models: added crc16 and crc32

Signed-off-by: Vitaly Chipounov <[email protected]>

common/include/s2e/function_models/commands.h

@@ -49,6 +49,8 @@ enum S2E_LIBCWRAPPER_COMMANDS {
     LIBCWRAPPER_MEMCMP,
     LIBCWRAPPER_STRCAT,
     LIBCWRAPPER_STRNCAT,
+
+    WRAPPER_CRC,
 };
 
 struct S2E_LIBCWRAPPER_COMMAND_STRCPY {
@@ -109,6 +111,18 @@ struct S2E_LIBCWRAPPER_COMMAND_STRNCAT {
     uint64_t ret;
 } __attribute__((packed));
 
+enum S2E_WRAPPER_CRC_TYPE { S2E_WRAPPER_CRC16, S2E_WRAPPER_CRC32 };
+
+struct S2E_WRAPPER_COMMAND_CRC {
+    enum S2E_WRAPPER_CRC_TYPE type;
+    // Pointer to the initial CRC value
+    uint64_t initial_value_ptr;
+    uint64_t xor_result;
+    uint64_t buffer;
+    uint64_t size;
+    uint64_t ret;
+} __attribute__((packed));
+
 struct S2E_LIBCWRAPPER_COMMAND {
     enum S2E_LIBCWRAPPER_COMMANDS Command;
     union {
@@ -121,6 +135,7 @@ struct S2E_LIBCWRAPPER_COMMAND {
         struct S2E_LIBCWRAPPER_COMMAND_MEMCMP Memcmp;
         struct S2E_LIBCWRAPPER_COMMAND_STRCAT Strcat;
         struct S2E_LIBCWRAPPER_COMMAND_STRNCAT Strncat;
+        struct S2E_WRAPPER_COMMAND_CRC Crc;
     };
     uint64_t needOrigFunc;
 } __attribute__((packed));

common/include/s2e/function_models/models.h

@@ -30,6 +30,7 @@
 #ifndef S2E_FUNCTION_MODELS_H
 #define S2E_FUNCTION_MODELS_H
 
+#include <inttypes.h>
 #include <stdio.h>
 
 // TODO replace this with a stack frame bound, check for mapped memory page, ...
@@ -52,6 +53,9 @@ typedef int (*T_fprintf)(FILE *stream, const char *format, ...);
 typedef char *(*T_strcat)(char *dest, const char *src);
 typedef char *(*T_strncat)(char *dest, const char *src, size_t n);
 
+typedef uint32_t (*T_crc32)(uint32_t crc, const uint8_t *buf, unsigned len);
+typedef uint16_t (*T_crc16)(uint16_t crc, const uint8_t *buf, unsigned len);
+
 extern T_strcpy orig_strcpy;
 extern T_strncpy orig_strncpy;
 extern T_strlen orig_strlen;
@@ -63,6 +67,8 @@ extern T_printf orig_printf;
 extern T_fprintf orig_fprintf;
 extern T_strcat orig_strcat;
 extern T_strncat orig_strncat;
+extern T_crc32 orig_crc32;
+extern T_crc16 orig_crc16;
 
 void initialize_models();
 
@@ -83,4 +89,7 @@ char *strncat_model(char *dest, const char *src, size_t n);
 int printf_model(const char *format, ...);
 int fprintf_model(FILE *stream, const char *format, ...);
 
+uint32_t crc32_model(uint32_t crc, const uint8_t *buf, unsigned len);
+uint16_t crc16_model(uint16_t crc, const uint8_t *buf, unsigned len);
+
 #endif

linux/function_models/models.c

@@ -41,6 +41,8 @@ T_printf orig_printf;
 T_fprintf orig_fprintf;
 T_strcat orig_strcat;
 T_strncat orig_strncat;
+T_crc32 orig_crc32;
+T_crc16 orig_crc16;
 
 // Save the original functions so we can use them if required
 void initialize_models() {
@@ -55,6 +57,9 @@ void initialize_models() {
     orig_fprintf = (T_fprintf) dlsym(RTLD_NEXT, "fprintf");
     orig_strcat = (T_strcat) dlsym(RTLD_NEXT, "strcat");
     orig_strncat = (T_strncat) dlsym(RTLD_NEXT, "strncat");
+
+    orig_crc32 = (T_crc32) dlsym(RTLD_NEXT, "crc32");
+    orig_crc16 = (T_crc16) dlsym(RTLD_NEXT, "crc16");
 }
 
 char *strcpy_model(char *dest, const char *src) {
@@ -364,3 +369,64 @@ int fprintf_model(FILE *stream, const char *format, ...) {
 
     return done;
 }
+
+///
+/// \brief crc32_model emulates the crc32 function in zlib
+/// \param crc the initial crc
+/// \param buf a pointer to the buffer
+/// \param len the length of the buffer
+/// \return the crc
+///
+uint32_t crc32_model(uint32_t crc, const uint8_t *buf, unsigned len) {
+    if (!buf) {
+        return 0;
+    }
+
+    struct S2E_LIBCWRAPPER_COMMAND cmd;
+
+    cmd.Command = WRAPPER_CRC;
+    cmd.Crc.initial_value_ptr = (uintptr_t) &crc;
+    cmd.Crc.buffer = (uintptr_t) buf;
+    cmd.Crc.size = len;
+    cmd.Crc.xor_result = 1;
+    cmd.Crc.type = S2E_WRAPPER_CRC32;
+    cmd.needOrigFunc = 1;
+
+    s2e_invoke_plugin("FunctionModels", &cmd, sizeof(cmd));
+
+    if (!cmd.needOrigFunc) {
+        return cmd.Crc.ret;
+    }
+
+    return (*orig_crc32)(crc, buf, len);
+}
+
+///
+/// \brief crc16_model emulates the crc32 function
+/// \param crc the initial crc
+/// \param buf a pointer to the buffer
+/// \param len the length of the buffer
+/// \return the crc
+///
+uint16_t crc16_model(uint16_t crc, const uint8_t *buf, unsigned len) {
+    if (!buf) {
+        return 0;
+    }
+
+    struct S2E_LIBCWRAPPER_COMMAND cmd;
+
+    cmd.Command = WRAPPER_CRC;
+    cmd.Crc.initial_value_ptr = (uintptr_t) &crc;
+    cmd.Crc.buffer = (uintptr_t) buf;
+    cmd.Crc.size = len;
+    cmd.Crc.type = S2E_WRAPPER_CRC16;
+    cmd.needOrigFunc = 1;
+
+    s2e_invoke_plugin("FunctionModels", &cmd, sizeof(cmd));
+
+    if (!cmd.needOrigFunc) {
+        return cmd.Crc.ret;
+    }
+
+    return (*orig_crc16)(crc, buf, len);
+}

linux/function_models/models_test.c

@@ -180,6 +180,30 @@ static void test_memcmp(const char *str1, unsigned str1_len) {
     validate_signs(res1, res2);
 }
 
+static void test_crc32(void) {
+    // Test empty buffer
+    uint32_t crc = crc32_model(0, NULL, 0);
+    s2e_assert(crc == 0);
+
+    const char *test = "test";
+    const uint32_t expected_crc = 0xd87f7e0c;
+    crc = crc32_model(crc, (const uint8_t *) test, strlen(test));
+    s2e_printf("actual crc: %#x expected: %#x\n", crc, expected_crc);
+    s2e_assert(crc == expected_crc);
+}
+
+static void test_crc16(void) {
+    // Test empty buffer
+    uint16_t crc = crc16_model(0, NULL, 0);
+    s2e_assert(crc == 0);
+
+    const char *test = "test";
+    const uint16_t expected_crc = 0xdc2e;
+    crc = crc16_model(crc, (const uint8_t *) test, strlen(test));
+    s2e_printf("actual crc: %#x expected: %#x\n", crc, expected_crc);
+    s2e_assert(crc == expected_crc);
+}
+
 int main(int argc, char *argv[]) {
     if (argc != 2) {
         s2e_printf("Usage: %s function_name\n", argv[0]);
@@ -212,6 +236,10 @@ int main(int argc, char *argv[]) {
         test_memcmp(src, src_length);
     } else if (!strcmp(argv[1], "strlen")) {
         test_strlen(src);
+    } else if (!strcmp(argv[1], "crc32")) {
+        test_crc32();
+    } else if (!strcmp(argv[1], "crc16")) {
+        test_crc16();
     } else {
         s2e_printf("Function %s is not supported!\n", argv[1]);
     }