@@ -115,6 +115,7 @@ static status_t aes_gcm_key_construct(otcrypto_blinded_key_t *blinded_key,
115115 // Key integrity check.
116116 if (launder32 (integrity_blinded_key_check (blinded_key )) !=
117117 kHardenedBoolTrue ) {
118+ // COVERAGE (MISSING) The bad integrity input key is not covered.
118119 return OTCRYPTO_BAD_ARGS ;
119120 }
120121
@@ -156,6 +157,7 @@ static status_t aes_gcm_key_construct(otcrypto_blinded_key_t *blinded_key,
156157 aes_key -> key_shares [1 ] = share1 ;
157158 aes_key -> sideload = launder32 (kHardenedBoolFalse );
158159 } else {
160+ // COVERAGE (MISSING) A bad parameter hw_backed is not covered.
159161 return OTCRYPTO_BAD_ARGS ;
160162 }
161163 HARDENED_CHECK_EQ (aes_key -> sideload , blinded_key -> config .hw_backed );
@@ -243,6 +245,8 @@ static status_t load_key_if_sideloaded(const aes_key_t key) {
243245 if (launder32 (key .sideload ) == kHardenedBoolFalse ) {
244246 return OTCRYPTO_OK ;
245247 } else if (key .sideload != kHardenedBoolTrue ) {
248+ // COVERAGE (SW ERR) This is an internal function, the aes key's sideload is
249+ // set internal by good parameters.
246250 return OTCRYPTO_BAD_ARGS ;
247251 }
248252 HARDENED_CHECK_EQ (key .sideload , kHardenedBoolTrue );
@@ -268,6 +272,8 @@ static status_t clear_key_if_sideloaded(const aes_key_t key) {
268272 HARDENED_CHECK_EQ (key .sideload , kHardenedBoolFalse );
269273 return OTCRYPTO_OK ;
270274 } else if (launder32 (key .sideload ) != kHardenedBoolTrue ) {
275+ // COVERAGE (SW ERR) This is an internal function, the aes key's sideload is
276+ // set internal by good parameters.
271277 return OTCRYPTO_BAD_ARGS ;
272278 }
273279 HARDENED_CHECK_EQ (key .sideload , kHardenedBoolTrue );
@@ -283,6 +289,7 @@ otcrypto_status_t otcrypto_aes_gcm_encrypt(
283289 // buffers.
284290 if (key == NULL || iv == NULL || iv -> data == NULL || auth_tag == NULL ||
285291 auth_tag -> data == NULL ) {
292+ // COVERAGE (MISSING) We do not cover NULL inputs.
286293 return OTCRYPTO_BAD_ARGS ;
287294 }
288295
@@ -448,6 +455,7 @@ otcrypto_status_t otcrypto_aes_gcm_update_aad(
448455
449456 if (aad -> len == 0 ) {
450457 // Nothing to do.
458+ // COVERAGE (MISSING) We do not cover the length 0 aad on update.
451459 return OTCRYPTO_OK ;
452460 }
453461
@@ -480,6 +488,7 @@ otcrypto_status_t otcrypto_aes_gcm_update_encrypted_data(
480488
481489 if (input -> len == 0 ) {
482490 // Nothing to do.
491+ // COVERAGE (MISSING) We do not cover the length 0 input on update.
483492 return OTCRYPTO_OK ;
484493 }
485494
@@ -494,6 +503,7 @@ otcrypto_status_t otcrypto_aes_gcm_update_encrypted_data(
494503 // exist after `input` is added.
495504 size_t partial_block_len = internal_ctx .input_len % kAesBlockNumBytes ;
496505 if (input -> len > UINT32_MAX - partial_block_len ) {
506+ // COVERAGE (MISSING) We do not cover too short output buffers.
497507 return OTCRYPTO_BAD_ARGS ;
498508 }
499509 size_t min_output_blocks =
0 commit comments