fuzz_early_setup: 23| 2|void fuzz_early_setup(void) { 24| | /* Set stderr to point to normal stderr by default */ 25| | fuzz.fake_stderr = stderr; 26| 2|} fuzz_common_setup: 28| 4|void fuzz_common_setup(void) { 29| 4| disallow_core(); 30| 4| fuzz.fuzzing = 1; 31| 4| fuzz.wrapfds = 1; 32| 4| fuzz.do_jmp = 1; 33| 4| fuzz.input = m_malloc(sizeof(buffer)); 34| 4| _dropbear_log = fuzz_dropbear_log; 35| 4| crypto_init(); 36| 4| fuzz_seed("start", 5); 37| | /* let any messages get flushed */ 38| 4| setlinebuf(stdout); 39| |#if DEBUG_TRACE 40| | if (debug_trace) 41| | { 42| | fprintf(stderr, "Dropbear fuzzer: -v specified, not disabling stderr output\n"); 43| | } 44| | else 45| |#endif 46| 4| if (getenv("DROPBEAR_KEEP_STDERR")) { ------------------ | Branch (46:9): [True: 0, False: 4] ------------------ 47| 0| fprintf(stderr, "Dropbear fuzzer: DROPBEAR_KEEP_STDERR, not disabling stderr output\n"); 48| 0| } 49| 4| else 50| 4| { 51| 4| fprintf(stderr, "Dropbear fuzzer: Disabling stderr output\n"); 52| 4| fuzz.fake_stderr = fopen("/dev/null", "w"); 53| | assert(fuzz.fake_stderr); ------------------ | Branch (53:9): [True: 0, False: 4] | Branch (53:9): [True: 4, False: 0] ------------------ 54| 4| } 55| 4|} fuzz_set_input: 57| 159|int fuzz_set_input(const uint8_t *Data, size_t Size) { 58| | 59| 159| fuzz.input->data = (unsigned char*)Data; 60| 159| fuzz.input->size = Size; 61| 159| fuzz.input->len = Size; 62| 159| fuzz.input->pos = 0; 63| | 64| 159| memset(&ses, 0x0, sizeof(ses)); 65| 159| memset(&svr_ses, 0x0, sizeof(svr_ses)); 66| 159| memset(&cli_ses, 0x0, sizeof(cli_ses)); 67| 159| wrapfd_setup(fuzz.input); 68| | // printhex("input", fuzz.input->data, fuzz.input->len); 69| | 70| 159| fuzz_seed(fuzz.input->data, MIN(fuzz.input->len, 16)); ------------------ | Branch (70:33): [True: 80, False: 79] ------------------ 71| | 72| 159| return DROPBEAR_SUCCESS; ------------------ | | 111| 159|#define DROPBEAR_SUCCESS 0 ------------------ 73| 159|} fuzz_cli_setup: 112| 2|void fuzz_cli_setup(void) { 113| 2| fuzz_common_setup(); 114| | 115| 2| _dropbear_exit = cli_dropbear_exit; 116| 2| _dropbear_log = cli_dropbear_log; 117| | 118| 2| char *argv[] = { 119| 2| "dbclient", 120| 2| "-y", 121| 2| "localhost", 122| 2| "uptime" 123| 2| }; 124| | 125| 2| int argc = sizeof(argv) / sizeof(*argv); 126| 2| cli_getopts(argc, argv); 127| | 128| 2| load_fixed_client_key(); 129| | /* Avoid password prompt */ 130| 2| setenv(DROPBEAR_PASSWORD_ENV, "password", 1); ------------------ | | 114| 2|#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD" ------------------ 131| 2|} fuzz_get_algo: 335| 2|const void* fuzz_get_algo(const algo_type *algos, const char* name) { 336| 2| const algo_type *t; 337| 2| for (t = algos; t->name; t++) { ------------------ | Branch (337:21): [True: 2, False: 0] ------------------ 338| 2| if (strcmp(t->name, name) == 0) { ------------------ | Branch (338:13): [True: 2, False: 0] ------------------ 339| 2| return t->data; 340| 2| } 341| 2| } 342| 2| assert(0); ------------------ | Branch (342:5): [Folded, False: 0] | Branch (342:5): [Folded, False: 0] ------------------ 343| 0|} fuzz_getpwuid: 386| 2|struct passwd* fuzz_getpwuid(uid_t uid) { 387| 2| if (!fuzz.fuzzing) { ------------------ | Branch (387:9): [True: 0, False: 2] ------------------ 388| 0| return getpwuid(uid); 389| 0| } 390| 2| if (uid == pwd_other.pw_uid) { ------------------ | Branch (390:9): [True: 0, False: 2] ------------------ 391| 0| return &pwd_other; 392| 0| } 393| 2| if (uid == pwd_root.pw_uid) { ------------------ | Branch (393:9): [True: 2, False: 0] ------------------ 394| 2| return &pwd_root; 395| 2| } 396| 0| return NULL; 397| 2|} fuzz-common.c:load_fixed_client_key: 135| 2|static void load_fixed_client_key(void) { 136| | 137| 2| buffer *b = buf_new(3000); 138| 2| sign_key *key; 139| 2| enum signkey_type keytype; 140| | 141| 2| key = new_sign_key(); 142| 2| keytype = DROPBEAR_SIGNKEY_ANY; 143| 2| buf_putbytes(b, keyed25519, keyed25519_len); 144| 2| buf_setpos(b, 0); 145| 2| if (buf_get_priv_key(b, key, &keytype) == DROPBEAR_FAILURE) { ------------------ | | 112| 2|#define DROPBEAR_FAILURE -1 ------------------ | Branch (145:9): [True: 0, False: 2] ------------------ 146| 0| dropbear_exit("failed fixed ed25519 hostkey"); 147| 0| } 148| 2| list_append(cli_opts.privkeys, key); 149| | 150| 2| buf_free(b); 151| 2|} wrapfd_setup: 32| 159|void wrapfd_setup(buffer *buf) { 33| 159| TRACE(("wrapfd_setup")) 34| | 35| | // clean old ones 36| 159| int i; 37| 159| for (i = 0; i <= wrapfd_maxfd; i++) { ------------------ | Branch (37:14): [True: 0, False: 159] ------------------ 38| 0| if (wrap_fds[i].mode != UNUSED) { ------------------ | Branch (38:7): [True: 0, False: 0] ------------------ 39| 0| wrapfd_remove(i); 40| 0| } 41| 0| } 42| 159| wrapfd_maxfd = -1; 43| | 44| 159| memset(rand_state, 0x0, sizeof(rand_state)); 45| 159| wrapfd_setseed(50); 46| 159| input_buf = buf; 47| 159|} wrapfd_setseed: 49| 159|void wrapfd_setseed(uint32_t seed) { 50| 159| memcpy(rand_state, &seed, sizeof(seed)); 51| 159| nrand48(rand_state); 52| 159|} fuzzer-kexsntrup-cli.c:setup: 11| 2|static void setup() { 12| 2| fuzz_common_setup(); 13| 2| fuzz_cli_setup(); 14| | 15| 2| keep_newkeys = (struct key_context*)m_malloc(sizeof(struct key_context)); 16| 2| keep_newkeys->algo_kex = fuzz_get_algo(sshkex, "sntrup761x25519-sha512"); 17| 2|} LLVMFuzzerTestOneInput: 19| 159|int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { 20| 159| if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) { ------------------ | | 112| 159|#define DROPBEAR_FAILURE -1 ------------------ | Branch (20:6): [True: 0, False: 159] ------------------ 21| 0| return 0; 22| 0| } 23| | 24| 159| m_malloc_set_epoch(1); 25| | 26| 159| if (setjmp(fuzz.jmp) == 0) { ------------------ | Branch (26:6): [True: 159, False: 0] ------------------ 27| | /* Arbitrary key to write into a buffer */ 28| 159| sign_key *hostkey = cli_opts.privkeys->first->item; 29| 159| ses.newkeys = keep_newkeys; 30| | 31| 159| struct kex_pqhybrid_param *param = gen_kexpqhybrid_param(); 32| | 33| 159| buffer * q_s = buf_getstringbuf(fuzz.input); 34| | 35| 159| ses.kexhashbuf = buf_new(KEXHASHBUF_MAX_INTS); ------------------ | | 290| 159|#define KEXHASHBUF_MAX_INTS (MAX_PUBKEY_SIZE + MAX_KEX_PARTS) | | ------------------ | | | | 261| 159|#define MAX_PUBKEY_SIZE 600 | | ------------------ | | #define KEXHASHBUF_MAX_INTS (MAX_PUBKEY_SIZE + MAX_KEX_PARTS) | | ------------------ | | | | 274| 159|#define MAX_KEX_PARTS (2*4 + 1184 + 1088 + 32*2 + 68) | | ------------------ ------------------ 36| 159| kexpqhybrid_comb_key(param, q_s, hostkey); 37| | 38| 159| free_kexpqhybrid_param(param); 39| | 40| 159| buf_free(ses.dh_K_bytes); 41| 159| buf_free(q_s); 42| | 43| 159| buf_free(ses.hash); 44| 159| buf_free(ses.session_id); 45| | /* kexhashbuf is freed in kexpqhybrid_comb_key */ 46| | 47| 159| m_malloc_free_epoch(1, 0); 48| 159| } else { 49| 0| m_malloc_free_epoch(1, 1); 50| 0| TRACE(("dropbear_exit longjmped")) 51| | /* dropbear_exit jumped here */ 52| 0| } 53| | 54| 159| return 0; 55| 159|} sha256_init: 205| 243k|{ 206| 243k| LTC_ARGCHK(md != NULL); ------------------ | | 32| 243k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 243k] | | | Branch (32:87): [Folded, False: 243k] | | ------------------ ------------------ 207| | 208| 243k| md->sha256.curlen = 0; 209| 243k| md->sha256.length = 0; 210| 243k| md->sha256.state[0] = 0x6A09E667UL; 211| 243k| md->sha256.state[1] = 0xBB67AE85UL; 212| 243k| md->sha256.state[2] = 0x3C6EF372UL; 213| 243k| md->sha256.state[3] = 0xA54FF53AUL; 214| 243k| md->sha256.state[4] = 0x510E527FUL; 215| 243k| md->sha256.state[5] = 0x9B05688CUL; 216| 243k| md->sha256.state[6] = 0x1F83D9ABUL; 217| 243k| md->sha256.state[7] = 0x5BE0CD19UL; 218| 243k| return CRYPT_OK; 219| 243k|} sha256_done: 237| 243k|{ 238| 243k| int i; 239| | 240| 243k| LTC_ARGCHK(md != NULL); ------------------ | | 32| 243k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 243k] | | | Branch (32:87): [Folded, False: 243k] | | ------------------ ------------------ 241| 243k| LTC_ARGCHK(out != NULL); ------------------ | | 32| 243k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 243k] | | | Branch (32:87): [Folded, False: 243k] | | ------------------ ------------------ 242| | 243| 243k| if (md->sha256.curlen >= sizeof(md->sha256.buf)) { ------------------ | Branch (243:9): [True: 0, False: 243k] ------------------ 244| 0| return CRYPT_INVALID_ARG; 245| 0| } 246| | 247| | 248| | /* increase the length of the message */ 249| 243k| md->sha256.length += md->sha256.curlen * 8; 250| | 251| | /* append the '1' bit */ 252| 243k| md->sha256.buf[md->sha256.curlen++] = (unsigned char)0x80; 253| | 254| | /* if the length is currently above 56 bytes we append zeros 255| | * then compress. Then we can fall back to padding zeros and length 256| | * encoding like normal. 257| | */ 258| 243k| if (md->sha256.curlen > 56) { ------------------ | Branch (258:9): [True: 0, False: 243k] ------------------ 259| 0| while (md->sha256.curlen < 64) { ------------------ | Branch (259:16): [True: 0, False: 0] ------------------ 260| 0| md->sha256.buf[md->sha256.curlen++] = (unsigned char)0; 261| 0| } 262| 0| sha256_compress(md, md->sha256.buf); 263| 0| md->sha256.curlen = 0; 264| 0| } 265| | 266| | /* pad upto 56 bytes of zeroes */ 267| 4.86M| while (md->sha256.curlen < 56) { ------------------ | Branch (267:12): [True: 4.62M, False: 243k] ------------------ 268| 4.62M| md->sha256.buf[md->sha256.curlen++] = (unsigned char)0; 269| 4.62M| } 270| | 271| | /* store length */ 272| 243k| STORE64H(md->sha256.length, md->sha256.buf+56); ------------------ | | 101| 243k|#define STORE64H(x, y) \ | | 102| 243k|do { ulong64 __t = __builtin_bswap64 ((x)); \ | | 103| 243k| XMEMCPY ((y), &__t, 8); } while(0) | | ------------------ | | | | 39| 243k|#define XMEMCPY memcpy | | ------------------ | | | Branch (103:39): [Folded, False: 243k] | | ------------------ ------------------ 273| 243k| sha256_compress(md, md->sha256.buf); 274| | 275| | /* copy output */ 276| 2.18M| for (i = 0; i < 8; i++) { ------------------ | Branch (276:17): [True: 1.94M, False: 243k] ------------------ 277| 1.94M| STORE32H(md->sha256.state[i], out+(4*i)); ------------------ | | 62| 1.94M|#define STORE32H(x, y) \ | | 63| 1.94M|do { ulong32 __t = __builtin_bswap32 ((x)); \ | | 64| 1.94M| XMEMCPY ((y), &__t, 4); } while(0) | | ------------------ | | | | 39| 1.94M|#define XMEMCPY memcpy | | ------------------ | | | Branch (64:39): [Folded, False: 1.94M] | | ------------------ ------------------ 278| 1.94M| } 279| |#ifdef LTC_CLEAN_STACK 280| | zeromem(md, sizeof(hash_state)); 281| |#endif 282| 243k| return CRYPT_OK; 283| 243k|} sha256.c:sha256_compress: 71| 243k|{ 72| 243k| ulong32 S[8], W[64], t0, t1; 73| 243k|#ifdef LTC_SMALL_CODE 74| 243k| ulong32 t; 75| 243k|#endif 76| 243k| int i; 77| | 78| | /* copy state into S */ 79| 2.18M| for (i = 0; i < 8; i++) { ------------------ | Branch (79:17): [True: 1.94M, False: 243k] ------------------ 80| 1.94M| S[i] = md->sha256.state[i]; 81| 1.94M| } 82| | 83| | /* copy the state into 512-bits into W[0..15] */ 84| 4.13M| for (i = 0; i < 16; i++) { ------------------ | Branch (84:17): [True: 3.89M, False: 243k] ------------------ 85| 3.89M| LOAD32H(W[i], buf + (4*i)); ------------------ | | 66| 3.89M|#define LOAD32H(x, y) \ | | 67| 3.89M|do { XMEMCPY (&(x), (y), 4); \ | | ------------------ | | | | 39| 3.89M|#define XMEMCPY memcpy | | ------------------ | | 68| 3.89M| (x) = __builtin_bswap32 ((x)); } while(0) | | ------------------ | | | Branch (68:46): [Folded, False: 3.89M] | | ------------------ ------------------ 86| 3.89M| } 87| | 88| | /* fill W[16..63] */ 89| 11.9M| for (i = 16; i < 64; i++) { ------------------ | Branch (89:18): [True: 11.6M, False: 243k] ------------------ 90| 11.6M| W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; ------------------ | | 63| 11.6M|#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) | | ------------------ | | | | 58| 11.6M|#define S(x, n) RORc((x),(n)) | | | | ------------------ | | | | | | 283| 11.6M|#define RORc(word,i) ({ \ | | | | | | 284| 11.6M| ulong32 __RORc_tmp = (word); \ | | | | | | 285| 11.6M| __asm__ ("rorl %2, %0" : \ | | | | | | 286| 11.6M| "=r" (__RORc_tmp) : \ | | | | | | 287| 11.6M| "0" (__RORc_tmp), \ | | | | | | 288| 11.6M| "I" (i)); \ | | | | | | 289| 11.6M| __RORc_tmp; \ | | | | | | 290| 11.6M| }) | | | | ------------------ | | ------------------ | | #define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) | | ------------------ | | | | 58| 11.6M|#define S(x, n) RORc((x),(n)) | | | | ------------------ | | | | | | 283| 11.6M|#define RORc(word,i) ({ \ | | | | | | 284| 11.6M| ulong32 __RORc_tmp = (word); \ | | | | | | 285| 11.6M| __asm__ ("rorl %2, %0" : \ | | | | | | 286| 11.6M| "=r" (__RORc_tmp) : \ | | | | | | 287| 11.6M| "0" (__RORc_tmp), \ | | | | | | 288| 11.6M| "I" (i)); \ | | | | | | 289| 11.6M| __RORc_tmp; \ | | | | | | 290| 11.6M| }) | | | | ------------------ | | ------------------ | | #define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) | | ------------------ | | | | 59| 11.6M|#define R(x, n) (((x)&0xFFFFFFFFUL)>>(n)) | | ------------------ ------------------ W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; ------------------ | | 62| 11.6M|#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) | | ------------------ | | | | 58| 11.6M|#define S(x, n) RORc((x),(n)) | | | | ------------------ | | | | | | 283| 11.6M|#define RORc(word,i) ({ \ | | | | | | 284| 11.6M| ulong32 __RORc_tmp = (word); \ | | | | | | 285| 11.6M| __asm__ ("rorl %2, %0" : \ | | | | | | 286| 11.6M| "=r" (__RORc_tmp) : \ | | | | | | 287| 11.6M| "0" (__RORc_tmp), \ | | | | | | 288| 11.6M| "I" (i)); \ | | | | | | 289| 11.6M| __RORc_tmp; \ | | | | | | 290| 11.6M| }) | | | | ------------------ | | ------------------ | | #define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) | | ------------------ | | | | 58| 11.6M|#define S(x, n) RORc((x),(n)) | | | | ------------------ | | | | | | 283| 11.6M|#define RORc(word,i) ({ \ | | | | | | 284| 11.6M| ulong32 __RORc_tmp = (word); \ | | | | | | 285| 11.6M| __asm__ ("rorl %2, %0" : \ | | | | | | 286| 11.6M| "=r" (__RORc_tmp) : \ | | | | | | 287| 11.6M| "0" (__RORc_tmp), \ | | | | | | 288| 11.6M| "I" (i)); \ | | | | | | 289| 11.6M| __RORc_tmp; \ | | | | | | 290| 11.6M| }) | | | | ------------------ | | ------------------ | | #define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) | | ------------------ | | | | 59| 11.6M|#define R(x, n) (((x)&0xFFFFFFFFUL)>>(n)) | | ------------------ ------------------ 91| 11.6M| } 92| | 93| | /* Compress */ 94| 243k|#ifdef LTC_SMALL_CODE 95| 243k|#define RND(a,b,c,d,e,f,g,h,i) \ 96| 243k| t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ 97| 243k| t1 = Sigma0(a) + Maj(a, b, c); \ 98| 243k| d += t0; \ 99| 243k| h = t0 + t1; 100| | 101| 15.8M| for (i = 0; i < 64; ++i) { ------------------ | Branch (101:18): [True: 15.5M, False: 243k] ------------------ 102| 15.5M| RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i); ------------------ | | 96| 15.5M| t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ | | ------------------ | | | | 61| 15.5M|#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) | | | | ------------------ | | | | | | 58| 15.5M|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 15.5M|#define RORc(word,i) ({ \ | | | | | | | | 284| 15.5M| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 15.5M| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 15.5M| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 15.5M| "0" (__RORc_tmp), \ | | | | | | | | 288| 15.5M| "I" (i)); \ | | | | | | | | 289| 15.5M| __RORc_tmp; \ | | | | | | | | 290| 15.5M| }) | | | | | | ------------------ | | | | ------------------ | | | | #define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) | | | | ------------------ | | | | | | 58| 15.5M|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 15.5M|#define RORc(word,i) ({ \ | | | | | | | | 284| 15.5M| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 15.5M| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 15.5M| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 15.5M| "0" (__RORc_tmp), \ | | | | | | | | 288| 15.5M| "I" (i)); \ | | | | | | | | 289| 15.5M| __RORc_tmp; \ | | | | | | | | 290| 15.5M| }) | | | | | | ------------------ | | | | ------------------ | | | | #define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) | | | | ------------------ | | | | | | 58| 15.5M|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 15.5M|#define RORc(word,i) ({ \ | | | | | | | | 284| 15.5M| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 15.5M| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 15.5M| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 15.5M| "0" (__RORc_tmp), \ | | | | | | | | 288| 15.5M| "I" (i)); \ | | | | | | | | 289| 15.5M| __RORc_tmp; \ | | | | | | | | 290| 15.5M| }) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ | | ------------------ | | | | 56| 15.5M|#define Ch(x,y,z) (z ^ (x & (y ^ z))) | | ------------------ | | 97| 15.5M| t1 = Sigma0(a) + Maj(a, b, c); \ | | ------------------ | | | | 60| 15.5M|#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) | | | | ------------------ | | | | | | 58| 15.5M|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 15.5M|#define RORc(word,i) ({ \ | | | | | | | | 284| 15.5M| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 15.5M| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 15.5M| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 15.5M| "0" (__RORc_tmp), \ | | | | | | | | 288| 15.5M| "I" (i)); \ | | | | | | | | 289| 15.5M| __RORc_tmp; \ | | | | | | | | 290| 15.5M| }) | | | | | | ------------------ | | | | ------------------ | | | | #define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) | | | | ------------------ | | | | | | 58| 15.5M|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 15.5M|#define RORc(word,i) ({ \ | | | | | | | | 284| 15.5M| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 15.5M| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 15.5M| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 15.5M| "0" (__RORc_tmp), \ | | | | | | | | 288| 15.5M| "I" (i)); \ | | | | | | | | 289| 15.5M| __RORc_tmp; \ | | | | | | | | 290| 15.5M| }) | | | | | | ------------------ | | | | ------------------ | | | | #define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) | | | | ------------------ | | | | | | 58| 15.5M|#define S(x, n) RORc((x),(n)) | | | | | | ------------------ | | | | | | | | 283| 15.5M|#define RORc(word,i) ({ \ | | | | | | | | 284| 15.5M| ulong32 __RORc_tmp = (word); \ | | | | | | | | 285| 15.5M| __asm__ ("rorl %2, %0" : \ | | | | | | | | 286| 15.5M| "=r" (__RORc_tmp) : \ | | | | | | | | 287| 15.5M| "0" (__RORc_tmp), \ | | | | | | | | 288| 15.5M| "I" (i)); \ | | | | | | | | 289| 15.5M| __RORc_tmp; \ | | | | | | | | 290| 15.5M| }) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | t1 = Sigma0(a) + Maj(a, b, c); \ | | ------------------ | | | | 57| 15.5M|#define Maj(x,y,z) (((x | y) & z) | (x & y)) | | ------------------ | | 98| 15.5M| d += t0; \ | | 99| 15.5M| h = t0 + t1; ------------------ 103| 15.5M| t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4]; 104| 15.5M| S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t; 105| 15.5M| } 106| |#else 107| |#define RND(a,b,c,d,e,f,g,h,i,ki) \ 108| | t0 = h + Sigma1(e) + Ch(e, f, g) + ki + W[i]; \ 109| | t1 = Sigma0(a) + Maj(a, b, c); \ 110| | d += t0; \ 111| | h = t0 + t1; 112| | 113| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],0,0x428a2f98); 114| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],1,0x71374491); 115| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],2,0xb5c0fbcf); 116| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],3,0xe9b5dba5); 117| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],4,0x3956c25b); 118| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],5,0x59f111f1); 119| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],6,0x923f82a4); 120| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],7,0xab1c5ed5); 121| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],8,0xd807aa98); 122| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],9,0x12835b01); 123| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],10,0x243185be); 124| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],11,0x550c7dc3); 125| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],12,0x72be5d74); 126| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],13,0x80deb1fe); 127| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],14,0x9bdc06a7); 128| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],15,0xc19bf174); 129| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],16,0xe49b69c1); 130| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],17,0xefbe4786); 131| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],18,0x0fc19dc6); 132| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],19,0x240ca1cc); 133| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],20,0x2de92c6f); 134| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],21,0x4a7484aa); 135| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],22,0x5cb0a9dc); 136| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],23,0x76f988da); 137| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],24,0x983e5152); 138| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],25,0xa831c66d); 139| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],26,0xb00327c8); 140| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],27,0xbf597fc7); 141| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],28,0xc6e00bf3); 142| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],29,0xd5a79147); 143| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],30,0x06ca6351); 144| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],31,0x14292967); 145| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],32,0x27b70a85); 146| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],33,0x2e1b2138); 147| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],34,0x4d2c6dfc); 148| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],35,0x53380d13); 149| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],36,0x650a7354); 150| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],37,0x766a0abb); 151| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],38,0x81c2c92e); 152| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],39,0x92722c85); 153| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],40,0xa2bfe8a1); 154| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],41,0xa81a664b); 155| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],42,0xc24b8b70); 156| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],43,0xc76c51a3); 157| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],44,0xd192e819); 158| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],45,0xd6990624); 159| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],46,0xf40e3585); 160| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],47,0x106aa070); 161| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],48,0x19a4c116); 162| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],49,0x1e376c08); 163| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],50,0x2748774c); 164| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],51,0x34b0bcb5); 165| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],52,0x391c0cb3); 166| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],53,0x4ed8aa4a); 167| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],54,0x5b9cca4f); 168| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],55,0x682e6ff3); 169| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],56,0x748f82ee); 170| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],57,0x78a5636f); 171| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],58,0x84c87814); 172| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],59,0x8cc70208); 173| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],60,0x90befffa); 174| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],61,0xa4506ceb); 175| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],62,0xbef9a3f7); 176| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],63,0xc67178f2); 177| | 178| |#undef RND 179| | 180| |#endif 181| | 182| | /* feedback */ 183| 2.18M| for (i = 0; i < 8; i++) { ------------------ | Branch (183:17): [True: 1.94M, False: 243k] ------------------ 184| 1.94M| md->sha256.state[i] = md->sha256.state[i] + S[i]; 185| 1.94M| } 186| 243k| return CRYPT_OK; 187| 243k|} sha512_init: 174| 193|{ 175| 193| LTC_ARGCHK(md != NULL); ------------------ | | 32| 193|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 193] | | | Branch (32:87): [Folded, False: 193] | | ------------------ ------------------ 176| 193| md->sha512.curlen = 0; 177| 193| md->sha512.length = 0; 178| 193| md->sha512.state[0] = CONST64(0x6a09e667f3bcc908); ------------------ | | 200| 193| #define CONST64(n) n ## ULL ------------------ 179| 193| md->sha512.state[1] = CONST64(0xbb67ae8584caa73b); ------------------ | | 200| 193| #define CONST64(n) n ## ULL ------------------ 180| 193| md->sha512.state[2] = CONST64(0x3c6ef372fe94f82b); ------------------ | | 200| 193| #define CONST64(n) n ## ULL ------------------ 181| 193| md->sha512.state[3] = CONST64(0xa54ff53a5f1d36f1); ------------------ | | 200| 193| #define CONST64(n) n ## ULL ------------------ 182| 193| md->sha512.state[4] = CONST64(0x510e527fade682d1); ------------------ | | 200| 193| #define CONST64(n) n ## ULL ------------------ 183| 193| md->sha512.state[5] = CONST64(0x9b05688c2b3e6c1f); ------------------ | | 200| 193| #define CONST64(n) n ## ULL ------------------ 184| 193| md->sha512.state[6] = CONST64(0x1f83d9abfb41bd6b); ------------------ | | 200| 193| #define CONST64(n) n ## ULL ------------------ 185| 193| md->sha512.state[7] = CONST64(0x5be0cd19137e2179); ------------------ | | 200| 193| #define CONST64(n) n ## ULL ------------------ 186| 193| return CRYPT_OK; 187| 193|} sha512_done: 205| 193|{ 206| 193| int i; 207| | 208| 193| LTC_ARGCHK(md != NULL); ------------------ | | 32| 193|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 193] | | | Branch (32:87): [Folded, False: 193] | | ------------------ ------------------ 209| 193| LTC_ARGCHK(out != NULL); ------------------ | | 32| 193|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 193] | | | Branch (32:87): [Folded, False: 193] | | ------------------ ------------------ 210| | 211| 193| if (md->sha512.curlen >= sizeof(md->sha512.buf)) { ------------------ | Branch (211:9): [True: 0, False: 193] ------------------ 212| 0| return CRYPT_INVALID_ARG; 213| 0| } 214| | 215| | /* increase the length of the message */ 216| 193| md->sha512.length += md->sha512.curlen * CONST64(8); ------------------ | | 200| 193| #define CONST64(n) n ## ULL ------------------ 217| | 218| | /* append the '1' bit */ 219| 193| md->sha512.buf[md->sha512.curlen++] = (unsigned char)0x80; 220| | 221| | /* if the length is currently above 112 bytes we append zeros 222| | * then compress. Then we can fall back to padding zeros and length 223| | * encoding like normal. 224| | */ 225| 193| if (md->sha512.curlen > 112) { ------------------ | Branch (225:9): [True: 0, False: 193] ------------------ 226| 0| while (md->sha512.curlen < 128) { ------------------ | Branch (226:16): [True: 0, False: 0] ------------------ 227| 0| md->sha512.buf[md->sha512.curlen++] = (unsigned char)0; 228| 0| } 229| 0| sha512_compress(md, md->sha512.buf); 230| 0| md->sha512.curlen = 0; 231| 0| } 232| | 233| | /* pad upto 120 bytes of zeroes 234| | * note: that from 112 to 120 is the 64 MSB of the length. We assume that you won't hash 235| | * > 2^64 bits of data... :-) 236| | */ 237| 19.9k| while (md->sha512.curlen < 120) { ------------------ | Branch (237:12): [True: 19.7k, False: 193] ------------------ 238| 19.7k| md->sha512.buf[md->sha512.curlen++] = (unsigned char)0; 239| 19.7k| } 240| | 241| | /* store length */ 242| 193| STORE64H(md->sha512.length, md->sha512.buf+120); ------------------ | | 101| 193|#define STORE64H(x, y) \ | | 102| 193|do { ulong64 __t = __builtin_bswap64 ((x)); \ | | 103| 193| XMEMCPY ((y), &__t, 8); } while(0) | | ------------------ | | | | 39| 193|#define XMEMCPY memcpy | | ------------------ | | | Branch (103:39): [Folded, False: 193] | | ------------------ ------------------ 243| 193| sha512_compress(md, md->sha512.buf); 244| | 245| | /* copy output */ 246| 1.73k| for (i = 0; i < 8; i++) { ------------------ | Branch (246:17): [True: 1.54k, False: 193] ------------------ 247| 1.54k| STORE64H(md->sha512.state[i], out+(8*i)); ------------------ | | 101| 1.54k|#define STORE64H(x, y) \ | | 102| 1.54k|do { ulong64 __t = __builtin_bswap64 ((x)); \ | | 103| 1.54k| XMEMCPY ((y), &__t, 8); } while(0) | | ------------------ | | | | 39| 1.54k|#define XMEMCPY memcpy | | ------------------ | | | Branch (103:39): [Folded, False: 1.54k] | | ------------------ ------------------ 248| 1.54k| } 249| |#ifdef LTC_CLEAN_STACK 250| | zeromem(md, sizeof(hash_state)); 251| |#endif 252| 193| return CRYPT_OK; 253| 193|} sha512.c:sha512_compress: 96| 1.69k|{ 97| 1.69k| ulong64 S[8], W[80], t0, t1; 98| 1.69k| int i; 99| | 100| | /* copy state into S */ 101| 15.2k| for (i = 0; i < 8; i++) { ------------------ | Branch (101:17): [True: 13.5k, False: 1.69k] ------------------ 102| 13.5k| S[i] = md->sha512.state[i]; 103| 13.5k| } 104| | 105| | /* copy the state into 1024-bits into W[0..15] */ 106| 28.7k| for (i = 0; i < 16; i++) { ------------------ | Branch (106:17): [True: 27.1k, False: 1.69k] ------------------ 107| 27.1k| LOAD64H(W[i], buf + (8*i)); ------------------ | | 105| 27.1k|#define LOAD64H(x, y) \ | | 106| 27.1k|do { XMEMCPY (&(x), (y), 8); \ | | ------------------ | | | | 39| 27.1k|#define XMEMCPY memcpy | | ------------------ | | 107| 27.1k| (x) = __builtin_bswap64 ((x)); } while(0) | | ------------------ | | | Branch (107:46): [Folded, False: 27.1k] | | ------------------ ------------------ 108| 27.1k| } 109| | 110| | /* fill W[16..79] */ 111| 110k| for (i = 16; i < 80; i++) { ------------------ | Branch (111:18): [True: 108k, False: 1.69k] ------------------ 112| 108k| W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; ------------------ | | 88| 108k|#define Gamma1(x) (S(x, 19) ^ S(x, 61) ^ R(x, 6)) | | ------------------ | | | | 83| 108k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 108k|#define ROR64c(word,i) ({ \ | | | | | | 385| 108k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 108k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 108k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 108k| "0" (__ROR64c_tmp), \ | | | | | | 389| 108k| "J" (i)); \ | | | | | | 390| 108k| __ROR64c_tmp; \ | | | | | | 391| 108k| }) | | | | ------------------ | | ------------------ | | #define Gamma1(x) (S(x, 19) ^ S(x, 61) ^ R(x, 6)) | | ------------------ | | | | 83| 108k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 108k|#define ROR64c(word,i) ({ \ | | | | | | 385| 108k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 108k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 108k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 108k| "0" (__ROR64c_tmp), \ | | | | | | 389| 108k| "J" (i)); \ | | | | | | 390| 108k| __ROR64c_tmp; \ | | | | | | 391| 108k| }) | | | | ------------------ | | ------------------ | | #define Gamma1(x) (S(x, 19) ^ S(x, 61) ^ R(x, 6)) | | ------------------ | | | | 84| 108k|#define R(x, n) (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)n)) | | | | ------------------ | | | | | | 200| 108k| #define CONST64(n) n ## ULL | | | | ------------------ | | ------------------ ------------------ W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; ------------------ | | 87| 108k|#define Gamma0(x) (S(x, 1) ^ S(x, 8) ^ R(x, 7)) | | ------------------ | | | | 83| 108k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 108k|#define ROR64c(word,i) ({ \ | | | | | | 385| 108k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 108k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 108k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 108k| "0" (__ROR64c_tmp), \ | | | | | | 389| 108k| "J" (i)); \ | | | | | | 390| 108k| __ROR64c_tmp; \ | | | | | | 391| 108k| }) | | | | ------------------ | | ------------------ | | #define Gamma0(x) (S(x, 1) ^ S(x, 8) ^ R(x, 7)) | | ------------------ | | | | 83| 108k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 108k|#define ROR64c(word,i) ({ \ | | | | | | 385| 108k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 108k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 108k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 108k| "0" (__ROR64c_tmp), \ | | | | | | 389| 108k| "J" (i)); \ | | | | | | 390| 108k| __ROR64c_tmp; \ | | | | | | 391| 108k| }) | | | | ------------------ | | ------------------ | | #define Gamma0(x) (S(x, 1) ^ S(x, 8) ^ R(x, 7)) | | ------------------ | | | | 84| 108k|#define R(x, n) (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)n)) | | | | ------------------ | | | | | | 200| 108k| #define CONST64(n) n ## ULL | | | | ------------------ | | ------------------ ------------------ 113| 108k| } 114| | 115| | /* Compress */ 116| 1.69k|#ifdef LTC_SMALL_CODE 117| 137k| for (i = 0; i < 80; i++) { ------------------ | Branch (117:17): [True: 135k, False: 1.69k] ------------------ 118| 135k| t0 = S[7] + Sigma1(S[4]) + Ch(S[4], S[5], S[6]) + K[i] + W[i]; ------------------ | | 86| 135k|#define Sigma1(x) (S(x, 14) ^ S(x, 18) ^ S(x, 41)) | | ------------------ | | | | 83| 135k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 135k|#define ROR64c(word,i) ({ \ | | | | | | 385| 135k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 135k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 135k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 135k| "0" (__ROR64c_tmp), \ | | | | | | 389| 135k| "J" (i)); \ | | | | | | 390| 135k| __ROR64c_tmp; \ | | | | | | 391| 135k| }) | | | | ------------------ | | ------------------ | | #define Sigma1(x) (S(x, 14) ^ S(x, 18) ^ S(x, 41)) | | ------------------ | | | | 83| 135k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 135k|#define ROR64c(word,i) ({ \ | | | | | | 385| 135k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 135k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 135k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 135k| "0" (__ROR64c_tmp), \ | | | | | | 389| 135k| "J" (i)); \ | | | | | | 390| 135k| __ROR64c_tmp; \ | | | | | | 391| 135k| }) | | | | ------------------ | | ------------------ | | #define Sigma1(x) (S(x, 14) ^ S(x, 18) ^ S(x, 41)) | | ------------------ | | | | 83| 135k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 135k|#define ROR64c(word,i) ({ \ | | | | | | 385| 135k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 135k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 135k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 135k| "0" (__ROR64c_tmp), \ | | | | | | 389| 135k| "J" (i)); \ | | | | | | 390| 135k| __ROR64c_tmp; \ | | | | | | 391| 135k| }) | | | | ------------------ | | ------------------ ------------------ t0 = S[7] + Sigma1(S[4]) + Ch(S[4], S[5], S[6]) + K[i] + W[i]; ------------------ | | 81| 135k|#define Ch(x,y,z) (z ^ (x & (y ^ z))) ------------------ 119| 135k| t1 = Sigma0(S[0]) + Maj(S[0], S[1], S[2]); ------------------ | | 85| 135k|#define Sigma0(x) (S(x, 28) ^ S(x, 34) ^ S(x, 39)) | | ------------------ | | | | 83| 135k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 135k|#define ROR64c(word,i) ({ \ | | | | | | 385| 135k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 135k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 135k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 135k| "0" (__ROR64c_tmp), \ | | | | | | 389| 135k| "J" (i)); \ | | | | | | 390| 135k| __ROR64c_tmp; \ | | | | | | 391| 135k| }) | | | | ------------------ | | ------------------ | | #define Sigma0(x) (S(x, 28) ^ S(x, 34) ^ S(x, 39)) | | ------------------ | | | | 83| 135k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 135k|#define ROR64c(word,i) ({ \ | | | | | | 385| 135k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 135k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 135k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 135k| "0" (__ROR64c_tmp), \ | | | | | | 389| 135k| "J" (i)); \ | | | | | | 390| 135k| __ROR64c_tmp; \ | | | | | | 391| 135k| }) | | | | ------------------ | | ------------------ | | #define Sigma0(x) (S(x, 28) ^ S(x, 34) ^ S(x, 39)) | | ------------------ | | | | 83| 135k|#define S(x, n) ROR64c(x, n) | | | | ------------------ | | | | | | 384| 135k|#define ROR64c(word,i) ({ \ | | | | | | 385| 135k| ulong64 __ROR64c_tmp = word; \ | | | | | | 386| 135k| __asm__ ("rorq %2, %0" : \ | | | | | | 387| 135k| "=r" (__ROR64c_tmp) : \ | | | | | | 388| 135k| "0" (__ROR64c_tmp), \ | | | | | | 389| 135k| "J" (i)); \ | | | | | | 390| 135k| __ROR64c_tmp; \ | | | | | | 391| 135k| }) | | | | ------------------ | | ------------------ ------------------ t1 = Sigma0(S[0]) + Maj(S[0], S[1], S[2]); ------------------ | | 82| 135k|#define Maj(x,y,z) (((x | y) & z) | (x & y)) ------------------ 120| 135k| S[7] = S[6]; 121| 135k| S[6] = S[5]; 122| 135k| S[5] = S[4]; 123| 135k| S[4] = S[3] + t0; 124| 135k| S[3] = S[2]; 125| 135k| S[2] = S[1]; 126| 135k| S[1] = S[0]; 127| 135k| S[0] = t0 + t1; 128| 135k| } 129| |#else 130| |#define RND(a,b,c,d,e,f,g,h,i) \ 131| | t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ 132| | t1 = Sigma0(a) + Maj(a, b, c); \ 133| | d += t0; \ 134| | h = t0 + t1; 135| | 136| | for (i = 0; i < 80; i += 8) { 137| | RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i+0); 138| | RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],i+1); 139| | RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],i+2); 140| | RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],i+3); 141| | RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],i+4); 142| | RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],i+5); 143| | RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],i+6); 144| | RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],i+7); 145| | } 146| |#endif 147| | 148| | 149| | /* feedback */ 150| 15.2k| for (i = 0; i < 8; i++) { ------------------ | Branch (150:17): [True: 13.5k, False: 1.69k] ------------------ 151| 13.5k| md->sha512.state[i] = md->sha512.state[i] + S[i]; 152| 13.5k| } 153| | 154| 1.69k| return CRYPT_OK; 155| 1.69k|} sha256_process: 491| 486k|int func_name (hash_state * md, const unsigned char *in, unsigned long inlen) \ 492| 486k|{ \ 493| 486k| unsigned long n; \ 494| 486k| int err; \ 495| 486k| LTC_ARGCHK(md != NULL); \ ------------------ | | 32| 486k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 486k] | | | Branch (32:87): [Folded, False: 486k] | | ------------------ ------------------ 496| 486k| LTC_ARGCHK(in != NULL); \ ------------------ | | 32| 486k|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 486k] | | | Branch (32:87): [Folded, False: 486k] | | ------------------ ------------------ 497| 486k| if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \ ------------------ | Branch (497:9): [True: 0, False: 486k] ------------------ 498| 0| return CRYPT_INVALID_ARG; \ 499| 0| } \ 500| 486k| if ((md-> state_var .length + inlen) < md-> state_var .length) { \ ------------------ | Branch (500:9): [True: 0, False: 486k] ------------------ 501| 0| return CRYPT_HASH_OVERFLOW; \ 502| 0| } \ 503| 973k| while (inlen > 0) { \ ------------------ | Branch (503:12): [True: 486k, False: 486k] ------------------ 504| 486k| if (md-> state_var .curlen == 0 && inlen >= block_size) { \ ------------------ | Branch (504:13): [True: 243k, False: 243k] | Branch (504:44): [True: 0, False: 243k] ------------------ 505| 0| if ((err = compress_name (md, (unsigned char *)in)) != CRYPT_OK) { \ ------------------ | Branch (505:16): [True: 0, False: 0] ------------------ 506| 0| return err; \ 507| 0| } \ 508| 0| md-> state_var .length += block_size * 8; \ 509| 0| in += block_size; \ 510| 0| inlen -= block_size; \ 511| 486k| } else { \ 512| 486k| n = MIN(inlen, (block_size - md-> state_var .curlen)); \ ------------------ | | 425| 486k| #define MIN(x, y) ( ((x)<(y))?(x):(y) ) | | ------------------ | | | Branch (425:24): [True: 486k, False: 0] | | ------------------ ------------------ 513| 486k| XMEMCPY(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \ ------------------ | | 39| 486k|#define XMEMCPY memcpy ------------------ 514| 486k| md-> state_var .curlen += n; \ 515| 486k| in += n; \ 516| 486k| inlen -= n; \ 517| 486k| if (md-> state_var .curlen == block_size) { \ ------------------ | Branch (517:16): [True: 0, False: 486k] ------------------ 518| 0| if ((err = compress_name (md, md-> state_var .buf)) != CRYPT_OK) { \ ------------------ | Branch (518:19): [True: 0, False: 0] ------------------ 519| 0| return err; \ 520| 0| } \ 521| 0| md-> state_var .length += 8*block_size; \ 522| 0| md-> state_var .curlen = 0; \ 523| 0| } \ 524| 486k| } \ 525| 486k| } \ 526| 486k| return CRYPT_OK; \ 527| 486k|} sha512_process: 491| 193|int func_name (hash_state * md, const unsigned char *in, unsigned long inlen) \ 492| 193|{ \ 493| 193| unsigned long n; \ 494| 193| int err; \ 495| 193| LTC_ARGCHK(md != NULL); \ ------------------ | | 32| 193|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 193] | | | Branch (32:87): [Folded, False: 193] | | ------------------ ------------------ 496| 193| LTC_ARGCHK(in != NULL); \ ------------------ | | 32| 193|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 193] | | | Branch (32:87): [Folded, False: 193] | | ------------------ ------------------ 497| 193| if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \ ------------------ | Branch (497:9): [True: 0, False: 193] ------------------ 498| 0| return CRYPT_INVALID_ARG; \ 499| 0| } \ 500| 193| if ((md-> state_var .length + inlen) < md-> state_var .length) { \ ------------------ | Branch (500:9): [True: 0, False: 193] ------------------ 501| 0| return CRYPT_HASH_OVERFLOW; \ 502| 0| } \ 503| 1.88k| while (inlen > 0) { \ ------------------ | Branch (503:12): [True: 1.69k, False: 193] ------------------ 504| 1.69k| if (md-> state_var .curlen == 0 && inlen >= block_size) { \ ------------------ | Branch (504:13): [True: 1.69k, False: 0] | Branch (504:44): [True: 1.50k, False: 193] ------------------ 505| 1.50k| if ((err = compress_name (md, (unsigned char *)in)) != CRYPT_OK) { \ ------------------ | Branch (505:16): [True: 0, False: 1.50k] ------------------ 506| 0| return err; \ 507| 0| } \ 508| 1.50k| md-> state_var .length += block_size * 8; \ 509| 1.50k| in += block_size; \ 510| 1.50k| inlen -= block_size; \ 511| 1.50k| } else { \ 512| 193| n = MIN(inlen, (block_size - md-> state_var .curlen)); \ ------------------ | | 425| 193| #define MIN(x, y) ( ((x)<(y))?(x):(y) ) | | ------------------ | | | Branch (425:24): [True: 193, False: 0] | | ------------------ ------------------ 513| 193| XMEMCPY(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \ ------------------ | | 39| 193|#define XMEMCPY memcpy ------------------ 514| 193| md-> state_var .curlen += n; \ 515| 193| in += n; \ 516| 193| inlen -= n; \ 517| 193| if (md-> state_var .curlen == block_size) { \ ------------------ | Branch (517:16): [True: 0, False: 193] ------------------ 518| 0| if ((err = compress_name (md, md-> state_var .buf)) != CRYPT_OK) { \ ------------------ | Branch (518:19): [True: 0, False: 0] ------------------ 519| 0| return err; \ 520| 0| } \ 521| 0| md-> state_var .length += 8*block_size; \ 522| 0| md-> state_var .curlen = 0; \ 523| 0| } \ 524| 193| } \ 525| 1.69k| } \ 526| 193| return CRYPT_OK; \ 527| 193|} register_cipher: 22| 4|{ 23| 4| int x; 24| | 25| 4| LTC_ARGCHK(cipher != NULL); ------------------ | | 32| 4|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 4] | | | Branch (32:87): [Folded, False: 4] | | ------------------ ------------------ 26| | 27| | /* is it already registered? */ 28| 4| LTC_MUTEX_LOCK(<c_cipher_mutex); 29| 14| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 14|#define TAB_SIZE 5 ------------------ | Branch (29:16): [True: 12, False: 2] ------------------ 30| 12| if (cipher_descriptor[x].name != NULL && cipher_descriptor[x].ID == cipher->ID) { ------------------ | Branch (30:12): [True: 2, False: 10] | Branch (30:49): [True: 2, False: 0] ------------------ 31| 2| LTC_MUTEX_UNLOCK(<c_cipher_mutex); 32| 2| return x; 33| 2| } 34| 12| } 35| | 36| | /* find a blank spot */ 37| 2| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 2|#define TAB_SIZE 5 ------------------ | Branch (37:16): [True: 2, False: 0] ------------------ 38| 2| if (cipher_descriptor[x].name == NULL) { ------------------ | Branch (38:12): [True: 2, False: 0] ------------------ 39| 2| XMEMCPY(&cipher_descriptor[x], cipher, sizeof(struct ltc_cipher_descriptor)); ------------------ | | 39| 2|#define XMEMCPY memcpy ------------------ 40| 2| LTC_MUTEX_UNLOCK(<c_cipher_mutex); 41| 2| return x; 42| 2| } 43| 2| } 44| | 45| | /* no spot */ 46| 0| LTC_MUTEX_UNLOCK(<c_cipher_mutex); 47| 0| return -1; 48| 2|} register_hash: 22| 12|{ 23| 12| int x; 24| | 25| 12| LTC_ARGCHK(hash != NULL); ------------------ | | 32| 12|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 12] | | | Branch (32:87): [Folded, False: 12] | | ------------------ ------------------ 26| | 27| | /* is it already registered? */ 28| 12| LTC_MUTEX_LOCK(<c_hash_mutex); 29| 48| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 48|#define TAB_SIZE 5 ------------------ | Branch (29:16): [True: 42, False: 6] ------------------ 30| 42| if (XMEMCMP(&hash_descriptor[x], hash, sizeof(struct ltc_hash_descriptor)) == 0) { ------------------ | | 45| 42|#define XMEMCMP memcmp ------------------ | Branch (30:12): [True: 6, False: 36] ------------------ 31| 6| LTC_MUTEX_UNLOCK(<c_hash_mutex); 32| 6| return x; 33| 6| } 34| 42| } 35| | 36| | /* find a blank spot */ 37| 12| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 12|#define TAB_SIZE 5 ------------------ | Branch (37:16): [True: 12, False: 0] ------------------ 38| 12| if (hash_descriptor[x].name == NULL) { ------------------ | Branch (38:12): [True: 6, False: 6] ------------------ 39| 6| XMEMCPY(&hash_descriptor[x], hash, sizeof(struct ltc_hash_descriptor)); ------------------ | | 39| 6|#define XMEMCPY memcpy ------------------ 40| 6| LTC_MUTEX_UNLOCK(<c_hash_mutex); 41| 6| return x; 42| 6| } 43| 12| } 44| | 45| | /* no spot */ 46| 0| LTC_MUTEX_UNLOCK(<c_hash_mutex); 47| 0| return -1; 48| 6|} register_prng: 22| 4|{ 23| 4| int x; 24| | 25| 4| LTC_ARGCHK(prng != NULL); ------------------ | | 32| 4|#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | | ------------------ | | | Branch (32:32): [True: 0, False: 4] | | | Branch (32:87): [Folded, False: 4] | | ------------------ ------------------ 26| | 27| | /* is it already registered? */ 28| 4| LTC_MUTEX_LOCK(<c_prng_mutex); 29| 14| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 14|#define TAB_SIZE 5 ------------------ | Branch (29:16): [True: 12, False: 2] ------------------ 30| 12| if (XMEMCMP(&prng_descriptor[x], prng, sizeof(struct ltc_prng_descriptor)) == 0) { ------------------ | | 45| 12|#define XMEMCMP memcmp ------------------ | Branch (30:12): [True: 2, False: 10] ------------------ 31| 2| LTC_MUTEX_UNLOCK(<c_prng_mutex); 32| 2| return x; 33| 2| } 34| 12| } 35| | 36| | /* find a blank spot */ 37| 2| for (x = 0; x < TAB_SIZE; x++) { ------------------ | | 14| 2|#define TAB_SIZE 5 ------------------ | Branch (37:16): [True: 2, False: 0] ------------------ 38| 2| if (prng_descriptor[x].name == NULL) { ------------------ | Branch (38:12): [True: 2, False: 0] ------------------ 39| 2| XMEMCPY(&prng_descriptor[x], prng, sizeof(struct ltc_prng_descriptor)); ------------------ | | 39| 2|#define XMEMCPY memcpy ------------------ 40| 2| LTC_MUTEX_UNLOCK(<c_prng_mutex); 41| 2| return x; 42| 2| } 43| 2| } 44| | 45| | /* no spot */ 46| 0| LTC_MUTEX_UNLOCK(<c_prng_mutex); 47| 0| return -1; 48| 2|} mp_rand_source: 10| 4|{ 11| | /* Dropbear, don't reset to platform if source==NULL */ 12| 4| s_mp_rand_source = source; 13| 4|} buf_new: 41| 570|buffer* buf_new(unsigned int size) { 42| 570| buffer* buf; 43| 570| if (size > BUF_MAX_SIZE) { ------------------ | | 35| 570|#define BUF_MAX_SIZE 1000000000 ------------------ | Branch (43:6): [True: 0, False: 570] ------------------ 44| 0| dropbear_exit("buf->size too big"); 45| 0| } 46| | 47| 570| buf = (buffer*)m_malloc(sizeof(buffer)+size); 48| 570| buf->data = (unsigned char*)buf + sizeof(buffer); 49| 570| buf->size = size; 50| 570| return buf; 51| 570|} buf_free: 54| 2|void buf_free(buffer* buf) { 55| | m_free(buf); ------------------ | | 24| 2|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 2] | | ------------------ ------------------ 56| 2|} buf_burn_free: 59| 9|void buf_burn_free(buffer* buf) { 60| 9| m_burn(buf->data, buf->size); 61| | m_free(buf); ------------------ | | 24| 9|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 9] | | ------------------ ------------------ 62| 9|} buf_incrlen: 104| 75|void buf_incrlen(buffer* buf, unsigned int incr) { 105| 75| if (incr > BUF_MAX_INCR || buf->len + incr > buf->size) { ------------------ | | 34| 150|#define BUF_MAX_INCR 1000000000 ------------------ | Branch (105:6): [True: 0, False: 75] | Branch (105:29): [True: 0, False: 75] ------------------ 106| 0| dropbear_exit("Bad buf_incrlen"); 107| 0| } 108| 75| buf->len += incr; 109| 75|} buf_setpos: 111| 265|void buf_setpos(buffer* buf, unsigned int pos) { 112| | 113| 265| if (pos > buf->len) { ------------------ | Branch (113:6): [True: 0, False: 265] ------------------ 114| 0| dropbear_exit("Bad buf_setpos"); 115| 0| } 116| 265| buf->pos = pos; 117| 265|} buf_incrwritepos: 120| 533|void buf_incrwritepos(buffer* buf, unsigned int incr) { 121| 533| if (incr > BUF_MAX_INCR || buf->pos + incr > buf->size) { ------------------ | | 34| 1.06k|#define BUF_MAX_INCR 1000000000 ------------------ | Branch (121:6): [True: 0, False: 533] | Branch (121:29): [True: 0, False: 533] ------------------ 122| 0| dropbear_exit("Bad buf_incrwritepos"); 123| 0| } 124| 533| buf->pos += incr; 125| 533| if (buf->pos > buf->len) { ------------------ | Branch (125:6): [True: 533, False: 0] ------------------ 126| 533| buf->len = buf->pos; 127| 533| } 128| 533|} buf_incrpos: 131| 311|void buf_incrpos(buffer* buf, unsigned int incr) { 132| 311| if (incr > BUF_MAX_INCR ------------------ | | 34| 622|#define BUF_MAX_INCR 1000000000 ------------------ | Branch (132:6): [True: 0, False: 311] ------------------ 133| 311| || (buf->pos + incr) > buf->len) { ------------------ | Branch (133:6): [True: 0, False: 311] ------------------ 134| 0| dropbear_exit("Bad buf_incrpos"); 135| 0| } 136| 311| buf->pos += incr; 137| 311|} buf_decrpos: 140| 2|void buf_decrpos(buffer* buf, unsigned int decr) { 141| 2| if (decr > buf->pos) { ------------------ | Branch (141:6): [True: 0, False: 2] ------------------ 142| 0| dropbear_exit("Bad buf_decrpos"); 143| 0| } 144| 2| buf->pos -= decr; 145| 2|} buf_getptr: 180| 415|unsigned char* buf_getptr(const buffer* buf, unsigned int len) { 181| | 182| 415| if (len > BUF_MAX_INCR || buf->pos + len > buf->len) { ------------------ | | 34| 830|#define BUF_MAX_INCR 1000000000 ------------------ | Branch (182:6): [True: 0, False: 415] | Branch (182:28): [True: 99, False: 316] ------------------ 183| 99| dropbear_exit("Bad buf_getptr"); 184| 99| } 185| 316| return &buf->data[buf->pos]; 186| 415|} buf_getwriteptr: 190| 659|unsigned char* buf_getwriteptr(const buffer* buf, unsigned int len) { 191| | 192| 659| if (len > BUF_MAX_INCR || buf->pos + len > buf->size) { ------------------ | | 34| 1.31k|#define BUF_MAX_INCR 1000000000 ------------------ | Branch (192:6): [True: 0, False: 659] | Branch (192:28): [True: 0, False: 659] ------------------ 193| 0| dropbear_exit("Bad buf_getwriteptr"); 194| 0| } 195| 659| return &buf->data[buf->pos]; 196| 659|} buf_getstring: 201| 2|char* buf_getstring(buffer* buf, unsigned int *retlen) { 202| | 203| 2| unsigned int len; 204| 2| char* ret; 205| 2| void* src = NULL; 206| 2| len = buf_getint(buf); 207| 2| if (len > MAX_STRING_LEN) { ------------------ | | 253| 2|#define MAX_STRING_LEN (MAX(MAX_CMD_LEN, 2400)) /* Sun SSH needs 2400 for algos, ------------------ | Branch (207:6): [True: 0, False: 2] | Branch (207:12): [True: 2, Folded] ------------------ 208| 0| dropbear_exit("String too long"); 209| 0| } 210| | 211| 2| if (retlen != NULL) { ------------------ | Branch (211:6): [True: 2, False: 0] ------------------ 212| 2| *retlen = len; 213| 2| } 214| 2| src = buf_getptr(buf, len); 215| 2| ret = m_malloc(len+1); 216| 2| memcpy(ret, src, len); 217| 2| buf_incrpos(buf, len); 218| 2| ret[len] = '\0'; 219| | 220| 2| return ret; 221| 2|} buf_getstringbuf: 246| 159|buffer * buf_getstringbuf(buffer *buf) { 247| 159| return buf_getstringbuf_int(buf, 0); 248| 159|} buf_getptrcopy: 256| 39|buffer * buf_getptrcopy(const buffer* buf, unsigned int len) { 257| 39| unsigned char *src = buf_getptr(buf, len); 258| 39| buffer *ret = buf_new(len); 259| 39| buf_putbytes(ret, src, len); 260| 39| buf_setpos(ret, 0); 261| 39| return ret; 262| 39|} buf_getint: 272| 163|unsigned int buf_getint(buffer* buf) { 273| 163| unsigned int ret; 274| | 275| 163| LOAD32H(ret, buf_getptr(buf, 4)); ------------------ | | 66| 163|#define LOAD32H(x, y) \ | | 67| 163|do { XMEMCPY (&(x), (y), 4); \ | | ------------------ | | | | 39| 163|#define XMEMCPY memcpy | | ------------------ | | 68| 163| (x) = __builtin_bswap32 ((x)); } while(0) | | ------------------ | | | Branch (68:46): [Folded, False: 163] | | ------------------ ------------------ 276| 163| buf_incrpos(buf, 4); 277| 163| return ret; 278| 163|} buf_putint: 281| 6|void buf_putint(buffer* buf, int unsigned val) { 282| | 283| 6| STORE32H(val, buf_getwriteptr(buf, 4)); ------------------ | | 62| 6|#define STORE32H(x, y) \ | | 63| 6|do { ulong32 __t = __builtin_bswap32 ((x)); \ | | 64| 6| XMEMCPY ((y), &__t, 4); } while(0) | | ------------------ | | | | 39| 6|#define XMEMCPY memcpy | | ------------------ | | | Branch (64:39): [Folded, False: 6] | | ------------------ ------------------ 284| 6| buf_incrwritepos(buf, 4); 285| | 286| 6|} buf_putbytes: 303| 190|void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len) { 304| 190| memcpy(buf_getwriteptr(buf, len), bytes, len); 305| 190| buf_incrwritepos(buf, len); 306| 190|} buffer.c:buf_getstringbuf_int: 224| 159|static buffer * buf_getstringbuf_int(buffer *buf, int incllen) { 225| 159| buffer *ret = NULL; 226| 159| unsigned int len = buf_getint(buf); 227| 159| int extra = 0; 228| 159| if (len > MAX_STRING_LEN) { ------------------ | | 253| 159|#define MAX_STRING_LEN (MAX(MAX_CMD_LEN, 2400)) /* Sun SSH needs 2400 for algos, ------------------ | Branch (228:6): [True: 31, False: 128] | Branch (228:12): [True: 156, Folded] ------------------ 229| 31| dropbear_exit("String too long"); 230| 31| } 231| 128| if (incllen) { ------------------ | Branch (231:6): [True: 0, False: 128] ------------------ 232| 0| extra = 4; 233| 0| } 234| 128| ret = buf_new(len+extra); 235| 128| if (incllen) { ------------------ | Branch (235:6): [True: 0, False: 128] ------------------ 236| 0| buf_putint(ret, len); 237| 0| } 238| 128| memcpy(buf_getwriteptr(ret, len), buf_getptr(buf, len), len); 239| 128| buf_incrpos(buf, len); 240| 128| buf_incrlen(ret, len); 241| 128| buf_setpos(ret, 0); 242| 128| return ret; 243| 159|} cli_getopts: 114| 2|void cli_getopts(int argc, char ** argv) { 115| 2| unsigned int i, j; 116| 2| const char ** next = NULL; 117| 2| enum { 118| 2| OPT_EXTENDED_OPTIONS, 119| 2|#if DROPBEAR_CLI_PUBKEY_AUTH 120| 2| OPT_AUTHKEY, 121| 2|#endif 122| 2|#if DROPBEAR_CLI_LOCALTCPFWD 123| 2| OPT_LOCALTCPFWD, 124| 2|#endif 125| 2|#if DROPBEAR_CLI_REMOTETCPFWD 126| 2| OPT_REMOTETCPFWD, 127| 2|#endif 128| 2|#if DROPBEAR_CLI_NETCAT 129| 2| OPT_NETCAT, 130| 2|#endif 131| | /* a flag (no arg) if 'next' is NULL, a string-valued option otherwise */ 132| 2| OPT_OTHER 133| 2| } opt; 134| 2| unsigned int cmdlen; 135| | 136| 2| const char* recv_window_arg = NULL; 137| 2| const char* idle_timeout_arg = NULL; 138| 2| const char* max_duration_arg = NULL; 139| 2| const char *host_arg = NULL; 140| 2| const char *proxycmd_arg = NULL; 141| 2| const char *remoteport_arg = NULL; 142| 2| const char *username_arg = NULL; 143| 2| const char *algo_print_arg = NULL; 144| 2| char c; 145| | 146| | /* see printhelp() for options */ 147| 2| cli_opts.progname = argv[0]; 148| 2| cli_opts.remotehost = NULL; 149| 2| cli_opts.remotehostfixed = 0; 150| 2| cli_opts.remoteport = NULL; 151| 2| cli_opts.username = NULL; 152| 2| cli_opts.cmd = NULL; 153| 2| cli_opts.no_cmd = 0; 154| 2| cli_opts.quiet = 0; 155| 2| cli_opts.backgrounded = 0; 156| 2| cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */ 157| 2| cli_opts.always_accept_key = 0; 158| 2| cli_opts.ask_hostkey = 1; 159| 2| cli_opts.no_hostkey_check = 0; 160| 2| cli_opts.is_subsystem = 0; 161| 2|#if DROPBEAR_CLI_PUBKEY_AUTH 162| 2| cli_opts.privkeys = list_new(); 163| 2|#endif 164| 2|#if DROPBEAR_CLI_ANYTCPFWD 165| 2| cli_opts.exit_on_fwd_failure = 0; 166| 2|#endif 167| 2| cli_opts.disable_trivial_auth = 0; 168| 2| cli_opts.password_authentication = 1; 169| 2| cli_opts.batch_mode = 0; 170| 2|#if DROPBEAR_CLI_LOCALTCPFWD 171| 2| cli_opts.localfwds = list_new(); 172| 2| opts.listen_fwd_all = 0; 173| 2|#endif 174| 2|#if DROPBEAR_CLI_REMOTETCPFWD 175| 2| cli_opts.remotefwds = list_new(); 176| 2|#endif 177| 2|#if DROPBEAR_CLI_AGENTFWD 178| 2| cli_opts.agent_fwd = 0; 179| 2| cli_opts.agent_fd = -1; 180| 2| cli_opts.agent_keys_loaded = 0; 181| 2|#endif 182| 2|#if DROPBEAR_CLI_PROXYCMD 183| 2| cli_opts.proxycmd = NULL; 184| 2|#endif 185| 2| cli_opts.bind_arg = NULL; 186| 2| cli_opts.bind_address = NULL; 187| 2| cli_opts.bind_port = NULL; 188| 2| cli_opts.keepalive_arg = NULL; 189| |#ifndef DISABLE_ZLIB 190| | opts.compression = DROPBEAR_CLI_COMPRESSION; 191| |#endif 192| 2|#if DROPBEAR_USER_ALGO_LIST 193| 2| opts.cipher_list = NULL; 194| 2| opts.mac_list = NULL; 195| 2|#endif 196| 2|#ifndef DISABLE_SYSLOG 197| 2| opts.usingsyslog = 0; 198| 2|#endif 199| | /* not yet 200| | opts.ipv4 = 1; 201| | opts.ipv6 = 1; 202| | */ 203| 2| opts.recv_window = DEFAULT_RECV_WINDOW; ------------------ | | 550| 2|#define DEFAULT_RECV_WINDOW 24576 ------------------ 204| 2| opts.keepalive_secs = DEFAULT_KEEPALIVE; ------------------ | | 566| 2|#define DEFAULT_KEEPALIVE 0 ------------------ 205| 2| opts.idle_timeout_secs = DEFAULT_IDLE_TIMEOUT; ------------------ | | 579| 2|#define DEFAULT_IDLE_TIMEOUT 0 ------------------ 206| 2| opts.max_duration_secs = DEFAULT_MAX_DURATION; ------------------ | | 585| 2|#define DEFAULT_MAX_DURATION 0 ------------------ 207| | 208| 2| fill_own_user(); 209| | 210| 6| for (i = 1; i < (unsigned int)argc; i++) { ------------------ | Branch (210:14): [True: 6, False: 0] ------------------ 211| | /* Handle non-flag arguments such as hostname or commands for the remote host */ 212| 6| if (argv[i][0] != '-') ------------------ | Branch (212:7): [True: 4, False: 2] ------------------ 213| 4| { 214| 4| if (host_arg == NULL) { ------------------ | Branch (214:8): [True: 2, False: 2] ------------------ 215| 2| host_arg = argv[i]; 216| 2| continue; 217| 2| } 218| | /* Commands to pass to the remote host. No more flag handling, 219| | commands are consumed below */ 220| 2| break; 221| 4| } 222| | 223| | /* Begins with '-' */ 224| 2| opt = OPT_OTHER; 225| 4| for (j = 1; (c = argv[i][j]) != '\0' && !next && opt == OPT_OTHER; j++) { ------------------ | Branch (225:15): [True: 2, False: 2] | Branch (225:43): [True: 2, False: 0] | Branch (225:52): [True: 2, False: 0] ------------------ 226| 2| switch (c) { 227| 2| case 'y': ------------------ | Branch (227:5): [True: 2, False: 0] ------------------ 228| | /* once is always accept the remote hostkey, 229| | * the same as stricthostkeychecking=accept-new */ 230| 2| if (cli_opts.always_accept_key) { ------------------ | Branch (230:10): [True: 0, False: 2] ------------------ 231| | /* twice means no checking at all 232| | * (stricthostkeychecking=no) */ 233| 0| cli_opts.no_hostkey_check = 1; 234| 0| } 235| 2| cli_opts.always_accept_key = 1; 236| 2| break; 237| 0| case 'q': /* quiet */ ------------------ | Branch (237:5): [True: 0, False: 2] ------------------ 238| 0| cli_opts.quiet = 1; 239| 0| break; 240| 0| case 'p': /* remoteport */ ------------------ | Branch (240:5): [True: 0, False: 2] ------------------ 241| 0| next = &remoteport_arg; 242| 0| break; 243| 0|#if DROPBEAR_CLI_PUBKEY_AUTH 244| 0| case 'i': /* an identityfile */ ------------------ | Branch (244:5): [True: 0, False: 2] ------------------ 245| 0| opt = OPT_AUTHKEY; 246| 0| break; 247| 0|#endif 248| 0| case 't': /* we want a pty */ ------------------ | Branch (248:5): [True: 0, False: 2] ------------------ 249| 0| cli_opts.wantpty = 1; 250| 0| break; 251| 0| case 'T': /* don't want a pty */ ------------------ | Branch (251:5): [True: 0, False: 2] ------------------ 252| 0| cli_opts.wantpty = 0; 253| 0| break; 254| 0| case 'N': ------------------ | Branch (254:5): [True: 0, False: 2] ------------------ 255| 0| cli_opts.no_cmd = 1; 256| 0| break; 257| 0| case 'f': ------------------ | Branch (257:5): [True: 0, False: 2] ------------------ 258| 0| cli_opts.backgrounded = 1; 259| 0| break; 260| 0| case 's': ------------------ | Branch (260:5): [True: 0, False: 2] ------------------ 261| 0| cli_opts.is_subsystem = 1; 262| 0| break; 263| 0| case 'o': ------------------ | Branch (263:5): [True: 0, False: 2] ------------------ 264| 0| opt = OPT_EXTENDED_OPTIONS; 265| 0| break; 266| 0|#if DROPBEAR_CLI_LOCALTCPFWD 267| 0| case 'L': ------------------ | Branch (267:5): [True: 0, False: 2] ------------------ 268| 0| opt = OPT_LOCALTCPFWD; 269| 0| break; 270| 0| case 'g': ------------------ | Branch (270:5): [True: 0, False: 2] ------------------ 271| 0| opts.listen_fwd_all = 1; 272| 0| break; 273| 0|#endif 274| 0|#if DROPBEAR_CLI_REMOTETCPFWD 275| 0| case 'R': ------------------ | Branch (275:5): [True: 0, False: 2] ------------------ 276| 0| opt = OPT_REMOTETCPFWD; 277| 0| break; 278| 0|#endif 279| 0|#if DROPBEAR_CLI_NETCAT 280| 0| case 'B': ------------------ | Branch (280:5): [True: 0, False: 2] ------------------ 281| 0| opt = OPT_NETCAT; 282| 0| break; 283| 0|#endif 284| 0|#if DROPBEAR_CLI_PROXYCMD 285| 0| case 'J': ------------------ | Branch (285:5): [True: 0, False: 2] ------------------ 286| 0| next = &proxycmd_arg; 287| 0| break; 288| 0|#endif 289| 0| case 'l': ------------------ | Branch (289:5): [True: 0, False: 2] ------------------ 290| 0| next = &username_arg; 291| 0| break; 292| 0| case 'Q': ------------------ | Branch (292:5): [True: 0, False: 2] ------------------ 293| 0| next = &algo_print_arg; 294| 0| break; 295| 0| case 'h': ------------------ | Branch (295:5): [True: 0, False: 2] ------------------ 296| 0| printhelp(); 297| 0| exit(EXIT_SUCCESS); 298| 0| break; 299| 0| case 'u': ------------------ | Branch (299:5): [True: 0, False: 2] ------------------ 300| | /* backwards compatibility with old urandom option */ 301| 0| break; 302| 0| case 'W': ------------------ | Branch (302:5): [True: 0, False: 2] ------------------ 303| 0| next = &recv_window_arg; 304| 0| break; 305| 0| case 'K': ------------------ | Branch (305:5): [True: 0, False: 2] ------------------ 306| 0| next = &cli_opts.keepalive_arg; 307| 0| break; 308| 0| case 'I': ------------------ | Branch (308:5): [True: 0, False: 2] ------------------ 309| 0| next = &idle_timeout_arg; 310| 0| break; 311| 0| case 'M': ------------------ | Branch (311:5): [True: 0, False: 2] ------------------ 312| 0| next = &max_duration_arg; 313| 0| break; 314| 0|#if DROPBEAR_CLI_AGENTFWD 315| 0| case 'A': ------------------ | Branch (315:5): [True: 0, False: 2] ------------------ 316| 0| cli_opts.agent_fwd = 1; 317| 0| break; 318| 0|#endif 319| 0|#if DROPBEAR_USER_ALGO_LIST 320| 0| case 'c': ------------------ | Branch (320:5): [True: 0, False: 2] ------------------ 321| 0| next = &opts.cipher_list; 322| 0| break; 323| 0| case 'm': ------------------ | Branch (323:5): [True: 0, False: 2] ------------------ 324| 0| next = &opts.mac_list; 325| 0| break; 326| 0|#endif 327| |#if DEBUG_TRACE 328| | case 'v': 329| | debug_trace++; 330| | break; 331| |#endif 332| 0| case 'F': ------------------ | Branch (332:5): [True: 0, False: 2] ------------------ 333| 0| case 'e': ------------------ | Branch (333:5): [True: 0, False: 2] ------------------ 334| |#if !DROPBEAR_USER_ALGO_LIST 335| | case 'c': 336| | case 'm': 337| |#endif 338| 0| case 'D': ------------------ | Branch (338:5): [True: 0, False: 2] ------------------ 339| |#if !DROPBEAR_CLI_REMOTETCPFWD 340| | case 'R': 341| |#endif 342| |#if !DROPBEAR_CLI_LOCALTCPFWD 343| | case 'L': 344| |#endif 345| 0| case 'V': ------------------ | Branch (345:5): [True: 0, False: 2] ------------------ 346| 0| print_version(); 347| 0| exit(EXIT_SUCCESS); 348| 0| break; 349| 0| case 'b': ------------------ | Branch (349:5): [True: 0, False: 2] ------------------ 350| 0| next = &cli_opts.bind_arg; 351| 0| break; 352| 0| case 'z': ------------------ | Branch (352:5): [True: 0, False: 2] ------------------ 353| 0| opts.disable_ip_tos = 1; 354| 0| break; 355| 0| default: ------------------ | Branch (355:5): [True: 0, False: 2] ------------------ 356| 0| fprintf(stderr, ------------------ | | 100| 0|#define stderr (fuzz.fake_stderr) ------------------ 357| 0| "WARNING: Ignoring unknown option -%c\n", c); 358| 0| break; 359| 2| } /* Switch */ 360| 2| } 361| | 362| 2| if (!next && opt == OPT_OTHER) /* got a flag */ ------------------ | Branch (362:7): [True: 2, False: 0] | Branch (362:16): [True: 2, False: 0] ------------------ 363| 2| continue; 364| | 365| 0| if (c == '\0') { ------------------ | Branch (365:7): [True: 0, False: 0] ------------------ 366| 0| i++; 367| 0| j = 0; 368| 0| if (!argv[i]) ------------------ | Branch (368:8): [True: 0, False: 0] ------------------ 369| 0| dropbear_exit("Missing argument"); 370| 0| } 371| | 372| 0| if (opt == OPT_EXTENDED_OPTIONS) { ------------------ | Branch (372:7): [True: 0, False: 0] ------------------ 373| 0| TRACE(("opt extended")) 374| 0| add_extendedopt(&argv[i][j]); 375| 0| } 376| 0| else 377| 0|#if DROPBEAR_CLI_PUBKEY_AUTH 378| 0| if (opt == OPT_AUTHKEY) { ------------------ | Branch (378:7): [True: 0, False: 0] ------------------ 379| 0| TRACE(("opt authkey")) 380| 0| loadidentityfile(&argv[i][j], 1); 381| 0| } 382| 0| else 383| 0|#endif 384| 0|#if DROPBEAR_CLI_REMOTETCPFWD 385| 0| if (opt == OPT_REMOTETCPFWD) { ------------------ | Branch (385:7): [True: 0, False: 0] ------------------ 386| 0| TRACE(("opt remotetcpfwd")) 387| 0| addforward(&argv[i][j], cli_opts.remotefwds); 388| 0| } 389| 0| else 390| 0|#endif 391| 0|#if DROPBEAR_CLI_LOCALTCPFWD 392| 0| if (opt == OPT_LOCALTCPFWD) { ------------------ | Branch (392:7): [True: 0, False: 0] ------------------ 393| 0| TRACE(("opt localtcpfwd")) 394| 0| addforward(&argv[i][j], cli_opts.localfwds); 395| 0| } 396| 0| else 397| 0|#endif 398| 0|#if DROPBEAR_CLI_NETCAT 399| 0| if (opt == OPT_NETCAT) { ------------------ | Branch (399:7): [True: 0, False: 0] ------------------ 400| 0| TRACE(("opt netcat")) 401| 0| add_netcat(&argv[i][j]); 402| 0| } 403| 0| else 404| 0|#endif 405| 0| if (next) { ------------------ | Branch (405:7): [True: 0, False: 0] ------------------ 406| | /* The previous flag set a value to assign */ 407| 0| *next = &argv[i][j]; 408| 0| if (*next == NULL) ------------------ | Branch (408:8): [True: 0, False: 0] ------------------ 409| 0| dropbear_exit("Invalid null argument"); 410| 0| next = NULL; 411| 0| } 412| 0| } 413| | 414| 2|#if DROPBEAR_USER_ALGO_LIST 415| | /* -c help doesn't need a hostname */ 416| 2| parse_ciphers_macs(); 417| 2|#endif 418| | 419| 2| if (algo_print_arg) { ------------------ | Branch (419:6): [True: 0, False: 2] ------------------ 420| 0| print_algos(algo_print_arg); 421| | /* No return */ 422| 0| } 423| | 424| 2| if (host_arg == NULL) { /* missing hostname */ ------------------ | Branch (424:6): [True: 0, False: 2] ------------------ 425| 0| printhelp(); 426| 0| dropbear_exit("Remote host needs to provided."); 427| 0| } 428| 2| TRACE(("host is: %s", host_arg)) 429| | 430| 2|#if DROPBEAR_USE_SSH_CONFIG 431| 2| apply_config_settings(host_arg); 432| 2|#endif 433| | 434| | /* Apply needed defaults if missing from command line or config file. */ 435| 2| if (remoteport_arg) { ------------------ | Branch (435:6): [True: 0, False: 2] ------------------ 436| 0| m_free(cli_opts.remoteport); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 437| 0| cli_opts.remoteport = m_strdup(remoteport_arg); 438| 2| } else if (!cli_opts.remoteport) { ------------------ | Branch (438:13): [True: 2, False: 0] ------------------ 439| 2| cli_opts.remoteport = m_strdup("22"); 440| 2| } 441| | 442| 2| if (username_arg) { ------------------ | Branch (442:6): [True: 0, False: 2] ------------------ 443| 0| m_free(cli_opts.username); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 444| 0| cli_opts.username = m_strdup(username_arg); 445| 2| } else if(!cli_opts.username) { ------------------ | Branch (445:12): [True: 2, False: 0] ------------------ 446| 2| cli_opts.username = m_strdup(cli_opts.own_user); 447| 2| } 448| | 449| | /* Done with options/flags; now handle the hostname (which may not 450| | * start with a hyphen) and optional command */ 451| | 452| 2| if (i < (unsigned int)argc) { ------------------ | Branch (452:6): [True: 2, False: 0] ------------------ 453| | /* Build the command to send */ 454| 2| cmdlen = 0; 455| 4| for (j = i; j < (unsigned int)argc; j++) ------------------ | Branch (455:15): [True: 2, False: 2] ------------------ 456| 2| cmdlen += strlen(argv[j]) + 1; /* +1 for spaces */ 457| | 458| | /* Allocate the space */ 459| 2| cli_opts.cmd = (char*)m_malloc(cmdlen); 460| 2| cli_opts.cmd[0] = '\0'; 461| | 462| | /* Append all the bits */ 463| 4| for (j = i; j < (unsigned int)argc; j++) { ------------------ | Branch (463:15): [True: 2, False: 2] ------------------ 464| 2| strlcat(cli_opts.cmd, argv[j], cmdlen); 465| 2| strlcat(cli_opts.cmd, " ", cmdlen); 466| 2| } 467| | /* It'll be null-terminated here */ 468| 2| TRACE(("cmd is: %s", cli_opts.cmd)) 469| 2| } 470| | 471| | /* And now a few sanity checks and setup */ 472| | 473| 2|#if DROPBEAR_CLI_PROXYCMD 474| 2| if (proxycmd_arg) { ------------------ | Branch (474:6): [True: 0, False: 2] ------------------ 475| | /* To match the common path of m_freeing it */ 476| 0| cli_opts.proxycmd = m_strdup(proxycmd_arg); 477| 0| } 478| 2|#endif 479| | 480| 2| if (cli_opts.bind_arg) { ------------------ | Branch (480:6): [True: 0, False: 2] ------------------ 481| 0| if (split_address_port(cli_opts.bind_arg, ------------------ | Branch (481:7): [True: 0, False: 0] ------------------ 482| 0| &cli_opts.bind_address, &cli_opts.bind_port) 483| 0| == DROPBEAR_FAILURE) { ------------------ | | 112| 0|#define DROPBEAR_FAILURE -1 ------------------ 484| 0| dropbear_exit("Bad -b argument"); 485| 0| } 486| 0| } 487| | 488| | /* If not explicitly specified with -t or -T, we don't want a pty if 489| | * there's a command, but we do otherwise */ 490| 2| if (cli_opts.wantpty == 9) { ------------------ | Branch (490:6): [True: 2, False: 0] ------------------ 491| 2| if (cli_opts.cmd == NULL) { ------------------ | Branch (491:7): [True: 0, False: 2] ------------------ 492| 0| if (isatty(STDIN_FILENO)) { ------------------ | Branch (492:8): [True: 0, False: 0] ------------------ 493| 0| cli_opts.wantpty = 1; 494| 0| } else { 495| 0| TRACE(("Not a TTY")); 496| 0| cli_opts.wantpty = 0; 497| 0| } 498| 2| } else { 499| 2| cli_opts.wantpty = 0; 500| 2| } 501| 2| } 502| | 503| 2| if (cli_opts.backgrounded && cli_opts.cmd == NULL ------------------ | Branch (503:6): [True: 0, False: 2] | Branch (503:31): [True: 0, False: 0] ------------------ 504| 0| && cli_opts.no_cmd == 0) { ------------------ | Branch (504:7): [True: 0, False: 0] ------------------ 505| 0| dropbear_exit("Command required for -f"); 506| 0| } 507| | 508| 2| if (recv_window_arg) { ------------------ | Branch (508:6): [True: 0, False: 2] ------------------ 509| 0| parse_recv_window(recv_window_arg); 510| 0| } 511| 2| if (cli_opts.keepalive_arg) { ------------------ | Branch (511:6): [True: 0, False: 2] ------------------ 512| 0| unsigned int val; 513| 0| if (m_str_to_uint(cli_opts.keepalive_arg, &val) == DROPBEAR_FAILURE) { ------------------ | | 112| 0|#define DROPBEAR_FAILURE -1 ------------------ | Branch (513:7): [True: 0, False: 0] ------------------ 514| 0| dropbear_exit("Bad keepalive '%s'", cli_opts.keepalive_arg); 515| 0| } 516| 0| opts.keepalive_secs = val; 517| 0| } 518| | 519| 2| if (idle_timeout_arg) { ------------------ | Branch (519:6): [True: 0, False: 2] ------------------ 520| 0| unsigned int val; 521| 0| if (m_str_to_uint(idle_timeout_arg, &val) == DROPBEAR_FAILURE) { ------------------ | | 112| 0|#define DROPBEAR_FAILURE -1 ------------------ | Branch (521:7): [True: 0, False: 0] ------------------ 522| 0| dropbear_exit("Bad idle_timeout '%s'", idle_timeout_arg); 523| 0| } 524| 0| opts.idle_timeout_secs = val; 525| 0| } 526| | 527| 2| if (max_duration_arg) { ------------------ | Branch (527:6): [True: 0, False: 2] ------------------ 528| 0| unsigned int val; 529| 0| if (m_str_to_uint(max_duration_arg, &val) == DROPBEAR_FAILURE) { ------------------ | | 112| 0|#define DROPBEAR_FAILURE -1 ------------------ | Branch (529:7): [True: 0, False: 0] ------------------ 530| 0| dropbear_exit("Bad max_duration '%s'", max_duration_arg); 531| 0| } 532| 0| opts.max_duration_secs = val; 533| 0| } 534| | 535| 2|#if DROPBEAR_CLI_NETCAT 536| 2| if (cli_opts.cmd && cli_opts.netcat_host) { ------------------ | Branch (536:6): [True: 2, False: 0] | Branch (536:22): [True: 0, False: 2] ------------------ 537| 0| dropbear_log(LOG_INFO, "Ignoring command '%s' in netcat mode", cli_opts.cmd); 538| 0| } 539| 2|#endif 540| | 541| | /* The hostname gets set up last, since 542| | * in multi-hop mode it will require knowledge 543| | * of other flags such as -i */ 544| 2|#if DROPBEAR_CLI_MULTIHOP 545| 2| parse_multihop_hostname(host_arg, argv[0]); 546| |#else 547| | parse_hostname(host_arg); 548| |#endif 549| | 550| | /* We don't want to include default id_dropbear as a 551| | -i argument for multihop, so handle it later. */ 552| 2|#if (DROPBEAR_CLI_PUBKEY_AUTH) 553| 2| { 554| 2| loadidentityfile(DROPBEAR_DEFAULT_CLI_AUTHKEY, 0); ------------------ | | 408| 2|#define DROPBEAR_DEFAULT_CLI_AUTHKEY "~/.ssh/id_dropbear" ------------------ 555| 2| } 556| 2|#endif 557| 2|} loadidentityfile: 560| 2|void loadidentityfile(const char* filename, int warnfail) { 561| 2| sign_key *key; 562| 2| enum signkey_type keytype; 563| | 564| 2| char *id_key_path = expand_homedir_path(filename); 565| 2| TRACE(("loadidentityfile %s", id_key_path)) 566| | 567| 2| key = new_sign_key(); 568| 2| keytype = DROPBEAR_SIGNKEY_ANY; 569| 2| if ( readhostkey(id_key_path, key, &keytype) != DROPBEAR_SUCCESS ) { ------------------ | | 111| 2|#define DROPBEAR_SUCCESS 0 ------------------ | Branch (569:7): [True: 2, False: 0] ------------------ 570| 2| if (warnfail) { ------------------ | Branch (570:7): [True: 0, False: 2] ------------------ 571| 0| dropbear_log(LOG_WARNING, "Failed loading keyfile '%s'\n", id_key_path); 572| 0| } 573| 2| sign_key_free(key); 574| 2| m_free(id_key_path); ------------------ | | 24| 2|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 2] | | ------------------ ------------------ 575| 2| } else { 576| 0| key->type = keytype; 577| 0| key->source = SIGNKEY_SOURCE_RAW_FILE; 578| 0| key->filename = id_key_path; 579| 0| list_append(cli_opts.privkeys, key); 580| 0| } 581| 2|} cli-runopts.c:parse_multihop_hostname: 697| 2|static void parse_multihop_hostname(const char* orighostarg, const char* argv0) { 698| 2| char *userhostarg = NULL; 699| 2| char *hostbuf = NULL; 700| 2| char *last_hop = NULL; 701| 2| char *prior_hops = NULL; 702| | 703| | /* both scp and rsync parse a user@host argument 704| | * and turn it into "-l user host". This breaks 705| | * for our multihop syntax, so we suture it back together. 706| | * This will break usernames that have both '@' and ',' in them, 707| | * though that should be fairly uncommon. */ 708| 2| if (cli_opts.username ------------------ | Branch (708:6): [True: 2, False: 0] ------------------ 709| 2| && strchr(cli_opts.username, ',') ------------------ | Branch (709:7): [True: 0, False: 2] ------------------ 710| 0| && strchr(cli_opts.username, '@')) { ------------------ | Branch (710:7): [True: 0, False: 0] ------------------ 711| 0| unsigned int len = strlen(orighostarg) + strlen(cli_opts.username) + 2; 712| 0| hostbuf = m_malloc(len); 713| 0| m_snprintf(hostbuf, len, "%s@%s", cli_opts.username, orighostarg); 714| 2| } else { 715| 2| hostbuf = m_strdup(orighostarg); 716| 2| } 717| 2| userhostarg = hostbuf; 718| | 719| | /* Split off any last hostname and use that as remotehost/remoteport. 720| | * That is used for authorized_keys checking etc */ 721| 2| last_hop = strrchr(userhostarg, ','); 722| 2| if (last_hop) { ------------------ | Branch (722:6): [True: 0, False: 2] ------------------ 723| 0| if (last_hop == userhostarg) { ------------------ | Branch (723:7): [True: 0, False: 0] ------------------ 724| 0| dropbear_exit("Bad multi-hop hostnames"); 725| 0| } 726| 0| *last_hop = '\0'; 727| 0| last_hop++; 728| 0| prior_hops = userhostarg; 729| 0| userhostarg = last_hop; 730| 0| } 731| | 732| | /* Update cli_opts.remotehost and cli_opts.remoteport */ 733| 2| parse_hostname(userhostarg); 734| | 735| | /* Construct any multihop proxy command. Use proxyexec to 736| | * avoid worrying about shell escaping. */ 737| 2| if (prior_hops) { ------------------ | Branch (737:6): [True: 0, False: 2] ------------------ 738| 0| cli_opts.proxyexec = multihop_args(argv0, prior_hops); 739| | /* Any -J argument has been copied to proxyexec */ 740| 0| if (cli_opts.proxycmd) { ------------------ | Branch (740:7): [True: 0, False: 0] ------------------ 741| 0| m_free(cli_opts.proxycmd); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 742| 0| } 743| | 744| |#ifndef DISABLE_ZLIB 745| | /* This outer stream will be incompressible since it's encrypted. */ 746| | opts.compression = 0; 747| |#endif 748| 0| } 749| | 750| | m_free(hostbuf); ------------------ | | 24| 2|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 2] | | ------------------ ------------------ 751| 2|} cli-runopts.c:parse_hostname: 755| 2|static void parse_hostname(const char* orighostarg) { 756| 2| char *userhostarg = NULL; 757| 2| char *port = NULL; 758| 2| char* remotehost = NULL; 759| | 760| 2| userhostarg = m_strdup(orighostarg); 761| | 762| 2| remotehost = strchr(userhostarg, '@'); 763| 2| if (remotehost == NULL) { ------------------ | Branch (763:6): [True: 2, False: 0] ------------------ 764| | /* no username portion, the cli-auth.c code can figure the 765| | * local user's name */ 766| 2| remotehost = userhostarg; 767| 2| } else { 768| 0| remotehost[0] = '\0'; /* Split the user/host */ 769| 0| remotehost++; 770| 0| cli_opts.username = m_strdup(userhostarg); 771| 0| } 772| | 773| 2| port = strchr(remotehost, '^'); 774| 2| if (!port) { ------------------ | Branch (774:6): [True: 2, False: 0] ------------------ 775| | /* legacy separator */ 776| 2| port = strchr(remotehost, '/'); 777| 2| } 778| 2| if (port) { ------------------ | Branch (778:6): [True: 0, False: 2] ------------------ 779| 0| *port = '\0'; 780| 0| cli_opts.remoteport = m_strdup(port+1); 781| 0| } 782| | 783| 2| if (remotehost[0] == '\0') { ------------------ | Branch (783:6): [True: 0, False: 2] ------------------ 784| 0| dropbear_exit("Bad hostname."); 785| 0| } 786| | 787| 2| if (!cli_opts.remotehostfixed) { ------------------ | Branch (787:6): [True: 2, False: 0] ------------------ 788| 2| cli_opts.remotehost = m_strdup(remotehost); 789| 2| } 790| | m_free(userhostarg); ------------------ | | 24| 2|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 2] | | ------------------ ------------------ 791| 2|} cli-runopts.c:fill_own_user: 830| 2|static void fill_own_user() { 831| 2| uid_t uid; 832| 2| struct passwd *pw = NULL; 833| | 834| 2| uid = getuid(); 835| | 836| 2| pw = getpwuid(uid); ------------------ | | 109| 2|#define getpwuid(x) fuzz_getpwuid(x) ------------------ 837| 2| if (pw && pw->pw_name != NULL) { ------------------ | Branch (837:6): [True: 2, False: 0] | Branch (837:12): [True: 2, False: 0] ------------------ 838| 2| cli_opts.own_user = m_strdup(pw->pw_name); 839| 2| } else { 840| 0| dropbear_log(LOG_INFO, "Warning: failed to identify current user. Trying anyway."); 841| 0| cli_opts.own_user = m_strdup("unknown"); 842| 0| } 843| | 844| 2|} cli-runopts.c:apply_config_settings: 1140| 2|static void apply_config_settings(const char* cli_host_arg) { 1141| 2| char* is_multi_hop_host_target = strchr(cli_host_arg, ','); 1142| 2| if (!is_multi_hop_host_target) { ------------------ | Branch (1142:6): [True: 2, False: 0] ------------------ 1143| 2| char* config_path = expand_homedir_path(DROPBEAR_DEFAULT_SSH_CONFIG); ------------------ | | 118| 2|#define DROPBEAR_DEFAULT_SSH_CONFIG "~/.ssh/dropbear_config" ------------------ 1144| 2| FILE* f; 1145| 2| if ((f = fopen(config_path, "r")) == NULL) { ------------------ | Branch (1145:7): [True: 2, False: 0] ------------------ 1146| 2| DEBUG1(("Configuration file '%.200s' not found.", config_path)); 1147| 2| } 1148| 0| else { 1149| 0| parse_hostname(cli_host_arg); /* Needed as key into the config. */ 1150| 0| read_config_file(config_path, f, &cli_opts); 1151| 0| fclose(f); 1152| 0| } 1153| | m_free(config_path); ------------------ | | 24| 2|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 2] | | ------------------ ------------------ 1154| 2| } 1155| 2|} cli_dropbear_exit: 433| 159|void cli_dropbear_exit(int exitcode, const char* format, va_list param) { 434| 159| char exitmsg[400]; 435| 159| char fullmsg[550]; 436| | 437| | /* Note that exit message must be rendered before session cleanup */ 438| | 439| | /* Render the formatted exit message */ 440| 159| vsnprintf(exitmsg, sizeof(exitmsg), format, param); 441| 159| TRACE(("Exited, cleaning up: %s", exitmsg)) 442| | 443| | /* Add the prefix depending on session/auth state */ 444| 159| if (!ses.init_done) { ------------------ | Branch (444:6): [True: 159, False: 0] ------------------ 445| 159| snprintf(fullmsg, sizeof(fullmsg), "Exited: %s", exitmsg); 446| 159| } else { 447| 0| snprintf(fullmsg, sizeof(fullmsg), 448| 0| "Connection to %s@%s:%s exited: %s", 449| 0| cli_opts.username, cli_opts.remotehost, 450| 0| cli_opts.remoteport, exitmsg); 451| 0| } 452| | 453| | /* Do the cleanup first, since then the terminal will be reset */ 454| 159| session_cleanup(); 455| | 456| 159|#if DROPBEAR_FUZZ 457| 159| if (fuzz.do_jmp) { ------------------ | Branch (457:9): [True: 159, False: 0] ------------------ 458| 159| longjmp(fuzz.jmp, 1); 459| 159| } 460| 0|#endif 461| | 462| | /* Avoid printing onwards from terminal cruft */ 463| 0| fprintf(stderr, "\n"); ------------------ | | 100| 0|#define stderr (fuzz.fake_stderr) ------------------ 464| | 465| 0| dropbear_log(LOG_INFO, "%s", fullmsg); 466| | 467| 0| exit(exitcode); 468| 159|} readhostkey: 39| 2| enum signkey_type *type) { 40| | 41| 2| int ret = DROPBEAR_FAILURE; ------------------ | | 112| 2|#define DROPBEAR_FAILURE -1 ------------------ 42| 2| buffer *buf; 43| | 44| 2| buf = buf_new(MAX_PRIVKEY_SIZE); ------------------ | | 262| 2|#define MAX_PRIVKEY_SIZE 1700 ------------------ 45| | 46| 2| if (buf_readfile(buf, filename) == DROPBEAR_FAILURE) { ------------------ | | 112| 2|#define DROPBEAR_FAILURE -1 ------------------ | Branch (46:6): [True: 2, False: 0] ------------------ 47| 2| goto out; 48| 2| } 49| 0| buf_setpos(buf, 0); 50| | 51| 0| addrandom(buf_getptr(buf, buf->len), buf->len); 52| | 53| 0| if (buf_get_priv_key(buf, hostkey, type) == DROPBEAR_FAILURE) { ------------------ | | 112| 0|#define DROPBEAR_FAILURE -1 ------------------ | Branch (53:6): [True: 0, False: 0] ------------------ 54| 0| goto out; 55| 0| } 56| | 57| 0| ret = DROPBEAR_SUCCESS; ------------------ | | 111| 0|#define DROPBEAR_SUCCESS 0 ------------------ 58| 2|out: 59| | 60| 2| buf_burn_free(buf); 61| 2| return ret; 62| 0|} parse_ciphers_macs: 66| 2|parse_ciphers_macs() { 67| 2| int printed_help = 0; 68| 2| if (opts.cipher_list) { ------------------ | Branch (68:6): [True: 0, False: 2] ------------------ 69| 0| if (strcmp(opts.cipher_list, "help") == 0) { ------------------ | Branch (69:7): [True: 0, False: 0] ------------------ 70| 0| char *ciphers = algolist_string(sshciphers); 71| 0| dropbear_log(LOG_INFO, "Available ciphers: %s", ciphers); 72| 0| m_free(ciphers); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 73| 0| printed_help = 1; 74| 0| } else { 75| 0| if (check_user_algos(opts.cipher_list, sshciphers, "cipher") == 0) { ------------------ | Branch (75:8): [True: 0, False: 0] ------------------ 76| 0| dropbear_exit("No valid ciphers specified for '-c'"); 77| 0| } 78| 0| } 79| 0| } 80| | 81| 2| if (opts.mac_list) { ------------------ | Branch (81:6): [True: 0, False: 2] ------------------ 82| 0| if (strcmp(opts.mac_list, "help") == 0) { ------------------ | Branch (82:7): [True: 0, False: 0] ------------------ 83| 0| char *macs = algolist_string(sshhashes); 84| 0| dropbear_log(LOG_INFO, "Available MACs: %s", macs); 85| 0| m_free(macs); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 86| 0| printed_help = 1; 87| 0| } else { 88| 0| if (check_user_algos(opts.mac_list, sshhashes, "MAC") == 0) { ------------------ | Branch (88:8): [True: 0, False: 0] ------------------ 89| 0| dropbear_exit("No valid MACs specified for '-m'"); 90| 0| } 91| 0| } 92| 0| } 93| 2| if (printed_help) { ------------------ | Branch (93:6): [True: 0, False: 2] ------------------ 94| 0| dropbear_exit("."); 95| 0| } 96| 2|} session_cleanup: 296| 159|void session_cleanup() { 297| | 298| 159| TRACE(("enter session_cleanup")) 299| | 300| | /* we can't cleanup if we don't know the session state */ 301| 159| if (!ses.init_done) { ------------------ | Branch (301:6): [True: 159, False: 0] ------------------ 302| 159| TRACE(("leave session_cleanup: !ses.init_done")) 303| 159| return; 304| 159| } 305| | 306| | /* BEWARE of changing order of functions here. */ 307| | 308| | /* Must be before extra_session_cleanup() */ 309| 0| chancleanup(); 310| | 311| 0| if (ses.extra_session_cleanup) { ------------------ | Branch (311:6): [True: 0, False: 0] ------------------ 312| 0| ses.extra_session_cleanup(); 313| 0| } 314| | 315| | /* After these are freed most functions will fail */ 316| 0|#if DROPBEAR_CLEANUP 317| | /* listeners call cleanup functions, this should occur before 318| | other session state is freed. */ 319| 0| remove_all_listeners(); 320| | 321| 0| remove_connect_pending(); 322| | 323| 0| while (!isempty(&ses.writequeue)) { ------------------ | Branch (323:9): [True: 0, False: 0] ------------------ 324| 0| buf_free(dequeue(&ses.writequeue)); 325| 0| } 326| | 327| 0| m_free(ses.newkeys); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 328| |#ifndef DISABLE_ZLIB 329| | if (ses.keys->recv.zstream != NULL) { 330| | if (inflateEnd(ses.keys->recv.zstream) == Z_STREAM_ERROR) { 331| | dropbear_exit("Crypto error"); 332| | } 333| | m_free(ses.keys->recv.zstream); 334| | } 335| | if (ses.keys->trans.zstream != NULL) { 336| | if (deflateEnd(ses.keys->trans.zstream) == Z_STREAM_ERROR) { 337| | dropbear_exit("Crypto error"); 338| | } 339| | m_free(ses.keys->trans.zstream); 340| | } 341| |#endif 342| | 343| 0| m_free(ses.remoteident); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 344| 0| m_free(ses.authstate.pw_dir); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 345| 0| m_free(ses.authstate.pw_name); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 346| 0| m_free(ses.authstate.pw_shell); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 347| 0| m_free(ses.authstate.pw_passwd); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 348| 0| m_free(ses.authstate.username); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 349| 0|#endif 350| | 351| 0| cleanup_buf(&ses.session_id); 352| 0| cleanup_buf(&ses.hash); 353| 0| cleanup_buf(&ses.payload); 354| 0| cleanup_buf(&ses.readbuf); 355| 0| cleanup_buf(&ses.writepayload); 356| 0| cleanup_buf(&ses.kexhashbuf); 357| 0| cleanup_buf(&ses.transkexinit); 358| 0| if (ses.dh_K) { ------------------ | Branch (358:6): [True: 0, False: 0] ------------------ 359| 0| mp_clear(ses.dh_K); 360| 0| } 361| 0| m_free(ses.dh_K); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 362| 0| if (ses.dh_K_bytes) { ------------------ | Branch (362:6): [True: 0, False: 0] ------------------ 363| 0| buf_burn_free(ses.dh_K_bytes); 364| 0| } 365| | 366| 0| m_burn(ses.keys, sizeof(struct key_context)); 367| 0| m_free(ses.keys); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 368| | 369| 0| TRACE(("leave session_cleanup")) 370| 0|} strlcat: 128| 4|{ 129| 4| char *d = dst; 130| 4| const char *s = src; 131| 4| size_t n = siz; 132| 4| size_t dlen; 133| | 134| | /* Find the end of dst and adjust bytes left but don't go past end */ 135| 16| while (n-- != 0 && *d != '\0') ------------------ | Branch (135:9): [True: 16, False: 0] | Branch (135:21): [True: 12, False: 4] ------------------ 136| 12| d++; 137| 4| dlen = d - dst; 138| 4| n = siz - dlen; 139| | 140| 4| if (n == 0) ------------------ | Branch (140:6): [True: 0, False: 4] ------------------ 141| 0| return(dlen + strlen(s)); 142| 18| while (*s != '\0') { ------------------ | Branch (142:9): [True: 14, False: 4] ------------------ 143| 14| if (n != 1) { ------------------ | Branch (143:7): [True: 12, False: 2] ------------------ 144| 12| *d++ = *s; 145| 12| n--; 146| 12| } 147| 14| s++; 148| 14| } 149| 4| *d = '\0'; 150| | 151| 4| return(dlen + (s - src)); /* count does not include NUL */ 152| 4|} crypto_init: 21| 4|void crypto_init() { 22| | 23| 4| const struct ltc_cipher_descriptor *regciphers[] = { 24| 4|#if DROPBEAR_AES 25| 4| &aes_desc, 26| 4|#endif 27| |#if DROPBEAR_3DES 28| | &des3_desc, 29| |#endif 30| 4| NULL 31| 4| }; 32| | 33| 4| const struct ltc_hash_descriptor *reghashes[] = { 34| |#if DROPBEAR_SHA1_HMAC 35| | &sha1_desc, 36| |#endif 37| 4|#if DROPBEAR_SHA256 38| 4| &sha256_desc, 39| 4|#endif 40| 4|#if DROPBEAR_SHA384 41| 4| &sha384_desc, 42| 4|#endif 43| 4|#if DROPBEAR_SHA512 44| 4| &sha512_desc, 45| 4|#endif 46| 4| NULL 47| 4| }; 48| 4| int i; 49| | 50| 8| for (i = 0; regciphers[i] != NULL; i++) { ------------------ | Branch (50:14): [True: 4, False: 4] ------------------ 51| 4| if (register_cipher(regciphers[i]) == -1) { ------------------ | Branch (51:7): [True: 0, False: 4] ------------------ 52| 0| dropbear_exit("Error registering crypto"); 53| 0| } 54| 4| } 55| | 56| 16| for (i = 0; reghashes[i] != NULL; i++) { ------------------ | Branch (56:14): [True: 12, False: 4] ------------------ 57| 12| if (register_hash(reghashes[i]) == -1) { ------------------ | Branch (57:7): [True: 0, False: 12] ------------------ 58| 0| dropbear_exit("Error registering crypto"); 59| 0| } 60| 12| } 61| | 62| 4|#if DROPBEAR_LTC_PRNG 63| 4| dropbear_ltc_prng = register_prng(&dropbear_prng_desc); 64| 4| if (dropbear_ltc_prng == -1) { ------------------ | Branch (64:6): [True: 0, False: 4] ------------------ 65| 0| dropbear_exit("Error registering crypto"); 66| 0| } 67| 4|#endif 68| | 69| 4| mp_rand_source(dropbear_rand_source); 70| | 71| 4|#if DROPBEAR_ECC 72| 4| ltc_mp = ltm_desc; 73| 4| dropbear_ecc_fill_dp(); 74| 4|#endif 75| 4|} dropbear_curve25519_scalarmult: 214| 166|{ 215| 166| u8 z[32]; 216| 166| i64 x[80],r,i; 217| 166| gf a,b,c,d,e,f; 218| 5.14k| FOR(i,31) z[i]=n[i]; ------------------ | | 34| 5.31k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 5.14k, False: 166] | | ------------------ ------------------ 219| 166| z[31]=(n[31]&127)|64; 220| 166| z[0]&=248; 221| 166| unpack25519(x,p); 222| 2.65k| FOR(i,16) { ------------------ | | 34| 2.82k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 2.65k, False: 166] | | ------------------ ------------------ 223| 2.65k| b[i]=x[i]; 224| 2.65k| d[i]=a[i]=c[i]=0; 225| 2.65k| } 226| 166| a[0]=d[0]=1; 227| 42.4k| for(i=254;i>=0;--i) { ------------------ | Branch (227:13): [True: 42.3k, False: 166] ------------------ 228| 42.3k| r=(z[i>>3]>>(i&7))&1; 229| 42.3k| sel25519(a,b,r); 230| 42.3k| sel25519(c,d,r); 231| 42.3k| A(e,a,c); 232| 42.3k| Z(a,a,c); 233| 42.3k| A(c,b,d); 234| 42.3k| Z(b,b,d); 235| 42.3k| S(d,e); 236| 42.3k| S(f,a); 237| 42.3k| M(a,c,a); 238| 42.3k| M(c,b,e); 239| 42.3k| A(e,a,c); 240| 42.3k| Z(a,a,c); 241| 42.3k| S(b,a); 242| 42.3k| Z(c,d,f); 243| 42.3k| M(a,c,_121665); 244| 42.3k| A(a,a,d); 245| 42.3k| M(c,c,a); 246| 42.3k| M(a,d,f); 247| 42.3k| M(d,b,x); 248| 42.3k| S(b,e); 249| 42.3k| sel25519(a,b,r); 250| 42.3k| sel25519(c,d,r); 251| 42.3k| } 252| 2.65k| FOR(i,16) { ------------------ | | 34| 2.82k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 2.65k, False: 166] | | ------------------ ------------------ 253| 2.65k| x[i+16]=a[i]; 254| 2.65k| x[i+32]=c[i]; 255| 2.65k| x[i+48]=b[i]; 256| 2.65k| x[i+64]=d[i]; 257| 2.65k| } 258| 166| inv25519(x+32,x+32); 259| 166| M(x+16,x+16,x+32); 260| 166| pack25519(q,x+16); 261| 166|} curve25519.c:unpack25519: 152| 166|{ 153| 166| int i; 154| 2.65k| FOR(i,16) o[i]=n[2*i]+((i64)n[2*i+1]<<8); ------------------ | | 34| 2.82k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 2.65k, False: 166] | | ------------------ ------------------ 155| 166| o[15]&=0x7fff; 156| 166|} curve25519.c:sel25519: 98| 169k|{ 99| 169k| i64 t,i,c=~(b-1); 100| 2.71M| FOR(i,16) { ------------------ | | 34| 2.88M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 2.71M, False: 169k] | | ------------------ ------------------ 101| 2.71M| t= c&(p[i]^q[i]); 102| 2.71M| p[i]^=t; 103| 2.71M| q[i]^=t; 104| 2.71M| } 105| 169k|} curve25519.c:A: 159| 169k|{ 160| 169k| int i; 161| 2.70M| FOR(i,16) o[i]=a[i]+b[i]; ------------------ | | 34| 2.87M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 2.70M, False: 169k] | | ------------------ ------------------ 162| 169k|} curve25519.c:Z: 165| 169k|{ 166| 169k| int i; 167| 2.70M| FOR(i,16) o[i]=a[i]-b[i]; ------------------ | | 34| 2.87M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 2.70M, False: 169k] | | ------------------ ------------------ 168| 169k|} curve25519.c:S: 182| 211k|{ 183| 211k| M(o,a,a); 184| 211k|} curve25519.c:M: 171| 507k|{ 172| 507k| i64 i,j,t[31]; 173| 15.7M| FOR(i,31) t[i]=0; ------------------ | | 34| 16.2M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 15.7M, False: 507k] | | ------------------ ------------------ 174| 129M| FOR(i,16) FOR(j,16) t[i+j]+=a[i]*b[j]; ------------------ | | 34| 8.62M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 8.11M, False: 507k] | | ------------------ ------------------ FOR(i,16) FOR(j,16) t[i+j]+=a[i]*b[j]; ------------------ | | 34| 138M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 129M, False: 8.11M] | | ------------------ ------------------ 175| 7.61M| FOR(i,15) t[i]+=38*t[i+16]; ------------------ | | 34| 8.11M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 7.61M, False: 507k] | | ------------------ ------------------ 176| 8.11M| FOR(i,16) o[i]=t[i]; ------------------ | | 34| 8.62M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 8.11M, False: 507k] | | ------------------ ------------------ 177| 507k| car25519(o); 178| 507k| car25519(o); 179| 507k|} curve25519.c:car25519: 86| 1.01M|{ 87| 1.01M| int i; 88| 1.01M| i64 c; 89| 16.2M| FOR(i,16) { ------------------ | | 34| 17.2M|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 16.2M, False: 1.01M] | | ------------------ ------------------ 90| 16.2M| o[i]+=(1LL<<16); 91| 16.2M| c=o[i]>>16; 92| 16.2M| o[(i+1)*(i<15)]+=c-1+37*(c-1)*(i==15); 93| 16.2M| o[i]-=((u64)c)<<16; 94| 16.2M| } 95| 1.01M|} curve25519.c:inv25519: 187| 166|{ 188| 166| gf c; 189| 166| int a; 190| 2.65k| FOR(a,16) c[a]=i[a]; ------------------ | | 34| 2.82k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 2.65k, False: 166] | | ------------------ ------------------ 191| 42.3k| for(a=253;a>=0;a--) { ------------------ | Branch (191:13): [True: 42.1k, False: 166] ------------------ 192| 42.1k| S(c,c); 193| 42.1k| if(a!=2&&a!=4) M(c,c,i); ------------------ | Branch (193:8): [True: 41.9k, False: 166] | Branch (193:14): [True: 41.8k, False: 166] ------------------ 194| 42.1k| } 195| 2.65k| FOR(a,16) o[a]=c[a]; ------------------ | | 34| 2.82k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 2.65k, False: 166] | | ------------------ ------------------ 196| 166|} curve25519.c:pack25519: 108| 166|{ 109| 166| int i,j,b; 110| 166| gf m,t; 111| 2.65k| FOR(i,16) t[i]=n[i]; ------------------ | | 34| 2.82k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 2.65k, False: 166] | | ------------------ ------------------ 112| 166| car25519(t); 113| 166| car25519(t); 114| 166| car25519(t); 115| 332| FOR(j,2) { ------------------ | | 34| 498|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 332, False: 166] | | ------------------ ------------------ 116| 332| m[0]=t[0]-0xffed; 117| 4.98k| for(i=1;i<15;i++) { ------------------ | Branch (117:13): [True: 4.64k, False: 332] ------------------ 118| 4.64k| m[i]=t[i]-0xffff-((m[i-1]>>16)&1); 119| 4.64k| m[i-1]&=0xffff; 120| 4.64k| } 121| 332| m[15]=t[15]-0x7fff-((m[14]>>16)&1); 122| 332| b=(m[15]>>16)&1; 123| 332| m[14]&=0xffff; 124| 332| sel25519(t,m,1-b); 125| 332| } 126| 2.65k| FOR(i,16) { ------------------ | | 34| 2.82k|#define FOR(i,n) for (i = 0;i < n;++i) | | ------------------ | | | Branch (34:29): [True: 2.65k, False: 166] | | ------------------ ------------------ 127| 2.65k| o[2*i]=t[i]&0xff; 128| 2.65k| o[2*i+1]=t[i]>>8; 129| 2.65k| } 130| 166|} m_burn: 5| 242k|void m_burn(void *data, unsigned int len) { 6| | 7| |#if defined(HAVE_MEMSET_S) 8| | memset_s(data, len, 0x0, len); 9| |#elif defined(HAVE_EXPLICIT_BZERO) 10| | explicit_bzero(data, len); 11| |#else 12| | /* This must be volatile to avoid compiler optimisation */ 13| | volatile void *p = data; 14| | memset((void*)p, 0x0, len); 15| |#endif 16| 242k|} m_strdup: 12| 12|void * m_strdup(const char * str) { 13| 12| char* ret; 14| 12| unsigned int len; 15| 12| len = strlen(str); 16| | 17| 12| ret = m_malloc(len+1); 18| 12| if (ret == NULL) { ------------------ | Branch (18:9): [True: 0, False: 12] ------------------ 19| 0| dropbear_exit("m_strdup failed"); 20| 0| } 21| 12| memcpy(ret, str, len+1); 22| 12| return ret; 23| 12|} m_malloc_set_epoch: 76| 159|void m_malloc_set_epoch(unsigned int epoch) { 77| 159| current_epoch = epoch; 78| 159|} m_malloc_free_epoch: 80| 159|void m_malloc_free_epoch(unsigned int epoch, int dofree) { 81| 159| struct dbmalloc_header* header; 82| 159| struct dbmalloc_header* nextheader = NULL; 83| 159| struct dbmalloc_header* oldstaple = staple; 84| 159| staple = NULL; 85| | /* free allocations from this epoch, create a new staple-anchored list from 86| | the remainder */ 87| 3.26k| for (header = oldstaple; header; header = nextheader) ------------------ | Branch (87:30): [True: 3.10k, False: 159] ------------------ 88| 3.10k| { 89| 3.10k| nextheader = header->next; 90| 3.10k| if (header->epoch == epoch) { ------------------ | Branch (90:13): [True: 877, False: 2.22k] ------------------ 91| 877| if (dofree) { ------------------ | Branch (91:17): [True: 877, False: 0] ------------------ 92| 877| free(header); 93| 877| } 94| 2.22k| } else { 95| 2.22k| header->prev = NULL; 96| | header->next = NULL; 97| 2.22k| put_alloc(header); 98| 2.22k| } 99| 3.10k| } 100| 159|} m_malloc: 131| 928|void * m_malloc(size_t size) { 132| 928| char* mem = NULL; 133| 928| struct dbmalloc_header* header = NULL; 134| | 135| 928| if (size == 0 || size > 1e9) { ------------------ | Branch (135:9): [True: 0, False: 928] | Branch (135:22): [True: 0, False: 928] ------------------ 136| 0| dropbear_exit("m_malloc failed"); 137| 0| } 138| | 139| 928| size = size + sizeof(struct dbmalloc_header); 140| | 141| 928| mem = calloc(1, size); 142| 928| if (mem == NULL) { ------------------ | Branch (142:9): [True: 0, False: 928] ------------------ 143| 0| dropbear_exit("m_malloc failed"); 144| 0| } 145| 928| header = (struct dbmalloc_header*)mem; 146| 928| put_alloc(header); 147| 928| header->epoch = current_epoch; 148| 928| return &mem[sizeof(struct dbmalloc_header)]; 149| 928|} m_free_direct: 172| 25|void m_free_direct(void* ptr) { 173| 25| struct dbmalloc_header* header = NULL; 174| 25| if (!ptr) { ------------------ | Branch (174:9): [True: 2, False: 23] ------------------ 175| 2| return; 176| 2| } 177| 23| header = get_header(ptr); 178| 23| remove_alloc(header); 179| 23| free(header); 180| 23|} dbmalloc.c:put_alloc: 102| 3.15k|static void put_alloc(struct dbmalloc_header *header) { 103| 3.15k| assert(header->next == NULL); ------------------ | Branch (103:5): [True: 0, False: 3.15k] | Branch (103:5): [True: 3.15k, False: 0] ------------------ 104| 3.15k| assert(header->prev == NULL); ------------------ | Branch (104:5): [True: 0, False: 3.15k] | Branch (104:5): [True: 3.15k, False: 0] ------------------ 105| 3.15k| if (staple) { ------------------ | Branch (105:9): [True: 2.99k, False: 161] ------------------ 106| 2.99k| staple->prev = header; 107| 2.99k| } 108| 3.15k| header->next = staple; 109| 3.15k| staple = header; 110| 3.15k|} dbmalloc.c:get_header: 126| 23|static struct dbmalloc_header* get_header(void* ptr) { 127| 23| char* bptr = ptr; 128| 23| return (struct dbmalloc_header*)&bptr[-sizeof(struct dbmalloc_header)]; 129| 23|} dbmalloc.c:remove_alloc: 112| 23|static void remove_alloc(struct dbmalloc_header *header) { 113| 23| if (header->prev) { ------------------ | Branch (113:9): [True: 13, False: 10] ------------------ 114| 13| header->prev->next = header->next; 115| 13| } 116| 23| if (header->next) { ------------------ | Branch (116:9): [True: 23, False: 0] ------------------ 117| 23| header->next->prev = header->prev; 118| 23| } 119| 23| if (staple == header) { ------------------ | Branch (119:9): [True: 10, False: 13] ------------------ 120| 10| staple = header->next; 121| 10| } 122| 23| header->prev = NULL; 123| | header->next = NULL; 124| 23|} fuzz_seed: 153| 163|void fuzz_seed(const unsigned char* dat, unsigned int len) { 154| 163| hash_state hs; 155| 163| sha256_init(&hs); 156| 163| sha256_process(&hs, "fuzzfuzzfuzz", strlen("fuzzfuzzfuzz")); 157| 163| sha256_process(&hs, dat, len); 158| 163| sha256_done(&hs, hashpool); 159| 163| counter = 0; 160| 163| donerandinit = 1; 161| 163|} genrandom: 313| 242k|void genrandom(unsigned char* buf, unsigned int len) { 314| | 315| 242k| hash_state hs; 316| 242k| unsigned char hash[SHA256_HASH_SIZE]; 317| 242k| unsigned int copylen; 318| | 319| 242k| if (!donerandinit) { ------------------ | Branch (319:6): [True: 0, False: 242k] ------------------ 320| 0| dropbear_exit("seedrandom not done"); 321| 0| } 322| | 323| 485k| while (len > 0) { ------------------ | Branch (323:9): [True: 243k, False: 242k] ------------------ 324| 243k| sha256_init(&hs); 325| 243k| sha256_process(&hs, (void*)hashpool, sizeof(hashpool)); 326| 243k| sha256_process(&hs, (void*)&counter, sizeof(counter)); 327| 243k| sha256_done(&hs, hash); 328| | 329| 243k| counter++; 330| 243k| if (counter > MAX_COUNTER) { ------------------ | | 35| 243k|#define MAX_COUNTER (1<<30) ------------------ | Branch (330:7): [True: 0, False: 243k] ------------------ 331| 0| seedrandom(); 332| 0| } 333| | 334| | copylen = MIN(len, SHA256_HASH_SIZE); ------------------ | Branch (334:13): [True: 242k, False: 954] ------------------ 335| 243k| memcpy(buf, hash, copylen); 336| 243k| len -= copylen; 337| 243k| buf += copylen; 338| 243k| } 339| 242k| m_burn(hash, sizeof(hash)); 340| 242k|} dropbear_exit: 105| 159|void dropbear_exit(const char* format, ...) { 106| | 107| 159| va_list param; 108| | 109| 159| va_start(param, format); 110| 159| _dropbear_exit(EXIT_FAILURE, format, param); 111| 159| va_end(param); 112| 0|} fail_assert: 132| 6|void fail_assert(const char* expr, const char* file, int line) { 133| 6| dropbear_exit("Failed assertion (%s:%d): `%s'", file, line, expr); 134| 6|} buf_readfile: 489| 2|int buf_readfile(buffer* buf, const char* filename) { 490| | 491| 2| int fd = -1; 492| 2| int len; 493| 2| int maxlen; 494| 2| int ret = DROPBEAR_FAILURE; ------------------ | | 112| 2|#define DROPBEAR_FAILURE -1 ------------------ 495| | 496| 2| fd = open(filename, O_RDONLY); 497| | 498| 2| if (fd < 0) { ------------------ | Branch (498:6): [True: 2, False: 0] ------------------ 499| 2| goto out; 500| 2| } 501| | 502| 0| do { 503| 0| maxlen = buf->size - buf->pos; 504| 0| len = read(fd, buf_getwriteptr(buf, maxlen), maxlen); ------------------ | | 55| 0|#define read(fd, buf, count) wrapfd_read(fd, buf, count) ------------------ 505| 0| if (len < 0) { ------------------ | Branch (505:7): [True: 0, False: 0] ------------------ 506| 0| if (errno == EINTR || errno == EAGAIN) { ------------------ | Branch (506:8): [True: 0, False: 0] | Branch (506:26): [True: 0, False: 0] ------------------ 507| 0| continue; 508| 0| } 509| 0| goto out; 510| 0| } 511| 0| buf_incrwritepos(buf, len); 512| 0| } while (len < maxlen && len > 0); ------------------ | Branch (512:11): [True: 0, False: 0] | Branch (512:27): [True: 0, False: 0] ------------------ 513| | 514| 0| ret = DROPBEAR_SUCCESS; ------------------ | | 111| 0|#define DROPBEAR_SUCCESS 0 ------------------ 515| | 516| 2|out: 517| 2| if (fd >= 0) { ------------------ | Branch (517:6): [True: 0, False: 2] ------------------ 518| 0| m_close(fd); 519| 0| } 520| 2| return ret; 521| 0|} disallow_core: 610| 4|void disallow_core() { 611| 4| struct rlimit lim = {0}; 612| 4| if (getrlimit(RLIMIT_CORE, &lim) < 0) { ------------------ | Branch (612:6): [True: 0, False: 4] ------------------ 613| 0| TRACE(("getrlimit(RLIMIT_CORE) failed")); 614| 0| } 615| 4| lim.rlim_cur = 0; 616| 4| if (setrlimit(RLIMIT_CORE, &lim) < 0) { ------------------ | Branch (616:6): [True: 0, False: 4] ------------------ 617| 0| TRACE(("setrlimit(RLIMIT_CORE) failed")); 618| 0| } 619| 4|} expand_homedir_path_home: 647| 4|char * expand_homedir_path_home(const char *inpath, const char *homedir) { 648| 4| if (strncmp(inpath, "~/", 2) == 0 && homedir) { ------------------ | Branch (648:6): [True: 4, False: 0] | Branch (648:39): [True: 4, False: 0] ------------------ 649| 4| size_t len = strlen(inpath)-2 + strlen(homedir) + 2; 650| 4| char *buf = m_malloc(len); 651| 4| snprintf(buf, len, "%s/%s", homedir, inpath+2); 652| 4| return buf; 653| 4| } 654| | /* Fallback */ 655| 0| return m_strdup(inpath); 656| 4|} expand_homedir_path: 660| 4|char * expand_homedir_path(const char *inpath) { 661| 4| struct passwd *pw = NULL; 662| 4| char *homedir = getenv("HOME"); 663| | 664| 4| if (!homedir) { ------------------ | Branch (664:6): [True: 0, False: 4] ------------------ 665| 0| pw = getpwuid(getuid()); ------------------ | | 109| 0|#define getpwuid(x) fuzz_getpwuid(x) ------------------ 666| 0| if (pw) { ------------------ | Branch (666:7): [True: 0, False: 0] ------------------ 667| 0| homedir = pw->pw_dir; 668| 0| } 669| 0| } 670| 4| return expand_homedir_path_home(inpath, homedir); 671| 4|} constant_time_memcmp: 674| 7|{ 675| 7| const char *xa = a, *xb = b; 676| 7| uint8_t c = 0; 677| 7| size_t i; 678| 231| for (i = 0; i < n; i++) ------------------ | Branch (678:14): [True: 224, False: 7] ------------------ 679| 224| { 680| 224| c |= (xa[i] ^ xb[i]); 681| 224| } 682| 7| return c; 683| 7|} dss_key_free: 122| 2|void dss_key_free(dropbear_dss_key *key) { 123| | 124| 2| TRACE2(("enter dsa_key_free")) 125| 2| if (key == NULL) { ------------------ | Branch (125:6): [True: 2, False: 0] ------------------ 126| 2| TRACE2(("enter dsa_key_free: key == NULL")) 127| 2| return; 128| 2| } 129| 0| m_mp_free_multi(&key->p, &key->q, &key->g, &key->y, &key->x, NULL); 130| | m_free(key); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 131| 0| TRACE2(("leave dsa_key_free")) 132| 0|} dropbear_ecc_fill_dp: 47| 4|void dropbear_ecc_fill_dp() { 48| 4| struct dropbear_ecc_curve **curve; 49| | /* libtomcrypt guarantees they're ordered by size */ 50| 4| const ltc_ecc_set_type *dp = ltc_ecc_sets; 51| 16| for (curve = dropbear_ecc_curves; *curve; curve++) { ------------------ | Branch (51:36): [True: 12, False: 4] ------------------ 52| 20| for (;dp->size > 0; dp++) { ------------------ | Branch (52:9): [True: 20, False: 0] ------------------ 53| 20| if (dp->size == (*curve)->ltc_size) { ------------------ | Branch (53:8): [True: 12, False: 8] ------------------ 54| 12| (*curve)->dp = dp; 55| 12| break; 56| 12| } 57| 20| } 58| 12| if (!(*curve)->dp) { ------------------ | Branch (58:7): [True: 0, False: 12] ------------------ 59| 0| dropbear_exit("Missing ECC params %s", (*curve)->name); 60| 0| } 61| 12| } 62| 4|} signkey_is_ecdsa: 11| 2|{ 12| 2| return type == DROPBEAR_SIGNKEY_ECDSA_NISTP256 ------------------ | Branch (12:9): [True: 0, False: 2] ------------------ 13| 2| || type == DROPBEAR_SIGNKEY_ECDSA_NISTP384 ------------------ | Branch (13:6): [True: 0, False: 2] ------------------ 14| 2| || type == DROPBEAR_SIGNKEY_ECDSA_NISTP521; ------------------ | Branch (14:6): [True: 0, False: 2] ------------------ 15| 2|} buf_get_ed25519_priv_key: 78| 2|int buf_get_ed25519_priv_key(buffer *buf, dropbear_ed25519_key *key) { 79| | 80| 2| unsigned int len; 81| | 82| 2| TRACE(("enter buf_get_ed25519_priv_key")) 83| 2| dropbear_assert(key != NULL); ------------------ | | 84| 2|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (84:37): [True: 0, False: 2] | | | Branch (84:93): [Folded, False: 2] | | ------------------ ------------------ 84| | 85| 2| buf_incrpos(buf, 4+SSH_SIGNKEY_ED25519_LEN); /* int + "ssh-ed25519" */ ------------------ | | 119| 2|#define SSH_SIGNKEY_ED25519_LEN 11 ------------------ 86| | 87| 2| len = buf_getint(buf); 88| 2| if (len != CURVE25519_LEN*2 || buf->len - buf->pos < len) { ------------------ | | 34| 2|#define CURVE25519_LEN 32 ------------------ | Branch (88:6): [True: 0, False: 2] | Branch (88:33): [True: 0, False: 2] ------------------ 89| 0| TRACE(("leave buf_get_ed25519_priv_key: failure")) 90| 0| return DROPBEAR_FAILURE; ------------------ | | 112| 0|#define DROPBEAR_FAILURE -1 ------------------ 91| 0| } 92| | 93| 2| memcpy(key->priv, buf_getptr(buf, CURVE25519_LEN), CURVE25519_LEN); ------------------ | | 34| 2|#define CURVE25519_LEN 32 ------------------ memcpy(key->priv, buf_getptr(buf, CURVE25519_LEN), CURVE25519_LEN); ------------------ | | 34| 2|#define CURVE25519_LEN 32 ------------------ 94| 2| buf_incrpos(buf, CURVE25519_LEN); ------------------ | | 34| 2|#define CURVE25519_LEN 32 ------------------ 95| 2| memcpy(key->pub, buf_getptr(buf, CURVE25519_LEN), CURVE25519_LEN); ------------------ | | 34| 2|#define CURVE25519_LEN 32 ------------------ memcpy(key->pub, buf_getptr(buf, CURVE25519_LEN), CURVE25519_LEN); ------------------ | | 34| 2|#define CURVE25519_LEN 32 ------------------ 96| 2| buf_incrpos(buf, CURVE25519_LEN); ------------------ | | 34| 2|#define CURVE25519_LEN 32 ------------------ 97| | 98| 2| TRACE(("leave buf_get_ed25519_priv_key: success")) 99| 2| return DROPBEAR_SUCCESS; ------------------ | | 111| 2|#define DROPBEAR_SUCCESS 0 ------------------ 100| 2|} ed25519_key_free: 103| 4|void ed25519_key_free(dropbear_ed25519_key *key) { 104| | 105| 4| TRACE2(("enter ed25519_key_free")) 106| | 107| 4| if (key == NULL) { ------------------ | Branch (107:6): [True: 4, False: 0] ------------------ 108| 4| TRACE2(("leave ed25519_key_free: key == NULL")) 109| 4| return; 110| 4| } 111| 0| m_burn(key->priv, CURVE25519_LEN); ------------------ | | 34| 0|#define CURVE25519_LEN 32 ------------------ 112| 0| m_free(key); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 113| | 114| 0| TRACE2(("leave ed25519_key_free")) 115| 0|} gen_kexpqhybrid_param: 13| 159|struct kex_pqhybrid_param *gen_kexpqhybrid_param() { 14| 159| struct kex_pqhybrid_param *param = m_malloc(sizeof(*param)); 15| 159| const struct dropbear_kem_desc *kem = ses.newkeys->algo_kex->details; 16| | 17| 159| param->curve25519 = gen_kexcurve25519_param(); 18| | 19| 159| if (IS_DROPBEAR_CLIENT) { ------------------ | | 382| 159|#define IS_DROPBEAR_CLIENT (ses.isserver == 0) | | ------------------ | | | Branch (382:28): [True: 159, False: 0] | | ------------------ ------------------ 20| 159| param->kem_cli_secret = buf_new(kem->secret_len); 21| 159| param->concat_public = buf_new(kem->public_len + CURVE25519_LEN); ------------------ | | 122| 159|#define CURVE25519_LEN 32 ------------------ 22| 159| kem->kem_gen( 23| 159| buf_getwriteptr(param->concat_public, kem->public_len), 24| 159| buf_getwriteptr(param->kem_cli_secret, kem->secret_len)); 25| 159| buf_incrwritepos(param->concat_public, kem->public_len); 26| 159| buf_incrwritepos(param->kem_cli_secret, kem->secret_len); 27| 159| buf_setpos(param->kem_cli_secret, 0); 28| | /* Append the curve25519 parameter */ 29| 159| buf_putbytes(param->concat_public, param->curve25519->pub, CURVE25519_LEN); ------------------ | | 122| 159|#define CURVE25519_LEN 32 ------------------ 30| 159| } 31| | 32| 159| return param; 33| 159|} kexpqhybrid_comb_key: 46| 75| buffer *buf_pub, sign_key *hostkey) { 47| | 48| 75| const struct dropbear_kem_desc *kem = ses.newkeys->algo_kex->details; 49| 75| const struct ltc_hash_descriptor *hash_desc 50| 75| = ses.newkeys->algo_kex->hash_desc; 51| | 52| | /* Either public key (from client) or ciphertext (from server) */ 53| 75| unsigned char *remote_pub_kem = NULL; 54| 75| buffer *pub_25519 = NULL; 55| 75| buffer *k_out = NULL; 56| 75| unsigned int remote_len; 57| 75| hash_state hs; 58| 75| const buffer * Q_C = NULL; 59| 75| const buffer * Q_S = NULL; 60| | 61| | /* Extract input parts from the remote peer */ 62| 75| if (IS_DROPBEAR_CLIENT) { ------------------ | | 382| 75|#define IS_DROPBEAR_CLIENT (ses.isserver == 0) | | ------------------ | | | Branch (382:28): [True: 75, False: 0] | | ------------------ ------------------ 63| | /* S_REPLY = S_CT2 || S_PK1 */ 64| 75| remote_len = kem->ciphertext_len; 65| 75| } else { 66| | /* C_INIT = C_PK2 || C_PK1 */ 67| 0| remote_len = kem->public_len; 68| 0| } 69| 75| remote_pub_kem = buf_getptr(buf_pub, remote_len); 70| 75| buf_incrpos(buf_pub, remote_len); 71| 75| pub_25519 = buf_getptrcopy(buf_pub, CURVE25519_LEN); ------------------ | | 122| 75|#define CURVE25519_LEN 32 ------------------ 72| 75| buf_incrpos(buf_pub, CURVE25519_LEN); ------------------ | | 122| 75|#define CURVE25519_LEN 32 ------------------ 73| | /* Check all is consumed */ 74| 75| if (buf_pub->pos != buf_pub->len) { ------------------ | Branch (74:9): [True: 22, False: 53] ------------------ 75| 22| dropbear_exit("Bad sntrup"); 76| 22| } 77| | 78| | /* k_out = K_PQ || K_CL */ 79| 53| k_out = buf_new(kem->output_len + CURVE25519_LEN); ------------------ | | 122| 53|#define CURVE25519_LEN 32 ------------------ 80| | 81| | /* Derive pq kem part (K_PQ) */ 82| 53| if (IS_DROPBEAR_CLIENT) { ------------------ | | 382| 53|#define IS_DROPBEAR_CLIENT (ses.isserver == 0) | | ------------------ | | | Branch (382:28): [True: 7, False: 46] | | ------------------ ------------------ 83| 7| kem->kem_dec( 84| 7| buf_getwriteptr(k_out, kem->output_len), 85| 7| remote_pub_kem, 86| 7| buf_getptr(param->kem_cli_secret, kem->secret_len)); 87| 7| buf_burn_free(param->kem_cli_secret); 88| 7| param->kem_cli_secret = NULL; 89| 46| } else { 90| | /* Server returns ciphertext */ 91| 46| assert(param->concat_public == NULL); ------------------ | Branch (91:9): [True: 0, False: 46] | Branch (91:9): [True: 0, False: 46] ------------------ 92| 46| param->concat_public = buf_new(kem->ciphertext_len + CURVE25519_LEN); ------------------ | | 122| 0|#define CURVE25519_LEN 32 ------------------ 93| 0| kem->kem_enc( 94| 0| buf_getwriteptr(param->concat_public, kem->ciphertext_len), 95| 0| buf_getwriteptr(k_out, kem->output_len), 96| 0| remote_pub_kem); 97| 0| buf_incrwritepos(param->concat_public, kem->ciphertext_len); 98| | /* Append the curve25519 parameter */ 99| 0| buf_putbytes(param->concat_public, param->curve25519->pub, CURVE25519_LEN); ------------------ | | 122| 0|#define CURVE25519_LEN 32 ------------------ 100| 0| } 101| 53| buf_incrwritepos(k_out, kem->output_len); 102| | 103| | /* Derive ec part (K_CL) */ 104| 7| kexcurve25519_derive(param->curve25519, pub_25519, 105| 7| buf_getwriteptr(k_out, CURVE25519_LEN)); ------------------ | | 122| 7|#define CURVE25519_LEN 32 ------------------ 106| 7| buf_incrwritepos(k_out, CURVE25519_LEN); ------------------ | | 122| 7|#define CURVE25519_LEN 32 ------------------ 107| | 108| | /* dh_K_bytes = HASH(k_out) 109| | dh_K_bytes is a SSH string with length prefix, since 110| | that is what needs to be hashed in gen_new_keys() */ 111| 7| ses.dh_K_bytes = buf_new(4 + hash_desc->hashsize); 112| 7| buf_putint(ses.dh_K_bytes, hash_desc->hashsize); 113| 7| hash_desc->init(&hs); 114| 7| hash_desc->process(&hs, k_out->data, k_out->len); 115| 7| hash_desc->done(&hs, buf_getwriteptr(ses.dh_K_bytes, hash_desc->hashsize)); 116| 7| m_burn(&hs, sizeof(hash_state)); 117| 7| buf_incrwritepos(ses.dh_K_bytes, hash_desc->hashsize); 118| | 119| | /* Create the remainder of the hash buffer */ 120| 7| if (IS_DROPBEAR_CLIENT) { ------------------ | | 382| 7|#define IS_DROPBEAR_CLIENT (ses.isserver == 0) | | ------------------ | | | Branch (382:28): [True: 6, False: 1] | | ------------------ ------------------ 121| 6| Q_C = param->concat_public; 122| 6| Q_S = buf_pub; 123| 6| } else { 124| 1| Q_S = param->concat_public; 125| 1| Q_C = buf_pub; 126| 1| } 127| | 128| | /* K_S, the host key */ 129| 7| buf_put_pub_key(ses.kexhashbuf, hostkey, ses.newkeys->algo_hostkey); 130| 7| buf_putbufstring(ses.kexhashbuf, Q_C); 131| 7| buf_putbufstring(ses.kexhashbuf, Q_S); 132| | /* K, the shared secret */ 133| 7| buf_putbytes(ses.kexhashbuf, ses.dh_K_bytes->data, ses.dh_K_bytes->len); 134| | 135| | /* calculate the hash H to sign */ 136| 7| finish_kexhashbuf(); 137| | 138| 7| buf_burn_free(k_out); 139| 7| buf_free(pub_25519); 140| 7|} gen_kexcurve25519_param: 14| 159|struct kex_curve25519_param *gen_kexcurve25519_param() { 15| | /* Per http://cr.yp.to/ecdh.html */ 16| 159| struct kex_curve25519_param *param = m_malloc(sizeof(*param)); 17| 159| const unsigned char basepoint[32] = {9}; 18| | 19| 159| genrandom(param->priv, CURVE25519_LEN); ------------------ | | 122| 159|#define CURVE25519_LEN 32 ------------------ 20| 159| dropbear_curve25519_scalarmult(param->pub, param->priv, basepoint); 21| | 22| 159| return param; 23| 159|} kexcurve25519_derive: 32| 7| unsigned char *out) { 33| 7| char zeroes[CURVE25519_LEN] = {0}; 34| 7| if (buf_pub_them->len != CURVE25519_LEN) ------------------ | | 122| 7|#define CURVE25519_LEN 32 ------------------ | Branch (34:9): [True: 0, False: 7] ------------------ 35| 0| { 36| 0| dropbear_exit("Bad curve25519"); 37| 0| } 38| | 39| 7| dropbear_curve25519_scalarmult(out, param->priv, buf_pub_them->data); 40| | 41| 7| if (constant_time_memcmp(zeroes, out, CURVE25519_LEN) == 0) { ------------------ | | 122| 7|#define CURVE25519_LEN 32 ------------------ | Branch (41:9): [True: 1, False: 6] ------------------ 42| 1| dropbear_exit("Bad curve25519"); 43| 1| } 44| 7|} list_append: 5| 2|void list_append(m_list *list, void *item) { 6| 2| m_list_elem *elem; 7| | 8| 2| elem = m_malloc(sizeof(*elem)); 9| 2| elem->item = item; 10| 2| elem->list = list; 11| 2| elem->next = NULL; 12| 2| if (!list->first) { ------------------ | Branch (12:6): [True: 2, False: 0] ------------------ 13| 2| list->first = elem; 14| 2| elem->prev = NULL; 15| 2| } else { 16| 0| elem->prev = list->last; 17| 0| list->last->next = elem; 18| 0| } 19| 2| list->last = elem; 20| 2|} list_new: 22| 6|m_list * list_new() { 23| 6| m_list *ret = m_malloc(sizeof(m_list)); 24| | ret->first = ret->last = NULL; 25| 6| return ret; 26| 6|} rsa_key_free: 143| 2|void rsa_key_free(dropbear_rsa_key *key) { 144| | 145| 2| TRACE2(("enter rsa_key_free")) 146| | 147| 2| if (key == NULL) { ------------------ | Branch (147:6): [True: 2, False: 0] ------------------ 148| 2| TRACE2(("leave rsa_key_free: key == NULL")) 149| 2| return; 150| 2| } 151| 0| m_mp_free_multi(&key->d, &key->e, &key->p, &key->q, &key->n, NULL); 152| | m_free(key); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 153| 0| TRACE2(("leave rsa_key_free")) 154| 0|} buf_put_rsa_pub_key: 162| 6|void buf_put_rsa_pub_key(buffer* buf, const dropbear_rsa_key *key) { 163| | 164| 6| TRACE(("enter buf_put_rsa_pub_key")) 165| 6| dropbear_assert(key != NULL); ------------------ | | 84| 6|#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) | | ------------------ | | | Branch (84:37): [True: 6, False: 0] | | | Branch (84:93): [Folded, False: 0] | | ------------------ ------------------ 166| | 167| 0| buf_putstring(buf, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN); ------------------ | | 116| 0|#define SSH_SIGNKEY_RSA "ssh-rsa" ------------------ buf_putstring(buf, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN); ------------------ | | 117| 0|#define SSH_SIGNKEY_RSA_LEN 7 ------------------ 168| 0| buf_putmpint(buf, key->e); 169| 0| buf_putmpint(buf, key->n); 170| | 171| 0| TRACE(("leave buf_put_rsa_pub_key")) 172| | 173| 0|} new_sign_key: 62| 4|sign_key * new_sign_key() { 63| | 64| 4| sign_key * ret; 65| | 66| 4| ret = (sign_key*)m_malloc(sizeof(sign_key)); 67| 4| ret->type = DROPBEAR_SIGNKEY_NONE; 68| 4| ret->source = SIGNKEY_SOURCE_INVALID; 69| 4| return ret; 70| 4|} signkey_type_from_name: 86| 2|enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen) { 87| 2| int i; 88| 14| for (i = 0; i < DROPBEAR_SIGNKEY_NUM_NAMED; i++) { ------------------ | Branch (88:14): [True: 14, False: 0] ------------------ 89| 14| const char *fixed_name = signkey_names[i]; 90| 14| if (namelen == strlen(fixed_name) ------------------ | Branch (90:7): [True: 2, False: 12] ------------------ 91| 2| && memcmp(fixed_name, name, namelen) == 0) { ------------------ | Branch (91:7): [True: 2, False: 0] ------------------ 92| | 93| 2|#if DROPBEAR_ECDSA 94| | /* Some of the ECDSA key sizes are defined even if they're not compiled in */ 95| 2| if (0 ------------------ | Branch (95:8): [Folded, False: 2] ------------------ 96| |#if !DROPBEAR_ECC_256 97| | || i == DROPBEAR_SIGNKEY_ECDSA_NISTP256 98| |#endif 99| |#if !DROPBEAR_ECC_384 100| | || i == DROPBEAR_SIGNKEY_ECDSA_NISTP384 101| |#endif 102| |#if !DROPBEAR_ECC_521 103| | || i == DROPBEAR_SIGNKEY_ECDSA_NISTP521 104| |#endif 105| 2| ) { 106| 0| TRACE(("attempt to use ecdsa type %d not compiled in", i)) 107| 0| return DROPBEAR_SIGNKEY_NONE; 108| 0| } 109| 2|#endif 110| | 111| 2| return (enum signkey_type)i; 112| 2| } 113| 14| } 114| | 115| 0| TRACE(("signkey_type_from_name unexpected key type.")) 116| | 117| 0| return DROPBEAR_SIGNKEY_NONE; 118| 2|} buf_get_priv_key: 339| 2|int buf_get_priv_key(buffer *buf, sign_key *key, enum signkey_type *type) { 340| | 341| 2| char *ident; 342| 2| unsigned int len; 343| 2| enum signkey_type keytype; 344| 2| int ret = DROPBEAR_FAILURE; ------------------ | | 112| 2|#define DROPBEAR_FAILURE -1 ------------------ 345| | 346| 2| TRACE2(("enter buf_get_priv_key")) 347| | 348| 2| ident = buf_getstring(buf, &len); 349| 2| keytype = signkey_type_from_name(ident, len); 350| 2| m_free(ident); ------------------ | | 24| 2|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 2] | | ------------------ ------------------ 351| | 352| 2| if (*type != DROPBEAR_SIGNKEY_ANY && *type != keytype) { ------------------ | Branch (352:6): [True: 0, False: 2] | Branch (352:39): [True: 0, False: 0] ------------------ 353| 0| TRACE(("wrong key type: %d %d", *type, keytype)) 354| 0| return DROPBEAR_FAILURE; ------------------ | | 112| 0|#define DROPBEAR_FAILURE -1 ------------------ 355| 0| } 356| | 357| 2| *type = keytype; 358| | 359| | /* Rewind the buffer back before "ssh-rsa" etc */ 360| 2| buf_decrpos(buf, len + 4); 361| | 362| 2|#if DROPBEAR_DSS 363| 2| if (keytype == DROPBEAR_SIGNKEY_DSS) { ------------------ | Branch (363:6): [True: 0, False: 2] ------------------ 364| 0| dss_key_free(key->dsskey); 365| 0| key->dsskey = m_malloc(sizeof(*key->dsskey)); 366| 0| ret = buf_get_dss_priv_key(buf, key->dsskey); 367| 0| if (ret == DROPBEAR_FAILURE) { ------------------ | | 112| 0|#define DROPBEAR_FAILURE -1 ------------------ | Branch (367:7): [True: 0, False: 0] ------------------ 368| 0| dss_key_free(key->dsskey); 369| 0| key->dsskey = NULL; 370| 0| } 371| 0| } 372| 2|#endif 373| 2|#if DROPBEAR_RSA 374| 2| if (keytype == DROPBEAR_SIGNKEY_RSA) { ------------------ | Branch (374:6): [True: 0, False: 2] ------------------ 375| 0| rsa_key_free(key->rsakey); 376| 0| key->rsakey = m_malloc(sizeof(*key->rsakey)); 377| 0| ret = buf_get_rsa_priv_key(buf, key->rsakey); 378| 0| if (ret == DROPBEAR_FAILURE) { ------------------ | | 112| 0|#define DROPBEAR_FAILURE -1 ------------------ | Branch (378:7): [True: 0, False: 0] ------------------ 379| 0| rsa_key_free(key->rsakey); 380| 0| key->rsakey = NULL; 381| 0| } 382| 0| } 383| 2|#endif 384| 2|#if DROPBEAR_ECDSA 385| 2| if (signkey_is_ecdsa(keytype)) { ------------------ | Branch (385:6): [True: 0, False: 2] ------------------ 386| 0| ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype); 387| 0| if (eck) { ------------------ | Branch (387:7): [True: 0, False: 0] ------------------ 388| 0| if (*eck) { ------------------ | Branch (388:8): [True: 0, False: 0] ------------------ 389| 0| ecc_free(*eck); 390| 0| m_free(*eck); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 391| 0| *eck = NULL; 392| 0| } 393| 0| *eck = buf_get_ecdsa_priv_key(buf); 394| 0| if (*eck) { ------------------ | Branch (394:8): [True: 0, False: 0] ------------------ 395| 0| ret = DROPBEAR_SUCCESS; ------------------ | | 111| 0|#define DROPBEAR_SUCCESS 0 ------------------ 396| 0| } 397| 0| } 398| 0| } 399| 2|#endif 400| 2|#if DROPBEAR_ED25519 401| 2| if (keytype == DROPBEAR_SIGNKEY_ED25519) { ------------------ | Branch (401:6): [True: 2, False: 0] ------------------ 402| 2| ed25519_key_free(key->ed25519key); 403| 2| key->ed25519key = m_malloc(sizeof(*key->ed25519key)); 404| 2| ret = buf_get_ed25519_priv_key(buf, key->ed25519key); 405| 2| if (ret == DROPBEAR_FAILURE) { ------------------ | | 112| 2|#define DROPBEAR_FAILURE -1 ------------------ | Branch (405:7): [True: 0, False: 2] ------------------ 406| 0| m_free(key->ed25519key); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 407| 0| key->ed25519key = NULL; 408| 0| } 409| 2| } 410| 2|#endif 411| | 412| 2| TRACE2(("leave buf_get_priv_key")) 413| | 414| 2| return ret; 415| | 416| 2|} buf_put_pub_key: 419| 6|void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type) { 420| | 421| 6| buffer *pubkeys; 422| | 423| 6| TRACE2(("enter buf_put_pub_key")) 424| 6| pubkeys = buf_new(MAX_PUBKEY_SIZE); ------------------ | | 261| 6|#define MAX_PUBKEY_SIZE 600 ------------------ 425| | 426| 6|#if DROPBEAR_DSS 427| 6| if (type == DROPBEAR_SIGNKEY_DSS) { ------------------ | Branch (427:6): [True: 0, False: 6] ------------------ 428| 0| buf_put_dss_pub_key(pubkeys, key->dsskey); 429| 0| } 430| 6|#endif 431| 6|#if DROPBEAR_RSA 432| 6| if (type == DROPBEAR_SIGNKEY_RSA) { ------------------ | Branch (432:6): [True: 6, False: 0] ------------------ 433| 6| buf_put_rsa_pub_key(pubkeys, key->rsakey); 434| 6| } 435| 6|#endif 436| 6|#if DROPBEAR_ECDSA 437| 6| if (signkey_is_ecdsa(type) ------------------ | Branch (437:6): [True: 6, False: 0] ------------------ 438| 0|#if DROPBEAR_SK_ECDSA 439| 0| || type == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256 ------------------ | Branch (439:6): [True: 0, False: 0] ------------------ 440| 6|#endif 441| 6| ) { 442| 0| ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type); 443| 0| if (eck && *eck) { ------------------ | Branch (443:7): [True: 0, False: 0] | Branch (443:14): [True: 0, False: 0] ------------------ 444| 0| buf_put_ecdsa_pub_key(pubkeys, *eck); 445| 0| } 446| 0| } 447| 6|#endif 448| 6|#if DROPBEAR_ED25519 449| 6| if (type == DROPBEAR_SIGNKEY_ED25519 ------------------ | Branch (449:6): [True: 6, False: 0] ------------------ 450| 0|#if DROPBEAR_SK_ED25519 451| 0| || type == DROPBEAR_SIGNKEY_SK_ED25519 ------------------ | Branch (451:6): [True: 0, False: 0] ------------------ 452| 6|#endif 453| 6| ) { 454| 0| buf_put_ed25519_pub_key(pubkeys, key->ed25519key); 455| 0| } 456| 6|#endif 457| 6| if (pubkeys->len == 0) { ------------------ | Branch (457:6): [True: 0, False: 6] ------------------ 458| 0| dropbear_exit("Bad key types in buf_put_pub_key"); 459| 0| } 460| | 461| 6| buf_putbufstring(buf, pubkeys); 462| 6| buf_free(pubkeys); 463| 6| TRACE2(("leave buf_put_pub_key")) 464| 6|} sign_key_free: 506| 2|void sign_key_free(sign_key *key) { 507| | 508| 2| TRACE2(("enter sign_key_free")) 509| | 510| 2|#if DROPBEAR_DSS 511| 2| dss_key_free(key->dsskey); 512| 2| key->dsskey = NULL; 513| 2|#endif 514| 2|#if DROPBEAR_RSA 515| 2| rsa_key_free(key->rsakey); 516| 2| key->rsakey = NULL; 517| 2|#endif 518| 2|#if DROPBEAR_ECDSA 519| 2|#if DROPBEAR_ECC_256 520| 2| if (key->ecckey256) { ------------------ | Branch (520:6): [True: 0, False: 2] ------------------ 521| 0| ecc_free(key->ecckey256); 522| 0| m_free(key->ecckey256); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 523| 0| key->ecckey256 = NULL; 524| 0| } 525| 2|#endif 526| 2|#if DROPBEAR_ECC_384 527| 2| if (key->ecckey384) { ------------------ | Branch (527:6): [True: 0, False: 2] ------------------ 528| 0| ecc_free(key->ecckey384); 529| 0| m_free(key->ecckey384); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 530| 0| key->ecckey384 = NULL; 531| 0| } 532| 2|#endif 533| 2|#if DROPBEAR_ECC_521 534| 2| if (key->ecckey521) { ------------------ | Branch (534:6): [True: 0, False: 2] ------------------ 535| 0| ecc_free(key->ecckey521); 536| 0| m_free(key->ecckey521); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 537| 0| key->ecckey521 = NULL; 538| 0| } 539| 2|#endif 540| 2|#endif 541| 2|#if DROPBEAR_ED25519 542| 2| ed25519_key_free(key->ed25519key); 543| 2| key->ed25519key = NULL; 544| 2|#endif 545| | 546| 2| m_free(key->filename); ------------------ | | 24| 2|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 2] | | ------------------ ------------------ 547| 2|#if DROPBEAR_SK_ECDSA || DROPBEAR_SK_ED25519 548| 2| if (key->sk_app) { ------------------ | Branch (548:6): [True: 0, False: 2] ------------------ 549| 0| m_free(key->sk_app); ------------------ | | 24| 0|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 0] | | ------------------ ------------------ 550| 0| } 551| 2|#endif 552| | 553| | m_free(key); ------------------ | | 24| 2|#define m_free(X) do {m_free_direct(X); (X) = NULL;} while (0) | | ------------------ | | | Branch (24:61): [Folded, False: 2] | | ------------------ ------------------ 554| 2| TRACE2(("leave sign_key_free")) 555| 2|} crypto_kem_sntrup761_keypair: 2170| 159|int crypto_kem_sntrup761_keypair(unsigned char *pk, unsigned char *sk) { 2171| 159| int i; 2172| 159| ZKeyGen(pk, sk); 2173| 159| sk += SecretKeys_bytes; ------------------ | | 1763| 159|#define SecretKeys_bytes (2 * Small_bytes) | | ------------------ | | | | 1761| 159|#define Small_bytes ((p + 3) / 4) | | | | ------------------ | | | | | | 1754| 159|#define p 761 | | | | ------------------ | | ------------------ ------------------ 2174| 184k| for (i = 0; i < crypto_kem_sntrup761_PUBLICKEYBYTES; ++i) *sk++ = pk[i]; ------------------ | | 4| 184k|#define crypto_kem_sntrup761_PUBLICKEYBYTES 1158 ------------------ | Branch (2174:15): [True: 184k, False: 159] ------------------ 2175| 159| randombytes(sk, Small_bytes); ------------------ | | 1761| 159|#define Small_bytes ((p + 3) / 4) | | ------------------ | | | | 1754| 159|#define p 761 | | ------------------ ------------------ 2176| 159| Hash_prefix(sk + Small_bytes, 4, pk, crypto_kem_sntrup761_PUBLICKEYBYTES); ------------------ | | 1761| 159|#define Small_bytes ((p + 3) / 4) | | ------------------ | | | | 1754| 159|#define p 761 | | ------------------ ------------------ Hash_prefix(sk + Small_bytes, 4, pk, crypto_kem_sntrup761_PUBLICKEYBYTES); ------------------ | | 4| 159|#define crypto_kem_sntrup761_PUBLICKEYBYTES 1158 ------------------ 2177| 159| return 0; 2178| 159|} crypto_kem_sntrup761_dec: 2203| 7|int crypto_kem_sntrup761_dec(unsigned char *k, const unsigned char *c, const unsigned char *sk) { 2204| 7| const unsigned char *pk = sk + SecretKeys_bytes; ------------------ | | 1763| 7|#define SecretKeys_bytes (2 * Small_bytes) | | ------------------ | | | | 1761| 7|#define Small_bytes ((p + 3) / 4) | | | | ------------------ | | | | | | 1754| 7|#define p 761 | | | | ------------------ | | ------------------ ------------------ 2205| 7| const unsigned char *rho = pk + crypto_kem_sntrup761_PUBLICKEYBYTES; ------------------ | | 4| 7|#define crypto_kem_sntrup761_PUBLICKEYBYTES 1158 ------------------ 2206| 7| const unsigned char *cache = rho + Small_bytes; ------------------ | | 1761| 7|#define Small_bytes ((p + 3) / 4) | | ------------------ | | | | 1754| 7|#define p 761 | | ------------------ ------------------ 2207| 7| Inputs r; 2208| 7| unsigned char r_enc[Small_bytes], cnew[crypto_kem_sntrup761_CIPHERTEXTBYTES]; 2209| 7| int mask, i; 2210| 7| ZDecrypt(r, c, sk); 2211| 7| Hide(cnew, r_enc, r, pk, cache); 2212| 7| mask = Ciphertexts_diff_mask(c, cnew); 2213| 1.34k| for (i = 0; i < Small_bytes; ++i) r_enc[i] ^= mask & (r_enc[i] ^ rho[i]); ------------------ | | 1761| 1.34k|#define Small_bytes ((p + 3) / 4) | | ------------------ | | | | 1754| 1.34k|#define p 761 | | ------------------ ------------------ | Branch (2213:15): [True: 1.33k, False: 7] ------------------ 2214| 7| HashSession(k, 1 + mask, r_enc, c); 2215| 7| return 0; 2216| 7|} sntrup761.c:ZKeyGen: 2129| 159|static void ZKeyGen(unsigned char *pk, unsigned char *sk) { 2130| 159| Fq h[p]; 2131| 159| small f[p], v[p]; 2132| 159| KeyGen(h, f, v); 2133| 159| Rq_encode(pk, h); 2134| 159| Small_encode(sk, f); 2135| 159| Small_encode(sk + Small_bytes, v); ------------------ | | 1761| 159|#define Small_bytes ((p + 3) / 4) | | ------------------ | | | | 1754| 159|#define p 761 | | ------------------ ------------------ 2136| 159|} sntrup761.c:KeyGen: 2044| 159|static void KeyGen(Fq *h, small *f, small *ginv) { 2045| 159| small g[p]; 2046| 159| Fq finv[p]; 2047| 159| for (;;) { 2048| 159| int result; 2049| 159| Small_random(g); 2050| 159| result = R3_recip(ginv, g); 2051| 159| crypto_declassify(&result, sizeof result); ------------------ | | 14| 159|#define crypto_declassify(x, y) do {} while (0) | | ------------------ | | | Branch (14:46): [Folded, False: 159] | | ------------------ ------------------ 2052| 159| if (result == 0) break; ------------------ | Branch (2052:9): [True: 159, False: 0] ------------------ 2053| 159| } 2054| 159| Short_random(f); 2055| 159| Rq_recip3(finv, f); 2056| 159| Rq_mult_small(h, finv, g); 2057| 159|} sntrup761.c:Small_random: 2039| 159|static void Small_random(small *out) { 2040| 159| int i; 2041| 121k| for (i = 0; i < p; ++i) out[i] = (((urandom32() & 0x3fffffff) * 3) >> 30) - 1; ------------------ | | 1754| 121k|#define p 761 ------------------ | Branch (2041:15): [True: 120k, False: 159] ------------------ 2042| 159|} sntrup761.c:urandom32: 2023| 241k|static uint32_t urandom32(void) { 2024| 241k| unsigned char c[4]; 2025| 241k| uint32_t result = 0; 2026| 241k| int i; 2027| 241k| randombytes(c, 4); 2028| 1.20M| for (i = 0; i < 4; ++i) result += ((uint32_t)c[i]) << (8 * i); ------------------ | Branch (2028:15): [True: 967k, False: 241k] ------------------ 2029| 241k| return result; 2030| 241k|} sntrup761.c:R3_recip: 1900| 159|static int R3_recip(small *out, const small *in) { 1901| 159| small f[p + 1], g[p + 1], v[p + 1], r[p + 1]; 1902| 159| int sign, swap, t, i, loop, delta = 1; 1903| 121k| for (i = 0; i < p + 1; ++i) v[i] = 0; ------------------ | | 1754| 121k|#define p 761 ------------------ | Branch (1903:15): [True: 121k, False: 159] ------------------ 1904| 121k| for (i = 0; i < p + 1; ++i) r[i] = 0; ------------------ | | 1754| 121k|#define p 761 ------------------ | Branch (1904:15): [True: 121k, False: 159] ------------------ 1905| 159| r[0] = 1; 1906| 121k| for (i = 0; i < p; ++i) f[i] = 0; ------------------ | | 1754| 121k|#define p 761 ------------------ | Branch (1906:15): [True: 120k, False: 159] ------------------ 1907| 159| f[0] = 1; 1908| 159| f[p - 1] = f[p] = -1; ------------------ | | 1754| 159|#define p 761 ------------------ f[p - 1] = f[p] = -1; ------------------ | | 1754| 159|#define p 761 ------------------ 1909| 121k| for (i = 0; i < p; ++i) g[p - 1 - i] = in[i]; ------------------ | | 1754| 121k|#define p 761 ------------------ for (i = 0; i < p; ++i) g[p - 1 - i] = in[i]; ------------------ | | 1754| 120k|#define p 761 ------------------ | Branch (1909:15): [True: 120k, False: 159] ------------------ 1910| 159| g[p] = 0; ------------------ | | 1754| 159|#define p 761 ------------------ 1911| 241k| for (loop = 0; loop < 2 * p - 1; ++loop) { ------------------ | | 1754| 241k|#define p 761 ------------------ | Branch (1911:18): [True: 241k, False: 159] ------------------ 1912| 184M| for (i = p; i > 0; --i) v[i] = v[i - 1]; ------------------ | | 1754| 241k|#define p 761 ------------------ | Branch (1912:17): [True: 184M, False: 241k] ------------------ 1913| 241k| v[0] = 0; 1914| 241k| sign = -g[0] * f[0]; 1915| 241k| swap = crypto_int16_negative_mask(-delta) & crypto_int16_nonzero_mask(g[0]); 1916| 241k| delta ^= swap & (delta ^ -delta); 1917| 241k| delta += 1; 1918| 184M| for (i = 0; i < p + 1; ++i) { ------------------ | | 1754| 184M|#define p 761 ------------------ | Branch (1918:17): [True: 184M, False: 241k] ------------------ 1919| 184M| t = swap & (f[i] ^ g[i]); 1920| 184M| f[i] ^= t; 1921| 184M| g[i] ^= t; 1922| 184M| t = swap & (v[i] ^ r[i]); 1923| 184M| v[i] ^= t; 1924| 184M| r[i] ^= t; 1925| 184M| } 1926| 184M| for (i = 0; i < p + 1; ++i) g[i] = F3_freeze(g[i] + sign * f[i]); ------------------ | | 1754| 184M|#define p 761 ------------------ | Branch (1926:17): [True: 184M, False: 241k] ------------------ 1927| 184M| for (i = 0; i < p + 1; ++i) r[i] = F3_freeze(r[i] + sign * v[i]); ------------------ | | 1754| 184M|#define p 761 ------------------ | Branch (1927:17): [True: 184M, False: 241k] ------------------ 1928| 184M| for (i = 0; i < p; ++i) g[i] = g[i + 1]; ------------------ | | 1754| 184M|#define p 761 ------------------ | Branch (1928:17): [True: 184M, False: 241k] ------------------ 1929| 241k| g[p] = 0; ------------------ | | 1754| 241k|#define p 761 ------------------ 1930| 241k| } 1931| 159| sign = f[0]; 1932| 121k| for (i = 0; i < p; ++i) out[i] = sign * v[p - 1 - i]; ------------------ | | 1754| 121k|#define p 761 ------------------ for (i = 0; i < p; ++i) out[i] = sign * v[p - 1 - i]; ------------------ | | 1754| 120k|#define p 761 ------------------ | Branch (1932:15): [True: 120k, False: 159] ------------------ 1933| 159| return crypto_int16_nonzero_mask(delta); 1934| 159|} sntrup761.c:crypto_int16_negative_mask: 74| 483k|crypto_int16 crypto_int16_negative_mask(crypto_int16 crypto_int16_x) { 75| 483k|#if defined(__GNUC__) && defined(__x86_64__) 76| 483k| __asm__ ("sarw $15,%0" : "+r"(crypto_int16_x) : : "cc"); 77| 483k| return crypto_int16_x; 78| |#elif defined(__GNUC__) && defined(__aarch64__) 79| | crypto_int16 crypto_int16_y; 80| | __asm__ ("sbfx %w0,%w1,15,1" : "=r"(crypto_int16_y) : "r"(crypto_int16_x) : ); 81| | return crypto_int16_y; 82| |#else 83| | crypto_int16_x >>= 16-6; 84| | crypto_int16_x += crypto_int16_optblocker; 85| | crypto_int16_x >>= 5; 86| | return crypto_int16_x; 87| |#endif 88| 483k|} sntrup761.c:crypto_int16_nonzero_mask: 232| 484k|crypto_int16 crypto_int16_nonzero_mask(crypto_int16 crypto_int16_x) { 233| 484k|#if defined(__GNUC__) && defined(__x86_64__) 234| 484k| crypto_int16 crypto_int16_q,crypto_int16_z; ------------------ | | 35| 484k|#define crypto_int16 int16_t ------------------ 235| 484k| __asm__ ("xorw %0,%0\n movw $-1,%1\n testw %2,%2\n cmovnew %1,%0" : "=&r"(crypto_int16_z), "=&r"(crypto_int16_q) : "r"(crypto_int16_x) : "cc"); 236| 484k| return crypto_int16_z; 237| |#elif defined(__GNUC__) && defined(__aarch64__) 238| | crypto_int16 crypto_int16_z; 239| | __asm__ ("tst %w1,65535\n csetm %w0,ne" : "=r"(crypto_int16_z) : "r"(crypto_int16_x) : "cc"); 240| | return crypto_int16_z; 241| |#else 242| | crypto_int16_x |= -crypto_int16_x; 243| | return crypto_int16_negative_mask(crypto_int16_x); 244| |#endif 245| 484k|} sntrup761.c:F3_freeze: 1766| 368M|static small F3_freeze(int16_t x) { return x - 3 * ((10923 * x + 16384) >> 15); } sntrup761.c:Rq_recip3: 1962| 159|static int Rq_recip3(Fq *out, const small *in) { 1963| 159| Fq f[p + 1], g[p + 1], v[p + 1], r[p + 1], scale; 1964| 159| int swap, t, i, loop, delta = 1; 1965| 159| int32_t f0, g0; 1966| 121k| for (i = 0; i < p + 1; ++i) v[i] = 0; ------------------ | | 1754| 121k|#define p 761 ------------------ | Branch (1966:15): [True: 121k, False: 159] ------------------ 1967| 121k| for (i = 0; i < p + 1; ++i) r[i] = 0; ------------------ | | 1754| 121k|#define p 761 ------------------ | Branch (1967:15): [True: 121k, False: 159] ------------------ 1968| 159| r[0] = Fq_recip(3); 1969| 121k| for (i = 0; i < p; ++i) f[i] = 0; ------------------ | | 1754| 121k|#define p 761 ------------------ | Branch (1969:15): [True: 120k, False: 159] ------------------ 1970| 159| f[0] = 1; 1971| 159| f[p - 1] = f[p] = -1; ------------------ | | 1754| 159|#define p 761 ------------------ f[p - 1] = f[p] = -1; ------------------ | | 1754| 159|#define p 761 ------------------ 1972| 121k| for (i = 0; i < p; ++i) g[p - 1 - i] = in[i]; ------------------ | | 1754| 121k|#define p 761 ------------------ for (i = 0; i < p; ++i) g[p - 1 - i] = in[i]; ------------------ | | 1754| 120k|#define p 761 ------------------ | Branch (1972:15): [True: 120k, False: 159] ------------------ 1973| 159| g[p] = 0; ------------------ | | 1754| 159|#define p 761 ------------------ 1974| 241k| for (loop = 0; loop < 2 * p - 1; ++loop) { ------------------ | | 1754| 241k|#define p 761 ------------------ | Branch (1974:18): [True: 241k, False: 159] ------------------ 1975| 184M| for (i = p; i > 0; --i) v[i] = v[i - 1]; ------------------ | | 1754| 241k|#define p 761 ------------------ | Branch (1975:17): [True: 184M, False: 241k] ------------------ 1976| 241k| v[0] = 0; 1977| 241k| swap = crypto_int16_negative_mask(-delta) & crypto_int16_nonzero_mask(g[0]); 1978| 241k| delta ^= swap & (delta ^ -delta); 1979| 241k| delta += 1; 1980| 184M| for (i = 0; i < p + 1; ++i) { ------------------ | | 1754| 184M|#define p 761 ------------------ | Branch (1980:17): [True: 184M, False: 241k] ------------------ 1981| 184M| t = swap & (f[i] ^ g[i]); 1982| 184M| f[i] ^= t; 1983| 184M| g[i] ^= t; 1984| 184M| t = swap & (v[i] ^ r[i]); 1985| 184M| v[i] ^= t; 1986| 184M| r[i] ^= t; 1987| 184M| } 1988| 241k| f0 = f[0]; 1989| 241k| g0 = g[0]; 1990| 184M| for (i = 0; i < p + 1; ++i) g[i] = Fq_freeze(f0 * g[i] - g0 * f[i]); ------------------ | | 1754| 184M|#define p 761 ------------------ | Branch (1990:17): [True: 184M, False: 241k] ------------------ 1991| 184M| for (i = 0; i < p + 1; ++i) r[i] = Fq_freeze(f0 * r[i] - g0 * v[i]); ------------------ | | 1754| 184M|#define p 761 ------------------ | Branch (1991:17): [True: 184M, False: 241k] ------------------ 1992| 184M| for (i = 0; i < p; ++i) g[i] = g[i + 1]; ------------------ | | 1754| 184M|#define p 761 ------------------ | Branch (1992:17): [True: 184M, False: 241k] ------------------ 1993| 241k| g[p] = 0; ------------------ | | 1754| 241k|#define p 761 ------------------ 1994| 241k| } 1995| 159| scale = Fq_recip(f[0]); 1996| 121k| for (i = 0; i < p; ++i) out[i] = Fq_freeze(scale * (int32_t)v[p - 1 - i]); ------------------ | | 1754| 121k|#define p 761 ------------------ for (i = 0; i < p; ++i) out[i] = Fq_freeze(scale * (int32_t)v[p - 1 - i]); ------------------ | | 1754| 120k|#define p 761 ------------------ | Branch (1996:15): [True: 120k, False: 159] ------------------ 1997| 159| return crypto_int16_nonzero_mask(delta); 1998| 159|} sntrup761.c:Fq_recip: 1952| 318|static Fq Fq_recip(Fq a1) { 1953| 318| int i = 1; 1954| 318| Fq ai = a1; 1955| 1.45M| while (i < q - 2) { ------------------ | | 1755| 1.45M|#define q 4591 ------------------ | Branch (1955:10): [True: 1.45M, False: 318] ------------------ 1956| 1.45M| ai = Fq_freeze(a1 * (int32_t)ai); 1957| 1.45M| i += 1; 1958| 1.45M| } 1959| 318| return ai; 1960| 318|} sntrup761.c:Fq_freeze: 1768| 370M|static Fq Fq_freeze(int32_t x) { 1769| 370M| const int32_t q16 = (0x10000 + q / 2) / q; ------------------ | | 1755| 370M|#define q 4591 ------------------ const int32_t q16 = (0x10000 + q / 2) / q; ------------------ | | 1755| 370M|#define q 4591 ------------------ 1770| 370M| const int32_t q20 = (0x100000 + q / 2) / q; ------------------ | | 1755| 370M|#define q 4591 ------------------ const int32_t q20 = (0x100000 + q / 2) / q; ------------------ | | 1755| 370M|#define q 4591 ------------------ 1771| 370M| const int32_t q28 = (0x10000000 + q / 2) / q; ------------------ | | 1755| 370M|#define q 4591 ------------------ const int32_t q28 = (0x10000000 + q / 2) / q; ------------------ | | 1755| 370M|#define q 4591 ------------------ 1772| 370M| x -= q * ((q16 * x) >> 16); ------------------ | | 1755| 370M|#define q 4591 ------------------ 1773| 370M| x -= q * ((q20 * x) >> 20); ------------------ | | 1755| 370M|#define q 4591 ------------------ 1774| 370M| return x - q * ((q28 * x + 0x8000000) >> 28); ------------------ | | 1755| 370M|#define q 4591 ------------------ 1775| 370M|} sntrup761.c:Rq_mult_small: 1936| 173|static void Rq_mult_small(Fq *h, const Fq *f, const small *g) { 1937| 173| int32_t fg[p + p - 1]; 1938| 173| int i, j; 1939| 263k| for (i = 0; i < p + p - 1; ++i) fg[i] = 0; ------------------ | | 1754| 263k|#define p 761 ------------------ for (i = 0; i < p + p - 1; ++i) fg[i] = 0; ------------------ | | 1754| 263k|#define p 761 ------------------ | Branch (1939:15): [True: 263k, False: 173] ------------------ 1940| 131k| for (i = 0; i < p; ++i) ------------------ | | 1754| 131k|#define p 761 ------------------ | Branch (1940:15): [True: 131k, False: 173] ------------------ 1941| 100M| for (j = 0; j < p; ++j) fg[i + j] += f[i] * (int32_t)g[j]; ------------------ | | 1754| 100M|#define p 761 ------------------ | Branch (1941:17): [True: 100M, False: 131k] ------------------ 1942| 131k| for (i = p; i < p + p - 1; ++i) fg[i - p] += fg[i]; ------------------ | | 1754| 173|#define p 761 ------------------ for (i = p; i < p + p - 1; ++i) fg[i - p] += fg[i]; ------------------ | | 1754| 131k|#define p 761 ------------------ for (i = p; i < p + p - 1; ++i) fg[i - p] += fg[i]; ------------------ | | 1754| 131k|#define p 761 ------------------ for (i = p; i < p + p - 1; ++i) fg[i - p] += fg[i]; ------------------ | | 1754| 131k|#define p 761 ------------------ | Branch (1942:15): [True: 131k, False: 173] ------------------ 1943| 131k| for (i = p; i < p + p - 1; ++i) fg[i - p + 1] += fg[i]; ------------------ | | 1754| 173|#define p 761 ------------------ for (i = p; i < p + p - 1; ++i) fg[i - p + 1] += fg[i]; ------------------ | | 1754| 131k|#define p 761 ------------------ for (i = p; i < p + p - 1; ++i) fg[i - p + 1] += fg[i]; ------------------ | | 1754| 131k|#define p 761 ------------------ for (i = p; i < p + p - 1; ++i) fg[i - p + 1] += fg[i]; ------------------ | | 1754| 131k|#define p 761 ------------------ | Branch (1943:15): [True: 131k, False: 173] ------------------ 1944| 131k| for (i = 0; i < p; ++i) h[i] = Fq_freeze(fg[i]); ------------------ | | 1754| 131k|#define p 761 ------------------ | Branch (1944:15): [True: 131k, False: 173] ------------------ 1945| 173|} sntrup761.c:Rq_encode: 2097| 159|static void Rq_encode(unsigned char *s, const Fq *r) { 2098| 159| uint16_t R[p], M[p]; 2099| 159| int i; 2100| 121k| for (i = 0; i < p; ++i) R[i] = r[i] + q12; ------------------ | | 1754| 121k|#define p 761 ------------------ for (i = 0; i < p; ++i) R[i] = r[i] + q12; ------------------ | | 1757| 120k|#define q12 ((q - 1) / 2) | | ------------------ | | | | 1755| 120k|#define q 4591 | | ------------------ ------------------ | Branch (2100:15): [True: 120k, False: 159] ------------------ 2101| 121k| for (i = 0; i < p; ++i) M[i] = q; ------------------ | | 1754| 121k|#define p 761 ------------------ for (i = 0; i < p; ++i) M[i] = q; ------------------ | | 1755| 120k|#define q 4591 ------------------ | Branch (2101:15): [True: 120k, False: 159] ------------------ 2102| 159| Encode(s, R, M, p); ------------------ | | 1754| 159|#define p 761 ------------------ 2103| 159|} sntrup761.c:Encode: 1806| 1.82k|static void Encode(unsigned char *out, const uint16_t *R, const uint16_t *M, long long len) { 1807| 1.82k| if (len == 1) { ------------------ | Branch (1807:7): [True: 166, False: 1.66k] ------------------ 1808| 166| uint16_t r = R[0], m = M[0]; 1809| 498| while (m > 1) { ------------------ | Branch (1809:12): [True: 332, False: 166] ------------------ 1810| 332| *out++ = r; 1811| 332| r >>= 8; 1812| 332| m = (m + 255) >> 8; 1813| 332| } 1814| 166| } 1815| 1.82k| if (len > 1) { ------------------ | Branch (1815:7): [True: 1.66k, False: 166] ------------------ 1816| 1.66k| uint16_t R2[(len + 1) / 2], M2[(len + 1) / 2]; 1817| 1.66k| long long i; 1818| 127k| for (i = 0; i < len - 1; i += 2) { ------------------ | Branch (1818:17): [True: 126k, False: 1.66k] ------------------ 1819| 126k| uint32_t m0 = M[i]; 1820| 126k| uint32_t r = R[i] + R[i + 1] * m0; 1821| 126k| uint32_t m = M[i + 1] * m0; 1822| 316k| while (m >= 16384) { ------------------ | Branch (1822:14): [True: 190k, False: 126k] ------------------ 1823| 190k| *out++ = r; 1824| 190k| r >>= 8; 1825| 190k| m = (m + 255) >> 8; 1826| 190k| } 1827| 126k| R2[i / 2] = r; 1828| 126k| M2[i / 2] = m; 1829| 126k| } 1830| 1.66k| if (i < len) { ------------------ | Branch (1830:9): [True: 664, False: 996] ------------------ 1831| 664| R2[i / 2] = R[i]; 1832| 664| M2[i / 2] = M[i]; 1833| 664| } 1834| 1.66k| Encode(out, R2, M2, (len + 1) / 2); 1835| 1.66k| } 1836| 1.82k|} sntrup761.c:Small_encode: 2078| 325|static void Small_encode(unsigned char *s, const small *f) { 2079| 325| int i, j; 2080| 62.0k| for (i = 0; i < p / 4; ++i) { ------------------ | | 1754| 62.0k|#define p 761 ------------------ | Branch (2080:15): [True: 61.7k, False: 325] ------------------ 2081| 61.7k| small x = 0; 2082| 308k| for (j = 0;j < 4;++j) x += (*f++ + 1) << (2 * j); ------------------ | Branch (2082:16): [True: 247k, False: 61.7k] ------------------ 2083| 61.7k| *s++ = x; 2084| 61.7k| } 2085| 325| *s = *f++ + 1; 2086| 325|} sntrup761.c:Hash_prefix: 2014| 187|static void Hash_prefix(unsigned char *out, int b, const unsigned char *in, int inlen) { 2015| 187| unsigned char x[inlen + 1], h[64]; 2016| 187| int i; 2017| 187| x[0] = b; 2018| 194k| for (i = 0; i < inlen; ++i) x[i + 1] = in[i]; ------------------ | Branch (2018:15): [True: 194k, False: 187] ------------------ 2019| 187| crypto_hash_sha512(h, x, inlen + 1); 2020| 6.17k| for (i = 0; i < 32; ++i) out[i] = h[i]; ------------------ | Branch (2020:15): [True: 5.98k, False: 187] ------------------ 2021| 187|} sntrup761.c:Short_random: 2032| 159|static void Short_random(small *out) { 2033| 159| uint32_t L[p]; 2034| 159| int i; 2035| 121k| for (i = 0; i < p; ++i) L[i] = urandom32(); ------------------ | | 1754| 121k|#define p 761 ------------------ | Branch (2035:15): [True: 120k, False: 159] ------------------ 2036| 159| Short_fromlist(out, L); 2037| 159|} sntrup761.c:Short_fromlist: 2005| 159|static void Short_fromlist(small *out, const uint32_t *in) { 2006| 159| uint32_t L[p]; 2007| 159| int i; 2008| 45.6k| for (i = 0; i < w; ++i) L[i] = in[i] & (uint32_t)-2; ------------------ | | 1756| 45.6k|#define w 286 ------------------ | Branch (2008:15): [True: 45.4k, False: 159] ------------------ 2009| 75.6k| for (i = w; i < p; ++i) L[i] = (in[i] & (uint32_t)-3) | 1; ------------------ | | 1756| 159|#define w 286 ------------------ for (i = w; i < p; ++i) L[i] = (in[i] & (uint32_t)-3) | 1; ------------------ | | 1754| 75.6k|#define p 761 ------------------ | Branch (2009:15): [True: 75.5k, False: 159] ------------------ 2010| 159| crypto_sort_uint32(L, p); ------------------ | | 1754| 159|#define p 761 ------------------ 2011| 121k| for (i = 0; i < p; ++i) out[i] = (L[i] & 3) - 1; ------------------ | | 1754| 121k|#define p 761 ------------------ | Branch (2011:15): [True: 120k, False: 159] ------------------ 2012| 159|} sntrup761.c:crypto_sort_uint32: 1743| 159|{ 1744| 159| crypto_uint32 *x = array; 1745| 159| long long j; 1746| 121k| for (j = 0;j < n;++j) x[j] ^= 0x80000000; ------------------ | Branch (1746:14): [True: 120k, False: 159] ------------------ 1747| 159| crypto_sort_int32(array,n); 1748| 121k| for (j = 0;j < n;++j) x[j] ^= 0x80000000; ------------------ | Branch (1748:14): [True: 120k, False: 159] ------------------ 1749| 159|} sntrup761.c:crypto_sort_int32: 1680| 159|{ 1681| 159| long long top,p,q,r,i,j; 1682| 159| int32 *x = array; ------------------ | | 20| 159|#define int32 crypto_int32 | | ------------------ | | | | 574| 159|#define crypto_int32 int32_t | | ------------------ ------------------ 1683| | 1684| 159| if (n < 2) return; ------------------ | Branch (1684:7): [True: 0, False: 159] ------------------ 1685| 159| top = 1; 1686| 1.59k| while (top < n - top) top += top; ------------------ | Branch (1686:10): [True: 1.43k, False: 159] ------------------ 1687| | 1688| 1.74k| for (p = top;p >= 1;p >>= 1) { ------------------ | Branch (1688:16): [True: 1.59k, False: 159] ------------------ 1689| 1.59k| i = 0; 1690| 121k| while (i + 2 * p <= n) { ------------------ | Branch (1690:12): [True: 119k, False: 1.59k] ------------------ 1691| 607k| for (j = i;j < i + p;++j) ------------------ | Branch (1691:18): [True: 487k, False: 119k] ------------------ 1692| 487k| int32_MINMAX(x[j],x[j+p]); ------------------ | | 1677| 487k|#define int32_MINMAX(a,b) crypto_int32_minmax(&a,&b) ------------------ 1693| 119k| i += 2 * p; 1694| 119k| } 1695| 75.0k| for (j = i;j < n - p;++j) ------------------ | Branch (1695:16): [True: 73.4k, False: 1.59k] ------------------ 1696| 73.4k| int32_MINMAX(x[j],x[j+p]); ------------------ | | 1677| 73.4k|#define int32_MINMAX(a,b) crypto_int32_minmax(&a,&b) ------------------ 1697| | 1698| 1.59k| i = 0; 1699| 1.59k| j = 0; 1700| 8.74k| for (q = top;q > p;q >>= 1) { ------------------ | Branch (1700:18): [True: 7.15k, False: 1.59k] ------------------ 1701| 7.15k| if (j != i) for (;;) { ------------------ | Branch (1701:11): [True: 2.06k, False: 5.08k] ------------------ 1702| 3.97k| if (j == n - q) goto done; ------------------ | Branch (1702:13): [True: 0, False: 3.97k] ------------------ 1703| 3.97k| int32 a = x[j + p]; ------------------ | | 20| 3.97k|#define int32 crypto_int32 | | ------------------ | | | | 574| 3.97k|#define crypto_int32 int32_t | | ------------------ ------------------ 1704| 18.4k| for (r = q;r > p;r >>= 1) ------------------ | Branch (1704:20): [True: 14.4k, False: 3.97k] ------------------ 1705| 14.4k| int32_MINMAX(a,x[j + r]); ------------------ | | 1677| 18.4k|#define int32_MINMAX(a,b) crypto_int32_minmax(&a,&b) ------------------ 1706| 3.97k| x[j + p] = a; 1707| 3.97k| ++j; 1708| 3.97k| if (j == i + p) { ------------------ | Branch (1708:13): [True: 2.06k, False: 1.90k] ------------------ 1709| 2.06k| i += 2 * p; 1710| 2.06k| break; 1711| 2.06k| } 1712| 3.97k| } 1713| 124k| while (i + p <= n - q) { ------------------ | Branch (1713:14): [True: 117k, False: 7.15k] ------------------ 1714| 557k| for (j = i;j < i + p;++j) { ------------------ | Branch (1714:20): [True: 440k, False: 117k] ------------------ 1715| 440k| int32 a = x[j + p]; ------------------ | | 20| 440k|#define int32 crypto_int32 | | ------------------ | | | | 574| 440k|#define crypto_int32 int32_t | | ------------------ ------------------ 1716| 2.47M| for (r = q;r > p;r >>= 1) ------------------ | Branch (1716:22): [True: 2.03M, False: 440k] ------------------ 1717| 2.03M| int32_MINMAX(a,x[j+r]); ------------------ | | 1677| 2.03M|#define int32_MINMAX(a,b) crypto_int32_minmax(&a,&b) ------------------ 1718| 440k| x[j + p] = a; 1719| 440k| } 1720| 117k| i += 2 * p; 1721| 117k| } 1722| | /* now i + p > n - q */ 1723| 7.15k| j = i; 1724| 49.1k| while (j < n - q) { ------------------ | Branch (1724:14): [True: 41.9k, False: 7.15k] ------------------ 1725| 41.9k| int32 a = x[j + p]; ------------------ | | 20| 41.9k|#define int32 crypto_int32 | | ------------------ | | | | 574| 41.9k|#define crypto_int32 int32_t | | ------------------ ------------------ 1726| 91.7k| for (r = q;r > p;r >>= 1) ------------------ | Branch (1726:20): [True: 49.7k, False: 41.9k] ------------------ 1727| 49.7k| int32_MINMAX(a,x[j+r]); ------------------ | | 1677| 49.7k|#define int32_MINMAX(a,b) crypto_int32_minmax(&a,&b) ------------------ 1728| 41.9k| x[j + p] = a; 1729| 41.9k| ++j; 1730| 41.9k| } 1731| | 1732| 7.15k| done: ; 1733| 7.15k| } 1734| 1.59k| } 1735| 159|} sntrup761.c:crypto_int32_minmax: 981| 2.66M|void crypto_int32_minmax(crypto_int32 *crypto_int32_p,crypto_int32 *crypto_int32_q) { 982| 2.66M| crypto_int32 crypto_int32_x = *crypto_int32_p; ------------------ | | 574| 2.66M|#define crypto_int32 int32_t ------------------ 983| 2.66M| crypto_int32 crypto_int32_y = *crypto_int32_q; ------------------ | | 574| 2.66M|#define crypto_int32 int32_t ------------------ 984| 2.66M|#if defined(__GNUC__) && defined(__x86_64__) 985| 2.66M| crypto_int32 crypto_int32_z; ------------------ | | 574| 2.66M|#define crypto_int32 int32_t ------------------ 986| 2.66M| __asm__ ("cmpl %2,%1\n movl %1,%0\n cmovgl %2,%1\n cmovgl %0,%2" : "=&r"(crypto_int32_z), "+&r"(crypto_int32_x), "+r"(crypto_int32_y) : : "cc"); 987| 2.66M| *crypto_int32_p = crypto_int32_x; 988| 2.66M| *crypto_int32_q = crypto_int32_y; 989| |#elif defined(__GNUC__) && defined(__aarch64__) 990| | crypto_int32 crypto_int32_r, crypto_int32_s; 991| | __asm__ ("cmp %w2,%w3\n csel %w0,%w2,%w3,lt\n csel %w1,%w3,%w2,lt" : "=&r"(crypto_int32_r), "=r"(crypto_int32_s) : "r"(crypto_int32_x), "r"(crypto_int32_y) : "cc"); 992| | *crypto_int32_p = crypto_int32_r; 993| | *crypto_int32_q = crypto_int32_s; 994| |#else 995| | crypto_int64 crypto_int32_r = (crypto_int64)crypto_int32_y ^ (crypto_int64)crypto_int32_x; 996| | crypto_int64 crypto_int32_z = (crypto_int64)crypto_int32_y - (crypto_int64)crypto_int32_x; 997| | crypto_int32_z ^= crypto_int32_r & (crypto_int32_z ^ crypto_int32_y); 998| | crypto_int32_z = crypto_int32_negative_mask(crypto_int32_z); 999| | crypto_int32_z &= crypto_int32_r; 1000| | crypto_int32_x ^= crypto_int32_z; 1001| | crypto_int32_y ^= crypto_int32_z; 1002| | *crypto_int32_p = crypto_int32_x; 1003| | *crypto_int32_q = crypto_int32_y; 1004| |#endif 1005| 2.66M|} sntrup761.c:Hide: 2180| 7|static void Hide(unsigned char *c, unsigned char *r_enc, const Inputs r, const unsigned char *pk, const unsigned char *cache) { 2181| 7| Small_encode(r_enc, r); 2182| 7| ZEncrypt(c, r, pk); 2183| 7| HashConfirm(c + crypto_kem_sntrup761_CIPHERTEXTBYTES - Confirm_bytes, r_enc, cache); ------------------ | | 6| 7|#define crypto_kem_sntrup761_CIPHERTEXTBYTES 1039 ------------------ HashConfirm(c + crypto_kem_sntrup761_CIPHERTEXTBYTES - Confirm_bytes, r_enc, cache); ------------------ | | 1764| 7|#define Confirm_bytes 32 ------------------ 2184| 7|} sntrup761.c:ZEncrypt: 2138| 7|static void ZEncrypt(unsigned char *C, const Inputs r, const unsigned char *pk) { 2139| 7| Fq h[p], c[p]; 2140| 7| Rq_decode(h, pk); 2141| 7| Encrypt(c, r, h); 2142| 7| Rounded_encode(C, c); 2143| 7|} sntrup761.c:Rq_decode: 2105| 7|static void Rq_decode(Fq *r, const unsigned char *s) { 2106| 7| uint16_t R[p], M[p]; 2107| 7| int i; 2108| 5.33k| for (i = 0; i < p; ++i) M[i] = q; ------------------ | | 1754| 5.33k|#define p 761 ------------------ for (i = 0; i < p; ++i) M[i] = q; ------------------ | | 1755| 5.32k|#define q 4591 ------------------ | Branch (2108:15): [True: 5.32k, False: 7] ------------------ 2109| 7| Decode(R, s, M, p); ------------------ | | 1754| 7|#define p 761 ------------------ 2110| 5.33k| for (i = 0; i < p; ++i) r[i] = ((Fq)R[i]) - q12; ------------------ | | 1754| 5.33k|#define p 761 ------------------ for (i = 0; i < p; ++i) r[i] = ((Fq)R[i]) - q12; ------------------ | | 1757| 5.32k|#define q12 ((q - 1) / 2) | | ------------------ | | | | 1755| 5.32k|#define q 4591 | | ------------------ ------------------ | Branch (2110:15): [True: 5.32k, False: 7] ------------------ 2111| 7|} sntrup761.c:Decode: 1838| 154|static void Decode(uint16_t *out, const unsigned char *S, const uint16_t *M, long long len) { 1839| 154| if (len == 1) { ------------------ | Branch (1839:7): [True: 14, False: 140] ------------------ 1840| 14| if (M[0] == 1) ------------------ | Branch (1840:9): [True: 0, False: 14] ------------------ 1841| 0| *out = 0; 1842| 14| else if (M[0] <= 256) ------------------ | Branch (1842:14): [True: 0, False: 14] ------------------ 1843| 0| *out = uint32_mod_uint14(S[0], M[0]); 1844| 14| else 1845| 14| *out = uint32_mod_uint14(S[0] + (((uint16_t)S[1]) << 8), M[0]); 1846| 14| } 1847| 154| if (len > 1) { ------------------ | Branch (1847:7): [True: 140, False: 14] ------------------ 1848| 140| uint16_t R2[(len + 1) / 2], M2[(len + 1) / 2], bottomr[len / 2]; 1849| 140| uint32_t bottomt[len / 2]; 1850| 140| long long i; 1851| 10.7k| for (i = 0; i < len - 1; i += 2) { ------------------ | Branch (1851:17): [True: 10.6k, False: 140] ------------------ 1852| 10.6k| uint32_t m = M[i] * (uint32_t)M[i + 1]; 1853| 10.6k| if (m > 256 * 16383) { ------------------ | Branch (1853:11): [True: 4.48k, False: 6.15k] ------------------ 1854| 4.48k| bottomt[i / 2] = 256 * 256; 1855| 4.48k| bottomr[i / 2] = S[0] + 256 * S[1]; 1856| 4.48k| S += 2; 1857| 4.48k| M2[i / 2] = (((m + 255) >> 8) + 255) >> 8; 1858| 6.15k| } else if (m >= 16384) { ------------------ | Branch (1858:18): [True: 6.15k, False: 0] ------------------ 1859| 6.15k| bottomt[i / 2] = 256; 1860| 6.15k| bottomr[i / 2] = S[0]; 1861| 6.15k| S += 1; 1862| 6.15k| M2[i / 2] = (m + 255) >> 8; 1863| 6.15k| } else { 1864| 0| bottomt[i / 2] = 1; 1865| 0| bottomr[i / 2] = 0; 1866| 0| M2[i / 2] = m; 1867| 0| } 1868| 10.6k| } 1869| 140| if (i < len) M2[i / 2] = M[i]; ------------------ | Branch (1869:9): [True: 56, False: 84] ------------------ 1870| 140| Decode(R2, S, M2, (len + 1) / 2); 1871| 10.7k| for (i = 0; i < len - 1; i += 2) { ------------------ | Branch (1871:17): [True: 10.6k, False: 140] ------------------ 1872| 10.6k| uint32_t r1, r = bottomr[i / 2]; 1873| 10.6k| uint16_t r0; 1874| 10.6k| r += bottomt[i / 2] * R2[i / 2]; 1875| 10.6k| uint32_divmod_uint14(&r1, &r0, r, M[i]); 1876| 10.6k| r1 = uint32_mod_uint14(r1, M[i + 1]); 1877| 10.6k| *out++ = r0; 1878| 10.6k| *out++ = r1; 1879| 10.6k| } 1880| 140| if (i < len) *out++ = R2[i / 2]; ------------------ | Branch (1880:9): [True: 56, False: 84] ------------------ 1881| 140| } 1882| 154|} sntrup761.c:uint32_mod_uint14: 1799| 10.6k|static uint16_t uint32_mod_uint14(uint32_t x, uint16_t m) { 1800| 10.6k| uint32_t Q; 1801| 10.6k| uint16_t r; 1802| 10.6k| uint32_divmod_uint14(&Q, &r, x, m); 1803| 10.6k| return r; 1804| 10.6k|} sntrup761.c:uint32_divmod_uint14: 1783| 21.2k|static void uint32_divmod_uint14(uint32_t *Q, uint16_t *r, uint32_t x, uint16_t m) { 1784| 21.2k| uint32_t qpart, mask, v = 0x80000000 / m; 1785| 21.2k| qpart = (x * (uint64_t)v) >> 31; 1786| 21.2k| x -= qpart * m; 1787| 21.2k| *Q = qpart; 1788| 21.2k| qpart = (x * (uint64_t)v) >> 31; 1789| 21.2k| x -= qpart * m; 1790| 21.2k| *Q += qpart; 1791| 21.2k| x -= m; 1792| 21.2k| *Q += 1; 1793| 21.2k| mask = crypto_int32_negative_mask(x); 1794| 21.2k| x += mask & (uint32_t)m; 1795| 21.2k| *Q += mask; 1796| 21.2k| *r = x; 1797| 21.2k|} sntrup761.c:crypto_int32_negative_mask: 621| 21.2k|crypto_int32 crypto_int32_negative_mask(crypto_int32 crypto_int32_x) { 622| 21.2k|#if defined(__GNUC__) && defined(__x86_64__) 623| 21.2k| __asm__ ("sarl $31,%0" : "+r"(crypto_int32_x) : : "cc"); 624| 21.2k| return crypto_int32_x; 625| |#elif defined(__GNUC__) && defined(__aarch64__) 626| | crypto_int32 crypto_int32_y; 627| | __asm__ ("asr %w0,%w1,31" : "=r"(crypto_int32_y) : "r"(crypto_int32_x) : ); 628| | return crypto_int32_y; 629| |#else 630| | crypto_int32_x >>= 32-6; 631| | crypto_int32_x += crypto_int32_optblocker; 632| | crypto_int32_x >>= 5; 633| | return crypto_int32_x; 634| |#endif 635| 21.2k|} sntrup761.c:Encrypt: 2059| 7|static void Encrypt(Fq *c, const small *r, const Fq *h) { 2060| 7| Fq hr[p]; 2061| 7| Rq_mult_small(hr, h, r); 2062| 7| Round(c, hr); 2063| 7|} sntrup761.c:Round: 2000| 7|static void Round(Fq *out, const Fq *a) { 2001| 7| int i; 2002| 5.33k| for (i = 0; i < p; ++i) out[i] = a[i] - F3_freeze(a[i]); ------------------ | | 1754| 5.33k|#define p 761 ------------------ | Branch (2002:15): [True: 5.32k, False: 7] ------------------ 2003| 7|} sntrup761.c:Rounded_encode: 2113| 7|static void Rounded_encode(unsigned char *s, const Fq *r) { 2114| 7| uint16_t R[p], M[p]; 2115| 7| int i; 2116| 5.33k| for (i = 0; i < p; ++i) R[i] = ((r[i] + q12) * 10923) >> 15; ------------------ | | 1754| 5.33k|#define p 761 ------------------ for (i = 0; i < p; ++i) R[i] = ((r[i] + q12) * 10923) >> 15; ------------------ | | 1757| 5.32k|#define q12 ((q - 1) / 2) | | ------------------ | | | | 1755| 5.32k|#define q 4591 | | ------------------ ------------------ | Branch (2116:15): [True: 5.32k, False: 7] ------------------ 2117| 5.33k| for (i = 0; i < p; ++i) M[i] = (q + 2) / 3; ------------------ | | 1754| 5.33k|#define p 761 ------------------ for (i = 0; i < p; ++i) M[i] = (q + 2) / 3; ------------------ | | 1755| 5.32k|#define q 4591 ------------------ | Branch (2117:15): [True: 5.32k, False: 7] ------------------ 2118| 7| Encode(s, R, M, p); ------------------ | | 1754| 7|#define p 761 ------------------ 2119| 7|} sntrup761.c:HashConfirm: 2154| 7|static void HashConfirm(unsigned char *h, const unsigned char *r, const unsigned char *cache) { 2155| 7| unsigned char x[Hash_bytes * 2]; 2156| 7| int i; 2157| 7| Hash_prefix(x, 3, r, Small_bytes); ------------------ | | 1761| 7|#define Small_bytes ((p + 3) / 4) | | ------------------ | | | | 1754| 7|#define p 761 | | ------------------ ------------------ 2158| 231| for (i = 0; i < Hash_bytes; ++i) x[Hash_bytes + i] = cache[i]; ------------------ | | 1760| 231|#define Hash_bytes 32 ------------------ for (i = 0; i < Hash_bytes; ++i) x[Hash_bytes + i] = cache[i]; ------------------ | | 1760| 224|#define Hash_bytes 32 ------------------ | Branch (2158:15): [True: 224, False: 7] ------------------ 2159| 7| Hash_prefix(h, 2, x, sizeof x); 2160| 7|} sntrup761.c:HashSession: 2162| 7|static void HashSession(unsigned char *k, int b, const unsigned char *y, const unsigned char *z) { 2163| 7| unsigned char x[Hash_bytes + crypto_kem_sntrup761_CIPHERTEXTBYTES]; 2164| 7| int i; 2165| 7| Hash_prefix(x, 3, y, Small_bytes); ------------------ | | 1761| 7|#define Small_bytes ((p + 3) / 4) | | ------------------ | | | | 1754| 7|#define p 761 | | ------------------ ------------------ 2166| 7.28k| for (i = 0; i < crypto_kem_sntrup761_CIPHERTEXTBYTES; ++i) x[Hash_bytes + i] = z[i]; ------------------ | | 6| 7.28k|#define crypto_kem_sntrup761_CIPHERTEXTBYTES 1039 ------------------ for (i = 0; i < crypto_kem_sntrup761_CIPHERTEXTBYTES; ++i) x[Hash_bytes + i] = z[i]; ------------------ | | 1760| 7.27k|#define Hash_bytes 32 ------------------ | Branch (2166:15): [True: 7.27k, False: 7] ------------------ 2167| 7| Hash_prefix(k, b, x, sizeof x); 2168| 7|} sntrup761.c:ZDecrypt: 2145| 7|static void ZDecrypt(Inputs r, const unsigned char *C, const unsigned char *sk) { 2146| 7| small f[p], v[p]; 2147| 7| Fq c[p]; 2148| 7| Small_decode(f, sk); 2149| 7| Small_decode(v, sk + Small_bytes); ------------------ | | 1761| 7|#define Small_bytes ((p + 3) / 4) | | ------------------ | | | | 1754| 7|#define p 761 | | ------------------ ------------------ 2150| 7| Rounded_decode(c, C); 2151| 7| Decrypt(r, c, f, v); 2152| 7|} sntrup761.c:Small_decode: 2088| 14|static void Small_decode(small *f, const unsigned char *s) { 2089| 14| int i, j; 2090| 2.67k| for (i = 0; i < p / 4; ++i) { ------------------ | | 1754| 2.67k|#define p 761 ------------------ | Branch (2090:15): [True: 2.66k, False: 14] ------------------ 2091| 2.66k| unsigned char x = *s++; 2092| 13.3k| for (j = 0;j < 4;++j) *f++ = ((small)((x >> (2 * j)) & 3)) - 1; ------------------ | Branch (2092:16): [True: 10.6k, False: 2.66k] ------------------ 2093| 2.66k| } 2094| 14| *f++ = ((small)(*s & 3)) - 1; 2095| 14|} sntrup761.c:Rounded_decode: 2121| 7|static void Rounded_decode(Fq *r, const unsigned char *s) { 2122| 7| uint16_t R[p], M[p]; 2123| 7| int i; 2124| 5.33k| for (i = 0; i < p; ++i) M[i] = (q + 2) / 3; ------------------ | | 1754| 5.33k|#define p 761 ------------------ for (i = 0; i < p; ++i) M[i] = (q + 2) / 3; ------------------ | | 1755| 5.32k|#define q 4591 ------------------ | Branch (2124:15): [True: 5.32k, False: 7] ------------------ 2125| 7| Decode(R, s, M, p); ------------------ | | 1754| 7|#define p 761 ------------------ 2126| 5.33k| for (i = 0; i < p; ++i) r[i] = R[i] * 3 - q12; ------------------ | | 1754| 5.33k|#define p 761 ------------------ for (i = 0; i < p; ++i) r[i] = R[i] * 3 - q12; ------------------ | | 1757| 5.32k|#define q12 ((q - 1) / 2) | | ------------------ | | | | 1755| 5.32k|#define q 4591 | | ------------------ ------------------ | Branch (2126:15): [True: 5.32k, False: 7] ------------------ 2127| 7|} sntrup761.c:Decrypt: 2065| 7|static void Decrypt(small *r, const Fq *c, const small *f, const small *ginv) { 2066| 7| Fq cf[p], cf3[p]; 2067| 7| small e[p], ev[p]; 2068| 7| int mask, i; 2069| 7| Rq_mult_small(cf, c, f); 2070| 7| Rq_mult3(cf3, cf); 2071| 7| R3_fromRq(e, cf3); 2072| 7| R3_mult(ev, e, ginv); 2073| 7| mask = Weightw_mask(ev); 2074| 2.00k| for (i = 0; i < w; ++i) r[i] = ((ev[i] ^ 1) & ~mask) ^ 1; ------------------ | | 1756| 2.00k|#define w 286 ------------------ | Branch (2074:15): [True: 2.00k, False: 7] ------------------ 2075| 3.33k| for (i = w; i < p; ++i) r[i] = ev[i] & ~mask; ------------------ | | 1756| 7|#define w 286 ------------------ for (i = w; i < p; ++i) r[i] = ev[i] & ~mask; ------------------ | | 1754| 3.33k|#define p 761 ------------------ | Branch (2075:15): [True: 3.32k, False: 7] ------------------ 2076| 7|} sntrup761.c:Rq_mult3: 1947| 7|static void Rq_mult3(Fq *h, const Fq *f) { 1948| 7| int i; 1949| 5.33k| for (i = 0; i < p; ++i) h[i] = Fq_freeze(3 * f[i]); ------------------ | | 1754| 5.33k|#define p 761 ------------------ | Branch (1949:15): [True: 5.32k, False: 7] ------------------ 1950| 7|} sntrup761.c:R3_fromRq: 1884| 7|static void R3_fromRq(small *out, const Fq *r) { 1885| 7| int i; 1886| 5.33k| for (i = 0; i < p; ++i) out[i] = F3_freeze(r[i]); ------------------ | | 1754| 5.33k|#define p 761 ------------------ | Branch (1886:15): [True: 5.32k, False: 7] ------------------ 1887| 7|} sntrup761.c:R3_mult: 1889| 7|static void R3_mult(small *h, const small *f, const small *g) { 1890| 7| int16_t fg[p + p - 1]; 1891| 7| int i, j; 1892| 10.6k| for (i = 0; i < p + p - 1; ++i) fg[i] = 0; ------------------ | | 1754| 10.6k|#define p 761 ------------------ for (i = 0; i < p + p - 1; ++i) fg[i] = 0; ------------------ | | 1754| 10.6k|#define p 761 ------------------ | Branch (1892:15): [True: 10.6k, False: 7] ------------------ 1893| 5.33k| for (i = 0; i < p; ++i) ------------------ | | 1754| 5.33k|#define p 761 ------------------ | Branch (1893:15): [True: 5.32k, False: 7] ------------------ 1894| 4.05M| for (j = 0; j < p; ++j) fg[i + j] += f[i] * (int16_t)g[j]; ------------------ | | 1754| 4.05M|#define p 761 ------------------ | Branch (1894:17): [True: 4.05M, False: 5.32k] ------------------ 1895| 5.32k| for (i = p; i < p + p - 1; ++i) fg[i - p] += fg[i]; ------------------ | | 1754| 7|#define p 761 ------------------ for (i = p; i < p + p - 1; ++i) fg[i - p] += fg[i]; ------------------ | | 1754| 5.32k|#define p 761 ------------------ for (i = p; i < p + p - 1; ++i) fg[i - p] += fg[i]; ------------------ | | 1754| 5.32k|#define p 761 ------------------ for (i = p; i < p + p - 1; ++i) fg[i - p] += fg[i]; ------------------ | | 1754| 5.32k|#define p 761 ------------------ | Branch (1895:15): [True: 5.32k, False: 7] ------------------ 1896| 5.32k| for (i = p; i < p + p - 1; ++i) fg[i - p + 1] += fg[i]; ------------------ | | 1754| 7|#define p 761 ------------------ for (i = p; i < p + p - 1; ++i) fg[i - p + 1] += fg[i]; ------------------ | | 1754| 5.32k|#define p 761 ------------------ for (i = p; i < p + p - 1; ++i) fg[i - p + 1] += fg[i]; ------------------ | | 1754| 5.32k|#define p 761 ------------------ for (i = p; i < p + p - 1; ++i) fg[i - p + 1] += fg[i]; ------------------ | | 1754| 5.32k|#define p 761 ------------------ | Branch (1896:15): [True: 5.32k, False: 7] ------------------ 1897| 5.33k| for (i = 0; i < p; ++i) h[i] = F3_freeze(fg[i]); ------------------ | | 1754| 5.33k|#define p 761 ------------------ | Branch (1897:15): [True: 5.32k, False: 7] ------------------ 1898| 7|} sntrup761.c:Weightw_mask: 1777| 7|static int Weightw_mask(small *r) { 1778| 7| int i, weight = 0; 1779| 5.33k| for (i = 0; i < p; ++i) weight += crypto_int64_bottombit_01(r[i]); ------------------ | | 1754| 5.33k|#define p 761 ------------------ | Branch (1779:15): [True: 5.32k, False: 7] ------------------ 1780| 7| return crypto_int16_nonzero_mask(weight - w); ------------------ | | 1756| 7|#define w 286 ------------------ 1781| 7|} sntrup761.c:crypto_int64_bottombit_01: 1253| 5.33k|crypto_int64 crypto_int64_bottombit_01(crypto_int64 crypto_int64_x) { 1254| 5.33k|#if defined(__GNUC__) && defined(__x86_64__) 1255| 5.33k| __asm__ ("andq $1,%0" : "+r"(crypto_int64_x) : : "cc"); 1256| 5.33k| return crypto_int64_x; 1257| |#elif defined(__GNUC__) && defined(__aarch64__) 1258| | crypto_int64 crypto_int64_y; 1259| | __asm__ ("ubfx %0,%1,0,1" : "=r"(crypto_int64_y) : "r"(crypto_int64_x) : ); 1260| | return crypto_int64_y; 1261| |#else 1262| | crypto_int64_x &= 1 + crypto_int64_optblocker; 1263| | return crypto_int64_x; 1264| |#endif 1265| 5.33k|} sntrup761.c:Ciphertexts_diff_mask: 2196| 7|static int Ciphertexts_diff_mask(const unsigned char *c, const unsigned char *c2) { 2197| 7| uint16_t differentbits = 0; 2198| 7| int len = crypto_kem_sntrup761_CIPHERTEXTBYTES; ------------------ | | 6| 7|#define crypto_kem_sntrup761_CIPHERTEXTBYTES 1039 ------------------ 2199| 7.28k| while (len-- > 0) differentbits |= (*c++) ^ (*c2++); ------------------ | Branch (2199:10): [True: 7.27k, False: 7] ------------------ 2200| 7| return (crypto_int64_bitmod_01((differentbits - 1),8)) - 1; 2201| 7|} sntrup761.c:crypto_int64_bitmod_01: 1332| 7|crypto_int64 crypto_int64_bitmod_01(crypto_int64 crypto_int64_x,crypto_int64 crypto_int64_s) { 1333| 7| crypto_int64_x = crypto_int64_shrmod(crypto_int64_x,crypto_int64_s); 1334| 7| return crypto_int64_bottombit_01(crypto_int64_x); 1335| 7|} sntrup761.c:crypto_int64_shrmod: 1310| 7|crypto_int64 crypto_int64_shrmod(crypto_int64 crypto_int64_x,crypto_int64 crypto_int64_s) { 1311| 7|#if defined(__GNUC__) && defined(__x86_64__) 1312| 7| __asm__ ("sarq %%cl,%0" : "+r"(crypto_int64_x) : "c"(crypto_int64_s) : "cc"); 1313| |#elif defined(__GNUC__) && defined(__aarch64__) 1314| | __asm__ ("asr %0,%0,%1" : "+r"(crypto_int64_x) : "r"(crypto_int64_s) : ); 1315| |#else 1316| | int crypto_int64_k, crypto_int64_l; 1317| | for (crypto_int64_l = 0,crypto_int64_k = 1;crypto_int64_k < 64;++crypto_int64_l,crypto_int64_k *= 2) 1318| | crypto_int64_x ^= (crypto_int64_x ^ (crypto_int64_x >> crypto_int64_k)) & crypto_int64_bitinrangepublicpos_mask(crypto_int64_s,crypto_int64_l); 1319| |#endif 1320| 7| return crypto_int64_x; 1321| 7|} sntrup761.c:randombytes: 24| 242k|static inline void randombytes(unsigned char* buf, unsigned int len) { 25| 242k| genrandom(buf, len); 26| 242k|} sntrup761.c:crypto_hash_sha512: 36| 187|{ 37| 187| hash_state hs; 38| | 39| 187| sha512_init(&hs); 40| 187| sha512_process(&hs, m, n); 41| 187| return sha512_done(&hs, out); 42| 187|}