8d35b2c4e2
(This is a merge of http://go/wvgerrit/134403.) Reported as errors by UBSAN Bug: 194971260 Test: Ran ODK unit tests Change-Id: I2f38fb6952d259458af8498e86b3308421e93320
179 lines
5.4 KiB
C
179 lines
5.4 KiB
C
// Copyright 2019 Google LLC. All rights reserved. This file and proprietary
|
|
// source code may only be used and distributed under the Widevine
|
|
// License Agreement.
|
|
|
|
#include "serialization_base.h"
|
|
|
|
#include <assert.h>
|
|
#include <stddef.h>
|
|
#include <stdint.h>
|
|
#include <string.h>
|
|
|
|
#include "OEMCryptoCENCCommon.h"
|
|
#include "odk_message.h"
|
|
#include "odk_message_priv.h"
|
|
#include "odk_overflow.h"
|
|
|
|
/*
|
|
* An ODK_Message_Impl pointer must only be obtained by calling GetMessageImpl.
|
|
* This forces any message to pass the validity check before being operated on,
|
|
* which means that no function can modify or access the internals of a message
|
|
* without having it be validated first.
|
|
*/
|
|
static ODK_Message_Impl* GetMessageImpl(ODK_Message* message) {
|
|
if (!ODK_Message_IsValid(message)) return NULL;
|
|
return (ODK_Message_Impl*)message;
|
|
}
|
|
|
|
static void PackBytes(ODK_Message* message, const uint8_t* ptr, size_t count) {
|
|
ODK_Message_Impl* message_impl = GetMessageImpl(message);
|
|
if (!message_impl) return;
|
|
if (count <= message_impl->capacity - message_impl->size) {
|
|
memcpy((void*)(message_impl->base + message_impl->size), (const void*)ptr,
|
|
count);
|
|
message_impl->size += count;
|
|
} else {
|
|
message_impl->status = MESSAGE_STATUS_OVERFLOW_ERROR;
|
|
}
|
|
}
|
|
|
|
void Pack_enum(ODK_Message* message, int value) {
|
|
uint32_t v32 = value;
|
|
Pack_uint32_t(message, &v32);
|
|
}
|
|
|
|
void Pack_bool(ODK_Message* message, const bool* value) {
|
|
assert(value);
|
|
uint8_t data[4] = {0};
|
|
data[3] = *value ? 1 : 0;
|
|
PackBytes(message, data, sizeof(data));
|
|
}
|
|
|
|
void Pack_uint16_t(ODK_Message* message, const uint16_t* value) {
|
|
assert(value);
|
|
uint8_t data[2] = {0};
|
|
data[0] = (uint8_t)(*value >> 8);
|
|
data[1] = (uint8_t)(*value >> 0);
|
|
PackBytes(message, data, sizeof(data));
|
|
}
|
|
|
|
void Pack_uint32_t(ODK_Message* message, const uint32_t* value) {
|
|
assert(value);
|
|
uint8_t data[4] = {0};
|
|
data[0] = (uint8_t)(*value >> 24);
|
|
data[1] = (uint8_t)(*value >> 16);
|
|
data[2] = (uint8_t)(*value >> 8);
|
|
data[3] = (uint8_t)(*value >> 0);
|
|
PackBytes(message, data, sizeof(data));
|
|
}
|
|
|
|
void Pack_uint64_t(ODK_Message* message, const uint64_t* value) {
|
|
assert(value);
|
|
uint32_t hi = (uint32_t)(*value >> 32);
|
|
uint32_t lo = (uint32_t)(*value);
|
|
Pack_uint32_t(message, &hi);
|
|
Pack_uint32_t(message, &lo);
|
|
}
|
|
|
|
void PackArray(ODK_Message* message, const uint8_t* base, size_t size) {
|
|
PackBytes(message, base, size);
|
|
}
|
|
|
|
void Pack_OEMCrypto_Substring(ODK_Message* message,
|
|
const OEMCrypto_Substring* obj) {
|
|
assert(obj);
|
|
uint32_t offset = (uint32_t)obj->offset;
|
|
uint32_t length = (uint32_t)obj->length;
|
|
Pack_uint32_t(message, &offset);
|
|
Pack_uint32_t(message, &length);
|
|
}
|
|
|
|
static void UnpackBytes(ODK_Message* message, uint8_t* ptr, size_t count) {
|
|
assert(ptr);
|
|
ODK_Message_Impl* message_impl = GetMessageImpl(message);
|
|
if (!message_impl) return;
|
|
if (count <= message_impl->size - message_impl->read_offset) {
|
|
memcpy((void*)ptr, (void*)(message_impl->base + message_impl->read_offset),
|
|
count);
|
|
message_impl->read_offset += count;
|
|
} else {
|
|
message_impl->status = MESSAGE_STATUS_UNDERFLOW_ERROR;
|
|
}
|
|
}
|
|
|
|
int Unpack_enum(ODK_Message* message) {
|
|
uint32_t v32;
|
|
Unpack_uint32_t(message, &v32);
|
|
return (int)v32;
|
|
}
|
|
|
|
void Unpack_bool(ODK_Message* message, bool* value) {
|
|
uint8_t data[4] = {0};
|
|
UnpackBytes(message, data, sizeof(data));
|
|
assert(value);
|
|
*value = (0 != data[3]);
|
|
}
|
|
|
|
void Unpack_uint16_t(ODK_Message* message, uint16_t* value) {
|
|
assert(value);
|
|
uint8_t data[2] = {0};
|
|
UnpackBytes(message, data, sizeof(data));
|
|
*value = data[0];
|
|
*value = *value << 8 | data[1];
|
|
}
|
|
|
|
void Unpack_uint32_t(ODK_Message* message, uint32_t* value) {
|
|
ODK_Message_Impl* message_impl = GetMessageImpl(message);
|
|
if (!message_impl) return;
|
|
uint8_t data[4] = {0};
|
|
UnpackBytes(message, data, sizeof(data));
|
|
assert(value);
|
|
*value = data[0];
|
|
*value = *value << 8 | data[1];
|
|
*value = *value << 8 | data[2];
|
|
*value = *value << 8 | data[3];
|
|
}
|
|
|
|
void Unpack_uint64_t(ODK_Message* message, uint64_t* value) {
|
|
uint32_t hi = 0;
|
|
uint32_t lo = 0;
|
|
Unpack_uint32_t(message, &hi);
|
|
Unpack_uint32_t(message, &lo);
|
|
assert(value);
|
|
*value = hi;
|
|
*value = *value << 32 | lo;
|
|
}
|
|
|
|
void Unpack_OEMCrypto_Substring(ODK_Message* message,
|
|
OEMCrypto_Substring* obj) {
|
|
uint32_t offset = 0, length = 0;
|
|
Unpack_uint32_t(message, &offset);
|
|
Unpack_uint32_t(message, &length);
|
|
ODK_Message_Impl* message_impl = GetMessageImpl(message);
|
|
if (!message_impl) return;
|
|
|
|
/* Each substring should be contained within the message body, which is in the
|
|
* total message, just after the core message. The offset of a substring is
|
|
* relative to the message body. So we need to verify:
|
|
* 0 < offset and offset + length < message_impl->capacity -
|
|
* message_impl->size or offset + length + message_impl->size <
|
|
* message_impl->capacity
|
|
*/
|
|
size_t substring_end = 0; /* = offset + length; */
|
|
size_t end = 0; /* = substring_end + message_impl->size; */
|
|
if (odk_add_overflow_ux(offset, length, &substring_end) ||
|
|
odk_add_overflow_ux(substring_end, message_impl->size, &end) ||
|
|
end > message_impl->capacity) {
|
|
message_impl->status = MESSAGE_STATUS_OVERFLOW_ERROR;
|
|
return;
|
|
}
|
|
assert(obj);
|
|
obj->offset = offset;
|
|
obj->length = length;
|
|
}
|
|
|
|
/* copy out */
|
|
void UnpackArray(ODK_Message* message, uint8_t* address, size_t size) {
|
|
UnpackBytes(message, address, size);
|
|
}
|