libspdm_get_scratch_buffer_secure_message_capacity: 17| 2.85k|uint32_t libspdm_get_scratch_buffer_secure_message_capacity(libspdm_context_t *spdm_context) { 18| 2.85k| return spdm_context->local_context.capability.max_spdm_msg_size + 19| 2.85k| spdm_context->local_context.capability.transport_header_size + 20| 2.85k| spdm_context->local_context.capability.transport_tail_size; 21| 2.85k|} libspdm_get_scratch_buffer_large_message_capacity: 28| 2.85k|uint32_t libspdm_get_scratch_buffer_large_message_capacity(libspdm_context_t *spdm_context) { 29| 2.85k| return spdm_context->local_context.capability.max_spdm_msg_size; 30| 2.85k|} libspdm_get_scratch_buffer_sender_receiver_capacity: 43| 2.85k|uint32_t libspdm_get_scratch_buffer_sender_receiver_capacity(libspdm_context_t *spdm_context) { 44| 2.85k| return spdm_context->local_context.capability.max_spdm_msg_size + 45| 2.85k| spdm_context->local_context.capability.transport_header_size + 46| 2.85k| spdm_context->local_context.capability.transport_tail_size; 47| 2.85k|} libspdm_get_scratch_buffer_large_sender_receiver_capacity: 58| 2.85k|{ 59| 2.85k| return spdm_context->local_context.capability.max_spdm_msg_size + 60| 2.85k| spdm_context->local_context.capability.transport_header_size + 61| 2.85k| spdm_context->local_context.capability.transport_tail_size; 62| 2.85k|} libspdm_get_scratch_buffer_last_spdm_request_offset: 66| 952|uint32_t libspdm_get_scratch_buffer_last_spdm_request_offset(libspdm_context_t *spdm_context) { 67| 952| return 0 + 68| 952|#if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP 69| 952| libspdm_get_scratch_buffer_secure_message_capacity(spdm_context) + 70| 952| libspdm_get_scratch_buffer_large_message_capacity(spdm_context) + 71| 952|#endif 72| 952| libspdm_get_scratch_buffer_sender_receiver_capacity(spdm_context) + 73| 952|#if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP 74| 952| libspdm_get_scratch_buffer_large_sender_receiver_capacity(spdm_context) + 75| 952|#endif 76| 952| 0; 77| 952|} libspdm_get_scratch_buffer_last_spdm_request_capacity: 79| 1.90k|uint32_t libspdm_get_scratch_buffer_last_spdm_request_capacity(libspdm_context_t *spdm_context) { 80| 1.90k| return spdm_context->local_context.capability.max_spdm_msg_size; 81| 1.90k|} libspdm_get_scratch_buffer_cache_spdm_request_offset: 85| 952|uint32_t libspdm_get_scratch_buffer_cache_spdm_request_offset(libspdm_context_t *spdm_context) { 86| 952| return 0 + 87| 952|#if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP 88| 952| libspdm_get_scratch_buffer_secure_message_capacity(spdm_context) + 89| 952| libspdm_get_scratch_buffer_large_message_capacity(spdm_context) + 90| 952|#endif 91| 952| libspdm_get_scratch_buffer_sender_receiver_capacity(spdm_context) + 92| 952|#if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP 93| 952| libspdm_get_scratch_buffer_large_sender_receiver_capacity(spdm_context) + 94| 952|#endif 95| 952| libspdm_get_scratch_buffer_last_spdm_request_capacity(spdm_context) + 96| 952| 0; 97| 952|} libspdm_get_scratch_buffer_cache_spdm_request_capacity: 99| 952|uint32_t libspdm_get_scratch_buffer_cache_spdm_request_capacity(libspdm_context_t *spdm_context) { 100| 952| return spdm_context->local_context.capability.max_spdm_msg_size; 101| 952|} libspdm_get_scratch_buffer_capacity: 105| 952|uint32_t libspdm_get_scratch_buffer_capacity(libspdm_context_t *spdm_context) { 106| 952| return 0 + 107| 952|#if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP 108| 952| libspdm_get_scratch_buffer_secure_message_capacity(spdm_context) + 109| 952| libspdm_get_scratch_buffer_large_message_capacity(spdm_context) + 110| 952|#endif 111| 952| libspdm_get_scratch_buffer_sender_receiver_capacity(spdm_context) + 112| 952|#if LIBSPDM_ENABLE_CAPABILITY_CHUNK_CAP 113| 952| libspdm_get_scratch_buffer_large_sender_receiver_capacity(spdm_context) + 114| 952|#endif 115| 952| libspdm_get_scratch_buffer_last_spdm_request_capacity(spdm_context) + 116| 952|#if LIBSPDM_RESPOND_IF_READY_SUPPORT 117| 952| libspdm_get_scratch_buffer_cache_spdm_request_capacity(spdm_context) + 118| 952|#endif 119| 952| 0; 120| 952|} libspdm_reset_message_a: 1260| 357|{ 1261| 357| libspdm_reset_managed_buffer(&spdm_context->transcript.message_a); 1262| 357|} libspdm_reset_message_b: 1280| 9|{ 1281| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 1282| | libspdm_reset_managed_buffer(&spdm_context->transcript.message_b); 1283| |#else 1284| 9| if (spdm_context->transcript.digest_context_m1m2 != NULL) { ------------------ | Branch (1284:9): [True: 0, False: 9] ------------------ 1285| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 1286| 0| spdm_context->transcript.digest_context_m1m2); 1287| 0| spdm_context->transcript.digest_context_m1m2 = NULL; 1288| 0| } 1289| 9|#endif 1290| 9|} libspdm_reset_message_c: 1298| 9|{ 1299| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 1300| | libspdm_reset_managed_buffer(&spdm_context->transcript.message_c); 1301| |#else 1302| 9| if (spdm_context->transcript.digest_context_m1m2 != NULL) { ------------------ | Branch (1302:9): [True: 0, False: 9] ------------------ 1303| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 1304| 0| spdm_context->transcript.digest_context_m1m2); 1305| 0| spdm_context->transcript.digest_context_m1m2 = NULL; 1306| 0| } 1307| 9|#endif 1308| 9|} libspdm_reset_message_mut_b: 1316| 9|{ 1317| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 1318| | libspdm_reset_managed_buffer(&spdm_context->transcript.message_mut_b); 1319| |#else 1320| 9| if (spdm_context->transcript.digest_context_mut_m1m2 != NULL) { ------------------ | Branch (1320:9): [True: 0, False: 9] ------------------ 1321| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 1322| 0| spdm_context->transcript.digest_context_mut_m1m2); 1323| 0| spdm_context->transcript.digest_context_mut_m1m2 = NULL; 1324| 0| } 1325| 9|#endif 1326| 9|} libspdm_reset_message_mut_c: 1334| 9|{ 1335| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 1336| | libspdm_reset_managed_buffer(&spdm_context->transcript.message_mut_c); 1337| |#else 1338| 9| if (spdm_context->transcript.digest_context_mut_m1m2 != NULL) { ------------------ | Branch (1338:9): [True: 0, False: 9] ------------------ 1339| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 1340| 0| spdm_context->transcript.digest_context_mut_m1m2); 1341| 0| spdm_context->transcript.digest_context_mut_m1m2 = NULL; 1342| 0| } 1343| 9|#endif 1344| 9|} libspdm_reset_message_m: 1355| 9|{ 1356| 9| libspdm_session_info_t *spdm_session_info; 1357| | 1358| 9| spdm_session_info = session_info; 1359| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 1360| | if (spdm_session_info == NULL) { 1361| | libspdm_reset_managed_buffer(&spdm_context->transcript.message_m); 1362| | } else { 1363| | libspdm_reset_managed_buffer(&spdm_session_info->session_transcript.message_m); 1364| | } 1365| |#else 1366| 9| if (spdm_session_info == NULL) { ------------------ | Branch (1366:9): [True: 0, False: 9] ------------------ 1367| 0| if (spdm_context->transcript.digest_context_l1l2 != NULL) { ------------------ | Branch (1367:13): [True: 0, False: 0] ------------------ 1368| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 1369| 0| spdm_context->transcript.digest_context_l1l2); 1370| 0| spdm_context->transcript.digest_context_l1l2 = NULL; 1371| 0| } 1372| 9| } else { 1373| 9| if (spdm_session_info->session_transcript.digest_context_l1l2 != NULL) { ------------------ | Branch (1373:13): [True: 0, False: 9] ------------------ 1374| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 1375| 0| spdm_session_info->session_transcript.digest_context_l1l2); 1376| 0| spdm_session_info->session_transcript.digest_context_l1l2 = NULL; 1377| 0| } 1378| 9| } 1379| 9|#endif 1380| 9|} libspdm_reset_message_k: 1389| 357|{ 1390| 357| libspdm_session_info_t *spdm_session_info; 1391| | 1392| 357| spdm_session_info = session_info; 1393| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 1394| | libspdm_reset_managed_buffer(&spdm_session_info->session_transcript.message_k); 1395| |#else 1396| 357| { 1397| 357| if (spdm_session_info->session_transcript.digest_context_th != NULL) { ------------------ | Branch (1397:13): [True: 9, False: 348] ------------------ 1398| 9| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 1399| 9| spdm_session_info->session_transcript.digest_context_th); 1400| 9| spdm_session_info->session_transcript.digest_context_th = NULL; 1401| 9| } 1402| 357| if (spdm_session_info->session_transcript.digest_context_th_backup != NULL) { ------------------ | Branch (1402:13): [True: 0, False: 357] ------------------ 1403| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 1404| 0| spdm_session_info->session_transcript.digest_context_th_backup); 1405| 0| spdm_session_info->session_transcript.digest_context_th_backup = NULL; 1406| 0| } 1407| 357| } 1408| 357|#endif 1409| 357|} libspdm_reset_message_f: 1432| 357|{ 1433| 357| libspdm_session_info_t *spdm_session_info; 1434| | 1435| 357| spdm_session_info = session_info; 1436| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 1437| | libspdm_reset_managed_buffer(&spdm_session_info->session_transcript.message_f); 1438| |#else 1439| 357| { 1440| 357| if (spdm_session_info->session_transcript.digest_context_th != NULL) { ------------------ | Branch (1440:13): [True: 9, False: 348] ------------------ 1441| 9| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 1442| 9| spdm_session_info->session_transcript.digest_context_th); 1443| 9| spdm_session_info->session_transcript.digest_context_th = 1444| 9| spdm_session_info->session_transcript.digest_context_th_backup; 1445| 9| spdm_session_info->session_transcript.digest_context_th_backup = NULL; 1446| 9| } 1447| 357| spdm_session_info->session_transcript.message_f_initialized = false; 1448| 357| } 1449| 357|#endif 1450| 357|} libspdm_reset_message_buffer_via_request_code: 1533| 9|{ 1534| 9| libspdm_context_t *spdm_context; 1535| | 1536| 9| spdm_context = context; 1537| | /** 1538| | * Any request other than SPDM_GET_MEASUREMENTS resets L1/L2 1539| | */ 1540| 9| if (request_code != SPDM_GET_MEASUREMENTS) { ------------------ | | 70| 9|#define SPDM_GET_MEASUREMENTS 0xE0 ------------------ | Branch (1540:9): [True: 9, False: 0] ------------------ 1541| 9| libspdm_reset_message_m(spdm_context, session_info); 1542| 9| } 1543| | /** 1544| | * If the Requester issued GET_MEASUREMENTS or KEY_EXCHANGE or FINISH or PSK_EXCHANGE 1545| | * or PSK_FINISH or KEY_UPDATE or HEARTBEAT or GET_ENCAPSULATED_REQUEST or DELIVER_ENCAPSULATED_RESPONSE 1546| | * or END_SESSION request(s) or SPDM_GET_MEASUREMENT_EXTENSION_LOG and skipped CHALLENGE completion, M1 and M2 are reset to null. 1547| | */ 1548| 9| switch (request_code) 1549| 9| { 1550| 0| case SPDM_KEY_EXCHANGE: ------------------ | | 77| 0|#define SPDM_KEY_EXCHANGE 0xE4 ------------------ | Branch (1550:5): [True: 0, False: 9] ------------------ 1551| 0| case SPDM_GET_MEASUREMENTS: ------------------ | | 70| 0|#define SPDM_GET_MEASUREMENTS 0xE0 ------------------ | Branch (1551:5): [True: 0, False: 9] ------------------ 1552| 9| case SPDM_FINISH: ------------------ | | 78| 9|#define SPDM_FINISH 0xE5 ------------------ | Branch (1552:5): [True: 9, False: 0] ------------------ 1553| 9| case SPDM_PSK_EXCHANGE: ------------------ | | 79| 9|#define SPDM_PSK_EXCHANGE 0xE6 ------------------ | Branch (1553:5): [True: 0, False: 9] ------------------ 1554| 9| case SPDM_PSK_FINISH: ------------------ | | 80| 9|#define SPDM_PSK_FINISH 0xE7 ------------------ | Branch (1554:5): [True: 0, False: 9] ------------------ 1555| 9| case SPDM_KEY_UPDATE: ------------------ | | 82| 9|#define SPDM_KEY_UPDATE 0xE9 ------------------ | Branch (1555:5): [True: 0, False: 9] ------------------ 1556| 9| case SPDM_HEARTBEAT: ------------------ | | 81| 9|#define SPDM_HEARTBEAT 0xE8 ------------------ | Branch (1556:5): [True: 0, False: 9] ------------------ 1557| 9| case SPDM_GET_ENCAPSULATED_REQUEST: ------------------ | | 83| 9|#define SPDM_GET_ENCAPSULATED_REQUEST 0xEA ------------------ | Branch (1557:5): [True: 0, False: 9] ------------------ 1558| 9| case SPDM_END_SESSION: ------------------ | | 85| 9|#define SPDM_END_SESSION 0xEC ------------------ | Branch (1558:5): [True: 0, False: 9] ------------------ 1559| 9| case SPDM_GET_MEASUREMENT_EXTENSION_LOG: ------------------ | | 98| 9|#define SPDM_GET_MEASUREMENT_EXTENSION_LOG 0xEF ------------------ | Branch (1559:5): [True: 0, False: 9] ------------------ 1560| 9| if (spdm_context->connection_info.connection_state < ------------------ | Branch (1560:13): [True: 9, False: 0] ------------------ 1561| 9| LIBSPDM_CONNECTION_STATE_AUTHENTICATED) { 1562| 9| libspdm_reset_message_b(spdm_context); 1563| 9| libspdm_reset_message_c(spdm_context); 1564| 9| libspdm_reset_message_mut_b(spdm_context); 1565| 9| libspdm_reset_message_mut_c(spdm_context); 1566| 9| } 1567| 9| break; 1568| 0| case SPDM_DELIVER_ENCAPSULATED_RESPONSE: ------------------ | | 84| 0|#define SPDM_DELIVER_ENCAPSULATED_RESPONSE 0xEB ------------------ | Branch (1568:5): [True: 0, False: 9] ------------------ 1569| 0| if (spdm_context->connection_info.connection_state < ------------------ | Branch (1569:13): [True: 0, False: 0] ------------------ 1570| 0| LIBSPDM_CONNECTION_STATE_AUTHENTICATED) { 1571| 0| libspdm_reset_message_b(spdm_context); 1572| 0| libspdm_reset_message_c(spdm_context); 1573| 0| } 1574| 0| break; 1575| 0| case SPDM_GET_DIGESTS: ------------------ | | 66| 0|#define SPDM_GET_DIGESTS 0x81 ------------------ | Branch (1575:5): [True: 0, False: 9] ------------------ 1576| 0| libspdm_reset_message_b(spdm_context); 1577| 0| break; 1578| 0| case SPDM_GET_ENDPOINT_INFO: ------------------ | | 94| 0|#define SPDM_GET_ENDPOINT_INFO 0x87 ------------------ | Branch (1578:5): [True: 0, False: 9] ------------------ 1579| 0| libspdm_reset_message_e(spdm_context, session_info); 1580| 0| libspdm_reset_message_encap_e(spdm_context, session_info); 1581| 0| break; 1582| 0| default: ------------------ | Branch (1582:5): [True: 0, False: 9] ------------------ 1583| 0| break; 1584| 9| } 1585| 9|} libspdm_append_message_k: 2027| 9|{ 2028| 9| libspdm_session_info_t *spdm_session_info; 2029| | 2030| 9| spdm_session_info = session_info; 2031| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 2032| | return libspdm_append_managed_buffer( 2033| | &spdm_session_info->session_transcript.message_k, message, 2034| | message_size); 2035| |#else 2036| 9| { 2037| 9| uint8_t *cert_chain_buffer; 2038| 9| size_t cert_chain_buffer_size; 2039| 9| bool result; 2040| 9| uint8_t cert_chain_buffer_hash[LIBSPDM_MAX_HASH_SIZE]; 2041| 9| uint32_t hash_size; 2042| 9| uint8_t slot_id; 2043| | 2044| 9| hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo); 2045| | 2046| 9| if (spdm_session_info->session_transcript.digest_context_th == NULL) { ------------------ | Branch (2046:13): [True: 9, False: 0] ------------------ 2047| 9| if (!spdm_session_info->use_psk) { ------------------ | Branch (2047:17): [True: 9, False: 0] ------------------ 2048| 9| if (is_requester) { ------------------ | Branch (2048:21): [True: 0, False: 9] ------------------ 2049| 0| slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; 2050| 0| LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); 2051| 0| if (slot_id == 0xFF) { ------------------ | Branch (2051:25): [True: 0, False: 0] ------------------ 2052| 0| result = libspdm_get_peer_public_key_buffer( 2053| 0| spdm_context, (const void **)&cert_chain_buffer, 2054| 0| &cert_chain_buffer_size); 2055| 0| if (!result) { ------------------ | Branch (2055:29): [True: 0, False: 0] ------------------ 2056| 0| return LIBSPDM_STATUS_INVALID_STATE_PEER; ------------------ | | 86| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0004) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2057| 0| } 2058| | 2059| 0| result = libspdm_hash_all( 2060| 0| spdm_context->connection_info.algorithm.base_hash_algo, 2061| 0| cert_chain_buffer, cert_chain_buffer_size, 2062| 0| cert_chain_buffer_hash); 2063| 0| if (!result) { ------------------ | Branch (2063:29): [True: 0, False: 0] ------------------ 2064| 0| return LIBSPDM_STATUS_CRYPTO_ERROR; ------------------ | | 156| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2065| 0| } 2066| 0| } else { 2067| 0| LIBSPDM_ASSERT( 2068| 0| hash_size == 2069| 0| spdm_context->connection_info 2070| 0| .peer_used_cert_chain[slot_id].buffer_hash_size); 2071| | 2072| 0| libspdm_copy_mem(cert_chain_buffer_hash, 2073| 0| sizeof(cert_chain_buffer_hash), 2074| 0| spdm_context->connection_info 2075| 0| .peer_used_cert_chain[slot_id].buffer_hash, 2076| 0| hash_size); 2077| 0| } 2078| 9| } else { 2079| 9| slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id; 2080| 9| LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); 2081| 9| if (slot_id == 0xFF) { ------------------ | Branch (2081:25): [True: 0, False: 9] ------------------ 2082| 0| result = libspdm_get_local_public_key_buffer( 2083| 0| spdm_context, (const void **)&cert_chain_buffer, 2084| 0| &cert_chain_buffer_size); 2085| 9| } else { 2086| 9| result = libspdm_get_local_cert_chain_buffer( 2087| 9| spdm_context, (const void **)&cert_chain_buffer, 2088| 9| &cert_chain_buffer_size); 2089| 9| } 2090| 9| if (!result) { ------------------ | Branch (2090:25): [True: 0, False: 9] ------------------ 2091| 0| return LIBSPDM_STATUS_INVALID_STATE_LOCAL; ------------------ | | 82| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0003) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2092| 0| } 2093| | 2094| 9| result = libspdm_hash_all( 2095| 9| spdm_context->connection_info.algorithm.base_hash_algo, 2096| 9| cert_chain_buffer, cert_chain_buffer_size, 2097| 9| cert_chain_buffer_hash); 2098| 9| if (!result) { ------------------ | Branch (2098:25): [True: 0, False: 9] ------------------ 2099| 0| return LIBSPDM_STATUS_CRYPTO_ERROR; ------------------ | | 156| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2100| 0| } 2101| 9| } 2102| 9| } 2103| 9| } 2104| | 2105| | 2106| | /* prepare digest_context_th*/ 2107| | 2108| 9| if (spdm_session_info->session_transcript.digest_context_th == NULL) { ------------------ | Branch (2108:13): [True: 9, False: 0] ------------------ 2109| 9| spdm_session_info->session_transcript.digest_context_th = libspdm_hash_new ( 2110| 9| spdm_context->connection_info.algorithm.base_hash_algo); 2111| 9| if (spdm_session_info->session_transcript.digest_context_th == NULL) { ------------------ | Branch (2111:17): [True: 0, False: 9] ------------------ 2112| 0| return LIBSPDM_STATUS_CRYPTO_ERROR; ------------------ | | 156| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2113| 0| } 2114| 9| result = libspdm_hash_init (spdm_context->connection_info.algorithm.base_hash_algo, 2115| 9| spdm_session_info->session_transcript.digest_context_th); 2116| 9| if (!result) { ------------------ | Branch (2116:17): [True: 0, False: 9] ------------------ 2117| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 2118| 0| spdm_session_info->session_transcript.digest_context_th); 2119| 0| return LIBSPDM_STATUS_CRYPTO_ERROR; ------------------ | | 156| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2120| 0| } 2121| 9| result = libspdm_hash_update (spdm_context->connection_info.algorithm.base_hash_algo, 2122| 9| spdm_session_info->session_transcript.digest_context_th, 2123| 9| libspdm_get_managed_buffer(&spdm_context->transcript. 2124| 9| message_a), 2125| 9| libspdm_get_managed_buffer_size( 2126| 9| &spdm_context->transcript.message_a)); 2127| 9| if (!result) { ------------------ | Branch (2127:17): [True: 0, False: 9] ------------------ 2128| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 2129| 0| spdm_session_info->session_transcript.digest_context_th); 2130| 0| return LIBSPDM_STATUS_CRYPTO_ERROR; ------------------ | | 156| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2131| 0| } 2132| 9| if (!spdm_session_info->use_psk) { ------------------ | Branch (2132:17): [True: 9, False: 0] ------------------ 2133| 9| if (spdm_context->connection_info.multi_key_conn_rsp) { ------------------ | Branch (2133:21): [True: 0, False: 9] ------------------ 2134| 0| result = libspdm_hash_update ( 2135| 0| spdm_context->connection_info.algorithm.base_hash_algo, 2136| 0| spdm_session_info->session_transcript.digest_context_th, 2137| 0| libspdm_get_managed_buffer(&spdm_context->transcript.message_d), 2138| 0| libspdm_get_managed_buffer_size(&spdm_context->transcript.message_d)); 2139| 0| if (!result) { ------------------ | Branch (2139:25): [True: 0, False: 0] ------------------ 2140| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 2141| 0| spdm_session_info->session_transcript.digest_context_th); 2142| 0| return LIBSPDM_STATUS_CRYPTO_ERROR; ------------------ | | 156| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2143| 0| } 2144| 0| } 2145| | 2146| 9| result = libspdm_hash_update ( 2147| 9| spdm_context->connection_info.algorithm.base_hash_algo, 2148| 9| spdm_session_info->session_transcript.digest_context_th, 2149| 9| cert_chain_buffer_hash, hash_size); 2150| 9| if (!result) { ------------------ | Branch (2150:21): [True: 0, False: 9] ------------------ 2151| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 2152| 0| spdm_session_info->session_transcript.digest_context_th); 2153| 0| return LIBSPDM_STATUS_CRYPTO_ERROR; ------------------ | | 156| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2154| 0| } 2155| 9| } 2156| 9| } 2157| 9| result = libspdm_hash_update (spdm_context->connection_info.algorithm.base_hash_algo, 2158| 9| spdm_session_info->session_transcript.digest_context_th, 2159| 9| message, 2160| 9| message_size); 2161| 9| if (!result) { ------------------ | Branch (2161:13): [True: 0, False: 9] ------------------ 2162| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 2163| 0| spdm_session_info->session_transcript.digest_context_th); 2164| 0| return LIBSPDM_STATUS_CRYPTO_ERROR; ------------------ | | 156| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2165| 0| } 2166| 9| return LIBSPDM_STATUS_SUCCESS; ------------------ | | 59| 9| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_SUCCESS, LIBSPDM_SOURCE_SUCCESS, 0x0000) | | ------------------ | | | | 55| 9| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2167| 9| } 2168| 9|#endif 2169| 9|} libspdm_append_message_f: 2217| 24|{ 2218| 24| libspdm_session_info_t *spdm_session_info; 2219| | 2220| 24| spdm_session_info = session_info; 2221| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 2222| | return libspdm_append_managed_buffer( 2223| | &spdm_session_info->session_transcript.message_f, message, 2224| | message_size); 2225| |#else 2226| 24| { 2227| 24| const uint8_t *mut_cert_chain_buffer; 2228| 24| size_t mut_cert_chain_buffer_size; 2229| 24| bool result; 2230| 24| uint8_t mut_cert_chain_buffer_hash[LIBSPDM_MAX_HASH_SIZE]; 2231| 24| uint32_t hash_size; 2232| 24| libspdm_return_t status; 2233| 24| uint8_t slot_id; 2234| | 2235| 24| hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo); 2236| | 2237| 24| if (!spdm_session_info->session_transcript.message_f_initialized) { ------------------ | Branch (2237:13): [True: 9, False: 15] ------------------ 2238| | /* digest_context_th might be NULL in unit test, where message_k is hardcoded. */ 2239| 9| if (spdm_session_info->session_transcript.digest_context_th == NULL) { ------------------ | Branch (2239:17): [True: 9, False: 0] ------------------ 2240| 9| status = 2241| 9| libspdm_append_message_k (spdm_context, session_info, is_requester, NULL, 0); 2242| 9| if (LIBSPDM_STATUS_IS_ERROR(status)) { ------------------ | | 30| 9| (LIBSPDM_STATUS_SEVERITY(status) == LIBSPDM_SEVERITY_ERROR) | | ------------------ | | | | 37| 9|#define LIBSPDM_STATUS_SEVERITY(status) (((status) >> 28) & 0xf) | | ------------------ | | (LIBSPDM_STATUS_SEVERITY(status) == LIBSPDM_SEVERITY_ERROR) | | ------------------ | | | | 44| 9|#define LIBSPDM_SEVERITY_ERROR 0x8 | | ------------------ | | | Branch (30:5): [True: 0, False: 9] | | ------------------ ------------------ 2243| 0| return status; 2244| 0| } 2245| 9| } 2246| | 2247| 9| if (!spdm_session_info->use_psk && (spdm_session_info->mut_auth_requested != 0)) { ------------------ | Branch (2247:17): [True: 9, False: 0] | Branch (2247:48): [True: 8, False: 1] ------------------ 2248| 8| if (is_requester) { ------------------ | Branch (2248:21): [True: 0, False: 8] ------------------ 2249| 0| slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id; 2250| 0| LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); 2251| 0| if (slot_id == 0xFF) { ------------------ | Branch (2251:25): [True: 0, False: 0] ------------------ 2252| 0| result = libspdm_get_local_public_key_buffer( 2253| 0| spdm_context, 2254| 0| (const void **)&mut_cert_chain_buffer, 2255| 0| &mut_cert_chain_buffer_size); 2256| 0| } else { 2257| 0| result = libspdm_get_local_cert_chain_buffer( 2258| 0| spdm_context, 2259| 0| (const void **)&mut_cert_chain_buffer, 2260| 0| &mut_cert_chain_buffer_size); 2261| 0| } 2262| 0| if (!result) { ------------------ | Branch (2262:25): [True: 0, False: 0] ------------------ 2263| 0| return LIBSPDM_STATUS_INVALID_STATE_LOCAL; ------------------ | | 82| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0003) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2264| 0| } 2265| | 2266| 0| result = libspdm_hash_all( 2267| 0| spdm_context->connection_info.algorithm.base_hash_algo, 2268| 0| mut_cert_chain_buffer, mut_cert_chain_buffer_size, 2269| 0| mut_cert_chain_buffer_hash); 2270| 0| if (!result) { ------------------ | Branch (2270:25): [True: 0, False: 0] ------------------ 2271| 0| return LIBSPDM_STATUS_CRYPTO_ERROR; ------------------ | | 156| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2272| 0| } 2273| 8| } else { 2274| 8| slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; 2275| 8| LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); 2276| 8| if (slot_id == 0xFF) { ------------------ | Branch (2276:25): [True: 0, False: 8] ------------------ 2277| 0| result = libspdm_get_peer_public_key_buffer( 2278| 0| spdm_context, 2279| 0| (const void **)&mut_cert_chain_buffer, 2280| 0| &mut_cert_chain_buffer_size); 2281| 0| if (!result) { ------------------ | Branch (2281:29): [True: 0, False: 0] ------------------ 2282| 0| return LIBSPDM_STATUS_INVALID_STATE_PEER; ------------------ | | 86| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0004) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2283| 0| } 2284| | 2285| 0| result = libspdm_hash_all( 2286| 0| spdm_context->connection_info.algorithm.base_hash_algo, 2287| 0| mut_cert_chain_buffer, mut_cert_chain_buffer_size, 2288| 0| mut_cert_chain_buffer_hash); 2289| 0| if (!result) { ------------------ | Branch (2289:29): [True: 0, False: 0] ------------------ 2290| 0| return LIBSPDM_STATUS_CRYPTO_ERROR; ------------------ | | 156| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2291| 0| } 2292| 8| } else { 2293| 8| LIBSPDM_ASSERT( 2294| 8| hash_size == 2295| 8| spdm_context->connection_info 2296| 8| .peer_used_cert_chain[slot_id].buffer_hash_size); 2297| | 2298| 8| libspdm_copy_mem(mut_cert_chain_buffer_hash, 2299| 8| sizeof(mut_cert_chain_buffer_hash), 2300| 8| spdm_context->connection_info 2301| 8| .peer_used_cert_chain[slot_id].buffer_hash, 2302| 8| hash_size); 2303| 8| } 2304| 8| } 2305| 8| } 2306| | 2307| | /* It is first time call, backup current message_k context 2308| | * this backup will be used in reset_message_f.*/ 2309| | 2310| 9| LIBSPDM_ASSERT (spdm_session_info->session_transcript.digest_context_th != NULL); 2311| 9| spdm_session_info->session_transcript.digest_context_th_backup = libspdm_hash_new ( 2312| 9| spdm_context->connection_info.algorithm.base_hash_algo); 2313| 9| if (spdm_session_info->session_transcript.digest_context_th_backup == NULL) { ------------------ | Branch (2313:17): [True: 0, False: 9] ------------------ 2314| 0| return LIBSPDM_STATUS_CRYPTO_ERROR; ------------------ | | 156| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2315| 0| } 2316| 9| result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo, 2317| 9| spdm_session_info->session_transcript.digest_context_th, 2318| 9| spdm_session_info->session_transcript.digest_context_th_backup); 2319| 9| if (!result) { ------------------ | Branch (2319:17): [True: 0, False: 9] ------------------ 2320| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 2321| 0| spdm_session_info->session_transcript.digest_context_th_backup); 2322| 0| spdm_session_info->session_transcript.digest_context_th_backup = NULL; 2323| 0| return LIBSPDM_STATUS_CRYPTO_ERROR; ------------------ | | 156| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2324| 0| } 2325| 9| } 2326| | 2327| | 2328| | /* prepare digest_context_th*/ 2329| | 2330| 24| LIBSPDM_ASSERT (spdm_session_info->session_transcript.digest_context_th != NULL); 2331| 24| if (!spdm_session_info->session_transcript.message_f_initialized) { ------------------ | Branch (2331:13): [True: 9, False: 15] ------------------ 2332| 9| if (!spdm_session_info->use_psk && (spdm_session_info->mut_auth_requested != 0)) { ------------------ | Branch (2332:17): [True: 9, False: 0] | Branch (2332:48): [True: 8, False: 1] ------------------ 2333| 8| if (spdm_context->connection_info.multi_key_conn_req) { ------------------ | Branch (2333:21): [True: 0, False: 8] ------------------ 2334| 0| result = libspdm_hash_update ( 2335| 0| spdm_context->connection_info.algorithm.base_hash_algo, 2336| 0| spdm_session_info->session_transcript.digest_context_th, 2337| 0| libspdm_get_managed_buffer(&spdm_session_info->session_transcript. 2338| 0| message_encap_d), 2339| 0| libspdm_get_managed_buffer_size(&spdm_session_info->session_transcript. 2340| 0| message_encap_d)); 2341| 0| if (!result) { ------------------ | Branch (2341:25): [True: 0, False: 0] ------------------ 2342| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 2343| 0| spdm_session_info->session_transcript.digest_context_th); 2344| 0| spdm_session_info->session_transcript.digest_context_th = NULL; 2345| 0| return LIBSPDM_STATUS_CRYPTO_ERROR; ------------------ | | 156| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2346| 0| } 2347| 0| } 2348| | 2349| 8| result = libspdm_hash_update ( 2350| 8| spdm_context->connection_info.algorithm.base_hash_algo, 2351| 8| spdm_session_info->session_transcript.digest_context_th, 2352| 8| mut_cert_chain_buffer_hash, hash_size); 2353| 8| if (!result) { ------------------ | Branch (2353:21): [True: 0, False: 8] ------------------ 2354| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 2355| 0| spdm_session_info->session_transcript.digest_context_th); 2356| 0| spdm_session_info->session_transcript.digest_context_th = NULL; 2357| 0| return LIBSPDM_STATUS_CRYPTO_ERROR; ------------------ | | 156| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2358| 0| } 2359| 8| } 2360| 9| } 2361| 24| result = libspdm_hash_update (spdm_context->connection_info.algorithm.base_hash_algo, 2362| 24| spdm_session_info->session_transcript.digest_context_th, 2363| 24| message, 2364| 24| message_size); 2365| 24| if (!result) { ------------------ | Branch (2365:13): [True: 0, False: 24] ------------------ 2366| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 2367| 0| spdm_session_info->session_transcript.digest_context_th); 2368| 0| spdm_session_info->session_transcript.digest_context_th = NULL; 2369| 0| return LIBSPDM_STATUS_CRYPTO_ERROR; ------------------ | | 156| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CRYPTO, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2370| 0| } 2371| | 2372| 24| spdm_session_info->session_transcript.message_f_initialized = true; 2373| 24| return LIBSPDM_STATUS_SUCCESS; ------------------ | | 59| 24| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_SUCCESS, LIBSPDM_SOURCE_SUCCESS, 0x0000) | | ------------------ | | | | 55| 24| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 2374| 24| } 2375| 24|#endif 2376| 24|} libspdm_get_connection_version: 2632| 2.86k|{ 2633| 2.86k| return (uint8_t)(spdm_context->connection_info.version >> SPDM_VERSION_NUMBER_SHIFT_BIT); ------------------ | | 140| 2.86k|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 2634| 2.86k|} libspdm_is_capabilities_flag_supported: 2651| 182|{ 2652| 182| uint32_t negotiated_requester_capabilities_flag; 2653| 182| uint32_t negotiated_responder_capabilities_flag; 2654| | 2655| 182| if (is_requester) { ------------------ | Branch (2655:9): [True: 0, False: 182] ------------------ 2656| 0| negotiated_requester_capabilities_flag = spdm_context->local_context.capability.flags; 2657| 0| negotiated_responder_capabilities_flag = spdm_context->connection_info.capability.flags; 2658| 182| } else { 2659| 182| negotiated_requester_capabilities_flag = spdm_context->connection_info.capability.flags; 2660| 182| negotiated_responder_capabilities_flag = spdm_context->local_context.capability.flags; 2661| 182| } 2662| | 2663| 182| if (((requester_capabilities_flag == 0) || ------------------ | Branch (2663:10): [True: 0, False: 182] ------------------ 2664| 182| ((negotiated_requester_capabilities_flag & ------------------ | Branch (2664:10): [True: 168, False: 14] ------------------ 2665| 182| requester_capabilities_flag) != 0)) && 2666| 182| ((responder_capabilities_flag == 0) || ------------------ | Branch (2666:10): [True: 0, False: 168] ------------------ 2667| 168| ((negotiated_responder_capabilities_flag & ------------------ | Branch (2667:10): [True: 168, False: 0] ------------------ 2668| 168| responder_capabilities_flag) != 0))) { 2669| 168| return true; 2670| 168| } else { 2671| 14| return false; 2672| 14| } 2673| 182|} libspdm_register_device_io_func: 2720| 952|{ 2721| 952| libspdm_context_t *context; 2722| | 2723| 952| context = spdm_context; 2724| 952| context->send_message = send_message; 2725| 952| context->receive_message = receive_message; 2726| 952|} libspdm_register_device_buffer_func: 2779| 952|{ 2780| 952| libspdm_context_t *context; 2781| | 2782| 952| context = spdm_context; 2783| 952| context->sender_buffer_size = sender_buffer_size; 2784| 952| context->receiver_buffer_size = receiver_buffer_size; 2785| 952| context->acquire_sender_buffer = acquire_sender_buffer; 2786| 952| context->release_sender_buffer = release_sender_buffer; 2787| 952| context->acquire_receiver_buffer = acquire_receiver_buffer; 2788| 952| context->release_receiver_buffer = release_receiver_buffer; 2789| | 2790| 952| LIBSPDM_ASSERT (sender_buffer_size >= 2791| 952| context->local_context.capability.transport_header_size + 2792| 952| context->local_context.capability.transport_tail_size); 2793| 952| sender_buffer_size -= (context->local_context.capability.transport_header_size + 2794| 952| context->local_context.capability.transport_tail_size); 2795| 952| LIBSPDM_ASSERT (sender_buffer_size >= SPDM_MIN_DATA_TRANSFER_SIZE_VERSION_12); 2796| 952| context->local_context.capability.sender_data_transfer_size = sender_buffer_size; 2797| | 2798| 952| LIBSPDM_ASSERT(receiver_buffer_size >= 2799| 952| context->local_context.capability.transport_header_size + 2800| 952| context->local_context.capability.transport_tail_size); 2801| 952| receiver_buffer_size -= (context->local_context.capability.transport_header_size + 2802| 952| context->local_context.capability.transport_tail_size); 2803| 952| LIBSPDM_ASSERT (receiver_buffer_size >= SPDM_MIN_DATA_TRANSFER_SIZE_VERSION_12); 2804| 952| context->local_context.capability.data_transfer_size = receiver_buffer_size; 2805| 952|} libspdm_register_transport_layer_func: 2823| 952|{ 2824| 952| libspdm_context_t *context; 2825| | 2826| 952| context = spdm_context; 2827| | 2828| | /* fix the data_transfer_size if it is set before */ 2829| 952| if ((context->local_context.capability.data_transfer_size != 0) && ------------------ | Branch (2829:9): [True: 0, False: 952] ------------------ 2830| 952| (context->local_context.capability.data_transfer_size == ------------------ | Branch (2830:9): [True: 0, False: 0] ------------------ 2831| 0| context->receiver_buffer_size)) { 2832| 0| context->local_context.capability.data_transfer_size = 2833| 0| (uint32_t)(context->receiver_buffer_size - 2834| 0| (transport_header_size + transport_tail_size)); 2835| 0| } 2836| 952| if ((context->local_context.capability.sender_data_transfer_size != 0) && ------------------ | Branch (2836:9): [True: 0, False: 952] ------------------ 2837| 952| (context->local_context.capability.sender_data_transfer_size == ------------------ | Branch (2837:9): [True: 0, False: 0] ------------------ 2838| 0| context->sender_buffer_size)) { 2839| 0| context->local_context.capability.sender_data_transfer_size = 2840| 0| (uint32_t)(context->sender_buffer_size - 2841| 0| (transport_header_size + transport_tail_size)); 2842| 0| } 2843| | 2844| 952| context->local_context.capability.max_spdm_msg_size = max_spdm_msg_size; 2845| 952| context->local_context.capability.transport_header_size = transport_header_size; 2846| 952| context->local_context.capability.transport_tail_size = transport_tail_size; 2847| 952| context->transport_encode_message = transport_encode_message; 2848| 952| context->transport_decode_message = transport_decode_message; 2849| 952|} libspdm_get_sizeof_required_scratch_buffer: 2886| 952|{ 2887| 952| libspdm_context_t *context; 2888| 952| size_t scratch_buffer_size; 2889| | 2890| 952| context = spdm_context; 2891| 952| LIBSPDM_ASSERT (context->local_context.capability.max_spdm_msg_size != 0); 2892| | 2893| 952| scratch_buffer_size = libspdm_get_scratch_buffer_capacity(context); 2894| 952| return scratch_buffer_size; 2895| 952|} libspdm_set_scratch_buffer: 2911| 952|{ 2912| 952| libspdm_context_t *context; 2913| | 2914| 952| context = spdm_context; 2915| 952| LIBSPDM_ASSERT (context->local_context.capability.max_spdm_msg_size != 0); 2916| 952| LIBSPDM_ASSERT (scratch_buffer_size >= libspdm_get_scratch_buffer_capacity(spdm_context)); 2917| 952| context->scratch_buffer = scratch_buffer; 2918| 952| context->scratch_buffer_size = scratch_buffer_size; 2919| 952| context->last_spdm_request = (uint8_t *)scratch_buffer + 2920| 952| libspdm_get_scratch_buffer_last_spdm_request_offset(spdm_context); 2921| 952|#if LIBSPDM_RESPOND_IF_READY_SUPPORT 2922| 952| context->cache_spdm_request = (uint8_t *)scratch_buffer + 2923| 952| libspdm_get_scratch_buffer_cache_spdm_request_offset(spdm_context); 2924| 952|#endif 2925| 952|} libspdm_init_context_with_secured_context: 3240| 952|{ 3241| 952| libspdm_context_t *context; 3242| 952| size_t index; 3243| | 3244| 952| LIBSPDM_ASSERT(spdm_context != NULL); 3245| 952| LIBSPDM_ASSERT(secured_contexts != NULL); 3246| 952| LIBSPDM_ASSERT(num_secured_contexts == LIBSPDM_MAX_SESSION_COUNT); 3247| | 3248| 952| context = spdm_context; 3249| 952| libspdm_zero_mem(context, sizeof(libspdm_context_t)); 3250| 952| context->version = LIBSPDM_CONTEXT_STRUCT_VERSION; ------------------ | | 527| 952|#define LIBSPDM_CONTEXT_STRUCT_VERSION 0x3 ------------------ 3251| 952| context->transcript.message_a.max_buffer_size = 3252| 952| sizeof(context->transcript.message_a.buffer); 3253| 952| context->transcript.message_d.max_buffer_size = 3254| 952| sizeof(context->transcript.message_d.buffer); 3255| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 3256| | context->transcript.message_b.max_buffer_size = 3257| | sizeof(context->transcript.message_b.buffer); 3258| | context->transcript.message_c.max_buffer_size = 3259| | sizeof(context->transcript.message_c.buffer); 3260| | context->transcript.message_mut_b.max_buffer_size = 3261| | sizeof(context->transcript.message_mut_b.buffer); 3262| | context->transcript.message_mut_c.max_buffer_size = 3263| | sizeof(context->transcript.message_mut_c.buffer); 3264| | context->transcript.message_m.max_buffer_size = 3265| | sizeof(context->transcript.message_m.buffer); 3266| | context->transcript.message_e.max_buffer_size = 3267| | sizeof(context->transcript.message_e.buffer); 3268| | context->transcript.message_encap_e.max_buffer_size = 3269| | sizeof(context->transcript.message_encap_e.buffer); 3270| |#endif 3271| 952| context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL; 3272| 952| context->local_context.version.spdm_version_count = SPDM_MAX_VERSION_COUNT; ------------------ | | 17| 952|#define SPDM_MAX_VERSION_COUNT 4 ------------------ 3273| 952| context->local_context.version.spdm_version[0] = SPDM_MESSAGE_VERSION_10 << ------------------ | | 110| 952|#define SPDM_MESSAGE_VERSION_10 0x10 ------------------ 3274| 952| SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 952|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 3275| 952| context->local_context.version.spdm_version[1] = SPDM_MESSAGE_VERSION_11 << ------------------ | | 111| 952|#define SPDM_MESSAGE_VERSION_11 0x11 ------------------ 3276| 952| SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 952|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 3277| 952| context->local_context.version.spdm_version[2] = SPDM_MESSAGE_VERSION_12 << ------------------ | | 112| 952|#define SPDM_MESSAGE_VERSION_12 0x12 ------------------ 3278| 952| SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 952|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 3279| 952| context->local_context.version.spdm_version[3] = SPDM_MESSAGE_VERSION_13 << ------------------ | | 113| 952|#define SPDM_MESSAGE_VERSION_13 0x13 ------------------ 3280| 952| SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 952|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 3281| 952| context->local_context.secured_message_version.spdm_version_count = 3282| 952| SECURED_SPDM_MAX_VERSION_COUNT; ------------------ | | 55| 952|#define SECURED_SPDM_MAX_VERSION_COUNT 3 ------------------ 3283| 952| context->local_context.secured_message_version.spdm_version[0] = 3284| 952| SECURED_SPDM_VERSION_10 << SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 57| 952|#define SECURED_SPDM_VERSION_10 0x10 ------------------ SECURED_SPDM_VERSION_10 << SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 952|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 3285| 952| context->local_context.secured_message_version.spdm_version[1] = 3286| 952| SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 58| 952|#define SECURED_SPDM_VERSION_11 0x11 ------------------ SECURED_SPDM_VERSION_11 << SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 952|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 3287| 952| context->local_context.secured_message_version.spdm_version[2] = 3288| 952| SECURED_SPDM_VERSION_12 << SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 59| 952|#define SECURED_SPDM_VERSION_12 0x12 ------------------ SECURED_SPDM_VERSION_12 << SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 952|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 3289| 952| context->local_context.capability.st1 = SPDM_ST1_VALUE_US; ------------------ | | 1514| 952|#define SPDM_ST1_VALUE_US 100000 ------------------ 3290| | 3291| 952| context->mut_auth_cert_chain_buffer_size = 0; 3292| | 3293| 952| context->max_spdm_session_sequence_number = LIBSPDM_MAX_SPDM_SESSION_SEQUENCE_NUMBER; ------------------ | | 39| 952|#define LIBSPDM_MAX_SPDM_SESSION_SEQUENCE_NUMBER 0xFFFFFFFFFFFFFFFFull ------------------ 3294| | 3295| 952| context->latest_session_id = INVALID_SESSION_ID; ------------------ | | 28| 952|#define INVALID_SESSION_ID 0 ------------------ 3296| 952| context->last_spdm_request_session_id = INVALID_SESSION_ID; ------------------ | | 28| 952|#define INVALID_SESSION_ID 0 ------------------ 3297| 952| context->last_spdm_request_session_id_valid = false; 3298| 952| context->last_spdm_request_size = 0; 3299| | 3300| | /* To be updated in libspdm_register_device_buffer_func */ 3301| 952| context->local_context.capability.data_transfer_size = 0; 3302| 952| context->local_context.capability.sender_data_transfer_size = 0; 3303| 952| context->local_context.capability.max_spdm_msg_size = 0; 3304| | 3305| 4.76k| for (index = 0; index < num_secured_contexts; index++) { ------------------ | Branch (3305:21): [True: 3.80k, False: 952] ------------------ 3306| 3.80k| if (secured_contexts[index] == NULL) { ------------------ | Branch (3306:13): [True: 0, False: 3.80k] ------------------ 3307| 0| return LIBSPDM_STATUS_INVALID_PARAMETER; ------------------ | | 73| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0001) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 3308| 0| } 3309| | 3310| 3.80k| context->session_info[index].secured_message_context = secured_contexts[index]; 3311| 3.80k| libspdm_secured_message_init_context( 3312| 3.80k| context->session_info[index].secured_message_context); 3313| 3.80k| } 3314| | 3315| 952| return LIBSPDM_STATUS_SUCCESS; ------------------ | | 59| 952| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_SUCCESS, LIBSPDM_SOURCE_SUCCESS, 0x0000) | | ------------------ | | | | 55| 952| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 3316| 952|} libspdm_init_context: 3331| 952|{ 3332| 952| libspdm_context_t *context; 3333| 952| void *secured_context; 3334| 952| void *secured_contexts[LIBSPDM_MAX_SESSION_COUNT]; 3335| 952| size_t secured_context_size; 3336| 952| size_t index; 3337| | 3338| 952| LIBSPDM_ASSERT(spdm_context != NULL); 3339| | 3340| | /* libspdm_get_context_size() allocates space for all secured message 3341| | * contexts. They are appended to the general SPDM context. */ 3342| 952| context = spdm_context; 3343| 952| secured_context = (void *)((size_t)(context + 1)); 3344| 952| secured_context_size = libspdm_secured_message_get_context_size(); 3345| | 3346| 4.76k| for (index = 0; index < LIBSPDM_MAX_SESSION_COUNT; index++) ------------------ | | 198| 4.76k|#define LIBSPDM_MAX_SESSION_COUNT 4 ------------------ | Branch (3346:21): [True: 3.80k, False: 952] ------------------ 3347| 3.80k| { 3348| 3.80k| secured_contexts[index] = (uint8_t *)secured_context + secured_context_size * index; 3349| 3.80k| } 3350| | 3351| 952| return libspdm_init_context_with_secured_context(spdm_context, 3352| 952| secured_contexts, 3353| 952| LIBSPDM_MAX_SESSION_COUNT); ------------------ | | 198| 952|#define LIBSPDM_MAX_SESSION_COUNT 4 ------------------ 3354| 952|} libspdm_get_context_size: 3467| 952|{ 3468| 952| size_t size; 3469| | 3470| 952| size = sizeof(libspdm_context_t) + 3471| 952| libspdm_secured_message_get_context_size() * LIBSPDM_MAX_SESSION_COUNT; ------------------ | | 198| 952|#define LIBSPDM_MAX_SESSION_COUNT 4 ------------------ 3472| 952| LIBSPDM_ASSERT (size == LIBSPDM_CONTEXT_SIZE_ALL); 3473| 952| return size; 3474| 952|} libspdm_session_info_init: 18| 357|{ 19| 357| libspdm_session_type_t session_type; 20| 357| uint32_t capabilities_flag; 21| | 22| 357| if (session_id != INVALID_SESSION_ID) { ------------------ | | 28| 357|#define INVALID_SESSION_ID 0 ------------------ | Branch (22:9): [True: 357, False: 0] ------------------ 23| 357| if (use_psk) { ------------------ | Branch (23:13): [True: 0, False: 357] ------------------ 24| 0| LIBSPDM_ASSERT((spdm_context->max_psk_session_count == 0) || 25| 0| (spdm_context->current_psk_session_count < 26| 0| spdm_context->max_psk_session_count)); 27| 0| spdm_context->current_psk_session_count++; 28| 357| } else { 29| 357| LIBSPDM_ASSERT((spdm_context->max_dhe_session_count == 0) || 30| 357| (spdm_context->current_dhe_session_count < 31| 357| spdm_context->max_dhe_session_count)); 32| 357| spdm_context->current_dhe_session_count++; 33| 357| } 34| 357| } else { 35| 0| if (use_psk) { ------------------ | Branch (35:13): [True: 0, False: 0] ------------------ 36| 0| if (spdm_context->current_psk_session_count > 0) { ------------------ | Branch (36:17): [True: 0, False: 0] ------------------ 37| 0| spdm_context->current_psk_session_count--; 38| 0| } 39| 0| } else { 40| 0| if (spdm_context->current_dhe_session_count > 0) { ------------------ | Branch (40:17): [True: 0, False: 0] ------------------ 41| 0| spdm_context->current_dhe_session_count--; 42| 0| } 43| 0| } 44| 0| } 45| | 46| 357| capabilities_flag = spdm_context->connection_info.capability.flags & 47| 357| spdm_context->local_context.capability.flags; 48| 357| switch (capabilities_flag & 49| 357| (SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP | ------------------ | | 187| 357|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP 0x00000040 ------------------ 50| 357| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP)) { ------------------ | | 188| 357|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP 0x00000080 ------------------ 51| 357| case 0: ------------------ | Branch (51:5): [True: 357, False: 0] ------------------ 52| 357| session_type = LIBSPDM_SESSION_TYPE_NONE; 53| 357| break; 54| 0| case (SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP | ------------------ | | 187| 0|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP 0x00000040 ------------------ | Branch (54:5): [True: 0, False: 357] ------------------ 55| 0| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP): ------------------ | | 188| 0|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP 0x00000080 ------------------ 56| 0| session_type = LIBSPDM_SESSION_TYPE_ENC_MAC; 57| 0| break; 58| 0| case SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP: ------------------ | | 188| 0|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP 0x00000080 ------------------ | Branch (58:5): [True: 0, False: 357] ------------------ 59| 0| session_type = LIBSPDM_SESSION_TYPE_MAC_ONLY; 60| 0| break; 61| 0| default: ------------------ | Branch (61:5): [True: 0, False: 357] ------------------ 62| 0| LIBSPDM_ASSERT(false); 63| 0| session_type = LIBSPDM_SESSION_TYPE_MAX; 64| 0| break; 65| 357| } 66| | 67| 357|#if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) 68| 357| if (session_info->session_transcript.digest_context_th != NULL) { ------------------ | Branch (68:9): [True: 0, False: 357] ------------------ 69| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 70| 0| session_info->session_transcript.digest_context_th); 71| 0| session_info->session_transcript.digest_context_th = NULL; 72| 0| } 73| 357| if (session_info->session_transcript.digest_context_th_backup != NULL) { ------------------ | Branch (73:9): [True: 0, False: 357] ------------------ 74| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 75| 0| session_info->session_transcript.digest_context_th_backup); 76| 0| session_info->session_transcript.digest_context_th_backup = NULL; 77| 0| } 78| 357|#endif 79| | 80| 357| libspdm_zero_mem (&(session_info->last_key_update_request), sizeof(spdm_key_update_request_t)); 81| 357| libspdm_zero_mem(session_info, offsetof(libspdm_session_info_t, secured_message_context)); 82| 357| libspdm_secured_message_init_context(session_info->secured_message_context); 83| 357| session_info->session_id = session_id; 84| 357| session_info->use_psk = use_psk; 85| 357| libspdm_secured_message_set_use_psk(session_info->secured_message_context, use_psk); 86| 357| libspdm_secured_message_set_session_type(session_info->secured_message_context, session_type); 87| | 88| | /* DSP0277 1.2 explicitly specifies a little-endian sequence number. 1.0 and 1.1 leave it up to 89| | * the Integrator to specify. */ 90| 357| if ((spdm_context->connection_info.secured_message_version >> SPDM_VERSION_NUMBER_SHIFT_BIT) >= ------------------ | | 140| 357|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ | Branch (90:9): [True: 0, False: 357] ------------------ 91| 357| SECURED_SPDM_VERSION_12) { ------------------ | | 59| 357|#define SECURED_SPDM_VERSION_12 0x12 ------------------ 92| 0| libspdm_secured_message_set_sequence_number_endian( 93| 0| session_info->secured_message_context, 94| 0| LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_LITTLE); ------------------ | | 251| 0|#define LIBSPDM_DATA_SESSION_SEQ_NUM_ENC_LITTLE_DEC_LITTLE 0 ------------------ 95| 357| } else { 96| 357| libspdm_secured_message_set_sequence_number_endian(session_info->secured_message_context, 97| 357| spdm_context->sequence_number_endian); 98| 357| } 99| | 100| 357| libspdm_secured_message_set_max_spdm_session_sequence_number( 101| 357| session_info->secured_message_context, spdm_context->max_spdm_session_sequence_number); 102| 357| libspdm_secured_message_set_algorithms( 103| 357| session_info->secured_message_context, 104| 357| spdm_context->connection_info.version, 105| 357| spdm_context->connection_info.secured_message_version, 106| 357| spdm_context->connection_info.algorithm.base_hash_algo, 107| 357| spdm_context->connection_info.algorithm.dhe_named_group, 108| 357| spdm_context->connection_info.algorithm.aead_cipher_suite, 109| 357| spdm_context->connection_info.algorithm.key_schedule); 110| 357| session_info->session_transcript.message_encap_d.max_buffer_size = 111| 357| sizeof(session_info->session_transcript.message_encap_d.buffer); 112| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 113| | session_info->session_transcript.message_k.max_buffer_size = 114| | sizeof(session_info->session_transcript.message_k.buffer); 115| | session_info->session_transcript.message_f.max_buffer_size = 116| | sizeof(session_info->session_transcript.message_f.buffer); 117| | session_info->session_transcript.message_m.max_buffer_size = 118| | sizeof(session_info->session_transcript.message_m.buffer); 119| | session_info->session_transcript.message_e.max_buffer_size = 120| | sizeof(session_info->session_transcript.message_e.buffer); 121| | session_info->session_transcript.message_encap_e.max_buffer_size = 122| | sizeof(session_info->session_transcript.message_encap_e.buffer); 123| |#endif 124| 357|} libspdm_get_session_info_via_session_id: 147| 66|{ 148| 66| libspdm_context_t *context; 149| 66| libspdm_session_info_t *session_info; 150| 66| size_t index; 151| | 152| 66| if (session_id == INVALID_SESSION_ID) { ------------------ | | 28| 66|#define INVALID_SESSION_ID 0 ------------------ | Branch (152:9): [True: 0, False: 66] ------------------ 153| 0| LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR, 154| 0| "libspdm_get_session_info_via_session_id - Invalid session_id\n")); 155| 0| LIBSPDM_ASSERT(false); 156| 0| return NULL; 157| 0| } 158| | 159| 66| context = spdm_context; 160| | 161| 66| session_info = (libspdm_session_info_t *)context->session_info; 162| 66| for (index = 0; index < LIBSPDM_MAX_SESSION_COUNT; index++) { ------------------ | | 198| 66|#define LIBSPDM_MAX_SESSION_COUNT 4 ------------------ | Branch (162:21): [True: 66, False: 0] ------------------ 163| 66| if (session_info[index].session_id == session_id) { ------------------ | Branch (163:13): [True: 66, False: 0] ------------------ 164| 66| return &session_info[index]; 165| 66| } 166| 66| } 167| | 168| 0| LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR, 169| 0| "libspdm_get_session_info_via_session_id - not found session_id\n")); 170| 0| return NULL; 171| 66|} libspdm_get_local_cert_chain_buffer: 88| 9|{ 89| 9| libspdm_context_t *context; 90| | 91| 9| context = spdm_context; 92| 9| if (context->connection_info.local_used_cert_chain_buffer_size != 0) { ------------------ | Branch (92:9): [True: 9, False: 0] ------------------ 93| 9| *cert_chain_buffer = context->connection_info.local_used_cert_chain_buffer; 94| 9| *cert_chain_buffer_size = context->connection_info.local_used_cert_chain_buffer_size; 95| 9| return true; 96| 9| } 97| 0| return false; 98| 9|} libspdm_calculate_th_hash_for_finish: 353| 12|{ 354| 12| libspdm_session_info_t *session_info; 355| 12| uint32_t hash_size; 356| 12| void *digest_context_th; 357| 12| bool result; 358| | 359| 12| session_info = spdm_session_info; 360| | 361| 12| hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo); 362| | 363| 12| LIBSPDM_ASSERT(*th_hash_buffer_size >= hash_size); 364| | 365| | /* duplicate the th context, because we still need use original context to continue.*/ 366| 12| digest_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo); 367| 12| if (digest_context_th == NULL) { ------------------ | Branch (367:9): [True: 0, False: 12] ------------------ 368| 0| return false; 369| 0| } 370| 12| result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo, 371| 12| session_info->session_transcript.digest_context_th, 372| 12| digest_context_th); 373| 12| if (!result) { ------------------ | Branch (373:9): [True: 0, False: 12] ------------------ 374| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, 375| 0| digest_context_th); 376| 0| return false; 377| 0| } 378| 12| result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo, 379| 12| digest_context_th, th_hash_buffer); 380| 12| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, digest_context_th); 381| 12| if (!result) { ------------------ | Branch (381:9): [True: 0, False: 12] ------------------ 382| 0| return false; 383| 0| } 384| | 385| 12| *th_hash_buffer_size = hash_size; 386| | 387| 12| return true; 388| 12|} libspdm_calculate_th_hmac_for_finish_rsp: 404| 4|{ 405| 4| libspdm_session_info_t *session_info; 406| 4| void *secured_message_context; 407| 4| uint32_t hash_size; 408| 4| void *hash_context_th; 409| 4| uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE]; 410| 4| bool result; 411| | 412| 4| session_info = spdm_session_info; 413| 4| secured_message_context = session_info->secured_message_context; 414| | 415| 4| hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo); 416| | 417| 4| LIBSPDM_ASSERT(*th_hmac_buffer_size >= hash_size); 418| 4| LIBSPDM_ASSERT(session_info->session_transcript.digest_context_th != NULL); 419| | 420| | /* duplicate the th context, because we still need use original context to continue.*/ 421| 4| hash_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo); 422| 4| if (hash_context_th == NULL) { ------------------ | Branch (422:9): [True: 0, False: 4] ------------------ 423| 0| return false; 424| 0| } 425| 4| result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo, 426| 4| session_info->session_transcript.digest_context_th, 427| 4| hash_context_th); 428| 4| if (!result) { ------------------ | Branch (428:9): [True: 0, False: 4] ------------------ 429| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th); 430| 0| return false; 431| 0| } 432| 4| result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo, 433| 4| hash_context_th, hash_data); 434| 4| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th); 435| 4| if (!result) { ------------------ | Branch (435:9): [True: 0, False: 4] ------------------ 436| 0| return false; 437| 0| } 438| | 439| 4| result = libspdm_hmac_all_with_response_finished_key (secured_message_context, 440| 4| hash_data, hash_size, th_hmac_buffer); 441| 4| if (!result) { ------------------ | Branch (441:9): [True: 0, False: 4] ------------------ 442| 0| return false; 443| 0| } 444| 4| *th_hmac_buffer_size = hash_size; 445| | 446| 4| return true; 447| 4|} libspdm_calculate_th_hmac_for_finish_req: 463| 4|{ 464| 4| libspdm_session_info_t *session_info; 465| 4| void *secured_message_context; 466| 4| uint32_t hash_size; 467| 4| void *hash_context_th; 468| 4| uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE]; 469| 4| bool result; 470| | 471| 4| session_info = spdm_session_info; 472| 4| secured_message_context = session_info->secured_message_context; 473| | 474| 4| hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo); 475| | 476| 4| LIBSPDM_ASSERT(*th_hmac_buffer_size >= hash_size); 477| 4| LIBSPDM_ASSERT(session_info->session_transcript.digest_context_th != NULL); 478| | 479| | /* duplicate the th context, because we still need use original context to continue.*/ 480| 4| hash_context_th = libspdm_hash_new (spdm_context->connection_info.algorithm.base_hash_algo); 481| 4| if (hash_context_th == NULL) { ------------------ | Branch (481:9): [True: 0, False: 4] ------------------ 482| 0| return false; 483| 0| } 484| 4| result = libspdm_hash_duplicate (spdm_context->connection_info.algorithm.base_hash_algo, 485| 4| session_info->session_transcript.digest_context_th, 486| 4| hash_context_th); 487| 4| if (!result) { ------------------ | Branch (487:9): [True: 0, False: 4] ------------------ 488| 0| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th); 489| 0| return false; 490| 0| } 491| 4| result = libspdm_hash_final (spdm_context->connection_info.algorithm.base_hash_algo, 492| 4| hash_context_th, hash_data); 493| 4| libspdm_hash_free (spdm_context->connection_info.algorithm.base_hash_algo, hash_context_th); 494| 4| if (!result) { ------------------ | Branch (494:9): [True: 0, False: 4] ------------------ 495| 0| return false; 496| 0| } 497| | 498| 4| result = libspdm_hmac_all_with_request_finished_key (secured_message_context, 499| 4| hash_data, hash_size, th_hmac_buffer); 500| 4| if (!result) { ------------------ | Branch (500:9): [True: 0, False: 4] ------------------ 501| 0| return false; 502| 0| } 503| 4| *th_hmac_buffer_size = hash_size; 504| | 505| 4| return true; 506| 4|} libspdm_calculate_th2_hash: 622| 4|{ 623| 4| libspdm_session_info_t *session_info; 624| 4| bool result; 625| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 626| | uint8_t slot_id; 627| | uint8_t *cert_chain_buffer; 628| | size_t cert_chain_buffer_size; 629| | uint8_t *mut_cert_chain_buffer; 630| | size_t mut_cert_chain_buffer_size; 631| | uint8_t *th_curr_data; 632| | size_t th_curr_data_size; 633| | libspdm_th_managed_buffer_t th_curr; 634| |#endif 635| 4|#if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE) 636| 4| size_t hash_size; 637| 4|#endif 638| | 639| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "Calc th2 hash ...\n")); 640| | 641| 4| session_info = spdm_session_info; 642| | 643| 4|#if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE) 644| 4| hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo); 645| 4|#endif 646| | 647| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 648| | if (!session_info->use_psk) { 649| | if (is_requester) { 650| | slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; 651| | LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); 652| | if (slot_id == 0xFF) { 653| | result = libspdm_get_peer_public_key_buffer( 654| | spdm_context, (const void **)&cert_chain_buffer, 655| | &cert_chain_buffer_size); 656| | } else { 657| | result = libspdm_get_peer_cert_chain_buffer( 658| | spdm_context, (const void **)&cert_chain_buffer, 659| | &cert_chain_buffer_size); 660| | } 661| | } else { 662| | slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id; 663| | LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); 664| | if (slot_id == 0xFF) { 665| | result = libspdm_get_local_public_key_buffer( 666| | spdm_context, (const void **)&cert_chain_buffer, 667| | &cert_chain_buffer_size); 668| | } else { 669| | result = libspdm_get_local_cert_chain_buffer( 670| | spdm_context, (const void **)&cert_chain_buffer, 671| | &cert_chain_buffer_size); 672| | } 673| | } 674| | if (!result) { 675| | return false; 676| | } 677| | if (session_info->mut_auth_requested != 0) { 678| | if (is_requester) { 679| | slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id; 680| | LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); 681| | if (slot_id == 0xFF) { 682| | result = libspdm_get_local_public_key_buffer( 683| | spdm_context, (const void **)&mut_cert_chain_buffer, 684| | &mut_cert_chain_buffer_size); 685| | } else { 686| | result = libspdm_get_local_cert_chain_buffer( 687| | spdm_context, (const void **)&mut_cert_chain_buffer, 688| | &mut_cert_chain_buffer_size); 689| | } 690| | } else { 691| | slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; 692| | LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); 693| | if (slot_id == 0xFF) { 694| | result = libspdm_get_peer_public_key_buffer( 695| | spdm_context, (const void **)&mut_cert_chain_buffer, 696| | &mut_cert_chain_buffer_size); 697| | } else { 698| | result = libspdm_get_peer_cert_chain_buffer( 699| | spdm_context, (const void **)&mut_cert_chain_buffer, 700| | &mut_cert_chain_buffer_size); 701| | } 702| | } 703| | if (!result) { 704| | return false; 705| | } 706| | } else { 707| | mut_cert_chain_buffer = NULL; 708| | mut_cert_chain_buffer_size = 0; 709| | } 710| | } else { 711| | cert_chain_buffer = NULL; 712| | cert_chain_buffer_size = 0; 713| | mut_cert_chain_buffer = NULL; 714| | mut_cert_chain_buffer_size = 0; 715| | } 716| | 717| | result = libspdm_calculate_th_for_finish( 718| | spdm_context, session_info, cert_chain_buffer, 719| | cert_chain_buffer_size, mut_cert_chain_buffer, 720| | mut_cert_chain_buffer_size, &th_curr); 721| | if (!result) { 722| | return false; 723| | } 724| | th_curr_data = libspdm_get_managed_buffer(&th_curr); 725| | th_curr_data_size = libspdm_get_managed_buffer_size(&th_curr); 726| | 727| | result = libspdm_hash_all(spdm_context->connection_info.algorithm.base_hash_algo, 728| | th_curr_data, th_curr_data_size, th2_hash_data); 729| | if (!result) { 730| | return false; 731| | } 732| |#else 733| 4| result = libspdm_calculate_th_hash_for_finish( 734| 4| spdm_context, session_info, &hash_size, th2_hash_data); 735| 4| if (!result) { ------------------ | Branch (735:9): [True: 0, False: 4] ------------------ 736| 0| return false; 737| 0| } 738| 4|#endif 739| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th2 hash - ")); 740| 4| LIBSPDM_INTERNAL_DUMP_DATA(th2_hash_data, hash_size); 741| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n")); 742| | 743| 4| return true; 744| 4|} libspdm_append_managed_buffer: 251| 714|{ 252| 714| libspdm_managed_buffer_t *managed_buffer; 253| | 254| 714| LIBSPDM_ASSERT(buffer != NULL); 255| | 256| 714| if (buffer_size == 0) { ------------------ | Branch (256:9): [True: 0, False: 714] ------------------ 257| 0| return LIBSPDM_STATUS_SUCCESS; ------------------ | | 59| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_SUCCESS, LIBSPDM_SOURCE_SUCCESS, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 258| 0| } 259| | 260| 714| managed_buffer = m_buffer; 261| | 262| 714| LIBSPDM_ASSERT(buffer_size != 0); 263| 714| LIBSPDM_ASSERT(managed_buffer->max_buffer_size >= managed_buffer->buffer_size); 264| | 265| 714| if (buffer_size > managed_buffer->max_buffer_size - managed_buffer->buffer_size) { ------------------ | Branch (265:9): [True: 0, False: 714] ------------------ 266| | /* Do not LIBSPDM_ASSERT here, because command processor will append message from external.*/ 267| 0| LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR, 268| 0| "libspdm_append_managed_buffer 0x%x fail, rest 0x%x only\n", 269| 0| (uint32_t)buffer_size, 270| 0| (uint32_t)(managed_buffer->max_buffer_size - managed_buffer->buffer_size))); 271| 0| return LIBSPDM_STATUS_BUFFER_FULL; ------------------ | | 118| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x000c) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 272| 0| } 273| 714| LIBSPDM_ASSERT(buffer_size <= managed_buffer->max_buffer_size - managed_buffer->buffer_size); 274| | 275| 714| libspdm_copy_mem((uint8_t *)(managed_buffer + 1) + managed_buffer->buffer_size, 276| 714| buffer_size, buffer, buffer_size); 277| 714| managed_buffer->buffer_size += buffer_size; 278| | 279| 714| return LIBSPDM_STATUS_SUCCESS; ------------------ | | 59| 714| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_SUCCESS, LIBSPDM_SOURCE_SUCCESS, 0x0000) | | ------------------ | | | | 55| 714| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 280| 714|} libspdm_reset_managed_buffer: 283| 595|{ 284| 595| libspdm_managed_buffer_t *managed_buffer; 285| | 286| 595| managed_buffer = m_buffer; 287| 595| managed_buffer->buffer_size = 0; 288| | 289| 595| libspdm_zero_mem(managed_buffer + 1, managed_buffer->max_buffer_size); 290| 595|} libspdm_get_managed_buffer_size: 293| 366|{ 294| 366| libspdm_managed_buffer_t *managed_buffer; 295| | 296| 366| managed_buffer = m_buffer; 297| | 298| 366| return managed_buffer->buffer_size; 299| 366|} libspdm_get_managed_buffer: 302| 366|{ 303| 366| libspdm_managed_buffer_t *managed_buffer; 304| | 305| 366| managed_buffer = m_buffer; 306| | 307| 366| return (managed_buffer + 1); 308| 366|} libspdm_init_managed_buffer: 311| 238|{ 312| 238| libspdm_managed_buffer_t *managed_buffer; 313| | 314| 238| managed_buffer = m_buffer; 315| 238| managed_buffer->max_buffer_size = max_buffer_size; 316| | 317| 238| libspdm_reset_managed_buffer(m_buffer); 318| 238|} libspdm_get_aead_key_size: 10| 357|{ 11| 357| switch (aead_cipher_suite) { 12| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM: ------------------ | | 417| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM 0x00000001 ------------------ | Branch (12:5): [True: 0, False: 357] ------------------ 13| 0|#if LIBSPDM_AEAD_AES_128_GCM_SUPPORT 14| 0| return 16; 15| |#else 16| | return 0; 17| |#endif 18| 357| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM: ------------------ | | 418| 357|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM 0x00000002 ------------------ | Branch (18:5): [True: 357, False: 0] ------------------ 19| 357|#if LIBSPDM_AEAD_AES_256_GCM_SUPPORT 20| 357| return 32; 21| |#else 22| | return 0; 23| |#endif 24| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305: ------------------ | | 419| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305 0x00000004 ------------------ | Branch (24:5): [True: 0, False: 357] ------------------ 25| 0|#if LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT 26| 0| return 32; 27| |#else 28| | return 0; 29| |#endif 30| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM: ------------------ | | 422| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM 0x00000008 ------------------ | Branch (30:5): [True: 0, False: 357] ------------------ 31| |#if LIBSPDM_AEAD_SM4_128_GCM_SUPPORT 32| | return 16; 33| |#else 34| 0| return 0; 35| 0|#endif 36| 0| default: ------------------ | Branch (36:5): [True: 0, False: 357] ------------------ 37| 0| return 0; 38| 357| } 39| 357|} libspdm_get_aead_iv_size: 42| 357|{ 43| 357| switch (aead_cipher_suite) { 44| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM: ------------------ | | 417| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM 0x00000001 ------------------ | Branch (44:5): [True: 0, False: 357] ------------------ 45| 0|#if LIBSPDM_AEAD_AES_128_GCM_SUPPORT 46| 0| return 12; 47| |#else 48| | return 0; 49| |#endif 50| 357| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM: ------------------ | | 418| 357|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM 0x00000002 ------------------ | Branch (50:5): [True: 357, False: 0] ------------------ 51| 357|#if LIBSPDM_AEAD_AES_256_GCM_SUPPORT 52| 357| return 12; 53| |#else 54| | return 0; 55| |#endif 56| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305: ------------------ | | 419| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305 0x00000004 ------------------ | Branch (56:5): [True: 0, False: 357] ------------------ 57| 0|#if LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT 58| 0| return 12; 59| |#else 60| | return 0; 61| |#endif 62| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM: ------------------ | | 422| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM 0x00000008 ------------------ | Branch (62:5): [True: 0, False: 357] ------------------ 63| |#if LIBSPDM_AEAD_SM4_128_GCM_SUPPORT 64| | return 12; 65| |#else 66| 0| return 0; 67| 0|#endif 68| 0| default: ------------------ | Branch (68:5): [True: 0, False: 357] ------------------ 69| 0| return 0; 70| 357| } 71| 357|} libspdm_get_aead_tag_size: 74| 357|{ 75| 357| switch (aead_cipher_suite) { 76| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM: ------------------ | | 417| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_128_GCM 0x00000001 ------------------ | Branch (76:5): [True: 0, False: 357] ------------------ 77| 0|#if LIBSPDM_AEAD_AES_128_GCM_SUPPORT 78| 0| return 16; 79| |#else 80| | return 0; 81| |#endif 82| 357| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM: ------------------ | | 418| 357|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AES_256_GCM 0x00000002 ------------------ | Branch (82:5): [True: 357, False: 0] ------------------ 83| 357|#if LIBSPDM_AEAD_AES_256_GCM_SUPPORT 84| 357| return 16; 85| |#else 86| | return 0; 87| |#endif 88| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305: ------------------ | | 419| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_CHACHA20_POLY1305 0x00000004 ------------------ | Branch (88:5): [True: 0, False: 357] ------------------ 89| 0|#if LIBSPDM_AEAD_CHACHA20_POLY1305_SUPPORT 90| 0| return 16; 91| |#else 92| | return 0; 93| |#endif 94| 0| case SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM: ------------------ | | 422| 0|#define SPDM_ALGORITHMS_AEAD_CIPHER_SUITE_AEAD_SM4_GCM 0x00000008 ------------------ | Branch (94:5): [True: 0, False: 357] ------------------ 95| |#if LIBSPDM_AEAD_SM4_128_GCM_SUPPORT 96| | return 16; 97| |#else 98| 0| return 0; 99| 0|#endif 100| 0| default: ------------------ | Branch (100:5): [True: 0, False: 357] ------------------ 101| 0| return 0; 102| 357| } 103| 357|} libspdm_get_asym_signature_size: 180| 144|{ 181| 144| switch (base_asym_algo) { 182| 144| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048: ------------------ | | 371| 144|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 0x00000001 ------------------ | Branch (182:5): [True: 144, False: 0] ------------------ 183| 144|#if LIBSPDM_RSA_SSA_2048_SUPPORT 184| 144| return 256; 185| |#else 186| | return 0; 187| |#endif 188| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048: ------------------ | | 372| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 0x00000002 ------------------ | Branch (188:5): [True: 0, False: 144] ------------------ 189| 0|#if LIBSPDM_RSA_PSS_2048_SUPPORT 190| 0| return 256; 191| |#else 192| | return 0; 193| |#endif 194| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072: ------------------ | | 373| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 0x00000004 ------------------ | Branch (194:5): [True: 0, False: 144] ------------------ 195| 0|#if LIBSPDM_RSA_SSA_3072_SUPPORT 196| 0| return 384; 197| |#else 198| | return 0; 199| |#endif 200| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072: ------------------ | | 374| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072 0x00000008 ------------------ | Branch (200:5): [True: 0, False: 144] ------------------ 201| 0|#if LIBSPDM_RSA_PSS_3072_SUPPORT 202| 0| return 384; 203| |#else 204| | return 0; 205| |#endif 206| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096: ------------------ | | 376| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 0x00000020 ------------------ | Branch (206:5): [True: 0, False: 144] ------------------ 207| 0|#if LIBSPDM_RSA_SSA_4096_SUPPORT 208| 0| return 512; 209| |#else 210| | return 0; 211| |#endif 212| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096: ------------------ | | 377| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096 0x00000040 ------------------ | Branch (212:5): [True: 0, False: 144] ------------------ 213| 0|#if LIBSPDM_RSA_PSS_4096_SUPPORT 214| 0| return 512; 215| |#else 216| | return 0; 217| |#endif 218| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256: ------------------ | | 375| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 0x00000010 ------------------ | Branch (218:5): [True: 0, False: 144] ------------------ 219| 0|#if LIBSPDM_ECDSA_P256_SUPPORT 220| 0| return 32 * 2; 221| |#else 222| | return 0; 223| |#endif 224| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384: ------------------ | | 378| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 0x00000080 ------------------ | Branch (224:5): [True: 0, False: 144] ------------------ 225| 0|#if LIBSPDM_ECDSA_P384_SUPPORT 226| 0| return 48 * 2; 227| |#else 228| | return 0; 229| |#endif 230| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521: ------------------ | | 379| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 0x00000100 ------------------ | Branch (230:5): [True: 0, False: 144] ------------------ 231| 0|#if LIBSPDM_ECDSA_P521_SUPPORT 232| 0| return 66 * 2; 233| |#else 234| | return 0; 235| |#endif 236| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256: ------------------ | | 384| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 0x00000200 ------------------ | Branch (236:5): [True: 0, False: 144] ------------------ 237| |#if LIBSPDM_SM2_DSA_P256_SUPPORT 238| | return 32 * 2; 239| |#else 240| 0| return 0; 241| 0|#endif 242| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519: ------------------ | | 385| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 0x00000400 ------------------ | Branch (242:5): [True: 0, False: 144] ------------------ 243| |#if LIBSPDM_EDDSA_ED25519_SUPPORT 244| | return 32 * 2; 245| |#else 246| 0| return 0; 247| 0|#endif 248| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448: ------------------ | | 386| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 0x00000800 ------------------ | Branch (248:5): [True: 0, False: 144] ------------------ 249| |#if LIBSPDM_EDDSA_ED448_SUPPORT 250| | return 57 * 2; 251| |#else 252| 0| return 0; 253| 0|#endif 254| 0| default: ------------------ | Branch (254:5): [True: 0, False: 144] ------------------ 255| 0| return 0; 256| 144| } 257| 144|} libspdm_asym_free: 362| 714|{ 363| 714| if (context == NULL) { ------------------ | Branch (363:9): [True: 0, False: 714] ------------------ 364| 0| return; 365| 0| } 366| 714| switch (base_asym_algo) { 367| 357| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048: ------------------ | | 371| 357|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 0x00000001 ------------------ | Branch (367:5): [True: 357, False: 357] ------------------ 368| 357| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072: ------------------ | | 373| 357|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 0x00000004 ------------------ | Branch (368:5): [True: 0, False: 714] ------------------ 369| 357| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096: ------------------ | | 376| 357|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 0x00000020 ------------------ | Branch (369:5): [True: 0, False: 714] ------------------ 370| 357| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048: ------------------ | | 372| 357|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 0x00000002 ------------------ | Branch (370:5): [True: 0, False: 714] ------------------ 371| 357| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072: ------------------ | | 374| 357|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072 0x00000008 ------------------ | Branch (371:5): [True: 0, False: 714] ------------------ 372| 357| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096: ------------------ | | 377| 357|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096 0x00000040 ------------------ | Branch (372:5): [True: 0, False: 714] ------------------ 373| 357|#if (LIBSPDM_RSA_SSA_SUPPORT) || (LIBSPDM_RSA_PSS_SUPPORT) 374| 357| libspdm_rsa_free(context); 375| |#else 376| | LIBSPDM_ASSERT(false); 377| |#endif 378| 357| break; 379| 357| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256: ------------------ | | 375| 357|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 0x00000010 ------------------ | Branch (379:5): [True: 357, False: 357] ------------------ 380| 357| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384: ------------------ | | 378| 357|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 0x00000080 ------------------ | Branch (380:5): [True: 0, False: 714] ------------------ 381| 357| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521: ------------------ | | 379| 357|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 0x00000100 ------------------ | Branch (381:5): [True: 0, False: 714] ------------------ 382| 357|#if LIBSPDM_ECDSA_SUPPORT 383| 357| libspdm_ec_free(context); 384| |#else 385| | LIBSPDM_ASSERT(false); 386| |#endif 387| 357| break; 388| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519: ------------------ | | 385| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 0x00000400 ------------------ | Branch (388:5): [True: 0, False: 714] ------------------ 389| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448: ------------------ | | 386| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 0x00000800 ------------------ | Branch (389:5): [True: 0, False: 714] ------------------ 390| |#if (LIBSPDM_EDDSA_ED25519_SUPPORT) || (LIBSPDM_EDDSA_ED448_SUPPORT) 391| | libspdm_ecd_free(context); 392| |#else 393| 0| LIBSPDM_ASSERT(false); 394| 0|#endif 395| 0| break; 396| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256: ------------------ | | 384| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 0x00000200 ------------------ | Branch (396:5): [True: 0, False: 714] ------------------ 397| |#if LIBSPDM_SM2_DSA_SUPPORT 398| | libspdm_sm2_dsa_free(context); 399| |#else 400| 0| LIBSPDM_ASSERT(false); 401| 0|#endif 402| 0| break; 403| 0| default: ------------------ | Branch (403:5): [True: 0, False: 714] ------------------ 404| 0| LIBSPDM_ASSERT(false); 405| 0| break; 406| 714| } 407| 714|} libspdm_get_req_asym_signature_size: 1376| 144|{ 1377| 144| return libspdm_get_asym_signature_size(req_base_asym_alg); 1378| 144|} libspdm_req_asym_free: 1381| 238|{ 1382| 238| libspdm_asym_free(req_base_asym_alg, context); 1383| 238|} libspdm_req_asym_func_need_hash: 1397| 127|{ 1398| 127| return libspdm_asym_func_need_hash(req_base_asym_alg); 1399| 127|} libspdm_req_asym_verify_hash_ex: 1541| 8|{ 1542| 8| bool need_hash; 1543| 8| uint8_t *message; 1544| 8| size_t message_size; 1545| 8| uint8_t full_message_hash[LIBSPDM_MAX_HASH_SIZE]; 1546| 8| bool result; 1547| 8| size_t hash_nid; 1548| 8| uint8_t spdm12_signing_context_with_hash[SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE + 1549| 8| LIBSPDM_MAX_HASH_SIZE]; 1550| 8| const void *param; 1551| 8| size_t param_size; 1552| | 1553| 8| bool try_big_endian; 1554| 8| bool try_little_endian; 1555| 8| bool little_endian_succeeded; 1556| 8| uint8_t endian_swapped_signature[LIBSPDM_MAX_ASYM_SIG_SIZE]; 1557| | 1558| 8| hash_nid = libspdm_get_hash_nid(base_hash_algo); 1559| 8| need_hash = libspdm_req_asym_func_need_hash(req_base_asym_alg); 1560| 8| LIBSPDM_ASSERT (hash_size == libspdm_get_hash_size(base_hash_algo)); 1561| | 1562| 8| param = NULL; 1563| 8| param_size = 0; 1564| | 1565| 8| if ((spdm_version >> SPDM_VERSION_NUMBER_SHIFT_BIT) > SPDM_MESSAGE_VERSION_11) { ------------------ | | 140| 8|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ if ((spdm_version >> SPDM_VERSION_NUMBER_SHIFT_BIT) > SPDM_MESSAGE_VERSION_11) { ------------------ | | 111| 8|#define SPDM_MESSAGE_VERSION_11 0x11 ------------------ | Branch (1565:9): [True: 0, False: 8] ------------------ 1566| | /* Need use SPDM 1.2 signing */ 1567| 0| switch (req_base_asym_alg) { 1568| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256: ------------------ | | 384| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 0x00000200 ------------------ | Branch (1568:9): [True: 0, False: 0] ------------------ 1569| 0| param = ""; 1570| 0| param_size = 0; 1571| 0| break; 1572| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519: ------------------ | | 385| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 0x00000400 ------------------ | Branch (1572:9): [True: 0, False: 0] ------------------ 1573| 0| hash_nid = LIBSPDM_CRYPTO_NID_NULL; ------------------ | | 19| 0|#define LIBSPDM_CRYPTO_NID_NULL 0x0000 ------------------ 1574| 0| break; 1575| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448: ------------------ | | 386| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 0x00000800 ------------------ | Branch (1575:9): [True: 0, False: 0] ------------------ 1576| 0| hash_nid = LIBSPDM_CRYPTO_NID_NULL; ------------------ | | 19| 0|#define LIBSPDM_CRYPTO_NID_NULL 0x0000 ------------------ 1577| 0| param = libspdm_get_signing_context_string (spdm_version, op_code, true, ¶m_size); 1578| 0| break; 1579| 0| default: ------------------ | Branch (1579:9): [True: 0, False: 0] ------------------ 1580| | /* pass thru for rest algorithm */ 1581| 0| break; 1582| 0| } 1583| | 1584| 0| libspdm_create_signing_context (spdm_version, op_code, true, 1585| 0| spdm12_signing_context_with_hash); 1586| 0| libspdm_copy_mem(&spdm12_signing_context_with_hash[SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE], ------------------ | | 145| 0|#define SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE 100 ------------------ 1587| 0| sizeof(spdm12_signing_context_with_hash) 1588| 0| - (&spdm12_signing_context_with_hash[SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE] ------------------ | | 145| 0|#define SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE 100 ------------------ 1589| 0| - spdm12_signing_context_with_hash), 1590| 0| message_hash, hash_size); 1591| | 1592| | /* assign message and message_size for signing */ 1593| 0| message = spdm12_signing_context_with_hash; 1594| 0| message_size = SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE + hash_size; ------------------ | | 145| 0|#define SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE 100 ------------------ 1595| | 1596| 0| if (need_hash) { ------------------ | Branch (1596:13): [True: 0, False: 0] ------------------ 1597| 0| result = libspdm_hash_all(base_hash_algo, message, message_size, 1598| 0| full_message_hash); 1599| 0| if (!result) { ------------------ | Branch (1599:17): [True: 0, False: 0] ------------------ 1600| 0| return false; 1601| 0| } 1602| 0| return libspdm_asym_verify_wrap(context, hash_nid, req_base_asym_alg, 1603| 0| param, param_size, 1604| 0| full_message_hash, hash_size, 1605| 0| signature, sig_size); 1606| 0| } else { 1607| 0| return libspdm_asym_verify_wrap(context, hash_nid, req_base_asym_alg, 1608| 0| param, param_size, 1609| 0| message, message_size, 1610| 0| signature, sig_size); 1611| 0| } 1612| | /* SPDM 1.2 signing done. */ 1613| 8| } else { 1614| 8| try_big_endian = 1615| 8| (*endian == LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY ------------------ | | 242| 16|#define LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY 0 ------------------ | Branch (1615:14): [True: 8, False: 0] ------------------ 1616| 8| || *endian == LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE); ------------------ | | 244| 0|#define LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE 2 ------------------ | Branch (1616:17): [True: 0, False: 0] ------------------ 1617| | 1618| 8| try_little_endian = 1619| 8| (*endian == LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY ------------------ | | 243| 16|#define LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY 1 ------------------ | Branch (1619:14): [True: 0, False: 8] ------------------ 1620| 8| || *endian == LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE); ------------------ | | 244| 8|#define LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_OR_LITTLE 2 ------------------ | Branch (1620:17): [True: 0, False: 8] ------------------ 1621| | 1622| 8| little_endian_succeeded = false; 1623| 8| } 1624| | 1625| 8| if (need_hash) { ------------------ | Branch (1625:9): [True: 8, False: 0] ------------------ 1626| 8| result = false; 1627| 8| if (try_big_endian) { ------------------ | Branch (1627:13): [True: 8, False: 0] ------------------ 1628| 8| result = libspdm_asym_verify_wrap(context, hash_nid, req_base_asym_alg, 1629| 8| param, param_size, 1630| 8| message_hash, hash_size, 1631| 8| signature, sig_size); 1632| 8| } 1633| 8| if (!result && try_little_endian) { ------------------ | Branch (1633:13): [True: 5, False: 3] | Branch (1633:24): [True: 0, False: 5] ------------------ 1634| 0| libspdm_copy_signature_swap_endian( 1635| 0| req_base_asym_alg, 1636| 0| endian_swapped_signature, sizeof(endian_swapped_signature), 1637| 0| signature, sig_size); 1638| | 1639| 0| result = libspdm_asym_verify_wrap(context, hash_nid, req_base_asym_alg, 1640| 0| param, param_size, 1641| 0| message_hash, hash_size, 1642| 0| endian_swapped_signature, sig_size); 1643| 0| little_endian_succeeded = result; 1644| 0| } 1645| 8| if (try_big_endian && try_little_endian && result) { ------------------ | Branch (1645:13): [True: 8, False: 0] | Branch (1645:31): [True: 0, False: 8] | Branch (1645:52): [True: 0, False: 0] ------------------ 1646| 0| if (!libspdm_is_signature_buffer_palindrome(req_base_asym_alg, signature, sig_size)) { ------------------ | Branch (1646:17): [True: 0, False: 0] ------------------ 1647| 0| if (little_endian_succeeded) { ------------------ | Branch (1647:21): [True: 0, False: 0] ------------------ 1648| 0| *endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY; ------------------ | | 243| 0|#define LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_LITTLE_ONLY 1 ------------------ 1649| 0| } else { 1650| 0| *endian = LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY; ------------------ | | 242| 0|#define LIBSPDM_SPDM_10_11_VERIFY_SIGNATURE_ENDIAN_BIG_ONLY 0 ------------------ 1651| 0| } 1652| 0| } 1653| 0| } 1654| 8| return result; 1655| 8| } else { 1656| 0| LIBSPDM_ASSERT (false); 1657| 0| return false; 1658| 0| } 1659| 8|} libspdm_req_asym_sign: 1693| 119|{ 1694| 119| bool need_hash; 1695| 119| uint8_t message_hash[LIBSPDM_MAX_HASH_SIZE]; 1696| 119| size_t hash_size; 1697| 119| bool result; 1698| 119| size_t hash_nid; 1699| 119| uint8_t spdm12_signing_context_with_hash[SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE + 1700| 119| LIBSPDM_MAX_HASH_SIZE]; 1701| 119| const void *param; 1702| 119| size_t param_size; 1703| | 1704| 119| hash_nid = libspdm_get_hash_nid(base_hash_algo); 1705| 119| need_hash = libspdm_req_asym_func_need_hash(req_base_asym_alg); 1706| | 1707| 119| param = NULL; 1708| 119| param_size = 0; 1709| | 1710| 119| if ((spdm_version >> SPDM_VERSION_NUMBER_SHIFT_BIT) > SPDM_MESSAGE_VERSION_11) { ------------------ | | 140| 119|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ if ((spdm_version >> SPDM_VERSION_NUMBER_SHIFT_BIT) > SPDM_MESSAGE_VERSION_11) { ------------------ | | 111| 119|#define SPDM_MESSAGE_VERSION_11 0x11 ------------------ | Branch (1710:9): [True: 18, False: 101] ------------------ 1711| | /* Need use SPDM 1.2 signing */ 1712| 18| switch (req_base_asym_alg) { 1713| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256: ------------------ | | 384| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 0x00000200 ------------------ | Branch (1713:9): [True: 0, False: 18] ------------------ 1714| 0| param = ""; 1715| 0| param_size = 0; 1716| 0| break; 1717| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519: ------------------ | | 385| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 0x00000400 ------------------ | Branch (1717:9): [True: 0, False: 18] ------------------ 1718| 0| hash_nid = LIBSPDM_CRYPTO_NID_NULL; ------------------ | | 19| 0|#define LIBSPDM_CRYPTO_NID_NULL 0x0000 ------------------ 1719| 0| break; 1720| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448: ------------------ | | 386| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 0x00000800 ------------------ | Branch (1720:9): [True: 0, False: 18] ------------------ 1721| 0| hash_nid = LIBSPDM_CRYPTO_NID_NULL; ------------------ | | 19| 0|#define LIBSPDM_CRYPTO_NID_NULL 0x0000 ------------------ 1722| 0| param = libspdm_get_signing_context_string (spdm_version, op_code, true, ¶m_size); 1723| 0| break; 1724| 18| default: ------------------ | Branch (1724:9): [True: 18, False: 0] ------------------ 1725| | /* pass thru for rest algorithm */ 1726| 18| break; 1727| 18| } 1728| | 1729| 18| libspdm_create_signing_context (spdm_version, op_code, true, 1730| 18| spdm12_signing_context_with_hash); 1731| 18| hash_size = libspdm_get_hash_size(base_hash_algo); 1732| 18| result = libspdm_hash_all(base_hash_algo, message, message_size, 1733| 18| &spdm12_signing_context_with_hash[ 1734| 18| SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE]); ------------------ | | 145| 18|#define SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE 100 ------------------ 1735| 18| if (!result) { ------------------ | Branch (1735:13): [True: 0, False: 18] ------------------ 1736| 0| return false; 1737| 0| } 1738| | 1739| | /* re-assign message and message_size for signing */ 1740| 18| message = spdm12_signing_context_with_hash; 1741| 18| message_size = SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE + hash_size; ------------------ | | 145| 18|#define SPDM_VERSION_1_2_SIGNING_CONTEXT_SIZE 100 ------------------ 1742| | 1743| | /* Passthru */ 1744| 18| } 1745| | 1746| 119| if (need_hash) { ------------------ | Branch (1746:9): [True: 119, False: 0] ------------------ 1747| 119| hash_size = libspdm_get_hash_size(base_hash_algo); 1748| 119| result = libspdm_hash_all(base_hash_algo, message, message_size, 1749| 119| message_hash); 1750| 119| if (!result) { ------------------ | Branch (1750:13): [True: 0, False: 119] ------------------ 1751| 0| return false; 1752| 0| } 1753| 119| return libspdm_asym_sign_wrap(context, hash_nid, req_base_asym_alg, 1754| 119| param, param_size, 1755| 119| message_hash, hash_size, 1756| 119| signature, sig_size); 1757| 119| } else { 1758| 0| return libspdm_asym_sign_wrap(context, hash_nid, req_base_asym_alg, 1759| 0| param, param_size, 1760| 0| message, message_size, 1761| 0| signature, sig_size); 1762| 0| } 1763| 119|} libspdm_crypt_asym.c:libspdm_asym_func_need_hash: 510| 127|{ 511| 127| switch (base_asym_algo) { 512| 127| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048: ------------------ | | 371| 127|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 0x00000001 ------------------ | Branch (512:5): [True: 127, False: 0] ------------------ 513| 127| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072: ------------------ | | 373| 127|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 0x00000004 ------------------ | Branch (513:5): [True: 0, False: 127] ------------------ 514| 127| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096: ------------------ | | 376| 127|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 0x00000020 ------------------ | Branch (514:5): [True: 0, False: 127] ------------------ 515| 127| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048: ------------------ | | 372| 127|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 0x00000002 ------------------ | Branch (515:5): [True: 0, False: 127] ------------------ 516| 127| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072: ------------------ | | 374| 127|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072 0x00000008 ------------------ | Branch (516:5): [True: 0, False: 127] ------------------ 517| 127| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096: ------------------ | | 377| 127|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096 0x00000040 ------------------ | Branch (517:5): [True: 0, False: 127] ------------------ 518| 127| return true; 519| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256: ------------------ | | 375| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 0x00000010 ------------------ | Branch (519:5): [True: 0, False: 127] ------------------ 520| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384: ------------------ | | 378| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 0x00000080 ------------------ | Branch (520:5): [True: 0, False: 127] ------------------ 521| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521: ------------------ | | 379| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 0x00000100 ------------------ | Branch (521:5): [True: 0, False: 127] ------------------ 522| 0| return true; 523| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519: ------------------ | | 385| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 0x00000400 ------------------ | Branch (523:5): [True: 0, False: 127] ------------------ 524| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448: ------------------ | | 386| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 0x00000800 ------------------ | Branch (524:5): [True: 0, False: 127] ------------------ 525| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256: ------------------ | | 384| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 0x00000200 ------------------ | Branch (525:5): [True: 0, False: 127] ------------------ 526| 0| return false; 527| 0| default: ------------------ | Branch (527:5): [True: 0, False: 127] ------------------ 528| 0| LIBSPDM_ASSERT(false); 529| 0| break; 530| 127| } 531| | 532| 0| return false; 533| 127|} libspdm_crypt_asym.c:libspdm_create_signing_context: 140| 18|{ 141| 18| size_t index; 142| 18| char *context_str; 143| | 144| | /* It is introduced in SPDM 1.2*/ 145| 18| LIBSPDM_ASSERT((spdm_version >> SPDM_VERSION_NUMBER_SHIFT_BIT) > SPDM_MESSAGE_VERSION_11); 146| | 147| | /* So far, it only leaves 1 bytes for version*/ 148| 18| LIBSPDM_ASSERT((((spdm_version >> 12) & 0xF) < 10) && 149| 18| (((spdm_version >> 8) & 0xF) < 10)); 150| | 151| 18| context_str = spdm_signing_context; 152| 90| for (index = 0; index < 4; index++) { ------------------ | Branch (152:21): [True: 72, False: 18] ------------------ 153| 72| libspdm_copy_mem(context_str, 154| 72| SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT_SIZE, ------------------ | | 144| 72| (sizeof(SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) - 1) | | ------------------ | | | | 142| 72|#define SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT "dmtf-spdm-v1.2.*" | | ------------------ ------------------ 155| 72| SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT, ------------------ | | 142| 72|#define SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT "dmtf-spdm-v1.2.*" ------------------ 156| 72| SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT_SIZE); ------------------ | | 144| 72| (sizeof(SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) - 1) | | ------------------ | | | | 142| 72|#define SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT "dmtf-spdm-v1.2.*" | | ------------------ ------------------ 157| | /* patch the version*/ 158| 72| context_str[11] = (char)('0' + ((spdm_version >> 12) & 0xF)); 159| 72| context_str[13] = (char)('0' + ((spdm_version >> 8) & 0xF)); 160| 72| context_str[15] = (char)('*'); 161| 72| context_str += SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT_SIZE; ------------------ | | 144| 72| (sizeof(SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT) - 1) | | ------------------ | | | | 142| 72|#define SPDM_VERSION_1_2_SIGNING_PREFIX_CONTEXT "dmtf-spdm-v1.2.*" | | ------------------ ------------------ 162| 72| } 163| 90| for (index = 0; index < LIBSPDM_ARRAY_SIZE(m_libspdm_signing_context_str_table); index++) { ------------------ | | 85| 90|#define LIBSPDM_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0])) ------------------ | Branch (163:21): [True: 90, False: 0] ------------------ 164| 90| if (m_libspdm_signing_context_str_table[index].is_requester == is_requester && ------------------ | Branch (164:13): [True: 36, False: 54] ------------------ 165| 90| m_libspdm_signing_context_str_table[index].op_code == op_code) { ------------------ | Branch (165:13): [True: 18, False: 18] ------------------ 166| 18| libspdm_zero_mem ( 167| 18| context_str, 168| 18| m_libspdm_signing_context_str_table[index].zero_pad_size); 169| 18| libspdm_copy_mem(context_str + m_libspdm_signing_context_str_table[index].zero_pad_size, 170| 18| m_libspdm_signing_context_str_table[index].context_size, 171| 18| m_libspdm_signing_context_str_table[index].context, 172| 18| m_libspdm_signing_context_str_table[index].context_size); 173| 18| return; 174| 18| } 175| 90| } 176| 0| LIBSPDM_ASSERT(false); 177| 0|} libspdm_crypt_asym.c:libspdm_asym_verify_wrap: 823| 8|{ 824| 8| switch (base_asym_algo) { 825| 8| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048: ------------------ | | 371| 8|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 0x00000001 ------------------ | Branch (825:5): [True: 8, False: 0] ------------------ 826| 8| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072: ------------------ | | 373| 8|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 0x00000004 ------------------ | Branch (826:5): [True: 0, False: 8] ------------------ 827| 8| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096: ------------------ | | 376| 8|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 0x00000020 ------------------ | Branch (827:5): [True: 0, False: 8] ------------------ 828| 8|#if LIBSPDM_RSA_SSA_SUPPORT 829| |#if !LIBSPDM_RSA_SSA_2048_SUPPORT 830| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048); 831| |#endif 832| |#if !LIBSPDM_RSA_SSA_3072_SUPPORT 833| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072); 834| |#endif 835| |#if !LIBSPDM_RSA_SSA_4096_SUPPORT 836| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096); 837| |#endif 838| 8| return libspdm_rsa_pkcs1_verify_with_nid_wrap(context, hash_nid, 839| 8| param, param_size, 840| 8| message, message_size, 841| 8| signature, sig_size); 842| |#else 843| | LIBSPDM_ASSERT(false); 844| | return false; 845| |#endif 846| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048: ------------------ | | 372| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 0x00000002 ------------------ | Branch (846:5): [True: 0, False: 8] ------------------ 847| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072: ------------------ | | 374| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072 0x00000008 ------------------ | Branch (847:5): [True: 0, False: 8] ------------------ 848| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096: ------------------ | | 377| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096 0x00000040 ------------------ | Branch (848:5): [True: 0, False: 8] ------------------ 849| 0|#if LIBSPDM_RSA_PSS_SUPPORT 850| |#if !LIBSPDM_RSA_PSS_2048_SUPPORT 851| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048); 852| |#endif 853| |#if !LIBSPDM_RSA_PSS_3072_SUPPORT 854| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072); 855| |#endif 856| |#if !LIBSPDM_RSA_PSS_4096_SUPPORT 857| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096); 858| |#endif 859| 0| return libspdm_rsa_pss_verify_wrap(context, hash_nid, 860| 0| param, param_size, 861| 0| message, message_size, 862| 0| signature, sig_size); 863| |#else 864| | LIBSPDM_ASSERT(false); 865| | return false; 866| |#endif 867| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256: ------------------ | | 375| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 0x00000010 ------------------ | Branch (867:5): [True: 0, False: 8] ------------------ 868| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384: ------------------ | | 378| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 0x00000080 ------------------ | Branch (868:5): [True: 0, False: 8] ------------------ 869| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521: ------------------ | | 379| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 0x00000100 ------------------ | Branch (869:5): [True: 0, False: 8] ------------------ 870| 0|#if LIBSPDM_ECDSA_SUPPORT 871| |#if !LIBSPDM_ECDSA_P256_SUPPORT 872| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256); 873| |#endif 874| |#if !LIBSPDM_ECDSA_P384_SUPPORT 875| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384); 876| |#endif 877| |#if !LIBSPDM_ECDSA_P521_SUPPORT 878| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521); 879| |#endif 880| 0| return libspdm_ecdsa_verify_wrap(context, hash_nid, 881| 0| param, param_size, 882| 0| message, message_size, 883| 0| signature, sig_size); 884| |#else 885| | LIBSPDM_ASSERT(false); 886| | return false; 887| |#endif 888| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519: ------------------ | | 385| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 0x00000400 ------------------ | Branch (888:5): [True: 0, False: 8] ------------------ 889| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448: ------------------ | | 386| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 0x00000800 ------------------ | Branch (889:5): [True: 0, False: 8] ------------------ 890| |#if (LIBSPDM_EDDSA_ED25519_SUPPORT) || (LIBSPDM_EDDSA_ED448_SUPPORT) 891| |#if !LIBSPDM_EDDSA_ED25519_SUPPORT 892| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519); 893| |#endif 894| |#if !LIBSPDM_EDDSA_ED448_SUPPORT 895| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448); 896| |#endif 897| | return libspdm_eddsa_verify_wrap(context, hash_nid, 898| | param, param_size, 899| | message, message_size, 900| | signature, sig_size); 901| |#else 902| 0| LIBSPDM_ASSERT(false); 903| 0| return false; 904| 0|#endif 905| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256: ------------------ | | 384| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 0x00000200 ------------------ | Branch (905:5): [True: 0, False: 8] ------------------ 906| |#if LIBSPDM_SM2_DSA_SUPPORT 907| | return libspdm_sm2_dsa_verify_wrap(context, hash_nid, 908| | param, param_size, 909| | message, message_size, 910| | signature, sig_size); 911| |#else 912| 0| LIBSPDM_ASSERT(false); 913| 0| return false; 914| 0|#endif 915| 0| default: ------------------ | Branch (915:5): [True: 0, False: 8] ------------------ 916| 0| LIBSPDM_ASSERT(false); 917| 0| return false; 918| 8| } 919| 8|} libspdm_crypt_asym.c:libspdm_rsa_pkcs1_verify_with_nid_wrap: 762| 8|{ 763| 8| return libspdm_rsa_pkcs1_verify_with_nid (context, hash_nid, 764| 8| message, message_size, signature, sig_size); 765| 8|} libspdm_crypt_asym.c:libspdm_asym_sign_wrap: 263| 119|{ 264| 119| switch (base_asym_algo) { 265| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048: ------------------ | | 371| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 0x00000001 ------------------ | Branch (265:5): [True: 119, False: 0] ------------------ 266| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072: ------------------ | | 373| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 0x00000004 ------------------ | Branch (266:5): [True: 0, False: 119] ------------------ 267| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096: ------------------ | | 376| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 0x00000020 ------------------ | Branch (267:5): [True: 0, False: 119] ------------------ 268| 119|#if LIBSPDM_RSA_SSA_SUPPORT 269| |#if !LIBSPDM_RSA_SSA_2048_SUPPORT 270| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048); 271| |#endif 272| |#if !LIBSPDM_RSA_SSA_3072_SUPPORT 273| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072); 274| |#endif 275| |#if !LIBSPDM_RSA_SSA_4096_SUPPORT 276| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096); 277| |#endif 278| 119| return libspdm_rsa_pkcs1_sign_with_nid_wrap(context, hash_nid, 279| 119| param, param_size, 280| 119| message, message_size, 281| 119| signature, sig_size); 282| |#else 283| | LIBSPDM_ASSERT(false); 284| | return false; 285| |#endif 286| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048: ------------------ | | 372| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 0x00000002 ------------------ | Branch (286:5): [True: 0, False: 119] ------------------ 287| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072: ------------------ | | 374| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072 0x00000008 ------------------ | Branch (287:5): [True: 0, False: 119] ------------------ 288| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096: ------------------ | | 377| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096 0x00000040 ------------------ | Branch (288:5): [True: 0, False: 119] ------------------ 289| 0|#if LIBSPDM_RSA_PSS_SUPPORT 290| |#if !LIBSPDM_RSA_PSS_2048_SUPPORT 291| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048); 292| |#endif 293| |#if !LIBSPDM_RSA_PSS_3072_SUPPORT 294| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072); 295| |#endif 296| |#if !LIBSPDM_RSA_PSS_4096_SUPPORT 297| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096); 298| |#endif 299| 0| return libspdm_rsa_pss_sign_wrap(context, hash_nid, 300| 0| param, param_size, 301| 0| message, message_size, 302| 0| signature, sig_size); 303| |#else 304| | LIBSPDM_ASSERT(false); 305| | return false; 306| |#endif 307| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256: ------------------ | | 375| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 0x00000010 ------------------ | Branch (307:5): [True: 0, False: 119] ------------------ 308| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384: ------------------ | | 378| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 0x00000080 ------------------ | Branch (308:5): [True: 0, False: 119] ------------------ 309| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521: ------------------ | | 379| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 0x00000100 ------------------ | Branch (309:5): [True: 0, False: 119] ------------------ 310| 0|#if LIBSPDM_ECDSA_SUPPORT 311| |#if !LIBSPDM_ECDSA_P256_SUPPORT 312| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256); 313| |#endif 314| |#if !LIBSPDM_ECDSA_P384_SUPPORT 315| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384); 316| |#endif 317| |#if !LIBSPDM_ECDSA_P521_SUPPORT 318| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521); 319| |#endif 320| 0| return libspdm_ecdsa_sign_wrap(context, hash_nid, 321| 0| param, param_size, 322| 0| message, message_size, 323| 0| signature, sig_size); 324| |#else 325| | LIBSPDM_ASSERT(false); 326| | return false; 327| |#endif 328| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519: ------------------ | | 385| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 0x00000400 ------------------ | Branch (328:5): [True: 0, False: 119] ------------------ 329| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448: ------------------ | | 386| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 0x00000800 ------------------ | Branch (329:5): [True: 0, False: 119] ------------------ 330| |#if (LIBSPDM_EDDSA_ED25519_SUPPORT) || (LIBSPDM_EDDSA_ED448_SUPPORT) 331| |#if !LIBSPDM_EDDSA_ED25519_SUPPORT 332| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519); 333| |#endif 334| |#if !LIBSPDM_EDDSA_ED448_SUPPORT 335| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448); 336| |#endif 337| | return libspdm_eddsa_sign_wrap(context, hash_nid, 338| | param, param_size, 339| | message, message_size, 340| | signature, sig_size); 341| |#else 342| 0| LIBSPDM_ASSERT(false); 343| 0| return false; 344| 0|#endif 345| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256: ------------------ | | 384| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 0x00000200 ------------------ | Branch (345:5): [True: 0, False: 119] ------------------ 346| |#if LIBSPDM_SM2_DSA_SUPPORT 347| | return libspdm_sm2_dsa_sign_wrap(context, hash_nid, 348| | param, param_size, 349| | message, message_size, 350| | signature, sig_size); 351| |#else 352| 0| LIBSPDM_ASSERT(false); 353| 0| return false; 354| 0|#endif 355| 0| default: ------------------ | Branch (355:5): [True: 0, False: 119] ------------------ 356| 0| LIBSPDM_ASSERT(false); 357| 0| return false; 358| 119| } 359| 119|} libspdm_crypt_asym.c:libspdm_rsa_pkcs1_sign_with_nid_wrap: 43| 119|{ 44| 119| return libspdm_rsa_pkcs1_sign_with_nid (context, hash_nid, 45| 119| message, message_size, signature, sig_size); 46| 119|} libspdm_asym_get_public_key_from_x509: 220| 595|{ 221| 595| libspdm_asym_get_public_key_from_x509_func get_public_key_from_x509_function; 222| 595| get_public_key_from_x509_function = libspdm_get_asym_get_public_key_from_x509(base_asym_algo); 223| 595| if (get_public_key_from_x509_function == NULL) { ------------------ | Branch (223:9): [True: 0, False: 595] ------------------ 224| 0| return false; 225| 0| } 226| 595| return get_public_key_from_x509_function(cert, cert_size, context); 227| 595|} libspdm_x509_common_certificate_check: 1071| 476|{ 1072| 476| uint8_t end_cert_from[64]; 1073| 476| size_t end_cert_from_len; 1074| 476| uint8_t end_cert_to[64]; 1075| 476| size_t end_cert_to_len; 1076| 476| size_t asn1_buffer_len; 1077| 476| bool status; 1078| 476| size_t cert_version; 1079| 476| void *context; 1080| |#if LIBSPDM_ADDITIONAL_CHECK_CERT 1081| | size_t signature_algo_oid_size; 1082| |#endif /* LIBSPDM_ADDITIONAL_CHECK_CERT */ 1083| | 1084| 476| if (cert == NULL || cert_size == 0) { ------------------ | Branch (1084:9): [True: 0, False: 476] | Branch (1084:25): [True: 0, False: 476] ------------------ 1085| 0| return false; 1086| 0| } 1087| | 1088| 476| status = true; 1089| 476| context = NULL; 1090| 476| end_cert_from_len = 64; 1091| 476| end_cert_to_len = 64; 1092| | 1093| | /* 1. version*/ 1094| 476| cert_version = 0; 1095| 476| status = libspdm_x509_get_version(cert, cert_size, &cert_version); 1096| 476| if (!status) { ------------------ | Branch (1096:9): [True: 0, False: 476] ------------------ 1097| 0| goto cleanup; 1098| 0| } 1099| 476| if (cert_version != 2) { ------------------ | Branch (1099:9): [True: 0, False: 476] ------------------ 1100| 0| status = false; 1101| 0| goto cleanup; 1102| 0| } 1103| | 1104| | /* 2. serial_number*/ 1105| 476| asn1_buffer_len = 0; 1106| 476| status = libspdm_x509_get_serial_number(cert, cert_size, NULL, &asn1_buffer_len); 1107| 476| if (asn1_buffer_len == 0) { ------------------ | Branch (1107:9): [True: 0, False: 476] ------------------ 1108| 0| status = false; 1109| 0| goto cleanup; 1110| 0| } 1111| | 1112| |#if LIBSPDM_ADDITIONAL_CHECK_CERT 1113| | /* 3. Verify signature algorithm. */ 1114| | signature_algo_oid_size = 0; 1115| | status = libspdm_x509_get_signature_algorithm(cert, cert_size, NULL, &signature_algo_oid_size); 1116| | if (status) { 1117| | if ((signature_algo_oid_size == 0) && 1118| | (cert_model != SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT)) { 1119| | status = false; 1120| | goto cleanup; 1121| | } 1122| | } else { 1123| | if (signature_algo_oid_size == 0) { 1124| | status = false; 1125| | goto cleanup; 1126| | } 1127| | } 1128| |#endif /* LIBSPDM_ADDITIONAL_CHECK_CERT */ 1129| | 1130| | /* 4. Verify public key algorithm. 1131| | * If this is a SET_CERTIFICATE operation and the endpoint uses the AliasCert model then the 1132| | * check should be skipped as the Device Certificate CA's public key does not have to use 1133| | * the same algorithms as the connection's negotiated algorithms. */ 1134| 476| if (!set_cert || (cert_model != SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT)) { ------------------ | | 599| 0|#define SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT 0x2 ------------------ | Branch (1134:9): [True: 476, False: 0] | Branch (1134:22): [True: 0, False: 0] ------------------ 1135| 476| status = libspdm_verify_cert_subject_public_key_info(cert, cert_size, base_asym_algo); 1136| 476| if (!status) { ------------------ | Branch (1136:13): [True: 0, False: 476] ------------------ 1137| 0| goto cleanup; 1138| 0| } 1139| 476| } 1140| | 1141| | /* 5. issuer_name*/ 1142| 476| asn1_buffer_len = 0; 1143| 476| status = libspdm_x509_get_issuer_name(cert, cert_size, NULL, &asn1_buffer_len); 1144| 476| if (status) { ------------------ | Branch (1144:9): [True: 0, False: 476] ------------------ 1145| 0| if ((asn1_buffer_len == 0) && ------------------ | Branch (1145:13): [True: 0, False: 0] ------------------ 1146| 0| (cert_model != SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT)) { ------------------ | | 600| 0|#define SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT 0x3 ------------------ | Branch (1146:13): [True: 0, False: 0] ------------------ 1147| 0| status = false; 1148| 0| goto cleanup; 1149| 0| } 1150| 476| } else { 1151| 476| if (asn1_buffer_len == 0) { ------------------ | Branch (1151:13): [True: 0, False: 476] ------------------ 1152| 0| status = false; 1153| 0| goto cleanup; 1154| 0| } 1155| 476| } 1156| | 1157| | /* 6. subject_name*/ 1158| 476| asn1_buffer_len = 0; 1159| 476| status = libspdm_x509_get_subject_name(cert, cert_size, NULL, &asn1_buffer_len); 1160| 476| if (status) { ------------------ | Branch (1160:9): [True: 0, False: 476] ------------------ 1161| 0| if ((asn1_buffer_len == 0) && ------------------ | Branch (1161:13): [True: 0, False: 0] ------------------ 1162| 0| (cert_model != SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT)) { ------------------ | | 600| 0|#define SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT 0x3 ------------------ | Branch (1162:13): [True: 0, False: 0] ------------------ 1163| 0| status = false; 1164| 0| goto cleanup; 1165| 0| } 1166| 476| } else { 1167| 476| if (asn1_buffer_len == 0) { ------------------ | Branch (1167:13): [True: 0, False: 476] ------------------ 1168| 0| status = false; 1169| 0| goto cleanup; 1170| 0| } 1171| 476| } 1172| | 1173| | /* 7. validity*/ 1174| 476| status = libspdm_x509_get_validity(cert, cert_size, end_cert_from, 1175| 476| &end_cert_from_len, end_cert_to, 1176| 476| &end_cert_to_len); 1177| 476| if (status) { ------------------ | Branch (1177:9): [True: 476, False: 0] ------------------ 1178| 476| if ((end_cert_from_len == 0) && ------------------ | Branch (1178:13): [True: 0, False: 476] ------------------ 1179| 476| (cert_model != SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT)) { ------------------ | | 600| 0|#define SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT 0x3 ------------------ | Branch (1179:13): [True: 0, False: 0] ------------------ 1180| 0| status = false; 1181| 0| goto cleanup; 1182| 0| } 1183| 476| } else { 1184| 0| if (end_cert_from_len == 0) { ------------------ | Branch (1184:13): [True: 0, False: 0] ------------------ 1185| 0| status = false; 1186| 0| goto cleanup; 1187| 0| } 1188| 0| } 1189| | 1190| 476| if (end_cert_from_len != 0) { ------------------ | Branch (1190:9): [True: 476, False: 0] ------------------ 1191| 476| status = libspdm_internal_x509_date_time_check( 1192| 476| end_cert_from, end_cert_from_len, end_cert_to, end_cert_to_len); 1193| 476| if (!status) { ------------------ | Branch (1193:13): [True: 0, False: 476] ------------------ 1194| 0| goto cleanup; 1195| 0| } 1196| 476| } 1197| | 1198| | /* 8. subject_public_key*/ 1199| 476| status = libspdm_asym_get_public_key_from_x509(base_asym_algo, cert, cert_size, &context); 1200| 476| if (!status) { ------------------ | Branch (1200:9): [True: 0, False: 476] ------------------ 1201| 0| goto cleanup; 1202| 0| } 1203| | 1204| | /* 9. key_usage 1205| | * If this is a SET_CERTIFICATE operation and the endpoint uses the AliasCert model then the 1206| | * check should be skipped as the SPDM specification does not specify the presence or absence 1207| | * of the Device Certificate CA's keyUsage field. */ 1208| 476| if (!set_cert || (cert_model != SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT)) { ------------------ | | 599| 0|#define SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT 0x2 ------------------ | Branch (1208:9): [True: 476, False: 0] | Branch (1208:22): [True: 0, False: 0] ------------------ 1209| 476| size_t value = 0; 1210| | 1211| 476| status = libspdm_x509_get_key_usage(cert, cert_size, &value); 1212| 476| if (!status) { ------------------ | Branch (1212:13): [True: 0, False: 476] ------------------ 1213| 0| goto cleanup; 1214| 476| } else { 1215| 476| if (value == 0) { ------------------ | Branch (1215:17): [True: 0, False: 476] ------------------ 1216| 0| if (cert_model != SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT) { ------------------ | | 600| 0|#define SPDM_CERTIFICATE_INFO_CERT_MODEL_GENERIC_CERT 0x3 ------------------ | Branch (1216:21): [True: 0, False: 0] ------------------ 1217| 0| status = false; 1218| 0| goto cleanup; 1219| 0| } 1220| 476| } else { 1221| 476| if ((LIBSPDM_CRYPTO_X509_KU_DIGITAL_SIGNATURE & value) == 0) { ------------------ | | 62| 476|#define LIBSPDM_CRYPTO_X509_KU_DIGITAL_SIGNATURE 0x80 ------------------ | Branch (1221:21): [True: 0, False: 476] ------------------ 1222| 0| status = false; 1223| 0| goto cleanup; 1224| 0| } 1225| 476| } 1226| 476| } 1227| 476| } 1228| | 1229| | /* 10. verify spdm defined extended key usage*/ 1230| 476| status = libspdm_verify_leaf_cert_spdm_eku(cert, cert_size, is_requester_cert); 1231| 476| if (!status) { ------------------ | Branch (1231:9): [True: 0, False: 476] ------------------ 1232| 0| goto cleanup; 1233| 0| } 1234| | 1235| 476| if ((!set_cert) || (cert_model == SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT)) { ------------------ | | 598| 0|#define SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT 0x1 ------------------ | Branch (1235:9): [True: 476, False: 0] | Branch (1235:24): [True: 0, False: 0] ------------------ 1236| | /* 11. verify spdm defined extension*/ 1237| 476| status = libspdm_verify_leaf_cert_spdm_extension(cert, cert_size, 1238| 476| is_requester_cert, cert_model); 1239| 476| if (!status) { ------------------ | Branch (1239:13): [True: 0, False: 476] ------------------ 1240| 0| goto cleanup; 1241| 0| } 1242| 476| } 1243| | 1244| 476|cleanup: 1245| 476| libspdm_asym_free(base_asym_algo, context); 1246| 476| return status; 1247| 476|} libspdm_x509_certificate_check: 1268| 476|{ 1269| 476| bool status; 1270| 476| uint8_t cert_model; 1271| | 1272| 476| if (is_device_cert_model) { ------------------ | Branch (1272:9): [True: 476, False: 0] ------------------ 1273| 476| cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT; ------------------ | | 598| 476|#define SPDM_CERTIFICATE_INFO_CERT_MODEL_DEVICE_CERT 0x1 ------------------ 1274| 476| } else { 1275| 0| cert_model = SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT; ------------------ | | 599| 0|#define SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT 0x2 ------------------ 1276| 0| } 1277| | 1278| 476| status = libspdm_x509_common_certificate_check(cert, cert_size, base_asym_algo, 1279| 476| base_hash_algo, is_requester, 1280| 476| cert_model, false); 1281| 476| if (!status) { ------------------ | Branch (1281:9): [True: 0, False: 476] ------------------ 1282| 0| return false; 1283| 0| } 1284| | 1285| | /* verify basic constraints: the leaf cert always is ca:false in get_cert*/ 1286| 476| status = libspdm_verify_leaf_cert_basic_constraints(cert, cert_size, false); 1287| 476| return status; 1288| 476|} libspdm_verify_cert_chain_data: 1669| 476|{ 1670| 476| const uint8_t *root_cert_buffer; 1671| 476| size_t root_cert_buffer_size; 1672| 476| const uint8_t *leaf_cert_buffer; 1673| 476| size_t leaf_cert_buffer_size; 1674| | 1675| 476| if (cert_chain_data_size > ------------------ | Branch (1675:9): [True: 0, False: 476] ------------------ 1676| 476| 0xFFFF - (sizeof(spdm_cert_chain_t) + LIBSPDM_MAX_HASH_SIZE)) { ------------------ | | 65| 476|#define LIBSPDM_MAX_HASH_SIZE 64 ------------------ 1677| 0| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, 1678| 0| "!!! VerifyCertificateChainData - FAIL (chain size too large) !!!\n")); 1679| 0| return false; 1680| 0| } 1681| | 1682| 476| if (!libspdm_x509_get_cert_from_cert_chain( ------------------ | Branch (1682:9): [True: 0, False: 476] ------------------ 1683| 476| cert_chain_data, cert_chain_data_size, 0, &root_cert_buffer, 1684| 476| &root_cert_buffer_size)) { 1685| 0| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, 1686| 0| "!!! VerifyCertificateChainData - FAIL (get root certificate failed)!!!\n")); 1687| 0| return false; 1688| 0| } 1689| | 1690| 476| if (!libspdm_x509_verify_cert_chain(root_cert_buffer, root_cert_buffer_size, ------------------ | Branch (1690:9): [True: 0, False: 476] ------------------ 1691| 476| cert_chain_data, cert_chain_data_size)) { 1692| 0| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, 1693| 0| "!!! VerifyCertificateChainData - FAIL (cert chain verify failed)!!!\n")); 1694| 0| return false; 1695| 0| } 1696| | 1697| 476| if (!libspdm_x509_get_cert_from_cert_chain( ------------------ | Branch (1697:9): [True: 0, False: 476] ------------------ 1698| 476| cert_chain_data, cert_chain_data_size, -1, 1699| 476| &leaf_cert_buffer, &leaf_cert_buffer_size)) { 1700| 0| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, 1701| 0| "!!! VerifyCertificateChainData - FAIL (get leaf certificate failed)!!!\n")); 1702| 0| return false; 1703| 0| } 1704| | 1705| 476| if (!libspdm_x509_certificate_check(leaf_cert_buffer, leaf_cert_buffer_size, ------------------ | Branch (1705:9): [True: 0, False: 476] ------------------ 1706| 476| base_asym_algo, base_hash_algo, 1707| 476| is_requester_cert, is_device_cert_model)) { 1708| 0| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, 1709| 0| "!!! VerifyCertificateChainData - FAIL (leaf certificate check failed)!!!\n")); 1710| 0| return false; 1711| 0| } 1712| | 1713| 476| return true; 1714| 476|} libspdm_get_leaf_cert_public_key_from_cert_chain: 1918| 119|{ 1919| 119| size_t hash_size; 1920| 119| const uint8_t *cert_buffer; 1921| 119| size_t cert_buffer_size; 1922| 119| bool result; 1923| | 1924| 119| hash_size = libspdm_get_hash_size(base_hash_algo); 1925| | 1926| 119| cert_chain_data = cert_chain_data + sizeof(spdm_cert_chain_t) + hash_size; 1927| 119| cert_chain_data_size = cert_chain_data_size - (sizeof(spdm_cert_chain_t) + hash_size); 1928| | 1929| | /* Get leaf cert from cert chain */ 1930| 119| result = libspdm_x509_get_cert_from_cert_chain(cert_chain_data, 1931| 119| cert_chain_data_size, -1, 1932| 119| &cert_buffer, &cert_buffer_size); 1933| 119| if (!result) { ------------------ | Branch (1933:9): [True: 0, False: 119] ------------------ 1934| 0| return false; 1935| 0| } 1936| | 1937| 119| result = libspdm_asym_get_public_key_from_x509( 1938| 119| base_asym_alg, 1939| 119| cert_buffer, cert_buffer_size, public_key); 1940| 119| if (!result) { ------------------ | Branch (1940:9): [True: 0, False: 119] ------------------ 1941| 0| return false; 1942| 0| } 1943| | 1944| 119| return true; 1945| 119|} libspdm_crypt_cert.c:libspdm_get_asym_get_public_key_from_x509: 124| 595|{ 125| 595| switch (base_asym_algo) { 126| 238| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048: ------------------ | | 371| 238|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 0x00000001 ------------------ | Branch (126:5): [True: 238, False: 357] ------------------ 127| 238| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072: ------------------ | | 373| 238|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 0x00000004 ------------------ | Branch (127:5): [True: 0, False: 595] ------------------ 128| 238| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096: ------------------ | | 376| 238|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 0x00000020 ------------------ | Branch (128:5): [True: 0, False: 595] ------------------ 129| 238| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048: ------------------ | | 372| 238|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 0x00000002 ------------------ | Branch (129:5): [True: 0, False: 595] ------------------ 130| 238| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072: ------------------ | | 374| 238|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072 0x00000008 ------------------ | Branch (130:5): [True: 0, False: 595] ------------------ 131| 238| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096: ------------------ | | 377| 238|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096 0x00000040 ------------------ | Branch (131:5): [True: 0, False: 595] ------------------ 132| 238|#if (LIBSPDM_RSA_SSA_SUPPORT) || (LIBSPDM_RSA_PSS_SUPPORT) 133| |#if !LIBSPDM_RSA_SSA_2048_SUPPORT 134| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048); 135| |#endif 136| |#if !LIBSPDM_RSA_SSA_3072_SUPPORT 137| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072); 138| |#endif 139| |#if !LIBSPDM_RSA_SSA_4096_SUPPORT 140| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096); 141| |#endif 142| |#if !LIBSPDM_RSA_PSS_2048_SUPPORT 143| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048); 144| |#endif 145| |#if !LIBSPDM_RSA_PSS_3072_SUPPORT 146| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072); 147| |#endif 148| |#if !LIBSPDM_RSA_PSS_4096_SUPPORT 149| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096); 150| |#endif 151| 238| return libspdm_rsa_get_public_key_from_x509; 152| |#else 153| | LIBSPDM_ASSERT(false); 154| | break; 155| |#endif 156| 357| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256: ------------------ | | 375| 357|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 0x00000010 ------------------ | Branch (156:5): [True: 357, False: 238] ------------------ 157| 357| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384: ------------------ | | 378| 357|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 0x00000080 ------------------ | Branch (157:5): [True: 0, False: 595] ------------------ 158| 357| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521: ------------------ | | 379| 357|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 0x00000100 ------------------ | Branch (158:5): [True: 0, False: 595] ------------------ 159| 357|#if LIBSPDM_ECDSA_SUPPORT 160| |#if !LIBSPDM_ECDSA_P256_SUPPORT 161| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256); 162| |#endif 163| |#if !LIBSPDM_ECDSA_P384_SUPPORT 164| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384); 165| |#endif 166| |#if !LIBSPDM_ECDSA_P521_SUPPORT 167| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521); 168| |#endif 169| 357| return libspdm_ec_get_public_key_from_x509; 170| |#else 171| | LIBSPDM_ASSERT(false); 172| | break; 173| |#endif 174| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519: ------------------ | | 385| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 0x00000400 ------------------ | Branch (174:5): [True: 0, False: 595] ------------------ 175| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448: ------------------ | | 386| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 0x00000800 ------------------ | Branch (175:5): [True: 0, False: 595] ------------------ 176| |#if (LIBSPDM_EDDSA_ED25519_SUPPORT) || (LIBSPDM_EDDSA_ED448_SUPPORT) 177| |#if !LIBSPDM_EDDSA_ED25519_SUPPORT 178| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519); 179| |#endif 180| |#if !LIBSPDM_EDDSA_ED448_SUPPORT 181| | LIBSPDM_ASSERT(base_asym_algo!= SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448); 182| |#endif 183| | return libspdm_ecd_get_public_key_from_x509; 184| |#else 185| 0| LIBSPDM_ASSERT(false); 186| 0| break; 187| 0|#endif 188| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256: ------------------ | | 384| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 0x00000200 ------------------ | Branch (188:5): [True: 0, False: 595] ------------------ 189| |#if LIBSPDM_SM2_DSA_SUPPORT 190| | return libspdm_sm2_get_public_key_from_x509; 191| |#else 192| 0| LIBSPDM_ASSERT(false); 193| 0| break; 194| 0|#endif 195| 0| default: ------------------ | Branch (195:5): [True: 0, False: 595] ------------------ 196| 0| LIBSPDM_ASSERT(false); 197| 0| break; 198| 595| } 199| | 200| 0| return NULL; 201| 595|} libspdm_crypt_cert.c:libspdm_verify_cert_subject_public_key_info: 693| 476|{ 694| 476| size_t oid_len; 695| 476| bool status; 696| | 697| | /*public key encrypt algo OID from cert*/ 698| 476| uint8_t cert_public_key_crypt_algo_oid[LIBSPDM_MAX_ENCRYPTION_ALGO_OID_LEN]; 699| | /*public key encrypt algo OID from libspdm stored*/ 700| 476| uint8_t libspdm_public_key_crypt_algo_oid[LIBSPDM_MAX_ENCRYPTION_ALGO_OID_LEN]; 701| 476| uint8_t libspdm_public_key_crypt_algo_oid_other[LIBSPDM_MAX_ENCRYPTION_ALGO_OID_LEN]; 702| | 703| 476| libspdm_zero_mem(libspdm_public_key_crypt_algo_oid, LIBSPDM_MAX_ENCRYPTION_ALGO_OID_LEN); ------------------ | | 32| 476|#define LIBSPDM_MAX_ENCRYPTION_ALGO_OID_LEN 10 ------------------ 704| 476| libspdm_zero_mem(libspdm_public_key_crypt_algo_oid_other, LIBSPDM_MAX_ENCRYPTION_ALGO_OID_LEN); ------------------ | | 32| 476|#define LIBSPDM_MAX_ENCRYPTION_ALGO_OID_LEN 10 ------------------ 705| | 706| | /*work around: skip the sm2*/ 707| 476| if (base_asym_algo == SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256) { ------------------ | | 384| 476|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 0x00000200 ------------------ | Branch (707:9): [True: 0, False: 476] ------------------ 708| 0| return true; 709| 0| } 710| | 711| 476| oid_len = libspdm_get_public_key_algo_OID_len(base_asym_algo); 712| 476| if(oid_len == 0) { ------------------ | Branch (712:8): [True: 0, False: 476] ------------------ 713| 0| return false; 714| 0| } 715| | /*get public key encrypt algo OID from libspdm stored*/ 716| 476| status = libspdm_get_public_key_algo_OID(base_asym_algo, 717| 476| libspdm_public_key_crypt_algo_oid, 718| 476| libspdm_public_key_crypt_algo_oid_other); 719| 476| if (!status) { ------------------ | Branch (719:9): [True: 0, False: 476] ------------------ 720| 0| return status; 721| 0| } 722| | 723| | /*get public key encrypt algo OID from cert*/ 724| 476| status = libspdm_get_public_key_oid(cert, cert_size, cert_public_key_crypt_algo_oid, oid_len, 725| 476| base_asym_algo); 726| 476| if (!status || (!libspdm_consttime_is_mem_equal(cert_public_key_crypt_algo_oid, ------------------ | Branch (726:9): [True: 0, False: 476] | Branch (726:21): [True: 0, False: 476] ------------------ 727| 476| libspdm_public_key_crypt_algo_oid, oid_len) && 728| 476| !libspdm_consttime_is_mem_equal(cert_public_key_crypt_algo_oid, ------------------ | Branch (728:21): [True: 0, False: 0] ------------------ 729| 0| libspdm_public_key_crypt_algo_oid_other, 730| 0| oid_len))) { 731| 0| return false; 732| 0| } 733| | 734| 476| return status; 735| 476|} libspdm_crypt_cert.c:libspdm_get_public_key_algo_OID_len: 329| 952|{ 330| 952| switch (base_asym_algo) { 331| 238| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048: ------------------ | | 371| 238|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 0x00000001 ------------------ | Branch (331:5): [True: 238, False: 714] ------------------ 332| 238|#if LIBSPDM_RSA_SSA_2048_SUPPORT 333| 238| return 4; 334| |#else 335| | return 0; 336| |#endif 337| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048: ------------------ | | 372| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 0x00000002 ------------------ | Branch (337:5): [True: 0, False: 952] ------------------ 338| 0|#if LIBSPDM_RSA_PSS_2048_SUPPORT 339| 0| return 4; 340| |#else 341| | return 0; 342| |#endif 343| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072: ------------------ | | 373| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 0x00000004 ------------------ | Branch (343:5): [True: 0, False: 952] ------------------ 344| 0|#if LIBSPDM_RSA_SSA_3072_SUPPORT 345| 0| return 4; 346| |#else 347| | return 0; 348| |#endif 349| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072: ------------------ | | 374| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072 0x00000008 ------------------ | Branch (349:5): [True: 0, False: 952] ------------------ 350| 0|#if LIBSPDM_RSA_PSS_3072_SUPPORT 351| 0| return 4; 352| |#else 353| | return 0; 354| |#endif 355| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096: ------------------ | | 376| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 0x00000020 ------------------ | Branch (355:5): [True: 0, False: 952] ------------------ 356| 0|#if LIBSPDM_RSA_SSA_4096_SUPPORT 357| 0| return 4; 358| |#else 359| | return 0; 360| |#endif 361| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096: ------------------ | | 377| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096 0x00000040 ------------------ | Branch (361:5): [True: 0, False: 952] ------------------ 362| 0|#if LIBSPDM_RSA_PSS_4096_SUPPORT 363| 0| return 4; 364| |#else 365| | return 0; 366| |#endif 367| 714| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256: ------------------ | | 375| 714|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 0x00000010 ------------------ | Branch (367:5): [True: 714, False: 238] ------------------ 368| 714|#if LIBSPDM_ECDSA_P256_SUPPORT 369| 714| return 8; 370| |#else 371| | return 0; 372| |#endif 373| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384: ------------------ | | 378| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 0x00000080 ------------------ | Branch (373:5): [True: 0, False: 952] ------------------ 374| 0|#if LIBSPDM_ECDSA_P384_SUPPORT 375| 0| return 5; 376| |#else 377| | return 0; 378| |#endif 379| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521: ------------------ | | 379| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 0x00000100 ------------------ | Branch (379:5): [True: 0, False: 952] ------------------ 380| 0|#if LIBSPDM_ECDSA_P521_SUPPORT 381| 0| return 5; 382| |#else 383| | return 0; 384| |#endif 385| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519: ------------------ | | 385| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 0x00000400 ------------------ | Branch (385:5): [True: 0, False: 952] ------------------ 386| |#if LIBSPDM_EDDSA_ED25519_SUPPORT 387| | return 3; 388| |#else 389| 0| return 0; 390| 0|#endif 391| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448: ------------------ | | 386| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 0x00000800 ------------------ | Branch (391:5): [True: 0, False: 952] ------------------ 392| |#if LIBSPDM_EDDSA_ED448_SUPPORT 393| | return 3; 394| |#else 395| 0| return 0; 396| 0|#endif 397| 0| default: ------------------ | Branch (397:5): [True: 0, False: 952] ------------------ 398| 0| LIBSPDM_ASSERT(false); 399| 0| return 0; 400| 952| } 401| 952|} libspdm_crypt_cert.c:libspdm_get_public_key_algo_OID: 416| 476|{ 417| 476| uint32_t oid_len; 418| 476| oid_len = libspdm_get_public_key_algo_OID_len(base_asym_algo); 419| 476| if(oid_len == 0) { ------------------ | Branch (419:8): [True: 0, False: 476] ------------------ 420| 0| return false; 421| 0| } 422| | 423| 476| switch (base_asym_algo) { 424| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048: ------------------ | | 371| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 0x00000001 ------------------ | Branch (424:5): [True: 119, False: 357] ------------------ 425| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048: { ------------------ | | 372| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 0x00000002 ------------------ | Branch (425:5): [True: 0, False: 476] ------------------ 426| 119|#if (LIBSPDM_RSA_SSA_2048_SUPPORT) || (LIBSPDM_RSA_PSS_2048_SUPPORT) 427| 119| uint8_t encry_algo_oid_rsa2048[] = KEY_ENCRY_ALGO_RSA2048_FLAG; ------------------ | | 46| 119|#define KEY_ENCRY_ALGO_RSA2048_FLAG {0x02, 0x82, 0x01, 0x01} ------------------ 428| 119| uint8_t encry_algo_oid_rsa2048_ohter[] = KEY_ENCRY_ALGO_RSA2048_FLAG_OTHER; ------------------ | | 48| 119|#define KEY_ENCRY_ALGO_RSA2048_FLAG_OTHER {0x02, 0x82, 0x01, 0x00} ------------------ 429| 119| libspdm_copy_mem(oid, oid_len, encry_algo_oid_rsa2048, oid_len); 430| 119| libspdm_copy_mem(oid_other, oid_len, encry_algo_oid_rsa2048_ohter, oid_len); 431| 119| return true; 432| |#else 433| | return false; 434| |#endif 435| 119| } 436| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072: ------------------ | | 373| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 0x00000004 ------------------ | Branch (436:5): [True: 0, False: 476] ------------------ 437| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072: { ------------------ | | 374| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072 0x00000008 ------------------ | Branch (437:5): [True: 0, False: 476] ------------------ 438| 0|#if (LIBSPDM_RSA_SSA_3072_SUPPORT) || (LIBSPDM_RSA_PSS_3072_SUPPORT) 439| 0| uint8_t encry_algo_oid_rsa3072[] = KEY_ENCRY_ALGO_RSA3072_FLAG; ------------------ | | 51| 0|#define KEY_ENCRY_ALGO_RSA3072_FLAG {0x02, 0x82, 0x01, 0x81} ------------------ 440| 0| uint8_t encry_algo_oid_rsa3072_ohter[] = KEY_ENCRY_ALGO_RSA3072_FLAG_OTHER; ------------------ | | 53| 0|#define KEY_ENCRY_ALGO_RSA3072_FLAG_OTHER {0x02, 0x82, 0x01, 0x80} ------------------ 441| 0| libspdm_copy_mem(oid, oid_len, encry_algo_oid_rsa3072, oid_len); 442| 0| libspdm_copy_mem(oid_other, oid_len, encry_algo_oid_rsa3072_ohter, oid_len); 443| 0| return true; 444| |#else 445| | return false; 446| |#endif 447| 0| } 448| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096: ------------------ | | 376| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 0x00000020 ------------------ | Branch (448:5): [True: 0, False: 476] ------------------ 449| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096: { ------------------ | | 377| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096 0x00000040 ------------------ | Branch (449:5): [True: 0, False: 476] ------------------ 450| 0|#if (LIBSPDM_RSA_SSA_4096_SUPPORT) || (LIBSPDM_RSA_PSS_4096_SUPPORT) 451| 0| uint8_t encry_algo_oid_rsa4096[] = KEY_ENCRY_ALGO_RSA4096_FLAG; ------------------ | | 56| 0|#define KEY_ENCRY_ALGO_RSA4096_FLAG {0x02, 0x82, 0x02, 0x01} ------------------ 452| 0| uint8_t encry_algo_oid_rsa4096_ohter[] = KEY_ENCRY_ALGO_RSA4096_FLAG_OTHER; ------------------ | | 58| 0|#define KEY_ENCRY_ALGO_RSA4096_FLAG_OTHER {0x02, 0x82, 0x02, 0x00} ------------------ 453| 0| libspdm_copy_mem(oid, oid_len, encry_algo_oid_rsa4096, oid_len); 454| 0| libspdm_copy_mem(oid_other, oid_len, encry_algo_oid_rsa4096_ohter, oid_len); 455| 0| return true; 456| |#else 457| | return false; 458| |#endif 459| 0| } 460| | 461| 357| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256: { ------------------ | | 375| 357|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 0x00000010 ------------------ | Branch (461:5): [True: 357, False: 119] ------------------ 462| 357|#if LIBSPDM_ECDSA_P256_SUPPORT 463| 357| uint8_t encry_algo_oid_ecc256[] = KEY_ENCRY_ALGO_ECC256_OID; ------------------ | | 70| 357|#define KEY_ENCRY_ALGO_ECC256_OID {0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07} ------------------ 464| 357| libspdm_copy_mem(oid, oid_len, encry_algo_oid_ecc256, oid_len); 465| 357| return true; 466| |#else 467| | return false; 468| |#endif 469| 0| } 470| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384: { ------------------ | | 378| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 0x00000080 ------------------ | Branch (470:5): [True: 0, False: 476] ------------------ 471| 0|#if LIBSPDM_ECDSA_P384_SUPPORT 472| 0| uint8_t encry_algo_oid_ecc384[] = KEY_ENCRY_ALGO_ECC384_OID; ------------------ | | 73| 0|#define KEY_ENCRY_ALGO_ECC384_OID {0x2B, 0x81, 0x04, 0x00, 0x22} ------------------ 473| 0| libspdm_copy_mem(oid, oid_len, encry_algo_oid_ecc384, oid_len); 474| 0| return true; 475| |#else 476| | return false; 477| |#endif 478| 0| } 479| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521: { ------------------ | | 379| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 0x00000100 ------------------ | Branch (479:5): [True: 0, False: 476] ------------------ 480| 0|#if LIBSPDM_ECDSA_P521_SUPPORT 481| 0| uint8_t encry_algo_oid_ecc521[] = KEY_ENCRY_ALGO_ECC521_OID; ------------------ | | 76| 0|#define KEY_ENCRY_ALGO_ECC521_OID {0x2B, 0x81, 0x04, 0x00, 0x23} ------------------ 482| 0| libspdm_copy_mem(oid, oid_len, encry_algo_oid_ecc521, oid_len); 483| 0| return true; 484| |#else 485| | return false; 486| |#endif 487| 0| } 488| | 489| | /*sm2 oid TBD*/ 490| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256: ------------------ | | 384| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 0x00000200 ------------------ | Branch (490:5): [True: 0, False: 476] ------------------ 491| 0| return true; 492| | 493| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519: { ------------------ | | 385| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 0x00000400 ------------------ | Branch (493:5): [True: 0, False: 476] ------------------ 494| |#if LIBSPDM_EDDSA_ED25519_SUPPORT 495| | uint8_t encry_algo_oid_ed25519[] = ENCRY_ALGO_ED25519_OID; 496| | libspdm_copy_mem(oid, oid_len, encry_algo_oid_ed25519, oid_len); 497| | return true; 498| |#else 499| 0| return false; 500| 0|#endif 501| 0| break; 502| 0| } 503| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448: { ------------------ | | 386| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 0x00000800 ------------------ | Branch (503:5): [True: 0, False: 476] ------------------ 504| |#if LIBSPDM_EDDSA_ED448_SUPPORT 505| | uint8_t encry_algo_oid_ed448[] = ENCRY_ALGO_ED448_OID; 506| | libspdm_copy_mem(oid, oid_len, encry_algo_oid_ed448, oid_len); 507| | return true; 508| |#else 509| 0| return false; 510| 0|#endif 511| 0| break; 512| 0| } 513| | 514| 0| default: ------------------ | Branch (514:5): [True: 0, False: 476] ------------------ 515| 0| LIBSPDM_ASSERT(false); 516| 0| return false; 517| 476| } 518| 476|} libspdm_crypt_cert.c:libspdm_get_public_key_oid: 534| 476|{ 535| 476| bool ret; 536| 476| uint8_t *ptr; 537| 476| int32_t length; 538| 476| size_t obj_len; 539| 476| uint8_t *end; 540| 476| uint8_t index; 541| 476| uint8_t sequence_time; 542| | 543| 476| length = (int32_t)cert_size; 544| 476| ptr = (uint8_t*)(size_t)cert; 545| 476| obj_len = 0; 546| 476| end = ptr + length; 547| 476| ret = true; 548| | 549| | /* TBSCertificate have 5 sequence before subjectPublicKeyInfo*/ 550| 476| sequence_time = 5; 551| | 552| | /*all cert sequence*/ 553| 476| ret = libspdm_asn1_get_tag(&ptr, end, &obj_len, 554| 476| LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 80| 476|#define LIBSPDM_CRYPTO_ASN1_SEQUENCE 0x10 ------------------ LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 90| 476|#define LIBSPDM_CRYPTO_ASN1_CONSTRUCTED 0x20 ------------------ 555| 476| if (!ret) { ------------------ | Branch (555:9): [True: 0, False: 476] ------------------ 556| 0| return false; 557| 0| } 558| | 559| | /*TBSCertificate sequence*/ 560| 476| ret = libspdm_asn1_get_tag(&ptr, end, &obj_len, 561| 476| LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 80| 476|#define LIBSPDM_CRYPTO_ASN1_SEQUENCE 0x10 ------------------ LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 90| 476|#define LIBSPDM_CRYPTO_ASN1_CONSTRUCTED 0x20 ------------------ 562| 476| if (!ret) { ------------------ | Branch (562:9): [True: 0, False: 476] ------------------ 563| 0| return false; 564| 0| } 565| | 566| 476| end = ptr + obj_len; 567| | /*version*/ 568| 476| ret = libspdm_asn1_get_tag(&ptr, end, &obj_len, 569| 476| LIBSPDM_CRYPTO_ASN1_CONTEXT_SPECIFIC | ------------------ | | 91| 476|#define LIBSPDM_CRYPTO_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ 570| 476| LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 90| 476|#define LIBSPDM_CRYPTO_ASN1_CONSTRUCTED 0x20 ------------------ 571| 476| if (!ret) { ------------------ | Branch (571:9): [True: 0, False: 476] ------------------ 572| 0| return false; 573| 0| } 574| | 575| 476| ptr += obj_len; 576| | /*serialNumber*/ 577| 476| ret = libspdm_asn1_get_tag(&ptr, end, &obj_len, LIBSPDM_CRYPTO_ASN1_INTEGER); ------------------ | | 74| 476|#define LIBSPDM_CRYPTO_ASN1_INTEGER 0x02 ------------------ 578| 476| if (!ret) { ------------------ | Branch (578:9): [True: 0, False: 476] ------------------ 579| 0| return false; 580| 0| } 581| | 582| | /** 583| | * signature AlgorithmIdentifier, 584| | * issuer Name, 585| | * validity Validity, 586| | * subject Name, 587| | * subjectPublicKeyInfo 588| | **/ 589| 2.85k| for (index = 0; index < sequence_time; index++) { ------------------ | Branch (589:21): [True: 2.38k, False: 476] ------------------ 590| 2.38k| ptr += obj_len; 591| 2.38k| ret = libspdm_asn1_get_tag(&ptr, end, &obj_len, 592| 2.38k| LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 80| 2.38k|#define LIBSPDM_CRYPTO_ASN1_SEQUENCE 0x10 ------------------ LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 90| 2.38k|#define LIBSPDM_CRYPTO_ASN1_CONSTRUCTED 0x20 ------------------ 593| 2.38k| if (!ret) { ------------------ | Branch (593:13): [True: 0, False: 2.38k] ------------------ 594| 0| return false; 595| 0| } 596| 2.38k| } 597| | 598| 476| switch (base_asym_algo) 599| 476| { 600| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048: ------------------ | | 371| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 0x00000001 ------------------ | Branch (600:5): [True: 119, False: 357] ------------------ 601| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048: ------------------ | | 372| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 0x00000002 ------------------ | Branch (601:5): [True: 0, False: 476] ------------------ 602| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072: ------------------ | | 373| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 0x00000004 ------------------ | Branch (602:5): [True: 0, False: 476] ------------------ 603| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072: ------------------ | | 374| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072 0x00000008 ------------------ | Branch (603:5): [True: 0, False: 476] ------------------ 604| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096: ------------------ | | 376| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 0x00000020 ------------------ | Branch (604:5): [True: 0, False: 476] ------------------ 605| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096: ------------------ | | 377| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096 0x00000040 ------------------ | Branch (605:5): [True: 0, False: 476] ------------------ 606| 119| ret = libspdm_asn1_get_tag(&ptr, end, &obj_len, 607| 119| LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 80| 119|#define LIBSPDM_CRYPTO_ASN1_SEQUENCE 0x10 ------------------ LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 90| 119|#define LIBSPDM_CRYPTO_ASN1_CONSTRUCTED 0x20 ------------------ 608| 119| if (!ret) { ------------------ | Branch (608:13): [True: 0, False: 119] ------------------ 609| 0| return false; 610| 0| } 611| | 612| 119| ptr += obj_len; 613| 119| ret = libspdm_asn1_get_tag(&ptr, end, &obj_len, LIBSPDM_CRYPTO_ASN1_BIT_STRING); ------------------ | | 75| 119|#define LIBSPDM_CRYPTO_ASN1_BIT_STRING 0x03 ------------------ 614| 119| if (!ret) { ------------------ | Branch (614:13): [True: 0, False: 119] ------------------ 615| 0| return false; 616| 0| } 617| | 618| | /*get rsa key len*/ 619| 119| ptr++; 620| 119| ret = libspdm_asn1_get_tag(&ptr, end, &obj_len, 621| 119| LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 80| 119|#define LIBSPDM_CRYPTO_ASN1_SEQUENCE 0x10 ------------------ LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 90| 119|#define LIBSPDM_CRYPTO_ASN1_CONSTRUCTED 0x20 ------------------ 622| 119| if (!ret) { ------------------ | Branch (622:13): [True: 0, False: 119] ------------------ 623| 0| return false; 624| 0| } 625| 119| libspdm_copy_mem(oid, oid_size, ptr, oid_size); 626| 119| break; 627| 357| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256: ------------------ | | 375| 357|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 0x00000010 ------------------ | Branch (627:5): [True: 357, False: 119] ------------------ 628| 357| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384: ------------------ | | 378| 357|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 0x00000080 ------------------ | Branch (628:5): [True: 0, False: 476] ------------------ 629| 357| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521: ------------------ | | 379| 357|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 0x00000100 ------------------ | Branch (629:5): [True: 0, False: 476] ------------------ 630| 357| ret = libspdm_asn1_get_tag(&ptr, end, &obj_len, 631| 357| LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 80| 357|#define LIBSPDM_CRYPTO_ASN1_SEQUENCE 0x10 ------------------ LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 90| 357|#define LIBSPDM_CRYPTO_ASN1_CONSTRUCTED 0x20 ------------------ 632| 357| if (!ret) { ------------------ | Branch (632:13): [True: 0, False: 357] ------------------ 633| 0| return false; 634| 0| } 635| 357| ret = libspdm_asn1_get_tag(&ptr, end, &obj_len, LIBSPDM_CRYPTO_ASN1_OID); ------------------ | | 78| 357|#define LIBSPDM_CRYPTO_ASN1_OID 0x06 ------------------ 636| 357| if (!ret) { ------------------ | Branch (636:13): [True: 0, False: 357] ------------------ 637| 0| return false; 638| 0| } 639| | 640| | /*get ecc second oid*/ 641| 357| ptr +=obj_len; 642| 357| ret = libspdm_asn1_get_tag(&ptr, end, &obj_len, LIBSPDM_CRYPTO_ASN1_OID); ------------------ | | 78| 357|#define LIBSPDM_CRYPTO_ASN1_OID 0x06 ------------------ 643| 357| if (!ret) { ------------------ | Branch (643:13): [True: 0, False: 357] ------------------ 644| 0| return false; 645| 0| } 646| | 647| 357| if (oid_size != obj_len) { ------------------ | Branch (647:13): [True: 0, False: 357] ------------------ 648| 0| return false; 649| 0| } 650| | 651| 357| libspdm_copy_mem(oid, oid_size, ptr, obj_len); 652| 357| break; 653| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519: ------------------ | | 385| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 0x00000400 ------------------ | Branch (653:5): [True: 0, False: 476] ------------------ 654| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448: ------------------ | | 386| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 0x00000800 ------------------ | Branch (654:5): [True: 0, False: 476] ------------------ 655| 0| ret = libspdm_asn1_get_tag(&ptr, end, &obj_len, 656| 0| LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 80| 0|#define LIBSPDM_CRYPTO_ASN1_SEQUENCE 0x10 ------------------ LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 90| 0|#define LIBSPDM_CRYPTO_ASN1_CONSTRUCTED 0x20 ------------------ 657| 0| if (!ret) { ------------------ | Branch (657:13): [True: 0, False: 0] ------------------ 658| 0| return false; 659| 0| } 660| | 661| | /*get eddsa oid*/ 662| 0| ret = libspdm_asn1_get_tag(&ptr, end, &obj_len, LIBSPDM_CRYPTO_ASN1_OID); ------------------ | | 78| 0|#define LIBSPDM_CRYPTO_ASN1_OID 0x06 ------------------ 663| 0| if (!ret) { ------------------ | Branch (663:13): [True: 0, False: 0] ------------------ 664| 0| return false; 665| 0| } 666| | 667| 0| if (oid_size != obj_len) { ------------------ | Branch (667:13): [True: 0, False: 0] ------------------ 668| 0| return false; 669| 0| } 670| | 671| 0| libspdm_copy_mem(oid, oid_size, ptr, obj_len); 672| 0| break; 673| 0| default: ------------------ | Branch (673:5): [True: 0, False: 476] ------------------ 674| 0| LIBSPDM_ASSERT(false); 675| 0| return false; 676| 476| } 677| | 678| 476| return true; 679| 476|} libspdm_crypt_cert.c:libspdm_internal_x509_date_time_check: 285| 476|{ 286| 476| int32_t ret; 287| 476| bool status; 288| 476| uint8_t f0[64]; 289| 476| uint8_t t0[64]; 290| 476| size_t f0_size; 291| 476| size_t t0_size; 292| | 293| 476| f0_size = 64; 294| 476| t0_size = 64; 295| | 296| 476| status = libspdm_x509_set_date_time("19700101000000Z", f0, &f0_size); 297| 476| if (!status) { ------------------ | Branch (297:9): [True: 0, False: 476] ------------------ 298| 0| return false; 299| 0| } 300| | 301| 476| status = libspdm_x509_set_date_time("99991231235959Z", t0, &t0_size); 302| 476| if (!status) { ------------------ | Branch (302:9): [True: 0, False: 476] ------------------ 303| 0| return false; 304| 0| } 305| | 306| | /* from >= f0*/ 307| 476| ret = libspdm_x509_compare_date_time(from, f0); 308| 476| if (ret < 0) { ------------------ | Branch (308:9): [True: 0, False: 476] ------------------ 309| 0| return false; 310| 0| } 311| | 312| | /* to <= t0*/ 313| 476| ret = libspdm_x509_compare_date_time(t0, to); 314| 476| if (ret < 0) { ------------------ | Branch (314:9): [True: 0, False: 476] ------------------ 315| 0| return false; 316| 0| } 317| | 318| 476| return true; 319| 476|} libspdm_crypt_cert.c:libspdm_verify_leaf_cert_spdm_eku: 887| 476|{ 888| 476| bool status; 889| 476| uint8_t eku[256]; 890| 476| size_t eku_size; 891| 476| bool req_auth_oid_find_success; 892| 476| bool rsp_auth_oid_find_success; 893| 476| uint8_t *ptr; 894| 476| size_t obj_len; 895| | 896| | /* SPDM defined OID */ 897| 476| uint8_t eku_requester_auth_oid[] = SPDM_OID_DMTF_EKU_REQUESTER_AUTH; ------------------ | | 1533| 476| { /*0x06, 0x0A,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x04 } ------------------ 898| 476| uint8_t eku_responder_auth_oid[] = SPDM_OID_DMTF_EKU_RESPONDER_AUTH; ------------------ | | 1530| 476| { /*0x06, 0x0A,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x03 } ------------------ 899| | 900| 476| eku_size = sizeof(eku); 901| 476| status = libspdm_x509_get_extended_key_usage(cert, cert_size, eku, &eku_size); 902| 476| if (!status) { ------------------ | Branch (902:9): [True: 0, False: 476] ------------------ 903| 0| return false; 904| 476| } else if (eku_size == 0) { ------------------ | Branch (904:16): [True: 0, False: 476] ------------------ 905| | /* eku is not present in cert */ 906| 0| return true; 907| 0| } 908| | 909| 476| ptr = eku; 910| 476| obj_len = 0; 911| 476| req_auth_oid_find_success = false; 912| 476| rsp_auth_oid_find_success = false; 913| | 914| 476| status = libspdm_asn1_get_tag(&ptr, eku + eku_size, &obj_len, 915| 476| LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 80| 476|#define LIBSPDM_CRYPTO_ASN1_SEQUENCE 0x10 ------------------ LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 90| 476|#define LIBSPDM_CRYPTO_ASN1_CONSTRUCTED 0x20 ------------------ 916| 476| if (!status) { ------------------ | Branch (916:9): [True: 0, False: 476] ------------------ 917| 0| return false; 918| 0| } 919| | 920| 1.90k| while(ptr < eku + eku_size) { ------------------ | Branch (920:11): [True: 1.42k, False: 476] ------------------ 921| 1.42k| status = libspdm_asn1_get_tag(&ptr, eku + eku_size, &obj_len, LIBSPDM_CRYPTO_ASN1_OID); ------------------ | | 78| 1.42k|#define LIBSPDM_CRYPTO_ASN1_OID 0x06 ------------------ 922| 1.42k| if (!status) { ------------------ | Branch (922:13): [True: 0, False: 1.42k] ------------------ 923| 0| return false; 924| 0| } 925| | 926| 1.42k| if ((obj_len == sizeof(eku_requester_auth_oid)) && ------------------ | Branch (926:13): [True: 0, False: 1.42k] ------------------ 927| 1.42k| (libspdm_consttime_is_mem_equal(ptr, eku_requester_auth_oid, ------------------ | Branch (927:13): [True: 0, False: 0] ------------------ 928| 0| sizeof(eku_requester_auth_oid)))) { 929| 0| req_auth_oid_find_success = true; 930| 0| } 931| 1.42k| if ((obj_len == sizeof(eku_responder_auth_oid)) && ------------------ | Branch (931:13): [True: 0, False: 1.42k] ------------------ 932| 1.42k| (libspdm_consttime_is_mem_equal(ptr, eku_responder_auth_oid, ------------------ | Branch (932:13): [True: 0, False: 0] ------------------ 933| 0| sizeof(eku_responder_auth_oid)))) { 934| 0| rsp_auth_oid_find_success = true; 935| 0| } 936| | 937| 1.42k| ptr += obj_len; 938| 1.42k| } 939| | 940| 476| if (ptr != eku + eku_size) { ------------------ | Branch (940:9): [True: 0, False: 476] ------------------ 941| 0| return false; 942| 0| } 943| | 944| 476| if (is_requester_cert) { ------------------ | Branch (944:9): [True: 0, False: 476] ------------------ 945| | /* it should not only contain responder auth oid */ 946| 0| if (!req_auth_oid_find_success && rsp_auth_oid_find_success) { ------------------ | Branch (946:13): [True: 0, False: 0] | Branch (946:43): [True: 0, False: 0] ------------------ 947| 0| return false; 948| 0| } 949| 476| } else { 950| | /* it should not only contain requester auth oid */ 951| 476| if (req_auth_oid_find_success && !rsp_auth_oid_find_success) { ------------------ | Branch (951:13): [True: 0, False: 476] | Branch (951:42): [True: 0, False: 0] ------------------ 952| 0| return false; 953| 0| } 954| 476| } 955| | 956| 476| return true; 957| 476|} libspdm_crypt_cert.c:libspdm_verify_leaf_cert_spdm_extension: 973| 476|{ 974| 476| bool status; 975| 476| bool find_sucessful; 976| 476| uint8_t spdm_extension[LIBSPDM_MAX_EXTENSION_LEN]; 977| 476| size_t len; 978| 476| uint8_t *ptr; 979| 476| uint8_t *temptr; 980| 476| size_t obj_len; 981| | 982| | /* SPDM defined OID */ 983| 476| uint8_t oid_spdm_extension[] = SPDM_OID_DMTF_SPDM_EXTENSION; ------------------ | | 1539| 476| { /*0x06, 0x0A,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x06 } ------------------ 984| 476| uint8_t hardware_identity_oid[] = SPDM_OID_DMTF_HARDWARE_IDENTITY; ------------------ | | 1527| 476| { /*0x06, 0x0A,*/ 0x2B, 0x06, 0x01, 0x04, 0x01, 0x83, 0x1C, 0x82, 0x12, 0x02 } ------------------ 985| | 986| 476| len = LIBSPDM_MAX_EXTENSION_LEN; ------------------ | | 23| 476|#define LIBSPDM_MAX_EXTENSION_LEN 30 ------------------ 987| | 988| 476| if (cert == NULL || cert_size == 0) { ------------------ | Branch (988:9): [True: 0, False: 476] | Branch (988:25): [True: 0, False: 476] ------------------ 989| 0| return false; 990| 0| } 991| | 992| 476| status = libspdm_x509_get_extension_data(cert, cert_size, 993| 476| (const uint8_t *)oid_spdm_extension, 994| 476| sizeof(oid_spdm_extension), 995| 476| spdm_extension, 996| 476| &len); 997| 476| if (!status) { ------------------ | Branch (997:9): [True: 0, False: 476] ------------------ 998| 0| return false; 999| 476| } else if(len == 0) { ------------------ | Branch (999:15): [True: 0, False: 476] ------------------ 1000| 0| return true; 1001| 0| } 1002| | 1003| | /*find the spdm hardware identity OID*/ 1004| 476| find_sucessful = false; 1005| 476| ptr = spdm_extension; 1006| 476| obj_len = 0; 1007| | 1008| | /*id-spdm-cert-oids ::= SEQUENCE SIZE (1..MAX) OF id-spdm-cert-oid*/ 1009| 476| status = libspdm_asn1_get_tag( 1010| 476| &ptr, spdm_extension + len, &obj_len, 1011| 476| LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 80| 476|#define LIBSPDM_CRYPTO_ASN1_SEQUENCE 0x10 ------------------ LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 90| 476|#define LIBSPDM_CRYPTO_ASN1_CONSTRUCTED 0x20 ------------------ 1012| 476| if (!status) { ------------------ | Branch (1012:9): [True: 0, False: 476] ------------------ 1013| 0| return false; 1014| 0| } 1015| | 1016| 952| while(ptr < spdm_extension + len) { ------------------ | Branch (1016:11): [True: 476, False: 476] ------------------ 1017| 476| status = libspdm_asn1_get_tag( 1018| 476| &ptr, spdm_extension + len, &obj_len, 1019| 476| LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 80| 476|#define LIBSPDM_CRYPTO_ASN1_SEQUENCE 0x10 ------------------ LIBSPDM_CRYPTO_ASN1_SEQUENCE | LIBSPDM_CRYPTO_ASN1_CONSTRUCTED); ------------------ | | 90| 476|#define LIBSPDM_CRYPTO_ASN1_CONSTRUCTED 0x20 ------------------ 1020| 476| if (!status) { ------------------ | Branch (1020:13): [True: 0, False: 476] ------------------ 1021| 0| return false; 1022| 0| } 1023| | 1024| 476| temptr = ptr + obj_len; 1025| 476| status = libspdm_asn1_get_tag( 1026| 476| &ptr, spdm_extension + len, &obj_len, LIBSPDM_CRYPTO_ASN1_OID); ------------------ | | 78| 476|#define LIBSPDM_CRYPTO_ASN1_OID 0x06 ------------------ 1027| 476| if (!status) { ------------------ | Branch (1027:13): [True: 0, False: 476] ------------------ 1028| 0| return false; 1029| 0| } 1030| 476| if ((obj_len == sizeof(hardware_identity_oid)) && ------------------ | Branch (1030:13): [True: 476, False: 0] ------------------ 1031| 476| (libspdm_consttime_is_mem_equal(ptr, hardware_identity_oid, ------------------ | Branch (1031:13): [True: 476, False: 0] ------------------ 1032| 476| sizeof(hardware_identity_oid)))) { 1033| 476| find_sucessful = true; 1034| 476| } 1035| 476| ptr = temptr; 1036| 476| } 1037| | 1038| 476| if (ptr != spdm_extension + len) { ------------------ | Branch (1038:9): [True: 0, False: 476] ------------------ 1039| 0| return false; 1040| 0| } 1041| | 1042| | /* Responder does not determine Requester's certificate model */ 1043| 476| if (!is_requester_cert) { ------------------ | Branch (1043:9): [True: 476, False: 0] ------------------ 1044| 476| if ((find_sucessful) && (cert_model == SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT)) { ------------------ | | 599| 476|#define SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT 0x2 ------------------ | Branch (1044:13): [True: 476, False: 0] | Branch (1044:33): [True: 0, False: 476] ------------------ 1045| | /* Hardware_identity_OID is found in alias cert model */ 1046| 0| return false; 1047| 0| } 1048| 476| } 1049| | 1050| 476| return true; 1051| 476|} libspdm_crypt_cert.c:libspdm_verify_leaf_cert_basic_constraints: 750| 476|{ 751| 476| bool status; 752| | /*basic_constraints from cert*/ 753| 476| uint8_t cert_basic_constraints[LIBSPDM_MAX_BASIC_CONSTRAINTS_CA_LEN]; 754| 476| size_t len; 755| | 756| 476| uint8_t basic_constraints_false_case1[] = BASIC_CONSTRAINTS_STRING_FALSE_CASE1; ------------------ | | 92| 476|#define BASIC_CONSTRAINTS_STRING_FALSE_CASE1 {0x30, 0x00} ------------------ 757| 476| uint8_t basic_constraints_false_case2[] = BASIC_CONSTRAINTS_STRING_FALSE_CASE2; ------------------ | | 95| 476|#define BASIC_CONSTRAINTS_STRING_FALSE_CASE2 {0x30, 0x03, 0x01, 0x01, 0x00} ------------------ 758| | 759| 476| len = LIBSPDM_MAX_BASIC_CONSTRAINTS_CA_LEN; ------------------ | | 37| 476|#define LIBSPDM_MAX_BASIC_CONSTRAINTS_CA_LEN 10 ------------------ 760| | 761| 476| status = libspdm_x509_get_extended_basic_constraints(cert, cert_size, 762| 476| cert_basic_constraints, &len); 763| 476| if (!status) { ------------------ | Branch (763:9): [True: 0, False: 476] ------------------ 764| 0| return false; 765| 476| } else if (len == 0) { ------------------ | Branch (765:16): [True: 0, False: 476] ------------------ 766| | /* basic constraints is not present in cert */ 767| 0| if (need_basic_constraints) { ------------------ | Branch (767:13): [True: 0, False: 0] ------------------ 768| 0| return false; 769| 0| } else { 770| 0| return true; 771| 0| } 772| 0| } 773| | 774| 476| if ((len == sizeof(basic_constraints_false_case1)) && ------------------ | Branch (774:9): [True: 476, False: 0] ------------------ 775| 476| (libspdm_consttime_is_mem_equal(cert_basic_constraints, ------------------ | Branch (775:9): [True: 476, False: 0] ------------------ 776| 476| basic_constraints_false_case1, 777| 476| sizeof(basic_constraints_false_case1)))) { 778| 476| return true; 779| 476| } 780| | 781| 0| if ((len == sizeof(basic_constraints_false_case2)) && ------------------ | Branch (781:9): [True: 0, False: 0] ------------------ 782| 0| (libspdm_consttime_is_mem_equal(cert_basic_constraints, ------------------ | Branch (782:9): [True: 0, False: 0] ------------------ 783| 0| basic_constraints_false_case2, 784| 0| sizeof(basic_constraints_false_case2)))) { 785| 0| return true; 786| 0| } 787| | 788| 0| return false; 789| 0|} libspdm_get_dhe_pub_key_size: 17| 357|{ 18| 357| switch (dhe_named_group) { 19| 0| case SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_2048: ------------------ | | 406| 0|#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_2048 0x00000001 ------------------ | Branch (19:5): [True: 0, False: 357] ------------------ 20| 0|#if LIBSPDM_FFDHE_2048_SUPPORT 21| 0| return 256; 22| |#else 23| | return 0; 24| |#endif 25| 0| case SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_3072: ------------------ | | 407| 0|#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_3072 0x00000002 ------------------ | Branch (25:5): [True: 0, False: 357] ------------------ 26| 0|#if LIBSPDM_FFDHE_3072_SUPPORT 27| 0| return 384; 28| |#else 29| | return 0; 30| |#endif 31| 0| case SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_4096: ------------------ | | 408| 0|#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_FFDHE_4096 0x00000004 ------------------ | Branch (31:5): [True: 0, False: 357] ------------------ 32| 0|#if LIBSPDM_FFDHE_4096_SUPPORT 33| 0| return 512; 34| |#else 35| | return 0; 36| |#endif 37| 357| case SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_256_R1: ------------------ | | 409| 357|#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_256_R1 0x00000008 ------------------ | Branch (37:5): [True: 357, False: 0] ------------------ 38| 357|#if LIBSPDM_ECDHE_P256_SUPPORT 39| 357| return 32 * 2; 40| |#else 41| | return 0; 42| |#endif 43| 0| case SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_384_R1: ------------------ | | 410| 0|#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_384_R1 0x00000010 ------------------ | Branch (43:5): [True: 0, False: 357] ------------------ 44| 0|#if LIBSPDM_ECDHE_P384_SUPPORT 45| 0| return 48 * 2; 46| |#else 47| | return 0; 48| |#endif 49| 0| case SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_521_R1: ------------------ | | 411| 0|#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SECP_521_R1 0x00000020 ------------------ | Branch (49:5): [True: 0, False: 357] ------------------ 50| 0|#if LIBSPDM_ECDHE_P521_SUPPORT 51| 0| return 66 * 2; 52| |#else 53| | return 0; 54| |#endif 55| 0| case SPDM_ALGORITHMS_DHE_NAMED_GROUP_SM2_P256: ------------------ | | 414| 0|#define SPDM_ALGORITHMS_DHE_NAMED_GROUP_SM2_P256 0x00000040 ------------------ | Branch (55:5): [True: 0, False: 357] ------------------ 56| |#if LIBSPDM_SM2_KEY_EXCHANGE_P256_SUPPORT 57| | return 32 * 2; 58| |#else 59| 0| return 0; 60| 0|#endif 61| 0| default: ------------------ | Branch (61:5): [True: 0, False: 357] ------------------ 62| 0| return 0; 63| 357| } 64| 357|} libspdm_get_hash_size: 10| 2.14k|{ 11| 2.14k| switch (base_hash_algo) { 12| 2.14k| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256: ------------------ | | 391| 2.14k|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 0x00000001 ------------------ | Branch (12:5): [True: 2.14k, False: 0] ------------------ 13| 2.14k|#if LIBSPDM_SHA256_SUPPORT 14| 2.14k| return 32; 15| |#else 16| | return 0; 17| |#endif 18| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256: ------------------ | | 394| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 0x00000008 ------------------ | Branch (18:5): [True: 0, False: 2.14k] ------------------ 19| 0|#if LIBSPDM_SHA3_256_SUPPORT 20| 0| return 32; 21| |#else 22| | return 0; 23| |#endif 24| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384: ------------------ | | 392| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 0x00000002 ------------------ | Branch (24:5): [True: 0, False: 2.14k] ------------------ 25| 0|#if LIBSPDM_SHA384_SUPPORT 26| 0| return 48; 27| |#else 28| | return 0; 29| |#endif 30| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384: ------------------ | | 395| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 0x00000010 ------------------ | Branch (30:5): [True: 0, False: 2.14k] ------------------ 31| 0|#if LIBSPDM_SHA3_384_SUPPORT 32| 0| return 48; 33| |#else 34| | return 0; 35| |#endif 36| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512: ------------------ | | 393| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512 0x00000004 ------------------ | Branch (36:5): [True: 0, False: 2.14k] ------------------ 37| 0|#if LIBSPDM_SHA512_SUPPORT 38| 0| return 64; 39| |#else 40| | return 0; 41| |#endif 42| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512: ------------------ | | 396| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 0x00000020 ------------------ | Branch (42:5): [True: 0, False: 2.14k] ------------------ 43| 0|#if LIBSPDM_SHA3_512_SUPPORT 44| 0| return 64; 45| |#else 46| | return 0; 47| |#endif 48| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256: ------------------ | | 401| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256 0x00000040 ------------------ | Branch (48:5): [True: 0, False: 2.14k] ------------------ 49| |#if LIBSPDM_SM3_256_SUPPORT 50| | return 32; 51| |#else 52| 0| return 0; 53| 0|#endif 54| 0| default: ------------------ | Branch (54:5): [True: 0, False: 2.14k] ------------------ 55| 0| return 0; 56| 2.14k| } 57| 2.14k|} libspdm_get_hash_nid: 60| 127|{ 61| 127| switch (base_hash_algo) { 62| 127| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256: ------------------ | | 391| 127|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 0x00000001 ------------------ | Branch (62:5): [True: 127, False: 0] ------------------ 63| 127| return LIBSPDM_CRYPTO_NID_SHA256; ------------------ | | 22| 127|#define LIBSPDM_CRYPTO_NID_SHA256 0x0001 ------------------ 64| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384: ------------------ | | 392| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 0x00000002 ------------------ | Branch (64:5): [True: 0, False: 127] ------------------ 65| 0| return LIBSPDM_CRYPTO_NID_SHA384; ------------------ | | 23| 0|#define LIBSPDM_CRYPTO_NID_SHA384 0x0002 ------------------ 66| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512: ------------------ | | 393| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512 0x00000004 ------------------ | Branch (66:5): [True: 0, False: 127] ------------------ 67| 0| return LIBSPDM_CRYPTO_NID_SHA512; ------------------ | | 24| 0|#define LIBSPDM_CRYPTO_NID_SHA512 0x0003 ------------------ 68| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256: ------------------ | | 394| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 0x00000008 ------------------ | Branch (68:5): [True: 0, False: 127] ------------------ 69| 0| return LIBSPDM_CRYPTO_NID_SHA3_256; ------------------ | | 25| 0|#define LIBSPDM_CRYPTO_NID_SHA3_256 0x0004 ------------------ 70| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384: ------------------ | | 395| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 0x00000010 ------------------ | Branch (70:5): [True: 0, False: 127] ------------------ 71| 0| return LIBSPDM_CRYPTO_NID_SHA3_384; ------------------ | | 26| 0|#define LIBSPDM_CRYPTO_NID_SHA3_384 0x0005 ------------------ 72| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512: ------------------ | | 396| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 0x00000020 ------------------ | Branch (72:5): [True: 0, False: 127] ------------------ 73| 0| return LIBSPDM_CRYPTO_NID_SHA3_512; ------------------ | | 27| 0|#define LIBSPDM_CRYPTO_NID_SHA3_512 0x0006 ------------------ 74| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256: ------------------ | | 401| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256 0x00000040 ------------------ | Branch (74:5): [True: 0, False: 127] ------------------ 75| 0| return LIBSPDM_CRYPTO_NID_SM3_256; ------------------ | | 28| 0|#define LIBSPDM_CRYPTO_NID_SM3_256 0x0007 ------------------ 76| 0| default: ------------------ | Branch (76:5): [True: 0, False: 127] ------------------ 77| 0| return LIBSPDM_CRYPTO_NID_NULL; ------------------ | | 19| 0|#define LIBSPDM_CRYPTO_NID_NULL 0x0000 ------------------ 78| 127| } 79| 127|} libspdm_hash_new: 82| 38|{ 83| 38| switch (base_hash_algo) { 84| 38| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256: ------------------ | | 391| 38|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 0x00000001 ------------------ | Branch (84:5): [True: 38, False: 0] ------------------ 85| 38|#if LIBSPDM_SHA256_SUPPORT 86| 38| return libspdm_sha256_new(); 87| |#else 88| | LIBSPDM_ASSERT(false); 89| | return NULL; 90| |#endif 91| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384: ------------------ | | 392| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 0x00000002 ------------------ | Branch (91:5): [True: 0, False: 38] ------------------ 92| 0|#if LIBSPDM_SHA384_SUPPORT 93| 0| return libspdm_sha384_new(); 94| |#else 95| | LIBSPDM_ASSERT(false); 96| | return NULL; 97| |#endif 98| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512: ------------------ | | 393| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512 0x00000004 ------------------ | Branch (98:5): [True: 0, False: 38] ------------------ 99| 0|#if LIBSPDM_SHA512_SUPPORT 100| 0| return libspdm_sha512_new(); 101| |#else 102| | LIBSPDM_ASSERT(false); 103| | return NULL; 104| |#endif 105| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256: ------------------ | | 394| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 0x00000008 ------------------ | Branch (105:5): [True: 0, False: 38] ------------------ 106| 0|#if LIBSPDM_SHA3_256_SUPPORT 107| 0| return libspdm_sha3_256_new(); 108| |#else 109| | LIBSPDM_ASSERT(false); 110| | return NULL; 111| |#endif 112| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384: ------------------ | | 395| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 0x00000010 ------------------ | Branch (112:5): [True: 0, False: 38] ------------------ 113| 0|#if LIBSPDM_SHA3_384_SUPPORT 114| 0| return libspdm_sha3_384_new(); 115| |#else 116| | LIBSPDM_ASSERT(false); 117| | return NULL; 118| |#endif 119| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512: ------------------ | | 396| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 0x00000020 ------------------ | Branch (119:5): [True: 0, False: 38] ------------------ 120| 0|#if LIBSPDM_SHA3_512_SUPPORT 121| 0| return libspdm_sha3_512_new(); 122| |#else 123| | LIBSPDM_ASSERT(false); 124| | return NULL; 125| |#endif 126| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256: ------------------ | | 401| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256 0x00000040 ------------------ | Branch (126:5): [True: 0, False: 38] ------------------ 127| |#if LIBSPDM_SM3_256_SUPPORT 128| | return libspdm_sm3_256_new(); 129| |#else 130| 0| LIBSPDM_ASSERT(false); 131| 0| return NULL; 132| 0|#endif 133| 0| default: ------------------ | Branch (133:5): [True: 0, False: 38] ------------------ 134| 0| LIBSPDM_ASSERT(false); 135| 0| return NULL; 136| 38| } 137| 38|} libspdm_hash_free: 140| 38|{ 141| 38| if (hash_context == NULL) { ------------------ | Branch (141:9): [True: 0, False: 38] ------------------ 142| 0| return; 143| 0| } 144| 38| switch (base_hash_algo) { 145| 38| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256: ------------------ | | 391| 38|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 0x00000001 ------------------ | Branch (145:5): [True: 38, False: 0] ------------------ 146| 38|#if LIBSPDM_SHA256_SUPPORT 147| 38| libspdm_sha256_free(hash_context); 148| |#else 149| | LIBSPDM_ASSERT(false); 150| |#endif 151| 38| break; 152| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384: ------------------ | | 392| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 0x00000002 ------------------ | Branch (152:5): [True: 0, False: 38] ------------------ 153| 0|#if LIBSPDM_SHA384_SUPPORT 154| 0| libspdm_sha384_free(hash_context); 155| |#else 156| | LIBSPDM_ASSERT(false); 157| |#endif 158| 0| break; 159| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512: ------------------ | | 393| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512 0x00000004 ------------------ | Branch (159:5): [True: 0, False: 38] ------------------ 160| 0|#if LIBSPDM_SHA512_SUPPORT 161| 0| libspdm_sha512_free(hash_context); 162| |#else 163| | LIBSPDM_ASSERT(false); 164| |#endif 165| 0| break; 166| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256: ------------------ | | 394| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 0x00000008 ------------------ | Branch (166:5): [True: 0, False: 38] ------------------ 167| 0|#if LIBSPDM_SHA3_256_SUPPORT 168| 0| libspdm_sha3_256_free(hash_context); 169| |#else 170| | LIBSPDM_ASSERT(false); 171| |#endif 172| 0| break; 173| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384: ------------------ | | 395| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 0x00000010 ------------------ | Branch (173:5): [True: 0, False: 38] ------------------ 174| 0|#if LIBSPDM_SHA3_384_SUPPORT 175| 0| libspdm_sha3_384_free(hash_context); 176| |#else 177| | LIBSPDM_ASSERT(false); 178| |#endif 179| 0| break; 180| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512: ------------------ | | 396| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 0x00000020 ------------------ | Branch (180:5): [True: 0, False: 38] ------------------ 181| 0|#if LIBSPDM_SHA3_512_SUPPORT 182| 0| libspdm_sha3_512_free(hash_context); 183| |#else 184| | LIBSPDM_ASSERT(false); 185| |#endif 186| 0| break; 187| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256: ------------------ | | 401| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256 0x00000040 ------------------ | Branch (187:5): [True: 0, False: 38] ------------------ 188| |#if LIBSPDM_SM3_256_SUPPORT 189| | libspdm_sm3_256_free(hash_context); 190| |#else 191| 0| LIBSPDM_ASSERT(false); 192| 0|#endif 193| 0| break; 194| 0| default: ------------------ | Branch (194:5): [True: 0, False: 38] ------------------ 195| 0| LIBSPDM_ASSERT(false); 196| 0| break; 197| 38| } 198| 38|} libspdm_hash_init: 201| 9|{ 202| 9| switch (base_hash_algo) { 203| 9| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256: ------------------ | | 391| 9|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 0x00000001 ------------------ | Branch (203:5): [True: 9, False: 0] ------------------ 204| 9|#if LIBSPDM_SHA256_SUPPORT 205| 9| return libspdm_sha256_init(hash_context); 206| |#else 207| | LIBSPDM_ASSERT(false); 208| | return false; 209| |#endif 210| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384: ------------------ | | 392| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 0x00000002 ------------------ | Branch (210:5): [True: 0, False: 9] ------------------ 211| 0|#if LIBSPDM_SHA384_SUPPORT 212| 0| return libspdm_sha384_init(hash_context); 213| |#else 214| | LIBSPDM_ASSERT(false); 215| | return false; 216| |#endif 217| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512: ------------------ | | 393| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512 0x00000004 ------------------ | Branch (217:5): [True: 0, False: 9] ------------------ 218| 0|#if LIBSPDM_SHA512_SUPPORT 219| 0| return libspdm_sha512_init(hash_context); 220| |#else 221| | LIBSPDM_ASSERT(false); 222| | return false; 223| |#endif 224| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256: ------------------ | | 394| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 0x00000008 ------------------ | Branch (224:5): [True: 0, False: 9] ------------------ 225| 0|#if LIBSPDM_SHA3_256_SUPPORT 226| 0| return libspdm_sha3_256_init(hash_context); 227| |#else 228| | LIBSPDM_ASSERT(false); 229| | return false; 230| |#endif 231| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384: ------------------ | | 395| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 0x00000010 ------------------ | Branch (231:5): [True: 0, False: 9] ------------------ 232| 0|#if LIBSPDM_SHA3_384_SUPPORT 233| 0| return libspdm_sha3_384_init(hash_context); 234| |#else 235| | LIBSPDM_ASSERT(false); 236| | return false; 237| |#endif 238| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512: ------------------ | | 396| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 0x00000020 ------------------ | Branch (238:5): [True: 0, False: 9] ------------------ 239| 0|#if LIBSPDM_SHA3_512_SUPPORT 240| 0| return libspdm_sha3_512_init(hash_context); 241| |#else 242| | LIBSPDM_ASSERT(false); 243| | return false; 244| |#endif 245| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256: ------------------ | | 401| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256 0x00000040 ------------------ | Branch (245:5): [True: 0, False: 9] ------------------ 246| |#if LIBSPDM_SM3_256_SUPPORT 247| | return libspdm_sm3_256_init(hash_context); 248| |#else 249| 0| LIBSPDM_ASSERT(false); 250| 0| return false; 251| 0|#endif 252| 0| default: ------------------ | Branch (252:5): [True: 0, False: 9] ------------------ 253| 0| LIBSPDM_ASSERT(false); 254| 0| return false; 255| 9| } 256| 9|} libspdm_hash_duplicate: 259| 29|{ 260| 29| switch (base_hash_algo) { 261| 29| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256: ------------------ | | 391| 29|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 0x00000001 ------------------ | Branch (261:5): [True: 29, False: 0] ------------------ 262| 29|#if LIBSPDM_SHA256_SUPPORT 263| 29| return libspdm_sha256_duplicate(hash_ctx, new_hash_ctx); 264| |#else 265| | LIBSPDM_ASSERT(false); 266| | return false; 267| |#endif 268| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384: ------------------ | | 392| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 0x00000002 ------------------ | Branch (268:5): [True: 0, False: 29] ------------------ 269| 0|#if LIBSPDM_SHA384_SUPPORT 270| 0| return libspdm_sha384_duplicate(hash_ctx, new_hash_ctx); 271| |#else 272| | LIBSPDM_ASSERT(false); 273| | return false; 274| |#endif 275| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512: ------------------ | | 393| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512 0x00000004 ------------------ | Branch (275:5): [True: 0, False: 29] ------------------ 276| 0|#if LIBSPDM_SHA512_SUPPORT 277| 0| return libspdm_sha512_duplicate(hash_ctx, new_hash_ctx); 278| |#else 279| | LIBSPDM_ASSERT(false); 280| | return false; 281| |#endif 282| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256: ------------------ | | 394| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 0x00000008 ------------------ | Branch (282:5): [True: 0, False: 29] ------------------ 283| 0|#if LIBSPDM_SHA3_256_SUPPORT 284| 0| return libspdm_sha3_256_duplicate(hash_ctx, new_hash_ctx); 285| |#else 286| | LIBSPDM_ASSERT(false); 287| | return false; 288| |#endif 289| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384: ------------------ | | 395| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 0x00000010 ------------------ | Branch (289:5): [True: 0, False: 29] ------------------ 290| 0|#if LIBSPDM_SHA3_384_SUPPORT 291| 0| return libspdm_sha3_384_duplicate(hash_ctx, new_hash_ctx); 292| |#else 293| | LIBSPDM_ASSERT(false); 294| | return false; 295| |#endif 296| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512: ------------------ | | 396| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 0x00000020 ------------------ | Branch (296:5): [True: 0, False: 29] ------------------ 297| 0|#if LIBSPDM_SHA3_512_SUPPORT 298| 0| return libspdm_sha3_512_duplicate(hash_ctx, new_hash_ctx); 299| |#else 300| | LIBSPDM_ASSERT(false); 301| | return false; 302| |#endif 303| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256: ------------------ | | 401| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256 0x00000040 ------------------ | Branch (303:5): [True: 0, False: 29] ------------------ 304| |#if LIBSPDM_SM3_256_SUPPORT 305| | return libspdm_sm3_256_duplicate(hash_ctx, new_hash_ctx); 306| |#else 307| 0| LIBSPDM_ASSERT(false); 308| 0| return false; 309| 0|#endif 310| 0| default: ------------------ | Branch (310:5): [True: 0, False: 29] ------------------ 311| 0| LIBSPDM_ASSERT(false); 312| 0| return false; 313| 29| } 314| 29|} libspdm_hash_update: 318| 59|{ 319| 59| switch (base_hash_algo) { 320| 59| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256: ------------------ | | 391| 59|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 0x00000001 ------------------ | Branch (320:5): [True: 59, False: 0] ------------------ 321| 59|#if LIBSPDM_SHA256_SUPPORT 322| 59| return libspdm_sha256_update(hash_context, data, data_size); 323| |#else 324| | LIBSPDM_ASSERT(false); 325| | return false; 326| |#endif 327| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384: ------------------ | | 392| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 0x00000002 ------------------ | Branch (327:5): [True: 0, False: 59] ------------------ 328| 0|#if LIBSPDM_SHA384_SUPPORT 329| 0| return libspdm_sha384_update(hash_context, data, data_size); 330| |#else 331| | LIBSPDM_ASSERT(false); 332| | return false; 333| |#endif 334| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512: ------------------ | | 393| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512 0x00000004 ------------------ | Branch (334:5): [True: 0, False: 59] ------------------ 335| 0|#if LIBSPDM_SHA512_SUPPORT 336| 0| return libspdm_sha512_update(hash_context, data, data_size); 337| |#else 338| | LIBSPDM_ASSERT(false); 339| | return false; 340| |#endif 341| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256: ------------------ | | 394| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 0x00000008 ------------------ | Branch (341:5): [True: 0, False: 59] ------------------ 342| 0|#if LIBSPDM_SHA3_256_SUPPORT 343| 0| return libspdm_sha3_256_update(hash_context, data, data_size); 344| |#else 345| | LIBSPDM_ASSERT(false); 346| | return false; 347| |#endif 348| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384: ------------------ | | 395| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 0x00000010 ------------------ | Branch (348:5): [True: 0, False: 59] ------------------ 349| 0|#if LIBSPDM_SHA3_384_SUPPORT 350| 0| return libspdm_sha3_384_update(hash_context, data, data_size); 351| |#else 352| | LIBSPDM_ASSERT(false); 353| | return false; 354| |#endif 355| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512: ------------------ | | 396| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 0x00000020 ------------------ | Branch (355:5): [True: 0, False: 59] ------------------ 356| 0|#if LIBSPDM_SHA3_512_SUPPORT 357| 0| return libspdm_sha3_512_update(hash_context, data, data_size); 358| |#else 359| | LIBSPDM_ASSERT(false); 360| | return false; 361| |#endif 362| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256: ------------------ | | 401| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256 0x00000040 ------------------ | Branch (362:5): [True: 0, False: 59] ------------------ 363| |#if LIBSPDM_SM3_256_SUPPORT 364| | return libspdm_sm3_256_update(hash_context, data, data_size); 365| |#else 366| 0| LIBSPDM_ASSERT(false); 367| 0| return false; 368| 0|#endif 369| 0| default: ------------------ | Branch (369:5): [True: 0, False: 59] ------------------ 370| 0| LIBSPDM_ASSERT(false); 371| 0| return false; 372| 59| } 373| 59|} libspdm_hash_final: 376| 20|{ 377| 20| switch (base_hash_algo) { 378| 20| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256: ------------------ | | 391| 20|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 0x00000001 ------------------ | Branch (378:5): [True: 20, False: 0] ------------------ 379| 20|#if LIBSPDM_SHA256_SUPPORT 380| 20| return libspdm_sha256_final(hash_context, hash_value); 381| |#else 382| | LIBSPDM_ASSERT(false); 383| | return false; 384| |#endif 385| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384: ------------------ | | 392| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 0x00000002 ------------------ | Branch (385:5): [True: 0, False: 20] ------------------ 386| 0|#if LIBSPDM_SHA384_SUPPORT 387| 0| return libspdm_sha384_final(hash_context, hash_value); 388| |#else 389| | LIBSPDM_ASSERT(false); 390| | return false; 391| |#endif 392| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512: ------------------ | | 393| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512 0x00000004 ------------------ | Branch (392:5): [True: 0, False: 20] ------------------ 393| 0|#if LIBSPDM_SHA512_SUPPORT 394| 0| return libspdm_sha512_final(hash_context, hash_value); 395| |#else 396| | LIBSPDM_ASSERT(false); 397| | return false; 398| |#endif 399| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256: ------------------ | | 394| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 0x00000008 ------------------ | Branch (399:5): [True: 0, False: 20] ------------------ 400| 0|#if LIBSPDM_SHA3_256_SUPPORT 401| 0| return libspdm_sha3_256_final(hash_context, hash_value); 402| |#else 403| | LIBSPDM_ASSERT(false); 404| | return false; 405| |#endif 406| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384: ------------------ | | 395| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 0x00000010 ------------------ | Branch (406:5): [True: 0, False: 20] ------------------ 407| 0|#if LIBSPDM_SHA3_384_SUPPORT 408| 0| return libspdm_sha3_384_final(hash_context, hash_value); 409| |#else 410| | LIBSPDM_ASSERT(false); 411| | return false; 412| |#endif 413| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512: ------------------ | | 396| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 0x00000020 ------------------ | Branch (413:5): [True: 0, False: 20] ------------------ 414| 0|#if LIBSPDM_SHA3_512_SUPPORT 415| 0| return libspdm_sha3_512_final(hash_context, hash_value); 416| |#else 417| | LIBSPDM_ASSERT(false); 418| | return false; 419| |#endif 420| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256: ------------------ | | 401| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256 0x00000040 ------------------ | Branch (420:5): [True: 0, False: 20] ------------------ 421| |#if LIBSPDM_SM3_256_SUPPORT 422| | return libspdm_sm3_256_final(hash_context, hash_value); 423| |#else 424| 0| LIBSPDM_ASSERT(false); 425| 0| return false; 426| 0|#endif 427| 0| default: ------------------ | Branch (427:5): [True: 0, False: 20] ------------------ 428| 0| LIBSPDM_ASSERT(false); 429| 0| return false; 430| 20| } 431| 20|} libspdm_hash_all: 435| 1.33k|{ 436| 1.33k| switch (base_hash_algo) { 437| 1.33k| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256: ------------------ | | 391| 1.33k|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 0x00000001 ------------------ | Branch (437:5): [True: 1.33k, False: 0] ------------------ 438| 1.33k|#if LIBSPDM_SHA256_SUPPORT 439| 1.33k| return libspdm_sha256_hash_all(data, data_size, hash_value); 440| |#else 441| | LIBSPDM_ASSERT(false); 442| | return false; 443| |#endif 444| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384: ------------------ | | 392| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 0x00000002 ------------------ | Branch (444:5): [True: 0, False: 1.33k] ------------------ 445| 0|#if LIBSPDM_SHA384_SUPPORT 446| 0| return libspdm_sha384_hash_all(data, data_size, hash_value); 447| |#else 448| | LIBSPDM_ASSERT(false); 449| | return false; 450| |#endif 451| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512: ------------------ | | 393| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512 0x00000004 ------------------ | Branch (451:5): [True: 0, False: 1.33k] ------------------ 452| 0|#if LIBSPDM_SHA512_SUPPORT 453| 0| return libspdm_sha512_hash_all(data, data_size, hash_value); 454| |#else 455| | LIBSPDM_ASSERT(false); 456| | return false; 457| |#endif 458| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256: ------------------ | | 394| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 0x00000008 ------------------ | Branch (458:5): [True: 0, False: 1.33k] ------------------ 459| 0|#if LIBSPDM_SHA3_256_SUPPORT 460| 0| return libspdm_sha3_256_hash_all(data, data_size, hash_value); 461| |#else 462| | LIBSPDM_ASSERT(false); 463| | return false; 464| |#endif 465| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384: ------------------ | | 395| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 0x00000010 ------------------ | Branch (465:5): [True: 0, False: 1.33k] ------------------ 466| 0|#if LIBSPDM_SHA3_384_SUPPORT 467| 0| return libspdm_sha3_384_hash_all(data, data_size, hash_value); 468| |#else 469| | LIBSPDM_ASSERT(false); 470| | return false; 471| |#endif 472| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512: ------------------ | | 396| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 0x00000020 ------------------ | Branch (472:5): [True: 0, False: 1.33k] ------------------ 473| 0|#if LIBSPDM_SHA3_512_SUPPORT 474| 0| return libspdm_sha3_512_hash_all(data, data_size, hash_value); 475| |#else 476| | LIBSPDM_ASSERT(false); 477| | return false; 478| |#endif 479| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256: ------------------ | | 401| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256 0x00000040 ------------------ | Branch (479:5): [True: 0, False: 1.33k] ------------------ 480| |#if LIBSPDM_SM3_256_SUPPORT 481| | return libspdm_sm3_256_hash_all(data, data_size, hash_value); 482| |#else 483| 0| LIBSPDM_ASSERT(false); 484| 0| return false; 485| 0|#endif 486| 0| default: ------------------ | Branch (486:5): [True: 0, False: 1.33k] ------------------ 487| 0| LIBSPDM_ASSERT(false); 488| 0| return false; 489| 1.33k| } 490| 1.33k|} libspdm_hkdf_extract: 12| 4|{ 13| 4| switch (base_hash_algo) { 14| 4| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256: ------------------ | | 391| 4|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 0x00000001 ------------------ | Branch (14:5): [True: 4, False: 0] ------------------ 15| 4|#if LIBSPDM_SHA256_SUPPORT 16| 4| return libspdm_hkdf_sha256_extract(ikm, ikm_size, salt, salt_size, prk_out, prk_out_size); 17| |#else 18| | LIBSPDM_ASSERT(false); 19| | return false; 20| |#endif 21| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384: ------------------ | | 392| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 0x00000002 ------------------ | Branch (21:5): [True: 0, False: 4] ------------------ 22| 0|#if LIBSPDM_SHA384_SUPPORT 23| 0| return libspdm_hkdf_sha384_extract(ikm, ikm_size, salt, salt_size, prk_out, prk_out_size); 24| |#else 25| | LIBSPDM_ASSERT(false); 26| | return false; 27| |#endif 28| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512: ------------------ | | 393| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512 0x00000004 ------------------ | Branch (28:5): [True: 0, False: 4] ------------------ 29| 0|#if LIBSPDM_SHA512_SUPPORT 30| 0| return libspdm_hkdf_sha512_extract(ikm, ikm_size, salt, salt_size, prk_out, prk_out_size); 31| |#else 32| | LIBSPDM_ASSERT(false); 33| | return false; 34| |#endif 35| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256: ------------------ | | 394| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 0x00000008 ------------------ | Branch (35:5): [True: 0, False: 4] ------------------ 36| 0|#if LIBSPDM_SHA3_256_SUPPORT 37| 0| return libspdm_hkdf_sha3_256_extract(ikm, ikm_size, salt, salt_size, prk_out, prk_out_size); 38| |#else 39| | LIBSPDM_ASSERT(false); 40| | return false; 41| |#endif 42| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384: ------------------ | | 395| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 0x00000010 ------------------ | Branch (42:5): [True: 0, False: 4] ------------------ 43| 0|#if LIBSPDM_SHA3_384_SUPPORT 44| 0| return libspdm_hkdf_sha3_384_extract(ikm, ikm_size, salt, salt_size, prk_out, prk_out_size); 45| |#else 46| | LIBSPDM_ASSERT(false); 47| | return false; 48| |#endif 49| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512: ------------------ | | 396| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 0x00000020 ------------------ | Branch (49:5): [True: 0, False: 4] ------------------ 50| 0|#if LIBSPDM_SHA3_512_SUPPORT 51| 0| return libspdm_hkdf_sha3_512_extract(ikm, ikm_size, salt, salt_size, prk_out, prk_out_size); 52| |#else 53| | LIBSPDM_ASSERT(false); 54| | return false; 55| |#endif 56| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256: ------------------ | | 401| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256 0x00000040 ------------------ | Branch (56:5): [True: 0, False: 4] ------------------ 57| |#if LIBSPDM_SM3_256_SUPPORT 58| | return libspdm_hkdf_sm3_256_extract(ikm, ikm_size, salt, salt_size, prk_out, prk_out_size); 59| |#else 60| 0| LIBSPDM_ASSERT(false); 61| 0| return false; 62| 0|#endif 63| 0| default: ------------------ | Branch (63:5): [True: 0, False: 4] ------------------ 64| 0| LIBSPDM_ASSERT(false); 65| 0| return false; 66| 4| } 67| 4|} libspdm_hkdf_expand: 72| 32|{ 73| 32| switch (base_hash_algo) { 74| 32| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256: ------------------ | | 391| 32|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 0x00000001 ------------------ | Branch (74:5): [True: 32, False: 0] ------------------ 75| 32|#if LIBSPDM_SHA256_SUPPORT 76| 32| return libspdm_hkdf_sha256_expand(prk, prk_size, info, info_size, out, out_size); 77| |#else 78| | LIBSPDM_ASSERT(false); 79| | return false; 80| |#endif 81| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384: ------------------ | | 392| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 0x00000002 ------------------ | Branch (81:5): [True: 0, False: 32] ------------------ 82| 0|#if LIBSPDM_SHA384_SUPPORT 83| 0| return libspdm_hkdf_sha384_expand(prk, prk_size, info, info_size, out, out_size); 84| |#else 85| | LIBSPDM_ASSERT(false); 86| | return false; 87| |#endif 88| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512: ------------------ | | 393| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512 0x00000004 ------------------ | Branch (88:5): [True: 0, False: 32] ------------------ 89| 0|#if LIBSPDM_SHA512_SUPPORT 90| 0| return libspdm_hkdf_sha512_expand(prk, prk_size, info, info_size, out, out_size); 91| |#else 92| | LIBSPDM_ASSERT(false); 93| | return false; 94| |#endif 95| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256: ------------------ | | 394| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 0x00000008 ------------------ | Branch (95:5): [True: 0, False: 32] ------------------ 96| 0|#if LIBSPDM_SHA3_256_SUPPORT 97| 0| return libspdm_hkdf_sha3_256_expand(prk, prk_size, info, info_size, out, out_size); 98| |#else 99| | LIBSPDM_ASSERT(false); 100| | return false; 101| |#endif 102| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384: ------------------ | | 395| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 0x00000010 ------------------ | Branch (102:5): [True: 0, False: 32] ------------------ 103| 0|#if LIBSPDM_SHA3_384_SUPPORT 104| 0| return libspdm_hkdf_sha3_384_expand(prk, prk_size, info, info_size, out, out_size); 105| |#else 106| | LIBSPDM_ASSERT(false); 107| | return false; 108| |#endif 109| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512: ------------------ | | 396| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 0x00000020 ------------------ | Branch (109:5): [True: 0, False: 32] ------------------ 110| 0|#if LIBSPDM_SHA3_512_SUPPORT 111| 0| return libspdm_hkdf_sha3_512_expand(prk, prk_size, info, info_size, out, out_size); 112| |#else 113| | LIBSPDM_ASSERT(false); 114| | return false; 115| |#endif 116| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256: ------------------ | | 401| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256 0x00000040 ------------------ | Branch (116:5): [True: 0, False: 32] ------------------ 117| |#if LIBSPDM_SM3_256_SUPPORT 118| | return libspdm_hkdf_sm3_256_expand(prk, prk_size, info, info_size, out, out_size); 119| |#else 120| 0| LIBSPDM_ASSERT(false); 121| 0| return false; 122| 0|#endif 123| 0| default: ------------------ | Branch (123:5): [True: 0, False: 32] ------------------ 124| 0| LIBSPDM_ASSERT(false); 125| 0| return false; 126| 32| } 127| 32|} libspdm_hmac_all: 367| 246|{ 368| 246| switch (base_hash_algo) { 369| 246| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256: ------------------ | | 391| 246|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256 0x00000001 ------------------ | Branch (369:5): [True: 246, False: 0] ------------------ 370| 246|#if LIBSPDM_SHA256_SUPPORT 371| 246| return libspdm_hmac_sha256_all(data, data_size, key, key_size, hmac_value); 372| |#else 373| | LIBSPDM_ASSERT(false); 374| | return false; 375| |#endif 376| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384: ------------------ | | 392| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_384 0x00000002 ------------------ | Branch (376:5): [True: 0, False: 246] ------------------ 377| 0|#if LIBSPDM_SHA384_SUPPORT 378| 0| return libspdm_hmac_sha384_all(data, data_size, key, key_size, hmac_value); 379| |#else 380| | LIBSPDM_ASSERT(false); 381| | return false; 382| |#endif 383| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512: ------------------ | | 393| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_512 0x00000004 ------------------ | Branch (383:5): [True: 0, False: 246] ------------------ 384| 0|#if LIBSPDM_SHA512_SUPPORT 385| 0| return libspdm_hmac_sha512_all(data, data_size, key, key_size, hmac_value); 386| |#else 387| | LIBSPDM_ASSERT(false); 388| | return false; 389| |#endif 390| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256: ------------------ | | 394| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_256 0x00000008 ------------------ | Branch (390:5): [True: 0, False: 246] ------------------ 391| 0|#if LIBSPDM_SHA3_256_SUPPORT 392| 0| return libspdm_hmac_sha3_256_all(data, data_size, key, key_size, hmac_value); 393| |#else 394| | LIBSPDM_ASSERT(false); 395| | return false; 396| |#endif 397| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384: ------------------ | | 395| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_384 0x00000010 ------------------ | Branch (397:5): [True: 0, False: 246] ------------------ 398| 0|#if LIBSPDM_SHA3_384_SUPPORT 399| 0| return libspdm_hmac_sha3_384_all(data, data_size, key, key_size, hmac_value); 400| |#else 401| | LIBSPDM_ASSERT(false); 402| | return false; 403| |#endif 404| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512: ------------------ | | 396| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA3_512 0x00000020 ------------------ | Branch (404:5): [True: 0, False: 246] ------------------ 405| 0|#if LIBSPDM_SHA3_512_SUPPORT 406| 0| return libspdm_hmac_sha3_512_all(data, data_size, key, key_size, hmac_value); 407| |#else 408| | LIBSPDM_ASSERT(false); 409| | return false; 410| |#endif 411| 0| case SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256: ------------------ | | 401| 0|#define SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SM3_256 0x00000040 ------------------ | Branch (411:5): [True: 0, False: 246] ------------------ 412| |#if LIBSPDM_SM3_256_SUPPORT 413| | return libspdm_hmac_sm3_256_all(data, data_size, key, key_size, hmac_value); 414| |#else 415| 0| LIBSPDM_ASSERT(false); 416| 0| return false; 417| 0|#endif 418| 0| default: ------------------ | Branch (418:5): [True: 0, False: 246] ------------------ 419| 0| LIBSPDM_ASSERT(false); 420| 0| return false; 421| 246| } 422| 246|} libspdm_generate_error_response: 14| 948|{ 15| 948| spdm_error_response_t *spdm_response; 16| | 17| 948| LIBSPDM_ASSERT(*response_size >= sizeof(spdm_error_response_t)); 18| 948| *response_size = sizeof(spdm_error_response_t); 19| 948| spdm_response = response; 20| | 21| 948| spdm_response->header.spdm_version = libspdm_get_connection_version (spdm_context); 22| 948| if (spdm_response->header.spdm_version == 0) { ------------------ | Branch (22:9): [True: 0, False: 948] ------------------ 23| | /* if version is not negotiated, then use default version 1.0 */ 24| 0| spdm_response->header.spdm_version = SPDM_MESSAGE_VERSION_10; ------------------ | | 110| 0|#define SPDM_MESSAGE_VERSION_10 0x10 ------------------ 25| 0| } 26| 948| spdm_response->header.request_response_code = SPDM_ERROR; ------------------ | | 37| 948|#define SPDM_ERROR 0x7F ------------------ 27| 948| spdm_response->header.param1 = error_code; 28| 948| spdm_response->header.param2 = error_data; 29| | 30| 948| if (spdm_response->header.spdm_version <= SPDM_MESSAGE_VERSION_11) { ------------------ | | 111| 948|#define SPDM_MESSAGE_VERSION_11 0x11 ------------------ | Branch (30:9): [True: 948, False: 0] ------------------ 31| 948| LIBSPDM_ASSERT ((error_code != SPDM_ERROR_CODE_RESPONSE_TOO_LARGE) && 32| 948| (error_code != SPDM_ERROR_CODE_LARGE_RESPONSE)); 33| 948| } 34| | 35| 948| return LIBSPDM_STATUS_SUCCESS; ------------------ | | 59| 948| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_SUCCESS, LIBSPDM_SOURCE_SUCCESS, 0x0000) | | ------------------ | | | | 55| 948| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 36| 948|} libspdm_verify_finish_req_hmac: 15| 4|{ 16| 4| uint8_t hmac_data[LIBSPDM_MAX_HASH_SIZE]; 17| 4| size_t hash_size; 18| 4| bool result; 19| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 20| | uint8_t slot_id; 21| | uint8_t *cert_chain_buffer; 22| | size_t cert_chain_buffer_size; 23| | uint8_t *mut_cert_chain_buffer; 24| | size_t mut_cert_chain_buffer_size; 25| | uint8_t *th_curr_data; 26| | size_t th_curr_data_size; 27| | libspdm_th_managed_buffer_t th_curr; 28| | uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE]; 29| |#endif /* LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT */ 30| | 31| 4| hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo); 32| 4| LIBSPDM_ASSERT(hmac_size == hash_size); 33| | 34| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 35| | slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id; 36| | LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); 37| | if (slot_id == 0xFF) { 38| | result = libspdm_get_local_public_key_buffer( 39| | spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); 40| | } else { 41| | result = libspdm_get_local_cert_chain_buffer( 42| | spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); 43| | } 44| | if (!result) { 45| | return false; 46| | } 47| | 48| | if (session_info->mut_auth_requested != 0) { 49| | slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; 50| | LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); 51| | if (slot_id == 0xFF) { 52| | result = libspdm_get_peer_public_key_buffer( 53| | spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); 54| | } else { 55| | result = libspdm_get_peer_cert_chain_buffer( 56| | spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); 57| | } 58| | if (!result) { 59| | return false; 60| | } 61| | } else { 62| | mut_cert_chain_buffer = NULL; 63| | mut_cert_chain_buffer_size = 0; 64| | } 65| | 66| | result = libspdm_calculate_th_for_finish( 67| | spdm_context, session_info, cert_chain_buffer, 68| | cert_chain_buffer_size, mut_cert_chain_buffer, 69| | mut_cert_chain_buffer_size, &th_curr); 70| | if (!result) { 71| | return false; 72| | } 73| | th_curr_data = libspdm_get_managed_buffer(&th_curr); 74| | th_curr_data_size = libspdm_get_managed_buffer_size(&th_curr); 75| | 76| | result = libspdm_hash_all (spdm_context->connection_info.algorithm.base_hash_algo, 77| | th_curr_data, th_curr_data_size, hash_data); 78| | if (!result) { 79| | return false; 80| | } 81| | 82| | result = libspdm_hmac_all_with_request_finished_key( 83| | session_info->secured_message_context, hash_data, hash_size, hmac_data); 84| | if (!result) { 85| | return false; 86| | } 87| |#else 88| 4| result = libspdm_calculate_th_hmac_for_finish_req( 89| 4| spdm_context, session_info, &hash_size, hmac_data); 90| 4| if (!result) { ------------------ | Branch (90:9): [True: 0, False: 4] ------------------ 91| 0| return false; 92| 0| } 93| 4|#endif /* LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT */ 94| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_curr hmac - ")); 95| 4| LIBSPDM_INTERNAL_DUMP_DATA(hmac_data, hash_size); 96| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n")); 97| | 98| 4| if (!libspdm_consttime_is_mem_equal(hmac, hmac_data, hash_size)) { ------------------ | Branch (98:9): [True: 0, False: 4] ------------------ 99| 0| LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR, "!!! verify_finish_req_hmac - FAIL !!!\n")); 100| 0| return false; 101| 0| } 102| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "!!! verify_finish_req_hmac - PASS !!!\n")); 103| 4| return true; 104| 4|} libspdm_verify_finish_req_signature: 111| 8|{ 112| 8| bool result; 113| 8| void *context; 114| 8| uint8_t slot_id; 115| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 116| | uint8_t *cert_chain_buffer; 117| | size_t cert_chain_buffer_size; 118| | uint8_t *mut_cert_chain_buffer; 119| | size_t mut_cert_chain_buffer_size; 120| | uint8_t *th_curr_data; 121| | size_t th_curr_data_size; 122| | libspdm_th_managed_buffer_t th_curr; 123| | const uint8_t *mut_cert_chain_data; 124| | size_t mut_cert_chain_data_size; 125| | const uint8_t *mut_cert_buffer; 126| | size_t mut_cert_buffer_size; 127| |#endif 128| 8|#if ((LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) && (LIBSPDM_DEBUG_BLOCK_ENABLE)) || \ 129| 8| !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) 130| 8| uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE]; 131| 8|#endif 132| 8|#if !(LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT) || (LIBSPDM_DEBUG_PRINT_ENABLE) 133| 8| size_t hash_size; 134| | 135| 8| hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo); 136| 8|#endif 137| | 138| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 139| | slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id; 140| | LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); 141| | if (slot_id == 0xFF) { 142| | result = libspdm_get_local_public_key_buffer( 143| | spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); 144| | } else { 145| | result = libspdm_get_local_cert_chain_buffer( 146| | spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); 147| | } 148| | if (!result) { 149| | return false; 150| | } 151| | 152| | slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; 153| | LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); 154| | if (slot_id == 0xFF) { 155| | result = libspdm_get_peer_public_key_buffer( 156| | spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); 157| | } else { 158| | result = libspdm_get_peer_cert_chain_buffer( 159| | spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); 160| | } 161| | if (!result) { 162| | return false; 163| | } 164| | 165| | result = libspdm_calculate_th_for_finish( 166| | spdm_context, session_info, cert_chain_buffer, 167| | cert_chain_buffer_size, mut_cert_chain_buffer, 168| | mut_cert_chain_buffer_size, &th_curr); 169| | if (!result) { 170| | return false; 171| | } 172| | th_curr_data = libspdm_get_managed_buffer(&th_curr); 173| | th_curr_data_size = libspdm_get_managed_buffer_size(&th_curr); 174| | 175| | /* Debug code only - required for debug print of th_curr below*/ 176| | LIBSPDM_DEBUG_CODE( 177| | if (!libspdm_hash_all( 178| | spdm_context->connection_info.algorithm.base_hash_algo, 179| | th_curr_data, th_curr_data_size, hash_data)) { 180| | return false; 181| | } 182| | ); 183| |#else 184| 8| result = libspdm_calculate_th_hash_for_finish( 185| 8| spdm_context, session_info, &hash_size, hash_data); 186| 8| if (!result) { ------------------ | Branch (186:9): [True: 0, False: 8] ------------------ 187| 0| return false; 188| 0| } 189| 8|#endif /* LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT */ 190| 8| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_curr hash - ")); 191| 8| LIBSPDM_INTERNAL_DUMP_DATA(hash_data, hash_size); 192| 8| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n")); 193| | 194| 8| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "signature - ")); 195| 8| LIBSPDM_INTERNAL_DUMP_DATA(sign_data, sign_data_size); 196| 8| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n")); 197| | 198| 8| slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; 199| 8| LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); 200| | 201| 8| if (slot_id == 0xFF) { ------------------ | Branch (201:9): [True: 0, False: 8] ------------------ 202| 0| result = libspdm_req_asym_get_public_key_from_der( 203| 0| spdm_context->connection_info.algorithm.req_base_asym_alg, 204| 0| spdm_context->local_context.peer_public_key_provision, 205| 0| spdm_context->local_context.peer_public_key_provision_size, 206| 0| &context); 207| 0| if (!result) { ------------------ | Branch (207:13): [True: 0, False: 0] ------------------ 208| 0| return false; 209| 0| } 210| 8| } else { 211| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 212| | /* Get leaf cert from cert chain*/ 213| | result = libspdm_get_peer_cert_chain_data(spdm_context, 214| | (const void **)&mut_cert_chain_data, 215| | &mut_cert_chain_data_size); 216| | if (!result) { 217| | return false; 218| | } 219| | 220| | result = libspdm_x509_get_cert_from_cert_chain(mut_cert_chain_data, 221| | mut_cert_chain_data_size, -1, 222| | &mut_cert_buffer, 223| | &mut_cert_buffer_size); 224| | if (!result) { 225| | return false; 226| | } 227| | 228| | result = libspdm_req_asym_get_public_key_from_x509( 229| | spdm_context->connection_info.algorithm.req_base_asym_alg, 230| | mut_cert_buffer, mut_cert_buffer_size, &context); 231| | if (!result) { 232| | return false; 233| | } 234| |#else 235| 8| context = spdm_context->connection_info.peer_used_cert_chain[slot_id].leaf_cert_public_key; 236| 8| LIBSPDM_ASSERT(context != NULL); 237| 8|#endif 238| 8| } 239| | 240| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 241| | result = libspdm_req_asym_verify_ex( 242| | spdm_context->connection_info.version, SPDM_FINISH, 243| | spdm_context->connection_info.algorithm.req_base_asym_alg, 244| | spdm_context->connection_info.algorithm.base_hash_algo, 245| | context, th_curr_data, th_curr_data_size, sign_data, sign_data_size, 246| | &spdm_context->spdm_10_11_verify_signature_endian); 247| | libspdm_req_asym_free(spdm_context->connection_info.algorithm.req_base_asym_alg, context); 248| |#else 249| 8| result = libspdm_req_asym_verify_hash_ex( 250| 8| spdm_context->connection_info.version, SPDM_FINISH, ------------------ | | 78| 8|#define SPDM_FINISH 0xE5 ------------------ 251| 8| spdm_context->connection_info.algorithm.req_base_asym_alg, 252| 8| spdm_context->connection_info.algorithm.base_hash_algo, 253| 8| context, hash_data, hash_size, sign_data, sign_data_size, 254| 8| &spdm_context->spdm_10_11_verify_signature_endian); 255| 8| if (slot_id == 0xFF) { ------------------ | Branch (255:9): [True: 0, False: 8] ------------------ 256| 0| libspdm_req_asym_free(spdm_context->connection_info.algorithm.req_base_asym_alg, context); 257| 0| } 258| 8|#endif /* LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT */ 259| | 260| 8| if (!result) { ------------------ | Branch (260:9): [True: 5, False: 3] ------------------ 261| 5| LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR, "!!! VerifyFinishSignature - FAIL !!!\n")); 262| 5| return false; 263| 5| } 264| 3| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "!!! VerifyFinishSignature - PASS !!!\n")); 265| | 266| 3| return true; 267| 8|} libspdm_generate_finish_rsp_hmac: 273| 4|{ 274| 4| uint8_t hmac_data[LIBSPDM_MAX_HASH_SIZE]; 275| 4| size_t hash_size; 276| 4| bool result; 277| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 278| | uint8_t slot_id; 279| | uint8_t *cert_chain_buffer; 280| | size_t cert_chain_buffer_size; 281| | uint8_t *mut_cert_chain_buffer; 282| | size_t mut_cert_chain_buffer_size; 283| | uint8_t *th_curr_data; 284| | size_t th_curr_data_size; 285| | libspdm_th_managed_buffer_t th_curr; 286| | uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE]; 287| |#endif 288| | 289| 4| hash_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo); 290| | 291| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 292| | slot_id = spdm_context->connection_info.local_used_cert_chain_slot_id; 293| | LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); 294| | if (slot_id == 0xFF) { 295| | result = libspdm_get_local_public_key_buffer( 296| | spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); 297| | } else { 298| | result = libspdm_get_local_cert_chain_buffer( 299| | spdm_context, (const void **)&cert_chain_buffer, &cert_chain_buffer_size); 300| | } 301| | if (!result) { 302| | return false; 303| | } 304| | 305| | if (session_info->mut_auth_requested != 0) { 306| | slot_id = spdm_context->connection_info.peer_used_cert_chain_slot_id; 307| | LIBSPDM_ASSERT((slot_id < SPDM_MAX_SLOT_COUNT) || (slot_id == 0xFF)); 308| | if (slot_id == 0xFF) { 309| | result = libspdm_get_peer_public_key_buffer( 310| | spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); 311| | } else { 312| | result = libspdm_get_peer_cert_chain_buffer( 313| | spdm_context, (const void **)&mut_cert_chain_buffer, &mut_cert_chain_buffer_size); 314| | } 315| | if (!result) { 316| | return false; 317| | } 318| | } else { 319| | mut_cert_chain_buffer = NULL; 320| | mut_cert_chain_buffer_size = 0; 321| | } 322| | 323| | result = libspdm_calculate_th_for_finish( 324| | spdm_context, session_info, cert_chain_buffer, 325| | cert_chain_buffer_size, mut_cert_chain_buffer, 326| | mut_cert_chain_buffer_size, &th_curr); 327| | if (!result) { 328| | return false; 329| | } 330| | th_curr_data = libspdm_get_managed_buffer(&th_curr); 331| | th_curr_data_size = libspdm_get_managed_buffer_size(&th_curr); 332| | 333| | result = libspdm_hash_all (spdm_context->connection_info.algorithm.base_hash_algo, 334| | th_curr_data, th_curr_data_size, hash_data); 335| | if (!result) { 336| | return false; 337| | } 338| | 339| | result = libspdm_hmac_all_with_response_finished_key( 340| | session_info->secured_message_context, hash_data, hash_size, hmac_data); 341| | if (!result) { 342| | return false; 343| | } 344| |#else 345| 4| result = libspdm_calculate_th_hmac_for_finish_rsp( 346| 4| spdm_context, session_info, &hash_size, hmac_data); 347| 4| if (!result) { ------------------ | Branch (347:9): [True: 0, False: 4] ------------------ 348| 0| return false; 349| 0| } 350| 4|#endif 351| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "th_curr hmac - ")); 352| 4| LIBSPDM_INTERNAL_DUMP_DATA(hmac_data, hash_size); 353| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n")); 354| | 355| 4| libspdm_copy_mem(hmac, hash_size, hmac_data, hash_size); 356| | 357| 4| return true; 358| 4|} libspdm_get_response_finish: 364| 952|{ 365| 952| uint32_t session_id; 366| 952| bool result; 367| 952| uint32_t hmac_size; 368| 952| uint32_t signature_size; 369| 952| uint8_t req_slot_id; 370| 952| const spdm_finish_request_t *spdm_request; 371| 952| spdm_finish_response_t *spdm_response; 372| 952| libspdm_session_info_t *session_info; 373| 952| uint8_t th2_hash_data[LIBSPDM_MAX_HASH_SIZE]; 374| 952| libspdm_return_t status; 375| 952| libspdm_session_state_t session_state; 376| | 377| 952| spdm_request = request; 378| | 379| | /* -=[Check Parameters Phase]=- */ 380| 952| LIBSPDM_ASSERT(spdm_request->header.request_response_code == SPDM_FINISH); 381| | 382| 952| if (libspdm_get_connection_version(spdm_context) < SPDM_MESSAGE_VERSION_11) { ------------------ | | 111| 952|#define SPDM_MESSAGE_VERSION_11 0x11 ------------------ | Branch (382:9): [True: 0, False: 952] ------------------ 383| 0| return libspdm_generate_error_response(spdm_context, 384| 0| SPDM_ERROR_CODE_UNSUPPORTED_REQUEST, ------------------ | | 859| 0|#define SPDM_ERROR_CODE_UNSUPPORTED_REQUEST 0x07 ------------------ 385| 0| SPDM_FINISH, ------------------ | | 78| 0|#define SPDM_FINISH 0xE5 ------------------ 386| 0| response_size, response); 387| 0| } 388| | 389| 952| if (spdm_request->header.spdm_version != libspdm_get_connection_version(spdm_context)) { ------------------ | Branch (389:9): [True: 861, False: 91] ------------------ 390| 861| return libspdm_generate_error_response(spdm_context, 391| 861| SPDM_ERROR_CODE_VERSION_MISMATCH, 0, ------------------ | | 860| 861|#define SPDM_ERROR_CODE_VERSION_MISMATCH 0x41 ------------------ 392| 861| response_size, response); 393| 861| } 394| 91| if (spdm_context->response_state != LIBSPDM_RESPONSE_STATE_NORMAL) { ------------------ | Branch (394:9): [True: 5, False: 86] ------------------ 395| 5| return libspdm_responder_handle_response_state( 396| 5| spdm_context, 397| 5| spdm_request->header.request_response_code, 398| 5| response_size, response); 399| 5| } 400| 86| if (!libspdm_is_capabilities_flag_supported( ------------------ | Branch (400:9): [True: 5, False: 81] ------------------ 401| 86| spdm_context, false, 402| 86| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP, ------------------ | | 190| 86|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP 0x00000200 ------------------ 403| 86| SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP)) { ------------------ | | 251| 86|#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP 0x00000200 ------------------ 404| 5| return libspdm_generate_error_response( 405| 5| spdm_context, SPDM_ERROR_CODE_UNSUPPORTED_REQUEST, ------------------ | | 859| 5|#define SPDM_ERROR_CODE_UNSUPPORTED_REQUEST 0x07 ------------------ 406| 5| SPDM_FINISH, response_size, response); ------------------ | | 78| 5|#define SPDM_FINISH 0xE5 ------------------ 407| 5| } 408| 81| if (spdm_context->connection_info.connection_state < LIBSPDM_CONNECTION_STATE_NEGOTIATED) { ------------------ | Branch (408:9): [True: 5, False: 76] ------------------ 409| 5| return libspdm_generate_error_response(spdm_context, 410| 5| SPDM_ERROR_CODE_UNEXPECTED_REQUEST, ------------------ | | 857| 5|#define SPDM_ERROR_CODE_UNEXPECTED_REQUEST 0x04 ------------------ 411| 5| 0, response_size, response); 412| 5| } 413| 76| if (!libspdm_is_capabilities_flag_supported( ------------------ | Branch (413:9): [True: 5, False: 71] ------------------ 414| 76| spdm_context, false, 415| 76| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP, ------------------ | | 196| 76|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 ------------------ 416| 76| SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP)) { ------------------ | | 258| 76|#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 ------------------ 417| | /* No handshake in clear, then it must be in a session.*/ 418| 5| if (!spdm_context->last_spdm_request_session_id_valid) { ------------------ | Branch (418:13): [True: 5, False: 0] ------------------ 419| 5| if (libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_12) { ------------------ | | 112| 5|#define SPDM_MESSAGE_VERSION_12 0x12 ------------------ | Branch (419:17): [True: 0, False: 5] ------------------ 420| 0| return libspdm_generate_error_response( 421| 0| spdm_context, SPDM_ERROR_CODE_SESSION_REQUIRED, 0, response_size, response); ------------------ | | 872| 0|#define SPDM_ERROR_CODE_SESSION_REQUIRED 0x0B ------------------ 422| 5| } else { 423| 5| return libspdm_generate_error_response( 424| 5| spdm_context, SPDM_ERROR_CODE_UNSPECIFIED, 0, response_size, response); ------------------ | | 858| 5|#define SPDM_ERROR_CODE_UNSPECIFIED 0x05 ------------------ 425| 5| } 426| 5| } 427| 71| } else { 428| | /* handshake in clear, then it must not be in a session.*/ 429| 71| if (spdm_context->last_spdm_request_session_id_valid) { ------------------ | Branch (429:13): [True: 5, False: 66] ------------------ 430| 5| if (libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_12) { ------------------ | | 112| 5|#define SPDM_MESSAGE_VERSION_12 0x12 ------------------ | Branch (430:17): [True: 0, False: 5] ------------------ 431| 0| return libspdm_generate_error_response( 432| 0| spdm_context, SPDM_ERROR_CODE_SESSION_REQUIRED, 0, response_size, response); ------------------ | | 872| 0|#define SPDM_ERROR_CODE_SESSION_REQUIRED 0x0B ------------------ 433| 5| } else { 434| 5| return libspdm_generate_error_response( 435| 5| spdm_context, SPDM_ERROR_CODE_UNSPECIFIED, 0, response_size, response); ------------------ | | 858| 5|#define SPDM_ERROR_CODE_UNSPECIFIED 0x05 ------------------ 436| 5| } 437| 5| } 438| 71| } 439| 66| if (spdm_context->last_spdm_request_session_id_valid) { ------------------ | Branch (439:9): [True: 0, False: 66] ------------------ 440| 0| session_id = spdm_context->last_spdm_request_session_id; 441| 66| } else { 442| 66| session_id = spdm_context->latest_session_id; 443| 66| } 444| 66| session_info = libspdm_get_session_info_via_session_id(spdm_context, session_id); 445| 66| if (session_info == NULL) { ------------------ | Branch (445:9): [True: 0, False: 66] ------------------ 446| 0| if (libspdm_get_connection_version(spdm_context) >= SPDM_MESSAGE_VERSION_12) { ------------------ | | 112| 0|#define SPDM_MESSAGE_VERSION_12 0x12 ------------------ | Branch (446:13): [True: 0, False: 0] ------------------ 447| 0| return libspdm_generate_error_response(spdm_context, 448| 0| SPDM_ERROR_CODE_SESSION_REQUIRED, 0, ------------------ | | 872| 0|#define SPDM_ERROR_CODE_SESSION_REQUIRED 0x0B ------------------ 449| 0| response_size, response); 450| 0| } else { 451| 0| return libspdm_generate_error_response(spdm_context, 452| 0| SPDM_ERROR_CODE_UNSPECIFIED, 0, ------------------ | | 858| 0|#define SPDM_ERROR_CODE_UNSPECIFIED 0x05 ------------------ 453| 0| response_size, response); 454| 0| } 455| 0| } 456| 66| if (session_info->use_psk) { ------------------ | Branch (456:9): [True: 0, False: 66] ------------------ 457| 0| return libspdm_generate_error_response(spdm_context, 458| 0| SPDM_ERROR_CODE_UNEXPECTED_REQUEST, 0, ------------------ | | 857| 0|#define SPDM_ERROR_CODE_UNEXPECTED_REQUEST 0x04 ------------------ 459| 0| response_size, response); 460| 0| } 461| 66| session_state = libspdm_secured_message_get_session_state( 462| 66| session_info->secured_message_context); 463| 66| if (session_state != LIBSPDM_SESSION_STATE_HANDSHAKING) { ------------------ | Branch (463:9): [True: 5, False: 61] ------------------ 464| 5| return libspdm_generate_error_response(spdm_context, 465| 5| SPDM_ERROR_CODE_UNEXPECTED_REQUEST, 0, ------------------ | | 857| 5|#define SPDM_ERROR_CODE_UNEXPECTED_REQUEST 0x04 ------------------ 466| 5| response_size, response); 467| 5| } 468| | 469| 61| if (((session_info->mut_auth_requested == 0) && ------------------ | Branch (469:10): [True: 5, False: 56] ------------------ 470| 61| ((spdm_request->header.param1 & SPDM_FINISH_REQUEST_ATTRIBUTES_SIGNATURE_INCLUDED) != ------------------ | | 1021| 5|#define SPDM_FINISH_REQUEST_ATTRIBUTES_SIGNATURE_INCLUDED 0x00000001 ------------------ | Branch (470:10): [True: 4, False: 1] ------------------ 471| 5| 0)) || 472| 61| ((session_info->mut_auth_requested != 0) && ------------------ | Branch (472:10): [True: 56, False: 1] ------------------ 473| 57| ((spdm_request->header.param1 & SPDM_FINISH_REQUEST_ATTRIBUTES_SIGNATURE_INCLUDED) == ------------------ | | 1021| 56|#define SPDM_FINISH_REQUEST_ATTRIBUTES_SIGNATURE_INCLUDED 0x00000001 ------------------ | Branch (473:10): [True: 31, False: 25] ------------------ 474| 56| 0))) { 475| 35| return libspdm_generate_error_response(spdm_context, 476| 35| SPDM_ERROR_CODE_INVALID_REQUEST, 0, ------------------ | | 855| 35|#define SPDM_ERROR_CODE_INVALID_REQUEST 0x01 ------------------ 477| 35| response_size, response); 478| 35| } 479| | 480| 26| hmac_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo); 481| 26| signature_size = 0; 482| 26|#if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP 483| 26| if (session_info->mut_auth_requested != 0) { ------------------ | Branch (483:9): [True: 25, False: 1] ------------------ 484| 25| signature_size = libspdm_get_req_asym_signature_size( 485| 25| spdm_context->connection_info.algorithm.req_base_asym_alg); 486| 25| } 487| 26|#endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */ 488| | 489| 26| if (request_size < sizeof(spdm_finish_request_t) + signature_size + hmac_size) { ------------------ | Branch (489:9): [True: 0, False: 26] ------------------ 490| 0| return libspdm_generate_error_response(spdm_context, 491| 0| SPDM_ERROR_CODE_INVALID_REQUEST, 0, ------------------ | | 855| 0|#define SPDM_ERROR_CODE_INVALID_REQUEST 0x01 ------------------ 492| 0| response_size, response); 493| 0| } 494| | 495| 26| if ((spdm_request->header.param1 & SPDM_FINISH_REQUEST_ATTRIBUTES_SIGNATURE_INCLUDED) != 0) { ------------------ | | 1021| 26|#define SPDM_FINISH_REQUEST_ATTRIBUTES_SIGNATURE_INCLUDED 0x00000001 ------------------ | Branch (495:9): [True: 25, False: 1] ------------------ 496| 25| req_slot_id = spdm_request->header.param2; 497| 25| if ((req_slot_id != 0xFF) && (req_slot_id >= SPDM_MAX_SLOT_COUNT)) { ------------------ | | 18| 23|#define SPDM_MAX_SLOT_COUNT 8 ------------------ | Branch (497:13): [True: 23, False: 2] | Branch (497:38): [True: 17, False: 6] ------------------ 498| 17| return libspdm_generate_error_response(spdm_context, 499| 17| SPDM_ERROR_CODE_INVALID_REQUEST, 0, ------------------ | | 855| 17|#define SPDM_ERROR_CODE_INVALID_REQUEST 0x01 ------------------ 500| 17| response_size, response); 501| 17| } 502| | 503| 8| if (libspdm_is_capabilities_flag_supported( ------------------ | Branch (503:13): [True: 8, False: 0] ------------------ 504| 8| spdm_context, false, 505| 8| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP, ------------------ | | 196| 8|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 ------------------ 506| 8| SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP)) { ------------------ | | 258| 8|#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 ------------------ 507| 8| if (((session_info->mut_auth_requested == ------------------ | Branch (507:18): [True: 0, False: 8] ------------------ 508| 8| SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST) || ------------------ | | 996| 8|#define SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_ENCAP_REQUEST 0x00000002 ------------------ 509| 8| (session_info->mut_auth_requested == ------------------ | Branch (509:18): [True: 0, False: 8] ------------------ 510| 8| SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_GET_DIGESTS)) && ------------------ | | 997| 8|#define SPDM_KEY_EXCHANGE_RESPONSE_MUT_AUTH_REQUESTED_WITH_GET_DIGESTS 0x00000004 ------------------ 511| 8| (req_slot_id != spdm_context->encap_context.req_slot_id)) { ------------------ | Branch (511:17): [True: 0, False: 0] ------------------ 512| 0| return libspdm_generate_error_response(spdm_context, 513| 0| SPDM_ERROR_CODE_INVALID_REQUEST, 0, ------------------ | | 855| 0|#define SPDM_ERROR_CODE_INVALID_REQUEST 0x01 ------------------ 514| 0| response_size, response); 515| 0| } 516| 8| } 517| 8| } 518| | 519| 9| libspdm_reset_message_buffer_via_request_code(spdm_context, session_info, 520| 9| spdm_request->header.request_response_code); 521| | 522| 9| status = libspdm_append_message_f(spdm_context, session_info, false, request, 523| 9| sizeof(spdm_finish_request_t)); 524| 9| if (LIBSPDM_STATUS_IS_ERROR(status)) { ------------------ | | 30| 9| (LIBSPDM_STATUS_SEVERITY(status) == LIBSPDM_SEVERITY_ERROR) | | ------------------ | | | | 37| 9|#define LIBSPDM_STATUS_SEVERITY(status) (((status) >> 28) & 0xf) | | ------------------ | | (LIBSPDM_STATUS_SEVERITY(status) == LIBSPDM_SEVERITY_ERROR) | | ------------------ | | | | 44| 9|#define LIBSPDM_SEVERITY_ERROR 0x8 | | ------------------ | | | Branch (30:5): [True: 0, False: 9] | | ------------------ ------------------ 525| 0| return libspdm_generate_error_response(spdm_context, 526| 0| SPDM_ERROR_CODE_UNSPECIFIED, 0, ------------------ | | 858| 0|#define SPDM_ERROR_CODE_UNSPECIFIED 0x05 ------------------ 527| 0| response_size, response); 528| 0| } 529| 9|#if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP 530| 9| if (session_info->mut_auth_requested != 0) { ------------------ | Branch (530:9): [True: 8, False: 1] ------------------ 531| 8| result = libspdm_verify_finish_req_signature( 532| 8| spdm_context, session_info, 533| 8| (const uint8_t *)request + sizeof(spdm_finish_request_t), signature_size); 534| 8| if (!result) { ------------------ | Branch (534:13): [True: 5, False: 3] ------------------ 535| 5| if((spdm_context->handle_error_return_policy & ------------------ | Branch (535:16): [True: 5, False: 0] ------------------ 536| 5| LIBSPDM_DATA_HANDLE_ERROR_RETURN_POLICY_DROP_ON_DECRYPT_ERROR) == 0) { ------------------ | | 171| 5|#define LIBSPDM_DATA_HANDLE_ERROR_RETURN_POLICY_DROP_ON_DECRYPT_ERROR 0x1 ------------------ 537| 5| return libspdm_generate_error_response( 538| 5| spdm_context, SPDM_ERROR_CODE_DECRYPT_ERROR, 0, ------------------ | | 866| 5|#define SPDM_ERROR_CODE_DECRYPT_ERROR 0x06 ------------------ 539| 5| response_size, response); 540| 5| } else { 541| | /** 542| | * just ignore this message 543| | * return UNSUPPORTED and clear response_size to continue the dispatch without send response. 544| | **/ 545| 0| *response_size = 0; 546| 0| return LIBSPDM_STATUS_UNSUPPORTED_CAP; ------------------ | | 78| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0002) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 547| 0| } 548| 5| } 549| 3| status = libspdm_append_message_f( 550| 3| spdm_context, session_info, false, 551| 3| (const uint8_t *)request + sizeof(spdm_finish_request_t), signature_size); 552| 3| if (LIBSPDM_STATUS_IS_ERROR(status)) { ------------------ | | 30| 3| (LIBSPDM_STATUS_SEVERITY(status) == LIBSPDM_SEVERITY_ERROR) | | ------------------ | | | | 37| 3|#define LIBSPDM_STATUS_SEVERITY(status) (((status) >> 28) & 0xf) | | ------------------ | | (LIBSPDM_STATUS_SEVERITY(status) == LIBSPDM_SEVERITY_ERROR) | | ------------------ | | | | 44| 3|#define LIBSPDM_SEVERITY_ERROR 0x8 | | ------------------ | | | Branch (30:5): [True: 0, False: 3] | | ------------------ ------------------ 553| 0| return libspdm_generate_error_response( 554| 0| spdm_context, SPDM_ERROR_CODE_UNSPECIFIED, ------------------ | | 858| 0|#define SPDM_ERROR_CODE_UNSPECIFIED 0x05 ------------------ 555| 0| 0, response_size, response); 556| 0| } 557| 3| } 558| 4|#endif /* LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP */ 559| | 560| 4| result = libspdm_verify_finish_req_hmac( 561| 4| spdm_context, session_info, (const uint8_t *)request + signature_size + 562| 4| sizeof(spdm_finish_request_t), hmac_size); 563| 4| if (!result) { ------------------ | Branch (563:9): [True: 0, False: 4] ------------------ 564| 0| if((spdm_context->handle_error_return_policy & ------------------ | Branch (564:12): [True: 0, False: 0] ------------------ 565| 0| LIBSPDM_DATA_HANDLE_ERROR_RETURN_POLICY_DROP_ON_DECRYPT_ERROR) == 0) { ------------------ | | 171| 0|#define LIBSPDM_DATA_HANDLE_ERROR_RETURN_POLICY_DROP_ON_DECRYPT_ERROR 0x1 ------------------ 566| 0| return libspdm_generate_error_response( 567| 0| spdm_context, SPDM_ERROR_CODE_DECRYPT_ERROR, 0, ------------------ | | 866| 0|#define SPDM_ERROR_CODE_DECRYPT_ERROR 0x06 ------------------ 568| 0| response_size, response); 569| 0| } else { 570| | /** 571| | * just ignore this message 572| | * return UNSUPPORTED and clear response_size to continue the dispatch without send response 573| | **/ 574| 0| *response_size = 0; 575| 0| return LIBSPDM_STATUS_UNSUPPORTED_CAP; ------------------ | | 78| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_ERROR, LIBSPDM_SOURCE_CORE, 0x0002) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 576| 0| } 577| 0| } 578| | 579| 4| status = libspdm_append_message_f(spdm_context, session_info, false, 580| 4| (const uint8_t *)request + signature_size + 581| 4| sizeof(spdm_finish_request_t), 582| 4| hmac_size); 583| 4| if (LIBSPDM_STATUS_IS_ERROR(status)) { ------------------ | | 30| 4| (LIBSPDM_STATUS_SEVERITY(status) == LIBSPDM_SEVERITY_ERROR) | | ------------------ | | | | 37| 4|#define LIBSPDM_STATUS_SEVERITY(status) (((status) >> 28) & 0xf) | | ------------------ | | (LIBSPDM_STATUS_SEVERITY(status) == LIBSPDM_SEVERITY_ERROR) | | ------------------ | | | | 44| 4|#define LIBSPDM_SEVERITY_ERROR 0x8 | | ------------------ | | | Branch (30:5): [True: 0, False: 4] | | ------------------ ------------------ 584| 0| return libspdm_generate_error_response(spdm_context, 585| 0| SPDM_ERROR_CODE_UNSPECIFIED, 0, ------------------ | | 858| 0|#define SPDM_ERROR_CODE_UNSPECIFIED 0x05 ------------------ 586| 0| response_size, response); 587| 0| } 588| | 589| 4| if (!libspdm_is_capabilities_flag_supported( ------------------ | Branch (589:9): [True: 0, False: 4] ------------------ 590| 4| spdm_context, false, 591| 4| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP, ------------------ | | 196| 4|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 ------------------ 592| 4| SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP)) { ------------------ | | 258| 4|#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 ------------------ 593| 0| hmac_size = 0; 594| 0| } 595| | 596| 4| LIBSPDM_ASSERT(*response_size >= sizeof(spdm_finish_response_t) + hmac_size); 597| 4| *response_size = sizeof(spdm_finish_response_t) + hmac_size; 598| 4| libspdm_zero_mem(response, *response_size); 599| 4| spdm_response = response; 600| | 601| 4| spdm_response->header.spdm_version = spdm_request->header.spdm_version; 602| 4| spdm_response->header.request_response_code = SPDM_FINISH_RSP; ------------------ | | 41| 4|#define SPDM_FINISH_RSP 0x65 ------------------ 603| 4| spdm_response->header.param1 = 0; 604| 4| spdm_response->header.param2 = 0; 605| | 606| 4| status = libspdm_append_message_f(spdm_context, session_info, false, spdm_response, 607| 4| sizeof(spdm_finish_response_t)); 608| 4| if (LIBSPDM_STATUS_IS_ERROR(status)) { ------------------ | | 30| 4| (LIBSPDM_STATUS_SEVERITY(status) == LIBSPDM_SEVERITY_ERROR) | | ------------------ | | | | 37| 4|#define LIBSPDM_STATUS_SEVERITY(status) (((status) >> 28) & 0xf) | | ------------------ | | (LIBSPDM_STATUS_SEVERITY(status) == LIBSPDM_SEVERITY_ERROR) | | ------------------ | | | | 44| 4|#define LIBSPDM_SEVERITY_ERROR 0x8 | | ------------------ | | | Branch (30:5): [True: 0, False: 4] | | ------------------ ------------------ 609| 0| return libspdm_generate_error_response(spdm_context, 610| 0| SPDM_ERROR_CODE_UNSPECIFIED, 0, ------------------ | | 858| 0|#define SPDM_ERROR_CODE_UNSPECIFIED 0x05 ------------------ 611| 0| response_size, response); 612| 0| } 613| | 614| 4| if (libspdm_is_capabilities_flag_supported( ------------------ | Branch (614:9): [True: 4, False: 0] ------------------ 615| 4| spdm_context, false, 616| 4| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP, ------------------ | | 196| 4|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 ------------------ 617| 4| SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP)) { ------------------ | | 258| 4|#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 ------------------ 618| 4| result = libspdm_generate_finish_rsp_hmac( 619| 4| spdm_context, session_info, (uint8_t *)spdm_response + sizeof(spdm_finish_request_t)); 620| 4| if (!result) { ------------------ | Branch (620:13): [True: 0, False: 4] ------------------ 621| 0| return libspdm_generate_error_response( 622| 0| spdm_context, 623| 0| SPDM_ERROR_CODE_UNSPECIFIED, ------------------ | | 858| 0|#define SPDM_ERROR_CODE_UNSPECIFIED 0x05 ------------------ 624| 0| 0, response_size, response); 625| 0| } 626| | 627| 4| status = libspdm_append_message_f( 628| 4| spdm_context, session_info, false, 629| 4| (uint8_t *)spdm_response + sizeof(spdm_finish_request_t), hmac_size); 630| 4| if (LIBSPDM_STATUS_IS_ERROR(status)) { ------------------ | | 30| 4| (LIBSPDM_STATUS_SEVERITY(status) == LIBSPDM_SEVERITY_ERROR) | | ------------------ | | | | 37| 4|#define LIBSPDM_STATUS_SEVERITY(status) (((status) >> 28) & 0xf) | | ------------------ | | (LIBSPDM_STATUS_SEVERITY(status) == LIBSPDM_SEVERITY_ERROR) | | ------------------ | | | | 44| 4|#define LIBSPDM_SEVERITY_ERROR 0x8 | | ------------------ | | | Branch (30:5): [True: 0, False: 4] | | ------------------ ------------------ 631| 0| return libspdm_generate_error_response( 632| 0| spdm_context, SPDM_ERROR_CODE_UNSPECIFIED, ------------------ | | 858| 0|#define SPDM_ERROR_CODE_UNSPECIFIED 0x05 ------------------ 633| 0| 0, response_size, response); 634| 0| } 635| 4| } 636| | 637| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "libspdm_generate_session_data_key[%x]\n", session_id)); 638| 4| result = libspdm_calculate_th2_hash(spdm_context, session_info, false, th2_hash_data); 639| 4| if (!result) { ------------------ | Branch (639:9): [True: 0, False: 4] ------------------ 640| 0| return libspdm_generate_error_response(spdm_context, 641| 0| SPDM_ERROR_CODE_UNSPECIFIED, 0, ------------------ | | 858| 0|#define SPDM_ERROR_CODE_UNSPECIFIED 0x05 ------------------ 642| 0| response_size, response); 643| 0| } 644| 4| result = libspdm_generate_session_data_key( 645| 4| session_info->secured_message_context, th2_hash_data); 646| 4| if (!result) { ------------------ | Branch (646:9): [True: 0, False: 4] ------------------ 647| 0| return libspdm_generate_error_response(spdm_context, 648| 0| SPDM_ERROR_CODE_UNSPECIFIED, 0, ------------------ | | 858| 0|#define SPDM_ERROR_CODE_UNSPECIFIED 0x05 ------------------ 649| 0| response_size, response); 650| 0| } 651| | 652| 4| #if LIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP 653| 4| if (libspdm_is_capabilities_flag_supported( ------------------ | Branch (653:9): [True: 0, False: 4] ------------------ 654| 4| spdm_context, false, 655| 4| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HBEAT_CAP, ------------------ | | 194| 4|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HBEAT_CAP 0x00002000 ------------------ 656| 4| SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HBEAT_CAP)) { ------------------ | | 256| 4|#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HBEAT_CAP 0x00002000 ------------------ 657| 0| result = libspdm_start_watchdog( 658| 0| session_id, spdm_context->local_context.heartbeat_period * 2); 659| 0| if (!result) { ------------------ | Branch (659:13): [True: 0, False: 0] ------------------ 660| 0| return libspdm_generate_error_response(spdm_context, 661| 0| SPDM_ERROR_CODE_UNSPECIFIED, 0, ------------------ | | 858| 0|#define SPDM_ERROR_CODE_UNSPECIFIED 0x05 ------------------ 662| 0| response_size, response); 663| 0| } 664| 0| } 665| 4| #endif /* LIBSPDM_ENABLE_CAPABILITY_HBEAT_CAP */ 666| | 667| 4| return LIBSPDM_STATUS_SUCCESS; ------------------ | | 59| 4| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_SUCCESS, LIBSPDM_SOURCE_SUCCESS, 0x0000) | | ------------------ | | | | 55| 4| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 668| 4|} libspdm_responder_handle_response_state: 13| 5|{ 14| 5| libspdm_return_t status; 15| | 16| 5| switch (spdm_context->response_state) { 17| 5| case LIBSPDM_RESPONSE_STATE_BUSY: ------------------ | Branch (17:5): [True: 5, False: 0] ------------------ 18| 5| return libspdm_generate_error_response(spdm_context, SPDM_ERROR_CODE_BUSY, ------------------ | | 856| 5|#define SPDM_ERROR_CODE_BUSY 0x03 ------------------ 19| 5| 0, response_size, response); 20| | /* NOTE: Need to reset status to Normal in up level*/ 21| 0| case LIBSPDM_RESPONSE_STATE_NEED_RESYNC: ------------------ | Branch (21:5): [True: 0, False: 5] ------------------ 22| 0| status = libspdm_generate_error_response(spdm_context, 23| 0| SPDM_ERROR_CODE_REQUEST_RESYNCH, 0, ------------------ | | 862| 0|#define SPDM_ERROR_CODE_REQUEST_RESYNCH 0x43 ------------------ 24| 0| response_size, response); 25| 0| if (LIBSPDM_STATUS_IS_ERROR(status)) { ------------------ | | 30| 0| (LIBSPDM_STATUS_SEVERITY(status) == LIBSPDM_SEVERITY_ERROR) | | ------------------ | | | | 37| 0|#define LIBSPDM_STATUS_SEVERITY(status) (((status) >> 28) & 0xf) | | ------------------ | | (LIBSPDM_STATUS_SEVERITY(status) == LIBSPDM_SEVERITY_ERROR) | | ------------------ | | | | 44| 0|#define LIBSPDM_SEVERITY_ERROR 0x8 | | ------------------ | | | Branch (30:5): [True: 0, False: 0] | | ------------------ ------------------ 26| 0| return status; 27| 0| } 28| | /* NOTE: Need to let SPDM_VERSION reset the State*/ 29| 0| libspdm_set_connection_state(spdm_context, 30| 0| LIBSPDM_CONNECTION_STATE_NOT_STARTED); 31| 0| return LIBSPDM_STATUS_SUCCESS; ------------------ | | 59| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_SUCCESS, LIBSPDM_SOURCE_SUCCESS, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 32| 0| #if LIBSPDM_RESPOND_IF_READY_SUPPORT 33| 0| case LIBSPDM_RESPONSE_STATE_NOT_READY: ------------------ | Branch (33:5): [True: 0, False: 5] ------------------ 34| | /*do not update ErrorData if a previous request has not been completed*/ 35| 0| if(request_code != SPDM_RESPOND_IF_READY) { ------------------ | | 74| 0|#define SPDM_RESPOND_IF_READY 0xFF ------------------ | Branch (35:12): [True: 0, False: 0] ------------------ 36| 0| spdm_context->cache_spdm_request_size = spdm_context->last_spdm_request_size; 37| 0| libspdm_copy_mem(spdm_context->cache_spdm_request, 38| 0| libspdm_get_scratch_buffer_cache_spdm_request_capacity(spdm_context), 39| 0| spdm_context->last_spdm_request, 40| 0| spdm_context->last_spdm_request_size); 41| 0| spdm_context->error_data.rd_exponent = 1; 42| 0| spdm_context->error_data.rd_tm = 1; 43| 0| spdm_context->error_data.request_code = request_code; 44| 0| spdm_context->error_data.token = spdm_context->current_token++; 45| 0| } 46| 0| return libspdm_generate_extended_error_response( 47| 0| spdm_context, SPDM_ERROR_CODE_RESPONSE_NOT_READY, 0, ------------------ | | 861| 0|#define SPDM_ERROR_CODE_RESPONSE_NOT_READY 0x42 ------------------ 48| 0| sizeof(spdm_error_data_response_not_ready_t), 49| 0| (uint8_t *)(void *)&spdm_context->error_data, 50| 0| response_size, response); 51| 0| #endif /* LIBSPDM_RESPOND_IF_READY_SUPPORT */ 52| | /* NOTE: Need to reset status to Normal in up level*/ 53| 0| case LIBSPDM_RESPONSE_STATE_PROCESSING_ENCAP: ------------------ | Branch (53:5): [True: 0, False: 5] ------------------ 54| 0| return libspdm_generate_error_response(spdm_context, 55| 0| SPDM_ERROR_CODE_REQUEST_IN_FLIGHT, ------------------ | | 867| 0|#define SPDM_ERROR_CODE_REQUEST_IN_FLIGHT 0x08 ------------------ 56| 0| 0, response_size, response); 57| | /* NOTE: Need let SPDM_ENCAPSULATED_RESPONSE_ACK reset the State*/ 58| 0| default: ------------------ | Branch (58:5): [True: 0, False: 5] ------------------ 59| 0| return LIBSPDM_STATUS_SUCCESS; ------------------ | | 59| 0| LIBSPDM_STATUS_CONSTRUCT(LIBSPDM_SEVERITY_SUCCESS, LIBSPDM_SOURCE_SUCCESS, 0x0000) | | ------------------ | | | | 55| 0| ((libspdm_return_t)(((severity) << 28) | ((source) << 16) | (code))) | | ------------------ ------------------ 60| 5| } 61| 5|} libspdm_secured_message_get_context_size: 15| 1.90k|{ 16| 1.90k| return sizeof(libspdm_secured_message_context_t); 17| 1.90k|} libspdm_secured_message_init_context: 27| 4.16k|{ 28| 4.16k| libspdm_secured_message_context_t *secured_message_context; 29| | 30| 4.16k| secured_message_context = spdm_secured_message_context; 31| 4.16k| libspdm_zero_mem(secured_message_context, sizeof(libspdm_secured_message_context_t)); 32| 4.16k|} libspdm_secured_message_set_use_psk: 41| 357|{ 42| 357| libspdm_secured_message_context_t *secured_message_context; 43| | 44| 357| secured_message_context = spdm_secured_message_context; 45| 357| secured_message_context->use_psk = use_psk; 46| 357|} libspdm_secured_message_set_session_state: 57| 357|{ 58| 357| libspdm_secured_message_context_t *secured_message_context; 59| | 60| 357| secured_message_context = spdm_secured_message_context; 61| 357| secured_message_context->session_state = session_state; 62| | 63| 357| if (session_state == LIBSPDM_SESSION_STATE_ESTABLISHED) { ------------------ | Branch (63:9): [True: 0, False: 357] ------------------ 64| | /* session handshake key should be zeroized after handshake phase. */ 65| 0| libspdm_clear_handshake_secret(secured_message_context); 66| 0| libspdm_clear_master_secret(secured_message_context); 67| 0| } 68| 357|} libspdm_secured_message_get_session_state: 79| 66|{ 80| 66| libspdm_secured_message_context_t *secured_message_context; 81| | 82| 66| secured_message_context = spdm_secured_message_context; 83| 66| return secured_message_context->session_state; 84| 66|} libspdm_secured_message_set_session_type: 94| 357|{ 95| 357| libspdm_secured_message_context_t *secured_message_context; 96| | 97| 357| secured_message_context = spdm_secured_message_context; 98| 357| secured_message_context->session_type = session_type; 99| 357|} libspdm_secured_message_set_algorithms: 117| 357|{ 118| 357| libspdm_secured_message_context_t *secured_message_context; 119| | 120| 357| secured_message_context = spdm_secured_message_context; 121| 357| secured_message_context->version = version; 122| 357| secured_message_context->secured_message_version = secured_message_version; 123| 357| secured_message_context->base_hash_algo = base_hash_algo; 124| 357| secured_message_context->dhe_named_group = dhe_named_group; 125| 357| secured_message_context->aead_cipher_suite = aead_cipher_suite; 126| 357| secured_message_context->key_schedule = key_schedule; 127| | 128| 357| secured_message_context->hash_size = 129| 357| libspdm_get_hash_size(secured_message_context->base_hash_algo); 130| 357| secured_message_context->dhe_key_size = libspdm_get_dhe_pub_key_size( 131| 357| secured_message_context->dhe_named_group); 132| 357| secured_message_context->aead_key_size = libspdm_get_aead_key_size( 133| 357| secured_message_context->aead_cipher_suite); 134| 357| secured_message_context->aead_iv_size = libspdm_get_aead_iv_size( 135| 357| secured_message_context->aead_cipher_suite); 136| 357| secured_message_context->aead_tag_size = libspdm_get_aead_tag_size( 137| 357| secured_message_context->aead_cipher_suite); 138| 357|} libspdm_secured_message_set_max_spdm_session_sequence_number: 167| 357|{ 168| 357| libspdm_secured_message_context_t *secured_message_context; 169| | 170| 357| secured_message_context = spdm_secured_message_context; 171| 357| secured_message_context->max_spdm_session_sequence_number = max_spdm_session_sequence_number; 172| 357|} libspdm_secured_message_set_sequence_number_endian: 177| 357|{ 178| 357| libspdm_secured_message_context_t *secured_message_context; 179| | 180| 357| secured_message_context = spdm_secured_message_context; 181| 357| secured_message_context->sequence_number_endian = endian_value; 182| 357|} libspdm_bin_concat: 25| 32|{ 26| 32| size_t final_size; 27| | 28| | /* The correct version characters (1.1 or 1.2) will replace the x.x. */ 29| 32| #define LIBSPDM_BIN_CONCAT_LABEL "spdmx.x " 30| | 31| 32| final_size = sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1 + label_size; ------------------ | | 29| 32| #define LIBSPDM_BIN_CONCAT_LABEL "spdmx.x " ------------------ 32| 32| if (context != NULL) { ------------------ | Branch (32:9): [True: 12, False: 20] ------------------ 33| 12| final_size += hash_size; 34| 12| } 35| | 36| 32| LIBSPDM_ASSERT(*out_bin_size >= final_size); 37| | 38| 32| *out_bin_size = final_size; 39| | 40| 32| libspdm_copy_mem(out_bin, *out_bin_size, &length, sizeof(uint16_t)); 41| 32| libspdm_copy_mem(out_bin + sizeof(uint16_t), *out_bin_size - sizeof(uint16_t), 42| 32| LIBSPDM_BIN_CONCAT_LABEL, sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1); ------------------ | | 29| 32| #define LIBSPDM_BIN_CONCAT_LABEL "spdmx.x " ------------------ LIBSPDM_BIN_CONCAT_LABEL, sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1); ------------------ | | 29| 32| #define LIBSPDM_BIN_CONCAT_LABEL "spdmx.x " ------------------ 43| | 44| | /* Patch the version. */ 45| 32| out_bin[6] = (char)('0' + ((spdm_version >> 12) & 0xF)); 46| 32| out_bin[8] = (char)('0' + ((spdm_version >> 8) & 0xF)); 47| 32| libspdm_copy_mem(out_bin + sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1, ------------------ | | 29| 32| #define LIBSPDM_BIN_CONCAT_LABEL "spdmx.x " ------------------ 48| 32| *out_bin_size - (sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) - 1), ------------------ | | 29| 32| #define LIBSPDM_BIN_CONCAT_LABEL "spdmx.x " ------------------ 49| 32| label, label_size); 50| | 51| 32| if (context != NULL) { ------------------ | Branch (51:9): [True: 12, False: 20] ------------------ 52| 12| libspdm_copy_mem(out_bin + sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) - ------------------ | | 29| 12| #define LIBSPDM_BIN_CONCAT_LABEL "spdmx.x " ------------------ 53| 12| 1 + label_size, 54| 12| *out_bin_size - (sizeof(uint16_t) + sizeof(LIBSPDM_BIN_CONCAT_LABEL) - ------------------ | | 29| 12| #define LIBSPDM_BIN_CONCAT_LABEL "spdmx.x " ------------------ 55| 12| 1 + label_size), context, hash_size); 56| 12| } 57| | 58| 32| #undef LIBSPDM_BIN_CONCAT_LABEL 59| 32|} libspdm_generate_aead_key_and_iv: 74| 8|{ 75| 8| bool status; 76| 8| size_t hash_size; 77| 8| size_t key_length; 78| 8| size_t iv_length; 79| 8| uint8_t bin_str5[128]; 80| 8| size_t bin_str5_size; 81| 8| uint8_t bin_str6[128]; 82| 8| size_t bin_str6_size; 83| | 84| 8| hash_size = secured_message_context->hash_size; 85| 8| key_length = secured_message_context->aead_key_size; 86| 8| iv_length = secured_message_context->aead_iv_size; 87| | 88| 8| bin_str5_size = sizeof(bin_str5); 89| 8| libspdm_bin_concat(secured_message_context->version, 90| 8| SPDM_BIN_STR_5_LABEL, sizeof(SPDM_BIN_STR_5_LABEL) - 1, ------------------ | | 1504| 8|#define SPDM_BIN_STR_5_LABEL "key" ------------------ SPDM_BIN_STR_5_LABEL, sizeof(SPDM_BIN_STR_5_LABEL) - 1, ------------------ | | 1504| 8|#define SPDM_BIN_STR_5_LABEL "key" ------------------ 91| 8| NULL, (uint16_t)key_length, hash_size, bin_str5, 92| 8| &bin_str5_size); 93| | 94| 8| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str5 (0x%zx):\n", bin_str5_size)); 95| 8| LIBSPDM_INTERNAL_DUMP_HEX(bin_str5, bin_str5_size); 96| 8| status = libspdm_hkdf_expand(secured_message_context->base_hash_algo, 97| 8| major_secret, hash_size, bin_str5, 98| 8| bin_str5_size, key, key_length); 99| 8| if (!status) { ------------------ | Branch (99:9): [True: 0, False: 8] ------------------ 100| 0| return false; 101| 0| } 102| 8| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "key (0x%zx) - ", key_length)); 103| 8| LIBSPDM_INTERNAL_DUMP_DATA(key, key_length); 104| 8| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n")); 105| | 106| 8| bin_str6_size = sizeof(bin_str6); 107| 8| libspdm_bin_concat(secured_message_context->version, 108| 8| SPDM_BIN_STR_6_LABEL, sizeof(SPDM_BIN_STR_6_LABEL) - 1, ------------------ | | 1505| 8|#define SPDM_BIN_STR_6_LABEL "iv" ------------------ SPDM_BIN_STR_6_LABEL, sizeof(SPDM_BIN_STR_6_LABEL) - 1, ------------------ | | 1505| 8|#define SPDM_BIN_STR_6_LABEL "iv" ------------------ 109| 8| NULL, (uint16_t)iv_length, hash_size, bin_str6, 110| 8| &bin_str6_size); 111| | 112| 8| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str6 (0x%zx):\n", bin_str6_size)); 113| 8| LIBSPDM_INTERNAL_DUMP_HEX(bin_str6, bin_str6_size); 114| 8| status = libspdm_hkdf_expand(secured_message_context->base_hash_algo, 115| 8| major_secret, hash_size, bin_str6, 116| 8| bin_str6_size, iv, iv_length); 117| 8| if (!status) { ------------------ | Branch (117:9): [True: 0, False: 8] ------------------ 118| 0| return false; 119| 0| } 120| 8| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "iv (0x%zx) - ", iv_length)); 121| 8| LIBSPDM_INTERNAL_DUMP_DATA(iv, iv_length); 122| 8| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n")); 123| | 124| 8| return true; 125| 8|} libspdm_generate_session_data_key: 355| 4|{ 356| 4| bool status; 357| 4| size_t hash_size; 358| 4| uint8_t salt1[LIBSPDM_MAX_HASH_SIZE]; 359| 4| uint8_t bin_str0[128]; 360| 4| size_t bin_str0_size; 361| 4| uint8_t bin_str3[128]; 362| 4| size_t bin_str3_size; 363| 4| uint8_t bin_str4[128]; 364| 4| size_t bin_str4_size; 365| 4| uint8_t bin_str8[128]; 366| 4| size_t bin_str8_size; 367| 4| libspdm_secured_message_context_t *secured_message_context; 368| 4| uint8_t zero_filled_buffer[LIBSPDM_MAX_HASH_SIZE]; 369| | 370| 4| secured_message_context = spdm_secured_message_context; 371| | 372| 4| hash_size = secured_message_context->hash_size; 373| | 374| 4| if (!(secured_message_context->use_psk)) { ------------------ | Branch (374:9): [True: 4, False: 0] ------------------ 375| 4| bin_str0_size = sizeof(bin_str0); 376| 4| libspdm_bin_concat(secured_message_context->version, 377| 4| SPDM_BIN_STR_0_LABEL, ------------------ | | 1499| 4|#define SPDM_BIN_STR_0_LABEL "derived" ------------------ 378| 4| sizeof(SPDM_BIN_STR_0_LABEL) - 1, NULL, ------------------ | | 1499| 4|#define SPDM_BIN_STR_0_LABEL "derived" ------------------ 379| 4| (uint16_t)hash_size, hash_size, bin_str0, 380| 4| &bin_str0_size); 381| | 382| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str0 (0x%zx):\n", bin_str0_size)); 383| 4| LIBSPDM_INTERNAL_DUMP_HEX(bin_str0, bin_str0_size); 384| | 385| 4| status = libspdm_hkdf_expand( 386| 4| secured_message_context->base_hash_algo, 387| 4| secured_message_context->master_secret.handshake_secret, 388| 4| hash_size, bin_str0, bin_str0_size, salt1, hash_size); 389| 4| if (!status) { ------------------ | Branch (389:13): [True: 0, False: 4] ------------------ 390| 0| return false; 391| 0| } 392| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "salt1 (0x%zx) - ", hash_size)); 393| 4| LIBSPDM_INTERNAL_DUMP_DATA(salt1, hash_size); 394| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n")); 395| | 396| 4| libspdm_zero_mem(zero_filled_buffer, sizeof(zero_filled_buffer)); 397| 4| status = libspdm_hkdf_extract( 398| 4| secured_message_context->base_hash_algo, 399| 4| zero_filled_buffer, hash_size, salt1, hash_size, 400| 4| secured_message_context->master_secret.master_secret, hash_size); 401| 4| if (!status) { ------------------ | Branch (401:13): [True: 0, False: 4] ------------------ 402| 0| goto cleanup; 403| 0| } 404| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "master_secret (0x%zx) - ", hash_size)); 405| 4| LIBSPDM_INTERNAL_DUMP_DATA( 406| 4| secured_message_context->master_secret.master_secret, 407| 4| hash_size); 408| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n")); 409| 4| } 410| | 411| 4| bin_str3_size = sizeof(bin_str3); 412| 4| libspdm_bin_concat(secured_message_context->version, 413| 4| SPDM_BIN_STR_3_LABEL, sizeof(SPDM_BIN_STR_3_LABEL) - 1, ------------------ | | 1502| 4|#define SPDM_BIN_STR_3_LABEL "req app data" ------------------ SPDM_BIN_STR_3_LABEL, sizeof(SPDM_BIN_STR_3_LABEL) - 1, ------------------ | | 1502| 4|#define SPDM_BIN_STR_3_LABEL "req app data" ------------------ 414| 4| th2_hash_data, (uint16_t)hash_size, hash_size, 415| 4| bin_str3, &bin_str3_size); 416| | 417| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str3 (0x%zx):\n", bin_str3_size)); 418| 4| LIBSPDM_INTERNAL_DUMP_HEX(bin_str3, bin_str3_size); 419| | 420| 4| #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP 421| 4| if (secured_message_context->use_psk) { ------------------ | Branch (421:9): [True: 0, False: 4] ------------------ 422| 0| status = libspdm_psk_master_secret_hkdf_expand( 423| 0| secured_message_context->version, 424| 0| secured_message_context->base_hash_algo, 425| 0| secured_message_context->psk_hint, 426| 0| secured_message_context->psk_hint_size, bin_str3, 427| 0| bin_str3_size, 428| 0| secured_message_context->application_secret.request_data_secret, 429| 0| hash_size); 430| | 431| 0| if (!status) { ------------------ | Branch (431:13): [True: 0, False: 0] ------------------ 432| 0| goto cleanup; 433| 0| } 434| 0| } 435| 4| #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */ 436| 4| if (!(secured_message_context->use_psk)) { ------------------ | Branch (436:9): [True: 4, False: 0] ------------------ 437| 4| status = libspdm_hkdf_expand( 438| 4| secured_message_context->base_hash_algo, 439| 4| secured_message_context->master_secret.master_secret, 440| 4| hash_size, bin_str3, bin_str3_size, 441| 4| secured_message_context->application_secret.request_data_secret, 442| 4| hash_size); 443| | 444| 4| if (!status) { ------------------ | Branch (444:13): [True: 0, False: 4] ------------------ 445| 0| goto cleanup; 446| 0| } 447| 4| } 448| | 449| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "request_data_secret (0x%zx) - ", hash_size)); 450| 4| LIBSPDM_INTERNAL_DUMP_DATA( 451| 4| secured_message_context->application_secret.request_data_secret, 452| 4| hash_size); 453| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n")); 454| 4| bin_str4_size = sizeof(bin_str4); 455| 4| libspdm_bin_concat(secured_message_context->version, 456| 4| SPDM_BIN_STR_4_LABEL, sizeof(SPDM_BIN_STR_4_LABEL) - 1, ------------------ | | 1503| 4|#define SPDM_BIN_STR_4_LABEL "rsp app data" ------------------ SPDM_BIN_STR_4_LABEL, sizeof(SPDM_BIN_STR_4_LABEL) - 1, ------------------ | | 1503| 4|#define SPDM_BIN_STR_4_LABEL "rsp app data" ------------------ 457| 4| th2_hash_data, (uint16_t)hash_size, hash_size, 458| 4| bin_str4, &bin_str4_size); 459| | 460| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str4 (0x%zx):\n", bin_str4_size)); 461| 4| LIBSPDM_INTERNAL_DUMP_HEX(bin_str4, bin_str4_size); 462| | 463| 4| #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP 464| 4| if (secured_message_context->use_psk) { ------------------ | Branch (464:9): [True: 0, False: 4] ------------------ 465| 0| status = libspdm_psk_master_secret_hkdf_expand( 466| 0| secured_message_context->version, 467| 0| secured_message_context->base_hash_algo, 468| 0| secured_message_context->psk_hint, 469| 0| secured_message_context->psk_hint_size, bin_str4, 470| 0| bin_str4_size, 471| 0| secured_message_context->application_secret.response_data_secret, 472| 0| hash_size); 473| | 474| 0| if (!status) { ------------------ | Branch (474:13): [True: 0, False: 0] ------------------ 475| 0| goto cleanup; 476| 0| } 477| 0| } 478| 4| #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */ 479| 4| if (!(secured_message_context->use_psk)) { ------------------ | Branch (479:9): [True: 4, False: 0] ------------------ 480| 4| status = libspdm_hkdf_expand( 481| 4| secured_message_context->base_hash_algo, 482| 4| secured_message_context->master_secret.master_secret, 483| 4| hash_size, bin_str4, bin_str4_size, 484| 4| secured_message_context->application_secret.response_data_secret, 485| 4| hash_size); 486| | 487| 4| if (!status) { ------------------ | Branch (487:13): [True: 0, False: 4] ------------------ 488| 0| goto cleanup; 489| 0| } 490| 4| } 491| | 492| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "response_data_secret (0x%zx) - ", hash_size)); 493| 4| LIBSPDM_INTERNAL_DUMP_DATA( 494| 4| secured_message_context->application_secret.response_data_secret, 495| 4| hash_size); 496| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n")); 497| | 498| 4| bin_str8_size = sizeof(bin_str8); 499| 4| libspdm_bin_concat(secured_message_context->version, 500| 4| SPDM_BIN_STR_8_LABEL, sizeof(SPDM_BIN_STR_8_LABEL) - 1, ------------------ | | 1507| 4|#define SPDM_BIN_STR_8_LABEL "exp master" ------------------ SPDM_BIN_STR_8_LABEL, sizeof(SPDM_BIN_STR_8_LABEL) - 1, ------------------ | | 1507| 4|#define SPDM_BIN_STR_8_LABEL "exp master" ------------------ 501| 4| th2_hash_data, (uint16_t)hash_size, hash_size, 502| 4| bin_str8, &bin_str8_size); 503| | 504| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "bin_str8 (0x%zx):\n", bin_str8_size)); 505| 4| LIBSPDM_INTERNAL_DUMP_HEX(bin_str8, bin_str8_size); 506| | 507| 4| #if LIBSPDM_ENABLE_CAPABILITY_PSK_CAP 508| 4| if (secured_message_context->use_psk) { ------------------ | Branch (508:9): [True: 0, False: 4] ------------------ 509| 0| status = libspdm_psk_master_secret_hkdf_expand( 510| 0| secured_message_context->version, 511| 0| secured_message_context->base_hash_algo, 512| 0| secured_message_context->psk_hint, 513| 0| secured_message_context->psk_hint_size, bin_str8, 514| 0| bin_str8_size, 515| 0| secured_message_context->export_master_secret, 516| 0| hash_size); 517| | 518| 0| if (!status) { ------------------ | Branch (518:13): [True: 0, False: 0] ------------------ 519| 0| goto cleanup; 520| 0| } 521| 0| } 522| 4| #endif /* LIBSPDM_ENABLE_CAPABILITY_PSK_CAP */ 523| 4| if (!(secured_message_context->use_psk)) { ------------------ | Branch (523:9): [True: 4, False: 0] ------------------ 524| 4| status = libspdm_hkdf_expand( 525| 4| secured_message_context->base_hash_algo, 526| 4| secured_message_context->master_secret.master_secret, 527| 4| hash_size, bin_str8, bin_str8_size, 528| 4| secured_message_context->export_master_secret, 529| 4| hash_size); 530| | 531| 4| if (!status) { ------------------ | Branch (531:13): [True: 0, False: 4] ------------------ 532| 0| goto cleanup; 533| 0| } 534| 4| } 535| | 536| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "export_master_secret (0x%zx) - ", hash_size)); 537| 4| LIBSPDM_INTERNAL_DUMP_DATA( 538| 4| secured_message_context->export_master_secret, hash_size); 539| 4| LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n")); 540| | 541| 4| status = libspdm_generate_aead_key_and_iv( 542| 4| secured_message_context, 543| 4| secured_message_context->application_secret.request_data_secret, 544| 4| secured_message_context->application_secret.request_data_encryption_key, 545| 4| secured_message_context->application_secret.request_data_salt); 546| 4| if (!status) { ------------------ | Branch (546:9): [True: 0, False: 4] ------------------ 547| 0| goto cleanup; 548| 0| } 549| 4| secured_message_context->application_secret.request_data_sequence_number = 0; 550| | 551| 4| status = libspdm_generate_aead_key_and_iv( 552| 4| secured_message_context, 553| 4| secured_message_context->application_secret.response_data_secret, 554| 4| secured_message_context->application_secret.response_data_encryption_key, 555| 4| secured_message_context->application_secret.response_data_salt); 556| 4| if (!status) { ------------------ | Branch (556:9): [True: 0, False: 4] ------------------ 557| 0| goto cleanup; 558| 0| } 559| 4| secured_message_context->application_secret.response_data_sequence_number = 0; 560| | 561| 4|cleanup: 562| | /*zero salt1 for security*/ 563| 4| libspdm_zero_mem(salt1, hash_size); 564| 4| return status; 565| 4|} libspdm_hmac_all_with_request_finished_key: 962| 4|{ 963| 4| libspdm_secured_message_context_t *secured_message_context; 964| | 965| 4| secured_message_context = spdm_secured_message_context; 966| 4| return libspdm_hmac_all( 967| 4| secured_message_context->base_hash_algo, data, data_size, 968| 4| secured_message_context->handshake_secret.request_finished_key, 969| 4| secured_message_context->hash_size, hmac_value); 970| 4|} libspdm_hmac_all_with_response_finished_key: 1100| 4|{ 1101| 4| libspdm_secured_message_context_t *secured_message_context; 1102| | 1103| 4| secured_message_context = spdm_secured_message_context; 1104| 4| return libspdm_hmac_all( 1105| 4| secured_message_context->base_hash_algo, data, data_size, 1106| 4| secured_message_context->handshake_secret.response_finished_key, 1107| 4| secured_message_context->hash_size, hmac_value); 1108| 4|} libspdm_sha256_new: 23| 38|{ 24| 38| void *hmac_md_ctx; 25| | 26| 38| hmac_md_ctx = allocate_zero_pool(sizeof(mbedtls_sha256_context)); 27| 38| if (hmac_md_ctx == NULL) { ------------------ | Branch (27:9): [True: 0, False: 38] ------------------ 28| 0| return NULL; 29| 0| } 30| | 31| 38| return hmac_md_ctx; 32| 38|} libspdm_sha256_free: 41| 38|{ 42| 38| mbedtls_sha256_free(sha256_ctx); 43| 38| free_pool (sha256_ctx); 44| 38|} libspdm_sha256_init: 59| 9|{ 60| 9| int ret; 61| | 62| 9| if (sha256_context == NULL) { ------------------ | Branch (62:9): [True: 0, False: 9] ------------------ 63| 0| return false; 64| 0| } 65| | 66| 9| mbedtls_sha256_init(sha256_context); 67| | 68| 9| ret = mbedtls_sha256_starts(sha256_context, false); 69| 9| if (ret != 0) { ------------------ | Branch (69:9): [True: 0, False: 9] ------------------ 70| 0| return false; 71| 0| } 72| 9| return true; 73| 9|} libspdm_sha256_duplicate: 90| 29|{ 91| 29| if (sha256_context == NULL || new_sha256_context == NULL) { ------------------ | Branch (91:9): [True: 0, False: 29] | Branch (91:35): [True: 0, False: 29] ------------------ 92| 0| return false; 93| 0| } 94| | 95| 29| mbedtls_sha256_clone(new_sha256_context, sha256_context); 96| | 97| 29| return true; 98| 29|} libspdm_sha256_update: 120| 59|{ 121| 59| int ret; 122| | 123| 59| if (sha256_context == NULL) { ------------------ | Branch (123:9): [True: 0, False: 59] ------------------ 124| 0| return false; 125| 0| } 126| | 127| 59| if (data == NULL && data_size != 0) { ------------------ | Branch (127:9): [True: 9, False: 50] | Branch (127:25): [True: 0, False: 9] ------------------ 128| 0| return false; 129| 0| } 130| 59| if (data_size > INT_MAX) { ------------------ | Branch (130:9): [True: 0, False: 59] ------------------ 131| 0| return false; 132| 0| } 133| | 134| 59| ret = mbedtls_sha256_update(sha256_context, data, data_size); 135| 59| if (ret != 0) { ------------------ | Branch (135:9): [True: 0, False: 59] ------------------ 136| 0| return false; 137| 0| } 138| 59| return true; 139| 59|} libspdm_sha256_final: 162| 20|{ 163| 20| int ret; 164| | 165| 20| if (sha256_context == NULL || hash_value == NULL) { ------------------ | Branch (165:9): [True: 0, False: 20] | Branch (165:35): [True: 0, False: 20] ------------------ 166| 0| return false; 167| 0| } 168| | 169| 20| ret = mbedtls_sha256_finish(sha256_context, hash_value); 170| 20| mbedtls_sha256_free(sha256_context); 171| 20| if (ret != 0) { ------------------ | Branch (171:9): [True: 0, False: 20] ------------------ 172| 0| return false; 173| 0| } 174| 20| return true; 175| 20|} libspdm_sha256_hash_all: 197| 1.33k|{ 198| 1.33k| int ret; 199| | 200| 1.33k| if (hash_value == NULL) { ------------------ | Branch (200:9): [True: 0, False: 1.33k] ------------------ 201| 0| return false; 202| 0| } 203| 1.33k| if (data == NULL && data_size != 0) { ------------------ | Branch (203:9): [True: 0, False: 1.33k] | Branch (203:25): [True: 0, False: 0] ------------------ 204| 0| return false; 205| 0| } 206| 1.33k| if (data_size > INT_MAX) { ------------------ | Branch (206:9): [True: 0, False: 1.33k] ------------------ 207| 0| return false; 208| 0| } 209| | 210| 1.33k| ret = mbedtls_sha256(data, data_size, hash_value, false); 211| 1.33k| if (ret != 0) { ------------------ | Branch (211:9): [True: 0, False: 1.33k] ------------------ 212| 0| return false; 213| 0| } 214| 1.33k| return true; 215| 1.33k|} hmac_md_all: 260| 246|{ 261| 246| const mbedtls_md_info_t *md_info; 262| 246| int ret; 263| | 264| 246| md_info = mbedtls_md_info_from_type(md_type); 265| 246| LIBSPDM_ASSERT(md_info != NULL); 266| | 267| 246| ret = mbedtls_md_hmac(md_info, key, key_size, data, data_size, 268| 246| hmac_value); 269| 246| if (ret != 0) { ------------------ | Branch (269:9): [True: 0, False: 246] ------------------ 270| 0| return false; 271| 0| } 272| 246| return true; 273| 246|} libspdm_hmac_sha256_all: 410| 246|{ 411| 246| return hmac_md_all(MBEDTLS_MD_SHA256, data, data_size, key, key_size, 412| 246| hmac_value); 413| 246|} hkdf_md_extract: 79| 4|{ 80| 4| const mbedtls_md_info_t *md; 81| 4| int ret; 82| 4| size_t md_size; 83| | 84| 4| if (key == NULL || salt == NULL || prk_out == NULL || ------------------ | Branch (84:9): [True: 0, False: 4] | Branch (84:24): [True: 0, False: 4] | Branch (84:40): [True: 0, False: 4] ------------------ 85| 4| key_size > INT_MAX || salt_size > INT_MAX || ------------------ | Branch (85:9): [True: 0, False: 4] | Branch (85:31): [True: 0, False: 4] ------------------ 86| 4| prk_out_size > INT_MAX) { ------------------ | Branch (86:9): [True: 0, False: 4] ------------------ 87| 0| return false; 88| 0| } 89| | 90| 4| md_size = 0; 91| 4| switch (md_type) { 92| 4| case MBEDTLS_MD_SHA256: ------------------ | Branch (92:5): [True: 4, False: 0] ------------------ 93| 4| md_size = LIBSPDM_SHA256_DIGEST_SIZE; ------------------ | | 11| 4|#define LIBSPDM_SHA256_DIGEST_SIZE 32 ------------------ 94| 4| break; 95| 0| case MBEDTLS_MD_SHA384: ------------------ | Branch (95:5): [True: 0, False: 4] ------------------ 96| 0| md_size = LIBSPDM_SHA384_DIGEST_SIZE; ------------------ | | 14| 0|#define LIBSPDM_SHA384_DIGEST_SIZE 48 ------------------ 97| 0| break; 98| 0| case MBEDTLS_MD_SHA512: ------------------ | Branch (98:5): [True: 0, False: 4] ------------------ 99| 0| md_size = LIBSPDM_SHA512_DIGEST_SIZE; ------------------ | | 17| 0|#define LIBSPDM_SHA512_DIGEST_SIZE 64 ------------------ 100| 0| break; 101| 0| default: ------------------ | Branch (101:5): [True: 0, False: 4] ------------------ 102| 0| return false; 103| 4| } 104| 4| if (prk_out_size != md_size) { ------------------ | Branch (104:9): [True: 0, False: 4] ------------------ 105| 0| return false; 106| 0| } 107| | 108| 4| md = mbedtls_md_info_from_type(md_type); 109| 4| LIBSPDM_ASSERT(md != NULL); 110| | 111| 4| ret = mbedtls_hkdf_extract(md, salt, (uint32_t)salt_size, key, 112| 4| (uint32_t)key_size, prk_out); 113| 4| if (ret != 0) { ------------------ | Branch (113:9): [True: 0, False: 4] ------------------ 114| 0| return false; 115| 0| } 116| | 117| 4| return true; 118| 4|} hkdf_md_expand: 138| 32|{ 139| 32| const mbedtls_md_info_t *md; 140| 32| int ret; 141| 32| size_t md_size; 142| | 143| 32| if (prk == NULL || info == NULL || out == NULL || prk_size > INT_MAX || ------------------ | Branch (143:9): [True: 0, False: 32] | Branch (143:24): [True: 0, False: 32] | Branch (143:40): [True: 0, False: 32] | Branch (143:55): [True: 0, False: 32] ------------------ 144| 32| info_size > INT_MAX || out_size > INT_MAX) { ------------------ | Branch (144:9): [True: 0, False: 32] | Branch (144:32): [True: 0, False: 32] ------------------ 145| 0| return false; 146| 0| } 147| | 148| 32| switch (md_type) { 149| 32| case MBEDTLS_MD_SHA256: ------------------ | Branch (149:5): [True: 32, False: 0] ------------------ 150| 32| md_size = LIBSPDM_SHA256_DIGEST_SIZE; ------------------ | | 11| 32|#define LIBSPDM_SHA256_DIGEST_SIZE 32 ------------------ 151| 32| break; 152| 0| case MBEDTLS_MD_SHA384: ------------------ | Branch (152:5): [True: 0, False: 32] ------------------ 153| 0| md_size = LIBSPDM_SHA384_DIGEST_SIZE; ------------------ | | 14| 0|#define LIBSPDM_SHA384_DIGEST_SIZE 48 ------------------ 154| 0| break; 155| 0| case MBEDTLS_MD_SHA512: ------------------ | Branch (155:5): [True: 0, False: 32] ------------------ 156| 0| md_size = LIBSPDM_SHA512_DIGEST_SIZE; ------------------ | | 17| 0|#define LIBSPDM_SHA512_DIGEST_SIZE 64 ------------------ 157| 0| break; 158| 0| default: ------------------ | Branch (158:5): [True: 0, False: 32] ------------------ 159| 0| LIBSPDM_ASSERT(false); 160| 0| return false; 161| 32| } 162| 32| if (prk_size != md_size) { ------------------ | Branch (162:9): [True: 0, False: 32] ------------------ 163| 0| return false; 164| 0| } 165| | 166| 32| md = mbedtls_md_info_from_type(md_type); 167| 32| LIBSPDM_ASSERT(md != NULL); 168| | 169| 32| ret = mbedtls_hkdf_expand(md, prk, (uint32_t)prk_size, info, 170| 32| (uint32_t)info_size, out, (uint32_t)out_size); 171| 32| if (ret != 0) { ------------------ | Branch (171:9): [True: 0, False: 32] ------------------ 172| 0| return false; 173| 0| } 174| | 175| 32| return true; 176| 32|} libspdm_hkdf_sha256_extract: 221| 4|{ 222| 4| return hkdf_md_extract(MBEDTLS_MD_SHA256, key, key_size, salt, 223| 4| salt_size, prk_out, prk_out_size); 224| 4|} libspdm_hkdf_sha256_expand: 243| 32|{ 244| 32| return hkdf_md_expand(MBEDTLS_MD_SHA256, prk, prk_size, info, info_size, 245| 32| out, out_size); 246| 32|} libspdm_rsa_get_private_key_from_pem: 56| 119|{ 57| 119| int ret; 58| 119| mbedtls_pk_context pk; 59| 119| mbedtls_rsa_context *rsa; 60| 119| uint8_t *new_pem_data; 61| 119| size_t password_len; 62| | 63| 119| if (pem_data == NULL || rsa_context == NULL || pem_size > INT_MAX) { ------------------ | Branch (63:9): [True: 0, False: 119] | Branch (63:29): [True: 0, False: 119] | Branch (63:52): [True: 0, False: 119] ------------------ 64| 0| return false; 65| 0| } 66| | 67| 119| new_pem_data = NULL; 68| 119| if (pem_data[pem_size - 1] != 0) { ------------------ | Branch (68:9): [True: 119, False: 0] ------------------ 69| 119| new_pem_data = allocate_pool(pem_size + 1); 70| 119| if (new_pem_data == NULL) { ------------------ | Branch (70:13): [True: 0, False: 119] ------------------ 71| 0| return false; 72| 0| } 73| 119| libspdm_copy_mem(new_pem_data, pem_size + 1, pem_data, pem_size); 74| 119| new_pem_data[pem_size] = 0; 75| 119| pem_data = new_pem_data; 76| 119| pem_size += 1; 77| 119| } 78| | 79| 119| mbedtls_pk_init(&pk); 80| | 81| 119| if (password != NULL) { ------------------ | Branch (81:9): [True: 0, False: 119] ------------------ 82| 0| password_len = ascii_str_len(password); 83| 119| } else { 84| 119| password_len = 0; 85| 119| } 86| | 87| 119| ret = mbedtls_pk_parse_key(&pk, pem_data, pem_size, 88| 119| (const uint8_t *)password, password_len, 89| 119| libspdm_myrand, NULL); 90| | 91| 119| if (new_pem_data != NULL) { ------------------ | Branch (91:9): [True: 119, False: 0] ------------------ 92| 119| free_pool(new_pem_data); 93| 119| new_pem_data = NULL; 94| 119| } 95| | 96| 119| if (ret != 0) { ------------------ | Branch (96:9): [True: 0, False: 119] ------------------ 97| 0| mbedtls_pk_free(&pk); 98| 0| return false; 99| 0| } 100| | 101| 119| if (mbedtls_pk_get_type(&pk) != MBEDTLS_PK_RSA) { ------------------ | Branch (101:9): [True: 0, False: 119] ------------------ 102| 0| mbedtls_pk_free(&pk); 103| 0| return false; 104| 0| } 105| | 106| 119| rsa = libspdm_rsa_new(); 107| 119| if (rsa == NULL) { ------------------ | Branch (107:9): [True: 0, False: 119] ------------------ 108| 0| return false; 109| 0| } 110| 119| ret = mbedtls_rsa_copy(rsa, mbedtls_pk_rsa(pk)); 111| 119| if (ret != 0) { ------------------ | Branch (111:9): [True: 0, False: 119] ------------------ 112| 0| libspdm_rsa_free(rsa); 113| 0| mbedtls_pk_free(&pk); 114| 0| return false; 115| 0| } 116| 119| mbedtls_pk_free(&pk); 117| | 118| 119| *rsa_context = rsa; 119| 119| return true; 120| 119|} libspdm_ec_free: 75| 357|{ 76| 357| mbedtls_ecdh_free(ec_context); 77| 357| free_pool(ec_context); 78| 357|} libspdm_rsa_new: 32| 357|{ 33| 357| void *rsa_context; 34| | 35| 357| rsa_context = allocate_zero_pool(sizeof(mbedtls_rsa_context)); 36| 357| if (rsa_context == NULL) { ------------------ | Branch (36:9): [True: 0, False: 357] ------------------ 37| 0| return rsa_context; 38| 0| } 39| | 40| 357| mbedtls_rsa_init(rsa_context); 41| | 42| 357| return rsa_context; 43| 357|} libspdm_rsa_free: 52| 357|{ 53| 357| mbedtls_rsa_free(rsa_context); 54| 357| free_pool(rsa_context); 55| 357|} libspdm_rsa_pkcs1_verify_with_nid: 165| 8|{ 166| 8| int ret; 167| 8| mbedtls_md_type_t md_alg; 168| 8| mbedtls_rsa_context *rsa_key; 169| | 170| 8| if (rsa_context == NULL || message_hash == NULL || signature == NULL) { ------------------ | Branch (170:9): [True: 0, False: 8] | Branch (170:32): [True: 0, False: 8] | Branch (170:56): [True: 0, False: 8] ------------------ 171| 0| return false; 172| 0| } 173| | 174| 8| if (sig_size > INT_MAX || sig_size == 0) { ------------------ | Branch (174:9): [True: 0, False: 8] | Branch (174:31): [True: 0, False: 8] ------------------ 175| 0| return false; 176| 0| } 177| | 178| 8| rsa_key = (mbedtls_rsa_context *)rsa_context; 179| 8| if (mbedtls_rsa_complete(rsa_key) != 0) { ------------------ | Branch (179:9): [True: 0, False: 8] ------------------ 180| 0| return false; 181| 0| } 182| | 183| 8| switch (hash_nid) { 184| 8| case LIBSPDM_CRYPTO_NID_SHA256: ------------------ | | 22| 8|#define LIBSPDM_CRYPTO_NID_SHA256 0x0001 ------------------ | Branch (184:5): [True: 8, False: 0] ------------------ 185| 8| md_alg = MBEDTLS_MD_SHA256; 186| 8| if (hash_size != LIBSPDM_SHA256_DIGEST_SIZE) { ------------------ | | 11| 8|#define LIBSPDM_SHA256_DIGEST_SIZE 32 ------------------ | Branch (186:13): [True: 0, False: 8] ------------------ 187| 0| return false; 188| 0| } 189| 8| break; 190| | 191| 8| case LIBSPDM_CRYPTO_NID_SHA384: ------------------ | | 23| 0|#define LIBSPDM_CRYPTO_NID_SHA384 0x0002 ------------------ | Branch (191:5): [True: 0, False: 8] ------------------ 192| 0| md_alg = MBEDTLS_MD_SHA384; 193| 0| if (hash_size != LIBSPDM_SHA384_DIGEST_SIZE) { ------------------ | | 14| 0|#define LIBSPDM_SHA384_DIGEST_SIZE 48 ------------------ | Branch (193:13): [True: 0, False: 0] ------------------ 194| 0| return false; 195| 0| } 196| 0| break; 197| | 198| 0| case LIBSPDM_CRYPTO_NID_SHA512: ------------------ | | 24| 0|#define LIBSPDM_CRYPTO_NID_SHA512 0x0003 ------------------ | Branch (198:5): [True: 0, False: 8] ------------------ 199| 0| md_alg = MBEDTLS_MD_SHA512; 200| 0| if (hash_size != LIBSPDM_SHA512_DIGEST_SIZE) { ------------------ | | 17| 0|#define LIBSPDM_SHA512_DIGEST_SIZE 64 ------------------ | Branch (200:13): [True: 0, False: 0] ------------------ 201| 0| return false; 202| 0| } 203| 0| break; 204| | 205| 0| case LIBSPDM_CRYPTO_NID_SHA3_256: ------------------ | | 25| 0|#define LIBSPDM_CRYPTO_NID_SHA3_256 0x0004 ------------------ | Branch (205:5): [True: 0, False: 8] ------------------ 206| 0| md_alg = MBEDTLS_MD_SHA3_256; 207| 0| if (hash_size != LIBSPDM_SHA3_256_DIGEST_SIZE) { ------------------ | | 20| 0|#define LIBSPDM_SHA3_256_DIGEST_SIZE 32 ------------------ | Branch (207:13): [True: 0, False: 0] ------------------ 208| 0| return false; 209| 0| } 210| 0| break; 211| | 212| 0| case LIBSPDM_CRYPTO_NID_SHA3_384: ------------------ | | 26| 0|#define LIBSPDM_CRYPTO_NID_SHA3_384 0x0005 ------------------ | Branch (212:5): [True: 0, False: 8] ------------------ 213| 0| md_alg = MBEDTLS_MD_SHA3_384; 214| 0| if (hash_size != LIBSPDM_SHA3_384_DIGEST_SIZE) { ------------------ | | 23| 0|#define LIBSPDM_SHA3_384_DIGEST_SIZE 48 ------------------ | Branch (214:13): [True: 0, False: 0] ------------------ 215| 0| return false; 216| 0| } 217| 0| break; 218| | 219| 0| case LIBSPDM_CRYPTO_NID_SHA3_512: ------------------ | | 27| 0|#define LIBSPDM_CRYPTO_NID_SHA3_512 0x0006 ------------------ | Branch (219:5): [True: 0, False: 8] ------------------ 220| 0| md_alg = MBEDTLS_MD_SHA3_512; 221| 0| if (hash_size != LIBSPDM_SHA3_512_DIGEST_SIZE) { ------------------ | | 26| 0|#define LIBSPDM_SHA3_512_DIGEST_SIZE 64 ------------------ | Branch (221:13): [True: 0, False: 0] ------------------ 222| 0| return false; 223| 0| } 224| 0| break; 225| | 226| 0| default: ------------------ | Branch (226:5): [True: 0, False: 8] ------------------ 227| 0| return false; 228| 8| } 229| | 230| 8| if (mbedtls_rsa_get_len(rsa_context) != sig_size) { ------------------ | Branch (230:9): [True: 0, False: 8] ------------------ 231| 0| return false; 232| 0| } 233| | 234| 8| mbedtls_rsa_set_padding(rsa_context, MBEDTLS_RSA_PKCS_V15, md_alg); ------------------ | | 55| 8|#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */ ------------------ 235| | 236| 8| ret = mbedtls_rsa_pkcs1_verify(rsa_context, md_alg, 237| 8| (uint32_t)hash_size, message_hash, 238| 8| signature); 239| 8| if (ret != 0) { ------------------ | Branch (239:9): [True: 5, False: 3] ------------------ 240| 5| return false; 241| 5| } 242| 3| return true; 243| 8|} libspdm_rsa_pkcs1_sign_with_nid: 279| 119|{ 280| 119| int ret; 281| 119| mbedtls_md_type_t md_alg; 282| 119| mbedtls_rsa_context *rsa_key; 283| | 284| 119| if (rsa_context == NULL || message_hash == NULL) { ------------------ | Branch (284:9): [True: 0, False: 119] | Branch (284:32): [True: 0, False: 119] ------------------ 285| 0| return false; 286| 0| } 287| | 288| 119| rsa_key = (mbedtls_rsa_context *)rsa_context; 289| 119| if (mbedtls_rsa_complete(rsa_key) != 0) { ------------------ | Branch (289:9): [True: 0, False: 119] ------------------ 290| 0| return false; 291| 0| } 292| | 293| 119| switch (hash_nid) { 294| 119| case LIBSPDM_CRYPTO_NID_SHA256: ------------------ | | 22| 119|#define LIBSPDM_CRYPTO_NID_SHA256 0x0001 ------------------ | Branch (294:5): [True: 119, False: 0] ------------------ 295| 119| md_alg = MBEDTLS_MD_SHA256; 296| 119| if (hash_size != LIBSPDM_SHA256_DIGEST_SIZE) { ------------------ | | 11| 119|#define LIBSPDM_SHA256_DIGEST_SIZE 32 ------------------ | Branch (296:13): [True: 0, False: 119] ------------------ 297| 0| return false; 298| 0| } 299| 119| break; 300| | 301| 119| case LIBSPDM_CRYPTO_NID_SHA384: ------------------ | | 23| 0|#define LIBSPDM_CRYPTO_NID_SHA384 0x0002 ------------------ | Branch (301:5): [True: 0, False: 119] ------------------ 302| 0| md_alg = MBEDTLS_MD_SHA384; 303| 0| if (hash_size != LIBSPDM_SHA384_DIGEST_SIZE) { ------------------ | | 14| 0|#define LIBSPDM_SHA384_DIGEST_SIZE 48 ------------------ | Branch (303:13): [True: 0, False: 0] ------------------ 304| 0| return false; 305| 0| } 306| 0| break; 307| | 308| 0| case LIBSPDM_CRYPTO_NID_SHA512: ------------------ | | 24| 0|#define LIBSPDM_CRYPTO_NID_SHA512 0x0003 ------------------ | Branch (308:5): [True: 0, False: 119] ------------------ 309| 0| md_alg = MBEDTLS_MD_SHA512; 310| 0| if (hash_size != LIBSPDM_SHA512_DIGEST_SIZE) { ------------------ | | 17| 0|#define LIBSPDM_SHA512_DIGEST_SIZE 64 ------------------ | Branch (310:13): [True: 0, False: 0] ------------------ 311| 0| return false; 312| 0| } 313| 0| break; 314| | 315| 0| case LIBSPDM_CRYPTO_NID_SHA3_256: ------------------ | | 25| 0|#define LIBSPDM_CRYPTO_NID_SHA3_256 0x0004 ------------------ | Branch (315:5): [True: 0, False: 119] ------------------ 316| 0| md_alg = MBEDTLS_MD_SHA3_256; 317| 0| if (hash_size != LIBSPDM_SHA3_256_DIGEST_SIZE) { ------------------ | | 20| 0|#define LIBSPDM_SHA3_256_DIGEST_SIZE 32 ------------------ | Branch (317:13): [True: 0, False: 0] ------------------ 318| 0| return false; 319| 0| } 320| 0| break; 321| | 322| 0| case LIBSPDM_CRYPTO_NID_SHA3_384: ------------------ | | 26| 0|#define LIBSPDM_CRYPTO_NID_SHA3_384 0x0005 ------------------ | Branch (322:5): [True: 0, False: 119] ------------------ 323| 0| md_alg = MBEDTLS_MD_SHA3_384; 324| 0| if (hash_size != LIBSPDM_SHA3_384_DIGEST_SIZE) { ------------------ | | 23| 0|#define LIBSPDM_SHA3_384_DIGEST_SIZE 48 ------------------ | Branch (324:13): [True: 0, False: 0] ------------------ 325| 0| return false; 326| 0| } 327| 0| break; 328| | 329| 0| case LIBSPDM_CRYPTO_NID_SHA3_512: ------------------ | | 27| 0|#define LIBSPDM_CRYPTO_NID_SHA3_512 0x0006 ------------------ | Branch (329:5): [True: 0, False: 119] ------------------ 330| 0| md_alg = MBEDTLS_MD_SHA3_512; 331| 0| if (hash_size != LIBSPDM_SHA3_512_DIGEST_SIZE) { ------------------ | | 26| 0|#define LIBSPDM_SHA3_512_DIGEST_SIZE 64 ------------------ | Branch (331:13): [True: 0, False: 0] ------------------ 332| 0| return false; 333| 0| } 334| 0| break; 335| | 336| 0| default: ------------------ | Branch (336:5): [True: 0, False: 119] ------------------ 337| 0| return false; 338| 119| } 339| | 340| 119| if (mbedtls_rsa_get_len(rsa_context) > *sig_size) { ------------------ | Branch (340:9): [True: 0, False: 119] ------------------ 341| 0| *sig_size = mbedtls_rsa_get_len(rsa_context); 342| 0| return false; 343| 0| } 344| | 345| 119| mbedtls_rsa_set_padding(rsa_context, MBEDTLS_RSA_PKCS_V15, md_alg); ------------------ | | 55| 119|#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */ ------------------ 346| | 347| 119| ret = mbedtls_rsa_pkcs1_sign(rsa_context, libspdm_myrand, NULL, 348| 119| md_alg, 349| 119| (uint32_t)hash_size, message_hash, 350| 119| signature); 351| 119| if (ret != 0) { ------------------ | Branch (351:9): [True: 0, False: 119] ------------------ 352| 0| return false; 353| 0| } 354| 119| *sig_size = mbedtls_rsa_get_len(rsa_context); 355| 119| return true; 356| 119|} libspdm_asn1_get_tag: 245| 9.04k|{ 246| 9.04k| if (mbedtls_asn1_get_tag(ptr, end, length, (int32_t)tag) == 0) { ------------------ | Branch (246:9): [True: 9.04k, False: 0] ------------------ 247| 9.04k| return true; 248| 9.04k| } else { 249| 0| return false; 250| 0| } 251| 9.04k|} libspdm_x509_get_subject_name: 273| 476|{ 274| 476| mbedtls_x509_crt crt; 275| 476| int ret; 276| 476| bool status; 277| | 278| | /* Check input parameters.*/ 279| 476| if (cert == NULL || cert == 0 || subject_size == NULL) { ------------------ | Branch (279:9): [True: 0, False: 476] | Branch (279:25): [True: 0, False: 476] | Branch (279:38): [True: 0, False: 476] ------------------ 280| 0| if (subject_size != NULL) { ------------------ | Branch (280:13): [True: 0, False: 0] ------------------ 281| 0| *subject_size = 0; 282| 0| } 283| 0| return false; 284| 0| } 285| | 286| 476| status = false; 287| | 288| 476| mbedtls_x509_crt_init(&crt); 289| | 290| 476| ret = mbedtls_x509_crt_parse_der(&crt, cert, cert_size); 291| | 292| 476| if (ret == 0) { ------------------ | Branch (292:9): [True: 476, False: 0] ------------------ 293| 476| if (*subject_size < crt.subject_raw.len) { ------------------ | Branch (293:13): [True: 476, False: 0] ------------------ 294| 476| *subject_size = crt.subject_raw.len; 295| 476| status = false; 296| 476| goto cleanup; 297| 476| } 298| 0| if (cert_subject != NULL) { ------------------ | Branch (298:13): [True: 0, False: 0] ------------------ 299| 0| libspdm_copy_mem(cert_subject, *subject_size, 300| 0| crt.subject_raw.p, crt.subject_raw.len); 301| 0| } 302| 0| *subject_size = crt.subject_raw.len; 303| 0| status = true; 304| 0| } else { 305| 0| *subject_size = 0; 306| 0| } 307| | 308| 476|cleanup: 309| 476| mbedtls_x509_crt_free(&crt); 310| | 311| 476| return status; 312| 476|} libspdm_rsa_get_public_key_from_x509: 493| 238|{ 494| 238| mbedtls_x509_crt crt; 495| 238| mbedtls_rsa_context *rsa; 496| 238| int ret; 497| | 498| 238| mbedtls_x509_crt_init(&crt); 499| | 500| 238| if (mbedtls_x509_crt_parse_der(&crt, cert, cert_size) != 0) { ------------------ | Branch (500:9): [True: 0, False: 238] ------------------ 501| 0| return false; 502| 0| } 503| | 504| 238| if (mbedtls_pk_get_type(&crt.pk) != MBEDTLS_PK_RSA) { ------------------ | Branch (504:9): [True: 0, False: 238] ------------------ 505| 0| mbedtls_x509_crt_free(&crt); 506| 0| return false; 507| 0| } 508| | 509| 238| rsa = libspdm_rsa_new(); 510| 238| if (rsa == NULL) { ------------------ | Branch (510:9): [True: 0, False: 238] ------------------ 511| 0| mbedtls_x509_crt_free(&crt); 512| 0| return false; 513| 0| } 514| 238| ret = mbedtls_rsa_copy(rsa, mbedtls_pk_rsa(crt.pk)); 515| 238| if (ret != 0) { ------------------ | Branch (515:9): [True: 0, False: 238] ------------------ 516| 0| libspdm_rsa_free(rsa); 517| 0| mbedtls_x509_crt_free(&crt); 518| 0| return false; 519| 0| } 520| 238| mbedtls_x509_crt_free(&crt); 521| | 522| 238| *rsa_context = rsa; 523| 238| return true; 524| 238|} libspdm_ec_get_public_key_from_x509: 545| 357|{ 546| 357| mbedtls_x509_crt crt; 547| 357| mbedtls_ecdh_context *ecdh; 548| 357| int ret; 549| | 550| 357| mbedtls_x509_crt_init(&crt); 551| | 552| 357| if (mbedtls_x509_crt_parse_der(&crt, cert, cert_size) != 0) { ------------------ | Branch (552:9): [True: 0, False: 357] ------------------ 553| 0| return false; 554| 0| } 555| | 556| 357| if (mbedtls_pk_get_type(&crt.pk) != MBEDTLS_PK_ECKEY) { ------------------ | Branch (556:9): [True: 0, False: 357] ------------------ 557| 0| mbedtls_x509_crt_free(&crt); 558| 0| return false; 559| 0| } 560| | 561| 357| ecdh = allocate_zero_pool(sizeof(mbedtls_ecdh_context)); 562| 357| if (ecdh == NULL) { ------------------ | Branch (562:9): [True: 0, False: 357] ------------------ 563| 0| mbedtls_x509_crt_free(&crt); 564| 0| return false; 565| 0| } 566| 357| mbedtls_ecdh_init(ecdh); 567| | 568| 357| ret = mbedtls_ecdh_get_params(ecdh, mbedtls_pk_ec(crt.pk), 569| 357| MBEDTLS_ECDH_OURS); 570| 357| if (ret != 0) { ------------------ | Branch (570:9): [True: 0, False: 357] ------------------ 571| 0| mbedtls_ecdh_free(ecdh); 572| 0| free_pool(ecdh); 573| 0| mbedtls_x509_crt_free(&crt); 574| 0| return false; 575| 0| } 576| 357| mbedtls_x509_crt_free(&crt); 577| | 578| 357| *ec_context = ecdh; 579| 357| return true; 580| 357|} libspdm_x509_verify_cert: 644| 1.42k|{ 645| 1.42k| int ret; 646| 1.42k| mbedtls_x509_crt ca, end; 647| 1.42k| uint32_t v_flag = 0; 648| 1.42k| mbedtls_x509_crt_profile profile = { 0 }; 649| | 650| 1.42k| if (cert == NULL || ca_cert == NULL) { ------------------ | Branch (650:9): [True: 0, False: 1.42k] | Branch (650:25): [True: 0, False: 1.42k] ------------------ 651| 0| return false; 652| 0| } 653| | 654| 1.42k| libspdm_copy_mem(&profile, sizeof(profile), 655| 1.42k| &mbedtls_x509_crt_profile_default, 656| 1.42k| sizeof(mbedtls_x509_crt_profile)); 657| | 658| 1.42k| mbedtls_x509_crt_init(&ca); 659| 1.42k| mbedtls_x509_crt_init(&end); 660| | 661| 1.42k| ret = mbedtls_x509_crt_parse_der(&ca, ca_cert, ca_cert_size); 662| | 663| 1.42k| if (ret == 0) { ------------------ | Branch (663:9): [True: 1.42k, False: 0] ------------------ 664| 1.42k| ret = mbedtls_x509_crt_parse_der(&end, cert, cert_size); 665| 1.42k| } 666| | 667| 1.42k| if (ret == 0) { ------------------ | Branch (667:9): [True: 1.42k, False: 0] ------------------ 668| 1.42k| ret = mbedtls_x509_crt_verify_with_profile( 669| 1.42k| &end, &ca, NULL, &profile, NULL, &v_flag, NULL, NULL); 670| 1.42k| } 671| | 672| 1.42k| mbedtls_x509_crt_free(&ca); 673| 1.42k| mbedtls_x509_crt_free(&end); 674| | 675| 1.42k| return ret == 0; 676| 1.42k|} libspdm_x509_verify_cert_chain: 698| 476|{ 699| 476| size_t asn1_len; 700| 476| size_t preceding_cert_len; 701| 476| const uint8_t *preceding_cert; 702| 476| size_t current_cert_len; 703| 476| const unsigned char *current_cert; 704| 476| const unsigned char *tmp_ptr; 705| 476| int ret; 706| 476| bool verify_flag; 707| | 708| 476| verify_flag = false; 709| 476| preceding_cert = root_cert; 710| 476| preceding_cert_len = root_cert_length; 711| | 712| 476| current_cert = (const unsigned char *)cert_chain; 713| | 714| | 715| | /* Get Current certificate from certificates buffer and Verify with preceding cert*/ 716| | 717| 1.90k| do { 718| 1.90k| tmp_ptr = current_cert; 719| 1.90k| ret = mbedtls_asn1_get_tag( 720| 1.90k| &tmp_ptr, cert_chain + cert_chain_length, &asn1_len, 721| 1.90k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); ------------------ | | 82| 1.90k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); ------------------ | | 72| 1.90k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 722| 1.90k| if (ret != 0) { ------------------ | Branch (722:13): [True: 476, False: 1.42k] ------------------ 723| 476| if (current_cert < cert_chain + cert_chain_length) { ------------------ | Branch (723:17): [True: 0, False: 476] ------------------ 724| 0| verify_flag = false; 725| 0| } 726| 476| break; 727| 476| } 728| | 729| 1.42k| current_cert_len = asn1_len + (tmp_ptr - current_cert); 730| | 731| 1.42k| if (current_cert + current_cert_len > cert_chain + cert_chain_length) { ------------------ | Branch (731:13): [True: 0, False: 1.42k] ------------------ 732| 0| verify_flag = false; 733| 0| break; 734| 0| } 735| | 736| 1.42k| if (libspdm_x509_verify_cert(current_cert, current_cert_len, ------------------ | Branch (736:13): [True: 0, False: 1.42k] ------------------ 737| 1.42k| preceding_cert, 738| 1.42k| preceding_cert_len) == false) { 739| 0| verify_flag = false; 740| 0| break; 741| 1.42k| } else { 742| 1.42k| verify_flag = true; 743| 1.42k| } 744| | 745| | 746| | /* Save preceding certificate*/ 747| | 748| 1.42k| preceding_cert = current_cert; 749| 1.42k| preceding_cert_len = current_cert_len; 750| | 751| | 752| | /* Move current certificate to next;*/ 753| | 754| 1.42k| current_cert = current_cert + current_cert_len; 755| 1.42k| } while (true); 756| | 757| 0| return verify_flag; 758| 476|} libspdm_x509_get_cert_from_cert_chain: 782| 1.54k|{ 783| 1.54k| size_t asn1_len; 784| 1.54k| int32_t current_index; 785| 1.54k| size_t current_cert_len; 786| 1.54k| const unsigned char *current_cert; 787| 1.54k| const unsigned char *tmp_ptr; 788| 1.54k| int ret; 789| | 790| 1.54k| current_cert_len = 0; 791| | 792| | /* Check input parameters.*/ 793| | 794| 1.54k| if ((cert_chain == NULL) || (cert == NULL) || (cert_index < -1) || ------------------ | Branch (794:9): [True: 0, False: 1.54k] | Branch (794:33): [True: 0, False: 1.54k] | Branch (794:51): [True: 0, False: 1.54k] ------------------ 795| 1.54k| (cert_length == NULL)) { ------------------ | Branch (795:9): [True: 0, False: 1.54k] ------------------ 796| 0| return false; 797| 0| } 798| | 799| 1.54k| current_cert = (const unsigned char *)cert_chain; 800| 1.54k| current_index = -1; 801| | 802| | 803| | /* Traverse the certificate chain*/ 804| | 805| 3.33k| while (true) { 806| | 807| | /* Get asn1 tag len*/ 808| | 809| 3.33k| tmp_ptr = current_cert; 810| 3.33k| ret = mbedtls_asn1_get_tag( 811| 3.33k| &tmp_ptr, cert_chain + cert_chain_length, &asn1_len, 812| 3.33k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); ------------------ | | 82| 3.33k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); ------------------ | | 72| 3.33k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 813| 3.33k| if (ret != 0) { ------------------ | Branch (813:13): [True: 595, False: 2.73k] ------------------ 814| 595| break; 815| 595| } 816| | 817| 2.73k| current_cert_len = asn1_len + (tmp_ptr - current_cert); 818| 2.73k| if (current_cert + current_cert_len > cert_chain + cert_chain_length) { ------------------ | Branch (818:13): [True: 0, False: 2.73k] ------------------ 819| 0| return false; 820| 0| } 821| | 822| 2.73k| current_index++; 823| | 824| 2.73k| if (current_index == cert_index) { ------------------ | Branch (824:13): [True: 952, False: 1.78k] ------------------ 825| 952| *cert = current_cert; 826| 952| *cert_length = current_cert_len; 827| 952| return true; 828| 952| } 829| | 830| | 831| | /* Move to next*/ 832| | 833| 1.78k| current_cert = current_cert + current_cert_len; 834| 1.78k| } 835| | 836| | 837| | /* If cert_index is -1, Return the last certificate*/ 838| | 839| 595| if (cert_index == -1 && current_index >= 0) { ------------------ | Branch (839:9): [True: 595, False: 0] | Branch (839:29): [True: 595, False: 0] ------------------ 840| 595| *cert = current_cert - current_cert_len; 841| 595| *cert_length = current_cert_len; 842| 595| return true; 843| 595| } 844| | 845| 0| return false; 846| 595|} libspdm_x509_get_version: 888| 476|{ 889| 476| mbedtls_x509_crt crt; 890| 476| int ret; 891| 476| bool status; 892| | 893| 476| if (cert == NULL) { ------------------ | Branch (893:9): [True: 0, False: 476] ------------------ 894| 0| return false; 895| 0| } 896| | 897| 476| status = false; 898| | 899| 476| mbedtls_x509_crt_init(&crt); 900| | 901| 476| ret = mbedtls_x509_crt_parse_der(&crt, cert, cert_size); 902| | 903| 476| if (ret == 0) { ------------------ | Branch (903:9): [True: 476, False: 0] ------------------ 904| 476| *version = crt.version - 1; 905| 476| status = true; 906| 476| } 907| | 908| 476| mbedtls_x509_crt_free(&crt); 909| | 910| 476| return status; 911| 476|} libspdm_x509_get_serial_number: 939| 476|{ 940| 476| mbedtls_x509_crt crt; 941| 476| int ret; 942| 476| bool status; 943| | 944| 476| if (cert == NULL) { ------------------ | Branch (944:9): [True: 0, False: 476] ------------------ 945| 0| return false; 946| 0| } 947| | 948| 476| status = false; 949| | 950| 476| mbedtls_x509_crt_init(&crt); 951| | 952| 476| ret = mbedtls_x509_crt_parse_der(&crt, cert, cert_size); 953| | 954| 476| if (ret == 0) { ------------------ | Branch (954:9): [True: 476, False: 0] ------------------ 955| 476| if (*serial_number_size <= crt.serial.len) { ------------------ | Branch (955:13): [True: 476, False: 0] ------------------ 956| 476| *serial_number_size = crt.serial.len + 1; 957| 476| status = false; 958| 476| goto cleanup; 959| 476| } 960| 0| if (serial_number != NULL) { ------------------ | Branch (960:13): [True: 0, False: 0] ------------------ 961| 0| libspdm_copy_mem(serial_number, *serial_number_size, crt.serial.p, crt.serial.len); 962| 0| serial_number[crt.serial.len] = '\0'; 963| 0| } 964| 0| *serial_number_size = crt.serial.len + 1; 965| 0| status = true; 966| 0| } 967| 476|cleanup: 968| 476| mbedtls_x509_crt_free(&crt); 969| | 970| 476| return status; 971| 476|} libspdm_x509_get_issuer_name: 995| 476|{ 996| 476| mbedtls_x509_crt crt; 997| 476| int ret; 998| 476| bool status; 999| | 1000| | /* Check input parameters.*/ 1001| 476| if (cert == NULL || cert_size == 0 || issuer_size == NULL) { ------------------ | Branch (1001:9): [True: 0, False: 476] | Branch (1001:25): [True: 0, False: 476] | Branch (1001:43): [True: 0, False: 476] ------------------ 1002| 0| if (issuer_size != NULL) { ------------------ | Branch (1002:13): [True: 0, False: 0] ------------------ 1003| 0| *issuer_size = 0; 1004| 0| } 1005| 0| return false; 1006| 0| } 1007| | 1008| 476| status = false; 1009| | 1010| 476| mbedtls_x509_crt_init(&crt); 1011| | 1012| 476| ret = mbedtls_x509_crt_parse_der(&crt, cert, cert_size); 1013| | 1014| 476| if (ret == 0) { ------------------ | Branch (1014:9): [True: 476, False: 0] ------------------ 1015| 476| if (*issuer_size < crt.issuer_raw.len) { ------------------ | Branch (1015:13): [True: 476, False: 0] ------------------ 1016| 476| *issuer_size = crt.issuer_raw.len; 1017| 476| status = false; 1018| 476| goto cleanup; 1019| 476| } 1020| 0| if (cert_issuer != NULL) { ------------------ | Branch (1020:13): [True: 0, False: 0] ------------------ 1021| 0| libspdm_copy_mem(cert_issuer, *issuer_size, crt.issuer_raw.p, crt.issuer_raw.len); 1022| 0| } 1023| 0| *issuer_size = crt.issuer_raw.len; 1024| 0| status = true; 1025| 0| } else { 1026| 0| *issuer_size = 0; 1027| 0| } 1028| | 1029| 476|cleanup: 1030| 476| mbedtls_x509_crt_free(&crt); 1031| | 1032| 476| return status; 1033| 476|} libspdm_x509_get_extension_data: 1267| 1.42k|{ 1268| 1.42k| mbedtls_x509_crt crt; 1269| 1.42k| int ret; 1270| 1.42k| bool status; 1271| 1.42k| uint8_t *ptr; 1272| 1.42k| uint8_t *end; 1273| 1.42k| size_t obj_len; 1274| | 1275| 1.42k| ptr = NULL; 1276| 1.42k| end = NULL; 1277| 1.42k| obj_len = 0; 1278| | 1279| 1.42k| if (cert == NULL || cert_size == 0 || oid == NULL || oid_size == 0 || ------------------ | Branch (1279:9): [True: 0, False: 1.42k] | Branch (1279:25): [True: 0, False: 1.42k] | Branch (1279:43): [True: 0, False: 1.42k] | Branch (1279:58): [True: 0, False: 1.42k] ------------------ 1280| 1.42k| extension_data_size == NULL) { ------------------ | Branch (1280:9): [True: 0, False: 1.42k] ------------------ 1281| 0| if (extension_data_size != NULL) { ------------------ | Branch (1281:13): [True: 0, False: 0] ------------------ 1282| 0| *extension_data_size = 0; 1283| 0| } 1284| 0| return false; 1285| 0| } 1286| | 1287| 1.42k| status = false; 1288| | 1289| 1.42k| mbedtls_x509_crt_init(&crt); 1290| | 1291| 1.42k| ret = mbedtls_x509_crt_parse_der(&crt, cert, cert_size); 1292| | 1293| 1.42k| if (ret == 0) { ------------------ | Branch (1293:9): [True: 1.42k, False: 0] ------------------ 1294| 1.42k| ptr = crt.v3_ext.p; 1295| 1.42k| end = crt.v3_ext.p + crt.v3_ext.len; 1296| 1.42k| ret = mbedtls_asn1_get_tag(&ptr, end, &obj_len, 1297| 1.42k| MBEDTLS_ASN1_CONSTRUCTED | ------------------ | | 82| 1.42k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ 1298| 1.42k| MBEDTLS_ASN1_SEQUENCE); ------------------ | | 72| 1.42k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 1299| 1.42k| } 1300| | 1301| 1.42k| if (ret == 0) { ------------------ | Branch (1301:9): [True: 1.42k, False: 0] ------------------ 1302| 1.42k| status = libspdm_internal_x509_find_extension_data( 1303| 1.42k| ptr, end, oid, oid_size, &ptr, &obj_len); 1304| 1.42k| if (!status) { ------------------ | Branch (1304:13): [True: 0, False: 1.42k] ------------------ 1305| 0| status = true; 1306| 0| *extension_data_size = 0; 1307| 0| goto cleanup; 1308| 0| } 1309| 1.42k| } 1310| | 1311| 1.42k| if (status) { ------------------ | Branch (1311:9): [True: 1.42k, False: 0] ------------------ 1312| 1.42k| if (*extension_data_size < obj_len) { ------------------ | Branch (1312:13): [True: 0, False: 1.42k] ------------------ 1313| 0| *extension_data_size = obj_len; 1314| 0| status = false; 1315| 0| goto cleanup; 1316| 0| } 1317| 1.42k| if (oid != NULL) { ------------------ | Branch (1317:13): [True: 1.42k, False: 0] ------------------ 1318| 1.42k| libspdm_copy_mem(extension_data, *extension_data_size, ptr, obj_len); 1319| 1.42k| } 1320| 1.42k| *extension_data_size = obj_len; 1321| 1.42k| } else { 1322| 0| *extension_data_size = 0; 1323| 0| } 1324| | 1325| 1.42k|cleanup: 1326| 1.42k| mbedtls_x509_crt_free(&crt); 1327| | 1328| 1.42k| return status; 1329| 1.42k|} libspdm_x509_get_validity: 1355| 476|{ 1356| 476| mbedtls_x509_crt crt; 1357| 476| int ret; 1358| 476| bool status; 1359| 476| size_t t_size; 1360| 476| size_t f_size; 1361| 476| mbedtls_x509_time zero_time; 1362| | 1363| | /* Check input parameters.*/ 1364| 476| if (cert == NULL || from_size == NULL || to_size == NULL || ------------------ | Branch (1364:9): [True: 0, False: 476] | Branch (1364:25): [True: 0, False: 476] | Branch (1364:46): [True: 0, False: 476] ------------------ 1365| 476| cert_size == 0) { ------------------ | Branch (1365:9): [True: 0, False: 476] ------------------ 1366| 0| if (from_size != NULL) { ------------------ | Branch (1366:13): [True: 0, False: 0] ------------------ 1367| 0| *from_size = 0; 1368| 0| } 1369| 0| if (to_size != NULL) { ------------------ | Branch (1369:13): [True: 0, False: 0] ------------------ 1370| 0| *to_size = 0; 1371| 0| } 1372| 0| return false; 1373| 0| } 1374| | 1375| 476| status = false; 1376| | 1377| 476| mbedtls_x509_crt_init(&crt); 1378| 476| libspdm_zero_mem(&zero_time, sizeof(mbedtls_x509_time)); 1379| | 1380| 476| ret = mbedtls_x509_crt_parse_der(&crt, cert, cert_size); 1381| | 1382| 476| if (ret == 0) { ------------------ | Branch (1382:9): [True: 476, False: 0] ------------------ 1383| 476| f_size = sizeof(mbedtls_x509_time); 1384| 476| if ((libspdm_consttime_is_mem_equal(&zero_time, &(crt.valid_from), f_size)) && ------------------ | Branch (1384:13): [True: 0, False: 476] ------------------ 1385| 476| (libspdm_consttime_is_mem_equal(&zero_time, &(crt.valid_to), f_size))) { ------------------ | Branch (1385:13): [True: 0, False: 0] ------------------ 1386| 0| *from_size = 0; 1387| 0| *to_size = 0; 1388| 0| status = true; 1389| 0| goto done; 1390| 0| } 1391| | 1392| 476| if (*from_size < f_size) { ------------------ | Branch (1392:13): [True: 0, False: 476] ------------------ 1393| 0| *from_size = f_size; 1394| 0| goto done; 1395| 0| } 1396| 476| if (from != NULL) { ------------------ | Branch (1396:13): [True: 476, False: 0] ------------------ 1397| 476| libspdm_copy_mem(from, *from_size, &(crt.valid_from), f_size); 1398| 476| } 1399| 476| *from_size = f_size; 1400| | 1401| 476| t_size = sizeof(mbedtls_x509_time); 1402| 476| if (*to_size < t_size) { ------------------ | Branch (1402:13): [True: 0, False: 476] ------------------ 1403| 0| *to_size = t_size; 1404| 0| goto done; 1405| 0| } 1406| 476| if (to != NULL) { ------------------ | Branch (1406:13): [True: 476, False: 0] ------------------ 1407| 476| libspdm_copy_mem(to, *to_size, &(crt.valid_to), 1408| 476| sizeof(mbedtls_x509_time)); 1409| 476| } 1410| 476| *to_size = t_size; 1411| 476| status = true; 1412| 476| } else { 1413| 0| *from_size = 0; 1414| 0| *to_size = 0; 1415| 0| } 1416| | 1417| 476|done: 1418| 476| mbedtls_x509_crt_free(&crt); 1419| | 1420| 476| return status; 1421| 476|} libspdm_x509_get_key_usage: 1436| 476|{ 1437| 476| mbedtls_x509_crt crt; 1438| 476| int ret; 1439| 476| bool status; 1440| | 1441| | /* Check input parameters.*/ 1442| 476| if (cert == NULL || cert_size == 0 || usage == NULL) { ------------------ | Branch (1442:9): [True: 0, False: 476] | Branch (1442:25): [True: 0, False: 476] | Branch (1442:43): [True: 0, False: 476] ------------------ 1443| 0| if (usage != NULL) { ------------------ | Branch (1443:13): [True: 0, False: 0] ------------------ 1444| 0| *usage = 0; 1445| 0| } 1446| 0| return false; 1447| 0| } 1448| | 1449| 476| status = false; 1450| | 1451| 476| mbedtls_x509_crt_init(&crt); 1452| | 1453| 476| ret = mbedtls_x509_crt_parse_der(&crt, cert, cert_size); 1454| | 1455| 476| if (ret == 0) { ------------------ | Branch (1455:9): [True: 476, False: 0] ------------------ 1456| 476| *usage = crt.MBEDTLS_PRIVATE(key_usage); ------------------ | | 15| 476|#define MBEDTLS_PRIVATE(member) private_##member ------------------ 1457| 476| status = true; 1458| 476| } else { 1459| 0| *usage = 0; 1460| 0| } 1461| 476| mbedtls_x509_crt_free(&crt); 1462| | 1463| 476| return status; 1464| 476|} libspdm_x509_get_extended_key_usage: 1483| 476|{ 1484| 476| bool status; 1485| | 1486| 476| if (cert == NULL || cert_size == 0 || usage_size == NULL) { ------------------ | Branch (1486:9): [True: 0, False: 476] | Branch (1486:25): [True: 0, False: 476] | Branch (1486:43): [True: 0, False: 476] ------------------ 1487| 0| return false; 1488| 0| } 1489| | 1490| 476| status = libspdm_x509_get_extension_data(cert, cert_size, 1491| 476| m_libspdm_oid_ext_key_usage, 1492| 476| sizeof(m_libspdm_oid_ext_key_usage), usage, 1493| 476| usage_size); 1494| | 1495| 476| return status; 1496| 476|} libspdm_x509_get_extended_basic_constraints: 1516| 476|{ 1517| 476| bool status; 1518| | 1519| 476| if (cert == NULL || cert_size == 0 || basic_constraints_size == NULL) { ------------------ | Branch (1519:9): [True: 0, False: 476] | Branch (1519:25): [True: 0, False: 476] | Branch (1519:43): [True: 0, False: 476] ------------------ 1520| 0| return false; 1521| 0| } 1522| | 1523| 476| status = libspdm_x509_get_extension_data(cert, cert_size, 1524| 476| m_libspdm_oid_basic_constraints, 1525| 476| sizeof(m_libspdm_oid_basic_constraints), 1526| 476| basic_constraints, 1527| 476| basic_constraints_size); 1528| 476| return status; 1529| 476|} libspdm_x509_set_date_time: 1608| 952|{ 1609| 952| mbedtls_x509_time dt; 1610| | 1611| 952| int32_t year; 1612| 952| int32_t month; 1613| 952| int32_t day; 1614| 952| int32_t hour; 1615| 952| int32_t minute; 1616| 952| int32_t second; 1617| 952| bool status; 1618| 952| const char *p; 1619| | 1620| 952| p = date_time_str; 1621| | 1622| 952| year = libspdm_internal_atoi(p, p + 4); 1623| 952| p += 4; 1624| 952| month = libspdm_internal_atoi(p, p + 2); 1625| 952| p += 2; 1626| 952| day = libspdm_internal_atoi(p, p + 2); 1627| 952| p += 2; 1628| 952| hour = libspdm_internal_atoi(p, p + 2); 1629| 952| p += 2; 1630| 952| minute = libspdm_internal_atoi(p, p + 2); 1631| 952| p += 2; 1632| 952| second = libspdm_internal_atoi(p, p + 2); 1633| 952| p += 2; 1634| 952| dt.year = (int)year; 1635| 952| dt.mon = (int)month; 1636| 952| dt.day = (int)day; 1637| 952| dt.hour = (int)hour; 1638| 952| dt.min = (int)minute; 1639| 952| dt.sec = (int)second; 1640| | 1641| 952| if (*date_time_size < sizeof(mbedtls_x509_time)) { ------------------ | Branch (1641:9): [True: 0, False: 952] ------------------ 1642| 0| *date_time_size = sizeof(mbedtls_x509_time); 1643| 0| status = false; 1644| 0| goto cleanup; 1645| 0| } 1646| 952| if (date_time != NULL) { ------------------ | Branch (1646:9): [True: 952, False: 0] ------------------ 1647| 952| libspdm_copy_mem(date_time, *date_time_size, &dt, sizeof(mbedtls_x509_time)); 1648| 952| } 1649| 952| *date_time_size = sizeof(mbedtls_x509_time); 1650| 952| status = true; 1651| 952|cleanup: 1652| 952| return status; 1653| 952|} libspdm_x509_compare_date_time: 1672| 952|{ 1673| 952| if (date_time1 == NULL || date_time2 == NULL) { ------------------ | Branch (1673:9): [True: 0, False: 952] | Branch (1673:31): [True: 0, False: 952] ------------------ 1674| 0| return -2; 1675| 0| } 1676| 952| if (libspdm_consttime_is_mem_equal(date_time2, date_time1, sizeof(mbedtls_x509_time))) { ------------------ | Branch (1676:9): [True: 0, False: 952] ------------------ 1677| 0| return 0; 1678| 0| } 1679| 952| if (libspdm_internal_x509_check_time((const mbedtls_x509_time *)date_time1, ------------------ | Branch (1679:9): [True: 0, False: 952] ------------------ 1680| 952| (const mbedtls_x509_time *)date_time2) == 0) { 1681| 0| return -1; 1682| 952| } else { 1683| 952| return 1; 1684| 952| } 1685| 952|} x509.c:libspdm_internal_x509_find_extension_data: 1181| 1.42k|{ 1182| 1.42k| uint8_t *ptr; 1183| 1.42k| uint8_t *extension_ptr; 1184| 1.42k| size_t obj_len; 1185| 1.42k| int ret; 1186| 1.42k| bool status; 1187| 1.42k| size_t find_extension_len; 1188| 1.42k| size_t header_len; 1189| | 1190| | /*If no Extension entry match oid*/ 1191| 1.42k| status = false; 1192| 1.42k| ptr = start; 1193| | 1194| 1.42k| ret = 0; 1195| | 1196| 5.71k| while (true) { 1197| | /* 1198| | * Extension ::= SEQUENCE { 1199| | * extnID OBJECT IDENTIFIER, 1200| | * critical bool DEFAULT false, 1201| | * extnValue OCTET STRING } 1202| | */ 1203| 5.71k| extension_ptr = ptr; 1204| 5.71k| ret = mbedtls_asn1_get_tag(&ptr, end, &obj_len, 1205| 5.71k| MBEDTLS_ASN1_CONSTRUCTED | ------------------ | | 82| 5.71k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ 1206| 5.71k| MBEDTLS_ASN1_SEQUENCE); ------------------ | | 72| 5.71k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 1207| 5.71k| if (ret == 0) { ------------------ | Branch (1207:13): [True: 5.71k, False: 0] ------------------ 1208| 5.71k| header_len = (size_t)(ptr - extension_ptr); 1209| 5.71k| find_extension_len = obj_len; 1210| | /* Get Object Identifier*/ 1211| 5.71k| ret = mbedtls_asn1_get_tag(&ptr, end, &obj_len, 1212| 5.71k| MBEDTLS_ASN1_OID); ------------------ | | 69| 5.71k|#define MBEDTLS_ASN1_OID 0x06 ------------------ 1213| 5.71k| } else { 1214| 0| break; 1215| 0| } 1216| | 1217| 5.71k| if (ret == 0 && libspdm_consttime_is_mem_equal(ptr, oid, oid_size)) { ------------------ | Branch (1217:13): [True: 5.71k, False: 0] | Branch (1217:25): [True: 1.42k, False: 4.28k] ------------------ 1218| 1.42k| ptr += obj_len; 1219| | 1220| 1.42k| ret = mbedtls_asn1_get_tag(&ptr, end, &obj_len, 1221| 1.42k| MBEDTLS_ASN1_BOOLEAN); ------------------ | | 64| 1.42k|#define MBEDTLS_ASN1_BOOLEAN 0x01 ------------------ 1222| 1.42k| if (ret == 0) { ------------------ | Branch (1222:17): [True: 952, False: 476] ------------------ 1223| 952| ptr += obj_len; 1224| 952| } 1225| | 1226| 1.42k| ret = mbedtls_asn1_get_tag(&ptr, end, &obj_len, 1227| 1.42k| MBEDTLS_ASN1_OCTET_STRING); ------------------ | | 67| 1.42k|#define MBEDTLS_ASN1_OCTET_STRING 0x04 ------------------ 1228| 4.28k| } else { 1229| 4.28k| ret = 1; 1230| 4.28k| } 1231| | 1232| 5.71k| if (ret == 0) { ------------------ | Branch (1232:13): [True: 1.42k, False: 4.28k] ------------------ 1233| 1.42k| *find_extension_data = ptr; 1234| 1.42k| *find_extension_data_len = obj_len; 1235| 1.42k| status = true; 1236| 1.42k| break; 1237| 1.42k| } 1238| | 1239| | /* move to next*/ 1240| 4.28k| ptr = extension_ptr + header_len + find_extension_len; 1241| 4.28k| ret = 0; 1242| 4.28k| } 1243| | 1244| 1.42k| return status; 1245| 1.42k|} x509.c:libspdm_internal_atoi: 1571| 5.71k|{ 1572| 5.71k| const char *p = p_start; 1573| 5.71k| int32_t k = 0; 1574| 19.0k| while (p < p_end) { ------------------ | Branch (1574:12): [True: 13.3k, False: 5.71k] ------------------ 1575| | 1576| | /* k = k * 2³ + k * 2¹ = k * 8 + k * 2 = k * 10*/ 1577| | 1578| 13.3k| k = (k << 3) + (k << 1) + (*p) - '0'; 1579| 13.3k| p++; 1580| 13.3k| } 1581| 5.71k| return k; 1582| 5.71k|} x509.c:libspdm_internal_x509_check_time: 1536| 952|{ 1537| 952| if (before->year > after->year) { ------------------ | Branch (1537:9): [True: 952, False: 0] ------------------ 1538| 952| return (1); 1539| 952| } 1540| | 1541| 0| if (before->year == after->year && before->mon > after->mon) { ------------------ | Branch (1541:9): [True: 0, False: 0] | Branch (1541:40): [True: 0, False: 0] ------------------ 1542| 0| return (1); 1543| 0| } 1544| | 1545| 0| if (before->year == after->year && before->mon == after->mon && ------------------ | Branch (1545:9): [True: 0, False: 0] | Branch (1545:40): [True: 0, False: 0] ------------------ 1546| 0| before->day > after->day) { ------------------ | Branch (1546:9): [True: 0, False: 0] ------------------ 1547| 0| return (1); 1548| 0| } 1549| | 1550| 0| if (before->year == after->year && before->mon == after->mon && ------------------ | Branch (1550:9): [True: 0, False: 0] | Branch (1550:40): [True: 0, False: 0] ------------------ 1551| 0| before->day == after->day && before->hour > after->hour) { ------------------ | Branch (1551:9): [True: 0, False: 0] | Branch (1551:38): [True: 0, False: 0] ------------------ 1552| 0| return (1); 1553| 0| } 1554| | 1555| 0| if (before->year == after->year && before->mon == after->mon && ------------------ | Branch (1555:9): [True: 0, False: 0] | Branch (1555:40): [True: 0, False: 0] ------------------ 1556| 0| before->day == after->day && before->hour == after->hour && ------------------ | Branch (1556:9): [True: 0, False: 0] | Branch (1556:38): [True: 0, False: 0] ------------------ 1557| 0| before->min > after->min) { ------------------ | Branch (1557:9): [True: 0, False: 0] ------------------ 1558| 0| return (1); 1559| 0| } 1560| | 1561| 0| if (before->year == after->year && before->mon == after->mon && ------------------ | Branch (1561:9): [True: 0, False: 0] | Branch (1561:40): [True: 0, False: 0] ------------------ 1562| 0| before->day == after->day && before->hour == after->hour && ------------------ | Branch (1562:9): [True: 0, False: 0] | Branch (1562:38): [True: 0, False: 0] ------------------ 1563| 0| before->min == after->min && before->sec > after->sec) { ------------------ | Branch (1563:9): [True: 0, False: 0] | Branch (1563:38): [True: 0, False: 0] ------------------ 1564| 0| return (1); 1565| 0| } 1566| | 1567| 0| return (0); 1568| 0|} libspdm_random_bytes: 27| 476|{ 28| 476| bool ret; 29| 476| uint64_t temp_rand; 30| 476| size_t dst_size; 31| | 32| 476| ret = false; 33| 476| dst_size = size; 34| | 35| 9.04k| while (size > 0) { ------------------ | Branch (35:12): [True: 8.56k, False: 476] ------------------ 36| | /* Use rnglib to get random number*/ 37| 8.56k| ret = libspdm_get_random_number_64(&temp_rand); 38| | 39| 8.56k| if (!ret) { ------------------ | Branch (39:13): [True: 0, False: 8.56k] ------------------ 40| 0| return ret; 41| 0| } 42| | 43| 8.56k| if (size >= sizeof(uint64_t)) { ------------------ | Branch (43:13): [True: 8.09k, False: 476] ------------------ 44| 8.09k| libspdm_copy_mem(output, dst_size, &temp_rand, sizeof(uint64_t)); 45| 8.09k| output += sizeof(uint64_t); 46| 8.09k| size -= sizeof(uint64_t); 47| 8.09k| dst_size -= sizeof(uint64_t); 48| 8.09k| } else { 49| 476| libspdm_copy_mem(output, dst_size, &temp_rand, size); 50| 476| size = 0; 51| 476| } 52| 8.56k| } 53| | 54| 476| return ret; 55| 476|} libspdm_myrand: 58| 476|{ 59| 476| bool result = libspdm_random_bytes(output, len); 60| | 61| | 62| | /* The MbedTLS function f_rng, which myrand implements, is not 63| | * documented well. From looking at code: zero is considered success, 64| | * while non-zero return value is considered failure.*/ 65| | 66| 476| return result ? 0 : -1; ------------------ | Branch (66:12): [True: 476, False: 0] ------------------ 67| 476|} mbedtls_platform_zeroize: 29| 1.26M|{ 30| 1.26M| libspdm_zero_mem(buf, len); 31| 1.26M|} my_calloc: 34| 1.20M|{ 35| 1.20M| CRYPTMEM_HEAD *pool_hdr; 36| 1.20M| size_t new_size; 37| 1.20M| void *data; 38| | 39| | 40| | /* Adjust the size by the buffer header overhead*/ 41| | 42| 1.20M| new_size = (size_t)(size * num) + CRYPTMEM_OVERHEAD; ------------------ | | 26| 1.20M|#define CRYPTMEM_OVERHEAD sizeof(CRYPTMEM_HEAD) ------------------ 43| | 44| 1.20M| data = allocate_zero_pool(new_size); 45| 1.20M| if (data != NULL) { ------------------ | Branch (45:9): [True: 1.20M, False: 0] ------------------ 46| 1.20M| pool_hdr = (CRYPTMEM_HEAD *)data; 47| | 48| | /* Record the memory brief information*/ 49| | 50| 1.20M| pool_hdr->version = CRYPTMEM_HEAD_VERSION; ------------------ | | 19| 1.20M|#define CRYPTMEM_HEAD_VERSION 0x1 ------------------ 51| 1.20M| pool_hdr->size = size; 52| | 53| 1.20M| return (void *)(pool_hdr + 1); 54| 1.20M| } else { 55| | 56| | /* The buffer allocation failed.*/ 57| | 58| 0| return NULL; 59| 0| } 60| 1.20M|} my_free: 64| 1.21M|{ 65| 1.21M| CRYPTMEM_HEAD *pool_hdr; 66| | 67| | 68| | /* In Standard C, free() handles a null pointer argument transparently. This 69| | * is not true of free_pool() below, so protect it.*/ 70| | 71| 1.21M| if (ptr != NULL) { ------------------ | Branch (71:9): [True: 1.20M, False: 8.56k] ------------------ 72| 1.20M| pool_hdr = (CRYPTMEM_HEAD *)ptr - 1; 73| 1.20M| LIBSPDM_ASSERT(pool_hdr->version == CRYPTMEM_HEAD_VERSION); 74| 1.20M| free_pool(pool_hdr); 75| 1.20M| } 76| 1.21M|} allocate_pool: 15| 119|{ 16| 119| return malloc(AllocationSize); 17| 119|} allocate_zero_pool: 20| 1.21M|{ 21| 1.21M| void *buffer; 22| 1.21M| buffer = malloc(AllocationSize); 23| 1.21M| if (buffer == NULL) { ------------------ | Branch (23:9): [True: 0, False: 1.21M] ------------------ 24| 0| return NULL; 25| 0| } 26| 1.21M| memset(buffer, 0, AllocationSize); 27| 1.21M| return buffer; 28| 1.21M|} free_pool: 31| 1.21M|{ 32| 1.21M| free(buffer); 33| 1.21M|} ecp.c:mbedtls_ecp_group_a_is_minus_3: 1023| 227k|{ 1024| 227k| return grp->A.MBEDTLS_PRIVATE(p) == NULL; ------------------ | | 17| 227k|#define MBEDTLS_PRIVATE(member) member ------------------ 1025| 227k|} rsa.c:mbedtls_md_get_size_from_type: 247| 365|{ 248| 365| return mbedtls_md_get_size(mbedtls_md_info_from_type(md_type)); 249| 365|} x509.c:mbedtls_pk_rsa: 1038| 238|{ 1039| 238| switch (mbedtls_pk_get_type(&pk)) { 1040| 238| case MBEDTLS_PK_RSA: ------------------ | Branch (1040:9): [True: 238, False: 0] ------------------ 1041| 238| return (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx); ------------------ | | 15| 238|#define MBEDTLS_PRIVATE(member) private_##member ------------------ 1042| 0| default: ------------------ | Branch (1042:9): [True: 0, False: 238] ------------------ 1043| 0| return NULL; 1044| 238| } 1045| 238|} x509.c:mbedtls_pk_ec: 1061| 357|{ 1062| 357| switch (mbedtls_pk_get_type(&pk)) { 1063| 357| case MBEDTLS_PK_ECKEY: ------------------ | Branch (1063:9): [True: 357, False: 0] ------------------ 1064| 357| case MBEDTLS_PK_ECKEY_DH: ------------------ | Branch (1064:9): [True: 0, False: 357] ------------------ 1065| 357| case MBEDTLS_PK_ECDSA: ------------------ | Branch (1065:9): [True: 0, False: 357] ------------------ 1066| 357| return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx); ------------------ | | 15| 357|#define MBEDTLS_PRIVATE(member) private_##member ------------------ 1067| 0| default: ------------------ | Branch (1067:9): [True: 0, False: 357] ------------------ 1068| 0| return NULL; 1069| 357| } 1070| 357|} pkparse.c:mbedtls_pk_rsa: 1038| 2.14k|{ 1039| 2.14k| switch (mbedtls_pk_get_type(&pk)) { 1040| 2.14k| case MBEDTLS_PK_RSA: ------------------ | Branch (1040:9): [True: 2.14k, False: 0] ------------------ 1041| 2.14k| return (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx); ------------------ | | 17| 2.14k|#define MBEDTLS_PRIVATE(member) member ------------------ 1042| 0| default: ------------------ | Branch (1042:9): [True: 0, False: 2.14k] ------------------ 1043| 0| return NULL; 1044| 2.14k| } 1045| 2.14k|} pem.c:mbedtls_pk_rsa: 1038| 119|{ 1039| 119| switch (mbedtls_pk_get_type(&pk)) { 1040| 119| case MBEDTLS_PK_RSA: ------------------ | Branch (1040:9): [True: 119, False: 0] ------------------ 1041| 119| return (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx); ------------------ | | 15| 119|#define MBEDTLS_PRIVATE(member) private_##member ------------------ 1042| 0| default: ------------------ | Branch (1042:9): [True: 0, False: 119] ------------------ 1043| 0| return NULL; 1044| 119| } 1045| 119|} constant_time.c:mbedtls_get_unaligned_uint64: 220| 16.3M|{ 221| 16.3M| uint64_t r; 222| |#if defined(UINT_UNALIGNED) 223| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 224| | r = *p64; 225| |#elif defined(UINT_UNALIGNED_STRUCT) 226| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 227| | r = p64->x; 228| |#else 229| 16.3M| memcpy(&r, p, sizeof(r)); 230| 16.3M|#endif 231| 16.3M| return r; 232| 16.3M|} constant_time.c:mbedtls_put_unaligned_uint64: 247| 8.19M|{ 248| |#if defined(UINT_UNALIGNED) 249| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 250| | *p64 = x; 251| |#elif defined(UINT_UNALIGNED_STRUCT) 252| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 253| | p64->x = x; 254| |#else 255| 8.19M| memcpy(p, &x, sizeof(x)); 256| 8.19M|#endif 257| 8.19M|} md.c:mbedtls_get_unaligned_uint64: 220| 4.51k|{ 221| 4.51k| uint64_t r; 222| |#if defined(UINT_UNALIGNED) 223| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 224| | r = *p64; 225| |#elif defined(UINT_UNALIGNED_STRUCT) 226| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 227| | r = p64->x; 228| |#else 229| 4.51k| memcpy(&r, p, sizeof(r)); 230| 4.51k|#endif 231| 4.51k| return r; 232| 4.51k|} md.c:mbedtls_put_unaligned_uint64: 247| 2.25k|{ 248| |#if defined(UINT_UNALIGNED) 249| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 250| | *p64 = x; 251| |#elif defined(UINT_UNALIGNED_STRUCT) 252| | mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; 253| | p64->x = x; 254| |#else 255| 2.25k| memcpy(p, &x, sizeof(x)); 256| 2.25k|#endif 257| 2.25k|} sha256.c:mbedtls_get_unaligned_uint32: 168| 536k|{ 169| 536k| uint32_t r; 170| |#if defined(UINT_UNALIGNED) 171| | mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p; 172| | r = *p32; 173| |#elif defined(UINT_UNALIGNED_STRUCT) 174| | mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p; 175| | r = p32->x; 176| |#else 177| 536k| memcpy(&r, p, sizeof(r)); 178| 536k|#endif 179| 536k| return r; 180| 536k|} sha256.c:mbedtls_put_unaligned_uint32: 195| 28.7k|{ 196| |#if defined(UINT_UNALIGNED) 197| | mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p; 198| | *p32 = x; 199| |#elif defined(UINT_UNALIGNED_STRUCT) 200| | mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p; 201| | p32->x = x; 202| |#else 203| 28.7k| memcpy(p, &x, sizeof(x)); 204| 28.7k|#endif 205| 28.7k|} mbedtls_asn1_get_len: 31| 475k|{ 32| 475k| if ((end - *p) < 1) { ------------------ | Branch (32:9): [True: 0, False: 475k] ------------------ 33| 0| return MBEDTLS_ERR_ASN1_OUT_OF_DATA; ------------------ | | 37| 0|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ 34| 0| } 35| | 36| 475k| if ((**p & 0x80) == 0) { ------------------ | Branch (36:9): [True: 431k, False: 44.3k] ------------------ 37| 431k| *len = *(*p)++; 38| 431k| } else { 39| 44.3k| int n = (**p) & 0x7F; 40| 44.3k| if (n == 0 || n > 4) { ------------------ | Branch (40:13): [True: 0, False: 44.3k] | Branch (40:23): [True: 0, False: 44.3k] ------------------ 41| 0| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 0|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 42| 0| } 43| 44.3k| if ((end - *p) <= n) { ------------------ | Branch (43:13): [True: 0, False: 44.3k] ------------------ 44| 0| return MBEDTLS_ERR_ASN1_OUT_OF_DATA; ------------------ | | 37| 0|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ 45| 0| } 46| 44.3k| *len = 0; 47| 44.3k| (*p)++; 48| 120k| while (n--) { ------------------ | Branch (48:16): [True: 76.0k, False: 44.3k] ------------------ 49| 76.0k| *len = (*len << 8) | **p; 50| 76.0k| (*p)++; 51| 76.0k| } 52| 44.3k| } 53| | 54| 475k| if (*len > (size_t) (end - *p)) { ------------------ | Branch (54:9): [True: 0, False: 475k] ------------------ 55| 0| return MBEDTLS_ERR_ASN1_OUT_OF_DATA; ------------------ | | 37| 0|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ 56| 0| } 57| | 58| 475k| return 0; 59| 475k|} mbedtls_asn1_get_tag: 64| 446k|{ 65| 446k| if ((end - *p) < 1) { ------------------ | Branch (65:9): [True: 1.07k, False: 444k] ------------------ 66| 1.07k| return MBEDTLS_ERR_ASN1_OUT_OF_DATA; ------------------ | | 37| 1.07k|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ 67| 1.07k| } 68| | 69| 444k| if (**p != tag) { ------------------ | Branch (69:9): [True: 43.0k, False: 401k] ------------------ 70| 43.0k| return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG; ------------------ | | 39| 43.0k|#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 ------------------ 71| 43.0k| } 72| | 73| 401k| (*p)++; 74| | 75| 401k| return mbedtls_asn1_get_len(p, end, len); 76| 444k|} mbedtls_asn1_get_bool: 83| 42.6k|{ 84| 42.6k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 42.6k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 85| 42.6k| size_t len; 86| | 87| 42.6k| if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_BOOLEAN)) != 0) { ------------------ | | 64| 42.6k|#define MBEDTLS_ASN1_BOOLEAN 0x01 ------------------ | Branch (87:9): [True: 27.1k, False: 15.4k] ------------------ 88| 27.1k| return ret; 89| 27.1k| } 90| | 91| 15.4k| if (len != 1) { ------------------ | Branch (91:9): [True: 0, False: 15.4k] ------------------ 92| 0| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 0|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 93| 0| } 94| | 95| 15.4k| *val = (**p != 0) ? 1 : 0; ------------------ | Branch (95:12): [True: 15.4k, False: 0] ------------------ 96| 15.4k| (*p)++; 97| | 98| 15.4k| return 0; 99| 15.4k|} mbedtls_asn1_get_int: 151| 7.97k|{ 152| 7.97k| return asn1_get_tagged_int(p, end, MBEDTLS_ASN1_INTEGER, val); ------------------ | | 65| 7.97k|#define MBEDTLS_ASN1_INTEGER 0x02 ------------------ 153| 7.97k|} mbedtls_asn1_get_mpi: 166| 2.38k|{ 167| 2.38k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2.38k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 168| 2.38k| size_t len; 169| | 170| 2.38k| if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { ------------------ | | 65| 2.38k|#define MBEDTLS_ASN1_INTEGER 0x02 ------------------ | Branch (170:9): [True: 0, False: 2.38k] ------------------ 171| 0| return ret; 172| 0| } 173| | 174| 2.38k| ret = mbedtls_mpi_read_binary(X, *p, len); 175| | 176| 2.38k| *p += len; 177| | 178| 2.38k| return ret; 179| 2.38k|} mbedtls_asn1_get_bitstring: 184| 6.30k|{ 185| 6.30k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 6.30k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 186| | 187| | /* Certificate type is a single byte bitstring */ 188| 6.30k| if ((ret = mbedtls_asn1_get_tag(p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING)) != 0) { ------------------ | | 66| 6.30k|#define MBEDTLS_ASN1_BIT_STRING 0x03 ------------------ | Branch (188:9): [True: 0, False: 6.30k] ------------------ 189| 0| return ret; 190| 0| } 191| | 192| | /* Check length, subtract one for actual bit string length */ 193| 6.30k| if (bs->len < 1) { ------------------ | Branch (193:9): [True: 0, False: 6.30k] ------------------ 194| 0| return MBEDTLS_ERR_ASN1_OUT_OF_DATA; ------------------ | | 37| 0|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ 195| 0| } 196| 6.30k| bs->len -= 1; 197| | 198| | /* Get number of unused bits, ensure unused bits <= 7 */ 199| 6.30k| bs->unused_bits = **p; 200| 6.30k| if (bs->unused_bits > 7) { ------------------ | Branch (200:9): [True: 0, False: 6.30k] ------------------ 201| 0| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 0|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 202| 0| } 203| 6.30k| (*p)++; 204| | 205| | /* Get actual bitstring */ 206| 6.30k| bs->p = *p; 207| 6.30k| *p += bs->len; 208| | 209| 6.30k| if (*p != end) { ------------------ | Branch (209:9): [True: 0, False: 6.30k] ------------------ 210| 0| return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; ------------------ | | 43| 0|#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 ------------------ 211| 0| } 212| | 213| 6.30k| return 0; 214| 6.30k|} mbedtls_asn1_traverse_sequence_of: 228| 6.30k|{ 229| 6.30k| int ret; 230| 6.30k| size_t len; 231| | 232| | /* Get main sequence tag */ 233| 6.30k| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (233:9): [True: 0, False: 6.30k] ------------------ 234| 6.30k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 6.30k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 6.30k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 235| 0| return ret; 236| 0| } 237| | 238| 6.30k| if (*p + len != end) { ------------------ | Branch (238:9): [True: 0, False: 6.30k] ------------------ 239| 0| return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; ------------------ | | 43| 0|#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 ------------------ 240| 0| } 241| | 242| 24.2k| while (*p < end) { ------------------ | Branch (242:12): [True: 17.9k, False: 6.30k] ------------------ 243| 17.9k| unsigned char const tag = *(*p)++; 244| | 245| 17.9k| if ((tag & tag_must_mask) != tag_must_val) { ------------------ | Branch (245:13): [True: 0, False: 17.9k] ------------------ 246| 0| return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG; ------------------ | | 39| 0|#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 ------------------ 247| 0| } 248| | 249| 17.9k| if ((ret = mbedtls_asn1_get_len(p, end, &len)) != 0) { ------------------ | Branch (249:13): [True: 0, False: 17.9k] ------------------ 250| 0| return ret; 251| 0| } 252| | 253| 17.9k| if ((tag & tag_may_mask) == tag_may_val) { ------------------ | Branch (253:13): [True: 17.9k, False: 0] ------------------ 254| 17.9k| if (cb != NULL) { ------------------ | Branch (254:17): [True: 17.9k, False: 0] ------------------ 255| 17.9k| ret = cb(ctx, tag, *p, len); 256| 17.9k| if (ret != 0) { ------------------ | Branch (256:21): [True: 0, False: 17.9k] ------------------ 257| 0| return ret; 258| 0| } 259| 17.9k| } 260| 17.9k| } 261| | 262| 17.9k| *p += len; 263| 17.9k| } 264| | 265| 6.30k| return 0; 266| 6.30k|} mbedtls_asn1_get_bitstring_null: 273| 15.4k|{ 274| 15.4k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 15.4k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 275| | 276| 15.4k| if ((ret = mbedtls_asn1_get_tag(p, end, len, MBEDTLS_ASN1_BIT_STRING)) != 0) { ------------------ | | 66| 15.4k|#define MBEDTLS_ASN1_BIT_STRING 0x03 ------------------ | Branch (276:9): [True: 0, False: 15.4k] ------------------ 277| 0| return ret; 278| 0| } 279| | 280| 15.4k| if (*len == 0) { ------------------ | Branch (280:9): [True: 0, False: 15.4k] ------------------ 281| 0| return MBEDTLS_ERR_ASN1_INVALID_DATA; ------------------ | | 45| 0|#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068 ------------------ 282| 0| } 283| 15.4k| --(*len); 284| | 285| 15.4k| if (**p != 0) { ------------------ | Branch (285:9): [True: 0, False: 15.4k] ------------------ 286| 0| return MBEDTLS_ERR_ASN1_INVALID_DATA; ------------------ | | 45| 0|#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068 ------------------ 287| 0| } 288| 15.4k| ++(*p); 289| | 290| 15.4k| return 0; 291| 15.4k|} mbedtls_asn1_sequence_free: 294| 30.9k|{ 295| 42.6k| while (seq != NULL) { ------------------ | Branch (295:12): [True: 11.6k, False: 30.9k] ------------------ 296| 11.6k| mbedtls_asn1_sequence *next = seq->next; 297| 11.6k| mbedtls_free(seq); ------------------ | | 143| 11.6k|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 11.6k|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 298| 11.6k| seq = next; 299| 11.6k| } 300| 30.9k|} mbedtls_asn1_get_sequence_of: 343| 6.30k|{ 344| 6.30k| asn1_get_sequence_of_cb_ctx_t cb_ctx = { tag, cur }; 345| 6.30k| memset(cur, 0, sizeof(mbedtls_asn1_sequence)); 346| 6.30k| return mbedtls_asn1_traverse_sequence_of( 347| 6.30k| p, end, 0xFF, tag, 0, 0, 348| 6.30k| asn1_get_sequence_of_cb, &cb_ctx); 349| 6.30k|} mbedtls_asn1_get_alg: 354| 23.3k|{ 355| 23.3k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 23.3k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 356| 23.3k| size_t len; 357| | 358| 23.3k| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (358:9): [True: 0, False: 23.3k] ------------------ 359| 23.3k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 23.3k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 23.3k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 360| 0| return ret; 361| 0| } 362| | 363| 23.3k| if ((end - *p) < 1) { ------------------ | Branch (363:9): [True: 0, False: 23.3k] ------------------ 364| 0| return MBEDTLS_ERR_ASN1_OUT_OF_DATA; ------------------ | | 37| 0|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ 365| 0| } 366| | 367| 23.3k| alg->tag = **p; 368| 23.3k| end = *p + len; 369| | 370| 23.3k| if ((ret = mbedtls_asn1_get_tag(p, end, &alg->len, MBEDTLS_ASN1_OID)) != 0) { ------------------ | | 69| 23.3k|#define MBEDTLS_ASN1_OID 0x06 ------------------ | Branch (370:9): [True: 0, False: 23.3k] ------------------ 371| 0| return ret; 372| 0| } 373| | 374| 23.3k| alg->p = *p; 375| 23.3k| *p += alg->len; 376| | 377| 23.3k| if (*p == end) { ------------------ | Branch (377:9): [True: 11.4k, False: 11.9k] ------------------ 378| 11.4k| mbedtls_platform_zeroize(params, sizeof(mbedtls_asn1_buf)); 379| 11.4k| return 0; 380| 11.4k| } 381| | 382| 11.9k| params->tag = **p; 383| 11.9k| (*p)++; 384| | 385| 11.9k| if ((ret = mbedtls_asn1_get_len(p, end, ¶ms->len)) != 0) { ------------------ | Branch (385:9): [True: 0, False: 11.9k] ------------------ 386| 0| return ret; 387| 0| } 388| | 389| 11.9k| params->p = *p; 390| 11.9k| *p += params->len; 391| | 392| 11.9k| if (*p != end) { ------------------ | Branch (392:9): [True: 0, False: 11.9k] ------------------ 393| 0| return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; ------------------ | | 43| 0|#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 ------------------ 394| 0| } 395| | 396| 11.9k| return 0; 397| 11.9k|} mbedtls_asn1_free_named_data_list_shallow: 446| 15.4k|{ 447| 15.4k| for (mbedtls_asn1_named_data *next; name != NULL; name = next) { ------------------ | Branch (447:41): [True: 0, False: 15.4k] ------------------ 448| 0| next = name->next; 449| 0| mbedtls_free(name); ------------------ | | 143| 0|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 0|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 450| 0| } 451| 15.4k|} asn1parse.c:asn1_get_tagged_int: 104| 7.97k|{ 105| 7.97k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.97k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 106| 7.97k| size_t len; 107| | 108| 7.97k| if ((ret = mbedtls_asn1_get_tag(p, end, &len, tag)) != 0) { ------------------ | Branch (108:9): [True: 0, False: 7.97k] ------------------ 109| 0| return ret; 110| 0| } 111| | 112| | /* 113| | * len==0 is malformed (0 must be represented as 020100 for INTEGER, 114| | * or 0A0100 for ENUMERATED tags 115| | */ 116| 7.97k| if (len == 0) { ------------------ | Branch (116:9): [True: 0, False: 7.97k] ------------------ 117| 0| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 0|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 118| 0| } 119| | /* This is a cryptography library. Reject negative integers. */ 120| 7.97k| if ((**p & 0x80) != 0) { ------------------ | Branch (120:9): [True: 0, False: 7.97k] ------------------ 121| 0| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 0|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 122| 0| } 123| | 124| | /* Skip leading zeros. */ 125| 8.21k| while (len > 0 && **p == 0) { ------------------ | Branch (125:12): [True: 7.97k, False: 238] | Branch (125:23): [True: 238, False: 7.73k] ------------------ 126| 238| ++(*p); 127| 238| --len; 128| 238| } 129| | 130| | /* Reject integers that don't fit in an int. This code assumes that 131| | * the int type has no padding bit. */ 132| 7.97k| if (len > sizeof(int)) { ------------------ | Branch (132:9): [True: 0, False: 7.97k] ------------------ 133| 0| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 0|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 134| 0| } 135| 7.97k| if (len == sizeof(int) && (**p & 0x80) != 0) { ------------------ | Branch (135:9): [True: 0, False: 7.97k] | Branch (135:31): [True: 0, False: 0] ------------------ 136| 0| return MBEDTLS_ERR_ASN1_INVALID_LENGTH; ------------------ | | 41| 0|#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064 ------------------ 137| 0| } 138| | 139| 7.97k| *val = 0; 140| 15.7k| while (len-- > 0) { ------------------ | Branch (140:12): [True: 7.73k, False: 7.97k] ------------------ 141| 7.73k| *val = (*val << 8) | **p; 142| 7.73k| (*p)++; 143| 7.73k| } 144| | 145| 7.97k| return 0; 146| 7.97k|} asn1parse.c:asn1_get_sequence_of_cb: 311| 17.9k|{ 312| 17.9k| asn1_get_sequence_of_cb_ctx_t *cb_ctx = 313| 17.9k| (asn1_get_sequence_of_cb_ctx_t *) ctx; 314| 17.9k| mbedtls_asn1_sequence *cur = 315| 17.9k| cb_ctx->cur; 316| | 317| 17.9k| if (cur->buf.p != NULL) { ------------------ | Branch (317:9): [True: 11.6k, False: 6.30k] ------------------ 318| 11.6k| cur->next = 319| 11.6k| mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); ------------------ | | 144| 11.6k|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 11.6k|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ 320| | 321| 11.6k| if (cur->next == NULL) { ------------------ | Branch (321:13): [True: 0, False: 11.6k] ------------------ 322| 0| return MBEDTLS_ERR_ASN1_ALLOC_FAILED; ------------------ | | 47| 0|#define MBEDTLS_ERR_ASN1_ALLOC_FAILED -0x006A ------------------ 323| 0| } 324| | 325| 11.6k| cur = cur->next; 326| 11.6k| } 327| | 328| 17.9k| cur->buf.p = start; 329| 17.9k| cur->buf.len = len; 330| 17.9k| cur->buf.tag = tag; 331| | 332| 17.9k| cb_ctx->cur = cur; 333| 17.9k| return 0; 334| 17.9k|} mbedtls_base64_decode: 130| 238|{ 131| 238| size_t i; /* index in source */ 132| 238| size_t n; /* number of digits or trailing = in source */ 133| 238| uint32_t x; /* value accumulator */ 134| 238| unsigned accumulated_digits = 0; 135| 238| unsigned equals = 0; 136| 238| int spaces_present = 0; 137| 238| unsigned char *p; 138| | 139| | /* First pass: check for validity and get output length */ 140| 399k| for (i = n = 0; i < slen; i++) { ------------------ | Branch (140:21): [True: 398k, False: 238] ------------------ 141| | /* Skip spaces before checking for EOL */ 142| 398k| spaces_present = 0; 143| 398k| while (i < slen && src[i] == ' ') { ------------------ | Branch (143:16): [True: 398k, False: 0] | Branch (143:28): [True: 0, False: 398k] ------------------ 144| 0| ++i; 145| 0| spaces_present = 1; 146| 0| } 147| | 148| | /* Spaces at end of buffer are OK */ 149| 398k| if (i == slen) { ------------------ | Branch (149:13): [True: 0, False: 398k] ------------------ 150| 0| break; 151| 0| } 152| | 153| 398k| if ((slen - i) >= 2 && ------------------ | Branch (153:13): [True: 398k, False: 238] ------------------ 154| 398k| src[i] == '\r' && src[i + 1] == '\n') { ------------------ | Branch (154:13): [True: 6.18k, False: 392k] | Branch (154:31): [True: 6.18k, False: 0] ------------------ 155| 6.18k| continue; 156| 6.18k| } 157| | 158| 392k| if (src[i] == '\n') { ------------------ | Branch (158:13): [True: 6.18k, False: 386k] ------------------ 159| 6.18k| continue; 160| 6.18k| } 161| | 162| | /* Space inside a line is an error */ 163| 386k| if (spaces_present) { ------------------ | Branch (163:13): [True: 0, False: 386k] ------------------ 164| 0| return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; ------------------ | | 20| 0|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ 165| 0| } 166| | 167| 386k| if (src[i] > 127) { ------------------ | Branch (167:13): [True: 0, False: 386k] ------------------ 168| 0| return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; ------------------ | | 20| 0|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ 169| 0| } 170| | 171| 386k| if (src[i] == '=') { ------------------ | Branch (171:13): [True: 0, False: 386k] ------------------ 172| 0| if (++equals > 2) { ------------------ | Branch (172:17): [True: 0, False: 0] ------------------ 173| 0| return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; ------------------ | | 20| 0|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ 174| 0| } 175| 386k| } else { 176| 386k| if (equals != 0) { ------------------ | Branch (176:17): [True: 0, False: 386k] ------------------ 177| 0| return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; ------------------ | | 20| 0|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ 178| 0| } 179| 386k| if (mbedtls_ct_base64_dec_value(src[i]) < 0) { ------------------ | Branch (179:17): [True: 0, False: 386k] ------------------ 180| 0| return MBEDTLS_ERR_BASE64_INVALID_CHARACTER; ------------------ | | 20| 0|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ 181| 0| } 182| 386k| } 183| 386k| n++; 184| 386k| } 185| | 186| 238| if (n == 0) { ------------------ | Branch (186:9): [True: 0, False: 238] ------------------ 187| 0| *olen = 0; 188| 0| return 0; 189| 0| } 190| | 191| | /* The following expression is to calculate the following formula without 192| | * risk of integer overflow in n: 193| | * n = ( ( n * 6 ) + 7 ) >> 3; 194| | */ 195| 238| n = (6 * (n >> 3)) + ((6 * (n & 0x7) + 7) >> 3); 196| 238| n -= equals; 197| | 198| 238| if (dst == NULL || dlen < n) { ------------------ | Branch (198:9): [True: 119, False: 119] | Branch (198:24): [True: 0, False: 119] ------------------ 199| 119| *olen = n; 200| 119| return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL; ------------------ | | 18| 119|#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A ------------------ 201| 119| } 202| | 203| 119| equals = 0; 204| 199k| for (x = 0, p = dst; i > 0; i--, src++) { ------------------ | Branch (204:26): [True: 199k, False: 119] ------------------ 205| 199k| if (*src == '\r' || *src == '\n' || *src == ' ') { ------------------ | Branch (205:13): [True: 3.09k, False: 196k] | Branch (205:29): [True: 3.09k, False: 193k] | Branch (205:45): [True: 0, False: 193k] ------------------ 206| 6.18k| continue; 207| 6.18k| } 208| | 209| 193k| x = x << 6; 210| 193k| if (*src == '=') { ------------------ | Branch (210:13): [True: 0, False: 193k] ------------------ 211| 0| ++equals; 212| 193k| } else { 213| 193k| x |= mbedtls_ct_base64_dec_value(*src); 214| 193k| } 215| | 216| 193k| if (++accumulated_digits == 4) { ------------------ | Branch (216:13): [True: 48.3k, False: 144k] ------------------ 217| 48.3k| accumulated_digits = 0; 218| 48.3k| *p++ = MBEDTLS_BYTE_2(x); ------------------ | | 270| 48.3k|#define MBEDTLS_BYTE_2(x) ((uint8_t) (((x) >> 16) & 0xff)) ------------------ 219| 48.3k| if (equals <= 1) { ------------------ | Branch (219:17): [True: 48.3k, False: 0] ------------------ 220| 48.3k| *p++ = MBEDTLS_BYTE_1(x); ------------------ | | 269| 48.3k|#define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >> 8) & 0xff)) ------------------ 221| 48.3k| } 222| 48.3k| if (equals <= 0) { ------------------ | Branch (222:17): [True: 48.3k, False: 0] ------------------ 223| 48.3k| *p++ = MBEDTLS_BYTE_0(x); ------------------ | | 268| 48.3k|#define MBEDTLS_BYTE_0(x) ((uint8_t) ((x) & 0xff)) ------------------ 224| 48.3k| } 225| 48.3k| } 226| 193k| } 227| | 228| 119| *olen = (size_t) (p - dst); 229| | 230| 119| return 0; 231| 238|} base64.c:mbedtls_ct_base64_dec_value: 42| 579k|{ 43| 579k| unsigned char val = 0; 44| | /* For each range of digits, if c is in that range, mask val with 45| | * the corresponding value. Since c can only be in a single range, 46| | * only at most one masking will change val. Set val to one plus 47| | * the desired value so that it stays 0 if c is in none of the ranges. */ 48| 579k| val |= mbedtls_ct_uchar_in_range_if('A', 'Z', c, c - 'A' + 0 + 1); 49| 579k| val |= mbedtls_ct_uchar_in_range_if('a', 'z', c, c - 'a' + 26 + 1); 50| 579k| val |= mbedtls_ct_uchar_in_range_if('0', '9', c, c - '0' + 52 + 1); 51| 579k| val |= mbedtls_ct_uchar_in_range_if('+', '+', c, c - '+' + 62 + 1); 52| 579k| val |= mbedtls_ct_uchar_in_range_if('/', '/', c, c - '/' + 63 + 1); 53| | /* At this point, val is 0 if c is an invalid digit and v+1 if c is 54| | * a digit with the value v. */ 55| 579k| return val - 1; 56| 579k|} mbedtls_mpi_safe_cond_assign: 121| 2.04M|{ 122| 2.04M| int ret = 0; 123| | 124| 2.04M| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); ------------------ | | 41| 2.04M| do \ | | 42| 2.04M| { \ | | 43| 2.04M| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.04M] | | ------------------ | | 44| 2.04M| goto cleanup; \ | | 45| 2.04M| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 125| | 126| 2.04M| { 127| 2.04M| mbedtls_ct_condition_t do_assign = mbedtls_ct_bool(assign); 128| | 129| 2.04M| X->s = mbedtls_ct_mpi_sign_if(do_assign, Y->s, X->s); 130| | 131| 2.04M| mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, do_assign); 132| | 133| 2.04M| mbedtls_ct_condition_t do_not_assign = mbedtls_ct_bool_not(do_assign); 134| 2.04M| for (size_t i = Y->n; i < X->n; i++) { ------------------ | Branch (134:31): [True: 7.14k, False: 2.04M] ------------------ 135| 7.14k| X->p[i] = mbedtls_ct_mpi_uint_if_else_0(do_not_assign, X->p[i]); 136| 7.14k| } 137| 2.04M| } 138| | 139| 2.04M|cleanup: 140| 2.04M| return ret; 141| 2.04M|} mbedtls_mpi_init: 182| 5.97M|{ 183| 5.97M| X->s = 1; 184| 5.97M| X->n = 0; 185| 5.97M| X->p = NULL; 186| 5.97M|} mbedtls_mpi_free: 192| 5.96M|{ 193| 5.96M| if (X == NULL) { ------------------ | Branch (193:9): [True: 0, False: 5.96M] ------------------ 194| 0| return; 195| 0| } 196| | 197| 5.96M| if (X->p != NULL) { ------------------ | Branch (197:9): [True: 1.04M, False: 4.92M] ------------------ 198| 1.04M| mbedtls_mpi_zeroize_and_free(X->p, X->n); ------------------ | | 176| 1.04M|#define mbedtls_mpi_zeroize_and_free(v, n) mbedtls_zeroize_and_free(v, ciL * (n)) | | ------------------ | | | | 79| 1.04M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 199| 1.04M| } 200| | 201| 5.96M| X->s = 1; 202| 5.96M| X->n = 0; 203| 5.96M| X->p = NULL; 204| 5.96M|} mbedtls_mpi_grow: 210| 23.8M|{ 211| 23.8M| mbedtls_mpi_uint *p; 212| | 213| 23.8M| if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) { ------------------ | | 50| 23.8M|#define MBEDTLS_MPI_MAX_LIMBS 10000 ------------------ | Branch (213:9): [True: 0, False: 23.8M] ------------------ 214| 0| return MBEDTLS_ERR_MPI_ALLOC_FAILED; ------------------ | | 38| 0|#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 ------------------ 215| 0| } 216| | 217| 23.8M| if (X->n < nblimbs) { ------------------ | Branch (217:9): [True: 1.16M, False: 22.6M] ------------------ 218| 1.16M| if ((p = (mbedtls_mpi_uint *) mbedtls_calloc(nblimbs, ciL)) == NULL) { ------------------ | | 144| 1.16M|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 1.16M|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ if ((p = (mbedtls_mpi_uint *) mbedtls_calloc(nblimbs, ciL)) == NULL) { ------------------ | | 79| 1.16M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ | Branch (218:13): [True: 0, False: 1.16M] ------------------ 219| 0| return MBEDTLS_ERR_MPI_ALLOC_FAILED; ------------------ | | 38| 0|#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 ------------------ 220| 0| } 221| | 222| 1.16M| if (X->p != NULL) { ------------------ | Branch (222:13): [True: 120k, False: 1.04M] ------------------ 223| 120k| memcpy(p, X->p, X->n * ciL); ------------------ | | 79| 120k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 224| 120k| mbedtls_mpi_zeroize_and_free(X->p, X->n); ------------------ | | 176| 120k|#define mbedtls_mpi_zeroize_and_free(v, n) mbedtls_zeroize_and_free(v, ciL * (n)) | | ------------------ | | | | 79| 120k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 225| 120k| } 226| | 227| | /* nblimbs fits in n because we ensure that MBEDTLS_MPI_MAX_LIMBS 228| | * fits, and we've checked that nblimbs <= MBEDTLS_MPI_MAX_LIMBS. */ 229| 1.16M| X->n = (unsigned short) nblimbs; 230| 1.16M| X->p = p; 231| 1.16M| } 232| | 233| 23.8M| return 0; 234| 23.8M|} mbedtls_mpi_shrink: 241| 15.0k|{ 242| 15.0k| mbedtls_mpi_uint *p; 243| 15.0k| size_t i; 244| | 245| 15.0k| if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) { ------------------ | | 50| 15.0k|#define MBEDTLS_MPI_MAX_LIMBS 10000 ------------------ | Branch (245:9): [True: 0, False: 15.0k] ------------------ 246| 0| return MBEDTLS_ERR_MPI_ALLOC_FAILED; ------------------ | | 38| 0|#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 ------------------ 247| 0| } 248| | 249| | /* Actually resize up if there are currently fewer than nblimbs limbs. */ 250| 15.0k| if (X->n <= nblimbs) { ------------------ | Branch (250:9): [True: 0, False: 15.0k] ------------------ 251| 0| return mbedtls_mpi_grow(X, nblimbs); 252| 0| } 253| | /* After this point, then X->n > nblimbs and in particular X->n > 0. */ 254| | 255| 112k| for (i = X->n - 1; i > 0; i--) { ------------------ | Branch (255:24): [True: 112k, False: 0] ------------------ 256| 112k| if (X->p[i] != 0) { ------------------ | Branch (256:13): [True: 15.0k, False: 97.6k] ------------------ 257| 15.0k| break; 258| 15.0k| } 259| 112k| } 260| 15.0k| i++; 261| | 262| 15.0k| if (i < nblimbs) { ------------------ | Branch (262:9): [True: 238, False: 14.7k] ------------------ 263| 238| i = nblimbs; 264| 238| } 265| | 266| 15.0k| if ((p = (mbedtls_mpi_uint *) mbedtls_calloc(i, ciL)) == NULL) { ------------------ | | 144| 15.0k|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 15.0k|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ if ((p = (mbedtls_mpi_uint *) mbedtls_calloc(i, ciL)) == NULL) { ------------------ | | 79| 15.0k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ | Branch (266:9): [True: 0, False: 15.0k] ------------------ 267| 0| return MBEDTLS_ERR_MPI_ALLOC_FAILED; ------------------ | | 38| 0|#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 ------------------ 268| 0| } 269| | 270| 15.0k| if (X->p != NULL) { ------------------ | Branch (270:9): [True: 15.0k, False: 0] ------------------ 271| 15.0k| memcpy(p, X->p, i * ciL); ------------------ | | 79| 15.0k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 272| 15.0k| mbedtls_mpi_zeroize_and_free(X->p, X->n); ------------------ | | 176| 15.0k|#define mbedtls_mpi_zeroize_and_free(v, n) mbedtls_zeroize_and_free(v, ciL * (n)) | | ------------------ | | | | 79| 15.0k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 273| 15.0k| } 274| | 275| | /* i fits in n because we ensure that MBEDTLS_MPI_MAX_LIMBS 276| | * fits, and we've checked that i <= nblimbs <= MBEDTLS_MPI_MAX_LIMBS. */ 277| 15.0k| X->n = (unsigned short) i; 278| 15.0k| X->p = p; 279| | 280| 15.0k| return 0; 281| 15.0k|} mbedtls_mpi_copy: 308| 2.19M|{ 309| 2.19M| int ret = 0; 310| 2.19M| size_t i; 311| | 312| 2.19M| if (X == Y) { ------------------ | Branch (312:9): [True: 96.5k, False: 2.09M] ------------------ 313| 96.5k| return 0; 314| 96.5k| } 315| | 316| 2.09M| if (Y->n == 0) { ------------------ | Branch (316:9): [True: 3.57k, False: 2.09M] ------------------ 317| 3.57k| if (X->n != 0) { ------------------ | Branch (317:13): [True: 0, False: 3.57k] ------------------ 318| 0| X->s = 1; 319| 0| memset(X->p, 0, X->n * ciL); ------------------ | | 79| 0|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 320| 0| } 321| 3.57k| return 0; 322| 3.57k| } 323| | 324| 13.0M| for (i = Y->n - 1; i > 0; i--) { ------------------ | Branch (324:24): [True: 13.0M, False: 12.3k] ------------------ 325| 13.0M| if (Y->p[i] != 0) { ------------------ | Branch (325:13): [True: 2.08M, False: 10.9M] ------------------ 326| 2.08M| break; 327| 2.08M| } 328| 13.0M| } 329| 2.09M| i++; 330| | 331| 2.09M| X->s = Y->s; 332| | 333| 2.09M| if (X->n < i) { ------------------ | Branch (333:9): [True: 858k, False: 1.23M] ------------------ 334| 858k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i)); ------------------ | | 41| 858k| do \ | | 42| 858k| { \ | | 43| 858k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 858k] | | ------------------ | | 44| 858k| goto cleanup; \ | | 45| 858k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 335| 1.23M| } else { 336| 1.23M| memset(X->p + i, 0, (X->n - i) * ciL); ------------------ | | 79| 1.23M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 337| 1.23M| } 338| | 339| 2.09M| memcpy(X->p, Y->p, i * ciL); ------------------ | | 79| 2.09M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 340| | 341| 2.09M|cleanup: 342| | 343| 2.09M| return ret; 344| 2.09M|} mbedtls_mpi_lset: 378| 3.02M|{ 379| 3.02M| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3.02M|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 380| | 381| 3.02M| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, 1)); ------------------ | | 41| 3.02M| do \ | | 42| 3.02M| { \ | | 43| 3.02M| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 3.02M] | | ------------------ | | 44| 3.02M| goto cleanup; \ | | 45| 3.02M| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 382| 3.02M| memset(X->p, 0, X->n * ciL); ------------------ | | 79| 3.02M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 383| | 384| 3.02M| X->p[0] = mpi_sint_abs(z); 385| 3.02M| X->s = TO_SIGN(z); ------------------ | | 372| 3.02M|#define TO_SIGN(x) ((mbedtls_mpi_sint) (((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1) | | ------------------ | | | | 80| 3.02M|#define biL (ciL << 3) /** bits in limb */ | | | | ------------------ | | | | | | 79| 3.02M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | | | ------------------ | | ------------------ ------------------ 386| | 387| 3.02M|cleanup: 388| | 389| 3.02M| return ret; 390| 3.02M|} mbedtls_mpi_get_bit: 396| 383k|{ 397| 383k| if (X->n * biL <= pos) { ------------------ | | 80| 383k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 383k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ | Branch (397:9): [True: 2.85k, False: 380k] ------------------ 398| 2.85k| return 0; 399| 2.85k| } 400| | 401| 380k| return (X->p[pos / biL] >> (pos % biL)) & 0x01; ------------------ | | 80| 380k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 380k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ return (X->p[pos / biL] >> (pos % biL)) & 0x01; ------------------ | | 80| 380k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 380k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 402| 383k|} mbedtls_mpi_lsb: 437| 1.90M|{ 438| 1.90M| size_t i; 439| | 440| 1.90M|#if defined(__has_builtin) 441| |#if (MBEDTLS_MPI_UINT_MAX == UINT_MAX) && __has_builtin(__builtin_ctz) 442| | #define mbedtls_mpi_uint_ctz __builtin_ctz 443| |#elif (MBEDTLS_MPI_UINT_MAX == ULONG_MAX) && __has_builtin(__builtin_ctzl) 444| | #define mbedtls_mpi_uint_ctz __builtin_ctzl 445| |#elif (MBEDTLS_MPI_UINT_MAX == ULLONG_MAX) && __has_builtin(__builtin_ctzll) 446| | #define mbedtls_mpi_uint_ctz __builtin_ctzll 447| |#endif 448| 1.90M|#endif 449| | 450| 1.90M|#if defined(mbedtls_mpi_uint_ctz) 451| 1.90M| for (i = 0; i < X->n; i++) { ------------------ | Branch (451:17): [True: 1.90M, False: 0] ------------------ 452| 1.90M| if (X->p[i] != 0) { ------------------ | Branch (452:13): [True: 1.90M, False: 0] ------------------ 453| 1.90M| return i * biL + mbedtls_mpi_uint_ctz(X->p[i]); ------------------ | | 80| 1.90M|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 1.90M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ return i * biL + mbedtls_mpi_uint_ctz(X->p[i]); ------------------ | | 444| 1.90M| #define mbedtls_mpi_uint_ctz __builtin_ctzl ------------------ 454| 1.90M| } 455| 1.90M| } 456| |#else 457| | size_t count = 0; 458| | for (i = 0; i < X->n; i++) { 459| | for (size_t j = 0; j < biL; j++, count++) { 460| | if (((X->p[i] >> j) & 1) != 0) { 461| | return count; 462| | } 463| | } 464| | } 465| |#endif 466| | 467| 0| return 0; 468| 1.90M|} mbedtls_mpi_bitlen: 474| 3.87M|{ 475| 3.87M| return mbedtls_mpi_core_bitlen(X->p, X->n); 476| 3.87M|} mbedtls_mpi_size: 482| 12.7k|{ 483| 12.7k| return (mbedtls_mpi_bitlen(X) + 7) >> 3; 484| 12.7k|} mbedtls_mpi_read_binary: 821| 19.0k|{ 822| 19.0k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 19.0k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 823| 19.0k| const size_t limbs = CHARS_TO_LIMBS(buflen); ------------------ | | 88| 19.0k|#define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 79| 19.0k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ | | #define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 79| 19.0k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 824| | 825| | /* Ensure that target MPI has exactly the necessary number of limbs */ 826| 19.0k| MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs)); ------------------ | | 41| 19.0k| do \ | | 42| 19.0k| { \ | | 43| 19.0k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 19.0k] | | ------------------ | | 44| 19.0k| goto cleanup; \ | | 45| 19.0k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 827| | 828| 19.0k| MBEDTLS_MPI_CHK(mbedtls_mpi_core_read_be(X->p, X->n, buf, buflen)); ------------------ | | 41| 19.0k| do \ | | 42| 19.0k| { \ | | 43| 19.0k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 19.0k] | | ------------------ | | 44| 19.0k| goto cleanup; \ | | 45| 19.0k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 829| | 830| 19.0k|cleanup: 831| | 832| | /* 833| | * This function is also used to import keys. However, wiping the buffers 834| | * upon failure is not necessary because failure only can happen before any 835| | * input is copied. 836| | */ 837| 19.0k| return ret; 838| 19.0k|} mbedtls_mpi_write_binary: 854| 484|{ 855| 484| return mbedtls_mpi_core_write_be(X->p, X->n, buf, buflen); 856| 484|} mbedtls_mpi_shift_l: 862| 1.03M|{ 863| 1.03M| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1.03M|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 864| 1.03M| size_t i; 865| | 866| 1.03M| i = mbedtls_mpi_bitlen(X) + count; 867| | 868| 1.03M| if (X->n * biL < i) { ------------------ | | 80| 1.03M|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 1.03M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ | Branch (868:9): [True: 8.59k, False: 1.02M] ------------------ 869| 8.59k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, BITS_TO_LIMBS(i))); ------------------ | | 41| 8.59k| do \ | | 42| 8.59k| { \ | | 43| 8.59k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 8.59k] | | ------------------ | | 44| 8.59k| goto cleanup; \ | | 45| 8.59k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 870| 8.59k| } 871| | 872| 1.03M| ret = 0; 873| | 874| 1.03M| mbedtls_mpi_core_shift_l(X->p, X->n, count); 875| 1.03M|cleanup: 876| | 877| 1.03M| return ret; 878| 1.03M|} mbedtls_mpi_shift_r: 884| 8.49M|{ 885| 8.49M| if (X->n != 0) { ------------------ | Branch (885:9): [True: 8.49M, False: 0] ------------------ 886| 8.49M| mbedtls_mpi_core_shift_r(X->p, X->n, count); 887| 8.49M| } 888| 8.49M| return 0; 889| 8.49M|} mbedtls_mpi_cmp_abs: 895| 7.52M|{ 896| 7.52M| size_t i, j; 897| | 898| 35.7M| for (i = X->n; i > 0; i--) { ------------------ | Branch (898:20): [True: 35.7M, False: 6.96k] ------------------ 899| 35.7M| if (X->p[i - 1] != 0) { ------------------ | Branch (899:13): [True: 7.52M, False: 28.2M] ------------------ 900| 7.52M| break; 901| 7.52M| } 902| 35.7M| } 903| | 904| 21.2M| for (j = Y->n; j > 0; j--) { ------------------ | Branch (904:20): [True: 21.2M, False: 1.84k] ------------------ 905| 21.2M| if (Y->p[j - 1] != 0) { ------------------ | Branch (905:13): [True: 7.52M, False: 13.7M] ------------------ 906| 7.52M| break; 907| 7.52M| } 908| 21.2M| } 909| | 910| | /* If i == j == 0, i.e. abs(X) == abs(Y), 911| | * we end up returning 0 at the end of the function. */ 912| | 913| 7.52M| if (i > j) { ------------------ | Branch (913:9): [True: 721k, False: 6.80M] ------------------ 914| 721k| return 1; 915| 721k| } 916| 6.80M| if (j > i) { ------------------ | Branch (916:9): [True: 12.8k, False: 6.79M] ------------------ 917| 12.8k| return -1; 918| 12.8k| } 919| | 920| 6.86M| for (; i > 0; i--) { ------------------ | Branch (920:12): [True: 6.85M, False: 10.2k] ------------------ 921| 6.85M| if (X->p[i - 1] > Y->p[i - 1]) { ------------------ | Branch (921:13): [True: 2.40M, False: 4.44M] ------------------ 922| 2.40M| return 1; 923| 2.40M| } 924| 4.44M| if (X->p[i - 1] < Y->p[i - 1]) { ------------------ | Branch (924:13): [True: 4.37M, False: 72.8k] ------------------ 925| 4.37M| return -1; 926| 4.37M| } 927| 4.44M| } 928| | 929| 10.2k| return 0; 930| 6.79M|} mbedtls_mpi_cmp_mpi: 936| 13.1M|{ 937| 13.1M| size_t i, j; 938| | 939| 76.7M| for (i = X->n; i > 0; i--) { ------------------ | Branch (939:20): [True: 76.6M, False: 20.9k] ------------------ 940| 76.6M| if (X->p[i - 1] != 0) { ------------------ | Branch (940:13): [True: 13.1M, False: 63.5M] ------------------ 941| 13.1M| break; 942| 13.1M| } 943| 76.6M| } 944| | 945| 26.3M| for (j = Y->n; j > 0; j--) { ------------------ | Branch (945:20): [True: 20.8M, False: 5.46M] ------------------ 946| 20.8M| if (Y->p[j - 1] != 0) { ------------------ | Branch (946:13): [True: 7.67M, False: 13.1M] ------------------ 947| 7.67M| break; 948| 7.67M| } 949| 20.8M| } 950| | 951| 13.1M| if (i == 0 && j == 0) { ------------------ | Branch (951:9): [True: 20.9k, False: 13.1M] | Branch (951:19): [True: 20.9k, False: 0] ------------------ 952| 20.9k| return 0; 953| 20.9k| } 954| | 955| 13.1M| if (i > j) { ------------------ | Branch (955:9): [True: 6.78M, False: 6.33M] ------------------ 956| 6.78M| return X->s; 957| 6.78M| } 958| 6.33M| if (j > i) { ------------------ | Branch (958:9): [True: 39.3k, False: 6.29M] ------------------ 959| 39.3k| return -Y->s; 960| 39.3k| } 961| | 962| 6.29M| if (X->s > 0 && Y->s < 0) { ------------------ | Branch (962:9): [True: 6.29M, False: 0] | Branch (962:21): [True: 0, False: 6.29M] ------------------ 963| 0| return 1; 964| 0| } 965| 6.29M| if (Y->s > 0 && X->s < 0) { ------------------ | Branch (965:9): [True: 6.29M, False: 0] | Branch (965:21): [True: 0, False: 6.29M] ------------------ 966| 0| return -1; 967| 0| } 968| | 969| 6.51M| for (; i > 0; i--) { ------------------ | Branch (969:12): [True: 6.40M, False: 118k] ------------------ 970| 6.40M| if (X->p[i - 1] > Y->p[i - 1]) { ------------------ | Branch (970:13): [True: 977k, False: 5.42M] ------------------ 971| 977k| return X->s; 972| 977k| } 973| 5.42M| if (X->p[i - 1] < Y->p[i - 1]) { ------------------ | Branch (973:13): [True: 5.19M, False: 226k] ------------------ 974| 5.19M| return -X->s; 975| 5.19M| } 976| 5.42M| } 977| | 978| 118k| return 0; 979| 6.29M|} mbedtls_mpi_cmp_int: 985| 5.57M|{ 986| 5.57M| mbedtls_mpi Y; 987| 5.57M| mbedtls_mpi_uint p[1]; 988| | 989| 5.57M| *p = mpi_sint_abs(z); 990| 5.57M| Y.s = TO_SIGN(z); ------------------ | | 372| 5.57M|#define TO_SIGN(x) ((mbedtls_mpi_sint) (((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1) | | ------------------ | | | | 80| 5.57M|#define biL (ciL << 3) /** bits in limb */ | | | | ------------------ | | | | | | 79| 5.57M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | | | ------------------ | | ------------------ ------------------ 991| 5.57M| Y.n = 1; 992| 5.57M| Y.p = p; 993| | 994| 5.57M| return mbedtls_mpi_cmp_mpi(X, &Y); 995| 5.57M|} mbedtls_mpi_add_abs: 1001| 2.07M|{ 1002| 2.07M| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2.07M|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1003| 2.07M| size_t j; 1004| 2.07M| mbedtls_mpi_uint *p; 1005| 2.07M| mbedtls_mpi_uint c; 1006| | 1007| 2.07M| if (X == B) { ------------------ | Branch (1007:9): [True: 0, False: 2.07M] ------------------ 1008| 0| const mbedtls_mpi *T = A; A = X; B = T; 1009| 0| } 1010| | 1011| 2.07M| if (X != A) { ------------------ | Branch (1011:9): [True: 220k, False: 1.85M] ------------------ 1012| 220k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)); ------------------ | | 41| 220k| do \ | | 42| 220k| { \ | | 43| 220k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 220k] | | ------------------ | | 44| 220k| goto cleanup; \ | | 45| 220k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1013| 220k| } 1014| | 1015| | /* 1016| | * X must always be positive as a result of unsigned additions. 1017| | */ 1018| 2.07M| X->s = 1; 1019| | 1020| 3.62M| for (j = B->n; j > 0; j--) { ------------------ | Branch (1020:20): [True: 3.62M, False: 375] ------------------ 1021| 3.62M| if (B->p[j - 1] != 0) { ------------------ | Branch (1021:13): [True: 2.07M, False: 1.55M] ------------------ 1022| 2.07M| break; 1023| 2.07M| } 1024| 3.62M| } 1025| | 1026| | /* Exit early to avoid undefined behavior on NULL+0 when X->n == 0 1027| | * and B is 0 (of any size). */ 1028| 2.07M| if (j == 0) { ------------------ | Branch (1028:9): [True: 375, False: 2.07M] ------------------ 1029| 375| return 0; 1030| 375| } 1031| | 1032| 2.07M| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, j)); ------------------ | | 41| 2.07M| do \ | | 42| 2.07M| { \ | | 43| 2.07M| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.07M] | | ------------------ | | 44| 2.07M| goto cleanup; \ | | 45| 2.07M| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1033| | 1034| | /* j is the number of non-zero limbs of B. Add those to X. */ 1035| | 1036| 2.07M| p = X->p; 1037| | 1038| 2.07M| c = mbedtls_mpi_core_add(p, p, B->p, j); 1039| | 1040| 2.07M| p += j; 1041| | 1042| | /* Now propagate any carry */ 1043| | 1044| 2.90M| while (c != 0) { ------------------ | Branch (1044:12): [True: 829k, False: 2.07M] ------------------ 1045| 829k| if (j >= X->n) { ------------------ | Branch (1045:13): [True: 8.39k, False: 820k] ------------------ 1046| 8.39k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, j + 1)); ------------------ | | 41| 8.39k| do \ | | 42| 8.39k| { \ | | 43| 8.39k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 8.39k] | | ------------------ | | 44| 8.39k| goto cleanup; \ | | 45| 8.39k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1047| 8.39k| p = X->p + j; 1048| 8.39k| } 1049| | 1050| 829k| *p += c; c = (*p < c); j++; p++; 1051| 829k| } 1052| | 1053| 2.07M|cleanup: 1054| | 1055| 2.07M| return ret; 1056| 2.07M|} mbedtls_mpi_sub_abs: 1062| 9.77M|{ 1063| 9.77M| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 9.77M|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1064| 9.77M| size_t n; 1065| 9.77M| mbedtls_mpi_uint carry; 1066| | 1067| 39.6M| for (n = B->n; n > 0; n--) { ------------------ | Branch (1067:20): [True: 39.6M, False: 8.80k] ------------------ 1068| 39.6M| if (B->p[n - 1] != 0) { ------------------ | Branch (1068:13): [True: 9.76M, False: 29.8M] ------------------ 1069| 9.76M| break; 1070| 9.76M| } 1071| 39.6M| } 1072| 9.77M| if (n > A->n) { ------------------ | Branch (1072:9): [True: 0, False: 9.77M] ------------------ 1073| | /* B >= (2^ciL)^n > A */ 1074| 0| ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE; ------------------ | | 32| 0|#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A ------------------ 1075| 0| goto cleanup; 1076| 0| } 1077| | 1078| 9.77M| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, A->n)); ------------------ | | 41| 9.77M| do \ | | 42| 9.77M| { \ | | 43| 9.77M| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 9.77M] | | ------------------ | | 44| 9.77M| goto cleanup; \ | | 45| 9.77M| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1079| | 1080| | /* Set the high limbs of X to match A. Don't touch the lower limbs 1081| | * because X might be aliased to B, and we must not overwrite the 1082| | * significant digits of B. */ 1083| 9.77M| if (A->n > n && A != X) { ------------------ | Branch (1083:9): [True: 6.02M, False: 3.75M] | Branch (1083:21): [True: 1.36M, False: 4.65M] ------------------ 1084| 1.36M| memcpy(X->p + n, A->p + n, (A->n - n) * ciL); ------------------ | | 79| 1.36M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 1085| 1.36M| } 1086| 9.77M| if (X->n > A->n) { ------------------ | Branch (1086:9): [True: 2.94M, False: 6.82M] ------------------ 1087| 2.94M| memset(X->p + A->n, 0, (X->n - A->n) * ciL); ------------------ | | 79| 2.94M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 1088| 2.94M| } 1089| | 1090| 9.77M| carry = mbedtls_mpi_core_sub(X->p, A->p, B->p, n); 1091| 9.77M| if (carry != 0) { ------------------ | Branch (1091:9): [True: 2.01M, False: 7.76M] ------------------ 1092| | /* Propagate the carry through the rest of X. */ 1093| 2.01M| carry = mbedtls_mpi_core_sub_int(X->p + n, X->p + n, carry, X->n - n); 1094| | 1095| | /* If we have further carry/borrow, the result is negative. */ 1096| 2.01M| if (carry != 0) { ------------------ | Branch (1096:13): [True: 0, False: 2.01M] ------------------ 1097| 0| ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE; ------------------ | | 32| 0|#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A ------------------ 1098| 0| goto cleanup; 1099| 0| } 1100| 2.01M| } 1101| | 1102| | /* X should always be positive as a result of unsigned subtractions. */ 1103| 9.77M| X->s = 1; 1104| | 1105| 9.77M|cleanup: 1106| 9.77M| return ret; 1107| 9.77M|} mbedtls_mpi_add_mpi: 1146| 4.14M|{ 1147| 4.14M| return add_sub_mpi(X, A, B, 1); 1148| 4.14M|} mbedtls_mpi_sub_mpi: 1154| 5.44M|{ 1155| 5.44M| return add_sub_mpi(X, A, B, -1); 1156| 5.44M|} mbedtls_mpi_sub_int: 1178| 7.37k|{ 1179| 7.37k| mbedtls_mpi B; 1180| 7.37k| mbedtls_mpi_uint p[1]; 1181| | 1182| 7.37k| p[0] = mpi_sint_abs(b); 1183| 7.37k| B.s = TO_SIGN(b); ------------------ | | 372| 7.37k|#define TO_SIGN(x) ((mbedtls_mpi_sint) (((mbedtls_mpi_uint) x) >> (biL - 1)) * -2 + 1) | | ------------------ | | | | 80| 7.37k|#define biL (ciL << 3) /** bits in limb */ | | | | ------------------ | | | | | | 79| 7.37k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | | | ------------------ | | ------------------ ------------------ 1184| 7.37k| B.n = 1; 1185| 7.37k| B.p = p; 1186| | 1187| 7.37k| return mbedtls_mpi_sub_mpi(X, A, &B); 1188| 7.37k|} mbedtls_mpi_mul_mpi: 1194| 2.81M|{ 1195| 2.81M| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2.81M|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1196| 2.81M| size_t i, j; 1197| 2.81M| mbedtls_mpi TA, TB; 1198| 2.81M| int result_is_zero = 0; 1199| | 1200| 2.81M| mbedtls_mpi_init(&TA); 1201| 2.81M| mbedtls_mpi_init(&TB); 1202| | 1203| 2.81M| if (X == A) { ------------------ | Branch (1203:9): [True: 789k, False: 2.02M] ------------------ 1204| 789k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TA, A)); A = &TA; ------------------ | | 41| 789k| do \ | | 42| 789k| { \ | | 43| 789k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 789k] | | ------------------ | | 44| 789k| goto cleanup; \ | | 45| 789k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1205| 789k| } 1206| 2.81M| if (X == B) { ------------------ | Branch (1206:9): [True: 9.28k, False: 2.80M] ------------------ 1207| 9.28k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, B)); B = &TB; ------------------ | | 41| 9.28k| do \ | | 42| 9.28k| { \ | | 43| 9.28k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 9.28k] | | ------------------ | | 44| 9.28k| goto cleanup; \ | | 45| 9.28k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1208| 9.28k| } 1209| | 1210| 9.48M| for (i = A->n; i > 0; i--) { ------------------ | Branch (1210:20): [True: 9.48M, False: 0] ------------------ 1211| 9.48M| if (A->p[i - 1] != 0) { ------------------ | Branch (1211:13): [True: 2.81M, False: 6.67M] ------------------ 1212| 2.81M| break; 1213| 2.81M| } 1214| 9.48M| } 1215| 2.81M| if (i == 0) { ------------------ | Branch (1215:9): [True: 0, False: 2.81M] ------------------ 1216| 0| result_is_zero = 1; 1217| 0| } 1218| | 1219| 12.5M| for (j = B->n; j > 0; j--) { ------------------ | Branch (1219:20): [True: 12.5M, False: 0] ------------------ 1220| 12.5M| if (B->p[j - 1] != 0) { ------------------ | Branch (1220:13): [True: 2.81M, False: 9.72M] ------------------ 1221| 2.81M| break; 1222| 2.81M| } 1223| 12.5M| } 1224| 2.81M| if (j == 0) { ------------------ | Branch (1224:9): [True: 0, False: 2.81M] ------------------ 1225| 0| result_is_zero = 1; 1226| 0| } 1227| | 1228| 2.81M| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i + j)); ------------------ | | 41| 2.81M| do \ | | 42| 2.81M| { \ | | 43| 2.81M| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.81M] | | ------------------ | | 44| 2.81M| goto cleanup; \ | | 45| 2.81M| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1229| 2.81M| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0)); ------------------ | | 41| 2.81M| do \ | | 42| 2.81M| { \ | | 43| 2.81M| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.81M] | | ------------------ | | 44| 2.81M| goto cleanup; \ | | 45| 2.81M| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1230| | 1231| 2.81M| mbedtls_mpi_core_mul(X->p, A->p, i, B->p, j); 1232| | 1233| | /* If the result is 0, we don't shortcut the operation, which reduces 1234| | * but does not eliminate side channels leaking the zero-ness. We do 1235| | * need to take care to set the sign bit properly since the library does 1236| | * not fully support an MPI object with a value of 0 and s == -1. */ 1237| 2.81M| if (result_is_zero) { ------------------ | Branch (1237:9): [True: 0, False: 2.81M] ------------------ 1238| 0| X->s = 1; 1239| 2.81M| } else { 1240| 2.81M| X->s = A->s * B->s; 1241| 2.81M| } 1242| | 1243| 2.81M|cleanup: 1244| | 1245| 2.81M| mbedtls_mpi_free(&TB); mbedtls_mpi_free(&TA); 1246| | 1247| 2.81M| return ret; 1248| 2.81M|} mbedtls_mpi_mul_int: 1254| 363k|{ 1255| 363k| size_t n = A->n; 1256| 9.28M| while (n > 0 && A->p[n - 1] == 0) { ------------------ | Branch (1256:12): [True: 9.28M, False: 0] | Branch (1256:21): [True: 8.92M, False: 363k] ------------------ 1257| 8.92M| --n; 1258| 8.92M| } 1259| | 1260| | /* The general method below doesn't work if b==0. */ 1261| 363k| if (b == 0 || n == 0) { ------------------ | Branch (1261:9): [True: 0, False: 363k] | Branch (1261:19): [True: 0, False: 363k] ------------------ 1262| 0| return mbedtls_mpi_lset(X, 0); 1263| 0| } 1264| | 1265| | /* Calculate A*b as A + A*(b-1) to take advantage of mbedtls_mpi_core_mla */ 1266| 363k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 363k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1267| | /* In general, A * b requires 1 limb more than b. If 1268| | * A->p[n - 1] * b / b == A->p[n - 1], then A * b fits in the same 1269| | * number of limbs as A and the call to grow() is not required since 1270| | * copy() will take care of the growth if needed. However, experimentally, 1271| | * making the call to grow() unconditional causes slightly fewer 1272| | * calls to calloc() in ECP code, presumably because it reuses the 1273| | * same mpi for a while and this way the mpi is more likely to directly 1274| | * grow to its final size. 1275| | * 1276| | * Note that calculating A*b as 0 + A*b doesn't work as-is because 1277| | * A,X can be the same. */ 1278| 363k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, n + 1)); ------------------ | | 41| 363k| do \ | | 42| 363k| { \ | | 43| 363k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 363k] | | ------------------ | | 44| 363k| goto cleanup; \ | | 45| 363k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1279| 363k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)); ------------------ | | 41| 363k| do \ | | 42| 363k| { \ | | 43| 363k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 363k] | | ------------------ | | 44| 363k| goto cleanup; \ | | 45| 363k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1280| 363k| mbedtls_mpi_core_mla(X->p, X->n, A->p, n, b - 1); 1281| | 1282| 363k|cleanup: 1283| 363k| return ret; 1284| 363k|} mbedtls_mpi_div_mpi: 1395| 7.98k|{ 1396| 7.98k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.98k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1397| 7.98k| size_t i, n, t, k; 1398| 7.98k| mbedtls_mpi X, Y, Z, T1, T2; 1399| 7.98k| mbedtls_mpi_uint TP2[3]; 1400| | 1401| 7.98k| if (mbedtls_mpi_cmp_int(B, 0) == 0) { ------------------ | Branch (1401:9): [True: 0, False: 7.98k] ------------------ 1402| 0| return MBEDTLS_ERR_MPI_DIVISION_BY_ZERO; ------------------ | | 34| 0|#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO -0x000C ------------------ 1403| 0| } 1404| | 1405| 7.98k| mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); 1406| 7.98k| mbedtls_mpi_init(&T1); 1407| | /* 1408| | * Avoid dynamic memory allocations for constant-size T2. 1409| | * 1410| | * T2 is used for comparison only and the 3 limbs are assigned explicitly, 1411| | * so nobody increase the size of the MPI and we're safe to use an on-stack 1412| | * buffer. 1413| | */ 1414| 7.98k| T2.s = 1; 1415| 7.98k| T2.n = sizeof(TP2) / sizeof(*TP2); 1416| 7.98k| T2.p = TP2; 1417| | 1418| 7.98k| if (mbedtls_mpi_cmp_abs(A, B) < 0) { ------------------ | Branch (1418:9): [True: 5.11k, False: 2.86k] ------------------ 1419| 5.11k| if (Q != NULL) { ------------------ | Branch (1419:13): [True: 0, False: 5.11k] ------------------ 1420| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(Q, 0)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1421| 0| } 1422| 5.11k| if (R != NULL) { ------------------ | Branch (1422:13): [True: 5.11k, False: 0] ------------------ 1423| 5.11k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(R, A)); ------------------ | | 41| 5.11k| do \ | | 42| 5.11k| { \ | | 43| 5.11k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 5.11k] | | ------------------ | | 44| 5.11k| goto cleanup; \ | | 45| 5.11k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1424| 5.11k| } 1425| 5.11k| return 0; 1426| 5.11k| } 1427| | 1428| 2.86k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&X, A)); ------------------ | | 41| 2.86k| do \ | | 42| 2.86k| { \ | | 43| 2.86k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.86k] | | ------------------ | | 44| 2.86k| goto cleanup; \ | | 45| 2.86k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1429| 2.86k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Y, B)); ------------------ | | 41| 2.86k| do \ | | 42| 2.86k| { \ | | 43| 2.86k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.86k] | | ------------------ | | 44| 2.86k| goto cleanup; \ | | 45| 2.86k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1430| 2.86k| X.s = Y.s = 1; 1431| | 1432| 2.86k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&Z, A->n + 2)); ------------------ | | 41| 2.86k| do \ | | 42| 2.86k| { \ | | 43| 2.86k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.86k] | | ------------------ | | 44| 2.86k| goto cleanup; \ | | 45| 2.86k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1433| 2.86k| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&Z, 0)); ------------------ | | 41| 2.86k| do \ | | 42| 2.86k| { \ | | 43| 2.86k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.86k] | | ------------------ | | 44| 2.86k| goto cleanup; \ | | 45| 2.86k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1434| 2.86k| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&T1, A->n + 2)); ------------------ | | 41| 2.86k| do \ | | 42| 2.86k| { \ | | 43| 2.86k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.86k] | | ------------------ | | 44| 2.86k| goto cleanup; \ | | 45| 2.86k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1435| | 1436| 2.86k| k = mbedtls_mpi_bitlen(&Y) % biL; ------------------ | | 80| 2.86k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 2.86k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 1437| 2.86k| if (k < biL - 1) { ------------------ | | 80| 2.86k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 2.86k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ | Branch (1437:9): [True: 2.86k, False: 0] ------------------ 1438| 2.86k| k = biL - 1 - k; ------------------ | | 80| 2.86k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 2.86k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 1439| 2.86k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&X, k)); ------------------ | | 41| 2.86k| do \ | | 42| 2.86k| { \ | | 43| 2.86k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.86k] | | ------------------ | | 44| 2.86k| goto cleanup; \ | | 45| 2.86k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1440| 2.86k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&Y, k)); ------------------ | | 41| 2.86k| do \ | | 42| 2.86k| { \ | | 43| 2.86k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.86k] | | ------------------ | | 44| 2.86k| goto cleanup; \ | | 45| 2.86k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1441| 2.86k| } else { 1442| 0| k = 0; 1443| 0| } 1444| | 1445| 2.86k| n = X.n - 1; 1446| 2.86k| t = Y.n - 1; 1447| 2.86k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&Y, biL * (n - t))); ------------------ | | 41| 2.86k| do \ | | 42| 2.86k| { \ | | 43| 2.86k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.86k] | | ------------------ | | 44| 2.86k| goto cleanup; \ | | 45| 2.86k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1448| | 1449| 3.58k| while (mbedtls_mpi_cmp_mpi(&X, &Y) >= 0) { ------------------ | Branch (1449:12): [True: 722, False: 2.86k] ------------------ 1450| 722| Z.p[n - t]++; 1451| 722| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&X, &X, &Y)); ------------------ | | 41| 722| do \ | | 42| 722| { \ | | 43| 722| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 722] | | ------------------ | | 44| 722| goto cleanup; \ | | 45| 722| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1452| 722| } 1453| 2.86k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Y, biL * (n - t))); ------------------ | | 41| 2.86k| do \ | | 42| 2.86k| { \ | | 43| 2.86k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.86k] | | ------------------ | | 44| 2.86k| goto cleanup; \ | | 45| 2.86k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1454| | 1455| 51.1k| for (i = n; i > t; i--) { ------------------ | Branch (1455:17): [True: 48.3k, False: 2.86k] ------------------ 1456| 48.3k| if (X.p[i] >= Y.p[t]) { ------------------ | Branch (1456:13): [True: 0, False: 48.3k] ------------------ 1457| 0| Z.p[i - t - 1] = ~(mbedtls_mpi_uint) 0u; 1458| 48.3k| } else { 1459| 48.3k| Z.p[i - t - 1] = mbedtls_int_div_int(X.p[i], X.p[i - 1], 1460| 48.3k| Y.p[t], NULL); 1461| 48.3k| } 1462| | 1463| 48.3k| T2.p[0] = (i < 2) ? 0 : X.p[i - 2]; ------------------ | Branch (1463:19): [True: 0, False: 48.3k] ------------------ 1464| 48.3k| T2.p[1] = (i < 1) ? 0 : X.p[i - 1]; ------------------ | Branch (1464:19): [True: 0, False: 48.3k] ------------------ 1465| 48.3k| T2.p[2] = X.p[i]; 1466| | 1467| 48.3k| Z.p[i - t - 1]++; 1468| 95.3k| do { 1469| 95.3k| Z.p[i - t - 1]--; 1470| | 1471| 95.3k| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&T1, 0)); ------------------ | | 41| 95.3k| do \ | | 42| 95.3k| { \ | | 43| 95.3k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 95.3k] | | ------------------ | | 44| 95.3k| goto cleanup; \ | | 45| 95.3k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1472| 95.3k| T1.p[0] = (t < 1) ? 0 : Y.p[t - 1]; ------------------ | Branch (1472:23): [True: 0, False: 95.3k] ------------------ 1473| 95.3k| T1.p[1] = Y.p[t]; 1474| 95.3k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T1, &T1, Z.p[i - t - 1])); ------------------ | | 41| 95.3k| do \ | | 42| 95.3k| { \ | | 43| 95.3k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 95.3k] | | ------------------ | | 44| 95.3k| goto cleanup; \ | | 45| 95.3k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1475| 95.3k| } while (mbedtls_mpi_cmp_mpi(&T1, &T2) > 0); ------------------ | Branch (1475:18): [True: 46.9k, False: 48.3k] ------------------ 1476| | 1477| 48.3k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T1, &Y, Z.p[i - t - 1])); ------------------ | | 41| 48.3k| do \ | | 42| 48.3k| { \ | | 43| 48.3k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 48.3k] | | ------------------ | | 44| 48.3k| goto cleanup; \ | | 45| 48.3k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1478| 48.3k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&T1, biL * (i - t - 1))); ------------------ | | 41| 48.3k| do \ | | 42| 48.3k| { \ | | 43| 48.3k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 48.3k] | | ------------------ | | 44| 48.3k| goto cleanup; \ | | 45| 48.3k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1479| 48.3k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&X, &X, &T1)); ------------------ | | 41| 48.3k| do \ | | 42| 48.3k| { \ | | 43| 48.3k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 48.3k] | | ------------------ | | 44| 48.3k| goto cleanup; \ | | 45| 48.3k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1480| | 1481| 48.3k| if (mbedtls_mpi_cmp_int(&X, 0) < 0) { ------------------ | Branch (1481:13): [True: 0, False: 48.3k] ------------------ 1482| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&T1, &Y)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1483| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&T1, biL * (i - t - 1))); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1484| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&X, &X, &T1)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1485| 0| Z.p[i - t - 1]--; 1486| 0| } 1487| 48.3k| } 1488| | 1489| 2.86k| if (Q != NULL) { ------------------ | Branch (1489:9): [True: 0, False: 2.86k] ------------------ 1490| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(Q, &Z)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1491| 0| Q->s = A->s * B->s; 1492| 0| } 1493| | 1494| 2.86k| if (R != NULL) { ------------------ | Branch (1494:9): [True: 2.86k, False: 0] ------------------ 1495| 2.86k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&X, k)); ------------------ | | 41| 2.86k| do \ | | 42| 2.86k| { \ | | 43| 2.86k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.86k] | | ------------------ | | 44| 2.86k| goto cleanup; \ | | 45| 2.86k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1496| 2.86k| X.s = A->s; 1497| 2.86k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(R, &X)); ------------------ | | 41| 2.86k| do \ | | 42| 2.86k| { \ | | 43| 2.86k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.86k] | | ------------------ | | 44| 2.86k| goto cleanup; \ | | 45| 2.86k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1498| | 1499| 2.86k| if (mbedtls_mpi_cmp_int(R, 0) == 0) { ------------------ | Branch (1499:13): [True: 0, False: 2.86k] ------------------ 1500| 0| R->s = 1; 1501| 0| } 1502| 2.86k| } 1503| | 1504| 2.86k|cleanup: 1505| | 1506| 2.86k| mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y); mbedtls_mpi_free(&Z); 1507| 2.86k| mbedtls_mpi_free(&T1); 1508| 2.86k| mbedtls_platform_zeroize(TP2, sizeof(TP2)); 1509| | 1510| 2.86k| return ret; 1511| 2.86k|} mbedtls_mpi_mod_mpi: 1535| 7.98k|{ 1536| 7.98k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.98k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1537| | 1538| 7.98k| if (mbedtls_mpi_cmp_int(B, 0) < 0) { ------------------ | Branch (1538:9): [True: 0, False: 7.98k] ------------------ 1539| 0| return MBEDTLS_ERR_MPI_NEGATIVE_VALUE; ------------------ | | 32| 0|#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A ------------------ 1540| 0| } 1541| | 1542| 7.98k| MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(NULL, R, A, B)); ------------------ | | 41| 7.98k| do \ | | 42| 7.98k| { \ | | 43| 7.98k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 7.98k] | | ------------------ | | 44| 7.98k| goto cleanup; \ | | 45| 7.98k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1543| | 1544| 8.03k| while (mbedtls_mpi_cmp_int(R, 0) < 0) { ------------------ | Branch (1544:12): [True: 56, False: 7.98k] ------------------ 1545| 56| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(R, R, B)); ------------------ | | 41| 56| do \ | | 42| 56| { \ | | 43| 56| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 56] | | ------------------ | | 44| 56| goto cleanup; \ | | 45| 56| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1546| 56| } 1547| | 1548| 7.98k| while (mbedtls_mpi_cmp_mpi(R, B) >= 0) { ------------------ | Branch (1548:12): [True: 0, False: 7.98k] ------------------ 1549| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(R, R, B)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1550| 0| } 1551| | 1552| 7.98k|cleanup: 1553| | 1554| 7.98k| return ret; 1555| 7.98k|} mbedtls_mpi_exp_mod: 1735| 476|{ 1736| 476| return mbedtls_mpi_exp_mod_optionally_safe(X, A, E, MBEDTLS_MPI_IS_SECRET, N, prec_RR); ------------------ | | 112| 476|#define MBEDTLS_MPI_IS_SECRET 0 ------------------ 1737| 476|} mbedtls_mpi_exp_mod_unsafe: 1742| 365|{ 1743| 365| return mbedtls_mpi_exp_mod_optionally_safe(X, A, E, MBEDTLS_MPI_IS_PUBLIC, N, prec_RR); ------------------ | | 111| 365|#define MBEDTLS_MPI_IS_PUBLIC 0x2a2a2a2a ------------------ 1744| 365|} mbedtls_mpi_gcd: 1750| 4.40k|{ 1751| 4.40k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 4.40k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1752| 4.40k| size_t lz, lzt; 1753| 4.40k| mbedtls_mpi TA, TB; 1754| | 1755| 4.40k| mbedtls_mpi_init(&TA); mbedtls_mpi_init(&TB); 1756| | 1757| 4.40k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TA, A)); ------------------ | | 41| 4.40k| do \ | | 42| 4.40k| { \ | | 43| 4.40k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.40k] | | ------------------ | | 44| 4.40k| goto cleanup; \ | | 45| 4.40k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1758| 4.40k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, B)); ------------------ | | 41| 4.40k| do \ | | 42| 4.40k| { \ | | 43| 4.40k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.40k] | | ------------------ | | 44| 4.40k| goto cleanup; \ | | 45| 4.40k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1759| | 1760| 4.40k| lz = mbedtls_mpi_lsb(&TA); 1761| 4.40k| lzt = mbedtls_mpi_lsb(&TB); 1762| | 1763| | /* The loop below gives the correct result when A==0 but not when B==0. 1764| | * So have a special case for B==0. Leverage the fact that we just 1765| | * calculated the lsb and lsb(B)==0 iff B is odd or 0 to make the test 1766| | * slightly more efficient than cmp_int(). */ 1767| 4.40k| if (lzt == 0 && mbedtls_mpi_get_bit(&TB, 0) == 0) { ------------------ | Branch (1767:9): [True: 4.40k, False: 0] | Branch (1767:21): [True: 0, False: 4.40k] ------------------ 1768| 0| ret = mbedtls_mpi_copy(G, A); 1769| 0| goto cleanup; 1770| 0| } 1771| | 1772| 4.40k| if (lzt < lz) { ------------------ | Branch (1772:9): [True: 2.55k, False: 1.84k] ------------------ 1773| 2.55k| lz = lzt; 1774| 2.55k| } 1775| | 1776| 4.40k| TA.s = TB.s = 1; 1777| | 1778| | /* We mostly follow the procedure described in HAC 14.54, but with some 1779| | * minor differences: 1780| | * - Sequences of multiplications or divisions by 2 are grouped into a 1781| | * single shift operation. 1782| | * - The procedure in HAC assumes that 0 < TB <= TA. 1783| | * - The condition TB <= TA is not actually necessary for correctness. 1784| | * TA and TB have symmetric roles except for the loop termination 1785| | * condition, and the shifts at the beginning of the loop body 1786| | * remove any significance from the ordering of TA vs TB before 1787| | * the shifts. 1788| | * - If TA = 0, the loop goes through 0 iterations and the result is 1789| | * correctly TB. 1790| | * - The case TB = 0 was short-circuited above. 1791| | * 1792| | * For the correctness proof below, decompose the original values of 1793| | * A and B as 1794| | * A = sa * 2^a * A' with A'=0 or A' odd, and sa = +-1 1795| | * B = sb * 2^b * B' with B'=0 or B' odd, and sb = +-1 1796| | * Then gcd(A, B) = 2^{min(a,b)} * gcd(A',B'), 1797| | * and gcd(A',B') is odd or 0. 1798| | * 1799| | * At the beginning, we have TA = |A| and TB = |B| so gcd(A,B) = gcd(TA,TB). 1800| | * The code maintains the following invariant: 1801| | * gcd(A,B) = 2^k * gcd(TA,TB) for some k (I) 1802| | */ 1803| | 1804| | /* Proof that the loop terminates: 1805| | * At each iteration, either the right-shift by 1 is made on a nonzero 1806| | * value and the nonnegative integer bitlen(TA) + bitlen(TB) decreases 1807| | * by at least 1, or the right-shift by 1 is made on zero and then 1808| | * TA becomes 0 which ends the loop (TB cannot be 0 if it is right-shifted 1809| | * since in that case TB is calculated from TB-TA with the condition TB>TA). 1810| | */ 1811| 950k| while (mbedtls_mpi_cmp_int(&TA, 0) != 0) { ------------------ | Branch (1811:12): [True: 946k, False: 4.40k] ------------------ 1812| | /* Divisions by 2 preserve the invariant (I). */ 1813| 946k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TA, mbedtls_mpi_lsb(&TA))); ------------------ | | 41| 946k| do \ | | 42| 946k| { \ | | 43| 946k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 946k] | | ------------------ | | 44| 946k| goto cleanup; \ | | 45| 946k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1814| 946k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TB, mbedtls_mpi_lsb(&TB))); ------------------ | | 41| 946k| do \ | | 42| 946k| { \ | | 43| 946k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 946k] | | ------------------ | | 44| 946k| goto cleanup; \ | | 45| 946k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1815| | 1816| | /* Set either TA or TB to |TA-TB|/2. Since TA and TB are both odd, 1817| | * TA-TB is even so the division by 2 has an integer result. 1818| | * Invariant (I) is preserved since any odd divisor of both TA and TB 1819| | * also divides |TA-TB|/2, and any odd divisor of both TA and |TA-TB|/2 1820| | * also divides TB, and any odd divisor of both TB and |TA-TB|/2 also 1821| | * divides TA. 1822| | */ 1823| 946k| if (mbedtls_mpi_cmp_mpi(&TA, &TB) >= 0) { ------------------ | Branch (1823:13): [True: 483k, False: 463k] ------------------ 1824| 483k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(&TA, &TA, &TB)); ------------------ | | 41| 483k| do \ | | 42| 483k| { \ | | 43| 483k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 483k] | | ------------------ | | 44| 483k| goto cleanup; \ | | 45| 483k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1825| 483k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TA, 1)); ------------------ | | 41| 483k| do \ | | 42| 483k| { \ | | 43| 483k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 483k] | | ------------------ | | 44| 483k| goto cleanup; \ | | 45| 483k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1826| 483k| } else { 1827| 463k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(&TB, &TB, &TA)); ------------------ | | 41| 463k| do \ | | 42| 463k| { \ | | 43| 463k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 463k] | | ------------------ | | 44| 463k| goto cleanup; \ | | 45| 463k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1828| 463k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TB, 1)); ------------------ | | 41| 463k| do \ | | 42| 463k| { \ | | 43| 463k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 463k] | | ------------------ | | 44| 463k| goto cleanup; \ | | 45| 463k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1829| 463k| } 1830| | /* Note that one of TA or TB is still odd. */ 1831| 946k| } 1832| | 1833| | /* By invariant (I), gcd(A,B) = 2^k * gcd(TA,TB) for some k. 1834| | * At the loop exit, TA = 0, so gcd(TA,TB) = TB. 1835| | * - If there was at least one loop iteration, then one of TA or TB is odd, 1836| | * and TA = 0, so TB is odd and gcd(TA,TB) = gcd(A',B'). In this case, 1837| | * lz = min(a,b) so gcd(A,B) = 2^lz * TB. 1838| | * - If there was no loop iteration, then A was 0, and gcd(A,B) = B. 1839| | * In this case, lz = 0 and B = TB so gcd(A,B) = B = 2^lz * TB as well. 1840| | */ 1841| | 1842| 4.40k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&TB, lz)); ------------------ | | 41| 4.40k| do \ | | 42| 4.40k| { \ | | 43| 4.40k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.40k] | | ------------------ | | 44| 4.40k| goto cleanup; \ | | 45| 4.40k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1843| 4.40k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(G, &TB)); ------------------ | | 41| 4.40k| do \ | | 42| 4.40k| { \ | | 43| 4.40k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.40k] | | ------------------ | | 44| 4.40k| goto cleanup; \ | | 45| 4.40k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1844| | 1845| 4.40k|cleanup: 1846| | 1847| 4.40k| mbedtls_mpi_free(&TA); mbedtls_mpi_free(&TB); 1848| | 1849| 4.40k| return ret; 1850| 4.40k|} mbedtls_mpi_fill_random: 1861| 476|{ 1862| 476| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 476|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1863| 476| const size_t limbs = CHARS_TO_LIMBS(size); ------------------ | | 88| 476|#define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 79| 476|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ | | #define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 79| 476|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 1864| | 1865| | /* Ensure that target MPI has exactly the necessary number of limbs */ 1866| 476| MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs)); ------------------ | | 41| 476| do \ | | 42| 476| { \ | | 43| 476| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 476] | | ------------------ | | 44| 476| goto cleanup; \ | | 45| 476| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1867| 476| if (size == 0) { ------------------ | Branch (1867:9): [True: 0, False: 476] ------------------ 1868| 0| return 0; 1869| 0| } 1870| | 1871| 476| ret = mbedtls_mpi_core_fill_random(X->p, X->n, size, f_rng, p_rng); 1872| | 1873| 476|cleanup: 1874| 476| return ret; 1875| 476|} mbedtls_mpi_inv_mod: 1905| 4.40k|{ 1906| 4.40k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 4.40k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1907| 4.40k| mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2; 1908| | 1909| 4.40k| if (mbedtls_mpi_cmp_int(N, 1) <= 0) { ------------------ | Branch (1909:9): [True: 0, False: 4.40k] ------------------ 1910| 0| return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004 ------------------ 1911| 0| } 1912| | 1913| 4.40k| mbedtls_mpi_init(&TA); mbedtls_mpi_init(&TU); mbedtls_mpi_init(&U1); mbedtls_mpi_init(&U2); 1914| 4.40k| mbedtls_mpi_init(&G); mbedtls_mpi_init(&TB); mbedtls_mpi_init(&TV); 1915| 4.40k| mbedtls_mpi_init(&V1); mbedtls_mpi_init(&V2); 1916| | 1917| 4.40k| MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, A, N)); ------------------ | | 41| 4.40k| do \ | | 42| 4.40k| { \ | | 43| 4.40k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.40k] | | ------------------ | | 44| 4.40k| goto cleanup; \ | | 45| 4.40k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1918| | 1919| 4.40k| if (mbedtls_mpi_cmp_int(&G, 1) != 0) { ------------------ | Branch (1919:9): [True: 0, False: 4.40k] ------------------ 1920| 0| ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; ------------------ | | 36| 0|#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E ------------------ 1921| 0| goto cleanup; 1922| 0| } 1923| | 1924| 4.40k| MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&TA, A, N)); ------------------ | | 41| 4.40k| do \ | | 42| 4.40k| { \ | | 43| 4.40k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.40k] | | ------------------ | | 44| 4.40k| goto cleanup; \ | | 45| 4.40k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1925| 4.40k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TU, &TA)); ------------------ | | 41| 4.40k| do \ | | 42| 4.40k| { \ | | 43| 4.40k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.40k] | | ------------------ | | 44| 4.40k| goto cleanup; \ | | 45| 4.40k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1926| 4.40k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, N)); ------------------ | | 41| 4.40k| do \ | | 42| 4.40k| { \ | | 43| 4.40k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.40k] | | ------------------ | | 44| 4.40k| goto cleanup; \ | | 45| 4.40k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1927| 4.40k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TV, N)); ------------------ | | 41| 4.40k| do \ | | 42| 4.40k| { \ | | 43| 4.40k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.40k] | | ------------------ | | 44| 4.40k| goto cleanup; \ | | 45| 4.40k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1928| | 1929| 4.40k| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&U1, 1)); ------------------ | | 41| 4.40k| do \ | | 42| 4.40k| { \ | | 43| 4.40k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.40k] | | ------------------ | | 44| 4.40k| goto cleanup; \ | | 45| 4.40k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1930| 4.40k| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&U2, 0)); ------------------ | | 41| 4.40k| do \ | | 42| 4.40k| { \ | | 43| 4.40k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.40k] | | ------------------ | | 44| 4.40k| goto cleanup; \ | | 45| 4.40k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1931| 4.40k| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&V1, 0)); ------------------ | | 41| 4.40k| do \ | | 42| 4.40k| { \ | | 43| 4.40k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.40k] | | ------------------ | | 44| 4.40k| goto cleanup; \ | | 45| 4.40k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1932| 4.40k| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&V2, 1)); ------------------ | | 41| 4.40k| do \ | | 42| 4.40k| { \ | | 43| 4.40k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.40k] | | ------------------ | | 44| 4.40k| goto cleanup; \ | | 45| 4.40k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1933| | 1934| 946k| do { 1935| 1.89M| while ((TU.p[0] & 1) == 0) { ------------------ | Branch (1935:16): [True: 950k, False: 946k] ------------------ 1936| 950k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TU, 1)); ------------------ | | 41| 950k| do \ | | 42| 950k| { \ | | 43| 950k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 950k] | | ------------------ | | 44| 950k| goto cleanup; \ | | 45| 950k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1937| | 1938| 950k| if ((U1.p[0] & 1) != 0 || (U2.p[0] & 1) != 0) { ------------------ | Branch (1938:17): [True: 408k, False: 542k] | Branch (1938:39): [True: 0, False: 542k] ------------------ 1939| 408k| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&U1, &U1, &TB)); ------------------ | | 41| 408k| do \ | | 42| 408k| { \ | | 43| 408k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 408k] | | ------------------ | | 44| 408k| goto cleanup; \ | | 45| 408k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1940| 408k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U2, &U2, &TA)); ------------------ | | 41| 408k| do \ | | 42| 408k| { \ | | 43| 408k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 408k] | | ------------------ | | 44| 408k| goto cleanup; \ | | 45| 408k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1941| 408k| } 1942| | 1943| 950k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&U1, 1)); ------------------ | | 41| 950k| do \ | | 42| 950k| { \ | | 43| 950k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 950k] | | ------------------ | | 44| 950k| goto cleanup; \ | | 45| 950k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1944| 950k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&U2, 1)); ------------------ | | 41| 950k| do \ | | 42| 950k| { \ | | 43| 950k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 950k] | | ------------------ | | 44| 950k| goto cleanup; \ | | 45| 950k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1945| 950k| } 1946| | 1947| 1.88M| while ((TV.p[0] & 1) == 0) { ------------------ | Branch (1947:16): [True: 933k, False: 946k] ------------------ 1948| 933k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&TV, 1)); ------------------ | | 41| 933k| do \ | | 42| 933k| { \ | | 43| 933k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 933k] | | ------------------ | | 44| 933k| goto cleanup; \ | | 45| 933k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1949| | 1950| 933k| if ((V1.p[0] & 1) != 0 || (V2.p[0] & 1) != 0) { ------------------ | Branch (1950:17): [True: 426k, False: 507k] | Branch (1950:39): [True: 0, False: 507k] ------------------ 1951| 426k| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&V1, &V1, &TB)); ------------------ | | 41| 426k| do \ | | 42| 426k| { \ | | 43| 426k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 426k] | | ------------------ | | 44| 426k| goto cleanup; \ | | 45| 426k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1952| 426k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V2, &V2, &TA)); ------------------ | | 41| 426k| do \ | | 42| 426k| { \ | | 43| 426k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 426k] | | ------------------ | | 44| 426k| goto cleanup; \ | | 45| 426k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1953| 426k| } 1954| | 1955| 933k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&V1, 1)); ------------------ | | 41| 933k| do \ | | 42| 933k| { \ | | 43| 933k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 933k] | | ------------------ | | 44| 933k| goto cleanup; \ | | 45| 933k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1956| 933k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&V2, 1)); ------------------ | | 41| 933k| do \ | | 42| 933k| { \ | | 43| 933k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 933k] | | ------------------ | | 44| 933k| goto cleanup; \ | | 45| 933k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1957| 933k| } 1958| | 1959| 946k| if (mbedtls_mpi_cmp_mpi(&TU, &TV) >= 0) { ------------------ | Branch (1959:13): [True: 483k, False: 463k] ------------------ 1960| 483k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&TU, &TU, &TV)); ------------------ | | 41| 483k| do \ | | 42| 483k| { \ | | 43| 483k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 483k] | | ------------------ | | 44| 483k| goto cleanup; \ | | 45| 483k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1961| 483k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U1, &U1, &V1)); ------------------ | | 41| 483k| do \ | | 42| 483k| { \ | | 43| 483k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 483k] | | ------------------ | | 44| 483k| goto cleanup; \ | | 45| 483k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1962| 483k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U2, &U2, &V2)); ------------------ | | 41| 483k| do \ | | 42| 483k| { \ | | 43| 483k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 483k] | | ------------------ | | 44| 483k| goto cleanup; \ | | 45| 483k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1963| 483k| } else { 1964| 463k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&TV, &TV, &TU)); ------------------ | | 41| 463k| do \ | | 42| 463k| { \ | | 43| 463k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 463k] | | ------------------ | | 44| 463k| goto cleanup; \ | | 45| 463k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1965| 463k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V1, &V1, &U1)); ------------------ | | 41| 463k| do \ | | 42| 463k| { \ | | 43| 463k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 463k] | | ------------------ | | 44| 463k| goto cleanup; \ | | 45| 463k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1966| 463k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V2, &V2, &U2)); ------------------ | | 41| 463k| do \ | | 42| 463k| { \ | | 43| 463k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 463k] | | ------------------ | | 44| 463k| goto cleanup; \ | | 45| 463k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1967| 463k| } 1968| 946k| } while (mbedtls_mpi_cmp_int(&TU, 0) != 0); ------------------ | Branch (1968:14): [True: 942k, False: 4.40k] ------------------ 1969| | 1970| 4.78k| while (mbedtls_mpi_cmp_int(&V1, 0) < 0) { ------------------ | Branch (1970:12): [True: 381, False: 4.40k] ------------------ 1971| 381| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&V1, &V1, N)); ------------------ | | 41| 381| do \ | | 42| 381| { \ | | 43| 381| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 381] | | ------------------ | | 44| 381| goto cleanup; \ | | 45| 381| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1972| 381| } 1973| | 1974| 4.40k| while (mbedtls_mpi_cmp_mpi(&V1, N) >= 0) { ------------------ | Branch (1974:12): [True: 1, False: 4.40k] ------------------ 1975| 1| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V1, &V1, N)); ------------------ | | 41| 1| do \ | | 42| 1| { \ | | 43| 1| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1] | | ------------------ | | 44| 1| goto cleanup; \ | | 45| 1| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1976| 1| } 1977| | 1978| 4.40k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, &V1)); ------------------ | | 41| 4.40k| do \ | | 42| 4.40k| { \ | | 43| 4.40k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.40k] | | ------------------ | | 44| 4.40k| goto cleanup; \ | | 45| 4.40k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1979| | 1980| 4.40k|cleanup: 1981| | 1982| 4.40k| mbedtls_mpi_free(&TA); mbedtls_mpi_free(&TU); mbedtls_mpi_free(&U1); mbedtls_mpi_free(&U2); 1983| 4.40k| mbedtls_mpi_free(&G); mbedtls_mpi_free(&TB); mbedtls_mpi_free(&TV); 1984| 4.40k| mbedtls_mpi_free(&V1); mbedtls_mpi_free(&V2); 1985| | 1986| 4.40k| return ret; 1987| 4.40k|} bignum.c:mbedtls_ct_mpi_sign_if: 50| 2.04M|{ 51| 2.04M| return (signed short) mbedtls_ct_uint_if(cond, sign1 + 1, sign2 + 1) - 1; 52| 2.04M|} bignum.c:mpi_sint_abs: 359| 8.60M|{ 360| 8.60M| if (z >= 0) { ------------------ | Branch (360:9): [True: 8.60M, False: 1.42k] ------------------ 361| 8.60M| return z; 362| 8.60M| } 363| | /* Take care to handle the most negative value (-2^(biL-1)) correctly. 364| | * A naive -z would have undefined behavior. 365| | * Write this in a way that makes popular compilers happy (GCC, Clang, 366| | * MSVC). */ 367| 1.42k| return (mbedtls_mpi_uint) 0 - (mbedtls_mpi_uint) z; 368| 8.60M|} bignum.c:mbedtls_mpi_resize_clear: 285| 19.5k|{ 286| 19.5k| if (limbs == 0) { ------------------ | Branch (286:9): [True: 0, False: 19.5k] ------------------ 287| 0| mbedtls_mpi_free(X); 288| 0| return 0; 289| 19.5k| } else if (X->n == limbs) { ------------------ | Branch (289:16): [True: 357, False: 19.1k] ------------------ 290| 357| memset(X->p, 0, limbs * ciL); ------------------ | | 79| 357|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 291| 357| X->s = 1; 292| 357| return 0; 293| 19.1k| } else { 294| 19.1k| mbedtls_mpi_free(X); 295| 19.1k| return mbedtls_mpi_grow(X, limbs); 296| 19.1k| } 297| 19.5k|} bignum.c:add_sub_mpi: 1115| 9.59M|{ 1116| 9.59M| int ret, s; 1117| | 1118| 9.59M| s = A->s; 1119| 9.59M| if (A->s * B->s * flip_B < 0) { ------------------ | Branch (1119:9): [True: 7.52M, False: 2.07M] ------------------ 1120| 7.52M| int cmp = mbedtls_mpi_cmp_abs(A, B); 1121| 7.52M| if (cmp >= 0) { ------------------ | Branch (1121:13): [True: 3.13M, False: 4.38M] ------------------ 1122| 3.13M| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(X, A, B)); ------------------ | | 41| 3.13M| do \ | | 42| 3.13M| { \ | | 43| 3.13M| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 3.13M] | | ------------------ | | 44| 3.13M| goto cleanup; \ | | 45| 3.13M| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1123| | /* If |A| = |B|, the result is 0 and we must set the sign bit 1124| | * to +1 regardless of which of A or B was negative. Otherwise, 1125| | * since |A| > |B|, the sign is the sign of A. */ 1126| 3.13M| X->s = cmp == 0 ? 1 : s; ------------------ | Branch (1126:20): [True: 10.2k, False: 3.12M] ------------------ 1127| 4.38M| } else { 1128| 4.38M| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(X, B, A)); ------------------ | | 41| 4.38M| do \ | | 42| 4.38M| { \ | | 43| 4.38M| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.38M] | | ------------------ | | 44| 4.38M| goto cleanup; \ | | 45| 4.38M| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1129| | /* Since |A| < |B|, the sign is the opposite of A. */ 1130| 4.38M| X->s = -s; 1131| 4.38M| } 1132| 7.52M| } else { 1133| 2.07M| MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(X, A, B)); ------------------ | | 41| 2.07M| do \ | | 42| 2.07M| { \ | | 43| 2.07M| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.07M] | | ------------------ | | 44| 2.07M| goto cleanup; \ | | 45| 2.07M| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1134| 2.07M| X->s = s; 1135| 2.07M| } 1136| | 1137| 9.59M|cleanup: 1138| | 1139| 9.59M| return ret; 1140| 9.59M|} bignum.c:mbedtls_int_div_int: 1294| 48.3k|{ 1295| 48.3k|#if defined(MBEDTLS_HAVE_UDBL) 1296| 48.3k| mbedtls_t_udbl dividend, quotient; 1297| |#else 1298| | const mbedtls_mpi_uint radix = (mbedtls_mpi_uint) 1 << biH; 1299| | const mbedtls_mpi_uint uint_halfword_mask = ((mbedtls_mpi_uint) 1 << biH) - 1; 1300| | mbedtls_mpi_uint d0, d1, q0, q1, rAX, r0, quotient; 1301| | mbedtls_mpi_uint u0_msw, u0_lsw; 1302| | size_t s; 1303| |#endif 1304| | 1305| | /* 1306| | * Check for overflow 1307| | */ 1308| 48.3k| if (0 == d || u1 >= d) { ------------------ | Branch (1308:9): [True: 0, False: 48.3k] | Branch (1308:19): [True: 0, False: 48.3k] ------------------ 1309| 0| if (r != NULL) { ------------------ | Branch (1309:13): [True: 0, False: 0] ------------------ 1310| 0| *r = ~(mbedtls_mpi_uint) 0u; 1311| 0| } 1312| | 1313| 0| return ~(mbedtls_mpi_uint) 0u; 1314| 0| } 1315| | 1316| 48.3k|#if defined(MBEDTLS_HAVE_UDBL) 1317| 48.3k| dividend = (mbedtls_t_udbl) u1 << biL; ------------------ | | 80| 48.3k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 48.3k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 1318| 48.3k| dividend |= (mbedtls_t_udbl) u0; 1319| 48.3k| quotient = dividend / d; 1320| 48.3k| if (quotient > ((mbedtls_t_udbl) 1 << biL) - 1) { ------------------ | | 80| 48.3k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 48.3k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ | Branch (1320:9): [True: 0, False: 48.3k] ------------------ 1321| 0| quotient = ((mbedtls_t_udbl) 1 << biL) - 1; ------------------ | | 80| 0|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 0|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 1322| 0| } 1323| | 1324| 48.3k| if (r != NULL) { ------------------ | Branch (1324:9): [True: 0, False: 48.3k] ------------------ 1325| 0| *r = (mbedtls_mpi_uint) (dividend - (quotient * d)); 1326| 0| } 1327| | 1328| 48.3k| return (mbedtls_mpi_uint) quotient; 1329| |#else 1330| | 1331| | /* 1332| | * Algorithm D, Section 4.3.1 - The Art of Computer Programming 1333| | * Vol. 2 - Seminumerical Algorithms, Knuth 1334| | */ 1335| | 1336| | /* 1337| | * Normalize the divisor, d, and dividend, u0, u1 1338| | */ 1339| | s = mbedtls_mpi_core_clz(d); 1340| | d = d << s; 1341| | 1342| | u1 = u1 << s; 1343| | u1 |= (u0 >> (biL - s)) & (-(mbedtls_mpi_sint) s >> (biL - 1)); 1344| | u0 = u0 << s; 1345| | 1346| | d1 = d >> biH; 1347| | d0 = d & uint_halfword_mask; 1348| | 1349| | u0_msw = u0 >> biH; 1350| | u0_lsw = u0 & uint_halfword_mask; 1351| | 1352| | /* 1353| | * Find the first quotient and remainder 1354| | */ 1355| | q1 = u1 / d1; 1356| | r0 = u1 - d1 * q1; 1357| | 1358| | while (q1 >= radix || (q1 * d0 > radix * r0 + u0_msw)) { 1359| | q1 -= 1; 1360| | r0 += d1; 1361| | 1362| | if (r0 >= radix) { 1363| | break; 1364| | } 1365| | } 1366| | 1367| | rAX = (u1 * radix) + (u0_msw - q1 * d); 1368| | q0 = rAX / d1; 1369| | r0 = rAX - q0 * d1; 1370| | 1371| | while (q0 >= radix || (q0 * d0 > radix * r0 + u0_lsw)) { 1372| | q0 -= 1; 1373| | r0 += d1; 1374| | 1375| | if (r0 >= radix) { 1376| | break; 1377| | } 1378| | } 1379| | 1380| | if (r != NULL) { 1381| | *r = (rAX * radix + u0_lsw - q0 * d) >> s; 1382| | } 1383| | 1384| | quotient = q1 * radix + q0; 1385| | 1386| | return quotient; 1387| |#endif 1388| 48.3k|} bignum.c:mbedtls_mpi_exp_mod_optionally_safe: 1621| 841|{ 1622| 841| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 841|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1623| | 1624| 841| if (mbedtls_mpi_cmp_int(N, 0) <= 0 || (N->p[0] & 1) == 0) { ------------------ | Branch (1624:9): [True: 0, False: 841] | Branch (1624:43): [True: 0, False: 841] ------------------ 1625| 0| return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004 ------------------ 1626| 0| } 1627| | 1628| 841| if (mbedtls_mpi_cmp_int(E, 0) < 0) { ------------------ | Branch (1628:9): [True: 0, False: 841] ------------------ 1629| 0| return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004 ------------------ 1630| 0| } 1631| | 1632| 841| if (mbedtls_mpi_bitlen(E) > MBEDTLS_MPI_MAX_BITS || ------------------ | | 76| 1.68k|#define MBEDTLS_MPI_MAX_BITS (8 * MBEDTLS_MPI_MAX_SIZE) /**< Maximum number of bits for usable MPIs. */ | | ------------------ | | | | 73| 841|#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ | | ------------------ ------------------ | Branch (1632:9): [True: 0, False: 841] ------------------ 1633| 841| mbedtls_mpi_bitlen(N) > MBEDTLS_MPI_MAX_BITS) { ------------------ | | 76| 841|#define MBEDTLS_MPI_MAX_BITS (8 * MBEDTLS_MPI_MAX_SIZE) /**< Maximum number of bits for usable MPIs. */ | | ------------------ | | | | 73| 841|#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ | | ------------------ ------------------ | Branch (1633:9): [True: 0, False: 841] ------------------ 1634| 0| return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004 ------------------ 1635| 0| } 1636| | 1637| | /* 1638| | * Ensure that the exponent that we are passing to the core is not NULL. 1639| | */ 1640| 841| if (E->n == 0) { ------------------ | Branch (1640:9): [True: 0, False: 841] ------------------ 1641| 0| ret = mbedtls_mpi_lset(X, 1); 1642| 0| return ret; 1643| 0| } 1644| | 1645| | /* 1646| | * Allocate working memory for mbedtls_mpi_core_exp_mod() 1647| | */ 1648| 841| size_t T_limbs = mbedtls_mpi_core_exp_mod_working_limbs(N->n, E->n); 1649| 841| mbedtls_mpi_uint *T = (mbedtls_mpi_uint *) mbedtls_calloc(T_limbs, sizeof(mbedtls_mpi_uint)); ------------------ | | 144| 841|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 841|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ 1650| 841| if (T == NULL) { ------------------ | Branch (1650:9): [True: 0, False: 841] ------------------ 1651| 0| return MBEDTLS_ERR_MPI_ALLOC_FAILED; ------------------ | | 38| 0|#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 ------------------ 1652| 0| } 1653| | 1654| 841| mbedtls_mpi RR; 1655| 841| mbedtls_mpi_init(&RR); 1656| | 1657| | /* 1658| | * If 1st call, pre-compute R^2 mod N 1659| | */ 1660| 841| if (prec_RR == NULL || prec_RR->p == NULL) { ------------------ | Branch (1660:9): [True: 0, False: 841] | Branch (1660:28): [True: 603, False: 238] ------------------ 1661| 603| MBEDTLS_MPI_CHK(mbedtls_mpi_core_get_mont_r2_unsafe(&RR, N)); ------------------ | | 41| 603| do \ | | 42| 603| { \ | | 43| 603| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 603] | | ------------------ | | 44| 603| goto cleanup; \ | | 45| 603| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1662| | 1663| 603| if (prec_RR != NULL) { ------------------ | Branch (1663:13): [True: 603, False: 0] ------------------ 1664| 603| *prec_RR = RR; 1665| 603| } 1666| 603| } else { 1667| 238| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(prec_RR, N->n)); ------------------ | | 41| 238| do \ | | 42| 238| { \ | | 43| 238| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 238] | | ------------------ | | 44| 238| goto cleanup; \ | | 45| 238| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1668| 238| RR = *prec_RR; 1669| 238| } 1670| | 1671| | /* 1672| | * To preserve constness we need to make a copy of A. Using X for this to 1673| | * save memory. 1674| | */ 1675| 841| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)); ------------------ | | 41| 841| do \ | | 42| 841| { \ | | 43| 841| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 841] | | ------------------ | | 44| 841| goto cleanup; \ | | 45| 841| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1676| | 1677| | /* 1678| | * Compensate for negative A (and correct at the end). 1679| | */ 1680| 841| X->s = 1; 1681| | 1682| | /* 1683| | * Make sure that X is in a form that is safe for consumption by 1684| | * the core functions. 1685| | * 1686| | * - The core functions will not touch the limbs of X above N->n. The 1687| | * result will be correct if those limbs are 0, which the mod call 1688| | * ensures. 1689| | * - Also, X must have at least as many limbs as N for the calls to the 1690| | * core functions. 1691| | */ 1692| 841| if (mbedtls_mpi_cmp_mpi(X, N) >= 0) { ------------------ | Branch (1692:9): [True: 238, False: 603] ------------------ 1693| 238| MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(X, X, N)); ------------------ | | 41| 238| do \ | | 42| 238| { \ | | 43| 238| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 238] | | ------------------ | | 44| 238| goto cleanup; \ | | 45| 238| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1694| 238| } 1695| 841| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, N->n)); ------------------ | | 41| 841| do \ | | 42| 841| { \ | | 43| 841| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 841] | | ------------------ | | 44| 841| goto cleanup; \ | | 45| 841| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1696| | 1697| | /* 1698| | * Convert to and from Montgomery around mbedtls_mpi_core_exp_mod(). 1699| | */ 1700| 841| { 1701| 841| mbedtls_mpi_uint mm = mbedtls_mpi_core_montmul_init(N->p); 1702| 841| mbedtls_mpi_core_to_mont_rep(X->p, X->p, N->p, N->n, mm, RR.p, T); 1703| 841| if (E_public == MBEDTLS_MPI_IS_PUBLIC) { ------------------ | | 111| 841|#define MBEDTLS_MPI_IS_PUBLIC 0x2a2a2a2a ------------------ | Branch (1703:13): [True: 365, False: 476] ------------------ 1704| 365| mbedtls_mpi_core_exp_mod_unsafe(X->p, X->p, N->p, N->n, E->p, E->n, RR.p, T); 1705| 476| } else { 1706| 476| mbedtls_mpi_core_exp_mod(X->p, X->p, N->p, N->n, E->p, E->n, RR.p, T); 1707| 476| } 1708| 841| mbedtls_mpi_core_from_mont_rep(X->p, X->p, N->p, N->n, mm, T); 1709| 841| } 1710| | 1711| | /* 1712| | * Correct for negative A. 1713| | */ 1714| 841| if (A->s == -1 && (E->p[0] & 1) != 0) { ------------------ | Branch (1714:9): [True: 0, False: 841] | Branch (1714:23): [True: 0, False: 0] ------------------ 1715| 0| mbedtls_ct_condition_t is_x_non_zero = mbedtls_mpi_core_check_zero_ct(X->p, X->n); 1716| 0| X->s = mbedtls_ct_mpi_sign_if(is_x_non_zero, -1, 1); 1717| | 1718| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(X, N, X)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1719| 0| } 1720| | 1721| 841|cleanup: 1722| | 1723| 841| mbedtls_mpi_zeroize_and_free(T, T_limbs); ------------------ | | 176| 841|#define mbedtls_mpi_zeroize_and_free(v, n) mbedtls_zeroize_and_free(v, ciL * (n)) | | ------------------ | | | | 79| 841|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 1724| | 1725| 841| if (prec_RR == NULL || prec_RR->p == NULL) { ------------------ | Branch (1725:9): [True: 0, False: 841] | Branch (1725:28): [True: 0, False: 841] ------------------ 1726| 0| mbedtls_mpi_free(&RR); 1727| 0| } 1728| | 1729| 841| return ret; 1730| 841|} mbedtls_mpi_core_clz: 25| 3.87M|{ 26| 3.87M|#if defined(__has_builtin) 27| |#if (MBEDTLS_MPI_UINT_MAX == UINT_MAX) && __has_builtin(__builtin_clz) 28| | #define core_clz __builtin_clz 29| |#elif (MBEDTLS_MPI_UINT_MAX == ULONG_MAX) && __has_builtin(__builtin_clzl) 30| | #define core_clz __builtin_clzl 31| |#elif (MBEDTLS_MPI_UINT_MAX == ULLONG_MAX) && __has_builtin(__builtin_clzll) 32| | #define core_clz __builtin_clzll 33| |#endif 34| 3.87M|#endif 35| 3.87M|#if defined(core_clz) 36| 3.87M| return (size_t) core_clz(a); ------------------ | | 30| 3.87M| #define core_clz __builtin_clzl ------------------ 37| |#else 38| | size_t j; 39| | mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1); 40| | 41| | for (j = 0; j < biL; j++) { 42| | if (a & mask) { 43| | break; 44| | } 45| | 46| | mask >>= 1; 47| | } 48| | 49| | return j; 50| |#endif 51| 3.87M|} mbedtls_mpi_core_bitlen: 54| 3.87M|{ 55| 3.87M| int i; 56| 3.87M| size_t j; 57| | 58| 13.1M| for (i = ((int) A_limbs) - 1; i >= 0; i--) { ------------------ | Branch (58:35): [True: 13.1M, False: 0] ------------------ 59| 13.1M| if (A[i] != 0) { ------------------ | Branch (59:13): [True: 3.87M, False: 9.32M] ------------------ 60| 3.87M| j = biL - mbedtls_mpi_core_clz(A[i]); ------------------ | | 80| 3.87M|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 3.87M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 61| 3.87M| return (i * biL) + j; ------------------ | | 80| 3.87M|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 3.87M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 62| 3.87M| } 63| 13.1M| } 64| | 65| 0| return 0; 66| 3.87M|} mbedtls_mpi_core_bigendian_to_host: 84| 19.5k|{ 85| 19.5k| mbedtls_mpi_uint *cur_limb_left; 86| 19.5k| mbedtls_mpi_uint *cur_limb_right; 87| 19.5k| if (A_limbs == 0) { ------------------ | Branch (87:9): [True: 0, False: 19.5k] ------------------ 88| 0| return; 89| 0| } 90| | 91| | /* 92| | * Traverse limbs and 93| | * - adapt byte-order in each limb 94| | * - swap the limbs themselves. 95| | * For that, simultaneously traverse the limbs from left to right 96| | * and from right to left, as long as the left index is not bigger 97| | * than the right index (it's not a problem if limbs is odd and the 98| | * indices coincide in the last iteration). 99| | */ 100| 19.5k| for (cur_limb_left = A, cur_limb_right = A + (A_limbs - 1); 101| 115k| cur_limb_left <= cur_limb_right; ------------------ | Branch (101:10): [True: 96.0k, False: 19.5k] ------------------ 102| 96.0k| cur_limb_left++, cur_limb_right--) { 103| 96.0k| mbedtls_mpi_uint tmp; 104| | /* Note that if cur_limb_left == cur_limb_right, 105| | * this code effectively swaps the bytes only once. */ 106| 96.0k| tmp = mpi_bigendian_to_host(*cur_limb_left); 107| 96.0k| *cur_limb_left = mpi_bigendian_to_host(*cur_limb_right); 108| 96.0k| *cur_limb_right = tmp; 109| 96.0k| } 110| 19.5k|} mbedtls_mpi_core_cond_assign: 172| 2.88M|{ 173| 2.88M| if (X == A) { ------------------ | Branch (173:9): [True: 0, False: 2.88M] ------------------ 174| 0| return; 175| 0| } 176| | 177| | /* This function is very performance-sensitive for RSA. For this reason 178| | * we have the loop below, instead of calling mbedtls_ct_memcpy_if 179| | * (this is more optimal since here we don't have to handle the case where 180| | * we copy awkwardly sized data). 181| | */ 182| 25.0M| for (size_t i = 0; i < limbs; i++) { ------------------ | Branch (182:24): [True: 22.1M, False: 2.88M] ------------------ 183| 22.1M| X[i] = mbedtls_ct_mpi_uint_if(assign, A[i], X[i]); 184| 22.1M| } 185| 2.88M|} mbedtls_mpi_core_read_be: 230| 19.0k|{ 231| 19.0k| const size_t limbs = CHARS_TO_LIMBS(input_length); ------------------ | | 88| 19.0k|#define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 79| 19.0k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ | | #define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 79| 19.0k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 232| | 233| 19.0k| if (X_limbs < limbs) { ------------------ | Branch (233:9): [True: 0, False: 19.0k] ------------------ 234| 0| return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL; ------------------ | | 30| 0|#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008 ------------------ 235| 0| } 236| | 237| | /* If X_limbs is 0, input_length must also be 0 (from previous test). 238| | * Nothing to do. */ 239| 19.0k| if (X_limbs == 0) { ------------------ | Branch (239:9): [True: 0, False: 19.0k] ------------------ 240| 0| return 0; 241| 0| } 242| | 243| 19.0k| memset(X, 0, X_limbs * ciL); ------------------ | | 79| 19.0k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 244| | 245| | /* memcpy() with (NULL, 0) is undefined behaviour */ 246| 19.0k| if (input_length != 0) { ------------------ | Branch (246:9): [True: 19.0k, False: 0] ------------------ 247| 19.0k| size_t overhead = (X_limbs * ciL) - input_length; ------------------ | | 79| 19.0k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 248| 19.0k| unsigned char *Xp = (unsigned char *) X; 249| 19.0k| memcpy(Xp + overhead, input, input_length); 250| 19.0k| } 251| | 252| 19.0k| mbedtls_mpi_core_bigendian_to_host(X, X_limbs); 253| | 254| 19.0k| return 0; 255| 19.0k|} mbedtls_mpi_core_write_be: 295| 484|{ 296| 484| size_t stored_bytes; 297| 484| size_t bytes_to_copy; 298| 484| unsigned char *p; 299| | 300| 484| stored_bytes = X_limbs * ciL; ------------------ | | 79| 484|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 301| | 302| 484| if (stored_bytes < output_length) { ------------------ | Branch (302:9): [True: 0, False: 484] ------------------ 303| | /* There is enough space in the output buffer. Write initial 304| | * null bytes and record the position at which to start 305| | * writing the significant bytes. In this case, the execution 306| | * trace of this function does not depend on the value of the 307| | * number. */ 308| 0| bytes_to_copy = stored_bytes; 309| 0| p = output + output_length - stored_bytes; 310| 0| memset(output, 0, output_length - stored_bytes); 311| 484| } else { 312| | /* The output buffer is smaller than the allocated size of X. 313| | * However X may fit if its leading bytes are zero. */ 314| 484| bytes_to_copy = output_length; 315| 484| p = output; 316| 32.8k| for (size_t i = bytes_to_copy; i < stored_bytes; i++) { ------------------ | Branch (316:40): [True: 32.3k, False: 484] ------------------ 317| 32.3k| if (GET_BYTE(X, i) != 0) { ------------------ | | 91| 32.3k| (((X)[(i) / ciL] >> (((i) % ciL) * 8)) & 0xff) | | ------------------ | | | | 79| 32.3k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ | | (((X)[(i) / ciL] >> (((i) % ciL) * 8)) & 0xff) | | ------------------ | | | | 79| 32.3k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ | Branch (317:17): [True: 0, False: 32.3k] ------------------ 318| 0| return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL; ------------------ | | 30| 0|#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008 ------------------ 319| 0| } 320| 32.3k| } 321| 484| } 322| | 323| 170k| for (size_t i = 0; i < bytes_to_copy; i++) { ------------------ | Branch (323:24): [True: 169k, False: 484] ------------------ 324| 169k| p[bytes_to_copy - i - 1] = GET_BYTE(X, i); ------------------ | | 91| 169k| (((X)[(i) / ciL] >> (((i) % ciL) * 8)) & 0xff) | | ------------------ | | | | 79| 169k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ | | (((X)[(i) / ciL] >> (((i) % ciL) * 8)) & 0xff) | | ------------------ | | | | 79| 169k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 325| 169k| } 326| | 327| 484| return 0; 328| 484|} mbedtls_mpi_core_shift_r: 332| 8.49M|{ 333| 8.49M| size_t i, v0, v1; 334| 8.49M| mbedtls_mpi_uint r0 = 0, r1; 335| | 336| 8.49M| v0 = count / biL; ------------------ | | 80| 8.49M|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 8.49M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 337| 8.49M| v1 = count & (biL - 1); ------------------ | | 80| 8.49M|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 8.49M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 338| | 339| 8.49M| if (v0 > limbs || (v0 == limbs && v1 > 0)) { ------------------ | Branch (339:9): [True: 0, False: 8.49M] | Branch (339:24): [True: 0, False: 8.49M] | Branch (339:39): [True: 0, False: 0] ------------------ 340| 0| memset(X, 0, limbs * ciL); ------------------ | | 79| 0|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 341| 0| return; 342| 0| } 343| | 344| | /* 345| | * shift by count / limb_size 346| | */ 347| 8.49M| if (v0 > 0) { ------------------ | Branch (347:9): [True: 2.86k, False: 8.49M] ------------------ 348| 53.5k| for (i = 0; i < limbs - v0; i++) { ------------------ | Branch (348:21): [True: 50.7k, False: 2.86k] ------------------ 349| 50.7k| X[i] = X[i + v0]; 350| 50.7k| } 351| | 352| 51.1k| for (; i < limbs; i++) { ------------------ | Branch (352:16): [True: 48.3k, False: 2.86k] ------------------ 353| 48.3k| X[i] = 0; 354| 48.3k| } 355| 2.86k| } 356| | 357| | /* 358| | * shift by count % limb_size 359| | */ 360| 8.49M| if (v1 > 0) { ------------------ | Branch (360:9): [True: 7.07M, False: 1.42M] ------------------ 361| 74.2M| for (i = limbs; i > 0; i--) { ------------------ | Branch (361:25): [True: 67.1M, False: 7.07M] ------------------ 362| 67.1M| r1 = X[i - 1] << (biL - v1); ------------------ | | 80| 67.1M|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 67.1M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 363| 67.1M| X[i - 1] >>= v1; 364| 67.1M| X[i - 1] |= r0; 365| 67.1M| r0 = r1; 366| 67.1M| } 367| 7.07M| } 368| 8.49M|} mbedtls_mpi_core_shift_l: 372| 1.03M|{ 373| 1.03M| size_t i, v0, v1; 374| 1.03M| mbedtls_mpi_uint r0 = 0, r1; 375| | 376| 1.03M| v0 = count / (biL); ------------------ | | 80| 1.03M|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 1.03M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 377| 1.03M| v1 = count & (biL - 1); ------------------ | | 80| 1.03M|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 1.03M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 378| | 379| | /* 380| | * shift by count / limb_size 381| | */ 382| 1.03M| if (v0 > 0) { ------------------ | Branch (382:9): [True: 49.0k, False: 981k] ------------------ 383| 2.52M| for (i = limbs; i > v0; i--) { ------------------ | Branch (383:25): [True: 2.48M, False: 49.0k] ------------------ 384| 2.48M| X[i - 1] = X[i - v0 - 1]; 385| 2.48M| } 386| | 387| 927k| for (; i > 0; i--) { ------------------ | Branch (387:16): [True: 878k, False: 49.0k] ------------------ 388| 878k| X[i - 1] = 0; 389| 878k| } 390| 49.0k| } 391| | 392| | /* 393| | * shift by count % limb_size 394| | */ 395| 1.03M| if (v1 > 0) { ------------------ | Branch (395:9): [True: 973k, False: 56.3k] ------------------ 396| 9.83M| for (i = v0; i < limbs; i++) { ------------------ | Branch (396:22): [True: 8.86M, False: 973k] ------------------ 397| 8.86M| r1 = X[i] >> (biL - v1); ------------------ | | 80| 8.86M|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 8.86M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 398| 8.86M| X[i] <<= v1; 399| 8.86M| X[i] |= r0; 400| 8.86M| r0 = r1; 401| 8.86M| } 402| 973k| } 403| 1.03M|} mbedtls_mpi_core_add: 409| 2.07M|{ 410| 2.07M| mbedtls_mpi_uint c = 0; 411| | 412| 19.7M| for (size_t i = 0; i < limbs; i++) { ------------------ | Branch (412:24): [True: 17.6M, False: 2.07M] ------------------ 413| 17.6M| mbedtls_mpi_uint t = c + A[i]; 414| 17.6M| c = (t < A[i]); 415| 17.6M| t += B[i]; 416| 17.6M| c += (t < B[i]); 417| 17.6M| X[i] = t; 418| 17.6M| } 419| | 420| 2.07M| return c; 421| 2.07M|} mbedtls_mpi_core_sub: 448| 10.2M|{ 449| 10.2M| mbedtls_mpi_uint c = 0; 450| | 451| 71.5M| for (size_t i = 0; i < limbs; i++) { ------------------ | Branch (451:24): [True: 61.3M, False: 10.2M] ------------------ 452| 61.3M| mbedtls_mpi_uint z = (A[i] < c); 453| 61.3M| mbedtls_mpi_uint t = A[i] - c; 454| 61.3M| c = (t < B[i]) + z; 455| 61.3M| X[i] = t - B[i]; 456| 61.3M| } 457| | 458| 10.2M| return c; 459| 10.2M|} mbedtls_mpi_core_mla: 464| 27.9M|{ 465| 27.9M| mbedtls_mpi_uint c = 0; /* carry */ 466| | /* 467| | * It is a documented precondition of this function that d_len >= s_len. 468| | * If that's not the case, we swap these round: this turns what would be 469| | * a buffer overflow into an incorrect result. 470| | */ 471| 27.9M| if (d_len < s_len) { ------------------ | Branch (471:9): [True: 0, False: 27.9M] ------------------ 472| 0| s_len = d_len; 473| 0| } 474| 27.9M| size_t excess_len = d_len - s_len; 475| 27.9M| size_t steps_x8 = s_len / 8; 476| 27.9M| size_t steps_x1 = s_len & 7; 477| | 478| 70.6M| while (steps_x8--) { ------------------ | Branch (478:12): [True: 42.6M, False: 27.9M] ------------------ 479| 42.6M| MULADDC_X8_INIT ------------------ | | 1088| 42.6M|#define MULADDC_X8_INIT MULADDC_X4_INIT | | ------------------ | | | | 1082| 42.6M|#define MULADDC_X4_INIT MULADDC_X2_INIT | | | | ------------------ | | | | | | 1076| 42.6M|#define MULADDC_X2_INIT MULADDC_X1_INIT | | | | | | ------------------ | | | | | | | | 216| 42.6M| asm( \ | | | | | | | | ------------------ | | | | | | | | | | 321| 42.6M|#define asm __asm__ | | | | | | | | ------------------ | | | | | | | | 217| 42.6M| "xorq %%r8, %%r8\n" | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 480| 42.6M| MULADDC_X8_CORE 481| 42.6M| MULADDC_X8_STOP ------------------ | | 1089| 42.6M|#define MULADDC_X8_STOP MULADDC_X4_STOP | | ------------------ | | | | 1083| 42.6M|#define MULADDC_X4_STOP MULADDC_X2_STOP | | | | ------------------ | | | | | | 1077| 42.6M|#define MULADDC_X2_STOP MULADDC_X1_STOP | | | | | | ------------------ | | | | | | | | 232| 42.6M| : "+c" (c), "+D" (d), "+S" (s), "+m" (*(uint64_t (*)[16]) d) \ | | | | | | | | 233| 42.6M| : "b" (b), "m" (*(const uint64_t (*)[16]) s) \ | | | | | | | | 234| 42.6M| : "rax", "rdx", "r8" \ | | | | | | | | 235| 42.6M| ); | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 482| 42.6M| } 483| | 484| 74.8M| while (steps_x1--) { ------------------ | Branch (484:12): [True: 46.8M, False: 27.9M] ------------------ 485| 46.8M| MULADDC_X1_INIT ------------------ | | 216| 46.8M| asm( \ | | ------------------ | | | | 321| 46.8M|#define asm __asm__ | | ------------------ | | 217| 46.8M| "xorq %%r8, %%r8\n" ------------------ 486| 46.8M| MULADDC_X1_CORE 487| 46.8M| MULADDC_X1_STOP ------------------ | | 232| 46.8M| : "+c" (c), "+D" (d), "+S" (s), "+m" (*(uint64_t (*)[16]) d) \ | | 233| 46.8M| : "b" (b), "m" (*(const uint64_t (*)[16]) s) \ | | 234| 46.8M| : "rax", "rdx", "r8" \ | | 235| 46.8M| ); ------------------ 488| 46.8M| } 489| | 490| 81.6M| while (excess_len--) { ------------------ | Branch (490:12): [True: 53.6M, False: 27.9M] ------------------ 491| 53.6M| *d += c; 492| 53.6M| c = (*d < c); 493| 53.6M| d++; 494| 53.6M| } 495| | 496| 27.9M| return c; 497| 27.9M|} mbedtls_mpi_core_mul: 502| 2.81M|{ 503| 2.81M| memset(X, 0, (A_limbs + B_limbs) * ciL); ------------------ | | 79| 2.81M|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 504| | 505| 14.0M| for (size_t i = 0; i < B_limbs; i++) { ------------------ | Branch (505:24): [True: 11.2M, False: 2.81M] ------------------ 506| 11.2M| (void) mbedtls_mpi_core_mla(X + i, A_limbs + 1, A, A_limbs, B[i]); 507| 11.2M| } 508| 2.81M|} mbedtls_mpi_core_montmul_init: 514| 1.80k|{ 515| 1.80k| mbedtls_mpi_uint x = N[0]; 516| | 517| 1.80k| x += ((N[0] + 2) & 4) << 1; 518| | 519| 9.00k| for (unsigned int i = biL; i >= 8; i /= 2) { ------------------ | | 80| 1.80k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 1.80k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ | Branch (519:32): [True: 7.20k, False: 1.80k] ------------------ 520| 7.20k| x *= (2 - (N[0] * x)); 521| 7.20k| } 522| | 523| 1.80k| return ~x + 1; 524| 1.80k|} mbedtls_mpi_core_montmul: 534| 453k|{ 535| 453k| memset(T, 0, (2 * AN_limbs + 1) * ciL); ------------------ | | 79| 453k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 536| | 537| 8.64M| for (size_t i = 0; i < AN_limbs; i++) { ------------------ | Branch (537:24): [True: 8.19M, False: 453k] ------------------ 538| | /* T = (T + u0*B + u1*N) / 2^biL */ 539| 8.19M| mbedtls_mpi_uint u0 = A[i]; 540| 8.19M| mbedtls_mpi_uint u1 = (T[0] + u0 * B[0]) * mm; 541| | 542| 8.19M| (void) mbedtls_mpi_core_mla(T, AN_limbs + 2, B, B_limbs, u0); 543| 8.19M| (void) mbedtls_mpi_core_mla(T, AN_limbs + 2, N, AN_limbs, u1); 544| | 545| 8.19M| T++; 546| 8.19M| } 547| | 548| | /* 549| | * The result we want is (T >= N) ? T - N : T. 550| | * 551| | * For better constant-time properties in this function, we always do the 552| | * subtraction, with the result in X. 553| | * 554| | * We also look to see if there was any carry in the final additions in the 555| | * loop above. 556| | */ 557| | 558| 453k| mbedtls_mpi_uint carry = T[AN_limbs]; 559| 453k| mbedtls_mpi_uint borrow = mbedtls_mpi_core_sub(X, T, N, AN_limbs); 560| | 561| | /* 562| | * Using R as the Montgomery radix (auxiliary modulus) i.e. 2^(biL*AN_limbs): 563| | * 564| | * T can be in one of 3 ranges: 565| | * 566| | * 1) T < N : (carry, borrow) = (0, 1): we want T 567| | * 2) N <= T < R : (carry, borrow) = (0, 0): we want X 568| | * 3) T >= R : (carry, borrow) = (1, 1): we want X 569| | * 570| | * and (carry, borrow) = (1, 0) can't happen. 571| | * 572| | * So the correct return value is already in X if (carry ^ borrow) = 0, 573| | * but is in (the lower AN_limbs limbs of) T if (carry ^ borrow) = 1. 574| | */ 575| 453k| mbedtls_ct_memcpy_if(mbedtls_ct_bool(carry ^ borrow), 576| 453k| (unsigned char *) X, 577| 453k| (unsigned char *) T, 578| 453k| NULL, 579| 453k| AN_limbs * sizeof(mbedtls_mpi_uint)); 580| 453k|} mbedtls_mpi_core_get_mont_r2_unsafe: 584| 722|{ 585| 722| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 722|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 586| | 587| 722| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 1)); ------------------ | | 41| 722| do \ | | 42| 722| { \ | | 43| 722| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 722] | | ------------------ | | 44| 722| goto cleanup; \ | | 45| 722| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 588| 722| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(X, N->n * 2 * biL)); ------------------ | | 41| 722| do \ | | 42| 722| { \ | | 43| 722| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 722] | | ------------------ | | 44| 722| goto cleanup; \ | | 45| 722| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 589| 722| MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(X, X, N)); ------------------ | | 41| 722| do \ | | 42| 722| { \ | | 43| 722| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 722] | | ------------------ | | 44| 722| goto cleanup; \ | | 45| 722| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 590| 722| MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(X, N->n)); ------------------ | | 41| 722| do \ | | 42| 722| { \ | | 43| 722| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 722] | | ------------------ | | 44| 722| goto cleanup; \ | | 45| 722| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 591| | 592| 722|cleanup: 593| 722| return ret; 594| 722|} mbedtls_mpi_core_fill_random: 619| 476|{ 620| 476| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 476|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 621| 476| const size_t limbs = CHARS_TO_LIMBS(n_bytes); ------------------ | | 88| 476|#define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 79| 476|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ | | #define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) | | ------------------ | | | | 79| 476|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 622| 476| const size_t overhead = (limbs * ciL) - n_bytes; ------------------ | | 79| 476|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 623| | 624| 476| if (X_limbs < limbs) { ------------------ | Branch (624:9): [True: 0, False: 476] ------------------ 625| 0| return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004 ------------------ 626| 0| } 627| | 628| 476| memset(X, 0, overhead); 629| 476| memset((unsigned char *) X + limbs * ciL, 0, (X_limbs - limbs) * ciL); ------------------ | | 79| 476|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ memset((unsigned char *) X + limbs * ciL, 0, (X_limbs - limbs) * ciL); ------------------ | | 79| 476|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 630| 476| MBEDTLS_MPI_CHK(f_rng(p_rng, (unsigned char *) X + overhead, n_bytes)); ------------------ | | 41| 476| do \ | | 42| 476| { \ | | 43| 476| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 476] | | ------------------ | | 44| 476| goto cleanup; \ | | 45| 476| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 631| 476| mbedtls_mpi_core_bigendian_to_host(X, limbs); 632| | 633| 476|cleanup: 634| 476| return ret; 635| 476|} mbedtls_mpi_core_exp_mod_working_limbs: 710| 841|{ 711| 841| const size_t wsize = exp_mod_get_window_size(E_limbs * biL); ------------------ | | 80| 841|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 841|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 712| 841| const size_t welem = ((size_t) 1) << wsize; 713| | 714| | /* How big does each part of the working memory pool need to be? */ 715| 841| const size_t table_limbs = welem * AN_limbs; 716| 841| const size_t select_limbs = AN_limbs; 717| 841| const size_t temp_limbs = 2 * AN_limbs + 1; 718| | 719| 841| return table_limbs + select_limbs + temp_limbs; 720| 841|} mbedtls_mpi_core_exp_mod: 939| 476|{ 940| 476| mbedtls_mpi_core_exp_mod_optionally_safe(X, 941| 476| A, 942| 476| N, 943| 476| AN_limbs, 944| 476| E, 945| 476| E_limbs, 946| 476| MBEDTLS_MPI_IS_SECRET, ------------------ | | 112| 476|#define MBEDTLS_MPI_IS_SECRET 0 ------------------ 947| 476| RR, 948| 476| T); 949| 476|} mbedtls_mpi_core_exp_mod_unsafe: 957| 365|{ 958| 365| mbedtls_mpi_core_exp_mod_optionally_safe(X, 959| 365| A, 960| 365| N, 961| 365| AN_limbs, 962| 365| E, 963| 365| E_limbs, 964| 365| MBEDTLS_MPI_IS_PUBLIC, ------------------ | | 111| 365|#define MBEDTLS_MPI_IS_PUBLIC 0x2a2a2a2a ------------------ 965| 365| RR, 966| 365| T); 967| 365|} mbedtls_mpi_core_sub_int: 973| 2.01M|{ 974| 11.4M| for (size_t i = 0; i < limbs; i++) { ------------------ | Branch (974:24): [True: 9.39M, False: 2.01M] ------------------ 975| 9.39M| mbedtls_mpi_uint s = A[i]; 976| 9.39M| mbedtls_mpi_uint t = s - c; 977| 9.39M| c = (t > s); 978| 9.39M| X[i] = t; 979| 9.39M| } 980| | 981| 2.01M| return c; 982| 2.01M|} mbedtls_mpi_core_to_mont_rep: 1004| 960|{ 1005| 960| mbedtls_mpi_core_montmul(X, A, rr, AN_limbs, N, AN_limbs, mm, T); 1006| 960|} mbedtls_mpi_core_from_mont_rep: 1014| 841|{ 1015| 841| const mbedtls_mpi_uint Rinv = 1; /* 1/R in Mont. rep => 1 */ 1016| | 1017| 841| mbedtls_mpi_core_montmul(X, A, &Rinv, 1, N, AN_limbs, mm, T); 1018| 841|} bignum_core.c:mpi_bigendian_to_host: 69| 192k|{ 70| 192k| if (MBEDTLS_IS_BIG_ENDIAN) { ------------------ | | 398| 192k|#define MBEDTLS_IS_BIG_ENDIAN 0 | | ------------------ | | | Branch (398:31): [Folded - Ignored] | | ------------------ ------------------ 71| | /* Nothing to do on bigendian systems. */ 72| 0| return a; 73| 192k| } else { 74| |#if defined(MBEDTLS_HAVE_INT32) 75| | return (mbedtls_mpi_uint) MBEDTLS_BSWAP32(a); 76| |#elif defined(MBEDTLS_HAVE_INT64) 77| 192k| return (mbedtls_mpi_uint) MBEDTLS_BSWAP64(a); ------------------ | | 301| 192k|#define MBEDTLS_BSWAP64 __builtin_bswap64 ------------------ 78| 192k|#endif 79| 192k| } 80| 192k|} bignum_core.c:exp_mod_get_window_size: 696| 1.68k|{ 697| |#if MBEDTLS_MPI_WINDOW_SIZE >= 6 698| | return (Ebits > 671) ? 6 : (Ebits > 239) ? 5 : (Ebits > 79) ? 4 : 1; 699| |#elif MBEDTLS_MPI_WINDOW_SIZE == 5 700| | return (Ebits > 239) ? 5 : (Ebits > 79) ? 4 : 1; 701| |#elif MBEDTLS_MPI_WINDOW_SIZE > 1 702| 1.68k| return (Ebits > 79) ? MBEDTLS_MPI_WINDOW_SIZE : 1; ------------------ | | 62| 476|#define MBEDTLS_MPI_WINDOW_SIZE 3 /**< Maximum window size used. */ ------------------ | Branch (702:12): [True: 476, False: 1.20k] ------------------ 703| |#else 704| | (void) Ebits; 705| | return 1; 706| |#endif 707| 1.68k|} bignum_core.c:mbedtls_mpi_core_exp_mod_optionally_safe: 856| 841|{ 857| | /* We'll process the bits of E from most significant 858| | * (limb_index=E_limbs-1, E_bit_index=biL-1) to least significant 859| | * (limb_index=0, E_bit_index=0). */ 860| 841| size_t E_limb_index; 861| 841| size_t E_bit_index; 862| 841| exp_mod_calc_first_bit_optionally_safe(E, E_limbs, E_public, 863| 841| &E_limb_index, &E_bit_index); 864| | 865| 841| const size_t wsize = exp_mod_get_window_size(E_limb_index * biL); ------------------ | | 80| 841|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 841|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 866| 841| const size_t welem = ((size_t) 1) << wsize; 867| | 868| | /* This is how we will use the temporary storage T, which must have space 869| | * for table_limbs, select_limbs and (2 * AN_limbs + 1) for montmul. */ 870| 841| const size_t table_limbs = welem * AN_limbs; 871| 841| const size_t select_limbs = AN_limbs; 872| | 873| | /* Pointers to specific parts of the temporary working memory pool */ 874| 841| mbedtls_mpi_uint *const Wtable = T; 875| 841| mbedtls_mpi_uint *const Wselect = Wtable + table_limbs; 876| 841| mbedtls_mpi_uint *const temp = Wselect + select_limbs; 877| | 878| | /* 879| | * Window precomputation 880| | */ 881| | 882| 841| const mbedtls_mpi_uint mm = mbedtls_mpi_core_montmul_init(N); 883| | 884| | /* Set Wtable[i] = A^i (in Montgomery representation) */ 885| 841| exp_mod_precompute_window(A, N, AN_limbs, 886| 841| mm, RR, 887| 841| welem, Wtable, temp); 888| | 889| | /* 890| | * Fixed window exponentiation 891| | */ 892| | 893| | /* X = 1 (in Montgomery presentation) initially */ 894| 841| memcpy(X, Wtable, AN_limbs * ciL); ------------------ | | 79| 841|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 895| | 896| | /* At any given time, window contains window_bits bits from E. 897| | * window_bits can go up to wsize. */ 898| 841| size_t window_bits = 0; 899| 841| mbedtls_mpi_uint window = 0; 900| | 901| 326k| do { 902| | /* Square */ 903| 326k| mbedtls_mpi_core_montmul(X, X, X, AN_limbs, N, AN_limbs, mm, temp); 904| | 905| | /* Move to the next bit of the exponent */ 906| 326k| if (E_bit_index == 0) { ------------------ | Branch (906:13): [True: 4.99k, False: 321k] ------------------ 907| 4.99k| --E_limb_index; 908| 4.99k| E_bit_index = biL - 1; ------------------ | | 80| 4.99k|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 4.99k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 909| 321k| } else { 910| 321k| --E_bit_index; 911| 321k| } 912| | /* Insert next exponent bit into window */ 913| 326k| ++window_bits; 914| 326k| window <<= 1; 915| 326k| window |= (E[E_limb_index] >> E_bit_index) & 1; 916| | 917| | /* Clear window if it's full. Also clear the window at the end, 918| | * when we've finished processing the exponent. */ 919| 326k| if (window_bits == wsize || ------------------ | Branch (919:13): [True: 122k, False: 203k] ------------------ 920| 326k| (E_bit_index == 0 && E_limb_index == 0)) { ------------------ | Branch (920:14): [True: 3.33k, False: 199k] | Branch (920:34): [True: 238, False: 3.09k] ------------------ 921| | 922| 123k| exp_mod_table_lookup_optionally_safe(Wselect, Wtable, AN_limbs, welem, 923| 123k| window, E_public); 924| | /* Multiply X by the selected element. */ 925| 123k| mbedtls_mpi_core_montmul(X, X, Wselect, AN_limbs, N, AN_limbs, mm, 926| 123k| temp); 927| 123k| window = 0; 928| 123k| window_bits = 0; 929| 123k| } 930| 326k| } while (!(E_bit_index == 0 && E_limb_index == 0)); ------------------ | Branch (930:16): [True: 5.36k, False: 320k] | Branch (930:36): [True: 841, False: 4.52k] ------------------ 931| 841|} bignum_core.c:exp_mod_calc_first_bit_optionally_safe: 766| 841|{ 767| 841| if (E_public == MBEDTLS_MPI_IS_PUBLIC) { ------------------ | | 111| 841|#define MBEDTLS_MPI_IS_PUBLIC 0x2a2a2a2a ------------------ | Branch (767:9): [True: 365, False: 476] ------------------ 768| | /* 769| | * Skip leading zero bits. 770| | */ 771| 365| size_t E_bits = mbedtls_mpi_core_bitlen(E, E_limbs); 772| 365| if (E_bits == 0) { ------------------ | Branch (772:13): [True: 0, False: 365] ------------------ 773| | /* 774| | * If E is 0 mbedtls_mpi_core_bitlen() returns 0. Even if that is the case, we will want 775| | * to represent it as a single 0 bit and as such the bitlength will be 1. 776| | */ 777| 0| E_bits = 1; 778| 0| } 779| | 780| 365| *E_limb_index = E_bits / biL; ------------------ | | 80| 365|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 365|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 781| 365| *E_bit_index = E_bits % biL; ------------------ | | 80| 365|#define biL (ciL << 3) /** bits in limb */ | | ------------------ | | | | 79| 365|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ | | ------------------ ------------------ 782| | 783| |#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 784| | mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_PUBLIC; 785| |#endif 786| 476| } else { 787| | /* 788| | * Here we need to be constant time with respect to E and can't do anything better than 789| | * start at the first allocated bit. 790| | */ 791| 476| *E_limb_index = E_limbs; 792| 476| *E_bit_index = 0; 793| |#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 794| | // Only mark the codepath safe if there wasn't an unsafe codepath before 795| | if (mbedtls_mpi_optionally_safe_codepath != MBEDTLS_MPI_IS_PUBLIC) { 796| | mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_SECRET; 797| | } 798| |#endif 799| 476| } 800| 841|} bignum_core.c:exp_mod_precompute_window: 730| 841|{ 731| | /* W[0] = 1 (in Montgomery presentation) */ 732| 841| memset(Wtable, 0, AN_limbs * ciL); ------------------ | | 79| 841|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 733| 841| Wtable[0] = 1; 734| 841| mbedtls_mpi_core_montmul(Wtable, Wtable, RR, AN_limbs, N, AN_limbs, mm, temp); 735| | 736| | /* W[1] = A (already in Montgomery presentation) */ 737| 841| mbedtls_mpi_uint *W1 = Wtable + AN_limbs; 738| 841| memcpy(W1, A, AN_limbs * ciL); ------------------ | | 79| 841|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 739| | 740| | /* W[i+1] = W[i] * W[1], i >= 2 */ 741| 841| mbedtls_mpi_uint *Wprev = W1; 742| 2.26k| for (size_t i = 2; i < welem; i++) { ------------------ | Branch (742:24): [True: 1.42k, False: 841] ------------------ 743| 1.42k| mbedtls_mpi_uint *Wcur = Wprev + AN_limbs; 744| 1.42k| mbedtls_mpi_core_montmul(Wcur, Wprev, W1, AN_limbs, N, AN_limbs, mm, temp); 745| 1.42k| Wprev = Wcur; 746| 1.42k| } 747| 841|} bignum_core.c:exp_mod_table_lookup_optionally_safe: 812| 123k|{ 813| 123k| if (window_public == MBEDTLS_MPI_IS_PUBLIC) { ------------------ | | 111| 123k|#define MBEDTLS_MPI_IS_PUBLIC 0x2a2a2a2a ------------------ | Branch (813:9): [True: 6.20k, False: 116k] ------------------ 814| 6.20k| memcpy(Wselect, Wtable + window * AN_limbs, AN_limbs * ciL); ------------------ | | 79| 6.20k|#define ciL (sizeof(mbedtls_mpi_uint)) /** chars in limb */ ------------------ 815| |#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 816| | mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_PUBLIC; 817| |#endif 818| 116k| } else { 819| | /* Select Wtable[window] without leaking window through 820| | * memory access patterns. */ 821| 116k| mbedtls_mpi_core_ct_uint_table_lookup(Wselect, Wtable, 822| 116k| AN_limbs, welem, window); 823| |#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C) 824| | // Only mark the codepath safe if there wasn't an unsafe codepath before 825| | if (mbedtls_mpi_optionally_safe_codepath != MBEDTLS_MPI_IS_PUBLIC) { 826| | mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_SECRET; 827| | } 828| |#endif 829| 116k| } 830| 123k|} bignum_core.c:mbedtls_mpi_core_ct_uint_table_lookup: 602| 116k|{ 603| 960k| for (size_t i = 0; i < count; i++, table += limbs) { ------------------ | Branch (603:24): [True: 843k, False: 116k] ------------------ 604| 843k| mbedtls_ct_condition_t assign = mbedtls_ct_uint_eq(i, index); 605| 843k| mbedtls_mpi_core_cond_assign(dest, table, limbs, assign); 606| 843k| } 607| 116k|} rsa.c:mbedtls_mpi_core_montmul_working_limbs: 741| 119|{ 742| 119| return 2 * AN_limbs + 1; 743| 119|} md.c:mbedtls_xor: 190| 564|{ 191| 564| size_t i = 0; 192| 564|#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) 193| |#if defined(MBEDTLS_HAVE_NEON_INTRINSICS) && \ 194| | (!(defined(MBEDTLS_COMPILER_IS_GCC) && MBEDTLS_GCC_VERSION < 70300)) 195| | /* Old GCC versions generate a warning here, so disable the NEON path for these compilers */ 196| | for (; (i + 16) <= n; i += 16) { 197| | uint8x16_t v1 = vld1q_u8(a + i); 198| | uint8x16_t v2 = vld1q_u8(b + i); 199| | uint8x16_t x = veorq_u8(v1, v2); 200| | vst1q_u8(r + i, x); 201| | } 202| |#if defined(__IAR_SYSTEMS_ICC__) 203| | /* This if statement helps some compilers (e.g., IAR) optimise out the byte-by-byte tail case 204| | * where n is a constant multiple of 16. 205| | * For other compilers (e.g. recent gcc and clang) it makes no difference if n is a compile-time 206| | * constant, and is a very small perf regression if n is not a compile-time constant. */ 207| | if (n % 16 == 0) { 208| | return; 209| | } 210| |#endif 211| |#elif defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_ARM64) 212| | /* This codepath probably only makes sense on architectures with 64-bit registers */ 213| 2.82k| for (; (i + 8) <= n; i += 8) { ------------------ | Branch (213:12): [True: 2.25k, False: 564] ------------------ 214| 2.25k| uint64_t x = mbedtls_get_unaligned_uint64(a + i) ^ mbedtls_get_unaligned_uint64(b + i); 215| 2.25k| mbedtls_put_unaligned_uint64(r + i, x); 216| 2.25k| } 217| |#if defined(__IAR_SYSTEMS_ICC__) 218| | if (n % 8 == 0) { 219| | return; 220| | } 221| |#endif 222| |#else 223| | for (; (i + 4) <= n; i += 4) { 224| | uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i); 225| | mbedtls_put_unaligned_uint32(r + i, x); 226| | } 227| |#if defined(__IAR_SYSTEMS_ICC__) 228| | if (n % 4 == 0) { 229| | return; 230| | } 231| |#endif 232| |#endif 233| 564|#endif 234| 564| for (; i < n; i++) { ------------------ | Branch (234:12): [True: 0, False: 564] ------------------ 235| 0| r[i] = a[i] ^ b[i]; 236| 0| } 237| 564|} mbedtls_ct_memcmp: 71| 365|{ 72| 365| size_t i = 0; 73| | /* 74| | * `A` and `B` are cast to volatile to ensure that the compiler 75| | * generates code that always fully reads both buffers. 76| | * Otherwise it could generate a test to exit early if `diff` has all 77| | * bits set early in the loop. 78| | */ 79| 365| volatile const unsigned char *A = (volatile const unsigned char *) a; 80| 365| volatile const unsigned char *B = (volatile const unsigned char *) b; 81| 365| uint32_t diff = 0; 82| | 83| |#if defined(MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS) 84| | for (; (i + 4) <= n; i += 4) { 85| | uint32_t x = mbedtls_get_unaligned_volatile_uint32(A + i); 86| | uint32_t y = mbedtls_get_unaligned_volatile_uint32(B + i); 87| | diff |= x ^ y; 88| | } 89| |#endif 90| | 91| 139k| for (; i < n; i++) { ------------------ | Branch (91:12): [True: 139k, False: 365] ------------------ 92| | /* Read volatile data in order before computing diff. 93| | * This avoids IAR compiler warning: 94| | * 'the order of volatile accesses is undefined ..' */ 95| 139k| unsigned char x = A[i], y = B[i]; 96| 139k| diff |= x ^ y; 97| 139k| } 98| | 99| | 100| |#if (INT_MAX < INT32_MAX) 101| | /* We don't support int smaller than 32-bits, but if someone tried to build 102| | * with this configuration, there is a risk that, for differing data, the 103| | * only bits set in diff are in the top 16-bits, and would be lost by a 104| | * simple cast from uint32 to int. 105| | * This would have significant security implications, so protect against it. */ 106| |#error "mbedtls_ct_memcmp() requires minimum 32-bit ints" 107| |#else 108| | /* The bit-twiddling ensures that when we cast uint32_t to int, we are casting 109| | * a value that is in the range 0..INT_MAX - a value larger than this would 110| | * result in implementation defined behaviour. 111| | * 112| | * This ensures that the value returned by the function is non-zero iff 113| | * diff is non-zero. 114| | */ 115| 365| return (int) ((diff & 0xffff) | (diff >> 16)); 116| 365|#endif 117| 365|} mbedtls_ct_memcpy_if: 175| 453k|{ 176| 453k|#if defined(MBEDTLS_CT_SIZE_64) 177| 453k| const uint64_t mask = (uint64_t) condition; 178| 453k| const uint64_t not_mask = (uint64_t) ~mbedtls_ct_compiler_opaque(condition); 179| |#else 180| | const uint32_t mask = (uint32_t) condition; 181| | const uint32_t not_mask = (uint32_t) ~mbedtls_ct_compiler_opaque(condition); 182| |#endif 183| | 184| | /* If src2 is NULL, setup src2 so that we read from the destination address. 185| | * 186| | * This means that if src2 == NULL && condition is false, the result will be a 187| | * no-op because we read from dest and write the same data back into dest. 188| | */ 189| 453k| if (src2 == NULL) { ------------------ | Branch (189:9): [True: 453k, False: 0] ------------------ 190| 453k| src2 = dest; 191| 453k| } 192| | 193| | /* dest[i] = c1 == c2 ? src[i] : dest[i] */ 194| 453k| size_t i = 0; 195| 453k|#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) 196| 453k|#if defined(MBEDTLS_CT_SIZE_64) 197| 8.64M| for (; (i + 8) <= len; i += 8) { ------------------ | Branch (197:12): [True: 8.19M, False: 453k] ------------------ 198| 8.19M| uint64_t a = mbedtls_get_unaligned_uint64(src1 + i) & mask; 199| 8.19M| uint64_t b = mbedtls_get_unaligned_uint64(src2 + i) & not_mask; 200| 8.19M| mbedtls_put_unaligned_uint64(dest + i, a | b); 201| 8.19M| } 202| |#else 203| | for (; (i + 4) <= len; i += 4) { 204| | uint32_t a = mbedtls_get_unaligned_uint32(src1 + i) & mask; 205| | uint32_t b = mbedtls_get_unaligned_uint32(src2 + i) & not_mask; 206| | mbedtls_put_unaligned_uint32(dest + i, a | b); 207| | } 208| |#endif /* defined(MBEDTLS_CT_SIZE_64) */ 209| 453k|#endif /* MBEDTLS_EFFICIENT_UNALIGNED_ACCESS */ 210| 453k| for (; i < len; i++) { ------------------ | Branch (210:12): [True: 0, False: 453k] ------------------ 211| 0| dest[i] = (src1[i] & mask) | (src2[i] & not_mask); 212| 0| } 213| 453k|} bignum.c:mbedtls_ct_bool: 136| 2.04M|{ 137| | /* 138| | * Define mask-generation code that, as far as possible, will not use branches or conditional instructions. 139| | * 140| | * For some platforms / type sizes, we define assembly to assure this. 141| | * 142| | * Otherwise, we define a plain C fallback which (in May 2023) does not get optimised into 143| | * conditional instructions or branches by trunk clang, gcc, or MSVC v19. 144| | */ 145| |#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) 146| | mbedtls_ct_uint_t s; 147| | asm volatile ("neg %x[s], %x[x] \n\t" 148| | "orr %x[x], %x[s], %x[x] \n\t" 149| | "asr %x[x], %x[x], 63 \n\t" 150| | : 151| | [s] "=&r" (s), 152| | [x] "+&r" (x) 153| | : 154| | : 155| | ); 156| | return (mbedtls_ct_condition_t) x; 157| |#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32) 158| | uint32_t s; 159| | asm volatile (".syntax unified \n\t" 160| | "negs %[s], %[x] \n\t" 161| | "orrs %[x], %[x], %[s] \n\t" 162| | "asrs %[x], %[x], #31 \n\t" 163| | RESTORE_ASM_SYNTAX 164| | : 165| | [s] "=&l" (s), 166| | [x] "+&l" (x) 167| | : 168| | : 169| | "cc" /* clobbers flag bits */ 170| | ); 171| | return (mbedtls_ct_condition_t) x; 172| |#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) 173| | uint64_t s; 174| 2.04M| asm volatile ("mov %[x], %[s] \n\t" ------------------ | | 321| 2.04M|#define asm __asm__ ------------------ 175| 2.04M| "neg %[s] \n\t" 176| 2.04M| "or %[x], %[s] \n\t" 177| 2.04M| "sar $63, %[s] \n\t" 178| 2.04M| : 179| 2.04M| [s] "=&a" (s) 180| 2.04M| : 181| 2.04M| [x] "D" (x) 182| 2.04M| : 183| 2.04M| ); 184| 2.04M| return (mbedtls_ct_condition_t) s; 185| |#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32) 186| | uint32_t s; 187| | asm volatile ("mov %[x], %[s] \n\t" 188| | "neg %[s] \n\t" 189| | "or %[s], %[x] \n\t" 190| | "sar $31, %[x] \n\t" 191| | : 192| | [s] "=&c" (s), 193| | [x] "+&a" (x) 194| | : 195| | : 196| | ); 197| | return (mbedtls_ct_condition_t) x; 198| |#else 199| | const mbedtls_ct_uint_t xo = mbedtls_ct_compiler_opaque(x); 200| |#if defined(_MSC_VER) 201| | /* MSVC has a warning about unary minus on unsigned, but this is 202| | * well-defined and precisely what we want to do here */ 203| |#pragma warning( push ) 204| |#pragma warning( disable : 4146 ) 205| |#endif 206| | // y is negative (i.e., top bit set) iff x is non-zero 207| | mbedtls_ct_int_t y = (-xo) | -(xo >> 1); 208| | 209| | // extract only the sign bit of y so that y == 1 (if x is non-zero) or 0 (if x is zero) 210| | y = (((mbedtls_ct_uint_t) y) >> (MBEDTLS_CT_SIZE - 1)); 211| | 212| | // -y has all bits set (if x is non-zero), or all bits clear (if x is zero) 213| | return (mbedtls_ct_condition_t) (-y); 214| |#if defined(_MSC_VER) 215| |#pragma warning( pop ) 216| |#endif 217| |#endif 218| 2.04M|} bignum.c:mbedtls_ct_bool_not: 547| 2.04M|{ 548| 2.04M| return (mbedtls_ct_condition_t) (~x); 549| 2.04M|} bignum.c:mbedtls_ct_uint_if: 436| 2.04M|{ 437| 2.04M| return (unsigned) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) if1, (mbedtls_ct_uint_t) if0); 438| 2.04M|} bignum.c:mbedtls_ct_if: 223| 2.04M|{ 224| |#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) 225| | asm volatile ("and %x[if1], %x[if1], %x[condition] \n\t" 226| | "mvn %x[condition], %x[condition] \n\t" 227| | "and %x[condition], %x[condition], %x[if0] \n\t" 228| | "orr %x[condition], %x[if1], %x[condition]" 229| | : 230| | [condition] "+&r" (condition), 231| | [if1] "+&r" (if1) 232| | : 233| | [if0] "r" (if0) 234| | : 235| | ); 236| | return (mbedtls_ct_uint_t) condition; 237| |#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32) 238| | asm volatile (".syntax unified \n\t" 239| | "ands %[if1], %[if1], %[condition] \n\t" 240| | "mvns %[condition], %[condition] \n\t" 241| | "ands %[condition], %[condition], %[if0] \n\t" 242| | "orrs %[condition], %[if1], %[condition] \n\t" 243| | RESTORE_ASM_SYNTAX 244| | : 245| | [condition] "+&l" (condition), 246| | [if1] "+&l" (if1) 247| | : 248| | [if0] "l" (if0) 249| | : 250| | "cc" 251| | ); 252| | return (mbedtls_ct_uint_t) condition; 253| |#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) 254| 2.04M| asm volatile ("and %[condition], %[if1] \n\t" ------------------ | | 321| 2.04M|#define asm __asm__ ------------------ 255| 2.04M| "not %[condition] \n\t" 256| 2.04M| "and %[condition], %[if0] \n\t" 257| 2.04M| "or %[if1], %[if0] \n\t" 258| 2.04M| : 259| 2.04M| [condition] "+&D" (condition), 260| 2.04M| [if1] "+&S" (if1), 261| 2.04M| [if0] "+&a" (if0) 262| 2.04M| : 263| 2.04M| : 264| 2.04M| ); 265| 2.04M| return if0; 266| |#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32) 267| | asm volatile ("and %[condition], %[if1] \n\t" 268| | "not %[condition] \n\t" 269| | "and %[if0], %[condition] \n\t" 270| | "or %[condition], %[if1] \n\t" 271| | : 272| | [condition] "+&c" (condition), 273| | [if1] "+&a" (if1) 274| | : 275| | [if0] "b" (if0) 276| | : 277| | ); 278| | return if1; 279| |#else 280| | mbedtls_ct_condition_t not_cond = 281| | (mbedtls_ct_condition_t) (~mbedtls_ct_compiler_opaque(condition)); 282| | return (mbedtls_ct_uint_t) ((condition & if1) | (not_cond & if0)); 283| |#endif 284| 2.04M|} bignum.c:mbedtls_ct_mpi_uint_if_else_0: 481| 7.14k|{ 482| 7.14k| return (mbedtls_mpi_uint) (condition & if1); 483| 7.14k|} bignum_core.c:mbedtls_ct_compiler_opaque: 101| 1.68M|{ 102| 1.68M|#if defined(MBEDTLS_CT_ASM) 103| 1.68M| asm volatile ("" : [x] "+r" (x) :); ------------------ | | 321| 1.68M|#define asm __asm__ ------------------ 104| 1.68M| return x; 105| |#else 106| | return x ^ mbedtls_ct_zero; 107| |#endif 108| 1.68M|} bignum_core.c:mbedtls_ct_bool: 136| 1.29M|{ 137| | /* 138| | * Define mask-generation code that, as far as possible, will not use branches or conditional instructions. 139| | * 140| | * For some platforms / type sizes, we define assembly to assure this. 141| | * 142| | * Otherwise, we define a plain C fallback which (in May 2023) does not get optimised into 143| | * conditional instructions or branches by trunk clang, gcc, or MSVC v19. 144| | */ 145| |#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) 146| | mbedtls_ct_uint_t s; 147| | asm volatile ("neg %x[s], %x[x] \n\t" 148| | "orr %x[x], %x[s], %x[x] \n\t" 149| | "asr %x[x], %x[x], 63 \n\t" 150| | : 151| | [s] "=&r" (s), 152| | [x] "+&r" (x) 153| | : 154| | : 155| | ); 156| | return (mbedtls_ct_condition_t) x; 157| |#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32) 158| | uint32_t s; 159| | asm volatile (".syntax unified \n\t" 160| | "negs %[s], %[x] \n\t" 161| | "orrs %[x], %[x], %[s] \n\t" 162| | "asrs %[x], %[x], #31 \n\t" 163| | RESTORE_ASM_SYNTAX 164| | : 165| | [s] "=&l" (s), 166| | [x] "+&l" (x) 167| | : 168| | : 169| | "cc" /* clobbers flag bits */ 170| | ); 171| | return (mbedtls_ct_condition_t) x; 172| |#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) 173| | uint64_t s; 174| 1.29M| asm volatile ("mov %[x], %[s] \n\t" ------------------ | | 321| 1.29M|#define asm __asm__ ------------------ 175| 1.29M| "neg %[s] \n\t" 176| 1.29M| "or %[x], %[s] \n\t" 177| 1.29M| "sar $63, %[s] \n\t" 178| 1.29M| : 179| 1.29M| [s] "=&a" (s) 180| 1.29M| : 181| 1.29M| [x] "D" (x) 182| 1.29M| : 183| 1.29M| ); 184| 1.29M| return (mbedtls_ct_condition_t) s; 185| |#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32) 186| | uint32_t s; 187| | asm volatile ("mov %[x], %[s] \n\t" 188| | "neg %[s] \n\t" 189| | "or %[s], %[x] \n\t" 190| | "sar $31, %[x] \n\t" 191| | : 192| | [s] "=&c" (s), 193| | [x] "+&a" (x) 194| | : 195| | : 196| | ); 197| | return (mbedtls_ct_condition_t) x; 198| |#else 199| | const mbedtls_ct_uint_t xo = mbedtls_ct_compiler_opaque(x); 200| |#if defined(_MSC_VER) 201| | /* MSVC has a warning about unary minus on unsigned, but this is 202| | * well-defined and precisely what we want to do here */ 203| |#pragma warning( push ) 204| |#pragma warning( disable : 4146 ) 205| |#endif 206| | // y is negative (i.e., top bit set) iff x is non-zero 207| | mbedtls_ct_int_t y = (-xo) | -(xo >> 1); 208| | 209| | // extract only the sign bit of y so that y == 1 (if x is non-zero) or 0 (if x is zero) 210| | y = (((mbedtls_ct_uint_t) y) >> (MBEDTLS_CT_SIZE - 1)); 211| | 212| | // -y has all bits set (if x is non-zero), or all bits clear (if x is zero) 213| | return (mbedtls_ct_condition_t) (-y); 214| |#if defined(_MSC_VER) 215| |#pragma warning( pop ) 216| |#endif 217| |#endif 218| 1.29M|} bignum_core.c:mbedtls_ct_mpi_uint_if: 453| 22.1M|{ 454| 22.1M| return (mbedtls_mpi_uint) mbedtls_ct_if(condition, 455| 22.1M| (mbedtls_ct_uint_t) if1, 456| 22.1M| (mbedtls_ct_uint_t) if0); 457| 22.1M|} bignum_core.c:mbedtls_ct_if: 223| 22.1M|{ 224| |#if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) 225| | asm volatile ("and %x[if1], %x[if1], %x[condition] \n\t" 226| | "mvn %x[condition], %x[condition] \n\t" 227| | "and %x[condition], %x[condition], %x[if0] \n\t" 228| | "orr %x[condition], %x[if1], %x[condition]" 229| | : 230| | [condition] "+&r" (condition), 231| | [if1] "+&r" (if1) 232| | : 233| | [if0] "r" (if0) 234| | : 235| | ); 236| | return (mbedtls_ct_uint_t) condition; 237| |#elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32) 238| | asm volatile (".syntax unified \n\t" 239| | "ands %[if1], %[if1], %[condition] \n\t" 240| | "mvns %[condition], %[condition] \n\t" 241| | "ands %[condition], %[condition], %[if0] \n\t" 242| | "orrs %[condition], %[if1], %[condition] \n\t" 243| | RESTORE_ASM_SYNTAX 244| | : 245| | [condition] "+&l" (condition), 246| | [if1] "+&l" (if1) 247| | : 248| | [if0] "l" (if0) 249| | : 250| | "cc" 251| | ); 252| | return (mbedtls_ct_uint_t) condition; 253| |#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) 254| 22.1M| asm volatile ("and %[condition], %[if1] \n\t" ------------------ | | 321| 22.1M|#define asm __asm__ ------------------ 255| 22.1M| "not %[condition] \n\t" 256| 22.1M| "and %[condition], %[if0] \n\t" 257| 22.1M| "or %[if1], %[if0] \n\t" 258| 22.1M| : 259| 22.1M| [condition] "+&D" (condition), 260| 22.1M| [if1] "+&S" (if1), 261| 22.1M| [if0] "+&a" (if0) 262| 22.1M| : 263| 22.1M| : 264| 22.1M| ); 265| 22.1M| return if0; 266| |#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32) 267| | asm volatile ("and %[condition], %[if1] \n\t" 268| | "not %[condition] \n\t" 269| | "and %[if0], %[condition] \n\t" 270| | "or %[condition], %[if1] \n\t" 271| | : 272| | [condition] "+&c" (condition), 273| | [if1] "+&a" (if1) 274| | : 275| | [if0] "b" (if0) 276| | : 277| | ); 278| | return if1; 279| |#else 280| | mbedtls_ct_condition_t not_cond = 281| | (mbedtls_ct_condition_t) (~mbedtls_ct_compiler_opaque(condition)); 282| | return (mbedtls_ct_uint_t) ((condition & if1) | (not_cond & if0)); 283| |#endif 284| 22.1M|} bignum_core.c:mbedtls_ct_uint_eq: 506| 843k|{ 507| 843k| return ~mbedtls_ct_uint_ne(x, y); 508| 843k|} bignum_core.c:mbedtls_ct_uint_ne: 398| 843k|{ 399| | /* diff = 0 if x == y, non-zero otherwise */ 400| 843k| const mbedtls_ct_uint_t diff = mbedtls_ct_compiler_opaque(x) ^ mbedtls_ct_compiler_opaque(y); 401| | 402| | /* all ones if x != y, 0 otherwise */ 403| 843k| return mbedtls_ct_bool(diff); 404| 843k|} constant_time.c:mbedtls_ct_compiler_opaque: 101| 453k|{ 102| 453k|#if defined(MBEDTLS_CT_ASM) 103| 453k| asm volatile ("" : [x] "+r" (x) :); ------------------ | | 321| 453k|#define asm __asm__ ------------------ 104| 453k| return x; 105| |#else 106| | return x ^ mbedtls_ct_zero; 107| |#endif 108| 453k|} base64.c:mbedtls_ct_uchar_in_range_if: 410| 2.89M|{ 411| 2.89M| const unsigned char co = (unsigned char) mbedtls_ct_compiler_opaque(c); 412| 2.89M| const unsigned char to = (unsigned char) mbedtls_ct_compiler_opaque(t); 413| | 414| | /* low_mask is: 0 if low <= c, 0x...ff if low > c */ 415| 2.89M| unsigned low_mask = ((unsigned) co - low) >> 8; 416| | /* high_mask is: 0 if c <= high, 0x...ff if c > high */ 417| 2.89M| unsigned high_mask = ((unsigned) high - co) >> 8; 418| | 419| 2.89M| return (unsigned char) (~(low_mask | high_mask)) & to; 420| 2.89M|} base64.c:mbedtls_ct_compiler_opaque: 101| 5.79M|{ 102| 5.79M|#if defined(MBEDTLS_CT_ASM) 103| 5.79M| asm volatile ("" : [x] "+r" (x) :); ------------------ | | 321| 5.79M|#define asm __asm__ ------------------ 104| 5.79M| return x; 105| |#else 106| | return x ^ mbedtls_ct_zero; 107| |#endif 108| 5.79M|} mbedtls_ecdh_init: 160| 357|{ 161| 357|#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) 162| 357| ecdh_init_internal(ctx); 163| 357| mbedtls_ecp_point_init(&ctx->Vi); 164| 357| mbedtls_ecp_point_init(&ctx->Vf); 165| 357| mbedtls_mpi_init(&ctx->_d); 166| |#else 167| | memset(ctx, 0, sizeof(mbedtls_ecdh_context)); 168| | 169| | ctx->var = MBEDTLS_ECDH_VARIANT_NONE; 170| |#endif 171| 357| ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; ------------------ | | 439| 357|#define MBEDTLS_ECP_PF_UNCOMPRESSED 0 ------------------ 172| 357|#if defined(MBEDTLS_ECP_RESTARTABLE) 173| 357| ctx->restart_enabled = 0; 174| 357|#endif 175| 357|} mbedtls_ecdh_setup: 194| 357|{ 195| 357|#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) 196| 357| return ecdh_setup_internal(ctx, grp_id); 197| |#else 198| | switch (grp_id) { 199| |#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) 200| | case MBEDTLS_ECP_DP_CURVE25519: 201| | ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED; 202| | ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST; 203| | ctx->grp_id = grp_id; 204| | return mbedtls_everest_setup(&ctx->ctx.everest_ecdh, grp_id); 205| |#endif 206| | default: 207| | ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; 208| | ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0; 209| | ctx->grp_id = grp_id; 210| | ecdh_init_internal(&ctx->ctx.mbed_ecdh); 211| | return ecdh_setup_internal(&ctx->ctx.mbed_ecdh, grp_id); 212| | } 213| |#endif 214| 357|} mbedtls_ecdh_free: 243| 357|{ 244| 357| if (ctx == NULL) { ------------------ | Branch (244:9): [True: 0, False: 357] ------------------ 245| 0| return; 246| 0| } 247| | 248| 357|#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) 249| 357| mbedtls_ecp_point_free(&ctx->Vi); 250| 357| mbedtls_ecp_point_free(&ctx->Vf); 251| 357| mbedtls_mpi_free(&ctx->_d); 252| 357| ecdh_free_internal(ctx); 253| |#else 254| | switch (ctx->var) { 255| |#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) 256| | case MBEDTLS_ECDH_VARIANT_EVEREST: 257| | mbedtls_everest_free(&ctx->ctx.everest_ecdh); 258| | break; 259| |#endif 260| | case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: 261| | ecdh_free_internal(&ctx->ctx.mbed_ecdh); 262| | break; 263| | default: 264| | break; 265| | } 266| | 267| | ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED; 268| | ctx->var = MBEDTLS_ECDH_VARIANT_NONE; 269| | ctx->grp_id = MBEDTLS_ECP_DP_NONE; 270| |#endif 271| 357|} mbedtls_ecdh_get_params: 448| 357|{ 449| 357| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 357|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 450| 357| if (side != MBEDTLS_ECDH_OURS && side != MBEDTLS_ECDH_THEIRS) { ------------------ | Branch (450:9): [True: 0, False: 357] | Branch (450:38): [True: 0, False: 0] ------------------ 451| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 452| 0| } 453| | 454| 357| if (mbedtls_ecdh_grp_id(ctx) == MBEDTLS_ECP_DP_NONE) { ------------------ | Branch (454:9): [True: 357, False: 0] ------------------ 455| | /* This is the first call to get_params(). Set up the context 456| | * for use with the group. */ 457| 357| if ((ret = mbedtls_ecdh_setup(ctx, key->grp.id)) != 0) { ------------------ | Branch (457:13): [True: 0, False: 357] ------------------ 458| 0| return ret; 459| 0| } 460| 357| } else { 461| | /* This is not the first call to get_params(). Check that the 462| | * current key's group is the same as the context's, which was set 463| | * from the first key's group. */ 464| 0| if (mbedtls_ecdh_grp_id(ctx) != key->grp.id) { ------------------ | Branch (464:13): [True: 0, False: 0] ------------------ 465| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 466| 0| } 467| 0| } 468| | 469| 357|#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) 470| 357| return ecdh_get_params_internal(ctx, key, side); 471| |#else 472| | switch (ctx->var) { 473| |#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) 474| | case MBEDTLS_ECDH_VARIANT_EVEREST: 475| | { 476| | mbedtls_everest_ecdh_side s = side == MBEDTLS_ECDH_OURS ? 477| | MBEDTLS_EVEREST_ECDH_OURS : 478| | MBEDTLS_EVEREST_ECDH_THEIRS; 479| | return mbedtls_everest_get_params(&ctx->ctx.everest_ecdh, 480| | key, s); 481| | } 482| |#endif 483| | case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0: 484| | return ecdh_get_params_internal(&ctx->ctx.mbed_ecdh, 485| | key, side); 486| | default: 487| | return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; 488| | } 489| |#endif 490| 357|} ecdh.c:ecdh_init_internal: 135| 357|{ 136| 357| mbedtls_ecp_group_init(&ctx->grp); 137| 357| mbedtls_mpi_init(&ctx->d); 138| 357| mbedtls_ecp_point_init(&ctx->Q); 139| 357| mbedtls_ecp_point_init(&ctx->Qp); 140| 357| mbedtls_mpi_init(&ctx->z); 141| | 142| 357|#if defined(MBEDTLS_ECP_RESTARTABLE) 143| 357| mbedtls_ecp_restart_init(&ctx->rs); 144| 357|#endif 145| 357|} ecdh.c:ecdh_setup_internal: 179| 357|{ 180| 357| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 357|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 181| | 182| 357| ret = mbedtls_ecp_group_load(&ctx->grp, grp_id); 183| 357| if (ret != 0) { ------------------ | Branch (183:9): [True: 0, False: 357] ------------------ 184| 0| return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; ------------------ | | 39| 0|#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 ------------------ 185| 0| } 186| | 187| 357| return 0; 188| 357|} ecdh.c:ecdh_free_internal: 217| 357|{ 218| 357| mbedtls_ecp_group_free(&ctx->grp); 219| 357| mbedtls_mpi_free(&ctx->d); 220| 357| mbedtls_ecp_point_free(&ctx->Q); 221| 357| mbedtls_ecp_point_free(&ctx->Qp); 222| 357| mbedtls_mpi_free(&ctx->z); 223| | 224| 357|#if defined(MBEDTLS_ECP_RESTARTABLE) 225| 357| mbedtls_ecp_restart_free(&ctx->rs); 226| 357|#endif 227| 357|} ecdh.c:mbedtls_ecdh_grp_id: 31| 357|{ 32| 357|#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) 33| 357| return ctx->grp.id; 34| |#else 35| | return ctx->grp_id; 36| |#endif 37| 357|} ecdh.c:ecdh_get_params_internal: 421| 357|{ 422| 357| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 357|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 423| | 424| | /* If it's not our key, just import the public part as Qp */ 425| 357| if (side == MBEDTLS_ECDH_THEIRS) { ------------------ | Branch (425:9): [True: 0, False: 357] ------------------ 426| 0| return mbedtls_ecp_copy(&ctx->Qp, &key->Q); 427| 0| } 428| | 429| | /* Our key: import public (as Q) and private parts */ 430| 357| if (side != MBEDTLS_ECDH_OURS) { ------------------ | Branch (430:9): [True: 0, False: 357] ------------------ 431| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 432| 0| } 433| | 434| 357| if ((ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0 || ------------------ | Branch (434:9): [True: 0, False: 357] ------------------ 435| 357| (ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0) { ------------------ | Branch (435:9): [True: 0, False: 357] ------------------ 436| 0| return ret; 437| 0| } 438| | 439| 357| return 0; 440| 357|} mbedtls_ecdsa_can_do: 226| 714|{ 227| 714| switch (gid) { 228| 0|#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED 229| 0| case MBEDTLS_ECP_DP_CURVE25519: return 0; ------------------ | Branch (229:9): [True: 0, False: 714] ------------------ 230| 0|#endif 231| 0|#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED 232| 0| case MBEDTLS_ECP_DP_CURVE448: return 0; ------------------ | Branch (232:9): [True: 0, False: 714] ------------------ 233| 0|#endif 234| 714| default: return 1; ------------------ | Branch (234:9): [True: 714, False: 0] ------------------ 235| 714| } 236| 714|} mbedtls_ecdsa_verify_restartable: 494| 714|{ 495| 714| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 714|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 496| 714| mbedtls_mpi e, s_inv, u1, u2; 497| 714| mbedtls_ecp_point R; 498| 714| mbedtls_mpi *pu1 = &u1, *pu2 = &u2; 499| | 500| 714| mbedtls_ecp_point_init(&R); 501| 714| mbedtls_mpi_init(&e); mbedtls_mpi_init(&s_inv); 502| 714| mbedtls_mpi_init(&u1); mbedtls_mpi_init(&u2); 503| | 504| | /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */ 505| 714| if (!mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL) { ------------------ | Branch (505:9): [True: 0, False: 714] | Branch (505:43): [True: 0, False: 714] ------------------ 506| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 507| 0| } 508| | 509| 714| ECDSA_RS_ENTER(ver); ------------------ | | 153| 714|#define ECDSA_RS_ENTER(SUB) do { \ | | 154| 714| /* reset ops count for this call if top-level */ \ | | 155| 714| if (rs_ctx != NULL && rs_ctx->ecp.depth++ == 0) \ | | ------------------ | | | Branch (155:13): [True: 0, False: 714] | | | Branch (155:31): [True: 0, False: 0] | | ------------------ | | 156| 714| rs_ctx->ecp.ops_done = 0; \ | | 157| 714| \ | | 158| 714| /* set up our own sub-context if needed */ \ | | 159| 714| if (mbedtls_ecp_restart_is_enabled() && \ | | ------------------ | | | Branch (159:13): [True: 0, False: 714] | | ------------------ | | 160| 714| rs_ctx != NULL && rs_ctx->SUB == NULL) \ | | ------------------ | | | Branch (160:13): [True: 0, False: 0] | | | Branch (160:31): [True: 0, False: 0] | | ------------------ | | 161| 714| { \ | | 162| 0| rs_ctx->SUB = mbedtls_calloc(1, sizeof(*rs_ctx->SUB)); \ | | ------------------ | | | | 144| 0|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | | | ------------------ | | | | | | 4093| 0|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | | | ------------------ | | ------------------ | | 163| 0| if (rs_ctx->SUB == NULL) \ | | ------------------ | | | Branch (163:17): [True: 0, False: 0] | | ------------------ | | 164| 0| return MBEDTLS_ERR_ECP_ALLOC_FAILED; \ | | ------------------ | | | | 43| 0|#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 | | ------------------ | | 165| 0| \ | | 166| 0| ecdsa_restart_## SUB ##_init(rs_ctx->SUB); \ | | 167| 0| } \ | | 168| 714|} while (0) | | ------------------ | | | Branch (168:10): [Folded - Ignored] | | ------------------ ------------------ 510| | 511| 714|#if defined(MBEDTLS_ECP_RESTARTABLE) 512| 714| if (rs_ctx != NULL && rs_ctx->ver != NULL) { ------------------ | Branch (512:9): [True: 0, False: 714] | Branch (512:27): [True: 0, False: 0] ------------------ 513| | /* redirect to our context */ 514| 0| pu1 = &rs_ctx->ver->u1; 515| 0| pu2 = &rs_ctx->ver->u2; 516| | 517| | /* jump to current step */ 518| 0| if (rs_ctx->ver->state == ecdsa_ver_muladd) { ------------------ | Branch (518:13): [True: 0, False: 0] ------------------ 519| 0| goto muladd; 520| 0| } 521| 0| } 522| 714|#endif /* MBEDTLS_ECP_RESTARTABLE */ 523| | 524| | /* 525| | * Step 1: make sure r and s are in range 1..n-1 526| | */ 527| 714| if (mbedtls_mpi_cmp_int(r, 1) < 0 || mbedtls_mpi_cmp_mpi(r, &grp->N) >= 0 || ------------------ | Branch (527:9): [True: 0, False: 714] | Branch (527:42): [True: 0, False: 714] ------------------ 528| 714| mbedtls_mpi_cmp_int(s, 1) < 0 || mbedtls_mpi_cmp_mpi(s, &grp->N) >= 0) { ------------------ | Branch (528:9): [True: 0, False: 714] | Branch (528:42): [True: 0, False: 714] ------------------ 529| 0| ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; ------------------ | | 41| 0|#define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 ------------------ 530| 0| goto cleanup; 531| 0| } 532| | 533| | /* 534| | * Step 3: derive MPI from hashed message 535| | */ 536| 714| MBEDTLS_MPI_CHK(derive_mpi(grp, &e, buf, blen)); ------------------ | | 41| 714| do \ | | 42| 714| { \ | | 43| 714| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 714] | | ------------------ | | 44| 714| goto cleanup; \ | | 45| 714| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 537| | 538| | /* 539| | * Step 4: u1 = e / s mod n, u2 = r / s mod n 540| | */ 541| 714| ECDSA_BUDGET(MBEDTLS_ECP_OPS_CHK + MBEDTLS_ECP_OPS_INV + 2); ------------------ | | 150| 714| MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, ECDSA_RS_ECP, ops)); | | ------------------ | | | | 41| 714| do \ | | | | 42| 714| { \ | | | | 43| 1.42k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 714] | | | | | Branch (43:21): [True: 714, False: 0] | | | | ------------------ | | | | 44| 714| goto cleanup; \ | | | | 45| 714| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 542| | 543| 714| MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&s_inv, s, &grp->N)); ------------------ | | 41| 714| do \ | | 42| 714| { \ | | 43| 714| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 714] | | ------------------ | | 44| 714| goto cleanup; \ | | 45| 714| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 544| | 545| 714| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pu1, &e, &s_inv)); ------------------ | | 41| 714| do \ | | 42| 714| { \ | | 43| 714| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 714] | | ------------------ | | 44| 714| goto cleanup; \ | | 45| 714| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 546| 714| MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu1, pu1, &grp->N)); ------------------ | | 41| 714| do \ | | 42| 714| { \ | | 43| 714| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 714] | | ------------------ | | 44| 714| goto cleanup; \ | | 45| 714| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 547| | 548| 714| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(pu2, r, &s_inv)); ------------------ | | 41| 714| do \ | | 42| 714| { \ | | 43| 714| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 714] | | ------------------ | | 44| 714| goto cleanup; \ | | 45| 714| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 549| 714| MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu2, pu2, &grp->N)); ------------------ | | 41| 714| do \ | | 42| 714| { \ | | 43| 714| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 714] | | ------------------ | | 44| 714| goto cleanup; \ | | 45| 714| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 550| | 551| 714|#if defined(MBEDTLS_ECP_RESTARTABLE) 552| 714| if (rs_ctx != NULL && rs_ctx->ver != NULL) { ------------------ | Branch (552:9): [True: 0, False: 714] | Branch (552:27): [True: 0, False: 0] ------------------ 553| 0| rs_ctx->ver->state = ecdsa_ver_muladd; 554| 0| } 555| | 556| 714|muladd: 557| 714|#endif 558| | /* 559| | * Step 5: R = u1 G + u2 Q 560| | */ 561| 714| MBEDTLS_MPI_CHK(mbedtls_ecp_muladd_restartable(grp, ------------------ | | 41| 714| do \ | | 42| 714| { \ | | 43| 1.42k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 714] | | | Branch (43:21): [True: 714, False: 0] | | ------------------ | | 44| 714| goto cleanup; \ | | 45| 714| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 562| 714| &R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP)); 563| | 564| 714| if (mbedtls_ecp_is_zero(&R)) { ------------------ | Branch (564:9): [True: 0, False: 714] ------------------ 565| 0| ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; ------------------ | | 41| 0|#define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 ------------------ 566| 0| goto cleanup; 567| 0| } 568| | 569| | /* 570| | * Step 6: convert xR to an integer (no-op) 571| | * Step 7: reduce xR mod n (gives v) 572| | */ 573| 714| MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&R.X, &R.X, &grp->N)); ------------------ | | 41| 714| do \ | | 42| 714| { \ | | 43| 714| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 714] | | ------------------ | | 44| 714| goto cleanup; \ | | 45| 714| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 574| | 575| | /* 576| | * Step 8: check if v (that is, R.X) is equal to r 577| | */ 578| 714| if (mbedtls_mpi_cmp_mpi(&R.X, r) != 0) { ------------------ | Branch (578:9): [True: 0, False: 714] ------------------ 579| 0| ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; ------------------ | | 41| 0|#define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00 ------------------ 580| 0| goto cleanup; 581| 0| } 582| | 583| 714|cleanup: 584| 714| mbedtls_ecp_point_free(&R); 585| 714| mbedtls_mpi_free(&e); mbedtls_mpi_free(&s_inv); 586| 714| mbedtls_mpi_free(&u1); mbedtls_mpi_free(&u2); 587| | 588| 714| ECDSA_RS_LEAVE(ver); ------------------ | | 171| 714|#define ECDSA_RS_LEAVE(SUB) do { \ | | 172| 714| /* clear our sub-context when not in progress (done or error) */ \ | | 173| 714| if (rs_ctx != NULL && rs_ctx->SUB != NULL && \ | | ------------------ | | | Branch (173:13): [True: 0, False: 714] | | | Branch (173:31): [True: 0, False: 0] | | ------------------ | | 174| 714| ret != MBEDTLS_ERR_ECP_IN_PROGRESS) \ | | ------------------ | | | | 51| 0|#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 | | ------------------ | | | Branch (174:13): [True: 0, False: 0] | | ------------------ | | 175| 714| { \ | | 176| 0| ecdsa_restart_## SUB ##_free(rs_ctx->SUB); \ | | 177| 0| mbedtls_free(rs_ctx->SUB); \ | | ------------------ | | | | 143| 0|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | | | ------------------ | | | | | | 4095| 0|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | | | ------------------ | | ------------------ | | 178| 0| rs_ctx->SUB = NULL; \ | | 179| 0| } \ | | 180| 714| \ | | 181| 714| if (rs_ctx != NULL) \ | | ------------------ | | | Branch (181:13): [True: 0, False: 714] | | ------------------ | | 182| 714| rs_ctx->ecp.depth--; \ | | 183| 714|} while (0) | | ------------------ | | | Branch (183:10): [Folded - Ignored] | | ------------------ ------------------ 589| | 590| 714| return ret; 591| 714|} mbedtls_ecdsa_read_signature: 706| 714|{ 707| 714| return mbedtls_ecdsa_read_signature_restartable( 708| 714| ctx, hash, hlen, sig, slen, NULL); 709| 714|} mbedtls_ecdsa_read_signature_restartable: 718| 714|{ 719| 714| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 714|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 720| 714| unsigned char *p = (unsigned char *) sig; 721| 714| const unsigned char *end = sig + slen; 722| 714| size_t len; 723| 714| mbedtls_mpi r, s; 724| 714| mbedtls_mpi_init(&r); 725| 714| mbedtls_mpi_init(&s); 726| | 727| 714| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (727:9): [True: 0, False: 714] ------------------ 728| 714| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 714|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 714|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 729| 0| ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 730| 0| goto cleanup; 731| 0| } 732| | 733| 714| if (p + len != end) { ------------------ | Branch (733:9): [True: 0, False: 714] ------------------ 734| 0| ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_ECP_BAD_INPUT_DATA, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 735| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 736| 0| goto cleanup; 737| 0| } 738| | 739| 714| if ((ret = mbedtls_asn1_get_mpi(&p, end, &r)) != 0 || ------------------ | Branch (739:9): [True: 0, False: 714] ------------------ 740| 714| (ret = mbedtls_asn1_get_mpi(&p, end, &s)) != 0) { ------------------ | Branch (740:9): [True: 0, False: 714] ------------------ 741| 0| ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 742| 0| goto cleanup; 743| 0| } 744| |#if defined(MBEDTLS_ECDSA_VERIFY_ALT) 745| | (void) rs_ctx; 746| | 747| | if ((ret = mbedtls_ecdsa_verify(&ctx->grp, hash, hlen, 748| | &ctx->Q, &r, &s)) != 0) { 749| | goto cleanup; 750| | } 751| |#else 752| 714| if ((ret = mbedtls_ecdsa_verify_restartable(&ctx->grp, hash, hlen, ------------------ | Branch (752:9): [True: 0, False: 714] ------------------ 753| 714| &ctx->Q, &r, &s, rs_ctx)) != 0) { 754| 0| goto cleanup; 755| 0| } 756| 714|#endif /* MBEDTLS_ECDSA_VERIFY_ALT */ 757| | 758| | /* At this point we know that the buffer starts with a valid signature. 759| | * Return 0 if the buffer just contains the signature, and a specific 760| | * error code if the valid signature is followed by more data. */ 761| 714| if (p != end) { ------------------ | Branch (761:9): [True: 0, False: 714] ------------------ 762| 0| ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH; ------------------ | | 49| 0|#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 ------------------ 763| 0| } 764| | 765| 714|cleanup: 766| 714| mbedtls_mpi_free(&r); 767| 714| mbedtls_mpi_free(&s); 768| | 769| 714| return ret; 770| 714|} ecdsa.c:derive_mpi: 205| 714|{ 206| 714| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 714|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 207| 714| size_t n_size = (grp->nbits + 7) / 8; 208| 714| size_t use_size = blen > n_size ? n_size : blen; ------------------ | Branch (208:23): [True: 0, False: 714] ------------------ 209| | 210| 714| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(x, buf, use_size)); ------------------ | | 41| 714| do \ | | 42| 714| { \ | | 43| 714| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 714] | | ------------------ | | 44| 714| goto cleanup; \ | | 45| 714| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 211| 714| if (use_size * 8 > grp->nbits) { ------------------ | Branch (211:9): [True: 0, False: 714] ------------------ 212| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(x, use_size * 8 - grp->nbits)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 213| 0| } 214| | 215| | /* While at it, reduce modulo N */ 216| 714| if (mbedtls_mpi_cmp_mpi(x, &grp->N) >= 0) { ------------------ | Branch (216:9): [True: 0, False: 714] ------------------ 217| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(x, x, &grp->N)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 218| 0| } 219| | 220| 714|cleanup: 221| 714| return ret; 222| 714|} mbedtls_ecp_restart_is_enabled: 117| 2.85k|{ 118| 2.85k| return ecp_max_ops != 0; 119| 2.85k|} mbedtls_ecp_restart_init: 218| 714|{ 219| 714| ctx->ops_done = 0; 220| 714| ctx->depth = 0; 221| 714| ctx->rsm = NULL; 222| 714| ctx->ma = NULL; 223| 714|} mbedtls_ecp_restart_free: 229| 357|{ 230| 357| if (ctx == NULL) { ------------------ | Branch (230:9): [True: 0, False: 357] ------------------ 231| 0| return; 232| 0| } 233| | 234| 357| ecp_restart_rsm_free(ctx->rsm); 235| 357| mbedtls_free(ctx->rsm); ------------------ | | 143| 357|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 357|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 236| | 237| 357| ecp_restart_ma_free(ctx->ma); 238| 357| mbedtls_free(ctx->ma); ------------------ | | 143| 357|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 357|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 239| | 240| 357| mbedtls_ecp_restart_init(ctx); 241| 357|} mbedtls_ecp_check_budget: 249| 227k|{ 250| 227k| if (rs_ctx != NULL && ecp_max_ops != 0) { ------------------ | Branch (250:9): [True: 0, False: 227k] | Branch (250:27): [True: 0, False: 0] ------------------ 251| | /* scale depending on curve size: the chosen reference is 256-bit, 252| | * and multiplication is quadratic. Round to the closest integer. */ 253| 0| if (grp->pbits >= 512) { ------------------ | Branch (253:13): [True: 0, False: 0] ------------------ 254| 0| ops *= 4; 255| 0| } else if (grp->pbits >= 384) { ------------------ | Branch (255:20): [True: 0, False: 0] ------------------ 256| 0| ops *= 2; 257| 0| } 258| | 259| | /* Avoid infinite loops: always allow first step. 260| | * Because of that, however, it's not generally true 261| | * that ops_done <= ecp_max_ops, so the check 262| | * ops_done > ecp_max_ops below is mandatory. */ 263| 0| if ((rs_ctx->ops_done != 0) && ------------------ | Branch (263:13): [True: 0, False: 0] ------------------ 264| 0| (rs_ctx->ops_done > ecp_max_ops || ------------------ | Branch (264:14): [True: 0, False: 0] ------------------ 265| 0| ops > ecp_max_ops - rs_ctx->ops_done)) { ------------------ | Branch (265:14): [True: 0, False: 0] ------------------ 266| 0| return MBEDTLS_ERR_ECP_IN_PROGRESS; ------------------ | | 51| 0|#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 ------------------ 267| 0| } 268| | 269| | /* update running count */ 270| 0| rs_ctx->ops_done += ops; 271| 0| } 272| | 273| 227k| return 0; 274| 227k|} mbedtls_ecp_get_type: 487| 32.1k|{ 488| 32.1k| if (grp->G.X.p == NULL) { ------------------ | Branch (488:9): [True: 0, False: 32.1k] ------------------ 489| 0| return MBEDTLS_ECP_TYPE_NONE; 490| 0| } 491| | 492| 32.1k| if (grp->G.Y.p == NULL) { ------------------ | Branch (492:9): [True: 0, False: 32.1k] ------------------ 493| 0| return MBEDTLS_ECP_TYPE_MONTGOMERY; 494| 32.1k| } else { 495| 32.1k| return MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS; 496| 32.1k| } 497| 32.1k|} mbedtls_ecp_point_init: 503| 27.8k|{ 504| 27.8k| mbedtls_mpi_init(&pt->X); 505| 27.8k| mbedtls_mpi_init(&pt->Y); 506| 27.8k| mbedtls_mpi_init(&pt->Z); 507| 27.8k|} mbedtls_ecp_group_init: 513| 12.1k|{ 514| 12.1k| grp->id = MBEDTLS_ECP_DP_NONE; 515| 12.1k| mbedtls_mpi_init(&grp->P); 516| 12.1k| mbedtls_mpi_init(&grp->A); 517| 12.1k| mbedtls_mpi_init(&grp->B); 518| 12.1k| mbedtls_ecp_point_init(&grp->G); 519| 12.1k| mbedtls_mpi_init(&grp->N); 520| 12.1k| grp->pbits = 0; 521| 12.1k| grp->nbits = 0; 522| 12.1k| grp->h = 0; 523| 12.1k| grp->modp = NULL; 524| 12.1k| grp->t_pre = NULL; 525| 12.1k| grp->t_post = NULL; 526| 12.1k| grp->t_data = NULL; 527| 12.1k| grp->T = NULL; 528| 12.1k| grp->T_size = 0; 529| 12.1k|} mbedtls_ecp_keypair_init: 535| 5.71k|{ 536| 5.71k| mbedtls_ecp_group_init(&key->grp); 537| 5.71k| mbedtls_mpi_init(&key->d); 538| 5.71k| mbedtls_ecp_point_init(&key->Q); 539| 5.71k|} mbedtls_ecp_point_free: 545| 21.7k|{ 546| 21.7k| if (pt == NULL) { ------------------ | Branch (546:9): [True: 0, False: 21.7k] ------------------ 547| 0| return; 548| 0| } 549| | 550| 21.7k| mbedtls_mpi_free(&(pt->X)); 551| 21.7k| mbedtls_mpi_free(&(pt->Y)); 552| 21.7k| mbedtls_mpi_free(&(pt->Z)); 553| 21.7k|} mbedtls_ecp_group_free: 572| 12.1k|{ 573| 12.1k| size_t i; 574| | 575| 12.1k| if (grp == NULL) { ------------------ | Branch (575:9): [True: 0, False: 12.1k] ------------------ 576| 0| return; 577| 0| } 578| | 579| 12.1k| if (grp->h != 1) { ------------------ | Branch (579:9): [True: 6.06k, False: 6.06k] ------------------ 580| 6.06k| mbedtls_mpi_free(&grp->A); 581| 6.06k| mbedtls_mpi_free(&grp->B); 582| 6.06k| mbedtls_ecp_point_free(&grp->G); 583| | 584| 6.06k|#if !defined(MBEDTLS_ECP_WITH_MPI_UINT) 585| 6.06k| mbedtls_mpi_free(&grp->N); 586| 6.06k| mbedtls_mpi_free(&grp->P); 587| 6.06k|#endif 588| 6.06k| } 589| | 590| 12.1k| if (!ecp_group_is_static_comb_table(grp) && grp->T != NULL) { ------------------ | Branch (590:9): [True: 6.06k, False: 6.06k] | Branch (590:49): [True: 0, False: 6.06k] ------------------ 591| 0| for (i = 0; i < grp->T_size; i++) { ------------------ | Branch (591:21): [True: 0, False: 0] ------------------ 592| 0| mbedtls_ecp_point_free(&grp->T[i]); 593| 0| } 594| 0| mbedtls_free(grp->T); ------------------ | | 143| 0|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 0|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 595| 0| } 596| | 597| 12.1k| mbedtls_platform_zeroize(grp, sizeof(mbedtls_ecp_group)); 598| 12.1k|} mbedtls_ecp_keypair_free: 604| 5.71k|{ 605| 5.71k| if (key == NULL) { ------------------ | Branch (605:9): [True: 0, False: 5.71k] ------------------ 606| 0| return; 607| 0| } 608| | 609| 5.71k| mbedtls_ecp_group_free(&key->grp); 610| 5.71k| mbedtls_mpi_free(&key->d); 611| 5.71k| mbedtls_ecp_point_free(&key->Q); 612| 5.71k|} mbedtls_ecp_copy: 618| 3.21k|{ 619| 3.21k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3.21k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 620| 3.21k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->X, &Q->X)); ------------------ | | 41| 3.21k| do \ | | 42| 3.21k| { \ | | 43| 3.21k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 3.21k] | | ------------------ | | 44| 3.21k| goto cleanup; \ | | 45| 3.21k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 621| 3.21k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->Y, &Q->Y)); ------------------ | | 41| 3.21k| do \ | | 42| 3.21k| { \ | | 43| 3.21k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 3.21k] | | ------------------ | | 44| 3.21k| goto cleanup; \ | | 45| 3.21k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 622| 3.21k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&P->Z, &Q->Z)); ------------------ | | 41| 3.21k| do \ | | 42| 3.21k| { \ | | 43| 3.21k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 3.21k] | | ------------------ | | 44| 3.21k| goto cleanup; \ | | 45| 3.21k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 623| | 624| 3.21k|cleanup: 625| 3.21k| return ret; 626| 3.21k|} mbedtls_ecp_is_zero: 654| 714|{ 655| 714| return mbedtls_mpi_cmp_int(&pt->Z, 0) == 0; 656| 714|} mbedtls_ecp_point_read_binary: 772| 5.71k|{ 773| 5.71k| int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; ------------------ | | 39| 5.71k|#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 ------------------ 774| 5.71k| size_t plen; 775| 5.71k| if (ilen < 1) { ------------------ | Branch (775:9): [True: 0, False: 5.71k] ------------------ 776| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 777| 0| } 778| | 779| 5.71k| plen = mbedtls_mpi_size(&grp->P); 780| | 781| 5.71k|#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) 782| 5.71k| if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { ------------------ | Branch (782:9): [True: 0, False: 5.71k] ------------------ 783| 0| if (plen != ilen) { ------------------ | Branch (783:13): [True: 0, False: 0] ------------------ 784| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 785| 0| } 786| | 787| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary_le(&pt->X, buf, plen)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 788| 0| mbedtls_mpi_free(&pt->Y); 789| | 790| 0| if (grp->id == MBEDTLS_ECP_DP_CURVE25519) { ------------------ | Branch (790:13): [True: 0, False: 0] ------------------ 791| | /* Set most significant bit to 0 as prescribed in RFC7748 §5 */ 792| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&pt->X, plen * 8 - 1, 0)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 793| 0| } 794| | 795| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 796| 0| } 797| 5.71k|#endif 798| 5.71k|#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) 799| 5.71k| if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { ------------------ | Branch (799:9): [True: 5.71k, False: 0] ------------------ 800| 5.71k| if (buf[0] == 0x00) { ------------------ | Branch (800:13): [True: 0, False: 5.71k] ------------------ 801| 0| if (ilen == 1) { ------------------ | Branch (801:17): [True: 0, False: 0] ------------------ 802| 0| return mbedtls_ecp_set_zero(pt); 803| 0| } else { 804| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 805| 0| } 806| 0| } 807| | 808| 5.71k| if (ilen < 1 + plen) { ------------------ | Branch (808:13): [True: 0, False: 5.71k] ------------------ 809| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 810| 0| } 811| | 812| 5.71k| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, buf + 1, plen)); ------------------ | | 41| 5.71k| do \ | | 42| 5.71k| { \ | | 43| 5.71k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 5.71k] | | ------------------ | | 44| 5.71k| goto cleanup; \ | | 45| 5.71k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 813| 5.71k| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&pt->Z, 1)); ------------------ | | 41| 5.71k| do \ | | 42| 5.71k| { \ | | 43| 5.71k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 5.71k] | | ------------------ | | 44| 5.71k| goto cleanup; \ | | 45| 5.71k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 814| | 815| 5.71k| if (buf[0] == 0x04) { ------------------ | Branch (815:13): [True: 5.71k, False: 0] ------------------ 816| | /* format == MBEDTLS_ECP_PF_UNCOMPRESSED */ 817| 5.71k| if (ilen != 1 + plen * 2) { ------------------ | Branch (817:17): [True: 0, False: 5.71k] ------------------ 818| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 819| 0| } 820| 5.71k| return mbedtls_mpi_read_binary(&pt->Y, buf + 1 + plen, plen); 821| 5.71k| } else if (buf[0] == 0x02 || buf[0] == 0x03) { ------------------ | Branch (821:20): [True: 0, False: 0] | Branch (821:38): [True: 0, False: 0] ------------------ 822| | /* format == MBEDTLS_ECP_PF_COMPRESSED */ 823| 0| if (ilen != 1 + plen) { ------------------ | Branch (823:17): [True: 0, False: 0] ------------------ 824| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 825| 0| } 826| 0| return mbedtls_ecp_sw_derive_y(grp, &pt->X, &pt->Y, 827| 0| (buf[0] & 1)); 828| 0| } else { 829| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 830| 0| } 831| 5.71k| } 832| 0|#endif 833| | 834| 0|cleanup: 835| 0| return ret; 836| 5.71k|} mbedtls_ecp_muladd_restartable: 2805| 714|{ 2806| 714| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 714|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 2807| 714| mbedtls_ecp_point mP; 2808| 714| mbedtls_ecp_point *pmP = &mP; 2809| 714| mbedtls_ecp_point *pR = R; 2810| 714| mbedtls_mpi tmp[4]; 2811| |#if defined(MBEDTLS_ECP_INTERNAL_ALT) 2812| | char is_grp_capable = 0; 2813| |#endif 2814| 714| if (mbedtls_ecp_get_type(grp) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { ------------------ | Branch (2814:9): [True: 0, False: 714] ------------------ 2815| 0| return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; ------------------ | | 39| 0|#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 ------------------ 2816| 0| } 2817| | 2818| 714| mbedtls_ecp_point_init(&mP); 2819| 714| mpi_init_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi)); 2820| | 2821| 714| ECP_RS_ENTER(ma); ------------------ | | 277| 714|#define ECP_RS_ENTER(SUB) do { \ | | 278| 714| /* reset ops count for this call if top-level */ \ | | 279| 714| if (rs_ctx != NULL && rs_ctx->depth++ == 0) \ | | ------------------ | | | Branch (279:13): [True: 0, False: 714] | | | Branch (279:31): [True: 0, False: 0] | | ------------------ | | 280| 714| rs_ctx->ops_done = 0; \ | | 281| 714| \ | | 282| 714| /* set up our own sub-context if needed */ \ | | 283| 714| if (mbedtls_ecp_restart_is_enabled() && \ | | ------------------ | | | Branch (283:13): [True: 0, False: 714] | | ------------------ | | 284| 714| rs_ctx != NULL && rs_ctx->SUB == NULL) \ | | ------------------ | | | Branch (284:13): [True: 0, False: 0] | | | Branch (284:31): [True: 0, False: 0] | | ------------------ | | 285| 714| { \ | | 286| 0| rs_ctx->SUB = mbedtls_calloc(1, sizeof(*rs_ctx->SUB)); \ | | ------------------ | | | | 144| 0|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | | | ------------------ | | | | | | 4093| 0|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | | | ------------------ | | ------------------ | | 287| 0| if (rs_ctx->SUB == NULL) \ | | ------------------ | | | Branch (287:17): [True: 0, False: 0] | | ------------------ | | 288| 0| return MBEDTLS_ERR_ECP_ALLOC_FAILED; \ | | ------------------ | | | | 43| 0|#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 | | ------------------ | | 289| 0| \ | | 290| 0| ecp_restart_## SUB ##_init(rs_ctx->SUB); \ | | 291| 0| } \ | | 292| 714|} while (0) | | ------------------ | | | Branch (292:10): [Folded - Ignored] | | ------------------ ------------------ 2822| | 2823| 714|#if defined(MBEDTLS_ECP_RESTARTABLE) 2824| 714| if (rs_ctx != NULL && rs_ctx->ma != NULL) { ------------------ | Branch (2824:9): [True: 0, False: 714] | Branch (2824:27): [True: 0, False: 0] ------------------ 2825| | /* redirect intermediate results to restart context */ 2826| 0| pmP = &rs_ctx->ma->mP; 2827| 0| pR = &rs_ctx->ma->R; 2828| | 2829| | /* jump to next operation */ 2830| 0| if (rs_ctx->ma->state == ecp_rsma_mul2) { ------------------ | Branch (2830:13): [True: 0, False: 0] ------------------ 2831| 0| goto mul2; 2832| 0| } 2833| 0| if (rs_ctx->ma->state == ecp_rsma_add) { ------------------ | Branch (2833:13): [True: 0, False: 0] ------------------ 2834| 0| goto add; 2835| 0| } 2836| 0| if (rs_ctx->ma->state == ecp_rsma_norm) { ------------------ | Branch (2836:13): [True: 0, False: 0] ------------------ 2837| 0| goto norm; 2838| 0| } 2839| 0| } 2840| 714|#endif /* MBEDTLS_ECP_RESTARTABLE */ 2841| | 2842| 714| MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pmP, m, P, rs_ctx)); ------------------ | | 41| 714| do \ | | 42| 714| { \ | | 43| 714| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 714] | | ------------------ | | 44| 714| goto cleanup; \ | | 45| 714| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2843| 714|#if defined(MBEDTLS_ECP_RESTARTABLE) 2844| 714| if (rs_ctx != NULL && rs_ctx->ma != NULL) { ------------------ | Branch (2844:9): [True: 0, False: 714] | Branch (2844:27): [True: 0, False: 0] ------------------ 2845| 0| rs_ctx->ma->state = ecp_rsma_mul2; 2846| 0| } 2847| | 2848| 714|mul2: 2849| 714|#endif 2850| 714| MBEDTLS_MPI_CHK(mbedtls_ecp_mul_shortcuts(grp, pR, n, Q, rs_ctx)); ------------------ | | 41| 714| do \ | | 42| 714| { \ | | 43| 714| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 714] | | ------------------ | | 44| 714| goto cleanup; \ | | 45| 714| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2851| | 2852| |#if defined(MBEDTLS_ECP_INTERNAL_ALT) 2853| | if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) { 2854| | MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); 2855| | } 2856| |#endif /* MBEDTLS_ECP_INTERNAL_ALT */ 2857| | 2858| 714|#if defined(MBEDTLS_ECP_RESTARTABLE) 2859| 714| if (rs_ctx != NULL && rs_ctx->ma != NULL) { ------------------ | Branch (2859:9): [True: 0, False: 714] | Branch (2859:27): [True: 0, False: 0] ------------------ 2860| 0| rs_ctx->ma->state = ecp_rsma_add; 2861| 0| } 2862| | 2863| 714|add: 2864| 714|#endif 2865| 714| MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_ADD); ------------------ | | 408| 714| MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, rs_ctx, \ | | ------------------ | | | | 41| 714| do \ | | | | 42| 714| { \ | | | | 43| 714| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 714] | | | | ------------------ | | | | 44| 714| goto cleanup; \ | | | | 45| 714| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 409| 714| (unsigned) (ops))); ------------------ 2866| 714| MBEDTLS_MPI_CHK(ecp_add_mixed(grp, pR, pmP, pR, tmp)); ------------------ | | 41| 714| do \ | | 42| 714| { \ | | 43| 714| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 714] | | ------------------ | | 44| 714| goto cleanup; \ | | 45| 714| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2867| 714|#if defined(MBEDTLS_ECP_RESTARTABLE) 2868| 714| if (rs_ctx != NULL && rs_ctx->ma != NULL) { ------------------ | Branch (2868:9): [True: 0, False: 714] | Branch (2868:27): [True: 0, False: 0] ------------------ 2869| 0| rs_ctx->ma->state = ecp_rsma_norm; 2870| 0| } 2871| | 2872| 714|norm: 2873| 714|#endif 2874| 714| MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV); ------------------ | | 408| 714| MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, rs_ctx, \ | | ------------------ | | | | 41| 714| do \ | | | | 42| 714| { \ | | | | 43| 714| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 714] | | | | ------------------ | | | | 44| 714| goto cleanup; \ | | | | 45| 714| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 409| 714| (unsigned) (ops))); ------------------ 2875| 714| MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, pR)); ------------------ | | 41| 714| do \ | | 42| 714| { \ | | 43| 714| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 714] | | ------------------ | | 44| 714| goto cleanup; \ | | 45| 714| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2876| | 2877| 714|#if defined(MBEDTLS_ECP_RESTARTABLE) 2878| 714| if (rs_ctx != NULL && rs_ctx->ma != NULL) { ------------------ | Branch (2878:9): [True: 0, False: 714] | Branch (2878:27): [True: 0, False: 0] ------------------ 2879| 0| MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, pR)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2880| 0| } 2881| 714|#endif 2882| | 2883| 714|cleanup: 2884| | 2885| 714| mpi_free_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi)); 2886| | 2887| |#if defined(MBEDTLS_ECP_INTERNAL_ALT) 2888| | if (is_grp_capable) { 2889| | mbedtls_internal_ecp_free(grp); 2890| | } 2891| |#endif /* MBEDTLS_ECP_INTERNAL_ALT */ 2892| | 2893| 714| mbedtls_ecp_point_free(&mP); 2894| | 2895| 714| ECP_RS_LEAVE(ma); ------------------ | | 295| 714|#define ECP_RS_LEAVE(SUB) do { \ | | 296| 714| /* clear our sub-context when not in progress (done or error) */ \ | | 297| 714| if (rs_ctx != NULL && rs_ctx->SUB != NULL && \ | | ------------------ | | | Branch (297:13): [True: 0, False: 714] | | | Branch (297:31): [True: 0, False: 0] | | ------------------ | | 298| 714| ret != MBEDTLS_ERR_ECP_IN_PROGRESS) \ | | ------------------ | | | | 51| 0|#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 | | ------------------ | | | Branch (298:13): [True: 0, False: 0] | | ------------------ | | 299| 714| { \ | | 300| 0| ecp_restart_## SUB ##_free(rs_ctx->SUB); \ | | 301| 0| mbedtls_free(rs_ctx->SUB); \ | | ------------------ | | | | 143| 0|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | | | ------------------ | | | | | | 4095| 0|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | | | ------------------ | | ------------------ | | 302| 0| rs_ctx->SUB = NULL; \ | | 303| 0| } \ | | 304| 714| \ | | 305| 714| if (rs_ctx != NULL) \ | | ------------------ | | | Branch (305:13): [True: 0, False: 714] | | ------------------ | | 306| 714| rs_ctx->depth--; \ | | 307| 714|} while (0) | | ------------------ | | | Branch (307:10): [Folded - Ignored] | | ------------------ ------------------ 2896| | 2897| 714| return ret; 2898| 714|} mbedtls_ecp_check_pubkey: 3029| 7.14k|{ 3030| | /* Must use affine coordinates */ 3031| 7.14k| if (mbedtls_mpi_cmp_int(&pt->Z, 1) != 0) { ------------------ | Branch (3031:9): [True: 0, False: 7.14k] ------------------ 3032| 0| return MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 0|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 3033| 0| } 3034| | 3035| 7.14k|#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) 3036| 7.14k| if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { ------------------ | Branch (3036:9): [True: 0, False: 7.14k] ------------------ 3037| 0| return ecp_check_pubkey_mx(grp, pt); 3038| 0| } 3039| 7.14k|#endif 3040| 7.14k|#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) 3041| 7.14k| if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { ------------------ | Branch (3041:9): [True: 7.14k, False: 0] ------------------ 3042| 7.14k| return ecp_check_pubkey_sw(grp, pt); 3043| 7.14k| } 3044| 0|#endif 3045| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 3046| 7.14k|} mbedtls_ecp_check_privkey: 3053| 1.42k|{ 3054| 1.42k|#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) 3055| 1.42k| if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { ------------------ | Branch (3055:9): [True: 0, False: 1.42k] ------------------ 3056| | /* see RFC 7748 sec. 5 para. 5 */ 3057| 0| if (mbedtls_mpi_get_bit(d, 0) != 0 || ------------------ | Branch (3057:13): [True: 0, False: 0] ------------------ 3058| 0| mbedtls_mpi_get_bit(d, 1) != 0 || ------------------ | Branch (3058:13): [True: 0, False: 0] ------------------ 3059| 0| mbedtls_mpi_bitlen(d) - 1 != grp->nbits) { /* mbedtls_mpi_bitlen is one-based! */ ------------------ | Branch (3059:13): [True: 0, False: 0] ------------------ 3060| 0| return MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 0|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 3061| 0| } 3062| | 3063| | /* see [Curve25519] page 5 */ 3064| 0| if (grp->nbits == 254 && mbedtls_mpi_get_bit(d, 2) != 0) { ------------------ | Branch (3064:13): [True: 0, False: 0] | Branch (3064:34): [True: 0, False: 0] ------------------ 3065| 0| return MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 0|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 3066| 0| } 3067| | 3068| 0| return 0; 3069| 0| } 3070| 1.42k|#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ 3071| 1.42k|#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) 3072| 1.42k| if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { ------------------ | Branch (3072:9): [True: 1.42k, False: 0] ------------------ 3073| | /* see SEC1 3.2 */ 3074| 1.42k| if (mbedtls_mpi_cmp_int(d, 1) < 0 || ------------------ | Branch (3074:13): [True: 0, False: 1.42k] ------------------ 3075| 1.42k| mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) { ------------------ | Branch (3075:13): [True: 0, False: 1.42k] ------------------ 3076| 0| return MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 0|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 3077| 1.42k| } else { 3078| 1.42k| return 0; 3079| 1.42k| } 3080| 1.42k| } 3081| 0|#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ 3082| | 3083| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 3084| 1.42k|} ecp.c:ecp_restart_rsm_free: 156| 357|{ 157| 357| unsigned char i; 158| | 159| 357| if (ctx == NULL) { ------------------ | Branch (159:9): [True: 357, False: 0] ------------------ 160| 357| return; 161| 357| } 162| | 163| 0| mbedtls_ecp_point_free(&ctx->R); 164| | 165| 0| if (ctx->T != NULL) { ------------------ | Branch (165:9): [True: 0, False: 0] ------------------ 166| 0| for (i = 0; i < ctx->T_size; i++) { ------------------ | Branch (166:21): [True: 0, False: 0] ------------------ 167| 0| mbedtls_ecp_point_free(ctx->T + i); 168| 0| } 169| 0| mbedtls_free(ctx->T); ------------------ | | 143| 0|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 0|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 170| 0| } 171| | 172| 0| ecp_restart_rsm_init(ctx); 173| 0|} ecp.c:ecp_restart_ma_free: 203| 357|{ 204| 357| if (ctx == NULL) { ------------------ | Branch (204:9): [True: 357, False: 0] ------------------ 205| 357| return; 206| 357| } 207| | 208| 0| mbedtls_ecp_point_free(&ctx->mP); 209| 0| mbedtls_ecp_point_free(&ctx->R); 210| | 211| 0| ecp_restart_ma_init(ctx); 212| 0|} ecp.c:ecp_group_is_static_comb_table: 559| 12.8k|{ 560| 12.8k|#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 561| 12.8k| return grp->T != NULL && grp->T_size == 0; ------------------ | Branch (561:12): [True: 6.78k, False: 6.06k] | Branch (561:30): [True: 6.78k, False: 0] ------------------ 562| |#else 563| | (void) grp; 564| | return 0; 565| |#endif 566| 12.8k|} ecp.c:ecp_sw_rhs: 1228| 7.14k|{ 1229| 7.14k| int ret; 1230| | 1231| | /* Compute X^3 + A X + B as X (X^2 + A) + B */ 1232| 7.14k| MPI_ECP_SQR(rhs, X); ------------------ | | 1170| 7.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 7.14k| do \ | | | | 42| 7.14k| { \ | | | | 43| 7.14k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 7.14k] | | | | ------------------ | | | | 44| 7.14k| goto cleanup; \ | | | | 45| 7.14k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1233| | 1234| | /* Special case for A = -3 */ 1235| 7.14k| if (mbedtls_ecp_group_a_is_minus_3(grp)) { ------------------ | Branch (1235:9): [True: 7.14k, False: 0] ------------------ 1236| 7.14k| MPI_ECP_SUB_INT(rhs, rhs, 3); ------------------ | | 1140| 7.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int_mod(grp, X, A, c)) | | ------------------ | | | | 41| 7.14k| do \ | | | | 42| 7.14k| { \ | | | | 43| 7.14k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 7.14k] | | | | ------------------ | | | | 44| 7.14k| goto cleanup; \ | | | | 45| 7.14k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1237| 7.14k| } else { 1238| 0| MPI_ECP_ADD(rhs, rhs, &grp->A); ------------------ | | 1161| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, X, A, B)) | | ------------------ | | | | 41| 0| do \ | | | | 42| 0| { \ | | | | 43| 0| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 0] | | | | ------------------ | | | | 44| 0| goto cleanup; \ | | | | 45| 0| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1239| 0| } 1240| | 1241| 7.14k| MPI_ECP_MUL(rhs, rhs, X); ------------------ | | 1167| 7.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 7.14k| do \ | | | | 42| 7.14k| { \ | | | | 43| 7.14k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 7.14k] | | | | ------------------ | | | | 44| 7.14k| goto cleanup; \ | | | | 45| 7.14k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1242| 7.14k| MPI_ECP_ADD(rhs, rhs, &grp->B); ------------------ | | 1161| 7.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, X, A, B)) | | ------------------ | | | | 41| 7.14k| do \ | | | | 42| 7.14k| { \ | | | | 43| 7.14k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 7.14k] | | | | ------------------ | | | | 44| 7.14k| goto cleanup; \ | | | | 45| 7.14k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1243| | 1244| 7.14k|cleanup: 1245| 7.14k| return ret; 1246| 7.14k|} ecp.c:mbedtls_mpi_mul_mod: 1059| 2.80M|{ 1060| 2.80M| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2.80M|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1061| 2.80M| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(X, A, B)); ------------------ | | 41| 2.80M| do \ | | 42| 2.80M| { \ | | 43| 2.80M| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.80M] | | ------------------ | | 44| 2.80M| goto cleanup; \ | | 45| 2.80M| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1062| 2.80M| MOD_MUL(*X); ------------------ | | 1049| 2.80M| do \ | | 1050| 2.80M| { \ | | 1051| 2.80M| MBEDTLS_MPI_CHK(ecp_modp(&(N), grp)); \ | | ------------------ | | | | 41| 2.80M| do \ | | | | 42| 2.80M| { \ | | | | 43| 2.80M| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 2.80M] | | | | ------------------ | | | | 44| 2.80M| goto cleanup; \ | | | | 45| 2.80M| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 1052| 2.80M| INC_MUL_COUNT \ | | ------------------ | | | | 1043| 2.80M|#define INC_MUL_COUNT mul_count++; | | ------------------ | | 1053| 2.80M| } while (0) | | ------------------ | | | Branch (1053:14): [Folded - Ignored] | | ------------------ ------------------ 1063| 2.80M|cleanup: 1064| 2.80M| return ret; 1065| 2.80M|} ecp.c:ecp_modp: 1000| 2.80M|{ 1001| 2.80M| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2.80M|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1002| | 1003| 2.80M| if (grp->modp == NULL) { ------------------ | Branch (1003:9): [True: 0, False: 2.80M] ------------------ 1004| 0| return mbedtls_mpi_mod_mpi(N, N, &grp->P); 1005| 0| } 1006| | 1007| | /* N->s < 0 is a much faster test, which fails only if N is 0 */ 1008| 2.80M| if ((N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) || ------------------ | Branch (1008:10): [True: 0, False: 2.80M] | Branch (1008:22): [True: 0, False: 0] ------------------ 1009| 2.80M| mbedtls_mpi_bitlen(N) > 2 * grp->pbits) { ------------------ | Branch (1009:9): [True: 0, False: 2.80M] ------------------ 1010| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 1011| 0| } 1012| | 1013| 2.80M| MBEDTLS_MPI_CHK(grp->modp(N)); ------------------ | | 41| 2.80M| do \ | | 42| 2.80M| { \ | | 43| 2.80M| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.80M] | | ------------------ | | 44| 2.80M| goto cleanup; \ | | 45| 2.80M| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1014| | 1015| | /* N->s < 0 is a much faster test, which fails only if N is 0 */ 1016| 5.07M| while (N->s < 0 && mbedtls_mpi_cmp_int(N, 0) != 0) { ------------------ | Branch (1016:12): [True: 2.26M, False: 2.80M] | Branch (1016:24): [True: 2.26M, False: 0] ------------------ 1017| 2.26M| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &grp->P)); ------------------ | | 41| 2.26M| do \ | | 42| 2.26M| { \ | | 43| 2.26M| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.26M] | | ------------------ | | 44| 2.26M| goto cleanup; \ | | 45| 2.26M| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1018| 2.26M| } 1019| | 1020| 3.31M| while (mbedtls_mpi_cmp_mpi(N, &grp->P) >= 0) { ------------------ | Branch (1020:12): [True: 510k, False: 2.80M] ------------------ 1021| | /* we known P, N and the result are positive */ 1022| 510k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs(N, N, &grp->P)); ------------------ | | 41| 510k| do \ | | 42| 510k| { \ | | 43| 510k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 510k] | | ------------------ | | 44| 510k| goto cleanup; \ | | 45| 510k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1023| 510k| } 1024| | 1025| 2.80M|cleanup: 1026| 2.80M| return ret; 1027| 2.80M|} ecp.c:mbedtls_mpi_sub_int_mod: 1130| 7.14k|{ 1131| 7.14k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.14k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1132| | 1133| 7.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(X, A, c)); ------------------ | | 41| 7.14k| do \ | | 42| 7.14k| { \ | | 43| 7.14k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 7.14k] | | ------------------ | | 44| 7.14k| goto cleanup; \ | | 45| 7.14k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1134| 7.14k| MOD_SUB(X); ------------------ | | 1072| 7.14k| do { \ | | 1073| 7.14k| while ((N)->s < 0 && mbedtls_mpi_cmp_int((N), 0) != 0) \ | | ------------------ | | | Branch (1073:16): [True: 0, False: 7.14k] | | | Branch (1073:30): [True: 0, False: 0] | | ------------------ | | 1074| 7.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi((N), (N), &grp->P)); \ | | ------------------ | | | | 41| 0| do \ | | | | 42| 0| { \ | | | | 43| 0| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 0] | | | | ------------------ | | | | 44| 0| goto cleanup; \ | | | | 45| 0| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 1075| 7.14k| } while (0) | | ------------------ | | | Branch (1075:14): [Folded - Ignored] | | ------------------ ------------------ 1135| 7.14k|cleanup: 1136| 7.14k| return ret; 1137| 7.14k|} ecp.c:mbedtls_mpi_add_mod: 1103| 227k|{ 1104| 227k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 227k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1105| 227k| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(X, A, B)); ------------------ | | 41| 227k| do \ | | 42| 227k| { \ | | 43| 227k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 227k] | | ------------------ | | 44| 227k| goto cleanup; \ | | 45| 227k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1106| 227k| MOD_ADD(X); ------------------ | | 1096| 335k| while (mbedtls_mpi_cmp_mpi((N), &grp->P) >= 0) \ | | ------------------ | | | Branch (1096:12): [True: 108k, False: 227k] | | ------------------ | | 1097| 227k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs((N), (N), &grp->P)) | | ------------------ | | | | 41| 335k| do \ | | | | 42| 335k| { \ | | | | 43| 108k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 108k] | | | | ------------------ | | | | 44| 108k| goto cleanup; \ | | | | 45| 108k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1107| 227k|cleanup: 1108| 227k| return ret; 1109| 227k|} ecp.c:ecp_mul_restartable_internal: 2630| 1.42k|{ 2631| 1.42k| int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 1.42k|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 2632| |#if defined(MBEDTLS_ECP_INTERNAL_ALT) 2633| | char is_grp_capable = 0; 2634| |#endif 2635| | 2636| 1.42k|#if defined(MBEDTLS_ECP_RESTARTABLE) 2637| | /* reset ops count for this call if top-level */ 2638| 1.42k| if (rs_ctx != NULL && rs_ctx->depth++ == 0) { ------------------ | Branch (2638:9): [True: 0, False: 1.42k] | Branch (2638:27): [True: 0, False: 0] ------------------ 2639| 0| rs_ctx->ops_done = 0; 2640| 0| } 2641| |#else 2642| | (void) rs_ctx; 2643| |#endif 2644| | 2645| |#if defined(MBEDTLS_ECP_INTERNAL_ALT) 2646| | if ((is_grp_capable = mbedtls_internal_ecp_grp_capable(grp))) { 2647| | MBEDTLS_MPI_CHK(mbedtls_internal_ecp_init(grp)); 2648| | } 2649| |#endif /* MBEDTLS_ECP_INTERNAL_ALT */ 2650| | 2651| 1.42k| int restarting = 0; 2652| 1.42k|#if defined(MBEDTLS_ECP_RESTARTABLE) 2653| 1.42k| restarting = (rs_ctx != NULL && rs_ctx->rsm != NULL); ------------------ | Branch (2653:19): [True: 0, False: 1.42k] | Branch (2653:37): [True: 0, False: 0] ------------------ 2654| 1.42k|#endif 2655| | /* skip argument check when restarting */ 2656| 1.42k| if (!restarting) { ------------------ | Branch (2656:9): [True: 1.42k, False: 0] ------------------ 2657| | /* check_privkey is free */ 2658| 1.42k| MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_CHK); ------------------ | | 408| 1.42k| MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, rs_ctx, \ | | ------------------ | | | | 41| 1.42k| do \ | | | | 42| 1.42k| { \ | | | | 43| 1.42k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 1.42k] | | | | ------------------ | | | | 44| 1.42k| goto cleanup; \ | | | | 45| 1.42k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 409| 1.42k| (unsigned) (ops))); ------------------ 2659| | 2660| | /* Common sanity checks */ 2661| 1.42k| MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(grp, m)); ------------------ | | 41| 1.42k| do \ | | 42| 1.42k| { \ | | 43| 1.42k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.42k] | | ------------------ | | 44| 1.42k| goto cleanup; \ | | 45| 1.42k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2662| 1.42k| MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); ------------------ | | 41| 1.42k| do \ | | 42| 1.42k| { \ | | 43| 1.42k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.42k] | | ------------------ | | 44| 1.42k| goto cleanup; \ | | 45| 1.42k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2663| 1.42k| } 2664| | 2665| 1.42k| ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 1.42k|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 2666| 1.42k|#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) 2667| 1.42k| if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { ------------------ | Branch (2667:9): [True: 0, False: 1.42k] ------------------ 2668| 0| MBEDTLS_MPI_CHK(ecp_mul_mxz(grp, R, m, P, f_rng, p_rng)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2669| 0| } 2670| 1.42k|#endif 2671| 1.42k|#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) 2672| 1.42k| if (mbedtls_ecp_get_type(grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { ------------------ | Branch (2672:9): [True: 1.42k, False: 0] ------------------ 2673| 1.42k| MBEDTLS_MPI_CHK(ecp_mul_comb(grp, R, m, P, f_rng, p_rng, rs_ctx)); ------------------ | | 41| 1.42k| do \ | | 42| 1.42k| { \ | | 43| 1.42k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.42k] | | ------------------ | | 44| 1.42k| goto cleanup; \ | | 45| 1.42k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2674| 1.42k| } 2675| 1.42k|#endif 2676| | 2677| 1.42k|cleanup: 2678| | 2679| |#if defined(MBEDTLS_ECP_INTERNAL_ALT) 2680| | if (is_grp_capable) { 2681| | mbedtls_internal_ecp_free(grp); 2682| | } 2683| |#endif /* MBEDTLS_ECP_INTERNAL_ALT */ 2684| | 2685| 1.42k|#if defined(MBEDTLS_ECP_RESTARTABLE) 2686| 1.42k| if (rs_ctx != NULL) { ------------------ | Branch (2686:9): [True: 0, False: 1.42k] ------------------ 2687| 0| rs_ctx->depth--; 2688| 0| } 2689| 1.42k|#endif 2690| | 2691| 1.42k| return ret; 2692| 1.42k|} ecp.c:mbedtls_mpi_sub_mod: 1082| 1.63M|{ 1083| 1.63M| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1.63M|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1084| 1.63M| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(X, A, B)); ------------------ | | 41| 1.63M| do \ | | 42| 1.63M| { \ | | 43| 1.63M| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.63M] | | ------------------ | | 44| 1.63M| goto cleanup; \ | | 45| 1.63M| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1085| 1.63M| MOD_SUB(X); ------------------ | | 1072| 1.63M| do { \ | | 1073| 2.45M| while ((N)->s < 0 && mbedtls_mpi_cmp_int((N), 0) != 0) \ | | ------------------ | | | Branch (1073:16): [True: 820k, False: 1.63M] | | | Branch (1073:30): [True: 820k, False: 0] | | ------------------ | | 1074| 1.63M| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi((N), (N), &grp->P)); \ | | ------------------ | | | | 41| 820k| do \ | | | | 42| 820k| { \ | | | | 43| 820k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 820k] | | | | ------------------ | | | | 44| 820k| goto cleanup; \ | | | | 45| 820k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 1075| 1.63M| } while (0) | | ------------------ | | | Branch (1075:14): [Folded - Ignored] | | ------------------ ------------------ 1086| 1.63M|cleanup: 1087| 1.63M| return ret; 1088| 1.63M|} ecp.c:ecp_mul_comb: 2294| 1.42k|{ 2295| 1.42k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1.42k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 2296| 1.42k| unsigned char w, p_eq_g, i; 2297| 1.42k| size_t d; 2298| 1.42k| unsigned char T_size = 0, T_ok = 0; 2299| 1.42k| mbedtls_ecp_point *T = NULL; 2300| | 2301| 1.42k| ECP_RS_ENTER(rsm); ------------------ | | 277| 1.42k|#define ECP_RS_ENTER(SUB) do { \ | | 278| 1.42k| /* reset ops count for this call if top-level */ \ | | 279| 1.42k| if (rs_ctx != NULL && rs_ctx->depth++ == 0) \ | | ------------------ | | | Branch (279:13): [True: 0, False: 1.42k] | | | Branch (279:31): [True: 0, False: 0] | | ------------------ | | 280| 1.42k| rs_ctx->ops_done = 0; \ | | 281| 1.42k| \ | | 282| 1.42k| /* set up our own sub-context if needed */ \ | | 283| 1.42k| if (mbedtls_ecp_restart_is_enabled() && \ | | ------------------ | | | Branch (283:13): [True: 0, False: 1.42k] | | ------------------ | | 284| 1.42k| rs_ctx != NULL && rs_ctx->SUB == NULL) \ | | ------------------ | | | Branch (284:13): [True: 0, False: 0] | | | Branch (284:31): [True: 0, False: 0] | | ------------------ | | 285| 1.42k| { \ | | 286| 0| rs_ctx->SUB = mbedtls_calloc(1, sizeof(*rs_ctx->SUB)); \ | | ------------------ | | | | 144| 0|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | | | ------------------ | | | | | | 4093| 0|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | | | ------------------ | | ------------------ | | 287| 0| if (rs_ctx->SUB == NULL) \ | | ------------------ | | | Branch (287:17): [True: 0, False: 0] | | ------------------ | | 288| 0| return MBEDTLS_ERR_ECP_ALLOC_FAILED; \ | | ------------------ | | | | 43| 0|#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 | | ------------------ | | 289| 0| \ | | 290| 0| ecp_restart_## SUB ##_init(rs_ctx->SUB); \ | | 291| 0| } \ | | 292| 1.42k|} while (0) | | ------------------ | | | Branch (292:10): [Folded - Ignored] | | ------------------ ------------------ 2302| | 2303| | /* Is P the base point ? */ 2304| 1.42k|#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 2305| 1.42k| p_eq_g = (MPI_ECP_CMP(&P->Y, &grp->G.Y) == 0 && ------------------ | | 1191| 1.42k| mbedtls_mpi_cmp_mpi(X, Y) ------------------ | Branch (2305:15): [True: 714, False: 714] ------------------ 2306| 1.42k| MPI_ECP_CMP(&P->X, &grp->G.X) == 0); ------------------ | | 1191| 714| mbedtls_mpi_cmp_mpi(X, Y) ------------------ | Branch (2306:15): [True: 714, False: 0] ------------------ 2307| |#else 2308| | p_eq_g = 0; 2309| |#endif 2310| | 2311| | /* Pick window size and deduce related sizes */ 2312| 1.42k| w = ecp_pick_window_size(grp, p_eq_g); 2313| 1.42k| T_size = 1U << (w - 1); 2314| 1.42k| d = (grp->nbits + w - 1) / w; 2315| | 2316| | /* Pre-computed table: do we have it already for the base point? */ 2317| 1.42k| if (p_eq_g && grp->T != NULL) { ------------------ | Branch (2317:9): [True: 714, False: 714] | Branch (2317:19): [True: 714, False: 0] ------------------ 2318| | /* second pointer to the same table, will be deleted on exit */ 2319| 714| T = grp->T; 2320| 714| T_ok = 1; 2321| 714| } else 2322| 714|#if defined(MBEDTLS_ECP_RESTARTABLE) 2323| | /* Pre-computed table: do we have one in progress? complete? */ 2324| 714| if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL) { ------------------ | Branch (2324:9): [True: 0, False: 714] | Branch (2324:27): [True: 0, False: 0] | Branch (2324:50): [True: 0, False: 0] ------------------ 2325| | /* transfer ownership of T from rsm to local function */ 2326| 0| T = rs_ctx->rsm->T; 2327| 0| rs_ctx->rsm->T = NULL; 2328| 0| rs_ctx->rsm->T_size = 0; 2329| | 2330| | /* This effectively jumps to the call to mul_comb_after_precomp() */ 2331| 0| T_ok = rs_ctx->rsm->state >= ecp_rsm_comb_core; 2332| 0| } else 2333| 714|#endif 2334| | /* Allocate table if we didn't have any */ 2335| 714| { 2336| 714| T = mbedtls_calloc(T_size, sizeof(mbedtls_ecp_point)); ------------------ | | 144| 714|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 714|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ 2337| 714| if (T == NULL) { ------------------ | Branch (2337:13): [True: 0, False: 714] ------------------ 2338| 0| ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; ------------------ | | 43| 0|#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 ------------------ 2339| 0| goto cleanup; 2340| 0| } 2341| | 2342| 6.42k| for (i = 0; i < T_size; i++) { ------------------ | Branch (2342:21): [True: 5.71k, False: 714] ------------------ 2343| 5.71k| mbedtls_ecp_point_init(&T[i]); 2344| 5.71k| } 2345| | 2346| 714| T_ok = 0; 2347| 714| } 2348| | 2349| | /* Compute table (or finish computing it) if not done already */ 2350| 1.42k| if (!T_ok) { ------------------ | Branch (2350:9): [True: 714, False: 714] ------------------ 2351| 714| MBEDTLS_MPI_CHK(ecp_precompute_comb(grp, T, P, w, d, rs_ctx)); ------------------ | | 41| 714| do \ | | 42| 714| { \ | | 43| 714| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 714] | | ------------------ | | 44| 714| goto cleanup; \ | | 45| 714| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2352| | 2353| 714| if (p_eq_g) { ------------------ | Branch (2353:13): [True: 0, False: 714] ------------------ 2354| | /* almost transfer ownership of T to the group, but keep a copy of 2355| | * the pointer to use for calling the next function more easily */ 2356| 0| grp->T = T; 2357| 0| grp->T_size = T_size; 2358| 0| } 2359| 714| } 2360| | 2361| | /* Actual comb multiplication using precomputed points */ 2362| 1.42k| MBEDTLS_MPI_CHK(ecp_mul_comb_after_precomp(grp, R, m, ------------------ | | 41| 1.42k| do \ | | 42| 1.42k| { \ | | 43| 1.42k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.42k] | | ------------------ | | 44| 1.42k| goto cleanup; \ | | 45| 1.42k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2363| 1.42k| T, T_size, w, d, 2364| 1.42k| f_rng, p_rng, rs_ctx)); 2365| | 2366| 1.42k|cleanup: 2367| | 2368| | /* does T belong to the group? */ 2369| 1.42k| if (T == grp->T) { ------------------ | Branch (2369:9): [True: 714, False: 714] ------------------ 2370| 714| T = NULL; 2371| 714| } 2372| | 2373| | /* does T belong to the restart context? */ 2374| 1.42k|#if defined(MBEDTLS_ECP_RESTARTABLE) 2375| 1.42k| if (rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL) { ------------------ | | 51| 1.42k|#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 ------------------ | Branch (2375:9): [True: 0, False: 1.42k] | Branch (2375:27): [True: 0, False: 0] | Branch (2375:50): [True: 0, False: 0] | Branch (2375:88): [True: 0, False: 0] ------------------ 2376| | /* transfer ownership of T from local function to rsm */ 2377| 0| rs_ctx->rsm->T_size = T_size; 2378| 0| rs_ctx->rsm->T = T; 2379| 0| T = NULL; 2380| 0| } 2381| 1.42k|#endif 2382| | 2383| | /* did T belong to us? then let's destroy it! */ 2384| 1.42k| if (T != NULL) { ------------------ | Branch (2384:9): [True: 714, False: 714] ------------------ 2385| 6.42k| for (i = 0; i < T_size; i++) { ------------------ | Branch (2385:21): [True: 5.71k, False: 714] ------------------ 2386| 5.71k| mbedtls_ecp_point_free(&T[i]); 2387| 5.71k| } 2388| 714| mbedtls_free(T); ------------------ | | 143| 714|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 714|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 2389| 714| } 2390| | 2391| | /* prevent caller from using invalid value */ 2392| 1.42k| int should_free_R = (ret != 0); 2393| 1.42k|#if defined(MBEDTLS_ECP_RESTARTABLE) 2394| | /* don't free R while in progress in case R == P */ 2395| 1.42k| if (ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ------------------ | | 51| 1.42k|#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 ------------------ | Branch (2395:9): [True: 0, False: 1.42k] ------------------ 2396| 0| should_free_R = 0; 2397| 0| } 2398| 1.42k|#endif 2399| 1.42k| if (should_free_R) { ------------------ | Branch (2399:9): [True: 0, False: 1.42k] ------------------ 2400| 0| mbedtls_ecp_point_free(R); 2401| 0| } 2402| | 2403| 1.42k| ECP_RS_LEAVE(rsm); ------------------ | | 295| 1.42k|#define ECP_RS_LEAVE(SUB) do { \ | | 296| 1.42k| /* clear our sub-context when not in progress (done or error) */ \ | | 297| 1.42k| if (rs_ctx != NULL && rs_ctx->SUB != NULL && \ | | ------------------ | | | Branch (297:13): [True: 0, False: 1.42k] | | | Branch (297:31): [True: 0, False: 0] | | ------------------ | | 298| 1.42k| ret != MBEDTLS_ERR_ECP_IN_PROGRESS) \ | | ------------------ | | | | 51| 0|#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 | | ------------------ | | | Branch (298:13): [True: 0, False: 0] | | ------------------ | | 299| 1.42k| { \ | | 300| 0| ecp_restart_## SUB ##_free(rs_ctx->SUB); \ | | 301| 0| mbedtls_free(rs_ctx->SUB); \ | | ------------------ | | | | 143| 0|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | | | ------------------ | | | | | | 4095| 0|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | | | ------------------ | | ------------------ | | 302| 0| rs_ctx->SUB = NULL; \ | | 303| 0| } \ | | 304| 1.42k| \ | | 305| 1.42k| if (rs_ctx != NULL) \ | | ------------------ | | | Branch (305:13): [True: 0, False: 1.42k] | | ------------------ | | 306| 1.42k| rs_ctx->depth--; \ | | 307| 1.42k|} while (0) | | ------------------ | | | Branch (307:10): [Folded - Ignored] | | ------------------ ------------------ 2404| | 2405| 1.42k| return ret; 2406| 1.42k|} ecp.c:ecp_pick_window_size: 2236| 1.42k|{ 2237| 1.42k| unsigned char w; 2238| | 2239| | /* 2240| | * Minimize the number of multiplications, that is minimize 2241| | * 10 * d * w + 18 * 2^(w-1) + 11 * d + 7 * w, with d = ceil( nbits / w ) 2242| | * (see costs of the various parts, with 1S = 1M) 2243| | */ 2244| 1.42k| w = grp->nbits >= 384 ? 5 : 4; ------------------ | Branch (2244:9): [True: 0, False: 1.42k] ------------------ 2245| | 2246| | /* 2247| | * If P == G, pre-compute a bit more, since this may be re-used later. 2248| | * Just adding one avoids upping the cost of the first mul too much, 2249| | * and the memory cost too. 2250| | */ 2251| 1.42k| if (p_eq_g) { ------------------ | Branch (2251:9): [True: 714, False: 714] ------------------ 2252| 714| w++; 2253| 714| } 2254| | 2255| | /* 2256| | * If static comb table may not be used (!p_eq_g) or static comb table does 2257| | * not exists, make sure w is within bounds. 2258| | * (The last test is useful only for very small curves in the test suite.) 2259| | * 2260| | * The user reduces MBEDTLS_ECP_WINDOW_SIZE does not changes the size of 2261| | * static comb table, because the size of static comb table is fixed when 2262| | * it is generated. 2263| | */ 2264| 1.42k|#if (MBEDTLS_ECP_WINDOW_SIZE < 6) 2265| 1.42k| if ((!p_eq_g || !ecp_group_is_static_comb_table(grp)) && w > MBEDTLS_ECP_WINDOW_SIZE) { ------------------ | | 291| 714|#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< The maximum window size used. */ ------------------ | Branch (2265:10): [True: 714, False: 714] | Branch (2265:21): [True: 0, False: 714] | Branch (2265:62): [True: 0, False: 714] ------------------ 2266| 0| w = MBEDTLS_ECP_WINDOW_SIZE; ------------------ | | 291| 0|#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< The maximum window size used. */ ------------------ 2267| 0| } 2268| 1.42k|#endif 2269| 1.42k| if (w >= grp->nbits) { ------------------ | Branch (2269:9): [True: 0, False: 1.42k] ------------------ 2270| 0| w = 2; 2271| 0| } 2272| | 2273| 1.42k| return w; 2274| 1.42k|} ecp.c:ecp_precompute_comb: 1853| 714|{ 1854| 714| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 714|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1855| 714| unsigned char i; 1856| 714| size_t j = 0; 1857| 714| const unsigned char T_size = 1U << (w - 1); 1858| 714| mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1] = { NULL }; 1859| | 1860| 714| mbedtls_mpi tmp[4]; 1861| | 1862| 714| mpi_init_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi)); 1863| | 1864| 714|#if defined(MBEDTLS_ECP_RESTARTABLE) 1865| 714| if (rs_ctx != NULL && rs_ctx->rsm != NULL) { ------------------ | Branch (1865:9): [True: 0, False: 714] | Branch (1865:27): [True: 0, False: 0] ------------------ 1866| 0| if (rs_ctx->rsm->state == ecp_rsm_pre_dbl) { ------------------ | Branch (1866:13): [True: 0, False: 0] ------------------ 1867| 0| goto dbl; 1868| 0| } 1869| 0| if (rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl) { ------------------ | Branch (1869:13): [True: 0, False: 0] ------------------ 1870| 0| goto norm_dbl; 1871| 0| } 1872| 0| if (rs_ctx->rsm->state == ecp_rsm_pre_add) { ------------------ | Branch (1872:13): [True: 0, False: 0] ------------------ 1873| 0| goto add; 1874| 0| } 1875| 0| if (rs_ctx->rsm->state == ecp_rsm_pre_norm_add) { ------------------ | Branch (1875:13): [True: 0, False: 0] ------------------ 1876| 0| goto norm_add; 1877| 0| } 1878| 0| } 1879| |#else 1880| | (void) rs_ctx; 1881| |#endif 1882| | 1883| 714|#if defined(MBEDTLS_ECP_RESTARTABLE) 1884| 714| if (rs_ctx != NULL && rs_ctx->rsm != NULL) { ------------------ | Branch (1884:9): [True: 0, False: 714] | Branch (1884:27): [True: 0, False: 0] ------------------ 1885| 0| rs_ctx->rsm->state = ecp_rsm_pre_dbl; 1886| | 1887| | /* initial state for the loop */ 1888| 0| rs_ctx->rsm->i = 0; 1889| 0| } 1890| | 1891| 714|dbl: 1892| 714|#endif 1893| | /* 1894| | * Set T[0] = P and 1895| | * T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value) 1896| | */ 1897| 714| MBEDTLS_MPI_CHK(mbedtls_ecp_copy(&T[0], P)); ------------------ | | 41| 714| do \ | | 42| 714| { \ | | 43| 714| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 714] | | ------------------ | | 44| 714| goto cleanup; \ | | 45| 714| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1898| | 1899| 714|#if defined(MBEDTLS_ECP_RESTARTABLE) 1900| 714| if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0) { ------------------ | Branch (1900:9): [True: 0, False: 714] | Branch (1900:27): [True: 0, False: 0] | Branch (1900:50): [True: 0, False: 0] ------------------ 1901| 0| j = rs_ctx->rsm->i; 1902| 0| } else 1903| 714|#endif 1904| 714| j = 0; 1905| | 1906| 137k| for (; j < d * (w - 1); j++) { ------------------ | Branch (1906:12): [True: 137k, False: 714] ------------------ 1907| 137k| MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_DBL); ------------------ | | 408| 137k| MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, rs_ctx, \ | | ------------------ | | | | 41| 137k| do \ | | | | 42| 137k| { \ | | | | 43| 137k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 137k] | | | | ------------------ | | | | 44| 137k| goto cleanup; \ | | | | 45| 137k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 409| 137k| (unsigned) (ops))); ------------------ 1908| | 1909| 137k| i = 1U << (j / d); 1910| 137k| cur = T + i; 1911| | 1912| 137k| if (j % d == 0) { ------------------ | Branch (1912:13): [True: 2.14k, False: 134k] ------------------ 1913| 2.14k| MBEDTLS_MPI_CHK(mbedtls_ecp_copy(cur, T + (i >> 1))); ------------------ | | 41| 2.14k| do \ | | 42| 2.14k| { \ | | 43| 2.14k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.14k] | | ------------------ | | 44| 2.14k| goto cleanup; \ | | 45| 2.14k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1914| 2.14k| } 1915| | 1916| 137k| MBEDTLS_MPI_CHK(ecp_double_jac(grp, cur, cur, tmp)); ------------------ | | 41| 137k| do \ | | 42| 137k| { \ | | 43| 137k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 137k] | | ------------------ | | 44| 137k| goto cleanup; \ | | 45| 137k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1917| 137k| } 1918| | 1919| 714|#if defined(MBEDTLS_ECP_RESTARTABLE) 1920| 714| if (rs_ctx != NULL && rs_ctx->rsm != NULL) { ------------------ | Branch (1920:9): [True: 0, False: 714] | Branch (1920:27): [True: 0, False: 0] ------------------ 1921| 0| rs_ctx->rsm->state = ecp_rsm_pre_norm_dbl; 1922| 0| } 1923| | 1924| 714|norm_dbl: 1925| 714|#endif 1926| | /* 1927| | * Normalize current elements in T to allow them to be used in 1928| | * ecp_add_mixed() below, which requires one normalized input. 1929| | * 1930| | * As T has holes, use an auxiliary array of pointers to elements in T. 1931| | * 1932| | */ 1933| 714| j = 0; 1934| 2.85k| for (i = 1; i < T_size; i <<= 1) { ------------------ | Branch (1934:17): [True: 2.14k, False: 714] ------------------ 1935| 2.14k| TT[j++] = T + i; 1936| 2.14k| } 1937| | 1938| 714| MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV + 6 * j - 2); ------------------ | | 408| 714| MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, rs_ctx, \ | | ------------------ | | | | 41| 714| do \ | | | | 42| 714| { \ | | | | 43| 714| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 714] | | | | ------------------ | | | | 44| 714| goto cleanup; \ | | | | 45| 714| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 409| 714| (unsigned) (ops))); ------------------ 1939| | 1940| 714| MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j)); ------------------ | | 41| 714| do \ | | 42| 714| { \ | | 43| 714| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 714] | | ------------------ | | 44| 714| goto cleanup; \ | | 45| 714| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1941| | 1942| 714|#if defined(MBEDTLS_ECP_RESTARTABLE) 1943| 714| if (rs_ctx != NULL && rs_ctx->rsm != NULL) { ------------------ | Branch (1943:9): [True: 0, False: 714] | Branch (1943:27): [True: 0, False: 0] ------------------ 1944| 0| rs_ctx->rsm->state = ecp_rsm_pre_add; 1945| 0| } 1946| | 1947| 714|add: 1948| 714|#endif 1949| | /* 1950| | * Compute the remaining ones using the minimal number of additions 1951| | * Be careful to update T[2^l] only after using it! 1952| | */ 1953| 714| MBEDTLS_ECP_BUDGET((T_size - 1) * MBEDTLS_ECP_OPS_ADD); ------------------ | | 408| 714| MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, rs_ctx, \ | | ------------------ | | | | 41| 714| do \ | | | | 42| 714| { \ | | | | 43| 714| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 714] | | | | ------------------ | | | | 44| 714| goto cleanup; \ | | | | 45| 714| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 409| 714| (unsigned) (ops))); ------------------ 1954| | 1955| 2.85k| for (i = 1; i < T_size; i <<= 1) { ------------------ | Branch (1955:17): [True: 2.14k, False: 714] ------------------ 1956| 2.14k| j = i; 1957| 7.14k| while (j--) { ------------------ | Branch (1957:16): [True: 4.99k, False: 2.14k] ------------------ 1958| 4.99k| MBEDTLS_MPI_CHK(ecp_add_mixed(grp, &T[i + j], &T[j], &T[i], tmp)); ------------------ | | 41| 4.99k| do \ | | 42| 4.99k| { \ | | 43| 4.99k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 4.99k] | | ------------------ | | 44| 4.99k| goto cleanup; \ | | 45| 4.99k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1959| 4.99k| } 1960| 2.14k| } 1961| | 1962| 714|#if defined(MBEDTLS_ECP_RESTARTABLE) 1963| 714| if (rs_ctx != NULL && rs_ctx->rsm != NULL) { ------------------ | Branch (1963:9): [True: 0, False: 714] | Branch (1963:27): [True: 0, False: 0] ------------------ 1964| 0| rs_ctx->rsm->state = ecp_rsm_pre_norm_add; 1965| 0| } 1966| | 1967| 714|norm_add: 1968| 714|#endif 1969| | /* 1970| | * Normalize final elements in T. Even though there are no holes now, we 1971| | * still need the auxiliary array for homogeneity with the previous 1972| | * call. Also, skip T[0] which is already normalised, being a copy of P. 1973| | */ 1974| 5.71k| for (j = 0; j + 1 < T_size; j++) { ------------------ | Branch (1974:17): [True: 4.99k, False: 714] ------------------ 1975| 4.99k| TT[j] = T + j + 1; 1976| 4.99k| } 1977| | 1978| 714| MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV + 6 * j - 2); ------------------ | | 408| 714| MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, rs_ctx, \ | | ------------------ | | | | 41| 714| do \ | | | | 42| 714| { \ | | | | 43| 714| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 714] | | | | ------------------ | | | | 44| 714| goto cleanup; \ | | | | 45| 714| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 409| 714| (unsigned) (ops))); ------------------ 1979| | 1980| 714| MBEDTLS_MPI_CHK(ecp_normalize_jac_many(grp, TT, j)); ------------------ | | 41| 714| do \ | | 42| 714| { \ | | 43| 714| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 714] | | ------------------ | | 44| 714| goto cleanup; \ | | 45| 714| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1981| | 1982| | /* Free Z coordinate (=1 after normalization) to save RAM. 1983| | * This makes T[i] invalid as mbedtls_ecp_points, but this is OK 1984| | * since from this point onwards, they are only accessed indirectly 1985| | * via the getter function ecp_select_comb() which does set the 1986| | * target's Z coordinate to 1. */ 1987| 6.42k| for (i = 0; i < T_size; i++) { ------------------ | Branch (1987:17): [True: 5.71k, False: 714] ------------------ 1988| 5.71k| mbedtls_mpi_free(&T[i].Z); 1989| 5.71k| } 1990| | 1991| 714|cleanup: 1992| | 1993| 714| mpi_free_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi)); 1994| | 1995| 714|#if defined(MBEDTLS_ECP_RESTARTABLE) 1996| 714| if (rs_ctx != NULL && rs_ctx->rsm != NULL && ------------------ | Branch (1996:9): [True: 0, False: 714] | Branch (1996:27): [True: 0, False: 0] ------------------ 1997| 714| ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ------------------ | | 51| 0|#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 ------------------ | Branch (1997:9): [True: 0, False: 0] ------------------ 1998| 0| if (rs_ctx->rsm->state == ecp_rsm_pre_dbl) { ------------------ | Branch (1998:13): [True: 0, False: 0] ------------------ 1999| 0| rs_ctx->rsm->i = j; 2000| 0| } 2001| 0| } 2002| 714|#endif 2003| | 2004| 714| return ret; 2005| 714|} ecp.c:ecp_double_jac: 1489| 219k|{ 1490| 219k|#if defined(MBEDTLS_SELF_TEST) 1491| 219k| dbl_count++; 1492| 219k|#endif 1493| | 1494| |#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) 1495| | if (mbedtls_internal_ecp_grp_capable(grp)) { 1496| | return mbedtls_internal_ecp_double_jac(grp, R, P); 1497| | } 1498| |#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */ 1499| | 1500| |#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) 1501| | return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; 1502| |#else 1503| 219k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 219k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1504| | 1505| | /* Special case for A = -3 */ 1506| 219k| if (mbedtls_ecp_group_a_is_minus_3(grp)) { ------------------ | Branch (1506:9): [True: 219k, False: 0] ------------------ 1507| | /* tmp[0] <- M = 3(X + Z^2)(X - Z^2) */ 1508| 219k| MPI_ECP_SQR(&tmp[1], &P->Z); ------------------ | | 1170| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1509| 219k| MPI_ECP_ADD(&tmp[2], &P->X, &tmp[1]); ------------------ | | 1161| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, X, A, B)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1510| 219k| MPI_ECP_SUB(&tmp[3], &P->X, &tmp[1]); ------------------ | | 1164| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, X, A, B)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1511| 219k| MPI_ECP_MUL(&tmp[1], &tmp[2], &tmp[3]); ------------------ | | 1167| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1512| 219k| MPI_ECP_MUL_INT(&tmp[0], &tmp[1], 3); ------------------ | | 1173| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int_mod(grp, X, A, c)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1513| 219k| } else { 1514| | /* tmp[0] <- M = 3.X^2 + A.Z^4 */ 1515| 0| MPI_ECP_SQR(&tmp[1], &P->X); ------------------ | | 1170| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 0| do \ | | | | 42| 0| { \ | | | | 43| 0| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 0] | | | | ------------------ | | | | 44| 0| goto cleanup; \ | | | | 45| 0| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1516| 0| MPI_ECP_MUL_INT(&tmp[0], &tmp[1], 3); ------------------ | | 1173| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int_mod(grp, X, A, c)) | | ------------------ | | | | 41| 0| do \ | | | | 42| 0| { \ | | | | 43| 0| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 0] | | | | ------------------ | | | | 44| 0| goto cleanup; \ | | | | 45| 0| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1517| | 1518| | /* Optimize away for "koblitz" curves with A = 0 */ 1519| 0| if (MPI_ECP_CMP_INT(&grp->A, 0) != 0) { ------------------ | | 1188| 0| mbedtls_mpi_cmp_int(X, c) ------------------ | Branch (1519:13): [True: 0, False: 0] ------------------ 1520| | /* M += A.Z^4 */ 1521| 0| MPI_ECP_SQR(&tmp[1], &P->Z); ------------------ | | 1170| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 0| do \ | | | | 42| 0| { \ | | | | 43| 0| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 0] | | | | ------------------ | | | | 44| 0| goto cleanup; \ | | | | 45| 0| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1522| 0| MPI_ECP_SQR(&tmp[2], &tmp[1]); ------------------ | | 1170| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 0| do \ | | | | 42| 0| { \ | | | | 43| 0| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 0] | | | | ------------------ | | | | 44| 0| goto cleanup; \ | | | | 45| 0| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1523| 0| MPI_ECP_MUL(&tmp[1], &tmp[2], &grp->A); ------------------ | | 1167| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 0| do \ | | | | 42| 0| { \ | | | | 43| 0| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 0] | | | | ------------------ | | | | 44| 0| goto cleanup; \ | | | | 45| 0| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1524| 0| MPI_ECP_ADD(&tmp[0], &tmp[0], &tmp[1]); ------------------ | | 1161| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mod(grp, X, A, B)) | | ------------------ | | | | 41| 0| do \ | | | | 42| 0| { \ | | | | 43| 0| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 0] | | | | ------------------ | | | | 44| 0| goto cleanup; \ | | | | 45| 0| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1525| 0| } 1526| 0| } 1527| | 1528| | /* tmp[1] <- S = 4.X.Y^2 */ 1529| 219k| MPI_ECP_SQR(&tmp[2], &P->Y); ------------------ | | 1170| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1530| 219k| MPI_ECP_SHIFT_L(&tmp[2], 1); ------------------ | | 1182| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, X, count)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1531| 219k| MPI_ECP_MUL(&tmp[1], &P->X, &tmp[2]); ------------------ | | 1167| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1532| 219k| MPI_ECP_SHIFT_L(&tmp[1], 1); ------------------ | | 1182| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, X, count)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1533| | 1534| | /* tmp[3] <- U = 8.Y^4 */ 1535| 219k| MPI_ECP_SQR(&tmp[3], &tmp[2]); ------------------ | | 1170| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1536| 219k| MPI_ECP_SHIFT_L(&tmp[3], 1); ------------------ | | 1182| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, X, count)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1537| | 1538| | /* tmp[2] <- T = M^2 - 2.S */ 1539| 219k| MPI_ECP_SQR(&tmp[2], &tmp[0]); ------------------ | | 1170| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1540| 219k| MPI_ECP_SUB(&tmp[2], &tmp[2], &tmp[1]); ------------------ | | 1164| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, X, A, B)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1541| 219k| MPI_ECP_SUB(&tmp[2], &tmp[2], &tmp[1]); ------------------ | | 1164| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, X, A, B)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1542| | 1543| | /* tmp[1] <- S = M(S - T) - U */ 1544| 219k| MPI_ECP_SUB(&tmp[1], &tmp[1], &tmp[2]); ------------------ | | 1164| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, X, A, B)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1545| 219k| MPI_ECP_MUL(&tmp[1], &tmp[1], &tmp[0]); ------------------ | | 1167| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1546| 219k| MPI_ECP_SUB(&tmp[1], &tmp[1], &tmp[3]); ------------------ | | 1164| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, X, A, B)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1547| | 1548| | /* tmp[3] <- U = 2.Y.Z */ 1549| 219k| MPI_ECP_MUL(&tmp[3], &P->Y, &P->Z); ------------------ | | 1167| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1550| 219k| MPI_ECP_SHIFT_L(&tmp[3], 1); ------------------ | | 1182| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, X, count)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1551| | 1552| | /* Store results */ 1553| 219k| MPI_ECP_MOV(&R->X, &tmp[2]); ------------------ | | 1179| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1554| 219k| MPI_ECP_MOV(&R->Y, &tmp[1]); ------------------ | | 1179| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1555| 219k| MPI_ECP_MOV(&R->Z, &tmp[3]); ------------------ | | 1179| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)) | | ------------------ | | | | 41| 219k| do \ | | | | 42| 219k| { \ | | | | 43| 219k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 219k] | | | | ------------------ | | | | 44| 219k| goto cleanup; \ | | | | 45| 219k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1556| | 1557| 219k|cleanup: 1558| | 1559| 219k| return ret; 1560| 219k|#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) */ 1561| 219k|} ecp.c:mbedtls_mpi_mul_int_mod: 1116| 219k|{ 1117| 219k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 219k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1118| | 1119| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(X, A, c)); ------------------ | | 41| 219k| do \ | | 42| 219k| { \ | | 43| 219k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 219k] | | ------------------ | | 44| 219k| goto cleanup; \ | | 45| 219k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1120| 219k| MOD_ADD(X); ------------------ | | 1096| 434k| while (mbedtls_mpi_cmp_mpi((N), &grp->P) >= 0) \ | | ------------------ | | | Branch (1096:12): [True: 214k, False: 219k] | | ------------------ | | 1097| 219k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs((N), (N), &grp->P)) | | ------------------ | | | | 41| 434k| do \ | | | | 42| 434k| { \ | | | | 43| 214k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 214k] | | | | ------------------ | | | | 44| 214k| goto cleanup; \ | | | | 45| 214k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1121| 219k|cleanup: 1122| 219k| return ret; 1123| 219k|} ecp.c:mbedtls_mpi_shift_l_mod: 1146| 968k|{ 1147| 968k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 968k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1148| 968k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(X, count)); ------------------ | | 41| 968k| do \ | | 42| 968k| { \ | | 43| 968k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 968k] | | ------------------ | | 44| 968k| goto cleanup; \ | | 45| 968k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1149| 968k| MOD_ADD(X); ------------------ | | 1096| 1.44M| while (mbedtls_mpi_cmp_mpi((N), &grp->P) >= 0) \ | | ------------------ | | | Branch (1096:12): [True: 473k, False: 968k] | | ------------------ | | 1097| 968k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_abs((N), (N), &grp->P)) | | ------------------ | | | | 41| 1.44M| do \ | | | | 42| 1.44M| { \ | | | | 43| 473k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 473k] | | | | ------------------ | | | | 44| 473k| goto cleanup; \ | | | | 45| 473k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1150| 968k|cleanup: 1151| 968k| return ret; 1152| 968k|} ecp.c:ecp_normalize_jac_many: 1362| 1.42k|{ 1363| 1.42k| if (T_size < 2) { ------------------ | Branch (1363:9): [True: 0, False: 1.42k] ------------------ 1364| 0| return ecp_normalize_jac(grp, *T); 1365| 0| } 1366| | 1367| |#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) 1368| | if (mbedtls_internal_ecp_grp_capable(grp)) { 1369| | return mbedtls_internal_ecp_normalize_jac_many(grp, T, T_size); 1370| | } 1371| |#endif 1372| | 1373| |#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) 1374| | return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; 1375| |#else 1376| 1.42k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1.42k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1377| 1.42k| size_t i; 1378| 1.42k| mbedtls_mpi *c, t; 1379| | 1380| 1.42k| if ((c = mbedtls_calloc(T_size, sizeof(mbedtls_mpi))) == NULL) { ------------------ | | 144| 1.42k|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 1.42k|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ | Branch (1380:9): [True: 0, False: 1.42k] ------------------ 1381| 0| return MBEDTLS_ERR_ECP_ALLOC_FAILED; ------------------ | | 43| 0|#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80 ------------------ 1382| 0| } 1383| | 1384| 1.42k| mbedtls_mpi_init(&t); 1385| | 1386| 1.42k| mpi_init_many(c, T_size); 1387| | /* 1388| | * c[i] = Z_0 * ... * Z_i, i = 0,..,n := T_size-1 1389| | */ 1390| 1.42k| MPI_ECP_MOV(&c[0], &T[0]->Z); ------------------ | | 1179| 1.42k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)) | | ------------------ | | | | 41| 1.42k| do \ | | | | 42| 1.42k| { \ | | | | 43| 1.42k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 1.42k] | | | | ------------------ | | | | 44| 1.42k| goto cleanup; \ | | | | 45| 1.42k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1391| 7.14k| for (i = 1; i < T_size; i++) { ------------------ | Branch (1391:17): [True: 5.71k, False: 1.42k] ------------------ 1392| 5.71k| MPI_ECP_MUL(&c[i], &c[i-1], &T[i]->Z); ------------------ | | 1167| 5.71k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 5.71k| do \ | | | | 42| 5.71k| { \ | | | | 43| 5.71k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 5.71k] | | | | ------------------ | | | | 44| 5.71k| goto cleanup; \ | | | | 45| 5.71k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1393| 5.71k| } 1394| | 1395| | /* 1396| | * c[n] = 1 / (Z_0 * ... * Z_n) mod P 1397| | */ 1398| 1.42k| MPI_ECP_INV(&c[T_size-1], &c[T_size-1]); ------------------ | | 1176| 1.42k| MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod((dst), (src), &grp->P)) | | ------------------ | | | | 41| 1.42k| do \ | | | | 42| 1.42k| { \ | | | | 43| 1.42k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 1.42k] | | | | ------------------ | | | | 44| 1.42k| goto cleanup; \ | | | | 45| 1.42k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1399| | 1400| 7.14k| for (i = T_size - 1;; i--) { 1401| | /* At the start of iteration i (note that i decrements), we have 1402| | * - c[j] = Z_0 * .... * Z_j for j < i, 1403| | * - c[j] = 1 / (Z_0 * .... * Z_j) for j == i, 1404| | * 1405| | * This is maintained via 1406| | * - c[i-1] <- c[i] * Z_i 1407| | * 1408| | * We also derive 1/Z_i = c[i] * c[i-1] for i>0 and use that 1409| | * to do the actual normalization. For i==0, we already have 1410| | * c[0] = 1 / Z_0. 1411| | */ 1412| | 1413| 7.14k| if (i > 0) { ------------------ | Branch (1413:13): [True: 5.71k, False: 1.42k] ------------------ 1414| | /* Compute 1/Z_i and establish invariant for the next iteration. */ 1415| 5.71k| MPI_ECP_MUL(&t, &c[i], &c[i-1]); ------------------ | | 1167| 5.71k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 5.71k| do \ | | | | 42| 5.71k| { \ | | | | 43| 5.71k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 5.71k] | | | | ------------------ | | | | 44| 5.71k| goto cleanup; \ | | | | 45| 5.71k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1416| 5.71k| MPI_ECP_MUL(&c[i-1], &c[i], &T[i]->Z); ------------------ | | 1167| 5.71k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 5.71k| do \ | | | | 42| 5.71k| { \ | | | | 43| 5.71k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 5.71k] | | | | ------------------ | | | | 44| 5.71k| goto cleanup; \ | | | | 45| 5.71k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1417| 5.71k| } else { 1418| 1.42k| MPI_ECP_MOV(&t, &c[0]); ------------------ | | 1179| 1.42k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)) | | ------------------ | | | | 41| 1.42k| do \ | | | | 42| 1.42k| { \ | | | | 43| 1.42k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 1.42k] | | | | ------------------ | | | | 44| 1.42k| goto cleanup; \ | | | | 45| 1.42k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1419| 1.42k| } 1420| | 1421| | /* Now t holds 1 / Z_i; normalize as in ecp_normalize_jac() */ 1422| 7.14k| MPI_ECP_MUL(&T[i]->Y, &T[i]->Y, &t); ------------------ | | 1167| 7.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 7.14k| do \ | | | | 42| 7.14k| { \ | | | | 43| 7.14k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 7.14k] | | | | ------------------ | | | | 44| 7.14k| goto cleanup; \ | | | | 45| 7.14k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1423| 7.14k| MPI_ECP_SQR(&t, &t); ------------------ | | 1170| 7.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 7.14k| do \ | | | | 42| 7.14k| { \ | | | | 43| 7.14k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 7.14k] | | | | ------------------ | | | | 44| 7.14k| goto cleanup; \ | | | | 45| 7.14k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1424| 7.14k| MPI_ECP_MUL(&T[i]->X, &T[i]->X, &t); ------------------ | | 1167| 7.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 7.14k| do \ | | | | 42| 7.14k| { \ | | | | 43| 7.14k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 7.14k] | | | | ------------------ | | | | 44| 7.14k| goto cleanup; \ | | | | 45| 7.14k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1425| 7.14k| MPI_ECP_MUL(&T[i]->Y, &T[i]->Y, &t); ------------------ | | 1167| 7.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 7.14k| do \ | | | | 42| 7.14k| { \ | | | | 43| 7.14k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 7.14k] | | | | ------------------ | | | | 44| 7.14k| goto cleanup; \ | | | | 45| 7.14k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1426| | 1427| | /* 1428| | * Post-precessing: reclaim some memory by shrinking coordinates 1429| | * - not storing Z (always 1) 1430| | * - shrinking other coordinates, but still keeping the same number of 1431| | * limbs as P, as otherwise it will too likely be regrown too fast. 1432| | */ 1433| 7.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->X, grp->P.n)); ------------------ | | 41| 7.14k| do \ | | 42| 7.14k| { \ | | 43| 7.14k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 7.14k] | | ------------------ | | 44| 7.14k| goto cleanup; \ | | 45| 7.14k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1434| 7.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(&T[i]->Y, grp->P.n)); ------------------ | | 41| 7.14k| do \ | | 42| 7.14k| { \ | | 43| 7.14k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 7.14k] | | ------------------ | | 44| 7.14k| goto cleanup; \ | | 45| 7.14k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1435| | 1436| 7.14k| MPI_ECP_LSET(&T[i]->Z, 1); ------------------ | | 1185| 7.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, c)) | | ------------------ | | | | 41| 7.14k| do \ | | | | 42| 7.14k| { \ | | | | 43| 7.14k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 7.14k] | | | | ------------------ | | | | 44| 7.14k| goto cleanup; \ | | | | 45| 7.14k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1437| | 1438| 7.14k| if (i == 0) { ------------------ | Branch (1438:13): [True: 1.42k, False: 5.71k] ------------------ 1439| 1.42k| break; 1440| 1.42k| } 1441| 7.14k| } 1442| | 1443| 1.42k|cleanup: 1444| | 1445| 1.42k| mbedtls_mpi_free(&t); 1446| 1.42k| mpi_free_many(c, T_size); 1447| 1.42k| mbedtls_free(c); ------------------ | | 143| 1.42k|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 1.42k|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 1448| | 1449| 1.42k| return ret; 1450| 1.42k|#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) */ 1451| 1.42k|} ecp.c:ecp_mul_comb_after_precomp: 2174| 1.42k|{ 2175| 1.42k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1.42k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 2176| 1.42k| unsigned char parity_trick; 2177| 1.42k| unsigned char k[COMB_MAX_D + 1]; 2178| 1.42k| mbedtls_ecp_point *RR = R; 2179| | 2180| 1.42k|#if defined(MBEDTLS_ECP_RESTARTABLE) 2181| 1.42k| if (rs_ctx != NULL && rs_ctx->rsm != NULL) { ------------------ | Branch (2181:9): [True: 0, False: 1.42k] | Branch (2181:27): [True: 0, False: 0] ------------------ 2182| 0| RR = &rs_ctx->rsm->R; 2183| | 2184| 0| if (rs_ctx->rsm->state == ecp_rsm_final_norm) { ------------------ | Branch (2184:13): [True: 0, False: 0] ------------------ 2185| 0| goto final_norm; 2186| 0| } 2187| 0| } 2188| 1.42k|#endif 2189| | 2190| 1.42k| MBEDTLS_MPI_CHK(ecp_comb_recode_scalar(grp, m, k, d, w, ------------------ | | 41| 1.42k| do \ | | 42| 1.42k| { \ | | 43| 1.42k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.42k] | | ------------------ | | 44| 1.42k| goto cleanup; \ | | 45| 1.42k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2191| 1.42k| &parity_trick)); 2192| 1.42k| MBEDTLS_MPI_CHK(ecp_mul_comb_core(grp, RR, T, T_size, k, d, ------------------ | | 41| 1.42k| do \ | | 42| 1.42k| { \ | | 43| 1.42k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.42k] | | ------------------ | | 44| 1.42k| goto cleanup; \ | | 45| 1.42k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2193| 1.42k| f_rng, p_rng, rs_ctx)); 2194| 1.42k| MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, RR, parity_trick)); ------------------ | | 41| 1.42k| do \ | | 42| 1.42k| { \ | | 43| 1.42k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.42k] | | ------------------ | | 44| 1.42k| goto cleanup; \ | | 45| 1.42k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2195| | 2196| 1.42k|#if defined(MBEDTLS_ECP_RESTARTABLE) 2197| 1.42k| if (rs_ctx != NULL && rs_ctx->rsm != NULL) { ------------------ | Branch (2197:9): [True: 0, False: 1.42k] | Branch (2197:27): [True: 0, False: 0] ------------------ 2198| 0| rs_ctx->rsm->state = ecp_rsm_final_norm; 2199| 0| } 2200| | 2201| 1.42k|final_norm: 2202| 1.42k| MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_INV); ------------------ | | 408| 1.42k| MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, rs_ctx, \ | | ------------------ | | | | 41| 1.42k| do \ | | | | 42| 1.42k| { \ | | | | 43| 1.42k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 1.42k] | | | | ------------------ | | | | 44| 1.42k| goto cleanup; \ | | | | 45| 1.42k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 409| 1.42k| (unsigned) (ops))); ------------------ 2203| 1.42k|#endif 2204| | /* 2205| | * Knowledge of the jacobian coordinates may leak the last few bits of the 2206| | * scalar [1], and since our MPI implementation isn't constant-flow, 2207| | * inversion (used for coordinate normalization) may leak the full value 2208| | * of its input via side-channels [2]. 2209| | * 2210| | * [1] https://eprint.iacr.org/2003/191 2211| | * [2] https://eprint.iacr.org/2020/055 2212| | * 2213| | * Avoid the leak by randomizing coordinates before we normalize them. 2214| | */ 2215| 1.42k| if (f_rng != 0) { ------------------ | Branch (2215:9): [True: 0, False: 1.42k] ------------------ 2216| 0| MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, RR, f_rng, p_rng)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2217| 0| } 2218| | 2219| 1.42k| MBEDTLS_MPI_CHK(ecp_normalize_jac(grp, RR)); ------------------ | | 41| 1.42k| do \ | | 42| 1.42k| { \ | | 43| 1.42k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.42k] | | ------------------ | | 44| 1.42k| goto cleanup; \ | | 45| 1.42k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2220| | 2221| 1.42k|#if defined(MBEDTLS_ECP_RESTARTABLE) 2222| 1.42k| if (rs_ctx != NULL && rs_ctx->rsm != NULL) { ------------------ | Branch (2222:9): [True: 0, False: 1.42k] | Branch (2222:27): [True: 0, False: 0] ------------------ 2223| 0| MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, RR)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2224| 0| } 2225| 1.42k|#endif 2226| | 2227| 1.42k|cleanup: 2228| 1.42k| return ret; 2229| 1.42k|} ecp.c:ecp_comb_recode_scalar: 2127| 1.42k|{ 2128| 1.42k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1.42k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 2129| 1.42k| mbedtls_mpi M, mm; 2130| | 2131| 1.42k| mbedtls_mpi_init(&M); 2132| 1.42k| mbedtls_mpi_init(&mm); 2133| | 2134| | /* N is always odd (see above), just make extra sure */ 2135| 1.42k| if (mbedtls_mpi_get_bit(&grp->N, 0) != 1) { ------------------ | Branch (2135:9): [True: 0, False: 1.42k] ------------------ 2136| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 2137| 0| } 2138| | 2139| | /* do we need the parity trick? */ 2140| 1.42k| *parity_trick = (mbedtls_mpi_get_bit(m, 0) == 0); 2141| | 2142| | /* execute parity fix in constant time */ 2143| 1.42k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&M, m)); ------------------ | | 41| 1.42k| do \ | | 42| 1.42k| { \ | | 43| 1.42k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.42k] | | ------------------ | | 44| 1.42k| goto cleanup; \ | | 45| 1.42k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2144| 1.42k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&mm, &grp->N, m)); ------------------ | | 41| 1.42k| do \ | | 42| 1.42k| { \ | | 43| 1.42k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.42k] | | ------------------ | | 44| 1.42k| goto cleanup; \ | | 45| 1.42k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2145| 1.42k| MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(&M, &mm, *parity_trick)); ------------------ | | 41| 1.42k| do \ | | 42| 1.42k| { \ | | 43| 1.42k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.42k] | | ------------------ | | 44| 1.42k| goto cleanup; \ | | 45| 1.42k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2146| | 2147| | /* actual scalar recoding */ 2148| 1.42k| ecp_comb_recode_core(k, d, w, &M); 2149| | 2150| 1.42k|cleanup: 2151| 1.42k| mbedtls_mpi_free(&mm); 2152| 1.42k| mbedtls_mpi_free(&M); 2153| | 2154| 1.42k| return ret; 2155| 1.42k|} ecp.c:ecp_comb_recode_core: 1786| 1.42k|{ 1787| 1.42k| size_t i, j; 1788| 1.42k| unsigned char c, cc, adjust; 1789| | 1790| 1.42k| memset(x, 0, d+1); 1791| | 1792| | /* First get the classical comb values (except for x_d = 0) */ 1793| 84.2k| for (i = 0; i < d; i++) { ------------------ | Branch (1793:17): [True: 82.8k, False: 1.42k] ------------------ 1794| 451k| for (j = 0; j < w; j++) { ------------------ | Branch (1794:21): [True: 368k, False: 82.8k] ------------------ 1795| 368k| x[i] |= mbedtls_mpi_get_bit(m, i + d * j) << j; 1796| 368k| } 1797| 82.8k| } 1798| | 1799| | /* Now make sure x_1 .. x_d are odd */ 1800| 1.42k| c = 0; 1801| 84.2k| for (i = 1; i <= d; i++) { ------------------ | Branch (1801:17): [True: 82.8k, False: 1.42k] ------------------ 1802| | /* Add carry and update it */ 1803| 82.8k| cc = x[i] & c; 1804| 82.8k| x[i] = x[i] ^ c; 1805| 82.8k| c = cc; 1806| | 1807| | /* Adjust if needed, avoiding branches */ 1808| 82.8k| adjust = 1 - (x[i] & 0x01); 1809| 82.8k| c |= x[i] & (x[i-1] * adjust); 1810| 82.8k| x[i] = x[i] ^ (x[i-1] * adjust); 1811| 82.8k| x[i-1] |= adjust << 7; 1812| 82.8k| } 1813| 1.42k|} ecp.c:ecp_mul_comb_core: 2049| 1.42k|{ 2050| 1.42k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1.42k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 2051| 1.42k| mbedtls_ecp_point Txi; 2052| 1.42k| mbedtls_mpi tmp[4]; 2053| 1.42k| size_t i; 2054| | 2055| 1.42k| mbedtls_ecp_point_init(&Txi); 2056| 1.42k| mpi_init_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi)); 2057| | 2058| |#if !defined(MBEDTLS_ECP_RESTARTABLE) 2059| | (void) rs_ctx; 2060| |#endif 2061| | 2062| 1.42k|#if defined(MBEDTLS_ECP_RESTARTABLE) 2063| 1.42k| if (rs_ctx != NULL && rs_ctx->rsm != NULL && ------------------ | Branch (2063:9): [True: 0, False: 1.42k] | Branch (2063:27): [True: 0, False: 0] ------------------ 2064| 1.42k| rs_ctx->rsm->state != ecp_rsm_comb_core) { ------------------ | Branch (2064:9): [True: 0, False: 0] ------------------ 2065| 0| rs_ctx->rsm->i = 0; 2066| 0| rs_ctx->rsm->state = ecp_rsm_comb_core; 2067| 0| } 2068| | 2069| | /* new 'if' instead of nested for the sake of the 'else' branch */ 2070| 1.42k| if (rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0) { ------------------ | Branch (2070:9): [True: 0, False: 1.42k] | Branch (2070:27): [True: 0, False: 0] | Branch (2070:50): [True: 0, False: 0] ------------------ 2071| | /* restore current index (R already pointing to rs_ctx->rsm->R) */ 2072| 0| i = rs_ctx->rsm->i; 2073| 0| } else 2074| 1.42k|#endif 2075| 1.42k| { 2076| | /* Start with a non-zero point and randomize its coordinates */ 2077| 1.42k| i = d; 2078| 1.42k| MBEDTLS_MPI_CHK(ecp_select_comb(grp, R, T, T_size, x[i])); ------------------ | | 41| 1.42k| do \ | | 42| 1.42k| { \ | | 43| 1.42k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.42k] | | ------------------ | | 44| 1.42k| goto cleanup; \ | | 45| 1.42k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2079| 1.42k| if (f_rng != 0) { ------------------ | Branch (2079:13): [True: 0, False: 1.42k] ------------------ 2080| 0| MBEDTLS_MPI_CHK(ecp_randomize_jac(grp, R, f_rng, p_rng)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2081| 0| } 2082| 1.42k| } 2083| | 2084| 84.2k| while (i != 0) { ------------------ | Branch (2084:12): [True: 82.8k, False: 1.42k] ------------------ 2085| 82.8k| MBEDTLS_ECP_BUDGET(MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD); ------------------ | | 408| 82.8k| MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, rs_ctx, \ | | ------------------ | | | | 41| 82.8k| do \ | | | | 42| 82.8k| { \ | | | | 43| 82.8k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 82.8k] | | | | ------------------ | | | | 44| 82.8k| goto cleanup; \ | | | | 45| 82.8k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 409| 82.8k| (unsigned) (ops))); ------------------ 2086| 82.8k| --i; 2087| | 2088| 82.8k| MBEDTLS_MPI_CHK(ecp_double_jac(grp, R, R, tmp)); ------------------ | | 41| 82.8k| do \ | | 42| 82.8k| { \ | | 43| 82.8k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 82.8k] | | ------------------ | | 44| 82.8k| goto cleanup; \ | | 45| 82.8k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2089| 82.8k| MBEDTLS_MPI_CHK(ecp_select_comb(grp, &Txi, T, T_size, x[i])); ------------------ | | 41| 82.8k| do \ | | 42| 82.8k| { \ | | 43| 82.8k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 82.8k] | | ------------------ | | 44| 82.8k| goto cleanup; \ | | 45| 82.8k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2090| 82.8k| MBEDTLS_MPI_CHK(ecp_add_mixed(grp, R, R, &Txi, tmp)); ------------------ | | 41| 82.8k| do \ | | 42| 82.8k| { \ | | 43| 82.8k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 82.8k] | | ------------------ | | 44| 82.8k| goto cleanup; \ | | 45| 82.8k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2091| 82.8k| } 2092| | 2093| 1.42k|cleanup: 2094| | 2095| 1.42k| mbedtls_ecp_point_free(&Txi); 2096| 1.42k| mpi_free_many(tmp, sizeof(tmp) / sizeof(mbedtls_mpi)); 2097| | 2098| 1.42k|#if defined(MBEDTLS_ECP_RESTARTABLE) 2099| 1.42k| if (rs_ctx != NULL && rs_ctx->rsm != NULL && ------------------ | Branch (2099:9): [True: 0, False: 1.42k] | Branch (2099:27): [True: 0, False: 0] ------------------ 2100| 1.42k| ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ------------------ | | 51| 0|#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 ------------------ | Branch (2100:9): [True: 0, False: 0] ------------------ 2101| 0| rs_ctx->rsm->i = i; 2102| | /* no need to save R, already pointing to rs_ctx->rsm->R */ 2103| 0| } 2104| 1.42k|#endif 2105| | 2106| 1.42k| return ret; 2107| 1.42k|} ecp.c:ecp_select_comb: 2015| 84.2k|{ 2016| 84.2k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 84.2k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 2017| 84.2k| unsigned char ii, j; 2018| | 2019| | /* Ignore the "sign" bit and scale down */ 2020| 84.2k| ii = (i & 0x7Fu) >> 1; 2021| | 2022| | /* Read the whole table to thwart cache-based timing attacks */ 2023| 1.06M| for (j = 0; j < T_size; j++) { ------------------ | Branch (2023:17): [True: 976k, False: 84.2k] ------------------ 2024| 976k| MPI_ECP_COND_ASSIGN(&R->X, &T[j].X, j == ii); ------------------ | | 1214| 976k| MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign((X), (Y), (cond))) | | ------------------ | | | | 41| 976k| do \ | | | | 42| 976k| { \ | | | | 43| 976k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 976k] | | | | ------------------ | | | | 44| 976k| goto cleanup; \ | | | | 45| 976k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 2025| 976k| MPI_ECP_COND_ASSIGN(&R->Y, &T[j].Y, j == ii); ------------------ | | 1214| 976k| MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign((X), (Y), (cond))) | | ------------------ | | | | 41| 976k| do \ | | | | 42| 976k| { \ | | | | 43| 976k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 976k] | | | | ------------------ | | | | 44| 976k| goto cleanup; \ | | | | 45| 976k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 2026| 976k| } 2027| | 2028| | /* Safely invert result if i is "negative" */ 2029| 84.2k| MBEDTLS_MPI_CHK(ecp_safe_invert_jac(grp, R, i >> 7)); ------------------ | | 41| 84.2k| do \ | | 42| 84.2k| { \ | | 43| 84.2k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 84.2k] | | ------------------ | | 44| 84.2k| goto cleanup; \ | | 45| 84.2k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2030| | 2031| 84.2k| MPI_ECP_LSET(&R->Z, 1); ------------------ | | 1185| 84.2k| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, c)) | | ------------------ | | | | 41| 84.2k| do \ | | | | 42| 84.2k| { \ | | | | 43| 84.2k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 84.2k] | | | | ------------------ | | | | 44| 84.2k| goto cleanup; \ | | | | 45| 84.2k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 2032| | 2033| 84.2k|cleanup: 2034| 84.2k| return ret; 2035| 84.2k|} ecp.c:ecp_safe_invert_jac: 1460| 85.6k|{ 1461| 85.6k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 85.6k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1462| 85.6k| mbedtls_mpi tmp; 1463| 85.6k| mbedtls_mpi_init(&tmp); 1464| | 1465| 85.6k| MPI_ECP_COND_NEG(&Q->Y, inv); ------------------ | | 1200| 85.6k| do \ | | 1201| 85.6k| { \ | | 1202| 85.6k| unsigned char nonzero = mbedtls_mpi_cmp_int((X), 0) != 0; \ | | 1203| 85.6k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&tmp, &grp->P, (X))); \ | | ------------------ | | | | 41| 85.6k| do \ | | | | 42| 85.6k| { \ | | | | 43| 85.6k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 85.6k] | | | | ------------------ | | | | 44| 85.6k| goto cleanup; \ | | | | 45| 85.6k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 1204| 85.6k| MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign((X), &tmp, \ | | ------------------ | | | | 41| 85.6k| do \ | | | | 42| 85.6k| { \ | | | | 43| 85.6k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 85.6k] | | | | ------------------ | | | | 44| 85.6k| goto cleanup; \ | | | | 45| 85.6k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 1205| 85.6k| nonzero & cond)); \ | | 1206| 85.6k| } while (0) | | ------------------ | | | Branch (1206:14): [Folded - Ignored] | | ------------------ ------------------ 1466| | 1467| 85.6k|cleanup: 1468| 85.6k| mbedtls_mpi_free(&tmp); 1469| 85.6k| return ret; 1470| 85.6k|} ecp.c:mpi_init_many: 318| 4.28k|{ 319| 22.8k| while (size--) { ------------------ | Branch (319:12): [True: 18.5k, False: 4.28k] ------------------ 320| 18.5k| mbedtls_mpi_init(arr++); 321| 18.5k| } 322| 4.28k|} ecp.c:mbedtls_ecp_mul_shortcuts: 2770| 1.42k|{ 2771| 1.42k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1.42k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 2772| 1.42k| mbedtls_mpi tmp; 2773| 1.42k| mbedtls_mpi_init(&tmp); 2774| | 2775| 1.42k| if (mbedtls_mpi_cmp_int(m, 0) == 0) { ------------------ | Branch (2775:9): [True: 0, False: 1.42k] ------------------ 2776| 0| MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2777| 0| MBEDTLS_MPI_CHK(mbedtls_ecp_set_zero(R)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2778| 1.42k| } else if (mbedtls_mpi_cmp_int(m, 1) == 0) { ------------------ | Branch (2778:16): [True: 0, False: 1.42k] ------------------ 2779| 0| MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2780| 0| MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, P)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2781| 1.42k| } else if (mbedtls_mpi_cmp_int(m, -1) == 0) { ------------------ | Branch (2781:16): [True: 0, False: 1.42k] ------------------ 2782| 0| MBEDTLS_MPI_CHK(mbedtls_ecp_check_pubkey(grp, P)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2783| 0| MBEDTLS_MPI_CHK(mbedtls_ecp_copy(R, P)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2784| 0| MPI_ECP_NEG(&R->Y); ------------------ | | 1208| 0|#define MPI_ECP_NEG(X) MPI_ECP_COND_NEG((X), 1) | | ------------------ | | | | 1200| 0| do \ | | | | 1201| 0| { \ | | | | 1202| 0| unsigned char nonzero = mbedtls_mpi_cmp_int((X), 0) != 0; \ | | | | 1203| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&tmp, &grp->P, (X))); \ | | | | ------------------ | | | | | | 41| 0| do \ | | | | | | 42| 0| { \ | | | | | | 43| 0| if ((ret = (f)) != 0) \ | | | | | | ------------------ | | | | | | | Branch (43:13): [True: 0, False: 0] | | | | | | ------------------ | | | | | | 44| 0| goto cleanup; \ | | | | | | 45| 0| } while (0) | | | | | | ------------------ | | | | | | | Branch (45:14): [Folded - Ignored] | | | | | | ------------------ | | | | ------------------ | | | | 1204| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign((X), &tmp, \ | | | | ------------------ | | | | | | 41| 0| do \ | | | | | | 42| 0| { \ | | | | | | 43| 0| if ((ret = (f)) != 0) \ | | | | | | ------------------ | | | | | | | Branch (43:13): [True: 0, False: 0] | | | | | | ------------------ | | | | | | 44| 0| goto cleanup; \ | | | | | | 45| 0| } while (0) | | | | | | ------------------ | | | | | | | Branch (45:14): [Folded - Ignored] | | | | | | ------------------ | | | | ------------------ | | | | 1205| 0| nonzero & cond)); \ | | | | 1206| 0| } while (0) | | | | ------------------ | | | | | Branch (1206:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 2785| 1.42k| } else { 2786| 1.42k| MBEDTLS_MPI_CHK(ecp_mul_restartable_internal(grp, R, m, P, ------------------ | | 41| 1.42k| do \ | | 42| 1.42k| { \ | | 43| 1.42k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 1.42k] | | ------------------ | | 44| 1.42k| goto cleanup; \ | | 45| 1.42k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2787| 1.42k| NULL, NULL, rs_ctx)); 2788| 1.42k| } 2789| | 2790| 1.42k|cleanup: 2791| 1.42k| mbedtls_mpi_free(&tmp); 2792| | 2793| 1.42k| return ret; 2794| 1.42k|} ecp.c:ecp_add_mixed: 1586| 88.5k|{ 1587| 88.5k|#if defined(MBEDTLS_SELF_TEST) 1588| 88.5k| add_count++; 1589| 88.5k|#endif 1590| | 1591| |#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) 1592| | if (mbedtls_internal_ecp_grp_capable(grp)) { 1593| | return mbedtls_internal_ecp_add_mixed(grp, R, P, Q); 1594| | } 1595| |#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */ 1596| | 1597| |#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_ADD_MIXED_ALT) 1598| | return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; 1599| |#else 1600| 88.5k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 88.5k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1601| | 1602| | /* NOTE: Aliasing between input and output is allowed, so one has to make 1603| | * sure that at the point X,Y,Z are written, {P,Q}->{X,Y,Z} are no 1604| | * longer read from. */ 1605| 88.5k| mbedtls_mpi * const X = &R->X; 1606| 88.5k| mbedtls_mpi * const Y = &R->Y; 1607| 88.5k| mbedtls_mpi * const Z = &R->Z; 1608| | 1609| 88.5k| if (!MPI_ECP_VALID(&Q->Z)) { ------------------ | | 1211| 88.5k| ((X)->p != NULL) ------------------ | Branch (1609:9): [True: 0, False: 88.5k] ------------------ 1610| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 1611| 0| } 1612| | 1613| | /* 1614| | * Trivial cases: P == 0 or Q == 0 (case 1) 1615| | */ 1616| 88.5k| if (MPI_ECP_CMP_INT(&P->Z, 0) == 0) { ------------------ | | 1188| 88.5k| mbedtls_mpi_cmp_int(X, c) ------------------ | Branch (1616:9): [True: 0, False: 88.5k] ------------------ 1617| 0| return mbedtls_ecp_copy(R, Q); 1618| 0| } 1619| | 1620| 88.5k| if (MPI_ECP_CMP_INT(&Q->Z, 0) == 0) { ------------------ | | 1188| 88.5k| mbedtls_mpi_cmp_int(X, c) ------------------ | Branch (1620:9): [True: 0, False: 88.5k] ------------------ 1621| 0| return mbedtls_ecp_copy(R, P); 1622| 0| } 1623| | 1624| | /* 1625| | * Make sure Q coordinates are normalized 1626| | */ 1627| 88.5k| if (MPI_ECP_CMP_INT(&Q->Z, 1) != 0) { ------------------ | | 1188| 88.5k| mbedtls_mpi_cmp_int(X, c) ------------------ | Branch (1627:9): [True: 0, False: 88.5k] ------------------ 1628| 0| return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; ------------------ | | 35| 0|#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80 ------------------ 1629| 0| } 1630| | 1631| 88.5k| MPI_ECP_SQR(&tmp[0], &P->Z); ------------------ | | 1170| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1632| 88.5k| MPI_ECP_MUL(&tmp[1], &tmp[0], &P->Z); ------------------ | | 1167| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1633| 88.5k| MPI_ECP_MUL(&tmp[0], &tmp[0], &Q->X); ------------------ | | 1167| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1634| 88.5k| MPI_ECP_MUL(&tmp[1], &tmp[1], &Q->Y); ------------------ | | 1167| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1635| 88.5k| MPI_ECP_SUB(&tmp[0], &tmp[0], &P->X); ------------------ | | 1164| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, X, A, B)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1636| 88.5k| MPI_ECP_SUB(&tmp[1], &tmp[1], &P->Y); ------------------ | | 1164| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, X, A, B)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1637| | 1638| | /* Special cases (2) and (3) */ 1639| 88.5k| if (MPI_ECP_CMP_INT(&tmp[0], 0) == 0) { ------------------ | | 1188| 88.5k| mbedtls_mpi_cmp_int(X, c) ------------------ | Branch (1639:9): [True: 0, False: 88.5k] ------------------ 1640| 0| if (MPI_ECP_CMP_INT(&tmp[1], 0) == 0) { ------------------ | | 1188| 0| mbedtls_mpi_cmp_int(X, c) ------------------ | Branch (1640:13): [True: 0, False: 0] ------------------ 1641| 0| ret = ecp_double_jac(grp, R, P, tmp); 1642| 0| goto cleanup; 1643| 0| } else { 1644| 0| ret = mbedtls_ecp_set_zero(R); 1645| 0| goto cleanup; 1646| 0| } 1647| 0| } 1648| | 1649| | /* {P,Q}->Z no longer used, so OK to write to Z even if there's aliasing. */ 1650| 88.5k| MPI_ECP_MUL(Z, &P->Z, &tmp[0]); ------------------ | | 1167| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1651| 88.5k| MPI_ECP_SQR(&tmp[2], &tmp[0]); ------------------ | | 1170| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1652| 88.5k| MPI_ECP_MUL(&tmp[3], &tmp[2], &tmp[0]); ------------------ | | 1167| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1653| 88.5k| MPI_ECP_MUL(&tmp[2], &tmp[2], &P->X); ------------------ | | 1167| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1654| | 1655| 88.5k| MPI_ECP_MOV(&tmp[0], &tmp[2]); ------------------ | | 1179| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1656| 88.5k| MPI_ECP_SHIFT_L(&tmp[0], 1); ------------------ | | 1182| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l_mod(grp, X, count)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1657| | 1658| | /* {P,Q}->X no longer used, so OK to write to X even if there's aliasing. */ 1659| 88.5k| MPI_ECP_SQR(X, &tmp[1]); ------------------ | | 1170| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1660| 88.5k| MPI_ECP_SUB(X, X, &tmp[0]); ------------------ | | 1164| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, X, A, B)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1661| 88.5k| MPI_ECP_SUB(X, X, &tmp[3]); ------------------ | | 1164| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, X, A, B)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1662| 88.5k| MPI_ECP_SUB(&tmp[2], &tmp[2], X); ------------------ | | 1164| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, X, A, B)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1663| 88.5k| MPI_ECP_MUL(&tmp[2], &tmp[2], &tmp[1]); ------------------ | | 1167| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1664| 88.5k| MPI_ECP_MUL(&tmp[3], &tmp[3], &P->Y); ------------------ | | 1167| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1665| | /* {P,Q}->Y no longer used, so OK to write to Y even if there's aliasing. */ 1666| 88.5k| MPI_ECP_SUB(Y, &tmp[2], &tmp[3]); ------------------ | | 1164| 88.5k| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mod(grp, X, A, B)) | | ------------------ | | | | 41| 88.5k| do \ | | | | 42| 88.5k| { \ | | | | 43| 88.5k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 88.5k] | | | | ------------------ | | | | 44| 88.5k| goto cleanup; \ | | | | 45| 88.5k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1667| | 1668| 88.5k|cleanup: 1669| | 1670| 88.5k| return ret; 1671| 88.5k|#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_ADD_MIXED_ALT) */ 1672| 88.5k|} ecp.c:ecp_normalize_jac: 1315| 2.14k|{ 1316| 2.14k| if (MPI_ECP_CMP_INT(&pt->Z, 0) == 0) { ------------------ | | 1188| 2.14k| mbedtls_mpi_cmp_int(X, c) ------------------ | Branch (1316:9): [True: 0, False: 2.14k] ------------------ 1317| 0| return 0; 1318| 0| } 1319| | 1320| |#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) 1321| | if (mbedtls_internal_ecp_grp_capable(grp)) { 1322| | return mbedtls_internal_ecp_normalize_jac(grp, pt); 1323| | } 1324| |#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */ 1325| | 1326| |#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) 1327| | return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; 1328| |#else 1329| 2.14k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2.14k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1330| 2.14k| mbedtls_mpi T; 1331| 2.14k| mbedtls_mpi_init(&T); 1332| | 1333| 2.14k| MPI_ECP_INV(&T, &pt->Z); /* T <- 1 / Z */ ------------------ | | 1176| 2.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod((dst), (src), &grp->P)) | | ------------------ | | | | 41| 2.14k| do \ | | | | 42| 2.14k| { \ | | | | 43| 2.14k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 2.14k] | | | | ------------------ | | | | 44| 2.14k| goto cleanup; \ | | | | 45| 2.14k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1334| 2.14k| MPI_ECP_MUL(&pt->Y, &pt->Y, &T); /* Y' <- Y*T = Y / Z */ ------------------ | | 1167| 2.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 2.14k| do \ | | | | 42| 2.14k| { \ | | | | 43| 2.14k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 2.14k] | | | | ------------------ | | | | 44| 2.14k| goto cleanup; \ | | | | 45| 2.14k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1335| 2.14k| MPI_ECP_SQR(&T, &T); /* T <- T^2 = 1 / Z^2 */ ------------------ | | 1170| 2.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 2.14k| do \ | | | | 42| 2.14k| { \ | | | | 43| 2.14k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 2.14k] | | | | ------------------ | | | | 44| 2.14k| goto cleanup; \ | | | | 45| 2.14k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1336| 2.14k| MPI_ECP_MUL(&pt->X, &pt->X, &T); /* X <- X * T = X / Z^2 */ ------------------ | | 1167| 2.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 2.14k| do \ | | | | 42| 2.14k| { \ | | | | 43| 2.14k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 2.14k] | | | | ------------------ | | | | 44| 2.14k| goto cleanup; \ | | | | 45| 2.14k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1337| 2.14k| MPI_ECP_MUL(&pt->Y, &pt->Y, &T); /* Y'' <- Y' * T = Y / Z^3 */ ------------------ | | 1167| 2.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, B)) | | ------------------ | | | | 41| 2.14k| do \ | | | | 42| 2.14k| { \ | | | | 43| 2.14k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 2.14k] | | | | ------------------ | | | | 44| 2.14k| goto cleanup; \ | | | | 45| 2.14k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1338| | 1339| 2.14k| MPI_ECP_LSET(&pt->Z, 1); ------------------ | | 1185| 2.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, c)) | | ------------------ | | | | 41| 2.14k| do \ | | | | 42| 2.14k| { \ | | | | 43| 2.14k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 2.14k] | | | | ------------------ | | | | 44| 2.14k| goto cleanup; \ | | | | 45| 2.14k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 1340| | 1341| 2.14k|cleanup: 1342| | 1343| 2.14k| mbedtls_mpi_free(&T); 1344| | 1345| 2.14k| return ret; 1346| 2.14k|#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) */ 1347| 2.14k|} ecp.c:mpi_free_many: 325| 4.28k|{ 326| 22.8k| while (size--) { ------------------ | Branch (326:12): [True: 18.5k, False: 4.28k] ------------------ 327| 18.5k| mbedtls_mpi_free(arr++); 328| 18.5k| } 329| 4.28k|} ecp.c:ecp_check_pubkey_sw: 2726| 7.14k|{ 2727| 7.14k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.14k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 2728| 7.14k| mbedtls_mpi YY, RHS; 2729| | 2730| | /* pt coordinates must be normalized for our checks */ 2731| 7.14k| if (mbedtls_mpi_cmp_int(&pt->X, 0) < 0 || ------------------ | Branch (2731:9): [True: 0, False: 7.14k] ------------------ 2732| 7.14k| mbedtls_mpi_cmp_int(&pt->Y, 0) < 0 || ------------------ | Branch (2732:9): [True: 0, False: 7.14k] ------------------ 2733| 7.14k| mbedtls_mpi_cmp_mpi(&pt->X, &grp->P) >= 0 || ------------------ | Branch (2733:9): [True: 0, False: 7.14k] ------------------ 2734| 7.14k| mbedtls_mpi_cmp_mpi(&pt->Y, &grp->P) >= 0) { ------------------ | Branch (2734:9): [True: 0, False: 7.14k] ------------------ 2735| 0| return MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 0|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 2736| 0| } 2737| | 2738| 7.14k| mbedtls_mpi_init(&YY); mbedtls_mpi_init(&RHS); 2739| | 2740| | /* 2741| | * YY = Y^2 2742| | * RHS = X^3 + A X + B 2743| | */ 2744| 7.14k| MPI_ECP_SQR(&YY, &pt->Y); ------------------ | | 1170| 7.14k| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mod(grp, X, A, A)) | | ------------------ | | | | 41| 7.14k| do \ | | | | 42| 7.14k| { \ | | | | 43| 7.14k| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 7.14k] | | | | ------------------ | | | | 44| 7.14k| goto cleanup; \ | | | | 45| 7.14k| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ ------------------ 2745| 7.14k| MBEDTLS_MPI_CHK(ecp_sw_rhs(grp, &RHS, &pt->X)); ------------------ | | 41| 7.14k| do \ | | 42| 7.14k| { \ | | 43| 7.14k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 7.14k] | | ------------------ | | 44| 7.14k| goto cleanup; \ | | 45| 7.14k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2746| | 2747| 7.14k| if (MPI_ECP_CMP(&YY, &RHS) != 0) { ------------------ | | 1191| 7.14k| mbedtls_mpi_cmp_mpi(X, Y) ------------------ | Branch (2747:9): [True: 0, False: 7.14k] ------------------ 2748| 0| ret = MBEDTLS_ERR_ECP_INVALID_KEY; ------------------ | | 47| 0|#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 ------------------ 2749| 0| } 2750| | 2751| 7.14k|cleanup: 2752| | 2753| 7.14k| mbedtls_mpi_free(&YY); mbedtls_mpi_free(&RHS); 2754| | 2755| 7.14k| return ret; 2756| 7.14k|} mbedtls_ecp_group_load: 4718| 6.06k|{ 4719| 6.06k| mbedtls_ecp_group_free(grp); 4720| | 4721| 6.06k| mbedtls_ecp_group_init(grp); 4722| | 4723| 6.06k| grp->id = id; 4724| | 4725| 6.06k| switch (id) { 4726| |#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) 4727| | case MBEDTLS_ECP_DP_SECP192R1: 4728| | NIST_MODP(p192); 4729| | return LOAD_GROUP(secp192r1); 4730| |#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ 4731| | 4732| |#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) 4733| | case MBEDTLS_ECP_DP_SECP224R1: 4734| | NIST_MODP(p224); 4735| | return LOAD_GROUP(secp224r1); 4736| |#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ 4737| | 4738| 0|#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) 4739| 6.06k| case MBEDTLS_ECP_DP_SECP256R1: ------------------ | Branch (4739:9): [True: 6.06k, False: 0] ------------------ 4740| 6.06k| NIST_MODP(p256); ------------------ | | 4567| 6.06k|#define NIST_MODP(P) grp->modp = ecp_mod_ ## P; ------------------ 4741| 6.06k| return LOAD_GROUP(secp256r1); ------------------ | | 4600| 6.06k|#define LOAD_GROUP(G) ecp_group_load(grp, \ | | 4601| 6.06k| G ## _p, sizeof(G ## _p), \ | | 4602| 6.06k| NULL, 0, \ | | 4603| 6.06k| G ## _b, sizeof(G ## _b), \ | | 4604| 6.06k| G ## _gx, sizeof(G ## _gx), \ | | 4605| 6.06k| G ## _gy, sizeof(G ## _gy), \ | | 4606| 6.06k| G ## _n, sizeof(G ## _n), \ | | 4607| 6.06k| G ## _T \ | | 4608| 6.06k| ) ------------------ 4742| 0|#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ 4743| | 4744| 0|#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) 4745| 0| case MBEDTLS_ECP_DP_SECP384R1: ------------------ | Branch (4745:9): [True: 0, False: 6.06k] ------------------ 4746| 0| NIST_MODP(p384); ------------------ | | 4567| 0|#define NIST_MODP(P) grp->modp = ecp_mod_ ## P; ------------------ 4747| 0| return LOAD_GROUP(secp384r1); ------------------ | | 4600| 0|#define LOAD_GROUP(G) ecp_group_load(grp, \ | | 4601| 0| G ## _p, sizeof(G ## _p), \ | | 4602| 0| NULL, 0, \ | | 4603| 0| G ## _b, sizeof(G ## _b), \ | | 4604| 0| G ## _gx, sizeof(G ## _gx), \ | | 4605| 0| G ## _gy, sizeof(G ## _gy), \ | | 4606| 0| G ## _n, sizeof(G ## _n), \ | | 4607| 0| G ## _T \ | | 4608| 0| ) ------------------ 4748| 0|#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ 4749| | 4750| 0|#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) 4751| 0| case MBEDTLS_ECP_DP_SECP521R1: ------------------ | Branch (4751:9): [True: 0, False: 6.06k] ------------------ 4752| 0| NIST_MODP(p521); ------------------ | | 4567| 0|#define NIST_MODP(P) grp->modp = ecp_mod_ ## P; ------------------ 4753| 0| return LOAD_GROUP(secp521r1); ------------------ | | 4600| 0|#define LOAD_GROUP(G) ecp_group_load(grp, \ | | 4601| 0| G ## _p, sizeof(G ## _p), \ | | 4602| 0| NULL, 0, \ | | 4603| 0| G ## _b, sizeof(G ## _b), \ | | 4604| 0| G ## _gx, sizeof(G ## _gx), \ | | 4605| 0| G ## _gy, sizeof(G ## _gy), \ | | 4606| 0| G ## _n, sizeof(G ## _n), \ | | 4607| 0| G ## _T \ | | 4608| 0| ) ------------------ 4754| 0|#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ 4755| | 4756| |#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) 4757| | case MBEDTLS_ECP_DP_SECP192K1: 4758| | grp->modp = ecp_mod_p192k1; 4759| | return LOAD_GROUP_A(secp192k1); 4760| |#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ 4761| | 4762| |#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) 4763| | case MBEDTLS_ECP_DP_SECP224K1: 4764| | grp->modp = ecp_mod_p224k1; 4765| | return LOAD_GROUP_A(secp224k1); 4766| |#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ 4767| | 4768| |#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) 4769| | case MBEDTLS_ECP_DP_SECP256K1: 4770| | grp->modp = ecp_mod_p256k1; 4771| | return LOAD_GROUP_A(secp256k1); 4772| |#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ 4773| | 4774| |#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) 4775| | case MBEDTLS_ECP_DP_BP256R1: 4776| | return LOAD_GROUP_A(brainpoolP256r1); 4777| |#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ 4778| | 4779| |#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) 4780| | case MBEDTLS_ECP_DP_BP384R1: 4781| | return LOAD_GROUP_A(brainpoolP384r1); 4782| |#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ 4783| | 4784| |#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) 4785| | case MBEDTLS_ECP_DP_BP512R1: 4786| | return LOAD_GROUP_A(brainpoolP512r1); 4787| |#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ 4788| | 4789| 0|#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) 4790| 0| case MBEDTLS_ECP_DP_CURVE25519: ------------------ | Branch (4790:9): [True: 0, False: 6.06k] ------------------ 4791| 0| grp->modp = ecp_mod_p255; 4792| 0| return ecp_use_curve25519(grp); 4793| 0|#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ 4794| | 4795| 0|#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) 4796| 0| case MBEDTLS_ECP_DP_CURVE448: ------------------ | Branch (4796:9): [True: 0, False: 6.06k] ------------------ 4797| 0| grp->modp = ecp_mod_p448; 4798| 0| return ecp_use_curve448(grp); 4799| 0|#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ 4800| | 4801| 0| default: ------------------ | Branch (4801:9): [True: 0, False: 6.06k] ------------------ 4802| 0| grp->id = MBEDTLS_ECP_DP_NONE; 4803| 0| return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; ------------------ | | 39| 0|#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80 ------------------ 4804| 6.06k| } 4805| 6.06k|} ecp_curves.c:ecp_group_load: 4522| 6.06k|{ 4523| 6.06k| ecp_mpi_load(&grp->P, p, plen); 4524| 6.06k| if (a != NULL) { ------------------ | Branch (4524:9): [True: 0, False: 6.06k] ------------------ 4525| 0| ecp_mpi_load(&grp->A, a, alen); 4526| 0| } 4527| 6.06k| ecp_mpi_load(&grp->B, b, blen); 4528| 6.06k| ecp_mpi_load(&grp->N, n, nlen); 4529| | 4530| 6.06k| ecp_mpi_load(&grp->G.X, gx, gxlen); 4531| 6.06k| ecp_mpi_load(&grp->G.Y, gy, gylen); 4532| 6.06k| ecp_mpi_set1(&grp->G.Z); 4533| | 4534| 6.06k| grp->pbits = mbedtls_mpi_bitlen(&grp->P); 4535| 6.06k| grp->nbits = mbedtls_mpi_bitlen(&grp->N); 4536| | 4537| 6.06k| grp->h = 1; 4538| | 4539| 6.06k| grp->T = (mbedtls_ecp_point *) T; 4540| | /* 4541| | * Set T_size to 0 to prevent T free by mbedtls_ecp_group_free. 4542| | */ 4543| 6.06k| grp->T_size = 0; 4544| | 4545| 6.06k| return 0; 4546| 6.06k|} ecp_curves.c:ecp_mpi_load: 4495| 30.3k|{ 4496| 30.3k| X->s = 1; 4497| 30.3k| X->n = (unsigned short) (len / sizeof(mbedtls_mpi_uint)); 4498| 30.3k| X->p = (mbedtls_mpi_uint *) p; 4499| 30.3k|} ecp_curves.c:ecp_mpi_set1: 4505| 6.06k|{ 4506| 6.06k| X->s = 1; 4507| 6.06k| X->n = 1; 4508| 6.06k| X->p = (mbedtls_mpi_uint *) mpi_one; /* X->p will not be modified so the cast is safe */ 4509| 6.06k|} ecp_curves.c:ecp_mod_p256: 5037| 2.80M|{ 5038| 2.80M| INIT(256); ------------------ | | 4954| 2.80M| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; \ | | ------------------ | | | | 100| 2.80M|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E | | ------------------ | | 4955| 2.80M| signed char c = 0, cc; \ | | 4956| 2.80M| uint32_t cur; \ | | 4957| 2.80M| size_t i = 0, bits = (b); \ | | 4958| 2.80M| /* N is the size of the product of two b-bit numbers, plus one */ \ | | 4959| 2.80M| /* limb for fix_negative */ \ | | 4960| 2.80M| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, (b) * 2 / biL + 1)); \ | | ------------------ | | | | 41| 2.80M| do \ | | | | 42| 2.80M| { \ | | | | 43| 2.80M| if ((ret = (f)) != 0) \ | | | | ------------------ | | | | | Branch (43:13): [True: 0, False: 2.80M] | | | | ------------------ | | | | 44| 2.80M| goto cleanup; \ | | | | 45| 2.80M| } while (0) | | | | ------------------ | | | | | Branch (45:14): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 4961| 2.80M| LOAD32; | | ------------------ | | | | 4908| 2.80M|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 2.80M] | | | | | | ------------------ | | | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ ------------------ 5039| | 5040| 2.80M| ADD(8); ADD(9); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(8); ADD(9); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5041| 2.80M| SUB(11); SUB(12); SUB(13); SUB(14); NEXT; // A0 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(11); SUB(12); SUB(13); SUB(14); NEXT; // A0 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(11); SUB(12); SUB(13); SUB(14); NEXT; // A0 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(11); SUB(12); SUB(13); SUB(14); NEXT; // A0 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(11); SUB(12); SUB(13); SUB(14); NEXT; // A0 ------------------ | | 4964| 2.80M| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.80M| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 2.80M] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.80M| } else { \ | | | | 4926| 2.80M| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.80M| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.80M| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.80M|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 2.80M, False: 0] | | | | | | ------------------ | | | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.80M| cc = c; c = 0; \ | | 4966| 2.80M| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 2.08M, False: 718k] | | ------------------ | | 4967| 2.80M| sub32(&cur, -cc, &c); \ | | 4968| 2.80M| else \ | | 4969| 2.80M| add32(&cur, cc, &c); \ ------------------ 5042| | 5043| 2.80M| ADD(9); ADD(10); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(9); ADD(10); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5044| 2.80M| SUB(12); SUB(13); SUB(14); SUB(15); NEXT; // A1 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(12); SUB(13); SUB(14); SUB(15); NEXT; // A1 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(12); SUB(13); SUB(14); SUB(15); NEXT; // A1 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(12); SUB(13); SUB(14); SUB(15); NEXT; // A1 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(12); SUB(13); SUB(14); SUB(15); NEXT; // A1 ------------------ | | 4964| 2.80M| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.80M| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 2.80M, False: 0] | | | | ------------------ | | | | 4923| 2.80M| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 2.80M| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.80M| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.80M|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 2.80M] | | | | | | ------------------ | | | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.80M| cc = c; c = 0; \ | | 4966| 2.80M| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 1.79M, False: 1.01M] | | ------------------ | | 4967| 2.80M| sub32(&cur, -cc, &c); \ | | 4968| 2.80M| else \ | | 4969| 2.80M| add32(&cur, cc, &c); \ ------------------ 5045| | 5046| 2.80M| ADD(10); ADD(11); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(10); ADD(11); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5047| 2.80M| SUB(13); SUB(14); SUB(15); NEXT; // A2 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(13); SUB(14); SUB(15); NEXT; // A2 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(13); SUB(14); SUB(15); NEXT; // A2 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(13); SUB(14); SUB(15); NEXT; // A2 ------------------ | | 4964| 2.80M| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.80M| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 2.80M] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.80M| } else { \ | | | | 4926| 2.80M| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.80M| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.80M| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.80M|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 2.80M, False: 0] | | | | | | ------------------ | | | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.80M| cc = c; c = 0; \ | | 4966| 2.80M| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 1.08M, False: 1.72M] | | ------------------ | | 4967| 2.80M| sub32(&cur, -cc, &c); \ | | 4968| 2.80M| else \ | | 4969| 2.80M| add32(&cur, cc, &c); \ ------------------ 5048| | 5049| 2.80M| ADD(11); ADD(11); ADD(12); ADD(12); ADD(13); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(11); ADD(11); ADD(12); ADD(12); ADD(13); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(11); ADD(11); ADD(12); ADD(12); ADD(13); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(11); ADD(11); ADD(12); ADD(12); ADD(13); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(11); ADD(11); ADD(12); ADD(12); ADD(13); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5050| 2.80M| SUB(15); SUB(8); SUB(9); NEXT; // A3 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(15); SUB(8); SUB(9); NEXT; // A3 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(15); SUB(8); SUB(9); NEXT; // A3 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(15); SUB(8); SUB(9); NEXT; // A3 ------------------ | | 4964| 2.80M| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.80M| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 2.80M, False: 0] | | | | ------------------ | | | | 4923| 2.80M| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 2.80M| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.80M| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.80M|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 2.80M] | | | | | | ------------------ | | | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.80M| cc = c; c = 0; \ | | 4966| 2.80M| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 139k, False: 2.66M] | | ------------------ | | 4967| 2.80M| sub32(&cur, -cc, &c); \ | | 4968| 2.80M| else \ | | 4969| 2.80M| add32(&cur, cc, &c); \ ------------------ 5051| | 5052| 2.80M| ADD(12); ADD(12); ADD(13); ADD(13); ADD(14); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(12); ADD(12); ADD(13); ADD(13); ADD(14); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(12); ADD(12); ADD(13); ADD(13); ADD(14); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(12); ADD(12); ADD(13); ADD(13); ADD(14); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(12); ADD(12); ADD(13); ADD(13); ADD(14); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5053| 2.80M| SUB(9); SUB(10); NEXT; // A4 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(9); SUB(10); NEXT; // A4 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(9); SUB(10); NEXT; // A4 ------------------ | | 4964| 2.80M| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.80M| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 2.80M] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.80M| } else { \ | | | | 4926| 2.80M| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.80M| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.80M| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.80M|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 2.80M, False: 0] | | | | | | ------------------ | | | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.80M| cc = c; c = 0; \ | | 4966| 2.80M| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 57.1k, False: 2.75M] | | ------------------ | | 4967| 2.80M| sub32(&cur, -cc, &c); \ | | 4968| 2.80M| else \ | | 4969| 2.80M| add32(&cur, cc, &c); \ ------------------ 5054| | 5055| 2.80M| ADD(13); ADD(13); ADD(14); ADD(14); ADD(15); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(13); ADD(13); ADD(14); ADD(14); ADD(15); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(13); ADD(13); ADD(14); ADD(14); ADD(15); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(13); ADD(13); ADD(14); ADD(14); ADD(15); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(13); ADD(13); ADD(14); ADD(14); ADD(15); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5056| 2.80M| SUB(10); SUB(11); NEXT; // A5 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(10); SUB(11); NEXT; // A5 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(10); SUB(11); NEXT; // A5 ------------------ | | 4964| 2.80M| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.80M| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 2.80M, False: 0] | | | | ------------------ | | | | 4923| 2.80M| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 2.80M| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.80M| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.80M|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 0, False: 2.80M] | | | | | | ------------------ | | | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.80M| cc = c; c = 0; \ | | 4966| 2.80M| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 96.3k, False: 2.71M] | | ------------------ | | 4967| 2.80M| sub32(&cur, -cc, &c); \ | | 4968| 2.80M| else \ | | 4969| 2.80M| add32(&cur, cc, &c); \ ------------------ 5057| | 5058| 2.80M| ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(14); ADD(14); ADD(15); ADD(15); ADD(14); ADD(13); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5059| 2.80M| SUB(8); SUB(9); NEXT; // A6 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(8); SUB(9); NEXT; // A6 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(8); SUB(9); NEXT; // A6 ------------------ | | 4964| 2.80M| STORE32; i++; LOAD32; \ | | ------------------ | | | | 4922| 2.80M| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 2.80M] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.80M| } else { \ | | | | 4926| 2.80M| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.80M| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.80M| } | | ------------------ | | STORE32; i++; LOAD32; \ | | ------------------ | | | | 4908| 2.80M|#define LOAD32 cur = A(i); | | | | ------------------ | | | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | | | ------------------ | | | | | | | Branch (4919:14): [True: 2.80M, False: 0] | | | | | | ------------------ | | | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | | | ------------------ | | ------------------ | | 4965| 2.80M| cc = c; c = 0; \ | | 4966| 2.80M| if (cc < 0) \ | | ------------------ | | | Branch (4966:9): [True: 83.1k, False: 2.72M] | | ------------------ | | 4967| 2.80M| sub32(&cur, -cc, &c); \ | | 4968| 2.80M| else \ | | 4969| 2.80M| add32(&cur, cc, &c); \ ------------------ 5060| | 5061| 2.80M| ADD(15); ADD(15); ADD(15); ADD(8); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(15); ADD(15); ADD(15); ADD(8); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(15); ADD(15); ADD(15); ADD(8); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ ADD(15); ADD(15); ADD(15); ADD(8); ------------------ | | 4947| 2.80M|#define ADD(j) add32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ 5062| 2.80M| SUB(10); SUB(11); SUB(12); SUB(13); LAST; // A7 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(10); SUB(11); SUB(12); SUB(13); LAST; // A7 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(10); SUB(11); SUB(12); SUB(13); LAST; // A7 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(10); SUB(11); SUB(12); SUB(13); LAST; // A7 ------------------ | | 4948| 2.80M|#define SUB(j) sub32(&cur, A(j), &c); | | ------------------ | | | | 4919| 2.80M|#define A(j) (j) % 2 ? (uint32_t) (N->p[(j)/2] >> 32) : \ | | | | ------------------ | | | | | Branch (4919:14): [Folded - Ignored] | | | | ------------------ | | | | 4920| 2.80M| (uint32_t) (N->p[(j)/2]) | | ------------------ ------------------ SUB(10); SUB(11); SUB(12); SUB(13); LAST; // A7 ------------------ | | 4972| 2.80M| STORE32; i++; \ | | ------------------ | | | | 4922| 2.80M| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 2.80M, False: 0] | | | | ------------------ | | | | 4923| 2.80M| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 2.80M| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.80M| } else { \ | | | | 4926| 0| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 0| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 0| } | | ------------------ | | 4973| 2.80M| cur = c > 0 ? c : 0; STORE32; \ | | ------------------ | | | | 4922| 2.80M| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 0, False: 2.80M] | | | | ------------------ | | | | 4923| 0| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 0| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 2.80M| } else { \ | | | | 4926| 2.80M| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 2.80M| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 2.80M| } | | ------------------ | | | Branch (4973:11): [True: 418k, False: 2.39M] | | ------------------ | | 4974| 28.0M| cur = 0; while (++i < MAX32) { STORE32; } \ | | ------------------ | | | | 4918| 28.0M|#define MAX32 N->n * 2 | | ------------------ | | cur = 0; while (++i < MAX32) { STORE32; } \ | | ------------------ | | | | 4922| 25.2M| if (i % 2) { \ | | | | ------------------ | | | | | Branch (4922:9): [True: 14.0M, False: 11.2M] | | | | ------------------ | | | | 4923| 14.0M| N->p[i/2] &= 0x00000000FFFFFFFF; \ | | | | 4924| 14.0M| N->p[i/2] |= ((mbedtls_mpi_uint) cur) << 32; \ | | | | 4925| 14.0M| } else { \ | | | | 4926| 11.2M| N->p[i/2] &= 0xFFFFFFFF00000000; \ | | | | 4927| 11.2M| N->p[i/2] |= (mbedtls_mpi_uint) cur; \ | | | | 4928| 11.2M| } | | ------------------ | | | Branch (4974:21): [True: 25.2M, False: 2.80M] | | ------------------ | | 4975| 2.80M| if (c < 0) mbedtls_ecp_fix_negative(N, c, bits); | | ------------------ | | | Branch (4975:9): [True: 1.61M, False: 1.19M] | | ------------------ ------------------ 5063| | 5064| 2.80M|cleanup: 5065| 2.80M| return ret; 5066| 2.80M|} ecp_curves.c:add32: 4936| 101M|{ 4937| 101M| *dst += src; 4938| 101M| *carry += (*dst < src); 4939| 101M|} ecp_curves.c:sub32: 4942| 72.7M|{ 4943| 72.7M| *carry -= (*dst < src); 4944| 72.7M| *dst -= src; 4945| 72.7M|} ecp_curves.c:mbedtls_ecp_fix_negative: 4982| 1.61M|{ 4983| 1.61M| size_t i; 4984| | 4985| | /* Set N := 2^bits - 1 - N. We know that 0 <= N < 2^bits, so 4986| | * set the absolute value to 0xfff...fff - N. There is no carry 4987| | * since we're subtracting from all-bits-one. */ 4988| 9.66M| for (i = 0; i <= bits / 8 / sizeof(mbedtls_mpi_uint); i++) { ------------------ | Branch (4988:17): [True: 8.05M, False: 1.61M] ------------------ 4989| 8.05M| N->p[i] = ~(mbedtls_mpi_uint) 0 - N->p[i]; 4990| 8.05M| } 4991| | /* Add 1, taking care of the carry. */ 4992| 1.61M| i = 0; 4993| 1.61M| do { 4994| 1.61M| ++N->p[i]; 4995| 1.61M| } while (N->p[i++] == 0 && i <= bits / 8 / sizeof(mbedtls_mpi_uint)); ------------------ | Branch (4995:14): [True: 0, False: 1.61M] | Branch (4995:32): [True: 0, False: 0] ------------------ 4996| | /* Invert the sign. 4997| | * Now N = N0 - 2^bits where N0 is the initial value of N. */ 4998| 1.61M| N->s = -1; 4999| | 5000| | /* Add |c| * 2^bits to the absolute value. Since c and N are 5001| | * negative, this adds c * 2^bits. */ 5002| 1.61M| mbedtls_mpi_uint msw = (mbedtls_mpi_uint) -c; 5003| 1.61M|#if defined(MBEDTLS_HAVE_INT64) 5004| 1.61M| if (bits == 224) { ------------------ | Branch (5004:9): [True: 0, False: 1.61M] ------------------ 5005| 0| msw <<= 32; 5006| 0| } 5007| 1.61M|#endif 5008| 1.61M| N->p[bits / 8 / sizeof(mbedtls_mpi_uint)] += msw; 5009| 1.61M|} mbedtls_hkdf_extract: 40| 4|{ 41| 4| unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' }; 42| | 43| 4| if (salt == NULL) { ------------------ | Branch (43:9): [True: 0, False: 4] ------------------ 44| 0| size_t hash_len; 45| | 46| 0| if (salt_len != 0) { ------------------ | Branch (46:13): [True: 0, False: 0] ------------------ 47| 0| return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; ------------------ | | 25| 0|#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80 ------------------ 48| 0| } 49| | 50| 0| hash_len = mbedtls_md_get_size(md); 51| | 52| 0| if (hash_len == 0) { ------------------ | Branch (52:13): [True: 0, False: 0] ------------------ 53| 0| return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; ------------------ | | 25| 0|#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80 ------------------ 54| 0| } 55| | 56| 0| salt = null_salt; 57| 0| salt_len = hash_len; 58| 0| } 59| | 60| 4| return mbedtls_md_hmac(md, salt, salt_len, ikm, ikm_len, prk); 61| 4|} mbedtls_hkdf_expand: 66| 32|{ 67| 32| size_t hash_len; 68| 32| size_t where = 0; 69| 32| size_t n; 70| 32| size_t t_len = 0; 71| 32| size_t i; 72| 32| int ret = 0; 73| 32| mbedtls_md_context_t ctx; 74| 32| unsigned char t[MBEDTLS_MD_MAX_SIZE]; 75| | 76| 32| if (okm == NULL) { ------------------ | Branch (76:9): [True: 0, False: 32] ------------------ 77| 0| return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; ------------------ | | 25| 0|#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80 ------------------ 78| 0| } 79| | 80| 32| hash_len = mbedtls_md_get_size(md); 81| | 82| 32| if (prk_len < hash_len || hash_len == 0) { ------------------ | Branch (82:9): [True: 0, False: 32] | Branch (82:31): [True: 0, False: 32] ------------------ 83| 0| return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; ------------------ | | 25| 0|#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80 ------------------ 84| 0| } 85| | 86| 32| if (info == NULL) { ------------------ | Branch (86:9): [True: 0, False: 32] ------------------ 87| 0| info = (const unsigned char *) ""; 88| 0| info_len = 0; 89| 0| } 90| | 91| 32| n = okm_len / hash_len; 92| | 93| 32| if (okm_len % hash_len != 0) { ------------------ | Branch (93:9): [True: 8, False: 24] ------------------ 94| 8| n++; 95| 8| } 96| | 97| | /* 98| | * Per RFC 5869 Section 2.3, okm_len must not exceed 99| | * 255 times the hash length 100| | */ 101| 32| if (n > 255) { ------------------ | Branch (101:9): [True: 0, False: 32] ------------------ 102| 0| return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA; ------------------ | | 25| 0|#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80 ------------------ 103| 0| } 104| | 105| 32| mbedtls_md_init(&ctx); 106| | 107| 32| if ((ret = mbedtls_md_setup(&ctx, md, 1)) != 0) { ------------------ | Branch (107:9): [True: 0, False: 32] ------------------ 108| 0| goto exit; 109| 0| } 110| | 111| 32| memset(t, 0, hash_len); 112| | 113| | /* 114| | * Compute T = T(1) | T(2) | T(3) | ... | T(N) 115| | * Where T(N) is defined in RFC 5869 Section 2.3 116| | */ 117| 64| for (i = 1; i <= n; i++) { ------------------ | Branch (117:17): [True: 32, False: 32] ------------------ 118| 32| size_t num_to_copy; 119| 32| unsigned char c = i & 0xff; 120| | 121| 32| ret = mbedtls_md_hmac_starts(&ctx, prk, prk_len); 122| 32| if (ret != 0) { ------------------ | Branch (122:13): [True: 0, False: 32] ------------------ 123| 0| goto exit; 124| 0| } 125| | 126| 32| ret = mbedtls_md_hmac_update(&ctx, t, t_len); 127| 32| if (ret != 0) { ------------------ | Branch (127:13): [True: 0, False: 32] ------------------ 128| 0| goto exit; 129| 0| } 130| | 131| 32| ret = mbedtls_md_hmac_update(&ctx, info, info_len); 132| 32| if (ret != 0) { ------------------ | Branch (132:13): [True: 0, False: 32] ------------------ 133| 0| goto exit; 134| 0| } 135| | 136| | /* The constant concatenated to the end of each T(n) is a single octet. 137| | * */ 138| 32| ret = mbedtls_md_hmac_update(&ctx, &c, 1); 139| 32| if (ret != 0) { ------------------ | Branch (139:13): [True: 0, False: 32] ------------------ 140| 0| goto exit; 141| 0| } 142| | 143| 32| ret = mbedtls_md_hmac_finish(&ctx, t); 144| 32| if (ret != 0) { ------------------ | Branch (144:13): [True: 0, False: 32] ------------------ 145| 0| goto exit; 146| 0| } 147| | 148| 32| num_to_copy = i != n ? hash_len : okm_len - where; ------------------ | Branch (148:23): [True: 0, False: 32] ------------------ 149| 32| memcpy(okm + where, t, num_to_copy); 150| 32| where += hash_len; 151| 32| t_len = hash_len; 152| 32| } 153| | 154| 32|exit: 155| 32| mbedtls_md_free(&ctx); 156| 32| mbedtls_platform_zeroize(t, sizeof(t)); 157| | 158| 32| return ret; 159| 32|} mbedtls_md_info_from_type: 140| 1.59k|{ 141| 1.59k| switch (md_type) { 142| |#if defined(MBEDTLS_MD_CAN_MD5) 143| | case MBEDTLS_MD_MD5: 144| | return &mbedtls_md5_info; 145| |#endif 146| |#if defined(MBEDTLS_MD_CAN_RIPEMD160) 147| | case MBEDTLS_MD_RIPEMD160: 148| | return &mbedtls_ripemd160_info; 149| |#endif 150| |#if defined(MBEDTLS_MD_CAN_SHA1) 151| | case MBEDTLS_MD_SHA1: 152| | return &mbedtls_sha1_info; 153| |#endif 154| |#if defined(MBEDTLS_MD_CAN_SHA224) 155| | case MBEDTLS_MD_SHA224: 156| | return &mbedtls_sha224_info; 157| |#endif 158| 0|#if defined(MBEDTLS_MD_CAN_SHA256) 159| 1.59k| case MBEDTLS_MD_SHA256: ------------------ | Branch (159:9): [True: 1.59k, False: 0] ------------------ 160| 1.59k| return &mbedtls_sha256_info; 161| 0|#endif 162| 0|#if defined(MBEDTLS_MD_CAN_SHA384) 163| 0| case MBEDTLS_MD_SHA384: ------------------ | Branch (163:9): [True: 0, False: 1.59k] ------------------ 164| 0| return &mbedtls_sha384_info; 165| 0|#endif 166| 0|#if defined(MBEDTLS_MD_CAN_SHA512) 167| 0| case MBEDTLS_MD_SHA512: ------------------ | Branch (167:9): [True: 0, False: 1.59k] ------------------ 168| 0| return &mbedtls_sha512_info; 169| 0|#endif 170| 0|#if defined(MBEDTLS_MD_CAN_SHA3_224) 171| 0| case MBEDTLS_MD_SHA3_224: ------------------ | Branch (171:9): [True: 0, False: 1.59k] ------------------ 172| 0| return &mbedtls_sha3_224_info; 173| 0|#endif 174| 0|#if defined(MBEDTLS_MD_CAN_SHA3_256) 175| 0| case MBEDTLS_MD_SHA3_256: ------------------ | Branch (175:9): [True: 0, False: 1.59k] ------------------ 176| 0| return &mbedtls_sha3_256_info; 177| 0|#endif 178| 0|#if defined(MBEDTLS_MD_CAN_SHA3_384) 179| 0| case MBEDTLS_MD_SHA3_384: ------------------ | Branch (179:9): [True: 0, False: 1.59k] ------------------ 180| 0| return &mbedtls_sha3_384_info; 181| 0|#endif 182| 0|#if defined(MBEDTLS_MD_CAN_SHA3_512) 183| 0| case MBEDTLS_MD_SHA3_512: ------------------ | Branch (183:9): [True: 0, False: 1.59k] ------------------ 184| 0| return &mbedtls_sha3_512_info; 185| 0|#endif 186| 0| default: ------------------ | Branch (186:9): [True: 0, False: 1.59k] ------------------ 187| 0| return NULL; 188| 1.59k| } 189| 1.59k|} mbedtls_md_init: 256| 282|{ 257| | /* Note: this sets engine (if present) to MBEDTLS_MD_ENGINE_LEGACY */ 258| 282| memset(ctx, 0, sizeof(mbedtls_md_context_t)); 259| 282|} mbedtls_md_free: 262| 282|{ 263| 282| if (ctx == NULL || ctx->md_info == NULL) { ------------------ | Branch (263:9): [True: 0, False: 282] | Branch (263:24): [True: 0, False: 282] ------------------ 264| 0| return; 265| 0| } 266| | 267| 282| if (ctx->md_ctx != NULL) { ------------------ | Branch (267:9): [True: 282, False: 0] ------------------ 268| |#if defined(MBEDTLS_MD_SOME_PSA) 269| | if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 270| | psa_hash_abort(ctx->md_ctx); 271| | } else 272| |#endif 273| 282| switch (ctx->md_info->type) { 274| |#if defined(MBEDTLS_MD5_C) 275| | case MBEDTLS_MD_MD5: 276| | mbedtls_md5_free(ctx->md_ctx); 277| | break; 278| |#endif 279| |#if defined(MBEDTLS_RIPEMD160_C) 280| | case MBEDTLS_MD_RIPEMD160: 281| | mbedtls_ripemd160_free(ctx->md_ctx); 282| | break; 283| |#endif 284| |#if defined(MBEDTLS_SHA1_C) 285| | case MBEDTLS_MD_SHA1: 286| | mbedtls_sha1_free(ctx->md_ctx); 287| | break; 288| |#endif 289| |#if defined(MBEDTLS_SHA224_C) 290| | case MBEDTLS_MD_SHA224: 291| | mbedtls_sha256_free(ctx->md_ctx); 292| | break; 293| |#endif 294| 0|#if defined(MBEDTLS_SHA256_C) 295| 282| case MBEDTLS_MD_SHA256: ------------------ | Branch (295:13): [True: 282, False: 0] ------------------ 296| 282| mbedtls_sha256_free(ctx->md_ctx); 297| 282| break; 298| 0|#endif 299| 0|#if defined(MBEDTLS_SHA384_C) 300| 0| case MBEDTLS_MD_SHA384: ------------------ | Branch (300:13): [True: 0, False: 282] ------------------ 301| 0| mbedtls_sha512_free(ctx->md_ctx); 302| 0| break; 303| 0|#endif 304| 0|#if defined(MBEDTLS_SHA512_C) 305| 0| case MBEDTLS_MD_SHA512: ------------------ | Branch (305:13): [True: 0, False: 282] ------------------ 306| 0| mbedtls_sha512_free(ctx->md_ctx); 307| 0| break; 308| 0|#endif 309| 0|#if defined(MBEDTLS_SHA3_C) 310| 0| case MBEDTLS_MD_SHA3_224: ------------------ | Branch (310:13): [True: 0, False: 282] ------------------ 311| 0| case MBEDTLS_MD_SHA3_256: ------------------ | Branch (311:13): [True: 0, False: 282] ------------------ 312| 0| case MBEDTLS_MD_SHA3_384: ------------------ | Branch (312:13): [True: 0, False: 282] ------------------ 313| 0| case MBEDTLS_MD_SHA3_512: ------------------ | Branch (313:13): [True: 0, False: 282] ------------------ 314| 0| mbedtls_sha3_free(ctx->md_ctx); 315| 0| break; 316| 0|#endif 317| 0| default: ------------------ | Branch (317:13): [True: 0, False: 282] ------------------ 318| | /* Shouldn't happen */ 319| 0| break; 320| 282| } 321| 282| mbedtls_free(ctx->md_ctx); ------------------ | | 143| 282|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 282|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 322| 282| } 323| | 324| 282|#if defined(MBEDTLS_MD_C) 325| 282| if (ctx->hmac_ctx != NULL) { ------------------ | Branch (325:9): [True: 282, False: 0] ------------------ 326| 282| mbedtls_zeroize_and_free(ctx->hmac_ctx, 327| 282| 2 * ctx->md_info->block_size); 328| 282| } 329| 282|#endif 330| | 331| 282| mbedtls_platform_zeroize(ctx, sizeof(mbedtls_md_context_t)); 332| 282|} mbedtls_md_setup: 419| 282|{ 420| 282|#if defined(MBEDTLS_MD_C) 421| 282| if (ctx == NULL) { ------------------ | Branch (421:9): [True: 0, False: 282] ------------------ 422| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 423| 0| } 424| 282|#endif 425| 282| if (md_info == NULL) { ------------------ | Branch (425:9): [True: 0, False: 282] ------------------ 426| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 427| 0| } 428| | 429| 282| ctx->md_info = md_info; 430| 282| ctx->md_ctx = NULL; 431| 282|#if defined(MBEDTLS_MD_C) 432| 282| ctx->hmac_ctx = NULL; 433| |#else 434| | if (hmac != 0) { 435| | return MBEDTLS_ERR_MD_BAD_INPUT_DATA; 436| | } 437| |#endif 438| | 439| |#if defined(MBEDTLS_MD_SOME_PSA) 440| | if (md_can_use_psa(ctx->md_info)) { 441| | ctx->md_ctx = mbedtls_calloc(1, sizeof(psa_hash_operation_t)); 442| | if (ctx->md_ctx == NULL) { 443| | return MBEDTLS_ERR_MD_ALLOC_FAILED; 444| | } 445| | ctx->engine = MBEDTLS_MD_ENGINE_PSA; 446| | } else 447| |#endif 448| 282| switch (md_info->type) { 449| |#if defined(MBEDTLS_MD5_C) 450| | case MBEDTLS_MD_MD5: 451| | ALLOC(md5); 452| | break; 453| |#endif 454| |#if defined(MBEDTLS_RIPEMD160_C) 455| | case MBEDTLS_MD_RIPEMD160: 456| | ALLOC(ripemd160); 457| | break; 458| |#endif 459| |#if defined(MBEDTLS_SHA1_C) 460| | case MBEDTLS_MD_SHA1: 461| | ALLOC(sha1); 462| | break; 463| |#endif 464| |#if defined(MBEDTLS_SHA224_C) 465| | case MBEDTLS_MD_SHA224: 466| | ALLOC(sha256); 467| | break; 468| |#endif 469| 0|#if defined(MBEDTLS_SHA256_C) 470| 282| case MBEDTLS_MD_SHA256: ------------------ | Branch (470:9): [True: 282, False: 0] ------------------ 471| 282| ALLOC(sha256); ------------------ | | 410| 282| do { \ | | 411| 282| ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \ | | ------------------ | | | | 144| 282|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | | | ------------------ | | | | | | 4093| 282|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | | | ------------------ | | ------------------ | | 412| 282| if (ctx->md_ctx == NULL) \ | | ------------------ | | | Branch (412:13): [True: 0, False: 282] | | ------------------ | | 413| 282| return MBEDTLS_ERR_MD_ALLOC_FAILED; \ | | ------------------ | | | | 28| 0|#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 | | ------------------ | | 414| 282| mbedtls_##type##_init(ctx->md_ctx); \ | | 415| 282| } \ | | 416| 282| while (0) | | ------------------ | | | Branch (416:12): [Folded - Ignored] | | ------------------ ------------------ 472| 282| break; 473| 282|#endif 474| 282|#if defined(MBEDTLS_SHA384_C) 475| 282| case MBEDTLS_MD_SHA384: ------------------ | Branch (475:9): [True: 0, False: 282] ------------------ 476| 0| ALLOC(sha512); ------------------ | | 410| 0| do { \ | | 411| 0| ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \ | | ------------------ | | | | 144| 0|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | | | ------------------ | | | | | | 4093| 0|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | | | ------------------ | | ------------------ | | 412| 0| if (ctx->md_ctx == NULL) \ | | ------------------ | | | Branch (412:13): [True: 0, False: 0] | | ------------------ | | 413| 0| return MBEDTLS_ERR_MD_ALLOC_FAILED; \ | | ------------------ | | | | 28| 0|#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 | | ------------------ | | 414| 0| mbedtls_##type##_init(ctx->md_ctx); \ | | 415| 0| } \ | | 416| 0| while (0) | | ------------------ | | | Branch (416:12): [Folded - Ignored] | | ------------------ ------------------ 477| 0| break; 478| 0|#endif 479| 0|#if defined(MBEDTLS_SHA512_C) 480| 0| case MBEDTLS_MD_SHA512: ------------------ | Branch (480:9): [True: 0, False: 282] ------------------ 481| 0| ALLOC(sha512); ------------------ | | 410| 0| do { \ | | 411| 0| ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \ | | ------------------ | | | | 144| 0|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | | | ------------------ | | | | | | 4093| 0|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | | | ------------------ | | ------------------ | | 412| 0| if (ctx->md_ctx == NULL) \ | | ------------------ | | | Branch (412:13): [True: 0, False: 0] | | ------------------ | | 413| 0| return MBEDTLS_ERR_MD_ALLOC_FAILED; \ | | ------------------ | | | | 28| 0|#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 | | ------------------ | | 414| 0| mbedtls_##type##_init(ctx->md_ctx); \ | | 415| 0| } \ | | 416| 0| while (0) | | ------------------ | | | Branch (416:12): [Folded - Ignored] | | ------------------ ------------------ 482| 0| break; 483| 0|#endif 484| 0|#if defined(MBEDTLS_SHA3_C) 485| 0| case MBEDTLS_MD_SHA3_224: ------------------ | Branch (485:9): [True: 0, False: 282] ------------------ 486| 0| case MBEDTLS_MD_SHA3_256: ------------------ | Branch (486:9): [True: 0, False: 282] ------------------ 487| 0| case MBEDTLS_MD_SHA3_384: ------------------ | Branch (487:9): [True: 0, False: 282] ------------------ 488| 0| case MBEDTLS_MD_SHA3_512: ------------------ | Branch (488:9): [True: 0, False: 282] ------------------ 489| 0| ALLOC(sha3); ------------------ | | 410| 0| do { \ | | 411| 0| ctx->md_ctx = mbedtls_calloc(1, sizeof(mbedtls_##type##_context)); \ | | ------------------ | | | | 144| 0|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | | | ------------------ | | | | | | 4093| 0|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | | | ------------------ | | ------------------ | | 412| 0| if (ctx->md_ctx == NULL) \ | | ------------------ | | | Branch (412:13): [True: 0, False: 0] | | ------------------ | | 413| 0| return MBEDTLS_ERR_MD_ALLOC_FAILED; \ | | ------------------ | | | | 28| 0|#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 | | ------------------ | | 414| 0| mbedtls_##type##_init(ctx->md_ctx); \ | | 415| 0| } \ | | 416| 0| while (0) | | ------------------ | | | Branch (416:12): [Folded - Ignored] | | ------------------ ------------------ 490| 0| break; 491| 0|#endif 492| 0| default: ------------------ | Branch (492:9): [True: 0, False: 282] ------------------ 493| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 494| 282| } 495| | 496| 282|#if defined(MBEDTLS_MD_C) 497| 282| if (hmac != 0) { ------------------ | Branch (497:9): [True: 282, False: 0] ------------------ 498| 282| ctx->hmac_ctx = mbedtls_calloc(2, md_info->block_size); ------------------ | | 144| 282|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 282|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ 499| 282| if (ctx->hmac_ctx == NULL) { ------------------ | Branch (499:13): [True: 0, False: 282] ------------------ 500| 0| mbedtls_md_free(ctx); 501| 0| return MBEDTLS_ERR_MD_ALLOC_FAILED; ------------------ | | 28| 0|#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 ------------------ 502| 0| } 503| 282| } 504| 282|#endif 505| | 506| 282| return 0; 507| 282|} mbedtls_md_starts: 511| 564|{ 512| 564|#if defined(MBEDTLS_MD_C) 513| 564| if (ctx == NULL || ctx->md_info == NULL) { ------------------ | Branch (513:9): [True: 0, False: 564] | Branch (513:24): [True: 0, False: 564] ------------------ 514| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 515| 0| } 516| 564|#endif 517| | 518| |#if defined(MBEDTLS_MD_SOME_PSA) 519| | if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 520| | psa_algorithm_t alg = psa_alg_of_md(ctx->md_info); 521| | psa_hash_abort(ctx->md_ctx); 522| | psa_status_t status = psa_hash_setup(ctx->md_ctx, alg); 523| | return mbedtls_md_error_from_psa(status); 524| | } 525| |#endif 526| | 527| 564| switch (ctx->md_info->type) { 528| |#if defined(MBEDTLS_MD5_C) 529| | case MBEDTLS_MD_MD5: 530| | return mbedtls_md5_starts(ctx->md_ctx); 531| |#endif 532| |#if defined(MBEDTLS_RIPEMD160_C) 533| | case MBEDTLS_MD_RIPEMD160: 534| | return mbedtls_ripemd160_starts(ctx->md_ctx); 535| |#endif 536| |#if defined(MBEDTLS_SHA1_C) 537| | case MBEDTLS_MD_SHA1: 538| | return mbedtls_sha1_starts(ctx->md_ctx); 539| |#endif 540| |#if defined(MBEDTLS_SHA224_C) 541| | case MBEDTLS_MD_SHA224: 542| | return mbedtls_sha256_starts(ctx->md_ctx, 1); 543| |#endif 544| 0|#if defined(MBEDTLS_SHA256_C) 545| 564| case MBEDTLS_MD_SHA256: ------------------ | Branch (545:9): [True: 564, False: 0] ------------------ 546| 564| return mbedtls_sha256_starts(ctx->md_ctx, 0); 547| 0|#endif 548| 0|#if defined(MBEDTLS_SHA384_C) 549| 0| case MBEDTLS_MD_SHA384: ------------------ | Branch (549:9): [True: 0, False: 564] ------------------ 550| 0| return mbedtls_sha512_starts(ctx->md_ctx, 1); 551| 0|#endif 552| 0|#if defined(MBEDTLS_SHA512_C) 553| 0| case MBEDTLS_MD_SHA512: ------------------ | Branch (553:9): [True: 0, False: 564] ------------------ 554| 0| return mbedtls_sha512_starts(ctx->md_ctx, 0); 555| 0|#endif 556| 0|#if defined(MBEDTLS_SHA3_C) 557| 0| case MBEDTLS_MD_SHA3_224: ------------------ | Branch (557:9): [True: 0, False: 564] ------------------ 558| 0| return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_224); 559| 0| case MBEDTLS_MD_SHA3_256: ------------------ | Branch (559:9): [True: 0, False: 564] ------------------ 560| 0| return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_256); 561| 0| case MBEDTLS_MD_SHA3_384: ------------------ | Branch (561:9): [True: 0, False: 564] ------------------ 562| 0| return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_384); 563| 0| case MBEDTLS_MD_SHA3_512: ------------------ | Branch (563:9): [True: 0, False: 564] ------------------ 564| 0| return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_512); 565| 0|#endif 566| 0| default: ------------------ | Branch (566:9): [True: 0, False: 564] ------------------ 567| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 568| 564| } 569| 564|} mbedtls_md_update: 572| 1.19k|{ 573| 1.19k|#if defined(MBEDTLS_MD_C) 574| 1.19k| if (ctx == NULL || ctx->md_info == NULL) { ------------------ | Branch (574:9): [True: 0, False: 1.19k] | Branch (574:24): [True: 0, False: 1.19k] ------------------ 575| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 576| 0| } 577| 1.19k|#endif 578| | 579| |#if defined(MBEDTLS_MD_SOME_PSA) 580| | if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 581| | psa_status_t status = psa_hash_update(ctx->md_ctx, input, ilen); 582| | return mbedtls_md_error_from_psa(status); 583| | } 584| |#endif 585| | 586| 1.19k| switch (ctx->md_info->type) { 587| |#if defined(MBEDTLS_MD5_C) 588| | case MBEDTLS_MD_MD5: 589| | return mbedtls_md5_update(ctx->md_ctx, input, ilen); 590| |#endif 591| |#if defined(MBEDTLS_RIPEMD160_C) 592| | case MBEDTLS_MD_RIPEMD160: 593| | return mbedtls_ripemd160_update(ctx->md_ctx, input, ilen); 594| |#endif 595| |#if defined(MBEDTLS_SHA1_C) 596| | case MBEDTLS_MD_SHA1: 597| | return mbedtls_sha1_update(ctx->md_ctx, input, ilen); 598| |#endif 599| |#if defined(MBEDTLS_SHA224_C) 600| | case MBEDTLS_MD_SHA224: 601| | return mbedtls_sha256_update(ctx->md_ctx, input, ilen); 602| |#endif 603| 0|#if defined(MBEDTLS_SHA256_C) 604| 1.19k| case MBEDTLS_MD_SHA256: ------------------ | Branch (604:9): [True: 1.19k, False: 0] ------------------ 605| 1.19k| return mbedtls_sha256_update(ctx->md_ctx, input, ilen); 606| 0|#endif 607| 0|#if defined(MBEDTLS_SHA384_C) 608| 0| case MBEDTLS_MD_SHA384: ------------------ | Branch (608:9): [True: 0, False: 1.19k] ------------------ 609| 0| return mbedtls_sha512_update(ctx->md_ctx, input, ilen); 610| 0|#endif 611| 0|#if defined(MBEDTLS_SHA512_C) 612| 0| case MBEDTLS_MD_SHA512: ------------------ | Branch (612:9): [True: 0, False: 1.19k] ------------------ 613| 0| return mbedtls_sha512_update(ctx->md_ctx, input, ilen); 614| 0|#endif 615| 0|#if defined(MBEDTLS_SHA3_C) 616| 0| case MBEDTLS_MD_SHA3_224: ------------------ | Branch (616:9): [True: 0, False: 1.19k] ------------------ 617| 0| case MBEDTLS_MD_SHA3_256: ------------------ | Branch (617:9): [True: 0, False: 1.19k] ------------------ 618| 0| case MBEDTLS_MD_SHA3_384: ------------------ | Branch (618:9): [True: 0, False: 1.19k] ------------------ 619| 0| case MBEDTLS_MD_SHA3_512: ------------------ | Branch (619:9): [True: 0, False: 1.19k] ------------------ 620| 0| return mbedtls_sha3_update(ctx->md_ctx, input, ilen); 621| 0|#endif 622| 0| default: ------------------ | Branch (622:9): [True: 0, False: 1.19k] ------------------ 623| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 624| 1.19k| } 625| 1.19k|} mbedtls_md_finish: 628| 564|{ 629| 564|#if defined(MBEDTLS_MD_C) 630| 564| if (ctx == NULL || ctx->md_info == NULL) { ------------------ | Branch (630:9): [True: 0, False: 564] | Branch (630:24): [True: 0, False: 564] ------------------ 631| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 632| 0| } 633| 564|#endif 634| | 635| |#if defined(MBEDTLS_MD_SOME_PSA) 636| | if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { 637| | size_t size = ctx->md_info->size; 638| | psa_status_t status = psa_hash_finish(ctx->md_ctx, 639| | output, size, &size); 640| | return mbedtls_md_error_from_psa(status); 641| | } 642| |#endif 643| | 644| 564| switch (ctx->md_info->type) { 645| |#if defined(MBEDTLS_MD5_C) 646| | case MBEDTLS_MD_MD5: 647| | return mbedtls_md5_finish(ctx->md_ctx, output); 648| |#endif 649| |#if defined(MBEDTLS_RIPEMD160_C) 650| | case MBEDTLS_MD_RIPEMD160: 651| | return mbedtls_ripemd160_finish(ctx->md_ctx, output); 652| |#endif 653| |#if defined(MBEDTLS_SHA1_C) 654| | case MBEDTLS_MD_SHA1: 655| | return mbedtls_sha1_finish(ctx->md_ctx, output); 656| |#endif 657| |#if defined(MBEDTLS_SHA224_C) 658| | case MBEDTLS_MD_SHA224: 659| | return mbedtls_sha256_finish(ctx->md_ctx, output); 660| |#endif 661| 0|#if defined(MBEDTLS_SHA256_C) 662| 564| case MBEDTLS_MD_SHA256: ------------------ | Branch (662:9): [True: 564, False: 0] ------------------ 663| 564| return mbedtls_sha256_finish(ctx->md_ctx, output); 664| 0|#endif 665| 0|#if defined(MBEDTLS_SHA384_C) 666| 0| case MBEDTLS_MD_SHA384: ------------------ | Branch (666:9): [True: 0, False: 564] ------------------ 667| 0| return mbedtls_sha512_finish(ctx->md_ctx, output); 668| 0|#endif 669| 0|#if defined(MBEDTLS_SHA512_C) 670| 0| case MBEDTLS_MD_SHA512: ------------------ | Branch (670:9): [True: 0, False: 564] ------------------ 671| 0| return mbedtls_sha512_finish(ctx->md_ctx, output); 672| 0|#endif 673| 0|#if defined(MBEDTLS_SHA3_C) 674| 0| case MBEDTLS_MD_SHA3_224: ------------------ | Branch (674:9): [True: 0, False: 564] ------------------ 675| 0| case MBEDTLS_MD_SHA3_256: ------------------ | Branch (675:9): [True: 0, False: 564] ------------------ 676| 0| case MBEDTLS_MD_SHA3_384: ------------------ | Branch (676:9): [True: 0, False: 564] ------------------ 677| 0| case MBEDTLS_MD_SHA3_512: ------------------ | Branch (677:9): [True: 0, False: 564] ------------------ 678| 0| return mbedtls_sha3_finish(ctx->md_ctx, output, ctx->md_info->size); 679| 0|#endif 680| 0| default: ------------------ | Branch (680:9): [True: 0, False: 564] ------------------ 681| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 682| 564| } 683| 564|} mbedtls_md: 687| 952|{ 688| 952| if (md_info == NULL) { ------------------ | Branch (688:9): [True: 0, False: 952] ------------------ 689| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 690| 0| } 691| | 692| |#if defined(MBEDTLS_MD_SOME_PSA) 693| | if (md_can_use_psa(md_info)) { 694| | size_t size = md_info->size; 695| | psa_status_t status = psa_hash_compute(psa_alg_of_md(md_info), 696| | input, ilen, 697| | output, size, &size); 698| | return mbedtls_md_error_from_psa(status); 699| | } 700| |#endif 701| | 702| 952| switch (md_info->type) { 703| |#if defined(MBEDTLS_MD5_C) 704| | case MBEDTLS_MD_MD5: 705| | return mbedtls_md5(input, ilen, output); 706| |#endif 707| |#if defined(MBEDTLS_RIPEMD160_C) 708| | case MBEDTLS_MD_RIPEMD160: 709| | return mbedtls_ripemd160(input, ilen, output); 710| |#endif 711| |#if defined(MBEDTLS_SHA1_C) 712| | case MBEDTLS_MD_SHA1: 713| | return mbedtls_sha1(input, ilen, output); 714| |#endif 715| |#if defined(MBEDTLS_SHA224_C) 716| | case MBEDTLS_MD_SHA224: 717| | return mbedtls_sha256(input, ilen, output, 1); 718| |#endif 719| 0|#if defined(MBEDTLS_SHA256_C) 720| 952| case MBEDTLS_MD_SHA256: ------------------ | Branch (720:9): [True: 952, False: 0] ------------------ 721| 952| return mbedtls_sha256(input, ilen, output, 0); 722| 0|#endif 723| 0|#if defined(MBEDTLS_SHA384_C) 724| 0| case MBEDTLS_MD_SHA384: ------------------ | Branch (724:9): [True: 0, False: 952] ------------------ 725| 0| return mbedtls_sha512(input, ilen, output, 1); 726| 0|#endif 727| 0|#if defined(MBEDTLS_SHA512_C) 728| 0| case MBEDTLS_MD_SHA512: ------------------ | Branch (728:9): [True: 0, False: 952] ------------------ 729| 0| return mbedtls_sha512(input, ilen, output, 0); 730| 0|#endif 731| 0|#if defined(MBEDTLS_SHA3_C) 732| 0| case MBEDTLS_MD_SHA3_224: ------------------ | Branch (732:9): [True: 0, False: 952] ------------------ 733| 0| return mbedtls_sha3(MBEDTLS_SHA3_224, input, ilen, output, md_info->size); 734| 0| case MBEDTLS_MD_SHA3_256: ------------------ | Branch (734:9): [True: 0, False: 952] ------------------ 735| 0| return mbedtls_sha3(MBEDTLS_SHA3_256, input, ilen, output, md_info->size); 736| 0| case MBEDTLS_MD_SHA3_384: ------------------ | Branch (736:9): [True: 0, False: 952] ------------------ 737| 0| return mbedtls_sha3(MBEDTLS_SHA3_384, input, ilen, output, md_info->size); 738| 0| case MBEDTLS_MD_SHA3_512: ------------------ | Branch (738:9): [True: 0, False: 952] ------------------ 739| 0| return mbedtls_sha3(MBEDTLS_SHA3_512, input, ilen, output, md_info->size); 740| 0|#endif 741| 0| default: ------------------ | Branch (741:9): [True: 0, False: 952] ------------------ 742| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 743| 952| } 744| 952|} mbedtls_md_get_size: 747| 1.34k|{ 748| 1.34k| if (md_info == NULL) { ------------------ | Branch (748:9): [True: 0, False: 1.34k] ------------------ 749| 0| return 0; 750| 0| } 751| | 752| 1.34k| return md_info->size; 753| 1.34k|} mbedtls_md_hmac_starts: 970| 282|{ 971| 282| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 282|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 972| 282| unsigned char sum[MBEDTLS_MD_MAX_SIZE]; 973| 282| unsigned char *ipad, *opad; 974| | 975| 282| if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { ------------------ | Branch (975:9): [True: 0, False: 282] | Branch (975:24): [True: 0, False: 282] | Branch (975:48): [True: 0, False: 282] ------------------ 976| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 977| 0| } 978| | 979| 282| if (keylen > (size_t) ctx->md_info->block_size) { ------------------ | Branch (979:9): [True: 0, False: 282] ------------------ 980| 0| if ((ret = mbedtls_md_starts(ctx)) != 0) { ------------------ | Branch (980:13): [True: 0, False: 0] ------------------ 981| 0| goto cleanup; 982| 0| } 983| 0| if ((ret = mbedtls_md_update(ctx, key, keylen)) != 0) { ------------------ | Branch (983:13): [True: 0, False: 0] ------------------ 984| 0| goto cleanup; 985| 0| } 986| 0| if ((ret = mbedtls_md_finish(ctx, sum)) != 0) { ------------------ | Branch (986:13): [True: 0, False: 0] ------------------ 987| 0| goto cleanup; 988| 0| } 989| | 990| 0| keylen = ctx->md_info->size; 991| 0| key = sum; 992| 0| } 993| | 994| 282| ipad = (unsigned char *) ctx->hmac_ctx; 995| 282| opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; 996| | 997| 282| memset(ipad, 0x36, ctx->md_info->block_size); 998| 282| memset(opad, 0x5C, ctx->md_info->block_size); 999| | 1000| 282| mbedtls_xor(ipad, ipad, key, keylen); 1001| 282| mbedtls_xor(opad, opad, key, keylen); 1002| | 1003| 282| if ((ret = mbedtls_md_starts(ctx)) != 0) { ------------------ | Branch (1003:9): [True: 0, False: 282] ------------------ 1004| 0| goto cleanup; 1005| 0| } 1006| 282| if ((ret = mbedtls_md_update(ctx, ipad, ------------------ | Branch (1006:9): [True: 0, False: 282] ------------------ 1007| 282| ctx->md_info->block_size)) != 0) { 1008| 0| goto cleanup; 1009| 0| } 1010| | 1011| 282|cleanup: 1012| 282| mbedtls_platform_zeroize(sum, sizeof(sum)); 1013| | 1014| 282| return ret; 1015| 282|} mbedtls_md_hmac_update: 1018| 346|{ 1019| 346| if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { ------------------ | Branch (1019:9): [True: 0, False: 346] | Branch (1019:24): [True: 0, False: 346] | Branch (1019:48): [True: 0, False: 346] ------------------ 1020| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 1021| 0| } 1022| | 1023| 346| return mbedtls_md_update(ctx, input, ilen); 1024| 346|} mbedtls_md_hmac_finish: 1027| 282|{ 1028| 282| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 282|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1029| 282| unsigned char tmp[MBEDTLS_MD_MAX_SIZE]; 1030| 282| unsigned char *opad; 1031| | 1032| 282| if (ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL) { ------------------ | Branch (1032:9): [True: 0, False: 282] | Branch (1032:24): [True: 0, False: 282] | Branch (1032:48): [True: 0, False: 282] ------------------ 1033| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 1034| 0| } 1035| | 1036| 282| opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; 1037| | 1038| 282| if ((ret = mbedtls_md_finish(ctx, tmp)) != 0) { ------------------ | Branch (1038:9): [True: 0, False: 282] ------------------ 1039| 0| return ret; 1040| 0| } 1041| 282| if ((ret = mbedtls_md_starts(ctx)) != 0) { ------------------ | Branch (1041:9): [True: 0, False: 282] ------------------ 1042| 0| return ret; 1043| 0| } 1044| 282| if ((ret = mbedtls_md_update(ctx, opad, ------------------ | Branch (1044:9): [True: 0, False: 282] ------------------ 1045| 282| ctx->md_info->block_size)) != 0) { 1046| 0| return ret; 1047| 0| } 1048| 282| if ((ret = mbedtls_md_update(ctx, tmp, ------------------ | Branch (1048:9): [True: 0, False: 282] ------------------ 1049| 282| ctx->md_info->size)) != 0) { 1050| 0| return ret; 1051| 0| } 1052| 282| return mbedtls_md_finish(ctx, output); 1053| 282|} mbedtls_md_hmac: 1076| 250|{ 1077| 250| mbedtls_md_context_t ctx; 1078| 250| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 250|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1079| | 1080| 250| if (md_info == NULL) { ------------------ | Branch (1080:9): [True: 0, False: 250] ------------------ 1081| 0| return MBEDTLS_ERR_MD_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 ------------------ 1082| 0| } 1083| | 1084| 250| mbedtls_md_init(&ctx); 1085| | 1086| 250| if ((ret = mbedtls_md_setup(&ctx, md_info, 1)) != 0) { ------------------ | Branch (1086:9): [True: 0, False: 250] ------------------ 1087| 0| goto cleanup; 1088| 0| } 1089| | 1090| 250| if ((ret = mbedtls_md_hmac_starts(&ctx, key, keylen)) != 0) { ------------------ | Branch (1090:9): [True: 0, False: 250] ------------------ 1091| 0| goto cleanup; 1092| 0| } 1093| 250| if ((ret = mbedtls_md_hmac_update(&ctx, input, ilen)) != 0) { ------------------ | Branch (1093:9): [True: 0, False: 250] ------------------ 1094| 0| goto cleanup; 1095| 0| } 1096| 250| if ((ret = mbedtls_md_hmac_finish(&ctx, output)) != 0) { ------------------ | Branch (1096:9): [True: 0, False: 250] ------------------ 1097| 0| goto cleanup; 1098| 0| } 1099| | 1100| 250|cleanup: 1101| 250| mbedtls_md_free(&ctx); 1102| | 1103| 250| return ret; 1104| 250|} mbedtls_oid_get_x509_ext_type: 84| 40.2k| { \ 85| 40.2k| const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ 86| 40.2k| if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ ------------------ | | 28| 5.35k|#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E ------------------ | Branch (86:13): [True: 5.35k, False: 34.8k] ------------------ 87| 40.2k| *ATTR1 = data->ATTR1; \ 88| 34.8k| return 0; \ 89| 40.2k| } mbedtls_oid_get_sig_alg: 99| 7.73k| { \ 100| 7.73k| const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ 101| 7.73k| if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ ------------------ | | 28| 0|#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E ------------------ | Branch (101:13): [True: 0, False: 7.73k] ------------------ 102| 7.73k| *(ATTR1) = data->ATTR1; \ 103| 7.73k| *(ATTR2) = data->ATTR2; \ 104| 7.73k| return 0; \ 105| 7.73k| } mbedtls_oid_get_pk_alg: 84| 7.85k| { \ 85| 7.85k| const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ 86| 7.85k| if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ ------------------ | | 28| 0|#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E ------------------ | Branch (86:13): [True: 0, False: 7.85k] ------------------ 87| 7.85k| *ATTR1 = data->ATTR1; \ 88| 7.85k| return 0; \ 89| 7.85k| } mbedtls_oid_get_ec_grp: 84| 5.71k| { \ 85| 5.71k| const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \ 86| 5.71k| if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \ ------------------ | | 28| 0|#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E ------------------ | Branch (86:13): [True: 0, False: 5.71k] ------------------ 87| 5.71k| *ATTR1 = data->ATTR1; \ 88| 5.71k| return 0; \ 89| 5.71k| } mbedtls_oid_get_oid_by_md: 113| 365| { \ 114| 365| const TYPE_T *cur = (LIST); \ 115| 365| while (cur->descriptor.asn1 != NULL) { \ ------------------ | Branch (115:16): [True: 365, False: 0] ------------------ 116| 365| if (cur->ATTR1 == (ATTR1)) { \ ------------------ | Branch (116:17): [True: 365, False: 0] ------------------ 117| 365| *oid = cur->descriptor.asn1; \ 118| 365| *olen = cur->descriptor.asn1_len; \ 119| 365| return 0; \ 120| 365| } \ 121| 365| cur++; \ 122| 0| } \ 123| 365| return MBEDTLS_ERR_OID_NOT_FOUND; \ ------------------ | | 28| 0|#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E ------------------ 124| 365| } oid.c:oid_x509_ext_from_asn1: 47| 40.2k| { \ 48| 40.2k| const TYPE_T *p = (LIST); \ 49| 40.2k| const mbedtls_oid_descriptor_t *cur = \ 50| 40.2k| (const mbedtls_oid_descriptor_t *) p; \ 51| 40.2k| if (p == NULL || oid == NULL) return NULL; \ ------------------ | Branch (51:13): [True: 0, False: 40.2k] | Branch (51:26): [True: 0, False: 40.2k] ------------------ 52| 174k| while (cur->asn1 != NULL) { \ ------------------ | Branch (52:16): [True: 169k, False: 5.35k] ------------------ 53| 169k| if (cur->asn1_len == oid->len && \ ------------------ | Branch (53:17): [True: 117k, False: 52.0k] ------------------ 54| 169k| memcmp(cur->asn1, oid->p, oid->len) == 0) { \ ------------------ | Branch (54:17): [True: 34.8k, False: 82.2k] ------------------ 55| 34.8k| return p; \ 56| 34.8k| } \ 57| 169k| p++; \ 58| 134k| cur = (const mbedtls_oid_descriptor_t *) p; \ 59| 134k| } \ 60| 40.2k| return NULL; \ 61| 40.2k| } oid.c:oid_sig_alg_from_asn1: 47| 7.73k| { \ 48| 7.73k| const TYPE_T *p = (LIST); \ 49| 7.73k| const mbedtls_oid_descriptor_t *cur = \ 50| 7.73k| (const mbedtls_oid_descriptor_t *) p; \ 51| 7.73k| if (p == NULL || oid == NULL) return NULL; \ ------------------ | Branch (51:13): [True: 0, False: 7.73k] | Branch (51:26): [True: 0, False: 7.73k] ------------------ 52| 24.8k| while (cur->asn1 != NULL) { \ ------------------ | Branch (52:16): [True: 24.8k, False: 0] ------------------ 53| 24.8k| if (cur->asn1_len == oid->len && \ ------------------ | Branch (53:17): [True: 7.73k, False: 17.1k] ------------------ 54| 24.8k| memcmp(cur->asn1, oid->p, oid->len) == 0) { \ ------------------ | Branch (54:17): [True: 7.73k, False: 0] ------------------ 55| 7.73k| return p; \ 56| 7.73k| } \ 57| 24.8k| p++; \ 58| 17.1k| cur = (const mbedtls_oid_descriptor_t *) p; \ 59| 17.1k| } \ 60| 7.73k| return NULL; \ 61| 7.73k| } oid.c:oid_pk_alg_from_asn1: 47| 7.85k| { \ 48| 7.85k| const TYPE_T *p = (LIST); \ 49| 7.85k| const mbedtls_oid_descriptor_t *cur = \ 50| 7.85k| (const mbedtls_oid_descriptor_t *) p; \ 51| 7.85k| if (p == NULL || oid == NULL) return NULL; \ ------------------ | Branch (51:13): [True: 0, False: 7.85k] | Branch (51:26): [True: 0, False: 7.85k] ------------------ 52| 13.5k| while (cur->asn1 != NULL) { \ ------------------ | Branch (52:16): [True: 13.5k, False: 0] ------------------ 53| 13.5k| if (cur->asn1_len == oid->len && \ ------------------ | Branch (53:17): [True: 7.85k, False: 5.71k] ------------------ 54| 13.5k| memcmp(cur->asn1, oid->p, oid->len) == 0) { \ ------------------ | Branch (54:17): [True: 7.85k, False: 0] ------------------ 55| 7.85k| return p; \ 56| 7.85k| } \ 57| 13.5k| p++; \ 58| 5.71k| cur = (const mbedtls_oid_descriptor_t *) p; \ 59| 5.71k| } \ 60| 7.85k| return NULL; \ 61| 7.85k| } oid.c:oid_grp_id_from_asn1: 47| 5.71k| { \ 48| 5.71k| const TYPE_T *p = (LIST); \ 49| 5.71k| const mbedtls_oid_descriptor_t *cur = \ 50| 5.71k| (const mbedtls_oid_descriptor_t *) p; \ 51| 5.71k| if (p == NULL || oid == NULL) return NULL; \ ------------------ | Branch (51:13): [True: 0, False: 5.71k] | Branch (51:26): [True: 0, False: 5.71k] ------------------ 52| 17.1k| while (cur->asn1 != NULL) { \ ------------------ | Branch (52:16): [True: 17.1k, False: 0] ------------------ 53| 17.1k| if (cur->asn1_len == oid->len && \ ------------------ | Branch (53:17): [True: 11.4k, False: 5.71k] ------------------ 54| 17.1k| memcmp(cur->asn1, oid->p, oid->len) == 0) { \ ------------------ | Branch (54:17): [True: 5.71k, False: 5.71k] ------------------ 55| 5.71k| return p; \ 56| 5.71k| } \ 57| 17.1k| p++; \ 58| 11.4k| cur = (const mbedtls_oid_descriptor_t *) p; \ 59| 11.4k| } \ 60| 5.71k| return NULL; \ 61| 5.71k| } mbedtls_pem_init: 39| 119|{ 40| 119| memset(ctx, 0, sizeof(mbedtls_pem_context)); 41| 119|} mbedtls_pem_read_buffer: 271| 357|{ 272| 357| int ret, enc; 273| 357| size_t len; 274| 357| unsigned char *buf; 275| 357| const unsigned char *s1, *s2, *end; 276| |#if defined(PEM_RFC1421) 277| | unsigned char pem_iv[16]; 278| | mbedtls_cipher_type_t enc_alg = MBEDTLS_CIPHER_NONE; 279| |#else 280| 357| ((void) pwd); 281| 357| ((void) pwdlen); 282| 357|#endif /* PEM_RFC1421 */ 283| | 284| 357| if (ctx == NULL) { ------------------ | Branch (284:9): [True: 0, False: 357] ------------------ 285| 0| return MBEDTLS_ERR_PEM_BAD_INPUT_DATA; ------------------ | | 41| 0|#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480 ------------------ 286| 0| } 287| | 288| 357| s1 = (unsigned char *) strstr((const char *) data, header); 289| | 290| 357| if (s1 == NULL) { ------------------ | Branch (290:9): [True: 238, False: 119] ------------------ 291| 238| return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ------------------ | | 25| 238|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ 292| 238| } 293| | 294| 119| s2 = (unsigned char *) strstr((const char *) data, footer); 295| | 296| 119| if (s2 == NULL || s2 <= s1) { ------------------ | Branch (296:9): [True: 0, False: 119] | Branch (296:23): [True: 0, False: 119] ------------------ 297| 0| return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ------------------ | | 25| 0|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ 298| 0| } 299| | 300| 119| s1 += strlen(header); 301| 119| if (*s1 == ' ') { ------------------ | Branch (301:9): [True: 0, False: 119] ------------------ 302| 0| s1++; 303| 0| } 304| 119| if (*s1 == '\r') { ------------------ | Branch (304:9): [True: 119, False: 0] ------------------ 305| 119| s1++; 306| 119| } 307| 119| if (*s1 == '\n') { ------------------ | Branch (307:9): [True: 119, False: 0] ------------------ 308| 119| s1++; 309| 119| } else { 310| 0| return MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ------------------ | | 25| 0|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ 311| 0| } 312| | 313| 119| end = s2; 314| 119| end += strlen(footer); 315| 119| if (*end == ' ') { ------------------ | Branch (315:9): [True: 0, False: 119] ------------------ 316| 0| end++; 317| 0| } 318| 119| if (*end == '\r') { ------------------ | Branch (318:9): [True: 119, False: 0] ------------------ 319| 119| end++; 320| 119| } 321| 119| if (*end == '\n') { ------------------ | Branch (321:9): [True: 119, False: 0] ------------------ 322| 119| end++; 323| 119| } 324| 119| *use_len = (size_t) (end - data); 325| | 326| 119| enc = 0; 327| | 328| 119| if (s2 - s1 >= 22 && memcmp(s1, "Proc-Type: 4,ENCRYPTED", 22) == 0) { ------------------ | Branch (328:9): [True: 119, False: 0] | Branch (328:26): [True: 0, False: 119] ------------------ 329| |#if defined(PEM_RFC1421) 330| | enc++; 331| | 332| | s1 += 22; 333| | if (*s1 == '\r') { 334| | s1++; 335| | } 336| | if (*s1 == '\n') { 337| | s1++; 338| | } else { 339| | return MBEDTLS_ERR_PEM_INVALID_DATA; 340| | } 341| | 342| | 343| |#if defined(MBEDTLS_DES_C) 344| | if (s2 - s1 >= 23 && memcmp(s1, "DEK-Info: DES-EDE3-CBC,", 23) == 0) { 345| | enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC; 346| | 347| | s1 += 23; 348| | if (s2 - s1 < 16 || pem_get_iv(s1, pem_iv, 8) != 0) { 349| | return MBEDTLS_ERR_PEM_INVALID_ENC_IV; 350| | } 351| | 352| | s1 += 16; 353| | } else if (s2 - s1 >= 18 && memcmp(s1, "DEK-Info: DES-CBC,", 18) == 0) { 354| | enc_alg = MBEDTLS_CIPHER_DES_CBC; 355| | 356| | s1 += 18; 357| | if (s2 - s1 < 16 || pem_get_iv(s1, pem_iv, 8) != 0) { 358| | return MBEDTLS_ERR_PEM_INVALID_ENC_IV; 359| | } 360| | 361| | s1 += 16; 362| | } 363| |#endif /* MBEDTLS_DES_C */ 364| | 365| |#if defined(MBEDTLS_AES_C) 366| | if (s2 - s1 >= 14 && memcmp(s1, "DEK-Info: AES-", 14) == 0) { 367| | if (s2 - s1 < 22) { 368| | return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG; 369| | } else if (memcmp(s1, "DEK-Info: AES-128-CBC,", 22) == 0) { 370| | enc_alg = MBEDTLS_CIPHER_AES_128_CBC; 371| | } else if (memcmp(s1, "DEK-Info: AES-192-CBC,", 22) == 0) { 372| | enc_alg = MBEDTLS_CIPHER_AES_192_CBC; 373| | } else if (memcmp(s1, "DEK-Info: AES-256-CBC,", 22) == 0) { 374| | enc_alg = MBEDTLS_CIPHER_AES_256_CBC; 375| | } else { 376| | return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG; 377| | } 378| | 379| | s1 += 22; 380| | if (s2 - s1 < 32 || pem_get_iv(s1, pem_iv, 16) != 0) { 381| | return MBEDTLS_ERR_PEM_INVALID_ENC_IV; 382| | } 383| | 384| | s1 += 32; 385| | } 386| |#endif /* MBEDTLS_AES_C */ 387| | 388| | if (enc_alg == MBEDTLS_CIPHER_NONE) { 389| | return MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG; 390| | } 391| | 392| | if (*s1 == '\r') { 393| | s1++; 394| | } 395| | if (*s1 == '\n') { 396| | s1++; 397| | } else { 398| | return MBEDTLS_ERR_PEM_INVALID_DATA; 399| | } 400| |#else 401| 0| return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE; ------------------ | | 39| 0|#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 ------------------ 402| 0|#endif /* PEM_RFC1421 */ 403| 0| } 404| | 405| 119| if (s1 >= s2) { ------------------ | Branch (405:9): [True: 0, False: 119] ------------------ 406| 0| return MBEDTLS_ERR_PEM_INVALID_DATA; ------------------ | | 27| 0|#define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100 ------------------ 407| 0| } 408| | 409| 119| ret = mbedtls_base64_decode(NULL, 0, &len, s1, (size_t) (s2 - s1)); 410| | 411| 119| if (ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER) { ------------------ | | 20| 119|#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C ------------------ | Branch (411:9): [True: 0, False: 119] ------------------ 412| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 413| 0| } 414| | 415| 119| if (len == 0) { ------------------ | Branch (415:9): [True: 0, False: 119] ------------------ 416| 0| return MBEDTLS_ERR_PEM_BAD_INPUT_DATA; ------------------ | | 41| 0|#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480 ------------------ 417| 0| } 418| | 419| 119| if ((buf = mbedtls_calloc(1, len)) == NULL) { ------------------ | | 144| 119|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 119|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ | Branch (419:9): [True: 0, False: 119] ------------------ 420| 0| return MBEDTLS_ERR_PEM_ALLOC_FAILED; ------------------ | | 29| 0|#define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180 ------------------ 421| 0| } 422| | 423| 119| if ((ret = mbedtls_base64_decode(buf, len, &len, s1, (size_t) (s2 - s1))) != 0) { ------------------ | Branch (423:9): [True: 0, False: 119] ------------------ 424| 0| mbedtls_zeroize_and_free(buf, len); 425| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 426| 0| } 427| | 428| 119| if (enc != 0) { ------------------ | Branch (428:9): [True: 0, False: 119] ------------------ 429| |#if defined(PEM_RFC1421) 430| | if (pwd == NULL) { 431| | mbedtls_zeroize_and_free(buf, len); 432| | return MBEDTLS_ERR_PEM_PASSWORD_REQUIRED; 433| | } 434| | 435| | ret = 0; 436| | 437| |#if defined(MBEDTLS_DES_C) 438| | if (enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC) { 439| | ret = pem_des3_decrypt(pem_iv, buf, len, pwd, pwdlen); 440| | } else if (enc_alg == MBEDTLS_CIPHER_DES_CBC) { 441| | ret = pem_des_decrypt(pem_iv, buf, len, pwd, pwdlen); 442| | } 443| |#endif /* MBEDTLS_DES_C */ 444| | 445| |#if defined(MBEDTLS_AES_C) 446| | if (enc_alg == MBEDTLS_CIPHER_AES_128_CBC) { 447| | ret = pem_aes_decrypt(pem_iv, 16, buf, len, pwd, pwdlen); 448| | } else if (enc_alg == MBEDTLS_CIPHER_AES_192_CBC) { 449| | ret = pem_aes_decrypt(pem_iv, 24, buf, len, pwd, pwdlen); 450| | } else if (enc_alg == MBEDTLS_CIPHER_AES_256_CBC) { 451| | ret = pem_aes_decrypt(pem_iv, 32, buf, len, pwd, pwdlen); 452| | } 453| |#endif /* MBEDTLS_AES_C */ 454| | 455| | if (ret != 0) { 456| | mbedtls_zeroize_and_free(buf, len); 457| | return ret; 458| | } 459| | 460| | /* Check PKCS padding and update data length based on padding info. 461| | * This can be used to detect invalid padding data and password 462| | * mismatches. */ 463| | size_t unpadded_len; 464| | ret = pem_check_pkcs_padding(buf, len, &unpadded_len); 465| | if (ret != 0) { 466| | mbedtls_zeroize_and_free(buf, len); 467| | return ret; 468| | } 469| | len = unpadded_len; 470| |#else 471| 0| mbedtls_zeroize_and_free(buf, len); 472| 0| return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE; ------------------ | | 39| 0|#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400 ------------------ 473| 0|#endif /* PEM_RFC1421 */ 474| 0| } 475| | 476| 119| ctx->buf = buf; 477| 119| ctx->buflen = len; 478| | 479| 119| return 0; 480| 119|} mbedtls_pem_free: 483| 119|{ 484| 119| if (ctx == NULL) { ------------------ | Branch (484:9): [True: 0, False: 119] ------------------ 485| 0| return; 486| 0| } 487| | 488| 119| if (ctx->buf != NULL) { ------------------ | Branch (488:9): [True: 119, False: 0] ------------------ 489| 119| mbedtls_zeroize_and_free(ctx->buf, ctx->buflen); 490| 119| } 491| 119| mbedtls_free(ctx->info); ------------------ | | 143| 119|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 119|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 492| | 493| 119| mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pem_context)); 494| 119|} mbedtls_pk_init: 46| 119|{ 47| 119| ctx->pk_info = NULL; 48| 119| ctx->pk_ctx = NULL; 49| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 50| | ctx->priv_id = MBEDTLS_SVC_KEY_ID_INIT; 51| |#endif /* MBEDTLS_USE_PSA_CRYPTO */ 52| |#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 53| | memset(ctx->pub_raw, 0, sizeof(ctx->pub_raw)); 54| | ctx->pub_raw_len = 0; 55| | ctx->ec_family = 0; 56| | ctx->ec_bits = 0; 57| |#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ 58| 119|} mbedtls_pk_free: 64| 7.85k|{ 65| 7.85k| if (ctx == NULL) { ------------------ | Branch (65:9): [True: 0, False: 7.85k] ------------------ 66| 0| return; 67| 0| } 68| | 69| 7.85k| if ((ctx->pk_info != NULL) && (ctx->pk_info->ctx_free_func != NULL)) { ------------------ | Branch (69:9): [True: 7.85k, False: 0] | Branch (69:35): [True: 7.85k, False: 0] ------------------ 70| 7.85k| ctx->pk_info->ctx_free_func(ctx->pk_ctx); 71| 7.85k| } 72| | 73| |#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 74| | /* The ownership of the priv_id key for opaque keys is external of the PK 75| | * module. It's the user responsibility to clear it after use. */ 76| | if ((ctx->pk_info != NULL) && (ctx->pk_info->type != MBEDTLS_PK_OPAQUE)) { 77| | psa_destroy_key(ctx->priv_id); 78| | } 79| |#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ 80| | 81| 7.85k| mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pk_context)); 82| 7.85k|} mbedtls_pk_info_from_type: 115| 7.85k|{ 116| 7.85k| switch (pk_type) { 117| 0|#if defined(MBEDTLS_RSA_C) 118| 2.14k| case MBEDTLS_PK_RSA: ------------------ | Branch (118:9): [True: 2.14k, False: 5.71k] ------------------ 119| 2.14k| return &mbedtls_rsa_info; 120| 0|#endif /* MBEDTLS_RSA_C */ 121| 0|#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 122| 5.71k| case MBEDTLS_PK_ECKEY: ------------------ | Branch (122:9): [True: 5.71k, False: 2.14k] ------------------ 123| 5.71k| return &mbedtls_eckey_info; 124| 0| case MBEDTLS_PK_ECKEY_DH: ------------------ | Branch (124:9): [True: 0, False: 7.85k] ------------------ 125| 0| return &mbedtls_eckeydh_info; 126| 0|#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 127| 0|#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) 128| 0| case MBEDTLS_PK_ECDSA: ------------------ | Branch (128:9): [True: 0, False: 7.85k] ------------------ 129| 0| return &mbedtls_ecdsa_info; 130| 0|#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */ 131| | /* MBEDTLS_PK_RSA_ALT omitted on purpose */ 132| 0| default: ------------------ | Branch (132:9): [True: 0, False: 7.85k] ------------------ 133| 0| return NULL; 134| 7.85k| } 135| 7.85k|} mbedtls_pk_setup: 141| 7.85k|{ 142| 7.85k| if (info == NULL || ctx->pk_info != NULL) { ------------------ | Branch (142:9): [True: 0, False: 7.85k] | Branch (142:25): [True: 0, False: 7.85k] ------------------ 143| 0| return MBEDTLS_ERR_PK_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 ------------------ 144| 0| } 145| | 146| 7.85k| if ((info->ctx_alloc_func != NULL) && ------------------ | Branch (146:9): [True: 7.85k, False: 0] ------------------ 147| 7.85k| ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL)) { ------------------ | Branch (147:9): [True: 0, False: 7.85k] ------------------ 148| 0| return MBEDTLS_ERR_PK_ALLOC_FAILED; ------------------ | | 36| 0|#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 ------------------ 149| 0| } 150| | 151| 7.85k| ctx->pk_info = info; 152| | 153| 7.85k| return 0; 154| 7.85k|} mbedtls_pk_can_do: 232| 1.90k|{ 233| | /* A context with null pk_info is not set up yet and can't do anything. 234| | * For backward compatibility, also accept NULL instead of a context 235| | * pointer. */ 236| 1.90k| if (ctx == NULL || ctx->pk_info == NULL) { ------------------ | Branch (236:9): [True: 0, False: 1.90k] | Branch (236:24): [True: 0, False: 1.90k] ------------------ 237| 0| return 0; 238| 0| } 239| | 240| 1.90k| return ctx->pk_info->can_do(type); 241| 1.90k|} mbedtls_pk_verify_restartable: 1047| 952|{ 1048| 952| if ((md_alg != MBEDTLS_MD_NONE || hash_len != 0) && hash == NULL) { ------------------ | Branch (1048:10): [True: 952, False: 0] | Branch (1048:39): [True: 0, False: 0] | Branch (1048:57): [True: 0, False: 952] ------------------ 1049| 0| return MBEDTLS_ERR_PK_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 ------------------ 1050| 0| } 1051| | 1052| 952| if (ctx->pk_info == NULL || ------------------ | Branch (1052:9): [True: 0, False: 952] ------------------ 1053| 952| pk_hashlen_helper(md_alg, &hash_len) != 0) { ------------------ | Branch (1053:9): [True: 0, False: 952] ------------------ 1054| 0| return MBEDTLS_ERR_PK_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 ------------------ 1055| 0| } 1056| | 1057| 952|#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 1058| | /* optimization: use non-restartable version if restart disabled */ 1059| 952| if (rs_ctx != NULL && ------------------ | Branch (1059:9): [True: 0, False: 952] ------------------ 1060| 952| mbedtls_ecp_restart_is_enabled() && ------------------ | Branch (1060:9): [True: 0, False: 0] ------------------ 1061| 952| ctx->pk_info->verify_rs_func != NULL) { ------------------ | Branch (1061:9): [True: 0, False: 0] ------------------ 1062| 0| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 0|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1063| | 1064| 0| if ((ret = pk_restart_setup(rs_ctx, ctx->pk_info)) != 0) { ------------------ | Branch (1064:13): [True: 0, False: 0] ------------------ 1065| 0| return ret; 1066| 0| } 1067| | 1068| 0| ret = ctx->pk_info->verify_rs_func(ctx, 1069| 0| md_alg, hash, hash_len, sig, sig_len, rs_ctx->rs_ctx); 1070| | 1071| 0| if (ret != MBEDTLS_ERR_ECP_IN_PROGRESS) { ------------------ | | 51| 0|#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 ------------------ | Branch (1071:13): [True: 0, False: 0] ------------------ 1072| 0| mbedtls_pk_restart_free(rs_ctx); 1073| 0| } 1074| | 1075| 0| return ret; 1076| 0| } 1077| |#else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 1078| | (void) rs_ctx; 1079| |#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 1080| | 1081| 952| if (ctx->pk_info->verify_func == NULL) { ------------------ | Branch (1081:9): [True: 0, False: 952] ------------------ 1082| 0| return MBEDTLS_ERR_PK_TYPE_MISMATCH; ------------------ | | 38| 0|#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 ------------------ 1083| 0| } 1084| | 1085| 952| return ctx->pk_info->verify_func(ctx, md_alg, hash, hash_len, 1086| 952| sig, sig_len); 1087| 952|} mbedtls_pk_verify: 1095| 952|{ 1096| 952| return mbedtls_pk_verify_restartable(ctx, md_alg, hash, hash_len, 1097| 952| sig, sig_len, NULL); 1098| 952|} mbedtls_pk_verify_ext: 1107| 952|{ 1108| 952| if ((md_alg != MBEDTLS_MD_NONE || hash_len != 0) && hash == NULL) { ------------------ | Branch (1108:10): [True: 952, False: 0] | Branch (1108:39): [True: 0, False: 0] | Branch (1108:57): [True: 0, False: 952] ------------------ 1109| 0| return MBEDTLS_ERR_PK_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 ------------------ 1110| 0| } 1111| | 1112| 952| if (ctx->pk_info == NULL) { ------------------ | Branch (1112:9): [True: 0, False: 952] ------------------ 1113| 0| return MBEDTLS_ERR_PK_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 ------------------ 1114| 0| } 1115| | 1116| 952| if (!mbedtls_pk_can_do(ctx, type)) { ------------------ | Branch (1116:9): [True: 0, False: 952] ------------------ 1117| 0| return MBEDTLS_ERR_PK_TYPE_MISMATCH; ------------------ | | 38| 0|#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 ------------------ 1118| 0| } 1119| | 1120| 952| if (type != MBEDTLS_PK_RSASSA_PSS) { ------------------ | Branch (1120:9): [True: 952, False: 0] ------------------ 1121| | /* General case: no options */ 1122| 952| if (options != NULL) { ------------------ | Branch (1122:13): [True: 0, False: 952] ------------------ 1123| 0| return MBEDTLS_ERR_PK_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 ------------------ 1124| 0| } 1125| | 1126| 952| return mbedtls_pk_verify(ctx, md_alg, hash, hash_len, sig, sig_len); 1127| 952| } 1128| | 1129| | /* Ensure the PK context is of the right type otherwise mbedtls_pk_rsa() 1130| | * below would return a NULL pointer. */ 1131| 0| if (mbedtls_pk_get_type(ctx) != MBEDTLS_PK_RSA) { ------------------ | Branch (1131:9): [True: 0, False: 0] ------------------ 1132| 0| return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; ------------------ | | 60| 0|#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980 ------------------ 1133| 0| } 1134| | 1135| 0|#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) 1136| 0| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 0|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1137| 0| const mbedtls_pk_rsassa_pss_options *pss_opts; 1138| | 1139| 0|#if SIZE_MAX > UINT_MAX 1140| 0| if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { ------------------ | Branch (1140:9): [True: 0, False: 0] | Branch (1140:38): [True: 0, False: 0] ------------------ 1141| 0| return MBEDTLS_ERR_PK_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 ------------------ 1142| 0| } 1143| 0|#endif 1144| | 1145| 0| if (options == NULL) { ------------------ | Branch (1145:9): [True: 0, False: 0] ------------------ 1146| 0| return MBEDTLS_ERR_PK_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 ------------------ 1147| 0| } 1148| | 1149| 0| pss_opts = (const mbedtls_pk_rsassa_pss_options *) options; 1150| | 1151| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 1152| | if (pss_opts->mgf1_hash_id == md_alg) { 1153| | unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES]; 1154| | unsigned char *p; 1155| | int key_len; 1156| | size_t signature_length; 1157| | psa_status_t status = PSA_ERROR_DATA_CORRUPT; 1158| | psa_status_t destruction_status = PSA_ERROR_DATA_CORRUPT; 1159| | 1160| | psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); 1161| | mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; 1162| | psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; 1163| | psa_algorithm_t psa_sig_alg = PSA_ALG_RSA_PSS_ANY_SALT(psa_md_alg); 1164| | p = buf + sizeof(buf); 1165| | key_len = mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(*ctx), buf, &p); 1166| | 1167| | if (key_len < 0) { 1168| | return key_len; 1169| | } 1170| | 1171| | psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY); 1172| | psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); 1173| | psa_set_key_algorithm(&attributes, psa_sig_alg); 1174| | 1175| | status = psa_import_key(&attributes, 1176| | buf + sizeof(buf) - key_len, key_len, 1177| | &key_id); 1178| | if (status != PSA_SUCCESS) { 1179| | psa_destroy_key(key_id); 1180| | return PSA_PK_TO_MBEDTLS_ERR(status); 1181| | } 1182| | 1183| | /* This function requires returning MBEDTLS_ERR_PK_SIG_LEN_MISMATCH 1184| | * on a valid signature with trailing data in a buffer, but 1185| | * mbedtls_psa_rsa_verify_hash requires the sig_len to be exact, 1186| | * so for this reason the passed sig_len is overwritten. Smaller 1187| | * signature lengths should not be accepted for verification. */ 1188| | signature_length = sig_len > mbedtls_pk_get_len(ctx) ? 1189| | mbedtls_pk_get_len(ctx) : sig_len; 1190| | status = psa_verify_hash(key_id, psa_sig_alg, hash, 1191| | hash_len, sig, signature_length); 1192| | destruction_status = psa_destroy_key(key_id); 1193| | 1194| | if (status == PSA_SUCCESS && sig_len > mbedtls_pk_get_len(ctx)) { 1195| | return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH; 1196| | } 1197| | 1198| | if (status == PSA_SUCCESS) { 1199| | status = destruction_status; 1200| | } 1201| | 1202| | return PSA_PK_RSA_TO_MBEDTLS_ERR(status); 1203| | } else 1204| |#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1205| 0| { 1206| 0| if (sig_len < mbedtls_pk_get_len(ctx)) { ------------------ | Branch (1206:13): [True: 0, False: 0] ------------------ 1207| 0| return MBEDTLS_ERR_RSA_VERIFY_FAILED; ------------------ | | 45| 0|#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 ------------------ 1208| 0| } 1209| | 1210| 0| ret = mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_pk_rsa(*ctx), 1211| 0| md_alg, (unsigned int) hash_len, hash, 1212| 0| pss_opts->mgf1_hash_id, 1213| 0| pss_opts->expected_salt_len, 1214| 0| sig); 1215| 0| if (ret != 0) { ------------------ | Branch (1215:13): [True: 0, False: 0] ------------------ 1216| 0| return ret; 1217| 0| } 1218| | 1219| 0| if (sig_len > mbedtls_pk_get_len(ctx)) { ------------------ | Branch (1219:13): [True: 0, False: 0] ------------------ 1220| 0| return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH; ------------------ | | 62| 0|#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 ------------------ 1221| 0| } 1222| | 1223| 0| return 0; 1224| 0| } 1225| |#else 1226| | return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; 1227| |#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ 1228| 0|} mbedtls_pk_get_bitlen: 1456| 595|{ 1457| | /* For backward compatibility, accept NULL or a context that 1458| | * isn't set up yet, and return a fake value that should be safe. */ 1459| 595| if (ctx == NULL || ctx->pk_info == NULL) { ------------------ | Branch (1459:9): [True: 0, False: 595] | Branch (1459:24): [True: 0, False: 595] ------------------ 1460| 0| return 0; 1461| 0| } 1462| | 1463| 595| return ctx->pk_info->get_bitlen((mbedtls_pk_context *) ctx); 1464| 595|} mbedtls_pk_get_type: 1499| 20.5k|{ 1500| 20.5k| if (ctx == NULL || ctx->pk_info == NULL) { ------------------ | Branch (1500:9): [True: 0, False: 20.5k] | Branch (1500:24): [True: 0, False: 20.5k] ------------------ 1501| 0| return MBEDTLS_PK_NONE; 1502| 0| } 1503| | 1504| 20.5k| return ctx->pk_info->type; 1505| 20.5k|} pk.c:pk_hashlen_helper: 998| 952|{ 999| 952| if (*hash_len != 0) { ------------------ | Branch (999:9): [True: 952, False: 0] ------------------ 1000| 952| return 0; 1001| 952| } 1002| | 1003| 0| *hash_len = mbedtls_md_get_size_from_type(md_alg); 1004| | 1005| 0| if (*hash_len == 0) { ------------------ | Branch (1005:9): [True: 0, False: 0] ------------------ 1006| 0| return -1; 1007| 0| } 1008| | 1009| 0| return 0; 1010| 0|} mbedtls_pk_ecc_set_group: 18| 5.71k|{ 19| |#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 20| | size_t ec_bits; 21| | psa_ecc_family_t ec_family = mbedtls_ecc_group_to_psa(grp_id, &ec_bits); 22| | 23| | /* group may already be initialized; if so, make sure IDs match */ 24| | if ((pk->ec_family != 0 && pk->ec_family != ec_family) || 25| | (pk->ec_bits != 0 && pk->ec_bits != ec_bits)) { 26| | return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; 27| | } 28| | 29| | /* set group */ 30| | pk->ec_family = ec_family; 31| | pk->ec_bits = ec_bits; 32| | 33| | return 0; 34| |#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ 35| 5.71k| mbedtls_ecp_keypair *ecp = mbedtls_pk_ec_rw(*pk); 36| | 37| | /* grp may already be initialized; if so, make sure IDs match */ 38| 5.71k| if (mbedtls_pk_ec_ro(*pk)->grp.id != MBEDTLS_ECP_DP_NONE && ------------------ | Branch (38:9): [True: 0, False: 5.71k] ------------------ 39| 5.71k| mbedtls_pk_ec_ro(*pk)->grp.id != grp_id) { ------------------ | Branch (39:9): [True: 0, False: 0] ------------------ 40| 0| return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; ------------------ | | 46| 0|#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 ------------------ 41| 0| } 42| | 43| | /* set group */ 44| 5.71k| return mbedtls_ecp_group_load(&(ecp->grp), grp_id); 45| 5.71k|#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ 46| 5.71k|} mbedtls_pk_ecc_set_pubkey: 205| 5.71k|{ 206| |#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 207| | 208| | /* Load the key */ 209| | if (!PSA_ECC_FAMILY_IS_WEIERSTRASS(pk->ec_family) || *pub == 0x04) { 210| | /* Format directly supported by PSA: 211| | * - non-Weierstrass curves that only have one format; 212| | * - uncompressed format for Weierstrass curves. */ 213| | if (pub_len > sizeof(pk->pub_raw)) { 214| | return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; 215| | } 216| | memcpy(pk->pub_raw, pub, pub_len); 217| | pk->pub_raw_len = pub_len; 218| | } else { 219| | /* Other format, try the fallback */ 220| | int ret = pk_ecc_set_pubkey_psa_ecp_fallback(pk, pub, pub_len); 221| | if (ret != 0) { 222| | return ret; 223| | } 224| | } 225| | 226| | /* Validate the key by trying to import it */ 227| | mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; 228| | psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT; 229| | 230| | psa_set_key_usage_flags(&key_attrs, 0); 231| | psa_set_key_type(&key_attrs, PSA_KEY_TYPE_ECC_PUBLIC_KEY(pk->ec_family)); 232| | psa_set_key_bits(&key_attrs, pk->ec_bits); 233| | 234| | if ((psa_import_key(&key_attrs, pk->pub_raw, pk->pub_raw_len, 235| | &key_id) != PSA_SUCCESS) || 236| | (psa_destroy_key(key_id) != PSA_SUCCESS)) { 237| | return MBEDTLS_ERR_PK_INVALID_PUBKEY; 238| | } 239| | 240| | return 0; 241| | 242| |#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ 243| | 244| 5.71k| int ret; 245| 5.71k| mbedtls_ecp_keypair *ec_key = (mbedtls_ecp_keypair *) pk->pk_ctx; 246| 5.71k| ret = mbedtls_ecp_point_read_binary(&ec_key->grp, &ec_key->Q, pub, pub_len); 247| 5.71k| if (ret != 0) { ------------------ | Branch (247:9): [True: 0, False: 5.71k] ------------------ 248| 0| return ret; 249| 0| } 250| 5.71k| return mbedtls_ecp_check_pubkey(&ec_key->grp, &ec_key->Q); 251| | 252| 5.71k|#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ 253| 5.71k|} x509_crt.c:mbedtls_pk_get_ec_group_id: 87| 1.78k|{ 88| 1.78k| mbedtls_ecp_group_id id; 89| | 90| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 91| | if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { 92| | psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT; 93| | psa_key_type_t opaque_key_type; 94| | psa_ecc_family_t curve; 95| | 96| | if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) { 97| | return MBEDTLS_ECP_DP_NONE; 98| | } 99| | opaque_key_type = psa_get_key_type(&opaque_attrs); 100| | curve = PSA_KEY_TYPE_ECC_GET_FAMILY(opaque_key_type); 101| | id = mbedtls_ecc_group_from_psa(curve, psa_get_key_bits(&opaque_attrs)); 102| | psa_reset_key_attributes(&opaque_attrs); 103| | } else 104| |#endif /* MBEDTLS_USE_PSA_CRYPTO */ 105| 1.78k| { 106| |#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) 107| | id = mbedtls_ecc_group_from_psa(pk->ec_family, pk->ec_bits); 108| |#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ 109| 1.78k| id = mbedtls_pk_ec_ro(*pk)->grp.id; 110| 1.78k|#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ 111| 1.78k| } 112| | 113| 1.78k| return id; 114| 1.78k|} x509_crt.c:mbedtls_pk_ec_ro: 61| 1.78k|{ 62| 1.78k| switch (mbedtls_pk_get_type(&pk)) { 63| 1.78k| case MBEDTLS_PK_ECKEY: ------------------ | Branch (63:9): [True: 1.78k, False: 0] ------------------ 64| 1.78k| case MBEDTLS_PK_ECKEY_DH: ------------------ | Branch (64:9): [True: 0, False: 1.78k] ------------------ 65| 1.78k| case MBEDTLS_PK_ECDSA: ------------------ | Branch (65:9): [True: 0, False: 1.78k] ------------------ 66| 1.78k| return (const mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx); ------------------ | | 17| 1.78k|#define MBEDTLS_PRIVATE(member) member ------------------ 67| 0| default: ------------------ | Branch (67:9): [True: 0, False: 1.78k] ------------------ 68| 0| return NULL; 69| 1.78k| } 70| 1.78k|} pk_ecc.c:mbedtls_pk_ec_rw: 73| 5.71k|{ 74| 5.71k| switch (mbedtls_pk_get_type(&pk)) { 75| 5.71k| case MBEDTLS_PK_ECKEY: ------------------ | Branch (75:9): [True: 5.71k, False: 0] ------------------ 76| 5.71k| case MBEDTLS_PK_ECKEY_DH: ------------------ | Branch (76:9): [True: 0, False: 5.71k] ------------------ 77| 5.71k| case MBEDTLS_PK_ECDSA: ------------------ | Branch (77:9): [True: 0, False: 5.71k] ------------------ 78| 5.71k| return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx); ------------------ | | 17| 5.71k|#define MBEDTLS_PRIVATE(member) member ------------------ 79| 0| default: ------------------ | Branch (79:9): [True: 0, False: 5.71k] ------------------ 80| 0| return NULL; 81| 5.71k| } 82| 5.71k|} pk_ecc.c:mbedtls_pk_ec_ro: 61| 5.71k|{ 62| 5.71k| switch (mbedtls_pk_get_type(&pk)) { 63| 5.71k| case MBEDTLS_PK_ECKEY: ------------------ | Branch (63:9): [True: 5.71k, False: 0] ------------------ 64| 5.71k| case MBEDTLS_PK_ECKEY_DH: ------------------ | Branch (64:9): [True: 0, False: 5.71k] ------------------ 65| 5.71k| case MBEDTLS_PK_ECDSA: ------------------ | Branch (65:9): [True: 0, False: 5.71k] ------------------ 66| 5.71k| return (const mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx); ------------------ | | 17| 5.71k|#define MBEDTLS_PRIVATE(member) member ------------------ 67| 0| default: ------------------ | Branch (67:9): [True: 0, False: 5.71k] ------------------ 68| 0| return NULL; 69| 5.71k| } 70| 5.71k|} pk_wrap.c:rsa_get_bitlen: 59| 595|{ 60| 595| const mbedtls_rsa_context *rsa = (const mbedtls_rsa_context *) pk->pk_ctx; 61| 595| return mbedtls_rsa_get_bitlen(rsa); 62| 595|} pk_wrap.c:rsa_can_do: 53| 476|{ 54| 476| return type == MBEDTLS_PK_RSA || ------------------ | Branch (54:12): [True: 476, False: 0] ------------------ 55| 476| type == MBEDTLS_PK_RSASSA_PSS; ------------------ | Branch (55:12): [True: 0, False: 0] ------------------ 56| 476|} pk_wrap.c:rsa_verify_wrap: 133| 238|{ 134| 238| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 238|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 135| 238| mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx; 136| 238| size_t rsa_len = mbedtls_rsa_get_len(rsa); 137| | 138| 238|#if SIZE_MAX > UINT_MAX 139| 238| if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { ------------------ | Branch (139:9): [True: 0, False: 238] | Branch (139:38): [True: 0, False: 0] ------------------ 140| 0| return MBEDTLS_ERR_PK_BAD_INPUT_DATA; ------------------ | | 40| 0|#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80 ------------------ 141| 0| } 142| 238|#endif 143| | 144| 238| if (sig_len < rsa_len) { ------------------ | Branch (144:9): [True: 0, False: 238] ------------------ 145| 0| return MBEDTLS_ERR_RSA_VERIFY_FAILED; ------------------ | | 45| 0|#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 ------------------ 146| 0| } 147| | 148| 238| if ((ret = mbedtls_rsa_pkcs1_verify(rsa, md_alg, ------------------ | Branch (148:9): [True: 0, False: 238] ------------------ 149| 238| (unsigned int) hash_len, 150| 238| hash, sig)) != 0) { 151| 0| return ret; 152| 0| } 153| | 154| | /* The buffer contains a valid signature followed by extra data. 155| | * We have a special error code for that so that so that callers can 156| | * use mbedtls_pk_verify() to check "Does the buffer start with a 157| | * valid signature?" and not just "Does the buffer contain a valid 158| | * signature?". */ 159| 238| if (sig_len > rsa_len) { ------------------ | Branch (159:9): [True: 0, False: 238] ------------------ 160| 0| return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH; ------------------ | | 62| 0|#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 ------------------ 161| 0| } 162| | 163| 238| return 0; 164| 238|} pk_wrap.c:rsa_alloc_wrap: 455| 2.14k|{ 456| 2.14k| void *ctx = mbedtls_calloc(1, sizeof(mbedtls_rsa_context)); ------------------ | | 144| 2.14k|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 2.14k|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ 457| | 458| 2.14k| if (ctx != NULL) { ------------------ | Branch (458:9): [True: 2.14k, False: 0] ------------------ 459| 2.14k| mbedtls_rsa_init((mbedtls_rsa_context *) ctx); 460| 2.14k| } 461| | 462| 2.14k| return ctx; 463| 2.14k|} pk_wrap.c:rsa_free_wrap: 466| 2.14k|{ 467| 2.14k| mbedtls_rsa_free((mbedtls_rsa_context *) ctx); 468| 2.14k| mbedtls_free(ctx); ------------------ | | 143| 2.14k|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 2.14k|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 469| 2.14k|} pk_wrap.c:eckey_can_do: 519| 1.42k|{ 520| 1.42k| return type == MBEDTLS_PK_ECKEY || ------------------ | Branch (520:12): [True: 0, False: 1.42k] ------------------ 521| 1.42k| type == MBEDTLS_PK_ECKEY_DH || ------------------ | Branch (521:12): [True: 0, False: 1.42k] ------------------ 522| 1.42k| type == MBEDTLS_PK_ECDSA; ------------------ | Branch (522:12): [True: 1.42k, False: 0] ------------------ 523| 1.42k|} pk_wrap.c:ecdsa_verify_wrap: 674| 714|{ 675| 714| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 714|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 676| 714| ((void) md_alg); 677| | 678| 714| ret = mbedtls_ecdsa_read_signature((mbedtls_ecdsa_context *) pk->pk_ctx, 679| 714| hash, hash_len, sig, sig_len); 680| | 681| 714| if (ret == MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH) { ------------------ | | 49| 714|#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 ------------------ | Branch (681:9): [True: 0, False: 714] ------------------ 682| 0| return MBEDTLS_ERR_PK_SIG_LEN_MISMATCH; ------------------ | | 62| 0|#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900 ------------------ 683| 0| } 684| | 685| 714| return ret; 686| 714|} pk_wrap.c:eckey_alloc_wrap: 1082| 5.71k|{ 1083| 5.71k| void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair)); ------------------ | | 144| 5.71k|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 5.71k|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ 1084| | 1085| 5.71k| if (ctx != NULL) { ------------------ | Branch (1085:9): [True: 5.71k, False: 0] ------------------ 1086| 5.71k| mbedtls_ecp_keypair_init(ctx); 1087| 5.71k| } 1088| | 1089| 5.71k| return ctx; 1090| 5.71k|} pk_wrap.c:eckey_free_wrap: 1093| 5.71k|{ 1094| 5.71k| mbedtls_ecp_keypair_free((mbedtls_ecp_keypair *) ctx); 1095| 5.71k| mbedtls_free(ctx); ------------------ | | 143| 5.71k|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 5.71k|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 1096| 5.71k|} mbedtls_pk_parse_subpubkey: 519| 7.73k|{ 520| 7.73k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.73k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 521| 7.73k| size_t len; 522| 7.73k| mbedtls_asn1_buf alg_params; 523| 7.73k| mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; 524| 7.73k| mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE; 525| 7.73k| const mbedtls_pk_info_t *pk_info; 526| | 527| 7.73k| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (527:9): [True: 0, False: 7.73k] ------------------ 528| 7.73k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 7.73k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 7.73k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 529| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 530| 0| } 531| | 532| 7.73k| end = *p + len; 533| | 534| 7.73k| if ((ret = pk_get_pk_alg(p, end, &pk_alg, &alg_params, &ec_grp_id)) != 0) { ------------------ | Branch (534:9): [True: 0, False: 7.73k] ------------------ 535| 0| return ret; 536| 0| } 537| | 538| 7.73k| if ((ret = mbedtls_asn1_get_bitstring_null(p, end, &len)) != 0) { ------------------ | Branch (538:9): [True: 0, False: 7.73k] ------------------ 539| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 540| 0| } 541| | 542| 7.73k| if (*p + len != end) { ------------------ | Branch (542:9): [True: 0, False: 7.73k] ------------------ 543| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 544| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 545| 0| } 546| | 547| 7.73k| if ((pk_info = mbedtls_pk_info_from_type(pk_alg)) == NULL) { ------------------ | Branch (547:9): [True: 0, False: 7.73k] ------------------ 548| 0| return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; ------------------ | | 48| 0|#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 ------------------ 549| 0| } 550| | 551| 7.73k| if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0) { ------------------ | Branch (551:9): [True: 0, False: 7.73k] ------------------ 552| 0| return ret; 553| 0| } 554| | 555| 7.73k|#if defined(MBEDTLS_RSA_C) 556| 7.73k| if (pk_alg == MBEDTLS_PK_RSA) { ------------------ | Branch (556:9): [True: 2.02k, False: 5.71k] ------------------ 557| 2.02k| ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*pk), *p, (size_t) (end - *p)); 558| 2.02k| if (ret == 0) { ------------------ | Branch (558:13): [True: 2.02k, False: 0] ------------------ 559| | /* On success all the input has been consumed by the parsing function. */ 560| 2.02k| *p += end - *p; 561| 2.02k| } else if ((ret <= MBEDTLS_ERR_ASN1_OUT_OF_DATA) && ------------------ | | 37| 0|#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060 ------------------ | Branch (561:20): [True: 0, False: 0] ------------------ 562| 0| (ret >= MBEDTLS_ERR_ASN1_BUF_TOO_SMALL)) { ------------------ | | 49| 0|#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C ------------------ | Branch (562:20): [True: 0, False: 0] ------------------ 563| | /* In case of ASN1 error codes add MBEDTLS_ERR_PK_INVALID_PUBKEY. */ 564| 0| ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 565| 0| } else { 566| 0| ret = MBEDTLS_ERR_PK_INVALID_PUBKEY; ------------------ | | 54| 0|#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00 ------------------ 567| 0| } 568| 2.02k| } else 569| 5.71k|#endif /* MBEDTLS_RSA_C */ 570| 5.71k|#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 571| 5.71k| if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) { ------------------ | Branch (571:9): [True: 0, False: 5.71k] | Branch (571:42): [True: 5.71k, False: 0] ------------------ 572| 5.71k|#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) 573| 5.71k| if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { ------------------ | | 122| 5.71k| ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448)) | | ------------------ | | | Branch (122:6): [True: 0, False: 5.71k] | | | Branch (122:43): [True: 0, False: 5.71k] | | ------------------ ------------------ 574| 0| ret = pk_use_ecparams_rfc8410(&alg_params, ec_grp_id, pk); 575| 0| } else 576| 5.71k|#endif 577| 5.71k| { 578| 5.71k| ret = pk_use_ecparams(&alg_params, pk); 579| 5.71k| } 580| 5.71k| if (ret == 0) { ------------------ | Branch (580:13): [True: 5.71k, False: 0] ------------------ 581| 5.71k| ret = mbedtls_pk_ecc_set_pubkey(pk, *p, (size_t) (end - *p)); 582| 5.71k| *p += end - *p; 583| 5.71k| } 584| 5.71k| } else 585| 0|#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 586| 0| ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; ------------------ | | 48| 0|#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 ------------------ 587| | 588| 7.73k| if (ret == 0 && *p != end) { ------------------ | Branch (588:9): [True: 7.73k, False: 0] | Branch (588:21): [True: 0, False: 7.73k] ------------------ 589| 0| ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 590| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 591| 0| } 592| | 593| 7.73k| if (ret != 0) { ------------------ | Branch (593:9): [True: 0, False: 7.73k] ------------------ 594| 0| mbedtls_pk_free(pk); 595| 0| } 596| | 597| 7.73k| return ret; 598| 7.73k|} mbedtls_pk_parse_key: 977| 119|{ 978| 119| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 119|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 979| 119| const mbedtls_pk_info_t *pk_info; 980| 119|#if defined(MBEDTLS_PEM_PARSE_C) 981| 119| size_t len; 982| 119| mbedtls_pem_context pem; 983| 119|#endif 984| | 985| 119| if (keylen == 0) { ------------------ | Branch (985:9): [True: 0, False: 119] ------------------ 986| 0| return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; ------------------ | | 46| 0|#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 ------------------ 987| 0| } 988| | 989| 119|#if defined(MBEDTLS_PEM_PARSE_C) 990| 119| mbedtls_pem_init(&pem); 991| | 992| 119|#if defined(MBEDTLS_RSA_C) 993| | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 994| 119| if (key[keylen - 1] != '\0') { ------------------ | Branch (994:9): [True: 0, False: 119] ------------------ 995| 0| ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ------------------ | | 25| 0|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ 996| 119| } else { 997| 119| ret = mbedtls_pem_read_buffer(&pem, 998| 119| PEM_BEGIN_PRIVATE_KEY_RSA, PEM_END_PRIVATE_KEY_RSA, ------------------ | | 36| 119|#define PEM_BEGIN_PRIVATE_KEY_RSA "-----BEGIN RSA PRIVATE KEY-----" ------------------ PEM_BEGIN_PRIVATE_KEY_RSA, PEM_END_PRIVATE_KEY_RSA, ------------------ | | 37| 119|#define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----" ------------------ 999| 119| key, pwd, pwdlen, &len); 1000| 119| } 1001| | 1002| 119| if (ret == 0) { ------------------ | Branch (1002:9): [True: 0, False: 119] ------------------ 1003| 0| pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA); 1004| 0| if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 || ------------------ | Branch (1004:13): [True: 0, False: 0] ------------------ 1005| 0| (ret = mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk), ------------------ | Branch (1005:13): [True: 0, False: 0] ------------------ 1006| 0| pem.buf, pem.buflen)) != 0) { 1007| 0| mbedtls_pk_free(pk); 1008| 0| } 1009| | 1010| 0| mbedtls_pem_free(&pem); 1011| 0| return ret; 1012| 119| } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) { ------------------ | | 37| 119|#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH -0x1380 ------------------ | Branch (1012:16): [True: 0, False: 119] ------------------ 1013| 0| return MBEDTLS_ERR_PK_PASSWORD_MISMATCH; ------------------ | | 52| 0|#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 ------------------ 1014| 119| } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED) { ------------------ | | 35| 119|#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300 ------------------ | Branch (1014:16): [True: 0, False: 119] ------------------ 1015| 0| return MBEDTLS_ERR_PK_PASSWORD_REQUIRED; ------------------ | | 50| 0|#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 ------------------ 1016| 119| } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { ------------------ | | 25| 119|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ | Branch (1016:16): [True: 0, False: 119] ------------------ 1017| 0| return ret; 1018| 0| } 1019| 119|#endif /* MBEDTLS_RSA_C */ 1020| | 1021| 119|#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 1022| | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 1023| 119| if (key[keylen - 1] != '\0') { ------------------ | Branch (1023:9): [True: 0, False: 119] ------------------ 1024| 0| ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ------------------ | | 25| 0|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ 1025| 119| } else { 1026| 119| ret = mbedtls_pem_read_buffer(&pem, 1027| 119| PEM_BEGIN_PRIVATE_KEY_EC, ------------------ | | 40| 119|#define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----" ------------------ 1028| 119| PEM_END_PRIVATE_KEY_EC, ------------------ | | 41| 119|#define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----" ------------------ 1029| 119| key, pwd, pwdlen, &len); 1030| 119| } 1031| 119| if (ret == 0) { ------------------ | Branch (1031:9): [True: 0, False: 119] ------------------ 1032| 0| pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY); 1033| | 1034| 0| if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 || ------------------ | Branch (1034:13): [True: 0, False: 0] ------------------ 1035| 0| (ret = pk_parse_key_sec1_der(pk, ------------------ | Branch (1035:13): [True: 0, False: 0] ------------------ 1036| 0| pem.buf, pem.buflen, 1037| 0| f_rng, p_rng)) != 0) { 1038| 0| mbedtls_pk_free(pk); 1039| 0| } 1040| | 1041| 0| mbedtls_pem_free(&pem); 1042| 0| return ret; 1043| 119| } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) { ------------------ | | 37| 119|#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH -0x1380 ------------------ | Branch (1043:16): [True: 0, False: 119] ------------------ 1044| 0| return MBEDTLS_ERR_PK_PASSWORD_MISMATCH; ------------------ | | 52| 0|#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80 ------------------ 1045| 119| } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED) { ------------------ | | 35| 119|#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300 ------------------ | Branch (1045:16): [True: 0, False: 119] ------------------ 1046| 0| return MBEDTLS_ERR_PK_PASSWORD_REQUIRED; ------------------ | | 50| 0|#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00 ------------------ 1047| 119| } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { ------------------ | | 25| 119|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ | Branch (1047:16): [True: 0, False: 119] ------------------ 1048| 0| return ret; 1049| 0| } 1050| 119|#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 1051| | 1052| | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 1053| 119| if (key[keylen - 1] != '\0') { ------------------ | Branch (1053:9): [True: 0, False: 119] ------------------ 1054| 0| ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; ------------------ | | 25| 0|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ 1055| 119| } else { 1056| 119| ret = mbedtls_pem_read_buffer(&pem, 1057| 119| PEM_BEGIN_PRIVATE_KEY_PKCS8, PEM_END_PRIVATE_KEY_PKCS8, ------------------ | | 42| 119|#define PEM_BEGIN_PRIVATE_KEY_PKCS8 "-----BEGIN PRIVATE KEY-----" ------------------ PEM_BEGIN_PRIVATE_KEY_PKCS8, PEM_END_PRIVATE_KEY_PKCS8, ------------------ | | 43| 119|#define PEM_END_PRIVATE_KEY_PKCS8 "-----END PRIVATE KEY-----" ------------------ 1058| 119| key, NULL, 0, &len); 1059| 119| } 1060| 119| if (ret == 0) { ------------------ | Branch (1060:9): [True: 119, False: 0] ------------------ 1061| 119| if ((ret = pk_parse_key_pkcs8_unencrypted_der(pk, ------------------ | Branch (1061:13): [True: 0, False: 119] ------------------ 1062| 119| pem.buf, pem.buflen, f_rng, p_rng)) != 0) { 1063| 0| mbedtls_pk_free(pk); 1064| 0| } 1065| | 1066| 119| mbedtls_pem_free(&pem); 1067| 119| return ret; 1068| 119| } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { ------------------ | | 25| 0|#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080 ------------------ | Branch (1068:16): [True: 0, False: 0] ------------------ 1069| 0| return ret; 1070| 0| } 1071| | 1072| |#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) 1073| | /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */ 1074| | if (key[keylen - 1] != '\0') { 1075| | ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT; 1076| | } else { 1077| | ret = mbedtls_pem_read_buffer(&pem, 1078| | PEM_BEGIN_ENCRYPTED_PRIVATE_KEY_PKCS8, 1079| | PEM_END_ENCRYPTED_PRIVATE_KEY_PKCS8, 1080| | key, NULL, 0, &len); 1081| | } 1082| | if (ret == 0) { 1083| | if ((ret = mbedtls_pk_parse_key_pkcs8_encrypted_der(pk, pem.buf, pem.buflen, 1084| | pwd, pwdlen, f_rng, p_rng)) != 0) { 1085| | mbedtls_pk_free(pk); 1086| | } 1087| | 1088| | mbedtls_pem_free(&pem); 1089| | return ret; 1090| | } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) { 1091| | return ret; 1092| | } 1093| |#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ 1094| |#else 1095| | ((void) pwd); 1096| | ((void) pwdlen); 1097| |#endif /* MBEDTLS_PEM_PARSE_C */ 1098| | 1099| | /* 1100| | * At this point we only know it's not a PEM formatted key. Could be any 1101| | * of the known DER encoded private key formats 1102| | * 1103| | * We try the different DER format parsers to see if one passes without 1104| | * error 1105| | */ 1106| |#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) 1107| | if (pwdlen != 0) { 1108| | unsigned char *key_copy; 1109| | 1110| | if ((key_copy = mbedtls_calloc(1, keylen)) == NULL) { 1111| | return MBEDTLS_ERR_PK_ALLOC_FAILED; 1112| | } 1113| | 1114| | memcpy(key_copy, key, keylen); 1115| | 1116| | ret = mbedtls_pk_parse_key_pkcs8_encrypted_der(pk, key_copy, keylen, 1117| | pwd, pwdlen, f_rng, p_rng); 1118| | 1119| | mbedtls_zeroize_and_free(key_copy, keylen); 1120| | } 1121| | 1122| | if (ret == 0) { 1123| | return 0; 1124| | } 1125| | 1126| | mbedtls_pk_free(pk); 1127| | mbedtls_pk_init(pk); 1128| | 1129| | if (ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH) { 1130| | return ret; 1131| | } 1132| |#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ 1133| | 1134| 0| ret = pk_parse_key_pkcs8_unencrypted_der(pk, key, keylen, f_rng, p_rng); 1135| 0| if (ret == 0) { ------------------ | Branch (1135:9): [True: 0, False: 0] ------------------ 1136| 0| return 0; 1137| 0| } 1138| | 1139| 0| mbedtls_pk_free(pk); 1140| 0| mbedtls_pk_init(pk); 1141| | 1142| 0|#if defined(MBEDTLS_RSA_C) 1143| | 1144| 0| pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA); 1145| 0| if (mbedtls_pk_setup(pk, pk_info) == 0 && ------------------ | Branch (1145:9): [True: 0, False: 0] ------------------ 1146| 0| mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk), key, keylen) == 0) { ------------------ | Branch (1146:9): [True: 0, False: 0] ------------------ 1147| 0| return 0; 1148| 0| } 1149| | 1150| 0| mbedtls_pk_free(pk); 1151| 0| mbedtls_pk_init(pk); 1152| 0|#endif /* MBEDTLS_RSA_C */ 1153| | 1154| 0|#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 1155| 0| pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY); 1156| 0| if (mbedtls_pk_setup(pk, pk_info) == 0 && ------------------ | Branch (1156:9): [True: 0, False: 0] ------------------ 1157| 0| pk_parse_key_sec1_der(pk, ------------------ | Branch (1157:9): [True: 0, False: 0] ------------------ 1158| 0| key, keylen, f_rng, p_rng) == 0) { 1159| 0| return 0; 1160| 0| } 1161| 0| mbedtls_pk_free(pk); 1162| 0|#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 1163| | 1164| | /* If MBEDTLS_RSA_C is defined but MBEDTLS_PK_HAVE_ECC_KEYS isn't, 1165| | * it is ok to leave the PK context initialized but not 1166| | * freed: It is the caller's responsibility to call pk_init() 1167| | * before calling this function, and to call pk_free() 1168| | * when it fails. If MBEDTLS_PK_HAVE_ECC_KEYS is defined but MBEDTLS_RSA_C 1169| | * isn't, this leads to mbedtls_pk_free() being called 1170| | * twice, once here and once by the caller, but this is 1171| | * also ok and in line with the mbedtls_pk_free() calls 1172| | * on failed PEM parsing attempts. */ 1173| | 1174| 0| return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; ------------------ | | 46| 0|#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00 ------------------ 1175| 0|} pkparse.c:pk_get_pk_alg: 475| 7.85k|{ 476| 7.85k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.85k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 477| 7.85k| mbedtls_asn1_buf alg_oid; 478| | 479| 7.85k| memset(params, 0, sizeof(mbedtls_asn1_buf)); 480| | 481| 7.85k| if ((ret = mbedtls_asn1_get_alg(p, end, &alg_oid, params)) != 0) { ------------------ | Branch (481:9): [True: 0, False: 7.85k] ------------------ 482| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 483| 0| } 484| | 485| 7.85k| ret = mbedtls_oid_get_pk_alg(&alg_oid, pk_alg); 486| 7.85k|#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 487| 7.85k| if (ret == MBEDTLS_ERR_OID_NOT_FOUND) { ------------------ | | 28| 7.85k|#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E ------------------ | Branch (487:9): [True: 0, False: 7.85k] ------------------ 488| 0| ret = mbedtls_oid_get_ec_grp_algid(&alg_oid, ec_grp_id); 489| 0| if (ret == 0) { ------------------ | Branch (489:13): [True: 0, False: 0] ------------------ 490| 0| *pk_alg = MBEDTLS_PK_ECKEY; 491| 0| } 492| 0| } 493| |#else 494| | (void) ec_grp_id; 495| |#endif 496| 7.85k| if (ret != 0) { ------------------ | Branch (496:9): [True: 0, False: 7.85k] ------------------ 497| 0| return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; ------------------ | | 48| 0|#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 ------------------ 498| 0| } 499| | 500| | /* 501| | * No parameters with RSA (only for EC) 502| | */ 503| 7.85k| if (*pk_alg == MBEDTLS_PK_RSA && ------------------ | Branch (503:9): [True: 2.14k, False: 5.71k] ------------------ 504| 7.85k| ((params->tag != MBEDTLS_ASN1_NULL && params->tag != 0) || ------------------ | | 68| 4.28k|#define MBEDTLS_ASN1_NULL 0x05 ------------------ | Branch (504:11): [True: 0, False: 2.14k] | Branch (504:47): [True: 0, False: 0] ------------------ 505| 2.14k| params->len != 0)) { ------------------ | Branch (505:10): [True: 0, False: 2.14k] ------------------ 506| 0| return MBEDTLS_ERR_PK_INVALID_ALG; ------------------ | | 56| 0|#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80 ------------------ 507| 0| } 508| | 509| 7.85k| return 0; 510| 7.85k|} pkparse.c:pk_use_ecparams: 390| 5.71k|{ 391| 5.71k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 5.71k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 392| 5.71k| mbedtls_ecp_group_id grp_id; 393| | 394| 5.71k| if (params->tag == MBEDTLS_ASN1_OID) { ------------------ | | 69| 5.71k|#define MBEDTLS_ASN1_OID 0x06 ------------------ | Branch (394:9): [True: 5.71k, False: 0] ------------------ 395| 5.71k| if (mbedtls_oid_get_ec_grp(params, &grp_id) != 0) { ------------------ | Branch (395:13): [True: 0, False: 5.71k] ------------------ 396| 0| return MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE; ------------------ | | 58| 0|#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00 ------------------ 397| 0| } 398| 5.71k| } else { 399| 0| ret = pk_ecc_group_id_from_specified(params, &grp_id); 400| 0| if (ret != 0) { ------------------ | Branch (400:13): [True: 0, False: 0] ------------------ 401| 0| return ret; 402| 0| } 403| 0| } 404| | 405| 5.71k| return mbedtls_pk_ecc_set_group(pk, grp_id); 406| 5.71k|} pkparse.c:pk_parse_key_pkcs8_unencrypted_der: 746| 119|{ 747| 119| int ret, version; 748| 119| size_t len; 749| 119| mbedtls_asn1_buf params; 750| 119| unsigned char *p = (unsigned char *) key; 751| 119| unsigned char *end = p + keylen; 752| 119| mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; 753| 119| mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE; 754| 119| const mbedtls_pk_info_t *pk_info; 755| | 756| |#if !defined(MBEDTLS_PK_HAVE_ECC_KEYS) 757| | (void) f_rng; 758| | (void) p_rng; 759| |#endif 760| | 761| | /* 762| | * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208) 763| | * 764| | * PrivateKeyInfo ::= SEQUENCE { 765| | * version Version, 766| | * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, 767| | * privateKey PrivateKey, 768| | * attributes [0] IMPLICIT Attributes OPTIONAL } 769| | * 770| | * Version ::= INTEGER 771| | * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier 772| | * PrivateKey ::= OCTET STRING 773| | * 774| | * The PrivateKey OCTET STRING is a SEC1 ECPrivateKey 775| | */ 776| | 777| 119| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (777:9): [True: 0, False: 119] ------------------ 778| 119| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 119|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 119|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 779| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 780| 0| } 781| | 782| 119| end = p + len; 783| | 784| 119| if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) { ------------------ | Branch (784:9): [True: 0, False: 119] ------------------ 785| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 786| 0| } 787| | 788| 119| if (version != 0) { ------------------ | Branch (788:9): [True: 0, False: 119] ------------------ 789| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_VERSION, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 790| 0| } 791| | 792| 119| if ((ret = pk_get_pk_alg(&p, end, &pk_alg, ¶ms, &ec_grp_id)) != 0) { ------------------ | Branch (792:9): [True: 0, False: 119] ------------------ 793| 0| return ret; 794| 0| } 795| | 796| 119| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) { ------------------ | | 67| 119|#define MBEDTLS_ASN1_OCTET_STRING 0x04 ------------------ | Branch (796:9): [True: 0, False: 119] ------------------ 797| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 798| 0| } 799| | 800| 119| if (len < 1) { ------------------ | Branch (800:9): [True: 0, False: 119] ------------------ 801| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 802| 0| MBEDTLS_ERR_ASN1_OUT_OF_DATA); 803| 0| } 804| | 805| 119| if ((pk_info = mbedtls_pk_info_from_type(pk_alg)) == NULL) { ------------------ | Branch (805:9): [True: 0, False: 119] ------------------ 806| 0| return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; ------------------ | | 48| 0|#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 ------------------ 807| 0| } 808| | 809| 119| if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0) { ------------------ | Branch (809:9): [True: 0, False: 119] ------------------ 810| 0| return ret; 811| 0| } 812| | 813| 119|#if defined(MBEDTLS_RSA_C) 814| 119| if (pk_alg == MBEDTLS_PK_RSA) { ------------------ | Branch (814:9): [True: 119, False: 0] ------------------ 815| 119| if ((ret = mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk), p, len)) != 0) { ------------------ | Branch (815:13): [True: 0, False: 119] ------------------ 816| 0| mbedtls_pk_free(pk); 817| 0| return ret; 818| 0| } 819| 119| } else 820| 0|#endif /* MBEDTLS_RSA_C */ 821| 0|#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 822| 0| if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { ------------------ | Branch (822:9): [True: 0, False: 0] | Branch (822:39): [True: 0, False: 0] ------------------ 823| 0|#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) 824| 0| if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { ------------------ | | 122| 0| ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448)) | | ------------------ | | | Branch (122:6): [True: 0, False: 0] | | | Branch (122:43): [True: 0, False: 0] | | ------------------ ------------------ 825| 0| if ((ret = ------------------ | Branch (825:17): [True: 0, False: 0] ------------------ 826| 0| pk_use_ecparams_rfc8410(¶ms, ec_grp_id, pk)) != 0 || 827| 0| (ret = ------------------ | Branch (827:17): [True: 0, False: 0] ------------------ 828| 0| pk_parse_key_rfc8410_der(pk, p, len, end, f_rng, 829| 0| p_rng)) != 0) { 830| 0| mbedtls_pk_free(pk); 831| 0| return ret; 832| 0| } 833| 0| } else 834| 0|#endif 835| 0| { 836| 0| if ((ret = pk_use_ecparams(¶ms, pk)) != 0 || ------------------ | Branch (836:17): [True: 0, False: 0] ------------------ 837| 0| (ret = pk_parse_key_sec1_der(pk, p, len, f_rng, p_rng)) != 0) { ------------------ | Branch (837:17): [True: 0, False: 0] ------------------ 838| 0| mbedtls_pk_free(pk); 839| 0| return ret; 840| 0| } 841| 0| } 842| 0| } else 843| 0|#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 844| 0| return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; ------------------ | | 48| 0|#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80 ------------------ 845| | 846| 119| end = p + len; 847| 119| if (end != (key + keylen)) { ------------------ | Branch (847:9): [True: 0, False: 119] ------------------ 848| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 849| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 850| 0| } 851| | 852| 119| return 0; 853| 119|} mbedtls_zeroize_and_free: 140| 1.18M|{ 141| 1.18M| if (buf != NULL) { ------------------ | Branch (141:9): [True: 1.18M, False: 0] ------------------ 142| 1.18M| mbedtls_platform_zeroize(buf, len); 143| 1.18M| } 144| | 145| 1.18M| mbedtls_free(buf); ------------------ | | 143| 1.18M|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 1.18M|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 146| 1.18M|} mbedtls_platform_gmtime_r: 178| 1.42k|{ 179| |#if defined(_WIN32) && !defined(PLATFORM_UTIL_USE_GMTIME) 180| |#if defined(__STDC_LIB_EXT1__) 181| | return (gmtime_s(tt, tm_buf) == 0) ? NULL : tm_buf; 182| |#else 183| | /* MSVC and mingw64 argument order and return value are inconsistent with the C11 standard */ 184| | return (gmtime_s(tm_buf, tt) == 0) ? tm_buf : NULL; 185| |#endif 186| |#elif !defined(PLATFORM_UTIL_USE_GMTIME) 187| | return gmtime_r(tt, tm_buf); 188| |#else 189| | struct tm *lt; 190| | 191| |#if defined(MBEDTLS_THREADING_C) 192| | if (mbedtls_mutex_lock(&mbedtls_threading_gmtime_mutex) != 0) { 193| | return NULL; 194| | } 195| |#endif /* MBEDTLS_THREADING_C */ 196| | 197| | lt = gmtime(tt); 198| | 199| | if (lt != NULL) { 200| | memcpy(tm_buf, lt, sizeof(struct tm)); 201| | } 202| | 203| |#if defined(MBEDTLS_THREADING_C) 204| | if (mbedtls_mutex_unlock(&mbedtls_threading_gmtime_mutex) != 0) { 205| | return NULL; 206| | } 207| |#endif /* MBEDTLS_THREADING_C */ 208| | 209| | return (lt == NULL) ? NULL : tm_buf; 210| |#endif /* _WIN32 && !EFIX64 && !EFI32 */ 211| 1.42k|} mbedtls_rsa_parse_key: 80| 119|{ 81| 119| int ret, version; 82| 119| size_t len; 83| 119| unsigned char *p, *end; 84| | 85| 119| mbedtls_mpi T; 86| 119| mbedtls_mpi_init(&T); 87| | 88| 119| p = (unsigned char *) key; 89| 119| end = p + keylen; 90| | 91| | /* 92| | * This function parses the RSAPrivateKey (PKCS#1) 93| | * 94| | * RSAPrivateKey ::= SEQUENCE { 95| | * version Version, 96| | * modulus INTEGER, -- n 97| | * publicExponent INTEGER, -- e 98| | * privateExponent INTEGER, -- d 99| | * prime1 INTEGER, -- p 100| | * prime2 INTEGER, -- q 101| | * exponent1 INTEGER, -- d mod (p-1) 102| | * exponent2 INTEGER, -- d mod (q-1) 103| | * coefficient INTEGER, -- (inverse of q) mod p 104| | * otherPrimeInfos OtherPrimeInfos OPTIONAL 105| | * } 106| | */ 107| 119| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (107:9): [True: 0, False: 119] ------------------ 108| 119| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 119|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 119|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 109| 0| return ret; 110| 0| } 111| | 112| 119| if (end != p + len) { ------------------ | Branch (112:9): [True: 0, False: 119] ------------------ 113| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 114| 0| } 115| | 116| 119| if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) { ------------------ | Branch (116:9): [True: 0, False: 119] ------------------ 117| 0| return ret; 118| 0| } 119| | 120| 119| if (version != 0) { ------------------ | Branch (120:9): [True: 0, False: 119] ------------------ 121| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 122| 0| } 123| | 124| | /* Import N */ 125| 119| if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || ------------------ | Branch (125:9): [True: 0, False: 119] ------------------ 126| 119| (ret = mbedtls_rsa_import(rsa, &T, NULL, NULL, ------------------ | Branch (126:9): [True: 0, False: 119] ------------------ 127| 119| NULL, NULL)) != 0) { 128| 0| goto cleanup; 129| 0| } 130| | 131| | /* Import E */ 132| 119| if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || ------------------ | Branch (132:9): [True: 0, False: 119] ------------------ 133| 119| (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, ------------------ | Branch (133:9): [True: 0, False: 119] ------------------ 134| 119| NULL, &T)) != 0) { 135| 0| goto cleanup; 136| 0| } 137| | 138| | /* Import D */ 139| 119| if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || ------------------ | Branch (139:9): [True: 0, False: 119] ------------------ 140| 119| (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, ------------------ | Branch (140:9): [True: 0, False: 119] ------------------ 141| 119| &T, NULL)) != 0) { 142| 0| goto cleanup; 143| 0| } 144| | 145| | /* Import P */ 146| 119| if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || ------------------ | Branch (146:9): [True: 0, False: 119] ------------------ 147| 119| (ret = mbedtls_rsa_import(rsa, NULL, &T, NULL, ------------------ | Branch (147:9): [True: 0, False: 119] ------------------ 148| 119| NULL, NULL)) != 0) { 149| 0| goto cleanup; 150| 0| } 151| | 152| | /* Import Q */ 153| 119| if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || ------------------ | Branch (153:9): [True: 0, False: 119] ------------------ 154| 119| (ret = mbedtls_rsa_import(rsa, NULL, NULL, &T, ------------------ | Branch (154:9): [True: 0, False: 119] ------------------ 155| 119| NULL, NULL)) != 0) { 156| 0| goto cleanup; 157| 0| } 158| | 159| 119|#if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT) 160| | /* 161| | * The RSA CRT parameters DP, DQ and QP are nominally redundant, in 162| | * that they can be easily recomputed from D, P and Q. However by 163| | * parsing them from the PKCS1 structure it is possible to avoid 164| | * recalculating them which both reduces the overhead of loading 165| | * RSA private keys into memory and also avoids side channels which 166| | * can arise when computing those values, since all of D, P, and Q 167| | * are secret. See https://eprint.iacr.org/2020/055 for a 168| | * description of one such attack. 169| | */ 170| | 171| | /* Import DP */ 172| 119| if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || ------------------ | Branch (172:9): [True: 0, False: 119] ------------------ 173| 119| (ret = mbedtls_mpi_copy(&rsa->DP, &T)) != 0) { ------------------ | Branch (173:9): [True: 0, False: 119] ------------------ 174| 0| goto cleanup; 175| 0| } 176| | 177| | /* Import DQ */ 178| 119| if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || ------------------ | Branch (178:9): [True: 0, False: 119] ------------------ 179| 119| (ret = mbedtls_mpi_copy(&rsa->DQ, &T)) != 0) { ------------------ | Branch (179:9): [True: 0, False: 119] ------------------ 180| 0| goto cleanup; 181| 0| } 182| | 183| | /* Import QP */ 184| 119| if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || ------------------ | Branch (184:9): [True: 0, False: 119] ------------------ 185| 119| (ret = mbedtls_mpi_copy(&rsa->QP, &T)) != 0) { ------------------ | Branch (185:9): [True: 0, False: 119] ------------------ 186| 0| goto cleanup; 187| 0| } 188| | 189| |#else 190| | /* Verify existence of the CRT params */ 191| | if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || 192| | (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || 193| | (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0) { 194| | goto cleanup; 195| | } 196| |#endif 197| | 198| | /* rsa_complete() doesn't complete anything with the default 199| | * implementation but is still called: 200| | * - for the benefit of alternative implementation that may want to 201| | * pre-compute stuff beyond what's provided (eg Montgomery factors) 202| | * - as is also sanity-checks the key 203| | * 204| | * Furthermore, we also check the public part for consistency with 205| | * mbedtls_pk_parse_pubkey(), as it includes size minima for example. 206| | */ 207| 119| if ((ret = mbedtls_rsa_complete(rsa)) != 0 || ------------------ | Branch (207:9): [True: 0, False: 119] ------------------ 208| 119| (ret = mbedtls_rsa_check_pubkey(rsa)) != 0) { ------------------ | Branch (208:9): [True: 0, False: 119] ------------------ 209| 0| goto cleanup; 210| 0| } 211| | 212| 119| if (p != end) { ------------------ | Branch (212:9): [True: 0, False: 119] ------------------ 213| 0| ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; ------------------ | | 43| 0|#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 ------------------ 214| 0| } 215| | 216| 119|cleanup: 217| | 218| 119| mbedtls_mpi_free(&T); 219| | 220| 119| if (ret != 0) { ------------------ | Branch (220:9): [True: 0, False: 119] ------------------ 221| 0| mbedtls_rsa_free(rsa); 222| 0| } 223| | 224| 119| return ret; 225| 119|} mbedtls_rsa_parse_pubkey: 228| 2.02k|{ 229| 2.02k| unsigned char *p = (unsigned char *) key; 230| 2.02k| unsigned char *end = (unsigned char *) (key + keylen); 231| 2.02k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2.02k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 232| 2.02k| size_t len; 233| | 234| | /* 235| | * RSAPublicKey ::= SEQUENCE { 236| | * modulus INTEGER, -- n 237| | * publicExponent INTEGER -- e 238| | * } 239| | */ 240| | 241| 2.02k| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (241:9): [True: 0, False: 2.02k] ------------------ 242| 2.02k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 2.02k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 2.02k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 243| 0| return ret; 244| 0| } 245| | 246| 2.02k| if (end != p + len) { ------------------ | Branch (246:9): [True: 0, False: 2.02k] ------------------ 247| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 248| 0| } 249| | 250| | /* Import N */ 251| 2.02k| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { ------------------ | | 65| 2.02k|#define MBEDTLS_ASN1_INTEGER 0x02 ------------------ | Branch (251:9): [True: 0, False: 2.02k] ------------------ 252| 0| return ret; 253| 0| } 254| | 255| 2.02k| if ((ret = mbedtls_rsa_import_raw(rsa, p, len, NULL, 0, NULL, 0, ------------------ | Branch (255:9): [True: 0, False: 2.02k] ------------------ 256| 2.02k| NULL, 0, NULL, 0)) != 0) { 257| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 258| 0| } 259| | 260| 2.02k| p += len; 261| | 262| | /* Import E */ 263| 2.02k| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { ------------------ | | 65| 2.02k|#define MBEDTLS_ASN1_INTEGER 0x02 ------------------ | Branch (263:9): [True: 0, False: 2.02k] ------------------ 264| 0| return ret; 265| 0| } 266| | 267| 2.02k| if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0, ------------------ | Branch (267:9): [True: 0, False: 2.02k] ------------------ 268| 2.02k| NULL, 0, p, len)) != 0) { 269| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 270| 0| } 271| | 272| 2.02k| p += len; 273| | 274| 2.02k| if (mbedtls_rsa_complete(rsa) != 0 || ------------------ | Branch (274:9): [True: 0, False: 2.02k] ------------------ 275| 2.02k| mbedtls_rsa_check_pubkey(rsa) != 0) { ------------------ | Branch (275:9): [True: 0, False: 2.02k] ------------------ 276| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 277| 0| } 278| | 279| 2.02k| if (p != end) { ------------------ | Branch (279:9): [True: 0, False: 2.02k] ------------------ 280| 0| return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; ------------------ | | 43| 0|#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 ------------------ 281| 0| } 282| | 283| 2.02k| return 0; 284| 2.02k|} mbedtls_rsa_import: 576| 595|{ 577| 595| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 595|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 578| | 579| 595| if ((N != NULL && (ret = mbedtls_mpi_copy(&ctx->N, N)) != 0) || ------------------ | Branch (579:10): [True: 119, False: 476] | Branch (579:23): [True: 0, False: 119] ------------------ 580| 595| (P != NULL && (ret = mbedtls_mpi_copy(&ctx->P, P)) != 0) || ------------------ | Branch (580:10): [True: 119, False: 476] | Branch (580:23): [True: 0, False: 119] ------------------ 581| 595| (Q != NULL && (ret = mbedtls_mpi_copy(&ctx->Q, Q)) != 0) || ------------------ | Branch (581:10): [True: 119, False: 476] | Branch (581:23): [True: 0, False: 119] ------------------ 582| 595| (D != NULL && (ret = mbedtls_mpi_copy(&ctx->D, D)) != 0) || ------------------ | Branch (582:10): [True: 119, False: 476] | Branch (582:23): [True: 0, False: 119] ------------------ 583| 595| (E != NULL && (ret = mbedtls_mpi_copy(&ctx->E, E)) != 0)) { ------------------ | Branch (583:10): [True: 119, False: 476] | Branch (583:23): [True: 0, False: 119] ------------------ 584| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 585| 0| } 586| | 587| 595| if (N != NULL) { ------------------ | Branch (587:9): [True: 119, False: 476] ------------------ 588| 119| ctx->len = mbedtls_mpi_size(&ctx->N); 589| 119| } 590| | 591| 595| return 0; 592| 595|} mbedtls_rsa_import_raw: 600| 4.04k|{ 601| 4.04k| int ret = 0; 602| | 603| 4.04k| if (N != NULL) { ------------------ | Branch (603:9): [True: 2.02k, False: 2.02k] ------------------ 604| 2.02k| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->N, N, N_len)); ------------------ | | 41| 2.02k| do \ | | 42| 2.02k| { \ | | 43| 2.02k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.02k] | | ------------------ | | 44| 2.02k| goto cleanup; \ | | 45| 2.02k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 605| 2.02k| ctx->len = mbedtls_mpi_size(&ctx->N); 606| 2.02k| } 607| | 608| 4.04k| if (P != NULL) { ------------------ | Branch (608:9): [True: 0, False: 4.04k] ------------------ 609| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->P, P, P_len)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 610| 0| } 611| | 612| 4.04k| if (Q != NULL) { ------------------ | Branch (612:9): [True: 0, False: 4.04k] ------------------ 613| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->Q, Q, Q_len)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 614| 0| } 615| | 616| 4.04k| if (D != NULL) { ------------------ | Branch (616:9): [True: 0, False: 4.04k] ------------------ 617| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->D, D, D_len)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 618| 0| } 619| | 620| 4.04k| if (E != NULL) { ------------------ | Branch (620:9): [True: 2.02k, False: 2.02k] ------------------ 621| 2.02k| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->E, E, E_len)); ------------------ | | 41| 2.02k| do \ | | 42| 2.02k| { \ | | 43| 2.02k| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 2.02k] | | ------------------ | | 44| 2.02k| goto cleanup; \ | | 45| 2.02k| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 622| 2.02k| } 623| | 624| 4.04k|cleanup: 625| | 626| 4.04k| if (ret != 0) { ------------------ | Branch (626:9): [True: 0, False: 4.04k] ------------------ 627| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 628| 0| } 629| | 630| 4.04k| return 0; 631| 4.04k|} mbedtls_rsa_complete: 723| 2.26k|{ 724| 2.26k| int ret = 0; 725| 2.26k| int have_N, have_P, have_Q, have_D, have_E; 726| 2.26k|#if !defined(MBEDTLS_RSA_NO_CRT) 727| 2.26k| int have_DP, have_DQ, have_QP; 728| 2.26k|#endif 729| 2.26k| int n_missing, pq_missing, d_missing, is_pub, is_priv; 730| | 731| 2.26k| have_N = (mbedtls_mpi_cmp_int(&ctx->N, 0) != 0); 732| 2.26k| have_P = (mbedtls_mpi_cmp_int(&ctx->P, 0) != 0); 733| 2.26k| have_Q = (mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0); 734| 2.26k| have_D = (mbedtls_mpi_cmp_int(&ctx->D, 0) != 0); 735| 2.26k| have_E = (mbedtls_mpi_cmp_int(&ctx->E, 0) != 0); 736| | 737| 2.26k|#if !defined(MBEDTLS_RSA_NO_CRT) 738| 2.26k| have_DP = (mbedtls_mpi_cmp_int(&ctx->DP, 0) != 0); 739| 2.26k| have_DQ = (mbedtls_mpi_cmp_int(&ctx->DQ, 0) != 0); 740| 2.26k| have_QP = (mbedtls_mpi_cmp_int(&ctx->QP, 0) != 0); 741| 2.26k|#endif 742| | 743| | /* 744| | * Check whether provided parameters are enough 745| | * to deduce all others. The following incomplete 746| | * parameter sets for private keys are supported: 747| | * 748| | * (1) P, Q missing. 749| | * (2) D and potentially N missing. 750| | * 751| | */ 752| | 753| 2.26k| n_missing = have_P && have_Q && have_D && have_E; ------------------ | Branch (753:31): [True: 238, False: 2.03k] | Branch (753:42): [True: 238, False: 0] | Branch (753:53): [True: 238, False: 0] | Branch (753:63): [True: 238, False: 0] ------------------ 754| 2.26k| pq_missing = have_N && !have_P && !have_Q && have_D && have_E; ------------------ | Branch (754:20): [True: 2.26k, False: 0] | Branch (754:30): [True: 2.03k, False: 238] | Branch (754:41): [True: 2.03k, False: 0] | Branch (754:53): [True: 0, False: 2.03k] | Branch (754:63): [True: 0, False: 0] ------------------ 755| 2.26k| d_missing = have_P && have_Q && !have_D && have_E; ------------------ | Branch (755:31): [True: 238, False: 2.03k] | Branch (755:42): [True: 238, False: 0] | Branch (755:52): [True: 0, False: 238] | Branch (755:63): [True: 0, False: 0] ------------------ 756| 2.26k| is_pub = have_N && !have_P && !have_Q && !have_D && have_E; ------------------ | Branch (756:20): [True: 2.26k, False: 0] | Branch (756:30): [True: 2.03k, False: 238] | Branch (756:41): [True: 2.03k, False: 0] | Branch (756:52): [True: 2.03k, False: 0] | Branch (756:63): [True: 2.03k, False: 0] ------------------ 757| | 758| | /* These three alternatives are mutually exclusive */ 759| 2.26k| is_priv = n_missing || pq_missing || d_missing; ------------------ | Branch (759:15): [True: 238, False: 2.03k] | Branch (759:28): [True: 0, False: 2.03k] | Branch (759:42): [True: 0, False: 2.03k] ------------------ 760| | 761| 2.26k| if (!is_priv && !is_pub) { ------------------ | Branch (761:9): [True: 2.03k, False: 238] | Branch (761:21): [True: 0, False: 2.03k] ------------------ 762| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 763| 0| } 764| | 765| | /* 766| | * Step 1: Deduce N if P, Q are provided. 767| | */ 768| | 769| 2.26k| if (!have_N && have_P && have_Q) { ------------------ | Branch (769:9): [True: 0, False: 2.26k] | Branch (769:20): [True: 0, False: 0] | Branch (769:30): [True: 0, False: 0] ------------------ 770| 0| if ((ret = mbedtls_mpi_mul_mpi(&ctx->N, &ctx->P, ------------------ | Branch (770:13): [True: 0, False: 0] ------------------ 771| 0| &ctx->Q)) != 0) { 772| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 773| 0| } 774| | 775| 0| ctx->len = mbedtls_mpi_size(&ctx->N); 776| 0| } 777| | 778| | /* 779| | * Step 2: Deduce and verify all remaining core parameters. 780| | */ 781| | 782| 2.26k| if (pq_missing) { ------------------ | Branch (782:9): [True: 0, False: 2.26k] ------------------ 783| 0| ret = mbedtls_rsa_deduce_primes(&ctx->N, &ctx->E, &ctx->D, 784| 0| &ctx->P, &ctx->Q); 785| 0| if (ret != 0) { ------------------ | Branch (785:13): [True: 0, False: 0] ------------------ 786| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 787| 0| } 788| | 789| 2.26k| } else if (d_missing) { ------------------ | Branch (789:16): [True: 0, False: 2.26k] ------------------ 790| 0| if ((ret = mbedtls_rsa_deduce_private_exponent(&ctx->P, ------------------ | Branch (790:13): [True: 0, False: 0] ------------------ 791| 0| &ctx->Q, 792| 0| &ctx->E, 793| 0| &ctx->D)) != 0) { 794| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 795| 0| } 796| 0| } 797| | 798| | /* 799| | * Step 3: Deduce all additional parameters specific 800| | * to our current RSA implementation. 801| | */ 802| | 803| 2.26k|#if !defined(MBEDTLS_RSA_NO_CRT) 804| 2.26k| if (is_priv && !(have_DP && have_DQ && have_QP)) { ------------------ | Branch (804:9): [True: 238, False: 2.03k] | Branch (804:22): [True: 238, False: 0] | Branch (804:33): [True: 238, False: 0] | Branch (804:44): [True: 238, False: 0] ------------------ 805| 0| ret = mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D, 806| 0| &ctx->DP, &ctx->DQ, &ctx->QP); 807| 0| if (ret != 0) { ------------------ | Branch (807:13): [True: 0, False: 0] ------------------ 808| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 809| 0| } 810| 0| } 811| 2.26k|#endif /* MBEDTLS_RSA_NO_CRT */ 812| | 813| | /* 814| | * Step 3: Basic sanity checks 815| | */ 816| | 817| 2.26k| return rsa_check_context(ctx, is_priv, 1); 818| 2.26k|} mbedtls_rsa_init: 954| 2.49k|{ 955| 2.49k| memset(ctx, 0, sizeof(mbedtls_rsa_context)); 956| | 957| 2.49k| ctx->padding = MBEDTLS_RSA_PKCS_V15; ------------------ | | 55| 2.49k|#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */ ------------------ 958| 2.49k| ctx->hash_id = MBEDTLS_MD_NONE; 959| | 960| |#if defined(MBEDTLS_THREADING_C) 961| | /* Set ctx->ver to nonzero to indicate that the mutex has been 962| | * initialized and will need to be freed. */ 963| | ctx->ver = 1; 964| | mbedtls_mutex_init(&ctx->mutex); 965| |#endif 966| 2.49k|} mbedtls_rsa_set_padding: 973| 127|{ 974| 127| switch (padding) { 975| 0|#if defined(MBEDTLS_PKCS1_V15) 976| 127| case MBEDTLS_RSA_PKCS_V15: ------------------ | | 55| 127|#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */ ------------------ | Branch (976:9): [True: 127, False: 0] ------------------ 977| 127| break; 978| 0|#endif 979| | 980| 0|#if defined(MBEDTLS_PKCS1_V21) 981| 0| case MBEDTLS_RSA_PKCS_V21: ------------------ | | 56| 0|#define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS#1 v2.1 encoding. */ ------------------ | Branch (981:9): [True: 0, False: 127] ------------------ 982| 0| break; 983| 0|#endif 984| 0| default: ------------------ | Branch (984:9): [True: 0, False: 127] ------------------ 985| 0| return MBEDTLS_ERR_RSA_INVALID_PADDING; ------------------ | | 35| 0|#define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100 ------------------ 986| 127| } 987| | 988| 127|#if defined(MBEDTLS_PKCS1_V21) 989| 127| if ((padding == MBEDTLS_RSA_PKCS_V21) && ------------------ | | 56| 127|#define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS#1 v2.1 encoding. */ ------------------ | Branch (989:9): [True: 0, False: 127] ------------------ 990| 127| (hash_id != MBEDTLS_MD_NONE)) { ------------------ | Branch (990:9): [True: 0, False: 0] ------------------ 991| | /* Just make sure this hash is supported in this build. */ 992| 0| if (mbedtls_md_info_from_type(hash_id) == NULL) { ------------------ | Branch (992:13): [True: 0, False: 0] ------------------ 993| 0| return MBEDTLS_ERR_RSA_INVALID_PADDING; ------------------ | | 35| 0|#define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100 ------------------ 994| 0| } 995| 0| } 996| 127|#endif /* MBEDTLS_PKCS1_V21 */ 997| | 998| 127| ctx->padding = padding; 999| 127| ctx->hash_id = hash_id; 1000| | 1001| 127| return 0; 1002| 127|} mbedtls_rsa_get_bitlen: 1024| 595|{ 1025| 595| return mbedtls_mpi_bitlen(&ctx->N); 1026| 595|} mbedtls_rsa_get_len: 1032| 484|{ 1033| 484| return ctx->len; 1034| 484|} mbedtls_rsa_check_pubkey: 1170| 2.14k|{ 1171| 2.14k| if (rsa_check_context(ctx, 0 /* public */, 0 /* no blinding */) != 0) { ------------------ | Branch (1171:9): [True: 0, False: 2.14k] ------------------ 1172| 0| return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; ------------------ | | 39| 0|#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 ------------------ 1173| 0| } 1174| | 1175| 2.14k| if (mbedtls_mpi_bitlen(&ctx->N) < 128) { ------------------ | Branch (1175:9): [True: 0, False: 2.14k] ------------------ 1176| 0| return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; ------------------ | | 39| 0|#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 ------------------ 1177| 0| } 1178| | 1179| 2.14k| if (mbedtls_mpi_get_bit(&ctx->E, 0) == 0 || ------------------ | Branch (1179:9): [True: 0, False: 2.14k] ------------------ 1180| 2.14k| mbedtls_mpi_bitlen(&ctx->E) < 2 || ------------------ | Branch (1180:9): [True: 0, False: 2.14k] ------------------ 1181| 2.14k| mbedtls_mpi_cmp_mpi(&ctx->E, &ctx->N) >= 0) { ------------------ | Branch (1181:9): [True: 0, False: 2.14k] ------------------ 1182| 0| return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; ------------------ | | 39| 0|#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200 ------------------ 1183| 0| } 1184| | 1185| 2.14k| return 0; 1186| 2.14k|} mbedtls_rsa_public: 1238| 365|{ 1239| 365| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 365|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1240| 365| size_t olen; 1241| 365| mbedtls_mpi T; 1242| | 1243| 365| if (rsa_check_context(ctx, 0 /* public */, 0 /* no blinding */)) { ------------------ | Branch (1243:9): [True: 0, False: 365] ------------------ 1244| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 1245| 0| } 1246| | 1247| 365| mbedtls_mpi_init(&T); 1248| | 1249| |#if defined(MBEDTLS_THREADING_C) 1250| | if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { 1251| | return ret; 1252| | } 1253| |#endif 1254| | 1255| 365| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len)); ------------------ | | 41| 365| do \ | | 42| 365| { \ | | 43| 365| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 365] | | ------------------ | | 44| 365| goto cleanup; \ | | 45| 365| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1256| | 1257| 365| if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) { ------------------ | Branch (1257:9): [True: 0, False: 365] ------------------ 1258| 0| ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004 ------------------ 1259| 0| goto cleanup; 1260| 0| } 1261| | 1262| 365| olen = ctx->len; 1263| 365| MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod_unsafe(&T, &T, &ctx->E, &ctx->N, &ctx->RN)); ------------------ | | 41| 365| do \ | | 42| 365| { \ | | 43| 365| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 365] | | ------------------ | | 44| 365| goto cleanup; \ | | 45| 365| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1264| 365| MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&T, output, olen)); ------------------ | | 41| 365| do \ | | 42| 365| { \ | | 43| 365| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 365] | | ------------------ | | 44| 365| goto cleanup; \ | | 45| 365| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1265| | 1266| 365|cleanup: 1267| |#if defined(MBEDTLS_THREADING_C) 1268| | if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { 1269| | return MBEDTLS_ERR_THREADING_MUTEX_ERROR; 1270| | } 1271| |#endif 1272| | 1273| 365| mbedtls_mpi_free(&T); 1274| | 1275| 365| if (ret != 0) { ------------------ | Branch (1275:9): [True: 0, False: 365] ------------------ 1276| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_PUBLIC_FAILED, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1277| 0| } 1278| | 1279| 365| return 0; 1280| 365|} mbedtls_rsa_private: 1414| 119|{ 1415| 119| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 119|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1416| 119| size_t olen; 1417| | 1418| | /* Temporary holding the result */ 1419| 119| mbedtls_mpi T; 1420| | 1421| | /* Temporaries holding P-1, Q-1 and the 1422| | * exponent blinding factor, respectively. */ 1423| 119| mbedtls_mpi P1, Q1, R; 1424| | 1425| 119|#if !defined(MBEDTLS_RSA_NO_CRT) 1426| | /* Temporaries holding the results mod p resp. mod q. */ 1427| 119| mbedtls_mpi TP, TQ; 1428| | 1429| | /* Temporaries holding the blinded exponents for 1430| | * the mod p resp. mod q computation (if used). */ 1431| 119| mbedtls_mpi DP_blind, DQ_blind; 1432| |#else 1433| | /* Temporary holding the blinded exponent (if used). */ 1434| | mbedtls_mpi D_blind; 1435| |#endif /* MBEDTLS_RSA_NO_CRT */ 1436| | 1437| | /* Temporaries holding the initial input and the double 1438| | * checked result; should be the same in the end. */ 1439| 119| mbedtls_mpi input_blinded, check_result_blinded; 1440| | 1441| 119| if (f_rng == NULL) { ------------------ | Branch (1441:9): [True: 0, False: 119] ------------------ 1442| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 1443| 0| } 1444| | 1445| 119| if (rsa_check_context(ctx, 1 /* private key checks */, ------------------ | Branch (1445:9): [True: 0, False: 119] ------------------ 1446| 119| 1 /* blinding on */) != 0) { 1447| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 1448| 0| } 1449| | 1450| |#if defined(MBEDTLS_THREADING_C) 1451| | if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { 1452| | return ret; 1453| | } 1454| |#endif 1455| | 1456| | /* MPI Initialization */ 1457| 119| mbedtls_mpi_init(&T); 1458| | 1459| 119| mbedtls_mpi_init(&P1); 1460| 119| mbedtls_mpi_init(&Q1); 1461| 119| mbedtls_mpi_init(&R); 1462| | 1463| |#if defined(MBEDTLS_RSA_NO_CRT) 1464| | mbedtls_mpi_init(&D_blind); 1465| |#else 1466| 119| mbedtls_mpi_init(&DP_blind); 1467| 119| mbedtls_mpi_init(&DQ_blind); 1468| 119|#endif 1469| | 1470| 119|#if !defined(MBEDTLS_RSA_NO_CRT) 1471| 119| mbedtls_mpi_init(&TP); mbedtls_mpi_init(&TQ); 1472| 119|#endif 1473| | 1474| 119| mbedtls_mpi_init(&input_blinded); 1475| 119| mbedtls_mpi_init(&check_result_blinded); 1476| | 1477| | /* End of MPI initialization */ 1478| | 1479| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1480| 119| if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) { ------------------ | Branch (1480:9): [True: 0, False: 119] ------------------ 1481| 0| ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; ------------------ | | 26| 0|#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004 ------------------ 1482| 0| goto cleanup; 1483| 0| } 1484| | 1485| | /* 1486| | * Blinding 1487| | * T = T * Vi mod N 1488| | */ 1489| 119| MBEDTLS_MPI_CHK(rsa_prepare_blinding(ctx, f_rng, p_rng)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1490| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &T, &ctx->Vi)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1491| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &T, &ctx->N)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1492| | 1493| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&input_blinded, &T)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1494| | 1495| | /* 1496| | * Exponent blinding 1497| | */ 1498| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&P1, &ctx->P, 1)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1499| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&Q1, &ctx->Q, 1)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1500| | 1501| |#if defined(MBEDTLS_RSA_NO_CRT) 1502| | /* 1503| | * D_blind = ( P - 1 ) * ( Q - 1 ) * R + D 1504| | */ 1505| | MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING, 1506| | f_rng, p_rng)); 1507| | MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&D_blind, &P1, &Q1)); 1508| | MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&D_blind, &D_blind, &R)); 1509| | MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&D_blind, &D_blind, &ctx->D)); 1510| |#else 1511| | /* 1512| | * DP_blind = ( P - 1 ) * R + DP 1513| | */ 1514| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING, ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1515| 119| f_rng, p_rng)); 1516| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&DP_blind, &P1, &R)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1517| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&DP_blind, &DP_blind, ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1518| 119| &ctx->DP)); 1519| | 1520| | /* 1521| | * DQ_blind = ( Q - 1 ) * R + DQ 1522| | */ 1523| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, RSA_EXPONENT_BLINDING, ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1524| 119| f_rng, p_rng)); 1525| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&DQ_blind, &Q1, &R)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1526| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&DQ_blind, &DQ_blind, ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1527| 119| &ctx->DQ)); 1528| 119|#endif /* MBEDTLS_RSA_NO_CRT */ 1529| | 1530| |#if defined(MBEDTLS_RSA_NO_CRT) 1531| | MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&T, &T, &D_blind, &ctx->N, &ctx->RN)); 1532| |#else 1533| | /* 1534| | * Faster decryption using the CRT 1535| | * 1536| | * TP = input ^ dP mod P 1537| | * TQ = input ^ dQ mod Q 1538| | */ 1539| | 1540| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TP, &T, &DP_blind, &ctx->P, &ctx->RP)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1541| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TQ, &T, &DQ_blind, &ctx->Q, &ctx->RQ)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1542| | 1543| | /* 1544| | * T = (TP - TQ) * (Q^-1 mod P) mod P 1545| | */ 1546| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&T, &TP, &TQ)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1547| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&TP, &T, &ctx->QP)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1548| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &TP, &ctx->P)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1549| | 1550| | /* 1551| | * T = TQ + T * Q 1552| | */ 1553| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&TP, &T, &ctx->Q)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1554| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&T, &TQ, &TP)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1555| 119|#endif /* MBEDTLS_RSA_NO_CRT */ 1556| | 1557| | /* Verify the result to prevent glitching attacks. */ 1558| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&check_result_blinded, &T, &ctx->E, ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1559| 119| &ctx->N, &ctx->RN)); 1560| 119| if (mbedtls_mpi_cmp_mpi(&check_result_blinded, &input_blinded) != 0) { ------------------ | Branch (1560:9): [True: 0, False: 119] ------------------ 1561| 0| ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; ------------------ | | 45| 0|#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 ------------------ 1562| 0| goto cleanup; 1563| 0| } 1564| | 1565| | /* 1566| | * Unblind 1567| | * T = T * Vf mod N 1568| | */ 1569| 119| MBEDTLS_MPI_CHK(rsa_unblind(&T, &ctx->Vf, &ctx->N)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1570| | 1571| 119| olen = ctx->len; 1572| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&T, output, olen)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1573| | 1574| 119|cleanup: 1575| |#if defined(MBEDTLS_THREADING_C) 1576| | if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { 1577| | return MBEDTLS_ERR_THREADING_MUTEX_ERROR; 1578| | } 1579| |#endif 1580| | 1581| 119| mbedtls_mpi_free(&P1); 1582| 119| mbedtls_mpi_free(&Q1); 1583| 119| mbedtls_mpi_free(&R); 1584| | 1585| |#if defined(MBEDTLS_RSA_NO_CRT) 1586| | mbedtls_mpi_free(&D_blind); 1587| |#else 1588| 119| mbedtls_mpi_free(&DP_blind); 1589| 119| mbedtls_mpi_free(&DQ_blind); 1590| 119|#endif 1591| | 1592| 119| mbedtls_mpi_free(&T); 1593| | 1594| 119|#if !defined(MBEDTLS_RSA_NO_CRT) 1595| 119| mbedtls_mpi_free(&TP); mbedtls_mpi_free(&TQ); 1596| 119|#endif 1597| | 1598| 119| mbedtls_mpi_free(&check_result_blinded); 1599| 119| mbedtls_mpi_free(&input_blinded); 1600| | 1601| 119| if (ret != 0 && ret >= -0x007f) { ------------------ | Branch (1601:9): [True: 0, False: 119] | Branch (1601:21): [True: 0, False: 0] ------------------ 1602| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_RSA_PRIVATE_FAILED, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1603| 0| } 1604| | 1605| 119| return ret; 1606| 119|} mbedtls_rsa_rsassa_pkcs1_v15_sign: 2434| 119|{ 2435| 119| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 119|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 2436| 119| unsigned char *sig_try = NULL, *verif = NULL; 2437| | 2438| 119| if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) { ------------------ | Branch (2438:10): [True: 119, False: 0] | Branch (2438:39): [True: 0, False: 0] | Branch (2438:56): [True: 0, False: 119] ------------------ 2439| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 2440| 0| } 2441| | 2442| 119| if (ctx->padding != MBEDTLS_RSA_PKCS_V15) { ------------------ | | 55| 119|#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */ ------------------ | Branch (2442:9): [True: 0, False: 119] ------------------ 2443| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 2444| 0| } 2445| | 2446| | /* 2447| | * Prepare PKCS1-v1.5 encoding (padding and hash identifier) 2448| | */ 2449| | 2450| 119| if ((ret = rsa_rsassa_pkcs1_v15_encode(md_alg, hashlen, hash, ------------------ | Branch (2450:9): [True: 0, False: 119] ------------------ 2451| 119| ctx->len, sig)) != 0) { 2452| 0| return ret; 2453| 0| } 2454| | 2455| | /* Private key operation 2456| | * 2457| | * In order to prevent Lenstra's attack, make the signature in a 2458| | * temporary buffer and check it before returning it. 2459| | */ 2460| | 2461| 119| sig_try = mbedtls_calloc(1, ctx->len); ------------------ | | 144| 119|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 119|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ 2462| 119| if (sig_try == NULL) { ------------------ | Branch (2462:9): [True: 0, False: 119] ------------------ 2463| 0| return MBEDTLS_ERR_MPI_ALLOC_FAILED; ------------------ | | 38| 0|#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 ------------------ 2464| 0| } 2465| | 2466| 119| verif = mbedtls_calloc(1, ctx->len); ------------------ | | 144| 119|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 119|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ 2467| 119| if (verif == NULL) { ------------------ | Branch (2467:9): [True: 0, False: 119] ------------------ 2468| 0| mbedtls_free(sig_try); ------------------ | | 143| 0|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 0|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 2469| 0| return MBEDTLS_ERR_MPI_ALLOC_FAILED; ------------------ | | 38| 0|#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 ------------------ 2470| 0| } 2471| | 2472| 119| MBEDTLS_MPI_CHK(mbedtls_rsa_private(ctx, f_rng, p_rng, sig, sig_try)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2473| 119| MBEDTLS_MPI_CHK(mbedtls_rsa_public(ctx, sig_try, verif)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2474| | 2475| 119| if (mbedtls_ct_memcmp(verif, sig, ctx->len) != 0) { ------------------ | Branch (2475:9): [True: 0, False: 119] ------------------ 2476| 0| ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED; ------------------ | | 43| 0|#define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300 ------------------ 2477| 0| goto cleanup; 2478| 0| } 2479| | 2480| 119| memcpy(sig, sig_try, ctx->len); 2481| | 2482| 119|cleanup: 2483| 119| mbedtls_zeroize_and_free(sig_try, ctx->len); 2484| 119| mbedtls_zeroize_and_free(verif, ctx->len); 2485| | 2486| 119| if (ret != 0) { ------------------ | Branch (2486:9): [True: 0, False: 119] ------------------ 2487| 0| memset(sig, '!', ctx->len); 2488| 0| } 2489| 119| return ret; 2490| 119|} mbedtls_rsa_pkcs1_sign: 2503| 119|{ 2504| 119| if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) { ------------------ | Branch (2504:10): [True: 119, False: 0] | Branch (2504:39): [True: 0, False: 0] | Branch (2504:56): [True: 0, False: 119] ------------------ 2505| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 2506| 0| } 2507| | 2508| 119| switch (ctx->padding) { 2509| 0|#if defined(MBEDTLS_PKCS1_V15) 2510| 119| case MBEDTLS_RSA_PKCS_V15: ------------------ | | 55| 119|#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */ ------------------ | Branch (2510:9): [True: 119, False: 0] ------------------ 2511| 119| return mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx, f_rng, p_rng, 2512| 119| md_alg, hashlen, hash, sig); 2513| 0|#endif 2514| | 2515| 0|#if defined(MBEDTLS_PKCS1_V21) 2516| 0| case MBEDTLS_RSA_PKCS_V21: ------------------ | | 56| 0|#define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS#1 v2.1 encoding. */ ------------------ | Branch (2516:9): [True: 0, False: 119] ------------------ 2517| 0| return mbedtls_rsa_rsassa_pss_sign(ctx, f_rng, p_rng, md_alg, 2518| 0| hashlen, hash, sig); 2519| 0|#endif 2520| | 2521| 0| default: ------------------ | Branch (2521:9): [True: 0, False: 119] ------------------ 2522| 0| return MBEDTLS_ERR_RSA_INVALID_PADDING; ------------------ | | 35| 0|#define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100 ------------------ 2523| 119| } 2524| 119|} mbedtls_rsa_rsassa_pkcs1_v15_verify: 2680| 246|{ 2681| 246| int ret = 0; 2682| 246| size_t sig_len; 2683| 246| unsigned char *encoded = NULL, *encoded_expected = NULL; 2684| | 2685| 246| if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) { ------------------ | Branch (2685:10): [True: 246, False: 0] | Branch (2685:39): [True: 0, False: 0] | Branch (2685:56): [True: 0, False: 246] ------------------ 2686| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 2687| 0| } 2688| | 2689| 246| sig_len = ctx->len; 2690| | 2691| | /* 2692| | * Prepare expected PKCS1 v1.5 encoding of hash. 2693| | */ 2694| | 2695| 246| if ((encoded = mbedtls_calloc(1, sig_len)) == NULL || ------------------ | | 144| 246|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 246|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ | Branch (2695:9): [True: 0, False: 246] ------------------ 2696| 246| (encoded_expected = mbedtls_calloc(1, sig_len)) == NULL) { ------------------ | | 144| 246|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 246|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ | Branch (2696:9): [True: 0, False: 246] ------------------ 2697| 0| ret = MBEDTLS_ERR_MPI_ALLOC_FAILED; ------------------ | | 38| 0|#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010 ------------------ 2698| 0| goto cleanup; 2699| 0| } 2700| | 2701| 246| if ((ret = rsa_rsassa_pkcs1_v15_encode(md_alg, hashlen, hash, sig_len, ------------------ | Branch (2701:9): [True: 0, False: 246] ------------------ 2702| 246| encoded_expected)) != 0) { 2703| 0| goto cleanup; 2704| 0| } 2705| | 2706| | /* 2707| | * Apply RSA primitive to get what should be PKCS1 encoded hash. 2708| | */ 2709| | 2710| 246| ret = mbedtls_rsa_public(ctx, sig, encoded); 2711| 246| if (ret != 0) { ------------------ | Branch (2711:9): [True: 0, False: 246] ------------------ 2712| 0| goto cleanup; 2713| 0| } 2714| | 2715| | /* 2716| | * Compare 2717| | */ 2718| | 2719| 246| if ((ret = mbedtls_ct_memcmp(encoded, encoded_expected, ------------------ | Branch (2719:9): [True: 5, False: 241] ------------------ 2720| 246| sig_len)) != 0) { 2721| 5| ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; ------------------ | | 45| 5|#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 ------------------ 2722| 5| goto cleanup; 2723| 5| } 2724| | 2725| 246|cleanup: 2726| | 2727| 246| if (encoded != NULL) { ------------------ | Branch (2727:9): [True: 246, False: 0] ------------------ 2728| 246| mbedtls_zeroize_and_free(encoded, sig_len); 2729| 246| } 2730| | 2731| 246| if (encoded_expected != NULL) { ------------------ | Branch (2731:9): [True: 246, False: 0] ------------------ 2732| 246| mbedtls_zeroize_and_free(encoded_expected, sig_len); 2733| 246| } 2734| | 2735| 246| return ret; 2736| 246|} mbedtls_rsa_pkcs1_verify: 2747| 246|{ 2748| 246| if ((md_alg != MBEDTLS_MD_NONE || hashlen != 0) && hash == NULL) { ------------------ | Branch (2748:10): [True: 246, False: 0] | Branch (2748:39): [True: 0, False: 0] | Branch (2748:56): [True: 0, False: 246] ------------------ 2749| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 2750| 0| } 2751| | 2752| 246| switch (ctx->padding) { 2753| 0|#if defined(MBEDTLS_PKCS1_V15) 2754| 246| case MBEDTLS_RSA_PKCS_V15: ------------------ | | 55| 246|#define MBEDTLS_RSA_PKCS_V15 0 /**< Use PKCS#1 v1.5 encoding. */ ------------------ | Branch (2754:9): [True: 246, False: 0] ------------------ 2755| 246| return mbedtls_rsa_rsassa_pkcs1_v15_verify(ctx, md_alg, 2756| 246| hashlen, hash, sig); 2757| 0|#endif 2758| | 2759| 0|#if defined(MBEDTLS_PKCS1_V21) 2760| 0| case MBEDTLS_RSA_PKCS_V21: ------------------ | | 56| 0|#define MBEDTLS_RSA_PKCS_V21 1 /**< Use PKCS#1 v2.1 encoding. */ ------------------ | Branch (2760:9): [True: 0, False: 246] ------------------ 2761| 0| return mbedtls_rsa_rsassa_pss_verify(ctx, md_alg, 2762| 0| hashlen, hash, sig); 2763| 0|#endif 2764| | 2765| 0| default: ------------------ | Branch (2765:9): [True: 0, False: 246] ------------------ 2766| 0| return MBEDTLS_ERR_RSA_INVALID_PADDING; ------------------ | | 35| 0|#define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100 ------------------ 2767| 246| } 2768| 246|} mbedtls_rsa_copy: 2774| 357|{ 2775| 357| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 357|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 2776| | 2777| 357| dst->len = src->len; 2778| | 2779| 357| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->N, &src->N)); ------------------ | | 41| 357| do \ | | 42| 357| { \ | | 43| 357| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 357] | | ------------------ | | 44| 357| goto cleanup; \ | | 45| 357| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2780| 357| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->E, &src->E)); ------------------ | | 41| 357| do \ | | 42| 357| { \ | | 43| 357| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 357] | | ------------------ | | 44| 357| goto cleanup; \ | | 45| 357| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2781| | 2782| 357| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->D, &src->D)); ------------------ | | 41| 357| do \ | | 42| 357| { \ | | 43| 357| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 357] | | ------------------ | | 44| 357| goto cleanup; \ | | 45| 357| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2783| 357| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->P, &src->P)); ------------------ | | 41| 357| do \ | | 42| 357| { \ | | 43| 357| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 357] | | ------------------ | | 44| 357| goto cleanup; \ | | 45| 357| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2784| 357| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Q, &src->Q)); ------------------ | | 41| 357| do \ | | 42| 357| { \ | | 43| 357| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 357] | | ------------------ | | 44| 357| goto cleanup; \ | | 45| 357| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2785| | 2786| 357|#if !defined(MBEDTLS_RSA_NO_CRT) 2787| 357| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->DP, &src->DP)); ------------------ | | 41| 357| do \ | | 42| 357| { \ | | 43| 357| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 357] | | ------------------ | | 44| 357| goto cleanup; \ | | 45| 357| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2788| 357| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->DQ, &src->DQ)); ------------------ | | 41| 357| do \ | | 42| 357| { \ | | 43| 357| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 357] | | ------------------ | | 44| 357| goto cleanup; \ | | 45| 357| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2789| 357| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->QP, &src->QP)); ------------------ | | 41| 357| do \ | | 42| 357| { \ | | 43| 357| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 357] | | ------------------ | | 44| 357| goto cleanup; \ | | 45| 357| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2790| 357| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RP, &src->RP)); ------------------ | | 41| 357| do \ | | 42| 357| { \ | | 43| 357| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 357] | | ------------------ | | 44| 357| goto cleanup; \ | | 45| 357| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2791| 357| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RQ, &src->RQ)); ------------------ | | 41| 357| do \ | | 42| 357| { \ | | 43| 357| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 357] | | ------------------ | | 44| 357| goto cleanup; \ | | 45| 357| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2792| 357|#endif 2793| | 2794| 357| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->RN, &src->RN)); ------------------ | | 41| 357| do \ | | 42| 357| { \ | | 43| 357| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 357] | | ------------------ | | 44| 357| goto cleanup; \ | | 45| 357| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2795| | 2796| 357| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Vi, &src->Vi)); ------------------ | | 41| 357| do \ | | 42| 357| { \ | | 43| 357| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 357] | | ------------------ | | 44| 357| goto cleanup; \ | | 45| 357| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2797| 357| MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&dst->Vf, &src->Vf)); ------------------ | | 41| 357| do \ | | 42| 357| { \ | | 43| 357| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 357] | | ------------------ | | 44| 357| goto cleanup; \ | | 45| 357| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 2798| | 2799| 357| dst->padding = src->padding; 2800| 357| dst->hash_id = src->hash_id; 2801| | 2802| 357|cleanup: 2803| 357| if (ret != 0) { ------------------ | Branch (2803:9): [True: 0, False: 357] ------------------ 2804| 0| mbedtls_rsa_free(dst); 2805| 0| } 2806| | 2807| 357| return ret; 2808| 357|} mbedtls_rsa_free: 2814| 2.49k|{ 2815| 2.49k| if (ctx == NULL) { ------------------ | Branch (2815:9): [True: 0, False: 2.49k] ------------------ 2816| 0| return; 2817| 0| } 2818| | 2819| 2.49k| mbedtls_mpi_free(&ctx->Vi); 2820| 2.49k| mbedtls_mpi_free(&ctx->Vf); 2821| 2.49k| mbedtls_mpi_free(&ctx->RN); 2822| 2.49k| mbedtls_mpi_free(&ctx->D); 2823| 2.49k| mbedtls_mpi_free(&ctx->Q); 2824| 2.49k| mbedtls_mpi_free(&ctx->P); 2825| 2.49k| mbedtls_mpi_free(&ctx->E); 2826| 2.49k| mbedtls_mpi_free(&ctx->N); 2827| | 2828| 2.49k|#if !defined(MBEDTLS_RSA_NO_CRT) 2829| 2.49k| mbedtls_mpi_free(&ctx->RQ); 2830| 2.49k| mbedtls_mpi_free(&ctx->RP); 2831| 2.49k| mbedtls_mpi_free(&ctx->QP); 2832| 2.49k| mbedtls_mpi_free(&ctx->DQ); 2833| 2.49k| mbedtls_mpi_free(&ctx->DP); 2834| 2.49k|#endif /* MBEDTLS_RSA_NO_CRT */ 2835| | 2836| |#if defined(MBEDTLS_THREADING_C) 2837| | /* Free the mutex, but only if it hasn't been freed already. */ 2838| | if (ctx->ver != 0) { 2839| | mbedtls_mutex_free(&ctx->mutex); 2840| | ctx->ver = 0; 2841| | } 2842| |#endif 2843| 2.49k|} rsa.c:asn1_get_nonzero_mpi: 64| 952|{ 65| 952| int ret; 66| | 67| 952| ret = mbedtls_asn1_get_mpi(p, end, X); 68| 952| if (ret != 0) { ------------------ | Branch (68:9): [True: 0, False: 952] ------------------ 69| 0| return ret; 70| 0| } 71| | 72| 952| if (mbedtls_mpi_cmp_int(X, 0) == 0) { ------------------ | Branch (72:9): [True: 0, False: 952] ------------------ 73| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 74| 0| } 75| | 76| 952| return 0; 77| 952|} rsa.c:rsa_check_context: 640| 4.89k|{ 641| 4.89k|#if !defined(MBEDTLS_RSA_NO_CRT) 642| | /* blinding_needed is only used for NO_CRT to decide whether 643| | * P,Q need to be present or not. */ 644| 4.89k| ((void) blinding_needed); 645| 4.89k|#endif 646| | 647| 4.89k| if (ctx->len != mbedtls_mpi_size(&ctx->N) || ------------------ | Branch (647:9): [True: 0, False: 4.89k] ------------------ 648| 4.89k| ctx->len > MBEDTLS_MPI_MAX_SIZE) { ------------------ | | 73| 4.89k|#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ ------------------ | Branch (648:9): [True: 0, False: 4.89k] ------------------ 649| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 650| 0| } 651| | 652| | /* 653| | * 1. Modular exponentiation needs positive, odd moduli. 654| | */ 655| | 656| | /* Modular exponentiation wrt. N is always used for 657| | * RSA public key operations. */ 658| 4.89k| if (mbedtls_mpi_cmp_int(&ctx->N, 0) <= 0 || ------------------ | Branch (658:9): [True: 0, False: 4.89k] ------------------ 659| 4.89k| mbedtls_mpi_get_bit(&ctx->N, 0) == 0) { ------------------ | Branch (659:9): [True: 0, False: 4.89k] ------------------ 660| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 661| 0| } 662| | 663| 4.89k|#if !defined(MBEDTLS_RSA_NO_CRT) 664| | /* Modular exponentiation for P and Q is only 665| | * used for private key operations and if CRT 666| | * is used. */ 667| 4.89k| if (is_priv && ------------------ | Branch (667:9): [True: 357, False: 4.53k] ------------------ 668| 4.89k| (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 || ------------------ | Branch (668:10): [True: 0, False: 357] ------------------ 669| 357| mbedtls_mpi_get_bit(&ctx->P, 0) == 0 || ------------------ | Branch (669:10): [True: 0, False: 357] ------------------ 670| 357| mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0 || ------------------ | Branch (670:10): [True: 0, False: 357] ------------------ 671| 357| mbedtls_mpi_get_bit(&ctx->Q, 0) == 0)) { ------------------ | Branch (671:10): [True: 0, False: 357] ------------------ 672| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 673| 0| } 674| 4.89k|#endif /* !MBEDTLS_RSA_NO_CRT */ 675| | 676| | /* 677| | * 2. Exponents must be positive 678| | */ 679| | 680| | /* Always need E for public key operations */ 681| 4.89k| if (mbedtls_mpi_cmp_int(&ctx->E, 0) <= 0) { ------------------ | Branch (681:9): [True: 0, False: 4.89k] ------------------ 682| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 683| 0| } 684| | 685| |#if defined(MBEDTLS_RSA_NO_CRT) 686| | /* For private key operations, use D or DP & DQ 687| | * as (unblinded) exponents. */ 688| | if (is_priv && mbedtls_mpi_cmp_int(&ctx->D, 0) <= 0) { 689| | return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; 690| | } 691| |#else 692| 4.89k| if (is_priv && ------------------ | Branch (692:9): [True: 357, False: 4.53k] ------------------ 693| 4.89k| (mbedtls_mpi_cmp_int(&ctx->DP, 0) <= 0 || ------------------ | Branch (693:10): [True: 0, False: 357] ------------------ 694| 357| mbedtls_mpi_cmp_int(&ctx->DQ, 0) <= 0)) { ------------------ | Branch (694:10): [True: 0, False: 357] ------------------ 695| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 696| 0| } 697| 4.89k|#endif /* MBEDTLS_RSA_NO_CRT */ 698| | 699| | /* Blinding shouldn't make exponents negative either, 700| | * so check that P, Q >= 1 if that hasn't yet been 701| | * done as part of 1. */ 702| |#if defined(MBEDTLS_RSA_NO_CRT) 703| | if (is_priv && blinding_needed && 704| | (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 || 705| | mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0)) { 706| | return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; 707| | } 708| |#endif 709| | 710| | /* It wouldn't lead to an error if it wasn't satisfied, 711| | * but check for QP >= 1 nonetheless. */ 712| 4.89k|#if !defined(MBEDTLS_RSA_NO_CRT) 713| 4.89k| if (is_priv && ------------------ | Branch (713:9): [True: 357, False: 4.53k] ------------------ 714| 4.89k| mbedtls_mpi_cmp_int(&ctx->QP, 0) <= 0) { ------------------ | Branch (714:9): [True: 0, False: 357] ------------------ 715| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 716| 0| } 717| 4.89k|#endif 718| | 719| 4.89k| return 0; 720| 4.89k|} rsa.c:rsa_prepare_blinding: 1290| 119|{ 1291| 119| int ret, count = 0; 1292| 119| mbedtls_mpi R; 1293| | 1294| 119| mbedtls_mpi_init(&R); 1295| | 1296| 119| if (ctx->Vf.p != NULL) { ------------------ | Branch (1296:9): [True: 0, False: 119] ------------------ 1297| | /* We already have blinding values, just update them by squaring */ 1298| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &ctx->Vi)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1299| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1300| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &ctx->Vf)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1301| 0| MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->N)); ------------------ | | 41| 0| do \ | | 42| 0| { \ | | 43| 0| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 0] | | ------------------ | | 44| 0| goto cleanup; \ | | 45| 0| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1302| | 1303| 0| goto cleanup; 1304| 0| } 1305| | 1306| | /* Unblinding value: Vf = random number, invertible mod N */ 1307| 119| do { 1308| 119| if (count++ > 10) { ------------------ | Branch (1308:13): [True: 0, False: 119] ------------------ 1309| 0| ret = MBEDTLS_ERR_RSA_RNG_FAILED; ------------------ | | 49| 0|#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 ------------------ 1310| 0| goto cleanup; 1311| 0| } 1312| | 1313| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->Vf, ctx->len - 1, f_rng, p_rng)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1314| | 1315| | /* Compute Vf^-1 as R * (R Vf)^-1 to avoid leaks from inv_mod. */ 1316| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, ctx->len - 1, f_rng, p_rng)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1317| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vf, &R)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1318| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1319| | 1320| | /* At this point, Vi is invertible mod N if and only if both Vf and R 1321| | * are invertible mod N. If one of them isn't, we don't need to know 1322| | * which one, we just loop and choose new values for both of them. 1323| | * (Each iteration succeeds with overwhelming probability.) */ 1324| 119| ret = mbedtls_mpi_inv_mod(&ctx->Vi, &ctx->Vi, &ctx->N); 1325| 119| if (ret != 0 && ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) { ------------------ | | 36| 0|#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E ------------------ | Branch (1325:13): [True: 0, False: 119] | Branch (1325:25): [True: 0, False: 0] ------------------ 1326| 0| goto cleanup; 1327| 0| } 1328| | 1329| 119| } while (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE); ------------------ | | 36| 119|#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E ------------------ | Branch (1329:14): [True: 0, False: 119] ------------------ 1330| | 1331| | /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */ 1332| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &R)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1333| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1334| | 1335| | /* Blinding value: Vi = Vf^(-e) mod N 1336| | * (Vi already contains Vf^-1 at this point) */ 1337| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1338| | 1339| | 1340| 119|cleanup: 1341| 119| mbedtls_mpi_free(&R); 1342| | 1343| 119| return ret; 1344| 119|} rsa.c:rsa_unblind: 1351| 119|{ 1352| 119| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 119|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1353| 119| const mbedtls_mpi_uint mm = mbedtls_mpi_core_montmul_init(N->p); 1354| 119| const size_t nlimbs = N->n; 1355| 119| const size_t tlimbs = mbedtls_mpi_core_montmul_working_limbs(nlimbs); 1356| 119| mbedtls_mpi RR, M_T; 1357| | 1358| 119| mbedtls_mpi_init(&RR); 1359| 119| mbedtls_mpi_init(&M_T); 1360| | 1361| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_core_get_mont_r2_unsafe(&RR, N)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1362| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&M_T, tlimbs)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1363| | 1364| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(T, nlimbs)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1365| 119| MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Vf, nlimbs)); ------------------ | | 41| 119| do \ | | 42| 119| { \ | | 43| 119| if ((ret = (f)) != 0) \ | | ------------------ | | | Branch (43:13): [True: 0, False: 119] | | ------------------ | | 44| 119| goto cleanup; \ | | 45| 119| } while (0) | | ------------------ | | | Branch (45:14): [Folded - Ignored] | | ------------------ ------------------ 1366| | 1367| | /* T = T * Vf mod N 1368| | * Reminder: montmul(A, B, N) = A * B * R^-1 mod N 1369| | * Usually both operands are multiplied by R mod N beforehand (by calling 1370| | * `to_mont_rep()` on them), yielding a result that's also * R mod N (aka 1371| | * "in the Montgomery domain"). Here we only multiply one operand by R mod 1372| | * N, so the result is directly what we want - no need to call 1373| | * `from_mont_rep()` on it. */ 1374| 119| mbedtls_mpi_core_to_mont_rep(T->p, T->p, N->p, nlimbs, mm, RR.p, M_T.p); 1375| 119| mbedtls_mpi_core_montmul(T->p, T->p, Vf->p, nlimbs, N->p, nlimbs, mm, M_T.p); 1376| | 1377| 119|cleanup: 1378| | 1379| 119| mbedtls_mpi_free(&RR); 1380| 119| mbedtls_mpi_free(&M_T); 1381| | 1382| 119| return ret; 1383| 119|} rsa.c:rsa_rsassa_pkcs1_v15_encode: 2314| 365|{ 2315| 365| size_t oid_size = 0; 2316| 365| size_t nb_pad = dst_len; 2317| 365| unsigned char *p = dst; 2318| 365| const char *oid = NULL; 2319| | 2320| | /* Are we signing hashed or raw data? */ 2321| 365| if (md_alg != MBEDTLS_MD_NONE) { ------------------ | Branch (2321:9): [True: 365, False: 0] ------------------ 2322| 365| unsigned char md_size = mbedtls_md_get_size_from_type(md_alg); 2323| 365| if (md_size == 0) { ------------------ | Branch (2323:13): [True: 0, False: 365] ------------------ 2324| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 2325| 0| } 2326| | 2327| 365| if (mbedtls_oid_get_oid_by_md(md_alg, &oid, &oid_size) != 0) { ------------------ | Branch (2327:13): [True: 0, False: 365] ------------------ 2328| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 2329| 0| } 2330| | 2331| 365| if (hashlen != md_size) { ------------------ | Branch (2331:13): [True: 0, False: 365] ------------------ 2332| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 2333| 0| } 2334| | 2335| | /* Double-check that 8 + hashlen + oid_size can be used as a 2336| | * 1-byte ASN.1 length encoding and that there's no overflow. */ 2337| 365| if (8 + hashlen + oid_size >= 0x80 || ------------------ | Branch (2337:13): [True: 0, False: 365] ------------------ 2338| 365| 10 + hashlen < hashlen || ------------------ | Branch (2338:13): [True: 0, False: 365] ------------------ 2339| 365| 10 + hashlen + oid_size < 10 + hashlen) { ------------------ | Branch (2339:13): [True: 0, False: 365] ------------------ 2340| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 2341| 0| } 2342| | 2343| | /* 2344| | * Static bounds check: 2345| | * - Need 10 bytes for five tag-length pairs. 2346| | * (Insist on 1-byte length encodings to protect against variants of 2347| | * Bleichenbacher's forgery attack against lax PKCS#1v1.5 verification) 2348| | * - Need hashlen bytes for hash 2349| | * - Need oid_size bytes for hash alg OID. 2350| | */ 2351| 365| if (nb_pad < 10 + hashlen + oid_size) { ------------------ | Branch (2351:13): [True: 0, False: 365] ------------------ 2352| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 2353| 0| } 2354| 365| nb_pad -= 10 + hashlen + oid_size; 2355| 365| } else { 2356| 0| if (nb_pad < hashlen) { ------------------ | Branch (2356:13): [True: 0, False: 0] ------------------ 2357| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 2358| 0| } 2359| | 2360| 0| nb_pad -= hashlen; 2361| 0| } 2362| | 2363| | /* Need space for signature header and padding delimiter (3 bytes), 2364| | * and 8 bytes for the minimal padding */ 2365| 365| if (nb_pad < 3 + 8) { ------------------ | Branch (2365:9): [True: 0, False: 365] ------------------ 2366| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 2367| 0| } 2368| 365| nb_pad -= 3; 2369| | 2370| | /* Now nb_pad is the amount of memory to be filled 2371| | * with padding, and at least 8 bytes long. */ 2372| | 2373| | /* Write signature header and padding */ 2374| 365| *p++ = 0; 2375| 365| *p++ = MBEDTLS_RSA_SIGN; ------------------ | | 58| 365|#define MBEDTLS_RSA_SIGN 1 /**< Identifier for RSA signature operations. */ ------------------ 2376| 365| memset(p, 0xFF, nb_pad); 2377| 365| p += nb_pad; 2378| 365| *p++ = 0; 2379| | 2380| | /* Are we signing raw data? */ 2381| 365| if (md_alg == MBEDTLS_MD_NONE) { ------------------ | Branch (2381:9): [True: 0, False: 365] ------------------ 2382| 0| memcpy(p, hash, hashlen); 2383| 0| return 0; 2384| 0| } 2385| | 2386| | /* Signing hashed data, add corresponding ASN.1 structure 2387| | * 2388| | * DigestInfo ::= SEQUENCE { 2389| | * digestAlgorithm DigestAlgorithmIdentifier, 2390| | * digest Digest } 2391| | * DigestAlgorithmIdentifier ::= AlgorithmIdentifier 2392| | * Digest ::= OCTET STRING 2393| | * 2394| | * Schematic: 2395| | * TAG-SEQ + LEN [ TAG-SEQ + LEN [ TAG-OID + LEN [ OID ] 2396| | * TAG-NULL + LEN [ NULL ] ] 2397| | * TAG-OCTET + LEN [ HASH ] ] 2398| | */ 2399| 365| *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; ------------------ | | 72| 365|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; ------------------ | | 82| 365|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ 2400| 365| *p++ = (unsigned char) (0x08 + oid_size + hashlen); 2401| 365| *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; ------------------ | | 72| 365|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; ------------------ | | 82| 365|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ 2402| 365| *p++ = (unsigned char) (0x04 + oid_size); 2403| 365| *p++ = MBEDTLS_ASN1_OID; ------------------ | | 69| 365|#define MBEDTLS_ASN1_OID 0x06 ------------------ 2404| 365| *p++ = (unsigned char) oid_size; 2405| 365| memcpy(p, oid, oid_size); 2406| 365| p += oid_size; 2407| 365| *p++ = MBEDTLS_ASN1_NULL; ------------------ | | 68| 365|#define MBEDTLS_ASN1_NULL 0x05 ------------------ 2408| 365| *p++ = 0x00; 2409| 365| *p++ = MBEDTLS_ASN1_OCTET_STRING; ------------------ | | 67| 365|#define MBEDTLS_ASN1_OCTET_STRING 0x04 ------------------ 2410| 365| *p++ = (unsigned char) hashlen; 2411| 365| memcpy(p, hash, hashlen); 2412| 365| p += hashlen; 2413| | 2414| | /* Just a sanity-check, should be automatic 2415| | * after the initial bounds check. */ 2416| 365| if (p != dst + dst_len) { ------------------ | Branch (2416:9): [True: 0, False: 365] ------------------ 2417| 0| mbedtls_platform_zeroize(dst, dst_len); 2418| 0| return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; ------------------ | | 33| 0|#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080 ------------------ 2419| 0| } 2420| | 2421| 365| return 0; 2422| 365|} mbedtls_sha256_init: 226| 2.57k|{ 227| 2.57k| memset(ctx, 0, sizeof(mbedtls_sha256_context)); 228| 2.57k|} mbedtls_sha256_free: 231| 5.50k|{ 232| 5.50k| if (ctx == NULL) { ------------------ | Branch (232:9): [True: 0, False: 5.50k] ------------------ 233| 0| return; 234| 0| } 235| | 236| 5.50k| mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha256_context)); 237| 5.50k|} mbedtls_sha256_clone: 241| 29|{ 242| 29| *dst = *src; 243| 29|} mbedtls_sha256_starts: 249| 2.86k|{ 250| |#if defined(MBEDTLS_SHA224_C) && defined(MBEDTLS_SHA256_C) 251| | if (is224 != 0 && is224 != 1) { 252| | return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA; 253| | } 254| |#elif defined(MBEDTLS_SHA256_C) 255| 2.86k| if (is224 != 0) { ------------------ | Branch (255:9): [True: 0, False: 2.86k] ------------------ 256| 0| return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA; ------------------ | | 23| 0|#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074 ------------------ 257| 0| } 258| |#else /* defined MBEDTLS_SHA224_C only */ 259| | if (is224 == 0) { 260| | return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA; 261| | } 262| |#endif 263| | 264| 2.86k| ctx->total[0] = 0; 265| 2.86k| ctx->total[1] = 0; 266| | 267| 2.86k| if (is224 == 0) { ------------------ | Branch (267:9): [True: 2.86k, False: 0] ------------------ 268| 2.86k|#if defined(MBEDTLS_SHA256_C) 269| 2.86k| ctx->state[0] = 0x6A09E667; 270| 2.86k| ctx->state[1] = 0xBB67AE85; 271| 2.86k| ctx->state[2] = 0x3C6EF372; 272| 2.86k| ctx->state[3] = 0xA54FF53A; 273| 2.86k| ctx->state[4] = 0x510E527F; 274| 2.86k| ctx->state[5] = 0x9B05688C; 275| 2.86k| ctx->state[6] = 0x1F83D9AB; 276| 2.86k| ctx->state[7] = 0x5BE0CD19; 277| 2.86k|#endif 278| 2.86k| } else { 279| |#if defined(MBEDTLS_SHA224_C) 280| | ctx->state[0] = 0xC1059ED8; 281| | ctx->state[1] = 0x367CD507; 282| | ctx->state[2] = 0x3070DD17; 283| | ctx->state[3] = 0xF70E5939; 284| | ctx->state[4] = 0xFFC00B31; 285| | ctx->state[5] = 0x68581511; 286| | ctx->state[6] = 0x64F98FA7; 287| | ctx->state[7] = 0xBEFA4FA4; 288| |#endif 289| 0| } 290| | 291| |#if defined(MBEDTLS_SHA224_C) 292| | ctx->is224 = is224; 293| |#endif 294| | 295| 2.86k| return 0; 296| 2.86k|} mbedtls_internal_sha256_process: 494| 33.5k|{ 495| 33.5k| struct { 496| 33.5k| uint32_t temp1, temp2, W[64]; 497| 33.5k| uint32_t A[8]; 498| 33.5k| } local; 499| | 500| 33.5k| unsigned int i; 501| | 502| 301k| for (i = 0; i < 8; i++) { ------------------ | Branch (502:17): [True: 268k, False: 33.5k] ------------------ 503| 268k| local.A[i] = ctx->state[i]; 504| 268k| } 505| | 506| |#if defined(MBEDTLS_SHA256_SMALLER) 507| | for (i = 0; i < 64; i++) { 508| | if (i < 16) { 509| | local.W[i] = MBEDTLS_GET_UINT32_BE(data, 4 * i); 510| | } else { 511| | R(i); 512| | } 513| | 514| | P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], 515| | local.A[5], local.A[6], local.A[7], local.W[i], K[i]); 516| | 517| | local.temp1 = local.A[7]; local.A[7] = local.A[6]; 518| | local.A[6] = local.A[5]; local.A[5] = local.A[4]; 519| | local.A[4] = local.A[3]; local.A[3] = local.A[2]; 520| | local.A[2] = local.A[1]; local.A[1] = local.A[0]; 521| | local.A[0] = local.temp1; 522| | } 523| |#else /* MBEDTLS_SHA256_SMALLER */ 524| 570k| for (i = 0; i < 16; i++) { ------------------ | Branch (524:17): [True: 536k, False: 33.5k] ------------------ 525| 536k| local.W[i] = MBEDTLS_GET_UINT32_BE(data, 4 * i); ------------------ | | 413| 536k| ((MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 536k|#define MBEDTLS_IS_BIG_ENDIAN 0 | | ------------------ | | | Branch (413:6): [Folded - Ignored] | | ------------------ | | 414| 536k| ? mbedtls_get_unaligned_uint32((data) + (offset)) \ | | 415| 536k| : MBEDTLS_BSWAP32(mbedtls_get_unaligned_uint32((data) + (offset))) \ | | ------------------ | | | | 298| 536k|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 416| 536k| ) ------------------ 526| 536k| } 527| | 528| 100k| for (i = 0; i < 16; i += 8) { ------------------ | Branch (528:17): [True: 67.1k, False: 33.5k] ------------------ 529| 67.1k| P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], ------------------ | | 478| 67.1k| do \ | | 479| 67.1k| { \ | | 480| 67.1k| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 466| 67.1k|#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 469| 67.1k|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) | | ------------------ | | 481| 67.1k| local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 465| 67.1k|#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 468| 67.1k|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) | | ------------------ | | 482| 67.1k| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ | | 483| 67.1k| } while (0) | | ------------------ | | | Branch (483:14): [Folded - Ignored] | | ------------------ ------------------ 530| 67.1k| local.A[5], local.A[6], local.A[7], local.W[i+0], K[i+0]); 531| 67.1k| P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], ------------------ | | 478| 67.1k| do \ | | 479| 67.1k| { \ | | 480| 67.1k| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 466| 67.1k|#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 469| 67.1k|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) | | ------------------ | | 481| 67.1k| local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 465| 67.1k|#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 468| 67.1k|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) | | ------------------ | | 482| 67.1k| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ | | 483| 67.1k| } while (0) | | ------------------ | | | Branch (483:14): [Folded - Ignored] | | ------------------ ------------------ 532| 67.1k| local.A[4], local.A[5], local.A[6], local.W[i+1], K[i+1]); 533| 67.1k| P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], ------------------ | | 478| 67.1k| do \ | | 479| 67.1k| { \ | | 480| 67.1k| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 466| 67.1k|#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 469| 67.1k|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) | | ------------------ | | 481| 67.1k| local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 465| 67.1k|#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 468| 67.1k|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) | | ------------------ | | 482| 67.1k| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ | | 483| 67.1k| } while (0) | | ------------------ | | | Branch (483:14): [Folded - Ignored] | | ------------------ ------------------ 534| 67.1k| local.A[3], local.A[4], local.A[5], local.W[i+2], K[i+2]); 535| 67.1k| P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], ------------------ | | 478| 67.1k| do \ | | 479| 67.1k| { \ | | 480| 67.1k| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 466| 67.1k|#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 469| 67.1k|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) | | ------------------ | | 481| 67.1k| local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 465| 67.1k|#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 468| 67.1k|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) | | ------------------ | | 482| 67.1k| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ | | 483| 67.1k| } while (0) | | ------------------ | | | Branch (483:14): [Folded - Ignored] | | ------------------ ------------------ 536| 67.1k| local.A[2], local.A[3], local.A[4], local.W[i+3], K[i+3]); 537| 67.1k| P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], ------------------ | | 478| 67.1k| do \ | | 479| 67.1k| { \ | | 480| 67.1k| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 466| 67.1k|#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 469| 67.1k|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) | | ------------------ | | 481| 67.1k| local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 465| 67.1k|#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 468| 67.1k|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) | | ------------------ | | 482| 67.1k| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ | | 483| 67.1k| } while (0) | | ------------------ | | | Branch (483:14): [Folded - Ignored] | | ------------------ ------------------ 538| 67.1k| local.A[1], local.A[2], local.A[3], local.W[i+4], K[i+4]); 539| 67.1k| P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], ------------------ | | 478| 67.1k| do \ | | 479| 67.1k| { \ | | 480| 67.1k| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 466| 67.1k|#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 469| 67.1k|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) | | ------------------ | | 481| 67.1k| local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 465| 67.1k|#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 468| 67.1k|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) | | ------------------ | | 482| 67.1k| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ | | 483| 67.1k| } while (0) | | ------------------ | | | Branch (483:14): [Folded - Ignored] | | ------------------ ------------------ 540| 67.1k| local.A[0], local.A[1], local.A[2], local.W[i+5], K[i+5]); 541| 67.1k| P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], ------------------ | | 478| 67.1k| do \ | | 479| 67.1k| { \ | | 480| 67.1k| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 466| 67.1k|#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 469| 67.1k|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) | | ------------------ | | 481| 67.1k| local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 465| 67.1k|#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 468| 67.1k|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) | | ------------------ | | 482| 67.1k| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ | | 483| 67.1k| } while (0) | | ------------------ | | | Branch (483:14): [Folded - Ignored] | | ------------------ ------------------ 542| 67.1k| local.A[7], local.A[0], local.A[1], local.W[i+6], K[i+6]); 543| 67.1k| P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], ------------------ | | 478| 67.1k| do \ | | 479| 67.1k| { \ | | 480| 67.1k| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 466| 67.1k|#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 469| 67.1k|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) | | ------------------ | | 481| 67.1k| local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 465| 67.1k|#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 67.1k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 67.1k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 468| 67.1k|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) | | ------------------ | | 482| 67.1k| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ | | 483| 67.1k| } while (0) | | ------------------ | | | Branch (483:14): [Folded - Ignored] | | ------------------ ------------------ 544| 67.1k| local.A[6], local.A[7], local.A[0], local.W[i+7], K[i+7]); 545| 67.1k| } 546| | 547| 234k| for (i = 16; i < 64; i += 8) { ------------------ | Branch (547:18): [True: 201k, False: 33.5k] ------------------ 548| 201k| P(local.A[0], local.A[1], local.A[2], local.A[3], local.A[4], ------------------ | | 478| 201k| do \ | | 479| 201k| { \ | | 480| 201k| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 466| 201k|#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 469| 201k|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) | | ------------------ | | 481| 201k| local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 465| 201k|#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 468| 201k|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) | | ------------------ | | 482| 201k| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ | | 483| 201k| } while (0) | | ------------------ | | | Branch (483:14): [Folded - Ignored] | | ------------------ ------------------ 549| 201k| local.A[5], local.A[6], local.A[7], R(i+0), K[i+0]); 550| 201k| P(local.A[7], local.A[0], local.A[1], local.A[2], local.A[3], ------------------ | | 478| 201k| do \ | | 479| 201k| { \ | | 480| 201k| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 466| 201k|#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 469| 201k|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) | | ------------------ | | 481| 201k| local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 465| 201k|#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 468| 201k|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) | | ------------------ | | 482| 201k| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ | | 483| 201k| } while (0) | | ------------------ | | | Branch (483:14): [Folded - Ignored] | | ------------------ ------------------ 551| 201k| local.A[4], local.A[5], local.A[6], R(i+1), K[i+1]); 552| 201k| P(local.A[6], local.A[7], local.A[0], local.A[1], local.A[2], ------------------ | | 478| 201k| do \ | | 479| 201k| { \ | | 480| 201k| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 466| 201k|#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 469| 201k|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) | | ------------------ | | 481| 201k| local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 465| 201k|#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 468| 201k|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) | | ------------------ | | 482| 201k| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ | | 483| 201k| } while (0) | | ------------------ | | | Branch (483:14): [Folded - Ignored] | | ------------------ ------------------ 553| 201k| local.A[3], local.A[4], local.A[5], R(i+2), K[i+2]); 554| 201k| P(local.A[5], local.A[6], local.A[7], local.A[0], local.A[1], ------------------ | | 478| 201k| do \ | | 479| 201k| { \ | | 480| 201k| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 466| 201k|#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 469| 201k|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) | | ------------------ | | 481| 201k| local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 465| 201k|#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 468| 201k|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) | | ------------------ | | 482| 201k| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ | | 483| 201k| } while (0) | | ------------------ | | | Branch (483:14): [Folded - Ignored] | | ------------------ ------------------ 555| 201k| local.A[2], local.A[3], local.A[4], R(i+3), K[i+3]); 556| 201k| P(local.A[4], local.A[5], local.A[6], local.A[7], local.A[0], ------------------ | | 478| 201k| do \ | | 479| 201k| { \ | | 480| 201k| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 466| 201k|#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 469| 201k|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) | | ------------------ | | 481| 201k| local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 465| 201k|#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 468| 201k|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) | | ------------------ | | 482| 201k| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ | | 483| 201k| } while (0) | | ------------------ | | | Branch (483:14): [Folded - Ignored] | | ------------------ ------------------ 557| 201k| local.A[1], local.A[2], local.A[3], R(i+4), K[i+4]); 558| 201k| P(local.A[3], local.A[4], local.A[5], local.A[6], local.A[7], ------------------ | | 478| 201k| do \ | | 479| 201k| { \ | | 480| 201k| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 466| 201k|#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 469| 201k|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) | | ------------------ | | 481| 201k| local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 465| 201k|#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 468| 201k|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) | | ------------------ | | 482| 201k| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ | | 483| 201k| } while (0) | | ------------------ | | | Branch (483:14): [Folded - Ignored] | | ------------------ ------------------ 559| 201k| local.A[0], local.A[1], local.A[2], R(i+5), K[i+5]); 560| 201k| P(local.A[2], local.A[3], local.A[4], local.A[5], local.A[6], ------------------ | | 478| 201k| do \ | | 479| 201k| { \ | | 480| 201k| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 466| 201k|#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 469| 201k|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) | | ------------------ | | 481| 201k| local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 465| 201k|#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 468| 201k|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) | | ------------------ | | 482| 201k| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ | | 483| 201k| } while (0) | | ------------------ | | | Branch (483:14): [Folded - Ignored] | | ------------------ ------------------ 561| 201k| local.A[7], local.A[0], local.A[1], R(i+6), K[i+6]); 562| 201k| P(local.A[1], local.A[2], local.A[3], local.A[4], local.A[5], ------------------ | | 478| 201k| do \ | | 479| 201k| { \ | | 480| 201k| local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 466| 201k|#define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S3(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp1 = (h) + S3(e) + F1((e), (f), (g)) + (K) + (x); \ | | ------------------ | | | | 469| 201k|#define F1(x, y, z) ((z) ^ ((x) & ((y) ^ (z)))) | | ------------------ | | 481| 201k| local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 465| 201k|#define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | | | #define S2(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) | | | | ------------------ | | | | | | 460| 201k|#define ROTR(x, n) (SHR(x, n) | ((x) << (32 - (n)))) | | | | | | ------------------ | | | | | | | | 459| 201k|#define SHR(x, n) (((x) & 0xFFFFFFFF) >> (n)) | | | | | | ------------------ | | | | ------------------ | | ------------------ | | local.temp2 = S2(a) + F0((a), (b), (c)); \ | | ------------------ | | | | 468| 201k|#define F0(x, y, z) (((x) & (y)) | ((z) & ((x) | (y)))) | | ------------------ | | 482| 201k| (d) += local.temp1; (h) = local.temp1 + local.temp2; \ | | 483| 201k| } while (0) | | ------------------ | | | Branch (483:14): [Folded - Ignored] | | ------------------ ------------------ 563| 201k| local.A[6], local.A[7], local.A[0], R(i+7), K[i+7]); 564| 201k| } 565| 33.5k|#endif /* MBEDTLS_SHA256_SMALLER */ 566| | 567| 301k| for (i = 0; i < 8; i++) { ------------------ | Branch (567:17): [True: 268k, False: 33.5k] ------------------ 568| 268k| ctx->state[i] += local.A[i]; 569| 268k| } 570| | 571| | /* Zeroise buffers and variables to clear sensitive data from memory. */ 572| 33.5k| mbedtls_platform_zeroize(&local, sizeof(local)); 573| | 574| 33.5k| return 0; 575| 33.5k|} mbedtls_sha256_update: 648| 3.53k|{ 649| 3.53k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 3.53k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 650| 3.53k| size_t fill; 651| 3.53k| uint32_t left; 652| | 653| 3.53k| if (ilen == 0) { ------------------ | Branch (653:9): [True: 50, False: 3.48k] ------------------ 654| 50| return 0; 655| 50| } 656| | 657| 3.48k| left = ctx->total[0] & 0x3F; 658| 3.48k| fill = SHA256_BLOCK_SIZE - left; ------------------ | | 223| 3.48k|#define SHA256_BLOCK_SIZE 64 ------------------ 659| | 660| 3.48k| ctx->total[0] += (uint32_t) ilen; 661| 3.48k| ctx->total[0] &= 0xFFFFFFFF; 662| | 663| 3.48k| if (ctx->total[0] < (uint32_t) ilen) { ------------------ | Branch (663:9): [True: 0, False: 3.48k] ------------------ 664| 0| ctx->total[1]++; 665| 0| } 666| | 667| 3.48k| if (left && ilen >= fill) { ------------------ | Branch (667:9): [True: 56, False: 3.43k] | Branch (667:17): [True: 15, False: 41] ------------------ 668| 15| memcpy((void *) (ctx->buffer + left), input, fill); 669| | 670| 15| if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) { ------------------ | Branch (670:13): [True: 0, False: 15] ------------------ 671| 0| return ret; 672| 0| } 673| | 674| 15| input += fill; 675| 15| ilen -= fill; 676| 15| left = 0; 677| 15| } 678| | 679| 6.22k| while (ilen >= SHA256_BLOCK_SIZE) { ------------------ | | 223| 6.22k|#define SHA256_BLOCK_SIZE 64 ------------------ | Branch (679:12): [True: 2.73k, False: 3.48k] ------------------ 680| 2.73k| size_t processed = 681| 2.73k| mbedtls_internal_sha256_process_many(ctx, input, ilen); 682| 2.73k| if (processed < SHA256_BLOCK_SIZE) { ------------------ | | 223| 2.73k|#define SHA256_BLOCK_SIZE 64 ------------------ | Branch (682:13): [True: 0, False: 2.73k] ------------------ 683| 0| return MBEDTLS_ERR_ERROR_GENERIC_ERROR; ------------------ | | 98| 0|#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001 ------------------ 684| 0| } 685| | 686| 2.73k| input += processed; 687| 2.73k| ilen -= processed; 688| 2.73k| } 689| | 690| 3.48k| if (ilen > 0) { ------------------ | Branch (690:9): [True: 2.67k, False: 810] ------------------ 691| 2.67k| memcpy((void *) (ctx->buffer + left), input, ilen); 692| 2.67k| } 693| | 694| 3.48k| return 0; 695| 3.48k|} mbedtls_sha256_finish: 702| 2.87k|{ 703| 2.87k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2.87k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 704| 2.87k| uint32_t used; 705| 2.87k| uint32_t high, low; 706| 2.87k| int truncated = 0; 707| | 708| | /* 709| | * Add padding: 0x80 then 0x00 until 8 bytes remain for the length 710| | */ 711| 2.87k| used = ctx->total[0] & 0x3F; 712| | 713| 2.87k| ctx->buffer[used++] = 0x80; 714| | 715| 2.87k| if (used <= 56) { ------------------ | Branch (715:9): [True: 2.75k, False: 119] ------------------ 716| | /* Enough room for padding + length in current block */ 717| 2.75k| memset(ctx->buffer + used, 0, 56 - used); 718| 2.75k| } else { 719| | /* We'll need an extra block */ 720| 119| memset(ctx->buffer + used, 0, SHA256_BLOCK_SIZE - used); ------------------ | | 223| 119|#define SHA256_BLOCK_SIZE 64 ------------------ 721| | 722| 119| if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) { ------------------ | Branch (722:13): [True: 0, False: 119] ------------------ 723| 0| goto exit; 724| 0| } 725| | 726| 119| memset(ctx->buffer, 0, 56); 727| 119| } 728| | 729| | /* 730| | * Add message length 731| | */ 732| 2.87k| high = (ctx->total[0] >> 29) 733| 2.87k| | (ctx->total[1] << 3); 734| 2.87k| low = (ctx->total[0] << 3); 735| | 736| 2.87k| MBEDTLS_PUT_UINT32_BE(high, ctx->buffer, 56); ------------------ | | 428| 2.87k| { \ | | 429| 2.87k| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 2.87k|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 430| 2.87k| { \ | | 431| 0| mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ | | 432| 0| } \ | | 433| 2.87k| else \ | | 434| 2.87k| { \ | | 435| 2.87k| mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ | | ------------------ | | | | 298| 2.87k|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 436| 2.87k| } \ | | 437| 2.87k| } ------------------ 737| 2.87k| MBEDTLS_PUT_UINT32_BE(low, ctx->buffer, 60); ------------------ | | 428| 2.87k| { \ | | 429| 2.87k| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 2.87k|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 430| 2.87k| { \ | | 431| 0| mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ | | 432| 0| } \ | | 433| 2.87k| else \ | | 434| 2.87k| { \ | | 435| 2.87k| mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ | | ------------------ | | | | 298| 2.87k|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 436| 2.87k| } \ | | 437| 2.87k| } ------------------ 738| | 739| 2.87k| if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) { ------------------ | Branch (739:9): [True: 0, False: 2.87k] ------------------ 740| 0| goto exit; 741| 0| } 742| | 743| | /* 744| | * Output final state 745| | */ 746| 2.87k| MBEDTLS_PUT_UINT32_BE(ctx->state[0], output, 0); ------------------ | | 428| 2.87k| { \ | | 429| 2.87k| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 2.87k|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 430| 2.87k| { \ | | 431| 0| mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ | | 432| 0| } \ | | 433| 2.87k| else \ | | 434| 2.87k| { \ | | 435| 2.87k| mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ | | ------------------ | | | | 298| 2.87k|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 436| 2.87k| } \ | | 437| 2.87k| } ------------------ 747| 2.87k| MBEDTLS_PUT_UINT32_BE(ctx->state[1], output, 4); ------------------ | | 428| 2.87k| { \ | | 429| 2.87k| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 2.87k|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 430| 2.87k| { \ | | 431| 0| mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ | | 432| 0| } \ | | 433| 2.87k| else \ | | 434| 2.87k| { \ | | 435| 2.87k| mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ | | ------------------ | | | | 298| 2.87k|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 436| 2.87k| } \ | | 437| 2.87k| } ------------------ 748| 2.87k| MBEDTLS_PUT_UINT32_BE(ctx->state[2], output, 8); ------------------ | | 428| 2.87k| { \ | | 429| 2.87k| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 2.87k|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 430| 2.87k| { \ | | 431| 0| mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ | | 432| 0| } \ | | 433| 2.87k| else \ | | 434| 2.87k| { \ | | 435| 2.87k| mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ | | ------------------ | | | | 298| 2.87k|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 436| 2.87k| } \ | | 437| 2.87k| } ------------------ 749| 2.87k| MBEDTLS_PUT_UINT32_BE(ctx->state[3], output, 12); ------------------ | | 428| 2.87k| { \ | | 429| 2.87k| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 2.87k|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 430| 2.87k| { \ | | 431| 0| mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ | | 432| 0| } \ | | 433| 2.87k| else \ | | 434| 2.87k| { \ | | 435| 2.87k| mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ | | ------------------ | | | | 298| 2.87k|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 436| 2.87k| } \ | | 437| 2.87k| } ------------------ 750| 2.87k| MBEDTLS_PUT_UINT32_BE(ctx->state[4], output, 16); ------------------ | | 428| 2.87k| { \ | | 429| 2.87k| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 2.87k|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 430| 2.87k| { \ | | 431| 0| mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ | | 432| 0| } \ | | 433| 2.87k| else \ | | 434| 2.87k| { \ | | 435| 2.87k| mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ | | ------------------ | | | | 298| 2.87k|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 436| 2.87k| } \ | | 437| 2.87k| } ------------------ 751| 2.87k| MBEDTLS_PUT_UINT32_BE(ctx->state[5], output, 20); ------------------ | | 428| 2.87k| { \ | | 429| 2.87k| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 2.87k|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 430| 2.87k| { \ | | 431| 0| mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ | | 432| 0| } \ | | 433| 2.87k| else \ | | 434| 2.87k| { \ | | 435| 2.87k| mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ | | ------------------ | | | | 298| 2.87k|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 436| 2.87k| } \ | | 437| 2.87k| } ------------------ 752| 2.87k| MBEDTLS_PUT_UINT32_BE(ctx->state[6], output, 24); ------------------ | | 428| 2.87k| { \ | | 429| 2.87k| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 2.87k|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 430| 2.87k| { \ | | 431| 0| mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ | | 432| 0| } \ | | 433| 2.87k| else \ | | 434| 2.87k| { \ | | 435| 2.87k| mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ | | ------------------ | | | | 298| 2.87k|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 436| 2.87k| } \ | | 437| 2.87k| } ------------------ 753| | 754| |#if defined(MBEDTLS_SHA224_C) 755| | truncated = ctx->is224; 756| |#endif 757| 2.87k| if (!truncated) { ------------------ | Branch (757:9): [True: 2.87k, False: 0] ------------------ 758| 2.87k| MBEDTLS_PUT_UINT32_BE(ctx->state[7], output, 28); ------------------ | | 428| 2.87k| { \ | | 429| 2.87k| if (MBEDTLS_IS_BIG_ENDIAN) \ | | ------------------ | | | | 398| 2.87k|#define MBEDTLS_IS_BIG_ENDIAN 0 | | | | ------------------ | | | | | Branch (398:31): [Folded - Ignored] | | | | ------------------ | | ------------------ | | 430| 2.87k| { \ | | 431| 0| mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ | | 432| 0| } \ | | 433| 2.87k| else \ | | 434| 2.87k| { \ | | 435| 2.87k| mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ | | ------------------ | | | | 298| 2.87k|#define MBEDTLS_BSWAP32 __builtin_bswap32 | | ------------------ | | 436| 2.87k| } \ | | 437| 2.87k| } ------------------ 759| 2.87k| } 760| | 761| 2.87k| ret = 0; 762| | 763| 2.87k|exit: 764| 2.87k| mbedtls_sha256_free(ctx); 765| 2.87k| return ret; 766| 2.87k|} mbedtls_sha256: 777| 2.28k|{ 778| 2.28k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 2.28k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 779| 2.28k| mbedtls_sha256_context ctx; 780| | 781| |#if defined(MBEDTLS_SHA224_C) && defined(MBEDTLS_SHA256_C) 782| | if (is224 != 0 && is224 != 1) { 783| | return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA; 784| | } 785| |#elif defined(MBEDTLS_SHA256_C) 786| 2.28k| if (is224 != 0) { ------------------ | Branch (786:9): [True: 0, False: 2.28k] ------------------ 787| 0| return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA; ------------------ | | 23| 0|#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074 ------------------ 788| 0| } 789| |#else /* defined MBEDTLS_SHA224_C only */ 790| | if (is224 == 0) { 791| | return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA; 792| | } 793| |#endif 794| | 795| 2.28k| mbedtls_sha256_init(&ctx); 796| | 797| 2.28k| if ((ret = mbedtls_sha256_starts(&ctx, is224)) != 0) { ------------------ | Branch (797:9): [True: 0, False: 2.28k] ------------------ 798| 0| goto exit; 799| 0| } 800| | 801| 2.28k| if ((ret = mbedtls_sha256_update(&ctx, input, ilen)) != 0) { ------------------ | Branch (801:9): [True: 0, False: 2.28k] ------------------ 802| 0| goto exit; 803| 0| } 804| | 805| 2.28k| if ((ret = mbedtls_sha256_finish(&ctx, output)) != 0) { ------------------ | Branch (805:9): [True: 0, False: 2.28k] ------------------ 806| 0| goto exit; 807| 0| } 808| | 809| 2.28k|exit: 810| 2.28k| mbedtls_sha256_free(&ctx); 811| | 812| 2.28k| return ret; 813| 2.28k|} sha256.c:mbedtls_internal_sha256_process_many: 584| 2.73k|{ 585| 2.73k| size_t processed = 0; 586| | 587| 33.2k| while (len >= SHA256_BLOCK_SIZE) { ------------------ | | 223| 33.2k|#define SHA256_BLOCK_SIZE 64 ------------------ | Branch (587:12): [True: 30.5k, False: 2.73k] ------------------ 588| 30.5k| if (mbedtls_internal_sha256_process_c(ctx, data) != 0) { ------------------ | | 452| 30.5k|#define mbedtls_internal_sha256_process_c mbedtls_internal_sha256_process ------------------ | Branch (588:13): [True: 0, False: 30.5k] ------------------ 589| 0| return 0; 590| 0| } 591| | 592| 30.5k| data += SHA256_BLOCK_SIZE; ------------------ | | 223| 30.5k|#define SHA256_BLOCK_SIZE 64 ------------------ 593| 30.5k| len -= SHA256_BLOCK_SIZE; ------------------ | | 223| 30.5k|#define SHA256_BLOCK_SIZE 64 ------------------ 594| | 595| 30.5k| processed += SHA256_BLOCK_SIZE; ------------------ | | 223| 30.5k|#define SHA256_BLOCK_SIZE 64 ------------------ 596| 30.5k| } 597| | 598| 2.73k| return processed; 599| 2.73k|} mbedtls_x509_get_serial: 65| 7.73k|{ 66| 7.73k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.73k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 67| | 68| 7.73k| if ((end - *p) < 1) { ------------------ | Branch (68:9): [True: 0, False: 7.73k] ------------------ 69| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 70| 0| MBEDTLS_ERR_ASN1_OUT_OF_DATA); 71| 0| } 72| | 73| 7.73k| if (**p != (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2) && ------------------ | | 83| 7.73k|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ if (**p != (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2) && ------------------ | | 81| 7.73k|#define MBEDTLS_ASN1_PRIMITIVE 0x00 ------------------ | Branch (73:9): [True: 7.73k, False: 0] ------------------ 74| 7.73k| **p != MBEDTLS_ASN1_INTEGER) { ------------------ | | 65| 7.73k|#define MBEDTLS_ASN1_INTEGER 0x02 ------------------ | Branch (74:9): [True: 0, False: 7.73k] ------------------ 75| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 76| 0| MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 77| 0| } 78| | 79| 7.73k| serial->tag = *(*p)++; 80| | 81| 7.73k| if ((ret = mbedtls_asn1_get_len(p, end, &serial->len)) != 0) { ------------------ | Branch (81:9): [True: 0, False: 7.73k] ------------------ 82| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SERIAL, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 83| 0| } 84| | 85| 7.73k| serial->p = *p; 86| 7.73k| *p += serial->len; 87| | 88| 7.73k| return 0; 89| 7.73k|} mbedtls_x509_get_alg: 114| 15.4k|{ 115| 15.4k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 15.4k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 116| | 117| 15.4k| if ((ret = mbedtls_asn1_get_alg(p, end, alg, params)) != 0) { ------------------ | Branch (117:9): [True: 0, False: 15.4k] ------------------ 118| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 119| 0| } 120| | 121| 15.4k| return 0; 122| 15.4k|} mbedtls_x509_get_name: 500| 15.4k|{ 501| 15.4k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 15.4k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 502| 15.4k| size_t set_len; 503| 15.4k| const unsigned char *end_set; 504| 15.4k| mbedtls_x509_name *head = cur; 505| | 506| | /* don't use recursion, we'd risk stack overflow if not optimized */ 507| 15.4k| while (1) { ------------------ | Branch (507:12): [Folded - Ignored] ------------------ 508| | /* 509| | * parse SET 510| | */ 511| 15.4k| if ((ret = mbedtls_asn1_get_tag(p, end, &set_len, ------------------ | Branch (511:13): [True: 0, False: 15.4k] ------------------ 512| 15.4k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) { ------------------ | | 82| 15.4k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) { ------------------ | | 73| 15.4k|#define MBEDTLS_ASN1_SET 0x11 ------------------ 513| 0| ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 514| 0| goto error; 515| 0| } 516| | 517| 15.4k| end_set = *p + set_len; 518| | 519| 15.4k| while (1) { ------------------ | Branch (519:16): [Folded - Ignored] ------------------ 520| 15.4k| if ((ret = x509_get_attr_type_value(p, end_set, cur)) != 0) { ------------------ | Branch (520:17): [True: 0, False: 15.4k] ------------------ 521| 0| goto error; 522| 0| } 523| | 524| 15.4k| if (*p == end_set) { ------------------ | Branch (524:17): [True: 15.4k, False: 0] ------------------ 525| 15.4k| break; 526| 15.4k| } 527| | 528| | /* Mark this item as being no the only one in a set */ 529| 0| cur->next_merged = 1; 530| | 531| 0| cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name)); ------------------ | | 144| 0|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 0|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ 532| | 533| 0| if (cur->next == NULL) { ------------------ | Branch (533:17): [True: 0, False: 0] ------------------ 534| 0| ret = MBEDTLS_ERR_X509_ALLOC_FAILED; ------------------ | | 77| 0|#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 ------------------ 535| 0| goto error; 536| 0| } 537| | 538| 0| cur = cur->next; 539| 0| } 540| | 541| | /* 542| | * continue until end of SEQUENCE is reached 543| | */ 544| 15.4k| if (*p == end) { ------------------ | Branch (544:13): [True: 15.4k, False: 0] ------------------ 545| 15.4k| return 0; 546| 15.4k| } 547| | 548| 0| cur->next = mbedtls_calloc(1, sizeof(mbedtls_x509_name)); ------------------ | | 144| 0|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 0|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ 549| | 550| 0| if (cur->next == NULL) { ------------------ | Branch (550:13): [True: 0, False: 0] ------------------ 551| 0| ret = MBEDTLS_ERR_X509_ALLOC_FAILED; ------------------ | | 77| 0|#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 ------------------ 552| 0| goto error; 553| 0| } 554| | 555| 0| cur = cur->next; 556| 0| } 557| | 558| 0|error: 559| | /* Skip the first element as we did not allocate it */ 560| 0| mbedtls_asn1_free_named_data_list_shallow(head->next); 561| 0| head->next = NULL; 562| | 563| 0| return ret; 564| 15.4k|} mbedtls_x509_get_time: 651| 15.4k|{ 652| 15.4k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 15.4k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 653| 15.4k| size_t len, year_len; 654| 15.4k| unsigned char tag; 655| | 656| 15.4k| if ((end - *p) < 1) { ------------------ | Branch (656:9): [True: 0, False: 15.4k] ------------------ 657| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 658| 0| MBEDTLS_ERR_ASN1_OUT_OF_DATA); 659| 0| } 660| | 661| 15.4k| tag = **p; 662| | 663| 15.4k| if (tag == MBEDTLS_ASN1_UTC_TIME) { ------------------ | | 77| 15.4k|#define MBEDTLS_ASN1_UTC_TIME 0x17 ------------------ | Branch (663:9): [True: 15.4k, False: 0] ------------------ 664| 15.4k| year_len = 2; 665| 15.4k| } else if (tag == MBEDTLS_ASN1_GENERALIZED_TIME) { ------------------ | | 78| 0|#define MBEDTLS_ASN1_GENERALIZED_TIME 0x18 ------------------ | Branch (665:16): [True: 0, False: 0] ------------------ 666| 0| year_len = 4; 667| 0| } else { 668| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 669| 0| MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 670| 0| } 671| | 672| 15.4k| (*p)++; 673| 15.4k| ret = mbedtls_asn1_get_len(p, end, &len); 674| | 675| 15.4k| if (ret != 0) { ------------------ | Branch (675:9): [True: 0, False: 15.4k] ------------------ 676| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 677| 0| } 678| | 679| | /* len is 12 or 14 depending on year_len, plus optional trailing 'Z' */ 680| 15.4k| if (len != year_len + 10 && ------------------ | Branch (680:9): [True: 15.4k, False: 0] ------------------ 681| 15.4k| !(len == year_len + 11 && (*p)[(len - 1)] == 'Z')) { ------------------ | Branch (681:11): [True: 15.4k, False: 0] | Branch (681:35): [True: 15.4k, False: 0] ------------------ 682| 0| return MBEDTLS_ERR_X509_INVALID_DATE; ------------------ | | 59| 0|#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 ------------------ 683| 0| } 684| | 685| 15.4k| (*p) += len; 686| 15.4k| return x509_parse_time(*p - len, tm, year_len); 687| 15.4k|} mbedtls_x509_get_sig: 690| 7.73k|{ 691| 7.73k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.73k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 692| 7.73k| size_t len; 693| 7.73k| int tag_type; 694| | 695| 7.73k| if ((end - *p) < 1) { ------------------ | Branch (695:9): [True: 0, False: 7.73k] ------------------ 696| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 697| 0| MBEDTLS_ERR_ASN1_OUT_OF_DATA); 698| 0| } 699| | 700| 7.73k| tag_type = **p; 701| | 702| 7.73k| if ((ret = mbedtls_asn1_get_bitstring_null(p, end, &len)) != 0) { ------------------ | Branch (702:9): [True: 0, False: 7.73k] ------------------ 703| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_SIGNATURE, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 704| 0| } 705| | 706| 7.73k| sig->tag = tag_type; 707| 7.73k| sig->len = len; 708| 7.73k| sig->p = *p; 709| | 710| 7.73k| *p += len; 711| | 712| 7.73k| return 0; 713| 7.73k|} mbedtls_x509_get_sig_alg: 721| 7.73k|{ 722| 7.73k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.73k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 723| | 724| 7.73k| if (*sig_opts != NULL) { ------------------ | Branch (724:9): [True: 0, False: 7.73k] ------------------ 725| 0| return MBEDTLS_ERR_X509_BAD_INPUT_DATA; ------------------ | | 75| 0|#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 ------------------ 726| 0| } 727| | 728| 7.73k| if ((ret = mbedtls_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) { ------------------ | Branch (728:9): [True: 0, False: 7.73k] ------------------ 729| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 730| 0| } 731| | 732| 7.73k|#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) 733| 7.73k| if (*pk_alg == MBEDTLS_PK_RSASSA_PSS) { ------------------ | Branch (733:9): [True: 0, False: 7.73k] ------------------ 734| 0| mbedtls_pk_rsassa_pss_options *pss_opts; 735| | 736| 0| pss_opts = mbedtls_calloc(1, sizeof(mbedtls_pk_rsassa_pss_options)); ------------------ | | 144| 0|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 0|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ 737| 0| if (pss_opts == NULL) { ------------------ | Branch (737:13): [True: 0, False: 0] ------------------ 738| 0| return MBEDTLS_ERR_X509_ALLOC_FAILED; ------------------ | | 77| 0|#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 ------------------ 739| 0| } 740| | 741| 0| ret = mbedtls_x509_get_rsassa_pss_params(sig_params, 742| 0| md_alg, 743| 0| &pss_opts->mgf1_hash_id, 744| 0| &pss_opts->expected_salt_len); 745| 0| if (ret != 0) { ------------------ | Branch (745:13): [True: 0, False: 0] ------------------ 746| 0| mbedtls_free(pss_opts); ------------------ | | 143| 0|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 0|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 747| 0| return ret; 748| 0| } 749| | 750| 0| *sig_opts = (void *) pss_opts; 751| 0| } else 752| 7.73k|#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ 753| 7.73k| { 754| | /* Make sure parameters are absent or NULL */ 755| 7.73k| if ((sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0) || ------------------ | | 68| 15.4k|#define MBEDTLS_ASN1_NULL 0x05 ------------------ | Branch (755:14): [True: 5.71k, False: 2.02k] | Branch (755:54): [True: 0, False: 5.71k] ------------------ 756| 7.73k| sig_params->len != 0) { ------------------ | Branch (756:13): [True: 0, False: 7.73k] ------------------ 757| 0| return MBEDTLS_ERR_X509_INVALID_ALG; ------------------ | | 55| 0|#define MBEDTLS_ERR_X509_INVALID_ALG -0x2300 ------------------ 758| 0| } 759| 7.73k| } 760| | 761| 7.73k| return 0; 762| 7.73k|} mbedtls_x509_get_ext: 770| 7.73k|{ 771| 7.73k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.73k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 772| 7.73k| size_t len; 773| | 774| | /* Extension structure use EXPLICIT tagging. That is, the actual 775| | * `Extensions` structure is wrapped by a tag-length pair using 776| | * the respective context-specific tag. */ 777| 7.73k| ret = mbedtls_asn1_get_tag(p, end, &ext->len, 778| 7.73k| MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag); ------------------ | | 83| 7.73k|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag); ------------------ | | 82| 7.73k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ 779| 7.73k| if (ret != 0) { ------------------ | Branch (779:9): [True: 0, False: 7.73k] ------------------ 780| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 781| 0| } 782| | 783| 7.73k| ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag; ------------------ | | 83| 7.73k|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag; ------------------ | | 82| 7.73k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ 784| 7.73k| ext->p = *p; 785| 7.73k| end = *p + ext->len; 786| | 787| | /* 788| | * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 789| | */ 790| 7.73k| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (790:9): [True: 0, False: 7.73k] ------------------ 791| 7.73k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 7.73k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 7.73k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 792| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 793| 0| } 794| | 795| 7.73k| if (end != *p + len) { ------------------ | Branch (795:9): [True: 0, False: 7.73k] ------------------ 796| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 797| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 798| 0| } 799| | 800| 7.73k| return 0; 801| 7.73k|} mbedtls_x509_time_cmp: 1038| 6.66k|{ 1039| 6.66k| int x; 1040| | 1041| 6.66k| x = (((t1->year << 9) | (t1->mon << 5) | (t1->day)) - 1042| 6.66k| ((t2->year << 9) | (t2->mon << 5) | (t2->day))); 1043| 6.66k| if (x != 0) { ------------------ | Branch (1043:9): [True: 6.66k, False: 0] ------------------ 1044| 6.66k| return x; 1045| 6.66k| } 1046| | 1047| 0| x = (((t1->hour << 12) | (t1->min << 6) | (t1->sec)) - 1048| 0| ((t2->hour << 12) | (t2->min << 6) | (t2->sec))); 1049| 0| return x; 1050| 6.66k|} mbedtls_x509_time_gmtime: 1054| 1.42k|{ 1055| 1.42k| struct tm tm; 1056| | 1057| 1.42k| if (mbedtls_platform_gmtime_r(&tt, &tm) == NULL) { ------------------ | Branch (1057:9): [True: 0, False: 1.42k] ------------------ 1058| 0| return -1; 1059| 0| } 1060| | 1061| 1.42k| now->year = tm.tm_year + 1900; 1062| 1.42k| now->mon = tm.tm_mon + 1; 1063| 1.42k| now->day = tm.tm_mday; 1064| 1.42k| now->hour = tm.tm_hour; 1065| 1.42k| now->min = tm.tm_min; 1066| 1.42k| now->sec = tm.tm_sec; 1067| 1.42k| return 0; 1068| 1.42k|} mbedtls_x509_get_subject_alt_name_ext: 1216| 5.35k|{ 1217| 5.35k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 5.35k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1218| 5.35k| size_t tag_len; 1219| 5.35k| mbedtls_asn1_sequence *cur = subject_alt_name; 1220| | 1221| 10.7k| while (*p < end) { ------------------ | Branch (1221:12): [True: 5.35k, False: 5.35k] ------------------ 1222| 5.35k| mbedtls_x509_subject_alternative_name tmp_san_name; 1223| 5.35k| mbedtls_x509_buf tmp_san_buf; 1224| 5.35k| memset(&tmp_san_name, 0, sizeof(tmp_san_name)); 1225| | 1226| 5.35k| tmp_san_buf.tag = **p; 1227| 5.35k| (*p)++; 1228| | 1229| 5.35k| if ((ret = mbedtls_asn1_get_len(p, end, &tag_len)) != 0) { ------------------ | Branch (1229:13): [True: 0, False: 5.35k] ------------------ 1230| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1231| 0| } 1232| | 1233| 5.35k| tmp_san_buf.p = *p; 1234| 5.35k| tmp_san_buf.len = tag_len; 1235| | 1236| 5.35k| if ((tmp_san_buf.tag & MBEDTLS_ASN1_TAG_CLASS_MASK) != ------------------ | | 106| 5.35k|#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0 ------------------ | Branch (1236:13): [True: 0, False: 5.35k] ------------------ 1237| 5.35k| MBEDTLS_ASN1_CONTEXT_SPECIFIC) { ------------------ | | 83| 5.35k|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ 1238| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1239| 0| MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 1240| 0| } 1241| | 1242| | /* 1243| | * Check that the SAN is structured correctly by parsing it. 1244| | * The SAN structure is discarded afterwards. 1245| | */ 1246| 5.35k| ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &tmp_san_name); 1247| | /* 1248| | * In case the extension is malformed, return an error, 1249| | * and clear the allocated sequences. 1250| | */ 1251| 5.35k| if (ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { ------------------ | | 45| 5.35k|#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080 ------------------ | Branch (1251:13): [True: 5.35k, False: 0] | Branch (1251:25): [True: 0, False: 5.35k] ------------------ 1252| 0| mbedtls_asn1_sequence_free(subject_alt_name->next); 1253| 0| subject_alt_name->next = NULL; 1254| 0| return ret; 1255| 0| } 1256| | 1257| 5.35k| mbedtls_x509_free_subject_alt_name(&tmp_san_name); 1258| | /* Allocate and assign next pointer */ 1259| 5.35k| if (cur->buf.p != NULL) { ------------------ | Branch (1259:13): [True: 0, False: 5.35k] ------------------ 1260| 0| if (cur->next != NULL) { ------------------ | Branch (1260:17): [True: 0, False: 0] ------------------ 1261| 0| return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; ------------------ | | 63| 0|#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 ------------------ 1262| 0| } 1263| | 1264| 0| cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence)); ------------------ | | 144| 0|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 0|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ 1265| | 1266| 0| if (cur->next == NULL) { ------------------ | Branch (1266:17): [True: 0, False: 0] ------------------ 1267| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1268| 0| MBEDTLS_ERR_ASN1_ALLOC_FAILED); 1269| 0| } 1270| | 1271| 0| cur = cur->next; 1272| 0| } 1273| | 1274| 5.35k| cur->buf = tmp_san_buf; 1275| 5.35k| *p += tmp_san_buf.len; 1276| 5.35k| } 1277| | 1278| | /* Set final sequence entry's next pointer to NULL */ 1279| 5.35k| cur->next = NULL; 1280| | 1281| 5.35k| if (*p != end) { ------------------ | Branch (1281:9): [True: 0, False: 5.35k] ------------------ 1282| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1283| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1284| 0| } 1285| | 1286| 5.35k| return 0; 1287| 5.35k|} mbedtls_x509_get_subject_alt_name: 1320| 5.35k|{ 1321| 5.35k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 5.35k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1322| 5.35k| size_t len; 1323| | 1324| | /* Get main sequence tag */ 1325| 5.35k| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (1325:9): [True: 0, False: 5.35k] ------------------ 1326| 5.35k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 5.35k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 5.35k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 1327| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1328| 0| } 1329| | 1330| 5.35k| if (*p + len != end) { ------------------ | Branch (1330:9): [True: 0, False: 5.35k] ------------------ 1331| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1332| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1333| 0| } 1334| | 1335| 5.35k| return mbedtls_x509_get_subject_alt_name_ext(p, end, subject_alt_name); 1336| 5.35k|} mbedtls_x509_get_key_usage: 1369| 6.30k|{ 1370| 6.30k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 6.30k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1371| 6.30k| size_t i; 1372| 6.30k| mbedtls_x509_bitstring bs = { 0, 0, NULL }; 1373| | 1374| 6.30k| if ((ret = mbedtls_asn1_get_bitstring(p, end, &bs)) != 0) { ------------------ | Branch (1374:9): [True: 0, False: 6.30k] ------------------ 1375| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1376| 0| } 1377| | 1378| | /* A bitstring with no flags set is still technically valid, as it will mean 1379| | that the certificate has no designated purpose at the time of creation. */ 1380| 6.30k| if (bs.len == 0) { ------------------ | Branch (1380:9): [True: 0, False: 6.30k] ------------------ 1381| 0| *key_usage = 0; 1382| 0| return 0; 1383| 0| } 1384| | 1385| | /* Get actual bitstring */ 1386| 6.30k| *key_usage = 0; 1387| 12.6k| for (i = 0; i < bs.len && i < sizeof(unsigned int); i++) { ------------------ | Branch (1387:17): [True: 6.30k, False: 6.30k] | Branch (1387:31): [True: 6.30k, False: 0] ------------------ 1388| 6.30k| *key_usage |= (unsigned int) bs.p[i] << (8*i); 1389| 6.30k| } 1390| | 1391| 6.30k| return 0; 1392| 6.30k|} mbedtls_x509_parse_subject_alt_name: 1396| 5.35k|{ 1397| 5.35k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 5.35k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1398| 5.35k| switch (san_buf->tag & 1399| 5.35k| (MBEDTLS_ASN1_TAG_CLASS_MASK | ------------------ | | 106| 5.35k|#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0 ------------------ 1400| 5.35k| MBEDTLS_ASN1_TAG_VALUE_MASK)) { ------------------ | | 108| 5.35k|#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F ------------------ 1401| | /* 1402| | * otherName 1403| | */ 1404| 5.35k| case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME): ------------------ | | 83| 5.35k|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME): ------------------ | | 127| 5.35k|#define MBEDTLS_X509_SAN_OTHER_NAME 0 ------------------ | Branch (1404:9): [True: 5.35k, False: 0] ------------------ 1405| 5.35k| { 1406| 5.35k| mbedtls_x509_san_other_name other_name; 1407| | 1408| 5.35k| ret = x509_get_other_name(san_buf, &other_name); 1409| 5.35k| if (ret != 0) { ------------------ | Branch (1409:17): [True: 5.35k, False: 0] ------------------ 1410| 5.35k| return ret; 1411| 5.35k| } 1412| | 1413| 0| memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); 1414| 0| san->type = MBEDTLS_X509_SAN_OTHER_NAME; ------------------ | | 127| 0|#define MBEDTLS_X509_SAN_OTHER_NAME 0 ------------------ 1415| 0| memcpy(&san->san.other_name, 1416| 0| &other_name, sizeof(other_name)); 1417| | 1418| 0| } 1419| 0| break; 1420| | /* 1421| | * uniformResourceIdentifier 1422| | */ 1423| 0| case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER): ------------------ | | 83| 0|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER): ------------------ | | 133| 0|#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6 ------------------ | Branch (1423:9): [True: 0, False: 5.35k] ------------------ 1424| 0| { 1425| 0| memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); 1426| 0| san->type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; ------------------ | | 133| 0|#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6 ------------------ 1427| | 1428| 0| memcpy(&san->san.unstructured_name, 1429| 0| san_buf, sizeof(*san_buf)); 1430| | 1431| 0| } 1432| 0| break; 1433| | /* 1434| | * dNSName 1435| | */ 1436| 0| case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME): ------------------ | | 83| 0|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME): ------------------ | | 129| 0|#define MBEDTLS_X509_SAN_DNS_NAME 2 ------------------ | Branch (1436:9): [True: 0, False: 5.35k] ------------------ 1437| 0| { 1438| 0| memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); 1439| 0| san->type = MBEDTLS_X509_SAN_DNS_NAME; ------------------ | | 129| 0|#define MBEDTLS_X509_SAN_DNS_NAME 2 ------------------ 1440| | 1441| 0| memcpy(&san->san.unstructured_name, 1442| 0| san_buf, sizeof(*san_buf)); 1443| 0| } 1444| 0| break; 1445| | /* 1446| | * IP address 1447| | */ 1448| 0| case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_IP_ADDRESS): ------------------ | | 83| 0|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_IP_ADDRESS): ------------------ | | 134| 0|#define MBEDTLS_X509_SAN_IP_ADDRESS 7 ------------------ | Branch (1448:9): [True: 0, False: 5.35k] ------------------ 1449| 0| { 1450| 0| memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); 1451| 0| san->type = MBEDTLS_X509_SAN_IP_ADDRESS; ------------------ | | 134| 0|#define MBEDTLS_X509_SAN_IP_ADDRESS 7 ------------------ 1452| | // Only IPv6 (16 bytes) and IPv4 (4 bytes) types are supported 1453| 0| if (san_buf->len == 4 || san_buf->len == 16) { ------------------ | Branch (1453:17): [True: 0, False: 0] | Branch (1453:38): [True: 0, False: 0] ------------------ 1454| 0| memcpy(&san->san.unstructured_name, 1455| 0| san_buf, sizeof(*san_buf)); 1456| 0| } else { 1457| 0| return MBEDTLS_ERR_X509_BAD_INPUT_DATA; ------------------ | | 75| 0|#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 ------------------ 1458| 0| } 1459| 0| } 1460| 0| break; 1461| | /* 1462| | * rfc822Name 1463| | */ 1464| 0| case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_RFC822_NAME): ------------------ | | 83| 0|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_RFC822_NAME): ------------------ | | 128| 0|#define MBEDTLS_X509_SAN_RFC822_NAME 1 ------------------ | Branch (1464:9): [True: 0, False: 5.35k] ------------------ 1465| 0| { 1466| 0| memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); 1467| 0| san->type = MBEDTLS_X509_SAN_RFC822_NAME; ------------------ | | 128| 0|#define MBEDTLS_X509_SAN_RFC822_NAME 1 ------------------ 1468| 0| memcpy(&san->san.unstructured_name, san_buf, sizeof(*san_buf)); 1469| 0| } 1470| 0| break; 1471| | /* 1472| | * directoryName 1473| | */ 1474| 0| case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DIRECTORY_NAME): ------------------ | | 83| 0|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DIRECTORY_NAME): ------------------ | | 131| 0|#define MBEDTLS_X509_SAN_DIRECTORY_NAME 4 ------------------ | Branch (1474:9): [True: 0, False: 5.35k] ------------------ 1475| 0| { 1476| 0| size_t name_len; 1477| 0| unsigned char *p = san_buf->p; 1478| 0| memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); 1479| 0| san->type = MBEDTLS_X509_SAN_DIRECTORY_NAME; ------------------ | | 131| 0|#define MBEDTLS_X509_SAN_DIRECTORY_NAME 4 ------------------ 1480| | 1481| 0| ret = mbedtls_asn1_get_tag(&p, p + san_buf->len, &name_len, 1482| 0| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); ------------------ | | 82| 0|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); ------------------ | | 72| 0|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 1483| | 1484| 0| if (ret != 0) { ------------------ | Branch (1484:17): [True: 0, False: 0] ------------------ 1485| 0| return ret; 1486| 0| } 1487| | 1488| 0| if ((ret = mbedtls_x509_get_name(&p, p + name_len, ------------------ | Branch (1488:17): [True: 0, False: 0] ------------------ 1489| 0| &san->san.directory_name)) != 0) { 1490| 0| return ret; 1491| 0| } 1492| 0| } 1493| 0| break; 1494| | /* 1495| | * Type not supported 1496| | */ 1497| 0| default: ------------------ | Branch (1497:9): [True: 0, False: 5.35k] ------------------ 1498| 0| return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; ------------------ | | 45| 0|#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080 ------------------ 1499| 5.35k| } 1500| 0| return 0; 1501| 5.35k|} mbedtls_x509_free_subject_alt_name: 1504| 5.35k|{ 1505| 5.35k| if (san->type == MBEDTLS_X509_SAN_DIRECTORY_NAME) { ------------------ | | 131| 5.35k|#define MBEDTLS_X509_SAN_DIRECTORY_NAME 4 ------------------ | Branch (1505:9): [True: 0, False: 5.35k] ------------------ 1506| 0| mbedtls_asn1_free_named_data_list_shallow(san->san.directory_name.next); 1507| 0| } 1508| 5.35k|} x509.c:x509_get_attr_type_value: 409| 15.4k|{ 410| 15.4k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 15.4k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 411| 15.4k| size_t len; 412| 15.4k| mbedtls_x509_buf *oid; 413| 15.4k| mbedtls_x509_buf *val; 414| | 415| 15.4k| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (415:9): [True: 0, False: 15.4k] ------------------ 416| 15.4k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 15.4k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 15.4k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 417| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 418| 0| } 419| | 420| 15.4k| end = *p + len; 421| | 422| 15.4k| if ((end - *p) < 1) { ------------------ | Branch (422:9): [True: 0, False: 15.4k] ------------------ 423| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 424| 0| MBEDTLS_ERR_ASN1_OUT_OF_DATA); 425| 0| } 426| | 427| 15.4k| oid = &cur->oid; 428| 15.4k| oid->tag = **p; 429| | 430| 15.4k| if ((ret = mbedtls_asn1_get_tag(p, end, &oid->len, MBEDTLS_ASN1_OID)) != 0) { ------------------ | | 69| 15.4k|#define MBEDTLS_ASN1_OID 0x06 ------------------ | Branch (430:9): [True: 0, False: 15.4k] ------------------ 431| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 432| 0| } 433| | 434| 15.4k| oid->p = *p; 435| 15.4k| *p += oid->len; 436| | 437| 15.4k| if ((end - *p) < 1) { ------------------ | Branch (437:9): [True: 0, False: 15.4k] ------------------ 438| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 439| 0| MBEDTLS_ERR_ASN1_OUT_OF_DATA); 440| 0| } 441| | 442| 15.4k| if (**p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING && ------------------ | | 80| 30.9k|#define MBEDTLS_ASN1_BMP_STRING 0x1E ------------------ if (**p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING && ------------------ | | 71| 30.9k|#define MBEDTLS_ASN1_UTF8_STRING 0x0C ------------------ | Branch (442:9): [True: 15.4k, False: 0] | Branch (442:43): [True: 0, False: 15.4k] ------------------ 443| 15.4k| **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING && ------------------ | | 75| 15.4k|#define MBEDTLS_ASN1_T61_STRING 0x14 ------------------ **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING && ------------------ | | 74| 15.4k|#define MBEDTLS_ASN1_PRINTABLE_STRING 0x13 ------------------ | Branch (443:9): [True: 0, False: 0] | Branch (443:43): [True: 0, False: 0] ------------------ 444| 15.4k| **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING && ------------------ | | 76| 15.4k|#define MBEDTLS_ASN1_IA5_STRING 0x16 ------------------ **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING && ------------------ | | 79| 15.4k|#define MBEDTLS_ASN1_UNIVERSAL_STRING 0x1C ------------------ | Branch (444:9): [True: 0, False: 0] | Branch (444:43): [True: 0, False: 0] ------------------ 445| 15.4k| **p != MBEDTLS_ASN1_BIT_STRING) { ------------------ | | 66| 0|#define MBEDTLS_ASN1_BIT_STRING 0x03 ------------------ | Branch (445:9): [True: 0, False: 0] ------------------ 446| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 447| 0| MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 448| 0| } 449| | 450| 15.4k| val = &cur->val; 451| 15.4k| val->tag = *(*p)++; 452| | 453| 15.4k| if ((ret = mbedtls_asn1_get_len(p, end, &val->len)) != 0) { ------------------ | Branch (453:9): [True: 0, False: 15.4k] ------------------ 454| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 455| 0| } 456| | 457| 15.4k| val->p = *p; 458| 15.4k| *p += val->len; 459| | 460| 15.4k| if (*p != end) { ------------------ | Branch (460:9): [True: 0, False: 15.4k] ------------------ 461| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_NAME, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 462| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 463| 0| } 464| | 465| 15.4k| cur->next = NULL; 466| | 467| 15.4k| return 0; 468| 15.4k|} x509.c:x509_parse_time: 612| 15.4k|{ 613| 15.4k| int x; 614| | 615| | /* 616| | * Parse year, month, day, hour, minute, second 617| | */ 618| 15.4k| tm->year = x509_parse2_int(p); 619| 15.4k| if (tm->year < 0) { ------------------ | Branch (619:9): [True: 0, False: 15.4k] ------------------ 620| 0| return MBEDTLS_ERR_X509_INVALID_DATE; ------------------ | | 59| 0|#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 ------------------ 621| 0| } 622| | 623| 15.4k| if (4 == yearlen) { ------------------ | Branch (623:9): [True: 0, False: 15.4k] ------------------ 624| 0| x = tm->year * 100; 625| 0| p += 2; 626| 0| tm->year = x509_parse2_int(p); 627| 0| if (tm->year < 0) { ------------------ | Branch (627:13): [True: 0, False: 0] ------------------ 628| 0| return MBEDTLS_ERR_X509_INVALID_DATE; ------------------ | | 59| 0|#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 ------------------ 629| 0| } 630| 15.4k| } else { 631| 15.4k| x = (tm->year < 50) ? 2000 : 1900; ------------------ | Branch (631:13): [True: 15.4k, False: 0] ------------------ 632| 15.4k| } 633| 15.4k| tm->year += x; 634| | 635| 15.4k| tm->mon = x509_parse2_int(p + 2); 636| 15.4k| tm->day = x509_parse2_int(p + 4); 637| 15.4k| tm->hour = x509_parse2_int(p + 6); 638| 15.4k| tm->min = x509_parse2_int(p + 8); 639| 15.4k| tm->sec = x509_parse2_int(p + 10); 640| | 641| 15.4k| return x509_date_is_valid(tm); 642| 15.4k|} x509.c:x509_parse2_int: 600| 92.8k|{ 601| 92.8k| uint32_t d1 = p[0] - '0'; 602| 92.8k| uint32_t d2 = p[1] - '0'; 603| 92.8k| return (d1 < 10 && d2 < 10) ? (int) (d1 * 10 + d2) : -1; ------------------ | Branch (603:13): [True: 92.8k, False: 0] | Branch (603:24): [True: 92.8k, False: 0] ------------------ 604| 92.8k|} x509.c:x509_date_is_valid: 567| 15.4k|{ 568| 15.4k| unsigned int month_days; 569| 15.4k| unsigned int year; 570| 15.4k| switch (t->mon) { 571| 2.38k| case 1: case 3: case 5: case 7: case 8: case 10: case 12: ------------------ | Branch (571:9): [True: 0, False: 15.4k] | Branch (571:17): [True: 2.38k, False: 13.0k] | Branch (571:25): [True: 0, False: 15.4k] | Branch (571:33): [True: 0, False: 15.4k] | Branch (571:41): [True: 0, False: 15.4k] | Branch (571:49): [True: 0, False: 15.4k] | Branch (571:58): [True: 0, False: 15.4k] ------------------ 572| 2.38k| month_days = 31; 573| 2.38k| break; 574| 13.0k| case 4: case 6: case 9: case 11: ------------------ | Branch (574:9): [True: 2.38k, False: 13.0k] | Branch (574:17): [True: 0, False: 15.4k] | Branch (574:25): [True: 10.7k, False: 4.76k] | Branch (574:33): [True: 0, False: 15.4k] ------------------ 575| 13.0k| month_days = 30; 576| 13.0k| break; 577| 0| case 2: ------------------ | Branch (577:9): [True: 0, False: 15.4k] ------------------ 578| 0| year = (unsigned int) t->year; 579| 0| month_days = ((year & 3) || (!(year % 100) ------------------ | Branch (579:27): [True: 0, False: 0] | Branch (579:42): [True: 0, False: 0] ------------------ 580| 0| && (year % 400))) ------------------ | Branch (580:45): [True: 0, False: 0] ------------------ 581| 0| ? 28 : 29; 582| 0| break; 583| 0| default: ------------------ | Branch (583:9): [True: 0, False: 15.4k] ------------------ 584| 0| return MBEDTLS_ERR_X509_INVALID_DATE; ------------------ | | 59| 0|#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 ------------------ 585| 15.4k| } 586| | 587| 15.4k| if ((unsigned int) (t->day - 1) >= month_days || /* (1 - days in month) */ ------------------ | Branch (587:9): [True: 0, False: 15.4k] ------------------ 588| | /* (unsigned int) (t->mon - 1) >= 12 || */ /* (1 - 12) checked above */ 589| 15.4k| (unsigned int) t->year > 9999 || /* (0 - 9999) */ ------------------ | Branch (589:9): [True: 0, False: 15.4k] ------------------ 590| 15.4k| (unsigned int) t->hour > 23 || /* (0 - 23) */ ------------------ | Branch (590:9): [True: 0, False: 15.4k] ------------------ 591| 15.4k| (unsigned int) t->min > 59 || /* (0 - 59) */ ------------------ | Branch (591:9): [True: 0, False: 15.4k] ------------------ 592| 15.4k| (unsigned int) t->sec > 59) { /* (0 - 59) */ ------------------ | Branch (592:9): [True: 0, False: 15.4k] ------------------ 593| 0| return MBEDTLS_ERR_X509_INVALID_DATE; ------------------ | | 59| 0|#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400 ------------------ 594| 0| } 595| | 596| 15.4k| return 0; 597| 15.4k|} x509.c:x509_get_other_name: 1128| 5.35k|{ 1129| 5.35k| int ret = 0; 1130| 5.35k| size_t len; 1131| 5.35k| unsigned char *p = subject_alt_name->p; 1132| 5.35k| const unsigned char *end = p + subject_alt_name->len; 1133| 5.35k| mbedtls_x509_buf cur_oid; 1134| | 1135| 5.35k| if ((subject_alt_name->tag & ------------------ | Branch (1135:9): [True: 0, False: 5.35k] ------------------ 1136| 5.35k| (MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK)) != ------------------ | | 106| 5.35k|#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0 ------------------ (MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK)) != ------------------ | | 108| 5.35k|#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F ------------------ 1137| 5.35k| (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME)) { ------------------ | | 83| 5.35k|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME)) { ------------------ | | 127| 5.35k|#define MBEDTLS_X509_SAN_OTHER_NAME 0 ------------------ 1138| | /* 1139| | * The given subject alternative name is not of type "othername". 1140| | */ 1141| 0| return MBEDTLS_ERR_X509_BAD_INPUT_DATA; ------------------ | | 75| 0|#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 ------------------ 1142| 0| } 1143| | 1144| 5.35k| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (1144:9): [True: 0, False: 5.35k] ------------------ 1145| 5.35k| MBEDTLS_ASN1_OID)) != 0) { ------------------ | | 69| 5.35k|#define MBEDTLS_ASN1_OID 0x06 ------------------ 1146| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1147| 0| } 1148| | 1149| 5.35k| cur_oid.tag = MBEDTLS_ASN1_OID; ------------------ | | 69| 5.35k|#define MBEDTLS_ASN1_OID 0x06 ------------------ 1150| 5.35k| cur_oid.p = p; 1151| 5.35k| cur_oid.len = len; 1152| | 1153| | /* 1154| | * Only HwModuleName is currently supported. 1155| | */ 1156| 5.35k| if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) { ------------------ | | 122| 5.35k| ((MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len) || \ | | ------------------ | | | | 113| 5.35k|#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1) | | ------------------ | | | Branch (122:6): [True: 5.35k, False: 0] | | ------------------ | | 123| 5.35k| memcmp((oid_str), (oid_buf)->p, (oid_buf)->len) != 0) | | ------------------ | | | Branch (123:6): [True: 0, False: 0] | | ------------------ ------------------ | Branch (1156:9): [True: 5.35k, False: 0] ------------------ 1157| 5.35k| return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; ------------------ | | 45| 5.35k|#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080 ------------------ 1158| 5.35k| } 1159| 0| other_name->type_id = cur_oid; 1160| | 1161| 0| p += len; 1162| 0| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (1162:9): [True: 0, False: 0] ------------------ 1163| 0| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != ------------------ | | 82| 0|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != ------------------ | | 83| 0|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ 1164| 0| 0) { 1165| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1166| 0| } 1167| | 1168| 0| if (end != p + len) { ------------------ | Branch (1168:9): [True: 0, False: 0] ------------------ 1169| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1170| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1171| 0| } 1172| | 1173| 0| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (1173:9): [True: 0, False: 0] ------------------ 1174| 0| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 0|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 0|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 1175| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1176| 0| } 1177| | 1178| 0| if (end != p + len) { ------------------ | Branch (1178:9): [True: 0, False: 0] ------------------ 1179| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1180| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1181| 0| } 1182| | 1183| 0| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID)) != 0) { ------------------ | | 69| 0|#define MBEDTLS_ASN1_OID 0x06 ------------------ | Branch (1183:9): [True: 0, False: 0] ------------------ 1184| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1185| 0| } 1186| | 1187| 0| other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID; ------------------ | | 69| 0|#define MBEDTLS_ASN1_OID 0x06 ------------------ 1188| 0| other_name->value.hardware_module_name.oid.p = p; 1189| 0| other_name->value.hardware_module_name.oid.len = len; 1190| | 1191| 0| p += len; 1192| 0| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (1192:9): [True: 0, False: 0] ------------------ 1193| 0| MBEDTLS_ASN1_OCTET_STRING)) != 0) { ------------------ | | 67| 0|#define MBEDTLS_ASN1_OCTET_STRING 0x04 ------------------ 1194| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1195| 0| } 1196| | 1197| 0| other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING; ------------------ | | 67| 0|#define MBEDTLS_ASN1_OCTET_STRING 0x04 ------------------ 1198| 0| other_name->value.hardware_module_name.val.p = p; 1199| 0| other_name->value.hardware_module_name.val.len = len; 1200| 0| p += len; 1201| 0| if (p != end) { ------------------ | Branch (1201:9): [True: 0, False: 0] ------------------ 1202| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1203| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1204| 0| } 1205| 0| return 0; 1206| 0|} mbedtls_x509_crt_parse_der: 1386| 7.73k|{ 1387| 7.73k| return mbedtls_x509_crt_parse_der_internal(chain, buf, buflen, 1, NULL, NULL); 1388| 7.73k|} mbedtls_x509_crt_check_key_usage: 1932| 952|{ 1933| 952| unsigned int usage_must, usage_may; 1934| 952| unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY ------------------ | | 148| 952|#define MBEDTLS_X509_KU_ENCIPHER_ONLY (0x01) /* bit 7 */ ------------------ 1935| 952| | MBEDTLS_X509_KU_DECIPHER_ONLY; ------------------ | | 149| 952|#define MBEDTLS_X509_KU_DECIPHER_ONLY (0x8000) /* bit 8 */ ------------------ 1936| | 1937| 952| if ((crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE) == 0) { ------------------ | | 176| 952|#define MBEDTLS_X509_EXT_KEY_USAGE MBEDTLS_OID_X509_EXT_KEY_USAGE | | ------------------ | | | | 39| 952|#define MBEDTLS_OID_X509_EXT_KEY_USAGE (1 << 2) | | ------------------ ------------------ | Branch (1937:9): [True: 476, False: 476] ------------------ 1938| 476| return 0; 1939| 476| } 1940| | 1941| 476| usage_must = usage & ~may_mask; 1942| | 1943| 476| if (((crt->key_usage & ~may_mask) & usage_must) != usage_must) { ------------------ | Branch (1943:9): [True: 0, False: 476] ------------------ 1944| 0| return MBEDTLS_ERR_X509_BAD_INPUT_DATA; ------------------ | | 75| 0|#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 ------------------ 1945| 0| } 1946| | 1947| 476| usage_may = usage & may_mask; 1948| | 1949| 476| if (((crt->key_usage & may_mask) | usage_may) != usage_may) { ------------------ | Branch (1949:9): [True: 0, False: 476] ------------------ 1950| 0| return MBEDTLS_ERR_X509_BAD_INPUT_DATA; ------------------ | | 75| 0|#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 ------------------ 1951| 0| } 1952| | 1953| 476| return 0; 1954| 476|} mbedtls_x509_crt_verify_with_profile: 3175| 1.42k|{ 3176| 1.42k| return x509_crt_verify_restartable_ca_cb(crt, trust_ca, ca_crl, 3177| 1.42k| NULL, NULL, 3178| 1.42k| profile, cn, flags, 3179| 1.42k| f_vrfy, p_vrfy, NULL); 3180| 1.42k|} mbedtls_x509_crt_init: 3222| 7.73k|{ 3223| 7.73k| memset(crt, 0, sizeof(mbedtls_x509_crt)); 3224| 7.73k|} mbedtls_x509_crt_free: 3230| 7.73k|{ 3231| 7.73k| mbedtls_x509_crt *cert_cur = crt; 3232| 7.73k| mbedtls_x509_crt *cert_prv; 3233| | 3234| 15.4k| while (cert_cur != NULL) { ------------------ | Branch (3234:12): [True: 7.73k, False: 7.73k] ------------------ 3235| 7.73k| mbedtls_pk_free(&cert_cur->pk); 3236| | 3237| 7.73k|#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) 3238| 7.73k| mbedtls_free(cert_cur->sig_opts); ------------------ | | 143| 7.73k|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 7.73k|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 3239| 7.73k|#endif 3240| | 3241| 7.73k| mbedtls_asn1_free_named_data_list_shallow(cert_cur->issuer.next); 3242| 7.73k| mbedtls_asn1_free_named_data_list_shallow(cert_cur->subject.next); 3243| 7.73k| mbedtls_asn1_sequence_free(cert_cur->ext_key_usage.next); 3244| 7.73k| mbedtls_asn1_sequence_free(cert_cur->subject_alt_names.next); 3245| 7.73k| mbedtls_asn1_sequence_free(cert_cur->certificate_policies.next); 3246| 7.73k| mbedtls_asn1_sequence_free(cert_cur->authority_key_id.authorityCertIssuer.next); 3247| | 3248| 7.73k| if (cert_cur->raw.p != NULL && cert_cur->own_buffer) { ------------------ | Branch (3248:13): [True: 7.73k, False: 0] | Branch (3248:40): [True: 7.73k, False: 0] ------------------ 3249| 7.73k| mbedtls_zeroize_and_free(cert_cur->raw.p, cert_cur->raw.len); 3250| 7.73k| } 3251| | 3252| 7.73k| cert_prv = cert_cur; 3253| 7.73k| cert_cur = cert_cur->next; 3254| | 3255| 7.73k| mbedtls_platform_zeroize(cert_prv, sizeof(mbedtls_x509_crt)); 3256| 7.73k| if (cert_prv != crt) { ------------------ | Branch (3256:13): [True: 0, False: 7.73k] ------------------ 3257| 0| mbedtls_free(cert_prv); ------------------ | | 143| 0|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 0|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 3258| 0| } 3259| 7.73k| } 3260| 7.73k|} x509_crt.c:mbedtls_x509_crt_parse_der_internal: 1319| 7.73k|{ 1320| 7.73k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.73k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1321| 7.73k| mbedtls_x509_crt *crt = chain, *prev = NULL; 1322| | 1323| | /* 1324| | * Check for valid input 1325| | */ 1326| 7.73k| if (crt == NULL || buf == NULL) { ------------------ | Branch (1326:9): [True: 0, False: 7.73k] | Branch (1326:24): [True: 0, False: 7.73k] ------------------ 1327| 0| return MBEDTLS_ERR_X509_BAD_INPUT_DATA; ------------------ | | 75| 0|#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 ------------------ 1328| 0| } 1329| | 1330| 7.73k| while (crt->version != 0 && crt->next != NULL) { ------------------ | Branch (1330:12): [True: 0, False: 7.73k] | Branch (1330:33): [True: 0, False: 0] ------------------ 1331| 0| prev = crt; 1332| 0| crt = crt->next; 1333| 0| } 1334| | 1335| | /* 1336| | * Add new certificate on the end of the chain if needed. 1337| | */ 1338| 7.73k| if (crt->version != 0 && crt->next == NULL) { ------------------ | Branch (1338:9): [True: 0, False: 7.73k] | Branch (1338:30): [True: 0, False: 0] ------------------ 1339| 0| crt->next = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); ------------------ | | 144| 0|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 0|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ 1340| | 1341| 0| if (crt->next == NULL) { ------------------ | Branch (1341:13): [True: 0, False: 0] ------------------ 1342| 0| return MBEDTLS_ERR_X509_ALLOC_FAILED; ------------------ | | 77| 0|#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 ------------------ 1343| 0| } 1344| | 1345| 0| prev = crt; 1346| 0| mbedtls_x509_crt_init(crt->next); 1347| 0| crt = crt->next; 1348| 0| } 1349| | 1350| 7.73k| ret = x509_crt_parse_der_core(crt, buf, buflen, make_copy, cb, p_ctx); 1351| 7.73k| if (ret != 0) { ------------------ | Branch (1351:9): [True: 0, False: 7.73k] ------------------ 1352| 0| if (prev) { ------------------ | Branch (1352:13): [True: 0, False: 0] ------------------ 1353| 0| prev->next = NULL; 1354| 0| } 1355| | 1356| 0| if (crt != chain) { ------------------ | Branch (1356:13): [True: 0, False: 0] ------------------ 1357| 0| mbedtls_free(crt); ------------------ | | 143| 0|#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO | | ------------------ | | | | 4095| 0|#define MBEDTLS_PLATFORM_FREE_MACRO my_free | | ------------------ ------------------ 1358| 0| } 1359| | 1360| 0| return ret; 1361| 0| } 1362| | 1363| 7.73k| return 0; 1364| 7.73k|} x509_crt.c:x509_crt_parse_der_core: 1079| 7.73k|{ 1080| 7.73k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.73k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 1081| 7.73k| size_t len; 1082| 7.73k| unsigned char *p, *end, *crt_end; 1083| 7.73k| mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; 1084| | 1085| 7.73k| memset(&sig_params1, 0, sizeof(mbedtls_x509_buf)); 1086| 7.73k| memset(&sig_params2, 0, sizeof(mbedtls_x509_buf)); 1087| 7.73k| memset(&sig_oid2, 0, sizeof(mbedtls_x509_buf)); 1088| | 1089| | /* 1090| | * Check for valid input 1091| | */ 1092| 7.73k| if (crt == NULL || buf == NULL) { ------------------ | Branch (1092:9): [True: 0, False: 7.73k] | Branch (1092:24): [True: 0, False: 7.73k] ------------------ 1093| 0| return MBEDTLS_ERR_X509_BAD_INPUT_DATA; ------------------ | | 75| 0|#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 ------------------ 1094| 0| } 1095| | 1096| | /* Use the original buffer until we figure out actual length. */ 1097| 7.73k| p = (unsigned char *) buf; 1098| 7.73k| len = buflen; 1099| 7.73k| end = p + len; 1100| | 1101| | /* 1102| | * Certificate ::= SEQUENCE { 1103| | * tbsCertificate TBSCertificate, 1104| | * signatureAlgorithm AlgorithmIdentifier, 1105| | * signatureValue BIT STRING } 1106| | */ 1107| 7.73k| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (1107:9): [True: 0, False: 7.73k] ------------------ 1108| 7.73k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 7.73k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 7.73k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 1109| 0| mbedtls_x509_crt_free(crt); 1110| 0| return MBEDTLS_ERR_X509_INVALID_FORMAT; ------------------ | | 49| 0|#define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180 ------------------ 1111| 0| } 1112| | 1113| 7.73k| end = crt_end = p + len; 1114| 7.73k| crt->raw.len = (size_t) (crt_end - buf); 1115| 7.73k| if (make_copy != 0) { ------------------ | Branch (1115:9): [True: 7.73k, False: 0] ------------------ 1116| | /* Create and populate a new buffer for the raw field. */ 1117| 7.73k| crt->raw.p = p = mbedtls_calloc(1, crt->raw.len); ------------------ | | 144| 7.73k|#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO | | ------------------ | | | | 4093| 7.73k|#define MBEDTLS_PLATFORM_CALLOC_MACRO my_calloc | | ------------------ ------------------ 1118| 7.73k| if (crt->raw.p == NULL) { ------------------ | Branch (1118:13): [True: 0, False: 7.73k] ------------------ 1119| 0| return MBEDTLS_ERR_X509_ALLOC_FAILED; ------------------ | | 77| 0|#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 ------------------ 1120| 0| } 1121| | 1122| 7.73k| memcpy(crt->raw.p, buf, crt->raw.len); 1123| 7.73k| crt->own_buffer = 1; 1124| | 1125| 7.73k| p += crt->raw.len - len; 1126| 7.73k| end = crt_end = p + len; 1127| 7.73k| } else { 1128| 0| crt->raw.p = (unsigned char *) buf; 1129| 0| crt->own_buffer = 0; 1130| 0| } 1131| | 1132| | /* 1133| | * TBSCertificate ::= SEQUENCE { 1134| | */ 1135| 7.73k| crt->tbs.p = p; 1136| | 1137| 7.73k| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (1137:9): [True: 0, False: 7.73k] ------------------ 1138| 7.73k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 7.73k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 7.73k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 1139| 0| mbedtls_x509_crt_free(crt); 1140| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1141| 0| } 1142| | 1143| 7.73k| end = p + len; 1144| 7.73k| crt->tbs.len = (size_t) (end - crt->tbs.p); 1145| | 1146| | /* 1147| | * Version ::= INTEGER { v1(0), v2(1), v3(2) } 1148| | * 1149| | * CertificateSerialNumber ::= INTEGER 1150| | * 1151| | * signature AlgorithmIdentifier 1152| | */ 1153| 7.73k| if ((ret = x509_get_version(&p, end, &crt->version)) != 0 || ------------------ | Branch (1153:9): [True: 0, False: 7.73k] ------------------ 1154| 7.73k| (ret = mbedtls_x509_get_serial(&p, end, &crt->serial)) != 0 || ------------------ | Branch (1154:9): [True: 0, False: 7.73k] ------------------ 1155| 7.73k| (ret = mbedtls_x509_get_alg(&p, end, &crt->sig_oid, ------------------ | Branch (1155:9): [True: 0, False: 7.73k] ------------------ 1156| 7.73k| &sig_params1)) != 0) { 1157| 0| mbedtls_x509_crt_free(crt); 1158| 0| return ret; 1159| 0| } 1160| | 1161| 7.73k| if (crt->version < 0 || crt->version > 2) { ------------------ | Branch (1161:9): [True: 0, False: 7.73k] | Branch (1161:29): [True: 0, False: 7.73k] ------------------ 1162| 0| mbedtls_x509_crt_free(crt); 1163| 0| return MBEDTLS_ERR_X509_UNKNOWN_VERSION; ------------------ | | 65| 0|#define MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580 ------------------ 1164| 0| } 1165| | 1166| 7.73k| crt->version++; 1167| | 1168| 7.73k| if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1, ------------------ | Branch (1168:9): [True: 0, False: 7.73k] ------------------ 1169| 7.73k| &crt->sig_md, &crt->sig_pk, 1170| 7.73k| &crt->sig_opts)) != 0) { 1171| 0| mbedtls_x509_crt_free(crt); 1172| 0| return ret; 1173| 0| } 1174| | 1175| | /* 1176| | * issuer Name 1177| | */ 1178| 7.73k| crt->issuer_raw.p = p; 1179| | 1180| 7.73k| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (1180:9): [True: 0, False: 7.73k] ------------------ 1181| 7.73k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 7.73k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 7.73k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 1182| 0| mbedtls_x509_crt_free(crt); 1183| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1184| 0| } 1185| | 1186| 7.73k| if ((ret = mbedtls_x509_get_name(&p, p + len, &crt->issuer)) != 0) { ------------------ | Branch (1186:9): [True: 0, False: 7.73k] ------------------ 1187| 0| mbedtls_x509_crt_free(crt); 1188| 0| return ret; 1189| 0| } 1190| | 1191| 7.73k| crt->issuer_raw.len = (size_t) (p - crt->issuer_raw.p); 1192| | 1193| | /* 1194| | * Validity ::= SEQUENCE { 1195| | * notBefore Time, 1196| | * notAfter Time } 1197| | * 1198| | */ 1199| 7.73k| if ((ret = x509_get_dates(&p, end, &crt->valid_from, ------------------ | Branch (1199:9): [True: 0, False: 7.73k] ------------------ 1200| 7.73k| &crt->valid_to)) != 0) { 1201| 0| mbedtls_x509_crt_free(crt); 1202| 0| return ret; 1203| 0| } 1204| | 1205| | /* 1206| | * subject Name 1207| | */ 1208| 7.73k| crt->subject_raw.p = p; 1209| | 1210| 7.73k| if ((ret = mbedtls_asn1_get_tag(&p, end, &len, ------------------ | Branch (1210:9): [True: 0, False: 7.73k] ------------------ 1211| 7.73k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 7.73k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 7.73k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 1212| 0| mbedtls_x509_crt_free(crt); 1213| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1214| 0| } 1215| | 1216| 7.73k| if (len && (ret = mbedtls_x509_get_name(&p, p + len, &crt->subject)) != 0) { ------------------ | Branch (1216:9): [True: 7.73k, False: 0] | Branch (1216:16): [True: 0, False: 7.73k] ------------------ 1217| 0| mbedtls_x509_crt_free(crt); 1218| 0| return ret; 1219| 0| } 1220| | 1221| 7.73k| crt->subject_raw.len = (size_t) (p - crt->subject_raw.p); 1222| | 1223| | /* 1224| | * SubjectPublicKeyInfo 1225| | */ 1226| 7.73k| crt->pk_raw.p = p; 1227| 7.73k| if ((ret = mbedtls_pk_parse_subpubkey(&p, end, &crt->pk)) != 0) { ------------------ | Branch (1227:9): [True: 0, False: 7.73k] ------------------ 1228| 0| mbedtls_x509_crt_free(crt); 1229| 0| return ret; 1230| 0| } 1231| 7.73k| crt->pk_raw.len = (size_t) (p - crt->pk_raw.p); 1232| | 1233| | /* 1234| | * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, 1235| | * -- If present, version shall be v2 or v3 1236| | * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, 1237| | * -- If present, version shall be v2 or v3 1238| | * extensions [3] EXPLICIT Extensions OPTIONAL 1239| | * -- If present, version shall be v3 1240| | */ 1241| 7.73k| if (crt->version == 2 || crt->version == 3) { ------------------ | Branch (1241:9): [True: 0, False: 7.73k] | Branch (1241:30): [True: 7.73k, False: 0] ------------------ 1242| 7.73k| ret = x509_get_uid(&p, end, &crt->issuer_id, 1); 1243| 7.73k| if (ret != 0) { ------------------ | Branch (1243:13): [True: 0, False: 7.73k] ------------------ 1244| 0| mbedtls_x509_crt_free(crt); 1245| 0| return ret; 1246| 0| } 1247| 7.73k| } 1248| | 1249| 7.73k| if (crt->version == 2 || crt->version == 3) { ------------------ | Branch (1249:9): [True: 0, False: 7.73k] | Branch (1249:30): [True: 7.73k, False: 0] ------------------ 1250| 7.73k| ret = x509_get_uid(&p, end, &crt->subject_id, 2); 1251| 7.73k| if (ret != 0) { ------------------ | Branch (1251:13): [True: 0, False: 7.73k] ------------------ 1252| 0| mbedtls_x509_crt_free(crt); 1253| 0| return ret; 1254| 0| } 1255| 7.73k| } 1256| | 1257| 7.73k| if (crt->version == 3) { ------------------ | Branch (1257:9): [True: 7.73k, False: 0] ------------------ 1258| 7.73k| ret = x509_get_crt_ext(&p, end, crt, cb, p_ctx); 1259| 7.73k| if (ret != 0) { ------------------ | Branch (1259:13): [True: 0, False: 7.73k] ------------------ 1260| 0| mbedtls_x509_crt_free(crt); 1261| 0| return ret; 1262| 0| } 1263| 7.73k| } 1264| | 1265| 7.73k| if (p != end) { ------------------ | Branch (1265:9): [True: 0, False: 7.73k] ------------------ 1266| 0| mbedtls_x509_crt_free(crt); 1267| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1268| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1269| 0| } 1270| | 1271| 7.73k| end = crt_end; 1272| | 1273| | /* 1274| | * } 1275| | * -- end of TBSCertificate 1276| | * 1277| | * signatureAlgorithm AlgorithmIdentifier, 1278| | * signatureValue BIT STRING 1279| | */ 1280| 7.73k| if ((ret = mbedtls_x509_get_alg(&p, end, &sig_oid2, &sig_params2)) != 0) { ------------------ | Branch (1280:9): [True: 0, False: 7.73k] ------------------ 1281| 0| mbedtls_x509_crt_free(crt); 1282| 0| return ret; 1283| 0| } 1284| | 1285| 7.73k| if (crt->sig_oid.len != sig_oid2.len || ------------------ | Branch (1285:9): [True: 0, False: 7.73k] ------------------ 1286| 7.73k| memcmp(crt->sig_oid.p, sig_oid2.p, crt->sig_oid.len) != 0 || ------------------ | Branch (1286:9): [True: 0, False: 7.73k] ------------------ 1287| 7.73k| sig_params1.tag != sig_params2.tag || ------------------ | Branch (1287:9): [True: 0, False: 7.73k] ------------------ 1288| 7.73k| sig_params1.len != sig_params2.len || ------------------ | Branch (1288:9): [True: 0, False: 7.73k] ------------------ 1289| 7.73k| (sig_params1.len != 0 && ------------------ | Branch (1289:10): [True: 0, False: 7.73k] ------------------ 1290| 7.73k| memcmp(sig_params1.p, sig_params2.p, sig_params1.len) != 0)) { ------------------ | Branch (1290:10): [True: 0, False: 0] ------------------ 1291| 0| mbedtls_x509_crt_free(crt); 1292| 0| return MBEDTLS_ERR_X509_SIG_MISMATCH; ------------------ | | 69| 0|#define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680 ------------------ 1293| 0| } 1294| | 1295| 7.73k| if ((ret = mbedtls_x509_get_sig(&p, end, &crt->sig)) != 0) { ------------------ | Branch (1295:9): [True: 0, False: 7.73k] ------------------ 1296| 0| mbedtls_x509_crt_free(crt); 1297| 0| return ret; 1298| 0| } 1299| | 1300| 7.73k| if (p != end) { ------------------ | Branch (1300:9): [True: 0, False: 7.73k] ------------------ 1301| 0| mbedtls_x509_crt_free(crt); 1302| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1303| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1304| 0| } 1305| | 1306| 7.73k| return 0; 1307| 7.73k|} x509_crt.c:x509_get_version: 398| 7.73k|{ 399| 7.73k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.73k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 400| 7.73k| size_t len; 401| | 402| 7.73k| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (402:9): [True: 0, False: 7.73k] ------------------ 403| 7.73k| MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | ------------------ | | 83| 7.73k|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | ------------------ | | 82| 7.73k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ 404| 7.73k| 0)) != 0) { 405| 0| if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { ------------------ | | 39| 0|#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 ------------------ | Branch (405:13): [True: 0, False: 0] ------------------ 406| 0| *ver = 0; 407| 0| return 0; 408| 0| } 409| | 410| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 411| 0| } 412| | 413| 7.73k| end = *p + len; 414| | 415| 7.73k| if ((ret = mbedtls_asn1_get_int(p, end, ver)) != 0) { ------------------ | Branch (415:9): [True: 0, False: 7.73k] ------------------ 416| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 417| 0| } 418| | 419| 7.73k| if (*p != end) { ------------------ | Branch (419:9): [True: 0, False: 7.73k] ------------------ 420| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_VERSION, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 421| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 422| 0| } 423| | 424| 7.73k| return 0; 425| 7.73k|} x509_crt.c:x509_get_dates: 436| 7.73k|{ 437| 7.73k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.73k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 438| 7.73k| size_t len; 439| | 440| 7.73k| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (440:9): [True: 0, False: 7.73k] ------------------ 441| 7.73k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 7.73k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 7.73k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 442| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 443| 0| } 444| | 445| 7.73k| end = *p + len; 446| | 447| 7.73k| if ((ret = mbedtls_x509_get_time(p, end, from)) != 0) { ------------------ | Branch (447:9): [True: 0, False: 7.73k] ------------------ 448| 0| return ret; 449| 0| } 450| | 451| 7.73k| if ((ret = mbedtls_x509_get_time(p, end, to)) != 0) { ------------------ | Branch (451:9): [True: 0, False: 7.73k] ------------------ 452| 0| return ret; 453| 0| } 454| | 455| 7.73k| if (*p != end) { ------------------ | Branch (455:9): [True: 0, False: 7.73k] ------------------ 456| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_DATE, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 457| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 458| 0| } 459| | 460| 7.73k| return 0; 461| 7.73k|} x509_crt.c:x509_get_uid: 469| 15.4k|{ 470| 15.4k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 15.4k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 471| | 472| 15.4k| if (*p == end) { ------------------ | Branch (472:9): [True: 0, False: 15.4k] ------------------ 473| 0| return 0; 474| 0| } 475| | 476| 15.4k| uid->tag = **p; 477| | 478| 15.4k| if ((ret = mbedtls_asn1_get_tag(p, end, &uid->len, ------------------ | Branch (478:9): [True: 15.4k, False: 0] ------------------ 479| 15.4k| MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | ------------------ | | 83| 15.4k|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | ------------------ | | 82| 15.4k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ 480| 15.4k| n)) != 0) { 481| 15.4k| if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { ------------------ | | 39| 15.4k|#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 ------------------ | Branch (481:13): [True: 15.4k, False: 0] ------------------ 482| 15.4k| return 0; 483| 15.4k| } 484| | 485| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_FORMAT, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 486| 15.4k| } 487| | 488| 0| uid->p = *p; 489| 0| *p += uid->len; 490| | 491| 0| return 0; 492| 15.4k|} x509_crt.c:x509_get_crt_ext: 867| 7.73k|{ 868| 7.73k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.73k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 869| 7.73k| size_t len; 870| 7.73k| unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet; 871| | 872| 7.73k| if (*p == end) { ------------------ | Branch (872:9): [True: 0, False: 7.73k] ------------------ 873| 0| return 0; 874| 0| } 875| | 876| 7.73k| if ((ret = mbedtls_x509_get_ext(p, end, &crt->v3_ext, 3)) != 0) { ------------------ | Branch (876:9): [True: 0, False: 7.73k] ------------------ 877| 0| return ret; 878| 0| } 879| | 880| 7.73k| end = crt->v3_ext.p + crt->v3_ext.len; 881| 47.9k| while (*p < end) { ------------------ | Branch (881:12): [True: 40.2k, False: 7.73k] ------------------ 882| | /* 883| | * Extension ::= SEQUENCE { 884| | * extnID OBJECT IDENTIFIER, 885| | * critical BOOLEAN DEFAULT FALSE, 886| | * extnValue OCTET STRING } 887| | */ 888| 40.2k| mbedtls_x509_buf extn_oid = { 0, 0, NULL }; 889| 40.2k| int is_critical = 0; /* DEFAULT FALSE */ 890| 40.2k| int ext_type = 0; 891| | 892| 40.2k| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (892:13): [True: 0, False: 40.2k] ------------------ 893| 40.2k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 40.2k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 40.2k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 894| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 895| 0| } 896| | 897| 40.2k| end_ext_data = *p + len; 898| | 899| | /* Get extension ID */ 900| 40.2k| if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len, ------------------ | Branch (900:13): [True: 0, False: 40.2k] ------------------ 901| 40.2k| MBEDTLS_ASN1_OID)) != 0) { ------------------ | | 69| 40.2k|#define MBEDTLS_ASN1_OID 0x06 ------------------ 902| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 903| 0| } 904| | 905| 40.2k| extn_oid.tag = MBEDTLS_ASN1_OID; ------------------ | | 69| 40.2k|#define MBEDTLS_ASN1_OID 0x06 ------------------ 906| 40.2k| extn_oid.p = *p; 907| 40.2k| *p += extn_oid.len; 908| | 909| | /* Get optional critical */ 910| 40.2k| if ((ret = mbedtls_asn1_get_bool(p, end_ext_data, &is_critical)) != 0 && ------------------ | Branch (910:13): [True: 27.1k, False: 13.0k] ------------------ 911| 40.2k| (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)) { ------------------ | | 39| 27.1k|#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 ------------------ | Branch (911:13): [True: 0, False: 27.1k] ------------------ 912| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 913| 0| } 914| | 915| | /* Data should be octet string type */ 916| 40.2k| if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len, ------------------ | Branch (916:13): [True: 0, False: 40.2k] ------------------ 917| 40.2k| MBEDTLS_ASN1_OCTET_STRING)) != 0) { ------------------ | | 67| 40.2k|#define MBEDTLS_ASN1_OCTET_STRING 0x04 ------------------ 918| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 919| 0| } 920| | 921| 40.2k| start_ext_octet = *p; 922| 40.2k| end_ext_octet = *p + len; 923| | 924| 40.2k| if (end_ext_octet != end_ext_data) { ------------------ | Branch (924:13): [True: 0, False: 40.2k] ------------------ 925| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 926| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 927| 0| } 928| | 929| | /* 930| | * Detect supported extensions 931| | */ 932| 40.2k| ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type); 933| | 934| 40.2k| if (ret != 0) { ------------------ | Branch (934:13): [True: 5.35k, False: 34.8k] ------------------ 935| | /* Give the callback (if any) a chance to handle the extension */ 936| 5.35k| if (cb != NULL) { ------------------ | Branch (936:17): [True: 0, False: 5.35k] ------------------ 937| 0| ret = cb(p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet); 938| 0| if (ret != 0 && is_critical) { ------------------ | Branch (938:21): [True: 0, False: 0] | Branch (938:33): [True: 0, False: 0] ------------------ 939| 0| return ret; 940| 0| } 941| 0| *p = end_ext_octet; 942| 0| continue; 943| 0| } 944| | 945| | /* No parser found, skip extension */ 946| 5.35k| *p = end_ext_octet; 947| | 948| 5.35k| if (is_critical) { ------------------ | Branch (948:17): [True: 0, False: 5.35k] ------------------ 949| | /* Data is marked as critical: fail */ 950| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 951| 0| MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); 952| 0| } 953| 5.35k| continue; 954| 5.35k| } 955| | 956| | /* Forbid repeated extensions */ 957| 34.8k| if ((crt->ext_types & ext_type) != 0) { ------------------ | Branch (957:13): [True: 0, False: 34.8k] ------------------ 958| 0| return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; ------------------ | | 63| 0|#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 ------------------ 959| 0| } 960| | 961| 34.8k| crt->ext_types |= ext_type; 962| | 963| 34.8k| switch (ext_type) { 964| 7.73k| case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS: ------------------ | | 182| 7.73k|#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */ | | ------------------ | | | | 45| 7.73k|#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS (1 << 8) | | ------------------ ------------------ | Branch (964:13): [True: 7.73k, False: 27.1k] ------------------ 965| | /* Parse basic constraints */ 966| 7.73k| if ((ret = x509_get_basic_constraints(p, end_ext_octet, ------------------ | Branch (966:21): [True: 0, False: 7.73k] ------------------ 967| 7.73k| &crt->ca_istrue, &crt->max_pathlen)) != 0) { 968| 0| return ret; 969| 0| } 970| 7.73k| break; 971| | 972| 7.73k| case MBEDTLS_X509_EXT_KEY_USAGE: ------------------ | | 176| 6.30k|#define MBEDTLS_X509_EXT_KEY_USAGE MBEDTLS_OID_X509_EXT_KEY_USAGE | | ------------------ | | | | 39| 6.30k|#define MBEDTLS_OID_X509_EXT_KEY_USAGE (1 << 2) | | ------------------ ------------------ | Branch (972:13): [True: 6.30k, False: 28.5k] ------------------ 973| | /* Parse key usage */ 974| 6.30k| if ((ret = mbedtls_x509_get_key_usage(p, end_ext_octet, ------------------ | Branch (974:21): [True: 0, False: 6.30k] ------------------ 975| 6.30k| &crt->key_usage)) != 0) { 976| 0| return ret; 977| 0| } 978| 6.30k| break; 979| | 980| 6.30k| case MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE: ------------------ | | 185| 6.30k|#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE | | ------------------ | | | | 48| 6.30k|#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE (1 << 11) | | ------------------ ------------------ | Branch (980:13): [True: 6.30k, False: 28.5k] ------------------ 981| | /* Parse extended key usage */ 982| 6.30k| if ((ret = x509_get_ext_key_usage(p, end_ext_octet, ------------------ | Branch (982:21): [True: 0, False: 6.30k] ------------------ 983| 6.30k| &crt->ext_key_usage)) != 0) { 984| 0| return ret; 985| 0| } 986| 6.30k| break; 987| | 988| 7.73k| case MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER: ------------------ | | 175| 7.73k|#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER | | ------------------ | | | | 38| 7.73k|#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1) | | ------------------ ------------------ | Branch (988:13): [True: 7.73k, False: 27.1k] ------------------ 989| | /* Parse subject key identifier */ 990| 7.73k| if ((ret = x509_get_subject_key_id(p, end_ext_data, ------------------ | Branch (990:21): [True: 0, False: 7.73k] ------------------ 991| 7.73k| &crt->subject_key_id)) != 0) { 992| 0| return ret; 993| 0| } 994| 7.73k| break; 995| | 996| 7.73k| case MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER: ------------------ | | 174| 1.42k|#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER | | ------------------ | | | | 37| 1.42k|#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0) | | ------------------ ------------------ | Branch (996:13): [True: 1.42k, False: 33.4k] ------------------ 997| | /* Parse authority key identifier */ 998| 1.42k| if ((ret = x509_get_authority_key_id(p, end_ext_octet, ------------------ | Branch (998:21): [True: 0, False: 1.42k] ------------------ 999| 1.42k| &crt->authority_key_id)) != 0) { 1000| 0| return ret; 1001| 0| } 1002| 1.42k| break; 1003| 5.35k| case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME: ------------------ | | 179| 5.35k|#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */ | | ------------------ | | | | 42| 5.35k|#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME (1 << 5) | | ------------------ ------------------ | Branch (1003:13): [True: 5.35k, False: 29.5k] ------------------ 1004| | /* Parse subject alt name 1005| | * SubjectAltName ::= GeneralNames 1006| | */ 1007| 5.35k| if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_octet, ------------------ | Branch (1007:21): [True: 0, False: 5.35k] ------------------ 1008| 5.35k| &crt->subject_alt_names)) != 0) { 1009| 0| return ret; 1010| 0| } 1011| 5.35k| break; 1012| | 1013| 5.35k| case MBEDTLS_X509_EXT_NS_CERT_TYPE: ------------------ | | 189| 0|#define MBEDTLS_X509_EXT_NS_CERT_TYPE MBEDTLS_OID_X509_EXT_NS_CERT_TYPE | | ------------------ | | | | 52| 0|#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16) | | ------------------ ------------------ | Branch (1013:13): [True: 0, False: 34.8k] ------------------ 1014| | /* Parse netscape certificate type */ 1015| 0| if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_octet, ------------------ | Branch (1015:21): [True: 0, False: 0] ------------------ 1016| 0| &crt->ns_cert_type)) != 0) { 1017| 0| return ret; 1018| 0| } 1019| 0| break; 1020| | 1021| 0| case MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES: ------------------ | | 40| 0|#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES (1 << 3) ------------------ | Branch (1021:13): [True: 0, False: 34.8k] ------------------ 1022| | /* Parse certificate policies type */ 1023| 0| if ((ret = x509_get_certificate_policies(p, end_ext_octet, ------------------ | Branch (1023:21): [True: 0, False: 0] ------------------ 1024| 0| &crt->certificate_policies)) != 0) { 1025| | /* Give the callback (if any) a chance to handle the extension 1026| | * if it contains unsupported policies */ 1027| 0| if (ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL && ------------------ | | 45| 0|#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080 ------------------ | Branch (1027:25): [True: 0, False: 0] | Branch (1027:72): [True: 0, False: 0] ------------------ 1028| 0| cb(p_ctx, crt, &extn_oid, is_critical, ------------------ | Branch (1028:25): [True: 0, False: 0] ------------------ 1029| 0| start_ext_octet, end_ext_octet) == 0) { 1030| 0| break; 1031| 0| } 1032| | 1033| 0| if (is_critical) { ------------------ | Branch (1033:25): [True: 0, False: 0] ------------------ 1034| 0| return ret; 1035| 0| } else 1036| | /* 1037| | * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we 1038| | * cannot interpret or enforce the policy. However, it is up to 1039| | * the user to choose how to enforce the policies, 1040| | * unless the extension is critical. 1041| | */ 1042| 0| if (ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) { ------------------ | | 45| 0|#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080 ------------------ | Branch (1042:25): [True: 0, False: 0] ------------------ 1043| 0| return ret; 1044| 0| } 1045| 0| } 1046| 0| break; 1047| | 1048| 0| default: ------------------ | Branch (1048:13): [True: 0, False: 34.8k] ------------------ 1049| | /* 1050| | * If this is a non-critical extension, which the oid layer 1051| | * supports, but there isn't an x509 parser for it, 1052| | * skip the extension. 1053| | */ 1054| 0| if (is_critical) { ------------------ | Branch (1054:21): [True: 0, False: 0] ------------------ 1055| 0| return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; ------------------ | | 45| 0|#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080 ------------------ 1056| 0| } else { 1057| 0| *p = end_ext_octet; 1058| 0| } 1059| 34.8k| } 1060| 34.8k| } 1061| | 1062| 7.73k| if (*p != end) { ------------------ | Branch (1062:9): [True: 0, False: 7.73k] ------------------ 1063| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 1064| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 1065| 0| } 1066| | 1067| 7.73k| return 0; 1068| 7.73k|} x509_crt.c:x509_get_basic_constraints: 498| 7.73k|{ 499| 7.73k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.73k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 500| 7.73k| size_t len; 501| | 502| | /* 503| | * BasicConstraints ::= SEQUENCE { 504| | * cA BOOLEAN DEFAULT FALSE, 505| | * pathLenConstraint INTEGER (0..MAX) OPTIONAL } 506| | */ 507| 7.73k| *ca_istrue = 0; /* DEFAULT FALSE */ 508| 7.73k| *max_pathlen = 0; /* endless */ 509| | 510| 7.73k| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (510:9): [True: 0, False: 7.73k] ------------------ 511| 7.73k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 7.73k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 7.73k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 512| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 513| 0| } 514| | 515| 7.73k| if (*p == end) { ------------------ | Branch (515:9): [True: 5.35k, False: 2.38k] ------------------ 516| 5.35k| return 0; 517| 5.35k| } 518| | 519| 2.38k| if ((ret = mbedtls_asn1_get_bool(p, end, ca_istrue)) != 0) { ------------------ | Branch (519:9): [True: 0, False: 2.38k] ------------------ 520| 0| if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { ------------------ | | 39| 0|#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 ------------------ | Branch (520:13): [True: 0, False: 0] ------------------ 521| 0| ret = mbedtls_asn1_get_int(p, end, ca_istrue); 522| 0| } 523| | 524| 0| if (ret != 0) { ------------------ | Branch (524:13): [True: 0, False: 0] ------------------ 525| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 526| 0| } 527| | 528| 0| if (*ca_istrue != 0) { ------------------ | Branch (528:13): [True: 0, False: 0] ------------------ 529| 0| *ca_istrue = 1; 530| 0| } 531| 0| } 532| | 533| 2.38k| if (*p == end) { ------------------ | Branch (533:9): [True: 2.38k, False: 0] ------------------ 534| 2.38k| return 0; 535| 2.38k| } 536| | 537| 0| if ((ret = mbedtls_asn1_get_int(p, end, max_pathlen)) != 0) { ------------------ | Branch (537:9): [True: 0, False: 0] ------------------ 538| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 539| 0| } 540| | 541| 0| if (*p != end) { ------------------ | Branch (541:9): [True: 0, False: 0] ------------------ 542| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 543| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 544| 0| } 545| | 546| | /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer 547| | * overflow, which is an undefined behavior. */ 548| 0| if (*max_pathlen == INT_MAX) { ------------------ | Branch (548:9): [True: 0, False: 0] ------------------ 549| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 550| 0| MBEDTLS_ERR_ASN1_INVALID_LENGTH); 551| 0| } 552| | 553| 0| (*max_pathlen)++; 554| | 555| 0| return 0; 556| 0|} x509_crt.c:x509_get_ext_key_usage: 566| 6.30k|{ 567| 6.30k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 6.30k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 568| | 569| 6.30k| if ((ret = mbedtls_asn1_get_sequence_of(p, end, ext_key_usage, MBEDTLS_ASN1_OID)) != 0) { ------------------ | | 69| 6.30k|#define MBEDTLS_ASN1_OID 0x06 ------------------ | Branch (569:9): [True: 0, False: 6.30k] ------------------ 570| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 571| 0| } 572| | 573| | /* Sequence length must be >= 1 */ 574| 6.30k| if (ext_key_usage->buf.p == NULL) { ------------------ | Branch (574:9): [True: 0, False: 6.30k] ------------------ 575| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 576| 0| MBEDTLS_ERR_ASN1_INVALID_LENGTH); 577| 0| } 578| | 579| 6.30k| return 0; 580| 6.30k|} x509_crt.c:x509_get_subject_key_id: 590| 7.73k|{ 591| 7.73k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 7.73k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 592| 7.73k| size_t len = 0u; 593| | 594| 7.73k| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (594:9): [True: 0, False: 7.73k] ------------------ 595| 7.73k| MBEDTLS_ASN1_OCTET_STRING)) != 0) { ------------------ | | 67| 7.73k|#define MBEDTLS_ASN1_OCTET_STRING 0x04 ------------------ 596| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 597| 0| } 598| | 599| 7.73k| subject_key_id->len = len; 600| 7.73k| subject_key_id->tag = MBEDTLS_ASN1_OCTET_STRING; ------------------ | | 67| 7.73k|#define MBEDTLS_ASN1_OCTET_STRING 0x04 ------------------ 601| 7.73k| subject_key_id->p = *p; 602| 7.73k| *p += len; 603| | 604| 7.73k| if (*p != end) { ------------------ | Branch (604:9): [True: 0, False: 7.73k] ------------------ 605| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 606| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 607| 0| } 608| | 609| 7.73k| return 0; 610| 7.73k|} x509_crt.c:x509_get_authority_key_id: 623| 1.42k|{ 624| 1.42k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1.42k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 625| 1.42k| size_t len = 0u; 626| | 627| 1.42k| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (627:9): [True: 0, False: 1.42k] ------------------ 628| 1.42k| MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 82| 1.42k|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { ------------------ | | 72| 1.42k|#define MBEDTLS_ASN1_SEQUENCE 0x10 ------------------ 629| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 630| 0| } 631| | 632| 1.42k| if (*p + len != end) { ------------------ | Branch (632:9): [True: 0, False: 1.42k] ------------------ 633| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 634| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); 635| 0| } 636| | 637| 1.42k| ret = mbedtls_asn1_get_tag(p, end, &len, 638| 1.42k| MBEDTLS_ASN1_CONTEXT_SPECIFIC); ------------------ | | 83| 1.42k|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ 639| | 640| | /* KeyIdentifier is an OPTIONAL field */ 641| 1.42k| if (ret == 0) { ------------------ | Branch (641:9): [True: 1.42k, False: 0] ------------------ 642| 1.42k| authority_key_id->keyIdentifier.len = len; 643| 1.42k| authority_key_id->keyIdentifier.p = *p; 644| | /* Setting tag of the keyIdentfier intentionally to 0x04. 645| | * Although the .keyIdentfier field is CONTEXT_SPECIFIC ([0] OPTIONAL), 646| | * its tag with the content is the payload of on OCTET STRING primitive */ 647| 1.42k| authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING; ------------------ | | 67| 1.42k|#define MBEDTLS_ASN1_OCTET_STRING 0x04 ------------------ 648| | 649| 1.42k| *p += len; 650| 1.42k| } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { ------------------ | | 39| 0|#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062 ------------------ | Branch (650:16): [True: 0, False: 0] ------------------ 651| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 652| 0| } 653| | 654| 1.42k| if (*p < end) { ------------------ | Branch (654:9): [True: 0, False: 1.42k] ------------------ 655| | /* Getting authorityCertIssuer using the required specific class tag [1] */ 656| 0| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (656:13): [True: 0, False: 0] ------------------ 657| 0| MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | ------------------ | | 83| 0|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | ------------------ | | 82| 0|#define MBEDTLS_ASN1_CONSTRUCTED 0x20 ------------------ 658| 0| 1)) != 0) { 659| | /* authorityCertIssuer and authorityCertSerialNumber MUST both 660| | be present or both be absent. At this point we expect to have both. */ 661| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 662| 0| } 663| | /* "end" also includes the CertSerialNumber field so "len" shall be used */ 664| 0| ret = mbedtls_x509_get_subject_alt_name_ext(p, 665| 0| (*p+len), 666| 0| &authority_key_id->authorityCertIssuer); 667| 0| if (ret != 0) { ------------------ | Branch (667:13): [True: 0, False: 0] ------------------ 668| 0| return ret; 669| 0| } 670| | 671| | /* Getting authorityCertSerialNumber using the required specific class tag [2] */ 672| 0| if ((ret = mbedtls_asn1_get_tag(p, end, &len, ------------------ | Branch (672:13): [True: 0, False: 0] ------------------ 673| 0| MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2)) != 0) { ------------------ | | 83| 0|#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80 ------------------ 674| 0| return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret); ------------------ | | 114| 0| mbedtls_error_add(high, low, __FILE__, __LINE__) ------------------ 675| 0| } 676| 0| authority_key_id->authorityCertSerialNumber.len = len; 677| 0| authority_key_id->authorityCertSerialNumber.p = *p; 678| 0| authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_INTEGER; ------------------ | | 65| 0|#define MBEDTLS_ASN1_INTEGER 0x02 ------------------ 679| 0| *p += len; 680| 0| } 681| | 682| 1.42k| if (*p != end) { ------------------ | Branch (682:9): [True: 0, False: 1.42k] ------------------ 683| 0| return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ------------------ | | 63| 0|#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500 ------------------ 684| 0| MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; ------------------ | | 43| 0|#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066 ------------------ 685| 0| } 686| | 687| 1.42k| return 0; 688| 1.42k|} x509_crt.c:x509_crt_verify_restartable_ca_cb: 3068| 1.42k|{ 3069| 1.42k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1.42k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 3070| 1.42k| mbedtls_pk_type_t pk_type; 3071| 1.42k| mbedtls_x509_crt_verify_chain ver_chain; 3072| 1.42k| uint32_t ee_flags; 3073| | 3074| 1.42k| *flags = 0; 3075| 1.42k| ee_flags = 0; 3076| 1.42k| x509_crt_verify_chain_reset(&ver_chain); 3077| | 3078| 1.42k| if (profile == NULL) { ------------------ | Branch (3078:9): [True: 0, False: 1.42k] ------------------ 3079| 0| ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; ------------------ | | 75| 0|#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800 ------------------ 3080| 0| goto exit; 3081| 0| } 3082| | 3083| | /* check name if requested */ 3084| 1.42k| if (cn != NULL) { ------------------ | Branch (3084:9): [True: 0, False: 1.42k] ------------------ 3085| 0| x509_crt_verify_name(crt, cn, &ee_flags); 3086| 0| } 3087| | 3088| | /* Check the type and size of the key */ 3089| 1.42k| pk_type = mbedtls_pk_get_type(&crt->pk); 3090| | 3091| 1.42k| if (x509_profile_check_pk_alg(profile, pk_type) != 0) { ------------------ | Branch (3091:9): [True: 0, False: 1.42k] ------------------ 3092| 0| ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK; ------------------ | | 106| 0|#define MBEDTLS_X509_BADCERT_BAD_PK 0x8000 /**< The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */ ------------------ 3093| 0| } 3094| | 3095| 1.42k| if (x509_profile_check_key(profile, &crt->pk) != 0) { ------------------ | Branch (3095:9): [True: 0, False: 1.42k] ------------------ 3096| 0| ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY; ------------------ | | 107| 0|#define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000 /**< The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */ ------------------ 3097| 0| } 3098| | 3099| | /* Check the chain */ 3100| 1.42k| ret = x509_crt_verify_chain(crt, trust_ca, ca_crl, 3101| 1.42k| f_ca_cb, p_ca_cb, profile, 3102| 1.42k| &ver_chain, rs_ctx); 3103| | 3104| 1.42k| if (ret != 0) { ------------------ | Branch (3104:9): [True: 0, False: 1.42k] ------------------ 3105| 0| goto exit; 3106| 0| } 3107| | 3108| | /* Merge end-entity flags */ 3109| 1.42k| ver_chain.items[0].flags |= ee_flags; 3110| | 3111| | /* Build final flags, calling callback on the way if any */ 3112| 1.42k| ret = x509_crt_merge_flags_with_cb(flags, &ver_chain, f_vrfy, p_vrfy); 3113| | 3114| 1.42k|exit: 3115| | 3116| |#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 3117| | mbedtls_x509_crt_free(ver_chain.trust_ca_cb_result); 3118| | mbedtls_free(ver_chain.trust_ca_cb_result); 3119| | ver_chain.trust_ca_cb_result = NULL; 3120| |#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 3121| | 3122| 1.42k|#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 3123| 1.42k| if (rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS) { ------------------ | | 51| 0|#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 ------------------ | Branch (3123:9): [True: 0, False: 1.42k] | Branch (3123:27): [True: 0, False: 0] ------------------ 3124| 0| mbedtls_x509_crt_restart_free(rs_ctx); 3125| 0| } 3126| 1.42k|#endif 3127| | 3128| | /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by 3129| | * the SSL module for authmode optional, but non-zero return from the 3130| | * callback means a fatal error so it shouldn't be ignored */ 3131| 1.42k| if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) { ------------------ | | 71| 1.42k|#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700 ------------------ | Branch (3131:9): [True: 0, False: 1.42k] ------------------ 3132| 0| ret = MBEDTLS_ERR_X509_FATAL_ERROR; ------------------ | | 83| 0|#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 ------------------ 3133| 0| } 3134| | 3135| 1.42k| if (ret != 0) { ------------------ | Branch (3135:9): [True: 0, False: 1.42k] ------------------ 3136| 0| *flags = (uint32_t) -1; 3137| 0| return ret; 3138| 0| } 3139| | 3140| 1.42k| if (*flags != 0) { ------------------ | Branch (3140:9): [True: 0, False: 1.42k] ------------------ 3141| 0| return MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; ------------------ | | 71| 0|#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700 ------------------ 3142| 0| } 3143| | 3144| 1.42k| return 0; 3145| 1.42k|} x509_crt.c:x509_profile_check_pk_alg: 193| 2.85k|{ 194| 2.85k| if (pk_alg == MBEDTLS_PK_NONE) { ------------------ | Branch (194:9): [True: 0, False: 2.85k] ------------------ 195| 0| return -1; 196| 0| } 197| | 198| 2.85k| if ((profile->allowed_pks & MBEDTLS_X509_ID_FLAG(pk_alg)) != 0) { ------------------ | | 98| 2.85k|#define MBEDTLS_X509_ID_FLAG(id) (1 << ((id) - 1)) ------------------ | Branch (198:9): [True: 2.85k, False: 0] ------------------ 199| 2.85k| return 0; 200| 2.85k| } 201| | 202| 0| return -1; 203| 2.85k|} x509_crt.c:x509_profile_check_key: 211| 2.38k|{ 212| 2.38k| const mbedtls_pk_type_t pk_alg = mbedtls_pk_get_type(pk); 213| | 214| 2.38k|#if defined(MBEDTLS_RSA_C) 215| 2.38k| if (pk_alg == MBEDTLS_PK_RSA || pk_alg == MBEDTLS_PK_RSASSA_PSS) { ------------------ | Branch (215:9): [True: 595, False: 1.78k] | Branch (215:37): [True: 0, False: 1.78k] ------------------ 216| 595| if (mbedtls_pk_get_bitlen(pk) >= profile->rsa_min_bitlen) { ------------------ | Branch (216:13): [True: 595, False: 0] ------------------ 217| 595| return 0; 218| 595| } 219| | 220| 0| return -1; 221| 595| } 222| 1.78k|#endif /* MBEDTLS_RSA_C */ 223| | 224| 1.78k|#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) 225| 1.78k| if (pk_alg == MBEDTLS_PK_ECDSA || ------------------ | Branch (225:9): [True: 0, False: 1.78k] ------------------ 226| 1.78k| pk_alg == MBEDTLS_PK_ECKEY || ------------------ | Branch (226:9): [True: 1.78k, False: 0] ------------------ 227| 1.78k| pk_alg == MBEDTLS_PK_ECKEY_DH) { ------------------ | Branch (227:9): [True: 0, False: 0] ------------------ 228| 1.78k| const mbedtls_ecp_group_id gid = mbedtls_pk_get_ec_group_id(pk); 229| | 230| 1.78k| if (gid == MBEDTLS_ECP_DP_NONE) { ------------------ | Branch (230:13): [True: 0, False: 1.78k] ------------------ 231| 0| return -1; 232| 0| } 233| | 234| 1.78k| if ((profile->allowed_curves & MBEDTLS_X509_ID_FLAG(gid)) != 0) { ------------------ | | 98| 1.78k|#define MBEDTLS_X509_ID_FLAG(id) (1 << ((id) - 1)) ------------------ | Branch (234:13): [True: 1.78k, False: 0] ------------------ 235| 1.78k| return 0; 236| 1.78k| } 237| | 238| 0| return -1; 239| 1.78k| } 240| 0|#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ 241| | 242| 0| return -1; 243| 1.78k|} x509_crt.c:x509_crt_verify_chain: 2515| 1.42k|{ 2516| | /* Don't initialize any of those variables here, so that the compiler can 2517| | * catch potential issues with jumping ahead when restarting */ 2518| 1.42k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1.42k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 2519| 1.42k| uint32_t *flags; 2520| 1.42k| mbedtls_x509_crt_verify_chain_item *cur; 2521| 1.42k| mbedtls_x509_crt *child; 2522| 1.42k| mbedtls_x509_crt *parent; 2523| 1.42k| int parent_is_trusted; 2524| 1.42k| int child_is_trusted; 2525| 1.42k| int signature_is_good; 2526| 1.42k| unsigned self_cnt; 2527| 1.42k| mbedtls_x509_crt *cur_trust_ca = NULL; 2528| 1.42k| mbedtls_x509_time now; 2529| | 2530| 1.42k|#if defined(MBEDTLS_HAVE_TIME_DATE) 2531| 1.42k| if (mbedtls_x509_time_gmtime(mbedtls_time(NULL), &now) != 0) { ------------------ | | 71| 1.42k|#define mbedtls_time time ------------------ | Branch (2531:9): [True: 0, False: 1.42k] ------------------ 2532| 0| return MBEDTLS_ERR_X509_FATAL_ERROR; ------------------ | | 83| 0|#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 ------------------ 2533| 0| } 2534| 1.42k|#endif 2535| | 2536| 1.42k|#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2537| | /* resume if we had an operation in progress */ 2538| 1.42k| if (rs_ctx != NULL && rs_ctx->in_progress == x509_crt_rs_find_parent) { ------------------ | Branch (2538:9): [True: 0, False: 1.42k] | Branch (2538:27): [True: 0, False: 0] ------------------ 2539| | /* restore saved state */ 2540| 0| *ver_chain = rs_ctx->ver_chain; /* struct copy */ 2541| 0| self_cnt = rs_ctx->self_cnt; 2542| | 2543| | /* restore derived state */ 2544| 0| cur = &ver_chain->items[ver_chain->len - 1]; 2545| 0| child = cur->crt; 2546| 0| flags = &cur->flags; 2547| | 2548| 0| goto find_parent; 2549| 0| } 2550| 1.42k|#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ 2551| | 2552| 1.42k| child = crt; 2553| 1.42k| self_cnt = 0; 2554| 1.42k| parent_is_trusted = 0; 2555| 1.42k| child_is_trusted = 0; 2556| | 2557| 2.38k| while (1) { ------------------ | Branch (2557:12): [Folded - Ignored] ------------------ 2558| | /* Add certificate to the verification chain */ 2559| 2.38k| cur = &ver_chain->items[ver_chain->len]; 2560| 2.38k| cur->crt = child; 2561| 2.38k| cur->flags = 0; 2562| 2.38k| ver_chain->len++; 2563| 2.38k| flags = &cur->flags; 2564| | 2565| 2.38k|#if defined(MBEDTLS_HAVE_TIME_DATE) 2566| | /* Check time-validity (all certificates) */ 2567| 2.38k| if (mbedtls_x509_time_cmp(&child->valid_to, &now) < 0) { ------------------ | Branch (2567:13): [True: 0, False: 2.38k] ------------------ 2568| 0| *flags |= MBEDTLS_X509_BADCERT_EXPIRED; ------------------ | | 91| 0|#define MBEDTLS_X509_BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */ ------------------ 2569| 0| } 2570| | 2571| 2.38k| if (mbedtls_x509_time_cmp(&child->valid_from, &now) > 0) { ------------------ | Branch (2571:13): [True: 0, False: 2.38k] ------------------ 2572| 0| *flags |= MBEDTLS_X509_BADCERT_FUTURE; ------------------ | | 100| 0|#define MBEDTLS_X509_BADCERT_FUTURE 0x0200 /**< The certificate validity starts in the future. */ ------------------ 2573| 0| } 2574| 2.38k|#endif 2575| | 2576| | /* Stop here for trusted roots (but not for trusted EE certs) */ 2577| 2.38k| if (child_is_trusted) { ------------------ | Branch (2577:13): [True: 952, False: 1.42k] ------------------ 2578| 952| return 0; 2579| 952| } 2580| | 2581| | /* Check signature algorithm: MD & PK algs */ 2582| 1.42k| if (x509_profile_check_md_alg(profile, child->sig_md) != 0) { ------------------ | Branch (2582:13): [True: 0, False: 1.42k] ------------------ 2583| 0| *flags |= MBEDTLS_X509_BADCERT_BAD_MD; ------------------ | | 105| 0|#define MBEDTLS_X509_BADCERT_BAD_MD 0x4000 /**< The certificate is signed with an unacceptable hash. */ ------------------ 2584| 0| } 2585| | 2586| 1.42k| if (x509_profile_check_pk_alg(profile, child->sig_pk) != 0) { ------------------ | Branch (2586:13): [True: 0, False: 1.42k] ------------------ 2587| 0| *flags |= MBEDTLS_X509_BADCERT_BAD_PK; ------------------ | | 106| 0|#define MBEDTLS_X509_BADCERT_BAD_PK 0x8000 /**< The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */ ------------------ 2588| 0| } 2589| | 2590| | /* Special case: EE certs that are locally trusted */ 2591| 1.42k| if (ver_chain->len == 1 && ------------------ | Branch (2591:13): [True: 1.42k, False: 0] ------------------ 2592| 1.42k| x509_crt_check_ee_locally_trusted(child, trust_ca) == 0) { ------------------ | Branch (2592:13): [True: 476, False: 952] ------------------ 2593| 476| return 0; 2594| 476| } 2595| | 2596| 952|#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2597| 952|find_parent: 2598| 952|#endif 2599| | 2600| | /* Obtain list of potential trusted signers from CA callback, 2601| | * or use statically provided list. */ 2602| |#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 2603| | if (f_ca_cb != NULL) { 2604| | mbedtls_x509_crt_free(ver_chain->trust_ca_cb_result); 2605| | mbedtls_free(ver_chain->trust_ca_cb_result); 2606| | ver_chain->trust_ca_cb_result = NULL; 2607| | 2608| | ret = f_ca_cb(p_ca_cb, child, &ver_chain->trust_ca_cb_result); 2609| | if (ret != 0) { 2610| | return MBEDTLS_ERR_X509_FATAL_ERROR; 2611| | } 2612| | 2613| | cur_trust_ca = ver_chain->trust_ca_cb_result; 2614| | } else 2615| |#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 2616| 952| { 2617| 952| ((void) f_ca_cb); 2618| 952| ((void) p_ca_cb); 2619| 952| cur_trust_ca = trust_ca; 2620| 952| } 2621| | 2622| | /* Look for a parent in trusted CAs or up the chain */ 2623| 952| ret = x509_crt_find_parent(child, cur_trust_ca, &parent, 2624| 952| &parent_is_trusted, &signature_is_good, 2625| 952| ver_chain->len - 1, self_cnt, rs_ctx, 2626| 952| &now); 2627| | 2628| 952|#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2629| 952| if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ------------------ | | 51| 0|#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 ------------------ | Branch (2629:13): [True: 0, False: 952] | Branch (2629:31): [True: 0, False: 0] ------------------ 2630| | /* save state */ 2631| 0| rs_ctx->in_progress = x509_crt_rs_find_parent; 2632| 0| rs_ctx->self_cnt = self_cnt; 2633| 0| rs_ctx->ver_chain = *ver_chain; /* struct copy */ 2634| | 2635| 0| return ret; 2636| 0| } 2637| |#else 2638| | (void) ret; 2639| |#endif 2640| | 2641| | /* No parent? We're done here */ 2642| 952| if (parent == NULL) { ------------------ | Branch (2642:13): [True: 0, False: 952] ------------------ 2643| 0| *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; ------------------ | | 94| 0|#define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */ ------------------ 2644| 0| return 0; 2645| 0| } 2646| | 2647| | /* Count intermediate self-issued (not necessarily self-signed) certs. 2648| | * These can occur with some strategies for key rollover, see [SIRO], 2649| | * and should be excluded from max_pathlen checks. */ 2650| 952| if (ver_chain->len != 1 && ------------------ | Branch (2650:13): [True: 0, False: 952] ------------------ 2651| 952| x509_name_cmp(&child->issuer, &child->subject) == 0) { ------------------ | Branch (2651:13): [True: 0, False: 0] ------------------ 2652| 0| self_cnt++; 2653| 0| } 2654| | 2655| | /* path_cnt is 0 for the first intermediate CA, 2656| | * and if parent is trusted it's not an intermediate CA */ 2657| 952| if (!parent_is_trusted && ------------------ | Branch (2657:13): [True: 0, False: 952] ------------------ 2658| 952| ver_chain->len > MBEDTLS_X509_MAX_INTERMEDIATE_CA) { ------------------ | | 37| 0|#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 ------------------ | Branch (2658:13): [True: 0, False: 0] ------------------ 2659| | /* return immediately to avoid overflow the chain array */ 2660| 0| return MBEDTLS_ERR_X509_FATAL_ERROR; ------------------ | | 83| 0|#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 ------------------ 2661| 0| } 2662| | 2663| | /* signature was checked while searching parent */ 2664| 952| if (!signature_is_good) { ------------------ | Branch (2664:13): [True: 0, False: 952] ------------------ 2665| 0| *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; ------------------ | | 94| 0|#define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */ ------------------ 2666| 0| } 2667| | 2668| | /* check size of signing key */ 2669| 952| if (x509_profile_check_key(profile, &parent->pk) != 0) { ------------------ | Branch (2669:13): [True: 0, False: 952] ------------------ 2670| 0| *flags |= MBEDTLS_X509_BADCERT_BAD_KEY; ------------------ | | 107| 0|#define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000 /**< The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */ ------------------ 2671| 0| } 2672| | 2673| 952|#if defined(MBEDTLS_X509_CRL_PARSE_C) 2674| | /* Check trusted CA's CRL for the given crt */ 2675| 952| *flags |= x509_crt_verifycrl(child, parent, ca_crl, profile, &now); 2676| |#else 2677| | (void) ca_crl; 2678| |#endif 2679| | 2680| | /* prepare for next iteration */ 2681| 952| child = parent; 2682| 952| parent = NULL; 2683| 952| child_is_trusted = parent_is_trusted; 2684| 952| signature_is_good = 0; 2685| 952| } 2686| 1.42k|} x509_crt.c:x509_profile_check_md_alg: 175| 1.42k|{ 176| 1.42k| if (md_alg == MBEDTLS_MD_NONE) { ------------------ | Branch (176:9): [True: 0, False: 1.42k] ------------------ 177| 0| return -1; 178| 0| } 179| | 180| 1.42k| if ((profile->allowed_mds & MBEDTLS_X509_ID_FLAG(md_alg)) != 0) { ------------------ | | 98| 1.42k|#define MBEDTLS_X509_ID_FLAG(id) (1 << ((id) - 1)) ------------------ | Branch (180:9): [True: 1.42k, False: 0] ------------------ 181| 1.42k| return 0; 182| 1.42k| } 183| | 184| 0| return -1; 185| 1.42k|} x509_crt.c:x509_crt_check_ee_locally_trusted: 2446| 1.42k|{ 2447| 1.42k| mbedtls_x509_crt *cur; 2448| | 2449| | /* must be self-issued */ 2450| 1.42k| if (x509_name_cmp(&crt->issuer, &crt->subject) != 0) { ------------------ | Branch (2450:9): [True: 952, False: 476] ------------------ 2451| 952| return -1; 2452| 952| } 2453| | 2454| | /* look for an exact match with trusted cert */ 2455| 476| for (cur = trust_ca; cur != NULL; cur = cur->next) { ------------------ | Branch (2455:26): [True: 476, False: 0] ------------------ 2456| 476| if (crt->raw.len == cur->raw.len && ------------------ | Branch (2456:13): [True: 476, False: 0] ------------------ 2457| 476| memcmp(crt->raw.p, cur->raw.p, crt->raw.len) == 0) { ------------------ | Branch (2457:13): [True: 476, False: 0] ------------------ 2458| 476| return 0; 2459| 476| } 2460| 476| } 2461| | 2462| | /* too bad */ 2463| 0| return -1; 2464| 476|} x509_crt.c:x509_crt_find_parent: 2387| 952|{ 2388| 952| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 952|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 2389| 952| mbedtls_x509_crt *search_list; 2390| | 2391| 952| *parent_is_trusted = 1; 2392| | 2393| 952|#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2394| | /* restore then clear saved state if we have some stored */ 2395| 952| if (rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) { ------------------ | Branch (2395:9): [True: 0, False: 952] | Branch (2395:27): [True: 0, False: 0] ------------------ 2396| 0| *parent_is_trusted = rs_ctx->parent_is_trusted; 2397| 0| rs_ctx->parent_is_trusted = -1; 2398| 0| } 2399| 952|#endif 2400| | 2401| 952| while (1) { ------------------ | Branch (2401:12): [Folded - Ignored] ------------------ 2402| 952| search_list = *parent_is_trusted ? trust_ca : child->next; ------------------ | Branch (2402:23): [True: 952, False: 0] ------------------ 2403| | 2404| 952| ret = x509_crt_find_parent_in(child, search_list, 2405| 952| parent, signature_is_good, 2406| 952| *parent_is_trusted, 2407| 952| path_cnt, self_cnt, rs_ctx, now); 2408| | 2409| 952|#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2410| 952| if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ------------------ | | 51| 0|#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 ------------------ | Branch (2410:13): [True: 0, False: 952] | Branch (2410:31): [True: 0, False: 0] ------------------ 2411| | /* save state */ 2412| 0| rs_ctx->parent_is_trusted = *parent_is_trusted; 2413| 0| return ret; 2414| 0| } 2415| |#else 2416| | (void) ret; 2417| |#endif 2418| | 2419| | /* stop here if found or already in second iteration */ 2420| 952| if (*parent != NULL || *parent_is_trusted == 0) { ------------------ | Branch (2420:13): [True: 952, False: 0] | Branch (2420:32): [True: 0, False: 0] ------------------ 2421| 952| break; 2422| 952| } 2423| | 2424| | /* prepare second iteration */ 2425| 0| *parent_is_trusted = 0; 2426| 0| } 2427| | 2428| | /* extra precaution against mistakes in the caller */ 2429| 952| if (*parent == NULL) { ------------------ | Branch (2429:9): [True: 0, False: 952] ------------------ 2430| 0| *parent_is_trusted = 0; 2431| 0| *signature_is_good = 0; 2432| 0| } 2433| | 2434| 952| return 0; 2435| 952|} x509_crt.c:x509_crt_find_parent_in: 2264| 952|{ 2265| 952| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 952|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 2266| 952| mbedtls_x509_crt *parent, *fallback_parent; 2267| 952| int signature_is_good = 0, fallback_signature_is_good; 2268| | 2269| 952|#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2270| | /* did we have something in progress? */ 2271| 952| if (rs_ctx != NULL && rs_ctx->parent != NULL) { ------------------ | Branch (2271:9): [True: 0, False: 952] | Branch (2271:27): [True: 0, False: 0] ------------------ 2272| | /* restore saved state */ 2273| 0| parent = rs_ctx->parent; 2274| 0| fallback_parent = rs_ctx->fallback_parent; 2275| 0| fallback_signature_is_good = rs_ctx->fallback_signature_is_good; 2276| | 2277| | /* clear saved state */ 2278| 0| rs_ctx->parent = NULL; 2279| 0| rs_ctx->fallback_parent = NULL; 2280| 0| rs_ctx->fallback_signature_is_good = 0; 2281| | 2282| | /* resume where we left */ 2283| 0| goto check_signature; 2284| 0| } 2285| 952|#endif 2286| | 2287| 952| fallback_parent = NULL; 2288| 952| fallback_signature_is_good = 0; 2289| | 2290| 952| for (parent = candidates; parent != NULL; parent = parent->next) { ------------------ | Branch (2290:31): [True: 952, False: 0] ------------------ 2291| | /* basic parenting skills (name, CA bit, key usage) */ 2292| 952| if (x509_crt_check_parent(child, parent, top) != 0) { ------------------ | Branch (2292:13): [True: 0, False: 952] ------------------ 2293| 0| continue; 2294| 0| } 2295| | 2296| | /* +1 because stored max_pathlen is 1 higher that the actual value */ 2297| 952| if (parent->max_pathlen > 0 && ------------------ | Branch (2297:13): [True: 0, False: 952] ------------------ 2298| 952| (size_t) parent->max_pathlen < 1 + path_cnt - self_cnt) { ------------------ | Branch (2298:13): [True: 0, False: 0] ------------------ 2299| 0| continue; 2300| 0| } 2301| | 2302| | /* Signature */ 2303| 952|#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2304| 952|check_signature: 2305| 952|#endif 2306| 952| ret = x509_crt_check_signature(child, parent, rs_ctx); 2307| | 2308| 952|#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2309| 952| if (rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS) { ------------------ | | 51| 0|#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00 ------------------ | Branch (2309:13): [True: 0, False: 952] | Branch (2309:31): [True: 0, False: 0] ------------------ 2310| | /* save state */ 2311| 0| rs_ctx->parent = parent; 2312| 0| rs_ctx->fallback_parent = fallback_parent; 2313| 0| rs_ctx->fallback_signature_is_good = fallback_signature_is_good; 2314| | 2315| 0| return ret; 2316| 0| } 2317| |#else 2318| | (void) ret; 2319| |#endif 2320| | 2321| 952| signature_is_good = ret == 0; 2322| 952| if (top && !signature_is_good) { ------------------ | Branch (2322:13): [True: 952, False: 0] | Branch (2322:20): [True: 0, False: 952] ------------------ 2323| 0| continue; 2324| 0| } 2325| | 2326| 952|#if defined(MBEDTLS_HAVE_TIME_DATE) 2327| | /* optional time check */ 2328| 952| if (mbedtls_x509_time_cmp(&parent->valid_to, now) < 0 || /* past */ ------------------ | Branch (2328:13): [True: 0, False: 952] ------------------ 2329| 952| mbedtls_x509_time_cmp(&parent->valid_from, now) > 0) { /* future */ ------------------ | Branch (2329:13): [True: 0, False: 952] ------------------ 2330| 0| if (fallback_parent == NULL) { ------------------ | Branch (2330:17): [True: 0, False: 0] ------------------ 2331| 0| fallback_parent = parent; 2332| 0| fallback_signature_is_good = signature_is_good; 2333| 0| } 2334| | 2335| 0| continue; 2336| 0| } 2337| |#else 2338| | ((void) now); 2339| |#endif 2340| | 2341| 952| *r_parent = parent; 2342| 952| *r_signature_is_good = signature_is_good; 2343| | 2344| 952| break; 2345| 952| } 2346| | 2347| 952| if (parent == NULL) { ------------------ | Branch (2347:9): [True: 0, False: 952] ------------------ 2348| 0| *r_parent = fallback_parent; 2349| 0| *r_signature_is_good = fallback_signature_is_good; 2350| 0| } 2351| | 2352| 952| return 0; 2353| 952|} x509_crt.c:x509_crt_check_parent: 2183| 952|{ 2184| 952| int need_ca_bit; 2185| | 2186| | /* Parent must be the issuer */ 2187| 952| if (x509_name_cmp(&child->issuer, &parent->subject) != 0) { ------------------ | Branch (2187:9): [True: 0, False: 952] ------------------ 2188| 0| return -1; 2189| 0| } 2190| | 2191| | /* Parent must have the basicConstraints CA bit set as a general rule */ 2192| 952| need_ca_bit = 1; 2193| | 2194| | /* Exception: v1/v2 certificates that are locally trusted. */ 2195| 952| if (top && parent->version < 3) { ------------------ | Branch (2195:9): [True: 952, False: 0] | Branch (2195:16): [True: 0, False: 952] ------------------ 2196| 0| need_ca_bit = 0; 2197| 0| } 2198| | 2199| 952| if (need_ca_bit && !parent->ca_istrue) { ------------------ | Branch (2199:9): [True: 952, False: 0] | Branch (2199:24): [True: 0, False: 952] ------------------ 2200| 0| return -1; 2201| 0| } 2202| | 2203| 952| if (need_ca_bit && ------------------ | Branch (2203:9): [True: 952, False: 0] ------------------ 2204| 952| mbedtls_x509_crt_check_key_usage(parent, MBEDTLS_X509_KU_KEY_CERT_SIGN) != 0) { ------------------ | | 146| 952|#define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */ ------------------ | Branch (2204:9): [True: 0, False: 952] ------------------ 2205| 0| return -1; 2206| 0| } 2207| | 2208| 952| return 0; 2209| 952|} x509_crt.c:x509_crt_check_signature: 2127| 952|{ 2128| 952| size_t hash_len; 2129| 952| unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 2130| 952|#if !defined(MBEDTLS_USE_PSA_CRYPTO) 2131| 952| const mbedtls_md_info_t *md_info; 2132| 952| md_info = mbedtls_md_info_from_type(child->sig_md); 2133| 952| hash_len = mbedtls_md_get_size(md_info); 2134| | 2135| | /* Note: hash errors can happen only after an internal error */ 2136| 952| if (mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash) != 0) { ------------------ | Branch (2136:9): [True: 0, False: 952] ------------------ 2137| 0| return -1; 2138| 0| } 2139| |#else 2140| | psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md); 2141| | psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; 2142| | 2143| | status = psa_hash_compute(hash_alg, 2144| | child->tbs.p, 2145| | child->tbs.len, 2146| | hash, 2147| | sizeof(hash), 2148| | &hash_len); 2149| | if (status != PSA_SUCCESS) { 2150| | return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; 2151| | } 2152| | 2153| |#endif /* MBEDTLS_USE_PSA_CRYPTO */ 2154| | /* Skip expensive computation on obvious mismatch */ 2155| 952| if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) { ------------------ | Branch (2155:9): [True: 0, False: 952] ------------------ 2156| 0| return -1; 2157| 0| } 2158| | 2159| 952|#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) 2160| 952| if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) { ------------------ | Branch (2160:9): [True: 0, False: 952] | Branch (2160:27): [True: 0, False: 0] ------------------ 2161| 0| return mbedtls_pk_verify_restartable(&parent->pk, 2162| 0| child->sig_md, hash, hash_len, 2163| 0| child->sig.p, child->sig.len, &rs_ctx->pk); 2164| 0| } 2165| |#else 2166| | (void) rs_ctx; 2167| |#endif 2168| | 2169| 952| return mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk, 2170| 952| child->sig_md, hash, hash_len, 2171| 952| child->sig.p, child->sig.len); 2172| 952|} x509_crt.c:x509_name_cmp: 340| 2.38k|{ 341| | /* Avoid recursion, it might not be optimised by the compiler */ 342| 3.80k| while (a != NULL || b != NULL) { ------------------ | Branch (342:12): [True: 2.38k, False: 1.42k] | Branch (342:25): [True: 0, False: 1.42k] ------------------ 343| 2.38k| if (a == NULL || b == NULL) { ------------------ | Branch (343:13): [True: 0, False: 2.38k] | Branch (343:26): [True: 0, False: 2.38k] ------------------ 344| 0| return -1; 345| 0| } 346| | 347| | /* type */ 348| 2.38k| if (a->oid.tag != b->oid.tag || ------------------ | Branch (348:13): [True: 0, False: 2.38k] ------------------ 349| 2.38k| a->oid.len != b->oid.len || ------------------ | Branch (349:13): [True: 0, False: 2.38k] ------------------ 350| 2.38k| memcmp(a->oid.p, b->oid.p, b->oid.len) != 0) { ------------------ | Branch (350:13): [True: 0, False: 2.38k] ------------------ 351| 0| return -1; 352| 0| } 353| | 354| | /* value */ 355| 2.38k| if (x509_string_cmp(&a->val, &b->val) != 0) { ------------------ | Branch (355:13): [True: 952, False: 1.42k] ------------------ 356| 952| return -1; 357| 952| } 358| | 359| | /* structure of the list of sets */ 360| 1.42k| if (a->next_merged != b->next_merged) { ------------------ | Branch (360:13): [True: 0, False: 1.42k] ------------------ 361| 0| return -1; 362| 0| } 363| | 364| 1.42k| a = a->next; 365| 1.42k| b = b->next; 366| 1.42k| } 367| | 368| | /* a == NULL == b */ 369| 1.42k| return 0; 370| 2.38k|} x509_crt.c:x509_string_cmp: 312| 2.38k|{ 313| 2.38k| if (a->tag == b->tag && ------------------ | Branch (313:9): [True: 2.38k, False: 0] ------------------ 314| 2.38k| a->len == b->len && ------------------ | Branch (314:9): [True: 1.42k, False: 952] ------------------ 315| 2.38k| memcmp(a->p, b->p, b->len) == 0) { ------------------ | Branch (315:9): [True: 1.42k, False: 0] ------------------ 316| 1.42k| return 0; 317| 1.42k| } 318| | 319| 952| if ((a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && ------------------ | | 71| 1.90k|#define MBEDTLS_ASN1_UTF8_STRING 0x0C ------------------ if ((a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && ------------------ | | 74| 0|#define MBEDTLS_ASN1_PRINTABLE_STRING 0x13 ------------------ | Branch (319:10): [True: 952, False: 0] | Branch (319:48): [True: 0, False: 0] ------------------ 320| 952| (b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && ------------------ | | 71| 1.90k|#define MBEDTLS_ASN1_UTF8_STRING 0x0C ------------------ (b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING) && ------------------ | | 74| 0|#define MBEDTLS_ASN1_PRINTABLE_STRING 0x13 ------------------ | Branch (320:10): [True: 952, False: 0] | Branch (320:48): [True: 0, False: 0] ------------------ 321| 952| a->len == b->len && ------------------ | Branch (321:9): [True: 0, False: 952] ------------------ 322| 952| x509_memcasecmp(a->p, b->p, b->len) == 0) { ------------------ | Branch (322:9): [True: 0, False: 0] ------------------ 323| 0| return 0; 324| 0| } 325| | 326| 952| return -1; 327| 952|} x509_crt.c:x509_crt_verifycrl: 2014| 952|{ 2015| 952| int flags = 0; 2016| 952| unsigned char hash[MBEDTLS_MD_MAX_SIZE]; 2017| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 2018| | psa_algorithm_t psa_algorithm; 2019| |#else 2020| 952| const mbedtls_md_info_t *md_info; 2021| 952|#endif /* MBEDTLS_USE_PSA_CRYPTO */ 2022| 952| size_t hash_length; 2023| | 2024| 952| if (ca == NULL) { ------------------ | Branch (2024:9): [True: 0, False: 952] ------------------ 2025| 0| return flags; 2026| 0| } 2027| | 2028| 952| while (crl_list != NULL) { ------------------ | Branch (2028:12): [True: 0, False: 952] ------------------ 2029| 0| if (crl_list->version == 0 || ------------------ | Branch (2029:13): [True: 0, False: 0] ------------------ 2030| 0| x509_name_cmp(&crl_list->issuer, &ca->subject) != 0) { ------------------ | Branch (2030:13): [True: 0, False: 0] ------------------ 2031| 0| crl_list = crl_list->next; 2032| 0| continue; 2033| 0| } 2034| | 2035| | /* 2036| | * Check if the CA is configured to sign CRLs 2037| | */ 2038| 0| if (mbedtls_x509_crt_check_key_usage(ca, ------------------ | Branch (2038:13): [True: 0, False: 0] ------------------ 2039| 0| MBEDTLS_X509_KU_CRL_SIGN) != 0) { ------------------ | | 147| 0|#define MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */ ------------------ 2040| 0| flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; ------------------ | | 95| 0|#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10 /**< The CRL is not correctly signed by the trusted CA. */ ------------------ 2041| 0| break; 2042| 0| } 2043| | 2044| | /* 2045| | * Check if CRL is correctly signed by the trusted CA 2046| | */ 2047| 0| if (x509_profile_check_md_alg(profile, crl_list->sig_md) != 0) { ------------------ | Branch (2047:13): [True: 0, False: 0] ------------------ 2048| 0| flags |= MBEDTLS_X509_BADCRL_BAD_MD; ------------------ | | 108| 0|#define MBEDTLS_X509_BADCRL_BAD_MD 0x020000 /**< The CRL is signed with an unacceptable hash. */ ------------------ 2049| 0| } 2050| | 2051| 0| if (x509_profile_check_pk_alg(profile, crl_list->sig_pk) != 0) { ------------------ | Branch (2051:13): [True: 0, False: 0] ------------------ 2052| 0| flags |= MBEDTLS_X509_BADCRL_BAD_PK; ------------------ | | 109| 0|#define MBEDTLS_X509_BADCRL_BAD_PK 0x040000 /**< The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */ ------------------ 2053| 0| } 2054| | 2055| |#if defined(MBEDTLS_USE_PSA_CRYPTO) 2056| | psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md); 2057| | if (psa_hash_compute(psa_algorithm, 2058| | crl_list->tbs.p, 2059| | crl_list->tbs.len, 2060| | hash, 2061| | sizeof(hash), 2062| | &hash_length) != PSA_SUCCESS) { 2063| | /* Note: this can't happen except after an internal error */ 2064| | flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; 2065| | break; 2066| | } 2067| |#else 2068| 0| md_info = mbedtls_md_info_from_type(crl_list->sig_md); 2069| 0| hash_length = mbedtls_md_get_size(md_info); 2070| 0| if (mbedtls_md(md_info, ------------------ | Branch (2070:13): [True: 0, False: 0] ------------------ 2071| 0| crl_list->tbs.p, 2072| 0| crl_list->tbs.len, 2073| 0| hash) != 0) { 2074| | /* Note: this can't happen except after an internal error */ 2075| 0| flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; ------------------ | | 95| 0|#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10 /**< The CRL is not correctly signed by the trusted CA. */ ------------------ 2076| 0| break; 2077| 0| } 2078| 0|#endif /* MBEDTLS_USE_PSA_CRYPTO */ 2079| | 2080| 0| if (x509_profile_check_key(profile, &ca->pk) != 0) { ------------------ | Branch (2080:13): [True: 0, False: 0] ------------------ 2081| 0| flags |= MBEDTLS_X509_BADCERT_BAD_KEY; ------------------ | | 107| 0|#define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000 /**< The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */ ------------------ 2082| 0| } 2083| | 2084| 0| if (mbedtls_pk_verify_ext(crl_list->sig_pk, crl_list->sig_opts, &ca->pk, ------------------ | Branch (2084:13): [True: 0, False: 0] ------------------ 2085| 0| crl_list->sig_md, hash, hash_length, 2086| 0| crl_list->sig.p, crl_list->sig.len) != 0) { 2087| 0| flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; ------------------ | | 95| 0|#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10 /**< The CRL is not correctly signed by the trusted CA. */ ------------------ 2088| 0| break; 2089| 0| } 2090| | 2091| 0|#if defined(MBEDTLS_HAVE_TIME_DATE) 2092| | /* 2093| | * Check for validity of CRL (Do not drop out) 2094| | */ 2095| 0| if (mbedtls_x509_time_cmp(&crl_list->next_update, now) < 0) { ------------------ | Branch (2095:13): [True: 0, False: 0] ------------------ 2096| 0| flags |= MBEDTLS_X509_BADCRL_EXPIRED; ------------------ | | 96| 0|#define MBEDTLS_X509_BADCRL_EXPIRED 0x20 /**< The CRL is expired. */ ------------------ 2097| 0| } 2098| | 2099| 0| if (mbedtls_x509_time_cmp(&crl_list->this_update, now) > 0) { ------------------ | Branch (2099:13): [True: 0, False: 0] ------------------ 2100| 0| flags |= MBEDTLS_X509_BADCRL_FUTURE; ------------------ | | 101| 0|#define MBEDTLS_X509_BADCRL_FUTURE 0x0400 /**< The CRL is from the future */ ------------------ 2101| 0| } 2102| |#else 2103| | ((void) now); 2104| |#endif 2105| | 2106| | /* 2107| | * Check if certificate is revoked 2108| | */ 2109| 0| if (mbedtls_x509_crt_is_revoked(crt, crl_list)) { ------------------ | Branch (2109:13): [True: 0, False: 0] ------------------ 2110| 0| flags |= MBEDTLS_X509_BADCERT_REVOKED; ------------------ | | 92| 0|#define MBEDTLS_X509_BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */ ------------------ 2111| 0| break; 2112| 0| } 2113| | 2114| 0| crl_list = crl_list->next; 2115| 0| } 2116| | 2117| 952| return flags; 2118| 952|} x509_crt.c:x509_crt_merge_flags_with_cb: 3016| 1.42k|{ 3017| 1.42k| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 100| 1.42k|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 3018| 1.42k| unsigned i; 3019| 1.42k| uint32_t cur_flags; 3020| 1.42k| const mbedtls_x509_crt_verify_chain_item *cur; 3021| | 3022| 3.80k| for (i = ver_chain->len; i != 0; --i) { ------------------ | Branch (3022:30): [True: 2.38k, False: 1.42k] ------------------ 3023| 2.38k| cur = &ver_chain->items[i-1]; 3024| 2.38k| cur_flags = cur->flags; 3025| | 3026| 2.38k| if (NULL != f_vrfy) { ------------------ | Branch (3026:13): [True: 0, False: 2.38k] ------------------ 3027| 0| if ((ret = f_vrfy(p_vrfy, cur->crt, (int) i-1, &cur_flags)) != 0) { ------------------ | Branch (3027:17): [True: 0, False: 0] ------------------ 3028| 0| return ret; 3029| 0| } 3030| 0| } 3031| | 3032| 2.38k| *flags |= cur_flags; 3033| 2.38k| } 3034| | 3035| 1.42k| return 0; 3036| 1.42k|} x509_crt.c:x509_crt_verify_chain_reset: 377| 1.42k|{ 378| 1.42k| size_t i; 379| | 380| 15.7k| for (i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++) { ------------------ | | 258| 15.7k|#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2) | | ------------------ | | | | 37| 15.7k|#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 | | ------------------ ------------------ | Branch (380:17): [True: 14.2k, False: 1.42k] ------------------ 381| 14.2k| ver_chain->items[i].crt = NULL; 382| 14.2k| ver_chain->items[i].flags = (uint32_t) -1; 383| 14.2k| } 384| | 385| 1.42k| ver_chain->len = 0; 386| | 387| |#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) 388| | ver_chain->trust_ca_cb_result = NULL; 389| |#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ 390| 1.42k|} libspdm_consttime_is_mem_equal: 11| 8.57k|{ 12| 8.57k| const volatile uint8_t *pointer_dst; 13| 8.57k| const volatile uint8_t *pointer_src; 14| 8.57k| uint8_t delta; 15| | 16| 8.57k| pointer_dst = (const uint8_t *)destination_buffer; 17| 8.57k| pointer_src = (const uint8_t *)source_buffer; 18| 8.57k| delta = 0; 19| 89.1k| while ((length-- != 0)) { ------------------ | Branch (19:12): [True: 80.5k, False: 8.57k] ------------------ 20| 80.5k| delta |= *(pointer_dst++) ^ *(pointer_src++); 21| 80.5k| } 22| | 23| 8.57k| return ((delta == 0) ? true : false); ------------------ | Branch (23:13): [True: 2.86k, False: 5.71k] ------------------ 24| 8.57k|} libspdm_copy_mem: 12| 16.4k|{ 13| 16.4k| volatile uint8_t* dst; 14| 16.4k| const volatile uint8_t* src; 15| | 16| 16.4k| dst = (volatile uint8_t*) dst_buf; 17| 16.4k| src = (const volatile uint8_t*) src_buf; 18| | 19| 16.4k| if ((dst == NULL) || (src == NULL)) { ------------------ | Branch (19:9): [True: 0, False: 16.4k] | Branch (19:26): [True: 0, False: 16.4k] ------------------ 20| 0| LIBSPDM_ASSERT(0); 21| 0| } 22| 16.4k| if (((src < dst) && ((src + src_len) > dst)) || ((dst < src) && ((dst + src_len) > src))) { ------------------ | Branch (22:10): [True: 4.92k, False: 11.5k] | Branch (22:25): [True: 0, False: 4.92k] | Branch (22:54): [True: 11.5k, False: 4.92k] | Branch (22:69): [True: 0, False: 11.5k] ------------------ 23| 0| LIBSPDM_ASSERT(0); 24| 0| } 25| 16.4k| if (src_len > dst_len) { ------------------ | Branch (25:9): [True: 0, False: 16.4k] ------------------ 26| 0| LIBSPDM_ASSERT(0); 27| 0| } 28| | 29| 1.40M| while (src_len-- != 0) { ------------------ | Branch (29:12): [True: 1.38M, False: 16.4k] ------------------ 30| 1.38M| *(dst++) = *(src++); 31| 1.38M| } 32| 16.4k|} libspdm_set_mem: 10| 595|{ 11| 595| volatile uint8_t *pointer; 12| | 13| 595| pointer = (uint8_t *)buffer; 14| 27.2k| while (length-- != 0) { ------------------ | Branch (14:12): [True: 26.6k, False: 595] ------------------ 15| 26.6k| *(pointer++) = value; 16| 26.6k| } 17| 595|} libspdm_zero_mem: 17| 1.27M|{ 18| | 19| |#if defined(__STDC_LIB_EXT1__) 20| | memset_s(buffer, length, 0, length); 21| |#elif defined(_WIN32) 22| | SecureZeroMemory(buffer, length); 23| |#elif defined(_GNU_SOURCE) || defined(_BSD_SOURCE) 24| | explicit_bzero(buffer, length); 25| |#else 26| 1.27M| volatile uint8_t *pointer; 27| | 28| 1.27M| pointer = (uint8_t *)buffer; 29| 90.3M| while (length-- != 0) { ------------------ | Branch (29:12): [True: 89.1M, False: 1.27M] ------------------ 30| 89.1M| *(pointer++) = 0; 31| 89.1M| } 32| | 33| |#if defined(_MSC_VER) && (_MSC_VER > 1200) && !defined(__clang__) 34| | _ReadWriteBarrier(); 35| |#elif defined(__GNUC__) 36| | __asm__ __volatile__ ("" : : : "memory"); 37| 1.27M|#endif 38| | 39| 1.27M|#endif 40| 1.27M|} libspdm_get_random_number_64: 26| 8.56k|{ 27| 8.56k| int fd; 28| | 29| 8.56k| assert(rand_data != NULL); 30| | 31| 8.56k| fd = open("/dev/urandom", O_RDONLY); 32| 8.56k| if (fd < 0) { ------------------ | Branch (32:9): [True: 0, False: 8.56k] ------------------ 33| 0| printf("cannot open /dev/urandom\n"); 34| 0| return false; 35| 0| } 36| 8.56k| if (read(fd, rand_data, sizeof(*rand_data)) != sizeof(*rand_data)) { ------------------ | Branch (36:9): [True: 0, False: 8.56k] ------------------ 37| 0| printf("Cannot read /dev/urandom\n"); 38| 0| close(fd); 39| 0| return false; 40| 0| } 41| 8.56k| close(fd); 42| | 43| 8.56k| return true; 44| 8.56k|} libspdm_get_asym_get_private_key_from_pem: 23| 119|{ 24| 119| switch (base_asym_algo) { 25| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048: ------------------ | | 371| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 0x00000001 ------------------ | Branch (25:5): [True: 119, False: 0] ------------------ 26| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072: ------------------ | | 373| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 0x00000004 ------------------ | Branch (26:5): [True: 0, False: 119] ------------------ 27| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096: ------------------ | | 376| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 0x00000020 ------------------ | Branch (27:5): [True: 0, False: 119] ------------------ 28| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048: ------------------ | | 372| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 0x00000002 ------------------ | Branch (28:5): [True: 0, False: 119] ------------------ 29| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072: ------------------ | | 374| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072 0x00000008 ------------------ | Branch (29:5): [True: 0, False: 119] ------------------ 30| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096: ------------------ | | 377| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096 0x00000040 ------------------ | Branch (30:5): [True: 0, False: 119] ------------------ 31| 119|#if (LIBSPDM_RSA_SSA_SUPPORT) || (LIBSPDM_RSA_PSS_SUPPORT) 32| 119| return libspdm_rsa_get_private_key_from_pem; 33| |#else 34| | LIBSPDM_ASSERT(false); 35| | break; 36| |#endif 37| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256: ------------------ | | 375| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 0x00000010 ------------------ | Branch (37:5): [True: 0, False: 119] ------------------ 38| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384: ------------------ | | 378| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 0x00000080 ------------------ | Branch (38:5): [True: 0, False: 119] ------------------ 39| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521: ------------------ | | 379| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 0x00000100 ------------------ | Branch (39:5): [True: 0, False: 119] ------------------ 40| 0|#if LIBSPDM_ECDSA_SUPPORT 41| 0| return libspdm_ec_get_private_key_from_pem; 42| |#else 43| | LIBSPDM_ASSERT(false); 44| | break; 45| |#endif 46| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519: ------------------ | | 385| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 0x00000400 ------------------ | Branch (46:5): [True: 0, False: 119] ------------------ 47| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448: ------------------ | | 386| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 0x00000800 ------------------ | Branch (47:5): [True: 0, False: 119] ------------------ 48| |#if (LIBSPDM_EDDSA_ED25519_SUPPORT) || (LIBSPDM_EDDSA_ED448_SUPPORT) 49| | return libspdm_ecd_get_private_key_from_pem; 50| |#else 51| 0| LIBSPDM_ASSERT(false); 52| 0| break; 53| 0|#endif 54| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256: ------------------ | | 384| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 0x00000200 ------------------ | Branch (54:5): [True: 0, False: 119] ------------------ 55| |#if LIBSPDM_SM2_DSA_SUPPORT 56| | return libspdm_sm2_get_private_key_from_pem; 57| |#else 58| 0| LIBSPDM_ASSERT(false); 59| 0| break; 60| 0|#endif 61| 0| default: ------------------ | Branch (61:5): [True: 0, False: 119] ------------------ 62| 0| LIBSPDM_ASSERT(false); 63| 0| break; 64| 119| } 65| | 66| 0| return NULL; 67| 119|} libspdm_req_asym_get_private_key_from_pem: 127| 119|{ 128| 119| libspdm_asym_get_private_key_from_pem_func asym_get_private_key_from_pem; 129| 119| asym_get_private_key_from_pem = 130| 119| libspdm_get_req_asym_get_private_key_from_pem(req_base_asym_alg); 131| 119| if (asym_get_private_key_from_pem == NULL) { ------------------ | Branch (131:9): [True: 0, False: 119] ------------------ 132| 0| return false; 133| 0| } 134| 119| return asym_get_private_key_from_pem(pem_data, pem_size, password, 135| 119| context); 136| 119|} spdm_crypt_ext.c:libspdm_get_req_asym_get_private_key_from_pem: 105| 119|{ 106| 119| return libspdm_get_asym_get_private_key_from_pem(req_base_asym_alg); 107| 119|} libspdm_read_requester_private_key: 71| 119|{ 72| 119| bool res; 73| 119| char *file; 74| | 75| 119| switch (req_base_asym_alg) { 76| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048: ------------------ | | 371| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 0x00000001 ------------------ | Branch (76:5): [True: 119, False: 0] ------------------ 77| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048: ------------------ | | 372| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 0x00000002 ------------------ | Branch (77:5): [True: 0, False: 119] ------------------ 78| 119| file = "rsa2048/end_requester.key"; 79| 119| break; 80| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072: ------------------ | | 373| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 0x00000004 ------------------ | Branch (80:5): [True: 0, False: 119] ------------------ 81| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072: ------------------ | | 374| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072 0x00000008 ------------------ | Branch (81:5): [True: 0, False: 119] ------------------ 82| 0| file = "rsa3072/end_requester.key"; 83| 0| break; 84| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096: ------------------ | | 376| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 0x00000020 ------------------ | Branch (84:5): [True: 0, False: 119] ------------------ 85| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096: ------------------ | | 377| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096 0x00000040 ------------------ | Branch (85:5): [True: 0, False: 119] ------------------ 86| 0| file = "rsa4096/end_requester.key"; 87| 0| break; 88| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256: ------------------ | | 375| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 0x00000010 ------------------ | Branch (88:5): [True: 0, False: 119] ------------------ 89| 0| file = "ecp256/end_requester.key"; 90| 0| break; 91| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384: ------------------ | | 378| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 0x00000080 ------------------ | Branch (91:5): [True: 0, False: 119] ------------------ 92| 0| file = "ecp384/end_requester.key"; 93| 0| break; 94| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521: ------------------ | | 379| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 0x00000100 ------------------ | Branch (94:5): [True: 0, False: 119] ------------------ 95| 0| file = "ecp521/end_requester.key"; 96| 0| break; 97| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256: ------------------ | | 384| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 0x00000200 ------------------ | Branch (97:5): [True: 0, False: 119] ------------------ 98| 0| file = "sm2/end_requester.key"; 99| 0| break; 100| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519: ------------------ | | 385| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 0x00000400 ------------------ | Branch (100:5): [True: 0, False: 119] ------------------ 101| 0| file = "ed25519/end_requester.key"; 102| 0| break; 103| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448: ------------------ | | 386| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 0x00000800 ------------------ | Branch (103:5): [True: 0, False: 119] ------------------ 104| 0| file = "ed448/end_requester.key"; 105| 0| break; 106| 0| default: ------------------ | Branch (106:5): [True: 0, False: 119] ------------------ 107| 0| LIBSPDM_ASSERT(false); 108| 0| return false; 109| 119| } 110| 119| res = libspdm_read_input_file(file, data, size); 111| 119| return res; 112| 119|} libspdm_read_responder_public_certificate_chain: 369| 357|{ 370| 357| bool res; 371| 357| void *file_data; 372| 357| size_t file_size; 373| 357| spdm_cert_chain_t *cert_chain; 374| 357| size_t cert_chain_size; 375| 357| char *file; 376| 357| const uint8_t *root_cert; 377| 357| size_t root_cert_len; 378| 357| size_t digest_size; 379| 357| bool is_requester_cert; 380| 357| bool is_device_cert_model; 381| | 382| 357| is_requester_cert = false; 383| | 384| | /*default is true*/ 385| 357| is_device_cert_model = true; 386| | 387| 357| *data = NULL; 388| 357| *size = 0; 389| 357| if (hash != NULL) { ------------------ | Branch (389:9): [True: 0, False: 357] ------------------ 390| 0| *hash = NULL; 391| 0| } 392| 357| if (hash_size != NULL) { ------------------ | Branch (392:9): [True: 0, False: 357] ------------------ 393| 0| *hash_size = 0; 394| 0| } 395| | 396| 357| if (base_asym_algo == 0) { ------------------ | Branch (396:9): [True: 0, False: 357] ------------------ 397| 0| return false; 398| 0| } 399| | 400| 357| switch (base_asym_algo) { 401| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048: ------------------ | | 371| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 0x00000001 ------------------ | Branch (401:5): [True: 0, False: 357] ------------------ 402| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048: ------------------ | | 372| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 0x00000002 ------------------ | Branch (402:5): [True: 0, False: 357] ------------------ 403| 0| file = "rsa2048/bundle_responder.certchain.der"; 404| 0| break; 405| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072: ------------------ | | 373| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 0x00000004 ------------------ | Branch (405:5): [True: 0, False: 357] ------------------ 406| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072: ------------------ | | 374| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072 0x00000008 ------------------ | Branch (406:5): [True: 0, False: 357] ------------------ 407| 0| file = "rsa3072/bundle_responder.certchain.der"; 408| 0| break; 409| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096: ------------------ | | 376| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 0x00000020 ------------------ | Branch (409:5): [True: 0, False: 357] ------------------ 410| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096: ------------------ | | 377| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096 0x00000040 ------------------ | Branch (410:5): [True: 0, False: 357] ------------------ 411| 0| file = "rsa4096/bundle_responder.certchain.der"; 412| 0| break; 413| 357| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256: ------------------ | | 375| 357|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 0x00000010 ------------------ | Branch (413:5): [True: 357, False: 0] ------------------ 414| 357| file = "ecp256/bundle_responder.certchain.der"; 415| 357| break; 416| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384: ------------------ | | 378| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 0x00000080 ------------------ | Branch (416:5): [True: 0, False: 357] ------------------ 417| 0| file = "ecp384/bundle_responder.certchain.der"; 418| 0| break; 419| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521: ------------------ | | 379| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 0x00000100 ------------------ | Branch (419:5): [True: 0, False: 357] ------------------ 420| 0| file = "ecp521/bundle_responder.certchain.der"; 421| 0| break; 422| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256: ------------------ | | 384| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 0x00000200 ------------------ | Branch (422:5): [True: 0, False: 357] ------------------ 423| 0| file = "sm2/bundle_responder.certchain.der"; 424| 0| break; 425| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519: ------------------ | | 385| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 0x00000400 ------------------ | Branch (425:5): [True: 0, False: 357] ------------------ 426| 0| file = "ed25519/bundle_responder.certchain.der"; 427| 0| break; 428| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448: ------------------ | | 386| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 0x00000800 ------------------ | Branch (428:5): [True: 0, False: 357] ------------------ 429| 0| file = "ed448/bundle_responder.certchain.der"; 430| 0| break; 431| 0| default: ------------------ | Branch (431:5): [True: 0, False: 357] ------------------ 432| 0| LIBSPDM_ASSERT(false); 433| 0| return false; 434| 357| } 435| 357| res = libspdm_read_input_file(file, &file_data, &file_size); 436| 357| if (!res) { ------------------ | Branch (436:9): [True: 0, False: 357] ------------------ 437| 0| return res; 438| 0| } 439| | 440| 357| digest_size = libspdm_get_hash_size(base_hash_algo); 441| | 442| 357| cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size; 443| 357| cert_chain = (void *)malloc(cert_chain_size); 444| 357| if (cert_chain == NULL) { ------------------ | Branch (444:9): [True: 0, False: 357] ------------------ 445| 0| free(file_data); 446| 0| return false; 447| 0| } 448| 357| cert_chain->length = (uint16_t)cert_chain_size; 449| 357| cert_chain->reserved = 0; 450| | 451| 357| res = libspdm_verify_cert_chain_data(file_data, file_size, 452| 357| base_asym_algo, base_hash_algo, 453| 357| is_requester_cert, is_device_cert_model); 454| 357| if (!res) { ------------------ | Branch (454:9): [True: 0, False: 357] ------------------ 455| 0| free(file_data); 456| 0| free(cert_chain); 457| 0| return res; 458| 0| } 459| | 460| | 461| | /* Get Root Certificate and calculate hash value*/ 462| | 463| 357| res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert, 464| 357| &root_cert_len); 465| 357| if (!res) { ------------------ | Branch (465:9): [True: 0, False: 357] ------------------ 466| 0| free(file_data); 467| 0| free(cert_chain); 468| 0| return res; 469| 0| } 470| | 471| 357| res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len, 472| 357| (uint8_t *)(cert_chain + 1)); 473| 357| if (!res) { ------------------ | Branch (473:9): [True: 0, False: 357] ------------------ 474| 0| free(file_data); 475| 0| free(cert_chain); 476| 0| return res; 477| 0| } 478| 357| libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size, 479| 357| cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size), 480| 357| file_data, file_size); 481| | 482| 357| *data = cert_chain; 483| 357| *size = cert_chain_size; 484| 357| if (hash != NULL) { ------------------ | Branch (484:9): [True: 0, False: 357] ------------------ 485| 0| *hash = (cert_chain + 1); 486| 0| } 487| 357| if (hash_size != NULL) { ------------------ | Branch (487:9): [True: 0, False: 357] ------------------ 488| 0| *hash_size = digest_size; 489| 0| } 490| | 491| 357| free(file_data); 492| 357| return true; 493| 357|} libspdm_read_requester_public_certificate_chain: 960| 119|{ 961| 119| bool res; 962| 119| void *file_data; 963| 119| size_t file_size; 964| 119| spdm_cert_chain_t *cert_chain; 965| 119| size_t cert_chain_size; 966| 119| char *file; 967| 119| const uint8_t *root_cert; 968| 119| size_t root_cert_len; 969| 119| size_t digest_size; 970| 119| bool is_requester_cert; 971| 119| bool is_device_cert_model; 972| | 973| 119| is_requester_cert = false; 974| | 975| | /*default is true*/ 976| 119| is_device_cert_model = true; 977| | 978| 119| *data = NULL; 979| 119| *size = 0; 980| 119| if (hash != NULL) { ------------------ | Branch (980:9): [True: 0, False: 119] ------------------ 981| 0| *hash = NULL; 982| 0| } 983| 119| if (hash_size != NULL) { ------------------ | Branch (983:9): [True: 0, False: 119] ------------------ 984| 0| *hash_size = 0; 985| 0| } 986| | 987| 119| if (req_base_asym_alg == 0) { ------------------ | Branch (987:9): [True: 0, False: 119] ------------------ 988| 0| return false; 989| 0| } 990| | 991| 119| switch (req_base_asym_alg) { 992| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048: ------------------ | | 371| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_2048 0x00000001 ------------------ | Branch (992:5): [True: 119, False: 0] ------------------ 993| 119| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048: ------------------ | | 372| 119|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_2048 0x00000002 ------------------ | Branch (993:5): [True: 0, False: 119] ------------------ 994| 119| file = "rsa2048/bundle_requester.certchain.der"; 995| 119| break; 996| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072: ------------------ | | 373| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_3072 0x00000004 ------------------ | Branch (996:5): [True: 0, False: 119] ------------------ 997| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072: ------------------ | | 374| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_3072 0x00000008 ------------------ | Branch (997:5): [True: 0, False: 119] ------------------ 998| 0| file = "rsa3072/bundle_requester.certchain.der"; 999| 0| break; 1000| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096: ------------------ | | 376| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSASSA_4096 0x00000020 ------------------ | Branch (1000:5): [True: 0, False: 119] ------------------ 1001| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096: ------------------ | | 377| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_RSAPSS_4096 0x00000040 ------------------ | Branch (1001:5): [True: 0, False: 119] ------------------ 1002| 0| file = "rsa4096/bundle_requester.certchain.der"; 1003| 0| break; 1004| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256: ------------------ | | 375| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P256 0x00000010 ------------------ | Branch (1004:5): [True: 0, False: 119] ------------------ 1005| 0| file = "ecp256/bundle_requester.certchain.der"; 1006| 0| break; 1007| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384: ------------------ | | 378| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P384 0x00000080 ------------------ | Branch (1007:5): [True: 0, False: 119] ------------------ 1008| 0| file = "ecp384/bundle_requester.certchain.der"; 1009| 0| break; 1010| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521: ------------------ | | 379| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_ECDSA_ECC_NIST_P521 0x00000100 ------------------ | Branch (1010:5): [True: 0, False: 119] ------------------ 1011| 0| file = "ecp521/bundle_requester.certchain.der"; 1012| 0| break; 1013| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256: ------------------ | | 384| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_TPM_ALG_SM2_ECC_SM2_P256 0x00000200 ------------------ | Branch (1013:5): [True: 0, False: 119] ------------------ 1014| 0| file = "sm2/bundle_requester.certchain.der"; 1015| 0| break; 1016| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519: ------------------ | | 385| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED25519 0x00000400 ------------------ | Branch (1016:5): [True: 0, False: 119] ------------------ 1017| 0| file = "ed25519/bundle_requester.certchain.der"; 1018| 0| break; 1019| 0| case SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448: ------------------ | | 386| 0|#define SPDM_ALGORITHMS_BASE_ASYM_ALGO_EDDSA_ED448 0x00000800 ------------------ | Branch (1019:5): [True: 0, False: 119] ------------------ 1020| 0| file = "ed448/bundle_requester.certchain.der"; 1021| 0| break; 1022| 0| default: ------------------ | Branch (1022:5): [True: 0, False: 119] ------------------ 1023| 0| LIBSPDM_ASSERT(false); 1024| 0| return false; 1025| 119| } 1026| 119| res = libspdm_read_input_file(file, &file_data, &file_size); 1027| 119| if (!res) { ------------------ | Branch (1027:9): [True: 0, False: 119] ------------------ 1028| 0| return res; 1029| 0| } 1030| | 1031| 119| digest_size = libspdm_get_hash_size(base_hash_algo); 1032| | 1033| 119| cert_chain_size = sizeof(spdm_cert_chain_t) + digest_size + file_size; 1034| 119| cert_chain = (void *)malloc(cert_chain_size); 1035| 119| if (cert_chain == NULL) { ------------------ | Branch (1035:9): [True: 0, False: 119] ------------------ 1036| 0| free(file_data); 1037| 0| return false; 1038| 0| } 1039| 119| cert_chain->length = (uint16_t)cert_chain_size; 1040| 119| cert_chain->reserved = 0; 1041| | 1042| 119| res = libspdm_verify_cert_chain_data(file_data, file_size, 1043| 119| req_base_asym_alg, base_hash_algo, 1044| 119| is_requester_cert, is_device_cert_model); 1045| 119| if (!res) { ------------------ | Branch (1045:9): [True: 0, False: 119] ------------------ 1046| 0| free(file_data); 1047| 0| free(cert_chain); 1048| 0| return res; 1049| 0| } 1050| | 1051| | 1052| | /* Get Root Certificate and calculate hash value*/ 1053| | 1054| 119| res = libspdm_x509_get_cert_from_cert_chain(file_data, file_size, 0, &root_cert, 1055| 119| &root_cert_len); 1056| 119| if (!res) { ------------------ | Branch (1056:9): [True: 0, False: 119] ------------------ 1057| 0| free(file_data); 1058| 0| free(cert_chain); 1059| 0| return res; 1060| 0| } 1061| | 1062| 119| res = libspdm_hash_all(base_hash_algo, root_cert, root_cert_len, 1063| 119| (uint8_t *)(cert_chain + 1)); 1064| 119| if (!res) { ------------------ | Branch (1064:9): [True: 0, False: 119] ------------------ 1065| 0| free(file_data); 1066| 0| free(cert_chain); 1067| 0| return res; 1068| 0| } 1069| 119| libspdm_copy_mem((uint8_t *)cert_chain + sizeof(spdm_cert_chain_t) + digest_size, 1070| 119| cert_chain_size - (sizeof(spdm_cert_chain_t) + digest_size), 1071| 119| file_data, file_size); 1072| | 1073| 119| *data = cert_chain; 1074| 119| *size = cert_chain_size; 1075| 119| if (hash != NULL) { ------------------ | Branch (1075:9): [True: 0, False: 119] ------------------ 1076| 0| *hash = (cert_chain + 1); 1077| 0| } 1078| 119| if (hash_size != NULL) { ------------------ | Branch (1078:9): [True: 0, False: 119] ------------------ 1079| 0| *hash_size = digest_size; 1080| 0| } 1081| | 1082| 119| free(file_data); 1083| 119| return true; 1084| 119|} libspdm_requester_data_sign: 31| 119|{ 32| 119| void *context; 33| 119| bool result; 34| | 35| 119|#if !LIBSPDM_PRIVATE_KEY_MODE_RAW_KEY_ONLY 36| 119| if (g_private_key_mode) { ------------------ | Branch (36:9): [True: 119, False: 0] ------------------ 37| 119| void *private_pem; 38| 119| size_t private_pem_size; 39| | 40| 119| result = libspdm_read_requester_private_key( 41| 119| req_base_asym_alg, &private_pem, &private_pem_size); 42| 119| if (!result) { ------------------ | Branch (42:13): [True: 0, False: 119] ------------------ 43| 0| return false; 44| 0| } 45| | 46| 119| result = libspdm_req_asym_get_private_key_from_pem(req_base_asym_alg, 47| 119| private_pem, 48| 119| private_pem_size, NULL, 49| 119| &context); 50| 119| if (!result) { ------------------ | Branch (50:13): [True: 0, False: 119] ------------------ 51| 0| libspdm_zero_mem(private_pem, private_pem_size); 52| 0| free(private_pem); 53| 0| return false; 54| 0| } 55| | 56| 119| if (is_data_hash) { ------------------ | Branch (56:13): [True: 0, False: 119] ------------------ 57| 0| result = libspdm_req_asym_sign_hash(spdm_version, op_code, req_base_asym_alg, 58| 0| base_hash_algo, context, 59| 0| message, message_size, signature, sig_size); 60| 119| } else { 61| 119| result = libspdm_req_asym_sign(spdm_version, op_code, req_base_asym_alg, 62| 119| base_hash_algo, context, 63| 119| message, message_size, 64| 119| signature, sig_size); 65| 119| } 66| 119| libspdm_req_asym_free(req_base_asym_alg, context); 67| 119| libspdm_zero_mem(private_pem, private_pem_size); 68| 119| free(private_pem); 69| 119| } else { 70| 0|#endif 71| 0| result = libspdm_get_requester_private_key_from_raw_data(req_base_asym_alg, &context); 72| 0| if (!result) { ------------------ | Branch (72:9): [True: 0, False: 0] ------------------ 73| 0| return false; 74| 0| } 75| | 76| 0| if (is_data_hash) { ------------------ | Branch (76:9): [True: 0, False: 0] ------------------ 77| 0| result = libspdm_req_asym_sign_hash(spdm_version, op_code, req_base_asym_alg, 78| 0| base_hash_algo, context, 79| 0| message, message_size, signature, sig_size); 80| 0| } else { 81| 0| result = libspdm_req_asym_sign(spdm_version, op_code, req_base_asym_alg, 82| 0| base_hash_algo, context, 83| 0| message, message_size, 84| 0| signature, sig_size); 85| 0| } 86| 0| libspdm_req_asym_free(req_base_asym_alg, context); 87| 0|#if !LIBSPDM_PRIVATE_KEY_MODE_RAW_KEY_ONLY 88| 0|} 89| 119|#endif 90| | 91| |#if LIBSPDM_SECRET_LIB_SIGN_LITTLE_ENDIAN 92| | if ((spdm_version >> SPDM_VERSION_NUMBER_SHIFT_BIT) <= SPDM_MESSAGE_VERSION_11) { 93| | if (result) { 94| | libspdm_copy_signature_swap_endian( 95| | req_base_asym_alg, signature, *sig_size, signature, *sig_size); 96| | } 97| | } 98| |#endif 99| | 100| 119| return result; 101| 119|} libspdm_setup_test_context: 59| 119|{ 60| 119| m_libspdm_test_context = spdm_test_context; 61| 119|} libspdm_unit_test_group_setup: 64| 952|{ 65| 952| libspdm_test_context_t *spdm_test_context; 66| 952| void *spdm_context; 67| | 68| 952| spdm_test_context = m_libspdm_test_context; 69| 952| spdm_test_context->spdm_context = 70| 952| (void *)malloc(libspdm_get_context_size()); 71| 952| if (spdm_test_context->spdm_context == NULL) { ------------------ | Branch (71:9): [True: 0, False: 952] ------------------ 72| 0| return (size_t)-1; 73| 0| } 74| 952| spdm_context = spdm_test_context->spdm_context; 75| | 76| 952| libspdm_init_context(spdm_context); 77| | 78| 952| libspdm_register_device_io_func(spdm_context, 79| 952| spdm_test_context->send_message, 80| 952| spdm_test_context->receive_message); 81| 952| libspdm_register_transport_layer_func(spdm_context, 82| 952| LIBSPDM_MAX_SPDM_MSG_SIZE, ------------------ | | 101| 952|#define LIBSPDM_MAX_SPDM_MSG_SIZE 0x1200 ------------------ 83| 952| LIBSPDM_TEST_TRANSPORT_HEADER_SIZE, ------------------ | | 27| 952|#define LIBSPDM_TEST_TRANSPORT_HEADER_SIZE (2 + 8 + \ | | 28| 952| LIBSPDM_TEST_SEQUENCE_NUMBER_COUNT) | | ------------------ | | | | 16| 952|#define LIBSPDM_TEST_SEQUENCE_NUMBER_COUNT 2 | | ------------------ ------------------ 84| 952| LIBSPDM_TEST_TRANSPORT_TAIL_SIZE, ------------------ | | 30| 952|#define LIBSPDM_TEST_TRANSPORT_TAIL_SIZE (LIBSPDM_TEST_MAX_RANDOM_NUMBER_COUNT + \ | | ------------------ | | | | 17| 952|#define LIBSPDM_TEST_MAX_RANDOM_NUMBER_COUNT 32 | | ------------------ | | 31| 952| LIBSPDM_MAX_AEAD_TAG_SIZE + \ | | ------------------ | | | | 75| 952|#define LIBSPDM_MAX_AEAD_TAG_SIZE 16 | | ------------------ | | 32| 952| (LIBSPDM_TEST_ALIGNMENT - 1)) | | ------------------ | | | | 15| 952|#define LIBSPDM_TEST_ALIGNMENT 4 | | ------------------ ------------------ 85| 952| libspdm_transport_test_encode_message, 86| 952| libspdm_transport_test_decode_message); 87| 952| libspdm_register_device_buffer_func(spdm_context, 88| 952| LIBSPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE, ------------------ | | 93| 952|#define LIBSPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE LIBSPDM_RECEIVER_BUFFER_SIZE | | ------------------ | | | | 78| 952|#define LIBSPDM_RECEIVER_BUFFER_SIZE (0x1200 + \ | | | | 79| 952| LIBSPDM_TRANSPORT_ADDITIONAL_SIZE) | | | | ------------------ | | | | | | 70| 952|#define LIBSPDM_TRANSPORT_ADDITIONAL_SIZE (LIBSPDM_TEST_TRANSPORT_HEADER_SIZE + \ | | | | | | ------------------ | | | | | | | | 27| 952|#define LIBSPDM_TEST_TRANSPORT_HEADER_SIZE (2 + 8 + \ | | | | | | | | 28| 952| LIBSPDM_TEST_SEQUENCE_NUMBER_COUNT) | | | | | | | | ------------------ | | | | | | | | | | 16| 952|#define LIBSPDM_TEST_SEQUENCE_NUMBER_COUNT 2 | | | | | | | | ------------------ | | | | | | ------------------ | | | | | | 71| 952| LIBSPDM_TEST_TRANSPORT_TAIL_SIZE) | | | | | | ------------------ | | | | | | | | 30| 952|#define LIBSPDM_TEST_TRANSPORT_TAIL_SIZE (LIBSPDM_TEST_MAX_RANDOM_NUMBER_COUNT + \ | | | | | | | | ------------------ | | | | | | | | | | 17| 952|#define LIBSPDM_TEST_MAX_RANDOM_NUMBER_COUNT 32 | | | | | | | | ------------------ | | | | | | | | 31| 952| LIBSPDM_MAX_AEAD_TAG_SIZE + \ | | | | | | | | ------------------ | | | | | | | | | | 75| 952|#define LIBSPDM_MAX_AEAD_TAG_SIZE 16 | | | | | | | | ------------------ | | | | | | | | 32| 952| (LIBSPDM_TEST_ALIGNMENT - 1)) | | | | | | | | ------------------ | | | | | | | | | | 15| 952|#define LIBSPDM_TEST_ALIGNMENT 4 | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 89| 952| LIBSPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE, ------------------ | | 93| 952|#define LIBSPDM_MAX_SENDER_RECEIVER_BUFFER_SIZE LIBSPDM_RECEIVER_BUFFER_SIZE | | ------------------ | | | | 78| 952|#define LIBSPDM_RECEIVER_BUFFER_SIZE (0x1200 + \ | | | | 79| 952| LIBSPDM_TRANSPORT_ADDITIONAL_SIZE) | | | | ------------------ | | | | | | 70| 952|#define LIBSPDM_TRANSPORT_ADDITIONAL_SIZE (LIBSPDM_TEST_TRANSPORT_HEADER_SIZE + \ | | | | | | ------------------ | | | | | | | | 27| 952|#define LIBSPDM_TEST_TRANSPORT_HEADER_SIZE (2 + 8 + \ | | | | | | | | 28| 952| LIBSPDM_TEST_SEQUENCE_NUMBER_COUNT) | | | | | | | | ------------------ | | | | | | | | | | 16| 952|#define LIBSPDM_TEST_SEQUENCE_NUMBER_COUNT 2 | | | | | | | | ------------------ | | | | | | ------------------ | | | | | | 71| 952| LIBSPDM_TEST_TRANSPORT_TAIL_SIZE) | | | | | | ------------------ | | | | | | | | 30| 952|#define LIBSPDM_TEST_TRANSPORT_TAIL_SIZE (LIBSPDM_TEST_MAX_RANDOM_NUMBER_COUNT + \ | | | | | | | | ------------------ | | | | | | | | | | 17| 952|#define LIBSPDM_TEST_MAX_RANDOM_NUMBER_COUNT 32 | | | | | | | | ------------------ | | | | | | | | 31| 952| LIBSPDM_MAX_AEAD_TAG_SIZE + \ | | | | | | | | ------------------ | | | | | | | | | | 75| 952|#define LIBSPDM_MAX_AEAD_TAG_SIZE 16 | | | | | | | | ------------------ | | | | | | | | 32| 952| (LIBSPDM_TEST_ALIGNMENT - 1)) | | | | | | | | ------------------ | | | | | | | | | | 15| 952|#define LIBSPDM_TEST_ALIGNMENT 4 | | | | | | | | ------------------ | | | | | | ------------------ | | | | ------------------ | | ------------------ ------------------ 90| 952| spdm_device_acquire_sender_buffer, 91| 952| spdm_device_release_sender_buffer, 92| 952| spdm_device_acquire_receiver_buffer, 93| 952| spdm_device_release_receiver_buffer); 94| | 95| 952| spdm_test_context->scratch_buffer_size = 96| 952| libspdm_get_sizeof_required_scratch_buffer(spdm_context); 97| 952| spdm_test_context->scratch_buffer = (void *)malloc(spdm_test_context->scratch_buffer_size); 98| 952| libspdm_set_scratch_buffer (spdm_context, 99| 952| spdm_test_context->scratch_buffer, 100| 952| spdm_test_context->scratch_buffer_size); 101| | 102| 952| *State = spdm_test_context; 103| 952| return 0; 104| 952|} libspdm_unit_test_group_teardown: 107| 952|{ 108| 952| libspdm_test_context_t *spdm_test_context; 109| | 110| 952| spdm_test_context = *State; 111| 952| free(spdm_test_context->spdm_context); 112| 952| free(spdm_test_context->scratch_buffer); 113| 952| spdm_test_context->spdm_context = NULL; 114| 952| return 0; 115| 952|} libspdm_read_input_file: 119| 595|{ 120| 595| FILE *fp_in; 121| 595| size_t temp_result; 122| | 123| 595| if ((fp_in = fopen(file_name, "rb")) == NULL) { ------------------ | Branch (123:9): [True: 0, False: 595] ------------------ 124| 0| printf("Unable to open file %s\n", file_name); 125| 0| *file_data = NULL; 126| 0| return false; 127| 0| } 128| | 129| 595| fseek(fp_in, 0, SEEK_END); 130| 595| *file_size = ftell(fp_in); 131| | 132| 595| *file_data = (void *)malloc(*file_size); 133| 595| if (NULL == *file_data) { ------------------ | Branch (133:9): [True: 0, False: 595] ------------------ 134| 0| printf("No sufficient memory to allocate %s\n", file_name); 135| 0| fclose(fp_in); 136| 0| return false; 137| 0| } 138| | 139| 595| fseek(fp_in, 0, SEEK_SET); 140| 595| temp_result = fread(*file_data, 1, *file_size, fp_in); 141| 595| if (temp_result != *file_size) { ------------------ | Branch (141:9): [True: 0, False: 595] ------------------ 142| 0| printf("Read input file error %s", file_name); 143| 0| free((void *)*file_data); 144| 0| fclose(fp_in); 145| 0| return false; 146| 0| } 147| | 148| 595| fclose(fp_in); 149| | 150| 595| return true; 151| 595|} libspdm_alignment_size: 21| 119|{ 22| 119| size_t alignment; 23| 119| size_t max_buffer_size; 24| | 25| 119| alignment = LIBSPDM_TEST_ALIGNMENT; ------------------ | | 15| 119|#define LIBSPDM_TEST_ALIGNMENT 4 ------------------ 26| 119| max_buffer_size = libspdm_get_max_buffer_size(); 27| | 28| | /* In the situation where max_buffer_size is not four-byte aligned, reserve sufficient size for the buffer_size */ 29| 119| if ((size > max_buffer_size - alignment) && (size & (alignment - 1)) != 0) { ------------------ | Branch (29:9): [True: 44, False: 75] | Branch (29:49): [True: 3, False: 41] ------------------ 30| 3| size -= alignment; 31| 3| } 32| | 33| 119| if (((size) & (alignment - 1)) == 3) { ------------------ | Branch (33:9): [True: 19, False: 100] ------------------ 34| 19| size += 1; 35| 19| } 36| 119| if (((size) & (alignment - 1)) == 2) { ------------------ | Branch (36:9): [True: 13, False: 106] ------------------ 37| 13| size += 2; 38| 13| } 39| 119| if (((size) & (alignment - 1)) == 1) { ------------------ | Branch (39:9): [True: 22, False: 97] ------------------ 40| 22| size += 3; 41| 22| } 42| 119| return size; 43| 119|} LLVMFuzzerTestOneInput: 112| 119|{ 113| 119| void *test_buffer; 114| 119| size_t max_buffer_size; 115| | 116| | /* 1. Initialize test_buffer*/ 117| 119| max_buffer_size = libspdm_get_max_buffer_size(); 118| 119| test_buffer = allocate_zero_pool(max_buffer_size); 119| 119| if (test_buffer == NULL) { ------------------ | Branch (119:9): [True: 0, False: 119] ------------------ 120| 0| return 0; 121| 0| } 122| 119| if (size == 0) { ------------------ | Branch (122:9): [True: 0, False: 119] ------------------ 123| 0| printf("\033[1;33m file_size of the seed file is 0, so exit.\033[0m \n"); 124| 0| free(test_buffer); 125| 0| return 0; 126| 0| } 127| 119| if (size > max_buffer_size) { ------------------ | Branch (127:9): [True: 40, False: 79] ------------------ 128| 40| size = max_buffer_size; 129| 79| } else { 130| 79| libspdm_copy_mem(test_buffer, max_buffer_size, data, size); 131| 79| } 132| 119| size = libspdm_alignment_size(size); 133| | /* 2. Run test*/ 134| 119| libspdm_run_test_harness(test_buffer, size); 135| | /* 3. Clean up*/ 136| 119| free(test_buffer); 137| 119| return 0; 138| 119|} libspdm_get_max_buffer_size: 17| 238|{ 18| 238| return LIBSPDM_MAX_SPDM_MSG_SIZE; ------------------ | | 101| 238|#define LIBSPDM_MAX_SPDM_MSG_SIZE 0x1200 ------------------ 19| 238|} libspdm_secured_message_set_request_finished_key: 28| 476|{ 29| 476| libspdm_secured_message_context_t *secured_message_context; 30| | 31| 476| secured_message_context = spdm_secured_message_context; 32| 476| LIBSPDM_ASSERT(key_size == secured_message_context->hash_size); 33| 476| libspdm_copy_mem(secured_message_context->handshake_secret.request_finished_key, 34| 476| sizeof(secured_message_context->handshake_secret.request_finished_key), 35| 476| key, secured_message_context->hash_size); 36| 476|} libspdm_test_responder_finish_case1: 46| 119|{ 47| 119| libspdm_test_context_t *spdm_test_context; 48| 119| libspdm_context_t *spdm_context; 49| 119| size_t response_size; 50| 119| uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE]; 51| 119| void *data1; 52| 119| size_t data_size1; 53| 119| uint8_t *ptr; 54| 119| uint8_t *cert_buffer; 55| 119| size_t cert_buffer_size; 56| 119| uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE]; 57| 119| uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE]; 58| 119| libspdm_session_info_t *session_info; 59| 119| uint32_t session_id; 60| 119| uint32_t hash_size; 61| 119| uint32_t hmac_size; 62| 119| libspdm_finish_request_mine_t *spdm_test_finish_request; 63| 119| size_t spdm_test_finish_request_size; 64| 119| uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE]; 65| 119| uint8_t dummy_buffer[LIBSPDM_MAX_HASH_SIZE]; 66| | 67| 119| spdm_test_context = *State; 68| | 69| 119| spdm_test_finish_request = (libspdm_finish_request_mine_t *)spdm_test_context->test_buffer; 70| 119| spdm_test_finish_request_size = spdm_test_context->test_buffer_size; 71| | 72| 119| spdm_context = spdm_test_context->spdm_context; 73| | 74| 119| spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 << ------------------ | | 111| 119|#define SPDM_MESSAGE_VERSION_11 0x11 ------------------ 75| 119| SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 119|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 76| 119| spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED; 77| 119| spdm_context->connection_info.capability.flags |= 78| 119| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP; ------------------ | | 190| 119|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP 0x00000200 ------------------ 79| 119| spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP; ------------------ | | 251| 119|#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP 0x00000200 ------------------ 80| 119| spdm_context->connection_info.capability.flags |= 81| 119| SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP; ------------------ | | 258| 119|#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 ------------------ 82| 119| spdm_context->local_context.capability.flags |= 83| 119| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP; ------------------ | | 196| 119|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 ------------------ 84| 119| spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo; 85| 119| spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo; 86| 119| spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec; 87| 119| spdm_context->connection_info.algorithm.measurement_hash_algo = 88| 119| m_libspdm_use_measurement_hash_algo; 89| 119| spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo; 90| 119| spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo; 91| 119| libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo, 92| 119| m_libspdm_use_asym_algo, 93| 119| &data1, &data_size1, 94| 119| NULL, NULL); 95| 119| spdm_context->local_context.local_cert_chain_provision[0] = data1; 96| 119| spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1; 97| 119| spdm_context->connection_info.local_used_cert_chain_buffer = data1; 98| 119| spdm_context->connection_info.local_used_cert_chain_buffer_size = data_size1; 99| | 100| 119| libspdm_reset_message_a(spdm_context); 101| 119| spdm_context->local_context.mut_auth_requested = 0; 102| | 103| 119| session_id = 0xFFFFFFFF; 104| 119| spdm_context->latest_session_id = session_id; 105| 119| session_info = &spdm_context->session_info[0]; 106| 119| libspdm_session_info_init(spdm_context, session_info, session_id, false); 107| 119| hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); 108| 119| libspdm_set_mem(dummy_buffer, hash_size, (uint8_t)(0xFF)); 109| 119| libspdm_secured_message_set_request_finished_key(session_info->secured_message_context, 110| 119| dummy_buffer, hash_size); 111| 119| libspdm_secured_message_set_session_state(session_info->secured_message_context, 112| 119| LIBSPDM_SESSION_STATE_HANDSHAKING); 113| | 114| 119| hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); 115| 119| hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); 116| 119| ptr = spdm_test_finish_request->signature; 117| 119| libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer)); 118| 119| cert_buffer = (uint8_t *)data1; 119| 119| cert_buffer_size = data_size1; 120| 119| libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash); 121| | /* transcript.message_a size is 0*/ 122| 119| libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size); 123| | /* session_transcript.message_k is 0*/ 124| 119| libspdm_append_managed_buffer(&th_curr, spdm_test_finish_request, 125| 119| sizeof(spdm_finish_request_t)); 126| 119| libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF)); ------------------ | | 65| 119|#define LIBSPDM_MAX_HASH_SIZE 64 ------------------ 127| 119| libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr), 128| 119| libspdm_get_managed_buffer_size(&th_curr), hash_data); 129| 119| libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size, 130| 119| request_finished_key, hash_size, ptr); 131| 119| spdm_test_finish_request_size = sizeof(spdm_finish_request_t) + hmac_size; 132| 119| response_size = sizeof(response); 133| 119| libspdm_get_response_finish(spdm_context, spdm_test_finish_request_size, 134| 119| spdm_test_finish_request, 135| 119| &response_size, response); 136| 119| if (spdm_context->session_info[0].session_id != INVALID_SESSION_ID) { ------------------ | | 28| 119|#define INVALID_SESSION_ID 0 ------------------ | Branch (136:9): [True: 119, False: 0] ------------------ 137| 119| libspdm_reset_message_f(spdm_context, spdm_context->session_info); 138| 119| libspdm_reset_message_k(spdm_context, spdm_context->session_info); 139| 119| } 140| 119| free(data1); 141| 119|} libspdm_test_responder_finish_case2: 144| 119|{ 145| 119| libspdm_test_context_t *spdm_test_context; 146| 119| libspdm_context_t *spdm_context; 147| 119| size_t response_size; 148| 119| uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE]; 149| | 150| 119| spdm_test_context = *State; 151| 119| spdm_context = spdm_test_context->spdm_context; 152| | 153| 119| spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 << ------------------ | | 111| 119|#define SPDM_MESSAGE_VERSION_11 0x11 ------------------ 154| 119| SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 119|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 155| 119| spdm_context->response_state = LIBSPDM_RESPONSE_STATE_BUSY; 156| | 157| 119| response_size = sizeof(response); 158| 119| libspdm_get_response_finish(spdm_context, spdm_test_context->test_buffer_size, 159| 119| spdm_test_context->test_buffer, &response_size, response); 160| 119| if (spdm_context->session_info[0].session_id != INVALID_SESSION_ID) { ------------------ | | 28| 119|#define INVALID_SESSION_ID 0 ------------------ | Branch (160:9): [True: 0, False: 119] ------------------ 161| 0| libspdm_reset_message_f(spdm_context, spdm_context->session_info); 162| 0| libspdm_reset_message_k(spdm_context, spdm_context->session_info); 163| 0| } 164| 119|} libspdm_test_responder_finish_case3: 167| 119|{ 168| 119| libspdm_test_context_t *spdm_test_context; 169| 119| libspdm_context_t *spdm_context; 170| 119| size_t response_size; 171| 119| uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE]; 172| | 173| 119| spdm_test_context = *State; 174| 119| spdm_context = spdm_test_context->spdm_context; 175| | 176| 119| spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 << ------------------ | | 111| 119|#define SPDM_MESSAGE_VERSION_11 0x11 ------------------ 177| 119| SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 119|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 178| 119| spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL; 179| 119| spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED; 180| 119| spdm_context->local_context.capability.flags = 0; 181| | 182| 119| response_size = sizeof(response); 183| 119| libspdm_get_response_finish(spdm_context, spdm_test_context->test_buffer_size, 184| 119| spdm_test_context->test_buffer, &response_size, response); 185| 119| if (spdm_context->session_info[0].session_id != INVALID_SESSION_ID) { ------------------ | | 28| 119|#define INVALID_SESSION_ID 0 ------------------ | Branch (185:9): [True: 0, False: 119] ------------------ 186| 0| libspdm_reset_message_f(spdm_context, spdm_context->session_info); 187| 0| libspdm_reset_message_k(spdm_context, spdm_context->session_info); 188| 0| } 189| 119|} libspdm_test_responder_finish_case4: 192| 119|{ 193| 119| libspdm_test_context_t *spdm_test_context; 194| 119| libspdm_context_t *spdm_context; 195| 119| size_t response_size; 196| 119| uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE]; 197| | 198| 119| spdm_test_context = *State; 199| 119| spdm_context = spdm_test_context->spdm_context; 200| | 201| 119| spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 << ------------------ | | 111| 119|#define SPDM_MESSAGE_VERSION_11 0x11 ------------------ 202| 119| SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 119|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 203| 119| spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL; 204| 119| spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NOT_STARTED; 205| 119| spdm_context->connection_info.capability.flags |= 206| 119| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP; ------------------ | | 190| 119|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP 0x00000200 ------------------ 207| 119| spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP; ------------------ | | 251| 119|#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP 0x00000200 ------------------ 208| 119| response_size = sizeof(response); 209| 119| libspdm_get_response_finish(spdm_context, spdm_test_context->test_buffer_size, 210| 119| spdm_test_context->test_buffer, &response_size, response); 211| 119| if (spdm_context->session_info[0].session_id != INVALID_SESSION_ID) { ------------------ | | 28| 119|#define INVALID_SESSION_ID 0 ------------------ | Branch (211:9): [True: 0, False: 119] ------------------ 212| 0| libspdm_reset_message_f(spdm_context, spdm_context->session_info); 213| 0| libspdm_reset_message_k(spdm_context, spdm_context->session_info); 214| 0| } 215| 119|} libspdm_test_responder_finish_case5: 218| 119|{ 219| 119| libspdm_test_context_t *spdm_test_context; 220| 119| libspdm_context_t *spdm_context; 221| 119| size_t response_size; 222| 119| uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE]; 223| | 224| 119| spdm_test_context = *State; 225| | 226| 119| spdm_context = spdm_test_context->spdm_context; 227| | 228| 119| spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 << ------------------ | | 111| 119|#define SPDM_MESSAGE_VERSION_11 0x11 ------------------ 229| 119| SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 119|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 230| 119| spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL; 231| 119| spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED; 232| 119| spdm_context->connection_info.capability.flags |= 233| 119| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP; ------------------ | | 190| 119|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP 0x00000200 ------------------ 234| 119| spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP; ------------------ | | 251| 119|#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP 0x00000200 ------------------ 235| | 236| 119| response_size = sizeof(response); 237| 119| libspdm_get_response_finish(spdm_context, spdm_test_context->test_buffer_size, 238| 119| spdm_test_context->test_buffer, &response_size, response); 239| 119| if (spdm_context->session_info[0].session_id != INVALID_SESSION_ID) { ------------------ | | 28| 119|#define INVALID_SESSION_ID 0 ------------------ | Branch (239:9): [True: 0, False: 119] ------------------ 240| 0| libspdm_reset_message_f(spdm_context, spdm_context->session_info); 241| 0| libspdm_reset_message_k(spdm_context, spdm_context->session_info); 242| 0| } 243| 119|} libspdm_test_responder_finish_case6: 246| 119|{ 247| 119| libspdm_test_context_t *spdm_test_context; 248| 119| libspdm_context_t *spdm_context; 249| 119| size_t response_size; 250| 119| uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE]; 251| | 252| 119| spdm_test_context = *State; 253| | 254| 119| spdm_context = spdm_test_context->spdm_context; 255| | 256| 119| spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 << ------------------ | | 111| 119|#define SPDM_MESSAGE_VERSION_11 0x11 ------------------ 257| 119| SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 119|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 258| 119| spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL; 259| 119| spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED; 260| 119| spdm_context->connection_info.capability.flags |= 261| 119| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP | ------------------ | | 196| 119|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 ------------------ 262| 119| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP; ------------------ | | 190| 119|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP 0x00000200 ------------------ 263| | 264| 119| spdm_context->local_context.capability.flags |= 265| 119| SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP | ------------------ | | 258| 119|#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 ------------------ 266| 119| SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP; ------------------ | | 251| 119|#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP 0x00000200 ------------------ 267| 119| spdm_context->last_spdm_request_session_id_valid = !false; 268| 119| response_size = sizeof(response); 269| 119| libspdm_get_response_finish(spdm_context, spdm_test_context->test_buffer_size, 270| 119| spdm_test_context->test_buffer, &response_size, response); 271| 119| if (spdm_context->session_info[0].session_id != INVALID_SESSION_ID) { ------------------ | | 28| 119|#define INVALID_SESSION_ID 0 ------------------ | Branch (271:9): [True: 0, False: 119] ------------------ 272| 0| libspdm_reset_message_f(spdm_context, spdm_context->session_info); 273| 0| libspdm_reset_message_k(spdm_context, spdm_context->session_info); 274| 0| } 275| 119|} libspdm_test_responder_finish_case7: 278| 119|{ 279| 119| libspdm_test_context_t *spdm_test_context; 280| 119| libspdm_context_t *spdm_context; 281| 119| size_t response_size; 282| 119| uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE]; 283| 119| void *data1; 284| 119| size_t data_size1; 285| 119| libspdm_session_info_t *session_info; 286| 119| uint32_t session_id; 287| 119| uint32_t hash_size; 288| | 289| 119| uint8_t dummy_buffer[LIBSPDM_MAX_HASH_SIZE]; 290| 119| spdm_test_context = *State; 291| | 292| 119| spdm_context = spdm_test_context->spdm_context; 293| | 294| 119| spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 << ------------------ | | 111| 119|#define SPDM_MESSAGE_VERSION_11 0x11 ------------------ 295| 119| SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 119|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 296| 119| spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED; 297| 119| spdm_context->connection_info.capability.flags |= 298| 119| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP; ------------------ | | 190| 119|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP 0x00000200 ------------------ 299| 119| spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP; ------------------ | | 251| 119|#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP 0x00000200 ------------------ 300| 119| spdm_context->connection_info.capability.flags |= 301| 119| SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP; ------------------ | | 258| 119|#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 ------------------ 302| 119| spdm_context->local_context.capability.flags |= 303| 119| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP; ------------------ | | 196| 119|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 ------------------ 304| 119| spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo; 305| 119| spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo; 306| 119| spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec; 307| 119| spdm_context->connection_info.algorithm.measurement_hash_algo = 308| 119| m_libspdm_use_measurement_hash_algo; 309| 119| spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo; 310| 119| spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo; 311| 119| libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo, 312| 119| m_libspdm_use_asym_algo, 313| 119| &data1, &data_size1, 314| 119| NULL, NULL); 315| 119| spdm_context->local_context.local_cert_chain_provision[0] = data1; 316| 119| spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1; 317| 119| spdm_context->connection_info.local_used_cert_chain_buffer = data1; 318| 119| spdm_context->connection_info.local_used_cert_chain_buffer_size = data_size1; 319| | 320| 119| libspdm_reset_message_a(spdm_context); 321| 119| spdm_context->local_context.mut_auth_requested = 0; 322| | 323| 119| session_id = 0xFFFFFFFF; 324| 119| spdm_context->latest_session_id = session_id; 325| 119| session_info = &spdm_context->session_info[0]; 326| 119| libspdm_session_info_init(spdm_context, session_info, session_id, false); 327| 119| hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); 328| 119| libspdm_set_mem(dummy_buffer, hash_size, (uint8_t)(0xFF)); 329| 119| libspdm_secured_message_set_request_finished_key(session_info->secured_message_context, 330| 119| dummy_buffer, hash_size); 331| 119| libspdm_secured_message_set_session_state(session_info->secured_message_context, 332| 119| LIBSPDM_SESSION_STATE_NOT_STARTED); 333| 119| libspdm_secured_message_set_request_finished_key(session_info->secured_message_context, 334| 119| dummy_buffer, hash_size); 335| | 336| 119| response_size = sizeof(response); 337| 119| libspdm_get_response_finish(spdm_context, spdm_test_context->test_buffer_size, 338| 119| spdm_test_context->test_buffer, &response_size, response); 339| 119| if (spdm_context->session_info[0].session_id != INVALID_SESSION_ID) { ------------------ | | 28| 119|#define INVALID_SESSION_ID 0 ------------------ | Branch (339:9): [True: 119, False: 0] ------------------ 340| 119| libspdm_reset_message_f(spdm_context, spdm_context->session_info); 341| 119| libspdm_reset_message_k(spdm_context, spdm_context->session_info); 342| 119| } 343| 119| free(data1); 344| 119|} libspdm_test_responder_finish_case8: 347| 119|{ 348| 119| libspdm_test_context_t *spdm_test_context; 349| 119| libspdm_context_t *spdm_context; 350| 119| size_t response_size; 351| 119| uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE]; 352| 119| void *data1; 353| 119| size_t data_size1; 354| 119| void *data2; 355| 119| size_t data_size2; 356| 119| uint8_t *ptr; 357| 119| uint8_t *cert_buffer; 358| 119| size_t cert_buffer_size; 359| 119| uint8_t cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE]; 360| 119| uint8_t req_cert_buffer_hash[LIBSPDM_MAX_HASH_SIZE]; 361| 119| uint8_t request_finished_key[LIBSPDM_MAX_HASH_SIZE]; 362| 119| libspdm_session_info_t *session_info; 363| 119| uint32_t session_id; 364| 119| uint32_t hash_size; 365| 119| uint32_t hmac_size; 366| 119| size_t req_asym_signature_size; 367| 119| uint8_t hash_data[LIBSPDM_MAX_HASH_SIZE]; 368| 119| uint8_t dummy_buffer[LIBSPDM_MAX_HASH_SIZE]; 369| 119| libspdm_finish_request_mine_t *spdm_test_finish_request; 370| 119| size_t spdm_test_finish_request_size; 371| | 372| 119| spdm_test_context = *State; 373| | 374| 119| spdm_test_finish_request = (libspdm_finish_request_mine_t *)spdm_test_context->test_buffer; 375| 119| spdm_test_finish_request_size = spdm_test_context->test_buffer_size; 376| | 377| 119| spdm_context = spdm_test_context->spdm_context; 378| | 379| 119| spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_11 << ------------------ | | 111| 119|#define SPDM_MESSAGE_VERSION_11 0x11 ------------------ 380| 119| SPDM_VERSION_NUMBER_SHIFT_BIT; ------------------ | | 140| 119|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ 381| 119| spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED; 382| 119| spdm_context->connection_info.capability.flags |= 383| 119| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP; ------------------ | | 190| 119|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP 0x00000200 ------------------ 384| 119| spdm_context->local_context.capability.flags |= SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP; ------------------ | | 251| 119|#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP 0x00000200 ------------------ 385| 119| spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo; 386| 119| spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo; 387| 119| spdm_context->connection_info.algorithm.req_base_asym_alg = m_libspdm_use_req_asym_algo; 388| 119| spdm_context->connection_info.algorithm.measurement_spec = m_libspdm_use_measurement_spec; 389| 119| spdm_context->connection_info.algorithm.measurement_hash_algo = 390| 119| m_libspdm_use_measurement_hash_algo; 391| 119| spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo; 392| 119| spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo; 393| 119| libspdm_read_responder_public_certificate_chain(m_libspdm_use_hash_algo, 394| 119| m_libspdm_use_asym_algo, 395| 119| &data1, &data_size1, 396| 119| NULL, NULL); 397| 119| spdm_context->local_context.local_cert_chain_provision[0] = data1; 398| 119| spdm_context->local_context.local_cert_chain_provision_size[0] = data_size1; 399| 119| spdm_context->connection_info.local_used_cert_chain_buffer = data1; 400| 119| spdm_context->connection_info.local_used_cert_chain_buffer_size = data_size1; 401| | 402| 119| libspdm_reset_message_a(spdm_context); 403| 119| spdm_context->local_context.mut_auth_requested = 1; 404| 119| libspdm_read_requester_public_certificate_chain(m_libspdm_use_hash_algo, 405| 119| m_libspdm_use_req_asym_algo, 406| 119| &data2, 407| 119| &data_size2, NULL, NULL); 408| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 409| | libspdm_copy_mem(spdm_context->connection_info.peer_used_cert_chain[0].buffer, 410| | sizeof(spdm_context->connection_info.peer_used_cert_chain[0].buffer), 411| | data2, data_size2); 412| | spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = data_size2; 413| |#else 414| 119| libspdm_hash_all( 415| 119| spdm_context->connection_info.algorithm.base_hash_algo, 416| 119| data2, data_size2, 417| 119| spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash); 418| 119| spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size = 419| 119| libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo); 420| 119| libspdm_get_leaf_cert_public_key_from_cert_chain( 421| 119| spdm_context->connection_info.algorithm.base_hash_algo, 422| 119| spdm_context->connection_info.algorithm.req_base_asym_alg, 423| 119| data2, 424| 119| data_size2, 425| 119| &spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key); 426| 119|#endif 427| 119| session_id = 0xFFFFFEE; 428| 119| spdm_context->latest_session_id = session_id; 429| 119| session_info = &spdm_context->session_info[0]; 430| 119| libspdm_session_info_init(spdm_context, session_info, session_id, false); 431| 119| hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); 432| 119| libspdm_set_mem(dummy_buffer, hash_size, (uint8_t)(0xFF)); 433| 119| libspdm_secured_message_set_request_finished_key(session_info->secured_message_context, 434| 119| dummy_buffer, hash_size); 435| 119| libspdm_secured_message_set_session_state(session_info->secured_message_context, 436| 119| LIBSPDM_SESSION_STATE_HANDSHAKING); 437| 119| session_info->mut_auth_requested = 1; 438| | 439| 119| spdm_context->connection_info.capability.flags |= 440| 119| SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP; ------------------ | | 258| 119|#define SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 ------------------ 441| 119| spdm_context->local_context.capability.flags |= 442| 119| SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP; ------------------ | | 196| 119|#define SPDM_GET_CAPABILITIES_REQUEST_FLAGS_HANDSHAKE_IN_THE_CLEAR_CAP 0x00008000 ------------------ 443| | 444| 119| hash_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); 445| 119| hmac_size = libspdm_get_hash_size(m_libspdm_use_hash_algo); 446| 119| req_asym_signature_size = libspdm_get_req_asym_signature_size(m_libspdm_use_req_asym_algo); 447| 119| ptr = spdm_test_finish_request->signature; 448| 119| libspdm_init_managed_buffer(&th_curr, sizeof(th_curr.buffer)); 449| 119| cert_buffer = (uint8_t *)data1; 450| 119| cert_buffer_size = data_size1; 451| 119| libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, cert_buffer_hash); 452| 119| cert_buffer = (uint8_t *)data2; 453| 119| cert_buffer_size = data_size2; 454| 119| libspdm_hash_all(m_libspdm_use_hash_algo, cert_buffer, cert_buffer_size, req_cert_buffer_hash); 455| | /* transcript.message_a size is 0*/ 456| 119| libspdm_append_managed_buffer(&th_curr, cert_buffer_hash, hash_size); 457| | /* session_transcript.message_k is 0*/ 458| 119| libspdm_append_managed_buffer(&th_curr, req_cert_buffer_hash, hash_size); 459| 119| libspdm_append_managed_buffer(&th_curr, spdm_test_finish_request, 460| 119| sizeof(spdm_finish_request_t)); 461| | /* The caller need guarantee the version is correct, both of MajorVersion and MinorVersion should be less than 10.*/ 462| 119| if (((spdm_test_finish_request->header.spdm_version & 0xF) >= 10) || ------------------ | Branch (462:9): [True: 35, False: 84] ------------------ 463| 119| (((spdm_test_finish_request->header.spdm_version >> 4) & 0xF) >= 10)) { ------------------ | Branch (463:9): [True: 16, False: 68] ------------------ 464| 51| spdm_test_finish_request->header.spdm_version = SPDM_MESSAGE_VERSION_11; ------------------ | | 111| 51|#define SPDM_MESSAGE_VERSION_11 0x11 ------------------ 465| 51| } 466| | 467| 119|#if LIBSPDM_ENABLE_CAPABILITY_MUT_AUTH_CAP 468| 119| libspdm_requester_data_sign( 469| |#if LIBSPDM_HAL_PASS_SPDM_CONTEXT 470| | spdm_context, 471| |#endif 472| 119| spdm_test_finish_request->header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH, ------------------ | | 140| 119|#define SPDM_VERSION_NUMBER_SHIFT_BIT 8 ------------------ spdm_test_finish_request->header.spdm_version << SPDM_VERSION_NUMBER_SHIFT_BIT, SPDM_FINISH, ------------------ | | 78| 119|#define SPDM_FINISH 0xE5 ------------------ 473| 119| m_libspdm_use_req_asym_algo, m_libspdm_use_hash_algo, false, 474| 119| libspdm_get_managed_buffer(&th_curr), 475| 119| libspdm_get_managed_buffer_size(&th_curr), ptr, &req_asym_signature_size); 476| 119|#endif 477| 119| libspdm_append_managed_buffer(&th_curr, ptr, req_asym_signature_size); 478| 119| ptr += req_asym_signature_size; 479| 119| libspdm_set_mem(request_finished_key, LIBSPDM_MAX_HASH_SIZE, (uint8_t)(0xFF)); ------------------ | | 65| 119|#define LIBSPDM_MAX_HASH_SIZE 64 ------------------ 480| 119| libspdm_hash_all(m_libspdm_use_hash_algo, libspdm_get_managed_buffer(&th_curr), 481| 119| libspdm_get_managed_buffer_size(&th_curr), hash_data); 482| 119| libspdm_hmac_all(m_libspdm_use_hash_algo, hash_data, hash_size, 483| 119| request_finished_key, hash_size, ptr); 484| 119| spdm_test_finish_request_size = 485| 119| sizeof(spdm_finish_request_t) + req_asym_signature_size + hmac_size; 486| 119| response_size = sizeof(response); 487| 119| libspdm_get_response_finish(spdm_context, spdm_test_finish_request_size, 488| 119| spdm_test_finish_request, 489| 119| &response_size, response); 490| 119| if (spdm_context->session_info[0].session_id != INVALID_SESSION_ID) { ------------------ | | 28| 119|#define INVALID_SESSION_ID 0 ------------------ | Branch (490:9): [True: 119, False: 0] ------------------ 491| 119| libspdm_reset_message_f(spdm_context, spdm_context->session_info); 492| 119| libspdm_reset_message_k(spdm_context, spdm_context->session_info); 493| 119| } 494| 119| free(data1); 495| 119| free(data2); 496| |#if LIBSPDM_RECORD_TRANSCRIPT_DATA_SUPPORT 497| | spdm_context->connection_info.peer_used_cert_chain[0].buffer_size = 0; 498| |#else 499| 119| spdm_context->connection_info.peer_used_cert_chain[0].buffer_hash_size = 0; 500| 119| libspdm_req_asym_free( 501| 119| spdm_context->connection_info.algorithm.req_base_asym_alg, 502| 119| spdm_context->connection_info.peer_used_cert_chain[0].leaf_cert_public_key); 503| 119|#endif 504| 119|} libspdm_run_test_harness: 507| 119|{ 508| 119| void *State; 509| 119| spdm_message_header_t *spdm_request_header; 510| 119| libspdm_setup_test_context(&m_libspdm_responder_finish_test_context); 511| | 512| 119| spdm_request_header = (spdm_message_header_t*)test_buffer; 513| | 514| 119| if (spdm_request_header->request_response_code != SPDM_FINISH) { ------------------ | | 78| 119|#define SPDM_FINISH 0xE5 ------------------ | Branch (514:9): [True: 117, False: 2] ------------------ 515| 117| spdm_request_header->request_response_code = SPDM_FINISH; ------------------ | | 78| 117|#define SPDM_FINISH 0xE5 ------------------ 516| 117| } 517| | 518| 119| m_libspdm_responder_finish_test_context.test_buffer = (void *)test_buffer; 519| 119| m_libspdm_responder_finish_test_context.test_buffer_size = test_buffer_size; 520| | 521| | /* Success Case*/ 522| 119| libspdm_unit_test_group_setup(&State); 523| 119| libspdm_test_responder_finish_case1(&State); 524| 119| libspdm_unit_test_group_teardown(&State); 525| | 526| | /*response_state: LIBSPDM_RESPONSE_STATE_BUSY */ 527| 119| libspdm_unit_test_group_setup(&State); 528| 119| libspdm_test_responder_finish_case2(&State); 529| 119| libspdm_unit_test_group_teardown(&State); 530| | 531| | /*not supported capabilities_flag */ 532| 119| libspdm_unit_test_group_setup(&State); 533| 119| libspdm_test_responder_finish_case3(&State); 534| 119| libspdm_unit_test_group_teardown(&State); 535| | /* connection_state Check */ 536| 119| libspdm_unit_test_group_setup(&State); 537| 119| libspdm_test_responder_finish_case4(&State); 538| 119| libspdm_unit_test_group_teardown(&State); 539| | /* No handshake in clear, then it must be in a session.*/ 540| 119| libspdm_unit_test_group_setup(&State); 541| 119| libspdm_test_responder_finish_case5(&State); 542| 119| libspdm_unit_test_group_teardown(&State); 543| | /* handshake in clear, then it must not be in a session.*/ 544| 119| libspdm_unit_test_group_setup(&State); 545| 119| libspdm_test_responder_finish_case6(&State); 546| 119| libspdm_unit_test_group_teardown(&State); 547| | /* secured_message_context:= LIBSPDM_SESSION_STATE_NOT_STARTED */ 548| 119| libspdm_unit_test_group_setup(&State); 549| 119| libspdm_test_responder_finish_case7(&State); 550| 119| libspdm_unit_test_group_teardown(&State); 551| | /* Success Case */ 552| 119| libspdm_unit_test_group_setup(&State); 553| 119| libspdm_test_responder_finish_case8(&State); 554| 119| libspdm_unit_test_group_teardown(&State); 555| 119|}