caliptra-api: Use wrapping arithmetic for checksum calculation. (#1072)

This is necessary because it is possible to make verify_checksum() panic when compiled for debug:
chipsalliance · Nov 15, 2023 · 868a647 · 868a647
1 parent 8738d92
commit 868a647
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 6 deletions.
diff --git a/api/src/checksum.rs b/api/src/checksum.rs
@@ -2,29 +2,55 @@
 
 /// Verify checksum
 pub fn verify_checksum(checksum: i32, cmd: u32, data: &[u8]) -> bool {
-    calc_checksum(cmd, data) - checksum == 0
+    calc_checksum(cmd, data) == checksum
 }
 
 /// Calculate the checksum
 /// 0 - (SUM(command code bytes) + SUM(request/response bytes))
 pub fn calc_checksum(cmd: u32, data: &[u8]) -> i32 {
     let mut checksum = 0i32;
     for c in cmd.to_le_bytes().iter() {
-        checksum += *c as i32;
+        checksum = checksum.wrapping_add(*c as i32);
     }
     for d in data {
-        checksum += *d as i32;
+        checksum = checksum.wrapping_add(*d as i32);
     }
-
-    0 - checksum
+    0i32.wrapping_sub(checksum)
 }
 
 #[cfg(all(test, target_family = "unix"))]
 mod tests {
     use super::*;
 
+    #[test]
+    fn test_calc_checksum() {
+        assert_eq!(calc_checksum(0xe8dc3994, &[0x83, 0xe7, 0x25]), -1056);
+    }
+
+    #[test]
+    fn test_checksum_overflow() {
+        let data = vec![0xff; 16843007];
+        assert_eq!(calc_checksum(0xe8dc3994, &data), -146);
+        assert!(verify_checksum(-146, 0xe8dc3994, &data));
+    }
+
     #[test]
     fn test_verify_checksum() {
+        assert!(verify_checksum(-1056, 0xe8dc3994, &[0x83, 0xe7, 0x25]));
+        assert!(!verify_checksum(-1057, 0xe8dc3994, &[0x83, 0xe7, 0x25]));
+        assert!(!verify_checksum(-1055, 0xe8dc3994, &[0x83, 0xe7, 0x25]));
+
+        // subtraction overflow; would panic in debug mode if non-wrapping
+        // subtraction was used.
+        assert!(!verify_checksum(
+            2147483647,
+            0xe8dc3994,
+            &[0x83, 0xe7, 0x25]
+        ));
+    }
+
+    #[test]
+    fn test_round_trip() {
         let cmd = 0x00000001u32;
         let data = [0x00000000u32; 1];
         let checksum = calc_checksum(cmd, data[0].to_le_bytes().as_ref());

diff --git a/api/src/lib.rs b/api/src/lib.rs
@@ -1,6 +1,6 @@
 // Licensed under the Apache-2.0 license
 
-#![no_std]
+#![cfg_attr(not(test), no_std)]
 
 mod capabilities;
 mod checksum;