W[ 0], 0x6C44198C4A475817); 179| | 180| | // clang-format on 181| | 182| 0| A = (digest[0] += A); 183| 0| B = (digest[1] += B); 184| 0| C = (digest[2] += C); 185| 0| D = (digest[3] += D); 186| 0| E = (digest[4] += E); 187| 0| F = (digest[5] += F); 188| 0| G = (digest[6] += G); 189| 0| H = (digest[7] += H); 190| 0| } 191| 0|} _ZN5Botan7SHA_38410compress_nERNSt3__16vectorImNS_16secure_allocatorImEEEENS1_4spanIKhLm18446744073709551615EEEm: 209| 13.8k|void SHA_384::compress_n(digest_type& digest, std::span input, size_t blocks) { 210| 13.8k| SHA_512::compress_digest(digest, input, blocks); 211| 13.8k|} _ZN5Botan7SHA_3844initERNSt3__16vectorImNS_16secure_allocatorImEEEE: 228| 7.34k|void SHA_384::init(digest_type& digest) { 229| 7.34k| digest.assign({0xCBBB9D5DC1059ED8, 230| 7.34k| 0x629A292A367CD507, 231| 7.34k| 0x9159015A3070DD17, 232| 7.34k| 0x152FECD8F70E5939, 233| 7.34k| 0x67332667FFC00B31, 234| 7.34k| 0x8EB44A8768581511, 235| 7.34k| 0xDB0C2E0D64F98FA7, 236| 7.34k| 0x47B5481DBEFA4FA4}); 237| 7.34k|} _ZN5Botan7SHA_3848add_dataENSt3__14spanIKhLm18446744073709551615EEE: 274| 14.9k|void SHA_384::add_data(std::span input) { 275| 14.9k| m_md.update(input); 276| 14.9k|} _ZN5Botan7SHA_38412final_resultENSt3__14spanIhLm18446744073709551615EEE: 286| 5.88k|void SHA_384::final_result(std::span output) { 287| 5.88k| m_md.final(output); 288| 5.88k|} _ZN5Botan7SHA_51224compress_digest_x86_avx2ERNSt3__16vectorImNS_16secure_allocatorImEEEENS1_4spanIKhLm18446744073709551615EEEm: 44| 13.8k| size_t blocks) { 45| | // clang-format off 46| 13.8k| alignas(64) const uint64_t K[80] = { 47| 13.8k| 0x428A2F98D728AE22, 0x7137449123EF65CD, 0xB5C0FBCFEC4D3B2F, 0xE9B5DBA58189DBBC, 48| 13.8k| 0x3956C25BF348B538, 0x59F111F1B605D019, 0x923F82A4AF194F9B, 0xAB1C5ED5DA6D8118, 49| 13.8k| 0xD807AA98A3030242, 0x12835B0145706FBE, 0x243185BE4EE4B28C, 0x550C7DC3D5FFB4E2, 50| 13.8k| 0x72BE5D74F27B896F, 0x80DEB1FE3B1696B1, 0x9BDC06A725C71235, 0xC19BF174CF692694, 51| 13.8k| 0xE49B69C19EF14AD2, 0xEFBE4786384F25E3, 0x0FC19DC68B8CD5B5, 0x240CA1CC77AC9C65, 52| 13.8k| 0x2DE92C6F592B0275, 0x4A7484AA6EA6E483, 0x5CB0A9DCBD41FBD4, 0x76F988DA831153B5, 53| 13.8k| 0x983E5152EE66DFAB, 0xA831C66D2DB43210, 0xB00327C898FB213F, 0xBF597FC7BEEF0EE4, 54| 13.8k| 0xC6E00BF33DA88FC2, 0xD5A79147930AA725, 0x06CA6351E003826F, 0x142929670A0E6E70, 55| 13.8k| 0x27B70A8546D22FFC, 0x2E1B21385C26C926, 0x4D2C6DFC5AC42AED, 0x53380D139D95B3DF, 56| 13.8k| 0x650A73548BAF63DE, 0x766A0ABB3C77B2A8, 0x81C2C92E47EDAEE6, 0x92722C851482353B, 57| 13.8k| 0xA2BFE8A14CF10364, 0xA81A664BBC423001, 0xC24B8B70D0F89791, 0xC76C51A30654BE30, 58| 13.8k| 0xD192E819D6EF5218, 0xD69906245565A910, 0xF40E35855771202A, 0x106AA07032BBD1B8, 59| 13.8k| 0x19A4C116B8D2D0C8, 0x1E376C085141AB53, 0x2748774CDF8EEB99, 0x34B0BCB5E19B48A8, 60| 13.8k| 0x391C0CB3C5C95A63, 0x4ED8AA4AE3418ACB, 0x5B9CCA4F7763E373, 0x682E6FF3D6B2B8A3, 61| 13.8k| 0x748F82EE5DEFB2FC, 0x78A5636F43172F60, 0x84C87814A1F0AB72, 0x8CC702081A6439EC, 62| 13.8k| 0x90BEFFFA23631E28, 0xA4506CEBDE82BDE9, 0xBEF9A3F7B2C67915, 0xC67178F2E372532B, 63| 13.8k| 0xCA273ECEEA26619C, 0xD186B8C721C0C207, 0xEADA7DD6CDE0EB1E, 0xF57D4F7FEE6ED178, 64| 13.8k| 0x06F067AA72176FBA, 0x0A637DC5A2C898A6, 0x113F9804BEF90DAE, 0x1B710B35131C471B, 65| 13.8k| 0x28DB77F523047D84, 0x32CAAB7B40C72493, 0x3C9EBE0A15C9BEBC, 0x431D67C49C100D4C, 66| 13.8k| 0x4CC5D4BECB3E42B6, 0x597F299CFC657E2A, 0x5FCB6FAB3AD6FAEC, 0x6C44198C4A475817, 67| 13.8k| }; 68| | // clang-format on 69| | 70| 13.8k| alignas(64) uint64_t W[16] = {0}; 71| 13.8k| alignas(64) uint64_t W2[80]; 72| | 73| 13.8k| uint64_t A = digest[0]; 74| 13.8k| uint64_t B = digest[1]; 75| 13.8k| uint64_t C = digest[2]; 76| 13.8k| uint64_t D = digest[3]; 77| 13.8k| uint64_t E = digest[4]; 78| 13.8k| uint64_t F = digest[5]; 79| 13.8k| uint64_t G = digest[6]; 80| 13.8k| uint64_t H = digest[7]; 81| | 82| 13.8k| const uint8_t* data = input.data(); 83| | 84| 14.3k| while(blocks >= 2) { ------------------ | Branch (84:10): [True: 471, False: 13.8k] ------------------ 85| 471| SIMD_4x64 WS[8]; 86| | 87| 4.23k| for(size_t i = 0; i < 8; i++) { ------------------ | Branch (87:25): [True: 3.76k, False: 471] ------------------ 88| 3.76k| WS[i] = SIMD_4x64::load_be2(&data[16 * i], &data[128 + 16 * i]); 89| 3.76k| auto WK = WS[i] + SIMD_4x64::broadcast_2x64(&K[2 * i]); 90| 3.76k| WK.store_le2(&W[2 * i], &W2[2 * i]); 91| 3.76k| } 92| | 93| 471| data += 2 * 128; 94| 471| blocks -= 2; 95| | 96| | // First 64 rounds of SHA-512 97| 2.35k| for(size_t r = 0; r != 64; r += 16) { ------------------ | Branch (97:25): [True: 1.88k, False: 471] ------------------ 98| 1.88k| auto w = sha512_next_w(WS) + SIMD_4x64::broadcast_2x64(&K[r + 16]); 99| 1.88k| SHA2_64_F(A, B, C, D, E, F, G, H, W[0]); 100| 1.88k| SHA2_64_F(H, A, B, C, D, E, F, G, W[1]); 101| 1.88k| w.store_le2(&W[0], &W2[r + 16]); 102| | 103| 1.88k| w = sha512_next_w(WS) + SIMD_4x64::broadcast_2x64(&K[r + 18]); 104| 1.88k| SHA2_64_F(G, H, A, B, C, D, E, F, W[2]); 105| 1.88k| SHA2_64_F(F, G, H, A, B, C, D, E, W[3]); 106| 1.88k| w.store_le2(&W[2], &W2[r + 18]); 107| | 108| 1.88k| w = sha512_next_w(WS) + SIMD_4x64::broadcast_2x64(&K[r + 20]); 109| 1.88k| SHA2_64_F(E, F, G, H, A, B, C, D, W[4]); 110| 1.88k| SHA2_64_F(D, E, F, G, H, A, B, C, W[5]); 111| 1.88k| w.store_le2(&W[4], &W2[r + 20]); 112| | 113| 1.88k| w = sha512_next_w(WS) + SIMD_4x64::broadcast_2x64(&K[r + 22]); 114| 1.88k| SHA2_64_F(C, D, E, F, G, H, A, B, W[6]); 115| 1.88k| SHA2_64_F(B, C, D, E, F, G, H, A, W[7]); 116| 1.88k| w.store_le2(&W[6], &W2[r + 22]); 117| | 118| 1.88k| w = sha512_next_w(WS) + SIMD_4x64::broadcast_2x64(&K[r + 24]); 119| 1.88k| SHA2_64_F(A, B, C, D, E, F, G, H, W[8]); 120| 1.88k| SHA2_64_F(H, A, B, C, D, E, F, G, W[9]); 121| 1.88k| w.store_le2(&W[8], &W2[r + 24]); 122| | 123| 1.88k| w = sha512_next_w(WS) + SIMD_4x64::broadcast_2x64(&K[r + 26]); 124| 1.88k| SHA2_64_F(G, H, A, B, C, D, E, F, W[10]); 125| 1.88k| SHA2_64_F(F, G, H, A, B, C, D, E, W[11]); 126| 1.88k| w.store_le2(&W[10], &W2[r + 26]); 127| | 128| 1.88k| w = sha512_next_w(WS) + SIMD_4x64::broadcast_2x64(&K[r + 28]); 129| 1.88k| SHA2_64_F(E, F, G, H, A, B, C, D, W[12]); 130| 1.88k| SHA2_64_F(D, E, F, G, H, A, B, C, W[13]); 131| 1.88k| w.store_le2(&W[12], &W2[r + 28]); 132| | 133| 1.88k| w = sha512_next_w(WS) + SIMD_4x64::broadcast_2x64(&K[r + 30]); 134| 1.88k| SHA2_64_F(C, D, E, F, G, H, A, B, W[14]); 135| 1.88k| SHA2_64_F(B, C, D, E, F, G, H, A, W[15]); 136| 1.88k| w.store_le2(&W[14], &W2[r + 30]); 137| 1.88k| } 138| | 139| | // Final 16 rounds of SHA-512 140| 471| SHA2_64_F(A, B, C, D, E, F, G, H, W[0]); 141| 471| SHA2_64_F(H, A, B, C, D, E, F, G, W[1]); 142| 471| SHA2_64_F(G, H, A, B, C, D, E, F, W[2]); 143| 471| SHA2_64_F(F, G, H, A, B, C, D, E, W[3]); 144| 471| SHA2_64_F(E, F, G, H, A, B, C, D, W[4]); 145| 471| SHA2_64_F(D, E, F, G, H, A, B, C, W[5]); 146| 471| SHA2_64_F(C, D, E, F, G, H, A, B, W[6]); 147| 471| SHA2_64_F(B, C, D, E, F, G, H, A, W[7]); 148| 471| SHA2_64_F(A, B, C, D, E, F, G, H, W[8]); 149| 471| SHA2_64_F(H, A, B, C, D, E, F, G, W[9]); 150| 471| SHA2_64_F(G, H, A, B, C, D, E, F, W[10]); 151| 471| SHA2_64_F(F, G, H, A, B, C, D, E, W[11]); 152| 471| SHA2_64_F(E, F, G, H, A, B, C, D, W[12]); 153| 471| SHA2_64_F(D, E, F, G, H, A, B, C, W[13]); 154| 471| SHA2_64_F(C, D, E, F, G, H, A, B, W[14]); 155| 471| SHA2_64_F(B, C, D, E, F, G, H, A, W[15]); 156| | 157| 471| A = (digest[0] += A); 158| 471| B = (digest[1] += B); 159| 471| C = (digest[2] += C); 160| 471| D = (digest[3] += D); 161| 471| E = (digest[4] += E); 162| 471| F = (digest[5] += F); 163| 471| G = (digest[6] += G); 164| 471| H = (digest[7] += H); 165| | 166| | // Second block of SHA-512 compression, with pre-expanded message 167| 471| SHA2_64_F(A, B, C, D, E, F, G, H, W2[0]); 168| 471| SHA2_64_F(H, A, B, C, D, E, F, G, W2[1]); 169| 471| SHA2_64_F(G, H, A, B, C, D, E, F, W2[2]); 170| 471| SHA2_64_F(F, G, H, A, B, C, D, E, W2[3]); 171| 471| SHA2_64_F(E, F, G, H, A, B, C, D, W2[4]); 172| 471| SHA2_64_F(D, E, F, G, H, A, B, C, W2[5]); 173| 471| SHA2_64_F(C, D, E, F, G, H, A, B, W2[6]); 174| 471| SHA2_64_F(B, C, D, E, F, G, H, A, W2[7]); 175| 471| SHA2_64_F(A, B, C, D, E, F, G, H, W2[8]); 176| 471| SHA2_64_F(H, A, B, C, D, E, F, G, W2[9]); 177| 471| SHA2_64_F(G, H, A, B, C, D, E, F, W2[10]); 178| 471| SHA2_64_F(F, G, H, A, B, C, D, E, W2[11]); 179| 471| SHA2_64_F(E, F, G, H, A, B, C, D, W2[12]); 180| 471| SHA2_64_F(D, E, F, G, H, A, B, C, W2[13]); 181| 471| SHA2_64_F(C, D, E, F, G, H, A, B, W2[14]); 182| 471| SHA2_64_F(B, C, D, E, F, G, H, A, W2[15]); 183| | 184| 471| SHA2_64_F(A, B, C, D, E, F, G, H, W2[16]); 185| 471| SHA2_64_F(H, A, B, C, D, E, F, G, W2[17]); 186| 471| SHA2_64_F(G, H, A, B, C, D, E, F, W2[18]); 187| 471| SHA2_64_F(F, G, H, A, B, C, D, E, W2[19]); 188| 471| SHA2_64_F(E, F, G, H, A, B, C, D, W2[20]); 189| 471| SHA2_64_F(D, E, F, G, H, A, B, C, W2[21]); 190| 471| SHA2_64_F(C, D, E, F, G, H, A, B, W2[22]); 191| 471| SHA2_64_F(B, C, D, E, F, G, H, A, W2[23]); 192| 471| SHA2_64_F(A, B, C, D, E, F, G, H, W2[24]); 193| 471| SHA2_64_F(H, A, B, C, D, E, F, G, W2[25]); 194| 471| SHA2_64_F(G, H, A, B, C, D, E, F, W2[26]); 195| 471| SHA2_64_F(F, G, H, A, B, C, D, E, W2[27]); 196| 471| SHA2_64_F(E, F, G, H, A, B, C, D, W2[28]); 197| 471| SHA2_64_F(D, E, F, G, H, A, B, C, W2[29]); 198| 471| SHA2_64_F(C, D, E, F, G, H, A, B, W2[30]); 199| 471| SHA2_64_F(B, C, D, E, F, G, H, A, W2[31]); 200| | 201| 471| SHA2_64_F(A, B, C, D, E, F, G, H, W2[32]); 202| 471| SHA2_64_F(H, A, B, C, D, E, F, G, W2[33]); 203| 471| SHA2_64_F(G, H, A, B, C, D, E, F, W2[34]); 204| 471| SHA2_64_F(F, G, H, A, B, C, D, E, W2[35]); 205| 471| SHA2_64_F(E, F, G, H, A, B, C, D, W2[36]); 206| 471| SHA2_64_F(D, E, F, G, H, A, B, C, W2[37]); 207| 471| SHA2_64_F(C, D, E, F, G, H, A, B, W2[38]); 208| 471| SHA2_64_F(B, C, D, E, F, G, H, A, W2[39]); 209| 471| SHA2_64_F(A, B, C, D, E, F, G, H, W2[40]); 210| 471| SHA2_64_F(H, A, B, C, D, E, F, G, W2[41]); 211| 471| SHA2_64_F(G, H, A, B, C, D, E, F, W2[42]); 212| 471| SHA2_64_F(F, G, H, A, B, C, D, E, W2[43]); 213| 471| SHA2_64_F(E, F, G, H, A, B, C, D, W2[44]); 214| 471| SHA2_64_F(D, E, F, G, H, A, B, C, W2[45]); 215| 471| SHA2_64_F(C, D, E, F, G, H, A, B, W2[46]); 216| 471| SHA2_64_F(B, C, D, E, F, G, H, A, W2[47]); 217| | 218| 471| SHA2_64_F(A, B, C, D, E, F, G, H, W2[48]); 219| 471| SHA2_64_F(H, A, B, C, D, E, F, G, W2[49]); 220| 471| SHA2_64_F(G, H, A, B, C, D, E, F, W2[50]); 221| 471| SHA2_64_F(F, G, H, A, B, C, D, E, W2[51]); 222| 471| SHA2_64_F(E, F, G, H, A, B, C, D, W2[52]); 223| 471| SHA2_64_F(D, E, F, G, H, A, B, C, W2[53]); 224| 471| SHA2_64_F(C, D, E, F, G, H, A, B, W2[54]); 225| 471| SHA2_64_F(B, C, D, E, F, G, H, A, W2[55]); 226| 471| SHA2_64_F(A, B, C, D, E, F, G, H, W2[56]); 227| 471| SHA2_64_F(H, A, B, C, D, E, F, G, W2[57]); 228| 471| SHA2_64_F(G, H, A, B, C, D, E, F, W2[58]); 229| 471| SHA2_64_F(F, G, H, A, B, C, D, E, W2[59]); 230| 471| SHA2_64_F(E, F, G, H, A, B, C, D, W2[60]); 231| 471| SHA2_64_F(D, E, F, G, H, A, B, C, W2[61]); 232| 471| SHA2_64_F(C, D, E, F, G, H, A, B, W2[62]); 233| 471| SHA2_64_F(B, C, D, E, F, G, H, A, W2[63]); 234| | 235| 471| SHA2_64_F(A, B, C, D, E, F, G, H, W2[64]); 236| 471| SHA2_64_F(H, A, B, C, D, E, F, G, W2[65]); 237| 471| SHA2_64_F(G, H, A, B, C, D, E, F, W2[66]); 238| 471| SHA2_64_F(F, G, H, A, B, C, D, E, W2[67]); 239| 471| SHA2_64_F(E, F, G, H, A, B, C, D, W2[68]); 240| 471| SHA2_64_F(D, E, F, G, H, A, B, C, W2[69]); 241| 471| SHA2_64_F(C, D, E, F, G, H, A, B, W2[70]); 242| 471| SHA2_64_F(B, C, D, E, F, G, H, A, W2[71]); 243| 471| SHA2_64_F(A, B, C, D, E, F, G, H, W2[72]); 244| 471| SHA2_64_F(H, A, B, C, D, E, F, G, W2[73]); 245| 471| SHA2_64_F(G, H, A, B, C, D, E, F, W2[74]); 246| 471| SHA2_64_F(F, G, H, A, B, C, D, E, W2[75]); 247| 471| SHA2_64_F(E, F, G, H, A, B, C, D, W2[76]); 248| 471| SHA2_64_F(D, E, F, G, H, A, B, C, W2[77]); 249| 471| SHA2_64_F(C, D, E, F, G, H, A, B, W2[78]); 250| 471| SHA2_64_F(B, C, D, E, F, G, H, A, W2[79]); 251| | 252| 471| A = (digest[0] += A); 253| 471| B = (digest[1] += B); 254| 471| C = (digest[2] += C); 255| 471| D = (digest[3] += D); 256| 471| E = (digest[4] += E); 257| 471| F = (digest[5] += F); 258| 471| G = (digest[6] += G); 259| 471| H = (digest[7] += H); 260| 471| } 261| | 262| 27.3k| while(blocks > 0) { ------------------ | Branch (262:10): [True: 13.4k, False: 13.8k] ------------------ 263| 13.4k| SIMD_2x64 WS[8]; 264| | 265| 121k| for(size_t i = 0; i < 8; i++) { ------------------ | Branch (265:25): [True: 107k, False: 13.4k] ------------------ 266| 107k| WS[i] = SIMD_2x64::load_be(&data[16 * i]); 267| 107k| auto WK = WS[i] + SIMD_2x64::load_le(&K[2 * i]); 268| 107k| WK.store_le(&W[2 * i]); 269| 107k| } 270| | 271| 13.4k| data += 128; 272| 13.4k| blocks -= 1; 273| | 274| | // First 64 rounds of SHA-512 275| 67.4k| for(size_t r = 0; r != 64; r += 16) { ------------------ | Branch (275:25): [True: 53.9k, False: 13.4k] ------------------ 276| 53.9k| auto w = sha512_next_w(WS) + SIMD_2x64::load_le(&K[r + 16]); 277| 53.9k| SHA2_64_F(A, B, C, D, E, F, G, H, W[0]); 278| 53.9k| SHA2_64_F(H, A, B, C, D, E, F, G, W[1]); 279| 53.9k| w.store_le(&W[0]); 280| | 281| 53.9k| w = sha512_next_w(WS) + SIMD_2x64::load_le(&K[r + 18]); 282| 53.9k| SHA2_64_F(G, H, A, B, C, D, E, F, W[2]); 283| 53.9k| SHA2_64_F(F, G, H, A, B, C, D, E, W[3]); 284| 53.9k| w.store_le(&W[2]); 285| | 286| 53.9k| w = sha512_next_w(WS) + SIMD_2x64::load_le(&K[r + 20]); 287| 53.9k| SHA2_64_F(E, F, G, H, A, B, C, D, W[4]); 288| 53.9k| SHA2_64_F(D, E, F, G, H, A, B, C, W[5]); 289| 53.9k| w.store_le(&W[4]); 290| | 291| 53.9k| w = sha512_next_w(WS) + SIMD_2x64::load_le(&K[r + 22]); 292| 53.9k| SHA2_64_F(C, D, E, F, G, H, A, B, W[6]); 293| 53.9k| SHA2_64_F(B, C, D, E, F, G, H, A, W[7]); 294| 53.9k| w.store_le(&W[6]); 295| | 296| 53.9k| w = sha512_next_w(WS) + SIMD_2x64::load_le(&K[r + 24]); 297| 53.9k| SHA2_64_F(A, B, C, D, E, F, G, H, W[8]); 298| 53.9k| SHA2_64_F(H, A, B, C, D, E, F, G, W[9]); 299| 53.9k| w.store_le(&W[8]); 300| | 301| 53.9k| w = sha512_next_w(WS) + SIMD_2x64::load_le(&K[r + 26]); 302| 53.9k| SHA2_64_F(G, H, A, B, C, D, E, F, W[10]); 303| 53.9k| SHA2_64_F(F, G, H, A, B, C, D, E, W[11]); 304| 53.9k| w.store_le(&W[10]); 305| | 306| 53.9k| w = sha512_next_w(WS) + SIMD_2x64::load_le(&K[r + 28]); 307| 53.9k| SHA2_64_F(E, F, G, H, A, B, C, D, W[12]); 308| 53.9k| SHA2_64_F(D, E, F, G, H, A, B, C, W[13]); 309| 53.9k| w.store_le(&W[12]); 310| | 311| 53.9k| w = sha512_next_w(WS) + SIMD_2x64::load_le(&K[r + 30]); 312| 53.9k| SHA2_64_F(C, D, E, F, G, H, A, B, W[14]); 313| 53.9k| SHA2_64_F(B, C, D, E, F, G, H, A, W[15]); 314| 53.9k| w.store_le(&W[14]); 315| 53.9k| } 316| | 317| | // Final 16 rounds of SHA-512 318| 13.4k| SHA2_64_F(A, B, C, D, E, F, G, H, W[0]); 319| 13.4k| SHA2_64_F(H, A, B, C, D, E, F, G, W[1]); 320| 13.4k| SHA2_64_F(G, H, A, B, C, D, E, F, W[2]); 321| 13.4k| SHA2_64_F(F, G, H, A, B, C, D, E, W[3]); 322| 13.4k| SHA2_64_F(E, F, G, H, A, B, C, D, W[4]); 323| 13.4k| SHA2_64_F(D, E, F, G, H, A, B, C, W[5]); 324| 13.4k| SHA2_64_F(C, D, E, F, G, H, A, B, W[6]); 325| 13.4k| SHA2_64_F(B, C, D, E, F, G, H, A, W[7]); 326| 13.4k| SHA2_64_F(A, B, C, D, E, F, G, H, W[8]); 327| 13.4k| SHA2_64_F(H, A, B, C, D, E, F, G, W[9]); 328| 13.4k| SHA2_64_F(G, H, A, B, C, D, E, F, W[10]); 329| 13.4k| SHA2_64_F(F, G, H, A, B, C, D, E, W[11]); 330| 13.4k| SHA2_64_F(E, F, G, H, A, B, C, D, W[12]); 331| 13.4k| SHA2_64_F(D, E, F, G, H, A, B, C, W[13]); 332| 13.4k| SHA2_64_F(C, D, E, F, G, H, A, B, W[14]); 333| 13.4k| SHA2_64_F(B, C, D, E, F, G, H, A, W[15]); 334| | 335| 13.4k| A = (digest[0] += A); 336| 13.4k| B = (digest[1] += B); 337| 13.4k| C = (digest[2] += C); 338| 13.4k| D = (digest[3] += D); 339| 13.4k| E = (digest[4] += E); 340| 13.4k| F = (digest[5] += F); 341| 13.4k| G = (digest[6] += G); 342| 13.4k| H = (digest[7] += H); 343| 13.4k| } 344| 13.8k|} sha2_64_avx2.cpp:_ZN5Botan12_GLOBAL__N_113sha512_next_wINS_9SIMD_4x64EEET_PS3_: 19| 15.0k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_AVX2_BMI2 SIMD_T sha512_next_w(SIMD_T x[8]) { 20| 15.0k| auto t0 = SIMD_T::alignr8(x[1], x[0]); 21| 15.0k| auto t1 = SIMD_T::alignr8(x[5], x[4]); 22| | 23| 15.0k| auto s0 = t0.template rotr<1>() ^ t0.template rotr<8>() ^ t0.template shr<7>(); 24| 15.0k| auto s1 = x[7].template rotr<19>() ^ x[7].template rotr<61>() ^ x[7].template shr<6>(); 25| | 26| 15.0k| auto nx = x[0] + s0 + s1 + t1; 27| | 28| 15.0k| x[0] = x[1]; 29| 15.0k| x[1] = x[2]; 30| 15.0k| x[2] = x[3]; 31| 15.0k| x[3] = x[4]; 32| 15.0k| x[4] = x[5]; 33| 15.0k| x[5] = x[6]; 34| 15.0k| x[6] = x[7]; 35| 15.0k| x[7] = nx; 36| | 37| 15.0k| return x[7]; 38| 15.0k|} sha2_64_avx2.cpp:_ZN5Botan12_GLOBAL__N_113sha512_next_wINS_9SIMD_2x64EEET_PS3_: 19| 431k|BOTAN_FORCE_INLINE BOTAN_FN_ISA_AVX2_BMI2 SIMD_T sha512_next_w(SIMD_T x[8]) { 20| 431k| auto t0 = SIMD_T::alignr8(x[1], x[0]); 21| 431k| auto t1 = SIMD_T::alignr8(x[5], x[4]); 22| | 23| 431k| auto s0 = t0.template rotr<1>() ^ t0.template rotr<8>() ^ t0.template shr<7>(); 24| 431k| auto s1 = x[7].template rotr<19>() ^ x[7].template rotr<61>() ^ x[7].template shr<6>(); 25| | 26| 431k| auto nx = x[0] + s0 + s1 + t1; 27| | 28| 431k| x[0] = x[1]; 29| 431k| x[1] = x[2]; 30| 431k| x[2] = x[3]; 31| 431k| x[3] = x[4]; 32| 431k| x[4] = x[5]; 33| 431k| x[5] = x[6]; 34| 431k| x[6] = x[7]; 35| 431k| x[7] = nx; 36| | 37| 431k| return x[7]; 38| 431k|} _ZN5Botan3KDF6createENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 73| 1.72k|std::unique_ptr KDF::create(std::string_view algo_spec, std::string_view provider) { 74| 1.72k| const SCAN_Name req(algo_spec); 75| | 76| 1.72k|#if defined(BOTAN_HAS_HKDF) 77| 1.72k| if(req.algo_name() == "HKDF" && req.arg_count() == 1) { ------------------ | Branch (77:7): [True: 0, False: 1.72k] | Branch (77:36): [True: 0, False: 0] ------------------ 78| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (78:10): [True: 0, False: 0] | Branch (78:30): [True: 0, False: 0] ------------------ 79| 0| return kdf_create_mac_or_hash(req.arg(0)); 80| 0| } 81| 0| } 82| | 83| 1.72k| if(req.algo_name() == "HKDF-Extract" && req.arg_count() == 1) { ------------------ | Branch (83:7): [True: 0, False: 1.72k] | Branch (83:44): [True: 0, False: 0] ------------------ 84| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (84:10): [True: 0, False: 0] | Branch (84:30): [True: 0, False: 0] ------------------ 85| 0| return kdf_create_mac_or_hash(req.arg(0)); 86| 0| } 87| 0| } 88| | 89| 1.72k| if(req.algo_name() == "HKDF-Expand" && req.arg_count() == 1) { ------------------ | Branch (89:7): [True: 0, False: 1.72k] | Branch (89:43): [True: 0, False: 0] ------------------ 90| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (90:10): [True: 0, False: 0] | Branch (90:30): [True: 0, False: 0] ------------------ 91| 0| return kdf_create_mac_or_hash(req.arg(0)); 92| 0| } 93| 0| } 94| 1.72k|#endif 95| | 96| 1.72k|#if defined(BOTAN_HAS_KDF2) 97| 1.72k| if(req.algo_name() == "KDF2" && req.arg_count() == 1) { ------------------ | Branch (97:7): [True: 0, False: 1.72k] | Branch (97:36): [True: 0, False: 0] ------------------ 98| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (98:10): [True: 0, False: 0] | Branch (98:30): [True: 0, False: 0] ------------------ 99| 0| if(auto hash = HashFunction::create(req.arg(0))) { ------------------ | Branch (99:18): [True: 0, False: 0] ------------------ 100| 0| return std::make_unique(std::move(hash)); 101| 0| } 102| 0| } 103| 0| } 104| 1.72k|#endif 105| | 106| 1.72k|#if defined(BOTAN_HAS_KDF1_18033) 107| 1.72k| if(req.algo_name() == "KDF1-18033" && req.arg_count() == 1) { ------------------ | Branch (107:7): [True: 0, False: 1.72k] | Branch (107:42): [True: 0, False: 0] ------------------ 108| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (108:10): [True: 0, False: 0] | Branch (108:30): [True: 0, False: 0] ------------------ 109| 0| if(auto hash = HashFunction::create(req.arg(0))) { ------------------ | Branch (109:18): [True: 0, False: 0] ------------------ 110| 0| return std::make_unique(std::move(hash)); 111| 0| } 112| 0| } 113| 0| } 114| 1.72k|#endif 115| | 116| 1.72k|#if defined(BOTAN_HAS_KDF1) 117| 1.72k| if(req.algo_name() == "KDF1" && req.arg_count() == 1) { ------------------ | Branch (117:7): [True: 0, False: 1.72k] | Branch (117:36): [True: 0, False: 0] ------------------ 118| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (118:10): [True: 0, False: 0] | Branch (118:30): [True: 0, False: 0] ------------------ 119| 0| if(auto hash = HashFunction::create(req.arg(0))) { ------------------ | Branch (119:18): [True: 0, False: 0] ------------------ 120| 0| return std::make_unique(std::move(hash)); 121| 0| } 122| 0| } 123| 0| } 124| 1.72k|#endif 125| | 126| 1.72k|#if defined(BOTAN_HAS_TLS_V12_PRF) 127| 1.72k| if(req.algo_name() == "TLS-12-PRF" && req.arg_count() == 1) { ------------------ | Branch (127:7): [True: 1.72k, False: 0] | Branch (127:42): [True: 1.72k, False: 0] ------------------ 128| 1.72k| if(provider.empty() || provider == "base") { ------------------ | Branch (128:10): [True: 1.72k, False: 0] | Branch (128:30): [True: 0, False: 0] ------------------ 129| 1.72k| return kdf_create_mac_or_hash(req.arg(0)); 130| 1.72k| } 131| 1.72k| } 132| 0|#endif 133| | 134| 0|#if defined(BOTAN_HAS_X942_PRF) 135| 0| if(req.algo_name() == "X9.42-PRF" && req.arg_count() == 1) { ------------------ | Branch (135:7): [True: 0, False: 0] | Branch (135:41): [True: 0, False: 0] ------------------ 136| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (136:10): [True: 0, False: 0] | Branch (136:30): [True: 0, False: 0] ------------------ 137| 0| return std::make_unique(req.arg(0)); 138| 0| } 139| 0| } 140| 0|#endif 141| | 142| 0|#if defined(BOTAN_HAS_SP800_108) 143| 0| if(req.algo_name() == "SP800-108-Counter" && req.arg_count_between(1, 3)) { ------------------ | Branch (143:7): [True: 0, False: 0] | Branch (143:49): [True: 0, False: 0] ------------------ 144| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (144:10): [True: 0, False: 0] | Branch (144:30): [True: 0, False: 0] ------------------ 145| 0| return kdf_create_mac_or_hash( 146| 0| req.arg(0), req.arg_as_integer(1, 32), req.arg_as_integer(2, 32)); 147| 0| } 148| 0| } 149| | 150| 0| if(req.algo_name() == "SP800-108-Feedback" && req.arg_count_between(1, 3)) { ------------------ | Branch (150:7): [True: 0, False: 0] | Branch (150:50): [True: 0, False: 0] ------------------ 151| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (151:10): [True: 0, False: 0] | Branch (151:30): [True: 0, False: 0] ------------------ 152| 0| return kdf_create_mac_or_hash( 153| 0| req.arg(0), req.arg_as_integer(1, 32), req.arg_as_integer(2, 32)); 154| 0| } 155| 0| } 156| | 157| 0| if(req.algo_name() == "SP800-108-Pipeline" && req.arg_count_between(1, 3)) { ------------------ | Branch (157:7): [True: 0, False: 0] | Branch (157:50): [True: 0, False: 0] ------------------ 158| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (158:10): [True: 0, False: 0] | Branch (158:30): [True: 0, False: 0] ------------------ 159| 0| return kdf_create_mac_or_hash( 160| 0| req.arg(0), req.arg_as_integer(1, 32), req.arg_as_integer(2, 32)); 161| 0| } 162| 0| } 163| 0|#endif 164| | 165| 0|#if defined(BOTAN_HAS_SP800_56A) 166| 0| if(req.algo_name() == "SP800-56A" && req.arg_count() == 1) { ------------------ | Branch (166:7): [True: 0, False: 0] | Branch (166:41): [True: 0, False: 0] ------------------ 167| 0| if(auto hash = HashFunction::create(req.arg(0))) { ------------------ | Branch (167:15): [True: 0, False: 0] ------------------ 168| 0| return std::make_unique(std::move(hash)); 169| 0| } 170| 0| if(req.arg(0) == "KMAC-128") { ------------------ | Branch (170:10): [True: 0, False: 0] ------------------ 171| 0| return std::make_unique(); 172| 0| } 173| 0| if(req.arg(0) == "KMAC-256") { ------------------ | Branch (173:10): [True: 0, False: 0] ------------------ 174| 0| return std::make_unique(); 175| 0| } 176| 0| if(auto mac = MessageAuthenticationCode::create(req.arg(0))) { ------------------ | Branch (176:15): [True: 0, False: 0] ------------------ 177| 0| return std::make_unique(std::move(mac)); 178| 0| } 179| 0| } 180| 0|#endif 181| | 182| 0|#if defined(BOTAN_HAS_SP800_56C) 183| 0| if(req.algo_name() == "SP800-56C" && req.arg_count() == 1) { ------------------ | Branch (183:7): [True: 0, False: 0] | Branch (183:41): [True: 0, False: 0] ------------------ 184| 0| std::unique_ptr exp(kdf_create_mac_or_hash(req.arg(0), 32, 32)); 185| 0| if(exp) { ------------------ | Branch (185:10): [True: 0, False: 0] ------------------ 186| 0| if(auto mac = MessageAuthenticationCode::create(req.arg(0))) { ------------------ | Branch (186:18): [True: 0, False: 0] ------------------ 187| 0| return std::make_unique(std::move(mac), std::move(exp)); 188| 0| } 189| | 190| 0| if(auto mac = MessageAuthenticationCode::create(fmt("HMAC({})", req.arg(0)))) { ------------------ | Branch (190:18): [True: 0, False: 0] ------------------ 191| 0| return std::make_unique(std::move(mac), std::move(exp)); 192| 0| } 193| 0| } 194| 0| } 195| 0|#endif 196| | 197| 0| BOTAN_UNUSED(req); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 198| 0| BOTAN_UNUSED(provider); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 199| | 200| 0| return nullptr; 201| 0|} _ZN5Botan3KDF15create_or_throwENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 204| 1.72k|std::unique_ptr KDF::create_or_throw(std::string_view algo, std::string_view provider) { 205| 1.72k| if(auto kdf = KDF::create(algo, provider)) { ------------------ | Branch (205:12): [True: 1.72k, False: 0] ------------------ 206| 1.72k| return kdf; 207| 1.72k| } 208| 0| throw Lookup_Error("KDF", algo, provider); 209| 1.72k|} kdf.cpp:_ZN5Botan12_GLOBAL__N_122kdf_create_mac_or_hashINS_10TLS_12_PRFEJEEENSt3__110unique_ptrINS_3KDFENS3_14default_deleteIS5_EEEENS3_17basic_string_viewIcNS3_11char_traitsIcEEEEDpOT0_: 59| 1.72k|std::unique_ptr kdf_create_mac_or_hash(std::string_view nm, ParamTs&&... params) { 60| 1.72k| if(auto mac = MessageAuthenticationCode::create(fmt("HMAC({})", nm))) { ------------------ | Branch (60:12): [True: 1.72k, False: 0] ------------------ 61| 1.72k| return std::make_unique(std::move(mac), std::forward(params)...); 62| 1.72k| } 63| | 64| 0| if(auto mac = MessageAuthenticationCode::create(nm)) { ------------------ | Branch (64:12): [True: 0, False: 0] ------------------ 65| 0| return std::make_unique(std::move(mac), std::forward(params)...); 66| 0| } 67| | 68| 0| return nullptr; 69| 0|} _ZNK5Botan10TLS_12_PRF11perform_kdfENSt3__14spanIhLm18446744073709551615EEENS2_IKhLm18446744073709551615EEES5_S5_: 25| 3.19k| std::span label) const { 26| 3.19k| try { 27| 3.19k| m_mac->set_key(secret); 28| 3.19k| } catch(Invalid_Key_Length&) { 29| 0| throw Internal_Error(fmt("The premaster secret of {} bytes is too long for TLS-PRF", secret.size())); 30| 0| } 31| | 32| 3.19k| auto A = concat>(label, salt); 33| 3.19k| secure_vector h; 34| | 35| 3.19k| BufferStuffer o(key); 36| 10.8k| while(!o.full()) { ------------------ | Branch (36:10): [True: 7.61k, False: 3.19k] ------------------ 37| 7.61k| A = m_mac->process(A); 38| | 39| 7.61k| m_mac->update(A); 40| 7.61k| m_mac->update(label); 41| 7.61k| m_mac->update(salt); 42| 7.61k| m_mac->final(h); 43| | 44| 7.61k| const size_t writing = std::min(h.size(), o.remaining_capacity()); 45| 7.61k| xor_buf(o.next(writing), std::span{h}.first(writing)); 46| 7.61k| } 47| 3.19k|} _ZN5Botan4HMAC8add_dataENSt3__14spanIKhLm18446744073709551615EEE: 20| 65.6k|void HMAC::add_data(std::span input) { 21| 65.6k| assert_key_material_set(); 22| 65.6k| m_hash->update(input); 23| 65.6k|} _ZN5Botan4HMAC12final_resultENSt3__14spanIhLm18446744073709551615EEE: 28| 24.1k|void HMAC::final_result(std::span mac) { 29| 24.1k| assert_key_material_set(); 30| 24.1k| m_hash->final(mac); 31| 24.1k| m_hash->update(m_okey); 32| 24.1k| m_hash->update(mac.first(m_hash_output_length)); 33| 24.1k| m_hash->final(mac); 34| 24.1k| m_hash->update(m_ikey); 35| 24.1k|} _ZNK5Botan4HMAC8key_specEv: 37| 12.3k|Key_Length_Specification HMAC::key_spec() const { 38| | // Support very long lengths for things like PBKDF2 and the TLS PRF 39| 12.3k| return Key_Length_Specification(0, 8192); 40| 12.3k|} _ZNK5Botan4HMAC13output_lengthEv: 42| 32.9k|size_t HMAC::output_length() const { 43| 32.9k| return m_hash_output_length; 44| 32.9k|} _ZNK5Botan4HMAC19has_keying_materialEv: 46| 89.7k|bool HMAC::has_keying_material() const { 47| 89.7k| return !m_okey.empty(); 48| 89.7k|} _ZN5Botan4HMAC12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 53| 12.0k|void HMAC::key_schedule(std::span key) { 54| 12.0k| const uint8_t ipad = 0x36; 55| 12.0k| const uint8_t opad = 0x5C; 56| | 57| 12.0k| m_hash->clear(); 58| | 59| 12.0k| m_ikey.resize(m_hash_block_size); 60| 12.0k| m_okey.resize(m_hash_block_size); 61| | 62| 12.0k| clear_mem(m_ikey.data(), m_ikey.size()); 63| 12.0k| clear_mem(m_okey.data(), m_okey.size()); 64| | 65| | /* 66| | * Sometimes the HMAC key length itself is sensitive, as with PBKDF2 where it 67| | * reveals the length of the passphrase. Make some attempt to hide this to 68| | * side channels. Clearly if the secret is longer than the block size then the 69| | * branch to hash first reveals that. In addition, counting the number of 70| | * compression functions executed reveals the size at the granularity of the 71| | * hash function's block size. 72| | * 73| | * The greater concern is for smaller keys; being able to detect when a 74| | * passphrase is say 4 bytes may assist choosing weaker targets. Even though 75| | * the loop bounds are constant, we can only actually read key[0..length] so 76| | * it doesn't seem possible to make this computation truly constant time. 77| | * 78| | * We don't mind leaking if the length is exactly zero since that's 79| | * trivial to simply check. 80| | */ 81| | 82| 12.0k| if(key.size() > m_hash_block_size) { ------------------ | Branch (82:7): [True: 497, False: 11.5k] ------------------ 83| 497| m_hash->update(key); 84| 497| m_hash->final(m_ikey.data()); 85| 11.5k| } else if(key.size() >= 20) { ------------------ | Branch (85:14): [True: 2.95k, False: 8.63k] ------------------ 86| | // For long keys we just leak the length either it is a cryptovariable 87| | // or a long enough password that just the length is not a useful signal 88| 2.95k| copy_mem(std::span{m_ikey}.first(key.size()), key); 89| 8.63k| } else if(!key.empty()) { ------------------ | Branch (89:14): [True: 8.63k, False: 0] ------------------ 90| 561k| for(size_t i = 0, i_mod_length = 0; i != m_hash_block_size; ++i) { ------------------ | Branch (90:43): [True: 552k, False: 8.63k] ------------------ 91| | /* 92| | access key[i % length] but avoiding division due to variable 93| | time computation on some processors. 94| | */ 95| 552k| auto needs_reduction = CT::Mask::is_lte(key.size(), i_mod_length); 96| 552k| i_mod_length = needs_reduction.select(0, i_mod_length); 97| 552k| const uint8_t kb = key[i_mod_length]; 98| | 99| 552k| auto in_range = CT::Mask::is_lt(i, key.size()); 100| 552k| m_ikey[i] = static_cast(in_range.if_set_return(kb)); 101| 552k| i_mod_length += 1; 102| 552k| } 103| 8.63k| } 104| | 105| 830k| for(size_t i = 0; i != m_hash_block_size; ++i) { ------------------ | Branch (105:22): [True: 818k, False: 12.0k] ------------------ 106| 818k| m_ikey[i] ^= ipad; 107| 818k| m_okey[i] = m_ikey[i] ^ ipad ^ opad; 108| 818k| } 109| | 110| 12.0k| m_hash->update(m_ikey); 111| 12.0k|} _ZNK5Botan4HMAC4nameEv: 125| 353|std::string HMAC::name() const { 126| 353| return fmt("HMAC({})", m_hash->name()); 127| 353|} _ZN5Botan4HMACC2ENSt3__110unique_ptrINS_12HashFunctionENS1_14default_deleteIS3_EEEE: 140| 10.6k| m_hash(std::move(hash)), 141| 10.6k| m_hash_output_length(m_hash->output_length()), 142| 10.6k| m_hash_block_size(m_hash->hash_block_size()) { 143| 10.6k| BOTAN_ARG_CHECK(m_hash_block_size >= m_hash_output_length, "HMAC is not compatible with this hash function"); ------------------ | | 35| 10.6k| do { \ | | 36| 10.6k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 10.6k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 10.6k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 10.6k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 10.6k] | | ------------------ ------------------ 144| 10.6k|} _ZN5Botan25MessageAuthenticationCode6createENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 51| 10.6k| std::string_view provider) { 52| 10.6k| const SCAN_Name req(algo_spec); 53| | 54| 10.6k|#if defined(BOTAN_HAS_BLAKE2BMAC) 55| 10.6k| if(req.algo_name() == "Blake2b" || req.algo_name() == "BLAKE2b") { ------------------ | Branch (55:7): [True: 0, False: 10.6k] | Branch (55:39): [True: 0, False: 10.6k] ------------------ 56| 0| return std::make_unique(req.arg_as_integer(0, 512)); 57| 0| } 58| 10.6k|#endif 59| | 60| 10.6k|#if defined(BOTAN_HAS_GMAC) 61| 10.6k| if(req.algo_name() == "GMAC" && req.arg_count() == 1) { ------------------ | Branch (61:7): [True: 0, False: 10.6k] | Branch (61:36): [True: 0, False: 0] ------------------ 62| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (62:10): [True: 0, False: 0] | Branch (62:30): [True: 0, False: 0] ------------------ 63| 0| if(auto bc = BlockCipher::create(req.arg(0))) { ------------------ | Branch (63:18): [True: 0, False: 0] ------------------ 64| 0| return std::make_unique(std::move(bc)); 65| 0| } 66| 0| } 67| 0| } 68| 10.6k|#endif 69| | 70| 10.6k|#if defined(BOTAN_HAS_HMAC) 71| 10.6k| if(req.algo_name() == "HMAC" && req.arg_count() == 1) { ------------------ | Branch (71:7): [True: 10.6k, False: 0] | Branch (71:36): [True: 10.6k, False: 0] ------------------ 72| 10.6k| if(provider.empty() || provider == "base") { ------------------ | Branch (72:10): [True: 10.6k, False: 0] | Branch (72:30): [True: 0, False: 0] ------------------ 73| 10.6k| if(auto hash = HashFunction::create(req.arg(0))) { ------------------ | Branch (73:18): [True: 10.6k, False: 0] ------------------ 74| 10.6k| return std::make_unique(std::move(hash)); 75| 10.6k| } 76| 10.6k| } 77| 10.6k| } 78| 0|#endif 79| | 80| 0|#if defined(BOTAN_HAS_POLY1305) 81| 0| if(req.algo_name() == "Poly1305" && req.arg_count() == 0) { ------------------ | Branch (81:7): [True: 0, False: 0] | Branch (81:40): [True: 0, False: 0] ------------------ 82| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (82:10): [True: 0, False: 0] | Branch (82:30): [True: 0, False: 0] ------------------ 83| 0| return std::make_unique(); 84| 0| } 85| 0| } 86| 0|#endif 87| | 88| 0|#if defined(BOTAN_HAS_SIPHASH) 89| 0| if(req.algo_name() == "SipHash") { ------------------ | Branch (89:7): [True: 0, False: 0] ------------------ 90| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (90:10): [True: 0, False: 0] | Branch (90:30): [True: 0, False: 0] ------------------ 91| 0| return std::make_unique(req.arg_as_integer(0, 2), req.arg_as_integer(1, 4)); 92| 0| } 93| 0| } 94| 0|#endif 95| | 96| 0|#if defined(BOTAN_HAS_CMAC) 97| 0| if((req.algo_name() == "CMAC" || req.algo_name() == "OMAC") && req.arg_count() == 1) { ------------------ | Branch (97:8): [True: 0, False: 0] | Branch (97:37): [True: 0, False: 0] | Branch (97:67): [True: 0, False: 0] ------------------ 98| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (98:10): [True: 0, False: 0] | Branch (98:30): [True: 0, False: 0] ------------------ 99| 0| if(auto bc = BlockCipher::create(req.arg(0))) { ------------------ | Branch (99:18): [True: 0, False: 0] ------------------ 100| 0| return std::make_unique(std::move(bc)); 101| 0| } 102| 0| } 103| 0| } 104| 0|#endif 105| | 106| 0|#if defined(BOTAN_HAS_ANSI_X919_MAC) 107| 0| if(req.algo_name() == "X9.19-MAC") { ------------------ | Branch (107:7): [True: 0, False: 0] ------------------ 108| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (108:10): [True: 0, False: 0] | Branch (108:30): [True: 0, False: 0] ------------------ 109| 0| return std::make_unique(); 110| 0| } 111| 0| } 112| 0|#endif 113| | 114| 0|#if defined(BOTAN_HAS_KMAC) 115| 0| if(req.algo_name() == "KMAC-128") { ------------------ | Branch (115:7): [True: 0, False: 0] ------------------ 116| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (116:10): [True: 0, False: 0] | Branch (116:30): [True: 0, False: 0] ------------------ 117| 0| if(req.arg_count() != 1) { ------------------ | Branch (117:13): [True: 0, False: 0] ------------------ 118| 0| throw Invalid_Argument( 119| 0| "invalid algorithm specification for KMAC-128: need exactly one argument for output bit length"); 120| 0| } 121| 0| return std::make_unique(req.arg_as_integer(0)); 122| 0| } 123| 0| } 124| | 125| 0| if(req.algo_name() == "KMAC-256") { ------------------ | Branch (125:7): [True: 0, False: 0] ------------------ 126| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (126:10): [True: 0, False: 0] | Branch (126:30): [True: 0, False: 0] ------------------ 127| 0| if(req.arg_count() != 1) { ------------------ | Branch (127:13): [True: 0, False: 0] ------------------ 128| 0| throw Invalid_Argument( 129| 0| "invalid algorithm specification for KMAC-256: need exactly one argument for output bit length"); 130| 0| } 131| 0| return std::make_unique(req.arg_as_integer(0)); 132| 0| } 133| 0| } 134| 0|#endif 135| | 136| 0| BOTAN_UNUSED(req); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 137| 0| BOTAN_UNUSED(provider); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 138| | 139| 0| return nullptr; 140| 0|} _ZN5Botan25MessageAuthenticationCode15create_or_throwENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 148| 8.89k| std::string_view provider) { 149| 8.89k| if(auto mac = MessageAuthenticationCode::create(algo, provider)) { ------------------ | Branch (149:12): [True: 8.89k, False: 0] ------------------ 150| 8.89k| return mac; 151| 8.89k| } 152| 0| throw Lookup_Error("MAC", algo, provider); 153| 8.89k|} _ZN5Botan6BigInt17from_radix_digitsENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEEm: 125| 36|BigInt BigInt::from_radix_digits(std::string_view digits, size_t radix) { 126| 36| if(radix == 16) { ------------------ | Branch (126:7): [True: 36, False: 0] ------------------ 127| 36| secure_vector binary; 128| | 129| 36| if(digits.size() % 2 == 1) { ------------------ | Branch (129:10): [True: 5, False: 31] ------------------ 130| | // Handle lack of leading 0 131| 5| const char buf0_with_leading_0[2] = {'0', digits[0]}; 132| | 133| 5| binary = hex_decode_locked(buf0_with_leading_0, 2); 134| | 135| 5| if(digits.size() > 1) { ------------------ | Branch (135:13): [True: 5, False: 0] ------------------ 136| 5| binary += hex_decode_locked(&digits[1], digits.size() - 1, false); 137| 5| } 138| 31| } else { 139| 31| binary = hex_decode_locked(digits, false); 140| 31| } 141| | 142| 36| return BigInt::from_bytes(binary); 143| 36| } else if(radix == 10) { ------------------ | Branch (143:14): [True: 0, False: 0] ------------------ 144| | // Use the largest power of 10 that fits in a word, accumulating 145| | // groups of digits into word-sized chunks to minimize the number 146| | // of multiprecision multiplications. 147| 0| constexpr word conversion_radix = decimal_conversion_radix(); 148| 0| constexpr size_t radix_digits = decimal_conversion_radix_digits(); 149| | 150| 0| BigInt r; 151| | 152| | // Handle the initial partial block (if digit count is not a multiple of radix_digits) 153| 0| const size_t partial_block = digits.size() % radix_digits; 154| | 155| 0| if(partial_block > 0) { ------------------ | Branch (155:10): [True: 0, False: 0] ------------------ 156| 0| word acc = 0; 157| 0| for(size_t i = 0; i < partial_block; ++i) { ------------------ | Branch (157:28): [True: 0, False: 0] ------------------ 158| 0| const char c = digits[i]; 159| 0| BOTAN_ARG_CHECK(c >= '0' && c <= '9', "Invalid decimal character"); ------------------ | | 35| 0| do { \ | | 36| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 0| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 0, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 0| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 0] | | ------------------ ------------------ 160| 0| acc = acc * 10 + static_cast(c - '0'); 161| 0| } 162| 0| r += acc; 163| 0| } 164| | 165| | // Process full blocks of radix_digits 166| 0| for(size_t i = partial_block; i != digits.size(); i += radix_digits) { ------------------ | Branch (166:37): [True: 0, False: 0] ------------------ 167| 0| word acc = 0; 168| 0| for(size_t j = 0; j < radix_digits; ++j) { ------------------ | Branch (168:28): [True: 0, False: 0] ------------------ 169| 0| const char c = digits[i + j]; 170| 0| BOTAN_ARG_CHECK(c >= '0' && c <= '9', "Invalid decimal character"); ------------------ | | 35| 0| do { \ | | 36| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 0| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 0, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 0| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 0] | | ------------------ ------------------ 171| 0| acc = acc * 10 + static_cast(c - '0'); 172| 0| } 173| 0| r *= conversion_radix; 174| 0| r += acc; 175| 0| } 176| | 177| 0| return r; 178| 0| } else { 179| 0| throw Invalid_Argument("BigInt::from_radix_digits unknown radix"); 180| 0| } 181| 36|} _ZN5Botan6BigIntmIERKS0_: 23| 101|BigInt& BigInt::operator-=(const BigInt& y) { 24| 101| if(&y == this) { ------------------ | Branch (24:7): [True: 0, False: 101] ------------------ 25| 0| this->clear(); 26| 0| this->set_sign(Positive); 27| 0| return *this; 28| 0| } 29| 101| return sub(y._data(), y.sig_words(), y.sign()); 30| 101|} _ZN5Botan6BigInt3addEPKmmNS0_4SignE: 32| 101|BigInt& BigInt::add(const word y[], size_t y_words, Sign y_sign) { 33| 101| const size_t x_sw = sig_words(); 34| | 35| 101| grow_to(std::max(x_sw, y_words) + 1); 36| | 37| 101| if(sign() == y_sign) { ------------------ | Branch (37:7): [True: 0, False: 101] ------------------ 38| 0| const word carry = bigint_add2(mutable_data(), size() - 1, y, y_words); 39| 0| mutable_data()[size() - 1] += carry; 40| 101| } else { 41| 101| const int32_t relative_size = bigint_cmp(_data(), x_sw, y, y_words); 42| | 43| 101| if(relative_size >= 0) { ------------------ | Branch (43:10): [True: 101, False: 0] ------------------ 44| | // *this >= y 45| 101| bigint_sub2(mutable_data(), x_sw, y, y_words); 46| 101| } else { 47| | // *this < y: compute *this = y - *this 48| 0| bigint_sub2_rev(mutable_data(), y, y_words); 49| 0| } 50| | 51| 101| if(relative_size < 0) { ------------------ | Branch (51:10): [True: 0, False: 101] ------------------ 52| 0| set_sign(y_sign); 53| 101| } else if(relative_size == 0) { ------------------ | Branch (53:17): [True: 0, False: 101] ------------------ 54| 0| set_sign(Positive); 55| 0| } 56| 101| } 57| | 58| 101| return (*this); 59| 101|} _ZN5Botan6BigIntlSEm: 269| 3|BigInt& BigInt::operator<<=(size_t shift) { 270| 3| if(shift >= 65536) { ------------------ | Branch (270:7): [True: 0, False: 3] ------------------ 271| 0| throw Invalid_Argument("BigInt left shift count too large"); 272| 0| } 273| | 274| 3| const size_t sw = sig_words(); 275| 3| const size_t new_size = sw + (shift + WordInfo::bits - 1) / WordInfo::bits; 276| | 277| 3| m_data.grow_to(new_size); 278| | 279| 3| bigint_shl1(m_data.mutable_data(), new_size, sw, shift); 280| | 281| 3| return (*this); 282| 3|} _ZN5Botan6BigIntrSEm: 287| 129|BigInt& BigInt::operator>>=(size_t shift) { 288| 129| bigint_shr1(m_data.mutable_data(), m_data.size(), shift); 289| | 290| 129| if(sig_words() == 0 && m_signedness == Negative) { ------------------ | Branch (290:7): [True: 0, False: 129] | Branch (290:27): [True: 0, False: 0] ------------------ 291| 0| m_signedness = Positive; 292| 0| } 293| | 294| 129| return (*this); 295| 129|} _ZN5Botan6BigInt4add2ERKS0_PKmmNS0_4SignE: 20| 18|BigInt BigInt::add2(const BigInt& x, const word y[], size_t y_size, BigInt::Sign y_sign) { 21| 18| const size_t x_sw = x.sig_words(); 22| | 23| 18| BigInt z = BigInt::with_capacity(std::max(x_sw, y_size) + 1); 24| | 25| 18| if(x.sign() == y_sign) { ------------------ | Branch (25:7): [True: 12, False: 6] ------------------ 26| 12| const word carry = bigint_add3(z.mutable_data(), x._data(), x_sw, y, y_size); 27| 12| z.mutable_data()[std::max(x_sw, y_size)] += carry; 28| 12| z.set_sign(x.sign()); 29| 12| } else { 30| 6| const int32_t relative_size = bigint_cmp(x.data(), x_sw, y, y_size); 31| | 32| 6| if(relative_size < 0) { ------------------ | Branch (32:10): [True: 0, False: 6] ------------------ 33| | // x < y so z = abs(y - x) 34| | // NOLINTNEXTLINE(*-suspicious-call-argument) intentionally swapping x and y here 35| 0| bigint_sub3(z.mutable_data(), y, y_size, x.data(), x_sw); 36| 0| z.set_sign(y_sign); 37| 6| } else if(relative_size == 0) { ------------------ | Branch (37:17): [True: 0, False: 6] ------------------ 38| | // Positive zero (nothing to do in this case) 39| 6| } else { 40| | /* 41| | * We know at this point that x >= y so if y_size is larger than 42| | * x_sw, we are guaranteed they are just leading zeros which can 43| | * be ignored 44| | */ 45| 6| y_size = std::min(x_sw, y_size); 46| 6| bigint_sub3(z.mutable_data(), x.data(), x_sw, y, y_size); 47| 6| z.set_sign(x.sign()); 48| 6| } 49| 6| } 50| | 51| 18| return z; 52| 18|} _ZN5BotanmlERKNS_6BigIntEm: 90| 84|BigInt operator*(const BigInt& x, word y) { 91| 84| const size_t x_sw = x.sig_words(); 92| | 93| 84| BigInt z = BigInt::with_capacity(x_sw + 1); 94| | 95| 84| if(x_sw > 0 && y > 0) { ------------------ | Branch (95:7): [True: 84, False: 0] | Branch (95:19): [True: 84, False: 0] ------------------ 96| 84| bigint_linmul3(z.mutable_data(), x._data(), x_sw, y); 97| 84| z.set_sign(x.sign()); 98| 84| } 99| | 100| 84| return z; 101| 84|} _ZN5BotanlsERKNS_6BigIntEm: 188| 18|BigInt operator<<(const BigInt& x, size_t shift) { 189| 18| if(shift >= 65536) { ------------------ | Branch (189:7): [True: 0, False: 18] ------------------ 190| 0| throw Invalid_Argument("BigInt left shift count too large"); 191| 0| } 192| | 193| 18| if(x.is_zero()) { ------------------ | Branch (193:7): [True: 0, False: 18] ------------------ 194| 0| return BigInt::zero(); 195| 0| } 196| | 197| 18| const size_t x_sw = x.sig_words(); 198| | 199| 18| const size_t new_size = x_sw + shift / WordInfo::bits + 1; 200| 18| BigInt y = BigInt::with_capacity(new_size); 201| 18| bigint_shl2(y.mutable_data(), new_size, x._data(), x_sw, shift); 202| 18| y.set_sign(x.sign()); 203| 18| return y; 204| 18|} _ZN5Botan6BigIntC2Em: 20| 6.29k|BigInt::BigInt(uint64_t n) { 21| 6.29k| if constexpr(sizeof(word) == 8) { 22| 6.29k| m_data.set_word_at(0, static_cast(n)); 23| | } else { 24| | m_data.set_word_at(1, static_cast(n >> 32)); 25| | m_data.set_word_at(0, static_cast(n)); 26| | } 27| 6.29k|} _ZN5Botan6BigInt8from_u64Em: 30| 6.26k|BigInt BigInt::from_u64(uint64_t n) { 31| 6.26k| return BigInt(n); 32| 6.26k|} _ZN5Botan6BigInt13with_capacityEm: 51| 132|BigInt BigInt::with_capacity(size_t size) { 52| 132| BigInt bn; 53| 132| bn.grow_to(size); 54| 132| return bn; 55| 132|} _ZN5Botan6BigInt11from_stringENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 57| 36|BigInt BigInt::from_string(std::string_view str) { 58| 36| size_t prefix_bytes = 0; 59| 36| bool negative = false; 60| 36| size_t radix = 10; 61| | 62| 36| if(!str.empty() && str[0] == '-') { ------------------ | Branch (62:7): [True: 36, False: 0] | Branch (62:23): [True: 0, False: 36] ------------------ 63| 0| prefix_bytes += 1; 64| 0| negative = true; 65| 0| } 66| | 67| 36| if(str.length() > prefix_bytes + 2 && str[prefix_bytes] == '0' && str[prefix_bytes + 1] == 'x') { ------------------ | Branch (67:7): [True: 36, False: 0] | Branch (67:42): [True: 36, False: 0] | Branch (67:70): [True: 36, False: 0] ------------------ 68| 36| prefix_bytes += 2; 69| 36| radix = 16; 70| 36| } 71| | 72| 36| BigInt r = BigInt::from_radix_digits(str.substr(prefix_bytes), radix); 73| | 74| 36| if(negative) { ------------------ | Branch (74:7): [True: 0, False: 36] ------------------ 75| 0| r.set_sign(Negative); 76| 36| } else { 77| 36| r.set_sign(Positive); 78| 36| } 79| | 80| 36| return r; 81| 36|} _ZN5Botan6BigInt10from_bytesENSt3__14spanIKhLm18446744073709551615EEE: 83| 34.0k|BigInt BigInt::from_bytes(std::span input) { 84| 34.0k| BigInt r; 85| 34.0k| r.assign_from_bytes(input); 86| 34.0k| return r; 87| 34.0k|} _ZNK5Botan6BigInt7byte_atEm: 118| 84.5k|uint8_t BigInt::byte_at(size_t n) const { 119| 84.5k| return get_byte_var(sizeof(word) - (n % sizeof(word)) - 1, word_at(n / sizeof(word))); 120| 84.5k|} _ZNK5Botan6BigInt8cmp_wordEm: 122| 30.1k|int32_t BigInt::cmp_word(word other) const { 123| 30.1k| if(signum() < 0) { ------------------ | Branch (123:7): [True: 0, False: 30.1k] ------------------ 124| 0| return -1; // other is positive ... 125| 0| } 126| | 127| 30.1k| const size_t sw = this->sig_words(); 128| 30.1k| if(sw > 1) { ------------------ | Branch (128:7): [True: 23.8k, False: 6.33k] ------------------ 129| 23.8k| return 1; // must be larger since other is just one word ... 130| 23.8k| } 131| | 132| 6.33k| return bigint_cmp(this->_data(), sw, &other, 1); 133| 30.1k|} _ZNK5Botan6BigInt3cmpERKS0_b: 138| 23.8k|int32_t BigInt::cmp(const BigInt& other, bool check_signs) const { 139| 23.8k| if(check_signs) { ------------------ | Branch (139:7): [True: 23.8k, False: 0] ------------------ 140| 23.8k| if(other.signum() >= 0 && this->signum() < 0) { ------------------ | Branch (140:10): [True: 23.8k, False: 0] | Branch (140:33): [True: 0, False: 23.8k] ------------------ 141| 0| return -1; 142| 0| } 143| | 144| 23.8k| if(other.signum() < 0 && this->signum() >= 0) { ------------------ | Branch (144:10): [True: 0, False: 23.8k] | Branch (144:32): [True: 0, False: 0] ------------------ 145| 0| return 1; 146| 0| } 147| | 148| 23.8k| if(other.signum() < 0 && this->signum() < 0) { ------------------ | Branch (148:10): [True: 0, False: 23.8k] | Branch (148:32): [True: 0, False: 0] ------------------ 149| 0| return (-bigint_cmp(this->_data(), this->size(), other._data(), other.size())); 150| 0| } 151| 23.8k| } 152| | 153| 23.8k| return bigint_cmp(this->_data(), this->size(), other._data(), other.size()); 154| 23.8k|} _ZNK5Botan6BigInt8is_equalERKS0_: 156| 12|bool BigInt::is_equal(const BigInt& other) const { 157| 12| if(this->sign() != other.sign()) { ------------------ | Branch (157:7): [True: 0, False: 12] ------------------ 158| 0| return false; 159| 0| } 160| | 161| 12| return bigint_ct_is_eq(this->_data(), this->size(), other._data(), other.size()).as_bool(); 162| 12|} _ZNK5Botan6BigInt12is_less_thanERKS0_: 164| 6|bool BigInt::is_less_than(const BigInt& other) const { 165| 6| if(this->signum() < 0 && other.signum() >= 0) { ------------------ | Branch (165:7): [True: 0, False: 6] | Branch (165:29): [True: 0, False: 0] ------------------ 166| 0| return true; 167| 0| } 168| | 169| 6| if(this->signum() >= 0 && other.signum() < 0) { ------------------ | Branch (169:7): [True: 6, False: 0] | Branch (169:30): [True: 0, False: 6] ------------------ 170| 0| return false; 171| 0| } 172| | 173| 6| if(other.signum() < 0 && this->signum() < 0) { ------------------ | Branch (173:7): [True: 0, False: 6] | Branch (173:29): [True: 0, False: 0] ------------------ 174| 0| return bigint_ct_is_lt(other._data(), other.size(), this->_data(), this->size()).as_bool(); 175| 0| } 176| | 177| 6| return bigint_ct_is_lt(this->_data(), this->size(), other._data(), other.size()).as_bool(); 178| 6|} _ZN5Botan6BigInt4Data11set_to_zeroEv: 191| 62.1k|void BigInt::Data::set_to_zero() { 192| 62.1k| m_reg.resize(m_reg.capacity()); 193| 62.1k| clear_mem(m_reg.data(), m_reg.size()); 194| 62.1k| m_sig_words = 0; 195| 62.1k|} _ZNK5Botan6BigInt4Data14calc_sig_wordsEv: 215| 58.7k|size_t BigInt::Data::calc_sig_words() const { 216| 58.7k| const size_t sz = m_reg.size(); 217| 58.7k| size_t sig = sz; 218| | 219| 58.7k| word sub = 1; 220| | 221| 543k| for(size_t i = 0; i != sz; ++i) { ------------------ | Branch (221:22): [True: 485k, False: 58.7k] ------------------ 222| 485k| const word w = m_reg[sz - i - 1]; 223| 485k| sub &= ct_is_zero(w); 224| 485k| sig -= sub; 225| 485k| } 226| | 227| | /* 228| | * This depends on the data so is poisoned, but unpoison it here as 229| | * later conditionals are made on the size. 230| | */ 231| 58.7k| CT::unpoison(sig); 232| | 233| 58.7k| return sig; 234| 58.7k|} _ZNK5Botan6BigInt5bytesEv: 294| 26.6k|size_t BigInt::bytes() const { 295| 26.6k| return round_up(bits(), 8) / 8; 296| 26.6k|} _ZNK5Botan6BigInt13top_bits_freeEv: 298| 40.7k|size_t BigInt::top_bits_free() const { 299| 40.7k| const size_t words = sig_words(); 300| | 301| 40.7k| const word top_word = word_at(words - 1); 302| 40.7k| const size_t bits_used = high_bit(CT::value_barrier(top_word)); 303| 40.7k| CT::unpoison(bits_used); 304| 40.7k| return WordInfo::bits - bits_used; 305| 40.7k|} _ZNK5Botan6BigInt4bitsEv: 307| 47.7k|size_t BigInt::bits() const { 308| 47.7k| const size_t words = sig_words(); 309| | 310| 47.7k| if(words == 0) { ------------------ | Branch (310:7): [True: 7.04k, False: 40.7k] ------------------ 311| 7.04k| return 0; 312| 7.04k| } 313| | 314| 40.7k| const size_t full_words = (words - 1) * WordInfo::bits; 315| 40.7k| const size_t top_bits = WordInfo::bits - top_bits_free(); 316| | 317| 40.7k| return full_words + top_bits; 318| 47.7k|} _ZN5Botan6BigInt12reduce_belowERKS0_RNSt3__16vectorImNS_16secure_allocatorImEEEE: 329| 18|size_t BigInt::reduce_below(const BigInt& p, secure_vector& ws) { 330| 18| if(p.signum() < 0 || this->signum() < 0) { ------------------ | Branch (330:7): [True: 0, False: 18] | Branch (330:25): [True: 0, False: 18] ------------------ 331| 0| throw Invalid_Argument("BigInt::reduce_below both values must be positive"); 332| 0| } 333| | 334| 18| const size_t p_words = p.sig_words(); 335| | 336| 18| if(size() < p_words + 1) { ------------------ | Branch (336:7): [True: 0, False: 18] ------------------ 337| 0| grow_to(p_words + 1); 338| 0| } 339| | 340| 18| if(ws.size() < p_words + 1) { ------------------ | Branch (340:7): [True: 18, False: 0] ------------------ 341| 18| ws.resize(p_words + 1); 342| 18| } 343| | 344| 18| clear_mem(ws.data(), ws.size()); 345| | 346| 18| size_t reductions = 0; 347| | 348| 18| for(;;) { 349| 18| const word borrow = bigint_sub3(ws.data(), _data(), p_words + 1, p._data(), p_words); 350| 18| if(borrow > 0) { ------------------ | Branch (350:10): [True: 18, False: 0] ------------------ 351| 18| break; 352| 18| } 353| | 354| 0| ++reductions; 355| 0| swap_reg(ws); 356| 0| } 357| | 358| 18| return reductions; 359| 18|} _ZNK5Botan6BigInt12serialize_toENSt3__14spanIhLm18446744073709551615EEE: 395| 13.3k|void BigInt::serialize_to(std::span output) const { 396| 13.3k| BOTAN_ARG_CHECK(this->bytes() <= output.size(), "Insufficient output space"); ------------------ | | 35| 13.3k| do { \ | | 36| 13.3k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 13.3k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 13.3k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 13.3k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 13.3k] | | ------------------ ------------------ 397| | 398| 13.3k| this->binary_encode(output.data(), output.size()); 399| 13.3k|} _ZNK5Botan6BigInt13binary_encodeEPhm: 404| 13.3k|void BigInt::binary_encode(uint8_t output[], size_t len) const { 405| 13.3k| const size_t full_words = len / sizeof(word); 406| 13.3k| const size_t extra_bytes = len % sizeof(word); 407| | 408| 27.3k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (408:22): [True: 14.0k, False: 13.3k] ------------------ 409| 14.0k| const word w = word_at(i); 410| 14.0k| store_be(w, output + (len - (i + 1) * sizeof(word))); 411| 14.0k| } 412| | 413| 13.3k| if(extra_bytes > 0) { ------------------ | Branch (413:7): [True: 6.26k, False: 7.04k] ------------------ 414| 6.26k| const word w = word_at(full_words); 415| | 416| 18.7k| for(size_t i = 0; i != extra_bytes; ++i) { ------------------ | Branch (416:25): [True: 12.5k, False: 6.26k] ------------------ 417| 12.5k| output[extra_bytes - i - 1] = get_byte_var(sizeof(word) - i - 1, w); 418| 12.5k| } 419| 6.26k| } 420| 13.3k|} _ZN5Botan6BigInt17assign_from_bytesENSt3__14spanIKhLm18446744073709551615EEE: 425| 62.1k|void BigInt::assign_from_bytes(std::span bytes) { 426| 62.1k| clear(); 427| | 428| 62.1k| const size_t length = bytes.size(); 429| 62.1k| const size_t full_words = length / sizeof(word); 430| 62.1k| const size_t extra_bytes = length % sizeof(word); 431| | 432| 62.1k| secure_vector reg((round_up(full_words + (extra_bytes > 0 ? 1 : 0), 8))); ------------------ | Branch (432:52): [True: 29.9k, False: 32.2k] ------------------ 433| | 434| 233k| for(size_t i = 0; i != full_words; ++i) { ------------------ | Branch (434:22): [True: 171k, False: 62.1k] ------------------ 435| 171k| reg[i] = load_be(bytes.last()); 436| 171k| bytes = bytes.first(bytes.size() - sizeof(word)); 437| 171k| } 438| | 439| 62.1k| if(!bytes.empty()) { ------------------ | Branch (439:7): [True: 29.9k, False: 32.2k] ------------------ 440| 29.9k| BOTAN_ASSERT_NOMSG(extra_bytes == bytes.size()); ------------------ | | 77| 29.9k| do { \ | | 78| 29.9k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 29.9k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 29.9k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 29.9k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 29.9k] | | ------------------ ------------------ 441| 29.9k| std::array last_partial_word = {0}; 442| 29.9k| copy_mem(std::span{last_partial_word}.last(extra_bytes), bytes); 443| 29.9k| reg[full_words] = load_be(last_partial_word); 444| 29.9k| } 445| | 446| 62.1k| m_data.swap(reg); 447| 62.1k|} _ZNK5Botan6BigInt20_const_time_unpoisonEv: 559| 140k|void BigInt::_const_time_unpoison() const { 560| 140k| CT::unpoison(m_data.const_data(), m_data.size()); 561| 140k|} _ZN5Botan20vartime_divide_pow2kEmRKNS_6BigIntE: 232| 18|BigInt vartime_divide_pow2k(size_t k, const BigInt& y_arg) { 233| 18| constexpr size_t WB = WordInfo::bits; 234| | 235| 18| BOTAN_ARG_CHECK(y_arg.signum() != 0, "Cannot divide by zero"); ------------------ | | 35| 18| do { \ | | 36| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 18| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 18] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18] | | ------------------ ------------------ 236| 18| BOTAN_ARG_CHECK(y_arg.signum() >= 0, "Negative divisor not supported"); ------------------ | | 35| 18| do { \ | | 36| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 18| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 18] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18] | | ------------------ ------------------ 237| 18| BOTAN_ARG_CHECK(k > 1, "Invalid k"); ------------------ | | 35| 18| do { \ | | 36| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 18| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 18] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18] | | ------------------ ------------------ 238| | 239| 18| BigInt y = y_arg; 240| | 241| 18| const size_t y_words = y.sig_words(); 242| | 243| 18| BOTAN_ASSERT_NOMSG(y_words > 0); ------------------ | | 77| 18| do { \ | | 78| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 18| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 18] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 18| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 18] | | ------------------ ------------------ 244| | 245| | // Calculate shifts needed to normalize y with high bit set 246| 18| const size_t shifts = y.top_bits_free(); 247| | 248| 18| if(shifts > 0) { ------------------ | Branch (248:7): [True: 3, False: 15] ------------------ 249| 3| y <<= shifts; 250| 3| } 251| | 252| 18| BigInt r; 253| 18| r.set_bit(k + shifts); // (2^k) << shifts 254| | 255| | // we know y has not changed size, since we only shifted up to set high bit 256| 18| const size_t t = y_words - 1; 257| 18| const size_t n = std::max(y_words, r.sig_words()) - 1; 258| | 259| 18| BOTAN_ASSERT_NOMSG(n >= t); ------------------ | | 77| 18| do { \ | | 78| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 18| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 18] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 18| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 18] | | ------------------ ------------------ 260| | 261| 18| BigInt q = BigInt::zero(); 262| 18| q.grow_to(n - t + 1); 263| | 264| 18| word* q_words = q.mutable_data(); 265| | 266| 18| BigInt shifted_y = y << (WB * (n - t)); 267| | 268| | // Set q_{n-t} to number of times r > shifted_y 269| 18| secure_vector ws; 270| 18| q_words[n - t] = r.reduce_below(shifted_y, ws); 271| | 272| 18| const word y_t0 = y.word_at(t); 273| 18| const word y_t1 = y.word_at(t - 1); 274| 18| BOTAN_DEBUG_ASSERT((y_t0 >> (WB - 1)) == 1); ------------------ | | 130| 18| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 18| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 18] | | ------------------ ------------------ 275| | 276| 18| const divide_precomp div_y_t0(y_t0); 277| | 278| 147| for(size_t i = n; i != t; --i) { ------------------ | Branch (278:22): [True: 129, False: 18] ------------------ 279| 129| const word x_i0 = r.word_at(i); 280| 129| const word x_i1 = r.word_at(i - 1); 281| 129| const word x_i2 = r.word_at(i - 2); 282| | 283| 129| word qit = (x_i0 == y_t0) ? WordInfo::max : div_y_t0.vartime_div_2to1(x_i0, x_i1); ------------------ | Branch (283:18): [True: 0, False: 129] ------------------ 284| | 285| | // Per HAC 14.23, this operation is required at most twice 286| 141| for(size_t j = 0; j != 2; ++j) { ------------------ | Branch (286:25): [True: 141, False: 0] ------------------ 287| 141| if(division_check_vartime(qit, y_t0, y_t1, x_i0, x_i1, x_i2)) { ------------------ | Branch (287:13): [True: 12, False: 129] ------------------ 288| 12| BOTAN_ASSERT_NOMSG(qit > 0); ------------------ | | 77| 12| do { \ | | 78| 12| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 12| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 12] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 12| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 12] | | ------------------ ------------------ 289| 12| qit--; 290| 129| } else { 291| 129| break; 292| 129| } 293| 141| } 294| | 295| 129| shifted_y >>= WB; 296| | // Now shifted_y == y << (WB * (i-t-1)) 297| | 298| | /* 299| | * Special case qit == 0 and qit == 1 which occurs relatively often here due to a 300| | * combination of the fixed 2^k and in many cases the typical structure of 301| | * public moduli (as this function is called by Barrett_Reduction::for_public_modulus). 302| | * 303| | * Over the test suite, about 5% of loop iterations have qit == 1 and 10% have qit == 0 304| | */ 305| | 306| 129| if(qit != 0) { ------------------ | Branch (306:10): [True: 101, False: 28] ------------------ 307| 101| if(qit == 1) { ------------------ | Branch (307:13): [True: 17, False: 84] ------------------ 308| 17| r -= shifted_y; 309| 84| } else { 310| 84| r -= qit * shifted_y; 311| 84| } 312| | 313| 101| if(r.signum() < 0) { ------------------ | Branch (313:13): [True: 0, False: 101] ------------------ 314| 0| BOTAN_ASSERT_NOMSG(qit > 0); ------------------ | | 77| 0| do { \ | | 78| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 0| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 0| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 0] | | ------------------ ------------------ 315| 0| qit--; 316| 0| r += shifted_y; 317| 0| BOTAN_ASSERT_NOMSG(r.signum() >= 0); ------------------ | | 77| 0| do { \ | | 78| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 0| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 0| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 0] | | ------------------ ------------------ 318| 0| } 319| 101| } 320| | 321| 129| q_words[i - t - 1] = qit; 322| 129| } 323| | 324| 18| return q; 325| 18|} divide.cpp:_ZN5Botan12_GLOBAL__N_122division_check_vartimeEmmmmmm: 34| 141|inline bool division_check_vartime(word q, word y2, word y1, word x3, word x2, word x1) { 35| | /* 36| | Compute (y3,y2,y1) = (y2,y1) * q 37| | and return true if (y3,y2,y1) > (x3,x2,x1) 38| | */ 39| | 40| 141| word y3 = 0; 41| 141| y1 = word_madd2(q, y1, &y3); 42| 141| y2 = word_madd2(q, y2, &y3); 43| | 44| 141| if(x3 != y3) { ------------------ | Branch (44:7): [True: 62, False: 79] ------------------ 45| 62| return (y3 > x3); 46| 62| } 47| 79| if(x2 != y2) { ------------------ | Branch (47:7): [True: 57, False: 22] ------------------ 48| 57| return (y2 > x2); 49| 57| } 50| 22| return (y1 > x1); 51| 79|} _ZN5Botan17bigint_comba_sqr4EPmPKm: 17| 2.64M|void bigint_comba_sqr4(word z[8], const word x[4]) { 18| 2.64M| word3 accum; 19| | 20| 2.64M| accum.mul(x[0], x[0]); 21| 2.64M| z[0] = accum.extract(); 22| 2.64M| accum.mul_x2(x[0], x[1]); 23| 2.64M| z[1] = accum.extract(); 24| 2.64M| accum.mul_x2(x[0], x[2]); 25| 2.64M| accum.mul(x[1], x[1]); 26| 2.64M| z[2] = accum.extract(); 27| 2.64M| accum.mul_x2(x[0], x[3]); 28| 2.64M| accum.mul_x2(x[1], x[2]); 29| 2.64M| z[3] = accum.extract(); 30| 2.64M| accum.mul_x2(x[1], x[3]); 31| 2.64M| accum.mul(x[2], x[2]); 32| 2.64M| z[4] = accum.extract(); 33| 2.64M| accum.mul_x2(x[2], x[3]); 34| 2.64M| z[5] = accum.extract(); 35| 2.64M| accum.mul(x[3], x[3]); 36| 2.64M| z[6] = accum.extract(); 37| 2.64M| z[7] = accum.extract(); 38| 2.64M|} _ZN5Botan17bigint_comba_mul4EPmPKmS2_: 43| 2.39M|void bigint_comba_mul4(word z[8], const word x[4], const word y[4]) { 44| 2.39M| word3 accum; 45| | 46| 2.39M| accum.mul(x[0], y[0]); 47| 2.39M| z[0] = accum.extract(); 48| 2.39M| accum.mul(x[0], y[1]); 49| 2.39M| accum.mul(x[1], y[0]); 50| 2.39M| z[1] = accum.extract(); 51| 2.39M| accum.mul(x[0], y[2]); 52| 2.39M| accum.mul(x[1], y[1]); 53| 2.39M| accum.mul(x[2], y[0]); 54| 2.39M| z[2] = accum.extract(); 55| 2.39M| accum.mul(x[0], y[3]); 56| 2.39M| accum.mul(x[1], y[2]); 57| 2.39M| accum.mul(x[2], y[1]); 58| 2.39M| accum.mul(x[3], y[0]); 59| 2.39M| z[3] = accum.extract(); 60| 2.39M| accum.mul(x[1], y[3]); 61| 2.39M| accum.mul(x[2], y[2]); 62| 2.39M| accum.mul(x[3], y[1]); 63| 2.39M| z[4] = accum.extract(); 64| 2.39M| accum.mul(x[2], y[3]); 65| 2.39M| accum.mul(x[3], y[2]); 66| 2.39M| z[5] = accum.extract(); 67| 2.39M| accum.mul(x[3], y[3]); 68| 2.39M| z[6] = accum.extract(); 69| 2.39M| z[7] = accum.extract(); 70| 2.39M|} _ZN5Botan17bigint_comba_sqr6EPmPKm: 75| 2.28M|void bigint_comba_sqr6(word z[12], const word x[6]) { 76| 2.28M| word3 accum; 77| | 78| 2.28M| accum.mul(x[0], x[0]); 79| 2.28M| z[0] = accum.extract(); 80| 2.28M| accum.mul_x2(x[0], x[1]); 81| 2.28M| z[1] = accum.extract(); 82| 2.28M| accum.mul_x2(x[0], x[2]); 83| 2.28M| accum.mul(x[1], x[1]); 84| 2.28M| z[2] = accum.extract(); 85| 2.28M| accum.mul_x2(x[0], x[3]); 86| 2.28M| accum.mul_x2(x[1], x[2]); 87| 2.28M| z[3] = accum.extract(); 88| 2.28M| accum.mul_x2(x[0], x[4]); 89| 2.28M| accum.mul_x2(x[1], x[3]); 90| 2.28M| accum.mul(x[2], x[2]); 91| 2.28M| z[4] = accum.extract(); 92| 2.28M| accum.mul_x2(x[0], x[5]); 93| 2.28M| accum.mul_x2(x[1], x[4]); 94| 2.28M| accum.mul_x2(x[2], x[3]); 95| 2.28M| z[5] = accum.extract(); 96| 2.28M| accum.mul_x2(x[1], x[5]); 97| 2.28M| accum.mul_x2(x[2], x[4]); 98| 2.28M| accum.mul(x[3], x[3]); 99| 2.28M| z[6] = accum.extract(); 100| 2.28M| accum.mul_x2(x[2], x[5]); 101| 2.28M| accum.mul_x2(x[3], x[4]); 102| 2.28M| z[7] = accum.extract(); 103| 2.28M| accum.mul_x2(x[3], x[5]); 104| 2.28M| accum.mul(x[4], x[4]); 105| 2.28M| z[8] = accum.extract(); 106| 2.28M| accum.mul_x2(x[4], x[5]); 107| 2.28M| z[9] = accum.extract(); 108| 2.28M| accum.mul(x[5], x[5]); 109| 2.28M| z[10] = accum.extract(); 110| 2.28M| z[11] = accum.extract(); 111| 2.28M|} _ZN5Botan17bigint_comba_mul6EPmPKmS2_: 116| 2.00M|void bigint_comba_mul6(word z[12], const word x[6], const word y[6]) { 117| 2.00M| word3 accum; 118| | 119| 2.00M| accum.mul(x[0], y[0]); 120| 2.00M| z[0] = accum.extract(); 121| 2.00M| accum.mul(x[0], y[1]); 122| 2.00M| accum.mul(x[1], y[0]); 123| 2.00M| z[1] = accum.extract(); 124| 2.00M| accum.mul(x[0], y[2]); 125| 2.00M| accum.mul(x[1], y[1]); 126| 2.00M| accum.mul(x[2], y[0]); 127| 2.00M| z[2] = accum.extract(); 128| 2.00M| accum.mul(x[0], y[3]); 129| 2.00M| accum.mul(x[1], y[2]); 130| 2.00M| accum.mul(x[2], y[1]); 131| 2.00M| accum.mul(x[3], y[0]); 132| 2.00M| z[3] = accum.extract(); 133| 2.00M| accum.mul(x[0], y[4]); 134| 2.00M| accum.mul(x[1], y[3]); 135| 2.00M| accum.mul(x[2], y[2]); 136| 2.00M| accum.mul(x[3], y[1]); 137| 2.00M| accum.mul(x[4], y[0]); 138| 2.00M| z[4] = accum.extract(); 139| 2.00M| accum.mul(x[0], y[5]); 140| 2.00M| accum.mul(x[1], y[4]); 141| 2.00M| accum.mul(x[2], y[3]); 142| 2.00M| accum.mul(x[3], y[2]); 143| 2.00M| accum.mul(x[4], y[1]); 144| 2.00M| accum.mul(x[5], y[0]); 145| 2.00M| z[5] = accum.extract(); 146| 2.00M| accum.mul(x[1], y[5]); 147| 2.00M| accum.mul(x[2], y[4]); 148| 2.00M| accum.mul(x[3], y[3]); 149| 2.00M| accum.mul(x[4], y[2]); 150| 2.00M| accum.mul(x[5], y[1]); 151| 2.00M| z[6] = accum.extract(); 152| 2.00M| accum.mul(x[2], y[5]); 153| 2.00M| accum.mul(x[3], y[4]); 154| 2.00M| accum.mul(x[4], y[3]); 155| 2.00M| accum.mul(x[5], y[2]); 156| 2.00M| z[7] = accum.extract(); 157| 2.00M| accum.mul(x[3], y[5]); 158| 2.00M| accum.mul(x[4], y[4]); 159| 2.00M| accum.mul(x[5], y[3]); 160| 2.00M| z[8] = accum.extract(); 161| 2.00M| accum.mul(x[4], y[5]); 162| 2.00M| accum.mul(x[5], y[4]); 163| 2.00M| z[9] = accum.extract(); 164| 2.00M| accum.mul(x[5], y[5]); 165| 2.00M| z[10] = accum.extract(); 166| 2.00M| z[11] = accum.extract(); 167| 2.00M|} _ZN5Botan17bigint_comba_sqr7EPmPKm: 172| 26.8k|void bigint_comba_sqr7(word z[14], const word x[7]) { 173| 26.8k| word3 accum; 174| | 175| 26.8k| accum.mul(x[0], x[0]); 176| 26.8k| z[0] = accum.extract(); 177| 26.8k| accum.mul_x2(x[0], x[1]); 178| 26.8k| z[1] = accum.extract(); 179| 26.8k| accum.mul_x2(x[0], x[2]); 180| 26.8k| accum.mul(x[1], x[1]); 181| 26.8k| z[2] = accum.extract(); 182| 26.8k| accum.mul_x2(x[0], x[3]); 183| 26.8k| accum.mul_x2(x[1], x[2]); 184| 26.8k| z[3] = accum.extract(); 185| 26.8k| accum.mul_x2(x[0], x[4]); 186| 26.8k| accum.mul_x2(x[1], x[3]); 187| 26.8k| accum.mul(x[2], x[2]); 188| 26.8k| z[4] = accum.extract(); 189| 26.8k| accum.mul_x2(x[0], x[5]); 190| 26.8k| accum.mul_x2(x[1], x[4]); 191| 26.8k| accum.mul_x2(x[2], x[3]); 192| 26.8k| z[5] = accum.extract(); 193| 26.8k| accum.mul_x2(x[0], x[6]); 194| 26.8k| accum.mul_x2(x[1], x[5]); 195| 26.8k| accum.mul_x2(x[2], x[4]); 196| 26.8k| accum.mul(x[3], x[3]); 197| 26.8k| z[6] = accum.extract(); 198| 26.8k| accum.mul_x2(x[1], x[6]); 199| 26.8k| accum.mul_x2(x[2], x[5]); 200| 26.8k| accum.mul_x2(x[3], x[4]); 201| 26.8k| z[7] = accum.extract(); 202| 26.8k| accum.mul_x2(x[2], x[6]); 203| 26.8k| accum.mul_x2(x[3], x[5]); 204| 26.8k| accum.mul(x[4], x[4]); 205| 26.8k| z[8] = accum.extract(); 206| 26.8k| accum.mul_x2(x[3], x[6]); 207| 26.8k| accum.mul_x2(x[4], x[5]); 208| 26.8k| z[9] = accum.extract(); 209| 26.8k| accum.mul_x2(x[4], x[6]); 210| 26.8k| accum.mul(x[5], x[5]); 211| 26.8k| z[10] = accum.extract(); 212| 26.8k| accum.mul_x2(x[5], x[6]); 213| 26.8k| z[11] = accum.extract(); 214| 26.8k| accum.mul(x[6], x[6]); 215| 26.8k| z[12] = accum.extract(); 216| 26.8k| z[13] = accum.extract(); 217| 26.8k|} _ZN5Botan17bigint_comba_mul7EPmPKmS2_: 222| 27.0k|void bigint_comba_mul7(word z[14], const word x[7], const word y[7]) { 223| 27.0k| word3 accum; 224| | 225| 27.0k| accum.mul(x[0], y[0]); 226| 27.0k| z[0] = accum.extract(); 227| 27.0k| accum.mul(x[0], y[1]); 228| 27.0k| accum.mul(x[1], y[0]); 229| 27.0k| z[1] = accum.extract(); 230| 27.0k| accum.mul(x[0], y[2]); 231| 27.0k| accum.mul(x[1], y[1]); 232| 27.0k| accum.mul(x[2], y[0]); 233| 27.0k| z[2] = accum.extract(); 234| 27.0k| accum.mul(x[0], y[3]); 235| 27.0k| accum.mul(x[1], y[2]); 236| 27.0k| accum.mul(x[2], y[1]); 237| 27.0k| accum.mul(x[3], y[0]); 238| 27.0k| z[3] = accum.extract(); 239| 27.0k| accum.mul(x[0], y[4]); 240| 27.0k| accum.mul(x[1], y[3]); 241| 27.0k| accum.mul(x[2], y[2]); 242| 27.0k| accum.mul(x[3], y[1]); 243| 27.0k| accum.mul(x[4], y[0]); 244| 27.0k| z[4] = accum.extract(); 245| 27.0k| accum.mul(x[0], y[5]); 246| 27.0k| accum.mul(x[1], y[4]); 247| 27.0k| accum.mul(x[2], y[3]); 248| 27.0k| accum.mul(x[3], y[2]); 249| 27.0k| accum.mul(x[4], y[1]); 250| 27.0k| accum.mul(x[5], y[0]); 251| 27.0k| z[5] = accum.extract(); 252| 27.0k| accum.mul(x[0], y[6]); 253| 27.0k| accum.mul(x[1], y[5]); 254| 27.0k| accum.mul(x[2], y[4]); 255| 27.0k| accum.mul(x[3], y[3]); 256| 27.0k| accum.mul(x[4], y[2]); 257| 27.0k| accum.mul(x[5], y[1]); 258| 27.0k| accum.mul(x[6], y[0]); 259| 27.0k| z[6] = accum.extract(); 260| 27.0k| accum.mul(x[1], y[6]); 261| 27.0k| accum.mul(x[2], y[5]); 262| 27.0k| accum.mul(x[3], y[4]); 263| 27.0k| accum.mul(x[4], y[3]); 264| 27.0k| accum.mul(x[5], y[2]); 265| 27.0k| accum.mul(x[6], y[1]); 266| 27.0k| z[7] = accum.extract(); 267| 27.0k| accum.mul(x[2], y[6]); 268| 27.0k| accum.mul(x[3], y[5]); 269| 27.0k| accum.mul(x[4], y[4]); 270| 27.0k| accum.mul(x[5], y[3]); 271| 27.0k| accum.mul(x[6], y[2]); 272| 27.0k| z[8] = accum.extract(); 273| 27.0k| accum.mul(x[3], y[6]); 274| 27.0k| accum.mul(x[4], y[5]); 275| 27.0k| accum.mul(x[5], y[4]); 276| 27.0k| accum.mul(x[6], y[3]); 277| 27.0k| z[9] = accum.extract(); 278| 27.0k| accum.mul(x[4], y[6]); 279| 27.0k| accum.mul(x[5], y[5]); 280| 27.0k| accum.mul(x[6], y[4]); 281| 27.0k| z[10] = accum.extract(); 282| 27.0k| accum.mul(x[5], y[6]); 283| 27.0k| accum.mul(x[6], y[5]); 284| 27.0k| z[11] = accum.extract(); 285| 27.0k| accum.mul(x[6], y[6]); 286| 27.0k| z[12] = accum.extract(); 287| 27.0k| z[13] = accum.extract(); 288| 27.0k|} _ZN5Botan17bigint_comba_sqr8EPmPKm: 293| 1.05M|void bigint_comba_sqr8(word z[16], const word x[8]) { 294| 1.05M| word3 accum; 295| | 296| 1.05M| accum.mul(x[0], x[0]); 297| 1.05M| z[0] = accum.extract(); 298| 1.05M| accum.mul_x2(x[0], x[1]); 299| 1.05M| z[1] = accum.extract(); 300| 1.05M| accum.mul_x2(x[0], x[2]); 301| 1.05M| accum.mul(x[1], x[1]); 302| 1.05M| z[2] = accum.extract(); 303| 1.05M| accum.mul_x2(x[0], x[3]); 304| 1.05M| accum.mul_x2(x[1], x[2]); 305| 1.05M| z[3] = accum.extract(); 306| 1.05M| accum.mul_x2(x[0], x[4]); 307| 1.05M| accum.mul_x2(x[1], x[3]); 308| 1.05M| accum.mul(x[2], x[2]); 309| 1.05M| z[4] = accum.extract(); 310| 1.05M| accum.mul_x2(x[0], x[5]); 311| 1.05M| accum.mul_x2(x[1], x[4]); 312| 1.05M| accum.mul_x2(x[2], x[3]); 313| 1.05M| z[5] = accum.extract(); 314| 1.05M| accum.mul_x2(x[0], x[6]); 315| 1.05M| accum.mul_x2(x[1], x[5]); 316| 1.05M| accum.mul_x2(x[2], x[4]); 317| 1.05M| accum.mul(x[3], x[3]); 318| 1.05M| z[6] = accum.extract(); 319| 1.05M| accum.mul_x2(x[0], x[7]); 320| 1.05M| accum.mul_x2(x[1], x[6]); 321| 1.05M| accum.mul_x2(x[2], x[5]); 322| 1.05M| accum.mul_x2(x[3], x[4]); 323| 1.05M| z[7] = accum.extract(); 324| 1.05M| accum.mul_x2(x[1], x[7]); 325| 1.05M| accum.mul_x2(x[2], x[6]); 326| 1.05M| accum.mul_x2(x[3], x[5]); 327| 1.05M| accum.mul(x[4], x[4]); 328| 1.05M| z[8] = accum.extract(); 329| 1.05M| accum.mul_x2(x[2], x[7]); 330| 1.05M| accum.mul_x2(x[3], x[6]); 331| 1.05M| accum.mul_x2(x[4], x[5]); 332| 1.05M| z[9] = accum.extract(); 333| 1.05M| accum.mul_x2(x[3], x[7]); 334| 1.05M| accum.mul_x2(x[4], x[6]); 335| 1.05M| accum.mul(x[5], x[5]); 336| 1.05M| z[10] = accum.extract(); 337| 1.05M| accum.mul_x2(x[4], x[7]); 338| 1.05M| accum.mul_x2(x[5], x[6]); 339| 1.05M| z[11] = accum.extract(); 340| 1.05M| accum.mul_x2(x[5], x[7]); 341| 1.05M| accum.mul(x[6], x[6]); 342| 1.05M| z[12] = accum.extract(); 343| 1.05M| accum.mul_x2(x[6], x[7]); 344| 1.05M| z[13] = accum.extract(); 345| 1.05M| accum.mul(x[7], x[7]); 346| 1.05M| z[14] = accum.extract(); 347| 1.05M| z[15] = accum.extract(); 348| 1.05M|} _ZN5Botan17bigint_comba_mul8EPmPKmS2_: 353| 975k|void bigint_comba_mul8(word z[16], const word x[8], const word y[8]) { 354| 975k| word3 accum; 355| | 356| 975k| accum.mul(x[0], y[0]); 357| 975k| z[0] = accum.extract(); 358| 975k| accum.mul(x[0], y[1]); 359| 975k| accum.mul(x[1], y[0]); 360| 975k| z[1] = accum.extract(); 361| 975k| accum.mul(x[0], y[2]); 362| 975k| accum.mul(x[1], y[1]); 363| 975k| accum.mul(x[2], y[0]); 364| 975k| z[2] = accum.extract(); 365| 975k| accum.mul(x[0], y[3]); 366| 975k| accum.mul(x[1], y[2]); 367| 975k| accum.mul(x[2], y[1]); 368| 975k| accum.mul(x[3], y[0]); 369| 975k| z[3] = accum.extract(); 370| 975k| accum.mul(x[0], y[4]); 371| 975k| accum.mul(x[1], y[3]); 372| 975k| accum.mul(x[2], y[2]); 373| 975k| accum.mul(x[3], y[1]); 374| 975k| accum.mul(x[4], y[0]); 375| 975k| z[4] = accum.extract(); 376| 975k| accum.mul(x[0], y[5]); 377| 975k| accum.mul(x[1], y[4]); 378| 975k| accum.mul(x[2], y[3]); 379| 975k| accum.mul(x[3], y[2]); 380| 975k| accum.mul(x[4], y[1]); 381| 975k| accum.mul(x[5], y[0]); 382| 975k| z[5] = accum.extract(); 383| 975k| accum.mul(x[0], y[6]); 384| 975k| accum.mul(x[1], y[5]); 385| 975k| accum.mul(x[2], y[4]); 386| 975k| accum.mul(x[3], y[3]); 387| 975k| accum.mul(x[4], y[2]); 388| 975k| accum.mul(x[5], y[1]); 389| 975k| accum.mul(x[6], y[0]); 390| 975k| z[6] = accum.extract(); 391| 975k| accum.mul(x[0], y[7]); 392| 975k| accum.mul(x[1], y[6]); 393| 975k| accum.mul(x[2], y[5]); 394| 975k| accum.mul(x[3], y[4]); 395| 975k| accum.mul(x[4], y[3]); 396| 975k| accum.mul(x[5], y[2]); 397| 975k| accum.mul(x[6], y[1]); 398| 975k| accum.mul(x[7], y[0]); 399| 975k| z[7] = accum.extract(); 400| 975k| accum.mul(x[1], y[7]); 401| 975k| accum.mul(x[2], y[6]); 402| 975k| accum.mul(x[3], y[5]); 403| 975k| accum.mul(x[4], y[4]); 404| 975k| accum.mul(x[5], y[3]); 405| 975k| accum.mul(x[6], y[2]); 406| 975k| accum.mul(x[7], y[1]); 407| 975k| z[8] = accum.extract(); 408| 975k| accum.mul(x[2], y[7]); 409| 975k| accum.mul(x[3], y[6]); 410| 975k| accum.mul(x[4], y[5]); 411| 975k| accum.mul(x[5], y[4]); 412| 975k| accum.mul(x[6], y[3]); 413| 975k| accum.mul(x[7], y[2]); 414| 975k| z[9] = accum.extract(); 415| 975k| accum.mul(x[3], y[7]); 416| 975k| accum.mul(x[4], y[6]); 417| 975k| accum.mul(x[5], y[5]); 418| 975k| accum.mul(x[6], y[4]); 419| 975k| accum.mul(x[7], y[3]); 420| 975k| z[10] = accum.extract(); 421| 975k| accum.mul(x[4], y[7]); 422| 975k| accum.mul(x[5], y[6]); 423| 975k| accum.mul(x[6], y[5]); 424| 975k| accum.mul(x[7], y[4]); 425| 975k| z[11] = accum.extract(); 426| 975k| accum.mul(x[5], y[7]); 427| 975k| accum.mul(x[6], y[6]); 428| 975k| accum.mul(x[7], y[5]); 429| 975k| z[12] = accum.extract(); 430| 975k| accum.mul(x[6], y[7]); 431| 975k| accum.mul(x[7], y[6]); 432| 975k| z[13] = accum.extract(); 433| 975k| accum.mul(x[7], y[7]); 434| 975k| z[14] = accum.extract(); 435| 975k| z[15] = accum.extract(); 436| 975k|} _ZN5Botan17bigint_comba_sqr9EPmPKm: 441| 1.49M|void bigint_comba_sqr9(word z[18], const word x[9]) { 442| 1.49M| word3 accum; 443| | 444| 1.49M| accum.mul(x[0], x[0]); 445| 1.49M| z[0] = accum.extract(); 446| 1.49M| accum.mul_x2(x[0], x[1]); 447| 1.49M| z[1] = accum.extract(); 448| 1.49M| accum.mul_x2(x[0], x[2]); 449| 1.49M| accum.mul(x[1], x[1]); 450| 1.49M| z[2] = accum.extract(); 451| 1.49M| accum.mul_x2(x[0], x[3]); 452| 1.49M| accum.mul_x2(x[1], x[2]); 453| 1.49M| z[3] = accum.extract(); 454| 1.49M| accum.mul_x2(x[0], x[4]); 455| 1.49M| accum.mul_x2(x[1], x[3]); 456| 1.49M| accum.mul(x[2], x[2]); 457| 1.49M| z[4] = accum.extract(); 458| 1.49M| accum.mul_x2(x[0], x[5]); 459| 1.49M| accum.mul_x2(x[1], x[4]); 460| 1.49M| accum.mul_x2(x[2], x[3]); 461| 1.49M| z[5] = accum.extract(); 462| 1.49M| accum.mul_x2(x[0], x[6]); 463| 1.49M| accum.mul_x2(x[1], x[5]); 464| 1.49M| accum.mul_x2(x[2], x[4]); 465| 1.49M| accum.mul(x[3], x[3]); 466| 1.49M| z[6] = accum.extract(); 467| 1.49M| accum.mul_x2(x[0], x[7]); 468| 1.49M| accum.mul_x2(x[1], x[6]); 469| 1.49M| accum.mul_x2(x[2], x[5]); 470| 1.49M| accum.mul_x2(x[3], x[4]); 471| 1.49M| z[7] = accum.extract(); 472| 1.49M| accum.mul_x2(x[0], x[8]); 473| 1.49M| accum.mul_x2(x[1], x[7]); 474| 1.49M| accum.mul_x2(x[2], x[6]); 475| 1.49M| accum.mul_x2(x[3], x[5]); 476| 1.49M| accum.mul(x[4], x[4]); 477| 1.49M| z[8] = accum.extract(); 478| 1.49M| accum.mul_x2(x[1], x[8]); 479| 1.49M| accum.mul_x2(x[2], x[7]); 480| 1.49M| accum.mul_x2(x[3], x[6]); 481| 1.49M| accum.mul_x2(x[4], x[5]); 482| 1.49M| z[9] = accum.extract(); 483| 1.49M| accum.mul_x2(x[2], x[8]); 484| 1.49M| accum.mul_x2(x[3], x[7]); 485| 1.49M| accum.mul_x2(x[4], x[6]); 486| 1.49M| accum.mul(x[5], x[5]); 487| 1.49M| z[10] = accum.extract(); 488| 1.49M| accum.mul_x2(x[3], x[8]); 489| 1.49M| accum.mul_x2(x[4], x[7]); 490| 1.49M| accum.mul_x2(x[5], x[6]); 491| 1.49M| z[11] = accum.extract(); 492| 1.49M| accum.mul_x2(x[4], x[8]); 493| 1.49M| accum.mul_x2(x[5], x[7]); 494| 1.49M| accum.mul(x[6], x[6]); 495| 1.49M| z[12] = accum.extract(); 496| 1.49M| accum.mul_x2(x[5], x[8]); 497| 1.49M| accum.mul_x2(x[6], x[7]); 498| 1.49M| z[13] = accum.extract(); 499| 1.49M| accum.mul_x2(x[6], x[8]); 500| 1.49M| accum.mul(x[7], x[7]); 501| 1.49M| z[14] = accum.extract(); 502| 1.49M| accum.mul_x2(x[7], x[8]); 503| 1.49M| z[15] = accum.extract(); 504| 1.49M| accum.mul(x[8], x[8]); 505| 1.49M| z[16] = accum.extract(); 506| 1.49M| z[17] = accum.extract(); 507| 1.49M|} _ZN5Botan17bigint_comba_mul9EPmPKmS2_: 512| 1.22M|void bigint_comba_mul9(word z[18], const word x[9], const word y[9]) { 513| 1.22M| word3 accum; 514| | 515| 1.22M| accum.mul(x[0], y[0]); 516| 1.22M| z[0] = accum.extract(); 517| 1.22M| accum.mul(x[0], y[1]); 518| 1.22M| accum.mul(x[1], y[0]); 519| 1.22M| z[1] = accum.extract(); 520| 1.22M| accum.mul(x[0], y[2]); 521| 1.22M| accum.mul(x[1], y[1]); 522| 1.22M| accum.mul(x[2], y[0]); 523| 1.22M| z[2] = accum.extract(); 524| 1.22M| accum.mul(x[0], y[3]); 525| 1.22M| accum.mul(x[1], y[2]); 526| 1.22M| accum.mul(x[2], y[1]); 527| 1.22M| accum.mul(x[3], y[0]); 528| 1.22M| z[3] = accum.extract(); 529| 1.22M| accum.mul(x[0], y[4]); 530| 1.22M| accum.mul(x[1], y[3]); 531| 1.22M| accum.mul(x[2], y[2]); 532| 1.22M| accum.mul(x[3], y[1]); 533| 1.22M| accum.mul(x[4], y[0]); 534| 1.22M| z[4] = accum.extract(); 535| 1.22M| accum.mul(x[0], y[5]); 536| 1.22M| accum.mul(x[1], y[4]); 537| 1.22M| accum.mul(x[2], y[3]); 538| 1.22M| accum.mul(x[3], y[2]); 539| 1.22M| accum.mul(x[4], y[1]); 540| 1.22M| accum.mul(x[5], y[0]); 541| 1.22M| z[5] = accum.extract(); 542| 1.22M| accum.mul(x[0], y[6]); 543| 1.22M| accum.mul(x[1], y[5]); 544| 1.22M| accum.mul(x[2], y[4]); 545| 1.22M| accum.mul(x[3], y[3]); 546| 1.22M| accum.mul(x[4], y[2]); 547| 1.22M| accum.mul(x[5], y[1]); 548| 1.22M| accum.mul(x[6], y[0]); 549| 1.22M| z[6] = accum.extract(); 550| 1.22M| accum.mul(x[0], y[7]); 551| 1.22M| accum.mul(x[1], y[6]); 552| 1.22M| accum.mul(x[2], y[5]); 553| 1.22M| accum.mul(x[3], y[4]); 554| 1.22M| accum.mul(x[4], y[3]); 555| 1.22M| accum.mul(x[5], y[2]); 556| 1.22M| accum.mul(x[6], y[1]); 557| 1.22M| accum.mul(x[7], y[0]); 558| 1.22M| z[7] = accum.extract(); 559| 1.22M| accum.mul(x[0], y[8]); 560| 1.22M| accum.mul(x[1], y[7]); 561| 1.22M| accum.mul(x[2], y[6]); 562| 1.22M| accum.mul(x[3], y[5]); 563| 1.22M| accum.mul(x[4], y[4]); 564| 1.22M| accum.mul(x[5], y[3]); 565| 1.22M| accum.mul(x[6], y[2]); 566| 1.22M| accum.mul(x[7], y[1]); 567| 1.22M| accum.mul(x[8], y[0]); 568| 1.22M| z[8] = accum.extract(); 569| 1.22M| accum.mul(x[1], y[8]); 570| 1.22M| accum.mul(x[2], y[7]); 571| 1.22M| accum.mul(x[3], y[6]); 572| 1.22M| accum.mul(x[4], y[5]); 573| 1.22M| accum.mul(x[5], y[4]); 574| 1.22M| accum.mul(x[6], y[3]); 575| 1.22M| accum.mul(x[7], y[2]); 576| 1.22M| accum.mul(x[8], y[1]); 577| 1.22M| z[9] = accum.extract(); 578| 1.22M| accum.mul(x[2], y[8]); 579| 1.22M| accum.mul(x[3], y[7]); 580| 1.22M| accum.mul(x[4], y[6]); 581| 1.22M| accum.mul(x[5], y[5]); 582| 1.22M| accum.mul(x[6], y[4]); 583| 1.22M| accum.mul(x[7], y[3]); 584| 1.22M| accum.mul(x[8], y[2]); 585| 1.22M| z[10] = accum.extract(); 586| 1.22M| accum.mul(x[3], y[8]); 587| 1.22M| accum.mul(x[4], y[7]); 588| 1.22M| accum.mul(x[5], y[6]); 589| 1.22M| accum.mul(x[6], y[5]); 590| 1.22M| accum.mul(x[7], y[4]); 591| 1.22M| accum.mul(x[8], y[3]); 592| 1.22M| z[11] = accum.extract(); 593| 1.22M| accum.mul(x[4], y[8]); 594| 1.22M| accum.mul(x[5], y[7]); 595| 1.22M| accum.mul(x[6], y[6]); 596| 1.22M| accum.mul(x[7], y[5]); 597| 1.22M| accum.mul(x[8], y[4]); 598| 1.22M| z[12] = accum.extract(); 599| 1.22M| accum.mul(x[5], y[8]); 600| 1.22M| accum.mul(x[6], y[7]); 601| 1.22M| accum.mul(x[7], y[6]); 602| 1.22M| accum.mul(x[8], y[5]); 603| 1.22M| z[13] = accum.extract(); 604| 1.22M| accum.mul(x[6], y[8]); 605| 1.22M| accum.mul(x[7], y[7]); 606| 1.22M| accum.mul(x[8], y[6]); 607| 1.22M| z[14] = accum.extract(); 608| 1.22M| accum.mul(x[7], y[8]); 609| 1.22M| accum.mul(x[8], y[7]); 610| 1.22M| z[15] = accum.extract(); 611| 1.22M| accum.mul(x[8], y[8]); 612| 1.22M| z[16] = accum.extract(); 613| 1.22M| z[17] = accum.extract(); 614| 1.22M|} _ZN5Botan12basecase_mulEPmmPKmmS2_m: 20| 16|void basecase_mul(word z[], size_t z_size, const word x[], size_t x_size, const word y[], size_t y_size) { 21| 16| if(z_size < x_size + y_size) { ------------------ | Branch (21:7): [True: 0, False: 16] ------------------ 22| 0| throw Invalid_Argument("basecase_mul z_size too small"); 23| 0| } 24| | 25| 16| const size_t x_size_8 = x_size - (x_size % 8); 26| | 27| 16| zeroize_buffer(z, z_size); 28| | 29| 168| for(size_t i = 0; i != y_size; ++i) { ------------------ | Branch (29:22): [True: 152, False: 16] ------------------ 30| 152| const word y_i = y[i]; 31| | 32| 152| word carry = 0; 33| | 34| 304| for(size_t j = 0; j != x_size_8; j += 8) { ------------------ | Branch (34:25): [True: 152, False: 152] ------------------ 35| 152| carry = word8_madd3(z + i + j, x + j, y_i, carry); 36| 152| } 37| | 38| 456| for(size_t j = x_size_8; j != x_size; ++j) { ------------------ | Branch (38:32): [True: 304, False: 152] ------------------ 39| 304| z[i + j] = word_madd3(x[j], y_i, z[i + j], &carry); 40| 304| } 41| | 42| 152| z[x_size + i] = carry; 43| 152| } 44| 16|} _ZN5Botan10bigint_mulEPmmPKmmmS2_mmS0_m: 292| 23.9k| size_t ws_size) { 293| 23.9k| zeroize_buffer(z, z_size); 294| | 295| 23.9k| if(x_sw == 1) { ------------------ | Branch (295:7): [True: 0, False: 23.9k] ------------------ 296| 0| bigint_linmul3(z, y, y_sw, x[0]); 297| 23.9k| } else if(y_sw == 1) { ------------------ | Branch (297:14): [True: 0, False: 23.9k] ------------------ 298| 0| bigint_linmul3(z, x, x_sw, y[0]); 299| 23.9k| } else if(sized_for_comba_mul<4>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (299:14): [True: 18.4k, False: 5.52k] ------------------ 300| 18.4k| bigint_comba_mul4(z, x, y); 301| 18.4k| } else if(sized_for_comba_mul<6>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (301:14): [True: 2.98k, False: 2.53k] ------------------ 302| 2.98k| bigint_comba_mul6(z, x, y); 303| 2.98k| } else if(sized_for_comba_mul<8>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (303:14): [True: 1.13k, False: 1.39k] ------------------ 304| 1.13k| bigint_comba_mul8(z, x, y); 305| 1.39k| } else if(sized_for_comba_mul<9>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (305:14): [True: 1.38k, False: 16] ------------------ 306| 1.38k| bigint_comba_mul9(z, x, y); 307| 1.38k| } else if(sized_for_comba_mul<16>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (307:14): [True: 0, False: 16] ------------------ 308| 0| bigint_comba_mul16(z, x, y); 309| 16| } else if(sized_for_comba_mul<24>(x_sw, x_size, y_sw, y_size, z_size)) { ------------------ | Branch (309:14): [True: 0, False: 16] ------------------ 310| 0| bigint_comba_mul24(z, x, y); 311| 16| } else if(x_sw < KARATSUBA_MULTIPLY_THRESHOLD || y_sw < KARATSUBA_MULTIPLY_THRESHOLD || workspace == nullptr) { ------------------ | Branch (311:14): [True: 16, False: 0] | Branch (311:53): [True: 0, False: 0] | Branch (311:92): [True: 0, False: 0] ------------------ 312| 16| basecase_mul(z, z_size, x, x_sw, y, y_sw); 313| 16| } else { 314| 0| const size_t N = karatsuba_size(z_size, x_size, x_sw, y_size, y_sw); 315| | 316| 0| if(N > 0 && z_size >= 2 * N && ws_size >= 2 * N) { ------------------ | Branch (316:10): [True: 0, False: 0] | Branch (316:19): [True: 0, False: 0] | Branch (316:38): [True: 0, False: 0] ------------------ 317| 0| karatsuba_mul(z, x, y, N, workspace); 318| 0| } else { 319| 0| basecase_mul(z, z_size, x, x_sw, y, y_sw); 320| 0| } 321| 0| } 322| 23.9k|} _ZN5Botan10bigint_sqrEPmmPKmmmS0_m: 327| 18|void bigint_sqr(word z[], size_t z_size, const word x[], size_t x_size, size_t x_sw, word workspace[], size_t ws_size) { 328| 18| zeroize_buffer(z, z_size); 329| | 330| 18| BOTAN_ASSERT(z_size / 2 >= x_sw, "Output size is sufficient"); ------------------ | | 64| 18| do { \ | | 65| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 18| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 18] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 18| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 18] | | ------------------ ------------------ 331| | 332| 18| if(x_sw == 1) { ------------------ | Branch (332:7): [True: 0, False: 18] ------------------ 333| 0| bigint_linmul3(z, x, x_sw, x[0]); 334| 18| } else if(sized_for_comba_sqr<4>(x_sw, x_size, z_size)) { ------------------ | Branch (334:14): [True: 6, False: 12] ------------------ 335| 6| bigint_comba_sqr4(z, x); 336| 12| } else if(sized_for_comba_sqr<6>(x_sw, x_size, z_size)) { ------------------ | Branch (336:14): [True: 6, False: 6] ------------------ 337| 6| bigint_comba_sqr6(z, x); 338| 6| } else if(sized_for_comba_sqr<8>(x_sw, x_size, z_size)) { ------------------ | Branch (338:14): [True: 3, False: 3] ------------------ 339| 3| bigint_comba_sqr8(z, x); 340| 3| } else if(sized_for_comba_sqr<9>(x_sw, x_size, z_size)) { ------------------ | Branch (340:14): [True: 3, False: 0] ------------------ 341| 3| bigint_comba_sqr9(z, x); 342| 3| } else if(sized_for_comba_sqr<16>(x_sw, x_size, z_size)) { ------------------ | Branch (342:14): [True: 0, False: 0] ------------------ 343| 0| bigint_comba_sqr16(z, x); 344| 0| } else if(sized_for_comba_sqr<24>(x_sw, x_size, z_size)) { ------------------ | Branch (344:14): [True: 0, False: 0] ------------------ 345| 0| bigint_comba_sqr24(z, x); 346| 0| } else if(x_size < KARATSUBA_SQUARE_THRESHOLD || workspace == nullptr) { ------------------ | Branch (346:14): [True: 0, False: 0] | Branch (346:53): [True: 0, False: 0] ------------------ 347| 0| basecase_sqr(z, z_size, x, x_sw); 348| 0| } else { 349| 0| const size_t N = karatsuba_size(z_size, x_size, x_sw); 350| | 351| 0| if(N > 0 && z_size >= 2 * N && ws_size >= 2 * N) { ------------------ | Branch (351:10): [True: 0, False: 0] | Branch (351:19): [True: 0, False: 0] | Branch (351:38): [True: 0, False: 0] ------------------ 352| 0| karatsuba_sqr(z, x, N, workspace); 353| 0| } else { 354| 0| basecase_sqr(z, z_size, x, x_sw); 355| 0| } 356| 0| } 357| 18|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm4EEEbmmmmm: 272| 23.9k|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 23.9k| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 18.4k, False: 5.52k] | Branch (273:26): [True: 18.4k, False: 0] | Branch (273:42): [True: 18.4k, False: 0] | Branch (273:56): [True: 18.4k, False: 0] | Branch (273:72): [True: 18.4k, False: 0] ------------------ 274| 23.9k|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm6EEEbmmmmm: 272| 5.52k|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 5.52k| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 2.98k, False: 2.53k] | Branch (273:26): [True: 2.98k, False: 0] | Branch (273:42): [True: 2.98k, False: 0] | Branch (273:56): [True: 2.98k, False: 0] | Branch (273:72): [True: 2.98k, False: 0] ------------------ 274| 5.52k|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm8EEEbmmmmm: 272| 2.53k|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 2.53k| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 1.13k, False: 1.39k] | Branch (273:26): [True: 1.13k, False: 0] | Branch (273:42): [True: 1.13k, False: 0] | Branch (273:56): [True: 1.13k, False: 0] | Branch (273:72): [True: 1.13k, False: 0] ------------------ 274| 2.53k|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm9EEEbmmmmm: 272| 1.39k|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 1.39k| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 1.38k, False: 16] | Branch (273:26): [True: 1.38k, False: 0] | Branch (273:42): [True: 1.38k, False: 0] | Branch (273:56): [True: 1.38k, False: 0] | Branch (273:72): [True: 1.38k, False: 0] ------------------ 274| 1.39k|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm16EEEbmmmmm: 272| 16|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 16| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 16, False: 0] | Branch (273:26): [True: 8, False: 8] | Branch (273:42): [True: 8, False: 0] | Branch (273:56): [True: 8, False: 0] | Branch (273:72): [True: 0, False: 8] ------------------ 274| 16|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_mulILm24EEEbmmmmm: 272| 16|inline bool sized_for_comba_mul(size_t x_sw, size_t x_size, size_t y_sw, size_t y_size, size_t z_size) { 273| 16| return (x_sw <= SZ && x_size >= SZ && y_sw <= SZ && y_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (273:12): [True: 16, False: 0] | Branch (273:26): [True: 0, False: 16] | Branch (273:42): [True: 0, False: 0] | Branch (273:56): [True: 0, False: 0] | Branch (273:72): [True: 0, False: 0] ------------------ 274| 16|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_sqrILm4EEEbmmm: 277| 18|inline bool sized_for_comba_sqr(size_t x_sw, size_t x_size, size_t z_size) { 278| 18| return (x_sw <= SZ && x_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (278:12): [True: 6, False: 12] | Branch (278:26): [True: 6, False: 0] | Branch (278:42): [True: 6, False: 0] ------------------ 279| 18|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_sqrILm6EEEbmmm: 277| 12|inline bool sized_for_comba_sqr(size_t x_sw, size_t x_size, size_t z_size) { 278| 12| return (x_sw <= SZ && x_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (278:12): [True: 6, False: 6] | Branch (278:26): [True: 6, False: 0] | Branch (278:42): [True: 6, False: 0] ------------------ 279| 12|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_sqrILm8EEEbmmm: 277| 6|inline bool sized_for_comba_sqr(size_t x_sw, size_t x_size, size_t z_size) { 278| 6| return (x_sw <= SZ && x_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (278:12): [True: 3, False: 3] | Branch (278:26): [True: 3, False: 0] | Branch (278:42): [True: 3, False: 0] ------------------ 279| 6|} mp_karat.cpp:_ZN5Botan12_GLOBAL__N_119sized_for_comba_sqrILm9EEEbmmm: 277| 3|inline bool sized_for_comba_sqr(size_t x_sw, size_t x_size, size_t z_size) { 278| 3| return (x_sw <= SZ && x_size >= SZ && z_size >= 2 * SZ); ------------------ | Branch (278:12): [True: 3, False: 0] | Branch (278:26): [True: 3, False: 0] | Branch (278:42): [True: 3, False: 0] ------------------ 279| 3|} _ZN5Botan25bigint_monty_redc_genericEPmPKmmS2_mmS0_: 91| 1.36k| word r[], const word z[], size_t z_size, const word p[], size_t p_size, word p_dash, word ws[]) { 92| 1.36k| BOTAN_ARG_CHECK(z_size >= 2 * p_size && p_size > 0, "Invalid sizes for bigint_monty_redc_generic"); ------------------ | | 35| 1.36k| do { \ | | 36| 1.36k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 2.72k| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 1.36k, False: 0] | | | Branch (37:12): [True: 1.36k, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 1.36k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 1.36k] | | ------------------ ------------------ 93| | 94| 1.36k| word3 accum; 95| | 96| 1.36k| accum.add(z[0]); 97| | 98| 1.36k| ws[0] = accum.monty_step(p[0], p_dash); 99| | 100| 12.2k| for(size_t i = 1; i != p_size; ++i) { ------------------ | Branch (100:22): [True: 10.9k, False: 1.36k] ------------------ 101| 10.9k| mul_rev_range(accum, ws, p, i); 102| 10.9k| accum.add(z[i]); 103| 10.9k| ws[i] = accum.monty_step(p[0], p_dash); 104| 10.9k| } 105| | 106| 12.2k| for(size_t i = 0; i != p_size - 1; ++i) { ------------------ | Branch (106:22): [True: 10.9k, False: 1.36k] ------------------ 107| 10.9k| mul_rev_range(accum, &ws[i + 1], &p[i], p_size - (i + 1)); 108| 10.9k| accum.add(z[p_size + i]); 109| 10.9k| ws[i] = accum.extract(); 110| 10.9k| } 111| | 112| 1.36k| accum.add(z[2 * p_size - 1]); 113| | 114| 1.36k| ws[p_size - 1] = accum.extract(); 115| | // w1 is the final part, which is not stored in the workspace 116| 1.36k| const word w1 = accum.extract(); 117| | 118| | /* 119| | * The result might need to be reduced mod p. To avoid a timing 120| | * channel, always perform the subtraction. If in the computation 121| | * of x - p a borrow is required then x was already < p. 122| | * 123| | * x starts at ws[0] and is p_size bytes long plus a possible high 124| | * digit left over in w1. 125| | * 126| | * x - p starts at z[0] and is also p_size bytes long 127| | * 128| | * If borrow was set after the subtraction, then x was already less 129| | * than p and the subtraction was not needed. In that case overwrite 130| | * z[0:p_size] with the original x in ws[0:p_size]. 131| | * 132| | * We only copy out p_size in the final step because we know 133| | * the Montgomery result is < P 134| | */ 135| | 136| 1.36k| bigint_monty_maybe_sub(p_size, r, w1, ws, p); 137| 1.36k|} mp_monty.cpp:_ZN5Botan12_GLOBAL__N_113mul_rev_rangeERNS_5word3ImEEPKmS5_m: 18| 21.8k|BOTAN_FORCE_INLINE void mul_rev_range(word3& accum, const word ws[], const word p[], size_t bound) { 19| | /* 20| | Unrolled version of: 21| | 22| | for(size_t i = 0; i < bound; ++i) { 23| | accum.mul(ws[i], p[bound - i]); 24| | } 25| | */ 26| | 27| 21.8k| size_t lower = 0; 28| 57.2k| while(lower < bound) { ------------------ | Branch (28:10): [True: 35.4k, False: 21.8k] ------------------ 29| 35.4k| const size_t upper = bound - lower; 30| | 31| 35.4k| if(upper >= 16) { ------------------ | Branch (31:10): [True: 0, False: 35.4k] ------------------ 32| 0| accum.mul(ws[lower], p[upper]); 33| 0| accum.mul(ws[lower + 1], p[upper - 1]); 34| 0| accum.mul(ws[lower + 2], p[upper - 2]); 35| 0| accum.mul(ws[lower + 3], p[upper - 3]); 36| 0| accum.mul(ws[lower + 4], p[upper - 4]); 37| 0| accum.mul(ws[lower + 5], p[upper - 5]); 38| 0| accum.mul(ws[lower + 6], p[upper - 6]); 39| 0| accum.mul(ws[lower + 7], p[upper - 7]); 40| 0| accum.mul(ws[lower + 8], p[upper - 8]); 41| 0| accum.mul(ws[lower + 9], p[upper - 9]); 42| 0| accum.mul(ws[lower + 10], p[upper - 10]); 43| 0| accum.mul(ws[lower + 11], p[upper - 11]); 44| 0| accum.mul(ws[lower + 12], p[upper - 12]); 45| 0| accum.mul(ws[lower + 13], p[upper - 13]); 46| 0| accum.mul(ws[lower + 14], p[upper - 14]); 47| 0| accum.mul(ws[lower + 15], p[upper - 15]); 48| 0| lower += 16; 49| 35.4k| } else if(upper >= 8) { ------------------ | Branch (49:17): [True: 2.72k, False: 32.7k] ------------------ 50| 2.72k| accum.mul(ws[lower], p[upper]); 51| 2.72k| accum.mul(ws[lower + 1], p[upper - 1]); 52| 2.72k| accum.mul(ws[lower + 2], p[upper - 2]); 53| 2.72k| accum.mul(ws[lower + 3], p[upper - 3]); 54| 2.72k| accum.mul(ws[lower + 4], p[upper - 4]); 55| 2.72k| accum.mul(ws[lower + 5], p[upper - 5]); 56| 2.72k| accum.mul(ws[lower + 6], p[upper - 6]); 57| 2.72k| accum.mul(ws[lower + 7], p[upper - 7]); 58| 2.72k| lower += 8; 59| 32.7k| } else if(upper >= 4) { ------------------ | Branch (59:17): [True: 10.9k, False: 21.8k] ------------------ 60| 10.9k| accum.mul(ws[lower], p[upper]); 61| 10.9k| accum.mul(ws[lower + 1], p[upper - 1]); 62| 10.9k| accum.mul(ws[lower + 2], p[upper - 2]); 63| 10.9k| accum.mul(ws[lower + 3], p[upper - 3]); 64| 10.9k| lower += 4; 65| 21.8k| } else if(upper >= 2) { ------------------ | Branch (65:17): [True: 10.9k, False: 10.9k] ------------------ 66| 10.9k| accum.mul(ws[lower], p[upper]); 67| 10.9k| accum.mul(ws[lower + 1], p[upper - 1]); 68| 10.9k| lower += 2; 69| 10.9k| } else { 70| 10.9k| accum.mul(ws[lower], p[upper]); 71| 10.9k| lower += 1; 72| 10.9k| } 73| 35.4k| } 74| 21.8k|} _ZN5Botan19bigint_monty_redc_4EPmPKmS2_mS0_: 12| 3.10M|void bigint_monty_redc_4(word r[4], const word z[8], const word p[4], word p_dash, word ws[4]) { 13| 3.10M| word3 accum; 14| 3.10M| accum.add(z[0]); 15| 3.10M| ws[0] = accum.monty_step(p[0], p_dash); 16| 3.10M| accum.mul(ws[0], p[1]); 17| 3.10M| accum.add(z[1]); 18| 3.10M| ws[1] = accum.monty_step(p[0], p_dash); 19| 3.10M| accum.mul(ws[0], p[2]); 20| 3.10M| accum.mul(ws[1], p[1]); 21| 3.10M| accum.add(z[2]); 22| 3.10M| ws[2] = accum.monty_step(p[0], p_dash); 23| 3.10M| accum.mul(ws[0], p[3]); 24| 3.10M| accum.mul(ws[1], p[2]); 25| 3.10M| accum.mul(ws[2], p[1]); 26| 3.10M| accum.add(z[3]); 27| 3.10M| ws[3] = accum.monty_step(p[0], p_dash); 28| 3.10M| accum.mul(ws[1], p[3]); 29| 3.10M| accum.mul(ws[2], p[2]); 30| 3.10M| accum.mul(ws[3], p[1]); 31| 3.10M| accum.add(z[4]); 32| 3.10M| ws[0] = accum.extract(); 33| 3.10M| accum.mul(ws[2], p[3]); 34| 3.10M| accum.mul(ws[3], p[2]); 35| 3.10M| accum.add(z[5]); 36| 3.10M| ws[1] = accum.extract(); 37| 3.10M| accum.mul(ws[3], p[3]); 38| 3.10M| accum.add(z[6]); 39| 3.10M| ws[2] = accum.extract(); 40| 3.10M| accum.add(z[7]); 41| 3.10M| ws[3] = accum.extract(); 42| 3.10M| const word w1 = accum.extract(); 43| 3.10M| bigint_monty_maybe_sub<4>(r, w1, ws, p); 44| 3.10M|} _ZN5Botan19bigint_monty_redc_6EPmPKmS2_mS0_: 46| 1.88M|void bigint_monty_redc_6(word r[6], const word z[12], const word p[6], word p_dash, word ws[6]) { 47| 1.88M| word3 accum; 48| 1.88M| accum.add(z[0]); 49| 1.88M| ws[0] = accum.monty_step(p[0], p_dash); 50| 1.88M| accum.mul(ws[0], p[1]); 51| 1.88M| accum.add(z[1]); 52| 1.88M| ws[1] = accum.monty_step(p[0], p_dash); 53| 1.88M| accum.mul(ws[0], p[2]); 54| 1.88M| accum.mul(ws[1], p[1]); 55| 1.88M| accum.add(z[2]); 56| 1.88M| ws[2] = accum.monty_step(p[0], p_dash); 57| 1.88M| accum.mul(ws[0], p[3]); 58| 1.88M| accum.mul(ws[1], p[2]); 59| 1.88M| accum.mul(ws[2], p[1]); 60| 1.88M| accum.add(z[3]); 61| 1.88M| ws[3] = accum.monty_step(p[0], p_dash); 62| 1.88M| accum.mul(ws[0], p[4]); 63| 1.88M| accum.mul(ws[1], p[3]); 64| 1.88M| accum.mul(ws[2], p[2]); 65| 1.88M| accum.mul(ws[3], p[1]); 66| 1.88M| accum.add(z[4]); 67| 1.88M| ws[4] = accum.monty_step(p[0], p_dash); 68| 1.88M| accum.mul(ws[0], p[5]); 69| 1.88M| accum.mul(ws[1], p[4]); 70| 1.88M| accum.mul(ws[2], p[3]); 71| 1.88M| accum.mul(ws[3], p[2]); 72| 1.88M| accum.mul(ws[4], p[1]); 73| 1.88M| accum.add(z[5]); 74| 1.88M| ws[5] = accum.monty_step(p[0], p_dash); 75| 1.88M| accum.mul(ws[1], p[5]); 76| 1.88M| accum.mul(ws[2], p[4]); 77| 1.88M| accum.mul(ws[3], p[3]); 78| 1.88M| accum.mul(ws[4], p[2]); 79| 1.88M| accum.mul(ws[5], p[1]); 80| 1.88M| accum.add(z[6]); 81| 1.88M| ws[0] = accum.extract(); 82| 1.88M| accum.mul(ws[2], p[5]); 83| 1.88M| accum.mul(ws[3], p[4]); 84| 1.88M| accum.mul(ws[4], p[3]); 85| 1.88M| accum.mul(ws[5], p[2]); 86| 1.88M| accum.add(z[7]); 87| 1.88M| ws[1] = accum.extract(); 88| 1.88M| accum.mul(ws[3], p[5]); 89| 1.88M| accum.mul(ws[4], p[4]); 90| 1.88M| accum.mul(ws[5], p[3]); 91| 1.88M| accum.add(z[8]); 92| 1.88M| ws[2] = accum.extract(); 93| 1.88M| accum.mul(ws[4], p[5]); 94| 1.88M| accum.mul(ws[5], p[4]); 95| 1.88M| accum.add(z[9]); 96| 1.88M| ws[3] = accum.extract(); 97| 1.88M| accum.mul(ws[5], p[5]); 98| 1.88M| accum.add(z[10]); 99| 1.88M| ws[4] = accum.extract(); 100| 1.88M| accum.add(z[11]); 101| 1.88M| ws[5] = accum.extract(); 102| 1.88M| const word w1 = accum.extract(); 103| 1.88M| bigint_monty_maybe_sub<6>(r, w1, ws, p); 104| 1.88M|} _ZN5Botan19bigint_monty_redc_8EPmPKmS2_mS0_: 106| 2.03M|void bigint_monty_redc_8(word r[8], const word z[16], const word p[8], word p_dash, word ws[8]) { 107| 2.03M| word3 accum; 108| 2.03M| accum.add(z[0]); 109| 2.03M| ws[0] = accum.monty_step(p[0], p_dash); 110| 2.03M| accum.mul(ws[0], p[1]); 111| 2.03M| accum.add(z[1]); 112| 2.03M| ws[1] = accum.monty_step(p[0], p_dash); 113| 2.03M| accum.mul(ws[0], p[2]); 114| 2.03M| accum.mul(ws[1], p[1]); 115| 2.03M| accum.add(z[2]); 116| 2.03M| ws[2] = accum.monty_step(p[0], p_dash); 117| 2.03M| accum.mul(ws[0], p[3]); 118| 2.03M| accum.mul(ws[1], p[2]); 119| 2.03M| accum.mul(ws[2], p[1]); 120| 2.03M| accum.add(z[3]); 121| 2.03M| ws[3] = accum.monty_step(p[0], p_dash); 122| 2.03M| accum.mul(ws[0], p[4]); 123| 2.03M| accum.mul(ws[1], p[3]); 124| 2.03M| accum.mul(ws[2], p[2]); 125| 2.03M| accum.mul(ws[3], p[1]); 126| 2.03M| accum.add(z[4]); 127| 2.03M| ws[4] = accum.monty_step(p[0], p_dash); 128| 2.03M| accum.mul(ws[0], p[5]); 129| 2.03M| accum.mul(ws[1], p[4]); 130| 2.03M| accum.mul(ws[2], p[3]); 131| 2.03M| accum.mul(ws[3], p[2]); 132| 2.03M| accum.mul(ws[4], p[1]); 133| 2.03M| accum.add(z[5]); 134| 2.03M| ws[5] = accum.monty_step(p[0], p_dash); 135| 2.03M| accum.mul(ws[0], p[6]); 136| 2.03M| accum.mul(ws[1], p[5]); 137| 2.03M| accum.mul(ws[2], p[4]); 138| 2.03M| accum.mul(ws[3], p[3]); 139| 2.03M| accum.mul(ws[4], p[2]); 140| 2.03M| accum.mul(ws[5], p[1]); 141| 2.03M| accum.add(z[6]); 142| 2.03M| ws[6] = accum.monty_step(p[0], p_dash); 143| 2.03M| accum.mul(ws[0], p[7]); 144| 2.03M| accum.mul(ws[1], p[6]); 145| 2.03M| accum.mul(ws[2], p[5]); 146| 2.03M| accum.mul(ws[3], p[4]); 147| 2.03M| accum.mul(ws[4], p[3]); 148| 2.03M| accum.mul(ws[5], p[2]); 149| 2.03M| accum.mul(ws[6], p[1]); 150| 2.03M| accum.add(z[7]); 151| 2.03M| ws[7] = accum.monty_step(p[0], p_dash); 152| 2.03M| accum.mul(ws[1], p[7]); 153| 2.03M| accum.mul(ws[2], p[6]); 154| 2.03M| accum.mul(ws[3], p[5]); 155| 2.03M| accum.mul(ws[4], p[4]); 156| 2.03M| accum.mul(ws[5], p[3]); 157| 2.03M| accum.mul(ws[6], p[2]); 158| 2.03M| accum.mul(ws[7], p[1]); 159| 2.03M| accum.add(z[8]); 160| 2.03M| ws[0] = accum.extract(); 161| 2.03M| accum.mul(ws[2], p[7]); 162| 2.03M| accum.mul(ws[3], p[6]); 163| 2.03M| accum.mul(ws[4], p[5]); 164| 2.03M| accum.mul(ws[5], p[4]); 165| 2.03M| accum.mul(ws[6], p[3]); 166| 2.03M| accum.mul(ws[7], p[2]); 167| 2.03M| accum.add(z[9]); 168| 2.03M| ws[1] = accum.extract(); 169| 2.03M| accum.mul(ws[3], p[7]); 170| 2.03M| accum.mul(ws[4], p[6]); 171| 2.03M| accum.mul(ws[5], p[5]); 172| 2.03M| accum.mul(ws[6], p[4]); 173| 2.03M| accum.mul(ws[7], p[3]); 174| 2.03M| accum.add(z[10]); 175| 2.03M| ws[2] = accum.extract(); 176| 2.03M| accum.mul(ws[4], p[7]); 177| 2.03M| accum.mul(ws[5], p[6]); 178| 2.03M| accum.mul(ws[6], p[5]); 179| 2.03M| accum.mul(ws[7], p[4]); 180| 2.03M| accum.add(z[11]); 181| 2.03M| ws[3] = accum.extract(); 182| 2.03M| accum.mul(ws[5], p[7]); 183| 2.03M| accum.mul(ws[6], p[6]); 184| 2.03M| accum.mul(ws[7], p[5]); 185| 2.03M| accum.add(z[12]); 186| 2.03M| ws[4] = accum.extract(); 187| 2.03M| accum.mul(ws[6], p[7]); 188| 2.03M| accum.mul(ws[7], p[6]); 189| 2.03M| accum.add(z[13]); 190| 2.03M| ws[5] = accum.extract(); 191| 2.03M| accum.mul(ws[7], p[7]); 192| 2.03M| accum.add(z[14]); 193| 2.03M| ws[6] = accum.extract(); 194| 2.03M| accum.add(z[15]); 195| 2.03M| ws[7] = accum.extract(); 196| 2.03M| const word w1 = accum.extract(); 197| 2.03M| bigint_monty_maybe_sub<8>(r, w1, ws, p); 198| 2.03M|} _ZN5Botan17Barrett_ReductionC2ERKNS_6BigIntES1_m: 17| 18| m_modulus(m), m_mu(std::move(mu)), m_mod_words(mw), m_modulus_bits(m.bits()) { 18| | // Give some extra space for Karatsuba 19| 18| m_modulus.grow_to(m_mod_words + 8); 20| 18| m_mu.grow_to(m_mod_words + 8); 21| 18|} _ZN5Botan17Barrett_Reduction18for_public_modulusERKNS_6BigIntE: 33| 18|Barrett_Reduction Barrett_Reduction::for_public_modulus(const BigInt& mod) { 34| 18| BOTAN_ARG_CHECK(mod.signum() > 0, "Modulus must be positive"); ------------------ | | 35| 18| do { \ | | 36| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 18| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 18] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18] | | ------------------ ------------------ 35| | 36| 18| const size_t mod_words = mod.sig_words(); 37| | 38| | // Compute mu = floor(2^{2k} / m) 39| 18| const size_t mu_bits = 2 * WordInfo::bits * mod_words; 40| 18| return Barrett_Reduction(mod, vartime_divide_pow2k(mu_bits, mod), mod_words); 41| 18|} _ZNK5Botan17Barrett_Reduction8multiplyERKNS_6BigIntES3_: 159| 18|BigInt Barrett_Reduction::multiply(const BigInt& x, const BigInt& y) const { 160| 18| BOTAN_ARG_CHECK(acceptable_barrett_input(x, m_modulus).as_bool(), "Invalid x param for Barrett multiply"); ------------------ | | 35| 18| do { \ | | 36| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 18| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 18] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18] | | ------------------ ------------------ 161| 18| BOTAN_ARG_CHECK(acceptable_barrett_input(y, m_modulus).as_bool(), "Invalid y param for Barrett multiply"); ------------------ | | 35| 18| do { \ | | 36| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 18| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 18] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18] | | ------------------ ------------------ 162| | 163| 18| secure_vector ws(2 * (m_mod_words + 2)); 164| 18| secure_vector xy(2 * m_mod_words); 165| | 166| 18| bigint_mul(xy.data(), 167| 18| xy.size(), 168| 18| x._data(), 169| 18| x.size(), 170| 18| std::min(x.size(), m_mod_words), 171| 18| y._data(), 172| 18| y.size(), 173| 18| std::min(y.size(), m_mod_words), 174| 18| ws.data(), 175| 18| ws.size()); 176| | 177| 18| return barrett_reduce(m_mod_words, m_modulus, m_mu, xy, ws); 178| 18|} _ZNK5Botan17Barrett_Reduction6squareERKNS_6BigIntE: 180| 18|BigInt Barrett_Reduction::square(const BigInt& x) const { 181| 18| BOTAN_ARG_CHECK(acceptable_barrett_input(x, m_modulus).as_bool(), "Invalid x param for Barrett square"); ------------------ | | 35| 18| do { \ | | 36| 18| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 18| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 18] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 18| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 18] | | ------------------ ------------------ 182| | 183| 18| secure_vector ws(2 * (m_mod_words + 2)); 184| 18| secure_vector x2(2 * m_mod_words); 185| | 186| 18| bigint_sqr(x2.data(), x2.size(), x._data(), x.size(), std::min(x.size(), m_mod_words), ws.data(), ws.size()); 187| | 188| 18| return barrett_reduce(m_mod_words, m_modulus, m_mu, x2, ws); 189| 18|} _ZNK5Botan17Barrett_Reduction6reduceERKNS_6BigIntE: 191| 12|BigInt Barrett_Reduction::reduce(const BigInt& x) const { 192| 12| BOTAN_ARG_CHECK(x.signum() >= 0, "Argument must be non-negative"); ------------------ | | 35| 12| do { \ | | 36| 12| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 12| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 12] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 12| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 12] | | ------------------ ------------------ 193| | 194| 12| const size_t x_sw = x.sig_words(); 195| 12| BOTAN_ARG_CHECK(x_sw <= 2 * m_mod_words, "Argument is too large for Barrett reduction"); ------------------ | | 35| 12| do { \ | | 36| 12| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 12| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 12] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 12| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 12] | | ------------------ ------------------ 196| | 197| 12| x.grow_to(2 * m_mod_words); 198| | 199| 12| secure_vector ws; 200| 12| return barrett_reduce(m_mod_words, m_modulus, m_mu, x._as_span(), ws); 201| 12|} barrett.cpp:_ZN5Botan12_GLOBAL__N_124acceptable_barrett_inputERKNS_6BigIntES3_: 151| 54|CT::Choice acceptable_barrett_input(const BigInt& x, const BigInt& modulus) { 152| 54| auto x_is_positive = CT::Choice::from_int(static_cast(x.signum() >= 0)); 153| 54| auto x_lt_mod = bigint_ct_is_lt(x._data(), x.size(), modulus._data(), modulus.sig_words()).as_choice(); 154| 54| return x_is_positive && x_lt_mod; 155| 54|} barrett.cpp:_ZN5Botan12_GLOBAL__N_114barrett_reduceEmRKNS_6BigIntES3_NSt3__14spanIKmLm18446744073709551615EEERNS4_6vectorImNS_16secure_allocatorImEEEE: 54| 48| size_t mod_words, const BigInt& modulus, const BigInt& mu, std::span x_words, secure_vector& ws) { 55| 48| BOTAN_ASSERT_NOMSG(modulus.sig_words() == mod_words); ------------------ | | 77| 48| do { \ | | 78| 48| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 48| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 48] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 48| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 48] | | ------------------ ------------------ 56| | 57| | // Caller must expand input to be at least this size 58| 48| BOTAN_ASSERT_NOMSG(x_words.size() >= 2 * mod_words); ------------------ | | 77| 48| do { \ | | 78| 48| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 48| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 48] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 48| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 48] | | ------------------ ------------------ 59| | 60| | // Normally mod_words + 1 but can be + 2 if the modulus is a power of 2 61| 48| const size_t mu_words = mu.sig_words(); 62| 48| BOTAN_ASSERT_NOMSG(mu_words <= mod_words + 2); ------------------ | | 77| 48| do { \ | | 78| 48| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 48| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 48] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 48| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 48] | | ------------------ ------------------ 63| | 64| 48| if(ws.size() < 2 * (mod_words + 2)) { ------------------ | Branch (64:7): [True: 12, False: 36] ------------------ 65| 12| ws.resize(2 * (mod_words + 2)); 66| 12| } 67| | 68| 48| CT::poison(x_words); 69| | 70| | /* 71| | * Following the notation of Handbook of Applied Cryptography 72| | * Algorithm 14.42 "Barrett modular reduction", page 604 73| | * 74| | * 75| | * Using `mu` for μ in the code 76| | */ 77| | 78| | // Compute q1 = floor(x / 2^(k - 1)) which is equivalent to ignoring the low (k-1) words 79| | 80| | // 2 * mod_words + 1 is sufficient, extra is to enable Karatsuba 81| 48| secure_vector r(2 * mu_words + 2); 82| | 83| 48| copy_mem(r.data(), x_words.data() + (mod_words - 1), mod_words + 1); 84| | 85| | // Now compute q2 = q1 * μ 86| | 87| | // We allocate more size than required since this allows Karatsuba more often; 88| | // just `mu_words + (mod_words + 1)` is sufficient 89| 48| const size_t q2_size = 2 * mu_words + 2; 90| | 91| 48| secure_vector q2(q2_size); 92| | 93| 48| bigint_mul( 94| 48| q2.data(), q2.size(), r.data(), r.size(), mod_words + 1, mu._data(), mu.size(), mu_words, ws.data(), ws.size()); 95| | 96| | // Compute r2 = (floor(q2 / b^(k+1)) * m) mod 2^(k+1) 97| | // The division/floor is again effected by just ignoring the low k + 1 words 98| 48| bigint_mul(r.data(), 99| 48| r.size(), 100| 48| &q2[mod_words + 1], // ignoring the low mod_words + 1 words of the first product 101| 48| q2.size() - (mod_words + 1), 102| 48| mod_words + 1, 103| 48| modulus._data(), 104| 48| modulus.size(), 105| 48| mod_words, 106| 48| ws.data(), 107| 48| ws.size()); 108| | 109| | // Clear the high words of the product, equivalent to computing mod 2^(k+1) 110| | // TODO add masked mul to avoid computing high bits at all 111| 48| clear_mem(std::span{r}.subspan(mod_words + 1)); 112| | 113| | // Compute r = r1 - r2 114| | 115| | // The return value of bigint_sub_abs isn't quite right for what we need here so first compare 116| 48| const int32_t relative_size = bigint_cmp(r.data(), mod_words + 1, x_words.data(), mod_words + 1); 117| | 118| 48| bigint_sub_abs(r.data(), r.data(), x_words.data(), mod_words + 1, ws.data()); 119| | 120| | /* 121| | If r is negative then we have to set r to r + 2^(k+1) 122| | 123| | However for r negative computing this sum is equivalent to computing 2^(k+1) - abs(r) 124| | */ 125| 48| clear_mem(ws.data(), mod_words + 2); 126| 48| ws[mod_words + 1] = 1; 127| 48| bigint_sub2(ws.data(), mod_words + 2, r.data(), mod_words + 2); 128| | 129| | // If relative_size > 0 then assign r to 2^(k+1) - r 130| 48| CT::Mask::is_equal(static_cast(relative_size), 1).select_n(r.data(), ws.data(), r.data(), mod_words + 2); 131| | 132| | /* 133| | * Per HAC Note 14.44 (ii) "step 4 is repeated at most twice since 0 ≤ r < 3m" 134| | */ 135| 48| const size_t bound = 2; 136| | 137| 48| BOTAN_ASSERT_NOMSG(r.size() >= mod_words + 1); ------------------ | | 77| 48| do { \ | | 78| 48| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 48| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 48] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 48| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 48] | | ------------------ ------------------ 138| 144| for(size_t i = 0; i != bound; ++i) { ------------------ | Branch (138:22): [True: 96, False: 48] ------------------ 139| 96| const word borrow = bigint_sub3(ws.data(), r.data(), mod_words + 1, modulus._data(), mod_words); 140| 96| CT::Mask::is_zero(borrow).select_n(r.data(), ws.data(), r.data(), mod_words + 1); 141| 96| } 142| | 143| 48| CT::unpoison(q2); 144| 48| CT::unpoison(r); 145| 48| CT::unpoison(ws); 146| 48| CT::unpoison(x_words); 147| | 148| 48| return BigInt::_from_words(r); 149| 48|} _ZN5Botan17Montgomery_Params4DataC2ERKNS_6BigIntERKNS_17Barrett_ReductionE: 40| 6|Montgomery_Params::Data::Data(const BigInt& p, const Barrett_Reduction& mod_p) { 41| 6| if(p.is_even() || p < 3) { ------------------ | Branch (41:7): [True: 0, False: 6] | Branch (41:22): [True: 0, False: 6] ------------------ 42| 0| throw Invalid_Argument("Montgomery_Params invalid modulus"); 43| 0| } 44| | 45| 6| m_p = p; 46| 6| m_p_words = m_p.sig_words(); 47| 6| m_p_dash = monty_inverse(m_p.word_at(0)); 48| | 49| 6| const BigInt r = BigInt::power_of_2(m_p_words * WordInfo::bits); 50| | 51| 6| m_r1 = mod_p.reduce(r); 52| 6| m_r2 = mod_p.square(m_r1); 53| 6| m_r3 = mod_p.multiply(m_r1, m_r2); 54| | 55| | // Barrett should be at least zero prefixing up to modulus size 56| 6| BOTAN_ASSERT_NOMSG(m_r1.size() >= m_p_words); ------------------ | | 77| 6| do { \ | | 78| 6| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 6| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 6] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 6| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 6] | | ------------------ ------------------ 57| 6| BOTAN_ASSERT_NOMSG(m_r2.size() >= m_p_words); ------------------ | | 77| 6| do { \ | | 78| 6| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 6| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 6] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 6| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 6] | | ------------------ ------------------ 58| 6| BOTAN_ASSERT_NOMSG(m_r3.size() >= m_p_words); ------------------ | | 77| 6| do { \ | | 78| 6| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 6| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 6] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 6| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 6] | | ------------------ ------------------ 59| 6|} _ZN5Botan17Montgomery_ParamsC2ERKNS_6BigIntERKNS_17Barrett_ReductionE: 62| 6| m_data(std::make_shared(p, mod_p)) {} _ZNK5Botan17Montgomery_Params3mulERKNS_6BigIntES3_RNSt3__16vectorImNS_16secure_allocatorImEEEE: 90| 12|BigInt Montgomery_Params::mul(const BigInt& x, const BigInt& y, secure_vector& ws) const { 91| 12| const size_t p_size = this->p_words(); 92| 12| BigInt z = BigInt::with_capacity(2 * p_size); 93| 12| this->mul(z, x, y, ws); 94| 12| return z; 95| 12|} _ZNK5Botan17Montgomery_Params3mulERNS_6BigIntERKS1_S4_RNSt3__16vectorImNS_16secure_allocatorImEEEE: 97| 12|void Montgomery_Params::mul(BigInt& z, const BigInt& x, const BigInt& y, secure_vector& ws) const { 98| 12| BOTAN_ARG_CHECK(&z != &x && &z != &y, "Montgomery_Params::mul output must not alias inputs"); ------------------ | | 35| 12| do { \ | | 36| 12| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 24| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 12, False: 0] | | | Branch (37:12): [True: 12, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 12| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 12] | | ------------------ ------------------ 99| | 100| 12| const size_t p_size = this->p_words(); 101| | 102| 12| if(ws.size() < 2 * p_size) { ------------------ | Branch (102:7): [True: 6, False: 6] ------------------ 103| 6| ws.resize(2 * p_size); 104| 6| } 105| | 106| 12| BOTAN_DEBUG_ASSERT(x.sig_words() <= p_size); ------------------ | | 130| 12| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 12| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 12] | | ------------------ ------------------ 107| 12| BOTAN_DEBUG_ASSERT(y.sig_words() <= p_size); ------------------ | | 130| 12| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 12| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 12] | | ------------------ ------------------ 108| | 109| 12| if(z.size() < 2 * p_size) { ------------------ | Branch (109:7): [True: 0, False: 12] ------------------ 110| 0| z.grow_to(2 * p_size); 111| 0| } 112| | 113| 12| bigint_mul(z.mutable_data(), 114| 12| z.size(), 115| 12| x._data(), 116| 12| x.size(), 117| 12| std::min(p_size, x.size()), 118| 12| y._data(), 119| 12| y.size(), 120| 12| std::min(p_size, y.size()), 121| 12| ws.data(), 122| 12| ws.size()); 123| | 124| 12| bigint_monty_redc_inplace(z.mutable_data(), this->p()._data(), p_size, this->p_dash(), ws.data(), ws.size()); 125| 12|} _ZNK5Botan17Montgomery_Params6mul_byERNS_6BigIntERKS1_RNSt3__16vectorImNS_16secure_allocatorImEEEE: 157| 23.8k|void Montgomery_Params::mul_by(BigInt& x, const BigInt& y, secure_vector& ws) const { 158| 23.8k| const size_t p_size = this->p_words(); 159| | 160| 23.8k| if(ws.size() < 4 * p_size) { ------------------ | Branch (160:7): [True: 11.9k, False: 11.9k] ------------------ 161| 11.9k| ws.resize(4 * p_size); 162| 11.9k| } 163| | 164| 23.8k| word* z_data = ws.data(); 165| 23.8k| word* ws_data = &ws[2 * p_size]; 166| | 167| 23.8k| BOTAN_DEBUG_ASSERT(x.sig_words() <= p_size); ------------------ | | 130| 23.8k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 23.8k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 23.8k] | | ------------------ ------------------ 168| | 169| 23.8k| bigint_mul(z_data, 170| 23.8k| 2 * p_size, 171| 23.8k| x._data(), 172| 23.8k| x.size(), 173| 23.8k| std::min(p_size, x.size()), 174| 23.8k| y._data(), 175| 23.8k| y.size(), 176| 23.8k| std::min(p_size, y.size()), 177| 23.8k| ws_data, 178| 23.8k| 2 * p_size); 179| | 180| 23.8k| bigint_monty_redc_inplace(z_data, this->p()._data(), p_size, this->p_dash(), ws_data, 2 * p_size); 181| | 182| 23.8k| if(x.size() < 2 * p_size) { ------------------ | Branch (182:7): [True: 5.40k, False: 18.4k] ------------------ 183| 5.40k| x.grow_to(2 * p_size); 184| 5.40k| } 185| 23.8k| copy_mem(x.mutable_data(), z_data, 2 * p_size); 186| 23.8k|} _ZN5Botan6PCurve15PrimeOrderCurve6Scalar8_zeroizeEv: 16| 10.1k|void PrimeOrderCurve::Scalar::_zeroize() { 17| 10.1k| secure_zeroize_buffer(m_value.data(), m_value.size() * sizeof(word)); 18| 10.1k|} _ZN5Botan6PCurve15PrimeOrderCurve15for_named_curveENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 32| 6|std::shared_ptr PrimeOrderCurve::for_named_curve(std::string_view name) { 33| 6|#if defined(BOTAN_HAS_PCURVES_SECP256R1) 34| 6| if(name == "secp256r1") { ------------------ | Branch (34:7): [True: 1, False: 5] ------------------ 35| 1| return PCurveInstance::secp256r1(); 36| 1| } 37| 5|#endif 38| | 39| 5|#if defined(BOTAN_HAS_PCURVES_SECP384R1) 40| 5| if(name == "secp384r1") { ------------------ | Branch (40:7): [True: 1, False: 4] ------------------ 41| 1| return PCurveInstance::secp384r1(); 42| 1| } 43| 4|#endif 44| | 45| 4|#if defined(BOTAN_HAS_PCURVES_SECP521R1) 46| 4| if(name == "secp521r1") { ------------------ | Branch (46:7): [True: 1, False: 3] ------------------ 47| 1| return PCurveInstance::secp521r1(); 48| 1| } 49| 3|#endif 50| | 51| 3|#if defined(BOTAN_HAS_PCURVES_BRAINPOOL256R1) 52| 3| if(name == "brainpool256r1") { ------------------ | Branch (52:7): [True: 1, False: 2] ------------------ 53| 1| return PCurveInstance::brainpool256r1(); 54| 1| } 55| 2|#endif 56| | 57| 2|#if defined(BOTAN_HAS_PCURVES_BRAINPOOL384R1) 58| 2| if(name == "brainpool384r1") { ------------------ | Branch (58:7): [True: 1, False: 1] ------------------ 59| 1| return PCurveInstance::brainpool384r1(); 60| 1| } 61| 1|#endif 62| | 63| 1|#if defined(BOTAN_HAS_PCURVES_BRAINPOOL512R1) 64| 1| if(name == "brainpool512r1") { ------------------ | Branch (64:7): [True: 1, False: 0] ------------------ 65| 1| return PCurveInstance::brainpool512r1(); 66| 1| } 67| 0|#endif 68| | 69| 0|#if defined(BOTAN_HAS_PCURVES_FRP256V1) 70| 0| if(name == "frp256v1") { ------------------ | Branch (70:7): [True: 0, False: 0] ------------------ 71| 0| return PCurveInstance::frp256v1(); 72| 0| } 73| 0|#endif 74| | 75| 0|#if defined(BOTAN_HAS_PCURVES_SECP192R1) 76| 0| if(name == "secp192r1") { ------------------ | Branch (76:7): [True: 0, False: 0] ------------------ 77| 0| return PCurveInstance::secp192r1(); 78| 0| } 79| 0|#endif 80| | 81| 0|#if defined(BOTAN_HAS_PCURVES_SECP224R1) 82| 0| if(name == "secp224r1") { ------------------ | Branch (82:7): [True: 0, False: 0] ------------------ 83| 0| return PCurveInstance::secp224r1(); 84| 0| } 85| 0|#endif 86| | 87| 0|#if defined(BOTAN_HAS_PCURVES_SECP256K1) 88| 0| if(name == "secp256k1") { ------------------ | Branch (88:7): [True: 0, False: 0] ------------------ 89| 0| return PCurveInstance::secp256k1(); 90| 0| } 91| 0|#endif 92| | 93| 0|#if defined(BOTAN_HAS_PCURVES_SM2P256V1) 94| 0| if(name == "sm2p256v1") { ------------------ | Branch (94:7): [True: 0, False: 0] ------------------ 95| 0| return PCurveInstance::sm2p256v1(); 96| 0| } 97| 0|#endif 98| | 99| 0|#if defined(BOTAN_HAS_PCURVES_NUMSP512D1) 100| 0| if(name == "numsp512d1") { ------------------ | Branch (100:7): [True: 0, False: 0] ------------------ 101| 0| return PCurveInstance::numsp512d1(); 102| 0| } 103| 0|#endif 104| | 105| 0| BOTAN_UNUSED(name); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 106| 0| return {}; 107| 0|} _ZN5Botan6PCurve14PCurveInstance14brainpool256r1Ev: 36| 1|std::shared_ptr PCurveInstance::brainpool256r1() { 37| 1| return PrimeOrderCurveImpl::instance(); 38| 1|} _ZN5Botan6PCurve14PCurveInstance14brainpool384r1Ev: 36| 1|std::shared_ptr PCurveInstance::brainpool384r1() { 37| 1| return PrimeOrderCurveImpl::instance(); 38| 1|} _ZN5Botan6PCurve14PCurveInstance14brainpool512r1Ev: 36| 1|std::shared_ptr PCurveInstance::brainpool512r1() { 37| 1| return PrimeOrderCurveImpl::instance(); 38| 1|} _ZN5Botan6PCurve14PCurveInstance9secp256r1Ev: 268| 1|std::shared_ptr PCurveInstance::secp256r1() { 269| 1| return PrimeOrderCurveImpl::instance(); 270| 1|} pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS1_9secp256r16ParamsES2_E11FieldParamsEE3oneEv: 77| 50.3k| constexpr static std::array one() { return std::array{1}; } pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS1_9secp256r16ParamsES2_E11FieldParamsEE4redcERKNSt3__15arrayImLm8EEE: 27| 1.95M| constexpr static std::array redc(const std::array& z) { 28| 1.95M| const int64_t X00 = get_uint32(z.data(), 0); 29| 1.95M| const int64_t X01 = get_uint32(z.data(), 1); 30| 1.95M| const int64_t X02 = get_uint32(z.data(), 2); 31| 1.95M| const int64_t X03 = get_uint32(z.data(), 3); 32| 1.95M| const int64_t X04 = get_uint32(z.data(), 4); 33| 1.95M| const int64_t X05 = get_uint32(z.data(), 5); 34| 1.95M| const int64_t X06 = get_uint32(z.data(), 6); 35| 1.95M| const int64_t X07 = get_uint32(z.data(), 7); 36| 1.95M| const int64_t X08 = get_uint32(z.data(), 8); 37| 1.95M| const int64_t X09 = get_uint32(z.data(), 9); 38| 1.95M| const int64_t X10 = get_uint32(z.data(), 10); 39| 1.95M| const int64_t X11 = get_uint32(z.data(), 11); 40| 1.95M| const int64_t X12 = get_uint32(z.data(), 12); 41| 1.95M| const int64_t X13 = get_uint32(z.data(), 13); 42| 1.95M| const int64_t X14 = get_uint32(z.data(), 14); 43| 1.95M| const int64_t X15 = get_uint32(z.data(), 15); 44| | 45| | // See SP 800-186 section G.1.2 46| 1.95M| const int64_t S0 = P256_4[0] + X00 + X08 + X09 - (X11 + X12 + X13 + X14); 47| 1.95M| const int64_t S1 = P256_4[1] + X01 + X09 + X10 - (X12 + X13 + X14 + X15); 48| 1.95M| const int64_t S2 = P256_4[2] + X02 + X10 + X11 - (X13 + X14 + X15); 49| 1.95M| const int64_t S3 = P256_4[3] + X03 + 2 * (X11 + X12) + X13 - (X15 + X08 + X09); 50| 1.95M| const int64_t S4 = P256_4[4] + X04 + 2 * (X12 + X13) + X14 - (X09 + X10); 51| 1.95M| const int64_t S5 = P256_4[5] + X05 + 2 * (X13 + X14) + X15 - (X10 + X11); 52| 1.95M| const int64_t S6 = P256_4[6] + X06 + X13 + X14 * 3 + X15 * 2 - (X08 + X09); 53| 1.95M| const int64_t S7 = P256_4[7] + X07 + X15 * 3 + X08 - (X10 + X11 + X12 + X13); 54| 1.95M| const int64_t S8 = P256_4[8]; 55| | 56| 1.95M| std::array r = {}; 57| | 58| 1.95M| SolinasAccum sum(r); 59| | 60| 1.95M| sum.accum(S0); 61| 1.95M| sum.accum(S1); 62| 1.95M| sum.accum(S2); 63| 1.95M| sum.accum(S3); 64| 1.95M| sum.accum(S4); 65| 1.95M| sum.accum(S5); 66| 1.95M| sum.accum(S6); 67| 1.95M| sum.accum(S7); 68| 1.95M| const auto S = sum.final_carry(S8); 69| | 70| 1.95M| BOTAN_DEBUG_ASSERT(S <= 8); ------------------ | | 130| 1.95M| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 1.95M| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 1.95M] | | ------------------ ------------------ 71| | 72| 1.95M| solinas_correct_redc(r, P, p256_mul_mod_256(S)); 73| | 74| 1.95M| return r; 75| 1.95M| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS1_9secp256r16ParamsES2_E11FieldParamsEE16p256_mul_mod_256Em: 89| 1.95M| constexpr static std::array p256_mul_mod_256(W i) { 90| 1.95M| static_assert(WordInfo::bits == 32 || WordInfo::bits == 64); 91| | 92| | // For small i, multiples of P-256 have a simple structure so it's faster to 93| | // compute the value directly vs a (constant time) table lookup 94| | 95| 1.95M| auto r = P; 96| | if constexpr(WordInfo::bits == 32) { 97| | r[7] -= i; 98| | r[6] += i; 99| | r[3] += i; 100| | r[0] -= i; 101| 1.95M| } else { 102| 1.95M| const uint64_t i32 = static_cast(i) << 32; 103| 1.95M| r[3] -= i32; 104| 1.95M| r[3] += i; 105| 1.95M| r[1] += i32; 106| 1.95M| r[0] -= i; 107| 1.95M| } 108| 1.95M| return r; 109| 1.95M| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp256r15Curve10fe_invert2ERKNS_6IntModINS1_12Secp256r1RepINS_13EllipticCurveINS2_6ParamsES5_E11FieldParamsEEEEE: 131| 1.25k| static constexpr FieldElement fe_invert2(const FieldElement& x) { 132| | // Generated using https://github.com/mmcloughlin/addchain 133| | 134| 1.25k| auto z = x.square(); 135| 1.25k| z *= x; 136| 1.25k| z = z.square(); 137| 1.25k| z *= x; 138| 1.25k| auto t0 = z; 139| 1.25k| t0.square_n(3); 140| 1.25k| t0 *= z; 141| 1.25k| auto t1 = t0; 142| 1.25k| t1.square_n(6); 143| 1.25k| t0 *= t1; 144| 1.25k| t0.square_n(3); 145| 1.25k| z *= t0; 146| 1.25k| t0 = z.square(); 147| 1.25k| t0 *= x; 148| 1.25k| t1 = t0; 149| 1.25k| t1.square_n(16); 150| 1.25k| t0 *= t1; 151| 1.25k| t0.square_n(15); 152| 1.25k| z *= t0; 153| 1.25k| t0.square_n(17); 154| 1.25k| t0 *= x; 155| 1.25k| t0.square_n(143); 156| 1.25k| t0 *= z; 157| 1.25k| t0.square_n(47); 158| 1.25k| z *= t0; 159| 1.25k| z.square_n(2); 160| | 161| 1.25k| return z; 162| 1.25k| } pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS1_9secp256r16ParamsES2_E11FieldParamsEE8from_repERKNSt3__15arrayImLm4EEE: 83| 18.7k| constexpr static std::array from_rep(const std::array& z) { return z; } pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp256r1RepINS_13EllipticCurveINS1_9secp256r16ParamsES2_E11FieldParamsEE6to_repERKNSt3__15arrayImLm4EEE: 79| 18.7k| constexpr static std::array to_rep(const std::array& x) { return x; } pcurves_secp256r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp256r15Curve7fe_sqrtERKNS_6IntModINS1_12Secp256r1RepINS_13EllipticCurveINS2_6ParamsES5_E11FieldParamsEEEEE: 165| 370| static constexpr FieldElement fe_sqrt(const FieldElement& x) { 166| | // Generated using addchain 167| 370| auto z = x.square(); 168| 370| z *= x; 169| 370| auto t0 = z; 170| 370| t0.square_n(2); 171| 370| z *= t0; 172| 370| t0 = z; 173| 370| t0.square_n(4); 174| 370| z *= t0; 175| 370| t0 = z; 176| 370| t0.square_n(8); 177| 370| z *= t0; 178| 370| t0 = z; 179| 370| t0.square_n(16); 180| 370| z *= t0; 181| 370| z.square_n(32); 182| 370| z *= x; 183| 370| z.square_n(96); 184| 370| z *= x; 185| 370| z.square_n(94); 186| 370| return z; 187| 370| } _ZN5Botan6PCurve14PCurveInstance9secp384r1Ev: 343| 1|std::shared_ptr PCurveInstance::secp384r1() { 344| 1| return PrimeOrderCurveImpl::instance(); 345| 1|} pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS1_9secp384r16ParamsES2_E11FieldParamsEE3oneEv: 88| 64.6k| constexpr static std::array one() { return std::array{1}; } pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS1_9secp384r16ParamsES2_E11FieldParamsEE4redcERKNSt3__15arrayImLm12EEE: 23| 2.40M| constexpr static std::array redc(const std::array& z) { 24| 2.40M| const int64_t X00 = get_uint32(z.data(), 0); 25| 2.40M| const int64_t X01 = get_uint32(z.data(), 1); 26| 2.40M| const int64_t X02 = get_uint32(z.data(), 2); 27| 2.40M| const int64_t X03 = get_uint32(z.data(), 3); 28| 2.40M| const int64_t X04 = get_uint32(z.data(), 4); 29| 2.40M| const int64_t X05 = get_uint32(z.data(), 5); 30| 2.40M| const int64_t X06 = get_uint32(z.data(), 6); 31| 2.40M| const int64_t X07 = get_uint32(z.data(), 7); 32| 2.40M| const int64_t X08 = get_uint32(z.data(), 8); 33| 2.40M| const int64_t X09 = get_uint32(z.data(), 9); 34| 2.40M| const int64_t X10 = get_uint32(z.data(), 10); 35| 2.40M| const int64_t X11 = get_uint32(z.data(), 11); 36| 2.40M| const int64_t X12 = get_uint32(z.data(), 12); 37| 2.40M| const int64_t X13 = get_uint32(z.data(), 13); 38| 2.40M| const int64_t X14 = get_uint32(z.data(), 14); 39| 2.40M| const int64_t X15 = get_uint32(z.data(), 15); 40| 2.40M| const int64_t X16 = get_uint32(z.data(), 16); 41| 2.40M| const int64_t X17 = get_uint32(z.data(), 17); 42| 2.40M| const int64_t X18 = get_uint32(z.data(), 18); 43| 2.40M| const int64_t X19 = get_uint32(z.data(), 19); 44| 2.40M| const int64_t X20 = get_uint32(z.data(), 20); 45| 2.40M| const int64_t X21 = get_uint32(z.data(), 21); 46| 2.40M| const int64_t X22 = get_uint32(z.data(), 22); 47| 2.40M| const int64_t X23 = get_uint32(z.data(), 23); 48| | 49| | // One copy of P-384 is added to prevent underflow 50| 2.40M| const int64_t S0 = 0xFFFFFFFF + X00 + X12 + X20 + X21 - X23; 51| 2.40M| const int64_t S1 = 0x00000000 + X01 + X13 + X22 + X23 - X12 - X20; 52| 2.40M| const int64_t S2 = 0x00000000 + X02 + X14 + X23 - X13 - X21; 53| 2.40M| const int64_t S3 = 0xFFFFFFFF + X03 + X12 + X15 + X20 + X21 - X14 - X22 - X23; 54| 2.40M| const int64_t S4 = 0xFFFFFFFE + X04 + X12 + X13 + X16 + X20 + X21 * 2 + X22 - X15 - X23 * 2; 55| 2.40M| const int64_t S5 = 0xFFFFFFFF + X05 + X13 + X14 + X17 + X21 + X22 * 2 + X23 - X16; 56| 2.40M| const int64_t S6 = 0xFFFFFFFF + X06 + X14 + X15 + X18 + X22 + X23 * 2 - X17; 57| 2.40M| const int64_t S7 = 0xFFFFFFFF + X07 + X15 + X16 + X19 + X23 - X18; 58| 2.40M| const int64_t S8 = 0xFFFFFFFF + X08 + X16 + X17 + X20 - X19; 59| 2.40M| const int64_t S9 = 0xFFFFFFFF + X09 + X17 + X18 + X21 - X20; 60| 2.40M| const int64_t SA = 0xFFFFFFFF + X10 + X18 + X19 + X22 - X21; 61| 2.40M| const int64_t SB = 0xFFFFFFFF + X11 + X19 + X20 + X23 - X22; 62| | 63| 2.40M| std::array r = {}; 64| | 65| 2.40M| SolinasAccum sum(r); 66| | 67| 2.40M| sum.accum(S0); 68| 2.40M| sum.accum(S1); 69| 2.40M| sum.accum(S2); 70| 2.40M| sum.accum(S3); 71| 2.40M| sum.accum(S4); 72| 2.40M| sum.accum(S5); 73| 2.40M| sum.accum(S6); 74| 2.40M| sum.accum(S7); 75| 2.40M| sum.accum(S8); 76| 2.40M| sum.accum(S9); 77| 2.40M| sum.accum(SA); 78| 2.40M| sum.accum(SB); 79| 2.40M| const auto S = sum.final_carry(0); 80| | 81| 2.40M| BOTAN_DEBUG_ASSERT(S <= 4); ------------------ | | 130| 2.40M| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 2.40M| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 2.40M] | | ------------------ ------------------ 82| | 83| 2.40M| solinas_correct_redc(r, P, p384_mul_mod_384(S)); 84| | 85| 2.40M| return r; 86| 2.40M| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS1_9secp384r16ParamsES2_E11FieldParamsEE16p384_mul_mod_384Em: 100| 2.40M| constexpr static std::array p384_mul_mod_384(W i) { 101| 2.40M| static_assert(WordInfo::bits == 32 || WordInfo::bits == 64); 102| | 103| | // For small i, multiples of P-384 have a simple structure so it's faster to 104| | // compute the value directly vs a (constant time) table lookup 105| | 106| 2.40M| auto r = P; 107| | if constexpr(WordInfo::bits == 32) { 108| | r[4] -= i; 109| | r[3] -= i; 110| | r[1] += i; 111| | r[0] -= i; 112| 2.40M| } else { 113| 2.40M| const uint64_t i32 = static_cast(i) << 32; 114| 2.40M| r[2] -= i; 115| 2.40M| r[1] -= i32; 116| 2.40M| r[0] += i32; 117| 2.40M| r[0] -= i; 118| 2.40M| } 119| 2.40M| return r; 120| 2.40M| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp384r15Curve10fe_invert2ERKNS_6IntModINS1_12Secp384r1RepINS_13EllipticCurveINS2_6ParamsES5_E11FieldParamsEEEEE: 142| 1.08k| static constexpr FieldElement fe_invert2(const FieldElement& x) { 143| | // From https://briansmith.org/ecc-inversion-addition-chains-01 144| | 145| 1.08k| FieldElement r = x.square(); 146| 1.08k| r *= x; 147| 1.08k| const auto x2 = r; 148| 1.08k| r = r.square(); 149| 1.08k| r *= x; 150| 1.08k| const auto x3 = r; 151| 1.08k| r.square_n(3); 152| 1.08k| r *= x3; 153| 1.08k| auto rl = r; 154| 1.08k| r.square_n(6); 155| 1.08k| r *= rl; 156| 1.08k| r.square_n(3); 157| 1.08k| r *= x3; 158| 1.08k| const auto x15 = r; 159| 1.08k| r.square_n(15); 160| 1.08k| r *= x15; 161| 1.08k| const auto x30 = r; 162| 1.08k| r.square_n(30); 163| 1.08k| r *= x30; 164| 1.08k| rl = r; 165| 1.08k| r.square_n(60); 166| 1.08k| r *= rl; 167| 1.08k| rl = r; 168| 1.08k| r.square_n(120); 169| 1.08k| r *= rl; 170| 1.08k| r.square_n(15); 171| 1.08k| r *= x15; 172| 1.08k| r.square_n(31); 173| 1.08k| r *= x30; 174| 1.08k| r.square_n(2); 175| 1.08k| r *= x2; 176| 1.08k| r.square_n(94); 177| 1.08k| r *= x30; 178| 1.08k| r.square_n(2); 179| | 180| 1.08k| return r; 181| 1.08k| } pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS1_9secp384r16ParamsES2_E11FieldParamsEE8from_repERKNSt3__15arrayImLm6EEE: 94| 3.95k| constexpr static std::array from_rep(const std::array& z) { return z; } pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_112Secp384r1RepINS_13EllipticCurveINS1_9secp384r16ParamsES2_E11FieldParamsEE6to_repERKNSt3__15arrayImLm6EEE: 90| 4.16k| constexpr static std::array to_rep(const std::array& x) { return x; } pcurves_secp384r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp384r15Curve7fe_sqrtERKNS_6IntModINS1_12Secp384r1RepINS_13EllipticCurveINS2_6ParamsES5_E11FieldParamsEEEEE: 183| 298| static constexpr FieldElement fe_sqrt(const FieldElement& x) { 184| | // Generated using https://github.com/mmcloughlin/addchain 185| | 186| 298| auto z = x.square(); 187| 298| z *= x; 188| 298| z = z.square(); 189| 298| auto t0 = x * z; 190| 298| z = t0; 191| 298| z.square_n(3); 192| 298| auto t1 = t0 * z; 193| 298| auto t2 = t1.square(); 194| 298| z = t2 * x; 195| 298| t2.square_n(5); 196| 298| t1 *= t2; 197| 298| t2 = t1; 198| 298| t2.square_n(12); 199| 298| t1 *= t2; 200| 298| t1.square_n(7); 201| 298| t1 *= z; 202| 298| z = t1.square(); 203| 298| z *= x; 204| 298| t2 = z; 205| 298| t2.square_n(31); 206| 298| t1 *= t2; 207| 298| t2 = t1; 208| 298| t2.square_n(63); 209| 298| t1 *= t2; 210| 298| t2 = t1; 211| 298| t2.square_n(126); 212| 298| t1 *= t2; 213| 298| t1.square_n(3); 214| 298| t0 *= t1; 215| 298| t0.square_n(33); 216| 298| z *= t0; 217| 298| z.square_n(64); 218| 298| z *= x; 219| 298| z.square_n(30); 220| 298| return z; 221| 298| } _ZN5Botan6PCurve14PCurveInstance9secp521r1Ev: 291| 1|std::shared_ptr PCurveInstance::secp521r1() { 292| 1| return PrimeOrderCurveImpl::instance(); 293| 1|} pcurves_secp521r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE3oneEv: 24| 72.9k| constexpr static std::array one() { return std::array{1}; } pcurves_secp521r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE4redcERKNSt3__15arrayImLm18EEE: 26| 2.72M| constexpr static std::array redc(const std::array& z) { 27| | // Regardless of word size (32 or 64) the top word is 9 bits long 28| 2.72M| constexpr W TOP_BITS = static_cast(0x1FF); 29| | // The 23 or 55 bits that should be cleared in the top word 30| 2.72M| constexpr W CLEARED_TOP_BITS = WordInfo::max ^ TOP_BITS; 31| | 32| | /* 33| | * Extract the high part of z (z >> 521) 34| | */ 35| 2.72M| std::array t; // NOLINT(*-member-init) 36| | 37| 27.2M| for(size_t i = 0; i != N; ++i) { ------------------ | Branch (37:28): [True: 24.4M, False: 2.72M] ------------------ 38| 24.4M| t[i] = z[(N - 1) + i] >> 9; 39| 24.4M| } 40| | 41| 24.4M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (41:28): [True: 21.7M, False: 2.72M] ------------------ 42| 21.7M| t[i] |= z[(N - 1) + i + 1] << (WordInfo::bits - 9); 43| 21.7M| } 44| | 45| | // Now t += z & (2**521-1) 46| 2.72M| W carry = 0; 47| 24.4M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (47:28): [True: 21.7M, False: 2.72M] ------------------ 48| 21.7M| t[i] = word_add(t[i], z[i], &carry); 49| 21.7M| } 50| | 51| | // Now add the (partial) top words; this can't carry out 52| | // since both inputs are at most 2**9-1 53| 2.72M| t[N - 1] += (z[N - 1] & TOP_BITS) + carry; 54| | 55| | /* 56| | Since the modulus P is exactly 2**521 - 1 the only way the computed 57| | result can be larger than P is if the top word is larger than TOP_BITS 58| | 59| | Since TOP_BITS has the low 9 bits set, we can check if t[N - 1] > TOP_BITS 60| | by checking if t[N - 1] >> 9 has any bits set. Doing it this way is 61| | faster than a standard comparison since CT::Mask::is_gt requires 62| | several bit operations. 63| | */ 64| | 65| 2.72M| const W is_over_p521 = ~CT::Mask::is_zero(t[N - 1] >> 9).value(); 66| | 67| | /* 68| | * Also must detect/handle x == P 69| | */ 70| 2.72M| const W is_eq_p521 = [&]() { 71| 2.72M| W sum = WordInfo::max; 72| 2.72M| for(size_t i = 0; i != N - 1; ++i) { 73| 2.72M| sum &= t[i]; 74| 2.72M| } 75| 2.72M| sum &= (CLEARED_TOP_BITS | t[N - 1]); 76| | 77| 2.72M| return CT::Mask::is_zero(sum ^ WordInfo::max).value(); 78| 2.72M| }(); 79| | 80| 2.72M| const W need_sub = is_over_p521 | is_eq_p521; 81| | 82| 2.72M| W borrow = 0; 83| 24.4M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (83:28): [True: 21.7M, False: 2.72M] ------------------ 84| 21.7M| t[i] = word_sub(t[i], need_sub & WordInfo::max, &borrow); 85| 21.7M| } 86| 2.72M| t[N - 1] = word_sub(t[N - 1], need_sub & TOP_BITS, &borrow); 87| | 88| 2.72M| return t; 89| 2.72M| } pcurves_secp521r1.cpp:_ZZN5Botan6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE4redcERKNSt3__15arrayImLm18EEEENKUlvE_clEv: 70| 2.72M| const W is_eq_p521 = [&]() { 71| 2.72M| W sum = WordInfo::max; 72| 24.4M| for(size_t i = 0; i != N - 1; ++i) { ------------------ | Branch (72:31): [True: 21.7M, False: 2.72M] ------------------ 73| 21.7M| sum &= t[i]; 74| 21.7M| } 75| 2.72M| sum &= (CLEARED_TOP_BITS | t[N - 1]); 76| | 77| 2.72M| return CT::Mask::is_zero(sum ^ WordInfo::max).value(); 78| 2.72M| }(); pcurves_secp521r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp521r15Curve10fe_invert2ERKNS_6IntModINS2_7P521RepINS_13EllipticCurveINS2_6ParamsES5_E11FieldParamsEEEEE: 115| 931| static constexpr FieldElement fe_invert2(const FieldElement& x) { 116| | // Addition chain from https://eprint.iacr.org/2014/852.pdf page 6 117| | 118| 931| FieldElement r = x.square(); 119| 931| r *= x; 120| 931| r = r.square(); 121| 931| r *= x; 122| 931| FieldElement rl = r; 123| 931| r.square_n(3); 124| 931| r *= rl; 125| 931| r.square_n(1); 126| 931| r *= x; 127| 931| const auto a7 = r; 128| 931| r.square_n(1); 129| 931| r *= x; 130| 931| rl = r; 131| 931| r.square_n(8); 132| 931| r *= rl; 133| 931| rl = r; 134| 931| r.square_n(16); 135| 931| r *= rl; 136| 931| rl = r; 137| 931| r.square_n(32); 138| 931| r *= rl; 139| 931| rl = r; 140| 931| r.square_n(64); 141| 931| r *= rl; 142| 931| rl = r; 143| 931| r.square_n(128); 144| 931| r *= rl; 145| 931| rl = r; 146| 931| r.square_n(256); 147| 931| r *= rl; 148| 931| r.square_n(7); 149| 931| r *= a7; 150| 931| r.square_n(2); 151| | 152| 931| return r; 153| 931| } pcurves_secp521r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE8from_repERKNSt3__15arrayImLm9EEE: 95| 3.36k| constexpr static std::array from_rep(const std::array& z) { return z; } pcurves_secp521r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp521r17P521RepINS_13EllipticCurveINS2_6ParamsES3_E11FieldParamsEE6to_repERKNSt3__15arrayImLm9EEE: 91| 3.60k| constexpr static std::array to_rep(const std::array& x) { return x; } pcurves_secp521r1.cpp:_ZN5Botan6PCurve12_GLOBAL__N_19secp521r15Curve7fe_sqrtERKNS_6IntModINS2_7P521RepINS_13EllipticCurveINS2_6ParamsES5_E11FieldParamsEEEEE: 155| 255| static constexpr FieldElement fe_sqrt(const FieldElement& x) { 156| 255| auto z = x; 157| 255| z.square_n(519); 158| 255| return z; 159| 255| } _ZN5Botan9AEAD_Mode15create_or_throwENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEENS_10Cipher_DirES5_: 51| 210| std::string_view provider) { 52| 210| if(auto aead = AEAD_Mode::create(algo, dir, provider)) { ------------------ | Branch (52:12): [True: 210, False: 0] ------------------ 53| 210| return aead; 54| 210| } 55| | 56| 0| throw Lookup_Error("AEAD", algo, provider); 57| 210|} _ZN5Botan9AEAD_Mode6createENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEENS_10Cipher_DirES5_: 59| 420|std::unique_ptr AEAD_Mode::create(std::string_view algo, Cipher_Dir dir, std::string_view provider) { 60| 420| BOTAN_UNUSED(provider); ------------------ | | 144| 420|#define BOTAN_UNUSED Botan::ignore_params ------------------ 61| 420|#if defined(BOTAN_HAS_AEAD_CHACHA20_POLY1305) 62| 420| if(algo == "ChaCha20Poly1305") { ------------------ | Branch (62:7): [True: 0, False: 420] ------------------ 63| 0| if(dir == Cipher_Dir::Encryption) { ------------------ | Branch (63:10): [True: 0, False: 0] ------------------ 64| 0| return std::make_unique(); 65| 0| } else { 66| 0| return std::make_unique(); 67| 0| } 68| 0| } 69| 420|#endif 70| | 71| 420|#if defined(BOTAN_HAS_ASCON_AEAD128) 72| 420| if(algo == "Ascon-AEAD128") { ------------------ | Branch (72:7): [True: 0, False: 420] ------------------ 73| 0| if(dir == Cipher_Dir::Encryption) { ------------------ | Branch (73:10): [True: 0, False: 0] ------------------ 74| 0| return std::make_unique(); 75| 0| } else { 76| 0| return std::make_unique(); 77| 0| } 78| 0| } 79| 420|#endif 80| | 81| 420| if(algo.find('/') != std::string::npos) { ------------------ | Branch (81:7): [True: 210, False: 210] ------------------ 82| 210| const std::vector algo_parts = split_on(algo, '/'); 83| 210| const std::string_view cipher_name = algo_parts[0]; 84| 210| const std::vector mode_info = parse_algorithm_name(algo_parts[1]); 85| | 86| 210| if(mode_info.empty()) { ------------------ | Branch (86:10): [True: 0, False: 210] ------------------ 87| 0| return std::unique_ptr(); 88| 0| } 89| | 90| 210| std::ostringstream mode_name; 91| | 92| 210| mode_name << mode_info[0] << '(' << cipher_name; 93| 317| for(size_t i = 1; i < mode_info.size(); ++i) { ------------------ | Branch (93:25): [True: 107, False: 210] ------------------ 94| 107| mode_name << ',' << mode_info[i]; 95| 107| } 96| 210| for(size_t i = 2; i < algo_parts.size(); ++i) { ------------------ | Branch (96:25): [True: 0, False: 210] ------------------ 97| 0| mode_name << ',' << algo_parts[i]; 98| 0| } 99| 210| mode_name << ')'; 100| | 101| 210| return AEAD_Mode::create(mode_name.str(), dir); 102| 210| } 103| | 104| 210|#if defined(BOTAN_HAS_BLOCK_CIPHER) 105| | 106| 210| const SCAN_Name req(algo); 107| | 108| 210| if(req.arg_count() == 0) { ------------------ | Branch (108:7): [True: 0, False: 210] ------------------ 109| 0| return std::unique_ptr(); 110| 0| } 111| | 112| 210| auto bc = BlockCipher::create(req.arg(0), provider); 113| | 114| 210| if(!bc) { ------------------ | Branch (114:7): [True: 0, False: 210] ------------------ 115| 0| return std::unique_ptr(); 116| 0| } 117| | 118| 210| #if defined(BOTAN_HAS_AEAD_CCM) 119| 210| if(req.algo_name() == "CCM") { ------------------ | Branch (119:7): [True: 40, False: 170] ------------------ 120| 40| const size_t tag_len = req.arg_as_integer(1, 16); 121| 40| const size_t L_len = req.arg_as_integer(2, 3); 122| 40| if(dir == Cipher_Dir::Encryption) { ------------------ | Branch (122:10): [True: 8, False: 32] ------------------ 123| 8| return std::make_unique(std::move(bc), tag_len, L_len); 124| 32| } else { 125| 32| return std::make_unique(std::move(bc), tag_len, L_len); 126| 32| } 127| 40| } 128| 170| #endif 129| | 130| 170| #if defined(BOTAN_HAS_AEAD_GCM) 131| 170| if(req.algo_name() == "GCM") { ------------------ | Branch (131:7): [True: 93, False: 77] ------------------ 132| 93| const size_t tag_len = req.arg_as_integer(1, 16); 133| 93| if(dir == Cipher_Dir::Encryption) { ------------------ | Branch (133:10): [True: 17, False: 76] ------------------ 134| 17| return std::make_unique(std::move(bc), tag_len); 135| 76| } else { 136| 76| return std::make_unique(std::move(bc), tag_len); 137| 76| } 138| 93| } 139| 77| #endif 140| | 141| 77| #if defined(BOTAN_HAS_AEAD_OCB) 142| 77| if(req.algo_name() == "OCB") { ------------------ | Branch (142:7): [True: 77, False: 0] ------------------ 143| 77| const size_t tag_len = req.arg_as_integer(1, 16); 144| 77| if(dir == Cipher_Dir::Encryption) { ------------------ | Branch (144:10): [True: 22, False: 55] ------------------ 145| 22| return std::make_unique(std::move(bc), tag_len); 146| 55| } else { 147| 55| return std::make_unique(std::move(bc), tag_len); 148| 55| } 149| 77| } 150| 0| #endif 151| | 152| 0| #if defined(BOTAN_HAS_AEAD_EAX) 153| 0| if(req.algo_name() == "EAX") { ------------------ | Branch (153:7): [True: 0, False: 0] ------------------ 154| 0| const size_t tag_len = req.arg_as_integer(1, bc->block_size()); 155| 0| if(dir == Cipher_Dir::Encryption) { ------------------ | Branch (155:10): [True: 0, False: 0] ------------------ 156| 0| return std::make_unique(std::move(bc), tag_len); 157| 0| } else { 158| 0| return std::make_unique(std::move(bc), tag_len); 159| 0| } 160| 0| } 161| 0| #endif 162| | 163| 0| #if defined(BOTAN_HAS_AEAD_SIV) 164| 0| if(req.algo_name() == "SIV") { ------------------ | Branch (164:7): [True: 0, False: 0] ------------------ 165| 0| if(dir == Cipher_Dir::Encryption) { ------------------ | Branch (165:10): [True: 0, False: 0] ------------------ 166| 0| return std::make_unique(std::move(bc)); 167| 0| } else { 168| 0| return std::make_unique(std::move(bc)); 169| 0| } 170| 0| } 171| 0| #endif 172| | 173| 0|#endif 174| | 175| 0| return std::unique_ptr(); 176| 0|} _ZN5Botan8CCM_ModeC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEmm: 26| 40| m_tag_size(tag_size), m_L(L), m_cipher(std::move(cipher)) { 27| 40| if(m_cipher->block_size() != CCM_BS) { ------------------ | Branch (27:7): [True: 0, False: 40] ------------------ 28| 0| throw Invalid_Argument(m_cipher->name() + " cannot be used with CCM mode"); 29| 0| } 30| | 31| 40| if(L < 2 || L > 8) { ------------------ | Branch (31:7): [True: 0, False: 40] | Branch (31:16): [True: 0, False: 40] ------------------ 32| 0| throw Invalid_Argument(fmt("Invalid CCM L value {}", L)); 33| 0| } 34| | 35| 40| if(tag_size < 4 || tag_size > 16 || tag_size % 2 != 0) { ------------------ | Branch (35:7): [True: 0, False: 40] | Branch (35:23): [True: 0, False: 40] | Branch (35:40): [True: 0, False: 40] ------------------ 36| 0| throw Invalid_Argument(fmt("Invalid CCM tag length {}", tag_size)); 37| 0| } 38| 40|} _ZN5Botan8CCM_Mode5resetEv: 46| 54|void CCM_Mode::reset() { 47| 54| m_nonce.clear(); 48| 54| m_msg_buf.clear(); 49| 54|} _ZNK5Botan8CCM_Mode18valid_nonce_lengthEm: 55| 40|bool CCM_Mode::valid_nonce_length(size_t length) const { 56| 40| return (length == (15 - L())); 57| 40|} _ZNK5Botan8CCM_Mode8key_specEv: 76| 40|Key_Length_Specification CCM_Mode::key_spec() const { 77| 40| return m_cipher->key_spec(); 78| 40|} _ZN5Botan8CCM_Mode12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 84| 40|void CCM_Mode::key_schedule(std::span key) { 85| 40| m_cipher->set_key(key); 86| | // Clear any per-message state; AD is preserved per AEAD contract 87| | // (CCM advertises associated_data_requires_key() == false). 88| 40| reset(); 89| 40|} _ZN5Botan8CCM_Mode21set_associated_data_nEmNSt3__14spanIKhLm18446744073709551615EEE: 91| 40|void CCM_Mode::set_associated_data_n(size_t idx, std::span ad) { 92| 40| BOTAN_ARG_CHECK(idx == 0, "CCM: cannot handle non-zero index in set_associated_data_n"); ------------------ | | 35| 40| do { \ | | 36| 40| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 40| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 40] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 40| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 40] | | ------------------ ------------------ 93| 40| BOTAN_STATE_CHECK(m_nonce.empty()); ------------------ | | 51| 40| do { \ | | 52| 40| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 40| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 40] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 40| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 40] | | ------------------ ------------------ 94| | 95| 40| m_ad_buf.clear(); 96| | 97| 40| if(!ad.empty()) { ------------------ | Branch (97:7): [True: 40, False: 0] ------------------ 98| | // FIXME: support larger AD using length encoding rules 99| 40| BOTAN_ARG_CHECK(ad.size() < (0xFFFF - 0xFF), "Supported CCM AD length"); ------------------ | | 35| 40| do { \ | | 36| 40| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 40| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 40] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 40| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 40] | | ------------------ ------------------ 100| | 101| 40| m_ad_buf.push_back(get_byte<0>(static_cast(ad.size()))); 102| 40| m_ad_buf.push_back(get_byte<1>(static_cast(ad.size()))); 103| 40| m_ad_buf.insert(m_ad_buf.end(), ad.begin(), ad.end()); 104| 80| while(m_ad_buf.size() % CCM_BS != 0) { ------------------ | Branch (104:13): [True: 40, False: 40] ------------------ 105| 40| m_ad_buf.push_back(0); // pad with zeros to full block size 106| 40| } 107| 40| } 108| 40|} _ZN5Botan8CCM_Mode9start_msgEPKhm: 110| 40|void CCM_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) { 111| 40| BOTAN_STATE_CHECK(m_nonce.empty()); ------------------ | | 51| 40| do { \ | | 52| 40| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 40| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 40] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 40| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 40] | | ------------------ ------------------ 112| | 113| 40| if(!valid_nonce_length(nonce_len)) { ------------------ | Branch (113:7): [True: 0, False: 40] ------------------ 114| 0| throw Invalid_IV_Length(name(), nonce_len); 115| 0| } 116| | 117| 40| m_nonce.assign(nonce, nonce + nonce_len); 118| 40| m_msg_buf.clear(); 119| 40|} _ZN5Botan8CCM_Mode13encode_lengthEmPh: 136| 40|void CCM_Mode::encode_length(uint64_t len, uint8_t out[]) { 137| 40| const size_t len_bytes = L(); 138| | 139| 40| BOTAN_ASSERT_NOMSG(len_bytes >= 2 && len_bytes <= 8); ------------------ | | 77| 40| do { \ | | 78| 40| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 80| if(!(expr)) { \ | | ------------------ | | | Branch (79:12): [True: 40, False: 0] | | | Branch (79:12): [True: 40, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 40| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 40] | | ------------------ ------------------ 140| | 141| 160| for(size_t i = 0; i != len_bytes; ++i) { ------------------ | Branch (141:22): [True: 120, False: 40] ------------------ 142| 120| out[len_bytes - 1 - i] = get_byte_var(sizeof(uint64_t) - 1 - i, len); 143| 120| } 144| | 145| 40| if(len_bytes < 8 && (len >> (len_bytes * 8)) > 0) { ------------------ | Branch (145:7): [True: 40, False: 0] | Branch (145:24): [True: 0, False: 40] ------------------ 146| 0| throw Encoding_Error("CCM message length too long to encode in L field"); 147| 0| } 148| 40|} _ZN5Botan8CCM_Mode3incERNSt3__16vectorIhNS_16secure_allocatorIhEEEE: 150| 1.26k|void CCM_Mode::inc(secure_vector& C) { 151| 1.26k| for(size_t i = 0; i != C.size(); ++i) { ------------------ | Branch (151:22): [True: 1.26k, False: 0] ------------------ 152| 1.26k| uint8_t& b = C[C.size() - i - 1]; 153| 1.26k| b += 1; 154| 1.26k| if(b > 0) { ------------------ | Branch (154:10): [True: 1.26k, False: 2] ------------------ 155| 1.26k| break; 156| 1.26k| } 157| 1.26k| } 158| 1.26k|} _ZN5Botan8CCM_Mode9format_b0Em: 160| 40|secure_vector CCM_Mode::format_b0(size_t sz) { 161| 40| if(m_nonce.size() != 15 - L()) { ------------------ | Branch (161:7): [True: 0, False: 40] ------------------ 162| 0| throw Invalid_State("CCM mode must set nonce"); 163| 0| } 164| 40| secure_vector B0(CCM_BS); 165| | 166| 40| const uint8_t b_flags = 167| 40| static_cast((!m_ad_buf.empty() ? 64 : 0) + (((tag_size() / 2) - 1) << 3) + (L() - 1)); ------------------ | Branch (167:29): [True: 40, False: 0] ------------------ 168| | 169| 40| B0[0] = b_flags; 170| 40| copy_mem(&B0[1], m_nonce.data(), m_nonce.size()); 171| 40| encode_length(sz, &B0[m_nonce.size() + 1]); 172| | 173| 40| return B0; 174| 40|} _ZN5Botan8CCM_Mode9format_c0Ev: 176| 40|secure_vector CCM_Mode::format_c0() { 177| 40| if(m_nonce.size() != 15 - L()) { ------------------ | Branch (177:7): [True: 0, False: 40] ------------------ 178| 0| throw Invalid_State("CCM mode must set nonce"); 179| 0| } 180| 40| secure_vector C(CCM_BS); 181| | 182| 40| const uint8_t a_flags = static_cast(L() - 1); 183| | 184| 40| C[0] = a_flags; 185| 40| copy_mem(&C[1], m_nonce.data(), m_nonce.size()); 186| | 187| 40| return C; 188| 40|} _ZN5Botan14CCM_Encryption10finish_msgERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 190| 14|void CCM_Encryption::finish_msg(secure_vector& buffer, size_t offset) { 191| 14| BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range"); ------------------ | | 35| 14| do { \ | | 36| 14| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 14| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 14] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 14| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 14] | | ------------------ ------------------ 192| | 193| 14| buffer.insert(buffer.begin() + offset, msg_buf().begin(), msg_buf().end()); 194| | 195| 14| const size_t sz = buffer.size() - offset; 196| 14| uint8_t* buf = buffer.data() + offset; 197| | 198| 14| const secure_vector& ad = ad_buf(); 199| 14| BOTAN_ARG_CHECK(ad.size() % CCM_BS == 0, "AD is block size multiple"); ------------------ | | 35| 14| do { \ | | 36| 14| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 14| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 14] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 14| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 14] | | ------------------ ------------------ 200| | 201| 14| const BlockCipher& E = cipher(); 202| | 203| 14| secure_vector T(CCM_BS); 204| 14| E.encrypt(format_b0(sz), T); 205| | 206| 28| for(size_t i = 0; i != ad.size(); i += CCM_BS) { ------------------ | Branch (206:22): [True: 14, False: 14] ------------------ 207| 14| xor_buf(T.data(), &ad[i], CCM_BS); 208| 14| E.encrypt(T); 209| 14| } 210| | 211| 14| secure_vector C = format_c0(); 212| 14| secure_vector S0(CCM_BS); 213| 14| E.encrypt(C, S0); 214| 14| inc(C); 215| | 216| 14| secure_vector X(CCM_BS); 217| | 218| 14| const uint8_t* buf_end = &buf[sz]; 219| | 220| 28| while(buf != buf_end) { ------------------ | Branch (220:10): [True: 14, False: 14] ------------------ 221| 14| const size_t to_proc = std::min(CCM_BS, buf_end - buf); 222| | 223| 14| xor_buf(T.data(), buf, to_proc); 224| 14| E.encrypt(T); 225| | 226| 14| E.encrypt(C, X); 227| 14| xor_buf(buf, X.data(), to_proc); 228| 14| inc(C); 229| | 230| 14| buf += to_proc; 231| 14| } 232| | 233| 14| T ^= S0; 234| | 235| 14| buffer += std::make_pair(T.data(), tag_size()); 236| | 237| 14| reset(); 238| 14|} _ZN5Botan14CCM_Decryption10finish_msgERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 240| 26|void CCM_Decryption::finish_msg(secure_vector& buffer, size_t offset) { 241| 26| BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range"); ------------------ | | 35| 26| do { \ | | 36| 26| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 26| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 26] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 26| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 26] | | ------------------ ------------------ 242| | 243| 26| buffer.insert(buffer.begin() + offset, msg_buf().begin(), msg_buf().end()); 244| | 245| 26| const size_t sz = buffer.size() - offset; 246| 26| uint8_t* buf = buffer.data() + offset; 247| | 248| 26| BOTAN_ARG_CHECK(sz >= tag_size(), "input did not include the tag"); ------------------ | | 35| 26| do { \ | | 36| 26| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 26| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 26] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 26| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 26] | | ------------------ ------------------ 249| | 250| 26| const secure_vector& ad = ad_buf(); 251| 26| BOTAN_ARG_CHECK(ad.size() % CCM_BS == 0, "AD is block size multiple"); ------------------ | | 35| 26| do { \ | | 36| 26| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 26| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 26] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 26| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 26] | | ------------------ ------------------ 252| | 253| 26| const BlockCipher& E = cipher(); 254| | 255| 26| secure_vector T(CCM_BS); 256| 26| E.encrypt(format_b0(sz - tag_size()), T); 257| | 258| 52| for(size_t i = 0; i != ad.size(); i += CCM_BS) { ------------------ | Branch (258:22): [True: 26, False: 26] ------------------ 259| 26| xor_buf(T.data(), &ad[i], CCM_BS); 260| 26| E.encrypt(T); 261| 26| } 262| | 263| 26| secure_vector C = format_c0(); 264| | 265| 26| secure_vector S0(CCM_BS); 266| 26| E.encrypt(C, S0); 267| 26| inc(C); 268| | 269| 26| secure_vector X(CCM_BS); 270| | 271| 26| const uint8_t* buf_end = &buf[sz - tag_size()]; 272| | 273| 1.23k| while(buf != buf_end) { ------------------ | Branch (273:10): [True: 1.21k, False: 26] ------------------ 274| 1.21k| const size_t to_proc = std::min(CCM_BS, buf_end - buf); 275| | 276| 1.21k| E.encrypt(C, X); 277| 1.21k| xor_buf(buf, X.data(), to_proc); 278| 1.21k| inc(C); 279| | 280| 1.21k| xor_buf(T.data(), buf, to_proc); 281| 1.21k| E.encrypt(T); 282| | 283| 1.21k| buf += to_proc; 284| 1.21k| } 285| | 286| 26| T ^= S0; 287| | 288| 26| if(!CT::is_equal(T.data(), buf_end, tag_size()).as_bool()) { ------------------ | Branch (288:7): [True: 26, False: 0] ------------------ 289| 26| clear_mem(std::span{buffer}.subspan(offset, sz - tag_size())); 290| 26| throw Invalid_Authentication_Tag("CCM tag check failed"); 291| 26| } 292| | 293| 0| buffer.resize(buffer.size() - tag_size()); 294| | 295| 0| reset(); 296| 0|} _ZN5Botan8GCM_ModeC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEm: 26| 93| m_tag_size(tag_size), m_cipher_name(cipher->name()) { 27| 93| if(cipher->block_size() != GCM_BS) { ------------------ | Branch (27:7): [True: 0, False: 93] ------------------ 28| 0| throw Invalid_Argument("Invalid block cipher for GCM"); 29| 0| } 30| | 31| | /* We allow any of the values 128, 120, 112, 104, or 96 bits as a tag size */ 32| | /* 64 bit tag is still supported but deprecated and will be removed in the future */ 33| 93| if(m_tag_size != 8 && (m_tag_size < 12 || m_tag_size > 16)) { ------------------ | Branch (33:7): [True: 93, False: 0] | Branch (33:27): [True: 0, False: 93] | Branch (33:46): [True: 0, False: 93] ------------------ 34| 0| throw Invalid_Argument(fmt("{} cannot use a tag of {} bytes", name(), m_tag_size)); 35| 0| } 36| | 37| 93| m_ctr = std::make_unique(std::move(cipher), 4); 38| 93| m_ghash = std::make_unique(); 39| 93|} _ZN5Botan8GCM_ModeD2Ev: 41| 93|GCM_Mode::~GCM_Mode() = default; _ZN5Botan8GCM_Mode5resetEv: 49| 93|void GCM_Mode::reset() { 50| 93| m_ghash->reset_state(); 51| 93| m_in_msg = false; 52| 93|} _ZNK5Botan8GCM_Mode18valid_nonce_lengthEm: 70| 89|bool GCM_Mode::valid_nonce_length(size_t len) const { 71| | // GCM does not support empty nonces 72| 89| return (len > 0); 73| 89|} _ZNK5Botan8GCM_Mode8key_specEv: 75| 93|Key_Length_Specification GCM_Mode::key_spec() const { 76| 93| return m_ctr->key_spec(); 77| 93|} _ZN5Botan8GCM_Mode12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 83| 93|void GCM_Mode::key_schedule(std::span key) { 84| 93| reset(); 85| 93| m_ctr->set_key(key); 86| | 87| 93| std::array zeros{}; 88| 93| m_ctr->set_iv(zeros); 89| | 90| 93| uint8_t H[GCM_BS] = {0}; 91| 93| m_ctr->encipher(H); 92| 93| m_ghash->set_key(H); 93| 93|} _ZN5Botan8GCM_Mode21set_associated_data_nEmNSt3__14spanIKhLm18446744073709551615EEE: 95| 89|void GCM_Mode::set_associated_data_n(size_t idx, std::span ad) { 96| 89| BOTAN_ARG_CHECK(idx == 0, "GCM: cannot handle non-zero index in set_associated_data_n"); ------------------ | | 35| 89| do { \ | | 36| 89| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 89| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 89] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 89| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 89] | | ------------------ ------------------ 97| 89| m_ghash->set_associated_data(ad); 98| 89|} _ZN5Botan8GCM_Mode9start_msgEPKhm: 100| 89|void GCM_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) { 101| 89| BOTAN_STATE_CHECK(!m_in_msg); ------------------ | | 51| 89| do { \ | | 52| 89| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 89| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 89] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 89| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 89] | | ------------------ ------------------ 102| | 103| 89| if(!valid_nonce_length(nonce_len)) { ------------------ | Branch (103:7): [True: 0, False: 89] ------------------ 104| 0| throw Invalid_IV_Length(name(), nonce_len); 105| 0| } 106| | 107| 89| std::array y0 = {}; 108| | 109| 89| if(nonce_len == 12) { ------------------ | Branch (109:7): [True: 89, False: 0] ------------------ 110| 89| copy_mem(y0.data(), nonce, nonce_len); 111| 89| y0[15] = 1; 112| 89| } else { 113| 0| m_ghash->nonce_hash(std::span(y0), {nonce, nonce_len}); 114| 0| } 115| | 116| 89| m_ctr->set_iv(y0.data(), y0.size()); 117| | 118| 89| clear_mem(y0.data(), y0.size()); 119| 89| m_ctr->encipher(y0); 120| | 121| 89| m_ghash->start(y0); 122| 89| secure_scrub_memory(y0); 123| 89| m_in_msg = true; 124| 89|} _ZN5Botan14GCM_Encryption10finish_msgERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 134| 30|void GCM_Encryption::finish_msg(secure_vector& buffer, size_t offset) { 135| 30| BOTAN_STATE_CHECK(m_in_msg); ------------------ | | 51| 30| do { \ | | 52| 30| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 30| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 30] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 30| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 30] | | ------------------ ------------------ 136| 30| BOTAN_ARG_CHECK(offset <= buffer.size(), "Invalid offset"); ------------------ | | 35| 30| do { \ | | 36| 30| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 30| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 30] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 30| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 30] | | ------------------ ------------------ 137| 30| const size_t sz = buffer.size() - offset; 138| 30| uint8_t* buf = buffer.data() + offset; 139| | 140| 30| m_ctr->cipher(buf, buf, sz); 141| 30| m_ghash->update({buf, sz}); 142| | 143| 30| std::array mac = {0}; 144| 30| m_ghash->final(std::span(mac).first(tag_size())); 145| 30| buffer += std::make_pair(mac.data(), tag_size()); 146| 30| m_in_msg = false; 147| 30|} _ZN5Botan14GCM_Decryption10finish_msgERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 157| 59|void GCM_Decryption::finish_msg(secure_vector& buffer, size_t offset) { 158| 59| BOTAN_STATE_CHECK(m_in_msg); ------------------ | | 51| 59| do { \ | | 52| 59| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 59| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 59] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 59| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 59] | | ------------------ ------------------ 159| 59| BOTAN_ARG_CHECK(offset <= buffer.size(), "Invalid offset"); ------------------ | | 35| 59| do { \ | | 36| 59| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 59| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 59] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 59| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 59] | | ------------------ ------------------ 160| 59| const size_t sz = buffer.size() - offset; 161| 59| uint8_t* buf = buffer.data() + offset; 162| | 163| 59| BOTAN_ARG_CHECK(sz >= tag_size(), "input did not include the tag"); ------------------ | | 35| 59| do { \ | | 36| 59| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 59| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 59] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 59| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 59] | | ------------------ ------------------ 164| | 165| 59| const size_t remaining = sz - tag_size(); 166| | 167| | // handle any final input before the tag 168| 59| if(remaining > 0) { ------------------ | Branch (168:7): [True: 58, False: 1] ------------------ 169| 58| m_ghash->update({buf, remaining}); 170| 58| m_ctr->cipher(buf, buf, remaining); 171| 58| } 172| | 173| 59| std::array mac = {0}; 174| 59| m_ghash->final(std::span(mac).first(tag_size())); 175| | 176| 59| const uint8_t* included_tag = &buffer[remaining + offset]; 177| | 178| 59| m_in_msg = false; 179| | 180| 59| if(!CT::is_equal(mac.data(), included_tag, tag_size()).as_bool()) { ------------------ | Branch (180:7): [True: 59, False: 0] ------------------ 181| 59| clear_mem(std::span{buffer}.subspan(offset, remaining)); 182| 59| throw Invalid_Authentication_Tag("GCM tag check failed"); 183| 59| } 184| | 185| 0| buffer.resize(offset + remaining); 186| 0|} _ZN5Botan8OCB_ModeC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEm: 165| 77| m_cipher(std::move(cipher)), 166| 77| m_checksum(m_cipher->parallel_bytes()), 167| 77| m_ad_hash(m_cipher->block_size()), 168| 77| m_tag_size(tag_size), 169| 77| m_block_size(m_cipher->block_size()), 170| 77| m_par_blocks(m_cipher->parallel_bytes() / m_block_size) { 171| 77| const size_t BS = block_size(); 172| | 173| | /* 174| | * draft-krovetz-ocb-wide-d1 specifies OCB for several other block 175| | * sizes but only 128, 192, 256 and 512 bit are currently supported 176| | * by this implementation. 177| | */ 178| 77| BOTAN_ARG_CHECK(BS == 16 || BS == 24 || BS == 32 || BS == 64, "Invalid block size for OCB"); ------------------ | | 35| 77| do { \ | | 36| 77| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 231| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 77, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | | Branch (37:12): [True: 0, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 77| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 77] | | ------------------ ------------------ 179| | 180| 77| BOTAN_ARG_CHECK(m_tag_size % 4 == 0 && m_tag_size >= 8 && m_tag_size <= BS && m_tag_size <= 32, ------------------ | | 35| 77| do { \ | | 36| 77| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 462| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 77, False: 0] | | | Branch (37:12): [True: 77, False: 0] | | | Branch (37:12): [True: 77, False: 0] | | | Branch (37:12): [True: 77, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 77| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 77] | | ------------------ ------------------ 181| 77| "Invalid OCB tag length"); 182| 77|} _ZN5Botan8OCB_ModeD2Ev: 184| 77|OCB_Mode::~OCB_Mode() = default; _ZN5Botan8OCB_Mode5resetEv: 193| 164|void OCB_Mode::reset() { 194| 164| m_block_index = 0; 195| 164| zeroise(m_checksum); 196| 164| m_last_nonce.clear(); 197| 164| m_stretch.clear(); 198| 164| zeroise(m_nonce_buf); 199| 164| zeroise(m_offset); 200| 164| if(m_L) { ------------------ | Branch (200:7): [True: 164, False: 0] ------------------ 201| 164| m_L->reset(); 202| 164| } 203| 164|} _ZNK5Botan8OCB_Mode18valid_nonce_lengthEm: 205| 87|bool OCB_Mode::valid_nonce_length(size_t length) const { 206| 87| if(length == 0) { ------------------ | Branch (206:7): [True: 0, False: 87] ------------------ 207| 0| return false; 208| 0| } 209| 87| if(block_size() == 16) { ------------------ | Branch (209:7): [True: 87, False: 0] ------------------ 210| 87| return length < 16; 211| 87| } else { 212| 0| return length < (block_size() - 1); 213| 0| } 214| 87|} _ZNK5Botan8OCB_Mode8key_specEv: 228| 77|Key_Length_Specification OCB_Mode::key_spec() const { 229| 77| return m_cipher->key_spec(); 230| 77|} _ZNK5Botan8OCB_Mode19has_keying_materialEv: 232| 346|bool OCB_Mode::has_keying_material() const { 233| 346| return m_cipher->has_keying_material(); 234| 346|} _ZN5Botan8OCB_Mode12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 236| 77|void OCB_Mode::key_schedule(std::span key) { 237| 77| m_cipher->set_key(key); 238| 77| m_L = std::make_unique(*m_cipher); 239| | 240| | // Drop all key-dependent per-message state: m_last_nonce/m_stretch are 241| | // cached for the update_nonce() fast path and would otherwise allow a 242| | // start_msg() with a same-valued nonce under the new key to silently 243| | // reuse the stretch computed under the previous key. 244| 77| reset(); 245| | 246| | // m_ad_hash was precomputed against the previous L values and cipher 247| | // key. Re-keying invalidates it; AD must be re-set after set_key. 248| 77| zeroise(m_ad_hash); 249| 77|} _ZN5Botan8OCB_Mode21set_associated_data_nEmNSt3__14spanIKhLm18446744073709551615EEE: 251| 87|void OCB_Mode::set_associated_data_n(size_t idx, std::span ad) { 252| 87| BOTAN_ARG_CHECK(idx == 0, "OCB: cannot handle non-zero index in set_associated_data_n"); ------------------ | | 35| 87| do { \ | | 36| 87| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 87| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 87] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 87| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 87] | | ------------------ ------------------ 253| 87| assert_key_material_set(); 254| 87| BOTAN_STATE_CHECK(!m_L->initialized()); ------------------ | | 51| 87| do { \ | | 52| 87| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 87| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 87] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 87| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 87] | | ------------------ ------------------ 255| 87| m_ad_hash = ocb_hash(*m_L, *m_cipher, ad.data(), ad.size()); 256| 87|} _ZN5Botan8OCB_Mode12update_nonceEPKhm: 258| 87|const secure_vector& OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len) { 259| 87| const size_t BS = block_size(); 260| | 261| 87| BOTAN_ASSERT(BS == 16 || BS == 24 || BS == 32 || BS == 64, "OCB block size is supported"); ------------------ | | 64| 87| do { \ | | 65| 87| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 261| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 87, False: 0] | | | Branch (66:12): [True: 0, False: 0] | | | Branch (66:12): [True: 0, False: 0] | | | Branch (66:12): [True: 0, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 87| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 87] | | ------------------ ------------------ 262| | 263| | // NOLINTNEXTLINE(readability-avoid-nested-conditional-operator) 264| 87| const size_t MASKLEN = (BS == 16 ? 6 : ((BS == 24) ? 7 : 8)); ------------------ | Branch (264:28): [True: 87, False: 0] | Branch (264:44): [True: 0, False: 0] ------------------ 265| | 266| 87| const uint8_t BOTTOM_MASK = static_cast((static_cast(1) << MASKLEN) - 1); 267| | 268| 87| m_nonce_buf.resize(BS); 269| 87| clear_mem(m_nonce_buf.data(), m_nonce_buf.size()); 270| | 271| 87| copy_mem(&m_nonce_buf[BS - nonce_len], nonce, nonce_len); 272| 87| m_nonce_buf[0] = static_cast(((tag_size() * 8) % (BS * 8)) << (BS <= 16 ? 1 : 0)); ------------------ | Branch (272:76): [True: 87, False: 0] ------------------ 273| | 274| 87| m_nonce_buf[BS - nonce_len - 1] ^= 1; 275| | 276| 87| const uint8_t bottom = m_nonce_buf[BS - 1] & BOTTOM_MASK; 277| 87| m_nonce_buf[BS - 1] &= ~BOTTOM_MASK; 278| | 279| 87| const bool need_new_stretch = (m_last_nonce != m_nonce_buf); 280| | 281| 87| if(need_new_stretch) { ------------------ | Branch (281:7): [True: 87, False: 0] ------------------ 282| 87| m_last_nonce = m_nonce_buf; 283| | 284| 87| m_cipher->encrypt(m_nonce_buf); 285| | 286| | /* 287| | The loop bounds (BS vs BS/2) are derived from the relation 288| | between the block size and the MASKLEN. Using the terminology 289| | of draft-krovetz-ocb-wide, we have to derive enough bits in 290| | ShiftedKtop to read up to BLOCKLEN+bottom bits from Stretch. 291| | 292| | +----------+---------+-------+---------+ 293| | | BLOCKLEN | RESIDUE | SHIFT | MASKLEN | 294| | +----------+---------+-------+---------+ 295| | | 32 | 141 | 17 | 4 | 296| | | 64 | 27 | 25 | 5 | 297| | | 96 | 1601 | 33 | 6 | 298| | | 128 | 135 | 8 | 6 | 299| | | 192 | 135 | 40 | 7 | 300| | | 256 | 1061 | 1 | 8 | 301| | | 384 | 4109 | 80 | 8 | 302| | | 512 | 293 | 176 | 8 | 303| | | 1024 | 524355 | 352 | 9 | 304| | +----------+---------+-------+---------+ 305| | */ 306| 87| if(BS == 16) { ------------------ | Branch (306:10): [True: 87, False: 0] ------------------ 307| 783| for(size_t i = 0; i != BS / 2; ++i) { ------------------ | Branch (307:28): [True: 696, False: 87] ------------------ 308| 696| m_nonce_buf.push_back(m_nonce_buf[i] ^ m_nonce_buf[i + 1]); 309| 696| } 310| 87| } else if(BS == 24) { ------------------ | Branch (310:17): [True: 0, False: 0] ------------------ 311| 0| for(size_t i = 0; i != 16; ++i) { ------------------ | Branch (311:28): [True: 0, False: 0] ------------------ 312| 0| m_nonce_buf.push_back(m_nonce_buf[i] ^ m_nonce_buf[i + 5]); 313| 0| } 314| 0| } else if(BS == 32) { ------------------ | Branch (314:17): [True: 0, False: 0] ------------------ 315| 0| for(size_t i = 0; i != BS; ++i) { ------------------ | Branch (315:28): [True: 0, False: 0] ------------------ 316| 0| m_nonce_buf.push_back(m_nonce_buf[i] ^ (m_nonce_buf[i] << 1) ^ (m_nonce_buf[i + 1] >> 7)); 317| 0| } 318| 0| } else if(BS == 64) { ------------------ | Branch (318:17): [True: 0, False: 0] ------------------ 319| 0| for(size_t i = 0; i != BS / 2; ++i) { ------------------ | Branch (319:28): [True: 0, False: 0] ------------------ 320| 0| m_nonce_buf.push_back(m_nonce_buf[i] ^ m_nonce_buf[i + 22]); 321| 0| } 322| 0| } 323| | 324| 87| m_stretch = m_nonce_buf; 325| 87| } 326| | 327| | // now set the offset from stretch and bottom 328| 87| const size_t shift_bytes = bottom / 8; 329| 87| const size_t shift_bits = bottom % 8; 330| | 331| 87| BOTAN_ASSERT(m_stretch.size() >= BS + shift_bytes + 1, "Size ok"); ------------------ | | 64| 87| do { \ | | 65| 87| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 87| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 87] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 87| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 87] | | ------------------ ------------------ 332| | 333| 87| m_offset.resize(BS); 334| 1.47k| for(size_t i = 0; i != BS; ++i) { ------------------ | Branch (334:22): [True: 1.39k, False: 87] ------------------ 335| 1.39k| m_offset[i] = (m_stretch[i + shift_bytes] << shift_bits); 336| 1.39k| m_offset[i] |= (m_stretch[i + shift_bytes + 1] >> (8 - shift_bits)); 337| 1.39k| } 338| | 339| 87| return m_offset; 340| 87|} _ZN5Botan8OCB_Mode9start_msgEPKhm: 342| 87|void OCB_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) { 343| 87| if(!valid_nonce_length(nonce_len)) { ------------------ | Branch (343:7): [True: 0, False: 87] ------------------ 344| 0| throw Invalid_IV_Length(name(), nonce_len); 345| 0| } 346| | 347| 87| assert_key_material_set(); 348| 87| BOTAN_STATE_CHECK(!m_L->initialized()); ------------------ | | 51| 87| do { \ | | 52| 87| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 87| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 87] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 87| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 87] | | ------------------ ------------------ 349| | 350| 87| m_L->init(update_nonce(nonce, nonce_len)); 351| 87| zeroise(m_checksum); 352| 87| m_block_index = 0; 353| 87|} _ZN5Botan14OCB_Encryption7encryptEPhm: 355| 42|void OCB_Encryption::encrypt(uint8_t buffer[], size_t blocks) { 356| 42| assert_key_material_set(); 357| 42| BOTAN_STATE_CHECK(m_L->initialized()); ------------------ | | 51| 42| do { \ | | 52| 42| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 42| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 42] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 42| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 42] | | ------------------ ------------------ 358| | 359| 42| const size_t BS = block_size(); 360| | 361| 64| while(blocks > 0) { ------------------ | Branch (361:10): [True: 22, False: 42] ------------------ 362| 22| const size_t proc_blocks = std::min(blocks, par_blocks()); 363| 22| const size_t proc_bytes = proc_blocks * BS; 364| | 365| 22| const uint8_t* offsets = m_L->compute_offsets(m_block_index, proc_blocks); 366| | 367| 22| xor_buf(m_checksum.data(), buffer, proc_bytes); 368| | 369| 22| xor_buf(buffer, offsets, proc_bytes); 370| 22| m_cipher->encrypt_n(buffer, buffer, proc_blocks); 371| 22| xor_buf(buffer, offsets, proc_bytes); 372| | 373| 22| buffer += proc_bytes; 374| 22| blocks -= proc_blocks; 375| 22| m_block_index += proc_blocks; 376| 22| } 377| 42|} _ZN5Botan14OCB_Encryption10finish_msgERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 385| 42|void OCB_Encryption::finish_msg(secure_vector& buffer, size_t offset) { 386| 42| assert_key_material_set(); 387| 42| BOTAN_STATE_CHECK(m_L->initialized()); ------------------ | | 51| 42| do { \ | | 52| 42| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 42| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 42] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 42| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 42] | | ------------------ ------------------ 388| | 389| 42| const size_t BS = block_size(); 390| | 391| 42| BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range"); ------------------ | | 35| 42| do { \ | | 36| 42| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 42| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 42] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 42| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 42] | | ------------------ ------------------ 392| 42| const size_t sz = buffer.size() - offset; 393| 42| uint8_t* buf = buffer.data() + offset; 394| | 395| 42| secure_vector mac(BS); 396| | 397| 42| if(sz > 0) { ------------------ | Branch (397:7): [True: 42, False: 0] ------------------ 398| 42| const size_t final_full_blocks = sz / BS; 399| 42| const size_t remainder_bytes = sz - (final_full_blocks * BS); 400| | 401| 42| encrypt(buf, final_full_blocks); 402| 42| mac = m_L->offset(); 403| | 404| 42| if(remainder_bytes > 0) { ------------------ | Branch (404:10): [True: 20, False: 22] ------------------ 405| 20| BOTAN_ASSERT(remainder_bytes < BS, "Only a partial block left"); ------------------ | | 64| 20| do { \ | | 65| 20| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 20| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 20] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 20| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 20] | | ------------------ ------------------ 406| 20| uint8_t* remainder = &buf[sz - remainder_bytes]; 407| | 408| 20| xor_buf(m_checksum.data(), remainder, remainder_bytes); 409| 20| m_checksum[remainder_bytes] ^= 0x80; 410| | 411| | // Offset_* 412| 20| mac ^= m_L->star(); 413| | 414| 20| secure_vector pad(BS); 415| 20| m_cipher->encrypt(mac, pad); 416| 20| xor_buf(remainder, pad.data(), remainder_bytes); 417| 20| } 418| 42| } else { 419| 0| mac = m_L->offset(); 420| 0| } 421| | 422| | // now compute the tag 423| | 424| | // fold checksum 425| 714| for(size_t i = 0; i != m_checksum.size(); i += BS) { ------------------ | Branch (425:22): [True: 672, False: 42] ------------------ 426| 672| xor_buf(mac.data(), m_checksum.data() + i, BS); 427| 672| } 428| | 429| 42| xor_buf(mac.data(), m_L->dollar().data(), BS); 430| 42| m_cipher->encrypt(mac); 431| 42| xor_buf(mac.data(), m_ad_hash.data(), BS); 432| | 433| 42| buffer += std::make_pair(mac.data(), tag_size()); 434| | 435| 42| reset(); 436| 42|} _ZN5Botan14OCB_Decryption7decryptEPhm: 438| 43|void OCB_Decryption::decrypt(uint8_t buffer[], size_t blocks) { 439| 43| assert_key_material_set(); 440| 43| BOTAN_STATE_CHECK(m_L->initialized()); ------------------ | | 51| 43| do { \ | | 52| 43| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 43| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 43] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 43| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 43] | | ------------------ ------------------ 441| | 442| 43| const size_t BS = block_size(); 443| | 444| 244| while(blocks > 0) { ------------------ | Branch (444:10): [True: 201, False: 43] ------------------ 445| 201| const size_t proc_blocks = std::min(blocks, par_blocks()); 446| 201| const size_t proc_bytes = proc_blocks * BS; 447| | 448| 201| const uint8_t* offsets = m_L->compute_offsets(m_block_index, proc_blocks); 449| | 450| 201| xor_buf(buffer, offsets, proc_bytes); 451| 201| m_cipher->decrypt_n(buffer, buffer, proc_blocks); 452| 201| xor_buf(buffer, offsets, proc_bytes); 453| | 454| 201| xor_buf(m_checksum.data(), buffer, proc_bytes); 455| | 456| 201| buffer += proc_bytes; 457| 201| blocks -= proc_blocks; 458| 201| m_block_index += proc_blocks; 459| 201| } 460| 43|} _ZN5Botan14OCB_Decryption10finish_msgERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 468| 45|void OCB_Decryption::finish_msg(secure_vector& buffer, size_t offset) { 469| 45| assert_key_material_set(); 470| 45| BOTAN_STATE_CHECK(m_L->initialized()); ------------------ | | 51| 45| do { \ | | 52| 45| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 45| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 45] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 45| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 45] | | ------------------ ------------------ 471| | 472| 45| const size_t BS = block_size(); 473| | 474| 45| BOTAN_ARG_CHECK(buffer.size() >= offset, "Offset is out of range"); ------------------ | | 35| 45| do { \ | | 36| 45| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 45| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 45] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 45| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 45] | | ------------------ ------------------ 475| 45| const size_t sz = buffer.size() - offset; 476| 45| uint8_t* buf = buffer.data() + offset; 477| | 478| 45| BOTAN_ARG_CHECK(sz >= tag_size(), "input did not include the tag"); ------------------ | | 35| 45| do { \ | | 36| 45| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 45| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 45] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 45| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 45] | | ------------------ ------------------ 479| | 480| 45| const size_t remaining = sz - tag_size(); 481| | 482| 45| secure_vector mac(BS); 483| | 484| 45| if(remaining > 0) { ------------------ | Branch (484:7): [True: 43, False: 2] ------------------ 485| 43| const size_t final_full_blocks = remaining / BS; 486| 43| const size_t final_bytes = remaining - (final_full_blocks * BS); 487| | 488| 43| decrypt(buf, final_full_blocks); 489| 43| mac ^= m_L->offset(); 490| | 491| 43| if(final_bytes > 0) { ------------------ | Branch (491:10): [True: 39, False: 4] ------------------ 492| 39| BOTAN_ASSERT(final_bytes < BS, "Only a partial block left"); ------------------ | | 64| 39| do { \ | | 65| 39| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 39| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 39] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 39| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 39] | | ------------------ ------------------ 493| | 494| 39| uint8_t* remainder = &buf[remaining - final_bytes]; 495| | 496| 39| mac ^= m_L->star(); 497| 39| secure_vector pad(BS); 498| 39| m_cipher->encrypt(mac, pad); // P_* 499| 39| xor_buf(remainder, pad.data(), final_bytes); 500| | 501| 39| xor_buf(m_checksum.data(), remainder, final_bytes); 502| 39| m_checksum[final_bytes] ^= 0x80; 503| 39| } 504| 43| } else { 505| 2| mac = m_L->offset(); 506| 2| } 507| | 508| | // compute the mac 509| | 510| | // fold checksum 511| 765| for(size_t i = 0; i != m_checksum.size(); i += BS) { ------------------ | Branch (511:22): [True: 720, False: 45] ------------------ 512| 720| xor_buf(mac.data(), m_checksum.data() + i, BS); 513| 720| } 514| | 515| 45| mac ^= m_L->dollar(); 516| 45| m_cipher->encrypt(mac); 517| 45| mac ^= m_ad_hash; 518| | 519| 45| reset(); 520| | 521| | // compare mac 522| 45| const uint8_t* included_tag = &buf[remaining]; 523| | 524| 45| if(!CT::is_equal(mac.data(), included_tag, tag_size()).as_bool()) { ------------------ | Branch (524:7): [True: 45, False: 0] ------------------ 525| 45| clear_mem(std::span{buffer}.subspan(offset, remaining)); 526| 45| throw Invalid_Authentication_Tag("OCB tag check failed"); 527| 45| } 528| | 529| | // remove tag from end of message 530| 0| buffer.resize(remaining + offset); 531| 0|} _ZN5Botan10L_computer5resetEv: 50| 164| void reset() { m_offset.clear(); } _ZNK5Botan10L_computer11initializedEv: 52| 346| bool initialized() const { return !m_offset.empty(); } ocb.cpp:_ZN5Botan12_GLOBAL__N_18ocb_hashERKNS_10L_computerERKNS_11BlockCipherEPKhm: 131| 87|secure_vector ocb_hash(const L_computer& L, const BlockCipher& cipher, const uint8_t ad[], size_t ad_len) { 132| 87| const size_t BS = cipher.block_size(); 133| 87| secure_vector sum(BS); 134| 87| secure_vector offset(BS); 135| | 136| 87| secure_vector buf(BS); 137| | 138| 87| const size_t ad_blocks = (ad_len / BS); 139| 87| const size_t ad_remainder = (ad_len % BS); 140| | 141| 87| for(size_t i = 0; i != ad_blocks; ++i) { ------------------ | Branch (141:22): [True: 0, False: 87] ------------------ 142| | // this loop could run in parallel 143| 0| offset ^= L.get(var_ctz64(i + 1)); 144| 0| buf = offset; 145| 0| xor_buf(buf.data(), &ad[BS * i], BS); 146| 0| cipher.encrypt(buf); 147| 0| sum ^= buf; 148| 0| } 149| | 150| 87| if(ad_remainder > 0) { ------------------ | Branch (150:7): [True: 87, False: 0] ------------------ 151| 87| offset ^= L.star(); 152| 87| buf = offset; 153| 87| xor_buf(buf.data(), &ad[BS * ad_blocks], ad_remainder); 154| 87| buf[ad_remainder] ^= 0x80; 155| 87| cipher.encrypt(buf); 156| 87| sum ^= buf; 157| 87| } 158| | 159| 87| return sum; 160| 87|} _ZNK5Botan10L_computer3getEm: 60| 1.25k| const secure_vector& get(size_t i) const { 61| 1.25k| while(m_L.size() <= i) { ------------------ | Branch (61:16): [True: 4, False: 1.25k] ------------------ 62| 4| m_L.push_back(poly_double(m_L.back())); 63| 4| } 64| | 65| 1.25k| return m_L[i]; 66| 1.25k| } _ZN5Botan10L_computer11poly_doubleERKNSt3__16vectorIhNS_16secure_allocatorIhEEEE: 113| 697| static secure_vector poly_double(const secure_vector& in) { 114| 697| secure_vector out(in.size()); 115| 697| poly_double_n(out.data(), in.data(), out.size()); 116| 697| return out; 117| 697| } _ZN5Botan10L_computer4initERKNSt3__16vectorIhNS_16secure_allocatorIhEEEE: 48| 87| void init(const secure_vector& offset) { m_offset = offset; } _ZN5Botan10L_computer15compute_offsetsEmm: 68| 223| const uint8_t* compute_offsets(uint64_t block_index, size_t blocks) { 69| 223| BOTAN_ASSERT(blocks <= m_max_blocks, "OCB offsets"); ------------------ | | 64| 223| do { \ | | 65| 223| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 223| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 223] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 223| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 223] | | ------------------ ------------------ 70| | 71| 223| uint8_t* offsets = m_offset_buf.data(); 72| | 73| 223| if(block_index % 4 == 0) { ------------------ | Branch (73:13): [True: 223, False: 0] ------------------ 74| 223| const secure_vector& L0 = get(0); 75| 223| const secure_vector& L1 = get(1); 76| | 77| 934| while(blocks >= 4) { ------------------ | Branch (77:19): [True: 711, False: 223] ------------------ 78| | // ntz(4*i+1) == 0 79| | // ntz(4*i+2) == 1 80| | // ntz(4*i+3) == 0 81| 711| block_index += 4; 82| 711| const size_t ntz4 = var_ctz64(block_index); 83| | 84| 711| xor_buf(offsets, m_offset.data(), L0.data(), m_BS); 85| 711| offsets += m_BS; 86| | 87| 711| xor_buf(offsets, offsets - m_BS, L1.data(), m_BS); 88| 711| offsets += m_BS; 89| | 90| 711| xor_buf(m_offset.data(), L1.data(), m_BS); 91| 711| copy_mem(offsets, m_offset.data(), m_BS); 92| 711| offsets += m_BS; 93| | 94| 711| xor_buf(m_offset.data(), get(ntz4).data(), m_BS); 95| 711| copy_mem(offsets, m_offset.data(), m_BS); 96| 711| offsets += m_BS; 97| | 98| 711| blocks -= 4; 99| 711| } 100| 223| } 101| | 102| 317| for(size_t i = 0; i != blocks; ++i) { // could be done in parallel ------------------ | Branch (102:28): [True: 94, False: 223] ------------------ 103| 94| const size_t ntz = var_ctz64(block_index + i + 1); 104| 94| xor_buf(m_offset.data(), get(ntz).data(), m_BS); 105| 94| copy_mem(offsets, m_offset.data(), m_BS); 106| 94| offsets += m_BS; 107| 94| } 108| | 109| 223| return m_offset_buf.data(); 110| 223| } _ZNK5Botan10L_computer6offsetEv: 58| 87| const secure_vector& offset() const { return m_offset; } _ZNK5Botan10L_computer4starEv: 54| 223| const secure_vector& star() const { return m_L_star; } _ZNK5Botan10L_computer6dollarEv: 56| 164| const secure_vector& dollar() const { return m_L_dollar; } _ZN5Botan10L_computerC2ERKNS_11BlockCipherE: 24| 77| m_BS(cipher.block_size()), m_max_blocks(cipher.parallel_bytes() / m_BS) { 25| 77| m_L_star.resize(m_BS); 26| 77| cipher.encrypt(m_L_star); 27| 77| m_L_dollar = poly_double(star()); 28| | 29| | // Preallocate the m_L vector to the maximum expected size to avoid 30| | // re-allocations during runtime. This had caused a use-after-free in 31| | // earlier versions, due to references into this buffer becoming stale 32| | // in `compute_offset()`, after calling `get()` in the hot path. 33| | // 34| | // Note, that the list member won't be pre-allocated, so the expected 35| | // memory overhead is negligible. 36| | // 37| | // See also https://github.com/randombit/botan/issues/3812 38| 77| m_L.reserve(65); 39| 77| m_L.push_back(poly_double(dollar())); 40| | 41| 616| while(m_L.size() < 8) { ------------------ | Branch (41:16): [True: 539, False: 77] ------------------ 42| 539| m_L.push_back(poly_double(m_L.back())); 43| 539| } 44| | 45| 77| m_offset_buf.resize(m_BS * m_max_blocks); 46| 77| } _ZN5Botan8CBC_ModeC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEENS2_INS_28BlockCipherModePaddingMethodENS4_IS7_EEEE: 20| 254| m_cipher(std::move(cipher)), m_padding(std::move(padding)), m_block_size(m_cipher->block_size()) { 21| 254| if(m_padding && !m_padding->valid_blocksize(m_block_size)) { ------------------ | Branch (21:7): [True: 254, False: 0] | Branch (21:20): [True: 0, False: 254] ------------------ 22| 0| throw Invalid_Argument(fmt("Padding {} cannot be used with {} in CBC mode", m_padding->name(), m_cipher->name())); 23| 0| } 24| 254|} _ZNK5Botan8CBC_Mode17ideal_granularityEv: 47| 172|size_t CBC_Mode::ideal_granularity() const { 48| 172| return cipher().parallel_bytes(); 49| 172|} _ZNK5Botan8CBC_Mode8key_specEv: 51| 254|Key_Length_Specification CBC_Mode::key_spec() const { 52| 254| return cipher().key_spec(); 53| 254|} _ZNK5Botan8CBC_Mode18valid_nonce_lengthEm: 59| 246|bool CBC_Mode::valid_nonce_length(size_t n) const { 60| 246| return (n == 0 || n == block_size()); ------------------ | Branch (60:12): [True: 0, False: 246] | Branch (60:22): [True: 246, False: 0] ------------------ 61| 246|} _ZN5Botan8CBC_Mode12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 67| 254|void CBC_Mode::key_schedule(std::span key) { 68| 254| m_cipher->set_key(key); 69| 254| m_state.clear(); 70| 254|} _ZN5Botan8CBC_Mode9start_msgEPKhm: 72| 246|void CBC_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) { 73| 246| if(!valid_nonce_length(nonce_len)) { ------------------ | Branch (73:7): [True: 0, False: 246] ------------------ 74| 0| throw Invalid_IV_Length(name(), nonce_len); 75| 0| } 76| | 77| | /* 78| | * A nonce of zero length means carry the last ciphertext value over 79| | * as the new IV, as unfortunately some protocols require this. If 80| | * this is the first message then we use an IV of all zeros. 81| | */ 82| 246| if(nonce_len > 0) { ------------------ | Branch (82:7): [True: 246, False: 0] ------------------ 83| 246| m_state.assign(nonce, nonce + nonce_len); 84| 246| } else if(m_state.empty()) { ------------------ | Branch (84:14): [True: 0, False: 0] ------------------ 85| 0| m_state.resize(m_cipher->block_size()); 86| 0| } 87| | // else leave the state alone 88| 246|} _ZN5Botan14CBC_Encryption11process_msgEPhm: 98| 147|size_t CBC_Encryption::process_msg(uint8_t buf[], size_t sz) { 99| 147| BOTAN_STATE_CHECK(state().empty() == false); ------------------ | | 51| 147| do { \ | | 52| 147| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 147| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 147] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 147| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 147] | | ------------------ ------------------ 100| 147| const size_t BS = block_size(); 101| | 102| 147| BOTAN_ARG_CHECK(sz % BS == 0, "CBC input is not full blocks"); ------------------ | | 35| 147| do { \ | | 36| 147| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 147| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 147] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 147| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 147] | | ------------------ ------------------ 103| 147| const size_t blocks = sz / BS; 104| | 105| 147| if(blocks > 0) { ------------------ | Branch (105:7): [True: 147, False: 0] ------------------ 106| 147| xor_buf(&buf[0], state_ptr(), BS); 107| 147| cipher().encrypt(&buf[0]); 108| | 109| 491| for(size_t i = 1; i != blocks; ++i) { ------------------ | Branch (109:25): [True: 344, False: 147] ------------------ 110| 344| xor_buf(&buf[BS * i], &buf[BS * (i - 1)], BS); 111| 344| cipher().encrypt(&buf[BS * i]); 112| 344| } 113| | 114| 147| state().assign(&buf[BS * (blocks - 1)], &buf[BS * blocks]); 115| 147| } 116| | 117| 147| return sz; 118| 147|} _ZN5Botan14CBC_Decryption11process_msgEPhm: 198| 99|size_t CBC_Decryption::process_msg(uint8_t buf[], size_t sz) { 199| 99| BOTAN_STATE_CHECK(state().empty() == false); ------------------ | | 51| 99| do { \ | | 52| 99| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 99| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 99] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 99| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 99] | | ------------------ ------------------ 200| | 201| 99| const size_t BS = block_size(); 202| | 203| 99| BOTAN_ARG_CHECK(sz % BS == 0, "Input is not full blocks"); ------------------ | | 35| 99| do { \ | | 36| 99| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 99| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 99] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 99| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 99] | | ------------------ ------------------ 204| 99| size_t blocks = sz / BS; 205| | 206| 503| while(blocks > 0) { ------------------ | Branch (206:10): [True: 404, False: 99] ------------------ 207| 404| const size_t to_proc = std::min(BS * blocks, m_tempbuf.size()); 208| | 209| 404| cipher().decrypt_n(buf, m_tempbuf.data(), to_proc / BS); 210| | 211| 404| xor_buf(m_tempbuf.data(), state_ptr(), BS); 212| 404| xor_buf(&m_tempbuf[BS], buf, to_proc - BS); 213| 404| copy_mem(state_ptr(), buf + (to_proc - BS), BS); 214| | 215| 404| copy_mem(buf, m_tempbuf.data(), to_proc); 216| | 217| 404| buf += to_proc; 218| 404| blocks -= to_proc / BS; 219| 404| } 220| | 221| 99| return sz; 222| 99|} _ZN5Botan9Gf448ElemC2ENSt3__14spanIKhLm56EEE: 356| 24|Gf448Elem::Gf448Elem(std::span x) /* NOLINT(*-member-init) */ { 357| 24| load_le(m_x, x); 358| 24|} _ZN5Botan9Gf448ElemC2Em: 360| 96.8k|Gf448Elem::Gf448Elem(uint64_t least_sig_word) /* NOLINT(*-member-init) */ { 361| 96.8k| clear_mem(m_x); 362| 96.8k| m_x[0] = least_sig_word; 363| 96.8k|} _ZNK5Botan9Gf448Elem8to_bytesENSt3__14spanIhLm56EEE: 365| 12|void Gf448Elem::to_bytes(std::span out) const { 366| 12| store_le(out, to_canonical(m_x)); 367| 12|} _ZNK5Botan9Gf448Elem8to_bytesEv: 369| 12|std::array Gf448Elem::to_bytes() const { 370| 12| std::array bytes{}; 371| 12| to_bytes(bytes); 372| 12| return bytes; 373| 12|} _ZN5Botan9Gf448Elem12ct_cond_swapENS_2CT4MaskImEERS0_: 375| 10.7k|void Gf448Elem::ct_cond_swap(CT::Mask mask, Gf448Elem& other) { 376| 86.2k| for(size_t i = 0; i < WORDS_448; ++i) { ------------------ | Branch (376:22): [True: 75.4k, False: 10.7k] ------------------ 377| 75.4k| mask.conditional_swap(m_x[i], other.m_x[i]); 378| 75.4k| } 379| 10.7k|} _ZNK5Botan9Gf448ElemplERKS0_: 385| 21.5k|Gf448Elem Gf448Elem::operator+(const Gf448Elem& other) const { 386| 21.5k| Gf448Elem res(0); 387| 21.5k| gf_add(res.m_x, m_x, other.m_x); 388| 21.5k| return res; 389| 21.5k|} _ZNK5Botan9Gf448ElemmiERKS0_: 391| 21.5k|Gf448Elem Gf448Elem::operator-(const Gf448Elem& other) const { 392| 21.5k| Gf448Elem res(0); 393| 21.5k| gf_sub(res.m_x, m_x, other.m_x); 394| 21.5k| return res; 395| 21.5k|} _ZNK5Botan9Gf448ElemmlERKS0_: 403| 26.8k|Gf448Elem Gf448Elem::operator*(const Gf448Elem& other) const { 404| 26.8k| Gf448Elem res(0); 405| 26.8k| gf_mul(res.m_x, m_x, other.m_x); 406| 26.8k| return res; 407| 26.8k|} _ZNK5Botan9Gf448ElemdvERKS0_: 409| 12|Gf448Elem Gf448Elem::operator/(const Gf448Elem& other) const { 410| 12| Gf448Elem res(0); 411| 12| gf_inv(res.m_x, other.m_x); 412| 12| gf_mul(res.m_x, m_x, res.m_x); 413| 12| return res; 414| 12|} _ZN5Botan7mul_a24ERKNS_9Gf448ElemE: 439| 5.37k|Gf448Elem mul_a24(const Gf448Elem& a) { 440| 5.37k| Gf448Elem res(0); 441| 5.37k| gf_mul_a24(res.words(), a.words()); 442| 5.37k| return res; 443| 5.37k|} _ZN5Botan6squareERKNS_9Gf448ElemE: 445| 21.5k|Gf448Elem square(const Gf448Elem& elem) { 446| 21.5k| Gf448Elem res(0); 447| 21.5k| gf_square(res.words(), elem.words()); 448| 21.5k| return res; 449| 21.5k|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_112to_canonicalENSt3__14spanIKmLm7EEE: 335| 12|std::array to_canonical(std::span in) { 336| 12| const std::array p = {0xffffffffffffffff, 337| 12| 0xffffffffffffffff, 338| 12| 0xffffffffffffffff, 339| 12| 0xfffffffeffffffff, 340| 12| 0xffffffffffffffff, 341| 12| 0xffffffffffffffff, 342| 12| 0xffffffffffffffff}; 343| | 344| 12| std::array in_minus_p; // NOLINT(*-member-init) 345| 12| uint64_t borrow = 0; 346| 96| for(size_t i = 0; i < WORDS_448; ++i) { ------------------ | Branch (346:22): [True: 84, False: 12] ------------------ 347| 84| in_minus_p[i] = word_sub(in[i], p[i], &borrow); 348| 84| } 349| 12| std::array out; // NOLINT(*-member-init) 350| 12| CT::Mask::expand(borrow).select_n(out.data(), in.data(), in_minus_p.data(), WORDS_448); 351| 12| return out; 352| 12|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_16gf_addENSt3__14spanImLm7EEENS2_IKmLm7EEES5_: 155| 21.5k| std::span b) { 156| 21.5k| std::array ws; // NOLINT(*-member-init) 157| | 158| 21.5k| uint64_t carry = 0; 159| 21.5k| ws[0] = word_add(a[0], b[0], &carry); 160| 21.5k| ws[1] = word_add(a[1], b[1], &carry); 161| 21.5k| ws[2] = word_add(a[2], b[2], &carry); 162| 21.5k| ws[3] = word_add(a[3], b[3], &carry); 163| 21.5k| ws[4] = word_add(a[4], b[4], &carry); 164| 21.5k| ws[5] = word_add(a[5], b[5], &carry); 165| 21.5k| ws[6] = word_add(a[6], b[6], &carry); 166| 21.5k| ws[7] = carry; 167| | 168| 21.5k| reduce_after_add(out, ws); 169| 21.5k|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_116reduce_after_addENSt3__14spanImLm7EEENS2_IKmLm8EEE: 27| 80.7k|void reduce_after_add(std::span h_3, std::span h_1) { 28| 80.7k| std::array h_2; /* NOLINT(*-member-init) */ 29| 80.7k| uint64_t carry = 0; 30| | 31| 80.7k| constexpr uint64_t zero = 0; 32| | 33| | // Line 27+ (of the paper's algorithm 1) 34| 80.7k| h_2[0] = word_add(h_1[0], h_1[7], &carry); 35| 80.7k| h_2[1] = word_add(h_1[1], zero, &carry); 36| 80.7k| h_2[2] = word_add(h_1[2], zero, &carry); 37| | 38| | // Line 30 39| 80.7k| h_2[3] = word_add(h_1[3], h_1[7] << 32, &carry); 40| | 41| | // Line 31+ 42| 80.7k| h_2[4] = word_add(h_1[4], zero, &carry); 43| 80.7k| h_2[5] = word_add(h_1[5], zero, &carry); 44| 80.7k| h_2[6] = word_add(h_1[6], zero, &carry); 45| | 46| 80.7k| h_2[7] = carry; 47| | 48| 80.7k| carry = 0; 49| 80.7k| h_3[0] = word_add(h_2[0], h_2[7], &carry); 50| 80.7k| h_3[1] = word_add(h_2[1], zero, &carry); 51| 80.7k| h_3[2] = word_add(h_2[2], zero, &carry); 52| | // Line 37 53| 80.7k| h_3[3] = h_2[3] + (h_2[7] << 32) + carry; 54| | 55| | // Line 38 56| 80.7k| h_3[4] = h_2[4]; 57| 80.7k| h_3[5] = h_2[5]; 58| 80.7k| h_3[6] = h_2[6]; 59| 80.7k|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_16gf_subENSt3__14spanImLm7EEENS2_IKmLm7EEES5_: 178| 21.5k| std::span b) { 179| 21.5k| std::array h_0; // NOLINT(*-member-init) 180| 21.5k| std::array h_1; // NOLINT(*-member-init) 181| | 182| 21.5k| uint64_t borrow = 0; 183| 21.5k| h_0[0] = word_sub(a[0], b[0], &borrow); 184| 21.5k| h_0[1] = word_sub(a[1], b[1], &borrow); 185| 21.5k| h_0[2] = word_sub(a[2], b[2], &borrow); 186| 21.5k| h_0[3] = word_sub(a[3], b[3], &borrow); 187| 21.5k| h_0[4] = word_sub(a[4], b[4], &borrow); 188| 21.5k| h_0[5] = word_sub(a[5], b[5], &borrow); 189| 21.5k| h_0[6] = word_sub(a[6], b[6], &borrow); 190| 21.5k| uint64_t delta = borrow; 191| 21.5k| uint64_t delta_p = delta << 32; 192| 21.5k| borrow = 0; 193| | 194| 21.5k| constexpr uint64_t zero = 0; 195| | 196| 21.5k| h_1[0] = word_sub(h_0[0], delta, &borrow); 197| 21.5k| h_1[1] = word_sub(h_0[1], zero, &borrow); 198| 21.5k| h_1[2] = word_sub(h_0[2], zero, &borrow); 199| 21.5k| h_1[3] = word_sub(h_0[3], delta_p, &borrow); 200| 21.5k| h_1[4] = word_sub(h_0[4], zero, &borrow); 201| 21.5k| h_1[5] = word_sub(h_0[5], zero, &borrow); 202| 21.5k| h_1[6] = word_sub(h_0[6], zero, &borrow); 203| | 204| 21.5k| delta = borrow; 205| 21.5k| delta_p = delta << 32; 206| 21.5k| borrow = 0; 207| | 208| 21.5k| out[0] = word_sub(h_1[0], delta, &borrow); 209| 21.5k| out[1] = word_sub(h_1[1], zero, &borrow); 210| 21.5k| out[2] = word_sub(h_1[2], zero, &borrow); 211| 21.5k| out[3] = word_sub(h_1[3], delta_p, &borrow); 212| 21.5k| out[4] = h_1[4]; 213| 21.5k| out[5] = h_1[5]; 214| 21.5k| out[6] = h_1[6]; 215| 21.5k|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_16gf_mulENSt3__14spanImLm7EEENS2_IKmLm7EEES5_: 141| 27.0k| std::span b) { 142| 27.0k| std::array ws; // NOLINT(*-member-init) 143| 27.0k| comba_mul<7>(ws.data(), a.data(), b.data()); 144| 27.0k| reduce_after_mul(out, ws); 145| 27.0k|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_116reduce_after_mulENSt3__14spanImLm7EEENS2_IKmLm14EEE: 66| 53.9k|void reduce_after_mul(std::span out, std::span in) { 67| 53.9k| std::array r; // NOLINT(*-member-init) 68| 53.9k| std::array s; // NOLINT(*-member-init) 69| 53.9k| std::array t_0; // NOLINT(*-member-init) 70| 53.9k| std::array h_1; // NOLINT(*-member-init) 71| | 72| 53.9k| uint64_t carry = 0; 73| | 74| | // Line 4 (of the paper's algorithm 1) 75| 53.9k| r[0] = word_add(in[0], in[7], &carry); 76| | 77| | // Line 5-7 78| 53.9k| r[1] = word_add(in[1], in[1 + 7], &carry); 79| 53.9k| r[2] = word_add(in[2], in[2 + 7], &carry); 80| 53.9k| r[3] = word_add(in[3], in[3 + 7], &carry); 81| 53.9k| r[4] = word_add(in[4], in[4 + 7], &carry); 82| 53.9k| r[5] = word_add(in[5], in[5 + 7], &carry); 83| 53.9k| r[6] = word_add(in[6], in[6 + 7], &carry); 84| 53.9k| r[7] = carry; 85| 53.9k| s[0] = r[0]; 86| 53.9k| s[1] = r[1]; 87| 53.9k| s[2] = r[2]; 88| | // Line 10 89| 53.9k| carry = 0; 90| 53.9k| s[3] = word_add(r[3], in[10] & 0xFFFFFFFF00000000, &carry); 91| | // Line 11-13 92| 53.9k| s[4] = word_add(r[4], in[4 + 7], &carry); 93| 53.9k| s[5] = word_add(r[5], in[5 + 7], &carry); 94| 53.9k| s[6] = word_add(r[6], in[6 + 7], &carry); 95| 53.9k| s[7] = r[7] + carry; 96| | 97| | // Line 15-17 98| 53.9k| t_0[0] = (in[0 + 11] << 32) | (in[0 + 10] >> 32); 99| 53.9k| t_0[1] = (in[1 + 11] << 32) | (in[1 + 10] >> 32); 100| 53.9k| t_0[2] = (in[2 + 11] << 32) | (in[2 + 10] >> 32); 101| | // Line 18 102| 53.9k| t_0[3] = (in[7] << 32) | (in[13] >> 32); 103| | // Line 19-21 104| 53.9k| t_0[4] = (in[4 + 4] << 32) | (in[4 + 3] >> 32); 105| 53.9k| t_0[5] = (in[5 + 4] << 32) | (in[5 + 3] >> 32); 106| 53.9k| t_0[6] = (in[6 + 4] << 32) | (in[6 + 3] >> 32); 107| 53.9k| carry = 0; 108| | // Line 23-25 109| 53.9k| h_1[0] = word_add(s[0], t_0[0], &carry); 110| 53.9k| h_1[1] = word_add(s[1], t_0[1], &carry); 111| 53.9k| h_1[2] = word_add(s[2], t_0[2], &carry); 112| 53.9k| h_1[3] = word_add(s[3], t_0[3], &carry); 113| 53.9k| h_1[4] = word_add(s[4], t_0[4], &carry); 114| 53.9k| h_1[5] = word_add(s[5], t_0[5], &carry); 115| 53.9k| h_1[6] = word_add(s[6], t_0[6], &carry); 116| 53.9k| h_1[7] = s[7] + carry; 117| | 118| 53.9k| reduce_after_add(out, h_1); 119| 53.9k|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_16gf_invENSt3__14spanImLm7EEENS2_IKmLm7EEE: 316| 12|void gf_inv(std::span out, std::span a) { 317| 12| std::array x222; // NOLINT(*-member-init) 318| 12| std::array x223; // NOLINT(*-member-init) 319| 12| gf_pow_2_222m1(x222, x223, a); 320| | 321| | // (x223 << 223 + x222) << 2 + 1 322| 12| std::array t; // NOLINT(*-member-init) 323| 12| gf_sqr_n(t, x223, 223); 324| 12| gf_mul(t, t, x222); 325| 12| gf_sqr_n(t, t, 2); 326| 12| gf_mul(out, t, a); 327| 12|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_110gf_mul_a24ENSt3__14spanImLm7EEENS2_IKmLm7EEE: 124| 5.37k|void gf_mul_a24(std::span out, std::span a) { 125| 5.37k| constexpr uint64_t A24 = 39081; 126| 5.37k| std::array ws; // NOLINT(*-member-init) 127| 5.37k| uint64_t carry = 0; 128| 5.37k| ws[0] = word_madd2(a[0], A24, &carry); 129| 5.37k| ws[1] = word_madd2(a[1], A24, &carry); 130| 5.37k| ws[2] = word_madd2(a[2], A24, &carry); 131| 5.37k| ws[3] = word_madd2(a[3], A24, &carry); 132| 5.37k| ws[4] = word_madd2(a[4], A24, &carry); 133| 5.37k| ws[5] = word_madd2(a[5], A24, &carry); 134| 5.37k| ws[6] = word_madd2(a[6], A24, &carry); 135| 5.37k| ws[7] = carry; 136| 5.37k| reduce_after_add(out, ws); 137| 5.37k|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_19gf_squareENSt3__14spanImLm7EEENS2_IKmLm7EEE: 147| 26.8k|void gf_square(std::span out, std::span a) { 148| 26.8k| std::array ws; // NOLINT(*-member-init) 149| 26.8k| comba_sqr<7>(ws.data(), a.data()); 150| 26.8k| reduce_after_mul(out, ws); 151| 26.8k|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_114gf_pow_2_222m1ENSt3__14spanImLm7EEES3_NS2_IKmLm7EEE: 245| 12| std::span a) { 246| 12| std::array t; // NOLINT(*-member-init) 247| | 248| | // _10 = a^2 249| 12| std::array a2; // NOLINT(*-member-init) 250| 12| gf_square(a2, a); 251| | 252| | // _11 = a^3 253| 12| std::array a3; // NOLINT(*-member-init) 254| 12| gf_mul(a3, a, a2); 255| | 256| | // _111 = a^7 257| 12| std::array a7; // NOLINT(*-member-init) 258| 12| gf_square(t, a3); 259| 12| gf_mul(a7, a, t); 260| | 261| | // _111111 = a^63 262| 12| std::array a63; // NOLINT(*-member-init) 263| 12| gf_sqr_n(t, a7, 3); 264| 12| gf_mul(a63, a7, t); 265| | 266| | // x12 = a^(2^12 - 1) 267| 12| std::array x12; // NOLINT(*-member-init) 268| 12| gf_sqr_n(t, a63, 6); 269| 12| gf_mul(x12, a63, t); 270| | 271| | // x24 = a^(2^24 - 1) 272| 12| std::array x24; // NOLINT(*-member-init) 273| 12| gf_sqr_n(t, x12, 12); 274| 12| gf_mul(x24, x12, t); 275| | 276| | // i34 = x24 << 6 = a^((2^24 - 1) * 2^6) 277| 12| std::array i34; // NOLINT(*-member-init) 278| 12| gf_sqr_n(i34, x24, 6); 279| | 280| | // x30 = a^(2^30 - 1) 281| 12| std::array x30; // NOLINT(*-member-init) 282| 12| gf_mul(x30, a63, i34); 283| | 284| | // x48 = a^(2^48 - 1) 285| 12| std::array x48; // NOLINT(*-member-init) 286| 12| gf_sqr_n(t, i34, 18); 287| 12| gf_mul(x48, x24, t); 288| | 289| | // x96 = a^(2^96 - 1) 290| 12| std::array x96; // NOLINT(*-member-init) 291| 12| gf_sqr_n(t, x48, 48); 292| 12| gf_mul(x96, x48, t); 293| | 294| | // x192 = a^(2^192 - 1) 295| 12| std::array x192; // NOLINT(*-member-init) 296| 12| gf_sqr_n(t, x96, 96); 297| 12| gf_mul(x192, x96, t); 298| | 299| | // x222 = a^(2^222 - 1) 300| 12| gf_sqr_n(t, x192, 30); 301| 12| gf_mul(x222, x30, t); 302| | 303| | // x223 = a^(2^223 - 1) 304| 12| gf_square(t, x222); 305| 12| gf_mul(x223, a, t); 306| 12|} curve448_gf.cpp:_ZN5Botan12_GLOBAL__N_18gf_sqr_nENSt3__14spanImLm7EEENS2_IKmLm7EEEm: 218| 120|void gf_sqr_n(std::span out, std::span a, size_t n) { 219| 120| gf_square(out, a); 220| 5.32k| for(size_t i = 1; i < n; ++i) { ------------------ | Branch (220:22): [True: 5.20k, False: 120] ------------------ 221| 5.20k| gf_square(out, out); 222| 5.20k| } 223| 120|} _ZNK5Botan14X448_PublicKey19raw_public_key_bitsEv: 47| 12|std::vector X448_PublicKey::raw_public_key_bits() const { 48| 12| return {m_public.begin(), m_public.end()}; 49| 12|} _ZN5Botan14X448_PublicKeyC1ENSt3__14spanIKhLm18446744073709551615EEE: 62| 5|X448_PublicKey::X448_PublicKey(std::span pub) { 63| 5| BOTAN_ARG_CHECK(pub.size() == X448_LEN, "Invalid size for X448 public key"); ------------------ | | 35| 5| do { \ | | 36| 5| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 5| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 3, False: 2] | | ------------------ | | 38| 3| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 3| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 3| } \ | | 41| 5| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 5] | | ------------------ ------------------ 64| 5| copy_mem(m_public, pub); 65| 5|} _ZN5Botan15X448_PrivateKeyC1ENSt3__14spanIKhLm18446744073709551615EEE: 70| 10|X448_PrivateKey::X448_PrivateKey(std::span secret_key) { 71| 10| BOTAN_ARG_CHECK(secret_key.size() == X448_LEN, "Invalid size for X448 private key"); ------------------ | | 35| 10| do { \ | | 36| 10| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 10| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 10] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 10| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 10] | | ------------------ ------------------ 72| 10| m_private.assign(secret_key.begin(), secret_key.end()); 73| 10| auto scope = CT::scoped_poison(m_private); 74| 10| x448_basepoint_from_data(m_public, std::span(m_private).first()); 75| 10| CT::unpoison(m_public); 76| 10|} _ZN5Botan15X448_PrivateKeyC1ERNS_21RandomNumberGeneratorE: 78| 10|X448_PrivateKey::X448_PrivateKey(RandomNumberGenerator& rng) : X448_PrivateKey(rng.random_vec(X448_LEN)) {} _ZNK5Botan15X448_PrivateKey23create_key_agreement_opERNS_21RandomNumberGeneratorENSt3__117basic_string_viewIcNS3_11char_traitsIcEEEES7_: 148| 2| std::string_view provider) const { 149| 2| if(provider == "base" || provider.empty()) { ------------------ | Branch (149:7): [True: 0, False: 2] | Branch (149:29): [True: 2, False: 0] ------------------ 150| 2| return std::make_unique(m_private, params); 151| 2| } 152| 0| throw Provider_Not_Found(algo_name(), provider); 153| 2|} x448.cpp:_ZN5Botan12_GLOBAL__N_124x448_basepoint_from_dataENSt3__14spanIhLm56EEENS2_IKhLm56EEE: 22| 10|void x448_basepoint_from_data(std::span mypublic, std::span secret) { 23| 10| auto bp = x448_basepoint(decode_scalar(secret)); 24| 10| auto bp_bytes = encode_point(bp); 25| 10| copy_mem(mypublic, bp_bytes); 26| 10|} x448.cpp:_ZN5Botan12_GLOBAL__N_117X448_KA_OperationC2ENSt3__14spanIKhLm18446744073709551615EEENS2_17basic_string_viewIcNS2_11char_traitsIcEEEE: 104| 2| PK_Ops::Key_Agreement_with_KDF(kdf), m_sk(sk.begin(), sk.end()) { 105| 2| BOTAN_ARG_CHECK(sk.size() == X448_LEN, "Invalid size for X448 private key"); ------------------ | | 35| 2| do { \ | | 36| 2| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 2| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 2] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 2| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 2] | | ------------------ ------------------ 106| 2| } x448.cpp:_ZN5Botan12_GLOBAL__N_117X448_KA_Operation9raw_agreeEPKhm: 110| 2| secure_vector raw_agree(const uint8_t w_data[], size_t w_len) override { 111| 2| auto scope = CT::scoped_poison(m_sk); 112| | 113| 2| const std::span w(w_data, w_len); 114| 2| if(w.size() != X448_LEN) { ------------------ | Branch (114:13): [True: 0, False: 2] ------------------ 115| 0| throw Decoding_Error("Invalid size for X448 public key"); 116| 0| } 117| 2| const auto k = decode_scalar(m_sk); 118| 2| const auto u = decode_point(w); 119| | 120| 2| auto shared_secret = encode_point(x448(k, u)); 121| 2| CT::unpoison(shared_secret); 122| | 123| | // RFC 7748 Section 6.2 124| | // As with X25519, both sides MAY check, without leaking extra 125| | // information about the value of K, whether the resulting shared K 126| | // is the all-zero value and abort if so. 127| | // 128| | // TODO: once the generic Key Agreement operation creation is equipped 129| | // with a more flexible parameterization, this check could be 130| | // made optional. 131| | // For instance: `sk->agree().with_optional_sanity_checks(true)`. 132| | // See also: https://github.com/randombit/botan/pull/4318 133| 2| if(CT::all_zeros(shared_secret.data(), shared_secret.size()).as_bool()) { ------------------ | Branch (133:13): [True: 1, False: 1] ------------------ 134| 1| throw Invalid_Argument("X448 public point appears to be of low order"); 135| 1| } 136| | 137| 1| return shared_secret; 138| 2| } _ZN5Botan12encode_pointERKNS_6StrongINSt3__15arrayIhLm56EEENS_9Point448_EJEEE: 21| 12|secure_vector encode_point(const Point448& p) { 22| 12| return {p.begin(), p.end()}; 23| 12|} _ZN5Botan12decode_pointENSt3__14spanIKhLm18446744073709551615EEE: 25| 2|Point448 decode_point(std::span p_bytes) { 26| 2| BOTAN_ARG_CHECK(p_bytes.size() == X448_LEN, "Invalid size for X448 point"); ------------------ | | 35| 2| do { \ | | 36| 2| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 2| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 2] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 2| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 2] | | ------------------ ------------------ 27| 2| return typecast_copy(p_bytes); 28| 2|} _ZN5Botan13decode_scalarENSt3__14spanIKhLm18446744073709551615EEE: 30| 12|ScalarX448 decode_scalar(std::span scalar_bytes) { 31| 12| BOTAN_ARG_CHECK(scalar_bytes.size() == X448_LEN, "Invalid size for X448 scalar"); ------------------ | | 35| 12| do { \ | | 36| 12| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 12| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 12] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 12| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 12] | | ------------------ ------------------ 32| 12| auto buf = typecast_copy(scalar_bytes); 33| | 34| 12| buf[0] &= 0xfc; 35| 12| buf[55] |= 0x80; 36| | 37| 12| return buf; 38| 12|} _ZN5Botan14x448_basepointERKNS_6StrongINSt3__15arrayIhLm56EEENS_11ScalarX448_EJEEE: 41| 10|Point448 x448_basepoint(const ScalarX448& k) { 42| 10| const Point448 u({5}); 43| 10| return x448(k, u); 44| 10|} _ZN5Botan4x448ERKNS_6StrongINSt3__15arrayIhLm56EEENS_11ScalarX448_EJEEERKNS0_IS3_NS_9Point448_EJEEE: 48| 12|Point448 x448(const ScalarX448& k, const Point448& u) { 49| 12| const Gf448Elem x_1 = Gf448Elem(u.get()); 50| 12| Gf448Elem x_2 = Gf448Elem::one(); 51| 12| Gf448Elem z_2 = Gf448Elem::zero(); 52| 12| Gf448Elem x_3 = Gf448Elem(u.get()); 53| 12| Gf448Elem z_3 = Gf448Elem::one(); 54| 12| auto swap = CT::Mask::cleared(); 55| | 56| 5.38k| for(int16_t t = 448 - 1; t >= 0; --t) { ------------------ | Branch (56:29): [True: 5.37k, False: 12] ------------------ 57| 5.37k| auto k_t = CT::Mask::expand(get_bit(k, t)); 58| 5.37k| swap ^= k_t; 59| | 60| 5.37k| x_2.ct_cond_swap(swap, x_3); 61| 5.37k| z_2.ct_cond_swap(swap, z_3); 62| 5.37k| swap = k_t; 63| | 64| 5.37k| const auto A = x_2 + z_2; 65| 5.37k| const auto AA = square(A); 66| 5.37k| const auto B = x_2 - z_2; 67| 5.37k| const auto BB = square(B); 68| 5.37k| const auto E = AA - BB; 69| 5.37k| const auto C = x_3 + z_3; 70| 5.37k| const auto D = x_3 - z_3; 71| 5.37k| const auto DA = D * A; 72| 5.37k| const auto CB = C * B; 73| 5.37k| x_3 = square(DA + CB); 74| 5.37k| z_3 = x_1 * square(DA - CB); 75| 5.37k| x_2 = AA * BB; 76| 5.37k| z_2 = E * (AA + mul_a24(E)); 77| 5.37k| } 78| | 79| 12| x_2.ct_cond_swap(swap, x_3); 80| 12| z_2.ct_cond_swap(swap, z_3); 81| | 82| 12| const auto res = x_2 / z_2; 83| | 84| 12| return Point448(res.to_bytes()); 85| 12|} x448_internal.cpp:_ZN5Botan12_GLOBAL__N_17get_bitERKNS_6StrongINSt3__15arrayIhLm56EEENS_11ScalarX448_EJEEEm: 16| 5.37k|uint64_t get_bit(const ScalarX448& scalar, size_t bit) { 17| 5.37k| return (scalar[bit / 8] >> (bit % 8)) & 1; 18| 5.37k|} _ZN5Botan14EC_AffinePointC2ENSt3__110unique_ptrINS_19EC_AffinePoint_DataENS1_14default_deleteIS3_EEEE: 16| 4.87k|EC_AffinePoint::EC_AffinePoint(std::unique_ptr point) : m_point(std::move(point)) { 17| 4.87k| BOTAN_ASSERT_NONNULL(m_point); ------------------ | | 116| 4.87k| do { \ | | 117| 4.87k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 4.87k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 4.87k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 4.87k] | | ------------------ ------------------ 18| 4.87k|} _ZN5Botan14EC_AffinePointC2ERKS0_: 20| 3.60k|EC_AffinePoint::EC_AffinePoint(const EC_AffinePoint& other) : m_point(other.inner().clone()) {} _ZN5Botan14EC_AffinePointC2EOS0_: 22| 16.8k|EC_AffinePoint::EC_AffinePoint(EC_AffinePoint&& other) noexcept : m_point(std::move(other.m_point)) {} _ZN5Botan14EC_AffinePointC2ERKNS_8EC_GroupENSt3__14spanIKhLm18446744073709551615EEE: 36| 9.36k|EC_AffinePoint::EC_AffinePoint(const EC_Group& group, std::span bytes) { 37| 9.36k| m_point = group._data()->point_deserialize(bytes); 38| 9.36k| if(!m_point) { ------------------ | Branch (38:7): [True: 518, False: 8.84k] ------------------ 39| 518| throw Decoding_Error("Failed to deserialize elliptic curve point"); 40| 518| } 41| 9.36k|} _ZNK5Botan14EC_AffinePoint15to_legacy_pointEv: 45| 11.9k|EC_Point EC_AffinePoint::to_legacy_point() const { 46| 11.9k| return m_point->to_legacy_point(); 47| 11.9k|} _ZNK5Botan14EC_AffinePoint19field_element_bytesEv: 110| 4.87k|size_t EC_AffinePoint::field_element_bytes() const { 111| 4.87k| return inner().field_element_bytes(); 112| 4.87k|} _ZNK5Botan14EC_AffinePoint11is_identityEv: 114| 18.6k|bool EC_AffinePoint::is_identity() const { 115| 18.6k| return inner().is_identity(); 116| 18.6k|} _ZN5Botan14EC_AffinePointD2Ev: 148| 34.1k|EC_AffinePoint::~EC_AffinePoint() = default; _ZN5Botan14EC_AffinePoint11deserializeERKNS_8EC_GroupENSt3__14spanIKhLm18446744073709551615EEE: 150| 1.79k|std::optional EC_AffinePoint::deserialize(const EC_Group& group, std::span bytes) { 151| 1.79k| if(auto pt = group._data()->point_deserialize(bytes)) { ------------------ | Branch (151:12): [True: 1.79k, False: 0] ------------------ 152| 1.79k| return EC_AffinePoint(std::move(pt)); 153| 1.79k| } else { 154| 0| return {}; 155| 0| } 156| 1.79k|} _ZN5Botan14EC_AffinePoint5g_mulERKNS_9EC_ScalarERNS_21RandomNumberGeneratorE: 158| 3.08k|EC_AffinePoint EC_AffinePoint::g_mul(const EC_Scalar& scalar, RandomNumberGenerator& rng) { 159| 3.08k| auto pt = scalar._inner().group()->point_g_mul(scalar.inner(), rng); 160| 3.08k| return EC_AffinePoint(std::move(pt)); 161| 3.08k|} _ZNK5Botan14EC_AffinePoint10mul_x_onlyERKNS_9EC_ScalarERNS_21RandomNumberGeneratorE: 167| 1.79k|secure_vector EC_AffinePoint::mul_x_only(const EC_Scalar& scalar, RandomNumberGenerator& rng) const { 168| 1.79k| return inner().mul_x_only(scalar._inner(), rng); 169| 1.79k|} _ZNK5Botan14EC_AffinePoint9serializeENS_15EC_Point_FormatE: 194| 4.87k|std::vector EC_AffinePoint::serialize(EC_Point_Format format) const { 195| 4.87k| if(format == EC_Point_Format::Compressed) { ------------------ | Branch (195:7): [True: 59, False: 4.81k] ------------------ 196| 59| return this->serialize_compressed(); 197| 4.81k| } else if(format == EC_Point_Format::Uncompressed) { ------------------ | Branch (197:14): [True: 4.81k, False: 0] ------------------ 198| 4.81k| return this->serialize_uncompressed(); 199| 4.81k| } else { 200| | // The deprecated "hybrid" point encoding 201| | // TODO(Botan4) Remove this 202| 0| auto enc = this->serialize_uncompressed(); 203| 0| const bool y_is_odd = (enc[enc.size() - 1] & 0x01) == 0x01; 204| 0| enc.front() = y_is_odd ? 0x07 : 0x06; ------------------ | Branch (204:21): [True: 0, False: 0] ------------------ 205| 0| return enc; 206| 0| } 207| 4.87k|} _ZNK5Botan14EC_AffinePoint23serialize_compressed_toENSt3__14spanIhLm18446744073709551615EEE: 224| 59|void EC_AffinePoint::serialize_compressed_to(std::span bytes) const { 225| 59| BOTAN_STATE_CHECK(!this->is_identity()); ------------------ | | 51| 59| do { \ | | 52| 59| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 59| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 59] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 59| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 59] | | ------------------ ------------------ 226| 59| m_point->serialize_compressed_to(bytes); 227| 59|} _ZNK5Botan14EC_AffinePoint25serialize_uncompressed_toENSt3__14spanIhLm18446744073709551615EEE: 229| 4.81k|void EC_AffinePoint::serialize_uncompressed_to(std::span bytes) const { 230| 4.81k| BOTAN_STATE_CHECK(!this->is_identity()); ------------------ | | 51| 4.81k| do { \ | | 52| 4.81k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 4.81k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 4.81k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 4.81k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 4.81k] | | ------------------ ------------------ 231| 4.81k| m_point->serialize_uncompressed_to(bytes); 232| 4.81k|} _ZN5Botan8EC_Group13ec_group_dataEv: 231| 12.4k|EC_Group_Data_Map& EC_Group::ec_group_data() { 232| | /* 233| | * This exists purely to ensure the allocator is constructed before g_ec_data, 234| | * which ensures that its destructor runs after ~g_ec_data is complete. 235| | */ 236| | 237| 12.4k| static const Allocator_Initializer g_init_allocator; 238| 12.4k| static EC_Group_Data_Map g_ec_data; 239| 12.4k| return g_ec_data; 240| 12.4k|} _ZN5Botan8EC_Group18load_EC_group_infoEPKcS2_S2_S2_S2_S2_RKNS_3OIDE: 254| 6| const OID& oid) { 255| 6| BOTAN_ARG_CHECK(oid.has_value(), "EC_Group::load_EC_group_info OID must be set"); ------------------ | | 35| 6| do { \ | | 36| 6| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 6| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 6] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 6| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 6] | | ------------------ ------------------ 256| | 257| 6| const BigInt p(p_str); 258| 6| const BigInt a(a_str); 259| 6| const BigInt b(b_str); 260| 6| const BigInt g_x(g_x_str); 261| 6| const BigInt g_y(g_y_str); 262| 6| const BigInt order(order_str); 263| 6| const BigInt cofactor(1); // implicit 264| | 265| 6| return EC_Group_Data::create(p, a, b, g_x, g_y, order, cofactor, oid, EC_Group_Source::Builtin); 266| 6|} _ZN5Botan8EC_Group19DER_decode_EC_groupENSt3__14spanIKhLm18446744073709551615EEENS_15EC_Group_SourceE: 270| 7.04k| EC_Group_Source source) { 271| 7.04k| BER_Decoder dec(der, BER_Decoder::Limits::DER()); 272| | 273| 7.04k| auto next_obj_type = dec.peek_next_object().type_tag(); 274| | 275| 7.04k| if(next_obj_type == ASN1_Type::ObjectId) { ------------------ | Branch (275:7): [True: 7.04k, False: 0] ------------------ 276| 7.04k| OID oid; 277| 7.04k| dec.decode(oid); 278| | 279| 7.04k| auto data = ec_group_data().lookup(oid); 280| 7.04k| if(!data) { ------------------ | Branch (280:10): [True: 0, False: 7.04k] ------------------ 281| 0| throw Decoding_Error(fmt("Unknown namedCurve OID '{}'", oid.to_string())); 282| 0| } 283| | 284| 7.04k| return std::make_pair(data, false); 285| 7.04k| } else if(next_obj_type == ASN1_Type::Sequence) { ------------------ | Branch (285:14): [True: 0, False: 0] ------------------ 286| 0| BigInt p; 287| 0| BigInt a; 288| 0| BigInt b; 289| 0| BigInt order; 290| 0| BigInt cofactor; 291| 0| std::vector base_pt; 292| 0| std::vector seed; 293| | 294| 0| dec.start_sequence() 295| 0| .decode_and_check(1, "Unknown ECC param version code") 296| 0| .start_sequence() 297| 0| .decode_and_check(OID({1, 2, 840, 10045, 1, 1}), "Only prime ECC fields supported") 298| 0| .decode(p) 299| 0| .end_cons() 300| 0| .start_sequence() 301| 0| .decode_octet_string_bigint(a) 302| 0| .decode_octet_string_bigint(b) 303| 0| .decode_optional_string(seed, ASN1_Type::BitString, ASN1_Type::BitString, ASN1_Class::Universal) 304| 0| .end_cons() 305| 0| .decode(base_pt, ASN1_Type::OctetString) 306| 0| .decode(order) 307| 0| .decode(cofactor) 308| 0| .end_cons() 309| 0| .verify_end(); 310| | 311| | // TODO(Botan4) Require cofactor == 1 312| 0| if(cofactor <= 0 || cofactor >= 16) { ------------------ | Branch (312:10): [True: 0, False: 0] | Branch (312:27): [True: 0, False: 0] ------------------ 313| 0| throw Decoding_Error("Invalid ECC cofactor parameter"); 314| 0| } 315| | 316| 0| if(p.bits() < 112 || p.bits() > 521 || p.signum() < 0) { ------------------ | Branch (316:10): [True: 0, False: 0] | Branch (316:28): [True: 0, False: 0] | Branch (316:46): [True: 0, False: 0] ------------------ 317| 0| throw Decoding_Error("ECC p parameter is invalid size"); 318| 0| } 319| | 320| | // A can be zero 321| 0| if(a.signum() < 0 || a >= p) { ------------------ | Branch (321:10): [True: 0, False: 0] | Branch (321:28): [True: 0, False: 0] ------------------ 322| 0| throw Decoding_Error("Invalid ECC a parameter"); 323| 0| } 324| | 325| | // B must be > 0 326| 0| if(b.signum() <= 0 || b >= p) { ------------------ | Branch (326:10): [True: 0, False: 0] | Branch (326:29): [True: 0, False: 0] ------------------ 327| 0| throw Decoding_Error("Invalid ECC b parameter"); 328| 0| } 329| | 330| 0| if(order.signum() <= 0 || order >= 2 * p) { ------------------ | Branch (330:10): [True: 0, False: 0] | Branch (330:10): [True: 0, False: 0] | Branch (330:33): [True: 0, False: 0] ------------------ 331| 0| throw Decoding_Error("Invalid ECC group order"); 332| 0| } 333| | 334| 0| if(auto data = ec_group_data().lookup_from_params(p, a, b, base_pt, order, cofactor)) { ------------------ | Branch (334:15): [True: 0, False: 0] ------------------ 335| 0| return std::make_pair(data, true); 336| 0| } 337| | 338| | /* 339| | TODO(Botan4) the remaining code is used only to handle the case of decoding an EC_Group 340| | which is neither a builtin group nor a group that was registered by the application. 341| | It can all be removed and replaced with a throw 342| | */ 343| | 344| 0| auto mod_p = Barrett_Reduction::for_public_modulus(p); 345| 0| if(!is_bailie_psw_probable_prime(p, mod_p)) { ------------------ | Branch (345:10): [True: 0, False: 0] ------------------ 346| 0| throw Decoding_Error("ECC p parameter is not a prime"); 347| 0| } 348| | 349| 0| auto mod_order = Barrett_Reduction::for_public_modulus(order); 350| 0| if(!is_bailie_psw_probable_prime(order, mod_order)) { ------------------ | Branch (350:10): [True: 0, False: 0] ------------------ 351| 0| throw Decoding_Error("Invalid ECC order parameter"); 352| 0| } 353| | 354| 0| const size_t p_bytes = p.bytes(); 355| 0| if(base_pt.size() != 1 + p_bytes && base_pt.size() != 1 + 2 * p_bytes) { ------------------ | Branch (355:10): [True: 0, False: 0] | Branch (355:43): [True: 0, False: 0] ------------------ 356| 0| throw Decoding_Error("Invalid ECC base point encoding"); 357| 0| } 358| | 359| 0| auto [g_x, g_y] = [&]() { 360| 0| const uint8_t hdr = base_pt[0]; 361| | 362| 0| if(hdr == 0x04 && base_pt.size() == 1 + 2 * p_bytes) { 363| 0| const BigInt x = BigInt::from_bytes(std::span{base_pt}.subspan(1, p_bytes)); 364| 0| const BigInt y = BigInt::from_bytes(std::span{base_pt}.subspan(1 + p_bytes, p_bytes)); 365| | 366| 0| if(x < p && y < p) { 367| 0| return std::make_pair(x, y); 368| 0| } 369| 0| } else if((hdr == 0x02 || hdr == 0x03) && base_pt.size() == 1 + p_bytes) { 370| | // TODO(Botan4) remove this branch; we won't support compressed points 371| 0| const BigInt x = BigInt::from_bytes(std::span{base_pt}.subspan(1, p_bytes)); 372| 0| BigInt y = sqrt_modulo_prime(((x * x + a) * x + b) % p, p); 373| | 374| 0| if(x < p && y >= 0) { 375| 0| const bool y_mod_2 = (hdr & 0x01) == 1; 376| 0| if(y.get_bit(0) != y_mod_2) { 377| 0| y = p - y; 378| 0| } 379| | 380| 0| return std::make_pair(x, y); 381| 0| } 382| 0| } 383| | 384| 0| throw Decoding_Error("Invalid ECC base point encoding"); 385| 0| }(); 386| | 387| | // TODO(Botan4) we can remove this check since we'll only accept pre-registered groups 388| 0| auto y2 = mod_p.square(g_y); 389| 0| auto x3_ax_b = mod_p.reduce(mod_p.cube(g_x) + mod_p.multiply(a, g_x) + b); 390| 0| if(y2 != x3_ax_b) { ------------------ | Branch (390:10): [True: 0, False: 0] ------------------ 391| 0| throw Decoding_Error("Invalid ECC base point"); 392| 0| } 393| | 394| | /* 395| | * Create the group data without registering it in the global map. 396| | * 397| | * Applications that need persistent custom groups should register them 398| | * via the relevant EC_Group constructor 399| | */ 400| 0| auto data = EC_Group_Data::create(p, a, b, g_x, g_y, order, cofactor, OID(), source); 401| 0| return std::make_pair(data, true); 402| 0| } else if(next_obj_type == ASN1_Type::Null) { ------------------ | Branch (402:14): [True: 0, False: 0] ------------------ 403| 0| throw Decoding_Error("Decoding ImplicitCA ECC parameters is not supported"); 404| 0| } else { 405| 0| throw Decoding_Error( 406| 0| fmt("Unexpected tag {} while decoding ECC domain params", asn1_tag_to_string(next_obj_type))); 407| 0| } 408| 7.04k|} _ZN5Botan8EC_GroupD2Ev: 412| 58.3k|EC_Group::~EC_Group() = default; _ZN5Botan8EC_GroupC2ERKS0_: 414| 23.8k|EC_Group::EC_Group(const EC_Group&) = default; _ZN5Botan8EC_GroupC2EONSt3__110shared_ptrINS_13EC_Group_DataEEE: 419| 5.40k|EC_Group::EC_Group(std::shared_ptr&& data) : m_data(std::move(data)) {} _ZN5Botan8EC_Group9from_nameENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 478| 5.40k|EC_Group EC_Group::from_name(std::string_view name) { 479| 5.40k| std::shared_ptr data; 480| | 481| 5.40k| if(auto oid = OID::from_name(name)) { ------------------ | Branch (481:12): [True: 5.40k, False: 0] ------------------ 482| 5.40k| data = ec_group_data().lookup(oid.value()); 483| 5.40k| } 484| | 485| 5.40k| if(!data) { ------------------ | Branch (485:7): [True: 0, False: 5.40k] ------------------ 486| 0| throw Invalid_Argument(fmt("Unknown EC_Group '{}'", name)); 487| 0| } 488| | 489| 5.40k| return EC_Group(std::move(data)); 490| 5.40k|} _ZN5Botan8EC_GroupC2ENSt3__14spanIKhLm18446744073709551615EEE: 636| 7.04k|EC_Group::EC_Group(std::span der) { 637| 7.04k| auto data = DER_decode_EC_group(der, EC_Group_Source::ExternalSource); 638| 7.04k| m_data = data.first; 639| 7.04k| m_explicit_encoding = data.second; 640| 7.04k|} _ZNK5Botan8EC_Group4dataEv: 647| 24.3k|const EC_Group_Data& EC_Group::data() const { 648| 24.3k| if(m_data == nullptr) { ------------------ | Branch (648:7): [True: 0, False: 24.3k] ------------------ 649| 0| throw Invalid_State("EC_Group uninitialized"); 650| 0| } 651| 24.3k| return *m_data; 652| 24.3k|} _ZNK5Botan8EC_Group10get_p_bitsEv: 654| 1.79k|size_t EC_Group::get_p_bits() const { 655| 1.79k| return data().p_bits(); 656| 1.79k|} _ZNK5Botan8EC_Group15get_order_bytesEv: 666| 7.04k|size_t EC_Group::get_order_bytes() const { 667| 7.04k| return data().order_bytes(); 668| 7.04k|} _ZNK5Botan8EC_Group12has_cofactorEv: 734| 3.59k|bool EC_Group::has_cofactor() const { 735| 3.59k| return data().has_cofactor(); 736| 3.59k|} _ZNK5Botan8EC_Group13get_curve_oidEv: 738| 11.9k|const OID& EC_Group::get_curve_oid() const { 739| 11.9k| return data().oid(); 740| 11.9k|} _ZN5Botan17EC_Group_Data_Map6lookupERKNS_3OIDE: 54| 12.4k| std::shared_ptr lookup(const OID& oid) { 55| 12.4k| const lock_guard_type lock(m_mutex); 56| | 57| 26.2k| for(auto i : m_registered_curves) { ------------------ | Branch (57:21): [True: 26.2k, False: 6] ------------------ 58| 26.2k| if(i->oid() == oid) { ------------------ | Branch (58:16): [True: 12.4k, False: 13.8k] ------------------ 59| 12.4k| return i; 60| 12.4k| } 61| 26.2k| } 62| | 63| | // Not found, check hardcoded data 64| 6| std::shared_ptr data = EC_Group::EC_group_info(oid); 65| | 66| 6| if(data) { ------------------ | Branch (66:13): [True: 6, False: 0] ------------------ 67| | // The requested OID may be an alias for a curve whose canonical OID differs 68| | // TODO(Botan4) remove this once we require exactly one canonical OID per curve 69| 6| if(data->oid() != oid) { ------------------ | Branch (69:16): [True: 0, False: 6] ------------------ 70| 0| for(const auto& i : m_registered_curves) { ------------------ | Branch (70:34): [True: 0, False: 0] ------------------ 71| 0| if(i->oid() == data->oid()) { ------------------ | Branch (71:22): [True: 0, False: 0] ------------------ 72| 0| return i; 73| 0| } 74| 0| } 75| 0| } 76| | 77| 6| m_registered_curves.push_back(data); 78| 6| return data; 79| 6| } 80| | 81| | // Nope, unknown curve 82| 0| return std::shared_ptr(); 83| 6| } _ZN5Botan13EC_Group_DataD2Ev: 27| 6|EC_Group_Data::~EC_Group_Data() = default; _ZN5Botan13EC_Group_DataC2ERKNS_6BigIntES3_S3_S3_S3_S3_S3_RKNS_3OIDENS_15EC_Group_SourceE: 39| 6| m_p(p), 40| 6| m_a(a), 41| 6| m_b(b), 42| 6| m_g_x(g_x), 43| 6| m_g_y(g_y), 44| 6| m_order(order), 45| 6| m_cofactor(cofactor), 46| |#if defined(BOTAN_HAS_LEGACY_EC_POINT) 47| 6| m_mod_field(Barrett_Reduction::for_public_modulus(p)), 48| 6| m_mod_order(Barrett_Reduction::for_public_modulus(order)), 49| 6| m_monty(m_p, m_mod_field), 50| |#endif 51| 6| m_oid(oid), 52| 6| m_p_words(p.sig_words()), 53| 6| m_p_bits(p.bits()), 54| 6| m_order_bits(order.bits()), 55| 6| m_order_bytes((m_order_bits + 7) / 8), 56| 6| m_a_is_minus_3(a == p - 3), 57| 6| m_a_is_zero(a.is_zero()), 58| 6| m_has_cofactor(m_cofactor != 1), 59| 6| m_order_is_less_than_p(m_order < p), 60| 6| m_source(source) { 61| | // Verify the generator (x, y) satisfies y^2 = x^3 + a*x + b (mod p) 62| 6| auto mod_p = Barrett_Reduction::for_public_modulus(p); 63| 6| const BigInt y2 = mod_p.square(g_y); 64| 6| const BigInt x3_ax_b = mod_p.reduce(mod_p.cube(g_x) + mod_p.multiply(a, g_x) + b); 65| 6| if(y2 != x3_ax_b) { ------------------ | Branch (65:7): [True: 0, False: 6] ------------------ 66| 0| throw Invalid_Argument("EC_Group generator is not on the curve"); 67| 0| } 68| | 69| | // TODO(Botan4) we can assume/assert the OID is set 70| 6| if(!m_oid.empty()) { ------------------ | Branch (70:7): [True: 6, False: 0] ------------------ 71| 6| DER_Encoder der(m_der_named_curve); 72| 6| der.encode(m_oid); 73| | 74| 6| const std::string name = m_oid.human_name_or_empty(); 75| 6| if(!name.empty()) { ------------------ | Branch (75:10): [True: 6, False: 0] ------------------ 76| | // returns nullptr if unknown or not supported 77| 6| m_pcurve = PCurve::PrimeOrderCurve::for_named_curve(name); 78| 6| } 79| 6| if(m_pcurve) { ------------------ | Branch (79:10): [True: 6, False: 0] ------------------ 80| 6| m_engine = EC_Group_Engine::Optimized; 81| 6| } 82| 6| } 83| | 84| | // Try a generic pcurves instance 85| 6| if(!m_pcurve && !m_has_cofactor) { ------------------ | Branch (85:7): [True: 0, False: 6] | Branch (85:20): [True: 0, False: 0] ------------------ 86| 0| m_pcurve = PCurve::PrimeOrderCurve::from_params(p, a, b, g_x, g_y, order); 87| 0| if(m_pcurve) { ------------------ | Branch (87:10): [True: 0, False: 0] ------------------ 88| 0| m_engine = EC_Group_Engine::Generic; 89| 0| } 90| | // possibly still null here, if parameters unsuitable or if the 91| | // pcurves_generic module wasn't included in the build 92| 0| } 93| | 94| 6|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 95| 6| secure_vector ws; 96| 6| m_a_r = m_monty.mul(a, m_monty.R2(), ws); 97| 6| m_b_r = m_monty.mul(b, m_monty.R2(), ws); 98| 6| if(!m_pcurve) { ------------------ | Branch (98:7): [True: 0, False: 6] ------------------ 99| 0| m_engine = EC_Group_Engine::Legacy; 100| 0| } 101| |#else 102| | if(!m_pcurve) { 103| | if(m_oid.empty()) { 104| | throw Not_Implemented("EC_Group this group is not supported in this build configuration"); 105| | } else { 106| | throw Not_Implemented( 107| | fmt("EC_Group the group {} is not supported in this build configuration", oid.to_string())); 108| | } 109| | } 110| |#endif 111| 6|} _ZN5Botan13EC_Group_Data6createERKNS_6BigIntES3_S3_S3_S3_S3_S3_RKNS_3OIDENS_15EC_Group_SourceE: 121| 6| EC_Group_Source source) { 122| 6| auto group = std::make_shared(p, a, b, g_x, g_y, order, cofactor, oid, source); 123| | 124| 6|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 125| 6| group->m_curve = CurveGFp(group.get()); 126| 6| group->m_base_point = EC_Point(group->m_curve, g_x, g_y); 127| 6| if(!group->m_pcurve) { ------------------ | Branch (127:7): [True: 0, False: 6] ------------------ 128| 0| group->m_base_mult = std::make_unique(group->m_base_point, group->m_mod_order); 129| 0| } 130| 6|#endif 131| | 132| 6| return group; 133| 6|} _ZNK5Botan13EC_Group_Data13scalar_randomERNS_21RandomNumberGeneratorE: 293| 3.08k|std::unique_ptr EC_Group_Data::scalar_random(RandomNumberGenerator& rng) const { 294| 3.08k| if(m_pcurve) { ------------------ | Branch (294:7): [True: 3.08k, False: 0] ------------------ 295| 3.08k| return std::make_unique(shared_from_this(), m_pcurve->random_scalar(rng)); 296| 3.08k| } else { 297| 0|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 298| 0| return std::make_unique(shared_from_this(), 299| 0| BigInt::random_integer(rng, BigInt::one(), m_order)); 300| |#else 301| | throw Not_Implemented("Legacy EC interfaces disabled in this build configuration"); 302| |#endif 303| 0| } 304| 3.08k|} _ZNK5Botan13EC_Group_Data18scalar_deserializeENSt3__14spanIKhLm18446744073709551615EEE: 358| 7.04k|std::unique_ptr EC_Group_Data::scalar_deserialize(std::span bytes) const { 359| 7.04k| if(bytes.size() != m_order_bytes) { ------------------ | Branch (359:7): [True: 0, False: 7.04k] ------------------ 360| 0| return nullptr; 361| 0| } 362| | 363| 7.04k| if(m_pcurve) { ------------------ | Branch (363:7): [True: 7.04k, False: 0] ------------------ 364| 7.04k| if(auto s = m_pcurve->deserialize_scalar(bytes)) { ------------------ | Branch (364:15): [True: 7.04k, False: 0] ------------------ 365| 7.04k| return std::make_unique(shared_from_this(), *s); 366| 7.04k| } else { 367| 0| return nullptr; 368| 0| } 369| 7.04k| } else { 370| 0|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 371| 0| BigInt r(bytes); 372| | 373| 0| if(r.is_zero() || r >= m_order) { ------------------ | Branch (373:10): [True: 0, False: 0] | Branch (373:25): [True: 0, False: 0] ------------------ 374| 0| return nullptr; 375| 0| } 376| | 377| 0| return std::make_unique(shared_from_this(), std::move(r)); 378| |#else 379| | throw Not_Implemented("Legacy EC interfaces disabled in this build configuration"); 380| |#endif 381| 0| } 382| 7.04k|} _ZNK5Botan13EC_Group_Data17point_deserializeENSt3__14spanIKhLm18446744073709551615EEE: 384| 11.3k|std::unique_ptr EC_Group_Data::point_deserialize(std::span bytes) const { 385| | // The deprecated "hybrid" point format 386| | // TODO(Botan4) remove this 387| 11.3k| if(bytes.size() >= 1 + 2 * 4 && (bytes[0] == 0x06 || bytes[0] == 0x07)) { ------------------ | Branch (387:7): [True: 11.2k, False: 27] | Branch (387:37): [True: 127, False: 11.1k] | Branch (387:57): [True: 18, False: 11.1k] ------------------ 388| 145| const bool hdr_y_is_even = bytes[0] == 0x06; 389| 145| const bool y_is_even = (bytes.back() & 0x01) == 0; 390| | 391| 145| if(hdr_y_is_even == y_is_even) { ------------------ | Branch (391:10): [True: 141, False: 4] ------------------ 392| 141| std::vector sec1(bytes.begin(), bytes.end()); 393| 141| sec1[0] = 0x04; 394| 141| return this->point_deserialize(sec1); 395| 141| } 396| 145| } 397| | 398| 11.1k| try { 399| 11.1k| if(m_pcurve) { ------------------ | Branch (399:10): [True: 11.1k, False: 0] ------------------ 400| 11.1k| if(auto pt = m_pcurve->deserialize_point(bytes)) { ------------------ | Branch (400:18): [True: 10.6k, False: 518] ------------------ 401| 10.6k| return std::make_unique(shared_from_this(), std::move(*pt)); 402| 10.6k| } else { 403| 518| return {}; 404| 518| } 405| 11.1k| } else { 406| 0|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 407| 0| auto pt = Botan::OS2ECP(bytes, m_curve); 408| 0| return std::make_unique(shared_from_this(), std::move(pt)); 409| |#else 410| | throw Not_Implemented("Legacy EC interfaces disabled in this build configuration"); 411| |#endif 412| 0| } 413| 11.1k| } catch(...) { 414| 0| return {}; 415| 0| } 416| 11.1k|} _ZNK5Botan13EC_Group_Data11point_g_mulERKNS_14EC_Scalar_DataERNS_21RandomNumberGeneratorE: 466| 3.08k| RandomNumberGenerator& rng) const { 467| 3.08k| if(m_pcurve) { ------------------ | Branch (467:7): [True: 3.08k, False: 0] ------------------ 468| 3.08k| const auto& k = EC_Scalar_Data_PC::checked_ref(scalar); 469| 3.08k| auto pt = m_pcurve->point_to_affine(m_pcurve->mul_by_g(k.value(), rng)); 470| 3.08k| return std::make_unique(shared_from_this(), std::move(pt)); 471| 3.08k| } else { 472| 0|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 473| 0| const auto& group = scalar.group(); 474| 0| const auto& bn = EC_Scalar_Data_BN::checked_ref(scalar); 475| | 476| 0| BOTAN_STATE_CHECK(group->m_base_mult != nullptr); ------------------ | | 51| 0| do { \ | | 52| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 0| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 0] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 0| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 0] | | ------------------ ------------------ 477| 0| std::vector ws; 478| 0| auto pt = group->m_base_mult->mul(bn.value(), rng, m_order, ws); 479| 0| return std::make_unique(shared_from_this(), std::move(pt)); 480| |#else 481| | throw Not_Implemented("Legacy EC interfaces disabled in this build configuration"); 482| |#endif 483| 0| } 484| 3.08k|} _ZN5Botan17EC_Scalar_Data_PC11checked_refERKNS_14EC_Scalar_DataE: 14| 4.87k|const EC_Scalar_Data_PC& EC_Scalar_Data_PC::checked_ref(const EC_Scalar_Data& data) { 15| 4.87k| const auto* p = dynamic_cast(&data); 16| 4.87k| if(p == nullptr) { ------------------ | Branch (16:7): [True: 0, False: 4.87k] ------------------ 17| 0| throw Invalid_State("Failed conversion to EC_Scalar_Data_PC"); 18| 0| } 19| 4.87k| return *p; 20| 4.87k|} _ZNK5Botan17EC_Scalar_Data_PC5groupEv: 22| 33.9k|const std::shared_ptr& EC_Scalar_Data_PC::group() const { 23| 33.9k| return m_group; 24| 33.9k|} _ZNK5Botan17EC_Scalar_Data_PC5bytesEv: 26| 10.1k|size_t EC_Scalar_Data_PC::bytes() const { 27| 10.1k| return this->group()->order_bytes(); 28| 10.1k|} _ZNK5Botan17EC_Scalar_Data_PC5cloneEv: 30| 8.83k|std::unique_ptr EC_Scalar_Data_PC::clone() const { 31| 8.83k| return std::make_unique(this->group(), this->value()); 32| 8.83k|} _ZNK5Botan17EC_Scalar_Data_PC7is_zeroEv: 34| 10.1k|bool EC_Scalar_Data_PC::is_zero() const { 35| 10.1k| const auto& pcurve = this->group()->pcurve(); 36| 10.1k| return pcurve.scalar_is_zero(m_v); 37| 10.1k|} _ZN5Botan17EC_Scalar_Data_PC7zeroizeEv: 48| 10.1k|void EC_Scalar_Data_PC::zeroize() { 49| 10.1k| m_v._zeroize(); 50| 10.1k|} _ZNK5Botan17EC_Scalar_Data_PC12serialize_toENSt3__14spanIhLm18446744073709551615EEE: 81| 10.1k|void EC_Scalar_Data_PC::serialize_to(std::span bytes) const { 82| 10.1k| BOTAN_ARG_CHECK(bytes.size() == m_group->order_bytes(), "Invalid output length"); ------------------ | | 35| 10.1k| do { \ | | 36| 10.1k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 10.1k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 10.1k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 10.1k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 10.1k] | | ------------------ ------------------ 83| 10.1k| m_group->pcurve().serialize_scalar(bytes, m_v); 84| 10.1k|} _ZN5Botan22EC_AffinePoint_Data_PCC2ENSt3__110shared_ptrIKNS_13EC_Group_DataEEENS_6PCurve15PrimeOrderCurve11AffinePointE: 88| 17.3k| m_group(std::move(group)), m_pt(std::move(pt)) { 89| 17.3k| const auto& pcurve = m_group->pcurve(); 90| | 91| 17.3k| if(!pcurve.affine_point_is_identity(m_pt)) { ------------------ | Branch (91:7): [True: 17.3k, False: 18] ------------------ 92| 17.3k| m_xy.resize(1 + 2 * field_element_bytes()); 93| 17.3k| pcurve.serialize_point(m_xy, m_pt); 94| 17.3k| } 95| 17.3k|} _ZNK5Botan22EC_AffinePoint_Data_PC5cloneEv: 105| 3.60k|std::unique_ptr EC_AffinePoint_Data_PC::clone() const { 106| 3.60k| return std::make_unique(m_group, m_pt); 107| 3.60k|} _ZNK5Botan22EC_AffinePoint_Data_PC10mul_x_onlyERKNS_14EC_Scalar_DataERNS_21RandomNumberGeneratorE: 123| 1.79k| RandomNumberGenerator& rng) const { 124| 1.79k| BOTAN_ARG_CHECK(scalar.group() == m_group, "Curve mismatch"); ------------------ | | 35| 1.79k| do { \ | | 36| 1.79k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 1.79k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 1.79k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 1.79k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 1.79k] | | ------------------ ------------------ 125| 1.79k| const auto& k = EC_Scalar_Data_PC::checked_ref(scalar).value(); 126| 1.79k| return m_group->pcurve().mul_x_only(m_pt, k, rng); 127| 1.79k|} _ZNK5Botan22EC_AffinePoint_Data_PC19field_element_bytesEv: 129| 39.0k|size_t EC_AffinePoint_Data_PC::field_element_bytes() const { 130| 39.0k| return m_group->pcurve().field_element_bytes(); 131| 39.0k|} _ZNK5Botan22EC_AffinePoint_Data_PC11is_identityEv: 133| 35.4k|bool EC_AffinePoint_Data_PC::is_identity() const { 134| 35.4k| return m_xy.empty(); 135| 35.4k|} _ZNK5Botan22EC_AffinePoint_Data_PC14serialize_x_toENSt3__14spanIhLm18446744073709551615EEE: 137| 59|void EC_AffinePoint_Data_PC::serialize_x_to(std::span bytes) const { 138| 59| BOTAN_STATE_CHECK(!this->is_identity()); ------------------ | | 51| 59| do { \ | | 52| 59| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 59| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 59] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 59| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 59] | | ------------------ ------------------ 139| 59| const size_t fe_bytes = this->field_element_bytes(); 140| 59| BOTAN_ARG_CHECK(bytes.size() == fe_bytes, "Invalid output size"); ------------------ | | 35| 59| do { \ | | 36| 59| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 59| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 59] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 59| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 59] | | ------------------ ------------------ 141| 59| copy_mem(bytes, std::span{m_xy}.subspan(1, fe_bytes)); 142| 59|} _ZNK5Botan22EC_AffinePoint_Data_PC23serialize_compressed_toENSt3__14spanIhLm18446744073709551615EEE: 158| 59|void EC_AffinePoint_Data_PC::serialize_compressed_to(std::span bytes) const { 159| 59| BOTAN_STATE_CHECK(!this->is_identity()); ------------------ | | 51| 59| do { \ | | 52| 59| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 59| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 59] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 59| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 59] | | ------------------ ------------------ 160| 59| const size_t fe_bytes = this->field_element_bytes(); 161| 59| BOTAN_ARG_CHECK(bytes.size() == 1 + fe_bytes, "Invalid output size"); ------------------ | | 35| 59| do { \ | | 36| 59| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 59| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 59] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 59| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 59] | | ------------------ ------------------ 162| 59| const bool y_is_odd = (m_xy.back() & 0x01) == 0x01; 163| | 164| 59| BufferStuffer stuffer(bytes); 165| 59| stuffer.append(y_is_odd ? 0x03 : 0x02); ------------------ | Branch (165:19): [True: 34, False: 25] ------------------ 166| 59| this->serialize_x_to(stuffer.next(fe_bytes)); 167| 59|} _ZNK5Botan22EC_AffinePoint_Data_PC25serialize_uncompressed_toENSt3__14spanIhLm18446744073709551615EEE: 169| 4.81k|void EC_AffinePoint_Data_PC::serialize_uncompressed_to(std::span bytes) const { 170| 4.81k| BOTAN_STATE_CHECK(!this->is_identity()); ------------------ | | 51| 4.81k| do { \ | | 52| 4.81k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 4.81k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 4.81k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 4.81k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 4.81k] | | ------------------ ------------------ 171| 4.81k| const size_t fe_bytes = this->field_element_bytes(); 172| 4.81k| BOTAN_ARG_CHECK(bytes.size() == 1 + 2 * fe_bytes, "Invalid output size"); ------------------ | | 35| 4.81k| do { \ | | 36| 4.81k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 4.81k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 4.81k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 4.81k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 4.81k] | | ------------------ ------------------ 173| 4.81k| copy_mem(bytes, m_xy); 174| 4.81k|} _ZNK5Botan22EC_AffinePoint_Data_PC15to_legacy_pointEv: 177| 11.9k|EC_Point EC_AffinePoint_Data_PC::to_legacy_point() const { 178| 11.9k| if(this->is_identity()) { ------------------ | Branch (178:7): [True: 9, False: 11.9k] ------------------ 179| 9| return EC_Point(m_group->curve()); 180| 11.9k| } else { 181| 11.9k| const size_t fe_bytes = this->field_element_bytes(); 182| 11.9k| return EC_Point(m_group->curve(), 183| 11.9k| BigInt::from_bytes(std::span{m_xy}.subspan(1, fe_bytes)), 184| 11.9k| BigInt::from_bytes(std::span{m_xy}.last(fe_bytes))); 185| 11.9k| } 186| 11.9k|} _ZN5Botan8EC_Group13EC_group_infoERKNS_3OIDE: 16| 6|std::shared_ptr EC_Group::EC_group_info(const OID& oid) { 17| | // secp256r1 18| 6| if(oid == OID{1, 2, 840, 10045, 3, 1, 7}) { ------------------ | Branch (18:7): [True: 1, False: 5] ------------------ 19| 1| return load_EC_group_info( 20| 1| "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", 21| 1| "0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", 22| 1| "0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", 23| 1| "0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", 24| 1| "0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", 25| 1| "0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", 26| 1| oid); 27| 1| } 28| | 29| | // secp384r1 30| 5| if(oid == OID{1, 3, 132, 0, 34}) { ------------------ | Branch (30:7): [True: 1, False: 4] ------------------ 31| 1| return load_EC_group_info( 32| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", 33| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", 34| 1| "0xB3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", 35| 1| "0xAA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", 36| 1| "0x3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", 37| 1| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", 38| 1| oid); 39| 1| } 40| | 41| | // secp521r1 42| 4| if(oid == OID{1, 3, 132, 0, 35}) { ------------------ | Branch (42:7): [True: 1, False: 3] ------------------ 43| 1| return load_EC_group_info( 44| 1| "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 45| 1| "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", 46| 1| "0x51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", 47| 1| "0xC6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", 48| 1| "0x11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", 49| 1| "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", 50| 1| oid); 51| 1| } 52| | 53| | // brainpool160r1 54| 3| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 1}) { ------------------ | Branch (54:7): [True: 0, False: 3] ------------------ 55| 0| return load_EC_group_info( 56| 0| "0xE95E4A5F737059DC60DFC7AD95B3D8139515620F", 57| 0| "0x340E7BE2A280EB74E2BE61BADA745D97E8F7C300", 58| 0| "0x1E589A8595423412134FAA2DBDEC95C8D8675E58", 59| 0| "0xBED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3", 60| 0| "0x1667CB477A1A8EC338F94741669C976316DA6321", 61| 0| "0xE95E4A5F737059DC60DF5991D45029409E60FC09", 62| 0| oid); 63| 0| } 64| | 65| | // brainpool192r1 66| 3| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 3}) { ------------------ | Branch (66:7): [True: 0, False: 3] ------------------ 67| 0| return load_EC_group_info( 68| 0| "0xC302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297", 69| 0| "0x6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF", 70| 0| "0x469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9", 71| 0| "0xC0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6", 72| 0| "0x14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F", 73| 0| "0xC302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1", 74| 0| oid); 75| 0| } 76| | 77| | // brainpool224r1 78| 3| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 5}) { ------------------ | Branch (78:7): [True: 0, False: 3] ------------------ 79| 0| return load_EC_group_info( 80| 0| "0xD7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF", 81| 0| "0x68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43", 82| 0| "0x2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B", 83| 0| "0xD9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D", 84| 0| "0x58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD", 85| 0| "0xD7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F", 86| 0| oid); 87| 0| } 88| | 89| | // brainpool256r1 90| 3| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 7}) { ------------------ | Branch (90:7): [True: 1, False: 2] ------------------ 91| 1| return load_EC_group_info( 92| 1| "0xA9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", 93| 1| "0x7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", 94| 1| "0x26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", 95| 1| "0x8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", 96| 1| "0x547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", 97| 1| "0xA9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", 98| 1| oid); 99| 1| } 100| | 101| | // brainpool320r1 102| 2| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 9}) { ------------------ | Branch (102:7): [True: 0, False: 2] ------------------ 103| 0| return load_EC_group_info( 104| 0| "0xD35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27", 105| 0| "0x3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4", 106| 0| "0x520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6", 107| 0| "0x43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611", 108| 0| "0x14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1", 109| 0| "0xD35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311", 110| 0| oid); 111| 0| } 112| | 113| | // brainpool384r1 114| 2| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 11}) { ------------------ | Branch (114:7): [True: 1, False: 1] ------------------ 115| 1| return load_EC_group_info( 116| 1| "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", 117| 1| "0x7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826", 118| 1| "0x4A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11", 119| 1| "0x1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E", 120| 1| "0x8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", 121| 1| "0x8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", 122| 1| oid); 123| 1| } 124| | 125| | // brainpool512r1 126| 1| if(oid == OID{1, 3, 36, 3, 3, 2, 8, 1, 1, 13}) { ------------------ | Branch (126:7): [True: 1, False: 0] ------------------ 127| 1| return load_EC_group_info( 128| 1| "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", 129| 1| "0x7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA", 130| 1| "0x3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723", 131| 1| "0x81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822", 132| 1| "0x7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", 133| 1| "0xAADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", 134| 1| oid); 135| 1| } 136| | 137| | // frp256v1 138| 0| if(oid == OID{1, 2, 250, 1, 223, 101, 256, 1}) { ------------------ | Branch (138:7): [True: 0, False: 0] ------------------ 139| 0| return load_EC_group_info( 140| 0| "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C03", 141| 0| "0xF1FD178C0B3AD58F10126DE8CE42435B3961ADBCABC8CA6DE8FCF353D86E9C00", 142| 0| "0xEE353FCA5428A9300D4ABA754A44C00FDFEC0C9AE4B1A1803075ED967B7BB73F", 143| 0| "0xB6B3D4C356C139EB31183D4749D423958C27D2DCAF98B70164C97A2DD98F5CFF", 144| 0| "0x6142E0F7C8B204911F9271F0F3ECEF8C2701C307E8E4C9E183115A1554062CFB", 145| 0| "0xF1FD178C0B3AD58F10126DE8CE42435B53DC67E140D2BF941FFDD459C6D655E1", 146| 0| oid); 147| 0| } 148| | 149| | // gost_256A 150| 0| if(oid == OID{1, 2, 643, 7, 1, 2, 1, 1, 1} || oid == OID{1, 2, 643, 2, 2, 35, 1} || oid == OID{1, 2, 643, 2, 2, 36, 0}) { ------------------ | Branch (150:7): [True: 0, False: 0] | Branch (150:7): [True: 0, False: 0] | Branch (150:50): [True: 0, False: 0] | Branch (150:88): [True: 0, False: 0] ------------------ 151| 0| return load_EC_group_info( 152| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97", 153| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94", 154| 0| "0xA6", 155| 0| "0x1", 156| 0| "0x8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14", 157| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893", 158| 0| OID{1, 2, 643, 7, 1, 2, 1, 1, 1}); 159| 0| } 160| | 161| | // gost_512A 162| 0| if(oid == OID{1, 2, 643, 7, 1, 2, 1, 2, 1}) { ------------------ | Branch (162:7): [True: 0, False: 0] ------------------ 163| 0| return load_EC_group_info( 164| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7", 165| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4", 166| 0| "0xE8C2505DEDFC86DDC1BD0B2B6667F1DA34B82574761CB0E879BD081CFD0B6265EE3CB090F30D27614CB4574010DA90DD862EF9D4EBEE4761503190785A71C760", 167| 0| "0x3", 168| 0| "0x7503CFE87A836AE3A61B8816E25450E6CE5E1C93ACF1ABC1778064FDCBEFA921DF1626BE4FD036E93D75E6A50E3A41E98028FE5FC235F5B889A589CB5215F2A4", 169| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF27E69532F48D89116FF22B8D4E0560609B4B38ABFAD2B85DCACDB1411F10B275", 170| 0| oid); 171| 0| } 172| | 173| | // secp160k1 174| 0| if(oid == OID{1, 3, 132, 0, 9}) { ------------------ | Branch (174:7): [True: 0, False: 0] ------------------ 175| 0| return load_EC_group_info( 176| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 177| 0| "0x0", 178| 0| "0x7", 179| 0| "0x3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", 180| 0| "0x938CF935318FDCED6BC28286531733C3F03C4FEE", 181| 0| "0x100000000000000000001B8FA16DFAB9ACA16B6B3", 182| 0| oid); 183| 0| } 184| | 185| | // secp160r1 186| 0| if(oid == OID{1, 3, 132, 0, 8}) { ------------------ | Branch (186:7): [True: 0, False: 0] ------------------ 187| 0| return load_EC_group_info( 188| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", 189| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", 190| 0| "0x1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", 191| 0| "0x4A96B5688EF573284664698968C38BB913CBFC82", 192| 0| "0x23A628553168947D59DCC912042351377AC5FB32", 193| 0| "0x100000000000000000001F4C8F927AED3CA752257", 194| 0| oid); 195| 0| } 196| | 197| | // secp160r2 198| 0| if(oid == OID{1, 3, 132, 0, 30}) { ------------------ | Branch (198:7): [True: 0, False: 0] ------------------ 199| 0| return load_EC_group_info( 200| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 201| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70", 202| 0| "0xB4E134D3FB59EB8BAB57274904664D5AF50388BA", 203| 0| "0x52DCB034293A117E1F4FF11B30F7199D3144CE6D", 204| 0| "0xFEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E", 205| 0| "0x100000000000000000000351EE786A818F3A1A16B", 206| 0| oid); 207| 0| } 208| | 209| | // secp192k1 210| 0| if(oid == OID{1, 3, 132, 0, 31}) { ------------------ | Branch (210:7): [True: 0, False: 0] ------------------ 211| 0| return load_EC_group_info( 212| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", 213| 0| "0x0", 214| 0| "0x3", 215| 0| "0xDB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", 216| 0| "0x9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", 217| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", 218| 0| oid); 219| 0| } 220| | 221| | // secp192r1 222| 0| if(oid == OID{1, 2, 840, 10045, 3, 1, 1}) { ------------------ | Branch (222:7): [True: 0, False: 0] ------------------ 223| 0| return load_EC_group_info( 224| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", 225| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", 226| 0| "0x64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", 227| 0| "0x188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", 228| 0| "0x7192B95FFC8DA78631011ED6B24CDD573F977A11E794811", 229| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", 230| 0| oid); 231| 0| } 232| | 233| | // secp224k1 234| 0| if(oid == OID{1, 3, 132, 0, 32}) { ------------------ | Branch (234:7): [True: 0, False: 0] ------------------ 235| 0| return load_EC_group_info( 236| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", 237| 0| "0x0", 238| 0| "0x5", 239| 0| "0xA1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", 240| 0| "0x7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", 241| 0| "0x10000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", 242| 0| oid); 243| 0| } 244| | 245| | // secp224r1 246| 0| if(oid == OID{1, 3, 132, 0, 33}) { ------------------ | Branch (246:7): [True: 0, False: 0] ------------------ 247| 0| return load_EC_group_info( 248| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", 249| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", 250| 0| "0xB4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", 251| 0| "0xB70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", 252| 0| "0xBD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", 253| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 254| 0| oid); 255| 0| } 256| | 257| | // secp256k1 258| 0| if(oid == OID{1, 3, 132, 0, 10}) { ------------------ | Branch (258:7): [True: 0, False: 0] ------------------ 259| 0| return load_EC_group_info( 260| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", 261| 0| "0x0", 262| 0| "0x7", 263| 0| "0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", 264| 0| "0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", 265| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 266| 0| oid); 267| 0| } 268| | 269| | // sm2p256v1 270| 0| if(oid == OID{1, 2, 156, 10197, 1, 301}) { ------------------ | Branch (270:7): [True: 0, False: 0] ------------------ 271| 0| return load_EC_group_info( 272| 0| "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF", 273| 0| "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC", 274| 0| "0x28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93", 275| 0| "0x32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7", 276| 0| "0xBC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0", 277| 0| "0xFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123", 278| 0| oid); 279| 0| } 280| | 281| | // x962_p192v2 282| 0| if(oid == OID{1, 2, 840, 10045, 3, 1, 2}) { ------------------ | Branch (282:7): [True: 0, False: 0] ------------------ 283| 0| return load_EC_group_info( 284| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", 285| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", 286| 0| "0xCC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953", 287| 0| "0xEEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A", 288| 0| "0x6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15", 289| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31", 290| 0| oid); 291| 0| } 292| | 293| | // x962_p192v3 294| 0| if(oid == OID{1, 2, 840, 10045, 3, 1, 3}) { ------------------ | Branch (294:7): [True: 0, False: 0] ------------------ 295| 0| return load_EC_group_info( 296| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", 297| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", 298| 0| "0x22123DC2395A05CAA7423DAECCC94760A7D462256BD56916", 299| 0| "0x7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896", 300| 0| "0x38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0", 301| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13", 302| 0| oid); 303| 0| } 304| | 305| | // x962_p239v1 306| 0| if(oid == OID{1, 2, 840, 10045, 3, 1, 4}) { ------------------ | Branch (306:7): [True: 0, False: 0] ------------------ 307| 0| return load_EC_group_info( 308| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", 309| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", 310| 0| "0x6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A", 311| 0| "0xFFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF", 312| 0| "0x7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE", 313| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B", 314| 0| oid); 315| 0| } 316| | 317| | // x962_p239v2 318| 0| if(oid == OID{1, 2, 840, 10045, 3, 1, 5}) { ------------------ | Branch (318:7): [True: 0, False: 0] ------------------ 319| 0| return load_EC_group_info( 320| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", 321| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", 322| 0| "0x617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C", 323| 0| "0x38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7", 324| 0| "0x5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA", 325| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063", 326| 0| oid); 327| 0| } 328| | 329| | // x962_p239v3 330| 0| if(oid == OID{1, 2, 840, 10045, 3, 1, 6}) { ------------------ | Branch (330:7): [True: 0, False: 0] ------------------ 331| 0| return load_EC_group_info( 332| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF", 333| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC", 334| 0| "0x255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E", 335| 0| "0x6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A", 336| 0| "0x1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3", 337| 0| "0x7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551", 338| 0| oid); 339| 0| } 340| | 341| | // numsp512d1 342| 0| if(oid == OID{1, 3, 6, 1, 4, 1, 25258, 4, 3}) { ------------------ | Branch (342:7): [True: 0, False: 0] ------------------ 343| 0| return load_EC_group_info( 344| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC7", 345| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFDC4", 346| 0| "0x1D99B", 347| 0| "0x2", 348| 0| "0x1C282EB23327F9711952C250EA61AD53FCC13031CF6DD336E0B9328433AFBDD8CC5A1C1F0C716FDC724DDE537C2B0ADB00BB3D08DC83755B205CC30D7F83CF28", 349| 0| "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5B3CA4FB94E7831B4FC258ED97D0BDC63B568B36607CD243CE153F390433555D", 350| 0| oid); 351| 0| } 352| | 353| 0| return std::shared_ptr(); 354| 0|} _ZN5Botan9EC_ScalarC2ENSt3__110unique_ptrINS_14EC_Scalar_DataENS1_14default_deleteIS3_EEEE: 22| 10.1k|EC_Scalar::EC_Scalar(std::unique_ptr scalar) : m_scalar(std::move(scalar)) { 23| 10.1k| BOTAN_ASSERT_NONNULL(m_scalar); ------------------ | | 116| 10.1k| do { \ | | 117| 10.1k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 10.1k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 10.1k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 10.1k] | | ------------------ ------------------ 24| 10.1k|} _ZN5Botan9EC_ScalarC2ERKS0_: 26| 8.83k|EC_Scalar::EC_Scalar(const EC_Scalar& other) : m_scalar(other.inner().clone()) {} _ZN5Botan9EC_ScalarC2EOS0_: 28| 20.2k|EC_Scalar::EC_Scalar(EC_Scalar&& other) noexcept : m_scalar(std::move(other.m_scalar)) {} _ZN5Botan9EC_ScalarD2Ev: 43| 39.2k|EC_Scalar::~EC_Scalar() = default; _ZN5Botan9EC_Scalar6randomERKNS_8EC_GroupERNS_21RandomNumberGeneratorE: 61| 3.08k|EC_Scalar EC_Scalar::random(const EC_Group& group, RandomNumberGenerator& rng) { 62| 3.08k| return EC_Scalar(group._data()->scalar_random(rng)); 63| 3.08k|} _ZNK5Botan9EC_Scalar9to_bigintEv: 77| 10.1k|BigInt EC_Scalar::to_bigint() const { 78| 10.1k| secure_vector bytes(m_scalar->bytes()); 79| 10.1k| m_scalar->serialize_to(bytes); 80| 10.1k| return BigInt::from_bytes(bytes); 81| 10.1k|} _ZN5Botan9EC_Scalar11deserializeERKNS_8EC_GroupENSt3__14spanIKhLm18446744073709551615EEE: 118| 7.04k|std::optional EC_Scalar::deserialize(const EC_Group& group, std::span bytes) { 119| 7.04k| if(auto v = group._data()->scalar_deserialize(bytes)) { ------------------ | Branch (119:12): [True: 7.04k, False: 0] ------------------ 120| 7.04k| return EC_Scalar(std::move(v)); 121| 7.04k| } else { 122| 0| return {}; 123| 0| } 124| 7.04k|} _ZNK5Botan9EC_Scalar7is_zeroEv: 133| 10.1k|bool EC_Scalar::is_zero() const { 134| 10.1k| return inner().is_zero(); 135| 10.1k|} _ZN5Botan9EC_Scalar7zeroizeEv: 169| 10.1k|void EC_Scalar::zeroize() { 170| 10.1k| m_scalar->zeroize(); 171| 10.1k|} _ZN5Botan8CurveGFpC2EPKNS_13EC_Group_DataE: 28| 6|CurveGFp::CurveGFp(const EC_Group_Data* group) : m_group(group) { 29| 6| BOTAN_ASSERT_NONNULL(m_group); ------------------ | | 116| 6| do { \ | | 117| 6| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 6] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 6| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 6] | | ------------------ ------------------ 30| 6|} _ZNK5Botan8CurveGFp5groupEv: 32| 23.8k|const EC_Group_Data& CurveGFp::group() const { 33| 23.8k| BOTAN_ASSERT_NONNULL(m_group); ------------------ | | 116| 23.8k| do { \ | | 117| 23.8k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 23.8k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 23.8k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 23.8k] | | ------------------ ------------------ 34| 23.8k| return *m_group; 35| 23.8k|} _ZN5Botan8EC_PointC2ERKNS_8CurveGFpE: 108| 9|EC_Point::EC_Point(const CurveGFp& curve) : m_curve(curve), m_x(0), m_y(curve.group().monty().R1()), m_z(0) {} _ZN5Botan8EC_PointC2ERKNS_8CurveGFpENS_6BigIntES4_: 115| 11.9k| m_curve(curve), m_x(std::move(x)), m_y(std::move(y)), m_z(m_curve.group().monty().R1()) { 116| 11.9k| const auto& group = m_curve.group(); 117| | 118| 11.9k| if(m_x < 0 || m_x >= group.p()) { ------------------ | Branch (118:7): [True: 0, False: 11.9k] | Branch (118:18): [True: 0, False: 11.9k] ------------------ 119| 0| throw Invalid_Argument("Invalid EC_Point affine x"); 120| 0| } 121| 11.9k| if(m_y < 0 || m_y >= group.p()) { ------------------ | Branch (121:7): [True: 0, False: 11.9k] | Branch (121:18): [True: 0, False: 11.9k] ------------------ 122| 0| throw Invalid_Argument("Invalid EC_Point affine y"); 123| 0| } 124| | 125| 11.9k| secure_vector monty_ws(monty_ws_size(group)); 126| | 127| 11.9k| to_rep(group, m_x, monty_ws); 128| 11.9k| to_rep(group, m_y, monty_ws); 129| 11.9k|} _ZN5Botan8EC_Point4swapERS0_: 792| 11.9k|void EC_Point::swap(EC_Point& other) noexcept { 793| 11.9k| m_curve.swap(other.m_curve); 794| 11.9k| m_x.swap(other.m_x); 795| 11.9k| m_y.swap(other.m_y); 796| 11.9k| m_z.swap(other.m_z); 797| 11.9k|} ec_point.cpp:_ZN5Botan12_GLOBAL__N_113monty_ws_sizeERKNS_13EC_Group_DataE: 102| 11.9k|size_t monty_ws_size(const EC_Group_Data& group) { 103| 11.9k| return 2 * group.p_words(); 104| 11.9k|} ec_point.cpp:_ZN5Botan12_GLOBAL__N_16to_repERKNS_13EC_Group_DataERNS_6BigIntERNSt3__16vectorImNS_16secure_allocatorImEEEE: 55| 23.8k|void to_rep(const EC_Group_Data& group, BigInt& x, secure_vector& ws) { 56| 23.8k| group.monty().mul_by(x, group.monty().R2(), ws); 57| 23.8k|} _ZN5Botan17EC_PublicKey_DataC2ENS_8EC_GroupENS_14EC_AffinePointE: 15| 11.9k| m_group(std::move(group)), m_point(std::move(pt)) { 16| 11.9k|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 17| 11.9k| m_legacy_point = m_point.to_legacy_point(); 18| 11.9k|#endif 19| | 20| | // Checking that the point lies on the curve is done in the deserialization 21| | // of EC_AffinePoint. 22| 11.9k| BOTAN_ARG_CHECK(!m_point.is_identity(), "ECC public key cannot be point at infinity"); ------------------ | | 35| 11.9k| do { \ | | 36| 11.9k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 11.9k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 9, False: 11.9k] | | ------------------ | | 38| 9| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 9| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 9| } \ | | 41| 11.9k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 11.9k] | | ------------------ ------------------ 23| 11.9k|} _ZN5Botan18EC_PrivateKey_DataC2ENS_8EC_GroupENS_9EC_ScalarE: 26| 10.1k| m_group(std::move(group)), m_scalar(std::move(x)), m_legacy_x(m_scalar.to_bigint()) { 27| | // Checking that the scalar is lower than the group order is ensured in the 28| | // deserialization of the EC_Scalar or during the random generation respectively. 29| 10.1k| BOTAN_ARG_CHECK(m_scalar.is_nonzero(), "ECC private key cannot be zero"); ------------------ | | 35| 10.1k| do { \ | | 36| 10.1k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 10.1k| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 10.1k] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 10.1k| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 10.1k] | | ------------------ ------------------ 30| 10.1k|} _ZN5Botan18EC_PrivateKey_DataC2ERKNS_8EC_GroupENSt3__14spanIKhLm18446744073709551615EEE: 62| 7.04k| Botan::EC_PrivateKey_Data(group, decode_ec_secret_key_scalar(group, bytes)) {} _ZN5Botan18EC_PrivateKey_DataD2Ev: 64| 10.1k|EC_PrivateKey_Data::~EC_PrivateKey_Data() { 65| 10.1k| m_scalar.zeroize(); 66| 10.1k|} _ZNK5Botan18EC_PrivateKey_Data10public_keyERNS_21RandomNumberGeneratorEb: 69| 3.08k| bool with_modular_inverse) const { 70| 3.08k| auto public_point = [&] { 71| 3.08k| if(with_modular_inverse) { 72| 3.08k| return EC_AffinePoint::g_mul(m_scalar.invert(), rng); 73| 3.08k| } else { 74| 3.08k| return EC_AffinePoint::g_mul(m_scalar, rng); 75| 3.08k| } 76| 3.08k| }; 77| | 78| 3.08k| return std::make_shared(m_group, public_point()); 79| 3.08k|} ec_key_data.cpp:_ZN5Botan12_GLOBAL__N_127decode_ec_secret_key_scalarERKNS_8EC_GroupENSt3__14spanIKhLm18446744073709551615EEE: 34| 7.04k|EC_Scalar decode_ec_secret_key_scalar(const EC_Group& group, std::span bytes) { 35| 7.04k| const size_t order_bytes = group.get_order_bytes(); 36| | 37| 7.04k| if(bytes.size() < order_bytes) { ------------------ | Branch (37:7): [True: 0, False: 7.04k] ------------------ 38| | /* 39| | * Older versions had a bug which caused secret keys to not be encoded to 40| | * the full byte length of the order if there were leading zero bytes. This 41| | * was particularly a problem for P-521, where on average half of keys do 42| | * not have their high bit set and so can be encoded in 65 bytes, vs 66 43| | * bytes for the full order. 44| | * 45| | * To accommodate this, zero prefix the key if we see such a short input 46| | */ 47| 0| secure_vector padded_sk(order_bytes); 48| 0| copy_mem(std::span{padded_sk}.last(bytes.size()), bytes); 49| 0| return decode_ec_secret_key_scalar(group, padded_sk); 50| 0| } 51| | 52| 7.04k| if(auto s = EC_Scalar::deserialize(group, bytes)) { ------------------ | Branch (52:12): [True: 7.04k, False: 0] ------------------ 53| 7.04k| return s.value(); 54| 7.04k| } else { 55| 0| throw Decoding_Error("EC private key is invalid for this group"); 56| 0| } 57| 7.04k|} ec_key_data.cpp:_ZZNK5Botan18EC_PrivateKey_Data10public_keyERNS_21RandomNumberGeneratorEbENK3$_0clEv: 70| 3.08k| auto public_point = [&] { 71| 3.08k| if(with_modular_inverse) { ------------------ | Branch (71:10): [True: 0, False: 3.08k] ------------------ 72| 0| return EC_AffinePoint::g_mul(m_scalar.invert(), rng); 73| 3.08k| } else { 74| 3.08k| return EC_AffinePoint::g_mul(m_scalar, rng); 75| 3.08k| } 76| 3.08k| }; _ZNK5Botan12EC_PublicKey10key_lengthEv: 26| 1.79k|size_t EC_PublicKey::key_length() const { 27| 1.79k| return domain().get_p_bits(); 28| 1.79k|} _ZN5Botan12EC_PublicKeyC2ERKNS_8EC_GroupERKNS_14EC_AffinePointE: 54| 1.80k|EC_PublicKey::EC_PublicKey(const EC_Group& group, const EC_AffinePoint& pub_point) { 55| 1.80k| m_public_key = std::make_shared(group, pub_point); 56| 1.80k| m_domain_encoding = default_encoding_for(domain()); // NOLINT(*-prefer-member-initializer) 57| 1.80k|} _ZNK5Botan12EC_PublicKey6domainEv: 64| 15.5k|const EC_Group& EC_PublicKey::domain() const { 65| 15.5k| BOTAN_STATE_CHECK(m_public_key != nullptr); ------------------ | | 51| 15.5k| do { \ | | 52| 15.5k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 15.5k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 15.5k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 15.5k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 15.5k] | | ------------------ ------------------ 66| 15.5k| return m_public_key->group(); 67| 15.5k|} _ZNK5Botan12EC_PublicKey16_public_ec_pointEv: 76| 4.87k|const EC_AffinePoint& EC_PublicKey::_public_ec_point() const { 77| 4.87k| BOTAN_STATE_CHECK(m_public_key != nullptr); ------------------ | | 51| 4.87k| do { \ | | 52| 4.87k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 4.87k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 4.87k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 4.87k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 4.87k] | | ------------------ ------------------ 78| 4.87k| return m_public_key->public_key(); 79| 4.87k|} _ZNK5Botan12EC_PublicKey19raw_public_key_bitsEv: 90| 4.87k|std::vector EC_PublicKey::raw_public_key_bits() const { 91| 4.87k| return _public_ec_point().serialize(point_encoding()); 92| 4.87k|} _ZN5Botan12EC_PublicKey18set_point_encodingENS_15EC_Point_FormatE: 102| 3.08k|void EC_PublicKey::set_point_encoding(EC_Point_Format enc) { 103| 3.08k| if(enc != EC_Point_Format::Compressed && enc != EC_Point_Format::Uncompressed && enc != EC_Point_Format::Hybrid) { ------------------ | Branch (103:7): [True: 3.02k, False: 59] | Branch (103:45): [True: 0, False: 3.02k] | Branch (103:85): [True: 0, False: 0] ------------------ 104| 0| throw Invalid_Argument("Invalid point encoding for EC_PublicKey"); 105| 0| } 106| | 107| 3.08k| m_point_encoding = enc; 108| 3.08k|} _ZNK5Botan13EC_PrivateKey12_private_keyEv: 123| 1.79k|const EC_Scalar& EC_PrivateKey::_private_key() const { 124| 1.79k| BOTAN_STATE_CHECK(m_private_key != nullptr); ------------------ | | 51| 1.79k| do { \ | | 52| 1.79k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 1.79k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 1.79k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 1.79k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 1.79k] | | ------------------ ------------------ 125| 1.79k| return m_private_key->private_key(); 126| 1.79k|} _ZN5Botan13EC_PrivateKeyC2ERNS_21RandomNumberGeneratorERKNS_8EC_GroupEb: 143| 3.08k| m_with_modular_inverse(with_modular_inverse) { 144| 3.08k| auto scalar = EC_Scalar::random(ec_group, rng); 145| 3.08k| m_private_key = std::make_shared(ec_group, std::move(scalar)); 146| 3.08k| m_public_key = m_private_key->public_key(rng, with_modular_inverse); 147| 3.08k| m_domain_encoding = default_encoding_for(domain()); 148| 3.08k|} _ZN5Botan13EC_PrivateKeyC2ERKNS_19AlgorithmIdentifierENSt3__14spanIKhLm18446744073709551615EEEb: 179| 7.04k| m_with_modular_inverse(with_modular_inverse) { 180| 7.04k| const EC_Group group(alg_id.parameters()); 181| | 182| 7.04k| OID key_parameters; 183| 7.04k| secure_vector private_key_bits; 184| 7.04k| secure_vector public_key_bits; 185| | 186| 7.04k| BER_Decoder(key_bits, BER_Decoder::Limits::DER()) 187| 7.04k| .start_sequence() 188| 7.04k| .decode_and_check(1, "Unknown version code for ECC key") 189| 7.04k| .decode(private_key_bits, ASN1_Type::OctetString) 190| 7.04k| .decode_optional(key_parameters, ASN1_Type(0), ASN1_Class::ExplicitContextSpecific) 191| 7.04k| .decode_optional_string(public_key_bits, ASN1_Type::BitString, 1, ASN1_Class::ExplicitContextSpecific) 192| 7.04k| .end_cons() 193| 7.04k| .verify_end(); 194| | 195| 7.04k| m_private_key = std::make_shared(group, private_key_bits); 196| | 197| 7.04k| if(public_key_bits.empty()) { ------------------ | Branch (197:7): [True: 0, False: 7.04k] ------------------ 198| 0| m_public_key = m_private_key->public_key(with_modular_inverse); 199| 7.04k| } else { 200| 7.04k| m_public_key = std::make_shared(group, public_key_bits); 201| 7.04k| } 202| | 203| 7.04k| m_domain_encoding = default_encoding_for(domain()); 204| 7.04k|} ecc_key.cpp:_ZN5Botan12_GLOBAL__N_120default_encoding_forERKNS_8EC_GroupE: 36| 11.9k|EC_Group_Encoding default_encoding_for(const EC_Group& group) { 37| 11.9k| if(group.get_curve_oid().empty()) { ------------------ | Branch (37:7): [True: 0, False: 11.9k] ------------------ 38| 0| return EC_Group_Encoding::Explicit; 39| 11.9k| } else { 40| 11.9k| return EC_Group_Encoding::NamedCurve; 41| 11.9k| } 42| 11.9k|} _ZNK5Botan15ECDH_PrivateKey23create_key_agreement_opERNS_21RandomNumberGeneratorENSt3__117basic_string_viewIcNS3_11char_traitsIcEEEES7_: 97| 1.79k| std::string_view provider) const { 98| 1.79k| if(provider == "base" || provider.empty()) { ------------------ | Branch (98:7): [True: 0, False: 1.79k] | Branch (98:29): [True: 1.79k, False: 0] ------------------ 99| 1.79k| return std::make_unique(*this, params, rng); 100| 1.79k| } 101| | 102| 0| throw Provider_Not_Found(algo_name(), provider); 103| 1.79k|} ecdh.cpp:_ZN5Botan12_GLOBAL__N_117ECDH_KA_OperationC2ERKNS_15ECDH_PrivateKeyENSt3__117basic_string_viewIcNS5_11char_traitsIcEEEERNS_21RandomNumberGeneratorE: 30| 1.79k| PK_Ops::Key_Agreement_with_KDF(kdf), 31| 1.79k| m_group(key.domain()), 32| 1.79k| m_l_times_priv(mul_cofactor_inv(m_group, key._private_key())), 33| 1.79k| m_rng(rng) {} ecdh.cpp:_ZN5Botan12_GLOBAL__N_117ECDH_KA_Operation16mul_cofactor_invERKNS_8EC_GroupERKNS_9EC_ScalarE: 68| 1.79k| static EC_Scalar mul_cofactor_inv(const EC_Group& group, const EC_Scalar& x) { 69| | // We implement BSI TR-03111 ECKAEG which only matters in the (rare/deprecated) 70| | // case of a curve with cofactor. 71| | 72| 1.79k| if(group.has_cofactor()) { ------------------ | Branch (72:13): [True: 0, False: 1.79k] ------------------ 73| | // We could precompute this but cofactors are rare 74| 0| return x * EC_Scalar::from_bigint(group, group.get_cofactor()).invert_vartime(); 75| 1.79k| } else { 76| 1.79k| return x; 77| 1.79k| } 78| 1.79k| } ecdh.cpp:_ZN5Botan12_GLOBAL__N_117ECDH_KA_Operation9raw_agreeEPKhm: 37| 1.79k| secure_vector raw_agree(const uint8_t w[], size_t w_len) override { 38| 1.79k| const auto input_point = [&] { 39| 1.79k| if(m_group.has_cofactor()) { 40| 1.79k|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 41| 1.79k| return EC_AffinePoint(m_group, m_group.get_cofactor() * m_group.OS2ECP(w, w_len)); 42| |#else 43| | throw Not_Implemented( 44| | "Support for DH with cofactor adjustment not available in this build configuration"); 45| |#endif 46| 1.79k| } else { 47| 1.79k| if(auto point = EC_AffinePoint::deserialize(m_group, {w, w_len})) { 48| 1.79k| return *point; 49| 1.79k| } else { 50| 1.79k| throw Decoding_Error("ECDH - Invalid elliptic curve point: not on curve"); 51| 1.79k| } 52| 1.79k| } 53| 1.79k| }(); 54| | 55| | // Typical specs (such as BSI's TR-03111 Section 4.3.1) require that 56| | // we check the resulting point of the multiplication to not be the 57| | // point at infinity. However, since we ensure that our ECC private 58| | // scalar can never be zero, checking the peer's input point is 59| | // equivalent. 60| 1.79k| if(input_point.is_identity()) { ------------------ | Branch (60:13): [True: 0, False: 1.79k] ------------------ 61| 0| throw Decoding_Error("ECDH - Invalid elliptic curve point: identity"); 62| 0| } 63| | 64| 1.79k| return input_point.mul_x_only(m_l_times_priv, m_rng); 65| 1.79k| } ecdh.cpp:_ZZN5Botan12_GLOBAL__N_117ECDH_KA_Operation9raw_agreeEPKhmENKUlvE_clEv: 38| 1.79k| const auto input_point = [&] { 39| 1.79k| if(m_group.has_cofactor()) { ------------------ | Branch (39:16): [True: 0, False: 1.79k] ------------------ 40| 0|#if defined(BOTAN_HAS_LEGACY_EC_POINT) 41| 0| return EC_AffinePoint(m_group, m_group.get_cofactor() * m_group.OS2ECP(w, w_len)); 42| |#else 43| | throw Not_Implemented( 44| | "Support for DH with cofactor adjustment not available in this build configuration"); 45| |#endif 46| 1.79k| } else { 47| 1.79k| if(auto point = EC_AffinePoint::deserialize(m_group, {w, w_len})) { ------------------ | Branch (47:24): [True: 1.79k, False: 0] ------------------ 48| 1.79k| return *point; 49| 1.79k| } else { 50| 0| throw Decoding_Error("ECDH - Invalid elliptic curve point: not on curve"); 51| 0| } 52| 1.79k| } 53| 1.79k| }(); _ZN5Botan8PEM_Code6decodeERNS_10DataSourceERNSt3__112basic_stringIcNS3_11char_traitsIcEENS3_9allocatorIcEEEE: 62| 14.1k|secure_vector decode(DataSource& source, std::string& label) { 63| 14.1k| const size_t RANDOM_CHAR_LIMIT = 8; 64| | 65| 14.1k| label.clear(); 66| | 67| 14.1k| const std::string PEM_HEADER1 = "-----BEGIN "; 68| 14.1k| const std::string PEM_HEADER2 = "-----"; 69| 14.1k| size_t position = 0; 70| | 71| 172k| while(position != PEM_HEADER1.length()) { ------------------ | Branch (71:10): [True: 158k, False: 14.0k] ------------------ 72| 158k| auto b = source.read_byte(); 73| | 74| 158k| if(!b) { ------------------ | Branch (74:10): [True: 47, False: 158k] ------------------ 75| 47| throw Decoding_Error("PEM: No PEM header found"); 76| 47| } 77| 158k| if(static_cast(*b) == PEM_HEADER1[position]) { ------------------ | Branch (77:10): [True: 155k, False: 3.12k] ------------------ 78| 155k| ++position; 79| 155k| } else if(position >= RANDOM_CHAR_LIMIT) { ------------------ | Branch (79:17): [True: 1, False: 3.12k] ------------------ 80| 1| throw Decoding_Error("PEM: Malformed PEM header"); 81| 3.12k| } else { 82| 3.12k| position = 0; 83| 3.12k| } 84| 158k| } 85| 14.0k| position = 0; 86| 239k| while(position != PEM_HEADER2.length()) { ------------------ | Branch (86:10): [True: 225k, False: 14.0k] ------------------ 87| 225k| auto b = source.read_byte(); 88| | 89| 225k| if(!b) { ------------------ | Branch (89:10): [True: 0, False: 225k] ------------------ 90| 0| throw Decoding_Error("PEM: No PEM header found"); 91| 0| } 92| 225k| if(static_cast(*b) == PEM_HEADER2[position]) { ------------------ | Branch (92:10): [True: 70.4k, False: 154k] ------------------ 93| 70.4k| ++position; 94| 154k| } else if(position > 0) { ------------------ | Branch (94:17): [True: 0, False: 154k] ------------------ 95| 0| throw Decoding_Error("PEM: Malformed PEM header"); 96| 0| } 97| | 98| 225k| if(position == 0) { ------------------ | Branch (98:10): [True: 154k, False: 70.4k] ------------------ 99| 154k| if(label.size() >= 128) { ------------------ | Branch (99:13): [True: 0, False: 154k] ------------------ 100| 0| throw Decoding_Error("PEM: Label too long"); 101| 0| } 102| 154k| label += static_cast(*b); 103| 154k| } 104| 225k| } 105| | 106| 14.0k| std::vector b64; 107| | 108| 14.0k| const std::string PEM_TRAILER = fmt("-----END {}-----", label); 109| 14.0k| position = 0; 110| 6.19M| while(position != PEM_TRAILER.length()) { ------------------ | Branch (110:10): [True: 6.18M, False: 14.0k] ------------------ 111| 6.18M| auto b = source.read_byte(); 112| | 113| 6.18M| if(!b) { ------------------ | Branch (113:10): [True: 0, False: 6.18M] ------------------ 114| 0| throw Decoding_Error("PEM: No PEM trailer found"); 115| 0| } 116| 6.18M| if(static_cast(*b) == PEM_TRAILER[position]) { ------------------ | Branch (116:10): [True: 352k, False: 5.83M] ------------------ 117| 352k| ++position; 118| 5.83M| } else if(position > 0) { ------------------ | Branch (118:17): [True: 0, False: 5.83M] ------------------ 119| 0| throw Decoding_Error("PEM: Malformed PEM trailer"); 120| 0| } 121| | 122| 6.18M| if(position == 0) { ------------------ | Branch (122:10): [True: 5.83M, False: 352k] ------------------ 123| 5.83M| b64.push_back(*b); 124| 5.83M| } 125| 6.18M| } 126| | 127| 14.0k| return base64_decode(b64.data(), b64.size()); 128| 14.0k|} _ZN5Botan8PEM_Code7matchesERNS_10DataSourceENSt3__117basic_string_viewIcNS3_11char_traitsIcEEEEm: 143| 300|bool matches(DataSource& source, std::string_view extra, size_t search_range) { 144| 300| const std::string PEM_HEADER = fmt("-----BEGIN {}", extra); 145| | 146| 300| secure_vector search_buf(search_range); 147| 300| const size_t got = source.peek(search_buf.data(), search_buf.size(), 0); 148| | 149| 300| if(got < PEM_HEADER.length()) { ------------------ | Branch (149:7): [True: 47, False: 253] ------------------ 150| 47| return false; 151| 47| } 152| | 153| 253| size_t index = 0; 154| | 155| 10.1k| for(size_t j = 0; j != got; ++j) { ------------------ | Branch (155:22): [True: 9.85k, False: 253] ------------------ 156| 9.85k| if(static_cast(search_buf[j]) == PEM_HEADER[index]) { ------------------ | Branch (156:10): [True: 380, False: 9.47k] ------------------ 157| 380| ++index; 158| 9.47k| } else { 159| 9.47k| index = 0; 160| 9.47k| } 161| | 162| 9.85k| if(index == PEM_HEADER.size()) { ------------------ | Branch (162:10): [True: 0, False: 9.85k] ------------------ 163| 0| return true; 164| 0| } 165| 9.85k| } 166| | 167| 253| return false; 168| 253|} _ZN5Botan16load_private_keyERKNS_19AlgorithmIdentifierENSt3__14spanIKhLm18446744073709551615EEE: 290| 7.04k| [[maybe_unused]] std::span key_bits) { 291| 7.04k| const std::string oid_str = alg_id.oid().to_formatted_string(); 292| 7.04k| const std::vector alg_info = split_on(oid_str, '/'); 293| 7.04k| const std::string_view alg_name = alg_info[0]; 294| | 295| 7.04k|#if defined(BOTAN_HAS_RSA) 296| 7.04k| if(alg_name == "RSA") { ------------------ | Branch (296:7): [True: 0, False: 7.04k] ------------------ 297| 0| return std::make_unique(alg_id, key_bits); 298| 0| } 299| 7.04k|#endif 300| | 301| 7.04k|#if defined(BOTAN_HAS_X25519) 302| 7.04k| if(alg_name == "X25519" || alg_name == "Curve25519") { ------------------ | Branch (302:7): [True: 0, False: 7.04k] | Branch (302:31): [True: 0, False: 7.04k] ------------------ 303| 0| return std::make_unique(alg_id, key_bits); 304| 0| } 305| 7.04k|#endif 306| | 307| 7.04k|#if defined(BOTAN_HAS_X448) 308| 7.04k| if(alg_name == "X448") { ------------------ | Branch (308:7): [True: 0, False: 7.04k] ------------------ 309| 0| return std::make_unique(alg_id, key_bits); 310| 0| } 311| 7.04k|#endif 312| | 313| 7.04k|#if defined(BOTAN_HAS_ECDSA) 314| 7.04k| if(alg_name == "ECDSA") { ------------------ | Branch (314:7): [True: 7.04k, False: 0] ------------------ 315| 7.04k| return std::make_unique(alg_id, key_bits); 316| 7.04k| } 317| 0|#endif 318| | 319| 0|#if defined(BOTAN_HAS_ECDH) 320| 0| if(alg_name == "ECDH") { ------------------ | Branch (320:7): [True: 0, False: 0] ------------------ 321| 0| return std::make_unique(alg_id, key_bits); 322| 0| } 323| 0|#endif 324| | 325| 0|#if defined(BOTAN_HAS_DIFFIE_HELLMAN) 326| 0| if(alg_name == "DH") { ------------------ | Branch (326:7): [True: 0, False: 0] ------------------ 327| 0| return std::make_unique(alg_id, key_bits); 328| 0| } 329| 0|#endif 330| | 331| 0|#if defined(BOTAN_HAS_DSA) 332| 0| if(alg_name == "DSA") { ------------------ | Branch (332:7): [True: 0, False: 0] ------------------ 333| 0| return std::make_unique(alg_id, key_bits); 334| 0| } 335| 0|#endif 336| | 337| 0|#if defined(BOTAN_HAS_FRODOKEM) 338| 0| if(alg_name == "FrodoKEM" || alg_name.starts_with("FrodoKEM-") || alg_name.starts_with("eFrodoKEM-")) { ------------------ | Branch (338:7): [True: 0, False: 0] | Branch (338:33): [True: 0, False: 0] | Branch (338:70): [True: 0, False: 0] ------------------ 339| 0| return std::make_unique(alg_id, key_bits); 340| 0| } 341| 0|#endif 342| | 343| 0|#if defined(BOTAN_HAS_KYBER) || defined(BOTAN_HAS_KYBER_90S) 344| 0| if(alg_name == "Kyber" || alg_name.starts_with("Kyber-")) { ------------------ | Branch (344:7): [True: 0, False: 0] | Branch (344:30): [True: 0, False: 0] ------------------ 345| 0| return std::make_unique(alg_id, key_bits); 346| 0| } 347| 0|#endif 348| | 349| 0|#if defined(BOTAN_HAS_ML_KEM) 350| 0| if(alg_name.starts_with("ML-KEM-")) { ------------------ | Branch (350:7): [True: 0, False: 0] ------------------ 351| 0| return std::make_unique(alg_id, key_bits); 352| 0| } 353| 0|#endif 354| | 355| 0|#if defined(BOTAN_HAS_MCELIECE) 356| 0| if(alg_name == "McEliece") { ------------------ | Branch (356:7): [True: 0, False: 0] ------------------ 357| 0| return std::make_unique(key_bits); 358| 0| } 359| 0|#endif 360| | 361| 0|#if defined(BOTAN_HAS_ECGDSA) 362| 0| if(alg_name == "ECGDSA") { ------------------ | Branch (362:7): [True: 0, False: 0] ------------------ 363| 0| return std::make_unique(alg_id, key_bits); 364| 0| } 365| 0|#endif 366| | 367| 0|#if defined(BOTAN_HAS_ECKCDSA) 368| 0| if(alg_name == "ECKCDSA") { ------------------ | Branch (368:7): [True: 0, False: 0] ------------------ 369| 0| return std::make_unique(alg_id, key_bits); 370| 0| } 371| 0|#endif 372| | 373| 0|#if defined(BOTAN_HAS_ED25519) 374| 0| if(alg_name == "Ed25519") { ------------------ | Branch (374:7): [True: 0, False: 0] ------------------ 375| 0| return std::make_unique(alg_id, key_bits); 376| 0| } 377| 0|#endif 378| | 379| 0|#if defined(BOTAN_HAS_ED448) 380| 0| if(alg_name == "Ed448") { ------------------ | Branch (380:7): [True: 0, False: 0] ------------------ 381| 0| return std::make_unique(alg_id, key_bits); 382| 0| } 383| 0|#endif 384| | 385| 0|#if defined(BOTAN_HAS_GOST_34_10_2001) 386| 0| if(alg_name == "GOST-34.10" || alg_name == "GOST-34.10-2012-256" || alg_name == "GOST-34.10-2012-512") { ------------------ | Branch (386:7): [True: 0, False: 0] | Branch (386:35): [True: 0, False: 0] | Branch (386:72): [True: 0, False: 0] ------------------ 387| 0| return std::make_unique(alg_id, key_bits); 388| 0| } 389| 0|#endif 390| | 391| 0|#if defined(BOTAN_HAS_SM2) 392| 0| if(alg_name == "SM2" || alg_name == "SM2_Sig" || alg_name == "SM2_Enc") { ------------------ | Branch (392:7): [True: 0, False: 0] | Branch (392:28): [True: 0, False: 0] | Branch (392:53): [True: 0, False: 0] ------------------ 393| 0| return std::make_unique(alg_id, key_bits); 394| 0| } 395| 0|#endif 396| | 397| 0|#if defined(BOTAN_HAS_ELGAMAL) 398| 0| if(alg_name == "ElGamal") { ------------------ | Branch (398:7): [True: 0, False: 0] ------------------ 399| 0| return std::make_unique(alg_id, key_bits); 400| 0| } 401| 0|#endif 402| | 403| 0|#if defined(BOTAN_HAS_XMSS_RFC8391) 404| 0| if(alg_name == "XMSS") { ------------------ | Branch (404:7): [True: 0, False: 0] ------------------ 405| 0| return std::make_unique(key_bits); 406| 0| } 407| 0|#endif 408| | 409| 0|#if defined(BOTAN_HAS_DILITHIUM) || defined(BOTAN_HAS_DILITHIUM_AES) 410| 0| if(alg_name == "Dilithium" || alg_name.starts_with("Dilithium-")) { ------------------ | Branch (410:7): [True: 0, False: 0] | Branch (410:34): [True: 0, False: 0] ------------------ 411| 0| return std::make_unique(alg_id, key_bits); 412| 0| } 413| 0|#endif 414| | 415| 0|#if defined(BOTAN_HAS_ML_DSA) 416| 0| if(alg_name.starts_with("ML-DSA-")) { ------------------ | Branch (416:7): [True: 0, False: 0] ------------------ 417| 0| return std::make_unique(alg_id, key_bits); 418| 0| } 419| 0|#endif 420| | 421| 0|#if defined(BOTAN_HAS_HSS_LMS) 422| 0| if(alg_name == "HSS-LMS-Private-Key") { ------------------ | Branch (422:7): [True: 0, False: 0] ------------------ 423| 0| return std::make_unique(key_bits); 424| 0| } 425| 0|#endif 426| | 427| 0|#if defined(BOTAN_HAS_SPHINCS_PLUS_WITH_SHA2) || defined(BOTAN_HAS_SPHINCS_PLUS_WITH_SHAKE) 428| 0| if(alg_name == "SPHINCS+" || alg_name.starts_with("SphincsPlus-")) { ------------------ | Branch (428:7): [True: 0, False: 0] | Branch (428:33): [True: 0, False: 0] ------------------ 429| 0| return std::make_unique(alg_id, key_bits); 430| 0| } 431| 0|#endif 432| | 433| 0|#if defined(BOTAN_HAS_SLH_DSA_WITH_SHA2) || defined(BOTAN_HAS_SLH_DSA_WITH_SHAKE) 434| 0| if(alg_name.starts_with("SLH-DSA-") || alg_name.starts_with("Hash-SLH-DSA-")) { ------------------ | Branch (434:7): [True: 0, False: 0] | Branch (434:43): [True: 0, False: 0] ------------------ 435| 0| return std::make_unique(alg_id, key_bits); 436| 0| } 437| 0|#endif 438| | 439| 0|#if defined(BOTAN_HAS_CLASSICMCELIECE) 440| 0| if(alg_name.starts_with("ClassicMcEliece")) { ------------------ | Branch (440:7): [True: 0, False: 0] ------------------ 441| 0| return std::make_unique(alg_id, key_bits); 442| 0| } 443| 0|#endif 444| | 445| 0| throw Decoding_Error(fmt("Unknown or unavailable public key algorithm '{}'", alg_name)); 446| 0|} _ZN5Botan22format_hex_fingerprintENSt3__14spanIKhLm18446744073709551615EEE: 45| 14.0k|std::string format_hex_fingerprint(std::span bits) { 46| 14.0k| const std::string hex = hex_encode(bits); 47| | 48| 14.0k| std::string fprint; 49| 14.0k| fprint.reserve(3 * bits.size()); 50| | 51| 380k| for(size_t i = 0; i != hex.size(); i += 2) { ------------------ | Branch (51:22): [True: 366k, False: 14.0k] ------------------ 52| 366k| if(i != 0) { ------------------ | Branch (52:10): [True: 352k, False: 14.0k] ------------------ 53| 352k| fprint.push_back(':'); 54| 352k| } 55| | 56| 366k| fprint.push_back(hex[i]); 57| 366k| fprint.push_back(hex[i + 1]); 58| 366k| } 59| | 60| 14.0k| return fprint; 61| 14.0k|} _ZN5Botan6PK_Ops22Key_Agreement_with_KDFC2ENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 77| 1.80k|PK_Ops::Key_Agreement_with_KDF::Key_Agreement_with_KDF(std::string_view kdf) { 78| 1.80k| if(kdf != "Raw") { ------------------ | Branch (78:7): [True: 0, False: 1.80k] ------------------ 79| 0| m_kdf = KDF::create_or_throw(kdf); 80| 0| } 81| 1.80k|} _ZN5Botan6PK_Ops22Key_Agreement_with_KDFD2Ev: 83| 1.80k|PK_Ops::Key_Agreement_with_KDF::~Key_Agreement_with_KDF() = default; _ZN5Botan6PK_Ops22Key_Agreement_with_KDF5agreeEmNSt3__14spanIKhLm18446744073709551615EEES5_: 87| 1.80k| std::span salt) { 88| 1.80k| if(!salt.empty() && m_kdf == nullptr) { ------------------ | Branch (88:7): [True: 0, False: 1.80k] | Branch (88:24): [True: 0, False: 0] ------------------ 89| 0| throw Invalid_Argument("PK_Key_Agreement::derive_key requires a KDF to use a salt"); 90| 0| } 91| | 92| 1.80k| secure_vector z = raw_agree(other_key.data(), other_key.size()); 93| 1.80k| if(m_kdf) { ------------------ | Branch (93:7): [True: 0, False: 1.80k] ------------------ 94| 0| return m_kdf->derive_key(key_len, z, salt.data(), salt.size()); 95| 0| } 96| 1.80k| return z; 97| 1.80k|} _ZN5Botan5PKCS88load_keyERNS_10DataSourceE: 350| 7.04k|std::unique_ptr load_key(DataSource& source) { 351| 7.04k| auto fail_fn = []() -> std::string { 352| 7.04k| throw PKCS8_Exception("Internal error: Attempt to read password for unencrypted key"); 353| 7.04k| }; 354| | 355| 7.04k| return load_key(source, fail_fn, false); 356| 7.04k|} pkcs8.cpp:_ZN5Botan5PKCS812_GLOBAL__N_18load_keyERNS_10DataSourceERKNSt3__18functionIFNS4_12basic_stringIcNS4_11char_traitsIcEENS4_9allocatorIcEEEEvEEEb: 302| 7.04k| bool is_encrypted) { 303| 7.04k| AlgorithmIdentifier alg_id; 304| 7.04k| secure_vector pkcs8_key = PKCS8_decode(source, get_pass, alg_id, is_encrypted); 305| | 306| 7.04k| const std::string alg_name = alg_id.oid().human_name_or_empty(); 307| 7.04k| if(alg_name.empty()) { ------------------ | Branch (307:7): [True: 0, False: 7.04k] ------------------ 308| 0| throw PKCS8_Exception(fmt("Unknown algorithm OID {}", alg_id.oid())); 309| 0| } 310| | 311| 7.04k| return load_private_key(alg_id, pkcs8_key); 312| 7.04k|} pkcs8.cpp:_ZN5Botan5PKCS812_GLOBAL__N_112PKCS8_decodeERNS_10DataSourceERKNSt3__18functionIFNS4_12basic_stringIcNS4_11char_traitsIcEENS4_9allocatorIcEEEEvEEERNS_19AlgorithmIdentifierEb: 49| 7.04k| bool is_encrypted) { 50| 7.04k| AlgorithmIdentifier pbe_alg_id; 51| 7.04k| secure_vector key_data; 52| 7.04k| secure_vector key; 53| | 54| 7.04k| try { 55| 7.04k| if(ASN1::maybe_BER(source) && !PEM_Code::matches(source)) { ------------------ | Branch (55:10): [True: 0, False: 7.04k] | Branch (55:37): [True: 0, False: 0] ------------------ 56| 0| if(is_encrypted) { ------------------ | Branch (56:13): [True: 0, False: 0] ------------------ 57| 0| key_data = PKCS8_extract(source, pbe_alg_id); 58| 0| } else { 59| | // todo read more efficiently 60| 0| while(auto b = source.read_byte()) { ------------------ | Branch (60:24): [True: 0, False: 0] ------------------ 61| 0| key_data.push_back(*b); 62| 0| } 63| 0| } 64| 7.04k| } else { 65| 7.04k| std::string label; 66| 7.04k| key_data = PEM_Code::decode(source, label); 67| | 68| | // todo remove autodetect for pem as well? 69| 7.04k| if(label == "PRIVATE KEY") { ------------------ | Branch (69:13): [True: 7.04k, False: 0] ------------------ 70| 7.04k| is_encrypted = false; 71| 7.04k| } else if(label == "ENCRYPTED PRIVATE KEY") { ------------------ | Branch (71:20): [True: 0, False: 0] ------------------ 72| 0| DataSource_Memory key_source(key_data); 73| 0| key_data = PKCS8_extract(key_source, pbe_alg_id); 74| 0| } else { 75| 0| throw PKCS8_Exception(fmt("Unknown PEM label '{}'", label)); 76| 0| } 77| 7.04k| } 78| | 79| 7.04k| if(key_data.empty()) { ------------------ | Branch (79:10): [True: 0, False: 7.04k] ------------------ 80| 0| throw PKCS8_Exception("No key data found"); 81| 0| } 82| 7.04k| } catch(Decoding_Error& e) { 83| 0| throw Decoding_Error("PKCS #8 private key decoding", e); 84| 0| } 85| | 86| 7.04k| try { 87| 7.04k| if(is_encrypted) { ------------------ | Branch (87:10): [True: 0, False: 7.04k] ------------------ 88| 0| if(pbe_alg_id.oid().to_formatted_string() != "PBE-PKCS5v20") { ------------------ | Branch (88:13): [True: 0, False: 0] ------------------ 89| 0| throw PKCS8_Exception(fmt("Unknown PBE type {}", pbe_alg_id.oid())); 90| 0| } 91| | 92| 0|#if defined(BOTAN_HAS_PKCS5_PBES2) 93| 0| key = pbes2_decrypt(key_data, get_passphrase(), pbe_alg_id.parameters()); 94| |#else 95| | BOTAN_UNUSED(get_passphrase); 96| | throw Decoding_Error("Private key is encrypted but PBES2 was disabled in build"); 97| |#endif 98| 7.04k| } else { 99| 7.04k| key = key_data; 100| 7.04k| } 101| | 102| 7.04k| BER_Decoder(key, BER_Decoder::Limits::DER()) 103| 7.04k| .start_sequence() 104| 7.04k| .decode_and_check(0, "Unknown PKCS #8 version number") 105| 7.04k| .decode(pk_alg_id) 106| 7.04k| .decode(key, ASN1_Type::OctetString) 107| 7.04k| .discard_remaining() 108| 7.04k| .end_cons() 109| 7.04k| .verify_end(); 110| 7.04k| } catch(std::exception& e) { 111| 0| throw Decoding_Error("PKCS #8 private key decoding", e); 112| 0| } 113| 7.04k| return key; 114| 7.04k|} _ZN5Botan16PK_Key_AgreementC2ERKNS_11Private_KeyERNS_21RandomNumberGeneratorENSt3__117basic_string_viewIcNS6_11char_traitsIcEEEESA_: 216| 1.80k| std::string_view provider) { 217| 1.80k| m_op = key.create_key_agreement_op(rng, kdf, provider); 218| 1.80k| if(!m_op) { ------------------ | Branch (218:7): [True: 0, False: 1.80k] ------------------ 219| 0| throw Invalid_Argument(fmt("Key type {} does not support key agreement", key.algo_name())); 220| 0| } 221| 1.80k|} _ZN5Botan16PK_Key_AgreementD2Ev: 223| 1.80k|PK_Key_Agreement::~PK_Key_Agreement() = default; _ZNK5Botan16PK_Key_Agreement10derive_keyEmNSt3__14spanIKhLm18446744073709551615EEENS1_17basic_string_viewIcNS1_11char_traitsIcEEEE: 241| 1.80k| std::string_view salt) const { 242| 1.80k| return this->derive_key(key_len, peer_key, as_span_of_bytes(salt)); 243| 1.80k|} _ZNK5Botan16PK_Key_Agreement10derive_keyEmNSt3__14spanIKhLm18446744073709551615EEES4_: 247| 1.80k| std::span salt) const { 248| 1.80k| return SymmetricKey(m_op->agree(key_len, peer_key, salt)); 249| 1.80k|} _ZN5Botan16curve25519_donnaEPhPKhS2_: 453| 19|void curve25519_donna(uint8_t mypublic[32], const uint8_t secret[32], const uint8_t basepoint[32]) { 454| 19| CT::poison(secret, 32); 455| 19| CT::poison(basepoint, 32); 456| | 457| 19| uint64_t bp[5]; 458| 19| uint64_t x[5]; 459| 19| uint64_t z[5]; 460| 19| uint64_t zmone[5]; 461| 19| uint8_t e[32]; 462| | 463| 19| copy_mem(e, secret, 32); 464| 19| e[0] &= 248; 465| 19| e[31] &= 127; 466| 19| e[31] |= 64; 467| | 468| 19| fexpand(bp, basepoint); 469| 19| cmult(x, z, e, bp); 470| 19| crecip(zmone, z); 471| 19| fmul(z, x, zmone); 472| 19| fcontract(mypublic, z); 473| | 474| 19| CT::unpoison(secret, 32); 475| 19| CT::unpoison(basepoint, 32); 476| 19| CT::unpoison(mypublic, 32); 477| 19|} donna.cpp:_ZN5Botan12_GLOBAL__N_17fexpandEPmPKh: 217| 19|inline void fexpand(uint64_t* out, const uint8_t* in) { 218| 19| out[0] = load_le(in, 0) & MASK_63; 219| 19| out[1] = (load_le(in + 6, 0) >> 3) & MASK_63; 220| 19| out[2] = (load_le(in + 12, 0) >> 6) & MASK_63; 221| 19| out[3] = (load_le(in + 19, 0) >> 1) & MASK_63; 222| 19| out[4] = (load_le(in + 24, 0) >> 12) & MASK_63; 223| 19|} donna.cpp:_ZN5Botan12_GLOBAL__N_15cmultEPmS1_PKhPKm: 364| 19|void cmult(uint64_t resultx[5], uint64_t resultz[5], const uint8_t n[32], const uint64_t q[5]) { 365| 19| uint64_t a[5] = {0}; // nqpqx 366| 19| uint64_t b[5] = {1}; // npqpz 367| 19| uint64_t c[5] = {1}; // nqx 368| 19| uint64_t d[5] = {0}; // nqz 369| 19| uint64_t e[5] = {0}; // npqqx2 370| 19| uint64_t f[5] = {1}; // npqqz2 371| 19| uint64_t g[5] = {0}; // nqx2 372| 19| uint64_t h[5] = {1}; // nqz2 373| | 374| 19| copy_mem(a, q, 5); 375| | 376| 627| for(size_t i = 0; i < 32; ++i) { ------------------ | Branch (376:22): [True: 608, False: 19] ------------------ 377| 608| const uint64_t si = n[31 - i]; 378| 608| const auto bit0 = CT::Mask::expand_bit(si, 7); 379| 608| const auto bit1 = CT::Mask::expand_bit(si, 6); 380| 608| const auto bit2 = CT::Mask::expand_bit(si, 5); 381| 608| const auto bit3 = CT::Mask::expand_bit(si, 4); 382| 608| const auto bit4 = CT::Mask::expand_bit(si, 3); 383| 608| const auto bit5 = CT::Mask::expand_bit(si, 2); 384| 608| const auto bit6 = CT::Mask::expand_bit(si, 1); 385| 608| const auto bit7 = CT::Mask::expand_bit(si, 0); 386| | 387| 608| swap_conditional(c, a, d, b, bit0); 388| 608| fmonty(g, h, e, f, c, d, a, b, q); 389| | 390| 608| swap_conditional(g, e, h, f, bit0 ^ bit1); 391| 608| fmonty(c, d, a, b, g, h, e, f, q); 392| | 393| 608| swap_conditional(c, a, d, b, bit1 ^ bit2); 394| 608| fmonty(g, h, e, f, c, d, a, b, q); 395| | 396| 608| swap_conditional(g, e, h, f, bit2 ^ bit3); 397| 608| fmonty(c, d, a, b, g, h, e, f, q); 398| | 399| 608| swap_conditional(c, a, d, b, bit3 ^ bit4); 400| 608| fmonty(g, h, e, f, c, d, a, b, q); 401| | 402| 608| swap_conditional(g, e, h, f, bit4 ^ bit5); 403| 608| fmonty(c, d, a, b, g, h, e, f, q); 404| | 405| 608| swap_conditional(c, a, d, b, bit5 ^ bit6); 406| 608| fmonty(g, h, e, f, c, d, a, b, q); 407| | 408| 608| swap_conditional(g, e, h, f, bit6 ^ bit7); 409| 608| fmonty(c, d, a, b, g, h, e, f, q); 410| | 411| 608| swap_conditional(c, a, d, b, bit7); 412| 608| } 413| | 414| 19| copy_mem(resultx, c, 5); 415| 19| copy_mem(resultz, d, 5); 416| 19|} donna.cpp:_ZN5Botan12_GLOBAL__N_116swap_conditionalEPmS1_S1_S1_NS_2CT4MaskImEE: 346| 5.47k|inline void swap_conditional(uint64_t a[5], uint64_t b[5], uint64_t c[5], uint64_t d[5], CT::Mask swap) { 347| 32.8k| for(size_t i = 0; i < 5; ++i) { ------------------ | Branch (347:22): [True: 27.3k, False: 5.47k] ------------------ 348| 27.3k| const uint64_t x0 = swap.if_set_return(a[i] ^ b[i]); 349| 27.3k| a[i] ^= x0; 350| 27.3k| b[i] ^= x0; 351| | 352| 27.3k| const uint64_t x1 = swap.if_set_return(c[i] ^ d[i]); 353| 27.3k| c[i] ^= x1; 354| 27.3k| d[i] ^= x1; 355| 27.3k| } 356| 5.47k|} donna.cpp:_ZN5Botan12_GLOBAL__N_16fmontyEPmS1_S1_S1_S1_S1_S1_S1_PKm: 308| 4.86k| const uint64_t q_minus_q_dash[5]) { 309| 4.86k| uint64_t zzz[5]; 310| 4.86k| uint64_t xx[5]; 311| 4.86k| uint64_t zz[5]; 312| 4.86k| uint64_t xxprime[5]; 313| 4.86k| uint64_t zzprime[5]; 314| 4.86k| uint64_t zzzprime[5]; 315| | 316| 4.86k| fadd_sub(in_q_z, in_q_x); 317| 4.86k| fadd_sub(in_q_dash_z, in_q_dash_x); 318| | 319| 4.86k| fmul(xxprime, in_q_dash_x, in_q_z); 320| 4.86k| fmul(zzprime, in_q_dash_z, in_q_x); 321| | 322| 4.86k| fadd_sub(zzprime, xxprime); 323| | 324| 4.86k| fsquare(result_q_plus_q_dash_x, xxprime); 325| 4.86k| fsquare(zzzprime, zzprime); 326| 4.86k| fmul(result_q_plus_q_dash_z, zzzprime, q_minus_q_dash); 327| | 328| 4.86k| fsquare(xx, in_q_x); 329| 4.86k| fsquare(zz, in_q_z); 330| 4.86k| fmul(result_two_q_x, xx, zz); 331| | 332| 4.86k| fdifference_backwards(zz, xx); // does zz = xx - zz 333| 4.86k| fscalar_product(zzz, zz, 121665); 334| 4.86k| fsum(zzz, xx); 335| | 336| 4.86k| fmul(result_two_q_z, zz, zzz); 337| 4.86k|} donna.cpp:_ZN5Botan12_GLOBAL__N_18fadd_subEPmS1_: 76| 14.5k|inline void fadd_sub(uint64_t x[5], uint64_t y[5]) { 77| | // TODO merge these and avoid the tmp array 78| 14.5k| uint64_t tmp[5]; 79| 14.5k| copy_mem(tmp, y, 5); 80| 14.5k| fsum(y, x); 81| 14.5k| fdifference_backwards(x, tmp); // does x - z 82| 14.5k|} donna.cpp:_ZN5Botan12_GLOBAL__N_17fsquareEPmPKmm: 169| 19.6k|inline void fsquare(uint64_t out[5], const uint64_t in[5], size_t count = 1) { 170| 19.6k| uint64_t r0 = in[0]; 171| 19.6k| uint64_t r1 = in[1]; 172| 19.6k| uint64_t r2 = in[2]; 173| 19.6k| uint64_t r3 = in[3]; 174| 19.6k| uint64_t r4 = in[4]; 175| | 176| 43.9k| for(size_t i = 0; i != count; ++i) { ------------------ | Branch (176:22): [True: 24.2k, False: 19.6k] ------------------ 177| 24.2k| const uint64_t d0 = r0 * 2; 178| 24.2k| const uint64_t d1 = r1 * 2; 179| 24.2k| const uint64_t d2 = r2 * 2 * 19; 180| 24.2k| const uint64_t d419 = r4 * 19; 181| 24.2k| const uint64_t d4 = d419 * 2; 182| | 183| 24.2k| const uint128_t t0 = uint128_t(r0) * r0 + uint128_t(d4) * r1 + uint128_t(d2) * (r3); 184| 24.2k| uint128_t t1 = uint128_t(d0) * r1 + uint128_t(d4) * r2 + uint128_t(r3) * (r3 * 19); 185| 24.2k| uint128_t t2 = uint128_t(d0) * r2 + uint128_t(r1) * r1 + uint128_t(d4) * (r3); 186| 24.2k| uint128_t t3 = uint128_t(d0) * r3 + uint128_t(d1) * r2 + uint128_t(r4) * (d419); 187| 24.2k| uint128_t t4 = uint128_t(d0) * r4 + uint128_t(d1) * r3 + uint128_t(r2) * (r2); 188| | 189| 24.2k| r0 = t0 & MASK_63; 190| 24.2k| t1 += carry_shift(t0, 51); 191| 24.2k| r1 = t1 & MASK_63; 192| 24.2k| t2 += carry_shift(t1, 51); 193| 24.2k| r2 = t2 & MASK_63; 194| 24.2k| t3 += carry_shift(t2, 51); 195| 24.2k| r3 = t3 & MASK_63; 196| 24.2k| t4 += carry_shift(t3, 51); 197| 24.2k| r4 = t4 & MASK_63; 198| 24.2k| uint64_t c = carry_shift(t4, 51); 199| | 200| 24.2k| r0 += c * 19; 201| 24.2k| c = r0 >> 51U; 202| 24.2k| r0 = r0 & MASK_63; 203| 24.2k| r1 += c; 204| 24.2k| c = r1 >> 51U; 205| 24.2k| r1 = r1 & MASK_63; 206| 24.2k| r2 += c; 207| 24.2k| } 208| | 209| 19.6k| out[0] = r0; 210| 19.6k| out[1] = r1; 211| 19.6k| out[2] = r2; 212| 19.6k| out[3] = r3; 213| 19.6k| out[4] = r4; 214| 19.6k|} donna.cpp:_ZN5Botan12_GLOBAL__N_121fdifference_backwardsEPmPKm: 64| 19.4k|inline void fdifference_backwards(uint64_t out[5], const uint64_t in[5]) { 65| | /* 152 is 19 << 3 */ 66| 19.4k| const uint64_t two54m152 = (static_cast(1) << 54) - 152; 67| 19.4k| const uint64_t two54m8 = (static_cast(1) << 54) - 8; 68| | 69| 19.4k| out[0] = in[0] + two54m152 - out[0]; 70| 19.4k| out[1] = in[1] + two54m8 - out[1]; 71| 19.4k| out[2] = in[2] + two54m8 - out[2]; 72| 19.4k| out[3] = in[3] + two54m8 - out[3]; 73| 19.4k| out[4] = in[4] + two54m8 - out[4]; 74| 19.4k|} donna.cpp:_ZN5Botan12_GLOBAL__N_115fscalar_productEPmPKmm: 87| 4.86k|inline void fscalar_product(uint64_t out[5], const uint64_t in[5], const uint64_t scalar) { 88| 4.86k| uint128_t a = uint128_t(in[0]) * scalar; 89| 4.86k| out[0] = a & MASK_63; 90| | 91| 4.86k| a = uint128_t(in[1]) * scalar + carry_shift(a, 51); 92| 4.86k| out[1] = a & MASK_63; 93| | 94| 4.86k| a = uint128_t(in[2]) * scalar + carry_shift(a, 51); 95| 4.86k| out[2] = a & MASK_63; 96| | 97| 4.86k| a = uint128_t(in[3]) * scalar + carry_shift(a, 51); 98| 4.86k| out[3] = a & MASK_63; 99| | 100| 4.86k| a = uint128_t(in[4]) * scalar + carry_shift(a, 51); 101| 4.86k| out[4] = a & MASK_63; 102| | 103| 4.86k| out[0] += carry_shift(a, 51) * 19; 104| 4.86k|} donna.cpp:_ZN5Botan12_GLOBAL__N_14fsumEPmPKm: 50| 19.4k|inline void fsum(uint64_t out[5], const uint64_t in[5]) { 51| 19.4k| out[0] += in[0]; 52| 19.4k| out[1] += in[1]; 53| 19.4k| out[2] += in[2]; 54| 19.4k| out[3] += in[3]; 55| 19.4k| out[4] += in[4]; 56| 19.4k|} donna.cpp:_ZN5Botan12_GLOBAL__N_16crecipEPmPKm: 421| 19|void crecip(uint64_t out[5], const uint64_t z[5]) { 422| 19| uint64_t a[5]; 423| 19| uint64_t b[5]; 424| 19| uint64_t c[5]; 425| 19| uint64_t t0[5]; 426| | 427| 19| fsquare(a, z); // 2 428| 19| fsquare(t0, a, 2); // 8 429| 19| fmul(b, t0, z); // 9 430| 19| fmul(a, b, a); // 11 431| 19| fsquare(t0, a); // 22 432| 19| fmul(b, t0, b); // 2^5 - 2^0 = 31 433| 19| fsquare(t0, b, 5); // 2^10 - 2^5 434| 19| fmul(b, t0, b); // 2^10 - 2^0 435| 19| fsquare(t0, b, 10); // 2^20 - 2^10 436| 19| fmul(c, t0, b); // 2^20 - 2^0 437| 19| fsquare(t0, c, 20); // 2^40 - 2^20 438| 19| fmul(t0, t0, c); // 2^40 - 2^0 439| 19| fsquare(t0, t0, 10); // 2^50 - 2^10 440| 19| fmul(b, t0, b); // 2^50 - 2^0 441| 19| fsquare(t0, b, 50); // 2^100 - 2^50 442| 19| fmul(c, t0, b); // 2^100 - 2^0 443| 19| fsquare(t0, c, 100); // 2^200 - 2^100 444| 19| fmul(t0, t0, c); // 2^200 - 2^0 445| 19| fsquare(t0, t0, 50); // 2^250 - 2^50 446| 19| fmul(t0, t0, b); // 2^250 - 2^0 447| 19| fsquare(t0, t0, 5); // 2^255 - 2^5 448| 19| fmul(out, t0, a); // 2^255 - 21 449| 19|} donna.cpp:_ZN5Botan12_GLOBAL__N_14fmulEPmPKmS3_: 114| 24.5k|inline void fmul(uint64_t out[5], const uint64_t in[5], const uint64_t in2[5]) { 115| 24.5k| const auto s0 = uint128_t(in2[0]); 116| 24.5k| const auto s1 = uint128_t(in2[1]); 117| 24.5k| const auto s2 = uint128_t(in2[2]); 118| 24.5k| const auto s3 = uint128_t(in2[3]); 119| 24.5k| const auto s4 = uint128_t(in2[4]); 120| | 121| 24.5k| uint64_t r0 = in[0]; 122| 24.5k| uint64_t r1 = in[1]; 123| 24.5k| uint64_t r2 = in[2]; 124| 24.5k| uint64_t r3 = in[3]; 125| 24.5k| uint64_t r4 = in[4]; 126| | 127| 24.5k| uint128_t t0 = r0 * s0; 128| 24.5k| uint128_t t1 = r0 * s1 + r1 * s0; 129| 24.5k| uint128_t t2 = r0 * s2 + r2 * s0 + r1 * s1; 130| 24.5k| uint128_t t3 = r0 * s3 + r3 * s0 + r1 * s2 + r2 * s1; 131| 24.5k| uint128_t t4 = r0 * s4 + r4 * s0 + r3 * s1 + r1 * s3 + r2 * s2; 132| | 133| 24.5k| r4 *= 19; 134| 24.5k| r1 *= 19; 135| 24.5k| r2 *= 19; 136| 24.5k| r3 *= 19; 137| | 138| 24.5k| t0 += r4 * s1 + r1 * s4 + r2 * s3 + r3 * s2; 139| 24.5k| t1 += r4 * s2 + r2 * s4 + r3 * s3; 140| 24.5k| t2 += r4 * s3 + r3 * s4; 141| 24.5k| t3 += r4 * s4; 142| | 143| 24.5k| r0 = t0 & MASK_63; 144| 24.5k| t1 += carry_shift(t0, 51); 145| 24.5k| r1 = t1 & MASK_63; 146| 24.5k| t2 += carry_shift(t1, 51); 147| 24.5k| r2 = t2 & MASK_63; 148| 24.5k| t3 += carry_shift(t2, 51); 149| 24.5k| r3 = t3 & MASK_63; 150| 24.5k| t4 += carry_shift(t3, 51); 151| 24.5k| r4 = t4 & MASK_63; 152| 24.5k| uint64_t c = carry_shift(t4, 51); 153| | 154| 24.5k| r0 += c * 19; 155| 24.5k| c = r0 >> 51U; 156| 24.5k| r0 = r0 & MASK_63; 157| 24.5k| r1 += c; 158| 24.5k| c = r1 >> 51U; 159| 24.5k| r1 = r1 & MASK_63; 160| 24.5k| r2 += c; 161| | 162| 24.5k| out[0] = r0; 163| 24.5k| out[1] = r1; 164| 24.5k| out[2] = r2; 165| 24.5k| out[3] = r3; 166| 24.5k| out[4] = r4; 167| 24.5k|} donna.cpp:_ZN5Botan12_GLOBAL__N_19fcontractEPhPKm: 228| 19|inline void fcontract(uint8_t* out, const uint64_t input[5]) { 229| 19| auto t0 = uint128_t(input[0]); 230| 19| auto t1 = uint128_t(input[1]); 231| 19| auto t2 = uint128_t(input[2]); 232| 19| auto t3 = uint128_t(input[3]); 233| 19| auto t4 = uint128_t(input[4]); 234| | 235| 57| for(size_t i = 0; i != 2; ++i) { ------------------ | Branch (235:22): [True: 38, False: 19] ------------------ 236| 38| t1 += t0 >> 51U; 237| 38| t0 &= MASK_63; 238| 38| t2 += t1 >> 51U; 239| 38| t1 &= MASK_63; 240| 38| t3 += t2 >> 51U; 241| 38| t2 &= MASK_63; 242| 38| t4 += t3 >> 51U; 243| 38| t3 &= MASK_63; 244| 38| t0 += (t4 >> 51U) * 19; 245| 38| t4 &= MASK_63; 246| 38| } 247| | 248| | /* now t is between 0 and 2^255-1, properly carried. */ 249| | /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */ 250| | 251| 19| t0 += 19; 252| | 253| 19| t1 += t0 >> 51U; 254| 19| t0 &= MASK_63; 255| 19| t2 += t1 >> 51U; 256| 19| t1 &= MASK_63; 257| 19| t3 += t2 >> 51U; 258| 19| t2 &= MASK_63; 259| 19| t4 += t3 >> 51U; 260| 19| t3 &= MASK_63; 261| 19| t0 += (t4 >> 51U) * 19; 262| 19| t4 &= MASK_63; 263| | 264| | /* now between 19 and 2^255-1 in both cases, and offset by 19. */ 265| | 266| 19| t0 += 0x8000000000000 - 19; 267| 19| t1 += 0x8000000000000 - 1; 268| 19| t2 += 0x8000000000000 - 1; 269| 19| t3 += 0x8000000000000 - 1; 270| 19| t4 += 0x8000000000000 - 1; 271| | 272| | /* now between 2^255 and 2^256-20, and offset by 2^255. */ 273| | 274| 19| t1 += t0 >> 51U; 275| 19| t0 &= MASK_63; 276| 19| t2 += t1 >> 51U; 277| 19| t1 &= MASK_63; 278| 19| t3 += t2 >> 51U; 279| 19| t2 &= MASK_63; 280| 19| t4 += t3 >> 51U; 281| 19| t3 &= MASK_63; 282| 19| t4 &= MASK_63; 283| | 284| 19| store_le(out, 285| 19| combine_lower(t0, 0, t1, 51), 286| 19| combine_lower(t1, 13, t2, 38), 287| 19| combine_lower(t2, 26, t3, 25), 288| 19| combine_lower(t3, 39, t4, 12)); 289| 19|} _ZN5Botan20curve25519_basepointEPhPKh: 19| 16|void curve25519_basepoint(uint8_t mypublic[32], const uint8_t secret[32]) { 20| 16| const uint8_t basepoint[32] = {9}; 21| 16| curve25519_donna(mypublic, secret, basepoint); 22| 16|} _ZN5Botan16X25519_PublicKeyC1ENSt3__14spanIKhLm18446744073709551615EEE: 51| 10|X25519_PublicKey::X25519_PublicKey(std::span pub) { 52| 10| m_public.assign(pub.begin(), pub.end()); 53| | 54| 10| size_check(m_public.size(), "public key"); 55| 10|} _ZNK5Botan16X25519_PublicKey19raw_public_key_bitsEv: 57| 19|std::vector X25519_PublicKey::raw_public_key_bits() const { 58| 19| return m_public; 59| 19|} _ZN5Botan17X25519_PrivateKeyC1ERNS_21RandomNumberGeneratorE: 79| 16|X25519_PrivateKey::X25519_PrivateKey(RandomNumberGenerator& rng) { 80| 16| m_private = rng.random_vec(32); 81| 16| m_public.resize(32); 82| 16| curve25519_basepoint(m_public.data(), m_private.data()); 83| 16|} _ZNK5Botan17X25519_PrivateKey5agreeEPKhm: 107| 3|secure_vector X25519_PrivateKey::agree(const uint8_t w[], size_t w_len) const { 108| 3| size_check(w_len, "public value"); 109| 3| return curve25519(m_private, w); 110| 3|} _ZNK5Botan17X25519_PrivateKey23create_key_agreement_opERNS_21RandomNumberGeneratorENSt3__117basic_string_viewIcNS3_11char_traitsIcEEEES7_: 151| 3| std::string_view provider) const { 152| 3| if(provider == "base" || provider.empty()) { ------------------ | Branch (152:7): [True: 0, False: 3] | Branch (152:29): [True: 3, False: 0] ------------------ 153| 3| return std::make_unique(*this, params); 154| 3| } 155| 0| throw Provider_Not_Found(algo_name(), provider); 156| 3|} x25519.cpp:_ZN5Botan12_GLOBAL__N_110size_checkEmPKc: 26| 13|void size_check(size_t size, const char* thing) { 27| 13| if(size != 32) { ------------------ | Branch (27:7): [True: 7, False: 6] ------------------ 28| 7| throw Decoding_Error(fmt("Invalid size {} for X25519 {}", size, thing)); 29| 7| } 30| 13|} x25519.cpp:_ZN5Botan12_GLOBAL__N_110curve25519ERKNSt3__16vectorIhNS_16secure_allocatorIhEEEEPKh: 32| 3|secure_vector curve25519(const secure_vector& secret, const uint8_t pubval[32]) { 33| 3| secure_vector out(32); 34| 3| curve25519_donna(out.data(), secret.data(), pubval); 35| 3| return out; 36| 3|} x25519.cpp:_ZN5Botan12_GLOBAL__N_119X25519_KA_OperationC2ERKNS_17X25519_PrivateKeyENSt3__117basic_string_viewIcNS5_11char_traitsIcEEEE: 120| 3| PK_Ops::Key_Agreement_with_KDF(kdf), m_key(key) {} x25519.cpp:_ZN5Botan12_GLOBAL__N_119X25519_KA_Operation9raw_agreeEPKhm: 124| 3| secure_vector raw_agree(const uint8_t w[], size_t w_len) override { 125| 3| auto shared_key = m_key.agree(w, w_len); 126| | 127| | // RFC 7748 Section 6.1 128| | // Both [parties] MAY check, without leaking extra information about 129| | // the value of K, whether K is the all-zero value and abort if so. 130| | // 131| | // TODO: once the generic Key Agreement operation creation is equipped 132| | // with a more flexible parameterization, this check could be 133| | // made optional. 134| | // For instance: `sk->agree().with_optional_sanity_checks(true)`. 135| | // See also: https://github.com/randombit/botan/pull/4318 136| 3| if(CT::all_zeros(shared_key.data(), shared_key.size()).as_bool()) { ------------------ | Branch (136:13): [True: 1, False: 2] ------------------ 137| 1| throw Invalid_Argument("X25519 public point appears to be of low order"); 138| 1| } 139| | 140| 2| return shared_key; 141| 3| } _ZN5Botan10ChaCha_RNGC2ENSt3__14spanIKhLm18446744073709551615EEE: 20| 1|ChaCha_RNG::ChaCha_RNG(std::span seed) { 21| 1| m_hmac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-256)"); 22| 1| m_chacha = StreamCipher::create_or_throw("ChaCha(20)"); 23| 1| clear(); 24| 1| add_entropy(seed); 25| 1|} _ZN5Botan10ChaCha_RNG11clear_stateEv: 50| 1|void ChaCha_RNG::clear_state() { 51| 1| m_hmac->set_key(std::vector(m_hmac->output_length(), 0x00)); 52| 1| m_chacha->set_key(m_hmac->final()); 53| 1|} _ZN5Botan10ChaCha_RNG15generate_outputENSt3__14spanIhLm18446744073709551615EEENS2_IKhLm18446744073709551615EEE: 55| 40.8k|void ChaCha_RNG::generate_output(std::span output, std::span input) { 56| 40.8k| BOTAN_ASSERT_NOMSG(!output.empty()); ------------------ | | 77| 40.8k| do { \ | | 78| 40.8k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 40.8k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 40.8k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 40.8k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 40.8k] | | ------------------ ------------------ 57| | 58| 40.8k| if(!input.empty()) { ------------------ | Branch (58:7): [True: 0, False: 40.8k] ------------------ 59| 0| update(input); 60| 0| } 61| | 62| 40.8k| m_chacha->write_keystream(output); 63| 40.8k|} _ZN5Botan10ChaCha_RNG6updateENSt3__14spanIKhLm18446744073709551615EEE: 65| 1|void ChaCha_RNG::update(std::span input) { 66| 1| m_hmac->update(input); 67| 1| m_chacha->set_key(m_hmac->final()); 68| 1| const auto mac_key = m_chacha->keystream_bytes(m_hmac->output_length()); 69| 1| m_hmac->set_key(mac_key); 70| 1|} _ZNK5Botan10ChaCha_RNG14security_levelEv: 72| 1|size_t ChaCha_RNG::security_level() const { 73| 1| return 256; 74| 1|} _ZN5Botan12Stateful_RNG5clearEv: 15| 1|void Stateful_RNG::clear() { 16| 1| const lock_guard_type lock(m_mutex); 17| 1| m_reseed_counter = 0; 18| 1| m_last_pid = 0; 19| 1| clear_state(); 20| 1|} _ZNK5Botan12Stateful_RNG9is_seededEv: 27| 65.2k|bool Stateful_RNG::is_seeded() const { 28| 65.2k| const lock_guard_type lock(m_mutex); 29| 65.2k| return m_reseed_counter > 0; 30| 65.2k|} _ZN5Botan12Stateful_RNG23generate_batched_outputENSt3__14spanIhLm18446744073709551615EEENS2_IKhLm18446744073709551615EEE: 39| 40.8k|void Stateful_RNG::generate_batched_output(std::span output, std::span input) { 40| 40.8k| BOTAN_ASSERT_NOMSG(!output.empty()); ------------------ | | 77| 40.8k| do { \ | | 78| 40.8k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 40.8k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 40.8k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 40.8k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 40.8k] | | ------------------ ------------------ 41| | 42| 40.8k| const size_t max_per_request = max_number_of_bytes_per_request(); 43| | 44| 40.8k| if(max_per_request == 0) { ------------------ | Branch (44:7): [True: 40.8k, False: 0] ------------------ 45| | // no limit 46| 40.8k| reseed_check(); 47| 40.8k| this->generate_output(output, input); 48| 40.8k| } else { 49| 0| while(!output.empty()) { ------------------ | Branch (49:13): [True: 0, False: 0] ------------------ 50| 0| const size_t this_req = std::min(max_per_request, output.size()); 51| | 52| 0| reseed_check(); 53| 0| this->generate_output(output.subspan(0, this_req), input); 54| | 55| | // only include the input for the first iteration 56| 0| input = {}; 57| | 58| 0| output = output.subspan(this_req); 59| 0| } 60| 0| } 61| 40.8k|} _ZN5Botan12Stateful_RNG21fill_bytes_with_inputENSt3__14spanIhLm18446744073709551615EEENS2_IKhLm18446744073709551615EEE: 63| 40.8k|void Stateful_RNG::fill_bytes_with_input(std::span output, std::span input) { 64| 40.8k| const lock_guard_type lock(m_mutex); 65| | 66| 40.8k| if(output.empty()) { ------------------ | Branch (66:7): [True: 1, False: 40.8k] ------------------ 67| | // Special case for exclusively adding entropy to the stateful RNG. 68| 1| this->update(input); 69| | 70| 1| if(8 * input.size() >= security_level()) { ------------------ | Branch (70:10): [True: 1, False: 0] ------------------ 71| 1| reset_reseed_counter(); 72| 1| } 73| 40.8k| } else { 74| 40.8k| generate_batched_output(output, input); 75| 40.8k| } 76| 40.8k|} _ZN5Botan12Stateful_RNG20reset_reseed_counterEv: 100| 1|void Stateful_RNG::reset_reseed_counter() { 101| | // Lock is held whenever this function is called 102| 1| m_reseed_counter = 1; 103| 1|} _ZN5Botan12Stateful_RNG12reseed_checkEv: 105| 40.8k|void Stateful_RNG::reseed_check() { 106| | // Lock is held whenever this function is called 107| | 108| 40.8k| const uint32_t cur_pid = OS::get_process_id(); 109| | 110| 40.8k| const bool fork_detected = (m_last_pid > 0) && (cur_pid != m_last_pid); ------------------ | Branch (110:31): [True: 0, False: 40.8k] | Branch (110:51): [True: 0, False: 0] ------------------ 111| | 112| 40.8k| if(is_seeded() == false || fork_detected || (m_reseed_interval > 0 && m_reseed_counter >= m_reseed_interval)) { ------------------ | Branch (112:7): [True: 0, False: 40.8k] | Branch (112:31): [True: 0, False: 40.8k] | Branch (112:49): [True: 0, False: 40.8k] | Branch (112:74): [True: 0, False: 0] ------------------ 113| 0| m_reseed_counter = 0; 114| 0| m_last_pid = cur_pid; 115| | 116| 0| if(m_underlying_rng != nullptr) { ------------------ | Branch (116:10): [True: 0, False: 0] ------------------ 117| 0| reseed_from_rng(*m_underlying_rng, security_level()); 118| 0| } 119| | 120| 0| if(m_entropy_sources != nullptr) { ------------------ | Branch (120:10): [True: 0, False: 0] ------------------ 121| 0| reseed_from_sources(*m_entropy_sources, security_level()); 122| 0| } 123| | 124| 0| if(!is_seeded()) { ------------------ | Branch (124:10): [True: 0, False: 0] ------------------ 125| 0| if(fork_detected) { ------------------ | Branch (125:13): [True: 0, False: 0] ------------------ 126| 0| throw Invalid_State("Detected use of fork but cannot reseed DRBG"); 127| 0| } else { 128| 0| throw PRNG_Unseeded(name()); 129| 0| } 130| 0| } 131| 40.8k| } else { 132| 40.8k| BOTAN_ASSERT(m_reseed_counter != 0, "RNG is seeded"); ------------------ | | 64| 40.8k| do { \ | | 65| 40.8k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 40.8k| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 40.8k] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 40.8k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 40.8k] | | ------------------ ------------------ 133| 40.8k| m_reseed_counter += 1; 134| 40.8k| } 135| 40.8k|} _ZN5Botan6ChaChaC2Em: 85| 1|ChaCha::ChaCha(size_t rounds) : m_rounds(rounds) { 86| 1| BOTAN_ARG_CHECK(m_rounds == 8 || m_rounds == 12 || m_rounds == 20, "ChaCha only supports 8, 12 or 20 rounds"); ------------------ | | 35| 1| do { \ | | 36| 1| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 4| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 0, False: 1] | | | Branch (37:12): [True: 0, False: 1] | | | Branch (37:12): [True: 1, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 1| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 1] | | ------------------ ------------------ 87| 1|} _ZN5Botan6ChaCha11parallelismEv: 89| 2|size_t ChaCha::parallelism() { 90| 2|#if defined(BOTAN_HAS_CHACHA_AVX512) 91| 2| if(CPUID::has(CPUID::Feature::AVX512)) { ------------------ | Branch (91:7): [True: 0, False: 2] ------------------ 92| 0| return 16; 93| 0| } 94| 2|#endif 95| | 96| 2|#if defined(BOTAN_HAS_CHACHA_AVX2) 97| 2| if(CPUID::has(CPUID::Feature::AVX2)) { ------------------ | Branch (97:7): [True: 2, False: 0] ------------------ 98| 2| return 8; 99| 2| } 100| 0|#endif 101| | 102| 0| return 4; 103| 2|} _ZN5Botan6ChaCha6chachaEPhmPjm: 127| 3.07k|void ChaCha::chacha(uint8_t output[], size_t output_blocks, uint32_t state[16], size_t rounds) { 128| 3.07k| BOTAN_ASSERT(rounds % 2 == 0, "Valid rounds"); ------------------ | | 64| 3.07k| do { \ | | 65| 3.07k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 3.07k| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 3.07k] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 3.07k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 3.07k] | | ------------------ ------------------ 129| | 130| 3.07k|#if defined(BOTAN_HAS_CHACHA_AVX512) 131| 3.07k| if(CPUID::has(CPUID::Feature::AVX512)) { ------------------ | Branch (131:7): [True: 0, False: 3.07k] ------------------ 132| 0| while(output_blocks >= 16) { ------------------ | Branch (132:13): [True: 0, False: 0] ------------------ 133| 0| ChaCha::chacha_avx512_x16(output, state, rounds); 134| 0| output += 16 * 64; 135| 0| output_blocks -= 16; 136| 0| } 137| 0| } 138| 3.07k|#endif 139| | 140| 3.07k|#if defined(BOTAN_HAS_CHACHA_AVX2) 141| 3.07k| if(CPUID::has(CPUID::Feature::AVX2)) { ------------------ | Branch (141:7): [True: 3.07k, False: 0] ------------------ 142| 6.14k| while(output_blocks >= 8) { ------------------ | Branch (142:13): [True: 3.07k, False: 3.07k] ------------------ 143| 3.07k| ChaCha::chacha_avx2_x8(output, state, rounds); 144| 3.07k| output += 8 * 64; 145| 3.07k| output_blocks -= 8; 146| 3.07k| } 147| 3.07k| } 148| 3.07k|#endif 149| | 150| 3.07k|#if defined(BOTAN_HAS_CHACHA_SIMD32) 151| 3.07k| if(CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (151:7): [True: 3.07k, False: 0] ------------------ 152| 3.07k| while(output_blocks >= 4) { ------------------ | Branch (152:13): [True: 0, False: 3.07k] ------------------ 153| 0| ChaCha::chacha_simd32_x4(output, state, rounds); 154| 0| output += 4 * 64; 155| 0| output_blocks -= 4; 156| 0| } 157| 3.07k| } 158| 3.07k|#endif 159| | 160| | // TODO interleave rounds 161| 3.07k| for(size_t i = 0; i != output_blocks; ++i) { ------------------ | Branch (161:22): [True: 0, False: 3.07k] ------------------ 162| 0| uint32_t x00 = state[0]; 163| 0| uint32_t x01 = state[1]; 164| 0| uint32_t x02 = state[2]; 165| 0| uint32_t x03 = state[3]; 166| 0| uint32_t x04 = state[4]; 167| 0| uint32_t x05 = state[5]; 168| 0| uint32_t x06 = state[6]; 169| 0| uint32_t x07 = state[7]; 170| 0| uint32_t x08 = state[8]; 171| 0| uint32_t x09 = state[9]; 172| 0| uint32_t x10 = state[10]; 173| 0| uint32_t x11 = state[11]; 174| 0| uint32_t x12 = state[12]; 175| 0| uint32_t x13 = state[13]; 176| 0| uint32_t x14 = state[14]; 177| 0| uint32_t x15 = state[15]; 178| | 179| 0| for(size_t r = 0; r != rounds / 2; ++r) { ------------------ | Branch (179:25): [True: 0, False: 0] ------------------ 180| 0| chacha_quarter_round(x00, x04, x08, x12); 181| 0| chacha_quarter_round(x01, x05, x09, x13); 182| 0| chacha_quarter_round(x02, x06, x10, x14); 183| 0| chacha_quarter_round(x03, x07, x11, x15); 184| | 185| 0| chacha_quarter_round(x00, x05, x10, x15); 186| 0| chacha_quarter_round(x01, x06, x11, x12); 187| 0| chacha_quarter_round(x02, x07, x08, x13); 188| 0| chacha_quarter_round(x03, x04, x09, x14); 189| 0| } 190| | 191| 0| x00 += state[0]; 192| 0| x01 += state[1]; 193| 0| x02 += state[2]; 194| 0| x03 += state[3]; 195| 0| x04 += state[4]; 196| 0| x05 += state[5]; 197| 0| x06 += state[6]; 198| 0| x07 += state[7]; 199| 0| x08 += state[8]; 200| 0| x09 += state[9]; 201| 0| x10 += state[10]; 202| 0| x11 += state[11]; 203| 0| x12 += state[12]; 204| 0| x13 += state[13]; 205| 0| x14 += state[14]; 206| 0| x15 += state[15]; 207| | 208| 0| store_le(x00, output + 64 * i + 4 * 0); 209| 0| store_le(x01, output + 64 * i + 4 * 1); 210| 0| store_le(x02, output + 64 * i + 4 * 2); 211| 0| store_le(x03, output + 64 * i + 4 * 3); 212| 0| store_le(x04, output + 64 * i + 4 * 4); 213| 0| store_le(x05, output + 64 * i + 4 * 5); 214| 0| store_le(x06, output + 64 * i + 4 * 6); 215| 0| store_le(x07, output + 64 * i + 4 * 7); 216| 0| store_le(x08, output + 64 * i + 4 * 8); 217| 0| store_le(x09, output + 64 * i + 4 * 9); 218| 0| store_le(x10, output + 64 * i + 4 * 10); 219| 0| store_le(x11, output + 64 * i + 4 * 11); 220| 0| store_le(x12, output + 64 * i + 4 * 12); 221| 0| store_le(x13, output + 64 * i + 4 * 13); 222| 0| store_le(x14, output + 64 * i + 4 * 14); 223| 0| store_le(x15, output + 64 * i + 4 * 15); 224| | 225| 0| state[12]++; 226| 0| if(state[12] == 0) { ------------------ | Branch (226:10): [True: 0, False: 0] ------------------ 227| 0| state[13] += 1; 228| 0| } 229| 0| } 230| 3.07k|} _ZN5Botan6ChaCha18generate_keystreamEPhm: 255| 40.8k|void ChaCha::generate_keystream(uint8_t out[], size_t length) { 256| 40.8k| assert_key_material_set(); 257| | 258| 43.9k| while(length >= m_buffer.size() - m_position) { ------------------ | Branch (258:10): [True: 3.06k, False: 40.8k] ------------------ 259| 3.06k| const size_t available = m_buffer.size() - m_position; 260| | 261| | // TODO: this could write directly to the output buffer 262| | // instead of bouncing it through m_buffer first 263| 3.06k| copy_mem(out, &m_buffer[m_position], available); 264| 3.06k| chacha(m_buffer.data(), m_buffer.size() / 64, m_state.data(), m_rounds); 265| | 266| 3.06k| length -= available; 267| 3.06k| out += available; 268| 3.06k| m_position = 0; 269| 3.06k| } 270| | 271| 40.8k| copy_mem(out, &m_buffer[m_position], length); 272| | 273| 40.8k| m_position += length; 274| 40.8k|} _ZN5Botan6ChaCha16initialize_stateEv: 276| 2|void ChaCha::initialize_state() { 277| 2| static const uint32_t TAU[] = {0x61707865, 0x3120646e, 0x79622d36, 0x6b206574}; 278| | 279| 2| static const uint32_t SIGMA[] = {0x61707865, 0x3320646e, 0x79622d32, 0x6b206574}; 280| | 281| 2| m_state[4] = m_key[0]; 282| 2| m_state[5] = m_key[1]; 283| 2| m_state[6] = m_key[2]; 284| 2| m_state[7] = m_key[3]; 285| | 286| 2| if(m_key.size() == 4) { ------------------ | Branch (286:7): [True: 0, False: 2] ------------------ 287| 0| m_state[0] = TAU[0]; 288| 0| m_state[1] = TAU[1]; 289| 0| m_state[2] = TAU[2]; 290| 0| m_state[3] = TAU[3]; 291| | 292| 0| m_state[8] = m_key[0]; 293| 0| m_state[9] = m_key[1]; 294| 0| m_state[10] = m_key[2]; 295| 0| m_state[11] = m_key[3]; 296| 2| } else { 297| 2| m_state[0] = SIGMA[0]; 298| 2| m_state[1] = SIGMA[1]; 299| 2| m_state[2] = SIGMA[2]; 300| 2| m_state[3] = SIGMA[3]; 301| | 302| 2| m_state[8] = m_key[4]; 303| 2| m_state[9] = m_key[5]; 304| 2| m_state[10] = m_key[6]; 305| 2| m_state[11] = m_key[7]; 306| 2| } 307| | 308| 2| m_state[12] = 0; 309| 2| m_state[13] = 0; 310| 2| m_state[14] = 0; 311| 2| m_state[15] = 0; 312| | 313| 2| m_position = 0; 314| 2|} _ZNK5Botan6ChaCha19has_keying_materialEv: 316| 40.8k|bool ChaCha::has_keying_material() const { 317| 40.8k| return !m_state.empty(); 318| 40.8k|} _ZN5Botan6ChaCha12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 327| 2|void ChaCha::key_schedule(std::span key) { 328| 2| m_key.resize(key.size() / 4); 329| 2| load_le(m_key.data(), key.data(), m_key.size()); 330| | 331| 2| m_state.resize(16); 332| | 333| 2| const size_t chacha_block = 64; 334| 2| m_buffer.resize(parallelism() * chacha_block); 335| | 336| 2| set_iv(nullptr, 0); 337| 2|} _ZNK5Botan6ChaCha8key_specEv: 343| 2|Key_Length_Specification ChaCha::key_spec() const { 344| 2| return Key_Length_Specification(16, 32, 16); 345| 2|} _ZNK5Botan6ChaCha15valid_iv_lengthEm: 351| 2|bool ChaCha::valid_iv_length(size_t iv_len) const { 352| 2| return (iv_len == 0 || iv_len == 8 || iv_len == 12 || iv_len == 24); ------------------ | Branch (352:12): [True: 2, False: 0] | Branch (352:27): [True: 0, False: 0] | Branch (352:42): [True: 0, False: 0] | Branch (352:58): [True: 0, False: 0] ------------------ 353| 2|} _ZN5Botan6ChaCha12set_iv_bytesEPKhm: 355| 2|void ChaCha::set_iv_bytes(const uint8_t iv[], size_t length) { 356| 2| assert_key_material_set(); 357| | 358| 2| if(!valid_iv_length(length)) { ------------------ | Branch (358:7): [True: 0, False: 2] ------------------ 359| 0| throw Invalid_IV_Length(name(), length); 360| 0| } 361| | 362| 2| initialize_state(); 363| | 364| 2| if(length == 0) { ------------------ | Branch (364:7): [True: 2, False: 0] ------------------ 365| | // Treat zero length IV same as an all-zero IV 366| 2| m_state[14] = 0; 367| 2| m_state[15] = 0; 368| 2| } else if(length == 8) { ------------------ | Branch (368:14): [True: 0, False: 0] ------------------ 369| 0| m_state[14] = load_le(iv, 0); 370| 0| m_state[15] = load_le(iv, 1); 371| 0| } else if(length == 12) { ------------------ | Branch (371:14): [True: 0, False: 0] ------------------ 372| 0| m_state[13] = load_le(iv, 0); 373| 0| m_state[14] = load_le(iv, 1); 374| 0| m_state[15] = load_le(iv, 2); 375| 0| } else if(length == 24) { ------------------ | Branch (375:14): [True: 0, False: 0] ------------------ 376| 0| m_state[12] = load_le(iv, 0); 377| 0| m_state[13] = load_le(iv, 1); 378| 0| m_state[14] = load_le(iv, 2); 379| 0| m_state[15] = load_le(iv, 3); 380| | 381| 0| secure_vector hc(8); 382| 0| hchacha(hc.data(), m_state.data(), m_rounds); 383| | 384| 0| m_state[4] = hc[0]; 385| 0| m_state[5] = hc[1]; 386| 0| m_state[6] = hc[2]; 387| 0| m_state[7] = hc[3]; 388| 0| m_state[8] = hc[4]; 389| 0| m_state[9] = hc[5]; 390| 0| m_state[10] = hc[6]; 391| 0| m_state[11] = hc[7]; 392| 0| m_state[12] = 0; 393| 0| m_state[13] = 0; 394| 0| m_state[14] = load_le(iv, 4); 395| 0| m_state[15] = load_le(iv, 5); 396| 0| } 397| | 398| 2| chacha(m_buffer.data(), m_buffer.size() / 64, m_state.data(), m_rounds); 399| 2| m_position = 0; 400| 2|} _ZN5Botan6ChaCha14chacha_avx2_x8EPhPjm: 15| 3.07k|void BOTAN_FN_ISA_AVX2 ChaCha::chacha_avx2_x8(uint8_t output[64 * 8], uint32_t state[16], size_t rounds) { 16| 3.07k| SIMD_8x32::reset_registers(); 17| | 18| 3.07k| BOTAN_ASSERT(rounds % 2 == 0, "Valid rounds"); ------------------ | | 64| 3.07k| do { \ | | 65| 3.07k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 3.07k| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 3.07k] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 3.07k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 3.07k] | | ------------------ ------------------ 19| 3.07k| const SIMD_8x32 CTR0 = SIMD_8x32(0, 1, 2, 3, 4, 5, 6, 7); 20| | 21| 3.07k| const uint32_t C = 0xFFFFFFFF - state[12]; 22| | // NOLINTNEXTLINE(*-implicit-bool-conversion) 23| 3.07k| const SIMD_8x32 CTR1 = SIMD_8x32(0, C < 1, C < 2, C < 3, C < 4, C < 5, C < 6, C < 7); 24| | 25| 3.07k| SIMD_8x32 R00 = SIMD_8x32::splat(state[0]); 26| 3.07k| SIMD_8x32 R01 = SIMD_8x32::splat(state[1]); 27| 3.07k| SIMD_8x32 R02 = SIMD_8x32::splat(state[2]); 28| 3.07k| SIMD_8x32 R03 = SIMD_8x32::splat(state[3]); 29| 3.07k| SIMD_8x32 R04 = SIMD_8x32::splat(state[4]); 30| 3.07k| SIMD_8x32 R05 = SIMD_8x32::splat(state[5]); 31| 3.07k| SIMD_8x32 R06 = SIMD_8x32::splat(state[6]); 32| 3.07k| SIMD_8x32 R07 = SIMD_8x32::splat(state[7]); 33| 3.07k| SIMD_8x32 R08 = SIMD_8x32::splat(state[8]); 34| 3.07k| SIMD_8x32 R09 = SIMD_8x32::splat(state[9]); 35| 3.07k| SIMD_8x32 R10 = SIMD_8x32::splat(state[10]); 36| 3.07k| SIMD_8x32 R11 = SIMD_8x32::splat(state[11]); 37| 3.07k| SIMD_8x32 R12 = SIMD_8x32::splat(state[12]) + CTR0; 38| 3.07k| SIMD_8x32 R13 = SIMD_8x32::splat(state[13]) + CTR1; 39| 3.07k| SIMD_8x32 R14 = SIMD_8x32::splat(state[14]); 40| 3.07k| SIMD_8x32 R15 = SIMD_8x32::splat(state[15]); 41| | 42| 33.7k| for(size_t r = 0; r != rounds / 2; ++r) { ------------------ | Branch (42:22): [True: 30.7k, False: 3.07k] ------------------ 43| 30.7k| R00 += R04; 44| 30.7k| R01 += R05; 45| 30.7k| R02 += R06; 46| 30.7k| R03 += R07; 47| | 48| 30.7k| R12 ^= R00; 49| 30.7k| R13 ^= R01; 50| 30.7k| R14 ^= R02; 51| 30.7k| R15 ^= R03; 52| | 53| 30.7k| R12 = R12.rotl<16>(); 54| 30.7k| R13 = R13.rotl<16>(); 55| 30.7k| R14 = R14.rotl<16>(); 56| 30.7k| R15 = R15.rotl<16>(); 57| | 58| 30.7k| R08 += R12; 59| 30.7k| R09 += R13; 60| 30.7k| R10 += R14; 61| 30.7k| R11 += R15; 62| | 63| 30.7k| R04 ^= R08; 64| 30.7k| R05 ^= R09; 65| 30.7k| R06 ^= R10; 66| 30.7k| R07 ^= R11; 67| | 68| 30.7k| R04 = R04.rotl<12>(); 69| 30.7k| R05 = R05.rotl<12>(); 70| 30.7k| R06 = R06.rotl<12>(); 71| 30.7k| R07 = R07.rotl<12>(); 72| | 73| 30.7k| R00 += R04; 74| 30.7k| R01 += R05; 75| 30.7k| R02 += R06; 76| 30.7k| R03 += R07; 77| | 78| 30.7k| R12 ^= R00; 79| 30.7k| R13 ^= R01; 80| 30.7k| R14 ^= R02; 81| 30.7k| R15 ^= R03; 82| | 83| 30.7k| R12 = R12.rotl<8>(); 84| 30.7k| R13 = R13.rotl<8>(); 85| 30.7k| R14 = R14.rotl<8>(); 86| 30.7k| R15 = R15.rotl<8>(); 87| | 88| 30.7k| R08 += R12; 89| 30.7k| R09 += R13; 90| 30.7k| R10 += R14; 91| 30.7k| R11 += R15; 92| | 93| 30.7k| R04 ^= R08; 94| 30.7k| R05 ^= R09; 95| 30.7k| R06 ^= R10; 96| 30.7k| R07 ^= R11; 97| | 98| 30.7k| R04 = R04.rotl<7>(); 99| 30.7k| R05 = R05.rotl<7>(); 100| 30.7k| R06 = R06.rotl<7>(); 101| 30.7k| R07 = R07.rotl<7>(); 102| | 103| 30.7k| R00 += R05; 104| 30.7k| R01 += R06; 105| 30.7k| R02 += R07; 106| 30.7k| R03 += R04; 107| | 108| 30.7k| R15 ^= R00; 109| 30.7k| R12 ^= R01; 110| 30.7k| R13 ^= R02; 111| 30.7k| R14 ^= R03; 112| | 113| 30.7k| R15 = R15.rotl<16>(); 114| 30.7k| R12 = R12.rotl<16>(); 115| 30.7k| R13 = R13.rotl<16>(); 116| 30.7k| R14 = R14.rotl<16>(); 117| | 118| 30.7k| R10 += R15; 119| 30.7k| R11 += R12; 120| 30.7k| R08 += R13; 121| 30.7k| R09 += R14; 122| | 123| 30.7k| R05 ^= R10; 124| 30.7k| R06 ^= R11; 125| 30.7k| R07 ^= R08; 126| 30.7k| R04 ^= R09; 127| | 128| 30.7k| R05 = R05.rotl<12>(); 129| 30.7k| R06 = R06.rotl<12>(); 130| 30.7k| R07 = R07.rotl<12>(); 131| 30.7k| R04 = R04.rotl<12>(); 132| | 133| 30.7k| R00 += R05; 134| 30.7k| R01 += R06; 135| 30.7k| R02 += R07; 136| 30.7k| R03 += R04; 137| | 138| 30.7k| R15 ^= R00; 139| 30.7k| R12 ^= R01; 140| 30.7k| R13 ^= R02; 141| 30.7k| R14 ^= R03; 142| | 143| 30.7k| R15 = R15.rotl<8>(); 144| 30.7k| R12 = R12.rotl<8>(); 145| 30.7k| R13 = R13.rotl<8>(); 146| 30.7k| R14 = R14.rotl<8>(); 147| | 148| 30.7k| R10 += R15; 149| 30.7k| R11 += R12; 150| 30.7k| R08 += R13; 151| 30.7k| R09 += R14; 152| | 153| 30.7k| R05 ^= R10; 154| 30.7k| R06 ^= R11; 155| 30.7k| R07 ^= R08; 156| 30.7k| R04 ^= R09; 157| | 158| 30.7k| R05 = R05.rotl<7>(); 159| 30.7k| R06 = R06.rotl<7>(); 160| 30.7k| R07 = R07.rotl<7>(); 161| 30.7k| R04 = R04.rotl<7>(); 162| 30.7k| } 163| | 164| 3.07k| R00 += SIMD_8x32::splat(state[0]); 165| 3.07k| R01 += SIMD_8x32::splat(state[1]); 166| 3.07k| R02 += SIMD_8x32::splat(state[2]); 167| 3.07k| R03 += SIMD_8x32::splat(state[3]); 168| 3.07k| R04 += SIMD_8x32::splat(state[4]); 169| 3.07k| R05 += SIMD_8x32::splat(state[5]); 170| 3.07k| R06 += SIMD_8x32::splat(state[6]); 171| 3.07k| R07 += SIMD_8x32::splat(state[7]); 172| 3.07k| R08 += SIMD_8x32::splat(state[8]); 173| 3.07k| R09 += SIMD_8x32::splat(state[9]); 174| 3.07k| R10 += SIMD_8x32::splat(state[10]); 175| 3.07k| R11 += SIMD_8x32::splat(state[11]); 176| 3.07k| R12 += SIMD_8x32::splat(state[12]) + CTR0; 177| 3.07k| R13 += SIMD_8x32::splat(state[13]) + CTR1; 178| 3.07k| R14 += SIMD_8x32::splat(state[14]); 179| 3.07k| R15 += SIMD_8x32::splat(state[15]); 180| | 181| 3.07k| SIMD_8x32::transpose(R00, R01, R02, R03, R04, R05, R06, R07); 182| 3.07k| SIMD_8x32::transpose(R08, R09, R10, R11, R12, R13, R14, R15); 183| | 184| 3.07k| R00.store_le(output); 185| 3.07k| R08.store_le(output + 32 * 1); 186| 3.07k| R01.store_le(output + 32 * 2); 187| 3.07k| R09.store_le(output + 32 * 3); 188| 3.07k| R02.store_le(output + 32 * 4); 189| 3.07k| R10.store_le(output + 32 * 5); 190| 3.07k| R03.store_le(output + 32 * 6); 191| 3.07k| R11.store_le(output + 32 * 7); 192| 3.07k| R04.store_le(output + 32 * 8); 193| 3.07k| R12.store_le(output + 32 * 9); 194| 3.07k| R05.store_le(output + 32 * 10); 195| 3.07k| R13.store_le(output + 32 * 11); 196| 3.07k| R06.store_le(output + 32 * 12); 197| 3.07k| R14.store_le(output + 32 * 13); 198| 3.07k| R07.store_le(output + 32 * 14); 199| 3.07k| R15.store_le(output + 32 * 15); 200| | 201| 3.07k| SIMD_8x32::zero_registers(); 202| | 203| 3.07k| state[12] += 8; 204| 3.07k| if(state[12] < 8) { ------------------ | Branch (204:7): [True: 0, False: 3.07k] ------------------ 205| 0| state[13]++; 206| 0| } 207| 3.07k|} _ZN5Botan6CTR_BEC2ENSt3__110unique_ptrINS_11BlockCipherENS1_14default_deleteIS3_EEEEm: 31| 93| m_cipher(std::move(cipher)), 32| 93| m_block_size(m_cipher->block_size()), 33| 93| m_ctr_size(ctr_size), 34| 93| m_ctr_blocks(m_cipher->parallel_bytes() / m_block_size), 35| 93| m_counter(m_cipher->parallel_bytes()), 36| 93| m_pad(m_counter.size()), 37| 93| m_pad_pos(0) { 38| 93| BOTAN_ARG_CHECK(m_ctr_size >= 4 && m_ctr_size <= m_block_size, "Invalid CTR-BE counter size"); ------------------ | | 35| 93| do { \ | | 36| 93| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 186| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 93, False: 0] | | | Branch (37:12): [True: 93, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 93| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 93] | | ------------------ ------------------ 39| 93|} _ZNK5Botan6CTR_BE15valid_iv_lengthEm: 53| 275|bool CTR_BE::valid_iv_length(size_t iv_len) const { 54| 275| return (iv_len <= m_block_size); 55| 275|} _ZNK5Botan6CTR_BE8key_specEv: 61| 186|Key_Length_Specification CTR_BE::key_spec() const { 62| 186| return m_cipher->key_spec(); 63| 186|} _ZNK5Botan6CTR_BE19has_keying_materialEv: 69| 545|bool CTR_BE::has_keying_material() const { 70| 545| return m_cipher->has_keying_material(); 71| 545|} _ZN5Botan6CTR_BE12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 73| 93|void CTR_BE::key_schedule(std::span key) { 74| 93| m_cipher->set_key(key); 75| | 76| | // Set a default all-zeros IV 77| 93| set_iv(nullptr, 0); 78| 93|} _ZN5Botan6CTR_BE12cipher_bytesEPKhPhm: 88| 270|void CTR_BE::cipher_bytes(const uint8_t in[], uint8_t out[], size_t length) { 89| 270| assert_key_material_set(); 90| | 91| 270| const uint8_t* pad_bits = m_pad.data(); 92| 270| const size_t pad_size = m_pad.size(); 93| | 94| | /* Consume any already computed keystream in m_pad */ 95| | 96| 270| if(m_pad_pos > 0) { ------------------ | Branch (96:7): [True: 88, False: 182] ------------------ 97| 88| const size_t avail = pad_size - m_pad_pos; 98| 88| const size_t take = std::min(length, avail); 99| 88| xor_buf(out, in, pad_bits + m_pad_pos, take); 100| 88| length -= take; 101| 88| in += take; 102| 88| out += take; 103| 88| m_pad_pos += take; 104| | 105| 88| if(take == avail) { ------------------ | Branch (105:10): [True: 35, False: 53] ------------------ 106| 35| add_counter(m_ctr_blocks); 107| 35| m_cipher->encrypt_n(m_counter.data(), m_pad.data(), m_ctr_blocks); 108| 35| m_pad_pos = 0; 109| 35| } 110| 88| } 111| | 112| | /* Bulk processing */ 113| | 114| 270| [[maybe_unused]] const bool can_use_bs16_ctr4_fastpath = m_block_size == 16 && m_ctr_size == 4 && pad_size % 64 == 0; ------------------ | Branch (114:61): [True: 270, False: 0] | Branch (114:83): [True: 270, False: 0] | Branch (114:102): [True: 270, False: 0] ------------------ 115| | 116| 270|#if defined(BOTAN_HAS_CTR_BE_AVX2) 117| 270| if(length >= pad_size && can_use_bs16_ctr4_fastpath && CPUID::has(CPUID::Feature::AVX2)) { ------------------ | Branch (117:7): [True: 22, False: 248] | Branch (117:29): [True: 22, False: 0] | Branch (117:59): [True: 22, False: 0] ------------------ 118| 22| const size_t consumed = ctr_proc_bs16_ctr4_avx2(in, out, length); 119| 22| in += consumed; 120| 22| out += consumed; 121| 22| length -= consumed; 122| 22| } 123| 270|#endif 124| | 125| 270|#if defined(BOTAN_HAS_CTR_BE_SIMD32) 126| 270| if(length >= pad_size && can_use_bs16_ctr4_fastpath && CPUID::has(CPUID::Feature::SIMD_4X32)) { ------------------ | Branch (126:7): [True: 0, False: 270] | Branch (126:29): [True: 0, False: 0] | Branch (126:59): [True: 0, False: 0] ------------------ 127| 0| const size_t consumed = ctr_proc_bs16_ctr4_simd32(in, out, length); 128| 0| in += consumed; 129| 0| out += consumed; 130| 0| length -= consumed; 131| 0| } 132| 270|#endif 133| | 134| 270| while(length >= pad_size) { ------------------ | Branch (134:10): [True: 0, False: 270] ------------------ 135| 0| xor_buf(out, in, pad_bits, pad_size); 136| 0| length -= pad_size; 137| 0| in += pad_size; 138| 0| out += pad_size; 139| | 140| 0| add_counter(m_ctr_blocks); 141| 0| m_cipher->encrypt_n(m_counter.data(), m_pad.data(), m_ctr_blocks); 142| 0| } 143| | 144| | /* Now if length > 0 then we have some remaining text, and m_pad is full - consume as required */ 145| 270| if(length > 0) { ------------------ | Branch (145:7): [True: 217, False: 53] ------------------ 146| 217| xor_buf(out, in, pad_bits, length); 147| 217| m_pad_pos = length; 148| 217| } 149| 270|} _ZN5Botan6CTR_BE12set_iv_bytesEPKhm: 180| 275|void CTR_BE::set_iv_bytes(const uint8_t iv[], size_t iv_len) { 181| 275| if(!valid_iv_length(iv_len)) { ------------------ | Branch (181:7): [True: 0, False: 275] ------------------ 182| 0| throw Invalid_IV_Length(name(), iv_len); 183| 0| } 184| | 185| 275| m_iv.resize(m_block_size); 186| 275| zeroise(m_iv); 187| 275| copy_mem(m_iv.data(), iv, iv_len); 188| | 189| 275| seek(0); 190| 275|} _ZN5Botan6CTR_BE11add_counterEm: 192| 35|void CTR_BE::add_counter(const uint64_t counter) { 193| 35| const size_t ctr_size = m_ctr_size; 194| 35| const size_t ctr_blocks = m_ctr_blocks; 195| 35| const size_t BS = m_block_size; 196| | 197| 35| if(ctr_size == 4) { ------------------ | Branch (197:7): [True: 35, False: 0] ------------------ 198| 35| const size_t off = (BS - 4); 199| 35| const uint32_t low32 = static_cast(counter + load_be(&m_counter[off], 0)); 200| | 201| 595| for(size_t i = 0; i != ctr_blocks; ++i) { ------------------ | Branch (201:25): [True: 560, False: 35] ------------------ 202| 560| store_be(uint32_t(low32 + i), &m_counter[i * BS + off]); 203| 560| } 204| 35| } else if(ctr_size == 8) { ------------------ | Branch (204:14): [True: 0, False: 0] ------------------ 205| 0| const size_t off = (BS - 8); 206| 0| const uint64_t low64 = counter + load_be(&m_counter[off], 0); 207| | 208| 0| for(size_t i = 0; i != ctr_blocks; ++i) { ------------------ | Branch (208:25): [True: 0, False: 0] ------------------ 209| 0| store_be(uint64_t(low64 + i), &m_counter[i * BS + off]); 210| 0| } 211| 0| } else if(ctr_size == 16) { ------------------ | Branch (211:14): [True: 0, False: 0] ------------------ 212| 0| const size_t off = (BS - 16); 213| 0| uint64_t b0 = load_be(&m_counter[off], 0); 214| 0| uint64_t b1 = load_be(&m_counter[off], 1); 215| 0| b1 += counter; 216| 0| b0 += (b1 < counter) ? 1 : 0; // carry ------------------ | Branch (216:13): [True: 0, False: 0] ------------------ 217| | 218| 0| for(size_t i = 0; i != ctr_blocks; ++i) { ------------------ | Branch (218:25): [True: 0, False: 0] ------------------ 219| 0| store_be(b0, &m_counter[i * BS + off]); 220| 0| store_be(b1, &m_counter[i * BS + off + 8]); 221| 0| b1 += 1; 222| 0| if(b1 == 0) { ------------------ | Branch (222:13): [True: 0, False: 0] ------------------ 223| 0| b0 += 1; // carry 224| 0| } 225| 0| } 226| 0| } else { 227| 0| for(size_t i = 0; i != ctr_blocks; ++i) { ------------------ | Branch (227:25): [True: 0, False: 0] ------------------ 228| 0| uint64_t local_counter = counter; 229| 0| uint16_t carry = static_cast(local_counter); 230| 0| for(size_t j = 0; (carry > 0 || local_counter > 0) && j != ctr_size; ++j) { ------------------ | Branch (230:29): [True: 0, False: 0] | Branch (230:42): [True: 0, False: 0] | Branch (230:64): [True: 0, False: 0] ------------------ 231| 0| const size_t off = i * BS + (BS - 1 - j); 232| 0| const uint16_t cnt = static_cast(m_counter[off]) + carry; 233| 0| m_counter[off] = static_cast(cnt); 234| 0| local_counter = (local_counter >> 8); 235| 0| carry = (cnt >> 8) + static_cast(local_counter); 236| 0| } 237| 0| } 238| 0| } 239| 35|} _ZN5Botan6CTR_BE4seekEm: 241| 275|void CTR_BE::seek(uint64_t offset) { 242| 275| assert_key_material_set(); 243| | 244| 275| const uint64_t base_counter = m_ctr_blocks * (offset / m_counter.size()); 245| | 246| 275| zeroise(m_counter); 247| 275| BOTAN_ASSERT_NOMSG(m_counter.size() >= m_iv.size()); ------------------ | | 77| 275| do { \ | | 78| 275| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 275| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 275] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 275| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 275] | | ------------------ ------------------ 248| 275| copy_mem(m_counter.data(), m_iv.data(), m_iv.size()); 249| | 250| 275| const size_t BS = m_block_size; 251| | 252| | // Set m_counter blocks to IV, IV + 1, ... IV + n 253| | 254| 275| if(m_ctr_size == 4 && BS >= 8) { ------------------ | Branch (254:7): [True: 275, False: 0] | Branch (254:26): [True: 275, False: 0] ------------------ 255| 275| const uint32_t low32 = load_be(&m_counter[BS - 4], 0); 256| | 257| 275| if(m_ctr_blocks >= 4 && is_power_of_2(m_ctr_blocks)) { ------------------ | Branch (257:10): [True: 275, False: 0] | Branch (257:31): [True: 275, False: 0] ------------------ 258| 275| size_t written = 1; 259| 1.37k| while(written < m_ctr_blocks) { ------------------ | Branch (259:16): [True: 1.10k, False: 275] ------------------ 260| 1.10k| copy_mem(&m_counter[written * BS], &m_counter[0], BS * written); // NOLINT(*container-data-pointer) 261| 1.10k| written *= 2; 262| 1.10k| } 263| 275| } else { 264| 0| for(size_t i = 1; i != m_ctr_blocks; ++i) { ------------------ | Branch (264:28): [True: 0, False: 0] ------------------ 265| 0| copy_mem(&m_counter[i * BS], &m_counter[0], BS - 4); // NOLINT(*container-data-pointer) 266| 0| } 267| 0| } 268| | 269| 4.40k| for(size_t i = 1; i != m_ctr_blocks; ++i) { ------------------ | Branch (269:25): [True: 4.12k, False: 275] ------------------ 270| 4.12k| const uint32_t c = static_cast(low32 + i); 271| 4.12k| store_be(c, &m_counter[(BS - 4) + i * BS]); 272| 4.12k| } 273| 275| } else { 274| | // do everything sequentially: 275| 0| for(size_t i = 1; i != m_ctr_blocks; ++i) { ------------------ | Branch (275:25): [True: 0, False: 0] ------------------ 276| 0| copy_mem(&m_counter[i * BS], &m_counter[(i - 1) * BS], BS); 277| | 278| 0| for(size_t j = 0; j != m_ctr_size; ++j) { ------------------ | Branch (278:28): [True: 0, False: 0] ------------------ 279| 0| uint8_t& c = m_counter[i * BS + (BS - 1 - j)]; 280| 0| c += 1; 281| 0| if(c > 0) { ------------------ | Branch (281:16): [True: 0, False: 0] ------------------ 282| 0| break; 283| 0| } 284| 0| } 285| 0| } 286| 0| } 287| | 288| 275| if(base_counter > 0) { ------------------ | Branch (288:7): [True: 0, False: 275] ------------------ 289| 0| add_counter(base_counter); 290| 0| } 291| | 292| 275| m_cipher->encrypt_n(m_counter.data(), m_pad.data(), m_ctr_blocks); 293| 275| m_pad_pos = offset % m_counter.size(); 294| 275|} _ZN5Botan6CTR_BE23ctr_proc_bs16_ctr4_avx2EPKhPhm: 15| 22|size_t CTR_BE::ctr_proc_bs16_ctr4_avx2(const uint8_t* in, uint8_t* out, size_t length) { 16| 22| BOTAN_ASSERT_NOMSG(m_pad.size() % 64 == 0); ------------------ | | 77| 22| do { \ | | 78| 22| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 22| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 22] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 22| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 22] | | ------------------ ------------------ 17| 22| BOTAN_DEBUG_ASSERT(m_counter.size() == m_pad.size()); ------------------ | | 130| 22| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 22| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 22] | | ------------------ ------------------ 18| | 19| 22| const size_t pad_size = m_pad.size(); 20| 22| if(length < pad_size) { ------------------ | Branch (20:7): [True: 0, False: 22] ------------------ 21| 0| return 0; 22| 0| } 23| | 24| 22| const size_t ctr_blocks = m_ctr_blocks; 25| | 26| | /* 27| | * Byte swap table that swaps only the counter bytes and not the nonce bytes 28| | */ 29| 22| const SIMD_8x32 bswap_ctr( 30| 22| 0x03020100, 0x07060504, 0x0B0A0908, 0x0C0D0E0F, 0x03020100, 0x07060504, 0x0B0A0908, 0x0C0D0E0F); 31| | 32| | // Load the starting counter value, bswap the counter field itself so we can add 33| 22| const SIMD_8x32 starting_ctr = SIMD_8x32::byte_shuffle(SIMD_8x32::load_le128(m_counter.data()), bswap_ctr); 34| | 35| | // Counter is incremented 4 blocks at a time (2 per register, 2 registers) 36| 22| const SIMD_8x32 inc4(0, 0, 0, 4); 37| | 38| 22| const uint32_t N = static_cast(ctr_blocks); 39| 22| SIMD_8x32 batch_ctr0 = starting_ctr + SIMD_8x32(0, 0, 0, N, 0, 0, 0, N + 1); 40| 22| SIMD_8x32 batch_ctr1 = starting_ctr + SIMD_8x32(0, 0, 0, N + 2, 0, 0, 0, N + 3); 41| 22| const uint8_t* pad_buf = m_pad.data(); 42| 22| uint8_t* ctr_buf = m_counter.data(); 43| | 44| 22| const size_t ctr_block_quads = ctr_blocks / 4; 45| | 46| 22| size_t processed = 0; 47| | 48| 209| while(length >= pad_size) { ------------------ | Branch (48:10): [True: 187, False: 22] ------------------ 49| 935| for(size_t i = 0; i != ctr_block_quads; ++i) { ------------------ | Branch (49:25): [True: 748, False: 187] ------------------ 50| 748| const size_t off = i * 64; 51| | 52| | // Store and update the counters 53| 748| SIMD_8x32::byte_shuffle(batch_ctr0, bswap_ctr).store_le(ctr_buf + off); 54| 748| SIMD_8x32::byte_shuffle(batch_ctr1, bswap_ctr).store_le(ctr_buf + off + 32); 55| 748| batch_ctr0 += inc4; 56| 748| batch_ctr1 += inc4; 57| | 58| 748| const auto p0 = SIMD_8x32::load_le(pad_buf + off); 59| 748| const auto p1 = SIMD_8x32::load_le(pad_buf + off + 32); 60| | 61| 748| auto i0 = SIMD_8x32::load_le(in + off); 62| 748| auto i1 = SIMD_8x32::load_le(in + off + 32); 63| | 64| 748| i0 ^= p0; 65| 748| i1 ^= p1; 66| | 67| 748| i0.store_le(out + off); 68| 748| i1.store_le(out + off + 32); 69| 748| } 70| | 71| 187| in += pad_size; 72| 187| out += pad_size; 73| 187| length -= pad_size; 74| 187| processed += pad_size; 75| | 76| | // Regenerate the pad buffer 77| 187| m_cipher->encrypt_n(m_counter.data(), m_pad.data(), ctr_blocks); 78| 187| } 79| | 80| 22| return processed; 81| 22|} _ZN5Botan12StreamCipher6createENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 40| 1|std::unique_ptr StreamCipher::create(std::string_view algo_spec, std::string_view provider) { 41| 1|#if defined(BOTAN_HAS_SHAKE_CIPHER) 42| 1| if(algo_spec == "SHAKE-128" || algo_spec == "SHAKE-128-XOF") { ------------------ | Branch (42:7): [True: 0, False: 1] | Branch (42:35): [True: 0, False: 1] ------------------ 43| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (43:10): [True: 0, False: 0] | Branch (43:30): [True: 0, False: 0] ------------------ 44| 0| return std::make_unique(); 45| 0| } 46| 0| } 47| | 48| 1| if(algo_spec == "SHAKE-256" || algo_spec == "SHAKE-256-XOF") { ------------------ | Branch (48:7): [True: 0, False: 1] | Branch (48:35): [True: 0, False: 1] ------------------ 49| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (49:10): [True: 0, False: 0] | Branch (49:30): [True: 0, False: 0] ------------------ 50| 0| return std::make_unique(); 51| 0| } 52| 0| } 53| 1|#endif 54| | 55| 1|#if defined(BOTAN_HAS_CHACHA) 56| 1| if(algo_spec == "ChaCha20") { ------------------ | Branch (56:7): [True: 0, False: 1] ------------------ 57| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (57:10): [True: 0, False: 0] | Branch (57:30): [True: 0, False: 0] ------------------ 58| 0| return std::make_unique(20); 59| 0| } 60| 0| } 61| 1|#endif 62| | 63| 1|#if defined(BOTAN_HAS_SALSA20) 64| 1| if(algo_spec == "Salsa20") { ------------------ | Branch (64:7): [True: 0, False: 1] ------------------ 65| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (65:10): [True: 0, False: 0] | Branch (65:30): [True: 0, False: 0] ------------------ 66| 0| return std::make_unique(); 67| 0| } 68| 0| } 69| 1|#endif 70| | 71| 1| const SCAN_Name req(algo_spec); 72| | 73| 1|#if defined(BOTAN_HAS_CTR_BE) 74| 1| if((req.algo_name() == "CTR-BE" || req.algo_name() == "CTR") && req.arg_count_between(1, 2)) { ------------------ | Branch (74:8): [True: 0, False: 1] | Branch (74:39): [True: 0, False: 1] | Branch (74:68): [True: 0, False: 0] ------------------ 75| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (75:10): [True: 0, False: 0] | Branch (75:30): [True: 0, False: 0] ------------------ 76| 0| auto cipher = BlockCipher::create(req.arg(0)); 77| 0| if(cipher) { ------------------ | Branch (77:13): [True: 0, False: 0] ------------------ 78| 0| const size_t ctr_size = req.arg_as_integer(1, cipher->block_size()); 79| 0| return std::make_unique(std::move(cipher), ctr_size); 80| 0| } 81| 0| } 82| 0| } 83| 1|#endif 84| | 85| 1|#if defined(BOTAN_HAS_CHACHA) 86| 1| if(req.algo_name() == "ChaCha") { ------------------ | Branch (86:7): [True: 1, False: 0] ------------------ 87| 1| if(provider.empty() || provider == "base") { ------------------ | Branch (87:10): [True: 1, False: 0] | Branch (87:30): [True: 0, False: 0] ------------------ 88| 1| return std::make_unique(req.arg_as_integer(0, 20)); 89| 1| } 90| 1| } 91| 0|#endif 92| | 93| 0|#if defined(BOTAN_HAS_OFB) 94| 0| if(req.algo_name() == "OFB" && req.arg_count() == 1) { ------------------ | Branch (94:7): [True: 0, False: 0] | Branch (94:35): [True: 0, False: 0] ------------------ 95| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (95:10): [True: 0, False: 0] | Branch (95:30): [True: 0, False: 0] ------------------ 96| 0| if(auto cipher = BlockCipher::create(req.arg(0))) { ------------------ | Branch (96:18): [True: 0, False: 0] ------------------ 97| 0| return std::make_unique(std::move(cipher)); 98| 0| } 99| 0| } 100| 0| } 101| 0|#endif 102| | 103| 0|#if defined(BOTAN_HAS_RC4) 104| | 105| 0| if(req.algo_name() == "RC4" || req.algo_name() == "ARC4" || req.algo_name() == "MARK-4") { ------------------ | Branch (105:7): [True: 0, False: 0] | Branch (105:35): [True: 0, False: 0] | Branch (105:64): [True: 0, False: 0] ------------------ 106| 0| const size_t skip = (req.algo_name() == "MARK-4") ? 256 : req.arg_as_integer(0, 0); ------------------ | Branch (106:27): [True: 0, False: 0] ------------------ 107| | 108| 0| if(provider.empty() || provider == "base") { ------------------ | Branch (108:10): [True: 0, False: 0] | Branch (108:30): [True: 0, False: 0] ------------------ 109| 0| return std::make_unique(skip); 110| 0| } 111| 0| } 112| | 113| 0|#endif 114| | 115| 0| BOTAN_UNUSED(req); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 116| 0| BOTAN_UNUSED(provider); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 117| | 118| 0| return nullptr; 119| 0|} _ZN5Botan12StreamCipher15create_or_throwENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEES5_: 122| 1|std::unique_ptr StreamCipher::create_or_throw(std::string_view algo, std::string_view provider) { 123| 1| if(auto sc = StreamCipher::create(algo, provider)) { ------------------ | Branch (123:12): [True: 1, False: 0] ------------------ 124| 1| return sc; 125| 1| } 126| 0| throw Lookup_Error("Stream cipher", algo, provider); 127| 1|} _ZN5Botan19Credentials_Manager3pskERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEES9_S9_: 29| 11.0k| const std::string& identity) { 30| 11.0k| auto side = [&] { 31| 11.0k| if(type == "tls-client") { 32| 11.0k| return TLS::Connection_Side::Client; 33| 11.0k| } else if(type == "tls-server") { 34| 11.0k| return TLS::Connection_Side::Server; 35| 11.0k| } else { 36| 11.0k| throw Internal_Error(fmt("No PSK set for type {}", type)); 37| 11.0k| } 38| 11.0k| }(); 39| | 40| | // New applications should use the appropriate credentials methods. This is a 41| | // retrofit of the behaviour before Botan 3.2.0 and will be removed in a 42| | // future major release. 43| | // 44| | // TODO: deprecate `psk("...", "session-ticket" | "dtls-cookie-secret")` 45| 11.0k| if(side == TLS::Connection_Side::Server && context == "session-ticket") { ------------------ | Branch (45:7): [True: 11.0k, False: 0] | Branch (45:47): [True: 0, False: 11.0k] ------------------ 46| 0| if(auto key = session_ticket_key(); !key.empty()) { ------------------ | Branch (46:43): [True: 0, False: 0] ------------------ 47| 0| return SymmetricKey(std::move(key)); 48| 0| } 49| 11.0k| } else if(side == TLS::Connection_Side::Server && context == "dtls-cookie-secret") { ------------------ | Branch (49:14): [True: 11.0k, False: 0] | Branch (49:54): [True: 8.63k, False: 2.38k] ------------------ 50| 8.63k| if(auto key = dtls_cookie_secret(); !key.empty()) { ------------------ | Branch (50:43): [True: 8.63k, False: 0] ------------------ 51| 8.63k| return SymmetricKey(std::move(key)); 52| 8.63k| } 53| 8.63k| } else /* context is a host name */ { 54| | // Assuming that find_preshared_keys returns _exactly_ one or no keys when 55| | // searching for a single specific identity. 56| 2.38k| if(auto psks = find_preshared_keys(context, side, {identity}); psks.size() == 1) { ------------------ | Branch (56:70): [True: 2.35k, False: 30] ------------------ 57| 2.35k| return SymmetricKey(psks.front().extract_master_secret()); 58| 2.35k| } 59| 2.38k| } 60| | 61| 30| throw Internal_Error(fmt("No PSK set for identity {}", identity)); 62| 11.0k|} _ZN5Botan19Credentials_Manager19find_preshared_keysENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEENS_3TLS15Connection_SideERKNS1_6vectorINS1_12basic_stringIcS4_NS1_9allocatorIcEEEENSA_ISC_EEEERKNS1_8optionalISC_EE: 67| 30| const std::optional& /* prf */) { 68| 30| return {}; 69| 30|} _ZN5Botan19Credentials_Manager15find_cert_chainERKNSt3__16vectorINS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS6_IS8_EEEERKNS2_INS_19AlgorithmIdentifierENS6_ISD_EEEERKNS2_INS_7X509_DNENS6_ISI_EEEERKS8_SO_: 88| 6.78k| const std::string& context) { 89| 6.78k| return cert_chain(key_types, cert_signature_schemes, type, context); 90| 6.78k|} _ZN5Botan19Credentials_Manager22cert_chain_single_typeERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEERKNS1_6vectorINS_19AlgorithmIdentifierENS5_ISB_EEEES9_S9_: 109| 6.78k| const std::string& context) { 110| 6.78k| return find_cert_chain({cert_key_type}, cert_signature_schemes, std::vector(), type, context); 111| 6.78k|} _ZN5Botan19Credentials_Manager31trusted_certificate_authoritiesERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEES9_: 134| 3.22k| const std::string& /*unused*/) { 135| 3.22k| return std::vector(); 136| 3.22k|} credentials_manager.cpp:_ZZN5Botan19Credentials_Manager3pskERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEES9_S9_ENK3$_0clEv: 30| 11.0k| auto side = [&] { 31| 11.0k| if(type == "tls-client") { ------------------ | Branch (31:10): [True: 0, False: 11.0k] ------------------ 32| 0| return TLS::Connection_Side::Client; 33| 11.0k| } else if(type == "tls-server") { ------------------ | Branch (33:17): [True: 11.0k, False: 0] ------------------ 34| 11.0k| return TLS::Connection_Side::Server; 35| 11.0k| } else { 36| 0| throw Internal_Error(fmt("No PSK set for type {}", type)); 37| 0| } 38| 11.0k| }(); _ZN5Botan3TLS18Certificate_VerifyC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 20| 46|Certificate_Verify::Certificate_Verify(const std::vector& buf) { 21| 46| TLS_Data_Reader reader("CertificateVerify", buf); 22| | 23| 46| m_scheme = Signature_Scheme(reader.get_uint16_t()); 24| | // Somewhat oddly, the signature really is allowed to be empty in a CertificateVerify 25| 46| m_signature = reader.get_range(2, 0, 65535); 26| 46| reader.assert_done(); 27| | 28| 46| if(!m_scheme.is_set()) { ------------------ | Branch (28:7): [True: 3, False: 43] ------------------ 29| 3| throw Decoding_Error("Counterparty did not send hash/sig IDS"); 30| 3| } 31| 46|} _ZN5Botan3TLS17make_hello_randomERNS_21RandomNumberGeneratorERNS0_9CallbacksERKNS0_6PolicyE: 25| 6.45k|std::vector make_hello_random(RandomNumberGenerator& rng, Callbacks& cb, const Policy& policy) { 26| 6.45k| auto buf = rng.random_vec>(32); 27| | 28| 6.45k| if(policy.hash_hello_random()) { ------------------ | Branch (28:7): [True: 6.45k, False: 0] ------------------ 29| 6.45k| auto sha256 = HashFunction::create_or_throw("SHA-256"); 30| 6.45k| sha256->update(buf); 31| 6.45k| sha256->final(buf); 32| 6.45k| } 33| | 34| | // TLS 1.3 does not require the insertion of a timestamp in the client hello 35| | // random. When offering both TLS 1.2 and 1.3 we nevertheless comply with the 36| | // legacy specification. 37| 6.45k| if(policy.include_time_in_hello_random() && (policy.allow_tls12() || policy.allow_dtls12())) { ------------------ | Branch (37:7): [True: 6.45k, False: 0] | Branch (37:49): [True: 6.45k, False: 0] | Branch (37:73): [True: 0, False: 0] ------------------ 38| 6.45k| const uint32_t time32 = static_cast(std::chrono::system_clock::to_time_t(cb.tls_current_timestamp())); 39| | 40| 6.45k| store_be(time32, buf.data()); 41| 6.45k| } 42| | 43| 6.45k| return buf; 44| 6.45k|} _ZN5Botan3TLS21Client_Hello_InternalC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 46| 16.9k|Client_Hello_Internal::Client_Hello_Internal(const std::vector& buf) { 47| | /* 48| | Minimum possible client hello 49| | 50| | version: 2 bytes 51| | random: 32 bytes 52| | session_id len: 1 byte 53| | ciphersuite_len: 2 54| | ciphersuite (single): 2 55| | compression_len: 1 56| | compression (single): 1 57| | */ 58| | 59| 16.9k| constexpr size_t MinimumClientHelloBytes = 2 + 32 + 1 + 2 + 2 + 1 + 1; 60| 16.9k| if(buf.size() < MinimumClientHelloBytes) { ------------------ | Branch (60:7): [True: 22, False: 16.9k] ------------------ 61| 22| throw Decoding_Error("Client_Hello: Packet corrupted"); 62| 22| } 63| | 64| 16.9k| TLS_Data_Reader reader("ClientHello", buf); 65| | 66| 16.9k| const uint8_t major_version = reader.get_byte(); 67| 16.9k| const uint8_t minor_version = reader.get_byte(); 68| | 69| 16.9k| m_legacy_version = Protocol_Version(major_version, minor_version); 70| | 71| | // DTLS has an additional 1 byte cookie length field 72| 16.9k| if(m_legacy_version.is_datagram_protocol() && buf.size() < MinimumClientHelloBytes + 1) { ------------------ | Branch (72:7): [True: 9.35k, False: 7.59k] | Branch (72:50): [True: 2, False: 9.35k] ------------------ 73| 2| throw Decoding_Error("Client_Hello: DTLS packet corrupted"); 74| 2| } 75| | 76| 16.9k| m_random = reader.get_fixed(32); 77| 16.9k| m_session_id = Session_ID(reader.get_range(1, 0, 32)); 78| | 79| 16.9k| if(m_legacy_version.is_datagram_protocol()) { ------------------ | Branch (79:7): [True: 9.34k, False: 7.60k] ------------------ 80| 9.34k| auto sha256 = HashFunction::create_or_throw("SHA-256"); 81| 9.34k| sha256->update(reader.get_data_read_so_far()); 82| | 83| 9.34k| m_hello_cookie = reader.get_range(1, 0, 255); 84| | 85| 9.34k| sha256->update(reader.get_remaining()); 86| 9.34k| m_cookie_input_bits = sha256->final_stdvec(); 87| 9.34k| } 88| | 89| 16.9k| m_suites = reader.get_range_vector(2, 1, 32767); 90| 16.9k| m_comp_methods = reader.get_range_vector(1, 1, 255); 91| | 92| 16.9k| m_extensions.deserialize(reader, Connection_Side::Client, Handshake_Type::ClientHello); 93| 16.9k|} _ZNK5Botan3TLS21Client_Hello_Internal7versionEv: 95| 4.03k|Protocol_Version Client_Hello_Internal::version() const { 96| | // RFC 8446 4.2.1 97| | // If [the "supported_versions"] extension is not present, servers 98| | // which are compliant with this specification and which also support 99| | // TLS 1.2 MUST negotiate TLS 1.2 or prior as specified in [RFC5246], 100| | // even if ClientHello.legacy_version is 0x0304 or later. 101| | // 102| | // RFC 8446 4.2.1 103| | // Servers MUST be prepared to receive ClientHellos that include 104| | // [the supported_versions] extension but do not include 0x0304 in 105| | // the list of versions. 106| | // 107| | // RFC 8446 4.1.2 108| | // TLS 1.3 ClientHellos are identified as having a legacy_version of 109| | // 0x0303 and a supported_versions extension present with 0x0304 as 110| | // the highest version indicated therein. 111| 4.03k| if(!extensions().has() || ------------------ | Branch (111:7): [True: 3.94k, False: 95] ------------------ 112| 4.01k| !extensions().get()->supports(Protocol_Version::TLS_V13)) { ------------------ | Branch (112:7): [True: 66, False: 29] ------------------ 113| | // The exact legacy_version is ignored we just inspect it to 114| | // distinguish TLS and DTLS. 115| 4.01k| return (m_legacy_version.is_datagram_protocol()) ? Protocol_Version::DTLS_V12 : Protocol_Version::TLS_V12; ------------------ | Branch (115:14): [True: 524, False: 3.48k] ------------------ 116| 4.01k| } 117| | 118| | // Note: The Client_Hello_13 class will make sure that legacy_version 119| | // is exactly 0x0303 (aka ossified TLS 1.2) 120| 29| return Protocol_Version::TLS_V13; 121| 4.03k|} _ZN5Botan3TLS12Client_HelloC2EOS1_: 123| 36.0k|Client_Hello::Client_Hello(Client_Hello&&) noexcept = default; _ZN5Botan3TLS12Client_HelloD2Ev: 126| 52.2k|Client_Hello::~Client_Hello() = default; _ZN5Botan3TLS12Client_HelloC2ENSt3__110unique_ptrINS0_21Client_Hello_InternalENS2_14default_deleteIS4_EEEE: 133| 16.2k|Client_Hello::Client_Hello(std::unique_ptr data) : m_data(std::move(data)) { 134| 16.2k| BOTAN_ASSERT_NONNULL(m_data); ------------------ | | 116| 16.2k| do { \ | | 117| 16.2k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 16.2k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 16.2k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 16.2k] | | ------------------ ------------------ 135| 16.2k|} _ZNK5Botan3TLS12Client_Hello4typeEv: 137| 3.99k|Handshake_Type Client_Hello::type() const { 138| 3.99k| return Handshake_Type::ClientHello; 139| 3.99k|} _ZNK5Botan3TLS12Client_Hello14legacy_versionEv: 141| 12.2k|Protocol_Version Client_Hello::legacy_version() const { 142| 12.2k| return m_data->legacy_version(); 143| 12.2k|} _ZNK5Botan3TLS12Client_Hello6randomEv: 145| 1.59k|const std::vector& Client_Hello::random() const { 146| 1.59k| return m_data->random(); 147| 1.59k|} _ZNK5Botan3TLS12Client_Hello10session_idEv: 149| 3.37k|const Session_ID& Client_Hello::session_id() const { 150| 3.37k| return m_data->session_id(); 151| 3.37k|} _ZNK5Botan3TLS12Client_Hello19compression_methodsEv: 153| 12.1k|const std::vector& Client_Hello::compression_methods() const { 154| 12.1k| return m_data->comp_methods(); 155| 12.1k|} _ZNK5Botan3TLS12Client_Hello12ciphersuitesEv: 157| 3.39k|const std::vector& Client_Hello::ciphersuites() const { 158| 3.39k| return m_data->ciphersuites(); 159| 3.39k|} _ZNK5Botan3TLS12Client_Hello15extension_typesEv: 161| 3.11k|std::set Client_Hello::extension_types() const { 162| 3.11k| return m_data->extensions().extension_types(); 163| 3.11k|} _ZNK5Botan3TLS12Client_Hello10extensionsEv: 165| 3.39k|const Extensions& Client_Hello::extensions() const { 166| 3.39k| return m_data->extensions(); 167| 3.39k|} _ZNK5Botan3TLS12Client_Hello17cookie_input_dataEv: 200| 8.63k|std::vector Client_Hello::cookie_input_data() const { 201| 8.63k| BOTAN_STATE_CHECK(!m_data->hello_cookie_input_bits().empty()); ------------------ | | 51| 8.63k| do { \ | | 52| 8.63k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 8.63k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 8.63k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 8.63k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 8.63k] | | ------------------ ------------------ 202| | 203| 8.63k| return m_data->hello_cookie_input_bits(); 204| 8.63k|} _ZNK5Botan3TLS12Client_Hello13offered_suiteEt: 209| 12.2k|bool Client_Hello::offered_suite(uint16_t ciphersuite) const { 210| 12.2k| return std::find(m_data->ciphersuites().cbegin(), m_data->ciphersuites().cend(), ciphersuite) != 211| 12.2k| m_data->ciphersuites().cend(); 212| 12.2k|} _ZNK5Botan3TLS12Client_Hello17signature_schemesEv: 214| 6.77k|std::vector Client_Hello::signature_schemes() const { 215| 6.77k| if(const Signature_Algorithms* sigs = m_data->extensions().get()) { ------------------ | Branch (215:35): [True: 307, False: 6.47k] ------------------ 216| 307| return sigs->supported_schemes(); 217| 307| } 218| 6.47k| return {}; 219| 6.77k|} _ZNK5Botan3TLS12Client_Hello29certificate_signature_schemesEv: 221| 3.39k|std::vector Client_Hello::certificate_signature_schemes() const { 222| | // RFC 8446 4.2.3 223| | // If no "signature_algorithms_cert" extension is present, then the 224| | // "signature_algorithms" extension also applies to signatures appearing 225| | // in certificates. 226| 3.39k| if(const Signature_Algorithms_Cert* sigs = m_data->extensions().get()) { ------------------ | Branch (226:40): [True: 9, False: 3.38k] ------------------ 227| 9| return sigs->supported_schemes(); 228| 3.38k| } else { 229| 3.38k| return signature_schemes(); 230| 3.38k| } 231| 3.39k|} _ZNK5Botan3TLS12Client_Hello20supported_ecc_curvesEv: 233| 6.50k|std::vector Client_Hello::supported_ecc_curves() const { 234| 6.50k| if(const Supported_Groups* groups = m_data->extensions().get()) { ------------------ | Branch (234:31): [True: 6.29k, False: 209] ------------------ 235| 6.29k| return groups->ec_groups(); 236| 6.29k| } 237| 209| return {}; 238| 6.50k|} _ZNK5Botan3TLS12Client_Hello19supported_dh_groupsEv: 240| 6.78k|std::vector Client_Hello::supported_dh_groups() const { 241| 6.78k| if(const Supported_Groups* groups = m_data->extensions().get()) { ------------------ | Branch (241:31): [True: 6.37k, False: 418] ------------------ 242| 6.37k| return groups->dh_groups(); 243| 6.37k| } 244| 418| return std::vector(); 245| 6.78k|} _ZNK5Botan3TLS12Client_Hello12sni_hostnameEv: 247| 9.12k|std::string Client_Hello::sni_hostname() const { 248| 9.12k| if(const Server_Name_Indicator* sni = m_data->extensions().get()) { ------------------ | Branch (248:36): [True: 7, False: 9.12k] ------------------ 249| 7| return sni->host_name(); 250| 7| } 251| 9.12k| return ""; 252| 9.12k|} _ZNK5Botan3TLS12Client_Hello18supported_versionsEv: 254| 12.2k|std::vector Client_Hello::supported_versions() const { 255| 12.2k| if(const Supported_Versions* versions = m_data->extensions().get()) { ------------------ | Branch (255:33): [True: 420, False: 11.8k] ------------------ 256| 420| return versions->versions(); 257| 420| } 258| 11.8k| return {}; 259| 12.2k|} _ZNK5Botan3TLS12Client_Hello13supports_alpnEv: 261| 3.40k|bool Client_Hello::supports_alpn() const { 262| 3.40k| return m_data->extensions().has(); 263| 3.40k|} _ZNK5Botan3TLS12Client_Hello14next_protocolsEv: 269| 16|std::vector Client_Hello::next_protocols() const { 270| 16| if(auto* alpn = m_data->extensions().get()) { ------------------ | Branch (270:13): [True: 16, False: 0] ------------------ 271| 16| return alpn->protocols(); 272| 16| } 273| 0| return {}; 274| 16|} _ZNK5Botan3TLS12Client_Hello6cookieEv: 283| 8.63k|const std::vector& Client_Hello::cookie() const { 284| 8.63k| return m_data->hello_cookie(); 285| 8.63k|} _ZN5Botan3TLS20Client_Hello_12_ShimC2ENSt3__110unique_ptrINS0_21Client_Hello_InternalENS2_14default_deleteIS4_EEEE: 288| 16.2k| Client_Hello(std::move(data)) {} _ZN5Botan3TLS24make_server_hello_randomERNS_21RandomNumberGeneratorENS0_16Protocol_VersionERNS0_9CallbacksERKNS0_6PolicyE: 27| 3.22k| const Policy& policy) { 28| 3.22k| auto random = make_hello_random(rng, cb, policy); 29| | 30| | // RFC 8446 4.1.3 31| | // TLS 1.3 has a downgrade protection mechanism embedded in the server's 32| | // random value. TLS 1.3 servers which negotiate TLS 1.2 or below in 33| | // response to a ClientHello MUST set the last 8 bytes of their Random 34| | // value specially in their ServerHello. 35| | // 36| | // If negotiating TLS 1.2, TLS 1.3 servers MUST set the last 8 bytes of 37| | // their Random value to the bytes: [DOWNGRADE_TLS12] 38| 3.22k| if(offered_version.is_pre_tls_13() && policy.allow_tls13()) { ------------------ | Branch (38:7): [True: 3.22k, False: 0] | Branch (38:42): [True: 3.22k, False: 0] ------------------ 39| 3.22k| constexpr size_t downgrade_signal_length = sizeof(DOWNGRADE_TLS12); 40| 3.22k| BOTAN_ASSERT_NOMSG(random.size() >= downgrade_signal_length); ------------------ | | 77| 3.22k| do { \ | | 78| 3.22k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 3.22k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 3.22k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 3.22k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 3.22k] | | ------------------ ------------------ 41| 3.22k| const auto lastbytes = std::span{random}.last(downgrade_signal_length); 42| 3.22k| store_be(DOWNGRADE_TLS12, lastbytes); 43| 3.22k| } 44| | 45| 3.22k| return random; 46| 3.22k|} _ZN5Botan3TLS21Server_Hello_InternalC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 48| 135|Server_Hello_Internal::Server_Hello_Internal(const std::vector& buf) { 49| 135| if(buf.size() < 38) { ------------------ | Branch (49:7): [True: 4, False: 131] ------------------ 50| 4| throw Decoding_Error("Server_Hello: Packet corrupted"); 51| 4| } 52| | 53| 131| TLS_Data_Reader reader("ServerHello", buf); 54| | 55| 131| const uint8_t major_version = reader.get_byte(); 56| 131| const uint8_t minor_version = reader.get_byte(); 57| | 58| 131| m_legacy_version = Protocol_Version(major_version, minor_version); 59| | 60| | // RFC 8446 4.1.3 61| | // Upon receiving a message with type server_hello, implementations MUST 62| | // first examine the Random value and, if it matches this value, process 63| | // it as described in Section 4.1.4 [Hello Retry Request]). 64| 131| m_random = reader.get_fixed(32); 65| 131| m_is_hello_retry_request = CT::is_equal(m_random, HELLO_RETRY_REQUEST_MARKER).as_bool(); 66| | 67| 131| m_session_id = Session_ID(reader.get_range(1, 0, 32)); 68| 131| m_ciphersuite = reader.get_uint16_t(); 69| 131| m_comp_method = reader.get_byte(); 70| | 71| | // Note that this code path might parse a TLS 1.2 (or older) server hello message that 72| | // is nevertheless marked as being a 'hello retry request' (potentially maliciously). 73| | // Extension parsing will however not be affected by the associated flag. 74| | // Only after parsing the extensions will the upstream code be able to decide 75| | // whether we're dealing with TLS 1.3 or older. 76| 131| m_extensions.deserialize(reader, 77| 131| Connection_Side::Server, 78| 131| m_is_hello_retry_request ? Handshake_Type::HelloRetryRequest : Handshake_Type::ServerHello); ------------------ | Branch (78:29): [True: 0, False: 131] ------------------ 79| 131|} _ZNK5Botan3TLS21Server_Hello_Internal7versionEv: 81| 3.38k|Protocol_Version Server_Hello_Internal::version() const { 82| | // RFC 8446 4.2.1 83| | // A server which negotiates a version of TLS prior to TLS 1.3 MUST set 84| | // ServerHello.version and MUST NOT send the "supported_versions" 85| | // extension. A server which negotiates TLS 1.3 MUST respond by sending 86| | // a "supported_versions" extension containing the selected version 87| | // value (0x0304). 88| | // 89| | // Note: Here we just take a message parsing decision, further validation of 90| | // the extension's contents is done later. 91| 3.38k| return (extensions().has()) ? Protocol_Version::TLS_V13 : m_legacy_version; ------------------ | Branch (91:11): [True: 70, False: 3.31k] ------------------ 92| 3.38k|} _ZN5Botan3TLS12Server_HelloC2ENSt3__110unique_ptrINS0_21Server_Hello_InternalENS2_14default_deleteIS4_EEEE: 94| 3.28k|Server_Hello::Server_Hello(std::unique_ptr data) : m_data(std::move(data)) {} _ZN5Botan3TLS12Server_HelloC2EOS1_: 96| 126|Server_Hello::Server_Hello(Server_Hello&&) noexcept = default; _ZN5Botan3TLS12Server_HelloD2Ev: 99| 3.40k|Server_Hello::~Server_Hello() = default; _ZNK5Botan3TLS12Server_Hello9serializeEv: 104| 3.22k|std::vector Server_Hello::serialize() const { 105| 3.22k| std::vector buf; 106| 3.22k| buf.reserve(1024); // working around GCC warning 107| | 108| 3.22k| buf.push_back(m_data->legacy_version().major_version()); 109| 3.22k| buf.push_back(m_data->legacy_version().minor_version()); 110| 3.22k| buf += m_data->random(); 111| | 112| 3.22k| append_tls_length_value(buf, m_data->session_id().get(), 1); 113| | 114| 3.22k| buf.push_back(get_byte<0>(m_data->ciphersuite())); 115| 3.22k| buf.push_back(get_byte<1>(m_data->ciphersuite())); 116| | 117| 3.22k| buf.push_back(m_data->comp_method()); 118| | 119| 3.22k| buf += m_data->extensions().serialize(Connection_Side::Server); 120| | 121| 3.22k| return buf; 122| 3.22k|} _ZNK5Botan3TLS12Server_Hello4typeEv: 124| 9.68k|Handshake_Type Server_Hello::type() const { 125| 9.68k| return Handshake_Type::ServerHello; 126| 9.68k|} _ZNK5Botan3TLS12Server_Hello14legacy_versionEv: 128| 186|Protocol_Version Server_Hello::legacy_version() const { 129| 186| return m_data->legacy_version(); 130| 186|} _ZNK5Botan3TLS12Server_Hello6randomEv: 132| 1.59k|const std::vector& Server_Hello::random() const { 133| 1.59k| return m_data->random(); 134| 1.59k|} _ZNK5Botan3TLS12Server_Hello18compression_methodEv: 136| 479|uint8_t Server_Hello::compression_method() const { 137| 479| return m_data->comp_method(); 138| 479|} _ZNK5Botan3TLS12Server_Hello10session_idEv: 140| 387|const Session_ID& Server_Hello::session_id() const { 141| 387| return m_data->session_id(); 142| 387|} _ZNK5Botan3TLS12Server_Hello11ciphersuiteEv: 144| 3.48k|uint16_t Server_Hello::ciphersuite() const { 145| 3.48k| return m_data->ciphersuite(); 146| 3.48k|} _ZNK5Botan3TLS12Server_Hello10extensionsEv: 152| 15|const Extensions& Server_Hello::extensions() const { 153| 15| return m_data->extensions(); 154| 15|} _ZN5Botan3TLS20Server_Hello_12_ShimC2ENSt3__110unique_ptrINS0_21Server_Hello_InternalENS2_14default_deleteIS4_EEEE: 160| 3.24k| Server_Hello(std::move(data)) { 161| 3.24k| if(!m_data->version().is_pre_tls_13()) { ------------------ | Branch (161:7): [True: 0, False: 3.24k] ------------------ 162| 0| throw TLS_Exception(Alert::ProtocolVersion, "Expected server hello of (D)TLS 1.2 or lower"); 163| 0| } 164| 3.24k|} _ZN5Botan3TLS14Certificate_12D2Ev: 22| 4|Certificate_12::~Certificate_12() = default; _ZN5Botan3TLS14Certificate_12C2ERNS0_12Handshake_IOERNS0_14Handshake_HashERKNSt3__16vectorINS_16X509_CertificateENS6_9allocatorIS8_EEEE: 28| 4| m_certs(cert_list) { 29| 4| hash.update(io.send(*this)); 30| 4|} _ZNK5Botan3TLS14Certificate_129serializeEv: 90| 4|std::vector Certificate_12::serialize() const { 91| 4| std::vector buf(3); 92| | 93| 4| for(const auto& cert : m_certs) { ------------------ | Branch (93:25): [True: 4, False: 4] ------------------ 94| 4| const auto raw_cert = cert.BER_encode(); 95| 4| const size_t cert_size = raw_cert.size(); 96| 16| for(size_t j = 0; j != 3; ++j) { ------------------ | Branch (96:25): [True: 12, False: 4] ------------------ 97| 12| buf.push_back(get_byte_var(j + 1, static_cast(cert_size))); 98| 12| } 99| 4| buf += raw_cert; 100| 4| } 101| | 102| 4| const size_t buf_size = buf.size() - 3; 103| 16| for(size_t i = 0; i != 3; ++i) { ------------------ | Branch (103:22): [True: 12, False: 4] ------------------ 104| 12| buf[i] = get_byte_var(i + 1, static_cast(buf_size)); 105| 12| } 106| | 107| 4| return buf; 108| 4|} _ZNK5Botan3TLS15Client_Hello_1228prefers_compressed_ec_pointsEv: 29| 3.08k|bool Client_Hello_12::prefers_compressed_ec_points() const { 30| 3.08k| if(const Supported_Point_Formats* ecc_formats = m_data->extensions().get()) { ------------------ | Branch (30:38): [True: 111, False: 2.97k] ------------------ 31| 111| return ecc_formats->prefers_compressed(); 32| 111| } 33| 2.97k| return false; 34| 3.08k|} _ZNK5Botan3TLS15Client_Hello_1220secure_renegotiationEv: 36| 6.85k|bool Client_Hello_12::secure_renegotiation() const { 37| 6.85k| return m_data->extensions().has(); 38| 6.85k|} _ZNK5Botan3TLS15Client_Hello_1218renegotiation_infoEv: 40| 216|std::vector Client_Hello_12::renegotiation_info() const { 41| 216| if(const Renegotiation_Extension* reneg = m_data->extensions().get()) { ------------------ | Branch (41:38): [True: 216, False: 0] ------------------ 42| 216| return reneg->renegotiation_info(); 43| 216| } 44| 0| return {}; 45| 216|} _ZNK5Botan3TLS15Client_Hello_1223supports_session_ticketEv: 47| 3.22k|bool Client_Hello_12::supports_session_ticket() const { 48| 3.22k| return m_data->extensions().has(); 49| 3.22k|} _ZNK5Botan3TLS15Client_Hello_1214session_ticketEv: 51| 3.39k|Session_Ticket Client_Hello_12::session_ticket() const { 52| 3.39k| if(auto* ticket = m_data->extensions().get()) { ------------------ | Branch (52:13): [True: 32, False: 3.36k] ------------------ 53| 32| return ticket->contents(); 54| 32| } 55| 3.36k| return {}; 56| 3.39k|} _ZNK5Botan3TLS15Client_Hello_1214session_handleEv: 58| 3.39k|std::optional Client_Hello_12::session_handle() const { 59| | // RFC 5077 3.4 60| | // If a ticket is presented by the client, the server MUST NOT attempt 61| | // to use the Session ID in the ClientHello for stateful session 62| | // resumption. 63| 3.39k| if(auto ticket = session_ticket(); !ticket.empty()) { ------------------ | Branch (63:39): [True: 24, False: 3.37k] ------------------ 64| 24| return Session_Handle(ticket); 65| 3.37k| } else if(const auto& id = session_id(); !id.empty()) { ------------------ | Branch (65:45): [True: 2, False: 3.37k] ------------------ 66| 2| return Session_Handle(id); 67| 3.37k| } else { 68| 3.37k| return std::nullopt; 69| 3.37k| } 70| 3.39k|} _ZNK5Botan3TLS15Client_Hello_1231supports_extended_master_secretEv: 72| 6.72k|bool Client_Hello_12::supports_extended_master_secret() const { 73| 6.72k| return m_data->extensions().has(); 74| 6.72k|} _ZNK5Botan3TLS15Client_Hello_1228supports_cert_status_messageEv: 76| 3.23k|bool Client_Hello_12::supports_cert_status_message() const { 77| 3.23k| return m_data->extensions().has(); 78| 3.23k|} _ZNK5Botan3TLS15Client_Hello_1225supports_encrypt_then_macEv: 80| 2.14k|bool Client_Hello_12::supports_encrypt_then_mac() const { 81| 2.14k| return m_data->extensions().has(); 82| 2.14k|} _ZN5Botan3TLS15Client_Hello_12C2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 266| 12.3k| Client_Hello_12(std::make_unique(buf)) {} _ZN5Botan3TLS15Client_Hello_12C2ENSt3__110unique_ptrINS0_21Client_Hello_InternalENS2_14default_deleteIS4_EEEE: 268| 12.2k|Client_Hello_12::Client_Hello_12(std::unique_ptr data) : Client_Hello_12_Shim(std::move(data)) { 269| 12.2k| const uint16_t TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF; 270| | 271| 12.2k| if(offered_suite(static_cast(TLS_EMPTY_RENEGOTIATION_INFO_SCSV))) { ------------------ | Branch (271:7): [True: 2.64k, False: 9.59k] ------------------ 272| 2.64k| if(const Renegotiation_Extension* reneg = m_data->extensions().get()) { ------------------ | Branch (272:41): [True: 57, False: 2.59k] ------------------ 273| 57| if(!reneg->renegotiation_info().empty()) { ------------------ | Branch (273:13): [True: 1, False: 56] ------------------ 274| 1| throw TLS_Exception(Alert::HandshakeFailure, "Client sent renegotiation SCSV and non-empty extension"); 275| 1| } 276| 2.59k| } else { 277| | // add fake extension 278| 2.59k| m_data->extensions().add(new Renegotiation_Extension()); // NOLINT(*-owning-memory) 279| 2.59k| } 280| 2.64k| } 281| 12.2k|} _ZN5Botan3TLS19Client_Key_ExchangeC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEERKNS0_15Handshake_StateEPKNS_11Private_KeyERNS_19Credentials_ManagerERKNS0_6PolicyERNS_21RandomNumberGeneratorE: 244| 2.38k| RandomNumberGenerator& rng) { 245| 2.38k| const Kex_Algo kex_algo = state.ciphersuite().kex_method(); 246| | 247| 2.38k| if(kex_algo == Kex_Algo::STATIC_RSA) { ------------------ | Branch (247:7): [True: 0, False: 2.38k] ------------------ 248| 0| BOTAN_ASSERT(state.server_certs() && !state.server_certs()->cert_chain().empty(), ------------------ | | 64| 0| do { \ | | 65| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 0| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 0, False: 0] | | | Branch (66:12): [True: 0, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 0| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 0] | | ------------------ ------------------ 249| 0| "RSA key exchange negotiated so server sent a certificate"); 250| | 251| 0| if(server_rsa_kex_key == nullptr) { ------------------ | Branch (251:10): [True: 0, False: 0] ------------------ 252| 0| throw Internal_Error("Expected RSA kex but no server kex key set"); 253| 0| } 254| | 255| 0| if(server_rsa_kex_key->algo_name() != "RSA") { ------------------ | Branch (255:10): [True: 0, False: 0] ------------------ 256| 0| throw Internal_Error("Expected RSA key but got " + server_rsa_kex_key->algo_name()); 257| 0| } 258| | 259| 0| TLS_Data_Reader reader("ClientKeyExchange", contents); 260| | // RFC 5246 7.4.7.1: encrypted_pre_master_secret<1..2^16-1>. 261| 0| const std::vector encrypted_pre_master = reader.get_range(2, 1, 65535); 262| 0| reader.assert_done(); 263| | 264| 0| const PK_Decryptor_EME decryptor(*server_rsa_kex_key, rng, "PKCS1v15"); 265| | 266| 0| const uint8_t client_major = state.client_hello()->legacy_version().major_version(); 267| 0| const uint8_t client_minor = state.client_hello()->legacy_version().minor_version(); 268| | 269| | /* 270| | * PK_Decryptor::decrypt_or_random will return a random value if 271| | * either the length does not match the expected value or if the 272| | * version number embedded in the PMS does not match the one sent 273| | * in the client hello. 274| | */ 275| 0| const size_t expected_plaintext_size = 48; 276| 0| const size_t expected_content_size = 2; 277| 0| const uint8_t expected_content_bytes[expected_content_size] = {client_major, client_minor}; 278| 0| const uint8_t expected_content_pos[expected_content_size] = {0, 1}; 279| | 280| 0| m_pre_master = decryptor.decrypt_or_random(encrypted_pre_master.data(), 281| 0| encrypted_pre_master.size(), 282| 0| expected_plaintext_size, 283| 0| rng, 284| 0| expected_content_bytes, 285| 0| expected_content_pos, 286| 0| expected_content_size); 287| 2.38k| } else { 288| 2.38k| TLS_Data_Reader reader("ClientKeyExchange", contents); 289| | 290| 2.38k| SymmetricKey psk; 291| | 292| 2.38k| if(key_exchange_is_psk(kex_algo)) { ------------------ | Branch (292:10): [True: 2.38k, False: 0] ------------------ 293| 2.38k| m_psk_identity = reader.get_string(2, 0, 65535); 294| | 295| 2.38k| try { 296| 2.38k| psk = creds.psk("tls-server", state.client_hello()->sni_hostname(), m_psk_identity.value()); 297| 2.38k| } catch(...) { 298| | // Treat any lookup failure for the identity sent by the client as 299| | // "no PSK for this identity" and let the logic below handle it 300| 30| } 301| | 302| 2.38k| if(psk.empty()) { ------------------ | Branch (302:13): [True: 30, False: 2.35k] ------------------ 303| 30| if(policy.hide_unknown_users()) { ------------------ | Branch (303:16): [True: 0, False: 30] ------------------ 304| 0| psk = SymmetricKey(rng, 16); 305| 30| } else { 306| 30| throw TLS_Exception(Alert::UnknownPSKIdentity, "No PSK for identifier " + m_psk_identity.value()); 307| 30| } 308| 30| } 309| 2.38k| } 310| | 311| 2.35k| if(kex_algo == Kex_Algo::PSK) { ------------------ | Branch (311:10): [True: 9, False: 2.34k] ------------------ 312| 9| reader.assert_done(); 313| 9| const std::vector zeros(psk.length()); 314| 9| append_tls_length_value(m_pre_master, zeros, 2); 315| 9| append_tls_length_value(m_pre_master, psk.bits_of(), 2); 316| 2.34k| } else if(kex_algo == Kex_Algo::DH || kex_algo == Kex_Algo::ECDH || kex_algo == Kex_Algo::ECDHE_PSK) { ------------------ | Branch (316:17): [True: 0, False: 2.34k] | Branch (316:45): [True: 0, False: 2.34k] | Branch (316:75): [True: 2.34k, False: 0] ------------------ 317| 2.34k| const PK_Key_Agreement_Key& ka_key = state.server_kex()->server_kex_key(); 318| | 319| 2.34k| const std::vector client_pubkey = (ka_key.algo_name() == "DH") ------------------ | Branch (319:53): [True: 0, False: 2.34k] ------------------ 320| 2.34k| ? reader.get_range(2, 1, 65535) 321| 2.34k| : reader.get_range(1, 1, 255); 322| | 323| 2.34k| const auto shared_group = state.server_kex()->shared_group(); 324| 2.34k| BOTAN_STATE_CHECK(shared_group && shared_group.value() != Group_Params::NONE); ------------------ | | 51| 2.34k| do { \ | | 52| 2.34k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 4.68k| if(!(expr)) { \ | | ------------------ | | | Branch (53:12): [True: 2.33k, False: 4] | | | Branch (53:12): [True: 2.33k, False: 0] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 2.34k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 2.34k] | | ------------------ ------------------ 325| | 326| 2.34k| try { 327| 2.34k| auto shared_secret = 328| 2.34k| state.callbacks().tls_ephemeral_key_agreement(shared_group.value(), ka_key, client_pubkey, rng, policy); 329| | 330| 2.34k| if(ka_key.algo_name() == "DH") { ------------------ | Branch (330:16): [True: 0, False: 2.34k] ------------------ 331| 0| shared_secret = CT::strip_leading_zeros(shared_secret); 332| 0| } 333| | 334| 2.34k| if(kex_algo == Kex_Algo::ECDHE_PSK) { ------------------ | Branch (334:16): [True: 1.79k, False: 543] ------------------ 335| 1.79k| append_tls_length_value(m_pre_master, shared_secret, 2); 336| 1.79k| append_tls_length_value(m_pre_master, psk.bits_of(), 2); 337| 1.79k| } else { 338| 543| m_pre_master = shared_secret; 339| 543| } 340| 2.34k| } catch(Invalid_Argument& e) { 341| 0| throw TLS_Exception(Alert::IllegalParameter, e.what()); 342| 539| } catch(TLS_Exception&) { 343| 539| throw; // rethrow 344| 539| } catch(std::exception&) { 345| | /* 346| | * Something failed in the DH/ECDH computation. To avoid possible 347| | * attacks which are based on triggering and detecting some edge 348| | * failure condition, randomize the pre-master output and carry on, 349| | * allowing the protocol to fail later in the finished checks. 350| | */ 351| 0| rng.random_vec(m_pre_master, ka_key.public_value().size()); 352| 0| } 353| | 354| 1.79k| reader.assert_done(); 355| 1.79k| } else { 356| 0| throw Internal_Error("Client_Key_Exchange: Unknown key exchange negotiated"); 357| 0| } 358| 2.35k| } 359| 2.38k|} _ZN5Botan3TLS11Finished_12C2ERNS0_12Handshake_IOERNS0_15Handshake_StateENS0_15Connection_SideE: 44| 129|Finished_12::Finished_12(Handshake_IO& io, Handshake_State& state, Connection_Side side) { 45| 129| m_verification_data = finished_compute_verify_12(state, side); 46| 129| state.hash().update(io.send(*this)); 47| 129|} _ZNK5Botan3TLS11Finished_126verifyERKNS0_15Handshake_StateENS0_15Connection_SideE: 49| 129|bool Finished_12::verify(const Handshake_State& state, Connection_Side side) const { 50| 129| std::vector computed_verify = finished_compute_verify_12(state, side); 51| | 52| 129|#if defined(BOTAN_UNSAFE_FUZZER_MODE) 53| 129| return true; 54| |#else 55| | return CT::is_equal(m_verification_data, computed_verify).as_bool(); 56| |#endif 57| 129|} msg_finished_12.cpp:_ZN5Botan3TLS12_GLOBAL__N_126finished_compute_verify_12ERKNS0_15Handshake_StateENS0_15Connection_SideE: 23| 258|std::vector finished_compute_verify_12(const Handshake_State& state, Connection_Side side) { 24| 258| const uint8_t TLS_CLIENT_LABEL[] = { 25| 258| 0x63, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64}; 26| | 27| 258| const uint8_t TLS_SERVER_LABEL[] = { 28| 258| 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64}; 29| | 30| 258| auto prf = state.protocol_specific_prf(); 31| | 32| 258| std::vector input; 33| 258| std::vector label; 34| 258| label += (side == Connection_Side::Client) ? std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL)) ------------------ | Branch (34:13): [True: 129, False: 129] ------------------ 35| 258| : std::make_pair(TLS_SERVER_LABEL, sizeof(TLS_SERVER_LABEL)); 36| | 37| 258| input += state.hash().final(state.ciphersuite().prf_algo()); 38| | 39| 258| return unlock(prf->derive_key(12, state.session_keys().master_secret(), input, label)); 40| 258|} _ZN5Botan3TLS20Hello_Verify_RequestC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEENS2_17basic_string_viewIcNS2_11char_traitsIcEEEERKNS_11OctetStringE: 35| 8.63k| const SymmetricKey& secret_key) { 36| 8.63k| auto hmac = MessageAuthenticationCode::create_or_throw("HMAC(SHA-256)"); 37| 8.63k| hmac->set_key(secret_key); 38| | 39| 8.63k| hmac->update_be(static_cast(client_hello_bits.size())); 40| 8.63k| hmac->update(client_hello_bits); 41| 8.63k| hmac->update_be(static_cast(client_identity.size())); 42| 8.63k| hmac->update(client_identity); 43| | 44| 8.63k| m_cookie.resize(hmac->output_length()); 45| 8.63k| hmac->final(m_cookie.data()); 46| 8.63k|} _ZNK5Botan3TLS20Hello_Verify_Request9serializeEv: 48| 8.63k|std::vector Hello_Verify_Request::serialize() const { 49| | /* DTLS 1.2 server implementations SHOULD use DTLS version 1.0 50| | regardless of the version of TLS that is expected to be 51| | negotiated (RFC 6347, section 4.2.1) 52| | */ 53| | 54| 8.63k| const Protocol_Version format_version(254, 255); // DTLS 1.0 55| | 56| 8.63k| std::vector bits; 57| 8.63k| bits.push_back(format_version.major_version()); 58| 8.63k| bits.push_back(format_version.minor_version()); 59| 8.63k| append_tls_length_value(bits, m_cookie, 1); 60| 8.63k| return bits; 61| 8.63k|} _ZN5Botan3TLS15Server_Hello_12C2ERNS0_12Handshake_IOERNS0_14Handshake_HashERKNS0_6PolicyERNS0_9CallbacksERNS_21RandomNumberGeneratorERKNSt3__16vectorIhNSD_9allocatorIhEEEERKNS0_15Client_Hello_12ERKNS1_8SettingsENSD_17basic_string_viewIcNSD_11char_traitsIcEEEE: 31| 3.22k| Server_Hello_12(std::make_unique( 32| 3.22k| server_settings.protocol_version(), 33| 3.22k| server_settings.session_id(), 34| 3.22k| make_server_hello_random(rng, server_settings.protocol_version(), cb, policy), 35| 3.22k| server_settings.ciphersuite(), 36| 3.22k| uint8_t(0))) { 37| | // NOLINTBEGIN(*-owning-memory) 38| 3.22k| if(client_hello.supports_extended_master_secret()) { ------------------ | Branch (38:7): [True: 3.22k, False: 0] ------------------ 39| 3.22k| m_data->extensions().add(new Extended_Master_Secret); 40| 3.22k| } 41| | 42| | // Sending the extension back does not commit us to sending a stapled response 43| 3.22k| if(client_hello.supports_cert_status_message() && policy.support_cert_status_message()) { ------------------ | Branch (43:7): [True: 104, False: 3.12k] | Branch (43:54): [True: 104, False: 0] ------------------ 44| 104| m_data->extensions().add(new Certificate_Status_Request); 45| 104| } 46| | 47| 3.22k| if(!next_protocol.empty() && client_hello.supports_alpn()) { ------------------ | Branch (47:7): [True: 10, False: 3.21k] | Branch (47:33): [True: 10, False: 0] ------------------ 48| 10| m_data->extensions().add(new Application_Layer_Protocol_Notification(next_protocol)); 49| 10| } 50| | 51| 3.22k| const auto c = Ciphersuite::by_id(m_data->ciphersuite()); 52| | 53| 3.22k| if(c && c->cbc_ciphersuite() && client_hello.supports_encrypt_then_mac() && policy.negotiate_encrypt_then_mac()) { ------------------ | Branch (53:7): [True: 3.22k, False: 0] | Branch (53:12): [True: 2.14k, False: 1.07k] | Branch (53:36): [True: 112, False: 2.03k] | Branch (53:80): [True: 112, False: 0] ------------------ 54| 112| m_data->extensions().add(new Encrypt_then_MAC); 55| 112| } 56| | 57| 3.22k| if(c && c->ecc_ciphersuite() && client_hello.extension_types().contains(Extension_Code::EcPointFormats)) { ------------------ | Branch (57:7): [True: 3.22k, False: 0] | Branch (57:7): [True: 112, False: 3.11k] | Branch (57:12): [True: 3.11k, False: 115] | Branch (57:36): [True: 112, False: 3.00k] ------------------ 58| 112| m_data->extensions().add(new Supported_Point_Formats(policy.use_ecc_point_compression())); 59| 112| } 60| | 61| 3.22k| if(client_hello.secure_renegotiation()) { ------------------ | Branch (61:7): [True: 175, False: 3.05k] ------------------ 62| 175| m_data->extensions().add(new Renegotiation_Extension(reneg_info)); 63| 175| } 64| | 65| 3.22k| if(client_hello.supports_session_ticket() && server_settings.offer_session_ticket()) { ------------------ | Branch (65:7): [True: 23, False: 3.20k] | Branch (65:49): [True: 0, False: 23] ------------------ 66| 0| m_data->extensions().add(new Session_Ticket_Extension()); 67| 0| } 68| | 69| 3.22k| if(m_data->legacy_version().is_datagram_protocol()) { ------------------ | Branch (69:7): [True: 0, False: 3.22k] ------------------ 70| 0| const std::vector server_srtp = policy.srtp_profiles(); 71| 0| const std::vector client_srtp = client_hello.srtp_profiles(); 72| | 73| 0| if(!server_srtp.empty() && !client_srtp.empty()) { ------------------ | Branch (73:10): [True: 0, False: 0] | Branch (73:34): [True: 0, False: 0] ------------------ 74| 0| uint16_t shared = 0; 75| | // always using server preferences for now 76| 0| for(auto s_srtp : server_srtp) { ------------------ | Branch (76:26): [True: 0, False: 0] ------------------ 77| 0| for(auto c_srtp : client_srtp) { ------------------ | Branch (77:29): [True: 0, False: 0] ------------------ 78| 0| if(shared == 0 && s_srtp == c_srtp) { ------------------ | Branch (78:19): [True: 0, False: 0] | Branch (78:34): [True: 0, False: 0] ------------------ 79| 0| shared = s_srtp; 80| 0| } 81| 0| } 82| 0| } 83| | 84| 0| if(shared != 0) { ------------------ | Branch (84:13): [True: 0, False: 0] ------------------ 85| 0| m_data->extensions().add(new SRTP_Protection_Profiles(shared)); 86| 0| } 87| 0| } 88| 0| } 89| | // NOLINTEND(*-owning-memory) 90| | 91| 3.22k| cb.tls_modify_extensions(m_data->extensions(), Connection_Side::Server, type()); 92| | 93| 3.22k| hash.update(io.send(*this)); 94| 3.22k|} _ZN5Botan3TLS15Server_Hello_12C2ENSt3__110unique_ptrINS0_21Server_Hello_InternalENS2_14default_deleteIS4_EEEE: 151| 3.22k|Server_Hello_12::Server_Hello_12(std::unique_ptr data) : Server_Hello_12_Shim(std::move(data)) {} _ZNK5Botan3TLS15Server_Hello_1220secure_renegotiationEv: 153| 3.35k|bool Server_Hello_12::secure_renegotiation() const { 154| 3.35k| return m_data->extensions().has(); 155| 3.35k|} _ZNK5Botan3TLS15Server_Hello_1218renegotiation_infoEv: 157| 175|std::vector Server_Hello_12::renegotiation_info() const { 158| 175| if(const Renegotiation_Extension* reneg = m_data->extensions().get()) { ------------------ | Branch (158:38): [True: 175, False: 0] ------------------ 159| 175| return reneg->renegotiation_info(); 160| 175| } 161| 0| return std::vector(); 162| 175|} _ZNK5Botan3TLS15Server_Hello_1231supports_extended_master_secretEv: 164| 1.72k|bool Server_Hello_12::supports_extended_master_secret() const { 165| 1.72k| return m_data->extensions().has(); 166| 1.72k|} _ZNK5Botan3TLS15Server_Hello_1225supports_encrypt_then_macEv: 168| 593|bool Server_Hello_12::supports_encrypt_then_mac() const { 169| 593| return m_data->extensions().has(); 170| 593|} _ZNK5Botan3TLS15Server_Hello_1223supports_session_ticketEv: 176| 387|bool Server_Hello_12::supports_session_ticket() const { 177| 387| return m_data->extensions().has(); 178| 387|} _ZNK5Botan3TLS15Server_Hello_1212srtp_profileEv: 180| 129|uint16_t Server_Hello_12::srtp_profile() const { 181| 129| if(auto* srtp = m_data->extensions().get()) { ------------------ | Branch (181:13): [True: 0, False: 129] ------------------ 182| 0| auto prof = srtp->profiles(); 183| 0| if(prof.size() != 1 || prof[0] == 0) { ------------------ | Branch (183:10): [True: 0, False: 0] | Branch (183:30): [True: 0, False: 0] ------------------ 184| 0| throw Decoding_Error("Server sent malformed DTLS-SRTP extension"); 185| 0| } 186| 0| return prof[0]; 187| 0| } 188| | 189| 129| return 0; 190| 129|} _ZN5Botan3TLS17Server_Hello_DoneC2ERNS0_12Handshake_IOERNS0_14Handshake_HashE: 209| 3.22k|Server_Hello_Done::Server_Hello_Done(Handshake_IO& io, Handshake_Hash& hash) { 210| 3.22k| hash.update(io.send(*this)); 211| 3.22k|} _ZNK5Botan3TLS17Server_Hello_Done9serializeEv: 225| 3.22k|std::vector Server_Hello_Done::serialize() const { 226| 3.22k| return std::vector(); 227| 3.22k|} _ZN5Botan3TLS19Server_Key_ExchangeD2Ev: 26| 3.22k|Server_Key_Exchange::~Server_Key_Exchange() = default; _ZN5Botan3TLS19Server_Key_ExchangeC2ERNS0_12Handshake_IOERNS0_15Handshake_StateERKNS0_6PolicyERNS_19Credentials_ManagerERNS_21RandomNumberGeneratorEPKNS_11Private_KeyE: 36| 3.22k| const Private_Key* signing_key) { 37| 3.22k| const std::string hostname = state.client_hello()->sni_hostname(); 38| 3.22k| const Kex_Algo kex_algo = state.ciphersuite().kex_method(); 39| | 40| 3.22k| if(kex_algo == Kex_Algo::PSK || kex_algo == Kex_Algo::ECDHE_PSK) { ------------------ | Branch (40:7): [True: 115, False: 3.10k] | Branch (40:36): [True: 3.10k, False: 0] ------------------ 41| 3.22k| const std::string identity_hint = creds.psk_identity_hint("tls-server", hostname); 42| | 43| 3.22k| append_tls_length_value(m_params, identity_hint, 2); 44| 3.22k| } 45| | 46| 3.22k| if(kex_algo == Kex_Algo::DH) { ------------------ | Branch (46:7): [True: 0, False: 3.22k] ------------------ 47| 0| const std::vector dh_groups = state.client_hello()->supported_dh_groups(); 48| | 49| 0| m_shared_group = Group_Params::NONE; 50| | 51| | /* 52| | RFC 7919 requires that if the client sends any groups in the FFDHE 53| | range, that we must select one of these. If this is not possible, 54| | then we are required to reject the connection. 55| | 56| | If the client did not send any DH groups, but did offer DH ciphersuites 57| | and we selected one, then consult the policy for which DH group to pick. 58| | */ 59| | 60| 0| if(dh_groups.empty()) { ------------------ | Branch (60:10): [True: 0, False: 0] ------------------ 61| 0| m_shared_group = policy.default_dh_group(); 62| 0| } else { 63| 0| m_shared_group = policy.choose_key_exchange_group(dh_groups, {}); 64| 0| } 65| | 66| 0| if(m_shared_group.value() == Group_Params::NONE) { ------------------ | Branch (66:10): [True: 0, False: 0] ------------------ 67| 0| throw TLS_Exception(Alert::HandshakeFailure, "Could not agree on a DH group with the client"); 68| 0| } 69| | 70| | // The policy had better return a group we know about: 71| 0| BOTAN_ASSERT(m_shared_group.value().is_dh_named_group(), "DH ciphersuite is using a known finite field group"); ------------------ | | 64| 0| do { \ | | 65| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 0| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 0| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 0] | | ------------------ ------------------ 72| | 73| | // Note: TLS 1.2 allows defining and using arbitrary DH groups (additional 74| | // to the named and standardized ones). This API doesn't allow the 75| | // server to make use of that at the moment. TLS 1.3 does not 76| | // provide this flexibility! 77| | // 78| | // A possible implementation strategy in case one would ever need that: 79| | // `Policy::default_dh_group()` could return a `std::variant`, allowing it to define arbitrary groups. 81| 0| m_kex_key = state.callbacks().tls_generate_ephemeral_key(m_shared_group.value(), rng); 82| 0| auto* dh = dynamic_cast(m_kex_key.get()); 83| 0| if(dh == nullptr) { ------------------ | Branch (83:10): [True: 0, False: 0] ------------------ 84| 0| throw TLS_Exception(Alert::InternalError, "Application did not provide a Diffie-Hellman key"); 85| 0| } 86| | 87| 0| append_tls_length_value(m_params, dh->get_int_field("p").serialize(), 2); 88| 0| append_tls_length_value(m_params, dh->get_int_field("g").serialize(), 2); 89| 0| append_tls_length_value(m_params, dh->public_value(), 2); 90| 3.22k| } else if(kex_algo == Kex_Algo::ECDH || kex_algo == Kex_Algo::ECDHE_PSK) { ------------------ | Branch (90:14): [True: 0, False: 3.22k] | Branch (90:44): [True: 3.10k, False: 115] ------------------ 91| 3.10k| const std::vector ec_groups = state.client_hello()->supported_ecc_curves(); 92| | 93| 3.10k| if(ec_groups.empty()) { ------------------ | Branch (93:10): [True: 0, False: 3.10k] ------------------ 94| 0| throw Internal_Error("Client sent no ECC extension but we negotiated ECDH"); 95| 0| } 96| | 97| 3.10k| m_shared_group = policy.choose_key_exchange_group(ec_groups, {}); 98| | 99| 3.10k| if(m_shared_group.value() == Group_Params::NONE) { ------------------ | Branch (99:10): [True: 0, False: 3.10k] ------------------ 100| 0| throw TLS_Exception(Alert::HandshakeFailure, "No shared ECC group with client"); 101| 0| } 102| | 103| 3.10k| m_kex_key = [&] { 104| 3.10k| if(m_shared_group->is_ecdh_named_curve()) { 105| 3.10k| const auto pubkey_point_format = state.client_hello()->prefers_compressed_ec_points() 106| 3.10k| ? EC_Point_Format::Compressed 107| 3.10k| : EC_Point_Format::Uncompressed; 108| 3.10k| return state.callbacks().tls12_generate_ephemeral_ecdh_key(*m_shared_group, rng, pubkey_point_format); 109| 3.10k| } else { 110| 3.10k| return state.callbacks().tls_generate_ephemeral_key(*m_shared_group, rng); 111| 3.10k| } 112| 3.10k| }(); 113| | 114| 3.10k| if(!m_kex_key) { ------------------ | Branch (114:10): [True: 0, False: 3.10k] ------------------ 115| 0| throw TLS_Exception(Alert::InternalError, "Application did not provide an EC key"); 116| 0| } 117| | 118| 3.10k| const uint16_t named_curve_id = m_shared_group.value().wire_code(); 119| 3.10k| m_params.push_back(3); // named curve 120| 3.10k| m_params.push_back(get_byte<0>(named_curve_id)); 121| 3.10k| m_params.push_back(get_byte<1>(named_curve_id)); 122| | 123| | // Note: In contrast to public_value(), raw_public_key_bits() takes the 124| | // point format (compressed vs. uncompressed) into account that was set 125| | // in its construction within tls_generate_ephemeral_key(). 126| 3.10k| append_tls_length_value(m_params, m_kex_key->raw_public_key_bits(), 1); 127| 3.10k| } else if(kex_algo != Kex_Algo::PSK) { ------------------ | Branch (127:14): [True: 0, False: 115] ------------------ 128| 0| throw Internal_Error("Server_Key_Exchange: Unknown kex type " + kex_method_to_string(kex_algo)); 129| 0| } 130| | 131| 3.22k| if(state.ciphersuite().signature_used()) { ------------------ | Branch (131:7): [True: 0, False: 3.22k] ------------------ 132| 0| BOTAN_ASSERT(signing_key, "Signing key was set"); ------------------ | | 64| 0| do { \ | | 65| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 0| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 0| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 0] | | ------------------ ------------------ 133| | 134| 0| const std::pair format = 135| 0| state.choose_sig_format(*signing_key, m_scheme, false, policy); 136| | 137| 0| std::vector buf = state.client_hello()->random(); 138| | 139| 0| buf += state.server_hello()->random(); 140| 0| buf += params(); 141| | 142| 0| m_signature = state.callbacks().tls_sign_message(*signing_key, rng, format.first, format.second, buf); 143| 0| } 144| | 145| 3.22k| state.hash().update(io.send(*this)); 146| 3.22k|} _ZNK5Botan3TLS19Server_Key_Exchange9serializeEv: 197| 3.22k|std::vector Server_Key_Exchange::serialize() const { 198| 3.22k| std::vector buf = params(); 199| | 200| 3.22k| if(!m_signature.empty()) { ------------------ | Branch (200:7): [True: 0, False: 3.22k] ------------------ 201| 0| if(m_scheme.is_set()) { ------------------ | Branch (201:10): [True: 0, False: 0] ------------------ 202| 0| buf.push_back(get_byte<0>(m_scheme.wire_code())); 203| 0| buf.push_back(get_byte<1>(m_scheme.wire_code())); 204| 0| } 205| | 206| 0| append_tls_length_value(buf, m_signature, 2); 207| 0| } 208| | 209| 3.22k| return buf; 210| 3.22k|} _ZNK5Botan3TLS19Server_Key_Exchange14server_kex_keyEv: 239| 2.34k|const PK_Key_Agreement_Key& Server_Key_Exchange::server_kex_key() const { 240| 2.34k| BOTAN_ASSERT_NONNULL(m_kex_key); ------------------ | | 116| 2.34k| do { \ | | 117| 2.34k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 2.34k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 2.34k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 2.34k] | | ------------------ ------------------ 241| 2.34k| return *m_kex_key; 242| 2.34k|} msg_server_kex.cpp:_ZZN5Botan3TLS19Server_Key_ExchangeC1ERNS0_12Handshake_IOERNS0_15Handshake_StateERKNS0_6PolicyERNS_19Credentials_ManagerERNS_21RandomNumberGeneratorEPKNS_11Private_KeyEENK3$_0clEv: 103| 3.10k| m_kex_key = [&] { 104| 3.10k| if(m_shared_group->is_ecdh_named_curve()) { ------------------ | Branch (104:13): [True: 3.08k, False: 26] ------------------ 105| 3.08k| const auto pubkey_point_format = state.client_hello()->prefers_compressed_ec_points() ------------------ | Branch (105:46): [True: 59, False: 3.02k] ------------------ 106| 3.08k| ? EC_Point_Format::Compressed 107| 3.08k| : EC_Point_Format::Uncompressed; 108| 3.08k| return state.callbacks().tls12_generate_ephemeral_ecdh_key(*m_shared_group, rng, pubkey_point_format); 109| 3.08k| } else { 110| 26| return state.callbacks().tls_generate_ephemeral_key(*m_shared_group, rng); 111| 26| } 112| 3.10k| }(); _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_ModeD2Ev: 25| 254|TLS_CBC_HMAC_AEAD_Mode::~TLS_CBC_HMAC_AEAD_Mode() = default; _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_ModeC2ENS_10Cipher_DirENSt3__110unique_ptrINS_11BlockCipherENS3_14default_deleteIS5_EEEENS4_INS_25MessageAuthenticationCodeENS6_IS9_EEEEmmRKNS0_16Protocol_VersionEb: 37| 254| m_mac(std::move(mac)), 38| 254| m_cipher_name(cipher->name()), 39| 254| m_mac_name(m_mac->name()), 40| 254| m_cipher_keylen(cipher_keylen), 41| 254| m_block_size(cipher->block_size()), 42| 254| m_iv_size(m_block_size), 43| 254| m_mac_keylen(mac_keylen), 44| 254| m_tag_size(m_mac->output_length()), 45| 254| m_use_encrypt_then_mac(use_encrypt_then_mac), 46| 254| m_is_datagram(version.is_datagram_protocol()) { 47| 254| BOTAN_ASSERT_NOMSG(m_mac->valid_keylength(m_mac_keylen)); ------------------ | | 77| 254| do { \ | | 78| 254| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 254| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 254] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 254| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 254] | | ------------------ ------------------ 48| 254| BOTAN_ASSERT_NOMSG(cipher->valid_keylength(m_cipher_keylen)); ------------------ | | 77| 254| do { \ | | 78| 254| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 254| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 254] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 254| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 254] | | ------------------ ------------------ 49| | 50| 254| auto null_padding = std::make_unique(); 51| 254| if(dir == Cipher_Dir::Encryption) { ------------------ | Branch (51:7): [True: 82, False: 172] ------------------ 52| 82| m_cbc = std::make_unique(std::move(cipher), std::move(null_padding)); 53| 172| } else { 54| 172| m_cbc = std::make_unique(std::move(cipher), std::move(null_padding)); 55| 172| } 56| 254|} _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode18valid_nonce_lengthEm: 82| 261|bool TLS_CBC_HMAC_AEAD_Mode::valid_nonce_length(size_t nl) const { 83| 261| if(m_cbc_state.empty()) { ------------------ | Branch (83:7): [True: 196, False: 65] ------------------ 84| 196| return nl == block_size(); 85| 196| } 86| 65| return nl == iv_size(); 87| 261|} _ZNK5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode8key_specEv: 89| 254|Key_Length_Specification TLS_CBC_HMAC_AEAD_Mode::key_spec() const { 90| 254| return Key_Length_Specification(m_cipher_keylen + m_mac_keylen); 91| 254|} _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 97| 254|void TLS_CBC_HMAC_AEAD_Mode::key_schedule(std::span key) { 98| | // Both keys are of fixed length specified by the ciphersuite 99| | 100| 254| if(key.size() != m_cipher_keylen + m_mac_keylen) { ------------------ | Branch (100:7): [True: 0, False: 254] ------------------ 101| 0| throw Invalid_Key_Length(name(), key.size()); 102| 0| } 103| | 104| 254| mac().set_key(key.first(m_mac_keylen)); 105| 254| cbc().set_key(key.subspan(m_mac_keylen, m_cipher_keylen)); 106| 254|} _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode9start_msgEPKhm: 108| 261|void TLS_CBC_HMAC_AEAD_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) { 109| 261| if(!valid_nonce_length(nonce_len)) { ------------------ | Branch (109:7): [True: 0, False: 261] ------------------ 110| 0| throw Invalid_IV_Length(name(), nonce_len); 111| 0| } 112| | 113| 261| m_msg.clear(); 114| | 115| 261| if(nonce_len > 0) { ------------------ | Branch (115:7): [True: 261, False: 0] ------------------ 116| 261| m_cbc_state.assign(nonce, nonce + nonce_len); 117| 261| } 118| 261|} _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode11process_msgEPhm: 120| 261|size_t TLS_CBC_HMAC_AEAD_Mode::process_msg(uint8_t buf[], size_t sz) { 121| 261| m_msg.insert(m_msg.end(), buf, buf + sz); 122| 261| return 0; 123| 261|} _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode19assoc_data_with_lenEt: 125| 101|std::vector TLS_CBC_HMAC_AEAD_Mode::assoc_data_with_len(uint16_t len) { 126| 101| std::vector ad = m_ad; 127| 101| BOTAN_ASSERT(ad.size() == 13, "Expected AAD size"); ------------------ | | 64| 101| do { \ | | 65| 101| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 101| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 101] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 101| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 101] | | ------------------ ------------------ 128| 101| ad[11] = get_byte<0>(len); 129| 101| ad[12] = get_byte<1>(len); 130| 101| return ad; 131| 101|} _ZN5Botan3TLS22TLS_CBC_HMAC_AEAD_Mode21set_associated_data_nEmNSt3__14spanIKhLm18446744073709551615EEE: 133| 261|void TLS_CBC_HMAC_AEAD_Mode::set_associated_data_n(size_t idx, std::span ad) { 134| 261| BOTAN_ARG_CHECK(idx == 0, "TLS 1.2 CBC/HMAC: cannot handle non-zero index in set_associated_data_n"); ------------------ | | 35| 261| do { \ | | 36| 261| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 261| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 261] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 261| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 261] | | ------------------ ------------------ 135| 261| if(ad.size() != 13) { ------------------ | Branch (135:7): [True: 0, False: 261] ------------------ 136| 0| throw Invalid_Argument("Invalid TLS AEAD associated data length"); 137| 0| } 138| 261| m_ad.assign(ad.begin(), ad.end()); 139| 261|} _ZN5Botan3TLS28TLS_CBC_HMAC_AEAD_EncryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS2_14default_deleteIS4_EEEENS3_INS_25MessageAuthenticationCodeENS5_IS8_EEEEmmRKNS0_16Protocol_VersionEb: 147| 82| TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir::Encryption, 148| 82| std::move(cipher), 149| 82| std::move(mac), 150| 82| cipher_keylen, 151| 82| mac_keylen, 152| 82| version, 153| 82| use_encrypt_then_mac) {} _ZN5Botan3TLS28TLS_CBC_HMAC_AEAD_Encryption21set_associated_data_nEmNSt3__14spanIKhLm18446744073709551615EEE: 155| 147|void TLS_CBC_HMAC_AEAD_Encryption::set_associated_data_n(size_t idx, std::span ad) { 156| 147| TLS_CBC_HMAC_AEAD_Mode::set_associated_data_n(idx, ad); 157| | 158| 147| if(use_encrypt_then_mac()) { ------------------ | Branch (158:7): [True: 28, False: 119] ------------------ 159| | // AAD hack for EtM 160| | // EtM uses ciphertext size instead of plaintext size for AEAD input 161| 28| const uint16_t pt_size = make_uint16(assoc_data()[11], assoc_data()[12]); 162| 28| const uint16_t enc_size = static_cast(round_up(iv_size() + pt_size + 1, block_size())); 163| 28| assoc_data()[11] = get_byte<0, uint16_t>(enc_size); 164| 28| assoc_data()[12] = get_byte<1, uint16_t>(enc_size); 165| 28| } 166| 147|} _ZN5Botan3TLS28TLS_CBC_HMAC_AEAD_Encryption18cbc_encrypt_recordERNSt3__16vectorIhNS_16secure_allocatorIhEEEEmm: 170| 147| size_t padding_length) { 171| | // We always do short padding: 172| 147| BOTAN_ASSERT_NOMSG(padding_length <= 16); ------------------ | | 77| 147| do { \ | | 78| 147| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 147| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 147] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 147| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 147] | | ------------------ ------------------ 173| | 174| 147| buffer.resize(buffer.size() + padding_length); 175| | 176| 147| const uint8_t padding_val = static_cast(padding_length - 1); 177| | 178| 147| CT::poison(&padding_val, 1); 179| 147| CT::poison(&padding_length, 1); 180| 147| CT::poison(buffer.data(), buffer.size()); 181| | 182| 147| const size_t last_block_starts = buffer.size() - block_size(); 183| 147| const size_t padding_starts = buffer.size() - padding_length; 184| 2.21k| for(size_t i = last_block_starts; i != buffer.size(); ++i) { ------------------ | Branch (184:38): [True: 2.06k, False: 147] ------------------ 185| 2.06k| auto add_padding = CT::Mask(CT::Mask::is_gte(i, padding_starts)); 186| 2.06k| buffer[i] = add_padding.select(padding_val, buffer[i]); 187| 2.06k| } 188| | 189| 147| CT::unpoison(padding_val); 190| 147| CT::unpoison(padding_length); 191| 147| CT::unpoison(buffer.data(), buffer.size()); 192| | 193| 147| cbc().start(cbc_state()); 194| 147| cbc().process(&buffer[offset], buffer.size() - offset); 195| | 196| 147| cbc_state().assign(buffer.data() + (buffer.size() - block_size()), buffer.data() + buffer.size()); 197| 147|} _ZNK5Botan3TLS28TLS_CBC_HMAC_AEAD_Encryption13output_lengthEm: 199| 147|size_t TLS_CBC_HMAC_AEAD_Encryption::output_length(size_t input_length) const { 200| 147| return round_up(input_length + 1 + (use_encrypt_then_mac() ? 0 : tag_size()), block_size()) + ------------------ | Branch (200:40): [True: 28, False: 119] ------------------ 201| 147| (use_encrypt_then_mac() ? tag_size() : 0); ------------------ | Branch (201:12): [True: 28, False: 119] ------------------ 202| 147|} _ZN5Botan3TLS28TLS_CBC_HMAC_AEAD_Encryption10finish_msgERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 204| 147|void TLS_CBC_HMAC_AEAD_Encryption::finish_msg(secure_vector& buffer, size_t offset) { 205| 147| update(buffer, offset); 206| | 207| 147| const size_t msg_size = msg().size(); 208| | 209| 147| const size_t input_size = msg_size + 1 + (use_encrypt_then_mac() ? 0 : tag_size()); ------------------ | Branch (209:46): [True: 28, False: 119] ------------------ 210| 147| const size_t enc_size = round_up(input_size, block_size()); 211| 147| BOTAN_DEBUG_ASSERT(enc_size % block_size() == 0); ------------------ | | 130| 147| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 147| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 147] | | ------------------ ------------------ 212| | 213| 147| const uint8_t padding_val = static_cast(enc_size - input_size); 214| 147| const size_t padding_length = static_cast(padding_val) + 1; 215| | 216| 147| buffer.reserve(offset + msg_size + padding_length + tag_size()); 217| 147| buffer.resize(offset + msg_size); 218| 147| if(msg_size > 0) { ------------------ | Branch (218:7): [True: 147, False: 0] ------------------ 219| 147| copy_mem(&buffer[offset], msg().data(), msg_size); 220| 147| } 221| | 222| 147| mac().update(assoc_data()); 223| | 224| 147| if(use_encrypt_then_mac()) { ------------------ | Branch (224:7): [True: 28, False: 119] ------------------ 225| 28| if(iv_size() > 0) { ------------------ | Branch (225:10): [True: 28, False: 0] ------------------ 226| 28| mac().update(cbc_state()); 227| 28| } 228| | 229| 28| cbc_encrypt_record(buffer, offset, padding_length); 230| 28| mac().update(&buffer[offset], enc_size); 231| 28| buffer.resize(buffer.size() + tag_size()); 232| 28| mac().final(&buffer[buffer.size() - tag_size()]); 233| 119| } else { 234| 119| if(msg_size > 0) { ------------------ | Branch (234:10): [True: 119, False: 0] ------------------ 235| 119| mac().update(&buffer[offset], msg_size); 236| 119| } 237| 119| buffer.resize(buffer.size() + tag_size()); 238| 119| mac().final(&buffer[buffer.size() - tag_size()]); 239| 119| cbc_encrypt_record(buffer, offset, padding_length); 240| 119| } 241| 147|} _ZN5Botan3TLS21check_tls_cbc_paddingEPKhm: 254| 99|uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len) { 255| 99| if(record_len == 0 || record_len > 0xFFFF) { ------------------ | Branch (255:7): [True: 0, False: 99] | Branch (255:26): [True: 0, False: 99] ------------------ 256| 0| return 0; 257| 0| } 258| | 259| 99| const uint16_t rec16 = static_cast(record_len); 260| | 261| | /* 262| | * TLS v1.0 and up require all the padding bytes be the same value 263| | * and allows up to 255 bytes. 264| | */ 265| | 266| 99| const uint16_t to_check = std::min(256, static_cast(record_len)); 267| 99| const uint8_t pad_byte = record[record_len - 1]; 268| 99| const uint16_t pad_bytes = 1 + pad_byte; 269| | 270| 99| auto pad_invalid = CT::Mask::is_lt(rec16, pad_bytes); 271| | 272| 22.1k| for(uint16_t i = rec16 - to_check; i != rec16; ++i) { ------------------ | Branch (272:39): [True: 22.0k, False: 99] ------------------ 273| 22.0k| const uint16_t offset = rec16 - i; 274| 22.0k| const auto in_pad_range = CT::Mask::is_lte(offset, pad_bytes); 275| 22.0k| const auto pad_correct = CT::Mask::is_equal(record[i], pad_byte); 276| 22.0k| pad_invalid |= in_pad_range & ~pad_correct; 277| 22.0k| } 278| | 279| 99| return pad_invalid.if_not_set_return(pad_bytes); 280| 99|} _ZN5Botan3TLS28TLS_CBC_HMAC_AEAD_DecryptionC2ENSt3__110unique_ptrINS_11BlockCipherENS2_14default_deleteIS4_EEEENS3_INS_25MessageAuthenticationCodeENS5_IS8_EEEEmmRKNS0_16Protocol_VersionEb: 288| 172| TLS_CBC_HMAC_AEAD_Mode(Cipher_Dir::Decryption, 289| 172| std::move(cipher), 290| 172| std::move(mac), 291| 172| cipher_keylen, 292| 172| mac_keylen, 293| 172| version, 294| 172| use_encrypt_then_mac) {} _ZN5Botan3TLS28TLS_CBC_HMAC_AEAD_Decryption18cbc_decrypt_recordEPhm: 296| 99|void TLS_CBC_HMAC_AEAD_Decryption::cbc_decrypt_record(uint8_t record_contents[], size_t record_len) { 297| 99| if(record_len == 0 || record_len % block_size() != 0) { ------------------ | Branch (297:7): [True: 0, False: 99] | Branch (297:26): [True: 0, False: 99] ------------------ 298| 0| throw Decoding_Error("Received TLS CBC ciphertext with invalid length"); 299| 0| } 300| | 301| 99| cbc().start(cbc_state()); 302| 99| cbc_state().assign(record_contents + record_len - block_size(), record_contents + record_len); 303| | 304| 99| cbc().process(record_contents, record_len); 305| 99|} _ZNK5Botan3TLS28TLS_CBC_HMAC_AEAD_Decryption13output_lengthEm: 307| 114|size_t TLS_CBC_HMAC_AEAD_Decryption::output_length(size_t /*input_length*/) const { 308| | /* 309| | * We don't know this because the padding is arbitrary 310| | */ 311| 114| return 0; 312| 114|} _ZN5Botan3TLS28TLS_CBC_HMAC_AEAD_Decryption31perform_additional_compressionsEmm: 356| 99|void TLS_CBC_HMAC_AEAD_Decryption::perform_additional_compressions(size_t plen, size_t padlen) { 357| 99| const bool is_sha384 = mac().name() == "HMAC(SHA-384)"; 358| 99| const uint16_t block_size = is_sha384 ? 128 : 64; ------------------ | Branch (358:32): [True: 19, False: 80] ------------------ 359| 99| const uint16_t max_bytes_in_first_block = is_sha384 ? 111 : 55; ------------------ | Branch (359:46): [True: 19, False: 80] ------------------ 360| | 361| | // number of maximum MACed bytes 362| 99| const uint16_t L1 = static_cast(13 + plen - tag_size()); 363| | // number of current MACed bytes (L1 - padlen) 364| | // Here the Lucky 13 paper is different because the padlen length in the paper 365| | // does not count the last message byte. 366| 99| const uint16_t L2 = static_cast(13 + plen - padlen - tag_size()); 367| | // From the paper, for SHA-256/SHA-1 compute: ceil((L1-55)/64) and ceil((L2-55)/64) 368| | // ceil((L1-55)/64) = floor((L1+64-1-55)/64) 369| | // Here we compute number of compressions for SHA-* in general 370| 99| const uint16_t max_compresssions = ((L1 + block_size - 1 - max_bytes_in_first_block) / block_size); 371| 99| const uint16_t current_compressions = ((L2 + block_size - 1 - max_bytes_in_first_block) / block_size); 372| | // number of additional compressions we have to perform 373| 99| const uint16_t add_compressions = max_compresssions - current_compressions; 374| 99| const uint16_t equal = CT::Mask::is_equal(max_compresssions, current_compressions).if_set_return(1); 375| | // We compute the data length we need to achieve the number of compressions. 376| | // If there are no compressions, we just add 55/111 dummy bytes so that no 377| | // compression is performed. 378| 99| const uint16_t data_len = block_size * add_compressions + equal * max_bytes_in_first_block; 379| 99| std::vector data(data_len); 380| 99| mac().update(data); 381| | // we do not need to clear the MAC since the connection is broken anyway 382| 99|} _ZN5Botan3TLS28TLS_CBC_HMAC_AEAD_Decryption10finish_msgERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 384| 114|void TLS_CBC_HMAC_AEAD_Decryption::finish_msg(secure_vector& buffer, size_t offset) { 385| 114| update(buffer, offset); 386| 114| buffer.resize(offset); 387| | 388| 114| const size_t record_len = msg().size(); 389| 114| uint8_t* record_contents = msg().data(); 390| | 391| | // This early exit does not leak info because all the values compared are public 392| 114| if(record_len < tag_size() || (record_len - (use_encrypt_then_mac() ? tag_size() : 0)) % block_size() != 0) { ------------------ | Branch (392:7): [True: 0, False: 114] | Branch (392:34): [True: 13, False: 101] | Branch (392:49): [True: 2, False: 112] ------------------ 393| 13| throw TLS_Exception(Alert::BadRecordMac, "Message authentication failure"); 394| 13| } 395| | 396| 101| if(use_encrypt_then_mac()) { ------------------ | Branch (396:7): [True: 2, False: 99] ------------------ 397| 2| const size_t enc_size = record_len - tag_size(); 398| 2| const size_t enc_iv_size = enc_size + iv_size(); 399| | 400| 2| BOTAN_ASSERT_NOMSG(enc_iv_size <= 0xFFFF); ------------------ | | 77| 2| do { \ | | 78| 2| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 2| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 2] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 2| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 2] | | ------------------ ------------------ 401| | 402| 2| mac().update(assoc_data_with_len(static_cast(enc_iv_size))); 403| 2| if(iv_size() > 0) { ------------------ | Branch (403:10): [True: 2, False: 0] ------------------ 404| 2| mac().update(cbc_state()); 405| 2| } 406| 2| mac().update(record_contents, enc_size); 407| | 408| 2| std::vector mac_buf(tag_size()); 409| 2| mac().final(mac_buf.data()); 410| | 411| 2| const size_t mac_offset = enc_size; 412| | 413| 2| const auto mac_ok = CT::is_equal(&record_contents[mac_offset], mac_buf.data(), tag_size()); 414| | 415| 2| if(!mac_ok.as_bool()) { ------------------ | Branch (415:10): [True: 2, False: 0] ------------------ 416| 2| throw TLS_Exception(Alert::BadRecordMac, "Message authentication failure"); 417| 2| } 418| | 419| 0| cbc_decrypt_record(record_contents, enc_size); 420| | 421| | // 0 if padding was invalid, otherwise 1 + padding_bytes 422| 0| const uint16_t pad_size = check_tls_cbc_padding(record_contents, enc_size); 423| | 424| | // No oracle here, whoever sent us this had the key since MAC check passed 425| 0| if(pad_size == 0) { ------------------ | Branch (425:10): [True: 0, False: 0] ------------------ 426| 0| throw TLS_Exception(Alert::BadRecordMac, "Message authentication failure"); 427| 0| } 428| | 429| 0| const uint8_t* plaintext_block = &record_contents[0]; 430| 0| const size_t plaintext_length = enc_size - pad_size; 431| | 432| 0| buffer.insert(buffer.end(), plaintext_block, plaintext_block + plaintext_length); 433| 99| } else { 434| 99| cbc_decrypt_record(record_contents, record_len); 435| | 436| 99| CT::poison(record_contents, record_len); 437| | 438| | // 0 if padding was invalid, otherwise 1 + padding_bytes 439| 99| uint16_t pad_size = check_tls_cbc_padding(record_contents, record_len); 440| | 441| | /* 442| | This mask is zero if there is not enough room in the packet to get a valid MAC. 443| | 444| | We have to accept empty packets, since otherwise we are not compatible 445| | with how OpenSSL's countermeasure for fixing BEAST in TLS 1.0 CBC works 446| | (sending empty records, instead of 1/(n-1) splitting) 447| | */ 448| | 449| | // We know the cast cannot overflow as pad_size <= 256 && tag_size <= 32 450| 99| const auto size_ok_mask = 451| 99| CT::Mask::is_lte(static_cast(tag_size() + pad_size), static_cast(record_len)); 452| | 453| 99| pad_size = size_ok_mask.if_set_return(pad_size); 454| | 455| 99| CT::unpoison(record_contents, record_len); 456| | 457| | /* 458| | This is unpoisoned sooner than it should. The pad_size leaks to plaintext_length and 459| | then to the timing channel in the MAC computation described in the Lucky 13 paper. 460| | */ 461| 99| CT::unpoison(pad_size); 462| | 463| 99| const uint8_t* plaintext_block = &record_contents[0]; 464| 99| const uint16_t plaintext_length = static_cast(record_len - tag_size() - pad_size); 465| | 466| 99| mac().update(assoc_data_with_len(plaintext_length)); 467| 99| mac().update(plaintext_block, plaintext_length); 468| | 469| 99| std::vector mac_buf(tag_size()); 470| 99| mac().final(mac_buf.data()); 471| | 472| 99| const size_t mac_offset = record_len - (tag_size() + pad_size); 473| | 474| 99| const auto mac_ok = CT::is_equal(&record_contents[mac_offset], mac_buf.data(), tag_size()); 475| | 476| 99| const auto ok_mask = size_ok_mask & CT::Mask::expand(mac_ok) & CT::Mask::expand(pad_size); 477| | 478| 99| CT::unpoison(ok_mask); 479| | 480| 99| if(ok_mask.as_bool()) { ------------------ | Branch (480:10): [True: 0, False: 99] ------------------ 481| 0| buffer.insert(buffer.end(), plaintext_block, plaintext_block + plaintext_length); 482| 99| } else { 483| 99| perform_additional_compressions(record_len, pad_size); 484| | 485| | /* 486| | * In DTLS case we have to finish computing the MAC since we require the 487| | * MAC state be reset for future packets. This extra timing channel may 488| | * be exploitable in a Lucky13 variant. 489| | */ 490| 99| if(is_datagram_protocol()) { ------------------ | Branch (490:13): [True: 0, False: 99] ------------------ 491| 0| mac().final(mac_buf); 492| 0| } 493| 99| throw TLS_Exception(Alert::BadRecordMac, "Message authentication failure"); 494| 99| } 495| 99| } 496| 101|} _ZN5Botan3TLS15Channel_Impl_12C2ERKNSt3__110shared_ptrINS0_9CallbacksEEERKNS3_INS0_15Session_ManagerEEERKNS3_INS_21RandomNumberGeneratorEEERKNS3_IKNS0_6PolicyEEEbbm: 34| 4.78k| m_is_server(is_server), 35| 4.78k| m_is_datagram(is_datagram), 36| 4.78k| m_callbacks(callbacks), 37| 4.78k| m_session_manager(session_manager), 38| 4.78k| m_policy(policy), 39| 4.78k| m_rng(rng), 40| 4.78k| m_has_been_closed(false) { 41| 4.78k| BOTAN_ASSERT_NONNULL(m_callbacks); ------------------ | | 116| 4.78k| do { \ | | 117| 4.78k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 4.78k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 4.78k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 4.78k] | | ------------------ ------------------ 42| 4.78k| BOTAN_ASSERT_NONNULL(m_session_manager); ------------------ | | 116| 4.78k| do { \ | | 117| 4.78k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 4.78k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 4.78k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 4.78k] | | ------------------ ------------------ 43| 4.78k| BOTAN_ASSERT_NONNULL(m_rng); ------------------ | | 116| 4.78k| do { \ | | 117| 4.78k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 4.78k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 4.78k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 4.78k] | | ------------------ ------------------ 44| 4.78k| BOTAN_ASSERT_NONNULL(m_policy); ------------------ | | 116| 4.78k| do { \ | | 117| 4.78k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 4.78k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 4.78k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 4.78k] | | ------------------ ------------------ 45| | 46| | /* epoch 0 is plaintext, thus null cipher state */ 47| 4.78k| m_write_cipher_states[0] = nullptr; 48| 4.78k| m_read_cipher_states[0] = nullptr; 49| | 50| 4.78k| m_writebuf.reserve(reserved_io_buffer_size); 51| 4.78k| m_readbuf.reserve(reserved_io_buffer_size); 52| 4.78k|} _ZN5Botan3TLS15Channel_Impl_1211reset_stateEv: 54| 2.70k|void Channel_Impl_12::reset_state() { 55| 2.70k| m_active_state.reset(); 56| 2.70k| m_pending_state.reset(); 57| 2.70k| m_readbuf.clear(); 58| 2.70k| m_write_cipher_states.clear(); 59| 2.70k| m_read_cipher_states.clear(); 60| 2.70k|} _ZN5Botan3TLS15Channel_Impl_12D2Ev: 77| 4.78k|Channel_Impl_12::~Channel_Impl_12() = default; _ZNK5Botan3TLS15Channel_Impl_1216sequence_numbersEv: 79| 44.0k|Connection_Sequence_Numbers& Channel_Impl_12::sequence_numbers() const { 80| 44.0k| BOTAN_ASSERT(m_sequence_numbers, "Have a sequence numbers object"); ------------------ | | 64| 44.0k| do { \ | | 65| 44.0k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 44.0k| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 44.0k] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 44.0k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 44.0k] | | ------------------ ------------------ 81| 44.0k| return *m_sequence_numbers; 82| 44.0k|} _ZNK5Botan3TLS15Channel_Impl_1223read_cipher_state_epochEt: 84| 308|std::shared_ptr Channel_Impl_12::read_cipher_state_epoch(uint16_t epoch) const { 85| 308| auto i = m_read_cipher_states.find(epoch); 86| 308| if(i == m_read_cipher_states.end()) { ------------------ | Branch (86:7): [True: 60, False: 248] ------------------ 87| 60| throw Internal_Error("TLS::Channel_Impl_12 No read cipherstate for epoch " + std::to_string(epoch)); 88| 60| } 89| 248| return i->second; 90| 308|} _ZNK5Botan3TLS15Channel_Impl_1224write_cipher_state_epochEt: 92| 21.2k|std::shared_ptr Channel_Impl_12::write_cipher_state_epoch(uint16_t epoch) const { 93| 21.2k| auto i = m_write_cipher_states.find(epoch); 94| 21.2k| if(i == m_write_cipher_states.end()) { ------------------ | Branch (94:7): [True: 0, False: 21.2k] ------------------ 95| 0| throw Internal_Error("TLS::Channel_Impl_12 No write cipherstate for epoch " + std::to_string(epoch)); 96| 0| } 97| 21.2k| return i->second; 98| 21.2k|} _ZNK5Botan3TLS15Channel_Impl_1221external_psk_identityEv: 107| 129|std::optional Channel_Impl_12::external_psk_identity() const { 108| 129| if(m_active_state.has_value()) { ------------------ | Branch (108:7): [True: 0, False: 129] ------------------ 109| 0| return m_active_state->psk_identity(); 110| 0| } 111| 129| if(const auto* state = pending_state()) { ------------------ | Branch (111:19): [True: 129, False: 0] ------------------ 112| 129| return state->psk_identity(); 113| 129| } 114| 0| return std::nullopt; 115| 129|} _ZN5Botan3TLS15Channel_Impl_1222create_handshake_stateENS0_16Protocol_VersionE: 117| 4.59k|Handshake_State& Channel_Impl_12::create_handshake_state(Protocol_Version version) { 118| 4.59k| if(pending_state() != nullptr) { ------------------ | Branch (118:7): [True: 0, False: 4.59k] ------------------ 119| 0| throw Internal_Error("create_handshake_state called during handshake"); 120| 0| } 121| | 122| 4.59k| if(m_active_state.has_value()) { ------------------ | Branch (122:7): [True: 0, False: 4.59k] ------------------ 123| 0| const Protocol_Version active_version = m_active_state->version(); 124| | 125| 0| if(active_version.is_datagram_protocol() != version.is_datagram_protocol()) { ------------------ | Branch (125:10): [True: 0, False: 0] ------------------ 126| 0| throw TLS_Exception(Alert::ProtocolVersion, 127| 0| "Active state using version " + active_version.to_string() + " cannot change to " + 128| 0| version.to_string() + " in pending"); 129| 0| } 130| 0| } 131| | 132| 4.59k| if(!m_sequence_numbers) { ------------------ | Branch (132:7): [True: 4.59k, False: 0] ------------------ 133| 4.59k| if(version.is_datagram_protocol()) { ------------------ | Branch (133:10): [True: 596, False: 3.99k] ------------------ 134| 596| m_sequence_numbers = std::make_unique(); 135| 3.99k| } else { 136| 3.99k| m_sequence_numbers = std::make_unique(); 137| 3.99k| } 138| 4.59k| } 139| | 140| 4.59k| using namespace std::placeholders; 141| | 142| 4.59k| std::unique_ptr io; 143| 4.59k| if(version.is_datagram_protocol()) { ------------------ | Branch (143:7): [True: 596, False: 3.99k] ------------------ 144| 596| const uint16_t mtu = static_cast(policy().dtls_default_mtu()); 145| 596| const size_t initial_timeout_ms = policy().dtls_initial_timeout(); 146| 596| const size_t max_timeout_ms = policy().dtls_maximum_timeout(); 147| | 148| 596| auto send_record_f = [this](uint16_t epoch, Record_Type record_type, const std::vector& record) { 149| 596| send_record_under_epoch(epoch, record_type, record); 150| 596| }; 151| 596| io = std::make_unique(send_record_f, 152| 596| sequence_numbers(), 153| 596| mtu, 154| 596| initial_timeout_ms, 155| 596| max_timeout_ms, 156| 596| policy().maximum_handshake_message_size()); 157| 3.99k| } else { 158| 3.99k| auto send_record_f = [this](Record_Type rec_type, const std::vector& record) { 159| 3.99k| send_record(rec_type, record); 160| 3.99k| }; 161| 3.99k| io = std::make_unique(send_record_f); 162| 3.99k| } 163| | 164| 4.59k| m_pending_state = new_handshake_state(std::move(io)); 165| | 166| 4.59k| if(m_active_state.has_value()) { ------------------ | Branch (166:7): [True: 0, False: 4.59k] ------------------ 167| 0| m_pending_state->set_version(m_active_state->version()); 168| 0| } 169| | 170| 4.59k| return *m_pending_state; 171| 4.59k|} _ZN5Botan3TLS15Channel_Impl_1225change_cipher_spec_readerENS0_15Connection_SideE: 202| 335|void Channel_Impl_12::change_cipher_spec_reader(Connection_Side side) { 203| 335| const auto* pending = pending_state(); 204| | 205| 335| BOTAN_ASSERT(pending && pending->server_hello(), "Have received server hello"); ------------------ | | 64| 335| do { \ | | 65| 335| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 670| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 335, False: 0] | | | Branch (66:12): [True: 335, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 335| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 335] | | ------------------ ------------------ 206| | 207| 335| if(pending->server_hello()->compression_method() != 0) { ------------------ | Branch (207:7): [True: 0, False: 335] ------------------ 208| 0| throw Internal_Error("Negotiated unknown compression algorithm"); 209| 0| } 210| | 211| 335| sequence_numbers().new_read_cipher_state(); 212| | 213| 335| const uint16_t epoch = sequence_numbers().current_read_epoch(); 214| | 215| 335| BOTAN_ASSERT(!m_read_cipher_states.contains(epoch), "No read cipher state currently set for next epoch"); ------------------ | | 64| 335| do { \ | | 65| 335| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 335| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 335] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 335| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 335] | | ------------------ ------------------ 216| | 217| | // flip side as we are reading 218| 335| auto read_state = std::make_shared( 219| 335| pending->version(), 220| 335| (side == Connection_Side::Client) ? Connection_Side::Server : Connection_Side::Client, ------------------ | Branch (220:7): [True: 0, False: 335] ------------------ 221| 335| false, 222| 335| pending->ciphersuite(), 223| 335| pending->session_keys(), 224| 335| pending->server_hello()->supports_encrypt_then_mac()); 225| | 226| 335| m_read_cipher_states[epoch] = read_state; 227| 335|} _ZN5Botan3TLS15Channel_Impl_1225change_cipher_spec_writerENS0_15Connection_SideE: 229| 129|void Channel_Impl_12::change_cipher_spec_writer(Connection_Side side) { 230| 129| const auto* pending = pending_state(); 231| | 232| 129| BOTAN_ASSERT(pending && pending->server_hello(), "Have received server hello"); ------------------ | | 64| 129| do { \ | | 65| 129| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 258| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 129, False: 0] | | | Branch (66:12): [True: 129, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 129| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 129] | | ------------------ ------------------ 233| | 234| 129| if(pending->server_hello()->compression_method() != 0) { ------------------ | Branch (234:7): [True: 0, False: 129] ------------------ 235| 0| throw Internal_Error("Negotiated unknown compression algorithm"); 236| 0| } 237| | 238| 129| sequence_numbers().new_write_cipher_state(); 239| | 240| 129| const uint16_t epoch = sequence_numbers().current_write_epoch(); 241| | 242| 129| BOTAN_ASSERT(!m_write_cipher_states.contains(epoch), "No write cipher state currently set for next epoch"); ------------------ | | 64| 129| do { \ | | 65| 129| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 129| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 129] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 129| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 129] | | ------------------ ------------------ 243| | 244| 129| auto write_state = std::make_shared(pending->version(), 245| 129| side, 246| 129| true, 247| 129| pending->ciphersuite(), 248| 129| pending->session_keys(), 249| 129| pending->server_hello()->supports_encrypt_then_mac()); 250| | 251| 129| m_write_cipher_states[epoch] = write_state; 252| 129|} _ZNK5Botan3TLS15Channel_Impl_129is_closedEv: 262| 3.21k|bool Channel_Impl_12::is_closed() const { 263| 3.21k| return m_has_been_closed; 264| 3.21k|} _ZN5Botan3TLS15Channel_Impl_1216activate_sessionEv: 266| 129|void Channel_Impl_12::activate_session() { 267| 129| BOTAN_ASSERT_NONNULL(m_pending_state); ------------------ | | 116| 129| do { \ | | 117| 129| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 129] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 129| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 129] | | ------------------ ------------------ 268| | 269| 129| const auto& state = *m_pending_state; 270| | 271| 129| if(!state.version().is_datagram_protocol()) { ------------------ | Branch (271:7): [True: 129, False: 0] ------------------ 272| | // TLS is easy just remove all but the current state 273| 129| const uint16_t current_epoch = sequence_numbers().current_write_epoch(); 274| | 275| 129| const auto not_current_epoch = [current_epoch](uint16_t epoch) { return (epoch != current_epoch); }; 276| | 277| 129| map_remove_if(not_current_epoch, m_write_cipher_states); 278| 129| map_remove_if(not_current_epoch, m_read_cipher_states); 279| 129| } 280| | 281| | // For DTLS, keep the handshake IO for last-flight retransmission. 282| 129| if(m_is_datagram) { ------------------ | Branch (282:7): [True: 0, False: 129] ------------------ 283| 0| m_active_state = Active_Connection_State_12(state, application_protocol(), m_pending_state->take_handshake_io()); 284| 129| } else { 285| 129| m_active_state = Active_Connection_State_12(state, application_protocol()); 286| 129| } 287| | 288| 129| m_pending_state.reset(); 289| | 290| 129| callbacks().tls_session_activated(); 291| 129|} _ZN5Botan3TLS15Channel_Impl_129from_peerENSt3__14spanIKhLm18446744073709551615EEE: 293| 4.78k|size_t Channel_Impl_12::from_peer(std::span data) { 294| 4.78k| const bool allow_epoch0_restart = m_is_datagram && m_is_server && policy().allow_dtls_epoch0_restart(); ------------------ | Branch (294:38): [True: 793, False: 3.99k] | Branch (294:55): [True: 793, False: 0] | Branch (294:70): [True: 0, False: 793] ------------------ 295| | 296| 4.78k| const auto* input = data.data(); 297| 4.78k| auto input_size = data.size(); 298| | 299| 4.78k| try { 300| 24.9k| while(input_size > 0) { ------------------ | Branch (300:13): [True: 21.2k, False: 3.76k] ------------------ 301| 21.2k| size_t consumed = 0; 302| | 303| 21.2k| auto get_epoch = [this](uint16_t epoch) { return read_cipher_state_epoch(epoch); }; 304| | 305| 21.2k| const Record_Header record = read_record(m_is_datagram, 306| 21.2k| m_readbuf, 307| 21.2k| input, 308| 21.2k| input_size, 309| 21.2k| consumed, 310| 21.2k| m_record_buf, 311| 21.2k| m_sequence_numbers.get(), 312| 21.2k| get_epoch, 313| 21.2k| allow_epoch0_restart); 314| | 315| 21.2k| const size_t needed = record.needed(); 316| | 317| 21.2k| BOTAN_ASSERT(consumed > 0, "Got to eat something"); ------------------ | | 64| 21.2k| do { \ | | 65| 21.2k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 21.2k| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 21.2k] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 21.2k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 21.2k] | | ------------------ ------------------ 318| | 319| 21.2k| BOTAN_ASSERT(consumed <= input_size, "Record reader consumed sane amount"); ------------------ | | 64| 21.2k| do { \ | | 65| 21.2k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 21.2k| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 21.2k] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 21.2k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 21.2k] | | ------------------ ------------------ 320| | 321| 21.2k| input += consumed; 322| 21.2k| input_size -= consumed; 323| | 324| 21.2k| BOTAN_ASSERT(input_size == 0 || needed == 0, "Got a full record or consumed all input"); ------------------ | | 64| 21.2k| do { \ | | 65| 21.2k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 38.4k| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 3.96k, False: 17.2k] | | | Branch (66:12): [True: 17.2k, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 21.2k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 21.2k] | | ------------------ ------------------ 325| | 326| 21.2k| if(input_size == 0 && needed != 0) { ------------------ | Branch (326:13): [True: 3.23k, False: 17.9k] | Branch (326:32): [True: 694, False: 2.53k] ------------------ 327| 694| return needed; // need more data to complete record 328| 694| } 329| | 330| | // Ignore invalid records in DTLS 331| 20.5k| if(m_is_datagram && record.type() == Record_Type::Invalid) { ------------------ | Branch (331:13): [True: 2.14k, False: 18.3k] | Branch (331:30): [True: 245, False: 1.89k] ------------------ 332| 245| return 0; 333| 245| } 334| | 335| 20.2k| if(m_record_buf.size() > MAX_PLAINTEXT_SIZE) { ------------------ | Branch (335:13): [True: 0, False: 20.2k] ------------------ 336| 0| throw TLS_Exception(Alert::RecordOverflow, "TLS plaintext record is larger than allowed maximum"); 337| 0| } 338| | 339| 20.2k| const bool epoch0_restart = m_is_datagram && record.epoch() == 0 && m_active_state.has_value(); ------------------ | Branch (339:38): [True: 1.89k, False: 18.3k] | Branch (339:55): [True: 1.89k, False: 0] | Branch (339:78): [True: 0, False: 1.89k] ------------------ 340| 20.2k| BOTAN_ASSERT_IMPLICATION(epoch0_restart, allow_epoch0_restart, "Allowed state"); ------------------ | | 103| 20.2k| do { \ | | 104| 20.2k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 105| 20.2k| if((expr1) && !(expr2)) { \ | | ------------------ | | | Branch (105:10): [True: 0, False: 20.2k] | | | Branch (105:21): [True: 0, False: 0] | | ------------------ | | 106| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 107| 0| Botan::assertion_failure(#expr1 " implies " #expr2, msg, __func__, __FILE__, __LINE__); \ | | 108| 0| } \ | | 109| 20.2k| } while(0) | | ------------------ | | | Branch (109:12): [Folded, False: 20.2k] | | ------------------ ------------------ 341| | 342| 20.2k| const bool initial_record = epoch0_restart || (pending_state() == nullptr && !m_active_state.has_value()); ------------------ | Branch (342:38): [True: 733, False: 19.5k] | Branch (342:57): [True: 5.94k, False: 13.5k] | Branch (342:87): [True: 5.94k, False: 0] ------------------ 343| 20.2k| bool initial_handshake_message = false; 344| 20.2k| if(record.type() == Record_Type::Handshake && !m_record_buf.empty()) { ------------------ | Branch (344:13): [True: 17.9k, False: 2.30k] | Branch (344:56): [True: 17.5k, False: 437] ------------------ 345| 17.5k| const Handshake_Type type = static_cast(m_record_buf[0]); 346| 17.5k| initial_handshake_message = (type == Handshake_Type::ClientHello); 347| 17.5k| } 348| | 349| 20.2k| if(record.type() != Record_Type::Alert) { ------------------ | Branch (349:13): [True: 18.1k, False: 2.17k] ------------------ 350| 18.1k| if(initial_record) { ------------------ | Branch (350:16): [True: 4.63k, False: 13.4k] ------------------ 351| | // For initial records just check for basic sanity 352| 4.63k| if(record.version().major_version() != 3 && record.version().major_version() != 0xFE) { ------------------ | Branch (352:19): [True: 641, False: 3.99k] | Branch (352:19): [True: 15, False: 4.62k] | Branch (352:60): [True: 15, False: 626] ------------------ 353| 15| throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version in initial record"); 354| 15| } 355| 13.4k| } else if(const auto* pending = pending_state()) { ------------------ | Branch (355:35): [True: 13.4k, False: 0] ------------------ 356| 13.4k| if(pending->server_hello() != nullptr && !initial_handshake_message && ------------------ | Branch (356:19): [True: 2.97k, False: 10.4k] | Branch (356:19): [True: 11, False: 13.4k] | Branch (356:57): [True: 2.82k, False: 150] ------------------ 357| 2.82k| record.version() != pending->version()) { ------------------ | Branch (357:19): [True: 11, False: 2.81k] ------------------ 358| 11| throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version"); 359| 11| } 360| 13.4k| } else if(m_active_state.has_value()) { ------------------ | Branch (360:23): [True: 0, False: 0] ------------------ 361| 0| if(record.version() != m_active_state->version() && !initial_handshake_message) { ------------------ | Branch (361:19): [True: 0, False: 0] | Branch (361:19): [True: 0, False: 0] | Branch (361:68): [True: 0, False: 0] ------------------ 362| 0| throw TLS_Exception(Alert::ProtocolVersion, "Received unexpected record version"); 363| 0| } 364| 0| } 365| 18.1k| } 366| | 367| 20.2k| if(record.type() == Record_Type::Handshake || record.type() == Record_Type::ChangeCipherSpec) { ------------------ | Branch (367:13): [True: 18.6k, False: 1.56k] | Branch (367:56): [True: 60, False: 1.50k] ------------------ 368| 18.0k| if(m_has_been_closed) { ------------------ | Branch (368:16): [True: 1, False: 18.0k] ------------------ 369| 1| throw TLS_Exception(Alert::UnexpectedMessage, "Received handshake data after connection closure"); 370| 1| } 371| 18.0k| process_handshake_ccs(m_record_buf, record.sequence(), record.type(), record.version(), epoch0_restart); 372| 18.0k| } else if(record.type() == Record_Type::ApplicationData) { ------------------ | Branch (372:20): [True: 8, False: 2.23k] ------------------ 373| 8| if(m_has_been_closed) { ------------------ | Branch (373:16): [True: 1, False: 7] ------------------ 374| 1| throw TLS_Exception(Alert::UnexpectedMessage, "Received application data after connection closure"); 375| 1| } 376| 7| if(pending_state() != nullptr) { ------------------ | Branch (376:16): [True: 3, False: 4] ------------------ 377| 3| throw TLS_Exception(Alert::UnexpectedMessage, "Can't interleave application and handshake data"); 378| 3| } 379| 4| process_application_data(record.sequence(), m_record_buf); 380| 2.23k| } else if(record.type() == Record_Type::Alert) { ------------------ | Branch (380:20): [True: 1.44k, False: 789] ------------------ 381| 1.44k| process_alert(m_record_buf); 382| 1.44k| } else if(record.type() != Record_Type::Invalid) { ------------------ | Branch (382:20): [True: 56, False: 733] ------------------ 383| 56| throw Unexpected_Message("Unexpected record type " + std::to_string(static_cast(record.type())) + 384| 56| " from counterparty"); 385| 56| } 386| 20.2k| } 387| | 388| 3.76k| return 0; // on a record boundary 389| 4.78k| } catch(TLS_Exception& e) { 390| 1.97k| send_fatal_alert(e.type()); 391| 1.97k| throw; 392| 1.97k| } catch(Invalid_Authentication_Tag&) { 393| 130| send_fatal_alert(Alert::BadRecordMac); 394| 130| throw; 395| 600| } catch(Decoding_Error&) { 396| 600| send_fatal_alert(Alert::DecodeError); 397| 600| throw; 398| 600| } catch(...) { 399| 4| send_fatal_alert(Alert::InternalError); 400| 4| throw; 401| 4| } 402| 4.78k|} _ZN5Botan3TLS15Channel_Impl_1221process_handshake_ccsERKNSt3__16vectorIhNS_16secure_allocatorIhEEEEmNS0_11Record_TypeENS0_16Protocol_VersionEb: 408| 18.0k| bool epoch0_restart) { 409| 18.0k| if(!m_pending_state) { ------------------ | Branch (409:7): [True: 4.59k, False: 13.4k] ------------------ 410| | // No pending handshake, possibly new: 411| 4.59k| if(record_version.is_datagram_protocol() && !epoch0_restart) { ------------------ | Branch (411:10): [True: 596, False: 3.99k] | Branch (411:51): [True: 596, False: 0] ------------------ 412| 596| if(m_sequence_numbers) { ------------------ | Branch (412:13): [True: 0, False: 596] ------------------ 413| | /* 414| | * Might be a peer retransmit under epoch - 1 in which 415| | * case we must retransmit last flight 416| | */ 417| 0| sequence_numbers().read_accept(record_sequence); 418| | 419| 0| const uint16_t epoch = record_sequence >> 48; 420| | 421| 0| const uint16_t current_epoch = sequence_numbers().current_read_epoch(); 422| 0| if(epoch == current_epoch) { ------------------ | Branch (422:16): [True: 0, False: 0] ------------------ 423| 0| create_handshake_state(record_version); 424| 0| } else if(current_epoch > 0 && epoch == current_epoch - 1) { ------------------ | Branch (424:23): [True: 0, False: 0] | Branch (424:44): [True: 0, False: 0] ------------------ 425| 0| BOTAN_ASSERT(m_active_state.has_value() && m_active_state->dtls_handshake_io(), ------------------ | | 64| 0| do { \ | | 65| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 0| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 0, False: 0] | | | Branch (66:12): [True: 0, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 0| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 0] | | ------------------ ------------------ 426| 0| "Have DTLS handshake IO for retransmission"); 427| 0| m_active_state->dtls_handshake_io()->add_record( 428| 0| record.data(), record.size(), record_type, record_sequence); 429| 0| } 430| 596| } else { 431| 596| create_handshake_state(record_version); 432| 596| } 433| 3.99k| } else { 434| 3.99k| create_handshake_state(record_version); 435| 3.99k| } 436| 4.59k| } 437| | 438| | // May have been created in above conditional 439| 18.0k| if(m_pending_state) { ------------------ | Branch (439:7): [True: 18.0k, False: 0] ------------------ 440| 18.0k| m_pending_state->handshake_io().add_record(record.data(), record.size(), record_type, record_sequence); 441| | 442| 33.3k| while(auto* pending = m_pending_state.get()) { ------------------ | Branch (442:19): [True: 31.4k, False: 1.86k] ------------------ 443| 31.4k| auto msg = pending->get_next_handshake_msg(policy().maximum_handshake_message_size()); 444| | 445| 31.4k| if(msg.first == Handshake_Type::None) { // no full handshake yet ------------------ | Branch (445:13): [True: 16.0k, False: 15.4k] ------------------ 446| 16.0k| break; 447| 16.0k| } 448| | 449| 15.4k| process_handshake_msg(*pending, msg.first, msg.second, epoch0_restart); 450| | 451| 15.4k| if(!m_pending_state) { ------------------ | Branch (451:13): [True: 129, False: 15.3k] ------------------ 452| 129| break; 453| 129| } 454| 15.4k| } 455| 18.0k| } 456| 18.0k|} _ZN5Botan3TLS15Channel_Impl_1224process_application_dataEmRKNSt3__16vectorIhNS_16secure_allocatorIhEEEE: 458| 4|void Channel_Impl_12::process_application_data(uint64_t seq_no, const secure_vector& record) { 459| 4| if(!m_active_state.has_value()) { ------------------ | Branch (459:7): [True: 4, False: 0] ------------------ 460| 4| throw Unexpected_Message("Application data before handshake done"); 461| 4| } 462| | 463| | // ApplicationData must arrive under a non-zero read epoch 464| 0| const uint16_t read_epoch = 465| 0| m_is_datagram ? static_cast(seq_no >> 48) : sequence_numbers().current_read_epoch(); ------------------ | Branch (465:7): [True: 0, False: 0] ------------------ 466| 0| if(read_epoch == 0) { ------------------ | Branch (466:7): [True: 0, False: 0] ------------------ 467| 0| throw Unexpected_Message("Application data received in unexpected read epoch"); 468| 0| } 469| | 470| 0| callbacks().tls_record_received(seq_no, record); 471| 0|} _ZN5Botan3TLS15Channel_Impl_1213process_alertERKNSt3__16vectorIhNS_16secure_allocatorIhEEEE: 473| 1.44k|void Channel_Impl_12::process_alert(const secure_vector& record) { 474| 1.44k| const Alert alert_msg(record); 475| | 476| | // RFC 5246 7.2.2: 477| | // no_renegotiation 478| | // Sent by the client in response to a hello request or by the 479| | // server in response to a client hello after initial handshaking. 480| 1.44k| if(alert_msg.type() == Alert::NoRenegotiation && m_active_state.has_value()) { ------------------ | Branch (480:7): [True: 179, False: 1.26k] | Branch (480:53): [True: 0, False: 179] ------------------ 481| 0| m_pending_state.reset(); 482| 0| } 483| | 484| 1.44k| callbacks().tls_alert(alert_msg); 485| | 486| | // If the alert is fatal on an active session, prevent later resumptions 487| 1.44k| if(alert_msg.is_fatal() && m_active_state.has_value()) { ------------------ | Branch (487:7): [True: 747, False: 694] | Branch (487:31): [True: 0, False: 747] ------------------ 488| 0| const auto& sid = m_active_state->session_id(); 489| 0| if(!sid.empty()) { ------------------ | Branch (489:10): [True: 0, False: 0] ------------------ 490| 0| session_manager().remove(Session_Handle(sid)); 491| 0| } 492| 0| } 493| | 494| 1.44k| if(alert_msg.type() == Alert::CloseNotify) { ------------------ | Branch (494:7): [True: 506, False: 935] ------------------ 495| | // TLS 1.2 requires us to immediately react with our "close_notify", 496| | // the return value of the application's callback has no effect on that. 497| 506| callbacks().tls_peer_closed_connection(); 498| 506| send_warning_alert(Alert::CloseNotify); // reply in kind 499| 506| } 500| | 501| 1.44k| if(alert_msg.type() == Alert::CloseNotify || alert_msg.is_fatal()) { ------------------ | Branch (501:7): [True: 531, False: 910] | Branch (501:49): [True: 417, False: 493] ------------------ 502| 923| m_has_been_closed = true; 503| 923| } 504| 1.44k|} _ZN5Botan3TLS15Channel_Impl_1212write_recordEPNS0_23Connection_Cipher_StateEtNS0_11Record_TypeEPKhm: 510| 21.2k| size_t length) { 511| 21.2k| BOTAN_ASSERT(m_pending_state || m_active_state.has_value(), "Some connection state exists"); ------------------ | | 64| 21.2k| do { \ | | 65| 21.2k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 21.3k| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 21.1k, False: 104] | | | Branch (66:12): [True: 104, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 21.2k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 21.2k] | | ------------------ ------------------ 512| | 513| 21.2k| const Protocol_Version record_version = (m_pending_state) ? (m_pending_state->version()) : m_active_state->version(); ------------------ | Branch (513:44): [True: 21.1k, False: 104] ------------------ 514| | 515| 21.2k| const uint64_t next_seq = sequence_numbers().next_write_sequence(epoch); 516| | 517| 21.2k| if(cipher_state == nullptr) { ------------------ | Branch (517:7): [True: 20.9k, False: 233] ------------------ 518| 20.9k| TLS::write_unencrypted_record(m_writebuf, record_type, record_version, next_seq, input, length); 519| 20.9k| } else { 520| 233| TLS::write_record(m_writebuf, record_type, record_version, next_seq, input, length, *cipher_state, rng()); 521| 233| } 522| | 523| 21.2k| callbacks().tls_emit_data(m_writebuf); 524| 21.2k|} _ZN5Botan3TLS15Channel_Impl_1217send_record_arrayEtNS0_11Record_TypeEPKhm: 526| 21.2k|void Channel_Impl_12::send_record_array(uint16_t epoch, Record_Type type, const uint8_t input[], size_t length) { 527| 21.2k| if(length == 0) { ------------------ | Branch (527:7): [True: 0, False: 21.2k] ------------------ 528| 0| return; 529| 0| } 530| | 531| 21.2k| auto cipher_state = write_cipher_state_epoch(epoch); 532| | 533| 42.4k| while(length > 0) { ------------------ | Branch (533:10): [True: 21.2k, False: 21.2k] ------------------ 534| 21.2k| const size_t sending = std::min(length, MAX_PLAINTEXT_SIZE); 535| 21.2k| write_record(cipher_state.get(), epoch, type, input, sending); 536| | 537| 21.2k| input += sending; 538| 21.2k| length -= sending; 539| 21.2k| } 540| 21.2k|} _ZN5Botan3TLS15Channel_Impl_1211send_recordENS0_11Record_TypeERKNSt3__16vectorIhNS3_9allocatorIhEEEE: 542| 21.2k|void Channel_Impl_12::send_record(Record_Type record_type, const std::vector& record) { 543| 21.2k| send_record_array(sequence_numbers().current_write_epoch(), record_type, record.data(), record.size()); 544| 21.2k|} _ZN5Botan3TLS15Channel_Impl_1210send_alertERKNS0_5AlertE: 560| 3.21k|void Channel_Impl_12::send_alert(const Alert& alert) { 561| 3.21k| const bool ready_to_send_anything = !is_closed() && m_sequence_numbers; ------------------ | Branch (561:40): [True: 2.71k, False: 497] | Branch (561:56): [True: 2.64k, False: 72] ------------------ 562| 3.21k| if(alert.is_valid() && ready_to_send_anything) { ------------------ | Branch (562:7): [True: 3.21k, False: 0] | Branch (562:27): [True: 2.64k, False: 569] ------------------ 563| 2.64k| try { 564| 2.64k| send_record(Record_Type::Alert, alert.serialize()); 565| 2.64k| } catch(...) { /* swallow it */ 566| 0| } 567| 2.64k| } 568| | 569| 3.21k| if(alert.type() == Alert::NoRenegotiation && m_active_state.has_value()) { ------------------ | Branch (569:7): [True: 0, False: 3.21k] | Branch (569:49): [True: 0, False: 0] ------------------ 570| 0| m_pending_state.reset(); 571| 0| } 572| | 573| 3.21k| if(alert.is_fatal()) { ------------------ | Branch (573:7): [True: 2.70k, False: 506] ------------------ 574| 2.70k| if(m_active_state.has_value()) { ------------------ | Branch (574:10): [True: 104, False: 2.60k] ------------------ 575| 104| const auto& sid = m_active_state->session_id(); 576| 104| if(!sid.empty()) { ------------------ | Branch (576:13): [True: 104, False: 0] ------------------ 577| 104| session_manager().remove(Session_Handle(sid)); 578| 104| } 579| 104| } 580| 2.70k| reset_state(); 581| 2.70k| } 582| | 583| 3.21k| if(alert.type() == Alert::CloseNotify || alert.is_fatal()) { ------------------ | Branch (583:7): [True: 506, False: 2.70k] | Branch (583:45): [True: 2.70k, False: 0] ------------------ 584| 3.21k| m_has_been_closed = true; 585| 3.21k| } 586| 3.21k|} _ZN5Botan3TLS15Channel_Impl_1226secure_renegotiation_checkEPKNS0_15Client_Hello_12E: 588| 3.49k|void Channel_Impl_12::secure_renegotiation_check(const Client_Hello_12* client_hello) { 589| 3.49k| BOTAN_ASSERT_NONNULL(client_hello); ------------------ | | 116| 3.49k| do { \ | | 117| 3.49k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 3.49k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 3.49k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 3.49k] | | ------------------ ------------------ 590| 3.49k| const bool secure_renegotiation = client_hello->secure_renegotiation(); 591| | 592| 3.49k| if(m_active_state && m_active_state->client_supports_secure_renegotiation() != secure_renegotiation) { ------------------ | Branch (592:7): [True: 0, False: 3.49k] | Branch (592:25): [True: 0, False: 0] ------------------ 593| 0| throw TLS_Exception(Alert::HandshakeFailure, "Client changed its mind about secure renegotiation"); 594| 0| } 595| | 596| 3.49k| if(secure_renegotiation) { ------------------ | Branch (596:7): [True: 216, False: 3.28k] ------------------ 597| 216| const std::vector& data = client_hello->renegotiation_info(); 598| | 599| 216| const auto expected = secure_renegotiation_data_for_client_hello(); 600| 216| if(!CT::is_equal(data, expected).as_bool()) { ------------------ | Branch (600:10): [True: 1, False: 215] ------------------ 601| 1| throw TLS_Exception(Alert::HandshakeFailure, "Client sent bad values for secure renegotiation"); 602| 1| } 603| 216| } 604| 3.49k|} _ZN5Botan3TLS15Channel_Impl_1226secure_renegotiation_checkEPKNS0_15Server_Hello_12E: 606| 3.22k|void Channel_Impl_12::secure_renegotiation_check(const Server_Hello_12* server_hello) { 607| 3.22k| BOTAN_ASSERT_NONNULL(server_hello); ------------------ | | 116| 3.22k| do { \ | | 117| 3.22k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 3.22k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 3.22k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 3.22k] | | ------------------ ------------------ 608| 3.22k| const bool secure_renegotiation = server_hello->secure_renegotiation(); 609| | 610| 3.22k| if(m_active_state && m_active_state->server_supports_secure_renegotiation() != secure_renegotiation) { ------------------ | Branch (610:7): [True: 0, False: 3.22k] | Branch (610:25): [True: 0, False: 0] ------------------ 611| 0| throw TLS_Exception(Alert::HandshakeFailure, "Server changed its mind about secure renegotiation"); 612| 0| } 613| | 614| 3.22k| if(secure_renegotiation) { ------------------ | Branch (614:7): [True: 175, False: 3.05k] ------------------ 615| 175| const std::vector& data = server_hello->renegotiation_info(); 616| | 617| 175| const auto expected = secure_renegotiation_data_for_server_hello(); 618| 175| if(!CT::is_equal(data, expected).as_bool()) { ------------------ | Branch (618:10): [True: 0, False: 175] ------------------ 619| 0| throw TLS_Exception(Alert::HandshakeFailure, "Server sent bad values for secure renegotiation"); 620| 0| } 621| 175| } 622| 3.22k|} _ZNK5Botan3TLS15Channel_Impl_1242secure_renegotiation_data_for_client_helloEv: 624| 216|std::vector Channel_Impl_12::secure_renegotiation_data_for_client_hello() const { 625| 216| if(m_active_state.has_value()) { ------------------ | Branch (625:7): [True: 0, False: 216] ------------------ 626| 0| return m_active_state->client_finished_verify_data(); 627| 0| } 628| 216| return std::vector(); 629| 216|} _ZNK5Botan3TLS15Channel_Impl_1242secure_renegotiation_data_for_server_helloEv: 631| 3.40k|std::vector Channel_Impl_12::secure_renegotiation_data_for_server_hello() const { 632| 3.40k| if(m_active_state.has_value()) { ------------------ | Branch (632:7): [True: 0, False: 3.40k] ------------------ 633| 0| return concat(m_active_state->client_finished_verify_data(), m_active_state->server_finished_verify_data()); 634| 3.40k| } else { 635| 3.40k| return {}; 636| 3.40k| } 637| 3.40k|} tls_channel_impl_12.cpp:_ZZN5Botan3TLS15Channel_Impl_1222create_handshake_stateENS0_16Protocol_VersionEENK3$_1clENS0_11Record_TypeERKNSt3__16vectorIhNS5_9allocatorIhEEEE: 158| 18.5k| auto send_record_f = [this](Record_Type rec_type, const std::vector& record) { 159| 18.5k| send_record(rec_type, record); 160| 18.5k| }; tls_channel_impl_12.cpp:_ZZN5Botan3TLS15Channel_Impl_1216activate_sessionEvENK3$_0clEt: 275| 516| const auto not_current_epoch = [current_epoch](uint16_t epoch) { return (epoch != current_epoch); }; tls_channel_impl_12.cpp:_ZZN5Botan3TLS15Channel_Impl_129from_peerENSt3__14spanIKhLm18446744073709551615EEEENK3$_0clEt: 303| 308| auto get_epoch = [this](uint16_t epoch) { return read_cipher_state_epoch(epoch); }; _ZN5Botan3TLS26Active_Connection_State_12D2Ev: 15| 258|Active_Connection_State_12::~Active_Connection_State_12() = default; _ZN5Botan3TLS26Active_Connection_State_12C2EOS1_: 16| 129|Active_Connection_State_12::Active_Connection_State_12(Active_Connection_State_12&&) noexcept = default; _ZN5Botan3TLS26Active_Connection_State_12C2ERKNS0_15Handshake_StateENSt3__112basic_stringIcNS5_11char_traitsIcEENS5_9allocatorIcEEEE: 20| 129| m_version(state.version()), 21| 129| m_ciphersuite_code(state.server_hello()->ciphersuite()), 22| 129| m_application_protocol(std::move(application_protocol)), 23| 129| m_peer_certs(state.peer_cert_chain()), 24| 129| m_client_random(state.client_hello()->random()), 25| 129| m_psk_identity(state.psk_identity()), 26| 129| m_server_random(state.server_hello()->random()), 27| 129| m_session_id(state.server_hello()->session_id()), 28| 129| m_master_secret(state.session_keys().master_secret()), 29| 129| m_prf_algo(state.ciphersuite().prf_algo()), 30| 129| m_client_supports_secure_renegotiation(state.client_hello()->secure_renegotiation()), 31| 129| m_server_supports_secure_renegotiation(state.server_hello()->secure_renegotiation()), 32| 129| m_client_finished_verify_data(state.client_finished()->verify_data()), 33| 129| m_server_finished_verify_data(state.server_finished()->verify_data()), 34| 129| m_supports_extended_master_secret(state.server_hello()->supports_extended_master_secret()) {} _ZN5Botan3TLS23Renegotiation_ExtensionC2ERNS0_15TLS_Data_ReaderEt: 24| 207| m_reneg_data(reader.get_range(1, 0, 255)) { 25| 207| if(m_reneg_data.size() + 1 != extension_size) { ------------------ | Branch (25:7): [True: 9, False: 198] ------------------ 26| 9| throw Decoding_Error("Bad encoding for secure renegotiation extn"); 27| 9| } 28| 207|} _ZNK5Botan3TLS23Renegotiation_Extension9serializeENS0_15Connection_SideE: 30| 175|std::vector Renegotiation_Extension::serialize(Connection_Side /*whoami*/) const { 31| 175| std::vector buf; 32| 175| append_tls_length_value(buf, m_reneg_data, 1); 33| 175| return buf; 34| 175|} _ZNK5Botan3TLS23Supported_Point_Formats9serializeENS0_15Connection_SideE: 36| 112|std::vector Supported_Point_Formats::serialize(Connection_Side /*whoami*/) const { 37| | // if this extension is sent, it MUST include uncompressed (RFC 4492, section 5.1) 38| 112| if(m_prefers_compressed) { ------------------ | Branch (38:7): [True: 0, False: 112] ------------------ 39| 0| return std::vector{2, ANSIX962_COMPRESSED_PRIME, UNCOMPRESSED}; 40| 112| } else { 41| 112| return std::vector{1, UNCOMPRESSED}; 42| 112| } 43| 112|} _ZN5Botan3TLS23Supported_Point_FormatsC2ERNS0_15TLS_Data_ReaderEt: 45| 348|Supported_Point_Formats::Supported_Point_Formats(TLS_Data_Reader& reader, uint16_t extension_size) { 46| 348| const uint8_t len = reader.get_byte(); 47| | 48| 348| if(len + 1 != extension_size) { ------------------ | Branch (48:7): [True: 9, False: 339] ------------------ 49| 9| throw Decoding_Error("Inconsistent length field in supported point formats list"); 50| 9| } 51| | 52| 339| bool includes_uncompressed = false; 53| 1.55k| for(size_t i = 0; i != len; ++i) { ------------------ | Branch (53:22): [True: 1.54k, False: 8] ------------------ 54| 1.54k| const uint8_t format = reader.get_byte(); 55| | 56| 1.54k| if(static_cast(format) == UNCOMPRESSED) { ------------------ | Branch (56:10): [True: 133, False: 1.41k] ------------------ 57| 133| m_prefers_compressed = false; 58| 133| reader.discard_next(len - i - 1); 59| 133| return; 60| 1.41k| } else if(static_cast(format) == ANSIX962_COMPRESSED_PRIME) { ------------------ | Branch (60:17): [True: 198, False: 1.21k] ------------------ 61| 198| m_prefers_compressed = true; 62| 198| std::vector remaining_formats = reader.get_fixed(len - i - 1); 63| 198| includes_uncompressed = 64| 198| std::any_of(std::begin(remaining_formats), std::end(remaining_formats), [](uint8_t remaining_format) { 65| 198| return static_cast(remaining_format) == UNCOMPRESSED; 66| 198| }); 67| 198| break; 68| 198| } 69| | 70| | // ignore ANSIX962_COMPRESSED_CHAR2, we don't support these curves 71| 1.54k| } 72| | 73| | // RFC 4492 5.1.: 74| | // If the Supported Point Formats Extension is indeed sent, it MUST contain the value 0 (uncompressed) 75| | // as one of the items in the list of point formats. 76| | // Note: 77| | // RFC 8422 5.1.2. explicitly requires this check, 78| | // but only if the Supported Groups extension was sent. 79| 206| if(!includes_uncompressed) { ------------------ | Branch (79:7): [True: 14, False: 192] ------------------ 80| 14| throw TLS_Exception(Alert::IllegalParameter, 81| 14| "Supported Point Formats Extension must contain the uncompressed point format"); 82| 14| } 83| 206|} _ZN5Botan3TLS24Session_Ticket_ExtensionC2ERNS0_15TLS_Data_ReaderEtNS0_15Connection_SideE: 87| 203| Connection_Side from) { 88| | // RFC 5077 3.2: in a ServerHello the SessionTicket extension is just a 89| | // flag indicating that a NewSessionTicket handshake message will follow; 90| | // its extension_data MUST be empty. A ticket body is only valid in a 91| | // ClientHello. 92| 203| if(from == Connection_Side::Server && extension_size != 0) { ------------------ | Branch (92:7): [True: 7, False: 196] | Branch (92:42): [True: 1, False: 6] ------------------ 93| 1| throw Decoding_Error("Server sent a non-empty SessionTicket extension"); 94| 1| } 95| 202| m_ticket = Session_Ticket(reader.get_elem>(extension_size)); 96| 202|} _ZN5Botan3TLS22Extended_Master_SecretC2ERNS0_15TLS_Data_ReaderEt: 98| 6.75k|Extended_Master_Secret::Extended_Master_Secret(TLS_Data_Reader& /*unused*/, uint16_t extension_size) { 99| 6.75k| if(extension_size != 0) { ------------------ | Branch (99:7): [True: 2, False: 6.75k] ------------------ 100| 2| throw Decoding_Error("Invalid extended_master_secret extension"); 101| 2| } 102| 6.75k|} _ZNK5Botan3TLS22Extended_Master_Secret9serializeENS0_15Connection_SideE: 104| 3.22k|std::vector Extended_Master_Secret::serialize(Connection_Side /*whoami*/) const { 105| 3.22k| return std::vector(); 106| 3.22k|} _ZN5Botan3TLS16Encrypt_then_MACC2ERNS0_15TLS_Data_ReaderEt: 108| 259|Encrypt_then_MAC::Encrypt_then_MAC(TLS_Data_Reader& /*unused*/, uint16_t extension_size) { 109| 259| if(extension_size != 0) { ------------------ | Branch (109:7): [True: 6, False: 253] ------------------ 110| 6| throw Decoding_Error("Invalid encrypt_then_mac extension"); 111| 6| } 112| 259|} _ZNK5Botan3TLS16Encrypt_then_MAC9serializeENS0_15Connection_SideE: 114| 112|std::vector Encrypt_then_MAC::serialize(Connection_Side /*whoami*/) const { 115| 112| return std::vector(); 116| 112|} tls_extensions_12.cpp:_ZZN5Botan3TLS23Supported_Point_FormatsC1ERNS0_15TLS_Data_ReaderEtENK3$_0clEh: 64| 1.02k| std::any_of(std::begin(remaining_formats), std::end(remaining_formats), [](uint8_t remaining_format) { 65| 1.02k| return static_cast(remaining_format) == UNCOMPRESSED; 66| 1.02k| }); _ZNK5Botan3TLS14Handshake_Hash5finalENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 17| 1.72k|secure_vector Handshake_Hash::final(std::string_view mac_algo) const { 18| 1.72k| std::string hash_algo(mac_algo); 19| 1.72k| if(hash_algo == "SHA-1") { ------------------ | Branch (19:7): [True: 680, False: 1.04k] ------------------ 20| 680| hash_algo = "SHA-256"; 21| 680| } 22| | 23| 1.72k| auto hash = HashFunction::create_or_throw(hash_algo); 24| 1.72k| hash->update(m_data); 25| 1.72k| return hash->final(); 26| 1.72k|} _ZNK5Botan3TLS19Stream_Handshake_IO22initial_record_versionEv: 52| 3.99k|Protocol_Version Stream_Handshake_IO::initial_record_version() const { 53| 3.99k| return Protocol_Version::TLS_V12; 54| 3.99k|} _ZN5Botan3TLS19Stream_Handshake_IO10add_recordEPKhmNS0_11Record_TypeEm: 59| 17.1k| uint64_t /*sequence_number*/) { 60| 17.1k| if(record_type == Record_Type::Handshake) { ------------------ | Branch (60:7): [True: 17.1k, False: 16] ------------------ 61| 17.1k| m_queue.insert(m_queue.end(), record, record + record_len); 62| 17.1k| } else if(record_type == Record_Type::ChangeCipherSpec) { ------------------ | Branch (62:14): [True: 16, False: 0] ------------------ 63| 16| if(record_len != 1 || record[0] != 1) { ------------------ | Branch (63:10): [True: 2, False: 14] | Branch (63:29): [True: 2, False: 12] ------------------ 64| 4| throw Decoding_Error("Invalid ChangeCipherSpec"); 65| 4| } 66| | 67| | // Pretend it's a regular handshake message of zero length 68| 12| const uint8_t ccs_hs[] = {static_cast(Handshake_Type::HandshakeCCS), 0, 0, 0}; 69| 12| m_queue.insert(m_queue.end(), ccs_hs, ccs_hs + sizeof(ccs_hs)); 70| 12| } else { 71| 0| throw Decoding_Error("Unknown message type " + std::to_string(static_cast(record_type)) + 72| 0| " in handshake processing"); 73| 0| } 74| 17.1k|} _ZN5Botan3TLS19Stream_Handshake_IO15get_next_recordEbm: 77| 30.8k| size_t max_message_size) { 78| 30.8k| if(m_queue.size() >= 4) { ------------------ | Branch (78:7): [True: 17.8k, False: 12.9k] ------------------ 79| 17.8k| const Handshake_Type type = static_cast(m_queue[0]); 80| | 81| 17.8k| const size_t rec_length = make_uint32(0, m_queue[1], m_queue[2], m_queue[3]); 82| | 83| | // If we are expecting a CCS but the next queued message is not a CCS, 84| | // the peer has skipped the CCS message. This can happen when the peer 85| | // sends an encrypted Finished without the preceding CCS, in which case 86| | // the encrypted bytes are misinterpreted as a handshake message. 87| 17.8k| if(expecting_ccs) { ------------------ | Branch (87:10): [True: 491, False: 17.3k] ------------------ 88| 491| const bool is_ccs = (type == Handshake_Type::HandshakeCCS && rec_length == 0); ------------------ | Branch (88:31): [True: 347, False: 144] | Branch (88:71): [True: 335, False: 12] ------------------ 89| 491| if(!is_ccs) { ------------------ | Branch (89:13): [True: 156, False: 335] ------------------ 90| 156| throw TLS_Exception(Alert::UnexpectedMessage, "Expected ChangeCipherSpec but got a handshake message"); 91| 156| } 92| 17.3k| } else { 93| 17.3k| verify_is_expected_wire_handshake_type(type); 94| | 95| 17.3k| if(max_message_size > 0 && rec_length > max_message_size) { ------------------ | Branch (95:13): [True: 17.3k, False: 10] | Branch (95:37): [True: 24, False: 17.3k] ------------------ 96| 24| throw TLS_Exception( 97| 24| Alert::HandshakeFailure, 98| 24| Botan::fmt("Handshake message is {} bytes, policy maximum is {}", rec_length, max_message_size)); 99| 24| } 100| 17.3k| } 101| | 102| 17.7k| const size_t length = 4 + rec_length; 103| | 104| 17.7k| if(m_queue.size() >= length) { ------------------ | Branch (104:10): [True: 15.2k, False: 2.50k] ------------------ 105| 15.2k| const std::vector contents(m_queue.begin() + 4, m_queue.begin() + length); 106| | 107| 15.2k| m_queue.erase(m_queue.begin(), m_queue.begin() + length); 108| | 109| 15.2k| return std::make_pair(type, contents); 110| 15.2k| } 111| 17.7k| } 112| | 113| 15.4k| return std::make_pair(Handshake_Type::None, std::vector()); 114| 30.8k|} _ZNK5Botan3TLS19Stream_Handshake_IO6formatERKNSt3__16vectorIhNS2_9allocatorIhEEEENS0_14Handshake_TypeE: 116| 33.2k|std::vector Stream_Handshake_IO::format(const std::vector& msg, Handshake_Type type) const { 117| 33.2k| std::vector send_buf(4 + msg.size()); 118| | 119| 33.2k| const size_t buf_size = msg.size(); 120| | 121| 33.2k| send_buf[0] = static_cast(type); 122| | 123| 33.2k| store_be24(&send_buf[1], buf_size); 124| | 125| 33.2k| if(!msg.empty()) { ------------------ | Branch (125:7): [True: 30.0k, False: 3.23k] ------------------ 126| 30.0k| copy_mem(&send_buf[4], msg.data(), msg.size()); 127| 30.0k| } 128| | 129| 33.2k| return send_buf; 130| 33.2k|} _ZN5Botan3TLS19Stream_Handshake_IO4sendERKNS0_17Handshake_MessageE: 136| 18.5k|std::vector Stream_Handshake_IO::send(const Handshake_Message& msg) { 137| 18.5k| const std::vector msg_bits = msg.serialize(); 138| | 139| 18.5k| if(msg.type() == Handshake_Type::HandshakeCCS) { ------------------ | Branch (139:7): [True: 129, False: 18.4k] ------------------ 140| 129| m_send_hs(Record_Type::ChangeCipherSpec, msg_bits); 141| 129| return std::vector(); // not included in handshake hashes 142| 129| } 143| | 144| 18.4k| auto buf = format(msg_bits, msg.wire_type()); 145| 18.4k| m_send_hs(Record_Type::Handshake, buf); 146| 18.4k| return buf; 147| 18.5k|} _ZNK5Botan3TLS21Datagram_Handshake_IO22initial_record_versionEv: 149| 596|Protocol_Version Datagram_Handshake_IO::initial_record_version() const { 150| 596| return Protocol_Version::DTLS_V12; 151| 596|} _ZNK5Botan3TLS21Datagram_Handshake_IO14have_more_dataEv: 179| 8|bool Datagram_Handshake_IO::have_more_data() const { 180| 8| return false; 181| 8|} _ZN5Botan3TLS21Datagram_Handshake_IO10add_recordEPKhmNS0_11Record_TypeEm: 207| 850| uint64_t record_sequence) { 208| 850| const uint16_t epoch = static_cast(record_sequence >> 48); 209| | 210| 850| if(record_type == Record_Type::ChangeCipherSpec) { ------------------ | Branch (210:7): [True: 43, False: 807] ------------------ 211| 43| if(record_len != 1 || record[0] != 1) { ------------------ | Branch (211:10): [True: 10, False: 33] | Branch (211:29): [True: 8, False: 25] ------------------ 212| 18| throw Decoding_Error("Invalid ChangeCipherSpec"); 213| 18| } 214| | 215| | // TODO: check this is otherwise empty 216| 25| m_ccs_epochs.insert(epoch); 217| 25| return; 218| 43| } 219| | 220| 807| const size_t DTLS_HANDSHAKE_HEADER_LEN = 12; 221| | 222| 2.27k| while(record_len > 0) { ------------------ | Branch (222:10): [True: 1.64k, False: 627] ------------------ 223| 1.64k| if(record_len < DTLS_HANDSHAKE_HEADER_LEN) { ------------------ | Branch (223:10): [True: 111, False: 1.53k] ------------------ 224| 111| return; // completely bogus? at least degenerate/weird 225| 111| } 226| | 227| 1.53k| const Handshake_Type msg_type = static_cast(record[0]); 228| | 229| 1.53k| verify_is_expected_wire_handshake_type(msg_type); 230| | 231| 1.53k| const size_t msg_len = load_be24(&record[1]); 232| | 233| 1.53k| if(m_max_handshake_msg_size > 0 && msg_len > m_max_handshake_msg_size) { ------------------ | Branch (233:10): [True: 1.53k, False: 4] | Branch (233:42): [True: 41, False: 1.49k] ------------------ 234| 41| throw TLS_Exception( 235| 41| Alert::HandshakeFailure, 236| 41| Botan::fmt("Handshake message is {} bytes, policy maximum is {}", msg_len, m_max_handshake_msg_size)); 237| 41| } 238| | 239| 1.49k| const uint16_t message_seq = load_be(&record[4], 0); 240| 1.49k| const size_t fragment_offset = load_be24(&record[6]); 241| 1.49k| const size_t fragment_length = load_be24(&record[9]); 242| | 243| 1.49k| const size_t total_size = DTLS_HANDSHAKE_HEADER_LEN + fragment_length; 244| | 245| 1.49k| if(record_len < total_size) { ------------------ | Branch (245:10): [True: 28, False: 1.46k] ------------------ 246| 28| throw Decoding_Error("Bad lengths in DTLS header"); 247| 28| } 248| | 249| | // Bound the out-of-order reassembly window. 250| 1.46k| constexpr uint16_t reassembly_window = 16; 251| | 252| | // Independently cap total bytes committed to in-flight reassembly slots 253| 1.46k| const size_t max_pending = 4 * m_max_handshake_msg_size; 254| | 255| 1.46k| if(message_seq >= m_in_message_seq && (message_seq - m_in_message_seq) < reassembly_window) { ------------------ | Branch (255:10): [True: 1.46k, False: 4] | Branch (255:45): [True: 1.28k, False: 176] ------------------ 256| 1.28k| auto [it, inserted] = m_messages.try_emplace(message_seq); 257| 1.28k| if(inserted) { ------------------ | Branch (257:13): [True: 390, False: 899] ------------------ 258| 390| if(m_max_handshake_msg_size > 0 && m_pending_reassembly_bytes + msg_len > max_pending) { ------------------ | Branch (258:16): [True: 390, False: 0] | Branch (258:48): [True: 0, False: 390] ------------------ 259| 0| m_messages.erase(it); 260| 0| record += total_size; 261| 0| record_len -= total_size; 262| 0| continue; 263| 0| } 264| 390| m_pending_reassembly_bytes += msg_len; 265| 390| } 266| 1.28k| it->second.add_fragment( 267| 1.28k| &record[DTLS_HANDSHAKE_HEADER_LEN], fragment_length, fragment_offset, epoch, msg_type, msg_len); 268| 1.28k| } else { 269| | // TODO: detect retransmitted flight 270| 180| } 271| | 272| 1.46k| record += total_size; 273| 1.46k| record_len -= total_size; 274| 1.46k| } 275| 807|} _ZN5Botan3TLS21Datagram_Handshake_IO15get_next_recordEbm: 278| 659| size_t /*max_message_size*/) { 279| | // Expecting a message means the last flight is concluded 280| 659| if(!m_flights.rbegin()->empty()) { ------------------ | Branch (280:7): [True: 0, False: 659] ------------------ 281| 0| m_flights.push_back(std::vector()); 282| 0| } 283| | 284| 659| if(expecting_ccs) { ------------------ | Branch (284:7): [True: 0, False: 659] ------------------ 285| 0| if(!m_messages.empty()) { ------------------ | Branch (285:10): [True: 0, False: 0] ------------------ 286| 0| const uint16_t current_epoch = m_messages.begin()->second.epoch(); 287| | 288| 0| if(m_ccs_epochs.contains(current_epoch)) { ------------------ | Branch (288:13): [True: 0, False: 0] ------------------ 289| 0| return std::make_pair(Handshake_Type::HandshakeCCS, std::vector()); 290| 0| } 291| 0| } 292| 0| return std::make_pair(Handshake_Type::None, std::vector()); 293| 0| } 294| | 295| 659| auto i = m_messages.find(m_in_message_seq); 296| | 297| 659| if(i == m_messages.end() || !i->second.complete()) { ------------------ | Branch (297:7): [True: 540, False: 119] | Branch (297:7): [True: 603, False: 56] | Branch (297:32): [True: 63, False: 56] ------------------ 298| 603| return std::make_pair(Handshake_Type::None, std::vector()); 299| 603| } 300| | 301| 56| m_in_message_seq += 1; 302| | 303| 56| auto result = i->second.message(); 304| | 305| | // Free the reassembly buffer for this delivered slot and uncommit its 306| | // bytes against the cap. The entry itself stays in m_messages because 307| | // the expecting_ccs branch above uses m_messages.begin()->second.epoch() 308| | // as an epoch-0 sentinel; it only needs the metadata, not the buffers. 309| 56| BOTAN_ASSERT_NOMSG(m_pending_reassembly_bytes >= i->second.msg_length()); ------------------ | | 77| 56| do { \ | | 78| 56| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 56| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 56] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 56| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 56] | | ------------------ ------------------ 310| 56| m_pending_reassembly_bytes -= i->second.msg_length(); 311| 56| i->second.release_buffers(); 312| | 313| 56| return result; 314| 659|} _ZN5Botan3TLS21Datagram_Handshake_IO20Handshake_Reassembly15release_buffersEv: 316| 56|void Datagram_Handshake_IO::Handshake_Reassembly::release_buffers() { 317| 56| m_received_mask.clear(); 318| 56| m_received_mask.shrink_to_fit(); 319| 56| m_message.clear(); 320| 56| m_message.shrink_to_fit(); 321| 56|} _ZN5Botan3TLS21Datagram_Handshake_IO20Handshake_Reassembly12add_fragmentEPKhmmtNS0_14Handshake_TypeEm: 328| 1.28k| size_t msg_length) { 329| 1.28k| if(m_msg_type == Handshake_Type::None) { ------------------ | Branch (329:7): [True: 390, False: 899] ------------------ 330| | // First fragment for this message_seq 331| 390| m_epoch = epoch; 332| 390| m_msg_type = msg_type; 333| 390| m_msg_length = msg_length; 334| 390| m_message.resize(msg_length); 335| 390| m_received_mask.assign(msg_length, 0); 336| 899| } else { 337| 899| if(msg_type != m_msg_type || msg_length != m_msg_length || epoch != m_epoch) { ------------------ | Branch (337:10): [True: 15, False: 884] | Branch (337:36): [True: 28, False: 856] | Branch (337:66): [True: 0, False: 856] ------------------ 338| 43| throw Decoding_Error("Inconsistent values in fragmented DTLS handshake header"); 339| 43| } 340| | 341| 856| if(complete()) { ------------------ | Branch (341:10): [True: 699, False: 157] ------------------ 342| 699| return; // already have entire message, ignore this 343| 699| } 344| 856| } 345| | 346| 547| if(fragment_offset > m_msg_length) { ------------------ | Branch (346:7): [True: 41, False: 506] ------------------ 347| 41| throw Decoding_Error("Fragment offset past end of message"); 348| 41| } 349| | 350| 506| if(fragment_offset + fragment_length > m_msg_length) { ------------------ | Branch (350:7): [True: 6, False: 500] ------------------ 351| 6| throw Decoding_Error("Fragment overlaps past end of message"); 352| 6| } 353| | 354| 500| BOTAN_ASSERT_NOMSG(m_received_mask.size() == m_msg_length); ------------------ | | 77| 500| do { \ | | 78| 500| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 500| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 500] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 500| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 500] | | ------------------ ------------------ 355| | 356| 1.04k| for(size_t i = 0; i != fragment_length; ++i) { ------------------ | Branch (356:22): [True: 557, False: 490] ------------------ 357| 557| const size_t off = fragment_offset + i; 358| 557| if(m_received_mask[off] != 0) { ------------------ | Branch (358:10): [True: 102, False: 455] ------------------ 359| | // RFC 6347 4.2.3 permits overlapping retransmissions, but the 360| | // overlapping bytes must agree. 361| 102| if(m_message[off] != fragment[i]) { ------------------ | Branch (361:13): [True: 10, False: 92] ------------------ 362| 10| throw Decoding_Error("Inconsistent overlapping DTLS handshake fragment"); 363| 10| } 364| 455| } else { 365| 455| m_message[off] = fragment[i]; 366| 455| m_received_mask[off] = 1; 367| 455| ++m_bytes_received; 368| 455| } 369| 557| } 370| 500|} _ZNK5Botan3TLS21Datagram_Handshake_IO20Handshake_Reassembly8completeEv: 372| 1.03k|bool Datagram_Handshake_IO::Handshake_Reassembly::complete() const { 373| 1.03k| return (m_msg_type != Handshake_Type::None && m_bytes_received == m_msg_length); ------------------ | Branch (373:12): [True: 1.03k, False: 0] | Branch (373:50): [True: 811, False: 220] ------------------ 374| 1.03k|} _ZNK5Botan3TLS21Datagram_Handshake_IO20Handshake_Reassembly7messageEv: 376| 56|std::pair> Datagram_Handshake_IO::Handshake_Reassembly::message() const { 377| 56| if(!complete()) { ------------------ | Branch (377:7): [True: 0, False: 56] ------------------ 378| 0| throw Internal_Error("Datagram_Handshake_IO - message not complete"); 379| 0| } 380| | 381| 56| return std::make_pair(m_msg_type, m_message); 382| 56|} _ZNK5Botan3TLS21Datagram_Handshake_IO15format_fragmentEPKhmjjNS0_14Handshake_TypeEt: 389| 8| uint16_t msg_sequence) const { 390| 8| std::vector send_buf(12 + frag_len); 391| | 392| 8| send_buf[0] = static_cast(type); 393| | 394| 8| store_be24(&send_buf[1], msg_len); 395| | 396| 8| store_be(msg_sequence, &send_buf[4]); 397| | 398| 8| store_be24(&send_buf[6], frag_offset); 399| 8| store_be24(&send_buf[9], frag_len); 400| | 401| 8| if(frag_len > 0) { ------------------ | Branch (401:7): [True: 1, False: 7] ------------------ 402| 1| copy_mem(&send_buf[12], fragment, frag_len); 403| 1| } 404| | 405| 8| return send_buf; 406| 8|} _ZNK5Botan3TLS21Datagram_Handshake_IO12format_w_seqERKNSt3__16vectorIhNS2_9allocatorIhEEEENS0_14Handshake_TypeEt: 410| 8| uint16_t msg_sequence) const { 411| 8| return format_fragment(msg.data(), msg.size(), 0, static_cast(msg.size()), type, msg_sequence); 412| 8|} _ZNK5Botan3TLS21Datagram_Handshake_IO6formatERKNSt3__16vectorIhNS2_9allocatorIhEEEENS0_14Handshake_TypeE: 414| 8|std::vector Datagram_Handshake_IO::format(const std::vector& msg, Handshake_Type type) const { 415| 8| BOTAN_ASSERT_NOMSG(m_in_message_seq > 0); ------------------ | | 77| 8| do { \ | | 78| 8| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 8| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 8] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 8| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 8] | | ------------------ ------------------ 416| 8| return format_w_seq(msg, type, m_in_message_seq - 1); 417| 8|} tls_handshake_io.cpp:_ZN5Botan3TLS12_GLOBAL__N_138verify_is_expected_wire_handshake_typeENS0_14Handshake_TypeE: 28| 18.9k|void verify_is_expected_wire_handshake_type(Handshake_Type type) { 29| 18.9k| switch(type) { 30| 1| case Handshake_Type::HelloRetryRequest: ------------------ | Branch (30:7): [True: 1, False: 18.9k] ------------------ 31| 4| case Handshake_Type::HandshakeCCS: ------------------ | Branch (31:7): [True: 3, False: 18.9k] ------------------ 32| 14| case Handshake_Type::None: ------------------ | Branch (32:7): [True: 10, False: 18.9k] ------------------ 33| 14| throw TLS_Exception(Alert::UnexpectedMessage, "Invalid handshake message type"); 34| 18.9k| default: ------------------ | Branch (34:7): [True: 18.9k, False: 14] ------------------ 35| 18.9k| break; 36| 18.9k| } 37| 18.9k|} tls_handshake_io.cpp:_ZN5Botan3TLS12_GLOBAL__N_110store_be24EPhm: 39| 33.3k|void store_be24(uint8_t out[3], size_t val) { 40| 33.3k| out[0] = get_byte<1>(static_cast(val)); 41| 33.3k| out[1] = get_byte<2>(static_cast(val)); 42| 33.3k| out[2] = get_byte<3>(static_cast(val)); 43| 33.3k|} tls_handshake_io.cpp:_ZN5Botan3TLS12_GLOBAL__N_19load_be24EPKh: 23| 4.52k|inline size_t load_be24(const uint8_t q[3]) { 24| 4.52k| return make_uint32(0, q[0], q[1], q[2]); 25| 4.52k|} _ZN5Botan3TLS15Handshake_StateD2Ev: 28| 4.59k|Handshake_State::~Handshake_State() = default; _ZN5Botan3TLS15Handshake_StateC2ENSt3__110unique_ptrINS0_12Handshake_IOENS2_14default_deleteIS4_EEEERNS0_9CallbacksE: 31| 4.59k| m_callbacks(cb), m_handshake_io(std::move(io)), m_version(m_handshake_io->initial_record_version()) {} _ZN5Botan3TLS15Handshake_State12note_messageERKNS0_17Handshake_MessageE: 33| 23.6k|void Handshake_State::note_message(const Handshake_Message& msg) { 34| 23.6k| m_callbacks.tls_inspect_handshake_msg(msg); 35| 23.6k|} _ZN5Botan3TLS15Handshake_State12client_helloENSt3__110unique_ptrINS0_15Client_Hello_12ENS2_14default_deleteIS4_EEEE: 47| 20.8k|void Handshake_State::client_hello(std::unique_ptr client_hello) { 48| | // Legacy behavior (exception to the rule): Allow client_hello to be nullptr to reset state. 49| 20.8k| if(client_hello == nullptr) { ------------------ | Branch (49:7): [True: 8.63k, False: 12.2k] ------------------ 50| 8.63k| m_client_hello.reset(); 51| 8.63k| hash().reset(); 52| 12.2k| } else { 53| 12.2k| m_client_hello = std::move(client_hello); 54| 12.2k| note_message(*m_client_hello); 55| 12.2k| } 56| 20.8k|} _ZN5Botan3TLS15Handshake_State12server_helloENSt3__110unique_ptrINS0_15Server_Hello_12ENS2_14default_deleteIS4_EEEE: 58| 3.22k|void Handshake_State::server_hello(std::unique_ptr server_hello) { 59| 3.22k| BOTAN_ASSERT_NONNULL(server_hello); ------------------ | | 116| 3.22k| do { \ | | 117| 3.22k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 3.22k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 3.22k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 3.22k] | | ------------------ ------------------ 60| 3.22k| m_server_hello = std::move(server_hello); 61| 3.22k| m_ciphersuite = Ciphersuite::by_id(m_server_hello->ciphersuite()); 62| 3.22k| note_message(*m_server_hello); 63| 3.22k|} _ZN5Botan3TLS15Handshake_State12server_certsENSt3__110unique_ptrINS0_14Certificate_12ENS2_14default_deleteIS4_EEEE: 65| 4|void Handshake_State::server_certs(std::unique_ptr server_certs) { 66| 4| BOTAN_ASSERT_NONNULL(server_certs); ------------------ | | 116| 4| do { \ | | 117| 4| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 4] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 4| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 4] | | ------------------ ------------------ 67| 4| m_server_certs = std::move(server_certs); 68| 4| note_message(*m_server_certs); 69| 4|} _ZN5Botan3TLS15Handshake_State10server_kexENSt3__110unique_ptrINS0_19Server_Key_ExchangeENS2_14default_deleteIS4_EEEE: 77| 3.22k|void Handshake_State::server_kex(std::unique_ptr server_kex) { 78| 3.22k| BOTAN_ASSERT_NONNULL(server_kex); ------------------ | | 116| 3.22k| do { \ | | 117| 3.22k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 3.22k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 3.22k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 3.22k] | | ------------------ ------------------ 79| 3.22k| m_server_kex = std::move(server_kex); 80| 3.22k| note_message(*m_server_kex); 81| 3.22k|} _ZN5Botan3TLS15Handshake_State17server_hello_doneENSt3__110unique_ptrINS0_17Server_Hello_DoneENS2_14default_deleteIS4_EEEE: 89| 3.22k|void Handshake_State::server_hello_done(std::unique_ptr server_hello_done) { 90| 3.22k| BOTAN_ASSERT_NONNULL(server_hello_done); ------------------ | | 116| 3.22k| do { \ | | 117| 3.22k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 3.22k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 3.22k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 3.22k] | | ------------------ ------------------ 91| 3.22k| m_server_hello_done = std::move(server_hello_done); 92| 3.22k| note_message(*m_server_hello_done); 93| 3.22k|} _ZN5Botan3TLS15Handshake_State10client_kexENSt3__110unique_ptrINS0_19Client_Key_ExchangeENS2_14default_deleteIS4_EEEE: 101| 1.46k|void Handshake_State::client_kex(std::unique_ptr client_kex) { 102| 1.46k| BOTAN_ASSERT_NONNULL(client_kex); ------------------ | | 116| 1.46k| do { \ | | 117| 1.46k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 1.46k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 1.46k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 1.46k] | | ------------------ ------------------ 103| 1.46k| m_client_kex = std::move(client_kex); 104| 1.46k| note_message(*m_client_kex); 105| 1.46k|} _ZN5Botan3TLS15Handshake_State15server_finishedENSt3__110unique_ptrINS0_11Finished_12ENS2_14default_deleteIS4_EEEE: 125| 129|void Handshake_State::server_finished(std::unique_ptr server_finished) { 126| 129| BOTAN_ASSERT_NONNULL(server_finished); ------------------ | | 116| 129| do { \ | | 117| 129| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 129] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 129| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 129] | | ------------------ ------------------ 127| 129| m_server_finished = std::move(server_finished); 128| 129| note_message(*m_server_finished); 129| 129|} _ZN5Botan3TLS15Handshake_State15client_finishedENSt3__110unique_ptrINS0_11Finished_12ENS2_14default_deleteIS4_EEEE: 131| 129|void Handshake_State::client_finished(std::unique_ptr client_finished) { 132| 129| BOTAN_ASSERT_NONNULL(client_finished); ------------------ | | 116| 129| do { \ | | 117| 129| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 129] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 129| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 129] | | ------------------ ------------------ 133| 129| m_client_finished = std::move(client_finished); 134| 129| note_message(*m_client_finished); 135| 129|} _ZNK5Botan3TLS15Handshake_State11ciphersuiteEv: 137| 16.1k|const Ciphersuite& Handshake_State::ciphersuite() const { 138| 16.1k| if(!m_ciphersuite.has_value()) { ------------------ | Branch (138:7): [True: 0, False: 16.1k] ------------------ 139| 0| throw Invalid_State("Cipher suite is not set"); 140| 0| } 141| 16.1k| return m_ciphersuite.value(); 142| 16.1k|} _ZNK5Botan3TLS15Handshake_State12psk_identityEv: 144| 258|std::optional Handshake_State::psk_identity() const { 145| 258| if(!m_client_kex) { ------------------ | Branch (145:7): [True: 0, False: 258] ------------------ 146| 0| return std::nullopt; 147| 0| } 148| 258| return m_client_kex->psk_identity(); 149| 258|} _ZN5Botan3TLS15Handshake_State11set_versionERKNS0_16Protocol_VersionE: 151| 12.1k|void Handshake_State::set_version(const Protocol_Version& version) { 152| 12.1k| m_version = version; 153| 12.1k|} _ZN5Botan3TLS15Handshake_State20compute_session_keysEv: 155| 1.46k|void Handshake_State::compute_session_keys() { 156| 1.46k| BOTAN_ASSERT_NONNULL(client_kex()); ------------------ | | 116| 1.46k| do { \ | | 117| 1.46k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 1.46k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 1.46k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 1.46k] | | ------------------ ------------------ 157| 1.46k| m_session_keys = Session_Keys(this, client_kex()->pre_master_secret(), false); 158| 1.46k|} _ZN5Botan3TLS15Handshake_State21confirm_transition_toENS0_14Handshake_TypeE: 164| 15.2k|void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) { 165| 15.2k| m_transitions.confirm_transition_to(handshake_msg); 166| 15.2k|} _ZN5Botan3TLS15Handshake_State17set_expected_nextENS0_14Handshake_TypeE: 168| 19.3k|void Handshake_State::set_expected_next(Handshake_Type handshake_msg) { 169| 19.3k| m_transitions.set_expected_next(handshake_msg); 170| 19.3k|} _ZNK5Botan3TLS15Handshake_State22received_handshake_msgENS0_14Handshake_TypeE: 172| 2.38k|bool Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) const { 173| 2.38k| return m_transitions.received_handshake_msg(handshake_msg); 174| 2.38k|} _ZN5Botan3TLS15Handshake_State22get_next_handshake_msgEm: 176| 31.4k|std::pair> Handshake_State::get_next_handshake_msg(size_t max_handshake_msg_size) { 177| 31.4k| return m_handshake_io->get_next_record(m_transitions.change_cipher_spec_expected(), max_handshake_msg_size); 178| 31.4k|} _ZNK5Botan3TLS15Handshake_State21protocol_specific_prfEv: 192| 1.72k|std::unique_ptr Handshake_State::protocol_specific_prf() const { 193| 1.72k| return m_callbacks.tls12_protocol_specific_kdf(ciphersuite().prf_algo()); 194| 1.72k|} _ZN5Botan3TLS23Connection_Cipher_StateD2Ev: 33| 464|Connection_Cipher_State::~Connection_Cipher_State() = default; _ZN5Botan3TLS23Connection_Cipher_StateC2ENS0_16Protocol_VersionENS0_15Connection_SideEbRKNS0_11CiphersuiteERKNS0_12Session_KeysEb: 40| 464| bool uses_encrypt_then_mac) { 41| | // NOLINTBEGIN(*-prefer-member-initializer) 42| 464| m_nonce_format = suite.nonce_format(); 43| 464| m_nonce_bytes_from_record = suite.nonce_bytes_from_record(version); 44| 464| m_nonce_bytes_from_handshake = suite.nonce_bytes_from_handshake(); 45| | 46| 464| const secure_vector& aead_key = keys.aead_key(side); 47| 464| m_nonce = keys.nonce(side); 48| | // NOLINTEND(*-prefer-member-initializer) 49| | 50| 464| BOTAN_ASSERT_NOMSG(m_nonce.size() == m_nonce_bytes_from_handshake); ------------------ | | 77| 464| do { \ | | 78| 464| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 464| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 464] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 464| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 464] | | ------------------ ------------------ 51| | 52| 464| if(nonce_format() == Nonce_Format::CBC_MODE) { ------------------ | Branch (52:7): [True: 254, False: 210] ------------------ 53| 254|#if defined(BOTAN_HAS_TLS_CBC) 54| | // legacy CBC+HMAC mode 55| 254| auto mac = MessageAuthenticationCode::create_or_throw(fmt("HMAC({})", suite.mac_algo())); 56| 254| auto cipher = BlockCipher::create_or_throw(suite.cipher_algo()); 57| | 58| 254| if(our_side) { ------------------ | Branch (58:10): [True: 82, False: 172] ------------------ 59| 82| m_aead = std::make_unique(std::move(cipher), 60| 82| std::move(mac), 61| 82| suite.cipher_keylen(), 62| 82| suite.mac_keylen(), 63| 82| version, 64| 82| uses_encrypt_then_mac); 65| 172| } else { 66| 172| m_aead = std::make_unique(std::move(cipher), 67| 172| std::move(mac), 68| 172| suite.cipher_keylen(), 69| 172| suite.mac_keylen(), 70| 172| version, 71| 172| uses_encrypt_then_mac); 72| 172| } 73| | 74| |#else 75| | BOTAN_UNUSED(uses_encrypt_then_mac); 76| | throw Internal_Error("Negotiated disabled TLS CBC+HMAC ciphersuite"); 77| |#endif 78| 254| } else if(nonce_format() == Nonce_Format::NULL_CIPHER) { ------------------ | Branch (78:14): [True: 0, False: 210] ------------------ 79| |#if defined(BOTAN_HAS_TLS_NULL) 80| | auto mac = MessageAuthenticationCode::create_or_throw(fmt("HMAC({})", suite.mac_algo())); 81| | 82| | if(our_side) { 83| | m_aead = std::make_unique(std::move(mac), suite.mac_keylen()); 84| | } else { 85| | m_aead = std::make_unique(std::move(mac), suite.mac_keylen()); 86| | } 87| |#else 88| 0| throw Internal_Error("Negotiated disabled TLS NULL ciphersuite"); 89| 0|#endif 90| 210| } else { 91| 210| m_aead = 92| 210| AEAD_Mode::create_or_throw(suite.cipher_algo(), our_side ? Cipher_Dir::Encryption : Cipher_Dir::Decryption); ------------------ | Branch (92:58): [True: 47, False: 163] ------------------ 93| 210| } 94| | 95| 464| m_aead->set_key(aead_key); 96| 464|} _ZN5Botan3TLS23Connection_Cipher_State10aead_nonceEmRNS_21RandomNumberGeneratorE: 98| 233|std::vector Connection_Cipher_State::aead_nonce(uint64_t seq, RandomNumberGenerator& rng) { 99| 233| switch(m_nonce_format) { ------------------ | Branch (99:11): [True: 233, False: 0] ------------------ 100| 0| case Nonce_Format::NULL_CIPHER: { ------------------ | Branch (100:7): [True: 0, False: 233] ------------------ 101| 0| return std::vector{}; 102| 0| } 103| 147| case Nonce_Format::CBC_MODE: { ------------------ | Branch (103:7): [True: 147, False: 86] ------------------ 104| 147| std::vector nonce(nonce_bytes_from_record()); 105| 147| rng.randomize(nonce.data(), nonce.size()); 106| 147| return nonce; 107| 0| } 108| 42| case Nonce_Format::AEAD_XOR_12: { ------------------ | Branch (108:7): [True: 42, False: 191] ------------------ 109| 42| BOTAN_ASSERT_NOMSG(m_nonce.size() == 12); ------------------ | | 77| 42| do { \ | | 78| 42| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 42| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 42] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 42| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 42] | | ------------------ ------------------ 110| 42| std::vector nonce(12); 111| 42| store_be(seq, nonce.data() + 4); 112| 42| xor_buf(nonce, m_nonce.data(), m_nonce.size()); 113| 42| return nonce; 114| 0| } 115| 44| case Nonce_Format::AEAD_IMPLICIT_4: { ------------------ | Branch (115:7): [True: 44, False: 189] ------------------ 116| 44| BOTAN_ASSERT_NOMSG(m_nonce.size() == 4); ------------------ | | 77| 44| do { \ | | 78| 44| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 44| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 44] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 44| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 44] | | ------------------ ------------------ 117| 44| std::vector nonce(12); 118| 44| copy_mem(&nonce[0], m_nonce.data(), 4); // NOLINT(*container-data-pointer) 119| 44| store_be(seq, &nonce[nonce_bytes_from_handshake()]); 120| 44| return nonce; 121| 0| } 122| 233| } 123| | 124| 0| throw Invalid_State("Unknown nonce format specified"); 125| 233|} _ZN5Botan3TLS23Connection_Cipher_State10aead_nonceEPKhmm: 127| 248|std::vector Connection_Cipher_State::aead_nonce(const uint8_t record[], size_t record_len, uint64_t seq) { 128| 248| switch(m_nonce_format) { ------------------ | Branch (128:11): [True: 248, False: 0] ------------------ 129| 0| case Nonce_Format::NULL_CIPHER: { ------------------ | Branch (129:7): [True: 0, False: 248] ------------------ 130| 0| return std::vector{}; 131| 0| } 132| 116| case Nonce_Format::CBC_MODE: { ------------------ | Branch (132:7): [True: 116, False: 132] ------------------ 133| 116| if(record_len < nonce_bytes_from_record()) { ------------------ | Branch (133:13): [True: 1, False: 115] ------------------ 134| 1| throw Decoding_Error("Invalid CBC packet too short to be valid"); 135| 1| } 136| 115| std::vector nonce(record, record + nonce_bytes_from_record()); 137| 115| return nonce; 138| 116| } 139| 45| case Nonce_Format::AEAD_XOR_12: { ------------------ | Branch (139:7): [True: 45, False: 203] ------------------ 140| 45| BOTAN_ASSERT_NOMSG(m_nonce.size() == 12); ------------------ | | 77| 45| do { \ | | 78| 45| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 45| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 45] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 45| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 45] | | ------------------ ------------------ 141| 45| std::vector nonce(12); 142| 45| store_be(seq, nonce.data() + 4); 143| 45| xor_buf(nonce, m_nonce.data(), m_nonce.size()); 144| 45| return nonce; 145| 116| } 146| 87| case Nonce_Format::AEAD_IMPLICIT_4: { ------------------ | Branch (146:7): [True: 87, False: 161] ------------------ 147| 87| BOTAN_ASSERT_NOMSG(m_nonce.size() == 4); ------------------ | | 77| 87| do { \ | | 78| 87| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 87| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 87] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 87| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 87] | | ------------------ ------------------ 148| 87| if(record_len < nonce_bytes_from_record()) { ------------------ | Branch (148:13): [True: 1, False: 86] ------------------ 149| 1| throw Decoding_Error("Invalid AEAD packet too short to be valid"); 150| 1| } 151| 86| std::vector nonce(12); 152| 86| copy_mem(&nonce[0], m_nonce.data(), 4); // NOLINT(*container-data-pointer) 153| 86| copy_mem(&nonce[nonce_bytes_from_handshake()], record, nonce_bytes_from_record()); 154| 86| return nonce; 155| 87| } 156| 248| } 157| | 158| 0| throw Invalid_State("Unknown nonce format specified"); 159| 248|} _ZN5Botan3TLS23Connection_Cipher_State9format_adEmNS0_11Record_TypeENS0_16Protocol_VersionEt: 164| 477| uint16_t msg_length) { 165| 477| std::vector ad(13); 166| | 167| 477| store_be(msg_sequence, &ad[0]); // NOLINT(*container-data-pointer) 168| 477| ad[8] = static_cast(msg_type); 169| 477| ad[9] = version.major_version(); 170| 477| ad[10] = version.minor_version(); 171| 477| ad[11] = get_byte<0>(msg_length); 172| 477| ad[12] = get_byte<1>(msg_length); 173| | 174| 477| return ad; 175| 477|} _ZN5Botan3TLS24write_unencrypted_recordERNSt3__16vectorIhNS_16secure_allocatorIhEEEENS0_11Record_TypeENS0_16Protocol_VersionEmPKhm: 210| 20.9k| size_t message_len) { 211| 20.9k| if(record_type == Record_Type::ApplicationData) { ------------------ | Branch (211:7): [True: 0, False: 20.9k] ------------------ 212| 0| throw Internal_Error("Writing an unencrypted TLS application data record"); 213| 0| } 214| 20.9k| write_record_header(output, record_type, version, record_sequence); 215| 20.9k| append_u16_len(output, message_len); 216| 20.9k| output.insert(output.end(), message, message + message_len); 217| 20.9k|} _ZN5Botan3TLS12write_recordERNSt3__16vectorIhNS_16secure_allocatorIhEEEENS0_11Record_TypeENS0_16Protocol_VersionEmPKhmRNS0_23Connection_Cipher_StateERNS_21RandomNumberGeneratorE: 226| 233| RandomNumberGenerator& rng) { 227| 233| write_record_header(output, record_type, version, record_sequence); 228| | 229| 233| AEAD_Mode& aead = cs.aead(); 230| 233| std::vector aad = cs.format_ad(record_sequence, record_type, version, static_cast(message_len)); 231| | 232| 233| const size_t ctext_size = aead.output_length(message_len); 233| | 234| 233| const size_t rec_size = ctext_size + cs.nonce_bytes_from_record(); 235| | 236| 233| aead.set_associated_data(aad); 237| | 238| 233| const std::vector nonce = cs.aead_nonce(record_sequence, rng); 239| | 240| 233| append_u16_len(output, rec_size); 241| | 242| 233| if(cs.nonce_bytes_from_record() > 0) { ------------------ | Branch (242:7): [True: 191, False: 42] ------------------ 243| 191| if(cs.nonce_format() == Nonce_Format::CBC_MODE) { ------------------ | Branch (243:10): [True: 147, False: 44] ------------------ 244| 147| output += nonce; 245| 147| } else { 246| 44| output += std::make_pair(&nonce[cs.nonce_bytes_from_handshake()], cs.nonce_bytes_from_record()); 247| 44| } 248| 191| } 249| | 250| 233| const size_t header_size = output.size(); 251| 233| output += std::make_pair(message, message_len); 252| | 253| 233| aead.start(nonce); 254| 233| aead.finish(output, header_size); 255| | 256| 233| BOTAN_ASSERT(output.size() < MAX_CIPHERTEXT_SIZE, "Produced ciphertext larger than protocol allows"); ------------------ | | 64| 233| do { \ | | 65| 233| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 233| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 233] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 233| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 233] | | ------------------ ------------------ 257| 233|} _ZN5Botan3TLS11read_recordEbRNSt3__16vectorIhNS_16secure_allocatorIhEEEEPKhmRmS6_PNS0_27Connection_Sequence_NumbersERKNS1_8functionIFNS1_10shared_ptrINS0_23Connection_Cipher_StateEEEtEEEb: 514| 21.2k| bool allow_epoch0_restart) { 515| 21.2k| if(is_datagram) { ------------------ | Branch (515:7): [True: 2.14k, False: 19.0k] ------------------ 516| 2.14k| return read_dtls_record( 517| 2.14k| readbuf, input, input_len, consumed, recbuf, sequence_numbers, get_cipherstate, allow_epoch0_restart); 518| 19.0k| } else { 519| 19.0k| return read_tls_record(readbuf, input, input_len, consumed, recbuf, sequence_numbers, get_cipherstate); 520| 19.0k| } 521| 21.2k|} tls_record.cpp:_ZN5Botan3TLS12_GLOBAL__N_119write_record_headerERNSt3__16vectorIhNS_16secure_allocatorIhEEEENS0_11Record_TypeENS0_16Protocol_VersionEm: 189| 21.2k| uint64_t record_sequence) { 190| 21.2k| output.clear(); 191| | 192| 21.2k| output.push_back(static_cast(record_type)); 193| 21.2k| output.push_back(version.major_version()); 194| 21.2k| output.push_back(version.minor_version()); 195| | 196| 21.2k| if(version.is_datagram_protocol()) { ------------------ | Branch (196:7): [True: 9.14k, False: 12.0k] ------------------ 197| 82.2k| for(size_t i = 0; i != 8; ++i) { ------------------ | Branch (197:25): [True: 73.1k, False: 9.14k] ------------------ 198| 73.1k| output.push_back(get_byte_var(i, record_sequence)); 199| 73.1k| } 200| 9.14k| } 201| 21.2k|} tls_record.cpp:_ZN5Botan3TLS12_GLOBAL__N_114append_u16_lenERNSt3__16vectorIhNS_16secure_allocatorIhEEEEm: 179| 21.2k|inline void append_u16_len(secure_vector& output, size_t len_field) { 180| 21.2k| const uint16_t len16 = static_cast(len_field); 181| 21.2k| BOTAN_ASSERT_EQUAL(len_field, len16, "No truncation"); ------------------ | | 90| 21.2k| do { \ | | 91| 21.2k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 92| 21.2k| if((expr1) != (expr2)) { \ | | ------------------ | | | Branch (92:10): [True: 0, False: 21.2k] | | ------------------ | | 93| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 94| 0| Botan::assertion_failure(#expr1 " == " #expr2, assertion_made, __func__, __FILE__, __LINE__); \ | | 95| 0| } \ | | 96| 21.2k| } while(0) | | ------------------ | | | Branch (96:12): [Folded, False: 21.2k] | | ------------------ ------------------ 182| 21.2k| output.push_back(get_byte<0>(len16)); 183| 21.2k| output.push_back(get_byte<1>(len16)); 184| 21.2k|} tls_record.cpp:_ZN5Botan3TLS12_GLOBAL__N_116read_dtls_recordERNSt3__16vectorIhNS_16secure_allocatorIhEEEEPKhmRmS7_PNS0_27Connection_Sequence_NumbersERKNS2_8functionIFNS2_10shared_ptrINS0_23Connection_Cipher_StateEEEtEEEb: 428| 2.14k| bool allow_epoch0_restart) { 429| 2.14k| if(readbuf.size() < DTLS_HEADER_SIZE) { ------------------ | Branch (429:7): [True: 2.14k, False: 0] ------------------ 430| | // header incomplete 431| 2.14k| if(fill_buffer_to(readbuf, input, input_len, consumed, DTLS_HEADER_SIZE) != 0) { ------------------ | Branch (431:10): [True: 34, False: 2.10k] ------------------ 432| 34| readbuf.clear(); 433| 34| return Record_Header(0); 434| 34| } 435| | 436| 2.10k| BOTAN_ASSERT_EQUAL(readbuf.size(), DTLS_HEADER_SIZE, "Have an entire header"); ------------------ | | 90| 2.10k| do { \ | | 91| 2.10k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 92| 2.10k| if((expr1) != (expr2)) { \ | | ------------------ | | | Branch (92:10): [True: 0, False: 2.10k] | | ------------------ | | 93| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 94| 0| Botan::assertion_failure(#expr1 " == " #expr2, assertion_made, __func__, __FILE__, __LINE__); \ | | 95| 0| } \ | | 96| 2.10k| } while(0) | | ------------------ | | | Branch (96:12): [Folded, False: 2.10k] | | ------------------ ------------------ 437| 2.10k| } 438| | 439| 2.10k| const Protocol_Version version(readbuf[1], readbuf[2]); 440| | 441| 2.10k| if(version.is_datagram_protocol() == false) { ------------------ | Branch (441:7): [True: 21, False: 2.08k] ------------------ 442| 21| readbuf.clear(); 443| 21| return Record_Header(0); 444| 21| } 445| | 446| 2.08k| const size_t record_size = make_uint16(readbuf[DTLS_HEADER_SIZE - 2], readbuf[DTLS_HEADER_SIZE - 1]); 447| | 448| 2.08k| if(record_size > MAX_CIPHERTEXT_SIZE) { ------------------ | Branch (448:7): [True: 6, False: 2.07k] ------------------ 449| | // Too large to be valid, ignore it 450| 6| readbuf.clear(); 451| 6| return Record_Header(0); 452| 6| } 453| | 454| 2.07k| if(fill_buffer_to(readbuf, input, input_len, consumed, DTLS_HEADER_SIZE + record_size) != 0) { ------------------ | Branch (454:7): [True: 41, False: 2.03k] ------------------ 455| | // Truncated packet? 456| 41| readbuf.clear(); 457| 41| return Record_Header(0); 458| 41| } 459| | 460| 2.03k| BOTAN_ASSERT_EQUAL(static_cast(DTLS_HEADER_SIZE) + record_size, readbuf.size(), "Have the full record"); ------------------ | | 90| 2.03k| do { \ | | 91| 2.03k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 92| 2.03k| if((expr1) != (expr2)) { \ | | ------------------ | | | Branch (92:10): [True: 0, False: 2.03k] | | ------------------ | | 93| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 94| 0| Botan::assertion_failure(#expr1 " == " #expr2, assertion_made, __func__, __FILE__, __LINE__); \ | | 95| 0| } \ | | 96| 2.03k| } while(0) | | ------------------ | | | Branch (96:12): [Folded, False: 2.03k] | | ------------------ ------------------ 461| | 462| 2.03k| const Record_Type type = static_cast(readbuf[0]); 463| | 464| 2.03k| const uint64_t sequence = load_be(&readbuf[3], 0); 465| 2.03k| const uint16_t epoch = (sequence >> 48); 466| | 467| 2.03k| const bool already_seen = sequence_numbers != nullptr && sequence_numbers->already_seen(sequence); ------------------ | Branch (467:30): [True: 406, False: 1.63k] | Branch (467:61): [True: 74, False: 332] ------------------ 468| | 469| 2.03k| if(already_seen && !(epoch == 0 && allow_epoch0_restart)) { ------------------ | Branch (469:7): [True: 74, False: 1.96k] | Branch (469:25): [True: 74, False: 0] | Branch (469:39): [True: 0, False: 74] ------------------ 470| 74| readbuf.clear(); 471| 74| return Record_Header(0); 472| 74| } 473| | 474| 1.96k| if(epoch == 0) { ------------------ | Branch (474:7): [True: 1.90k, False: 60] ------------------ 475| | // Unencrypted initial handshake 476| 1.90k| recbuf.assign(readbuf.begin() + DTLS_HEADER_SIZE, readbuf.begin() + DTLS_HEADER_SIZE + record_size); 477| 1.90k| readbuf.clear(); 478| 1.90k| if(sequence_numbers != nullptr) { ------------------ | Branch (478:10): [True: 305, False: 1.59k] ------------------ 479| 305| sequence_numbers->read_accept(sequence); 480| 305| } 481| 1.90k| return Record_Header(sequence, version, type); 482| 1.90k| } 483| | 484| 60| try { 485| | // Otherwise, decrypt, check MAC, return plaintext 486| 60| auto cs = get_cipherstate(epoch); 487| | 488| 60| BOTAN_ASSERT(cs, "Have cipherstate for this epoch"); ------------------ | | 64| 60| do { \ | | 65| 60| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 60| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 60] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 60| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 60] | | ------------------ ------------------ 489| | 490| 60| decrypt_record(recbuf, &readbuf[DTLS_HEADER_SIZE], record_size, sequence, version, type, *cs); 491| 60| } catch(std::exception&) { 492| 60| readbuf.clear(); 493| 60| return Record_Header(0); 494| 60| } 495| | 496| 0| if(sequence_numbers != nullptr) { ------------------ | Branch (496:7): [True: 0, False: 0] ------------------ 497| 0| sequence_numbers->read_accept(sequence); 498| 0| } 499| | 500| 0| readbuf.clear(); 501| 0| return Record_Header(sequence, version, type); 502| 60|} tls_record.cpp:_ZN5Botan3TLS12_GLOBAL__N_114fill_buffer_toERNSt3__16vectorIhNS_16secure_allocatorIhEEEERPKhRmSB_m: 262| 41.4k| secure_vector& readbuf, const uint8_t*& input, size_t& input_size, size_t& input_consumed, size_t desired) { 263| 41.4k| if(readbuf.size() >= desired) { ------------------ | Branch (263:7): [True: 673, False: 40.7k] ------------------ 264| 673| return 0; // already have it 265| 673| } 266| | 267| 40.7k| const size_t taken = std::min(input_size, desired - readbuf.size()); 268| | 269| 40.7k| readbuf.insert(readbuf.end(), input, input + taken); 270| 40.7k| input_consumed += taken; 271| 40.7k| input_size -= taken; 272| 40.7k| input += taken; 273| | 274| 40.7k| return (desired - readbuf.size()); // how many bytes do we still need? 275| 41.4k|} tls_record.cpp:_ZN5Botan3TLS12_GLOBAL__N_114decrypt_recordERNSt3__16vectorIhNS_16secure_allocatorIhEEEEPhmmNS0_16Protocol_VersionENS0_11Record_TypeERNS0_23Connection_Cipher_StateE: 283| 248| Connection_Cipher_State& cs) { 284| 248| AEAD_Mode& aead = cs.aead(); 285| | 286| 248| const std::vector nonce = cs.aead_nonce(record_contents, record_len, record_sequence); 287| 248| const uint8_t* msg = &record_contents[cs.nonce_bytes_from_record()]; 288| 248| const size_t msg_length = record_len - cs.nonce_bytes_from_record(); 289| | 290| | /* 291| | * This early rejection is based just on public information (length of the 292| | * encrypted packet) and so does not leak any information. We used to use 293| | * decode_error here which really is more appropriate, but that confuses some 294| | * tools which are attempting automated detection of padding oracles, 295| | * including older versions of TLS-Attacker. 296| | */ 297| 248| if(msg_length < aead.minimum_final_size()) { ------------------ | Branch (297:7): [True: 2, False: 246] ------------------ 298| 2| throw TLS_Exception(Alert::BadRecordMac, "AEAD packet is shorter than the tag"); 299| 2| } 300| | 301| 246| const size_t ptext_size = aead.output_length(msg_length); 302| | 303| 246| aead.set_associated_data( 304| 246| cs.format_ad(record_sequence, record_type, record_version, static_cast(ptext_size))); 305| | 306| 246| aead.start(nonce); 307| | 308| 246| output.assign(msg, msg + msg_length); 309| 246| aead.finish(output, 0); 310| 246|} tls_record.cpp:_ZN5Botan3TLS12_GLOBAL__N_115read_tls_recordERNSt3__16vectorIhNS_16secure_allocatorIhEEEEPKhmRmS7_PNS0_27Connection_Sequence_NumbersERKNS2_8functionIFNS2_10shared_ptrINS0_23Connection_Cipher_StateEEEtEEE: 318| 19.0k| const get_cipherstate_fn& get_cipherstate) { 319| 19.0k| if(readbuf.size() < TLS_HEADER_SIZE) { ------------------ | Branch (319:7): [True: 19.0k, False: 0] ------------------ 320| | // header incomplete 321| 19.0k| if(const size_t needed = fill_buffer_to(readbuf, input, input_len, consumed, TLS_HEADER_SIZE)) { ------------------ | Branch (321:23): [True: 477, False: 18.5k] ------------------ 322| 477| return Record_Header(needed); 323| 477| } 324| | 325| 18.5k| BOTAN_ASSERT_EQUAL(readbuf.size(), TLS_HEADER_SIZE, "Have an entire header"); ------------------ | | 90| 18.5k| do { \ | | 91| 18.5k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 92| 18.5k| if((expr1) != (expr2)) { \ | | ------------------ | | | Branch (92:10): [True: 0, False: 18.5k] | | ------------------ | | 93| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 94| 0| Botan::assertion_failure(#expr1 " == " #expr2, assertion_made, __func__, __FILE__, __LINE__); \ | | 95| 0| } \ | | 96| 18.5k| } while(0) | | ------------------ | | | Branch (96:12): [Folded, False: 18.5k] | | ------------------ ------------------ 326| 18.5k| } 327| | 328| | /* 329| | Verify that the record type and record version are within some expected 330| | range, so we can quickly reject totally invalid packets. 331| | 332| | Unfortunately we cannot be more strict about the record number than just 333| | checking the major version, at least at this level, due to this requirement 334| | in RFC 7568 335| | 336| | TLS servers MUST accept any value {03,XX} (including {03,00}) as 337| | the record layer version number for ClientHello 338| | */ 339| 18.5k| const bool bad_record_type = readbuf[0] < 20 || readbuf[0] > 23; ------------------ | Branch (339:33): [True: 213, False: 18.3k] | Branch (339:52): [True: 227, False: 18.1k] ------------------ 340| 18.5k| const bool bad_record_version = readbuf[1] != 3; 341| | 342| 18.5k| if(bad_record_type || bad_record_version) { ------------------ | Branch (342:7): [True: 440, False: 18.1k] | Branch (342:26): [True: 24, False: 18.1k] ------------------ 343| | // We know we read up to at least the 5 byte TLS header 344| 464| const std::string first5 = std::string(reinterpret_cast(readbuf.data()), 5); 345| | 346| 464| if(first5 == "GET /" || first5 == "PUT /" || first5 == "POST " || first5 == "HEAD ") { ------------------ | Branch (346:10): [True: 2, False: 462] | Branch (346:31): [True: 1, False: 461] | Branch (346:52): [True: 2, False: 459] | Branch (346:73): [True: 2, False: 457] ------------------ 347| 7| throw TLS_Exception(Alert::ProtocolVersion, "Client sent plaintext HTTP request instead of TLS handshake"); 348| 7| } 349| | 350| 457| if(first5 == "CONNE") { ------------------ | Branch (350:10): [True: 3, False: 454] ------------------ 351| 3| throw TLS_Exception(Alert::ProtocolVersion, 352| 3| "Client sent plaintext HTTP proxy CONNECT request instead of TLS handshake"); 353| 3| } 354| | 355| 454| if(bad_record_type) { ------------------ | Branch (355:10): [True: 430, False: 24] ------------------ 356| | // RFC 5246 Section 6. 357| | // If a TLS implementation receives an unexpected record type, it MUST 358| | // send an unexpected_message alert. 359| 430| throw TLS_Exception(Alert::UnexpectedMessage, "TLS record type had unexpected value"); 360| 430| } 361| 24| throw TLS_Exception(Alert::ProtocolVersion, "TLS record version had unexpected value"); 362| 454| } 363| | 364| 18.1k| const Protocol_Version version(readbuf[1], readbuf[2]); 365| | 366| 18.1k| if(version.is_datagram_protocol()) { ------------------ | Branch (366:7): [True: 0, False: 18.1k] ------------------ 367| 0| throw TLS_Exception(Alert::ProtocolVersion, "Expected TLS but got a record with DTLS version"); 368| 0| } 369| | 370| 18.1k| const size_t record_size = make_uint16(readbuf[TLS_HEADER_SIZE - 2], readbuf[TLS_HEADER_SIZE - 1]); 371| | 372| 18.1k| if(record_size > MAX_CIPHERTEXT_SIZE) { ------------------ | Branch (372:7): [True: 13, False: 18.1k] ------------------ 373| 13| throw TLS_Exception(Alert::RecordOverflow, "Received a record that exceeds maximum size"); 374| 13| } 375| | 376| 18.1k| if(record_size == 0) { ------------------ | Branch (376:7): [True: 8, False: 18.1k] ------------------ 377| 8| throw TLS_Exception(Alert::DecodeError, "Received a completely empty record"); 378| 8| } 379| | 380| 18.1k| if(const size_t needed = fill_buffer_to(readbuf, input, input_len, consumed, TLS_HEADER_SIZE + record_size)) { ------------------ | Branch (380:20): [True: 217, False: 17.8k] ------------------ 381| 217| return Record_Header(needed); 382| 217| } 383| | 384| 17.8k| BOTAN_ASSERT_EQUAL(static_cast(TLS_HEADER_SIZE) + record_size, readbuf.size(), "Have the full record"); ------------------ | | 90| 17.8k| do { \ | | 91| 17.8k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 92| 17.8k| if((expr1) != (expr2)) { \ | | ------------------ | | | Branch (92:10): [True: 0, False: 17.8k] | | ------------------ | | 93| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 94| 0| Botan::assertion_failure(#expr1 " == " #expr2, assertion_made, __func__, __FILE__, __LINE__); \ | | 95| 0| } \ | | 96| 17.8k| } while(0) | | ------------------ | | | Branch (96:12): [Folded, False: 17.8k] | | ------------------ ------------------ 385| | 386| 17.8k| const Record_Type type = static_cast(readbuf[0]); 387| | 388| 17.8k| uint16_t epoch = 0; 389| | 390| 17.8k| uint64_t sequence = 0; 391| 17.8k| if(sequence_numbers != nullptr) { ------------------ | Branch (391:7): [True: 13.5k, False: 4.34k] ------------------ 392| 13.5k| sequence = sequence_numbers->next_read_sequence(); 393| 13.5k| epoch = sequence_numbers->current_read_epoch(); 394| 13.5k| } else { 395| | // server initial handshake case 396| 4.34k| epoch = 0; 397| 4.34k| } 398| | 399| 17.8k| if(epoch == 0) { ------------------ | Branch (399:7): [True: 17.6k, False: 248] ------------------ 400| | // Unencrypted initial handshake 401| 17.6k| recbuf.assign(readbuf.begin() + TLS_HEADER_SIZE, readbuf.begin() + TLS_HEADER_SIZE + record_size); 402| 17.6k| readbuf.clear(); 403| 17.6k| return Record_Header(sequence, version, type); 404| 17.6k| } 405| | 406| | // Otherwise, decrypt, check MAC, return plaintext 407| 248| auto cs = get_cipherstate(epoch); 408| | 409| 248| BOTAN_ASSERT(cs, "Have cipherstate for this epoch"); ------------------ | | 64| 248| do { \ | | 65| 248| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 248| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 248] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 248| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 248] | | ------------------ ------------------ 410| | 411| 248| decrypt_record(recbuf, &readbuf[TLS_HEADER_SIZE], record_size, sequence, version, type, *cs); 412| | 413| 248| if(sequence_numbers != nullptr) { ------------------ | Branch (413:7): [True: 0, False: 248] ------------------ 414| 0| sequence_numbers->read_accept(sequence); 415| 0| } 416| | 417| 248| readbuf.clear(); 418| 248| return Record_Header(sequence, version, type); 419| 17.8k|} _ZN5Botan3TLS14Server_Impl_12C2ERKNSt3__110shared_ptrINS0_9CallbacksEEERKNS3_INS0_15Session_ManagerEEERKNS3_INS_19Credentials_ManagerEEERKNS3_IKNS0_6PolicyEEERKNS3_INS_21RandomNumberGeneratorEEEbm: 271| 793| Channel_Impl_12(callbacks, session_manager, rng, policy, true, is_datagram, io_buf_sz), m_creds(creds) { 272| 793| BOTAN_ASSERT_NONNULL(m_creds); ------------------ | | 116| 793| do { \ | | 117| 793| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 793] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 793| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 793] | | ------------------ ------------------ 273| 793|} _ZN5Botan3TLS14Server_Impl_12C2ERKNS0_12Channel_Impl21Downgrade_InformationE: 276| 3.99k| Channel_Impl_12(downgrade_info.callbacks, 277| 3.99k| downgrade_info.session_manager, 278| 3.99k| downgrade_info.rng, 279| 3.99k| downgrade_info.policy, 280| 3.99k| true /* is_server*/, 281| 3.99k| false /* TLS 1.3 does not support DTLS yet */, 282| 3.99k| downgrade_info.io_buffer_size), 283| 3.99k| m_creds(downgrade_info.creds) {} _ZN5Botan3TLS14Server_Impl_1219new_handshake_stateENSt3__110unique_ptrINS0_12Handshake_IOENS2_14default_deleteIS4_EEEE: 285| 4.59k|std::unique_ptr Server_Impl_12::new_handshake_state(std::unique_ptr io) { 286| 4.59k| auto state = std::make_unique(std::move(io), callbacks()); 287| 4.59k| state->set_expected_next(Handshake_Type::ClientHello); 288| 4.59k| return state; 289| 4.59k|} _ZN5Botan3TLS14Server_Impl_1224process_client_hello_msgERNS0_22Server_Handshake_StateERKNSt3__16vectorIhNS4_9allocatorIhEEEEb: 360| 12.3k| bool epoch0_restart) { 361| 12.3k| BOTAN_ASSERT_IMPLICATION(epoch0_restart, active_state().has_value(), "Can't restart with a dead connection"); ------------------ | | 103| 12.3k| do { \ | | 104| 12.3k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 105| 12.3k| if((expr1) && !(expr2)) { \ | | ------------------ | | | Branch (105:10): [True: 0, False: 12.3k] | | | Branch (105:21): [True: 0, False: 0] | | ------------------ | | 106| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 107| 0| Botan::assertion_failure(#expr1 " implies " #expr2, msg, __func__, __FILE__, __LINE__); \ | | 108| 0| } \ | | 109| 12.3k| } while(0) | | ------------------ | | | Branch (109:12): [Folded, False: 12.3k] | | ------------------ ------------------ 362| | 363| 12.3k| const bool initial_handshake = epoch0_restart || !active_state().has_value(); ------------------ | Branch (363:35): [True: 0, False: 12.3k] | Branch (363:53): [True: 12.3k, False: 0] ------------------ 364| | 365| 12.3k| if(initial_handshake == false && policy().allow_client_initiated_renegotiation() == false) { ------------------ | Branch (365:7): [True: 0, False: 12.3k] | Branch (365:37): [True: 0, False: 0] ------------------ 366| 0| if(policy().abort_connection_on_undesired_renegotiation()) { ------------------ | Branch (366:10): [True: 0, False: 0] ------------------ 367| 0| throw TLS_Exception(Alert::NoRenegotiation, "Server policy prohibits renegotiation"); 368| 0| } else { 369| 0| send_warning_alert(Alert::NoRenegotiation); 370| 0| } 371| 0| return; 372| 0| } 373| | 374| 12.3k| if(!policy().allow_insecure_renegotiation() && !(initial_handshake || secure_renegotiation_supported())) { ------------------ | Branch (374:7): [True: 12.3k, False: 0] | Branch (374:53): [True: 12.3k, False: 0] | Branch (374:74): [True: 0, False: 0] ------------------ 375| 0| send_warning_alert(Alert::NoRenegotiation); 376| 0| return; 377| 0| } 378| | 379| 12.3k| if(pending_state.handshake_io().have_more_data()) { ------------------ | Branch (379:7): [True: 17, False: 12.3k] ------------------ 380| 17| throw TLS_Exception(Alert::UnexpectedMessage, "Have data remaining in buffer after ClientHello"); 381| 17| } 382| | 383| 12.3k| pending_state.client_hello(std::make_unique(contents)); 384| 12.3k| const Protocol_Version client_offer = pending_state.client_hello()->legacy_version(); 385| 12.3k| const bool datagram = client_offer.is_datagram_protocol(); 386| | 387| 12.3k| if(datagram) { ------------------ | Branch (387:7): [True: 8.68k, False: 3.63k] ------------------ 388| 8.68k| if(client_offer.major_version() == 0xFF) { ------------------ | Branch (388:10): [True: 3, False: 8.68k] ------------------ 389| 3| throw TLS_Exception(Alert::ProtocolVersion, "Client offered DTLS version with major version 0xFF"); 390| 3| } 391| 8.68k| } else { 392| 3.63k| if(client_offer.major_version() < 3) { ------------------ | Branch (392:10): [True: 11, False: 3.62k] ------------------ 393| 11| throw TLS_Exception(Alert::ProtocolVersion, "Client offered TLS version with major version under 3"); 394| 11| } 395| 3.62k| if(client_offer.major_version() == 3 && client_offer.minor_version() == 0) { ------------------ | Branch (395:10): [True: 21, False: 3.60k] | Branch (395:47): [True: 2, False: 19] ------------------ 396| 2| throw TLS_Exception(Alert::ProtocolVersion, "Client offered SSLv3 which is not supported"); 397| 2| } 398| 3.62k| } 399| | 400| | /* 401| | * BoGo test suite expects that we will send the hello verify with a record 402| | * version matching the version that is eventually negotiated. This is wrong 403| | * but harmless, so go with it. Also doing the version negotiation step first 404| | * allows to immediately close the connection with an alert if the client has 405| | * offered a version that we are not going to negotiate anyway, instead of 406| | * making them first do the cookie exchange and then telling them no. 407| | * 408| | * There is no issue with amplification here, since the alert is just 2 bytes. 409| | */ 410| 12.3k| const Protocol_Version negotiated_version = 411| 12.3k| select_version(policy(), 412| 12.3k| client_offer, 413| 12.3k| active_state().has_value() ? active_state()->version() : Protocol_Version(), ------------------ | Branch (413:22): [True: 0, False: 12.3k] ------------------ 414| 12.3k| pending_state.client_hello()->supported_versions()); 415| | 416| 12.3k| pending_state.set_version(negotiated_version); 417| | 418| 12.3k| const auto compression_methods = pending_state.client_hello()->compression_methods(); 419| 12.3k| if(!value_exists(compression_methods, uint8_t(0))) { ------------------ | Branch (419:7): [True: 41, False: 12.2k] ------------------ 420| 41| throw TLS_Exception(Alert::IllegalParameter, "Client did not offer NULL compression"); 421| 41| } 422| | 423| 12.2k| if(initial_handshake && datagram) { ------------------ | Branch (423:7): [True: 12.1k, False: 133] | Branch (423:28): [True: 8.63k, False: 3.49k] ------------------ 424| 8.63k| SymmetricKey cookie_secret; 425| | 426| 8.63k| try { 427| 8.63k| cookie_secret = m_creds->psk("tls-server", "dtls-cookie-secret", ""); 428| 8.63k| } catch(...) {} 429| | 430| 8.63k| if(!cookie_secret.empty()) { ------------------ | Branch (430:10): [True: 8.63k, False: 0] ------------------ 431| 8.63k| const std::string client_identity = callbacks().tls_peer_network_identity(); 432| 8.63k| const Hello_Verify_Request verify( 433| 8.63k| pending_state.client_hello()->cookie_input_data(), client_identity, cookie_secret); 434| | 435| 8.63k| if(!CT::is_equal(pending_state.client_hello()->cookie(), verify.cookie()).as_bool()) { ------------------ | Branch (435:13): [True: 8.63k, False: 1] ------------------ 436| 8.63k| if(epoch0_restart) { ------------------ | Branch (436:16): [True: 0, False: 8.63k] ------------------ 437| 0| pending_state.handshake_io().send_under_epoch(verify, 0); 438| 8.63k| } else { 439| 8.63k| pending_state.handshake_io().send(verify); 440| 8.63k| } 441| | 442| 8.63k| pending_state.client_hello(nullptr); 443| 8.63k| pending_state.set_expected_next(Handshake_Type::ClientHello); 444| 8.63k| return; 445| 8.63k| } 446| 8.63k| } else if(epoch0_restart) { ------------------ | Branch (446:17): [True: 0, False: 0] ------------------ 447| 0| throw TLS_Exception(Alert::HandshakeFailure, "Reuse of DTLS association requires DTLS cookie secret be set"); 448| 0| } 449| 8.63k| } 450| | 451| 3.63k| if(epoch0_restart) { ------------------ | Branch (451:7): [True: 0, False: 3.63k] ------------------ 452| | // If we reached here then we were able to verify the cookie 453| 0| reset_active_association_state(); 454| 0| } 455| | 456| 3.63k| secure_renegotiation_check(pending_state.client_hello()); 457| | 458| | // RFC 7627 / RFC 9325 4.4: optionally require Extended Master Secret 459| 3.63k| if(policy().require_extended_master_secret() && !pending_state.client_hello()->supports_extended_master_secret()) { ------------------ | Branch (459:7): [True: 3.49k, False: 134] | Branch (459:52): [True: 101, False: 3.39k] ------------------ 460| 101| throw TLS_Exception(Alert::HandshakeFailure, 461| 101| "Policy requires the Extended Master Secret extension but the client did not send it"); 462| 101| } 463| | 464| | // RFC 7627 5.3 has an explicit MUST regarding EMS mismatch on resumption 465| | // 466| | // "If the original session used the 'extended_master_secret' 467| | // extension but the new ClientHello does not contain it, the 468| | // server MUST abort the abbreviated handshake." 469| | // 470| | // There is apparently no RFC requirement that a client must not drop EMS between the 471| | // initial negotiation and a renegotiation... but there is also no RFC requirement 472| | // that we must accept it. So we don't. 473| 3.53k| if(const auto& active = active_state()) { ------------------ | Branch (473:19): [True: 0, False: 3.53k] ------------------ 474| 0| const bool ems_pending = pending_state.client_hello()->supports_extended_master_secret(); 475| 0| if(active->supports_extended_master_secret() == true && ems_pending == false) { ------------------ | Branch (475:10): [True: 0, False: 0] | Branch (475:63): [True: 0, False: 0] ------------------ 476| 0| throw TLS_Exception(Alert::HandshakeFailure, 477| 0| "Renegotiation ClientHello dropped the Extended Master Secret extension"); 478| 0| } 479| 0| } 480| | 481| 3.53k| callbacks().tls_examine_extensions( 482| 3.53k| pending_state.client_hello()->extensions(), Connection_Side::Client, Handshake_Type::ClientHello); 483| | 484| 3.53k| const auto session_handle = pending_state.client_hello()->session_handle(); 485| | 486| 3.53k| std::optional session_info; 487| 3.53k| if(pending_state.allow_session_resumption() && session_handle.has_value()) { ------------------ | Branch (487:7): [True: 3.39k, False: 134] | Branch (487:51): [True: 26, False: 3.37k] ------------------ 488| 26| session_info = check_for_resume( 489| 26| session_handle.value(), session_manager(), callbacks(), policy(), pending_state.client_hello()); 490| 26| } 491| | 492| 3.53k| m_next_protocol = ""; 493| 3.53k| if(pending_state.client_hello()->supports_alpn()) { ------------------ | Branch (493:7): [True: 16, False: 3.51k] ------------------ 494| 16| const auto offered = pending_state.client_hello()->next_protocols(); 495| 16| m_next_protocol = callbacks().tls_server_choose_app_protocol(offered); 496| | // RFC 7301 3.2: if a protocol is selected, the server MUST select one 497| | // of the protocols advertised by the client. An empty return signals 498| | // "no ALPN" and is allowed. 499| 16| if(!m_next_protocol.empty() && !value_exists(offered, m_next_protocol)) { ------------------ | Branch (499:10): [True: 16, False: 0] | Branch (499:38): [True: 2, False: 14] ------------------ 500| 2| throw TLS_Exception(Alert::InternalError, "Application chose an ALPN protocol that the client did not offer"); 501| 2| } 502| 16| } 503| | 504| 3.52k| if(session_info.has_value()) { ------------------ | Branch (504:7): [True: 0, False: 3.52k] ------------------ 505| 0| this->session_resume(pending_state, {session_info.value(), session_handle.value()}); 506| 3.52k| } else { 507| | // new session 508| 3.52k| this->session_create(pending_state); 509| 3.52k| } 510| 3.52k|} _ZN5Botan3TLS14Server_Impl_1231process_client_key_exchange_msgERNS0_22Server_Handshake_StateERKNSt3__16vectorIhNS4_9allocatorIhEEEE: 525| 2.38k| const std::vector& contents) { 526| 2.38k| if(pending_state.received_handshake_msg(Handshake_Type::Certificate) && !pending_state.client_certs()->empty()) { ------------------ | Branch (526:7): [True: 0, False: 2.38k] | Branch (526:76): [True: 0, False: 0] ------------------ 527| 0| pending_state.set_expected_next(Handshake_Type::CertificateVerify); 528| 2.38k| } else { 529| 2.38k| pending_state.set_expected_next(Handshake_Type::HandshakeCCS); 530| 2.38k| } 531| | 532| 2.38k| pending_state.client_kex(std::make_unique( 533| 2.38k| contents, pending_state, pending_state.server_rsa_kex_key(), *m_creds, policy(), rng())); 534| | 535| 2.38k| pending_state.compute_session_keys(); 536| 2.38k| if(policy().allow_ssl_key_log_file()) { ------------------ | Branch (536:7): [True: 0, False: 2.38k] ------------------ 537| | // draft-thomson-tls-keylogfile-00 Section 3.2 538| | // An implementation of TLS 1.2 (and also earlier versions) use 539| | // the label "CLIENT_RANDOM" to identify the "master" secret for 540| | // the connection. 541| 0| callbacks().tls_ssl_key_log_data( 542| 0| "CLIENT_RANDOM", pending_state.client_hello()->random(), pending_state.session_keys().master_secret()); 543| 0| } 544| 2.38k|} _ZN5Botan3TLS14Server_Impl_1230process_change_cipher_spec_msgERNS0_22Server_Handshake_StateE: 546| 335|void Server_Impl_12::process_change_cipher_spec_msg(Server_Handshake_State& pending_state) { 547| 335| pending_state.set_expected_next(Handshake_Type::Finished); 548| 335| change_cipher_spec_reader(Connection_Side::Server); 549| 335|} _ZN5Botan3TLS14Server_Impl_1220process_finished_msgERNS0_22Server_Handshake_StateENS0_14Handshake_TypeERKNSt3__16vectorIhNS5_9allocatorIhEEEE: 601| 132| const std::vector& contents) { 602| 132| pending_state.set_expected_next(Handshake_Type::None); 603| | 604| 132| if(pending_state.handshake_io().have_more_data()) { ------------------ | Branch (604:7): [True: 3, False: 129] ------------------ 605| 3| throw TLS_Exception(Alert::UnexpectedMessage, "Have data remaining in buffer after Finished"); 606| 3| } 607| | 608| 129| pending_state.client_finished(std::make_unique(contents)); 609| | 610| 129| if(!pending_state.client_finished()->verify(pending_state, Connection_Side::Client)) { ------------------ | Branch (610:7): [True: 0, False: 129] ------------------ 611| 0| throw TLS_Exception(Alert::DecryptError, "Finished message didn't verify"); 612| 0| } 613| | 614| 129| if(pending_state.server_finished() == nullptr) { ------------------ | Branch (614:7): [True: 129, False: 0] ------------------ 615| | // already sent finished if resuming, so this is a new session 616| | 617| 129| pending_state.hash().update(pending_state.handshake_io().format(contents, type)); 618| | 619| 129| Session session_info(pending_state.session_keys().master_secret(), 620| 129| pending_state.server_hello()->legacy_version(), 621| 129| pending_state.server_hello()->ciphersuite(), 622| 129| Connection_Side::Server, 623| 129| pending_state.server_hello()->supports_extended_master_secret(), 624| 129| pending_state.server_hello()->supports_encrypt_then_mac(), 625| 129| pending_state.peer_cert_chain(), 626| 129| Server_Information(pending_state.client_hello()->sni_hostname()), 627| 129| pending_state.server_hello()->srtp_profile(), 628| 129| callbacks().tls_current_timestamp()); 629| | 630| | // Give the application a chance for a final veto before fully 631| | // establishing the connection. 632| 129| callbacks().tls_session_established([&, this] { 633| 129| Session_Summary summary(session_info, pending_state.is_a_resumption(), external_psk_identity()); 634| 129| summary.set_session_id(pending_state.server_hello()->session_id()); 635| 129| return summary; 636| 129| }()); 637| | 638| 129| if(callbacks().tls_should_persist_resumption_information(session_info)) { ------------------ | Branch (638:10): [True: 129, False: 0] ------------------ 639| 129| auto handle = session_manager().establish(session_info, 640| 129| pending_state.server_hello()->session_id(), 641| 129| !pending_state.server_hello()->supports_session_ticket()); 642| | 643| 129| if(pending_state.server_hello()->supports_session_ticket() && handle.has_value() && handle->is_ticket()) { ------------------ | Branch (643:13): [True: 0, False: 129] | Branch (643:72): [True: 0, False: 0] | Branch (643:94): [True: 0, False: 0] ------------------ 644| 0| pending_state.new_session_ticket(std::make_unique( 645| 0| pending_state.handshake_io(), 646| 0| pending_state.hash(), 647| 0| handle->ticket().value(), 648| 0| static_cast(policy().session_ticket_lifetime().count()))); 649| 0| } 650| 129| } 651| | 652| 129| if(pending_state.new_session_ticket() == nullptr && pending_state.server_hello()->supports_session_ticket()) { ------------------ | Branch (652:10): [True: 129, False: 0] | Branch (652:59): [True: 0, False: 129] ------------------ 653| 0| pending_state.new_session_ticket( 654| 0| std::make_unique(pending_state.handshake_io(), pending_state.hash())); 655| 0| } 656| | 657| 129| pending_state.handshake_io().send(Change_Cipher_Spec()); 658| | 659| 129| change_cipher_spec_writer(Connection_Side::Server); 660| | 661| 129| pending_state.server_finished( 662| 129| std::make_unique(pending_state.handshake_io(), pending_state, Connection_Side::Server)); 663| 129| } 664| | 665| 129| activate_session(); 666| 129|} _ZN5Botan3TLS14Server_Impl_1221process_handshake_msgERNS0_15Handshake_StateENS0_14Handshake_TypeERKNSt3__16vectorIhNS5_9allocatorIhEEEEb: 674| 15.2k| bool epoch0_restart) { 675| 15.2k| Server_Handshake_State& state = dynamic_cast(state_base); 676| 15.2k| state.confirm_transition_to(type); 677| | 678| | /* 679| | * The change cipher spec message isn't technically a handshake 680| | * message so it's not included in the hash. The finished and 681| | * certificate verify messages are verified based on the current 682| | * state of the hash *before* this message so we delay adding them 683| | * to the hash computation until we've processed them below. 684| | */ 685| 15.2k| if(type != Handshake_Type::HandshakeCCS && type != Handshake_Type::Finished && ------------------ | Branch (685:7): [True: 14.8k, False: 408] | Branch (685:47): [True: 14.7k, False: 132] ------------------ 686| 14.7k| type != Handshake_Type::CertificateVerify) { ------------------ | Branch (686:7): [True: 14.7k, False: 0] ------------------ 687| 14.7k| state.hash().update(state.handshake_io().format(contents, type)); 688| 14.7k| } 689| | 690| 15.2k| switch(type) { 691| 12.3k| case Handshake_Type::ClientHello: ------------------ | Branch (691:7): [True: 12.3k, False: 2.92k] ------------------ 692| 12.3k| return this->process_client_hello_msg(state, contents, epoch0_restart); 693| | 694| 0| case Handshake_Type::Certificate: ------------------ | Branch (694:7): [True: 0, False: 15.2k] ------------------ 695| 0| return this->process_certificate_msg(state, contents); 696| | 697| 2.38k| case Handshake_Type::ClientKeyExchange: ------------------ | Branch (697:7): [True: 2.38k, False: 12.8k] ------------------ 698| 2.38k| return this->process_client_key_exchange_msg(state, contents); 699| | 700| 0| case Handshake_Type::CertificateVerify: ------------------ | Branch (700:7): [True: 0, False: 15.2k] ------------------ 701| 0| return this->process_certificate_verify_msg(state, type, contents); 702| | 703| 335| case Handshake_Type::HandshakeCCS: ------------------ | Branch (703:7): [True: 335, False: 14.9k] ------------------ 704| 335| return this->process_change_cipher_spec_msg(state); 705| | 706| 132| case Handshake_Type::Finished: ------------------ | Branch (706:7): [True: 132, False: 15.1k] ------------------ 707| 132| return this->process_finished_msg(state, type, contents); 708| | 709| 0| default: ------------------ | Branch (709:7): [True: 0, False: 15.2k] ------------------ 710| 0| throw Unexpected_Message("Unknown handshake message received"); 711| 15.2k| } 712| 15.2k|} _ZN5Botan3TLS14Server_Impl_1214session_createERNS0_22Server_Handshake_StateE: 787| 3.39k|void Server_Impl_12::session_create(Server_Handshake_State& pending_state) { 788| 3.39k| std::map> cert_chains; 789| | 790| 3.39k| const std::string sni_hostname = pending_state.client_hello()->sni_hostname(); 791| | 792| | // RFC 8446 1.3 793| | // The "signature_algorithms_cert" extension allows a client to indicate 794| | // which signature algorithms it can validate in X.509 certificates. 795| | // 796| | // RFC 8446 4.2.3 797| | // TLS 1.2 implementations SHOULD also process this extension. 798| 3.39k| const auto cert_signature_schemes = pending_state.client_hello()->certificate_signature_schemes(); 799| 3.39k| cert_chains = get_server_certs(sni_hostname, cert_signature_schemes, *m_creds); 800| | 801| 3.39k| if(!sni_hostname.empty() && cert_chains.empty()) { ------------------ | Branch (801:7): [True: 3, False: 3.39k] | Branch (801:32): [True: 0, False: 3] ------------------ 802| 0| cert_chains = get_server_certs("", cert_signature_schemes, *m_creds); 803| | 804| | /* 805| | * Only send the unrecognized_name alert if we couldn't 806| | * find any certs for the requested name but did find at 807| | * least one cert to use in general. That avoids sending an 808| | * unrecognized_name when a server is configured for purely 809| | * anonymous/PSK operation. 810| | */ 811| 0| if(!cert_chains.empty()) { ------------------ | Branch (811:10): [True: 0, False: 0] ------------------ 812| 0| send_warning_alert(Alert::UnrecognizedName); 813| 0| } 814| 0| } 815| | 816| 3.39k| const uint16_t ciphersuite = 817| 3.39k| choose_ciphersuite(policy(), pending_state.version(), cert_chains, *pending_state.client_hello()); 818| | 819| 3.39k| const Server_Hello_12::Settings srv_settings(Session_ID(make_hello_random(rng(), callbacks(), policy())), 820| 3.39k| pending_state.version(), 821| 3.39k| ciphersuite, 822| 3.39k| session_manager().emits_session_tickets()); 823| | 824| 3.39k| pending_state.server_hello(std::make_unique(pending_state.handshake_io(), 825| 3.39k| pending_state.hash(), 826| 3.39k| policy(), 827| 3.39k| callbacks(), 828| 3.39k| rng(), 829| 3.39k| secure_renegotiation_data_for_server_hello(), 830| 3.39k| *pending_state.client_hello(), 831| 3.39k| srv_settings, 832| 3.39k| m_next_protocol)); 833| | 834| 3.39k| secure_renegotiation_check(pending_state.server_hello()); 835| | 836| 3.39k| const Ciphersuite& pending_suite = pending_state.ciphersuite(); 837| | 838| 3.39k| std::shared_ptr private_key; 839| | 840| 3.39k| if(pending_suite.is_certificate_required()) { ------------------ | Branch (840:7): [True: 4, False: 3.39k] ------------------ 841| 4| const std::string algo_used = pending_suite.signature_used() ? pending_suite.sig_algo() : "RSA"; ------------------ | Branch (841:37): [True: 4, False: 0] ------------------ 842| | 843| 4| BOTAN_ASSERT(!cert_chains[algo_used].empty(), "Attempting to send empty certificate chain"); ------------------ | | 64| 4| do { \ | | 65| 4| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 4| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, False: 4] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 4| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 4] | | ------------------ ------------------ 844| | 845| 4| pending_state.server_certs( 846| 4| std::make_unique(pending_state.handshake_io(), pending_state.hash(), cert_chains[algo_used])); 847| | 848| 4| if(pending_state.client_hello()->supports_cert_status_message() && pending_state.is_a_resumption() == false) { ------------------ | Branch (848:10): [True: 2, False: 2] | Branch (848:74): [True: 2, False: 0] ------------------ 849| 2| auto* csr = pending_state.client_hello()->extensions().get(); 850| | // csr is non-null if client_hello()->supports_cert_status_message() 851| 2| BOTAN_ASSERT_NOMSG(csr != nullptr); ------------------ | | 77| 2| do { \ | | 78| 2| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 2| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 2] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 2| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 2] | | ------------------ ------------------ 852| 2| const auto resp_bytes = callbacks().tls_provide_cert_status(cert_chains[algo_used], *csr); 853| 2| if(!resp_bytes.empty()) { ------------------ | Branch (853:13): [True: 0, False: 2] ------------------ 854| 0| pending_state.server_cert_status( 855| 0| std::make_unique(pending_state.handshake_io(), pending_state.hash(), resp_bytes)); 856| 0| } 857| 2| } 858| | 859| 4| private_key = m_creds->private_key_for(pending_state.server_certs()->cert_chain()[0], "tls-server", sni_hostname); 860| | 861| 4| if(!private_key) { ------------------ | Branch (861:10): [True: 4, False: 0] ------------------ 862| 4| throw Internal_Error("No private key located for associated server cert"); 863| 4| } 864| 4| } 865| | 866| 3.39k| if(pending_suite.kex_method() == Kex_Algo::STATIC_RSA) { ------------------ | Branch (866:7): [True: 0, False: 3.39k] ------------------ 867| 0| pending_state.set_server_rsa_kex_key(private_key); 868| 3.39k| } else { 869| 3.39k| pending_state.server_kex(std::make_unique( 870| 3.39k| pending_state.handshake_io(), pending_state, policy(), *m_creds, rng(), private_key.get())); 871| 3.39k| } 872| | 873| 3.39k| auto trusted_CAs = m_creds->trusted_certificate_authorities("tls-server", sni_hostname); 874| | 875| 3.39k| std::vector client_auth_CAs; 876| | 877| 3.39k| for(auto* store : trusted_CAs) { ------------------ | Branch (877:20): [True: 0, False: 3.39k] ------------------ 878| 0| auto subjects = store->all_subjects(); 879| 0| client_auth_CAs.insert(client_auth_CAs.end(), subjects.begin(), subjects.end()); 880| 0| } 881| | 882| 3.39k| const bool request_cert = (client_auth_CAs.empty() == false) || policy().request_client_certificate_authentication(); ------------------ | Branch (882:30): [True: 167, False: 3.22k] | Branch (882:68): [True: 0, False: 3.22k] ------------------ 883| | 884| | // RFC 5246 7.4.4: supported_signature_algorithms<2..2^16-2> 885| | // Without at least one acceptable scheme we cannot construct a valid 886| | // CertificateRequest, so client cert auth is unreachable regardless. 887| 3.39k| const bool can_request_cert = !policy().acceptable_signature_schemes().empty(); 888| | 889| 3.39k| if(request_cert && can_request_cert && pending_state.ciphersuite().is_certificate_required()) { ------------------ | Branch (889:7): [True: 0, False: 3.39k] | Branch (889:23): [True: 0, False: 0] | Branch (889:43): [True: 0, False: 0] ------------------ 890| 0| pending_state.cert_req(std::make_unique( 891| 0| pending_state.handshake_io(), pending_state.hash(), policy(), client_auth_CAs)); 892| | 893| | /* 894| | SSLv3 allowed clients to skip the Certificate message entirely 895| | if they wanted. In TLS v1.0 and later clients must send a 896| | (possibly empty) Certificate message 897| | */ 898| 0| pending_state.set_expected_next(Handshake_Type::Certificate); 899| 3.39k| } else { 900| 3.39k| pending_state.set_expected_next(Handshake_Type::ClientKeyExchange); 901| 3.39k| } 902| | 903| 3.39k| pending_state.server_hello_done( 904| 3.39k| std::make_unique(pending_state.handshake_io(), pending_state.hash())); 905| 3.39k|} tls_server_impl_12.cpp:_ZN5Botan3TLS12_GLOBAL__N_114select_versionERKNS0_6PolicyENS0_16Protocol_VersionES5_RKNSt3__16vectorIS5_NS6_9allocatorIS5_EEEE: 305| 12.2k| const std::vector& supported_versions) { 306| 12.2k| const bool is_datagram = client_offer.is_datagram_protocol(); 307| 12.2k| const bool initial_handshake = (active_version.valid() == false); 308| | 309| 12.2k| if(!supported_versions.empty()) { ------------------ | Branch (309:7): [True: 420, False: 11.8k] ------------------ 310| 420| if(is_datagram) { ------------------ | Branch (310:10): [True: 399, False: 21] ------------------ 311| 399| if(policy.allow_dtls12() && value_exists(supported_versions, Protocol_Version(Protocol_Version::DTLS_V12))) { ------------------ | Branch (311:13): [True: 399, False: 0] | Branch (311:13): [True: 374, False: 25] | Branch (311:38): [True: 374, False: 25] ------------------ 312| 374| return Protocol_Version::DTLS_V12; 313| 374| } 314| 25| throw TLS_Exception(Alert::ProtocolVersion, "No shared DTLS version"); 315| 399| } else { 316| 21| if(policy.allow_tls12() && value_exists(supported_versions, Protocol_Version(Protocol_Version::TLS_V12))) { ------------------ | Branch (316:13): [True: 21, False: 0] | Branch (316:13): [True: 4, False: 17] | Branch (316:37): [True: 4, False: 17] ------------------ 317| 4| return Protocol_Version::TLS_V12; 318| 4| } 319| 17| throw TLS_Exception(Alert::ProtocolVersion, "No shared TLS version"); 320| 21| } 321| 420| } 322| | 323| 11.8k| if(!initial_handshake) { ------------------ | Branch (323:7): [True: 0, False: 11.8k] ------------------ 324| | /* 325| | * If this is a renegotiation, and the client has offered a 326| | * later version than what it initially negotiated, negotiate 327| | * the old version. This matches OpenSSL's behavior. If the 328| | * client is offering a version earlier than what it initially 329| | * negotiated, reject as a probable attack. 330| | */ 331| 0| if(active_version > client_offer) { ------------------ | Branch (331:10): [True: 0, False: 0] ------------------ 332| 0| throw TLS_Exception( 333| 0| Alert::ProtocolVersion, 334| 0| "Client negotiated " + active_version.to_string() + " then renegotiated with " + client_offer.to_string()); 335| 0| } else { 336| 0| return active_version; 337| 0| } 338| 0| } 339| | 340| 11.8k| if(is_datagram) { ------------------ | Branch (340:7): [True: 8.28k, False: 3.52k] ------------------ 341| 8.28k| if(policy.allow_dtls12() && client_offer >= Protocol_Version::DTLS_V12) { ------------------ | Branch (341:10): [True: 8.28k, False: 0] | Branch (341:10): [True: 8.27k, False: 8] | Branch (341:35): [True: 8.27k, False: 8] ------------------ 342| 8.27k| return Protocol_Version::DTLS_V12; 343| 8.27k| } 344| 8.28k| } else { 345| 3.52k| if(policy.allow_tls12() && client_offer >= Protocol_Version::TLS_V12) { ------------------ | Branch (345:10): [True: 3.52k, False: 0] | Branch (345:10): [True: 3.52k, False: 2] | Branch (345:34): [True: 3.52k, False: 2] ------------------ 346| 3.52k| return Protocol_Version::TLS_V12; 347| 3.52k| } 348| 3.52k| } 349| | 350| 10| throw TLS_Exception(Alert::ProtocolVersion, 351| 10| "Client version " + client_offer.to_string() + " is unacceptable by policy"); 352| 11.8k|} _ZNK5Botan3TLS22Server_Handshake_State24allow_session_resumptionEv: 34| 3.39k| bool allow_session_resumption() const { return m_allow_session_resumption; } tls_server_impl_12.cpp:_ZN5Botan3TLS12_GLOBAL__N_116check_for_resumeERKNS0_14Session_HandleERNS0_15Session_ManagerERNS0_9CallbacksERKNS0_6PolicyEPKNS0_15Client_Hello_12E: 79| 26| const Client_Hello_12* client_hello) { 80| 26| auto session = session_manager.retrieve(handle_to_resume, cb, policy); 81| 26| if(!session.has_value()) { ------------------ | Branch (81:7): [True: 26, False: 0] ------------------ 82| 26| return std::nullopt; 83| 26| } 84| | 85| | // wrong version 86| 0| if(client_hello->legacy_version() != session->version()) { ------------------ | Branch (86:7): [True: 0, False: 0] ------------------ 87| 0| return std::nullopt; 88| 0| } 89| | 90| | // client didn't send original ciphersuite 91| 0| if(!value_exists(client_hello->ciphersuites(), session->ciphersuite_code())) { ------------------ | Branch (91:7): [True: 0, False: 0] ------------------ 92| 0| return std::nullopt; 93| 0| } 94| | 95| | // client sent a different SNI hostname 96| 0| if(!client_hello->sni_hostname().empty() && client_hello->sni_hostname() != session->server_info().hostname()) { ------------------ | Branch (96:7): [True: 0, False: 0] | Branch (96:7): [True: 0, False: 0] | Branch (96:48): [True: 0, False: 0] ------------------ 97| 0| return std::nullopt; 98| 0| } 99| | 100| | // Checking extended_master_secret on resume (RFC 7627 section 5.3) 101| 0| if(client_hello->supports_extended_master_secret() != session->supports_extended_master_secret()) { ------------------ | Branch (101:7): [True: 0, False: 0] ------------------ 102| 0| if(!session->supports_extended_master_secret()) { ------------------ | Branch (102:10): [True: 0, False: 0] ------------------ 103| 0| return std::nullopt; // force new handshake with extended master secret 104| 0| } else { 105| | /* 106| | Client previously negotiated session with extended master secret, 107| | but has now attempted to resume without the extension: abort 108| | */ 109| 0| throw TLS_Exception(Alert::HandshakeFailure, "Client resumed extended ms session without sending extension"); 110| 0| } 111| 0| } 112| | 113| | // Checking encrypt_then_mac on resume (RFC 7366 section 3.1) 114| 0| if(!client_hello->supports_encrypt_then_mac() && session->supports_encrypt_then_mac()) { ------------------ | Branch (114:7): [True: 0, False: 0] | Branch (114:53): [True: 0, False: 0] ------------------ 115| | /* 116| | Client previously negotiated session with Encrypt-then-MAC, 117| | but has now attempted to resume without the extension: abort 118| | */ 119| 0| throw TLS_Exception(Alert::HandshakeFailure, "Client resumed Encrypt-then-MAC session without sending extension"); 120| 0| } 121| | 122| 0| return session; 123| 0|} _ZN5Botan3TLS22Server_Handshake_State18server_rsa_kex_keyEv: 30| 2.38k| Private_Key* server_rsa_kex_key() { return m_server_rsa_kex_key.get(); } _ZNK5Botan3TLS22Server_Handshake_State15peer_cert_chainEv: 48| 258| std::vector peer_cert_chain() const override { 49| 258| if(!m_resume_peer_certs.empty()) { ------------------ | Branch (49:13): [True: 0, False: 258] ------------------ 50| 0| return m_resume_peer_certs; 51| 0| } 52| 258| if(client_certs() != nullptr) { ------------------ | Branch (52:13): [True: 0, False: 258] ------------------ 53| 0| return client_certs()->cert_chain(); 54| 0| } 55| 258| return {}; 56| 258| } tls_server_impl_12.cpp:_ZZN5Botan3TLS14Server_Impl_1220process_finished_msgERNS0_22Server_Handshake_StateENS0_14Handshake_TypeERKNSt3__16vectorIhNS5_9allocatorIhEEEEENK3$_0clEv: 632| 129| callbacks().tls_session_established([&, this] { 633| 129| Session_Summary summary(session_info, pending_state.is_a_resumption(), external_psk_identity()); 634| 129| summary.set_session_id(pending_state.server_hello()->session_id()); 635| 129| return summary; 636| 129| }()); tls_server_impl_12.cpp:_ZN5Botan3TLS12_GLOBAL__N_116get_server_certsENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEERKNS2_6vectorINS0_16Signature_SchemeENS2_9allocatorIS8_EEEERNS_19Credentials_ManagerE: 245| 3.39k| std::string_view hostname, const std::vector& cert_sig_schemes, Credentials_Manager& creds) { 246| 3.39k| const std::vector cert_types = {"RSA", "ECDSA"}; 247| | 248| 3.39k| std::map> cert_chains; 249| | 250| 6.78k| for(const auto& cert_type : cert_types) { ------------------ | Branch (250:30): [True: 6.78k, False: 3.39k] ------------------ 251| 6.78k| const std::vector certs = creds.cert_chain_single_type( 252| 6.78k| cert_type, to_algorithm_identifiers(cert_sig_schemes), "tls-server", std::string(hostname)); 253| | 254| 6.78k| if(!certs.empty()) { ------------------ | Branch (254:10): [True: 3.39k, False: 3.39k] ------------------ 255| 3.39k| cert_chains[cert_type] = certs; 256| 3.39k| } 257| 6.78k| } 258| | 259| 3.39k| return cert_chains; 260| 3.39k|} tls_server_impl_12.cpp:_ZN5Botan3TLS12_GLOBAL__N_118choose_ciphersuiteERKNS0_6PolicyENS0_16Protocol_VersionERKNSt3__13mapINS6_12basic_stringIcNS6_11char_traitsIcEENS6_9allocatorIcEEEENS6_6vectorINS_16X509_CertificateENSB_ISF_EEEENS6_4lessISD_EENSB_INS6_4pairIKSD_SH_EEEEEERKNS0_15Client_Hello_12E: 131| 3.39k| const Client_Hello_12& client_hello) { 132| 3.39k| const bool our_choice = policy.server_uses_own_ciphersuite_preferences(); 133| 3.39k| const std::vector& client_suites = client_hello.ciphersuites(); 134| 3.39k| const std::vector server_suites = policy.ciphersuite_list(version); 135| | 136| 3.39k| if(server_suites.empty()) { ------------------ | Branch (136:7): [True: 0, False: 3.39k] ------------------ 137| 0| throw TLS_Exception(Alert::HandshakeFailure, "Policy forbids us from negotiating any ciphersuite"); 138| 0| } 139| | 140| 3.39k| const bool have_shared_ecc_curve = 141| 3.39k| (policy.choose_key_exchange_group(client_hello.supported_ecc_curves(), {}) != Group_Params::NONE); 142| | 143| 3.39k| const bool client_supports_ffdhe_groups = !client_hello.supported_dh_groups().empty(); 144| | 145| 3.39k| const bool have_shared_dh_group = 146| 3.39k| (policy.choose_key_exchange_group(client_hello.supported_dh_groups(), {}) != Group_Params::NONE); 147| | 148| 3.39k| const std::unordered_set client_suite_set(client_suites.begin(), client_suites.end()); 149| | 150| 3.39k| const std::vector allowed_sig_schemes = policy.allowed_signature_schemes(); 151| 3.39k| const std::vector client_sig_methods = client_hello.signature_schemes(); 152| | 153| | // Algorithm names (eg "RSA", "ECDSA") for which the client offered at least 154| | // one signature_scheme that is available, is in our policy, and uses a hash we accept. 155| 3.39k| const std::unordered_set client_sig_algs = [&] { 156| 3.39k| std::unordered_set allowed_codes; 157| 3.39k| allowed_codes.reserve(allowed_sig_schemes.size()); 158| 3.39k| for(auto s : allowed_sig_schemes) { 159| 3.39k| allowed_codes.insert(static_cast(s.wire_code())); 160| 3.39k| } 161| 3.39k| std::unordered_set result; 162| 3.39k| for(const Signature_Scheme scheme : client_sig_methods) { 163| 3.39k| if(!scheme.is_available()) { 164| 3.39k| continue; 165| 3.39k| } 166| 3.39k| if(!allowed_codes.contains(static_cast(scheme.wire_code()))) { 167| 3.39k| continue; 168| 3.39k| } 169| 3.39k| if(!policy.allowed_signature_hash(scheme.hash_function_name())) { 170| 3.39k| continue; 171| 3.39k| } 172| 3.39k| result.insert(scheme.algorithm_name()); 173| 3.39k| } 174| 3.39k| return result; 175| 3.39k| }(); 176| | 177| | /* 178| | Walk down one list in preference order 179| | */ 180| 3.39k| const std::vector& pref_list = our_choice ? server_suites : client_suites; ------------------ | Branch (180:45): [True: 3.39k, False: 0] ------------------ 181| | 182| 3.39k| auto in_other_list = [&](uint16_t suite_id) { 183| | // server_suites is small and policy-controlled 184| 3.39k| return our_choice ? client_suite_set.contains(suite_id) : value_exists(server_suites, suite_id); 185| 3.39k| }; 186| | 187| 185k| for(auto suite_id : pref_list) { ------------------ | Branch (187:22): [True: 185k, False: 167] ------------------ 188| 185k| if(!in_other_list(suite_id)) { ------------------ | Branch (188:10): [True: 181k, False: 3.42k] ------------------ 189| 181k| continue; 190| 181k| } 191| | 192| 3.42k| const auto suite = Ciphersuite::by_id(suite_id); 193| | 194| 3.42k| if(!suite.has_value() || !suite->valid()) { ------------------ | Branch (194:10): [True: 0, False: 3.42k] | Branch (194:32): [True: 0, False: 3.42k] ------------------ 195| 0| continue; 196| 0| } 197| | 198| 3.42k| if(have_shared_ecc_curve == false && suite->ecc_ciphersuite()) { ------------------ | Branch (198:10): [True: 189, False: 3.23k] | Branch (198:44): [True: 42, False: 147] ------------------ 199| 42| continue; 200| 42| } 201| | 202| 3.38k| if(suite->kex_method() == Kex_Algo::DH && client_supports_ffdhe_groups && !have_shared_dh_group) { ------------------ | Branch (202:10): [True: 40, False: 3.34k] | Branch (202:49): [True: 19, False: 21] | Branch (202:81): [True: 8, False: 11] ------------------ 203| 8| continue; 204| 8| } 205| | 206| | // For non-anon ciphersuites 207| 3.37k| if(suite->is_certificate_required()) { ------------------ | Branch (207:10): [True: 149, False: 3.22k] ------------------ 208| 149| const std::string cert_algo = suite->signature_used() ? suite->sig_algo() : "RSA"; ------------------ | Branch (208:40): [True: 119, False: 30] ------------------ 209| | 210| | // Do we have any certificates for this sig? 211| 149| if(!cert_chains.contains(cert_algo)) { ------------------ | Branch (211:13): [True: 139, False: 10] ------------------ 212| 139| continue; 213| 139| } 214| 149| } 215| | 216| 3.23k| if(suite->signature_used()) { ------------------ | Branch (216:10): [True: 10, False: 3.22k] ------------------ 217| | // The client's signature_algorithms list might not include a scheme 218| | // matching this suite's sig_algo (e.g. the client offered ECDSA 219| | // schemes but we're considering an RSA suite). That's just a 220| | // mismatch on this candidate, not a handshake-fatal condition - try 221| | // the next suite. The final "Can't agree on a ciphersuite" throw 222| | // below fires only if no candidate works. 223| 10| if(!client_sig_algs.contains(suite->sig_algo())) { ------------------ | Branch (223:13): [True: 6, False: 4] ------------------ 224| 6| continue; 225| 6| } 226| 10| } 227| | 228| 3.22k| return suite_id; 229| 3.23k| } 230| | 231| | // RFC 7919 Section 4. 232| | // If the [Supported Groups] extension is present 233| | // with FFDHE groups, none of the client’s offered groups are acceptable 234| | // by the server, and none of the client’s proposed non-FFDHE cipher 235| | // suites are acceptable to the server, the server MUST end the 236| | // connection with a fatal TLS alert of type insufficient_security(71). 237| 167| if(client_supports_ffdhe_groups && !have_shared_dh_group) { ------------------ | Branch (237:7): [True: 30, False: 137] | Branch (237:39): [True: 16, False: 14] ------------------ 238| 16| throw TLS_Exception(Alert::InsufficientSecurity, "Can't agree on a sufficiently strong ciphersuite with client"); 239| 16| } 240| | 241| 151| throw TLS_Exception(Alert::HandshakeFailure, "Can't agree on a ciphersuite with client"); 242| 167|} tls_server_impl_12.cpp:_ZZN5Botan3TLS12_GLOBAL__N_118choose_ciphersuiteERKNS0_6PolicyENS0_16Protocol_VersionERKNSt3__13mapINS6_12basic_stringIcNS6_11char_traitsIcEENS6_9allocatorIcEEEENS6_6vectorINS_16X509_CertificateENSB_ISF_EEEENS6_4lessISD_EENSB_INS6_4pairIKSD_SH_EEEEEERKNS0_15Client_Hello_12EENK3$_0clEv: 155| 3.39k| const std::unordered_set client_sig_algs = [&] { 156| 3.39k| std::unordered_set allowed_codes; 157| 3.39k| allowed_codes.reserve(allowed_sig_schemes.size()); 158| 30.5k| for(auto s : allowed_sig_schemes) { ------------------ | Branch (158:18): [True: 30.5k, False: 3.39k] ------------------ 159| 30.5k| allowed_codes.insert(static_cast(s.wire_code())); 160| 30.5k| } 161| 3.39k| std::unordered_set result; 162| 16.2k| for(const Signature_Scheme scheme : client_sig_methods) { ------------------ | Branch (162:41): [True: 16.2k, False: 3.39k] ------------------ 163| 16.2k| if(!scheme.is_available()) { ------------------ | Branch (163:13): [True: 12.7k, False: 3.50k] ------------------ 164| 12.7k| continue; 165| 12.7k| } 166| 3.50k| if(!allowed_codes.contains(static_cast(scheme.wire_code()))) { ------------------ | Branch (166:13): [True: 0, False: 3.50k] ------------------ 167| 0| continue; 168| 0| } 169| 3.50k| if(!policy.allowed_signature_hash(scheme.hash_function_name())) { ------------------ | Branch (169:13): [True: 0, False: 3.50k] ------------------ 170| 0| continue; 171| 0| } 172| 3.50k| result.insert(scheme.algorithm_name()); 173| 3.50k| } 174| 3.39k| return result; 175| 3.39k| }(); tls_server_impl_12.cpp:_ZZN5Botan3TLS12_GLOBAL__N_118choose_ciphersuiteERKNS0_6PolicyENS0_16Protocol_VersionERKNSt3__13mapINS6_12basic_stringIcNS6_11char_traitsIcEENS6_9allocatorIcEEEENS6_6vectorINS_16X509_CertificateENSB_ISF_EEEENS6_4lessISD_EENSB_INS6_4pairIKSD_SH_EEEEEERKNS0_15Client_Hello_12EENK3$_1clEt: 182| 185k| auto in_other_list = [&](uint16_t suite_id) { 183| | // server_suites is small and policy-controlled 184| 185k| return our_choice ? client_suite_set.contains(suite_id) : value_exists(server_suites, suite_id); ------------------ | Branch (184:14): [True: 185k, False: 0] ------------------ 185| 185k| }; _ZNK5Botan3TLS22Server_Handshake_State15is_a_resumptionEv: 46| 131| bool is_a_resumption() const { return m_is_a_resumption; } _ZN5Botan3TLS22Server_Handshake_StateC2ENSt3__110unique_ptrINS0_12Handshake_IOENS2_14default_deleteIS4_EEEERNS0_9CallbacksE: 28| 4.59k| Server_Handshake_State(std::unique_ptr io, Callbacks& cb) : Handshake_State(std::move(io), cb) {} _ZN5Botan3TLS12Session_KeysC2EPKNS0_15Handshake_StateERKNSt3__16vectorIhNS_16secure_allocatorIhEEEEb: 22| 1.46k| bool resuming) { 23| 1.46k| BOTAN_ASSERT_NONNULL(state); ------------------ | | 116| 1.46k| do { \ | | 117| 1.46k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 1.46k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 1.46k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 1.46k] | | ------------------ ------------------ 24| 1.46k| BOTAN_ASSERT_NONNULL(state->client_hello()); ------------------ | | 116| 1.46k| do { \ | | 117| 1.46k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 1.46k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 1.46k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 1.46k] | | ------------------ ------------------ 25| 1.46k| BOTAN_ASSERT_NONNULL(state->server_hello()); ------------------ | | 116| 1.46k| do { \ | | 117| 1.46k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 1.46k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 1.46k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 1.46k] | | ------------------ ------------------ 26| | 27| 1.46k| const auto& suite = state->ciphersuite(); 28| 1.46k| BOTAN_STATE_CHECK(suite.valid()); ------------------ | | 51| 1.46k| do { \ | | 52| 1.46k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 1.46k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 1.46k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 1.46k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 1.46k] | | ------------------ ------------------ 29| | 30| 1.46k| const size_t cipher_keylen = suite.cipher_keylen(); 31| 1.46k| const size_t mac_keylen = suite.mac_keylen(); 32| 1.46k| const size_t cipher_nonce_bytes = suite.nonce_bytes_from_handshake(); 33| | 34| 1.46k| const bool extended_master_secret = state->server_hello()->supports_extended_master_secret(); 35| | 36| 1.46k| const size_t prf_gen = 2 * (mac_keylen + cipher_keylen + cipher_nonce_bytes); 37| | 38| 1.46k| const uint8_t MASTER_SECRET_MAGIC[] = {0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74}; 39| | 40| 1.46k| const uint8_t EXT_MASTER_SECRET_MAGIC[] = {0x65, 0x78, 0x74, 0x65, 0x6E, 0x64, 0x65, 0x64, 0x20, 0x6D, 0x61, 41| 1.46k| 0x73, 0x74, 0x65, 0x72, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74}; 42| | 43| 1.46k| const uint8_t KEY_GEN_MAGIC[] = {0x6B, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6E, 0x73, 0x69, 0x6F, 0x6E}; 44| | 45| 1.46k| auto prf = state->protocol_specific_prf(); 46| | 47| 1.46k| if(resuming) { ------------------ | Branch (47:7): [True: 0, False: 1.46k] ------------------ 48| | // This is actually the master secret saved as part of the session 49| 0| m_master_sec = pre_master_secret; 50| 1.46k| } else { 51| 1.46k| std::vector salt; 52| 1.46k| std::vector label; 53| 1.46k| if(extended_master_secret) { ------------------ | Branch (53:10): [True: 1.46k, False: 0] ------------------ 54| 1.46k| label.assign(EXT_MASTER_SECRET_MAGIC, EXT_MASTER_SECRET_MAGIC + sizeof(EXT_MASTER_SECRET_MAGIC)); 55| 1.46k| salt += state->hash().final(suite.prf_algo()); 56| 1.46k| } else { 57| 0| label.assign(MASTER_SECRET_MAGIC, MASTER_SECRET_MAGIC + sizeof(MASTER_SECRET_MAGIC)); 58| 0| salt += state->client_hello()->random(); 59| 0| salt += state->server_hello()->random(); 60| 0| } 61| | 62| 1.46k| m_master_sec = prf->derive_key(48, pre_master_secret, salt, label); 63| 1.46k| } 64| | 65| 1.46k| std::vector salt; 66| 1.46k| std::vector label; 67| 1.46k| label.assign(KEY_GEN_MAGIC, KEY_GEN_MAGIC + sizeof(KEY_GEN_MAGIC)); 68| 1.46k| salt += state->server_hello()->random(); 69| 1.46k| salt += state->client_hello()->random(); 70| | 71| 1.46k| const secure_vector prf_output = prf->derive_key( 72| 1.46k| prf_gen, m_master_sec.data(), m_master_sec.size(), salt.data(), salt.size(), label.data(), label.size()); 73| | 74| 1.46k| const uint8_t* key_data = prf_output.data(); 75| | 76| 1.46k| m_c_aead.resize(mac_keylen + cipher_keylen); 77| 1.46k| m_s_aead.resize(mac_keylen + cipher_keylen); 78| | 79| | // NOLINTBEGIN(readability-container-data-pointer) 80| 1.46k| copy_mem(&m_c_aead[0], key_data, mac_keylen); 81| 1.46k| copy_mem(&m_s_aead[0], key_data + mac_keylen, mac_keylen); 82| | // NOLINTEND(readability-container-data-pointer) 83| | 84| | // Key is not used for NULL suites 85| 1.46k| if(cipher_keylen > 0) { ------------------ | Branch (85:7): [True: 1.46k, False: 0] ------------------ 86| 1.46k| copy_mem(&m_c_aead[mac_keylen], key_data + 2 * mac_keylen, cipher_keylen); 87| 1.46k| copy_mem(&m_s_aead[mac_keylen], key_data + 2 * mac_keylen + cipher_keylen, cipher_keylen); 88| 1.46k| } else { 89| 0| BOTAN_STATE_CHECK(suite.null_ciphersuite()); ------------------ | | 51| 0| do { \ | | 52| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 0| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 0] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 0| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 0] | | ------------------ ------------------ 90| 0| } 91| | 92| 1.46k| if(cipher_nonce_bytes > 0) { ------------------ | Branch (92:7): [True: 552, False: 917] ------------------ 93| 552| const uint8_t* c_nonce_bytes = key_data + 2 * (mac_keylen + cipher_keylen); 94| 552| m_c_nonce.assign(c_nonce_bytes, c_nonce_bytes + cipher_nonce_bytes); 95| | 96| 552| const uint8_t* s_nonce_bytes = key_data + 2 * (mac_keylen + cipher_keylen) + cipher_nonce_bytes; 97| 552| m_s_nonce.assign(s_nonce_bytes, s_nonce_bytes + cipher_nonce_bytes); 98| 552| } 99| 1.46k|} _ZN5Botan3TLS21Certificate_Verify_13C2ERKNSt3__16vectorIhNS2_9allocatorIhEEEENS0_15Connection_SideE: 87| 46| Certificate_Verify(buf), m_side(side) { 88| 46| if(!m_scheme.is_available()) { ------------------ | Branch (88:7): [True: 20, False: 26] ------------------ 89| 20| throw TLS_Exception(Alert::IllegalParameter, "Peer sent unknown signature scheme"); 90| 20| } 91| | 92| 26| if(!m_scheme.is_compatible_with(Protocol_Version::TLS_V13)) { ------------------ | Branch (92:7): [True: 3, False: 23] ------------------ 93| 3| throw TLS_Exception(Alert::IllegalParameter, "Peer sent signature algorithm that is not suitable for TLS 1.3"); 94| 3| } 95| 26|} _ZN5Botan3TLS14Certificate_1317Certificate_EntryC2ERNS0_15TLS_Data_ReaderENS0_15Connection_SideENS0_16Certificate_TypeE: 274| 360| Certificate_Type cert_type) { 275| 360| if(cert_type == Certificate_Type::X509) { ------------------ | Branch (275:7): [True: 360, False: 0] ------------------ 276| | // RFC 8446 4.2.2 277| | // [...] each CertificateEntry contains a DER-encoded X.509 278| | // certificate. 279| 360| const auto cert_bytes = reader.get_tls_length_value(3); 280| 360| try { 281| 360| m_certificate = std::make_unique(cert_bytes); 282| 360| m_raw_public_key = m_certificate->subject_public_key(); 283| 360| } catch(Exception& e) { 284| | // bad_certificate would make more sense but BoGo expects decoding_error 285| 349| throw TLS_Exception(Alert::DecodeError, e.what()); 286| 349| } 287| 360| } else if(cert_type == Certificate_Type::RawPublicKey) { ------------------ | Branch (287:14): [True: 0, False: 0] ------------------ 288| | // RFC 7250 3. 289| | // This specification uses raw public keys whereby the already 290| | // available encoding used in a PKIX certificate in the form of a 291| | // SubjectPublicKeyInfo structure is reused. 292| 0| try { 293| 0| m_raw_public_key = X509::load_key(reader.get_tls_length_value(3)); 294| 0| } catch(Exception& e) { 295| 0| throw TLS_Exception(Alert::DecodeError, e.what()); 296| 0| } 297| 0| } else { 298| 0| throw TLS_Exception(Alert::InternalError, "Unknown certificate type"); 299| 0| } 300| | 301| | // Extensions are simply tacked at the end of the certificate entry. This 302| | // is a departure from the typical "tag-length-value" in a sense that the 303| | // Extensions deserializer needs the length value of the extensions. 304| 0| const size_t extensions_length = reader.peek_uint16_t(); 305| 0| const auto exts_buf = reader.get_fixed(extensions_length + 2); 306| 0| TLS_Data_Reader exts_reader("extensions reader", exts_buf); 307| 0| m_extensions.deserialize(exts_reader, side, Handshake_Type::Certificate); 308| | 309| 0| if(cert_type == Certificate_Type::X509) { ------------------ | Branch (309:7): [True: 0, False: 0] ------------------ 310| | // RFC 8446 4.4.2 311| | // Valid extensions for server certificates at present include the 312| | // OCSP Status extension [RFC6066] and the SignedCertificateTimestamp 313| | // extension [RFC6962]; future extensions may be defined for this 314| | // message as well. 315| | // 316| | // RFC 8446 4.4.2.1 317| | // A server MAY request that a client present an OCSP response with its 318| | // certificate by sending an empty "status_request" extension in its 319| | // CertificateRequest message. 320| 0| if(m_extensions.contains_implemented_extensions_other_than({ ------------------ | Branch (320:10): [True: 0, False: 0] ------------------ 321| 0| Extension_Code::CertificateStatusRequest, 322| | // Extension_Code::SignedCertificateTimestamp 323| 0| })) { 324| 0| throw TLS_Exception(Alert::IllegalParameter, "Certificate Entry contained an extension that is not allowed"); 325| 0| } 326| 0| } else if(m_extensions.contains_implemented_extensions_other_than({})) { ------------------ | Branch (326:14): [True: 0, False: 0] ------------------ 327| 0| throw TLS_Exception( 328| 0| Alert::IllegalParameter, 329| 0| "Certificate Entry holding something else than a certificate contained unexpected extensions"); 330| 0| } 331| 0|} _ZN5Botan3TLS14Certificate_13C2ERKNSt3__16vectorIhNS2_9allocatorIhEEEERKNS0_6PolicyENS0_15Connection_SideENS0_16Certificate_TypeE: 368| 401| m_side(side) { 369| 401| TLS_Data_Reader reader("cert message reader", buf); 370| | 371| 401| m_request_context = reader.get_range(1, 0, 255); 372| | 373| | // RFC 8446 4.4.2 374| | // [...] in the case of server authentication, this field SHALL be zero length. 375| 401| if(m_side == Connection_Side::Server && !m_request_context.empty()) { ------------------ | Branch (375:7): [True: 0, False: 401] | Branch (375:44): [True: 0, False: 0] ------------------ 376| 0| throw TLS_Exception(Alert::IllegalParameter, "Server Certificate message must not contain a request context"); 377| 0| } 378| | 379| 401| const auto cert_entries_len = reader.get_uint24_t(); 380| | 381| 401| if(reader.remaining_bytes() != cert_entries_len) { ------------------ | Branch (381:7): [True: 27, False: 374] ------------------ 382| 27| throw TLS_Exception(Alert::DecodeError, "Certificate: Message malformed"); 383| 27| } 384| | 385| 374| const size_t max_size = policy.maximum_certificate_chain_size(); 386| 374| if(max_size > 0 && cert_entries_len > max_size) { ------------------ | Branch (386:7): [True: 365, False: 9] | Branch (386:23): [True: 0, False: 365] ------------------ 387| 0| throw Decoding_Error("Certificate chain exceeds policy specified maximum size"); 388| 0| } 389| | 390| 734| while(reader.has_remaining()) { ------------------ | Branch (390:10): [True: 360, False: 374] ------------------ 391| 360| m_entries.emplace_back(reader, side, cert_type); 392| 360| } 393| | 394| | // RFC 8446 4.4.2 395| | // The server's certificate_list MUST always be non-empty. A client 396| | // will send an empty certificate_list if it does not have an 397| | // appropriate certificate to send in response to the server's 398| | // authentication request. 399| 374| if(m_entries.empty()) { ------------------ | Branch (399:7): [True: 5, False: 369] ------------------ 400| | // RFC 8446 4.4.2.4 401| | // If the server supplies an empty Certificate message, the client MUST 402| | // abort the handshake with a "decode_error" alert. 403| 5| if(m_side == Connection_Side::Server) { ------------------ | Branch (403:10): [True: 0, False: 5] ------------------ 404| 0| throw TLS_Exception(Alert::DecodeError, "No certificates sent by server"); 405| 0| } 406| | 407| 5| return; 408| 5| } 409| | 410| 369| BOTAN_ASSERT_NOMSG(!m_entries.empty()); ------------------ | | 77| 369| do { \ | | 78| 369| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 369| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 369] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 369| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 369] | | ------------------ ------------------ 411| | 412| | // RFC 8446 4.4.2.2 413| | // The certificate type MUST be X.509v3 [RFC5280], unless explicitly 414| | // negotiated otherwise (e.g., [RFC7250]). 415| | // 416| | // TLS 1.0 through 1.3 all seem to require that the certificate be 417| | // precisely a v3 certificate. In fact the strict wording would seem 418| | // to require that every certificate in the chain be v3. But often 419| | // the intermediates are outside of the control of the server. 420| | // But, require that the leaf certificate be v3. 421| 369| if(cert_type == Certificate_Type::X509 && m_entries.front().certificate().x509_version() != 3) { ------------------ | Branch (421:7): [True: 0, False: 369] | Branch (421:46): [True: 0, False: 0] ------------------ 422| 0| throw TLS_Exception(Alert::BadCertificate, "The leaf certificate must be v3"); 423| 0| } 424| | 425| | // RFC 8446 4.4.2 426| | // If the RawPublicKey certificate type was negotiated, then the 427| | // certificate_list MUST contain no more than one CertificateEntry. 428| 369| if(cert_type == Certificate_Type::RawPublicKey && m_entries.size() != 1) { ------------------ | Branch (428:7): [True: 0, False: 369] | Branch (428:54): [True: 0, False: 0] ------------------ 429| 0| throw TLS_Exception(Alert::IllegalParameter, "Certificate message contained more than one RawPublicKey"); 430| 0| } 431| | 432| | // Validate the provided (certificate) public key against our policy 433| 369| auto pubkey = public_key(); 434| 369| policy.check_peer_key_acceptable(*pubkey); 435| | 436| 369| if(!policy.allowed_signature_method(pubkey->algo_name())) { ------------------ | Branch (436:7): [True: 0, False: 369] ------------------ 437| 0| throw TLS_Exception(Alert::HandshakeFailure, "Rejecting " + pubkey->algo_name() + " signature"); 438| 0| } 439| 369|} _ZN5Botan3TLS22Certificate_Request_13C2ERKNSt3__16vectorIhNS2_9allocatorIhEEEENS0_15Connection_SideE: 25| 1|Certificate_Request_13::Certificate_Request_13(const std::vector& buf, const Connection_Side side) { 26| 1| TLS_Data_Reader reader("Certificate_Request_13", buf); 27| | 28| | // RFC 8446 4.3.2 29| | // A server which is authenticating with a certificate MAY optionally 30| | // request a certificate from the client. 31| 1| if(side != Connection_Side::Server) { ------------------ | Branch (31:7): [True: 1, False: 0] ------------------ 32| 1| throw TLS_Exception(Alert::UnexpectedMessage, "Received a Certificate_Request message from a client"); 33| 1| } 34| | 35| 0| m_context = reader.get_tls_length_value(1); 36| 0| m_extensions.deserialize(reader, side, type()); 37| | 38| | // RFC 8446 4.3.2 39| | // The "signature_algorithms" extension MUST be specified, and other 40| | // extensions may optionally be included if defined for this message. 41| | // Clients MUST ignore unrecognized extensions. 42| | 43| 0| if(!m_extensions.has()) { ------------------ | Branch (43:7): [True: 0, False: 0] ------------------ 44| 0| throw TLS_Exception(Alert::MissingExtension, 45| 0| "Certificate_Request message did not provide a signature_algorithms extension"); 46| 0| } 47| | 48| | // RFC 8446 4.2. 49| | // The table below indicates the messages where a given extension may 50| | // appear [...]. If an implementation receives an extension which it 51| | // recognizes and which is not specified for the message in which it 52| | // appears, it MUST abort the handshake with an "illegal_parameter" alert. 53| | // 54| | // For Certificate Request said table states: 55| | // "status_request", "signature_algorithms", "signed_certificate_timestamp", 56| | // "certificate_authorities", "oid_filters", "signature_algorithms_cert", 57| 0| const std::set allowed_extensions = { 58| 0| Extension_Code::CertificateStatusRequest, 59| 0| Extension_Code::SignatureAlgorithms, 60| | // Extension_Code::SignedCertificateTimestamp, // NYI 61| 0| Extension_Code::CertificateAuthorities, 62| | // Extension_Code::OidFilters, // NYI 63| 0| Extension_Code::CertSignatureAlgorithms, 64| 0| }; 65| | 66| 0| if(m_extensions.contains_implemented_extensions_other_than(allowed_extensions)) { ------------------ | Branch (66:7): [True: 0, False: 0] ------------------ 67| 0| throw TLS_Exception(Alert::IllegalParameter, "Certificate Request contained an extension that is not allowed"); 68| 0| } 69| | 70| 0| reader.assert_done(); 71| 0|} _ZN5Botan3TLS15Client_Hello_13C2ENSt3__110unique_ptrINS0_21Client_Hello_InternalENS2_14default_deleteIS4_EEEE: 30| 29|Client_Hello_13::Client_Hello_13(std::unique_ptr data) : Client_Hello(std::move(data)) { 31| 29| const auto& exts = m_data->extensions(); 32| | 33| | // RFC 8446 4.1.2 34| | // TLS 1.3 ClientHellos are identified as having a legacy_version of 35| | // 0x0303 and a "supported_versions" extension present with 0x0304 as the 36| | // highest version indicated therein. 37| | // 38| | // Note that we already checked for "supported_versions" before entering this 39| | // c'tor in `Client_Hello_13::parse()`. This is just to be doubly sure. 40| 29| BOTAN_ASSERT_NOMSG(exts.has()); ------------------ | | 77| 29| do { \ | | 78| 29| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 29| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 29] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 29| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 29] | | ------------------ ------------------ 41| | 42| | // RFC 8446 4.2.1 43| | // Servers MAY abort the handshake upon receiving a ClientHello with 44| | // legacy_version 0x0304 or later. 45| 29| if(m_data->legacy_version().is_tls_13_or_later()) { ------------------ | Branch (45:7): [True: 16, False: 13] ------------------ 46| 16| throw TLS_Exception(Alert::DecodeError, "TLS 1.3 Client Hello has invalid legacy_version"); 47| 16| } 48| | 49| | // RFC 8446 D.5 50| | // Any endpoint receiving a Hello message with ClientHello.legacy_version [...] 51| | // set to 0x0300 MUST abort the handshake with a "protocol_version" alert. 52| 13| if(m_data->legacy_version().major_version() == 3 && m_data->legacy_version().minor_version() == 0) { ------------------ | Branch (52:7): [True: 1, False: 12] | Branch (52:7): [True: 1, False: 12] | Branch (52:56): [True: 1, False: 0] ------------------ 53| 1| throw TLS_Exception(Alert::ProtocolVersion, "TLS 1.3 Client Hello has invalid legacy_version"); 54| 1| } 55| | 56| | // RFC 8446 4.1.2 57| | // For every TLS 1.3 ClientHello, [the compression method] MUST contain 58| | // exactly one byte, set to zero, [...]. If a TLS 1.3 ClientHello is 59| | // received with any other value in this field, the server MUST abort the 60| | // handshake with an "illegal_parameter" alert. 61| 12| if(m_data->comp_methods().size() != 1 || m_data->comp_methods().front() != 0) { ------------------ | Branch (61:7): [True: 8, False: 4] | Branch (61:45): [True: 1, False: 3] ------------------ 62| 9| throw TLS_Exception(Alert::IllegalParameter, "Client did not offer NULL compression"); 63| 9| } 64| | 65| | // RFC 8446 4.2.9 66| | // A client MUST provide a "psk_key_exchange_modes" extension if it 67| | // offers a "pre_shared_key" extension. If clients offer "pre_shared_key" 68| | // without a "psk_key_exchange_modes" extension, servers MUST abort 69| | // the handshake. 70| 3| if(exts.has()) { ------------------ | Branch (70:7): [True: 0, False: 3] ------------------ 71| 0| if(!exts.has()) { ------------------ | Branch (71:10): [True: 0, False: 0] ------------------ 72| 0| throw TLS_Exception(Alert::MissingExtension, 73| 0| "Client Hello offered a PSK without a psk_key_exchange_modes extension"); 74| 0| } 75| | 76| | // RFC 8446 4.2.11 77| | // The "pre_shared_key" extension MUST be the last extension in the 78| | // ClientHello [...]. Servers MUST check that it is the last extension 79| | // and otherwise fail the handshake with an "illegal_parameter" alert. 80| 0| if(exts.last_added() != Extension_Code::PresharedKey) { ------------------ | Branch (80:10): [True: 0, False: 0] ------------------ 81| 0| throw TLS_Exception(Alert::IllegalParameter, "PSK extension was not at the very end of the Client Hello"); 82| 0| } 83| 0| } 84| | 85| | // RFC 8446 9.2 86| | // [A TLS 1.3 ClientHello] message MUST meet the following requirements: 87| | // 88| | // - If not containing a "pre_shared_key" extension, it MUST contain 89| | // both a "signature_algorithms" extension and a "supported_groups" 90| | // extension. 91| | // 92| | // - If containing a "supported_groups" extension, it MUST also contain 93| | // a "key_share" extension, and vice versa. An empty 94| | // KeyShare.client_shares vector is permitted. 95| | // 96| | // Servers receiving a ClientHello which does not conform to these 97| | // requirements MUST abort the handshake with a "missing_extension" 98| | // alert. 99| 3| if(!exts.has()) { ------------------ | Branch (99:7): [True: 3, False: 0] ------------------ 100| 3| if(!exts.has() || !exts.has()) { ------------------ | Branch (100:10): [True: 1, False: 2] | Branch (100:43): [True: 1, False: 1] ------------------ 101| 2| throw TLS_Exception( 102| 2| Alert::MissingExtension, 103| 2| "Non-PSK Client Hello did not contain supported_groups and signature_algorithms extensions"); 104| 2| } 105| 3| } 106| 1| if(exts.has() != exts.has()) { ------------------ | Branch (106:7): [True: 1, False: 0] ------------------ 107| 1| throw TLS_Exception(Alert::MissingExtension, 108| 1| "Client Hello must either contain both key_share and supported_groups extensions or neither"); 109| 1| } 110| | 111| 0| if(exts.has()) { ------------------ | Branch (111:7): [True: 0, False: 0] ------------------ 112| 0| auto* const supported_ext = exts.get(); 113| 0| BOTAN_ASSERT_NONNULL(supported_ext); ------------------ | | 116| 0| do { \ | | 117| 0| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 0] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 0| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 0] | | ------------------ ------------------ 114| 0| const auto supports = supported_ext->groups(); 115| 0| const auto offers = exts.get()->offered_groups(); 116| | 117| | // RFC 8446 4.2.8 118| | // Each KeyShareEntry value MUST correspond to a group offered in the 119| | // "supported_groups" extension and MUST appear in the same order. 120| | // [...] 121| | // Clients MUST NOT offer any KeyShareEntry values for groups not 122| | // listed in the client's "supported_groups" extension. 123| | // 124| | // Servers MAY check for violations of these rules and abort the 125| | // handshake with an "illegal_parameter" alert if one is violated. 126| | // 127| | // Note: We can assume that both `offers` and `supports` are unique lists 128| | // as this is ensured in the parsing code of the extensions. 129| | // 130| | // Since offers must appear in the same order as supports, a single 131| | // forward sweep of `supports` suffices: after finding each offered group 132| | // we advance past its position so the next offered group is searched for 133| | // only in the remaining suffix. 134| 0| auto supports_it = supports.begin(); 135| 0| for(const auto offered : offers) { ------------------ | Branch (135:30): [True: 0, False: 0] ------------------ 136| 0| supports_it = std::find(supports_it, supports.end(), offered); 137| 0| if(supports_it == supports.end()) { ------------------ | Branch (137:13): [True: 0, False: 0] ------------------ 138| 0| throw TLS_Exception(Alert::IllegalParameter, 139| 0| "Offered key exchange groups do not align with claimed supported groups"); 140| 0| } 141| 0| ++supports_it; 142| 0| } 143| 0| } 144| | 145| | // TODO: Reject oid_filters extension if found (which is the only known extension that 146| | // must not occur in the TLS 1.3 client hello. 147| | // RFC 8446 4.2.5 148| | // [The oid_filters extension] MUST only be sent in the CertificateRequest message. 149| 0|} _ZN5Botan3TLS15Client_Hello_135parseERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 286| 4.65k|std::variant Client_Hello_13::parse(const std::vector& buf) { 287| 4.65k| auto data = std::make_unique(buf); 288| 4.65k| const auto version = data->version(); 289| | 290| 4.65k| if(version.is_pre_tls_13()) { ------------------ | Branch (290:7): [True: 4.01k, False: 640] ------------------ 291| 4.01k| return Client_Hello_12_Shim(std::move(data)); 292| 4.01k| } else { 293| 640| return Client_Hello_13(std::move(data)); 294| 640| } 295| 4.65k|} _ZN5Botan3TLS20Encrypted_ExtensionsC2ERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 134| 684|Encrypted_Extensions::Encrypted_Extensions(const std::vector& buf) { 135| 684| TLS_Data_Reader reader("encrypted extensions reader", buf); 136| | 137| | // Encrypted Extensions contains a list of extensions. This list may legally 138| | // be empty. However, in that case we should at least see a two-byte length 139| | // field that reads 0x00 0x00. 140| 684| if(buf.size() < 2) { ------------------ | Branch (140:7): [True: 4, False: 680] ------------------ 141| 4| throw TLS_Exception(Alert::DecodeError, "Server sent an empty Encrypted Extensions message"); 142| 4| } 143| | 144| 680| m_extensions.deserialize(reader, Connection_Side::Server, type()); 145| | 146| | // RFC 8446 4.2 147| | // If an implementation receives an extension which it recognizes and 148| | // which is not specified for the message in which it appears, it MUST 149| | // abort the handshake with an "illegal_parameter" alert. 150| | // 151| | // Note that we cannot encounter any extensions that we don't recognize here, 152| | // since only extensions we previously offered are allowed in EE. 153| 680| const auto allowed_exts = std::set{ 154| | // Allowed extensions listed in RFC 8446 and implemented in Botan 155| 680| Extension_Code::ServerNameIndication, 156| | // MAX_FRAGMENT_LENGTH 157| 680| Extension_Code::SupportedGroups, 158| 680| Extension_Code::UseSrtp, 159| | // HEARTBEAT 160| 680| Extension_Code::ApplicationLayerProtocolNegotiation, 161| | // RFC 7250 162| 680| Extension_Code::ClientCertificateType, 163| 680| Extension_Code::ServerCertificateType, 164| | // EARLY_DATA 165| | 166| | // Allowed extensions not listed in RFC 8446 but acceptable as Botan implements them 167| 680| Extension_Code::RecordSizeLimit, 168| 680| }; 169| 680| if(m_extensions.contains_implemented_extensions_other_than(allowed_exts)) { ------------------ | Branch (169:7): [True: 62, False: 618] ------------------ 170| 62| throw TLS_Exception(Alert::IllegalParameter, "Encrypted Extensions contained an extension that is not allowed"); 171| 62| } 172| | 173| 618| reader.assert_done(); 174| 618|} _ZN5Botan3TLS15Server_Hello_135parseERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 85| 135| const std::vector& buf) { 86| 135| auto data = std::make_unique(buf); 87| 135| const auto version = data->version(); 88| | 89| | // server hello that appears to be pre-TLS 1.3, takes precedence over... 90| 135| if(version.is_pre_tls_13()) { ------------------ | Branch (90:7): [True: 18, False: 117] ------------------ 91| 18| return Server_Hello_12_Shim(std::move(data)); 92| 18| } 93| | 94| | // ... the TLS 1.3 "special case" aka. Hello_Retry_Request 95| 117| if(version == Protocol_Version::TLS_V13) { ------------------ | Branch (95:7): [True: 36, False: 81] ------------------ 96| 36| if(data->is_hello_retry_request()) { ------------------ | Branch (96:10): [True: 0, False: 36] ------------------ 97| 0| return Hello_Retry_Request(std::move(data)); 98| 0| } 99| | 100| 36| return Server_Hello_13(std::move(data)); 101| 36| } 102| | 103| 81| throw TLS_Exception(Alert::ProtocolVersion, "unexpected server hello version: " + version.to_string()); 104| 117|} _ZNK5Botan3TLS15Server_Hello_1316basic_validationEv: 109| 36|void Server_Hello_13::basic_validation() const { 110| 36| BOTAN_ASSERT_NOMSG(m_data->version() == Protocol_Version::TLS_V13); ------------------ | | 77| 36| do { \ | | 78| 36| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 36| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 36] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 36| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 36] | | ------------------ ------------------ 111| | 112| | // Note: checks that cannot be performed without contextual information 113| | // are done in the specific TLS client implementation. 114| | // Note: The Supported_Version extension makes sure internally that 115| | // exactly one entry is provided. 116| | 117| | // Note: Hello Retry Request basic validation is equivalent with the 118| | // basic validations required for Server Hello 119| | // 120| | // RFC 8446 4.1.4 121| | // Upon receipt of a HelloRetryRequest, the client MUST check the 122| | // legacy_version, [...], and legacy_compression_method as specified in 123| | // Section 4.1.3 and then process the extensions, starting with determining 124| | // the version using "supported_versions". 125| | 126| | // RFC 8446 4.1.3 127| | // In TLS 1.3, [...] the legacy_version field MUST be set to 0x0303 128| 36| if(legacy_version() != Protocol_Version::TLS_V12) { ------------------ | Branch (128:7): [True: 21, False: 15] ------------------ 129| 21| throw TLS_Exception(Alert::ProtocolVersion, 130| 21| "legacy_version '" + legacy_version().to_string() + "' is not allowed"); 131| 21| } 132| | 133| | // RFC 8446 4.1.3 134| | // legacy_compression_method: A single byte which MUST have the value 0. 135| 15| if(compression_method() != 0x00) { ------------------ | Branch (135:7): [True: 1, False: 14] ------------------ 136| 1| throw TLS_Exception(Alert::DecodeError, "compression is not supported in TLS 1.3"); 137| 1| } 138| | 139| | // RFC 8446 4.1.3 140| | // All TLS 1.3 ServerHello messages MUST contain the "supported_versions" extension. 141| 14| if(!extensions().has()) { ------------------ | Branch (141:7): [True: 0, False: 14] ------------------ 142| 0| throw TLS_Exception(Alert::MissingExtension, "server hello did not contain 'supported version' extension"); 143| 0| } 144| | 145| | // RFC 8446 4.2.1 146| | // A server which negotiates TLS 1.3 MUST respond by sending 147| | // a "supported_versions" extension containing the selected version 148| | // value (0x0304). 149| 14| if(selected_version() != Protocol_Version::TLS_V13) { ------------------ | Branch (149:7): [True: 13, False: 1] ------------------ 150| 13| throw TLS_Exception(Alert::IllegalParameter, "TLS 1.3 Server Hello selected a different version"); 151| 13| } 152| 14|} _ZN5Botan3TLS15Server_Hello_13C2ENSt3__110unique_ptrINS0_21Server_Hello_InternalENS2_14default_deleteIS4_EEEENS1_16Server_Hello_TagE: 156| 36| Server_Hello(std::move(data)) { 157| 36| BOTAN_ASSERT_NOMSG(!m_data->is_hello_retry_request()); ------------------ | | 77| 36| do { \ | | 78| 36| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 36| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 36] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 36| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 36] | | ------------------ ------------------ 158| 36| basic_validation(); 159| | 160| 36| const auto& exts = extensions(); 161| | 162| | // RFC 8446 4.1.3 163| | // The ServerHello MUST only include extensions which are required to 164| | // establish the cryptographic context and negotiate the protocol version. 165| | // [...] 166| | // Other extensions (see Section 4.2) are sent separately in the 167| | // EncryptedExtensions message. 168| | // 169| | // Note that further validation dependent on the client hello is done in the 170| | // TLS client implementation. 171| 36| const std::set allowed = { 172| 36| Extension_Code::KeyShare, 173| 36| Extension_Code::SupportedVersions, 174| 36| Extension_Code::PresharedKey, 175| 36| }; 176| | 177| | // As the ServerHello shall only contain essential extensions, we don't give 178| | // any slack for extensions not implemented by Botan here. 179| 36| if(exts.contains_other_than(allowed)) { ------------------ | Branch (179:7): [True: 1, False: 35] ------------------ 180| 1| throw TLS_Exception(Alert::UnsupportedExtension, "Server Hello contained an extension that is not allowed"); 181| 1| } 182| | 183| | // RFC 8446 4.1.3 184| | // Current ServerHello messages additionally contain 185| | // either the "pre_shared_key" extension or the "key_share" 186| | // extension, or both [...]. 187| 35| if(!exts.has() && !exts.has()) { ------------------ | Branch (187:7): [True: 0, False: 35] | Branch (187:33): [True: 0, False: 0] ------------------ 188| 0| throw TLS_Exception(Alert::MissingExtension, "server hello must contain key exchange information"); 189| 0| } 190| 35|} _ZNK5Botan3TLS15Server_Hello_1316selected_versionEv: 353| 14|Protocol_Version Server_Hello_13::selected_version() const { 354| 14| auto* const versions_ext = m_data->extensions().get(); 355| 14| BOTAN_ASSERT_NOMSG(versions_ext); ------------------ | | 77| 14| do { \ | | 78| 14| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 14| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 14] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 14| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 14] | | ------------------ ------------------ 356| 14| const auto& versions = versions_ext->versions(); 357| 14| BOTAN_ASSERT_NOMSG(versions.size() == 1); ------------------ | | 77| 14| do { \ | | 78| 14| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 14| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 14] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 14| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 14] | | ------------------ ------------------ 358| 14| return versions.front(); 359| 14|} _ZN5Botan3TLS15Channel_Impl_13C2ERKNSt3__110shared_ptrINS0_9CallbacksEEERKNS3_INS0_15Session_ManagerEEERKNS3_INS_19Credentials_ManagerEEERKNS3_INS_21RandomNumberGeneratorEEERKNS3_IKNS0_6PolicyEEEb: 46| 6.25k| m_side(is_server ? Connection_Side::Server : Connection_Side::Client), ------------------ | Branch (46:14): [True: 6.25k, False: 0] ------------------ 47| 6.25k| m_callbacks(callbacks), 48| 6.25k| m_session_manager(session_manager), 49| 6.25k| m_credentials_manager(credentials_manager), 50| 6.25k| m_rng(rng), 51| 6.25k| m_policy(policy), 52| 6.25k| m_record_layer(m_side), 53| 6.25k| m_handshake_layer(m_side), 54| 6.25k| m_can_read(true), 55| 6.25k| m_can_write(true), 56| 6.25k| m_opportunistic_key_update(false), 57| 6.25k| m_first_message_sent(false), 58| 6.25k| m_first_message_received(false) { 59| 6.25k| BOTAN_ASSERT_NONNULL(m_callbacks); ------------------ | | 116| 6.25k| do { \ | | 117| 6.25k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 6.25k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 6.25k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 6.25k] | | ------------------ ------------------ 60| 6.25k| BOTAN_ASSERT_NONNULL(m_session_manager); ------------------ | | 116| 6.25k| do { \ | | 117| 6.25k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 6.25k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 6.25k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 6.25k] | | ------------------ ------------------ 61| 6.25k| BOTAN_ASSERT_NONNULL(m_credentials_manager); ------------------ | | 116| 6.25k| do { \ | | 117| 6.25k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 6.25k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 6.25k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 6.25k] | | ------------------ ------------------ 62| 6.25k| BOTAN_ASSERT_NONNULL(m_rng); ------------------ | | 116| 6.25k| do { \ | | 117| 6.25k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 6.25k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 6.25k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 6.25k] | | ------------------ ------------------ 63| 6.25k| BOTAN_ASSERT_NONNULL(m_policy); ------------------ | | 116| 6.25k| do { \ | | 117| 6.25k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 6.25k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 6.25k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 6.25k] | | ------------------ ------------------ 64| 6.25k|} _ZN5Botan3TLS15Channel_Impl_13D2Ev: 66| 6.25k|Channel_Impl_13::~Channel_Impl_13() = default; _ZN5Botan3TLS15Channel_Impl_139from_peerENSt3__14spanIKhLm18446744073709551615EEE: 68| 6.25k|size_t Channel_Impl_13::from_peer(std::span data) { 69| 6.25k| BOTAN_STATE_CHECK(!is_downgrading()); ------------------ | | 51| 6.25k| do { \ | | 52| 6.25k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 6.25k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 6.25k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 6.25k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 6.25k] | | ------------------ ------------------ 70| | 71| | // RFC 8446 6.1 72| | // Any data received after a closure alert has been received MUST be ignored. 73| 6.25k| if(!m_can_read) { ------------------ | Branch (73:7): [True: 0, False: 6.25k] ------------------ 74| 0| return 0; 75| 0| } 76| | 77| 6.25k| try { 78| 6.25k| if(expects_downgrade()) { ------------------ | Branch (78:10): [True: 6.25k, False: 0] ------------------ 79| 6.25k| preserve_peer_transcript(data); 80| 6.25k| } 81| | 82| 6.25k| m_record_layer.copy_data(data); 83| | 84| 15.5k| while(true) { ------------------ | Branch (84:13): [True: 13.6k, Folded] ------------------ 85| | // RFC 8446 6.1 86| | // Any data received after a closure alert has been received MUST be ignored. 87| | // 88| | // ... this data might already be in the record layer's read buffer. 89| 13.6k| if(!m_can_read) { ------------------ | Branch (89:13): [True: 21, False: 13.5k] ------------------ 90| 21| return 0; 91| 21| } 92| | 93| 13.5k| auto result = m_record_layer.next_record(m_cipher_state.get()); 94| | 95| 13.5k| if(std::holds_alternative(result)) { ------------------ | Branch (95:13): [True: 156, False: 13.4k] ------------------ 96| 156| return std::get(result); 97| 156| } 98| | 99| 13.4k| const auto& record = std::get(result); 100| | 101| | // RFC 8446 5.1 102| | // Handshake messages MUST NOT be interleaved with other record types. 103| 13.4k| if(record.type != Record_Type::Handshake && m_handshake_layer.has_pending_data()) { ------------------ | Branch (103:13): [True: 785, False: 12.6k] | Branch (103:54): [True: 2, False: 783] ------------------ 104| 2| throw Unexpected_Message("Expected remainder of a handshake message"); 105| 2| } 106| | 107| 13.4k| if(record.type == Record_Type::Handshake) { ------------------ | Branch (107:13): [True: 12.5k, False: 862] ------------------ 108| 12.5k| m_handshake_layer.copy_data(record.fragment); 109| | 110| 12.5k| if(!is_handshake_complete()) { ------------------ | Branch (110:16): [True: 12.5k, False: 0] ------------------ 111| 12.7k| while(auto handshake_msg = m_handshake_layer.next_message(policy(), m_transcript_hash)) { ------------------ | Branch (111:27): [True: 4.21k, False: 8.55k] ------------------ 112| | // RFC 8446 5.1 113| | // Handshake messages MUST NOT span key changes. Implementations 114| | // MUST verify that all messages immediately preceding a key change 115| | // align with a record boundary; if not, then they MUST terminate the 116| | // connection with an "unexpected_message" alert. Because the 117| | // ClientHello, EndOfEarlyData, ServerHello, Finished, and KeyUpdate 118| | // messages can immediately precede a key change, implementations 119| | // MUST send these messages in alignment with a record boundary. 120| | // 121| | // Note: Hello_Retry_Request was added to the list below although it cannot immediately precede a key change. 122| | // However, there cannot be any further sensible messages in the record after HRR. 123| | // 124| | // Note: Server_Hello_12 was deliberately not included in the check below because in TLS 1.2 Server Hello and 125| | // other handshake messages can be legally coalesced in a single record. 126| | // 127| 4.21k| if(holds_any_of(handshake_msg.value()) && 132| 4.02k| m_handshake_layer.has_pending_data()) { ------------------ | Branch (132:22): [True: 22, False: 3.99k] ------------------ 133| 22| throw Unexpected_Message("Unexpected additional handshake message data found in record"); 134| 22| } 135| | 136| 4.19k| process_handshake_msg(std::move(handshake_msg.value())); 137| | 138| 4.19k| if(is_downgrading()) { ------------------ | Branch (138:22): [True: 3.99k, False: 199] ------------------ 139| | // Downgrade to TLS 1.2 was detected. Stop everything we do and await being replaced by a 1.2 implementation. 140| 3.99k| return 0; 141| 3.99k| } else if(m_downgrade_info != nullptr) { ------------------ | Branch (141:29): [True: 0, False: 199] ------------------ 142| | // We received a TLS 1.3 error alert that could have been a TLS 1.2 warning alert. 143| | // Now that we know that we are talking to a TLS 1.3 server, shut down. 144| 0| if(m_downgrade_info->received_tls_13_error_alert) { ------------------ | Branch (144:25): [True: 0, False: 0] ------------------ 145| 0| shutdown(); 146| 0| } 147| | 148| | // Downgrade can only be indicated in the first received peer message. This was not the case. 149| 0| m_downgrade_info.reset(); 150| 0| } 151| | 152| | // After the initial handshake message is received, the record 153| | // layer must be more restrictive. 154| | // See RFC 8446 5.1 regarding "legacy_record_version" 155| 199| if(!m_first_message_received) { ------------------ | Branch (155:22): [True: 0, False: 199] ------------------ 156| 0| m_record_layer.disable_receiving_compat_mode(); 157| 0| m_first_message_received = true; 158| 0| } 159| 199| } 160| 12.5k| } else { 161| 0| while(auto handshake_msg = m_handshake_layer.next_post_handshake_message(policy())) { ------------------ | Branch (161:27): [True: 0, False: 0] ------------------ 162| 0| process_post_handshake_msg(std::move(handshake_msg.value())); 163| 0| } 164| 0| } 165| 12.5k| } else if(record.type == Record_Type::ChangeCipherSpec) { ------------------ | Branch (165:20): [True: 1, False: 861] ------------------ 166| 1| process_dummy_change_cipher_spec(); 167| 861| } else if(record.type == Record_Type::ApplicationData) { ------------------ | Branch (167:20): [True: 0, False: 861] ------------------ 168| 0| BOTAN_ASSERT_NONNULL(m_cipher_state); ------------------ | | 116| 0| do { \ | | 117| 0| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 0] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 0| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 0] | | ------------------ ------------------ 169| 0| if(!m_cipher_state->can_decrypt_application_traffic()) { ------------------ | Branch (169:16): [True: 0, False: 0] ------------------ 170| 0| throw Unexpected_Message("Application data received before handshake completion"); 171| 0| } 172| | /* 173| | The record sequence number is set in Record_Layer::next_record only when 174| | the record contents are decrypted under the current set of traffic keys 175| | */ 176| 0| if(!record.seq_no.has_value()) { ------------------ | Branch (176:16): [True: 0, False: 0] ------------------ 177| 0| throw Unexpected_Message("Application data must have a sequence number"); 178| 0| } 179| 0| callbacks().tls_record_received(record.seq_no.value(), record.fragment); 180| 861| } else if(record.type == Record_Type::Alert) { ------------------ | Branch (180:20): [True: 782, False: 79] ------------------ 181| 782| process_alert(record.fragment); 182| 782| } else { 183| 79| throw Unexpected_Message("Unexpected record type " + std::to_string(static_cast(record.type)) + 184| 79| " from counterparty"); 185| 79| } 186| 13.4k| } 187| 6.25k| } catch(TLS_Exception& e) { 188| 1.06k| send_fatal_alert(e.type()); 189| 1.06k| throw; 190| 1.06k| } catch(Invalid_Authentication_Tag&) { 191| | // RFC 8446 5.2 192| | // If the decryption fails, the receiver MUST terminate the connection 193| | // with a "bad_record_mac" alert. 194| 0| send_fatal_alert(Alert::BadRecordMac); 195| 0| throw; 196| 1.01k| } catch(Decoding_Error&) { 197| 1.01k| send_fatal_alert(Alert::DecodeError); 198| 1.01k| throw; 199| 1.01k| } catch(...) { 200| 1| send_fatal_alert(Alert::InternalError); 201| 1| throw; 202| 1| } 203| 6.25k|} _ZN5Botan3TLS15Channel_Impl_1310send_alertERKNS0_5AlertE: 299| 2.09k|void Channel_Impl_13::send_alert(const Alert& alert) { 300| 2.09k| if(alert.is_valid() && m_can_write) { ------------------ | Branch (300:7): [True: 2.09k, False: 0] | Branch (300:27): [True: 2.09k, False: 1] ------------------ 301| 2.09k| try { 302| 2.09k| send_record(Record_Type::Alert, alert.serialize()); 303| 2.09k| } catch(...) { /* swallow it */ 304| 0| } 305| 2.09k| } 306| | 307| | // Note: In TLS 1.3 sending a CloseNotify must not immediately lead to closing the reading end. 308| | // RFC 8446 6.1 309| | // Each party MUST send a "close_notify" alert before closing its write 310| | // side of the connection, unless it has already sent some error alert. 311| | // This does not have any effect on its read side of the connection. 312| 2.09k| if(is_close_notify_alert(alert) && m_can_write) { ------------------ | Branch (312:7): [True: 14, False: 2.07k] | Branch (312:39): [True: 13, False: 1] ------------------ 313| 13| m_can_write = false; 314| 13| if(m_cipher_state) { ------------------ | Branch (314:10): [True: 0, False: 13] ------------------ 315| 0| m_cipher_state->clear_write_keys(); 316| 0| } 317| 13| } 318| | 319| 2.09k| if(is_error_alert(alert)) { ------------------ | Branch (319:7): [True: 2.07k, False: 14] ------------------ 320| 2.07k| shutdown(); 321| 2.07k| } 322| 2.09k|} _ZN5Botan3TLS15Channel_Impl_1311send_recordENS0_11Record_TypeERKNSt3__16vectorIhNS3_9allocatorIhEEEE: 344| 2.09k|void Channel_Impl_13::send_record(Record_Type type, const std::vector& record) { 345| 2.09k| BOTAN_STATE_CHECK(!is_downgrading()); ------------------ | | 51| 2.09k| do { \ | | 52| 2.09k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 2.09k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 2.09k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 2.09k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 2.09k] | | ------------------ ------------------ 346| 2.09k| BOTAN_STATE_CHECK(m_can_write); ------------------ | | 51| 2.09k| do { \ | | 52| 2.09k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 2.09k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 2.09k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 2.09k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 2.09k] | | ------------------ ------------------ 347| | 348| 2.09k| auto to_write = m_record_layer.prepare_records(type, record, m_cipher_state.get()); 349| | 350| | // After the initial handshake message is sent, the record layer must 351| | // adhere to a more strict record specification. Note that for the 352| | // server case this is a NOOP. 353| | // See (RFC 8446 5.1. regarding "legacy_record_version") 354| 2.09k| if(!m_first_message_sent && type == Record_Type::Handshake) { ------------------ | Branch (354:7): [True: 2.09k, False: 0] | Branch (354:32): [True: 0, False: 2.09k] ------------------ 355| 0| m_record_layer.disable_sending_compat_mode(); 356| 0| m_first_message_sent = true; 357| 0| } 358| | 359| | // The dummy CCS must not be prepended if the following record is 360| | // an unprotected Alert record. 361| 2.09k| if(prepend_ccs() && (m_cipher_state || type != Record_Type::Alert)) { ------------------ | Branch (361:7): [True: 0, False: 2.09k] | Branch (361:25): [True: 0, False: 0] | Branch (361:43): [True: 0, False: 0] ------------------ 362| 0| std::array ccs_content = {0x01}; 363| 0| const auto ccs = m_record_layer.prepare_records(Record_Type::ChangeCipherSpec, ccs_content, m_cipher_state.get()); 364| 0| to_write = concat(ccs, to_write); 365| 0| } 366| | 367| 2.09k| callbacks().tls_emit_data(to_write); 368| 2.09k|} _ZN5Botan3TLS15Channel_Impl_1313process_alertERKNSt3__16vectorIhNS_16secure_allocatorIhEEEE: 370| 782|void Channel_Impl_13::process_alert(const secure_vector& record) { 371| 782| const Alert alert(record); 372| | 373| 782| if(is_close_notify_alert(alert)) { ------------------ | Branch (373:7): [True: 14, False: 768] ------------------ 374| 14| m_can_read = false; 375| 14| if(m_cipher_state) { ------------------ | Branch (375:10): [True: 0, False: 14] ------------------ 376| 0| m_cipher_state->clear_read_keys(); 377| 0| } 378| 14| m_record_layer.clear_read_buffer(); 379| 14| } 380| | 381| | // user canceled alerts are ignored 382| | 383| | // RFC 8446 5. 384| | // All the alerts listed in Section 6.2 MUST be sent with 385| | // AlertLevel=fatal and MUST be treated as error alerts when received 386| | // regardless of the AlertLevel in the message. Unknown Alert types 387| | // MUST be treated as error alerts. 388| 782| if(is_error_alert(alert) && !alert.is_fatal()) { ------------------ | Branch (388:7): [True: 468, False: 314] | Branch (388:32): [True: 461, False: 7] ------------------ 389| | // In TLS 1.2 error alerts might be marked as 'warnings' and would not 390| | // demand an immediate shutdown. Until we are sure to talk to a TLS 1.3 391| | // peer we must defer the shutdown and refrain from raising a decode 392| | // error. 393| 461| if(expects_downgrade()) { ------------------ | Branch (393:10): [True: 461, False: 0] ------------------ 394| 461| m_downgrade_info->received_tls_13_error_alert = true; 395| 461| } else { 396| 0| throw TLS_Exception(Alert::DecodeError, "Error alert not marked fatal"); // will shutdown in send_alert 397| 0| } 398| 461| } 399| | 400| 782| if(alert.is_fatal()) { ------------------ | Branch (400:7): [True: 8, False: 774] ------------------ 401| 8| shutdown(); 402| 8| } 403| | 404| 782| callbacks().tls_alert(alert); 405| | 406| | // Respond with our "close_notify" if the application requests us to. 407| 782| if(is_close_notify_alert(alert) && callbacks().tls_peer_closed_connection()) { ------------------ | Branch (407:7): [True: 14, False: 768] | Branch (407:39): [True: 14, False: 0] ------------------ 408| 14| close(); 409| 14| } 410| 782|} _ZN5Botan3TLS15Channel_Impl_138shutdownEv: 412| 2.08k|void Channel_Impl_13::shutdown() { 413| | // RFC 8446 6.2 414| | // Upon transmission or receipt of a fatal alert message, both 415| | // parties MUST immediately close the connection. 416| 2.08k| m_can_read = false; 417| 2.08k| m_can_write = false; 418| 2.08k| m_cipher_state.reset(); 419| 2.08k| m_active_state.reset(); 420| 2.08k|} _ZN5Botan3TLS15Channel_Impl_1316expect_downgradeERKNS0_18Server_InformationERKNSt3__16vectorINS5_12basic_stringIcNS5_11char_traitsIcEENS5_9allocatorIcEEEENSA_ISC_EEEE: 423| 6.25k| const std::vector& next_protocols) { 424| 6.25k| Downgrade_Information di{ 425| 6.25k| {}, 426| 6.25k| {}, 427| 6.25k| {}, 428| 6.25k| server_info, 429| 6.25k| next_protocols, 430| 6.25k| Botan::TLS::Channel::IO_BUF_DEFAULT_SIZE, 431| 6.25k| m_callbacks, 432| 6.25k| m_session_manager, 433| 6.25k| m_credentials_manager, 434| 6.25k| m_rng, 435| 6.25k| m_policy, 436| 6.25k| false, // received_tls_13_error_alert 437| 6.25k| false // will_downgrade 438| 6.25k| }; 439| 6.25k| m_downgrade_info = std::make_unique(std::move(di)); 440| 6.25k|} tls_channel_impl_13.cpp:_ZN12_GLOBAL__N_121is_close_notify_alertERKN5Botan3TLS5AlertE: 27| 6.48k|bool is_close_notify_alert(const Botan::TLS::Alert& alert) { 28| 6.48k| return alert.type() == Botan::TLS::Alert::CloseNotify; 29| 6.48k|} tls_channel_impl_13.cpp:_ZN12_GLOBAL__N_114is_error_alertERKN5Botan3TLS5AlertE: 31| 2.85k|bool is_error_alert(const Botan::TLS::Alert& alert) { 32| | // In TLS 1.3 all alerts except for closure alerts are considered error alerts. 33| | // (RFC 8446 6.) 34| 2.85k| return !is_close_notify_alert(alert) && !is_user_canceled_alert(alert); ------------------ | Branch (34:11): [True: 2.83k, False: 28] | Branch (34:44): [True: 2.54k, False: 285] ------------------ 35| 2.85k|} tls_channel_impl_13.cpp:_ZN12_GLOBAL__N_122is_user_canceled_alertERKN5Botan3TLS5AlertE: 23| 2.83k|bool is_user_canceled_alert(const Botan::TLS::Alert& alert) { 24| 2.83k| return alert.type() == Botan::TLS::Alert::UserCanceled; 25| 2.83k|} _ZN5Botan3TLS6CookieC2ERNS0_15TLS_Data_ReaderEt: 26| 67|Cookie::Cookie(TLS_Data_Reader& reader, uint16_t extension_size) { 27| | // RFC 8446 4.2.2 28| | // struct { 29| | // opaque cookie<1..2^16-1>; 30| | // } Cookie; 31| | // 32| | // The wire form requires a 2-byte length field plus at least one byte of 33| | // cookie data, so the minimum extension size is 3 bytes. 34| 67| if(extension_size < 3) { ------------------ | Branch (34:7): [True: 4, False: 63] ------------------ 35| 4| throw Decoding_Error("Empty cookie extension is illegal"); 36| 4| } 37| | 38| 63| const uint16_t len = reader.get_uint16_t(); 39| | 40| 63| if(static_cast(len) + 2 != extension_size) { ------------------ | Branch (40:7): [True: 18, False: 45] ------------------ 41| 18| throw Decoding_Error("Inconsistent length in cookie extension"); 42| 18| } 43| | 44| 45| m_cookie = reader.get_fixed(len); 45| 45|} _ZN5Botan3TLS22PSK_Key_Exchange_ModesC2ERNS0_15TLS_Data_ReaderEt: 65| 729|PSK_Key_Exchange_Modes::PSK_Key_Exchange_Modes(TLS_Data_Reader& reader, uint16_t extension_size) { 66| | // RFC 8446 4.2.9 67| | // struct { 68| | // PskKeyExchangeMode ke_modes<1..255>; 69| | // } PskKeyExchangeModes; 70| | // 71| | // The wire form is a 1-byte length followed by mode_count mode bytes, 72| | // with mode_count in [1, 255], so the extension size is in [2, 256]. 73| 729| if(extension_size < 2) { ------------------ | Branch (73:7): [True: 3, False: 726] ------------------ 74| 3| throw Decoding_Error("Empty psk_key_exchange_modes extension is illegal"); 75| 3| } 76| | 77| 726| const auto mode_count = reader.get_byte(); 78| 726| if(static_cast(mode_count) + 1 != extension_size) { ------------------ | Branch (78:7): [True: 8, False: 718] ------------------ 79| 8| throw Decoding_Error("Inconsistent length in psk_key_exchange_modes extension"); 80| 8| } 81| | 82| 6.56k| for(uint16_t i = 0; i < mode_count; ++i) { ------------------ | Branch (82:24): [True: 5.84k, False: 718] ------------------ 83| 5.84k| const auto mode = static_cast(reader.get_byte()); 84| 5.84k| if(mode == PSK_Key_Exchange_Mode::PSK_KE || mode == PSK_Key_Exchange_Mode::PSK_DHE_KE) { ------------------ | Branch (84:10): [True: 2.53k, False: 3.30k] | Branch (84:51): [True: 386, False: 2.92k] ------------------ 85| 2.92k| m_modes.push_back(mode); 86| 2.92k| } 87| 5.84k| } 88| 718|} _ZN5Botan3TLS23Certificate_AuthoritiesC2ERNS0_15TLS_Data_ReaderEt: 106| 422|Certificate_Authorities::Certificate_Authorities(TLS_Data_Reader& reader, uint16_t extension_size) { 107| 422| if(extension_size < 2) { ------------------ | Branch (107:7): [True: 5, False: 417] ------------------ 108| 5| throw Decoding_Error("Empty certificate_authorities extension is illegal"); 109| 5| } 110| | 111| 417| const uint16_t purported_size = reader.get_uint16_t(); 112| | 113| 417| if(reader.remaining_bytes() != purported_size) { ------------------ | Branch (113:7): [True: 20, False: 397] ------------------ 114| 20| throw Decoding_Error("Inconsistent length in certificate_authorities extension"); 115| 20| } 116| | 117| | // RFC 8446 4.2.4: DistinguishedName authorities<3..2^16-1>; 118| 397| if(purported_size < 3) { ------------------ | Branch (118:7): [True: 2, False: 395] ------------------ 119| 2| throw Decoding_Error("Empty certificate_authorities list is illegal"); 120| 2| } 121| | 122| 803| while(reader.has_remaining()) { ------------------ | Branch (122:10): [True: 408, False: 395] ------------------ 123| | // RFC 8446 4.2.4: opaque DistinguishedName<1..2^16-1> 124| 408| const std::vector name_bits = reader.get_range(2, 1, 65535); 125| | 126| 408| BER_Decoder decoder(name_bits, BER_Decoder::Limits::DER()); 127| 408| m_distinguished_names.emplace_back(); 128| 408| decoder.decode(m_distinguished_names.back()).verify_end(); 129| 408| } 130| 395|} _ZN5Botan3TLS19EarlyDataIndicationC2ERNS0_15TLS_Data_ReaderEtNS0_14Handshake_TypeE: 149| 43| Handshake_Type message_type) { 150| 43| if(message_type == Handshake_Type::NewSessionTicket) { ------------------ | Branch (150:7): [True: 0, False: 43] ------------------ 151| 0| if(extension_size != 4) { ------------------ | Branch (151:10): [True: 0, False: 0] ------------------ 152| 0| throw TLS_Exception(Alert::DecodeError, 153| 0| "Received an early_data extension in a NewSessionTicket message " 154| 0| "without maximum early data size indication"); 155| 0| } 156| | 157| 0| m_max_early_data_size = reader.get_uint32_t(); 158| 43| } else if(extension_size != 0) { ------------------ | Branch (158:14): [True: 1, False: 42] ------------------ 159| 1| throw TLS_Exception(Alert::DecodeError, 160| 1| "Received an early_data extension containing an unexpected data " 161| 1| "size indication"); 162| 1| } 163| 43|} _ZNK5Botan3TLS19EarlyDataIndication5emptyEv: 165| 9|bool EarlyDataIndication::empty() const { 166| | // This extension may be empty by definition but still carry information 167| 9| return false; 168| 9|} _ZN5Botan3TLS9Key_ShareC2ERNS0_15TLS_Data_ReaderEtNS0_14Handshake_TypeE: 401| 99|Key_Share::Key_Share(TLS_Data_Reader& reader, uint16_t extension_size, Handshake_Type message_type) { 402| 99| if(message_type == Handshake_Type::ClientHello) { ------------------ | Branch (402:7): [True: 88, False: 11] ------------------ 403| 88| m_impl = std::make_unique(Key_Share_ClientHello(reader, extension_size)); 404| 88| } else if(message_type == Handshake_Type::HelloRetryRequest) { ------------------ | Branch (404:14): [True: 0, False: 11] ------------------ 405| | // Connection_Side::Server 406| 0| m_impl = std::make_unique(Key_Share_HelloRetryRequest(reader, extension_size)); 407| 11| } else if(message_type == Handshake_Type::ServerHello) { ------------------ | Branch (407:14): [True: 10, False: 1] ------------------ 408| | // Connection_Side::Server 409| 10| m_impl = std::make_unique(Key_Share_ServerHello(reader, extension_size)); 410| 10| } else { 411| 1| throw Invalid_Argument(std::string("cannot create a Key_Share extension for message of type: ") + 412| 1| handshake_type_to_string(message_type)); 413| 1| } 414| 99|} _ZN5Botan3TLS9Key_ShareD2Ev: 433| 59|Key_Share::~Key_Share() = default; _ZNK5Botan3TLS9Key_Share5emptyEv: 439| 2|bool Key_Share::empty() const { 440| 2| return std::visit([](const auto& key_share) { return key_share.empty(); }, m_impl->key_share); 441| 2|} tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ClientHelloC2ERNS0_15TLS_Data_ReaderEt: 185| 88| Key_Share_ClientHello(TLS_Data_Reader& reader, uint16_t /* extension_size */) { 186| | // The reader is per-extension (Extensions::deserialize binds it to 187| | // exactly extension_size bytes). Enforce that the inner 188| | // client_shares length matches what the outer extension has left, 189| | // then let the entry loop consume everything; extn_reader's 190| | // assert_done() at the deserialize call site catches any leftover. 191| 88| const auto client_key_share_length = reader.get_uint16_t(); 192| 88| if(reader.remaining_bytes() != client_key_share_length) { ------------------ | Branch (192:13): [True: 14, False: 74] ------------------ 193| 14| throw TLS_Exception(Alert::DecodeError, "Inconsistent length in client KeyShare extension"); 194| 14| } 195| | 196| 74| std::unordered_set seen_groups; 197| 222| while(reader.has_remaining()) { ------------------ | Branch (197:16): [True: 153, False: 69] ------------------ 198| | // Each KeyShareEntry is at least 4 bytes (group + 2-byte length). 199| | // Cleaner failure than the reader underflow we'd otherwise hit 200| | // when the inner buffer ends mid-entry. 201| 153| if(reader.remaining_bytes() < 4) { ------------------ | Branch (201:16): [True: 4, False: 149] ------------------ 202| 4| throw TLS_Exception(Alert::DecodeError, "Not enough data to read another KeyShareEntry"); 203| 4| } 204| | 205| 149| Key_Share_Entry new_entry(reader); 206| | 207| | // RFC 8446 4.2.8 208| | // Clients MUST NOT offer multiple KeyShareEntry values for the same 209| | // group. [...] 210| | // Servers MAY check for violations of these rules and abort the 211| | // handshake with an "illegal_parameter" alert if one is violated. 212| 149| if(!seen_groups.insert(new_entry.group().wire_code()).second) { ------------------ | Branch (212:16): [True: 1, False: 148] ------------------ 213| 1| throw TLS_Exception(Alert::IllegalParameter, "Received multiple key share entries for the same group"); 214| 1| } 215| | 216| 148| m_client_shares.emplace_back(std::move(new_entry)); 217| 148| } 218| 74| } tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_115Key_Share_EntryC2ERNS0_15TLS_Data_ReaderE: 47| 159| explicit Key_Share_Entry(TLS_Data_Reader& reader) { 48| | // TODO check that the group actually exists before casting... 49| 159| m_group = static_cast(reader.get_uint16_t()); 50| | // RFC 8446 4.2.8: opaque key_exchange<1..2^16-1> 51| 159| m_key_exchange = reader.get_range(2, 1, 65535); 52| 159| } tls_extensions_key_share.cpp:_ZNK5Botan3TLS12_GLOBAL__N_115Key_Share_Entry5groupEv: 105| 134| Named_Group group() const { return m_group; } tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ClientHelloD2Ev: 243| 159| ~Key_Share_ClientHello() = default; tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ServerHelloC2ERNS0_15TLS_Data_ReaderEt: 145| 10| Key_Share_ServerHello(TLS_Data_Reader& reader, uint16_t /*len*/) : m_server_share(reader) {} tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ServerHelloD2Ev: 153| 18| ~Key_Share_ServerHello() = default; tls_extensions_key_share.cpp:_ZZNK5Botan3TLS9Key_Share5emptyEvENK3$_0clINS0_12_GLOBAL__N_121Key_Share_ClientHelloEEEDaRKT_: 440| 2| return std::visit([](const auto& key_share) { return key_share.empty(); }, m_impl->key_share); tls_extensions_key_share.cpp:_ZNK5Botan3TLS12_GLOBAL__N_121Key_Share_ClientHello5emptyEv: 288| 2| bool empty() const { 289| | // RFC 8446 4.2.8 290| | // Clients MAY send an empty client_shares vector in order to request 291| | // group selection from the server, at the cost of an additional round 292| | // trip [...]. 293| 2| return false; 294| 2| } tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ClientHelloC2EOS2_: 248| 106| Key_Share_ClientHello(Key_Share_ClientHello&&) = default; tls_extensions_key_share.cpp:_ZN5Botan3TLS9Key_Share14Key_Share_ImplC2ENSt3__17variantIJNS0_12_GLOBAL__N_121Key_Share_ClientHelloENS5_21Key_Share_ServerHelloENS5_27Key_Share_HelloRetryRequestEEEE: 396| 59| explicit Key_Share_Impl(Key_Share_Type ks) : key_share(std::move(ks)) {} tls_extensions_key_share.cpp:_ZN5Botan3TLS12_GLOBAL__N_121Key_Share_ServerHelloC2EOS2_: 158| 12| Key_Share_ServerHello(Key_Share_ServerHello&&) = default; _ZN5Botan3TLS3PSKC2ERNS0_15TLS_Data_ReaderEtNS0_14Handshake_TypeE: 142| 94|PSK::PSK(TLS_Data_Reader& reader, uint16_t extension_size, Handshake_Type message_type) { 143| 94| if(message_type == Handshake_Type::ServerHello) { ------------------ | Branch (143:7): [True: 4, False: 90] ------------------ 144| 4| if(extension_size != 2) { ------------------ | Branch (144:10): [True: 1, False: 3] ------------------ 145| 1| throw TLS_Exception(Alert::DecodeError, "Server provided a malformed PSK extension"); 146| 1| } 147| | 148| 3| const uint16_t selected_id = reader.get_uint16_t(); 149| 3| m_impl = std::make_unique(Server_PSK(selected_id)); 150| 90| } else if(message_type == Handshake_Type::ClientHello) { ------------------ | Branch (150:14): [True: 88, False: 2] ------------------ 151| 88| const auto identities_length = reader.get_uint16_t(); 152| 88| const auto identities_offset = reader.read_so_far(); 153| | 154| 88| std::vector psk_identities; 155| 752| while(reader.has_remaining() && (reader.read_so_far() - identities_offset) < identities_length) { ------------------ | Branch (155:13): [True: 724, False: 28] | Branch (155:39): [True: 664, False: 60] ------------------ 156| | /* Per RFC 8446 PskIdentity is 157| | 158| | struct { 159| | opaque identity<1..2^16-1>; 160| | uint32 obfuscated_ticket_age; 161| | } PskIdentity; 162| | 163| | so we should reject an empty identity. However BoGo seems to expect 164| | being able to send us such an identity, so for now we accept it. 165| | */ 166| | 167| 664| auto identity = reader.get_tls_length_value(2); 168| 664| const auto obfuscated_ticket_age = reader.get_uint32_t(); 169| 664| psk_identities.emplace_back(std::move(identity), obfuscated_ticket_age); 170| 664| } 171| | 172| 88| if(psk_identities.empty()) { ------------------ | Branch (172:10): [True: 1, False: 87] ------------------ 173| 1| throw TLS_Exception(Alert::DecodeError, "Empty PSK list"); 174| 1| } 175| | 176| 87| if(reader.read_so_far() - identities_offset != identities_length) { ------------------ | Branch (176:10): [True: 18, False: 69] ------------------ 177| 18| throw TLS_Exception(Alert::DecodeError, "Inconsistent PSK identity list"); 178| 18| } 179| | 180| 69| const auto binders_length = reader.get_uint16_t(); 181| 69| const auto binders_offset = reader.read_so_far(); 182| | 183| 69| if(binders_length == 0) { ------------------ | Branch (183:10): [True: 1, False: 68] ------------------ 184| 1| throw TLS_Exception(Alert::DecodeError, "Empty PSK binders list"); 185| 1| } 186| | 187| 68| std::vector psks; 188| 302| for(auto& psk_identity : psk_identities) { ------------------ | Branch (188:30): [True: 302, False: 58] ------------------ 189| 302| if(!reader.has_remaining() || reader.read_so_far() - binders_offset >= binders_length) { ------------------ | Branch (189:13): [True: 2, False: 300] | Branch (189:40): [True: 8, False: 292] ------------------ 190| 10| throw TLS_Exception(Alert::IllegalParameter, "Not enough PSK binders"); 191| 10| } 192| | 193| | // RFC 8446 4.2.11 declares PskBinderEntry opaque<32..255>, but we accept any 194| | // 0..255 length here and let validate_binder reject, which yields a bad_record_mac 195| | // alert rather than decode_error. BoringSSL behaves the same way and BoGo has 196| | // tests that specifically expect this. 197| | 198| 292| psks.emplace_back(std::move(psk_identity), reader.get_tls_length_value(1)); 199| 292| } 200| | 201| 58| if(reader.read_so_far() - binders_offset != binders_length) { ------------------ | Branch (201:10): [True: 24, False: 34] ------------------ 202| 24| throw TLS_Exception(Alert::IllegalParameter, "Too many PSK binders"); 203| 24| } 204| | 205| 34| m_impl = std::make_unique(std::move(psks)); 206| 34| } else { 207| 2| throw TLS_Exception(Alert::DecodeError, "Found a PSK extension in an unexpected handshake message"); 208| 2| } 209| 94|} _ZN5Botan3TLS3PSKD2Ev: 231| 12|PSK::~PSK() = default; tls_extensions_psk.cpp:_ZN5Botan3TLS12_GLOBAL__N_110Server_PSKC2Et: 109| 3| explicit Server_PSK(uint16_t id) : m_selected_identity(id), m_session_to_resume_or_psk(std::monostate()) {} tls_extensions_psk.cpp:_ZN5Botan3TLS12_GLOBAL__N_110Client_PSKC2ENS0_11PskIdentityENSt3__16vectorIhNS4_9allocatorIhEEEE: 56| 285| m_identity(std::move(id)), m_binder(std::move(bndr)), m_is_resumption(false) {} tls_extensions_psk.cpp:_ZN5Botan3TLS3PSK12PSK_InternalC2ENS0_12_GLOBAL__N_110Server_PSKE: 134| 3| explicit PSK_Internal(Server_PSK srv_psk) : psk(std::move(srv_psk)) {} tls_extensions_psk.cpp:_ZN5Botan3TLS3PSK12PSK_InternalC2ENSt3__16vectorINS0_12_GLOBAL__N_110Client_PSKENS3_9allocatorIS6_EEEE: 136| 9| explicit PSK_Internal(std::vector clt_psks) : psk(std::move(clt_psks)) {} _ZN5Botan3TLS15Handshake_Layer9copy_dataENSt3__14spanIKhLm18446744073709551615EEE: 22| 12.5k|void Handshake_Layer::copy_data(std::span data_from_peer) { 23| | // Compact consumed data before appending new data 24| 12.5k| BOTAN_ASSERT_NOMSG(m_read_offset <= m_read_buffer.size()); ------------------ | | 77| 12.5k| do { \ | | 78| 12.5k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 12.5k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 12.5k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 12.5k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 12.5k] | | ------------------ ------------------ 25| 12.5k| if(m_read_offset > 0) { ------------------ | Branch (25:7): [True: 0, False: 12.5k] ------------------ 26| 0| m_read_buffer.erase(m_read_buffer.begin(), m_read_buffer.begin() + m_read_offset); 27| 0| m_read_offset = 0; 28| 0| } 29| | 30| 12.5k| m_read_buffer.insert(m_read_buffer.end(), data_from_peer.begin(), data_from_peer.end()); 31| 12.5k|} _ZN5Botan3TLS15Handshake_Layer12next_messageERKNS0_6PolicyERNS0_21Transcript_Hash_StateE: 141| 12.5k| Transcript_Hash_State& transcript_hash) { 142| 12.5k| BOTAN_ASSERT_NOMSG(m_read_offset <= m_read_buffer.size()); ------------------ | | 77| 12.5k| do { \ | | 78| 12.5k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 12.5k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 12.5k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 12.5k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 12.5k] | | ------------------ ------------------ 143| 12.5k| auto pending = std::span{m_read_buffer}.subspan(m_read_offset); 144| 12.5k| TLS::TLS_Data_Reader reader("handshake message", pending); 145| | 146| 12.5k| auto msg = parse_message(reader, policy, m_peer, m_certificate_type); 147| 12.5k| if(msg.has_value()) { ------------------ | Branch (147:7): [True: 4.21k, False: 8.35k] ------------------ 148| 4.21k| transcript_hash.update(pending.first(reader.read_so_far())); 149| 4.21k| m_read_offset += reader.read_so_far(); 150| 4.21k| BOTAN_ASSERT_NOMSG(m_read_offset <= m_read_buffer.size()); ------------------ | | 77| 4.21k| do { \ | | 78| 4.21k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 4.21k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 4.21k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 4.21k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 4.21k] | | ------------------ ------------------ 151| | 152| 4.21k| if(m_read_offset == m_read_buffer.size()) { ------------------ | Branch (152:10): [True: 4.16k, False: 47] ------------------ 153| 4.16k| m_read_buffer.clear(); 154| 4.16k| m_read_offset = 0; 155| 4.16k| } 156| 4.21k| } 157| | 158| 12.5k| return msg; 159| 12.5k|} tls_handshake_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_113parse_messageINSt3__17variantIJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimENS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEEEENS3_8optionalIT_EERNS0_15TLS_Data_ReaderERKNS0_6PolicyENS0_15Connection_SideENS0_16Certificate_TypeE: 78| 12.5k| const Certificate_Type cert_type) { 79| | // read the message header 80| 12.5k| if(reader.remaining_bytes() < HEADER_LENGTH) { ------------------ | Branch (80:7): [True: 87, False: 12.4k] ------------------ 81| 87| return std::nullopt; 82| 87| } 83| | 84| 12.4k| const Handshake_Type type = handshake_type_from_byte(reader.get_byte()); 85| | 86| | // make sure we have received the full message 87| 12.4k| const size_t msg_len = reader.get_uint24_t(); 88| | 89| | // TODO(Botan4) this is split out due to a GCC 11 ICE, can be inlined 90| 12.4k| verify_handshake_message_size(msg_len, policy.maximum_handshake_message_size()); 91| | 92| 12.4k| if(reader.remaining_bytes() < msg_len) { ------------------ | Branch (92:7): [True: 6.50k, False: 5.97k] ------------------ 93| 6.50k| return std::nullopt; 94| 6.50k| } 95| | 96| | // create the message 97| 5.97k| const auto msg = reader.get_fixed(msg_len); 98| 5.97k| if constexpr(std::is_same_v) { 99| 5.97k| switch(type) { 100| | // Client Hello and Server Hello messages are ambiguous. Both may come 101| | // from non-TLS 1.3 peers. Hence, their parsing is somewhat different. 102| 4.65k| case Handshake_Type::ClientHello: ------------------ | Branch (102:10): [True: 4.65k, False: 1.32k] ------------------ 103| | // ... might be TLS 1.2 Client Hello or TLS 1.3 Client Hello 104| 4.65k| return generalize_to(Client_Hello_13::parse(msg)); 105| 135| case Handshake_Type::ServerHello: ------------------ | Branch (105:10): [True: 135, False: 5.84k] ------------------ 106| | // ... might be TLS 1.2 Server Hello or TLS 1.3 Server Hello or 107| | // a TLS 1.3 Hello Retry Request disguising as a Server Hello 108| 135| return generalize_to(Server_Hello_13::parse(msg)); 109| | // case Handshake_Type::EndOfEarlyData: 110| | // return End_Of_Early_Data(msg); 111| 684| case Handshake_Type::EncryptedExtensions: ------------------ | Branch (111:10): [True: 684, False: 5.29k] ------------------ 112| 684| return Encrypted_Extensions(msg); 113| 401| case Handshake_Type::Certificate: ------------------ | Branch (113:10): [True: 401, False: 5.57k] ------------------ 114| 401| return Certificate_13(msg, policy, peer_side, cert_type); 115| 1| case Handshake_Type::CertificateRequest: ------------------ | Branch (115:10): [True: 1, False: 5.97k] ------------------ 116| 1| return Certificate_Request_13(msg, peer_side); 117| 46| case Handshake_Type::CertificateVerify: ------------------ | Branch (117:10): [True: 46, False: 5.93k] ------------------ 118| 46| return Certificate_Verify_13(msg, peer_side); 119| 11| case Handshake_Type::Finished: ------------------ | Branch (119:10): [True: 11, False: 5.96k] ------------------ 120| 11| return Finished_13(msg); 121| 0| default: ------------------ | Branch (121:10): [True: 0, False: 5.97k] ------------------ 122| 0| BOTAN_ASSERT(false, "cannot be reached"); // make sure to update handshake_type_from_byte ------------------ | | 64| 0| do { \ | | 65| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 0| if(!(expr)) { \ | | ------------------ | | | Branch (66:10): [True: 0, Folded] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 0| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 0] | | ------------------ ------------------ 123| 5.97k| } 124| | } else { 125| | BOTAN_UNUSED(peer_side); 126| | 127| | switch(type) { 128| | case Handshake_Type::NewSessionTicket: 129| | return New_Session_Ticket_13(msg, peer_side); 130| | case Handshake_Type::KeyUpdate: 131| | return Key_Update(msg); 132| | default: 133| | BOTAN_ASSERT(false, "cannot be reached"); // make sure to update handshake_type_from_byte 134| | } 135| | } 136| 5.97k|} tls_handshake_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_124handshake_type_from_byteINSt3__17variantIJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimENS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEEEENS0_14Handshake_TypeEh: 38| 12.4k|Handshake_Type handshake_type_from_byte(uint8_t byte_value) { 39| 12.4k| const auto type = static_cast(byte_value); 40| | 41| 12.4k| if constexpr(std::is_same_v) { 42| 12.4k| switch(type) { 43| 6.54k| case Handshake_Type::ClientHello: ------------------ | Branch (43:10): [True: 6.54k, False: 5.94k] ------------------ 44| 6.88k| case Handshake_Type::ServerHello: ------------------ | Branch (44:10): [True: 346, False: 12.1k] ------------------ 45| | // case Handshake_Type::EndOfEarlyData: // NYI: needs PSK/resumption support -- won't be offered in Client Hello for now 46| 7.90k| case Handshake_Type::EncryptedExtensions: ------------------ | Branch (46:10): [True: 1.02k, False: 11.4k] ------------------ 47| 9.52k| case Handshake_Type::Certificate: ------------------ | Branch (47:10): [True: 1.61k, False: 10.8k] ------------------ 48| 11.3k| case Handshake_Type::CertificateRequest: ------------------ | Branch (48:10): [True: 1.85k, False: 10.6k] ------------------ 49| 11.6k| case Handshake_Type::CertificateVerify: ------------------ | Branch (49:10): [True: 281, False: 12.2k] ------------------ 50| 12.4k| case Handshake_Type::Finished: ------------------ | Branch (50:10): [True: 799, False: 11.6k] ------------------ 51| 12.4k| return type; 52| 17| default: ------------------ | Branch (52:10): [True: 17, False: 12.4k] ------------------ 53| 17| throw TLS_Exception(AlertType::UnexpectedMessage, "Unknown handshake message received"); 54| 12.4k| } 55| | } else { 56| | switch(type) { 57| | case Handshake_Type::NewSessionTicket: 58| | case Handshake_Type::KeyUpdate: 59| | // case Handshake_Type::CertificateRequest: // NYI: post-handshake client auth (RFC 8446 4.6.2) -- won't be offered in Client Hello for now 60| | return type; 61| | default: 62| | throw TLS_Exception(AlertType::UnexpectedMessage, "Unknown post-handshake message received"); 63| | } 64| | } 65| 12.4k|} tls_handshake_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_129verify_handshake_message_sizeEmm: 67| 12.4k|void verify_handshake_message_size(size_t msg_len, size_t max_size) { 68| 12.4k| if(max_size > 0 && msg_len > max_size) { ------------------ | Branch (68:7): [True: 12.4k, False: 0] | Branch (68:23): [True: 31, False: 12.4k] ------------------ 69| 31| throw TLS_Exception(Alert::HandshakeFailure, 70| 31| Botan::fmt("Handshake message is {} bytes, policy maximum is {}", msg_len, max_size)); 71| 31| } 72| 12.4k|} _ZN5Botan3TLS8Internal23Handshake_State_13_Base5storeENS0_20Client_Hello_12_ShimEb: 26| 3.99k|Client_Hello_12_Shim& Handshake_State_13_Base::store(Client_Hello_12_Shim client_hello, const bool /*from_peer*/) { 27| 3.99k| m_client_hello_12 = std::move(client_hello); 28| 3.99k| return m_client_hello_12.value(); 29| 3.99k|} _ZN5Botan3TLS8Internal23Handshake_State_13_Base5storeENS0_14Certificate_13Eb: 58| 5|Certificate_13& Handshake_State_13_Base::store(Certificate_13 certificate, const bool from_peer) { 59| 5| auto& target = ((m_side == Connection_Side::Client) == from_peer) ? m_server_certificate : m_client_certificate; ------------------ | Branch (59:19): [True: 0, False: 5] ------------------ 60| 5| target = std::move(certificate); 61| 5| return target.value(); 62| 5|} _ZN5Botan3TLS8Internal23Handshake_State_13_Base5storeENS0_21Certificate_Verify_13Eb: 64| 6|Certificate_Verify_13& Handshake_State_13_Base::store(Certificate_Verify_13 certificate_verify, const bool from_peer) { 65| 6| auto& target = 66| 6| ((m_side == Connection_Side::Client) == from_peer) ? m_server_certificate_verify : m_client_certificate_verify; ------------------ | Branch (66:7): [True: 0, False: 6] ------------------ 67| 6| target = std::move(certificate_verify); 68| 6| return target.value(); 69| 6|} _ZN5Botan3TLS8Internal23Handshake_State_13_Base5storeENS0_11Finished_13Eb: 71| 4|Finished_13& Handshake_State_13_Base::store(Finished_13 finished, const bool from_peer) { 72| 4| auto& target = ((m_side == Connection_Side::Client) == from_peer) ? m_server_finished : m_client_finished; ------------------ | Branch (72:19): [True: 0, False: 4] ------------------ 73| 4| target = std::move(finished); 74| 4| return target.value(); 75| 4|} _ZN5Botan3TLS12Record_LayerC2ENS0_15Connection_SideE: 148| 6.25k| m_side(side), 149| 6.25k| m_outgoing_record_size_limit(MAX_PLAINTEXT_SIZE + 1 /* content type byte */), 150| 6.25k| m_incoming_record_size_limit(MAX_PLAINTEXT_SIZE + 1 /* content type byte */) 151| | 152| | // RFC 8446 5.1 153| | // legacy_record_version: MUST be set to 0x0303 for all records 154| | // generated by a TLS 1.3 implementation other than an initial 155| | // ClientHello [...], where it MAY also be 0x0301 for compatibility 156| | // purposes. 157| | // 158| | // Additionally, older peers might send other values while requesting a 159| | // protocol downgrade. I.e. we need to be able to tolerate/emit legacy 160| | // values until we negotiated a TLS 1.3 compliant connection. 161| | // 162| | // As a client: we may initially emit the compatibility version and 163| | // accept a wider range of incoming legacy record versions. 164| | // As a server: we start with emitting the specified legacy version of 0x0303 165| | // but must also allow a wider range of incoming legacy values. 166| | // 167| | // Once TLS 1.3 is negotiateed, the implementations will disable these 168| | // compatibility modes accordingly or a protocol downgrade will transfer 169| | // the marshalling responsibility to our TLS 1.2 implementation. 170| | , 171| 6.25k| m_sending_compat_mode(m_side == Connection_Side::Client), 172| 6.25k| m_receiving_compat_mode(true) {} _ZN5Botan3TLS12Record_Layer9copy_dataENSt3__14spanIKhLm18446744073709551615EEE: 174| 6.25k|void Record_Layer::copy_data(std::span data) { 175| | // Compact consumed data before appending new data 176| 6.25k| BOTAN_ASSERT_NOMSG(m_read_offset <= m_read_buffer.size()); ------------------ | | 77| 6.25k| do { \ | | 78| 6.25k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 6.25k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 6.25k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 6.25k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 6.25k] | | ------------------ ------------------ 177| 6.25k| if(m_read_offset > 0) { ------------------ | Branch (177:7): [True: 0, False: 6.25k] ------------------ 178| 0| m_read_buffer.erase(m_read_buffer.begin(), m_read_buffer.begin() + m_read_offset); 179| 0| m_read_offset = 0; 180| 0| } 181| | 182| 6.25k| m_read_buffer.insert(m_read_buffer.end(), data.begin(), data.end()); 183| 6.25k|} _ZNK5Botan3TLS12Record_Layer15prepare_recordsENS0_11Record_TypeENSt3__14spanIKhLm18446744073709551615EEEPNS0_12Cipher_StateE: 187| 2.09k| Cipher_State* cipher_state) const { 188| | // RFC 8446 5. 189| | // Note that [change_cipher_spec records] may appear at a point at the 190| | // handshake where the implementation is expecting protected records. 191| | // 192| | // RFC 8446 5. 193| | // An implementation which receives [...] a protected change_cipher_spec 194| | // record MUST abort the handshake [...]. 195| | // 196| | // ... hence, CHANGE_CIPHER_SPEC is never protected, even if a usable cipher 197| | // state was passed to this method. 198| 2.09k| const bool protect = cipher_state != nullptr && type != Record_Type::ChangeCipherSpec; ------------------ | Branch (198:25): [True: 0, False: 2.09k] | Branch (198:52): [True: 0, False: 0] ------------------ 199| | 200| | // RFC 8446 5.1 201| 2.09k| BOTAN_ASSERT(protect || type != Record_Type::ApplicationData, ------------------ | | 64| 2.09k| do { \ | | 65| 2.09k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 4.18k| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 0, False: 2.09k] | | | Branch (66:12): [True: 2.09k, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 2.09k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 2.09k] | | ------------------ ------------------ 202| 2.09k| "Application Data records MUST NOT be written to the wire unprotected"); 203| | 204| | // RFC 8446 5.1 205| | // "MUST NOT sent zero-length fragments of Handshake types" 206| | // "a record with an Alert type MUST contain exactly one message" [of non-zero length] 207| | // "Zero-length fragments of Application Data MAY be sent" 208| 2.09k| BOTAN_ASSERT(!data.empty() || type == Record_Type::ApplicationData, ------------------ | | 64| 2.09k| do { \ | | 65| 2.09k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 66| 2.09k| if(!(expr)) { \ | | ------------------ | | | Branch (66:12): [True: 2.09k, False: 0] | | | Branch (66:12): [True: 0, False: 0] | | ------------------ | | 67| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 68| 0| Botan::assertion_failure(#expr, assertion_made, __func__, __FILE__, __LINE__); \ | | 69| 0| } \ | | 70| 2.09k| } while(0) | | ------------------ | | | Branch (70:12): [Folded, False: 2.09k] | | ------------------ ------------------ 209| 2.09k| "zero-length fragments of types other than application data are not allowed"); 210| | 211| 2.09k| if(type == Record_Type::ChangeCipherSpec && !verify_change_cipher_spec(data.begin(), data.size())) { ------------------ | Branch (211:7): [True: 0, False: 2.09k] | Branch (211:48): [True: 0, False: 0] ------------------ 212| 0| throw Invalid_Argument("TLS 1.3 deprecated CHANGE_CIPHER_SPEC"); 213| 0| } 214| | 215| 2.09k| std::vector output; 216| | 217| | // RFC 8446 5.2 218| | // type: The TLSPlaintext.type value containing the content type of the record. 219| 2.09k| constexpr size_t content_type_tag_length = 1; 220| | 221| | // RFC 8449 4. 222| | // When the "record_size_limit" extension is negotiated, an endpoint 223| | // MUST NOT generate a protected record with plaintext that is larger 224| | // than the RecordSizeLimit value it receives from its peer. 225| | // Unprotected messages are not subject to this limit. 226| 2.09k| const size_t max_plaintext_size = 227| 2.09k| (protect) ? m_outgoing_record_size_limit - content_type_tag_length : static_cast(MAX_PLAINTEXT_SIZE); ------------------ | Branch (227:7): [True: 0, False: 2.09k] ------------------ 228| | 229| 2.09k| const auto records = std::max((data.size() + max_plaintext_size - 1) / max_plaintext_size, size_t(1)); 230| 2.09k| auto output_length = records * TLS_HEADER_SIZE; 231| 2.09k| if(protect) { ------------------ | Branch (231:7): [True: 0, False: 2.09k] ------------------ 232| | // n-1 full records of size max_plaintext_size 233| 0| output_length += 234| 0| (records - 1) * cipher_state->encrypt_output_length(max_plaintext_size + content_type_tag_length); 235| | // last record with size of remaining data 236| 0| output_length += cipher_state->encrypt_output_length(data.size() - ((records - 1) * max_plaintext_size) + 237| 0| content_type_tag_length); 238| 2.09k| } else { 239| 2.09k| output_length += data.size(); 240| 2.09k| } 241| 2.09k| output.reserve(output_length); 242| | 243| 2.09k| size_t pt_offset = 0; 244| 2.09k| size_t to_process = data.size(); 245| | 246| | // For protected records we need to write at least one encrypted fragment, 247| | // even if the plaintext size is zero. This happens only for Application 248| | // Data types. 249| 2.09k| BOTAN_ASSERT_NOMSG(to_process != 0 || protect); ------------------ | | 77| 2.09k| do { \ | | 78| 2.09k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 2.09k| if(!(expr)) { \ | | ------------------ | | | Branch (79:12): [True: 2.09k, False: 0] | | | Branch (79:12): [True: 0, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 2.09k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 2.09k] | | ------------------ ------------------ 250| | // NOLINTNEXTLINE(*-avoid-do-while) 251| 2.09k| do { 252| 2.09k| const size_t pt_size = std::min(to_process, max_plaintext_size); 253| 2.09k| const size_t ct_size = 254| 2.09k| (!protect) ? pt_size : cipher_state->encrypt_output_length(pt_size + content_type_tag_length); ------------------ | Branch (254:10): [True: 2.09k, False: 0] ------------------ 255| 2.09k| const auto pt_type = (!protect) ? type : Record_Type::ApplicationData; ------------------ | Branch (255:28): [True: 2.09k, False: 0] ------------------ 256| | 257| | // RFC 8446 5.1 258| | // MUST be set to 0x0303 for all records generated by a TLS 1.3 259| | // implementation other than an initial ClientHello [...], where 260| | // it MAY also be 0x0301 for compatibility purposes. 261| 2.09k| const auto record_header = TLSPlaintext_Header(pt_type, ct_size, m_sending_compat_mode).serialized(); 262| | 263| 2.09k| output.insert(output.end(), record_header.cbegin(), record_header.cend()); 264| | 265| 2.09k| auto pt_fragment = data.subspan(pt_offset, pt_size); 266| 2.09k| if(protect) { ------------------ | Branch (266:10): [True: 0, False: 2.09k] ------------------ 267| 0| secure_vector fragment; 268| 0| fragment.reserve(ct_size); 269| | 270| | // assemble TLSInnerPlaintext structure 271| 0| fragment.insert(fragment.end(), pt_fragment.begin(), pt_fragment.end()); 272| 0| fragment.push_back(static_cast(type)); 273| | // TODO: zero padding could go here, see RFC 8446 5.4 274| | 275| 0| cipher_state->encrypt_record_fragment(record_header, fragment); 276| 0| BOTAN_ASSERT_NOMSG(fragment.size() == ct_size); ------------------ | | 77| 0| do { \ | | 78| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 0| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 0| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 0] | | ------------------ ------------------ 277| | 278| 0| output.insert(output.end(), fragment.cbegin(), fragment.cend()); 279| 2.09k| } else { 280| 2.09k| output.insert(output.end(), pt_fragment.begin(), pt_fragment.end()); 281| 2.09k| } 282| | 283| 2.09k| pt_offset += pt_size; 284| 2.09k| to_process -= pt_size; 285| 2.09k| } while(to_process > 0); ------------------ | Branch (285:12): [True: 0, False: 2.09k] ------------------ 286| | 287| 2.09k| BOTAN_ASSERT_NOMSG(output.size() == output_length); ------------------ | | 77| 2.09k| do { \ | | 78| 2.09k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 2.09k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 2.09k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 2.09k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 2.09k] | | ------------------ ------------------ 288| 2.09k| return output; 289| 2.09k|} _ZN5Botan3TLS12Record_Layer11next_recordEPNS0_12Cipher_StateE: 291| 13.5k|Record_Layer::ReadResult Record_Layer::next_record(Cipher_State* cipher_state) { 292| 13.5k| const auto remaining = m_read_buffer.size() - m_read_offset; 293| | 294| 13.5k| if(remaining < TLS_HEADER_SIZE) { ------------------ | Branch (294:7): [True: 112, False: 13.4k] ------------------ 295| 112| return TLS_HEADER_SIZE - remaining; 296| 112| } 297| | 298| 13.4k| const auto header_begin = m_read_buffer.cbegin() + m_read_offset; 299| 13.4k| const auto header_end = header_begin + TLS_HEADER_SIZE; 300| | 301| | // The first received record(s) are likely a client or server hello. To be able to 302| | // perform protocol downgrades we must be less vigorous with the record's 303| | // legacy version. Hence, `check_tls13_version` is `false` for the first record(s). 304| 13.4k| const TLSPlaintext_Header plaintext_header({header_begin, header_end}, !m_receiving_compat_mode); 305| | 306| | // After the key exchange phase of the handshake is completed and record protection is engaged, 307| | // cipher_state is set. At this point, only protected traffic (and CCS) is allowed. 308| | // 309| | // RFC 8446 2. 310| | // - Key Exchange: Establish shared keying material and select the 311| | // cryptographic parameters. Everything after this phase is 312| | // encrypted. 313| | // RFC 8446 5. 314| | // An implementation may receive an unencrypted [CCS] at any time 315| 13.4k| if(cipher_state != nullptr && plaintext_header.type() != Record_Type::ApplicationData && ------------------ | Branch (315:7): [True: 0, False: 13.4k] | Branch (315:34): [True: 0, False: 0] ------------------ 316| 0| plaintext_header.type() != Record_Type::ChangeCipherSpec && ------------------ | Branch (316:7): [True: 0, False: 0] ------------------ 317| 0| (!cipher_state->must_expect_unprotected_alert_traffic() || plaintext_header.type() != Record_Type::Alert)) { ------------------ | Branch (317:8): [True: 0, False: 0] | Branch (317:66): [True: 0, False: 0] ------------------ 318| 0| throw TLS_Exception(Alert::UnexpectedMessage, "unprotected record received where protected traffic was expected"); 319| 0| } 320| | 321| 13.4k| if(remaining < TLS_HEADER_SIZE + plaintext_header.fragment_length()) { ------------------ | Branch (321:7): [True: 44, False: 13.4k] ------------------ 322| 44| return TLS_HEADER_SIZE + plaintext_header.fragment_length() - remaining; 323| 44| } 324| | 325| 13.4k| const auto fragment_begin = header_end; 326| 13.4k| const auto fragment_end = fragment_begin + plaintext_header.fragment_length(); 327| | 328| 13.4k| if(plaintext_header.type() == Record_Type::ChangeCipherSpec && ------------------ | Branch (328:7): [True: 6, False: 13.4k] ------------------ 329| 6| !verify_change_cipher_spec(fragment_begin, plaintext_header.fragment_length())) { ------------------ | Branch (329:7): [True: 4, False: 2] ------------------ 330| 4| throw TLS_Exception(Alert::UnexpectedMessage, "malformed change cipher spec record received"); 331| 4| } 332| | 333| 13.4k| Record record(plaintext_header.type(), secure_vector(fragment_begin, fragment_end)); 334| 13.4k| m_read_offset += TLS_HEADER_SIZE + plaintext_header.fragment_length(); 335| | 336| | // If all buffered data has been consumed, release the buffer memory 337| | // to avoid retaining peak allocation on idle connections. 338| 13.4k| if(m_read_offset == m_read_buffer.size()) { ------------------ | Branch (338:7): [True: 2.58k, False: 10.8k] ------------------ 339| 2.58k| zap(m_read_buffer); 340| 2.58k| m_read_offset = 0; 341| 2.58k| } 342| | 343| 13.4k| if(record.type == Record_Type::ApplicationData) { ------------------ | Branch (343:7): [True: 10, False: 13.4k] ------------------ 344| 10| if(cipher_state == nullptr) { ------------------ | Branch (344:10): [True: 10, False: 0] ------------------ 345| | // This could also mean a misuse of the interface, i.e. failing to provide a valid 346| | // cipher_state to parse_records when receiving valid (encrypted) Application Data. 347| 10| throw TLS_Exception(Alert::UnexpectedMessage, "premature Application Data received"); 348| 10| } 349| | 350| 0| if(record.fragment.size() < cipher_state->minimum_decryption_input_length()) { ------------------ | Branch (350:10): [True: 0, False: 0] ------------------ 351| 0| throw TLS_Exception(Alert::BadRecordMac, "incomplete record mac received"); 352| 0| } 353| | 354| 0| if(cipher_state->decrypt_output_length(record.fragment.size()) > m_incoming_record_size_limit) { ------------------ | Branch (354:10): [True: 0, False: 0] ------------------ 355| 0| throw TLS_Exception(Alert::RecordOverflow, "Received an encrypted record that exceeds maximum plaintext size"); 356| 0| } 357| | 358| 0| record.seq_no = cipher_state->decrypt_record_fragment(plaintext_header.serialized(), record.fragment); 359| | 360| | // Remove record padding (RFC 8446 5.4). The TLSInnerPlaintext layout is 361| | // content || content_type || zero_padding 362| 0| auto seen_nonzero = CT::Mask::cleared(); 363| 0| uint8_t content_type_byte = 0; 364| 0| size_t content_index = 0; 365| 0| for(size_t i = record.fragment.size(); i-- > 0;) { ------------------ | Branch (365:46): [True: 0, False: 0] ------------------ 366| 0| const uint8_t b = record.fragment[i]; 367| 0| const auto byte_is_nonzero = CT::Mask::expand(b); 368| | // Set on the first non-zero byte we encounter scanning right-to-left. 369| 0| const auto first_nonzero = byte_is_nonzero & ~seen_nonzero; 370| 0| content_type_byte = first_nonzero.select(b, content_type_byte); 371| 0| content_index = CT::Mask::expand(first_nonzero.value()).select(i, content_index); 372| 0| seen_nonzero |= byte_is_nonzero; 373| 0| } 374| | 375| 0| if(!seen_nonzero.as_bool()) { ------------------ | Branch (375:10): [True: 0, False: 0] ------------------ 376| | // RFC 8446 5.4 377| | // If a receiving implementation does not 378| | // find a non-zero octet in the cleartext, it MUST terminate the 379| | // connection with an "unexpected_message" alert. 380| 0| throw TLS_Exception(Alert::UnexpectedMessage, "No content type found in encrypted record"); 381| 0| } 382| | 383| | // hydrate the actual content type from TLSInnerPlaintext 384| 0| record.type = read_record_type(content_type_byte); 385| | 386| 0| if(record.type == Record_Type::ChangeCipherSpec) { ------------------ | Branch (386:10): [True: 0, False: 0] ------------------ 387| | // RFC 8446 5 388| | // An implementation [...] which receives a protected change_cipher_spec record MUST 389| | // abort the handshake with an "unexpected_message" alert. 390| 0| throw TLS_Exception(Alert::UnexpectedMessage, "protected change cipher spec received"); 391| 0| } 392| | 393| | // Truncate to drop the content_type byte and padding. resize() on a 394| | // vector of trivially-destructible elements is bookkeeping-only and 395| | // does not allocate or iterate over the dropped suffix. 396| 0| record.fragment.resize(content_index); 397| | 398| | // RFC 8446 5.4 399| | // Implementations MUST NOT send Handshake and Alert records that have 400| | // a zero-length TLSInnerPlaintext.content; if such a message is 401| | // received, the receiving implementation MUST terminate the connection 402| | // with an "unexpected_message" alert. 403| 0| if(record.fragment.empty() && record.type != Record_Type::ApplicationData) { ------------------ | Branch (403:10): [True: 0, False: 0] | Branch (403:37): [True: 0, False: 0] ------------------ 404| 0| throw TLS_Exception(Alert::UnexpectedMessage, 405| 0| "Received a protected record with empty TLSInnerPlaintext content"); 406| 0| } 407| 0| } 408| | 409| 13.4k| return record; 410| 13.4k|} tls_record_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_119TLSPlaintext_HeaderC2ENS0_11Record_TypeEmb: 118| 2.09k| m_type(record_type), 119| 2.09k| m_legacy_version(use_compatibility_version ? 0x0301 : 0x0303) // RFC 8446 5.1 ------------------ | Branch (119:30): [True: 0, False: 2.09k] ------------------ 120| | , 121| 2.09k| m_fragment_length(static_cast(frgmnt_length)), 122| 2.09k| m_serialized({ 123| 2.09k| static_cast(m_type), 124| 2.09k| m_legacy_version.major_version(), 125| 2.09k| m_legacy_version.minor_version(), 126| 2.09k| get_byte<0>(m_fragment_length), 127| 2.09k| get_byte<1>(m_fragment_length), 128| 2.09k| }) {} tls_record_layer_13.cpp:_ZNK5Botan3TLS12_GLOBAL__N_119TLSPlaintext_Header10serializedEv: 136| 2.09k| const std::vector& serialized() const { return m_serialized; } tls_record_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_119TLSPlaintext_HeaderC2ENSt3__16vectorIhNS3_9allocatorIhEEEEb: 55| 13.4k| TLSPlaintext_Header(std::vector hdr, const bool check_tls13_version) { 56| | // NOLINTBEGIN(*-prefer-member-initializer) 57| 13.4k| m_type = read_record_type(hdr[0]); 58| 13.4k| m_legacy_version = Protocol_Version(make_uint16(hdr[1], hdr[2])); 59| 13.4k| m_fragment_length = make_uint16(hdr[3], hdr[4]); 60| 13.4k| m_serialized = std::move(hdr); 61| | // NOLINTEND(*-prefer-member-initializer) 62| | 63| | // If no full version check is requested, we just verify the practically 64| | // ossified major version number. 65| 13.4k| if(m_legacy_version.major_version() != 0x03) { ------------------ | Branch (65:13): [True: 17, False: 13.4k] ------------------ 66| 17| throw TLS_Exception(Alert::IllegalParameter, "Received unexpected record version"); 67| 17| } 68| | 69| | // RFC 8446 5.1 70| | // legacy_record_version: MUST be set to 0x0303 for all records 71| | // generated by a TLS 1.3 implementation 72| 13.4k| if(check_tls13_version && m_legacy_version.version_code() != 0x0303) { ------------------ | Branch (72:13): [True: 0, False: 13.4k] | Branch (72:36): [True: 0, False: 0] ------------------ 73| 0| throw TLS_Exception(Alert::IllegalParameter, "Received unexpected record version"); 74| 0| } 75| | 76| | // RFC 8446 5.1 77| | // Implementations MUST NOT send zero-length fragments of Handshake 78| | // types, even if those fragments contain padding. 79| | // 80| | // Zero-length fragments of Application Data MAY be sent, as they are 81| | // potentially useful as a traffic analysis countermeasure. 82| 13.4k| if(m_fragment_length == 0 && type() != Record_Type::ApplicationData) { ------------------ | Branch (82:13): [True: 13, False: 13.4k] | Branch (82:39): [True: 6, False: 7] ------------------ 83| 6| throw TLS_Exception(Alert::DecodeError, "empty record received"); 84| 6| } 85| | 86| 13.4k| if(m_type == Record_Type::ApplicationData) { ------------------ | Branch (86:13): [True: 28, False: 13.4k] ------------------ 87| | // RFC 8446 5.2 88| | // The length [...] is the sum of the lengths of the content and the 89| | // padding, plus one for the inner content type, plus any expansion 90| | // added by the AEAD algorithm. The length MUST NOT exceed 2^14 + 256 bytes. 91| | // 92| | // Note: Limits imposed by a "record_size_limit" extension do not come 93| | // into play here, as those limits are on the plaintext _not_ the 94| | // encrypted data. Constricted devices must be able to deal with 95| | // data overhead inflicted by the AEAD. 96| 28| if(m_fragment_length > MAX_CIPHERTEXT_SIZE_TLS13) { ------------------ | Branch (96:16): [True: 3, False: 25] ------------------ 97| 3| throw TLS_Exception(Alert::RecordOverflow, "Received an encrypted record that exceeds maximum size"); 98| 3| } 99| 13.4k| } else { 100| | // RFC 8446 5.1 101| | // The length MUST NOT exceed 2^14 bytes. An endpoint that receives a record that 102| | // exceeds this length MUST terminate the connection with a "record_overflow" alert. 103| | // 104| | // RFC 8449 4. 105| | // When the "record_size_limit" extension is negotiated, an endpoint 106| | // MUST NOT generate a protected record with plaintext that is larger 107| | // than the RecordSizeLimit value it receives from its peer. 108| | // -> Unprotected messages are not subject to this limit. <- 109| 13.4k| if(m_fragment_length > MAX_PLAINTEXT_SIZE) { ------------------ | Branch (109:16): [True: 8, False: 13.4k] ------------------ 110| 8| throw TLS_Exception(Alert::RecordOverflow, "Received a record that exceeds maximum size"); 111| 8| } 112| 13.4k| } 113| 13.4k| } tls_record_layer_13.cpp:_ZNK5Botan3TLS12_GLOBAL__N_119TLSPlaintext_Header4typeEv: 130| 26.7k| Record_Type type() const { return m_type; } tls_record_layer_13.cpp:_ZNK5Botan3TLS12_GLOBAL__N_119TLSPlaintext_Header15fragment_lengthEv: 132| 40.1k| uint16_t fragment_length() const { return m_fragment_length; } tls_record_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_116read_record_typeEh: 36| 13.4k|Record_Type read_record_type(const uint8_t type_byte) { 37| | // RFC 8446 5. 38| | // If a TLS implementation receives an unexpected record type, 39| | // it MUST terminate the connection with an "unexpected_message" alert. 40| 13.4k| if(type_byte != static_cast(Record_Type::ApplicationData) && ------------------ | Branch (40:7): [True: 13.4k, False: 28] ------------------ 41| 13.4k| type_byte != static_cast(Record_Type::Handshake) && ------------------ | Branch (41:7): [True: 830, False: 12.6k] ------------------ 42| 830| type_byte != static_cast(Record_Type::Alert) && ------------------ | Branch (42:7): [True: 40, False: 790] ------------------ 43| 40| type_byte != static_cast(Record_Type::ChangeCipherSpec)) { ------------------ | Branch (43:7): [True: 31, False: 9] ------------------ 44| 31| throw TLS_Exception(Alert::UnexpectedMessage, "TLS record type had unexpected value"); 45| 31| } 46| | 47| 13.4k| return static_cast(type_byte); 48| 13.4k|} tls_record_layer_13.cpp:_ZN5Botan3TLS12_GLOBAL__N_125verify_change_cipher_specINSt3__111__wrap_iterIPKhEEEEbT_m: 24| 6|bool verify_change_cipher_spec(const IteratorT data, const size_t size) { 25| | // RFC 8446 5. 26| | // An implementation may receive an unencrypted record of type 27| | // change_cipher_spec consisting of the single byte value 0x01 28| | // at any time [...]. An implementation which receives any other 29| | // change_cipher_spec value or which receives a protected 30| | // change_cipher_spec record MUST abort the handshake [...]. 31| 6| const size_t expected_fragment_length = 1; 32| 6| const uint8_t expected_fragment_byte = 0x01; 33| 6| return (size == expected_fragment_length && *data == expected_fragment_byte); ------------------ | Branch (33:12): [True: 5, False: 1] | Branch (33:48): [True: 2, False: 3] ------------------ 34| 6|} _ZN5Botan3TLS14Server_Impl_13C2ERKNSt3__110shared_ptrINS0_9CallbacksEEERKNS3_INS0_15Session_ManagerEEERKNS3_INS_19Credentials_ManagerEEERKNS3_IKNS0_6PolicyEEERKNS3_INS_21RandomNumberGeneratorEEE: 28| 6.25k| Channel_Impl_13(callbacks, session_manager, credentials_manager, rng, policy, true /* is_server */), 29| 6.25k| m_handshake(std::make_unique()) { 30| 6.25k|#if defined(BOTAN_HAS_TLS_12) 31| 6.25k| if(policy->allow_tls12()) { ------------------ | Branch (31:7): [True: 6.25k, False: 0] ------------------ 32| 6.25k| expect_downgrade({}, {}); 33| 6.25k| } 34| 6.25k|#endif 35| | 36| 6.25k| m_handshake->transitions.set_expected_next(Handshake_Type::ClientHello); 37| 6.25k|} _ZN5Botan3TLS14Server_Impl_1321process_handshake_msgENSt3__17variantIJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimENS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEE: 152| 4.19k|void Server_Impl_13::process_handshake_msg(Handshake_Message_13 message) { 153| 4.19k| BOTAN_STATE_CHECK(m_handshake != nullptr); ------------------ | | 51| 4.19k| do { \ | | 52| 4.19k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 4.19k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 4.19k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 4.19k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 4.19k] | | ------------------ ------------------ 154| | 155| 4.19k| std::visit( 156| 4.19k| [&](auto msg) { 157| | // first verify that the message was expected by the state machine... 158| 4.19k| m_handshake->transitions.confirm_transition_to(msg.get().type()); 159| | 160| | // ... then allow the library user to abort on their discretion 161| 4.19k| callbacks().tls_inspect_handshake_msg(msg.get()); 162| | 163| | // ... finally handle the message 164| 4.19k| handle(msg.get()); 165| 4.19k| }, 166| 4.19k| m_handshake->state.received(std::move(message))); 167| 4.19k|} _ZN5Botan3TLS14Server_Impl_1332process_dummy_change_cipher_specEv: 180| 1|void Server_Impl_13::process_dummy_change_cipher_spec() { 181| | // RFC 8446 5. 182| | // If an implementation detects a change_cipher_spec record received before 183| | // the first ClientHello message or after the peer's Finished message, it MUST be 184| | // treated as an unexpected record type [("unexpected_message" alert)]. 185| 1| if(!m_handshake || !m_handshake->state.has_client_hello() || m_handshake->state.has_client_finished()) { ------------------ | Branch (185:7): [True: 0, False: 1] | Branch (185:23): [True: 1, False: 0] | Branch (185:65): [True: 0, False: 0] ------------------ 186| 1| throw TLS_Exception(Alert::UnexpectedMessage, "Received an unexpected dummy Change Cipher Spec"); 187| 1| } 188| | 189| | // RFC 8446 5. 190| | // An implementation may receive an unencrypted record of type change_cipher_spec [...] 191| | // at any time after the first ClientHello message has been sent or received 192| | // and before the peer's Finished message has been received [...] 193| | // and MUST simply drop it without further processing. 194| | // 195| | // ... no further processing. 196| 1|} _ZNK5Botan3TLS14Server_Impl_1321is_handshake_completeEv: 198| 12.5k|bool Server_Impl_13::is_handshake_complete() const { 199| 12.5k| return m_active_state.has_value() || (m_handshake != nullptr && m_handshake->state.has_client_finished()); ------------------ | Branch (199:11): [True: 0, False: 12.5k] | Branch (199:42): [True: 12.5k, False: 0] | Branch (199:68): [True: 0, False: 12.5k] ------------------ 200| 12.5k|} _ZN5Botan3TLS14Server_Impl_139downgradeEv: 212| 3.99k|void Server_Impl_13::downgrade() { 213| 3.99k| BOTAN_ASSERT_NOMSG(expects_downgrade()); ------------------ | | 77| 3.99k| do { \ | | 78| 3.99k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 3.99k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 3.99k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 3.99k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 3.99k] | | ------------------ ------------------ 214| | 215| 3.99k| request_downgrade(); 216| | 217| | // After this, no further messages are expected here because this instance 218| | // will be replaced by a Server_Impl_12. 219| 3.99k| m_handshake->transitions.set_expected_next({}); 220| 3.99k|} _ZN5Botan3TLS14Server_Impl_136handleERKNS0_20Client_Hello_12_ShimE: 458| 3.99k|void Server_Impl_13::handle(const Client_Hello_12_Shim& ch) { 459| | // The detailed handling of the TLS 1.2 compliant Client Hello is left to 460| | // the TLS 1.2 server implementation. 461| 3.99k| BOTAN_UNUSED(ch); ------------------ | | 144| 3.99k|#define BOTAN_UNUSED Botan::ignore_params ------------------ 462| 3.99k| BOTAN_ASSERT_NONNULL(m_handshake); ------------------ | | 116| 3.99k| do { \ | | 117| 3.99k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 3.99k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 3.99k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 3.99k] | | ------------------ ------------------ 463| | 464| | // After we sent a Hello Retry Request we must not accept a downgrade. 465| 3.99k| if(m_handshake->state.has_hello_retry_request()) { ------------------ | Branch (465:7): [True: 0, False: 3.99k] ------------------ 466| 0| throw TLS_Exception(Alert::UnexpectedMessage, "Received a TLS 1.2 Client Hello after Hello Retry Request"); 467| 0| } 468| | 469| | // RFC 8446 Appendix D.2 470| | // If the "supported_versions" extension is absent and the server only 471| | // supports versions greater than ClientHello.legacy_version, the server 472| | // MUST abort the handshake with a "protocol_version" alert. 473| | // 474| | // If we're not expecting a downgrade, we only support TLS 1.3. 475| 3.99k| if(!expects_downgrade()) { ------------------ | Branch (475:7): [True: 0, False: 3.99k] ------------------ 476| 0| throw TLS_Exception(Alert::ProtocolVersion, "Received a legacy Client Hello"); 477| 0| } 478| | 479| 3.99k| downgrade(); 480| 3.99k|} tls_server_impl_13.cpp:_ZZN5Botan3TLS14Server_Impl_1321process_handshake_msgENSt3__17variantIJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimENS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEEENK3$_0clINS2_17reference_wrapperIS5_EEEEDaT_: 156| 3.99k| [&](auto msg) { 157| | // first verify that the message was expected by the state machine... 158| 3.99k| m_handshake->transitions.confirm_transition_to(msg.get().type()); 159| | 160| | // ... then allow the library user to abort on their discretion 161| 3.99k| callbacks().tls_inspect_handshake_msg(msg.get()); 162| | 163| | // ... finally handle the message 164| 3.99k| handle(msg.get()); 165| 3.99k| }, tls_server_impl_13.cpp:_ZZN5Botan3TLS14Server_Impl_1321process_handshake_msgENSt3__17variantIJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimENS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEEENK3$_0clINS2_17reference_wrapperISA_EEEEDaT_: 156| 5| [&](auto msg) { 157| | // first verify that the message was expected by the state machine... 158| 5| m_handshake->transitions.confirm_transition_to(msg.get().type()); 159| | 160| | // ... then allow the library user to abort on their discretion 161| 5| callbacks().tls_inspect_handshake_msg(msg.get()); 162| | 163| | // ... finally handle the message 164| 5| handle(msg.get()); 165| 5| }, tls_server_impl_13.cpp:_ZZN5Botan3TLS14Server_Impl_1321process_handshake_msgENSt3__17variantIJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimENS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEEENK3$_0clINS2_17reference_wrapperISC_EEEEDaT_: 156| 6| [&](auto msg) { 157| | // first verify that the message was expected by the state machine... 158| 6| m_handshake->transitions.confirm_transition_to(msg.get().type()); 159| | 160| | // ... then allow the library user to abort on their discretion 161| 6| callbacks().tls_inspect_handshake_msg(msg.get()); 162| | 163| | // ... finally handle the message 164| 6| handle(msg.get()); 165| 6| }, tls_server_impl_13.cpp:_ZZN5Botan3TLS14Server_Impl_1321process_handshake_msgENSt3__17variantIJNS0_15Client_Hello_13ENS0_20Client_Hello_12_ShimENS0_15Server_Hello_13ENS0_20Server_Hello_12_ShimENS0_19Hello_Retry_RequestENS0_20Encrypted_ExtensionsENS0_14Certificate_13ENS0_22Certificate_Request_13ENS0_21Certificate_Verify_13ENS0_11Finished_13EEEEENK3$_0clINS2_17reference_wrapperISD_EEEEDaT_: 156| 4| [&](auto msg) { 157| | // first verify that the message was expected by the state machine... 158| 4| m_handshake->transitions.confirm_transition_to(msg.get().type()); 159| | 160| | // ... then allow the library user to abort on their discretion 161| 4| callbacks().tls_inspect_handshake_msg(msg.get()); 162| | 163| | // ... finally handle the message 164| 4| handle(msg.get()); 165| 4| }, _ZN5Botan3TLS21Transcript_Hash_StateC2Ev: 24| 6.25k|Transcript_Hash_State::Transcript_Hash_State() = default; _ZN5Botan3TLS21Transcript_Hash_StateD2Ev: 26| 6.25k|Transcript_Hash_State::~Transcript_Hash_State() = default; _ZN5Botan3TLS21Transcript_Hash_State6updateENSt3__14spanIKhLm18446744073709551615EEE: 155| 4.21k|void Transcript_Hash_State::update(std::span serialized_message_s) { 156| 4.21k| const auto* serialized_message = serialized_message_s.data(); 157| 4.21k| auto serialized_message_length = serialized_message_s.size(); 158| 4.21k| if(m_hash != nullptr) { ------------------ | Branch (158:7): [True: 0, False: 4.21k] ------------------ 159| 0| auto truncation_mark = serialized_message_length; 160| | 161| | // Check whether we should generate a truncated hash for supporting PSK 162| | // binder calculation or verification. See RFC 8446 4.2.11.2. 163| 0| if(serialized_message_length > 0 && *serialized_message == static_cast(Handshake_Type::ClientHello)) { ------------------ | Branch (163:10): [True: 0, False: 0] | Branch (163:43): [True: 0, False: 0] ------------------ 164| 0| truncation_mark = find_client_hello_truncation_mark(serialized_message_s); 165| 0| } 166| | 167| 0| if(truncation_mark < serialized_message_length) { ------------------ | Branch (167:10): [True: 0, False: 0] ------------------ 168| 0| m_hash->update(serialized_message, truncation_mark); 169| 0| m_truncated = read_hash_state(m_hash); 170| 0| m_hash->update(serialized_message + truncation_mark, serialized_message_length - truncation_mark); 171| 0| } else { 172| 0| m_truncated.clear(); 173| 0| m_hash->update(serialized_message, serialized_message_length); 174| 0| } 175| | 176| 0| m_previous = std::exchange(m_current, read_hash_state(m_hash)); 177| 4.21k| } else { 178| 4.21k| m_unprocessed_transcript.push_back( 179| 4.21k| std::vector(serialized_message, serialized_message + serialized_message_length)); 180| 4.21k| } 181| 4.21k|} _ZN5Botan3TLS5AlertC2ERKNSt3__16vectorIhNS_16secure_allocatorIhEEEE: 14| 2.22k|Alert::Alert(const secure_vector& buf) { 15| 2.22k| if(buf.size() != 2) { ------------------ | Branch (15:7): [True: 29, False: 2.19k] ------------------ 16| 29| throw Decoding_Error("Bad size (" + std::to_string(buf.size()) + ") for TLS alert message"); 17| 29| } 18| | 19| 2.19k| if(buf[0] == 1) { ------------------ | Branch (19:7): [True: 1.42k, False: 766] ------------------ 20| 1.42k| m_fatal = false; 21| 1.42k| } else if(buf[0] == 2) { ------------------ | Branch (21:14): [True: 755, False: 11] ------------------ 22| 755| m_fatal = true; 23| 755| } else { 24| 11| throw TLS_Exception(Alert::IllegalParameter, "Bad code for TLS alert level"); 25| 11| } 26| | 27| 2.18k| const uint8_t dc = buf[1]; 28| | 29| 2.18k| m_type_code = static_cast(dc); 30| 2.18k|} _ZNK5Botan3TLS5Alert9serializeEv: 32| 4.73k|std::vector Alert::serialize() const { 33| 4.73k| return std::vector({static_cast(is_fatal() ? 2 : 1), static_cast(type())}); ------------------ | Branch (33:54): [True: 4.72k, False: 15] ------------------ 34| 4.73k|} _ZN5Botan3TLS18kdf_algo_to_stringENS0_8KDF_AlgoE: 17| 3.58k|std::string kdf_algo_to_string(KDF_Algo algo) { 18| 3.58k| switch(algo) { ------------------ | Branch (18:11): [True: 3.58k, False: 0] ------------------ 19| 1.39k| case KDF_Algo::SHA_1: ------------------ | Branch (19:7): [True: 1.39k, False: 2.18k] ------------------ 20| 1.39k| return "SHA-1"; 21| 1.45k| case KDF_Algo::SHA_256: ------------------ | Branch (21:7): [True: 1.45k, False: 2.12k] ------------------ 22| 1.45k| return "SHA-256"; 23| 729| case KDF_Algo::SHA_384: ------------------ | Branch (23:7): [True: 729, False: 2.85k] ------------------ 24| 729| return "SHA-384"; 25| 3.58k| } 26| | 27| 0| throw Invalid_State("kdf_algo_to_string unknown enum value"); 28| 3.58k|} _ZN5Botan3TLS20kex_method_to_stringENS0_8Kex_AlgoE: 30| 129|std::string kex_method_to_string(Kex_Algo method) { 31| 129| switch(method) { ------------------ | Branch (31:11): [True: 129, False: 0] ------------------ 32| 0| case Kex_Algo::STATIC_RSA: ------------------ | Branch (32:7): [True: 0, False: 129] ------------------ 33| 0| return "RSA"; 34| 0| case Kex_Algo::DH: ------------------ | Branch (34:7): [True: 0, False: 129] ------------------ 35| 0| return "DH"; 36| 0| case Kex_Algo::ECDH: ------------------ | Branch (36:7): [True: 0, False: 129] ------------------ 37| 0| return "ECDH"; 38| 0| case Kex_Algo::PSK: ------------------ | Branch (38:7): [True: 0, False: 129] ------------------ 39| 0| return "PSK"; 40| 129| case Kex_Algo::ECDHE_PSK: ------------------ | Branch (40:7): [True: 129, False: 0] ------------------ 41| 129| return "ECDHE_PSK"; 42| 0| case Kex_Algo::DHE_PSK: ------------------ | Branch (42:7): [True: 0, False: 129] ------------------ 43| 0| return "DHE_PSK"; 44| 0| case Kex_Algo::KEM: ------------------ | Branch (44:7): [True: 0, False: 129] ------------------ 45| 0| return "KEM"; 46| 0| case Kex_Algo::KEM_PSK: ------------------ | Branch (46:7): [True: 0, False: 129] ------------------ 47| 0| return "KEM_PSK"; 48| 0| case Kex_Algo::HYBRID: ------------------ | Branch (48:7): [True: 0, False: 129] ------------------ 49| 0| return "HYBRID"; 50| 0| case Kex_Algo::HYBRID_PSK: ------------------ | Branch (50:7): [True: 0, False: 129] ------------------ 51| 0| return "HYBRID_PSK"; 52| 0| case Kex_Algo::UNDEFINED: ------------------ | Branch (52:7): [True: 0, False: 129] ------------------ 53| 0| return "UNDEFINED"; 54| 129| } 55| | 56| 0| throw Invalid_State("kex_method_to_string unknown enum value"); 57| 129|} _ZN5Botan3TLS21auth_method_to_stringENS0_11Auth_MethodE: 107| 133|std::string auth_method_to_string(Auth_Method method) { 108| 133| switch(method) { ------------------ | Branch (108:11): [True: 133, False: 0] ------------------ 109| 109| case Auth_Method::RSA: ------------------ | Branch (109:7): [True: 109, False: 24] ------------------ 110| 109| return "RSA"; 111| 24| case Auth_Method::ECDSA: ------------------ | Branch (111:7): [True: 24, False: 109] ------------------ 112| 24| return "ECDSA"; 113| 0| case Auth_Method::IMPLICIT: ------------------ | Branch (113:7): [True: 0, False: 133] ------------------ 114| 0| return "IMPLICIT"; 115| 0| case Auth_Method::UNDEFINED: ------------------ | Branch (115:7): [True: 0, False: 133] ------------------ 116| 0| return "UNDEFINED"; 117| 133| } 118| | 119| 0| throw Invalid_State("auth_method_to_string unknown enum value"); 120| 133|} _ZNK5Botan3TLS12Group_Params9to_stringEv: 393| 5.40k|std::optional Group_Params::to_string() const { 394| 5.40k| switch(m_code) { 395| 941| case Group_Params::SECP256R1: ------------------ | Branch (395:7): [True: 941, False: 4.46k] ------------------ 396| 941| return "secp256r1"; 397| 869| case Group_Params::SECP384R1: ------------------ | Branch (397:7): [True: 869, False: 4.53k] ------------------ 398| 869| return "secp384r1"; 399| 762| case Group_Params::SECP521R1: ------------------ | Branch (399:7): [True: 762, False: 4.64k] ------------------ 400| 762| return "secp521r1"; 401| 1.33k| case Group_Params::BRAINPOOL256R1: ------------------ | Branch (401:7): [True: 1.33k, False: 4.07k] ------------------ 402| 1.33k| return "brainpool256r1"; 403| 840| case Group_Params::BRAINPOOL384R1: ------------------ | Branch (403:7): [True: 840, False: 4.56k] ------------------ 404| 840| return "brainpool384r1"; 405| 659| case Group_Params::BRAINPOOL512R1: ------------------ | Branch (405:7): [True: 659, False: 4.74k] ------------------ 406| 659| return "brainpool512r1"; 407| 0| case Group_Params::X25519: ------------------ | Branch (407:7): [True: 0, False: 5.40k] ------------------ 408| 0| return "x25519"; 409| 0| case Group_Params::X448: ------------------ | Branch (409:7): [True: 0, False: 5.40k] ------------------ 410| 0| return "x448"; 411| | 412| 0| case Group_Params::FFDHE_2048: ------------------ | Branch (412:7): [True: 0, False: 5.40k] ------------------ 413| 0| return "ffdhe/ietf/2048"; 414| 0| case Group_Params::FFDHE_3072: ------------------ | Branch (414:7): [True: 0, False: 5.40k] ------------------ 415| 0| return "ffdhe/ietf/3072"; 416| 0| case Group_Params::FFDHE_4096: ------------------ | Branch (416:7): [True: 0, False: 5.40k] ------------------ 417| 0| return "ffdhe/ietf/4096"; 418| 0| case Group_Params::FFDHE_6144: ------------------ | Branch (418:7): [True: 0, False: 5.40k] ------------------ 419| 0| return "ffdhe/ietf/6144"; 420| 0| case Group_Params::FFDHE_8192: ------------------ | Branch (420:7): [True: 0, False: 5.40k] ------------------ 421| 0| return "ffdhe/ietf/8192"; 422| | 423| 0| case Group_Params::ML_KEM_512: ------------------ | Branch (423:7): [True: 0, False: 5.40k] ------------------ 424| 0| return "ML-KEM-512"; 425| 0| case Group_Params::ML_KEM_768: ------------------ | Branch (425:7): [True: 0, False: 5.40k] ------------------ 426| 0| return "ML-KEM-768"; 427| 0| case Group_Params::ML_KEM_1024: ------------------ | Branch (427:7): [True: 0, False: 5.40k] ------------------ 428| 0| return "ML-KEM-1024"; 429| | 430| 0| case Group_Params::eFRODOKEM_640_SHAKE_OQS: ------------------ | Branch (430:7): [True: 0, False: 5.40k] ------------------ 431| 0| return "eFrodoKEM-640-SHAKE"; 432| 0| case Group_Params::eFRODOKEM_976_SHAKE_OQS: ------------------ | Branch (432:7): [True: 0, False: 5.40k] ------------------ 433| 0| return "eFrodoKEM-976-SHAKE"; 434| 0| case Group_Params::eFRODOKEM_1344_SHAKE_OQS: ------------------ | Branch (434:7): [True: 0, False: 5.40k] ------------------ 435| 0| return "eFrodoKEM-1344-SHAKE"; 436| 0| case Group_Params::eFRODOKEM_640_AES_OQS: ------------------ | Branch (436:7): [True: 0, False: 5.40k] ------------------ 437| 0| return "eFrodoKEM-640-AES"; 438| 0| case Group_Params::eFRODOKEM_976_AES_OQS: ------------------ | Branch (438:7): [True: 0, False: 5.40k] ------------------ 439| 0| return "eFrodoKEM-976-AES"; 440| 0| case Group_Params::eFRODOKEM_1344_AES_OQS: ------------------ | Branch (440:7): [True: 0, False: 5.40k] ------------------ 441| 0| return "eFrodoKEM-1344-AES"; 442| | 443| 0| case Group_Params::HYBRID_X25519_eFRODOKEM_640_SHAKE_OQS: ------------------ | Branch (443:7): [True: 0, False: 5.40k] ------------------ 444| 0| return "x25519/eFrodoKEM-640-SHAKE"; 445| 0| case Group_Params::HYBRID_X25519_eFRODOKEM_640_AES_OQS: ------------------ | Branch (445:7): [True: 0, False: 5.40k] ------------------ 446| 0| return "x25519/eFrodoKEM-640-AES"; 447| 0| case Group_Params::HYBRID_X448_eFRODOKEM_976_SHAKE_OQS: ------------------ | Branch (447:7): [True: 0, False: 5.40k] ------------------ 448| 0| return "x448/eFrodoKEM-976-SHAKE"; 449| 0| case Group_Params::HYBRID_X448_eFRODOKEM_976_AES_OQS: ------------------ | Branch (449:7): [True: 0, False: 5.40k] ------------------ 450| 0| return "x448/eFrodoKEM-976-AES"; 451| 0| case Group_Params::HYBRID_SECP256R1_eFRODOKEM_640_SHAKE_OQS: ------------------ | Branch (451:7): [True: 0, False: 5.40k] ------------------ 452| 0| return "secp256r1/eFrodoKEM-640-SHAKE"; 453| 0| case Group_Params::HYBRID_SECP256R1_eFRODOKEM_640_AES_OQS: ------------------ | Branch (453:7): [True: 0, False: 5.40k] ------------------ 454| 0| return "secp256r1/eFrodoKEM-640-AES"; 455| 0| case Group_Params::HYBRID_SECP384R1_eFRODOKEM_976_SHAKE_OQS: ------------------ | Branch (455:7): [True: 0, False: 5.40k] ------------------ 456| 0| return "secp384r1/eFrodoKEM-976-SHAKE"; 457| 0| case Group_Params::HYBRID_SECP384R1_eFRODOKEM_976_AES_OQS: ------------------ | Branch (457:7): [True: 0, False: 5.40k] ------------------ 458| 0| return "secp384r1/eFrodoKEM-976-AES"; 459| 0| case Group_Params::HYBRID_SECP521R1_eFRODOKEM_1344_SHAKE_OQS: ------------------ | Branch (459:7): [True: 0, False: 5.40k] ------------------ 460| 0| return "secp521r1/eFrodoKEM-1344-SHAKE"; 461| 0| case Group_Params::HYBRID_SECP521R1_eFRODOKEM_1344_AES_OQS: ------------------ | Branch (461:7): [True: 0, False: 5.40k] ------------------ 462| 0| return "secp521r1/eFrodoKEM-1344-AES"; 463| | 464| 0| case Group_Params::HYBRID_X25519_ML_KEM_768: ------------------ | Branch (464:7): [True: 0, False: 5.40k] ------------------ 465| 0| return "x25519/ML-KEM-768"; 466| 0| case Group_Params::HYBRID_SECP256R1_ML_KEM_768: ------------------ | Branch (466:7): [True: 0, False: 5.40k] ------------------ 467| 0| return "secp256r1/ML-KEM-768"; 468| 0| case Group_Params::HYBRID_SECP384R1_ML_KEM_1024: ------------------ | Branch (468:7): [True: 0, False: 5.40k] ------------------ 469| 0| return "secp384r1/ML-KEM-1024"; 470| | 471| 0| default: ------------------ | Branch (471:7): [True: 0, False: 5.40k] ------------------ 472| 0| return std::nullopt; 473| 5.40k| } 474| 5.40k|} _ZN5Botan3TLS9Callbacks25tls_inspect_handshake_msgERKNS0_17Handshake_MessageE: 49| 27.6k|void TLS::Callbacks::tls_inspect_handshake_msg(const Handshake_Message& /*unused*/) { 50| | // default is no op 51| 27.6k|} _ZN5Botan3TLS9Callbacks25tls_peer_network_identityEv: 57| 8.63k|std::string TLS::Callbacks::tls_peer_network_identity() { 58| 8.63k| return ""; 59| 8.63k|} _ZN5Botan3TLS9Callbacks21tls_current_timestampEv: 61| 6.58k|std::chrono::system_clock::time_point TLS::Callbacks::tls_current_timestamp() { 62| 6.58k| return std::chrono::system_clock::now(); 63| 6.58k|} _ZN5Botan3TLS9Callbacks21tls_modify_extensionsERNS0_10ExtensionsENS0_15Connection_SideENS0_14Handshake_TypeE: 67| 3.22k| Handshake_Type /*unused*/) {} _ZN5Botan3TLS9Callbacks22tls_examine_extensionsERKNS0_10ExtensionsENS0_15Connection_SideENS0_14Handshake_TypeE: 71| 3.39k| Handshake_Type /*unused*/) {} _ZN5Botan3TLS9Callbacks41tls_should_persist_resumption_informationERKNS0_7SessionE: 73| 129|bool TLS::Callbacks::tls_should_persist_resumption_information(const Session& session) { 74| | // RFC 5077 3.3 75| | // The ticket_lifetime_hint field contains a hint from the server about 76| | // how long the ticket should be stored. A value of zero is reserved to 77| | // indicate that the lifetime of the ticket is unspecified. 78| | // 79| | // RFC 8446 4.6.1 80| | // [A ticket_lifetime] of zero indicates that the ticket should be discarded 81| | // immediately. 82| | // 83| | // By default we opt to keep all sessions, except for TLS 1.3 with a lifetime 84| | // hint of zero. 85| 129| return session.lifetime_hint().count() > 0 || session.version().is_pre_tls_13(); ------------------ | Branch (85:11): [True: 129, False: 0] | Branch (85:50): [True: 0, False: 0] ------------------ 86| 129|} _ZN5Botan3TLS9Callbacks31tls_deserialize_peer_public_keyERKNSt3__17variantIJNS0_12Group_ParamsENS_8DL_GroupEEEENS2_4spanIKhLm18446744073709551615EEE: 191| 2.33k| const std::variant& group, std::span key_bits) { 192| 2.33k| if(is_dh_group(group)) { ------------------ | Branch (192:7): [True: 0, False: 2.33k] ------------------ 193| | // TLS 1.2 allows specifying arbitrary DL_Group parameters in-lieu of 194| | // a standardized DH group identifier. 195| 0| const auto dl_group = get_dl_group(group); 196| | 197| 0| auto Y = BigInt::from_bytes(key_bits); 198| | 199| | /* 200| | * A basic check for key validity. As we do not know q here we 201| | * cannot check that Y is in the right subgroup. However since 202| | * our key is ephemeral there does not seem to be any 203| | * advantage to bogus keys anyway. 204| | */ 205| 0| if(Y <= 1 || Y >= dl_group.get_p() - 1) { ------------------ | Branch (205:10): [True: 0, False: 0] | Branch (205:10): [True: 0, False: 0] | Branch (205:20): [True: 0, False: 0] ------------------ 206| 0| throw Decoding_Error("Server sent bad DH key for DHE exchange"); 207| 0| } 208| | 209| 0| return std::make_unique(dl_group, Y); 210| 0| } 211| | 212| | // The special case for TLS 1.2 with an explicit DH group definition is 213| | // handled above. All other cases are based on the opaque group definition. 214| 2.33k| BOTAN_ASSERT_NOMSG(std::holds_alternative(group)); ------------------ | | 77| 2.33k| do { \ | | 78| 2.33k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 2.33k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 2.33k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 2.33k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 2.33k] | | ------------------ ------------------ 215| 2.33k| const auto group_params = std::get(group); 216| | 217| 2.33k| if(group_params.is_ecdh_named_curve()) { ------------------ | Branch (217:7): [True: 2.32k, False: 15] ------------------ 218| 2.32k| const auto ec_group = EC_Group::from_name(group_params.to_string().value()); 219| 2.32k| return std::make_unique(ec_group, EC_AffinePoint(ec_group, key_bits)); 220| 2.32k| } 221| | 222| 15|#if defined(BOTAN_HAS_X25519) 223| 15| if(group_params.is_x25519()) { ------------------ | Branch (223:7): [True: 10, False: 5] ------------------ 224| 10| return std::make_unique(key_bits); 225| 10| } 226| 5|#endif 227| | 228| 5|#if defined(BOTAN_HAS_X448) 229| 5| if(group_params.is_x448()) { ------------------ | Branch (229:7): [True: 5, False: 0] ------------------ 230| 5| return std::make_unique(key_bits); 231| 5| } 232| 0|#endif 233| | 234| 0|#if defined(BOTAN_HAS_TLS_13_PQC) 235| 0| if(group_params.is_pqc_hybrid()) { ------------------ | Branch (235:7): [True: 0, False: 0] ------------------ 236| 0| return Hybrid_KEM_PublicKey::load_for_group(group_params, key_bits); 237| 0| } 238| 0|#endif 239| | 240| 0|#if defined(BOTAN_HAS_ML_KEM) 241| 0| if(group_params.is_pure_ml_kem()) { ------------------ | Branch (241:7): [True: 0, False: 0] ------------------ 242| 0| return std::make_unique(key_bits, ML_KEM_Mode(group_params.to_string().value())); 243| 0| } 244| 0|#endif 245| | 246| 0|#if defined(BOTAN_HAS_FRODOKEM) 247| 0| if(group_params.is_pure_frodokem()) { ------------------ | Branch (247:7): [True: 0, False: 0] ------------------ 248| 0| return std::make_unique(key_bits, FrodoKEMMode(group_params.to_string().value())); 249| 0| } 250| 0|#endif 251| | 252| 0| throw Decoding_Error("cannot create a key offering without a group definition"); 253| 0|} _ZN5Botan3TLS9Callbacks26tls_generate_ephemeral_keyERKNSt3__17variantIJNS0_12Group_ParamsENS_8DL_GroupEEEERNS_21RandomNumberGeneratorE: 343| 3.10k| const std::variant& group, RandomNumberGenerator& rng) { 344| 3.10k| if(is_dh_group(group)) { ------------------ | Branch (344:7): [True: 0, False: 3.10k] ------------------ 345| 0| const DL_Group dl_group = get_dl_group(group); 346| 0| return std::make_unique(rng, dl_group); 347| 0| } 348| | 349| 3.10k| BOTAN_ASSERT_NOMSG(std::holds_alternative(group)); ------------------ | | 77| 3.10k| do { \ | | 78| 3.10k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 3.10k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 3.10k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 3.10k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 3.10k] | | ------------------ ------------------ 350| 3.10k| const auto group_params = std::get(group); 351| | 352| 3.10k| if(group_params.is_ecdh_named_curve()) { ------------------ | Branch (352:7): [True: 3.08k, False: 26] ------------------ 353| 3.08k| const auto ec_group = EC_Group::from_name(group_params.to_string().value()); 354| 3.08k| return std::make_unique(rng, ec_group); 355| 3.08k| } 356| | 357| 26|#if defined(BOTAN_HAS_X25519) 358| 26| if(group_params.is_x25519()) { ------------------ | Branch (358:7): [True: 16, False: 10] ------------------ 359| 16| return std::make_unique(rng); 360| 16| } 361| 10|#endif 362| | 363| 10|#if defined(BOTAN_HAS_X448) 364| 10| if(group_params.is_x448()) { ------------------ | Branch (364:7): [True: 10, False: 0] ------------------ 365| 10| return std::make_unique(rng); 366| 10| } 367| 0|#endif 368| | 369| 0| if(group_params.is_kem()) { ------------------ | Branch (369:7): [True: 0, False: 0] ------------------ 370| 0| throw TLS_Exception(Alert::IllegalParameter, "cannot generate an ephemeral KEX key for a KEM"); 371| 0| } 372| | 373| 0| throw TLS_Exception(Alert::DecodeError, "cannot create a key offering without a group definition"); 374| 0|} _ZN5Botan3TLS9Callbacks33tls12_generate_ephemeral_ecdh_keyENS0_12Group_ParamsERNS_21RandomNumberGeneratorENS_15EC_Point_FormatE: 377| 3.08k| TLS::Group_Params group, RandomNumberGenerator& rng, EC_Point_Format tls12_ecc_pubkey_encoding_format) { 378| | // Delegating to the "universal" callback to obtain an ECDH key pair 379| 3.08k| auto key = tls_generate_ephemeral_key(group, rng); 380| | 381| | // For ordinary ECDH key pairs (that are derived from `ECDH_PublicKey`), we 382| | // set the internal point encoding flag for the key before passing it on into 383| | // the TLS 1.2 implementation. For user-defined keypair types (e.g. to 384| | // offload to some crypto hardware) inheriting from Botan's `ECDH_PublicKey` 385| | // might not be feasible. Such users should consider overriding this 386| | // ECDH-specific callback and ensure that their custom class handles the 387| | // public point encoding as requested by `tls12_ecc_pubkey_encoding_format`. 388| 3.08k| if(auto* ecc_key = dynamic_cast(key.get())) { ------------------ | Branch (388:13): [True: 3.08k, False: 0] ------------------ 389| 3.08k| ecc_key->set_point_encoding(tls12_ecc_pubkey_encoding_format); 390| 3.08k| } 391| | 392| 3.08k| return key; 393| 3.08k|} _ZN5Botan3TLS9Callbacks27tls_ephemeral_key_agreementERKNSt3__17variantIJNS0_12Group_ParamsENS_8DL_GroupEEEERKNS_20PK_Key_Agreement_KeyERKNS2_6vectorIhNS2_9allocatorIhEEEERNS_21RandomNumberGeneratorERKNS0_6PolicyE: 400| 2.33k| const Policy& policy) { 401| 2.33k| const auto kex_pub_key = [&]() { 402| 2.33k| try { 403| 2.33k| return tls_deserialize_peer_public_key(group, public_value); 404| 2.33k| } catch(const Decoding_Error& ex) { 405| | // This exception means that the public key was invalid. However, 406| | // TLS' DecodeError would imply that a protocol message was invalid. 407| 2.33k| throw TLS_Exception(Alert::IllegalParameter, ex.what()); 408| 2.33k| } catch(const Invalid_Argument& ex) { 409| 2.33k| throw TLS_Exception(Alert::IllegalParameter, ex.what()); 410| 2.33k| } 411| 2.33k| }(); 412| | 413| 2.33k| BOTAN_ASSERT_NONNULL(kex_pub_key); ------------------ | | 116| 2.33k| do { \ | | 117| 2.33k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 2.33k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 2.33k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 2.33k] | | ------------------ ------------------ 414| 2.33k| policy.check_peer_key_acceptable(*kex_pub_key); 415| | 416| | // RFC 8422 - 5.11. 417| | // With X25519 and X448, a receiving party MUST check whether the 418| | // computed premaster secret is the all-zero value and abort the 419| | // handshake if so, as described in Section 6 of [RFC7748]. 420| | // 421| | // This is done within the key agreement operation and throws 422| | // an Invalid_Argument exception if the shared secret is all-zero. 423| 2.33k| try { 424| 2.33k| const PK_Key_Agreement ka(private_key, rng, "Raw"); 425| 2.33k| return ka.derive_key(0, kex_pub_key->raw_public_key_bits()).bits_of(); 426| 2.33k| } catch(const Invalid_Argument& ex) { 427| 2| throw TLS_Exception(Alert::IllegalParameter, ex.what()); 428| 2| } 429| 2.33k|} _ZN5Botan3TLS9Callbacks23tls_session_establishedERKNS0_15Session_SummaryE: 431| 129|void TLS::Callbacks::tls_session_established(const Session_Summary& session) { 432| 129| BOTAN_UNUSED(session); ------------------ | | 144| 129|#define BOTAN_UNUSED Botan::ignore_params ------------------ 433| 129|} _ZN5Botan3TLS9Callbacks23tls_provide_cert_statusERKNSt3__16vectorINS_16X509_CertificateENS2_9allocatorIS4_EEEERKNS0_26Certificate_Status_RequestE: 436| 2| const Certificate_Status_Request& csr) { 437| 2| BOTAN_UNUSED(chain, csr); ------------------ | | 144| 2|#define BOTAN_UNUSED Botan::ignore_params ------------------ 438| 2| return std::vector(); 439| 2|} _ZNK5Botan3TLS9Callbacks27tls12_protocol_specific_kdfENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 459| 1.72k|std::unique_ptr TLS::Callbacks::tls12_protocol_specific_kdf(std::string_view prf_algo) const { 460| 1.72k| if(prf_algo == "MD5" || prf_algo == "SHA-1") { ------------------ | Branch (460:7): [True: 0, False: 1.72k] | Branch (460:28): [True: 680, False: 1.04k] ------------------ 461| 680| return KDF::create_or_throw("TLS-12-PRF(SHA-256)"); 462| 680| } 463| | 464| 1.04k| return KDF::create_or_throw(Botan::fmt("TLS-12-PRF({})", prf_algo)); 465| 1.72k|} tls_callbacks.cpp:_ZN5Botan12_GLOBAL__N_111is_dh_groupERKNSt3__17variantIJNS_3TLS12Group_ParamsENS_8DL_GroupEEEE: 172| 5.44k|bool is_dh_group(const std::variant& group) { 173| 5.44k| return std::holds_alternative(group) || std::get(group).is_dh_named_group(); ------------------ | Branch (173:11): [True: 0, False: 5.44k] | Branch (173:54): [True: 0, False: 5.44k] ------------------ 174| 5.44k|} tls_callbacks.cpp:_ZZN5Botan3TLS9Callbacks27tls_ephemeral_key_agreementERKNSt3__17variantIJNS0_12Group_ParamsENS_8DL_GroupEEEERKNS_20PK_Key_Agreement_KeyERKNS2_6vectorIhNS2_9allocatorIhEEEERNS_21RandomNumberGeneratorERKNS0_6PolicyEENK3$_0clEv: 401| 2.33k| const auto kex_pub_key = [&]() { 402| 2.33k| try { 403| 2.33k| return tls_deserialize_peer_public_key(group, public_value); 404| 2.33k| } catch(const Decoding_Error& ex) { 405| | // This exception means that the public key was invalid. However, 406| | // TLS' DecodeError would imply that a protocol message was invalid. 407| 525| throw TLS_Exception(Alert::IllegalParameter, ex.what()); 408| 525| } catch(const Invalid_Argument& ex) { 409| 12| throw TLS_Exception(Alert::IllegalParameter, ex.what()); 410| 12| } 411| 2.33k| }(); _ZNK5Botan3TLS11Ciphersuite26nonce_bytes_from_handshakeEv: 16| 1.93k|size_t Ciphersuite::nonce_bytes_from_handshake() const { 17| 1.93k| switch(m_nonce_format) { ------------------ | Branch (17:11): [True: 1.93k, False: 0] ------------------ 18| 1.17k| case Nonce_Format::CBC_MODE: ------------------ | Branch (18:7): [True: 1.17k, False: 762] ------------------ 19| 1.17k| return 0; 20| 248| case Nonce_Format::AEAD_IMPLICIT_4: ------------------ | Branch (20:7): [True: 248, False: 1.68k] ------------------ 21| 248| return 4; 22| 514| case Nonce_Format::AEAD_XOR_12: ------------------ | Branch (22:7): [True: 514, False: 1.41k] ------------------ 23| 514| return 12; 24| 0| case Nonce_Format::NULL_CIPHER: ------------------ | Branch (24:7): [True: 0, False: 1.93k] ------------------ 25| 0| return 0; 26| 1.93k| } 27| | 28| 0| throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value"); 29| 1.93k|} _ZNK5Botan3TLS11Ciphersuite23nonce_bytes_from_recordENS0_16Protocol_VersionE: 31| 464|size_t Ciphersuite::nonce_bytes_from_record(Protocol_Version version) const { 32| 464| BOTAN_UNUSED(version); ------------------ | | 144| 464|#define BOTAN_UNUSED Botan::ignore_params ------------------ 33| 464| switch(m_nonce_format) { ------------------ | Branch (33:11): [True: 464, False: 0] ------------------ 34| 254| case Nonce_Format::CBC_MODE: ------------------ | Branch (34:7): [True: 254, False: 210] ------------------ 35| 254| return cipher_algo() == "3DES" ? 8 : 16; ------------------ | Branch (35:17): [True: 75, False: 179] ------------------ 36| 133| case Nonce_Format::AEAD_IMPLICIT_4: ------------------ | Branch (36:7): [True: 133, False: 331] ------------------ 37| 133| return 8; 38| 77| case Nonce_Format::AEAD_XOR_12: ------------------ | Branch (38:7): [True: 77, False: 387] ------------------ 39| 77| case Nonce_Format::NULL_CIPHER: ------------------ | Branch (39:7): [True: 0, False: 464] ------------------ 40| 77| return 0; 41| 464| } 42| | 43| 0| throw Invalid_State("In Ciphersuite::nonce_bytes_from_handshake invalid enum value"); 44| 464|} _ZNK5Botan3TLS11Ciphersuite15ecc_ciphersuiteEv: 73| 3.41k|bool Ciphersuite::ecc_ciphersuite() const { 74| 3.41k| return kex_method() == Kex_Algo::ECDH || kex_method() == Kex_Algo::ECDHE_PSK || auth_method() == Auth_Method::ECDSA; ------------------ | Branch (74:11): [True: 12, False: 3.40k] | Branch (74:45): [True: 3.14k, False: 262] | Branch (74:84): [True: 0, False: 262] ------------------ 75| 3.41k|} _ZNK5Botan3TLS11Ciphersuite17usable_in_versionENS0_16Protocol_VersionE: 77| 319k|bool Ciphersuite::usable_in_version(Protocol_Version version) const { 78| | // RFC 8446 B.4.: 79| | // Although TLS 1.3 uses the same cipher suite space as previous 80| | // versions of TLS, TLS 1.3 cipher suites are defined differently, only 81| | // specifying the symmetric ciphers, and cannot be used for TLS 1.2. 82| | // Similarly, cipher suites for TLS 1.2 and lower cannot be used with 83| | // TLS 1.3. 84| | // 85| | // Currently cipher suite codes {0x13,0x01} through {0x13,0x05} are 86| | // allowed for TLS 1.3. This may change in the future. 87| 319k| const auto is_legacy_suite = (ciphersuite_code() & 0xFF00) != 0x1300; 88| 319k| return version.is_pre_tls_13() == is_legacy_suite; 89| 319k|} _ZNK5Botan3TLS11Ciphersuite15cbc_ciphersuiteEv: 91| 3.22k|bool Ciphersuite::cbc_ciphersuite() const { 92| 3.22k| return (mac_algo() != "AEAD" && cipher_algo() != "NULL"); ------------------ | Branch (92:12): [True: 2.14k, False: 1.07k] | Branch (92:36): [True: 2.14k, False: 0] ------------------ 93| 3.22k|} _ZNK5Botan3TLS11Ciphersuite14signature_usedEv: 103| 13.2k|bool Ciphersuite::signature_used() const { 104| 13.2k| return auth_method() != Auth_Method::IMPLICIT; 105| 13.2k|} _ZNK5Botan3TLS11Ciphersuite23is_certificate_requiredEv: 107| 6.59k|bool Ciphersuite::is_certificate_required() const { 108| 6.59k| return signature_used() || kex_method() == Kex_Algo::STATIC_RSA; ------------------ | Branch (108:11): [True: 123, False: 6.47k] | Branch (108:31): [True: 30, False: 6.44k] ------------------ 109| 6.59k|} _ZN5Botan3TLS11Ciphersuite5by_idEt: 111| 10.0k|std::optional Ciphersuite::by_id(uint16_t suite) { 112| 10.0k| const std::vector& all_suites = all_known_ciphersuites(); 113| 10.0k| auto s = std::lower_bound(all_suites.begin(), all_suites.end(), suite); 114| | 115| 10.0k| if(s != all_suites.end() && s->ciphersuite_code() == suite) { ------------------ | Branch (115:7): [True: 10.0k, False: 0] | Branch (115:7): [True: 10.0k, False: 0] | Branch (115:32): [True: 10.0k, False: 0] ------------------ 116| 10.0k| return *s; 117| 10.0k| } 118| | 119| 0| return std::nullopt; // some unknown ciphersuite 120| 10.0k|} _ZN5Botan3TLS10ExtensionsD2Ev: 141| 22.0k|Extensions::~Extensions() = default; _ZNK5Botan3TLS10Extensions3hasENS0_14Extension_CodeE: 143| 118k|bool Extensions::has(Extension_Code type) const { 144| 118k| return m_extensions.contains(type); 145| 118k|} _ZNK5Botan3TLS10Extensions3getENS0_14Extension_CodeE: 147| 94.1k|Extension* Extensions::get(Extension_Code type) const { 148| 94.1k| const auto i = m_extensions.find(type); 149| | 150| 94.1k| if(i == m_extensions.end()) { ------------------ | Branch (150:7): [True: 70.1k, False: 24.0k] ------------------ 151| 70.1k| return nullptr; 152| 70.1k| } else { 153| 24.0k| return i->second.get(); 154| 24.0k| } 155| 94.1k|} _ZN5Botan3TLS10Extensions3addENSt3__110unique_ptrINS0_9ExtensionENS2_14default_deleteIS4_EEEE: 157| 61.7k|void Extensions::add(std::unique_ptr extn) { 158| 61.7k| const auto type = extn->type(); 159| 61.7k| if(has(type)) { ------------------ | Branch (159:7): [True: 0, False: 61.7k] ------------------ 160| 0| throw Invalid_Argument("cannot add the same extension twice: " + std::to_string(static_cast(type))); 161| 0| } 162| | 163| 61.7k| m_extension_codes.push_back(type); 164| 61.7k| m_extensions.emplace(type, std::move(extn)); 165| 61.7k|} _ZN5Botan3TLS10Extensions11deserializeERNS0_15TLS_Data_ReaderENS0_15Connection_SideENS0_14Handshake_TypeE: 167| 17.6k|void Extensions::deserialize(TLS_Data_Reader& reader, const Connection_Side from, const Handshake_Type message_type) { 168| 17.6k| if(reader.has_remaining()) { ------------------ | Branch (168:7): [True: 11.2k, False: 6.33k] ------------------ 169| 11.2k| const uint16_t all_extn_size = reader.get_uint16_t(); 170| | 171| 11.2k| if(reader.remaining_bytes() != all_extn_size) { ------------------ | Branch (171:10): [True: 42, False: 11.2k] ------------------ 172| 42| throw Decoding_Error("Bad extension size"); 173| 42| } 174| | 175| 67.6k| while(reader.has_remaining()) { ------------------ | Branch (175:13): [True: 56.3k, False: 11.2k] ------------------ 176| 56.3k| const uint16_t extension_code = reader.get_uint16_t(); 177| 56.3k| const uint16_t extension_size = reader.get_uint16_t(); 178| | 179| 56.3k| const auto type = static_cast(extension_code); 180| | 181| 56.3k| if(this->has(type)) { ------------------ | Branch (181:13): [True: 4, False: 56.3k] ------------------ 182| 4| throw TLS_Exception(TLS::Alert::DecodeError, "Peer sent duplicated extensions"); 183| 4| } 184| | 185| | // TODO offer a function on reader that returns a byte range as a reference 186| | // to avoid this copy of the extension data 187| 56.3k| const std::vector extn_data = reader.get_fixed(extension_size); 188| 56.3k| m_raw_extension_data[type] = extn_data; 189| 56.3k| TLS_Data_Reader extn_reader("Extension", extn_data); 190| 56.3k| this->add(make_extension(extn_reader, type, from, message_type)); 191| 56.3k| extn_reader.assert_done(); 192| 56.3k| } 193| 11.2k| } 194| 17.6k|} _ZNK5Botan3TLS10Extensions19contains_other_thanERKNSt3__13setINS0_14Extension_CodeENS2_4lessIS4_EENS2_9allocatorIS4_EEEEb: 197| 229| const bool allow_unknown_extensions) const { 198| 229| const auto found = extension_types(); 199| | 200| 229| std::vector diff; 201| 229| std::set_difference( 202| 229| found.cbegin(), found.end(), allowed_extensions.cbegin(), allowed_extensions.cend(), std::back_inserter(diff)); 203| | 204| 229| if(allow_unknown_extensions) { ------------------ | Branch (204:7): [True: 228, False: 1] ------------------ 205| | // Go through the found unexpected extensions whether any of those 206| | // is known to this TLS implementation. 207| 228| const auto itr = std::find_if(diff.cbegin(), diff.cend(), [this](const auto ext_type) { 208| 228| const auto ext = get(ext_type); 209| 228| return ext && ext->is_implemented(); 210| 228| }); 211| | 212| | // ... if yes, `contains_other_than` is true 213| 228| return itr != diff.cend(); 214| 228| } 215| | 216| 1| return !diff.empty(); 217| 229|} _ZNK5Botan3TLS10Extensions9serializeENS0_15Connection_SideE: 232| 3.22k|std::vector Extensions::serialize(Connection_Side whoami) const { 233| 3.22k| std::vector buf(2); // 2 bytes for length field 234| | 235| | // Serialize in the order extensions were added, which matters for TLS 1.3 236| 3.74k| for(const auto extn_type : m_extension_codes) { ------------------ | Branch (236:29): [True: 3.74k, False: 3.22k] ------------------ 237| 3.74k| const auto& extn = m_extensions.at(extn_type); 238| | 239| 3.74k| if(extn->empty()) { ------------------ | Branch (239:10): [True: 0, False: 3.74k] ------------------ 240| 0| continue; 241| 0| } 242| | 243| 3.74k| const uint16_t extn_code = static_cast(extn_type); 244| | 245| 3.74k| const std::vector extn_val = extn->serialize(whoami); 246| | 247| | // Each extension carries a uint16 length prefix. 248| 3.74k| BOTAN_ASSERT_NOMSG(extn_val.size() <= 0xFFFF); ------------------ | | 77| 3.74k| do { \ | | 78| 3.74k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 3.74k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 3.74k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 3.74k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 3.74k] | | ------------------ ------------------ 249| | 250| 3.74k| buf.push_back(get_byte<0>(extn_code)); 251| 3.74k| buf.push_back(get_byte<1>(extn_code)); 252| | 253| 3.74k| buf.push_back(get_byte<0>(static_cast(extn_val.size()))); 254| 3.74k| buf.push_back(get_byte<1>(static_cast(extn_val.size()))); 255| | 256| 3.74k| buf += extn_val; 257| 3.74k| } 258| | 259| | // The outer extensions block is itself uint16-length-prefixed. 260| 3.22k| BOTAN_ASSERT_NOMSG(buf.size() - 2 <= 0xFFFF); ------------------ | | 77| 3.22k| do { \ | | 78| 3.22k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 3.22k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 3.22k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 3.22k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 3.22k] | | ------------------ ------------------ 261| 3.22k| const uint16_t extn_size = static_cast(buf.size() - 2); 262| | 263| 3.22k| buf[0] = get_byte<0>(extn_size); 264| 3.22k| buf[1] = get_byte<1>(extn_size); 265| | 266| | // avoid sending a completely empty extensions block 267| 3.22k| if(buf.size() == 2) { ------------------ | Branch (267:7): [True: 0, False: 3.22k] ------------------ 268| 0| return std::vector(); 269| 0| } 270| | 271| 3.22k| return buf; 272| 3.22k|} _ZNK5Botan3TLS10Extensions15extension_typesEv: 274| 3.34k|std::set Extensions::extension_types() const { 275| 3.34k| std::set offers; 276| 23.7k| for(const auto& [extn_type, extn] : m_extensions) { ------------------ | Branch (276:38): [True: 23.7k, False: 3.34k] ------------------ 277| | // Consistent with serialize(): empty extensions are not placed on 278| | // the wire so they must not appear in the "offered" set either. 279| 23.7k| if(!extn->empty()) { ------------------ | Branch (279:10): [True: 23.7k, False: 4] ------------------ 280| 23.7k| offers.insert(extn_type); 281| 23.7k| } 282| 23.7k| } 283| 3.34k| return offers; 284| 3.34k|} _ZN5Botan3TLS17Unknown_ExtensionC2ENS0_14Extension_CodeERNS0_15TLS_Data_ReaderEt: 314| 37.4k| m_type(type), m_value(reader.get_fixed(extension_size)) {} _ZN5Botan3TLS21Server_Name_IndicatorC2ERNS0_15TLS_Data_ReaderEtNS0_15Connection_SideE: 320| 108|Server_Name_Indicator::Server_Name_Indicator(TLS_Data_Reader& reader, uint16_t extension_size, Connection_Side from) { 321| | /* 322| | RFC 6066 Section 3 323| | 324| | A server that receives a client hello containing the "server_name" 325| | extension MAY use the information contained in the extension to guide 326| | its selection of an appropriate certificate to return to the client, 327| | and/or other aspects of security policy. In this event, the server 328| | SHALL include an extension of type "server_name" in the (extended) 329| | server hello. The "extension_data" field of this extension SHALL be 330| | empty. 331| | */ 332| 108| if(from == Connection_Side::Server) { ------------------ | Branch (332:7): [True: 52, False: 56] ------------------ 333| 52| if(extension_size != 0) { ------------------ | Branch (333:10): [True: 2, False: 50] ------------------ 334| 2| throw TLS_Exception(Alert::IllegalParameter, "Server sent non-empty SNI extension"); 335| 2| } 336| 56| } else { 337| | // Clients are required to send at least one name in the SNI 338| 56| if(extension_size == 0) { ------------------ | Branch (338:10): [True: 5, False: 51] ------------------ 339| 5| throw TLS_Exception(Alert::IllegalParameter, "Client sent empty SNI extension"); 340| 5| } 341| | 342| 51| const uint16_t name_bytes = reader.get_uint16_t(); 343| | 344| | // RFC 6066 3: a ServerName carrying a host_name (the only NameType 345| | // currently defined and the only one this implementation acts on) 346| | // requires at least 1 byte name_type + 2 byte length + 1 byte HostName. 347| 51| if(name_bytes + 2 != extension_size || name_bytes < 4) { ------------------ | Branch (347:10): [True: 19, False: 32] | Branch (347:46): [True: 1, False: 31] ------------------ 348| 20| throw Decoding_Error("Bad encoding of SNI extension"); 349| 20| } 350| | 351| 31| BOTAN_ASSERT_NOMSG(reader.remaining_bytes() == name_bytes); ------------------ | | 77| 31| do { \ | | 78| 31| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 31| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 31] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 31| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 31] | | ------------------ ------------------ 352| | 353| 88| while(reader.has_remaining()) { ------------------ | Branch (353:13): [True: 60, False: 28] ------------------ 354| 60| const uint8_t name_type = reader.get_byte(); 355| | 356| 60| if(name_type == 0) { ------------------ | Branch (356:13): [True: 23, False: 37] ------------------ 357| | /* 358| | RFC 6066 Section 3 359| | The ServerNameList MUST NOT contain more than one name of the same name_type. 360| | */ 361| 23| if(!m_sni_host_name.empty()) { ------------------ | Branch (361:16): [True: 3, False: 20] ------------------ 362| 3| throw Decoding_Error("TLS ServerNameIndicator contains more than one host_name"); 363| 3| } 364| 20| m_sni_host_name = reader.get_string(2, 1, 65535); 365| 37| } else { 366| | /* 367| | Unknown name type - skip its length-prefixed value and continue 368| | 369| | RFC 6066 Section 3 370| | For backward compatibility, all future data structures associated 371| | with new NameTypes MUST begin with a 16-bit length field. 372| | */ 373| 37| const uint16_t unknown_name_len = reader.get_uint16_t(); 374| 37| reader.discard_next(unknown_name_len); 375| 37| } 376| 60| } 377| 31| } 378| 108|} _ZN5Botan3TLS39Application_Layer_Protocol_NotificationC2ENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 432| 10|Application_Layer_Protocol_Notification::Application_Layer_Protocol_Notification(std::string_view protocol) { 433| 10| BOTAN_ARG_CHECK(!protocol.empty(), "ALPN protocol name must not be empty"); ------------------ | | 35| 10| do { \ | | 36| 10| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 10| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 10] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 10| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 10] | | ------------------ ------------------ 434| 10| BOTAN_ARG_CHECK(protocol.size() < 256, "ALPN protocol name too long"); ------------------ | | 35| 10| do { \ | | 36| 10| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 10| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 10] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 10| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 10] | | ------------------ ------------------ 435| 10| m_protocols.emplace_back(protocol); 436| 10|} _ZN5Botan3TLS39Application_Layer_Protocol_NotificationC2ERNS0_15TLS_Data_ReaderEtNS0_15Connection_SideE: 449| 105| Connection_Side from) { 450| 105| if(extension_size < 2) { ------------------ | Branch (450:7): [True: 3, False: 102] ------------------ 451| 3| throw Decoding_Error("ALPN extension cannot be empty"); 452| 3| } 453| | 454| 102| const uint16_t name_bytes = reader.get_uint16_t(); 455| | 456| 102| size_t bytes_remaining = extension_size - 2; 457| | 458| 102| if(name_bytes != bytes_remaining) { ------------------ | Branch (458:7): [True: 14, False: 88] ------------------ 459| 14| throw Decoding_Error("Bad encoding of ALPN extension, bad length field"); 460| 14| } 461| | 462| | // RFC 7301 3.1: ProtocolName protocol_name_list<2..2^16-1> 463| 88| if(name_bytes == 0) { ------------------ | Branch (463:7): [True: 2, False: 86] ------------------ 464| 2| throw Decoding_Error("Empty ALPN protocol_name_list not allowed"); 465| 2| } 466| | 467| 1.16k| while(bytes_remaining > 0) { ------------------ | Branch (467:10): [True: 1.08k, False: 81] ------------------ 468| 1.08k| const std::string p = reader.get_string(1, 0, 255); 469| | 470| 1.08k| if(bytes_remaining < p.size() + 1) { ------------------ | Branch (470:10): [True: 0, False: 1.08k] ------------------ 471| 0| throw Decoding_Error("Bad encoding of ALPN, length field too long"); 472| 0| } 473| | 474| 1.08k| if(p.empty()) { ------------------ | Branch (474:10): [True: 5, False: 1.07k] ------------------ 475| 5| throw Decoding_Error("Empty ALPN protocol not allowed"); 476| 5| } 477| | 478| 1.07k| bytes_remaining -= (p.size() + 1); 479| | 480| 1.07k| m_protocols.push_back(p); 481| 1.07k| } 482| | 483| | // RFC 7301 3.1 484| | // The "extension_data" field of the [...] extension is structured the 485| | // same as described above for the client "extension_data", except that 486| | // the "ProtocolNameList" MUST contain exactly one "ProtocolName". 487| 81| if(from == Connection_Side::Server && m_protocols.size() != 1) { ------------------ | Branch (487:7): [True: 9, False: 72] | Branch (487:42): [True: 6, False: 3] ------------------ 488| 6| throw TLS_Exception( 489| 6| Alert::DecodeError, 490| 6| "Server sent " + std::to_string(m_protocols.size()) + " protocols in ALPN extension response"); 491| 6| } 492| 81|} _ZNK5Botan3TLS39Application_Layer_Protocol_Notification9serializeENS0_15Connection_SideE: 499| 10|std::vector Application_Layer_Protocol_Notification::serialize(Connection_Side /*whoami*/) const { 500| 10| std::vector buf(2); 501| | 502| 10| for(auto&& proto : m_protocols) { ------------------ | Branch (502:21): [True: 10, False: 10] ------------------ 503| 10| if(proto.length() >= 256) { ------------------ | Branch (503:10): [True: 0, False: 10] ------------------ 504| 0| throw TLS_Exception(Alert::InternalError, "ALPN name too long"); 505| 0| } 506| 10| if(!proto.empty()) { ------------------ | Branch (506:10): [True: 10, False: 0] ------------------ 507| 10| append_tls_length_value(buf, proto, 1); 508| 10| } 509| 10| } 510| | 511| | // RFC 7301 3.1: ProtocolName protocol_name_list<2..2^16-1>; 512| 10| BOTAN_ASSERT_NOMSG(buf.size() - 2 <= 0xFFFF); ------------------ | | 77| 10| do { \ | | 78| 10| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 10| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 10] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 10| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 10] | | ------------------ ------------------ 513| 10| buf[0] = get_byte<0>(static_cast(buf.size() - 2)); 514| 10| buf[1] = get_byte<1>(static_cast(buf.size() - 2)); 515| | 516| 10| return buf; 517| 10|} _ZN5Botan3TLS21Certificate_Type_BaseC2ERNS0_15TLS_Data_ReaderEtNS0_15Connection_SideE: 555| 402| m_from(from) { 556| 402| if(extension_size == 0) { ------------------ | Branch (556:7): [True: 4, False: 398] ------------------ 557| 4| throw Decoding_Error("Certificate type extension cannot be empty"); 558| 4| } 559| | 560| 398| if(from == Connection_Side::Client) { ------------------ | Branch (560:7): [True: 381, False: 17] ------------------ 561| 381| const auto type_bytes = reader.get_tls_length_value(1); 562| 381| if(static_cast(extension_size) != type_bytes.size() + 1) { ------------------ | Branch (562:10): [True: 2, False: 379] ------------------ 563| 2| throw Decoding_Error("certificate type extension had inconsistent length"); 564| 2| } 565| | // RFC 7250 4: {client,server}_certificate_types<1..2^8-1> so must be non-empty 566| 379| if(type_bytes.empty()) { ------------------ | Branch (566:10): [True: 1, False: 378] ------------------ 567| 1| throw Decoding_Error("Certificate type extension contains no types"); 568| 1| } 569| 378| std::transform( 570| 378| type_bytes.begin(), type_bytes.end(), std::back_inserter(m_certificate_types), [](const auto type_byte) { 571| 378| return static_cast(type_byte); 572| 378| }); 573| 378| } else { 574| | // RFC 7250 4.2 575| | // Note that only a single value is permitted in the 576| | // server_certificate_type extension when carried in the server hello. 577| 17| if(extension_size != 1) { ------------------ | Branch (577:10): [True: 3, False: 14] ------------------ 578| 3| throw Decoding_Error("Server's certificate type extension must be of length 1"); 579| 3| } 580| 14| const auto type_byte = reader.get_byte(); 581| 14| m_certificate_types.push_back(static_cast(type_byte)); 582| 14| } 583| 398|} _ZNK5Botan3TLS16Supported_Groups9ec_groupsEv: 628| 6.29k|std::vector Supported_Groups::ec_groups() const { 629| 6.29k| std::vector ec; 630| 26.7k| for(auto g : m_groups) { ------------------ | Branch (630:15): [True: 26.7k, False: 6.29k] ------------------ 631| 26.7k| if(g.is_pure_ecc_group()) { ------------------ | Branch (631:10): [True: 6.38k, False: 20.3k] ------------------ 632| 6.38k| ec.push_back(g); 633| 6.38k| } 634| 26.7k| } 635| 6.29k| return ec; 636| 6.29k|} _ZNK5Botan3TLS16Supported_Groups9dh_groupsEv: 638| 6.37k|std::vector Supported_Groups::dh_groups() const { 639| 6.37k| std::vector dh; 640| 28.4k| for(auto g : m_groups) { ------------------ | Branch (640:15): [True: 28.4k, False: 6.37k] ------------------ 641| 28.4k| if(g.is_in_ffdhe_range()) { ------------------ | Branch (641:10): [True: 1.13k, False: 27.3k] ------------------ 642| 1.13k| dh.push_back(g); 643| 1.13k| } 644| 28.4k| } 645| 6.37k| return dh; 646| 6.37k|} _ZN5Botan3TLS16Supported_GroupsC2ERNS0_15TLS_Data_ReaderEt: 668| 6.48k|Supported_Groups::Supported_Groups(TLS_Data_Reader& reader, uint16_t extension_size) { 669| 6.48k| const uint16_t len = reader.get_uint16_t(); 670| | 671| 6.48k| if(len + 2 != extension_size) { ------------------ | Branch (671:7): [True: 12, False: 6.46k] ------------------ 672| 12| throw Decoding_Error("Inconsistent length field in supported groups list"); 673| 12| } 674| | 675| | // RFC 8446 4.2.7: NamedGroup named_group_list<2..2^16-1>; 676| 6.46k| if(len == 0) { ------------------ | Branch (676:7): [True: 1, False: 6.46k] ------------------ 677| 1| throw Decoding_Error("Empty supported groups list"); 678| 1| } 679| | 680| 6.46k| if(len % 2 == 1) { ------------------ | Branch (680:7): [True: 1, False: 6.46k] ------------------ 681| 1| throw Decoding_Error("Supported groups list of strange size"); 682| 1| } 683| | 684| 6.46k| const size_t elems = len / 2; 685| | 686| 6.46k| std::unordered_set seen; 687| 41.2k| for(size_t i = 0; i != elems; ++i) { ------------------ | Branch (687:22): [True: 34.7k, False: 6.46k] ------------------ 688| 34.7k| const auto group = static_cast(reader.get_uint16_t()); 689| | // Note: RFC 8446 does not explicitly enforce that groups must be unique. 690| 34.7k| if(seen.insert(group.wire_code()).second) { ------------------ | Branch (690:10): [True: 30.5k, False: 4.24k] ------------------ 691| 30.5k| m_groups.push_back(group); 692| 30.5k| } 693| 34.7k| } 694| 6.46k|} _ZN5Botan3TLS20Signature_AlgorithmsC2ERNS0_15TLS_Data_ReaderEt: 740| 321| m_schemes(parse_signature_algorithms(reader, extension_size)) {} _ZN5Botan3TLS25Signature_Algorithms_CertC2ERNS0_15TLS_Data_ReaderEt: 747| 34| m_schemes(parse_signature_algorithms(reader, extension_size)) {} _ZN5Botan3TLS24SRTP_Protection_ProfilesC2ERNS0_15TLS_Data_ReaderEt: 749| 79|SRTP_Protection_Profiles::SRTP_Protection_Profiles(TLS_Data_Reader& reader, uint16_t extension_size) { 750| | // RFC 5764 4.1.1: UseSRTPData consists of 751| | // SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1>; 752| | // opaque srtp_mki<0..255>; 753| | // for a wire size of 2 (profiles len) + 2*N + 1 (mki len) + mki_bytes, 754| | // with N >= 1. 755| 79| if(extension_size < 5) { ------------------ | Branch (755:7): [True: 3, False: 76] ------------------ 756| 3| throw Decoding_Error("Truncated SRTP protection extension"); 757| 3| } 758| 76| const size_t max_profile_pairs = (static_cast(extension_size) - 3) / 2; 759| 76| m_pp = reader.get_range(2, 1, max_profile_pairs); 760| 76| const std::vector mki = reader.get_range(1, 0, 255); 761| | 762| 76| if(m_pp.size() * 2 + mki.size() + 3 != extension_size) { ------------------ | Branch (762:7): [True: 8, False: 68] ------------------ 763| 8| throw Decoding_Error("Bad encoding for SRTP protection extension"); 764| 8| } 765| | 766| 68| if(!mki.empty()) { ------------------ | Branch (766:7): [True: 2, False: 66] ------------------ 767| 2| throw Decoding_Error("Unhandled non-empty MKI for SRTP protection extension"); 768| 2| } 769| 68|} _ZN5Botan3TLS18Supported_VersionsC2ERNS0_15TLS_Data_ReaderEtNS0_15Connection_SideE: 844| 565|Supported_Versions::Supported_Versions(TLS_Data_Reader& reader, uint16_t extension_size, Connection_Side from) { 845| 565| if(from == Connection_Side::Server) { ------------------ | Branch (845:7): [True: 37, False: 528] ------------------ 846| 37| if(extension_size != 2) { ------------------ | Branch (846:10): [True: 1, False: 36] ------------------ 847| 1| throw Decoding_Error("Server sent invalid supported_versions extension"); 848| 1| } 849| 36| m_versions.push_back(Protocol_Version(reader.get_uint16_t())); 850| 528| } else { 851| 528| auto versions = reader.get_range(1, 1, 127); 852| | 853| 2.30k| for(auto v : versions) { ------------------ | Branch (853:18): [True: 2.30k, False: 528] ------------------ 854| 2.30k| m_versions.push_back(Protocol_Version(v)); 855| 2.30k| } 856| | 857| 528| if(extension_size != 1 + 2 * versions.size()) { ------------------ | Branch (857:10): [True: 8, False: 520] ------------------ 858| 8| throw Decoding_Error("Client sent invalid supported_versions extension"); 859| 8| } 860| 528| } 861| 565|} _ZNK5Botan3TLS18Supported_Versions8supportsENS0_16Protocol_VersionE: 863| 95|bool Supported_Versions::supports(Protocol_Version version) const { 864| 519| for(auto v : m_versions) { ------------------ | Branch (864:15): [True: 519, False: 66] ------------------ 865| 519| if(version == v) { ------------------ | Branch (865:10): [True: 29, False: 490] ------------------ 866| 29| return true; 867| 29| } 868| 519| } 869| 66| return false; 870| 95|} _ZN5Botan3TLS17Record_Size_LimitC2ERNS0_15TLS_Data_ReaderEtNS0_15Connection_SideE: 878| 44|Record_Size_Limit::Record_Size_Limit(TLS_Data_Reader& reader, uint16_t extension_size, Connection_Side from) { 879| 44| if(extension_size != 2) { ------------------ | Branch (879:7): [True: 1, False: 43] ------------------ 880| 1| throw TLS_Exception(Alert::DecodeError, "invalid record_size_limit extension"); 881| 1| } 882| | 883| 43| m_limit = reader.get_uint16_t(); 884| | 885| | // RFC 8449 4. 886| | // This value is the length of the plaintext of a protected record. 887| | // The value includes the content type and padding added in TLS 1.3 (that 888| | // is, the complete length of TLSInnerPlaintext). 889| | // 890| | // A server MUST NOT enforce this restriction; a client might advertise 891| | // a higher limit that is enabled by an extension or version the server 892| | // does not understand. A client MAY abort the handshake with an 893| | // "illegal_parameter" alert. 894| | // 895| | // Note: We are currently supporting this extension in TLS 1.3 only, hence 896| | // we check for the TLS 1.3 limit. The TLS 1.2 limit would not include 897| | // the "content type byte" and hence be one byte less! 898| 43| if(m_limit > MAX_PLAINTEXT_SIZE + 1 /* encrypted content type byte */ && from == Connection_Side::Server) { ------------------ | Branch (898:7): [True: 10, False: 33] | Branch (898:77): [True: 2, False: 8] ------------------ 899| 2| throw TLS_Exception(Alert::IllegalParameter, 900| 2| "Server requested a record size limit larger than the protocol's maximum"); 901| 2| } 902| | 903| | // RFC 8449 4. 904| | // Endpoints MUST NOT send a "record_size_limit" extension with a value 905| | // smaller than 64. An endpoint MUST treat receipt of a smaller value 906| | // as a fatal error and generate an "illegal_parameter" alert. 907| 41| if(m_limit < 64) { ------------------ | Branch (907:7): [True: 7, False: 34] ------------------ 908| 7| throw TLS_Exception(Alert::IllegalParameter, "Received a record size limit smaller than 64 bytes"); 909| 7| } 910| 41|} tls_extensions.cpp:_ZN5Botan3TLS12_GLOBAL__N_114make_extensionERNS0_15TLS_Data_ReaderENS0_14Extension_CodeENS0_15Connection_SideENS0_14Handshake_TypeE: 42| 56.2k| const Handshake_Type message_type) { 43| | // This cast is safe because we read exactly a 16 bit length field for 44| | // the extension in Extensions::deserialize 45| 56.2k| const uint16_t size = static_cast(reader.remaining_bytes()); 46| 56.2k| switch(code) { ------------------ | Branch (46:11): [True: 18.7k, False: 37.4k] ------------------ 47| 108| case Extension_Code::ServerNameIndication: ------------------ | Branch (47:7): [True: 108, False: 56.1k] ------------------ 48| 108| return std::make_unique(reader, size, from); 49| | 50| 6.48k| case Extension_Code::SupportedGroups: ------------------ | Branch (50:7): [True: 6.48k, False: 49.7k] ------------------ 51| 6.48k| return std::make_unique(reader, size); 52| | 53| 1.42k| case Extension_Code::CertificateStatusRequest: ------------------ | Branch (53:7): [True: 1.42k, False: 54.8k] ------------------ 54| 1.42k| return std::make_unique(reader, size, message_type, from); 55| | 56| 321| case Extension_Code::SignatureAlgorithms: ------------------ | Branch (56:7): [True: 321, False: 55.9k] ------------------ 57| 321| return std::make_unique(reader, size); 58| | 59| 34| case Extension_Code::CertSignatureAlgorithms: ------------------ | Branch (59:7): [True: 34, False: 56.2k] ------------------ 60| 34| return std::make_unique(reader, size); 61| | 62| 79| case Extension_Code::UseSrtp: ------------------ | Branch (62:7): [True: 79, False: 56.1k] ------------------ 63| 79| return std::make_unique(reader, size); 64| | 65| 105| case Extension_Code::ApplicationLayerProtocolNegotiation: ------------------ | Branch (65:7): [True: 105, False: 56.1k] ------------------ 66| 105| return std::make_unique(reader, size, from); 67| | 68| 185| case Extension_Code::ClientCertificateType: ------------------ | Branch (68:7): [True: 185, False: 56.0k] ------------------ 69| 185| return std::make_unique(reader, size, from); 70| | 71| 217| case Extension_Code::ServerCertificateType: ------------------ | Branch (71:7): [True: 217, False: 56.0k] ------------------ 72| 217| return std::make_unique(reader, size, from); 73| | 74| 44| case Extension_Code::RecordSizeLimit: ------------------ | Branch (74:7): [True: 44, False: 56.2k] ------------------ 75| 44| return std::make_unique(reader, size, from); 76| | 77| 565| case Extension_Code::SupportedVersions: ------------------ | Branch (77:7): [True: 565, False: 55.7k] ------------------ 78| 565| return std::make_unique(reader, size, from); 79| | 80| 2| case Extension_Code::Padding: ------------------ | Branch (80:7): [True: 2, False: 56.2k] ------------------ 81| 2| break; // RFC 7685, recognized but not implemented; falls through to Unknown_Extension 82| | 83| 0|#if defined(BOTAN_HAS_TLS_12) 84| 348| case Extension_Code::EcPointFormats: ------------------ | Branch (84:7): [True: 348, False: 55.9k] ------------------ 85| 348| return std::make_unique(reader, size); 86| | 87| 207| case Extension_Code::SafeRenegotiation: ------------------ | Branch (87:7): [True: 207, False: 56.0k] ------------------ 88| 207| return std::make_unique(reader, size); 89| | 90| 6.75k| case Extension_Code::ExtendedMasterSecret: ------------------ | Branch (90:7): [True: 6.75k, False: 49.5k] ------------------ 91| 6.75k| return std::make_unique(reader, size); 92| | 93| 259| case Extension_Code::EncryptThenMac: ------------------ | Branch (93:7): [True: 259, False: 56.0k] ------------------ 94| 259| return std::make_unique(reader, size); 95| | 96| 203| case Extension_Code::SessionTicket: ------------------ | Branch (96:7): [True: 203, False: 56.0k] ------------------ 97| 203| return std::make_unique(reader, size, from); 98| |#else 99| | case Extension_Code::EcPointFormats: 100| | case Extension_Code::SafeRenegotiation: 101| | case Extension_Code::ExtendedMasterSecret: 102| | case Extension_Code::EncryptThenMac: 103| | case Extension_Code::SessionTicket: 104| | break; // considered as 'unknown extension' 105| |#endif 106| | 107| 0|#if defined(BOTAN_HAS_TLS_13) 108| 94| case Extension_Code::PresharedKey: ------------------ | Branch (108:7): [True: 94, False: 56.1k] ------------------ 109| 94| return std::make_unique(reader, size, message_type); 110| | 111| 43| case Extension_Code::EarlyData: ------------------ | Branch (111:7): [True: 43, False: 56.2k] ------------------ 112| 43| return std::make_unique(reader, size, message_type); 113| | 114| 67| case Extension_Code::Cookie: ------------------ | Branch (114:7): [True: 67, False: 56.2k] ------------------ 115| 67| return std::make_unique(reader, size); 116| | 117| 729| case Extension_Code::PskKeyExchangeModes: ------------------ | Branch (117:7): [True: 729, False: 55.5k] ------------------ 118| 729| return std::make_unique(reader, size); 119| | 120| 422| case Extension_Code::CertificateAuthorities: ------------------ | Branch (120:7): [True: 422, False: 55.8k] ------------------ 121| 422| return std::make_unique(reader, size); 122| | 123| 99| case Extension_Code::KeyShare: ------------------ | Branch (123:7): [True: 99, False: 56.1k] ------------------ 124| 99| return std::make_unique(reader, size, message_type); 125| |#else 126| | case Extension_Code::PresharedKey: 127| | case Extension_Code::EarlyData: 128| | case Extension_Code::Cookie: 129| | case Extension_Code::PskKeyExchangeModes: 130| | case Extension_Code::CertificateAuthorities: 131| | case Extension_Code::KeyShare: 132| | break; // considered as 'unknown extension' 133| |#endif 134| 56.2k| } 135| | 136| 37.4k| return std::make_unique(code, reader, size); 137| 56.2k|} tls_extensions.cpp:_ZZNK5Botan3TLS10Extensions19contains_other_thanERKNSt3__13setINS0_14Extension_CodeENS2_4lessIS4_EENS2_9allocatorIS4_EEEEbENK3$_0clIS4_EEDaT_: 207| 475| const auto itr = std::find_if(diff.cbegin(), diff.cend(), [this](const auto ext_type) { 208| 475| const auto ext = get(ext_type); 209| 475| return ext && ext->is_implemented(); ------------------ | Branch (209:17): [True: 475, False: 0] | Branch (209:24): [True: 62, False: 413] ------------------ 210| 475| }); tls_extensions.cpp:_ZZN5Botan3TLS21Certificate_Type_BaseC1ERNS0_15TLS_Data_ReaderEtNS0_15Connection_SideEENK3$_0clIhEEDaT_: 570| 2.03k| type_bytes.begin(), type_bytes.end(), std::back_inserter(m_certificate_types), [](const auto type_byte) { 571| 2.03k| return static_cast(type_byte); 572| 2.03k| }); tls_extensions.cpp:_ZN5Botan3TLS12_GLOBAL__N_126parse_signature_algorithmsERNS0_15TLS_Data_ReaderEt: 716| 355|std::vector parse_signature_algorithms(TLS_Data_Reader& reader, uint16_t extension_size) { 717| 355| uint16_t len = reader.get_uint16_t(); 718| | 719| 355| if(len + 2 != extension_size || len % 2 == 1 || len == 0) { ------------------ | Branch (719:7): [True: 15, False: 340] | Branch (719:36): [True: 1, False: 339] | Branch (719:52): [True: 1, False: 338] ------------------ 720| 14| throw Decoding_Error("Bad encoding on signature algorithms extension"); 721| 14| } 722| | 723| 341| std::vector schemes; 724| 341| schemes.reserve(len / 2); 725| 32.3k| while(len > 0) { ------------------ | Branch (725:10): [True: 32.0k, False: 341] ------------------ 726| 32.0k| schemes.emplace_back(reader.get_uint16_t()); 727| 32.0k| len -= 2; 728| 32.0k| } 729| | 730| 341| return schemes; 731| 355|} _ZN5Botan3TLS26Certificate_Status_RequestC2ERNS0_15TLS_Data_ReaderEtNS0_14Handshake_TypeENS0_15Connection_SideE: 104| 1.42k| Connection_Side from) { 105| | // This parser needs to take TLS 1.2 and TLS 1.3 into account. The 106| | // extension's content and structure is dependent on the context it 107| | // was sent in (i.e. the enclosing handshake message). Below is a list 108| | // of handshake messages this can appear in. 109| | // 110| | // TLS 1.2 111| | // * Client Hello 112| | // * Server Hello 113| | // 114| | // TLS 1.3 115| | // * Client Hello 116| | // * Certificate Request 117| | // * Certificate (Entry) 118| | 119| | // RFC 6066 8. 120| | // In order to indicate their desire to receive certificate status 121| | // information, clients MAY include an extension of type "status_request" 122| | // in the (extended) client hello. 123| 1.42k| if(message_type == Handshake_Type::ClientHello) { ------------------ | Branch (123:7): [True: 1.40k, False: 14] ------------------ 124| 1.40k| m_impl = std::make_unique( 125| 1.40k| RFC6066_Certificate_Status_Request(reader, extension_size)); 126| 1.40k| } 127| | 128| | // RFC 6066 8. 129| | // If a server returns a "CertificateStatus" message, then the server MUST 130| | // have included an extension of type "status_request" with empty 131| | // "extension_data" in the extended server hello. 132| | // 133| | // RFC 8446 4.4.2.1 134| | // A server MAY request that a client present an OCSP response with its 135| | // certificate by sending an empty "status_request" extension in its 136| | // CertificateRequest message. 137| 14| else if(message_type == Handshake_Type::ServerHello || message_type == Handshake_Type::CertificateRequest) { ------------------ | Branch (137:12): [True: 11, False: 3] | Branch (137:59): [True: 0, False: 3] ------------------ 138| 11| m_impl = std::make_unique( 139| 11| RFC6066_Empty_Certificate_Status_Request(extension_size)); 140| 11| } 141| | 142| | // RFC 8446 4.4.2.1 143| | // In TLS 1.3, the server's OCSP information is carried in an extension 144| | // in the CertificateEntry [in a Certificate handshake message] [...]. 145| | // Specifically, the body of the "status_request" extension from the 146| | // server MUST be a CertificateStatus structure as defined in [RFC6066] 147| | // [...]. 148| | // 149| | // RFC 8446 4.4.2.1 150| | // If the client opts to send an OCSP response, the body of its 151| | // "status_request" extension MUST be a CertificateStatus structure as 152| | // defined in [RFC6066]. 153| 3| else if(message_type == Handshake_Type::Certificate) { ------------------ | Branch (153:12): [True: 0, False: 3] ------------------ 154| 0| m_impl = std::make_unique( 155| 0| Certificate_Status(reader.get_fixed(extension_size), from)); 156| 0| } 157| | 158| | // all other contexts are not allowed for this extension 159| 3| else { 160| 3| throw TLS_Exception(Alert::UnsupportedExtension, 161| 3| "Server sent a Certificate_Status_Request extension in an unsupported context"); 162| 3| } 163| 1.42k|} _ZN5Botan3TLS26Certificate_Status_RequestC2Ev: 166| 104| m_impl(std::make_unique(RFC6066_Empty_Certificate_Status_Request())) {} _ZN5Botan3TLS26Certificate_Status_RequestD2Ev: 176| 1.48k|Certificate_Status_Request::~Certificate_Status_Request() = default; _ZNK5Botan3TLS26Certificate_Status_Request9serializeENS0_15Connection_SideE: 184| 104|std::vector Certificate_Status_Request::serialize(Connection_Side /*side*/) const { 185| 104| BOTAN_ASSERT_NONNULL(m_impl); ------------------ | | 116| 104| do { \ | | 117| 104| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 104] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 104| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 104] | | ------------------ ------------------ 186| 104| return std::visit([](const auto& c) { return c.serialize(); }, m_impl->content); 187| 104|} tls_extensions_cert_status_req.cpp:_ZN5Botan3TLS12_GLOBAL__N_134RFC6066_Certificate_Status_RequestC2ERNS0_15TLS_Data_ReaderEt: 38| 1.40k| RFC6066_Certificate_Status_Request(TLS_Data_Reader& reader, uint16_t extension_size) { 39| 1.40k| if(extension_size == 0) { ------------------ | Branch (39:13): [True: 1, False: 1.40k] ------------------ 40| 1| throw Decoding_Error("Received an unexpectedly empty Certificate_Status_Request"); 41| 1| } 42| | 43| 1.40k| const uint8_t type = reader.get_byte(); 44| 1.40k| if(type == 1 /* ocsp */) { ------------------ | Branch (44:13): [True: 47, False: 1.36k] ------------------ 45| | // RFC 6066 Section 8: OCSP CertificateStatusRequest is 46| | // ResponderID responder_id_list<0..2^16-1>; 47| | // Extensions request_extensions; 48| | // 49| | // for a total wire size of 1 (status_type) + 2 (resp_id_list len) 50| | // + len_resp_id_list + 2 (request_ext len) + len_requ_ext. 51| 47| if(extension_size < 5) { ------------------ | Branch (51:16): [True: 2, False: 45] ------------------ 52| 2| throw Decoding_Error("Truncated OCSP CertificateStatusRequest"); 53| 2| } 54| 45| const size_t len_resp_id_list = reader.get_uint16_t(); 55| 45| if(len_resp_id_list > static_cast(extension_size) - 5) { ------------------ | Branch (55:16): [True: 11, False: 34] ------------------ 56| 11| throw Decoding_Error("Inconsistent length in OCSP CertificateStatusRequest"); 57| 11| } 58| 34| ocsp_names = reader.get_fixed(len_resp_id_list); 59| 34| const size_t len_requ_ext = reader.get_uint16_t(); 60| 34| if(len_resp_id_list + len_requ_ext + 5 != extension_size) { ------------------ | Branch (60:16): [True: 20, False: 14] ------------------ 61| 20| throw Decoding_Error("Inconsistent length in OCSP CertificateStatusRequest"); 62| 20| } 63| 14| extension_bytes = reader.get_fixed(len_requ_ext); 64| 1.36k| } else { 65| | // RFC 6066 does not specify anything but 'ocsp' and we 66| | // don't support anything else either. 67| 1.36k| reader.discard_next(extension_size - 1); 68| 1.36k| } 69| 1.40k| } tls_extensions_cert_status_req.cpp:_ZN5Botan3TLS12_GLOBAL__N_140RFC6066_Empty_Certificate_Status_RequestC2Et: 24| 11| explicit RFC6066_Empty_Certificate_Status_Request(uint16_t extension_size) { 25| 11| if(extension_size != 0) { ------------------ | Branch (25:13): [True: 1, False: 10] ------------------ 26| 1| throw Decoding_Error("Received an unexpectedly non-empty Certificate_Status_Request"); 27| 1| } 28| 11| } tls_extensions_cert_status_req.cpp:_ZZNK5Botan3TLS26Certificate_Status_Request9serializeENS0_15Connection_SideEENK3$_0clINS0_12_GLOBAL__N_140RFC6066_Empty_Certificate_Status_RequestEEEDaRKT_: 186| 104| return std::visit([](const auto& c) { return c.serialize(); }, m_impl->content); tls_extensions_cert_status_req.cpp:_ZNK5Botan3TLS12_GLOBAL__N_140RFC6066_Empty_Certificate_Status_Request9serializeEv: 30| 104| std::vector serialize() const { return {}; } tls_extensions_cert_status_req.cpp:_ZN5Botan3TLS35Certificate_Status_Request_InternalC2ENSt3__17variantIJNS0_12_GLOBAL__N_140RFC6066_Empty_Certificate_Status_RequestENS4_34RFC6066_Certificate_Status_RequestENS0_18Certificate_StatusEEEE: 96| 1.48k| explicit Certificate_Status_Request_Internal(Contents c) : content(std::move(c)) {} _ZN5Botan3TLS11ExternalPSK21extract_master_secretEv: 16| 2.35k|secure_vector ExternalPSK::extract_master_secret() { 17| 2.35k| BOTAN_STATE_CHECK(!m_master_secret.empty()); ------------------ | | 51| 2.35k| do { \ | | 52| 2.35k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 2.35k| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 2.35k] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 2.35k| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 2.35k] | | ------------------ ------------------ 18| 2.35k| return std::exchange(m_master_secret, {}); 19| 2.35k|} _ZNK5Botan3TLS21Handshake_Transitions22received_handshake_msgENS0_14Handshake_TypeE: 125| 2.38k|bool Handshake_Transitions::received_handshake_msg(Handshake_Type msg_type) const { 126| 2.38k| const uint32_t mask = bitmask_for_handshake_type(msg_type); 127| | 128| 2.38k| return (m_hand_received_mask & mask) != 0; 129| 2.38k|} _ZN5Botan3TLS21Handshake_Transitions21confirm_transition_toENS0_14Handshake_TypeE: 131| 19.2k|void Handshake_Transitions::confirm_transition_to(Handshake_Type msg_type) { 132| 19.2k| const uint32_t mask = bitmask_for_handshake_type(msg_type); 133| | 134| 19.2k| m_hand_received_mask |= mask; 135| | 136| 19.2k| const bool ok = (m_hand_expecting_mask & mask) != 0; // overlap? 137| | 138| 19.2k| if(!ok) { ------------------ | Branch (138:7): [True: 66, False: 19.2k] ------------------ 139| 66| const uint32_t seen_so_far = m_hand_received_mask & ~mask; 140| | 141| 66| std::ostringstream msg; 142| | 143| 66| msg << "Unexpected state transition in handshake got a " << handshake_type_to_string(msg_type); 144| | 145| 66| if(m_hand_expecting_mask == 0) { ------------------ | Branch (145:10): [True: 0, False: 66] ------------------ 146| 0| msg << " not expecting messages"; 147| 66| } else { 148| 66| msg << " expected " << handshake_mask_to_string(m_hand_expecting_mask, '|'); 149| 66| } 150| | 151| 66| if(seen_so_far != 0) { ------------------ | Branch (151:10): [True: 19, False: 47] ------------------ 152| 19| msg << " seen " << handshake_mask_to_string(seen_so_far, '+'); 153| 19| } 154| | 155| 66| throw Unexpected_Message(msg.str()); 156| 66| } 157| | 158| | /* We don't know what to expect next, so force a call to 159| | set_expected_next; if it doesn't happen, the next transition 160| | check will always fail which is what we want. 161| | */ 162| 19.2k| m_hand_expecting_mask = 0; 163| 19.2k|} _ZN5Botan3TLS21Handshake_Transitions17set_expected_nextENS0_14Handshake_TypeE: 165| 29.5k|void Handshake_Transitions::set_expected_next(Handshake_Type msg_type) { 166| 29.5k| m_hand_expecting_mask |= bitmask_for_handshake_type(msg_type); 167| 29.5k|} _ZNK5Botan3TLS21Handshake_Transitions27change_cipher_spec_expectedEv: 175| 31.4k|bool Handshake_Transitions::change_cipher_spec_expected() const { 176| 31.4k| return (bitmask_for_handshake_type(Handshake_Type::HandshakeCCS) & m_hand_expecting_mask) != 0; 177| 31.4k|} tls_handshake_transitions.cpp:_ZN5Botan3TLS12_GLOBAL__N_126bitmask_for_handshake_typeENS0_14Handshake_TypeE: 19| 84.2k|uint32_t bitmask_for_handshake_type(Handshake_Type type) { 20| 84.2k| switch(type) { ------------------ | Branch (20:11): [True: 84.1k, False: 22] ------------------ 21| 87| case Handshake_Type::HelloVerifyRequest: ------------------ | Branch (21:7): [True: 87, False: 84.1k] ------------------ 22| 87| return (1 << 0); 23| | 24| 4.11k| case Handshake_Type::HelloRequest: ------------------ | Branch (24:7): [True: 4.11k, False: 80.0k] ------------------ 25| 4.11k| return (1 << 1); 26| | 27| 35.8k| case Handshake_Type::ClientHello: ------------------ | Branch (27:7): [True: 35.8k, False: 48.3k] ------------------ 28| 35.8k| return (1 << 2); 29| | 30| 85| case Handshake_Type::ServerHello: ------------------ | Branch (30:7): [True: 85, False: 84.1k] ------------------ 31| 85| return (1 << 3); 32| | 33| 2.47k| case Handshake_Type::Certificate: ------------------ | Branch (33:7): [True: 2.47k, False: 81.7k] ------------------ 34| 2.47k| return (1 << 4); 35| | 36| 87| case Handshake_Type::CertificateUrl: ------------------ | Branch (36:7): [True: 87, False: 84.1k] ------------------ 37| 87| return (1 << 5); 38| | 39| 86| case Handshake_Type::CertificateStatus: ------------------ | Branch (39:7): [True: 86, False: 84.1k] ------------------ 40| 86| return (1 << 6); 41| | 42| 87| case Handshake_Type::ServerKeyExchange: ------------------ | Branch (42:7): [True: 87, False: 84.1k] ------------------ 43| 87| return (1 << 7); 44| | 45| 86| case Handshake_Type::CertificateRequest: ------------------ | Branch (45:7): [True: 86, False: 84.1k] ------------------ 46| 86| return (1 << 8); 47| | 48| 87| case Handshake_Type::ServerHelloDone: ------------------ | Branch (48:7): [True: 87, False: 84.1k] ------------------ 49| 87| return (1 << 9); 50| | 51| 91| case Handshake_Type::CertificateVerify: ------------------ | Branch (51:7): [True: 91, False: 84.1k] ------------------ 52| 91| return (1 << 10); 53| | 54| 5.69k| case Handshake_Type::ClientKeyExchange: ------------------ | Branch (54:7): [True: 5.69k, False: 78.5k] ------------------ 55| 5.69k| return (1 << 11); 56| | 57| 86| case Handshake_Type::NewSessionTicket: ------------------ | Branch (57:7): [True: 86, False: 84.1k] ------------------ 58| 86| return (1 << 12); 59| | 60| 34.2k| case Handshake_Type::HandshakeCCS: ------------------ | Branch (60:7): [True: 34.2k, False: 49.9k] ------------------ 61| 34.2k| return (1 << 13); 62| | 63| 556| case Handshake_Type::Finished: ------------------ | Branch (63:7): [True: 556, False: 83.6k] ------------------ 64| 556| return (1 << 14); 65| | 66| 86| case Handshake_Type::EndOfEarlyData: // RFC 8446 ------------------ | Branch (66:7): [True: 86, False: 84.1k] ------------------ 67| 86| return (1 << 15); 68| | 69| 86| case Handshake_Type::EncryptedExtensions: // RFC 8446 ------------------ | Branch (69:7): [True: 86, False: 84.1k] ------------------ 70| 86| return (1 << 16); 71| | 72| 85| case Handshake_Type::KeyUpdate: // RFC 8446 ------------------ | Branch (72:7): [True: 85, False: 84.1k] ------------------ 73| 85| return (1 << 17); 74| | 75| 0| case Handshake_Type::HelloRetryRequest: // RFC 8446 ------------------ | Branch (75:7): [True: 0, False: 84.2k] ------------------ 76| 0| return (1 << 18); 77| | 78| | // allow explicitly disabling new handshakes 79| 132| case Handshake_Type::None: ------------------ | Branch (79:7): [True: 132, False: 84.0k] ------------------ 80| 132| return 0; 81| 84.2k| } 82| | 83| 22| throw TLS_Exception(Alert::UnexpectedMessage, 84| 22| "Unknown TLS handshake message type " + std::to_string(static_cast(type))); 85| 84.2k|} tls_handshake_transitions.cpp:_ZN5Botan3TLS12_GLOBAL__N_124handshake_mask_to_stringEjc: 87| 85|std::string handshake_mask_to_string(uint32_t mask, char combiner) { 88| 85| const Handshake_Type types[] = {Handshake_Type::HelloVerifyRequest, 89| 85| Handshake_Type::HelloRequest, 90| 85| Handshake_Type::ClientHello, 91| 85| Handshake_Type::ServerHello, 92| 85| Handshake_Type::Certificate, 93| 85| Handshake_Type::CertificateUrl, 94| 85| Handshake_Type::CertificateStatus, 95| 85| Handshake_Type::ServerKeyExchange, 96| 85| Handshake_Type::CertificateRequest, 97| 85| Handshake_Type::ServerHelloDone, 98| 85| Handshake_Type::CertificateVerify, 99| 85| Handshake_Type::ClientKeyExchange, 100| 85| Handshake_Type::NewSessionTicket, 101| 85| Handshake_Type::HandshakeCCS, 102| 85| Handshake_Type::Finished, 103| 85| Handshake_Type::EndOfEarlyData, 104| 85| Handshake_Type::EncryptedExtensions, 105| 85| Handshake_Type::KeyUpdate}; 106| | 107| 85| std::ostringstream o; 108| 85| bool empty = true; 109| | 110| 1.53k| for(auto&& t : types) { ------------------ | Branch (110:17): [True: 1.53k, False: 85] ------------------ 111| 1.53k| if((mask & bitmask_for_handshake_type(t)) != 0) { ------------------ | Branch (111:10): [True: 96, False: 1.43k] ------------------ 112| 96| if(!empty) { ------------------ | Branch (112:13): [True: 11, False: 85] ------------------ 113| 11| o << combiner; 114| 11| } 115| 96| o << handshake_type_to_string(t); 116| 96| empty = false; 117| 96| } 118| 1.53k| } 119| | 120| 85| return o.str(); 121| 85|} _ZN5Botan3TLS24handshake_type_to_stringENS0_14Handshake_TypeE: 15| 163|const char* handshake_type_to_string(Handshake_Type type) { 16| 163| switch(type) { ------------------ | Branch (16:11): [True: 163, False: 0] ------------------ 17| 2| case Handshake_Type::HelloVerifyRequest: ------------------ | Branch (17:7): [True: 2, False: 161] ------------------ 18| 2| return "hello_verify_request"; 19| | 20| 37| case Handshake_Type::HelloRequest: ------------------ | Branch (20:7): [True: 37, False: 126] ------------------ 21| 37| return "hello_request"; 22| | 23| 75| case Handshake_Type::ClientHello: ------------------ | Branch (23:7): [True: 75, False: 88] ------------------ 24| 75| return "client_hello"; 25| | 26| 0| case Handshake_Type::ServerHello: ------------------ | Branch (26:7): [True: 0, False: 163] ------------------ 27| 0| return "server_hello"; 28| | 29| 0| case Handshake_Type::HelloRetryRequest: ------------------ | Branch (29:7): [True: 0, False: 163] ------------------ 30| 0| return "hello_retry_request"; 31| | 32| 5| case Handshake_Type::Certificate: ------------------ | Branch (32:7): [True: 5, False: 158] ------------------ 33| 5| return "certificate"; 34| | 35| 2| case Handshake_Type::CertificateUrl: ------------------ | Branch (35:7): [True: 2, False: 161] ------------------ 36| 2| return "certificate_url"; 37| | 38| 1| case Handshake_Type::CertificateStatus: ------------------ | Branch (38:7): [True: 1, False: 162] ------------------ 39| 1| return "certificate_status"; 40| | 41| 2| case Handshake_Type::ServerKeyExchange: ------------------ | Branch (41:7): [True: 2, False: 161] ------------------ 42| 2| return "server_key_exchange"; 43| | 44| 1| case Handshake_Type::CertificateRequest: ------------------ | Branch (44:7): [True: 1, False: 162] ------------------ 45| 1| return "certificate_request"; 46| | 47| 2| case Handshake_Type::ServerHelloDone: ------------------ | Branch (47:7): [True: 2, False: 161] ------------------ 48| 2| return "server_hello_done"; 49| | 50| 6| case Handshake_Type::CertificateVerify: ------------------ | Branch (50:7): [True: 6, False: 157] ------------------ 51| 6| return "certificate_verify"; 52| | 53| 10| case Handshake_Type::ClientKeyExchange: ------------------ | Branch (53:7): [True: 10, False: 153] ------------------ 54| 10| return "client_key_exchange"; 55| | 56| 1| case Handshake_Type::NewSessionTicket: ------------------ | Branch (56:7): [True: 1, False: 162] ------------------ 57| 1| return "new_session_ticket"; 58| | 59| 6| case Handshake_Type::HandshakeCCS: ------------------ | Branch (59:7): [True: 6, False: 157] ------------------ 60| 6| return "change_cipher_spec"; 61| | 62| 10| case Handshake_Type::Finished: ------------------ | Branch (62:7): [True: 10, False: 153] ------------------ 63| 10| return "finished"; 64| | 65| 1| case Handshake_Type::EndOfEarlyData: ------------------ | Branch (65:7): [True: 1, False: 162] ------------------ 66| 1| return "end_of_early_data"; 67| | 68| 2| case Handshake_Type::EncryptedExtensions: ------------------ | Branch (68:7): [True: 2, False: 161] ------------------ 69| 2| return "encrypted_extensions"; 70| | 71| 0| case Handshake_Type::KeyUpdate: ------------------ | Branch (71:7): [True: 0, False: 163] ------------------ 72| 0| return "key_update"; 73| | 74| 0| case Handshake_Type::None: ------------------ | Branch (74:7): [True: 0, False: 163] ------------------ 75| 0| return "invalid"; 76| 163| } 77| | 78| 0| throw TLS_Exception(Alert::UnexpectedMessage, 79| 0| "Unknown TLS handshake message type " + std::to_string(static_cast(type))); 80| 163|} _ZNK5Botan3TLS6Policy22allow_ssl_key_log_fileEv: 25| 1.46k|bool Policy::allow_ssl_key_log_file() const { 26| 1.46k| return false; 27| 1.46k|} _ZNK5Botan3TLS6Policy25allowed_signature_schemesEv: 29| 6.61k|std::vector Policy::allowed_signature_schemes() const { 30| 6.61k| std::vector schemes; 31| | 32| 59.5k| for(const Signature_Scheme scheme : Signature_Scheme::all_available_schemes()) { ------------------ | Branch (32:38): [True: 59.5k, False: 6.61k] ------------------ 33| 59.5k| const bool sig_allowed = allowed_signature_method(scheme.algorithm_name()); 34| 59.5k| const bool hash_allowed = allowed_signature_hash(scheme.hash_function_name()); 35| | 36| 59.5k| if(sig_allowed && hash_allowed) { ------------------ | Branch (36:10): [True: 59.5k, False: 0] | Branch (36:25): [True: 59.5k, False: 0] ------------------ 37| 59.5k| schemes.push_back(scheme); 38| 59.5k| } 39| 59.5k| } 40| | 41| 6.61k| return schemes; 42| 6.61k|} _ZNK5Botan3TLS6Policy28acceptable_signature_schemesEv: 44| 3.22k|std::vector Policy::acceptable_signature_schemes() const { 45| 3.22k| return this->allowed_signature_schemes(); 46| 3.22k|} _ZNK5Botan3TLS6Policy24allowed_signature_hashesEv: 73| 63.0k|std::vector Policy::allowed_signature_hashes() const { 74| 63.0k| return { 75| 63.0k| "SHA-512", 76| 63.0k| "SHA-384", 77| 63.0k| "SHA-256", 78| 63.0k| }; 79| 63.0k|} _ZNK5Botan3TLS6Policy25allowed_signature_methodsEv: 105| 59.5k|std::vector Policy::allowed_signature_methods() const { 106| 59.5k| return { 107| 59.5k| "ECDSA", "RSA", 108| | //"IMPLICIT", 109| 59.5k| }; 110| 59.5k|} _ZNK5Botan3TLS6Policy24allowed_signature_methodENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 112| 59.5k|bool Policy::allowed_signature_method(std::string_view sig_method) const { 113| 59.5k| return value_exists(allowed_signature_methods(), sig_method); 114| 59.5k|} _ZNK5Botan3TLS6Policy22allowed_signature_hashENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 116| 63.0k|bool Policy::allowed_signature_hash(std::string_view sig_hash) const { 117| 63.0k| return value_exists(allowed_signature_hashes(), sig_hash); 118| 63.0k|} _ZNK5Botan3TLS6Policy25use_ecc_point_compressionEv: 120| 112|bool Policy::use_ecc_point_compression() const { 121| 112| return false; 122| 112|} _ZNK5Botan3TLS6Policy25choose_key_exchange_groupERKNSt3__16vectorINS0_12Group_ParamsENS2_9allocatorIS4_EEEES9_: 125| 9.89k| const std::vector& offered_by_peer) const { 126| 9.89k| if(supported_by_peer.empty()) { ------------------ | Branch (126:7): [True: 3.20k, False: 6.69k] ------------------ 127| 3.20k| return Group_Params::NONE; 128| 3.20k| } 129| | 130| 6.69k| const auto our_groups = key_exchange_groups(); 131| | 132| | // First check if the peer sent a PQ share of a group we also support 133| 6.69k| for(auto share : offered_by_peer) { ------------------ | Branch (133:19): [True: 0, False: 6.69k] ------------------ 134| 0| if(share.is_post_quantum() && value_exists(our_groups, share)) { ------------------ | Branch (134:10): [True: 0, False: 0] | Branch (134:37): [True: 0, False: 0] ------------------ 135| 0| return share; 136| 0| } 137| 0| } 138| | 139| | // Then check if the peer offered a PQ algo we also support 140| 6.95k| for(auto share : supported_by_peer) { ------------------ | Branch (140:19): [True: 6.95k, False: 6.69k] ------------------ 141| 6.95k| if(share.is_post_quantum() && value_exists(our_groups, share)) { ------------------ | Branch (141:10): [True: 0, False: 6.95k] | Branch (141:37): [True: 0, False: 0] ------------------ 142| 0| return share; 143| 0| } 144| 6.95k| } 145| | 146| | // Prefer groups that were offered by the peer for the sake of saving 147| | // an additional round trip. For TLS 1.2, this won't be used. 148| 6.69k| for(auto g : offered_by_peer) { ------------------ | Branch (148:15): [True: 0, False: 6.69k] ------------------ 149| 0| if(value_exists(our_groups, g)) { ------------------ | Branch (149:10): [True: 0, False: 0] ------------------ 150| 0| return g; 151| 0| } 152| 0| } 153| | 154| | // If no pre-offered groups fit our supported set, we prioritize our 155| | // own preference. 156| 53.7k| for(auto g : our_groups) { ------------------ | Branch (156:15): [True: 53.7k, False: 377] ------------------ 157| 53.7k| if(value_exists(supported_by_peer, g)) { ------------------ | Branch (157:10): [True: 6.31k, False: 47.4k] ------------------ 158| 6.31k| return g; 159| 6.31k| } 160| 53.7k| } 161| | 162| 377| return Group_Params::NONE; 163| 6.69k|} _ZNK5Botan3TLS6Policy19key_exchange_groupsEv: 178| 6.69k|std::vector Policy::key_exchange_groups() const { 179| 6.69k| return { 180| | // clang-format off 181| 6.69k|#if defined(BOTAN_HAS_X25519) 182| 6.69k| Group_Params::X25519, 183| 6.69k|#endif 184| | 185| 6.69k| Group_Params::SECP256R1, 186| | 187| 6.69k|#if defined(BOTAN_HAS_ML_KEM) && defined(BOTAN_HAS_TLS_13_PQC) 188| | 189| 6.69k|#if defined(BOTAN_HAS_X25519) 190| 6.69k| Group_Params_Code::HYBRID_X25519_ML_KEM_768, 191| 6.69k|#endif 192| | 193| 6.69k| Group_Params_Code::HYBRID_SECP256R1_ML_KEM_768, 194| 6.69k| Group_Params_Code::HYBRID_SECP384R1_ML_KEM_1024, 195| 6.69k|#endif 196| | 197| 6.69k|#if defined(BOTAN_HAS_X448) 198| 6.69k| Group_Params::X448, 199| 6.69k|#endif 200| | 201| 6.69k| Group_Params::SECP384R1, 202| 6.69k| Group_Params::SECP521R1, 203| | 204| 6.69k| Group_Params::BRAINPOOL256R1, 205| 6.69k| Group_Params::BRAINPOOL384R1, 206| 6.69k| Group_Params::BRAINPOOL512R1, 207| | 208| 6.69k| Group_Params::FFDHE_2048, 209| 6.69k| Group_Params::FFDHE_3072, 210| | 211| | // clang-format on 212| 6.69k| }; 213| 6.69k|} _ZNK5Botan3TLS6Policy23minimum_ecdh_group_sizeEv: 257| 1.80k|size_t Policy::minimum_ecdh_group_size() const { 258| | // x25519 is smallest curve currently supported for TLS key exchange 259| 1.80k| return 255; 260| 1.80k|} _ZNK5Botan3TLS6Policy25check_peer_key_acceptableERKNS_10Public_KeyE: 281| 1.80k|void Policy::check_peer_key_acceptable(const Public_Key& public_key) const { 282| 1.80k| const std::string algo_name = public_key.algo_name(); 283| | 284| 1.80k| const size_t keylength = public_key.key_length(); 285| 1.80k| size_t expected_keylength = 0; 286| | 287| 1.80k| if(algo_name == "RSA") { ------------------ | Branch (287:7): [True: 0, False: 1.80k] ------------------ 288| 0| expected_keylength = minimum_rsa_bits(); 289| 1.80k| } else if(algo_name == "DH") { ------------------ | Branch (289:14): [True: 0, False: 1.80k] ------------------ 290| 0| expected_keylength = minimum_dh_group_size(); 291| 1.80k| } else if(algo_name == "ECDH" || algo_name == "X25519" || algo_name == "X448") { ------------------ | Branch (291:14): [True: 1.79k, False: 5] | Branch (291:37): [True: 3, False: 2] | Branch (291:62): [True: 2, False: 0] ------------------ 292| 1.80k| expected_keylength = minimum_ecdh_group_size(); 293| 1.80k| } else if(algo_name == "ECDSA") { ------------------ | Branch (293:14): [True: 0, False: 0] ------------------ 294| 0| expected_keylength = minimum_ecdsa_group_size(); 295| 0| } 296| | // else some other algo, so leave expected_keylength as zero and the check is a no-op 297| | 298| 1.80k| if(keylength < expected_keylength) { ------------------ | Branch (298:7): [True: 0, False: 1.80k] ------------------ 299| 0| throw TLS_Exception(Alert::InsufficientSecurity, 300| 0| "Peer sent " + std::to_string(keylength) + " bit " + algo_name + 301| 0| " key" 302| 0| ", policy requires at least " + 303| 0| std::to_string(expected_keylength)); 304| 0| } 305| 1.80k|} _ZNK5Botan3TLS6Policy27acceptable_protocol_versionENS0_16Protocol_VersionE: 323| 7.04k|bool Policy::acceptable_protocol_version(Protocol_Version version) const { 324| 7.04k|#if defined(BOTAN_HAS_TLS_13) 325| 7.04k| if(version == Protocol_Version::TLS_V13 && allow_tls13()) { ------------------ | Branch (325:7): [True: 6.25k, False: 793] | Branch (325:7): [True: 6.25k, False: 793] | Branch (325:47): [True: 6.25k, False: 0] ------------------ 326| 6.25k| return true; 327| 6.25k| } 328| 793|#endif 329| | 330| 793|#if defined(BOTAN_HAS_TLS_12) 331| 793| if(version == Protocol_Version::TLS_V12 && allow_tls12()) { ------------------ | Branch (331:7): [True: 0, False: 793] | Branch (331:7): [True: 0, False: 793] | Branch (331:47): [True: 0, False: 0] ------------------ 332| 0| return true; 333| 0| } 334| | 335| 793| if(version == Protocol_Version::DTLS_V12 && allow_dtls12()) { ------------------ | Branch (335:7): [True: 793, False: 0] | Branch (335:7): [True: 793, False: 0] | Branch (335:48): [True: 793, False: 0] ------------------ 336| 793| return true; 337| 793| } 338| 0|#endif 339| | 340| 0| BOTAN_UNUSED(version); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 341| 0| return false; 342| 793|} _ZNK5Botan3TLS6Policy24latest_supported_versionEb: 344| 7.04k|Protocol_Version Policy::latest_supported_version(bool datagram) const { 345| 7.04k| if(datagram) { ------------------ | Branch (345:7): [True: 793, False: 6.25k] ------------------ 346| 793| if(acceptable_protocol_version(Protocol_Version::DTLS_V12)) { ------------------ | Branch (346:10): [True: 793, False: 0] ------------------ 347| 793| return Protocol_Version::DTLS_V12; 348| 793| } 349| 6.25k| } else { 350| 6.25k| if(acceptable_protocol_version(Protocol_Version::TLS_V13)) { ------------------ | Branch (350:10): [True: 6.25k, False: 0] ------------------ 351| 6.25k| return Protocol_Version::TLS_V13; 352| 6.25k| } 353| 0| if(acceptable_protocol_version(Protocol_Version::TLS_V12)) { ------------------ | Branch (353:10): [True: 0, False: 0] ------------------ 354| 0| return Protocol_Version::TLS_V12; 355| 0| } 356| 0| } 357| | 358| 0| throw Invalid_State("Policy forbids all available TLS version"); 359| 7.04k|} _ZNK5Botan3TLS6Policy28allow_insecure_renegotiationEv: 374| 12.3k|bool Policy::allow_insecure_renegotiation() const { 375| 12.3k| return false; 376| 12.3k|} _ZNK5Botan3TLS6Policy11allow_tls12Ev: 378| 16.2k|bool Policy::allow_tls12() const { 379| 16.2k|#if defined(BOTAN_HAS_TLS_12) 380| 16.2k| return true; 381| |#else 382| | return false; 383| |#endif 384| 16.2k|} _ZNK5Botan3TLS6Policy11allow_tls13Ev: 386| 9.47k|bool Policy::allow_tls13() const { 387| 9.47k|#if defined(BOTAN_HAS_TLS_13) 388| 9.47k| return true; 389| |#else 390| | return false; 391| |#endif 392| 9.47k|} _ZNK5Botan3TLS6Policy12allow_dtls12Ev: 394| 9.47k|bool Policy::allow_dtls12() const { 395| 9.47k|#if defined(BOTAN_HAS_TLS_12) 396| 9.47k| return true; 397| |#else 398| | return false; 399| |#endif 400| 9.47k|} _ZNK5Botan3TLS6Policy28include_time_in_hello_randomEv: 402| 6.45k|bool Policy::include_time_in_hello_random() const { 403| 6.45k| return true; 404| 6.45k|} _ZNK5Botan3TLS6Policy18hide_unknown_usersEv: 406| 30|bool Policy::hide_unknown_users() const { 407| 30| return false; 408| 30|} _ZNK5Botan3TLS6Policy39server_uses_own_ciphersuite_preferencesEv: 410| 3.39k|bool Policy::server_uses_own_ciphersuite_preferences() const { 411| 3.39k| return true; 412| 3.39k|} _ZNK5Botan3TLS6Policy26negotiate_encrypt_then_macEv: 414| 112|bool Policy::negotiate_encrypt_then_mac() const { 415| 112| return true; 416| 112|} _ZNK5Botan3TLS6Policy30require_extended_master_secretEv: 418| 3.49k|bool Policy::require_extended_master_secret() const { 419| 3.49k| return true; 420| 3.49k|} _ZNK5Botan3TLS6Policy27support_cert_status_messageEv: 426| 104|bool Policy::support_cert_status_message() const { 427| 104| return true; 428| 104|} _ZNK5Botan3TLS6Policy17hash_hello_randomEv: 438| 6.45k|bool Policy::hash_hello_random() const { 439| 6.45k| return true; 440| 6.45k|} _ZNK5Botan3TLS6Policy41require_client_certificate_authenticationEv: 446| 3.22k|bool Policy::require_client_certificate_authentication() const { 447| 3.22k| return false; 448| 3.22k|} _ZNK5Botan3TLS6Policy41request_client_certificate_authenticationEv: 450| 3.22k|bool Policy::request_client_certificate_authentication() const { 451| 3.22k| return require_client_certificate_authentication(); 452| 3.22k|} _ZNK5Botan3TLS6Policy25allow_dtls_epoch0_restartEv: 466| 793|bool Policy::allow_dtls_epoch0_restart() const { 467| 793| return false; 468| 793|} _ZNK5Botan3TLS6Policy30maximum_handshake_message_sizeEv: 470| 44.5k|size_t Policy::maximum_handshake_message_size() const { 471| 44.5k| return 65536; 472| 44.5k|} _ZNK5Botan3TLS6Policy30maximum_certificate_chain_sizeEv: 474| 365|size_t Policy::maximum_certificate_chain_size() const { 475| 365| return 65536; 476| 365|} _ZNK5Botan3TLS6Policy20dtls_initial_timeoutEv: 487| 596|size_t Policy::dtls_initial_timeout() const { 488| 596| return 1 * 1000; 489| 596|} _ZNK5Botan3TLS6Policy20dtls_maximum_timeoutEv: 491| 596|size_t Policy::dtls_maximum_timeout() const { 492| 596| return 60 * 1000; 493| 596|} _ZNK5Botan3TLS6Policy16dtls_default_mtuEv: 495| 596|size_t Policy::dtls_default_mtu() const { 496| | // default MTU is IPv6 min MTU minus UDP/IP headers 497| 596| return 1280 - 40 - 8; 498| 596|} _ZNK5Botan3TLS15TLS_Data_Reader15assert_at_leastEm: 14| 596k|void TLS_Data_Reader::assert_at_least(size_t n) const { 15| 596k| const size_t left = remaining_bytes(); 16| 596k| if(left < n) { ------------------ | Branch (16:7): [True: 329, False: 596k] ------------------ 17| 329| throw_decode_error(fmt("Expected {} bytes remaining, only {} left", n, left)); 18| 329| } 19| 596k|} _ZNK5Botan3TLS15TLS_Data_Reader18throw_decode_errorENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 21| 760|void TLS_Data_Reader::throw_decode_error(std::string_view why) const { 22| 760| throw Decoding_Error(fmt("Invalid {}: {}", m_typename, why)); 23| 760|} _ZN5Botan3TLS6ServerC2ERKNSt3__110shared_ptrINS0_9CallbacksEEERKNS3_INS0_15Session_ManagerEEERKNS3_INS_19Credentials_ManagerEEERKNS3_IKNS0_6PolicyEEERKNS3_INS_21RandomNumberGeneratorEEEbm: 36| 7.04k| size_t io_buf_sz) { 37| 7.04k| const auto max_version = policy->latest_supported_version(is_datagram); 38| | 39| 7.04k|#if defined(BOTAN_HAS_TLS_13) 40| 7.04k| if(!max_version.is_pre_tls_13()) { ------------------ | Branch (40:7): [True: 6.25k, False: 793] ------------------ 41| 6.25k| m_impl = std::make_unique(callbacks, session_manager, creds, policy, rng); 42| | 43| 6.25k| if(m_impl->expects_downgrade()) { ------------------ | Branch (43:10): [True: 6.25k, False: 0] ------------------ 44| 6.25k| m_impl->set_io_buffer_size(io_buf_sz); 45| 6.25k| } 46| | 47| 6.25k| return; 48| 6.25k| } 49| 793|#endif 50| | 51| 793|#if defined(BOTAN_HAS_TLS_12) 52| 793| if(max_version.is_pre_tls_13()) { ------------------ | Branch (52:7): [True: 793, False: 0] ------------------ 53| 793| m_impl = std::make_unique(callbacks, session_manager, creds, policy, rng, is_datagram, io_buf_sz); 54| 793| return; 55| 793| } 56| 0|#endif 57| | 58| 0| BOTAN_UNUSED(max_version, callbacks, session_manager, creds, policy, rng, is_datagram, io_buf_sz); ------------------ | | 144| 0|#define BOTAN_UNUSED Botan::ignore_params ------------------ 59| 0| throw Not_Implemented("Requested TLS server version is not available in this build"); 60| 793|} _ZN5Botan3TLS6ServerD2Ev: 62| 7.04k|Server::~Server() = default; _ZN5Botan3TLS6Server9from_peerENSt3__14spanIKhLm18446744073709551615EEE: 64| 7.04k|size_t Server::from_peer(std::span data) { 65| 7.04k| auto read = m_impl->from_peer(data); 66| | 67| 7.04k|#if defined(BOTAN_HAS_TLS_12) 68| | // If TLS 1.2 is not available, we will never downgrade, the downgrade info 69| | // won't even be created and `is_downgrading()` would always return false. 70| 7.04k| if(m_impl->is_downgrading()) { ------------------ | Branch (70:7): [True: 3.99k, False: 3.04k] ------------------ 71| 3.99k| auto info = m_impl->extract_downgrade_info(); 72| 3.99k| m_impl = std::make_unique(*info); 73| | 74| | // replay peer data received so far 75| 3.99k| read = m_impl->from_peer(info->peer_transcript); 76| 3.99k| } 77| 7.04k|#endif 78| | 79| 7.04k| return read; 80| 7.04k|} _ZNK5Botan3TLS14Session_Handle20validate_constraintsEv: 34| 130|void Session_Handle::validate_constraints() const { 35| 130| std::visit(overloaded{ 36| 130| [](const Session_ID& id) { 37| | // RFC 5246 7.4.1.2 38| | // opaque SessionID<0..32>; 39| 130| BOTAN_ARG_CHECK(!id.empty(), "Session ID must not be empty"); 40| 130| BOTAN_ARG_CHECK(id.size() <= 32, "Session ID cannot be longer than 32 bytes"); 41| 130| }, 42| 130| [](const Session_Ticket& ticket) { 43| 130| BOTAN_ARG_CHECK(!ticket.empty(), "Ticket most not be empty"); 44| 130| BOTAN_ARG_CHECK(ticket.size() <= std::numeric_limits::max(), 45| 130| "Ticket cannot be longer than 64kB"); 46| 130| }, 47| 130| [](const Opaque_Session_Handle& handle) { 48| | // RFC 8446 4.6.1 49| | // opaque ticket<1..2^16-1>; 50| 130| BOTAN_ARG_CHECK(!handle.empty(), "Opaque session handle must not be empty"); 51| 130| BOTAN_ARG_CHECK(handle.size() <= std::numeric_limits::max(), 52| 130| "Opaque session handle cannot be longer than 64kB"); 53| 130| }, 54| 130| }, 55| 130| m_handle); 56| 130|} _ZN5Botan3TLS12Session_BaseD2Ev: 94| 258|Session_Base::~Session_Base() = default; _ZN5Botan3TLS12Session_BaseC2ERKS1_: 96| 129|Session_Base::Session_Base(const Session_Base& other) = default; _ZN5Botan3TLS12Session_BaseC2ENSt3__16chrono10time_pointINS3_12system_clockENS3_8durationIxNS2_5ratioILl1ELl1000000EEEEEEENS0_16Protocol_VersionEtNS0_15Connection_SideEtbbRKNS2_6vectorINS_16X509_CertificateENS2_9allocatorISE_EEEENS2_10shared_ptrIKNS_10Public_KeyEEENS0_18Server_InformationE: 112| 129| m_start_time(start_time), 113| 129| m_version(version), 114| 129| m_ciphersuite(ciphersuite), 115| 129| m_connection_side(connection_side), 116| 129| m_srtp_profile(srtp_profile), 117| 129| m_extended_master_secret(extended_master_secret), 118| 129| m_encrypt_then_mac(encrypt_then_mac), 119| 129| m_peer_certs(peer_certs), 120| 129| m_peer_raw_public_key(std::move(peer_raw_public_key)), 121| 129| m_server_info(std::move(server_info)) {} _ZNK5Botan3TLS12Session_Base11ciphersuiteEv: 123| 129|Ciphersuite Session_Base::ciphersuite() const { 124| 129| auto suite = Ciphersuite::by_id(m_ciphersuite); 125| 129| if(!suite.has_value()) { ------------------ | Branch (125:7): [True: 0, False: 129] ------------------ 126| 0| throw Decoding_Error("Failed to find cipher suite for ID " + std::to_string(m_ciphersuite)); 127| 0| } 128| 129| return suite.value(); 129| 129|} _ZN5Botan3TLS15Session_SummaryC2ERKNS0_12Session_BaseEbNSt3__18optionalINS5_12basic_stringIcNS5_11char_traitsIcEENS5_9allocatorIcEEEEEE: 134| 129| Session_Base(base), m_external_psk_identity(std::move(psk_identity)), m_was_resumption(was_resumption) { 135| 129| BOTAN_ARG_CHECK(version().is_pre_tls_13(), "Instantiated a TLS 1.2 session summary with an newer TLS version"); ------------------ | | 35| 129| do { \ | | 36| 129| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 129| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 129] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 129| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 129] | | ------------------ ------------------ 136| | 137| 129| const auto cs = ciphersuite(); 138| 129| m_kex_algo = cs.kex_algo(); 139| 129|} _ZN5Botan3TLS7SessionC2ERKNSt3__16vectorIhNS_16secure_allocatorIhEEEENS0_16Protocol_VersionEtNS0_15Connection_SideEbbRKNS3_INS_16X509_CertificateENS2_9allocatorISB_EEEERKNS0_18Server_InformationEtNS2_6chrono10time_pointINSK_12system_clockENSK_8durationIxNS2_5ratioILl1ELl1000000EEEEEEENSN_IxNSO_ILl1ELl1EEEEE: 250| 129| Session_Base(current_timestamp, 251| 129| version, 252| 129| ciphersuite, 253| 129| side, 254| 129| srtp_profile, 255| 129| extended_master_secret, 256| 129| encrypt_then_mac, 257| 129| certs, 258| 129| nullptr, // RFC 7250 (raw public keys) is NYI for TLS 1.2 259| 129| server_info), 260| 129| m_master_secret(master_secret), 261| 129| m_early_data_allowed(false), 262| 129| m_max_early_data_bytes(0), 263| 129| m_ticket_age_add(0), 264| 129| m_lifetime_hint(lifetime_hint) { 265| 129| BOTAN_ARG_CHECK(version.is_pre_tls_13(), "Instantiated a TLS 1.2 session object with a TLS version newer than 1.2"); ------------------ | | 35| 129| do { \ | | 36| 129| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 129| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 129] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 129| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 129] | | ------------------ ------------------ 266| 129|} tls_session.cpp:_ZZNK5Botan3TLS14Session_Handle20validate_constraintsEvENK3$_0clERKNS_6StrongINSt3__16vectorIhNS4_9allocatorIhEEEENS0_11Session_ID_EJEEE: 36| 106| [](const Session_ID& id) { 37| | // RFC 5246 7.4.1.2 38| | // opaque SessionID<0..32>; 39| 106| BOTAN_ARG_CHECK(!id.empty(), "Session ID must not be empty"); ------------------ | | 35| 106| do { \ | | 36| 106| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 106| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 106] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 106| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 106] | | ------------------ ------------------ 40| 106| BOTAN_ARG_CHECK(id.size() <= 32, "Session ID cannot be longer than 32 bytes"); ------------------ | | 35| 106| do { \ | | 36| 106| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 106| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 106] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 106| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 106] | | ------------------ ------------------ 41| 106| }, tls_session.cpp:_ZZNK5Botan3TLS14Session_Handle20validate_constraintsEvENK3$_1clERKNS_6StrongINSt3__16vectorIhNS4_9allocatorIhEEEENS0_15Session_Ticket_EJEEE: 42| 24| [](const Session_Ticket& ticket) { 43| 24| BOTAN_ARG_CHECK(!ticket.empty(), "Ticket most not be empty"); ------------------ | | 35| 24| do { \ | | 36| 24| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 24| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 24] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 24| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 24] | | ------------------ ------------------ 44| 24| BOTAN_ARG_CHECK(ticket.size() <= std::numeric_limits::max(), ------------------ | | 35| 24| do { \ | | 36| 24| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 24| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 24] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 24| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 24] | | ------------------ ------------------ 45| 24| "Ticket cannot be longer than 64kB"); 46| 24| }, _ZN5Botan3TLS15Session_ManagerC2ERKNSt3__110shared_ptrINS_21RandomNumberGeneratorEEE: 24| 7.04k|Session_Manager::Session_Manager(const std::shared_ptr& rng) : m_rng(rng) { 25| 7.04k| BOTAN_ASSERT_NONNULL(m_rng); ------------------ | | 116| 7.04k| do { \ | | 117| 7.04k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 7.04k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 7.04k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 7.04k] | | ------------------ ------------------ 26| 7.04k|} _ZN5Botan3TLS15Session_Manager8retrieveERKNS0_14Session_HandleERNS0_9CallbacksERKNS0_6PolicyE: 45| 26| const Policy& policy) { 46| | // Retrieving a session for a given handle does not require locking on this 47| | // level. Concurrent threads might handle the removal of an expired ticket 48| | // more than once, but removing an already removed ticket is a harmless NOOP. 49| | 50| 26| auto session = retrieve_one(handle); 51| 26| if(!session.has_value()) { ------------------ | Branch (51:7): [True: 26, False: 0] ------------------ 52| 26| return std::nullopt; 53| 26| } 54| | 55| | // A value of '0' means: No policy restrictions. 56| 0| const std::chrono::seconds policy_lifetime = 57| 0| (policy.session_ticket_lifetime().count() > 0) ? policy.session_ticket_lifetime() : std::chrono::seconds::max(); ------------------ | Branch (57:7): [True: 0, False: 0] ------------------ 58| | 59| | // RFC 5077 3.3 -- "Old Session Tickets" 60| | // A server MAY treat a ticket as valid for a shorter or longer period of 61| | // time than what is stated in the ticket_lifetime_hint. 62| | // 63| | // RFC 5246 F.1.4 -- TLS 1.2 64| | // If either party suspects that the session may have been compromised, or 65| | // that certificates may have expired or been revoked, it should force a 66| | // full handshake. An upper limit of 24 hours is suggested for session ID 67| | // lifetimes. 68| | // 69| | // RFC 8446 4.6.1 -- TLS 1.3 70| | // A server MAY treat a ticket as valid for a shorter period of time than 71| | // what is stated in the ticket_lifetime. 72| | // 73| | // Note: This disregards what is stored in the session (e.g. "lifetime_hint") 74| | // and only takes the local policy into account. The lifetime stored in 75| | // the sessions was taken from the same policy anyways and changes by 76| | // the application should have an immediate effect. 77| 0| const auto ticket_age = 78| 0| std::chrono::duration_cast(callbacks.tls_current_timestamp() - session->start_time()); 79| 0| const bool expired = ticket_age > policy_lifetime; 80| | 81| 0| if(expired) { ------------------ | Branch (81:7): [True: 0, False: 0] ------------------ 82| 0| remove(handle); 83| 0| return std::nullopt; 84| 0| } else { 85| 0| return session; 86| 0| } 87| 0|} _ZN5Botan3TLS20Session_Manager_NoopC2Ev: 16| 7.04k|Session_Manager_Noop::Session_Manager_Noop() : Session_Manager(std::make_shared()) {} _ZN5Botan3TLS20Session_Manager_Noop9establishERKNS0_7SessionERKNSt3__18optionalINS_6StrongINS5_6vectorIhNS5_9allocatorIhEEEENS0_11Session_ID_EJEEEEEb: 20| 129| bool /*tls12_no_ticket*/) { 21| 129| return {}; 22| 129|} _ZN5Botan3TLS20Session_Manager_Noop12retrieve_oneERKNS0_14Session_HandleE: 24| 26|std::optional Session_Manager_Noop::retrieve_one(const Session_Handle& /*handle*/) { 25| 26| return {}; 26| 26|} _ZN5Botan3TLS16Signature_Scheme21all_available_schemesEv: 17| 22.9k|const std::vector& Signature_Scheme::all_available_schemes() { 18| | /* 19| | * This is ordered in some approximate order of preference 20| | */ 21| 22.9k| static const std::vector all_schemes = { 22| | 23| | // EdDSA 25519 is currently not supported as a signature scheme for certificates 24| | // certificate authentication. 25| | // See: https://github.com/randombit/botan/pull/2958#discussion_r851294715 26| | // 27| | // #if defined(BOTAN_HAS_ED25519) 28| | // EDDSA_25519, 29| | // #endif 30| | 31| 22.9k| RSA_PSS_SHA384, 32| 22.9k| RSA_PSS_SHA256, 33| 22.9k| RSA_PSS_SHA512, 34| | 35| 22.9k| RSA_PKCS1_SHA384, 36| 22.9k| RSA_PKCS1_SHA512, 37| 22.9k| RSA_PKCS1_SHA256, 38| | 39| 22.9k| ECDSA_SHA384, 40| 22.9k| ECDSA_SHA512, 41| 22.9k| ECDSA_SHA256, 42| 22.9k| }; 43| | 44| 22.9k| return all_schemes; 45| 22.9k|} _ZN5Botan3TLS16Signature_SchemeC2Ev: 47| 3.26k|Signature_Scheme::Signature_Scheme() : m_code(NONE) {} _ZN5Botan3TLS16Signature_SchemeC2Et: 49| 32.0k|Signature_Scheme::Signature_Scheme(uint16_t wire_code) : Signature_Scheme(Signature_Scheme::Code(wire_code)) {} _ZN5Botan3TLS16Signature_SchemeC2ENS1_4CodeE: 51| 32.0k|Signature_Scheme::Signature_Scheme(Signature_Scheme::Code wire_code) : m_code(wire_code) {} _ZNK5Botan3TLS16Signature_Scheme12is_availableEv: 53| 16.3k|bool Signature_Scheme::is_available() const noexcept { 54| 16.3k| return value_exists(Signature_Scheme::all_available_schemes(), *this); 55| 16.3k|} _ZNK5Botan3TLS16Signature_Scheme6is_setEv: 57| 32|bool Signature_Scheme::is_set() const noexcept { 58| 32| return m_code != NONE; 59| 32|} _ZNK5Botan3TLS16Signature_Scheme18hash_function_nameEv: 98| 63.0k|std::string Signature_Scheme::hash_function_name() const noexcept { 99| 63.0k| switch(m_code) { 100| 0| case RSA_PKCS1_SHA1: ------------------ | Branch (100:7): [True: 0, False: 63.0k] ------------------ 101| 0| case ECDSA_SHA1: ------------------ | Branch (101:7): [True: 0, False: 63.0k] ------------------ 102| 0| return "SHA-1"; 103| | 104| 6.64k| case ECDSA_SHA256: ------------------ | Branch (104:7): [True: 6.64k, False: 56.4k] ------------------ 105| 13.3k| case RSA_PKCS1_SHA256: ------------------ | Branch (105:7): [True: 6.66k, False: 56.3k] ------------------ 106| 21.2k| case RSA_PSS_SHA256: ------------------ | Branch (106:7): [True: 7.91k, False: 55.1k] ------------------ 107| 21.2k| return "SHA-256"; 108| | 109| 6.64k| case ECDSA_SHA384: ------------------ | Branch (109:7): [True: 6.64k, False: 56.4k] ------------------ 110| 13.3k| case RSA_PKCS1_SHA384: ------------------ | Branch (110:7): [True: 6.74k, False: 56.3k] ------------------ 111| 21.7k| case RSA_PSS_SHA384: ------------------ | Branch (111:7): [True: 8.36k, False: 54.7k] ------------------ 112| 21.7k| return "SHA-384"; 113| | 114| 6.64k| case ECDSA_SHA512: ------------------ | Branch (114:7): [True: 6.64k, False: 56.4k] ------------------ 115| 13.3k| case RSA_PKCS1_SHA512: ------------------ | Branch (115:7): [True: 6.72k, False: 56.3k] ------------------ 116| 20.0k| case RSA_PSS_SHA512: ------------------ | Branch (116:7): [True: 6.71k, False: 56.3k] ------------------ 117| 20.0k| return "SHA-512"; 118| | 119| 0| case EDDSA_25519: ------------------ | Branch (119:7): [True: 0, False: 63.0k] ------------------ 120| 0| case EDDSA_448: ------------------ | Branch (120:7): [True: 0, False: 63.0k] ------------------ 121| 0| return "Pure"; 122| | 123| 0| default: ------------------ | Branch (123:7): [True: 0, False: 63.0k] ------------------ 124| 0| return "Unknown hash function"; 125| 63.0k| } 126| 63.0k|} _ZNK5Botan3TLS16Signature_Scheme14algorithm_nameEv: 164| 63.0k|std::string Signature_Scheme::algorithm_name() const noexcept { 165| 63.0k| switch(m_code) { 166| 0| case RSA_PKCS1_SHA1: ------------------ | Branch (166:7): [True: 0, False: 63.0k] ------------------ 167| 6.66k| case RSA_PKCS1_SHA256: ------------------ | Branch (167:7): [True: 6.66k, False: 56.3k] ------------------ 168| 13.4k| case RSA_PKCS1_SHA384: ------------------ | Branch (168:7): [True: 6.74k, False: 56.3k] ------------------ 169| 20.1k| case RSA_PKCS1_SHA512: ------------------ | Branch (169:7): [True: 6.72k, False: 56.3k] ------------------ 170| 28.0k| case RSA_PSS_SHA256: ------------------ | Branch (170:7): [True: 7.91k, False: 55.1k] ------------------ 171| 36.4k| case RSA_PSS_SHA384: ------------------ | Branch (171:7): [True: 8.36k, False: 54.6k] ------------------ 172| 43.1k| case RSA_PSS_SHA512: ------------------ | Branch (172:7): [True: 6.70k, False: 56.3k] ------------------ 173| 43.1k| return "RSA"; 174| | 175| 0| case ECDSA_SHA1: ------------------ | Branch (175:7): [True: 0, False: 63.0k] ------------------ 176| 6.64k| case ECDSA_SHA256: ------------------ | Branch (176:7): [True: 6.64k, False: 56.4k] ------------------ 177| 13.2k| case ECDSA_SHA384: ------------------ | Branch (177:7): [True: 6.64k, False: 56.4k] ------------------ 178| 19.9k| case ECDSA_SHA512: ------------------ | Branch (178:7): [True: 6.64k, False: 56.4k] ------------------ 179| 19.9k| return "ECDSA"; 180| | 181| 0| case EDDSA_25519: ------------------ | Branch (181:7): [True: 0, False: 63.0k] ------------------ 182| 0| return "Ed25519"; 183| | 184| 0| case EDDSA_448: ------------------ | Branch (184:7): [True: 0, False: 63.0k] ------------------ 185| 0| return "Ed448"; 186| | 187| 0| default: ------------------ | Branch (187:7): [True: 0, False: 63.0k] ------------------ 188| 0| return "Unknown algorithm"; 189| 63.0k| } 190| 63.0k|} _ZNK5Botan3TLS16Signature_Scheme20algorithm_identifierEv: 230| 32.6k|AlgorithmIdentifier Signature_Scheme::algorithm_identifier() const noexcept { 231| 32.6k| switch(m_code) { 232| 180| case RSA_PKCS1_SHA1: ------------------ | Branch (232:7): [True: 180, False: 32.4k] ------------------ 233| 180| return AlgorithmIdentifier(OID::from_string("RSA/PKCS1v15(SHA-1)"), AlgorithmIdentifier::USE_NULL_PARAM); 234| 102| case RSA_PKCS1_SHA256: ------------------ | Branch (234:7): [True: 102, False: 32.5k] ------------------ 235| 102| return AlgorithmIdentifier(OID::from_string("RSA/PKCS1v15(SHA-256)"), AlgorithmIdentifier::USE_NULL_PARAM); 236| 252| case RSA_PKCS1_SHA384: ------------------ | Branch (236:7): [True: 252, False: 32.3k] ------------------ 237| 252| return AlgorithmIdentifier(OID::from_string("RSA/PKCS1v15(SHA-384)"), AlgorithmIdentifier::USE_NULL_PARAM); 238| 222| case RSA_PKCS1_SHA512: ------------------ | Branch (238:7): [True: 222, False: 32.4k] ------------------ 239| 222| return AlgorithmIdentifier(OID::from_string("RSA/PKCS1v15(SHA-512)"), AlgorithmIdentifier::USE_NULL_PARAM); 240| | 241| 38| case ECDSA_SHA1: ------------------ | Branch (241:7): [True: 38, False: 32.6k] ------------------ 242| 38| return AlgorithmIdentifier(OID::from_string("ECDSA/SHA-1"), AlgorithmIdentifier::USE_EMPTY_PARAM); 243| 52| case ECDSA_SHA256: ------------------ | Branch (243:7): [True: 52, False: 32.5k] ------------------ 244| 52| return AlgorithmIdentifier(OID::from_string("ECDSA/SHA-256"), AlgorithmIdentifier::USE_EMPTY_PARAM); 245| 58| case ECDSA_SHA384: ------------------ | Branch (245:7): [True: 58, False: 32.5k] ------------------ 246| 58| return AlgorithmIdentifier(OID::from_string("ECDSA/SHA-384"), AlgorithmIdentifier::USE_EMPTY_PARAM); 247| 52| case ECDSA_SHA512: ------------------ | Branch (247:7): [True: 52, False: 32.5k] ------------------ 248| 52| return AlgorithmIdentifier(OID::from_string("ECDSA/SHA-512"), AlgorithmIdentifier::USE_EMPTY_PARAM); 249| | 250| 2.59k| case RSA_PSS_SHA256: ------------------ | Branch (250:7): [True: 2.59k, False: 30.0k] ------------------ 251| 2.59k| return AlgorithmIdentifier(OID::from_string("RSA/PSS"), PSS_Params("SHA-256", 32).serialize()); 252| 3.48k| case RSA_PSS_SHA384: ------------------ | Branch (252:7): [True: 3.48k, False: 29.1k] ------------------ 253| 3.48k| return AlgorithmIdentifier(OID::from_string("RSA/PSS"), PSS_Params("SHA-384", 48).serialize()); 254| 184| case RSA_PSS_SHA512: ------------------ | Branch (254:7): [True: 184, False: 32.4k] ------------------ 255| 184| return AlgorithmIdentifier(OID::from_string("RSA/PSS"), PSS_Params("SHA-512", 64).serialize()); 256| | 257| 25.4k| default: ------------------ | Branch (257:7): [True: 25.4k, False: 7.22k] ------------------ 258| | // Note that Ed25519 and Ed448 end up here 259| 25.4k| return AlgorithmIdentifier(); 260| 32.6k| } 261| 32.6k|} _ZNK5Botan3TLS16Signature_Scheme18is_compatible_withERKNS0_16Protocol_VersionE: 287| 9|bool Signature_Scheme::is_compatible_with(const Protocol_Version& protocol_version) const noexcept { 288| | // RFC 8446 4.4.3: 289| | // The SHA-1 algorithm MUST NOT be used in any signatures of 290| | // CertificateVerify messages. 291| | // 292| | // Note that Botan enforces that for TLS 1.2 as well. 293| 9| if(hash_function_name() == "SHA-1") { ------------------ | Branch (293:7): [True: 0, False: 9] ------------------ 294| 0| return false; 295| 0| } 296| | 297| | // RFC 8446 4.4.3: 298| | // RSA signatures MUST use an RSASSA-PSS algorithm, regardless of whether 299| | // RSASSA-PKCS1-v1_5 algorithms appear in "signature_algorithms". 300| | // 301| | // Note that this is enforced for TLS 1.3 and above only. 302| 9| if(!protocol_version.is_pre_tls_13() && (m_code == RSA_PKCS1_SHA1 || m_code == RSA_PKCS1_SHA256 || ------------------ | Branch (302:7): [True: 9, False: 0] | Branch (302:45): [True: 0, False: 9] | Branch (302:73): [True: 1, False: 8] ------------------ 303| 8| m_code == RSA_PKCS1_SHA384 || m_code == RSA_PKCS1_SHA512)) { ------------------ | Branch (303:45): [True: 1, False: 7] | Branch (303:75): [True: 1, False: 6] ------------------ 304| 3| return false; 305| 3| } 306| | 307| 6| return true; 308| 9|} _ZN5Botan3TLS24to_algorithm_identifiersERKNSt3__16vectorINS0_16Signature_SchemeENS1_9allocatorIS3_EEEE: 336| 6.78k|std::vector to_algorithm_identifiers(const std::vector& schemes) { 337| 6.78k| std::vector result; 338| 6.78k| result.reserve(schemes.size()); 339| 32.6k| for(const auto& scheme : schemes) { ------------------ | Branch (339:27): [True: 32.6k, False: 6.78k] ------------------ 340| 32.6k| result.push_back(scheme.algorithm_identifier()); 341| 32.6k| } 342| 6.78k| return result; 343| 6.78k|} _ZN5Botan3TLS11Ciphersuite15is_known_usableEt: 338| 102|bool Ciphersuite::is_known_usable(uint16_t code) { 339| 102| static constexpr auto codes = available_ciphersuites(); 340| 102| return std::binary_search(codes.begin(), codes.end(), code); 341| 102|} _ZN5Botan3TLS11Ciphersuite22all_known_ciphersuitesEv: 344| 13.3k|const std::vector& Ciphersuite::all_known_ciphersuites() { 345| | // clang-format off 346| | 347| | // Note that this list of ciphersuites is ordered by id! 348| 13.3k| static const std::vector g_ciphersuite_list = { 349| 13.3k| Ciphersuite(0x000A, "RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 350| 13.3k| Ciphersuite(0x0016, "DHE_RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 351| 13.3k| Ciphersuite(0x002C, "PSK_WITH_NULL_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "NULL", 0, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::NULL_CIPHER), 352| 13.3k| Ciphersuite(0x002F, "RSA_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 353| 13.3k| Ciphersuite(0x0033, "DHE_RSA_WITH_AES_128_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 354| 13.3k| Ciphersuite(0x0035, "RSA_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 355| 13.3k| Ciphersuite(0x0039, "DHE_RSA_WITH_AES_256_CBC_SHA", Auth_Method::RSA, Kex_Algo::DH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 356| 13.3k| Ciphersuite(0x003C, "RSA_WITH_AES_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), 357| 13.3k| Ciphersuite(0x003D, "RSA_WITH_AES_256_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256", 32, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), 358| 13.3k| Ciphersuite(0x0067, "DHE_RSA_WITH_AES_128_CBC_SHA256", Auth_Method::RSA, Kex_Algo::DH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), 359| 13.3k| Ciphersuite(0x006B, "DHE_RSA_WITH_AES_256_CBC_SHA256", Auth_Method::RSA, Kex_Algo::DH, "AES-256", 32, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), 360| 13.3k| Ciphersuite(0x008B, "PSK_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 361| 13.3k| Ciphersuite(0x008C, "PSK_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 362| 13.3k| Ciphersuite(0x008D, "PSK_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 363| 13.3k| Ciphersuite(0x009C, "RSA_WITH_AES_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 364| 13.3k| Ciphersuite(0x009D, "RSA_WITH_AES_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 365| 13.3k| Ciphersuite(0x009E, "DHE_RSA_WITH_AES_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::DH, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 366| 13.3k| Ciphersuite(0x009F, "DHE_RSA_WITH_AES_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::DH, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 367| 13.3k| Ciphersuite(0x00A8, "PSK_WITH_AES_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 368| 13.3k| Ciphersuite(0x00A9, "PSK_WITH_AES_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 369| 13.3k| Ciphersuite(0x00AE, "PSK_WITH_AES_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), 370| 13.3k| Ciphersuite(0x00AF, "PSK_WITH_AES_256_CBC_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), 371| 13.3k| Ciphersuite(0x00B0, "PSK_WITH_NULL_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "NULL", 0, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::NULL_CIPHER), 372| 13.3k| Ciphersuite(0x00B1, "PSK_WITH_NULL_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "NULL", 0, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::NULL_CIPHER), 373| 13.3k| Ciphersuite(0x1301, "AES_128_GCM_SHA256", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 374| 13.3k| Ciphersuite(0x1302, "AES_256_GCM_SHA384", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 375| 13.3k| Ciphersuite(0x1303, "CHACHA20_POLY1305_SHA256", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 376| 13.3k| Ciphersuite(0x1304, "AES_128_CCM_SHA256", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 377| 13.3k| Ciphersuite(0x1305, "AES_128_CCM_8_SHA256", Auth_Method::UNDEFINED, Kex_Algo::UNDEFINED, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 378| 13.3k| Ciphersuite(0xC006, "ECDHE_ECDSA_WITH_NULL_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "NULL", 0, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::NULL_CIPHER), 379| 13.3k| Ciphersuite(0xC008, "ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 380| 13.3k| Ciphersuite(0xC009, "ECDHE_ECDSA_WITH_AES_128_CBC_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 381| 13.3k| Ciphersuite(0xC00A, "ECDHE_ECDSA_WITH_AES_256_CBC_SHA", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 382| 13.3k| Ciphersuite(0xC010, "ECDHE_RSA_WITH_NULL_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "NULL", 0, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::NULL_CIPHER), 383| 13.3k| Ciphersuite(0xC012, "ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 384| 13.3k| Ciphersuite(0xC013, "ECDHE_RSA_WITH_AES_128_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 385| 13.3k| Ciphersuite(0xC014, "ECDHE_RSA_WITH_AES_256_CBC_SHA", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 386| 13.3k| Ciphersuite(0xC023, "ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), 387| 13.3k| Ciphersuite(0xC024, "ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), 388| 13.3k| Ciphersuite(0xC027, "ECDHE_RSA_WITH_AES_128_CBC_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), 389| 13.3k| Ciphersuite(0xC028, "ECDHE_RSA_WITH_AES_256_CBC_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), 390| 13.3k| Ciphersuite(0xC02B, "ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 391| 13.3k| Ciphersuite(0xC02C, "ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 392| 13.3k| Ciphersuite(0xC02F, "ECDHE_RSA_WITH_AES_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 393| 13.3k| Ciphersuite(0xC030, "ECDHE_RSA_WITH_AES_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 394| 13.3k| Ciphersuite(0xC034, "ECDHE_PSK_WITH_3DES_EDE_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "3DES", 24, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 395| 13.3k| Ciphersuite(0xC035, "ECDHE_PSK_WITH_AES_128_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128", 16, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 396| 13.3k| Ciphersuite(0xC036, "ECDHE_PSK_WITH_AES_256_CBC_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256", 32, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::CBC_MODE), 397| 13.3k| Ciphersuite(0xC037, "ECDHE_PSK_WITH_AES_128_CBC_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128", 16, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::CBC_MODE), 398| 13.3k| Ciphersuite(0xC038, "ECDHE_PSK_WITH_AES_256_CBC_SHA384", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256", 32, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::CBC_MODE), 399| 13.3k| Ciphersuite(0xC039, "ECDHE_PSK_WITH_NULL_SHA", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "NULL", 0, "SHA-1", 20, KDF_Algo::SHA_1, Nonce_Format::NULL_CIPHER), 400| 13.3k| Ciphersuite(0xC03A, "ECDHE_PSK_WITH_NULL_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "NULL", 0, "SHA-256", 32, KDF_Algo::SHA_256, Nonce_Format::NULL_CIPHER), 401| 13.3k| Ciphersuite(0xC03B, "ECDHE_PSK_WITH_NULL_SHA384", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "NULL", 0, "SHA-384", 48, KDF_Algo::SHA_384, Nonce_Format::NULL_CIPHER), 402| 13.3k| Ciphersuite(0xC050, "RSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 403| 13.3k| Ciphersuite(0xC051, "RSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 404| 13.3k| Ciphersuite(0xC052, "DHE_RSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::DH, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 405| 13.3k| Ciphersuite(0xC053, "DHE_RSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::DH, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 406| 13.3k| Ciphersuite(0xC05C, "ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 407| 13.3k| Ciphersuite(0xC05D, "ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 408| 13.3k| Ciphersuite(0xC060, "ECDHE_RSA_WITH_ARIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 409| 13.3k| Ciphersuite(0xC061, "ECDHE_RSA_WITH_ARIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 410| 13.3k| Ciphersuite(0xC06A, "PSK_WITH_ARIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "ARIA-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 411| 13.3k| Ciphersuite(0xC06B, "PSK_WITH_ARIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "ARIA-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 412| 13.3k| Ciphersuite(0xC07A, "RSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 413| 13.3k| Ciphersuite(0xC07B, "RSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 414| 13.3k| Ciphersuite(0xC07C, "DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::DH, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 415| 13.3k| Ciphersuite(0xC07D, "DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::DH, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 416| 13.3k| Ciphersuite(0xC086, "ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 417| 13.3k| Ciphersuite(0xC087, "ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::ECDSA, Kex_Algo::ECDH, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 418| 13.3k| Ciphersuite(0xC08A, "ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 419| 13.3k| Ciphersuite(0xC08B, "ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::RSA, Kex_Algo::ECDH, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 420| 13.3k| Ciphersuite(0xC08E, "PSK_WITH_CAMELLIA_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "Camellia-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 421| 13.3k| Ciphersuite(0xC08F, "PSK_WITH_CAMELLIA_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::PSK, "Camellia-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 422| 13.3k| Ciphersuite(0xC09C, "RSA_WITH_AES_128_CCM", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 423| 13.3k| Ciphersuite(0xC09D, "RSA_WITH_AES_256_CCM", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 424| 13.3k| Ciphersuite(0xC09E, "DHE_RSA_WITH_AES_128_CCM", Auth_Method::RSA, Kex_Algo::DH, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 425| 13.3k| Ciphersuite(0xC09F, "DHE_RSA_WITH_AES_256_CCM", Auth_Method::RSA, Kex_Algo::DH, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 426| 13.3k| Ciphersuite(0xC0A0, "RSA_WITH_AES_128_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 427| 13.3k| Ciphersuite(0xC0A1, "RSA_WITH_AES_256_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::STATIC_RSA, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 428| 13.3k| Ciphersuite(0xC0A2, "DHE_RSA_WITH_AES_128_CCM_8", Auth_Method::RSA, Kex_Algo::DH, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 429| 13.3k| Ciphersuite(0xC0A3, "DHE_RSA_WITH_AES_256_CCM_8", Auth_Method::RSA, Kex_Algo::DH, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 430| 13.3k| Ciphersuite(0xC0A4, "PSK_WITH_AES_128_CCM", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 431| 13.3k| Ciphersuite(0xC0A5, "PSK_WITH_AES_256_CCM", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 432| 13.3k| Ciphersuite(0xC0A8, "PSK_WITH_AES_128_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 433| 13.3k| Ciphersuite(0xC0A9, "PSK_WITH_AES_256_CCM_8", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 434| 13.3k| Ciphersuite(0xC0AC, "ECDHE_ECDSA_WITH_AES_128_CCM", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 435| 13.3k| Ciphersuite(0xC0AD, "ECDHE_ECDSA_WITH_AES_256_CCM", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/CCM", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 436| 13.3k| Ciphersuite(0xC0AE, "ECDHE_ECDSA_WITH_AES_128_CCM_8", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 437| 13.3k| Ciphersuite(0xC0AF, "ECDHE_ECDSA_WITH_AES_256_CCM_8", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/CCM(8)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 438| 13.3k| Ciphersuite(0xCCA8, "ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 439| 13.3k| Ciphersuite(0xCCA9, "ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 440| 13.3k| Ciphersuite(0xCCAA, "DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::RSA, Kex_Algo::DH, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 441| 13.3k| Ciphersuite(0xCCAB, "PSK_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 442| 13.3k| Ciphersuite(0xCCAC, "ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "ChaCha20Poly1305", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 443| 13.3k| Ciphersuite(0xD001, "ECDHE_PSK_WITH_AES_128_GCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128/GCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 444| 13.3k| Ciphersuite(0xD002, "ECDHE_PSK_WITH_AES_256_GCM_SHA384", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256/GCM", 32, "AEAD", 0, KDF_Algo::SHA_384, Nonce_Format::AEAD_IMPLICIT_4), 445| 13.3k| Ciphersuite(0xD003, "ECDHE_PSK_WITH_AES_128_CCM_8_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128/CCM(8)", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 446| 13.3k| Ciphersuite(0xD005, "ECDHE_PSK_WITH_AES_128_CCM_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-128/CCM", 16, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_IMPLICIT_4), 447| 13.3k| Ciphersuite(0xFFC3, "ECDHE_RSA_WITH_AES_256_OCB_SHA256", Auth_Method::RSA, Kex_Algo::ECDH, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 448| 13.3k| Ciphersuite(0xFFC5, "ECDHE_ECDSA_WITH_AES_256_OCB_SHA256", Auth_Method::ECDSA, Kex_Algo::ECDH, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 449| 13.3k| Ciphersuite(0xFFC7, "PSK_WITH_AES_256_OCB_SHA256", Auth_Method::IMPLICIT, Kex_Algo::PSK, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 450| 13.3k| Ciphersuite(0xFFCB, "ECDHE_PSK_WITH_AES_256_OCB_SHA256", Auth_Method::IMPLICIT, Kex_Algo::ECDHE_PSK, "AES-256/OCB(12)", 32, "AEAD", 0, KDF_Algo::SHA_256, Nonce_Format::AEAD_XOR_12), 451| 13.3k| }; 452| | 453| | // clang-format on 454| | 455| 13.3k| return g_ciphersuite_list; 456| 13.3k|} _ZNK5Botan3TLS16Protocol_Version9to_stringEv: 34| 84|std::string Protocol_Version::to_string() const { 35| 84| const uint8_t maj = major_version(); 36| 84| const uint8_t min = minor_version(); 37| | 38| 84| if(maj == 3 && min == 0) { ------------------ | Branch (38:7): [True: 14, False: 70] | Branch (38:19): [True: 1, False: 13] ------------------ 39| 1| return "SSL v3"; 40| 1| } 41| | 42| 83| if(maj == 3 && min >= 1) { // TLS v1.x ------------------ | Branch (42:7): [True: 13, False: 70] | Branch (42:19): [True: 13, False: 0] ------------------ 43| 13| return "TLS v1." + std::to_string(min - 1); 44| 13| } 45| | 46| 70| if(maj == 254) { // DTLS 1.x ------------------ | Branch (46:7): [True: 16, False: 54] ------------------ 47| 16| return "DTLS v1." + std::to_string(255 - min); 48| 16| } 49| | 50| | // Some very new or very old protocol (or bogus data) 51| 54| return "Unknown " + std::to_string(maj) + "." + std::to_string(min); 52| 70|} _ZNK5Botan3TLS16Protocol_Version20is_datagram_protocolEv: 54| 521k|bool Protocol_Version::is_datagram_protocol() const { 55| 521k| return major_version() > 250; 56| 521k|} _ZNK5Botan3TLS16Protocol_Version13is_pre_tls_13Ev: 58| 337k|bool Protocol_Version::is_pre_tls_13() const { 59| 337k| return (!is_datagram_protocol() && *this <= Protocol_Version::TLS_V12) || ------------------ | Branch (59:12): [True: 335k, False: 2.13k] | Branch (59:39): [True: 329k, False: 6.36k] ------------------ 60| 8.49k| (is_datagram_protocol() && *this <= Protocol_Version::DTLS_V12); ------------------ | Branch (60:12): [True: 2.13k, False: 6.36k] | Branch (60:38): [True: 2.12k, False: 15] ------------------ 61| 337k|} _ZNK5Botan3TLS16Protocol_Version18is_tls_13_or_laterEv: 63| 29|bool Protocol_Version::is_tls_13_or_later() const { 64| 29| return (!is_datagram_protocol() && *this >= Protocol_Version::TLS_V13) || ------------------ | Branch (64:12): [True: 18, False: 11] | Branch (64:39): [True: 8, False: 10] ------------------ 65| 21| (is_datagram_protocol() && *this >= Protocol_Version::DTLS_V13); ------------------ | Branch (65:12): [True: 11, False: 10] | Branch (65:38): [True: 8, False: 3] ------------------ 66| 29|} _ZNK5Botan3TLS16Protocol_VersiongtERKS1_: 68| 18.0k|bool Protocol_Version::operator>(const Protocol_Version& other) const { 69| 18.0k| if(this->is_datagram_protocol() != other.is_datagram_protocol()) { ------------------ | Branch (69:7): [True: 0, False: 18.0k] ------------------ 70| 0| throw TLS_Exception(Alert::ProtocolVersion, "Version comparing " + to_string() + " with " + other.to_string()); 71| 0| } 72| | 73| 18.0k| if(this->is_datagram_protocol()) { ------------------ | Branch (73:7): [True: 8.13k, False: 9.92k] ------------------ 74| 8.13k| return m_version < other.m_version; // goes backwards 75| 8.13k| } 76| | 77| 9.92k| return m_version > other.m_version; 78| 18.0k|} _ZNK5Botan3TLS16Protocol_Version5validEv: 80| 12.2k|bool Protocol_Version::valid() const { 81| 12.2k| const uint8_t maj = major_version(); 82| 12.2k| const uint8_t min = minor_version(); 83| | 84| 12.2k| if(maj == 3 && min <= 4) { ------------------ | Branch (84:7): [True: 0, False: 12.2k] | Branch (84:19): [True: 0, False: 0] ------------------ 85| | // 3.0: SSLv3 86| | // 3.1: TLS 1.0 87| | // 3.2: TLS 1.1 88| | // 3.3: TLS 1.2 89| | // 3.4: TLS 1.3 90| 0| return true; 91| 0| } 92| | 93| 12.2k| if(maj == 254 && (min == 253 || min == 255)) { ------------------ | Branch (93:7): [True: 0, False: 12.2k] | Branch (93:22): [True: 0, False: 0] | Branch (93:36): [True: 0, False: 0] ------------------ 94| | // 254.253: DTLS 1.2 95| | // 254.255: DTLS 1.0 96| 0| return true; 97| 0| } 98| | 99| 12.2k| return false; 100| 12.2k|} _ZN5Botan15allocate_memoryEmm: 21| 631k|BOTAN_MALLOC_FN void* allocate_memory(size_t elems, size_t elem_size) { 22| 631k| if(elems == 0 || elem_size == 0) { ------------------ | Branch (22:7): [True: 0, False: 631k] | Branch (22:21): [True: 0, False: 631k] ------------------ 23| 0| return nullptr; 24| 0| } 25| | 26| | // Some calloc implementations do not check for overflow (?!?) 27| 631k| if(!checked_mul(elems, elem_size).has_value()) { ------------------ | Branch (27:7): [True: 0, False: 631k] ------------------ 28| 0| throw std::bad_alloc(); 29| 0| } 30| | 31| |#if defined(BOTAN_HAS_LOCKING_ALLOCATOR) 32| | // NOLINTNEXTLINE(*-const-correctness) bug in clang-tidy 33| | if(void* p = mlock_allocator::instance().allocate(elems, elem_size)) { 34| | return p; 35| | } 36| |#endif 37| | 38| |#if defined(BOTAN_TARGET_OS_HAS_ALLOC_CONCEAL) 39| | void* ptr = ::calloc_conceal(elems, elem_size); 40| |#else 41| | // NOLINTNEXTLINE(*-const-correctness) bug in clang-tidy 42| 631k| void* ptr = std::calloc(elems, elem_size); // NOLINT(*-no-malloc,*-owning-memory) 43| 631k|#endif 44| 631k| if(ptr == nullptr) { ------------------ | Branch (44:7): [True: 0, False: 631k] ------------------ 45| 0| [[unlikely]] throw std::bad_alloc(); 46| 0| } 47| 631k| return ptr; 48| 631k|} _ZN5Botan17deallocate_memoryEPvmm: 50| 631k|void deallocate_memory(void* p, size_t elems, size_t elem_size) { 51| 631k| if(p == nullptr) { ------------------ | Branch (51:7): [True: 0, False: 631k] ------------------ 52| 0| [[unlikely]] return; 53| 0| } 54| | 55| 631k| secure_scrub_memory(p, elems * elem_size); 56| | 57| |#if defined(BOTAN_HAS_LOCKING_ALLOCATOR) 58| | if(mlock_allocator::instance().deallocate(p, elems, elem_size)) { 59| | return; 60| | } 61| |#endif 62| | 63| 631k| std::free(p); // NOLINT(*-no-malloc,*-owning-memory) 64| 631k|} _ZN5Botan20initialize_allocatorEv: 66| 1|void initialize_allocator() { 67| |#if defined(BOTAN_HAS_LOCKING_ALLOCATOR) 68| | mlock_allocator::instance(); 69| |#endif 70| 1|} _ZN5Botan22throw_invalid_argumentEPKcS1_S1_: 23| 12|void throw_invalid_argument(const char* message, const char* func, const char* file) { 24| 12| throw Invalid_Argument(fmt("{} in {}:{}", message, func, file)); 25| 12|} _ZN5Botan13is_valid_utf8ENSt3__117basic_string_viewIcNS0_11char_traitsIcEEEE: 106| 14.1k|bool is_valid_utf8(std::string_view utf8) { 107| 14.1k| try { 108| 14.1k| size_t pos = 0; 109| 254k| while(pos < utf8.size()) { ------------------ | Branch (109:13): [True: 240k, False: 14.1k] ------------------ 110| 240k| const uint32_t c = next_utf8_codepoint(utf8, pos); 111| 240k| BOTAN_UNUSED(c); ------------------ | | 144| 240k|#define BOTAN_UNUSED Botan::ignore_params ------------------ 112| 240k| } 113| 14.1k| } catch(Decoding_Error&) { 114| 30| return false; 115| 30| } 116| 14.1k| return true; 117| 14.1k|} _ZN5Botan12ucs2_to_utf8ENSt3__14spanIKhLm18446744073709551615EEE: 119| 23|std::string ucs2_to_utf8(std::span ucs2) { 120| 23| if(ucs2.size() % 2 != 0) { ------------------ | Branch (120:7): [True: 1, False: 22] ------------------ 121| 1| throw Decoding_Error("Invalid length for UCS-2 string"); 122| 1| } 123| | 124| 22| const size_t chars = ucs2.size() / 2; 125| | 126| 22| std::string s; 127| 282| for(size_t i = 0; i != chars; ++i) { ------------------ | Branch (127:22): [True: 260, False: 22] ------------------ 128| 260| const uint32_t c = load_be(ucs2.data(), i); 129| 260| append_utf8_for(s, c); 130| 260| } 131| | 132| 22| return s; 133| 23|} _ZN5Botan12ucs4_to_utf8ENSt3__14spanIKhLm18446744073709551615EEE: 153| 58|std::string ucs4_to_utf8(std::span ucs4) { 154| 58| if(ucs4.size() % 4 != 0) { ------------------ | Branch (154:7): [True: 1, False: 57] ------------------ 155| 1| throw Decoding_Error("Invalid length for UCS-4 string"); 156| 1| } 157| | 158| 57| const size_t chars = ucs4.size() / 4; 159| | 160| 57| std::string s; 161| 249| for(size_t i = 0; i != chars; ++i) { ------------------ | Branch (161:22): [True: 192, False: 57] ------------------ 162| 192| const uint32_t c = load_be(ucs4.data(), i); 163| 192| append_utf8_for(s, c); 164| 192| } 165| | 166| 57| return s; 167| 58|} _ZN5Botan14latin1_to_utf8ENSt3__14spanIKhLm18446744073709551615EEE: 188| 24|std::string latin1_to_utf8(std::span chars) { 189| 24| std::string s; 190| 285| for(const uint8_t b : chars) { ------------------ | Branch (190:24): [True: 285, False: 24] ------------------ 191| 285| append_utf8_for(s, static_cast(b)); 192| 285| } 193| 24| return s; 194| 24|} charset.cpp:_ZN5Botan12_GLOBAL__N_119next_utf8_codepointENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEERm: 52| 240k|uint32_t next_utf8_codepoint(std::string_view utf8, size_t& pos) { 53| 240k| auto read_continuation = [&]() -> uint32_t { 54| 240k| if(pos >= utf8.size()) { 55| 240k| throw Decoding_Error("Invalid UTF-8 sequence"); 56| 240k| } 57| 240k| const uint8_t b = static_cast(utf8[pos++]); 58| 240k| if((b & 0xC0) != 0x80) { 59| 240k| throw Decoding_Error("Invalid UTF-8 sequence"); 60| 240k| } 61| 240k| return b & 0x3F; 62| 240k| }; 63| | 64| 240k| const uint8_t lead = static_cast(utf8[pos++]); 65| 240k| uint32_t c = 0; 66| | 67| 240k| if(lead <= 0x7F) { ------------------ | Branch (67:7): [True: 239k, False: 123] ------------------ 68| 239k| c = lead; 69| 239k| } else if((lead & 0xE0) == 0xC0) { ------------------ | Branch (69:14): [True: 17, False: 106] ------------------ 70| 17| c = (lead & 0x1F) << 6; 71| 17| c |= read_continuation(); 72| 17| if(c < 0x80) { ------------------ | Branch (72:10): [True: 1, False: 16] ------------------ 73| 1| throw Decoding_Error("Overlong UTF-8 sequence"); 74| 1| } 75| 106| } else if((lead & 0xF0) == 0xE0) { ------------------ | Branch (75:14): [True: 48, False: 58] ------------------ 76| 48| c = (lead & 0x0F) << 12; 77| 48| c |= read_continuation() << 6; 78| 48| c |= read_continuation(); 79| 48| if(c < 0x800) { ------------------ | Branch (79:10): [True: 3, False: 45] ------------------ 80| 3| throw Decoding_Error("Overlong UTF-8 sequence"); 81| 3| } 82| 58| } else if((lead & 0xF8) == 0xF0) { ------------------ | Branch (82:14): [True: 43, False: 15] ------------------ 83| 43| c = (lead & 0x07) << 18; 84| 43| c |= read_continuation() << 12; 85| 43| c |= read_continuation() << 6; 86| 43| c |= read_continuation(); 87| 43| if(c < 0x10000) { ------------------ | Branch (87:10): [True: 2, False: 41] ------------------ 88| 2| throw Decoding_Error("Overlong UTF-8 sequence"); 89| 2| } 90| 43| } else { 91| 15| throw Decoding_Error("Invalid UTF-8 sequence"); 92| 15| } 93| | 94| 240k| if(c > 0x10FFFF) { ------------------ | Branch (94:7): [True: 1, False: 240k] ------------------ 95| 1| throw Decoding_Error("UTF-8 sequence encodes value outside Unicode range"); 96| 1| } 97| 240k| if(c >= 0xD800 && c < 0xE000) { ------------------ | Branch (97:7): [True: 40, False: 240k] | Branch (97:22): [True: 1, False: 39] ------------------ 98| 1| throw Decoding_Error("UTF-8 sequence encodes surrogate code point"); 99| 1| } 100| | 101| 240k| return c; 102| 240k|} charset.cpp:_ZZN5Botan12_GLOBAL__N_119next_utf8_codepointENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEERmENK3$_0clEv: 53| 239| auto read_continuation = [&]() -> uint32_t { 54| 239| if(pos >= utf8.size()) { ------------------ | Branch (54:10): [True: 3, False: 236] ------------------ 55| 3| throw Decoding_Error("Invalid UTF-8 sequence"); 56| 3| } 57| 236| const uint8_t b = static_cast(utf8[pos++]); 58| 236| if((b & 0xC0) != 0x80) { ------------------ | Branch (58:10): [True: 4, False: 232] ------------------ 59| 4| throw Decoding_Error("Invalid UTF-8 sequence"); 60| 4| } 61| 232| return b & 0x3F; 62| 236| }; charset.cpp:_ZN5Botan12_GLOBAL__N_115append_utf8_forERNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEj: 18| 737|void append_utf8_for(std::string& s, uint32_t c) { 19| 737| if(c >= 0xD800 && c < 0xE000) { ------------------ | Branch (19:7): [True: 242, False: 495] | Branch (19:22): [True: 9, False: 233] ------------------ 20| 9| throw Decoding_Error("Invalid Unicode character"); 21| 9| } 22| | 23| 728| if(c <= 0x7F) { ------------------ | Branch (23:7): [True: 244, False: 484] ------------------ 24| 244| const uint8_t b0 = static_cast(c); 25| 244| s.push_back(static_cast(b0)); 26| 484| } else if(c <= 0x7FF) { ------------------ | Branch (26:14): [True: 158, False: 326] ------------------ 27| 158| const uint8_t b0 = 0xC0 | static_cast(c >> 6); 28| 158| const uint8_t b1 = 0x80 | static_cast(c & 0x3F); 29| 158| s.push_back(static_cast(b0)); 30| 158| s.push_back(static_cast(b1)); 31| 326| } else if(c <= 0xFFFF) { ------------------ | Branch (31:14): [True: 188, False: 138] ------------------ 32| 188| const uint8_t b0 = 0xE0 | static_cast(c >> 12); 33| 188| const uint8_t b1 = 0x80 | static_cast((c >> 6) & 0x3F); 34| 188| const uint8_t b2 = 0x80 | static_cast(c & 0x3F); 35| 188| s.push_back(static_cast(b0)); 36| 188| s.push_back(static_cast(b1)); 37| 188| s.push_back(static_cast(b2)); 38| 188| } else if(c <= 0x10FFFF) { ------------------ | Branch (38:14): [True: 89, False: 49] ------------------ 39| 89| const uint8_t b0 = 0xF0 | static_cast(c >> 18); 40| 89| const uint8_t b1 = 0x80 | static_cast((c >> 12) & 0x3F); 41| 89| const uint8_t b2 = 0x80 | static_cast((c >> 6) & 0x3F); 42| 89| const uint8_t b3 = 0x80 | static_cast(c & 0x3F); 43| 89| s.push_back(static_cast(b0)); 44| 89| s.push_back(static_cast(b1)); 45| 89| s.push_back(static_cast(b2)); 46| 89| s.push_back(static_cast(b3)); 47| 89| } else { 48| 49| throw Decoding_Error("Invalid Unicode character"); 49| 49| } 50| 728|} _ZN5Botan5CPUID10CPUID_DataC2Ev: 80| 1|CPUID::CPUID_Data::CPUID_Data() { 81| | // NOLINTBEGIN(*-prefer-member-initializer) 82| 1|#if defined(BOTAN_HAS_CPUID_DETECTION) 83| 1| m_processor_features = detect_cpu_features(~cleared_cpuid_bits()); 84| |#else 85| | m_processor_features = 0; 86| |#endif 87| | // NOLINTEND(*-prefer-member-initializer) 88| 1|} cpuid.cpp:_ZN5Botan12_GLOBAL__N_118cleared_cpuid_bitsEv: 59| 1|uint32_t cleared_cpuid_bits() { 60| 1| uint32_t cleared = 0; 61| | 62| 1| #if defined(BOTAN_HAS_OS_UTILS) 63| 1| std::string clear_cpuid_env; 64| 1| if(OS::read_env_variable(clear_cpuid_env, "BOTAN_CLEAR_CPUID")) { ------------------ | Branch (64:7): [True: 0, False: 1] ------------------ 65| 0| for(const auto& cpuid : split_on(clear_cpuid_env, ',')) { ------------------ | Branch (65:29): [True: 0, False: 0] ------------------ 66| 0| if(auto bit = CPUID::bit_from_string(cpuid)) { ------------------ | Branch (66:18): [True: 0, False: 0] ------------------ 67| 0| cleared |= bit->as_u32(); 68| 0| } 69| 0| } 70| 0| } 71| 1| #endif 72| | 73| 1| return cleared; 74| 1|} _ZN5Botan5CPUID10CPUID_Data19detect_cpu_featuresEj: 62| 1|uint32_t CPUID::CPUID_Data::detect_cpu_features(uint32_t allowed) { 63| 1| enum class x86_CPUID_1_bits : uint64_t { 64| 1| RDTSC = (1ULL << 4), 65| 1| SSE2 = (1ULL << 26), 66| 1| CLMUL = (1ULL << 33), 67| 1| SSSE3 = (1ULL << 41), 68| 1| SSE41 = (1ULL << 51), 69| 1| AESNI = (1ULL << 57), 70| | // AVX + OSXSAVE 71| 1| OSXSAVE = (1ULL << 59) | (1ULL << 60), 72| 1| RDRAND = (1ULL << 62) 73| 1| }; 74| | 75| 1| enum class x86_CPUID_7_bits : uint64_t { 76| 1| BMI1 = (1ULL << 3), 77| 1| AVX2 = (1ULL << 5), 78| 1| BMI2 = (1ULL << 8), 79| 1| BMI_1_AND_2 = BMI1 | BMI2, 80| 1| AVX512_F = (1ULL << 16), 81| 1| AVX512_DQ = (1ULL << 17), 82| 1| RDSEED = (1ULL << 18), 83| 1| ADX = (1ULL << 19), 84| 1| AVX512_IFMA = (1ULL << 21), 85| 1| SHA = (1ULL << 29), 86| 1| AVX512_BW = (1ULL << 30), 87| 1| AVX512_VL = (1ULL << 31), 88| 1| AVX512_VBMI = (1ULL << 33), 89| 1| AVX512_VBMI2 = (1ULL << 38), 90| 1| GFNI = (1ULL << 40), 91| 1| AVX512_VAES = (1ULL << 41), 92| 1| AVX512_VCLMUL = (1ULL << 42), 93| 1| AVX512_VBITALG = (1ULL << 44), 94| | 95| | /* 96| | We only enable AVX512 support if all of the below flags are available 97| | 98| | This is more than we strictly need for most uses, however it also has 99| | the effect of preventing execution of AVX512 codepaths on cores that 100| | have serious downclocking problems when AVX512 code executes, 101| | especially Intel Skylake. 102| | 103| | VBMI2/VBITALG are the key flags here as they restrict us to Intel Ice 104| | Lake/Rocket Lake, or AMD Zen4, all of which do not have penalties for 105| | executing AVX512. 106| | 107| | There is nothing stopping some future processor from supporting the 108| | above flags and having AVX512 penalties, but maybe you should not have 109| | bought such a processor. 110| | */ 111| 1| AVX512_PROFILE = 112| 1| AVX512_F | AVX512_DQ | AVX512_IFMA | AVX512_BW | AVX512_VL | AVX512_VBMI | AVX512_VBMI2 | AVX512_VBITALG, 113| 1| }; 114| | 115| | // NOLINTNEXTLINE(performance-enum-size) 116| 1| enum class x86_CPUID_7_1_bits : uint64_t { 117| 1| SHA512 = (1 << 0), 118| 1| SM3 = (1 << 1), 119| 1| SM4 = (1 << 2), 120| 1| }; 121| | 122| 1| uint32_t feat = 0; 123| 1| uint32_t cpuid[4] = {0}; 124| 1| bool has_os_ymm_support = false; 125| 1| bool has_os_zmm_support = false; 126| | 127| | // CPUID 0: vendor identification, max sublevel 128| 1| invoke_cpuid(0, cpuid); 129| | 130| 1| const uint32_t max_supported_sublevel = cpuid[0]; 131| | 132| 1| if(max_supported_sublevel >= 1) { ------------------ | Branch (132:7): [True: 1, False: 0] ------------------ 133| | // CPUID 1: feature bits 134| 1| invoke_cpuid(1, cpuid); 135| 1| const uint64_t flags0 = (static_cast(cpuid[2]) << 32) | cpuid[3]; 136| | 137| 1| feat |= if_set(flags0, x86_CPUID_1_bits::RDTSC, CPUFeature::Bit::RDTSC, allowed); 138| | 139| 1| feat |= if_set(flags0, x86_CPUID_1_bits::RDRAND, CPUFeature::Bit::RDRAND, allowed); 140| | 141| 1| feat |= if_set(flags0, x86_CPUID_1_bits::SSE2, CPUFeature::Bit::SSE2, allowed); 142| | 143| 1| if(is_set(feat, CPUFeature::Bit::SSE2)) { ------------------ | Branch (143:10): [True: 1, False: 0] ------------------ 144| 1| feat |= if_set(flags0, x86_CPUID_1_bits::SSSE3, CPUFeature::Bit::SSSE3, allowed); 145| | 146| 1| if(is_set(feat, CPUFeature::Bit::SSSE3)) { ------------------ | Branch (146:13): [True: 1, False: 0] ------------------ 147| 1| feat |= if_set(flags0, x86_CPUID_1_bits::CLMUL, CPUFeature::Bit::CLMUL, allowed); 148| 1| feat |= if_set(flags0, x86_CPUID_1_bits::AESNI, CPUFeature::Bit::AESNI, allowed); 149| 1| } 150| | 151| 1| const uint64_t osxsave64 = static_cast(x86_CPUID_1_bits::OSXSAVE); 152| 1| if((flags0 & osxsave64) == osxsave64) { ------------------ | Branch (152:13): [True: 1, False: 0] ------------------ 153| 1| const uint64_t xcr_flags = xgetbv(); 154| 1| if((xcr_flags & 0x6) == 0x6) { ------------------ | Branch (154:16): [True: 1, False: 0] ------------------ 155| 1| has_os_ymm_support = true; 156| 1| has_os_zmm_support = (xcr_flags & 0xE0) == 0xE0; 157| 1| } 158| 1| } 159| 1| } 160| 1| } 161| | 162| 1| if(max_supported_sublevel >= 7) { ------------------ | Branch (162:7): [True: 1, False: 0] ------------------ 163| 1| clear_mem(cpuid, 4); 164| 1| invoke_cpuid_sublevel(7, 0, cpuid); 165| | 166| 1| const uint64_t flags7 = (static_cast(cpuid[2]) << 32) | cpuid[1]; 167| | 168| 1| clear_mem(cpuid, 4); 169| 1| invoke_cpuid_sublevel(7, 1, cpuid); 170| 1| const uint32_t flags7_1 = cpuid[0]; 171| | 172| 1| feat |= if_set(flags7, x86_CPUID_7_bits::RDSEED, CPUFeature::Bit::RDSEED, allowed); 173| 1| feat |= if_set(flags7, x86_CPUID_7_bits::ADX, CPUFeature::Bit::ADX, allowed); 174| | 175| | /* 176| | We only set the BMI bit if both BMI1 and BMI2 are supported, since 177| | typically we want to use both extensions in the same code. 178| | */ 179| 1| feat |= if_set(flags7, x86_CPUID_7_bits::BMI_1_AND_2, CPUFeature::Bit::BMI, allowed); 180| | 181| 1| if(is_set(feat, CPUFeature::Bit::SSSE3)) { ------------------ | Branch (181:10): [True: 1, False: 0] ------------------ 182| 1| feat |= if_set(flags7, x86_CPUID_7_bits::SHA, CPUFeature::Bit::SHA, allowed); 183| 1| feat |= if_set(flags7_1, x86_CPUID_7_1_bits::SM3, CPUFeature::Bit::SM3, allowed); 184| | 185| | // We only consider AVX2 if SSSE3 is supported 186| 1| if(has_os_ymm_support) { ------------------ | Branch (186:13): [True: 1, False: 0] ------------------ 187| 1| feat |= if_set(flags7, x86_CPUID_7_bits::AVX2, CPUFeature::Bit::AVX2, allowed); 188| | 189| 1| if(is_set(feat, CPUFeature::Bit::AVX2)) { ------------------ | Branch (189:16): [True: 1, False: 0] ------------------ 190| 1| feat |= if_set(flags7, x86_CPUID_7_bits::GFNI, CPUFeature::Bit::GFNI, allowed); 191| 1| feat |= if_set(flags7, x86_CPUID_7_bits::AVX512_VAES, CPUFeature::Bit::AVX2_AES, allowed); 192| 1| feat |= if_set(flags7, x86_CPUID_7_bits::AVX512_VCLMUL, CPUFeature::Bit::AVX2_CLMUL, allowed); 193| 1| feat |= if_set(flags7_1, x86_CPUID_7_1_bits::SHA512, CPUFeature::Bit::SHA512, allowed); 194| 1| feat |= if_set(flags7_1, x86_CPUID_7_1_bits::SM4, CPUFeature::Bit::SM4, allowed); 195| | 196| | // Likewise we only consider AVX-512 if AVX2 is supported 197| 1| if(has_os_zmm_support) { ------------------ | Branch (197:19): [True: 0, False: 1] ------------------ 198| 0| feat |= if_set(flags7, x86_CPUID_7_bits::AVX512_PROFILE, CPUFeature::Bit::AVX512, allowed); 199| | 200| 0| if(is_set(feat, CPUFeature::Bit::AVX512)) { ------------------ | Branch (200:22): [True: 0, False: 0] ------------------ 201| 0| feat |= if_set(flags7, x86_CPUID_7_bits::AVX512_VAES, CPUFeature::Bit::AVX512_AES, allowed); 202| 0| feat |= if_set(flags7, x86_CPUID_7_bits::AVX512_VCLMUL, CPUFeature::Bit::AVX512_CLMUL, allowed); 203| 0| } 204| 0| } 205| 1| } 206| 1| } 207| 1| } 208| 1| } 209| | 210| |/* 211| | * If we don't have access to CPUID, we can still safely assume that 212| | * any x86-64 processor has SSE2 and RDTSC 213| | */ 214| 1|#if defined(BOTAN_TARGET_ARCH_IS_X86_64) 215| 1| if(feat == 0) { ------------------ | Branch (215:7): [True: 0, False: 1] ------------------ 216| 0| feat |= CPUFeature::Bit::SSE2 & allowed; 217| 0| feat |= CPUFeature::Bit::RDTSC & allowed; 218| 0| } 219| 1|#endif 220| | 221| 1| return feat; 222| 1|} cpuid_x86.cpp:_ZN5Botan12_GLOBAL__N_112invoke_cpuidEjPj: 24| 2|void invoke_cpuid(uint32_t type, uint32_t out[4]) { 25| 2| clear_mem(out, 4); 26| | 27| 2|#if defined(BOTAN_USE_GCC_INLINE_ASM) 28| | // NOLINTNEXTLINE(*-no-assembler) 29| 2| asm volatile("cpuid\n\t" : "=a"(out[0]), "=b"(out[1]), "=c"(out[2]), "=d"(out[3]) : "0"(type)); 30| | 31| |#elif defined(BOTAN_BUILD_COMPILER_IS_MSVC) 32| | __cpuid((int*)out, type); 33| | 34| |#else 35| | BOTAN_UNUSED(type); 36| | #warning "No way of calling x86 cpuid instruction for this compiler" 37| |#endif 38| 2|} cpuid_x86.cpp:_ZN5Botan12_GLOBAL__N_16xgetbvEv: 56| 1|BOTAN_FUNC_ISA("xsave") uint64_t xgetbv() { 57| | return _xgetbv(0); 58| 1|} cpuid_x86.cpp:_ZN5Botan12_GLOBAL__N_121invoke_cpuid_sublevelEjjPj: 40| 2|void invoke_cpuid_sublevel(uint32_t type, uint32_t level, uint32_t out[4]) { 41| 2| clear_mem(out, 4); 42| | 43| 2|#if defined(BOTAN_USE_GCC_INLINE_ASM) 44| | // NOLINTNEXTLINE(*-no-assembler) 45| 2| asm volatile("cpuid\n\t" : "=a"(out[0]), "=b"(out[1]), "=c"(out[2]), "=d"(out[3]) : "0"(type), "2"(level)); 46| | 47| |#elif defined(BOTAN_BUILD_COMPILER_IS_MSVC) 48| | __cpuidex((int*)out, type, level); 49| | 50| |#else 51| | BOTAN_UNUSED(type, level); 52| | #warning "No way of calling x86 cpuid instruction for this compiler" 53| |#endif 54| 2|} _ZN5Botan10DataSource9read_byteERh: 27| 4.32M|size_t DataSource::read_byte(uint8_t& out) { 28| 4.32M| return read(&out, 1); 29| 4.32M|} _ZN5Botan10DataSource9read_byteEv: 34| 7.11M|std::optional DataSource::read_byte() { 35| 7.11M| uint8_t b = 0; 36| 7.11M| if(this->read(&b, 1) == 1) { ------------------ | Branch (36:7): [True: 7.09M, False: 14.1k] ------------------ 37| 7.09M| return b; 38| 7.09M| } else { 39| 14.1k| return {}; 40| 14.1k| } 41| 7.11M|} _ZNK5Botan10DataSource9peek_byteERh: 46| 14.4k|size_t DataSource::peek_byte(uint8_t& out) const { 47| 14.4k| return peek(&out, 1, 0); 48| 14.4k|} _ZN5Botan17DataSource_Memory4readEPhm: 73| 7.16M|size_t DataSource_Memory::read(uint8_t out[], size_t length) { 74| 7.16M| const size_t got = std::min(m_source.size() - m_offset, length); 75| 7.16M| copy_mem(out, m_source.data() + m_offset, got); 76| 7.16M| m_offset += got; 77| 7.16M| return got; 78| 7.16M|} _ZN5Botan17DataSource_Memory15check_availableEm: 80| 191k|bool DataSource_Memory::check_available(size_t n) { 81| 191k| return (n <= (m_source.size() - m_offset)); 82| 191k|} _ZNK5Botan17DataSource_Memory4peekEPhmm: 87| 14.7k|size_t DataSource_Memory::peek(uint8_t out[], size_t length, size_t peek_offset) const { 88| 14.7k| const size_t bytes_left = m_source.size() - m_offset; 89| 14.7k| if(peek_offset >= bytes_left) { ------------------ | Branch (89:7): [True: 1, False: 14.7k] ------------------ 90| 1| return 0; 91| 1| } 92| | 93| 14.7k| const size_t got = std::min(bytes_left - peek_offset, length); 94| 14.7k| copy_mem(out, &m_source[m_offset + peek_offset], got); 95| 14.7k| return got; 96| 14.7k|} _ZNK5Botan17DataSource_Memory11end_of_dataEv: 101| 134k|bool DataSource_Memory::end_of_data() const { 102| 134k| return (m_offset == m_source.size()); 103| 134k|} _ZN5Botan17DataSource_MemoryC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 108| 14.0k|DataSource_Memory::DataSource_Memory(std::string_view in) : DataSource_Memory(as_span_of_bytes(in)) {} _ZN5Botan7DNSName15from_san_stringENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 131| 7.04k|std::optional DNSName::from_san_string(std::string_view name) { 132| 7.04k| if(auto canon = check_and_canonicalize_dns_name(name)) { ------------------ | Branch (132:12): [True: 7.04k, False: 0] ------------------ 133| | /* 134| | Validate the wildcard shape: at most one "*", and if present it must be in 135| | the leftmost label (no "." before it). This matches the RFC 6125 6.4.3 136| | form that host_wildcard_match accepts and rejects eg "*.*.example.com" or 137| | "foo.*.example.com" 138| | */ 139| 7.04k| const auto first_star = canon->find('*'); 140| 7.04k| if(first_star != std::string::npos) { ------------------ | Branch (140:10): [True: 0, False: 7.04k] ------------------ 141| 0| if(canon->find('*', first_star + 1) != std::string::npos) { ------------------ | Branch (141:13): [True: 0, False: 0] ------------------ 142| 0| return std::nullopt; 143| 0| } 144| 0| const auto first_dot = canon->find('.'); 145| 0| if(first_dot != std::string::npos && first_dot < first_star) { ------------------ | Branch (145:13): [True: 0, False: 0] | Branch (145:47): [True: 0, False: 0] ------------------ 146| 0| return std::nullopt; 147| 0| } 148| 0| } 149| 7.04k| return DNSName(std::move(*canon)); 150| 7.04k| } else { 151| 0| return {}; 152| 0| } 153| 7.04k|} dns_name.cpp:_ZN5Botan12_GLOBAL__N_131check_and_canonicalize_dns_nameENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 22| 7.04k|std::optional check_and_canonicalize_dns_name(std::string_view name) { 23| | // Purported name is longer than what DNS allows 24| 7.04k| if(name.size() > 255) { ------------------ | Branch (24:7): [True: 0, False: 7.04k] ------------------ 25| 0| return {}; 26| 0| } 27| | 28| | // DNS names are not empty 29| 7.04k| if(name.empty()) { ------------------ | Branch (29:7): [True: 0, False: 7.04k] ------------------ 30| 0| return {}; 31| 0| } 32| | 33| | // DNS names do not start with or end with a dot 34| 7.04k| if(name.starts_with(".") || name.ends_with(".")) { ------------------ | Branch (34:7): [True: 0, False: 7.04k] | Branch (34:32): [True: 0, False: 7.04k] ------------------ 35| 0| return {}; 36| 0| } 37| | 38| | /* 39| | * Table mapping uppercase to lowercase and only including values valid for 40| | * DNS names: A-Z, a-z, 0-9, '-', '.', plus '*' for wildcarding (RFC 1035) 41| | */ 42| | // clang-format off 43| 7.04k| constexpr uint8_t DNS_CHAR_MAPPING[128] = { 44| 7.04k| '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', 45| 7.04k| '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0', 46| 7.04k| '\0', '\0', '\0', '\0', '*', '\0', '\0', '-', '.', '\0', '0', '1', '2', '3', '4', '5', '6', '7', '8', 47| 7.04k| '9', '\0', '\0', '\0', '\0', '\0', '\0', '\0', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 48| 7.04k| 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '\0', '\0', '\0', '\0', 49| 7.04k| '\0', '\0', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 50| 7.04k| 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '\0', '\0', '\0', '\0', '\0', 51| 7.04k| }; 52| | // clang-format on 53| | 54| 7.04k| std::string canon; 55| 7.04k| canon.reserve(name.size()); 56| | 57| | // RFC 1035: DNS labels must not exceed 63 characters 58| 7.04k| size_t current_label_length = 0; 59| | 60| 70.4k| for(size_t i = 0; i != name.size(); ++i) { ------------------ | Branch (60:22): [True: 63.3k, False: 7.04k] ------------------ 61| 63.3k| const char c = name[i]; 62| | 63| 63.3k| if(c == '.') { ------------------ | Branch (63:10): [True: 0, False: 63.3k] ------------------ 64| | // Sequential dot (.) characters are not allowed 65| 0| if(i > 0 && name[i - 1] == '.') { ------------------ | Branch (65:13): [True: 0, False: 0] | Branch (65:22): [True: 0, False: 0] ------------------ 66| 0| return {}; 67| 0| } 68| | 69| | // Empty labels are not allowed 70| 0| if(current_label_length == 0) { ------------------ | Branch (70:13): [True: 0, False: 0] ------------------ 71| 0| return {}; 72| 0| } 73| 0| current_label_length = 0; // Reset for next label 74| 63.3k| } else { 75| 63.3k| current_label_length++; 76| | 77| | // Labels cannot exceed maximum DNS label length 78| 63.3k| if(current_label_length > 63) { ------------------ | Branch (78:13): [True: 0, False: 63.3k] ------------------ 79| 0| return {}; 80| 0| } 81| 63.3k| } 82| | 83| 63.3k| const uint8_t cu = static_cast(c); 84| | // DNS names are not allowed to include any high-bit set characters 85| 63.3k| if(cu >= 128) { ------------------ | Branch (85:10): [True: 0, False: 63.3k] ------------------ 86| 0| return {}; 87| 0| } 88| 63.3k| const uint8_t mapped = DNS_CHAR_MAPPING[cu]; 89| | // DNS names are from a restricted character set 90| 63.3k| if(mapped == 0) { ------------------ | Branch (90:10): [True: 0, False: 63.3k] ------------------ 91| 0| return {}; 92| 0| } 93| | 94| 63.3k| if(mapped == '-') { ------------------ | Branch (94:10): [True: 0, False: 63.3k] ------------------ 95| | // DNS labels are not allowed to include a leading or trailing hyphen 96| 0| if(i == 0 || (i > 0 && name[i - 1] == '.')) { ------------------ | Branch (96:13): [True: 0, False: 0] | Branch (96:24): [True: 0, False: 0] | Branch (96:33): [True: 0, False: 0] ------------------ 97| 0| return {}; // leading hyphen 98| 0| } 99| | 100| 0| if(i == name.size() - 1 || (i < name.size() - 1 && name[i + 1] == '.')) { ------------------ | Branch (100:13): [True: 0, False: 0] | Branch (100:38): [True: 0, False: 0] | Branch (100:61): [True: 0, False: 0] ------------------ 101| 0| return {}; // trailing hyphen 102| 0| } 103| 0| } 104| 63.3k| canon.push_back(static_cast(mapped)); 105| 63.3k| } 106| | 107| | // This should never be hit, due to earlier validation steps 108| 7.04k| if(current_label_length == 0) { ------------------ | Branch (108:7): [True: 0, False: 7.04k] ------------------ 109| 0| return {}; 110| 0| } 111| | 112| 7.04k| return canon; 113| 7.04k|} _ZN5Botan9ExceptionC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 71| 5.57k|Exception::Exception(std::string_view msg) : m_msg(msg) {} _ZN5Botan9ExceptionC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEERKSt9exception: 73| 348|Exception::Exception(std::string_view msg, const std::exception& e) : m_msg(fmt("{} failed with {}", msg, e.what())) {} _ZN5Botan9ExceptionC2EPKcNSt3__117basic_string_viewIcNS3_11char_traitsIcEEEE: 75| 225|Exception::Exception(const char* prefix, std::string_view msg) : m_msg(fmt("{} {}", prefix, msg)) {} _ZN5Botan16Invalid_ArgumentC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 77| 15|Invalid_Argument::Invalid_Argument(std::string_view msg) : Exception(msg) {} _ZN5Botan14Internal_ErrorC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 99| 94|Internal_Error::Internal_Error(std::string_view err) : Exception("Internal error:", err) {} _ZN5Botan14Decoding_ErrorC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 125| 2.51k|Decoding_Error::Decoding_Error(std::string_view name) : Exception(name) {} _ZN5Botan14Decoding_ErrorC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEERKSt9exception: 130| 348|Decoding_Error::Decoding_Error(std::string_view msg, const std::exception& e) : Exception(msg, e) {} _ZN5Botan26Invalid_Authentication_TagC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 133| 130| Exception("Invalid authentication tag:", msg) {} _ZN5Botan15Stream_IO_ErrorC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 135| 1|Stream_IO_Error::Stream_IO_Error(std::string_view err) : Exception("I/O error:", err) {} _ZN5Botan5GHASH14ghash_multiplyENSt3__14spanIhLm16EEENS2_IKhLm18446744073709551615EEEm: 44| 314|void GHASH::ghash_multiply(std::span x, std::span input, size_t blocks) { 45| 314| BOTAN_ASSERT_NOMSG(input.size() % GCM_BS == 0); ------------------ | | 77| 314| do { \ | | 78| 314| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 314| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 314] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 314| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 314] | | ------------------ ------------------ 46| | 47| 314|#if defined(BOTAN_HAS_GHASH_AVX512_CLMUL) 48| 314| if(CPUID::has(CPUID::Feature::AVX512_CLMUL)) { ------------------ | Branch (48:7): [True: 0, False: 314] ------------------ 49| 0| BOTAN_ASSERT_NOMSG(!m_H_pow.empty()); ------------------ | | 77| 0| do { \ | | 78| 0| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 0| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 0| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 0] | | ------------------ ------------------ 50| 0| return ghash_multiply_avx512_clmul(x.data(), m_H_pow.data(), input.data(), blocks); 51| 0| } 52| 314|#endif 53| | 54| 314|#if defined(BOTAN_HAS_GHASH_CLMUL_CPU) 55| 314| if(CPUID::has(CPUID::Feature::HW_CLMUL)) { ------------------ | Branch (55:7): [True: 314, False: 0] ------------------ 56| 314| BOTAN_ASSERT_NOMSG(!m_H_pow.empty()); ------------------ | | 77| 314| do { \ | | 78| 314| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 314| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 314] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 314| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 314] | | ------------------ ------------------ 57| 314| return ghash_multiply_cpu(x.data(), m_H_pow, input.data(), blocks); 58| 314| } 59| 0|#endif 60| | 61| 0|#if defined(BOTAN_HAS_GHASH_CLMUL_VPERM) 62| 0| if(CPUID::has(CPUID::Feature::SIMD_2X64)) { ------------------ | Branch (62:7): [True: 0, False: 0] ------------------ 63| 0| return ghash_multiply_vperm(x.data(), m_HM.data(), input.data(), blocks); 64| 0| } 65| 0|#endif 66| | 67| 0| auto scope = CT::scoped_poison(x); 68| | 69| 0| auto X = load_be>(x); 70| | 71| 0| BufferSlicer in(input); 72| 0| for(size_t b = 0; b != blocks; ++b) { ------------------ | Branch (72:22): [True: 0, False: 0] ------------------ 73| 0| const auto I = load_be>(in.take()); 74| 0| X[0] ^= I[0]; 75| 0| X[1] ^= I[1]; 76| | 77| 0| std::array Z{}; 78| | 79| 0| for(size_t i = 0; i != 64; ++i) { ------------------ | Branch (79:25): [True: 0, False: 0] ------------------ 80| 0| const auto X0MASK = CT::Mask::expand_top_bit(X[0]); 81| 0| const auto X1MASK = CT::Mask::expand_top_bit(X[1]); 82| | 83| 0| X[0] <<= 1; 84| 0| X[1] <<= 1; 85| | 86| 0| Z[0] = X0MASK.select(Z[0] ^ m_HM[4 * i], Z[0]); 87| 0| Z[1] = X0MASK.select(Z[1] ^ m_HM[4 * i + 1], Z[1]); 88| | 89| 0| Z[0] = X1MASK.select(Z[0] ^ m_HM[4 * i + 2], Z[0]); 90| 0| Z[1] = X1MASK.select(Z[1] ^ m_HM[4 * i + 3], Z[1]); 91| 0| } 92| | 93| 0| X[0] = Z[0]; 94| 0| X[1] = Z[1]; 95| 0| } 96| | 97| 0| store_be(x, X); 98| 0|} _ZNK5Botan5GHASH19has_keying_materialEv: 100| 266|bool GHASH::has_keying_material() const { 101| 266| return !m_HM.empty() || !m_H_pow.empty(); ------------------ | Branch (101:11): [True: 0, False: 266] | Branch (101:28): [True: 266, False: 0] ------------------ 102| 266|} _ZN5Botan5GHASH12key_scheduleENSt3__14spanIKhLm18446744073709551615EEE: 104| 93|void GHASH::key_schedule(std::span key) { 105| 93| m_H_ad = {0}; 106| 93| m_ad_len = 0; 107| 93| m_text_len = 0; 108| | 109| 93| BOTAN_ASSERT_NOMSG(key.size() == GCM_BS); ------------------ | | 77| 93| do { \ | | 78| 93| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 93| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 93] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 93| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 93] | | ------------------ ------------------ 110| 93| auto H = load_be>(key.first()); 111| | 112| 93|#if defined(BOTAN_HAS_GHASH_AVX512_CLMUL) 113| 93| if(CPUID::has(CPUID::Feature::AVX512_CLMUL)) { ------------------ | Branch (113:7): [True: 0, False: 93] ------------------ 114| 0| zap(m_HM); 115| 0| if(m_H_pow.size() != 32) { ------------------ | Branch (115:10): [True: 0, False: 0] ------------------ 116| 0| m_H_pow.resize(32); 117| 0| } 118| 0| ghash_precompute_avx512_clmul(key.data(), m_H_pow.data()); 119| | // m_HM left empty 120| 0| return; 121| 0| } 122| 93|#endif 123| | 124| 93|#if defined(BOTAN_HAS_GHASH_CLMUL_CPU) 125| 93| if(CPUID::has(CPUID::Feature::HW_CLMUL)) { ------------------ | Branch (125:7): [True: 93, False: 0] ------------------ 126| 93| zap(m_HM); 127| 93| ghash_precompute_cpu(key.data(), m_H_pow); 128| | // m_HM left empty 129| 93| return; 130| 93| } 131| 0|#endif 132| | 133| 0| const uint64_t R = 0xE100000000000000; 134| | 135| 0| if(m_HM.size() != 256) { ------------------ | Branch (135:7): [True: 0, False: 0] ------------------ 136| 0| m_HM.resize(256); 137| 0| } 138| | 139| | // precompute the multiples of H 140| 0| for(size_t i = 0; i != 2; ++i) { ------------------ | Branch (140:22): [True: 0, False: 0] ------------------ 141| 0| for(size_t j = 0; j != 64; ++j) { ------------------ | Branch (141:25): [True: 0, False: 0] ------------------ 142| | /* 143| | we interleave H^1, H^65, H^2, H^66, H3, H67, H4, H68 144| | to make indexing nicer in the multiplication code 145| | */ 146| 0| m_HM[4 * j + 2 * i] = H[0]; 147| 0| m_HM[4 * j + 2 * i + 1] = H[1]; 148| | 149| | // GCM's bit ops are reversed so we carry out of the bottom 150| 0| const uint64_t carry = CT::Mask::expand(H[1] & 1).if_set_return(R); 151| 0| H[1] = (H[1] >> 1) | (H[0] << 63); 152| 0| H[0] = (H[0] >> 1) ^ carry; 153| 0| } 154| 0| } 155| 0|} _ZN5Botan5GHASH5startENSt3__14spanIKhLm18446744073709551615EEE: 157| 89|void GHASH::start(std::span nonce) { 158| 89| BOTAN_ARG_CHECK(nonce.size() == 16, "GHASH requires a 128-bit nonce"); ------------------ | | 35| 89| do { \ | | 36| 89| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 89| if(!(expr)) { \ | | ------------------ | | | Branch (37:10): [True: 0, False: 89] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 89| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 89] | | ------------------ ------------------ 159| 89| auto& n = m_nonce.emplace(); 160| 89| copy_mem(n, nonce); 161| 89| copy_mem(m_ghash, m_H_ad); 162| 89| m_buffer.clear(); 163| 89| m_text_len = 0; 164| 89|} _ZN5Botan5GHASH19set_associated_dataENSt3__14spanIKhLm18446744073709551615EEE: 166| 89|void GHASH::set_associated_data(std::span input) { 167| 89| BOTAN_STATE_CHECK(!m_nonce); ------------------ | | 51| 89| do { \ | | 52| 89| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 89| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 89] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 89| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 89] | | ------------------ ------------------ 168| | 169| 89| assert_key_material_set(); 170| 89| m_H_ad = {0}; 171| 89| ghash_update(m_H_ad, input); 172| 89| ghash_zeropad(m_H_ad); 173| 89| m_ad_len = input.size(); 174| 89|} _ZN5Botan5GHASH6updateENSt3__14spanIKhLm18446744073709551615EEE: 190| 88|void GHASH::update(std::span input) { 191| 88| assert_key_material_set(); 192| 88| BOTAN_STATE_CHECK(m_nonce); ------------------ | | 51| 88| do { \ | | 52| 88| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 88| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 88] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 88| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 88] | | ------------------ ------------------ 193| 88| ghash_update(m_ghash, input); 194| 88| m_text_len += input.size(); 195| | 196| | // NIST SP 800-38D limits plaintext/ciphertext to 2^39 - 256 bits 197| 88| constexpr uint64_t GHASH_MAX_BYTES = (((static_cast(1) << 39)) - 256) / 8; 198| 88| if(m_text_len > GHASH_MAX_BYTES) { ------------------ | Branch (198:7): [True: 0, False: 88] ------------------ 199| 0| throw Invalid_State("GCM message length limit exceeded"); 200| 0| } 201| 88|} _ZN5Botan5GHASH5finalENSt3__14spanIhLm18446744073709551615EEE: 203| 89|void GHASH::final(std::span mac) { 204| 89| BOTAN_ARG_CHECK(!mac.empty() && mac.size() <= GCM_BS, "GHASH output length"); ------------------ | | 35| 89| do { \ | | 36| 89| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 37| 178| if(!(expr)) { \ | | ------------------ | | | Branch (37:12): [True: 89, False: 0] | | | Branch (37:12): [True: 89, False: 0] | | ------------------ | | 38| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 39| 0| Botan::throw_invalid_argument(msg, __func__, __FILE__); \ | | 40| 0| } \ | | 41| 89| } while(0) | | ------------------ | | | Branch (41:12): [Folded, False: 89] | | ------------------ ------------------ 205| 89| BOTAN_STATE_CHECK(m_nonce); ------------------ | | 51| 89| do { \ | | 52| 89| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 89| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 89] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 89| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 89] | | ------------------ ------------------ 206| 89| assert_key_material_set(); 207| | 208| 89| ghash_zeropad(m_ghash); 209| 89| ghash_final_block(m_ghash, m_ad_len, m_text_len); 210| | 211| 89| xor_buf(mac, std::span{m_ghash}.first(mac.size()), std::span{*m_nonce}.first(mac.size())); 212| | 213| 89| secure_scrub_memory(m_ghash); 214| 89| m_text_len = 0; 215| 89| m_nonce.reset(); 216| 89|} _ZN5Botan5GHASH11reset_stateEv: 235| 93|void GHASH::reset_state() { 236| 93| secure_scrub_memory(m_ghash); 237| 93| if(m_nonce) { ------------------ | Branch (237:7): [True: 0, False: 93] ------------------ 238| 0| secure_scrub_memory(m_nonce.value()); 239| 0| m_nonce.reset(); 240| 0| } 241| 93| m_buffer.clear(); 242| 93| m_text_len = 0; 243| 93|} _ZN5Botan5GHASH12ghash_updateENSt3__14spanIhLm16EEENS2_IKhLm18446744073709551615EEE: 245| 177|void GHASH::ghash_update(std::span x, std::span input) { 246| 177| BufferSlicer in(input); 247| 402| while(!in.empty()) { ------------------ | Branch (247:10): [True: 225, False: 177] ------------------ 248| 225| if(const auto one_block = m_buffer.handle_unaligned_data(in)) { ------------------ | Branch (248:21): [True: 0, False: 225] ------------------ 249| 0| ghash_multiply(x, one_block.value(), 1); 250| 0| } 251| | 252| 225| if(m_buffer.in_alignment()) { ------------------ | Branch (252:10): [True: 71, False: 154] ------------------ 253| 71| const auto [aligned_data, full_blocks] = m_buffer.aligned_data_to_process(in); 254| 71| if(full_blocks > 0) { ------------------ | Branch (254:13): [True: 71, False: 0] ------------------ 255| 71| ghash_multiply(x, aligned_data, full_blocks); 256| 71| } 257| 71| } 258| 225| } 259| 177| BOTAN_ASSERT_NOMSG(in.empty()); ------------------ | | 77| 177| do { \ | | 78| 177| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 177| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 177] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 177| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 177] | | ------------------ ------------------ 260| 177|} _ZN5Botan5GHASH13ghash_zeropadENSt3__14spanIhLm16EEE: 262| 178|void GHASH::ghash_zeropad(std::span x) { 263| 178| if(!m_buffer.in_alignment()) { ------------------ | Branch (263:7): [True: 154, False: 24] ------------------ 264| 154| m_buffer.fill_up_with_zeros(); 265| 154| ghash_multiply(x, m_buffer.consume(), 1); 266| 154| } 267| 178|} _ZN5Botan5GHASH17ghash_final_blockENSt3__14spanIhLm16EEEmm: 269| 89|void GHASH::ghash_final_block(std::span x, uint64_t ad_len, uint64_t text_len) { 270| 89| BOTAN_STATE_CHECK(m_buffer.in_alignment()); ------------------ | | 51| 89| do { \ | | 52| 89| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 53| 89| if(!(expr)) { \ | | ------------------ | | | Branch (53:10): [True: 0, False: 89] | | ------------------ | | 54| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 55| 0| Botan::throw_invalid_state(#expr, __func__, __FILE__); \ | | 56| 0| } \ | | 57| 89| } while(0) | | ------------------ | | | Branch (57:12): [Folded, False: 89] | | ------------------ ------------------ 271| 89| const auto final_block = store_be(8 * ad_len, 8 * text_len); 272| 89| ghash_multiply(x, final_block, 1); 273| 89|} _ZN5Botan5GHASH20ghash_precompute_cpuEPKhRNSt3__16vectorImNS_16secure_allocatorImEEEE: 81| 93|void BOTAN_FN_ISA_CLMUL GHASH::ghash_precompute_cpu(const uint8_t H_bytes[16], secure_vector& H_pow) { 82| 93| const SIMD_4x32 H1 = mulx_polyval(reverse_vector(SIMD_4x32::load_le(H_bytes))); 83| 93| const SIMD_4x32 H2 = polyval_multiply(H1, H1); 84| 93| const SIMD_4x32 H3 = polyval_multiply(H1, H2); 85| 93| const SIMD_4x32 H4 = polyval_multiply(H2, H2); 86| | 87| 93| H_pow.reserve(2 * 8); 88| 93| H_pow.resize(2 * 4); 89| 93| H1.store_le(&H_pow[0]); // NOLINT(*-container-data-pointer) 90| 93| H2.store_le(&H_pow[2]); 91| 93| H3.store_le(&H_pow[4]); 92| 93| H4.store_le(&H_pow[6]); 93| 93|} _ZN5Botan5GHASH18ghash_multiply_cpuEPhRNSt3__16vectorImNS_16secure_allocatorImEEEEPKhm: 98| 314| size_t blocks) { 99| 314| BOTAN_ASSERT_NOMSG(H_pow.size() == 2 * 4 || H_pow.size() == 2 * 8); ------------------ | | 77| 314| do { \ | | 78| 314| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 395| if(!(expr)) { \ | | ------------------ | | | Branch (79:12): [True: 233, False: 81] | | | Branch (79:12): [True: 81, False: 0] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 314| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 314] | | ------------------ ------------------ 100| | 101| 314| const SIMD_4x32 H1 = SIMD_4x32::load_le(&H_pow[0]); // NOLINT(*-container-data-pointer) 102| | 103| 314| SIMD_4x32 a = reverse_vector(SIMD_4x32::load_le(x)); 104| | 105| 314| if(blocks >= 8) { ------------------ | Branch (105:7): [True: 42, False: 272] ------------------ 106| 42| const SIMD_4x32 H2 = SIMD_4x32::load_le(&H_pow[2]); 107| 42| const SIMD_4x32 H3 = SIMD_4x32::load_le(&H_pow[4]); 108| 42| const SIMD_4x32 H4 = SIMD_4x32::load_le(&H_pow[6]); 109| | 110| 42| if(H_pow.size() < 2 * 8) { ------------------ | Branch (110:10): [True: 42, False: 0] ------------------ 111| 42| H_pow.resize(2 * 8); 112| 42| const SIMD_4x32 H5 = polyval_multiply(H4, H1); 113| 42| const SIMD_4x32 H6 = polyval_multiply(H4, H2); 114| 42| const SIMD_4x32 H7 = polyval_multiply(H4, H3); 115| 42| const SIMD_4x32 H8 = polyval_multiply(H4, H4); 116| 42| H5.store_le(&H_pow[8]); 117| 42| H6.store_le(&H_pow[10]); 118| 42| H7.store_le(&H_pow[12]); 119| 42| H8.store_le(&H_pow[14]); 120| 42| } 121| | 122| 42| const SIMD_4x32 H5 = SIMD_4x32::load_le(&H_pow[8]); 123| 42| const SIMD_4x32 H6 = SIMD_4x32::load_le(&H_pow[10]); 124| 42| const SIMD_4x32 H7 = SIMD_4x32::load_le(&H_pow[12]); 125| 42| const SIMD_4x32 H8 = SIMD_4x32::load_le(&H_pow[14]); 126| | 127| 500| while(blocks >= 8) { ------------------ | Branch (127:13): [True: 458, False: 42] ------------------ 128| 458| const SIMD_4x32 m0 = reverse_vector(SIMD_4x32::load_le(input)); 129| 458| const SIMD_4x32 m1 = reverse_vector(SIMD_4x32::load_le(input + 16 * 1)); 130| 458| const SIMD_4x32 m2 = reverse_vector(SIMD_4x32::load_le(input + 16 * 2)); 131| 458| const SIMD_4x32 m3 = reverse_vector(SIMD_4x32::load_le(input + 16 * 3)); 132| 458| const SIMD_4x32 m4 = reverse_vector(SIMD_4x32::load_le(input + 16 * 4)); 133| 458| const SIMD_4x32 m5 = reverse_vector(SIMD_4x32::load_le(input + 16 * 5)); 134| 458| const SIMD_4x32 m6 = reverse_vector(SIMD_4x32::load_le(input + 16 * 6)); 135| 458| const SIMD_4x32 m7 = reverse_vector(SIMD_4x32::load_le(input + 16 * 7)); 136| | 137| 458| a = polyval_multiply_x8(H1, H2, H3, H4, H5, H6, H7, H8, m7, m6, m5, m4, m3, m2, m1, m0 ^ a); 138| | 139| 458| input += 8 * 16; 140| 458| blocks -= 8; 141| 458| } 142| 42| } 143| | 144| 314| if(blocks >= 4) { ------------------ | Branch (144:7): [True: 28, False: 286] ------------------ 145| 28| const SIMD_4x32 H2 = SIMD_4x32::load_le(&H_pow[2]); 146| 28| const SIMD_4x32 H3 = SIMD_4x32::load_le(&H_pow[4]); 147| 28| const SIMD_4x32 H4 = SIMD_4x32::load_le(&H_pow[6]); 148| | 149| 56| while(blocks >= 4) { ------------------ | Branch (149:13): [True: 28, False: 28] ------------------ 150| 28| const SIMD_4x32 m0 = reverse_vector(SIMD_4x32::load_le(input)); 151| 28| const SIMD_4x32 m1 = reverse_vector(SIMD_4x32::load_le(input + 16 * 1)); 152| 28| const SIMD_4x32 m2 = reverse_vector(SIMD_4x32::load_le(input + 16 * 2)); 153| 28| const SIMD_4x32 m3 = reverse_vector(SIMD_4x32::load_le(input + 16 * 3)); 154| | 155| 28| a ^= m0; 156| 28| a = polyval_multiply_x4(H1, H2, H3, H4, m3, m2, m1, a); 157| | 158| 28| input += 4 * 16; 159| 28| blocks -= 4; 160| 28| } 161| 28| } 162| | 163| 661| for(size_t i = 0; i != blocks; ++i) { ------------------ | Branch (163:22): [True: 347, False: 314] ------------------ 164| 347| const SIMD_4x32 m = reverse_vector(SIMD_4x32::load_le(input + 16 * i)); 165| | 166| 347| a ^= m; 167| 347| a = polyval_multiply(H1, a); 168| 347| } 169| | 170| 314| a = reverse_vector(a); 171| 314| a.store_le(x); 172| 314|} ghash_cpu.cpp:_ZN5Botan12_GLOBAL__N_119polyval_multiply_x8ERKNS_9SIMD_4x32ES3_S3_S3_S3_S3_S3_S3_S3_S3_S3_S3_S3_S3_S3_S3_: 56| 458| const SIMD_4x32& X8) { 57| 458| const SIMD_4x32 lo = clmul<0x00>(H1, X1) ^ clmul<0x00>(H2, X2) ^ clmul<0x00>(H3, X3) ^ clmul<0x00>(H4, X4) ^ 58| 458| clmul<0x00>(H5, X5) ^ clmul<0x00>(H6, X6) ^ clmul<0x00>(H7, X7) ^ clmul<0x00>(H8, X8); 59| | 60| 458| const SIMD_4x32 hi = clmul<0x11>(H1, X1) ^ clmul<0x11>(H2, X2) ^ clmul<0x11>(H3, X3) ^ clmul<0x11>(H4, X4) ^ 61| 458| clmul<0x11>(H5, X5) ^ clmul<0x11>(H6, X6) ^ clmul<0x11>(H7, X7) ^ clmul<0x11>(H8, X8); 62| | 63| 458| SIMD_4x32 mid; 64| | 65| 458| mid ^= clmul<0x00>(H1 ^ H1.shift_elems_right<2>(), X1 ^ X1.shift_elems_right<2>()); 66| 458| mid ^= clmul<0x00>(H2 ^ H2.shift_elems_right<2>(), X2 ^ X2.shift_elems_right<2>()); 67| 458| mid ^= clmul<0x00>(H3 ^ H3.shift_elems_right<2>(), X3 ^ X3.shift_elems_right<2>()); 68| 458| mid ^= clmul<0x00>(H4 ^ H4.shift_elems_right<2>(), X4 ^ X4.shift_elems_right<2>()); 69| 458| mid ^= clmul<0x00>(H5 ^ H5.shift_elems_right<2>(), X5 ^ X5.shift_elems_right<2>()); 70| 458| mid ^= clmul<0x00>(H6 ^ H6.shift_elems_right<2>(), X6 ^ X6.shift_elems_right<2>()); 71| 458| mid ^= clmul<0x00>(H7 ^ H7.shift_elems_right<2>(), X7 ^ X7.shift_elems_right<2>()); 72| 458| mid ^= clmul<0x00>(H8 ^ H8.shift_elems_right<2>(), X8 ^ X8.shift_elems_right<2>()); 73| 458| mid ^= lo; 74| 458| mid ^= hi; 75| | 76| 458| return polyval_reduce(hi ^ mid.shift_elems_right<2>(), lo ^ mid.shift_elems_left<2>()); 77| 458|} ghash_cpu.cpp:_ZN5Botan12_GLOBAL__N_119polyval_multiply_x4ERKNS_9SIMD_4x32ES3_S3_S3_S3_S3_S3_S3_: 25| 28| const SIMD_4x32& X4) { 26| 28| const SIMD_4x32 lo = (clmul<0x00>(H1, X1) ^ clmul<0x00>(H2, X2)) ^ (clmul<0x00>(H3, X3) ^ clmul<0x00>(H4, X4)); 27| 28| const SIMD_4x32 hi = (clmul<0x11>(H1, X1) ^ clmul<0x11>(H2, X2)) ^ (clmul<0x11>(H3, X3) ^ clmul<0x11>(H4, X4)); 28| | 29| 28| SIMD_4x32 mid; 30| | 31| 28| mid ^= clmul<0x00>(H1 ^ H1.shift_elems_right<2>(), X1 ^ X1.shift_elems_right<2>()); 32| 28| mid ^= clmul<0x00>(H2 ^ H2.shift_elems_right<2>(), X2 ^ X2.shift_elems_right<2>()); 33| 28| mid ^= clmul<0x00>(H3 ^ H3.shift_elems_right<2>(), X3 ^ X3.shift_elems_right<2>()); 34| 28| mid ^= clmul<0x00>(H4 ^ H4.shift_elems_right<2>(), X4 ^ X4.shift_elems_right<2>()); 35| 28| mid ^= lo; 36| 28| mid ^= hi; 37| | 38| 28| return polyval_reduce(hi ^ mid.shift_elems_right<2>(), lo ^ mid.shift_elems_left<2>()); 39| 28|} _ZN5Botan19secure_scrub_memoryEPvm: 25| 1.89M|void secure_scrub_memory(void* ptr, size_t n) { 26| 1.89M| return secure_zeroize_buffer(ptr, n); 27| 1.89M|} _ZN5Botan21secure_zeroize_bufferEPvm: 29| 1.94M|void secure_zeroize_buffer(void* ptr, size_t n) { 30| 1.94M| if(n == 0) { ------------------ | Branch (30:7): [True: 736k, False: 1.21M] ------------------ 31| 736k| return; 32| 736k| } 33| | 34| |#if defined(BOTAN_TARGET_OS_HAS_RTLSECUREZEROMEMORY) 35| | ::RtlSecureZeroMemory(ptr, n); 36| | 37| |#elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_BZERO) 38| 1.21M| ::explicit_bzero(ptr, n); 39| | 40| |#elif defined(BOTAN_TARGET_OS_HAS_EXPLICIT_MEMSET) 41| | (void)::explicit_memset(ptr, 0, n); 42| | 43| |#else 44| | /* 45| | * Call memset through a static volatile pointer, which the compiler should 46| | * not elide. This construct should be safe in conforming compilers, but who 47| | * knows. This has been checked to generate the expected code, which saves the 48| | * memset address in the data segment and unconditionally loads and jumps to 49| | * that address, with the following targets: 50| | * 51| | * x86-64: Clang 19, GCC 6, 11, 13, 14 52| | * riscv64: GCC 14 53| | * aarch64: GCC 14 54| | * armv7: GCC 14 55| | * 56| | * Actually all of them generated the expected jump even without marking the 57| | * function pointer as volatile. However this seems worth including as an 58| | * additional precaution. 59| | */ 60| | static void* (*const volatile memset_ptr)(void*, int, size_t) = std::memset; 61| | (memset_ptr)(ptr, 0, n); 62| |#endif 63| 1.21M|} _ZN5Botan2OS14get_process_idEv: 76| 40.8k|uint32_t OS::get_process_id() { 77| 40.8k|#if defined(BOTAN_TARGET_OS_HAS_POSIX1) 78| 40.8k| return ::getpid(); 79| |#elif defined(BOTAN_TARGET_OS_HAS_WIN32) 80| | return ::GetCurrentProcessId(); 81| |#elif defined(BOTAN_TARGET_OS_IS_LLVM) || defined(BOTAN_TARGET_OS_IS_NONE) 82| | return 0; // truly no meaningful value 83| |#else 84| | #error "Missing get_process_id" 85| |#endif 86| 40.8k|} _ZN5Botan2OS17read_env_variableERNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEENS1_17basic_string_viewIcS4_EE: 448| 1|bool OS::read_env_variable(std::string& value_out, std::string_view name_view) { 449| 1| value_out = ""; 450| | 451| 1| if(running_in_privileged_state()) { ------------------ | Branch (451:7): [True: 0, False: 1] ------------------ 452| 0| return false; 453| 0| } 454| | 455| |#if defined(BOTAN_TARGET_OS_HAS_WIN32) && \ 456| | (defined(BOTAN_BUILD_COMPILER_IS_MSVC) || defined(BOTAN_BUILD_COMPILER_IS_CLANGCL)) 457| | const std::string name(name_view); 458| | char val[128] = {0}; 459| | size_t req_size = 0; 460| | if(getenv_s(&req_size, val, sizeof(val), name.c_str()) == 0) { 461| | // Microsoft's implementation always writes a terminating \0, 462| | // and includes it in the reported length of the environment variable 463| | // if a value exists. 464| | if(req_size > 0 && val[req_size - 1] == '\0') { 465| | value_out = std::string(val); 466| | } else { 467| | value_out = std::string(val, req_size); 468| | } 469| | return true; 470| | } 471| |#else 472| 1| const std::string name(name_view); 473| 1| if(const char* val = std::getenv(name.c_str())) { ------------------ | Branch (473:19): [True: 0, False: 1] ------------------ 474| 0| value_out = val; 475| 0| return true; 476| 0| } 477| 1|#endif 478| | 479| 1| return false; 480| 1|} os_utils.cpp:_ZN5Botan12_GLOBAL__N_110get_auxvalENSt3__18optionalImEE: 118| 1|std::optional get_auxval(std::optional id) { 119| 1| if(id) { ------------------ | Branch (119:7): [True: 1, False: 0] ------------------ 120| 1|#if defined(BOTAN_TARGET_OS_HAS_GETAUXVAL) 121| 1| return ::getauxval(*id); 122| |#elif defined(BOTAN_TARGET_OS_HAS_ELF_AUX_INFO) 123| | unsigned long auxinfo = 0; 124| | if(::elf_aux_info(static_cast(*id), &auxinfo, sizeof(auxinfo)) == 0) { 125| | return auxinfo; 126| | } 127| |#endif 128| 1| } 129| | 130| 0| return {}; 131| 1|} os_utils.cpp:_ZN5Botan12_GLOBAL__N_127running_in_privileged_stateEv: 152| 1|bool running_in_privileged_state() { 153| 1|#if defined(AT_SECURE) 154| 1| if(auto at_secure = get_auxval(AT_SECURE)) { ------------------ | Branch (154:12): [True: 1, False: 0] ------------------ 155| 1| return at_secure != 0; 156| 1| } 157| 0|#endif 158| | 159| 0|#if defined(BOTAN_TARGET_OS_HAS_POSIX1) 160| 0| return (::getuid() != ::geteuid()) || (::getgid() != ::getegid()); ------------------ | Branch (160:11): [True: 0, False: 0] | Branch (160:42): [True: 0, False: 0] ------------------ 161| |#else 162| | return false; 163| |#endif 164| 1|} _ZN5Botan9to_u32bitENSt3__117basic_string_viewIcNS0_11char_traitsIcEEEE: 30| 84.6k|uint32_t to_u32bit(std::string_view str_view) { 31| 84.6k| const std::string str(str_view); 32| | 33| | // std::stoul is not strict enough. Ensure that str is digit only [0-9]* 34| 169k| for(const char chr : str) { ------------------ | Branch (34:23): [True: 169k, False: 84.6k] ------------------ 35| 169k| if(chr < '0' || chr > '9') { ------------------ | Branch (35:10): [True: 0, False: 169k] | Branch (35:23): [True: 0, False: 169k] ------------------ 36| 0| throw Invalid_Argument("to_u32bit invalid decimal string '" + str + "'"); 37| 0| } 38| 169k| } 39| | 40| 84.6k| const unsigned long int x = std::stoul(str); 41| | 42| 84.6k| if constexpr(sizeof(unsigned long int) > 4) { 43| | // x might be uint64 44| 84.6k| if(x > std::numeric_limits::max()) { ------------------ | Branch (44:10): [True: 0, False: 84.6k] ------------------ 45| 0| throw Invalid_Argument("Integer value of " + str + " exceeds 32 bit range"); 46| 0| } 47| 84.6k| } 48| | 49| 84.6k| return static_cast(x); 50| 84.6k|} _ZN5Botan20parse_algorithm_nameENSt3__117basic_string_viewIcNS0_11char_traitsIcEEEE: 55| 210|std::vector parse_algorithm_name(std::string_view scan_name) { 56| 210| if(scan_name.find('(') == std::string::npos && scan_name.find(')') == std::string::npos) { ------------------ | Branch (56:7): [True: 103, False: 107] | Branch (56:51): [True: 103, False: 0] ------------------ 57| 103| return {std::string(scan_name)}; 58| 103| } 59| | 60| 107| std::string name(scan_name); 61| 107| std::string substring; 62| 107| std::vector elems; 63| 107| size_t level = 0; 64| | 65| 107| elems.push_back(name.substr(0, name.find('('))); 66| 107| name = name.substr(name.find('(')); 67| | 68| 398| for(auto i = name.begin(); i != name.end(); ++i) { ------------------ | Branch (68:31): [True: 398, False: 0] ------------------ 69| 398| const char c = *i; 70| | 71| 398| if(c == '(') { ------------------ | Branch (71:10): [True: 107, False: 291] ------------------ 72| 107| ++level; 73| 107| } 74| 398| if(c == ')') { ------------------ | Branch (74:10): [True: 107, False: 291] ------------------ 75| 107| if(level == 1 && i == name.end() - 1) { ------------------ | Branch (75:13): [True: 107, False: 0] | Branch (75:13): [True: 107, False: 0] | Branch (75:27): [True: 107, False: 0] ------------------ 76| 107| if(elems.size() == 1) { ------------------ | Branch (76:16): [True: 107, False: 0] ------------------ 77| 107| elems.push_back(substring.substr(1)); 78| 107| } else { 79| 0| elems.push_back(substring); 80| 0| } 81| 107| return elems; 82| 107| } 83| | 84| 0| if(level == 0 || (level == 1 && i != name.end() - 1)) { ------------------ | Branch (84:13): [True: 0, False: 0] | Branch (84:13): [True: 0, False: 0] | Branch (84:28): [True: 0, False: 0] | Branch (84:42): [True: 0, False: 0] ------------------ 85| 0| throw Invalid_Algorithm_Name(scan_name); 86| 0| } 87| 0| --level; 88| 0| } 89| | 90| 291| if(c == ',' && level == 1) { ------------------ | Branch (90:10): [True: 0, False: 291] | Branch (90:22): [True: 0, False: 0] ------------------ 91| 0| if(elems.size() == 1) { ------------------ | Branch (91:13): [True: 0, False: 0] ------------------ 92| 0| elems.push_back(substring.substr(1)); 93| 0| } else { 94| 0| elems.push_back(substring); 95| 0| } 96| 0| substring.clear(); 97| 291| } else { 98| 291| substring += c; 99| 291| } 100| 291| } 101| | 102| 0| if(!substring.empty()) { ------------------ | Branch (102:7): [True: 0, False: 0] ------------------ 103| 0| throw Invalid_Algorithm_Name(scan_name); 104| 0| } 105| | 106| 0| return elems; 107| 0|} _ZN5Botan8split_onENSt3__117basic_string_viewIcNS0_11char_traitsIcEEEEc: 109| 7.25k|std::vector split_on(std::string_view str, char delim) { 110| 7.25k| std::vector elems; 111| 7.25k| if(str.empty()) { ------------------ | Branch (111:7): [True: 0, False: 7.25k] ------------------ 112| 0| return elems; 113| 0| } 114| | 115| 7.25k| std::string substr; 116| 37.9k| for(const char c : str) { ------------------ | Branch (116:21): [True: 37.9k, False: 7.25k] ------------------ 117| 37.9k| if(c == delim) { ------------------ | Branch (117:10): [True: 210, False: 37.7k] ------------------ 118| 210| if(!substr.empty()) { ------------------ | Branch (118:13): [True: 210, False: 0] ------------------ 119| 210| elems.push_back(substr); 120| 210| } 121| 210| substr.clear(); 122| 37.7k| } else { 123| 37.7k| substr += c; 124| 37.7k| } 125| 37.9k| } 126| | 127| 7.25k| if(substr.empty()) { ------------------ | Branch (127:7): [True: 0, False: 7.25k] ------------------ 128| 0| throw Invalid_Argument(fmt("Unable to split string '{}", str)); 129| 0| } 130| 7.25k| elems.push_back(substr); 131| | 132| 7.25k| return elems; 133| 7.25k|} _ZN5Botan13poly_double_nEPhPKhm: 81| 697|void poly_double_n(uint8_t out[], const uint8_t in[], size_t n) { 82| 697| switch(n) { 83| 0| case 8: ------------------ | Branch (83:7): [True: 0, False: 697] ------------------ 84| 0| return poly_double<1, MinWeightPolynomial::P64>(out, in); 85| 697| case 16: ------------------ | Branch (85:7): [True: 697, False: 0] ------------------ 86| 697| return poly_double<2, MinWeightPolynomial::P128>(out, in); 87| 0| case 24: ------------------ | Branch (87:7): [True: 0, False: 697] ------------------ 88| 0| return poly_double<3, MinWeightPolynomial::P192>(out, in); 89| 0| case 32: ------------------ | Branch (89:7): [True: 0, False: 697] ------------------ 90| 0| return poly_double<4, MinWeightPolynomial::P256>(out, in); 91| 0| case 64: ------------------ | Branch (91:7): [True: 0, False: 697] ------------------ 92| 0| return poly_double<8, MinWeightPolynomial::P512>(out, in); 93| 0| case 128: ------------------ | Branch (93:7): [True: 0, False: 697] ------------------ 94| 0| return poly_double<16, MinWeightPolynomial::P1024>(out, in); 95| 0| default: ------------------ | Branch (95:7): [True: 0, False: 697] ------------------ 96| 0| throw Invalid_Argument("Unsupported size for poly_double_n"); 97| 697| } 98| 697|} poly_dbl.cpp:_ZN5Botan12_GLOBAL__N_111poly_doubleILm2ELNS0_19MinWeightPolynomialE135EEEvPhPKh: 44| 697|void poly_double(uint8_t out[], const uint8_t in[]) { 45| 697| uint64_t W[LIMBS]; 46| 697| load_be(W, in, LIMBS); 47| | 48| 697| const uint64_t carry = return_carry

(W[0]); 49| | 50| 697| if constexpr(LIMBS > 0) { 51| 1.39k| for(size_t i = 0; i != LIMBS - 1; ++i) { ------------------ | Branch (51:25): [True: 697, False: 697] ------------------ 52| 697| W[i] = (W[i] << 1) ^ (W[i + 1] >> 63); 53| 697| } 54| 697| } 55| | 56| 697| W[LIMBS - 1] = (W[LIMBS - 1] << 1) ^ carry; 57| | 58| 697| copy_out_be(std::span(out, LIMBS * 8), W); 59| 697|} poly_dbl.cpp:_ZN5Botan12_GLOBAL__N_112return_carryILNS0_19MinWeightPolynomialE135EEEmm: 39| 697|inline uint64_t return_carry(uint64_t c) { 40| 697| return CT::Mask::expand_top_bit(c).if_set_return(static_cast(P)); 41| 697|} _ZN5Botan9SCAN_NameC2ENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 58| 12.5k|SCAN_Name::SCAN_Name(std::string_view algo_spec) : m_orig_algo_spec(algo_spec) { 59| 12.5k| if(algo_spec.empty()) { ------------------ | Branch (59:7): [True: 0, False: 12.5k] ------------------ 60| 0| throw Invalid_Argument("Expected algorithm name, got empty string"); 61| 0| } 62| | 63| 12.5k| std::vector> name; 64| 12.5k| size_t level = 0; 65| 12.5k| std::pair accum = std::make_pair(level, ""); 66| | 67| 12.5k| const std::string decoding_error = "Bad SCAN name '" + m_orig_algo_spec + "': "; 68| | 69| 173k| for(const char c : algo_spec) { ------------------ | Branch (69:21): [True: 173k, False: 12.5k] ------------------ 70| 173k| if(c == '/' || c == ',' || c == '(' || c == ')') { ------------------ | Branch (70:10): [True: 0, False: 173k] | Branch (70:22): [True: 107, False: 173k] | Branch (70:34): [True: 12.5k, False: 160k] | Branch (70:46): [True: 12.5k, False: 148k] ------------------ 71| 25.2k| if(c == '(') { ------------------ | Branch (71:13): [True: 12.5k, False: 12.6k] ------------------ 72| 12.5k| ++level; 73| 12.6k| } else if(c == ')') { ------------------ | Branch (73:20): [True: 12.5k, False: 107] ------------------ 74| 12.5k| if(level == 0) { ------------------ | Branch (74:16): [True: 0, False: 12.5k] ------------------ 75| 0| throw Decoding_Error(decoding_error + "Mismatched parens"); 76| 0| } 77| 12.5k| --level; 78| 12.5k| } 79| | 80| 25.2k| if(c == '/' && level > 0) { ------------------ | Branch (80:13): [True: 0, False: 25.2k] | Branch (80:25): [True: 0, False: 0] ------------------ 81| 0| accum.second.push_back(c); 82| 25.2k| } else { 83| 25.2k| if(!accum.second.empty()) { ------------------ | Branch (83:16): [True: 25.2k, False: 0] ------------------ 84| 25.2k| name.push_back(accum); 85| 25.2k| } 86| 25.2k| accum = std::make_pair(level, ""); 87| 25.2k| } 88| 148k| } else { 89| 148k| accum.second.push_back(c); 90| 148k| } 91| 173k| } 92| | 93| 12.5k| if(!accum.second.empty()) { ------------------ | Branch (93:7): [True: 0, False: 12.5k] ------------------ 94| 0| name.push_back(accum); 95| 0| } 96| | 97| 12.5k| if(level != 0) { ------------------ | Branch (97:7): [True: 0, False: 12.5k] ------------------ 98| 0| throw Decoding_Error(decoding_error + "Missing close paren"); 99| 0| } 100| | 101| 12.5k| if(name.empty()) { ------------------ | Branch (101:7): [True: 0, False: 12.5k] ------------------ 102| 0| throw Decoding_Error(decoding_error + "Empty name"); 103| 0| } 104| | 105| 12.5k| m_alg_name = name[0].second; 106| | 107| 12.5k| bool in_modes = false; 108| | 109| 25.2k| for(size_t i = 1; i != name.size(); ++i) { ------------------ | Branch (109:22): [True: 12.6k, False: 12.5k] ------------------ 110| 12.6k| if(name[i].first == 0) { ------------------ | Branch (110:10): [True: 0, False: 12.6k] ------------------ 111| 0| m_mode_info.push_back(make_arg(name, i)); 112| 0| in_modes = true; 113| 12.6k| } else if(name[i].first == 1 && !in_modes) { ------------------ | Branch (113:17): [True: 12.6k, False: 0] | Branch (113:39): [True: 12.6k, False: 0] ------------------ 114| 12.6k| m_args.push_back(make_arg(name, i)); 115| 12.6k| } 116| 12.6k| } 117| 12.5k|} _ZNK5Botan9SCAN_Name3argEm: 119| 12.5k|std::string SCAN_Name::arg(size_t i) const { 120| 12.5k| if(i >= arg_count()) { ------------------ | Branch (120:7): [True: 0, False: 12.5k] ------------------ 121| 0| throw Invalid_Argument("SCAN_Name::arg " + std::to_string(i) + " out of range for '" + to_string() + "'"); 122| 0| } 123| 12.5k| return m_args[i]; 124| 12.5k|} _ZNK5Botan9SCAN_Name14arg_as_integerEmm: 133| 251|size_t SCAN_Name::arg_as_integer(size_t i, size_t def_value) const { 134| 251| if(i >= arg_count()) { ------------------ | Branch (134:7): [True: 143, False: 108] ------------------ 135| 143| return def_value; 136| 143| } 137| 108| return to_u32bit(m_args[i]); 138| 251|} scan_name.cpp:_ZN5Botan12_GLOBAL__N_18make_argERKNSt3__16vectorINS1_4pairImNS1_12basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEEENS7_ISA_EEEEm: 17| 12.6k|std::string make_arg(const std::vector>& name, size_t start) { 18| 12.6k| std::string output = name[start].second; 19| 12.6k| size_t level = name[start].first; 20| | 21| 12.6k| size_t paren_depth = 0; 22| | 23| 12.6k| for(size_t i = start + 1; i != name.size(); ++i) { ------------------ | Branch (23:30): [True: 107, False: 12.5k] ------------------ 24| 107| if(name[i].first <= name[start].first) { ------------------ | Branch (24:10): [True: 107, False: 0] ------------------ 25| 107| break; 26| 107| } 27| | 28| 0| if(name[i].first > level) { ------------------ | Branch (28:10): [True: 0, False: 0] ------------------ 29| 0| output += "(" + name[i].second; 30| 0| ++paren_depth; 31| 0| } else if(name[i].first < level) { ------------------ | Branch (31:17): [True: 0, False: 0] ------------------ 32| 0| for(size_t j = name[i].first; j < level; j++) { ------------------ | Branch (32:40): [True: 0, False: 0] ------------------ 33| 0| output += ")"; 34| 0| --paren_depth; 35| 0| } 36| 0| output += "," + name[i].second; 37| 0| } else { 38| 0| if(output[output.size() - 1] != '(') { ------------------ | Branch (38:13): [True: 0, False: 0] ------------------ 39| 0| output += ","; 40| 0| } 41| 0| output += name[i].second; 42| 0| } 43| | 44| 0| level = name[i].first; 45| 0| } 46| | 47| 12.6k| for(size_t i = 0; i != paren_depth; ++i) { ------------------ | Branch (47:22): [True: 0, False: 12.6k] ------------------ 48| 0| output += ")"; 49| 0| } 50| | 51| 12.6k| return output; 52| 12.6k|} _ZN5Botan15AlternativeName7add_dnsENSt3__117basic_string_viewIcNS1_11char_traitsIcEEEE: 63| 7.04k|void AlternativeName::add_dns(std::string_view dns) { 64| 7.04k| if(dns.empty()) { ------------------ | Branch (64:7): [True: 0, False: 7.04k] ------------------ 65| 0| return; 66| 0| } 67| 7.04k| if(auto parsed = DNSName::from_san_string(dns)) { ------------------ | Branch (67:12): [True: 7.04k, False: 0] ------------------ 68| 7.04k| add_dns(std::move(*parsed)); 69| 7.04k| } else { 70| 0| throw Decoding_Error("Invalid DNS name in SubjectAlternativeName"); 71| 0| } 72| 7.04k|} _ZN5Botan15AlternativeName7add_dnsENS_7DNSNameE: 74| 7.04k|void AlternativeName::add_dns(DNSName dns) { 75| 7.04k| m_dns.insert(std::move(dns)); 76| 7.04k|} _ZNK5Botan15AlternativeName5countEv: 113| 7.04k|size_t AlternativeName::count() const { 114| 7.04k| const auto sum = checked_add(m_dns.size(), 115| 7.04k| m_uri.size(), 116| 7.04k| m_email.size(), 117| 7.04k| m_ipv4_addrs.size(), 118| 7.04k| m_ipv6_addrs.size(), 119| 7.04k| m_dn_names.size(), 120| 7.04k| m_other_name_values.size(), 121| 7.04k| m_registered_ids.size()); 122| | 123| 7.04k| BOTAN_ASSERT_NOMSG(sum.has_value()); ------------------ | | 77| 7.04k| do { \ | | 78| 7.04k| /* NOLINTNEXTLINE(*-simplify-boolean-expr) */ \ | | 79| 7.04k| if(!(expr)) { \ | | ------------------ | | | Branch (79:10): [True: 0, False: 7.04k] | | ------------------ | | 80| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 81| 0| Botan::assertion_failure(#expr, "", __func__, __FILE__, __LINE__); \ | | 82| 0| } \ | | 83| 7.04k| } while(0) | | ------------------ | | | Branch (83:12): [Folded, False: 7.04k] | | ------------------ ------------------ 124| 7.04k| return sum.value(); 125| 7.04k|} _ZNK5Botan15AlternativeName9has_itemsEv: 127| 7.04k|bool AlternativeName::has_items() const { 128| 7.04k| return this->count() > 0; 129| 7.04k|} _ZN5Botan15AlternativeName11decode_fromERNS_11BER_DecoderE: 198| 7.04k|void AlternativeName::decode_from(BER_Decoder& source) { 199| 7.04k| BER_Decoder names = source.start_sequence(); 200| | 201| 14.0k| while(names.more_items()) { ------------------ | Branch (201:10): [True: 7.04k, False: 7.04k] ------------------ 202| 7.04k| const BER_Object obj = names.get_next_object(); 203| | 204| 7.04k| if(obj.is_a(0, ASN1_Class::ExplicitContextSpecific)) { ------------------ | Branch (204:10): [True: 0, False: 7.04k] ------------------ 205| 0| BER_Decoder othername(obj, names.limits()); 206| | 207| 0| OID oid; 208| 0| othername.decode(oid); 209| 0| const BER_Object othername_value_outer = othername.get_next_object(); 210| 0| othername.verify_end(); 211| | 212| 0| if(!othername_value_outer.is_a(0, ASN1_Class::ExplicitContextSpecific)) { ------------------ | Branch (212:13): [True: 0, False: 0] ------------------ 213| 0| throw Decoding_Error("Invalid tags on otherName value"); 214| 0| } 215| | 216| 0| BER_Decoder othername_value_inner(othername_value_outer, names.limits()); 217| | 218| 0| const BER_Object value = othername_value_inner.get_next_object(); 219| 0| othername_value_inner.verify_end(); 220| | 221| | // Capture the inner ANY value verbatim so applications can retrieve 222| | // it regardless of its ASN.1 form. 223| 0| std::vector raw_value; 224| 0| DER_Encoder(raw_value).add_object(value.type_tag(), value.class_tag(), value.data()); 225| 0| m_other_name_values.insert(OtherNameValue{oid, std::move(raw_value)}); 226| | 227| | // Populate old string view for compatibility 228| 0| if(ASN1_String::is_string_type(value.type()) && value.get_class() == ASN1_Class::Universal) { ------------------ | Branch (228:13): [True: 0, False: 0] | Branch (228:58): [True: 0, False: 0] ------------------ 229| 0| try { 230| 0| m_othernames.insert(std::make_pair(oid, ASN1_String(ASN1::to_string(value), value.type()))); 231| 0| } catch(const Invalid_Argument&) { // NOLINT(*-empty-catch) 232| 0| } 233| 0| } 234| | 235| 0| if(oid == OID::from_string("PKIX.SmtpUTF8Mailbox")) { ------------------ | Branch (235:13): [True: 0, False: 0] ------------------ 236| 0| if(!value.is_a(ASN1_Type::Utf8String, ASN1_Class::Universal)) { ------------------ | Branch (236:16): [True: 0, False: 0] ------------------ 237| 0| throw Decoding_Error("SmtpUTF8Mailbox otherName must contain a UTF8String"); 238| 0| } 239| 0| auto parsed_mailbox = SmtpUtf8Mailbox::from_string(ASN1::to_string(value)); 240| 0| if(!parsed_mailbox.has_value()) { ------------------ | Branch (240:16): [True: 0, False: 0] ------------------ 241| 0| throw Decoding_Error("Invalid SmtpUTF8Mailbox encoding"); 242| 0| } 243| 0| m_smtp_utf8_mailboxes.insert(std::move(*parsed_mailbox)); 244| 0| } 245| 7.04k| } else if(obj.is_a(1, ASN1_Class::ContextSpecific)) { ------------------ | Branch (245:17): [True: 0, False: 7.04k] ------------------ 246| 0| add_email(ASN1::to_string(obj)); 247| 7.04k| } else if(obj.is_a(2, ASN1_Class::ContextSpecific)) { ------------------ | Branch (247:17): [True: 7.04k, False: 0] ------------------ 248| 7.04k| add_dns(ASN1::to_string(obj)); 249| 7.04k| } else if(obj.is_a(3, ASN1_Class::ContextSpecific | ASN1_Class::Constructed)) { ------------------ | Branch (249:17): [True: 0, False: 0] ------------------ 250| | // x400Address not supported but it is a SEQUENCE so we know it cannot be empty 251| 0| if(obj.length() == 0) { ------------------ | Branch (251:13): [True: 0, False: 0] ------------------ 252| 0| throw Decoding_Error("Invalid x400Address field"); 253| 0| } 254| 0| } else if(obj.is_a(4, ASN1_Class::ContextSpecific | ASN1_Class::Constructed)) { ------------------ | Branch (254:17): [True: 0, False: 0] ------------------ 255| 0| BER_Decoder dec(obj, names.limits()); 256| 0| X509_DN dn; 257| 0| dec.decode(dn).verify_end(); 258| 0| this->add_dn(dn); 259| 0| } else if(obj.is_a(5, ASN1_Class::ContextSpecific | ASN1_Class::Constructed)) { ------------------ | Branch (259:17): [True: 0, False: 0] ------------------ 260| | // ediPartyName not supported but it is a SEQUENCE so we know it cannot be empty 261| 0| if(obj.length() == 0) { ------------------ | Branch (261:13): [True: 0, False: 0] ------------------ 262| 0| throw Decoding_Error("Invalid ediPartyName field"); 263| 0| } 264| 0| } else if(obj.is_a(6, ASN1_Class::ContextSpecific)) { ------------------ | Branch (264:17): [True: 0, False: 0] ------------------ 265| 0| this->add_uri(ASN1::to_string(obj)); 266| 0| } else if(obj.is_a(7, ASN1_Class::ContextSpecific)) { ------------------ | Branch (266:17): [True: 0, False: 0] ------------------ 267| 0| if(obj.length() == 4) { ------------------ | Branch (267:13): [True: 0, False: 0] ------------------ 268| 0| const uint32_t ip = load_be(obj.bits(), 0); 269| 0| this->add_ipv4_address(ip); 270| 0| } else if(obj.length() == 16) { ------------------ | Branch (270:20): [True: 0, False: 0] ------------------ 271| 0| const IPv6Address ip(std::span{obj.bits(), 16}); 272| 0| this->add_ipv6_address(ip); 273| 0| } else { 274| 0| throw Decoding_Error("Invalid IP constraint neither IPv4 or IPv6"); 275| 0| } 276| 0| } else if(obj.is_a(8, ASN1_Class::ContextSpecific)) { ------------------ | Branch (276:17): [True: 0, False: 0] ------------------ 277| | // [8] registeredID is IMPLICIT OBJECT IDENTIFIER. 278| 0| OID oid; 279| 0| names.decode_implicit(obj, oid, ASN1_Type::ObjectId, ASN1_Class::Universal); 280| 0| this->add_registered_id(oid); 281| 0| } else { 282| 0| throw Decoding_Error(fmt("Unknown GeneralName tag {}/class {}", 283| 0| static_cast(obj.type_tag()), 284| 0| static_cast(obj.class_tag()))); 285| 0| } 286| 7.04k| } 287| 7.04k|} _ZN5Botan13x500_name_cmpENSt3__117basic_string_viewIcNS0_11char_traitsIcEEEES4_: 87| 21.1k|bool x500_name_cmp(std::string_view name1, std::string_view name2) { 88| 21.1k| X500_Char_Iterator it1(name1); 89| 21.1k| X500_Char_Iterator it2(name2); 90| | 91| 190k| while(true) { ------------------ | Branch (91:10): [True: 190k, Folded] ------------------ 92| 190k| const auto c1 = it1.next(); 93| 190k| const auto c2 = it2.next(); 94| | 95| 190k| if(c1 != c2) { ------------------ | Branch (95:10): [True: 0, False: 190k] ------------------ 96| 0| return false; 97| 0| } 98| 190k| if(!c1.has_value() && !c2.has_value()) { ------------------ | Branch (98:10): [True: 21.1k, False: 169k] | Branch (98:29): [True: 21.1k, False: 0] ------------------ 99| 21.1k| return true; 100| 21.1k| } 101| 190k| } 102| 21.1k|} _ZN5Botan12rdn_equalityERKNSt3__16vectorINS0_4pairINS_3OIDENS_11ASN1_StringEEENS0_9allocatorIS5_EEEESA_: 280| 21.1k| const std::vector>& b) { 281| 21.1k| if(a.size() != b.size()) { ------------------ | Branch (281:7): [True: 0, False: 21.1k] ------------------ 282| 0| return false; 283| 0| } 284| | 285| | // Single-AVA RDN is the overwhelmingly common case. 286| 21.1k| if(a.size() == 1) { ------------------ | Branch (286:7): [True: 21.1k, False: 0] ------------------ 287| 21.1k| return a[0].first == b[0].first && x500_name_cmp(a[0].second.value(), b[0].second.value()); ------------------ | Branch (287:14): [True: 21.1k, False: 0] | Branch (287:42): [True: 21.1k, False: 0] ------------------ 288| 21.1k| } 289| | 290| 0| return canonicalize_rdn(a) == canonicalize_rdn(b); 291| 21.1k|} _ZN5BotaneqERKNS_7X509_DNES2_: 296| 7.04k|bool operator==(const X509_DN& dn1, const X509_DN& dn2) { 297| 7.04k| const auto& r1 = dn1.rdns(); 298| 7.04k| const auto& r2 = dn2.rdns(); 299| | 300| 7.04k| if(r1.size() != r2.size()) { ------------------ | Branch (300:7): [True: 0, False: 7.04k] ------------------ 301| 0| return false; 302| 0| } 303| | 304| 28.1k| for(size_t i = 0; i < r1.size(); ++i) { ------------------ | Branch (304:22): [True: 21.1k, False: 7.04k] ------------------ 305| 21.1k| if(!rdn_equality(r1[i], r2[i])) { ------------------ | Branch (305:10): [True: 0, False: 21.1k] ------------------ 306| 0| return false; 307| 0| } 308| 21.1k| } 309| | 310| 7.04k| return true; 311| 7.04k|} _ZN5Botan7X509_DN11decode_fromERNS_11BER_DecoderE: 395| 14.4k|void X509_DN::decode_from(BER_Decoder& source) { 396| 14.4k| std::vector bits; 397| | 398| 14.4k| source.start_sequence().raw_bytes(bits).end_cons(); 399| | 400| 14.4k| BER_Decoder sequence(bits, source.limits()); 401| | 402| 14.4k| m_rdn.clear(); 403| | 404| | // Cap AVAs per RDN to bound work for downstream set-based matching. 405| | // No legitimate cert has anywhere near this many AVAs in a single RDN. 406| 14.4k| constexpr size_t MAX_AVAS_PER_RDN = 32; 407| | 408| 56.9k| while(sequence.more_items()) { ------------------ | Branch (408:10): [True: 42.4k, False: 14.4k] ------------------ 409| 42.4k| BER_Decoder rdn_decoder = sequence.start_set(); 410| | 411| 42.4k| std::vector> rdn; 412| 85.0k| while(rdn_decoder.more_items()) { ------------------ | Branch (412:13): [True: 42.5k, False: 42.4k] ------------------ 413| 42.5k| OID oid; 414| 42.5k| ASN1_String str; 415| | 416| 42.5k| rdn_decoder.start_sequence() 417| 42.5k| .decode(oid) 418| 42.5k| .decode(str) // TODO support Any 419| 42.5k| .end_cons(); 420| | 421| 42.5k| rdn.emplace_back(std::move(oid), std::move(str)); 422| | 423| 42.5k| if(rdn.size() > MAX_AVAS_PER_RDN) { ------------------ | Branch (423:13): [True: 0, False: 42.5k] ------------------ 424| 0| throw Decoding_Error("X.500 RDN has too many attribute-value assertions"); 425| 0| } 426| 42.5k| } 427| | 428| | /* 429| | RFC 5280 4.1.2.4: 430| | RelativeDistinguishedName ::= 431| | SET SIZE (1..MAX) OF AttributeTypeAndValue 432| | */ 433| 42.4k| if(rdn.empty()) { ------------------ | Branch (433:10): [True: 2, False: 42.4k] ------------------ 434| 2| throw Decoding_Error("X.500 RDN must contain at least one attribute-value assertion"); 435| 2| } 436| 42.4k| m_rdn.push_back(std::move(rdn)); 437| 42.4k| } 438| | 439| 14.4k| m_dn_bits = bits; 440| 14.4k|} x509_dn.cpp:_ZN5Botan12_GLOBAL__N_118X500_Char_IteratorC2ENSt3__117basic_string_viewIcNS2_11char_traitsIcEEEE: 31| 42.2k| explicit X500_Char_Iterator(std::string_view s) : m_str(s), m_pos(0) { 32| | // Skip leading whitespace 33| 42.2k| while(m_pos < m_str.size() && is_space(m_str[m_pos])) { ------------------ | Branch (33:16): [True: 42.2k, False: 0] | Branch (33:40): [True: 0, False: 42.2k] ------------------ 34| 0| ++m_pos; 35| 0| } 36| 42.2k| } x509_dn.cpp:_ZN5Botan12_GLOBAL__N_118X500_Char_Iterator4nextEv: 39| 380k| std::optional next() { 40| 380k| if(m_pos >= m_str.size()) { ------------------ | Branch (40:13): [True: 42.2k, False: 338k] ------------------ 41| 42.2k| return std::nullopt; 42| 42.2k| } 43| | 44| 338k| if(is_space(m_str[m_pos])) { ------------------ | Branch (44:13): [True: 28.1k, False: 309k] ------------------ 45| | // Skip the entire whitespace run 46| 56.3k| while(m_pos < m_str.size() && is_space(m_str[m_pos])) { ------------------ | Branch (46:19): [True: 56.3k, False: 0] | Branch (46:43): [True: 28.1k, False: 28.1k] ------------------ 47| 28.1k| ++m_pos; 48| 28.1k| } 49| | // Emit a single space only if more content follows (strip trailing ws) 50| 28.1k| if(m_pos < m_str.size()) { ------------------ | Branch (50:16): [True: 28.1k, False: 0] ------------------ 51| 28.1k| return ' '; 52| 28.1k| } 53| 0| return std::nullopt; 54| 28.1k| } 55| | 56| 309k| const char c = m_str[m_pos++]; 57| | // Locale-independent ASCII fold; RFC 5280 DN matching does not depend on libc locale 58| 309k| if(c >= 'A' && c <= 'Z') { ------------------ | Branch (58:13): [True: 295k, False: 14.0k] | Branch (58:25): [True: 84.5k, False: 211k] ------------------ 59| 84.5k| return static_cast(c + ('a' - 'A')); 60| 84.5k| } 61| 225k| return c; 62| 309k| } x509_dn.cpp:_ZN5Botan12_GLOBAL__N_18is_spaceEc: 22| 436k|bool is_space(char c) { 23| 436k| return c == ' ' || c == '\t'; ------------------ | Branch (23:11): [True: 56.3k, False: 380k] | Branch (23:23): [True: 0, False: 380k] ------------------ 24| 436k|} _ZN5Botan10Extensions15create_extn_objERKNS_3OIDEbRKNSt3__16vectorIhNS4_9allocatorIhEEEENS4_8optionalINS_17Extension_ContextEEE: 131| 28.1k| std::optional context) { 132| 28.1k| auto extn = extension_from_oid(oid); 133| | 134| 28.1k| if(!extn) { ------------------ | Branch (134:7): [True: 0, False: 28.1k] ------------------ 135| | // some other unknown extension type 136| 0| extn = std::make_unique(oid, critical); 137| 28.1k| } else { 138| 28.1k| if(context.has_value() && !extn->is_appropriate_context(*context)) { ------------------ | Branch (138:10): [True: 28.1k, False: 0] | Branch (138:33): [True: 0, False: 28.1k] ------------------ 139| 0| throw Decoding_Error(fmt("Extension {} is not allowed in this context", extn->oid_name())); 140| 0| } 141| | 142| 28.1k| try { 143| 28.1k| extn->decode_inner(body); 144| 28.1k| return extn; 145| 28.1k| } catch(const Exception&) { 146| | // OID was recognized but contents failed to decode 147| 0| extn = std::make_unique(oid, critical, /*failed_to_decode=*/true); 148| 0| } 149| 28.1k| } 150| | 151| | // This is always Unknown_Extension: 152| 0| extn->decode_inner(body); 153| 0| return extn; 154| 28.1k|} _ZNK5Botan10Extensions15Extensions_Info3objEv: 156| 28.1k|const Certificate_Extension& Extensions::Extensions_Info::obj() const { 157| 28.1k| BOTAN_ASSERT_NONNULL(m_obj.get()); ------------------ | | 116| 28.1k| do { \ | | 117| 28.1k| if((ptr) == nullptr) { \ | | ------------------ | | | Branch (117:10): [True: 0, False: 28.1k] | | ------------------ | | 118| 0| /* NOLINTNEXTLINE(bugprone-lambda-function-name) */ \ | | 119| 0| Botan::assertion_failure(#ptr " is not null", "", __func__, __FILE__, __LINE__); \ | | 120| 0| } \ | | 121| 28.1k| } while(0) | | ------------------ | | | Branch (121:12): [Folded, False: 28.1k] | | ------------------ ------------------ 158| 28.1k| return *m_obj; 159| 28.1k|} _ZNK5Botan10Extensions13extension_setERKNS_3OIDE: 218| 7.04k|bool Extensions::extension_set(const OID& oid) const { 219| 7.04k| return m_extension_info.contains(oid); 220| 7.04k|} _ZNK5Botan10Extensions20get_extension_objectERKNS_3OIDE: 239| 77.4k|const Certificate_Extension* Extensions::get_extension_object(const OID& oid) const { 240| 77.4k| auto extn = m_extension_info.find(oid); 241| 77.4k| if(extn == m_extension_info.end()) { ------------------ | Branch (241:7): [True: 49.3k, False: 28.1k] ------------------ 242| 49.3k| return nullptr; 243| 49.3k| } 244| | 245| 28.1k| return &extn->second.obj(); 246| 77.4k|} _ZN5Botan10Extensions11decode_fromERNS_11BER_DecoderENSt3__18optionalINS_17Extension_ContextEEE: 299| 7.04k|void Extensions::decode_from(BER_Decoder& from_source, std::optional context) { 300| 7.04k| m_extension_oids.clear(); 301| 7.04k| m_extension_info.clear(); 302| 7.04k| m_has_unknown_critical_extension = false; 303| | 304| 7.04k| BER_Decoder sequence = from_source.start_sequence(); 305| | 306| 35.2k| while(sequence.more_items()) { ------------------ | Branch (306:10): [True: 28.1k, False: 7.04k] ------------------ 307| 28.1k| OID oid; 308| 28.1k| bool critical = false; 309| 28.1k| std::vector bits; 310| | 311| 28.1k| sequence.start_sequence() 312| 28.1k| .decode(oid) 313| 28.1k| .decode_optional(critical, ASN1_Type::Boolean, ASN1_Class::Universal, false) 314| 28.1k| .decode(bits, ASN1_Type::OctetString) 315| 28.1k| .end_cons(); 316| | 317| 28.1k| auto obj = create_extn_obj(oid, critical, bits, context); 318| | // Unknown_Extension is the only Certificate_Extension with an empty oid_name 319| 28.1k| if(critical && obj->oid_name().empty()) { ------------------ | Branch (319:10): [True: 7.04k, False: 21.1k] | Branch (319:10): [True: 0, False: 28.1k] | Branch (319:22): [True: 0, False: 7.04k] ------------------ 320| 0| m_has_unknown_critical_extension = true; 321| 0| } 322| 28.1k| Extensions_Info info(critical, bits, std::move(obj)); 323| | 324| | // RFC 5280 4.2: "A certificate MUST NOT include more than one 325| | // instance of a particular extension." 326| 28.1k| if(!m_extension_info.emplace(oid, info).second) { ------------------ | Branch (326:10): [True: 0, False: 28.1k] ------------------ 327| 0| throw Decoding_Error("Duplicate certificate extension encountered"); 328| 0| } 329| 28.1k| m_extension_oids.push_back(oid); 330| 28.1k| } 331| 7.04k| sequence.verify_end(); 332| 7.04k|} _ZNK5Botan14Cert_Extension17Basic_Constraints22is_appropriate_contextENS_17Extension_ContextE: 336| 7.04k|bool Basic_Constraints::is_appropriate_context(Extension_Context context) const { 337| 7.04k| return context == Extension_Context::Certificate; 338| 7.04k|} _ZNK5Botan14Cert_Extension14Subject_Key_ID22is_appropriate_contextENS_17Extension_ContextE: 344| 7.04k|bool Subject_Key_ID::is_appropriate_context(Extension_Context context) const { 345| 7.04k| return context == Extension_Context::Certificate; 346| 7.04k|} _ZNK5Botan14Cert_Extension16Authority_Key_ID22is_appropriate_contextENS_17Extension_ContextE: 348| 7.04k|bool Authority_Key_ID::is_appropriate_context(Extension_Context context) const { 349| 7.04k| return context == Extension_Context::Certificate || context == Extension_Context::CRL; ------------------ | Branch (349:11): [True: 7.04k, False: 0] | Branch (349:56): [True: 0, False: 0] ------------------ 350| 7.04k|} _ZNK5Botan14Cert_Extension24Subject_Alternative_Name22is_appropriate_contextENS_17Extension_ContextE: 352| 7.04k|bool Subject_Alternative_Name::is_appropriate_context(Extension_Context context) const { 353| 7.04k| return context == Extension_Context::Certificate; 354| 7.04k|} _ZN5Botan14Cert_Extension17Basic_ConstraintsC2Ebm: 419| 7.04k| Basic_Constraints(is_ca, is_ca ? std::optional(path_length_constraint) : std::nullopt) {} ------------------ | Branch (419:32): [True: 0, False: 7.04k] ------------------ _ZN5Botan14Cert_Extension17Basic_ConstraintsC2EbNSt3__18optionalImEE: 422| 7.04k| m_is_ca(is_ca), m_path_length_constraint(path_length_constraint) { 423| 7.04k| if(!m_is_ca && m_path_length_constraint.has_value()) { ------------------ | Branch (423:7): [True: 7.04k, False: 0] | Branch (423:19): [True: 0, False: 7.04k] ------------------ 424| | // RFC 5280 Sec 4.2.1.9 "CAs MUST NOT include the pathLenConstraint field unless the cA boolean is asserted" 425| 0| throw Invalid_Argument( 426| 0| "Basic_Constraints nonsensical to set a path length constraint for a non-CA basicConstraints"); 427| 0| } 428| 7.04k|} _ZN5Botan14Cert_Extension17Basic_Constraints12decode_innerERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 459| 7.04k|void Basic_Constraints::decode_inner(const std::vector& in) { 460| | /* 461| | * RFC 5280 Section 4.2.1.9 462| | * 463| | * BasicConstraints ::= SEQUENCE { 464| | * cA BOOLEAN DEFAULT FALSE, 465| | * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 466| | */ 467| 7.04k| BER_Decoder(in, BER_Decoder::Limits::DER()) 468| 7.04k| .start_sequence() 469| 7.04k| .decode_optional(m_is_ca, ASN1_Type::Boolean, ASN1_Class::Universal, false) 470| 7.04k| .decode_optional(m_path_length_constraint, ASN1_Type::Integer, ASN1_Class::Universal) 471| 7.04k| .end_cons() 472| 7.04k| .verify_end(); 473| | 474| | /* RFC 5280 Section 4.2.1.9: 475| | * "CAs MUST NOT include the pathLenConstraint field unless the cA boolean 476| | * is asserted and the key usage extension asserts the keyCertSign bit" */ 477| 7.04k| if(!m_is_ca && m_path_length_constraint.has_value()) { ------------------ | Branch (477:7): [True: 7.04k, False: 0] | Branch (477:19): [True: 0, False: 7.04k] ------------------ 478| 0| throw Decoding_Error("BasicConstraints pathLenConstraint must not be present when cA is FALSE"); 479| 0| } 480| 7.04k|} _ZN5Botan14Cert_Extension14Subject_Key_ID12decode_innerERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 550| 7.04k|void Subject_Key_ID::decode_inner(const std::vector& in) { 551| | /* RFC 5280 Section 4.2.1.2 - SubjectKeyIdentifier ::= KeyIdentifier */ 552| 7.04k| BER_Decoder(in, BER_Decoder::Limits::DER()).decode(m_key_id, ASN1_Type::OctetString).verify_end(); 553| | 554| 7.04k| if(m_key_id.empty()) { ------------------ | Branch (554:7): [True: 0, False: 7.04k] ------------------ 555| 0| throw Decoding_Error("SubjectKeyIdentifier must not be empty"); 556| 0| } 557| 7.04k| if(m_key_id.size() > MaximumKeyIdentifierLength) { ------------------ | Branch (557:7): [True: 0, False: 7.04k] ------------------ 558| 0| throw Decoding_Error( 559| 0| fmt("SubjectKeyIdentifier length {} exceeds limit of {} bytes", m_key_id.size(), MaximumKeyIdentifierLength)); 560| 0| } 561| 7.04k|} _ZN5Botan14Cert_Extension16Authority_Key_ID12decode_innerERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 596| 7.04k|void Authority_Key_ID::decode_inner(const std::vector& in) { 597| | /* 598| | * RFC 5280 Section 4.2.1.1 599| | * 600| | * AuthorityKeyIdentifier ::= SEQUENCE { 601| | * keyIdentifier [0] KeyIdentifier OPTIONAL, 602| | * authorityCertIssuer [1] GeneralNames OPTIONAL, 603| | * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } 604| | */ 605| 7.04k| BER_Decoder ber(in, BER_Decoder::Limits::DER()); 606| 7.04k| BER_Decoder seq = ber.start_sequence(); 607| | 608| 7.04k| const bool key_id_present = seq.peek_next_object().is_a(0, ASN1_Class::ContextSpecific); 609| | 610| 7.04k| seq.decode_optional_string(m_key_id, ASN1_Type::OctetString, 0).discard_remaining().end_cons(); 611| 7.04k| ber.verify_end(); 612| | 613| 7.04k| if(key_id_present) { ------------------ | Branch (613:7): [True: 7.04k, False: 0] ------------------ 614| 7.04k| if(m_key_id.empty()) { ------------------ | Branch (614:10): [True: 0, False: 7.04k] ------------------ 615| 0| throw Decoding_Error("AuthorityKeyIdentifier keyIdentifier must not be empty"); 616| 0| } 617| 7.04k| if(m_key_id.size() > MaximumKeyIdentifierLength) { ------------------ | Branch (617:10): [True: 0, False: 7.04k] ------------------ 618| 0| throw Decoding_Error(fmt("AuthorityKeyIdentifier keyIdentifier length {} exceeds limit of {} bytes", 619| 0| m_key_id.size(), 620| 0| MaximumKeyIdentifierLength)); 621| 0| } 622| 7.04k| } 623| 7.04k|} _ZN5Botan14Cert_Extension24Subject_Alternative_Name12decode_innerERKNSt3__16vectorIhNS2_9allocatorIhEEEE: 646| 7.04k|void Subject_Alternative_Name::decode_inner(const std::vector& in) { 647| | /* RFC 5280 Section 4.2.1.6 - SubjectAltName ::= GeneralNames 648| | * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName */ 649| 7.04k| BER_Decoder(in, BER_Decoder::Limits::DER()).decode(m_alt_name).verify_end(); 650| 7.04k| if(!m_alt_name.has_items()) { ------------------ | Branch (650:7): [True: 0, False: 7.04k] ------------------ 651| 0| throw Decoding_Error("SubjectAlternativeName extension must contain at least one GeneralName"); 652| 0| } 653| 7.04k|} x509_ext.cpp:_ZN5Botan12_GLOBAL__N_118extension_from_oidERKNS_3OIDE: 38| 28.1k|std::unique_ptr extension_from_oid(const OID& oid) { 39| 28.1k| if(auto iso_ext = is_sub_element_of(oid, {2, 5, 29})) { ------------------ | Branch (39:12): [True: 28.1k, False: 0] ------------------ 40| | // NOLINTNEXTLINE(*-switch-missing-default-case) 41| 28.1k| switch(*iso_ext) { ------------------ | Branch (41:14): [True: 28.1k, False: 0] ------------------ 42| 7.04k| case 14: ------------------ | Branch (42:10): [True: 7.04k, False: 21.1k] ------------------ 43| 7.04k| return make_extension(oid); 44| 0| case 15: ------------------ | Branch (44:10): [True: 0, False: 28.1k] ------------------ 45| 0| return make_extension(oid); 46| 7.04k| case 17: ------------------ | Branch (46:10): [True: 7.04k, False: 21.1k] ------------------ 47| 7.04k| return make_extension(oid); 48| 0| case 18: ------------------ | Branch (48:10): [True: 0, False: 28.1k] ------------------ 49| 0| return make_extension(oid); 50| 7.04k| case 19: ------------------ | Branch (50:10): [True: 7.04k, False: 21.1k] ------------------ 51| 7.04k| return make_extension(oid); 52| 0| case 20: ------------------ | Branch (52:10): [True: 0, False: 28.1k] ------------------ 53| 0| return make_extension(oid); 54| 0| case 21: ------------------ | Branch (54:10): [True: 0, False: 28.1k] ------------------ 55| 0| return make_extension(oid); 56| 0| case 28: ------------------ | Branch (56:10): [True: 0, False: 28.1k] ------------------ 57| 0| return make_extension(oid); 58| 0| case 30: ------------------ | Branch (58:10): [True: 0, False: 28.1k] ------------------ 59| 0| return make_extension(oid); 60| 0| case 31: ------------------ | Branch (60:10): [True: 0, False: 28.1k] ------------------ 61| 0| return make_extension(oid); 62| 0| case 32: ------------------ | Branch (62:10): [True: 0, False: 28.1k] ------------------ 63| 0| return make_extension(oid); 64| 7.04k| case 35: ------------------ | Branch (64:10): [True: 7.04k, False: 21.1k] ------------------ 65| 7.04k| return make_extension(oid); 66| 0| case 37: ------------------ | Branch (66:10): [True: 0, False: 28.1k] ------------------ 67| 0| return make_extension(oid); 68| 0| case 56: ------------------ | Branch (68:10): [True: 0, False: 28.1k] ------------------ 69| 0| return make_extension(oid); 70| 28.1k| } 71| 28.1k| } 72| | 73| 0| if(auto pkix_ext = is_sub_element_of(oid, {1, 3, 6, 1, 5, 5, 7, 1})) { ------------------ | Branch (73:12): [True: 0, False: 0] ------------------ 74| | // NOLINTNEXTLINE(*-switch-missing-default-case) 75| 0| switch(*pkix_ext) { ------------------ | Branch (75:14): [True: 0, False: 0] ------------------ 76| 0| case 1: ------------------ | Branch (76:10): [True: 0, False: 0] ------------------ 77| 0| return make_extension(oid); 78| 0| case 7: ------------------ | Branch (78:10): [True: 0, False: 0] ------------------ 79| 0| return make_extension(oid); 80| 0| case 8: ------------------ | Branch (80:10): [True: 0, False: 0] ------------------ 81| 0| return make_extension(oid); 82| 0| case 26: ------------------ | Branch (82:10): [True: 0, False: 0] ------------------ 83| 0| return make_extension(oid); 84| 0| } 85| 0| } 86| | 87| 0| if(oid == Cert_Extension::OCSP_NoCheck::static_oid()) { ------------------ | Branch (87:7): [True: 0, False: 0] ------------------ 88| 0| return make_extension(oid); 89| 0| } 90| | 91| 0| return nullptr; // unknown 92| 0|} x509_ext.cpp:_ZN5Botan12_GLOBAL__N_114make_extensionITkNSt3__112derived_fromINS_21Certificate_ExtensionEEENS_14Cert_Extension14Subject_Key_IDEEEDaRKNS_3OIDE: 33| 7.04k|auto make_extension([[maybe_unused]] const OID& oid) { 34| 7.04k| BOTAN_DEBUG_ASSERT(oid == T::static_oid()); ------------------ | | 130| 7.04k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 7.04k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 7.04k] | | ------------------ ------------------ 35| 7.04k| return std::make_unique(); 36| 7.04k|} x509_ext.cpp:_ZN5Botan12_GLOBAL__N_114make_extensionITkNSt3__112derived_fromINS_21Certificate_ExtensionEEENS_14Cert_Extension24Subject_Alternative_NameEEEDaRKNS_3OIDE: 33| 7.04k|auto make_extension([[maybe_unused]] const OID& oid) { 34| 7.04k| BOTAN_DEBUG_ASSERT(oid == T::static_oid()); ------------------ | | 130| 7.04k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 7.04k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 7.04k] | | ------------------ ------------------ 35| 7.04k| return std::make_unique(); 36| 7.04k|} x509_ext.cpp:_ZN5Botan12_GLOBAL__N_114make_extensionITkNSt3__112derived_fromINS_21Certificate_ExtensionEEENS_14Cert_Extension17Basic_ConstraintsEEEDaRKNS_3OIDE: 33| 7.04k|auto make_extension([[maybe_unused]] const OID& oid) { 34| 7.04k| BOTAN_DEBUG_ASSERT(oid == T::static_oid()); ------------------ | | 130| 7.04k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 7.04k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 7.04k] | | ------------------ ------------------ 35| 7.04k| return std::make_unique(); 36| 7.04k|} x509_ext.cpp:_ZN5Botan12_GLOBAL__N_114make_extensionITkNSt3__112derived_fromINS_21Certificate_ExtensionEEENS_14Cert_Extension16Authority_Key_IDEEEDaRKNS_3OIDE: 33| 7.04k|auto make_extension([[maybe_unused]] const OID& oid) { 34| 7.04k| BOTAN_DEBUG_ASSERT(oid == T::static_oid()); ------------------ | | 130| 7.04k| do { /* NOLINT(*-avoid-do-while) */ \ | | 131| 7.04k| } while(0) | | ------------------ | | | Branch (131:15): [Folded, False: 7.04k] | | ------------------ ------------------ 35| 7.04k| return std::make_unique(); 36| 7.04k|} _ZN5Botan11X509_Object9load_dataERNS_10DataSourceE: 24| 7.39k|void X509_Object::load_data(DataSource& in) { 25| 7.39k| try { 26| 7.39k| if(ASN1::maybe_BER(in) && !PEM_Code::matches(in)) { ------------------ | Branch (26:10): [True: 300, False: 7.09k] | Branch (26:33): [True: 300, False: 0] ------------------ 27| 300| BER_Decoder dec(in, BER_Decoder::Limits::DER()); 28| 300| decode_from(dec); 29| | // Call to verify_end omitted here since we have to sometimes decode 30| | // multiple certificates encoded sequentially in a DataSource 31| 7.09k| } else { 32| 7.09k| std::string got_label; 33| 7.09k| DataSource_Memory ber(PEM_Code::decode(in, got_label)); 34| | 35| 7.09k| if(got_label != PEM_label()) { ------------------ | Branch (35:13): [True: 0, False: 7.09k] ------------------ 36| 0| bool is_alternate = false; 37| 0| for(const std::string_view alt_label : alternate_PEM_labels()) { ------------------ | Branch (37:50): [True: 0, False: 0] ------------------ 38| 0| if(got_label == alt_label) { ------------------ | Branch (38:19): [True: 0, False: 0] ------------------ 39| 0| is_alternate = true; 40| 0| break; 41| 0| } 42| 0| } 43| | 44| 0| if(!is_alternate) { ------------------ | Branch (44:16): [True: 0, False: 0] ------------------ 45| 0| throw Decoding_Error("Unexpected PEM label for " + PEM_label() + " of " + got_label); 46| 0| } 47| 0| } 48| | 49| 7.09k| BER_Decoder dec(ber, BER_Decoder::Limits::DER()); 50| 7.09k| decode_from(dec); 51| | // Call to verify_end omitted here since we have to sometimes decode 52| | // multiple certificates encoded sequentially in a DataSource 53| 7.09k| } 54| 7.39k| } catch(Decoding_Error& e) { 55| 348| throw Decoding_Error(PEM_label() + " decoding", e); 56| 348| } 57| 7.39k|} _ZNK5Botan11X509_Object9signatureEv: 59| 7.04k|const std::vector& X509_Object::signature() const { 60| 7.04k| if(!m_signed_data) { ------------------ | Branch (60:7): [True: 0, False: 7.04k] ------------------ 61| 0| throw Invalid_State("X509_Object uninitialized"); 62| 0| } 63| 7.04k| return m_signed_data->m_sig; 64| 7.04k|} _ZNK5Botan11X509_Object11signed_bodyEv: 66| 14.1k|const std::vector& X509_Object::signed_body() const { 67| 14.1k| if(!m_signed_data) { ------------------ | Branch (67:7): [True: 0, False: 14.1k] ------------------ 68| 0| throw Invalid_State("X509_Object uninitialized"); 69| 0| } 70| 14.1k| return m_signed_data->m_tbs_bits; 71| 14.1k|} _ZNK5Botan11X509_Object19signature_algorithmEv: 73| 14.0k|const AlgorithmIdentifier& X509_Object::signature_algorithm() const { 74| 14.0k| if(!m_signed_data) { ------------------ | Branch (74:7): [True: 0, False: 14.0k] ------------------ 75| 0| throw Invalid_State("X509_Object uninitialized"); 76| 0| } 77| 14.0k| return m_signed_data->m_sig_algo; 78| 14.0k|} _ZNK5Botan11X509_Object11encode_intoERNS_11DER_EncoderE: 80| 7.04k|void X509_Object::encode_into(DER_Encoder& to) const { 81| 7.04k| to.start_sequence() 82| 7.04k| .start_sequence() 83| 7.04k| .raw_bytes(signed_body()) 84| 7.04k| .end_cons() 85| 7.04k| .encode(signature_algorithm()) 86| 7.04k| .encode(signature(), ASN1_Type::BitString) 87| 7.04k| .end_cons(); 88| 7.04k|} _ZN5Botan11X509_Object11decode_fromERNS_11BER_DecoderE: 93| 7.34k|void X509_Object::decode_from(BER_Decoder& from) { 94| 7.34k| auto data = std::make_shared(); 95| | 96| 7.34k| from.start_sequence() 97| 7.34k| .start_sequence() 98| 7.34k| .raw_bytes(data->m_tbs_bits) 99| 7.34k| .end_cons() 100| 7.34k| .decode(data->m_sig_algo) 101| 7.34k| .decode(data->m_sig, ASN1_Type::BitString) 102| 7.34k| .end_cons(); 103| | 104| 7.34k| m_signed_data = std::move(data); 105| 7.34k| force_decode(); 106| 7.34k|} _ZN5Botan16X509_CertificateD2Ev: 83| 13.8k|X509_Certificate::~X509_Certificate() = default; _ZNK5Botan16X509_Certificate9PEM_labelEv: 85| 7.39k|std::string X509_Certificate::PEM_label() const { 86| 7.39k| return "CERTIFICATE"; 87| 7.39k|} _ZN5Botan16X509_CertificateC2ERNS_10DataSourceE: 93| 7.04k|X509_Certificate::X509_Certificate(DataSource& src) { 94| 7.04k| load_data(src); 95| 7.04k|} _ZN5Botan16X509_CertificateC2ENSt3__14spanIKhLm18446744073709551615EEE: 97| 349|X509_Certificate::X509_Certificate(std::span in) { 98| 349| DataSource_Memory src(in); 99| 349| load_data(src); 100| 349|} _ZN5Botan16X509_Certificate12force_decodeEv: 356| 7.11k|void X509_Certificate::force_decode() { 357| 7.11k| m_data.reset(); 358| 7.11k| m_data = parse_x509_cert_body(*this); 359| 7.11k|} x509cert.cpp:_ZN5Botan12_GLOBAL__N_120parse_x509_cert_bodyERKNS_11X509_ObjectE: 111| 7.11k|std::unique_ptr parse_x509_cert_body(const X509_Object& obj) { 112| 7.11k| auto data = std::make_unique(); 113| | 114| 7.11k| BigInt serial_bn; 115| 7.11k| BER_Object public_key; 116| 7.11k| BER_Object v3_exts_data; 117| | 118| 7.11k| BER_Decoder(obj.signed_body(), BER_Decoder::Limits::DER()) 119| 7.11k| .decode_optional(data->m_version, ASN1_Type(0), ASN1_Class::Constructed | ASN1_Class::ContextSpecific) 120| 7.11k| .decode(serial_bn) 121| 7.11k| .decode(data->m_sig_algo_inner) 122| 7.11k| .decode(data->m_issuer_dn) 123| 7.11k| .start_sequence() 124| 7.11k| .decode(data->m_not_before) 125| 7.11k| .decode(data->m_not_after) 126| 7.11k| .end_cons() 127| 7.11k| .decode(data->m_subject_dn) 128| 7.11k| .get_next(public_key) 129| 7.11k| .decode_optional_string(data->m_v2_issuer_key_id, ASN1_Type::BitString, 1) 130| 7.11k| .decode_optional_string(data->m_v2_subject_key_id, ASN1_Type::BitString, 2) 131| 7.11k| .get_next(v3_exts_data) 132| 7.11k| .verify_end("TBSCertificate has extra data after extensions block"); 133| | 134| 7.11k| if(data->m_version > 2) { ------------------ | Branch (134:7): [True: 0, False: 7.11k] ------------------ 135| 0| throw Decoding_Error("Unknown X.509 cert version " + std::to_string(data->m_version)); 136| 0| } 137| 7.11k| if(obj.signature_algorithm() != data->m_sig_algo_inner) { ------------------ | Branch (137:7): [True: 0, False: 7.11k] ------------------ 138| 0| throw Decoding_Error("X.509 Certificate had differing algorithm identifiers in inner and outer ID fields"); 139| 0| } 140| | 141| 7.11k| public_key.assert_is_a(ASN1_Type::Sequence, ASN1_Class::Constructed, "X.509 certificate public key"); 142| | 143| | // for general sanity convert wire version (0 based) to standards version (v1 .. v3) 144| 7.11k| data->m_version += 1; 145| | 146| 7.11k| data->m_serial = serial_bn.serialize(); 147| | // crude method to save the serial's sign; will get lost during decoding, otherwise 148| 7.11k| data->m_serial_negative = serial_bn.signum() < 0; 149| 7.11k| data->m_subject_dn_bits = ASN1::put_in_sequence(data->m_subject_dn.get_bits()); 150| 7.11k| data->m_issuer_dn_bits = ASN1::put_in_sequence(data->m_issuer_dn.get_bits()); 151| | 152| 7.11k| data->m_subject_public_key_bits.assign(public_key.bits(), public_key.bits() + public_key.length()); 153| | 154| 7.11k| data->m_subject_public_key_bits_seq = ASN1::put_in_sequence(data->m_subject_public_key_bits); 155| | 156| 7.11k| BER_Decoder(data->m_subject_public_key_bits, BER_Decoder::Limits::DER()) 157| 7.11k| .decode(data->m_subject_public_key_algid) 158| 7.11k| .decode(data->m_subject_public_key_bitstring, ASN1_Type::BitString) 159| 7.11k| .verify_end(); 160| | 161| 7.11k| if(v3_exts_data.is_a(3, ASN1_Class::Constructed | ASN1_Class::ContextSpecific)) { ------------------ | Branch (161:7): [True: 7.04k, False: 74] ------------------ 162| | // Path validation will reject a v1/v2 cert with v3 extensions 163| 7.04k| BER_Decoder cert_extensions(v3_exts_data, BER_Decoder::Limits::DER()); 164| 7.04k| data->m_v3_extensions.decode_from(cert_extensions, Extension_Context::Certificate); 165| 7.04k| cert_extensions.verify_end(); 166| 7.04k| } else if(v3_exts_data.is_set()) { ------------------ | Branch (166:14): [True: 0, False: 74] ------------------ 167| 0| throw BER_Bad_Tag("Unknown tag in X.509 cert", v3_exts_data.tagging()); 168| 0| } 169| | 170| | // Now cache some fields from the extensions 171| 7.11k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (171:19): [True: 0, False: 7.11k] ------------------ 172| 0| data->m_key_constraints = ext->get_constraints(); 173| | /* 174| | RFC 5280: When the keyUsage extension appears in a certificate, 175| | at least one of the bits MUST be set to 1. 176| | */ 177| 0| if(data->m_key_constraints.empty()) { ------------------ | Branch (177:10): [True: 0, False: 0] ------------------ 178| 0| throw Decoding_Error("Certificate has invalid encoding for KeyUsage"); 179| 0| } 180| 0| } 181| | 182| 7.11k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (182:19): [True: 7.04k, False: 74] ------------------ 183| 7.04k| data->m_subject_key_id = ext->get_key_id(); 184| 7.04k| } 185| | 186| 7.11k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (186:19): [True: 7.04k, False: 74] ------------------ 187| 7.04k| data->m_authority_key_id = ext->get_key_id(); 188| 7.04k| } 189| | 190| 7.11k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (190:19): [True: 0, False: 7.11k] ------------------ 191| 0| data->m_name_constraints = ext->get_name_constraints(); 192| 0| } 193| | 194| 7.11k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (194:19): [True: 0, False: 7.11k] ------------------ 195| 0| data->m_extended_key_usage = ext->object_identifiers(); 196| | /* 197| | RFC 5280 section 4.2.1.12 198| | 199| | "This extension indicates one or more purposes ..." 200| | 201| | "If the extension is present, then the certificate MUST only be 202| | used for one of the purposes indicated." 203| | 204| | Thus we reject an EKU extension which is empty, since this indicates 205| | the certificate cannot be used for any purpose. 206| | */ 207| 0| if(data->m_extended_key_usage.empty()) { ------------------ | Branch (207:10): [True: 0, False: 0] ------------------ 208| 0| throw Decoding_Error("Certificate has invalid empty EKU extension"); 209| 0| } 210| 0| } 211| | 212| 7.11k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (212:19): [True: 7.04k, False: 74] ------------------ 213| | /* 214| | * RFC 5280 4.2.1.9 requires that conforming CAs "MUST mark the 215| | * extension [basicConstraints] as critical in such certificates" 216| | * but places no such requirement on validators. 217| | */ 218| 7.04k| if(ext->is_ca() == true) { ------------------ | Branch (218:10): [True: 0, False: 7.04k] ------------------ 219| | /* 220| | * RFC 5280 section 4.2.1.3 requires that CAs include KeyUsage in all 221| | * intermediate CA certificates they issue. Currently we accept it being 222| | * missing, as do most other implementations. But it may be worth 223| | * removing this entirely, or alternately adding a warning level 224| | * validation failure for it. 225| | */ 226| 0| const bool allowed_by_ku = 227| 0| data->m_key_constraints.includes(Key_Constraints::KeyCertSign) || data->m_key_constraints.empty(); ------------------ | Branch (227:13): [True: 0, False: 0] | Branch (227:79): [True: 0, False: 0] ------------------ 228| | 229| | /* 230| | * If the extended key usages are set then we must restrict the usage in 231| | * accordance with it as well. 232| | * 233| | * RFC 5280 does not define any extended key usages compatible with certificate 234| | * signing, but some CAs use serverAuth, clientAuth, OCSPSigning, or AnyExtendedKeyUsage 235| | * for this purpose, even though clearly all of these (besides AEKU) are invalid. 236| | * This check at least allows excluding a certificate which is set for only eg 237| | * timestamping or code signing, and that seems about the best we can possibly enforce. 238| | * OpenSSL, BoringSSL, and Go all completely ignore EKUs in determining ability to 239| | * issue certs. 240| | */ 241| 0| const bool allowed_by_ext_ku = [](const std::vector& ext_ku) -> bool { 242| 0| if(ext_ku.empty()) { 243| 0| return true; 244| 0| } 245| | 246| 0| const auto server_auth = OID::from_name("PKIX.ServerAuth"); 247| 0| const auto client_auth = OID::from_name("PKIX.ClientAuth"); 248| 0| const auto ocsp_sign = OID::from_name("PKIX.OCSPSigning"); 249| 0| const auto any_eku = OID::from_name("X509v3.AnyExtendedKeyUsage"); 250| | 251| 0| for(const auto& oid : ext_ku) { 252| 0| if(oid == any_eku || oid == server_auth || oid == client_auth || oid == ocsp_sign) { 253| 0| return true; 254| 0| } 255| 0| } 256| | 257| 0| return false; 258| 0| }(data->m_extended_key_usage); 259| | 260| 0| if(allowed_by_ku && allowed_by_ext_ku) { ------------------ | Branch (260:13): [True: 0, False: 0] | Branch (260:30): [True: 0, False: 0] ------------------ 261| 0| data->m_is_ca_certificate = true; 262| 0| data->m_path_len_constraint = ext->path_length_constraint(); 263| 0| } 264| 0| } 265| 7.04k| } 266| | 267| 7.11k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (267:19): [True: 0, False: 7.11k] ------------------ 268| 0| data->m_issuer_alt_name = ext->get_alt_name(); 269| 0| } 270| | 271| 7.11k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (271:19): [True: 7.04k, False: 74] ------------------ 272| 7.04k| data->m_subject_alt_name = ext->get_alt_name(); 273| 7.04k| } 274| | 275| | // This will be set even if SAN parsing failed entirely eg due to a decoding error 276| | // or if the SAN is empty. This is used to guard against using the CN for domain 277| | // name checking. 278| 7.11k| const auto san_oid = OID::from_string("X509v3.SubjectAlternativeName"); 279| 7.11k| data->m_subject_alt_name_exists = data->m_v3_extensions.extension_set(san_oid); 280| | 281| 7.11k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (281:19): [True: 0, False: 7.11k] ------------------ 282| 0| data->m_cert_policies = ext->get_policy_oids(); 283| 0| } 284| | 285| 7.11k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (285:19): [True: 0, False: 7.11k] ------------------ 286| 0| data->m_ocsp_responders = ext->ocsp_responder_uris(); 287| 0| data->m_ca_issuers = ext->ca_issuer_uris(); 288| 0| } 289| | 290| 7.11k| if(const auto* ext = data->m_v3_extensions.get_extension_object_as()) { ------------------ | Branch (290:19): [True: 0, False: 7.11k] ------------------ 291| 0| data->m_crl_distribution_points = ext->crl_distribution_point_uris(); 292| 0| } 293| | 294| | /* 295| | Determine if this certificate appears to be self-issued (subject == issuer). 296| | This is only a heuristic used for path building so it's ok it is not precise. 297| | The self-signature is verified during path validation. 298| | */ 299| 7.11k| if(data->m_subject_dn == data->m_issuer_dn) { ------------------ | Branch (299:7): [True: 7.04k, False: 74] ------------------ 300| 7.04k| if(!data->m_subject_key_id.empty() && !data->m_authority_key_id.empty()) { ------------------ | Branch (300:10): [True: 7.04k, False: 0] | Branch (300:45): [True: 7.04k, False: 0] ------------------ 301| | /* 302| | Both SKID and AKID are set so we can reliably determine self-signed vs 303| | self-issued by comparing the two 304| | */ 305| 7.04k| data->m_self_signed = (data->m_subject_key_id == data->m_authority_key_id); 306| 7.04k| } else { 307| | /* 308| | Without both SKID and AKID we can't determine with certainty. Assume 309| | self-signed since that's by far the common case. 310| | */ 311| 0| data->m_self_signed = true; 312| 0| } 313| 7.04k| } 314| | 315| 7.11k| const std::vector full_encoding = obj.BER_encode(); 316| | 317| 7.11k| if(auto sha1 = HashFunction::create("SHA-1")) { ------------------ | Branch (317:12): [True: 7.04k, False: 74] ------------------ 318| 7.04k| sha1->update(data->m_subject_public_key_bitstring); 319| 7.04k| data->m_subject_public_key_bitstring_sha1 = sha1->final_stdvec(); 320| | // otherwise left as empty, and we will throw if subject_public_key_bitstring_sha1 is called 321| | 322| 7.04k| sha1->update(full_encoding); 323| 7.04k| sha1->final(data->m_cert_data_sha1); 324| 7.04k| data->m_fingerprint_sha1 = format_hex_fingerprint(data->m_cert_data_sha1); 325| | 326| 7.04k| sha1->update(data->m_issuer_dn_bits); 327| 7.04k| sha1->final(data->m_issuer_dn_bits_sha1); 328| | 329| 7.04k| sha1->update(data->m_subject_dn_bits); 330| 7.04k| sha1->final(data->m_subject_dn_bits_sha1); 331| 7.04k| } 332| | 333| | // SHA-256 is a hard dependency of this module 334| 7.11k| auto sha256 = HashFunction::create_or_throw("SHA-256"); 335| 7.11k| sha256->update(data->m_issuer_dn_bits); 336| 7.11k| data->m_issuer_dn_bits_sha256 = sha256->final_stdvec(); 337| | 338| 7.11k| sha256->update(data->m_subject_dn_bits); 339| 7.11k| data->m_subject_dn_bits_sha256 = sha256->final_stdvec(); 340| | 341| 7.11k| sha256->update(full_encoding); 342| 7.11k| sha256->final(data->m_cert_data_sha256); 343| 7.11k| data->m_fingerprint_sha256 = format_hex_fingerprint(data->m_cert_data_sha256); 344| | 345| 7.11k| sha256->update(data->m_subject_public_key_bitstring); 346| 7.11k| sha256->final(data->m_subject_public_key_bitstring_sha256); 347| | 348| 7.11k| return data; 349| 7.11k|}