LLVMFuzzerTestOneInput: 14| 213|extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 15| 213| FuzzedDataProvider fuzzed_data(data, size); 16| 213| int key_lens[] = { 128, 192, 256 }; 17| 213| int key_len, iv_len, rc_e, rc_d, input_length; 18| 213| unsigned char *output, *decrypted; 19| 213| size_t output_size, output_size2, decrypted_size; 20| 213| mbedtls_cipher_type_t cipher_type; 21| | /* TODO: GCM. This code/fuzzer doesn't work with GCM ciphers. Not sure why.. :( */ 22| 213| const char *cipher_names[] = { NULL, "", "AES-128-ECB", "AES-192-ECB", "AES-256-ECB", 23| 213| /* "AES-128-GCM", "AES-192-GCM", "AES-256-GCM" */ }; 24| 213| const char *cipher_name; 25| 213| mbedtls_cipher_context_t *ctx_e, *ctx_d; 26| | 27| | /* No real memory allocations involved */ 28| | 29| 213| if(fuzzed_data.remaining_bytes() < 512) /* Some data */ ------------------ | Branch (29:6): [True: 16, False: 197] ------------------ 30| 16| return -1; 31| | 32| 197| posix_memalign((void **)&ctx_e, 8, sizeof(mbedtls_cipher_context_t)); 33| 197| posix_memalign((void **)&ctx_d, 8, sizeof(mbedtls_cipher_context_t)); 34| | 35| 197| key_len = fuzzed_data.PickValueInArray(key_lens); 36| 197| std::vectorkey = fuzzed_data.ConsumeBytes(key_len / 8); 37| 197| iv_len = fuzzed_data.ConsumeIntegralInRange(0, MBEDTLS_MAX_IV_LENGTH + 1); ------------------ | | 233| 197|#define MBEDTLS_MAX_IV_LENGTH 16 ------------------ 38| 197| std::vectoriv = fuzzed_data.ConsumeBytes(iv_len); 39| 197| input_length = fuzzed_data.ConsumeIntegralInRange(16, 17); 40| 197| std::vectorinput = fuzzed_data.ConsumeBytes(input_length); 41| 197| output = (unsigned char *)malloc(input_length); 42| 197| decrypted = (unsigned char *)malloc(input_length); 43| | 44| 197| mbedtls_cipher_list(); 45| | /* Random iteration */ 46| 197| cipher_type = static_cast(fuzzed_data.ConsumeIntegralInRange(0, (int)MBEDTLS_CIPHER_AES_256_KWP) + 1); 47| 197| mbedtls_cipher_info_from_type(cipher_type); 48| | 49| | /* Real cipher used */ 50| 197| cipher_name = cipher_names[fuzzed_data.ConsumeIntegralInRange(0, (int)(sizeof(cipher_names) / sizeof(char *) - 1))]; 51| 197| mbedtls_cipher_init(ctx_e); 52| 197| mbedtls_cipher_init(ctx_d); 53| 197| ctx_e->cipher_info = mbedtls_cipher_info_from_string(cipher_name); 54| 197| ctx_d->cipher_info = ctx_e->cipher_info; 55| | 56| 197| mbedtls_cipher_info_get_mode(ctx_e->cipher_info); 57| 197| mbedtls_cipher_info_get_type(ctx_e->cipher_info); 58| 197| mbedtls_cipher_info_get_name(ctx_e->cipher_info); 59| 197| mbedtls_cipher_info_has_variable_key_bitlen(ctx_e->cipher_info); 60| 197| mbedtls_cipher_info_has_variable_iv_size(ctx_e->cipher_info); 61| 197| mbedtls_cipher_info_get_iv_size(ctx_e->cipher_info); 62| 197| mbedtls_cipher_info_get_block_size(ctx_e->cipher_info); 63| 197| mbedtls_cipher_get_cipher_mode(ctx_e); 64| 197| mbedtls_cipher_get_iv_size(ctx_e); 65| 197| mbedtls_cipher_get_type(ctx_e); 66| 197| mbedtls_cipher_get_name(ctx_e); 67| 197| mbedtls_cipher_get_key_bitlen(ctx_e); 68| 197| mbedtls_cipher_get_operation(ctx_e); 69| 197| mbedtls_cipher_info_get_key_bitlen(ctx_e->cipher_info); 70| 197| mbedtls_error_add(0, 0, NULL, 0); 71| | 72| 197| posix_memalign((void **)&ctx_e->cipher_ctx, 8, sizeof(mbedtls_aes_context)); 73| 197| posix_memalign((void **)&ctx_d->cipher_ctx, 8, sizeof(mbedtls_aes_context)); 74| | 75| 197| rc_e = mbedtls_cipher_setkey(ctx_e, key.data(), key.size() * 8, MBEDTLS_ENCRYPT); 76| 197| rc_d = mbedtls_cipher_setkey(ctx_d, key.data(), key.size() * 8, MBEDTLS_DECRYPT); 77| 197| if(rc_e == 0 && rc_d == 0) { ------------------ | Branch (77:6): [True: 108, False: 89] | Branch (77:19): [True: 108, False: 0] ------------------ 78| | 79| 108| if(fuzzed_data.ConsumeBool()) { ------------------ | Branch (79:8): [True: 49, False: 59] ------------------ 80| 49| rc_e = mbedtls_cipher_crypt(ctx_e, iv.data(), iv.size(), 81| 49| input.data(), input.size(), output, &output_size); 82| 59| } else { 83| 59| rc_e = mbedtls_cipher_set_iv(ctx_e, iv.data(), iv.size()); 84| 59| rc_d = mbedtls_cipher_set_iv(ctx_d, iv.data(), iv.size()); 85| 59| if(rc_e == 0 && rc_d == 0) { ------------------ | Branch (85:10): [True: 54, False: 5] | Branch (85:23): [True: 54, False: 0] ------------------ 86| 54| mbedtls_cipher_reset(ctx_e); 87| 54| mbedtls_cipher_reset(ctx_d); 88| | 89| 54| rc_e = mbedtls_cipher_update(ctx_e, input.data(), input.size(), output, &output_size); 90| 54| if(rc_e == 0) { ------------------ | Branch (90:12): [True: 46, False: 8] ------------------ 91| 46| rc_e = mbedtls_cipher_finish(ctx_e, NULL, &output_size2); 92| 46| if(rc_e == 0) { ------------------ | Branch (92:14): [True: 46, False: 0] ------------------ 93| | 94| 46| rc_d = mbedtls_cipher_update(ctx_d, output, output_size, decrypted, &decrypted_size); 95| 46| if(rc_d == 0) { ------------------ | Branch (95:16): [True: 46, False: 0] ------------------ 96| 46| rc_d = mbedtls_cipher_finish(ctx_d, NULL, &output_size2); 97| | /* TODO: decryption doesn't work with no-aesni data path! 98| | Note that with MASAN, aesni is always disabled */ 99| |#if 0 100| | if(rc_d == 0) { 101| | assert(input.size() == decrypted_size); 102| | assert(memcmp(input.data(), decrypted, decrypted_size) == 0); 103| | } 104| |#endif 105| 46| } 106| 46| } 107| 46| } 108| 54| } 109| 59| } 110| 108| } 111| | 112| 197| free(output); 113| 197| free(decrypted); 114| 197| free(ctx_e->cipher_ctx); 115| 197| free(ctx_e); 116| 197| free(ctx_d->cipher_ctx); 117| 197| free(ctx_d); 118| 197| return 0; 119| 213|} fuzz_gcrypt_cipher.cpp:_ZL28mbedtls_cipher_info_get_modePK21mbedtls_cipher_info_t: 434| 197|{ 435| 197| if( info == NULL ) ------------------ | Branch (435:9): [True: 60, False: 137] ------------------ 436| 60| return( MBEDTLS_MODE_NONE ); 437| 137| else 438| 137| return( info->mode ); 439| 197|} fuzz_gcrypt_cipher.cpp:_ZL28mbedtls_cipher_info_get_typePK21mbedtls_cipher_info_t: 416| 197|{ 417| 197| if( info == NULL ) ------------------ | Branch (417:9): [True: 60, False: 137] ------------------ 418| 60| return( MBEDTLS_CIPHER_NONE ); 419| 137| else 420| 137| return( info->type ); 421| 197|} fuzz_gcrypt_cipher.cpp:_ZL28mbedtls_cipher_info_get_namePK21mbedtls_cipher_info_t: 474| 197|{ 475| 197| if( info == NULL ) ------------------ | Branch (475:9): [True: 60, False: 137] ------------------ 476| 60| return( NULL ); 477| 137| else 478| 137| return( info->name ); 479| 197|} fuzz_gcrypt_cipher.cpp:_ZL43mbedtls_cipher_info_has_variable_key_bitlenPK21mbedtls_cipher_info_t: 530| 197|{ 531| 197| if( info == NULL ) ------------------ | Branch (531:9): [True: 60, False: 137] ------------------ 532| 60| return( 0 ); 533| | 534| 137| return( info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ); ------------------ | | 66| 137|#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length. */ ------------------ 535| 197|} fuzz_gcrypt_cipher.cpp:_ZL40mbedtls_cipher_info_has_variable_iv_sizePK21mbedtls_cipher_info_t: 548| 197|{ 549| 197| if( info == NULL ) ------------------ | Branch (549:9): [True: 60, False: 137] ------------------ 550| 60| return( 0 ); 551| | 552| 137| return( info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN ); ------------------ | | 65| 137|#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length. */ ------------------ 553| 197|} fuzz_gcrypt_cipher.cpp:_ZL31mbedtls_cipher_info_get_iv_sizePK21mbedtls_cipher_info_t: 493| 197|{ 494| 197| if( info == NULL ) ------------------ | Branch (494:9): [True: 60, False: 137] ------------------ 495| 60| return( 0 ); 496| | 497| 137| return( (size_t) info->iv_size ); 498| 197|} fuzz_gcrypt_cipher.cpp:_ZL34mbedtls_cipher_info_get_block_sizePK21mbedtls_cipher_info_t: 512| 197|{ 513| 197| if( info == NULL ) ------------------ | Branch (513:9): [True: 60, False: 137] ------------------ 514| 60| return( 0 ); 515| | 516| 137| return( (size_t) info->block_size ); 517| 197|} fuzz_gcrypt_cipher.cpp:_ZL30mbedtls_cipher_get_cipher_modePK24mbedtls_cipher_context_t: 593| 197|{ 594| 197| MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE ); ------------------ | | 7| 197|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | ------------------ | | | Branch (7:67): [Folded, False: 197] | | ------------------ ------------------ 595| 197| if( ctx->cipher_info == NULL ) ------------------ | Branch (595:9): [True: 60, False: 137] ------------------ 596| 60| return MBEDTLS_MODE_NONE; 597| | 598| 137| return ctx->cipher_info->mode; 599| 197|} fuzz_gcrypt_cipher.cpp:_ZL26mbedtls_cipher_get_iv_sizePK24mbedtls_cipher_context_t: 613| 197|{ 614| 197| MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); ------------------ | | 7| 197|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | ------------------ | | | Branch (7:67): [Folded, False: 197] | | ------------------ ------------------ 615| 197| if( ctx->cipher_info == NULL ) ------------------ | Branch (615:9): [True: 60, False: 137] ------------------ 616| 60| return 0; 617| | 618| 137| if( ctx->iv_size != 0 ) ------------------ | Branch (618:9): [True: 0, False: 137] ------------------ 619| 0| return (int) ctx->iv_size; 620| | 621| 137| return (int) ctx->cipher_info->iv_size; 622| 137|} fuzz_gcrypt_cipher.cpp:_ZL23mbedtls_cipher_get_typePK24mbedtls_cipher_context_t: 634| 197|{ 635| 197| MBEDTLS_INTERNAL_VALIDATE_RET( ------------------ | | 7| 197|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | ------------------ | | | Branch (7:67): [Folded, False: 197] | | ------------------ ------------------ 636| 197| ctx != NULL, MBEDTLS_CIPHER_NONE ); 637| 197| if( ctx->cipher_info == NULL ) ------------------ | Branch (637:9): [True: 60, False: 137] ------------------ 638| 60| return MBEDTLS_CIPHER_NONE; 639| | 640| 137| return ctx->cipher_info->type; 641| 197|} fuzz_gcrypt_cipher.cpp:_ZL23mbedtls_cipher_get_namePK24mbedtls_cipher_context_t: 654| 197|{ 655| 197| MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); ------------------ | | 7| 197|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | ------------------ | | | Branch (7:67): [Folded, False: 197] | | ------------------ ------------------ 656| 197| if( ctx->cipher_info == NULL ) ------------------ | Branch (656:9): [True: 60, False: 137] ------------------ 657| 60| return 0; 658| | 659| 137| return ctx->cipher_info->name; 660| 197|} fuzz_gcrypt_cipher.cpp:_ZL29mbedtls_cipher_get_key_bitlenPK24mbedtls_cipher_context_t: 673| 197|{ 674| 197| MBEDTLS_INTERNAL_VALIDATE_RET( ------------------ | | 7| 197|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | ------------------ | | | Branch (7:67): [Folded, False: 197] | | ------------------ ------------------ 675| 197| ctx != NULL, MBEDTLS_KEY_LENGTH_NONE ); 676| 197| if( ctx->cipher_info == NULL ) ------------------ | Branch (676:9): [True: 60, False: 137] ------------------ 677| 60| return MBEDTLS_KEY_LENGTH_NONE; 678| | 679| 137| return (int) ctx->cipher_info->key_bitlen; 680| 197|} fuzz_gcrypt_cipher.cpp:_ZL28mbedtls_cipher_get_operationPK24mbedtls_cipher_context_t: 692| 197|{ 693| 197| MBEDTLS_INTERNAL_VALIDATE_RET( ------------------ | | 7| 197|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | ------------------ | | | Branch (7:67): [Folded, False: 197] | | ------------------ ------------------ 694| 197| ctx != NULL, MBEDTLS_OPERATION_NONE ); 695| 197| if( ctx->cipher_info == NULL ) ------------------ | Branch (695:9): [True: 60, False: 137] ------------------ 696| 60| return MBEDTLS_OPERATION_NONE; 697| | 698| 137| return ctx->operation; 699| 197|} fuzz_gcrypt_cipher.cpp:_ZL34mbedtls_cipher_info_get_key_bitlenPK21mbedtls_cipher_info_t: 454| 197|{ 455| 197| if( info == NULL ) ------------------ | Branch (455:9): [True: 60, False: 137] ------------------ 456| 60| return( 0 ); 457| 137| else 458| 137| return( info->key_bitlen ); 459| 197|} gcrypt_light.c:mbedtls_cipher_get_block_size: 574| 133|{ 575| 133| MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); ------------------ | | 30| 133|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | ------------------ | | | Branch (30:67): [Folded, False: 133] | | ------------------ ------------------ 576| 133| if( ctx->cipher_info == NULL ) ------------------ | Branch (576:9): [True: 0, False: 133] ------------------ 577| 0| return 0; 578| | 579| 133| return ctx->cipher_info->block_size; 580| 133|} fuzz_gcrypt_cipher.cpp:_ZL17mbedtls_error_addiiPKci: 149| 197|{ 150| 197| (void)file; 151| 197| (void)line; 152| | 153| 197| return( high + low ); 154| 197|} mbedtls_aes_init: 158| 108|{ 159| 108| AES_VALIDATE( ctx != NULL ); ------------------ | | 30| 108|#define AES_VALIDATE( cond ) MBEDTLS_INTERNAL_VALIDATE( cond ) | | ------------------ | | | | 31| 108|#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (31:67): [Folded, False: 108] | | | | ------------------ | | ------------------ ------------------ 160| | 161| 108| memset( ctx, 0, sizeof( mbedtls_aes_context ) ); 162| 108|} mbedtls_aes_free: 165| 108|{ 166| 108| if( ctx == NULL ) ------------------ | Branch (166:9): [True: 0, False: 108] ------------------ 167| 0| return; 168| | 169| | // mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) ); 170| 108|} mbedtls_aes_setkey_enc: 178| 216|{ 179| 216| unsigned int i; 180| 216| uint32_t *RK; 181| | 182| 216| AES_VALIDATE_RET( ctx != NULL ); ------------------ | | 29| 216| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 216|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 216] | | | | ------------------ | | ------------------ ------------------ 183| 216| AES_VALIDATE_RET( key != NULL ); ------------------ | | 29| 216| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 216|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 216] | | | | ------------------ | | ------------------ ------------------ 184| | 185| 216| switch( keybits ) 186| 216| { 187| 178| case 128: ctx->nr = 10; break; ------------------ | Branch (187:9): [True: 178, False: 38] ------------------ 188| 14| case 192: ctx->nr = 12; break; ------------------ | Branch (188:9): [True: 14, False: 202] ------------------ 189| 24| case 256: ctx->nr = 14; break; ------------------ | Branch (189:9): [True: 24, False: 192] ------------------ 190| 0| default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); ------------------ | | 51| 0|#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 ------------------ | Branch (190:9): [True: 0, False: 216] ------------------ 191| 216| } 192| | 193| 216| if( aes_init_done == 0 ) ------------------ | Branch (193:9): [True: 216, False: 0] ------------------ 194| 216| { 195| 216| aes_gen_tables(); 196| | 197| | /* Allow to test both aesni and not aesni data path when fuzzing. 198| | We can call aes_gen_tables() at every iteration without any issues 199| | (performances asides) */ 200| |#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 201| | aes_init_done = 1; 202| |#endif 203| 216| } 204| | 205| 216| ctx->rk = RK = ctx->buf; 206| | 207| 216|#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) 208| 216| if( aes_aesni_has_support ) ------------------ | Branch (208:9): [True: 216, False: 0] ------------------ 209| 216| return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) ); 210| 0|#endif 211| | 212| 0| for( i = 0; i < ( keybits >> 5 ); i++ ) ------------------ | Branch (212:17): [True: 0, False: 0] ------------------ 213| 0| { 214| 0| RK[i] = MBEDTLS_GET_UINT32_LE( key, i << 2 ); ------------------ | | 90| 0|#define MBEDTLS_GET_UINT32_LE(b,i) (*(uint32_t *) (&(b)[(i)])) ------------------ 215| 0| } 216| | 217| 0| switch( ctx->nr ) ------------------ | Branch (217:13): [True: 0, False: 0] ------------------ 218| 0| { 219| 0| case 10: ------------------ | Branch (219:9): [True: 0, False: 0] ------------------ 220| | 221| 0| for( i = 0; i < 10; i++, RK += 4 ) ------------------ | Branch (221:25): [True: 0, False: 0] ------------------ 222| 0| { 223| 0| RK[4] = RK[0] ^ RCON[i] ^ 224| 0| ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[3] ) ] ) ^ ------------------ | | 108| 0|#define MBEDTLS_BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8 ) & 0xff ) ) ------------------ 225| 0| ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[3] ) ] << 8 ) ^ ------------------ | | 109| 0|#define MBEDTLS_BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) ) ------------------ 226| 0| ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[3] ) ] << 16 ) ^ ------------------ | | 110| 0|#define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) ) ------------------ 227| 0| ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[3] ) ] << 24 ); ------------------ | | 107| 0|#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) ) ------------------ 228| | 229| 0| RK[5] = RK[1] ^ RK[4]; 230| 0| RK[6] = RK[2] ^ RK[5]; 231| 0| RK[7] = RK[3] ^ RK[6]; 232| 0| } 233| 0| break; 234| | 235| 0| case 12: ------------------ | Branch (235:9): [True: 0, False: 0] ------------------ 236| | 237| 0| for( i = 0; i < 8; i++, RK += 6 ) ------------------ | Branch (237:25): [True: 0, False: 0] ------------------ 238| 0| { 239| 0| RK[6] = RK[0] ^ RCON[i] ^ 240| 0| ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[5] ) ] ) ^ ------------------ | | 108| 0|#define MBEDTLS_BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8 ) & 0xff ) ) ------------------ 241| 0| ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[5] ) ] << 8 ) ^ ------------------ | | 109| 0|#define MBEDTLS_BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) ) ------------------ 242| 0| ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[5] ) ] << 16 ) ^ ------------------ | | 110| 0|#define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) ) ------------------ 243| 0| ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[5] ) ] << 24 ); ------------------ | | 107| 0|#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) ) ------------------ 244| | 245| 0| RK[7] = RK[1] ^ RK[6]; 246| 0| RK[8] = RK[2] ^ RK[7]; 247| 0| RK[9] = RK[3] ^ RK[8]; 248| 0| RK[10] = RK[4] ^ RK[9]; 249| 0| RK[11] = RK[5] ^ RK[10]; 250| 0| } 251| 0| break; 252| | 253| 0| case 14: ------------------ | Branch (253:9): [True: 0, False: 0] ------------------ 254| | 255| 0| for( i = 0; i < 7; i++, RK += 8 ) ------------------ | Branch (255:25): [True: 0, False: 0] ------------------ 256| 0| { 257| 0| RK[8] = RK[0] ^ RCON[i] ^ 258| 0| ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[7] ) ] ) ^ ------------------ | | 108| 0|#define MBEDTLS_BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8 ) & 0xff ) ) ------------------ 259| 0| ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[7] ) ] << 8 ) ^ ------------------ | | 109| 0|#define MBEDTLS_BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) ) ------------------ 260| 0| ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[7] ) ] << 16 ) ^ ------------------ | | 110| 0|#define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) ) ------------------ 261| 0| ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[7] ) ] << 24 ); ------------------ | | 107| 0|#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) ) ------------------ 262| | 263| 0| RK[9] = RK[1] ^ RK[8]; 264| 0| RK[10] = RK[2] ^ RK[9]; 265| 0| RK[11] = RK[3] ^ RK[10]; 266| | 267| 0| RK[12] = RK[4] ^ 268| 0| ( (uint32_t) FSb[ MBEDTLS_BYTE_0( RK[11] ) ] ) ^ ------------------ | | 107| 0|#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) ) ------------------ 269| 0| ( (uint32_t) FSb[ MBEDTLS_BYTE_1( RK[11] ) ] << 8 ) ^ ------------------ | | 108| 0|#define MBEDTLS_BYTE_1( x ) ( (uint8_t) ( ( ( x ) >> 8 ) & 0xff ) ) ------------------ 270| 0| ( (uint32_t) FSb[ MBEDTLS_BYTE_2( RK[11] ) ] << 16 ) ^ ------------------ | | 109| 0|#define MBEDTLS_BYTE_2( x ) ( (uint8_t) ( ( ( x ) >> 16 ) & 0xff ) ) ------------------ 271| 0| ( (uint32_t) FSb[ MBEDTLS_BYTE_3( RK[11] ) ] << 24 ); ------------------ | | 110| 0|#define MBEDTLS_BYTE_3( x ) ( (uint8_t) ( ( ( x ) >> 24 ) & 0xff ) ) ------------------ 272| | 273| 0| RK[13] = RK[5] ^ RK[12]; 274| 0| RK[14] = RK[6] ^ RK[13]; 275| 0| RK[15] = RK[7] ^ RK[14]; 276| 0| } 277| 0| break; 278| 0| } 279| | 280| 0| return( 0 ); 281| 0|} mbedtls_aes_setkey_dec: 288| 108|{ 289| 108| int i, j, ret; 290| 108| mbedtls_aes_context cty; 291| 108| uint32_t *RK; 292| 108| uint32_t *SK; 293| | 294| 108| AES_VALIDATE_RET( ctx != NULL ); ------------------ | | 29| 108| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 108|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 108] | | | | ------------------ | | ------------------ ------------------ 295| 108| AES_VALIDATE_RET( key != NULL ); ------------------ | | 29| 108| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 108|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 108] | | | | ------------------ | | ------------------ ------------------ 296| | 297| 108| mbedtls_aes_init( &cty ); 298| | 299| 108| ctx->rk = RK = ctx->buf; 300| | 301| | /* Also checks keybits */ 302| 108| if( ( ret = mbedtls_aes_setkey_enc( &cty, key, keybits ) ) != 0 ) ------------------ | Branch (302:9): [True: 0, False: 108] ------------------ 303| 0| goto exit; 304| | 305| 108| ctx->nr = cty.nr; 306| | 307| 108|#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) 308| 108| if( aes_aesni_has_support ) { ------------------ | Branch (308:9): [True: 108, False: 0] ------------------ 309| 108| mbedtls_aesni_inverse_key( (unsigned char *) ctx->rk, 310| 108| (const unsigned char *) cty.rk, ctx->nr ); 311| 108| goto exit; 312| 108| } 313| 0|#endif 314| | 315| 0| SK = cty.rk + cty.nr * 4; 316| | 317| 0| *RK++ = *SK++; 318| 0| *RK++ = *SK++; 319| 0| *RK++ = *SK++; 320| 0| *RK++ = *SK++; 321| | 322| 0| for( i = ctx->nr - 1, SK -= 8; i > 0; i--, SK -= 8 ) ------------------ | Branch (322:36): [True: 0, False: 0] ------------------ 323| 0| { 324| 0| for( j = 0; j < 4; j++, SK++ ) ------------------ | Branch (324:21): [True: 0, False: 0] ------------------ 325| 0| { 326| 0| *RK++ = AES_RT0( FSb[ MBEDTLS_BYTE_0( *SK ) ] ) ^ ------------------ | | 147| 0|#define AES_RT0(idx) RT0[idx] ------------------ 327| 0| AES_RT1( FSb[ MBEDTLS_BYTE_1( *SK ) ] ) ^ ------------------ | | 148| 0|#define AES_RT1(idx) RT1[idx] ------------------ 328| 0| AES_RT2( FSb[ MBEDTLS_BYTE_2( *SK ) ] ) ^ ------------------ | | 149| 0|#define AES_RT2(idx) RT2[idx] ------------------ 329| 0| AES_RT3( FSb[ MBEDTLS_BYTE_3( *SK ) ] ); ------------------ | | 150| 0|#define AES_RT3(idx) RT3[idx] ------------------ 330| 0| } 331| 0| } 332| | 333| 0| *RK++ = *SK++; 334| 0| *RK++ = *SK++; 335| 0| *RK++ = *SK++; 336| 0| *RK++ = *SK++; 337| | 338| 108|exit: 339| 108| mbedtls_aes_free( &cty ); 340| | 341| 108| return( ret ); 342| 0|} mbedtls_aes_crypt_ecb: 498| 115|{ 499| 115| AES_VALIDATE_RET( ctx != NULL ); ------------------ | | 29| 115| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 115|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 115] | | | | ------------------ | | ------------------ ------------------ 500| 115| AES_VALIDATE_RET( input != NULL ); ------------------ | | 29| 115| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 115|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 115] | | | | ------------------ | | ------------------ ------------------ 501| 115| AES_VALIDATE_RET( output != NULL ); ------------------ | | 29| 115| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 115|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 115] | | | | ------------------ | | ------------------ ------------------ 502| 115| AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT || ------------------ | | 29| 115| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_AES_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 115|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 115] | | | | ------------------ | | ------------------ ------------------ 503| 115| mode == MBEDTLS_AES_DECRYPT ); 504| | 505| 115|#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) 506| 115| if( aes_aesni_has_support ) ------------------ | Branch (506:9): [True: 115, False: 0] ------------------ 507| 115| return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) ); 508| 0|#endif 509| | 510| | 511| 0| if( mode == MBEDTLS_AES_ENCRYPT ) ------------------ | | 46| 0|#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ ------------------ | Branch (511:9): [True: 0, False: 0] ------------------ 512| 0| return( mbedtls_internal_aes_encrypt( ctx, input, output ) ); 513| 0| else 514| 0| return( mbedtls_internal_aes_decrypt( ctx, input, output ) ); 515| 0|} gcrypt_light.c:aes_gen_tables: 65| 216|{ 66| 216| int i, x, y, z; 67| 216| int pow[256]; 68| 216| int log[256]; 69| | 70| 216|#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64) 71| 216| if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) ) ------------------ | | 30| 216|#define MBEDTLS_AESNI_AES 0x02000000u ------------------ | Branch (71:9): [True: 216, False: 0] ------------------ 72| 216| aes_aesni_has_support = 1; 73| 0| else 74| 0| aes_aesni_has_support = 0; 75| 216|#endif 76| | 77| | /* 78| | * compute pow and log tables over GF(2^8) 79| | */ 80| 55.5k| for( i = 0, x = 1; i < 256; i++ ) ------------------ | Branch (80:24): [True: 55.2k, False: 216] ------------------ 81| 55.2k| { 82| 55.2k| pow[i] = x; 83| 55.2k| log[x] = i; 84| 55.2k| x = MBEDTLS_BYTE_0( x ^ XTIME( x ) ); ------------------ | | 107| 110k|#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) ) | | ------------------ | | | Branch (107:47): [True: 27.6k, False: 27.6k] | | ------------------ ------------------ 85| 55.2k| } 86| | 87| | /* 88| | * calculate the round constants 89| | */ 90| 2.37k| for( i = 0, x = 1; i < 10; i++ ) ------------------ | Branch (90:24): [True: 2.16k, False: 216] ------------------ 91| 2.16k| { 92| 2.16k| RCON[i] = (uint32_t) x; 93| 2.16k| x = MBEDTLS_BYTE_0( XTIME( x ) ); ------------------ | | 107| 4.32k|#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) ) | | ------------------ | | | Branch (107:47): [True: 216, False: 1.94k] | | ------------------ ------------------ 94| 2.16k| } 95| | 96| | /* 97| | * generate the forward and reverse S-boxes 98| | */ 99| 216| FSb[0x00] = 0x63; 100| 216| RSb[0x63] = 0x00; 101| | 102| 55.2k| for( i = 1; i < 256; i++ ) ------------------ | Branch (102:17): [True: 55.0k, False: 216] ------------------ 103| 55.0k| { 104| 55.0k| x = pow[255 - log[i]]; 105| | 106| 55.0k| y = x; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) ); ------------------ | | 107| 55.0k|#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) ) ------------------ 107| 55.0k| x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) ); ------------------ | | 107| 55.0k|#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) ) ------------------ 108| 55.0k| x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) ); ------------------ | | 107| 55.0k|#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) ) ------------------ 109| 55.0k| x ^= y; y = MBEDTLS_BYTE_0( ( y << 1 ) | ( y >> 7 ) ); ------------------ | | 107| 55.0k|#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) ) ------------------ 110| 55.0k| x ^= y ^ 0x63; 111| | 112| 55.0k| FSb[i] = (unsigned char) x; 113| 55.0k| RSb[x] = (unsigned char) i; 114| 55.0k| } 115| | 116| | /* 117| | * generate the forward and reverse tables 118| | */ 119| 55.5k| for( i = 0; i < 256; i++ ) ------------------ | Branch (119:17): [True: 55.2k, False: 216] ------------------ 120| 55.2k| { 121| 55.2k| x = FSb[i]; 122| 55.2k| y = MBEDTLS_BYTE_0( XTIME( x ) ); ------------------ | | 107| 110k|#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) ) | | ------------------ | | | Branch (107:47): [True: 27.6k, False: 27.6k] | | ------------------ ------------------ 123| 55.2k| z = MBEDTLS_BYTE_0( y ^ x ); ------------------ | | 107| 55.2k|#define MBEDTLS_BYTE_0( x ) ( (uint8_t) ( ( x ) & 0xff ) ) ------------------ 124| | 125| 55.2k| FT0[i] = ( (uint32_t) y ) ^ 126| 55.2k| ( (uint32_t) x << 8 ) ^ 127| 55.2k| ( (uint32_t) x << 16 ) ^ 128| 55.2k| ( (uint32_t) z << 24 ); 129| | 130| 55.2k| FT1[i] = ROTL8( FT0[i] ); ------------------ | | 356| 55.2k|#define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) ) ------------------ 131| 55.2k| FT2[i] = ROTL8( FT1[i] ); ------------------ | | 356| 55.2k|#define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) ) ------------------ 132| 55.2k| FT3[i] = ROTL8( FT2[i] ); ------------------ | | 356| 55.2k|#define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) ) ------------------ 133| | 134| 55.2k| x = RSb[i]; 135| | 136| 55.2k| RT0[i] = ( (uint32_t) MUL( 0x0E, x ) ) ^ ------------------ | | 59| 55.2k|#define MUL(x,y) ( ( (x) && (y) ) ? pow[(log[(x)]+log[(y)]) % 255] : 0 ) | | ------------------ | | | Branch (59:22): [True: 55.2k, Folded] | | | Branch (59:29): [True: 55.0k, False: 216] | | ------------------ ------------------ 137| 55.2k| ( (uint32_t) MUL( 0x09, x ) << 8 ) ^ ------------------ | | 59| 55.2k|#define MUL(x,y) ( ( (x) && (y) ) ? pow[(log[(x)]+log[(y)]) % 255] : 0 ) | | ------------------ | | | Branch (59:22): [True: 55.2k, Folded] | | | Branch (59:29): [True: 55.0k, False: 216] | | ------------------ ------------------ 138| 55.2k| ( (uint32_t) MUL( 0x0D, x ) << 16 ) ^ ------------------ | | 59| 55.2k|#define MUL(x,y) ( ( (x) && (y) ) ? pow[(log[(x)]+log[(y)]) % 255] : 0 ) | | ------------------ | | | Branch (59:22): [True: 55.2k, Folded] | | | Branch (59:29): [True: 55.0k, False: 216] | | ------------------ ------------------ 139| 55.2k| ( (uint32_t) MUL( 0x0B, x ) << 24 ); ------------------ | | 59| 55.2k|#define MUL(x,y) ( ( (x) && (y) ) ? pow[(log[(x)]+log[(y)]) % 255] : 0 ) | | ------------------ | | | Branch (59:22): [True: 55.2k, Folded] | | | Branch (59:29): [True: 55.0k, False: 216] | | ------------------ ------------------ 140| | 141| 55.2k| RT1[i] = ROTL8( RT0[i] ); ------------------ | | 356| 55.2k|#define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) ) ------------------ 142| 55.2k| RT2[i] = ROTL8( RT1[i] ); ------------------ | | 356| 55.2k|#define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) ) ------------------ 143| 55.2k| RT3[i] = ROTL8( RT2[i] ); ------------------ | | 356| 55.2k|#define ROTL8(x) ( (uint32_t)( ( x ) << 8 ) + (uint32_t)( ( x ) >> 24 ) ) ------------------ 144| 55.2k| } 145| 216|} mbedtls_aesni_has_support: 60| 216|{ 61| 216|#if defined(__has_feature) 62| |# if __has_feature(memory_sanitizer) 63| | return 0; 64| |# endif 65| 216|#endif 66| | 67| 216|#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 68| 216| if(force_no_aesni == 1) ------------------ | Branch (68:6): [True: 0, False: 216] ------------------ 69| 0| return 0; 70| 216|#endif 71| | 72| |#if defined __FreeBSD__ || defined __NetBSD__ || defined __OpenBSD__ 73| | /* In FreeBSD we don't have a reliable way to check AES-NI so better disable it */ 74| | return(0); 75| |#endif 76| | 77| 216|#if defined(linux) || defined(__linux__) 78| 216| if(has_aesni_checked == 0) { ------------------ | Branch (78:6): [True: 1, False: 215] ------------------ 79| | /* 80| | NOTE 81| | 82| | This code is necessary as __get_cpuid() is not reliable 83| | Example with Intel(R) Celeron(R) CPU N2930 (that has NO AES-NI) 84| | the code based on __get_cpuid() reports that AES-NI is present 85| | and thus nDPI crashes on such platform. 86| | */ 87| 1| FILE *fd = fopen("/proc/cpuinfo", "r"); 88| | 89| 1| if(fd != NULL) { ------------------ | Branch (89:8): [True: 1, False: 0] ------------------ 90| 1| char *line = NULL; 91| 1| size_t len = 0; 92| 1| u_int8_t num_lines = 0; 93| | 94| 20| while(getline(&line, &len, fd) != -1) { ------------------ | Branch (94:13): [True: 20, False: 0] ------------------ 95| 20| if(strstr(line, "aes")) { ------------------ | Branch (95:12): [True: 1, False: 19] ------------------ 96| | /* printf("FOUND %s", line); */ 97| 1| cached_has_aesni = 1; 98| 1| break; 99| 1| } 100| | 101| 19| if(++num_lines > 99) ------------------ | Branch (101:5): [True: 0, False: 19] ------------------ 102| 0| break; /* We giveup */ 103| 19| } 104| | 105| 1| free(line); // Do not replace with ndpi_free(). See `man 3 getline`. 106| 1| fclose(fd); 107| | 108| 1| has_aesni_checked = 1; 109| 1| } 110| 1| } 111| | 112| 216| return(cached_has_aesni); 113| | 114| |#if 0 115| | if (__get_cpuid(1, &eax, &ebx, &ecx, &edx) == 0) 116| | { 117| | return 0; 118| | } 119| | 120| | return ( (ecx & what) != 0 ); 121| |#endif 122| | 123| |#elif defined(WIN32) || defined(WIN64) 124| | int cpuInfo[4]; 125| | 126| | __cpuid(cpuInfo, 1); 127| | 128| | return ( (cpuInfo[2] & what) != 0 ); 129| |#else 130| | volatile unsigned int c = 0; 131| | 132| | asm( "movl $1, %%eax \n\t" 133| | "cpuid \n\t" 134| | : "=c" (c) 135| | : 136| | : "eax", "ebx", "edx" ); 137| | 138| | return( ( c & what ) != 0 ); 139| |#endif 140| 216|} mbedtls_aesni_crypt_ecb: 175| 115|{ 176| 115| asm( "movdqu (%3), %%xmm0 \n\t" // load input ------------------ | | 36| 115|#define asm __asm ------------------ 177| 115| "movdqu (%1), %%xmm1 \n\t" // load round key 0 178| 115| "pxor %%xmm1, %%xmm0 \n\t" // round 0 179| 115| "add $16, %1 \n\t" // point to next round key 180| 115| "subl $1, %0 \n\t" // normal rounds = nr - 1 181| 115| "test %2, %2 \n\t" // mode? 182| 115| "jz 2f \n\t" // 0 = decrypt 183| | 184| 115| "1: \n\t" // encryption loop 185| 115| "movdqu (%1), %%xmm1 \n\t" // load round key 186| 115| AESENC xmm1_xmm0 "\n\t" // do round 187| 115| "add $16, %1 \n\t" // point to next round key 188| 115| "subl $1, %0 \n\t" // loop 189| 115| "jnz 1b \n\t" 190| 115| "movdqu (%1), %%xmm1 \n\t" // load round key 191| 115| AESENCLAST xmm1_xmm0 "\n\t" // last round 192| 115| "jmp 3f \n\t" 193| | 194| 115| "2: \n\t" // decryption loop 195| 115| "movdqu (%1), %%xmm1 \n\t" 196| 115| AESDEC xmm1_xmm0 "\n\t" // do round 197| 115| "add $16, %1 \n\t" 198| 115| "subl $1, %0 \n\t" 199| 115| "jnz 2b \n\t" 200| 115| "movdqu (%1), %%xmm1 \n\t" // load round key 201| 115| AESDECLAST xmm1_xmm0 "\n\t" // last round 202| | 203| 115| "3: \n\t" 204| 115| "movdqu %%xmm0, (%4) \n\t" // export output 205| 115| : 206| 115| : "r" (ctx->nr), "r" (ctx->rk), "r" (mode), "r" (input), "r" (output) 207| 115| : "memory", "cc", "xmm0", "xmm1" ); 208| | 209| | 210| 115| return( 0 ); 211| 115|} mbedtls_aesni_inverse_key: 330| 108|{ 331| 108| unsigned char *ik = invkey; 332| 108| const unsigned char *fk = fwdkey + 16 * nr; 333| | 334| 108| memcpy( ik, fk, 16 ); 335| | 336| 1.14k| for( fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16 ) ------------------ | Branch (336:30): [True: 1.03k, False: 108] ------------------ 337| 1.03k| asm( "movdqu (%0), %%xmm0 \n\t" ------------------ | | 36| 1.03k|#define asm __asm ------------------ 338| 1.03k| AESIMC xmm0_xmm0 "\n\t" 339| 1.03k| "movdqu %%xmm0, (%1) \n\t" 340| 1.03k| : 341| 1.03k| : "r" (fk), "r" (ik) 342| 1.03k| : "memory", "xmm0" ); 343| | 344| 108| memcpy( ik, fk, 16 ); 345| 108|} mbedtls_aesni_setkey_enc: 526| 216|{ 527| 216| switch( bits ) 528| 216| { 529| 178| case 128: aesni_setkey_enc_128( rk, key ); break; ------------------ | Branch (529:9): [True: 178, False: 38] ------------------ 530| 14| case 192: aesni_setkey_enc_192( rk, key ); break; ------------------ | Branch (530:9): [True: 14, False: 202] ------------------ 531| 24| case 256: aesni_setkey_enc_256( rk, key ); break; ------------------ | Branch (531:9): [True: 24, False: 192] ------------------ 532| 0| default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH ); ------------------ | | 51| 0|#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 ------------------ | Branch (532:9): [True: 0, False: 216] ------------------ 533| 216| } 534| | 535| 216| return( 0 ); 536| 216|} gcrypt_light.c:aesni_setkey_enc_128: 352| 178|{ 353| 178| asm( "movdqu (%1), %%xmm0 \n\t" // copy the original key ------------------ | | 36| 178|#define asm __asm ------------------ 354| 178| "movdqu %%xmm0, (%0) \n\t" // as round key 0 355| 178| "jmp 2f \n\t" // skip auxiliary routine 356| | 357| | /* 358| | * Finish generating the next round key. 359| | * 360| | * On entry xmm0 is r3:r2:r1:r0 and xmm1 is X:stuff:stuff:stuff 361| | * with X = rot( sub( r3 ) ) ^ RCON. 362| | * 363| | * On exit, xmm0 is r7:r6:r5:r4 364| | * with r4 = X + r0, r5 = r4 + r1, r6 = r5 + r2, r7 = r6 + r3 365| | * and those are written to the round key buffer. 366| | */ 367| 178| "1: \n\t" 368| 178| "pshufd $0xff, %%xmm1, %%xmm1 \n\t" // X:X:X:X 369| 178| "pxor %%xmm0, %%xmm1 \n\t" // X+r3:X+r2:X+r1:r4 370| 178| "pslldq $4, %%xmm0 \n\t" // r2:r1:r0:0 371| 178| "pxor %%xmm0, %%xmm1 \n\t" // X+r3+r2:X+r2+r1:r5:r4 372| 178| "pslldq $4, %%xmm0 \n\t" // etc 373| 178| "pxor %%xmm0, %%xmm1 \n\t" 374| 178| "pslldq $4, %%xmm0 \n\t" 375| 178| "pxor %%xmm1, %%xmm0 \n\t" // update xmm0 for next time! 376| 178| "add $16, %0 \n\t" // point to next round key 377| 178| "movdqu %%xmm0, (%0) \n\t" // write it 378| 178| "ret \n\t" 379| | 380| | /* Main "loop" */ 381| 178| "2: \n\t" 382| 178| AESKEYGENA xmm0_xmm1 ",0x01 \n\tcall 1b \n\t" 383| 178| AESKEYGENA xmm0_xmm1 ",0x02 \n\tcall 1b \n\t" 384| 178| AESKEYGENA xmm0_xmm1 ",0x04 \n\tcall 1b \n\t" 385| 178| AESKEYGENA xmm0_xmm1 ",0x08 \n\tcall 1b \n\t" 386| 178| AESKEYGENA xmm0_xmm1 ",0x10 \n\tcall 1b \n\t" 387| 178| AESKEYGENA xmm0_xmm1 ",0x20 \n\tcall 1b \n\t" 388| 178| AESKEYGENA xmm0_xmm1 ",0x40 \n\tcall 1b \n\t" 389| 178| AESKEYGENA xmm0_xmm1 ",0x80 \n\tcall 1b \n\t" 390| 178| AESKEYGENA xmm0_xmm1 ",0x1B \n\tcall 1b \n\t" 391| 178| AESKEYGENA xmm0_xmm1 ",0x36 \n\tcall 1b \n\t" 392| 178| : 393| 178| : "r" (rk), "r" (key) 394| 178| : "memory", "cc", "0" ); 395| 178|} gcrypt_light.c:aesni_setkey_enc_192: 402| 14|{ 403| 14| asm( "movdqu (%1), %%xmm0 \n\t" // copy original round key ------------------ | | 36| 14|#define asm __asm ------------------ 404| 14| "movdqu %%xmm0, (%0) \n\t" 405| 14| "add $16, %0 \n\t" 406| 14| "movq 16(%1), %%xmm1 \n\t" 407| 14| "movq %%xmm1, (%0) \n\t" 408| 14| "add $8, %0 \n\t" 409| 14| "jmp 2f \n\t" // skip auxiliary routine 410| | 411| | /* 412| | * Finish generating the next 6 quarter-keys. 413| | * 414| | * On entry xmm0 is r3:r2:r1:r0, xmm1 is stuff:stuff:r5:r4 415| | * and xmm2 is stuff:stuff:X:stuff with X = rot( sub( r3 ) ) ^ RCON. 416| | * 417| | * On exit, xmm0 is r9:r8:r7:r6 and xmm1 is stuff:stuff:r11:r10 418| | * and those are written to the round key buffer. 419| | */ 420| 14| "1: \n\t" 421| 14| "pshufd $0x55, %%xmm2, %%xmm2 \n\t" // X:X:X:X 422| 14| "pxor %%xmm0, %%xmm2 \n\t" // X+r3:X+r2:X+r1:r4 423| 14| "pslldq $4, %%xmm0 \n\t" // etc 424| 14| "pxor %%xmm0, %%xmm2 \n\t" 425| 14| "pslldq $4, %%xmm0 \n\t" 426| 14| "pxor %%xmm0, %%xmm2 \n\t" 427| 14| "pslldq $4, %%xmm0 \n\t" 428| 14| "pxor %%xmm2, %%xmm0 \n\t" // update xmm0 = r9:r8:r7:r6 429| 14| "movdqu %%xmm0, (%0) \n\t" 430| 14| "add $16, %0 \n\t" 431| 14| "pshufd $0xff, %%xmm0, %%xmm2 \n\t" // r9:r9:r9:r9 432| 14| "pxor %%xmm1, %%xmm2 \n\t" // stuff:stuff:r9+r5:r10 433| 14| "pslldq $4, %%xmm1 \n\t" // r2:r1:r0:0 434| 14| "pxor %%xmm2, %%xmm1 \n\t" // xmm1 = stuff:stuff:r11:r10 435| 14| "movq %%xmm1, (%0) \n\t" 436| 14| "add $8, %0 \n\t" 437| 14| "ret \n\t" 438| | 439| 14| "2: \n\t" 440| 14| AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t" 441| 14| AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t" 442| 14| AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t" 443| 14| AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t" 444| 14| AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t" 445| 14| AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t" 446| 14| AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t" 447| 14| AESKEYGENA xmm1_xmm2 ",0x80 \n\tcall 1b \n\t" 448| | 449| 14| : 450| 14| : "r" (rk), "r" (key) 451| 14| : "memory", "cc", "0" ); 452| 14|} gcrypt_light.c:aesni_setkey_enc_256: 459| 24|{ 460| 24| asm( "movdqu (%1), %%xmm0 \n\t" ------------------ | | 36| 24|#define asm __asm ------------------ 461| 24| "movdqu %%xmm0, (%0) \n\t" 462| 24| "add $16, %0 \n\t" 463| 24| "movdqu 16(%1), %%xmm1 \n\t" 464| 24| "movdqu %%xmm1, (%0) \n\t" 465| 24| "jmp 2f \n\t" // skip auxiliary routine 466| | 467| | /* 468| | * Finish generating the next two round keys. 469| | * 470| | * On entry xmm0 is r3:r2:r1:r0, xmm1 is r7:r6:r5:r4 and 471| | * xmm2 is X:stuff:stuff:stuff with X = rot( sub( r7 )) ^ RCON 472| | * 473| | * On exit, xmm0 is r11:r10:r9:r8 and xmm1 is r15:r14:r13:r12 474| | * and those have been written to the output buffer. 475| | */ 476| 24| "1: \n\t" 477| 24| "pshufd $0xff, %%xmm2, %%xmm2 \n\t" 478| 24| "pxor %%xmm0, %%xmm2 \n\t" 479| 24| "pslldq $4, %%xmm0 \n\t" 480| 24| "pxor %%xmm0, %%xmm2 \n\t" 481| 24| "pslldq $4, %%xmm0 \n\t" 482| 24| "pxor %%xmm0, %%xmm2 \n\t" 483| 24| "pslldq $4, %%xmm0 \n\t" 484| 24| "pxor %%xmm2, %%xmm0 \n\t" 485| 24| "add $16, %0 \n\t" 486| 24| "movdqu %%xmm0, (%0) \n\t" 487| | 488| | /* Set xmm2 to stuff:Y:stuff:stuff with Y = subword( r11 ) 489| | * and proceed to generate next round key from there */ 490| 24| AESKEYGENA xmm0_xmm2 ",0x00 \n\t" 491| 24| "pshufd $0xaa, %%xmm2, %%xmm2 \n\t" 492| 24| "pxor %%xmm1, %%xmm2 \n\t" 493| 24| "pslldq $4, %%xmm1 \n\t" 494| 24| "pxor %%xmm1, %%xmm2 \n\t" 495| 24| "pslldq $4, %%xmm1 \n\t" 496| 24| "pxor %%xmm1, %%xmm2 \n\t" 497| 24| "pslldq $4, %%xmm1 \n\t" 498| 24| "pxor %%xmm2, %%xmm1 \n\t" 499| 24| "add $16, %0 \n\t" 500| 24| "movdqu %%xmm1, (%0) \n\t" 501| 24| "ret \n\t" 502| | 503| | /* 504| | * Main "loop" - Generating one more key than necessary, 505| | * see definition of mbedtls_aes_context.buf 506| | */ 507| 24| "2: \n\t" 508| 24| AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t" 509| 24| AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t" 510| 24| AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t" 511| 24| AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t" 512| 24| AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t" 513| 24| AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t" 514| 24| AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t" 515| 24| : 516| 24| : "r" (rk), "r" (key) 517| 24| : "memory", "cc", "0" ); 518| 24|} mbedtls_cipher_list: 33| 197|{ 34| 197| const mbedtls_cipher_definition_t *def; 35| 197| int *type; 36| | 37| 197| if( ! supported_init ) ------------------ | Branch (37:9): [True: 1, False: 196] ------------------ 38| 1| { 39| 1| def = mbedtls_cipher_definitions; 40| 1| type = mbedtls_cipher_supported; 41| | 42| 7| while( def->type != 0 ) ------------------ | Branch (42:16): [True: 6, False: 1] ------------------ 43| 6| *type++ = (*def++).type; 44| | 45| 1| *type = 0; 46| | 47| 1| supported_init = 1; 48| 1| } 49| | 50| 197| return( mbedtls_cipher_supported ); 51| 197|} mbedtls_cipher_info_from_type: 55| 197|{ 56| 197| const mbedtls_cipher_definition_t *def; 57| | 58| 1.12k| for( def = mbedtls_cipher_definitions; def->info != NULL; def++ ) ------------------ | Branch (58:44): [True: 987, False: 137] ------------------ 59| 987| if( def->type == cipher_type ) ------------------ | Branch (59:13): [True: 60, False: 927] ------------------ 60| 60| return( def->info ); 61| | 62| 137| return( NULL ); 63| 197|} mbedtls_cipher_info_from_string: 67| 197|{ 68| 197| const mbedtls_cipher_definition_t *def; 69| | 70| 197| if( NULL == cipher_name ) ------------------ | Branch (70:9): [True: 54, False: 143] ------------------ 71| 54| return( NULL ); 72| | 73| 244| for( def = mbedtls_cipher_definitions; def->info != NULL; def++ ) ------------------ | Branch (73:44): [True: 238, False: 6] ------------------ 74| 238| if( ! strcmp( def->info->name, cipher_name ) ) ------------------ | Branch (74:13): [True: 137, False: 101] ------------------ 75| 137| return( def->info ); 76| | 77| 6| return( NULL ); 78| 143|} mbedtls_cipher_init: 97| 394|{ 98| 394| CIPHER_VALIDATE( ctx != NULL ); ------------------ | | 28| 394| MBEDTLS_INTERNAL_VALIDATE( cond ) | | ------------------ | | | | 31| 394|#define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (31:67): [Folded, False: 394] | | | | ------------------ | | ------------------ ------------------ 99| 394| memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) ); 100| 394|} mbedtls_cipher_setkey: 106| 394|{ 107| 394| CIPHER_VALIDATE_RET( ctx != NULL ); ------------------ | | 26| 394| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 394|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 394] | | | | ------------------ | | ------------------ ------------------ 108| 394| CIPHER_VALIDATE_RET( key != NULL ); ------------------ | | 26| 394| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 394|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 394] | | | | ------------------ | | ------------------ ------------------ 109| 394| CIPHER_VALIDATE_RET( operation == MBEDTLS_ENCRYPT || ------------------ | | 26| 394| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 394|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 394] | | | | ------------------ | | ------------------ ------------------ 110| 394| operation == MBEDTLS_DECRYPT ); 111| 394| if( ctx->cipher_info == NULL ) ------------------ | Branch (111:9): [True: 120, False: 274] ------------------ 112| 120| return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); ------------------ | | 53| 120|#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 ------------------ 113| | 114| | 115| 274| if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 && ------------------ | | 66| 274|#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02 /**< Cipher accepts keys of variable length. */ ------------------ | Branch (115:9): [True: 274, False: 0] ------------------ 116| 274| (int) ctx->cipher_info->key_bitlen != key_bitlen ) ------------------ | Branch (116:9): [True: 58, False: 216] ------------------ 117| 58| { 118| 58| return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); ------------------ | | 53| 58|#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 ------------------ 119| 58| } 120| | 121| 216| ctx->key_bitlen = key_bitlen; 122| 216| ctx->operation = operation; 123| | 124| | /* 125| | * For OFB, CFB and CTR mode always use the encryption key schedule 126| | */ 127| 216| if( MBEDTLS_ENCRYPT == operation || ------------------ | Branch (127:9): [True: 108, False: 108] ------------------ 128| 108| MBEDTLS_MODE_CFB == ctx->cipher_info->mode || ------------------ | Branch (128:9): [True: 0, False: 108] ------------------ 129| 108| MBEDTLS_MODE_OFB == ctx->cipher_info->mode || ------------------ | Branch (129:9): [True: 0, False: 108] ------------------ 130| 108| MBEDTLS_MODE_CTR == ctx->cipher_info->mode ) ------------------ | Branch (130:9): [True: 0, False: 108] ------------------ 131| 108| { 132| 108| return( ctx->cipher_info->base->setkey_enc_func( ctx->cipher_ctx, key, 133| 108| ctx->key_bitlen ) ); 134| 108| } 135| | 136| 108| if( MBEDTLS_DECRYPT == operation ) ------------------ | Branch (136:9): [True: 108, False: 0] ------------------ 137| 108| return( ctx->cipher_info->base->setkey_dec_func( ctx->cipher_ctx, key, 138| 108| ctx->key_bitlen ) ); 139| | 140| 0| return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); ------------------ | | 53| 0|#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 ------------------ 141| 108|} mbedtls_cipher_set_iv: 146| 167|{ 147| 167| size_t actual_iv_size; 148| | 149| 167| CIPHER_VALIDATE_RET( ctx != NULL ); ------------------ | | 26| 167| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 167|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 167] | | | | ------------------ | | ------------------ ------------------ 150| 167| CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); ------------------ | | 26| 167| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 167|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 167] | | | | ------------------ | | ------------------ ------------------ 151| 167| if( ctx->cipher_info == NULL ) ------------------ | Branch (151:9): [True: 0, False: 167] ------------------ 152| 0| return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); ------------------ | | 53| 0|#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 ------------------ 153| | 154| | /* avoid buffer overflow in ctx->iv */ 155| 167| if( iv_len > MBEDTLS_MAX_IV_LENGTH ) ------------------ | | 233| 167|#define MBEDTLS_MAX_IV_LENGTH 16 ------------------ | Branch (155:9): [True: 26, False: 141] ------------------ 156| 26| return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); ------------------ | | 51| 26|#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 ------------------ 157| | 158| 141| if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_IV_LEN ) != 0 ) ------------------ | | 65| 141|#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01 /**< Cipher accepts IVs of variable length. */ ------------------ | Branch (158:9): [True: 0, False: 141] ------------------ 159| 0| actual_iv_size = iv_len; 160| 141| else 161| 141| { 162| 141| actual_iv_size = ctx->cipher_info->iv_size; 163| | 164| | /* avoid reading past the end of input buffer */ 165| 141| if( actual_iv_size > iv_len ) ------------------ | Branch (165:13): [True: 0, False: 141] ------------------ 166| 0| return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); ------------------ | | 53| 0|#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 ------------------ 167| 141| } 168| | 169| | 170| 141|#if defined(MBEDTLS_GCM_C) 171| 141| if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) ------------------ | Branch (171:9): [True: 0, False: 141] ------------------ 172| 0| { 173| 0| return( mbedtls_gcm_starts( (mbedtls_gcm_context *) ctx->cipher_ctx, 174| 0| ctx->operation, 175| 0| iv, iv_len ) ); 176| 0| } 177| 141|#endif 178| | 179| | 180| 141| if ( actual_iv_size != 0 ) ------------------ | Branch (180:10): [True: 0, False: 141] ------------------ 181| 0| { 182| 0| memcpy( ctx->iv, iv, actual_iv_size ); 183| 0| ctx->iv_size = actual_iv_size; 184| 0| } 185| | 186| 141| return( 0 ); 187| 141|} mbedtls_cipher_reset: 190| 141|{ 191| 141| CIPHER_VALIDATE_RET( ctx != NULL ); ------------------ | | 26| 141| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 141|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 141] | | | | ------------------ | | ------------------ ------------------ 192| 141| if( ctx->cipher_info == NULL ) ------------------ | Branch (192:9): [True: 0, False: 141] ------------------ 193| 0| return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); ------------------ | | 53| 0|#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 ------------------ 194| | 195| | 196| 141| ctx->unprocessed_len = 0; 197| | 198| 141| return( 0 ); 199| 141|} mbedtls_cipher_update: 226| 133|{ 227| 133| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 112| 133|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 228| 133| size_t block_size; 229| | 230| 133| CIPHER_VALIDATE_RET( ctx != NULL ); ------------------ | | 26| 133| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 133|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 133] | | | | ------------------ | | ------------------ ------------------ 231| 133| CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); ------------------ | | 26| 133| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 133|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 133] | | | | ------------------ | | ------------------ ------------------ 232| 133| CIPHER_VALIDATE_RET( output != NULL ); ------------------ | | 26| 133| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 133|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 133] | | | | ------------------ | | ------------------ ------------------ 233| 133| CIPHER_VALIDATE_RET( olen != NULL ); ------------------ | | 26| 133| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 133|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 133] | | | | ------------------ | | ------------------ ------------------ 234| 133| if( ctx->cipher_info == NULL ) ------------------ | Branch (234:9): [True: 0, False: 133] ------------------ 235| 0| return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); ------------------ | | 53| 0|#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 ------------------ 236| | 237| | 238| 133| *olen = 0; 239| 133| block_size = mbedtls_cipher_get_block_size( ctx ); 240| 133| if ( 0 == block_size ) ------------------ | Branch (240:10): [True: 0, False: 133] ------------------ 241| 0| { 242| 0| return( MBEDTLS_ERR_CIPHER_INVALID_CONTEXT ); ------------------ | | 63| 0|#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380 ------------------ 243| 0| } 244| | 245| 133| if( ctx->cipher_info->mode == MBEDTLS_MODE_ECB ) ------------------ | Branch (245:9): [True: 133, False: 0] ------------------ 246| 133| { 247| 133| if( ilen != block_size ) ------------------ | Branch (247:13): [True: 18, False: 115] ------------------ 248| 18| return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); ------------------ | | 59| 18|#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 ------------------ 249| | 250| 115| *olen = ilen; 251| | 252| 115| if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx, ------------------ | Branch (252:13): [True: 0, False: 115] ------------------ 253| 115| ctx->operation, input, output ) ) ) 254| 0| { 255| 0| return( ret ); 256| 0| } 257| | 258| 115| return( 0 ); 259| 115| } 260| | 261| 0|#if defined(MBEDTLS_GCM_C) 262| 0| if( ctx->cipher_info->mode == MBEDTLS_MODE_GCM ) ------------------ | Branch (262:9): [True: 0, False: 0] ------------------ 263| 0| { 264| 0| return( mbedtls_gcm_update( (mbedtls_gcm_context *) ctx->cipher_ctx, 265| 0| input, ilen, 266| 0| output, ilen, olen ) ); 267| 0| } 268| 0|#endif 269| | 270| | 271| | 272| 0| if( input == output && ------------------ | Branch (272:9): [True: 0, False: 0] ------------------ 273| 0| ( ctx->unprocessed_len != 0 || ilen % block_size ) ) ------------------ | Branch (273:10): [True: 0, False: 0] | Branch (273:39): [True: 0, False: 0] ------------------ 274| 0| { 275| 0| return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); ------------------ | | 53| 0|#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 ------------------ 276| 0| } 277| | 278| |#if defined(MBEDTLS_CIPHER_MODE_CBC) 279| | if( ctx->cipher_info->mode == MBEDTLS_MODE_CBC ) 280| | { 281| | size_t copy_len = 0; 282| | 283| | /* 284| | * If there is not enough data for a full block, cache it. 285| | */ 286| | if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding && 287| | ilen <= block_size - ctx->unprocessed_len ) || 288| | ( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding && 289| | ilen < block_size - ctx->unprocessed_len ) || 290| | ( ctx->operation == MBEDTLS_ENCRYPT && 291| | ilen < block_size - ctx->unprocessed_len ) ) 292| | { 293| | memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, 294| | ilen ); 295| | 296| | ctx->unprocessed_len += ilen; 297| | return( 0 ); 298| | } 299| | 300| | /* 301| | * Process cached data first 302| | */ 303| | if( 0 != ctx->unprocessed_len ) 304| | { 305| | copy_len = block_size - ctx->unprocessed_len; 306| | 307| | memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input, 308| | copy_len ); 309| | 310| | if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, 311| | ctx->operation, block_size, ctx->iv, 312| | ctx->unprocessed_data, output ) ) ) 313| | { 314| | return( ret ); 315| | } 316| | 317| | *olen += block_size; 318| | output += block_size; 319| | ctx->unprocessed_len = 0; 320| | 321| | input += copy_len; 322| | ilen -= copy_len; 323| | } 324| | 325| | /* 326| | * Cache final, incomplete block 327| | */ 328| | if( 0 != ilen ) 329| | { 330| | /* Encryption: only cache partial blocks 331| | * Decryption w/ padding: always keep at least one whole block 332| | * Decryption w/o padding: only cache partial blocks 333| | */ 334| | copy_len = ilen % block_size; 335| | if( copy_len == 0 && 336| | ctx->operation == MBEDTLS_DECRYPT && 337| | NULL != ctx->add_padding) 338| | { 339| | copy_len = block_size; 340| | } 341| | 342| | memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ), 343| | copy_len ); 344| | 345| | ctx->unprocessed_len += copy_len; 346| | ilen -= copy_len; 347| | } 348| | 349| | /* 350| | * Process remaining full blocks 351| | */ 352| | if( ilen ) 353| | { 354| | if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, 355| | ctx->operation, ilen, ctx->iv, input, output ) ) ) 356| | { 357| | return( ret ); 358| | } 359| | 360| | *olen += ilen; 361| | } 362| | 363| | return( 0 ); 364| | } 365| |#endif /* MBEDTLS_CIPHER_MODE_CBC */ 366| | 367| | 368| | 369| | 370| | 371| | 372| 0| return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); ------------------ | | 51| 0|#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 ------------------ 373| 0|} mbedtls_cipher_finish: 378| 115|{ 379| 115| CIPHER_VALIDATE_RET( ctx != NULL ); ------------------ | | 26| 115| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 115|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 115] | | | | ------------------ | | ------------------ ------------------ 380| 115| CIPHER_VALIDATE_RET( output != NULL ); ------------------ | | 26| 115| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 115|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 115] | | | | ------------------ | | ------------------ ------------------ 381| 115| CIPHER_VALIDATE_RET( olen != NULL ); ------------------ | | 26| 115| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 115|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 115] | | | | ------------------ | | ------------------ ------------------ 382| 115| if( ctx->cipher_info == NULL ) ------------------ | Branch (382:9): [True: 0, False: 115] ------------------ 383| 0| return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); ------------------ | | 53| 0|#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100 ------------------ 384| | 385| | 386| 115| *olen = 0; 387| | 388| 115| if( MBEDTLS_MODE_CFB == ctx->cipher_info->mode || ------------------ | Branch (388:9): [True: 0, False: 115] ------------------ 389| 115| MBEDTLS_MODE_OFB == ctx->cipher_info->mode || ------------------ | Branch (389:9): [True: 0, False: 115] ------------------ 390| 115| MBEDTLS_MODE_CTR == ctx->cipher_info->mode || ------------------ | Branch (390:9): [True: 0, False: 115] ------------------ 391| 115| MBEDTLS_MODE_GCM == ctx->cipher_info->mode || ------------------ | Branch (391:9): [True: 0, False: 115] ------------------ 392| 115| MBEDTLS_MODE_CCM_STAR_NO_TAG == ctx->cipher_info->mode || ------------------ | Branch (392:9): [True: 0, False: 115] ------------------ 393| 115| MBEDTLS_MODE_XTS == ctx->cipher_info->mode || ------------------ | Branch (393:9): [True: 0, False: 115] ------------------ 394| 115| MBEDTLS_MODE_STREAM == ctx->cipher_info->mode ) ------------------ | Branch (394:9): [True: 0, False: 115] ------------------ 395| 0| { 396| 0| return( 0 ); 397| 0| } 398| | 399| 115| if ( ( MBEDTLS_CIPHER_CHACHA20 == ctx->cipher_info->type ) || ------------------ | Branch (399:10): [True: 0, False: 115] ------------------ 400| 115| ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) ) ------------------ | Branch (400:10): [True: 0, False: 115] ------------------ 401| 0| { 402| 0| return( 0 ); 403| 0| } 404| | 405| 115| if( MBEDTLS_MODE_ECB == ctx->cipher_info->mode ) ------------------ | Branch (405:9): [True: 115, False: 0] ------------------ 406| 115| { 407| 115| if( ctx->unprocessed_len != 0 ) ------------------ | Branch (407:13): [True: 0, False: 115] ------------------ 408| 0| return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); ------------------ | | 59| 0|#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280 ------------------ 409| | 410| 115| return( 0 ); 411| 115| } 412| | 413| |#if defined(MBEDTLS_CIPHER_MODE_CBC) 414| | if( MBEDTLS_MODE_CBC == ctx->cipher_info->mode ) 415| | { 416| | int ret = 0; 417| | 418| | if( MBEDTLS_ENCRYPT == ctx->operation ) 419| | { 420| | /* check for 'no padding' mode */ 421| | if( NULL == ctx->add_padding ) 422| | { 423| | if( 0 != ctx->unprocessed_len ) 424| | return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); 425| | 426| | return( 0 ); 427| | } 428| | 429| | ctx->add_padding( ctx->unprocessed_data, mbedtls_cipher_get_iv_size( ctx ), 430| | ctx->unprocessed_len ); 431| | } 432| | else if( mbedtls_cipher_get_block_size( ctx ) != ctx->unprocessed_len ) 433| | { 434| | /* 435| | * For decrypt operations, expect a full block, 436| | * or an empty block if no padding 437| | */ 438| | if( NULL == ctx->add_padding && 0 == ctx->unprocessed_len ) 439| | return( 0 ); 440| | 441| | return( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); 442| | } 443| | 444| | /* cipher block */ 445| | if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx, 446| | ctx->operation, mbedtls_cipher_get_block_size( ctx ), ctx->iv, 447| | ctx->unprocessed_data, output ) ) ) 448| | { 449| | return( ret ); 450| | } 451| | 452| | /* Set output size for decryption */ 453| | if( MBEDTLS_DECRYPT == ctx->operation ) 454| | return( ctx->get_padding( output, mbedtls_cipher_get_block_size( ctx ), 455| | olen ) ); 456| | 457| | /* Set output size for encryption */ 458| | *olen = mbedtls_cipher_get_block_size( ctx ); 459| | return( 0 ); 460| | } 461| |#else 462| 0| ((void) output); 463| 0|#endif /* MBEDTLS_CIPHER_MODE_CBC */ 464| | 465| 0| return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); ------------------ | | 51| 0|#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 ------------------ 466| 115|} mbedtls_cipher_crypt: 562| 49|{ 563| 49| int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ------------------ | | 112| 49|#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E ------------------ 564| 49| size_t finish_olen; 565| | 566| 49| CIPHER_VALIDATE_RET( ctx != NULL ); ------------------ | | 26| 49| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 49|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 49] | | | | ------------------ | | ------------------ ------------------ 567| 49| CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); ------------------ | | 26| 49| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 49|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 49] | | | | ------------------ | | ------------------ ------------------ 568| 49| CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); ------------------ | | 26| 49| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 49|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 49] | | | | ------------------ | | ------------------ ------------------ 569| 49| CIPHER_VALIDATE_RET( output != NULL ); ------------------ | | 26| 49| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 49|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 49] | | | | ------------------ | | ------------------ ------------------ 570| 49| CIPHER_VALIDATE_RET( olen != NULL ); ------------------ | | 26| 49| MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ) | | ------------------ | | | | 30| 49|#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) | | | | ------------------ | | | | | Branch (30:67): [Folded, False: 49] | | | | ------------------ | | ------------------ ------------------ 571| | 572| | 573| 49| if( ( ret = mbedtls_cipher_set_iv( ctx, iv, iv_len ) ) != 0 ) ------------------ | Branch (573:9): [True: 16, False: 33] ------------------ 574| 16| return( ret ); 575| | 576| 33| if( ( ret = mbedtls_cipher_reset( ctx ) ) != 0 ) ------------------ | Branch (576:9): [True: 0, False: 33] ------------------ 577| 0| return( ret ); 578| | 579| 33| if( ( ret = mbedtls_cipher_update( ctx, input, ilen, ------------------ | Branch (579:9): [True: 10, False: 23] ------------------ 580| 33| output, olen ) ) != 0 ) 581| 10| return( ret ); 582| | 583| 23| if( ( ret = mbedtls_cipher_finish( ctx, output + *olen, ------------------ | Branch (583:9): [True: 0, False: 23] ------------------ 584| 23| &finish_olen ) ) != 0 ) 585| 0| return( ret ); 586| | 587| 23| *olen += finish_olen; 588| | 589| 23| return( 0 ); 590| 23|} gcrypt_light.c:aes_crypt_ecb_wrap: 28| 115|{ 29| 115| return mbedtls_aes_crypt_ecb( (mbedtls_aes_context *) ctx, operation, input, output ); 30| 115|} gcrypt_light.c:aes_setkey_enc_wrap: 41| 108|{ 42| 108| return mbedtls_aes_setkey_enc( (mbedtls_aes_context *) ctx, key, key_bitlen ); 43| 108|} gcrypt_light.c:aes_setkey_dec_wrap: 35| 108|{ 36| 108| return mbedtls_aes_setkey_dec( (mbedtls_aes_context *) ctx, key, key_bitlen ); 37| 108|}