fuzz_early_setup: 23| 2|void fuzz_early_setup(void) { 24| | /* Set stderr to point to normal stderr by default */ 25| 2| fuzz.fake_stderr = stderr; 26| 2|} fuzz_common_setup: 28| 1|void fuzz_common_setup(void) { 29| 1| disallow_core(); 30| 1| fuzz.fuzzing = 1; 31| 1| fuzz.wrapfds = 1; 32| 1| fuzz.do_jmp = 1; 33| 1| fuzz.input = m_malloc(sizeof(buffer)); 34| 1| _dropbear_log = fuzz_dropbear_log; 35| 1| crypto_init(); 36| 1| fuzz_seed("start", 5); 37| | /* let any messages get flushed */ 38| 1| setlinebuf(stdout); 39| |#if DEBUG_TRACE 40| | if (debug_trace) 41| | { 42| | fprintf(stderr, "Dropbear fuzzer: -v specified, not disabling stderr output\n"); 43| | } 44| | else 45| |#endif 46| 1| if (getenv("DROPBEAR_KEEP_STDERR")) { ------------------ | Branch (46:9): [True: 0, False: 1] ------------------ 47| 0| fprintf(stderr, "Dropbear fuzzer: DROPBEAR_KEEP_STDERR, not disabling stderr output\n"); 48| 0| } 49| 1| else 50| 1| { 51| 1| fprintf(stderr, "Dropbear fuzzer: Disabling stderr output\n"); 52| 1| fuzz.fake_stderr = fopen("/dev/null", "w"); 53| 1| assert(fuzz.fake_stderr); 54| 1| } 55| 1|} fuzz_set_input: 57| 3.51k|int fuzz_set_input(const uint8_t *Data, size_t Size) { 58| | 59| 3.51k| fuzz.input->data = (unsigned char*)Data; 60| 3.51k| fuzz.input->size = Size; 61| 3.51k| fuzz.input->len = Size; 62| 3.51k| fuzz.input->pos = 0; 63| | 64| 3.51k| memset(&ses, 0x0, sizeof(ses)); 65| 3.51k| memset(&svr_ses, 0x0, sizeof(svr_ses)); 66| 3.51k| memset(&cli_ses, 0x0, sizeof(cli_ses)); 67| 3.51k| wrapfd_setup(fuzz.input); 68| | // printhex("input", fuzz.input->data, fuzz.input->len); 69| | 70| 3.51k| fuzz_seed(fuzz.input->data, MIN(fuzz.input->len, 16)); 71| | 72| 3.51k| return DROPBEAR_SUCCESS; ------------------ | | 102| 3.51k|#define DROPBEAR_SUCCESS 0 ------------------ 73| 3.51k|} fuzz_cli_setup: 112| 1|void fuzz_cli_setup(void) { 113| 1| fuzz_common_setup(); 114| | 115| 1| _dropbear_exit = cli_dropbear_exit; 116| 1| _dropbear_log = cli_dropbear_log; 117| | 118| 1| char *argv[] = { 119| 1| "dbclient", 120| 1| "-y", 121| 1| "localhost", 122| 1| "uptime" 123| 1| }; 124| | 125| 1| int argc = sizeof(argv) / sizeof(*argv); 126| 1| cli_getopts(argc, argv); 127| | 128| 1| load_fixed_client_key(); 129| | /* Avoid password prompt */ 130| 1| setenv(DROPBEAR_PASSWORD_ENV, "password", 1); ------------------ | | 105| 1|#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD" ------------------ 131| 1|} fuzz_kex_fakealgos: 197| 2.46k|void fuzz_kex_fakealgos(void) { 198| 2.46k| ses.newkeys->recv.crypt_mode = &dropbear_mode_none; 199| 2.46k| ses.newkeys->recv.algo_mac = &dropbear_nohash; 200| 2.46k|} fuzz_run_client: 299| 3.51k|int fuzz_run_client(const uint8_t *Data, size_t Size, int skip_kexmaths) { 300| 3.51k| static int once = 0; 301| 3.51k| if (!once) { ------------------ | Branch (301:9): [True: 1, False: 3.51k] ------------------ 302| 1| fuzz_cli_setup(); 303| 1| fuzz.skip_kexmaths = skip_kexmaths; 304| 1| once = 1; 305| 1| } 306| | 307| 3.51k| if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { ------------------ | | 103| 3.51k|#define DROPBEAR_FAILURE -1 ------------------ | Branch (307:9): [True: 0, False: 3.51k] ------------------ 308| 0| return 0; 309| 0| } 310| | 311| | // Allow to proceed sooner 312| 3.51k| ses.kexstate.donefirstkex = 1; 313| | 314| 3.51k| uint32_t wrapseed; 315| 3.51k| genrandom((void*)&wrapseed, sizeof(wrapseed)); 316| 3.51k| wrapfd_setseed(wrapseed); 317| | 318| 3.51k| int fakesock = wrapfd_new_fuzzinput(); 319| | 320| 3.51k| m_malloc_set_epoch(1); 321| 3.51k| fuzz.do_jmp = 1; 322| 3.51k| if (setjmp(fuzz.jmp) == 0) { ------------------ | Branch (322:9): [True: 3.51k, False: 0] ------------------ 323| 3.51k| cli_session(fakesock, fakesock, NULL, 0); 324| 0| m_malloc_free_epoch(1, 0); 325| 0| } else { 326| 0| fuzz.do_jmp = 0; 327| 0| m_malloc_free_epoch(1, 1); 328| 0| TRACE(("dropbear_exit longjmped")) 329| | /* dropbear_exit jumped here */ 330| 0| } 331| | 332| 0| return 0; 333| 3.51k|} fuzz_dump: 345| 107k|void fuzz_dump(const unsigned char* data, size_t len) { 346| 107k| if (fuzz.dumping) { ------------------ | Branch (346:9): [True: 0, False: 107k] ------------------ 347| 0| TRACE(("dump %zu", len)) 348| 0| assert(atomicio(vwrite, fuzz.recv_dumpfd, (void*)data, len) == len); 349| 0| } 350| 107k|} fuzz_getpwuid: 386| 1|struct passwd* fuzz_getpwuid(uid_t uid) { 387| 1| if (!fuzz.fuzzing) { ------------------ | Branch (387:9): [True: 0, False: 1] ------------------ 388| 0| return getpwuid(uid); 389| 0| } 390| 1| if (uid == pwd_other.pw_uid) { ------------------ | Branch (390:9): [True: 0, False: 1] ------------------ 391| 0| return &pwd_other; 392| 0| } 393| 1| if (uid == pwd_root.pw_uid) { ------------------ | Branch (393:9): [True: 1, False: 0] ------------------ 394| 1| return &pwd_root; 395| 1| } 396| 0| return NULL; 397| 1|} fuzz-common.c:load_fixed_client_key: 135| 1|static void load_fixed_client_key(void) { 136| | 137| 1| buffer *b = buf_new(3000); 138| 1| sign_key *key; 139| 1| enum signkey_type keytype; 140| | 141| 1| key = new_sign_key(); 142| 1| keytype = DROPBEAR_SIGNKEY_ANY; 143| 1| buf_putbytes(b, keyed25519, keyed25519_len); 144| 1| buf_setpos(b, 0); 145| 1| if (buf_get_priv_key(b, key, &keytype) == DROPBEAR_FAILURE) { ------------------ | | 103| 1|#define DROPBEAR_FAILURE -1 ------------------ | Branch (145:9): [True: 0, False: 1] ------------------ 146| 0| dropbear_exit("failed fixed ed25519 hostkey"); 147| 0| } 148| 1| list_append(cli_opts.privkeys, key); 149| | 150| 1| buf_free(b); 151| 1|} fuzz-sshpacketmutator.c:alloc_static_buffers: 126| 2|static void alloc_static_buffers() { 127| | 128| 2| int i; 129| 2| oup = buf_new(MAX_OUT_SIZE); 130| 2| alloc_packetA = buf_new(RECV_MAX_PACKET_LEN); ------------------ | | 215| 2|#define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100))) ------------------ 131| 2| alloc_packetB = buf_new(RECV_MAX_PACKET_LEN); ------------------ | | 215| 2|#define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100))) ------------------ 132| | 133| 1.00k| for (i = 0; i < MAX_FUZZ_PACKETS; i++) { ------------------ | | 20| 1.00k|#define MAX_FUZZ_PACKETS 500 ------------------ | Branch (133:17): [True: 1.00k, False: 2] ------------------ 134| 1.00k| packets1[i] = buf_new(RECV_MAX_PACKET_LEN); ------------------ | | 215| 1.00k|#define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100))) ------------------ 135| 1.00k| } 136| 1.00k| for (i = 0; i < MAX_FUZZ_PACKETS; i++) { ------------------ | | 20| 1.00k|#define MAX_FUZZ_PACKETS 500 ------------------ | Branch (136:17): [True: 1.00k, False: 2] ------------------ 137| 1.00k| packets2[i] = buf_new(RECV_MAX_PACKET_LEN); ------------------ | | 215| 1.00k|#define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100))) ------------------ 138| 1.00k| } 139| 2|} wrapfd_setup: 32| 3.51k|void wrapfd_setup(buffer *buf) { 33| 3.51k| TRACE(("wrapfd_setup")) 34| | 35| | // clean old ones 36| 3.51k| int i; 37| 28.1k| for (i = 0; i <= wrapfd_maxfd; i++) { ------------------ | Branch (37:14): [True: 24.6k, False: 3.51k] ------------------ 38| 24.6k| if (wrap_fds[i].mode != UNUSED) { ------------------ | Branch (38:7): [True: 2.69k, False: 21.9k] ------------------ 39| 2.69k| wrapfd_remove(i); 40| 2.69k| } 41| 24.6k| } 42| 3.51k| wrapfd_maxfd = -1; 43| | 44| 3.51k| memset(rand_state, 0x0, sizeof(rand_state)); 45| 3.51k| wrapfd_setseed(50); 46| 3.51k| input_buf = buf; 47| 3.51k|} wrapfd_setseed: 49| 7.03k|void wrapfd_setseed(uint32_t seed) { 50| 7.03k| memcpy(rand_state, &seed, sizeof(seed)); 51| 7.03k| nrand48(rand_state); 52| 7.03k|} wrapfd_new_fuzzinput: 54| 3.51k|int wrapfd_new_fuzzinput() { 55| 3.51k| if (devnull_fd == -1) { ------------------ | Branch (55:6): [True: 1, False: 3.51k] ------------------ 56| 1| devnull_fd = open("/dev/null", O_RDONLY); 57| 1| assert(devnull_fd != -1); 58| 1| } 59| | 60| 3.51k| int fd = dup(devnull_fd); 61| 3.51k| assert(fd != -1); 62| 3.51k| assert(wrap_fds[fd].mode == UNUSED); 63| 3.51k| wrap_fds[fd].mode = COMMONBUF; 64| 3.51k| wrap_fds[fd].closein = 0; 65| 3.51k| wrap_fds[fd].closeout = 0; 66| 3.51k| wrapfd_maxfd = MAX(fd, wrapfd_maxfd); 67| | 68| 3.51k| return fd; 69| 3.51k|} wrapfd_close: 105| 12.1k|int wrapfd_close(int fd) { 106| 12.1k| if (fd >= 0 && fd <= IOWRAP_MAXFD && wrap_fds[fd].mode != UNUSED) { ------------------ | | 9| 24.3k|#define IOWRAP_MAXFD (FD_SETSIZE-1) ------------------ | Branch (106:6): [True: 12.1k, False: 0] | Branch (106:17): [True: 12.1k, False: 0] | Branch (106:39): [True: 822, False: 11.3k] ------------------ 107| 822| wrapfd_remove(fd); 108| 822| return 0; 109| 11.3k| } else { 110| 11.3k| return close(fd); 111| 11.3k| } 112| 12.1k|} wrapfd_read: 114| 187k|int wrapfd_read(int fd, void *out, size_t count) { 115| 187k| size_t maxread; 116| | 117| 187k| if (!fuzz.wrapfds) { ------------------ | Branch (117:6): [True: 0, False: 187k] ------------------ 118| 0| return read(fd, out, count); 119| 0| } 120| | 121| 187k| if (fd < 0 || fd > IOWRAP_MAXFD || wrap_fds[fd].mode == UNUSED) { ------------------ | | 9| 374k|#define IOWRAP_MAXFD (FD_SETSIZE-1) ------------------ | Branch (121:6): [True: 0, False: 187k] | Branch (121:16): [True: 0, False: 187k] | Branch (121:37): [True: 0, False: 187k] ------------------ 122| | /* XXX - assertion failure? */ 123| 0| TRACE(("Bad read descriptor %d\n", fd)) 124| 0| errno = EBADF; 125| 0| return -1; 126| 0| } 127| | 128| 187k| assert(count != 0); 129| | 130| 187k| if (wrap_fds[fd].closein || erand48(rand_state) < CHANCE_CLOSE) { ------------------ | Branch (130:6): [True: 0, False: 187k] | Branch (130:30): [True: 20, False: 187k] ------------------ 131| 20| wrap_fds[fd].closein = 1; 132| 20| errno = ECONNRESET; 133| 20| return -1; 134| 20| } 135| | 136| 187k| if (erand48(rand_state) < CHANCE_INTR) { ------------------ | Branch (136:6): [True: 251, False: 186k] ------------------ 137| 251| errno = EINTR; 138| 251| return -1; 139| 251| } 140| | 141| 186k| if (input_buf && wrap_fds[fd].mode == COMMONBUF) { ------------------ | Branch (141:6): [True: 186k, False: 0] | Branch (141:19): [True: 186k, False: 0] ------------------ 142| 186k| maxread = MIN(input_buf->len - input_buf->pos, count); 143| | /* returns 0 if buf is EOF, as intended */ 144| 186k| if (maxread > 0) { ------------------ | Branch (144:7): [True: 183k, False: 3.87k] ------------------ 145| 183k| maxread = nrand48(rand_state) % maxread + 1; 146| 183k| } 147| 186k| memcpy(out, buf_getptr(input_buf, maxread), maxread); 148| 186k| buf_incrpos(input_buf, maxread); 149| 186k| return maxread; 150| 186k| } 151| | 152| | // return fixed output, of random length 153| 0| maxread = MIN(MAX_RANDOM_IN, count); 154| 0| maxread = nrand48(rand_state) % maxread + 1; 155| 0| memset(out, 0xef, maxread); 156| 0| return maxread; 157| 186k|} wrapfd_select: 196| 196k| fd_set *exceptfds, struct timeval *timeout) { 197| 196k| int i, nset, sel; 198| 196k| int ret = 0; 199| 196k| int fdlist[IOWRAP_MAXFD+1]; 200| | 201| 196k| if (!fuzz.wrapfds) { ------------------ | Branch (201:6): [True: 0, False: 196k] ------------------ 202| 0| return select(nfds, readfds, writefds, exceptfds, timeout); 203| 0| } 204| | 205| 196k| assert(nfds <= IOWRAP_MAXFD+1); 206| | 207| 196k| if (erand48(rand_state) < CHANCE_INTR) { ------------------ | Branch (207:6): [True: 282, False: 196k] ------------------ 208| 282| errno = EINTR; 209| 282| return -1; 210| 282| } 211| | 212| | /* read */ 213| 196k| if (readfds != NULL && erand48(rand_state) < CHANCE_READ1) { ------------------ | Branch (213:6): [True: 196k, False: 0] | Branch (213:25): [True: 186k, False: 9.20k] ------------------ 214| 1.49M| for (i = 0, nset = 0; i < nfds; i++) { ------------------ | Branch (214:25): [True: 1.30M, False: 186k] ------------------ 215| 1.30M| if (FD_ISSET(i, readfds)) { 216| 176k| assert(wrap_fds[i].mode != UNUSED); 217| 176k| fdlist[nset] = i; 218| 176k| nset++; 219| 176k| } 220| 1.30M| } 221| 186k| DROPBEAR_FD_ZERO(readfds); ------------------ | | 104| 186k|#define DROPBEAR_FD_ZERO(fds) FD_ZERO(fds) ------------------ 222| | 223| 186k| if (nset > 0) { ------------------ | Branch (223:7): [True: 176k, False: 10.3k] ------------------ 224| | /* set one */ 225| 176k| sel = fdlist[nrand48(rand_state) % nset]; 226| 176k| FD_SET(sel, readfds); 227| 176k| ret++; 228| | 229| 176k| if (erand48(rand_state) < CHANCE_READ2) { ------------------ | Branch (229:8): [True: 80.3k, False: 96.3k] ------------------ 230| 80.3k| sel = fdlist[nrand48(rand_state) % nset]; 231| 80.3k| if (!FD_ISSET(sel, readfds)) { ------------------ | Branch (231:9): [True: 0, False: 80.3k] ------------------ 232| 0| FD_SET(sel, readfds); 233| 0| ret++; 234| 0| } 235| 80.3k| } 236| 176k| } 237| 186k| } 238| | 239| | /* write */ 240| 196k| if (writefds != NULL && erand48(rand_state) < CHANCE_WRITE1) { ------------------ | Branch (240:6): [True: 107k, False: 89.0k] | Branch (240:26): [True: 103k, False: 3.36k] ------------------ 241| 830k| for (i = 0, nset = 0; i < nfds; i++) { ------------------ | Branch (241:25): [True: 726k, False: 103k] ------------------ 242| 726k| if (FD_ISSET(i, writefds)) { 243| 10.2k| assert(wrap_fds[i].mode != UNUSED); 244| 10.2k| fdlist[nset] = i; 245| 10.2k| nset++; 246| 10.2k| } 247| 726k| } 248| 103k| DROPBEAR_FD_ZERO(writefds); ------------------ | | 104| 103k|#define DROPBEAR_FD_ZERO(fds) FD_ZERO(fds) ------------------ 249| | 250| | /* set one */ 251| 103k| if (nset > 0) { ------------------ | Branch (251:7): [True: 10.2k, False: 93.5k] ------------------ 252| 10.2k| sel = fdlist[nrand48(rand_state) % nset]; 253| 10.2k| FD_SET(sel, writefds); 254| 10.2k| ret++; 255| | 256| 10.2k| if (erand48(rand_state) < CHANCE_WRITE2) { ------------------ | Branch (256:8): [True: 4.06k, False: 6.19k] ------------------ 257| 4.06k| sel = fdlist[nrand48(rand_state) % nset]; 258| 4.06k| if (!FD_ISSET(sel, writefds)) { ------------------ | Branch (258:9): [True: 0, False: 4.06k] ------------------ 259| 0| FD_SET(sel, writefds); 260| 0| ret++; 261| 0| } 262| 4.06k| } 263| 10.2k| } 264| 103k| } 265| 196k| return ret; 266| 196k|} fuzz-wrapfd.c:wrapfd_remove: 96| 3.51k|static void wrapfd_remove(int fd) { 97| 3.51k| TRACE(("wrapfd_remove %d", fd)) 98| 3.51k| assert(fd >= 0); 99| 3.51k| assert(fd <= IOWRAP_MAXFD); 100| 3.51k| assert(wrap_fds[fd].mode != UNUSED); 101| 3.51k| wrap_fds[fd].mode = UNUSED; 102| 3.51k| close(fd); 103| 3.51k|} LLVMFuzzerTestOneInput: 3| 3.51k|int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { 4| 3.51k| return fuzz_run_client(Data, Size, 0); 5| 3.51k|} sha1_init: 164| 995|{ 165| 995| LTC_ARGCHK(md != NULL); ------------------ | | 32| 995|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 995] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 166| 995| md->sha1.state[0] = 0x67452301UL; 167| 995| md->sha1.state[1] = 0xefcdab89UL; 168| 995| md->sha1.state[2] = 0x98badcfeUL; 169| 995| md->sha1.state[3] = 0x10325476UL; 170| 995| md->sha1.state[4] = 0xc3d2e1f0UL; 171| 995| md->sha1.curlen = 0; 172| 995| md->sha1.length = 0; 173| 995| return CRYPT_OK; 174| 995|} sha1_done: 192| 995|{ 193| 995| int i; 194| | 195| 995| LTC_ARGCHK(md != NULL); ------------------ | | 32| 995|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 995] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 196| 995| LTC_ARGCHK(out != NULL); ------------------ | | 32| 995|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 995] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 197| | 198| 995| if (md->sha1.curlen >= sizeof(md->sha1.buf)) { ------------------ | Branch (198:9): [True: 0, False: 995] ------------------ 199| 0| return CRYPT_INVALID_ARG; 200| 0| } 201| | 202| | /* increase the length of the message */ 203| 995| md->sha1.length += md->sha1.curlen * 8; 204| | 205| | /* append the '1' bit */ 206| 995| md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80; 207| | 208| | /* if the length is currently above 56 bytes we append zeros 209| | * then compress. Then we can fall back to padding zeros and length 210| | * encoding like normal. 211| | */ 212| 995| if (md->sha1.curlen > 56) { ------------------ | Branch (212:9): [True: 46, False: 949] ------------------ 213| 233| while (md->sha1.curlen < 64) { ------------------ | Branch (213:16): [True: 187, False: 46] ------------------ 214| 187| md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; 215| 187| } 216| 46| sha1_compress(md, md->sha1.buf); 217| 46| md->sha1.curlen = 0; 218| 46| } 219| | 220| | /* pad upto 56 bytes of zeroes */ 221| 31.0k| while (md->sha1.curlen < 56) { ------------------ | Branch (221:12): [True: 30.0k, False: 995] ------------------ 222| 30.0k| md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; 223| 30.0k| } 224| | 225| | /* store length */ 226| 995| STORE64H(md->sha1.length, md->sha1.buf+56); ------------------ | | 101| 995|#define STORE64H(x, y) \ | | 102| 995|do { ulong64 __t = __builtin_bswap64 ((x)); \ | | 103| 995| XMEMCPY ((y), &__t, 8); } while(0) | | ------------------ | | | | 39| 995|#define XMEMCPY memcpy | | ------------------ | | | Branch (103:39): [Folded - Ignored] | | ------------------ ------------------ 227| 995| sha1_compress(md, md->sha1.buf); 228| | 229| | /* copy output */ 230| 5.97k| for (i = 0; i < 5; i++) { ------------------ | Branch (230:17): [True: 4.97k, False: 995] ------------------ 231| 4.97k| STORE32H(md->sha1.state[i], out+(4*i)); ------------------ | | 62| 4.97k|#define STORE32H(x, y) \ | | 63| 4.97k|do { ulong32 __t = __builtin_bswap32 ((x)); \ | | 64| 4.97k| XMEMCPY ((y), &__t, 4); } while(0) | | ------------------ | | | | 39| 4.97k|#define XMEMCPY memcpy | | ------------------ | | | Branch (64:39): [Folded - Ignored] | | ------------------ ------------------ 232| 4.97k| } 233| |#ifdef LTC_CLEAN_STACK 234| | zeromem(md, sizeof(hash_state)); 235| |#endif 236| 995| return CRYPT_OK; 237| 995|} sha1.c:sha1_compress: 47| 17.7k|{ 48| 17.7k| ulong32 a,b,c,d,e,W[80],i; 49| 17.7k|#ifdef LTC_SMALL_CODE 50| 17.7k| ulong32 t; 51| 17.7k|#endif 52| | 53| | /* copy the state into 512-bits into W[0..15] */ 54| 302k| for (i = 0; i < 16; i++) { ------------------ | Branch (54:17): [True: 284k, False: 17.7k] ------------------ 55| 284k| LOAD32H(W[i], buf + (4*i)); ------------------ | | 66| 284k|#define LOAD32H(x, y) \ | | 67| 284k|do { XMEMCPY (&(x), (y), 4); \ | | ------------------ | | | | 39| 284k|#define XMEMCPY memcpy | | ------------------ | | 68| 284k| (x) = __builtin_bswap32 ((x)); } while(0) | | ------------------ | | | Branch (68:46): [Folded - Ignored] | | ------------------ ------------------ 56| 284k| } 57| | 58| | /* copy state */ 59| 17.7k| a = md->sha1.state[0]; 60| 17.7k| b = md->sha1.state[1]; 61| 17.7k| c = md->sha1.state[2]; 62| 17.7k| d = md->sha1.state[3]; 63| 17.7k| e = md->sha1.state[4]; 64| | 65| | /* expand it */ 66| 1.15M| for (i = 16; i < 80; i++) { ------------------ | Branch (66:18): [True: 1.13M, False: 17.7k] ------------------ 67| 1.13M| W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1); 68| 1.13M| } 69| | 70| | /* compress */ 71| | /* round one */ 72| 17.7k| #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30); 73| 17.7k| #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30); 74| 17.7k| #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30); 75| 17.7k| #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30); 76| | 77| 17.7k|#ifdef LTC_SMALL_CODE 78| | 79| 373k| for (i = 0; i < 20; ) { ------------------ | Branch (79:17): [True: 355k, False: 17.7k] ------------------ 80| 355k| FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; ------------------ | | 72| 355k| #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30); | | ------------------ | | | | 275| 355k|#define ROLc(word,i) ({ \ | | | | 276| 355k| ulong32 __ROLc_tmp = (word); \ | | | | 277| 355k| __asm__ ("roll %2, %0" : \ | | | | 278| 355k| "=r" (__ROLc_tmp) : \ | | | | 279| 355k| "0" (__ROLc_tmp), \ | | | | 280| 355k| "I" (i)); \ | | | | 281| 355k| __ROLc_tmp; \ | | | | 282| 355k| }) | | ------------------ | | #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30); | | ------------------ | | | | 37| 355k|#define F0(x,y,z) (z ^ (x & (y ^ z))) | | ------------------ | | #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30); | | ------------------ | | | | 275| 355k|#define ROLc(word,i) ({ \ | | | | 276| 355k| ulong32 __ROLc_tmp = (word); \ | | | | 277| 355k| __asm__ ("roll %2, %0" : \ | | | | 278| 355k| "=r" (__ROLc_tmp) : \ | | | | 279| 355k| "0" (__ROLc_tmp), \ | | | | 280| 355k| "I" (i)); \ | | | | 281| 355k| __ROLc_tmp; \ | | | | 282| 355k| }) | | ------------------ ------------------ 81| 355k| } 82| | 83| 373k| for (; i < 40; ) { ------------------ | Branch (83:12): [True: 355k, False: 17.7k] ------------------ 84| 355k| FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; ------------------ | | 73| 355k| #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30); | | ------------------ | | | | 275| 355k|#define ROLc(word,i) ({ \ | | | | 276| 355k| ulong32 __ROLc_tmp = (word); \ | | | | 277| 355k| __asm__ ("roll %2, %0" : \ | | | | 278| 355k| "=r" (__ROLc_tmp) : \ | | | | 279| 355k| "0" (__ROLc_tmp), \ | | | | 280| 355k| "I" (i)); \ | | | | 281| 355k| __ROLc_tmp; \ | | | | 282| 355k| }) | | ------------------ | | #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30); | | ------------------ | | | | 38| 355k|#define F1(x,y,z) (x ^ y ^ z) | | ------------------ | | #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30); | | ------------------ | | | | 275| 355k|#define ROLc(word,i) ({ \ | | | | 276| 355k| ulong32 __ROLc_tmp = (word); \ | | | | 277| 355k| __asm__ ("roll %2, %0" : \ | | | | 278| 355k| "=r" (__ROLc_tmp) : \ | | | | 279| 355k| "0" (__ROLc_tmp), \ | | | | 280| 355k| "I" (i)); \ | | | | 281| 355k| __ROLc_tmp; \ | | | | 282| 355k| }) | | ------------------ ------------------ 85| 355k| } 86| | 87| 373k| for (; i < 60; ) { ------------------ | Branch (87:12): [True: 355k, False: 17.7k] ------------------ 88| 355k| FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; ------------------ | | 74| 355k| #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30); | | ------------------ | | | | 275| 355k|#define ROLc(word,i) ({ \ | | | | 276| 355k| ulong32 __ROLc_tmp = (word); \ | | | | 277| 355k| __asm__ ("roll %2, %0" : \ | | | | 278| 355k| "=r" (__ROLc_tmp) : \ | | | | 279| 355k| "0" (__ROLc_tmp), \ | | | | 280| 355k| "I" (i)); \ | | | | 281| 355k| __ROLc_tmp; \ | | | | 282| 355k| }) | | ------------------ | | #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30); | | ------------------ | | | | 39| 355k|#define F2(x,y,z) ((x & y) | (z & (x | y))) | | ------------------ | | #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30); | | ------------------ | | | | 275| 355k|#define ROLc(word,i) ({ \ | | | | 276| 355k| ulong32 __ROLc_tmp = (word); \ | | | | 277| 355k| __asm__ ("roll %2, %0" : \ | | | | 278| 355k| "=r" (__ROLc_tmp) : \ | | | | 279| 355k| "0" (__ROLc_tmp), \ | | | | 280| 355k| "I" (i)); \ | | | | 281| 355k| __ROLc_tmp; \ | | | | 282| 355k| }) | | ------------------ ------------------ 89| 355k| } 90| | 91| 373k| for (; i < 80; ) { ------------------ | Branch (91:12): [True: 355k, False: 17.7k] ------------------ 92| 355k| FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; ------------------ | | 75| 355k| #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30); | | ------------------ | | | | 275| 355k|#define ROLc(word,i) ({ \ | | | | 276| 355k| ulong32 __ROLc_tmp = (word); \ | | | | 277| 355k| __asm__ ("roll %2, %0" : \ | | | | 278| 355k| "=r" (__ROLc_tmp) : \ | | | | 279| 355k| "0" (__ROLc_tmp), \ | | | | 280| 355k| "I" (i)); \ | | | | 281| 355k| __ROLc_tmp; \ | | | | 282| 355k| }) | | ------------------ | | #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30); | | ------------------ | | | | 40| 355k|#define F3(x,y,z) (x ^ y ^ z) | | ------------------ | | #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30); | | ------------------ | | | | 275| 355k|#define ROLc(word,i) ({ \ | | | | 276| 355k| ulong32 __ROLc_tmp = (word); \ | | | | 277| 355k| __asm__ ("roll %2, %0" : \ | | | | 278| 355k| "=r" (__ROLc_tmp) : \ | | | | 279| 355k| "0" (__ROLc_tmp), \ | | | | 280| 355k| "I" (i)); \ | | | | 281| 355k| __ROLc_tmp; \ | | | | 282| 355k| }) | | ------------------ ------------------ 93| 355k| } 94| | 95| |#else 96| | 97| | for (i = 0; i < 20; ) { 98| | FF0(a,b,c,d,e,i++); 99| | FF0(e,a,b,c,d,i++); 100| | FF0(d,e,a,b,c,i++); 101| | FF0(c,d,e,a,b,i++); 102| | FF0(b,c,d,e,a,i++); 103| | } 104| | 105| | /* round two */ 106| | for (; i < 40; ) { 107| | FF1(a,b,c,d,e,i++); 108| | FF1(e,a,b,c,d,i++); 109| | FF1(d,e,a,b,c,i++); 110| | FF1(c,d,e,a,b,i++); 111| | FF1(b,c,d,e,a,i++); 112| | } 113| | 114| | /* round three */ 115| | for (; i < 60; ) { 116| | FF2(a,b,c,d,e,i++); 117| | FF2(e,a,b,c,d,i++); 118| | FF2(d,e,a,b,c,i++); 119| | FF2(c,d,e,a,b,i++); 120| | FF2(b,c,d,e,a,i++); 121| | } 122| | 123| | /* round four */ 124| | for (; i < 80; ) { 125| | FF3(a,b,c,d,e,i++); 126| | FF3(e,a,b,c,d,i++); 127| | FF3(d,e,a,b,c,i++); 128| | FF3(c,d,e,a,b,i++); 129| | FF3(b,c,d,e,a,i++); 130| | } 131| |#endif 132| | 133| 17.7k| #undef FF0 134| 17.7k| #undef FF1 135| 17.7k| #undef FF2 136| 17.7k| #undef FF3 137| | 138| | /* store */ 139| 17.7k| md->sha1.state[0] = md->sha1.state[0] + a; 140| 17.7k| md->sha1.state[1] = md->sha1.state[1] + b; 141| 17.7k| md->sha1.state[2] = md->sha1.state[2] + c; 142| 17.7k| md->sha1.state[3] = md->sha1.state[3] + d; 143| 17.7k| md->sha1.state[4] = md->sha1.state[4] + e; 144| | 145| 17.7k| return CRYPT_OK; 146| 17.7k|} sha256_init: 205| 51.7k|{ 206| 51.7k| LTC_ARGCHK(md != NULL); ------------------ | | 32| 51.7k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 51.7k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 207| | 208| 51.7k| md->sha256.curlen = 0; 209| 51.7k| md->sha256.length = 0; 210| 51.7k| md->sha256.state[0] = 0x6A09E667UL; 211| 51.7k| md->sha256.state[1] = 0xBB67AE85UL; 212| 51.7k| md->sha256.state[2] = 0x3C6EF372UL; 213| 51.7k| md->sha256.state[3] = 0xA54FF53AUL; 214| 51.7k| md->sha256.state[4] = 0x510E527FUL; 215| 51.7k| md->sha256.state[5] = 0x9B05688CUL; 216| 51.7k| md->sha256.state[6] = 0x1F83D9ABUL; 217| 51.7k| md->sha256.state[7] = 0x5BE0CD19UL; 218| 51.7k| return CRYPT_OK; 219| 51.7k|} sha256_done: 237| 51.7k|{ 238| 51.7k| int i; 239| | 240| 51.7k| LTC_ARGCHK(md != NULL); ------------------ | | 32| 51.7k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 51.7k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 241| 51.7k| LTC_ARGCHK(out != NULL); ------------------ | | 32| 51.7k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 51.7k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 242| | 243| 51.7k| if (md->sha256.curlen >= sizeof(md->sha256.buf)) { ------------------ | Branch (243:9): [True: 0, False: 51.7k] ------------------ 244| 0| return CRYPT_INVALID_ARG; 245| 0| } 246| | 247| | 248| | /* increase the length of the message */ 249| 51.7k| md->sha256.length += md->sha256.curlen * 8; 250| | 251| | /* append the '1' bit */ 252| 51.7k| md->sha256.buf[md->sha256.curlen++] = (unsigned char)0x80; 253| | 254| | /* if the length is currently above 56 bytes we append zeros 255| | * then compress. Then we can fall back to padding zeros and length 256| | * encoding like normal. 257| | */ 258| 51.7k| if (md->sha256.curlen > 56) { ------------------ | Branch (258:9): [True: 82, False: 51.6k] ------------------ 259| 364| while (md->sha256.curlen < 64) { ------------------ | Branch (259:16): [True: 282, False: 82] ------------------ 260| 282| md->sha256.buf[md->sha256.curlen++] = (unsigned char)0; 261| 282| } 262| 82| sha256_compress(md, md->sha256.buf); 263| 82| md->sha256.curlen = 0; 264| 82| } 265| | 266| | /* pad upto 56 bytes of zeroes */ 267| 1.08M| while (md->sha256.curlen < 56) { ------------------ | Branch (267:12): [True: 1.03M, False: 51.7k] ------------------ 268| 1.03M| md->sha256.buf[md->sha256.curlen++] = (unsigned char)0; 269| 1.03M| } 270| | 271| | /* store length */ 272| 51.7k| STORE64H(md->sha256.length, md->sha256.buf+56); ------------------ | | 101| 51.7k|#define STORE64H(x, y) \ | | 102| 51.7k|do { ulong64 __t = __builtin_bswap64 ((x)); \ | | 103| 51.7k| XMEMCPY ((y), &__t, 8); } while(0) | | ------------------ | | | | 39| 51.7k|#define XMEMCPY memcpy | | ------------------ | | | Branch (103:39): [Folded - Ignored] | | ------------------ ------------------ 273| 51.7k| sha256_compress(md, md->sha256.buf); 274| | 275| | /* copy output */ 276| 465k| for (i = 0; i < 8; i++) { ------------------ | Branch (276:17): [True: 413k, False: 51.7k] ------------------ 277| 413k| STORE32H(md->sha256.state[i], out+(4*i)); ------------------ | | 62| 413k|#define STORE32H(x, y) \ | | 63| 413k|do { ulong32 __t = __builtin_bswap32 ((x)); \ | | 64| 413k| XMEMCPY ((y), &__t, 4); } while(0) | | ------------------ | | | | 39| 413k|#define XMEMCPY memcpy | | ------------------ | | | Branch (64:39): [Folded - Ignored] | | ------------------ ------------------ 278| 413k| } 279| |#ifdef LTC_CLEAN_STACK 280| | zeromem(md, sizeof(hash_state)); 281| |#endif 282| 51.7k| return CRYPT_OK; 283| 51.7k|} sha256.c:sha256_compress: 71| 78.0k|{ 72| 78.0k| ulong32 S[8], W[64], t0, t1; 73| 78.0k|#ifdef LTC_SMALL_CODE 74| 78.0k| ulong32 t; 75| 78.0k|#endif 76| 78.0k| int i; 77| | 78| | /* copy state into S */ 79| 702k| for (i = 0; i < 8; i++) { ------------------ | Branch (79:17): [True: 624k, False: 78.0k] ------------------ 80| 624k| S[i] = md->sha256.state[i]; 81| 624k| } 82| | 83| | /* copy the state into 512-bits into W[0..15] */ 84| 1.32M| for (i = 0; i < 16; i++) { ------------------ | Branch (84:17): [True: 1.24M, False: 78.0k] ------------------ 85| 1.24M| LOAD32H(W[i], buf + (4*i)); ------------------ | | 66| 1.24M|#define LOAD32H(x, y) \ | | 67| 1.24M|do { XMEMCPY (&(x), (y), 4); \ | | ------------------ | | | | 39| 1.24M|#define XMEMCPY memcpy | | ------------------ | | 68| 1.24M| (x) = __builtin_bswap32 ((x)); } while(0) | | ------------------ | | | Branch (68:46): [Folded - Ignored] | | ------------------ ------------------ 86| 1.24M| } 87| | 88| | /* fill W[16..63] */ 89| 3.82M| for (i = 16; i < 64; i++) { ------------------ | Branch (89:18): [True: 3.74M, False: 78.0k] ------------------ 90| 3.74M| W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; ------------------ | | 63| 3.74M|#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) | | ------------------ | | | | 58| 3.74M|#define S(x, n) RORc((x),(n)) | | | | ------------------ | | | | | | 283| 3.74M|#define RORc(word,i) ({ \ | | | | | | 284| 3.74M| ulong32 __RORc_tmp = (word); \ | | | | | | 285| 3.74M| __asm__ ("rorl %2, %0" : \ | | | | | | 286| 3.74M| "=r" (__RORc_tmp) : \ | | | | | | 287| 3.74M| "0" (__RORc_tmp), \ | | | | | | 288| 3.74M| "I" (i)); \ | | | | | | 289| 3.74M| __RORc_tmp; \ | | | | | | 290| 3.74M| }) | | | | ------------------ | | ------------------ | | #define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) | | ------------------ | | | | 58| 3.74M|#define S(x, n) RORc((x),(n)) | | | | ------------------ | | | | | | 283| 3.74M|#define RORc(word,i) ({ \ | | | | | | 284| 3.74M| ulong32 __RORc_tmp = (word); \ | | | | | | 285| 3.74M| __asm__ ("rorl %2, %0" : \ | | | | | | 286| 3.74M| "=r" (__RORc_tmp) : \ | | | | | | 287| 3.74M| "0" (__RORc_tmp), \ | | | | | | 288| 3.74M| "I" (i)); \ | | | | | | 289| 3.74M| __RORc_tmp; \ | | | | | | 290| 3.74M| }) | | | | ------------------ | | ------------------ | | #define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) | | ------------------ | | | | 59| 3.74M|#define R(x, n) (((x)&0xFFFFFFFFUL)>>(n)) | | ------------------ ------------------ W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; ------------------ | | 62| 3.74M|#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) | | ------------------ | | | | 58| 3.74M|#define S(x, n) RORc((x),(n)) | | | | ------------------ | | | | | | 283| 3.74M|#define RORc(word,i) ({ \ | | | | | | 284| 3.74M| ulong32 __RORc_tmp = (word); \ | | | | | | 285| 3.74M| __asm__ ("rorl %2, %0" : \ | | | | | | 286| 3.74M| "=r" (__RORc_tmp) : \ | | | | | | 287| 3.74M| "0" (__RORc_tmp), \ | | | | | | 288| 3.74M| "I" (i)); \ | | | | | | 289| 3.74M| __RORc_tmp; \ | | | | | | 290| 3.74M| }) | | | | ------------------ | | ------------------ | | #define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) | | ------------------ | | | | 58| 3.74M|#define S(x, n) RORc((x),(n)) | | | | ------------------ | | | | | | 283| 3.74M|#define RORc(word,i) ({ \ | | | | | | 284| 3.74M| ulong32 __RORc_tmp = (word); \ | | | | | | 285| 3.74M| __asm__ ("rorl %2, %0" : \ | | | | | | 286| 3.74M| "=r" (__RORc_tmp) : \ | | | | | | 287| 3.74M| "0" (__RORc_tmp), \ | | | | | | 288| 3.74M| "I" (i)); \ | | | | | | 289| 3.74M| __RORc_tmp; \ | | | | | | 290| 3.74M| }) | | | | ------------------ | | ------------------ | | #define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) | | ------------------ | | | | 59| 3.74M|#define R(x, n) (((x)&0xFFFFFFFFUL)>>(n)) | | ------------------ ------------------ 91| 3.74M| } 92| | 93| | /* Compress */ 94| 78.0k|#ifdef LTC_SMALL_CODE 95| 78.0k|#define RND(a,b,c,d,e,f,g,h,i) \ 96| 78.0k| t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ 97| 78.0k| t1 = Sigma0(a) + Maj(a, b, c); \ 98| 78.0k| d += t0; \ 99| 78.0k| h = t0 + t1; 100| | 101| 5.07M| for (i = 0; i < 64; ++i) { ------------------ | Branch (101:18): [True: 4.99M, False: 78.0k] ------------------ 102| 4.99M| RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i); ------------------ | | 96| 4.99M| t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ | | ------------------ | | | | 61| 4.99M|#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) | | | | ------------------ | | | | | | 58| 4.99M|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 4.99M|#define RORc(word,i) ({ \ | | | | | | | | 284| 4.99M| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 4.99M| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 4.99M| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 4.99M| "0" (__RORc_tmp), \ | | | | | | | | 288| 4.99M| "I" (i)); \ | | | | | | | | 289| 4.99M| __RORc_tmp; \ | | | | | | | | 290| 4.99M| }) | | | | | | ------------------ | | | | ------------------ | | | | #define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) | | | | ------------------ | | | | | | 58| 4.99M|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 4.99M|#define RORc(word,i) ({ \ | | | | | | | | 284| 4.99M| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 4.99M| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 4.99M| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 4.99M| "0" (__RORc_tmp), \ | | | | | | | | 288| 4.99M| "I" (i)); \ | | | | | | | | 289| 4.99M| __RORc_tmp; \ | | | | | | | | 290| 4.99M| }) | | | | | | ------------------ | | | | ------------------ | | | | #define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) | | | | ------------------ | | | | | | 58| 4.99M|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 4.99M|#define RORc(word,i) ({ \ | | | | | | | | 284| 4.99M| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 4.99M| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 4.99M| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 4.99M| "0" (__RORc_tmp), \ | | | | | | | | 288| 4.99M| "I" (i)); \ | | | | | | | | 289| 4.99M| __RORc_tmp; \ | | | | | | | | 290| 4.99M| }) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ | | ------------------ | | | | 56| 4.99M|#define Ch(x,y,z) (z ^ (x & (y ^ z))) | | ------------------ | | 97| 4.99M| t1 = Sigma0(a) + Maj(a, b, c); \ | | ------------------ | | | | 60| 4.99M|#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) | | | | ------------------ | | | | | | 58| 4.99M|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 4.99M|#define RORc(word,i) ({ \ | | | | | | | | 284| 4.99M| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 4.99M| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 4.99M| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 4.99M| "0" (__RORc_tmp), \ | | | | | | | | 288| 4.99M| "I" (i)); \ | | | | | | | | 289| 4.99M| __RORc_tmp; \ | | | | | | | | 290| 4.99M| }) | | | | | | ------------------ | | | | ------------------ | | | | #define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) | | | | ------------------ | | | | | | 58| 4.99M|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 4.99M|#define RORc(word,i) ({ \ | | | | | | | | 284| 4.99M| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 4.99M| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 4.99M| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 4.99M| "0" (__RORc_tmp), \ | | | | | | | | 288| 4.99M| "I" (i)); \ | | | | | | | | 289| 4.99M| __RORc_tmp; \ | | | | | | | | 290| 4.99M| }) | | | | | | ------------------ | | | | ------------------ | | | | #define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) | | | | ------------------ | | | | | | 58| 4.99M|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 4.99M|#define RORc(word,i) ({ \ | | | | | | | | 284| 4.99M| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 4.99M| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 4.99M| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 4.99M| "0" (__RORc_tmp), \ | | | | | | | | 288| 4.99M| "I" (i)); \ | | | | | | | | 289| 4.99M| __RORc_tmp; \ | | | | | | | | 290| 4.99M| }) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | t1 = Sigma0(a) + Maj(a, b, c); \ | | ------------------ | | | | 57| 4.99M|#define Maj(x,y,z) (((x | y) & z) | (x & y)) | | ------------------ | | 98| 4.99M| d += t0; \ | | 99| 4.99M| h = t0 + t1; ------------------ 103| 4.99M| t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4]; 104| 4.99M| S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t; 105| 4.99M| } 106| |#else 107| |#define RND(a,b,c,d,e,f,g,h,i,ki) \ 108| | t0 = h + Sigma1(e) + Ch(e, f, g) + ki + W[i]; \ 109| | t1 = Sigma0(a) + Maj(a, b, c); \ 110| | d += t0; \ 111| | h = t0 + t1; 112| | 113| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],0,0x428a2f98); 114| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],1,0x71374491); 115| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],2,0xb5c0fbcf); 116| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],3,0xe9b5dba5); 117| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],4,0x3956c25b); 118| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],5,0x59f111f1); 119| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],6,0x923f82a4); 120| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],7,0xab1c5ed5); 121| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],8,0xd807aa98); 122| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],9,0x12835b01); 123| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],10,0x243185be); 124| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],11,0x550c7dc3); 125| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],12,0x72be5d74); 126| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],13,0x80deb1fe); 127| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],14,0x9bdc06a7); 128| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],15,0xc19bf174); 129| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],16,0xe49b69c1); 130| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],17,0xefbe4786); 131| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],18,0x0fc19dc6); 132| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],19,0x240ca1cc); 133| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],20,0x2de92c6f); 134| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],21,0x4a7484aa); 135| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],22,0x5cb0a9dc); 136| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],23,0x76f988da); 137| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],24,0x983e5152); 138| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],25,0xa831c66d); 139| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],26,0xb00327c8); 140| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],27,0xbf597fc7); 141| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],28,0xc6e00bf3); 142| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],29,0xd5a79147); 143| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],30,0x06ca6351); 144| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],31,0x14292967); 145| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],32,0x27b70a85); 146| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],33,0x2e1b2138); 147| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],34,0x4d2c6dfc); 148| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],35,0x53380d13); 149| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],36,0x650a7354); 150| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],37,0x766a0abb); 151| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],38,0x81c2c92e); 152| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],39,0x92722c85); 153| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],40,0xa2bfe8a1); 154| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],41,0xa81a664b); 155| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],42,0xc24b8b70); 156| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],43,0xc76c51a3); 157| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],44,0xd192e819); 158| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],45,0xd6990624); 159| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],46,0xf40e3585); 160| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],47,0x106aa070); 161| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],48,0x19a4c116); 162| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],49,0x1e376c08); 163| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],50,0x2748774c); 164| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],51,0x34b0bcb5); 165| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],52,0x391c0cb3); 166| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],53,0x4ed8aa4a); 167| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],54,0x5b9cca4f); 168| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],55,0x682e6ff3); 169| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],56,0x748f82ee); 170| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],57,0x78a5636f); 171| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],58,0x84c87814); 172| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],59,0x8cc70208); 173| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],60,0x90befffa); 174| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],61,0xa4506ceb); 175| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],62,0xbef9a3f7); 176| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],63,0xc67178f2); 177| | 178| |#undef RND 179| | 180| |#endif 181| | 182| | /* feedback */ 183| 702k| for (i = 0; i < 8; i++) { ------------------ | Branch (183:17): [True: 624k, False: 78.0k] ------------------ 184| 624k| md->sha256.state[i] = md->sha256.state[i] + S[i]; 185| 624k| } 186| 78.0k| return CRYPT_OK; 187| 78.0k|} sha512_init: 174| 169|{ 175| 169| LTC_ARGCHK(md != NULL); ------------------ | | 32| 169|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 169] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 176| 169| md->sha512.curlen = 0; 177| 169| md->sha512.length = 0; 178| 169| md->sha512.state[0] = CONST64(0x6a09e667f3bcc908); ------------------ | | 200| 169| #define CONST64(n) n ## ULL ------------------ 179| 169| md->sha512.state[1] = CONST64(0xbb67ae8584caa73b); ------------------ | | 200| 169| #define CONST64(n) n ## ULL ------------------ 180| 169| md->sha512.state[2] = CONST64(0x3c6ef372fe94f82b); ------------------ | | 200| 169| #define CONST64(n) n ## ULL ------------------ 181| 169| md->sha512.state[3] = CONST64(0xa54ff53a5f1d36f1); ------------------ | | 200| 169| #define CONST64(n) n ## ULL ------------------ 182| 169| md->sha512.state[4] = CONST64(0x510e527fade682d1); ------------------ | | 200| 169| #define CONST64(n) n ## ULL ------------------ 183| 169| md->sha512.state[5] = CONST64(0x9b05688c2b3e6c1f); ------------------ | | 200| 169| #define CONST64(n) n ## ULL ------------------ 184| 169| md->sha512.state[6] = CONST64(0x1f83d9abfb41bd6b); ------------------ | | 200| 169| #define CONST64(n) n ## ULL ------------------ 185| 169| md->sha512.state[7] = CONST64(0x5be0cd19137e2179); ------------------ | | 200| 169| #define CONST64(n) n ## ULL ------------------ 186| 169| return CRYPT_OK; 187| 169|} sha512_done: 205| 169|{ 206| 169| int i; 207| | 208| 169| LTC_ARGCHK(md != NULL); ------------------ | | 32| 169|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 169] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 209| 169| LTC_ARGCHK(out != NULL); ------------------ | | 32| 169|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 169] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 210| | 211| 169| if (md->sha512.curlen >= sizeof(md->sha512.buf)) { ------------------ | Branch (211:9): [True: 0, False: 169] ------------------ 212| 0| return CRYPT_INVALID_ARG; 213| 0| } 214| | 215| | /* increase the length of the message */ 216| 169| md->sha512.length += md->sha512.curlen * CONST64(8); ------------------ | | 200| 169| #define CONST64(n) n ## ULL ------------------ 217| | 218| | /* append the '1' bit */ 219| 169| md->sha512.buf[md->sha512.curlen++] = (unsigned char)0x80; 220| | 221| | /* if the length is currently above 112 bytes we append zeros 222| | * then compress. Then we can fall back to padding zeros and length 223| | * encoding like normal. 224| | */ 225| 169| if (md->sha512.curlen > 112) { ------------------ | Branch (225:9): [True: 46, False: 123] ------------------ 226| 388| while (md->sha512.curlen < 128) { ------------------ | Branch (226:16): [True: 342, False: 46] ------------------ 227| 342| md->sha512.buf[md->sha512.curlen++] = (unsigned char)0; 228| 342| } 229| 46| sha512_compress(md, md->sha512.buf); 230| 46| md->sha512.curlen = 0; 231| 46| } 232| | 233| | /* pad upto 120 bytes of zeroes 234| | * note: that from 112 to 120 is the 64 MSB of the length. We assume that you won't hash 235| | * > 2^64 bits of data... :-) 236| | */ 237| 15.5k| while (md->sha512.curlen < 120) { ------------------ | Branch (237:12): [True: 15.3k, False: 169] ------------------ 238| 15.3k| md->sha512.buf[md->sha512.curlen++] = (unsigned char)0; 239| 15.3k| } 240| | 241| | /* store length */ 242| 169| STORE64H(md->sha512.length, md->sha512.buf+120); ------------------ | | 101| 169|#define STORE64H(x, y) \ | | 102| 169|do { ulong64 __t = __builtin_bswap64 ((x)); \ | | 103| 169| XMEMCPY ((y), &__t, 8); } while(0) | | ------------------ | | | | 39| 169|#define XMEMCPY memcpy | | ------------------ | | | Branch (103:39): [Folded - Ignored] | | ------------------ ------------------ 243| 169| sha512_compress(md, md->sha512.buf); 244| | 245| | /* copy output */ 246| 1.52k| for (i = 0; i < 8; i++) { ------------------ | Branch (246:17): [True: 1.35k, False: 169] ------------------ 247| 1.35k| STORE64H(md->sha512.state[i], out+(8*i)); ------------------ | | 101| 1.35k|#define STORE64H(x, y) \ | | 102| 1.35k|do { ulong64 __t = __builtin_bswap64 ((x)); \ | | 103| 1.35k| XMEMCPY ((y), &__t, 8); } while(0) | | ------------------ | | | | 39| 1.35k|#define XMEMCPY memcpy | | ------------------ | | | Branch (103:39): [Folded - Ignored] | | ------------------ ------------------ 248| 1.35k| } 249| |#ifdef LTC_CLEAN_STACK 250| | zeromem(md, sizeof(hash_state)); 251| |#endif 252| 169| return CRYPT_OK; 253| 169|} sha512.c:sha512_compress: 96| 8.00k|{ 97| 8.00k| ulong64 S[8], W[80], t0, t1; 98| 8.00k| int i; 99| | 100| | /* copy state into S */ 101| 72.0k| for (i = 0; i < 8; i++) { ------------------ | Branch (101:17): [True: 64.0k, False: 8.00k] ------------------ 102| 64.0k| S[i] = md->sha512.state[i]; 103| 64.0k| } 104| | 105| | /* copy the state into 1024-bits into W[0..15] */ 106| 136k| for (i = 0; i < 16; i++) { ------------------ | Branch (106:17): [True: 128k, False: 8.00k] ------------------ 107| 128k| LOAD64H(W[i], buf + (8*i)); ------------------ | | 105| 128k|#define LOAD64H(x, y) \ | | 106| 128k|do { XMEMCPY (&(x), (y), 8); \ | | ------------------ | | | | 39| 128k|#define XMEMCPY memcpy | | ------------------ | | 107| 128k| (x) = __builtin_bswap64 ((x)); } while(0) | | ------------------ | | | Branch (107:46): [Folded - Ignored] | | ------------------ ------------------ 108| 128k| } 109| | 110| | /* fill W[16..79] */ 111| 520k| for (i = 16; i < 80; i++) { ------------------ | Branch (111:18): [True: 512k, False: 8.00k] ------------------ 112| 512k| W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; ------------------ | | 88| 512k|#define Gamma1(x) (S(x, 19) ^ S(x, 61) ^ R(x, 6)) | | ------------------ | | | | 83| 512k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 512k|#define ROR64c(word,i) ({ \ | | | | | | 385| 512k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 512k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 512k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 512k| "0" (__ROR64c_tmp), \ | | | | | | 389| 512k| "J" (i)); \ | | | | | | 390| 512k| __ROR64c_tmp; \ | | | | | | 391| 512k| }) | | | | ------------------ | | ------------------ | | #define Gamma1(x) (S(x, 19) ^ S(x, 61) ^ R(x, 6)) | | ------------------ | | | | 83| 512k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 512k|#define ROR64c(word,i) ({ \ | | | | | | 385| 512k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 512k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 512k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 512k| "0" (__ROR64c_tmp), \ | | | | | | 389| 512k| "J" (i)); \ | | | | | | 390| 512k| __ROR64c_tmp; \ | | | | | | 391| 512k| }) | | | | ------------------ | | ------------------ | | #define Gamma1(x) (S(x, 19) ^ S(x, 61) ^ R(x, 6)) | | ------------------ | | | | 84| 512k|#define R(x, n) (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)n)) | | | | ------------------ | | | | | | 200| 512k| #define CONST64(n) n ## ULL | | | | ------------------ | | ------------------ ------------------ W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; ------------------ | | 87| 512k|#define Gamma0(x) (S(x, 1) ^ S(x, 8) ^ R(x, 7)) | | ------------------ | | | | 83| 512k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 512k|#define ROR64c(word,i) ({ \ | | | | | | 385| 512k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 512k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 512k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 512k| "0" (__ROR64c_tmp), \ | | | | | | 389| 512k| "J" (i)); \ | | | | | | 390| 512k| __ROR64c_tmp; \ | | | | | | 391| 512k| }) | | | | ------------------ | | ------------------ | | #define Gamma0(x) (S(x, 1) ^ S(x, 8) ^ R(x, 7)) | | ------------------ | | | | 83| 512k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 512k|#define ROR64c(word,i) ({ \ | | | | | | 385| 512k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 512k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 512k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 512k| "0" (__ROR64c_tmp), \ | | | | | | 389| 512k| "J" (i)); \ | | | | | | 390| 512k| __ROR64c_tmp; \ | | | | | | 391| 512k| }) | | | | ------------------ | | ------------------ | | #define Gamma0(x) (S(x, 1) ^ S(x, 8) ^ R(x, 7)) | | ------------------ | | | | 84| 512k|#define R(x, n) (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)n)) | | | | ------------------ | | | | | | 200| 512k| #define CONST64(n) n ## ULL | | | | ------------------ | | ------------------ ------------------ 113| 512k| } 114| | 115| | /* Compress */ 116| 8.00k|#ifdef LTC_SMALL_CODE 117| 648k| for (i = 0; i < 80; i++) { ------------------ | Branch (117:17): [True: 640k, False: 8.00k] ------------------ 118| 640k| t0 = S[7] + Sigma1(S[4]) + Ch(S[4], S[5], S[6]) + K[i] + W[i]; ------------------ | | 86| 640k|#define Sigma1(x) (S(x, 14) ^ S(x, 18) ^ S(x, 41)) | | ------------------ | | | | 83| 640k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 640k|#define ROR64c(word,i) ({ \ | | | | | | 385| 640k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 640k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 640k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 640k| "0" (__ROR64c_tmp), \ | | | | | | 389| 640k| "J" (i)); \ | | | | | | 390| 640k| __ROR64c_tmp; \ | | | | | | 391| 640k| }) | | | | ------------------ | | ------------------ | | #define Sigma1(x) (S(x, 14) ^ S(x, 18) ^ S(x, 41)) | | ------------------ | | | | 83| 640k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 640k|#define ROR64c(word,i) ({ \ | | | | | | 385| 640k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 640k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 640k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 640k| "0" (__ROR64c_tmp), \ | | | | | | 389| 640k| "J" (i)); \ | | | | | | 390| 640k| __ROR64c_tmp; \ | | | | | | 391| 640k| }) | | | | ------------------ | | ------------------ | | #define Sigma1(x) (S(x, 14) ^ S(x, 18) ^ S(x, 41)) | | ------------------ | | | | 83| 640k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 640k|#define ROR64c(word,i) ({ \ | | | | | | 385| 640k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 640k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 640k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 640k| "0" (__ROR64c_tmp), \ | | | | | | 389| 640k| "J" (i)); \ | | | | | | 390| 640k| __ROR64c_tmp; \ | | | | | | 391| 640k| }) | | | | ------------------ | | ------------------ ------------------ t0 = S[7] + Sigma1(S[4]) + Ch(S[4], S[5], S[6]) + K[i] + W[i]; ------------------ | | 81| 640k|#define Ch(x,y,z) (z ^ (x & (y ^ z))) ------------------ 119| 640k| t1 = Sigma0(S[0]) + Maj(S[0], S[1], S[2]); ------------------ | | 85| 640k|#define Sigma0(x) (S(x, 28) ^ S(x, 34) ^ S(x, 39)) | | ------------------ | | | | 83| 640k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 640k|#define ROR64c(word,i) ({ \ | | | | | | 385| 640k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 640k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 640k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 640k| "0" (__ROR64c_tmp), \ | | | | | | 389| 640k| "J" (i)); \ | | | | | | 390| 640k| __ROR64c_tmp; \ | | | | | | 391| 640k| }) | | | | ------------------ | | ------------------ | | #define Sigma0(x) (S(x, 28) ^ S(x, 34) ^ S(x, 39)) | | ------------------ | | | | 83| 640k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 640k|#define ROR64c(word,i) ({ \ | | | | | | 385| 640k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 640k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 640k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 640k| "0" (__ROR64c_tmp), \ | | | | | | 389| 640k| "J" (i)); \ | | | | | | 390| 640k| __ROR64c_tmp; \ | | | | | | 391| 640k| }) | | | | ------------------ | | ------------------ | | #define Sigma0(x) (S(x, 28) ^ S(x, 34) ^ S(x, 39)) | | ------------------ | | | | 83| 640k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 640k|#define ROR64c(word,i) ({ \ | | | | | | 385| 640k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 640k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 640k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 640k| "0" (__ROR64c_tmp), \ | | | | | | 389| 640k| "J" (i)); \ | | | | | | 390| 640k| __ROR64c_tmp; \ | | | | | | 391| 640k| }) | | | | ------------------ | | ------------------ ------------------ t1 = Sigma0(S[0]) + Maj(S[0], S[1], S[2]); ------------------ | | 82| 640k|#define Maj(x,y,z) (((x | y) & z) | (x & y)) ------------------ 120| 640k| S[7] = S[6]; 121| 640k| S[6] = S[5]; 122| 640k| S[5] = S[4]; 123| 640k| S[4] = S[3] + t0; 124| 640k| S[3] = S[2]; 125| 640k| S[2] = S[1]; 126| 640k| S[1] = S[0]; 127| 640k| S[0] = t0 + t1; 128| 640k| } 129| |#else 130| |#define RND(a,b,c,d,e,f,g,h,i) \ 131| | t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ 132| | t1 = Sigma0(a) + Maj(a, b, c); \ 133| | d += t0; \ 134| | h = t0 + t1; 135| | 136| | for (i = 0; i < 80; i += 8) { 137| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i+0); 138| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],i+1); 139| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],i+2); 140| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],i+3); 141| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],i+4); 142| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],i+5); 143| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],i+6); 144| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],i+7); 145| | } 146| |#endif 147| | 148| | 149| | /* feedback */ 150| 72.0k| for (i = 0; i < 8; i++) { ------------------ | Branch (150:17): [True: 64.0k, False: 8.00k] ------------------ 151| 64.0k| md->sha512.state[i] = md->sha512.state[i] + S[i]; 152| 64.0k| } 153| | 154| 8.00k| return CRYPT_OK; 155| 8.00k|} sha1_process: 491| 995|int func_name (hash_state * md, const unsigned char *in, unsigned long inlen) \ 492| 995|{ \ 493| 995| unsigned long n; \ 494| 995| int err; \ 495| 995| LTC_ARGCHK(md != NULL); \ ------------------ | | 32| 995|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 995] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 496| 995| LTC_ARGCHK(in != NULL); \ ------------------ | | 32| 995|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 995] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 497| 995| if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \ ------------------ | Branch (497:9): [True: 0, False: 995] ------------------ 498| 0| return CRYPT_INVALID_ARG; \ 499| 0| } \ 500| 995| if ((md-> state_var .length + inlen) < md-> state_var .length) { \ ------------------ | Branch (500:9): [True: 0, False: 995] ------------------ 501| 0| return CRYPT_HASH_OVERFLOW; \ 502| 0| } \ 503| 18.7k| while (inlen > 0) { \ ------------------ | Branch (503:12): [True: 17.7k, False: 995] ------------------ 504| 17.7k| if (md-> state_var .curlen == 0 && inlen >= block_size) { \ ------------------ | Branch (504:13): [True: 17.7k, False: 0] | Branch (504:44): [True: 16.7k, False: 983] ------------------ 505| 16.7k| if ((err = compress_name (md, (unsigned char *)in)) != CRYPT_OK) { \ ------------------ | Branch (505:16): [True: 0, False: 16.7k] ------------------ 506| 0| return err; \ 507| 0| } \ 508| 16.7k| md-> state_var .length += block_size * 8; \ 509| 16.7k| in += block_size; \ 510| 16.7k| inlen -= block_size; \ 511| 16.7k| } else { \ 512| 983| n = MIN(inlen, (block_size - md-> state_var .curlen)); \ ------------------ | | 425| 983| #define MIN(x, y) ( ((x)<(y))?(x):(y) ) | | ------------------ | | | Branch (425:24): [True: 983, False: 0] | | ------------------ ------------------ 513| 983| XMEMCPY(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \ ------------------ | | 39| 983|#define XMEMCPY memcpy ------------------ 514| 983| md-> state_var .curlen += n; \ 515| 983| in += n; \ 516| 983| inlen -= n; \ 517| 983| if (md-> state_var .curlen == block_size) { \ ------------------ | Branch (517:16): [True: 0, False: 983] ------------------ 518| 0| if ((err = compress_name (md, md-> state_var .buf)) != CRYPT_OK) { \ ------------------ | Branch (518:19): [True: 0, False: 0] ------------------ 519| 0| return err; \ 520| 0| } \ 521| 0| md-> state_var .length += 8*block_size; \ 522| 0| md-> state_var .curlen = 0; \ 523| 0| } \ 524| 983| } \ 525| 17.7k| } \ 526| 995| return CRYPT_OK; \ 527| 995|} sha256_process: 491| 102k|int func_name (hash_state * md, const unsigned char *in, unsigned long inlen) \ 492| 102k|{ \ 493| 102k| unsigned long n; \ 494| 102k| int err; \ 495| 102k| LTC_ARGCHK(md != NULL); \ ------------------ | | 32| 102k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 102k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 496| 102k| LTC_ARGCHK(in != NULL); \ ------------------ | | 32| 102k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 102k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 497| 102k| if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \ ------------------ | Branch (497:9): [True: 0, False: 102k] ------------------ 498| 0| return CRYPT_INVALID_ARG; \ 499| 0| } \ 500| 102k| if ((md-> state_var .length + inlen) < md-> state_var .length) { \ ------------------ | Branch (500:9): [True: 0, False: 102k] ------------------ 501| 0| return CRYPT_HASH_OVERFLOW; \ 502| 0| } \ 503| 231k| while (inlen > 0) { \ ------------------ | Branch (503:12): [True: 128k, False: 102k] ------------------ 504| 128k| if (md-> state_var .curlen == 0 && inlen >= block_size) { \ ------------------ | Branch (504:13): [True: 77.9k, False: 50.6k] | Branch (504:44): [True: 26.1k, False: 51.7k] ------------------ 505| 26.1k| if ((err = compress_name (md, (unsigned char *)in)) != CRYPT_OK) { \ ------------------ | Branch (505:16): [True: 0, False: 26.1k] ------------------ 506| 0| return err; \ 507| 0| } \ 508| 26.1k| md-> state_var .length += block_size * 8; \ 509| 26.1k| in += block_size; \ 510| 26.1k| inlen -= block_size; \ 511| 102k| } else { \ 512| 102k| n = MIN(inlen, (block_size - md-> state_var .curlen)); \ ------------------ | | 425| 102k| #define MIN(x, y) ( ((x)<(y))?(x):(y) ) | | ------------------ | | | Branch (425:24): [True: 102k, False: 0] | | ------------------ ------------------ 513| 102k| XMEMCPY(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \ ------------------ | | 39| 102k|#define XMEMCPY memcpy ------------------ 514| 102k| md-> state_var .curlen += n; \ 515| 102k| in += n; \ 516| 102k| inlen -= n; \ 517| 102k| if (md-> state_var .curlen == block_size) { \ ------------------ | Branch (517:16): [True: 0, False: 102k] ------------------ 518| 0| if ((err = compress_name (md, md-> state_var .buf)) != CRYPT_OK) { \ ------------------ | Branch (518:19): [True: 0, False: 0] ------------------ 519| 0| return err; \ 520| 0| } \ 521| 0| md-> state_var .length += 8*block_size; \ 522| 0| md-> state_var .curlen = 0; \ 523| 0| } \ 524| 102k| } \ 525| 128k| } \ 526| 102k| return CRYPT_OK; \ 527| 102k|} sha512_process: 491| 187|int func_name (hash_state * md, const unsigned char *in, unsigned long inlen) \ 492| 187|{ \ 493| 187| unsigned long n; \ 494| 187| int err; \ 495| 187| LTC_ARGCHK(md != NULL); \ ------------------ | | 32| 187|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 187] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 496| 187| LTC_ARGCHK(in != NULL); \ ------------------ | | 32| 187|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 187] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 497| 187| if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \ ------------------ | Branch (497:9): [True: 0, False: 187] ------------------ 498| 0| return CRYPT_INVALID_ARG; \ 499| 0| } \ 500| 187| if ((md-> state_var .length + inlen) < md-> state_var .length) { \ ------------------ | Branch (500:9): [True: 0, False: 187] ------------------ 501| 0| return CRYPT_HASH_OVERFLOW; \ 502| 0| } \ 503| 8.15k| while (inlen > 0) { \ ------------------ | Branch (503:12): [True: 7.96k, False: 187] ------------------ 504| 7.96k| if (md-> state_var .curlen == 0 && inlen >= block_size) { \ ------------------ | Branch (504:13): [True: 7.95k, False: 18] | Branch (504:44): [True: 7.79k, False: 161] ------------------ 505| 7.79k| if ((err = compress_name (md, (unsigned char *)in)) != CRYPT_OK) { \ ------------------ | Branch (505:16): [True: 0, False: 7.79k] ------------------ 506| 0| return err; \ 507| 0| } \ 508| 7.79k| md-> state_var .length += block_size * 8; \ 509| 7.79k| in += block_size; \ 510| 7.79k| inlen -= block_size; \ 511| 7.79k| } else { \ 512| 179| n = MIN(inlen, (block_size - md-> state_var .curlen)); \ ------------------ | | 425| 179| #define MIN(x, y) ( ((x)<(y))?(x):(y) ) | | ------------------ | | | Branch (425:24): [True: 179, False: 0] | | ------------------ ------------------ 513| 179| XMEMCPY(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \ ------------------ | | 39| 179|#define XMEMCPY memcpy ------------------ 514| 179| md-> state_var .curlen += n; \ 515| 179| in += n; \ 516| 179| inlen -= n; \ 517| 179| if (md-> state_var .curlen == block_size) { \ ------------------ | Branch (517:16): [True: 0, False: 179] ------------------ 518| 0| if ((err = compress_name (md, md-> state_var .buf)) != CRYPT_OK) { \ ------------------ | Branch (518:19): [True: 0, False: 0] ------------------ 519| 0| return err; \ 520| 0| } \ 521| 0| md-> state_var .length += 8*block_size; \ 522| 0| md-> state_var .curlen = 0; \ 523| 0| } \ 524| 179| } \ 525| 7.96k| } \ 526| 187| return CRYPT_OK; \ 527| 187|} sha1.c:ROL: 258| 1.13M|{ 259| 1.13M| asm ("roll %%cl,%0" 260| 1.13M| :"=r" (word) 261| 1.13M| :"0" (word),"c" (i)); 262| 1.13M| return word; 263| 1.13M|} ltm_desc.c:init: 58| 2.52M|{ 59| 2.52M| int err; 60| | 61| 2.52M| LTC_ARGCHK(a != NULL); ------------------ | | 32| 2.52M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 2.52M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 62| | 63| 2.52M| if ((err = init_mpi(a)) != CRYPT_OK) { ------------------ | Branch (63:8): [True: 0, False: 2.52M] ------------------ 64| 0| return err; 65| 0| } 66| 2.52M| if ((err = mpi_to_ltc_error(mp_init(*a))) != CRYPT_OK) { ------------------ | Branch (66:8): [True: 0, False: 2.52M] ------------------ 67| 0| XFREE(*a); ------------------ | | 17| 0|#define XFREE m_free_direct ------------------ 68| 0| } 69| 2.52M| return err; 70| 2.52M|} ltm_desc.c:init_mpi: 46| 2.52M|{ 47| 2.52M| LTC_ARGCHK(a != NULL); ------------------ | | 32| 2.52M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 2.52M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 48| | 49| 2.52M| *a = XCALLOC(1, sizeof(mp_int)); ------------------ | | 19| 2.52M|#define XCALLOC m_calloc ------------------ 50| 2.52M| if (*a == NULL) { ------------------ | Branch (50:8): [True: 0, False: 2.52M] ------------------ 51| 0| return CRYPT_MEM; 52| 2.52M| } else { 53| 2.52M| return CRYPT_OK; 54| 2.52M| } 55| 2.52M|} ltm_desc.c:mpi_to_ltc_error: 34| 34.2M|{ 35| 34.2M| size_t x; 36| | 37| 34.2M| for (x = 0; x < sizeof(mpi_to_ltc_codes)/sizeof(mpi_to_ltc_codes[0]); x++) { ------------------ | Branch (37:16): [True: 34.2M, False: 0] ------------------ 38| 34.2M| if (err == mpi_to_ltc_codes[x].mpi_code) { ------------------ | Branch (38:12): [True: 34.2M, False: 0] ------------------ 39| 34.2M| return mpi_to_ltc_codes[x].ltc_code; 40| 34.2M| } 41| 34.2M| } 42| 0| return CRYPT_ERROR; 43| 34.2M|} ltm_desc.c:deinit: 73| 2.52M|{ 74| 2.52M| LTC_ARGCHKVD(a != NULL); ------------------ | | 33| 2.52M|#define LTC_ARGCHKVD(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (33:34): [True: 0, False: 2.52M] | | | Branch (33:89): [Folded - Ignored] | | ------------------ ------------------ 75| 2.52M| mp_clear(a); 76| 2.52M| XFREE(a); ------------------ | | 17| 2.52M|#define XFREE m_free_direct ------------------ 77| 2.52M|} ltm_desc.c:copy: 87| 2.18M|{ 88| 2.18M| LTC_ARGCHK(a != NULL); ------------------ | | 32| 2.18M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 2.18M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 89| 2.18M| LTC_ARGCHK(b != NULL); ------------------ | | 32| 2.18M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 2.18M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 90| 2.18M| return mpi_to_ltc_error(mp_copy(a, b)); 91| 2.18M|} ltm_desc.c:set_int: 104| 1.39k|{ 105| 1.39k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 1.39k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.39k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 106| 1.39k| mp_set_u32(a, b); 107| 1.39k| return CRYPT_OK; 108| 1.39k|} ltm_desc.c:get_digit: 117| 727k|{ 118| 727k| mp_int *A; 119| 727k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 727k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 727k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 120| 727k| A = a; 121| 727k| return (n >= A->used || n < 0) ? 0 : A->dp[n]; ------------------ | Branch (121:12): [True: 0, False: 727k] | Branch (121:28): [True: 0, False: 727k] ------------------ 122| 727k|} ltm_desc.c:get_digit_count: 125| 722k|{ 126| 722k| mp_int *A; 127| 722k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 722k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 722k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 128| 722k| A = a; 129| 722k| return A->used; 130| 722k|} ltm_desc.c:compare: 133| 3.61M|{ 134| 3.61M| LTC_ARGCHK(a != NULL); ------------------ | | 32| 3.61M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 3.61M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 135| 3.61M| LTC_ARGCHK(b != NULL); ------------------ | | 32| 3.61M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 3.61M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 136| 3.61M| switch (mp_cmp(a, b)) { 137| 1.82M| case MP_LT: return LTC_MP_LT; ------------------ | | 154| 1.82M|#define MP_LT -1 /* less than */ ------------------ case MP_LT: return LTC_MP_LT; ------------------ | | 12| 1.82M|#define LTC_MP_LT -1 ------------------ | Branch (137:7): [True: 1.82M, False: 1.79M] ------------------ 138| 0| case MP_EQ: return LTC_MP_EQ; ------------------ | | 155| 0|#define MP_EQ 0 /* equal to */ ------------------ case MP_EQ: return LTC_MP_EQ; ------------------ | | 13| 0|#define LTC_MP_EQ 0 ------------------ | Branch (138:7): [True: 0, False: 3.61M] ------------------ 139| 1.79M| case MP_GT: return LTC_MP_GT; ------------------ | | 156| 1.79M|#define MP_GT 1 /* greater than */ ------------------ case MP_GT: return LTC_MP_GT; ------------------ | | 14| 1.79M|#define LTC_MP_GT 1 ------------------ | Branch (139:7): [True: 1.79M, False: 1.82M] ------------------ 140| 0| default: return 0; ------------------ | Branch (140:7): [True: 0, False: 3.61M] ------------------ 141| 3.61M| } 142| 3.61M|} ltm_desc.c:compare_d: 145| 3.96M|{ 146| 3.96M| LTC_ARGCHK(a != NULL); ------------------ | | 32| 3.96M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 3.96M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 147| 3.96M| switch (mp_cmp_d(a, b)) { 148| 1.99M| case MP_LT: return LTC_MP_LT; ------------------ | | 154| 1.99M|#define MP_LT -1 /* less than */ ------------------ case MP_LT: return LTC_MP_LT; ------------------ | | 12| 1.99M|#define LTC_MP_LT -1 ------------------ | Branch (148:7): [True: 1.99M, False: 1.97M] ------------------ 149| 2| case MP_EQ: return LTC_MP_EQ; ------------------ | | 155| 2|#define MP_EQ 0 /* equal to */ ------------------ case MP_EQ: return LTC_MP_EQ; ------------------ | | 13| 2|#define LTC_MP_EQ 0 ------------------ | Branch (149:7): [True: 2, False: 3.96M] ------------------ 150| 1.97M| case MP_GT: return LTC_MP_GT; ------------------ | | 156| 1.97M|#define MP_GT 1 /* greater than */ ------------------ case MP_GT: return LTC_MP_GT; ------------------ | | 14| 1.97M|#define LTC_MP_GT 1 ------------------ | Branch (150:7): [True: 1.97M, False: 1.99M] ------------------ 151| 0| default: return 0; ------------------ | Branch (151:7): [True: 0, False: 3.96M] ------------------ 152| 3.96M| } 153| 3.96M|} ltm_desc.c:read_radix: 178| 2.56k|{ 179| 2.56k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 2.56k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 2.56k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 180| 2.56k| LTC_ARGCHK(b != NULL); ------------------ | | 32| 2.56k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 2.56k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 181| 2.56k| return mpi_to_ltc_error(mp_read_radix(a, b, radix)); 182| 2.56k|} ltm_desc.c:unsigned_size: 194| 1.92k|{ 195| 1.92k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 1.92k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.92k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 196| 1.92k| return (unsigned long)mp_ubin_size(a); 197| 1.92k|} ltm_desc.c:unsigned_write: 201| 1.92k|{ 202| 1.92k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 1.92k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.92k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 203| 1.92k| LTC_ARGCHK(b != NULL); ------------------ | | 32| 1.92k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.92k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 204| 1.92k| return mpi_to_ltc_error(mp_to_ubin(a, b, SIZE_MAX, NULL)); 205| 1.92k|} ltm_desc.c:unsigned_read: 209| 644|{ 210| 644| LTC_ARGCHK(a != NULL); ------------------ | | 32| 644|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 644] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 211| 644| LTC_ARGCHK(b != NULL); ------------------ | | 32| 644|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 644] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 212| 644| return mpi_to_ltc_error(mp_from_ubin(a, b, (size_t)len)); 213| 644|} ltm_desc.c:add: 217| 5.60M|{ 218| 5.60M| LTC_ARGCHK(a != NULL); ------------------ | | 32| 5.60M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 5.60M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 219| 5.60M| LTC_ARGCHK(b != NULL); ------------------ | | 32| 5.60M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 5.60M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 220| 5.60M| LTC_ARGCHK(c != NULL); ------------------ | | 32| 5.60M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 5.60M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 221| 5.60M| return mpi_to_ltc_error(mp_add(a, b, c)); 222| 5.60M|} ltm_desc.c:sub: 233| 5.93M|{ 234| 5.93M| LTC_ARGCHK(a != NULL); ------------------ | | 32| 5.93M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 5.93M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 235| 5.93M| LTC_ARGCHK(b != NULL); ------------------ | | 32| 5.93M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 5.93M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 236| 5.93M| LTC_ARGCHK(c != NULL); ------------------ | | 32| 5.93M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 5.93M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 237| 5.93M| return mpi_to_ltc_error(mp_sub(a, b, c)); 238| 5.93M|} ltm_desc.c:mul: 249| 5.72M|{ 250| 5.72M| LTC_ARGCHK(a != NULL); ------------------ | | 32| 5.72M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 5.72M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 251| 5.72M| LTC_ARGCHK(b != NULL); ------------------ | | 32| 5.72M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 5.72M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 252| 5.72M| LTC_ARGCHK(c != NULL); ------------------ | | 32| 5.72M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 5.72M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 253| 5.72M| return mpi_to_ltc_error(mp_mul(a, b, c)); 254| 5.72M|} ltm_desc.c:sqr: 265| 2.88M|{ 266| 2.88M| LTC_ARGCHK(a != NULL); ------------------ | | 32| 2.88M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 2.88M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 267| 2.88M| LTC_ARGCHK(b != NULL); ------------------ | | 32| 2.88M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 2.88M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 268| 2.88M| return mpi_to_ltc_error(mp_sqr(a, b)); 269| 2.88M|} ltm_desc.c:divide: 273| 1.94k|{ 274| 1.94k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 1.94k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.94k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 275| 1.94k| LTC_ARGCHK(b != NULL); ------------------ | | 32| 1.94k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1.94k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 276| 1.94k| return mpi_to_ltc_error(mp_div(a, b, c, d)); 277| 1.94k|} ltm_desc.c:div_2: 280| 722k|{ 281| 722k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 722k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 722k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 282| 722k| LTC_ARGCHK(b != NULL); ------------------ | | 32| 722k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 722k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 283| 722k| return mpi_to_ltc_error(mp_div_2(a, b)); 284| 722k|} ltm_desc.c:mulmod: 339| 2.48k|{ 340| 2.48k| LTC_ARGCHK(a != NULL); ------------------ | | 32| 2.48k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 2.48k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 341| 2.48k| LTC_ARGCHK(b != NULL); ------------------ | | 32| 2.48k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 2.48k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 342| 2.48k| LTC_ARGCHK(c != NULL); ------------------ | | 32| 2.48k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 2.48k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 343| 2.48k| LTC_ARGCHK(d != NULL); ------------------ | | 32| 2.48k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 2.48k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 344| 2.48k| return mpi_to_ltc_error(mp_mulmod(a,b,c,d)); 345| 2.48k|} ltm_desc.c:invmod: 357| 796|{ 358| 796| LTC_ARGCHK(a != NULL); ------------------ | | 32| 796|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 796] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 359| 796| LTC_ARGCHK(b != NULL); ------------------ | | 32| 796|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 796] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 360| 796| LTC_ARGCHK(c != NULL); ------------------ | | 32| 796|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 796] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 361| 796| return mpi_to_ltc_error(mp_invmod(a, b, c)); 362| 796|} ltm_desc.c:montgomery_setup: 366| 750|{ 367| 750| int err; 368| 750| LTC_ARGCHK(a != NULL); ------------------ | | 32| 750|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 750] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 369| 750| LTC_ARGCHK(b != NULL); ------------------ | | 32| 750|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 750] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 370| 750| *b = XCALLOC(1, sizeof(mp_digit)); ------------------ | | 19| 750|#define XCALLOC m_calloc ------------------ 371| 750| if (*b == NULL) { ------------------ | Branch (371:8): [True: 0, False: 750] ------------------ 372| 0| return CRYPT_MEM; 373| 0| } 374| 750| if ((err = mpi_to_ltc_error(mp_montgomery_setup(a, (mp_digit *)*b))) != CRYPT_OK) { ------------------ | Branch (374:8): [True: 0, False: 750] ------------------ 375| 0| XFREE(*b); ------------------ | | 17| 0|#define XFREE m_free_direct ------------------ 376| 0| } 377| 750| return err; 378| 750|} ltm_desc.c:montgomery_normalization: 382| 750|{ 383| 750| LTC_ARGCHK(a != NULL); ------------------ | | 32| 750|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 750] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 384| 750| LTC_ARGCHK(b != NULL); ------------------ | | 32| 750|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 750] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 385| 750| return mpi_to_ltc_error(mp_montgomery_calc_normalization(a, b)); 386| 750|} ltm_desc.c:montgomery_reduce: 390| 8.61M|{ 391| 8.61M| LTC_ARGCHK(a != NULL); ------------------ | | 32| 8.61M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 8.61M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 392| 8.61M| LTC_ARGCHK(b != NULL); ------------------ | | 32| 8.61M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 8.61M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 393| 8.61M| LTC_ARGCHK(c != NULL); ------------------ | | 32| 8.61M|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 8.61M] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 394| 8.61M| return mpi_to_ltc_error(mp_montgomery_reduce(a, b, *((mp_digit *)c))); 395| 8.61M|} ltm_desc.c:montgomery_deinit: 399| 750|{ 400| 750| XFREE(a); ------------------ | | 17| 750|#define XFREE m_free_direct ------------------ 401| 750|} ltc_init_multi: 15| 728k|{ 16| 728k| void **cur = a; 17| 728k| int np = 0; 18| 728k| va_list args; 19| | 20| 728k| va_start(args, a); 21| 3.25M| while (cur != NULL) { ------------------ | Branch (21:11): [True: 2.52M, False: 728k] ------------------ 22| 2.52M| if (mp_init(cur) != CRYPT_OK) { ------------------ | | 516| 2.52M|#define mp_init(a) ltc_mp.init(a) ------------------ | Branch (22:12): [True: 0, False: 2.52M] ------------------ 23| | /* failed */ 24| 0| va_list clean_list; 25| | 26| 0| va_start(clean_list, a); 27| 0| cur = a; 28| 0| while (np--) { ------------------ | Branch (28:18): [True: 0, False: 0] ------------------ 29| 0| mp_clear(*cur); ------------------ | | 518| 0|#define mp_clear(a) ltc_mp.deinit(a) ------------------ 30| 0| cur = va_arg(clean_list, void**); 31| 0| } 32| 0| va_end(clean_list); 33| 0| va_end(args); 34| 0| return CRYPT_MEM; 35| 0| } 36| 2.52M| ++np; 37| 2.52M| cur = va_arg(args, void**); 38| 2.52M| } 39| 728k| va_end(args); 40| 728k| return CRYPT_OK; 41| 728k|} ltc_deinit_multi: 44| 728k|{ 45| 728k| void *cur = a; 46| 728k| va_list args; 47| | 48| 728k| va_start(args, a); 49| 3.25M| while (cur != NULL) { ------------------ | Branch (49:11): [True: 2.52M, False: 728k] ------------------ 50| 2.52M| mp_clear(cur); ------------------ | | 518| 2.52M|#define mp_clear(a) ltc_mp.deinit(a) ------------------ 51| 2.52M| cur = va_arg(args, void *); 52| 2.52M| } 53| 728k| va_end(args); 54| 728k|} prng_is_valid: 22| 594|{ 23| 594| LTC_MUTEX_LOCK(<c_prng_mutex); 24| 594| if (idx < 0 || idx >= TAB_SIZE || prng_descriptor[idx].name == NULL) { ------------------ | | 14| 1.18k|#define TAB_SIZE 5 ------------------ | Branch (24:8): [True: 0, False: 594] | Branch (24:19): [True: 0, False: 594] | Branch (24:38): [True: 0, False: 594] ------------------ 25| 0| LTC_MUTEX_UNLOCK(<c_prng_mutex); 26| 0| return CRYPT_INVALID_PRNG; 27| 0| } 28| 594| LTC_MUTEX_UNLOCK(<c_prng_mutex); 29| 594| return CRYPT_OK; 30| 594|} register_cipher: 22| 1|{ 23| 1| int x; 24| | 25| 1| LTC_ARGCHK(cipher != NULL); ------------------ | | 32| 1|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 26| | 27| | /* is it already registered? */ 28| 1| LTC_MUTEX_LOCK(<c_cipher_mutex); 29| 6| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 6|#define TAB_SIZE 5 ------------------ | Branch (29:16): [True: 5, False: 1] ------------------ 30| 5| if (cipher_descriptor[x].name != NULL && cipher_descriptor[x].ID == cipher->ID) { ------------------ | Branch (30:12): [True: 0, False: 5] | Branch (30:49): [True: 0, False: 0] ------------------ 31| 0| LTC_MUTEX_UNLOCK(<c_cipher_mutex); 32| 0| return x; 33| 0| } 34| 5| } 35| | 36| | /* find a blank spot */ 37| 1| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 1|#define TAB_SIZE 5 ------------------ | Branch (37:16): [True: 1, False: 0] ------------------ 38| 1| if (cipher_descriptor[x].name == NULL) { ------------------ | Branch (38:12): [True: 1, False: 0] ------------------ 39| 1| XMEMCPY(&cipher_descriptor[x], cipher, sizeof(struct ltc_cipher_descriptor)); ------------------ | | 39| 1|#define XMEMCPY memcpy ------------------ 40| 1| LTC_MUTEX_UNLOCK(<c_cipher_mutex); 41| 1| return x; 42| 1| } 43| 1| } 44| | 45| | /* no spot */ 46| 0| LTC_MUTEX_UNLOCK(<c_cipher_mutex); 47| 0| return -1; 48| 1|} register_hash: 22| 4|{ 23| 4| int x; 24| | 25| 4| LTC_ARGCHK(hash != NULL); ------------------ | | 32| 4|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 4] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 26| | 27| | /* is it already registered? */ 28| 4| LTC_MUTEX_LOCK(<c_hash_mutex); 29| 24| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 24|#define TAB_SIZE 5 ------------------ | Branch (29:16): [True: 20, False: 4] ------------------ 30| 20| if (XMEMCMP(&hash_descriptor[x], hash, sizeof(struct ltc_hash_descriptor)) == 0) { ------------------ | | 45| 20|#define XMEMCMP memcmp ------------------ | Branch (30:12): [True: 0, False: 20] ------------------ 31| 0| LTC_MUTEX_UNLOCK(<c_hash_mutex); 32| 0| return x; 33| 0| } 34| 20| } 35| | 36| | /* find a blank spot */ 37| 10| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 10|#define TAB_SIZE 5 ------------------ | Branch (37:16): [True: 10, False: 0] ------------------ 38| 10| if (hash_descriptor[x].name == NULL) { ------------------ | Branch (38:12): [True: 4, False: 6] ------------------ 39| 4| XMEMCPY(&hash_descriptor[x], hash, sizeof(struct ltc_hash_descriptor)); ------------------ | | 39| 4|#define XMEMCPY memcpy ------------------ 40| 4| LTC_MUTEX_UNLOCK(<c_hash_mutex); 41| 4| return x; 42| 4| } 43| 10| } 44| | 45| | /* no spot */ 46| 0| LTC_MUTEX_UNLOCK(<c_hash_mutex); 47| 0| return -1; 48| 4|} register_prng: 22| 1|{ 23| 1| int x; 24| | 25| 1| LTC_ARGCHK(prng != NULL); ------------------ | | 32| 1|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 1] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 26| | 27| | /* is it already registered? */ 28| 1| LTC_MUTEX_LOCK(<c_prng_mutex); 29| 6| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 6|#define TAB_SIZE 5 ------------------ | Branch (29:16): [True: 5, False: 1] ------------------ 30| 5| if (XMEMCMP(&prng_descriptor[x], prng, sizeof(struct ltc_prng_descriptor)) == 0) { ------------------ | | 45| 5|#define XMEMCMP memcmp ------------------ | Branch (30:12): [True: 0, False: 5] ------------------ 31| 0| LTC_MUTEX_UNLOCK(<c_prng_mutex); 32| 0| return x; 33| 0| } 34| 5| } 35| | 36| | /* find a blank spot */ 37| 1| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 1|#define TAB_SIZE 5 ------------------ | Branch (37:16): [True: 1, False: 0] ------------------ 38| 1| if (prng_descriptor[x].name == NULL) { ------------------ | Branch (38:12): [True: 1, False: 0] ------------------ 39| 1| XMEMCPY(&prng_descriptor[x], prng, sizeof(struct ltc_prng_descriptor)); ------------------ | | 39| 1|#define XMEMCPY memcpy ------------------ 40| 1| LTC_MUTEX_UNLOCK(<c_prng_mutex); 41| 1| return x; 42| 1| } 43| 1| } 44| | 45| | /* no spot */ 46| 0| LTC_MUTEX_UNLOCK(<c_prng_mutex); 47| 0| return -1; 48| 1|} zeromem: 23| 1.82k|{ 24| 1.82k| m_burn((void*)out, outlen); 25| 1.82k|} ecc_ansi_x963_export: 31| 914|{ 32| 914| unsigned char buf[ECC_BUF_SIZE]; 33| 914| unsigned long numlen, xlen, ylen; 34| | 35| 914| LTC_ARGCHK(key != NULL); ------------------ | | 32| 914|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 914] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 36| 914| LTC_ARGCHK(outlen != NULL); ------------------ | | 32| 914|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 914] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 37| | 38| 914| if (ltc_ecc_is_valid_idx(key->idx) == 0) { ------------------ | Branch (38:8): [True: 0, False: 914] ------------------ 39| 0| return CRYPT_INVALID_ARG; 40| 0| } 41| 914| numlen = key->dp->size; 42| 914| xlen = mp_unsigned_bin_size(key->pubkey.x); ------------------ | | 539| 914|#define mp_unsigned_bin_size(a) ltc_mp.unsigned_size(a) ------------------ 43| 914| ylen = mp_unsigned_bin_size(key->pubkey.y); ------------------ | | 539| 914|#define mp_unsigned_bin_size(a) ltc_mp.unsigned_size(a) ------------------ 44| | 45| 914| if (xlen > numlen || ylen > numlen || sizeof(buf) < numlen) { ------------------ | Branch (45:8): [True: 0, False: 914] | Branch (45:25): [True: 0, False: 914] | Branch (45:42): [True: 0, False: 914] ------------------ 46| 0| return CRYPT_BUFFER_OVERFLOW; 47| 0| } 48| | 49| 914| if (*outlen < (1 + 2*numlen)) { ------------------ | Branch (49:8): [True: 0, False: 914] ------------------ 50| 0| *outlen = 1 + 2*numlen; 51| 0| return CRYPT_BUFFER_OVERFLOW; 52| 0| } 53| | 54| 914| LTC_ARGCHK(out != NULL); ------------------ | | 32| 914|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 914] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 55| | 56| | /* store byte 0x04 */ 57| 914| out[0] = 0x04; 58| | 59| | /* pad and store x */ 60| 914| zeromem(buf, sizeof(buf)); 61| 914| mp_to_unsigned_bin(key->pubkey.x, buf + (numlen - xlen)); ------------------ | | 540| 914|#define mp_to_unsigned_bin(a, b) ltc_mp.unsigned_write(a, b) ------------------ 62| 914| XMEMCPY(out+1, buf, numlen); ------------------ | | 39| 914|#define XMEMCPY memcpy ------------------ 63| | 64| | /* pad and store y */ 65| 914| zeromem(buf, sizeof(buf)); 66| 914| mp_to_unsigned_bin(key->pubkey.y, buf + (numlen - ylen)); ------------------ | | 540| 914|#define mp_to_unsigned_bin(a, b) ltc_mp.unsigned_write(a, b) ------------------ 67| 914| XMEMCPY(out+1+numlen, buf, numlen); ------------------ | | 39| 914|#define XMEMCPY memcpy ------------------ 68| | 69| 914| *outlen = 1 + 2*numlen; 70| 914| return CRYPT_OK; 71| 914|} ecc_free: 29| 230|{ 30| 230| LTC_ARGCHKVD(key != NULL); ------------------ | | 33| 230|#define LTC_ARGCHKVD(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (33:34): [True: 0, False: 230] | | | Branch (33:89): [Folded - Ignored] | | ------------------ ------------------ 31| 230| mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL); ------------------ | | 519| 230|#define mp_clear_multi ltc_deinit_multi ------------------ 32| 230|} ecc_make_key_ex: 49| 594|{ 50| 594| int err; 51| 594| ecc_point *base; 52| 594| void *prime, *order; 53| 594| unsigned char *buf; 54| 594| int keysize; 55| | 56| 594| LTC_ARGCHK(key != NULL); ------------------ | | 32| 594|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 594] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 57| 594| LTC_ARGCHK(ltc_mp.name != NULL); ------------------ | | 32| 594|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 594] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 58| 594| LTC_ARGCHK(dp != NULL); ------------------ | | 32| 594|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 594] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 59| | 60| | /* good prng? */ 61| 594| if ((err = prng_is_valid(wprng)) != CRYPT_OK) { ------------------ | Branch (61:8): [True: 0, False: 594] ------------------ 62| 0| return err; 63| 0| } 64| | 65| 594| key->idx = -1; 66| 594| key->dp = dp; 67| 594| keysize = dp->size; 68| | 69| | /* allocate ram */ 70| 594| base = NULL; 71| 594| buf = XMALLOC(ECC_MAXSIZE); ------------------ | | 16| 594|#define XMALLOC m_malloc ------------------ buf = XMALLOC(ECC_MAXSIZE); ------------------ | | 249| 594|#define ECC_MAXSIZE 66 ------------------ 72| 594| if (buf == NULL) { ------------------ | Branch (72:8): [True: 0, False: 594] ------------------ 73| 0| return CRYPT_MEM; 74| 0| } 75| | 76| | /* make up random string */ 77| 594| if (prng_descriptor[wprng].read(buf, (unsigned long)keysize, prng) != (unsigned long)keysize) { ------------------ | Branch (77:8): [True: 0, False: 594] ------------------ 78| 0| err = CRYPT_ERROR_READPRNG; 79| 0| goto ERR_BUF; 80| 0| } 81| | 82| | /* setup the key variables */ 83| 594| if ((err = mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, &prime, &order, NULL)) != CRYPT_OK) { ------------------ | | 517| 594|#define mp_init_multi ltc_init_multi ------------------ | Branch (83:8): [True: 0, False: 594] ------------------ 84| 0| goto ERR_BUF; 85| 0| } 86| 594| base = ltc_ecc_new_point(); 87| 594| if (base == NULL) { ------------------ | Branch (87:8): [True: 0, False: 594] ------------------ 88| 0| err = CRYPT_MEM; 89| 0| goto errkey; 90| 0| } 91| | 92| | /* read in the specs for this key */ 93| 594| if ((err = mp_read_radix(prime, (char *)key->dp->prime, 16)) != CRYPT_OK) { goto errkey; } ------------------ | | 537| 594|#define mp_read_radix(a, b, c) ltc_mp.read_radix(a, b, c) ------------------ | Branch (93:8): [True: 0, False: 594] ------------------ 94| 594| if ((err = mp_read_radix(order, (char *)key->dp->order, 16)) != CRYPT_OK) { goto errkey; } ------------------ | | 537| 594|#define mp_read_radix(a, b, c) ltc_mp.read_radix(a, b, c) ------------------ | Branch (94:8): [True: 0, False: 594] ------------------ 95| 594| if ((err = mp_read_radix(base->x, (char *)key->dp->Gx, 16)) != CRYPT_OK) { goto errkey; } ------------------ | | 537| 594|#define mp_read_radix(a, b, c) ltc_mp.read_radix(a, b, c) ------------------ | Branch (95:8): [True: 0, False: 594] ------------------ 96| 594| if ((err = mp_read_radix(base->y, (char *)key->dp->Gy, 16)) != CRYPT_OK) { goto errkey; } ------------------ | | 537| 594|#define mp_read_radix(a, b, c) ltc_mp.read_radix(a, b, c) ------------------ | Branch (96:8): [True: 0, False: 594] ------------------ 97| 594| if ((err = mp_set(base->z, 1)) != CRYPT_OK) { goto errkey; } ------------------ | | 526| 594|#define mp_set(a, b) ltc_mp.set_int(a, b) ------------------ | Branch (97:8): [True: 0, False: 594] ------------------ 98| 594| if ((err = mp_read_unsigned_bin(key->k, (unsigned char *)buf, keysize)) != CRYPT_OK) { goto errkey; } ------------------ | | 541| 594|#define mp_read_unsigned_bin(a, b, c) ltc_mp.unsigned_read(a, b, c) ------------------ | Branch (98:8): [True: 0, False: 594] ------------------ 99| | 100| | /* the key should be smaller than the order of base point */ 101| 594| if (mp_cmp(key->k, order) != LTC_MP_LT) { ------------------ | | 531| 594|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(key->k, order) != LTC_MP_LT) { ------------------ | | 12| 594|#define LTC_MP_LT -1 ------------------ | Branch (101:8): [True: 394, False: 200] ------------------ 102| 394| if((err = mp_mod(key->k, order, key->k)) != CRYPT_OK) { goto errkey; } ------------------ | | 552| 394|#define mp_mod(a, b, c) ltc_mp.mpdiv(a, b, NULL, c) ------------------ | Branch (102:11): [True: 0, False: 394] ------------------ 103| 394| } 104| | /* make the public key */ 105| 594| if ((err = ltc_mp.ecc_ptmul(key->k, base, &key->pubkey, prime, 1)) != CRYPT_OK) { goto errkey; } ------------------ | Branch (105:8): [True: 0, False: 594] ------------------ 106| 594| key->type = PK_PRIVATE; 107| | 108| | /* free up ram */ 109| 594| err = CRYPT_OK; 110| 594| goto cleanup; 111| 0|errkey: 112| 0| mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL); ------------------ | | 519| 0|#define mp_clear_multi ltc_deinit_multi ------------------ 113| 594|cleanup: 114| 594| ltc_ecc_del_point(base); 115| 594| mp_clear_multi(prime, order, NULL); ------------------ | | 519| 594|#define mp_clear_multi ltc_deinit_multi ------------------ 116| 594|ERR_BUF: 117| |#ifdef LTC_CLEAN_STACK 118| | zeromem(buf, ECC_MAXSIZE); 119| |#endif 120| 594| XFREE(buf); ------------------ | | 17| 594|#define XFREE m_free_direct ------------------ 121| 594| return err; 122| 594|} ltc_ecc_is_valid_idx: 29| 914|{ 30| 914| int x; 31| | 32| 8.22k| for (x = 0; ltc_ecc_sets[x].size != 0; x++); ------------------ | Branch (32:16): [True: 7.31k, False: 914] ------------------ 33| | /* -1 is a valid index --- indicating that the domain params were supplied by the user */ 34| 914| if ((n >= -1) && (n < x)) { ------------------ | Branch (34:8): [True: 914, False: 0] | Branch (34:21): [True: 914, False: 0] ------------------ 35| 914| return 1; 36| 914| } 37| 0| return 0; 38| 914|} ltc_ecc_map: 32| 750|{ 33| 750| void *t1, *t2; 34| 750| int err; 35| | 36| 750| LTC_ARGCHK(P != NULL); ------------------ | | 32| 750|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 750] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 37| 750| LTC_ARGCHK(modulus != NULL); ------------------ | | 32| 750|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 750] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 38| 750| LTC_ARGCHK(mp != NULL); ------------------ | | 32| 750|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 750] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 39| | 40| 750| if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) { ------------------ | | 517| 750|#define mp_init_multi ltc_init_multi ------------------ | Branch (40:8): [True: 0, False: 750] ------------------ 41| 0| return err; 42| 0| } 43| | 44| | /* first map z back to normal */ 45| 750| if ((err = mp_montgomery_reduce(P->z, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 750|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (45:8): [True: 0, False: 750] ------------------ 46| | 47| | /* get 1/z */ 48| 750| if ((err = mp_invmod(P->z, modulus, t1)) != CRYPT_OK) { goto done; } ------------------ | | 561| 750|#define mp_invmod(a, b, c) ltc_mp.invmod(a, b, c) ------------------ | Branch (48:8): [True: 0, False: 750] ------------------ 49| | 50| | /* get 1/z^2 and 1/z^3 */ 51| 750| if ((err = mp_sqr(t1, t2)) != CRYPT_OK) { goto done; } ------------------ | | 549| 750|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (51:8): [True: 0, False: 750] ------------------ 52| 750| if ((err = mp_mod(t2, modulus, t2)) != CRYPT_OK) { goto done; } ------------------ | | 552| 750|#define mp_mod(a, b, c) ltc_mp.mpdiv(a, b, NULL, c) ------------------ | Branch (52:8): [True: 0, False: 750] ------------------ 53| 750| if ((err = mp_mul(t1, t2, t1)) != CRYPT_OK) { goto done; } ------------------ | | 547| 750|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (53:8): [True: 0, False: 750] ------------------ 54| 750| if ((err = mp_mod(t1, modulus, t1)) != CRYPT_OK) { goto done; } ------------------ | | 552| 750|#define mp_mod(a, b, c) ltc_mp.mpdiv(a, b, NULL, c) ------------------ | Branch (54:8): [True: 0, False: 750] ------------------ 55| | 56| | /* multiply against x/y */ 57| 750| if ((err = mp_mul(P->x, t2, P->x)) != CRYPT_OK) { goto done; } ------------------ | | 547| 750|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (57:8): [True: 0, False: 750] ------------------ 58| 750| if ((err = mp_montgomery_reduce(P->x, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 750|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (58:8): [True: 0, False: 750] ------------------ 59| 750| if ((err = mp_mul(P->y, t1, P->y)) != CRYPT_OK) { goto done; } ------------------ | | 547| 750|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (59:8): [True: 0, False: 750] ------------------ 60| 750| if ((err = mp_montgomery_reduce(P->y, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 750|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (60:8): [True: 0, False: 750] ------------------ 61| 750| if ((err = mp_set(P->z, 1)) != CRYPT_OK) { goto done; } ------------------ | | 526| 750|#define mp_set(a, b) ltc_mp.set_int(a, b) ------------------ | Branch (61:8): [True: 0, False: 750] ------------------ 62| | 63| 750| err = CRYPT_OK; 64| 750|done: 65| 750| mp_clear_multi(t1, t2, NULL); ------------------ | | 519| 750|#define mp_clear_multi ltc_deinit_multi ------------------ 66| 750| return err; 67| 750|} ltc_ecc_mul2add: 39| 46|{ 40| 46| ecc_point *precomp[16]; 41| 46| unsigned bitbufA, bitbufB, lenA, lenB, len, x, y, nA, nB, nibble; 42| 46| unsigned char *tA, *tB; 43| 46| int err, first; 44| 46| void *mp, *mu; 45| | 46| | /* argchks */ 47| 46| LTC_ARGCHK(A != NULL); ------------------ | | 32| 46|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 46] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 48| 46| LTC_ARGCHK(B != NULL); ------------------ | | 32| 46|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 46] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 49| 46| LTC_ARGCHK(C != NULL); ------------------ | | 32| 46|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 46] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 50| 46| LTC_ARGCHK(kA != NULL); ------------------ | | 32| 46|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 46] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 51| 46| LTC_ARGCHK(kB != NULL); ------------------ | | 32| 46|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 46] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 52| 46| LTC_ARGCHK(modulus != NULL); ------------------ | | 32| 46|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 46] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 53| | 54| | /* allocate memory */ 55| 46| tA = XCALLOC(1, ECC_BUF_SIZE); ------------------ | | 19| 46|#define XCALLOC m_calloc ------------------ tA = XCALLOC(1, ECC_BUF_SIZE); ------------------ | | 246| 46|#define ECC_BUF_SIZE 256 ------------------ 56| 46| if (tA == NULL) { ------------------ | Branch (56:7): [True: 0, False: 46] ------------------ 57| 0| return CRYPT_MEM; 58| 0| } 59| 46| tB = XCALLOC(1, ECC_BUF_SIZE); ------------------ | | 19| 46|#define XCALLOC m_calloc ------------------ tB = XCALLOC(1, ECC_BUF_SIZE); ------------------ | | 246| 46|#define ECC_BUF_SIZE 256 ------------------ 60| 46| if (tB == NULL) { ------------------ | Branch (60:7): [True: 0, False: 46] ------------------ 61| 0| XFREE(tA); ------------------ | | 17| 0|#define XFREE m_free_direct ------------------ 62| 0| return CRYPT_MEM; 63| 0| } 64| | 65| | /* get sizes */ 66| 46| lenA = mp_unsigned_bin_size(kA); ------------------ | | 539| 46|#define mp_unsigned_bin_size(a) ltc_mp.unsigned_size(a) ------------------ 67| 46| lenB = mp_unsigned_bin_size(kB); ------------------ | | 539| 46|#define mp_unsigned_bin_size(a) ltc_mp.unsigned_size(a) ------------------ 68| 46| len = MAX(lenA, lenB); ------------------ | | 421| 46| #define MAX(x, y) ( ((x)>(y))?(x):(y) ) | | ------------------ | | | Branch (421:24): [True: 24, False: 22] | | ------------------ ------------------ 69| | 70| | /* sanity check */ 71| 46| if ((lenA > ECC_BUF_SIZE) || (lenB > ECC_BUF_SIZE)) { ------------------ | | 246| 46|#define ECC_BUF_SIZE 256 ------------------ if ((lenA > ECC_BUF_SIZE) || (lenB > ECC_BUF_SIZE)) { ------------------ | | 246| 46|#define ECC_BUF_SIZE 256 ------------------ | Branch (71:7): [True: 0, False: 46] | Branch (71:32): [True: 0, False: 46] ------------------ 72| 0| err = CRYPT_INVALID_ARG; 73| 0| goto ERR_T; 74| 0| } 75| | 76| | /* extract and justify kA */ 77| 46| mp_to_unsigned_bin(kA, (len - lenA) + tA); ------------------ | | 540| 46|#define mp_to_unsigned_bin(a, b) ltc_mp.unsigned_write(a, b) ------------------ 78| | 79| | /* extract and justify kB */ 80| 46| mp_to_unsigned_bin(kB, (len - lenB) + tB); ------------------ | | 540| 46|#define mp_to_unsigned_bin(a, b) ltc_mp.unsigned_write(a, b) ------------------ 81| | 82| | /* allocate the table */ 83| 782| for (x = 0; x < 16; x++) { ------------------ | Branch (83:15): [True: 736, False: 46] ------------------ 84| 736| precomp[x] = ltc_ecc_new_point(); 85| 736| if (precomp[x] == NULL) { ------------------ | Branch (85:10): [True: 0, False: 736] ------------------ 86| 0| for (y = 0; y < x; ++y) { ------------------ | Branch (86:22): [True: 0, False: 0] ------------------ 87| 0| ltc_ecc_del_point(precomp[y]); 88| 0| } 89| 0| err = CRYPT_MEM; 90| 0| goto ERR_T; 91| 0| } 92| 736| } 93| | 94| | /* init montgomery reduction */ 95| 46| if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { ------------------ | | 563| 46|#define mp_montgomery_setup(a, b) ltc_mp.montgomery_setup(a, b) ------------------ | Branch (95:7): [True: 0, False: 46] ------------------ 96| 0| goto ERR_P; 97| 0| } 98| 46| if ((err = mp_init(&mu)) != CRYPT_OK) { ------------------ | | 516| 46|#define mp_init(a) ltc_mp.init(a) ------------------ | Branch (98:7): [True: 0, False: 46] ------------------ 99| 0| goto ERR_MP; 100| 0| } 101| 46| if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { ------------------ | | 564| 46|#define mp_montgomery_normalization(a, b) ltc_mp.montgomery_normalization(a, b) ------------------ | Branch (101:7): [True: 0, False: 46] ------------------ 102| 0| goto ERR_MU; 103| 0| } 104| | 105| | /* copy ones ... */ 106| 46| if ((err = mp_mulmod(A->x, mu, modulus, precomp[1]->x)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 559| 46|#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) ------------------ | Branch (106:7): [True: 0, False: 46] ------------------ 107| 46| if ((err = mp_mulmod(A->y, mu, modulus, precomp[1]->y)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 559| 46|#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) ------------------ | Branch (107:7): [True: 0, False: 46] ------------------ 108| 46| if ((err = mp_mulmod(A->z, mu, modulus, precomp[1]->z)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 559| 46|#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) ------------------ | Branch (108:7): [True: 0, False: 46] ------------------ 109| | 110| 46| if ((err = mp_mulmod(B->x, mu, modulus, precomp[1<<2]->x)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 559| 46|#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) ------------------ | Branch (110:7): [True: 0, False: 46] ------------------ 111| 46| if ((err = mp_mulmod(B->y, mu, modulus, precomp[1<<2]->y)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 559| 46|#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) ------------------ | Branch (111:7): [True: 0, False: 46] ------------------ 112| 46| if ((err = mp_mulmod(B->z, mu, modulus, precomp[1<<2]->z)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 559| 46|#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) ------------------ | Branch (112:7): [True: 0, False: 46] ------------------ 113| | 114| | /* precomp [i,0](A + B) table */ 115| 46| if ((err = ltc_mp.ecc_ptdbl(precomp[1], precomp[2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } ------------------ | Branch (115:7): [True: 0, False: 46] ------------------ 116| 46| if ((err = ltc_mp.ecc_ptadd(precomp[1], precomp[2], precomp[3], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } ------------------ | Branch (116:7): [True: 0, False: 46] ------------------ 117| | 118| | /* precomp [0,i](A + B) table */ 119| 46| if ((err = ltc_mp.ecc_ptdbl(precomp[1<<2], precomp[2<<2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } ------------------ | Branch (119:7): [True: 0, False: 46] ------------------ 120| 46| if ((err = ltc_mp.ecc_ptadd(precomp[1<<2], precomp[2<<2], precomp[3<<2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } ------------------ | Branch (120:7): [True: 0, False: 46] ------------------ 121| | 122| | /* precomp [i,j](A + B) table (i != 0, j != 0) */ 123| 184| for (x = 1; x < 4; x++) { ------------------ | Branch (123:15): [True: 138, False: 46] ------------------ 124| 552| for (y = 1; y < 4; y++) { ------------------ | Branch (124:18): [True: 414, False: 138] ------------------ 125| 414| if ((err = ltc_mp.ecc_ptadd(precomp[x], precomp[(y<<2)], precomp[x+(y<<2)], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } ------------------ | Branch (125:13): [True: 0, False: 414] ------------------ 126| 414| } 127| 138| } 128| | 129| 46| nibble = 3; 130| 46| first = 1; 131| 46| bitbufA = tA[0]; 132| 46| bitbufB = tB[0]; 133| | 134| | /* for every byte of the multiplicands */ 135| 12.0k| for (x = 0;; ) { 136| | /* grab a nibble */ 137| 12.0k| if (++nibble == 4) { ------------------ | Branch (137:10): [True: 3.04k, False: 9.00k] ------------------ 138| 3.04k| if (x == len) break; ------------------ | Branch (138:13): [True: 46, False: 3.00k] ------------------ 139| 3.00k| bitbufA = tA[x]; 140| 3.00k| bitbufB = tB[x]; 141| 3.00k| nibble = 0; 142| 3.00k| ++x; 143| 3.00k| } 144| | 145| | /* extract two bits from both, shift/update */ 146| 12.0k| nA = (bitbufA >> 6) & 0x03; 147| 12.0k| nB = (bitbufB >> 6) & 0x03; 148| 12.0k| bitbufA = (bitbufA << 2) & 0xFF; 149| 12.0k| bitbufB = (bitbufB << 2) & 0xFF; 150| | 151| | /* if both zero, if first, continue */ 152| 12.0k| if ((nA == 0) && (nB == 0) && (first == 1)) { ------------------ | Branch (152:10): [True: 3.12k, False: 8.88k] | Branch (152:23): [True: 1.49k, False: 1.62k] | Branch (152:36): [True: 88, False: 1.40k] ------------------ 153| 88| continue; 154| 88| } 155| | 156| | /* double twice, only if this isn't the first */ 157| 11.9k| if (first == 0) { ------------------ | Branch (157:10): [True: 11.8k, False: 46] ------------------ 158| | /* double twice */ 159| 11.8k| if ((err = ltc_mp.ecc_ptdbl(C, C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; } ------------------ | Branch (159:13): [True: 0, False: 11.8k] ------------------ 160| 11.8k| if ((err = ltc_mp.ecc_ptdbl(C, C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; } ------------------ | Branch (160:13): [True: 0, False: 11.8k] ------------------ 161| 11.8k| } 162| | 163| | /* if not both zero */ 164| 11.9k| if ((nA != 0) || (nB != 0)) { ------------------ | Branch (164:10): [True: 8.88k, False: 3.03k] | Branch (164:23): [True: 1.62k, False: 1.40k] ------------------ 165| 10.5k| if (first == 1) { ------------------ | Branch (165:13): [True: 46, False: 10.4k] ------------------ 166| | /* if first, copy from table */ 167| 46| first = 0; 168| 46| if ((err = mp_copy(precomp[nA + (nB<<2)]->x, C->x)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 524| 46|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (168:16): [True: 0, False: 46] ------------------ 169| 46| if ((err = mp_copy(precomp[nA + (nB<<2)]->y, C->y)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 524| 46|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (169:16): [True: 0, False: 46] ------------------ 170| 46| if ((err = mp_copy(precomp[nA + (nB<<2)]->z, C->z)) != CRYPT_OK) { goto ERR_MU; } ------------------ | | 524| 46|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (170:16): [True: 0, False: 46] ------------------ 171| 10.4k| } else { 172| | /* if not first, add from table */ 173| 10.4k| if ((err = ltc_mp.ecc_ptadd(C, precomp[nA + (nB<<2)], C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; } ------------------ | Branch (173:16): [True: 0, False: 10.4k] ------------------ 174| 10.4k| } 175| 10.5k| } 176| 11.9k| } 177| | 178| | /* reduce to affine */ 179| 46| err = ltc_ecc_map(C, modulus, mp); 180| | 181| | /* clean up */ 182| 46|ERR_MU: 183| 46| mp_clear(mu); ------------------ | | 518| 46|#define mp_clear(a) ltc_mp.deinit(a) ------------------ 184| 46|ERR_MP: 185| 46| mp_montgomery_free(mp); ------------------ | | 566| 46|#define mp_montgomery_free(a) ltc_mp.montgomery_deinit(a) ------------------ 186| 46|ERR_P: 187| 782| for (x = 0; x < 16; x++) { ------------------ | Branch (187:16): [True: 736, False: 46] ------------------ 188| 736| ltc_ecc_del_point(precomp[x]); 189| 736| } 190| 46|ERR_T: 191| |#ifdef LTC_CLEAN_STACK 192| | zeromem(tA, ECC_BUF_SIZE); 193| | zeromem(tB, ECC_BUF_SIZE); 194| |#endif 195| 46| XFREE(tA); ------------------ | | 17| 46|#define XFREE m_free_direct ------------------ 196| 46| XFREE(tB); ------------------ | | 17| 46|#define XFREE m_free_direct ------------------ 197| | 198| 46| return err; 199| 46|} ltc_ecc_mulmod: 36| 704|{ 37| 704| ecc_point *tG, *M[3]; 38| 704| int i, j, err; 39| 704| void *mu, *mp; 40| 704| ltc_mp_digit buf; 41| 704| int bitcnt, mode, digidx; 42| | 43| 704| LTC_ARGCHK(k != NULL); ------------------ | | 32| 704|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 704] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 44| 704| LTC_ARGCHK(G != NULL); ------------------ | | 32| 704|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 704] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 45| 704| LTC_ARGCHK(R != NULL); ------------------ | | 32| 704|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 704] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 46| 704| LTC_ARGCHK(modulus != NULL); ------------------ | | 32| 704|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 704] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 47| | 48| | /* init montgomery reduction */ 49| 704| if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { ------------------ | | 563| 704|#define mp_montgomery_setup(a, b) ltc_mp.montgomery_setup(a, b) ------------------ | Branch (49:8): [True: 0, False: 704] ------------------ 50| 0| return err; 51| 0| } 52| 704| if ((err = mp_init(&mu)) != CRYPT_OK) { ------------------ | | 516| 704|#define mp_init(a) ltc_mp.init(a) ------------------ | Branch (52:8): [True: 0, False: 704] ------------------ 53| 0| mp_montgomery_free(mp); ------------------ | | 566| 0|#define mp_montgomery_free(a) ltc_mp.montgomery_deinit(a) ------------------ 54| 0| return err; 55| 0| } 56| 704| if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { ------------------ | | 564| 704|#define mp_montgomery_normalization(a, b) ltc_mp.montgomery_normalization(a, b) ------------------ | Branch (56:8): [True: 0, False: 704] ------------------ 57| 0| mp_clear(mu); ------------------ | | 518| 0|#define mp_clear(a) ltc_mp.deinit(a) ------------------ 58| 0| mp_montgomery_free(mp); ------------------ | | 566| 0|#define mp_montgomery_free(a) ltc_mp.montgomery_deinit(a) ------------------ 59| 0| return err; 60| 0| } 61| | 62| | /* alloc ram for window temps */ 63| 2.81k| for (i = 0; i < 3; i++) { ------------------ | Branch (63:16): [True: 2.11k, False: 704] ------------------ 64| 2.11k| M[i] = ltc_ecc_new_point(); 65| 2.11k| if (M[i] == NULL) { ------------------ | Branch (65:11): [True: 0, False: 2.11k] ------------------ 66| 0| for (j = 0; j < i; j++) { ------------------ | Branch (66:22): [True: 0, False: 0] ------------------ 67| 0| ltc_ecc_del_point(M[j]); 68| 0| } 69| 0| mp_clear(mu); ------------------ | | 518| 0|#define mp_clear(a) ltc_mp.deinit(a) ------------------ 70| 0| mp_montgomery_free(mp); ------------------ | | 566| 0|#define mp_montgomery_free(a) ltc_mp.montgomery_deinit(a) ------------------ 71| 0| return CRYPT_MEM; 72| 0| } 73| 2.11k| } 74| | 75| | /* make a copy of G incase R==G */ 76| 704| tG = ltc_ecc_new_point(); 77| 704| if (tG == NULL) { err = CRYPT_MEM; goto done; } ------------------ | Branch (77:8): [True: 0, False: 704] ------------------ 78| | 79| | /* tG = G and convert to montgomery */ 80| 704| if ((err = mp_mulmod(G->x, mu, modulus, tG->x)) != CRYPT_OK) { goto done; } ------------------ | | 559| 704|#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) ------------------ | Branch (80:8): [True: 0, False: 704] ------------------ 81| 704| if ((err = mp_mulmod(G->y, mu, modulus, tG->y)) != CRYPT_OK) { goto done; } ------------------ | | 559| 704|#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) ------------------ | Branch (81:8): [True: 0, False: 704] ------------------ 82| 704| if ((err = mp_mulmod(G->z, mu, modulus, tG->z)) != CRYPT_OK) { goto done; } ------------------ | | 559| 704|#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) ------------------ | Branch (82:8): [True: 0, False: 704] ------------------ 83| 704| mp_clear(mu); ------------------ | | 518| 704|#define mp_clear(a) ltc_mp.deinit(a) ------------------ 84| 704| mu = NULL; 85| | 86| | /* calc the M tab */ 87| | /* M[0] == G */ 88| 704| if ((err = mp_copy(tG->x, M[0]->x)) != CRYPT_OK) { goto done; } ------------------ | | 524| 704|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (88:8): [True: 0, False: 704] ------------------ 89| 704| if ((err = mp_copy(tG->y, M[0]->y)) != CRYPT_OK) { goto done; } ------------------ | | 524| 704|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (89:8): [True: 0, False: 704] ------------------ 90| 704| if ((err = mp_copy(tG->z, M[0]->z)) != CRYPT_OK) { goto done; } ------------------ | | 524| 704|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (90:8): [True: 0, False: 704] ------------------ 91| | /* M[1] == 2G */ 92| 704| if ((err = ltc_mp.ecc_ptdbl(tG, M[1], modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | Branch (92:8): [True: 0, False: 704] ------------------ 93| | 94| | /* setup sliding window */ 95| 704| mode = 0; 96| 704| bitcnt = 1; 97| 704| buf = 0; 98| 704| digidx = mp_get_digit_count(k) - 1; ------------------ | | 530| 704|#define mp_get_digit_count(a) ltc_mp.get_digit_count(a) ------------------ 99| | 100| | /* perform ops */ 101| 344k| for (;;) { 102| | /* grab next digit as required */ 103| 344k| if (--bitcnt == 0) { ------------------ | Branch (103:11): [True: 6.42k, False: 337k] ------------------ 104| 6.42k| if (digidx == -1) { ------------------ | Branch (104:14): [True: 704, False: 5.72k] ------------------ 105| 704| break; 106| 704| } 107| 5.72k| buf = mp_get_digit(k, digidx); ------------------ | | 529| 5.72k|#define mp_get_digit(a, n) ltc_mp.get_digit(a, n) ------------------ 108| 5.72k| bitcnt = (int) MP_DIGIT_BIT; ------------------ | | 513| 5.72k|#define MP_DIGIT_BIT ltc_mp.bits_per_digit ------------------ 109| 5.72k| --digidx; 110| 5.72k| } 111| | 112| | /* grab the next msb from the ltiplicand */ 113| 343k| i = (buf >> (MP_DIGIT_BIT - 1)) & 1; ------------------ | | 513| 343k|#define MP_DIGIT_BIT ltc_mp.bits_per_digit ------------------ 114| 343k| buf <<= 1; 115| | 116| 343k| if (mode == 0 && i == 0) { ------------------ | Branch (116:11): [True: 18.7k, False: 324k] | Branch (116:24): [True: 18.0k, False: 704] ------------------ 117| | /* dummy operations */ 118| 18.0k| if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | Branch (118:14): [True: 0, False: 18.0k] ------------------ 119| 18.0k| if ((err = ltc_mp.ecc_ptdbl(M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | Branch (119:14): [True: 0, False: 18.0k] ------------------ 120| 18.0k| continue; 121| 18.0k| } 122| | 123| 325k| if (mode == 0 && i == 1) { ------------------ | Branch (123:11): [True: 704, False: 324k] | Branch (123:24): [True: 704, False: 0] ------------------ 124| 704| mode = 1; 125| | /* dummy operations */ 126| 704| if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | Branch (126:14): [True: 0, False: 704] ------------------ 127| 704| if ((err = ltc_mp.ecc_ptdbl(M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | Branch (127:14): [True: 0, False: 704] ------------------ 128| 704| continue; 129| 704| } 130| | 131| 324k| if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[i^1], modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | Branch (131:11): [True: 0, False: 324k] ------------------ 132| 324k| if ((err = ltc_mp.ecc_ptdbl(M[i], M[i], modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | Branch (132:11): [True: 0, False: 324k] ------------------ 133| 324k| } 134| | 135| | /* copy result out */ 136| 704| if ((err = mp_copy(M[0]->x, R->x)) != CRYPT_OK) { goto done; } ------------------ | | 524| 704|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (136:8): [True: 0, False: 704] ------------------ 137| 704| if ((err = mp_copy(M[0]->y, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 524| 704|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (137:8): [True: 0, False: 704] ------------------ 138| 704| if ((err = mp_copy(M[0]->z, R->z)) != CRYPT_OK) { goto done; } ------------------ | | 524| 704|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (138:8): [True: 0, False: 704] ------------------ 139| | 140| | /* map R back from projective space */ 141| 704| if (map) { ------------------ | Branch (141:8): [True: 704, False: 0] ------------------ 142| 704| err = ltc_ecc_map(R, modulus, mp); 143| 704| } else { 144| 0| err = CRYPT_OK; 145| 0| } 146| 704|done: 147| 704| if (mu != NULL) { ------------------ | Branch (147:8): [True: 0, False: 704] ------------------ 148| 0| mp_clear(mu); ------------------ | | 518| 0|#define mp_clear(a) ltc_mp.deinit(a) ------------------ 149| 0| } 150| 704| mp_montgomery_free(mp); ------------------ | | 566| 704|#define mp_montgomery_free(a) ltc_mp.montgomery_deinit(a) ------------------ 151| 704| ltc_ecc_del_point(tG); 152| 2.81k| for (i = 0; i < 3; i++) { ------------------ | Branch (152:16): [True: 2.11k, False: 704] ------------------ 153| 2.11k| ltc_ecc_del_point(M[i]); 154| 2.11k| } 155| 704| return err; 156| 704|} ltc_ecc_new_point: 29| 4.44k|{ 30| 4.44k| ecc_point *p; 31| 4.44k| p = XCALLOC(1, sizeof(*p)); ------------------ | | 19| 4.44k|#define XCALLOC m_calloc ------------------ 32| 4.44k| if (p == NULL) { ------------------ | Branch (32:8): [True: 0, False: 4.44k] ------------------ 33| 0| return NULL; 34| 0| } 35| 4.44k| if (mp_init_multi(&p->x, &p->y, &p->z, NULL) != CRYPT_OK) { ------------------ | | 517| 4.44k|#define mp_init_multi ltc_init_multi ------------------ | Branch (35:8): [True: 0, False: 4.44k] ------------------ 36| 0| XFREE(p); ------------------ | | 17| 0|#define XFREE m_free_direct ------------------ 37| 0| return NULL; 38| 0| } 39| 4.44k| return p; 40| 4.44k|} ltc_ecc_del_point: 46| 4.44k|{ 47| | /* prevents free'ing null arguments */ 48| 4.44k| if (p != NULL) { ------------------ | Branch (48:8): [True: 4.44k, False: 0] ------------------ 49| 4.44k| mp_clear_multi(p->x, p->y, p->z, NULL); /* note: p->z may be NULL but that's ok with this function anyways */ ------------------ | | 519| 4.44k|#define mp_clear_multi ltc_deinit_multi ------------------ 50| 4.44k| XFREE(p); ------------------ | | 17| 4.44k|#define XFREE m_free_direct ------------------ 51| 4.44k| } 52| 4.44k|} ltc_ecc_projective_add_point: 34| 354k|{ 35| 354k| void *t1, *t2, *x, *y, *z; 36| 354k| int err; 37| | 38| 354k| LTC_ARGCHK(P != NULL); ------------------ | | 32| 354k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 354k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 39| 354k| LTC_ARGCHK(Q != NULL); ------------------ | | 32| 354k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 354k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 40| 354k| LTC_ARGCHK(R != NULL); ------------------ | | 32| 354k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 354k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 41| 354k| LTC_ARGCHK(modulus != NULL); ------------------ | | 32| 354k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 354k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 42| 354k| LTC_ARGCHK(mp != NULL); ------------------ | | 32| 354k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 354k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 43| | 44| 354k| if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != CRYPT_OK) { ------------------ | | 517| 354k|#define mp_init_multi ltc_init_multi ------------------ | Branch (44:8): [True: 0, False: 354k] ------------------ 45| 0| return err; 46| 0| } 47| | 48| | /* should we dbl instead? */ 49| 354k| if ((err = mp_sub(modulus, Q->y, t1)) != CRYPT_OK) { goto done; } ------------------ | | 545| 354k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (49:8): [True: 0, False: 354k] ------------------ 50| | 51| 354k| if ( (mp_cmp(P->x, Q->x) == LTC_MP_EQ) && ------------------ | | 531| 354k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if ( (mp_cmp(P->x, Q->x) == LTC_MP_EQ) && ------------------ | | 13| 354k|#define LTC_MP_EQ 0 ------------------ | Branch (51:9): [True: 0, False: 354k] ------------------ 52| 354k| (Q->z != NULL && mp_cmp(P->z, Q->z) == LTC_MP_EQ) && ------------------ | | 531| 0|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ (Q->z != NULL && mp_cmp(P->z, Q->z) == LTC_MP_EQ) && ------------------ | | 13| 0|#define LTC_MP_EQ 0 ------------------ | Branch (52:10): [True: 0, False: 0] | Branch (52:26): [True: 0, False: 0] ------------------ 53| 354k| (mp_cmp(P->y, Q->y) == LTC_MP_EQ || mp_cmp(P->y, t1) == LTC_MP_EQ)) { ------------------ | | 531| 0|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ (mp_cmp(P->y, Q->y) == LTC_MP_EQ || mp_cmp(P->y, t1) == LTC_MP_EQ)) { ------------------ | | 13| 0|#define LTC_MP_EQ 0 ------------------ (mp_cmp(P->y, Q->y) == LTC_MP_EQ || mp_cmp(P->y, t1) == LTC_MP_EQ)) { ------------------ | | 531| 0|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ (mp_cmp(P->y, Q->y) == LTC_MP_EQ || mp_cmp(P->y, t1) == LTC_MP_EQ)) { ------------------ | | 13| 0|#define LTC_MP_EQ 0 ------------------ | Branch (53:10): [True: 0, False: 0] | Branch (53:45): [True: 0, False: 0] ------------------ 54| 0| mp_clear_multi(t1, t2, x, y, z, NULL); ------------------ | | 519| 0|#define mp_clear_multi ltc_deinit_multi ------------------ 55| 0| return ltc_ecc_projective_dbl_point(P, R, modulus, mp); 56| 0| } 57| | 58| 354k| if ((err = mp_copy(P->x, x)) != CRYPT_OK) { goto done; } ------------------ | | 524| 354k|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (58:8): [True: 0, False: 354k] ------------------ 59| 354k| if ((err = mp_copy(P->y, y)) != CRYPT_OK) { goto done; } ------------------ | | 524| 354k|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (59:8): [True: 0, False: 354k] ------------------ 60| 354k| if ((err = mp_copy(P->z, z)) != CRYPT_OK) { goto done; } ------------------ | | 524| 354k|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (60:8): [True: 0, False: 354k] ------------------ 61| | 62| | /* if Z is one then these are no-operations */ 63| 354k| if (Q->z != NULL) { ------------------ | Branch (63:8): [True: 354k, False: 0] ------------------ 64| | /* T1 = Z' * Z' */ 65| 354k| if ((err = mp_sqr(Q->z, t1)) != CRYPT_OK) { goto done; } ------------------ | | 549| 354k|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (65:11): [True: 0, False: 354k] ------------------ 66| 354k| if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 354k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (66:11): [True: 0, False: 354k] ------------------ 67| | /* X = X * T1 */ 68| 354k| if ((err = mp_mul(t1, x, x)) != CRYPT_OK) { goto done; } ------------------ | | 547| 354k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (68:11): [True: 0, False: 354k] ------------------ 69| 354k| if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 354k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (69:11): [True: 0, False: 354k] ------------------ 70| | /* T1 = Z' * T1 */ 71| 354k| if ((err = mp_mul(Q->z, t1, t1)) != CRYPT_OK) { goto done; } ------------------ | | 547| 354k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (71:11): [True: 0, False: 354k] ------------------ 72| 354k| if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 354k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (72:11): [True: 0, False: 354k] ------------------ 73| | /* Y = Y * T1 */ 74| 354k| if ((err = mp_mul(t1, y, y)) != CRYPT_OK) { goto done; } ------------------ | | 547| 354k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (74:11): [True: 0, False: 354k] ------------------ 75| 354k| if ((err = mp_montgomery_reduce(y, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 354k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (75:11): [True: 0, False: 354k] ------------------ 76| 354k| } 77| | 78| | /* T1 = Z*Z */ 79| 354k| if ((err = mp_sqr(z, t1)) != CRYPT_OK) { goto done; } ------------------ | | 549| 354k|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (79:8): [True: 0, False: 354k] ------------------ 80| 354k| if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 354k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (80:8): [True: 0, False: 354k] ------------------ 81| | /* T2 = X' * T1 */ 82| 354k| if ((err = mp_mul(Q->x, t1, t2)) != CRYPT_OK) { goto done; } ------------------ | | 547| 354k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (82:8): [True: 0, False: 354k] ------------------ 83| 354k| if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 354k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (83:8): [True: 0, False: 354k] ------------------ 84| | /* T1 = Z * T1 */ 85| 354k| if ((err = mp_mul(z, t1, t1)) != CRYPT_OK) { goto done; } ------------------ | | 547| 354k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (85:8): [True: 0, False: 354k] ------------------ 86| 354k| if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 354k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (86:8): [True: 0, False: 354k] ------------------ 87| | /* T1 = Y' * T1 */ 88| 354k| if ((err = mp_mul(Q->y, t1, t1)) != CRYPT_OK) { goto done; } ------------------ | | 547| 354k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (88:8): [True: 0, False: 354k] ------------------ 89| 354k| if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 354k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (89:8): [True: 0, False: 354k] ------------------ 90| | 91| | /* Y = Y - T1 */ 92| 354k| if ((err = mp_sub(y, t1, y)) != CRYPT_OK) { goto done; } ------------------ | | 545| 354k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (92:8): [True: 0, False: 354k] ------------------ 93| 354k| if (mp_cmp_d(y, 0) == LTC_MP_LT) { ------------------ | | 532| 354k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(y, 0) == LTC_MP_LT) { ------------------ | | 12| 354k|#define LTC_MP_LT -1 ------------------ | Branch (93:8): [True: 167k, False: 186k] ------------------ 94| 167k| if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; } ------------------ | | 543| 167k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (94:11): [True: 0, False: 167k] ------------------ 95| 167k| } 96| | /* T1 = 2T1 */ 97| 354k| if ((err = mp_add(t1, t1, t1)) != CRYPT_OK) { goto done; } ------------------ | | 543| 354k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (97:8): [True: 0, False: 354k] ------------------ 98| 354k| if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 531| 354k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 12| 354k|#define LTC_MP_LT -1 ------------------ | Branch (98:8): [True: 171k, False: 183k] ------------------ 99| 171k| if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } ------------------ | | 545| 171k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (99:11): [True: 0, False: 171k] ------------------ 100| 171k| } 101| | /* T1 = Y + T1 */ 102| 354k| if ((err = mp_add(t1, y, t1)) != CRYPT_OK) { goto done; } ------------------ | | 543| 354k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (102:8): [True: 0, False: 354k] ------------------ 103| 354k| if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 531| 354k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 12| 354k|#define LTC_MP_LT -1 ------------------ | Branch (103:8): [True: 174k, False: 179k] ------------------ 104| 174k| if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } ------------------ | | 545| 174k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (104:11): [True: 0, False: 174k] ------------------ 105| 174k| } 106| | /* X = X - T2 */ 107| 354k| if ((err = mp_sub(x, t2, x)) != CRYPT_OK) { goto done; } ------------------ | | 545| 354k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (107:8): [True: 0, False: 354k] ------------------ 108| 354k| if (mp_cmp_d(x, 0) == LTC_MP_LT) { ------------------ | | 532| 354k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(x, 0) == LTC_MP_LT) { ------------------ | | 12| 354k|#define LTC_MP_LT -1 ------------------ | Branch (108:8): [True: 185k, False: 168k] ------------------ 109| 185k| if ((err = mp_add(x, modulus, x)) != CRYPT_OK) { goto done; } ------------------ | | 543| 185k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (109:11): [True: 0, False: 185k] ------------------ 110| 185k| } 111| | /* T2 = 2T2 */ 112| 354k| if ((err = mp_add(t2, t2, t2)) != CRYPT_OK) { goto done; } ------------------ | | 543| 354k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (112:8): [True: 0, False: 354k] ------------------ 113| 354k| if (mp_cmp(t2, modulus) != LTC_MP_LT) { ------------------ | | 531| 354k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(t2, modulus) != LTC_MP_LT) { ------------------ | | 12| 354k|#define LTC_MP_LT -1 ------------------ | Branch (113:8): [True: 172k, False: 182k] ------------------ 114| 172k| if ((err = mp_sub(t2, modulus, t2)) != CRYPT_OK) { goto done; } ------------------ | | 545| 172k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (114:11): [True: 0, False: 172k] ------------------ 115| 172k| } 116| | /* T2 = X + T2 */ 117| 354k| if ((err = mp_add(t2, x, t2)) != CRYPT_OK) { goto done; } ------------------ | | 543| 354k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (117:8): [True: 0, False: 354k] ------------------ 118| 354k| if (mp_cmp(t2, modulus) != LTC_MP_LT) { ------------------ | | 531| 354k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(t2, modulus) != LTC_MP_LT) { ------------------ | | 12| 354k|#define LTC_MP_LT -1 ------------------ | Branch (118:8): [True: 181k, False: 172k] ------------------ 119| 181k| if ((err = mp_sub(t2, modulus, t2)) != CRYPT_OK) { goto done; } ------------------ | | 545| 181k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (119:11): [True: 0, False: 181k] ------------------ 120| 181k| } 121| | 122| | /* if Z' != 1 */ 123| 354k| if (Q->z != NULL) { ------------------ | Branch (123:8): [True: 354k, False: 0] ------------------ 124| | /* Z = Z * Z' */ 125| 354k| if ((err = mp_mul(z, Q->z, z)) != CRYPT_OK) { goto done; } ------------------ | | 547| 354k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (125:11): [True: 0, False: 354k] ------------------ 126| 354k| if ((err = mp_montgomery_reduce(z, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 354k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (126:11): [True: 0, False: 354k] ------------------ 127| 354k| } 128| | 129| | /* Z = Z * X */ 130| 354k| if ((err = mp_mul(z, x, z)) != CRYPT_OK) { goto done; } ------------------ | | 547| 354k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (130:8): [True: 0, False: 354k] ------------------ 131| 354k| if ((err = mp_montgomery_reduce(z, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 354k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (131:8): [True: 0, False: 354k] ------------------ 132| | 133| | /* T1 = T1 * X */ 134| 354k| if ((err = mp_mul(t1, x, t1)) != CRYPT_OK) { goto done; } ------------------ | | 547| 354k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (134:8): [True: 0, False: 354k] ------------------ 135| 354k| if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 354k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (135:8): [True: 0, False: 354k] ------------------ 136| | /* X = X * X */ 137| 354k| if ((err = mp_sqr(x, x)) != CRYPT_OK) { goto done; } ------------------ | | 549| 354k|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (137:8): [True: 0, False: 354k] ------------------ 138| 354k| if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 354k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (138:8): [True: 0, False: 354k] ------------------ 139| | /* T2 = T2 * x */ 140| 354k| if ((err = mp_mul(t2, x, t2)) != CRYPT_OK) { goto done; } ------------------ | | 547| 354k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (140:8): [True: 0, False: 354k] ------------------ 141| 354k| if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 354k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (141:8): [True: 0, False: 354k] ------------------ 142| | /* T1 = T1 * X */ 143| 354k| if ((err = mp_mul(t1, x, t1)) != CRYPT_OK) { goto done; } ------------------ | | 547| 354k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (143:8): [True: 0, False: 354k] ------------------ 144| 354k| if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 354k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (144:8): [True: 0, False: 354k] ------------------ 145| | 146| | /* X = Y*Y */ 147| 354k| if ((err = mp_sqr(y, x)) != CRYPT_OK) { goto done; } ------------------ | | 549| 354k|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (147:8): [True: 0, False: 354k] ------------------ 148| 354k| if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 354k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (148:8): [True: 0, False: 354k] ------------------ 149| | /* X = X - T2 */ 150| 354k| if ((err = mp_sub(x, t2, x)) != CRYPT_OK) { goto done; } ------------------ | | 545| 354k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (150:8): [True: 0, False: 354k] ------------------ 151| 354k| if (mp_cmp_d(x, 0) == LTC_MP_LT) { ------------------ | | 532| 354k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(x, 0) == LTC_MP_LT) { ------------------ | | 12| 354k|#define LTC_MP_LT -1 ------------------ | Branch (151:8): [True: 180k, False: 173k] ------------------ 152| 180k| if ((err = mp_add(x, modulus, x)) != CRYPT_OK) { goto done; } ------------------ | | 543| 180k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (152:11): [True: 0, False: 180k] ------------------ 153| 180k| } 154| | 155| | /* T2 = T2 - X */ 156| 354k| if ((err = mp_sub(t2, x, t2)) != CRYPT_OK) { goto done; } ------------------ | | 545| 354k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (156:8): [True: 0, False: 354k] ------------------ 157| 354k| if (mp_cmp_d(t2, 0) == LTC_MP_LT) { ------------------ | | 532| 354k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(t2, 0) == LTC_MP_LT) { ------------------ | | 12| 354k|#define LTC_MP_LT -1 ------------------ | Branch (157:8): [True: 185k, False: 168k] ------------------ 158| 185k| if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; } ------------------ | | 543| 185k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (158:11): [True: 0, False: 185k] ------------------ 159| 185k| } 160| | /* T2 = T2 - X */ 161| 354k| if ((err = mp_sub(t2, x, t2)) != CRYPT_OK) { goto done; } ------------------ | | 545| 354k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (161:8): [True: 0, False: 354k] ------------------ 162| 354k| if (mp_cmp_d(t2, 0) == LTC_MP_LT) { ------------------ | | 532| 354k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(t2, 0) == LTC_MP_LT) { ------------------ | | 12| 354k|#define LTC_MP_LT -1 ------------------ | Branch (162:8): [True: 176k, False: 177k] ------------------ 163| 176k| if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; } ------------------ | | 543| 176k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (163:11): [True: 0, False: 176k] ------------------ 164| 176k| } 165| | /* T2 = T2 * Y */ 166| 354k| if ((err = mp_mul(t2, y, t2)) != CRYPT_OK) { goto done; } ------------------ | | 547| 354k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (166:8): [True: 0, False: 354k] ------------------ 167| 354k| if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 354k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (167:8): [True: 0, False: 354k] ------------------ 168| | /* Y = T2 - T1 */ 169| 354k| if ((err = mp_sub(t2, t1, y)) != CRYPT_OK) { goto done; } ------------------ | | 545| 354k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (169:8): [True: 0, False: 354k] ------------------ 170| 354k| if (mp_cmp_d(y, 0) == LTC_MP_LT) { ------------------ | | 532| 354k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(y, 0) == LTC_MP_LT) { ------------------ | | 12| 354k|#define LTC_MP_LT -1 ------------------ | Branch (170:8): [True: 183k, False: 170k] ------------------ 171| 183k| if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; } ------------------ | | 543| 183k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (171:11): [True: 0, False: 183k] ------------------ 172| 183k| } 173| | /* Y = Y/2 */ 174| 354k| if (mp_isodd(y)) { ------------------ | | 572| 354k|#define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 530| 354k|#define mp_get_digit_count(a) ltc_mp.get_digit_count(a) | | ------------------ | | #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 529| 354k|#define mp_get_digit(a, n) ltc_mp.get_digit(a, n) | | ------------------ | | #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 17| 174k|#define LTC_MP_YES 1 | | ------------------ | | #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 16| 179k|#define LTC_MP_NO 0 | | ------------------ | | #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 16| 0|#define LTC_MP_NO 0 | | ------------------ | | | Branch (572:38): [True: 174k, False: 179k] | | | Branch (572:39): [True: 354k, False: 0] | | | Branch (572:68): [True: 174k, False: 179k] | | ------------------ ------------------ 175| 174k| if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; } ------------------ | | 543| 174k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (175:11): [True: 0, False: 174k] ------------------ 176| 174k| } 177| 354k| if ((err = mp_div_2(y, y)) != CRYPT_OK) { goto done; } ------------------ | | 551| 354k|#define mp_div_2(a, b) ltc_mp.div_2(a, b) ------------------ | Branch (177:8): [True: 0, False: 354k] ------------------ 178| | 179| 354k| if ((err = mp_copy(x, R->x)) != CRYPT_OK) { goto done; } ------------------ | | 524| 354k|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (179:8): [True: 0, False: 354k] ------------------ 180| 354k| if ((err = mp_copy(y, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 524| 354k|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (180:8): [True: 0, False: 354k] ------------------ 181| 354k| if ((err = mp_copy(z, R->z)) != CRYPT_OK) { goto done; } ------------------ | | 524| 354k|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (181:8): [True: 0, False: 354k] ------------------ 182| | 183| 354k| err = CRYPT_OK; 184| 354k|done: 185| 354k| mp_clear_multi(t1, t2, x, y, z, NULL); ------------------ | | 519| 354k|#define mp_clear_multi ltc_deinit_multi ------------------ 186| 354k| return err; 187| 354k|} ltc_ecc_projective_dbl_point: 33| 367k|{ 34| 367k| void *t1, *t2; 35| 367k| int err; 36| | 37| 367k| LTC_ARGCHK(P != NULL); ------------------ | | 32| 367k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 367k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 38| 367k| LTC_ARGCHK(R != NULL); ------------------ | | 32| 367k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 367k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 39| 367k| LTC_ARGCHK(modulus != NULL); ------------------ | | 32| 367k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 367k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 40| 367k| LTC_ARGCHK(mp != NULL); ------------------ | | 32| 367k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 367k] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 41| | 42| 367k| if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) { ------------------ | | 517| 367k|#define mp_init_multi ltc_init_multi ------------------ | Branch (42:8): [True: 0, False: 367k] ------------------ 43| 0| return err; 44| 0| } 45| | 46| 367k| if (P != R) { ------------------ | Branch (46:8): [True: 19.5k, False: 348k] ------------------ 47| 19.5k| if ((err = mp_copy(P->x, R->x)) != CRYPT_OK) { goto done; } ------------------ | | 524| 19.5k|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (47:11): [True: 0, False: 19.5k] ------------------ 48| 19.5k| if ((err = mp_copy(P->y, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 524| 19.5k|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (48:11): [True: 0, False: 19.5k] ------------------ 49| 19.5k| if ((err = mp_copy(P->z, R->z)) != CRYPT_OK) { goto done; } ------------------ | | 524| 19.5k|#define mp_copy(a, b) ltc_mp.copy(a, b) ------------------ | Branch (49:11): [True: 0, False: 19.5k] ------------------ 50| 19.5k| } 51| | 52| | /* t1 = Z * Z */ 53| 367k| if ((err = mp_sqr(R->z, t1)) != CRYPT_OK) { goto done; } ------------------ | | 549| 367k|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (53:8): [True: 0, False: 367k] ------------------ 54| 367k| if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 367k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (54:8): [True: 0, False: 367k] ------------------ 55| | /* Z = Y * Z */ 56| 367k| if ((err = mp_mul(R->z, R->y, R->z)) != CRYPT_OK) { goto done; } ------------------ | | 547| 367k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (56:8): [True: 0, False: 367k] ------------------ 57| 367k| if ((err = mp_montgomery_reduce(R->z, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 367k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (57:8): [True: 0, False: 367k] ------------------ 58| | /* Z = 2Z */ 59| 367k| if ((err = mp_add(R->z, R->z, R->z)) != CRYPT_OK) { goto done; } ------------------ | | 543| 367k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (59:8): [True: 0, False: 367k] ------------------ 60| 367k| if (mp_cmp(R->z, modulus) != LTC_MP_LT) { ------------------ | | 531| 367k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(R->z, modulus) != LTC_MP_LT) { ------------------ | | 12| 367k|#define LTC_MP_LT -1 ------------------ | Branch (60:8): [True: 182k, False: 185k] ------------------ 61| 182k| if ((err = mp_sub(R->z, modulus, R->z)) != CRYPT_OK) { goto done; } ------------------ | | 545| 182k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (61:11): [True: 0, False: 182k] ------------------ 62| 182k| } 63| | 64| | /* T2 = X - T1 */ 65| 367k| if ((err = mp_sub(R->x, t1, t2)) != CRYPT_OK) { goto done; } ------------------ | | 545| 367k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (65:8): [True: 0, False: 367k] ------------------ 66| 367k| if (mp_cmp_d(t2, 0) == LTC_MP_LT) { ------------------ | | 532| 367k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(t2, 0) == LTC_MP_LT) { ------------------ | | 12| 367k|#define LTC_MP_LT -1 ------------------ | Branch (66:8): [True: 181k, False: 186k] ------------------ 67| 181k| if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; } ------------------ | | 543| 181k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (67:11): [True: 0, False: 181k] ------------------ 68| 181k| } 69| | /* T1 = X + T1 */ 70| 367k| if ((err = mp_add(t1, R->x, t1)) != CRYPT_OK) { goto done; } ------------------ | | 543| 367k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (70:8): [True: 0, False: 367k] ------------------ 71| 367k| if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 531| 367k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 12| 367k|#define LTC_MP_LT -1 ------------------ | Branch (71:8): [True: 184k, False: 183k] ------------------ 72| 184k| if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } ------------------ | | 545| 184k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (72:11): [True: 0, False: 184k] ------------------ 73| 184k| } 74| | /* T2 = T1 * T2 */ 75| 367k| if ((err = mp_mul(t1, t2, t2)) != CRYPT_OK) { goto done; } ------------------ | | 547| 367k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (75:8): [True: 0, False: 367k] ------------------ 76| 367k| if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 367k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (76:8): [True: 0, False: 367k] ------------------ 77| | /* T1 = 2T2 */ 78| 367k| if ((err = mp_add(t2, t2, t1)) != CRYPT_OK) { goto done; } ------------------ | | 543| 367k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (78:8): [True: 0, False: 367k] ------------------ 79| 367k| if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 531| 367k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 12| 367k|#define LTC_MP_LT -1 ------------------ | Branch (79:8): [True: 187k, False: 180k] ------------------ 80| 187k| if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } ------------------ | | 545| 187k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (80:11): [True: 0, False: 187k] ------------------ 81| 187k| } 82| | /* T1 = T1 + T2 */ 83| 367k| if ((err = mp_add(t1, t2, t1)) != CRYPT_OK) { goto done; } ------------------ | | 543| 367k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (83:8): [True: 0, False: 367k] ------------------ 84| 367k| if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 531| 367k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(t1, modulus) != LTC_MP_LT) { ------------------ | | 12| 367k|#define LTC_MP_LT -1 ------------------ | Branch (84:8): [True: 181k, False: 186k] ------------------ 85| 181k| if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } ------------------ | | 545| 181k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (85:11): [True: 0, False: 181k] ------------------ 86| 181k| } 87| | 88| | /* Y = 2Y */ 89| 367k| if ((err = mp_add(R->y, R->y, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 543| 367k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (89:8): [True: 0, False: 367k] ------------------ 90| 367k| if (mp_cmp(R->y, modulus) != LTC_MP_LT) { ------------------ | | 531| 367k|#define mp_cmp(a, b) ltc_mp.compare(a, b) ------------------ if (mp_cmp(R->y, modulus) != LTC_MP_LT) { ------------------ | | 12| 367k|#define LTC_MP_LT -1 ------------------ | Branch (90:8): [True: 181k, False: 186k] ------------------ 91| 181k| if ((err = mp_sub(R->y, modulus, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 545| 181k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (91:11): [True: 0, False: 181k] ------------------ 92| 181k| } 93| | /* Y = Y * Y */ 94| 367k| if ((err = mp_sqr(R->y, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 549| 367k|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (94:8): [True: 0, False: 367k] ------------------ 95| 367k| if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 367k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (95:8): [True: 0, False: 367k] ------------------ 96| | /* T2 = Y * Y */ 97| 367k| if ((err = mp_sqr(R->y, t2)) != CRYPT_OK) { goto done; } ------------------ | | 549| 367k|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (97:8): [True: 0, False: 367k] ------------------ 98| 367k| if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 367k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (98:8): [True: 0, False: 367k] ------------------ 99| | /* T2 = T2/2 */ 100| 367k| if (mp_isodd(t2)) { ------------------ | | 572| 367k|#define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 530| 367k|#define mp_get_digit_count(a) ltc_mp.get_digit_count(a) | | ------------------ | | #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 529| 367k|#define mp_get_digit(a, n) ltc_mp.get_digit(a, n) | | ------------------ | | #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 17| 181k|#define LTC_MP_YES 1 | | ------------------ | | #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 16| 186k|#define LTC_MP_NO 0 | | ------------------ | | #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) | | ------------------ | | | | 16| 0|#define LTC_MP_NO 0 | | ------------------ | | | Branch (572:38): [True: 181k, False: 186k] | | | Branch (572:39): [True: 367k, False: 0] | | | Branch (572:68): [True: 181k, False: 186k] | | ------------------ ------------------ 101| 181k| if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; } ------------------ | | 543| 181k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (101:11): [True: 0, False: 181k] ------------------ 102| 181k| } 103| 367k| if ((err = mp_div_2(t2, t2)) != CRYPT_OK) { goto done; } ------------------ | | 551| 367k|#define mp_div_2(a, b) ltc_mp.div_2(a, b) ------------------ | Branch (103:8): [True: 0, False: 367k] ------------------ 104| | /* Y = Y * X */ 105| 367k| if ((err = mp_mul(R->y, R->x, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 547| 367k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (105:8): [True: 0, False: 367k] ------------------ 106| 367k| if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 367k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (106:8): [True: 0, False: 367k] ------------------ 107| | 108| | /* X = T1 * T1 */ 109| 367k| if ((err = mp_sqr(t1, R->x)) != CRYPT_OK) { goto done; } ------------------ | | 549| 367k|#define mp_sqr(a, b) ltc_mp.sqr(a, b) ------------------ | Branch (109:8): [True: 0, False: 367k] ------------------ 110| 367k| if ((err = mp_montgomery_reduce(R->x, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 367k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (110:8): [True: 0, False: 367k] ------------------ 111| | /* X = X - Y */ 112| 367k| if ((err = mp_sub(R->x, R->y, R->x)) != CRYPT_OK) { goto done; } ------------------ | | 545| 367k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (112:8): [True: 0, False: 367k] ------------------ 113| 367k| if (mp_cmp_d(R->x, 0) == LTC_MP_LT) { ------------------ | | 532| 367k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(R->x, 0) == LTC_MP_LT) { ------------------ | | 12| 367k|#define LTC_MP_LT -1 ------------------ | Branch (113:8): [True: 177k, False: 190k] ------------------ 114| 177k| if ((err = mp_add(R->x, modulus, R->x)) != CRYPT_OK) { goto done; } ------------------ | | 543| 177k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (114:11): [True: 0, False: 177k] ------------------ 115| 177k| } 116| | /* X = X - Y */ 117| 367k| if ((err = mp_sub(R->x, R->y, R->x)) != CRYPT_OK) { goto done; } ------------------ | | 545| 367k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (117:8): [True: 0, False: 367k] ------------------ 118| 367k| if (mp_cmp_d(R->x, 0) == LTC_MP_LT) { ------------------ | | 532| 367k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(R->x, 0) == LTC_MP_LT) { ------------------ | | 12| 367k|#define LTC_MP_LT -1 ------------------ | Branch (118:8): [True: 181k, False: 186k] ------------------ 119| 181k| if ((err = mp_add(R->x, modulus, R->x)) != CRYPT_OK) { goto done; } ------------------ | | 543| 181k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (119:11): [True: 0, False: 181k] ------------------ 120| 181k| } 121| | 122| | /* Y = Y - X */ 123| 367k| if ((err = mp_sub(R->y, R->x, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 545| 367k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (123:8): [True: 0, False: 367k] ------------------ 124| 367k| if (mp_cmp_d(R->y, 0) == LTC_MP_LT) { ------------------ | | 532| 367k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(R->y, 0) == LTC_MP_LT) { ------------------ | | 12| 367k|#define LTC_MP_LT -1 ------------------ | Branch (124:8): [True: 188k, False: 179k] ------------------ 125| 188k| if ((err = mp_add(R->y, modulus, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 543| 188k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (125:11): [True: 0, False: 188k] ------------------ 126| 188k| } 127| | /* Y = Y * T1 */ 128| 367k| if ((err = mp_mul(R->y, t1, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 547| 367k|#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) ------------------ | Branch (128:8): [True: 0, False: 367k] ------------------ 129| 367k| if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; } ------------------ | | 565| 367k|#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) ------------------ | Branch (129:8): [True: 0, False: 367k] ------------------ 130| | /* Y = Y - T2 */ 131| 367k| if ((err = mp_sub(R->y, t2, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 545| 367k|#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) ------------------ | Branch (131:8): [True: 0, False: 367k] ------------------ 132| 367k| if (mp_cmp_d(R->y, 0) == LTC_MP_LT) { ------------------ | | 532| 367k|#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) ------------------ if (mp_cmp_d(R->y, 0) == LTC_MP_LT) { ------------------ | | 12| 367k|#define LTC_MP_LT -1 ------------------ | Branch (132:8): [True: 183k, False: 184k] ------------------ 133| 183k| if ((err = mp_add(R->y, modulus, R->y)) != CRYPT_OK) { goto done; } ------------------ | | 543| 183k|#define mp_add(a, b, c) ltc_mp.add(a, b, c) ------------------ | Branch (133:11): [True: 0, False: 183k] ------------------ 134| 183k| } 135| | 136| 367k| err = CRYPT_OK; 137| 367k|done: 138| 367k| mp_clear_multi(t1, t2, NULL); ------------------ | | 519| 367k|#define mp_clear_multi ltc_deinit_multi ------------------ 139| 367k| return err; 140| 367k|} mp_2expt: 12| 3.79k|{ 13| 3.79k| mp_err err; 14| | 15| | /* zero a as per default */ 16| 3.79k| mp_zero(a); 17| | 18| | /* grow a to accomodate the single bit */ 19| 3.79k| if ((err = mp_grow(a, (b / MP_DIGIT_BIT) + 1)) != MP_OKAY) { ------------------ | | 82| 3.79k|# define MP_DIGIT_BIT 60 ------------------ if ((err = mp_grow(a, (b / MP_DIGIT_BIT) + 1)) != MP_OKAY) { ------------------ | | 161| 3.79k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (19:8): [True: 0, False: 3.79k] ------------------ 20| 0| return err; 21| 0| } 22| | 23| | /* set the used count of where the bit will go */ 24| 3.79k| a->used = (b / MP_DIGIT_BIT) + 1; ------------------ | | 82| 3.79k|# define MP_DIGIT_BIT 60 ------------------ 25| | 26| | /* put the single bit in its place */ 27| 3.79k| a->dp[b / MP_DIGIT_BIT] = (mp_digit)1 << (mp_digit)(b % MP_DIGIT_BIT); ------------------ | | 82| 3.79k|# define MP_DIGIT_BIT 60 ------------------ a->dp[b / MP_DIGIT_BIT] = (mp_digit)1 << (mp_digit)(b % MP_DIGIT_BIT); ------------------ | | 82| 3.79k|# define MP_DIGIT_BIT 60 ------------------ 28| | 29| 3.79k| return MP_OKAY; ------------------ | | 161| 3.79k|#define MP_OKAY 0 /* no error */ ------------------ 30| 3.79k|} mp_add: 8| 5.61M|{ 9| 5.61M| mp_sign sa, sb; 10| 5.61M| mp_err err; 11| | 12| | /* get sign of both inputs */ 13| 5.61M| sa = a->sign; 14| 5.61M| sb = b->sign; 15| | 16| | /* handle two cases, not four */ 17| 5.61M| if (sa == sb) { ------------------ | Branch (17:8): [True: 3.62M, False: 1.99M] ------------------ 18| | /* both positive or both negative */ 19| | /* add their magnitudes, copy the sign */ 20| 3.62M| c->sign = sa; 21| 3.62M| err = s_mp_add(a, b, c); 22| 3.62M| } else { 23| | /* one positive, the other negative */ 24| | /* subtract the one with the greater magnitude from */ 25| | /* the one of the lesser magnitude. The result gets */ 26| | /* the sign of the one with the greater magnitude. */ 27| 1.99M| if (mp_cmp_mag(a, b) == MP_LT) { ------------------ | | 154| 1.99M|#define MP_LT -1 /* less than */ ------------------ | Branch (27:11): [True: 1.99M, False: 206] ------------------ 28| 1.99M| c->sign = sb; 29| 1.99M| err = s_mp_sub(b, a, c); 30| 1.99M| } else { 31| 206| c->sign = sa; 32| 206| err = s_mp_sub(a, b, c); 33| 206| } 34| 1.99M| } 35| 5.61M| return err; 36| 5.61M|} mp_add_d: 8| 366k|{ 9| 366k| mp_err err; 10| 366k| int ix, oldused; 11| 366k| mp_digit *tmpa, *tmpc; 12| | 13| | /* grow c as required */ 14| 366k| if (c->alloc < (a->used + 1)) { ------------------ | Branch (14:8): [True: 0, False: 366k] ------------------ 15| 0| if ((err = mp_grow(c, a->used + 1)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (15:11): [True: 0, False: 0] ------------------ 16| 0| return err; 17| 0| } 18| 0| } 19| | 20| | /* if a is negative and |a| >= b, call c = |a| - b */ 21| 366k| if ((a->sign == MP_NEG) && ((a->used > 1) || (a->dp[0] >= b))) { ------------------ | | 152| 366k|#define MP_NEG 1 /* negative */ ------------------ | Branch (21:8): [True: 0, False: 366k] | Branch (21:32): [True: 0, False: 0] | Branch (21:49): [True: 0, False: 0] ------------------ 22| 0| mp_int a_ = *a; 23| | /* temporarily fix sign of a */ 24| 0| a_.sign = MP_ZPOS; ------------------ | | 151| 0|#define MP_ZPOS 0 /* positive integer */ ------------------ 25| | 26| | /* c = |a| - b */ 27| 0| err = mp_sub_d(&a_, b, c); 28| | 29| | /* fix sign */ 30| 0| c->sign = MP_NEG; ------------------ | | 152| 0|#define MP_NEG 1 /* negative */ ------------------ 31| | 32| | /* clamp */ 33| 0| mp_clamp(c); 34| | 35| 0| return err; 36| 0| } 37| | 38| | /* old number of used digits in c */ 39| 366k| oldused = c->used; 40| | 41| | /* source alias */ 42| 366k| tmpa = a->dp; 43| | 44| | /* destination alias */ 45| 366k| tmpc = c->dp; 46| | 47| | /* if a is positive */ 48| 366k| if (a->sign == MP_ZPOS) { ------------------ | | 151| 366k|#define MP_ZPOS 0 /* positive integer */ ------------------ | Branch (48:8): [True: 366k, False: 0] ------------------ 49| | /* add digits, mu is carry */ 50| 366k| mp_digit mu = b; 51| 2.04M| for (ix = 0; ix < a->used; ix++) { ------------------ | Branch (51:20): [True: 1.67M, False: 366k] ------------------ 52| 1.67M| *tmpc = *tmpa++ + mu; 53| 1.67M| mu = *tmpc >> MP_DIGIT_BIT; ------------------ | | 82| 1.67M|# define MP_DIGIT_BIT 60 ------------------ 54| 1.67M| *tmpc++ &= MP_MASK; ------------------ | | 106| 1.67M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 1.67M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 55| 1.67M| } 56| | /* set final carry */ 57| 366k| ix++; 58| 366k| *tmpc++ = mu; 59| | 60| | /* setup size */ 61| 366k| c->used = a->used + 1; 62| 366k| } else { 63| | /* a was negative and |a| < b */ 64| 0| c->used = 1; 65| | 66| | /* the result is a single digit */ 67| 0| if (a->used == 1) { ------------------ | Branch (67:11): [True: 0, False: 0] ------------------ 68| 0| *tmpc++ = b - a->dp[0]; 69| 0| } else { 70| 0| *tmpc++ = b; 71| 0| } 72| | 73| | /* setup count so the clearing of oldused 74| | * can fall through correctly 75| | */ 76| 0| ix = 1; 77| 0| } 78| | 79| | /* sign always positive */ 80| 366k| c->sign = MP_ZPOS; ------------------ | | 151| 366k|#define MP_ZPOS 0 /* positive integer */ ------------------ 81| | 82| | /* now zero to oldused */ 83| 366k| MP_ZERO_DIGITS(tmpc, oldused - ix); ------------------ | | 89| 366k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 366k|do { \ | | 91| 366k| int zd_ = (digits); \ | | 92| 366k| mp_digit* zm_ = (mem); \ | | 93| 366k| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 0, False: 366k] | | ------------------ | | 94| 0| *zm_++ = 0; \ | | 95| 0| } \ | | 96| 366k|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 84| 366k| mp_clamp(c); 85| | 86| 366k| return MP_OKAY; ------------------ | | 161| 366k|#define MP_OKAY 0 /* no error */ ------------------ 87| 366k|} mp_clamp: 14| 79.0M|{ 15| | /* decrease used while the most significant digit is 16| | * zero. 17| | */ 18| 174M| while ((a->used > 0) && (a->dp[a->used - 1] == 0u)) { ------------------ | Branch (18:11): [True: 174M, False: 133k] | Branch (18:28): [True: 95.1M, False: 78.9M] ------------------ 19| 95.1M| --(a->used); 20| 95.1M| } 21| | 22| | /* reset the sign flag if used == 0 */ 23| 79.0M| if (a->used == 0) { ------------------ | Branch (23:8): [True: 133k, False: 78.9M] ------------------ 24| 133k| a->sign = MP_ZPOS; ------------------ | | 151| 133k|#define MP_ZPOS 0 /* positive integer */ ------------------ 25| 133k| } 26| 79.0M|} mp_clear: 8| 2.79M|{ 9| | /* only do anything if a hasn't been freed previously */ 10| 2.79M| if (a->dp != NULL) { ------------------ | Branch (10:8): [True: 2.79M, False: 0] ------------------ 11| | /* free ram */ 12| 2.79M| MP_FREE_DIGITS(a->dp, a->alloc); ------------------ | | 58| 2.79M|# define MP_FREE_DIGITS(mem, digits) \ | | 59| 2.79M|do { \ | | 60| 2.79M| int fd_ = (digits); \ | | 61| 2.79M| void* fm_ = (mem); \ | | 62| 2.79M| if (fm_ != NULL) { \ | | ------------------ | | | Branch (62:8): [True: 2.79M, False: 0] | | ------------------ | | 63| 2.79M| size_t fs_ = sizeof (mp_digit) * (size_t)fd_; \ | | 64| 2.79M| MP_ZERO_BUFFER(fm_, fs_); \ | | ------------------ | | | | 81| 2.79M|# define MP_ZERO_BUFFER(mem, size) \ | | | | 82| 2.79M|do { \ | | | | 83| 2.79M| size_t zs_ = (size); \ | | | | 84| 2.79M| char* zm_ = (char*)(mem); \ | | | | 85| 759M| while (zs_-- > 0u) { \ | | | | ------------------ | | | | | Branch (85:11): [True: 756M, False: 2.79M] | | | | ------------------ | | | | 86| 756M| *zm_++ = '\0'; \ | | | | 87| 756M| } \ | | | | 88| 2.79M|} while (0) | | | | ------------------ | | | | | Branch (88:10): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 65| 2.79M| MP_FREE(fm_, fs_); \ | | ------------------ | | | | 1324| 2.79M|#define MP_FREE m_free_ltm | | ------------------ | | 66| 2.79M| } \ | | 67| 2.79M|} while (0) | | ------------------ | | | Branch (67:10): [Folded - Ignored] | | ------------------ ------------------ 13| | 14| | /* reset members to make debugging easier */ 15| 2.79M| a->dp = NULL; 16| 2.79M| a->alloc = a->used = 0; 17| 2.79M| a->sign = MP_ZPOS; ------------------ | | 151| 2.79M|#define MP_ZPOS 0 /* positive integer */ ------------------ 18| 2.79M| } 19| 2.79M|} mp_clear_multi: 9| 5.24k|{ 10| 5.24k| mp_int *next_mp = mp; 11| 5.24k| va_list args; 12| 5.24k| va_start(args, mp); 13| 22.1k| while (next_mp != NULL) { ------------------ | Branch (13:11): [True: 16.9k, False: 5.24k] ------------------ 14| 16.9k| mp_clear(next_mp); 15| 16.9k| next_mp = va_arg(args, mp_int *); 16| 16.9k| } 17| 5.24k| va_end(args); 18| 5.24k|} mp_cmp: 8| 3.97M|{ 9| | /* compare based on sign */ 10| 3.97M| if (a->sign != b->sign) { ------------------ | Branch (10:8): [True: 0, False: 3.97M] ------------------ 11| 0| if (a->sign == MP_NEG) { ------------------ | | 152| 0|#define MP_NEG 1 /* negative */ ------------------ | Branch (11:11): [True: 0, False: 0] ------------------ 12| 0| return MP_LT; ------------------ | | 154| 0|#define MP_LT -1 /* less than */ ------------------ 13| 0| } else { 14| 0| return MP_GT; ------------------ | | 156| 0|#define MP_GT 1 /* greater than */ ------------------ 15| 0| } 16| 0| } 17| | 18| | /* compare digits */ 19| 3.97M| if (a->sign == MP_NEG) { ------------------ | | 152| 3.97M|#define MP_NEG 1 /* negative */ ------------------ | Branch (19:8): [True: 0, False: 3.97M] ------------------ 20| | /* if negative compare opposite direction */ 21| 0| return mp_cmp_mag(b, a); 22| 3.97M| } else { 23| 3.97M| return mp_cmp_mag(a, b); 24| 3.97M| } 25| 3.97M|} mp_cmp_d: 8| 3.99M|{ 9| | /* compare based on sign */ 10| 3.99M| if (a->sign == MP_NEG) { ------------------ | | 152| 3.99M|#define MP_NEG 1 /* negative */ ------------------ | Branch (10:8): [True: 1.99M, False: 2.00M] ------------------ 11| 1.99M| return MP_LT; ------------------ | | 154| 1.99M|#define MP_LT -1 /* less than */ ------------------ 12| 1.99M| } 13| | 14| | /* compare based on magnitude */ 15| 2.00M| if (a->used > 1) { ------------------ | Branch (15:8): [True: 1.99M, False: 12.3k] ------------------ 16| 1.99M| return MP_GT; ------------------ | | 156| 1.99M|#define MP_GT 1 /* greater than */ ------------------ 17| 1.99M| } 18| | 19| | /* compare the only digit of a to b */ 20| 12.3k| if (a->dp[0] > b) { ------------------ | Branch (20:8): [True: 2.50k, False: 9.79k] ------------------ 21| 2.50k| return MP_GT; ------------------ | | 156| 2.50k|#define MP_GT 1 /* greater than */ ------------------ 22| 9.79k| } else if (a->dp[0] < b) { ------------------ | Branch (22:15): [True: 4, False: 9.78k] ------------------ 23| 4| return MP_LT; ------------------ | | 154| 4|#define MP_LT -1 /* less than */ ------------------ 24| 9.78k| } else { 25| 9.78k| return MP_EQ; ------------------ | | 155| 9.78k|#define MP_EQ 0 /* equal to */ ------------------ 26| 9.78k| } 27| 12.3k|} mp_cmp_mag: 8| 33.4M|{ 9| 33.4M| int n; 10| 33.4M| const mp_digit *tmpa, *tmpb; 11| | 12| | /* compare based on # of non-zero digits */ 13| 33.4M| if (a->used > b->used) { ------------------ | Branch (13:8): [True: 6.31M, False: 27.0M] ------------------ 14| 6.31M| return MP_GT; ------------------ | | 156| 6.31M|#define MP_GT 1 /* greater than */ ------------------ 15| 6.31M| } 16| | 17| 27.0M| if (a->used < b->used) { ------------------ | Branch (17:8): [True: 305k, False: 26.7M] ------------------ 18| 305k| return MP_LT; ------------------ | | 154| 305k|#define MP_LT -1 /* less than */ ------------------ 19| 305k| } 20| | 21| | /* alias for a */ 22| 26.7M| tmpa = a->dp + (a->used - 1); 23| | 24| | /* alias for b */ 25| 26.7M| tmpb = b->dp + (a->used - 1); 26| | 27| | /* compare based on digits */ 28| 26.9M| for (n = 0; n < a->used; ++n, --tmpa, --tmpb) { ------------------ | Branch (28:16): [True: 26.9M, False: 11.5k] ------------------ 29| 26.9M| if (*tmpa > *tmpb) { ------------------ | Branch (29:11): [True: 6.67M, False: 20.2M] ------------------ 30| 6.67M| return MP_GT; ------------------ | | 156| 6.67M|#define MP_GT 1 /* greater than */ ------------------ 31| 6.67M| } 32| | 33| 20.2M| if (*tmpa < *tmpb) { ------------------ | Branch (33:11): [True: 20.1M, False: 182k] ------------------ 34| 20.1M| return MP_LT; ------------------ | | 154| 20.1M|#define MP_LT -1 /* less than */ ------------------ 35| 20.1M| } 36| 20.2M| } 37| 11.5k| return MP_EQ; ------------------ | | 155| 11.5k|#define MP_EQ 0 /* equal to */ ------------------ 38| 26.7M|} mp_copy: 8| 16.6M|{ 9| 16.6M| int n; 10| 16.6M| mp_digit *tmpa, *tmpb; 11| 16.6M| mp_err err; 12| | 13| | /* if dst == src do nothing */ 14| 16.6M| if (a == b) { ------------------ | Branch (14:8): [True: 7.76M, False: 8.83M] ------------------ 15| 7.76M| return MP_OKAY; ------------------ | | 161| 7.76M|#define MP_OKAY 0 /* no error */ ------------------ 16| 7.76M| } 17| | 18| | /* grow dest */ 19| 8.83M| if (b->alloc < a->used) { ------------------ | Branch (19:8): [True: 8.03k, False: 8.82M] ------------------ 20| 8.03k| if ((err = mp_grow(b, a->used)) != MP_OKAY) { ------------------ | | 161| 8.03k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (20:11): [True: 0, False: 8.03k] ------------------ 21| 0| return err; 22| 0| } 23| 8.03k| } 24| | 25| | /* zero b and copy the parameters over */ 26| | /* pointer aliases */ 27| | 28| | /* source */ 29| 8.83M| tmpa = a->dp; 30| | 31| | /* destination */ 32| 8.83M| tmpb = b->dp; 33| | 34| | /* copy all the digits */ 35| 200M| for (n = 0; n < a->used; n++) { ------------------ | Branch (35:16): [True: 191M, False: 8.83M] ------------------ 36| 191M| *tmpb++ = *tmpa++; 37| 191M| } 38| | 39| | /* clear high digits */ 40| 8.83M| MP_ZERO_DIGITS(tmpb, b->used - n); ------------------ | | 89| 8.83M|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 8.83M|do { \ | | 91| 8.83M| int zd_ = (digits); \ | | 92| 8.83M| mp_digit* zm_ = (mem); \ | | 93| 8.83M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 1.33k, False: 8.83M] | | ------------------ | | 94| 1.33k| *zm_++ = 0; \ | | 95| 1.33k| } \ | | 96| 8.83M|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 41| | 42| | /* copy used count and sign */ 43| 8.83M| b->used = a->used; 44| 8.83M| b->sign = a->sign; 45| 8.83M| return MP_OKAY; ------------------ | | 161| 8.83M|#define MP_OKAY 0 /* no error */ ------------------ 46| 8.83M|} mp_count_bits: 8| 50.9k|{ 9| 50.9k| int r; 10| 50.9k| mp_digit q; 11| | 12| | /* shortcut */ 13| 50.9k| if (MP_IS_ZERO(a)) { ------------------ | | 163| 50.9k|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 877, False: 50.0k] | | ------------------ ------------------ 14| 877| return 0; 15| 877| } 16| | 17| | /* get number of digits and add that */ 18| 50.0k| r = (a->used - 1) * MP_DIGIT_BIT; ------------------ | | 82| 50.0k|# define MP_DIGIT_BIT 60 ------------------ 19| | 20| | /* take the last digit and count the bits in it */ 21| 50.0k| q = a->dp[a->used - 1]; 22| 897k| while (q > 0u) { ------------------ | Branch (22:11): [True: 847k, False: 50.0k] ------------------ 23| 847k| ++r; 24| 847k| q >>= 1u; 25| 847k| } 26| 50.0k| return r; 27| 50.9k|} mp_div: 87| 9.52k|{ 88| 9.52k| mp_int q, x, y, t1, t2; 89| 9.52k| int n, t, i, norm; 90| 9.52k| mp_sign neg; 91| 9.52k| mp_err err; 92| | 93| | /* is divisor zero ? */ 94| 9.52k| if (MP_IS_ZERO(b)) { ------------------ | | 163| 9.52k|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 0, False: 9.52k] | | ------------------ ------------------ 95| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 96| 0| } 97| | 98| | /* if a < b then q=0, r = a */ 99| 9.52k| if (mp_cmp_mag(a, b) == MP_LT) { ------------------ | | 154| 9.52k|#define MP_LT -1 /* less than */ ------------------ | Branch (99:8): [True: 3.96k, False: 5.55k] ------------------ 100| 3.96k| if (d != NULL) { ------------------ | Branch (100:11): [True: 3.96k, False: 0] ------------------ 101| 3.96k| err = mp_copy(a, d); 102| 3.96k| } else { 103| 0| err = MP_OKAY; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ 104| 0| } 105| 3.96k| if (c != NULL) { ------------------ | Branch (105:11): [True: 0, False: 3.96k] ------------------ 106| 0| mp_zero(c); 107| 0| } 108| 3.96k| return err; 109| 3.96k| } 110| | 111| 5.55k| if ((err = mp_init_size(&q, a->used + 2)) != MP_OKAY) { ------------------ | | 161| 5.55k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (111:8): [True: 0, False: 5.55k] ------------------ 112| 0| return err; 113| 0| } 114| 5.55k| q.used = a->used + 2; 115| | 116| 5.55k| if ((err = mp_init(&t1)) != MP_OKAY) goto LBL_Q; ------------------ | | 161| 5.55k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (116:8): [True: 0, False: 5.55k] ------------------ 117| | 118| 5.55k| if ((err = mp_init(&t2)) != MP_OKAY) goto LBL_T1; ------------------ | | 161| 5.55k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (118:8): [True: 0, False: 5.55k] ------------------ 119| | 120| 5.55k| if ((err = mp_init_copy(&x, a)) != MP_OKAY) goto LBL_T2; ------------------ | | 161| 5.55k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (120:8): [True: 0, False: 5.55k] ------------------ 121| | 122| 5.55k| if ((err = mp_init_copy(&y, b)) != MP_OKAY) goto LBL_X; ------------------ | | 161| 5.55k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (122:8): [True: 0, False: 5.55k] ------------------ 123| | 124| | /* fix the sign */ 125| 5.55k| neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG; ------------------ | | 151| 5.54k|#define MP_ZPOS 0 /* positive integer */ ------------------ neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG; ------------------ | | 152| 5.55k|#define MP_NEG 1 /* negative */ ------------------ | Branch (125:10): [True: 5.54k, False: 4] ------------------ 126| 5.55k| x.sign = y.sign = MP_ZPOS; ------------------ | | 151| 5.55k|#define MP_ZPOS 0 /* positive integer */ ------------------ 127| | 128| | /* normalize both x and y, ensure that y >= b/2, [b == 2**MP_DIGIT_BIT] */ 129| 5.55k| norm = mp_count_bits(&y) % MP_DIGIT_BIT; ------------------ | | 82| 5.55k|# define MP_DIGIT_BIT 60 ------------------ 130| 5.55k| if (norm < (MP_DIGIT_BIT - 1)) { ------------------ | | 82| 5.55k|# define MP_DIGIT_BIT 60 ------------------ | Branch (130:8): [True: 5.54k, False: 6] ------------------ 131| 5.54k| norm = (MP_DIGIT_BIT - 1) - norm; ------------------ | | 82| 5.54k|# define MP_DIGIT_BIT 60 ------------------ 132| 5.54k| if ((err = mp_mul_2d(&x, norm, &x)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 5.54k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (132:11): [True: 0, False: 5.54k] ------------------ 133| 5.54k| if ((err = mp_mul_2d(&y, norm, &y)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 5.54k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (133:11): [True: 0, False: 5.54k] ------------------ 134| 5.54k| } else { 135| 6| norm = 0; 136| 6| } 137| | 138| | /* note hac does 0 based, so if used==5 then its 0,1,2,3,4, e.g. use 4 */ 139| 5.55k| n = x.used - 1; 140| 5.55k| t = y.used - 1; 141| | 142| | /* while (x >= y*b**n-t) do { q[n-t] += 1; x -= y*b**{n-t} } */ 143| | /* y = y*b**{n-t} */ 144| 5.55k| if ((err = mp_lshd(&y, n - t)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 5.55k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (144:8): [True: 0, False: 5.55k] ------------------ 145| | 146| 5.62k| while (mp_cmp(&x, &y) != MP_LT) { ------------------ | | 154| 5.62k|#define MP_LT -1 /* less than */ ------------------ | Branch (146:11): [True: 75, False: 5.55k] ------------------ 147| 75| ++(q.dp[n - t]); 148| 75| if ((err = mp_sub(&x, &y, &x)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 75|#define MP_OKAY 0 /* no error */ ------------------ | Branch (148:11): [True: 0, False: 75] ------------------ 149| 75| } 150| | 151| | /* reset y by shifting it back down */ 152| 5.55k| mp_rshd(&y, n - t); 153| | 154| | /* step 3. for i from n down to (t + 1) */ 155| 34.5k| for (i = n; i >= (t + 1); i--) { ------------------ | Branch (155:16): [True: 29.0k, False: 5.55k] ------------------ 156| 29.0k| if (i > x.used) { ------------------ | Branch (156:11): [True: 143, False: 28.8k] ------------------ 157| 143| continue; 158| 143| } 159| | 160| | /* step 3.1 if xi == yt then set q{i-t-1} to b-1, 161| | * otherwise set q{i-t-1} to (xi*b + x{i-1})/yt */ 162| 28.8k| if (x.dp[i] == y.dp[t]) { ------------------ | Branch (162:11): [True: 48, False: 28.8k] ------------------ 163| 48| q.dp[(i - t) - 1] = ((mp_digit)1 << (mp_digit)MP_DIGIT_BIT) - (mp_digit)1; ------------------ | | 82| 48|# define MP_DIGIT_BIT 60 ------------------ 164| 28.8k| } else { 165| 28.8k| mp_word tmp; 166| 28.8k| tmp = (mp_word)x.dp[i] << (mp_word)MP_DIGIT_BIT; ------------------ | | 82| 28.8k|# define MP_DIGIT_BIT 60 ------------------ 167| 28.8k| tmp |= (mp_word)x.dp[i - 1]; 168| 28.8k| tmp /= (mp_word)y.dp[t]; 169| 28.8k| if (tmp > (mp_word)MP_MASK) { ------------------ | | 106| 28.8k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 28.8k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ | Branch (169:14): [True: 0, False: 28.8k] ------------------ 170| 0| tmp = MP_MASK; ------------------ | | 106| 0|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 0|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 171| 0| } 172| 28.8k| q.dp[(i - t) - 1] = (mp_digit)(tmp & (mp_word)MP_MASK); ------------------ | | 106| 28.8k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 28.8k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 173| 28.8k| } 174| | 175| | /* while (q{i-t-1} * (yt * b + y{t-1})) > 176| | xi * b**2 + xi-1 * b + xi-2 177| | 178| | do q{i-t-1} -= 1; 179| | */ 180| 28.8k| q.dp[(i - t) - 1] = (q.dp[(i - t) - 1] + 1uL) & (mp_digit)MP_MASK; ------------------ | | 106| 28.8k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 28.8k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 181| 48.1k| do { 182| 48.1k| q.dp[(i - t) - 1] = (q.dp[(i - t) - 1] - 1uL) & (mp_digit)MP_MASK; ------------------ | | 106| 48.1k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 48.1k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 183| | 184| | /* find left hand */ 185| 48.1k| mp_zero(&t1); 186| 48.1k| t1.dp[0] = ((t - 1) < 0) ? 0u : y.dp[t - 1]; ------------------ | Branch (186:21): [True: 0, False: 48.1k] ------------------ 187| 48.1k| t1.dp[1] = y.dp[t]; 188| 48.1k| t1.used = 2; 189| 48.1k| if ((err = mp_mul_d(&t1, q.dp[(i - t) - 1], &t1)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 48.1k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (189:14): [True: 0, False: 48.1k] ------------------ 190| | 191| | /* find right hand */ 192| 48.1k| t2.dp[0] = ((i - 2) < 0) ? 0u : x.dp[i - 2]; ------------------ | Branch (192:21): [True: 0, False: 48.1k] ------------------ 193| 48.1k| t2.dp[1] = x.dp[i - 1]; /* i >= 1 always holds */ 194| 48.1k| t2.dp[2] = x.dp[i]; 195| 48.1k| t2.used = 3; 196| 48.1k| } while (mp_cmp_mag(&t1, &t2) == MP_GT); ------------------ | | 156| 48.1k|#define MP_GT 1 /* greater than */ ------------------ | Branch (196:16): [True: 19.3k, False: 28.8k] ------------------ 197| | 198| | /* step 3.3 x = x - q{i-t-1} * y * b**{i-t-1} */ 199| 28.8k| if ((err = mp_mul_d(&y, q.dp[(i - t) - 1], &t1)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 28.8k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (199:11): [True: 0, False: 28.8k] ------------------ 200| | 201| 28.8k| if ((err = mp_lshd(&t1, (i - t) - 1)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 28.8k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (201:11): [True: 0, False: 28.8k] ------------------ 202| | 203| 28.8k| if ((err = mp_sub(&x, &t1, &x)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 28.8k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (203:11): [True: 0, False: 28.8k] ------------------ 204| | 205| | /* if x < 0 then { x = x + y*b**{i-t-1}; q{i-t-1} -= 1; } */ 206| 28.8k| if (x.sign == MP_NEG) { ------------------ | | 152| 28.8k|#define MP_NEG 1 /* negative */ ------------------ | Branch (206:11): [True: 74, False: 28.8k] ------------------ 207| 74| if ((err = mp_copy(&y, &t1)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 74|#define MP_OKAY 0 /* no error */ ------------------ | Branch (207:14): [True: 0, False: 74] ------------------ 208| 74| if ((err = mp_lshd(&t1, (i - t) - 1)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 74|#define MP_OKAY 0 /* no error */ ------------------ | Branch (208:14): [True: 0, False: 74] ------------------ 209| 74| if ((err = mp_add(&x, &t1, &x)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 74|#define MP_OKAY 0 /* no error */ ------------------ | Branch (209:14): [True: 0, False: 74] ------------------ 210| | 211| 74| q.dp[(i - t) - 1] = (q.dp[(i - t) - 1] - 1uL) & MP_MASK; ------------------ | | 106| 74|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 74|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 212| 74| } 213| 28.8k| } 214| | 215| | /* now q is the quotient and x is the remainder 216| | * [which we have to normalize] 217| | */ 218| | 219| | /* get sign before writing to c */ 220| 5.55k| x.sign = (x.used == 0) ? MP_ZPOS : a->sign; ------------------ | | 151| 3|#define MP_ZPOS 0 /* positive integer */ ------------------ | Branch (220:13): [True: 3, False: 5.54k] ------------------ 221| | 222| 5.55k| if (c != NULL) { ------------------ | Branch (222:8): [True: 319, False: 5.23k] ------------------ 223| 319| mp_clamp(&q); 224| 319| mp_exch(&q, c); 225| 319| c->sign = neg; 226| 319| } 227| | 228| 5.55k| if (d != NULL) { ------------------ | Branch (228:8): [True: 5.23k, False: 319] ------------------ 229| 5.23k| if ((err = mp_div_2d(&x, norm, &x, NULL)) != MP_OKAY) goto LBL_Y; ------------------ | | 161| 5.23k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (229:11): [True: 0, False: 5.23k] ------------------ 230| 5.23k| mp_exch(&x, d); 231| 5.23k| } 232| | 233| 5.55k| err = MP_OKAY; ------------------ | | 161| 5.55k|#define MP_OKAY 0 /* no error */ ------------------ 234| | 235| 5.55k|LBL_Y: 236| 5.55k| mp_clear(&y); 237| 5.55k|LBL_X: 238| 5.55k| mp_clear(&x); 239| 5.55k|LBL_T2: 240| 5.55k| mp_clear(&t2); 241| 5.55k|LBL_T1: 242| 5.55k| mp_clear(&t1); 243| 5.55k|LBL_Q: 244| 5.55k| mp_clear(&q); 245| 5.55k| return err; 246| 5.55k|} mp_div_2: 8| 1.82M|{ 9| 1.82M| int x, oldused; 10| 1.82M| mp_digit r, rr, *tmpa, *tmpb; 11| 1.82M| mp_err err; 12| | 13| | /* copy */ 14| 1.82M| if (b->alloc < a->used) { ------------------ | Branch (14:8): [True: 1.23k, False: 1.82M] ------------------ 15| 1.23k| if ((err = mp_grow(b, a->used)) != MP_OKAY) { ------------------ | | 161| 1.23k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (15:11): [True: 0, False: 1.23k] ------------------ 16| 0| return err; 17| 0| } 18| 1.23k| } 19| | 20| 1.82M| oldused = b->used; 21| 1.82M| b->used = a->used; 22| | 23| | /* source alias */ 24| 1.82M| tmpa = a->dp + b->used - 1; 25| | 26| | /* dest alias */ 27| 1.82M| tmpb = b->dp + b->used - 1; 28| | 29| | /* carry */ 30| 1.82M| r = 0; 31| 14.7M| for (x = b->used - 1; x >= 0; x--) { ------------------ | Branch (31:26): [True: 12.9M, False: 1.82M] ------------------ 32| | /* get the carry for the next iteration */ 33| 12.9M| rr = *tmpa & 1u; 34| | 35| | /* shift the current digit, add in carry and store */ 36| 12.9M| *tmpb-- = (*tmpa-- >> 1) | (r << (MP_DIGIT_BIT - 1)); ------------------ | | 82| 12.9M|# define MP_DIGIT_BIT 60 ------------------ 37| | 38| | /* forward carry to next iteration */ 39| 12.9M| r = rr; 40| 12.9M| } 41| | 42| | /* zero excess digits */ 43| 1.82M| MP_ZERO_DIGITS(b->dp + b->used, oldused - b->used); ------------------ | | 89| 1.82M|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 1.82M|do { \ | | 91| 1.82M| int zd_ = (digits); \ | | 92| 1.82M| mp_digit* zm_ = (mem); \ | | 93| 1.82M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 0, False: 1.82M] | | ------------------ | | 94| 0| *zm_++ = 0; \ | | 95| 0| } \ | | 96| 1.82M|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 44| | 45| 1.82M| b->sign = a->sign; 46| 1.82M| mp_clamp(b); 47| 1.82M| return MP_OKAY; ------------------ | | 161| 1.82M|#define MP_OKAY 0 /* no error */ ------------------ 48| 1.82M|} mp_div_2d: 8| 7.74M|{ 9| 7.74M| mp_digit D, r, rr; 10| 7.74M| int x; 11| 7.74M| mp_err err; 12| | 13| | /* if the shift count is <= 0 then we do no work */ 14| 7.74M| if (b <= 0) { ------------------ | Branch (14:8): [True: 3, False: 7.74M] ------------------ 15| 3| err = mp_copy(a, c); 16| 3| if (d != NULL) { ------------------ | Branch (16:11): [True: 0, False: 3] ------------------ 17| 0| mp_zero(d); 18| 0| } 19| 3| return err; 20| 3| } 21| | 22| | /* copy */ 23| 7.74M| if ((err = mp_copy(a, c)) != MP_OKAY) { ------------------ | | 161| 7.74M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (23:8): [True: 0, False: 7.74M] ------------------ 24| 0| return err; 25| 0| } 26| | /* 'a' should not be used after here - it might be the same as d */ 27| | 28| | /* get the remainder */ 29| 7.74M| if (d != NULL) { ------------------ | Branch (29:8): [True: 6.59M, False: 1.15M] ------------------ 30| 6.59M| if ((err = mp_mod_2d(a, b, d)) != MP_OKAY) { ------------------ | | 161| 6.59M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (30:11): [True: 0, False: 6.59M] ------------------ 31| 0| return err; 32| 0| } 33| 6.59M| } 34| | 35| | /* shift by as many digits in the bit count */ 36| 7.74M| if (b >= MP_DIGIT_BIT) { ------------------ | | 82| 7.74M|# define MP_DIGIT_BIT 60 ------------------ | Branch (36:8): [True: 6.59M, False: 1.15M] ------------------ 37| 6.59M| mp_rshd(c, b / MP_DIGIT_BIT); ------------------ | | 82| 6.59M|# define MP_DIGIT_BIT 60 ------------------ 38| 6.59M| } 39| | 40| | /* shift any bit count < MP_DIGIT_BIT */ 41| 7.74M| D = (mp_digit)(b % MP_DIGIT_BIT); ------------------ | | 82| 7.74M|# define MP_DIGIT_BIT 60 ------------------ 42| 7.74M| if (D != 0u) { ------------------ | Branch (42:8): [True: 7.59M, False: 145k] ------------------ 43| 7.59M| mp_digit *tmpc, mask, shift; 44| | 45| | /* mask */ 46| 7.59M| mask = ((mp_digit)1 << D) - 1uL; 47| | 48| | /* shift for lsb */ 49| 7.59M| shift = (mp_digit)MP_DIGIT_BIT - D; ------------------ | | 82| 7.59M|# define MP_DIGIT_BIT 60 ------------------ 50| | 51| | /* alias */ 52| 7.59M| tmpc = c->dp + (c->used - 1); 53| | 54| | /* carry */ 55| 7.59M| r = 0; 56| 83.3M| for (x = c->used - 1; x >= 0; x--) { ------------------ | Branch (56:29): [True: 75.7M, False: 7.59M] ------------------ 57| | /* get the lower bits of this word in a temp */ 58| 75.7M| rr = *tmpc & mask; 59| | 60| | /* shift the current word and mix in the carry bits from the previous word */ 61| 75.7M| *tmpc = (*tmpc >> D) | (r << shift); 62| 75.7M| --tmpc; 63| | 64| | /* set the carry to the carry bits of the current word found above */ 65| 75.7M| r = rr; 66| 75.7M| } 67| 7.59M| } 68| 7.74M| mp_clamp(c); 69| 7.74M| return MP_OKAY; ------------------ | | 161| 7.74M|#define MP_OKAY 0 /* no error */ ------------------ 70| 7.74M|} mp_dr_is_modulus: 8| 2.88k|{ 9| 2.88k| int ix; 10| | 11| | /* must be at least two digits */ 12| 2.88k| if (a->used < 2) { ------------------ | Branch (12:8): [True: 0, False: 2.88k] ------------------ 13| 0| return MP_NO; ------------------ | | 159| 0|#define MP_NO 0 ------------------ 14| 0| } 15| | 16| | /* must be of the form b**k - a [a <= b] so all 17| | * but the first digit must be equal to -1 (mod b). 18| | */ 19| 3.09k| for (ix = 1; ix < a->used; ix++) { ------------------ | Branch (19:17): [True: 3.09k, False: 0] ------------------ 20| 3.09k| if (a->dp[ix] != MP_MASK) { ------------------ | | 106| 3.09k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 3.09k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ | Branch (20:11): [True: 2.88k, False: 209] ------------------ 21| 2.88k| return MP_NO; ------------------ | | 159| 2.88k|#define MP_NO 0 ------------------ 22| 2.88k| } 23| 3.09k| } 24| 0| return MP_YES; ------------------ | | 158| 0|#define MP_YES 1 ------------------ 25| 2.88k|} mp_exch: 10| 16.7k|{ 11| 16.7k| mp_int t; 12| | 13| 16.7k| t = *a; 14| 16.7k| *a = *b; 15| 16.7k| *b = t; 16| 16.7k|} mp_exptmod: 12| 3.04k|{ 13| 3.04k| int dr; 14| | 15| | /* modulus P must be positive */ 16| 3.04k| if (P->sign == MP_NEG) { ------------------ | | 152| 3.04k|#define MP_NEG 1 /* negative */ ------------------ | Branch (16:8): [True: 0, False: 3.04k] ------------------ 17| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 18| 0| } 19| | 20| | /* if exponent X is negative we have to recurse */ 21| 3.04k| if (X->sign == MP_NEG) { ------------------ | | 152| 3.04k|#define MP_NEG 1 /* negative */ ------------------ | Branch (21:8): [True: 0, False: 3.04k] ------------------ 22| 0| mp_int tmpG, tmpX; 23| 0| mp_err err; 24| | 25| 0| if (!MP_HAS(MP_INVMOD)) { ------------------ | | 150| 0|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ ------------------ | Branch (25:11): [Folded - Ignored] ------------------ 26| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 27| 0| } 28| | 29| 0| if ((err = mp_init_multi(&tmpG, &tmpX, NULL)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (29:11): [True: 0, False: 0] ------------------ 30| 0| return err; 31| 0| } 32| | 33| | /* first compute 1/G mod P */ 34| 0| if ((err = mp_invmod(G, P, &tmpG)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (34:11): [True: 0, False: 0] ------------------ 35| 0| goto LBL_ERR; 36| 0| } 37| | 38| | /* now get |X| */ 39| 0| if ((err = mp_abs(X, &tmpX)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (39:11): [True: 0, False: 0] ------------------ 40| 0| goto LBL_ERR; 41| 0| } 42| | 43| | /* and now compute (1/G)**|X| instead of G**X [X < 0] */ 44| 0| err = mp_exptmod(&tmpG, &tmpX, P, Y); 45| 0|LBL_ERR: 46| 0| mp_clear_multi(&tmpG, &tmpX, NULL); 47| 0| return err; 48| 0| } 49| | 50| | /* modified diminished radix reduction */ 51| 3.04k| if (MP_HAS(MP_REDUCE_IS_2K_L) && MP_HAS(MP_REDUCE_2K_L) && MP_HAS(S_MP_EXPTMOD) && ------------------ | | 150| 6.09k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 3.04k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 3.04k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ if (MP_HAS(MP_REDUCE_IS_2K_L) && MP_HAS(MP_REDUCE_2K_L) && MP_HAS(S_MP_EXPTMOD) && ------------------ | | 150| 3.04k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ if (MP_HAS(MP_REDUCE_IS_2K_L) && MP_HAS(MP_REDUCE_2K_L) && MP_HAS(S_MP_EXPTMOD) && ------------------ | | 150| 3.04k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 52| 3.04k| (mp_reduce_is_2k_l(P) == MP_YES)) { ------------------ | | 158| 3.04k|#define MP_YES 1 ------------------ | Branch (52:8): [True: 163, False: 2.88k] ------------------ 53| 163| return s_mp_exptmod(G, X, P, Y, 1); 54| 163| } 55| | 56| | /* is it a DR modulus? default to no */ 57| 2.88k| dr = (MP_HAS(MP_DR_IS_MODULUS) && (mp_dr_is_modulus(P) == MP_YES)) ? 1 : 0; ------------------ | | 150| 5.76k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 2.88k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 2.88k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ dr = (MP_HAS(MP_DR_IS_MODULUS) && (mp_dr_is_modulus(P) == MP_YES)) ? 1 : 0; ------------------ | | 158| 2.88k|#define MP_YES 1 ------------------ | Branch (57:38): [True: 0, False: 2.88k] ------------------ 58| | 59| | /* if not, is it a unrestricted DR modulus? */ 60| 2.88k| if (MP_HAS(MP_REDUCE_IS_2K) && (dr == 0)) { ------------------ | | 150| 5.76k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 2.88k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 2.88k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ | Branch (60:35): [True: 2.88k, False: 0] ------------------ 61| 2.88k| dr = (mp_reduce_is_2k(P) == MP_YES) ? 2 : 0; ------------------ | | 158| 2.88k|#define MP_YES 1 ------------------ | Branch (61:12): [True: 0, False: 2.88k] ------------------ 62| 2.88k| } 63| | 64| | /* if the modulus is odd or dr != 0 use the montgomery method */ 65| 2.88k| if (MP_HAS(S_MP_EXPTMOD_FAST) && (MP_IS_ODD(P) || (dr != 0))) { ------------------ | | 150| 5.76k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 2.88k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 2.88k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ if (MP_HAS(S_MP_EXPTMOD_FAST) && (MP_IS_ODD(P) || (dr != 0))) { ------------------ | | 165| 5.76k|#define MP_IS_ODD(a) (((a)->used > 0) && (((a)->dp[0] & 1u) == 1u)) | | ------------------ | | | Branch (165:24): [True: 2.88k, False: 0] | | | Branch (165:43): [True: 2.56k, False: 319] | | ------------------ ------------------ | Branch (65:54): [True: 0, False: 319] ------------------ 66| 2.56k| return s_mp_exptmod_fast(G, X, P, Y, dr); 67| 2.56k| } else if (MP_HAS(S_MP_EXPTMOD)) { ------------------ | | 150| 319|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 319|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 319|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 68| | /* otherwise use the generic Barrett reduction technique */ 69| 319| return s_mp_exptmod(G, X, P, Y, 0); 70| 319| } else { 71| | /* no exptmod for evens */ 72| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 73| 0| } 74| 2.88k|} mp_from_ubin: 8| 9.55k|{ 9| 9.55k| mp_err err; 10| | 11| | /* make sure there are at least two digits */ 12| 9.55k| if (a->alloc < 2) { ------------------ | Branch (12:8): [True: 0, False: 9.55k] ------------------ 13| 0| if ((err = mp_grow(a, 2)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (13:11): [True: 0, False: 0] ------------------ 14| 0| return err; 15| 0| } 16| 0| } 17| | 18| | /* zero the int */ 19| 9.55k| mp_zero(a); 20| | 21| | /* read the bytes in */ 22| 1.60M| while (size-- > 0u) { ------------------ | Branch (22:11): [True: 1.59M, False: 9.55k] ------------------ 23| 1.59M| if ((err = mp_mul_2d(a, 8, a)) != MP_OKAY) { ------------------ | | 161| 1.59M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (23:11): [True: 0, False: 1.59M] ------------------ 24| 0| return err; 25| 0| } 26| | 27| 1.59M|#ifndef MP_8BIT 28| 1.59M| a->dp[0] |= *buf++; 29| 1.59M| a->used += 1; 30| |#else 31| | a->dp[0] = (*buf & MP_MASK); 32| | a->dp[1] |= ((*buf++ >> 7) & 1u); 33| | a->used += 2; 34| |#endif 35| 1.59M| } 36| 9.55k| mp_clamp(a); 37| 9.55k| return MP_OKAY; ------------------ | | 161| 9.55k|#define MP_OKAY 0 /* no error */ ------------------ 38| 9.55k|} mp_grow: 8| 277k|{ 9| 277k| int i; 10| 277k| mp_digit *tmp; 11| | 12| | /* if the alloc size is smaller alloc more ram */ 13| 277k| if (a->alloc < size) { ------------------ | Branch (13:8): [True: 273k, False: 3.47k] ------------------ 14| | /* reallocate the array a->dp 15| | * 16| | * We store the return in a temporary variable 17| | * in case the operation failed we don't want 18| | * to overwrite the dp member of a. 19| | */ 20| 273k| tmp = (mp_digit *) MP_REALLOC(a->dp, ------------------ | | 1325| 273k|#define MP_REALLOC m_realloc_ltm ------------------ 21| 273k| (size_t)a->alloc * sizeof(mp_digit), 22| 273k| (size_t)size * sizeof(mp_digit)); 23| 273k| if (tmp == NULL) { ------------------ | Branch (23:11): [True: 0, False: 273k] ------------------ 24| | /* reallocation failed but "a" is still valid [can be freed] */ 25| 0| return MP_MEM; ------------------ | | 163| 0|#define MP_MEM -2 /* out of mem */ ------------------ 26| 0| } 27| | 28| | /* reallocation succeeded so set a->dp */ 29| 273k| a->dp = tmp; 30| | 31| | /* zero excess digits */ 32| 273k| i = a->alloc; 33| 273k| a->alloc = size; 34| 273k| MP_ZERO_DIGITS(a->dp + i, a->alloc - i); ------------------ | | 89| 273k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 273k|do { \ | | 91| 273k| int zd_ = (digits); \ | | 92| 273k| mp_digit* zm_ = (mem); \ | | 93| 5.73M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 5.46M, False: 273k] | | ------------------ | | 94| 5.46M| *zm_++ = 0; \ | | 95| 5.46M| } \ | | 96| 273k|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 35| 273k| } 36| 277k| return MP_OKAY; ------------------ | | 161| 277k|#define MP_OKAY 0 /* no error */ ------------------ 37| 277k|} mp_init: 8| 2.58M|{ 9| | /* allocate memory required and clear it */ 10| 2.58M| a->dp = (mp_digit *) MP_CALLOC((size_t)MP_PREC, sizeof(mp_digit)); ------------------ | | 1326| 2.58M|#define MP_CALLOC m_calloc ------------------ a->dp = (mp_digit *) MP_CALLOC((size_t)MP_PREC, sizeof(mp_digit)); ------------------ | | 177| 2.58M|# define MP_PREC PRIVATE_MP_PREC | | ------------------ | | | | 193| 2.58M|# define PRIVATE_MP_PREC 32 /* default digits of precision */ | | ------------------ ------------------ 11| 2.58M| if (a->dp == NULL) { ------------------ | Branch (11:8): [True: 0, False: 2.58M] ------------------ 12| 0| return MP_MEM; ------------------ | | 163| 0|#define MP_MEM -2 /* out of mem */ ------------------ 13| 0| } 14| | 15| | /* set the used to zero, allocated digits to the default precision 16| | * and sign to positive */ 17| 2.58M| a->used = 0; 18| 2.58M| a->alloc = MP_PREC; ------------------ | | 177| 2.58M|# define MP_PREC PRIVATE_MP_PREC | | ------------------ | | | | 193| 2.58M|# define PRIVATE_MP_PREC 32 /* default digits of precision */ | | ------------------ ------------------ 19| 2.58M| a->sign = MP_ZPOS; ------------------ | | 151| 2.58M|#define MP_ZPOS 0 /* positive integer */ ------------------ 20| | 21| 2.58M| return MP_OKAY; ------------------ | | 161| 2.58M|#define MP_OKAY 0 /* no error */ ------------------ 22| 2.58M|} mp_init_copy: 8| 45.7k|{ 9| 45.7k| mp_err err; 10| | 11| 45.7k| if ((err = mp_init_size(a, b->used)) != MP_OKAY) { ------------------ | | 161| 45.7k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (11:8): [True: 0, False: 45.7k] ------------------ 12| 0| return err; 13| 0| } 14| | 15| 45.7k| if ((err = mp_copy(b, a)) != MP_OKAY) { ------------------ | | 161| 45.7k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (15:8): [True: 0, False: 45.7k] ------------------ 16| 0| mp_clear(a); 17| 0| } 18| | 19| 45.7k| return err; 20| 45.7k|} mp_init_multi: 9| 912|{ 10| 912| mp_err err = MP_OKAY; /* Assume ok until proven otherwise */ ------------------ | | 161| 912|#define MP_OKAY 0 /* no error */ ------------------ 11| 912| int n = 0; /* Number of ok inits */ 12| 912| mp_int *cur_arg = mp; 13| 912| va_list args; 14| | 15| 912| va_start(args, mp); /* init args to next argument from caller */ 16| 6.54k| while (cur_arg != NULL) { ------------------ | Branch (16:11): [True: 5.63k, False: 912] ------------------ 17| 5.63k| if (mp_init(cur_arg) != MP_OKAY) { ------------------ | | 161| 5.63k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (17:11): [True: 0, False: 5.63k] ------------------ 18| | /* Oops - error! Back-track and mp_clear what we already 19| | succeeded in init-ing, then return error. 20| | */ 21| 0| va_list clean_args; 22| | 23| | /* now start cleaning up */ 24| 0| cur_arg = mp; 25| 0| va_start(clean_args, mp); 26| 0| while (n-- != 0) { ------------------ | Branch (26:17): [True: 0, False: 0] ------------------ 27| 0| mp_clear(cur_arg); 28| 0| cur_arg = va_arg(clean_args, mp_int *); 29| 0| } 30| 0| va_end(clean_args); 31| 0| err = MP_MEM; ------------------ | | 163| 0|#define MP_MEM -2 /* out of mem */ ------------------ 32| 0| break; 33| 0| } 34| 5.63k| n++; 35| 5.63k| cur_arg = va_arg(args, mp_int *); 36| 5.63k| } 37| 912| va_end(args); 38| 912| return err; /* Assumed ok, if error flagged above. */ 39| 912|} mp_init_size: 8| 215k|{ 9| 215k| size = MP_MAX(MP_MIN_PREC, size); ------------------ | | 157| 215k|#define MP_MAX(x, y) (((x) > (y)) ? (x) : (y)) | | ------------------ | | | Branch (157:23): [True: 11.6k, False: 204k] | | ------------------ ------------------ 10| | 11| | /* alloc mem */ 12| 215k| a->dp = (mp_digit *) MP_CALLOC((size_t)size, sizeof(mp_digit)); ------------------ | | 1326| 215k|#define MP_CALLOC m_calloc ------------------ 13| 215k| if (a->dp == NULL) { ------------------ | Branch (13:8): [True: 0, False: 215k] ------------------ 14| 0| return MP_MEM; ------------------ | | 163| 0|#define MP_MEM -2 /* out of mem */ ------------------ 15| 0| } 16| | 17| | /* set the members */ 18| 215k| a->used = 0; 19| 215k| a->alloc = size; 20| 215k| a->sign = MP_ZPOS; ------------------ | | 151| 215k|#define MP_ZPOS 0 /* positive integer */ ------------------ 21| | 22| 215k| return MP_OKAY; ------------------ | | 161| 215k|#define MP_OKAY 0 /* no error */ ------------------ 23| 215k|} mp_invmod: 8| 912|{ 9| | /* b cannot be negative and has to be >1 */ 10| 912| if ((b->sign == MP_NEG) || (mp_cmp_d(b, 1uL) != MP_GT)) { ------------------ | | 152| 912|#define MP_NEG 1 /* negative */ ------------------ if ((b->sign == MP_NEG) || (mp_cmp_d(b, 1uL) != MP_GT)) { ------------------ | | 156| 912|#define MP_GT 1 /* greater than */ ------------------ | Branch (10:8): [True: 0, False: 912] | Branch (10:31): [True: 0, False: 912] ------------------ 11| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 12| 0| } 13| | 14| | /* if the modulus is odd we can use a faster routine instead */ 15| 912| if (MP_HAS(S_MP_INVMOD_FAST) && MP_IS_ODD(b)) { ------------------ | | 150| 1.82k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 912|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 912|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ if (MP_HAS(S_MP_INVMOD_FAST) && MP_IS_ODD(b)) { ------------------ | | 165| 912|#define MP_IS_ODD(a) (((a)->used > 0) && (((a)->dp[0] & 1u) == 1u)) | | ------------------ | | | Branch (165:24): [True: 912, False: 0] | | | Branch (165:43): [True: 832, False: 80] | | ------------------ ------------------ 16| 832| return s_mp_invmod_fast(a, b, c); 17| 832| } 18| | 19| 80| return MP_HAS(S_MP_INVMOD_SLOW) ------------------ | | 150| 80|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 80|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 80|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 20| 80| ? s_mp_invmod_slow(a, b, c) 21| 80| : MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 22| 912|} mp_lshd: 8| 35.4k|{ 9| 35.4k| int x; 10| 35.4k| mp_err err; 11| 35.4k| mp_digit *top, *bottom; 12| | 13| | /* if its less than zero return */ 14| 35.4k| if (b <= 0) { ------------------ | Branch (14:8): [True: 5.54k, False: 29.8k] ------------------ 15| 5.54k| return MP_OKAY; ------------------ | | 161| 5.54k|#define MP_OKAY 0 /* no error */ ------------------ 16| 5.54k| } 17| | /* no need to shift 0 around */ 18| 29.8k| if (MP_IS_ZERO(a)) { ------------------ | | 163| 29.8k|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 121, False: 29.7k] | | ------------------ ------------------ 19| 121| return MP_OKAY; ------------------ | | 161| 121|#define MP_OKAY 0 /* no error */ ------------------ 20| 121| } 21| | 22| | /* grow to fit the new digits */ 23| 29.7k| if (a->alloc < (a->used + b)) { ------------------ | Branch (23:8): [True: 3.68k, False: 26.0k] ------------------ 24| 3.68k| if ((err = mp_grow(a, a->used + b)) != MP_OKAY) { ------------------ | | 161| 3.68k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (24:11): [True: 0, False: 3.68k] ------------------ 25| 0| return err; 26| 0| } 27| 3.68k| } 28| | 29| | /* increment the used by the shift amount then copy upwards */ 30| 29.7k| a->used += b; 31| | 32| | /* top */ 33| 29.7k| top = a->dp + a->used - 1; 34| | 35| | /* base */ 36| 29.7k| bottom = (a->dp + a->used - 1) - b; 37| | 38| | /* much like mp_rshd this is implemented using a sliding window 39| | * except the window goes the otherway around. Copying from 40| | * the bottom to the top. see bn_mp_rshd.c for more info. 41| | */ 42| 408k| for (x = a->used - 1; x >= b; x--) { ------------------ | Branch (42:26): [True: 378k, False: 29.7k] ------------------ 43| 378k| *top-- = *bottom--; 44| 378k| } 45| | 46| | /* zero the lower digits */ 47| 29.7k| MP_ZERO_DIGITS(a->dp, b); ------------------ | | 89| 29.7k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 29.7k|do { \ | | 91| 29.7k| int zd_ = (digits); \ | | 92| 29.7k| mp_digit* zm_ = (mem); \ | | 93| 206k| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 177k, False: 29.7k] | | ------------------ | | 94| 177k| *zm_++ = 0; \ | | 95| 177k| } \ | | 96| 29.7k|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 48| | 49| 29.7k| return MP_OKAY; ------------------ | | 161| 29.7k|#define MP_OKAY 0 /* no error */ ------------------ 50| 29.7k|} mp_mod: 8| 7.26k|{ 9| 7.26k| mp_int t; 10| 7.26k| mp_err err; 11| | 12| 7.26k| if ((err = mp_init_size(&t, b->used)) != MP_OKAY) { ------------------ | | 161| 7.26k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (12:8): [True: 0, False: 7.26k] ------------------ 13| 0| return err; 14| 0| } 15| | 16| 7.26k| if ((err = mp_div(a, b, NULL, &t)) != MP_OKAY) { ------------------ | | 161| 7.26k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (16:8): [True: 0, False: 7.26k] ------------------ 17| 0| goto LBL_ERR; 18| 0| } 19| | 20| 7.26k| if (MP_IS_ZERO(&t) || (t.sign == b->sign)) { ------------------ | | 163| 14.5k|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 547, False: 6.71k] | | ------------------ ------------------ | Branch (20:26): [True: 6.71k, False: 4] ------------------ 21| 7.25k| err = MP_OKAY; ------------------ | | 161| 7.25k|#define MP_OKAY 0 /* no error */ ------------------ 22| 7.25k| mp_exch(&t, c); 23| 7.25k| } else { 24| 4| err = mp_add(b, &t, c); 25| 4| } 26| | 27| 7.26k|LBL_ERR: 28| 7.26k| mp_clear(&t); 29| 7.26k| return err; 30| 7.26k|} mp_mod_2d: 8| 6.61M|{ 9| 6.61M| int x; 10| 6.61M| mp_err err; 11| | 12| | /* if b is <= 0 then zero the int */ 13| 6.61M| if (b <= 0) { ------------------ | Branch (13:8): [True: 0, False: 6.61M] ------------------ 14| 0| mp_zero(c); 15| 0| return MP_OKAY; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ 16| 0| } 17| | 18| | /* if the modulus is larger than the value than return */ 19| 6.61M| if (b >= (a->used * MP_DIGIT_BIT)) { ------------------ | | 82| 6.61M|# define MP_DIGIT_BIT 60 ------------------ | Branch (19:8): [True: 18.5k, False: 6.60M] ------------------ 20| 18.5k| return mp_copy(a, c); 21| 18.5k| } 22| | 23| | /* copy */ 24| 6.60M| if ((err = mp_copy(a, c)) != MP_OKAY) { ------------------ | | 161| 6.60M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (24:8): [True: 0, False: 6.60M] ------------------ 25| 0| return err; 26| 0| } 27| | 28| | /* zero digits above the last digit of the modulus */ 29| 6.60M| x = (b / MP_DIGIT_BIT) + (((b % MP_DIGIT_BIT) == 0) ? 0 : 1); ------------------ | | 82| 6.60M|# define MP_DIGIT_BIT 60 ------------------ x = (b / MP_DIGIT_BIT) + (((b % MP_DIGIT_BIT) == 0) ? 0 : 1); ------------------ | | 82| 6.60M|# define MP_DIGIT_BIT 60 ------------------ | Branch (29:30): [True: 158k, False: 6.44M] ------------------ 30| 6.60M| MP_ZERO_DIGITS(c->dp + x, c->used - x); ------------------ | | 89| 6.60M|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 6.60M|do { \ | | 91| 6.60M| int zd_ = (digits); \ | | 92| 6.60M| mp_digit* zm_ = (mem); \ | | 93| 60.0M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 53.4M, False: 6.60M] | | ------------------ | | 94| 53.4M| *zm_++ = 0; \ | | 95| 53.4M| } \ | | 96| 6.60M|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 31| | 32| | /* clear the digit that is not completely outside/inside the modulus */ 33| 6.60M| c->dp[b / MP_DIGIT_BIT] &= ------------------ | | 82| 6.60M|# define MP_DIGIT_BIT 60 ------------------ 34| 6.60M| ((mp_digit)1 << (mp_digit)(b % MP_DIGIT_BIT)) - (mp_digit)1; ------------------ | | 82| 6.60M|# define MP_DIGIT_BIT 60 ------------------ 35| 6.60M| mp_clamp(c); 36| 6.60M| return MP_OKAY; ------------------ | | 161| 6.60M|#define MP_OKAY 0 /* no error */ ------------------ 37| 6.60M|} mp_montgomery_calc_normalization: 13| 3.31k|{ 14| 3.31k| int x, bits; 15| 3.31k| mp_err err; 16| | 17| | /* how many bits of last digit does b use */ 18| 3.31k| bits = mp_count_bits(b) % MP_DIGIT_BIT; ------------------ | | 82| 3.31k|# define MP_DIGIT_BIT 60 ------------------ 19| | 20| 3.31k| if (b->used > 1) { ------------------ | Branch (20:8): [True: 3.31k, False: 0] ------------------ 21| 3.31k| if ((err = mp_2expt(a, ((b->used - 1) * MP_DIGIT_BIT) + bits - 1)) != MP_OKAY) { ------------------ | | 82| 3.31k|# define MP_DIGIT_BIT 60 ------------------ if ((err = mp_2expt(a, ((b->used - 1) * MP_DIGIT_BIT) + bits - 1)) != MP_OKAY) { ------------------ | | 161| 3.31k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (21:11): [True: 0, False: 3.31k] ------------------ 22| 0| return err; 23| 0| } 24| 3.31k| } else { 25| 0| mp_set(a, 1uL); 26| 0| bits = 1; 27| 0| } 28| | 29| | 30| | /* now compute C = A * B mod b */ 31| 157k| for (x = bits - 1; x < (int)MP_DIGIT_BIT; x++) { ------------------ | | 82| 157k|# define MP_DIGIT_BIT 60 ------------------ | Branch (31:23): [True: 154k, False: 3.31k] ------------------ 32| 154k| if ((err = mp_mul_2(a, a)) != MP_OKAY) { ------------------ | | 161| 154k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (32:11): [True: 0, False: 154k] ------------------ 33| 0| return err; 34| 0| } 35| 154k| if (mp_cmp_mag(a, b) != MP_LT) { ------------------ | | 154| 154k|#define MP_LT -1 /* less than */ ------------------ | Branch (35:11): [True: 11.0k, False: 143k] ------------------ 36| 11.0k| if ((err = s_mp_sub(a, b, a)) != MP_OKAY) { ------------------ | | 161| 11.0k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (36:14): [True: 0, False: 11.0k] ------------------ 37| 0| return err; 38| 0| } 39| 11.0k| } 40| 154k| } 41| | 42| 3.31k| return MP_OKAY; ------------------ | | 161| 3.31k|#define MP_OKAY 0 /* no error */ ------------------ 43| 3.31k|} mp_montgomery_reduce: 8| 8.61M|{ 9| 8.61M| int ix, digs; 10| 8.61M| mp_err err; 11| 8.61M| mp_digit mu; 12| | 13| | /* can the fast reduction [comba] method be used? 14| | * 15| | * Note that unlike in mul you're safely allowed *less* 16| | * than the available columns [255 per default] since carries 17| | * are fixed up in the inner loop. 18| | */ 19| 8.61M| digs = (n->used * 2) + 1; 20| 8.61M| if ((digs < MP_WARRAY) && ------------------ | | 172| 8.61M|#define MP_WARRAY PRIVATE_MP_WARRAY | | ------------------ | | | | 203| 8.61M|#define PRIVATE_MP_WARRAY (int)(1uLL << (((CHAR_BIT * sizeof(private_mp_word)) - (2 * MP_DIGIT_BIT)) + 1)) | | | | ------------------ | | | | | | 82| 8.61M|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (20:8): [True: 8.61M, False: 0] ------------------ 21| 8.61M| (x->used <= MP_WARRAY) && ------------------ | | 172| 8.61M|#define MP_WARRAY PRIVATE_MP_WARRAY | | ------------------ | | | | 203| 8.61M|#define PRIVATE_MP_WARRAY (int)(1uLL << (((CHAR_BIT * sizeof(private_mp_word)) - (2 * MP_DIGIT_BIT)) + 1)) | | | | ------------------ | | | | | | 82| 8.61M|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (21:8): [True: 8.61M, False: 0] ------------------ 22| 8.61M| (n->used < MP_MAXFAST)) { ------------------ | | 168| 8.61M|#define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 167| 8.61M|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) | | ------------------ | | #define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 82| 8.61M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ | Branch (22:8): [True: 8.61M, False: 0] ------------------ 23| 8.61M| return s_mp_montgomery_reduce_fast(x, n, rho); 24| 8.61M| } 25| | 26| | /* grow the input as required */ 27| 0| if (x->alloc < digs) { ------------------ | Branch (27:8): [True: 0, False: 0] ------------------ 28| 0| if ((err = mp_grow(x, digs)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (28:11): [True: 0, False: 0] ------------------ 29| 0| return err; 30| 0| } 31| 0| } 32| 0| x->used = digs; 33| | 34| 0| for (ix = 0; ix < n->used; ix++) { ------------------ | Branch (34:17): [True: 0, False: 0] ------------------ 35| | /* mu = ai * rho mod b 36| | * 37| | * The value of rho must be precalculated via 38| | * montgomery_setup() such that 39| | * it equals -1/n0 mod b this allows the 40| | * following inner loop to reduce the 41| | * input one digit at a time 42| | */ 43| 0| mu = (mp_digit)(((mp_word)x->dp[ix] * (mp_word)rho) & MP_MASK); ------------------ | | 106| 0|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 0|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 44| | 45| | /* a = a + mu * m * b**i */ 46| 0| { 47| 0| int iy; 48| 0| mp_digit *tmpn, *tmpx, u; 49| 0| mp_word r; 50| | 51| | /* alias for digits of the modulus */ 52| 0| tmpn = n->dp; 53| | 54| | /* alias for the digits of x [the input] */ 55| 0| tmpx = x->dp + ix; 56| | 57| | /* set the carry to zero */ 58| 0| u = 0; 59| | 60| | /* Multiply and add in place */ 61| 0| for (iy = 0; iy < n->used; iy++) { ------------------ | Branch (61:23): [True: 0, False: 0] ------------------ 62| | /* compute product and sum */ 63| 0| r = ((mp_word)mu * (mp_word)*tmpn++) + 64| 0| (mp_word)u + (mp_word)*tmpx; 65| | 66| | /* get carry */ 67| 0| u = (mp_digit)(r >> (mp_word)MP_DIGIT_BIT); ------------------ | | 82| 0|# define MP_DIGIT_BIT 60 ------------------ 68| | 69| | /* fix digit */ 70| 0| *tmpx++ = (mp_digit)(r & (mp_word)MP_MASK); ------------------ | | 106| 0|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 0|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 71| 0| } 72| | /* At this point the ix'th digit of x should be zero */ 73| | 74| | 75| | /* propagate carries upwards as required*/ 76| 0| while (u != 0u) { ------------------ | Branch (76:17): [True: 0, False: 0] ------------------ 77| 0| *tmpx += u; 78| 0| u = *tmpx >> MP_DIGIT_BIT; ------------------ | | 82| 0|# define MP_DIGIT_BIT 60 ------------------ 79| 0| *tmpx++ &= MP_MASK; ------------------ | | 106| 0|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 0|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 80| 0| } 81| 0| } 82| 0| } 83| | 84| | /* at this point the n.used'th least 85| | * significant digits of x are all zero 86| | * which means we can shift x to the 87| | * right by n.used digits and the 88| | * residue is unchanged. 89| | */ 90| | 91| | /* x = x/b**n.used */ 92| 0| mp_clamp(x); 93| 0| mp_rshd(x, n->used); 94| | 95| | /* if x >= n then x = x - n */ 96| 0| if (mp_cmp_mag(x, n) != MP_LT) { ------------------ | | 154| 0|#define MP_LT -1 /* less than */ ------------------ | Branch (96:8): [True: 0, False: 0] ------------------ 97| 0| return s_mp_sub(x, n, x); 98| 0| } 99| | 100| 0| return MP_OKAY; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ 101| 0|} mp_montgomery_setup: 8| 3.31k|{ 9| 3.31k| mp_digit x, b; 10| | 11| | /* fast inversion mod 2**k 12| | * 13| | * Based on the fact that 14| | * 15| | * XA = 1 (mod 2**n) => (X(2-XA)) A = 1 (mod 2**2n) 16| | * => 2*X*A - X*X*A*A = 1 17| | * => 2*(1) - (1) = 1 18| | */ 19| 3.31k| b = n->dp[0]; 20| | 21| 3.31k| if ((b & 1u) == 0u) { ------------------ | Branch (21:8): [True: 0, False: 3.31k] ------------------ 22| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 23| 0| } 24| | 25| 3.31k| x = (((b + 2u) & 4u) << 1) + b; /* here x*a==1 mod 2**4 */ 26| 3.31k| x *= 2u - (b * x); /* here x*a==1 mod 2**8 */ 27| 3.31k|#if !defined(MP_8BIT) 28| 3.31k| x *= 2u - (b * x); /* here x*a==1 mod 2**16 */ 29| 3.31k|#endif 30| 3.31k|#if defined(MP_64BIT) || !(defined(MP_8BIT) || defined(MP_16BIT)) 31| 3.31k| x *= 2u - (b * x); /* here x*a==1 mod 2**32 */ 32| 3.31k|#endif 33| 3.31k|#ifdef MP_64BIT 34| 3.31k| x *= 2u - (b * x); /* here x*a==1 mod 2**64 */ 35| 3.31k|#endif 36| | 37| | /* rho = -1/m mod b */ 38| 3.31k| *rho = (mp_digit)(((mp_word)1 << (mp_word)MP_DIGIT_BIT) - x) & MP_MASK; ------------------ | | 82| 3.31k|# define MP_DIGIT_BIT 60 ------------------ *rho = (mp_digit)(((mp_word)1 << (mp_word)MP_DIGIT_BIT) - x) & MP_MASK; ------------------ | | 106| 3.31k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 3.31k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 39| | 40| 3.31k| return MP_OKAY; ------------------ | | 161| 3.31k|#define MP_OKAY 0 /* no error */ ------------------ 41| 3.31k|} mp_mul: 8| 13.0M|{ 9| 13.0M| mp_err err; 10| 13.0M| int min_len = MP_MIN(a->used, b->used), ------------------ | | 156| 13.0M|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 6.58M, False: 6.47M] | | ------------------ ------------------ 11| 13.0M| max_len = MP_MAX(a->used, b->used), ------------------ | | 157| 13.0M|#define MP_MAX(x, y) (((x) > (y)) ? (x) : (y)) | | ------------------ | | | Branch (157:23): [True: 120k, False: 12.9M] | | ------------------ ------------------ 12| 13.0M| digs = a->used + b->used + 1; 13| 13.0M| mp_sign neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG; ------------------ | | 151| 13.0M|#define MP_ZPOS 0 /* positive integer */ ------------------ mp_sign neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG; ------------------ | | 152| 0|#define MP_NEG 1 /* negative */ ------------------ | Branch (13:18): [True: 13.0M, False: 0] ------------------ 14| | 15| 13.0M| if (MP_HAS(S_MP_BALANCE_MUL) && ------------------ | | 150| 26.1M|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 13.0M|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 13.0M|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 16| | /* Check sizes. The smaller one needs to be larger than the Karatsuba cut-off. 17| | * The bigger one needs to be at least about one MP_KARATSUBA_MUL_CUTOFF bigger 18| | * to make some sense, but it depends on architecture, OS, position of the 19| | * stars... so YMMV. 20| | * Using it to cut the input into slices small enough for fast_s_mp_mul_digs 21| | * was actually slower on the author's machine, but YMMV. 22| | */ 23| 13.0M| (min_len >= MP_KARATSUBA_MUL_CUTOFF) && ------------------ | | 121| 13.0M|# define MP_KARATSUBA_MUL_CUTOFF KARATSUBA_MUL_CUTOFF ------------------ | Branch (23:8): [True: 0, False: 13.0M] ------------------ 24| 13.0M| ((max_len / 2) >= MP_KARATSUBA_MUL_CUTOFF) && ------------------ | | 121| 0|# define MP_KARATSUBA_MUL_CUTOFF KARATSUBA_MUL_CUTOFF ------------------ | Branch (24:8): [True: 0, False: 0] ------------------ 25| | /* Not much effect was observed below a ratio of 1:2, but again: YMMV. */ 26| 13.0M| (max_len >= (2 * min_len))) { ------------------ | Branch (26:8): [True: 0, False: 0] ------------------ 27| 0| err = s_mp_balance_mul(a,b,c); 28| 13.0M| } else if (MP_HAS(S_MP_TOOM_MUL) && ------------------ | | 150| 26.1M|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 13.0M|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 13.0M|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 29| 13.0M| (min_len >= MP_TOOM_MUL_CUTOFF)) { ------------------ | | 123| 0|# define MP_TOOM_MUL_CUTOFF TOOM_MUL_CUTOFF ------------------ | Branch (29:15): [True: 0, False: 0] ------------------ 30| 0| err = s_mp_toom_mul(a, b, c); 31| 13.0M| } else if (MP_HAS(S_MP_KARATSUBA_MUL) && ------------------ | | 150| 26.1M|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 13.0M|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 13.0M|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 32| 13.0M| (min_len >= MP_KARATSUBA_MUL_CUTOFF)) { ------------------ | | 121| 0|# define MP_KARATSUBA_MUL_CUTOFF KARATSUBA_MUL_CUTOFF ------------------ | Branch (32:15): [True: 0, False: 0] ------------------ 33| 0| err = s_mp_karatsuba_mul(a, b, c); 34| 13.0M| } else if (MP_HAS(S_MP_MUL_DIGS_FAST) && ------------------ | | 150| 26.1M|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 13.0M|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 13.0M|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 35| | /* can we use the fast multiplier? 36| | * 37| | * The fast multiplier can be used if the output will 38| | * have less than MP_WARRAY digits and the number of 39| | * digits won't affect carry propagation 40| | */ 41| 13.0M| (digs < MP_WARRAY) && ------------------ | | 172| 13.0M|#define MP_WARRAY PRIVATE_MP_WARRAY | | ------------------ | | | | 203| 13.0M|#define PRIVATE_MP_WARRAY (int)(1uLL << (((CHAR_BIT * sizeof(private_mp_word)) - (2 * MP_DIGIT_BIT)) + 1)) | | | | ------------------ | | | | | | 82| 13.0M|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (41:15): [True: 13.0M, False: 0] ------------------ 42| 13.0M| (min_len <= MP_MAXFAST)) { ------------------ | | 168| 13.0M|#define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 167| 13.0M|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) | | ------------------ | | #define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 82| 13.0M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ | Branch (42:15): [True: 13.0M, False: 0] ------------------ 43| 13.0M| err = s_mp_mul_digs_fast(a, b, c, digs); 44| 13.0M| } else if (MP_HAS(S_MP_MUL_DIGS)) { ------------------ | | 150| 0|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 45| 0| err = s_mp_mul_digs(a, b, c, digs); 46| 0| } else { 47| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 48| 0| } 49| 13.0M| c->sign = (c->used > 0) ? neg : MP_ZPOS; ------------------ | | 151| 13.0M|#define MP_ZPOS 0 /* positive integer */ ------------------ | Branch (49:14): [True: 13.0M, False: 20.0k] ------------------ 50| 13.0M| return err; 51| 13.0M|} mp_mul_2: 8| 154k|{ 9| 154k| int x, oldused; 10| 154k| mp_err err; 11| | 12| | /* grow to accomodate result */ 13| 154k| if (b->alloc < (a->used + 1)) { ------------------ | Branch (13:8): [True: 0, False: 154k] ------------------ 14| 0| if ((err = mp_grow(b, a->used + 1)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (14:11): [True: 0, False: 0] ------------------ 15| 0| return err; 16| 0| } 17| 0| } 18| | 19| 154k| oldused = b->used; 20| 154k| b->used = a->used; 21| | 22| 154k| { 23| 154k| mp_digit r, rr, *tmpa, *tmpb; 24| | 25| | /* alias for source */ 26| 154k| tmpa = a->dp; 27| | 28| | /* alias for dest */ 29| 154k| tmpb = b->dp; 30| | 31| | /* carry */ 32| 154k| r = 0; 33| 4.55M| for (x = 0; x < a->used; x++) { ------------------ | Branch (33:19): [True: 4.39M, False: 154k] ------------------ 34| | 35| | /* get what will be the *next* carry bit from the 36| | * MSB of the current digit 37| | */ 38| 4.39M| rr = *tmpa >> (mp_digit)(MP_DIGIT_BIT - 1); ------------------ | | 82| 4.39M|# define MP_DIGIT_BIT 60 ------------------ 39| | 40| | /* now shift up this digit, add in the carry [from the previous] */ 41| 4.39M| *tmpb++ = ((*tmpa++ << 1uL) | r) & MP_MASK; ------------------ | | 106| 4.39M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 4.39M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 42| | 43| | /* copy the carry that would be from the source 44| | * digit into the next iteration 45| | */ 46| 4.39M| r = rr; 47| 4.39M| } 48| | 49| | /* new leading digit? */ 50| 154k| if (r != 0u) { ------------------ | Branch (50:11): [True: 999, False: 153k] ------------------ 51| | /* add a MSB which is always 1 at this point */ 52| 999| *tmpb = 1; 53| 999| ++(b->used); 54| 999| } 55| | 56| | /* now zero any excess digits on the destination 57| | * that we didn't write to 58| | */ 59| 154k| MP_ZERO_DIGITS(b->dp + b->used, oldused - b->used); ------------------ | | 89| 154k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 154k|do { \ | | 91| 154k| int zd_ = (digits); \ | | 92| 154k| mp_digit* zm_ = (mem); \ | | 93| 154k| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 0, False: 154k] | | ------------------ | | 94| 0| *zm_++ = 0; \ | | 95| 0| } \ | | 96| 154k|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 60| 154k| } 61| 154k| b->sign = a->sign; 62| 154k| return MP_OKAY; ------------------ | | 161| 154k|#define MP_OKAY 0 /* no error */ ------------------ 63| 154k|} mp_mul_2d: 8| 1.60M|{ 9| 1.60M| mp_digit d; 10| 1.60M| mp_err err; 11| | 12| | /* copy */ 13| 1.60M| if (a != c) { ------------------ | Branch (13:8): [True: 0, False: 1.60M] ------------------ 14| 0| if ((err = mp_copy(a, c)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (14:11): [True: 0, False: 0] ------------------ 15| 0| return err; 16| 0| } 17| 0| } 18| | 19| 1.60M| if (c->alloc < (c->used + (b / MP_DIGIT_BIT) + 1)) { ------------------ | | 82| 1.60M|# define MP_DIGIT_BIT 60 ------------------ | Branch (19:8): [True: 63.8k, False: 1.54M] ------------------ 20| 63.8k| if ((err = mp_grow(c, c->used + (b / MP_DIGIT_BIT) + 1)) != MP_OKAY) { ------------------ | | 82| 63.8k|# define MP_DIGIT_BIT 60 ------------------ if ((err = mp_grow(c, c->used + (b / MP_DIGIT_BIT) + 1)) != MP_OKAY) { ------------------ | | 161| 63.8k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (20:11): [True: 0, False: 63.8k] ------------------ 21| 0| return err; 22| 0| } 23| 63.8k| } 24| | 25| | /* shift by as many digits in the bit count */ 26| 1.60M| if (b >= MP_DIGIT_BIT) { ------------------ | | 82| 1.60M|# define MP_DIGIT_BIT 60 ------------------ | Branch (26:8): [True: 0, False: 1.60M] ------------------ 27| 0| if ((err = mp_lshd(c, b / MP_DIGIT_BIT)) != MP_OKAY) { ------------------ | | 82| 0|# define MP_DIGIT_BIT 60 ------------------ if ((err = mp_lshd(c, b / MP_DIGIT_BIT)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (27:11): [True: 0, False: 0] ------------------ 28| 0| return err; 29| 0| } 30| 0| } 31| | 32| | /* shift any bit count < MP_DIGIT_BIT */ 33| 1.60M| d = (mp_digit)(b % MP_DIGIT_BIT); ------------------ | | 82| 1.60M|# define MP_DIGIT_BIT 60 ------------------ 34| 1.60M| if (d != 0u) { ------------------ | Branch (34:8): [True: 1.60M, False: 0] ------------------ 35| 1.60M| mp_digit *tmpc, shift, mask, r, rr; 36| 1.60M| int x; 37| | 38| | /* bitmask for carries */ 39| 1.60M| mask = ((mp_digit)1 << d) - (mp_digit)1; 40| | 41| | /* shift for msbs */ 42| 1.60M| shift = (mp_digit)MP_DIGIT_BIT - d; ------------------ | | 82| 1.60M|# define MP_DIGIT_BIT 60 ------------------ 43| | 44| | /* alias */ 45| 1.60M| tmpc = c->dp; 46| | 47| | /* carry */ 48| 1.60M| r = 0; 49| 460M| for (x = 0; x < c->used; x++) { ------------------ | Branch (49:19): [True: 458M, False: 1.60M] ------------------ 50| | /* get the higher bits of the current word */ 51| 458M| rr = (*tmpc >> shift) & mask; 52| | 53| | /* shift the current word and OR in the carry */ 54| 458M| *tmpc = ((*tmpc << d) | r) & MP_MASK; ------------------ | | 106| 458M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 458M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 55| 458M| ++tmpc; 56| | 57| | /* set the carry to the carry bits of the current word */ 58| 458M| r = rr; 59| 458M| } 60| | 61| | /* set final carry */ 62| 1.60M| if (r != 0u) { ------------------ | Branch (62:11): [True: 3.19k, False: 1.60M] ------------------ 63| 3.19k| c->dp[(c->used)++] = r; 64| 3.19k| } 65| 1.60M| } 66| 1.60M| mp_clamp(c); 67| 1.60M| return MP_OKAY; ------------------ | | 161| 1.60M|#define MP_OKAY 0 /* no error */ ------------------ 68| 1.60M|} mp_mul_d: 8| 443k|{ 9| 443k| mp_digit u, *tmpa, *tmpc; 10| 443k| mp_word r; 11| 443k| mp_err err; 12| 443k| int ix, olduse; 13| | 14| | /* make sure c is big enough to hold a*b */ 15| 443k| if (c->alloc < (a->used + 1)) { ------------------ | Branch (15:8): [True: 920, False: 442k] ------------------ 16| 920| if ((err = mp_grow(c, a->used + 1)) != MP_OKAY) { ------------------ | | 161| 920|#define MP_OKAY 0 /* no error */ ------------------ | Branch (16:11): [True: 0, False: 920] ------------------ 17| 0| return err; 18| 0| } 19| 920| } 20| | 21| | /* get the original destinations used count */ 22| 443k| olduse = c->used; 23| | 24| | /* set the sign */ 25| 443k| c->sign = a->sign; 26| | 27| | /* alias for a->dp [source] */ 28| 443k| tmpa = a->dp; 29| | 30| | /* alias for c->dp [dest] */ 31| 443k| tmpc = c->dp; 32| | 33| | /* zero carry */ 34| 443k| u = 0; 35| | 36| | /* compute columns */ 37| 2.55M| for (ix = 0; ix < a->used; ix++) { ------------------ | Branch (37:17): [True: 2.10M, False: 443k] ------------------ 38| | /* compute product and carry sum for this term */ 39| 2.10M| r = (mp_word)u + ((mp_word)*tmpa++ * (mp_word)b); 40| | 41| | /* mask off higher bits to get a single digit */ 42| 2.10M| *tmpc++ = (mp_digit)(r & (mp_word)MP_MASK); ------------------ | | 106| 2.10M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 2.10M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 43| | 44| | /* send carry into next iteration */ 45| 2.10M| u = (mp_digit)(r >> (mp_word)MP_DIGIT_BIT); ------------------ | | 82| 2.10M|# define MP_DIGIT_BIT 60 ------------------ 46| 2.10M| } 47| | 48| | /* store final carry [if any] and increment ix offset */ 49| 443k| *tmpc++ = u; 50| 443k| ++ix; 51| | 52| | /* now zero digits above the top */ 53| 443k| MP_ZERO_DIGITS(tmpc, olduse - ix); ------------------ | | 89| 443k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 443k|do { \ | | 91| 443k| int zd_ = (digits); \ | | 92| 443k| mp_digit* zm_ = (mem); \ | | 93| 443k| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 0, False: 443k] | | ------------------ | | 94| 0| *zm_++ = 0; \ | | 95| 0| } \ | | 96| 443k|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 54| | 55| | /* set used count */ 56| 443k| c->used = a->used + 1; 57| 443k| mp_clamp(c); 58| | 59| 443k| return MP_OKAY; ------------------ | | 161| 443k|#define MP_OKAY 0 /* no error */ ------------------ 60| 443k|} mp_mulmod: 8| 5.33k|{ 9| 5.33k| mp_err err; 10| 5.33k| mp_int t; 11| | 12| 5.33k| if ((err = mp_init_size(&t, c->used)) != MP_OKAY) { ------------------ | | 161| 5.33k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (12:8): [True: 0, False: 5.33k] ------------------ 13| 0| return err; 14| 0| } 15| | 16| 5.33k| if ((err = mp_mul(a, b, &t)) != MP_OKAY) { ------------------ | | 161| 5.33k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (16:8): [True: 0, False: 5.33k] ------------------ 17| 0| goto LBL_ERR; 18| 0| } 19| 5.33k| err = mp_mod(&t, c, d); 20| | 21| 5.33k|LBL_ERR: 22| 5.33k| mp_clear(&t); 23| 5.33k| return err; 24| 5.33k|} mp_rand_source: 10| 1|{ 11| | /* Dropbear, don't reset to platform if source==NULL */ 12| 1| s_mp_rand_source = source; 13| 1|} mp_read_radix: 10| 3.12k|{ 11| 3.12k| mp_err err; 12| 3.12k| int y; 13| 3.12k| mp_sign neg; 14| 3.12k| unsigned pos; 15| 3.12k| char ch; 16| | 17| | /* zero the digit bignum */ 18| 3.12k| mp_zero(a); 19| | 20| | /* make sure the radix is ok */ 21| 3.12k| if ((radix < 2) || (radix > 64)) { ------------------ | Branch (21:8): [True: 0, False: 3.12k] | Branch (21:23): [True: 0, False: 3.12k] ------------------ 22| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 23| 0| } 24| | 25| | /* if the leading digit is a 26| | * minus set the sign to negative. 27| | */ 28| 3.12k| if (*str == '-') { ------------------ | Branch (28:8): [True: 0, False: 3.12k] ------------------ 29| 0| ++str; 30| 0| neg = MP_NEG; ------------------ | | 152| 0|#define MP_NEG 1 /* negative */ ------------------ 31| 3.12k| } else { 32| 3.12k| neg = MP_ZPOS; ------------------ | | 151| 3.12k|#define MP_ZPOS 0 /* positive integer */ ------------------ 33| 3.12k| } 34| | 35| | /* set the integer to the default of zero */ 36| 3.12k| mp_zero(a); 37| | 38| | /* process each digit of the string */ 39| 369k| while (*str != '\0') { ------------------ | Branch (39:11): [True: 366k, False: 3.12k] ------------------ 40| | /* if the radix <= 36 the conversion is case insensitive 41| | * this allows numbers like 1AB and 1ab to represent the same value 42| | * [e.g. in hex] 43| | */ 44| 366k| ch = (radix <= 36) ? (char)MP_TOUPPER((int)*str) : *str; ------------------ | | 6| 366k|#define MP_TOUPPER(c) ((((c) >= 'a') && ((c) <= 'z')) ? (((c) + 'A') - 'a') : (c)) | | ------------------ | | | Branch (6:25): [True: 0, False: 366k] | | | Branch (6:41): [True: 0, False: 0] | | ------------------ ------------------ | Branch (44:12): [True: 366k, False: 0] ------------------ 45| 366k| pos = (unsigned)(ch - '('); 46| 366k| if (mp_s_rmap_reverse_sz < pos) { ------------------ | Branch (46:11): [True: 0, False: 366k] ------------------ 47| 0| break; 48| 0| } 49| 366k| y = (int)mp_s_rmap_reverse[pos]; 50| | 51| | /* if the char was found in the map 52| | * and is less than the given radix add it 53| | * to the number, otherwise exit the loop. 54| | */ 55| 366k| if ((y == 0xff) || (y >= radix)) { ------------------ | Branch (55:11): [True: 0, False: 366k] | Branch (55:26): [True: 0, False: 366k] ------------------ 56| 0| break; 57| 0| } 58| 366k| if ((err = mp_mul_d(a, (mp_digit)radix, a)) != MP_OKAY) { ------------------ | | 161| 366k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (58:11): [True: 0, False: 366k] ------------------ 59| 0| return err; 60| 0| } 61| 366k| if ((err = mp_add_d(a, (mp_digit)y, a)) != MP_OKAY) { ------------------ | | 161| 366k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (61:11): [True: 0, False: 366k] ------------------ 62| 0| return err; 63| 0| } 64| 366k| ++str; 65| 366k| } 66| | 67| | /* if an illegal character was found, fail. */ 68| 3.12k| if (!((*str == '\0') || (*str == '\r') || (*str == '\n'))) { ------------------ | Branch (68:10): [True: 3.12k, False: 0] | Branch (68:28): [True: 0, False: 0] | Branch (68:46): [True: 0, False: 0] ------------------ 69| 0| mp_zero(a); 70| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 71| 0| } 72| | 73| | /* set the sign only if a != 0 */ 74| 3.12k| if (!MP_IS_ZERO(a)) { ------------------ | | 163| 3.12k|#define MP_IS_ZERO(a) ((a)->used == 0) ------------------ | Branch (74:8): [True: 3.12k, False: 0] ------------------ 75| 3.12k| a->sign = neg; 76| 3.12k| } 77| 3.12k| return MP_OKAY; ------------------ | | 161| 3.12k|#define MP_OKAY 0 /* no error */ ------------------ 78| 3.12k|} mp_reduce: 11| 26.3k|{ 12| 26.3k| mp_int q; 13| 26.3k| mp_err err; 14| 26.3k| int um = m->used; 15| | 16| | /* q = x */ 17| 26.3k| if ((err = mp_init_copy(&q, x)) != MP_OKAY) { ------------------ | | 161| 26.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (17:8): [True: 0, False: 26.3k] ------------------ 18| 0| return err; 19| 0| } 20| | 21| | /* q1 = x / b**(k-1) */ 22| 26.3k| mp_rshd(&q, um - 1); 23| | 24| | /* according to HAC this optimization is ok */ 25| 26.3k| if ((mp_digit)um > ((mp_digit)1 << (MP_DIGIT_BIT - 1))) { ------------------ | | 82| 26.3k|# define MP_DIGIT_BIT 60 ------------------ | Branch (25:8): [True: 0, False: 26.3k] ------------------ 26| 0| if ((err = mp_mul(&q, mu, &q)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (26:11): [True: 0, False: 0] ------------------ 27| 0| goto CLEANUP; 28| 0| } 29| 26.3k| } else if (MP_HAS(S_MP_MUL_HIGH_DIGS)) { ------------------ | | 150| 26.3k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 26.3k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 26.3k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 30| 26.3k| if ((err = s_mp_mul_high_digs(&q, mu, &q, um)) != MP_OKAY) { ------------------ | | 161| 26.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (30:11): [True: 0, False: 26.3k] ------------------ 31| 0| goto CLEANUP; 32| 0| } 33| 26.3k| } else if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST)) { ------------------ | | 150| 0|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 34| 0| if ((err = s_mp_mul_high_digs_fast(&q, mu, &q, um)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (34:11): [True: 0, False: 0] ------------------ 35| 0| goto CLEANUP; 36| 0| } 37| 0| } else { 38| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 39| 0| goto CLEANUP; 40| 0| } 41| | 42| | /* q3 = q2 / b**(k+1) */ 43| 26.3k| mp_rshd(&q, um + 1); 44| | 45| | /* x = x mod b**(k+1), quick (no division) */ 46| 26.3k| if ((err = mp_mod_2d(x, MP_DIGIT_BIT * (um + 1), x)) != MP_OKAY) { ------------------ | | 82| 26.3k|# define MP_DIGIT_BIT 60 ------------------ if ((err = mp_mod_2d(x, MP_DIGIT_BIT * (um + 1), x)) != MP_OKAY) { ------------------ | | 161| 26.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (46:8): [True: 0, False: 26.3k] ------------------ 47| 0| goto CLEANUP; 48| 0| } 49| | 50| | /* q = q * m mod b**(k+1), quick (no division) */ 51| 26.3k| if ((err = s_mp_mul_digs(&q, m, &q, um + 1)) != MP_OKAY) { ------------------ | | 161| 26.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (51:8): [True: 0, False: 26.3k] ------------------ 52| 0| goto CLEANUP; 53| 0| } 54| | 55| | /* x = x - q */ 56| 26.3k| if ((err = mp_sub(x, &q, x)) != MP_OKAY) { ------------------ | | 161| 26.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (56:8): [True: 0, False: 26.3k] ------------------ 57| 0| goto CLEANUP; 58| 0| } 59| | 60| | /* If x < 0, add b**(k+1) to it */ 61| 26.3k| if (mp_cmp_d(x, 0uL) == MP_LT) { ------------------ | | 154| 26.3k|#define MP_LT -1 /* less than */ ------------------ | Branch (61:8): [True: 901, False: 25.4k] ------------------ 62| 901| mp_set(&q, 1uL); 63| 901| if ((err = mp_lshd(&q, um + 1)) != MP_OKAY) { ------------------ | | 161| 901|#define MP_OKAY 0 /* no error */ ------------------ | Branch (63:11): [True: 0, False: 901] ------------------ 64| 0| goto CLEANUP; 65| 0| } 66| 901| if ((err = mp_add(x, &q, x)) != MP_OKAY) { ------------------ | | 161| 901|#define MP_OKAY 0 /* no error */ ------------------ | Branch (66:11): [True: 0, False: 901] ------------------ 67| 0| goto CLEANUP; 68| 0| } 69| 901| } 70| | 71| | /* Back off if it's too big */ 72| 83.1k| while (mp_cmp(x, m) != MP_LT) { ------------------ | | 154| 83.1k|#define MP_LT -1 /* less than */ ------------------ | Branch (72:11): [True: 56.8k, False: 26.3k] ------------------ 73| 56.8k| if ((err = s_mp_sub(x, m, x)) != MP_OKAY) { ------------------ | | 161| 56.8k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (73:11): [True: 0, False: 56.8k] ------------------ 74| 0| goto CLEANUP; 75| 0| } 76| 56.8k| } 77| | 78| 26.3k|CLEANUP: 79| 26.3k| mp_clear(&q); 80| | 81| 26.3k| return err; 82| 26.3k|} mp_reduce_2k_l: 11| 14.3k|{ 12| 14.3k| mp_int q; 13| 14.3k| mp_err err; 14| 14.3k| int p; 15| | 16| 14.3k| if ((err = mp_init(&q)) != MP_OKAY) { ------------------ | | 161| 14.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (16:8): [True: 0, False: 14.3k] ------------------ 17| 0| return err; 18| 0| } 19| | 20| 14.3k| p = mp_count_bits(n); 21| 6.59M|top: 22| | /* q = a/2**p, a = a mod 2**p */ 23| 6.59M| if ((err = mp_div_2d(a, p, &q, a)) != MP_OKAY) { ------------------ | | 161| 6.59M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (23:8): [True: 0, False: 6.59M] ------------------ 24| 0| goto LBL_ERR; 25| 0| } 26| | 27| | /* q = q * d */ 28| 6.59M| if ((err = mp_mul(&q, d, &q)) != MP_OKAY) { ------------------ | | 161| 6.59M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (28:8): [True: 0, False: 6.59M] ------------------ 29| 0| goto LBL_ERR; 30| 0| } 31| | 32| | /* a = a + q */ 33| 6.59M| if ((err = s_mp_add(a, &q, a)) != MP_OKAY) { ------------------ | | 161| 6.59M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (33:8): [True: 0, False: 6.59M] ------------------ 34| 0| goto LBL_ERR; 35| 0| } 36| | 37| 6.59M| if (mp_cmp_mag(a, n) != MP_LT) { ------------------ | | 154| 6.59M|#define MP_LT -1 /* less than */ ------------------ | Branch (37:8): [True: 6.57M, False: 14.3k] ------------------ 38| 6.57M| if ((err = s_mp_sub(a, n, a)) != MP_OKAY) { ------------------ | | 161| 6.57M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (38:11): [True: 0, False: 6.57M] ------------------ 39| 0| goto LBL_ERR; 40| 0| } 41| 6.57M| goto top; 42| 6.57M| } 43| | 44| 14.3k|LBL_ERR: 45| 14.3k| mp_clear(&q); 46| 14.3k| return err; 47| 6.59M|} mp_reduce_2k_setup_l: 8| 163|{ 9| 163| mp_err err; 10| 163| mp_int tmp; 11| | 12| 163| if ((err = mp_init(&tmp)) != MP_OKAY) { ------------------ | | 161| 163|#define MP_OKAY 0 /* no error */ ------------------ | Branch (12:8): [True: 0, False: 163] ------------------ 13| 0| return err; 14| 0| } 15| | 16| 163| if ((err = mp_2expt(&tmp, mp_count_bits(a))) != MP_OKAY) { ------------------ | | 161| 163|#define MP_OKAY 0 /* no error */ ------------------ | Branch (16:8): [True: 0, False: 163] ------------------ 17| 0| goto LBL_ERR; 18| 0| } 19| | 20| 163| if ((err = s_mp_sub(&tmp, a, d)) != MP_OKAY) { ------------------ | | 161| 163|#define MP_OKAY 0 /* no error */ ------------------ | Branch (20:8): [True: 0, False: 163] ------------------ 21| 0| goto LBL_ERR; 22| 0| } 23| | 24| 163|LBL_ERR: 25| 163| mp_clear(&tmp); 26| 163| return err; 27| 163|} mp_reduce_is_2k: 8| 2.88k|{ 9| 2.88k| int ix, iy, iw; 10| 2.88k| mp_digit iz; 11| | 12| 2.88k| if (a->used == 0) { ------------------ | Branch (12:8): [True: 0, False: 2.88k] ------------------ 13| 0| return MP_NO; ------------------ | | 159| 0|#define MP_NO 0 ------------------ 14| 2.88k| } else if (a->used == 1) { ------------------ | Branch (14:15): [True: 0, False: 2.88k] ------------------ 15| 0| return MP_YES; ------------------ | | 158| 0|#define MP_YES 1 ------------------ 16| 2.88k| } else if (a->used > 1) { ------------------ | Branch (16:15): [True: 2.88k, False: 0] ------------------ 17| 2.88k| iy = mp_count_bits(a); 18| 2.88k| iz = 1; 19| 2.88k| iw = 1; 20| | 21| | /* Test every bit from the second digit up, must be 1 */ 22| 30.9k| for (ix = MP_DIGIT_BIT; ix < iy; ix++) { ------------------ | | 82| 2.88k|# define MP_DIGIT_BIT 60 ------------------ | Branch (22:31): [True: 30.9k, False: 0] ------------------ 23| 30.9k| if ((a->dp[iw] & iz) == 0u) { ------------------ | Branch (23:14): [True: 2.88k, False: 28.1k] ------------------ 24| 2.88k| return MP_NO; ------------------ | | 159| 2.88k|#define MP_NO 0 ------------------ 25| 2.88k| } 26| 28.1k| iz <<= 1; 27| 28.1k| if (iz > MP_DIGIT_MAX) { ------------------ | | 107| 28.1k|#define MP_DIGIT_MAX MP_MASK | | ------------------ | | | | 106| 28.1k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | | | ------------------ | | | | | | 82| 28.1k|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (27:14): [True: 209, False: 27.9k] ------------------ 28| 209| ++iw; 29| 209| iz = 1; 30| 209| } 31| 28.1k| } 32| 0| return MP_YES; ------------------ | | 158| 0|#define MP_YES 1 ------------------ 33| 2.88k| } else { 34| 0| return MP_YES; ------------------ | | 158| 0|#define MP_YES 1 ------------------ 35| 0| } 36| 2.88k|} mp_reduce_is_2k_l: 8| 3.04k|{ 9| 3.04k| int ix, iy; 10| | 11| 3.04k| if (a->used == 0) { ------------------ | Branch (11:8): [True: 0, False: 3.04k] ------------------ 12| 0| return MP_NO; ------------------ | | 159| 0|#define MP_NO 0 ------------------ 13| 3.04k| } else if (a->used == 1) { ------------------ | Branch (13:15): [True: 0, False: 3.04k] ------------------ 14| 0| return MP_YES; ------------------ | | 158| 0|#define MP_YES 1 ------------------ 15| 3.04k| } else if (a->used > 1) { ------------------ | Branch (15:15): [True: 3.04k, False: 0] ------------------ 16| | /* if more than half of the digits are -1 we're sold */ 17| 96.7k| for (iy = ix = 0; ix < a->used; ix++) { ------------------ | Branch (17:25): [True: 93.6k, False: 3.04k] ------------------ 18| 93.6k| if (a->dp[ix] == MP_DIGIT_MAX) { ------------------ | | 107| 93.6k|#define MP_DIGIT_MAX MP_MASK | | ------------------ | | | | 106| 93.6k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | | | ------------------ | | | | | | 82| 93.6k|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (18:14): [True: 5.04k, False: 88.6k] ------------------ 19| 5.04k| ++iy; 20| 5.04k| } 21| 93.6k| } 22| 3.04k| return (iy >= (a->used/2)) ? MP_YES : MP_NO; ------------------ | | 158| 163|#define MP_YES 1 ------------------ return (iy >= (a->used/2)) ? MP_YES : MP_NO; ------------------ | | 159| 2.88k|#define MP_NO 0 ------------------ | Branch (22:14): [True: 163, False: 2.88k] ------------------ 23| 3.04k| } else { 24| 0| return MP_NO; ------------------ | | 159| 0|#define MP_NO 0 ------------------ 25| 0| } 26| 3.04k|} mp_reduce_setup: 10| 319|{ 11| 319| mp_err err; 12| 319| if ((err = mp_2expt(a, b->used * 2 * MP_DIGIT_BIT)) != MP_OKAY) { ------------------ | | 82| 319|# define MP_DIGIT_BIT 60 ------------------ if ((err = mp_2expt(a, b->used * 2 * MP_DIGIT_BIT)) != MP_OKAY) { ------------------ | | 161| 319|#define MP_OKAY 0 /* no error */ ------------------ | Branch (12:8): [True: 0, False: 319] ------------------ 13| 0| return err; 14| 0| } 15| 319| return mp_div(a, b, a, NULL); 16| 319|} mp_rshd: 8| 6.65M|{ 9| 6.65M| int x; 10| 6.65M| mp_digit *bottom, *top; 11| | 12| | /* if b <= 0 then ignore it */ 13| 6.65M| if (b <= 0) { ------------------ | Branch (13:8): [True: 18, False: 6.65M] ------------------ 14| 18| return; 15| 18| } 16| | 17| | /* if b > used then simply zero it and return */ 18| 6.65M| if (a->used <= b) { ------------------ | Branch (18:8): [True: 29.4k, False: 6.62M] ------------------ 19| 29.4k| mp_zero(a); 20| 29.4k| return; 21| 29.4k| } 22| | 23| | /* shift the digits down */ 24| | 25| | /* bottom */ 26| 6.62M| bottom = a->dp; 27| | 28| | /* top [offset into digits] */ 29| 6.62M| top = a->dp + b; 30| | 31| | /* this is implemented as a sliding window where 32| | * the window is b-digits long and digits from 33| | * the top of the window are copied to the bottom 34| | * 35| | * e.g. 36| | 37| | b-2 | b-1 | b0 | b1 | b2 | ... | bb | ----> 38| | /\ | ----> 39| | \-------------------/ ----> 40| | */ 41| 66.8M| for (x = 0; x < (a->used - b); x++) { ------------------ | Branch (41:16): [True: 60.1M, False: 6.62M] ------------------ 42| 60.1M| *bottom++ = *top++; 43| 60.1M| } 44| | 45| | /* zero the top digits */ 46| 6.62M| MP_ZERO_DIGITS(bottom, a->used - x); ------------------ | | 89| 6.62M|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 6.62M|do { \ | | 91| 6.62M| int zd_ = (digits); \ | | 92| 6.62M| mp_digit* zm_ = (mem); \ | | 93| 119M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 113M, False: 6.62M] | | ------------------ | | 94| 113M| *zm_++ = 0; \ | | 95| 113M| } \ | | 96| 6.62M|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 47| | 48| | /* remove excess digits */ 49| 6.62M| a->used -= b; 50| 6.62M|} mp_set: 8| 2.59k|{ 9| 2.59k| a->dp[0] = b & MP_MASK; ------------------ | | 106| 2.59k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 2.59k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 10| 2.59k| a->sign = MP_ZPOS; ------------------ | | 151| 2.59k|#define MP_ZPOS 0 /* positive integer */ ------------------ 11| 2.59k| a->used = (a->dp[0] != 0u) ? 1 : 0; ------------------ | Branch (11:15): [True: 2.59k, False: 0] ------------------ 12| 2.59k| MP_ZERO_DIGITS(a->dp + a->used, a->alloc - a->used); ------------------ | | 89| 2.59k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 2.59k|do { \ | | 91| 2.59k| int zd_ = (digits); \ | | 92| 2.59k| mp_digit* zm_ = (mem); \ | | 93| 86.5k| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 83.9k, False: 2.59k] | | ------------------ | | 94| 83.9k| *zm_++ = 0; \ | | 95| 83.9k| } \ | | 96| 2.59k|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 13| 2.59k|} mp_sqr: 8| 7.58M|{ 9| 7.58M| mp_err err; 10| 7.58M| if (MP_HAS(S_MP_TOOM_SQR) && /* use Toom-Cook? */ ------------------ | | 150| 15.1M|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 7.58M|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 7.58M|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 11| 7.58M| (a->used >= MP_TOOM_SQR_CUTOFF)) { ------------------ | | 124| 0|# define MP_TOOM_SQR_CUTOFF TOOM_SQR_CUTOFF ------------------ | Branch (11:8): [True: 0, False: 0] ------------------ 12| 0| err = s_mp_toom_sqr(a, b); 13| 7.58M| } else if (MP_HAS(S_MP_KARATSUBA_SQR) && /* Karatsuba? */ ------------------ | | 150| 15.1M|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 7.58M|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 7.58M|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 14| 7.58M| (a->used >= MP_KARATSUBA_SQR_CUTOFF)) { ------------------ | | 122| 0|# define MP_KARATSUBA_SQR_CUTOFF KARATSUBA_SQR_CUTOFF ------------------ | Branch (14:15): [True: 0, False: 0] ------------------ 15| 0| err = s_mp_karatsuba_sqr(a, b); 16| 7.58M| } else if (MP_HAS(S_MP_SQR_FAST) && /* can we use the fast comba multiplier? */ ------------------ | | 150| 15.1M|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 7.58M|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 7.58M|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 17| 7.58M| (((a->used * 2) + 1) < MP_WARRAY) && ------------------ | | 172| 7.58M|#define MP_WARRAY PRIVATE_MP_WARRAY | | ------------------ | | | | 203| 7.58M|#define PRIVATE_MP_WARRAY (int)(1uLL << (((CHAR_BIT * sizeof(private_mp_word)) - (2 * MP_DIGIT_BIT)) + 1)) | | | | ------------------ | | | | | | 82| 7.58M|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (17:15): [True: 7.58M, False: 0] ------------------ 18| 7.58M| (a->used < (MP_MAXFAST / 2))) { ------------------ | | 168| 7.58M|#define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 167| 7.58M|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) | | ------------------ | | #define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 82| 7.58M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ | Branch (18:15): [True: 7.58M, False: 0] ------------------ 19| 7.58M| err = s_mp_sqr_fast(a, b); 20| 7.58M| } else if (MP_HAS(S_MP_SQR)) { ------------------ | | 150| 0|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 21| 0| err = s_mp_sqr(a, b); 22| 0| } else { 23| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 24| 0| } 25| 7.58M| b->sign = MP_ZPOS; ------------------ | | 151| 7.58M|#define MP_ZPOS 0 /* positive integer */ ------------------ 26| 7.58M| return err; 27| 7.58M|} mp_sub: 8| 6.90M|{ 9| 6.90M| mp_sign sa = a->sign, sb = b->sign; 10| 6.90M| mp_err err; 11| | 12| 6.90M| if (sa != sb) { ------------------ | Branch (12:8): [True: 277k, False: 6.62M] ------------------ 13| | /* subtract a negative from a positive, OR */ 14| | /* subtract a positive from a negative. */ 15| | /* In either case, ADD their magnitudes, */ 16| | /* and use the sign of the first number. */ 17| 277k| c->sign = sa; 18| 277k| err = s_mp_add(a, b, c); 19| 6.62M| } else { 20| | /* subtract a positive from a positive, OR */ 21| | /* subtract a negative from a negative. */ 22| | /* First, take the difference between their */ 23| | /* magnitudes, then... */ 24| 6.62M| if (mp_cmp_mag(a, b) != MP_LT) { ------------------ | | 154| 6.62M|#define MP_LT -1 /* less than */ ------------------ | Branch (24:11): [True: 4.39M, False: 2.22M] ------------------ 25| | /* Copy the sign from the first */ 26| 4.39M| c->sign = sa; 27| | /* The first has a larger or equal magnitude */ 28| 4.39M| err = s_mp_sub(a, b, c); 29| 4.39M| } else { 30| | /* The result has the *opposite* sign from */ 31| | /* the first number. */ 32| 2.22M| c->sign = (sa == MP_ZPOS) ? MP_NEG : MP_ZPOS; ------------------ | | 151| 2.22M|#define MP_ZPOS 0 /* positive integer */ ------------------ c->sign = (sa == MP_ZPOS) ? MP_NEG : MP_ZPOS; ------------------ | | 152| 2.11M|#define MP_NEG 1 /* negative */ ------------------ c->sign = (sa == MP_ZPOS) ? MP_NEG : MP_ZPOS; ------------------ | | 151| 2.34M|#define MP_ZPOS 0 /* positive integer */ ------------------ | Branch (32:20): [True: 2.11M, False: 115k] ------------------ 33| | /* The second has a larger magnitude */ 34| 2.22M| err = s_mp_sub(b, a, c); 35| 2.22M| } 36| 6.62M| } 37| 6.90M| return err; 38| 6.90M|} mp_sub_d: 8| 2.27k|{ 9| 2.27k| mp_digit *tmpa, *tmpc; 10| 2.27k| mp_err err; 11| 2.27k| int ix, oldused; 12| | 13| | /* grow c as required */ 14| 2.27k| if (c->alloc < (a->used + 1)) { ------------------ | Branch (14:8): [True: 2.27k, False: 0] ------------------ 15| 2.27k| if ((err = mp_grow(c, a->used + 1)) != MP_OKAY) { ------------------ | | 161| 2.27k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (15:11): [True: 0, False: 2.27k] ------------------ 16| 0| return err; 17| 0| } 18| 2.27k| } 19| | 20| | /* if a is negative just do an unsigned 21| | * addition [with fudged signs] 22| | */ 23| 2.27k| if (a->sign == MP_NEG) { ------------------ | | 152| 2.27k|#define MP_NEG 1 /* negative */ ------------------ | Branch (23:8): [True: 0, False: 2.27k] ------------------ 24| 0| mp_int a_ = *a; 25| 0| a_.sign = MP_ZPOS; ------------------ | | 151| 0|#define MP_ZPOS 0 /* positive integer */ ------------------ 26| 0| err = mp_add_d(&a_, b, c); 27| 0| c->sign = MP_NEG; ------------------ | | 152| 0|#define MP_NEG 1 /* negative */ ------------------ 28| | 29| | /* clamp */ 30| 0| mp_clamp(c); 31| | 32| 0| return err; 33| 0| } 34| | 35| | /* setup regs */ 36| 2.27k| oldused = c->used; 37| 2.27k| tmpa = a->dp; 38| 2.27k| tmpc = c->dp; 39| | 40| | /* if a <= b simply fix the single digit */ 41| 2.27k| if (((a->used == 1) && (a->dp[0] <= b)) || (a->used == 0)) { ------------------ | Branch (41:9): [True: 0, False: 2.27k] | Branch (41:27): [True: 0, False: 0] | Branch (41:47): [True: 0, False: 2.27k] ------------------ 42| 0| if (a->used == 1) { ------------------ | Branch (42:11): [True: 0, False: 0] ------------------ 43| 0| *tmpc++ = b - *tmpa; 44| 0| } else { 45| 0| *tmpc++ = b; 46| 0| } 47| 0| ix = 1; 48| | 49| | /* negative/1digit */ 50| 0| c->sign = MP_NEG; ------------------ | | 152| 0|#define MP_NEG 1 /* negative */ ------------------ 51| 0| c->used = 1; 52| 2.27k| } else { 53| 2.27k| mp_digit mu = b; 54| | 55| | /* positive/size */ 56| 2.27k| c->sign = MP_ZPOS; ------------------ | | 151| 2.27k|#define MP_ZPOS 0 /* positive integer */ ------------------ 57| 2.27k| c->used = a->used; 58| | 59| | /* subtract digits, mu is carry */ 60| 81.7k| for (ix = 0; ix < a->used; ix++) { ------------------ | Branch (60:20): [True: 79.5k, False: 2.27k] ------------------ 61| 79.5k| *tmpc = *tmpa++ - mu; 62| 79.5k| mu = *tmpc >> (MP_SIZEOF_BITS(mp_digit) - 1u); ------------------ | | 167| 79.5k|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) ------------------ 63| 79.5k| *tmpc++ &= MP_MASK; ------------------ | | 106| 79.5k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 79.5k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 64| 79.5k| } 65| 2.27k| } 66| | 67| | /* zero excess digits */ 68| 2.27k| MP_ZERO_DIGITS(tmpc, oldused - ix); ------------------ | | 89| 2.27k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 2.27k|do { \ | | 91| 2.27k| int zd_ = (digits); \ | | 92| 2.27k| mp_digit* zm_ = (mem); \ | | 93| 2.27k| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 0, False: 2.27k] | | ------------------ | | 94| 0| *zm_++ = 0; \ | | 95| 0| } \ | | 96| 2.27k|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 69| | 70| 2.27k| mp_clamp(c); 71| 2.27k| return MP_OKAY; ------------------ | | 161| 2.27k|#define MP_OKAY 0 /* no error */ ------------------ 72| 2.27k|} mp_to_ubin: 8| 8.37k|{ 9| 8.37k| size_t x, count; 10| 8.37k| mp_err err; 11| 8.37k| mp_int t; 12| | 13| 8.37k| count = mp_ubin_size(a); 14| 8.37k| if (count > maxlen) { ------------------ | Branch (14:8): [True: 0, False: 8.37k] ------------------ 15| 0| return MP_BUF; ------------------ | | 167| 0|#define MP_BUF -5 /* buffer overflow, supplied buffer too small */ ------------------ 16| 0| } 17| | 18| 8.37k| if ((err = mp_init_copy(&t, a)) != MP_OKAY) { ------------------ | | 161| 8.37k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (18:8): [True: 0, False: 8.37k] ------------------ 19| 0| return err; 20| 0| } 21| | 22| 1.15M| for (x = count; x --> 0u;) { ------------------ | Branch (22:20): [True: 1.14M, False: 8.37k] ------------------ 23| 1.14M|#ifndef MP_8BIT 24| 1.14M| buf[x] = (unsigned char)(t.dp[0] & 255u); 25| |#else 26| | buf[x] = (unsigned char)(t.dp[0] | ((t.dp[1] & 1u) << 7)); 27| |#endif 28| 1.14M| if ((err = mp_div_2d(&t, 8, &t, NULL)) != MP_OKAY) { ------------------ | | 161| 1.14M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (28:11): [True: 0, False: 1.14M] ------------------ 29| 0| goto LBL_ERR; 30| 0| } 31| 1.14M| } 32| | 33| 8.37k| if (written != NULL) { ------------------ | Branch (33:8): [True: 6.45k, False: 1.92k] ------------------ 34| 6.45k| *written = count; 35| 6.45k| } 36| | 37| 8.37k|LBL_ERR: 38| 8.37k| mp_clear(&t); 39| 8.37k| return err; 40| 8.37k|} mp_ubin_size: 8| 11.5k|{ 9| 11.5k| size_t size = (size_t)mp_count_bits(a); 10| 11.5k| return (size / 8u) + (((size & 7u) != 0u) ? 1u : 0u); ------------------ | Branch (10:26): [True: 7.87k, False: 3.68k] ------------------ 11| 11.5k|} mp_zero: 8| 98.0k|{ 9| 98.0k| a->sign = MP_ZPOS; ------------------ | | 151| 98.0k|#define MP_ZPOS 0 /* positive integer */ ------------------ 10| 98.0k| a->used = 0; 11| 98.0k| MP_ZERO_DIGITS(a->dp, a->alloc); ------------------ | | 89| 98.0k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 98.0k|do { \ | | 91| 98.0k| int zd_ = (digits); \ | | 92| 98.0k| mp_digit* zm_ = (mem); \ | | 93| 2.85M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 2.75M, False: 98.0k] | | ------------------ | | 94| 2.75M| *zm_++ = 0; \ | | 95| 2.75M| } \ | | 96| 98.0k|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 12| 98.0k|} s_mp_add: 8| 10.4M|{ 9| 10.4M| const mp_int *x; 10| 10.4M| mp_err err; 11| 10.4M| int olduse, min, max; 12| | 13| | /* find sizes, we let |a| <= |b| which means we have to sort 14| | * them. "x" will point to the input with the most digits 15| | */ 16| 10.4M| if (a->used > b->used) { ------------------ | Branch (16:8): [True: 20.5k, False: 10.4M] ------------------ 17| 20.5k| min = b->used; 18| 20.5k| max = a->used; 19| 20.5k| x = a; 20| 10.4M| } else { 21| 10.4M| min = a->used; 22| 10.4M| max = b->used; 23| 10.4M| x = b; 24| 10.4M| } 25| | 26| | /* init result */ 27| 10.4M| if (c->alloc < (max + 1)) { ------------------ | Branch (27:8): [True: 31, False: 10.4M] ------------------ 28| 31| if ((err = mp_grow(c, max + 1)) != MP_OKAY) { ------------------ | | 161| 31|#define MP_OKAY 0 /* no error */ ------------------ | Branch (28:11): [True: 0, False: 31] ------------------ 29| 0| return err; 30| 0| } 31| 31| } 32| | 33| | /* get old used digit count and set new one */ 34| 10.4M| olduse = c->used; 35| 10.4M| c->used = max + 1; 36| | 37| 10.4M| { 38| 10.4M| mp_digit u, *tmpa, *tmpb, *tmpc; 39| 10.4M| int i; 40| | 41| | /* alias for digit pointers */ 42| | 43| | /* first input */ 44| 10.4M| tmpa = a->dp; 45| | 46| | /* second input */ 47| 10.4M| tmpb = b->dp; 48| | 49| | /* destination */ 50| 10.4M| tmpc = c->dp; 51| | 52| | /* zero the carry */ 53| 10.4M| u = 0; 54| 161M| for (i = 0; i < min; i++) { ------------------ | Branch (54:19): [True: 151M, False: 10.4M] ------------------ 55| | /* Compute the sum at one digit, T[i] = A[i] + B[i] + U */ 56| 151M| *tmpc = *tmpa++ + *tmpb++ + u; 57| | 58| | /* U = carry bit of T[i] */ 59| 151M| u = *tmpc >> (mp_digit)MP_DIGIT_BIT; ------------------ | | 82| 151M|# define MP_DIGIT_BIT 60 ------------------ 60| | 61| | /* take away carry bit from T[i] */ 62| 151M| *tmpc++ &= MP_MASK; ------------------ | | 106| 151M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 151M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 63| 151M| } 64| | 65| | /* now copy higher words if any, that is in A+B 66| | * if A or B has more digits add those in 67| | */ 68| 10.4M| if (min != max) { ------------------ | Branch (68:11): [True: 6.24M, False: 4.24M] ------------------ 69| 59.7M| for (; i < max; i++) { ------------------ | Branch (69:17): [True: 53.5M, False: 6.24M] ------------------ 70| | /* T[i] = X[i] + U */ 71| 53.5M| *tmpc = x->dp[i] + u; 72| | 73| | /* U = carry bit of T[i] */ 74| 53.5M| u = *tmpc >> (mp_digit)MP_DIGIT_BIT; ------------------ | | 82| 53.5M|# define MP_DIGIT_BIT 60 ------------------ 75| | 76| | /* take away carry bit from T[i] */ 77| 53.5M| *tmpc++ &= MP_MASK; ------------------ | | 106| 53.5M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 53.5M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 78| 53.5M| } 79| 6.24M| } 80| | 81| | /* add carry */ 82| 10.4M| *tmpc++ = u; 83| | 84| | /* clear digits above oldused */ 85| 10.4M| MP_ZERO_DIGITS(tmpc, olduse - c->used); ------------------ | | 89| 10.4M|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 10.4M|do { \ | | 91| 10.4M| int zd_ = (digits); \ | | 92| 10.4M| mp_digit* zm_ = (mem); \ | | 93| 10.4M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 0, False: 10.4M] | | ------------------ | | 94| 0| *zm_++ = 0; \ | | 95| 0| } \ | | 96| 10.4M|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 86| 10.4M| } 87| | 88| 10.4M| mp_clamp(c); 89| 10.4M| return MP_OKAY; ------------------ | | 161| 10.4M|#define MP_OKAY 0 /* no error */ ------------------ 90| 10.4M|} s_mp_exptmod: 15| 482|{ 16| 482| mp_int M[TAB_SIZE], res, mu; 17| 482| mp_digit buf; 18| 482| mp_err err; 19| 482| int bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize; 20| 482| mp_err(*redux)(mp_int *x, const mp_int *m, const mp_int *mu); 21| | 22| | /* find window size */ 23| 482| x = mp_count_bits(X); 24| 482| if (x <= 7) { ------------------ | Branch (24:8): [True: 131, False: 351] ------------------ 25| 131| winsize = 2; 26| 351| } else if (x <= 36) { ------------------ | Branch (26:15): [True: 41, False: 310] ------------------ 27| 41| winsize = 3; 28| 310| } else if (x <= 140) { ------------------ | Branch (28:15): [True: 186, False: 124] ------------------ 29| 186| winsize = 4; 30| 186| } else if (x <= 450) { ------------------ | Branch (30:15): [True: 124, False: 0] ------------------ 31| 124| winsize = 5; 32| 124| } else if (x <= 1303) { ------------------ | Branch (32:15): [True: 0, False: 0] ------------------ 33| 0| winsize = 6; 34| 0| } else if (x <= 3529) { ------------------ | Branch (34:15): [True: 0, False: 0] ------------------ 35| 0| winsize = 7; 36| 0| } else { 37| 0| winsize = 8; 38| 0| } 39| | 40| 482| winsize = MAX_WINSIZE ? MP_MIN(MAX_WINSIZE, winsize) : winsize; ------------------ | | 11| 482|# define MAX_WINSIZE 0 | | ------------------ | | | Branch (11:24): [Folded - Ignored] | | ------------------ ------------------ winsize = MAX_WINSIZE ? MP_MIN(MAX_WINSIZE, winsize) : winsize; ------------------ | | 156| 0|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 0, False: 0] | | ------------------ ------------------ 41| | 42| | /* init M array */ 43| | /* init first cell */ 44| 482| if ((err = mp_init(&M[1])) != MP_OKAY) { ------------------ | | 161| 482|#define MP_OKAY 0 /* no error */ ------------------ | Branch (44:8): [True: 0, False: 482] ------------------ 45| 0| return err; 46| 0| } 47| | 48| | /* now init the second half of the array */ 49| 4.38k| for (x = 1<<(winsize-1); x < (1 << winsize); x++) { ------------------ | Branch (49:29): [True: 3.89k, False: 482] ------------------ 50| 3.89k| if ((err = mp_init(&M[x])) != MP_OKAY) { ------------------ | | 161| 3.89k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (50:11): [True: 0, False: 3.89k] ------------------ 51| 0| for (y = 1<<(winsize-1); y < x; y++) { ------------------ | Branch (51:35): [True: 0, False: 0] ------------------ 52| 0| mp_clear(&M[y]); 53| 0| } 54| 0| mp_clear(&M[1]); 55| 0| return err; 56| 0| } 57| 3.89k| } 58| | 59| | /* create mu, used for Barrett reduction */ 60| 482| if ((err = mp_init(&mu)) != MP_OKAY) goto LBL_M; ------------------ | | 161| 482|#define MP_OKAY 0 /* no error */ ------------------ | Branch (60:8): [True: 0, False: 482] ------------------ 61| | 62| 482| if (redmode == 0) { ------------------ | Branch (62:8): [True: 319, False: 163] ------------------ 63| 319| if ((err = mp_reduce_setup(&mu, P)) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 319|#define MP_OKAY 0 /* no error */ ------------------ | Branch (63:11): [True: 0, False: 319] ------------------ 64| 319| redux = mp_reduce; 65| 319| } else { 66| 163| if ((err = mp_reduce_2k_setup_l(P, &mu)) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 163|#define MP_OKAY 0 /* no error */ ------------------ | Branch (66:11): [True: 0, False: 163] ------------------ 67| 163| redux = mp_reduce_2k_l; 68| 163| } 69| | 70| | /* create M table 71| | * 72| | * The M table contains powers of the base, 73| | * e.g. M[x] = G**x mod P 74| | * 75| | * The first half of the table is not 76| | * computed though accept for M[0] and M[1] 77| | */ 78| 482| if ((err = mp_mod(G, P, &M[1])) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 482|#define MP_OKAY 0 /* no error */ ------------------ | Branch (78:8): [True: 0, False: 482] ------------------ 79| | 80| | /* compute the value at M[1<<(winsize-1)] by squaring 81| | * M[1] (winsize-1) times 82| | */ 83| 482| if ((err = mp_copy(&M[1], &M[(size_t)1 << (winsize - 1)])) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 482|#define MP_OKAY 0 /* no error */ ------------------ | Branch (83:8): [True: 0, False: 482] ------------------ 84| | 85| 1.74k| for (x = 0; x < (winsize - 1); x++) { ------------------ | Branch (85:16): [True: 1.26k, False: 482] ------------------ 86| | /* square it */ 87| 1.26k| if ((err = mp_sqr(&M[(size_t)1 << (winsize - 1)], ------------------ | Branch (87:11): [True: 0, False: 1.26k] ------------------ 88| 1.26k| &M[(size_t)1 << (winsize - 1)])) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 1.26k|#define MP_OKAY 0 /* no error */ ------------------ 89| | 90| | /* reduce modulo P */ 91| 1.26k| if ((err = redux(&M[(size_t)1 << (winsize - 1)], P, &mu)) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 1.26k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (91:11): [True: 0, False: 1.26k] ------------------ 92| 1.26k| } 93| | 94| | /* create upper table, that is M[x] = M[x-1] * M[1] (mod P) 95| | * for x = (2**(winsize - 1) + 1) to (2**winsize - 1) 96| | */ 97| 3.89k| for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) { ------------------ | Branch (97:39): [True: 3.41k, False: 482] ------------------ 98| 3.41k| if ((err = mp_mul(&M[x - 1], &M[1], &M[x])) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 3.41k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (98:11): [True: 0, False: 3.41k] ------------------ 99| 3.41k| if ((err = redux(&M[x], P, &mu)) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 3.41k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (99:11): [True: 0, False: 3.41k] ------------------ 100| 3.41k| } 101| | 102| | /* setup result */ 103| 482| if ((err = mp_init(&res)) != MP_OKAY) goto LBL_MU; ------------------ | | 161| 482|#define MP_OKAY 0 /* no error */ ------------------ | Branch (103:8): [True: 0, False: 482] ------------------ 104| 482| mp_set(&res, 1uL); 105| | 106| | /* set initial mode and bit cnt */ 107| 482| mode = 0; 108| 482| bitcnt = 1; 109| 482| buf = 0; 110| 482| digidx = X->used - 1; 111| 482| bitcpy = 0; 112| 482| bitbuf = 0; 113| | 114| 39.1k| for (;;) { 115| | /* grab next digit as required */ 116| 39.1k| if (--bitcnt == 0) { ------------------ | Branch (116:11): [True: 1.12k, False: 37.9k] ------------------ 117| | /* if digidx == -1 we are out of digits */ 118| 1.12k| if (digidx == -1) { ------------------ | Branch (118:14): [True: 482, False: 644] ------------------ 119| 482| break; 120| 482| } 121| | /* read next digit and reset the bitcnt */ 122| 644| buf = X->dp[digidx--]; 123| 644| bitcnt = (int)MP_DIGIT_BIT; ------------------ | | 82| 644|# define MP_DIGIT_BIT 60 ------------------ 124| 644| } 125| | 126| | /* grab the next msb from the exponent */ 127| 38.6k| y = (buf >> (mp_digit)(MP_DIGIT_BIT - 1)) & 1uL; ------------------ | | 82| 38.6k|# define MP_DIGIT_BIT 60 ------------------ 128| 38.6k| buf <<= (mp_digit)1; 129| | 130| | /* if the bit is zero and mode == 0 then we ignore it 131| | * These represent the leading zero bits before the first 1 bit 132| | * in the exponent. Technically this opt is not required but it 133| | * does lower the # of trivial squaring/reductions used 134| | */ 135| 38.6k| if ((mode == 0) && (y == 0)) { ------------------ | Branch (135:11): [True: 8.04k, False: 30.5k] | Branch (135:26): [True: 7.67k, False: 369] ------------------ 136| 7.67k| continue; 137| 7.67k| } 138| | 139| | /* if the bit is zero and mode == 1 then we square */ 140| 30.9k| if ((mode == 1) && (y == 0)) { ------------------ | Branch (140:11): [True: 13.3k, False: 17.6k] | Branch (140:26): [True: 8.79k, False: 4.53k] ------------------ 141| 8.79k| if ((err = mp_sqr(&res, &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 8.79k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (141:14): [True: 0, False: 8.79k] ------------------ 142| 8.79k| if ((err = redux(&res, P, &mu)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 8.79k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (142:14): [True: 0, False: 8.79k] ------------------ 143| 8.79k| continue; 144| 8.79k| } 145| | 146| | /* else we add it to the window */ 147| 22.1k| bitbuf |= (y << (winsize - ++bitcpy)); 148| 22.1k| mode = 2; 149| | 150| 22.1k| if (bitcpy == winsize) { ------------------ | Branch (150:11): [True: 4.70k, False: 17.4k] ------------------ 151| | /* ok window is filled so square as required and multiply */ 152| | /* square first */ 153| 26.4k| for (x = 0; x < winsize; x++) { ------------------ | Branch (153:22): [True: 21.7k, False: 4.70k] ------------------ 154| 21.7k| if ((err = mp_sqr(&res, &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 21.7k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (154:17): [True: 0, False: 21.7k] ------------------ 155| 21.7k| if ((err = redux(&res, P, &mu)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 21.7k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (155:17): [True: 0, False: 21.7k] ------------------ 156| 21.7k| } 157| | 158| | /* then multiply */ 159| 4.70k| if ((err = mp_mul(&res, &M[bitbuf], &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 4.70k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (159:14): [True: 0, False: 4.70k] ------------------ 160| 4.70k| if ((err = redux(&res, P, &mu)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 4.70k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (160:14): [True: 0, False: 4.70k] ------------------ 161| | 162| | /* empty window and reset */ 163| 4.70k| bitcpy = 0; 164| 4.70k| bitbuf = 0; 165| 4.70k| mode = 1; 166| 4.70k| } 167| 22.1k| } 168| | 169| | /* if bits remain then square/multiply */ 170| 482| if ((mode == 2) && (bitcpy > 0)) { ------------------ | Branch (170:8): [True: 201, False: 281] | Branch (170:23): [True: 201, False: 0] ------------------ 171| | /* square then multiply if the bit is set */ 172| 621| for (x = 0; x < bitcpy; x++) { ------------------ | Branch (172:19): [True: 420, False: 201] ------------------ 173| 420| if ((err = mp_sqr(&res, &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 420|#define MP_OKAY 0 /* no error */ ------------------ | Branch (173:14): [True: 0, False: 420] ------------------ 174| 420| if ((err = redux(&res, P, &mu)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 420|#define MP_OKAY 0 /* no error */ ------------------ | Branch (174:14): [True: 0, False: 420] ------------------ 175| | 176| 420| bitbuf <<= 1; 177| 420| if ((bitbuf & (1 << winsize)) != 0) { ------------------ | Branch (177:14): [True: 343, False: 77] ------------------ 178| | /* then multiply */ 179| 343| if ((err = mp_mul(&res, &M[1], &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 343|#define MP_OKAY 0 /* no error */ ------------------ | Branch (179:17): [True: 0, False: 343] ------------------ 180| 343| if ((err = redux(&res, P, &mu)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 343|#define MP_OKAY 0 /* no error */ ------------------ | Branch (180:17): [True: 0, False: 343] ------------------ 181| 343| } 182| 420| } 183| 201| } 184| | 185| 482| mp_exch(&res, Y); 186| 482| err = MP_OKAY; ------------------ | | 161| 482|#define MP_OKAY 0 /* no error */ ------------------ 187| 482|LBL_RES: 188| 482| mp_clear(&res); 189| 482|LBL_MU: 190| 482| mp_clear(&mu); 191| 482|LBL_M: 192| 482| mp_clear(&M[1]); 193| 4.38k| for (x = 1<<(winsize-1); x < (1 << winsize); x++) { ------------------ | Branch (193:29): [True: 3.89k, False: 482] ------------------ 194| 3.89k| mp_clear(&M[x]); 195| 3.89k| } 196| 482| return err; 197| 482|} s_mp_exptmod_fast: 23| 2.56k|{ 24| 2.56k| mp_int M[TAB_SIZE], res; 25| 2.56k| mp_digit buf, mp; 26| 2.56k| int bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize; 27| 2.56k| mp_err err; 28| | 29| | /* use a pointer to the reduction algorithm. This allows us to use 30| | * one of many reduction algorithms without modding the guts of 31| | * the code with if statements everywhere. 32| | */ 33| 2.56k| mp_err(*redux)(mp_int *x, const mp_int *n, mp_digit rho); 34| | 35| | /* find window size */ 36| 2.56k| x = mp_count_bits(X); 37| 2.56k| if (x <= 7) { ------------------ | Branch (37:8): [True: 187, False: 2.37k] ------------------ 38| 187| winsize = 2; 39| 2.37k| } else if (x <= 36) { ------------------ | Branch (39:15): [True: 20, False: 2.35k] ------------------ 40| 20| winsize = 3; 41| 2.35k| } else if (x <= 140) { ------------------ | Branch (41:15): [True: 48, False: 2.30k] ------------------ 42| 48| winsize = 4; 43| 2.30k| } else if (x <= 450) { ------------------ | Branch (43:15): [True: 41, False: 2.26k] ------------------ 44| 41| winsize = 5; 45| 2.26k| } else if (x <= 1303) { ------------------ | Branch (45:15): [True: 0, False: 2.26k] ------------------ 46| 0| winsize = 6; 47| 2.26k| } else if (x <= 3529) { ------------------ | Branch (47:15): [True: 2.26k, False: 0] ------------------ 48| 2.26k| winsize = 7; 49| 2.26k| } else { 50| 0| winsize = 8; 51| 0| } 52| | 53| 2.56k| winsize = MAX_WINSIZE ? MP_MIN(MAX_WINSIZE, winsize) : winsize; ------------------ | | 19| 2.56k|# define MAX_WINSIZE 0 | | ------------------ | | | Branch (19:24): [Folded - Ignored] | | ------------------ ------------------ winsize = MAX_WINSIZE ? MP_MIN(MAX_WINSIZE, winsize) : winsize; ------------------ | | 156| 0|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 0, False: 0] | | ------------------ ------------------ 54| | 55| | /* init M array */ 56| | /* init first cell */ 57| 2.56k| if ((err = mp_init_size(&M[1], P->alloc)) != MP_OKAY) { ------------------ | | 161| 2.56k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (57:8): [True: 0, False: 2.56k] ------------------ 58| 0| return err; 59| 0| } 60| | 61| | /* now init the second half of the array */ 62| 149k| for (x = 1<<(winsize-1); x < (1 << winsize); x++) { ------------------ | Branch (62:29): [True: 146k, False: 2.56k] ------------------ 63| 146k| if ((err = mp_init_size(&M[x], P->alloc)) != MP_OKAY) { ------------------ | | 161| 146k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (63:11): [True: 0, False: 146k] ------------------ 64| 0| for (y = 1<<(winsize-1); y < x; y++) { ------------------ | Branch (64:35): [True: 0, False: 0] ------------------ 65| 0| mp_clear(&M[y]); 66| 0| } 67| 0| mp_clear(&M[1]); 68| 0| return err; 69| 0| } 70| 146k| } 71| | 72| | /* determine and setup reduction code */ 73| 2.56k| if (redmode == 0) { ------------------ | Branch (73:8): [True: 2.56k, False: 0] ------------------ 74| 2.56k| if (MP_HAS(MP_MONTGOMERY_SETUP)) { ------------------ | | 150| 2.56k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 2.56k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 2.56k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 75| | /* now setup montgomery */ 76| 2.56k| if ((err = mp_montgomery_setup(P, &mp)) != MP_OKAY) goto LBL_M; ------------------ | | 161| 2.56k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (76:14): [True: 0, False: 2.56k] ------------------ 77| 2.56k| } else { 78| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 79| 0| goto LBL_M; 80| 0| } 81| | 82| | /* automatically pick the comba one if available (saves quite a few calls/ifs) */ 83| 2.56k| if (MP_HAS(S_MP_MONTGOMERY_REDUCE_FAST) && ------------------ | | 150| 5.12k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 2.56k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 2.56k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 84| 2.56k| (((P->used * 2) + 1) < MP_WARRAY) && ------------------ | | 172| 2.56k|#define MP_WARRAY PRIVATE_MP_WARRAY | | ------------------ | | | | 203| 2.56k|#define PRIVATE_MP_WARRAY (int)(1uLL << (((CHAR_BIT * sizeof(private_mp_word)) - (2 * MP_DIGIT_BIT)) + 1)) | | | | ------------------ | | | | | | 82| 2.56k|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (84:11): [True: 2.56k, False: 0] ------------------ 85| 2.56k| (P->used < MP_MAXFAST)) { ------------------ | | 168| 2.56k|#define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 167| 2.56k|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) | | ------------------ | | #define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 82| 2.56k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ | Branch (85:11): [True: 2.56k, False: 0] ------------------ 86| 2.56k| redux = s_mp_montgomery_reduce_fast; 87| 2.56k| } else if (MP_HAS(MP_MONTGOMERY_REDUCE)) { ------------------ | | 150| 0|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 88| | /* use slower baseline Montgomery method */ 89| 0| redux = mp_montgomery_reduce; 90| 0| } else { 91| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 92| 0| goto LBL_M; 93| 0| } 94| 2.56k| } else if (redmode == 1) { ------------------ | Branch (94:15): [True: 0, False: 0] ------------------ 95| 0| if (MP_HAS(MP_DR_SETUP) && MP_HAS(MP_DR_REDUCE)) { ------------------ | | 150| 0|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ if (MP_HAS(MP_DR_SETUP) && MP_HAS(MP_DR_REDUCE)) { ------------------ | | 150| 0|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 96| | /* setup DR reduction for moduli of the form B**k - b */ 97| 0| mp_dr_setup(P, &mp); 98| 0| redux = mp_dr_reduce; 99| 0| } else { 100| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 101| 0| goto LBL_M; 102| 0| } 103| 0| } else if (MP_HAS(MP_REDUCE_2K_SETUP) && MP_HAS(MP_REDUCE_2K)) { ------------------ | | 150| 0|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ } else if (MP_HAS(MP_REDUCE_2K_SETUP) && MP_HAS(MP_REDUCE_2K)) { ------------------ | | 150| 0|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 0|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 0|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 104| | /* setup DR reduction for moduli of the form 2**k - b */ 105| 0| if ((err = mp_reduce_2k_setup(P, &mp)) != MP_OKAY) goto LBL_M; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (105:11): [True: 0, False: 0] ------------------ 106| 0| redux = mp_reduce_2k; 107| 0| } else { 108| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 109| 0| goto LBL_M; 110| 0| } 111| | 112| | /* setup result */ 113| 2.56k| if ((err = mp_init_size(&res, P->alloc)) != MP_OKAY) goto LBL_M; ------------------ | | 161| 2.56k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (113:8): [True: 0, False: 2.56k] ------------------ 114| | 115| | /* create M table 116| | * 117| | 118| | * 119| | * The first half of the table is not computed though accept for M[0] and M[1] 120| | */ 121| | 122| 2.56k| if (redmode == 0) { ------------------ | Branch (122:8): [True: 2.56k, False: 0] ------------------ 123| 2.56k| if (MP_HAS(MP_MONTGOMERY_CALC_NORMALIZATION)) { ------------------ | | 150| 2.56k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 2.56k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 2.56k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 124| | /* now we need R mod m */ 125| 2.56k| if ((err = mp_montgomery_calc_normalization(&res, P)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 2.56k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (125:14): [True: 0, False: 2.56k] ------------------ 126| | 127| | /* now set M[1] to G * R mod m */ 128| 2.56k| if ((err = mp_mulmod(G, &res, P, &M[1])) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 2.56k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (128:14): [True: 0, False: 2.56k] ------------------ 129| 2.56k| } else { 130| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 131| 0| goto LBL_RES; 132| 0| } 133| 2.56k| } else { 134| 0| mp_set(&res, 1uL); 135| 0| if ((err = mp_mod(G, P, &M[1])) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (135:11): [True: 0, False: 0] ------------------ 136| 0| } 137| | 138| | /* compute the value at M[1<<(winsize-1)] by squaring M[1] (winsize-1) times */ 139| 2.56k| if ((err = mp_copy(&M[1], &M[(size_t)1 << (winsize - 1)])) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 2.56k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (139:8): [True: 0, False: 2.56k] ------------------ 140| | 141| 16.7k| for (x = 0; x < (winsize - 1); x++) { ------------------ | Branch (141:16): [True: 14.1k, False: 2.56k] ------------------ 142| 14.1k| if ((err = mp_sqr(&M[(size_t)1 << (winsize - 1)], &M[(size_t)1 << (winsize - 1)])) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 14.1k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (142:11): [True: 0, False: 14.1k] ------------------ 143| 14.1k| if ((err = redux(&M[(size_t)1 << (winsize - 1)], P, mp)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 14.1k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (143:11): [True: 0, False: 14.1k] ------------------ 144| 14.1k| } 145| | 146| | /* create upper table */ 147| 146k| for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) { ------------------ | Branch (147:39): [True: 144k, False: 2.56k] ------------------ 148| 144k| if ((err = mp_mul(&M[x - 1], &M[1], &M[x])) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 144k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (148:11): [True: 0, False: 144k] ------------------ 149| 144k| if ((err = redux(&M[x], P, mp)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 144k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (149:11): [True: 0, False: 144k] ------------------ 150| 144k| } 151| | 152| | /* set initial mode and bit cnt */ 153| 2.56k| mode = 0; 154| 2.56k| bitcnt = 1; 155| 2.56k| buf = 0; 156| 2.56k| digidx = X->used - 1; 157| 2.56k| bitcpy = 0; 158| 2.56k| bitbuf = 0; 159| | 160| 4.77M| for (;;) { 161| | /* grab next digit as required */ 162| 4.77M| if (--bitcnt == 0) { ------------------ | Branch (162:11): [True: 82.0k, False: 4.69M] ------------------ 163| | /* if digidx == -1 we are out of digits so break */ 164| 82.0k| if (digidx == -1) { ------------------ | Branch (164:14): [True: 2.56k, False: 79.5k] ------------------ 165| 2.56k| break; 166| 2.56k| } 167| | /* read next digit and reset bitcnt */ 168| 79.5k| buf = X->dp[digidx--]; 169| 79.5k| bitcnt = (int)MP_DIGIT_BIT; ------------------ | | 82| 79.5k|# define MP_DIGIT_BIT 60 ------------------ 170| 79.5k| } 171| | 172| | /* grab the next msb from the exponent */ 173| 4.77M| y = (mp_digit)(buf >> (MP_DIGIT_BIT - 1)) & 1uL; ------------------ | | 82| 4.77M|# define MP_DIGIT_BIT 60 ------------------ 174| 4.77M| buf <<= (mp_digit)1; 175| | 176| | /* if the bit is zero and mode == 0 then we ignore it 177| | * These represent the leading zero bits before the first 1 bit 178| | * in the exponent. Technically this opt is not required but it 179| | * does lower the # of trivial squaring/reductions used 180| | */ 181| 4.77M| if ((mode == 0) && (y == 0)) { ------------------ | Branch (181:11): [True: 126k, False: 4.64M] | Branch (181:26): [True: 124k, False: 2.38k] ------------------ 182| 124k| continue; 183| 124k| } 184| | 185| | /* if the bit is zero and mode == 1 then we square */ 186| 4.64M| if ((mode == 1) && (y == 0)) { ------------------ | Branch (186:11): [True: 1.15M, False: 3.49M] | Branch (186:26): [True: 574k, False: 580k] ------------------ 187| 574k| if ((err = mp_sqr(&res, &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 574k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (187:14): [True: 0, False: 574k] ------------------ 188| 574k| if ((err = redux(&res, P, mp)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 574k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (188:14): [True: 0, False: 574k] ------------------ 189| 574k| continue; 190| 574k| } 191| | 192| | /* else we add it to the window */ 193| 4.07M| bitbuf |= (y << (winsize - ++bitcpy)); 194| 4.07M| mode = 2; 195| | 196| 4.07M| if (bitcpy == winsize) { ------------------ | Branch (196:11): [True: 581k, False: 3.49M] ------------------ 197| | /* ok window is filled so square as required and multiply */ 198| | /* square first */ 199| 4.64M| for (x = 0; x < winsize; x++) { ------------------ | Branch (199:22): [True: 4.06M, False: 581k] ------------------ 200| 4.06M| if ((err = mp_sqr(&res, &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 4.06M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (200:17): [True: 0, False: 4.06M] ------------------ 201| 4.06M| if ((err = redux(&res, P, mp)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 4.06M|#define MP_OKAY 0 /* no error */ ------------------ | Branch (201:17): [True: 0, False: 4.06M] ------------------ 202| 4.06M| } 203| | 204| | /* then multiply */ 205| 581k| if ((err = mp_mul(&res, &M[bitbuf], &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 581k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (205:14): [True: 0, False: 581k] ------------------ 206| 581k| if ((err = redux(&res, P, mp)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 581k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (206:14): [True: 0, False: 581k] ------------------ 207| | 208| | /* empty window and reset */ 209| 581k| bitcpy = 0; 210| 581k| bitbuf = 0; 211| 581k| mode = 1; 212| 581k| } 213| 4.07M| } 214| | 215| | /* if bits remain then square/multiply */ 216| 2.56k| if ((mode == 2) && (bitcpy > 0)) { ------------------ | Branch (216:8): [True: 1.99k, False: 564] | Branch (216:23): [True: 1.99k, False: 0] ------------------ 217| | /* square then multiply if the bit is set */ 218| 9.82k| for (x = 0; x < bitcpy; x++) { ------------------ | Branch (218:19): [True: 7.83k, False: 1.99k] ------------------ 219| 7.83k| if ((err = mp_sqr(&res, &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 7.83k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (219:14): [True: 0, False: 7.83k] ------------------ 220| 7.83k| if ((err = redux(&res, P, mp)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 7.83k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (220:14): [True: 0, False: 7.83k] ------------------ 221| | 222| | /* get next bit of the window */ 223| 7.83k| bitbuf <<= 1; 224| 7.83k| if ((bitbuf & (1 << winsize)) != 0) { ------------------ | Branch (224:14): [True: 2.94k, False: 4.88k] ------------------ 225| | /* then multiply */ 226| 2.94k| if ((err = mp_mul(&res, &M[1], &res)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 2.94k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (226:17): [True: 0, False: 2.94k] ------------------ 227| 2.94k| if ((err = redux(&res, P, mp)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 2.94k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (227:17): [True: 0, False: 2.94k] ------------------ 228| 2.94k| } 229| 7.83k| } 230| 1.99k| } 231| | 232| 2.56k| if (redmode == 0) { ------------------ | Branch (232:8): [True: 2.56k, False: 0] ------------------ 233| | /* fixup result if Montgomery reduction is used 234| | * recall that any value in a Montgomery system is 235| | * actually multiplied by R mod n. So we have 236| | * to reduce one more time to cancel out the factor 237| | * of R. 238| | */ 239| 2.56k| if ((err = redux(&res, P, mp)) != MP_OKAY) goto LBL_RES; ------------------ | | 161| 2.56k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (239:11): [True: 0, False: 2.56k] ------------------ 240| 2.56k| } 241| | 242| | /* swap res with Y */ 243| 2.56k| mp_exch(&res, Y); 244| 2.56k| err = MP_OKAY; ------------------ | | 161| 2.56k|#define MP_OKAY 0 /* no error */ ------------------ 245| 2.56k|LBL_RES: 246| 2.56k| mp_clear(&res); 247| 2.56k|LBL_M: 248| 2.56k| mp_clear(&M[1]); 249| 149k| for (x = 1<<(winsize-1); x < (1 << winsize); x++) { ------------------ | Branch (249:29): [True: 146k, False: 2.56k] ------------------ 250| 146k| mp_clear(&M[x]); 251| 146k| } 252| 2.56k| return err; 253| 2.56k|} s_mp_invmod_fast: 13| 832|{ 14| 832| mp_int x, y, u, v, B, D; 15| 832| mp_sign neg; 16| 832| mp_err err; 17| | 18| | /* 2. [modified] b must be odd */ 19| 832| if (MP_IS_EVEN(b)) { ------------------ | | 164| 832|#define MP_IS_EVEN(a) (((a)->used == 0) || (((a)->dp[0] & 1u) == 0u)) | | ------------------ | | | Branch (164:24): [True: 0, False: 832] | | | Branch (164:44): [True: 0, False: 832] | | ------------------ ------------------ 20| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 21| 0| } 22| | 23| | /* init all our temps */ 24| 832| if ((err = mp_init_multi(&x, &y, &u, &v, &B, &D, NULL)) != MP_OKAY) { ------------------ | | 161| 832|#define MP_OKAY 0 /* no error */ ------------------ | Branch (24:8): [True: 0, False: 832] ------------------ 25| 0| return err; 26| 0| } 27| | 28| | /* x == modulus, y == value to invert */ 29| 832| if ((err = mp_copy(b, &x)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 832|#define MP_OKAY 0 /* no error */ ------------------ | Branch (29:8): [True: 0, False: 832] ------------------ 30| | 31| | /* we need y = |a| */ 32| 832| if ((err = mp_mod(a, b, &y)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 832|#define MP_OKAY 0 /* no error */ ------------------ | Branch (32:8): [True: 0, False: 832] ------------------ 33| | 34| | /* if one of x,y is zero return an error! */ 35| 832| if (MP_IS_ZERO(&x) || MP_IS_ZERO(&y)) { ------------------ | | 163| 1.66k|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 0, False: 832] | | ------------------ ------------------ if (MP_IS_ZERO(&x) || MP_IS_ZERO(&y)) { ------------------ | | 163| 832|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 0, False: 832] | | ------------------ ------------------ 36| 0| err = MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 37| 0| goto LBL_ERR; 38| 0| } 39| | 40| | /* 3. u=x, v=y, A=1, B=0, C=0,D=1 */ 41| 832| if ((err = mp_copy(&x, &u)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 832|#define MP_OKAY 0 /* no error */ ------------------ | Branch (41:8): [True: 0, False: 832] ------------------ 42| 832| if ((err = mp_copy(&y, &v)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 832|#define MP_OKAY 0 /* no error */ ------------------ | Branch (42:8): [True: 0, False: 832] ------------------ 43| 832| mp_set(&D, 1uL); 44| | 45| 267k|top: 46| | /* 4. while u is even do */ 47| 541k| while (MP_IS_EVEN(&u)) { ------------------ | | 164| 541k|#define MP_IS_EVEN(a) (((a)->used == 0) || (((a)->dp[0] & 1u) == 0u)) | | ------------------ | | | Branch (164:24): [True: 0, False: 541k] | | | Branch (164:44): [True: 273k, False: 267k] | | ------------------ ------------------ 48| | /* 4.1 u = u/2 */ 49| 273k| if ((err = mp_div_2(&u, &u)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 273k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (49:11): [True: 0, False: 273k] ------------------ 50| | 51| | /* 4.2 if B is odd then */ 52| 273k| if (MP_IS_ODD(&B)) { ------------------ | | 165| 273k|#define MP_IS_ODD(a) (((a)->used > 0) && (((a)->dp[0] & 1u) == 1u)) | | ------------------ | | | Branch (165:24): [True: 273k, False: 0] | | | Branch (165:43): [True: 138k, False: 134k] | | ------------------ ------------------ 53| 138k| if ((err = mp_sub(&B, &x, &B)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 138k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (53:14): [True: 0, False: 138k] ------------------ 54| 138k| } 55| | /* B = B/2 */ 56| 273k| if ((err = mp_div_2(&B, &B)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 273k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (56:11): [True: 0, False: 273k] ------------------ 57| 273k| } 58| | 59| | /* 5. while v is even do */ 60| 521k| while (MP_IS_EVEN(&v)) { ------------------ | | 164| 521k|#define MP_IS_EVEN(a) (((a)->used == 0) || (((a)->dp[0] & 1u) == 0u)) | | ------------------ | | | Branch (164:24): [True: 0, False: 521k] | | | Branch (164:44): [True: 254k, False: 267k] | | ------------------ ------------------ 61| | /* 5.1 v = v/2 */ 62| 254k| if ((err = mp_div_2(&v, &v)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 254k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (62:11): [True: 0, False: 254k] ------------------ 63| | 64| | /* 5.2 if D is odd then */ 65| 254k| if (MP_IS_ODD(&D)) { ------------------ | | 165| 254k|#define MP_IS_ODD(a) (((a)->used > 0) && (((a)->dp[0] & 1u) == 1u)) | | ------------------ | | | Branch (165:24): [True: 254k, False: 0] | | | Branch (165:43): [True: 203k, False: 51.1k] | | ------------------ ------------------ 66| | /* D = (D-x)/2 */ 67| 203k| if ((err = mp_sub(&D, &x, &D)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 203k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (67:14): [True: 0, False: 203k] ------------------ 68| 203k| } 69| | /* D = D/2 */ 70| 254k| if ((err = mp_div_2(&D, &D)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 254k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (70:11): [True: 0, False: 254k] ------------------ 71| 254k| } 72| | 73| | /* 6. if u >= v then */ 74| 267k| if (mp_cmp(&u, &v) != MP_LT) { ------------------ | | 154| 267k|#define MP_LT -1 /* less than */ ------------------ | Branch (74:8): [True: 141k, False: 126k] ------------------ 75| | /* u = u - v, B = B - D */ 76| 141k| if ((err = mp_sub(&u, &v, &u)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 141k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (76:11): [True: 0, False: 141k] ------------------ 77| | 78| 141k| if ((err = mp_sub(&B, &D, &B)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 141k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (78:11): [True: 0, False: 141k] ------------------ 79| 141k| } else { 80| | /* v - v - u, D = D - B */ 81| 126k| if ((err = mp_sub(&v, &u, &v)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 126k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (81:11): [True: 0, False: 126k] ------------------ 82| | 83| 126k| if ((err = mp_sub(&D, &B, &D)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 126k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (83:11): [True: 0, False: 126k] ------------------ 84| 126k| } 85| | 86| | /* if not zero goto step 4 */ 87| 267k| if (!MP_IS_ZERO(&u)) { ------------------ | | 163| 267k|#define MP_IS_ZERO(a) ((a)->used == 0) ------------------ | Branch (87:8): [True: 266k, False: 832] ------------------ 88| 266k| goto top; 89| 266k| } 90| | 91| | /* now a = C, b = D, gcd == g*v */ 92| | 93| | /* if v != 1 then there is no inverse */ 94| 832| if (mp_cmp_d(&v, 1uL) != MP_EQ) { ------------------ | | 155| 832|#define MP_EQ 0 /* equal to */ ------------------ | Branch (94:8): [True: 2, False: 830] ------------------ 95| 2| err = MP_VAL; ------------------ | | 164| 2|#define MP_VAL -3 /* invalid input */ ------------------ 96| 2| goto LBL_ERR; 97| 2| } 98| | 99| | /* b is now the inverse */ 100| 830| neg = a->sign; 101| 1.50k| while (D.sign == MP_NEG) { ------------------ | | 152| 1.50k|#define MP_NEG 1 /* negative */ ------------------ | Branch (101:11): [True: 673, False: 830] ------------------ 102| 673| if ((err = mp_add(&D, b, &D)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 673|#define MP_OKAY 0 /* no error */ ------------------ | Branch (102:11): [True: 0, False: 673] ------------------ 103| 673| } 104| | 105| | /* too big */ 106| 834| while (mp_cmp_mag(&D, b) != MP_LT) { ------------------ | | 154| 834|#define MP_LT -1 /* less than */ ------------------ | Branch (106:11): [True: 4, False: 830] ------------------ 107| 4| if ((err = mp_sub(&D, b, &D)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 4|#define MP_OKAY 0 /* no error */ ------------------ | Branch (107:11): [True: 0, False: 4] ------------------ 108| 4| } 109| | 110| 830| mp_exch(&D, c); 111| 830| c->sign = neg; 112| 830| err = MP_OKAY; ------------------ | | 161| 830|#define MP_OKAY 0 /* no error */ ------------------ 113| | 114| 832|LBL_ERR: 115| 832| mp_clear_multi(&x, &y, &u, &v, &B, &D, NULL); 116| 832| return err; 117| 830|} s_mp_invmod_slow: 8| 80|{ 9| 80| mp_int x, y, u, v, A, B, C, D; 10| 80| mp_err err; 11| | 12| | /* b cannot be negative */ 13| 80| if ((b->sign == MP_NEG) || MP_IS_ZERO(b)) { ------------------ | | 152| 80|#define MP_NEG 1 /* negative */ ------------------ if ((b->sign == MP_NEG) || MP_IS_ZERO(b)) { ------------------ | | 163| 80|#define MP_IS_ZERO(a) ((a)->used == 0) | | ------------------ | | | Branch (163:23): [True: 0, False: 80] | | ------------------ ------------------ | Branch (13:8): [True: 0, False: 80] ------------------ 14| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 15| 0| } 16| | 17| | /* init temps */ 18| 80| if ((err = mp_init_multi(&x, &y, &u, &v, ------------------ | Branch (18:8): [True: 0, False: 80] ------------------ 19| 80| &A, &B, &C, &D, NULL)) != MP_OKAY) { ------------------ | | 161| 80|#define MP_OKAY 0 /* no error */ ------------------ 20| 0| return err; 21| 0| } 22| | 23| | /* x = a, y = b */ 24| 80| if ((err = mp_mod(a, b, &x)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 80|#define MP_OKAY 0 /* no error */ ------------------ | Branch (24:8): [True: 0, False: 80] ------------------ 25| 80| if ((err = mp_copy(b, &y)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 80|#define MP_OKAY 0 /* no error */ ------------------ | Branch (25:8): [True: 0, False: 80] ------------------ 26| | 27| | /* 2. [modified] if x,y are both even then return an error! */ 28| 80| if (MP_IS_EVEN(&x) && MP_IS_EVEN(&y)) { ------------------ | | 164| 160|#define MP_IS_EVEN(a) (((a)->used == 0) || (((a)->dp[0] & 1u) == 0u)) | | ------------------ | | | Branch (164:24): [True: 0, False: 80] | | | Branch (164:44): [True: 1, False: 79] | | ------------------ ------------------ if (MP_IS_EVEN(&x) && MP_IS_EVEN(&y)) { ------------------ | | 164| 1|#define MP_IS_EVEN(a) (((a)->used == 0) || (((a)->dp[0] & 1u) == 0u)) | | ------------------ | | | Branch (164:24): [True: 0, False: 1] | | | Branch (164:44): [True: 1, False: 0] | | ------------------ ------------------ 29| 1| err = MP_VAL; ------------------ | | 164| 1|#define MP_VAL -3 /* invalid input */ ------------------ 30| 1| goto LBL_ERR; 31| 1| } 32| | 33| | /* 3. u=x, v=y, A=1, B=0, C=0,D=1 */ 34| 79| if ((err = mp_copy(&x, &u)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 79|#define MP_OKAY 0 /* no error */ ------------------ | Branch (34:8): [True: 0, False: 79] ------------------ 35| 79| if ((err = mp_copy(&y, &v)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 79|#define MP_OKAY 0 /* no error */ ------------------ | Branch (35:8): [True: 0, False: 79] ------------------ 36| 79| mp_set(&A, 1uL); 37| 79| mp_set(&D, 1uL); 38| | 39| 7.20k|top: 40| | /* 4. while u is even do */ 41| 12.6k| while (MP_IS_EVEN(&u)) { ------------------ | | 164| 12.6k|#define MP_IS_EVEN(a) (((a)->used == 0) || (((a)->dp[0] & 1u) == 0u)) | | ------------------ | | | Branch (164:24): [True: 0, False: 12.6k] | | | Branch (164:44): [True: 5.47k, False: 7.20k] | | ------------------ ------------------ 42| | /* 4.1 u = u/2 */ 43| 5.47k| if ((err = mp_div_2(&u, &u)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 5.47k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (43:11): [True: 0, False: 5.47k] ------------------ 44| | 45| | /* 4.2 if A or B is odd then */ 46| 5.47k| if (MP_IS_ODD(&A) || MP_IS_ODD(&B)) { ------------------ | | 165| 10.9k|#define MP_IS_ODD(a) (((a)->used > 0) && (((a)->dp[0] & 1u) == 1u)) | | ------------------ | | | Branch (165:24): [True: 5.47k, False: 0] | | | Branch (165:43): [True: 0, False: 5.47k] | | ------------------ ------------------ if (MP_IS_ODD(&A) || MP_IS_ODD(&B)) { ------------------ | | 165| 5.47k|#define MP_IS_ODD(a) (((a)->used > 0) && (((a)->dp[0] & 1u) == 1u)) | | ------------------ | | | Branch (165:24): [True: 5.47k, False: 0] | | | Branch (165:43): [True: 2.68k, False: 2.78k] | | ------------------ ------------------ 47| | /* A = (A+y)/2, B = (B-x)/2 */ 48| 2.68k| if ((err = mp_add(&A, &y, &A)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 2.68k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (48:14): [True: 0, False: 2.68k] ------------------ 49| 2.68k| if ((err = mp_sub(&B, &x, &B)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 2.68k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (49:14): [True: 0, False: 2.68k] ------------------ 50| 2.68k| } 51| | /* A = A/2, B = B/2 */ 52| 5.47k| if ((err = mp_div_2(&A, &A)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 5.47k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (52:11): [True: 0, False: 5.47k] ------------------ 53| 5.47k| if ((err = mp_div_2(&B, &B)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 5.47k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (53:11): [True: 0, False: 5.47k] ------------------ 54| 5.47k| } 55| | 56| | /* 5. while v is even do */ 57| 17.5k| while (MP_IS_EVEN(&v)) { ------------------ | | 164| 17.5k|#define MP_IS_EVEN(a) (((a)->used == 0) || (((a)->dp[0] & 1u) == 0u)) | | ------------------ | | | Branch (164:24): [True: 0, False: 17.5k] | | | Branch (164:44): [True: 10.3k, False: 7.20k] | | ------------------ ------------------ 58| | /* 5.1 v = v/2 */ 59| 10.3k| if ((err = mp_div_2(&v, &v)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 10.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (59:11): [True: 0, False: 10.3k] ------------------ 60| | 61| | /* 5.2 if C or D is odd then */ 62| 10.3k| if (MP_IS_ODD(&C) || MP_IS_ODD(&D)) { ------------------ | | 165| 20.6k|#define MP_IS_ODD(a) (((a)->used > 0) && (((a)->dp[0] & 1u) == 1u)) | | ------------------ | | | Branch (165:24): [True: 10.2k, False: 79] | | | Branch (165:43): [True: 0, False: 10.2k] | | ------------------ ------------------ if (MP_IS_ODD(&C) || MP_IS_ODD(&D)) { ------------------ | | 165| 10.3k|#define MP_IS_ODD(a) (((a)->used > 0) && (((a)->dp[0] & 1u) == 1u)) | | ------------------ | | | Branch (165:24): [True: 10.1k, False: 158] | | | Branch (165:43): [True: 6.68k, False: 3.48k] | | ------------------ ------------------ 63| | /* C = (C+y)/2, D = (D-x)/2 */ 64| 6.68k| if ((err = mp_add(&C, &y, &C)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 6.68k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (64:14): [True: 0, False: 6.68k] ------------------ 65| 6.68k| if ((err = mp_sub(&D, &x, &D)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 6.68k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (65:14): [True: 0, False: 6.68k] ------------------ 66| 6.68k| } 67| | /* C = C/2, D = D/2 */ 68| 10.3k| if ((err = mp_div_2(&C, &C)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 10.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (68:11): [True: 0, False: 10.3k] ------------------ 69| 10.3k| if ((err = mp_div_2(&D, &D)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 10.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (69:11): [True: 0, False: 10.3k] ------------------ 70| 10.3k| } 71| | 72| | /* 6. if u >= v then */ 73| 7.20k| if (mp_cmp(&u, &v) != MP_LT) { ------------------ | | 154| 7.20k|#define MP_LT -1 /* less than */ ------------------ | Branch (73:8): [True: 2.82k, False: 4.37k] ------------------ 74| | /* u = u - v, A = A - C, B = B - D */ 75| 2.82k| if ((err = mp_sub(&u, &v, &u)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 2.82k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (75:11): [True: 0, False: 2.82k] ------------------ 76| | 77| 2.82k| if ((err = mp_sub(&A, &C, &A)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 2.82k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (77:11): [True: 0, False: 2.82k] ------------------ 78| | 79| 2.82k| if ((err = mp_sub(&B, &D, &B)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 2.82k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (79:11): [True: 0, False: 2.82k] ------------------ 80| 4.37k| } else { 81| | /* v - v - u, C = C - A, D = D - B */ 82| 4.37k| if ((err = mp_sub(&v, &u, &v)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 4.37k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (82:11): [True: 0, False: 4.37k] ------------------ 83| | 84| 4.37k| if ((err = mp_sub(&C, &A, &C)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 4.37k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (84:11): [True: 0, False: 4.37k] ------------------ 85| | 86| 4.37k| if ((err = mp_sub(&D, &B, &D)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 4.37k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (86:11): [True: 0, False: 4.37k] ------------------ 87| 4.37k| } 88| | 89| | /* if not zero goto step 4 */ 90| 7.20k| if (!MP_IS_ZERO(&u)) { ------------------ | | 163| 7.20k|#define MP_IS_ZERO(a) ((a)->used == 0) ------------------ | Branch (90:8): [True: 7.12k, False: 79] ------------------ 91| 7.12k| goto top; 92| 7.12k| } 93| | 94| | /* now a = C, b = D, gcd == g*v */ 95| | 96| | /* if v != 1 then there is no inverse */ 97| 79| if (mp_cmp_d(&v, 1uL) != MP_EQ) { ------------------ | | 155| 79|#define MP_EQ 0 /* equal to */ ------------------ | Branch (97:8): [True: 14, False: 65] ------------------ 98| 14| err = MP_VAL; ------------------ | | 164| 14|#define MP_VAL -3 /* invalid input */ ------------------ 99| 14| goto LBL_ERR; 100| 14| } 101| | 102| | /* if its too low */ 103| 71| while (mp_cmp_d(&C, 0uL) == MP_LT) { ------------------ | | 154| 71|#define MP_LT -1 /* less than */ ------------------ | Branch (103:11): [True: 6, False: 65] ------------------ 104| 6| if ((err = mp_add(&C, b, &C)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 6|#define MP_OKAY 0 /* no error */ ------------------ | Branch (104:11): [True: 0, False: 6] ------------------ 105| 6| } 106| | 107| | /* too big */ 108| 66| while (mp_cmp_mag(&C, b) != MP_LT) { ------------------ | | 154| 66|#define MP_LT -1 /* less than */ ------------------ | Branch (108:11): [True: 1, False: 65] ------------------ 109| 1| if ((err = mp_sub(&C, b, &C)) != MP_OKAY) goto LBL_ERR; ------------------ | | 161| 1|#define MP_OKAY 0 /* no error */ ------------------ | Branch (109:11): [True: 0, False: 1] ------------------ 110| 1| } 111| | 112| | /* C is now the inverse */ 113| 65| mp_exch(&C, c); 114| 65| err = MP_OKAY; ------------------ | | 161| 65|#define MP_OKAY 0 /* no error */ ------------------ 115| 80|LBL_ERR: 116| 80| mp_clear_multi(&x, &y, &u, &v, &A, &B, &C, &D, NULL); 117| 80| return err; 118| 65|} s_mp_montgomery_reduce_fast: 15| 14.0M|{ 16| 14.0M| int ix, olduse; 17| 14.0M| mp_err err; 18| 14.0M| mp_word W[MP_WARRAY]; 19| | 20| 14.0M| if (x->used > MP_WARRAY) { ------------------ | | 172| 14.0M|#define MP_WARRAY PRIVATE_MP_WARRAY | | ------------------ | | | | 203| 14.0M|#define PRIVATE_MP_WARRAY (int)(1uLL << (((CHAR_BIT * sizeof(private_mp_word)) - (2 * MP_DIGIT_BIT)) + 1)) | | | | ------------------ | | | | | | 82| 14.0M|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (20:8): [True: 0, False: 14.0M] ------------------ 21| 0| return MP_VAL; ------------------ | | 164| 0|#define MP_VAL -3 /* invalid input */ ------------------ 22| 0| } 23| | 24| | /* get old used count */ 25| 14.0M| olduse = x->used; 26| | 27| | /* grow a as required */ 28| 14.0M| if (x->alloc < (n->used + 1)) { ------------------ | Branch (28:8): [True: 0, False: 14.0M] ------------------ 29| 0| if ((err = mp_grow(x, n->used + 1)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (29:11): [True: 0, False: 0] ------------------ 30| 0| return err; 31| 0| } 32| 0| } 33| | 34| | /* first we have to get the digits of the input into 35| | * an array of double precision words W[...] 36| | */ 37| 14.0M| { 38| 14.0M| mp_word *_W; 39| 14.0M| mp_digit *tmpx; 40| | 41| | /* alias for the W[] array */ 42| 14.0M| _W = W; 43| | 44| | /* alias for the digits of x*/ 45| 14.0M| tmpx = x->dp; 46| | 47| | /* copy the digits of a into W[0..a->used-1] */ 48| 528M| for (ix = 0; ix < x->used; ix++) { ------------------ | Branch (48:20): [True: 514M, False: 14.0M] ------------------ 49| 514M| *_W++ = *tmpx++; 50| 514M| } 51| | 52| | /* zero the high words of W[a->used..m->used*2] */ 53| 14.0M| if (ix < ((n->used * 2) + 1)) { ------------------ | Branch (53:11): [True: 14.0M, False: 0] ------------------ 54| 14.0M| MP_ZERO_BUFFER(_W, sizeof(mp_word) * (size_t)(((n->used * 2) + 1) - ix)); ------------------ | | 81| 14.0M|# define MP_ZERO_BUFFER(mem, size) \ | | 82| 14.0M|do { \ | | 83| 14.0M| size_t zs_ = (size); \ | | 84| 14.0M| char* zm_ = (char*)(mem); \ | | 85| 370M| while (zs_-- > 0u) { \ | | ------------------ | | | Branch (85:11): [True: 356M, False: 14.0M] | | ------------------ | | 86| 356M| *zm_++ = '\0'; \ | | 87| 356M| } \ | | 88| 14.0M|} while (0) | | ------------------ | | | Branch (88:10): [Folded - Ignored] | | ------------------ ------------------ 55| 14.0M| } 56| 14.0M| } 57| | 58| | /* now we proceed to zero successive digits 59| | * from the least significant upwards 60| | */ 61| 275M| for (ix = 0; ix < n->used; ix++) { ------------------ | Branch (61:17): [True: 261M, False: 14.0M] ------------------ 62| | /* mu = ai * m' mod b 63| | * 64| | * We avoid a double precision multiplication (which isn't required) 65| | * by casting the value down to a mp_digit. Note this requires 66| | * that W[ix-1] have the carry cleared (see after the inner loop) 67| | */ 68| 261M| mp_digit mu; 69| 261M| mu = ((W[ix] & MP_MASK) * rho) & MP_MASK; ------------------ | | 106| 261M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 261M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ mu = ((W[ix] & MP_MASK) * rho) & MP_MASK; ------------------ | | 106| 261M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 261M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 70| | 71| | /* a = a + mu * m * b**i 72| | * 73| | * This is computed in place and on the fly. The multiplication 74| | * by b**i is handled by offseting which columns the results 75| | * are added to. 76| | * 77| | * Note the comba method normally doesn't handle carries in the 78| | * inner loop In this case we fix the carry from the previous 79| | * column since the Montgomery reduction requires digits of the 80| | * result (so far) [see above] to work. This is 81| | * handled by fixing up one carry after the inner loop. The 82| | * carry fixups are done in order so after these loops the 83| | * first m->used words of W[] have the carries fixed 84| | */ 85| 261M| { 86| 261M| int iy; 87| 261M| mp_digit *tmpn; 88| 261M| mp_word *_W; 89| | 90| | /* alias for the digits of the modulus */ 91| 261M| tmpn = n->dp; 92| | 93| | /* Alias for the columns set by an offset of ix */ 94| 261M| _W = W + ix; 95| | 96| | /* inner loop */ 97| 7.48G| for (iy = 0; iy < n->used; iy++) { ------------------ | Branch (97:23): [True: 7.22G, False: 261M] ------------------ 98| 7.22G| *_W++ += (mp_word)mu * (mp_word)*tmpn++; 99| 7.22G| } 100| 261M| } 101| | 102| | /* now fix carry for next digit, W[ix+1] */ 103| 261M| W[ix + 1] += W[ix] >> (mp_word)MP_DIGIT_BIT; ------------------ | | 82| 261M|# define MP_DIGIT_BIT 60 ------------------ 104| 261M| } 105| | 106| | /* now we have to propagate the carries and 107| | * shift the words downward [all those least 108| | * significant digits we zeroed]. 109| | */ 110| 14.0M| { 111| 14.0M| mp_digit *tmpx; 112| 14.0M| mp_word *_W, *_W1; 113| | 114| | /* nox fix rest of carries */ 115| | 116| | /* alias for current word */ 117| 14.0M| _W1 = W + ix; 118| | 119| | /* alias for next word, where the carry goes */ 120| 14.0M| _W = W + ++ix; 121| | 122| 275M| for (; ix < ((n->used * 2) + 1); ix++) { ------------------ | Branch (122:14): [True: 261M, False: 14.0M] ------------------ 123| 261M| *_W++ += *_W1++ >> (mp_word)MP_DIGIT_BIT; ------------------ | | 82| 261M|# define MP_DIGIT_BIT 60 ------------------ 124| 261M| } 125| | 126| | /* copy out, A = A/b**n 127| | * 128| | * The result is A/b**n but instead of converting from an 129| | * array of mp_word to mp_digit than calling mp_rshd 130| | * we just copy them in the right order 131| | */ 132| | 133| | /* alias for destination word */ 134| 14.0M| tmpx = x->dp; 135| | 136| | /* alias for shifted double precision result */ 137| 14.0M| _W = W + n->used; 138| | 139| 289M| for (ix = 0; ix < (n->used + 1); ix++) { ------------------ | Branch (139:20): [True: 275M, False: 14.0M] ------------------ 140| 275M| *tmpx++ = *_W++ & (mp_word)MP_MASK; ------------------ | | 106| 275M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 275M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 141| 275M| } 142| | 143| | /* zero oldused digits, if the input a was larger than 144| | * m->used+1 we'll have to clear the digits 145| | */ 146| 14.0M| MP_ZERO_DIGITS(tmpx, olduse - ix); ------------------ | | 89| 14.0M|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 14.0M|do { \ | | 91| 14.0M| int zd_ = (digits); \ | | 92| 14.0M| mp_digit* zm_ = (mem); \ | | 93| 253M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 239M, False: 14.0M] | | ------------------ | | 94| 239M| *zm_++ = 0; \ | | 95| 239M| } \ | | 96| 14.0M|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 147| 14.0M| } 148| | 149| | /* set the max used and clamp */ 150| 14.0M| x->used = n->used + 1; 151| 14.0M| mp_clamp(x); 152| | 153| | /* if A >= m then A = A - m */ 154| 14.0M| if (mp_cmp_mag(x, n) != MP_LT) { ------------------ | | 154| 14.0M|#define MP_LT -1 /* less than */ ------------------ | Branch (154:8): [True: 155, False: 14.0M] ------------------ 155| 155| return s_mp_sub(x, n, x); 156| 155| } 157| 14.0M| return MP_OKAY; ------------------ | | 161| 14.0M|#define MP_OKAY 0 /* no error */ ------------------ 158| 14.0M|} s_mp_mul_digs: 11| 26.3k|{ 12| 26.3k| mp_int t; 13| 26.3k| mp_err err; 14| 26.3k| int pa, pb, ix, iy; 15| 26.3k| mp_digit u; 16| 26.3k| mp_word r; 17| 26.3k| mp_digit tmpx, *tmpt, *tmpy; 18| | 19| | /* can we use the fast multiplier? */ 20| 26.3k| if ((digs < MP_WARRAY) && ------------------ | | 172| 26.3k|#define MP_WARRAY PRIVATE_MP_WARRAY | | ------------------ | | | | 203| 26.3k|#define PRIVATE_MP_WARRAY (int)(1uLL << (((CHAR_BIT * sizeof(private_mp_word)) - (2 * MP_DIGIT_BIT)) + 1)) | | | | ------------------ | | | | | | 82| 26.3k|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (20:8): [True: 26.3k, False: 0] ------------------ 21| 26.3k| (MP_MIN(a->used, b->used) < MP_MAXFAST)) { ------------------ | | 156| 26.3k|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 17.1k, False: 9.12k] | | ------------------ ------------------ (MP_MIN(a->used, b->used) < MP_MAXFAST)) { ------------------ | | 168| 26.3k|#define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 167| 26.3k|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) | | ------------------ | | #define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 82| 26.3k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ | Branch (21:8): [True: 26.3k, False: 0] ------------------ 22| 26.3k| return s_mp_mul_digs_fast(a, b, c, digs); 23| 26.3k| } 24| | 25| 0| if ((err = mp_init_size(&t, digs)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (25:8): [True: 0, False: 0] ------------------ 26| 0| return err; 27| 0| } 28| 0| t.used = digs; 29| | 30| | /* compute the digits of the product directly */ 31| 0| pa = a->used; 32| 0| for (ix = 0; ix < pa; ix++) { ------------------ | Branch (32:17): [True: 0, False: 0] ------------------ 33| | /* set the carry to zero */ 34| 0| u = 0; 35| | 36| | /* limit ourselves to making digs digits of output */ 37| 0| pb = MP_MIN(b->used, digs - ix); ------------------ | | 156| 0|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 0, False: 0] | | ------------------ ------------------ 38| | 39| | /* setup some aliases */ 40| | /* copy of the digit from a used within the nested loop */ 41| 0| tmpx = a->dp[ix]; 42| | 43| | /* an alias for the destination shifted ix places */ 44| 0| tmpt = t.dp + ix; 45| | 46| | /* an alias for the digits of b */ 47| 0| tmpy = b->dp; 48| | 49| | /* compute the columns of the output and propagate the carry */ 50| 0| for (iy = 0; iy < pb; iy++) { ------------------ | Branch (50:20): [True: 0, False: 0] ------------------ 51| | /* compute the column as a mp_word */ 52| 0| r = (mp_word)*tmpt + 53| 0| ((mp_word)tmpx * (mp_word)*tmpy++) + 54| 0| (mp_word)u; 55| | 56| | /* the new column is the lower part of the result */ 57| 0| *tmpt++ = (mp_digit)(r & (mp_word)MP_MASK); ------------------ | | 106| 0|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 0|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 58| | 59| | /* get the carry word from the result */ 60| 0| u = (mp_digit)(r >> (mp_word)MP_DIGIT_BIT); ------------------ | | 82| 0|# define MP_DIGIT_BIT 60 ------------------ 61| 0| } 62| | /* set carry if it is placed below digs */ 63| 0| if ((ix + iy) < digs) { ------------------ | Branch (63:11): [True: 0, False: 0] ------------------ 64| 0| *tmpt = u; 65| 0| } 66| 0| } 67| | 68| 0| mp_clamp(&t); 69| 0| mp_exch(&t, c); 70| | 71| 0| mp_clear(&t); 72| 0| return MP_OKAY; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ 73| 0|} s_mp_mul_digs_fast: 23| 13.0M|{ 24| 13.0M| int olduse, pa, ix, iz; 25| 13.0M| mp_err err; 26| 13.0M| mp_digit W[MP_WARRAY]; 27| 13.0M| mp_word _W; 28| | 29| | /* grow the destination as required */ 30| 13.0M| if (c->alloc < digs) { ------------------ | Branch (30:8): [True: 160k, False: 12.9M] ------------------ 31| 160k| if ((err = mp_grow(c, digs)) != MP_OKAY) { ------------------ | | 161| 160k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (31:11): [True: 0, False: 160k] ------------------ 32| 0| return err; 33| 0| } 34| 160k| } 35| | 36| | /* number of output digits to produce */ 37| 13.0M| pa = MP_MIN(digs, a->used + b->used); ------------------ | | 156| 13.0M|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 13.6k, False: 13.0M] | | ------------------ ------------------ 38| | 39| | /* clear the carry */ 40| 13.0M| _W = 0; 41| 338M| for (ix = 0; ix < pa; ix++) { ------------------ | Branch (41:17): [True: 325M, False: 13.0M] ------------------ 42| 325M| int tx, ty; 43| 325M| int iy; 44| 325M| mp_digit *tmpx, *tmpy; 45| | 46| | /* get offsets into the two bignums */ 47| 325M| ty = MP_MIN(b->used-1, ix); ------------------ | | 156| 325M|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 132M, False: 192M] | | ------------------ ------------------ 48| 325M| tx = ix - ty; 49| | 50| | /* setup temp aliases */ 51| 325M| tmpx = a->dp + tx; 52| 325M| tmpy = b->dp + ty; 53| | 54| | /* this is the number of times the loop will iterrate, essentially 55| | while (tx++ < a->used && ty-- >= 0) { ... } 56| | */ 57| 325M| iy = MP_MIN(a->used-tx, ty+1); ------------------ | | 156| 325M|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 192M, False: 132M] | | ------------------ ------------------ 58| | 59| | /* execute loop */ 60| 2.68G| for (iz = 0; iz < iy; ++iz) { ------------------ | Branch (60:20): [True: 2.36G, False: 325M] ------------------ 61| 2.36G| _W += (mp_word)*tmpx++ * (mp_word)*tmpy--; 62| | 63| 2.36G| } 64| | 65| | /* store term */ 66| 325M| W[ix] = (mp_digit)_W & MP_MASK; ------------------ | | 106| 325M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 325M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 67| | 68| | /* make next carry */ 69| 325M| _W = _W >> (mp_word)MP_DIGIT_BIT; ------------------ | | 82| 325M|# define MP_DIGIT_BIT 60 ------------------ 70| 325M| } 71| | 72| | /* setup dest */ 73| 13.0M| olduse = c->used; 74| 13.0M| c->used = pa; 75| | 76| 13.0M| { 77| 13.0M| mp_digit *tmpc; 78| 13.0M| tmpc = c->dp; 79| 338M| for (ix = 0; ix < pa; ix++) { ------------------ | Branch (79:20): [True: 325M, False: 13.0M] ------------------ 80| | /* now extract the previous digit [below the carry] */ 81| 325M| *tmpc++ = W[ix]; 82| 325M| } 83| | 84| | /* clear unused digits [that existed in the old copy of c] */ 85| 13.0M| MP_ZERO_DIGITS(tmpc, olduse - ix); ------------------ | | 89| 13.0M|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 13.0M|do { \ | | 91| 13.0M| int zd_ = (digits); \ | | 92| 13.0M| mp_digit* zm_ = (mem); \ | | 93| 13.0M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 0, False: 13.0M] | | ------------------ | | 94| 0| *zm_++ = 0; \ | | 95| 0| } \ | | 96| 13.0M|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 86| 13.0M| } 87| 13.0M| mp_clamp(c); 88| 13.0M| return MP_OKAY; ------------------ | | 161| 13.0M|#define MP_OKAY 0 /* no error */ ------------------ 89| 13.0M|} s_mp_mul_high_digs: 10| 26.3k|{ 11| 26.3k| mp_int t; 12| 26.3k| int pa, pb, ix, iy; 13| 26.3k| mp_err err; 14| 26.3k| mp_digit u; 15| 26.3k| mp_word r; 16| 26.3k| mp_digit tmpx, *tmpt, *tmpy; 17| | 18| | /* can we use the fast multiplier? */ 19| 26.3k| if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST) ------------------ | | 150| 52.6k|#define MP_HAS(x) (sizeof(MP_STRINGIZE(BN_##x##_C)) == 1u) | | ------------------ | | | | 148| 26.3k|#define MP_STRINGIZE(x) MP__STRINGIZE(x) | | | | ------------------ | | | | | | 149| 26.3k|#define MP__STRINGIZE(x) ""#x"" | | | | ------------------ | | ------------------ | | | Branch (150:26): [Folded - Ignored] | | ------------------ ------------------ 20| 26.3k| && ((a->used + b->used + 1) < MP_WARRAY) ------------------ | | 172| 26.3k|#define MP_WARRAY PRIVATE_MP_WARRAY | | ------------------ | | | | 203| 26.3k|#define PRIVATE_MP_WARRAY (int)(1uLL << (((CHAR_BIT * sizeof(private_mp_word)) - (2 * MP_DIGIT_BIT)) + 1)) | | | | ------------------ | | | | | | 82| 26.3k|# define MP_DIGIT_BIT 60 | | | | ------------------ | | ------------------ ------------------ | Branch (20:11): [True: 26.3k, False: 0] ------------------ 21| 26.3k| && (MP_MIN(a->used, b->used) < MP_MAXFAST)) { ------------------ | | 156| 26.3k|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 25.6k, False: 640] | | ------------------ ------------------ && (MP_MIN(a->used, b->used) < MP_MAXFAST)) { ------------------ | | 168| 26.3k|#define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 167| 26.3k|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) | | ------------------ | | #define MP_MAXFAST (int)(1uL << (MP_SIZEOF_BITS(mp_word) - (2u * (size_t)MP_DIGIT_BIT))) | | ------------------ | | | | 82| 26.3k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ | Branch (21:11): [True: 26.3k, False: 0] ------------------ 22| 26.3k| return s_mp_mul_high_digs_fast(a, b, c, digs); 23| 26.3k| } 24| | 25| 0| if ((err = mp_init_size(&t, a->used + b->used + 1)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (25:8): [True: 0, False: 0] ------------------ 26| 0| return err; 27| 0| } 28| 0| t.used = a->used + b->used + 1; 29| | 30| 0| pa = a->used; 31| 0| pb = b->used; 32| 0| for (ix = 0; ix < pa; ix++) { ------------------ | Branch (32:17): [True: 0, False: 0] ------------------ 33| | /* clear the carry */ 34| 0| u = 0; 35| | 36| | /* left hand side of A[ix] * B[iy] */ 37| 0| tmpx = a->dp[ix]; 38| | 39| | /* alias to the address of where the digits will be stored */ 40| 0| tmpt = &(t.dp[digs]); 41| | 42| | /* alias for where to read the right hand side from */ 43| 0| tmpy = b->dp + (digs - ix); 44| | 45| 0| for (iy = digs - ix; iy < pb; iy++) { ------------------ | Branch (45:28): [True: 0, False: 0] ------------------ 46| | /* calculate the double precision result */ 47| 0| r = (mp_word)*tmpt + 48| 0| ((mp_word)tmpx * (mp_word)*tmpy++) + 49| 0| (mp_word)u; 50| | 51| | /* get the lower part */ 52| 0| *tmpt++ = (mp_digit)(r & (mp_word)MP_MASK); ------------------ | | 106| 0|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 0|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 53| | 54| | /* carry the carry */ 55| 0| u = (mp_digit)(r >> (mp_word)MP_DIGIT_BIT); ------------------ | | 82| 0|# define MP_DIGIT_BIT 60 ------------------ 56| 0| } 57| 0| *tmpt = u; 58| 0| } 59| 0| mp_clamp(&t); 60| 0| mp_exch(&t, c); 61| 0| mp_clear(&t); 62| 0| return MP_OKAY; ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ 63| 0|} s_mp_mul_high_digs_fast: 16| 26.3k|{ 17| 26.3k| int olduse, pa, ix, iz; 18| 26.3k| mp_err err; 19| 26.3k| mp_digit W[MP_WARRAY]; 20| 26.3k| mp_word _W; 21| | 22| | /* grow the destination as required */ 23| 26.3k| pa = a->used + b->used; 24| 26.3k| if (c->alloc < pa) { ------------------ | Branch (24:8): [True: 26.3k, False: 0] ------------------ 25| 26.3k| if ((err = mp_grow(c, pa)) != MP_OKAY) { ------------------ | | 161| 26.3k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (25:11): [True: 0, False: 26.3k] ------------------ 26| 0| return err; 27| 0| } 28| 26.3k| } 29| | 30| | /* number of output digits to produce */ 31| 26.3k| pa = a->used + b->used; 32| 26.3k| _W = 0; 33| 294k| for (ix = digs; ix < pa; ix++) { ------------------ | Branch (33:20): [True: 268k, False: 26.3k] ------------------ 34| 268k| int tx, ty, iy; 35| 268k| mp_digit *tmpx, *tmpy; 36| | 37| | /* get offsets into the two bignums */ 38| 268k| ty = MP_MIN(b->used-1, ix); ------------------ | | 156| 268k|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 242k, False: 26.3k] | | ------------------ ------------------ 39| 268k| tx = ix - ty; 40| | 41| | /* setup temp aliases */ 42| 268k| tmpx = a->dp + tx; 43| 268k| tmpy = b->dp + ty; 44| | 45| | /* this is the number of times the loop will iterrate, essentially its 46| | while (tx++ < a->used && ty-- >= 0) { ... } 47| | */ 48| 268k| iy = MP_MIN(a->used-tx, ty+1); ------------------ | | 156| 268k|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 268k, False: 640] | | ------------------ ------------------ 49| | 50| | /* execute loop */ 51| 2.59M| for (iz = 0; iz < iy; iz++) { ------------------ | Branch (51:20): [True: 2.32M, False: 268k] ------------------ 52| 2.32M| _W += (mp_word)*tmpx++ * (mp_word)*tmpy--; 53| 2.32M| } 54| | 55| | /* store term */ 56| 268k| W[ix] = (mp_digit)_W & MP_MASK; ------------------ | | 106| 268k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 268k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 57| | 58| | /* make next carry */ 59| 268k| _W = _W >> (mp_word)MP_DIGIT_BIT; ------------------ | | 82| 268k|# define MP_DIGIT_BIT 60 ------------------ 60| 268k| } 61| | 62| | /* setup dest */ 63| 26.3k| olduse = c->used; 64| 26.3k| c->used = pa; 65| | 66| 26.3k| { 67| 26.3k| mp_digit *tmpc; 68| | 69| 26.3k| tmpc = c->dp + digs; 70| 294k| for (ix = digs; ix < pa; ix++) { ------------------ | Branch (70:23): [True: 268k, False: 26.3k] ------------------ 71| | /* now extract the previous digit [below the carry] */ 72| 268k| *tmpc++ = W[ix]; 73| 268k| } 74| | 75| | /* clear unused digits [that existed in the old copy of c] */ 76| 26.3k| MP_ZERO_DIGITS(tmpc, olduse - ix); ------------------ | | 89| 26.3k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 26.3k|do { \ | | 91| 26.3k| int zd_ = (digits); \ | | 92| 26.3k| mp_digit* zm_ = (mem); \ | | 93| 26.3k| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 0, False: 26.3k] | | ------------------ | | 94| 0| *zm_++ = 0; \ | | 95| 0| } \ | | 96| 26.3k|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 77| 26.3k| } 78| 26.3k| mp_clamp(c); 79| 26.3k| return MP_OKAY; ------------------ | | 161| 26.3k|#define MP_OKAY 0 /* no error */ ------------------ 80| 26.3k|} s_mp_sqr_fast: 17| 7.58M|{ 18| 7.58M| int olduse, pa, ix, iz; 19| 7.58M| mp_digit W[MP_WARRAY], *tmpx; 20| 7.58M| mp_word W1; 21| 7.58M| mp_err err; 22| | 23| | /* grow the destination as required */ 24| 7.58M| pa = a->used + a->used; 25| 7.58M| if (b->alloc < pa) { ------------------ | Branch (25:8): [True: 6.35k, False: 7.57M] ------------------ 26| 6.35k| if ((err = mp_grow(b, pa)) != MP_OKAY) { ------------------ | | 161| 6.35k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (26:11): [True: 0, False: 6.35k] ------------------ 27| 0| return err; 28| 0| } 29| 6.35k| } 30| | 31| | /* number of output digits to produce */ 32| 7.58M| W1 = 0; 33| 382M| for (ix = 0; ix < pa; ix++) { ------------------ | Branch (33:17): [True: 375M, False: 7.58M] ------------------ 34| 375M| int tx, ty, iy; 35| 375M| mp_word _W; 36| 375M| mp_digit *tmpy; 37| | 38| | /* clear counter */ 39| 375M| _W = 0; 40| | 41| | /* get offsets into the two bignums */ 42| 375M| ty = MP_MIN(a->used-1, ix); ------------------ | | 156| 375M|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 187M, False: 187M] | | ------------------ ------------------ 43| 375M| tx = ix - ty; 44| | 45| | /* setup temp aliases */ 46| 375M| tmpx = a->dp + tx; 47| 375M| tmpy = a->dp + ty; 48| | 49| | /* this is the number of times the loop will iterrate, essentially 50| | while (tx++ < a->used && ty-- >= 0) { ... } 51| | */ 52| 375M| iy = MP_MIN(a->used-tx, ty+1); ------------------ | | 156| 375M|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 187M, False: 187M] | | ------------------ ------------------ 53| | 54| | /* now for squaring tx can never equal ty 55| | * we halve the distance since they approach at a rate of 2x 56| | * and we have to round because odd cases need to be executed 57| | */ 58| 375M| iy = MP_MIN(iy, ((ty-tx)+1)>>1); ------------------ | | 156| 375M|#define MP_MIN(x, y) (((x) < (y)) ? (x) : (y)) | | ------------------ | | | Branch (156:23): [True: 0, False: 375M] | | ------------------ ------------------ 59| | 60| | /* execute loop */ 61| 3.23G| for (iz = 0; iz < iy; iz++) { ------------------ | Branch (61:20): [True: 2.86G, False: 375M] ------------------ 62| 2.86G| _W += (mp_word)*tmpx++ * (mp_word)*tmpy--; 63| 2.86G| } 64| | 65| | /* double the inner product and add carry */ 66| 375M| _W = _W + _W + W1; 67| | 68| | /* even columns have the square term in them */ 69| 375M| if (((unsigned)ix & 1u) == 0u) { ------------------ | Branch (69:11): [True: 187M, False: 187M] ------------------ 70| 187M| _W += (mp_word)a->dp[ix>>1] * (mp_word)a->dp[ix>>1]; 71| 187M| } 72| | 73| | /* store it */ 74| 375M| W[ix] = (mp_digit)_W & MP_MASK; ------------------ | | 106| 375M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 375M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 75| | 76| | /* make next carry */ 77| 375M| W1 = _W >> (mp_word)MP_DIGIT_BIT; ------------------ | | 82| 375M|# define MP_DIGIT_BIT 60 ------------------ 78| 375M| } 79| | 80| | /* setup dest */ 81| 7.58M| olduse = b->used; 82| 7.58M| b->used = a->used+a->used; 83| | 84| 7.58M| { 85| 7.58M| mp_digit *tmpb; 86| 7.58M| tmpb = b->dp; 87| 382M| for (ix = 0; ix < pa; ix++) { ------------------ | Branch (87:20): [True: 375M, False: 7.58M] ------------------ 88| 375M| *tmpb++ = W[ix] & MP_MASK; ------------------ | | 106| 375M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 375M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 89| 375M| } 90| | 91| | /* clear unused digits [that existed in the old copy of c] */ 92| 7.58M| MP_ZERO_DIGITS(tmpb, olduse - ix); ------------------ | | 89| 7.58M|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 7.58M|do { \ | | 91| 7.58M| int zd_ = (digits); \ | | 92| 7.58M| mp_digit* zm_ = (mem); \ | | 93| 7.67M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 95.2k, False: 7.58M] | | ------------------ | | 94| 95.2k| *zm_++ = 0; \ | | 95| 95.2k| } \ | | 96| 7.58M|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 93| 7.58M| } 94| 7.58M| mp_clamp(b); 95| 7.58M| return MP_OKAY; ------------------ | | 161| 7.58M|#define MP_OKAY 0 /* no error */ ------------------ 96| 7.58M|} s_mp_sub: 8| 15.2M|{ 9| 15.2M| int olduse, min, max; 10| 15.2M| mp_err err; 11| | 12| | /* find sizes */ 13| 15.2M| min = b->used; 14| 15.2M| max = a->used; 15| | 16| | /* init result */ 17| 15.2M| if (c->alloc < max) { ------------------ | Branch (17:8): [True: 0, False: 15.2M] ------------------ 18| 0| if ((err = mp_grow(c, max)) != MP_OKAY) { ------------------ | | 161| 0|#define MP_OKAY 0 /* no error */ ------------------ | Branch (18:11): [True: 0, False: 0] ------------------ 19| 0| return err; 20| 0| } 21| 0| } 22| 15.2M| olduse = c->used; 23| 15.2M| c->used = max; 24| | 25| 15.2M| { 26| 15.2M| mp_digit u, *tmpa, *tmpb, *tmpc; 27| 15.2M| int i; 28| | 29| | /* alias for digit pointers */ 30| 15.2M| tmpa = a->dp; 31| 15.2M| tmpb = b->dp; 32| 15.2M| tmpc = c->dp; 33| | 34| | /* set carry to zero */ 35| 15.2M| u = 0; 36| 207M| for (i = 0; i < min; i++) { ------------------ | Branch (36:19): [True: 191M, False: 15.2M] ------------------ 37| | /* T[i] = A[i] - B[i] - U */ 38| 191M| *tmpc = (*tmpa++ - *tmpb++) - u; 39| | 40| | /* U = carry bit of T[i] 41| | * Note this saves performing an AND operation since 42| | * if a carry does occur it will propagate all the way to the 43| | * MSB. As a result a single shift is enough to get the carry 44| | */ 45| 191M| u = *tmpc >> (MP_SIZEOF_BITS(mp_digit) - 1u); ------------------ | | 167| 191M|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) ------------------ 46| | 47| | /* Clear carry from T[i] */ 48| 191M| *tmpc++ &= MP_MASK; ------------------ | | 106| 191M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 191M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 49| 191M| } 50| | 51| | /* now copy higher words if any, e.g. if A has more digits than B */ 52| 68.5M| for (; i < max; i++) { ------------------ | Branch (52:14): [True: 53.3M, False: 15.2M] ------------------ 53| | /* T[i] = A[i] - U */ 54| 53.3M| *tmpc = *tmpa++ - u; 55| | 56| | /* U = carry bit of T[i] */ 57| 53.3M| u = *tmpc >> (MP_SIZEOF_BITS(mp_digit) - 1u); ------------------ | | 167| 53.3M|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) ------------------ 58| | 59| | /* Clear carry from T[i] */ 60| 53.3M| *tmpc++ &= MP_MASK; ------------------ | | 106| 53.3M|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 53.3M|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 61| 53.3M| } 62| | 63| | /* clear digits above used (since we may not have grown result above) */ 64| 15.2M| MP_ZERO_DIGITS(tmpc, olduse - c->used); ------------------ | | 89| 15.2M|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 15.2M|do { \ | | 91| 15.2M| int zd_ = (digits); \ | | 92| 15.2M| mp_digit* zm_ = (mem); \ | | 93| 15.2M| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 28, False: 15.2M] | | ------------------ | | 94| 28| *zm_++ = 0; \ | | 95| 28| } \ | | 96| 15.2M|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 65| 15.2M| } 66| | 67| 15.2M| mp_clamp(c); 68| 15.2M| return MP_OKAY; ------------------ | | 161| 15.2M|#define MP_OKAY 0 /* no error */ ------------------ 69| 15.2M|} mp_set_u32: 253| 1.39k| { \ 254| 1.39k| int i = 0; \ 255| 1.39k| while (b != 0u) { \ ------------------ | Branch (255:16): [True: 1.39k, False: 0] ------------------ 256| 1.39k| a->dp[i++] = ((mp_digit)b & MP_MASK); \ ------------------ | | 106| 1.39k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 1.39k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 257| 1.39k| if (MP_SIZEOF_BITS(type) <= MP_DIGIT_BIT) { break; } \ ------------------ | | 167| 1.39k|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) ------------------ if (MP_SIZEOF_BITS(type) <= MP_DIGIT_BIT) { break; } \ ------------------ | | 82| 1.39k|# define MP_DIGIT_BIT 60 ------------------ | Branch (257:17): [Folded - Ignored] ------------------ 258| 1.39k| b >>= ((MP_SIZEOF_BITS(type) <= MP_DIGIT_BIT) ? 0 : MP_DIGIT_BIT); \ ------------------ | | 167| 0|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) ------------------ b >>= ((MP_SIZEOF_BITS(type) <= MP_DIGIT_BIT) ? 0 : MP_DIGIT_BIT); \ ------------------ | | 82| 0|# define MP_DIGIT_BIT 60 ------------------ b >>= ((MP_SIZEOF_BITS(type) <= MP_DIGIT_BIT) ? 0 : MP_DIGIT_BIT); \ ------------------ | | 82| 0|# define MP_DIGIT_BIT 60 ------------------ | Branch (258:20): [Folded - Ignored] ------------------ 259| 0| } \ 260| 1.39k| a->used = i; \ 261| 1.39k| a->sign = MP_ZPOS; \ ------------------ | | 151| 1.39k|#define MP_ZPOS 0 /* positive integer */ ------------------ 262| 1.39k| MP_ZERO_DIGITS(a->dp + a->used, a->alloc - a->used); \ ------------------ | | 89| 1.39k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 1.39k|do { \ | | 91| 1.39k| int zd_ = (digits); \ | | 92| 1.39k| mp_digit* zm_ = (mem); \ | | 93| 44.4k| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 43.0k, False: 1.39k] | | ------------------ | | 94| 43.0k| *zm_++ = 0; \ | | 95| 43.0k| } \ | | 96| 1.39k|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 263| 1.39k| } mp_set_ul: 253| 1.23k| { \ 254| 1.23k| int i = 0; \ 255| 2.47k| while (b != 0u) { \ ------------------ | Branch (255:16): [True: 1.23k, False: 1.23k] ------------------ 256| 1.23k| a->dp[i++] = ((mp_digit)b & MP_MASK); \ ------------------ | | 106| 1.23k|#define MP_MASK ((((mp_digit)1)<<((mp_digit)MP_DIGIT_BIT))-((mp_digit)1)) | | ------------------ | | | | 82| 1.23k|# define MP_DIGIT_BIT 60 | | ------------------ ------------------ 257| 1.23k| if (MP_SIZEOF_BITS(type) <= MP_DIGIT_BIT) { break; } \ ------------------ | | 167| 1.23k|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) ------------------ if (MP_SIZEOF_BITS(type) <= MP_DIGIT_BIT) { break; } \ ------------------ | | 82| 1.23k|# define MP_DIGIT_BIT 60 ------------------ | Branch (257:17): [Folded - Ignored] ------------------ 258| 1.23k| b >>= ((MP_SIZEOF_BITS(type) <= MP_DIGIT_BIT) ? 0 : MP_DIGIT_BIT); \ ------------------ | | 167| 1.23k|#define MP_SIZEOF_BITS(type) ((size_t)CHAR_BIT * sizeof(type)) ------------------ b >>= ((MP_SIZEOF_BITS(type) <= MP_DIGIT_BIT) ? 0 : MP_DIGIT_BIT); \ ------------------ | | 82| 1.23k|# define MP_DIGIT_BIT 60 ------------------ b >>= ((MP_SIZEOF_BITS(type) <= MP_DIGIT_BIT) ? 0 : MP_DIGIT_BIT); \ ------------------ | | 82| 1.23k|# define MP_DIGIT_BIT 60 ------------------ | Branch (258:20): [Folded - Ignored] ------------------ 259| 1.23k| } \ 260| 1.23k| a->used = i; \ 261| 1.23k| a->sign = MP_ZPOS; \ ------------------ | | 151| 1.23k|#define MP_ZPOS 0 /* positive integer */ ------------------ 262| 1.23k| MP_ZERO_DIGITS(a->dp + a->used, a->alloc - a->used); \ ------------------ | | 89| 1.23k|# define MP_ZERO_DIGITS(mem, digits) \ | | 90| 1.23k|do { \ | | 91| 1.23k| int zd_ = (digits); \ | | 92| 1.23k| mp_digit* zm_ = (mem); \ | | 93| 39.5k| while (zd_-- > 0) { \ | | ------------------ | | | Branch (93:11): [True: 38.2k, False: 1.23k] | | ------------------ | | 94| 38.2k| *zm_++ = 0; \ | | 95| 38.2k| } \ | | 96| 1.23k|} while (0) | | ------------------ | | | Branch (96:10): [Folded - Ignored] | | ------------------ ------------------ 263| 1.23k| } m_mp_init: 31| 1.27k|void m_mp_init(mp_int *mp) { 32| | 33| 1.27k| if (mp_init(mp) != MP_OKAY) { ------------------ | | 161| 1.27k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (33:6): [True: 0, False: 1.27k] ------------------ 34| 0| dropbear_exit("Mem alloc error"); 35| 0| } 36| 1.27k|} m_mp_init_multi: 41| 3.08k|{ 42| 3.08k| mp_int* cur_arg = mp; 43| 3.08k| va_list args; 44| | 45| 3.08k| va_start(args, mp); /* init args to next argument from caller */ 46| 13.8k| while (cur_arg != NULL) { ------------------ | Branch (46:9): [True: 10.8k, False: 3.08k] ------------------ 47| 10.8k| if (mp_init(cur_arg) != MP_OKAY) { ------------------ | | 161| 10.8k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (47:7): [True: 0, False: 10.8k] ------------------ 48| 0| dropbear_exit("Mem alloc error"); 49| 0| } 50| 10.8k| cur_arg = va_arg(args, mp_int*); 51| 10.8k| } 52| 3.08k| va_end(args); 53| 3.08k|} m_mp_alloc_init_multi: 56| 3.12k|{ 57| 3.12k| mp_int** cur_arg = mp; 58| 3.12k| va_list args; 59| | 60| 3.12k| va_start(args, mp); /* init args to next argument from caller */ 61| 9.51k| while (cur_arg != NULL) { ------------------ | Branch (61:9): [True: 6.39k, False: 3.12k] ------------------ 62| 6.39k| *cur_arg = m_malloc(sizeof(mp_int)); 63| 6.39k| if (mp_init(*cur_arg) != MP_OKAY) { ------------------ | | 161| 6.39k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (63:7): [True: 0, False: 6.39k] ------------------ 64| 0| dropbear_exit("Mem alloc error"); 65| 0| } 66| 6.39k| cur_arg = va_arg(args, mp_int**); 67| 6.39k| } 68| 3.12k| va_end(args); 69| 3.12k|} m_mp_free_multi: 72| 340|{ 73| 340| mp_int** cur_arg = mp; 74| 340| va_list args; 75| | 76| 340| va_start(args, mp); /* init args to next argument from caller */ 77| 1.75k| while (cur_arg != NULL) { ------------------ | Branch (77:9): [True: 1.41k, False: 340] ------------------ 78| 1.41k| if (*cur_arg) { ------------------ | Branch (78:7): [True: 566, False: 850] ------------------ 79| 566| mp_clear(*cur_arg); 80| 566| } 81| 1.41k| m_free(*cur_arg); ------------------ | | 24| 1.41k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 82| 1.41k| cur_arg = va_arg(args, mp_int**); 83| 1.41k| } 84| 340| va_end(args); 85| 340|} bytes_to_mp: 87| 4.71k|void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len) { 88| | 89| 4.71k| if (mp_from_ubin(mp, (unsigned char*)bytes, len) != MP_OKAY) { ------------------ | | 161| 4.71k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (89:6): [True: 0, False: 4.71k] ------------------ 90| 0| dropbear_exit("Mem alloc error"); 91| 0| } 92| 4.71k|} buf_new: 41| 69.5k|buffer* buf_new(unsigned int size) { 42| 69.5k| buffer* buf; 43| 69.5k| if (size > BUF_MAX_SIZE) { ------------------ | | 35| 69.5k|#define BUF_MAX_SIZE 1000000000 ------------------ | Branch (43:6): [True: 0, False: 69.5k] ------------------ 44| 0| dropbear_exit("buf->size too big"); 45| 0| } 46| | 47| 69.5k| buf = (buffer*)m_malloc(sizeof(buffer)+size); 48| 69.5k| buf->data = (unsigned char*)buf + sizeof(buffer); 49| 69.5k| buf->size = size; 50| 69.5k| return buf; 51| 69.5k|} buf_free: 54| 53.2k|void buf_free(buffer* buf) { 55| 53.2k| m_free(buf); ------------------ | | 24| 53.2k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 56| 53.2k|} buf_burn_free: 59| 13.5k|void buf_burn_free(buffer* buf) { 60| 13.5k| m_burn(buf->data, buf->size); 61| 13.5k| m_free(buf); ------------------ | | 24| 13.5k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 62| 13.5k|} buf_resize: 67| 4.30k|buffer* buf_resize(buffer *buf, unsigned int newsize) { 68| 4.30k| if (newsize > BUF_MAX_SIZE) { ------------------ | | 35| 4.30k|#define BUF_MAX_SIZE 1000000000 ------------------ | Branch (68:6): [True: 0, False: 4.30k] ------------------ 69| 0| dropbear_exit("buf->size too big"); 70| 0| } 71| | 72| 4.30k| buf = m_realloc(buf, sizeof(buffer)+newsize); 73| 4.30k| buf->data = (unsigned char*)buf + sizeof(buffer); 74| 4.30k| buf->size = newsize; 75| 4.30k| buf->len = MIN(newsize, buf->len); 76| 4.30k| buf->pos = MIN(newsize, buf->pos); 77| 4.30k| return buf; 78| 4.30k|} buf_newcopy: 82| 5.50k|buffer* buf_newcopy(const buffer* buf) { 83| | 84| 5.50k| buffer* ret; 85| | 86| 5.50k| ret = buf_new(buf->len); 87| 5.50k| ret->len = buf->len; 88| 5.50k| if (buf->len > 0) { ------------------ | Branch (88:6): [True: 5.50k, False: 0] ------------------ 89| 5.50k| memcpy(ret->data, buf->data, buf->len); 90| 5.50k| } 91| 5.50k| return ret; 92| 5.50k|} buf_setlen: 95| 96.6k|void buf_setlen(buffer* buf, unsigned int len) { 96| 96.6k| if (len > buf->size) { ------------------ | Branch (96:6): [True: 0, False: 96.6k] ------------------ 97| 0| dropbear_exit("Bad buf_setlen"); 98| 0| } 99| 96.6k| buf->len = len; 100| 96.6k| buf->pos = MIN(buf->pos, buf->len); 101| 96.6k|} buf_incrlen: 104| 192k|void buf_incrlen(buffer* buf, unsigned int incr) { 105| 192k| if (incr > BUF_MAX_INCR || buf->len + incr > buf->size) { ------------------ | | 34| 385k|#define BUF_MAX_INCR 1000000000 ------------------ | Branch (105:6): [True: 0, False: 192k] | Branch (105:29): [True: 0, False: 192k] ------------------ 106| 0| dropbear_exit("Bad buf_incrlen"); 107| 0| } 108| 192k| buf->len += incr; 109| 192k|} buf_setpos: 111| 375k|void buf_setpos(buffer* buf, unsigned int pos) { 112| | 113| 375k| if (pos > buf->len) { ------------------ | Branch (113:6): [True: 0, False: 375k] ------------------ 114| 0| dropbear_exit("Bad buf_setpos"); 115| 0| } 116| 375k| buf->pos = pos; 117| 375k|} buf_incrwritepos: 120| 420k|void buf_incrwritepos(buffer* buf, unsigned int incr) { 121| 420k| if (incr > BUF_MAX_INCR || buf->pos + incr > buf->size) { ------------------ | | 34| 841k|#define BUF_MAX_INCR 1000000000 ------------------ | Branch (121:6): [True: 0, False: 420k] | Branch (121:29): [True: 0, False: 420k] ------------------ 122| 0| dropbear_exit("Bad buf_incrwritepos"); 123| 0| } 124| 420k| buf->pos += incr; 125| 420k| if (buf->pos > buf->len) { ------------------ | Branch (125:6): [True: 306k, False: 113k] ------------------ 126| 306k| buf->len = buf->pos; 127| 306k| } 128| 420k|} buf_incrpos: 131| 379k|void buf_incrpos(buffer* buf, unsigned int incr) { 132| 379k| if (incr > BUF_MAX_INCR ------------------ | | 34| 759k|#define BUF_MAX_INCR 1000000000 ------------------ | Branch (132:6): [True: 15, False: 379k] ------------------ 133| 379k| || (buf->pos + incr) > buf->len) { ------------------ | Branch (133:6): [True: 81, False: 379k] ------------------ 134| 96| dropbear_exit("Bad buf_incrpos"); 135| 96| } 136| 379k| buf->pos += incr; 137| 379k|} buf_decrpos: 140| 1.91k|void buf_decrpos(buffer* buf, unsigned int decr) { 141| 1.91k| if (decr > buf->pos) { ------------------ | Branch (141:6): [True: 0, False: 1.91k] ------------------ 142| 0| dropbear_exit("Bad buf_decrpos"); 143| 0| } 144| 1.91k| buf->pos -= decr; 145| 1.91k|} buf_getbyte: 148| 72.5k|unsigned char buf_getbyte(buffer* buf) { 149| | 150| | /* This check is really just ==, but the >= allows us to check for the 151| | * bad case of pos > len, which should _never_ happen. */ 152| 72.5k| if (buf->pos >= buf->len) { ------------------ | Branch (152:6): [True: 3, False: 72.5k] ------------------ 153| 3| dropbear_exit("Bad buf_getbyte"); 154| 3| } 155| 72.5k| return buf->data[buf->pos++]; 156| 72.5k|} buf_getbool: 159| 2.46k|unsigned char buf_getbool(buffer* buf) { 160| | 161| 2.46k| unsigned char b; 162| 2.46k| b = buf_getbyte(buf); 163| 2.46k| if (b != 0) ------------------ | Branch (163:6): [True: 281, False: 2.18k] ------------------ 164| 281| b = 1; 165| 2.46k| return b; 166| 2.46k|} buf_putbyte: 169| 192k|void buf_putbyte(buffer* buf, unsigned char val) { 170| | 171| 192k| if (buf->pos >= buf->len) { ------------------ | Branch (171:6): [True: 166k, False: 25.2k] ------------------ 172| 166k| buf_incrlen(buf, 1); 173| 166k| } 174| 192k| buf->data[buf->pos] = val; 175| 192k| buf->pos++; 176| 192k|} buf_getptr: 180| 493k|unsigned char* buf_getptr(const buffer* buf, unsigned int len) { 181| | 182| 493k| if (len > BUF_MAX_INCR || buf->pos + len > buf->len) { ------------------ | | 34| 986k|#define BUF_MAX_INCR 1000000000 ------------------ | Branch (182:6): [True: 7, False: 493k] | Branch (182:28): [True: 612, False: 492k] ------------------ 183| 619| dropbear_exit("Bad buf_getptr"); 184| 619| } 185| 492k| return &buf->data[buf->pos]; 186| 493k|} buf_getwriteptr: 190| 464k|unsigned char* buf_getwriteptr(const buffer* buf, unsigned int len) { 191| | 192| 464k| if (len > BUF_MAX_INCR || buf->pos + len > buf->size) { ------------------ | | 34| 929k|#define BUF_MAX_INCR 1000000000 ------------------ | Branch (192:6): [True: 0, False: 464k] | Branch (192:28): [True: 0, False: 464k] ------------------ 193| 0| dropbear_exit("Bad buf_getwriteptr"); 194| 0| } 195| 464k| return &buf->data[buf->pos]; 196| 464k|} buf_getstring: 201| 27.7k|char* buf_getstring(buffer* buf, unsigned int *retlen) { 202| | 203| 27.7k| unsigned int len; 204| 27.7k| char* ret; 205| 27.7k| void* src = NULL; 206| 27.7k| len = buf_getint(buf); 207| 27.7k| if (len > MAX_STRING_LEN) { ------------------ | | 228| 27.7k|#define MAX_STRING_LEN (MAX(MAX_CMD_LEN, 2400)) /* Sun SSH needs 2400 for algos, ------------------ | Branch (207:6): [True: 72, False: 27.6k] ------------------ 208| 72| dropbear_exit("String too long"); 209| 72| } 210| | 211| 27.6k| if (retlen != NULL) { ------------------ | Branch (211:6): [True: 27.5k, False: 177] ------------------ 212| 27.5k| *retlen = len; 213| 27.5k| } 214| 27.6k| src = buf_getptr(buf, len); 215| 27.6k| ret = m_malloc(len+1); 216| 27.6k| memcpy(ret, src, len); 217| 27.6k| buf_incrpos(buf, len); 218| 27.6k| ret[len] = '\0'; 219| | 220| 27.6k| return ret; 221| 27.7k|} buf_getstringbuf: 246| 663|buffer * buf_getstringbuf(buffer *buf) { 247| 663| return buf_getstringbuf_int(buf, 0); 248| 663|} buf_eatstring: 257| 5.03k|void buf_eatstring(buffer *buf) { 258| | 259| 5.03k| buf_incrpos( buf, buf_getint(buf) ); 260| 5.03k|} buf_getint: 263| 67.1k|unsigned int buf_getint(buffer* buf) { 264| 67.1k| unsigned int ret; 265| | 266| 67.1k| LOAD32H(ret, buf_getptr(buf, 4)); ------------------ | | 66| 67.1k|#define LOAD32H(x, y) \ | | 67| 67.1k|do { XMEMCPY (&(x), (y), 4); \ | | ------------------ | | | | 39| 67.1k|#define XMEMCPY memcpy | | ------------------ | | 68| 67.1k| (x) = __builtin_bswap32 ((x)); } while(0) | | ------------------ | | | Branch (68:46): [Folded - Ignored] | | ------------------ ------------------ 267| 67.1k| buf_incrpos(buf, 4); 268| 67.1k| return ret; 269| 67.1k|} buf_putint: 272| 134k|void buf_putint(buffer* buf, int unsigned val) { 273| | 274| 134k| STORE32H(val, buf_getwriteptr(buf, 4)); ------------------ | | 62| 134k|#define STORE32H(x, y) \ | | 63| 134k|do { ulong32 __t = __builtin_bswap32 ((x)); \ | | 64| 134k| XMEMCPY ((y), &__t, 4); } while(0) | | ------------------ | | | | 39| 134k|#define XMEMCPY memcpy | | ------------------ | | | Branch (64:39): [Folded - Ignored] | | ------------------ ------------------ 275| 134k| buf_incrwritepos(buf, 4); 276| | 277| 134k|} buf_putstring: 280| 25.8k|void buf_putstring(buffer* buf, const char* str, unsigned int len) { 281| | 282| 25.8k| buf_putint(buf, len); 283| 25.8k| buf_putbytes(buf, (const unsigned char*)str, len); 284| | 285| 25.8k|} buf_putbufstring: 288| 1.44k|void buf_putbufstring(buffer *buf, const buffer* buf_str) { 289| 1.44k| buf_putstring(buf, (const char*)buf_str->data, buf_str->len); 290| 1.44k|} buf_putbytes: 294| 160k|void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len) { 295| 160k| memcpy(buf_getwriteptr(buf, len), bytes, len); 296| 160k| buf_incrwritepos(buf, len); 297| 160k|} buf_putmpint: 302| 7.14k|void buf_putmpint(buffer* buf, const mp_int * mp) { 303| 7.14k| size_t written; 304| 7.14k| unsigned int len, pad = 0; 305| 7.14k| TRACE2(("enter buf_putmpint")) 306| | 307| 7.14k| dropbear_assert(mp != NULL); ------------------ | | 83| 7.14k|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (83:37): [True: 0, False: 7.14k] | | | Branch (83:93): [Folded - Ignored] | | ------------------ ------------------ 308| | 309| 7.14k| if (mp_isneg(mp)) { ------------------ | | 295| 7.14k|#define mp_isneg(a) (((a)->sign != MP_ZPOS) ? MP_YES : MP_NO) | | ------------------ | | | | 151| 7.14k|#define MP_ZPOS 0 /* positive integer */ | | ------------------ | | #define mp_isneg(a) (((a)->sign != MP_ZPOS) ? MP_YES : MP_NO) | | ------------------ | | | | 158| 0|#define MP_YES 1 | | ------------------ | | #define mp_isneg(a) (((a)->sign != MP_ZPOS) ? MP_YES : MP_NO) | | ------------------ | | | | 159| 7.14k|#define MP_NO 0 | | ------------------ | | | Branch (295:22): [True: 0, False: 7.14k] | | | Branch (295:23): [True: 0, False: 7.14k] | | ------------------ ------------------ 310| 0| dropbear_exit("negative bignum"); 311| 0| } 312| | 313| | /* zero check */ 314| 7.14k| if (mp_iszero(mp)) { ------------------ | | 292| 7.14k|#define mp_iszero(a) (((a)->used == 0) ? MP_YES : MP_NO) | | ------------------ | | | | 158| 692|#define MP_YES 1 | | ------------------ | | #define mp_iszero(a) (((a)->used == 0) ? MP_YES : MP_NO) | | ------------------ | | | | 159| 6.45k|#define MP_NO 0 | | ------------------ | | | Branch (292:22): [True: 692, False: 6.45k] | | | Branch (292:23): [True: 692, False: 6.45k] | | ------------------ ------------------ 315| 692| len = 0; 316| 6.45k| } else { 317| | /* SSH spec requires padding for mpints with the MSB set, this code 318| | * implements it */ 319| 6.45k| len = mp_count_bits(mp); 320| | /* if the top bit of MSB is set, we need to pad */ 321| 6.45k| pad = (len%8 == 0) ? 1 : 0; ------------------ | Branch (321:9): [True: 1.95k, False: 4.50k] ------------------ 322| 6.45k| len = len / 8 + 1; /* don't worry about rounding, we need it for 323| | padding anyway when len%8 == 0 */ 324| | 325| 6.45k| } 326| | 327| | /* store the length */ 328| 7.14k| buf_putint(buf, len); 329| | 330| | /* store the actual value */ 331| 7.14k| if (len > 0) { ------------------ | Branch (331:6): [True: 6.45k, False: 692] ------------------ 332| 6.45k| if (pad) { ------------------ | Branch (332:7): [True: 1.95k, False: 4.50k] ------------------ 333| 1.95k| buf_putbyte(buf, 0x00); 334| 1.95k| } 335| 6.45k| if (mp_to_ubin(mp, buf_getwriteptr(buf, len-pad), len-pad, &written) != MP_OKAY) { ------------------ | | 161| 6.45k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (335:7): [True: 0, False: 6.45k] ------------------ 336| 0| dropbear_exit("mpint error"); 337| 0| } 338| 6.45k| buf_incrwritepos(buf, written); 339| 6.45k| } 340| | 341| 7.14k| TRACE2(("leave buf_putmpint")) 342| 7.14k|} buf_getmpint: 347| 4.18k|int buf_getmpint(buffer* buf, mp_int* mp) { 348| | 349| 4.18k| unsigned int len; 350| 4.18k| len = buf_getint(buf); 351| | 352| 4.18k| if (len == 0) { ------------------ | Branch (352:6): [True: 902, False: 3.28k] ------------------ 353| 902| mp_zero(mp); 354| 902| return DROPBEAR_SUCCESS; ------------------ | | 102| 902|#define DROPBEAR_SUCCESS 0 ------------------ 355| 902| } 356| | 357| 3.28k| if (len > BUF_MAX_MPINT) { ------------------ | | 38| 3.28k|#define BUF_MAX_MPINT (8240 / 8) ------------------ | Branch (357:6): [True: 85, False: 3.20k] ------------------ 358| 85| return DROPBEAR_FAILURE; ------------------ | | 103| 85|#define DROPBEAR_FAILURE -1 ------------------ 359| 85| } 360| | 361| | /* check for negative */ 362| 3.20k| if (*buf_getptr(buf, 1) & (1 << (CHAR_BIT-1))) { ------------------ | Branch (362:6): [True: 11, False: 3.19k] ------------------ 363| 11| return DROPBEAR_FAILURE; ------------------ | | 103| 11|#define DROPBEAR_FAILURE -1 ------------------ 364| 11| } 365| | 366| 3.19k| if (mp_from_ubin(mp, buf_getptr(buf, len), len) != MP_OKAY) { ------------------ | | 161| 3.19k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (366:6): [True: 0, False: 3.19k] ------------------ 367| 0| return DROPBEAR_FAILURE; ------------------ | | 103| 0|#define DROPBEAR_FAILURE -1 ------------------ 368| 0| } 369| | 370| 3.19k| buf_incrpos(buf, len); 371| 3.19k| return DROPBEAR_SUCCESS; ------------------ | | 102| 3.19k|#define DROPBEAR_SUCCESS 0 ------------------ 372| 3.19k|} buffer.c:buf_getstringbuf_int: 224| 663|static buffer * buf_getstringbuf_int(buffer *buf, int incllen) { 225| 663| buffer *ret = NULL; 226| 663| unsigned int len = buf_getint(buf); 227| 663| int extra = 0; 228| 663| if (len > MAX_STRING_LEN) { ------------------ | | 228| 663|#define MAX_STRING_LEN (MAX(MAX_CMD_LEN, 2400)) /* Sun SSH needs 2400 for algos, ------------------ | Branch (228:6): [True: 32, False: 631] ------------------ 229| 32| dropbear_exit("String too long"); 230| 32| } 231| 631| if (incllen) { ------------------ | Branch (231:6): [True: 0, False: 631] ------------------ 232| 0| extra = 4; 233| 0| } 234| 631| ret = buf_new(len+extra); 235| 631| if (incllen) { ------------------ | Branch (235:6): [True: 0, False: 631] ------------------ 236| 0| buf_putint(ret, len); 237| 0| } 238| 631| memcpy(buf_getwriteptr(ret, len), buf_getptr(buf, len), len); 239| 631| buf_incrpos(buf, len); 240| 631| buf_incrlen(ret, len); 241| 631| buf_setpos(ret, 0); 242| 631| return ret; 243| 663|} cli_auth_getmethods: 36| 269|void cli_auth_getmethods() { 37| 269| TRACE(("enter cli_auth_getmethods")) 38| 269| CHECKCLEARTOWRITE(); 39| 269| buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); ------------------ | | 42| 269|#define SSH_MSG_USERAUTH_REQUEST 50 ------------------ 40| 269| buf_putstring(ses.writepayload, cli_opts.username, 41| 269| strlen(cli_opts.username)); 42| 269| buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, ------------------ | | 106| 269|#define SSH_SERVICE_CONNECTION "ssh-connection" ------------------ 43| 269| SSH_SERVICE_CONNECTION_LEN); ------------------ | | 107| 269|#define SSH_SERVICE_CONNECTION_LEN 14 ------------------ 44| 269| buf_putstring(ses.writepayload, "none", 4); /* 'none' method */ 45| | 46| 269| encrypt_packet(); 47| | 48| |#if DROPBEAR_CLI_IMMEDIATE_AUTH 49| | /* We can't haven't two auth requests in-flight with delayed zlib mode 50| | since if the first one succeeds then the remote side will 51| | expect the second one to be compressed. 52| | Race described at 53| | http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/zlib-openssh.html 54| | */ 55| | if (ses.keys->trans.algo_comp != DROPBEAR_COMP_ZLIB_DELAY) { 56| | ses.authstate.authtypes = AUTH_TYPE_PUBKEY; 57| |#if DROPBEAR_USE_PASSWORD_ENV 58| | if (getenv(DROPBEAR_PASSWORD_ENV)) { 59| | ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT; 60| | } 61| |#endif 62| | if (cli_auth_try() == DROPBEAR_SUCCESS) { 63| | TRACE(("skipped initial none auth query")) 64| | /* Note that there will be two auth responses in-flight */ 65| | cli_ses.ignore_next_auth_response = 1; 66| | } 67| | } 68| |#endif 69| 269| TRACE(("leave cli_auth_getmethods")) 70| 269|} cli_tty_cleanup: 135| 3.51k|void cli_tty_cleanup() { 136| | 137| 3.51k| TRACE(("enter cli_tty_cleanup")) 138| | 139| 3.51k| if (cli_ses.tty_raw_mode == 0) { ------------------ | Branch (139:6): [True: 3.51k, False: 0] ------------------ 140| 3.51k| TRACE(("leave cli_tty_cleanup: not in raw mode")) 141| 3.51k| return; 142| 3.51k| } 143| | 144| 0| if (tcsetattr(STDIN_FILENO, TCSADRAIN, &cli_ses.saved_tio) == -1) { ------------------ | Branch (144:6): [True: 0, False: 0] ------------------ 145| 0| dropbear_log(LOG_WARNING, "Failed restoring TTY"); 146| 0| } else { 147| 0| cli_ses.tty_raw_mode = 0; 148| 0| } 149| | 150| 0| TRACE(("leave cli_tty_cleanup")) 151| 0|} send_msg_kexdh_init: 45| 5.85k|void send_msg_kexdh_init() { 46| 5.85k| TRACE(("send_msg_kexdh_init()")) 47| | 48| 5.85k| CHECKCLEARTOWRITE(); 49| | 50| 5.85k|#if DROPBEAR_FUZZ 51| 5.85k| if (fuzz.fuzzing && fuzz.skip_kexmaths) { ------------------ | Branch (51:6): [True: 5.85k, False: 0] | Branch (51:22): [True: 0, False: 5.85k] ------------------ 52| 0| return; 53| 0| } 54| 5.85k|#endif 55| | 56| 5.85k| buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT); ------------------ | | 38| 5.85k|#define SSH_MSG_KEXDH_INIT 30 ------------------ 57| 5.85k| switch (ses.newkeys->algo_kex->mode) { ------------------ | Branch (57:10): [True: 0, False: 5.85k] ------------------ 58| 0|#if DROPBEAR_NORMAL_DH 59| 1.23k| case DROPBEAR_KEX_NORMAL_DH: ------------------ | Branch (59:3): [True: 1.23k, False: 4.61k] ------------------ 60| 1.23k| if (ses.newkeys->algo_kex != cli_ses.param_kex_algo ------------------ | Branch (60:8): [True: 1.23k, False: 0] ------------------ 61| 1.23k| || !cli_ses.dh_param) { ------------------ | Branch (61:8): [True: 0, False: 0] ------------------ 62| 1.23k| if (cli_ses.dh_param) { ------------------ | Branch (62:9): [True: 0, False: 1.23k] ------------------ 63| 0| free_kexdh_param(cli_ses.dh_param); 64| 0| } 65| 1.23k| cli_ses.dh_param = gen_kexdh_param(); 66| 1.23k| } 67| 1.23k| buf_putmpint(ses.writepayload, &cli_ses.dh_param->pub); 68| 1.23k| break; 69| 0|#endif 70| 0|#if DROPBEAR_ECDH 71| 594| case DROPBEAR_KEX_ECDH: ------------------ | Branch (71:3): [True: 594, False: 5.26k] ------------------ 72| 594| if (ses.newkeys->algo_kex != cli_ses.param_kex_algo ------------------ | Branch (72:8): [True: 594, False: 0] ------------------ 73| 594| || !cli_ses.ecdh_param) { ------------------ | Branch (73:8): [True: 0, False: 0] ------------------ 74| 594| if (cli_ses.ecdh_param) { ------------------ | Branch (74:9): [True: 0, False: 594] ------------------ 75| 0| free_kexecdh_param(cli_ses.ecdh_param); 76| 0| } 77| 594| cli_ses.ecdh_param = gen_kexecdh_param(); 78| 594| } 79| 594| buf_put_ecc_raw_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key); 80| 594| break; 81| 0|#endif 82| 0|#if DROPBEAR_CURVE25519 83| 4.02k| case DROPBEAR_KEX_CURVE25519: ------------------ | Branch (83:3): [True: 4.02k, False: 1.82k] ------------------ 84| 4.02k| if (ses.newkeys->algo_kex != cli_ses.param_kex_algo ------------------ | Branch (84:8): [True: 3.51k, False: 509] ------------------ 85| 4.02k| || !cli_ses.curve25519_param) { ------------------ | Branch (85:8): [True: 0, False: 509] ------------------ 86| 3.51k| if (cli_ses.curve25519_param) { ------------------ | Branch (86:9): [True: 0, False: 3.51k] ------------------ 87| 0| free_kexcurve25519_param(cli_ses.curve25519_param); 88| 0| } 89| 3.51k| cli_ses.curve25519_param = gen_kexcurve25519_param(); 90| 3.51k| } 91| 4.02k| buf_putstring(ses.writepayload, cli_ses.curve25519_param->pub, CURVE25519_LEN); ------------------ | | 106| 4.02k|#define CURVE25519_LEN 32 ------------------ 92| 4.02k| break; 93| 5.85k|#endif 94| 5.85k| } 95| | 96| 5.85k| cli_ses.param_kex_algo = ses.newkeys->algo_kex; 97| 5.85k| encrypt_packet(); 98| 5.85k|} recv_msg_kexdh_reply: 101| 2.09k|void recv_msg_kexdh_reply() { 102| | 103| 2.09k| sign_key *hostkey = NULL; 104| 2.09k| unsigned int keytype, keybloblen; 105| 2.09k| unsigned char* keyblob = NULL; 106| | 107| 2.09k| TRACE(("enter recv_msg_kexdh_reply")) 108| | 109| 2.09k|#if DROPBEAR_FUZZ 110| 2.09k| if (fuzz.fuzzing && fuzz.skip_kexmaths) { ------------------ | Branch (110:6): [True: 2.09k, False: 0] | Branch (110:22): [True: 0, False: 2.09k] ------------------ 111| 0| return; 112| 0| } 113| 2.09k|#endif 114| | 115| 2.09k| if (cli_ses.kex_state != KEXDH_INIT_SENT) { ------------------ | Branch (115:6): [True: 0, False: 2.09k] ------------------ 116| 0| dropbear_exit("Received out-of-order kexdhreply"); 117| 0| } 118| 2.09k| keytype = ses.newkeys->algo_hostkey; 119| 2.09k| TRACE(("keytype is %d", keytype)) 120| | 121| 2.09k| hostkey = new_sign_key(); 122| 2.09k| keybloblen = buf_getint(ses.payload); 123| | 124| 2.09k| keyblob = buf_getptr(ses.payload, keybloblen); 125| 2.09k| if (!ses.kexstate.donefirstkex) { ------------------ | Branch (125:6): [True: 0, False: 2.09k] ------------------ 126| | /* Only makes sense the first time */ 127| 0| checkhostkey(keyblob, keybloblen); 128| 0| } 129| | 130| 2.09k| if (buf_get_pub_key(ses.payload, hostkey, &keytype) != DROPBEAR_SUCCESS) { ------------------ | | 102| 2.09k|#define DROPBEAR_SUCCESS 0 ------------------ | Branch (130:6): [True: 359, False: 1.73k] ------------------ 131| 359| TRACE(("failed getting pubkey")) 132| 359| dropbear_exit("Bad KEX packet"); 133| 359| } 134| | 135| 1.73k| switch (ses.newkeys->algo_kex->mode) { ------------------ | Branch (135:10): [True: 140, False: 1.59k] ------------------ 136| 0|#if DROPBEAR_NORMAL_DH 137| 1.05k| case DROPBEAR_KEX_NORMAL_DH: ------------------ | Branch (137:3): [True: 1.05k, False: 689] ------------------ 138| 1.05k| { 139| 1.05k| DEF_MP_INT(dh_f); ------------------ | | 80| 1.05k|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 140| 1.05k| m_mp_init(&dh_f); 141| 1.05k| if (buf_getmpint(ses.payload, &dh_f) != DROPBEAR_SUCCESS) { ------------------ | | 102| 1.05k|#define DROPBEAR_SUCCESS 0 ------------------ | Branch (141:8): [True: 6, False: 1.04k] ------------------ 142| 6| TRACE(("failed getting mpint")) 143| 6| dropbear_exit("Bad KEX packet"); 144| 6| } 145| | 146| 1.04k| kexdh_comb_key(cli_ses.dh_param, &dh_f, hostkey); 147| 1.04k| mp_clear(&dh_f); 148| 1.04k| } 149| 0| break; 150| 0|#endif 151| 0|#if DROPBEAR_ECDH 152| 159| case DROPBEAR_KEX_ECDH: ------------------ | Branch (152:3): [True: 159, False: 1.58k] ------------------ 153| 159| { 154| 159| buffer *ecdh_qs = buf_getstringbuf(ses.payload); 155| 159| kexecdh_comb_key(cli_ses.ecdh_param, ecdh_qs, hostkey); 156| 159| buf_free(ecdh_qs); 157| 159| } 158| 159| break; 159| 0|#endif 160| 0|#if DROPBEAR_CURVE25519 161| 390| case DROPBEAR_KEX_CURVE25519: ------------------ | Branch (161:3): [True: 390, False: 1.34k] ------------------ 162| 390| { 163| 390| buffer *ecdh_qs = buf_getstringbuf(ses.payload); 164| 390| kexcurve25519_comb_key(cli_ses.curve25519_param, ecdh_qs, hostkey); 165| 390| buf_free(ecdh_qs); 166| 390| } 167| 390| break; 168| 1.73k|#endif 169| 1.73k| } 170| | 171| 1.44k|#if DROPBEAR_NORMAL_DH 172| 1.44k| if (cli_ses.dh_param) { ------------------ | Branch (172:6): [True: 1.03k, False: 414] ------------------ 173| 1.03k| free_kexdh_param(cli_ses.dh_param); 174| 1.03k| cli_ses.dh_param = NULL; 175| 1.03k| } 176| 1.44k|#endif 177| 1.44k|#if DROPBEAR_ECDH 178| 1.44k| if (cli_ses.ecdh_param) { ------------------ | Branch (178:6): [True: 110, False: 1.33k] ------------------ 179| 110| free_kexecdh_param(cli_ses.ecdh_param); 180| 110| cli_ses.ecdh_param = NULL; 181| 110| } 182| 1.44k|#endif 183| 1.44k|#if DROPBEAR_CURVE25519 184| 1.44k| if (cli_ses.curve25519_param) { ------------------ | Branch (184:6): [True: 1.44k, False: 0] ------------------ 185| 1.44k| free_kexcurve25519_param(cli_ses.curve25519_param); 186| 1.44k| cli_ses.curve25519_param = NULL; 187| 1.44k| } 188| 1.44k|#endif 189| | 190| 1.44k| cli_ses.param_kex_algo = NULL; 191| 1.44k| if (buf_verify(ses.payload, hostkey, ses.newkeys->algo_signature, ------------------ | Branch (191:6): [True: 971, False: 475] ------------------ 192| 1.44k| ses.hash) != DROPBEAR_SUCCESS) { ------------------ | | 102| 1.44k|#define DROPBEAR_SUCCESS 0 ------------------ 193| 971| dropbear_exit("Bad hostkey signature"); 194| 971| } 195| | 196| 475| sign_key_free(hostkey); 197| 475| hostkey = NULL; 198| | 199| 475| send_msg_newkeys(); 200| 475| ses.requirenext = SSH_MSG_NEWKEYS; ------------------ | | 37| 475|#define SSH_MSG_NEWKEYS 21 ------------------ 201| 475| TRACE(("leave recv_msg_kexdh_init")) 202| 475|} cli_getopts: 110| 1|void cli_getopts(int argc, char ** argv) { 111| 1| unsigned int i, j; 112| 1| char ** next = NULL; 113| 1| enum { 114| 1| OPT_EXTENDED_OPTIONS, 115| 1|#if DROPBEAR_CLI_PUBKEY_AUTH 116| 1| OPT_AUTHKEY, 117| 1|#endif 118| 1|#if DROPBEAR_CLI_LOCALTCPFWD 119| 1| OPT_LOCALTCPFWD, 120| 1|#endif 121| 1|#if DROPBEAR_CLI_REMOTETCPFWD 122| 1| OPT_REMOTETCPFWD, 123| 1|#endif 124| 1|#if DROPBEAR_CLI_NETCAT 125| 1| OPT_NETCAT, 126| 1|#endif 127| | /* a flag (no arg) if 'next' is NULL, a string-valued option otherwise */ 128| 1| OPT_OTHER 129| 1| } opt; 130| 1| unsigned int cmdlen; 131| | 132| 1| char* recv_window_arg = NULL; 133| 1| char* keepalive_arg = NULL; 134| 1| char* idle_timeout_arg = NULL; 135| 1| char *host_arg = NULL; 136| 1| char *bind_arg = NULL; 137| 1| char c; 138| | 139| | /* see printhelp() for options */ 140| 1| cli_opts.progname = argv[0]; 141| 1| cli_opts.remotehost = NULL; 142| 1| cli_opts.remoteport = NULL; 143| 1| cli_opts.username = NULL; 144| 1| cli_opts.cmd = NULL; 145| 1| cli_opts.no_cmd = 0; 146| 1| cli_opts.quiet = 0; 147| 1| cli_opts.backgrounded = 0; 148| 1| cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */ 149| 1| cli_opts.always_accept_key = 0; 150| 1| cli_opts.no_hostkey_check = 0; 151| 1| cli_opts.is_subsystem = 0; 152| 1|#if DROPBEAR_CLI_PUBKEY_AUTH 153| 1| cli_opts.privkeys = list_new(); 154| 1|#endif 155| 1|#if DROPBEAR_CLI_ANYTCPFWD 156| 1| cli_opts.exit_on_fwd_failure = 0; 157| 1|#endif 158| 1| cli_opts.disable_trivial_auth = 0; 159| 1|#if DROPBEAR_CLI_LOCALTCPFWD 160| 1| cli_opts.localfwds = list_new(); 161| 1| opts.listen_fwd_all = 0; 162| 1|#endif 163| 1|#if DROPBEAR_CLI_REMOTETCPFWD 164| 1| cli_opts.remotefwds = list_new(); 165| 1|#endif 166| 1|#if DROPBEAR_CLI_AGENTFWD 167| 1| cli_opts.agent_fwd = 0; 168| 1| cli_opts.agent_fd = -1; 169| 1| cli_opts.agent_keys_loaded = 0; 170| 1|#endif 171| 1|#if DROPBEAR_CLI_PROXYCMD 172| 1| cli_opts.proxycmd = NULL; 173| 1|#endif 174| 1| cli_opts.bind_address = NULL; 175| 1| cli_opts.bind_port = NULL; 176| |#ifndef DISABLE_ZLIB 177| | opts.compress_mode = DROPBEAR_COMPRESS_ON; 178| |#endif 179| 1|#if DROPBEAR_USER_ALGO_LIST 180| 1| opts.cipher_list = NULL; 181| 1| opts.mac_list = NULL; 182| 1|#endif 183| 1|#ifndef DISABLE_SYSLOG 184| 1| opts.usingsyslog = 0; 185| 1|#endif 186| | /* not yet 187| | opts.ipv4 = 1; 188| | opts.ipv6 = 1; 189| | */ 190| 1| opts.recv_window = DEFAULT_RECV_WINDOW; ------------------ | | 487| 1|#define DEFAULT_RECV_WINDOW 24576 ------------------ 191| 1| opts.keepalive_secs = DEFAULT_KEEPALIVE; ------------------ | | 503| 1|#define DEFAULT_KEEPALIVE 0 ------------------ 192| 1| opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT; ------------------ | | 516| 1|#define DEFAULT_IDLE_TIMEOUT 0 ------------------ 193| | 194| 1| fill_own_user(); 195| | 196| 3| for (i = 1; i < (unsigned int)argc; i++) { ------------------ | Branch (196:14): [True: 3, False: 0] ------------------ 197| | /* Handle non-flag arguments such as hostname or commands for the remote host */ 198| 3| if (argv[i][0] != '-') ------------------ | Branch (198:7): [True: 2, False: 1] ------------------ 199| 2| { 200| 2| if (host_arg == NULL) { ------------------ | Branch (200:8): [True: 1, False: 1] ------------------ 201| 1| host_arg = argv[i]; 202| 1| continue; 203| 1| } 204| | /* Commands to pass to the remote host. No more flag handling, 205| | commands are consumed below */ 206| 1| break; 207| 2| } 208| | 209| | /* Begins with '-' */ 210| 1| opt = OPT_OTHER; 211| 2| for (j = 1; (c = argv[i][j]) != '\0' && !next && opt == OPT_OTHER; j++) { ------------------ | Branch (211:15): [True: 1, False: 1] | Branch (211:43): [True: 1, False: 0] | Branch (211:52): [True: 1, False: 0] ------------------ 212| 1| switch (c) { 213| 1| case 'y': /* always accept the remote hostkey */ ------------------ | Branch (213:5): [True: 1, False: 0] ------------------ 214| 1| if (cli_opts.always_accept_key) { ------------------ | Branch (214:10): [True: 0, False: 1] ------------------ 215| | /* twice means no checking at all */ 216| 0| cli_opts.no_hostkey_check = 1; 217| 0| } 218| 1| cli_opts.always_accept_key = 1; 219| 1| break; 220| 0| case 'q': /* quiet */ ------------------ | Branch (220:5): [True: 0, False: 1] ------------------ 221| 0| cli_opts.quiet = 1; 222| 0| break; 223| 0| case 'p': /* remoteport */ ------------------ | Branch (223:5): [True: 0, False: 1] ------------------ 224| 0| next = (char**)&cli_opts.remoteport; 225| 0| break; 226| 0|#if DROPBEAR_CLI_PUBKEY_AUTH 227| 0| case 'i': /* an identityfile */ ------------------ | Branch (227:5): [True: 0, False: 1] ------------------ 228| 0| opt = OPT_AUTHKEY; 229| 0| break; 230| 0|#endif 231| 0| case 't': /* we want a pty */ ------------------ | Branch (231:5): [True: 0, False: 1] ------------------ 232| 0| cli_opts.wantpty = 1; 233| 0| break; 234| 0| case 'T': /* don't want a pty */ ------------------ | Branch (234:5): [True: 0, False: 1] ------------------ 235| 0| cli_opts.wantpty = 0; 236| 0| break; 237| 0| case 'N': ------------------ | Branch (237:5): [True: 0, False: 1] ------------------ 238| 0| cli_opts.no_cmd = 1; 239| 0| break; 240| 0| case 'f': ------------------ | Branch (240:5): [True: 0, False: 1] ------------------ 241| 0| cli_opts.backgrounded = 1; 242| 0| break; 243| 0| case 's': ------------------ | Branch (243:5): [True: 0, False: 1] ------------------ 244| 0| cli_opts.is_subsystem = 1; 245| 0| break; 246| 0| case 'o': ------------------ | Branch (246:5): [True: 0, False: 1] ------------------ 247| 0| opt = OPT_EXTENDED_OPTIONS; 248| 0| break; 249| 0|#if DROPBEAR_CLI_LOCALTCPFWD 250| 0| case 'L': ------------------ | Branch (250:5): [True: 0, False: 1] ------------------ 251| 0| opt = OPT_LOCALTCPFWD; 252| 0| break; 253| 0| case 'g': ------------------ | Branch (253:5): [True: 0, False: 1] ------------------ 254| 0| opts.listen_fwd_all = 1; 255| 0| break; 256| 0|#endif 257| 0|#if DROPBEAR_CLI_REMOTETCPFWD 258| 0| case 'R': ------------------ | Branch (258:5): [True: 0, False: 1] ------------------ 259| 0| opt = OPT_REMOTETCPFWD; 260| 0| break; 261| 0|#endif 262| 0|#if DROPBEAR_CLI_NETCAT 263| 0| case 'B': ------------------ | Branch (263:5): [True: 0, False: 1] ------------------ 264| 0| opt = OPT_NETCAT; 265| 0| break; 266| 0|#endif 267| 0|#if DROPBEAR_CLI_PROXYCMD 268| 0| case 'J': ------------------ | Branch (268:5): [True: 0, False: 1] ------------------ 269| 0| next = &cli_opts.proxycmd; 270| 0| break; 271| 0|#endif 272| 0| case 'l': ------------------ | Branch (272:5): [True: 0, False: 1] ------------------ 273| 0| next = &cli_opts.username; 274| 0| break; 275| 0| case 'h': ------------------ | Branch (275:5): [True: 0, False: 1] ------------------ 276| 0| printhelp(); 277| 0| exit(EXIT_SUCCESS); 278| 0| break; 279| 0| case 'u': ------------------ | Branch (279:5): [True: 0, False: 1] ------------------ 280| | /* backwards compatibility with old urandom option */ 281| 0| break; 282| 0| case 'W': ------------------ | Branch (282:5): [True: 0, False: 1] ------------------ 283| 0| next = &recv_window_arg; 284| 0| break; 285| 0| case 'K': ------------------ | Branch (285:5): [True: 0, False: 1] ------------------ 286| 0| next = &keepalive_arg; 287| 0| break; 288| 0| case 'I': ------------------ | Branch (288:5): [True: 0, False: 1] ------------------ 289| 0| next = &idle_timeout_arg; 290| 0| break; 291| 0|#if DROPBEAR_CLI_AGENTFWD 292| 0| case 'A': ------------------ | Branch (292:5): [True: 0, False: 1] ------------------ 293| 0| cli_opts.agent_fwd = 1; 294| 0| break; 295| 0|#endif 296| 0|#if DROPBEAR_USER_ALGO_LIST 297| 0| case 'c': ------------------ | Branch (297:5): [True: 0, False: 1] ------------------ 298| 0| next = &opts.cipher_list; 299| 0| break; 300| 0| case 'm': ------------------ | Branch (300:5): [True: 0, False: 1] ------------------ 301| 0| next = &opts.mac_list; 302| 0| break; 303| 0|#endif 304| |#if DEBUG_TRACE 305| | case 'v': 306| | debug_trace++; 307| | break; 308| |#endif 309| 0| case 'F': ------------------ | Branch (309:5): [True: 0, False: 1] ------------------ 310| 0| case 'e': ------------------ | Branch (310:5): [True: 0, False: 1] ------------------ 311| |#if !DROPBEAR_USER_ALGO_LIST 312| | case 'c': 313| | case 'm': 314| |#endif 315| 0| case 'D': ------------------ | Branch (315:5): [True: 0, False: 1] ------------------ 316| |#if !DROPBEAR_CLI_REMOTETCPFWD 317| | case 'R': 318| |#endif 319| |#if !DROPBEAR_CLI_LOCALTCPFWD 320| | case 'L': 321| |#endif 322| 0| case 'V': ------------------ | Branch (322:5): [True: 0, False: 1] ------------------ 323| 0| print_version(); 324| 0| exit(EXIT_SUCCESS); 325| 0| break; 326| 0| case 'b': ------------------ | Branch (326:5): [True: 0, False: 1] ------------------ 327| 0| next = &bind_arg; 328| 0| break; 329| 0| case 'z': ------------------ | Branch (329:5): [True: 0, False: 1] ------------------ 330| 0| opts.disable_ip_tos = 1; 331| 0| break; 332| 0| default: ------------------ | Branch (332:5): [True: 0, False: 1] ------------------ 333| 0| fprintf(stderr, ------------------ | | 100| 0|#define stderr (fuzz.fake_stderr) ------------------ 334| 0| "WARNING: Ignoring unknown option -%c\n", c); 335| 0| break; 336| 1| } /* Switch */ 337| 1| } 338| | 339| 1| if (!next && opt == OPT_OTHER) /* got a flag */ ------------------ | Branch (339:7): [True: 1, False: 0] | Branch (339:16): [True: 1, False: 0] ------------------ 340| 1| continue; 341| | 342| 0| if (c == '\0') { ------------------ | Branch (342:7): [True: 0, False: 0] ------------------ 343| 0| i++; 344| 0| j = 0; 345| 0| if (!argv[i]) ------------------ | Branch (345:8): [True: 0, False: 0] ------------------ 346| 0| dropbear_exit("Missing argument"); 347| 0| } 348| | 349| 0| if (opt == OPT_EXTENDED_OPTIONS) { ------------------ | Branch (349:7): [True: 0, False: 0] ------------------ 350| 0| TRACE(("opt extended")) 351| 0| add_extendedopt(&argv[i][j]); 352| 0| } 353| 0| else 354| 0|#if DROPBEAR_CLI_PUBKEY_AUTH 355| 0| if (opt == OPT_AUTHKEY) { ------------------ | Branch (355:7): [True: 0, False: 0] ------------------ 356| 0| TRACE(("opt authkey")) 357| 0| loadidentityfile(&argv[i][j], 1); 358| 0| } 359| 0| else 360| 0|#endif 361| 0|#if DROPBEAR_CLI_REMOTETCPFWD 362| 0| if (opt == OPT_REMOTETCPFWD) { ------------------ | Branch (362:7): [True: 0, False: 0] ------------------ 363| 0| TRACE(("opt remotetcpfwd")) 364| 0| addforward(&argv[i][j], cli_opts.remotefwds); 365| 0| } 366| 0| else 367| 0|#endif 368| 0|#if DROPBEAR_CLI_LOCALTCPFWD 369| 0| if (opt == OPT_LOCALTCPFWD) { ------------------ | Branch (369:7): [True: 0, False: 0] ------------------ 370| 0| TRACE(("opt localtcpfwd")) 371| 0| addforward(&argv[i][j], cli_opts.localfwds); 372| 0| } 373| 0| else 374| 0|#endif 375| 0|#if DROPBEAR_CLI_NETCAT 376| 0| if (opt == OPT_NETCAT) { ------------------ | Branch (376:7): [True: 0, False: 0] ------------------ 377| 0| TRACE(("opt netcat")) 378| 0| add_netcat(&argv[i][j]); 379| 0| } 380| 0| else 381| 0|#endif 382| 0| if (next) { ------------------ | Branch (382:7): [True: 0, False: 0] ------------------ 383| | /* The previous flag set a value to assign */ 384| 0| *next = &argv[i][j]; 385| 0| if (*next == NULL) ------------------ | Branch (385:8): [True: 0, False: 0] ------------------ 386| 0| dropbear_exit("Invalid null argument"); 387| 0| next = NULL; 388| 0| } 389| 0| } 390| | 391| 1|#if DROPBEAR_USER_ALGO_LIST 392| | /* -c help doesn't need a hostname */ 393| 1| parse_ciphers_macs(); 394| 1|#endif 395| | 396| | /* Done with options/flags; now handle the hostname (which may not 397| | * start with a hyphen) and optional command */ 398| | 399| 1| if (host_arg == NULL) { /* missing hostname */ ------------------ | Branch (399:6): [True: 0, False: 1] ------------------ 400| 0| printhelp(); 401| 0| exit(EXIT_FAILURE); 402| 0| } 403| 1| TRACE(("host is: %s", host_arg)) 404| | 405| 1| if (i < (unsigned int)argc) { ------------------ | Branch (405:6): [True: 1, False: 0] ------------------ 406| | /* Build the command to send */ 407| 1| cmdlen = 0; 408| 2| for (j = i; j < (unsigned int)argc; j++) ------------------ | Branch (408:15): [True: 1, False: 1] ------------------ 409| 1| cmdlen += strlen(argv[j]) + 1; /* +1 for spaces */ 410| | 411| | /* Allocate the space */ 412| 1| cli_opts.cmd = (char*)m_malloc(cmdlen); 413| 1| cli_opts.cmd[0] = '\0'; 414| | 415| | /* Append all the bits */ 416| 2| for (j = i; j < (unsigned int)argc; j++) { ------------------ | Branch (416:15): [True: 1, False: 1] ------------------ 417| 1| strlcat(cli_opts.cmd, argv[j], cmdlen); 418| 1| strlcat(cli_opts.cmd, " ", cmdlen); 419| 1| } 420| | /* It'll be null-terminated here */ 421| 1| TRACE(("cmd is: %s", cli_opts.cmd)) 422| 1| } 423| | 424| | /* And now a few sanity checks and setup */ 425| | 426| 1|#if DROPBEAR_CLI_PROXYCMD 427| 1| if (cli_opts.proxycmd) { ------------------ | Branch (427:6): [True: 0, False: 1] ------------------ 428| | /* To match the common path of m_freeing it */ 429| 0| cli_opts.proxycmd = m_strdup(cli_opts.proxycmd); 430| 0| } 431| 1|#endif 432| | 433| 1| if (cli_opts.remoteport == NULL) { ------------------ | Branch (433:6): [True: 1, False: 0] ------------------ 434| 1| cli_opts.remoteport = "22"; 435| 1| } 436| | 437| 1| if (bind_arg) { ------------------ | Branch (437:6): [True: 0, False: 1] ------------------ 438| 0| if (split_address_port(bind_arg, ------------------ | Branch (438:7): [True: 0, False: 0] ------------------ 439| 0| &cli_opts.bind_address, &cli_opts.bind_port) 440| 0| == DROPBEAR_FAILURE) { ------------------ | | 103| 0|#define DROPBEAR_FAILURE -1 ------------------ 441| 0| dropbear_exit("Bad -b argument"); 442| 0| } 443| 0| } 444| | 445| | /* If not explicitly specified with -t or -T, we don't want a pty if 446| | * there's a command, but we do otherwise */ 447| 1| if (cli_opts.wantpty == 9) { ------------------ | Branch (447:6): [True: 1, False: 0] ------------------ 448| 1| if (cli_opts.cmd == NULL) { ------------------ | Branch (448:7): [True: 0, False: 1] ------------------ 449| 0| cli_opts.wantpty = 1; 450| 1| } else { 451| 1| cli_opts.wantpty = 0; 452| 1| } 453| 1| } 454| | 455| 1| if (cli_opts.backgrounded && cli_opts.cmd == NULL ------------------ | Branch (455:6): [True: 0, False: 1] | Branch (455:31): [True: 0, False: 0] ------------------ 456| 1| && cli_opts.no_cmd == 0) { ------------------ | Branch (456:7): [True: 0, False: 0] ------------------ 457| 0| dropbear_exit("Command required for -f"); 458| 0| } 459| | 460| 1| if (recv_window_arg) { ------------------ | Branch (460:6): [True: 0, False: 1] ------------------ 461| 0| parse_recv_window(recv_window_arg); 462| 0| } 463| 1| if (keepalive_arg) { ------------------ | Branch (463:6): [True: 0, False: 1] ------------------ 464| 0| unsigned int val; 465| 0| if (m_str_to_uint(keepalive_arg, &val) == DROPBEAR_FAILURE) { ------------------ | | 103| 0|#define DROPBEAR_FAILURE -1 ------------------ | Branch (465:7): [True: 0, False: 0] ------------------ 466| 0| dropbear_exit("Bad keepalive '%s'", keepalive_arg); 467| 0| } 468| 0| opts.keepalive_secs = val; 469| 0| } 470| | 471| 1| if (idle_timeout_arg) { ------------------ | Branch (471:6): [True: 0, False: 1] ------------------ 472| 0| unsigned int val; 473| 0| if (m_str_to_uint(idle_timeout_arg, &val) == DROPBEAR_FAILURE) { ------------------ | | 103| 0|#define DROPBEAR_FAILURE -1 ------------------ | Branch (473:7): [True: 0, False: 0] ------------------ 474| 0| dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg); 475| 0| } 476| 0| opts.idle_timeout_secs = val; 477| 0| } 478| | 479| 1|#if DROPBEAR_CLI_NETCAT 480| 1| if (cli_opts.cmd && cli_opts.netcat_host) { ------------------ | Branch (480:6): [True: 1, False: 0] | Branch (480:22): [True: 0, False: 1] ------------------ 481| 0| dropbear_log(LOG_INFO, "Ignoring command '%s' in netcat mode", cli_opts.cmd); 482| 0| } 483| 1|#endif 484| | 485| | /* The hostname gets set up last, since 486| | * in multi-hop mode it will require knowledge 487| | * of other flags such as -i */ 488| 1|#if DROPBEAR_CLI_MULTIHOP 489| 1| parse_multihop_hostname(host_arg, argv[0]); 490| |#else 491| | parse_hostname(host_arg); 492| |#endif 493| | 494| | /* We don't want to include default id_dropbear as a 495| | -i argument for multihop, so handle it later. */ 496| 1|#if (DROPBEAR_CLI_PUBKEY_AUTH) 497| 1| { 498| 1| char *expand_path = expand_homedir_path(DROPBEAR_DEFAULT_CLI_AUTHKEY); ------------------ | | 379| 1|#define DROPBEAR_DEFAULT_CLI_AUTHKEY "~/.ssh/id_dropbear" ------------------ 499| 1| loadidentityfile(expand_path, 0); 500| 1| m_free(expand_path); ------------------ | | 24| 1|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 501| 1| } 502| 1|#endif 503| | 504| 1|} cli-runopts.c:loadidentityfile: 507| 1|static void loadidentityfile(const char* filename, int warnfail) { 508| 1| sign_key *key; 509| 1| enum signkey_type keytype; 510| | 511| 1| TRACE(("loadidentityfile %s", filename)) 512| | 513| 1| key = new_sign_key(); 514| 1| keytype = DROPBEAR_SIGNKEY_ANY; 515| 1| if ( readhostkey(filename, key, &keytype) != DROPBEAR_SUCCESS ) { ------------------ | | 102| 1|#define DROPBEAR_SUCCESS 0 ------------------ | Branch (515:7): [True: 1, False: 0] ------------------ 516| 1| if (warnfail) { ------------------ | Branch (516:7): [True: 0, False: 1] ------------------ 517| 0| dropbear_log(LOG_WARNING, "Failed loading keyfile '%s'\n", filename); 518| 0| } 519| 1| sign_key_free(key); 520| 1| } else { 521| 0| key->type = keytype; 522| 0| key->source = SIGNKEY_SOURCE_RAW_FILE; 523| 0| key->filename = m_strdup(filename); 524| 0| list_append(cli_opts.privkeys, key); 525| 0| } 526| 1|} cli-runopts.c:parse_multihop_hostname: 598| 1|static void parse_multihop_hostname(const char* orighostarg, const char* argv0) { 599| 1| char *userhostarg = NULL; 600| 1| char *hostbuf = NULL; 601| 1| char *last_hop = NULL; 602| 1| char *remainder = NULL; 603| | 604| | /* both scp and rsync parse a user@host argument 605| | * and turn it into "-l user host". This breaks 606| | * for our multihop syntax, so we suture it back together. 607| | * This will break usernames that have both '@' and ',' in them, 608| | * though that should be fairly uncommon. */ 609| 1| if (cli_opts.username ------------------ | Branch (609:6): [True: 0, False: 1] ------------------ 610| 1| && strchr(cli_opts.username, ',') ------------------ | Branch (610:7): [True: 0, False: 0] ------------------ 611| 1| && strchr(cli_opts.username, '@')) { ------------------ | Branch (611:7): [True: 0, False: 0] ------------------ 612| 0| unsigned int len = strlen(orighostarg) + strlen(cli_opts.username) + 2; 613| 0| hostbuf = m_malloc(len); 614| 0| m_snprintf(hostbuf, len, "%s@%s", cli_opts.username, orighostarg); 615| 1| } else { 616| 1| hostbuf = m_strdup(orighostarg); 617| 1| } 618| 1| userhostarg = hostbuf; 619| | 620| 1| last_hop = strrchr(userhostarg, ','); 621| 1| if (last_hop) { ------------------ | Branch (621:6): [True: 0, False: 1] ------------------ 622| 0| if (last_hop == userhostarg) { ------------------ | Branch (622:7): [True: 0, False: 0] ------------------ 623| 0| dropbear_exit("Bad multi-hop hostnames"); 624| 0| } 625| 0| *last_hop = '\0'; 626| 0| last_hop++; 627| 0| remainder = userhostarg; 628| 0| userhostarg = last_hop; 629| 0| } 630| | 631| 1| parse_hostname(userhostarg); 632| | 633| 1| if (last_hop) { ------------------ | Branch (633:6): [True: 0, False: 1] ------------------ 634| | /* Set up the proxycmd */ 635| 0| unsigned int cmd_len = 0; 636| 0| char *passthrough_args = multihop_passthrough_args(); 637| 0| if (cli_opts.remoteport == NULL) { ------------------ | Branch (637:7): [True: 0, False: 0] ------------------ 638| 0| cli_opts.remoteport = "22"; 639| 0| } 640| 0| cmd_len = strlen(argv0) + strlen(remainder) 641| 0| + strlen(cli_opts.remotehost) + strlen(cli_opts.remoteport) 642| 0| + strlen(passthrough_args) 643| 0| + 30; 644| | /* replace proxycmd. old -J arguments have been copied 645| | to passthrough_args */ 646| 0| cli_opts.proxycmd = m_realloc(cli_opts.proxycmd, cmd_len); 647| 0| m_snprintf(cli_opts.proxycmd, cmd_len, "%s -B %s:%s %s %s", 648| 0| argv0, cli_opts.remotehost, cli_opts.remoteport, 649| 0| passthrough_args, remainder); 650| |#ifndef DISABLE_ZLIB 651| | /* The stream will be incompressible since it's encrypted. */ 652| | opts.compress_mode = DROPBEAR_COMPRESS_OFF; 653| |#endif 654| 0| m_free(passthrough_args); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 655| 0| } 656| 1| m_free(hostbuf); ------------------ | | 24| 1|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 657| 1|} cli-runopts.c:parse_hostname: 661| 1|static void parse_hostname(const char* orighostarg) { 662| 1| char *userhostarg = NULL; 663| 1| char *port = NULL; 664| | 665| 1| userhostarg = m_strdup(orighostarg); 666| | 667| 1| cli_opts.remotehost = strchr(userhostarg, '@'); 668| 1| if (cli_opts.remotehost == NULL) { ------------------ | Branch (668:6): [True: 1, False: 0] ------------------ 669| | /* no username portion, the cli-auth.c code can figure the 670| | * local user's name */ 671| 1| cli_opts.remotehost = userhostarg; 672| 1| } else { 673| 0| cli_opts.remotehost[0] = '\0'; /* Split the user/host */ 674| 0| cli_opts.remotehost++; 675| 0| cli_opts.username = userhostarg; 676| 0| } 677| | 678| 1| if (cli_opts.username == NULL) { ------------------ | Branch (678:6): [True: 1, False: 0] ------------------ 679| 1| cli_opts.username = m_strdup(cli_opts.own_user); 680| 1| } 681| | 682| 1| port = strchr(cli_opts.remotehost, '^'); 683| 1| if (!port) { ------------------ | Branch (683:6): [True: 1, False: 0] ------------------ 684| | /* legacy separator */ 685| 1| port = strchr(cli_opts.remotehost, '/'); 686| 1| } 687| 1| if (port) { ------------------ | Branch (687:6): [True: 0, False: 1] ------------------ 688| 0| *port = '\0'; 689| 0| cli_opts.remoteport = port+1; 690| 0| } 691| | 692| 1| if (cli_opts.remotehost[0] == '\0') { ------------------ | Branch (692:6): [True: 0, False: 1] ------------------ 693| 0| dropbear_exit("Bad hostname"); 694| 0| } 695| 1|} cli-runopts.c:fill_own_user: 734| 1|static void fill_own_user() { 735| 1| uid_t uid; 736| 1| struct passwd *pw = NULL; 737| | 738| 1| uid = getuid(); 739| | 740| 1| pw = getpwuid(uid); ------------------ | | 109| 1|#define getpwuid(x) fuzz_getpwuid(x) ------------------ 741| 1| if (pw && pw->pw_name != NULL) { ------------------ | Branch (741:6): [True: 1, False: 0] | Branch (741:12): [True: 1, False: 0] ------------------ 742| 1| cli_opts.own_user = m_strdup(pw->pw_name); 743| 1| } else { 744| 0| dropbear_log(LOG_INFO, "Warning: failed to identify current user. Trying anyway."); 745| 0| cli_opts.own_user = m_strdup("unknown"); 746| 0| } 747| | 748| 1|} cli_session: 111| 3.51k|void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress, pid_t proxy_cmd_pid) { 112| | 113| 3.51k| common_session_init(sock_in, sock_out); 114| | 115| 3.51k| if (progress) { ------------------ | Branch (115:6): [True: 0, False: 3.51k] ------------------ 116| 0| connect_set_writequeue(progress, &ses.writequeue); 117| 0| } 118| | 119| 3.51k| chaninitialise(cli_chantypes); 120| | 121| | /* Set up cli_ses vars */ 122| 3.51k| cli_session_init(proxy_cmd_pid); 123| | 124| | /* Ready to go */ 125| 3.51k| ses.init_done = 1; 126| | 127| | /* Exchange identification */ 128| 3.51k| send_session_identification(); 129| | 130| 3.51k| kexfirstinitialise(); /* initialise the kex state */ 131| | 132| 3.51k| send_msg_kexinit(); 133| | 134| 3.51k| session_loop(cli_sessionloop); 135| | 136| | /* Not reached */ 137| | 138| 3.51k|} kill_proxy_command: 336| 3.51k|void kill_proxy_command(void) { 337| | /* 338| | * Send SIGHUP to proxy command if used. We don't wait() in 339| | * case it hangs and instead rely on init to reap the child 340| | */ 341| 3.51k| if (cli_ses.proxy_cmd_pid > 1) { ------------------ | Branch (341:6): [True: 0, False: 3.51k] ------------------ 342| 0| TRACE(("killing proxy command with PID='%d'", cli_ses.proxy_cmd_pid)); 343| 0| kill(cli_ses.proxy_cmd_pid, SIGHUP); ------------------ | | 57| 0|#define kill(pid, sig) fuzz_kill(pid, sig) ------------------ 344| 0| } 345| 3.51k|} cli_dropbear_exit: 431| 3.51k|void cli_dropbear_exit(int exitcode, const char* format, va_list param) { 432| 3.51k| char exitmsg[150]; 433| 3.51k| char fullmsg[300]; 434| | 435| | /* Note that exit message must be rendered before session cleanup */ 436| | 437| | /* Render the formatted exit message */ 438| 3.51k| vsnprintf(exitmsg, sizeof(exitmsg), format, param); 439| 3.51k| TRACE(("Exited, cleaning up: %s", exitmsg)) 440| | 441| | /* Add the prefix depending on session/auth state */ 442| 3.51k| if (!ses.init_done) { ------------------ | Branch (442:6): [True: 0, False: 3.51k] ------------------ 443| 0| snprintf(fullmsg, sizeof(fullmsg), "Exited: %s", exitmsg); 444| 3.51k| } else { 445| 3.51k| snprintf(fullmsg, sizeof(fullmsg), 446| 3.51k| "Connection to %s@%s:%s exited: %s", 447| 3.51k| cli_opts.username, cli_opts.remotehost, 448| 3.51k| cli_opts.remoteport, exitmsg); 449| 3.51k| } 450| | 451| | /* Do the cleanup first, since then the terminal will be reset */ 452| 3.51k| session_cleanup(); 453| | 454| 3.51k|#if DROPBEAR_FUZZ 455| 3.51k| if (fuzz.do_jmp) { ------------------ | Branch (455:9): [True: 3.51k, False: 0] ------------------ 456| 3.51k| longjmp(fuzz.jmp, 1); 457| 3.51k| } 458| 0|#endif 459| | 460| | /* Avoid printing onwards from terminal cruft */ 461| 0| fprintf(stderr, "\n"); ------------------ | | 100| 0|#define stderr (fuzz.fake_stderr) ------------------ 462| | 463| 0| dropbear_log(LOG_INFO, "%s", fullmsg); 464| | 465| 0| exit(exitcode); 466| 3.51k|} cli_dropbear_log: 468| 84|void cli_dropbear_log(int priority, const char* format, va_list param) { 469| | 470| 84| char printbuf[1024]; 471| 84| const char *name; 472| | 473| 84| name = cli_opts.progname; 474| 84| if (!name) { ------------------ | Branch (474:6): [True: 0, False: 84] ------------------ 475| 0| name = "dbclient"; 476| 0| } 477| | 478| 84| vsnprintf(printbuf, sizeof(printbuf), format, param); 479| | 480| 84|#ifndef DISABLE_SYSLOG 481| 84| if (opts.usingsyslog) { ------------------ | Branch (481:6): [True: 0, False: 84] ------------------ 482| 0| syslog(priority, "%s", printbuf); 483| 0| } 484| 84|#endif 485| | 486| 84| fprintf(stderr, "%s: %s\n", name, printbuf); ------------------ | | 100| 84|#define stderr (fuzz.fake_stderr) ------------------ 487| 84| fflush(stderr); ------------------ | | 100| 84|#define stderr (fuzz.fake_stderr) ------------------ 488| 84|} cli-session.c:cli_session_init: 146| 3.51k|static void cli_session_init(pid_t proxy_cmd_pid) { 147| | 148| 3.51k| cli_ses.state = STATE_NOTHING; 149| 3.51k| cli_ses.kex_state = KEX_NOTHING; 150| | 151| 3.51k| cli_ses.tty_raw_mode = 0; 152| 3.51k| cli_ses.winchange = 0; 153| | 154| | /* We store std{in,out,err}'s flags, so we can set them back on exit 155| | * (otherwise busybox's ash isn't happy */ 156| 3.51k| cli_ses.stdincopy = dup(STDIN_FILENO); 157| 3.51k| cli_ses.stdinflags = fcntl(STDIN_FILENO, F_GETFL, 0); 158| 3.51k| cli_ses.stdoutcopy = dup(STDOUT_FILENO); 159| 3.51k| cli_ses.stdoutflags = fcntl(STDOUT_FILENO, F_GETFL, 0); 160| 3.51k| cli_ses.stderrcopy = dup(STDERR_FILENO); 161| 3.51k| cli_ses.stderrflags = fcntl(STDERR_FILENO, F_GETFL, 0); 162| | 163| 3.51k| cli_ses.retval = EXIT_SUCCESS; /* Assume it's clean if we don't get a 164| | specific exit status */ 165| 3.51k| cli_ses.proxy_cmd_pid = proxy_cmd_pid; 166| 3.51k| TRACE(("proxy command PID='%d'", proxy_cmd_pid)); 167| | 168| | /* Auth */ 169| 3.51k| cli_ses.lastprivkey = NULL; 170| 3.51k| cli_ses.lastauthtype = 0; 171| 3.51k| cli_ses.is_trivial_auth = 1; 172| | 173| | /* For printing "remote host closed" for the user */ 174| 3.51k| ses.remoteclosed = cli_remoteclosed; 175| | 176| 3.51k| ses.extra_session_cleanup = cli_session_cleanup; 177| | 178| | /* packet handlers */ 179| 3.51k| ses.packettypes = cli_packettypes; 180| | 181| 3.51k| ses.isserver = 0; 182| | 183| 3.51k|#if DROPBEAR_KEX_FIRST_FOLLOWS 184| 3.51k| ses.send_kex_first_guess = cli_send_kex_first_guess; 185| 3.51k|#endif 186| | 187| 3.51k|} cli-session.c:cli_remoteclosed: 384| 822|static void cli_remoteclosed() { 385| | 386| | /* XXX TODO perhaps print a friendlier message if we get this but have 387| | * already sent/received disconnect message(s) ??? */ 388| 822| m_close(ses.sock_in); 389| 822| m_close(ses.sock_out); 390| 822| ses.sock_in = -1; 391| 822| ses.sock_out = -1; 392| 822| dropbear_exit("Remote closed the connection"); 393| 822|} cli-session.c:cli_session_cleanup: 347| 3.51k|static void cli_session_cleanup(void) { 348| | 349| 3.51k| if (!ses.init_done) { ------------------ | Branch (349:6): [True: 0, False: 3.51k] ------------------ 350| 0| return; 351| 0| } 352| | 353| 3.51k| kill_proxy_command(); 354| | 355| | /* Set std{in,out,err} back to non-blocking - busybox ash dies nastily if 356| | * we don't revert the flags */ 357| | /* Ignore return value since there's nothing we can do */ 358| 3.51k| (void)fcntl(cli_ses.stdincopy, F_SETFL, cli_ses.stdinflags); 359| 3.51k| (void)fcntl(cli_ses.stdoutcopy, F_SETFL, cli_ses.stdoutflags); 360| 3.51k| (void)fcntl(cli_ses.stderrcopy, F_SETFL, cli_ses.stderrflags); 361| | 362| | /* Don't leak */ 363| 3.51k| m_close(cli_ses.stdincopy); 364| 3.51k| m_close(cli_ses.stdoutcopy); 365| 3.51k| m_close(cli_ses.stderrcopy); 366| | 367| 3.51k| cli_tty_cleanup(); 368| 3.51k| if (cli_ses.server_sig_algs) { ------------------ | Branch (368:6): [True: 0, False: 3.51k] ------------------ 369| 0| buf_free(cli_ses.server_sig_algs); 370| 0| } 371| 3.51k|} cli-session.c:cli_send_kex_first_guess: 141| 3.51k|static void cli_send_kex_first_guess() { 142| 3.51k| send_msg_kexdh_init(); 143| 3.51k|} cli-session.c:cli_sessionloop: 208| 103k|static void cli_sessionloop() { 209| | 210| 103k| TRACE2(("enter cli_sessionloop")) 211| | 212| 103k| if (ses.lastpacket == 0) { ------------------ | Branch (212:6): [True: 30.7k, False: 72.9k] ------------------ 213| 30.7k| TRACE2(("exit cli_sessionloop: no real packets yet")) 214| 30.7k| return; 215| 30.7k| } 216| | 217| 72.9k| if (ses.lastpacket == SSH_MSG_KEXINIT && cli_ses.kex_state == KEX_NOTHING) { ------------------ | | 36| 145k|#define SSH_MSG_KEXINIT 20 ------------------ | Branch (217:6): [True: 16.2k, False: 56.6k] | Branch (217:43): [True: 2.46k, False: 13.8k] ------------------ 218| | /* We initiate the KEXDH. If DH wasn't the correct type, the KEXINIT 219| | * negotiation would have failed. */ 220| 2.46k| if (!ses.kexstate.our_first_follows_matches) { ------------------ | Branch (220:7): [True: 2.33k, False: 123] ------------------ 221| 2.33k| send_msg_kexdh_init(); 222| 2.33k| } 223| 2.46k| cli_ses.kex_state = KEXDH_INIT_SENT; 224| 2.46k| TRACE(("leave cli_sessionloop: done with KEXINIT_RCVD")) 225| 2.46k| return; 226| 2.46k| } 227| | 228| | /* A KEX has finished, so we should go back to our KEX_NOTHING state */ 229| 70.4k| if (cli_ses.kex_state != KEX_NOTHING && ses.kexstate.sentnewkeys) { ------------------ | Branch (229:6): [True: 16.3k, False: 54.1k] | Branch (229:42): [True: 0, False: 16.3k] ------------------ 230| 0| cli_ses.kex_state = KEX_NOTHING; 231| 0| } 232| | 233| | /* We shouldn't do anything else if a KEX is in progress */ 234| 70.4k| if (cli_ses.kex_state != KEX_NOTHING) { ------------------ | Branch (234:6): [True: 16.3k, False: 54.1k] ------------------ 235| 16.3k| TRACE(("leave cli_sessionloop: kex_state != KEX_NOTHING")) 236| 16.3k| return; 237| 16.3k| } 238| | 239| 54.1k| if (ses.kexstate.donefirstkex == 0) { ------------------ | Branch (239:6): [True: 0, False: 54.1k] ------------------ 240| | /* We might reach here if we have partial packet reads or have 241| | * received SSG_MSG_IGNORE etc. Just skip it */ 242| 0| TRACE2(("donefirstkex false\n")) 243| 0| return; 244| 0| } 245| | 246| 54.1k| switch (cli_ses.state) { 247| | 248| 269| case STATE_NOTHING: ------------------ | Branch (248:3): [True: 269, False: 53.8k] ------------------ 249| | /* We've got the transport layer sorted, we now need to request 250| | * userauth */ 251| 269| send_msg_service_request(SSH_SERVICE_USERAUTH); ------------------ | | 104| 269|#define SSH_SERVICE_USERAUTH "ssh-userauth" ------------------ 252| | /* We aren't using any "implicit server authentication" methods, 253| | so don't need to wait for a response for SSH_SERVICE_USERAUTH 254| | before sending the auth messages (rfc4253 10) */ 255| 269| cli_auth_getmethods(); 256| 269| cli_ses.state = USERAUTH_REQ_SENT; 257| 269| TRACE(("leave cli_sessionloop: sent userauth methods req")) 258| 269| return; 259| | 260| 53.8k| case USERAUTH_REQ_SENT: ------------------ | Branch (260:3): [True: 53.8k, False: 269] ------------------ 261| 53.8k| TRACE(("leave cli_sessionloop: waiting, req_sent")) 262| 53.8k| return; 263| | 264| 0| case USERAUTH_FAIL_RCVD: ------------------ | Branch (264:3): [True: 0, False: 54.1k] ------------------ 265| 0| if (cli_auth_try() == DROPBEAR_FAILURE) { ------------------ | | 103| 0|#define DROPBEAR_FAILURE -1 ------------------ | Branch (265:8): [True: 0, False: 0] ------------------ 266| 0| dropbear_exit("No auth methods could be used."); 267| 0| } 268| 0| cli_ses.state = USERAUTH_REQ_SENT; 269| 0| TRACE(("leave cli_sessionloop: cli_auth_try")) 270| 0| return; 271| | 272| 0| case USERAUTH_SUCCESS_RCVD: ------------------ | Branch (272:3): [True: 0, False: 54.1k] ------------------ 273| 0|#ifndef DISABLE_SYSLOG 274| 0| if (opts.usingsyslog) { ------------------ | Branch (274:8): [True: 0, False: 0] ------------------ 275| 0| dropbear_log(LOG_INFO, "Authentication succeeded."); 276| 0| } 277| 0|#endif 278| | 279| 0| if (cli_opts.backgrounded) { ------------------ | Branch (279:8): [True: 0, False: 0] ------------------ 280| 0| int devnull; 281| | /* keeping stdin open steals input from the terminal and 282| | is confusing, though stdout/stderr could be useful. */ 283| 0| devnull = open(DROPBEAR_PATH_DEVNULL, O_RDONLY); ------------------ | | 53| 0|#define DROPBEAR_PATH_DEVNULL "/dev/null" ------------------ 284| 0| if (devnull < 0) { ------------------ | Branch (284:9): [True: 0, False: 0] ------------------ 285| 0| dropbear_exit("Opening /dev/null: %d %s", 286| 0| errno, strerror(errno)); 287| 0| } 288| 0| dup2(devnull, STDIN_FILENO); 289| 0| if (daemon(0, 1) < 0) { ------------------ | Branch (289:9): [True: 0, False: 0] ------------------ 290| 0| dropbear_exit("Backgrounding failed: %d %s", 291| 0| errno, strerror(errno)); 292| 0| } 293| 0| } 294| | 295| 0|#if DROPBEAR_CLI_NETCAT 296| 0| if (cli_opts.netcat_host) { ------------------ | Branch (296:8): [True: 0, False: 0] ------------------ 297| 0| cli_send_netcat_request(); 298| 0| } else 299| 0|#endif 300| 0| if (!cli_opts.no_cmd) { ------------------ | Branch (300:8): [True: 0, False: 0] ------------------ 301| 0| cli_send_chansess_request(); 302| 0| } 303| | 304| 0|#if DROPBEAR_CLI_LOCALTCPFWD 305| 0| setup_localtcp(); 306| 0|#endif 307| 0|#if DROPBEAR_CLI_REMOTETCPFWD 308| 0| setup_remotetcp(); 309| 0|#endif 310| | 311| 0| TRACE(("leave cli_sessionloop: running")) 312| 0| cli_ses.state = SESSION_RUNNING; 313| 0| return; 314| | 315| 0| case SESSION_RUNNING: ------------------ | Branch (315:3): [True: 0, False: 54.1k] ------------------ 316| 0| if (ses.chancount < 1 && !cli_opts.no_cmd) { ------------------ | Branch (316:8): [True: 0, False: 0] | Branch (316:29): [True: 0, False: 0] ------------------ 317| 0| cli_finished(); 318| 0| } 319| | 320| 0| if (cli_ses.winchange) { ------------------ | Branch (320:8): [True: 0, False: 0] ------------------ 321| 0| cli_chansess_winchange(); 322| 0| } 323| 0| return; 324| | 325| | /* XXX more here needed */ 326| | 327| | 328| 0| default: ------------------ | Branch (328:2): [True: 0, False: 54.1k] ------------------ 329| 0| break; 330| 54.1k| } 331| | 332| 54.1k| TRACE2(("leave cli_sessionloop: fell out")) 333| | 334| 54.1k|} cli-session.c:send_msg_service_request: 189| 269|static void send_msg_service_request(const char* servicename) { 190| | 191| 269| TRACE(("enter send_msg_service_request: servicename='%s'", servicename)) 192| | 193| 269| CHECKCLEARTOWRITE(); 194| | 195| 269| buf_putbyte(ses.writepayload, SSH_MSG_SERVICE_REQUEST); ------------------ | | 33| 269|#define SSH_MSG_SERVICE_REQUEST 5 ------------------ 196| 269| buf_putstring(ses.writepayload, servicename, strlen(servicename)); 197| | 198| 269| encrypt_packet(); 199| 269| TRACE(("leave send_msg_service_request")) 200| 269|} buf_put_algolist_all: 315| 28.1k|void buf_put_algolist_all(buffer * buf, const algo_type localalgos[], int useall) { 316| 28.1k| unsigned int i, len; 317| 28.1k| unsigned int donefirst = 0; 318| 28.1k| unsigned int startpos; 319| | 320| 28.1k| startpos = buf->pos; 321| | /* Placeholder for length */ 322| 28.1k| buf_putint(buf, 0); 323| 133k| for (i = 0; localalgos[i].name != NULL; i++) { ------------------ | Branch (323:14): [True: 105k, False: 28.1k] ------------------ 324| 105k| if (localalgos[i].usable || useall) { ------------------ | Branch (324:7): [True: 105k, False: 0] | Branch (324:31): [True: 0, False: 0] ------------------ 325| 105k| if (donefirst) { ------------------ | Branch (325:8): [True: 77.3k, False: 28.1k] ------------------ 326| 77.3k| buf_putbyte(buf, ','); 327| 77.3k| } 328| 105k| donefirst = 1; 329| 105k| len = strlen(localalgos[i].name); 330| 105k| buf_putbytes(buf, (const unsigned char *) localalgos[i].name, len); 331| 105k| } 332| 105k| } 333| | /* Fill out the length */ 334| 28.1k| len = buf->pos - startpos - 4; 335| 28.1k| buf_setpos(buf, startpos); 336| 28.1k| buf_putint(buf, len); 337| 28.1k| TRACE(("algolist add %d '%.*s'", len, len, buf_getptr(buf, len))) 338| 28.1k| buf_incrwritepos(buf, len); 339| 28.1k|} buf_put_algolist: 341| 28.1k|void buf_put_algolist(buffer * buf, const algo_type localalgos[]) { 342| 28.1k| buf_put_algolist_all(buf, localalgos, 0); 343| 28.1k|} buf_has_algo: 387| 2.83k|int buf_has_algo(buffer *buf, const char *algo) { 388| 2.83k| unsigned char* algolist = NULL; 389| 2.83k| unsigned int orig_pos = buf->pos; 390| 2.83k| unsigned int len, remotecount, i; 391| 2.83k| const char *remotenames[MAX_PROPOSED_ALGO]; 392| 2.83k| int ret = DROPBEAR_FAILURE; ------------------ | | 103| 2.83k|#define DROPBEAR_FAILURE -1 ------------------ 393| | 394| 2.83k| algolist = buf_getstring(buf, &len); 395| 2.83k| remotecount = MAX_PROPOSED_ALGO; ------------------ | | 209| 2.83k|#define MAX_PROPOSED_ALGO 50 ------------------ 396| 2.83k| get_algolist(algolist, len, remotenames, &remotecount); 397| 16.6k| for (i = 0; i < remotecount; i++) ------------------ | Branch (397:14): [True: 13.9k, False: 2.69k] ------------------ 398| 13.9k| { 399| 13.9k| if (strcmp(remotenames[i], algo) == 0) { ------------------ | Branch (399:7): [True: 145, False: 13.7k] ------------------ 400| 145| ret = DROPBEAR_SUCCESS; ------------------ | | 102| 145|#define DROPBEAR_SUCCESS 0 ------------------ 401| 145| break; 402| 145| } 403| 13.9k| } 404| 2.83k| if (algolist) { ------------------ | Branch (404:6): [True: 2.77k, False: 63] ------------------ 405| 2.77k| m_free(algolist); ------------------ | | 24| 2.77k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 406| 2.77k| } 407| 2.83k| buf_setpos(buf, orig_pos); 408| 2.83k| return ret; 409| 2.83k|} first_usable_algo: 411| 7.03k|algo_type * first_usable_algo(algo_type algos[]) { 412| 7.03k| int i; 413| 7.03k| for (i = 0; algos[i].name != NULL; i++) { ------------------ | Branch (413:14): [True: 7.03k, False: 0] ------------------ 414| 7.03k| if (algos[i].usable) { ------------------ | Branch (414:7): [True: 7.03k, False: 0] ------------------ 415| 7.03k| return &algos[i]; 416| 7.03k| } 417| 7.03k| } 418| 0| return NULL; 419| 7.03k|} buf_match_algo: 427| 20.8k| int kexguess2, int *goodguess) { 428| 20.8k| char * algolist = NULL; 429| 20.8k| const char *remotenames[MAX_PROPOSED_ALGO], *localnames[MAX_PROPOSED_ALGO]; 430| 20.8k| unsigned int len; 431| 20.8k| unsigned int remotecount, localcount, clicount, servcount, i, j; 432| 20.8k| algo_type * ret = NULL; 433| 20.8k| const char **clinames, **servnames; 434| | 435| 20.8k| if (goodguess) { ------------------ | Branch (435:6): [True: 5.38k, False: 15.4k] ------------------ 436| 5.38k| *goodguess = 0; 437| 5.38k| } 438| | 439| | /* get the comma-separated list from the buffer ie "algo1,algo2,algo3" */ 440| 20.8k| algolist = buf_getstring(buf, &len); 441| 20.8k| DEBUG3(("buf_match_algo: %s", algolist)) 442| 20.8k| remotecount = MAX_PROPOSED_ALGO; ------------------ | | 209| 20.8k|#define MAX_PROPOSED_ALGO 50 ------------------ 443| 20.8k| get_algolist(algolist, len, remotenames, &remotecount); 444| | 445| 100k| for (i = 0; localalgos[i].name != NULL; i++) { ------------------ | Branch (445:14): [True: 79.1k, False: 20.8k] ------------------ 446| 79.1k| if (localalgos[i].usable) { ------------------ | Branch (446:7): [True: 79.1k, False: 0] ------------------ 447| 79.1k| localnames[i] = localalgos[i].name; 448| 79.1k| } else { 449| 0| localnames[i] = NULL; 450| 0| } 451| 79.1k| } 452| 20.8k| localcount = i; 453| | 454| 20.8k| if (IS_DROPBEAR_SERVER) { ------------------ | | 319| 20.8k|#define IS_DROPBEAR_SERVER (ses.isserver == 1) | | ------------------ | | | Branch (319:28): [True: 0, False: 20.8k] | | ------------------ ------------------ 455| 0| clinames = remotenames; 456| 0| clicount = remotecount; 457| 0| servnames = localnames; 458| 0| servcount = localcount; 459| 20.8k| } else { 460| 20.8k| clinames = localnames; 461| 20.8k| clicount = localcount; 462| 20.8k| servnames = remotenames; 463| 20.8k| servcount = remotecount; 464| 20.8k| } 465| | 466| | /* iterate and find the first match */ 467| 60.3k| for (i = 0; i < clicount; i++) { ------------------ | Branch (467:14): [True: 59.9k, False: 337] ------------------ 468| 152k| for (j = 0; j < servcount; j++) { ------------------ | Branch (468:15): [True: 112k, False: 39.4k] ------------------ 469| 112k| if (!(servnames[j] && clinames[i])) { ------------------ | Branch (469:10): [True: 112k, False: 0] | Branch (469:26): [True: 112k, False: 0] ------------------ 470| | /* unusable algos are NULL */ 471| 0| continue; 472| 0| } 473| 112k| if (strcmp(servnames[j], clinames[i]) == 0) { ------------------ | Branch (473:8): [True: 20.4k, False: 92.1k] ------------------ 474| | /* set if it was a good guess */ 475| 20.4k| if (goodguess != NULL) { ------------------ | Branch (475:9): [True: 5.20k, False: 15.2k] ------------------ 476| 5.20k| if (kexguess2) { ------------------ | Branch (476:10): [True: 288, False: 4.91k] ------------------ 477| 288| if (i == 0) { ------------------ | Branch (477:11): [True: 251, False: 37] ------------------ 478| 251| *goodguess = 1; 479| 251| } 480| 4.91k| } else { 481| 4.91k| if (i == 0 && j == 0) { ------------------ | Branch (481:11): [True: 844, False: 4.07k] | Branch (481:21): [True: 510, False: 334] ------------------ 482| 510| *goodguess = 1; 483| 510| } 484| 4.91k| } 485| 5.20k| } 486| | /* set the algo to return */ 487| 20.4k| if (IS_DROPBEAR_SERVER) { ------------------ | | 319| 20.4k|#define IS_DROPBEAR_SERVER (ses.isserver == 1) | | ------------------ | | | Branch (319:28): [True: 0, False: 20.4k] | | ------------------ ------------------ 488| 0| ret = &localalgos[j]; 489| 20.4k| } else { 490| 20.4k| ret = &localalgos[i]; 491| 20.4k| } 492| 20.4k| goto out; 493| 20.4k| } 494| 112k| } 495| 59.9k| } 496| | 497| 20.7k|out: 498| 20.7k| m_free(algolist); ------------------ | | 24| 20.7k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 499| 20.7k| return ret; 500| 20.8k|} common-algo.c:void_cipher: 41| 69.5k| unsigned long len, void* UNUSED(cipher_state)) { 42| 69.5k| if (in != out) { ------------------ | Branch (42:6): [True: 0, False: 69.5k] ------------------ 43| 0| memmove(out, in, len); 44| 0| } 45| 69.5k| return CRYPT_OK; 46| 69.5k|} common-algo.c:get_algolist: 350| 23.5k| const char* *ret_list, unsigned int *ret_count) { 351| 23.5k| unsigned int max_count = *ret_count; 352| 23.5k| unsigned int i; 353| | 354| 23.5k| if (*ret_count == 0) { ------------------ | Branch (354:6): [True: 0, False: 23.5k] ------------------ 355| 0| return; 356| 0| } 357| 23.5k| if (algolist_len > MAX_PROPOSED_ALGO*(MAX_NAME_LEN+1)) { ------------------ | | 209| 23.5k|#define MAX_PROPOSED_ALGO 50 ------------------ if (algolist_len > MAX_PROPOSED_ALGO*(MAX_NAME_LEN+1)) { ------------------ | | 205| 23.5k|#define MAX_NAME_LEN 64 /* maximum length of a protocol name, isn't ------------------ | Branch (357:6): [True: 1, False: 23.5k] ------------------ 358| 1| *ret_count = 0; 359| 1| } 360| | 361| | /* ret_list will contain a list of the strings parsed out. 362| | We will have at least one string (even if it's just "") */ 363| 23.5k| ret_list[0] = algolist; 364| 23.5k| *ret_count = 1; 365| 514k| for (i = 0; i < algolist_len; i++) { ------------------ | Branch (365:14): [True: 490k, False: 23.4k] ------------------ 366| 490k| if (algolist[i] == '\0') { ------------------ | Branch (366:7): [True: 108, False: 490k] ------------------ 367| | /* someone is trying something strange */ 368| 108| *ret_count = 0; 369| 108| return; 370| 108| } 371| | 372| 490k| if (algolist[i] == ',') { ------------------ | Branch (372:7): [True: 25.9k, False: 464k] ------------------ 373| 25.9k| if (*ret_count >= max_count) { ------------------ | Branch (373:8): [True: 2, False: 25.9k] ------------------ 374| 2| dropbear_exit("Too many remote algorithms"); 375| 0| *ret_count = 0; 376| 0| return; 377| 2| } 378| 25.9k| algolist[i] = '\0'; 379| 25.9k| ret_list[*ret_count] = &algolist[i+1]; 380| 25.9k| (*ret_count)++; 381| 25.9k| } 382| 490k| } 383| 23.5k|} chaninitialise: 70| 3.51k|void chaninitialise(const struct ChanType *chantypes[]) { 71| | 72| | /* may as well create space for a single channel */ 73| 3.51k| ses.channels = (struct Channel**)m_malloc(sizeof(struct Channel*)); 74| 3.51k| ses.chansize = 1; 75| 3.51k| ses.channels[0] = NULL; 76| 3.51k| ses.chancount = 0; 77| | 78| 3.51k| ses.chantypes = chantypes; 79| | 80| 3.51k|#if DROPBEAR_LISTENERS 81| 3.51k| listeners_initialise(); 82| 3.51k|#endif 83| | 84| 3.51k|} chancleanup: 87| 3.51k|void chancleanup() { 88| | 89| 3.51k| unsigned int i; 90| | 91| 3.51k| TRACE(("enter chancleanup")) 92| 7.03k| for (i = 0; i < ses.chansize; i++) { ------------------ | Branch (92:14): [True: 3.51k, False: 3.51k] ------------------ 93| 3.51k| if (ses.channels[i] != NULL) { ------------------ | Branch (93:7): [True: 0, False: 3.51k] ------------------ 94| 0| TRACE(("channel %d closing", i)) 95| 0| remove_channel(ses.channels[i]); 96| 0| } 97| 3.51k| } 98| 3.51k| m_free(ses.channels); ------------------ | | 24| 3.51k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 99| 3.51k| TRACE(("leave chancleanup")) 100| 3.51k|} channelio: 199| 103k|void channelio(const fd_set *readfds, const fd_set *writefds) { 200| | 201| | /* Listeners such as TCP, X11, agent-auth */ 202| 103k| struct Channel *channel; 203| 103k| unsigned int i; 204| | 205| | /* foreach channel */ 206| 207k| for (i = 0; i < ses.chansize; i++) { ------------------ | Branch (206:14): [True: 103k, False: 103k] ------------------ 207| | /* Close checking only needs to occur for channels that had IO events */ 208| 103k| int do_check_close = 0; 209| | 210| 103k| channel = ses.channels[i]; 211| 103k| if (channel == NULL) { ------------------ | Branch (211:7): [True: 103k, False: 0] ------------------ 212| | /* only process in-use channels */ 213| 103k| continue; 214| 103k| } 215| | 216| | /* read data and send it over the wire */ 217| 0| if (channel->readfd >= 0 && FD_ISSET(channel->readfd, readfds)) { ------------------ | Branch (217:7): [True: 0, False: 0] ------------------ 218| 0| TRACE(("send normal readfd")) 219| 0| send_msg_channel_data(channel, 0); 220| 0| do_check_close = 1; 221| 0| } 222| | 223| | /* read stderr data and send it over the wire */ 224| 0| if (ERRFD_IS_READ(channel) && channel->errfd >= 0 ------------------ | | 59| 0|#define ERRFD_IS_READ(channel) ((channel)->extrabuf == NULL) | | ------------------ | | | Branch (59:32): [True: 0, False: 0] | | ------------------ ------------------ | Branch (224:33): [True: 0, False: 0] ------------------ 225| 0| && FD_ISSET(channel->errfd, readfds)) { 226| 0| TRACE(("send normal errfd")) 227| 0| send_msg_channel_data(channel, 1); 228| 0| do_check_close = 1; 229| 0| } 230| | 231| | /* write to program/pipe stdin */ 232| 0| if (channel->writefd >= 0 && FD_ISSET(channel->writefd, writefds)) { ------------------ | Branch (232:7): [True: 0, False: 0] ------------------ 233| 0| writechannel(channel, channel->writefd, channel->writebuf, NULL, NULL); 234| 0| do_check_close = 1; 235| 0| } 236| | 237| | /* stderr for client mode */ 238| 0| if (ERRFD_IS_WRITE(channel) ------------------ | | 60| 0|#define ERRFD_IS_WRITE(channel) (!ERRFD_IS_READ(channel)) | | ------------------ | | | | 59| 0|#define ERRFD_IS_READ(channel) ((channel)->extrabuf == NULL) | | ------------------ | | | Branch (60:33): [True: 0, False: 0] | | ------------------ ------------------ 239| 0| && channel->errfd >= 0 && FD_ISSET(channel->errfd, writefds)) { ------------------ | Branch (239:8): [True: 0, False: 0] ------------------ 240| 0| writechannel(channel, channel->errfd, channel->extrabuf, NULL, NULL); 241| 0| do_check_close = 1; 242| 0| } 243| | 244| 0| if (ses.channel_signal_pending) { ------------------ | Branch (244:7): [True: 0, False: 0] ------------------ 245| | /* SIGCHLD can change channel state for server sessions */ 246| 0| do_check_close = 1; 247| 0| } 248| | 249| | /* handle any channel closing etc */ 250| 0| if (do_check_close) { ------------------ | Branch (250:7): [True: 0, False: 0] ------------------ 251| 0| check_close(channel); 252| 0| } 253| 0| } 254| | 255| 103k|#if DROPBEAR_LISTENERS 256| 103k| handle_listeners(readfds); 257| 103k|#endif 258| 103k|} setchannelfds: 541| 107k|void setchannelfds(fd_set *readfds, fd_set *writefds, int allow_reads) { 542| | 543| 107k| unsigned int i; 544| 107k| struct Channel * channel; 545| | 546| 214k| for (i = 0; i < ses.chansize; i++) { ------------------ | Branch (546:14): [True: 107k, False: 107k] ------------------ 547| | 548| 107k| channel = ses.channels[i]; 549| 107k| if (channel == NULL) { ------------------ | Branch (549:7): [True: 107k, False: 0] ------------------ 550| 107k| continue; 551| 107k| } 552| | 553| | /* Stuff to put over the wire. 554| | Avoid queueing data to send if we're in the middle of a 555| | key re-exchange (!dataallowed), but still read from the 556| | FD if there's the possibility of "~."" to kill an 557| | interactive session (the read_mangler) */ 558| 0| if (channel->transwindow > 0 ------------------ | Branch (558:7): [True: 0, False: 0] ------------------ 559| 0| && ((ses.dataallowed && allow_reads) || channel->read_mangler)) { ------------------ | Branch (559:11): [True: 0, False: 0] | Branch (559:30): [True: 0, False: 0] | Branch (559:46): [True: 0, False: 0] ------------------ 560| | 561| 0| if (channel->readfd >= 0) { ------------------ | Branch (561:8): [True: 0, False: 0] ------------------ 562| 0| FD_SET(channel->readfd, readfds); 563| 0| } 564| | 565| 0| if (ERRFD_IS_READ(channel) && channel->errfd >= 0) { ------------------ | | 59| 0|#define ERRFD_IS_READ(channel) ((channel)->extrabuf == NULL) | | ------------------ | | | Branch (59:32): [True: 0, False: 0] | | ------------------ ------------------ | Branch (565:34): [True: 0, False: 0] ------------------ 566| 0| FD_SET(channel->errfd, readfds); 567| 0| } 568| 0| } 569| | 570| | /* Stuff from the wire */ 571| 0| if (channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0) { ------------------ | Branch (571:7): [True: 0, False: 0] | Branch (571:32): [True: 0, False: 0] ------------------ 572| 0| FD_SET(channel->writefd, writefds); 573| 0| } 574| | 575| 0| if (ERRFD_IS_WRITE(channel) && channel->errfd >= 0 ------------------ | | 60| 0|#define ERRFD_IS_WRITE(channel) (!ERRFD_IS_READ(channel)) | | ------------------ | | | | 59| 0|#define ERRFD_IS_READ(channel) ((channel)->extrabuf == NULL) | | ------------------ | | | Branch (60:33): [True: 0, False: 0] | | ------------------ ------------------ | Branch (575:34): [True: 0, False: 0] ------------------ 576| 0| && cbuf_getused(channel->extrabuf) > 0) { ------------------ | Branch (576:8): [True: 0, False: 0] ------------------ 577| 0| FD_SET(channel->errfd, writefds); 578| 0| } 579| | 580| 0| } /* foreach channel */ 581| | 582| 107k|#if DROPBEAR_LISTENERS 583| 107k| set_listener_fds(readfds); 584| 107k|#endif 585| | 586| 107k|} send_msg_kexinit: 55| 3.51k|void send_msg_kexinit() { 56| | 57| 3.51k| CHECKCLEARTOWRITE(); 58| 3.51k| buf_putbyte(ses.writepayload, SSH_MSG_KEXINIT); ------------------ | | 36| 3.51k|#define SSH_MSG_KEXINIT 20 ------------------ 59| | 60| | /* cookie */ 61| 3.51k| genrandom(buf_getwriteptr(ses.writepayload, 16), 16); 62| 3.51k| buf_incrwritepos(ses.writepayload, 16); 63| | 64| | /* kex algos */ 65| 3.51k| buf_put_algolist(ses.writepayload, sshkex); 66| | 67| | /* server_host_key_algorithms */ 68| 3.51k| buf_put_algolist(ses.writepayload, sigalgs); 69| | 70| | /* encryption_algorithms_client_to_server */ 71| 3.51k| buf_put_algolist(ses.writepayload, sshciphers); 72| | 73| | /* encryption_algorithms_server_to_client */ 74| 3.51k| buf_put_algolist(ses.writepayload, sshciphers); 75| | 76| | /* mac_algorithms_client_to_server */ 77| 3.51k| buf_put_algolist(ses.writepayload, sshhashes); 78| | 79| | /* mac_algorithms_server_to_client */ 80| 3.51k| buf_put_algolist(ses.writepayload, sshhashes); 81| | 82| | 83| | /* compression_algorithms_client_to_server */ 84| 3.51k| buf_put_algolist(ses.writepayload, ses.compress_algos); 85| | 86| | /* compression_algorithms_server_to_client */ 87| 3.51k| buf_put_algolist(ses.writepayload, ses.compress_algos); 88| | 89| | /* languages_client_to_server */ 90| 3.51k| buf_putstring(ses.writepayload, "", 0); 91| | 92| | /* languages_server_to_client */ 93| 3.51k| buf_putstring(ses.writepayload, "", 0); 94| | 95| | /* first_kex_packet_follows */ 96| 3.51k| buf_putbyte(ses.writepayload, (ses.send_kex_first_guess != NULL)); 97| | 98| | /* reserved unit32 */ 99| 3.51k| buf_putint(ses.writepayload, 0); 100| | 101| | /* set up transmitted kex packet buffer for hashing. 102| | * This is freed after the end of the kex */ 103| 3.51k| ses.transkexinit = buf_newcopy(ses.writepayload); 104| | 105| 3.51k| encrypt_packet(); 106| 3.51k| ses.dataallowed = 0; /* don't send other packets during kex */ 107| | 108| 3.51k| ses.kexstate.sentkexinit = 1; 109| | 110| 3.51k| ses.newkeys = (struct key_context*)m_malloc(sizeof(struct key_context)); 111| | 112| 3.51k| if (ses.send_kex_first_guess) { ------------------ | Branch (112:6): [True: 3.51k, False: 0] ------------------ 113| 3.51k| ses.newkeys->algo_kex = first_usable_algo(sshkex)->data; 114| 3.51k| ses.newkeys->algo_signature = first_usable_algo(sigalgs)->val; 115| 3.51k| ses.newkeys->algo_hostkey = signkey_type_from_signature(ses.newkeys->algo_signature); 116| 3.51k| ses.send_kex_first_guess(); 117| 3.51k| } 118| | 119| 3.51k| TRACE(("DATAALLOWED=0")) 120| 3.51k| TRACE(("-> KEXINIT")) 121| | 122| 3.51k|} kexfirstinitialise: 202| 3.51k|void kexfirstinitialise() { 203| 3.51k|#ifdef DISABLE_ZLIB 204| 3.51k| ses.compress_algos = ssh_nocompress; 205| |#else 206| | switch (opts.compress_mode) 207| | { 208| | case DROPBEAR_COMPRESS_DELAYED: 209| | ses.compress_algos = ssh_delaycompress; 210| | break; 211| | 212| | case DROPBEAR_COMPRESS_ON: 213| | ses.compress_algos = ssh_compress; 214| | break; 215| | 216| | case DROPBEAR_COMPRESS_OFF: 217| | ses.compress_algos = ssh_nocompress; 218| | break; 219| | } 220| |#endif 221| 3.51k| kexinitialise(); 222| 3.51k|} recv_msg_kexinit: 474| 2.84k|void recv_msg_kexinit() { 475| | 476| 2.84k| unsigned int kexhashbuf_len = 0; 477| 2.84k| unsigned int remote_ident_len = 0; 478| 2.84k| unsigned int local_ident_len = 0; 479| | 480| 2.84k| TRACE(("<- KEXINIT")) 481| 2.84k| TRACE(("enter recv_msg_kexinit")) 482| | 483| 2.84k| if (!ses.kexstate.sentkexinit) { ------------------ | Branch (483:6): [True: 0, False: 2.84k] ------------------ 484| | /* we need to send a kex packet */ 485| 0| send_msg_kexinit(); 486| 0| TRACE(("continue recv_msg_kexinit: sent kexinit")) 487| 0| } 488| | 489| | /* "Once a party has sent a SSH_MSG_KEXINIT message ... 490| | further SSH_MSG_KEXINIT messages MUST NOT be sent" */ 491| 2.84k| if (ses.kexstate.recvkexinit) { ------------------ | Branch (491:6): [True: 0, False: 2.84k] ------------------ 492| 0| dropbear_exit("Unexpected KEXINIT"); 493| 0| } 494| | 495| | /* start the kex hash */ 496| 2.84k| local_ident_len = strlen(LOCAL_IDENT); ------------------ | | 10| 2.84k|#define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION | | ------------------ | | | | 7| 2.84k|#define DROPBEAR_VERSION "2022.83" | | ------------------ ------------------ 497| 2.84k| remote_ident_len = strlen(ses.remoteident); 498| | 499| 2.84k| kexhashbuf_len = local_ident_len + remote_ident_len 500| 2.84k| + ses.transkexinit->len + ses.payload->len 501| 2.84k| + KEXHASHBUF_MAX_INTS; ------------------ | | 240| 2.84k|#define KEXHASHBUF_MAX_INTS (1700 + 130 + 130 + 130) ------------------ 502| | 503| 2.84k| ses.kexhashbuf = buf_new(kexhashbuf_len); 504| | 505| 2.84k| if (IS_DROPBEAR_CLIENT) { ------------------ | | 320| 2.84k|#define IS_DROPBEAR_CLIENT (ses.isserver == 0) | | ------------------ | | | Branch (320:28): [True: 2.84k, False: 0] | | ------------------ ------------------ 506| | 507| | /* read the peer's choice of algos */ 508| 2.84k| read_kex_algos(); 509| | 510| | /* V_C, the client's version string (CR and NL excluded) */ 511| 2.84k| buf_putstring(ses.kexhashbuf, LOCAL_IDENT, local_ident_len); ------------------ | | 10| 2.84k|#define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION | | ------------------ | | | | 7| 2.84k|#define DROPBEAR_VERSION "2022.83" | | ------------------ ------------------ 512| | /* V_S, the server's version string (CR and NL excluded) */ 513| 2.84k| buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len); 514| | 515| | /* I_C, the payload of the client's SSH_MSG_KEXINIT */ 516| 2.84k| buf_putstring(ses.kexhashbuf, 517| 2.84k| (const char*)ses.transkexinit->data, ses.transkexinit->len); 518| | /* I_S, the payload of the server's SSH_MSG_KEXINIT */ 519| 2.84k| buf_setpos(ses.payload, ses.payload_beginning); 520| 2.84k| buf_putstring(ses.kexhashbuf, 521| 2.84k| (const char*)buf_getptr(ses.payload, ses.payload->len-ses.payload->pos), 522| 2.84k| ses.payload->len-ses.payload->pos); 523| 2.84k| ses.requirenext = SSH_MSG_KEXDH_REPLY; ------------------ | | 39| 2.84k|#define SSH_MSG_KEXDH_REPLY 31 ------------------ 524| 2.84k| } else { 525| | /* SERVER */ 526| | 527| | /* read the peer's choice of algos */ 528| 0| read_kex_algos(); 529| | /* V_C, the client's version string (CR and NL excluded) */ 530| 0| buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len); 531| | /* V_S, the server's version string (CR and NL excluded) */ 532| 0| buf_putstring(ses.kexhashbuf, LOCAL_IDENT, local_ident_len); ------------------ | | 10| 0|#define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION | | ------------------ | | | | 7| 0|#define DROPBEAR_VERSION "2022.83" | | ------------------ ------------------ 533| | 534| | /* I_C, the payload of the client's SSH_MSG_KEXINIT */ 535| 0| buf_setpos(ses.payload, ses.payload_beginning); 536| 0| buf_putstring(ses.kexhashbuf, 537| 0| (const char*)buf_getptr(ses.payload, ses.payload->len-ses.payload->pos), 538| 0| ses.payload->len-ses.payload->pos); 539| | 540| | /* I_S, the payload of the server's SSH_MSG_KEXINIT */ 541| 0| buf_putstring(ses.kexhashbuf, 542| 0| (const char*)ses.transkexinit->data, ses.transkexinit->len); 543| | 544| 0| ses.requirenext = SSH_MSG_KEXDH_INIT; ------------------ | | 38| 0|#define SSH_MSG_KEXDH_INIT 30 ------------------ 545| 0| } 546| | 547| 2.84k| buf_free(ses.transkexinit); 548| 2.84k| ses.transkexinit = NULL; 549| | /* the rest of ses.kexhashbuf will be done after DH exchange */ 550| | 551| 2.84k| ses.kexstate.recvkexinit = 1; 552| | 553| 2.84k| TRACE(("leave recv_msg_kexinit")) 554| 2.84k|} gen_kexdh_param: 566| 1.23k|struct kex_dh_param *gen_kexdh_param() { 567| 1.23k| struct kex_dh_param *param = NULL; 568| | 569| 1.23k| DEF_MP_INT(dh_p); ------------------ | | 80| 1.23k|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 570| 1.23k| DEF_MP_INT(dh_q); ------------------ | | 80| 1.23k|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 571| 1.23k| DEF_MP_INT(dh_g); ------------------ | | 80| 1.23k|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 572| | 573| 1.23k| TRACE(("enter gen_kexdh_vals")) 574| | 575| 1.23k| param = m_malloc(sizeof(*param)); 576| 1.23k| m_mp_init_multi(¶m->pub, ¶m->priv, &dh_g, &dh_p, &dh_q, NULL); 577| | 578| | /* read the prime and generator*/ 579| 1.23k| load_dh_p(&dh_p); 580| | 581| 1.23k| mp_set_ul(&dh_g, DH_G_VAL); 582| | 583| | /* calculate q = (p-1)/2 */ 584| | /* dh_priv is just a temp var here */ 585| 1.23k| if (mp_sub_d(&dh_p, 1, ¶m->priv) != MP_OKAY) { ------------------ | | 161| 1.23k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (585:6): [True: 0, False: 1.23k] ------------------ 586| 0| dropbear_exit("Diffie-Hellman error"); 587| 0| } 588| 1.23k| if (mp_div_2(¶m->priv, &dh_q) != MP_OKAY) { ------------------ | | 161| 1.23k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (588:6): [True: 0, False: 1.23k] ------------------ 589| 0| dropbear_exit("Diffie-Hellman error"); 590| 0| } 591| | 592| | /* Generate a private portion 0 < dh_priv < dh_q */ 593| 1.23k| gen_random_mpint(&dh_q, ¶m->priv); 594| | 595| | /* f = g^y mod p */ 596| 1.23k| if (mp_exptmod(&dh_g, ¶m->priv, &dh_p, ¶m->pub) != MP_OKAY) { ------------------ | | 161| 1.23k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (596:6): [True: 0, False: 1.23k] ------------------ 597| 0| dropbear_exit("Diffie-Hellman error"); 598| 0| } 599| 1.23k| mp_clear_multi(&dh_g, &dh_p, &dh_q, NULL); 600| 1.23k| return param; 601| 1.23k|} free_kexdh_param: 604| 1.03k|{ 605| 1.03k| mp_clear_multi(¶m->pub, ¶m->priv, NULL); 606| 1.03k| m_free(param); ------------------ | | 24| 1.03k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 607| 1.03k|} kexdh_comb_key: 614| 1.03k| sign_key *hostkey) { 615| | 616| 1.03k| DEF_MP_INT(dh_p); ------------------ | | 80| 1.03k|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 617| 1.03k| DEF_MP_INT(dh_p_min1); ------------------ | | 80| 1.03k|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 618| 1.03k| mp_int *dh_e = NULL, *dh_f = NULL; 619| | 620| 1.03k| m_mp_init_multi(&dh_p, &dh_p_min1, NULL); 621| 1.03k| load_dh_p(&dh_p); 622| | 623| 1.03k| if (mp_sub_d(&dh_p, 1, &dh_p_min1) != MP_OKAY) { ------------------ | | 161| 1.03k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (623:6): [True: 0, False: 1.03k] ------------------ 624| 0| dropbear_exit("Diffie-Hellman error"); 625| 0| } 626| | 627| | /* Check that dh_pub_them (dh_e or dh_f) is in the range [2, p-2] */ 628| 1.03k| if (mp_cmp(dh_pub_them, &dh_p_min1) != MP_LT ------------------ | | 154| 2.07k|#define MP_LT -1 /* less than */ ------------------ | Branch (628:6): [True: 2, False: 1.03k] ------------------ 629| 1.03k| || mp_cmp_d(dh_pub_them, 1) != MP_GT) { ------------------ | | 156| 1.03k|#define MP_GT 1 /* greater than */ ------------------ | Branch (629:7): [True: 3, False: 1.03k] ------------------ 630| 5| dropbear_exit("Diffie-Hellman error"); 631| 5| } 632| | 633| | /* K = e^y mod p = f^x mod p */ 634| 1.03k| m_mp_alloc_init_multi(&ses.dh_K, NULL); 635| 1.03k| if (mp_exptmod(dh_pub_them, ¶m->priv, &dh_p, ses.dh_K) != MP_OKAY) { ------------------ | | 161| 1.03k|#define MP_OKAY 0 /* no error */ ------------------ | Branch (635:6): [True: 0, False: 1.03k] ------------------ 636| 0| dropbear_exit("Diffie-Hellman error"); 637| 0| } 638| | 639| | /* clear no longer needed vars */ 640| 1.03k| mp_clear_multi(&dh_p, &dh_p_min1, NULL); 641| | 642| | /* From here on, the code needs to work with the _same_ vars on each side, 643| | * not vice-versaing for client/server */ 644| 1.03k| if (IS_DROPBEAR_CLIENT) { ------------------ | | 320| 1.03k|#define IS_DROPBEAR_CLIENT (ses.isserver == 0) | | ------------------ | | | Branch (320:28): [True: 1.03k, False: 0] | | ------------------ ------------------ 645| 1.03k| dh_e = ¶m->pub; 646| 1.03k| dh_f = dh_pub_them; 647| 1.03k| } else { 648| 0| dh_e = dh_pub_them; 649| 0| dh_f = ¶m->pub; 650| 0| } 651| | 652| | /* Create the remainder of the hash buffer, to generate the exchange hash */ 653| | /* K_S, the host key */ 654| 1.03k| buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey); 655| | /* e, exchange value sent by the client */ 656| 1.03k| buf_putmpint(ses.kexhashbuf, dh_e); 657| | /* f, exchange value sent by the server */ 658| 1.03k| buf_putmpint(ses.kexhashbuf, dh_f); 659| | /* K, the shared secret */ 660| 1.03k| buf_putmpint(ses.kexhashbuf, ses.dh_K); 661| | 662| | /* calculate the hash H to sign */ 663| 1.03k| finish_kexhashbuf(); 664| 1.03k|} gen_kexecdh_param: 668| 594|struct kex_ecdh_param *gen_kexecdh_param() { 669| 594| struct kex_ecdh_param *param = m_malloc(sizeof(*param)); 670| 594| if (ecc_make_key_ex(NULL, dropbear_ltc_prng, ------------------ | Branch (670:6): [True: 0, False: 594] ------------------ 671| 594| ¶m->key, ses.newkeys->algo_kex->ecc_curve->dp) != CRYPT_OK) { 672| 0| dropbear_exit("ECC error"); 673| 0| } 674| 594| return param; 675| 594|} free_kexecdh_param: 677| 110|void free_kexecdh_param(struct kex_ecdh_param *param) { 678| 110| ecc_free(¶m->key); 679| 110| m_free(param); ------------------ | | 24| 110|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 680| | 681| 110|} kexecdh_comb_key: 683| 146| sign_key *hostkey) { 684| 146| const struct dropbear_kex *algo_kex = ses.newkeys->algo_kex; 685| | /* public keys from client and server */ 686| 146| ecc_key *Q_C, *Q_S, *Q_them; 687| | 688| 146| Q_them = buf_get_ecc_raw_pubkey(pub_them, algo_kex->ecc_curve); 689| 146| if (Q_them == NULL) { ------------------ | Branch (689:6): [True: 34, False: 112] ------------------ 690| 34| dropbear_exit("ECC error"); 691| 34| } 692| | 693| 112| ses.dh_K = dropbear_ecc_shared_secret(Q_them, ¶m->key); 694| | 695| | /* Create the remainder of the hash buffer, to generate the exchange hash 696| | See RFC5656 section 4 page 7 */ 697| 112| if (IS_DROPBEAR_CLIENT) { ------------------ | | 320| 112|#define IS_DROPBEAR_CLIENT (ses.isserver == 0) | | ------------------ | | | Branch (320:28): [True: 110, False: 2] | | ------------------ ------------------ 698| 110| Q_C = ¶m->key; 699| 110| Q_S = Q_them; 700| 110| } else { 701| 2| Q_C = Q_them; 702| 2| Q_S = ¶m->key; 703| 2| } 704| | 705| | /* K_S, the host key */ 706| 112| buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey); 707| | /* Q_C, client's ephemeral public key octet string */ 708| 112| buf_put_ecc_raw_pubkey_string(ses.kexhashbuf, Q_C); 709| | /* Q_S, server's ephemeral public key octet string */ 710| 112| buf_put_ecc_raw_pubkey_string(ses.kexhashbuf, Q_S); 711| | /* K, the shared secret */ 712| 112| buf_putmpint(ses.kexhashbuf, ses.dh_K); 713| | 714| 112| ecc_free(Q_them); 715| 112| m_free(Q_them); ------------------ | | 24| 112|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 716| | 717| | /* calculate the hash H to sign */ 718| 112| finish_kexhashbuf(); 719| 112|} gen_kexcurve25519_param: 723| 3.51k|struct kex_curve25519_param *gen_kexcurve25519_param() { 724| | /* Per http://cr.yp.to/ecdh.html */ 725| 3.51k| struct kex_curve25519_param *param = m_malloc(sizeof(*param)); 726| 3.51k| const unsigned char basepoint[32] = {9}; 727| | 728| 3.51k| genrandom(param->priv, CURVE25519_LEN); ------------------ | | 106| 3.51k|#define CURVE25519_LEN 32 ------------------ 729| 3.51k| dropbear_curve25519_scalarmult(param->pub, param->priv, basepoint); 730| | 731| 3.51k| return param; 732| 3.51k|} free_kexcurve25519_param: 734| 1.44k|void free_kexcurve25519_param(struct kex_curve25519_param *param) { 735| 1.44k| m_burn(param->priv, CURVE25519_LEN); ------------------ | | 106| 1.44k|#define CURVE25519_LEN 32 ------------------ 736| 1.44k| m_free(param); ------------------ | | 24| 1.44k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 737| 1.44k|} kexcurve25519_comb_key: 740| 327| sign_key *hostkey) { 741| 327| unsigned char out[CURVE25519_LEN]; 742| 327| const unsigned char* Q_C = NULL; 743| 327| const unsigned char* Q_S = NULL; 744| 327| char zeroes[CURVE25519_LEN] = {0}; 745| | 746| 327| if (buf_pub_them->len != CURVE25519_LEN) ------------------ | | 106| 327|#define CURVE25519_LEN 32 ------------------ | Branch (746:6): [True: 22, False: 305] ------------------ 747| 22| { 748| 22| dropbear_exit("Bad curve25519"); 749| 22| } 750| | 751| 305| dropbear_curve25519_scalarmult(out, param->priv, buf_pub_them->data); 752| | 753| 305| if (constant_time_memcmp(zeroes, out, CURVE25519_LEN) == 0) { ------------------ | | 106| 305|#define CURVE25519_LEN 32 ------------------ | Branch (753:6): [True: 1, False: 304] ------------------ 754| 1| dropbear_exit("Bad curve25519"); 755| 1| } 756| | 757| 304| m_mp_alloc_init_multi(&ses.dh_K, NULL); 758| 304| bytes_to_mp(ses.dh_K, out, CURVE25519_LEN); ------------------ | | 106| 304|#define CURVE25519_LEN 32 ------------------ 759| 304| m_burn(out, sizeof(out)); 760| | 761| | /* Create the remainder of the hash buffer, to generate the exchange hash. 762| | See RFC5656 section 4 page 7 */ 763| 304| if (IS_DROPBEAR_CLIENT) { ------------------ | | 320| 304|#define IS_DROPBEAR_CLIENT (ses.isserver == 0) | | ------------------ | | | Branch (320:28): [True: 304, False: 0] | | ------------------ ------------------ 764| 304| Q_C = param->pub; 765| 304| Q_S = buf_pub_them->data; 766| 304| } else { 767| 0| Q_S = param->pub; 768| 0| Q_C = buf_pub_them->data; 769| 0| } 770| | 771| | /* K_S, the host key */ 772| 304| buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey); 773| | /* Q_C, client's ephemeral public key octet string */ 774| 304| buf_putstring(ses.kexhashbuf, (const char*)Q_C, CURVE25519_LEN); ------------------ | | 106| 304|#define CURVE25519_LEN 32 ------------------ 775| | /* Q_S, server's ephemeral public key octet string */ 776| 304| buf_putstring(ses.kexhashbuf, (const char*)Q_S, CURVE25519_LEN); ------------------ | | 106| 304|#define CURVE25519_LEN 32 ------------------ 777| | /* K, the shared secret */ 778| 304| buf_putmpint(ses.kexhashbuf, ses.dh_K); 779| | 780| | /* calculate the hash H to sign */ 781| 304| finish_kexhashbuf(); 782| 304|} finish_kexhashbuf: 786| 1.44k|void finish_kexhashbuf(void) { 787| 1.44k| hash_state hs; 788| 1.44k| const struct ltc_hash_descriptor *hash_desc = ses.newkeys->algo_kex->hash_desc; 789| | 790| 1.44k| hash_desc->init(&hs); 791| 1.44k| buf_setpos(ses.kexhashbuf, 0); 792| 1.44k| hash_desc->process(&hs, buf_getptr(ses.kexhashbuf, ses.kexhashbuf->len), 793| 1.44k| ses.kexhashbuf->len); 794| 1.44k| ses.hash = buf_new(hash_desc->hashsize); 795| 1.44k| hash_desc->done(&hs, buf_getwriteptr(ses.hash, hash_desc->hashsize)); 796| 1.44k| buf_setlen(ses.hash, hash_desc->hashsize); 797| | 798| |#if defined(DEBUG_KEXHASH) && DEBUG_TRACE 799| | if (!debug_trace) { 800| | printhex("kexhashbuf", ses.kexhashbuf->data, ses.kexhashbuf->len); 801| | printhex("kexhash", ses.hash->data, ses.hash->len); 802| | } 803| |#endif 804| | 805| 1.44k| buf_burn_free(ses.kexhashbuf); 806| 1.44k| m_burn(&hs, sizeof(hash_state)); 807| 1.44k| ses.kexhashbuf = NULL; 808| | 809| | /* first time around, we set the session_id to H */ 810| 1.44k| if (ses.session_id == NULL) { ------------------ | Branch (810:6): [True: 1.44k, False: 0] ------------------ 811| | /* create the session_id, this never needs freeing */ 812| 1.44k| ses.session_id = buf_newcopy(ses.hash); 813| 1.44k| } 814| 1.44k|} common-kex.c:kexinitialise: 225| 3.51k|static void kexinitialise() { 226| | 227| 3.51k| TRACE(("kexinitialise()")) 228| | 229| | /* sent/recv'd MSG_KEXINIT */ 230| 3.51k| ses.kexstate.sentkexinit = 0; 231| 3.51k| ses.kexstate.recvkexinit = 0; 232| | 233| | /* sent/recv'd MSG_NEWKEYS */ 234| 3.51k| ses.kexstate.recvnewkeys = 0; 235| 3.51k| ses.kexstate.sentnewkeys = 0; 236| | 237| | /* first_packet_follows */ 238| 3.51k| ses.kexstate.them_firstfollows = 0; 239| | 240| 3.51k| ses.kexstate.datatrans = 0; 241| 3.51k| ses.kexstate.datarecv = 0; 242| | 243| 3.51k| ses.kexstate.our_first_follows_matches = 0; 244| | 245| 3.51k| ses.kexstate.lastkextime = monotonic_now(); 246| | 247| 3.51k|} common-kex.c:load_dh_p: 558| 2.27k|{ 559| 2.27k| bytes_to_mp(dh_p, ses.newkeys->algo_kex->dh_p_bytes, 560| 2.27k| ses.newkeys->algo_kex->dh_p_len); 561| 2.27k|} common-kex.c:read_kex_algos: 818| 2.84k|static void read_kex_algos() { 819| | 820| | /* for asymmetry */ 821| 2.84k| algo_type * c2s_hash_algo = NULL; 822| 2.84k| algo_type * s2c_hash_algo = NULL; 823| 2.84k| algo_type * c2s_cipher_algo = NULL; 824| 2.84k| algo_type * s2c_cipher_algo = NULL; 825| 2.84k| algo_type * c2s_comp_algo = NULL; 826| 2.84k| algo_type * s2c_comp_algo = NULL; 827| | /* the generic one */ 828| 2.84k| algo_type * algo = NULL; 829| | 830| | /* which algo couldn't match */ 831| 2.84k| char * erralgo = NULL; 832| | 833| 2.84k| int goodguess = 0; 834| 2.84k| int allgood = 1; /* we AND this with each goodguess and see if its still 835| | true after */ 836| 2.84k| int kexguess2 = 0; 837| | 838| 2.84k| buf_incrpos(ses.payload, 16); /* start after the cookie */ 839| | 840| 2.84k| memset(ses.newkeys, 0x0, sizeof(*ses.newkeys)); 841| | 842| | /* kex_algorithms */ 843| 2.84k|#if DROPBEAR_KEXGUESS2 844| 2.84k| if (buf_has_algo(ses.payload, KEXGUESS2_ALGO_NAME) == DROPBEAR_SUCCESS) { ------------------ | | 128| 2.84k|#define KEXGUESS2_ALGO_NAME "kexguess2@matt.ucc.asn.au" ------------------ if (buf_has_algo(ses.payload, KEXGUESS2_ALGO_NAME) == DROPBEAR_SUCCESS) { ------------------ | | 102| 2.84k|#define DROPBEAR_SUCCESS 0 ------------------ | Branch (844:6): [True: 145, False: 2.69k] ------------------ 845| 145| kexguess2 = 1; 846| 145| } 847| 2.84k|#endif 848| | 849| 2.84k|#if DROPBEAR_EXT_INFO 850| | /* Determine if SSH_MSG_EXT_INFO messages should be sent. 851| | Should be done for the first key exchange. Only required on server side 852| | for server-sig-algs */ 853| 2.84k| if (IS_DROPBEAR_SERVER) { ------------------ | | 319| 2.84k|#define IS_DROPBEAR_SERVER (ses.isserver == 1) | | ------------------ | | | Branch (319:28): [True: 0, False: 2.84k] | | ------------------ ------------------ 854| 0| if (!ses.kexstate.donefirstkex) { ------------------ | Branch (854:7): [True: 0, False: 0] ------------------ 855| 0| if (buf_has_algo(ses.payload, SSH_EXT_INFO_C) == DROPBEAR_SUCCESS) { ------------------ | | 100| 0|#define SSH_EXT_INFO_C "ext-info-c" ------------------ if (buf_has_algo(ses.payload, SSH_EXT_INFO_C) == DROPBEAR_SUCCESS) { ------------------ | | 102| 0|#define DROPBEAR_SUCCESS 0 ------------------ | Branch (855:8): [True: 0, False: 0] ------------------ 856| 0| ses.allow_ext_info = 1; 857| 0| } 858| 0| } 859| 0| } 860| 2.84k|#endif 861| | 862| 2.84k| algo = buf_match_algo(ses.payload, sshkex, kexguess2, &goodguess); 863| 2.84k| allgood &= goodguess; 864| 2.84k| if (algo == NULL || algo->data == NULL) { ------------------ | Branch (864:6): [True: 234, False: 2.60k] | Branch (864:22): [True: 2, False: 2.60k] ------------------ 865| | /* kexguess2, ext-info-c, ext-info-s should not match negotiation */ 866| 166| erralgo = "kex"; 867| 166| goto error; 868| 166| } 869| 2.67k| TRACE(("kexguess2 %d", kexguess2)) 870| 2.67k| DEBUG3(("kex algo %s", algo->name)) 871| 2.67k| ses.newkeys->algo_kex = algo->data; 872| | 873| | /* server_host_key_algorithms */ 874| 2.67k| algo = buf_match_algo(ses.payload, sigalgs, kexguess2, &goodguess); 875| 2.67k| allgood &= goodguess; 876| 2.67k| if (algo == NULL) { ------------------ | Branch (876:6): [True: 1, False: 2.67k] ------------------ 877| 1| erralgo = "hostkey"; 878| 1| goto error; 879| 1| } 880| 2.67k| DEBUG2(("hostkey algo %s", algo->name)) 881| 2.67k| ses.newkeys->algo_signature = algo->val; 882| 2.67k| ses.newkeys->algo_hostkey = signkey_type_from_signature(ses.newkeys->algo_signature); 883| | 884| | /* encryption_algorithms_client_to_server */ 885| 2.67k| c2s_cipher_algo = buf_match_algo(ses.payload, sshciphers, 0, NULL); 886| 2.67k| if (c2s_cipher_algo == NULL) { ------------------ | Branch (886:6): [True: 4, False: 2.67k] ------------------ 887| 4| erralgo = "enc c->s"; 888| 4| goto error; 889| 4| } 890| 2.67k| DEBUG2(("enc c2s is %s", c2s_cipher_algo->name)) 891| | 892| | /* encryption_algorithms_server_to_client */ 893| 2.67k| s2c_cipher_algo = buf_match_algo(ses.payload, sshciphers, 0, NULL); 894| 2.67k| if (s2c_cipher_algo == NULL) { ------------------ | Branch (894:6): [True: 1, False: 2.67k] ------------------ 895| 1| erralgo = "enc s->c"; 896| 1| goto error; 897| 1| } 898| 2.67k| DEBUG2(("enc s2c is %s", s2c_cipher_algo->name)) 899| | 900| | /* mac_algorithms_client_to_server */ 901| 2.67k| c2s_hash_algo = buf_match_algo(ses.payload, sshhashes, 0, NULL); 902| 2.67k|#if DROPBEAR_AEAD_MODE 903| 2.67k| if (((struct dropbear_cipher_mode*)c2s_cipher_algo->mode)->aead_crypt != NULL) { ------------------ | Branch (903:6): [True: 40, False: 2.63k] ------------------ 904| 40| c2s_hash_algo = NULL; 905| 40| } else 906| 2.63k|#endif 907| 2.63k| if (c2s_hash_algo == NULL) { ------------------ | Branch (907:6): [True: 2, False: 2.62k] ------------------ 908| 2| erralgo = "mac c->s"; 909| 2| goto error; 910| 2| } 911| 2.66k| DEBUG2(("hmac c2s is %s", c2s_hash_algo ? c2s_hash_algo->name : "")) 912| | 913| | /* mac_algorithms_server_to_client */ 914| 2.66k| s2c_hash_algo = buf_match_algo(ses.payload, sshhashes, 0, NULL); 915| 2.66k|#if DROPBEAR_AEAD_MODE 916| 2.66k| if (((struct dropbear_cipher_mode*)s2c_cipher_algo->mode)->aead_crypt != NULL) { ------------------ | Branch (916:6): [True: 117, False: 2.55k] ------------------ 917| 117| s2c_hash_algo = NULL; 918| 117| } else 919| 2.55k|#endif 920| 2.55k| if (s2c_hash_algo == NULL) { ------------------ | Branch (920:6): [True: 2, False: 2.55k] ------------------ 921| 2| erralgo = "mac s->c"; 922| 2| goto error; 923| 2| } 924| 2.66k| DEBUG2(("hmac s2c is %s", s2c_hash_algo ? s2c_hash_algo->name : "")) 925| | 926| | /* compression_algorithms_client_to_server */ 927| 2.66k| c2s_comp_algo = buf_match_algo(ses.payload, ses.compress_algos, 0, NULL); 928| 2.66k| if (c2s_comp_algo == NULL) { ------------------ | Branch (928:6): [True: 7, False: 2.66k] ------------------ 929| 7| erralgo = "comp c->s"; 930| 7| goto error; 931| 7| } 932| 2.66k| DEBUG2(("comp c2s is %s", c2s_comp_algo->name)) 933| | 934| | /* compression_algorithms_server_to_client */ 935| 2.66k| s2c_comp_algo = buf_match_algo(ses.payload, ses.compress_algos, 0, NULL); 936| 2.66k| if (s2c_comp_algo == NULL) { ------------------ | Branch (936:6): [True: 2, False: 2.65k] ------------------ 937| 2| erralgo = "comp s->c"; 938| 2| goto error; 939| 2| } 940| 2.65k| DEBUG2(("comp s2c is %s", s2c_comp_algo->name)) 941| | 942| | /* languages_client_to_server */ 943| 2.65k| buf_eatstring(ses.payload); 944| | 945| | /* languages_server_to_client */ 946| 2.65k| buf_eatstring(ses.payload); 947| | 948| | /* their first_kex_packet_follows */ 949| 2.65k| if (buf_getbool(ses.payload)) { ------------------ | Branch (949:6): [True: 281, False: 2.37k] ------------------ 950| 281| TRACE(("them kex firstfollows. allgood %d", allgood)) 951| 281| ses.kexstate.them_firstfollows = 1; 952| | /* if the guess wasn't good, we ignore the packet sent */ 953| 281| if (!allgood) { ------------------ | Branch (953:7): [True: 163, False: 118] ------------------ 954| 163| ses.ignorenext = 1; 955| 163| } 956| 281| } 957| | 958| | /* Handle the asymmetry */ 959| 2.65k| if (IS_DROPBEAR_CLIENT) { ------------------ | | 320| 2.65k|#define IS_DROPBEAR_CLIENT (ses.isserver == 0) | | ------------------ | | | Branch (320:28): [True: 2.46k, False: 193] | | ------------------ ------------------ 960| 2.46k| ses.newkeys->recv.algo_crypt = 961| 2.46k| (struct dropbear_cipher*)s2c_cipher_algo->data; 962| 2.46k| ses.newkeys->trans.algo_crypt = 963| 2.46k| (struct dropbear_cipher*)c2s_cipher_algo->data; 964| 2.46k| ses.newkeys->recv.crypt_mode = 965| 2.46k| (struct dropbear_cipher_mode*)s2c_cipher_algo->mode; 966| 2.46k| ses.newkeys->trans.crypt_mode = 967| 2.46k| (struct dropbear_cipher_mode*)c2s_cipher_algo->mode; 968| 2.46k| ses.newkeys->recv.algo_mac = 969| 2.46k|#if DROPBEAR_AEAD_MODE 970| 2.46k| s2c_hash_algo == NULL ? ses.newkeys->recv.crypt_mode->aead_mac : ------------------ | Branch (970:4): [True: 109, False: 2.35k] ------------------ 971| 2.46k|#endif 972| 2.46k| (struct dropbear_hash*)s2c_hash_algo->data; 973| 2.46k| ses.newkeys->trans.algo_mac = 974| 2.46k|#if DROPBEAR_AEAD_MODE 975| 2.46k| c2s_hash_algo == NULL ? ses.newkeys->trans.crypt_mode->aead_mac : ------------------ | Branch (975:4): [True: 31, False: 2.43k] ------------------ 976| 2.46k|#endif 977| 2.46k| (struct dropbear_hash*)c2s_hash_algo->data; 978| 2.46k| ses.newkeys->recv.algo_comp = s2c_comp_algo->val; 979| 2.46k| ses.newkeys->trans.algo_comp = c2s_comp_algo->val; 980| 2.46k| } else { 981| | /* SERVER */ 982| 193| ses.newkeys->recv.algo_crypt = 983| 193| (struct dropbear_cipher*)c2s_cipher_algo->data; 984| 193| ses.newkeys->trans.algo_crypt = 985| 193| (struct dropbear_cipher*)s2c_cipher_algo->data; 986| 193| ses.newkeys->recv.crypt_mode = 987| 193| (struct dropbear_cipher_mode*)c2s_cipher_algo->mode; 988| 193| ses.newkeys->trans.crypt_mode = 989| 193| (struct dropbear_cipher_mode*)s2c_cipher_algo->mode; 990| 193| ses.newkeys->recv.algo_mac = 991| 193|#if DROPBEAR_AEAD_MODE 992| 193| c2s_hash_algo == NULL ? ses.newkeys->recv.crypt_mode->aead_mac : ------------------ | Branch (992:4): [True: 0, False: 193] ------------------ 993| 193|#endif 994| 193| (struct dropbear_hash*)c2s_hash_algo->data; 995| 193| ses.newkeys->trans.algo_mac = 996| 193|#if DROPBEAR_AEAD_MODE 997| 193| s2c_hash_algo == NULL ? ses.newkeys->trans.crypt_mode->aead_mac : ------------------ | Branch (997:4): [True: 0, False: 193] ------------------ 998| 193|#endif 999| 193| (struct dropbear_hash*)s2c_hash_algo->data; 1000| 193| ses.newkeys->recv.algo_comp = c2s_comp_algo->val; 1001| 193| ses.newkeys->trans.algo_comp = s2c_comp_algo->val; 1002| 193| } 1003| | 1004| 2.65k|#if DROPBEAR_FUZZ 1005| 2.65k| if (fuzz.fuzzing) { ------------------ | Branch (1005:6): [True: 2.46k, False: 193] ------------------ 1006| 2.46k| fuzz_kex_fakealgos(); 1007| 2.46k| } 1008| 2.65k|#endif 1009| | 1010| | /* reserved for future extensions */ 1011| 2.65k| buf_getint(ses.payload); 1012| | 1013| 2.65k| if (ses.send_kex_first_guess && allgood) { ------------------ | Branch (1013:6): [True: 2.46k, False: 197] | Branch (1013:34): [True: 123, False: 2.33k] ------------------ 1014| 123| TRACE(("our_first_follows_matches 1")) 1015| 123| ses.kexstate.our_first_follows_matches = 1; 1016| 123| } 1017| 2.65k| return; 1018| | 1019| 185|error: 1020| 185| dropbear_exit("No matching algo %s", erralgo); 1021| 2.66k|} readhostkey: 39| 1| enum signkey_type *type) { 40| | 41| 1| int ret = DROPBEAR_FAILURE; ------------------ | | 103| 1|#define DROPBEAR_FAILURE -1 ------------------ 42| 1| buffer *buf; 43| | 44| 1| buf = buf_new(MAX_PRIVKEY_SIZE); ------------------ | | 234| 1|#define MAX_PRIVKEY_SIZE 1700 ------------------ 45| | 46| 1| if (buf_readfile(buf, filename) == DROPBEAR_FAILURE) { ------------------ | | 103| 1|#define DROPBEAR_FAILURE -1 ------------------ | Branch (46:6): [True: 1, False: 0] ------------------ 47| 1| goto out; 48| 1| } 49| 0| buf_setpos(buf, 0); 50| | 51| 0| addrandom(buf_getptr(buf, buf->len), buf->len); 52| | 53| 0| if (buf_get_priv_key(buf, hostkey, type) == DROPBEAR_FAILURE) { ------------------ | | 103| 0|#define DROPBEAR_FAILURE -1 ------------------ | Branch (53:6): [True: 0, False: 0] ------------------ 54| 0| goto out; 55| 0| } 56| | 57| 0| ret = DROPBEAR_SUCCESS; ------------------ | | 102| 0|#define DROPBEAR_SUCCESS 0 ------------------ 58| 1|out: 59| | 60| 1| buf_burn_free(buf); 61| 1| return ret; 62| 0|} parse_ciphers_macs: 66| 1|parse_ciphers_macs() { 67| 1| int printed_help = 0; 68| 1| if (opts.cipher_list) { ------------------ | Branch (68:6): [True: 0, False: 1] ------------------ 69| 0| if (strcmp(opts.cipher_list, "help") == 0) { ------------------ | Branch (69:7): [True: 0, False: 0] ------------------ 70| 0| char *ciphers = algolist_string(sshciphers); 71| 0| dropbear_log(LOG_INFO, "Available ciphers: %s", ciphers); 72| 0| m_free(ciphers); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 73| 0| printed_help = 1; 74| 0| } else { 75| 0| if (check_user_algos(opts.cipher_list, sshciphers, "cipher") == 0) { ------------------ | Branch (75:8): [True: 0, False: 0] ------------------ 76| 0| dropbear_exit("No valid ciphers specified for '-c'"); 77| 0| } 78| 0| } 79| 0| } 80| | 81| 1| if (opts.mac_list) { ------------------ | Branch (81:6): [True: 0, False: 1] ------------------ 82| 0| if (strcmp(opts.mac_list, "help") == 0) { ------------------ | Branch (82:7): [True: 0, False: 0] ------------------ 83| 0| char *macs = algolist_string(sshhashes); 84| 0| dropbear_log(LOG_INFO, "Available MACs: %s", macs); 85| 0| m_free(macs); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 86| 0| printed_help = 1; 87| 0| } else { 88| 0| if (check_user_algos(opts.mac_list, sshhashes, "MAC") == 0) { ------------------ | Branch (88:8): [True: 0, False: 0] ------------------ 89| 0| dropbear_exit("No valid MACs specified for '-m'"); 90| 0| } 91| 0| } 92| 0| } 93| 1| if (printed_help) { ------------------ | Branch (93:6): [True: 0, False: 1] ------------------ 94| 0| dropbear_exit("."); 95| 0| } 96| 1|} common_session_init: 47| 3.51k|void common_session_init(int sock_in, int sock_out) { 48| 3.51k| time_t now; 49| | 50| |#if DEBUG_TRACE 51| | debug_start_net(); 52| |#endif 53| | 54| 3.51k| TRACE(("enter session_init")) 55| | 56| 3.51k| ses.sock_in = sock_in; 57| 3.51k| ses.sock_out = sock_out; 58| 3.51k| ses.maxfd = MAX(sock_in, sock_out); 59| | 60| 3.51k| if (sock_in >= 0) { ------------------ | Branch (60:6): [True: 3.51k, False: 0] ------------------ 61| 3.51k| setnonblocking(sock_in); 62| 3.51k| } 63| 3.51k| if (sock_out >= 0) { ------------------ | Branch (63:6): [True: 3.51k, False: 0] ------------------ 64| 3.51k| setnonblocking(sock_out); 65| 3.51k| } 66| | 67| 3.51k| ses.socket_prio = DROPBEAR_PRIO_NORMAL; 68| | /* Sets it to lowdelay */ 69| 3.51k| update_channel_prio(); 70| | 71| |#if !DROPBEAR_SVR_MULTIUSER 72| | /* A sanity check to prevent an accidental configuration option 73| | leaving multiuser systems exposed */ 74| | errno = 0; 75| | getuid(); 76| | if (errno != ENOSYS) { 77| | dropbear_exit("Non-multiuser Dropbear requires a non-multiuser kernel"); 78| | } 79| |#endif 80| | 81| 3.51k| now = monotonic_now(); 82| 3.51k| ses.connect_time = now; 83| 3.51k| ses.last_packet_time_keepalive_recv = now; 84| 3.51k| ses.last_packet_time_idle = now; 85| 3.51k| ses.last_packet_time_any_sent = 0; 86| 3.51k| ses.last_packet_time_keepalive_sent = 0; 87| | 88| 3.51k|#if DROPBEAR_FUZZ 89| 3.51k| if (!fuzz.fuzzing) ------------------ | Branch (89:6): [True: 0, False: 3.51k] ------------------ 90| 0|#endif 91| 0| { 92| 0| if (pipe(ses.signal_pipe) < 0) { ------------------ | Branch (92:6): [True: 0, False: 0] ------------------ 93| 0| dropbear_exit("Signal pipe failed"); 94| 0| } 95| 0| setnonblocking(ses.signal_pipe[0]); 96| 0| setnonblocking(ses.signal_pipe[1]); 97| 0| ses.maxfd = MAX(ses.maxfd, ses.signal_pipe[0]); 98| 0| ses.maxfd = MAX(ses.maxfd, ses.signal_pipe[1]); 99| 0| } 100| | 101| 3.51k| ses.writepayload = buf_new(TRANS_MAX_PAYLOAD_LEN); ------------------ | | 497| 3.51k|#define TRANS_MAX_PAYLOAD_LEN 16384 ------------------ 102| 3.51k| ses.transseq = 0; 103| | 104| 3.51k| ses.readbuf = NULL; 105| 3.51k| ses.payload = NULL; 106| 3.51k| ses.recvseq = 0; 107| | 108| 3.51k| initqueue(&ses.writequeue); 109| | 110| 3.51k| ses.requirenext = SSH_MSG_KEXINIT; ------------------ | | 36| 3.51k|#define SSH_MSG_KEXINIT 20 ------------------ 111| 3.51k| ses.dataallowed = 1; /* we can send data until we actually 112| | send the SSH_MSG_KEXINIT */ 113| 3.51k| ses.ignorenext = 0; 114| 3.51k| ses.lastpacket = 0; 115| 3.51k| ses.reply_queue_head = NULL; 116| 3.51k| ses.reply_queue_tail = NULL; 117| | 118| | /* set all the algos to none */ 119| 3.51k| ses.keys = (struct key_context*)m_malloc(sizeof(struct key_context)); 120| 3.51k| ses.newkeys = NULL; 121| 3.51k| ses.keys->recv.algo_crypt = &dropbear_nocipher; 122| 3.51k| ses.keys->trans.algo_crypt = &dropbear_nocipher; 123| 3.51k| ses.keys->recv.crypt_mode = &dropbear_mode_none; 124| 3.51k| ses.keys->trans.crypt_mode = &dropbear_mode_none; 125| | 126| 3.51k| ses.keys->recv.algo_mac = &dropbear_nohash; 127| 3.51k| ses.keys->trans.algo_mac = &dropbear_nohash; 128| | 129| 3.51k| ses.keys->algo_kex = NULL; 130| 3.51k| ses.keys->algo_hostkey = -1; 131| 3.51k| ses.keys->recv.algo_comp = DROPBEAR_COMP_NONE; 132| 3.51k| ses.keys->trans.algo_comp = DROPBEAR_COMP_NONE; 133| | 134| |#ifndef DISABLE_ZLIB 135| | ses.keys->recv.zstream = NULL; 136| | ses.keys->trans.zstream = NULL; 137| |#endif 138| | 139| | /* key exchange buffers */ 140| 3.51k| ses.session_id = NULL; 141| 3.51k| ses.kexhashbuf = NULL; 142| 3.51k| ses.transkexinit = NULL; 143| 3.51k| ses.dh_K = NULL; 144| 3.51k| ses.remoteident = NULL; 145| | 146| 3.51k| ses.chantypes = NULL; 147| | 148| 3.51k| ses.allowprivport = 0; 149| | 150| |#if DROPBEAR_PLUGIN 151| | ses.plugin_session = NULL; 152| |#endif 153| | 154| 3.51k| TRACE(("leave session_init")) 155| 3.51k|} session_loop: 157| 3.51k|void session_loop(void(*loophandler)(void)) { 158| | 159| 3.51k| fd_set readfd, writefd; 160| 3.51k| struct timeval timeout; 161| 3.51k| int val; 162| | 163| | /* main loop, select()s for all sockets in use */ 164| 107k| for(;;) { 165| 107k| const int writequeue_has_space = (ses.writequeue_len <= 2*TRANS_MAX_PAYLOAD_LEN); ------------------ | | 497| 107k|#define TRANS_MAX_PAYLOAD_LEN 16384 ------------------ 166| | 167| 107k| timeout.tv_sec = select_timeout(); 168| 107k| timeout.tv_usec = 0; 169| 107k| DROPBEAR_FD_ZERO(&writefd); ------------------ | | 104| 107k|#define DROPBEAR_FD_ZERO(fds) FD_ZERO(fds) ------------------ 170| 107k| DROPBEAR_FD_ZERO(&readfd); ------------------ | | 104| 107k|#define DROPBEAR_FD_ZERO(fds) FD_ZERO(fds) ------------------ 171| | 172| 107k| dropbear_assert(ses.payload == NULL); ------------------ | | 83| 107k|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (83:37): [True: 0, False: 107k] | | | Branch (83:93): [Folded - Ignored] | | ------------------ ------------------ 173| | 174| | /* We get woken up when signal handlers write to this pipe. 175| | SIGCHLD in svr-chansession is the only one currently. */ 176| 107k|#if DROPBEAR_FUZZ 177| 107k| if (!fuzz.fuzzing) ------------------ | Branch (177:7): [True: 0, False: 107k] ------------------ 178| 0|#endif 179| 0| { 180| 0| FD_SET(ses.signal_pipe[0], &readfd); 181| 0| } 182| | 183| | /* set up for channels which can be read/written */ 184| 107k| setchannelfds(&readfd, &writefd, writequeue_has_space); 185| | 186| | /* Pending connections to test */ 187| 107k| set_connect_fds(&writefd); 188| | 189| | /* We delay reading from the input socket during initial setup until 190| | after we have written out our initial KEXINIT packet (empty writequeue). 191| | This means our initial packet can be in-flight while we're doing a blocking 192| | read for the remote ident. 193| | We also avoid reading from the socket if the writequeue is full, that avoids 194| | replies backing up */ 195| 107k| if (ses.sock_in != -1 ------------------ | Branch (195:7): [True: 107k, False: 0] ------------------ 196| 107k| && (ses.remoteident || isempty(&ses.writequeue)) ------------------ | Branch (196:8): [True: 93.0k, False: 14.2k] | Branch (196:27): [True: 3.68k, False: 10.5k] ------------------ 197| 107k| && writequeue_has_space) { ------------------ | Branch (197:7): [True: 96.7k, False: 0] ------------------ 198| 96.7k| FD_SET(ses.sock_in, &readfd); 199| 96.7k| } 200| | 201| | /* Ordering is important, this test must occur after any other function 202| | might have queued packets (such as connection handlers) */ 203| 107k| if (ses.sock_out != -1 && !isempty(&ses.writequeue)) { ------------------ | Branch (203:7): [True: 107k, False: 0] | Branch (203:29): [True: 10.5k, False: 96.7k] ------------------ 204| 10.5k| FD_SET(ses.sock_out, &writefd); 205| 10.5k| } 206| | 207| 107k| val = select(ses.maxfd+1, &readfd, &writefd, NULL, &timeout); ------------------ | | 53| 107k| wrapfd_select(nfds, readfds, writefds, exceptfds, timeout) ------------------ 208| | 209| 107k| if (ses.exitflag) { ------------------ | Branch (209:7): [True: 0, False: 107k] ------------------ 210| 0| dropbear_exit("Terminated by signal"); 211| 0| } 212| | 213| 107k| if (val < 0 && errno != EINTR) { ------------------ | Branch (213:7): [True: 103, False: 107k] | Branch (213:18): [True: 0, False: 103] ------------------ 214| 0| dropbear_exit("Error in select"); 215| 0| } 216| | 217| 107k| if (val <= 0) { ------------------ | Branch (217:7): [True: 3.85k, False: 103k] ------------------ 218| | /* If we were interrupted or the select timed out, we still 219| | * want to iterate over channels etc for reading, to handle 220| | * server processes exiting etc. 221| | * We don't want to read/write FDs. */ 222| 3.85k| DROPBEAR_FD_ZERO(&writefd); ------------------ | | 104| 3.85k|#define DROPBEAR_FD_ZERO(fds) FD_ZERO(fds) ------------------ 223| 3.85k| DROPBEAR_FD_ZERO(&readfd); ------------------ | | 104| 3.85k|#define DROPBEAR_FD_ZERO(fds) FD_ZERO(fds) ------------------ 224| 3.85k| } 225| | 226| | /* We'll just empty out the pipe if required. We don't do 227| | any thing with the data, since the pipe's purpose is purely to 228| | wake up the select() above. */ 229| 107k| ses.channel_signal_pending = 0; 230| 107k| if (FD_ISSET(ses.signal_pipe[0], &readfd)) { 231| 0| char x; 232| 0| TRACE(("signal pipe set")) 233| 0| while (read(ses.signal_pipe[0], &x, 1) > 0) {} ------------------ | | 55| 0|#define read(fd, buf, count) wrapfd_read(fd, buf, count) ------------------ | Branch (233:11): [True: 0, False: 0] ------------------ 234| 0| ses.channel_signal_pending = 1; 235| 0| } 236| | 237| | /* check for auth timeout, rekeying required etc */ 238| 107k| checktimeouts(); 239| | 240| | /* process session socket's incoming data */ 241| 107k| if (ses.sock_in != -1) { ------------------ | Branch (241:7): [True: 107k, False: 0] ------------------ 242| 107k| if (FD_ISSET(ses.sock_in, &readfd)) { 243| 93.1k| if (!ses.remoteident) { ------------------ | Branch (243:9): [True: 3.51k, False: 89.6k] ------------------ 244| | /* blocking read of the version string */ 245| 3.51k| read_session_identification(); 246| 89.6k| } else { 247| 89.6k| read_packet(); 248| 89.6k| } 249| 93.1k| } 250| | 251| | /* Process the decrypted packet. After this, the read buffer 252| | * will be ready for a new packet */ 253| 107k| if (ses.payload != NULL) { ------------------ | Branch (253:8): [True: 22.0k, False: 85.2k] ------------------ 254| 22.0k| process_packet(); 255| 22.0k| } 256| 107k| } 257| | 258| | /* if required, flush out any queued reply packets that 259| | were being held up during a KEX */ 260| 107k| maybe_flush_reply_queue(); 261| | 262| 107k| handle_connect_fds(&writefd); 263| | 264| | /* loop handler prior to channelio, in case the server loophandler closes 265| | channels on process exit */ 266| 107k| loophandler(); 267| | 268| | /* process pipes etc for the channels, ses.dataallowed == 0 269| | * during rekeying ) */ 270| 107k| channelio(&readfd, &writefd); 271| | 272| | /* process session socket's outgoing data */ 273| 107k| if (ses.sock_out != -1) { ------------------ | Branch (273:7): [True: 103k, False: 3.51k] ------------------ 274| 103k| if (!isempty(&ses.writequeue)) { ------------------ | Branch (274:8): [True: 28.7k, False: 74.9k] ------------------ 275| 28.7k| write_packet(); 276| 28.7k| } 277| 103k| } 278| | 279| 107k| } /* for(;;) */ 280| | 281| | /* Not reached */ 282| 3.51k|} session_cleanup: 293| 3.51k|void session_cleanup() { 294| | 295| 3.51k| TRACE(("enter session_cleanup")) 296| | 297| | /* we can't cleanup if we don't know the session state */ 298| 3.51k| if (!ses.init_done) { ------------------ | Branch (298:6): [True: 0, False: 3.51k] ------------------ 299| 0| TRACE(("leave session_cleanup: !ses.init_done")) 300| 0| return; 301| 0| } 302| | 303| | /* BEWARE of changing order of functions here. */ 304| | 305| | /* Must be before extra_session_cleanup() */ 306| 3.51k| chancleanup(); 307| | 308| 3.51k| if (ses.extra_session_cleanup) { ------------------ | Branch (308:6): [True: 3.51k, False: 0] ------------------ 309| 3.51k| ses.extra_session_cleanup(); 310| 3.51k| } 311| | 312| | /* After these are freed most functions will fail */ 313| 3.51k|#if DROPBEAR_CLEANUP 314| | /* listeners call cleanup functions, this should occur before 315| | other session state is freed. */ 316| 3.51k| remove_all_listeners(); 317| | 318| 3.51k| remove_connect_pending(); 319| | 320| 3.51k| while (!isempty(&ses.writequeue)) { ------------------ | Branch (320:9): [True: 0, False: 3.51k] ------------------ 321| 0| buf_free(dequeue(&ses.writequeue)); 322| 0| } 323| | 324| 3.51k| m_free(ses.newkeys); ------------------ | | 24| 3.51k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 325| |#ifndef DISABLE_ZLIB 326| | if (ses.keys->recv.zstream != NULL) { 327| | if (inflateEnd(ses.keys->recv.zstream) == Z_STREAM_ERROR) { 328| | dropbear_exit("Crypto error"); 329| | } 330| | m_free(ses.keys->recv.zstream); 331| | } 332| |#endif 333| | 334| 3.51k| m_free(ses.remoteident); ------------------ | | 24| 3.51k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 335| 3.51k| m_free(ses.authstate.pw_dir); ------------------ | | 24| 3.51k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 336| 3.51k| m_free(ses.authstate.pw_name); ------------------ | | 24| 3.51k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 337| 3.51k| m_free(ses.authstate.pw_shell); ------------------ | | 24| 3.51k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 338| 3.51k| m_free(ses.authstate.pw_passwd); ------------------ | | 24| 3.51k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 339| 3.51k| m_free(ses.authstate.username); ------------------ | | 24| 3.51k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 340| 3.51k|#endif 341| | 342| 3.51k| cleanup_buf(&ses.session_id); 343| 3.51k| cleanup_buf(&ses.hash); 344| 3.51k| cleanup_buf(&ses.payload); 345| 3.51k| cleanup_buf(&ses.readbuf); 346| 3.51k| cleanup_buf(&ses.writepayload); 347| 3.51k| cleanup_buf(&ses.kexhashbuf); 348| 3.51k| cleanup_buf(&ses.transkexinit); 349| 3.51k| if (ses.dh_K) { ------------------ | Branch (349:6): [True: 1.44k, False: 2.07k] ------------------ 350| 1.44k| mp_clear(ses.dh_K); 351| 1.44k| } 352| 3.51k| m_free(ses.dh_K); ------------------ | | 24| 3.51k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 353| | 354| 3.51k| m_burn(ses.keys, sizeof(struct key_context)); 355| 3.51k| m_free(ses.keys); ------------------ | | 24| 3.51k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 356| | 357| 3.51k| TRACE(("leave session_cleanup")) 358| 3.51k|} send_session_identification: 360| 3.51k|void send_session_identification() { 361| 3.51k| buffer *writebuf = buf_new(strlen(LOCAL_IDENT "\r\n") + 1); ------------------ | | 10| 3.51k|#define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION ------------------ 362| 3.51k| buf_putbytes(writebuf, (const unsigned char *) LOCAL_IDENT "\r\n", strlen(LOCAL_IDENT "\r\n")); ------------------ | | 10| 3.51k|#define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION ------------------ buf_putbytes(writebuf, (const unsigned char *) LOCAL_IDENT "\r\n", strlen(LOCAL_IDENT "\r\n")); ------------------ | | 10| 3.51k|#define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION ------------------ 363| 3.51k| writebuf_enqueue(writebuf); 364| 3.51k|} update_channel_prio: 668| 3.51k|void update_channel_prio() { 669| 3.51k| enum dropbear_prio new_prio; 670| 3.51k| int any = 0; 671| 3.51k| unsigned int i; 672| | 673| 3.51k| TRACE(("update_channel_prio")) 674| | 675| 3.51k| if (ses.sock_out < 0) { ------------------ | Branch (675:6): [True: 0, False: 3.51k] ------------------ 676| 0| TRACE(("leave update_channel_prio: no socket")) 677| 0| return; 678| 0| } 679| | 680| 3.51k| new_prio = DROPBEAR_PRIO_NORMAL; 681| 3.51k| for (i = 0; i < ses.chansize; i++) { ------------------ | Branch (681:14): [True: 0, False: 3.51k] ------------------ 682| 0| struct Channel *channel = ses.channels[i]; 683| 0| if (!channel) { ------------------ | Branch (683:7): [True: 0, False: 0] ------------------ 684| 0| continue; 685| 0| } 686| 0| any = 1; 687| 0| if (channel->prio == DROPBEAR_PRIO_LOWDELAY) { ------------------ | Branch (687:7): [True: 0, False: 0] ------------------ 688| 0| new_prio = DROPBEAR_PRIO_LOWDELAY; 689| 0| break; 690| 0| } 691| 0| } 692| | 693| 3.51k| if (any == 0) { ------------------ | Branch (693:6): [True: 3.51k, False: 0] ------------------ 694| | /* lowdelay during setup */ 695| 3.51k| TRACE(("update_channel_prio: not any")) 696| 3.51k| new_prio = DROPBEAR_PRIO_LOWDELAY; 697| 3.51k| } 698| | 699| 3.51k| if (new_prio != ses.socket_prio) { ------------------ | Branch (699:6): [True: 3.51k, False: 0] ------------------ 700| 3.51k| TRACE(("Dropbear priority transitioning %d -> %d", ses.socket_prio, new_prio)) 701| 3.51k| set_sock_priority(ses.sock_out, new_prio); 702| 3.51k| ses.socket_prio = new_prio; 703| 3.51k| } 704| 3.51k|} common-session.c:cleanup_buf: 284| 24.6k|static void cleanup_buf(buffer **buf) { 285| 24.6k| if (!*buf) { ------------------ | Branch (285:6): [True: 12.4k, False: 12.1k] ------------------ 286| 12.4k| return; 287| 12.4k| } 288| 12.1k| buf_burn_free(*buf); 289| 12.1k| *buf = NULL; 290| 12.1k|} common-session.c:read_session_identification: 366| 3.51k|static void read_session_identification() { 367| | /* max length of 255 chars */ 368| 3.51k| char linebuf[256]; 369| 3.51k| int len = 0; 370| 3.51k| char done = 0; 371| 3.51k| int i; 372| | 373| | /* Servers may send other lines of data before sending the 374| | * version string, client must be able to process such lines. 375| | * If they send more than 50 lines, something is wrong */ 376| 7.03k| for (i = IS_DROPBEAR_CLIENT ? 50 : 1; i > 0; i--) { ------------------ | | 320| 3.51k|#define IS_DROPBEAR_CLIENT (ses.isserver == 0) | | ------------------ | | | Branch (320:28): [True: 3.51k, False: 0] | | ------------------ ------------------ | Branch (376:40): [True: 6.97k, False: 62] ------------------ 377| 6.97k| len = ident_readln(ses.sock_in, linebuf, sizeof(linebuf)); 378| | 379| 6.97k| if (len < 0 && errno != EINTR) { ------------------ | Branch (379:7): [True: 3.23k, False: 3.74k] | Branch (379:18): [True: 103, False: 3.13k] ------------------ 380| | /* It failed */ 381| 103| break; 382| 103| } 383| | 384| 6.87k| if (len >= 4 && memcmp(linebuf, "SSH-", 4) == 0) { ------------------ | Branch (384:7): [True: 3.64k, False: 3.22k] | Branch (384:19): [True: 3.35k, False: 297] ------------------ 385| | /* start of line matches */ 386| 3.35k| done = 1; 387| 3.35k| break; 388| 3.35k| } 389| 6.87k| } 390| | 391| 3.51k| if (!done) { ------------------ | Branch (391:6): [True: 165, False: 3.35k] ------------------ 392| 165| TRACE(("error reading remote ident: %s\n", strerror(errno))) 393| 165| ses.remoteclosed(); 394| 3.35k| } else { 395| | /* linebuf is already null terminated */ 396| 3.35k| ses.remoteident = m_malloc(len); 397| 3.35k| memcpy(ses.remoteident, linebuf, len); 398| 3.35k| } 399| | 400| | /* Shall assume that 2.x will be backwards compatible. */ 401| 3.51k| if (strncmp(ses.remoteident, "SSH-2.", 6) != 0 ------------------ | Branch (401:6): [True: 62, False: 3.45k] ------------------ 402| 3.51k| && strncmp(ses.remoteident, "SSH-1.99-", 9) != 0) { ------------------ | Branch (402:7): [True: 61, False: 1] ------------------ 403| 61| dropbear_exit("Incompatible remote version '%s'", ses.remoteident); 404| 61| } 405| | 406| 3.51k| DEBUG1(("remoteident: %s", ses.remoteident)) 407| | 408| 3.51k|} common-session.c:ident_readln: 412| 6.97k|static int ident_readln(int fd, char* buf, int count) { 413| | 414| 6.97k| char in; 415| 6.97k| int pos = 0; 416| 6.97k| int num = 0; 417| 6.97k| fd_set fds; 418| 6.97k| struct timeval timeout; 419| | 420| 6.97k| TRACE(("enter ident_readln")) 421| | 422| 6.97k| if (count < 1) { ------------------ | Branch (422:6): [True: 0, False: 6.97k] ------------------ 423| 0| return -1; 424| 0| } 425| | 426| 6.97k| DROPBEAR_FD_ZERO(&fds); ------------------ | | 104| 6.97k|#define DROPBEAR_FD_ZERO(fds) FD_ZERO(fds) ------------------ 427| | 428| | /* select since it's a non-blocking fd */ 429| | 430| | /* leave space to null-terminate */ 431| 89.3k| while (pos < count-1) { ------------------ | Branch (431:9): [True: 89.1k, False: 122] ------------------ 432| | 433| 89.1k| FD_SET(fd, &fds); 434| | 435| 89.1k| timeout.tv_sec = 1; 436| 89.1k| timeout.tv_usec = 0; 437| 89.1k| if (select(fd+1, &fds, NULL, NULL, &timeout) < 0) { ------------------ | | 53| 89.1k| wrapfd_select(nfds, readfds, writefds, exceptfds, timeout) ------------------ | Branch (437:7): [True: 179, False: 89.0k] ------------------ 438| 179| if (errno == EINTR) { ------------------ | Branch (438:8): [True: 179, False: 0] ------------------ 439| 179| continue; 440| 179| } 441| 0| TRACE(("leave ident_readln: select error")) 442| 0| return -1; 443| 179| } 444| | 445| 89.0k| checktimeouts(); 446| | 447| | /* Have to go one byte at a time, since we don't want to read past 448| | * the end, and have to somehow shove bytes back into the normal 449| | * packet reader */ 450| 89.0k| if (FD_ISSET(fd, &fds)) { 451| 89.0k| num = read(fd, &in, 1); ------------------ | | 55| 89.0k|#define read(fd, buf, count) wrapfd_read(fd, buf, count) ------------------ 452| | /* a "\n" is a newline, "\r" we want to read in and keep going 453| | * so that it won't be read as part of the next line */ 454| 89.0k| if (num < 0) { ------------------ | Branch (454:8): [True: 153, False: 88.8k] ------------------ 455| | /* error */ 456| 153| if (errno == EINTR) { ------------------ | Branch (456:9): [True: 136, False: 17] ------------------ 457| 136| continue; /* not a real error */ 458| 136| } 459| 17| TRACE(("leave ident_readln: read error")) 460| 17| return -1; 461| 153| } 462| 88.8k| if (num == 0) { ------------------ | Branch (462:8): [True: 3.21k, False: 85.6k] ------------------ 463| | /* EOF */ 464| 3.21k| TRACE(("leave ident_readln: EOF")) 465| 3.21k| return -1; 466| 3.21k| } 467| | 468| 85.6k|#if DROPBEAR_FUZZ 469| 85.6k| fuzz_dump(&in, 1); 470| 85.6k|#endif 471| | 472| 85.6k| if (in == '\n') { ------------------ | Branch (472:8): [True: 3.61k, False: 82.0k] ------------------ 473| | /* end of ident string */ 474| 3.61k| break; 475| 3.61k| } 476| | /* we don't want to include '\r's */ 477| 82.0k| if (in != '\r') { ------------------ | Branch (477:8): [True: 79.6k, False: 2.39k] ------------------ 478| 79.6k| buf[pos] = in; 479| 79.6k| pos++; 480| 79.6k| } 481| 82.0k| } 482| 89.0k| } 483| | 484| 3.74k| buf[pos] = '\0'; 485| 3.74k| TRACE(("leave ident_readln: return %d", pos+1)) 486| 3.74k| return pos+1; 487| 6.97k|} common-session.c:checktimeouts: 533| 196k|static void checktimeouts() { 534| | 535| 196k| time_t now; 536| 196k| now = monotonic_now(); 537| | 538| 196k| if (IS_DROPBEAR_SERVER && ses.connect_time != 0 ------------------ | | 319| 392k|#define IS_DROPBEAR_SERVER (ses.isserver == 1) | | ------------------ | | | Branch (319:28): [True: 0, False: 196k] | | ------------------ ------------------ | Branch (538:28): [True: 0, False: 0] ------------------ 539| 196k| && elapsed(now, ses.connect_time) >= AUTH_TIMEOUT) { ------------------ | | 31| 0|#define AUTH_TIMEOUT 300 /* we choose 5 minutes */ ------------------ | Branch (539:6): [True: 0, False: 0] ------------------ 540| 0| dropbear_close("Timeout before auth"); 541| 0| } 542| | 543| | /* we can't rekey if we haven't done remote ident exchange yet */ 544| 196k| if (ses.remoteident == NULL) { ------------------ | Branch (544:6): [True: 103k, False: 93.0k] ------------------ 545| 103k| return; 546| 103k| } 547| | 548| 93.0k| if (!ses.kexstate.sentkexinit ------------------ | Branch (548:6): [True: 0, False: 93.0k] ------------------ 549| 93.0k| && (elapsed(now, ses.kexstate.lastkextime) >= KEX_REKEY_TIMEOUT ------------------ | | 24| 0|#define KEX_REKEY_TIMEOUT (3600 * 8) ------------------ | Branch (549:8): [True: 0, False: 0] ------------------ 550| 0| || ses.kexstate.datarecv+ses.kexstate.datatrans >= KEX_REKEY_DATA)) { ------------------ | | 27| 0|#define KEX_REKEY_DATA (1<<30) /* 2^30 == 1GB, this value must be < INT_MAX */ ------------------ | Branch (550:7): [True: 0, False: 0] ------------------ 551| 0| TRACE(("rekeying after timeout or max data reached")) 552| 0| send_msg_kexinit(); 553| 0| } 554| | 555| 93.0k| if (opts.keepalive_secs > 0 && ses.authstate.authdone) { ------------------ | Branch (555:6): [True: 0, False: 93.0k] | Branch (555:33): [True: 0, False: 0] ------------------ 556| | /* Avoid sending keepalives prior to auth - those are 557| | not valid pre-auth packet types */ 558| | 559| | /* Send keepalives if we've been idle */ 560| 0| if (elapsed(now, ses.last_packet_time_any_sent) >= opts.keepalive_secs) { ------------------ | Branch (560:7): [True: 0, False: 0] ------------------ 561| 0| send_msg_keepalive(); 562| 0| } 563| | 564| | /* Also send an explicit keepalive message to trigger a response 565| | if the remote end hasn't sent us anything */ 566| 0| if (elapsed(now, ses.last_packet_time_keepalive_recv) >= opts.keepalive_secs ------------------ | Branch (566:7): [True: 0, False: 0] ------------------ 567| 0| && elapsed(now, ses.last_packet_time_keepalive_sent) >= opts.keepalive_secs) { ------------------ | Branch (567:7): [True: 0, False: 0] ------------------ 568| 0| send_msg_keepalive(); 569| 0| } 570| | 571| 0| if (elapsed(now, ses.last_packet_time_keepalive_recv) ------------------ | Branch (571:7): [True: 0, False: 0] ------------------ 572| 0| >= opts.keepalive_secs * DEFAULT_KEEPALIVE_LIMIT) { ------------------ | | 510| 0|#define DEFAULT_KEEPALIVE_LIMIT 3 ------------------ 573| 0| dropbear_exit("Keepalive timeout"); 574| 0| } 575| 0| } 576| | 577| 93.0k| if (opts.idle_timeout_secs > 0 ------------------ | Branch (577:6): [True: 0, False: 93.0k] ------------------ 578| 93.0k| && elapsed(now, ses.last_packet_time_idle) >= opts.idle_timeout_secs) { ------------------ | Branch (578:7): [True: 0, False: 0] ------------------ 579| 0| dropbear_close("Idle timeout"); 580| 0| } 581| 93.0k|} common-session.c:select_timeout: 594| 107k|static long select_timeout() { 595| | /* determine the minimum timeout that might be required, so 596| | as to avoid waking when unneccessary */ 597| 107k| long timeout = KEX_REKEY_TIMEOUT; ------------------ | | 24| 107k|#define KEX_REKEY_TIMEOUT (3600 * 8) ------------------ 598| 107k| time_t now = monotonic_now(); 599| | 600| 107k| if (!ses.kexstate.sentkexinit) { ------------------ | Branch (600:6): [True: 0, False: 107k] ------------------ 601| 0| update_timeout(KEX_REKEY_TIMEOUT, now, ses.kexstate.lastkextime, &timeout); ------------------ | | 24| 0|#define KEX_REKEY_TIMEOUT (3600 * 8) ------------------ 602| 0| } 603| | 604| 107k| if (ses.authstate.authdone != 1 && IS_DROPBEAR_SERVER) { ------------------ | | 319| 107k|#define IS_DROPBEAR_SERVER (ses.isserver == 1) | | ------------------ | | | Branch (319:28): [True: 0, False: 107k] | | ------------------ ------------------ | Branch (604:6): [True: 107k, False: 0] ------------------ 605| | /* AUTH_TIMEOUT is only relevant before authdone */ 606| 0| update_timeout(AUTH_TIMEOUT, now, ses.connect_time, &timeout); ------------------ | | 31| 0|#define AUTH_TIMEOUT 300 /* we choose 5 minutes */ ------------------ 607| 0| } 608| | 609| 107k| if (ses.authstate.authdone) { ------------------ | Branch (609:6): [True: 0, False: 107k] ------------------ 610| 0| update_timeout(opts.keepalive_secs, now, 611| 0| MAX(ses.last_packet_time_keepalive_recv, ses.last_packet_time_keepalive_sent), 612| 0| &timeout); 613| 0| } 614| | 615| 107k| update_timeout(opts.idle_timeout_secs, now, ses.last_packet_time_idle, 616| 107k| &timeout); 617| | 618| | /* clamp negative timeouts to zero - event has already triggered */ 619| 107k| return MAX(timeout, 0); 620| 107k|} common-session.c:update_timeout: 583| 107k|static void update_timeout(long limit, time_t now, time_t last_event, long * timeout) { 584| 107k| TRACE2(("update_timeout limit %ld, now %llu, last %llu, timeout %ld", 585| 107k| limit, 586| 107k| (unsigned long long)now, 587| 107k| (unsigned long long)last_event, *timeout)) 588| 107k| if (last_event > 0 && limit > 0) { ------------------ | Branch (588:6): [True: 107k, False: 0] | Branch (588:24): [True: 0, False: 107k] ------------------ 589| 0| *timeout = MIN(*timeout, elapsed(now, last_event) + limit); 590| 0| TRACE2(("new timeout %ld", *timeout)) 591| 0| } 592| 107k|} strlcat: 128| 2|{ 129| 2| char *d = dst; 130| 2| const char *s = src; 131| 2| size_t n = siz; 132| 2| size_t dlen; 133| | 134| | /* Find the end of dst and adjust bytes left but don't go past end */ 135| 8| while (n-- != 0 && *d != '\0') ------------------ | Branch (135:9): [True: 8, False: 0] | Branch (135:21): [True: 6, False: 2] ------------------ 136| 6| d++; 137| 2| dlen = d - dst; 138| 2| n = siz - dlen; 139| | 140| 2| if (n == 0) ------------------ | Branch (140:6): [True: 0, False: 2] ------------------ 141| 0| return(dlen + strlen(s)); 142| 9| while (*s != '\0') { ------------------ | Branch (142:9): [True: 7, False: 2] ------------------ 143| 7| if (n != 1) { ------------------ | Branch (143:7): [True: 6, False: 1] ------------------ 144| 6| *d++ = *s; 145| 6| n--; 146| 6| } 147| 7| s++; 148| 7| } 149| 2| *d = '\0'; 150| | 151| 2| return(dlen + (s - src)); /* count does not include NUL */ 152| 2|} crypto_init: 21| 1|void crypto_init() { 22| | 23| 1| const struct ltc_cipher_descriptor *regciphers[] = { 24| 1|#if DROPBEAR_AES 25| 1| &aes_desc, 26| 1|#endif 27| |#if DROPBEAR_3DES 28| | &des3_desc, 29| |#endif 30| 1| NULL 31| 1| }; 32| | 33| 1| const struct ltc_hash_descriptor *reghashes[] = { 34| 1|#if DROPBEAR_SHA1_HMAC 35| 1| &sha1_desc, 36| 1|#endif 37| 1|#if DROPBEAR_SHA256 38| 1| &sha256_desc, 39| 1|#endif 40| 1|#if DROPBEAR_SHA384 41| 1| &sha384_desc, 42| 1|#endif 43| 1|#if DROPBEAR_SHA512 44| 1| &sha512_desc, 45| 1|#endif 46| 1| NULL 47| 1| }; 48| 1| int i; 49| | 50| 2| for (i = 0; regciphers[i] != NULL; i++) { ------------------ | Branch (50:14): [True: 1, False: 1] ------------------ 51| 1| if (register_cipher(regciphers[i]) == -1) { ------------------ | Branch (51:7): [True: 0, False: 1] ------------------ 52| 0| dropbear_exit("Error registering crypto"); 53| 0| } 54| 1| } 55| | 56| 5| for (i = 0; reghashes[i] != NULL; i++) { ------------------ | Branch (56:14): [True: 4, False: 1] ------------------ 57| 4| if (register_hash(reghashes[i]) == -1) { ------------------ | Branch (57:7): [True: 0, False: 4] ------------------ 58| 0| dropbear_exit("Error registering crypto"); 59| 0| } 60| 4| } 61| | 62| 1|#if DROPBEAR_LTC_PRNG 63| 1| dropbear_ltc_prng = register_prng(&dropbear_prng_desc); 64| 1| if (dropbear_ltc_prng == -1) { ------------------ | Branch (64:6): [True: 0, False: 1] ------------------ 65| 0| dropbear_exit("Error registering crypto"); 66| 0| } 67| 1|#endif 68| | 69| 1| mp_rand_source(dropbear_rand_source); 70| | 71| 1|#if DROPBEAR_ECC 72| 1| ltc_mp = ltm_desc; 73| 1| dropbear_ecc_fill_dp(); 74| 1|#endif 75| 1|} dropbear_curve25519_scalarmult: 212| 3.82k|{ 213| 3.82k| u8 z[32]; 214| 3.82k| i64 x[80],r,i; 215| 3.82k| gf a,b,c,d,e,f; 216| 118k| FOR(i,31) z[i]=n[i]; ------------------ | | 34| 122k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 118k, False: 3.82k] | | ------------------ ------------------ 217| 3.82k| z[31]=(n[31]&127)|64; 218| 3.82k| z[0]&=248; 219| 3.82k| unpack25519(x,p); 220| 61.1k| FOR(i,16) { ------------------ | | 34| 64.9k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 61.1k, False: 3.82k] | | ------------------ ------------------ 221| 61.1k| b[i]=x[i]; 222| 61.1k| d[i]=a[i]=c[i]=0; 223| 61.1k| } 224| 3.82k| a[0]=d[0]=1; 225| 978k| for(i=254;i>=0;--i) { ------------------ | Branch (225:13): [True: 974k, False: 3.82k] ------------------ 226| 974k| r=(z[i>>3]>>(i&7))&1; 227| 974k| sel25519(a,b,r); 228| 974k| sel25519(c,d,r); 229| 974k| A(e,a,c); 230| 974k| Z(a,a,c); 231| 974k| A(c,b,d); 232| 974k| Z(b,b,d); 233| 974k| S(d,e); 234| 974k| S(f,a); 235| 974k| M(a,c,a); 236| 974k| M(c,b,e); 237| 974k| A(e,a,c); 238| 974k| Z(a,a,c); 239| 974k| S(b,a); 240| 974k| Z(c,d,f); 241| 974k| M(a,c,_121665); 242| 974k| A(a,a,d); 243| 974k| M(c,c,a); 244| 974k| M(a,d,f); 245| 974k| M(d,b,x); 246| 974k| S(b,e); 247| 974k| sel25519(a,b,r); 248| 974k| sel25519(c,d,r); 249| 974k| } 250| 61.1k| FOR(i,16) { ------------------ | | 34| 64.9k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 61.1k, False: 3.82k] | | ------------------ ------------------ 251| 61.1k| x[i+16]=a[i]; 252| 61.1k| x[i+32]=c[i]; 253| 61.1k| x[i+48]=b[i]; 254| 61.1k| x[i+64]=d[i]; 255| 61.1k| } 256| 3.82k| inv25519(x+32,x+32); 257| 3.82k| M(x+16,x+16,x+32); 258| 3.82k| pack25519(q,x+16); 259| 3.82k|} dropbear_ed25519_verify: 466| 13|{ 467| 13| hash_state hs; 468| 13| u8 t[32],h[64]; 469| 13| gf p[4],q[4]; 470| | 471| 13| if (slen < 64) return -1; ------------------ | Branch (471:7): [True: 0, False: 13] ------------------ 472| | 473| 13| if (unpackneg(q,pk)) return -1; ------------------ | Branch (473:7): [True: 4, False: 9] ------------------ 474| | 475| 9| sha512_init(&hs); 476| 9| sha512_process(&hs,s,32); 477| 9| sha512_process(&hs,pk,32); 478| 9| sha512_process(&hs,m,mlen); 479| 9| sha512_done(&hs,h); 480| | 481| 9| reduce(h); 482| 9| scalarmult(p,q,h); 483| | 484| 9| scalarbase(q,s + 32); 485| 9| add(p,q); 486| 9| pack(t,p); 487| | 488| 9| if (crypto_verify_32(s, t)) ------------------ | Branch (488:7): [True: 9, False: 0] ------------------ 489| 9| return -1; 490| | 491| 0| return 0; 492| 9|} curve25519.c:unpack25519: 150| 3.83k|{ 151| 3.83k| int i; 152| 61.3k| FOR(i,16) o[i]=n[2*i]+((i64)n[2*i+1]<<8); ------------------ | | 34| 65.1k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 61.3k, False: 3.83k] | | ------------------ ------------------ 153| 3.83k| o[15]&=0x7fff; 154| 3.83k|} curve25519.c:sel25519: 96| 3.94M|{ 97| 3.94M| i64 t,i,c=~(b-1); 98| 63.0M| FOR(i,16) { ------------------ | | 34| 67.0M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 63.0M, False: 3.94M] | | ------------------ ------------------ 99| 63.0M| t= c&(p[i]^q[i]); 100| 63.0M| p[i]^=t; 101| 63.0M| q[i]^=t; 102| 63.0M| } 103| 3.94M|} curve25519.c:A: 157| 3.94M|{ 158| 3.94M| int i; 159| 63.0M| FOR(i,16) o[i]=a[i]+b[i]; ------------------ | | 34| 67.0M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 63.0M, False: 3.94M] | | ------------------ ------------------ 160| 3.94M|} curve25519.c:Z: 163| 3.93M|{ 164| 3.93M| int i; 165| 62.9M| FOR(i,16) o[i]=a[i]-b[i]; ------------------ | | 34| 66.8M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 62.9M, False: 3.93M] | | ------------------ ------------------ 166| 3.93M|} curve25519.c:S: 180| 4.87M|{ 181| 4.87M| M(o,a,a); 182| 4.87M|} curve25519.c:M: 169| 11.7M|{ 170| 11.7M| i64 i,j,t[31]; 171| 365M| FOR(i,31) t[i]=0; ------------------ | | 34| 376M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 365M, False: 11.7M] | | ------------------ ------------------ 172| 3.01G| FOR(i,16) FOR(j,16) t[i+j]+=a[i]*b[j]; ------------------ | | 34| 200M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 188M, False: 11.7M] | | ------------------ ------------------ FOR(i,16) FOR(j,16) t[i+j]+=a[i]*b[j]; ------------------ | | 34| 3.20G|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 3.01G, False: 188M] | | ------------------ ------------------ 173| 176M| FOR(i,15) t[i]+=38*t[i+16]; ------------------ | | 34| 188M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 176M, False: 11.7M] | | ------------------ ------------------ 174| 188M| FOR(i,16) o[i]=t[i]; ------------------ | | 34| 200M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 188M, False: 11.7M] | | ------------------ ------------------ 175| 11.7M| car25519(o); 176| 11.7M| car25519(o); 177| 11.7M|} curve25519.c:car25519: 84| 23.5M|{ 85| 23.5M| int i; 86| 23.5M| i64 c; 87| 376M| FOR(i,16) { ------------------ | | 34| 400M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 376M, False: 23.5M] | | ------------------ ------------------ 88| 376M| o[i]+=(1LL<<16); 89| 376M| c=o[i]>>16; 90| 376M| o[(i+1)*(i<15)]+=c-1+37*(c-1)*(i==15); 91| 376M| o[i]-=c<<16; 92| 376M| } 93| 23.5M|} curve25519.c:inv25519: 185| 3.83k|{ 186| 3.83k| gf c; 187| 3.83k| int a; 188| 61.2k| FOR(a,16) c[a]=i[a]; ------------------ | | 34| 65.1k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 61.2k, False: 3.83k] | | ------------------ ------------------ 189| 976k| for(a=253;a>=0;a--) { ------------------ | Branch (189:13): [True: 972k, False: 3.83k] ------------------ 190| 972k| S(c,c); 191| 972k| if(a!=2&&a!=4) M(c,c,i); ------------------ | Branch (191:8): [True: 968k, False: 3.83k] | Branch (191:14): [True: 965k, False: 3.83k] ------------------ 192| 972k| } 193| 61.2k| FOR(a,16) o[a]=c[a]; ------------------ | | 34| 65.1k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 61.2k, False: 3.83k] | | ------------------ ------------------ 194| 3.83k|} curve25519.c:pack25519: 106| 3.90k|{ 107| 3.90k| int i,j,b; 108| 3.90k| gf m,t; 109| 62.4k| FOR(i,16) t[i]=n[i]; ------------------ | | 34| 66.3k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 62.4k, False: 3.90k] | | ------------------ ------------------ 110| 3.90k| car25519(t); 111| 3.90k| car25519(t); 112| 3.90k| car25519(t); 113| 7.80k| FOR(j,2) { ------------------ | | 34| 11.7k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 7.80k, False: 3.90k] | | ------------------ ------------------ 114| 7.80k| m[0]=t[0]-0xffed; 115| 117k| for(i=1;i<15;i++) { ------------------ | Branch (115:13): [True: 109k, False: 7.80k] ------------------ 116| 109k| m[i]=t[i]-0xffff-((m[i-1]>>16)&1); 117| 109k| m[i-1]&=0xffff; 118| 109k| } 119| 7.80k| m[15]=t[15]-0x7fff-((m[14]>>16)&1); 120| 7.80k| b=(m[15]>>16)&1; 121| 7.80k| m[14]&=0xffff; 122| 7.80k| sel25519(t,m,1-b); 123| 7.80k| } 124| 62.4k| FOR(i,16) { ------------------ | | 34| 66.3k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 62.4k, False: 3.90k] | | ------------------ ------------------ 125| 62.4k| o[2*i]=t[i]&0xff; 126| 62.4k| o[2*i+1]=t[i]>>8; 127| 62.4k| } 128| 3.90k|} curve25519.c:scalarbase: 331| 9|{ 332| 9| gf q[4]; 333| 9| set25519(q[0],X); 334| 9| set25519(q[1],Y); 335| 9| set25519(q[2],gf1); 336| 9| M(q[3],X,Y); 337| 9| scalarmult(p,q,s); 338| 9|} curve25519.c:set25519: 77| 112|{ 78| 112| int i; 79| 1.79k| FOR(i,16) r[i]=a[i]; ------------------ | | 34| 1.90k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 1.79k, False: 112] | | ------------------ ------------------ 80| 112|} curve25519.c:pack: 305| 9|{ 306| 9| gf tx, ty, zi; 307| 9| inv25519(zi, p[2]); 308| 9| M(tx, p[0], zi); 309| 9| M(ty, p[1], zi); 310| 9| pack25519(r, ty); 311| 9| r[31] ^= par25519(tx) << 7; 312| 9|} curve25519.c:par25519: 142| 18|{ 143| 18| u8 d[32]; 144| 18| pack25519(d,a); 145| 18| return d[0]&1; 146| 18|} curve25519.c:reduce: 385| 9|{ 386| 9| i64 x[64],i; 387| 576| FOR(i,64) x[i] = (u64) r[i]; ------------------ | | 34| 585|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 576, False: 9] | | ------------------ ------------------ 388| 576| FOR(i,64) r[i] = 0; ------------------ | | 34| 585|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 576, False: 9] | | ------------------ ------------------ 389| 9| modL(r,x); 390| 9|} curve25519.c:modL: 359| 9|{ 360| 9| i64 carry,i,j; 361| 297| for (i = 63;i >= 32;--i) { ------------------ | Branch (361:15): [True: 288, False: 9] ------------------ 362| 288| carry = 0; 363| 6.04k| for (j = i - 32;j < i - 12;++j) { ------------------ | Branch (363:21): [True: 5.76k, False: 288] ------------------ 364| 5.76k| x[j] += carry - 16 * x[i] * L[j - (i - 32)]; 365| 5.76k| carry = (x[j] + 128) >> 8; 366| 5.76k| x[j] -= carry << 8; 367| 5.76k| } 368| 288| x[j] += carry; 369| 288| x[i] = 0; 370| 288| } 371| 9| carry = 0; 372| 288| FOR(j,32) { ------------------ | | 34| 297|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 288, False: 9] | | ------------------ ------------------ 373| 288| x[j] += carry - (x[31] >> 4) * L[j]; 374| 288| carry = x[j] >> 8; 375| 288| x[j] &= 255; 376| 288| } 377| 288| FOR(j,32) x[j] -= carry * L[j]; ------------------ | | 34| 297|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 288, False: 9] | | ------------------ ------------------ 378| 288| FOR(i,32) { ------------------ | | 34| 297|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 288, False: 9] | | ------------------ ------------------ 379| 288| x[i+1] += x[i] >> 8; 380| 288| r[i] = x[i] & 255; 381| 288| } 382| 9|} curve25519.c:unpackneg: 430| 13|{ 431| 13| gf t, chk, num, den, den2, den4, den6; 432| 13| set25519(r[2],gf1); 433| 13| unpack25519(r[1],p); 434| 13| S(num,r[1]); 435| 13| M(den,num,D); 436| 13| Z(num,num,r[2]); 437| 13| A(den,r[2],den); 438| | 439| 13| S(den2,den); 440| 13| S(den4,den2); 441| 13| M(den6,den4,den2); 442| 13| M(t,den6,num); 443| 13| M(t,t,den); 444| | 445| 13| pow2523(t,t); 446| 13| M(t,t,num); 447| 13| M(t,t,den); 448| 13| M(t,t,den); 449| 13| M(r[0],t,den); 450| | 451| 13| S(chk,r[0]); 452| 13| M(chk,chk,den); 453| 13| if (neq25519(chk, num)) M(r[0],r[0],I); ------------------ | Branch (453:7): [True: 11, False: 2] ------------------ 454| | 455| 13| S(chk,r[0]); 456| 13| M(chk,chk,den); 457| 13| if (neq25519(chk, num)) return -1; ------------------ | Branch (457:7): [True: 4, False: 9] ------------------ 458| | 459| 9| if (par25519(r[0]) == (p[31]>>7)) Z(r[0],gf0,r[0]); ------------------ | Branch (459:7): [True: 5, False: 4] ------------------ 460| | 461| 9| M(r[3],r[0],r[1]); 462| 9| return 0; 463| 13|} curve25519.c:pow2523: 198| 13|{ 199| 13| gf c; 200| 13| int a; 201| 208| FOR(a,16) c[a]=i[a]; ------------------ | | 34| 221|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 208, False: 13] | | ------------------ ------------------ 202| 3.27k| for(a=250;a>=0;a--) { ------------------ | Branch (202:13): [True: 3.26k, False: 13] ------------------ 203| 3.26k| S(c,c); 204| 3.26k| if(a!=1) M(c,c,i); ------------------ | Branch (204:8): [True: 3.25k, False: 13] ------------------ 205| 3.26k| } 206| 208| FOR(a,16) o[a]=c[a]; ------------------ | | 34| 221|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 208, False: 13] | | ------------------ ------------------ 207| 13|} curve25519.c:neq25519: 133| 26|{ 134| 26| u8 c[32],d[32]; 135| 26| pack25519(c,a); 136| 26| pack25519(d,b); 137| 26| return crypto_verify_32(c,d); 138| 26|} curve25519.c:scalarmult: 315| 18|{ 316| 18| int i; 317| 18| set25519(p[0],gf0); 318| 18| set25519(p[1],gf1); 319| 18| set25519(p[2],gf1); 320| 18| set25519(p[3],gf0); 321| 4.62k| for (i = 255;i >= 0;--i) { ------------------ | Branch (321:16): [True: 4.60k, False: 18] ------------------ 322| 4.60k| u8 b = (s[i/8]>>(i&7))&1; 323| 4.60k| cswap(p,q,b); 324| 4.60k| add(q,p); 325| 4.60k| add(p,p); 326| 4.60k| cswap(p,q,b); 327| 4.60k| } 328| 18|} curve25519.c:cswap: 298| 9.21k|{ 299| 9.21k| int i; 300| 9.21k| FOR(i,4) ------------------ | | 34| 46.0k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 36.8k, False: 9.21k] | | ------------------ ------------------ 301| 36.8k| sel25519(p[i],q[i],b); 302| 9.21k|} curve25519.c:add: 273| 9.22k|{ 274| 9.22k| gf a,b,c,d,t,e,f,g,h; 275| | 276| 9.22k| Z(a, p[1], p[0]); 277| 9.22k| Z(t, q[1], q[0]); 278| 9.22k| M(a, a, t); 279| 9.22k| A(b, p[0], p[1]); 280| 9.22k| A(t, q[0], q[1]); 281| 9.22k| M(b, b, t); 282| 9.22k| M(c, p[3], q[3]); 283| 9.22k| M(c, c, D2); 284| 9.22k| M(d, p[2], q[2]); 285| 9.22k| A(d, d, d); 286| 9.22k| Z(e, b, a); 287| 9.22k| Z(f, d, c); 288| 9.22k| A(g, d, c); 289| 9.22k| A(h, b, a); 290| | 291| 9.22k| M(p[0], e, f); 292| 9.22k| M(p[1], h, g); 293| 9.22k| M(p[2], g, f); 294| 9.22k| M(p[3], e, h); 295| 9.22k|} curve25519.c:crypto_verify_32: 71| 35|{ 72| 35| return vn(x,y,32); 73| 35|} curve25519.c:vn: 64| 35|{ 65| 35| u32 i,d = 0; 66| 1.12k| FOR(i,n) d |= x[i]^y[i]; ------------------ | | 34| 1.15k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 1.12k, False: 35] | | ------------------ ------------------ 67| 35| return (1 & ((d - 1) >> 8)) - 1; 68| 35|} m_burn: 5| 61.3k|void m_burn(void *data, unsigned int len) { 6| | 7| |#if defined(HAVE_MEMSET_S) 8| | memset_s(data, len, 0x0, len); 9| |#elif defined(HAVE_EXPLICIT_BZERO) 10| 61.3k| explicit_bzero(data, len); 11| |#else 12| | /* This must be volatile to avoid compiler optimisation */ 13| | volatile void *p = data; 14| | memset((void*)p, 0x0, len); 15| |#endif 16| 61.3k|} m_calloc: 5| 5.33M|void * m_calloc(size_t nmemb, size_t size) { 6| 5.33M| if (SIZE_T_MAX / nmemb < size) { ------------------ | | 166| 5.33M|#define SIZE_T_MAX ULONG_MAX ------------------ | Branch (6:9): [True: 0, False: 5.33M] ------------------ 7| 0| dropbear_exit("m_calloc failed"); 8| 0| } 9| 5.33M| return m_malloc(nmemb*size); 10| 5.33M|} m_strdup: 12| 4|void * m_strdup(const char * str) { 13| 4| char* ret; 14| 4| unsigned int len; 15| 4| len = strlen(str); 16| | 17| 4| ret = m_malloc(len+1); 18| 4| if (ret == NULL) { ------------------ | Branch (18:9): [True: 0, False: 4] ------------------ 19| 0| dropbear_exit("m_strdup failed"); 20| 0| } 21| 4| memcpy(ret, str, len+1); 22| 4| return ret; 23| 4|} m_malloc_set_epoch: 76| 3.51k|void m_malloc_set_epoch(unsigned int epoch) { 77| 3.51k| current_epoch = epoch; 78| 3.51k|} m_malloc_free_epoch: 80| 3.51k|void m_malloc_free_epoch(unsigned int epoch, int dofree) { 81| 3.51k| struct dbmalloc_header* header; 82| 3.51k| struct dbmalloc_header* nextheader = NULL; 83| 3.51k| struct dbmalloc_header* oldstaple = staple; 84| 3.51k| staple = NULL; 85| | /* free allocations from this epoch, create a new staple-anchored list from 86| | the remainder */ 87| 3.58M| for (header = oldstaple; header; header = nextheader) ------------------ | Branch (87:30): [True: 3.58M, False: 3.51k] ------------------ 88| 3.58M| { 89| 3.58M| nextheader = header->next; 90| 3.58M| if (header->epoch == epoch) { ------------------ | Branch (90:13): [True: 18.3k, False: 3.56M] ------------------ 91| 18.3k| if (dofree) { ------------------ | Branch (91:17): [True: 18.3k, False: 0] ------------------ 92| 18.3k| free(header); 93| 18.3k| } 94| 3.56M| } else { 95| 3.56M| header->prev = NULL; 96| 3.56M| header->next = NULL; 97| 3.56M| put_alloc(header); 98| 3.56M| } 99| 3.58M| } 100| 3.51k|} m_malloc: 131| 5.49M|void * m_malloc(size_t size) { 132| 5.49M| char* mem = NULL; 133| 5.49M| struct dbmalloc_header* header = NULL; 134| | 135| 5.49M| if (size == 0 || size > 1e9) { ------------------ | Branch (135:9): [True: 0, False: 5.49M] | Branch (135:22): [True: 0, False: 5.49M] ------------------ 136| 0| dropbear_exit("m_malloc failed"); 137| 0| } 138| | 139| 5.49M| size = size + sizeof(struct dbmalloc_header); 140| | 141| 5.49M| mem = calloc(1, size); 142| 5.49M| if (mem == NULL) { ------------------ | Branch (142:9): [True: 0, False: 5.49M] ------------------ 143| 0| dropbear_exit("m_malloc failed"); 144| 0| } 145| 5.49M| header = (struct dbmalloc_header*)mem; 146| 5.49M| put_alloc(header); 147| 5.49M| header->epoch = current_epoch; 148| 5.49M| return &mem[sizeof(struct dbmalloc_header)]; 149| 5.49M|} m_realloc: 151| 277k|void * m_realloc(void* ptr, size_t size) { 152| 277k| char* mem = NULL; 153| 277k| struct dbmalloc_header* header = NULL; 154| 277k| if (size == 0 || size > 1e9) { ------------------ | Branch (154:9): [True: 0, False: 277k] | Branch (154:22): [True: 0, False: 277k] ------------------ 155| 0| dropbear_exit("m_realloc failed"); 156| 0| } 157| | 158| 277k| header = get_header(ptr); 159| 277k| remove_alloc(header); 160| | 161| 277k| size = size + sizeof(struct dbmalloc_header); 162| 277k| mem = realloc(header, size); 163| 277k| if (mem == NULL) { ------------------ | Branch (163:9): [True: 0, False: 277k] ------------------ 164| 0| dropbear_exit("m_realloc failed"); 165| 0| } 166| | 167| 277k| header = (struct dbmalloc_header*)mem; 168| 277k| put_alloc(header); 169| 277k| return &mem[sizeof(struct dbmalloc_header)]; 170| 277k|} m_free_direct: 172| 5.49M|void m_free_direct(void* ptr) { 173| 5.49M| struct dbmalloc_header* header = NULL; 174| 5.49M| if (!ptr) { ------------------ | Branch (174:9): [True: 20.6k, False: 5.47M] ------------------ 175| 20.6k| return; 176| 20.6k| } 177| 5.47M| header = get_header(ptr); 178| 5.47M| remove_alloc(header); 179| 5.47M| free(header); 180| 5.47M|} m_realloc_ltm: 184| 273k|void * m_realloc_ltm(void* ptr, size_t oldsize, size_t newsize) { 185| 273k| (void)oldsize; 186| 273k| return m_realloc(ptr, newsize); 187| 273k|} m_free_ltm: 189| 2.79M|void m_free_ltm(void *mem, size_t size) { 190| 2.79M| (void)size; 191| 2.79M| m_free_direct(mem); 192| 2.79M|} dbmalloc.c:put_alloc: 102| 9.33M|static void put_alloc(struct dbmalloc_header *header) { 103| 9.33M| assert(header->next == NULL); 104| 9.33M| assert(header->prev == NULL); 105| 9.33M| if (staple) { ------------------ | Branch (105:9): [True: 9.33M, False: 3.51k] ------------------ 106| 9.33M| staple->prev = header; 107| 9.33M| } 108| 9.33M| header->next = staple; 109| 9.33M| staple = header; 110| 9.33M|} dbmalloc.c:get_header: 126| 5.75M|static struct dbmalloc_header* get_header(void* ptr) { 127| 5.75M| char* bptr = ptr; 128| 5.75M| return (struct dbmalloc_header*)&bptr[-sizeof(struct dbmalloc_header)]; 129| 5.75M|} dbmalloc.c:remove_alloc: 112| 5.75M|static void remove_alloc(struct dbmalloc_header *header) { 113| 5.75M| if (header->prev) { ------------------ | Branch (113:9): [True: 4.04M, False: 1.70M] ------------------ 114| 4.04M| header->prev->next = header->next; 115| 4.04M| } 116| 5.75M| if (header->next) { ------------------ | Branch (116:9): [True: 5.75M, False: 0] ------------------ 117| 5.75M| header->next->prev = header->prev; 118| 5.75M| } 119| 5.75M| if (staple == header) { ------------------ | Branch (119:9): [True: 1.70M, False: 4.04M] ------------------ 120| 1.70M| staple = header->next; 121| 1.70M| } 122| 5.75M| header->prev = NULL; 123| 5.75M| header->next = NULL; 124| 5.75M|} fuzz_seed: 153| 3.51k|void fuzz_seed(const unsigned char* dat, unsigned int len) { 154| 3.51k| hash_state hs; 155| 3.51k| sha256_init(&hs); 156| 3.51k| sha256_process(&hs, "fuzzfuzzfuzz", strlen("fuzzfuzzfuzz")); 157| 3.51k| sha256_process(&hs, dat, len); 158| 3.51k| sha256_done(&hs, hashpool); 159| 3.51k| counter = 0; 160| 3.51k| donerandinit = 1; 161| 3.51k|} genrandom: 316| 37.6k|void genrandom(unsigned char* buf, unsigned int len) { 317| | 318| 37.6k| hash_state hs; 319| 37.6k| unsigned char hash[SHA256_HASH_SIZE]; 320| 37.6k| unsigned int copylen; 321| | 322| 37.6k| if (!donerandinit) { ------------------ | Branch (322:6): [True: 0, False: 37.6k] ------------------ 323| 0| dropbear_exit("seedrandom not done"); 324| 0| } 325| | 326| 84.7k| while (len > 0) { ------------------ | Branch (326:9): [True: 47.1k, False: 37.6k] ------------------ 327| 47.1k| sha256_init(&hs); 328| 47.1k| sha256_process(&hs, (void*)hashpool, sizeof(hashpool)); 329| 47.1k| sha256_process(&hs, (void*)&counter, sizeof(counter)); 330| 47.1k| sha256_done(&hs, hash); 331| | 332| 47.1k| counter++; 333| 47.1k| if (counter > MAX_COUNTER) { ------------------ | | 35| 47.1k|#define MAX_COUNTER (1<<30) ------------------ | Branch (333:7): [True: 0, False: 47.1k] ------------------ 334| 0| seedrandom(); 335| 0| } 336| | 337| 47.1k| copylen = MIN(len, SHA256_HASH_SIZE); 338| 47.1k| memcpy(buf, hash, copylen); 339| 47.1k| len -= copylen; 340| 47.1k| buf += copylen; 341| 47.1k| } 342| 37.6k| m_burn(hash, sizeof(hash)); 343| 37.6k|} gen_random_mpint: 350| 1.23k|void gen_random_mpint(const mp_int *max, mp_int *rand) { 351| | 352| 1.23k| unsigned char *randbuf = NULL; 353| 1.23k| unsigned int len = 0; 354| 1.23k| const unsigned char masks[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f}; 355| | 356| 1.23k| const int size_bits = mp_count_bits(max); 357| | 358| 1.23k| len = size_bits / 8; 359| 1.23k| if ((size_bits % 8) != 0) { ------------------ | Branch (359:6): [True: 1.23k, False: 0] ------------------ 360| 1.23k| len += 1; 361| 1.23k| } 362| | 363| 1.23k| randbuf = (unsigned char*)m_malloc(len); 364| 1.23k| do { 365| 1.23k| genrandom(randbuf, len); 366| | /* Mask out the unrequired bits - mp_read_unsigned_bin expects 367| | * MSB first.*/ 368| 1.23k| randbuf[0] &= masks[size_bits % 8]; 369| | 370| 1.23k| bytes_to_mp(rand, randbuf, len); 371| | 372| | /* keep regenerating until we get one satisfying 373| | * 0 < rand < max */ 374| 1.23k| } while (!(mp_cmp(rand, max) == MP_LT && mp_cmp_d(rand, 0) == MP_GT)); ------------------ | | 154| 2.47k|#define MP_LT -1 /* less than */ ------------------ } while (!(mp_cmp(rand, max) == MP_LT && mp_cmp_d(rand, 0) == MP_GT)); ------------------ | | 156| 1.23k|#define MP_GT 1 /* greater than */ ------------------ | Branch (374:13): [True: 1.23k, False: 0] | Branch (374:43): [True: 1.23k, False: 0] ------------------ 375| 1.23k| m_burn(randbuf, len); 376| 1.23k| m_free(randbuf); ------------------ | | 24| 1.23k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 377| 1.23k|} dropbear_close: 95| 2|void dropbear_close(const char* format, ...) { 96| | 97| 2| va_list param; 98| | 99| 2| va_start(param, format); 100| 2| _dropbear_exit(EXIT_SUCCESS, format, param); 101| 0| va_end(param); 102| | 103| 0|} dropbear_exit: 105| 3.51k|void dropbear_exit(const char* format, ...) { 106| | 107| 3.51k| va_list param; 108| | 109| 3.51k| va_start(param, format); 110| 3.51k| _dropbear_exit(EXIT_FAILURE, format, param); 111| 0| va_end(param); 112| 0|} dropbear_log: 148| 84|void dropbear_log(int priority, const char* format, ...) { 149| | 150| 84| va_list param; 151| | 152| 84| va_start(param, format); 153| 84| _dropbear_log(priority, format, param); 154| 84| va_end(param); 155| 84|} buf_readfile: 484| 1|int buf_readfile(buffer* buf, const char* filename) { 485| | 486| 1| int fd = -1; 487| 1| int len; 488| 1| int maxlen; 489| 1| int ret = DROPBEAR_FAILURE; ------------------ | | 103| 1|#define DROPBEAR_FAILURE -1 ------------------ 490| | 491| 1| fd = open(filename, O_RDONLY); 492| | 493| 1| if (fd < 0) { ------------------ | Branch (493:6): [True: 1, False: 0] ------------------ 494| 1| goto out; 495| 1| } 496| | 497| 0| do { 498| 0| maxlen = buf->size - buf->pos; 499| 0| len = read(fd, buf_getwriteptr(buf, maxlen), maxlen); ------------------ | | 55| 0|#define read(fd, buf, count) wrapfd_read(fd, buf, count) ------------------ 500| 0| if (len < 0) { ------------------ | Branch (500:7): [True: 0, False: 0] ------------------ 501| 0| if (errno == EINTR || errno == EAGAIN) { ------------------ | Branch (501:8): [True: 0, False: 0] | Branch (501:26): [True: 0, False: 0] ------------------ 502| 0| continue; 503| 0| } 504| 0| goto out; 505| 0| } 506| 0| buf_incrwritepos(buf, len); 507| 0| } while (len < maxlen && len > 0); ------------------ | Branch (507:11): [True: 0, False: 0] | Branch (507:27): [True: 0, False: 0] ------------------ 508| | 509| 0| ret = DROPBEAR_SUCCESS; ------------------ | | 102| 0|#define DROPBEAR_SUCCESS 0 ------------------ 510| | 511| 1|out: 512| 1| if (fd >= 0) { ------------------ | Branch (512:6): [True: 0, False: 1] ------------------ 513| 0| m_close(fd); 514| 0| } 515| 1| return ret; 516| 0|} m_close: 560| 12.1k|void m_close(int fd) { 561| 12.1k| int val; 562| | 563| 12.1k| if (fd < 0) { ------------------ | Branch (563:6): [True: 0, False: 12.1k] ------------------ 564| 0| return; 565| 0| } 566| | 567| 12.1k| do { 568| 12.1k| val = close(fd); ------------------ | | 56| 12.1k|#define close(fd) wrapfd_close(fd) ------------------ 569| 12.1k| } while (val < 0 && errno == EINTR); ------------------ | Branch (569:11): [True: 822, False: 11.3k] | Branch (569:22): [True: 0, False: 822] ------------------ 570| | 571| 12.1k| if (val < 0 && errno != EBADF) { ------------------ | Branch (571:6): [True: 822, False: 11.3k] | Branch (571:17): [True: 0, False: 822] ------------------ 572| | /* Linux says EIO can happen */ 573| 0| dropbear_exit("Error closing fd %d, %s", fd, strerror(errno)); 574| 0| } 575| 12.1k|} setnonblocking: 577| 7.03k|void setnonblocking(int fd) { 578| | 579| 7.03k| TRACE(("setnonblocking: %d", fd)) 580| | 581| 7.03k|#if DROPBEAR_FUZZ 582| 7.03k| if (fuzz.fuzzing) { ------------------ | Branch (582:6): [True: 7.03k, False: 0] ------------------ 583| 7.03k| return; 584| 7.03k| } 585| 0|#endif 586| | 587| 0| if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) { ------------------ | Branch (587:6): [True: 0, False: 0] ------------------ 588| 0| if (errno == ENODEV) { ------------------ | Branch (588:7): [True: 0, False: 0] ------------------ 589| | /* Some devices (like /dev/null redirected in) 590| | * can't be set to non-blocking */ 591| 0| TRACE(("ignoring ENODEV for setnonblocking")) 592| 0| } else { 593| 0| { 594| 0| dropbear_exit("Couldn't set nonblocking"); 595| 0| } 596| 0| } 597| 0| } 598| 0| TRACE(("leave setnonblocking")) 599| 0|} disallow_core: 601| 1|void disallow_core() { 602| 1| struct rlimit lim = {0}; 603| 1| if (getrlimit(RLIMIT_CORE, &lim) < 0) { ------------------ | Branch (603:6): [True: 0, False: 1] ------------------ 604| 0| TRACE(("getrlimit(RLIMIT_CORE) failed")); 605| 0| } 606| 1| lim.rlim_cur = 0; 607| 1| if (setrlimit(RLIMIT_CORE, &lim) < 0) { ------------------ | Branch (607:6): [True: 0, False: 1] ------------------ 608| 0| TRACE(("setrlimit(RLIMIT_CORE) failed")); 609| 0| } 610| 1|} expand_homedir_path: 638| 1|char * expand_homedir_path(const char *inpath) { 639| 1| struct passwd *pw = NULL; 640| 1| if (strncmp(inpath, "~/", 2) == 0) { ------------------ | Branch (640:6): [True: 1, False: 0] ------------------ 641| 1| char *homedir = getenv("HOME"); 642| | 643| 1| if (!homedir) { ------------------ | Branch (643:7): [True: 0, False: 1] ------------------ 644| 0| pw = getpwuid(getuid()); ------------------ | | 109| 0|#define getpwuid(x) fuzz_getpwuid(x) ------------------ 645| 0| if (pw) { ------------------ | Branch (645:8): [True: 0, False: 0] ------------------ 646| 0| homedir = pw->pw_dir; 647| 0| } 648| 0| } 649| | 650| 1| if (homedir) { ------------------ | Branch (650:7): [True: 1, False: 0] ------------------ 651| 1| int len = strlen(inpath)-2 + strlen(homedir) + 2; 652| 1| char *buf = m_malloc(len); 653| 1| snprintf(buf, len, "%s/%s", homedir, inpath+2); 654| 1| return buf; 655| 1| } 656| 1| } 657| | 658| | /* Fallback */ 659| 0| return m_strdup(inpath); 660| 1|} constant_time_memcmp: 663| 305|{ 664| 305| const char *xa = a, *xb = b; 665| 305| uint8_t c = 0; 666| 305| size_t i; 667| 10.0k| for (i = 0; i < n; i++) ------------------ | Branch (667:14): [True: 9.76k, False: 305] ------------------ 668| 9.76k| { 669| 9.76k| c |= (xa[i] ^ xb[i]); 670| 9.76k| } 671| 305| return c; 672| 305|} gettime_wrapper: 675| 357k|void gettime_wrapper(struct timespec *now) { 676| 357k| struct timeval tv; 677| 357k|#if DROPBEAR_FUZZ 678| 357k| if (fuzz.fuzzing) { ------------------ | Branch (678:6): [True: 357k, False: 0] ------------------ 679| | /* time stands still when fuzzing */ 680| 357k| now->tv_sec = 5; 681| 357k| now->tv_nsec = 0; 682| 357k| } 683| 357k|#endif 684| | 685| 357k|#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC) 686| | /* POSIX monotonic clock. Newer Linux, BSD, MacOSX >10.12 */ 687| 357k| if (clock_gettime(CLOCK_MONOTONIC, now) == 0) { ------------------ | Branch (687:6): [True: 357k, False: 0] ------------------ 688| 357k| return; 689| 357k| } 690| 0|#endif 691| | 692| 0|#if defined(__linux__) && defined(SYS_clock_gettime) 693| 0| { 694| | /* Old linux toolchain - kernel might support it but not the build headers */ 695| | /* Also glibc <2.17 requires -lrt which we neglect to add */ 696| 0| static int linux_monotonic_failed = 0; 697| 0| if (!linux_monotonic_failed) { ------------------ | Branch (697:6): [True: 0, False: 0] ------------------ 698| | /* CLOCK_MONOTONIC isn't in some headers */ 699| 0| int clock_source_monotonic = 1; 700| 0| if (syscall(SYS_clock_gettime, clock_source_monotonic, now) == 0) { ------------------ | Branch (700:7): [True: 0, False: 0] ------------------ 701| 0| return; 702| 0| } else { 703| | /* Don't try again */ 704| 0| linux_monotonic_failed = 1; 705| 0| } 706| 0| } 707| 0| } 708| 0|#endif /* linux fallback clock_gettime */ 709| | 710| |#if defined(HAVE_MACH_ABSOLUTE_TIME) 711| | { 712| | /* OS X pre 10.12, see https://developer.apple.com/library/mac/qa/qa1398/_index.html */ 713| | static mach_timebase_info_data_t timebase_info; 714| | uint64_t scaled_time; 715| | if (timebase_info.denom == 0) { 716| | mach_timebase_info(&timebase_info); 717| | } 718| | scaled_time = mach_absolute_time() * timebase_info.numer / timebase_info.denom; 719| | now->tv_sec = scaled_time / 1000000000; 720| | now->tv_nsec = scaled_time % 1000000000; 721| | } 722| |#endif /* osx mach_absolute_time */ 723| | 724| | /* Fallback for everything else - this will sometimes go backwards */ 725| 0| gettimeofday(&tv, NULL); 726| 0| now->tv_sec = tv.tv_sec; 727| 0| now->tv_nsec = 1000*(long)tv.tv_usec; 728| 0|} monotonic_now: 731| 357k|time_t monotonic_now() { 732| 357k| struct timespec ts; 733| 357k| gettime_wrapper(&ts); 734| 357k| return ts.tv_sec; 735| 357k|} buf_get_dss_pub_key: 46| 296|int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key) { 47| 296| int ret = DROPBEAR_FAILURE; ------------------ | | 103| 296|#define DROPBEAR_FAILURE -1 ------------------ 48| | 49| 296| TRACE(("enter buf_get_dss_pub_key")) 50| 296| dropbear_assert(key != NULL); ------------------ | | 83| 296|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (83:37): [True: 0, False: 296] | | | Branch (83:93): [Folded - Ignored] | | ------------------ ------------------ 51| 296| m_mp_alloc_init_multi(&key->p, &key->q, &key->g, &key->y, NULL); 52| 296| key->x = NULL; 53| | 54| 296| buf_incrpos(buf, 4+SSH_SIGNKEY_DSS_LEN); /* int + "ssh-dss" */ ------------------ | | 111| 296|#define SSH_SIGNKEY_DSS_LEN 7 ------------------ 55| 296| if (buf_getmpint(buf, key->p) == DROPBEAR_FAILURE ------------------ | | 103| 592|#define DROPBEAR_FAILURE -1 ------------------ | Branch (55:6): [True: 87, False: 209] ------------------ 56| 296| || buf_getmpint(buf, key->q) == DROPBEAR_FAILURE ------------------ | | 103| 505|#define DROPBEAR_FAILURE -1 ------------------ | Branch (56:6): [True: 24, False: 185] ------------------ 57| 296| || buf_getmpint(buf, key->g) == DROPBEAR_FAILURE ------------------ | | 103| 481|#define DROPBEAR_FAILURE -1 ------------------ | Branch (57:6): [True: 6, False: 179] ------------------ 58| 296| || buf_getmpint(buf, key->y) == DROPBEAR_FAILURE) { ------------------ | | 103| 179|#define DROPBEAR_FAILURE -1 ------------------ | Branch (58:6): [True: 3, False: 176] ------------------ 59| 78| TRACE(("leave buf_get_dss_pub_key: failed reading mpints")) 60| 78| ret = DROPBEAR_FAILURE; ------------------ | | 103| 78|#define DROPBEAR_FAILURE -1 ------------------ 61| 78| goto out; 62| 78| } 63| | 64| 218| if (mp_count_bits(key->p) != DSS_P_BITS) { ------------------ | | 44| 218|#define DSS_P_BITS 1024 ------------------ | Branch (64:6): [True: 23, False: 195] ------------------ 65| 23| dropbear_log(LOG_WARNING, "Bad DSS p"); 66| 23| ret = DROPBEAR_FAILURE; ------------------ | | 103| 23|#define DROPBEAR_FAILURE -1 ------------------ 67| 23| goto out; 68| 23| } 69| | 70| 195| if (mp_count_bits(key->q) != DSS_Q_BITS) { ------------------ | | 45| 195|#define DSS_Q_BITS 160 ------------------ | Branch (70:6): [True: 9, False: 186] ------------------ 71| 9| dropbear_log(LOG_WARNING, "Bad DSS q"); 72| 9| ret = DROPBEAR_FAILURE; ------------------ | | 103| 9|#define DROPBEAR_FAILURE -1 ------------------ 73| 9| goto out; 74| 9| } 75| | 76| | /* test 1 < g < p */ 77| 186| if (mp_cmp_d(key->g, 1) != MP_GT) { ------------------ | | 156| 186|#define MP_GT 1 /* greater than */ ------------------ | Branch (77:6): [True: 2, False: 184] ------------------ 78| 2| dropbear_log(LOG_WARNING, "Bad DSS g"); 79| 2| ret = DROPBEAR_FAILURE; ------------------ | | 103| 2|#define DROPBEAR_FAILURE -1 ------------------ 80| 2| goto out; 81| 2| } 82| 184| if (mp_cmp(key->g, key->p) != MP_LT) { ------------------ | | 154| 184|#define MP_LT -1 /* less than */ ------------------ | Branch (82:6): [True: 1, False: 183] ------------------ 83| 1| dropbear_log(LOG_WARNING, "Bad DSS g"); 84| 1| ret = DROPBEAR_FAILURE; ------------------ | | 103| 1|#define DROPBEAR_FAILURE -1 ------------------ 85| 1| goto out; 86| 1| } 87| | 88| 183| ret = DROPBEAR_SUCCESS; ------------------ | | 102| 183|#define DROPBEAR_SUCCESS 0 ------------------ 89| 183| TRACE(("leave buf_get_dss_pub_key: success")) 90| 254|out: 91| 254| if (ret == DROPBEAR_FAILURE) { ------------------ | | 103| 254|#define DROPBEAR_FAILURE -1 ------------------ | Branch (91:6): [True: 113, False: 141] ------------------ 92| 113| m_mp_free_multi(&key->p, &key->q, &key->g, &key->y, NULL); 93| 113| } 94| 254| return ret; 95| 183|} dss_key_free: 122| 410|void dss_key_free(dropbear_dss_key *key) { 123| | 124| 410| TRACE2(("enter dsa_key_free")) 125| 410| if (key == NULL) { ------------------ | Branch (125:6): [True: 297, False: 113] ------------------ 126| 297| TRACE2(("enter dsa_key_free: key == NULL")) 127| 297| return; 128| 297| } 129| 113| m_mp_free_multi(&key->p, &key->q, &key->g, &key->y, &key->x, NULL); 130| 113| m_free(key); ------------------ | | 24| 113|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 131| 113| TRACE2(("leave dsa_key_free")) 132| 113|} buf_put_dss_pub_key: 142| 137|void buf_put_dss_pub_key(buffer* buf, const dropbear_dss_key *key) { 143| | 144| 137| dropbear_assert(key != NULL); ------------------ | | 83| 137|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (83:37): [True: 0, False: 137] | | | Branch (83:93): [Folded - Ignored] | | ------------------ ------------------ 145| 137| buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN); ------------------ | | 110| 137|#define SSH_SIGNKEY_DSS "ssh-dss" ------------------ buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN); ------------------ | | 111| 137|#define SSH_SIGNKEY_DSS_LEN 7 ------------------ 146| 137| buf_putmpint(buf, key->p); 147| 137| buf_putmpint(buf, key->q); 148| 137| buf_putmpint(buf, key->g); 149| 137| buf_putmpint(buf, key->y); 150| | 151| 137|} buf_dss_verify: 165| 131|int buf_dss_verify(buffer* buf, const dropbear_dss_key *key, const buffer *data_buf) { 166| 131| unsigned char msghash[SHA1_HASH_SIZE]; 167| 131| hash_state hs; 168| 131| int ret = DROPBEAR_FAILURE; ------------------ | | 103| 131|#define DROPBEAR_FAILURE -1 ------------------ 169| 131| DEF_MP_INT(val1); ------------------ | | 80| 131|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 170| 131| DEF_MP_INT(val2); ------------------ | | 80| 131|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 171| 131| DEF_MP_INT(val3); ------------------ | | 80| 131|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 172| 131| DEF_MP_INT(val4); ------------------ | | 80| 131|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 173| 131| char * string = NULL; 174| 131| unsigned int stringlen; 175| | 176| 131| TRACE(("enter buf_dss_verify")) 177| 131| dropbear_assert(key != NULL); ------------------ | | 83| 131|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (83:37): [True: 0, False: 131] | | | Branch (83:93): [Folded - Ignored] | | ------------------ ------------------ 178| | 179| 131| m_mp_init_multi(&val1, &val2, &val3, &val4, NULL); 180| | 181| | /* get blob, check length */ 182| 131| string = buf_getstring(buf, &stringlen); 183| 131| if (stringlen != 2*SHA1_HASH_SIZE) { ------------------ | | 120| 131|#define SHA1_HASH_SIZE 20 ------------------ | Branch (183:6): [True: 10, False: 121] ------------------ 184| 10| goto out; 185| 10| } 186| | 187| |#if DEBUG_DSS_VERIFY 188| | printmpint("dss verify p", key->p); 189| | printmpint("dss verify q", key->q); 190| | printmpint("dss verify g", key->g); 191| | printmpint("dss verify y", key->y); 192| |#endif 193| | 194| | /* hash the data */ 195| 121| sha1_init(&hs); 196| 121| sha1_process(&hs, data_buf->data, data_buf->len); 197| 121| sha1_done(&hs, msghash); 198| | 199| | /* create the signature - s' and r' are the received signatures in buf */ 200| | /* w = (s')-1 mod q */ 201| | /* let val1 = s' */ 202| 121| bytes_to_mp(&val1, (const unsigned char*) &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE); ------------------ | | 120| 121|#define SHA1_HASH_SIZE 20 ------------------ bytes_to_mp(&val1, (const unsigned char*) &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE); ------------------ | | 120| 121|#define SHA1_HASH_SIZE 20 ------------------ 203| |#if DEBUG_DSS_VERIFY 204| | printmpint("dss verify s'", &val1); 205| |#endif 206| | 207| 121| if (mp_cmp(&val1, key->q) != MP_LT) { ------------------ | | 154| 121|#define MP_LT -1 /* less than */ ------------------ | Branch (207:6): [True: 2, False: 119] ------------------ 208| 2| TRACE(("verify failed, s' >= q")) 209| 2| goto out; 210| 2| } 211| 119| if (mp_cmp_d(&val1, 0) != MP_GT) { ------------------ | | 156| 119|#define MP_GT 1 /* greater than */ ------------------ | Branch (211:6): [True: 1, False: 118] ------------------ 212| 1| TRACE(("verify failed, s' <= 0")) 213| 1| goto out; 214| 1| } 215| | /* let val2 = w = (s')^-1 mod q*/ 216| 118| if (mp_invmod(&val1, key->q, &val2) != MP_OKAY) { ------------------ | | 161| 118|#define MP_OKAY 0 /* no error */ ------------------ | Branch (216:6): [True: 17, False: 101] ------------------ 217| 17| goto out; 218| 17| } 219| | 220| | /* u1 = ((SHA(M')w) mod q */ 221| | /* let val1 = SHA(M') = msghash */ 222| 101| bytes_to_mp(&val1, msghash, SHA1_HASH_SIZE); ------------------ | | 120| 101|#define SHA1_HASH_SIZE 20 ------------------ 223| |#if DEBUG_DSS_VERIFY 224| | printmpint("dss verify r'", &val1); 225| |#endif 226| | 227| | /* let val3 = u1 = ((SHA(M')w) mod q */ 228| 101| if (mp_mulmod(&val1, &val2, key->q, &val3) != MP_OKAY) { ------------------ | | 161| 101|#define MP_OKAY 0 /* no error */ ------------------ | Branch (228:6): [True: 0, False: 101] ------------------ 229| 0| goto out; 230| 0| } 231| | 232| | /* u2 = ((r')w) mod q */ 233| | /* let val1 = r' */ 234| 101| bytes_to_mp(&val1, (const unsigned char*) &string[0], SHA1_HASH_SIZE); ------------------ | | 120| 101|#define SHA1_HASH_SIZE 20 ------------------ 235| 101| if (mp_cmp(&val1, key->q) != MP_LT) { ------------------ | | 154| 101|#define MP_LT -1 /* less than */ ------------------ | Branch (235:6): [True: 3, False: 98] ------------------ 236| 3| TRACE(("verify failed, r' >= q")) 237| 3| goto out; 238| 3| } 239| 98| if (mp_cmp_d(&val1, 0) != MP_GT) { ------------------ | | 156| 98|#define MP_GT 1 /* greater than */ ------------------ | Branch (239:6): [True: 2, False: 96] ------------------ 240| 2| TRACE(("verify failed, r' <= 0")) 241| 2| goto out; 242| 2| } 243| | /* let val4 = u2 = ((r')w) mod q */ 244| 96| if (mp_mulmod(&val1, &val2, key->q, &val4) != MP_OKAY) { ------------------ | | 161| 96|#define MP_OKAY 0 /* no error */ ------------------ | Branch (244:6): [True: 0, False: 96] ------------------ 245| 0| goto out; 246| 0| } 247| | 248| | /* v = (((g)^u1 (y)^u2) mod p) mod q */ 249| | /* val2 = g^u1 mod p */ 250| 96| if (mp_exptmod(key->g, &val3, key->p, &val2) != MP_OKAY) { ------------------ | | 161| 96|#define MP_OKAY 0 /* no error */ ------------------ | Branch (250:6): [True: 0, False: 96] ------------------ 251| 0| goto out; 252| 0| } 253| | /* val3 = y^u2 mod p */ 254| 96| if (mp_exptmod(key->y, &val4, key->p, &val3) != MP_OKAY) { ------------------ | | 161| 96|#define MP_OKAY 0 /* no error */ ------------------ | Branch (254:6): [True: 0, False: 96] ------------------ 255| 0| goto out; 256| 0| } 257| | /* val4 = ((g)^u1 (y)^u2) mod p */ 258| 96| if (mp_mulmod(&val2, &val3, key->p, &val4) != MP_OKAY) { ------------------ | | 161| 96|#define MP_OKAY 0 /* no error */ ------------------ | Branch (258:6): [True: 0, False: 96] ------------------ 259| 0| goto out; 260| 0| } 261| | /* val2 = v = (((g)^u1 (y)^u2) mod p) mod q */ 262| 96| if (mp_mod(&val4, key->q, &val2) != MP_OKAY) { ------------------ | | 161| 96|#define MP_OKAY 0 /* no error */ ------------------ | Branch (262:6): [True: 0, False: 96] ------------------ 263| 0| goto out; 264| 0| } 265| | 266| | /* check whether signatures verify */ 267| 96| if (mp_cmp(&val2, &val1) == MP_EQ) { ------------------ | | 155| 96|#define MP_EQ 0 /* equal to */ ------------------ | Branch (267:6): [True: 0, False: 96] ------------------ 268| | /* good sig */ 269| 0| ret = DROPBEAR_SUCCESS; ------------------ | | 102| 0|#define DROPBEAR_SUCCESS 0 ------------------ 270| 0| } 271| | 272| 129|out: 273| 129| mp_clear_multi(&val1, &val2, &val3, &val4, NULL); 274| 129| m_free(string); ------------------ | | 24| 129|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 275| | 276| 129| return ret; 277| | 278| 96|} dropbear_ecc_fill_dp: 47| 1|void dropbear_ecc_fill_dp() { 48| 1| struct dropbear_ecc_curve **curve; 49| | /* libtomcrypt guarantees they're ordered by size */ 50| 1| const ltc_ecc_set_type *dp = ltc_ecc_sets; 51| 4| for (curve = dropbear_ecc_curves; *curve; curve++) { ------------------ | Branch (51:36): [True: 3, False: 1] ------------------ 52| 10| for (;dp->size > 0; dp++) { ------------------ | Branch (52:9): [True: 10, False: 0] ------------------ 53| 10| if (dp->size == (*curve)->ltc_size) { ------------------ | Branch (53:8): [True: 3, False: 7] ------------------ 54| 3| (*curve)->dp = dp; 55| 3| break; 56| 3| } 57| 10| } 58| 3| if (!(*curve)->dp) { ------------------ | Branch (58:7): [True: 0, False: 3] ------------------ 59| 0| dropbear_exit("Missing ECC params %s", (*curve)->name); 60| 0| } 61| 3| } 62| 1|} curve_for_dp: 64| 195|struct dropbear_ecc_curve* curve_for_dp(const ltc_ecc_set_type *dp) { 65| 195| struct dropbear_ecc_curve **curve = NULL; 66| 585| for (curve = dropbear_ecc_curves; *curve; curve++) { ------------------ | Branch (66:36): [True: 585, False: 0] ------------------ 67| 585| if ((*curve)->dp == dp) { ------------------ | Branch (67:7): [True: 195, False: 390] ------------------ 68| 195| break; 69| 195| } 70| 585| } 71| 195| assert(*curve); 72| 195| return *curve; 73| 195|} new_ecc_key: 75| 222|ecc_key * new_ecc_key(void) { 76| 222| ecc_key *key = m_malloc(sizeof(*key)); 77| 222| m_mp_alloc_init_multi((mp_int**)&key->pubkey.x, (mp_int**)&key->pubkey.y, 78| 222| (mp_int**)&key->pubkey.z, (mp_int**)&key->k, NULL); 79| 222| return key; 80| 222|} buf_put_ecc_raw_pubkey_string: 135| 914|void buf_put_ecc_raw_pubkey_string(buffer *buf, ecc_key *key) { 136| 914| unsigned long len = key->dp->size*2 + 1; 137| 914| int err; 138| 914| buf_putint(buf, len); 139| 914| err = ecc_ansi_x963_export(key, buf_getwriteptr(buf, len), &len); 140| 914| if (err != CRYPT_OK) { ------------------ | Branch (140:6): [True: 0, False: 914] ------------------ 141| 0| dropbear_exit("ECC error"); 142| 0| } 143| 914| buf_incrwritepos(buf, len); 144| 914|} buf_get_ecc_raw_pubkey: 147| 259|ecc_key * buf_get_ecc_raw_pubkey(buffer *buf, const struct dropbear_ecc_curve *curve) { 148| 259| ecc_key *key = NULL; 149| 259| int ret = DROPBEAR_FAILURE; ------------------ | | 103| 259|#define DROPBEAR_FAILURE -1 ------------------ 150| 259| const unsigned int size = curve->dp->size; 151| 259| unsigned char first; 152| | 153| 259| TRACE(("enter buf_get_ecc_raw_pubkey")) 154| | 155| 259| buf_setpos(buf, 0); 156| 259| first = buf_getbyte(buf); 157| 259| if (first == 2 || first == 3) { ------------------ | Branch (157:6): [True: 3, False: 256] | Branch (157:20): [True: 1, False: 255] ------------------ 158| 2| dropbear_log(LOG_WARNING, "Dropbear doesn't support ECC point compression"); 159| 2| return NULL; 160| 2| } 161| 257| if (first != 4 || buf->len != 1+2*size) { ------------------ | Branch (161:6): [True: 14, False: 243] | Branch (161:20): [True: 21, False: 222] ------------------ 162| 33| TRACE(("leave, wrong size")) 163| 33| return NULL; 164| 33| } 165| | 166| 224| key = new_ecc_key(); 167| 224| key->dp = curve->dp; 168| | 169| 224| if (mp_from_ubin(key->pubkey.x, buf_getptr(buf, size), size) != MP_OKAY) { ------------------ | | 161| 224|#define MP_OKAY 0 /* no error */ ------------------ | Branch (169:6): [True: 0, False: 224] ------------------ 170| 0| TRACE(("failed to read x")) 171| 0| goto out; 172| 0| } 173| 224| buf_incrpos(buf, size); 174| | 175| 224| if (mp_from_ubin(key->pubkey.y, buf_getptr(buf, size), size) != MP_OKAY) { ------------------ | | 161| 224|#define MP_OKAY 0 /* no error */ ------------------ | Branch (175:6): [True: 0, False: 224] ------------------ 176| 0| TRACE(("failed to read y")) 177| 0| goto out; 178| 0| } 179| 224| buf_incrpos(buf, size); 180| | 181| 224| mp_set(key->pubkey.z, 1); 182| | 183| 224| if (ecc_is_point(key) != CRYPT_OK) { ------------------ | Branch (183:6): [True: 10, False: 214] ------------------ 184| 10| TRACE(("failed, not a point")) 185| 10| goto out; 186| 10| } 187| | 188| | /* SEC1 3.2.3.1 Check that Q != 0 */ 189| 214| if (mp_cmp_d(key->pubkey.x, 0) == LTC_MP_EQ) { ------------------ | | 13| 214|#define LTC_MP_EQ 0 ------------------ | Branch (189:6): [True: 0, False: 214] ------------------ 190| 0| TRACE(("failed, x == 0")) 191| 0| goto out; 192| 0| } 193| 214| if (mp_cmp_d(key->pubkey.y, 0) == LTC_MP_EQ) { ------------------ | | 13| 214|#define LTC_MP_EQ 0 ------------------ | Branch (193:6): [True: 0, False: 214] ------------------ 194| 0| TRACE(("failed, y == 0")) 195| 0| goto out; 196| 0| } 197| | 198| 214| ret = DROPBEAR_SUCCESS; ------------------ | | 102| 214|#define DROPBEAR_SUCCESS 0 ------------------ 199| | 200| 222| out: 201| 222| if (ret == DROPBEAR_FAILURE) { ------------------ | | 103| 222|#define DROPBEAR_FAILURE -1 ------------------ | Branch (201:6): [True: 10, False: 212] ------------------ 202| 10| if (key) { ------------------ | Branch (202:7): [True: 10, False: 0] ------------------ 203| 10| ecc_free(key); 204| 10| m_free(key); ------------------ | | 24| 10|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 205| 10| key = NULL; 206| 10| } 207| 10| } 208| | 209| 222| return key; 210| | 211| 214|} dropbear_ecc_shared_secret: 216| 110|{ 217| 110| ecc_point *result = NULL; 218| 110| mp_int *prime = NULL, *shared_secret = NULL; 219| 110| int err = DROPBEAR_FAILURE; ------------------ | | 103| 110|#define DROPBEAR_FAILURE -1 ------------------ 220| | 221| | /* type valid? */ 222| 110| if (private_key->type != PK_PRIVATE) { ------------------ | Branch (222:6): [True: 0, False: 110] ------------------ 223| 0| goto out; 224| 0| } 225| | 226| 110| if (private_key->dp != public_key->dp) { ------------------ | Branch (226:6): [True: 0, False: 110] ------------------ 227| 0| goto out; 228| 0| } 229| | 230| | /* make new point */ 231| 110| result = ltc_ecc_new_point(); 232| 110| if (result == NULL) { ------------------ | Branch (232:6): [True: 0, False: 110] ------------------ 233| 0| goto out; 234| 0| } 235| | 236| 110| prime = m_malloc(sizeof(*prime)); 237| 110| m_mp_init(prime); 238| | 239| 110| if (mp_read_radix(prime, (char *)private_key->dp->prime, 16) != CRYPT_OK) { ------------------ | Branch (239:6): [True: 0, False: 110] ------------------ 240| 0| goto out; 241| 0| } 242| 110| if (ltc_mp.ecc_ptmul(private_key->k, &public_key->pubkey, result, prime, 1) != CRYPT_OK) { ------------------ | Branch (242:6): [True: 0, False: 110] ------------------ 243| 0| goto out; 244| 0| } 245| | 246| 110| shared_secret = m_malloc(sizeof(*shared_secret)); 247| 110| m_mp_init(shared_secret); 248| 110| if (mp_copy(result->x, shared_secret) != CRYPT_OK) { ------------------ | Branch (248:6): [True: 0, False: 110] ------------------ 249| 0| goto out; 250| 0| } 251| | 252| 110| mp_clear(prime); 253| 110| m_free(prime); ------------------ | | 24| 110|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 254| 110| ltc_ecc_del_point(result); 255| | 256| 110| err = DROPBEAR_SUCCESS; ------------------ | | 102| 110|#define DROPBEAR_SUCCESS 0 ------------------ 257| 110| out: 258| 110| if (err == DROPBEAR_FAILURE) { ------------------ | | 103| 110|#define DROPBEAR_FAILURE -1 ------------------ | Branch (258:6): [True: 0, False: 110] ------------------ 259| 0| dropbear_exit("ECC error"); 260| 0| } 261| 110| return shared_secret; 262| 110|} ecc.c:ecc_is_point: 85| 222|{ 86| 222| mp_int *prime, *b, *t1, *t2; 87| 222| int err; 88| | 89| 222| m_mp_alloc_init_multi(&prime, &b, &t1, &t2, NULL); 90| | 91| | /* load prime and b */ 92| 222| if ((err = mp_read_radix(prime, key->dp->prime, 16)) != CRYPT_OK) { goto error; } ------------------ | Branch (92:6): [True: 0, False: 222] ------------------ 93| 222| if ((err = mp_read_radix(b, key->dp->B, 16)) != CRYPT_OK) { goto error; } ------------------ | Branch (93:6): [True: 0, False: 222] ------------------ 94| | 95| | /* compute y^2 */ 96| 222| if ((err = mp_sqr(key->pubkey.y, t1)) != CRYPT_OK) { goto error; } ------------------ | Branch (96:6): [True: 0, False: 222] ------------------ 97| | 98| | /* compute x^3 */ 99| 222| if ((err = mp_sqr(key->pubkey.x, t2)) != CRYPT_OK) { goto error; } ------------------ | Branch (99:6): [True: 0, False: 222] ------------------ 100| 222| if ((err = mp_mod(t2, prime, t2)) != CRYPT_OK) { goto error; } ------------------ | Branch (100:6): [True: 0, False: 222] ------------------ 101| 222| if ((err = mp_mul(key->pubkey.x, t2, t2)) != CRYPT_OK) { goto error; } ------------------ | Branch (101:6): [True: 0, False: 222] ------------------ 102| | 103| | /* compute y^2 - x^3 */ 104| 222| if ((err = mp_sub(t1, t2, t1)) != CRYPT_OK) { goto error; } ------------------ | Branch (104:6): [True: 0, False: 222] ------------------ 105| | 106| | /* compute y^2 - x^3 + 3x */ 107| 222| if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } ------------------ | Branch (107:6): [True: 0, False: 222] ------------------ 108| 222| if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } ------------------ | Branch (108:6): [True: 0, False: 222] ------------------ 109| 222| if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } ------------------ | Branch (109:6): [True: 0, False: 222] ------------------ 110| 222| if ((err = mp_mod(t1, prime, t1)) != CRYPT_OK) { goto error; } ------------------ | Branch (110:6): [True: 0, False: 222] ------------------ 111| 222| while (mp_cmp_d(t1, 0) == LTC_MP_LT) { ------------------ | | 12| 222|#define LTC_MP_LT -1 ------------------ | Branch (111:9): [True: 0, False: 222] ------------------ 112| 0| if ((err = mp_add(t1, prime, t1)) != CRYPT_OK) { goto error; } ------------------ | Branch (112:7): [True: 0, False: 0] ------------------ 113| 0| } 114| 222| while (mp_cmp(t1, prime) != LTC_MP_LT) { ------------------ | | 12| 222|#define LTC_MP_LT -1 ------------------ | Branch (114:9): [True: 0, False: 222] ------------------ 115| 0| if ((err = mp_sub(t1, prime, t1)) != CRYPT_OK) { goto error; } ------------------ | Branch (115:7): [True: 0, False: 0] ------------------ 116| 0| } 117| | 118| | /* compare to b */ 119| 222| if (mp_cmp(t1, b) != LTC_MP_EQ) { ------------------ | | 13| 222|#define LTC_MP_EQ 0 ------------------ | Branch (119:6): [True: 10, False: 212] ------------------ 120| 10| err = CRYPT_INVALID_PACKET; 121| 212| } else { 122| 212| err = CRYPT_OK; 123| 212| } 124| | 125| 222| error: 126| 222| mp_clear_multi(prime, b, t1, t2, NULL); 127| 222| m_free(prime); ------------------ | | 24| 222|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 128| 222| m_free(b); ------------------ | | 24| 222|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 129| 222| m_free(t1); ------------------ | | 24| 222|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 130| 222| m_free(t2); ------------------ | | 24| 222|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 131| 222| return err; 132| 222|} signkey_is_ecdsa: 11| 3.47k|{ 12| 3.47k| return type == DROPBEAR_SIGNKEY_ECDSA_NISTP256 ------------------ | Branch (12:9): [True: 7, False: 3.46k] ------------------ 13| 3.47k| || type == DROPBEAR_SIGNKEY_ECDSA_NISTP384 ------------------ | Branch (13:6): [True: 2, False: 3.46k] ------------------ 14| 3.47k| || type == DROPBEAR_SIGNKEY_ECDSA_NISTP521; ------------------ | Branch (14:6): [True: 337, False: 3.12k] ------------------ 15| 3.47k|} buf_get_ecdsa_pub_key: 77| 151|ecc_key *buf_get_ecdsa_pub_key(buffer* buf) { 78| 151| unsigned char *key_ident = NULL, *identifier = NULL; 79| 151| unsigned int key_ident_len, identifier_len; 80| 151| buffer *q_buf = NULL; 81| 151| struct dropbear_ecc_curve **curve; 82| 151| ecc_key *new_key = NULL; 83| | 84| | /* string "ecdsa-sha2-[identifier]" or "sk-ecdsa-sha2-nistp256@openssh.com" */ 85| 151| key_ident = (unsigned char*)buf_getstring(buf, &key_ident_len); 86| | /* string "[identifier]" */ 87| 151| identifier = (unsigned char*)buf_getstring(buf, &identifier_len); 88| | 89| 151| if (strcmp (key_ident, "sk-ecdsa-sha2-nistp256@openssh.com") == 0) { ------------------ | Branch (89:6): [True: 0, False: 151] ------------------ 90| 0| if (strcmp (identifier, "nistp256") != 0) { ------------------ | Branch (90:7): [True: 0, False: 0] ------------------ 91| 0| TRACE(("mismatching identifiers")) 92| 0| goto out; 93| 0| } 94| 151| } else { 95| 151| if (key_ident_len != identifier_len + strlen ("ecdsa-sha2-")) { ------------------ | Branch (95:7): [True: 21, False: 130] ------------------ 96| 21| TRACE(("Bad identifier lengths")) 97| 21| goto out; 98| 21| } 99| 130| if (memcmp(&key_ident[strlen ("ecdsa-sha2-")], identifier, identifier_len) != 0) { ------------------ | Branch (99:7): [True: 13, False: 117] ------------------ 100| 13| TRACE(("mismatching identifiers")) 101| 13| goto out; 102| 13| } 103| 130| } 104| | 105| 337| for (curve = dropbear_ecc_curves; *curve; curve++) { ------------------ | Branch (105:36): [True: 334, False: 3] ------------------ 106| 334| if (memcmp(identifier, (char*)(*curve)->name, strlen((char*)(*curve)->name)) == 0) { ------------------ | Branch (106:7): [True: 114, False: 220] ------------------ 107| 114| break; 108| 114| } 109| 334| } 110| 117| if (!*curve) { ------------------ | Branch (110:6): [True: 0, False: 117] ------------------ 111| 0| TRACE(("couldn't match ecc curve")) 112| 0| goto out; 113| 0| } 114| | 115| | /* string Q */ 116| 117| q_buf = buf_getstringbuf(buf); 117| 117| new_key = buf_get_ecc_raw_pubkey(q_buf, *curve); 118| | 119| 147|out: 120| 147| m_free(key_ident); ------------------ | | 24| 147|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 121| 147| m_free(identifier); ------------------ | | 24| 147|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 122| 147| if (q_buf) { ------------------ | Branch (122:6): [True: 113, False: 34] ------------------ 123| 113| buf_free(q_buf); 124| 113| q_buf = NULL; 125| 113| } 126| 147| TRACE(("leave buf_get_ecdsa_pub_key")) 127| 147| return new_key; 128| 117|} buf_put_ecdsa_pub_key: 147| 100|void buf_put_ecdsa_pub_key(buffer *buf, ecc_key *key) { 148| 100| struct dropbear_ecc_curve *curve = NULL; 149| 100| char key_ident[30]; 150| | 151| 100| curve = curve_for_dp(key->dp); 152| 100| snprintf(key_ident, sizeof(key_ident), "ecdsa-sha2-%s", curve->name); 153| 100| buf_putstring(buf, key_ident, strlen(key_ident)); 154| 100| buf_putstring(buf, curve->name, strlen(curve->name)); 155| 100| buf_put_ecc_raw_pubkey_string(buf, key); 156| 100|} buf_ecdsa_verify: 281| 95|int buf_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf) { 282| | /* Based on libtomcrypt's ecc_verify_hash but without the asn1 */ 283| 95| int ret = DROPBEAR_FAILURE; ------------------ | | 103| 95|#define DROPBEAR_FAILURE -1 ------------------ 284| 95| hash_state hs; 285| 95| struct dropbear_ecc_curve *curve = NULL; 286| 95| unsigned char hash[64]; 287| 95| ecc_point *mG = NULL, *mQ = NULL; 288| 95| void *r = NULL, *s = NULL, *v = NULL, *w = NULL, *u1 = NULL, *u2 = NULL, 289| 95| *e = NULL, *p = NULL, *m = NULL; 290| 95| void *mp = NULL; 291| | 292| | /* verify 293| | * 294| | * w = s^-1 mod n 295| | * u1 = xw 296| | * u2 = rw 297| | * X = u1*G + u2*Q 298| | * v = X_x1 mod n 299| | * accept if v == r 300| | */ 301| | 302| 95| TRACE(("buf_ecdsa_verify")) 303| 95| curve = curve_for_dp(key->dp); 304| | 305| 95| mG = ltc_ecc_new_point(); 306| 95| mQ = ltc_ecc_new_point(); 307| 95| if (ltc_init_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL) != CRYPT_OK ------------------ | Branch (307:6): [True: 0, False: 95] ------------------ 308| 95| || !mG ------------------ | Branch (308:6): [True: 0, False: 95] ------------------ 309| 95| || !mQ) { ------------------ | Branch (309:6): [True: 0, False: 95] ------------------ 310| 0| dropbear_exit("ECC error"); 311| 0| } 312| | 313| 95| if (buf_get_ecdsa_verify_params(buf, r, s) != DROPBEAR_SUCCESS) { ------------------ | | 102| 95|#define DROPBEAR_SUCCESS 0 ------------------ | Branch (313:6): [True: 43, False: 52] ------------------ 314| 43| goto out; 315| 43| } 316| | 317| 52| curve->hash_desc->init(&hs); 318| 52| curve->hash_desc->process(&hs, data_buf->data, data_buf->len); 319| 52| curve->hash_desc->done(&hs, hash); 320| | 321| 52| if (ltc_mp.unsigned_read(e, hash, curve->hash_desc->hashsize) != CRYPT_OK) { ------------------ | Branch (321:6): [True: 0, False: 52] ------------------ 322| 0| goto out; 323| 0| } 324| | 325| | /* get the order */ 326| 52| if (ltc_mp.read_radix(p, (char *)key->dp->order, 16) != CRYPT_OK) { ------------------ | Branch (326:6): [True: 0, False: 52] ------------------ 327| 0| goto out; 328| 0| } 329| | 330| | /* get the modulus */ 331| 52| if (ltc_mp.read_radix(m, (char *)key->dp->prime, 16) != CRYPT_OK) { ------------------ | Branch (331:6): [True: 0, False: 52] ------------------ 332| 0| goto out; 333| 0| } 334| | 335| | /* check for zero */ 336| 52| if (ltc_mp.compare_d(r, 0) == LTC_MP_EQ ------------------ | | 13| 104|#define LTC_MP_EQ 0 ------------------ | Branch (336:6): [True: 3, False: 49] ------------------ 337| 52| || ltc_mp.compare_d(s, 0) == LTC_MP_EQ ------------------ | | 13| 101|#define LTC_MP_EQ 0 ------------------ | Branch (337:6): [True: 1, False: 48] ------------------ 338| 52| || ltc_mp.compare(r, p) != LTC_MP_LT ------------------ | | 12| 100|#define LTC_MP_LT -1 ------------------ | Branch (338:6): [True: 1, False: 47] ------------------ 339| 52| || ltc_mp.compare(s, p) != LTC_MP_LT) { ------------------ | | 12| 47|#define LTC_MP_LT -1 ------------------ | Branch (339:6): [True: 1, False: 46] ------------------ 340| 4| goto out; 341| 4| } 342| | 343| | /* w = s^-1 mod n */ 344| 48| if (ltc_mp.invmod(s, p, w) != CRYPT_OK) { ------------------ | Branch (344:6): [True: 0, False: 48] ------------------ 345| 0| goto out; 346| 0| } 347| | 348| | /* u1 = ew */ 349| 48| if (ltc_mp.mulmod(e, w, p, u1) != CRYPT_OK) { ------------------ | Branch (349:6): [True: 0, False: 48] ------------------ 350| 0| goto out; 351| 0| } 352| | 353| | /* u2 = rw */ 354| 48| if (ltc_mp.mulmod(r, w, p, u2) != CRYPT_OK) { ------------------ | Branch (354:6): [True: 0, False: 48] ------------------ 355| 0| goto out; 356| 0| } 357| | 358| | /* find mG and mQ */ 359| 48| if (ltc_mp.read_radix(mG->x, (char *)key->dp->Gx, 16) != CRYPT_OK) { ------------------ | Branch (359:6): [True: 0, False: 48] ------------------ 360| 0| goto out; 361| 0| } 362| 48| if (ltc_mp.read_radix(mG->y, (char *)key->dp->Gy, 16) != CRYPT_OK) { ------------------ | Branch (362:6): [True: 0, False: 48] ------------------ 363| 0| goto out; 364| 0| } 365| 48| if (ltc_mp.set_int(mG->z, 1) != CRYPT_OK) { ------------------ | Branch (365:6): [True: 0, False: 48] ------------------ 366| 0| goto out; 367| 0| } 368| | 369| 48| if (ltc_mp.copy(key->pubkey.x, mQ->x) != CRYPT_OK ------------------ | Branch (369:6): [True: 2, False: 46] ------------------ 370| 48| || ltc_mp.copy(key->pubkey.y, mQ->y) != CRYPT_OK ------------------ | Branch (370:6): [True: 0, False: 46] ------------------ 371| 48| || ltc_mp.copy(key->pubkey.z, mQ->z) != CRYPT_OK) { ------------------ | Branch (371:6): [True: 0, False: 46] ------------------ 372| 0| goto out; 373| 0| } 374| | 375| | /* compute u1*mG + u2*mQ = mG */ 376| 48| if (ltc_mp.ecc_mul2add == NULL) { ------------------ | Branch (376:6): [True: 0, False: 48] ------------------ 377| 0| if (ltc_mp.ecc_ptmul(u1, mG, mG, m, 0) != CRYPT_OK) { ------------------ | Branch (377:7): [True: 0, False: 0] ------------------ 378| 0| goto out; 379| 0| } 380| 0| if (ltc_mp.ecc_ptmul(u2, mQ, mQ, m, 0) != CRYPT_OK) { ------------------ | Branch (380:7): [True: 0, False: 0] ------------------ 381| 0| goto out; 382| 0| } 383| | 384| | /* find the montgomery mp */ 385| 0| if (ltc_mp.montgomery_setup(m, &mp) != CRYPT_OK) { ------------------ | Branch (385:7): [True: 0, False: 0] ------------------ 386| 0| goto out; 387| 0| } 388| | 389| | /* add them */ 390| 0| if (ltc_mp.ecc_ptadd(mQ, mG, mG, m, mp) != CRYPT_OK) { ------------------ | Branch (390:7): [True: 0, False: 0] ------------------ 391| 0| goto out; 392| 0| } 393| | 394| | /* reduce */ 395| 0| if (ltc_mp.ecc_map(mG, m, mp) != CRYPT_OK) { ------------------ | Branch (395:7): [True: 0, False: 0] ------------------ 396| 0| goto out; 397| 0| } 398| 48| } else { 399| | /* use Shamir's trick to compute u1*mG + u2*mQ using half of the doubles */ 400| 48| if (ltc_mp.ecc_mul2add(mG, u1, mQ, u2, mG, m) != CRYPT_OK) { ------------------ | Branch (400:7): [True: 0, False: 48] ------------------ 401| 0| goto out; 402| 0| } 403| 48| } 404| | 405| | /* v = X_x1 mod n */ 406| 48| if (ltc_mp.mpdiv(mG->x, p, NULL, v) != CRYPT_OK) { ------------------ | Branch (406:6): [True: 0, False: 48] ------------------ 407| 0| goto out; 408| 0| } 409| | 410| | /* does v == r */ 411| 48| if (ltc_mp.compare(v, r) == LTC_MP_EQ) { ------------------ | | 13| 48|#define LTC_MP_EQ 0 ------------------ | Branch (411:6): [True: 0, False: 48] ------------------ 412| 0| ret = DROPBEAR_SUCCESS; ------------------ | | 102| 0|#define DROPBEAR_SUCCESS 0 ------------------ 413| 0| } 414| | 415| 93|out: 416| 93| ltc_ecc_del_point(mG); 417| 93| ltc_ecc_del_point(mQ); 418| 93| ltc_deinit_multi(r, s, v, w, u1, u2, p, e, m, NULL); 419| 93| if (mp != NULL) { ------------------ | Branch (419:6): [True: 0, False: 93] ------------------ 420| 0| ltc_mp.montgomery_deinit(mp); 421| 0| } 422| 93| return ret; 423| 48|} ecdsa.c:buf_get_ecdsa_verify_params: 258| 95| void *r, void* s) { 259| 95| int ret = DROPBEAR_FAILURE; ------------------ | | 103| 95|#define DROPBEAR_FAILURE -1 ------------------ 260| 95| unsigned int sig_len; 261| 95| unsigned int sig_pos; 262| | 263| 95| sig_len = buf_getint(buf); 264| 95| sig_pos = buf->pos; 265| 95| if (buf_getmpint(buf, r) != DROPBEAR_SUCCESS) { ------------------ | | 102| 95|#define DROPBEAR_SUCCESS 0 ------------------ | Branch (265:6): [True: 1, False: 94] ------------------ 266| 1| goto out; 267| 1| } 268| 94| if (buf_getmpint(buf, s) != DROPBEAR_SUCCESS) { ------------------ | | 102| 94|#define DROPBEAR_SUCCESS 0 ------------------ | Branch (268:6): [True: 1, False: 93] ------------------ 269| 1| goto out; 270| 1| } 271| 93| if (buf->pos - sig_pos != sig_len) { ------------------ | Branch (271:6): [True: 41, False: 52] ------------------ 272| 41| goto out; 273| 41| } 274| 52| ret = DROPBEAR_SUCCESS; ------------------ | | 102| 52|#define DROPBEAR_SUCCESS 0 ------------------ 275| | 276| 93|out: 277| 93| return ret; 278| 52|} buf_get_ed25519_pub_key: 42| 419| enum signkey_type expect_keytype) { 43| | 44| | 45| 419| unsigned int len, typelen; 46| 419| char *keytype = NULL; 47| 419| enum signkey_type buf_keytype; 48| | 49| 419| TRACE(("enter buf_get_ed25519_pub_key")) 50| 419| dropbear_assert(key != NULL); ------------------ | | 83| 419|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (83:37): [True: 0, False: 419] | | | Branch (83:93): [Folded - Ignored] | | ------------------ ------------------ 51| | 52| | /* consume and check the key string */ 53| 419| keytype = buf_getstring(buf, &typelen); 54| 419| buf_keytype = signkey_type_from_name(keytype, typelen); 55| 419| m_free(keytype); ------------------ | | 24| 419|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 56| 419| if (buf_keytype != expect_keytype) { ------------------ | Branch (56:6): [True: 0, False: 419] ------------------ 57| 0| TRACE(("leave buf_get_ed25519_pub_key: mismatch key type")) 58| 0| return DROPBEAR_FAILURE; ------------------ | | 103| 0|#define DROPBEAR_FAILURE -1 ------------------ 59| 0| } 60| | 61| 419| len = buf_getint(buf); 62| 419| if (len != CURVE25519_LEN || buf->len - buf->pos < len) { ------------------ | | 34| 838|#define CURVE25519_LEN 32 ------------------ | Branch (62:6): [True: 35, False: 384] | Branch (62:31): [True: 7, False: 377] ------------------ 63| 40| TRACE(("leave buf_get_ed25519_pub_key: failure")) 64| 40| return DROPBEAR_FAILURE; ------------------ | | 103| 40|#define DROPBEAR_FAILURE -1 ------------------ 65| 40| } 66| | 67| 379| m_burn(key->priv, CURVE25519_LEN); ------------------ | | 34| 379|#define CURVE25519_LEN 32 ------------------ 68| 379| memcpy(key->pub, buf_getptr(buf, CURVE25519_LEN), CURVE25519_LEN); ------------------ | | 34| 379|#define CURVE25519_LEN 32 ------------------ memcpy(key->pub, buf_getptr(buf, CURVE25519_LEN), CURVE25519_LEN); ------------------ | | 34| 379|#define CURVE25519_LEN 32 ------------------ 69| 379| buf_incrpos(buf, CURVE25519_LEN); ------------------ | | 34| 379|#define CURVE25519_LEN 32 ------------------ 70| | 71| 379| TRACE(("leave buf_get_ed25519_pub_key: success")) 72| 379| return DROPBEAR_SUCCESS; ------------------ | | 102| 379|#define DROPBEAR_SUCCESS 0 ------------------ 73| 419|} buf_get_ed25519_priv_key: 78| 1|int buf_get_ed25519_priv_key(buffer *buf, dropbear_ed25519_key *key) { 79| | 80| 1| unsigned int len; 81| | 82| 1| TRACE(("enter buf_get_ed25519_priv_key")) 83| 1| dropbear_assert(key != NULL); ------------------ | | 83| 1|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (83:37): [True: 0, False: 1] | | | Branch (83:93): [Folded - Ignored] | | ------------------ ------------------ 84| | 85| 1| buf_incrpos(buf, 4+SSH_SIGNKEY_ED25519_LEN); /* int + "ssh-ed25519" */ ------------------ | | 115| 1|#define SSH_SIGNKEY_ED25519_LEN 11 ------------------ 86| | 87| 1| len = buf_getint(buf); 88| 1| if (len != CURVE25519_LEN*2 || buf->len - buf->pos < len) { ------------------ | | 34| 1|#define CURVE25519_LEN 32 ------------------ | Branch (88:6): [True: 0, False: 1] | Branch (88:33): [True: 0, False: 1] ------------------ 89| 0| TRACE(("leave buf_get_ed25519_priv_key: failure")) 90| 0| return DROPBEAR_FAILURE; ------------------ | | 103| 0|#define DROPBEAR_FAILURE -1 ------------------ 91| 0| } 92| | 93| 1| memcpy(key->priv, buf_getptr(buf, CURVE25519_LEN), CURVE25519_LEN); ------------------ | | 34| 1|#define CURVE25519_LEN 32 ------------------ memcpy(key->priv, buf_getptr(buf, CURVE25519_LEN), CURVE25519_LEN); ------------------ | | 34| 1|#define CURVE25519_LEN 32 ------------------ 94| 1| buf_incrpos(buf, CURVE25519_LEN); ------------------ | | 34| 1|#define CURVE25519_LEN 32 ------------------ 95| 1| memcpy(key->pub, buf_getptr(buf, CURVE25519_LEN), CURVE25519_LEN); ------------------ | | 34| 1|#define CURVE25519_LEN 32 ------------------ memcpy(key->pub, buf_getptr(buf, CURVE25519_LEN), CURVE25519_LEN); ------------------ | | 34| 1|#define CURVE25519_LEN 32 ------------------ 96| 1| buf_incrpos(buf, CURVE25519_LEN); ------------------ | | 34| 1|#define CURVE25519_LEN 32 ------------------ 97| | 98| 1| TRACE(("leave buf_get_ed25519_priv_key: success")) 99| 1| return DROPBEAR_SUCCESS; ------------------ | | 102| 1|#define DROPBEAR_SUCCESS 0 ------------------ 100| 1|} ed25519_key_free: 103| 421|void ed25519_key_free(dropbear_ed25519_key *key) { 104| | 105| 421| TRACE2(("enter ed25519_key_free")) 106| | 107| 421| if (key == NULL) { ------------------ | Branch (107:6): [True: 421, False: 0] ------------------ 108| 421| TRACE2(("leave ed25519_key_free: key == NULL")) 109| 421| return; 110| 421| } 111| 0| m_burn(key->priv, CURVE25519_LEN); ------------------ | | 34| 0|#define CURVE25519_LEN 32 ------------------ 112| 0| m_free(key); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 113| | 114| 0| TRACE2(("leave ed25519_key_free")) 115| 0|} buf_put_ed25519_pub_key: 118| 282|void buf_put_ed25519_pub_key(buffer *buf, const dropbear_ed25519_key *key) { 119| | 120| 282| TRACE(("enter buf_put_ed25519_pub_key")) 121| 282| dropbear_assert(key != NULL); ------------------ | | 83| 282|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (83:37): [True: 0, False: 282] | | | Branch (83:93): [Folded - Ignored] | | ------------------ ------------------ 122| | 123| 282| buf_putstring(buf, SSH_SIGNKEY_ED25519, SSH_SIGNKEY_ED25519_LEN); ------------------ | | 114| 282|#define SSH_SIGNKEY_ED25519 "ssh-ed25519" ------------------ buf_putstring(buf, SSH_SIGNKEY_ED25519, SSH_SIGNKEY_ED25519_LEN); ------------------ | | 115| 282|#define SSH_SIGNKEY_ED25519_LEN 11 ------------------ 124| 282| buf_putstring(buf, key->pub, CURVE25519_LEN); ------------------ | | 34| 282|#define CURVE25519_LEN 32 ------------------ 125| | 126| 282| TRACE(("leave buf_put_ed25519_pub_key")) 127| 282|} buf_ed25519_verify: 163| 71|int buf_ed25519_verify(buffer *buf, const dropbear_ed25519_key *key, const buffer *data_buf) { 164| | 165| 71| int ret = DROPBEAR_FAILURE; ------------------ | | 103| 71|#define DROPBEAR_FAILURE -1 ------------------ 166| 71| unsigned char *s; 167| 71| unsigned long slen; 168| | 169| 71| TRACE(("enter buf_ed25519_verify")) 170| 71| dropbear_assert(key != NULL); ------------------ | | 83| 71|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (83:37): [True: 0, False: 71] | | | Branch (83:93): [Folded - Ignored] | | ------------------ ------------------ 171| | 172| 71| slen = buf_getint(buf); 173| 71| if (slen != 64 || buf->len - buf->pos < slen) { ------------------ | Branch (173:6): [True: 52, False: 19] | Branch (173:20): [True: 6, False: 13] ------------------ 174| 58| TRACE(("leave buf_ed25519_verify: bad size")) 175| 58| goto out; 176| 58| } 177| 13| s = buf_getptr(buf, slen); 178| | 179| 13| if (dropbear_ed25519_verify(data_buf->data, data_buf->len, ------------------ | Branch (179:6): [True: 0, False: 13] ------------------ 180| 13| s, slen, key->pub) == 0) { 181| | /* signature is valid */ 182| 0| TRACE(("leave buf_ed25519_verify: success!")) 183| 0| ret = DROPBEAR_SUCCESS; ------------------ | | 102| 0|#define DROPBEAR_SUCCESS 0 ------------------ 184| 0| } 185| | 186| 71|out: 187| 71| TRACE(("leave buf_ed25519_verify: ret %d", ret)) 188| 71| return ret; 189| 13|} list_append: 5| 1|void list_append(m_list *list, void *item) { 6| 1| m_list_elem *elem; 7| | 8| 1| elem = m_malloc(sizeof(*elem)); 9| 1| elem->item = item; 10| 1| elem->list = list; 11| 1| elem->next = NULL; 12| 1| if (!list->first) { ------------------ | Branch (12:6): [True: 1, False: 0] ------------------ 13| 1| list->first = elem; 14| 1| elem->prev = NULL; 15| 1| } else { 16| 0| elem->prev = list->last; 17| 0| list->last->next = elem; 18| 0| } 19| 1| list->last = elem; 20| 1|} list_new: 22| 3|m_list * list_new() { 23| 3| m_list *ret = m_malloc(sizeof(m_list)); 24| 3| ret->first = ret->last = NULL; 25| 3| return ret; 26| 3|} listeners_initialise: 30| 3.51k|void listeners_initialise() { 31| | 32| | /* just one slot to start with */ 33| 3.51k| ses.listeners = (struct Listener**)m_malloc(sizeof(struct Listener*)); 34| 3.51k| ses.listensize = 1; 35| 3.51k| ses.listeners[0] = NULL; 36| | 37| 3.51k|} set_listener_fds: 39| 107k|void set_listener_fds(fd_set * readfds) { 40| | 41| 107k| unsigned int i, j; 42| 107k| struct Listener *listener; 43| | 44| | /* check each in turn */ 45| 214k| for (i = 0; i < ses.listensize; i++) { ------------------ | Branch (45:14): [True: 107k, False: 107k] ------------------ 46| 107k| listener = ses.listeners[i]; 47| 107k| if (listener != NULL) { ------------------ | Branch (47:7): [True: 0, False: 107k] ------------------ 48| 0| for (j = 0; j < listener->nsocks; j++) { ------------------ | Branch (48:16): [True: 0, False: 0] ------------------ 49| 0| FD_SET(listener->socks[j], readfds); 50| 0| } 51| 0| } 52| 107k| } 53| 107k|} handle_listeners: 56| 103k|void handle_listeners(const fd_set * readfds) { 57| | 58| 103k| unsigned int i, j; 59| 103k| struct Listener *listener; 60| 103k| int sock; 61| | 62| | /* check each in turn */ 63| 207k| for (i = 0; i < ses.listensize; i++) { ------------------ | Branch (63:14): [True: 103k, False: 103k] ------------------ 64| 103k| listener = ses.listeners[i]; 65| 103k| if (listener != NULL) { ------------------ | Branch (65:7): [True: 0, False: 103k] ------------------ 66| 0| for (j = 0; j < listener->nsocks; j++) { ------------------ | Branch (66:16): [True: 0, False: 0] ------------------ 67| 0| sock = listener->socks[j]; 68| 0| if (FD_ISSET(sock, readfds)) { 69| 0| listener->acceptor(listener, sock); 70| 0| } 71| 0| } 72| 0| } 73| 103k| } 74| 103k|} /* Woo brace matching */ remove_all_listeners: 166| 3.51k|void remove_all_listeners(void) { 167| 3.51k| unsigned int i; 168| 7.03k| for (i = 0; i < ses.listensize; i++) { ------------------ | Branch (168:14): [True: 3.51k, False: 3.51k] ------------------ 169| 3.51k| if (ses.listeners[i]) { ------------------ | Branch (169:7): [True: 0, False: 3.51k] ------------------ 170| 0| remove_listener(ses.listeners[i]); 171| 0| } 172| 3.51k| } 173| 3.51k| m_free(ses.listeners); ------------------ | | 24| 3.51k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 174| 3.51k|} dropbear_prng_read: 70| 594|{ 71| 594| LTC_ARGCHK(out != NULL); ------------------ | | 32| 594|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 594] | | | Branch (32:87): [Folded - Ignored] | | ------------------ ------------------ 72| 594| genrandom(out, outlen); 73| 594| return outlen; 74| 594|} remove_connect_pending: 228| 3.51k|void remove_connect_pending() { 229| 3.51k| while (ses.conn_pending.first) { ------------------ | Branch (229:9): [True: 0, False: 3.51k] ------------------ 230| 0| struct dropbear_progress_connection *c = ses.conn_pending.first->item; 231| 0| remove_connect(c, ses.conn_pending.first); 232| 0| } 233| 3.51k|} set_connect_fds: 236| 107k|void set_connect_fds(fd_set *writefd) { 237| 107k| m_list_elem *iter; 238| 107k| iter = ses.conn_pending.first; 239| 107k| while (iter) { ------------------ | Branch (239:9): [True: 0, False: 107k] ------------------ 240| 0| m_list_elem *next_iter = iter->next; 241| 0| struct dropbear_progress_connection *c = iter->item; 242| | /* Set one going */ 243| 0| while (c->res_iter && c->sock < 0) { ------------------ | Branch (243:10): [True: 0, False: 0] | Branch (243:25): [True: 0, False: 0] ------------------ 244| 0| connect_try_next(c); 245| 0| } 246| 0| if (c->sock >= 0) { ------------------ | Branch (246:7): [True: 0, False: 0] ------------------ 247| 0| FD_SET(c->sock, writefd); 248| 0| } else { 249| | /* Final failure */ 250| 0| if (!c->errstring) { ------------------ | Branch (250:8): [True: 0, False: 0] ------------------ 251| 0| c->errstring = m_strdup("unexpected failure"); 252| 0| } 253| 0| c->cb(DROPBEAR_FAILURE, -1, c->cb_data, c->errstring); ------------------ | | 103| 0|#define DROPBEAR_FAILURE -1 ------------------ 254| 0| remove_connect(c, iter); 255| 0| } 256| 0| iter = next_iter; 257| 0| } 258| 107k|} handle_connect_fds: 260| 103k|void handle_connect_fds(const fd_set *writefd) { 261| 103k| m_list_elem *iter; 262| 103k| for (iter = ses.conn_pending.first; iter; iter = iter->next) { ------------------ | Branch (262:38): [True: 0, False: 103k] ------------------ 263| 0| int val; 264| 0| socklen_t vallen = sizeof(val); 265| 0| struct dropbear_progress_connection *c = iter->item; 266| | 267| 0| if (c->sock < 0 || !FD_ISSET(c->sock, writefd)) { ------------------ | Branch (267:7): [True: 0, False: 0] | Branch (267:22): [True: 0, False: 0] ------------------ 268| 0| continue; 269| 0| } 270| | 271| 0| TRACE(("handling %s port %s socket %d", c->remotehost, c->remoteport, c->sock)); 272| | 273| 0| if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &val, &vallen) != 0) { ------------------ | Branch (273:7): [True: 0, False: 0] ------------------ 274| 0| TRACE(("handle_connect_fds getsockopt(%d) SO_ERROR failed: %s", c->sock, strerror(errno))) 275| | /* This isn't expected to happen - Unix has surprises though, continue gracefully. */ 276| 0| m_close(c->sock); 277| 0| c->sock = -1; 278| 0| } else if (val != 0) { ------------------ | Branch (278:14): [True: 0, False: 0] ------------------ 279| | /* Connect failed */ 280| 0| TRACE(("connect to %s port %s failed.", c->remotehost, c->remoteport)) 281| 0| m_close(c->sock); 282| 0| c->sock = -1; 283| | 284| 0| m_free(c->errstring); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 285| 0| c->errstring = m_strdup(strerror(val)); 286| 0| } else { 287| | /* New connection has been established */ 288| 0| c->cb(DROPBEAR_SUCCESS, c->sock, c->cb_data, NULL); ------------------ | | 102| 0|#define DROPBEAR_SUCCESS 0 ------------------ 289| 0| remove_connect(c, iter); 290| 0| TRACE(("leave handle_connect_fds - success")) 291| | /* Must return here - remove_connect() invalidates iter */ 292| 0| return; 293| 0| } 294| 0| } 295| 103k|} packet_queue_to_iovec: 301| 28.7k|void packet_queue_to_iovec(const struct Queue *queue, struct iovec *iov, unsigned int *iov_count) { 302| 28.7k| struct Link *l; 303| 28.7k| unsigned int i; 304| 28.7k| int len; 305| 28.7k| buffer *writebuf; 306| | 307| |#ifndef IOV_MAX 308| | #if defined(__CYGWIN__) && !defined(UIO_MAXIOV) 309| | #define IOV_MAX 1024 310| | #elif defined(__sgi) 311| | #define IOV_MAX 512 312| | #else 313| | #define IOV_MAX UIO_MAXIOV 314| | #endif 315| |#endif 316| | 317| 28.7k| *iov_count = MIN(MIN(queue->count, IOV_MAX), *iov_count); 318| | 319| 68.0k| for (l = queue->head, i = 0; i < *iov_count; l = l->link, i++) ------------------ | Branch (319:31): [True: 39.3k, False: 28.7k] ------------------ 320| 39.3k| { 321| 39.3k| writebuf = (buffer*)l->item; 322| 39.3k| len = writebuf->len - writebuf->pos; 323| 39.3k| dropbear_assert(len > 0); ------------------ | | 83| 39.3k|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (83:37): [True: 0, False: 39.3k] | | | Branch (83:93): [Folded - Ignored] | | ------------------ ------------------ 324| 39.3k| TRACE2(("write_packet writev #%d len %d/%d", i, 325| 39.3k| len, writebuf->len)) 326| 39.3k| iov[i].iov_base = buf_getptr(writebuf, len); 327| 39.3k| iov[i].iov_len = len; 328| 39.3k| } 329| 28.7k|} packet_queue_consume: 331| 28.7k|void packet_queue_consume(struct Queue *queue, ssize_t written) { 332| 28.7k| buffer *writebuf; 333| 28.7k| int len; 334| 57.5k| while (written > 0) { ------------------ | Branch (334:9): [True: 28.7k, False: 28.7k] ------------------ 335| 28.7k| writebuf = (buffer*)examine(queue); 336| 28.7k| len = writebuf->len - writebuf->pos; 337| 28.7k| if (len > written) { ------------------ | Branch (337:7): [True: 0, False: 28.7k] ------------------ 338| | /* partial buffer write */ 339| 0| buf_incrpos(writebuf, written); 340| 0| written = 0; 341| 28.7k| } else { 342| 28.7k| written -= len; 343| 28.7k| dequeue(queue); 344| 28.7k| buf_free(writebuf); 345| 28.7k| } 346| 28.7k| } 347| 28.7k|} set_sock_priority: 367| 3.51k|void set_sock_priority(int sock, enum dropbear_prio prio) { 368| | 369| 3.51k| int rc; 370| 3.51k| int val; 371| | 372| 3.51k|#if DROPBEAR_FUZZ 373| 3.51k| if (fuzz.fuzzing) { ------------------ | Branch (373:6): [True: 3.51k, False: 0] ------------------ 374| 3.51k| TRACE(("fuzzing skips set_sock_prio")) 375| 3.51k| return; 376| 3.51k| } 377| 0|#endif 378| | /* Don't log ENOTSOCK errors so that this can harmlessly be called 379| | * on a client '-J' proxy pipe */ 380| | 381| 0| if (opts.disable_ip_tos == 0) { ------------------ | Branch (381:6): [True: 0, False: 0] ------------------ 382| 0|#ifdef IP_TOS 383| | /* Set the DSCP field for outbound IP packet priority. 384| | rfc4594 has some guidance to meanings. 385| | 386| | We set AF21 as "Low-Latency" class for interactive (tty session, 387| | also handshake/setup packets). Other traffic is left at the default. 388| | 389| | OpenSSH at present uses AF21/CS1, rationale 390| | https://cvsweb.openbsd.org/src/usr.bin/ssh/readconf.c#rev1.284 391| | 392| | Old Dropbear/OpenSSH and Debian/Ubuntu OpenSSH (at Jan 2022) use 393| | IPTOS_LOWDELAY/IPTOS_THROUGHPUT 394| | 395| | DSCP constants are from Linux headers, applicable to other platforms 396| | such as macos. 397| | */ 398| 0| if (prio == DROPBEAR_PRIO_LOWDELAY) { ------------------ | Branch (398:6): [True: 0, False: 0] ------------------ 399| 0| val = 0x48; /* IPTOS_DSCP_AF21 */ 400| 0| } else { 401| 0| val = 0; /* default */ 402| 0| } 403| 0|#if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) 404| 0| rc = setsockopt(sock, IPPROTO_IPV6, IPV6_TCLASS, (void*)&val, sizeof(val)); 405| 0| if (rc < 0 && errno != ENOTSOCK) { ------------------ | Branch (405:6): [True: 0, False: 0] | Branch (405:16): [True: 0, False: 0] ------------------ 406| 0| TRACE(("Couldn't set IPV6_TCLASS (%s)", strerror(errno))); 407| 0| } 408| 0|#endif 409| 0| rc = setsockopt(sock, IPPROTO_IP, IP_TOS, (void*)&val, sizeof(val)); 410| 0| if (rc < 0 && errno != ENOTSOCK) { ------------------ | Branch (410:6): [True: 0, False: 0] | Branch (410:16): [True: 0, False: 0] ------------------ 411| 0| TRACE(("Couldn't set IP_TOS (%s)", strerror(errno))); 412| 0| } 413| 0|#endif /* IP_TOS */ 414| 0| } 415| | 416| 0|#ifdef HAVE_LINUX_PKT_SCHED_H 417| | /* Set scheduling priority within the local Linux network stack */ 418| 0| if (prio == DROPBEAR_PRIO_LOWDELAY) { ------------------ | Branch (418:6): [True: 0, False: 0] ------------------ 419| 0| val = TC_PRIO_INTERACTIVE; 420| 0| } else { 421| 0| val = 0; 422| 0| } 423| | /* linux specific, sets QoS class. see tc-prio(8) */ 424| 0| rc = setsockopt(sock, SOL_SOCKET, SO_PRIORITY, (void*) &val, sizeof(val)); 425| 0| if (rc < 0 && errno != ENOTSOCK) { ------------------ | Branch (425:6): [True: 0, False: 0] | Branch (425:16): [True: 0, False: 0] ------------------ 426| 0| TRACE(("Couldn't set SO_PRIORITY (%s)", strerror(errno))) 427| 0| } 428| 0|#endif 429| | 430| 0|} write_packet: 58| 28.7k|void write_packet() { 59| | 60| 28.7k| ssize_t written; 61| 28.7k|#if defined(HAVE_WRITEV) && (defined(IOV_MAX) || defined(UIO_MAXIOV)) 62| | /* 50 is somewhat arbitrary */ 63| 28.7k| unsigned int iov_count = 50; 64| 28.7k| struct iovec iov[50]; 65| |#else 66| | int len; 67| | buffer* writebuf; 68| |#endif 69| | 70| 28.7k| TRACE2(("enter write_packet")) 71| 28.7k| dropbear_assert(!isempty(&ses.writequeue)); ------------------ | | 83| 28.7k|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (83:37): [True: 0, False: 28.7k] | | | Branch (83:93): [Folded - Ignored] | | ------------------ ------------------ 72| | 73| 28.7k|#if defined(HAVE_WRITEV) && (defined(IOV_MAX) || defined(UIO_MAXIOV)) 74| | 75| 28.7k| packet_queue_to_iovec(&ses.writequeue, iov, &iov_count); 76| | /* This may return EAGAIN. The main loop sometimes 77| | calls write_packet() without bothering to test with select() since 78| | it's likely to be necessary */ 79| 28.7k|#if DROPBEAR_FUZZ 80| 28.7k| if (fuzz.fuzzing) { ------------------ | Branch (80:6): [True: 28.7k, False: 0] ------------------ 81| | /* pretend to write one packet at a time */ 82| | /* TODO(fuzz): randomise amount written based on the fuzz input */ 83| 28.7k| written = iov[0].iov_len; 84| 28.7k| } 85| 0| else 86| 0|#endif 87| 0| { 88| 0| written = writev(ses.sock_out, iov, iov_count); 89| 0| if (written < 0) { ------------------ | Branch (89:6): [True: 0, False: 0] ------------------ 90| 0| if (errno == EINTR || errno == EAGAIN) { ------------------ | Branch (90:7): [True: 0, False: 0] | Branch (90:25): [True: 0, False: 0] ------------------ 91| 0| TRACE2(("leave write_packet: EINTR")) 92| 0| return; 93| 0| } else { 94| 0| dropbear_exit("Error writing: %s", strerror(errno)); 95| 0| } 96| 0| } 97| 0| } 98| | 99| 28.7k| packet_queue_consume(&ses.writequeue, written); 100| 28.7k| ses.writequeue_len -= written; 101| | 102| 28.7k| if (written == 0) { ------------------ | Branch (102:6): [True: 0, False: 28.7k] ------------------ 103| 0| ses.remoteclosed(); 104| 0| } 105| | 106| |#else /* No writev () */ 107| |#if DROPBEAR_FUZZ 108| | _Static_assert(0, "No fuzzing code for no-writev writes"); 109| |#endif 110| | /* Get the next buffer in the queue of encrypted packets to write*/ 111| | writebuf = (buffer*)examine(&ses.writequeue); 112| | 113| | len = writebuf->len - writebuf->pos; 114| | dropbear_assert(len > 0); 115| | /* Try to write as much as possible */ 116| | written = write(ses.sock_out, buf_getptr(writebuf, len), len); 117| | 118| | if (written < 0) { 119| | if (errno == EINTR || errno == EAGAIN) { 120| | TRACE2(("leave writepacket: EINTR")) 121| | return; 122| | } else { 123| | dropbear_exit("Error writing: %s", strerror(errno)); 124| | } 125| | } 126| | 127| | if (written == 0) { 128| | ses.remoteclosed(); 129| | } 130| | 131| | ses.writequeue_len -= written; 132| | 133| | if (written == len) { 134| | /* We've finished with the packet, free it */ 135| | dequeue(&ses.writequeue); 136| | buf_free(writebuf); 137| | writebuf = NULL; 138| | } else { 139| | /* More packet left to write, leave it in the queue for later */ 140| | buf_incrpos(writebuf, written); 141| | } 142| |#endif /* writev */ 143| | 144| 28.7k| TRACE2(("leave write_packet")) 145| 28.7k|} read_packet: 150| 89.6k|void read_packet() { 151| | 152| 89.6k| int len; 153| 89.6k| unsigned int maxlen; 154| 89.6k| unsigned char blocksize; 155| | 156| 89.6k| TRACE2(("enter read_packet")) 157| 89.6k| blocksize = ses.keys->recv.algo_crypt->blocksize; 158| | 159| 89.6k| if (ses.readbuf == NULL || ses.readbuf->len < blocksize) { ------------------ | Branch (159:6): [True: 22.7k, False: 66.8k] | Branch (159:29): [True: 38.0k, False: 28.7k] ------------------ 160| 60.8k| int ret; 161| | /* In the first blocksize of a packet */ 162| | 163| | /* Read the first blocksize of the packet, so we can decrypt it and 164| | * find the length of the whole packet */ 165| 60.8k| ret = read_packet_init(); 166| | 167| 60.8k| if (ret == DROPBEAR_FAILURE) { ------------------ | | 103| 60.8k|#define DROPBEAR_FAILURE -1 ------------------ | Branch (167:7): [True: 38.0k, False: 22.7k] ------------------ 168| | /* didn't read enough to determine the length */ 169| 38.0k| TRACE2(("leave read_packet: packetinit done")) 170| 38.0k| return; 171| 38.0k| } 172| 60.8k| } 173| | 174| | /* Attempt to read the remainder of the packet, note that there 175| | * mightn't be any available (EAGAIN) */ 176| 51.5k| maxlen = ses.readbuf->len - ses.readbuf->pos; 177| 51.5k| if (maxlen == 0) { ------------------ | Branch (177:6): [True: 13.5k, False: 38.0k] ------------------ 178| | /* Occurs when the packet is only a single block long and has all 179| | * been read in read_packet_init(). Usually means that MAC is disabled 180| | */ 181| 13.5k| len = 0; 182| 38.0k| } else { 183| 38.0k| len = read(ses.sock_in, buf_getptr(ses.readbuf, maxlen), maxlen); ------------------ | | 55| 38.0k|#define read(fd, buf, count) wrapfd_read(fd, buf, count) ------------------ 184| | 185| 38.0k| if (len == 0) { ------------------ | Branch (185:7): [True: 103, False: 37.9k] ------------------ 186| 103| ses.remoteclosed(); 187| 103| } 188| | 189| 38.0k| if (len < 0) { ------------------ | Branch (189:7): [True: 42, False: 38.0k] ------------------ 190| 42| if (errno == EINTR || errno == EAGAIN) { ------------------ | Branch (190:8): [True: 41, False: 1] | Branch (190:26): [True: 0, False: 1] ------------------ 191| 41| TRACE2(("leave read_packet: EINTR or EAGAIN")) 192| 41| return; 193| 41| } else { 194| 1| dropbear_exit("Error reading: %s", strerror(errno)); 195| 1| } 196| 42| } 197| | 198| 38.0k| buf_incrpos(ses.readbuf, len); 199| 38.0k| } 200| | 201| 51.5k| if ((unsigned int)len == maxlen) { ------------------ | Branch (201:6): [True: 22.0k, False: 29.4k] ------------------ 202| | /* The whole packet has been read */ 203| 22.0k| decrypt_packet(); 204| | /* The main select() loop process_packet() to 205| | * handle the packet contents... */ 206| 22.0k| } 207| 51.5k| TRACE2(("leave read_packet")) 208| 51.5k|} decrypt_packet: 298| 22.0k|void decrypt_packet() { 299| | 300| 22.0k| unsigned char blocksize; 301| 22.0k| unsigned char macsize; 302| 22.0k| unsigned int padlen; 303| 22.0k| unsigned int len; 304| | 305| 22.0k| TRACE2(("enter decrypt_packet")) 306| 22.0k| blocksize = ses.keys->recv.algo_crypt->blocksize; 307| 22.0k| macsize = ses.keys->recv.algo_mac->hashsize; 308| | 309| 22.0k| ses.kexstate.datarecv += ses.readbuf->len; 310| | 311| 22.0k|#if DROPBEAR_AEAD_MODE 312| 22.0k| if (ses.keys->recv.crypt_mode->aead_crypt) { ------------------ | Branch (312:6): [True: 0, False: 22.0k] ------------------ 313| | /* first blocksize is not decrypted yet */ 314| 0| buf_setpos(ses.readbuf, 0); 315| | 316| | /* decrypt it in-place */ 317| 0| len = ses.readbuf->len - macsize - ses.readbuf->pos; 318| 0| if (ses.keys->recv.crypt_mode->aead_crypt(ses.recvseq, ------------------ | Branch (318:7): [True: 0, False: 0] ------------------ 319| 0| buf_getptr(ses.readbuf, len + macsize), 320| 0| buf_getwriteptr(ses.readbuf, len), 321| 0| len, macsize, 322| 0| &ses.keys->recv.cipher_state, LTC_DECRYPT) != CRYPT_OK) { ------------------ | | 70| 0|#define LTC_DECRYPT 1 ------------------ 323| 0| dropbear_exit("Error decrypting"); 324| 0| } 325| 0| buf_incrpos(ses.readbuf, len); 326| 0| } else 327| 22.0k|#endif 328| 22.0k| { 329| | /* we've already decrypted the first blocksize in read_packet_init */ 330| 22.0k| buf_setpos(ses.readbuf, blocksize); 331| | 332| | /* decrypt it in-place */ 333| 22.0k| len = ses.readbuf->len - macsize - ses.readbuf->pos; 334| 22.0k| if (ses.keys->recv.crypt_mode->decrypt( ------------------ | Branch (334:7): [True: 0, False: 22.0k] ------------------ 335| 22.0k| buf_getptr(ses.readbuf, len), 336| 22.0k| buf_getwriteptr(ses.readbuf, len), 337| 22.0k| len, 338| 22.0k| &ses.keys->recv.cipher_state) != CRYPT_OK) { 339| 0| dropbear_exit("Error decrypting"); 340| 0| } 341| 22.0k| buf_incrpos(ses.readbuf, len); 342| | 343| | /* check the hmac */ 344| 22.0k| if (checkmac() != DROPBEAR_SUCCESS) { ------------------ | | 102| 22.0k|#define DROPBEAR_SUCCESS 0 ------------------ | Branch (344:7): [True: 0, False: 22.0k] ------------------ 345| 0| dropbear_exit("Integrity error"); 346| 0| } 347| | 348| 22.0k| } 349| | 350| 22.0k|#if DROPBEAR_FUZZ 351| 22.0k| fuzz_dump(ses.readbuf->data, ses.readbuf->len); 352| 22.0k|#endif 353| | 354| | /* get padding length */ 355| 22.0k| buf_setpos(ses.readbuf, PACKET_PADDING_OFF); ------------------ | | 48| 22.0k|#define PACKET_PADDING_OFF 4 ------------------ 356| 22.0k| padlen = buf_getbyte(ses.readbuf); 357| | 358| | /* payload length */ 359| | /* - 4 - 1 is for LEN and PADLEN values */ 360| 22.0k| len = ses.readbuf->len - padlen - 4 - 1 - macsize; 361| 22.0k| if ((len > RECV_MAX_PAYLOAD_LEN+ZLIB_COMPRESS_EXPANSION) || (len < 1)) { ------------------ | | 492| 22.0k|#define RECV_MAX_PAYLOAD_LEN 32768 ------------------ if ((len > RECV_MAX_PAYLOAD_LEN+ZLIB_COMPRESS_EXPANSION) || (len < 1)) { ------------------ | | 50| 22.0k|#define ZLIB_COMPRESS_EXPANSION (((RECV_MAX_PAYLOAD_LEN/16384)+1)*5 + 6) | | ------------------ | | | | 492| 22.0k|#define RECV_MAX_PAYLOAD_LEN 32768 | | ------------------ ------------------ | Branch (361:6): [True: 16, False: 22.0k] | Branch (361:62): [True: 1, False: 22.0k] ------------------ 362| 17| dropbear_exit("Bad packet size %u", len); 363| 17| } 364| | 365| 22.0k| buf_setpos(ses.readbuf, PACKET_PAYLOAD_OFF); ------------------ | | 49| 22.0k|#define PACKET_PAYLOAD_OFF 5 ------------------ 366| | 367| |#ifndef DISABLE_ZLIB 368| | if (is_compress_recv()) { 369| | /* decompress */ 370| | ses.payload = buf_decompress(ses.readbuf, len); 371| | buf_setpos(ses.payload, 0); 372| | ses.payload_beginning = 0; 373| | buf_free(ses.readbuf); 374| | } else 375| |#endif 376| 22.0k| { 377| 22.0k| ses.payload = ses.readbuf; 378| 22.0k| ses.payload_beginning = ses.payload->pos; 379| 22.0k| buf_setlen(ses.payload, ses.payload->pos + len); 380| 22.0k| } 381| 22.0k| ses.readbuf = NULL; 382| | 383| 22.0k| ses.recvseq++; 384| | 385| 22.0k| TRACE2(("leave decrypt_packet")) 386| 22.0k|} maybe_flush_reply_queue: 495| 103k|void maybe_flush_reply_queue() { 496| 103k| struct packetlist *tmp_item = NULL, *curr_item = NULL; 497| 103k| if (!ses.dataallowed) ------------------ | Branch (497:6): [True: 103k, False: 0] ------------------ 498| 103k| { 499| 103k| TRACE(("maybe_empty_reply_queue - no data allowed")) 500| 103k| return; 501| 103k| } 502| | 503| 0| for (curr_item = ses.reply_queue_head; curr_item; ) { ------------------ | Branch (503:41): [True: 0, False: 0] ------------------ 504| 0| CHECKCLEARTOWRITE(); 505| 0| buf_putbytes(ses.writepayload, 506| 0| curr_item->payload->data, curr_item->payload->len); 507| | 508| 0| buf_free(curr_item->payload); 509| 0| tmp_item = curr_item; 510| 0| curr_item = curr_item->next; 511| 0| m_free(tmp_item); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 512| 0| encrypt_packet(); 513| 0| } 514| 0| ses.reply_queue_head = ses.reply_queue_tail = NULL; 515| 0|} encrypt_packet: 519| 25.7k|void encrypt_packet() { 520| | 521| 25.7k| unsigned char padlen; 522| 25.7k| unsigned char blocksize, mac_size; 523| 25.7k| buffer * writebuf; /* the packet which will go on the wire. This is 524| | encrypted in-place. */ 525| 25.7k| unsigned char packet_type; 526| 25.7k| unsigned int len, encrypt_buf_size; 527| 25.7k| unsigned char mac_bytes[MAX_MAC_LEN]; 528| | 529| 25.7k| time_t now; 530| | 531| 25.7k| TRACE2(("enter encrypt_packet()")) 532| | 533| 25.7k| buf_setpos(ses.writepayload, 0); 534| 25.7k| packet_type = buf_getbyte(ses.writepayload); 535| 25.7k| buf_setpos(ses.writepayload, 0); 536| | 537| 25.7k| TRACE2(("encrypt_packet type is %d", packet_type)) 538| | 539| 25.7k| if ((!ses.dataallowed && !packet_is_okay_kex(packet_type))) { ------------------ | Branch (539:7): [True: 22.2k, False: 3.51k] | Branch (539:27): [True: 538, False: 21.7k] ------------------ 540| | /* During key exchange only particular packets are allowed. 541| | Since this packet_type isn't OK we just enqueue it to send 542| | after the KEX, see maybe_flush_reply_queue */ 543| 538| enqueue_reply_packet(); 544| 538| return; 545| 538| } 546| | 547| 25.2k| blocksize = ses.keys->trans.algo_crypt->blocksize; 548| 25.2k| mac_size = ses.keys->trans.algo_mac->hashsize; 549| | 550| | /* Encrypted packet len is payload+5. We need to then make sure 551| | * there is enough space for padding or MIN_PACKET_LEN. 552| | * Add extra 3 since we need at least 4 bytes of padding */ 553| 25.2k| encrypt_buf_size = (ses.writepayload->len+4+1) 554| 25.2k| + MAX(MIN_PACKET_LEN, blocksize) + 3 555| | /* add space for the MAC at the end */ 556| 25.2k| + mac_size 557| |#ifndef DISABLE_ZLIB 558| | /* some extra in case 'compression' makes it larger */ 559| | + ZLIB_COMPRESS_EXPANSION 560| |#endif 561| | /* and an extra cleartext (stripped before transmission) byte for the 562| | * packet type */ 563| 25.2k| + 1; 564| | 565| 25.2k| writebuf = buf_new(encrypt_buf_size); 566| 25.2k| buf_setlen(writebuf, PACKET_PAYLOAD_OFF); ------------------ | | 49| 25.2k|#define PACKET_PAYLOAD_OFF 5 ------------------ 567| 25.2k| buf_setpos(writebuf, PACKET_PAYLOAD_OFF); ------------------ | | 49| 25.2k|#define PACKET_PAYLOAD_OFF 5 ------------------ 568| | 569| |#ifndef DISABLE_ZLIB 570| | /* compression */ 571| | if (is_compress_trans()) { 572| | buf_compress(writebuf, ses.writepayload, ses.writepayload->len); 573| | } else 574| |#endif 575| 25.2k| { 576| 25.2k| memcpy(buf_getwriteptr(writebuf, ses.writepayload->len), 577| 25.2k| buf_getptr(ses.writepayload, ses.writepayload->len), 578| 25.2k| ses.writepayload->len); 579| 25.2k| buf_incrwritepos(writebuf, ses.writepayload->len); 580| 25.2k| } 581| | 582| | /* finished with payload */ 583| 25.2k| buf_setpos(ses.writepayload, 0); 584| 25.2k| buf_setlen(ses.writepayload, 0); 585| | 586| | /* length of padding - packet length excluding the packetlength uint32 587| | * field in aead mode must be a multiple of blocksize, with a minimum of 588| | * 4 bytes of padding */ 589| 25.2k| len = writebuf->len; 590| 25.2k|#if DROPBEAR_AEAD_MODE 591| 25.2k| if (ses.keys->trans.crypt_mode->aead_crypt) { ------------------ | Branch (591:6): [True: 0, False: 25.2k] ------------------ 592| 0| len -= 4; 593| 0| } 594| 25.2k|#endif 595| 25.2k| padlen = blocksize - len % blocksize; 596| 25.2k| if (padlen < 4) { ------------------ | Branch (596:6): [True: 3.91k, False: 21.3k] ------------------ 597| 3.91k| padlen += blocksize; 598| 3.91k| } 599| | /* check for min packet length */ 600| 25.2k| if (writebuf->len + padlen < MIN_PACKET_LEN) { ------------------ | | 213| 25.2k|#define MIN_PACKET_LEN 16 ------------------ | Branch (600:6): [True: 0, False: 25.2k] ------------------ 601| 0| padlen += blocksize; 602| 0| } 603| | 604| 25.2k| buf_setpos(writebuf, 0); 605| | /* packet length excluding the packetlength uint32 */ 606| 25.2k| buf_putint(writebuf, writebuf->len + padlen - 4); 607| | 608| | /* padding len */ 609| 25.2k| buf_putbyte(writebuf, padlen); 610| | /* actual padding */ 611| 25.2k| buf_setpos(writebuf, writebuf->len); 612| 25.2k| buf_incrlen(writebuf, padlen); 613| 25.2k| genrandom(buf_getptr(writebuf, padlen), padlen); 614| | 615| 25.2k|#if DROPBEAR_AEAD_MODE 616| 25.2k| if (ses.keys->trans.crypt_mode->aead_crypt) { ------------------ | Branch (616:6): [True: 0, False: 25.2k] ------------------ 617| | /* do the actual encryption, in-place */ 618| 0| buf_setpos(writebuf, 0); 619| | /* encrypt it in-place*/ 620| 0| len = writebuf->len; 621| 0| buf_incrlen(writebuf, mac_size); 622| 0| if (ses.keys->trans.crypt_mode->aead_crypt(ses.transseq, ------------------ | Branch (622:7): [True: 0, False: 0] ------------------ 623| 0| buf_getptr(writebuf, len), 624| 0| buf_getwriteptr(writebuf, len + mac_size), 625| 0| len, mac_size, 626| 0| &ses.keys->trans.cipher_state, LTC_ENCRYPT) != CRYPT_OK) { ------------------ | | 68| 0|#define LTC_ENCRYPT 0 ------------------ 627| 0| dropbear_exit("Error encrypting"); 628| 0| } 629| 0| buf_incrpos(writebuf, len + mac_size); 630| 0| } else 631| 25.2k|#endif 632| 25.2k| { 633| 25.2k| make_mac(ses.transseq, &ses.keys->trans, writebuf, writebuf->len, mac_bytes); 634| | 635| | /* do the actual encryption, in-place */ 636| 25.2k| buf_setpos(writebuf, 0); 637| | /* encrypt it in-place*/ 638| 25.2k| len = writebuf->len; 639| 25.2k| if (ses.keys->trans.crypt_mode->encrypt( ------------------ | Branch (639:7): [True: 0, False: 25.2k] ------------------ 640| 25.2k| buf_getptr(writebuf, len), 641| 25.2k| buf_getwriteptr(writebuf, len), 642| 25.2k| len, 643| 25.2k| &ses.keys->trans.cipher_state) != CRYPT_OK) { 644| 0| dropbear_exit("Error encrypting"); 645| 0| } 646| 25.2k| buf_incrpos(writebuf, len); 647| | 648| | /* stick the MAC on it */ 649| 25.2k| buf_putbytes(writebuf, mac_bytes, mac_size); 650| 25.2k| } 651| | 652| | /* Update counts */ 653| 25.2k| ses.kexstate.datatrans += writebuf->len; 654| | 655| 25.2k| writebuf_enqueue(writebuf); 656| | 657| | /* Update counts */ 658| 25.2k| ses.transseq++; 659| | 660| 25.2k| now = monotonic_now(); 661| 25.2k| ses.last_packet_time_any_sent = now; 662| | /* idle timeout shouldn't be affected by responses to keepalives. 663| | send_msg_keepalive() itself also does tricks with 664| | ses.last_packet_idle_time - read that if modifying this code */ 665| 25.2k| if (packet_type != SSH_MSG_REQUEST_FAILURE ------------------ | | 65| 50.5k|#define SSH_MSG_REQUEST_FAILURE 82 ------------------ | Branch (665:6): [True: 25.2k, False: 0] ------------------ 666| 25.2k| && packet_type != SSH_MSG_UNIMPLEMENTED ------------------ | | 31| 50.5k|#define SSH_MSG_UNIMPLEMENTED 3 ------------------ | Branch (666:6): [True: 9.37k, False: 15.8k] ------------------ 667| 25.2k| && packet_type != SSH_MSG_IGNORE) { ------------------ | | 30| 9.37k|#define SSH_MSG_IGNORE 2 ------------------ | Branch (667:6): [True: 9.37k, False: 0] ------------------ 668| 9.37k| ses.last_packet_time_idle = now; 669| | 670| 9.37k| } 671| | 672| 25.2k| TRACE2(("leave encrypt_packet()")) 673| 25.2k|} writebuf_enqueue: 675| 28.7k|void writebuf_enqueue(buffer * writebuf) { 676| | /* enqueue the packet for sending. It will get freed after transmission. */ 677| 28.7k| buf_setpos(writebuf, 0); 678| 28.7k| enqueue(&ses.writequeue, (void*)writebuf); 679| 28.7k| ses.writequeue_len += writebuf->len; 680| 28.7k|} packet.c:read_packet_init: 214| 60.8k|static int read_packet_init() { 215| | 216| 60.8k| unsigned int maxlen; 217| 60.8k| int slen; 218| 60.8k| unsigned int len, plen; 219| 60.8k| unsigned int blocksize; 220| 60.8k| unsigned int macsize; 221| | 222| | 223| 60.8k| blocksize = ses.keys->recv.algo_crypt->blocksize; 224| 60.8k| macsize = ses.keys->recv.algo_mac->hashsize; 225| | 226| 60.8k| if (ses.readbuf == NULL) { ------------------ | Branch (226:6): [True: 22.7k, False: 38.0k] ------------------ 227| | /* start of a new packet */ 228| 22.7k| ses.readbuf = buf_new(INIT_READBUF); ------------------ | | 51| 22.7k|#define INIT_READBUF 128 ------------------ 229| 22.7k| } 230| | 231| 60.8k| maxlen = blocksize - ses.readbuf->pos; 232| | 233| | /* read the rest of the packet if possible */ 234| 60.8k| slen = read(ses.sock_in, buf_getwriteptr(ses.readbuf, maxlen), ------------------ | | 55| 60.8k|#define read(fd, buf, count) wrapfd_read(fd, buf, count) ------------------ 235| 60.8k| maxlen); 236| 60.8k| if (slen == 0) { ------------------ | Branch (236:6): [True: 554, False: 60.2k] ------------------ 237| 554| ses.remoteclosed(); 238| 554| } 239| 60.8k| if (slen < 0) { ------------------ | Branch (239:6): [True: 76, False: 60.7k] ------------------ 240| 76| if (errno == EINTR || errno == EAGAIN) { ------------------ | Branch (240:7): [True: 74, False: 2] | Branch (240:25): [True: 0, False: 2] ------------------ 241| 74| TRACE2(("leave read_packet_init: EINTR")) 242| 74| return DROPBEAR_FAILURE; ------------------ | | 103| 74|#define DROPBEAR_FAILURE -1 ------------------ 243| 74| } 244| 2| dropbear_exit("Error reading: %s", strerror(errno)); 245| 76| } 246| | 247| 60.7k| buf_incrwritepos(ses.readbuf, slen); 248| | 249| 60.7k| if ((unsigned int)slen != maxlen) { ------------------ | Branch (249:6): [True: 37.9k, False: 22.7k] ------------------ 250| | /* don't have enough bytes to determine length, get next time */ 251| 37.9k| return DROPBEAR_FAILURE; ------------------ | | 103| 37.9k|#define DROPBEAR_FAILURE -1 ------------------ 252| 37.9k| } 253| | 254| | /* now we have the first block, need to get packet length, so we decrypt 255| | * the first block (only need first 4 bytes) */ 256| 22.7k| buf_setpos(ses.readbuf, 0); 257| 22.7k|#if DROPBEAR_AEAD_MODE 258| 22.7k| if (ses.keys->recv.crypt_mode->aead_crypt) { ------------------ | Branch (258:6): [True: 0, False: 22.7k] ------------------ 259| 0| if (ses.keys->recv.crypt_mode->aead_getlength(ses.recvseq, ------------------ | Branch (259:7): [True: 0, False: 0] ------------------ 260| 0| buf_getptr(ses.readbuf, blocksize), &plen, 261| 0| blocksize, 262| 0| &ses.keys->recv.cipher_state) != CRYPT_OK) { 263| 0| dropbear_exit("Error decrypting"); 264| 0| } 265| 0| len = plen + 4 + macsize; 266| 0| } else 267| 22.7k|#endif 268| 22.7k| { 269| 22.7k| if (ses.keys->recv.crypt_mode->decrypt(buf_getptr(ses.readbuf, blocksize), ------------------ | Branch (269:7): [True: 0, False: 22.7k] ------------------ 270| 22.7k| buf_getwriteptr(ses.readbuf, blocksize), 271| 22.7k| blocksize, 272| 22.7k| &ses.keys->recv.cipher_state) != CRYPT_OK) { 273| 0| dropbear_exit("Error decrypting"); 274| 0| } 275| 22.7k| plen = buf_getint(ses.readbuf) + 4; 276| 22.7k| len = plen + macsize; 277| 22.7k| } 278| | 279| 22.7k| TRACE2(("packet size is %u, block %u mac %u", len, blocksize, macsize)) 280| | 281| | 282| | /* check packet length */ 283| 22.7k| if ((len > RECV_MAX_PACKET_LEN) || ------------------ | | 215| 22.7k|#define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100))) ------------------ | Branch (283:6): [True: 601, False: 22.1k] ------------------ 284| 22.7k| (plen < blocksize) || ------------------ | Branch (284:3): [True: 5, False: 22.1k] ------------------ 285| 22.7k| (plen % blocksize != 0)) { ------------------ | Branch (285:3): [True: 19, False: 22.1k] ------------------ 286| 71| dropbear_exit("Integrity error (bad packet size %u)", len); 287| 71| } 288| | 289| 22.6k| if (len > ses.readbuf->size) { ------------------ | Branch (289:6): [True: 4.30k, False: 18.3k] ------------------ 290| 4.30k| ses.readbuf = buf_resize(ses.readbuf, len); 291| 4.30k| } 292| 22.6k| buf_setlen(ses.readbuf, len); 293| 22.6k| buf_setpos(ses.readbuf, blocksize); 294| 22.6k| return DROPBEAR_SUCCESS; ------------------ | | 102| 22.6k|#define DROPBEAR_SUCCESS 0 ------------------ 295| 22.7k|} packet.c:checkmac: 390| 22.0k|static int checkmac() { 391| | 392| 22.0k| unsigned char mac_bytes[MAX_MAC_LEN]; 393| 22.0k| unsigned int mac_size, contents_len; 394| | 395| 22.0k| mac_size = ses.keys->recv.algo_mac->hashsize; 396| 22.0k| contents_len = ses.readbuf->len - mac_size; 397| | 398| 22.0k| buf_setpos(ses.readbuf, 0); 399| 22.0k| make_mac(ses.recvseq, &ses.keys->recv, ses.readbuf, contents_len, mac_bytes); 400| | 401| 22.0k|#if DROPBEAR_FUZZ 402| 22.0k| if (fuzz.fuzzing) { ------------------ | Branch (402:6): [True: 22.0k, False: 0] ------------------ 403| | /* fail 1 in 2000 times to test error path. */ 404| 22.0k| unsigned int value = 0; 405| 22.0k| if (mac_size > sizeof(value)) { ------------------ | Branch (405:7): [True: 0, False: 22.0k] ------------------ 406| 0| memcpy(&value, mac_bytes, sizeof(value)); 407| 0| } 408| 22.0k| if (value % 2000 == 99) { ------------------ | Branch (408:7): [True: 0, False: 22.0k] ------------------ 409| 0| return DROPBEAR_FAILURE; ------------------ | | 103| 0|#define DROPBEAR_FAILURE -1 ------------------ 410| 0| } 411| 22.0k| return DROPBEAR_SUCCESS; ------------------ | | 102| 22.0k|#define DROPBEAR_SUCCESS 0 ------------------ 412| 22.0k| } 413| 0|#endif 414| | 415| | /* compare the hash */ 416| 0| buf_setpos(ses.readbuf, contents_len); 417| 0| if (constant_time_memcmp(mac_bytes, buf_getptr(ses.readbuf, mac_size), mac_size) != 0) { ------------------ | Branch (417:6): [True: 0, False: 0] ------------------ 418| 0| return DROPBEAR_FAILURE; ------------------ | | 103| 0|#define DROPBEAR_FAILURE -1 ------------------ 419| 0| } else { 420| 0| return DROPBEAR_SUCCESS; ------------------ | | 102| 0|#define DROPBEAR_SUCCESS 0 ------------------ 421| 0| } 422| 0|} packet.c:packet_is_okay_kex: 464| 22.2k|static int packet_is_okay_kex(unsigned char type) { 465| 22.2k| if (type >= SSH_MSG_USERAUTH_REQUEST) { ------------------ | | 42| 22.2k|#define SSH_MSG_USERAUTH_REQUEST 50 ------------------ | Branch (465:6): [True: 269, False: 22.0k] ------------------ 466| 269| return 0; 467| 269| } 468| 22.0k| if (type == SSH_MSG_SERVICE_REQUEST || type == SSH_MSG_SERVICE_ACCEPT) { ------------------ | | 33| 44.0k|#define SSH_MSG_SERVICE_REQUEST 5 ------------------ if (type == SSH_MSG_SERVICE_REQUEST || type == SSH_MSG_SERVICE_ACCEPT) { ------------------ | | 34| 21.7k|#define SSH_MSG_SERVICE_ACCEPT 6 ------------------ | Branch (468:6): [True: 269, False: 21.7k] | Branch (468:41): [True: 0, False: 21.7k] ------------------ 469| 269| return 0; 470| 269| } 471| 21.7k| if (type == SSH_MSG_KEXINIT) { ------------------ | | 36| 21.7k|#define SSH_MSG_KEXINIT 20 ------------------ | Branch (471:6): [True: 0, False: 21.7k] ------------------ 472| | /* XXX should this die horribly if !dataallowed ?? */ 473| 0| return 0; 474| 0| } 475| 21.7k| return 1; 476| 21.7k|} packet.c:enqueue_reply_packet: 478| 538|static void enqueue_reply_packet() { 479| 538| struct packetlist * new_item = NULL; 480| 538| new_item = m_malloc(sizeof(struct packetlist)); 481| 538| new_item->next = NULL; 482| | 483| 538| new_item->payload = buf_newcopy(ses.writepayload); 484| 538| buf_setpos(ses.writepayload, 0); 485| 538| buf_setlen(ses.writepayload, 0); 486| | 487| 538| if (ses.reply_queue_tail) { ------------------ | Branch (487:6): [True: 269, False: 269] ------------------ 488| 269| ses.reply_queue_tail->next = new_item; 489| 269| } else { 490| 269| ses.reply_queue_head = new_item; 491| 269| } 492| 538| ses.reply_queue_tail = new_item; 493| 538|} packet.c:make_mac: 687| 47.2k| unsigned char *output_mac) { 688| 47.2k| unsigned char seqbuf[4]; 689| 47.2k| unsigned long bufsize; 690| 47.2k| hmac_state hmac; 691| | 692| 47.2k| if (key_state->algo_mac->hashsize > 0) { ------------------ | Branch (692:6): [True: 0, False: 47.2k] ------------------ 693| | /* calculate the mac */ 694| 0| if (hmac_init(&hmac, ------------------ | Branch (694:7): [True: 0, False: 0] ------------------ 695| 0| key_state->hash_index, 696| 0| key_state->mackey, 697| 0| key_state->algo_mac->keysize) != CRYPT_OK) { 698| 0| dropbear_exit("HMAC error"); 699| 0| } 700| | 701| | /* sequence number */ 702| 0| STORE32H(seqno, seqbuf); ------------------ | | 62| 0|#define STORE32H(x, y) \ | | 63| 0|do { ulong32 __t = __builtin_bswap32 ((x)); \ | | 64| 0| XMEMCPY ((y), &__t, 4); } while(0) | | ------------------ | | | | 39| 0|#define XMEMCPY memcpy | | ------------------ | | | Branch (64:39): [Folded - Ignored] | | ------------------ ------------------ 703| 0| if (hmac_process(&hmac, seqbuf, 4) != CRYPT_OK) { ------------------ | Branch (703:7): [True: 0, False: 0] ------------------ 704| 0| dropbear_exit("HMAC error"); 705| 0| } 706| | 707| | /* the actual contents */ 708| 0| buf_setpos(clear_buf, 0); 709| 0| if (hmac_process(&hmac, ------------------ | Branch (709:7): [True: 0, False: 0] ------------------ 710| 0| buf_getptr(clear_buf, clear_len), 711| 0| clear_len) != CRYPT_OK) { 712| 0| dropbear_exit("HMAC error"); 713| 0| } 714| | 715| 0| bufsize = MAX_MAC_LEN; ------------------ | | 134| 0|#define MAX_MAC_LEN 32 ------------------ 716| 0| if (hmac_done(&hmac, output_mac, &bufsize) != CRYPT_OK) { ------------------ | Branch (716:7): [True: 0, False: 0] ------------------ 717| 0| dropbear_exit("HMAC error"); 718| 0| } 719| 0| } 720| 47.2k| TRACE2(("leave writemac")) 721| 47.2k|} process_packet: 43| 22.0k|void process_packet() { 44| | 45| 22.0k| unsigned char type; 46| 22.0k| unsigned int i; 47| 22.0k| time_t now; 48| | 49| 22.0k| TRACE2(("enter process_packet")) 50| | 51| 22.0k| type = buf_getbyte(ses.payload); 52| 22.0k| TRACE(("process_packet: packet type = %d, len %d", type, ses.payload->len)) 53| | 54| 22.0k| now = monotonic_now(); 55| 22.0k| ses.last_packet_time_keepalive_recv = now; 56| | 57| | /* These packets we can receive at any time */ 58| 22.0k| switch(type) { ------------------ | Branch (58:9): [True: 20.8k, False: 1.13k] ------------------ 59| | 60| 602| case SSH_MSG_IGNORE: ------------------ | | 30| 602|#define SSH_MSG_IGNORE 2 ------------------ | Branch (60:3): [True: 602, False: 21.4k] ------------------ 61| 602| goto out; 62| 323| case SSH_MSG_DEBUG: ------------------ | | 32| 323|#define SSH_MSG_DEBUG 4 ------------------ | Branch (62:3): [True: 323, False: 21.7k] ------------------ 63| 323| goto out; 64| | 65| 206| case SSH_MSG_UNIMPLEMENTED: ------------------ | | 31| 206|#define SSH_MSG_UNIMPLEMENTED 3 ------------------ | Branch (65:3): [True: 206, False: 21.8k] ------------------ 66| | /* debugging XXX */ 67| 206| TRACE(("SSH_MSG_UNIMPLEMENTED")) 68| 206| goto out; 69| | 70| 2| case SSH_MSG_DISCONNECT: ------------------ | | 29| 2|#define SSH_MSG_DISCONNECT 1 ------------------ | Branch (70:3): [True: 2, False: 22.0k] ------------------ 71| | /* TODO cleanup? */ 72| 2| dropbear_close("Disconnect received"); 73| 22.0k| } 74| | 75| | /* Ignore these packet types so that keepalives don't interfere with 76| | idle detection. This is slightly incorrect since a tcp forwarded 77| | global request with failure won't trigger the idle timeout, 78| | but that's probably acceptable */ 79| 20.8k| if (!(type == SSH_MSG_GLOBAL_REQUEST ------------------ | | 63| 41.7k|#define SSH_MSG_GLOBAL_REQUEST 80 ------------------ | Branch (79:8): [True: 1, False: 20.8k] ------------------ 80| 20.8k| || type == SSH_MSG_REQUEST_FAILURE ------------------ | | 65| 41.7k|#define SSH_MSG_REQUEST_FAILURE 82 ------------------ | Branch (80:6): [True: 1, False: 20.8k] ------------------ 81| 20.8k| || type == SSH_MSG_CHANNEL_FAILURE)) { ------------------ | | 76| 20.8k|#define SSH_MSG_CHANNEL_FAILURE 100 ------------------ | Branch (81:6): [True: 1, False: 20.8k] ------------------ 82| 20.8k| ses.last_packet_time_idle = now; 83| 20.8k| } 84| | 85| | /* This applies for KEX, where the spec says the next packet MUST be 86| | * NEWKEYS */ 87| 20.8k| if (ses.requirenext != 0) { ------------------ | Branch (87:6): [True: 20.8k, False: 0] ------------------ 88| 20.8k| if (ses.requirenext == type) ------------------ | Branch (88:7): [True: 4.94k, False: 15.9k] ------------------ 89| 4.94k| { 90| | /* Got what we expected */ 91| 4.94k| TRACE(("got expected packet %d during kexinit", type)) 92| 4.94k| } 93| 15.9k| else 94| 15.9k| { 95| | /* RFC4253 7.1 - various messages are allowed at this point. 96| | The only ones we know about have already been handled though, 97| | so just return "unimplemented" */ 98| 15.9k| if (type >= 1 && type <= 49 ------------------ | Branch (98:8): [True: 15.9k, False: 19] | Branch (98:21): [True: 15.8k, False: 38] ------------------ 99| 15.9k| && type != SSH_MSG_SERVICE_REQUEST ------------------ | | 33| 31.8k|#define SSH_MSG_SERVICE_REQUEST 5 ------------------ | Branch (99:8): [True: 15.8k, False: 1] ------------------ 100| 15.9k| && type != SSH_MSG_SERVICE_ACCEPT ------------------ | | 34| 31.8k|#define SSH_MSG_SERVICE_ACCEPT 6 ------------------ | Branch (100:8): [True: 15.8k, False: 1] ------------------ 101| 15.9k| && type != SSH_MSG_KEXINIT) ------------------ | | 36| 15.8k|#define SSH_MSG_KEXINIT 20 ------------------ | Branch (101:8): [True: 15.8k, False: 1] ------------------ 102| 15.8k| { 103| 15.8k| TRACE(("unknown allowed packet during kexinit")) 104| 15.8k| recv_unimplemented(); 105| 15.8k| goto out; 106| 15.8k| } 107| 60| else 108| 60| { 109| 60| TRACE(("disallowed packet during kexinit")) 110| 60| dropbear_exit("Unexpected packet type %d, expected %d", type, 111| 60| ses.requirenext); 112| 60| } 113| 15.9k| } 114| 20.8k| } 115| | 116| | /* Check if we should ignore this packet. Used currently only for 117| | * KEX code, with first_kex_packet_follows */ 118| 4.94k| if (ses.ignorenext) { ------------------ | Branch (118:6): [True: 2, False: 4.94k] ------------------ 119| 2| TRACE(("Ignoring packet, type = %d", type)) 120| 2| ses.ignorenext = 0; 121| 2| goto out; 122| 2| } 123| | 124| | /* Only clear the flag after we have checked ignorenext */ 125| 4.94k| if (ses.requirenext != 0 && ses.requirenext == type) ------------------ | Branch (125:6): [True: 4.94k, False: 0] | Branch (125:30): [True: 4.94k, False: 0] ------------------ 126| 4.94k| { 127| 4.94k| ses.requirenext = 0; 128| 4.94k| } 129| | 130| | 131| | /* Kindly the protocol authors gave all the preauth packets type values 132| | * less-than-or-equal-to 60 ( == MAX_UNAUTH_PACKET_TYPE ). 133| | * NOTE: if the protocol changes and new types are added, revisit this 134| | * assumption */ 135| 4.94k| if ( !ses.authstate.authdone && type > MAX_UNAUTH_PACKET_TYPE ) { ------------------ | | 38| 4.94k|#define MAX_UNAUTH_PACKET_TYPE SSH_MSG_USERAUTH_PK_OK | | ------------------ | | | | 52| 4.94k|#define SSH_MSG_USERAUTH_PK_OK 60 | | ------------------ ------------------ | Branch (135:7): [True: 4.94k, False: 0] | Branch (135:34): [True: 0, False: 4.94k] ------------------ 136| 0| dropbear_exit("Received message %d before userauth", type); 137| 0| } 138| | 139| 31.7k| for (i = 0; ; i++) { 140| 31.7k| if (ses.packettypes[i].type == 0) { ------------------ | Branch (140:7): [True: 0, False: 31.7k] ------------------ 141| | /* end of list */ 142| 0| break; 143| 0| } 144| | 145| 31.7k| if (ses.packettypes[i].type == type) { ------------------ | Branch (145:7): [True: 4.94k, False: 26.8k] ------------------ 146| 4.94k| ses.packettypes[i].handler(); 147| 4.94k| goto out; 148| 4.94k| } 149| 31.7k| } 150| | 151| | 152| | /* TODO do something more here? */ 153| 0| TRACE(("preauth unknown packet")) 154| 0| recv_unimplemented(); 155| | 156| 19.4k|out: 157| 19.4k| ses.lastpacket = type; 158| 19.4k| buf_free(ses.payload); 159| 19.4k| ses.payload = NULL; 160| | 161| 19.4k| TRACE2(("leave process_packet")) 162| 19.4k|} process-packet.c:recv_unimplemented: 170| 15.8k|static void recv_unimplemented() { 171| | 172| 15.8k| CHECKCLEARTOWRITE(); 173| | 174| 15.8k| buf_putbyte(ses.writepayload, SSH_MSG_UNIMPLEMENTED); ------------------ | | 31| 15.8k|#define SSH_MSG_UNIMPLEMENTED 3 ------------------ 175| | /* the decryption routine increments the sequence number, we must 176| | * decrement */ 177| 15.8k| buf_putint(ses.writepayload, ses.recvseq - 1); 178| | 179| 15.8k| encrypt_packet(); 180| 15.8k|} initqueue: 29| 3.51k|void initqueue(struct Queue* queue) { 30| | 31| 3.51k| queue->head = NULL; 32| 3.51k| queue->tail = NULL; 33| 3.51k| queue->count = 0; 34| 3.51k|} isempty: 36| 315k|int isempty(const struct Queue* queue) { 37| | 38| 315k| return (queue->head == NULL); 39| 315k|} dequeue: 41| 28.7k|void* dequeue(struct Queue* queue) { 42| | 43| 28.7k| void* ret; 44| 28.7k| struct Link* oldhead; 45| 28.7k| dropbear_assert(!isempty(queue)); ------------------ | | 83| 28.7k|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (83:37): [True: 0, False: 28.7k] | | | Branch (83:93): [Folded - Ignored] | | ------------------ ------------------ 46| | 47| 28.7k| ret = queue->head->item; 48| 28.7k| oldhead = queue->head; 49| | 50| 28.7k| if (oldhead->link != NULL) { ------------------ | Branch (50:6): [True: 7.03k, False: 21.7k] ------------------ 51| 7.03k| queue->head = oldhead->link; 52| 21.7k| } else { 53| 21.7k| queue->head = NULL; 54| 21.7k| queue->tail = NULL; 55| 21.7k| TRACE(("empty queue dequeing")) 56| 21.7k| } 57| | 58| 28.7k| m_free(oldhead); ------------------ | | 24| 28.7k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 59| 28.7k| queue->count--; 60| 28.7k| return ret; 61| 28.7k|} examine: 63| 28.7k|void *examine(const struct Queue* queue) { 64| | 65| 28.7k| dropbear_assert(!isempty(queue)); ------------------ | | 83| 28.7k|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (83:37): [True: 0, False: 28.7k] | | | Branch (83:93): [Folded - Ignored] | | ------------------ ------------------ 66| 28.7k| return queue->head->item; 67| 28.7k|} enqueue: 69| 28.7k|void enqueue(struct Queue* queue, void* item) { 70| | 71| 28.7k| struct Link* newlink; 72| | 73| 28.7k| newlink = (struct Link*)m_malloc(sizeof(struct Link)); 74| | 75| 28.7k| newlink->item = item; 76| 28.7k| newlink->link = NULL; 77| | 78| 28.7k| if (queue->tail != NULL) { ------------------ | Branch (78:6): [True: 7.03k, False: 21.7k] ------------------ 79| 7.03k| queue->tail->link = newlink; 80| 7.03k| } 81| 28.7k| queue->tail = newlink; 82| | 83| 28.7k| if (queue->head == NULL) { ------------------ | Branch (83:6): [True: 21.7k, False: 7.03k] ------------------ 84| 21.7k| queue->head = newlink; 85| 21.7k| } 86| 28.7k| queue->count++; 87| 28.7k|} buf_get_rsa_pub_key: 53| 1.04k|int buf_get_rsa_pub_key(buffer* buf, dropbear_rsa_key *key) { 54| | 55| 1.04k| int ret = DROPBEAR_FAILURE; ------------------ | | 103| 1.04k|#define DROPBEAR_FAILURE -1 ------------------ 56| 1.04k| TRACE(("enter buf_get_rsa_pub_key")) 57| 1.04k| dropbear_assert(key != NULL); ------------------ | | 83| 1.04k|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (83:37): [True: 0, False: 1.04k] | | | Branch (83:93): [Folded - Ignored] | | ------------------ ------------------ 58| 1.04k| m_mp_alloc_init_multi(&key->e, &key->n, NULL); 59| 1.04k| key->d = NULL; 60| 1.04k| key->p = NULL; 61| 1.04k| key->q = NULL; 62| | 63| 1.04k| buf_incrpos(buf, 4+SSH_SIGNKEY_RSA_LEN); /* int + "ssh-rsa" */ ------------------ | | 113| 1.04k|#define SSH_SIGNKEY_RSA_LEN 7 ------------------ 64| | 65| 1.04k| if (buf_getmpint(buf, key->e) == DROPBEAR_FAILURE ------------------ | | 103| 2.09k|#define DROPBEAR_FAILURE -1 ------------------ | Branch (65:6): [True: 12, False: 1.03k] ------------------ 66| 1.04k| || buf_getmpint(buf, key->n) == DROPBEAR_FAILURE) { ------------------ | | 103| 1.03k|#define DROPBEAR_FAILURE -1 ------------------ | Branch (66:6): [True: 10, False: 1.02k] ------------------ 67| 10| TRACE(("leave buf_get_rsa_pub_key: failure")) 68| 10| goto out; 69| 10| } 70| | 71| 1.03k| if (mp_count_bits(key->n) < MIN_RSA_KEYLEN) { ------------------ | | 65| 1.03k|#define MIN_RSA_KEYLEN 1024 ------------------ | Branch (71:6): [True: 41, False: 997] ------------------ 72| 41| dropbear_log(LOG_WARNING, "RSA key too short"); 73| 41| goto out; 74| 41| } 75| | 76| | /* 64 bit is limit used by openssl, so we won't block any keys in the wild */ 77| 997| if (mp_count_bits(key->e) > 64) { ------------------ | Branch (77:6): [True: 6, False: 991] ------------------ 78| 6| dropbear_log(LOG_WARNING, "RSA key bad e"); 79| 6| goto out; 80| 6| } 81| | 82| 991| TRACE(("leave buf_get_rsa_pub_key: success")) 83| 991| ret = DROPBEAR_SUCCESS; ------------------ | | 102| 991|#define DROPBEAR_SUCCESS 0 ------------------ 84| 1.03k|out: 85| 1.03k| if (ret == DROPBEAR_FAILURE) { ------------------ | | 103| 1.03k|#define DROPBEAR_FAILURE -1 ------------------ | Branch (85:6): [True: 57, False: 979] ------------------ 86| 57| m_mp_free_multi(&key->e, &key->n, NULL); 87| 57| } 88| 1.03k| return ret; 89| 991|} rsa_key_free: 142| 1.10k|void rsa_key_free(dropbear_rsa_key *key) { 143| | 144| 1.10k| TRACE2(("enter rsa_key_free")) 145| | 146| 1.10k| if (key == NULL) { ------------------ | Branch (146:6): [True: 1.04k, False: 57] ------------------ 147| 1.04k| TRACE2(("leave rsa_key_free: key == NULL")) 148| 1.04k| return; 149| 1.04k| } 150| 57| m_mp_free_multi(&key->d, &key->e, &key->p, &key->q, &key->n, NULL); 151| 57| m_free(key); ------------------ | | 24| 57|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 152| 57| TRACE2(("leave rsa_key_free")) 153| 57|} buf_put_rsa_pub_key: 161| 927|void buf_put_rsa_pub_key(buffer* buf, const dropbear_rsa_key *key) { 162| | 163| 927| TRACE(("enter buf_put_rsa_pub_key")) 164| 927| dropbear_assert(key != NULL); ------------------ | | 83| 927|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (83:37): [True: 0, False: 927] | | | Branch (83:93): [Folded - Ignored] | | ------------------ ------------------ 165| | 166| 927| buf_putstring(buf, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN); ------------------ | | 112| 927|#define SSH_SIGNKEY_RSA "ssh-rsa" ------------------ buf_putstring(buf, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN); ------------------ | | 113| 927|#define SSH_SIGNKEY_RSA_LEN 7 ------------------ 167| 927| buf_putmpint(buf, key->e); 168| 927| buf_putmpint(buf, key->n); 169| | 170| 927| TRACE(("leave buf_put_rsa_pub_key")) 171| | 172| 927|} buf_rsa_verify: 200| 679| enum signature_type sigtype, const buffer *data_buf) { 201| 679| unsigned int slen; 202| 679| DEF_MP_INT(rsa_s); ------------------ | | 80| 679|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 203| 679| DEF_MP_INT(rsa_mdash); ------------------ | | 80| 679|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 204| 679| DEF_MP_INT(rsa_em); ------------------ | | 80| 679|#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} ------------------ 205| 679| int ret = DROPBEAR_FAILURE; ------------------ | | 103| 679|#define DROPBEAR_FAILURE -1 ------------------ 206| | 207| 679| TRACE(("enter buf_rsa_verify")) 208| | 209| 679| dropbear_assert(key != NULL); ------------------ | | 83| 679|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (83:37): [True: 0, False: 679] | | | Branch (83:93): [Folded - Ignored] | | ------------------ ------------------ 210| | 211| 679| m_mp_init_multi(&rsa_mdash, &rsa_s, &rsa_em, NULL); 212| | 213| 679| slen = buf_getint(buf); 214| 679| if (slen != (unsigned int)mp_ubin_size(key->n)) { ------------------ | Branch (214:6): [True: 54, False: 625] ------------------ 215| 54| TRACE(("bad size")) 216| 54| goto out; 217| 54| } 218| | 219| 625| if (mp_from_ubin(&rsa_s, buf_getptr(buf, buf->len - buf->pos), ------------------ | Branch (219:6): [True: 0, False: 625] ------------------ 220| 625| buf->len - buf->pos) != MP_OKAY) { ------------------ | | 161| 625|#define MP_OKAY 0 /* no error */ ------------------ 221| 0| TRACE(("failed reading rsa_s")) 222| 0| goto out; 223| 0| } 224| | 225| | /* check that s <= n-1 */ 226| 625| if (mp_cmp(&rsa_s, key->n) != MP_LT) { ------------------ | | 154| 625|#define MP_LT -1 /* less than */ ------------------ | Branch (226:6): [True: 34, False: 591] ------------------ 227| 34| TRACE(("s > n-1")) 228| 34| goto out; 229| 34| } 230| | 231| | /* create the magic PKCS padded value */ 232| 591| rsa_pad_em(key, data_buf, &rsa_em, sigtype); 233| | 234| 591| if (mp_exptmod(&rsa_s, key->e, key->n, &rsa_mdash) != MP_OKAY) { ------------------ | | 161| 591|#define MP_OKAY 0 /* no error */ ------------------ | Branch (234:6): [True: 0, False: 591] ------------------ 235| 0| TRACE(("failed exptmod rsa_s")) 236| 0| goto out; 237| 0| } 238| | 239| 591| if (mp_cmp(&rsa_em, &rsa_mdash) == MP_EQ) { ------------------ | | 155| 591|#define MP_EQ 0 /* equal to */ ------------------ | Branch (239:6): [True: 0, False: 591] ------------------ 240| | /* signature is valid */ 241| 0| TRACE(("success!")) 242| 0| ret = DROPBEAR_SUCCESS; ------------------ | | 102| 0|#define DROPBEAR_SUCCESS 0 ------------------ 243| 0| } 244| | 245| 678|out: 246| 678| mp_clear_multi(&rsa_mdash, &rsa_s, &rsa_em, NULL); 247| 678| TRACE(("leave buf_rsa_verify: ret %d", ret)) 248| 678| return ret; 249| 591|} rsa.c:rsa_pad_em: 356| 590| const buffer *data_buf, mp_int * rsa_em, enum signature_type sigtype) { 357| | /* EM = 0x00 || 0x01 || PS || 0x00 || T 358| | PS is padding of 0xff to make EM the size of key->n 359| | 360| | T is the DER encoding of the hash alg (sha1 or sha256) 361| | */ 362| | 363| | /* From rfc8017 page 46 */ 364| 590|#if DROPBEAR_RSA_SHA1 365| 590| const unsigned char T_sha1[] = 366| 590| {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 367| 590| 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14}; 368| 590|#endif 369| 590|#if DROPBEAR_RSA_SHA256 370| 590| const unsigned char T_sha256[] = 371| 590| {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 372| 590| 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20}; 373| 590|#endif 374| | 375| 590| int Tlen = 0; 376| 590| const unsigned char *T = NULL; 377| 590| const struct ltc_hash_descriptor *hash_desc = NULL; 378| 590| buffer * rsa_EM = NULL; 379| 590| hash_state hs; 380| 590| unsigned int nsize; 381| | 382| 590| switch (sigtype) { 383| 0|#if DROPBEAR_RSA_SHA1 384| 590| case DROPBEAR_SIGNATURE_RSA_SHA1: ------------------ | Branch (384:3): [True: 590, False: 0] ------------------ 385| 590| Tlen = sizeof(T_sha1); 386| 590| T = T_sha1; 387| 590| hash_desc = &sha1_desc; 388| 590| break; 389| 0|#endif 390| 0|#if DROPBEAR_RSA_SHA256 391| 0| case DROPBEAR_SIGNATURE_RSA_SHA256: ------------------ | Branch (391:3): [True: 0, False: 590] ------------------ 392| 0| Tlen = sizeof(T_sha256); 393| 0| T = T_sha256; 394| 0| hash_desc = &sha256_desc; 395| 0| break; 396| 0|#endif 397| 0| default: ------------------ | Branch (397:3): [True: 0, False: 590] ------------------ 398| 0| assert(0); 399| 590| } 400| | 401| | 402| 590| nsize = mp_ubin_size(key->n); 403| | 404| 590| rsa_EM = buf_new(nsize); 405| | /* type byte */ 406| 590| buf_putbyte(rsa_EM, 0x00); 407| 590| buf_putbyte(rsa_EM, 0x01); 408| | /* Padding with PS 0xFF bytes */ 409| 57.1k| while(rsa_EM->pos != rsa_EM->size - (1 + Tlen + hash_desc->hashsize)) { ------------------ | Branch (409:8): [True: 56.5k, False: 590] ------------------ 410| 56.5k| buf_putbyte(rsa_EM, 0xff); 411| 56.5k| } 412| 590| buf_putbyte(rsa_EM, 0x00); 413| | /* Magic ASN1 stuff */ 414| 590| buf_putbytes(rsa_EM, T, Tlen); 415| | 416| | /* The hash of the data */ 417| 590| hash_desc->init(&hs); 418| 590| hash_desc->process(&hs, data_buf->data, data_buf->len); 419| 590| hash_desc->done(&hs, buf_getwriteptr(rsa_EM, hash_desc->hashsize)); 420| 590| buf_incrwritepos(rsa_EM, hash_desc->hashsize); 421| | 422| 590| dropbear_assert(rsa_EM->pos == rsa_EM->size); ------------------ | | 83| 590|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (83:37): [True: 0, False: 590] | | | Branch (83:93): [Folded - Ignored] | | ------------------ ------------------ 423| | 424| | /* Create the mp_int from the encoded bytes */ 425| 590| buf_setpos(rsa_EM, 0); 426| 590| bytes_to_mp(rsa_em, buf_getptr(rsa_EM, rsa_EM->size), 427| 590| rsa_EM->size); 428| 590| buf_free(rsa_EM); 429| 590|} new_sign_key: 62| 2.10k|sign_key * new_sign_key() { 63| | 64| 2.10k| sign_key * ret; 65| | 66| 2.10k| ret = (sign_key*)m_malloc(sizeof(sign_key)); 67| 2.10k| ret->type = DROPBEAR_SIGNKEY_NONE; 68| 2.10k| ret->source = SIGNKEY_SOURCE_INVALID; 69| 2.10k| return ret; 70| 2.10k|} signkey_type_from_name: 86| 2.80k|enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen) { 87| 2.80k| int i; 88| 11.0k| for (i = 0; i < DROPBEAR_SIGNKEY_NUM_NAMED; i++) { ------------------ | Branch (88:14): [True: 10.8k, False: 166] ------------------ 89| 10.8k| const char *fixed_name = signkey_names[i]; 90| 10.8k| if (namelen == strlen(fixed_name) ------------------ | Branch (90:7): [True: 3.76k, False: 7.07k] ------------------ 91| 10.8k| && memcmp(fixed_name, name, namelen) == 0) { ------------------ | Branch (91:7): [True: 2.63k, False: 1.13k] ------------------ 92| | 93| 2.63k|#if DROPBEAR_ECDSA 94| | /* Some of the ECDSA key sizes are defined even if they're not compiled in */ 95| 2.63k| if (0 ------------------ | Branch (95:8): [Folded - Ignored] ------------------ 96| |#if !DROPBEAR_ECC_256 97| | || i == DROPBEAR_SIGNKEY_ECDSA_NISTP256 98| |#endif 99| |#if !DROPBEAR_ECC_384 100| | || i == DROPBEAR_SIGNKEY_ECDSA_NISTP384 101| |#endif 102| |#if !DROPBEAR_ECC_521 103| | || i == DROPBEAR_SIGNKEY_ECDSA_NISTP521 104| |#endif 105| 2.63k| ) { 106| 0| TRACE(("attempt to use ecdsa type %d not compiled in", i)) 107| 0| return DROPBEAR_SIGNKEY_NONE; 108| 0| } 109| 2.63k|#endif 110| | 111| 2.63k| return (enum signkey_type)i; 112| 2.63k| } 113| 10.8k| } 114| | 115| 166| TRACE(("signkey_type_from_name unexpected key type.")) 116| | 117| 166| return DROPBEAR_SIGNKEY_NONE; 118| 2.80k|} signature_type_from_name: 145| 1.04k|enum signature_type signature_type_from_name(const char* name, unsigned int namelen) { 146| 1.04k|#if DROPBEAR_RSA 147| 1.04k|#if DROPBEAR_RSA_SHA256 148| 1.04k| if (namelen == strlen(SSH_SIGNATURE_RSA_SHA256) ------------------ | | 117| 1.04k|#define SSH_SIGNATURE_RSA_SHA256 "rsa-sha2-256" ------------------ | Branch (148:6): [True: 19, False: 1.03k] ------------------ 149| 1.04k| && memcmp(name, SSH_SIGNATURE_RSA_SHA256, namelen) == 0) { ------------------ | | 117| 19|#define SSH_SIGNATURE_RSA_SHA256 "rsa-sha2-256" ------------------ | Branch (149:6): [True: 3, False: 16] ------------------ 150| 3| return DROPBEAR_SIGNATURE_RSA_SHA256; 151| 3| } 152| 1.04k|#endif 153| 1.04k|#if DROPBEAR_RSA_SHA1 154| 1.04k| if (namelen == strlen(SSH_SIGNKEY_RSA) ------------------ | | 112| 1.04k|#define SSH_SIGNKEY_RSA "ssh-rsa" ------------------ | Branch (154:6): [True: 818, False: 228] ------------------ 155| 1.04k| && memcmp(name, SSH_SIGNKEY_RSA, namelen) == 0) { ------------------ | | 112| 818|#define SSH_SIGNKEY_RSA "ssh-rsa" ------------------ | Branch (155:6): [True: 679, False: 139] ------------------ 156| 679| return DROPBEAR_SIGNATURE_RSA_SHA1; 157| 679| } 158| 367|#endif 159| 367|#endif /* DROPBEAR_RSA */ 160| 367| return (enum signature_type)signkey_type_from_name(name, namelen); 161| 1.04k|} signkey_type_from_signature: 173| 7.08k|enum signkey_type signkey_type_from_signature(enum signature_type sigtype) { 174| 7.08k|#if DROPBEAR_RSA 175| 7.08k|#if DROPBEAR_RSA_SHA256 176| 7.08k| if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA256) { ------------------ | Branch (176:6): [True: 31, False: 7.05k] ------------------ 177| 31| return DROPBEAR_SIGNKEY_RSA; 178| 31| } 179| 7.05k|#endif 180| 7.05k|#if DROPBEAR_RSA_SHA1 181| 7.05k| if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA1) { ------------------ | Branch (181:6): [True: 1.88k, False: 5.17k] ------------------ 182| 1.88k| return DROPBEAR_SIGNKEY_RSA; 183| 1.88k| } 184| 5.17k|#endif 185| 5.17k|#endif /* DROPBEAR_RSA */ 186| 5.17k| assert((int)sigtype < (int)DROPBEAR_SIGNKEY_NUM_NAMED); 187| 5.17k| return (enum signkey_type)sigtype; 188| 5.17k|} signkey_key_ptr: 193| 346|signkey_key_ptr(sign_key *key, enum signkey_type type) { 194| 346| switch (type) { 195| 0|#if DROPBEAR_ED25519 196| 0| case DROPBEAR_SIGNKEY_ED25519: ------------------ | Branch (196:3): [True: 0, False: 346] ------------------ 197| 0|#if DROPBEAR_SK_ED25519 198| 0| case DROPBEAR_SIGNKEY_SK_ED25519: ------------------ | Branch (198:3): [True: 0, False: 346] ------------------ 199| 0|#endif 200| 0| return (void**)&key->ed25519key; 201| 0|#endif 202| 0|#if DROPBEAR_ECDSA 203| 0|#if DROPBEAR_ECC_256 204| 7| case DROPBEAR_SIGNKEY_ECDSA_NISTP256: ------------------ | Branch (204:3): [True: 7, False: 339] ------------------ 205| 7|#if DROPBEAR_SK_ECDSA 206| 7| case DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256: ------------------ | Branch (206:3): [True: 0, False: 346] ------------------ 207| 7|#endif 208| 7| return (void**)&key->ecckey256; 209| 0|#endif 210| 0|#if DROPBEAR_ECC_384 211| 2| case DROPBEAR_SIGNKEY_ECDSA_NISTP384: ------------------ | Branch (211:3): [True: 2, False: 344] ------------------ 212| 2| return (void**)&key->ecckey384; 213| 0|#endif 214| 0|#if DROPBEAR_ECC_521 215| 337| case DROPBEAR_SIGNKEY_ECDSA_NISTP521: ------------------ | Branch (215:3): [True: 337, False: 9] ------------------ 216| 337| return (void**)&key->ecckey521; 217| 0|#endif 218| 0|#endif /* DROPBEAR_ECDSA */ 219| 0|#if DROPBEAR_RSA 220| 0| case DROPBEAR_SIGNKEY_RSA: ------------------ | Branch (220:3): [True: 0, False: 346] ------------------ 221| 0| return (void**)&key->rsakey; 222| 0|#endif 223| 0|#if DROPBEAR_DSS 224| 0| case DROPBEAR_SIGNKEY_DSS: ------------------ | Branch (224:3): [True: 0, False: 346] ------------------ 225| 0| return (void**)&key->dsskey; 226| 0|#endif 227| 0| default: ------------------ | Branch (227:3): [True: 0, False: 346] ------------------ 228| 0| return NULL; 229| 346| } 230| 346|} buf_get_pub_key: 235| 2.01k|int buf_get_pub_key(buffer *buf, sign_key *key, enum signkey_type *type) { 236| | 237| 2.01k| char *ident; 238| 2.01k| unsigned int len; 239| 2.01k| enum signkey_type keytype; 240| 2.01k| int ret = DROPBEAR_FAILURE; ------------------ | | 103| 2.01k|#define DROPBEAR_FAILURE -1 ------------------ 241| | 242| 2.01k| TRACE2(("enter buf_get_pub_key")) 243| | 244| 2.01k| ident = buf_getstring(buf, &len); 245| 2.01k| keytype = signkey_type_from_name(ident, len); 246| 2.01k| m_free(ident); ------------------ | | 24| 2.01k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 247| | 248| 2.01k| if (*type != DROPBEAR_SIGNKEY_ANY && *type != keytype) { ------------------ | Branch (248:6): [True: 2.01k, False: 1] | Branch (248:39): [True: 104, False: 1.91k] ------------------ 249| 104| TRACE(("buf_get_pub_key bad type - got %d, expected %d", keytype, *type)) 250| 104| return DROPBEAR_FAILURE; ------------------ | | 103| 104|#define DROPBEAR_FAILURE -1 ------------------ 251| 104| } 252| | 253| 1.91k| TRACE2(("buf_get_pub_key keytype is %d", keytype)) 254| | 255| 1.91k| *type = keytype; 256| | 257| | /* Rewind the buffer back before "ssh-rsa" etc */ 258| 1.91k| buf_decrpos(buf, len + 4); 259| | 260| 1.91k|#if DROPBEAR_DSS 261| 1.91k| if (keytype == DROPBEAR_SIGNKEY_DSS) { ------------------ | Branch (261:6): [True: 296, False: 1.61k] ------------------ 262| 296| dss_key_free(key->dsskey); 263| 296| key->dsskey = m_malloc(sizeof(*key->dsskey)); 264| 296| ret = buf_get_dss_pub_key(buf, key->dsskey); 265| 296| if (ret == DROPBEAR_FAILURE) { ------------------ | | 103| 296|#define DROPBEAR_FAILURE -1 ------------------ | Branch (265:7): [True: 113, False: 183] ------------------ 266| 113| dss_key_free(key->dsskey); 267| 113| key->dsskey = NULL; 268| 113| } 269| 296| } 270| 1.91k|#endif 271| 1.91k|#if DROPBEAR_RSA 272| 1.91k| if (keytype == DROPBEAR_SIGNKEY_RSA) { ------------------ | Branch (272:6): [True: 1.04k, False: 867] ------------------ 273| 1.04k| rsa_key_free(key->rsakey); 274| 1.04k| key->rsakey = m_malloc(sizeof(*key->rsakey)); 275| 1.04k| ret = buf_get_rsa_pub_key(buf, key->rsakey); 276| 1.04k| if (ret == DROPBEAR_FAILURE) { ------------------ | | 103| 1.04k|#define DROPBEAR_FAILURE -1 ------------------ | Branch (276:7): [True: 57, False: 991] ------------------ 277| 57| rsa_key_free(key->rsakey); 278| 57| key->rsakey = NULL; 279| 57| } 280| 1.04k| } 281| 1.91k|#endif 282| 1.91k|#if DROPBEAR_ECDSA 283| 1.91k| if (signkey_is_ecdsa(keytype) ------------------ | Branch (283:6): [True: 206, False: 1.70k] ------------------ 284| 1.91k|#if DROPBEAR_SK_ECDSA 285| 1.91k| || keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256 ------------------ | Branch (285:6): [True: 0, False: 1.70k] ------------------ 286| 1.91k|#endif 287| 1.91k| ) { 288| 151| ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype); 289| 151| if (eck) { ------------------ | Branch (289:7): [True: 151, False: 0] ------------------ 290| 151| if (*eck) { ------------------ | Branch (290:8): [True: 0, False: 151] ------------------ 291| 0| ecc_free(*eck); 292| 0| m_free(*eck); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 293| 0| *eck = NULL; 294| 0| } 295| 151| *eck = buf_get_ecdsa_pub_key(buf); 296| 151| if (*eck) { ------------------ | Branch (296:8): [True: 102, False: 49] ------------------ 297| 102| ret = DROPBEAR_SUCCESS; ------------------ | | 102| 102|#define DROPBEAR_SUCCESS 0 ------------------ 298| 102| } 299| 151| } 300| 151| } 301| 1.91k|#endif 302| 1.91k|#if DROPBEAR_ED25519 303| 1.91k| if (keytype == DROPBEAR_SIGNKEY_ED25519 ------------------ | Branch (303:6): [True: 478, False: 1.43k] ------------------ 304| 1.91k|#if DROPBEAR_SK_ED25519 305| 1.91k| || keytype == DROPBEAR_SIGNKEY_SK_ED25519 ------------------ | Branch (305:6): [True: 0, False: 1.43k] ------------------ 306| 1.91k|#endif 307| 1.91k| ) { 308| 419| ed25519_key_free(key->ed25519key); 309| 419| key->ed25519key = m_malloc(sizeof(*key->ed25519key)); 310| 419| ret = buf_get_ed25519_pub_key(buf, key->ed25519key, keytype); 311| 419| if (ret == DROPBEAR_FAILURE) { ------------------ | | 103| 419|#define DROPBEAR_FAILURE -1 ------------------ | Branch (311:7): [True: 40, False: 379] ------------------ 312| 40| m_free(key->ed25519key); ------------------ | | 24| 40|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 313| 40| key->ed25519key = NULL; 314| 40| } 315| 419| } 316| 1.91k|#endif 317| | 318| 1.91k|#if DROPBEAR_SK_ECDSA || DROPBEAR_SK_ED25519 319| 1.91k| if (0 ------------------ | Branch (319:6): [Folded - Ignored] ------------------ 320| 1.91k|#if DROPBEAR_SK_ED25519 321| 1.91k| || keytype == DROPBEAR_SIGNKEY_SK_ED25519 ------------------ | Branch (321:6): [True: 0, False: 1.85k] ------------------ 322| 1.91k|#endif 323| 1.91k|#if DROPBEAR_SK_ECDSA 324| 1.91k| || keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256 ------------------ | Branch (324:6): [True: 0, False: 1.85k] ------------------ 325| 1.91k|#endif 326| 1.91k| ) { 327| 0| key->sk_app = buf_getstring(buf, &key->sk_applen); 328| 0| } 329| 1.91k|#endif 330| | 331| 1.91k| TRACE2(("leave buf_get_pub_key")) 332| | 333| 1.91k| return ret; 334| 2.01k|} buf_get_priv_key: 339| 1|int buf_get_priv_key(buffer *buf, sign_key *key, enum signkey_type *type) { 340| | 341| 1| char *ident; 342| 1| unsigned int len; 343| 1| enum signkey_type keytype; 344| 1| int ret = DROPBEAR_FAILURE; ------------------ | | 103| 1|#define DROPBEAR_FAILURE -1 ------------------ 345| | 346| 1| TRACE2(("enter buf_get_priv_key")) 347| | 348| 1| ident = buf_getstring(buf, &len); 349| 1| keytype = signkey_type_from_name(ident, len); 350| 1| m_free(ident); ------------------ | | 24| 1|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 351| | 352| 1| if (*type != DROPBEAR_SIGNKEY_ANY && *type != keytype) { ------------------ | Branch (352:6): [True: 0, False: 1] | Branch (352:39): [True: 0, False: 0] ------------------ 353| 0| TRACE(("wrong key type: %d %d", *type, keytype)) 354| 0| return DROPBEAR_FAILURE; ------------------ | | 103| 0|#define DROPBEAR_FAILURE -1 ------------------ 355| 0| } 356| | 357| 1| *type = keytype; 358| | 359| | /* Rewind the buffer back before "ssh-rsa" etc */ 360| 1| buf_decrpos(buf, len + 4); 361| | 362| 1|#if DROPBEAR_DSS 363| 1| if (keytype == DROPBEAR_SIGNKEY_DSS) { ------------------ | Branch (363:6): [True: 0, False: 1] ------------------ 364| 0| dss_key_free(key->dsskey); 365| 0| key->dsskey = m_malloc(sizeof(*key->dsskey)); 366| 0| ret = buf_get_dss_priv_key(buf, key->dsskey); 367| 0| if (ret == DROPBEAR_FAILURE) { ------------------ | | 103| 0|#define DROPBEAR_FAILURE -1 ------------------ | Branch (367:7): [True: 0, False: 0] ------------------ 368| 0| dss_key_free(key->dsskey); 369| 0| key->dsskey = NULL; 370| 0| } 371| 0| } 372| 1|#endif 373| 1|#if DROPBEAR_RSA 374| 1| if (keytype == DROPBEAR_SIGNKEY_RSA) { ------------------ | Branch (374:6): [True: 0, False: 1] ------------------ 375| 0| rsa_key_free(key->rsakey); 376| 0| key->rsakey = m_malloc(sizeof(*key->rsakey)); 377| 0| ret = buf_get_rsa_priv_key(buf, key->rsakey); 378| 0| if (ret == DROPBEAR_FAILURE) { ------------------ | | 103| 0|#define DROPBEAR_FAILURE -1 ------------------ | Branch (378:7): [True: 0, False: 0] ------------------ 379| 0| rsa_key_free(key->rsakey); 380| 0| key->rsakey = NULL; 381| 0| } 382| 0| } 383| 1|#endif 384| 1|#if DROPBEAR_ECDSA 385| 1| if (signkey_is_ecdsa(keytype)) { ------------------ | Branch (385:6): [True: 0, False: 1] ------------------ 386| 0| ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype); 387| 0| if (eck) { ------------------ | Branch (387:7): [True: 0, False: 0] ------------------ 388| 0| if (*eck) { ------------------ | Branch (388:8): [True: 0, False: 0] ------------------ 389| 0| ecc_free(*eck); 390| 0| m_free(*eck); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 391| 0| *eck = NULL; 392| 0| } 393| 0| *eck = buf_get_ecdsa_priv_key(buf); 394| 0| if (*eck) { ------------------ | Branch (394:8): [True: 0, False: 0] ------------------ 395| 0| ret = DROPBEAR_SUCCESS; ------------------ | | 102| 0|#define DROPBEAR_SUCCESS 0 ------------------ 396| 0| } 397| 0| } 398| 0| } 399| 1|#endif 400| 1|#if DROPBEAR_ED25519 401| 1| if (keytype == DROPBEAR_SIGNKEY_ED25519) { ------------------ | Branch (401:6): [True: 1, False: 0] ------------------ 402| 1| ed25519_key_free(key->ed25519key); 403| 1| key->ed25519key = m_malloc(sizeof(*key->ed25519key)); 404| 1| ret = buf_get_ed25519_priv_key(buf, key->ed25519key); 405| 1| if (ret == DROPBEAR_FAILURE) { ------------------ | | 103| 1|#define DROPBEAR_FAILURE -1 ------------------ | Branch (405:7): [True: 0, False: 1] ------------------ 406| 0| m_free(key->ed25519key); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 407| 0| key->ed25519key = NULL; 408| 0| } 409| 1| } 410| 1|#endif 411| | 412| 1| TRACE2(("leave buf_get_priv_key")) 413| | 414| 1| return ret; 415| | 416| 1|} buf_put_pub_key: 419| 1.44k|void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type) { 420| | 421| 1.44k| buffer *pubkeys; 422| | 423| 1.44k| TRACE2(("enter buf_put_pub_key")) 424| 1.44k| pubkeys = buf_new(MAX_PUBKEY_SIZE); ------------------ | | 232| 1.44k|#define MAX_PUBKEY_SIZE 1700 ------------------ 425| | 426| 1.44k|#if DROPBEAR_DSS 427| 1.44k| if (type == DROPBEAR_SIGNKEY_DSS) { ------------------ | Branch (427:6): [True: 137, False: 1.30k] ------------------ 428| 137| buf_put_dss_pub_key(pubkeys, key->dsskey); 429| 137| } 430| 1.44k|#endif 431| 1.44k|#if DROPBEAR_RSA 432| 1.44k| if (type == DROPBEAR_SIGNKEY_RSA) { ------------------ | Branch (432:6): [True: 927, False: 519] ------------------ 433| 927| buf_put_rsa_pub_key(pubkeys, key->rsakey); 434| 927| } 435| 1.44k|#endif 436| 1.44k|#if DROPBEAR_ECDSA 437| 1.44k| if (signkey_is_ecdsa(type)) { ------------------ | Branch (437:6): [True: 100, False: 1.34k] ------------------ 438| 100| ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type); 439| 100| if (eck && *eck) { ------------------ | Branch (439:7): [True: 100, False: 0] | Branch (439:14): [True: 100, False: 0] ------------------ 440| 100| buf_put_ecdsa_pub_key(pubkeys, *eck); 441| 100| } 442| 100| } 443| 1.44k|#endif 444| 1.44k|#if DROPBEAR_ED25519 445| 1.44k| if (type == DROPBEAR_SIGNKEY_ED25519 ------------------ | Branch (445:6): [True: 282, False: 1.16k] ------------------ 446| 1.44k|#if DROPBEAR_SK_ED25519 447| 1.44k| || type == DROPBEAR_SIGNKEY_SK_ED25519 ------------------ | Branch (447:6): [True: 0, False: 1.16k] ------------------ 448| 1.44k|#endif 449| 1.44k| ) { 450| 282| buf_put_ed25519_pub_key(pubkeys, key->ed25519key); 451| 282| } 452| 1.44k|#endif 453| 1.44k| if (pubkeys->len == 0) { ------------------ | Branch (453:6): [True: 0, False: 1.44k] ------------------ 454| 0| dropbear_exit("Bad key types in buf_put_pub_key"); 455| 0| } 456| | 457| 1.44k| buf_putbufstring(buf, pubkeys); 458| 1.44k| buf_free(pubkeys); 459| 1.44k| TRACE2(("leave buf_put_pub_key")) 460| 1.44k|} sign_key_free: 502| 1|void sign_key_free(sign_key *key) { 503| | 504| 1| TRACE2(("enter sign_key_free")) 505| | 506| 1|#if DROPBEAR_DSS 507| 1| dss_key_free(key->dsskey); 508| 1| key->dsskey = NULL; 509| 1|#endif 510| 1|#if DROPBEAR_RSA 511| 1| rsa_key_free(key->rsakey); 512| 1| key->rsakey = NULL; 513| 1|#endif 514| 1|#if DROPBEAR_ECDSA 515| 1|#if DROPBEAR_ECC_256 516| 1| if (key->ecckey256) { ------------------ | Branch (516:6): [True: 0, False: 1] ------------------ 517| 0| ecc_free(key->ecckey256); 518| 0| m_free(key->ecckey256); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 519| 0| key->ecckey256 = NULL; 520| 0| } 521| 1|#endif 522| 1|#if DROPBEAR_ECC_384 523| 1| if (key->ecckey384) { ------------------ | Branch (523:6): [True: 0, False: 1] ------------------ 524| 0| ecc_free(key->ecckey384); 525| 0| m_free(key->ecckey384); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 526| 0| key->ecckey384 = NULL; 527| 0| } 528| 1|#endif 529| 1|#if DROPBEAR_ECC_521 530| 1| if (key->ecckey521) { ------------------ | Branch (530:6): [True: 0, False: 1] ------------------ 531| 0| ecc_free(key->ecckey521); 532| 0| m_free(key->ecckey521); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 533| 0| key->ecckey521 = NULL; 534| 0| } 535| 1|#endif 536| 1|#endif 537| 1|#if DROPBEAR_ED25519 538| 1| ed25519_key_free(key->ed25519key); 539| 1| key->ed25519key = NULL; 540| 1|#endif 541| | 542| 1| m_free(key->filename); ------------------ | | 24| 1|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 543| 1|#if DROPBEAR_SK_ECDSA || DROPBEAR_SK_ED25519 544| 1| if (key->sk_app) { ------------------ | Branch (544:6): [True: 0, False: 1] ------------------ 545| 0| m_free(key->sk_app); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 546| 0| } 547| 1|#endif 548| | 549| 1| m_free(key); ------------------ | | 24| 1|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 550| 1| TRACE2(("leave sign_key_free")) 551| 1|} buf_verify: 641| 1.44k|int buf_verify(buffer * buf, sign_key *key, enum signature_type expect_sigtype, const buffer *data_buf) { 642| | 643| 1.44k| char *type_name = NULL; 644| 1.44k| unsigned int type_name_len = 0; 645| 1.44k| enum signature_type sigtype; 646| 1.44k| enum signkey_type keytype; 647| | 648| 1.44k| TRACE(("enter buf_verify")) 649| | 650| 1.44k| buf_getint(buf); /* blob length */ 651| 1.44k| type_name = buf_getstring(buf, &type_name_len); 652| 1.44k| sigtype = signature_type_from_name(type_name, type_name_len); 653| 1.44k| m_free(type_name); ------------------ | | 24| 1.44k|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded - Ignored] | | ------------------ ------------------ 654| | 655| 1.44k| if (expect_sigtype != sigtype) { ------------------ | Branch (655:6): [True: 73, False: 1.37k] ------------------ 656| 73| dropbear_exit("Non-matching signing type"); 657| 73| } 658| | 659| 1.37k| keytype = signkey_type_from_signature(sigtype); 660| 1.37k|#if DROPBEAR_DSS 661| 1.37k| if (keytype == DROPBEAR_SIGNKEY_DSS) { ------------------ | Branch (661:6): [True: 131, False: 1.24k] ------------------ 662| 131| if (key->dsskey == NULL) { ------------------ | Branch (662:7): [True: 0, False: 131] ------------------ 663| 0| dropbear_exit("No DSS key to verify signature"); 664| 0| } 665| 131| return buf_dss_verify(buf, key->dsskey, data_buf); 666| 131| } 667| 1.24k|#endif 668| | 669| 1.24k|#if DROPBEAR_RSA 670| 1.24k| if (keytype == DROPBEAR_SIGNKEY_RSA) { ------------------ | Branch (670:6): [True: 679, False: 563] ------------------ 671| 679| if (key->rsakey == NULL) { ------------------ | Branch (671:7): [True: 0, False: 679] ------------------ 672| 0| dropbear_exit("No RSA key to verify signature"); 673| 0| } 674| 679| return buf_rsa_verify(buf, key->rsakey, sigtype, data_buf); 675| 679| } 676| 563|#endif 677| 563|#if DROPBEAR_ECDSA 678| 563| if (signkey_is_ecdsa(keytype)) { ------------------ | Branch (678:6): [True: 95, False: 468] ------------------ 679| 95| ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype); 680| 95| if (eck && *eck) { ------------------ | Branch (680:7): [True: 95, False: 0] | Branch (680:14): [True: 95, False: 0] ------------------ 681| 95| return buf_ecdsa_verify(buf, *eck, data_buf); 682| 95| } 683| 95| } 684| 468|#endif 685| 468|#if DROPBEAR_ED25519 686| 468| if (keytype == DROPBEAR_SIGNKEY_ED25519) { ------------------ | Branch (686:6): [True: 71, False: 397] ------------------ 687| 71| if (key->ed25519key == NULL) { ------------------ | Branch (687:7): [True: 0, False: 71] ------------------ 688| 0| dropbear_exit("No Ed25519 key to verify signature"); 689| 0| } 690| 71| return buf_ed25519_verify(buf, key->ed25519key, data_buf); 691| 71| } 692| 397|#endif 693| 397|#if DROPBEAR_SK_ECDSA 694| 397| if (keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256) { ------------------ | Branch (694:6): [True: 0, False: 397] ------------------ 695| 0| ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype); 696| 0| if (eck && *eck) { ------------------ | Branch (696:7): [True: 0, False: 0] | Branch (696:14): [True: 0, False: 0] ------------------ 697| 0| return buf_sk_ecdsa_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen, key->sk_flags_mask); 698| 0| } 699| 0| } 700| 397|#endif 701| 397|#if DROPBEAR_SK_ED25519 702| 397| if (keytype == DROPBEAR_SIGNKEY_SK_ED25519) { ------------------ | Branch (702:6): [True: 0, False: 397] ------------------ 703| 0| dropbear_ed25519_key **eck = (dropbear_ed25519_key**)signkey_key_ptr(key, keytype); 704| 0| if (eck && *eck) { ------------------ | Branch (704:7): [True: 0, False: 0] | Branch (704:14): [True: 0, False: 0] ------------------ 705| 0| return buf_sk_ed25519_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen, key->sk_flags_mask); 706| 0| } 707| 0| } 708| 397|#endif 709| | 710| 397| dropbear_exit("Non-matching signing type"); 711| 0| return DROPBEAR_FAILURE; ------------------ | | 103| 0|#define DROPBEAR_FAILURE -1 ------------------ 712| 397|}