1 /*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <keymaster/serializable.h>
18
19 #include <assert.h>
20
21 #include <keymaster/android_keymaster_utils.h>
22
23 namespace keymaster {
24
25 namespace {
26
27 /* Performs an overflow-checked bounds check */
buffer_bound_check(const uint8_t * buf,const uint8_t * end,size_t len)28 bool buffer_bound_check(const uint8_t* buf, const uint8_t* end, size_t len) {
29 uintptr_t buf_next;
30 bool overflow_occurred = __builtin_add_overflow(__pval(buf), len, &buf_next);
31 return (!overflow_occurred) && (buf_next <= __pval(end));
32 }
33
34 } // namespace
35
append_to_buf(uint8_t * buf,const uint8_t * end,const void * data,size_t data_len)36 uint8_t* append_to_buf(uint8_t* buf, const uint8_t* end, const void* data, size_t data_len) {
37 if (buffer_bound_check(buf, end, data_len)) {
38 memcpy(buf, data, data_len);
39 return buf + data_len;
40 } else {
41 return buf;
42 }
43 }
44
copy_from_buf(const uint8_t ** buf_ptr,const uint8_t * end,void * dest,size_t size)45 bool copy_from_buf(const uint8_t** buf_ptr, const uint8_t* end, void* dest, size_t size) {
46 if (buffer_bound_check(*buf_ptr, end, size)) {
47 memcpy(dest, *buf_ptr, size);
48 *buf_ptr += size;
49 return true;
50 } else {
51 return false;
52 }
53 }
54
copy_size_and_data_from_buf(const uint8_t ** buf_ptr,const uint8_t * end,size_t * size,UniquePtr<uint8_t[]> * dest)55 bool copy_size_and_data_from_buf(const uint8_t** buf_ptr, const uint8_t* end, size_t* size,
56 UniquePtr<uint8_t[]>* dest) {
57 if (!copy_uint32_from_buf(buf_ptr, end, size)) return false;
58
59 if (*size == 0) {
60 dest->reset();
61 return true;
62 }
63
64 if (buffer_bound_check(*buf_ptr, end, *size)) {
65 dest->reset(new (std::nothrow) uint8_t[*size]);
66 if (!dest->get()) {
67 return false;
68 }
69 return copy_from_buf(buf_ptr, end, dest->get(), *size);
70 } else {
71 return false;
72 }
73 }
74
reserve(size_t size)75 bool Buffer::reserve(size_t size) {
76 if (available_write() < size) {
77 size_t new_size = buffer_size_ + size - available_write();
78 uint8_t* new_buffer = new (std::nothrow) uint8_t[new_size];
79 if (!new_buffer) return false;
80 memcpy(new_buffer, buffer_.get() + read_position_, available_read());
81 memset_s(buffer_.get(), 0, buffer_size_);
82 buffer_.reset(new_buffer);
83 buffer_size_ = new_size;
84 write_position_ -= read_position_;
85 read_position_ = 0;
86 }
87 return true;
88 }
89
Reinitialize(size_t size)90 bool Buffer::Reinitialize(size_t size) {
91 Clear();
92 buffer_.reset(new (std::nothrow) uint8_t[size]);
93 if (!buffer_.get()) return false;
94 buffer_size_ = size;
95 read_position_ = 0;
96 write_position_ = 0;
97 return true;
98 }
99
Reinitialize(const void * data,size_t data_len)100 bool Buffer::Reinitialize(const void* data, size_t data_len) {
101 Clear();
102 if (__pval(data) + data_len < __pval(data)) // Pointer wrap check
103 return false;
104 buffer_.reset(new (std::nothrow) uint8_t[data_len]);
105 if (!buffer_.get()) return false;
106 buffer_size_ = data_len;
107 memcpy(buffer_.get(), data, data_len);
108 read_position_ = 0;
109 write_position_ = buffer_size_;
110 return true;
111 }
112
available_write() const113 size_t Buffer::available_write() const {
114 assert(buffer_size_ >= write_position_);
115 return buffer_size_ - write_position_;
116 }
117
available_read() const118 size_t Buffer::available_read() const {
119 assert(buffer_size_ >= write_position_);
120 assert(write_position_ >= read_position_);
121 return write_position_ - read_position_;
122 }
123
write(const uint8_t * src,size_t write_length)124 bool Buffer::write(const uint8_t* src, size_t write_length) {
125 if (available_write() < write_length) return false;
126 memcpy(buffer_.get() + write_position_, src, write_length);
127 write_position_ += write_length;
128 return true;
129 }
130
read(uint8_t * dest,size_t read_length)131 bool Buffer::read(uint8_t* dest, size_t read_length) {
132 if (available_read() < read_length) return false;
133 memcpy(dest, buffer_.get() + read_position_, read_length);
134 read_position_ += read_length;
135 return true;
136 }
137
SerializedSize() const138 size_t Buffer::SerializedSize() const {
139 return sizeof(uint32_t) + available_read();
140 }
141
Serialize(uint8_t * buf,const uint8_t * end) const142 uint8_t* Buffer::Serialize(uint8_t* buf, const uint8_t* end) const {
143 return append_size_and_data_to_buf(buf, end, peek_read(), available_read());
144 }
145
Deserialize(const uint8_t ** buf_ptr,const uint8_t * end)146 bool Buffer::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
147 Clear();
148 if (!copy_size_and_data_from_buf(buf_ptr, end, &buffer_size_, &buffer_)) {
149 buffer_.reset();
150 buffer_size_ = 0;
151 return false;
152 }
153 write_position_ = buffer_size_;
154 return true;
155 }
156
Clear()157 void Buffer::Clear() {
158 memset_s(buffer_.get(), 0, buffer_size_);
159 buffer_.reset();
160 read_position_ = 0;
161 write_position_ = 0;
162 buffer_size_ = 0;
163 }
164
165 } // namespace keymaster
166