libspdm_get_scratch_buffer_secure_message_capacity: 17| 690|uint32_t libspdm_get_scratch_buffer_secure_message_capacity(libspdm_context_t *spdm_context) { 18| 690| return spdm_context->local_context.capability.max_spdm_msg_size + 19| 690| spdm_context->local_context.capability.transport_header_size + 20| 690| spdm_context->local_context.capability.transport_tail_size; 21| 690|} libspdm_get_scratch_buffer_large_message_capacity: 28| 690|uint32_t libspdm_get_scratch_buffer_large_message_capacity(libspdm_context_t *spdm_context) { 29| 690| return spdm_context->local_context.capability.max_spdm_msg_size; 30| 690|} libspdm_get_scratch_buffer_sender_receiver_capacity: 43| 690|uint32_t libspdm_get_scratch_buffer_sender_receiver_capacity(libspdm_context_t *spdm_context) { 44| 690| return spdm_context->local_context.capability.max_spdm_msg_size + 45| 690| spdm_context->local_context.capability.transport_header_size + 46| 690| spdm_context->local_context.capability.transport_tail_size; 47| 690|} libspdm_get_scratch_buffer_large_sender_receiver_capacity: 58| 690|{ 59| 690| return spdm_context->local_context.capability.max_spdm_msg_size + 60| 690| spdm_context->local_context.capability.transport_header_size + 61| 690| spdm_context->local_context.capability.transport_tail_size; 62| 690|} libspdm_get_scratch_buffer_last_spdm_request_offset: 66| 230|uint32_t libspdm_get_scratch_buffer_last_spdm_request_offset(libspdm_context_t *spdm_context) { 67| 230| return 0 + 68| 230|#if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP 69| 230| libspdm_get_scratch_buffer_secure_message_capacity(spdm_context) + 70| 230| libspdm_get_scratch_buffer_large_message_capacity(spdm_context) + 71| 230|#endif 72| 230| libspdm_get_scratch_buffer_sender_receiver_capacity(spdm_context) + 73| 230|#if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP 74| 230| libspdm_get_scratch_buffer_large_sender_receiver_capacity(spdm_context) + 75| 230|#endif 76| 230| 0; 77| 230|} libspdm_get_scratch_buffer_last_spdm_request_capacity: 79| 460|uint32_t libspdm_get_scratch_buffer_last_spdm_request_capacity(libspdm_context_t *spdm_context) { 80| 460| return spdm_context->local_context.capability.max_spdm_msg_size; 81| 460|} libspdm_get_scratch_buffer_cache_spdm_request_offset: 85| 230|uint32_t libspdm_get_scratch_buffer_cache_spdm_request_offset(libspdm_context_t *spdm_context) { 86| 230| return 0 + 87| 230|#if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP 88| 230| libspdm_get_scratch_buffer_secure_message_capacity(spdm_context) + 89| 230| libspdm_get_scratch_buffer_large_message_capacity(spdm_context) + 90| 230|#endif 91| 230| libspdm_get_scratch_buffer_sender_receiver_capacity(spdm_context) + 92| 230|#if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP 93| 230| libspdm_get_scratch_buffer_large_sender_receiver_capacity(spdm_context) + 94| 230|#endif 95| 230| libspdm_get_scratch_buffer_last_spdm_request_capacity(spdm_context) + 96| 230| 0; 97| 230|} libspdm_get_scratch_buffer_cache_spdm_request_capacity: 99| 230|uint32_t libspdm_get_scratch_buffer_cache_spdm_request_capacity(libspdm_context_t *spdm_context) { 100| 230| return spdm_context->local_context.capability.max_spdm_msg_size; 101| 230|} libspdm_get_scratch_buffer_capacity: 105| 230|uint32_t libspdm_get_scratch_buffer_capacity(libspdm_context_t *spdm_context) { 106| 230| return 0 + 107| 230|#if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP 108| 230| libspdm_get_scratch_buffer_secure_message_capacity(spdm_context) + 109| 230| libspdm_get_scratch_buffer_large_message_capacity(spdm_context) + 110| 230|#endif 111| 230| libspdm_get_scratch_buffer_sender_receiver_capacity(spdm_context) + 112| 230|#if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP 113| 230| libspdm_get_scratch_buffer_large_sender_receiver_capacity(spdm_context) + 114| 230|#endif 115| 230| libspdm_get_scratch_buffer_last_spdm_request_capacity(spdm_context) + 116| 230|#if LIBSPDM_RESPOND_IF_READY_SUPPORT 117| 230| libspdm_get_scratch_buffer_cache_spdm_request_capacity(spdm_context) + 118| 230|#endif 119| 230| 0; 120| 230|} libspdm_register_device_io_func: 2720| 230|{ 2721| 230| libspdm_context_t *context; 2722| | 2723| 230| context = spdm_context; 2724| 230| context->send_message = send_message; 2725| 230| context->receive_message = receive_message; 2726| 230|} libspdm_register_device_buffer_func: 2779| 230|{ 2780| 230| libspdm_context_t *context; 2781| | 2782| 230| context = spdm_context; 2783| 230| context->sender_buffer_size = sender_buffer_size; 2784| 230| context->receiver_buffer_size = receiver_buffer_size; 2785| 230| context->acquire_sender_buffer = acquire_sender_buffer; 2786| 230| context->release_sender_buffer = release_sender_buffer; 2787| 230| context->acquire_receiver_buffer = acquire_receiver_buffer; 2788| 230| context->release_receiver_buffer = release_receiver_buffer; 2789| | 2790| 230| LIBSPDM_ASSERT (sender_buffer_size >= 2791| 230| context->local_context.capability.transport_header_size + 2792| 230| context->local_context.capability.transport_tail_size); 2793| 230| sender_buffer_size -= (context->local_context.capability.transport_header_size + 2794| 230| context->local_context.capability.transport_tail_size); 2795| 230| LIBSPDM_ASSERT (sender_buffer_size >= SPDM_MIN_DATA_TRANSFER_SIZE_VERSION_12); 2796| 230| context->local_context.capability.sender_data_transfer_size = sender_buffer_size; 2797| | 2798| 230| LIBSPDM_ASSERT(receiver_buffer_size >= 2799| 230| context->local_context.capability.transport_header_size + 2800| 230| context->local_context.capability.transport_tail_size); 2801| 230| receiver_buffer_size -= (context->local_context.capability.transport_header_size + 2802| 230| context->local_context.capability.transport_tail_size); 2803| 230| LIBSPDM_ASSERT (receiver_buffer_size >= SPDM_MIN_DATA_TRANSFER_SIZE_VERSION_12); 2804| 230| context->local_context.capability.data_transfer_size = receiver_buffer_size; 2805| 230|} libspdm_register_transport_layer_func: 2823| 230|{ 2824| 230| libspdm_context_t *context; 2825| | 2826| 230| context = spdm_context; 2827| | 2828| | /* fix the data_transfer_size if it is set before */ 2829| 230| if ((context->local_context.capability.data_transfer_size != 0) && ------------------ | Branch (2829:9): [True: 0, False: 230] ------------------ 2830| 230| (context->local_context.capability.data_transfer_size == ------------------ | Branch (2830:9): [True: 0, False: 0] ------------------ 2831| 0| context->receiver_buffer_size)) { 2832| 0| context->local_context.capability.data_transfer_size = 2833| 0| (uint32_t)(context->receiver_buffer_size - 2834| 0| (transport_header_size + transport_tail_size)); 2835| 0| } 2836| 230| if ((context->local_context.capability.sender_data_transfer_size != 0) && ------------------ | Branch (2836:9): [True: 0, False: 230] ------------------ 2837| 230| (context->local_context.capability.sender_data_transfer_size == ------------------ | Branch (2837:9): [True: 0, False: 0] ------------------ 2838| 0| context->sender_buffer_size)) { 2839| 0| context->local_context.capability.sender_data_transfer_size = 2840| 0| (uint32_t)(context->sender_buffer_size - 2841| 0| (transport_header_size + transport_tail_size)); 2842| 0| } 2843| | 2844| 230| context->local_context.capability.max_spdm_msg_size = max_spdm_msg_size; 2845| 230| context->local_context.capability.transport_header_size = transport_header_size; 2846| 230| context->local_context.capability.transport_tail_size = transport_tail_size; 2847| 230| context->transport_encode_message = transport_encode_message; 2848| 230| context->transport_decode_message = transport_decode_message; 2849| 230|} libspdm_get_sizeof_required_scratch_buffer: 2886| 230|{ 2887| 230| libspdm_context_t *context; 2888| 230| size_t scratch_buffer_size; 2889| | 2890| 230| context = spdm_context; 2891| 230| LIBSPDM_ASSERT (context->local_context.capability.max_spdm_msg_size != 0); 2892| | 2893| 230| scratch_buffer_size = libspdm_get_scratch_buffer_capacity(context); 2894| 230| return scratch_buffer_size; 2895| 230|} libspdm_set_scratch_buffer: 2911| 230|{ 2912| 230| libspdm_context_t *context; 2913| | 2914| 230| context = spdm_context; 2915| 230| LIBSPDM_ASSERT (context->local_context.capability.max_spdm_msg_size != 0); 2916| 230| LIBSPDM_ASSERT (scratch_buffer_size >= libspdm_get_scratch_buffer_capacity(spdm_context)); 2917| 230| context->scratch_buffer = scratch_buffer; 2918| 230| context->scratch_buffer_size = scratch_buffer_size; 2919| 230| context->last_spdm_request = (uint8_t *)scratch_buffer + 2920| 230| libspdm_get_scratch_buffer_last_spdm_request_offset(spdm_context); 2921| 230|#if LIBSPDM_RESPOND_IF_READY_SUPPORT 2922| 230| context->cache_spdm_request = (uint8_t *)scratch_buffer + 2923| 230| libspdm_get_scratch_buffer_cache_spdm_request_offset(spdm_context); 2924| 230|#endif 2925| 230|} libspdm_init_context_with_secured_context: 3240| 230|{ 3241| 230| libspdm_context_t *context; 3242| 230| size_t index; 3243| | 3244| 230| LIBSPDM_ASSERT(spdm_context != NULL); 3245| 230| LIBSPDM_ASSERT(secured_contexts != NULL); 3246| 230| LIBSPDM_ASSERT(num_secured_contexts == LIBSPDM_MAX_SESSION_COUNT); 3247| | 3248| 230| context = spdm_context; 3249| 230| libspdm_zero_mem(context, sizeof(libspdm_context_t)); 3250| 230| context->version = LIBSPDM_CONTEXT_STRUCT_VERSION; ------------------ | | 527| 230|#define LIBSPDM_CONTEXT_STRUCT_VERSION 0x3 ------------------ 3251| 230| context->transcript.message_a.max_buffer_size = 3252| 230| sizeof(context->transcript.message_a.buffer); 3253| 230| context->transcript.message_d.max_buffer_size = 3254| 230| sizeof(context->transcript.message_d.buffer); 3255| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 3256| | context->transcript.message_b.max_buffer_size = 3257| | sizeof(context->transcript.message_b.buffer); 3258| | context->transcript.message_c.max_buffer_size = 3259| | sizeof(context->transcript.message_c.buffer); 3260| | context->transcript.message_mut_b.max_buffer_size = 3261| | sizeof(context->transcript.message_mut_b.buffer); 3262| | context->transcript.message_mut_c.max_buffer_size = 3263| | sizeof(context->transcript.message_mut_c.buffer); 3264| | context->transcript.message_m.max_buffer_size = 3265| | sizeof(context->transcript.message_m.buffer); 3266| | context->transcript.message_e.max_buffer_size = 3267| | sizeof(context->transcript.message_e.buffer); 3268| | context->transcript.message_encap_e.max_buffer_size = 3269| | sizeof(context->transcript.message_encap_e.buffer); 3270| |#endif 3271| 230| context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL; 3272| 230| context->local_context.version.spdm_version_count = SPDM_MAX_VERSION_COUNT; ------------------ | | 17| 230|#define SPDM_MAX_VERSION_COUNT 4 ------------------ 3273| 230| context->local_context.version.spdm_version[0] = SPDM_MESSAGE_VERSION_10 << ------------------ | | 110| 230|#define SPDM_MESSAGE_VERSION_10 0x10 ------------------ 3274| 230| SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 230|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 3275| 230| context->local_context.version.spdm_version[1] = SPDM_MESSAGE_VERSION_11 << ------------------ | | 111| 230|#define SPDM_MESSAGE_VERSION_11 0x11 ------------------ 3276| 230| SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 230|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 3277| 230| context->local_context.version.spdm_version[2] = SPDM_MESSAGE_VERSION_12 << ------------------ | | 112| 230|#define SPDM_MESSAGE_VERSION_12 0x12 ------------------ 3278| 230| SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 230|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 3279| 230| context->local_context.version.spdm_version[3] = SPDM_MESSAGE_VERSION_13 << ------------------ | | 113| 230|#define SPDM_MESSAGE_VERSION_13 0x13 ------------------ 3280| 230| SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 230|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 3281| 230| context->local_context.secured_message_version.spdm_version_count = 3282| 230| SECURED_SPDM_MAX_VERSION_COUNT; ------------------ | | 55| 230|#define SECURED_SPDM_MAX_VERSION_COUNT 3 ------------------ 3283| 230| context->local_context.secured_message_version.spdm_version[0] = 3284| 230| SECURED_SPDM_VERSION_10 << SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 57| 230|#define SECURED_SPDM_VERSION_10 0x10 ------------------ SECURED_SPDM_VERSION_10 << SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 230|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 3285| 230| context->local_context.secured_message_version.spdm_version[1] = 3286| 230| SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 58| 230|#define SECURED_SPDM_VERSION_11 0x11 ------------------ SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 230|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 3287| 230| context->local_context.secured_message_version.spdm_version[2] = 3288| 230| SECURED_SPDM_VERSION_12 << SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 59| 230|#define SECURED_SPDM_VERSION_12 0x12 ------------------ SECURED_SPDM_VERSION_12 << SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 230|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 3289| 230| context->local_context.capability.st1 = SPDM_ST1_VALUE_US; ------------------ | | 1514| 230|#define SPDM_ST1_VALUE_US 100000 ------------------ 3290| | 3291| 230| context->mut_auth_cert_chain_buffer_size = 0; 3292| | 3293| 230| context->max_spdm_session_sequence_number = LIBSPDM_MAX_SPDM_SESSION_SEQUENCE_NUMBER; ------------------ | | 39| 230|#define LIBSPDM_MAX_SPDM_SESSION_SEQUENCE_NUMBER 0xFFFFFFFFFFFFFFFFull ------------------ 3294| | 3295| 230| context->latest_session_id = INVALID_SESSION_ID; ------------------ | | 28| 230|#define INVALID_SESSION_ID 0 ------------------ 3296| 230| context->last_spdm_request_session_id = INVALID_SESSION_ID; ------------------ | | 28| 230|#define INVALID_SESSION_ID 0 ------------------ 3297| 230| context->last_spdm_request_session_id_valid = false; 3298| 230| context->last_spdm_request_size = 0; 3299| | 3300| | /* To be updated in libspdm_register_device_buffer_func */ 3301| 230| context->local_context.capability.data_transfer_size = 0; 3302| 230| context->local_context.capability.sender_data_transfer_size = 0; 3303| 230| context->local_context.capability.max_spdm_msg_size = 0; 3304| | 3305| 1.15k| for (index = 0; index < num_secured_contexts; index++) { ------------------ | Branch (3305:21): [True: 920, False: 230] ------------------ 3306| 920| if (secured_contexts[index] == NULL) { ------------------ | Branch (3306:13): [True: 0, False: 920] ------------------ 3307| 0| return LIBSPDM_STATUS_INVALID_PARAMETER; ------------------ | | 73| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0001) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 3308| 0| } 3309| | 3310| 920| context->session_info[index].secured_message_context = secured_contexts[index]; 3311| 920| libspdm_secured_message_init_context( 3312| 920| context->session_info[index].secured_message_context); 3313| 920| } 3314| | 3315| 230| return LIBSPDM_STATUS_SUCCESS; ------------------ | | 59| 230| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_SUCCESS, LIBSPDM_SOURCE_SUCCESS, 0x0000) | | ------------------ | | | | 55| 230| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 3316| 230|} libspdm_init_context: 3331| 230|{ 3332| 230| libspdm_context_t *context; 3333| 230| void *secured_context; 3334| 230| void *secured_contexts[LIBSPDM_MAX_SESSION_COUNT]; 3335| 230| size_t secured_context_size; 3336| 230| size_t index; 3337| | 3338| 230| LIBSPDM_ASSERT(spdm_context != NULL); 3339| | 3340| | /* libspdm_get_context_size() allocates space for all secured message 3341| | * contexts. They are appended to the general SPDM context. */ 3342| 230| context = spdm_context; 3343| 230| secured_context = (void *)((size_t)(context + 1)); 3344| 230| secured_context_size = libspdm_secured_message_get_context_size(); 3345| | 3346| 1.15k| for (index = 0; index < LIBSPDM_MAX_SESSION_COUNT; index++) ------------------ | | 198| 1.15k|#define LIBSPDM_MAX_SESSION_COUNT 4 ------------------ | Branch (3346:21): [True: 920, False: 230] ------------------ 3347| 920| { 3348| 920| secured_contexts[index] = (uint8_t *)secured_context + secured_context_size * index; 3349| 920| } 3350| | 3351| 230| return libspdm_init_context_with_secured_context(spdm_context, 3352| 230| secured_contexts, 3353| 230| LIBSPDM_MAX_SESSION_COUNT); ------------------ | | 198| 230|#define LIBSPDM_MAX_SESSION_COUNT 4 ------------------ 3354| 230|} libspdm_get_context_size: 3467| 230|{ 3468| 230| size_t size; 3469| | 3470| 230| size = sizeof(libspdm_context_t) + 3471| 230| libspdm_secured_message_get_context_size() * LIBSPDM_MAX_SESSION_COUNT; ------------------ | | 198| 230|#define LIBSPDM_MAX_SESSION_COUNT 4 ------------------ 3472| 230| LIBSPDM_ASSERT (size == LIBSPDM_CONTEXT_SIZE_ALL); 3473| 230| return size; 3474| 230|} libspdm_session_info_init: 18| 230|{ 19| 230| libspdm_session_type_t session_type; 20| 230| uint32_t capabilities_flag; 21| | 22| 230| if (session_id != INVALID_SESSION_ID) { ------------------ | | 28| 230|#define INVALID_SESSION_ID 0 ------------------ | Branch (22:9): [True: 230, False: 0] ------------------ 23| 230| if (use_psk) { ------------------ | Branch (23:13): [True: 0, False: 230] ------------------ 24| 0| LIBSPDM_ASSERT((spdm_context->max_psk_session_count == 0) || 25| 0| (spdm_context->current_psk_session_count < 26| 0| spdm_context->max_psk_session_count)); 27| 0| spdm_context->current_psk_session_count++; 28| 230| } else { 29| 230| LIBSPDM_ASSERT((spdm_context->max_dhe_session_count == 0) || 30| 230| (spdm_context->current_dhe_session_count < 31| 230| spdm_context->max_dhe_session_count)); 32| 230| spdm_context->current_dhe_session_count++; 33| 230| } 34| 230| } else { 35| 0| if (use_psk) { ------------------ | Branch (35:13): [True: 0, False: 0] ------------------ 36| 0| if (spdm_context->current_psk_session_count > 0) { ------------------ | Branch (36:17): [True: 0, False: 0] ------------------ 37| 0| spdm_context->current_psk_session_count--; 38| 0| } 39| 0| } else { 40| 0| if (spdm_context->current_dhe_session_count > 0) { ------------------ | Branch (40:17): [True: 0, False: 0] ------------------ 41| 0| spdm_context->current_dhe_session_count--; 42| 0| } 43| 0| } 44| 0| } 45| | 46| 230| capabilities_flag = spdm_context->connection_info.capability.flags & 47| 230| spdm_context->local_context.capability.flags; 48| 230| switch (capabilities_flag & 49| 230| (SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP | ------------------ | | 187| 230|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP 0x00000040 ------------------ 50| 230| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP)) { ------------------ | | 188| 230|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP 0x00000080 ------------------ 51| 230| case 0: ------------------ | Branch (51:5): [True: 230, False: 0] ------------------ 52| 230| session_type = LIBSPDM_SESSION_TYPE_NONE; 53| 230| break; 54| 0| case (SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP | ------------------ | | 187| 0|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP 0x00000040 ------------------ | Branch (54:5): [True: 0, False: 230] ------------------ 55| 0| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP): ------------------ | | 188| 0|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP 0x00000080 ------------------ 56| 0| session_type = LIBSPDM_SESSION_TYPE_ENC_MAC; 57| 0| break; 58| 0| case SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP: ------------------ | | 188| 0|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP 0x00000080 ------------------ | Branch (58:5): [True: 0, False: 230] ------------------ 59| 0| session_type = LIBSPDM_SESSION_TYPE_MAC_ONLY; 60| 0| break; 61| 0| default: ------------------ | Branch (61:5): [True: 0, False: 230] ------------------ 62| 0| LIBSPDM_ASSERT(false); 63| 0| session_type = LIBSPDM_SESSION_TYPE_MAX; 64| 0| break; 65| 230| } 66| | 67| 230|#if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) 68| 230| if (session_info->session_transcript.digest_context_th != NULL) { ------------------ | Branch (68:9): [True: 0, False: 230] ------------------ 69| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 70| 0| session_info->session_transcript.digest_context_th); 71| 0| session_info->session_transcript.digest_context_th = NULL; 72| 0| } 73| 230| if (session_info->session_transcript.digest_context_th_backup != NULL) { ------------------ | Branch (73:9): [True: 0, False: 230] ------------------ 74| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 75| 0| session_info->session_transcript.digest_context_th_backup); 76| 0| session_info->session_transcript.digest_context_th_backup = NULL; 77| 0| } 78| 230|#endif 79| | 80| 230| libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t)); 81| 230| libspdm_zero_mem(session_info, offsetof(libspdm_session_info_t, secured_message_context)); 82| 230| libspdm_secured_message_init_context(session_info->secured_message_context); 83| 230| session_info->session_id = session_id; 84| 230| session_info->use_psk = use_psk; 85| 230| libspdm_secured_message_set_use_psk(session_info->secured_message_context, use_psk); 86| 230| libspdm_secured_message_set_session_type(session_info->secured_message_context, session_type); 87| | 88| | /* DSP0277 1.2 explicitly specifies a little-endian sequence number. 1.0 and 1.1 leave it up to 89| | * the Integrator to specify. */ 90| 230| if ((spdm_context->connection_info.secured_message_version >> SPDM_VERSION_NUMBER_SHIFT_BIT) >= ------------------ | | 140| 230|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ | Branch (90:9): [True: 0, False: 230] ------------------ 91| 230| SECURED_SPDM_VERSION_12) { ------------------ | | 59| 230|#define SECURED_SPDM_VERSION_12 0x12 ------------------ 92| 0| libspdm_secured_message_set_sequence_number_endian( 93| 0| session_info->secured_message_context, 94| 0| LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_LITTLE); ------------------ | | 251| 0|#define LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_LITTLE 0 ------------------ 95| 230| } else { 96| 230| libspdm_secured_message_set_sequence_number_endian(session_info->secured_message_context, 97| 230| spdm_context->sequence_number_endian); 98| 230| } 99| | 100| 230| libspdm_secured_message_set_max_spdm_session_sequence_number( 101| 230| session_info->secured_message_context, spdm_context->max_spdm_session_sequence_number); 102| 230| libspdm_secured_message_set_algorithms( 103| 230| session_info->secured_message_context, 104| 230| spdm_context->connection_info.version, 105| 230| spdm_context->connection_info.secured_message_version, 106| 230| spdm_context->connection_info.algorithm.base_hash_algo, 107| 230| spdm_context->connection_info.algorithm.dhe_named_group, 108| 230| spdm_context->connection_info.algorithm.aead_cipher_suite, 109| 230| spdm_context->connection_info.algorithm.key_schedule); 110| 230| session_info->session_transcript.message_encap_d.max_buffer_size = 111| 230| sizeof(session_info->session_transcript.message_encap_d.buffer); 112| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 113| | session_info->session_transcript.message_k.max_buffer_size = 114| | sizeof(session_info->session_transcript.message_k.buffer); 115| | session_info->session_transcript.message_f.max_buffer_size = 116| | sizeof(session_info->session_transcript.message_f.buffer); 117| | session_info->session_transcript.message_m.max_buffer_size = 118| | sizeof(session_info->session_transcript.message_m.buffer); 119| | session_info->session_transcript.message_e.max_buffer_size = 120| | sizeof(session_info->session_transcript.message_e.buffer); 121| | session_info->session_transcript.message_encap_e.max_buffer_size = 122| | sizeof(session_info->session_transcript.message_encap_e.buffer); 123| |#endif 124| 230|} libspdm_get_aead_key_size: 10| 230|{ 11| 230| switch (aead_cipher_suite) { 12| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM: ------------------ | | 417| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM 0x00000001 ------------------ | Branch (12:5): [True: 0, False: 230] ------------------ 13| 0|#if LIBSPDM_AEAD_AES_128_GCM_SUPPORT 14| 0| return 16; 15| |#else 16| | return 0; 17| |#endif 18| 230| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM: ------------------ | | 418| 230|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM 0x00000002 ------------------ | Branch (18:5): [True: 230, False: 0] ------------------ 19| 230|#if LIBSPDM_AEAD_AES_256_GCM_SUPPORT 20| 230| return 32; 21| |#else 22| | return 0; 23| |#endif 24| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305: ------------------ | | 419| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305 0x00000004 ------------------ | Branch (24:5): [True: 0, False: 230] ------------------ 25| 0|#if LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT 26| 0| return 32; 27| |#else 28| | return 0; 29| |#endif 30| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM: ------------------ | | 422| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM 0x00000008 ------------------ | Branch (30:5): [True: 0, False: 230] ------------------ 31| |#if LIBSPDM_AEAD_SM4_128_GCM_SUPPORT 32| | return 16; 33| |#else 34| 0| return 0; 35| 0|#endif 36| 0| default: ------------------ | Branch (36:5): [True: 0, False: 230] ------------------ 37| 0| return 0; 38| 230| } 39| 230|} libspdm_get_aead_iv_size: 42| 230|{ 43| 230| switch (aead_cipher_suite) { 44| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM: ------------------ | | 417| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM 0x00000001 ------------------ | Branch (44:5): [True: 0, False: 230] ------------------ 45| 0|#if LIBSPDM_AEAD_AES_128_GCM_SUPPORT 46| 0| return 12; 47| |#else 48| | return 0; 49| |#endif 50| 230| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM: ------------------ | | 418| 230|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM 0x00000002 ------------------ | Branch (50:5): [True: 230, False: 0] ------------------ 51| 230|#if LIBSPDM_AEAD_AES_256_GCM_SUPPORT 52| 230| return 12; 53| |#else 54| | return 0; 55| |#endif 56| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305: ------------------ | | 419| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305 0x00000004 ------------------ | Branch (56:5): [True: 0, False: 230] ------------------ 57| 0|#if LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT 58| 0| return 12; 59| |#else 60| | return 0; 61| |#endif 62| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM: ------------------ | | 422| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM 0x00000008 ------------------ | Branch (62:5): [True: 0, False: 230] ------------------ 63| |#if LIBSPDM_AEAD_SM4_128_GCM_SUPPORT 64| | return 12; 65| |#else 66| 0| return 0; 67| 0|#endif 68| 0| default: ------------------ | Branch (68:5): [True: 0, False: 230] ------------------ 69| 0| return 0; 70| 230| } 71| 230|} libspdm_get_aead_tag_size: 74| 230|{ 75| 230| switch (aead_cipher_suite) { 76| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM: ------------------ | | 417| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM 0x00000001 ------------------ | Branch (76:5): [True: 0, False: 230] ------------------ 77| 0|#if LIBSPDM_AEAD_AES_128_GCM_SUPPORT 78| 0| return 16; 79| |#else 80| | return 0; 81| |#endif 82| 230| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM: ------------------ | | 418| 230|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM 0x00000002 ------------------ | Branch (82:5): [True: 230, False: 0] ------------------ 83| 230|#if LIBSPDM_AEAD_AES_256_GCM_SUPPORT 84| 230| return 16; 85| |#else 86| | return 0; 87| |#endif 88| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305: ------------------ | | 419| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305 0x00000004 ------------------ | Branch (88:5): [True: 0, False: 230] ------------------ 89| 0|#if LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT 90| 0| return 16; 91| |#else 92| | return 0; 93| |#endif 94| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM: ------------------ | | 422| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM 0x00000008 ------------------ | Branch (94:5): [True: 0, False: 230] ------------------ 95| |#if LIBSPDM_AEAD_SM4_128_GCM_SUPPORT 96| | return 16; 97| |#else 98| 0| return 0; 99| 0|#endif 100| 0| default: ------------------ | Branch (100:5): [True: 0, False: 230] ------------------ 101| 0| return 0; 102| 230| } 103| 230|} libspdm_aead_decryption: 163| 69|{ 164| 69| switch (aead_cipher_suite) { 165| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM: ------------------ | | 417| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM 0x00000001 ------------------ | Branch (165:5): [True: 0, False: 69] ------------------ 166| 69| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM: ------------------ | | 418| 69|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM 0x00000002 ------------------ | Branch (166:5): [True: 69, False: 0] ------------------ 167| 69|#if LIBSPDM_AEAD_GCM_SUPPORT 168| |#if !LIBSPDM_AEAD_AES_128_GCM_SUPPORT 169| | LIBSPDM_ASSERT(aead_cipher_suite != SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM); 170| |#endif 171| |#if !LIBSPDM_AEAD_AES_256_GCM_SUPPORT 172| | LIBSPDM_ASSERT(aead_cipher_suite != SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM); 173| |#endif 174| 69| return libspdm_aead_aes_gcm_decrypt(key, key_size, iv, iv_size, a_data, 175| 69| a_data_size, data_in, data_in_size, tag, 176| 69| tag_size, data_out, data_out_size); 177| |#else 178| | LIBSPDM_ASSERT(false); 179| | return false; 180| |#endif 181| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305: ------------------ | | 419| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305 0x00000004 ------------------ | Branch (181:5): [True: 0, False: 69] ------------------ 182| 0|#if LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT 183| 0| return libspdm_aead_chacha20_poly1305_decrypt(key, key_size, iv, iv_size, a_data, 184| 0| a_data_size, data_in, data_in_size, tag, 185| 0| tag_size, data_out, data_out_size); 186| |#else 187| | LIBSPDM_ASSERT(false); 188| | return false; 189| |#endif 190| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM: ------------------ | | 422| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM 0x00000008 ------------------ | Branch (190:5): [True: 0, False: 69] ------------------ 191| |#if LIBSPDM_AEAD_SM4_SUPPORT 192| | return libspdm_aead_sm4_gcm_decrypt(key, key_size, iv, iv_size, a_data, 193| | a_data_size, data_in, data_in_size, tag, 194| | tag_size, data_out, data_out_size); 195| |#else 196| 0| LIBSPDM_ASSERT(false); 197| 0| return false; 198| 0|#endif 199| 0| default: ------------------ | Branch (199:5): [True: 0, False: 69] ------------------ 200| 0| LIBSPDM_ASSERT(false); 201| 0| return false; 202| 69| } 203| 69|} libspdm_get_dhe_pub_key_size: 17| 230|{ 18| 230| switch (dhe_named_group) { 19| 0| case SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_2048: ------------------ | | 406| 0|#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_2048 0x00000001 ------------------ | Branch (19:5): [True: 0, False: 230] ------------------ 20| 0|#if LIBSPDM_FFDHE_2048_SUPPORT 21| 0| return 256; 22| |#else 23| | return 0; 24| |#endif 25| 0| case SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_3072: ------------------ | | 407| 0|#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_3072 0x00000002 ------------------ | Branch (25:5): [True: 0, False: 230] ------------------ 26| 0|#if LIBSPDM_FFDHE_3072_SUPPORT 27| 0| return 384; 28| |#else 29| | return 0; 30| |#endif 31| 0| case SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_4096: ------------------ | | 408| 0|#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_4096 0x00000004 ------------------ | Branch (31:5): [True: 0, False: 230] ------------------ 32| 0|#if LIBSPDM_FFDHE_4096_SUPPORT 33| 0| return 512; 34| |#else 35| | return 0; 36| |#endif 37| 230| case SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_256_R1: ------------------ | | 409| 230|#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_256_R1 0x00000008 ------------------ | Branch (37:5): [True: 230, False: 0] ------------------ 38| 230|#if LIBSPDM_ECDHE_P256_SUPPORT 39| 230| return 32 * 2; 40| |#else 41| | return 0; 42| |#endif 43| 0| case SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_384_R1: ------------------ | | 410| 0|#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_384_R1 0x00000010 ------------------ | Branch (43:5): [True: 0, False: 230] ------------------ 44| 0|#if LIBSPDM_ECDHE_P384_SUPPORT 45| 0| return 48 * 2; 46| |#else 47| | return 0; 48| |#endif 49| 0| case SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_521_R1: ------------------ | | 411| 0|#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_521_R1 0x00000020 ------------------ | Branch (49:5): [True: 0, False: 230] ------------------ 50| 0|#if LIBSPDM_ECDHE_P521_SUPPORT 51| 0| return 66 * 2; 52| |#else 53| | return 0; 54| |#endif 55| 0| case SPDM_ALGORITHMS_DHE_NAMED_GROUP_SM2_P256: ------------------ | | 414| 0|#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SM2_P256 0x00000040 ------------------ | Branch (55:5): [True: 0, False: 230] ------------------ 56| |#if LIBSPDM_SM2_KEY_EXCHANGE_P256_SUPPORT 57| | return 32 * 2; 58| |#else 59| 0| return 0; 60| 0|#endif 61| 0| default: ------------------ | Branch (61:5): [True: 0, False: 230] ------------------ 62| 0| return 0; 63| 230| } 64| 230|} libspdm_get_hash_size: 10| 230|{ 11| 230| switch (base_hash_algo) { 12| 230| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256: ------------------ | | 391| 230|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 0x00000001 ------------------ | Branch (12:5): [True: 230, False: 0] ------------------ 13| 230|#if LIBSPDM_SHA256_SUPPORT 14| 230| return 32; 15| |#else 16| | return 0; 17| |#endif 18| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256: ------------------ | | 394| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 0x00000008 ------------------ | Branch (18:5): [True: 0, False: 230] ------------------ 19| 0|#if LIBSPDM_SHA3_256_SUPPORT 20| 0| return 32; 21| |#else 22| | return 0; 23| |#endif 24| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384: ------------------ | | 392| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 0x00000002 ------------------ | Branch (24:5): [True: 0, False: 230] ------------------ 25| 0|#if LIBSPDM_SHA384_SUPPORT 26| 0| return 48; 27| |#else 28| | return 0; 29| |#endif 30| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384: ------------------ | | 395| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 0x00000010 ------------------ | Branch (30:5): [True: 0, False: 230] ------------------ 31| 0|#if LIBSPDM_SHA3_384_SUPPORT 32| 0| return 48; 33| |#else 34| | return 0; 35| |#endif 36| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512: ------------------ | | 393| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512 0x00000004 ------------------ | Branch (36:5): [True: 0, False: 230] ------------------ 37| 0|#if LIBSPDM_SHA512_SUPPORT 38| 0| return 64; 39| |#else 40| | return 0; 41| |#endif 42| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512: ------------------ | | 396| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 0x00000020 ------------------ | Branch (42:5): [True: 0, False: 230] ------------------ 43| 0|#if LIBSPDM_SHA3_512_SUPPORT 44| 0| return 64; 45| |#else 46| | return 0; 47| |#endif 48| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256: ------------------ | | 401| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256 0x00000040 ------------------ | Branch (48:5): [True: 0, False: 230] ------------------ 49| |#if LIBSPDM_SM3_256_SUPPORT 50| | return 32; 51| |#else 52| 0| return 0; 53| 0|#endif 54| 0| default: ------------------ | Branch (54:5): [True: 0, False: 230] ------------------ 55| 0| return 0; 56| 230| } 57| 230|} libspdm_secured_message_get_context_size: 15| 460|{ 16| 460| return sizeof(libspdm_secured_message_context_t); 17| 460|} libspdm_secured_message_init_context: 27| 1.15k|{ 28| 1.15k| libspdm_secured_message_context_t *secured_message_context; 29| | 30| 1.15k| secured_message_context = spdm_secured_message_context; 31| 1.15k| libspdm_zero_mem(secured_message_context, sizeof(libspdm_secured_message_context_t)); 32| 1.15k|} libspdm_secured_message_set_use_psk: 41| 230|{ 42| 230| libspdm_secured_message_context_t *secured_message_context; 43| | 44| 230| secured_message_context = spdm_secured_message_context; 45| 230| secured_message_context->use_psk = use_psk; 46| 230|} libspdm_secured_message_set_session_type: 94| 230|{ 95| 230| libspdm_secured_message_context_t *secured_message_context; 96| | 97| 230| secured_message_context = spdm_secured_message_context; 98| 230| secured_message_context->session_type = session_type; 99| 230|} libspdm_secured_message_set_algorithms: 117| 230|{ 118| 230| libspdm_secured_message_context_t *secured_message_context; 119| | 120| 230| secured_message_context = spdm_secured_message_context; 121| 230| secured_message_context->version = version; 122| 230| secured_message_context->secured_message_version = secured_message_version; 123| 230| secured_message_context->base_hash_algo = base_hash_algo; 124| 230| secured_message_context->dhe_named_group = dhe_named_group; 125| 230| secured_message_context->aead_cipher_suite = aead_cipher_suite; 126| 230| secured_message_context->key_schedule = key_schedule; 127| | 128| 230| secured_message_context->hash_size = 129| 230| libspdm_get_hash_size(secured_message_context->base_hash_algo); 130| 230| secured_message_context->dhe_key_size = libspdm_get_dhe_pub_key_size( 131| 230| secured_message_context->dhe_named_group); 132| 230| secured_message_context->aead_key_size = libspdm_get_aead_key_size( 133| 230| secured_message_context->aead_cipher_suite); 134| 230| secured_message_context->aead_iv_size = libspdm_get_aead_iv_size( 135| 230| secured_message_context->aead_cipher_suite); 136| 230| secured_message_context->aead_tag_size = libspdm_get_aead_tag_size( 137| 230| secured_message_context->aead_cipher_suite); 138| 230|} libspdm_secured_message_set_max_spdm_session_sequence_number: 167| 230|{ 168| 230| libspdm_secured_message_context_t *secured_message_context; 169| | 170| 230| secured_message_context = spdm_secured_message_context; 171| 230| secured_message_context->max_spdm_session_sequence_number = max_spdm_session_sequence_number; 172| 230|} libspdm_secured_message_set_sequence_number_endian: 177| 230|{ 178| 230| libspdm_secured_message_context_t *secured_message_context; 179| | 180| 230| secured_message_context = spdm_secured_message_context; 181| 230| secured_message_context->sequence_number_endian = endian_value; 182| 230|} libspdm_secured_message_set_last_spdm_error_struct: 407| 460|{ 408| 460| libspdm_secured_message_context_t *secured_message_context; 409| | 410| 460| secured_message_context = spdm_secured_message_context; 411| 460| libspdm_copy_mem(&secured_message_context->last_spdm_error, 412| 460| sizeof(secured_message_context->last_spdm_error), 413| 460| last_spdm_error, 414| 460| sizeof(libspdm_error_struct_t)); 415| 460|} libspdm_decode_secured_message: 345| 230|{ 346| 230| libspdm_secured_message_context_t *secured_message_context; 347| 230| size_t plain_text_size; 348| 230| size_t cipher_text_size; 349| 230| size_t aead_tag_size; 350| 230| size_t aead_key_size; 351| 230| size_t aead_iv_size; 352| 230| const uint8_t *a_data; 353| 230| const uint8_t *enc_msg; 354| 230| uint8_t *dec_msg; 355| 230| const uint8_t *tag; 356| 230| spdm_secured_message_a_data_header1_t *record_header1; 357| 230| spdm_secured_message_a_data_header2_t *record_header2; 358| 230| size_t record_header_size; 359| 230| spdm_secured_message_cipher_header_t *enc_msg_header; 360| 230| bool result; 361| 230| const uint8_t *key; 362| 230| uint8_t *salt; 363| 230| uint8_t iv[LIBSPDM_MAX_AEAD_IV_SIZE]; 364| 230| uint64_t sequence_number; 365| 230| uint64_t sequence_num_in_header; 366| 230| uint8_t sequence_num_in_header_size; 367| 230| libspdm_session_type_t session_type; 368| 230| libspdm_session_state_t session_state; 369| 230| libspdm_error_struct_t spdm_error; 370| 230| spdm_version_number_t secured_spdm_version; 371| 230| uint8_t version; 372| | 373| 230| spdm_error.error_code = 0; 374| 230| spdm_error.session_id = 0; 375| 230| libspdm_secured_message_set_last_spdm_error_struct(spdm_secured_message_context, &spdm_error); 376| | 377| 230| spdm_error.error_code = SPDM_ERROR_CODE_DECRYPT_ERROR; ------------------ | | 866| 230|#define SPDM_ERROR_CODE_DECRYPT_ERROR 0x06 ------------------ 378| 230| spdm_error.session_id = session_id; 379| | 380| 230| secured_message_context = spdm_secured_message_context; 381| 230| secured_spdm_version = spdm_secured_message_callbacks->get_secured_spdm_version( 382| 230| secured_message_context->secured_message_version); 383| 230| version = (uint8_t)(secured_spdm_version >> SPDM_VERSION_NUMBER_SHIFT_BIT); ------------------ | | 140| 230|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 384| 230| if (version > SECURED_SPDM_VERSION_12) { ------------------ | | 59| 230|#define SECURED_SPDM_VERSION_12 0x12 ------------------ | Branch (384:9): [True: 0, False: 230] ------------------ 385| 0| return LIBSPDM_STATUS_UNSUPPORTED_CAP; ------------------ | | 78| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0002) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 386| 0| } 387| | 388| 230| session_type = secured_message_context->session_type; 389| 230| LIBSPDM_ASSERT((session_type == LIBSPDM_SESSION_TYPE_MAC_ONLY) || 390| 230| (session_type == LIBSPDM_SESSION_TYPE_ENC_MAC)); 391| 230| session_state = secured_message_context->session_state; 392| 230| LIBSPDM_ASSERT((session_state == LIBSPDM_SESSION_STATE_HANDSHAKING) || 393| 230| (session_state == LIBSPDM_SESSION_STATE_ESTABLISHED)); 394| | 395| 230| aead_tag_size = secured_message_context->aead_tag_size; 396| 230| aead_key_size = secured_message_context->aead_key_size; 397| 230| aead_iv_size = secured_message_context->aead_iv_size; 398| | 399| 230| switch (session_state) { 400| 230| case LIBSPDM_SESSION_STATE_HANDSHAKING: ------------------ | Branch (400:5): [True: 230, False: 0] ------------------ 401| 230| if (is_request_message) { ------------------ | Branch (401:13): [True: 0, False: 230] ------------------ 402| 0| key = (const uint8_t *)secured_message_context->handshake_secret. 403| 0| request_handshake_encryption_key; 404| 0| salt = (uint8_t *)secured_message_context->handshake_secret. 405| 0| request_handshake_salt; 406| 0| sequence_number = 407| 0| secured_message_context->handshake_secret.request_handshake_sequence_number; 408| 230| } else { 409| 230| key = (const uint8_t *)secured_message_context->handshake_secret. 410| 230| response_handshake_encryption_key; 411| 230| salt = (uint8_t *)secured_message_context->handshake_secret. 412| 230| response_handshake_salt; 413| 230| sequence_number = 414| 230| secured_message_context->handshake_secret.response_handshake_sequence_number; 415| 230| } 416| 230| break; 417| 0| case LIBSPDM_SESSION_STATE_ESTABLISHED: ------------------ | Branch (417:5): [True: 0, False: 230] ------------------ 418| 0| if (is_request_message) { ------------------ | Branch (418:13): [True: 0, False: 0] ------------------ 419| 0| key = (const uint8_t *)secured_message_context->application_secret. 420| 0| request_data_encryption_key; 421| 0| salt = (uint8_t *)secured_message_context->application_secret. 422| 0| request_data_salt; 423| 0| sequence_number = 424| 0| secured_message_context->application_secret.request_data_sequence_number; 425| 0| } else { 426| 0| key = (const uint8_t *)secured_message_context->application_secret. 427| 0| response_data_encryption_key; 428| 0| salt = (uint8_t *)secured_message_context->application_secret. 429| 0| response_data_salt; 430| 0| sequence_number = 431| 0| secured_message_context->application_secret.response_data_sequence_number; 432| 0| } 433| 0| break; 434| 0| default: ------------------ | Branch (434:5): [True: 0, False: 230] ------------------ 435| 0| LIBSPDM_ASSERT(false); 436| 0| return LIBSPDM_STATUS_INVALID_STATE_LOCAL; ------------------ | | 82| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0003) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 437| 230| } 438| | 439| 230| if (sequence_number >= secured_message_context->max_spdm_session_sequence_number) { ------------------ | Branch (439:9): [True: 0, False: 230] ------------------ 440| 0| libspdm_secured_message_set_last_spdm_error_struct( 441| 0| spdm_secured_message_context, &spdm_error); 442| 0| return LIBSPDM_STATUS_SEQUENCE_NUMBER_OVERFLOW; ------------------ | | 164| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0002) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 443| 0| } 444| | 445| 230| generate_iv(sequence_number, iv, salt, aead_iv_size, 446| 230| secured_message_context->sequence_number_endian); 447| | 448| 230| sequence_num_in_header = 0; 449| 230| sequence_num_in_header_size = 450| 230| spdm_secured_message_callbacks->get_sequence_number( 451| 230| sequence_number, (uint8_t *)&sequence_num_in_header); 452| 230| LIBSPDM_ASSERT(sequence_num_in_header_size <= sizeof(sequence_num_in_header)); 453| | 454| 230| if (session_state == LIBSPDM_SESSION_STATE_HANDSHAKING) { ------------------ | Branch (454:9): [True: 230, False: 0] ------------------ 455| 230| if (is_request_message) { ------------------ | Branch (455:13): [True: 0, False: 230] ------------------ 456| 0| secured_message_context->handshake_secret.request_handshake_sequence_number++; 457| 230| } else { 458| 230| secured_message_context->handshake_secret.response_handshake_sequence_number++; 459| 230| } 460| 230| } else { 461| 0| if (is_request_message) { ------------------ | Branch (461:13): [True: 0, False: 0] ------------------ 462| 0| secured_message_context->application_secret.request_data_sequence_number++; 463| 0| } else { 464| 0| secured_message_context->application_secret.response_data_sequence_number++; 465| 0| } 466| 0| } 467| | 468| 230| record_header_size = sizeof(spdm_secured_message_a_data_header1_t) + 469| 230| sequence_num_in_header_size + 470| 230| sizeof(spdm_secured_message_a_data_header2_t); 471| | 472| 230| switch (session_type) { 473| 0| case LIBSPDM_SESSION_TYPE_ENC_MAC: ------------------ | Branch (473:5): [True: 0, False: 230] ------------------ 474| 0| if (secured_message_size < record_header_size + aead_tag_size) { ------------------ | Branch (474:13): [True: 0, False: 0] ------------------ 475| 0| libspdm_secured_message_set_last_spdm_error_struct( 476| 0| spdm_secured_message_context, &spdm_error); 477| 0| return LIBSPDM_STATUS_INVALID_MSG_SIZE; ------------------ | | 94| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0006) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 478| 0| } 479| 0| record_header1 = secured_message; 480| 0| record_header2 = 481| 0| (void *)((uint8_t *)record_header1 + 482| 0| sizeof(spdm_secured_message_a_data_header1_t) + 483| 0| sequence_num_in_header_size); 484| 0| if (record_header1->session_id != session_id) { ------------------ | Branch (484:13): [True: 0, False: 0] ------------------ 485| 0| libspdm_secured_message_set_last_spdm_error_struct( 486| 0| spdm_secured_message_context, &spdm_error); 487| 0| return LIBSPDM_STATUS_INVALID_MSG_FIELD; ------------------ | | 90| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0005) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 488| 0| } 489| 0| if (!libspdm_consttime_is_mem_equal(record_header1 + 1, &sequence_num_in_header, ------------------ | Branch (489:13): [True: 0, False: 0] ------------------ 490| 0| sequence_num_in_header_size)) { 491| 0| libspdm_secured_message_set_last_spdm_error_struct( 492| 0| spdm_secured_message_context, &spdm_error); 493| 0| return LIBSPDM_STATUS_INVALID_MSG_FIELD; ------------------ | | 90| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0005) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 494| 0| } 495| 0| if (record_header2->length > secured_message_size - record_header_size) { ------------------ | Branch (495:13): [True: 0, False: 0] ------------------ 496| 0| libspdm_secured_message_set_last_spdm_error_struct( 497| 0| spdm_secured_message_context, &spdm_error); 498| 0| return LIBSPDM_STATUS_INVALID_MSG_SIZE; ------------------ | | 94| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0006) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 499| 0| } 500| 0| if (record_header2->length < aead_tag_size) { ------------------ | Branch (500:13): [True: 0, False: 0] ------------------ 501| 0| libspdm_secured_message_set_last_spdm_error_struct( 502| 0| spdm_secured_message_context, &spdm_error); 503| 0| return LIBSPDM_STATUS_INVALID_MSG_SIZE; ------------------ | | 94| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0006) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 504| 0| } 505| 0| cipher_text_size = (record_header2->length - aead_tag_size); 506| 0| if (cipher_text_size > *app_message_size) { ------------------ | Branch (506:13): [True: 0, False: 0] ------------------ 507| 0| return LIBSPDM_STATUS_BUFFER_TOO_SMALL; ------------------ | | 122| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x000d) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 508| 0| } 509| 0| libspdm_zero_mem(*app_message, *app_message_size); 510| 0| enc_msg_header = (void *)(record_header2 + 1); 511| 0| a_data = (const uint8_t *)record_header1; 512| 0| enc_msg = (const uint8_t *)enc_msg_header; 513| 0| dec_msg = (uint8_t *)*app_message; 514| 0| enc_msg_header = (void *)dec_msg; 515| 0| tag = (const uint8_t *)record_header1 + record_header_size + cipher_text_size; 516| | 517| 0| result = libspdm_aead_decryption( 518| 0| secured_message_context->secured_message_version, 519| 0| secured_message_context->aead_cipher_suite, key, 520| 0| aead_key_size, iv, aead_iv_size, a_data, 521| 0| record_header_size, enc_msg, cipher_text_size, tag, 522| 0| aead_tag_size, dec_msg, &cipher_text_size); 523| | 524| | /* When the sequence number is 0 then it has the same encoding in both 525| | * big and little endian. The endianness can only be determined on the subsequent 526| | * decryption. */ 527| 0| if (!is_sequence_number_endian_determined( ------------------ | Branch (527:13): [True: 0, False: 0] ------------------ 528| 0| secured_message_context->sequence_number_endian) && (sequence_number == 1)) { ------------------ | Branch (528:69): [True: 0, False: 0] ------------------ 529| | 530| 0| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "Sequence number endianness is not determined.\n")); 531| 0| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "Attempting to determine endianness.\n")); 532| | 533| 0| if (result) { ------------------ | Branch (533:17): [True: 0, False: 0] ------------------ 534| | /* Endianness is correct so set the endianness. */ 535| 0| if (secured_message_context->sequence_number_endian == ------------------ | Branch (535:21): [True: 0, False: 0] ------------------ 536| 0| LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_BOTH) { ------------------ | | 252| 0|#define LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_BOTH 1 ------------------ 537| 0| secured_message_context->sequence_number_endian = 538| 0| LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_LITTLE; ------------------ | | 251| 0|#define LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_LITTLE 0 ------------------ 539| 0| } else { 540| 0| secured_message_context->sequence_number_endian = 541| 0| LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_BIG_DEC_BIG; ------------------ | | 253| 0|#define LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_BIG_DEC_BIG 2 ------------------ 542| 0| } 543| 0| } else { 544| | /* Endianness may be incorrect so try with the opposite endianness. */ 545| 0| generate_iv(sequence_number, iv, salt, aead_iv_size, 546| 0| swap_endian(secured_message_context->sequence_number_endian)); 547| | 548| 0| result = libspdm_aead_decryption( 549| 0| secured_message_context->secured_message_version, 550| 0| secured_message_context->aead_cipher_suite, key, 551| 0| aead_key_size, iv, aead_iv_size, a_data, 552| 0| record_header_size, enc_msg, cipher_text_size, tag, 553| 0| aead_tag_size, dec_msg, &cipher_text_size); 554| | 555| 0| if (result) { ------------------ | Branch (555:21): [True: 0, False: 0] ------------------ 556| | /* Endianness is correct so set the endianness. */ 557| 0| secured_message_context->sequence_number_endian = 558| 0| swap_endian(secured_message_context->sequence_number_endian); 559| 0| } 560| 0| } 561| 0| } 562| | 563| 0| if (!result) { ------------------ | Branch (563:13): [True: 0, False: 0] ------------------ 564| | /* Backup keys are valid, fail and alert rollback and retry is possible. */ 565| 0| if ((is_request_message && secured_message_context->requester_backup_valid) || ------------------ | Branch (565:18): [True: 0, False: 0] | Branch (565:40): [True: 0, False: 0] ------------------ 566| 0| ((!is_request_message) && secured_message_context->responder_backup_valid)) { ------------------ | Branch (566:18): [True: 0, False: 0] | Branch (566:43): [True: 0, False: 0] ------------------ 567| 0| return LIBSPDM_STATUS_SESSION_TRY_DISCARD_KEY_UPDATE; ------------------ | | 138| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0011) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 568| 0| } 569| | 570| 0| libspdm_secured_message_set_last_spdm_error_struct( 571| 0| spdm_secured_message_context, &spdm_error); 572| 0| return LIBSPDM_STATUS_CRYPTO_ERROR; ------------------ | | 156| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 573| 0| } 574| 0| plain_text_size = enc_msg_header->application_data_length; 575| 0| if (plain_text_size > cipher_text_size) { ------------------ | Branch (575:13): [True: 0, False: 0] ------------------ 576| 0| libspdm_secured_message_set_last_spdm_error_struct( 577| 0| spdm_secured_message_context, &spdm_error); 578| 0| return LIBSPDM_STATUS_INVALID_MSG_SIZE; ------------------ | | 94| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0006) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 579| 0| } 580| | 581| 0| LIBSPDM_ASSERT(*app_message_size >= plain_text_size); 582| 0| *app_message = enc_msg_header + 1; 583| 0| *app_message_size = plain_text_size; 584| 0| break; 585| | 586| 230| case LIBSPDM_SESSION_TYPE_MAC_ONLY: ------------------ | Branch (586:5): [True: 230, False: 0] ------------------ 587| 230| if (secured_message_size < record_header_size + aead_tag_size) { ------------------ | Branch (587:13): [True: 9, False: 221] ------------------ 588| 9| libspdm_secured_message_set_last_spdm_error_struct( 589| 9| spdm_secured_message_context, &spdm_error); 590| 9| return LIBSPDM_STATUS_INVALID_MSG_SIZE; ------------------ | | 94| 9| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0006) | | ------------------ | | | | 55| 9| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 591| 9| } 592| 221| record_header1 = secured_message; 593| 221| record_header2 = 594| 221| (void *)((uint8_t *)record_header1 + 595| 221| sizeof(spdm_secured_message_a_data_header1_t) + 596| 221| sequence_num_in_header_size); 597| 221| if (record_header1->session_id != session_id) { ------------------ | Branch (597:13): [True: 101, False: 120] ------------------ 598| 101| libspdm_secured_message_set_last_spdm_error_struct( 599| 101| spdm_secured_message_context, &spdm_error); 600| 101| return LIBSPDM_STATUS_INVALID_MSG_FIELD; ------------------ | | 90| 101| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0005) | | ------------------ | | | | 55| 101| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 601| 101| } 602| 120| if (!libspdm_consttime_is_mem_equal(record_header1 + 1, &sequence_num_in_header, ------------------ | Branch (602:13): [True: 13, False: 107] ------------------ 603| 120| sequence_num_in_header_size)) { 604| 13| libspdm_secured_message_set_last_spdm_error_struct( 605| 13| spdm_secured_message_context, &spdm_error); 606| 13| return LIBSPDM_STATUS_INVALID_MSG_FIELD; ------------------ | | 90| 13| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0005) | | ------------------ | | | | 55| 13| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 607| 13| } 608| 107| if (record_header2->length > ------------------ | Branch (608:13): [True: 32, False: 75] ------------------ 609| 107| secured_message_size - record_header_size) { 610| 32| libspdm_secured_message_set_last_spdm_error_struct( 611| 32| spdm_secured_message_context, &spdm_error); 612| 32| return LIBSPDM_STATUS_INVALID_MSG_SIZE; ------------------ | | 94| 32| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0006) | | ------------------ | | | | 55| 32| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 613| 32| } 614| 75| if (record_header2->length < aead_tag_size) { ------------------ | Branch (614:13): [True: 6, False: 69] ------------------ 615| 6| libspdm_secured_message_set_last_spdm_error_struct( 616| 6| spdm_secured_message_context, &spdm_error); 617| 6| return LIBSPDM_STATUS_INVALID_MSG_SIZE; ------------------ | | 94| 6| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0006) | | ------------------ | | | | 55| 6| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 618| 6| } 619| 69| a_data = (uint8_t *)record_header1; 620| 69| tag = (uint8_t *)record_header1 + record_header_size + 621| 69| record_header2->length - aead_tag_size; 622| | 623| 69| result = libspdm_aead_decryption( 624| 69| secured_message_context->secured_message_version, 625| 69| secured_message_context->aead_cipher_suite, key, 626| 69| aead_key_size, iv, aead_iv_size, a_data, 627| 69| record_header_size + record_header2->length - aead_tag_size, 628| 69| NULL, 0, tag, aead_tag_size, NULL, NULL); 629| | 630| | /* When the sequence number is 0 then it has the same encoding in both 631| | * big and little endian. The endianness can only be determined on the subsequent 632| | * decryption. */ 633| 69| if (!is_sequence_number_endian_determined( ------------------ | Branch (633:13): [True: 0, False: 69] ------------------ 634| 69| secured_message_context->sequence_number_endian) && (sequence_number == 1)) { ------------------ | Branch (634:69): [True: 0, False: 0] ------------------ 635| 0| if (result) { ------------------ | Branch (635:17): [True: 0, False: 0] ------------------ 636| | /* Endianness is correct so set the endianness. */ 637| 0| if (secured_message_context->sequence_number_endian == ------------------ | Branch (637:21): [True: 0, False: 0] ------------------ 638| 0| LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_BOTH) { ------------------ | | 252| 0|#define LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_BOTH 1 ------------------ 639| 0| secured_message_context->sequence_number_endian = 640| 0| LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_LITTLE; ------------------ | | 251| 0|#define LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_LITTLE 0 ------------------ 641| 0| } else { 642| 0| secured_message_context->sequence_number_endian = 643| 0| LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_BIG_DEC_BIG; ------------------ | | 253| 0|#define LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_BIG_DEC_BIG 2 ------------------ 644| 0| } 645| 0| } else { 646| | /* Endianness may be incorrect so try with the opposite endianness. */ 647| 0| generate_iv(sequence_number, iv, salt, aead_iv_size, 648| 0| swap_endian(secured_message_context->sequence_number_endian)); 649| | 650| 0| result = libspdm_aead_decryption( 651| 0| secured_message_context->secured_message_version, 652| 0| secured_message_context->aead_cipher_suite, key, 653| 0| aead_key_size, iv, aead_iv_size, a_data, 654| 0| record_header_size + record_header2->length - aead_tag_size, 655| 0| NULL, 0, tag, aead_tag_size, NULL, NULL); 656| | 657| 0| if (result) { ------------------ | Branch (657:21): [True: 0, False: 0] ------------------ 658| | /* Endianness is correct so set the endianness. */ 659| 0| secured_message_context->sequence_number_endian = 660| 0| swap_endian(secured_message_context->sequence_number_endian); 661| 0| } 662| 0| } 663| 0| } 664| | 665| 69| if (!result) { ------------------ | Branch (665:13): [True: 69, False: 0] ------------------ 666| | /* Backup keys are valid, fail and alert rollback and retry is possible. */ 667| 69| if ((is_request_message && secured_message_context->requester_backup_valid) || ------------------ | Branch (667:18): [True: 0, False: 69] | Branch (667:40): [True: 0, False: 0] ------------------ 668| 69| ((!is_request_message) && secured_message_context->responder_backup_valid)) { ------------------ | Branch (668:18): [True: 69, False: 0] | Branch (668:43): [True: 0, False: 69] ------------------ 669| 0| return LIBSPDM_STATUS_SESSION_TRY_DISCARD_KEY_UPDATE; ------------------ | | 138| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0011) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 670| 0| } 671| | 672| 69| libspdm_secured_message_set_last_spdm_error_struct( 673| 69| spdm_secured_message_context, &spdm_error); 674| 69| return LIBSPDM_STATUS_CRYPTO_ERROR; ------------------ | | 156| 69| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0000) | | ------------------ | | | | 55| 69| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 675| 69| } 676| | 677| 0| plain_text_size = record_header2->length - aead_tag_size; 678| 0| LIBSPDM_ASSERT(*app_message_size >= plain_text_size); 679| 0| *app_message = record_header2 + 1; 680| 0| *app_message_size = plain_text_size; 681| 0| break; 682| | 683| 0| default: ------------------ | Branch (683:5): [True: 0, False: 230] ------------------ 684| 0| LIBSPDM_ASSERT(false); 685| 0| return LIBSPDM_STATUS_UNSUPPORTED_CAP; ------------------ | | 78| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0002) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 686| 230| } 687| | 688| 0| return LIBSPDM_STATUS_SUCCESS; ------------------ | | 59| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_SUCCESS, LIBSPDM_SOURCE_SUCCESS, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 689| 230|} libspdm_secmes_encode_decode.c:generate_iv: 11| 230|{ 12| 230| uint8_t iv_temp[LIBSPDM_MAX_AEAD_IV_SIZE]; 13| 230| size_t index; 14| | 15| | /* Form the AEAD IV from the salt and the sequence number. */ 16| 230| libspdm_copy_mem(iv, LIBSPDM_MAX_AEAD_IV_SIZE, salt, aead_iv_size); ------------------ | | 74| 230|#define LIBSPDM_MAX_AEAD_IV_SIZE 12 ------------------ 17| | 18| 230| switch (endian) { ------------------ | Branch (18:13): [True: 0, False: 230] ------------------ 19| 230| case LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_LITTLE: ------------------ | | 251| 230|#define LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_LITTLE 0 ------------------ | Branch (19:5): [True: 230, False: 0] ------------------ 20| 230| case LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_BOTH: ------------------ | | 252| 230|#define LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_BOTH 1 ------------------ | Branch (20:5): [True: 0, False: 230] ------------------ 21| | /* If little-endian then the sequence number is zero-extended to the higher indices. 22| | * The sequence number begins at the lowest index (0). */ 23| 230| libspdm_copy_mem(iv_temp, sizeof(iv_temp), &sequence_number, sizeof(sequence_number)); 24| 2.07k| for (index = 0; index < sizeof(sequence_number); index++) { ------------------ | Branch (24:25): [True: 1.84k, False: 230] ------------------ 25| 1.84k| iv[index] = iv[index] ^ iv_temp[index]; 26| 1.84k| } 27| 230| break; 28| 0| case LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_BIG_DEC_BIG: ------------------ | | 253| 0|#define LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_BIG_DEC_BIG 2 ------------------ | Branch (28:5): [True: 0, False: 230] ------------------ 29| 0| case LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_BIG_DEC_BOTH: ------------------ | | 254| 0|#define LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_BIG_DEC_BOTH 3 ------------------ | Branch (29:5): [True: 0, False: 230] ------------------ 30| | /* If big-endian then the sequence number is zero-extended to the lower indices. 31| | * The sequence number ends at the highest index (aead_size - 1). */ 32| 0| sequence_number = libspdm_le_to_be_64(sequence_number); 33| 0| libspdm_copy_mem(iv_temp + (aead_iv_size - sizeof(sequence_number)), 34| 0| aead_iv_size, 35| 0| &sequence_number, 36| 0| sizeof(sequence_number)); 37| 0| for (index = aead_iv_size - sizeof(sequence_number); index < aead_iv_size; index++) { ------------------ | Branch (37:62): [True: 0, False: 0] ------------------ 38| 0| iv[index] = iv[index] ^ iv_temp[index]; 39| 0| } 40| 0| break; 41| 230| } 42| 230|} libspdm_secmes_encode_decode.c:is_sequence_number_endian_determined: 58| 69|{ 59| 69| return ((endian == LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_BIG_DEC_BIG) || ------------------ | | 253| 69|#define LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_BIG_DEC_BIG 2 ------------------ | Branch (59:13): [True: 0, False: 69] ------------------ 60| 69| (endian == LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_LITTLE)) ? true : false; ------------------ | | 251| 69|#define LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_LITTLE 0 ------------------ | Branch (60:13): [True: 69, False: 0] ------------------ 61| 69|} libspdm_mctp_get_sequence_number: 28| 230|{ 29| 230| libspdm_copy_mem(sequence_number_buffer, LIBSPDM_MCTP_SEQUENCE_NUMBER_COUNT, ------------------ | | 19| 230|#define LIBSPDM_MCTP_SEQUENCE_NUMBER_COUNT 2 ------------------ 30| 230| &sequence_number, LIBSPDM_MCTP_SEQUENCE_NUMBER_COUNT); ------------------ | | 19| 230|#define LIBSPDM_MCTP_SEQUENCE_NUMBER_COUNT 2 ------------------ 31| 230| return LIBSPDM_MCTP_SEQUENCE_NUMBER_COUNT; ------------------ | | 19| 230|#define LIBSPDM_MCTP_SEQUENCE_NUMBER_COUNT 2 ------------------ 32| 230|} libspdm_mctp_get_secured_spdm_version: 58| 230|{ 59| | /* DSP0276 uses the same version number as DSP0277 */ 60| 230| return secured_message_version; 61| 230|} libspdm_aead_aes_gcm_decrypt: 134| 69|{ 135| 69| mbedtls_gcm_context ctx; 136| 69| int ret; 137| | 138| 69| if (data_in_size > INT_MAX) { ------------------ | Branch (138:9): [True: 0, False: 69] ------------------ 139| 0| return false; 140| 0| } 141| 69| if (a_data_size > INT_MAX) { ------------------ | Branch (141:9): [True: 0, False: 69] ------------------ 142| 0| return false; 143| 0| } 144| 69| if (iv_size != 12) { ------------------ | Branch (144:9): [True: 0, False: 69] ------------------ 145| 0| return false; 146| 0| } 147| 69| switch (key_size) { 148| 0| case 16: ------------------ | Branch (148:5): [True: 0, False: 69] ------------------ 149| 0| case 24: ------------------ | Branch (149:5): [True: 0, False: 69] ------------------ 150| 69| case 32: ------------------ | Branch (150:5): [True: 69, False: 0] ------------------ 151| 69| break; 152| 0| default: ------------------ | Branch (152:5): [True: 0, False: 69] ------------------ 153| 0| return false; 154| 69| } 155| 69| if ((tag_size != 12) && (tag_size != 13) && (tag_size != 14) && ------------------ | Branch (155:9): [True: 69, False: 0] | Branch (155:29): [True: 69, False: 0] | Branch (155:49): [True: 69, False: 0] ------------------ 156| 69| (tag_size != 15) && (tag_size != 16)) { ------------------ | Branch (156:9): [True: 69, False: 0] | Branch (156:29): [True: 0, False: 69] ------------------ 157| 0| return false; 158| 0| } 159| 69| if (data_out_size != NULL) { ------------------ | Branch (159:9): [True: 0, False: 69] ------------------ 160| 0| if ((*data_out_size > INT_MAX) || ------------------ | Branch (160:13): [True: 0, False: 0] ------------------ 161| 0| (*data_out_size < data_in_size)) { ------------------ | Branch (161:13): [True: 0, False: 0] ------------------ 162| 0| return false; 163| 0| } 164| 0| } 165| | 166| 69| mbedtls_gcm_init(&ctx); 167| | 168| 69| ret = mbedtls_gcm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, key, 169| 69| (uint32_t)(key_size * 8)); 170| 69| if (ret != 0) { ------------------ | Branch (170:9): [True: 0, False: 69] ------------------ 171| 0| return false; 172| 0| } 173| | 174| 69| ret = mbedtls_gcm_auth_decrypt(&ctx, (uint32_t)data_in_size, iv, 175| 69| (uint32_t)iv_size, a_data, 176| 69| (uint32_t)a_data_size, tag, 177| 69| (uint32_t)tag_size, data_in, data_out); 178| 69| mbedtls_gcm_free(&ctx); 179| 69| if (ret != 0) { ------------------ | Branch (179:9): [True: 69, False: 0] ------------------ 180| 69| return false; 181| 69| } 182| 0| if (data_out_size != NULL) { ------------------ | Branch (182:9): [True: 0, False: 0] ------------------ 183| 0| *data_out_size = data_in_size; 184| 0| } 185| | 186| 0| return true; 187| 69|} mbedtls_platform_zeroize: 29| 345|{ 30| 345| libspdm_zero_mem(buf, len); 31| 345|} my_calloc: 34| 69|{ 35| 69| CRYPTMEM_HEAD *pool_hdr; 36| 69| size_t new_size; 37| 69| void *data; 38| | 39| | 40| | /* Adjust the size by the buffer header overhead*/ 41| | 42| 69| new_size = (size_t)(size * num) + CRYPTMEM_OVERHEAD; ------------------ | | 26| 69|#define CRYPTMEM_OVERHEAD sizeof(CRYPTMEM_HEAD) ------------------ 43| | 44| 69| data = allocate_zero_pool(new_size); 45| 69| if (data != NULL) { ------------------ | Branch (45:9): [True: 69, False: 0] ------------------ 46| 69| pool_hdr = (CRYPTMEM_HEAD *)data; 47| | 48| | /* Record the memory brief information*/ 49| | 50| 69| pool_hdr->version = CRYPTMEM_HEAD_VERSION; ------------------ | | 19| 69|#define CRYPTMEM_HEAD_VERSION 0x1 ------------------ 51| 69| pool_hdr->size = size; 52| | 53| 69| return (void *)(pool_hdr + 1); 54| 69| } else { 55| | 56| | /* The buffer allocation failed.*/ 57| | 58| 0| return NULL; 59| 0| } 60| 69|} my_free: 64| 69|{ 65| 69| CRYPTMEM_HEAD *pool_hdr; 66| | 67| | 68| | /* In Standard C, free() handles a null pointer argument transparently. This 69| | * is not true of free_pool() below, so protect it.*/ 70| | 71| 69| if (ptr != NULL) { ------------------ | Branch (71:9): [True: 69, False: 0] ------------------ 72| 69| pool_hdr = (CRYPTMEM_HEAD *)ptr - 1; 73| 69| LIBSPDM_ASSERT(pool_hdr->version == CRYPTMEM_HEAD_VERSION); 74| 69| free_pool(pool_hdr); 75| 69| } 76| 69|} allocate_zero_pool: 20| 299|{ 21| 299| void *buffer; 22| 299| buffer = malloc(AllocationSize); 23| 299| if (buffer == NULL) { ------------------ | Branch (23:9): [True: 0, False: 299] ------------------ 24| 0| return NULL; 25| 0| } 26| 299| memset(buffer, 0, AllocationSize); 27| 299| return buffer; 28| 299|} free_pool: 31| 69|{ 32| 69| free(buffer); 33| 69|} gcm.c:mbedtls_cipher_info_get_block_size: 540| 69|{ 541| 69| if (info == NULL) { ------------------ | Branch (541:9): [True: 0, False: 69] ------------------ 542| 0| return 0; 543| 0| } 544| | 545| 69| return (size_t) (info->MBEDTLS_PRIVATE(block_size)); ------------------ | | 17| 69|#define MBEDTLS_PRIVATE(member) member ------------------ 546| 69|} cipher.c:mbedtls_cipher_info_get_key_bitlen: 479| 276|{ 480| 276| if (info == NULL) { ------------------ | Branch (480:9): [True: 0, False: 276] ------------------ 481| 0| return 0; 482| 276| } else { 483| 276| return ((size_t) info->MBEDTLS_PRIVATE(key_bitlen)) << MBEDTLS_KEY_BITLEN_SHIFT; ------------------ | | 17| 276|#define MBEDTLS_PRIVATE(member) member ------------------ return ((size_t) info->MBEDTLS_PRIVATE(key_bitlen)) << MBEDTLS_KEY_BITLEN_SHIFT; ------------------ | | 311| 276|#define MBEDTLS_KEY_BITLEN_SHIFT 6 ------------------ 484| 276| } 485| 276|} cipher.c:mbedtls_cipher_get_block_size: 680| 138|{ 681| 138| if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) { ------------------ | | 17| 138|#define MBEDTLS_PRIVATE(member) member ------------------ | Branch (681:9): [True: 0, False: 138] ------------------ 682| 0| return 0; 683| 0| } 684| | 685| 138| return (unsigned int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size); ------------------ | | 17| 138|#define MBEDTLS_PRIVATE(member) member ------------------ return (unsigned int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size); ------------------ | | 17| 138|#define MBEDTLS_PRIVATE(member) member ------------------ 686| 138|} mbedtls_aes_init: 493| 69|{ 494| 69| memset(ctx, 0, sizeof(mbedtls_aes_context)); 495| 69|} mbedtls_aes_free: 498| 69|{ 499| 69| if (ctx == NULL) { ------------------ | Branch (499:9): [True: 0, False: 69] ------------------ 500| 0| return; 501| 0| } 502| | 503| 69| mbedtls_platform_zeroize(ctx, sizeof(mbedtls_aes_context)); 504| 69|} mbedtls_aes_setkey_enc: 578| 69|{ 579| 69| uint32_t *RK; 580| | 581| 69| switch (keybits) { 582| 0| case 128: ctx->nr = 10; break; ------------------ | Branch (582:9): [True: 0, False: 69] ------------------ 583| 0|#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) 584| 0| case 192: ctx->nr = 12; break; ------------------ | Branch (584:9): [True: 0, False: 69] ------------------ 585| 69| case 256: ctx->nr = 14; break; ------------------ | Branch (585:9): [True: 69, False: 0] ------------------ 586| 0|#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ 587| 0| default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; ------------------ | | 44| 0|#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 ------------------ | Branch (587:9): [True: 0, False: 69] ------------------ 588| 69| } 589| | 590| 69|#if !defined(MBEDTLS_AES_ROM_TABLES) 591| 69| if (aes_init_done == 0) { ------------------ | Branch (591:9): [True: 1, False: 68] ------------------ 592| 1| aes_gen_tables(); 593| 1| aes_init_done = 1; 594| 1| } 595| 69|#endif 596| | 597| 69| ctx->rk_offset = mbedtls_aes_rk_offset(ctx->buf); 598| 69| RK = ctx->buf + ctx->rk_offset; 599| | 600| 69|#if defined(MBEDTLS_AESNI_HAVE_CODE) 601| 69| if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) { ------------------ | | 20| 69|#define MBEDTLS_AESNI_AES 0x02000000u ------------------ | Branch (601:9): [True: 69, False: 0] ------------------ 602| 69| return mbedtls_aesni_setkey_enc((unsigned char *) RK, key, keybits); 603| 69| } 604| 0|#endif 605| | 606| |#if defined(MBEDTLS_AESCE_HAVE_CODE) 607| | if (MBEDTLS_AESCE_HAS_SUPPORT()) { 608| | return mbedtls_aesce_setkey_enc((unsigned char *) RK, key, keybits); 609| | } 610| |#endif 611| | 612| 0|#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) 613| 0| for (unsigned int i = 0; i < (keybits >> 5); i++) { ------------------ | Branch (613:30): [True: 0, False: 0] ------------------ 614| 0| RK[i] = MBEDTLS_GET_UINT32_LE(key, i << 2); ------------------ | | 449| 0| ((MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 0|#define MBEDTLS_IS_BIG_ENDIAN 0 | | ------------------ | | | Branch (449:6): [Folded - Ignored] | | ------------------ | | 450| 0| ? MBEDTLS_BSWAP32(mbedtls_get_unaligned_uint32((data) + (offset))) \ | | ------------------ | | | | 298| 0|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 451| 0| : mbedtls_get_unaligned_uint32((data) + (offset)) \ | | 452| 0| ) ------------------ 615| 0| } 616| | 617| 0| switch (ctx->nr) { ------------------ | Branch (617:13): [True: 0, False: 0] ------------------ 618| 0| case 10: ------------------ | Branch (618:9): [True: 0, False: 0] ------------------ 619| | 620| 0| for (unsigned int i = 0; i < 10; i++, RK += 4) { ------------------ | Branch (620:38): [True: 0, False: 0] ------------------ 621| 0| RK[4] = RK[0] ^ round_constants[i] ^ 622| 0| ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[3])]) ^ ------------------ | | 269| 0|#define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >> 8) & 0xff)) ------------------ 623| 0| ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[3])] << 8) ^ ------------------ | | 270| 0|#define MBEDTLS_BYTE_2(x) ((uint8_t) (((x) >> 16) & 0xff)) ------------------ 624| 0| ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[3])] << 16) ^ ------------------ | | 271| 0|#define MBEDTLS_BYTE_3(x) ((uint8_t) (((x) >> 24) & 0xff)) ------------------ 625| 0| ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[3])] << 24); ------------------ | | 268| 0|#define MBEDTLS_BYTE_0(x) ((uint8_t) ((x) & 0xff)) ------------------ 626| | 627| 0| RK[5] = RK[1] ^ RK[4]; 628| 0| RK[6] = RK[2] ^ RK[5]; 629| 0| RK[7] = RK[3] ^ RK[6]; 630| 0| } 631| 0| break; 632| | 633| 0|#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) 634| 0| case 12: ------------------ | Branch (634:9): [True: 0, False: 0] ------------------ 635| | 636| 0| for (unsigned int i = 0; i < 8; i++, RK += 6) { ------------------ | Branch (636:38): [True: 0, False: 0] ------------------ 637| 0| RK[6] = RK[0] ^ round_constants[i] ^ 638| 0| ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[5])]) ^ ------------------ | | 269| 0|#define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >> 8) & 0xff)) ------------------ 639| 0| ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[5])] << 8) ^ ------------------ | | 270| 0|#define MBEDTLS_BYTE_2(x) ((uint8_t) (((x) >> 16) & 0xff)) ------------------ 640| 0| ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[5])] << 16) ^ ------------------ | | 271| 0|#define MBEDTLS_BYTE_3(x) ((uint8_t) (((x) >> 24) & 0xff)) ------------------ 641| 0| ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[5])] << 24); ------------------ | | 268| 0|#define MBEDTLS_BYTE_0(x) ((uint8_t) ((x) & 0xff)) ------------------ 642| | 643| 0| RK[7] = RK[1] ^ RK[6]; 644| 0| RK[8] = RK[2] ^ RK[7]; 645| 0| RK[9] = RK[3] ^ RK[8]; 646| 0| RK[10] = RK[4] ^ RK[9]; 647| 0| RK[11] = RK[5] ^ RK[10]; 648| 0| } 649| 0| break; 650| | 651| 0| case 14: ------------------ | Branch (651:9): [True: 0, False: 0] ------------------ 652| | 653| 0| for (unsigned int i = 0; i < 7; i++, RK += 8) { ------------------ | Branch (653:38): [True: 0, False: 0] ------------------ 654| 0| RK[8] = RK[0] ^ round_constants[i] ^ 655| 0| ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[7])]) ^ ------------------ | | 269| 0|#define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >> 8) & 0xff)) ------------------ 656| 0| ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[7])] << 8) ^ ------------------ | | 270| 0|#define MBEDTLS_BYTE_2(x) ((uint8_t) (((x) >> 16) & 0xff)) ------------------ 657| 0| ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[7])] << 16) ^ ------------------ | | 271| 0|#define MBEDTLS_BYTE_3(x) ((uint8_t) (((x) >> 24) & 0xff)) ------------------ 658| 0| ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[7])] << 24); ------------------ | | 268| 0|#define MBEDTLS_BYTE_0(x) ((uint8_t) ((x) & 0xff)) ------------------ 659| | 660| 0| RK[9] = RK[1] ^ RK[8]; 661| 0| RK[10] = RK[2] ^ RK[9]; 662| 0| RK[11] = RK[3] ^ RK[10]; 663| | 664| 0| RK[12] = RK[4] ^ 665| 0| ((uint32_t) FSb[MBEDTLS_BYTE_0(RK[11])]) ^ ------------------ | | 268| 0|#define MBEDTLS_BYTE_0(x) ((uint8_t) ((x) & 0xff)) ------------------ 666| 0| ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[11])] << 8) ^ ------------------ | | 269| 0|#define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >> 8) & 0xff)) ------------------ 667| 0| ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[11])] << 16) ^ ------------------ | | 270| 0|#define MBEDTLS_BYTE_2(x) ((uint8_t) (((x) >> 16) & 0xff)) ------------------ 668| 0| ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[11])] << 24); ------------------ | | 271| 0|#define MBEDTLS_BYTE_3(x) ((uint8_t) (((x) >> 24) & 0xff)) ------------------ 669| | 670| 0| RK[13] = RK[5] ^ RK[12]; 671| 0| RK[14] = RK[6] ^ RK[13]; 672| 0| RK[15] = RK[7] ^ RK[14]; 673| 0| } 674| 0| break; 675| 0|#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ 676| 0| } 677| | 678| 0| return 0; 679| 0|#endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ 680| 0|} mbedtls_aes_crypt_ecb: 1028| 138|{ 1029| 138| if (mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT) { ------------------ | | 39| 276|#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ ------------------ if (mode != MBEDTLS_AES_ENCRYPT && mode != MBEDTLS_AES_DECRYPT) { ------------------ | | 40| 0|#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ ------------------ | Branch (1029:9): [True: 0, False: 138] | Branch (1029:40): [True: 0, False: 0] ------------------ 1030| 0| return MBEDTLS_ERR_AES_BAD_INPUT_DATA; ------------------ | | 50| 0|#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 ------------------ 1031| 0| } 1032| | 1033| |#if defined(MAY_NEED_TO_ALIGN) 1034| | aes_maybe_realign(ctx); 1035| |#endif 1036| | 1037| 138|#if defined(MBEDTLS_AESNI_HAVE_CODE) 1038| 138| if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) { ------------------ | | 20| 138|#define MBEDTLS_AESNI_AES 0x02000000u ------------------ | Branch (1038:9): [True: 138, False: 0] ------------------ 1039| 138| return mbedtls_aesni_crypt_ecb(ctx, mode, input, output); 1040| 138| } 1041| 0|#endif 1042| | 1043| |#if defined(MBEDTLS_AESCE_HAVE_CODE) 1044| | if (MBEDTLS_AESCE_HAS_SUPPORT()) { 1045| | return mbedtls_aesce_crypt_ecb(ctx, mode, input, output); 1046| | } 1047| |#endif 1048| | 1049| |#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) 1050| | if (aes_padlock_ace > 0) { 1051| | return mbedtls_padlock_xcryptecb(ctx, mode, input, output); 1052| | } 1053| |#endif 1054| | 1055| 0|#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) 1056| 0|#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) 1057| 0| if (mode == MBEDTLS_AES_DECRYPT) { ------------------ | | 40| 0|#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ ------------------ | Branch (1057:9): [True: 0, False: 0] ------------------ 1058| 0| return mbedtls_internal_aes_decrypt(ctx, input, output); 1059| 0| } else 1060| 0|#endif 1061| 0| { 1062| 0| return mbedtls_internal_aes_encrypt(ctx, input, output); 1063| 0| } 1064| 0|#endif /* !MBEDTLS_AES_USE_HARDWARE_ONLY */ 1065| 0|} aes.c:aes_gen_tables: 376| 1|{ 377| 1| int i; 378| 1| uint8_t x, y, z; 379| 1| uint8_t pow[256]; 380| 1| uint8_t log[256]; 381| | 382| | /* 383| | * compute pow and log tables over GF(2^8) 384| | */ 385| 257| for (i = 0, x = 1; i < 256; i++) { ------------------ | Branch (385:24): [True: 256, False: 1] ------------------ 386| 256| pow[i] = x; 387| 256| log[x] = (uint8_t) i; 388| 256| x ^= XTIME(x); ------------------ | | 370| 256|#define XTIME(x) (((x) << 1) ^ (((x) & 0x80) ? 0x1B : 0x00)) | | ------------------ | | | Branch (370:33): [True: 128, False: 128] | | ------------------ ------------------ 389| 256| } 390| | 391| | /* 392| | * calculate the round constants 393| | */ 394| 11| for (i = 0, x = 1; i < 10; i++) { ------------------ | Branch (394:24): [True: 10, False: 1] ------------------ 395| 10| round_constants[i] = x; 396| 10| x = XTIME(x); ------------------ | | 370| 10|#define XTIME(x) (((x) << 1) ^ (((x) & 0x80) ? 0x1B : 0x00)) | | ------------------ | | | Branch (370:33): [True: 1, False: 9] | | ------------------ ------------------ 397| 10| } 398| | 399| | /* 400| | * generate the forward and reverse S-boxes 401| | */ 402| 1| FSb[0x00] = 0x63; 403| 1|#if defined(MBEDTLS_AES_NEED_REVERSE_TABLES) 404| 1| RSb[0x63] = 0x00; 405| 1|#endif 406| | 407| 256| for (i = 1; i < 256; i++) { ------------------ | Branch (407:17): [True: 255, False: 1] ------------------ 408| 255| x = pow[255 - log[i]]; 409| | 410| 255| y = x; y = (y << 1) | (y >> 7); 411| 255| x ^= y; y = (y << 1) | (y >> 7); 412| 255| x ^= y; y = (y << 1) | (y >> 7); 413| 255| x ^= y; y = (y << 1) | (y >> 7); 414| 255| x ^= y ^ 0x63; 415| | 416| 255| FSb[i] = x; 417| 255|#if defined(MBEDTLS_AES_NEED_REVERSE_TABLES) 418| 255| RSb[x] = (unsigned char) i; 419| 255|#endif 420| 255| } 421| | 422| | /* 423| | * generate the forward and reverse tables 424| | */ 425| 257| for (i = 0; i < 256; i++) { ------------------ | Branch (425:17): [True: 256, False: 1] ------------------ 426| 256| x = FSb[i]; 427| 256| y = XTIME(x); ------------------ | | 370| 256|#define XTIME(x) (((x) << 1) ^ (((x) & 0x80) ? 0x1B : 0x00)) | | ------------------ | | | Branch (370:33): [True: 128, False: 128] | | ------------------ ------------------ 428| 256| z = y ^ x; 429| | 430| 256| FT0[i] = ((uint32_t) y) ^ 431| 256| ((uint32_t) x << 8) ^ 432| 256| ((uint32_t) x << 16) ^ 433| 256| ((uint32_t) z << 24); 434| | 435| 256|#if !defined(MBEDTLS_AES_FEWER_TABLES) 436| 256| FT1[i] = ROTL8(FT0[i]); ------------------ | | 369| 256|#define ROTL8(x) (((x) << 8) & 0xFFFFFFFF) | ((x) >> 24) ------------------ 437| 256| FT2[i] = ROTL8(FT1[i]); ------------------ | | 369| 256|#define ROTL8(x) (((x) << 8) & 0xFFFFFFFF) | ((x) >> 24) ------------------ 438| 256| FT3[i] = ROTL8(FT2[i]); ------------------ | | 369| 256|#define ROTL8(x) (((x) << 8) & 0xFFFFFFFF) | ((x) >> 24) ------------------ 439| 256|#endif /* !MBEDTLS_AES_FEWER_TABLES */ 440| | 441| 256|#if defined(MBEDTLS_AES_NEED_REVERSE_TABLES) 442| 256| x = RSb[i]; 443| | 444| 256| RT0[i] = ((uint32_t) MUL(0x0E, x)) ^ ------------------ | | 371| 256|#define MUL(x, y) (((x) && (y)) ? pow[(log[(x)]+log[(y)]) % 255] : 0) | | ------------------ | | | Branch (371:21): [Folded - Ignored] | | | Branch (371:28): [True: 255, False: 1] | | ------------------ ------------------ 445| 256| ((uint32_t) MUL(0x09, x) << 8) ^ ------------------ | | 371| 256|#define MUL(x, y) (((x) && (y)) ? pow[(log[(x)]+log[(y)]) % 255] : 0) | | ------------------ | | | Branch (371:21): [Folded - Ignored] | | | Branch (371:28): [True: 255, False: 1] | | ------------------ ------------------ 446| 256| ((uint32_t) MUL(0x0D, x) << 16) ^ ------------------ | | 371| 256|#define MUL(x, y) (((x) && (y)) ? pow[(log[(x)]+log[(y)]) % 255] : 0) | | ------------------ | | | Branch (371:21): [Folded - Ignored] | | | Branch (371:28): [True: 255, False: 1] | | ------------------ ------------------ 447| 256| ((uint32_t) MUL(0x0B, x) << 24); ------------------ | | 371| 256|#define MUL(x, y) (((x) && (y)) ? pow[(log[(x)]+log[(y)]) % 255] : 0) | | ------------------ | | | Branch (371:21): [Folded - Ignored] | | | Branch (371:28): [True: 255, False: 1] | | ------------------ ------------------ 448| | 449| 256|#if !defined(MBEDTLS_AES_FEWER_TABLES) 450| 256| RT1[i] = ROTL8(RT0[i]); ------------------ | | 369| 256|#define ROTL8(x) (((x) << 8) & 0xFFFFFFFF) | ((x) >> 24) ------------------ 451| 256| RT2[i] = ROTL8(RT1[i]); ------------------ | | 369| 256|#define ROTL8(x) (((x) << 8) & 0xFFFFFFFF) | ((x) >> 24) ------------------ 452| 256| RT3[i] = ROTL8(RT2[i]); ------------------ | | 369| 256|#define ROTL8(x) (((x) << 8) & 0xFFFFFFFF) | ((x) >> 24) ------------------ 453| 256|#endif /* !MBEDTLS_AES_FEWER_TABLES */ 454| 256|#endif /* MBEDTLS_AES_NEED_REVERSE_TABLES */ 455| 256| } 456| 1|} aes.c:mbedtls_aes_rk_offset: 536| 69|{ 537| |#if defined(MAY_NEED_TO_ALIGN) 538| | int align_16_bytes = 0; 539| | 540| |#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) 541| | if (aes_padlock_ace == -1) { 542| | aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE); 543| | } 544| | if (aes_padlock_ace) { 545| | align_16_bytes = 1; 546| | } 547| |#endif 548| | 549| |#if defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2 550| | if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) { 551| | align_16_bytes = 1; 552| | } 553| |#endif 554| | 555| | if (align_16_bytes) { 556| | /* These implementations needs 16-byte alignment 557| | * for the round key array. */ 558| | unsigned delta = ((uintptr_t) buf & 0x0000000fU) / 4; 559| | if (delta == 0) { 560| | return 0; 561| | } else { 562| | return 4 - delta; // 16 bytes = 4 uint32_t 563| | } 564| | } 565| |#else /* MAY_NEED_TO_ALIGN */ 566| 69| (void) buf; 567| 69|#endif /* MAY_NEED_TO_ALIGN */ 568| | 569| 69| return 0; 570| 69|} mbedtls_aesni_has_support: 50| 276|{ 51| 276| static int done = 0; 52| 276| static unsigned int c = 0; 53| | 54| 276| if (!done) { ------------------ | Branch (54:9): [True: 1, False: 275] ------------------ 55| |#if MBEDTLS_AESNI_HAVE_CODE == 2 56| | static int info[4] = { 0, 0, 0, 0 }; 57| |#if defined(_MSC_VER) 58| | __cpuid(info, 1); 59| |#else 60| | __cpuid(1, info[0], info[1], info[2], info[3]); 61| |#endif 62| | c = info[2]; 63| |#else /* AESNI using asm */ 64| 1| asm ("movl $1, %%eax \n\t" ------------------ | | 321| 1|#define asm __asm__ ------------------ 65| 1| "cpuid \n\t" 66| 1| : "=c" (c) 67| 1| : 68| 1| : "eax", "ebx", "edx"); 69| 1|#endif /* MBEDTLS_AESNI_HAVE_CODE */ 70| 1| done = 1; 71| 1| } 72| | 73| 276| return (c & what) != 0; 74| 276|} mbedtls_aesni_crypt_ecb: 458| 138|{ 459| 138| asm ("movdqu (%3), %%xmm0 \n\t" // load input ------------------ | | 321| 138|#define asm __asm__ ------------------ 460| 138| "movdqu (%1), %%xmm1 \n\t" // load round key 0 461| 138| "pxor %%xmm1, %%xmm0 \n\t" // round 0 462| 138| "add $16, %1 \n\t" // point to next round key 463| 138| "subl $1, %0 \n\t" // normal rounds = nr - 1 464| 138| "test %2, %2 \n\t" // mode? 465| 138| "jz 2f \n\t" // 0 = decrypt 466| | 467| 138| "1: \n\t" // encryption loop 468| 138| "movdqu (%1), %%xmm1 \n\t" // load round key 469| | AESENC(xmm1_xmm0) // do round 470| 138| "add $16, %1 \n\t" // point to next round key 471| 138| "subl $1, %0 \n\t" // loop 472| 138| "jnz 1b \n\t" 473| 138| "movdqu (%1), %%xmm1 \n\t" // load round key 474| | AESENCLAST(xmm1_xmm0) // last round 475| 138|#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) 476| 138| "jmp 3f \n\t" 477| | 478| 138| "2: \n\t" // decryption loop 479| 138| "movdqu (%1), %%xmm1 \n\t" 480| | AESDEC(xmm1_xmm0) // do round 481| 138| "add $16, %1 \n\t" 482| 138| "subl $1, %0 \n\t" 483| 138| "jnz 2b \n\t" 484| 138| "movdqu (%1), %%xmm1 \n\t" // load round key 485| | AESDECLAST(xmm1_xmm0) // last round 486| 138|#endif 487| | 488| 138| "3: \n\t" 489| 138| "movdqu %%xmm0, (%4) \n\t" // export output 490| 138| : 491| 138| : "r" (ctx->nr), "r" (ctx->buf + ctx->rk_offset), "r" (mode), "r" (input), "r" (output) 492| 138| : "memory", "cc", "xmm0", "xmm1"); 493| | 494| | 495| 138| return 0; 496| 138|} mbedtls_aesni_gcm_mult: 505| 3.51k|{ 506| 3.51k| unsigned char aa[16], bb[16], cc[16]; 507| 3.51k| size_t i; 508| | 509| | /* The inputs are in big-endian order, so byte-reverse them */ 510| 59.6k| for (i = 0; i < 16; i++) { ------------------ | Branch (510:17): [True: 56.1k, False: 3.51k] ------------------ 511| 56.1k| aa[i] = a[15 - i]; 512| 56.1k| bb[i] = b[15 - i]; 513| 56.1k| } 514| | 515| 3.51k| asm ("movdqu (%0), %%xmm0 \n\t" // a1:a0 ------------------ | | 321| 3.51k|#define asm __asm__ ------------------ 516| 3.51k| "movdqu (%1), %%xmm1 \n\t" // b1:b0 517| | 518| | /* 519| | * Caryless multiplication xmm2:xmm1 = xmm0 * xmm1 520| | * using [CLMUL-WP] algorithm 1 (p. 12). 521| | */ 522| 3.51k| "movdqa %%xmm1, %%xmm2 \n\t" // copy of b1:b0 523| 3.51k| "movdqa %%xmm1, %%xmm3 \n\t" // same 524| 3.51k| "movdqa %%xmm1, %%xmm4 \n\t" // same 525| | PCLMULQDQ(xmm0_xmm1, "0x00") // a0*b0 = c1:c0 526| | PCLMULQDQ(xmm0_xmm2, "0x11") // a1*b1 = d1:d0 527| | PCLMULQDQ(xmm0_xmm3, "0x10") // a0*b1 = e1:e0 528| | PCLMULQDQ(xmm0_xmm4, "0x01") // a1*b0 = f1:f0 529| 3.51k| "pxor %%xmm3, %%xmm4 \n\t" // e1+f1:e0+f0 530| 3.51k| "movdqa %%xmm4, %%xmm3 \n\t" // same 531| 3.51k| "psrldq $8, %%xmm4 \n\t" // 0:e1+f1 532| 3.51k| "pslldq $8, %%xmm3 \n\t" // e0+f0:0 533| 3.51k| "pxor %%xmm4, %%xmm2 \n\t" // d1:d0+e1+f1 534| 3.51k| "pxor %%xmm3, %%xmm1 \n\t" // c1+e0+f1:c0 535| | 536| | /* 537| | * Now shift the result one bit to the left, 538| | * taking advantage of [CLMUL-WP] eq 27 (p. 18) 539| | */ 540| 3.51k| "movdqa %%xmm1, %%xmm3 \n\t" // r1:r0 541| 3.51k| "movdqa %%xmm2, %%xmm4 \n\t" // r3:r2 542| 3.51k| "psllq $1, %%xmm1 \n\t" // r1<<1:r0<<1 543| 3.51k| "psllq $1, %%xmm2 \n\t" // r3<<1:r2<<1 544| 3.51k| "psrlq $63, %%xmm3 \n\t" // r1>>63:r0>>63 545| 3.51k| "psrlq $63, %%xmm4 \n\t" // r3>>63:r2>>63 546| 3.51k| "movdqa %%xmm3, %%xmm5 \n\t" // r1>>63:r0>>63 547| 3.51k| "pslldq $8, %%xmm3 \n\t" // r0>>63:0 548| 3.51k| "pslldq $8, %%xmm4 \n\t" // r2>>63:0 549| 3.51k| "psrldq $8, %%xmm5 \n\t" // 0:r1>>63 550| 3.51k| "por %%xmm3, %%xmm1 \n\t" // r1<<1|r0>>63:r0<<1 551| 3.51k| "por %%xmm4, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1 552| 3.51k| "por %%xmm5, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1|r1>>63 553| | 554| | /* 555| | * Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1 556| | * using [CLMUL-WP] algorithm 5 (p. 18). 557| | * Currently xmm2:xmm1 holds x3:x2:x1:x0 (already shifted). 558| | */ 559| | /* Step 2 (1) */ 560| 3.51k| "movdqa %%xmm1, %%xmm3 \n\t" // x1:x0 561| 3.51k| "movdqa %%xmm1, %%xmm4 \n\t" // same 562| 3.51k| "movdqa %%xmm1, %%xmm5 \n\t" // same 563| 3.51k| "psllq $63, %%xmm3 \n\t" // x1<<63:x0<<63 = stuff:a 564| 3.51k| "psllq $62, %%xmm4 \n\t" // x1<<62:x0<<62 = stuff:b 565| 3.51k| "psllq $57, %%xmm5 \n\t" // x1<<57:x0<<57 = stuff:c 566| | 567| | /* Step 2 (2) */ 568| 3.51k| "pxor %%xmm4, %%xmm3 \n\t" // stuff:a+b 569| 3.51k| "pxor %%xmm5, %%xmm3 \n\t" // stuff:a+b+c 570| 3.51k| "pslldq $8, %%xmm3 \n\t" // a+b+c:0 571| 3.51k| "pxor %%xmm3, %%xmm1 \n\t" // x1+a+b+c:x0 = d:x0 572| | 573| | /* Steps 3 and 4 */ 574| 3.51k| "movdqa %%xmm1,%%xmm0 \n\t" // d:x0 575| 3.51k| "movdqa %%xmm1,%%xmm4 \n\t" // same 576| 3.51k| "movdqa %%xmm1,%%xmm5 \n\t" // same 577| 3.51k| "psrlq $1, %%xmm0 \n\t" // e1:x0>>1 = e1:e0' 578| 3.51k| "psrlq $2, %%xmm4 \n\t" // f1:x0>>2 = f1:f0' 579| 3.51k| "psrlq $7, %%xmm5 \n\t" // g1:x0>>7 = g1:g0' 580| 3.51k| "pxor %%xmm4, %%xmm0 \n\t" // e1+f1:e0'+f0' 581| 3.51k| "pxor %%xmm5, %%xmm0 \n\t" // e1+f1+g1:e0'+f0'+g0' 582| | // e0'+f0'+g0' is almost e0+f0+g0, ex\tcept for some missing 583| | // bits carried from d. Now get those\t bits back in. 584| 3.51k| "movdqa %%xmm1,%%xmm3 \n\t" // d:x0 585| 3.51k| "movdqa %%xmm1,%%xmm4 \n\t" // same 586| 3.51k| "movdqa %%xmm1,%%xmm5 \n\t" // same 587| 3.51k| "psllq $63, %%xmm3 \n\t" // d<<63:stuff 588| 3.51k| "psllq $62, %%xmm4 \n\t" // d<<62:stuff 589| 3.51k| "psllq $57, %%xmm5 \n\t" // d<<57:stuff 590| 3.51k| "pxor %%xmm4, %%xmm3 \n\t" // d<<63+d<<62:stuff 591| 3.51k| "pxor %%xmm5, %%xmm3 \n\t" // missing bits of d:stuff 592| 3.51k| "psrldq $8, %%xmm3 \n\t" // 0:missing bits of d 593| 3.51k| "pxor %%xmm3, %%xmm0 \n\t" // e1+f1+g1:e0+f0+g0 594| 3.51k| "pxor %%xmm1, %%xmm0 \n\t" // h1:h0 595| 3.51k| "pxor %%xmm2, %%xmm0 \n\t" // x3+h1:x2+h0 596| | 597| 3.51k| "movdqu %%xmm0, (%2) \n\t" // done 598| 3.51k| : 599| 3.51k| : "r" (aa), "r" (bb), "r" (cc) 600| 3.51k| : "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5"); 601| | 602| | /* Now byte-reverse the outputs */ 603| 59.6k| for (i = 0; i < 16; i++) { ------------------ | Branch (603:17): [True: 56.1k, False: 3.51k] ------------------ 604| 56.1k| c[i] = cc[15 - i]; 605| 56.1k| } 606| | 607| 3.51k| return; 608| 3.51k|} mbedtls_aesni_setkey_enc: 820| 69|{ 821| 69| switch (bits) { 822| 0| case 128: aesni_setkey_enc_128(rk, key); break; ------------------ | Branch (822:9): [True: 0, False: 69] ------------------ 823| 0|#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) 824| 0| case 192: aesni_setkey_enc_192(rk, key); break; ------------------ | Branch (824:9): [True: 0, False: 69] ------------------ 825| 69| case 256: aesni_setkey_enc_256(rk, key); break; ------------------ | Branch (825:9): [True: 69, False: 0] ------------------ 826| 0|#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ 827| 0| default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; ------------------ | | 44| 0|#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 ------------------ | Branch (827:9): [True: 0, False: 69] ------------------ 828| 69| } 829| | 830| 69| return 0; 831| 69|} aesni.c:aesni_setkey_enc_256: 750| 69|{ 751| 69| asm ("movdqu (%1), %%xmm0 \n\t" ------------------ | | 321| 69|#define asm __asm__ ------------------ 752| 69| "movdqu %%xmm0, (%0) \n\t" 753| 69| "add $16, %0 \n\t" 754| 69| "movdqu 16(%1), %%xmm1 \n\t" 755| 69| "movdqu %%xmm1, (%0) \n\t" 756| 69| "jmp 2f \n\t" // skip auxiliary routine 757| | 758| | /* 759| | * Finish generating the next two round keys. 760| | * 761| | * On entry xmm0 is r3:r2:r1:r0, xmm1 is r7:r6:r5:r4 and 762| | * xmm2 is X:stuff:stuff:stuff with X = rot( sub( r7 )) ^ RCON 763| | * 764| | * On exit, xmm0 is r11:r10:r9:r8 and xmm1 is r15:r14:r13:r12 765| | * and those have been written to the output buffer. 766| | */ 767| 69| "1: \n\t" 768| 69| "pshufd $0xff, %%xmm2, %%xmm2 \n\t" 769| 69| "pxor %%xmm0, %%xmm2 \n\t" 770| 69| "pslldq $4, %%xmm0 \n\t" 771| 69| "pxor %%xmm0, %%xmm2 \n\t" 772| 69| "pslldq $4, %%xmm0 \n\t" 773| 69| "pxor %%xmm0, %%xmm2 \n\t" 774| 69| "pslldq $4, %%xmm0 \n\t" 775| 69| "pxor %%xmm2, %%xmm0 \n\t" 776| 69| "add $16, %0 \n\t" 777| 69| "movdqu %%xmm0, (%0) \n\t" 778| | 779| | /* Set xmm2 to stuff:Y:stuff:stuff with Y = subword( r11 ) 780| | * and proceed to generate next round key from there */ 781| 69| AESKEYGENA(xmm0_xmm2, "0x00") 782| 69| "pshufd $0xaa, %%xmm2, %%xmm2 \n\t" 783| 69| "pxor %%xmm1, %%xmm2 \n\t" 784| 69| "pslldq $4, %%xmm1 \n\t" 785| 69| "pxor %%xmm1, %%xmm2 \n\t" 786| 69| "pslldq $4, %%xmm1 \n\t" 787| 69| "pxor %%xmm1, %%xmm2 \n\t" 788| 69| "pslldq $4, %%xmm1 \n\t" 789| 69| "pxor %%xmm2, %%xmm1 \n\t" 790| 69| "add $16, %0 \n\t" 791| 69| "movdqu %%xmm1, (%0) \n\t" 792| 69| "ret \n\t" 793| | 794| | /* 795| | * Main "loop" - Generating one more key than necessary, 796| | * see definition of mbedtls_aes_context.buf 797| | */ 798| 69| "2: \n\t" 799| 69| AESKEYGENA(xmm1_xmm2, "0x01") "call 1b \n\t" 800| 69| AESKEYGENA(xmm1_xmm2, "0x02") "call 1b \n\t" 801| 69| AESKEYGENA(xmm1_xmm2, "0x04") "call 1b \n\t" 802| 69| AESKEYGENA(xmm1_xmm2, "0x08") "call 1b \n\t" 803| 69| AESKEYGENA(xmm1_xmm2, "0x10") "call 1b \n\t" 804| 69| AESKEYGENA(xmm1_xmm2, "0x20") "call 1b \n\t" 805| 69| AESKEYGENA(xmm1_xmm2, "0x40") "call 1b \n\t" 806| 69| : 807| 69| : "r" (rk), "r" (key) 808| 69| : "memory", "cc", "0"); 809| 69|} gcm.c:mbedtls_get_unaligned_uint64: 220| 14.1k|{ 221| 14.1k| uint64_t r; 222| |#if defined(UINT_UNALIGNED) 223| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 224| | r = *p64; 225| |#elif defined(UINT_UNALIGNED_STRUCT) 226| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 227| | r = p64->x; 228| |#else 229| 14.1k| memcpy(&r, p, sizeof(r)); 230| 14.1k|#endif 231| 14.1k| return r; 232| 14.1k|} gcm.c:mbedtls_put_unaligned_uint64: 247| 7.08k|{ 248| |#if defined(UINT_UNALIGNED) 249| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 250| | *p64 = x; 251| |#elif defined(UINT_UNALIGNED_STRUCT) 252| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 253| | p64->x = x; 254| |#else 255| 7.08k| memcpy(p, &x, sizeof(x)); 256| 7.08k|#endif 257| 7.08k|} gcm.c:mbedtls_put_unaligned_uint32: 195| 276|{ 196| |#if defined(UINT_UNALIGNED) 197| | mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p; 198| | *p32 = x; 199| |#elif defined(UINT_UNALIGNED_STRUCT) 200| | mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p; 201| | p32->x = x; 202| |#else 203| 276| memcpy(p, &x, sizeof(x)); 204| 276|#endif 205| 276|} mbedtls_cipher_info_from_values: 121| 69|{ 122| 69| const mbedtls_cipher_definition_t *def; 123| | 124| 207| for (def = mbedtls_cipher_definitions; def->info != NULL; def++) { ------------------ | Branch (124:44): [True: 207, False: 0] ------------------ 125| 207| if (mbedtls_cipher_get_base(def->info)->cipher == cipher_id && ------------------ | Branch (125:13): [True: 207, False: 0] ------------------ 126| 207| mbedtls_cipher_info_get_key_bitlen(def->info) == (unsigned) key_bitlen && ------------------ | Branch (126:13): [True: 69, False: 138] ------------------ 127| 207| def->info->mode == mode) { ------------------ | Branch (127:13): [True: 69, False: 0] ------------------ 128| 69| return def->info; 129| 69| } 130| 207| } 131| | 132| 0| return NULL; 133| 69|} mbedtls_cipher_free: 207| 138|{ 208| 138| if (ctx == NULL) { ------------------ | Branch (208:9): [True: 0, False: 138] ------------------ 209| 0| return; 210| 0| } 211| | 212| |#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED) 213| | if (ctx->psa_enabled == 1) { 214| | if (ctx->cipher_ctx != NULL) { 215| | mbedtls_cipher_context_psa * const cipher_psa = 216| | (mbedtls_cipher_context_psa *) ctx->cipher_ctx; 217| | 218| | if (cipher_psa->slot_state == MBEDTLS_CIPHER_PSA_KEY_OWNED) { 219| | /* xxx_free() doesn't allow to return failures. */ 220| | (void) psa_destroy_key(cipher_psa->slot); 221| | } 222| | 223| | mbedtls_zeroize_and_free(cipher_psa, sizeof(*cipher_psa)); 224| | } 225| | 226| | mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t)); 227| | return; 228| | } 229| |#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */ 230| | 231| |#if defined(MBEDTLS_CMAC_C) 232| | if (ctx->cmac_ctx) { 233| | mbedtls_zeroize_and_free(ctx->cmac_ctx, 234| | sizeof(mbedtls_cmac_context_t)); 235| | } 236| |#endif 237| | 238| 138| if (ctx->cipher_ctx) { ------------------ | Branch (238:9): [True: 69, False: 69] ------------------ 239| 69| mbedtls_cipher_get_base(ctx->cipher_info)->ctx_free_func(ctx->cipher_ctx); 240| 69| } 241| | 242| 138| mbedtls_platform_zeroize(ctx, sizeof(mbedtls_cipher_context_t)); 243| 138|} mbedtls_cipher_setup: 247| 69|{ 248| 69| if (cipher_info == NULL) { ------------------ | Branch (248:9): [True: 0, False: 69] ------------------ 249| 0| return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 ------------------ 250| 0| } 251| | 252| 69| memset(ctx, 0, sizeof(mbedtls_cipher_context_t)); 253| | 254| 69| if (mbedtls_cipher_get_base(cipher_info)->ctx_alloc_func != NULL) { ------------------ | Branch (254:9): [True: 69, False: 0] ------------------ 255| 69| ctx->cipher_ctx = mbedtls_cipher_get_base(cipher_info)->ctx_alloc_func(); 256| 69| if (ctx->cipher_ctx == NULL) { ------------------ | Branch (256:13): [True: 0, False: 69] ------------------ 257| 0| return MBEDTLS_ERR_CIPHER_ALLOC_FAILED; ------------------ | | 42| 0|#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 ------------------ 258| 0| } 259| 69| } 260| | 261| 69| ctx->cipher_info = cipher_info; 262| | 263| 69| return 0; 264| 69|} mbedtls_cipher_setkey: 306| 69|{ 307| 69| if (operation != MBEDTLS_ENCRYPT && operation != MBEDTLS_DECRYPT) { ------------------ | Branch (307:9): [True: 0, False: 69] | Branch (307:41): [True: 0, False: 0] ------------------ 308| 0| return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 ------------------ 309| 0| } 310| 69| if (ctx->cipher_info == NULL) { ------------------ | Branch (310:9): [True: 0, False: 69] ------------------ 311| 0| return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 ------------------ 312| 0| } 313| |#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) 314| | if (MBEDTLS_MODE_ECB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) && 315| | MBEDTLS_DECRYPT == operation) { 316| | return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 317| | } 318| |#endif 319| | 320| |#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED) 321| | if (ctx->psa_enabled == 1) { 322| | mbedtls_cipher_context_psa * const cipher_psa = 323| | (mbedtls_cipher_context_psa *) ctx->cipher_ctx; 324| | 325| | size_t const key_bytelen = ((size_t) key_bitlen + 7) / 8; 326| | 327| | psa_status_t status; 328| | psa_key_type_t key_type; 329| | psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 330| | 331| | /* PSA Crypto API only accepts byte-aligned keys. */ 332| | if (key_bitlen % 8 != 0) { 333| | return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; 334| | } 335| | 336| | /* Don't allow keys to be set multiple times. */ 337| | if (cipher_psa->slot_state != MBEDTLS_CIPHER_PSA_KEY_UNSET) { 338| | return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; 339| | } 340| | 341| | key_type = mbedtls_psa_translate_cipher_type( 342| | ((mbedtls_cipher_type_t) ctx->cipher_info->type)); 343| | if (key_type == 0) { 344| | return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 345| | } 346| | psa_set_key_type(&attributes, key_type); 347| | 348| | /* Mbed TLS' cipher layer doesn't enforce the mode of operation 349| | * (encrypt vs. decrypt): it is possible to setup a key for encryption 350| | * and use it for AEAD decryption. Until tests relying on this 351| | * are changed, allow any usage in PSA. */ 352| | psa_set_key_usage_flags(&attributes, 353| | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); 354| | psa_set_key_algorithm(&attributes, cipher_psa->alg); 355| | 356| | status = psa_import_key(&attributes, key, key_bytelen, 357| | &cipher_psa->slot); 358| | switch (status) { 359| | case PSA_SUCCESS: 360| | break; 361| | case PSA_ERROR_INSUFFICIENT_MEMORY: 362| | return MBEDTLS_ERR_CIPHER_ALLOC_FAILED; 363| | case PSA_ERROR_NOT_SUPPORTED: 364| | return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 365| | default: 366| | return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; 367| | } 368| | /* Indicate that we own the key slot and need to 369| | * destroy it in mbedtls_cipher_free(). */ 370| | cipher_psa->slot_state = MBEDTLS_CIPHER_PSA_KEY_OWNED; 371| | 372| | ctx->key_bitlen = key_bitlen; 373| | ctx->operation = operation; 374| | return 0; 375| | } 376| |#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */ 377| | 378| 69| if ((ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN) == 0 && ------------------ | | 53| 69|#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length. */ ------------------ | Branch (378:9): [True: 69, False: 0] ------------------ 379| 69| (int) mbedtls_cipher_info_get_key_bitlen(ctx->cipher_info) != key_bitlen) { ------------------ | Branch (379:9): [True: 0, False: 69] ------------------ 380| 0| return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 ------------------ 381| 0| } 382| | 383| 69| ctx->key_bitlen = key_bitlen; 384| 69| ctx->operation = operation; 385| | 386| 69|#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) 387| | /* 388| | * For OFB, CFB and CTR mode always use the encryption key schedule 389| | */ 390| 69| if (MBEDTLS_ENCRYPT == operation || ------------------ | Branch (390:9): [True: 69, False: 0] ------------------ 391| 69| MBEDTLS_MODE_CFB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) || ------------------ | Branch (391:9): [True: 0, False: 0] ------------------ 392| 69| MBEDTLS_MODE_OFB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) || ------------------ | Branch (392:9): [True: 0, False: 0] ------------------ 393| 69| MBEDTLS_MODE_CTR == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) { ------------------ | Branch (393:9): [True: 0, False: 0] ------------------ 394| 69| return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_enc_func(ctx->cipher_ctx, key, 395| 69| ctx->key_bitlen); 396| 69| } 397| | 398| 0| if (MBEDTLS_DECRYPT == operation) { ------------------ | Branch (398:9): [True: 0, False: 0] ------------------ 399| 0| return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_dec_func(ctx->cipher_ctx, key, 400| 0| ctx->key_bitlen); 401| 0| } 402| |#else 403| | if (operation == MBEDTLS_ENCRYPT || operation == MBEDTLS_DECRYPT) { 404| | return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_enc_func(ctx->cipher_ctx, key, 405| | ctx->key_bitlen); 406| | } 407| |#endif 408| | 409| 0| return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 ------------------ 410| 0|} mbedtls_cipher_update: 581| 138|{ 582| 138| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 138|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 583| 138| size_t block_size; 584| | 585| 138| if (ctx->cipher_info == NULL) { ------------------ | Branch (585:9): [True: 0, False: 138] ------------------ 586| 0| return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 ------------------ 587| 0| } 588| | 589| |#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED) 590| | if (ctx->psa_enabled == 1) { 591| | /* While PSA Crypto has an API for multipart 592| | * operations, we currently don't make it 593| | * accessible through the cipher layer. */ 594| | return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 595| | } 596| |#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_DEPRECATED_REMOVED */ 597| | 598| 138| *olen = 0; 599| 138| block_size = mbedtls_cipher_get_block_size(ctx); 600| 138| if (0 == block_size) { ------------------ | Branch (600:9): [True: 0, False: 138] ------------------ 601| 0| return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT; ------------------ | | 50| 0|#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 ------------------ 602| 0| } 603| | 604| 138| if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_ECB) { ------------------ | Branch (604:9): [True: 138, False: 0] ------------------ 605| 138| if (ilen != block_size) { ------------------ | Branch (605:13): [True: 0, False: 138] ------------------ 606| 0| return MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; ------------------ | | 46| 0|#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 ------------------ 607| 0| } 608| | 609| 138| *olen = ilen; 610| | 611| 138| if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->ecb_func(ctx->cipher_ctx, ------------------ | Branch (611:13): [True: 0, False: 138] ------------------ 612| 138| ctx->operation, input, 613| 138| output))) { 614| 0| return ret; 615| 0| } 616| | 617| 138| return 0; 618| 138| } 619| | 620| 0|#if defined(MBEDTLS_GCM_C) 621| 0| if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_GCM) { ------------------ | Branch (621:9): [True: 0, False: 0] ------------------ 622| 0| return mbedtls_gcm_update((mbedtls_gcm_context *) ctx->cipher_ctx, 623| 0| input, ilen, 624| 0| output, ilen, olen); 625| 0| } 626| 0|#endif 627| | 628| |#if defined(MBEDTLS_CCM_C) 629| | if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_CCM_STAR_NO_TAG) { 630| | return mbedtls_ccm_update((mbedtls_ccm_context *) ctx->cipher_ctx, 631| | input, ilen, 632| | output, ilen, olen); 633| | } 634| |#endif 635| | 636| 0|#if defined(MBEDTLS_CHACHAPOLY_C) 637| 0| if (((mbedtls_cipher_type_t) ctx->cipher_info->type) == MBEDTLS_CIPHER_CHACHA20_POLY1305) { ------------------ | Branch (637:9): [True: 0, False: 0] ------------------ 638| 0| *olen = ilen; 639| 0| return mbedtls_chachapoly_update((mbedtls_chachapoly_context *) ctx->cipher_ctx, 640| 0| ilen, input, output); 641| 0| } 642| 0|#endif 643| | 644| 0| if (input == output && ------------------ | Branch (644:9): [True: 0, False: 0] ------------------ 645| 0| (ctx->unprocessed_len != 0 || ilen % block_size)) { ------------------ | Branch (645:10): [True: 0, False: 0] | Branch (645:39): [True: 0, False: 0] ------------------ 646| 0| return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 ------------------ 647| 0| } 648| | 649| |#if defined(MBEDTLS_CIPHER_MODE_CBC) 650| | if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_CBC) { 651| | size_t copy_len = 0; 652| | 653| | /* 654| | * If there is not enough data for a full block, cache it. 655| | */ 656| | if ((ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding && 657| | ilen <= block_size - ctx->unprocessed_len) || 658| | (ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding && 659| | ilen < block_size - ctx->unprocessed_len) || 660| | (ctx->operation == MBEDTLS_ENCRYPT && 661| | ilen < block_size - ctx->unprocessed_len)) { 662| | memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]), input, 663| | ilen); 664| | 665| | ctx->unprocessed_len += ilen; 666| | return 0; 667| | } 668| | 669| | /* 670| | * Process cached data first 671| | */ 672| | if (0 != ctx->unprocessed_len) { 673| | copy_len = block_size - ctx->unprocessed_len; 674| | 675| | memcpy(&(ctx->unprocessed_data[ctx->unprocessed_len]), input, 676| | copy_len); 677| | 678| | if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->cbc_func(ctx->cipher_ctx, 679| | ctx->operation, 680| | block_size, ctx->iv, 681| | ctx-> 682| | unprocessed_data, 683| | output))) { 684| | return ret; 685| | } 686| | 687| | *olen += block_size; 688| | output += block_size; 689| | ctx->unprocessed_len = 0; 690| | 691| | input += copy_len; 692| | ilen -= copy_len; 693| | } 694| | 695| | /* 696| | * Cache final, incomplete block 697| | */ 698| | if (0 != ilen) { 699| | /* Encryption: only cache partial blocks 700| | * Decryption w/ padding: always keep at least one whole block 701| | * Decryption w/o padding: only cache partial blocks 702| | */ 703| | copy_len = ilen % block_size; 704| | if (copy_len == 0 && 705| | ctx->operation == MBEDTLS_DECRYPT && 706| | NULL != ctx->add_padding) { 707| | copy_len = block_size; 708| | } 709| | 710| | memcpy(ctx->unprocessed_data, &(input[ilen - copy_len]), 711| | copy_len); 712| | 713| | ctx->unprocessed_len += copy_len; 714| | ilen -= copy_len; 715| | } 716| | 717| | /* 718| | * Process remaining full blocks 719| | */ 720| | if (ilen) { 721| | if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->cbc_func(ctx->cipher_ctx, 722| | ctx->operation, 723| | ilen, ctx->iv, 724| | input, 725| | output))) { 726| | return ret; 727| | } 728| | 729| | *olen += ilen; 730| | } 731| | 732| | return 0; 733| | } 734| |#endif /* MBEDTLS_CIPHER_MODE_CBC */ 735| | 736| |#if defined(MBEDTLS_CIPHER_MODE_CFB) 737| | if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_CFB) { 738| | if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->cfb_func(ctx->cipher_ctx, 739| | ctx->operation, ilen, 740| | &ctx->unprocessed_len, 741| | ctx->iv, 742| | input, output))) { 743| | return ret; 744| | } 745| | 746| | *olen = ilen; 747| | 748| | return 0; 749| | } 750| |#endif /* MBEDTLS_CIPHER_MODE_CFB */ 751| | 752| |#if defined(MBEDTLS_CIPHER_MODE_OFB) 753| | if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_OFB) { 754| | if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->ofb_func(ctx->cipher_ctx, 755| | ilen, 756| | &ctx->unprocessed_len, 757| | ctx->iv, 758| | input, output))) { 759| | return ret; 760| | } 761| | 762| | *olen = ilen; 763| | 764| | return 0; 765| | } 766| |#endif /* MBEDTLS_CIPHER_MODE_OFB */ 767| | 768| |#if defined(MBEDTLS_CIPHER_MODE_CTR) 769| | if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_CTR) { 770| | if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->ctr_func(ctx->cipher_ctx, 771| | ilen, 772| | &ctx->unprocessed_len, 773| | ctx->iv, 774| | ctx->unprocessed_data, 775| | input, output))) { 776| | return ret; 777| | } 778| | 779| | *olen = ilen; 780| | 781| | return 0; 782| | } 783| |#endif /* MBEDTLS_CIPHER_MODE_CTR */ 784| | 785| |#if defined(MBEDTLS_CIPHER_MODE_XTS) 786| | if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_XTS) { 787| | if (ctx->unprocessed_len > 0) { 788| | /* We can only process an entire data unit at a time. */ 789| | return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 790| | } 791| | 792| | ret = mbedtls_cipher_get_base(ctx->cipher_info)->xts_func(ctx->cipher_ctx, 793| | ctx->operation, 794| | ilen, 795| | ctx->iv, 796| | input, 797| | output); 798| | if (ret != 0) { 799| | return ret; 800| | } 801| | 802| | *olen = ilen; 803| | 804| | return 0; 805| | } 806| |#endif /* MBEDTLS_CIPHER_MODE_XTS */ 807| | 808| 0|#if defined(MBEDTLS_CIPHER_MODE_STREAM) 809| 0| if (((mbedtls_cipher_mode_t) ctx->cipher_info->mode) == MBEDTLS_MODE_STREAM) { ------------------ | Branch (809:9): [True: 0, False: 0] ------------------ 810| 0| if (0 != (ret = mbedtls_cipher_get_base(ctx->cipher_info)->stream_func(ctx->cipher_ctx, ------------------ | Branch (810:13): [True: 0, False: 0] ------------------ 811| 0| ilen, input, 812| 0| output))) { 813| 0| return ret; 814| 0| } 815| | 816| 0| *olen = ilen; 817| | 818| 0| return 0; 819| 0| } 820| 0|#endif /* MBEDTLS_CIPHER_MODE_STREAM */ 821| | 822| 0| return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; ------------------ | | 38| 0|#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 ------------------ 823| 0|} cipher.c:mbedtls_cipher_get_base: 60| 621|{ 61| 621| return mbedtls_cipher_base_lookup_table[info->base_idx]; 62| 621|} cipher_wrap.c:aes_crypt_ecb_wrap: 165| 138|{ 166| 138| return mbedtls_aes_crypt_ecb((mbedtls_aes_context *) ctx, operation, input, output); 167| 138|} cipher_wrap.c:aes_setkey_enc_wrap: 243| 69|{ 244| 69| return mbedtls_aes_setkey_enc((mbedtls_aes_context *) ctx, key, key_bitlen); 245| 69|} cipher_wrap.c:aes_ctx_alloc: 248| 69|{ 249| 69| mbedtls_aes_context *aes = mbedtls_calloc(1, sizeof(mbedtls_aes_context)); ------------------ | | 144| 69|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 69|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ 250| | 251| 69| if (aes == NULL) { ------------------ | Branch (251:9): [True: 0, False: 69] ------------------ 252| 0| return NULL; 253| 0| } 254| | 255| 69| mbedtls_aes_init(aes); 256| | 257| 69| return aes; 258| 69|} cipher_wrap.c:aes_ctx_free: 261| 69|{ 262| 69| mbedtls_aes_free((mbedtls_aes_context *) ctx); 263| 69| mbedtls_free(ctx); ------------------ | | 143| 69|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 69|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 264| 69|} gcm.c:mbedtls_xor: 190| 3.58k|{ 191| 3.58k| size_t i = 0; 192| 3.58k|#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) 193| |#if defined(MBEDTLS_HAVE_NEON_INTRINSICS) && \ 194| | (!(defined(MBEDTLS_COMPILER_IS_GCC) && MBEDTLS_GCC_VERSION < 70300)) 195| | /* Old GCC versions generate a warning here, so disable the NEON path for these compilers */ 196| | for (; (i + 16) <= n; i += 16) { 197| | uint8x16_t v1 = vld1q_u8(a + i); 198| | uint8x16_t v2 = vld1q_u8(b + i); 199| | uint8x16_t x = veorq_u8(v1, v2); 200| | vst1q_u8(r + i, x); 201| | } 202| |#if defined(__IAR_SYSTEMS_ICC__) 203| | /* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case 204| | * where n is a constant multiple of 16. 205| | * For other compilers (e.g. recent gcc and clang) it makes no difference if n is a compile-time 206| | * constant, and is a very small perf regression if n is not a compile-time constant. */ 207| | if (n % 16 == 0) { 208| | return; 209| | } 210| |#endif 211| |#elif defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64) 212| | /* This codepath probably only makes sense on architectures with 64-bit registers */ 213| 10.6k| for (; (i + 8) <= n; i += 8) { ------------------ | Branch (213:12): [True: 7.08k, False: 3.58k] ------------------ 214| 7.08k| uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i); 215| 7.08k| mbedtls_put_unaligned_uint64(r + i, x); 216| 7.08k| } 217| |#if defined(__IAR_SYSTEMS_ICC__) 218| | if (n % 8 == 0) { 219| | return; 220| | } 221| |#endif 222| |#else 223| | for (; (i + 4) <= n; i += 4) { 224| | uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i); 225| | mbedtls_put_unaligned_uint32(r + i, x); 226| | } 227| |#if defined(__IAR_SYSTEMS_ICC__) 228| | if (n % 4 == 0) { 229| | return; 230| | } 231| |#endif 232| |#endif 233| 3.58k|#endif 234| 3.81k| for (; i < n; i++) { ------------------ | Branch (234:12): [True: 238, False: 3.58k] ------------------ 235| 238| r[i] = a[i] ^ b[i]; 236| 238| } 237| 3.58k|} mbedtls_ct_memcmp: 71| 69|{ 72| 69| size_t i = 0; 73| | /* 74| | * `A` and `B` are cast to volatile to ensure that the compiler 75| | * generates code that always fully reads both buffers. 76| | * Otherwise it could generate a test to exit early if `diff` has all 77| | * bits set early in the loop. 78| | */ 79| 69| volatile const unsigned char *A = (volatile const unsigned char *) a; 80| 69| volatile const unsigned char *B = (volatile const unsigned char *) b; 81| 69| uint32_t diff = 0; 82| | 83| |#if defined(MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS) 84| | for (; (i + 4) <= n; i += 4) { 85| | uint32_t x = mbedtls_get_unaligned_volatile_uint32(A + i); 86| | uint32_t y = mbedtls_get_unaligned_volatile_uint32(B + i); 87| | diff |= x ^ y; 88| | } 89| |#endif 90| | 91| 1.17k| for (; i < n; i++) { ------------------ | Branch (91:12): [True: 1.10k, False: 69] ------------------ 92| | /* Read volatile data in order before computing diff. 93| | * This avoids IAR compiler warning: 94| | * 'the order of volatile accesses is undefined ..' */ 95| 1.10k| unsigned char x = A[i], y = B[i]; 96| 1.10k| diff |= x ^ y; 97| 1.10k| } 98| | 99| | 100| |#if (INT_MAX < INT32_MAX) 101| | /* We don't support int smaller than 32-bits, but if someone tried to build 102| | * with this configuration, there is a risk that, for differing data, the 103| | * only bits set in diff are in the top 16-bits, and would be lost by a 104| | * simple cast from uint32 to int. 105| | * This would have significant security implications, so protect against it. */ 106| |#error "mbedtls_ct_memcmp() requires minimum 32-bit ints" 107| |#else 108| | /* The bit-twiddling ensures that when we cast uint32_t to int, we are casting 109| | * a value that is in the range 0..INT_MAX - a value larger than this would 110| | * result in implementation defined behaviour. 111| | * 112| | * This ensures that the value returned by the function is non-zero iff 113| | * diff is non-zero. 114| | */ 115| 69| return (int) ((diff & 0xffff) | (diff >> 16)); 116| 69|#endif 117| 69|} mbedtls_gcm_init: 54| 69|{ 55| 69| memset(ctx, 0, sizeof(mbedtls_gcm_context)); 56| 69|} mbedtls_gcm_setkey: 166| 69|{ 167| 69| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 69|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 168| | 169| 69| if (keybits != 128 && keybits != 192 && keybits != 256) { ------------------ | Branch (169:9): [True: 69, False: 0] | Branch (169:27): [True: 69, False: 0] | Branch (169:45): [True: 0, False: 69] ------------------ 170| 0| return MBEDTLS_ERR_GCM_BAD_INPUT; ------------------ | | 39| 0|#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 ------------------ 171| 0| } 172| | 173| |#if defined(MBEDTLS_BLOCK_CIPHER_C) 174| | mbedtls_block_cipher_free(&ctx->block_cipher_ctx); 175| | 176| | if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) { 177| | return ret; 178| | } 179| | 180| | if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) { 181| | return ret; 182| | } 183| |#else 184| 69| const mbedtls_cipher_info_t *cipher_info; 185| | 186| 69| cipher_info = mbedtls_cipher_info_from_values(cipher, keybits, 187| 69| MBEDTLS_MODE_ECB); 188| 69| if (cipher_info == NULL) { ------------------ | Branch (188:9): [True: 0, False: 69] ------------------ 189| 0| return MBEDTLS_ERR_GCM_BAD_INPUT; ------------------ | | 39| 0|#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 ------------------ 190| 0| } 191| | 192| 69| if (mbedtls_cipher_info_get_block_size(cipher_info) != 16) { ------------------ | Branch (192:9): [True: 0, False: 69] ------------------ 193| 0| return MBEDTLS_ERR_GCM_BAD_INPUT; ------------------ | | 39| 0|#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 ------------------ 194| 0| } 195| | 196| 69| mbedtls_cipher_free(&ctx->cipher_ctx); 197| | 198| 69| if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) { ------------------ | Branch (198:9): [True: 0, False: 69] ------------------ 199| 0| return ret; 200| 0| } 201| | 202| 69| if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits, ------------------ | Branch (202:9): [True: 0, False: 69] ------------------ 203| 69| MBEDTLS_ENCRYPT)) != 0) { 204| 0| return ret; 205| 0| } 206| 69|#endif 207| | 208| 69| if ((ret = gcm_gen_table(ctx)) != 0) { ------------------ | Branch (208:9): [True: 0, False: 69] ------------------ 209| 0| return ret; 210| 0| } 211| | 212| 69| return 0; 213| 69|} mbedtls_gcm_starts: 380| 69|{ 381| 69| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 69|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 382| 69| unsigned char work_buf[16]; 383| 69| const unsigned char *p; 384| 69| size_t use_len; 385| 69| uint64_t iv_bits; 386| 69|#if !defined(MBEDTLS_BLOCK_CIPHER_C) 387| 69| size_t olen = 0; 388| 69|#endif 389| | 390| | /* IV is limited to 2^64 bits, so 2^61 bytes */ 391| | /* IV is not allowed to be zero length */ 392| 69| if (iv_len == 0 || (uint64_t) iv_len >> 61 != 0) { ------------------ | Branch (392:9): [True: 0, False: 69] | Branch (392:24): [True: 0, False: 69] ------------------ 393| 0| return MBEDTLS_ERR_GCM_BAD_INPUT; ------------------ | | 39| 0|#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 ------------------ 394| 0| } 395| | 396| 69| memset(ctx->y, 0x00, sizeof(ctx->y)); 397| 69| memset(ctx->buf, 0x00, sizeof(ctx->buf)); 398| | 399| 69| ctx->mode = mode; 400| 69| ctx->len = 0; 401| 69| ctx->add_len = 0; 402| | 403| 69| if (iv_len == 12) { ------------------ | Branch (403:9): [True: 69, False: 0] ------------------ 404| 69| memcpy(ctx->y, iv, iv_len); 405| 69| ctx->y[15] = 1; 406| 69| } else { 407| 0| memset(work_buf, 0x00, 16); 408| 0| iv_bits = (uint64_t) iv_len * 8; 409| 0| MBEDTLS_PUT_UINT64_BE(iv_bits, work_buf, 8); ------------------ | | 637| 0| { \ | | 638| 0| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 0|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 639| 0| { \ | | 640| 0| mbedtls_put_unaligned_uint64((data) + (offset), (uint64_t) (n)); \ | | 641| 0| } \ | | 642| 0| else \ | | 643| 0| { \ | | 644| 0| mbedtls_put_unaligned_uint64((data) + (offset), MBEDTLS_BSWAP64((uint64_t) (n))); \ | | ------------------ | | | | 301| 0|#define MBEDTLS_BSWAP64 __builtin_bswap64 | | ------------------ | | 645| 0| } \ | | 646| 0| } ------------------ 410| | 411| 0| p = iv; 412| 0| while (iv_len > 0) { ------------------ | Branch (412:16): [True: 0, False: 0] ------------------ 413| 0| use_len = (iv_len < 16) ? iv_len : 16; ------------------ | Branch (413:23): [True: 0, False: 0] ------------------ 414| | 415| |#if defined(MBEDTLS_COMPILER_IS_GCC) && (MBEDTLS_GCC_VERSION >= 70110) 416| |#pragma GCC diagnostic push 417| |#pragma GCC diagnostic warning "-Wstringop-overflow=0" 418| |#endif 419| | 420| 0| mbedtls_xor(ctx->y, ctx->y, p, use_len); 421| | 422| |#if defined(MBEDTLS_COMPILER_IS_GCC) && (MBEDTLS_GCC_VERSION >= 70110) 423| |#pragma GCC diagnostic pop 424| |#endif 425| | 426| 0| gcm_mult(ctx, ctx->y, ctx->y); 427| | 428| 0| iv_len -= use_len; 429| 0| p += use_len; 430| 0| } 431| | 432| 0| mbedtls_xor(ctx->y, ctx->y, work_buf, 16); 433| | 434| 0| gcm_mult(ctx, ctx->y, ctx->y); 435| 0| } 436| | 437| | 438| |#if defined(MBEDTLS_BLOCK_CIPHER_C) 439| | ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, ctx->y, ctx->base_ectr); 440| |#else 441| 69| ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->base_ectr, &olen); 442| 69|#endif 443| 69| if (ret != 0) { ------------------ | Branch (443:9): [True: 0, False: 69] ------------------ 444| 0| return ret; 445| 0| } 446| | 447| 69| return 0; 448| 69|} mbedtls_gcm_update_ad: 469| 69|{ 470| 69| const unsigned char *p; 471| 69| size_t use_len, offset; 472| 69| uint64_t new_add_len; 473| | 474| | /* AD is limited to 2^64 bits, ie 2^61 bytes 475| | * Also check for possible overflow */ 476| |#if SIZE_MAX > 0xFFFFFFFFFFFFFFFFULL 477| | if (add_len > 0xFFFFFFFFFFFFFFFFULL) { 478| | return MBEDTLS_ERR_GCM_BAD_INPUT; 479| | } 480| |#endif 481| 69| new_add_len = ctx->add_len + (uint64_t) add_len; 482| 69| if (new_add_len < ctx->add_len || new_add_len >> 61 != 0) { ------------------ | Branch (482:9): [True: 0, False: 69] | Branch (482:39): [True: 0, False: 69] ------------------ 483| 0| return MBEDTLS_ERR_GCM_BAD_INPUT; ------------------ | | 39| 0|#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 ------------------ 484| 0| } 485| | 486| 69| offset = ctx->add_len % 16; 487| 69| p = add; 488| | 489| 69| if (offset != 0) { ------------------ | Branch (489:9): [True: 0, False: 69] ------------------ 490| 0| use_len = 16 - offset; 491| 0| if (use_len > add_len) { ------------------ | Branch (491:13): [True: 0, False: 0] ------------------ 492| 0| use_len = add_len; 493| 0| } 494| | 495| 0| mbedtls_xor(ctx->buf + offset, ctx->buf + offset, p, use_len); 496| | 497| 0| if (offset + use_len == 16) { ------------------ | Branch (497:13): [True: 0, False: 0] ------------------ 498| 0| gcm_mult(ctx, ctx->buf, ctx->buf); 499| 0| } 500| | 501| 0| ctx->add_len += use_len; 502| 0| add_len -= use_len; 503| 0| p += use_len; 504| 0| } 505| | 506| 69| ctx->add_len += add_len; 507| | 508| 3.45k| while (add_len >= 16) { ------------------ | Branch (508:12): [True: 3.38k, False: 69] ------------------ 509| 3.38k| mbedtls_xor(ctx->buf, ctx->buf, p, 16); 510| | 511| 3.38k| gcm_mult(ctx, ctx->buf, ctx->buf); 512| | 513| 3.38k| add_len -= 16; 514| 3.38k| p += 16; 515| 3.38k| } 516| | 517| 69| if (add_len > 0) { ------------------ | Branch (517:9): [True: 58, False: 11] ------------------ 518| 58| mbedtls_xor(ctx->buf, ctx->buf, p, add_len); 519| 58| } 520| | 521| 69| return 0; 522| 69|} mbedtls_gcm_update: 568| 69|{ 569| 69| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 69|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 570| 69| const unsigned char *p = input; 571| 69| unsigned char *out_p = output; 572| 69| size_t offset; 573| 69| unsigned char ectr[16] = { 0 }; 574| | 575| 69| if (output_size < input_length) { ------------------ | Branch (575:9): [True: 0, False: 69] ------------------ 576| 0| return MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL; ------------------ | | 41| 0|#define MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL -0x0016 ------------------ 577| 0| } 578| 69| *output_length = input_length; 579| | 580| | /* Exit early if input_length==0 so that we don't do any pointer arithmetic 581| | * on a potentially null pointer. 582| | * Returning early also means that the last partial block of AD remains 583| | * untouched for mbedtls_gcm_finish */ 584| 69| if (input_length == 0) { ------------------ | Branch (584:9): [True: 69, False: 0] ------------------ 585| 69| return 0; 586| 69| } 587| | 588| 0| if (output > input && (size_t) (output - input) < input_length) { ------------------ | Branch (588:9): [True: 0, False: 0] | Branch (588:27): [True: 0, False: 0] ------------------ 589| 0| return MBEDTLS_ERR_GCM_BAD_INPUT; ------------------ | | 39| 0|#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 ------------------ 590| 0| } 591| | 592| | /* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes 593| | * Also check for possible overflow */ 594| 0| if (ctx->len + input_length < ctx->len || ------------------ | Branch (594:9): [True: 0, False: 0] ------------------ 595| 0| (uint64_t) ctx->len + input_length > 0xFFFFFFFE0ull) { ------------------ | Branch (595:9): [True: 0, False: 0] ------------------ 596| 0| return MBEDTLS_ERR_GCM_BAD_INPUT; ------------------ | | 39| 0|#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 ------------------ 597| 0| } 598| | 599| 0| if (ctx->len == 0 && ctx->add_len % 16 != 0) { ------------------ | Branch (599:9): [True: 0, False: 0] | Branch (599:26): [True: 0, False: 0] ------------------ 600| 0| gcm_mult(ctx, ctx->buf, ctx->buf); 601| 0| } 602| | 603| 0| offset = ctx->len % 16; 604| 0| if (offset != 0) { ------------------ | Branch (604:9): [True: 0, False: 0] ------------------ 605| 0| size_t use_len = 16 - offset; 606| 0| if (use_len > input_length) { ------------------ | Branch (606:13): [True: 0, False: 0] ------------------ 607| 0| use_len = input_length; 608| 0| } 609| | 610| 0| if ((ret = gcm_mask(ctx, ectr, offset, use_len, p, out_p)) != 0) { ------------------ | Branch (610:13): [True: 0, False: 0] ------------------ 611| 0| return ret; 612| 0| } 613| | 614| 0| if (offset + use_len == 16) { ------------------ | Branch (614:13): [True: 0, False: 0] ------------------ 615| 0| gcm_mult(ctx, ctx->buf, ctx->buf); 616| 0| } 617| | 618| 0| ctx->len += use_len; 619| 0| input_length -= use_len; 620| 0| p += use_len; 621| 0| out_p += use_len; 622| 0| } 623| | 624| 0| ctx->len += input_length; 625| | 626| 0| while (input_length >= 16) { ------------------ | Branch (626:12): [True: 0, False: 0] ------------------ 627| 0| gcm_incr(ctx->y); 628| 0| if ((ret = gcm_mask(ctx, ectr, 0, 16, p, out_p)) != 0) { ------------------ | Branch (628:13): [True: 0, False: 0] ------------------ 629| 0| return ret; 630| 0| } 631| | 632| 0| gcm_mult(ctx, ctx->buf, ctx->buf); 633| | 634| 0| input_length -= 16; 635| 0| p += 16; 636| 0| out_p += 16; 637| 0| } 638| | 639| 0| if (input_length > 0) { ------------------ | Branch (639:9): [True: 0, False: 0] ------------------ 640| 0| gcm_incr(ctx->y); 641| 0| if ((ret = gcm_mask(ctx, ectr, 0, input_length, p, out_p)) != 0) { ------------------ | Branch (641:13): [True: 0, False: 0] ------------------ 642| 0| return ret; 643| 0| } 644| 0| } 645| | 646| 0| mbedtls_platform_zeroize(ectr, sizeof(ectr)); 647| 0| return 0; 648| 0|} mbedtls_gcm_finish: 654| 69|{ 655| 69| unsigned char work_buf[16]; 656| 69| uint64_t orig_len; 657| 69| uint64_t orig_add_len; 658| | 659| | /* We never pass any output in finish(). The output parameter exists only 660| | * for the sake of alternative implementations. */ 661| 69| (void) output; 662| 69| (void) output_size; 663| 69| *output_length = 0; 664| | 665| | /* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes 666| | * and AD length is restricted to 2^64 bits, ie 2^61 bytes so neither of 667| | * the two multiplications would overflow. */ 668| 69| orig_len = ctx->len * 8; 669| 69| orig_add_len = ctx->add_len * 8; 670| | 671| 69| if (ctx->len == 0 && ctx->add_len % 16 != 0) { ------------------ | Branch (671:9): [True: 69, False: 0] | Branch (671:26): [True: 58, False: 11] ------------------ 672| 58| gcm_mult(ctx, ctx->buf, ctx->buf); 673| 58| } 674| | 675| 69| if (tag_len > 16 || tag_len < 4) { ------------------ | Branch (675:9): [True: 0, False: 69] | Branch (675:25): [True: 0, False: 69] ------------------ 676| 0| return MBEDTLS_ERR_GCM_BAD_INPUT; ------------------ | | 39| 0|#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 ------------------ 677| 0| } 678| | 679| 69| if (ctx->len % 16 != 0) { ------------------ | Branch (679:9): [True: 0, False: 69] ------------------ 680| 0| gcm_mult(ctx, ctx->buf, ctx->buf); 681| 0| } 682| | 683| 69| memcpy(tag, ctx->base_ectr, tag_len); 684| | 685| 69| if (orig_len || orig_add_len) { ------------------ | Branch (685:9): [True: 0, False: 69] | Branch (685:21): [True: 69, False: 0] ------------------ 686| 69| memset(work_buf, 0x00, 16); 687| | 688| 69| MBEDTLS_PUT_UINT32_BE((orig_add_len >> 32), work_buf, 0); ------------------ | | 428| 69| { \ | | 429| 69| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 69|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 430| 69| { \ | | 431| 0| mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ | | 432| 0| } \ | | 433| 69| else \ | | 434| 69| { \ | | 435| 69| mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ | | ------------------ | | | | 298| 69|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 436| 69| } \ | | 437| 69| } ------------------ 689| 69| MBEDTLS_PUT_UINT32_BE((orig_add_len), work_buf, 4); ------------------ | | 428| 69| { \ | | 429| 69| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 69|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 430| 69| { \ | | 431| 0| mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ | | 432| 0| } \ | | 433| 69| else \ | | 434| 69| { \ | | 435| 69| mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ | | ------------------ | | | | 298| 69|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 436| 69| } \ | | 437| 69| } ------------------ 690| 69| MBEDTLS_PUT_UINT32_BE((orig_len >> 32), work_buf, 8); ------------------ | | 428| 69| { \ | | 429| 69| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 69|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 430| 69| { \ | | 431| 0| mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ | | 432| 0| } \ | | 433| 69| else \ | | 434| 69| { \ | | 435| 69| mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ | | ------------------ | | | | 298| 69|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 436| 69| } \ | | 437| 69| } ------------------ 691| 69| MBEDTLS_PUT_UINT32_BE((orig_len), work_buf, 12); ------------------ | | 428| 69| { \ | | 429| 69| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 69|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 430| 69| { \ | | 431| 0| mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ | | 432| 0| } \ | | 433| 69| else \ | | 434| 69| { \ | | 435| 69| mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ | | ------------------ | | | | 298| 69|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 436| 69| } \ | | 437| 69| } ------------------ 692| | 693| 69| mbedtls_xor(ctx->buf, ctx->buf, work_buf, 16); 694| | 695| 69| gcm_mult(ctx, ctx->buf, ctx->buf); 696| | 697| 69| mbedtls_xor(tag, tag, ctx->buf, tag_len); 698| 69| } 699| | 700| 69| return 0; 701| 69|} mbedtls_gcm_crypt_and_tag: 714| 69|{ 715| 69| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 69|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 716| 69| size_t olen; 717| | 718| 69| if ((ret = mbedtls_gcm_starts(ctx, mode, iv, iv_len)) != 0) { ------------------ | Branch (718:9): [True: 0, False: 69] ------------------ 719| 0| return ret; 720| 0| } 721| | 722| 69| if ((ret = mbedtls_gcm_update_ad(ctx, add, add_len)) != 0) { ------------------ | Branch (722:9): [True: 0, False: 69] ------------------ 723| 0| return ret; 724| 0| } 725| | 726| 69| if ((ret = mbedtls_gcm_update(ctx, input, length, ------------------ | Branch (726:9): [True: 0, False: 69] ------------------ 727| 69| output, length, &olen)) != 0) { 728| 0| return ret; 729| 0| } 730| | 731| 69| if ((ret = mbedtls_gcm_finish(ctx, NULL, 0, &olen, tag, tag_len)) != 0) { ------------------ | Branch (731:9): [True: 0, False: 69] ------------------ 732| 0| return ret; 733| 0| } 734| | 735| 69| return 0; 736| 69|} mbedtls_gcm_auth_decrypt: 748| 69|{ 749| 69| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 69|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 750| 69| unsigned char check_tag[16]; 751| 69| int diff; 752| | 753| 69| if ((ret = mbedtls_gcm_crypt_and_tag(ctx, MBEDTLS_GCM_DECRYPT, length, ------------------ | | 34| 69|#define MBEDTLS_GCM_DECRYPT 0 ------------------ | Branch (753:9): [True: 0, False: 69] ------------------ 754| 69| iv, iv_len, add, add_len, 755| 69| input, output, tag_len, check_tag)) != 0) { 756| 0| return ret; 757| 0| } 758| | 759| | /* Check tag in "constant-time" */ 760| 69| diff = mbedtls_ct_memcmp(tag, check_tag, tag_len); 761| | 762| 69| if (diff != 0) { ------------------ | Branch (762:9): [True: 69, False: 0] ------------------ 763| 69| mbedtls_platform_zeroize(output, length); 764| 69| return MBEDTLS_ERR_GCM_AUTH_FAILED; ------------------ | | 37| 69|#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 ------------------ 765| 69| } 766| | 767| 0| return 0; 768| 69|} mbedtls_gcm_free: 771| 69|{ 772| 69| if (ctx == NULL) { ------------------ | Branch (772:9): [True: 0, False: 69] ------------------ 773| 0| return; 774| 0| } 775| |#if defined(MBEDTLS_BLOCK_CIPHER_C) 776| | mbedtls_block_cipher_free(&ctx->block_cipher_ctx); 777| |#else 778| 69| mbedtls_cipher_free(&ctx->cipher_ctx); 779| 69|#endif 780| 69| mbedtls_platform_zeroize(ctx, sizeof(mbedtls_gcm_context)); 781| 69|} gcm.c:gcm_gen_table: 100| 69|{ 101| 69| int ret, i, j; 102| 69| uint64_t u64h[2] = { 0 }; 103| 69| uint8_t *h = (uint8_t *) u64h; 104| | 105| |#if defined(MBEDTLS_BLOCK_CIPHER_C) 106| | ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h); 107| |#else 108| 69| size_t olen = 0; 109| 69| ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen); 110| 69|#endif 111| 69| if (ret != 0) { ------------------ | Branch (111:9): [True: 0, False: 69] ------------------ 112| 0| return ret; 113| 0| } 114| | 115| 69| gcm_set_acceleration(ctx); 116| | 117| | /* MBEDTLS_GCM_HTABLE_SIZE/2 = 1000 corresponds to 1 in GF(2^128) */ 118| 69| ctx->H[MBEDTLS_GCM_HTABLE_SIZE/2][0] = u64h[0]; ------------------ | | 52| 69|#define MBEDTLS_GCM_HTABLE_SIZE 16 ------------------ 119| 69| ctx->H[MBEDTLS_GCM_HTABLE_SIZE/2][1] = u64h[1]; ------------------ | | 52| 69|#define MBEDTLS_GCM_HTABLE_SIZE 16 ------------------ 120| | 121| 69| switch (ctx->acceleration) { 122| 0|#if defined(MBEDTLS_AESNI_HAVE_CODE) 123| 69| case MBEDTLS_GCM_ACC_AESNI: ------------------ | | 47| 69|#define MBEDTLS_GCM_ACC_AESNI 2 ------------------ | Branch (123:9): [True: 69, False: 0] ------------------ 124| 69| return 0; 125| 0|#endif 126| | 127| |#if defined(MBEDTLS_AESCE_HAVE_CODE) 128| | case MBEDTLS_GCM_ACC_AESCE: 129| | return 0; 130| |#endif 131| | 132| 0| default: ------------------ | Branch (132:9): [True: 0, False: 69] ------------------ 133| | /* 0 corresponds to 0 in GF(2^128) */ 134| 0| ctx->H[0][0] = 0; 135| 0| ctx->H[0][1] = 0; 136| | 137| 0| for (i = MBEDTLS_GCM_HTABLE_SIZE/4; i > 0; i >>= 1) { ------------------ | | 52| 0|#define MBEDTLS_GCM_HTABLE_SIZE 16 ------------------ | Branch (137:49): [True: 0, False: 0] ------------------ 138| 0| gcm_gen_table_rightshift(ctx->H[i], ctx->H[i*2]); 139| 0| } 140| | 141| 0|#if !defined(MBEDTLS_GCM_LARGE_TABLE) 142| | /* pack elements of H as 64-bits ints, big-endian */ 143| 0| for (i = MBEDTLS_GCM_HTABLE_SIZE/2; i > 0; i >>= 1) { ------------------ | | 52| 0|#define MBEDTLS_GCM_HTABLE_SIZE 16 ------------------ | Branch (143:49): [True: 0, False: 0] ------------------ 144| 0| MBEDTLS_PUT_UINT64_BE(ctx->H[i][0], &ctx->H[i][0], 0); ------------------ | | 637| 0| { \ | | 638| 0| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 0|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 639| 0| { \ | | 640| 0| mbedtls_put_unaligned_uint64((data) + (offset), (uint64_t) (n)); \ | | 641| 0| } \ | | 642| 0| else \ | | 643| 0| { \ | | 644| 0| mbedtls_put_unaligned_uint64((data) + (offset), MBEDTLS_BSWAP64((uint64_t) (n))); \ | | ------------------ | | | | 301| 0|#define MBEDTLS_BSWAP64 __builtin_bswap64 | | ------------------ | | 645| 0| } \ | | 646| 0| } ------------------ 145| 0| MBEDTLS_PUT_UINT64_BE(ctx->H[i][1], &ctx->H[i][1], 0); ------------------ | | 637| 0| { \ | | 638| 0| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 0|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 639| 0| { \ | | 640| 0| mbedtls_put_unaligned_uint64((data) + (offset), (uint64_t) (n)); \ | | 641| 0| } \ | | 642| 0| else \ | | 643| 0| { \ | | 644| 0| mbedtls_put_unaligned_uint64((data) + (offset), MBEDTLS_BSWAP64((uint64_t) (n))); \ | | ------------------ | | | | 301| 0|#define MBEDTLS_BSWAP64 __builtin_bswap64 | | ------------------ | | 645| 0| } \ | | 646| 0| } ------------------ 146| 0| } 147| 0|#endif 148| | 149| 0| for (i = 2; i < MBEDTLS_GCM_HTABLE_SIZE; i <<= 1) { ------------------ | | 52| 0|#define MBEDTLS_GCM_HTABLE_SIZE 16 ------------------ | Branch (149:25): [True: 0, False: 0] ------------------ 150| 0| for (j = 1; j < i; j++) { ------------------ | Branch (150:29): [True: 0, False: 0] ------------------ 151| 0| mbedtls_xor_no_simd((unsigned char *) ctx->H[i+j], 152| 0| (unsigned char *) ctx->H[i], 153| 0| (unsigned char *) ctx->H[j], 154| 0| 16); 155| 0| } 156| 0| } 157| 69| } 158| | 159| 0| return 0; 160| 69|} gcm.c:gcm_set_acceleration: 59| 69|{ 60| |#if defined(MBEDTLS_GCM_LARGE_TABLE) 61| | ctx->acceleration = MBEDTLS_GCM_ACC_LARGETABLE; 62| |#else 63| 69| ctx->acceleration = MBEDTLS_GCM_ACC_SMALLTABLE; ------------------ | | 45| 69|#define MBEDTLS_GCM_ACC_SMALLTABLE 0 ------------------ 64| 69|#endif 65| | 66| 69|#if defined(MBEDTLS_AESNI_HAVE_CODE) 67| | /* With CLMUL support, we need only h, not the rest of the table */ 68| 69| if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) { ------------------ | | 21| 69|#define MBEDTLS_AESNI_CLMUL 0x00000002u ------------------ | Branch (68:9): [True: 69, False: 0] ------------------ 69| 69| ctx->acceleration = MBEDTLS_GCM_ACC_AESNI; ------------------ | | 47| 69|#define MBEDTLS_GCM_ACC_AESNI 2 ------------------ 70| 69| } 71| 69|#endif 72| | 73| |#if defined(MBEDTLS_AESCE_HAVE_CODE) 74| | if (MBEDTLS_AESCE_HAS_SUPPORT()) { 75| | ctx->acceleration = MBEDTLS_GCM_ACC_AESCE; 76| | } 77| |#endif 78| 69|} gcm.c:gcm_mult: 349| 3.51k|{ 350| 3.51k| switch (ctx->acceleration) { ------------------ | Branch (350:13): [True: 0, False: 3.51k] ------------------ 351| 0|#if defined(MBEDTLS_AESNI_HAVE_CODE) 352| 3.51k| case MBEDTLS_GCM_ACC_AESNI: ------------------ | | 47| 3.51k|#define MBEDTLS_GCM_ACC_AESNI 2 ------------------ | Branch (352:9): [True: 3.51k, False: 0] ------------------ 353| 3.51k| mbedtls_aesni_gcm_mult(output, x, (uint8_t *) ctx->H[MBEDTLS_GCM_HTABLE_SIZE/2]); ------------------ | | 52| 3.51k|#define MBEDTLS_GCM_HTABLE_SIZE 16 ------------------ 354| 3.51k| break; 355| 0|#endif 356| | 357| |#if defined(MBEDTLS_AESCE_HAVE_CODE) 358| | case MBEDTLS_GCM_ACC_AESCE: 359| | mbedtls_aesce_gcm_mult(output, x, (uint8_t *) ctx->H[MBEDTLS_GCM_HTABLE_SIZE/2]); 360| | break; 361| |#endif 362| | 363| |#if defined(MBEDTLS_GCM_LARGE_TABLE) 364| | case MBEDTLS_GCM_ACC_LARGETABLE: 365| | gcm_mult_largetable(output, x, ctx->H); 366| | break; 367| |#else 368| 0| case MBEDTLS_GCM_ACC_SMALLTABLE: ------------------ | | 45| 0|#define MBEDTLS_GCM_ACC_SMALLTABLE 0 ------------------ | Branch (368:9): [True: 0, False: 3.51k] ------------------ 369| 0| gcm_mult_smalltable(output, x, ctx->H); 370| 0| break; 371| 3.51k|#endif 372| 3.51k| } 373| | 374| 3.51k| return; 375| 3.51k|} libspdm_consttime_is_mem_equal: 11| 120|{ 12| 120| const volatile uint8_t *pointer_dst; 13| 120| const volatile uint8_t *pointer_src; 14| 120| uint8_t delta; 15| | 16| 120| pointer_dst = (const uint8_t *)destination_buffer; 17| 120| pointer_src = (const uint8_t *)source_buffer; 18| 120| delta = 0; 19| 360| while ((length-- != 0)) { ------------------ | Branch (19:12): [True: 240, False: 120] ------------------ 20| 240| delta |= *(pointer_dst++) ^ *(pointer_src++); 21| 240| } 22| | 23| 120| return ((delta == 0) ? true : false); ------------------ | Branch (23:13): [True: 107, False: 13] ------------------ 24| 120|} libspdm_copy_mem: 12| 1.34k|{ 13| 1.34k| volatile uint8_t* dst; 14| 1.34k| const volatile uint8_t* src; 15| | 16| 1.34k| dst = (volatile uint8_t*) dst_buf; 17| 1.34k| src = (const volatile uint8_t*) src_buf; 18| | 19| 1.34k| if ((dst == NULL) || (src == NULL)) { ------------------ | Branch (19:9): [True: 0, False: 1.34k] | Branch (19:26): [True: 0, False: 1.34k] ------------------ 20| 0| LIBSPDM_ASSERT(0); 21| 0| } 22| 1.34k| if (((src < dst) && ((src + src_len) > dst)) || ((dst < src) && ((dst + src_len) > src))) { ------------------ | Branch (22:10): [True: 881, False: 460] | Branch (22:25): [True: 0, False: 881] | Branch (22:54): [True: 460, False: 881] | Branch (22:69): [True: 0, False: 460] ------------------ 23| 0| LIBSPDM_ASSERT(0); 24| 0| } 25| 1.34k| if (src_len > dst_len) { ------------------ | Branch (25:9): [True: 0, False: 1.34k] ------------------ 26| 0| LIBSPDM_ASSERT(0); 27| 0| } 28| | 29| 109k| while (src_len-- != 0) { ------------------ | Branch (29:12): [True: 107k, False: 1.34k] ------------------ 30| 107k| *(dst++) = *(src++); 31| 107k| } 32| 1.34k|} libspdm_zero_mem: 17| 2.18k|{ 18| | 19| |#if defined(__STDC_LIB_EXT1__) 20| | memset_s(buffer, length, 0, length); 21| |#elif defined(_WIN32) 22| | SecureZeroMemory(buffer, length); 23| |#elif defined(_GNU_SOURCE) || defined(_BSD_SOURCE) 24| | explicit_bzero(buffer, length); 25| |#else 26| 2.18k| volatile uint8_t *pointer; 27| | 28| 2.18k| pointer = (uint8_t *)buffer; 29| 3.47M| while (length-- != 0) { ------------------ | Branch (29:12): [True: 3.47M, False: 2.18k] ------------------ 30| 3.47M| *(pointer++) = 0; 31| 3.47M| } 32| | 33| |#if defined(_MSC_VER) && (_MSC_VER > 1200) && !defined(__clang__) 34| | _ReadWriteBarrier(); 35| |#elif defined(__GNUC__) 36| | __asm__ __volatile__ ("" : : : "memory"); 37| 2.18k|#endif 38| | 39| 2.18k|#endif 40| 2.18k|} libspdm_setup_test_context: 59| 230|{ 60| 230| m_libspdm_test_context = spdm_test_context; 61| 230|} libspdm_unit_test_group_setup: 64| 230|{ 65| 230| libspdm_test_context_t *spdm_test_context; 66| 230| void *spdm_context; 67| | 68| 230| spdm_test_context = m_libspdm_test_context; 69| 230| spdm_test_context->spdm_context = 70| 230| (void *)malloc(libspdm_get_context_size()); 71| 230| if (spdm_test_context->spdm_context == NULL) { ------------------ | Branch (71:9): [True: 0, False: 230] ------------------ 72| 0| return (size_t)-1; 73| 0| } 74| 230| spdm_context = spdm_test_context->spdm_context; 75| | 76| 230| libspdm_init_context(spdm_context); 77| | 78| 230| libspdm_register_device_io_func(spdm_context, 79| 230| spdm_test_context->send_message, 80| 230| spdm_test_context->receive_message); 81| 230| libspdm_register_transport_layer_func(spdm_context, 82| 230| LIBSPDM_MAX_SPDM_MSG_SIZE, ------------------ | | 101| 230|#define LIBSPDM_MAX_SPDM_MSG_SIZE 0x1200 ------------------ 83| 230| LIBSPDM_TEST_TRANSPORT_HEADER_SIZE, ------------------ | | 27| 230|#define LIBSPDM_TEST_TRANSPORT_HEADER_SIZE (2 + 8 + \ | | 28| 230| LIBSPDM_TEST_SEQUENCE_NUMBER_COUNT) | | ------------------ | | | | 16| 230|#define LIBSPDM_TEST_SEQUENCE_NUMBER_COUNT 2 | | ------------------ ------------------ 84| 230| LIBSPDM_TEST_TRANSPORT_TAIL_SIZE, ------------------ | | 30| 230|#define LIBSPDM_TEST_TRANSPORT_TAIL_SIZE (LIBSPDM_TEST_MAX_RANDOM_NUMBER_COUNT + \ | | ------------------ | | | | 17| 230|#define LIBSPDM_TEST_MAX_RANDOM_NUMBER_COUNT 32 | | ------------------ | | 31| 230| LIBSPDM_MAX_AEAD_TAG_SIZE + \ | | ------------------ | | | | 75| 230|#define LIBSPDM_MAX_AEAD_TAG_SIZE 16 | | ------------------ | | 32| 230| (LIBSPDM_TEST_ALIGNMENT - 1)) | | ------------------ | | | | 15| 230|#define LIBSPDM_TEST_ALIGNMENT 4 | | ------------------ ------------------ 85| 230| libspdm_transport_test_encode_message, 86| 230| libspdm_transport_test_decode_message); 87| 230| libspdm_register_device_buffer_func(spdm_context, 88| 230| LIBSPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE, ------------------ | | 93| 230|#define LIBSPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE LIBSPDM_RECEIVER_BUFFER_SIZE | | ------------------ | | | | 78| 230|#define LIBSPDM_RECEIVER_BUFFER_SIZE (0x1200 + \ | | | | 79| 230| LIBSPDM_TRANSPORT_ADDITIONAL_SIZE) | | | | ------------------ | | | | | | 70| 230|#define LIBSPDM_TRANSPORT_ADDITIONAL_SIZE (LIBSPDM_TEST_TRANSPORT_HEADER_SIZE + \ | | | | | | ------------------ | | | | | | | | 27| 230|#define LIBSPDM_TEST_TRANSPORT_HEADER_SIZE (2 + 8 + \ | | | | | | | | 28| 230| LIBSPDM_TEST_SEQUENCE_NUMBER_COUNT) | | | | | | | | ------------------ | | | | | | | | | | 16| 230|#define LIBSPDM_TEST_SEQUENCE_NUMBER_COUNT 2 | | | | | | | | ------------------ | | | | | | ------------------ | | | | | | 71| 230| LIBSPDM_TEST_TRANSPORT_TAIL_SIZE) | | | | | | ------------------ | | | | | | | | 30| 230|#define LIBSPDM_TEST_TRANSPORT_TAIL_SIZE (LIBSPDM_TEST_MAX_RANDOM_NUMBER_COUNT + \ | | | | | | | | ------------------ | | | | | | | | | | 17| 230|#define LIBSPDM_TEST_MAX_RANDOM_NUMBER_COUNT 32 | | | | | | | | ------------------ | | | | | | | | 31| 230| LIBSPDM_MAX_AEAD_TAG_SIZE + \ | | | | | | | | ------------------ | | | | | | | | | | 75| 230|#define LIBSPDM_MAX_AEAD_TAG_SIZE 16 | | | | | | | | ------------------ | | | | | | | | 32| 230| (LIBSPDM_TEST_ALIGNMENT - 1)) | | | | | | | | ------------------ | | | | | | | | | | 15| 230|#define LIBSPDM_TEST_ALIGNMENT 4 | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 89| 230| LIBSPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE, ------------------ | | 93| 230|#define LIBSPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE LIBSPDM_RECEIVER_BUFFER_SIZE | | ------------------ | | | | 78| 230|#define LIBSPDM_RECEIVER_BUFFER_SIZE (0x1200 + \ | | | | 79| 230| LIBSPDM_TRANSPORT_ADDITIONAL_SIZE) | | | | ------------------ | | | | | | 70| 230|#define LIBSPDM_TRANSPORT_ADDITIONAL_SIZE (LIBSPDM_TEST_TRANSPORT_HEADER_SIZE + \ | | | | | | ------------------ | | | | | | | | 27| 230|#define LIBSPDM_TEST_TRANSPORT_HEADER_SIZE (2 + 8 + \ | | | | | | | | 28| 230| LIBSPDM_TEST_SEQUENCE_NUMBER_COUNT) | | | | | | | | ------------------ | | | | | | | | | | 16| 230|#define LIBSPDM_TEST_SEQUENCE_NUMBER_COUNT 2 | | | | | | | | ------------------ | | | | | | ------------------ | | | | | | 71| 230| LIBSPDM_TEST_TRANSPORT_TAIL_SIZE) | | | | | | ------------------ | | | | | | | | 30| 230|#define LIBSPDM_TEST_TRANSPORT_TAIL_SIZE (LIBSPDM_TEST_MAX_RANDOM_NUMBER_COUNT + \ | | | | | | | | ------------------ | | | | | | | | | | 17| 230|#define LIBSPDM_TEST_MAX_RANDOM_NUMBER_COUNT 32 | | | | | | | | ------------------ | | | | | | | | 31| 230| LIBSPDM_MAX_AEAD_TAG_SIZE + \ | | | | | | | | ------------------ | | | | | | | | | | 75| 230|#define LIBSPDM_MAX_AEAD_TAG_SIZE 16 | | | | | | | | ------------------ | | | | | | | | 32| 230| (LIBSPDM_TEST_ALIGNMENT - 1)) | | | | | | | | ------------------ | | | | | | | | | | 15| 230|#define LIBSPDM_TEST_ALIGNMENT 4 | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 90| 230| spdm_device_acquire_sender_buffer, 91| 230| spdm_device_release_sender_buffer, 92| 230| spdm_device_acquire_receiver_buffer, 93| 230| spdm_device_release_receiver_buffer); 94| | 95| 230| spdm_test_context->scratch_buffer_size = 96| 230| libspdm_get_sizeof_required_scratch_buffer(spdm_context); 97| 230| spdm_test_context->scratch_buffer = (void *)malloc(spdm_test_context->scratch_buffer_size); 98| 230| libspdm_set_scratch_buffer (spdm_context, 99| 230| spdm_test_context->scratch_buffer, 100| 230| spdm_test_context->scratch_buffer_size); 101| | 102| 230| *State = spdm_test_context; 103| 230| return 0; 104| 230|} libspdm_unit_test_group_teardown: 107| 230|{ 108| 230| libspdm_test_context_t *spdm_test_context; 109| | 110| 230| spdm_test_context = *State; 111| 230| free(spdm_test_context->spdm_context); 112| 230| free(spdm_test_context->scratch_buffer); 113| 230| spdm_test_context->spdm_context = NULL; 114| 230| return 0; 115| 230|} libspdm_alignment_size: 21| 230|{ 22| 230| size_t alignment; 23| 230| size_t max_buffer_size; 24| | 25| 230| alignment = LIBSPDM_TEST_ALIGNMENT; ------------------ | | 15| 230|#define LIBSPDM_TEST_ALIGNMENT 4 ------------------ 26| 230| max_buffer_size = libspdm_get_max_buffer_size(); 27| | 28| | /* In the situation where max_buffer_size is not four-byte aligned, reserve sufficient size for the buffer_size */ 29| 230| if ((size > max_buffer_size - alignment) && (size & (alignment - 1)) != 0) { ------------------ | Branch (29:9): [True: 43, False: 187] | Branch (29:49): [True: 42, False: 1] ------------------ 30| 42| size -= alignment; 31| 42| } 32| | 33| 230| if (((size) & (alignment - 1)) == 3) { ------------------ | Branch (33:9): [True: 56, False: 174] ------------------ 34| 56| size += 1; 35| 56| } 36| 230| if (((size) & (alignment - 1)) == 2) { ------------------ | Branch (36:9): [True: 6, False: 224] ------------------ 37| 6| size += 2; 38| 6| } 39| 230| if (((size) & (alignment - 1)) == 1) { ------------------ | Branch (39:9): [True: 155, False: 75] ------------------ 40| 155| size += 3; 41| 155| } 42| 230| return size; 43| 230|} LLVMFuzzerTestOneInput: 112| 230|{ 113| 230| void *test_buffer; 114| 230| size_t max_buffer_size; 115| | 116| | /* 1. Initialize test_buffer*/ 117| 230| max_buffer_size = libspdm_get_max_buffer_size(); 118| 230| test_buffer = allocate_zero_pool(max_buffer_size); 119| 230| if (test_buffer == NULL) { ------------------ | Branch (119:9): [True: 0, False: 230] ------------------ 120| 0| return 0; 121| 0| } 122| 230| if (size == 0) { ------------------ | Branch (122:9): [True: 0, False: 230] ------------------ 123| 0| printf("\033[1;33m file_size of the seed file is 0, so exit.\033[0m \n"); 124| 0| free(test_buffer); 125| 0| return 0; 126| 0| } 127| 230| if (size > max_buffer_size) { ------------------ | Branch (127:9): [True: 39, False: 191] ------------------ 128| 39| size = max_buffer_size; 129| 191| } else { 130| 191| libspdm_copy_mem(test_buffer, max_buffer_size, data, size); 131| 191| } 132| 230| size = libspdm_alignment_size(size); 133| | /* 2. Run test*/ 134| 230| libspdm_run_test_harness(test_buffer, size); 135| | /* 3. Clean up*/ 136| 230| free(test_buffer); 137| 230| return 0; 138| 230|} libspdm_get_max_buffer_size: 16| 460|{ 17| 460| return LIBSPDM_RECEIVER_BUFFER_SIZE; ------------------ | | 78| 460|#define LIBSPDM_RECEIVER_BUFFER_SIZE (0x1200 + \ | | 79| 460| LIBSPDM_TRANSPORT_ADDITIONAL_SIZE) | | ------------------ | | | | 70| 460|#define LIBSPDM_TRANSPORT_ADDITIONAL_SIZE (LIBSPDM_TEST_TRANSPORT_HEADER_SIZE + \ | | | | ------------------ | | | | | | 27| 460|#define LIBSPDM_TEST_TRANSPORT_HEADER_SIZE (2 + 8 + \ | | | | | | 28| 460| LIBSPDM_TEST_SEQUENCE_NUMBER_COUNT) | | | | | | ------------------ | | | | | | | | 16| 460|#define LIBSPDM_TEST_SEQUENCE_NUMBER_COUNT 2 | | | | | | ------------------ | | | | ------------------ | | | | 71| 460| LIBSPDM_TEST_TRANSPORT_TAIL_SIZE) | | | | ------------------ | | | | | | 30| 460|#define LIBSPDM_TEST_TRANSPORT_TAIL_SIZE (LIBSPDM_TEST_MAX_RANDOM_NUMBER_COUNT + \ | | | | | | ------------------ | | | | | | | | 17| 460|#define LIBSPDM_TEST_MAX_RANDOM_NUMBER_COUNT 32 | | | | | | ------------------ | | | | | | 31| 460| LIBSPDM_MAX_AEAD_TAG_SIZE + \ | | | | | | ------------------ | | | | | | | | 75| 460|#define LIBSPDM_MAX_AEAD_TAG_SIZE 16 | | | | | | ------------------ | | | | | | 32| 460| (LIBSPDM_TEST_ALIGNMENT - 1)) | | | | | | ------------------ | | | | | | | | 15| 460|#define LIBSPDM_TEST_ALIGNMENT 4 | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 18| 460|} libspdm_test_decode_secured_message: 21| 230|{ 22| 230| libspdm_test_context_t *spdm_test_context; 23| 230| libspdm_context_t *spdm_context; 24| 230| size_t app_message_size; 25| 230| uint8_t *app_message; 26| 230| libspdm_secured_message_callbacks_t spdm_secured_message_callbacks; 27| 230| libspdm_session_info_t *session_info; 28| 230| bool is_requester; 29| 230| uint32_t session_id; 30| 230| libspdm_secured_message_context_t *secured_message_context; 31| | 32| 230| spdm_test_context = *State; 33| 230| spdm_context = spdm_test_context->spdm_context; 34| 230| is_requester = spdm_test_context->is_requester; 35| 230| spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo; 36| 230| spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo; 37| 230| spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo; 38| 230| spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo; 39| 230| spdm_secured_message_callbacks.version = LIBSPDM_SECURED_MESSAGE_CALLBACKS_VERSION; ------------------ | | 224| 230|#define LIBSPDM_SECURED_MESSAGE_CALLBACKS_VERSION 2 ------------------ 40| 230| spdm_secured_message_callbacks.get_sequence_number = libspdm_mctp_get_sequence_number; 41| 230| spdm_secured_message_callbacks.get_max_random_number_count = 42| 230| libspdm_mctp_get_max_random_number_count; 43| 230| spdm_secured_message_callbacks.get_secured_spdm_version = 44| 230| libspdm_mctp_get_secured_spdm_version; 45| 230| session_id = 0xFFFFFFFF; 46| 230| spdm_context->latest_session_id = session_id; 47| 230| session_info = &spdm_context->session_info[0]; 48| 230| libspdm_session_info_init(spdm_context, session_info, session_id, false); 49| 230| secured_message_context = session_info->secured_message_context; 50| 230| secured_message_context->session_type = LIBSPDM_SESSION_TYPE_MAC_ONLY; 51| 230| secured_message_context->session_state = LIBSPDM_SESSION_STATE_HANDSHAKING; 52| | 53| 230| app_message_size = spdm_test_context->test_buffer_size; 54| | 55| 230| libspdm_decode_secured_message(secured_message_context, session_id, is_requester, 56| 230| spdm_test_context->test_buffer_size, 57| 230| spdm_test_context->test_buffer, 58| 230| &app_message_size, (void **)&app_message, 59| 230| &spdm_secured_message_callbacks); 60| 230|} libspdm_run_test_harness: 68| 230|{ 69| 230| void *State; 70| | 71| 230| libspdm_setup_test_context(&m_libspdm_transport_mctp_test_context); 72| | 73| 230| m_libspdm_transport_mctp_test_context.test_buffer = test_buffer; 74| 230| m_libspdm_transport_mctp_test_context.test_buffer_size = test_buffer_size; 75| | 76| 230| libspdm_unit_test_group_setup(&State); 77| | 78| 230| libspdm_test_decode_secured_message(&State); 79| | 80| 230| libspdm_unit_test_group_teardown(&State); 81| 230|}