1 // Copyright (c) 2019-2020 The Bitcoin Core developers
2 // Distributed under the MIT software license, see the accompanying
3 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5 #include <map>
6 #include <vector>
7 #include <assert.h>
8 #include <crypto/common.h>
9
10 namespace {
11
12 constexpr uint32_t INVALID = 0xFFFFFFFF;
13
DecodeBits(std::vector<bool>::const_iterator & bitpos,const std::vector<bool>::const_iterator & endpos,uint8_t minval,const std::vector<uint8_t> & bit_sizes)14 uint32_t DecodeBits(std::vector<bool>::const_iterator& bitpos, const std::vector<bool>::const_iterator& endpos, uint8_t minval, const std::vector<uint8_t> &bit_sizes)
15 {
16 uint32_t val = minval;
17 bool bit;
18 for (std::vector<uint8_t>::const_iterator bit_sizes_it = bit_sizes.begin();
19 bit_sizes_it != bit_sizes.end(); ++bit_sizes_it) {
20 if (bit_sizes_it + 1 != bit_sizes.end()) {
21 if (bitpos == endpos) break;
22 bit = *bitpos;
23 bitpos++;
24 } else {
25 bit = 0;
26 }
27 if (bit) {
28 val += (1 << *bit_sizes_it);
29 } else {
30 for (int b = 0; b < *bit_sizes_it; b++) {
31 if (bitpos == endpos) return INVALID; // Reached EOF in mantissa
32 bit = *bitpos;
33 bitpos++;
34 val += bit << (*bit_sizes_it - 1 - b);
35 }
36 return val;
37 }
38 }
39 return INVALID; // Reached EOF in exponent
40 }
41
42 enum class Instruction : uint32_t
43 {
44 RETURN = 0,
45 JUMP = 1,
46 MATCH = 2,
47 DEFAULT = 3,
48 };
49
50 const std::vector<uint8_t> TYPE_BIT_SIZES{0, 0, 1};
DecodeType(std::vector<bool>::const_iterator & bitpos,const std::vector<bool>::const_iterator & endpos)51 Instruction DecodeType(std::vector<bool>::const_iterator& bitpos, const std::vector<bool>::const_iterator& endpos)
52 {
53 return Instruction(DecodeBits(bitpos, endpos, 0, TYPE_BIT_SIZES));
54 }
55
56 const std::vector<uint8_t> ASN_BIT_SIZES{15, 16, 17, 18, 19, 20, 21, 22, 23, 24};
DecodeASN(std::vector<bool>::const_iterator & bitpos,const std::vector<bool>::const_iterator & endpos)57 uint32_t DecodeASN(std::vector<bool>::const_iterator& bitpos, const std::vector<bool>::const_iterator& endpos)
58 {
59 return DecodeBits(bitpos, endpos, 1, ASN_BIT_SIZES);
60 }
61
62
63 const std::vector<uint8_t> MATCH_BIT_SIZES{1, 2, 3, 4, 5, 6, 7, 8};
DecodeMatch(std::vector<bool>::const_iterator & bitpos,const std::vector<bool>::const_iterator & endpos)64 uint32_t DecodeMatch(std::vector<bool>::const_iterator& bitpos, const std::vector<bool>::const_iterator& endpos)
65 {
66 return DecodeBits(bitpos, endpos, 2, MATCH_BIT_SIZES);
67 }
68
69
70 const std::vector<uint8_t> JUMP_BIT_SIZES{5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30};
DecodeJump(std::vector<bool>::const_iterator & bitpos,const std::vector<bool>::const_iterator & endpos)71 uint32_t DecodeJump(std::vector<bool>::const_iterator& bitpos, const std::vector<bool>::const_iterator& endpos)
72 {
73 return DecodeBits(bitpos, endpos, 17, JUMP_BIT_SIZES);
74 }
75
76 }
77
Interpret(const std::vector<bool> & asmap,const std::vector<bool> & ip)78 uint32_t Interpret(const std::vector<bool> &asmap, const std::vector<bool> &ip)
79 {
80 std::vector<bool>::const_iterator pos = asmap.begin();
81 const std::vector<bool>::const_iterator endpos = asmap.end();
82 uint8_t bits = ip.size();
83 uint32_t default_asn = 0;
84 uint32_t jump, match, matchlen;
85 Instruction opcode;
86 while (pos != endpos) {
87 opcode = DecodeType(pos, endpos);
88 if (opcode == Instruction::RETURN) {
89 default_asn = DecodeASN(pos, endpos);
90 if (default_asn == INVALID) break; // ASN straddles EOF
91 return default_asn;
92 } else if (opcode == Instruction::JUMP) {
93 jump = DecodeJump(pos, endpos);
94 if (jump == INVALID) break; // Jump offset straddles EOF
95 if (bits == 0) break; // No input bits left
96 if (int64_t{jump} >= int64_t{endpos - pos}) break; // Jumping past EOF
97 if (ip[ip.size() - bits]) {
98 pos += jump;
99 }
100 bits--;
101 } else if (opcode == Instruction::MATCH) {
102 match = DecodeMatch(pos, endpos);
103 if (match == INVALID) break; // Match bits straddle EOF
104 matchlen = CountBits(match) - 1;
105 if (bits < matchlen) break; // Not enough input bits
106 for (uint32_t bit = 0; bit < matchlen; bit++) {
107 if ((ip[ip.size() - bits]) != ((match >> (matchlen - 1 - bit)) & 1)) {
108 return default_asn;
109 }
110 bits--;
111 }
112 } else if (opcode == Instruction::DEFAULT) {
113 default_asn = DecodeASN(pos, endpos);
114 if (default_asn == INVALID) break; // ASN straddles EOF
115 } else {
116 break; // Instruction straddles EOF
117 }
118 }
119 assert(false); // Reached EOF without RETURN, or aborted (see any of the breaks above) - should have been caught by SanityCheckASMap below
120 return 0; // 0 is not a valid ASN
121 }
122
SanityCheckASMap(const std::vector<bool> & asmap,int bits)123 bool SanityCheckASMap(const std::vector<bool>& asmap, int bits)
124 {
125 const std::vector<bool>::const_iterator begin = asmap.begin(), endpos = asmap.end();
126 std::vector<bool>::const_iterator pos = begin;
127 std::vector<std::pair<uint32_t, int>> jumps; // All future positions we may jump to (bit offset in asmap -> bits to consume left)
128 jumps.reserve(bits);
129 Instruction prevopcode = Instruction::JUMP;
130 bool had_incomplete_match = false;
131 while (pos != endpos) {
132 uint32_t offset = pos - begin;
133 if (!jumps.empty() && offset >= jumps.back().first) return false; // There was a jump into the middle of the previous instruction
134 Instruction opcode = DecodeType(pos, endpos);
135 if (opcode == Instruction::RETURN) {
136 if (prevopcode == Instruction::DEFAULT) return false; // There should not be any RETURN immediately after a DEFAULT (could be combined into just RETURN)
137 uint32_t asn = DecodeASN(pos, endpos);
138 if (asn == INVALID) return false; // ASN straddles EOF
139 if (jumps.empty()) {
140 // Nothing to execute anymore
141 if (endpos - pos > 7) return false; // Excessive padding
142 while (pos != endpos) {
143 if (*pos) return false; // Nonzero padding bit
144 ++pos;
145 }
146 return true; // Sanely reached EOF
147 } else {
148 // Continue by pretending we jumped to the next instruction
149 offset = pos - begin;
150 if (offset != jumps.back().first) return false; // Unreachable code
151 bits = jumps.back().second; // Restore the number of bits we would have had left after this jump
152 jumps.pop_back();
153 prevopcode = Instruction::JUMP;
154 }
155 } else if (opcode == Instruction::JUMP) {
156 uint32_t jump = DecodeJump(pos, endpos);
157 if (jump == INVALID) return false; // Jump offset straddles EOF
158 if (int64_t{jump} > int64_t{endpos - pos}) return false; // Jump out of range
159 if (bits == 0) return false; // Consuming bits past the end of the input
160 --bits;
161 uint32_t jump_offset = pos - begin + jump;
162 if (!jumps.empty() && jump_offset >= jumps.back().first) return false; // Intersecting jumps
163 jumps.emplace_back(jump_offset, bits);
164 prevopcode = Instruction::JUMP;
165 } else if (opcode == Instruction::MATCH) {
166 uint32_t match = DecodeMatch(pos, endpos);
167 if (match == INVALID) return false; // Match bits straddle EOF
168 int matchlen = CountBits(match) - 1;
169 if (prevopcode != Instruction::MATCH) had_incomplete_match = false;
170 if (matchlen < 8 && had_incomplete_match) return false; // Within a sequence of matches only at most one should be incomplete
171 had_incomplete_match = (matchlen < 8);
172 if (bits < matchlen) return false; // Consuming bits past the end of the input
173 bits -= matchlen;
174 prevopcode = Instruction::MATCH;
175 } else if (opcode == Instruction::DEFAULT) {
176 if (prevopcode == Instruction::DEFAULT) return false; // There should not be two successive DEFAULTs (they could be combined into one)
177 uint32_t asn = DecodeASN(pos, endpos);
178 if (asn == INVALID) return false; // ASN straddles EOF
179 prevopcode = Instruction::DEFAULT;
180 } else {
181 return false; // Instruction straddles EOF
182 }
183 }
184 return false; // Reached EOF without RETURN instruction
185 }
186