sae.c:wpa_key_mgmt_sae_ext_key: 126| 603|{ 127| 603| return !!(akm & (WPA_KEY_MGMT_SAE_EXT_KEY | ------------------ | | 52| 603|#define WPA_KEY_MGMT_SAE_EXT_KEY BIT(26) | | ------------------ | | | | 458| 603|#define BIT(x) (1U << (x)) | | ------------------ ------------------ 128| 603| WPA_KEY_MGMT_FT_SAE_EXT_KEY)); ------------------ | | 53| 603|#define WPA_KEY_MGMT_FT_SAE_EXT_KEY BIT(27) | | ------------------ | | | | 458| 603|#define BIT(x) (1U << (x)) | | ------------------ ------------------ 129| 603|} dragonfly_suitable_group: 19| 1.22k|{ 20| | /* Enforce REVmd rules on which SAE groups are suitable for production 21| | * purposes: FFC groups whose prime is >= 3072 bits and ECC groups 22| | * defined over a prime field whose prime is >= 256 bits. Furthermore, 23| | * ECC groups defined over a characteristic 2 finite field and ECC 24| | * groups with a co-factor greater than 1 are not suitable. Disable 25| | * groups that use Brainpool curves as well for now since they leak more 26| | * timing information due to the prime not being close to a power of 27| | * two. */ 28| 1.22k| return group == 19 || group == 20 || group == 21 || ------------------ | Branch (28:9): [True: 1.22k, False: 0] | Branch (28:24): [True: 0, False: 0] | Branch (28:39): [True: 0, False: 0] ------------------ 29| 0| (!ecc_only && ------------------ | Branch (29:4): [True: 0, False: 0] ------------------ 30| 0| (group == 15 || group == 16 || group == 17 || group == 18)); ------------------ | Branch (30:5): [True: 0, False: 0] | Branch (30:20): [True: 0, False: 0] | Branch (30:35): [True: 0, False: 0] | Branch (30:50): [True: 0, False: 0] ------------------ 31| 1.22k|} sae_set_group: 27| 1.22k|{ 28| 1.22k| struct sae_temporary_data *tmp; 29| | 30| |#ifdef CONFIG_TESTING_OPTIONS 31| | /* Allow all groups for testing purposes in non-production builds. */ 32| |#else /* CONFIG_TESTING_OPTIONS */ 33| 1.22k| if (!dragonfly_suitable_group(group, 0)) { ------------------ | Branch (33:6): [True: 0, False: 1.22k] ------------------ 34| 0| wpa_printf(MSG_DEBUG, "SAE: Reject unsuitable group %d", group); 35| 0| return -1; 36| 0| } 37| 1.22k|#endif /* CONFIG_TESTING_OPTIONS */ 38| | 39| 1.22k| sae_clear_data(sae); 40| 1.22k| tmp = sae->tmp = os_zalloc(sizeof(*tmp)); 41| 1.22k| if (tmp == NULL) ------------------ | Branch (41:6): [True: 0, False: 1.22k] ------------------ 42| 0| return -1; 43| | 44| | /* First, check if this is an ECC group */ 45| 1.22k| tmp->ec = crypto_ec_init(group); 46| 1.22k| if (tmp->ec) { ------------------ | Branch (46:6): [True: 1.22k, False: 0] ------------------ 47| 1.22k| wpa_printf(MSG_DEBUG, "SAE: Selecting supported ECC group %d", 48| 1.22k| group); 49| 1.22k| sae->group = group; 50| 1.22k| tmp->prime_len = crypto_ec_prime_len(tmp->ec); 51| 1.22k| tmp->prime = crypto_ec_get_prime(tmp->ec); 52| 1.22k| tmp->order_len = crypto_ec_order_len(tmp->ec); 53| 1.22k| tmp->order = crypto_ec_get_order(tmp->ec); 54| 1.22k| return 0; 55| 1.22k| } 56| | 57| | /* Not an ECC group, check FFC */ 58| 0| tmp->dh = dh_groups_get(group); 59| 0| if (tmp->dh) { ------------------ | Branch (59:6): [True: 0, False: 0] ------------------ 60| 0| wpa_printf(MSG_DEBUG, "SAE: Selecting supported FFC group %d", 61| 0| group); 62| 0| sae->group = group; 63| 0| tmp->prime_len = tmp->dh->prime_len; 64| 0| if (tmp->prime_len > SAE_MAX_PRIME_LEN) { ------------------ | | 16| 0|#define SAE_MAX_PRIME_LEN 512 ------------------ | Branch (64:7): [True: 0, False: 0] ------------------ 65| 0| sae_clear_data(sae); 66| 0| return -1; 67| 0| } 68| | 69| 0| tmp->prime_buf = crypto_bignum_init_set(tmp->dh->prime, 70| 0| tmp->prime_len); 71| 0| if (tmp->prime_buf == NULL) { ------------------ | Branch (71:7): [True: 0, False: 0] ------------------ 72| 0| sae_clear_data(sae); 73| 0| return -1; 74| 0| } 75| 0| tmp->prime = tmp->prime_buf; 76| | 77| 0| tmp->order_len = tmp->dh->order_len; 78| 0| tmp->order_buf = crypto_bignum_init_set(tmp->dh->order, 79| 0| tmp->dh->order_len); 80| 0| if (tmp->order_buf == NULL) { ------------------ | Branch (80:7): [True: 0, False: 0] ------------------ 81| 0| sae_clear_data(sae); 82| 0| return -1; 83| 0| } 84| 0| tmp->order = tmp->order_buf; 85| | 86| 0| return 0; 87| 0| } 88| | 89| | /* Unsupported group */ 90| 0| wpa_printf(MSG_DEBUG, 91| 0| "SAE: Group %d not supported by the crypto library", group); 92| 0| return -1; 93| 0|} sae_clear_temp_data: 97| 2.50k|{ 98| 2.50k| struct sae_temporary_data *tmp; 99| 2.50k| if (sae == NULL || sae->tmp == NULL) ------------------ | Branch (99:6): [True: 0, False: 2.50k] | Branch (99:21): [True: 1.28k, False: 1.22k] ------------------ 100| 1.28k| return; 101| 1.22k| tmp = sae->tmp; 102| 1.22k| crypto_ec_deinit(tmp->ec); 103| 1.22k| crypto_bignum_deinit(tmp->prime_buf, 0); 104| 1.22k| crypto_bignum_deinit(tmp->order_buf, 0); 105| 1.22k| crypto_bignum_deinit(tmp->sae_rand, 1); 106| 1.22k| crypto_bignum_deinit(tmp->pwe_ffc, 1); 107| 1.22k| crypto_bignum_deinit(tmp->own_commit_scalar, 0); 108| 1.22k| crypto_bignum_deinit(tmp->own_commit_element_ffc, 0); 109| 1.22k| crypto_bignum_deinit(tmp->peer_commit_element_ffc, 0); 110| 1.22k| crypto_ec_point_deinit(tmp->pwe_ecc, 1); 111| 1.22k| crypto_ec_point_deinit(tmp->own_commit_element_ecc, 0); 112| 1.22k| crypto_ec_point_deinit(tmp->peer_commit_element_ecc, 0); 113| 1.22k| wpabuf_free(tmp->anti_clogging_token); 114| 1.22k| wpabuf_free(tmp->own_rejected_groups); 115| 1.22k| wpabuf_free(tmp->peer_rejected_groups); 116| 1.22k| os_free(tmp->pw_id); ------------------ | | 511| 1.22k|#define os_free(p) free((p)) ------------------ 117| 1.22k| os_free(tmp->parsed_pw_id); ------------------ | | 511| 1.22k|#define os_free(p) free((p)) ------------------ 118| 1.22k| os_free(tmp->dec_pw_id); ------------------ | | 511| 1.22k|#define os_free(p) free((p)) ------------------ 119| 1.22k| bin_clear_free(tmp, sizeof(*tmp)); 120| | sae->tmp = NULL; 121| 1.22k|} sae_clear_data: 125| 2.50k|{ 126| 2.50k| unsigned int no_pw_id; 127| | 128| 2.50k| if (sae == NULL) ------------------ | Branch (128:6): [True: 0, False: 2.50k] ------------------ 129| 0| return; 130| 2.50k| sae_clear_temp_data(sae); 131| 2.50k| crypto_bignum_deinit(sae->peer_commit_scalar, 0); 132| 2.50k| crypto_bignum_deinit(sae->peer_commit_scalar_accepted, 0); 133| 2.50k| no_pw_id = sae->no_pw_id; 134| 2.50k| os_memset(sae, 0, sizeof(*sae)); ------------------ | | 529| 2.50k|#define os_memset(s, c, n) memset(s, c, n) ------------------ 135| 2.50k| sae->no_pw_id = no_pw_id; 136| 2.50k|} sae_group_allowed: 1785| 1.27k|{ 1786| 1.27k| if (allowed_groups) { ------------------ | Branch (1786:6): [True: 1.27k, False: 0] ------------------ 1787| 1.27k| int i; 1788| 1.33k| for (i = 0; allowed_groups[i] > 0; i++) { ------------------ | Branch (1788:15): [True: 1.27k, False: 56] ------------------ 1789| 1.27k| if (allowed_groups[i] == group) ------------------ | Branch (1789:8): [True: 1.22k, False: 56] ------------------ 1790| 1.22k| break; 1791| 1.27k| } 1792| 1.27k| if (allowed_groups[i] != group) { ------------------ | Branch (1792:7): [True: 54, False: 1.22k] ------------------ 1793| 54| wpa_printf(MSG_DEBUG, "SAE: Proposed group %u not " 1794| 54| "enabled in the current configuration", 1795| 54| group); 1796| 54| return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED; ------------------ | | 200| 54|#define WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED 77 ------------------ 1797| 54| } 1798| 1.27k| } 1799| | 1800| 1.22k| if (sae->state == SAE_COMMITTED && group != sae->group) { ------------------ | Branch (1800:6): [True: 0, False: 1.22k] | Branch (1800:37): [True: 0, False: 0] ------------------ 1801| 0| wpa_printf(MSG_DEBUG, "SAE: Do not allow group to be changed"); 1802| 0| return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED; ------------------ | | 200| 0|#define WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED 77 ------------------ 1803| 0| } 1804| | 1805| 1.22k| if (group != sae->group && sae_set_group(sae, group) < 0) { ------------------ | Branch (1805:6): [True: 1.22k, False: 2] | Branch (1805:29): [True: 0, False: 1.22k] ------------------ 1806| 0| wpa_printf(MSG_DEBUG, "SAE: Unsupported Finite Cyclic Group %u", 1807| 0| group); 1808| 0| return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED; ------------------ | | 200| 0|#define WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED 77 ------------------ 1809| 0| } 1810| | 1811| 1.22k| if (sae->tmp == NULL) { ------------------ | Branch (1811:6): [True: 2, False: 1.22k] ------------------ 1812| 2| wpa_printf(MSG_DEBUG, "SAE: Group information not yet initialized"); 1813| 2| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 2|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 1814| 2| } 1815| | 1816| 1.22k| if (sae->tmp->dh && !allowed_groups) { ------------------ | Branch (1816:6): [True: 0, False: 1.22k] | Branch (1816:22): [True: 0, False: 0] ------------------ 1817| 0| wpa_printf(MSG_DEBUG, "SAE: Do not allow FFC group %u without " 1818| 0| "explicit configuration enabling it", group); 1819| 0| return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED; ------------------ | | 200| 0|#define WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED 77 ------------------ 1820| 0| } 1821| | 1822| 1.22k| return WLAN_STATUS_SUCCESS; ------------------ | | 134| 1.22k|#define WLAN_STATUS_SUCCESS 0 ------------------ 1823| 1.22k|} sae_parse_commit: 2204| 1.28k|{ 2205| 1.28k| const u8 *pos = data, *end = data + len; 2206| 1.28k| u16 res; 2207| | 2208| | /* Check Finite Cyclic Group */ 2209| 1.28k| if (end - pos < 2) ------------------ | Branch (2209:6): [True: 4, False: 1.27k] ------------------ 2210| 4| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 4|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 2211| 1.27k| res = sae_group_allowed(sae, allowed_groups, WPA_GET_LE16(pos)); 2212| 1.27k| if (res != WLAN_STATUS_SUCCESS) ------------------ | | 134| 1.27k|#define WLAN_STATUS_SUCCESS 0 ------------------ | Branch (2212:6): [True: 56, False: 1.22k] ------------------ 2213| 56| return res; 2214| 1.22k| pos += 2; 2215| | 2216| | /* Optional Anti-Clogging Token */ 2217| 1.22k| sae_parse_commit_token(sae, &pos, end, token, token_len, h2e); 2218| | 2219| | /* commit-scalar */ 2220| 1.22k| res = sae_parse_commit_scalar(sae, &pos, end); 2221| 1.22k| if (res != WLAN_STATUS_SUCCESS) ------------------ | | 134| 1.22k|#define WLAN_STATUS_SUCCESS 0 ------------------ | Branch (2221:6): [True: 56, False: 1.16k] ------------------ 2222| 56| return res; 2223| | 2224| | /* commit-element */ 2225| 1.16k| res = sae_parse_commit_element(sae, &pos, end); 2226| 1.16k| if (res != WLAN_STATUS_SUCCESS) ------------------ | | 134| 1.16k|#define WLAN_STATUS_SUCCESS 0 ------------------ | Branch (2226:6): [True: 517, False: 649] ------------------ 2227| 517| return res; 2228| | 2229| 649| if (ie_offset) ------------------ | Branch (2229:6): [True: 0, False: 649] ------------------ 2230| 0| *ie_offset = pos - data; 2231| | 2232| 649| if (end > pos) ------------------ | Branch (2232:6): [True: 645, False: 4] ------------------ 2233| 645| wpa_hexdump(MSG_DEBUG, 2234| 645| "SAE: Possible elements at the end of the frame", 2235| 645| pos, end - pos); 2236| | 2237| | /* Optional Password Identifier element */ 2238| 649| res = sae_parse_password_identifier(sae, h2e, &pos, end); 2239| 649| if (res != WLAN_STATUS_SUCCESS) ------------------ | | 134| 649|#define WLAN_STATUS_SUCCESS 0 ------------------ | Branch (2239:6): [True: 17, False: 632] ------------------ 2240| 17| return res; 2241| | 2242| | /* Conditional Rejected Groups element */ 2243| 632| if (h2e) { ------------------ | Branch (2243:6): [True: 435, False: 197] ------------------ 2244| 435| res = sae_parse_rejected_groups(sae, &pos, end); 2245| 435| if (res != WLAN_STATUS_SUCCESS) ------------------ | | 134| 435|#define WLAN_STATUS_SUCCESS 0 ------------------ | Branch (2245:7): [True: 29, False: 406] ------------------ 2246| 29| return res; 2247| 435| } else { 2248| 197| wpabuf_free(sae->tmp->peer_rejected_groups); 2249| 197| sae->tmp->peer_rejected_groups = NULL; 2250| 197| } 2251| | 2252| | /* Optional Anti-Clogging Token Container element */ 2253| 603| if (h2e) ------------------ | Branch (2253:6): [True: 406, False: 197] ------------------ 2254| 406| sae_parse_token_container(sae, pos, end, token, token_len); 2255| | 2256| | /* Conditional AKM Suite Selector element */ 2257| 603| res = sae_parse_akm_suite_selector(sae, &pos, end); 2258| 603| if (res != WLAN_STATUS_SUCCESS) ------------------ | | 134| 603|#define WLAN_STATUS_SUCCESS 0 ------------------ | Branch (2258:6): [True: 0, False: 603] ------------------ 2259| 0| return res; 2260| | 2261| 603| if (sae->own_akm_suite_selector && ------------------ | Branch (2261:6): [True: 0, False: 603] ------------------ 2262| 0| sae->own_akm_suite_selector != sae->peer_akm_suite_selector) { ------------------ | Branch (2262:6): [True: 0, False: 0] ------------------ 2263| 0| wpa_printf(MSG_DEBUG, 2264| 0| "SAE: AKM suite selector mismatch: own=%08x peer=%08x", 2265| 0| sae->own_akm_suite_selector, 2266| 0| sae->peer_akm_suite_selector); 2267| 0| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 0|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 2268| 0| } 2269| | 2270| 603| if (!sae->akmp) { ------------------ | Branch (2270:6): [True: 603, False: 0] ------------------ 2271| 603| if (sae->peer_akm_suite_selector == ------------------ | Branch (2271:7): [True: 4, False: 599] ------------------ 2272| 603| RSN_AUTH_KEY_MGMT_SAE_EXT_KEY) ------------------ | | 101| 603|#define RSN_AUTH_KEY_MGMT_SAE_EXT_KEY RSN_SELECTOR(0x00, 0x0f, 0xac, 24) | | ------------------ | | | | 66| 603| ((((u32) (a)) << 24) | (((u32) (b)) << 16) | (((u32) (c)) << 8) | \ | | | | 67| 603| (u32) (d)) | | ------------------ ------------------ 2273| 4| sae->akmp = WPA_KEY_MGMT_SAE_EXT_KEY; ------------------ | | 52| 4|#define WPA_KEY_MGMT_SAE_EXT_KEY BIT(26) | | ------------------ | | | | 458| 4|#define BIT(x) (1U << (x)) | | ------------------ ------------------ 2274| 599| else if (sae->peer_akm_suite_selector == ------------------ | Branch (2274:12): [True: 14, False: 585] ------------------ 2275| 599| RSN_AUTH_KEY_MGMT_FT_SAE_EXT_KEY) ------------------ | | 102| 599|#define RSN_AUTH_KEY_MGMT_FT_SAE_EXT_KEY RSN_SELECTOR(0x00, 0x0f, 0xac, 25) | | ------------------ | | | | 66| 599| ((((u32) (a)) << 24) | (((u32) (b)) << 16) | (((u32) (c)) << 8) | \ | | | | 67| 599| (u32) (d)) | | ------------------ ------------------ 2276| 14| sae->akmp = WPA_KEY_MGMT_FT_SAE_EXT_KEY; ------------------ | | 53| 14|#define WPA_KEY_MGMT_FT_SAE_EXT_KEY BIT(27) | | ------------------ | | | | 458| 14|#define BIT(x) (1U << (x)) | | ------------------ ------------------ 2277| 603| } 2278| | 2279| 603| if (wpa_key_mgmt_sae_ext_key(sae->akmp) && !h2e) { ------------------ | Branch (2279:6): [True: 18, False: 585] | Branch (2279:45): [True: 2, False: 16] ------------------ 2280| 2| wpa_printf(MSG_DEBUG, 2281| 2| "SAE: Tried to use EXT-KEY AKM without H2E"); 2282| 2| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 2|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 2283| 2| } 2284| | 2285| | /* 2286| | * Check whether peer-commit-scalar and PEER-COMMIT-ELEMENT are same as 2287| | * the values we sent which would be evidence of a reflection attack. 2288| | */ 2289| 601| if (!sae->tmp->own_commit_scalar || ------------------ | Branch (2289:6): [True: 601, False: 0] ------------------ 2290| 0| crypto_bignum_cmp(sae->tmp->own_commit_scalar, ------------------ | Branch (2290:6): [True: 0, False: 0] ------------------ 2291| 0| sae->peer_commit_scalar) != 0 || 2292| 0| (sae->tmp->dh && ------------------ | Branch (2292:7): [True: 0, False: 0] ------------------ 2293| 0| (!sae->tmp->own_commit_element_ffc || ------------------ | Branch (2293:8): [True: 0, False: 0] ------------------ 2294| 0| crypto_bignum_cmp(sae->tmp->own_commit_element_ffc, ------------------ | Branch (2294:8): [True: 0, False: 0] ------------------ 2295| 0| sae->tmp->peer_commit_element_ffc) != 0)) || 2296| 0| (sae->tmp->ec && ------------------ | Branch (2296:7): [True: 0, False: 0] ------------------ 2297| 0| (!sae->tmp->own_commit_element_ecc || ------------------ | Branch (2297:8): [True: 0, False: 0] ------------------ 2298| 0| crypto_ec_point_cmp(sae->tmp->ec, ------------------ | Branch (2298:8): [True: 0, False: 0] ------------------ 2299| 0| sae->tmp->own_commit_element_ecc, 2300| 0| sae->tmp->peer_commit_element_ecc) != 0))) 2301| 601| return WLAN_STATUS_SUCCESS; /* scalars/elements are different */ ------------------ | | 134| 601|#define WLAN_STATUS_SUCCESS 0 ------------------ 2302| | 2303| | /* 2304| | * This is a reflection attack - return special value to trigger caller 2305| | * to silently discard the frame instead of replying with a specific 2306| | * status code. 2307| | */ 2308| 0| return SAE_SILENTLY_DISCARD; ------------------ | | 28| 0|#define SAE_SILENTLY_DISCARD 65535 ------------------ 2309| 601|} sae.c:sae_parse_commit_token: 1869| 1.22k|{ 1870| 1.22k| size_t scalar_elem_len, tlen; 1871| | 1872| 1.22k| if (token) ------------------ | Branch (1872:6): [True: 1.22k, False: 0] ------------------ 1873| 1.22k| *token = NULL; 1874| 1.22k| if (token_len) ------------------ | Branch (1874:6): [True: 1.22k, False: 0] ------------------ 1875| 1.22k| *token_len = 0; 1876| | 1877| 1.22k| if (h2e) ------------------ | Branch (1877:6): [True: 611, False: 611] ------------------ 1878| 611| return; /* No Anti-Clogging Token field outside container IE */ 1879| | 1880| 611| scalar_elem_len = (sae->tmp->ec ? 3 : 2) * sae->tmp->prime_len; ------------------ | Branch (1880:21): [True: 611, False: 0] ------------------ 1881| 611| if (scalar_elem_len >= (size_t) (end - *pos)) ------------------ | Branch (1881:6): [True: 148, False: 463] ------------------ 1882| 148| return; /* No extra data beyond peer scalar and element */ 1883| | 1884| 463| tlen = end - (*pos + scalar_elem_len); 1885| | 1886| 463| if (tlen < SHA256_MAC_LEN) { ------------------ | | 12| 463|#define SHA256_MAC_LEN 32 ------------------ | Branch (1886:6): [True: 214, False: 249] ------------------ 1887| 214| wpa_printf(MSG_DEBUG, 1888| 214| "SAE: Too short optional data (%u octets) to include our Anti-Clogging Token", 1889| 214| (unsigned int) tlen); 1890| 214| return; 1891| 214| } 1892| | 1893| 249| wpa_hexdump(MSG_DEBUG, "SAE: Anti-Clogging Token", *pos, tlen); 1894| 249| if (token) ------------------ | Branch (1894:6): [True: 249, False: 0] ------------------ 1895| 249| *token = *pos; 1896| 249| if (token_len) ------------------ | Branch (1896:6): [True: 249, False: 0] ------------------ 1897| 249| *token_len = tlen; 1898| 249| *pos += tlen; 1899| 249|} sae.c:sae_parse_commit_scalar: 1917| 1.22k|{ 1918| 1.22k| struct crypto_bignum *peer_scalar; 1919| | 1920| 1.22k| if (sae->tmp->prime_len > end - *pos) { ------------------ | Branch (1920:6): [True: 14, False: 1.20k] ------------------ 1921| 14| wpa_printf(MSG_DEBUG, "SAE: Not enough data for scalar"); 1922| 14| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 14|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 1923| 14| } 1924| | 1925| 1.20k| peer_scalar = crypto_bignum_init_set(*pos, sae->tmp->prime_len); 1926| 1.20k| if (peer_scalar == NULL) ------------------ | Branch (1926:6): [True: 0, False: 1.20k] ------------------ 1927| 0| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 0|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 1928| | 1929| | /* 1930| | * IEEE Std 802.11-2012, 11.3.8.6.1: If there is a protocol instance for 1931| | * the peer and it is in Authenticated state, the new Commit Message 1932| | * shall be dropped if the peer-scalar is identical to the one used in 1933| | * the existing protocol instance. 1934| | */ 1935| 1.20k| if (sae->state == SAE_ACCEPTED && sae->peer_commit_scalar_accepted && ------------------ | Branch (1935:6): [True: 0, False: 1.20k] | Branch (1935:36): [True: 0, False: 0] ------------------ 1936| 0| crypto_bignum_cmp(sae->peer_commit_scalar_accepted, ------------------ | Branch (1936:6): [True: 0, False: 0] ------------------ 1937| 0| peer_scalar) == 0) { 1938| 0| wpa_printf(MSG_DEBUG, "SAE: Do not accept re-use of previous " 1939| 0| "peer-commit-scalar"); 1940| 0| crypto_bignum_deinit(peer_scalar, 0); 1941| 0| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 0|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 1942| 0| } 1943| | 1944| | /* 1 < scalar < r */ 1945| 1.20k| if (crypto_bignum_is_zero(peer_scalar) || ------------------ | Branch (1945:6): [True: 20, False: 1.18k] ------------------ 1946| 1.18k| crypto_bignum_is_one(peer_scalar) || ------------------ | Branch (1946:6): [True: 5, False: 1.18k] ------------------ 1947| 1.18k| crypto_bignum_cmp(peer_scalar, sae->tmp->order) >= 0) { ------------------ | Branch (1947:6): [True: 17, False: 1.16k] ------------------ 1948| 42| wpa_printf(MSG_DEBUG, "SAE: Invalid peer scalar"); 1949| 42| crypto_bignum_deinit(peer_scalar, 0); 1950| 42| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 42|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 1951| 42| } 1952| | 1953| | 1954| 1.16k| crypto_bignum_deinit(sae->peer_commit_scalar, 0); 1955| 1.16k| sae->peer_commit_scalar = peer_scalar; 1956| 1.16k| wpa_hexdump(MSG_DEBUG, "SAE: Peer commit-scalar", 1957| 1.16k| *pos, sae->tmp->prime_len); 1958| 1.16k| *pos += sae->tmp->prime_len; 1959| | 1960| 1.16k| return WLAN_STATUS_SUCCESS; ------------------ | | 134| 1.16k|#define WLAN_STATUS_SUCCESS 0 ------------------ 1961| 1.20k|} sae.c:sae_parse_commit_element: 2065| 1.16k|{ 2066| 1.16k| if (sae->tmp->dh) ------------------ | Branch (2066:6): [True: 0, False: 1.16k] ------------------ 2067| 0| return sae_parse_commit_element_ffc(sae, pos, end); 2068| 1.16k| return sae_parse_commit_element_ecc(sae, pos, end); 2069| 1.16k|} sae.c:sae_parse_commit_element_ecc: 1966| 1.16k|{ 1967| 1.16k| u8 prime[SAE_MAX_ECC_PRIME_LEN]; 1968| | 1969| 1.16k| if (2 * sae->tmp->prime_len > end - *pos) { ------------------ | Branch (1969:6): [True: 22, False: 1.14k] ------------------ 1970| 22| wpa_printf(MSG_DEBUG, "SAE: Not enough data for " 1971| 22| "commit-element"); 1972| 22| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 22|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 1973| 22| } 1974| | 1975| 1.14k| if (crypto_bignum_to_bin(sae->tmp->prime, prime, sizeof(prime), ------------------ | Branch (1975:6): [True: 0, False: 1.14k] ------------------ 1976| 1.14k| sae->tmp->prime_len) < 0) 1977| 0| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 0|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 1978| | 1979| | /* element x and y coordinates < p */ 1980| 1.14k| if (os_memcmp(*pos, prime, sae->tmp->prime_len) >= 0 || ------------------ | | 532| 1.14k|#define os_memcmp(s1, s2, n) memcmp((s1), (s2), (n)) ------------------ | Branch (1980:6): [True: 81, False: 1.06k] ------------------ 1981| 1.06k| os_memcmp(*pos + sae->tmp->prime_len, prime, ------------------ | | 532| 1.06k|#define os_memcmp(s1, s2, n) memcmp((s1), (s2), (n)) ------------------ | Branch (1981:6): [True: 115, False: 948] ------------------ 1982| 1.06k| sae->tmp->prime_len) >= 0) { 1983| 196| wpa_printf(MSG_DEBUG, "SAE: Invalid coordinates in peer " 1984| 196| "element"); 1985| 196| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 196|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 1986| 196| } 1987| | 1988| 948| wpa_hexdump(MSG_DEBUG, "SAE: Peer commit-element(x)", 1989| 948| *pos, sae->tmp->prime_len); 1990| 948| wpa_hexdump(MSG_DEBUG, "SAE: Peer commit-element(y)", 1991| 948| *pos + sae->tmp->prime_len, sae->tmp->prime_len); 1992| | 1993| 948| crypto_ec_point_deinit(sae->tmp->peer_commit_element_ecc, 0); 1994| 948| sae->tmp->peer_commit_element_ecc = 1995| 948| crypto_ec_point_from_bin(sae->tmp->ec, *pos); 1996| 948| if (!sae->tmp->peer_commit_element_ecc) { ------------------ | Branch (1996:6): [True: 299, False: 649] ------------------ 1997| 299| wpa_printf(MSG_DEBUG, "SAE: Peer element is not a valid point"); 1998| 299| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 299|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 1999| 299| } 2000| | 2001| 649| if (!crypto_ec_point_is_on_curve(sae->tmp->ec, ------------------ | Branch (2001:6): [True: 0, False: 649] ------------------ 2002| 649| sae->tmp->peer_commit_element_ecc)) { 2003| 0| wpa_printf(MSG_DEBUG, "SAE: Peer element is not on curve"); 2004| 0| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 0|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 2005| 0| } 2006| | 2007| 649| *pos += 2 * sae->tmp->prime_len; 2008| | 2009| 649| return WLAN_STATUS_SUCCESS; ------------------ | | 134| 649|#define WLAN_STATUS_SUCCESS 0 ------------------ 2010| 649|} sae.c:sae_parse_password_identifier: 2074| 649|{ 2075| 649| const u8 *epos; 2076| 649| u8 len; 2077| | 2078| 649| if (!sae_is_password_id_elem(*pos, end)) { ------------------ | Branch (2078:6): [True: 546, False: 103] ------------------ 2079| 546| if (sae->tmp->pw_id) { ------------------ | Branch (2079:7): [True: 0, False: 546] ------------------ 2080| 0| wpa_printf(MSG_DEBUG, 2081| 0| "SAE: No Password Identifier included, but expected one (%s)", 2082| 0| sae->tmp->pw_id); 2083| 0| return WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER; ------------------ | | 231| 0|#define WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER 123 ------------------ 2084| 0| } 2085| 546| os_free(sae->tmp->parsed_pw_id); ------------------ | | 511| 546|#define os_free(p) free((p)) ------------------ 2086| 546| sae->tmp->parsed_pw_id = NULL; 2087| 546| sae->tmp->parsed_pw_id_len = 0; 2088| 546| return WLAN_STATUS_SUCCESS; /* No Password Identifier */ ------------------ | | 134| 546|#define WLAN_STATUS_SUCCESS 0 ------------------ 2089| 546| } 2090| | 2091| 103| epos = *pos; 2092| 103| epos++; /* skip IE type */ 2093| 103| len = *epos++; /* IE length */ 2094| 103| if (len > end - epos || len < 1) ------------------ | Branch (2094:6): [True: 0, False: 103] | Branch (2094:26): [True: 0, False: 103] ------------------ 2095| 0| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 0|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 2096| 103| epos++; /* skip ext ID */ 2097| 103| len--; 2098| | 2099| 103| if (!h2e) { ------------------ | Branch (2099:6): [True: 17, False: 86] ------------------ 2100| 17| wpa_printf(MSG_DEBUG, 2101| 17| "SAE: Password Identifier included, but H2E is not used"); 2102| 17| return WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER; ------------------ | | 231| 17|#define WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER 123 ------------------ 2103| 17| } 2104| | 2105| 86| if (sae->no_pw_id) { ------------------ | Branch (2105:6): [True: 0, False: 86] ------------------ 2106| 0| wpa_printf(MSG_DEBUG, 2107| 0| "SAE: Password Identifier included, but none has been enabled"); 2108| 0| return WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER; ------------------ | | 231| 0|#define WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER 123 ------------------ 2109| 0| } 2110| | 2111| 86| if (sae->tmp->pw_id && ------------------ | Branch (2111:6): [True: 0, False: 86] ------------------ 2112| 0| (len != sae->tmp->pw_id_len || ------------------ | Branch (2112:7): [True: 0, False: 0] ------------------ 2113| 0| os_memcmp(sae->tmp->pw_id, epos, len) != 0)) { ------------------ | | 532| 0|#define os_memcmp(s1, s2, n) memcmp((s1), (s2), (n)) ------------------ | Branch (2113:7): [True: 0, False: 0] ------------------ 2114| 0| wpa_printf(MSG_DEBUG, 2115| 0| "SAE: The included Password Identifier does not match the expected one (%s)", 2116| 0| sae->tmp->pw_id); 2117| 0| return WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER; ------------------ | | 231| 0|#define WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER 123 ------------------ 2118| 0| } 2119| | 2120| 86| os_free(sae->tmp->parsed_pw_id); ------------------ | | 511| 86|#define os_free(p) free((p)) ------------------ 2121| 86| sae->tmp->parsed_pw_id = os_malloc(len + 1); ------------------ | | 505| 86|#define os_malloc(s) malloc((s)) ------------------ 2122| 86| if (!sae->tmp->parsed_pw_id) { ------------------ | Branch (2122:6): [True: 0, False: 86] ------------------ 2123| 0| sae->tmp->parsed_pw_id_len = 0; 2124| 0| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 0|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 2125| 0| } 2126| 86| os_memcpy(sae->tmp->parsed_pw_id, epos, len); ------------------ | | 523| 86|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 2127| 86| sae->tmp->parsed_pw_id_len = len; 2128| 86| sae->tmp->parsed_pw_id[len] = '\0'; 2129| 86| wpa_hexdump_ascii(MSG_DEBUG, "SAE: Received Password Identifier", 2130| 86| sae->tmp->parsed_pw_id, len); 2131| 86| *pos = epos + len; 2132| 86| return WLAN_STATUS_SUCCESS; ------------------ | | 134| 86|#define WLAN_STATUS_SUCCESS 0 ------------------ 2133| 86|} sae.c:sae_is_password_id_elem: 1827| 649|{ 1828| 649| return end - pos >= 3 && ------------------ | Branch (1828:9): [True: 641, False: 8] ------------------ 1829| 641| pos[0] == WLAN_EID_EXTENSION && ------------------ | | 501| 1.29k|#define WLAN_EID_EXTENSION 255 ------------------ | Branch (1829:3): [True: 580, False: 61] ------------------ 1830| 580| pos[1] >= 1 && ------------------ | Branch (1830:3): [True: 574, False: 6] ------------------ 1831| 574| end - pos - 2 >= pos[1] && ------------------ | Branch (1831:3): [True: 533, False: 41] ------------------ 1832| 533| pos[2] == WLAN_EID_EXT_PASSWORD_IDENTIFIER; ------------------ | | 519| 533|#define WLAN_EID_EXT_PASSWORD_IDENTIFIER 33 ------------------ | Branch (1832:3): [True: 103, False: 430] ------------------ 1833| 649|} sae.c:sae_parse_rejected_groups: 2138| 435|{ 2139| 435| const u8 *epos; 2140| 435| u8 len; 2141| | 2142| 435| if (!sae_is_rejected_groups_elem(*pos, end)) { ------------------ | Branch (2142:6): [True: 371, False: 64] ------------------ 2143| 371| wpabuf_free(sae->tmp->peer_rejected_groups); 2144| 371| sae->tmp->peer_rejected_groups = NULL; 2145| 371| return WLAN_STATUS_SUCCESS; ------------------ | | 134| 371|#define WLAN_STATUS_SUCCESS 0 ------------------ 2146| 371| } 2147| | 2148| 64| epos = *pos; 2149| 64| epos++; /* skip IE type */ 2150| 64| len = *epos++; /* IE length */ 2151| 64| if (len > end - epos || len < 1) ------------------ | Branch (2151:6): [True: 0, False: 64] | Branch (2151:26): [True: 0, False: 64] ------------------ 2152| 0| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 0|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 2153| 64| epos++; /* skip ext ID */ 2154| 64| len--; 2155| 64| if (len & 1) { ------------------ | Branch (2155:6): [True: 29, False: 35] ------------------ 2156| 29| wpa_printf(MSG_DEBUG, 2157| 29| "SAE: Invalid length of the Rejected Groups element payload: %u", 2158| 29| len); 2159| 29| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 29|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 2160| 29| } 2161| | 2162| 35| wpabuf_free(sae->tmp->peer_rejected_groups); 2163| 35| sae->tmp->peer_rejected_groups = wpabuf_alloc(len); 2164| 35| if (!sae->tmp->peer_rejected_groups) ------------------ | Branch (2164:6): [True: 0, False: 35] ------------------ 2165| 0| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 0|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 2166| 35| wpabuf_put_data(sae->tmp->peer_rejected_groups, epos, len); 2167| 35| wpa_hexdump_buf(MSG_DEBUG, "SAE: Received Rejected Groups list", 2168| 35| sae->tmp->peer_rejected_groups); 2169| 35| *pos = epos + len; 2170| 35| return WLAN_STATUS_SUCCESS; ------------------ | | 134| 35|#define WLAN_STATUS_SUCCESS 0 ------------------ 2171| 35|} sae.c:sae_is_rejected_groups_elem: 1837| 435|{ 1838| 435| return end - pos >= 3 && ------------------ | Branch (1838:9): [True: 414, False: 21] ------------------ 1839| 414| pos[0] == WLAN_EID_EXTENSION && ------------------ | | 501| 849|#define WLAN_EID_EXTENSION 255 ------------------ | Branch (1839:3): [True: 363, False: 51] ------------------ 1840| 363| pos[1] >= 2 && ------------------ | Branch (1840:3): [True: 313, False: 50] ------------------ 1841| 313| end - pos - 2 >= pos[1] && ------------------ | Branch (1841:3): [True: 288, False: 25] ------------------ 1842| 288| pos[2] == WLAN_EID_EXT_REJECTED_GROUPS; ------------------ | | 536| 288|#define WLAN_EID_EXT_REJECTED_GROUPS 92 ------------------ | Branch (1842:3): [True: 64, False: 224] ------------------ 1843| 435|} sae.c:sae_parse_token_container: 1905| 406|{ 1906| 406| if (!sae_is_token_container_elem(pos, end)) ------------------ | Branch (1906:6): [True: 398, False: 8] ------------------ 1907| 398| return; 1908| 8| *token = pos + 3; 1909| 8| *token_len = pos[1] - 1; 1910| 8| wpa_hexdump(MSG_DEBUG, "SAE: Anti-Clogging Token (in container)", 1911| 8| *token, *token_len); 1912| 8|} sae.c:sae_is_token_container_elem: 1847| 406|{ 1848| 406| return end - pos >= 3 && ------------------ | Branch (1848:9): [True: 368, False: 38] ------------------ 1849| 368| pos[0] == WLAN_EID_EXTENSION && ------------------ | | 501| 774|#define WLAN_EID_EXTENSION 255 ------------------ | Branch (1849:3): [True: 303, False: 65] ------------------ 1850| 303| pos[1] >= 1 && ------------------ | Branch (1850:3): [True: 299, False: 4] ------------------ 1851| 299| end - pos - 2 >= pos[1] && ------------------ | Branch (1851:3): [True: 274, False: 25] ------------------ 1852| 274| pos[2] == WLAN_EID_EXT_ANTI_CLOGGING_TOKEN; ------------------ | | 537| 274|#define WLAN_EID_EXT_ANTI_CLOGGING_TOKEN 93 ------------------ | Branch (1852:3): [True: 8, False: 266] ------------------ 1853| 406|} sae.c:sae_parse_akm_suite_selector: 2176| 603|{ 2177| 603| const u8 *epos; 2178| 603| u8 len; 2179| | 2180| 603| if (!sae_is_akm_suite_selector_elem(*pos, end)) ------------------ | Branch (2180:6): [True: 358, False: 245] ------------------ 2181| 358| return WLAN_STATUS_SUCCESS; ------------------ | | 134| 358|#define WLAN_STATUS_SUCCESS 0 ------------------ 2182| | 2183| 245| epos = *pos; 2184| 245| epos++; /* skip IE type */ 2185| 245| len = *epos++; /* IE length */ 2186| 245| if (len > end - epos || len < 1) ------------------ | Branch (2186:6): [True: 0, False: 245] | Branch (2186:26): [True: 0, False: 245] ------------------ 2187| 0| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 0|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 2188| 245| epos++; /* skip ext ID */ 2189| 245| len--; 2190| | 2191| 245| if (len < RSN_SELECTOR_LEN) ------------------ | | 62| 245|#define RSN_SELECTOR_LEN 4 ------------------ | Branch (2191:6): [True: 0, False: 245] ------------------ 2192| 0| return WLAN_STATUS_UNSPECIFIED_FAILURE; ------------------ | | 135| 0|#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 ------------------ 2193| 245| sae->peer_akm_suite_selector = RSN_SELECTOR_GET(epos); ------------------ | | 161| 245|#define RSN_SELECTOR_GET(a) WPA_GET_BE32((const u8 *) (a)) ------------------ 2194| 245| wpa_printf(MSG_DEBUG, "SAE: Received AKM Suite Selector: %08x", 2195| 245| sae->peer_akm_suite_selector); 2196| 245| *pos = epos + len; 2197| 245| return WLAN_STATUS_SUCCESS; ------------------ | | 134| 245|#define WLAN_STATUS_SUCCESS 0 ------------------ 2198| 245|} sae.c:sae_is_akm_suite_selector_elem: 1857| 603|{ 1858| 603| return end - pos >= 2 + 1 + RSN_SELECTOR_LEN && ------------------ | | 62| 1.20k|#define RSN_SELECTOR_LEN 4 ------------------ | Branch (1858:9): [True: 438, False: 165] ------------------ 1859| 438| pos[0] == WLAN_EID_EXTENSION && ------------------ | | 501| 1.04k|#define WLAN_EID_EXTENSION 255 ------------------ | Branch (1859:3): [True: 374, False: 64] ------------------ 1860| 374| pos[1] >= 1 + RSN_SELECTOR_LEN && ------------------ | | 62| 977|#define RSN_SELECTOR_LEN 4 ------------------ | Branch (1860:3): [True: 330, False: 44] ------------------ 1861| 330| end - pos - 2 >= pos[1] && ------------------ | Branch (1861:3): [True: 306, False: 24] ------------------ 1862| 306| pos[2] == WLAN_EID_EXT_AKM_SUITE_SELECTOR; ------------------ | | 545| 306|#define WLAN_EID_EXT_AKM_SUITE_SELECTOR 114 ------------------ | Branch (1862:3): [True: 245, False: 61] ------------------ 1863| 603|} crypto_bignum_init_set: 2032| 1.20k|{ 2033| 1.20k| BIGNUM *bn; 2034| | 2035| 1.20k| if (TEST_FAIL()) ------------------ | | 688| 1.20k|#define TEST_FAIL() testing_test_fail(NULL, false) | | ------------------ | | | Branch (688:21): [True: 0, False: 1.20k] | | ------------------ ------------------ 2036| 0| return NULL; 2037| | 2038| 1.20k| bn = BN_bin2bn(buf, len, NULL); 2039| 1.20k| return (struct crypto_bignum *) bn; 2040| 1.20k|} crypto_bignum_deinit: 2062| 14.7k|{ 2063| 14.7k| if (clear) ------------------ | Branch (2063:6): [True: 2.44k, False: 12.3k] ------------------ 2064| 2.44k| BN_clear_free((BIGNUM *) n); 2065| 12.3k| else 2066| 12.3k| BN_free((BIGNUM *) n); 2067| 14.7k|} crypto_bignum_to_bin: 2072| 1.14k|{ 2073| 1.14k| int num_bytes, offset; 2074| | 2075| 1.14k| if (TEST_FAIL()) ------------------ | | 688| 1.14k|#define TEST_FAIL() testing_test_fail(NULL, false) | | ------------------ | | | Branch (688:21): [True: 0, False: 1.14k] | | ------------------ ------------------ 2076| 0| return -1; 2077| | 2078| 1.14k| if (padlen > buflen) ------------------ | Branch (2078:6): [True: 0, False: 1.14k] ------------------ 2079| 0| return -1; 2080| | 2081| 1.14k| if (padlen) { ------------------ | Branch (2081:6): [True: 1.14k, False: 0] ------------------ 2082| |#ifdef OPENSSL_IS_BORINGSSL 2083| | if (BN_bn2bin_padded(buf, padlen, (const BIGNUM *) a) == 0) 2084| | return -1; 2085| | return padlen; 2086| |#else /* OPENSSL_IS_BORINGSSL */ 2087| 1.14k|#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) 2088| 1.14k| return BN_bn2binpad((const BIGNUM *) a, buf, padlen); 2089| 1.14k|#endif 2090| 1.14k|#endif 2091| 1.14k| } 2092| | 2093| 0| num_bytes = BN_num_bytes((const BIGNUM *) a); 2094| 0| if ((size_t) num_bytes > buflen) ------------------ | Branch (2094:6): [True: 0, False: 0] ------------------ 2095| 0| return -1; 2096| 0| if (padlen > (size_t) num_bytes) ------------------ | Branch (2096:6): [True: 0, False: 0] ------------------ 2097| 0| offset = padlen - num_bytes; 2098| 0| else 2099| 0| offset = 0; 2100| | 2101| 0| os_memset(buf, 0, offset); ------------------ | | 529| 0|#define os_memset(s, c, n) memset(s, c, n) ------------------ 2102| 0| BN_bn2bin((const BIGNUM *) a, buf + offset); 2103| | 2104| 0| return num_bytes + offset; 2105| 0|} crypto_bignum_cmp: 2302| 1.18k|{ 2303| 1.18k| return BN_cmp((const BIGNUM *) a, (const BIGNUM *) b); 2304| 1.18k|} crypto_bignum_is_zero: 2308| 1.20k|{ 2309| 1.20k| return BN_is_zero((const BIGNUM *) a); 2310| 1.20k|} crypto_bignum_is_one: 2314| 1.18k|{ 2315| 1.18k| return BN_is_one((const BIGNUM *) a); 2316| 1.18k|} crypto_ec_init: 2455| 1.22k|{ 2456| 1.22k| struct crypto_ec *e; 2457| 1.22k| int nid; 2458| | 2459| 1.22k| nid = crypto_ec_group_2_nid(group); 2460| 1.22k| if (nid < 0) ------------------ | Branch (2460:6): [True: 0, False: 1.22k] ------------------ 2461| 0| return NULL; 2462| | 2463| 1.22k| e = os_zalloc(sizeof(*e)); 2464| 1.22k| if (e == NULL) ------------------ | Branch (2464:6): [True: 0, False: 1.22k] ------------------ 2465| 0| return NULL; 2466| | 2467| 1.22k| e->nid = nid; 2468| 1.22k| e->iana_group = group; 2469| 1.22k| e->bnctx = BN_CTX_new(); 2470| 1.22k| e->group = EC_GROUP_new_by_curve_name(nid); 2471| 1.22k| e->prime = BN_new(); 2472| 1.22k| e->order = BN_new(); 2473| 1.22k| e->a = BN_new(); 2474| 1.22k| e->b = BN_new(); 2475| 1.22k| if (e->group == NULL || e->bnctx == NULL || e->prime == NULL || ------------------ | Branch (2475:6): [True: 0, False: 1.22k] | Branch (2475:26): [True: 0, False: 1.22k] | Branch (2475:46): [True: 0, False: 1.22k] ------------------ 2476| 1.22k| e->order == NULL || e->a == NULL || e->b == NULL || ------------------ | Branch (2476:6): [True: 0, False: 1.22k] | Branch (2476:26): [True: 0, False: 1.22k] | Branch (2476:42): [True: 0, False: 1.22k] ------------------ 2477| 1.22k| !EC_GROUP_get_curve(e->group, e->prime, e->a, e->b, e->bnctx) || ------------------ | Branch (2477:6): [True: 0, False: 1.22k] ------------------ 2478| 1.22k| !EC_GROUP_get_order(e->group, e->order, e->bnctx)) { ------------------ | Branch (2478:6): [True: 0, False: 1.22k] ------------------ 2479| 0| crypto_ec_deinit(e); 2480| 0| e = NULL; 2481| 0| } 2482| | 2483| 1.22k| return e; 2484| 1.22k|} crypto_ec_deinit: 2488| 1.22k|{ 2489| 1.22k| if (e == NULL) ------------------ | Branch (2489:6): [True: 0, False: 1.22k] ------------------ 2490| 0| return; 2491| 1.22k| BN_clear_free(e->b); 2492| 1.22k| BN_clear_free(e->a); 2493| 1.22k| BN_clear_free(e->order); 2494| 1.22k| BN_clear_free(e->prime); 2495| 1.22k| EC_GROUP_free(e->group); 2496| 1.22k| BN_CTX_free(e->bnctx); 2497| 1.22k| os_free(e); ------------------ | | 511| 1.22k|#define os_free(p) free((p)) ------------------ 2498| 1.22k|} crypto_ec_prime_len: 2512| 1.22k|{ 2513| | return BN_num_bytes(e->prime); 2514| 1.22k|} crypto_ec_order_len: 2524| 1.22k|{ 2525| | return BN_num_bytes(e->order); 2526| 1.22k|} crypto_ec_get_prime: 2530| 1.22k|{ 2531| 1.22k| return (const struct crypto_bignum *) e->prime; 2532| 1.22k|} crypto_ec_get_order: 2536| 1.22k|{ 2537| 1.22k| return (const struct crypto_bignum *) e->order; 2538| 1.22k|} crypto_ec_point_deinit: 2561| 4.61k|{ 2562| 4.61k| if (clear) ------------------ | Branch (2562:6): [True: 1.22k, False: 3.39k] ------------------ 2563| 1.22k| EC_POINT_clear_free((EC_POINT *) p); 2564| 3.39k| else 2565| 3.39k| EC_POINT_free((EC_POINT *) p); 2566| 4.61k|} crypto_ec_point_from_bin: 2616| 948|{ 2617| 948| BIGNUM *x, *y; 2618| 948| EC_POINT *elem; 2619| 948| int len = BN_num_bytes(e->prime); 2620| | 2621| 948| if (TEST_FAIL()) ------------------ | | 688| 948|#define TEST_FAIL() testing_test_fail(NULL, false) | | ------------------ | | | Branch (688:21): [True: 0, False: 948] | | ------------------ ------------------ 2622| 0| return NULL; 2623| | 2624| 948| x = BN_bin2bn(val, len, NULL); 2625| 948| y = BN_bin2bn(val + len, len, NULL); 2626| 948| elem = EC_POINT_new(e->group); 2627| 948| if (x == NULL || y == NULL || elem == NULL) { ------------------ | Branch (2627:6): [True: 0, False: 948] | Branch (2627:19): [True: 0, False: 948] | Branch (2627:32): [True: 0, False: 948] ------------------ 2628| 0| BN_clear_free(x); 2629| 0| BN_clear_free(y); 2630| 0| EC_POINT_clear_free(elem); 2631| 0| return NULL; 2632| 0| } 2633| | 2634| 948| if (!EC_POINT_set_affine_coordinates(e->group, elem, x, y, e->bnctx)) { ------------------ | Branch (2634:6): [True: 299, False: 649] ------------------ 2635| 299| EC_POINT_clear_free(elem); 2636| 299| elem = NULL; 2637| 299| } 2638| | 2639| 948| BN_clear_free(x); 2640| 948| BN_clear_free(y); 2641| | 2642| 948| return (struct crypto_ec_point *) elem; 2643| 948|} crypto_ec_point_is_on_curve: 2710| 649|{ 2711| 649| return EC_POINT_is_on_curve(e->group, (const EC_POINT *) p, 2712| 649| e->bnctx) == 1; 2713| 649|} crypto_openssl.c:crypto_ec_group_2_nid: 2381| 1.22k|{ 2382| | /* Map from IANA registry for IKE D-H groups to OpenSSL NID */ 2383| 1.22k| switch (group) { 2384| 1.22k| case 19: ------------------ | Branch (2384:2): [True: 1.22k, False: 0] ------------------ 2385| 1.22k| return NID_X9_62_prime256v1; 2386| 0| case 20: ------------------ | Branch (2386:2): [True: 0, False: 1.22k] ------------------ 2387| 0| return NID_secp384r1; 2388| 0| case 21: ------------------ | Branch (2388:2): [True: 0, False: 1.22k] ------------------ 2389| 0| return NID_secp521r1; 2390| 0| case 25: ------------------ | Branch (2390:2): [True: 0, False: 1.22k] ------------------ 2391| 0| return NID_X9_62_prime192v1; 2392| 0| case 26: ------------------ | Branch (2392:2): [True: 0, False: 1.22k] ------------------ 2393| 0| return NID_secp224r1; 2394| 0|#ifdef NID_brainpoolP224r1 2395| 0| case 27: ------------------ | Branch (2395:2): [True: 0, False: 1.22k] ------------------ 2396| 0| return NID_brainpoolP224r1; 2397| 0|#endif /* NID_brainpoolP224r1 */ 2398| 0|#ifdef NID_brainpoolP256r1 2399| 0| case 28: ------------------ | Branch (2399:2): [True: 0, False: 1.22k] ------------------ 2400| 0| return NID_brainpoolP256r1; 2401| 0|#endif /* NID_brainpoolP256r1 */ 2402| 0|#ifdef NID_brainpoolP384r1 2403| 0| case 29: ------------------ | Branch (2403:2): [True: 0, False: 1.22k] ------------------ 2404| 0| return NID_brainpoolP384r1; 2405| 0|#endif /* NID_brainpoolP384r1 */ 2406| 0|#ifdef NID_brainpoolP512r1 2407| 0| case 30: ------------------ | Branch (2407:2): [True: 0, False: 1.22k] ------------------ 2408| 0| return NID_brainpoolP512r1; 2409| 0|#endif /* NID_brainpoolP512r1 */ 2410| 0| default: ------------------ | Branch (2410:2): [True: 0, False: 1.22k] ------------------ 2411| 0| return -1; 2412| 1.22k| } 2413| 1.22k|} bin_clear_free: 1047| 1.22k|{ 1048| 1.22k| if (bin) { ------------------ | Branch (1048:6): [True: 1.22k, False: 0] ------------------ 1049| 1.22k| forced_memzero(bin, len); 1050| 1.22k| os_free(bin); ------------------ | | 511| 1.22k|#define os_free(p) free((p)) ------------------ 1051| 1.22k| } 1052| 1.22k|} forced_memzero: 1343| 1.22k|{ 1344| 1.22k| memset_func(ptr, 0, len); 1345| 1.22k| if (len) ------------------ | Branch (1345:6): [True: 1.22k, False: 0] ------------------ 1346| 1.22k| forced_memzero_val = ((u8 *) ptr)[0]; 1347| 1.22k|} sae.c:WPA_GET_LE16: 225| 1.27k|{ 226| 1.27k| return (a[1] << 8) | a[0]; 227| 1.27k|} sae.c:WPA_GET_BE32: 260| 245|{ 261| 245| return ((u32) a[0] << 24) | (a[1] << 16) | (a[2] << 8) | a[3]; 262| 245|} crypto_openssl.c:testing_test_fail: 697| 3.30k|{ 698| 3.30k| return 0; 699| 3.30k|} os_get_random: 258| 641|{ 259| 641|#ifdef TEST_FUZZ 260| 641| size_t i; 261| | 262| 3.20k| for (i = 0; i < len; i++) ------------------ | Branch (262:14): [True: 2.56k, False: 641] ------------------ 263| 2.56k| buf[i] = i & 0xff; 264| 641| return 0; 265| |#else /* TEST_FUZZ */ 266| | FILE *f; 267| | size_t rc; 268| | 269| | if (TEST_FAIL()) 270| | return -1; 271| | 272| | f = fopen("/dev/urandom", "rb"); 273| | if (f == NULL) { 274| | printf("Could not open /dev/urandom.\n"); 275| | return -1; 276| | } 277| | 278| | rc = fread(buf, 1, len, f); 279| | fclose(f); 280| | 281| | return rc != len ? -1 : 0; 282| |#endif /* TEST_FUZZ */ 283| 641|} os_program_init: 339| 641|{ 340| 641| unsigned int seed; 341| | 342| |#ifdef ANDROID 343| | /* 344| | * We ignore errors here since errors are normal if we 345| | * are already running as non-root. 346| | */ 347| |#ifdef ANDROID_SETGROUPS_OVERRIDE 348| | gid_t groups[] = { ANDROID_SETGROUPS_OVERRIDE }; 349| |#else /* ANDROID_SETGROUPS_OVERRIDE */ 350| | gid_t groups[] = { AID_INET, AID_WIFI, AID_KEYSTORE }; 351| |#endif /* ANDROID_SETGROUPS_OVERRIDE */ 352| | struct __user_cap_header_struct header; 353| | struct __user_cap_data_struct cap; 354| | 355| | setgroups(ARRAY_SIZE(groups), groups); 356| | 357| | prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); 358| | 359| | setgid(AID_WIFI); 360| | setuid(AID_WIFI); 361| | 362| | header.version = _LINUX_CAPABILITY_VERSION; 363| | header.pid = 0; 364| | cap.effective = cap.permitted = 365| | (1 << CAP_NET_ADMIN) | (1 << CAP_NET_RAW); 366| | cap.inheritable = 0; 367| | capset(&header, &cap); 368| |#endif /* ANDROID */ 369| | 370| 641| if (os_get_random((unsigned char *) &seed, sizeof(seed)) == 0) ------------------ | Branch (370:6): [True: 641, False: 0] ------------------ 371| 641| srandom(seed); 372| | 373| 641| return 0; 374| 641|} os_program_deinit: 378| 641|{ 379| |#ifdef WPA_TRACE 380| | struct os_alloc_trace *a; 381| | unsigned long total = 0; 382| | dl_list_for_each(a, &alloc_list, struct os_alloc_trace, list) { 383| | total += a->len; 384| | if (a->magic != ALLOC_MAGIC) { 385| | wpa_printf(MSG_INFO, "MEMLEAK[%p]: invalid magic 0x%x " 386| | "len %lu", 387| | a, a->magic, (unsigned long) a->len); 388| | continue; 389| | } 390| | wpa_printf(MSG_INFO, "MEMLEAK[%p]: len %lu", 391| | a, (unsigned long) a->len); 392| | wpa_trace_dump("memleak", a); 393| | } 394| | if (total) 395| | wpa_printf(MSG_INFO, "MEMLEAK: total %lu bytes", 396| | (unsigned long) total); 397| | wpa_trace_deinit(); 398| |#endif /* WPA_TRACE */ 399| 641|} os_zalloc: 485| 2.47k|{ 486| 2.47k| return calloc(1, size); 487| 2.47k|} wpa_printf: 224| 3.64k|{ 225| 3.64k| va_list ap; 226| | 227| 3.64k| if (level >= wpa_debug_level) { ------------------ | Branch (227:6): [True: 0, False: 3.64k] ------------------ 228| |#ifdef CONFIG_ANDROID_LOG 229| | va_start(ap, fmt); 230| | __android_log_vprint(wpa_to_android_level(level), 231| | ANDROID_LOG_NAME, fmt, ap); 232| | va_end(ap); 233| |#else /* CONFIG_ANDROID_LOG */ 234| |#ifdef CONFIG_DEBUG_SYSLOG 235| | if (wpa_debug_syslog) { 236| | va_start(ap, fmt); 237| | vsyslog(syslog_priority(level), fmt, ap); 238| | va_end(ap); 239| | } 240| |#endif /* CONFIG_DEBUG_SYSLOG */ 241| 0| wpa_debug_print_timestamp(); 242| 0|#ifdef CONFIG_DEBUG_FILE 243| 0| if (out_file) { ------------------ | Branch (243:7): [True: 0, False: 0] ------------------ 244| 0| va_start(ap, fmt); 245| 0| vfprintf(out_file, fmt, ap); 246| 0| fprintf(out_file, "\n"); 247| 0| va_end(ap); 248| 0| } 249| 0|#endif /* CONFIG_DEBUG_FILE */ 250| 0| if (!wpa_debug_syslog && !out_file) { ------------------ | Branch (250:7): [True: 0, False: 0] | Branch (250:28): [True: 0, False: 0] ------------------ 251| 0| va_start(ap, fmt); 252| 0| vprintf(fmt, ap); 253| 0| printf("\n"); 254| 0| va_end(ap); 255| 0| } 256| 0|#endif /* CONFIG_ANDROID_LOG */ 257| 0| } 258| | 259| |#ifdef CONFIG_DEBUG_LINUX_TRACING 260| | if (wpa_debug_tracing_file != NULL) { 261| | va_start(ap, fmt); 262| | fprintf(wpa_debug_tracing_file, WPAS_TRACE_PFX, level); 263| | vfprintf(wpa_debug_tracing_file, fmt, ap); 264| | fprintf(wpa_debug_tracing_file, "\n"); 265| | fflush(wpa_debug_tracing_file); 266| | va_end(ap); 267| | } 268| |#endif /* CONFIG_DEBUG_LINUX_TRACING */ 269| 3.64k|} wpa_hexdump: 400| 3.99k|{ 401| 3.99k| _wpa_hexdump(level, title, buf, len, 1, 0); 402| 3.99k|} wpa_hexdump_ascii: 526| 86|{ 527| 86| _wpa_hexdump_ascii(level, title, buf, len, 1); 528| 86|} wpa_debug.c:_wpa_hexdump: 274| 3.99k|{ 275| 3.99k| size_t i; 276| | 277| |#ifdef CONFIG_DEBUG_LINUX_TRACING 278| | if (wpa_debug_tracing_file != NULL) { 279| | fprintf(wpa_debug_tracing_file, 280| | WPAS_TRACE_PFX "%s - hexdump(len=%lu):", 281| | level, title, (unsigned long) len); 282| | if (buf == NULL) { 283| | fprintf(wpa_debug_tracing_file, " [NULL]\n"); 284| | } else if (!show) { 285| | fprintf(wpa_debug_tracing_file, " [REMOVED]\n"); 286| | } else { 287| | for (i = 0; i < len; i++) 288| | fprintf(wpa_debug_tracing_file, 289| | " %02x", buf[i]); 290| | } 291| | fflush(wpa_debug_tracing_file); 292| | } 293| |#endif /* CONFIG_DEBUG_LINUX_TRACING */ 294| | 295| 3.99k| if (level < wpa_debug_level) ------------------ | Branch (295:6): [True: 3.99k, False: 0] ------------------ 296| 3.99k| return; 297| |#ifdef CONFIG_ANDROID_LOG 298| | { 299| | const char *display; 300| | char *strbuf = NULL; 301| | size_t slen = len; 302| | if (buf == NULL) { 303| | display = " [NULL]"; 304| | } else if (len == 0) { 305| | display = ""; 306| | } else if (show && len) { 307| | /* Limit debug message length for Android log */ 308| | if (slen > 32) 309| | slen = 32; 310| | strbuf = os_malloc(1 + 3 * slen); 311| | if (strbuf == NULL) { 312| | wpa_printf(MSG_ERROR, "wpa_hexdump: Failed to " 313| | "allocate message buffer"); 314| | return; 315| | } 316| | 317| | for (i = 0; i < slen; i++) 318| | os_snprintf(&strbuf[i * 3], 4, " %02x", 319| | buf[i]); 320| | 321| | display = strbuf; 322| | } else { 323| | display = " [REMOVED]"; 324| | } 325| | 326| | __android_log_print(wpa_to_android_level(level), 327| | ANDROID_LOG_NAME, 328| | "%s - hexdump(len=%lu):%s%s", 329| | title, (long unsigned int) len, display, 330| | len > slen ? " ..." : ""); 331| | bin_clear_free(strbuf, 1 + 3 * slen); 332| | return; 333| | } 334| |#else /* CONFIG_ANDROID_LOG */ 335| |#ifdef CONFIG_DEBUG_SYSLOG 336| | if (wpa_debug_syslog) { 337| | const char *display; 338| | char *strbuf = NULL; 339| | 340| | if (buf == NULL) { 341| | display = " [NULL]"; 342| | } else if (len == 0) { 343| | display = ""; 344| | } else if (show && len) { 345| | strbuf = os_malloc(1 + 3 * len); 346| | if (strbuf == NULL) { 347| | wpa_printf(MSG_ERROR, "wpa_hexdump: Failed to " 348| | "allocate message buffer"); 349| | return; 350| | } 351| | 352| | for (i = 0; i < len; i++) 353| | os_snprintf(&strbuf[i * 3], 4, " %02x", 354| | buf[i]); 355| | 356| | display = strbuf; 357| | } else { 358| | display = " [REMOVED]"; 359| | } 360| | 361| | syslog(syslog_priority(level), "%s - hexdump(len=%lu):%s", 362| | title, (unsigned long) len, display); 363| | bin_clear_free(strbuf, 1 + 3 * len); 364| | if (only_syslog) 365| | return; 366| | } 367| |#endif /* CONFIG_DEBUG_SYSLOG */ 368| 0| wpa_debug_print_timestamp(); 369| 0|#ifdef CONFIG_DEBUG_FILE 370| 0| if (out_file) { ------------------ | Branch (370:6): [True: 0, False: 0] ------------------ 371| 0| fprintf(out_file, "%s - hexdump(len=%lu):", 372| 0| title, (unsigned long) len); 373| 0| if (buf == NULL) { ------------------ | Branch (373:7): [True: 0, False: 0] ------------------ 374| 0| fprintf(out_file, " [NULL]"); 375| 0| } else if (show) { ------------------ | Branch (375:14): [True: 0, False: 0] ------------------ 376| 0| for (i = 0; i < len; i++) ------------------ | Branch (376:16): [True: 0, False: 0] ------------------ 377| 0| fprintf(out_file, " %02x", buf[i]); 378| 0| } else { 379| 0| fprintf(out_file, " [REMOVED]"); 380| 0| } 381| 0| fprintf(out_file, "\n"); 382| 0| } 383| 0|#endif /* CONFIG_DEBUG_FILE */ 384| 0| if (!wpa_debug_syslog && !out_file) { ------------------ | Branch (384:6): [True: 0, False: 0] | Branch (384:27): [True: 0, False: 0] ------------------ 385| 0| printf("%s - hexdump(len=%lu):", title, (unsigned long) len); 386| 0| if (buf == NULL) { ------------------ | Branch (386:7): [True: 0, False: 0] ------------------ 387| 0| printf(" [NULL]"); 388| 0| } else if (show) { ------------------ | Branch (388:14): [True: 0, False: 0] ------------------ 389| 0| for (i = 0; i < len; i++) ------------------ | Branch (389:16): [True: 0, False: 0] ------------------ 390| 0| printf(" %02x", buf[i]); 391| 0| } else { 392| 0| printf(" [REMOVED]"); 393| 0| } 394| 0| printf("\n"); 395| 0| } 396| 0|#endif /* CONFIG_ANDROID_LOG */ 397| 0|} wpa_debug.c:_wpa_hexdump_ascii: 413| 86|{ 414| 86| size_t i, llen; 415| 86| const u8 *pos = buf; 416| 86| const size_t line_len = 16; 417| | 418| |#ifdef CONFIG_DEBUG_LINUX_TRACING 419| | if (wpa_debug_tracing_file != NULL) { 420| | fprintf(wpa_debug_tracing_file, 421| | WPAS_TRACE_PFX "%s - hexdump_ascii(len=%lu):", 422| | level, title, (unsigned long) len); 423| | if (buf == NULL) { 424| | fprintf(wpa_debug_tracing_file, " [NULL]\n"); 425| | } else if (!show) { 426| | fprintf(wpa_debug_tracing_file, " [REMOVED]\n"); 427| | } else { 428| | /* can do ascii processing in userspace */ 429| | for (i = 0; i < len; i++) 430| | fprintf(wpa_debug_tracing_file, 431| | " %02x", pos[i]); 432| | } 433| | fflush(wpa_debug_tracing_file); 434| | } 435| |#endif /* CONFIG_DEBUG_LINUX_TRACING */ 436| | 437| 86| if (level < wpa_debug_level) ------------------ | Branch (437:6): [True: 86, False: 0] ------------------ 438| 86| return; 439| |#ifdef CONFIG_ANDROID_LOG 440| | _wpa_hexdump(level, title, buf, len, show, 0); 441| |#else /* CONFIG_ANDROID_LOG */ 442| |#ifdef CONFIG_DEBUG_SYSLOG 443| | if (wpa_debug_syslog) 444| | _wpa_hexdump(level, title, buf, len, show, 1); 445| |#endif /* CONFIG_DEBUG_SYSLOG */ 446| 0| wpa_debug_print_timestamp(); 447| 0|#ifdef CONFIG_DEBUG_FILE 448| 0| if (out_file) { ------------------ | Branch (448:6): [True: 0, False: 0] ------------------ 449| 0| if (!show) { ------------------ | Branch (449:7): [True: 0, False: 0] ------------------ 450| 0| fprintf(out_file, 451| 0| "%s - hexdump_ascii(len=%lu): [REMOVED]\n", 452| 0| title, (unsigned long) len); 453| 0| goto file_done; 454| 0| } 455| 0| if (buf == NULL) { ------------------ | Branch (455:7): [True: 0, False: 0] ------------------ 456| 0| fprintf(out_file, 457| 0| "%s - hexdump_ascii(len=%lu): [NULL]\n", 458| 0| title, (unsigned long) len); 459| 0| goto file_done; 460| 0| } 461| 0| fprintf(out_file, "%s - hexdump_ascii(len=%lu):\n", 462| 0| title, (unsigned long) len); 463| 0| while (len) { ------------------ | Branch (463:10): [True: 0, False: 0] ------------------ 464| 0| llen = len > line_len ? line_len : len; ------------------ | Branch (464:11): [True: 0, False: 0] ------------------ 465| 0| fprintf(out_file, " "); 466| 0| for (i = 0; i < llen; i++) ------------------ | Branch (466:16): [True: 0, False: 0] ------------------ 467| 0| fprintf(out_file, " %02x", pos[i]); 468| 0| for (i = llen; i < line_len; i++) ------------------ | Branch (468:19): [True: 0, False: 0] ------------------ 469| 0| fprintf(out_file, " "); 470| 0| fprintf(out_file, " "); 471| 0| for (i = 0; i < llen; i++) { ------------------ | Branch (471:16): [True: 0, False: 0] ------------------ 472| 0| if (isprint(pos[i])) ------------------ | Branch (472:9): [True: 0, False: 0] ------------------ 473| 0| fprintf(out_file, "%c", pos[i]); 474| 0| else 475| 0| fprintf(out_file, "_"); 476| 0| } 477| 0| for (i = llen; i < line_len; i++) ------------------ | Branch (477:19): [True: 0, False: 0] ------------------ 478| 0| fprintf(out_file, " "); 479| 0| fprintf(out_file, "\n"); 480| 0| pos += llen; 481| 0| len -= llen; 482| 0| } 483| 0| } 484| 0|file_done: 485| 0|#endif /* CONFIG_DEBUG_FILE */ 486| 0| if (!wpa_debug_syslog && !out_file) { ------------------ | Branch (486:6): [True: 0, False: 0] | Branch (486:27): [True: 0, False: 0] ------------------ 487| 0| if (!show) { ------------------ | Branch (487:7): [True: 0, False: 0] ------------------ 488| 0| printf("%s - hexdump_ascii(len=%lu): [REMOVED]\n", 489| 0| title, (unsigned long) len); 490| 0| return; 491| 0| } 492| 0| if (buf == NULL) { ------------------ | Branch (492:7): [True: 0, False: 0] ------------------ 493| 0| printf("%s - hexdump_ascii(len=%lu): [NULL]\n", 494| 0| title, (unsigned long) len); 495| 0| return; 496| 0| } 497| 0| printf("%s - hexdump_ascii(len=%lu):\n", title, 498| 0| (unsigned long) len); 499| 0| while (len) { ------------------ | Branch (499:10): [True: 0, False: 0] ------------------ 500| 0| llen = len > line_len ? line_len : len; ------------------ | Branch (500:11): [True: 0, False: 0] ------------------ 501| 0| printf(" "); 502| 0| for (i = 0; i < llen; i++) ------------------ | Branch (502:16): [True: 0, False: 0] ------------------ 503| 0| printf(" %02x", pos[i]); 504| 0| for (i = llen; i < line_len; i++) ------------------ | Branch (504:19): [True: 0, False: 0] ------------------ 505| 0| printf(" "); 506| 0| printf(" "); 507| 0| for (i = 0; i < llen; i++) { ------------------ | Branch (507:16): [True: 0, False: 0] ------------------ 508| 0| if (isprint(pos[i])) ------------------ | Branch (508:9): [True: 0, False: 0] ------------------ 509| 0| printf("%c", pos[i]); 510| 0| else 511| 0| printf("_"); 512| 0| } 513| 0| for (i = llen; i < line_len; i++) ------------------ | Branch (513:19): [True: 0, False: 0] ------------------ 514| 0| printf(" "); 515| 0| printf("\n"); 516| 0| pos += llen; 517| 0| len -= llen; 518| 0| } 519| 0| } 520| 0|#endif /* CONFIG_ANDROID_LOG */ 521| 0|} sae.c:wpa_hexdump_buf: 117| 35|{ 118| 35| wpa_hexdump(level, title, buf ? wpabuf_head(buf) : NULL, ------------------ | Branch (118:28): [True: 35, False: 0] ------------------ 119| 35| buf ? wpabuf_len(buf) : 0); ------------------ | Branch (119:7): [True: 35, False: 0] ------------------ 120| 35|} wpabuf_alloc: 114| 35|{ 115| |#ifdef WPA_TRACE 116| | struct wpabuf_trace *trace = os_zalloc(sizeof(struct wpabuf_trace) + 117| | sizeof(struct wpabuf) + len); 118| | struct wpabuf *buf; 119| | if (trace == NULL) 120| | return NULL; 121| | trace->magic = WPABUF_MAGIC; 122| | buf = (struct wpabuf *) (trace + 1); 123| |#else /* WPA_TRACE */ 124| 35| struct wpabuf *buf = os_zalloc(sizeof(struct wpabuf) + len); 125| 35| if (buf == NULL) ------------------ | Branch (125:6): [True: 0, False: 35] ------------------ 126| 0| return NULL; 127| 35|#endif /* WPA_TRACE */ 128| | 129| 35| buf->size = len; 130| 35| buf->buf = (u8 *) (buf + 1); 131| 35| return buf; 132| 35|} wpabuf_free: 187| 4.26k|{ 188| |#ifdef WPA_TRACE 189| | struct wpabuf_trace *trace; 190| | if (buf == NULL) 191| | return; 192| | trace = wpabuf_get_trace(buf); 193| | if (trace->magic != WPABUF_MAGIC) { 194| | wpa_printf(MSG_ERROR, "wpabuf_free: invalid magic %x", 195| | trace->magic); 196| | wpa_trace_show("wpabuf_free magic mismatch"); 197| | abort(); 198| | } 199| | if (buf->flags & WPABUF_FLAG_EXT_DATA) 200| | os_free(buf->buf); 201| | os_free(trace); 202| |#else /* WPA_TRACE */ 203| 4.26k| if (buf == NULL) ------------------ | Branch (203:6): [True: 4.23k, False: 35] ------------------ 204| 4.23k| return; 205| 35| if (buf->flags & WPABUF_FLAG_EXT_DATA) ------------------ | | 13| 35|#define WPABUF_FLAG_EXT_DATA BIT(0) | | ------------------ | | | | 458| 35|#define BIT(x) (1U << (x)) | | ------------------ ------------------ | Branch (205:6): [True: 0, False: 35] ------------------ 206| 0| os_free(buf->buf); ------------------ | | 511| 0|#define os_free(p) free((p)) ------------------ 207| 35| os_free(buf); ------------------ | | 511| 35|#define os_free(p) free((p)) ------------------ 208| 35|#endif /* WPA_TRACE */ 209| 35|} wpabuf_put: 222| 35|{ 223| 35| void *tmp = wpabuf_mhead_u8(buf) + wpabuf_len(buf); 224| 35| buf->used += len; 225| 35| if (buf->used > buf->size) { ------------------ | Branch (225:6): [True: 0, False: 35] ------------------ 226| 0| wpabuf_overflow(buf, len); 227| 0| } 228| 35| return tmp; 229| 35|} sae.c:wpabuf_len: 59| 35|{ 60| 35| return buf->used; 61| 35|} sae.c:wpabuf_head: 94| 35|{ 95| 35| return buf->buf; 96| 35|} sae.c:wpabuf_put_data: 174| 35|{ 175| 35| if (data) ------------------ | Branch (175:6): [True: 35, False: 0] ------------------ 176| 35| os_memcpy(wpabuf_put(buf, len), data, len); ------------------ | | 523| 35|#define os_memcpy(d, s, n) memcpy((d), (s), (n)) ------------------ 177| 35|} wpabuf.c:wpabuf_len: 59| 35|{ 60| 35| return buf->used; 61| 35|} wpabuf.c:wpabuf_mhead: 109| 35|{ 110| 35| return buf->buf; 111| 35|} wpabuf.c:wpabuf_mhead_u8: 114| 35|{ 115| 35| return (u8 *) wpabuf_mhead(buf); 116| 35|} wpa_fuzzer_set_debug_level: 15| 641|{ 16| 641| static int first = 1; 17| | 18| 641| if (first) { ------------------ | Branch (18:6): [True: 1, False: 640] ------------------ 19| 1| char *env; 20| | 21| 1| first = 0; 22| 1| env = getenv("WPADEBUG"); 23| 1| if (env) ------------------ | Branch (23:7): [True: 0, False: 1] ------------------ 24| 0| wpa_debug_level = atoi(env); 25| 1| else 26| 1| wpa_debug_level = MSG_ERROR + 1; 27| | 28| 1| wpa_debug_show_keys = 1; 29| 1| } 30| 641|} LLVMFuzzerTestOneInput: 17| 641|{ 18| 641| struct sae_data sae; 19| 641| u16 res; 20| 641| const u8 *token = NULL; 21| 641| size_t token_len = 0; 22| 641| int groups[] = { 19, 0 }; 23| | 24| 641| wpa_fuzzer_set_debug_level(); 25| | 26| 641| if (os_program_init()) ------------------ | Branch (26:6): [True: 0, False: 641] ------------------ 27| 0| return 0; 28| | 29| 641| os_memset(&sae, 0, sizeof(sae)); ------------------ | | 529| 641|#define os_memset(s, c, n) memset(s, c, n) ------------------ 30| 641| res = sae_parse_commit(&sae, data, size, &token, &token_len, groups, 0, 31| 641| NULL); 32| 641| wpa_printf(MSG_DEBUG, "sae_parse_commit(0): %u", res); 33| 641| sae_clear_data(&sae); 34| 641| res = sae_parse_commit(&sae, data, size, &token, &token_len, groups, 1, 35| 641| NULL); 36| 641| wpa_printf(MSG_DEBUG, "sae_parse_commit(1): %u", res); 37| 641| sae_clear_data(&sae); 38| 641| os_program_deinit(); 39| | 40| 641| return 0; 41| 641|}