Skip to content

Commit 73b58bd

Browse files
wojciechozgawojciechozga
committed
make sure we use same endianness for serializing and deserializing TAP
Signed-off-by: Wojciech Ozga <woz@zurich.ibm.com>
1 parent 0e1a0d9 commit 73b58bd

1 file changed

Lines changed: 12 additions & 11 deletions

File tree

  • security-monitor/rust-crates/riscv_cove_tap/src

security-monitor/rust-crates/riscv_cove_tap/src/parser.rs

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -33,12 +33,16 @@ impl AttestationPayloadParser {
3333
let _name = self.read_u64()?;
3434
let algorithm = LockboxAlgorithm::from_u16(self.read_u16()?)?;
3535
let esk_size = self.read_u16()? as usize;
36+
ensure!(esk_size < 100_000, TapError::InvalidSize())?;
3637
let esk = self.read_exact(esk_size)?;
3738
let nonce_size = self.read_u16()? as usize;
39+
ensure!(nonce_size < 100_000, TapError::InvalidSize())?;
3840
let nonce = self.read_exact(nonce_size)?;
3941
let tag_size = self.read_u16()? as usize;
42+
ensure!(tag_size < 100_000, TapError::InvalidSize())?;
4043
let tag = self.read_exact(tag_size)?;
4144
let tsk_size = self.read_u16()? as usize;
45+
ensure!(tsk_size < 100_000, TapError::InvalidSize())?;
4246
symmetric_key = self.read_exact(tsk_size)?;
4347
algorithm.decode(decapsulation_key, &esk, &nonce, &tag, &mut symmetric_key)?;
4448
}
@@ -54,7 +58,7 @@ impl AttestationPayloadParser {
5458
let mut digests = Vec::with_capacity(number_of_digests.into());
5559
for _ in 0..number_of_digests {
5660
let size = self.read_u16()? as usize;
57-
ensure!(size >= 4, TapError::InvalidSize())?;
61+
ensure!(4 <= size && size < 100_000, TapError::InvalidSize())?;
5862
let pcr_id = self.read_u16()?;
5963
let algorithm = DigestAlgorithm::from_u16(self.read_u16()?)?;
6064
let value = self.read_exact(size-4)?;
@@ -69,7 +73,7 @@ impl AttestationPayloadParser {
6973
let mut secrets = vec![];
7074
for _ in 0..number_of_secrets {
7175
let size = self.read_u16()? as usize;
72-
ensure!(size >= 10, TapError::InvalidSize())?;
76+
ensure!(10 <= size && size < 100_000, TapError::InvalidSize())?;
7377
let name = self.read_u64()? as u64;
7478
let value = self.read_exact(size-10)?;
7579
secrets.push(Secret { name, value });
@@ -82,10 +86,13 @@ impl AttestationPayloadParser {
8286
use aes_gcm::{AeadInPlace, Aes256Gcm, Key, KeyInit, Tag, Nonce};
8387

8488
let nonce_size = self.read_u16()? as usize;
89+
ensure!(nonce_size < 100_000, TapError::InvalidSize())?;
8590
let nonce = self.read_exact(nonce_size)?;
8691
let tag_size = self.read_u16()? as usize;
92+
ensure!(tag_size < 100_000, TapError::InvalidSize())?;
8793
let tag = self.read_exact(tag_size)?;
8894
let payload_size = self.read_u16()? as usize;
95+
ensure!(payload_size < 100_000, TapError::InvalidSize())?;
8996

9097
ensure!(symmetric_key.len() == 32, TapError::InvalidTskSize())?;
9198
let cipher = Aes256Gcm::new(Key::<Aes256Gcm>::from_slice(symmetric_key));
@@ -97,21 +104,15 @@ impl AttestationPayloadParser {
97104
}
98105

99106
fn read_u16(&mut self) -> Result<u16, TapError> {
100-
let value = unsafe { (self.pointer as *const u16).read_volatile() };
101-
self.pointer = self.pointer.wrapping_add(2);
102-
Ok(value)
107+
Ok(u16::from_le_bytes(self.read_exact(2)?.try_into().map_err(|_| TapError::InvalidSize())?))
103108
}
104109

105110
fn read_u32(&mut self) -> Result<u32, TapError> {
106-
let value = unsafe { (self.pointer as *const u32).read_volatile() };
107-
self.pointer = self.pointer.wrapping_add(4);
108-
Ok(value)
111+
Ok(u32::from_le_bytes(self.read_exact(4)?.try_into().map_err(|_| TapError::InvalidSize())?))
109112
}
110113

111114
fn read_u64(&mut self) -> Result<u64, TapError> {
112-
let value = unsafe { (self.pointer as *const u64).read_volatile() };
113-
self.pointer = self.pointer.wrapping_add(8);
114-
Ok(value)
115+
Ok(u64::from_le_bytes(self.read_exact(8)?.try_into().map_err(|_| TapError::InvalidSize())?))
115116
}
116117

117118
fn read_exact(&mut self, size: usize) -> Result<Vec<u8>, TapError> {

0 commit comments

Comments
 (0)