OpenCoverage

e_chacha20poly1305.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/evp/e_chacha20poly1305.c
Switch to Source codePreprocessed file
LineSourceCount
1-
2-
3-
4-
5-
6-
7-
8-
9-
10-
11-
12-
13struct aead_chacha20_poly1305_ctx {-
14 unsigned char key[32];-
15 unsigned char tag_len;-
16};-
17-
18static int-
19aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const unsigned char *key,-
20 size_t key_len, size_t tag_len)-
21{-
22 struct aead_chacha20_poly1305_ctx *c20_ctx;-
23-
24 if (tag_len == 0
tag_len == 0Description
TRUEevaluated 68 times by 2 tests
Evaluated by:
  • ssltest
  • tlstest
FALSEevaluated 4 times by 1 test
Evaluated by:
  • aeadtest
)		4-68
25 tag_len = 16;
executed 68 times by 2 tests: tag_len = 16;
Executed by:
  • ssltest
  • tlstest
68
26-
27 if (tag_len > 16
tag_len > 16Description
TRUEnever evaluated
FALSEevaluated 72 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
) {		0-72
28 ERR_put_error(6,(0xfff),(164),__FILE__,55);-
29 return
never executed: return 0;
 0;
never executed: return 0;
0
30 }-
31-
32-
33 if (key_len != sizeof(c20_ctx->key)
key_len != siz...(c20_ctx->key)Description
TRUEnever evaluated
FALSEevaluated 72 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
)		0-72
34 return
never executed: return 0;
 0;
never executed: return 0;
0
35-
36 c20_ctx = malloc(sizeof(struct aead_chacha20_poly1305_ctx));-
37 if (c20_ctx ==
c20_ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 72 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
0-72
38 ((void *)0)
c20_ctx == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 72 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
0-72
39 )-
40 return
never executed: return 0;
 0;
never executed: return 0;
0
41-
42 memcpy(&c20_ctx->key[0], key, key_len);-
43 c20_ctx->tag_len = tag_len;-
44 ctx->aead_state = c20_ctx;-
45-
46 return
executed 72 times by 3 tests: return 1;
Executed by:
  • aeadtest
  • ssltest
  • tlstest
 1;
executed 72 times by 3 tests: return 1;
Executed by:
  • aeadtest
  • ssltest
  • tlstest
72
47}-
48-
49static void-
50aead_chacha20_poly1305_cleanup(EVP_AEAD_CTX *ctx)-
51{-
52 struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;-
53-
54 freezero(c20_ctx, sizeof(*c20_ctx));-
55}
executed 72 times by 3 tests: end of block
Executed by:
  • aeadtest
  • ssltest
  • tlstest
72
56-
57static void-
58poly1305_update_with_length(poly1305_state *poly1305,-
59 const unsigned char *data, size_t data_len)-
60{-
61 size_t j = data_len;-
62 unsigned char length_bytes[8];-
63 unsigned i;-
64-
65 for (i = 0; i < sizeof(length_bytes)
i < sizeof(length_bytes)Description
TRUEevaluated 2656 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
FALSEevaluated 332 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
; i++) {		332-2656
66 length_bytes[i] = j;-
67 j >>= 8;-
68 }
executed 2656 times by 3 tests: end of block
Executed by:
  • aeadtest
  • ssltest
  • tlstest
2656
69-
70 if (data !=
data != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 332 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
0-332
71 ((void *)0)
data != ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 332 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
0-332
72 )-
73 CRYPTO_poly1305_update(poly1305, data, data_len);
never executed: CRYPTO_poly1305_update(poly1305, data, data_len);
0
74 CRYPTO_poly1305_update(poly1305, length_bytes, sizeof(length_bytes));-
75}
executed 332 times by 3 tests: end of block
Executed by:
  • aeadtest
  • ssltest
  • tlstest
332
76-
77static void-
78poly1305_update_with_pad16(poly1305_state *poly1305,-
79 const unsigned char *data, size_t data_len)-
80{-
81 static const unsigned char zero_pad16[16];-
82 size_t pad_len;-
83-
84 CRYPTO_poly1305_update(poly1305, data, data_len);-
85-
86-
87 if ((
(pad_len = data_len % 16) == 0Description
TRUEevaluated 123 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
FALSEevaluated 209 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
pad_len = data_len % 16) == 0
(pad_len = data_len % 16) == 0Description
TRUEevaluated 123 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
FALSEevaluated 209 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
)		123-209
88 return;
executed 123 times by 3 tests: return;
Executed by:
  • aeadtest
  • ssltest
  • tlstest
123
89-
90 CRYPTO_poly1305_update(poly1305, zero_pad16, 16 - pad_len);-
91}
executed 209 times by 3 tests: end of block
Executed by:
  • aeadtest
  • ssltest
  • tlstest
209
92-
93static int-
94aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, unsigned char *out,-
95 size_t *out_len, size_t max_out_len, const unsigned char *nonce,-
96 size_t nonce_len, const unsigned char *in, size_t in_len,-
97 const unsigned char *ad, size_t ad_len)-
98{-
99 const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;-
100 unsigned char poly1305_key[32];-
101 poly1305_state poly1305;-
102 const unsigned char *iv;-
103 const uint64_t in_len_64 = in_len;-
104 uint64_t ctr;-
105 if (in_len_64 >= (1ULL << 32) * 64 - 64
in_len_64 >= (... 32) * 64 - 64Description
TRUEnever evaluated
FALSEevaluated 98 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
) {		0-98
106 ERR_put_error(6,(0xfff),(164),__FILE__,137);-
107 return
never executed: return 0;
 0;
never executed: return 0;
0
108 }-
109-
110 if (max_out_len < in_len + c20_ctx->tag_len
max_out_len < ...0_ctx->tag_lenDescription
TRUEnever evaluated
FALSEevaluated 98 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
) {		0-98
111 ERR_put_error(6,(0xfff),(155),__FILE__,142);-
112 return
never executed: return 0;
 0;
never executed: return 0;
0
113 }-
114-
115 if (nonce_len != ctx->aead->nonce_len
nonce_len != c...ead->nonce_lenDescription
TRUEnever evaluated
FALSEevaluated 98 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
) {		0-98
116 ERR_put_error(6,(0xfff),(102),__FILE__,147);-
117 return
never executed: return 0;
 0;
never executed: return 0;
0
118 }-
119-
120 ctr = (uint64_t)(nonce[0] | nonce[1] << 8 |-
121 nonce[2] << 16 | nonce[3] << 24) << 32;-
122 iv = nonce + 4;-
123-
124 memset(poly1305_key, 0, sizeof(poly1305_key));-
125 CRYPTO_chacha_20(poly1305_key, poly1305_key,-
126 sizeof(poly1305_key), c20_ctx->key, iv, ctr);-
127-
128 CRYPTO_poly1305_init(&poly1305, poly1305_key);-
129 poly1305_update_with_pad16(&poly1305, ad, ad_len);-
130 CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, iv, ctr + 1);-
131 poly1305_update_with_pad16(&poly1305, out, in_len);-
132 poly1305_update_with_length(&poly1305, -
133 ((void *)0)-
134 , ad_len);-
135 poly1305_update_with_length(&poly1305, -
136 ((void *)0)-
137 , in_len);-
138-
139 if (c20_ctx->tag_len != 16
c20_ctx->tag_len != 16Description
TRUEnever evaluated
FALSEevaluated 98 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
) {		0-98
140 unsigned char tag[16];-
141 CRYPTO_poly1305_finish(&poly1305, tag);-
142 memcpy(out + in_len, tag, c20_ctx->tag_len);-
143 *out_len = in_len + c20_ctx->tag_len;-
144 return
never executed: return 1;
 1;
never executed: return 1;
0
145 }-
146-
147 CRYPTO_poly1305_finish(&poly1305, out + in_len);-
148 *out_len = in_len + 16;-
149 return
executed 98 times by 3 tests: return 1;
Executed by:
  • aeadtest
  • ssltest
  • tlstest
 1;
executed 98 times by 3 tests: return 1;
Executed by:
  • aeadtest
  • ssltest
  • tlstest
98
150}-
151-
152static int-
153aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out,-
154 size_t *out_len, size_t max_out_len, const unsigned char *nonce,-
155 size_t nonce_len, const unsigned char *in, size_t in_len,-
156 const unsigned char *ad, size_t ad_len)-
157{-
158 const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;-
159 unsigned char mac[16];-
160 unsigned char poly1305_key[32];-
161 const unsigned char *iv = nonce;-
162 poly1305_state poly1305;-
163 const uint64_t in_len_64 = in_len;-
164 size_t plaintext_len;-
165 uint64_t ctr = 0;-
166-
167 if (in_len < c20_ctx->tag_len
in_len < c20_ctx->tag_lenDescription
TRUEnever evaluated
FALSEevaluated 68 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
) {		0-68
168 ERR_put_error(6,(0xfff),(100),__FILE__,195);-
169 return
never executed: return 0;
 0;
never executed: return 0;
0
170 }-
171 if (in_len_64 >= (1ULL << 32) * 64 - 64
in_len_64 >= (... 32) * 64 - 64Description
TRUEnever evaluated
FALSEevaluated 68 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
) {		0-68
172 ERR_put_error(6,(0xfff),(164),__FILE__,207);-
173 return
never executed: return 0;
 0;
never executed: return 0;
0
174 }-
175-
176 if (nonce_len != ctx->aead->nonce_len
nonce_len != c...ead->nonce_lenDescription
TRUEnever evaluated
FALSEevaluated 68 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
) {		0-68
177 ERR_put_error(6,(0xfff),(102),__FILE__,212);-
178 return
never executed: return 0;
 0;
never executed: return 0;
0
179 }-
180-
181 plaintext_len = in_len - c20_ctx->tag_len;-
182-
183 if (max_out_len < plaintext_len
max_out_len < plaintext_lenDescription
TRUEnever evaluated
FALSEevaluated 68 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
) {		0-68
184 ERR_put_error(6,(0xfff),(155),__FILE__,219);-
185 return
never executed: return 0;
 0;
never executed: return 0;
0
186 }-
187-
188 ctr = (uint64_t)(nonce[0] | nonce[1] << 8 |-
189 nonce[2] << 16 | nonce[3] << 24) << 32;-
190 iv = nonce + 4;-
191-
192 memset(poly1305_key, 0, sizeof(poly1305_key));-
193 CRYPTO_chacha_20(poly1305_key, poly1305_key,-
194 sizeof(poly1305_key), c20_ctx->key, iv, ctr);-
195-
196 CRYPTO_poly1305_init(&poly1305, poly1305_key);-
197 poly1305_update_with_pad16(&poly1305, ad, ad_len);-
198 poly1305_update_with_pad16(&poly1305, in, plaintext_len);-
199 poly1305_update_with_length(&poly1305, -
200 ((void *)0)-
201 , ad_len);-
202 poly1305_update_with_length(&poly1305, -
203 ((void *)0)-
204 , plaintext_len);-
205-
206 CRYPTO_poly1305_finish(&poly1305, mac);-
207-
208 if (timingsafe_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0
timingsafe_mem...>tag_len) != 0Description
TRUEevaluated 4 times by 1 test
Evaluated by:
  • aeadtest
FALSEevaluated 64 times by 3 tests
Evaluated by:
  • aeadtest
  • ssltest
  • tlstest
) {		4-64
209 ERR_put_error(6,(0xfff),(100),__FILE__,240);-
210 return
executed 4 times by 1 test: return 0;
Executed by:
  • aeadtest
 0;
executed 4 times by 1 test: return 0;
Executed by:
  • aeadtest
4
211 }-
212-
213 CRYPTO_chacha_20(out, in, plaintext_len, c20_ctx->key, iv, ctr + 1);-
214 *out_len = plaintext_len;-
215 return
executed 64 times by 3 tests: return 1;
Executed by:
  • aeadtest
  • ssltest
  • tlstest
 1;
executed 64 times by 3 tests: return 1;
Executed by:
  • aeadtest
  • ssltest
  • tlstest
64
216}-
217-
218-
219static const EVP_AEAD aead_chacha20_poly1305 = {-
220 .key_len = 32,-
221 .nonce_len = (4 + 8),-
222 .overhead = 16,-
223 .max_tag_len = 16,-
224-
225 .init = aead_chacha20_poly1305_init,-
226 .cleanup = aead_chacha20_poly1305_cleanup,-
227 .seal = aead_chacha20_poly1305_seal,-
228 .open = aead_chacha20_poly1305_open,-
229};-
230-
231const EVP_AEAD *-
232EVP_aead_chacha20_poly1305()-
233{-
234 return
executed 38 times by 3 tests: return &aead_chacha20_poly1305;
Executed by:
  • aeadtest
  • ssltest
  • tlstest
 &aead_chacha20_poly1305;
executed 38 times by 3 tests: return &aead_chacha20_poly1305;
Executed by:
  • aeadtest
  • ssltest
  • tlstest
38
235}-
Switch to Source codePreprocessed file
Generated by Squish Coco 4.2.2