0

I am trying to define a struct and trying to perform XOR encryption on it using a key of 2 bytes.

static __always_inline long int encrypt_decrypt(struct ipv6_destopt_pdmv2_unencrypted *pdm)
{
    // xor all fields after flip bit with a key of size 2 bytes
    __u16 key = 0x1234;
    __u32 key1 = key << 16 | key;
    // get first 8 bits of key
    __u8 key2 = key >> 8;
    __u8 key3 = key & 0xFF;
    example_struct->a = example_struct->a ^ key2;
    example_struct->b = example_struct->b ^ key3;
    example_struct->c = example_struct->c ^ key1;
    example_struct->d = example_struct->d ^ key;
    example_struct->e = example_struct->e ^ key;
    example_struct->f = example_struct->f ^ key;
    example_struct->g = example_struct->g ^ key;
    return 0;
}

The struct example_struct is given by,

struct example_struct
{
    __u8 u;
    __u8 v;
    __u16 x;
    __u16 y;
    // following fields are encrypted
    __u8 a;
    __u8 b;
    __u32 c;
    __u16 d;
    __u16 e;
    __u16 f;
    __u16 g;
    __uint128_t more_stuff_1;

    __u8 more_stuff_2; 
    __u8 more_stuff_3; 
};

When I comment out the line example_struct->a = example_struct->a ^ key2;, the verifier does not throw any error, but when I include this one line, the verifier throws the error processed 1000001 instructions, bpf program too large. The number of instructions it shows when it throws this error in the bpf program itself is 534. Why is this happening?

imawful
  • 69
  • 5
  • 3
    Corresponding to [this Q&A](https://stackoverflow.com/questions/70147464/program-too-large-threshold-greater-than-actual-instruction-count), the remaining instructions are rejected. That's why the number of processed instructions is much bigger than the actual instructions. – Ivan Venkov Jan 31 '23 at 18:40
  • I don't understand how the verifier works so I don't know how to fix this problem. I realize that the program is too complex so the number of instructions taken to process exceeds 1 million, but I don't know how that one line of code makes all that difference because I don't get the same error when I just don't modify that one member of example_struct. Whenever I try to modify that one member, be it xor or addition or any other operation, I get this error. Any ideas on how to fix this? – imawful Feb 01 '23 at 08:20
  • 1
    Sounds like your program is just on the edge of being to complex, when you add the line you trigger the complexity error, but it doesn't have anything to do with that specific line. Complexity is increased because of branches in your code like if statements and loops, reducing the possible iteration count, exiting earlier or breaking your program into multiple with tail calls are techniques to look into to reduce complexity. But its hard to give an exact answer without the full sources. – Dylan Reimerink Feb 01 '23 at 08:33
  • Yeah I'll definitely look into breaking my program using tail calls. As for if conditions and for loops, there are only a few if conditions and no loops, so I am not sure where the complexity is coming from. Then again, I am not sure how the verifier decides the program is complex, so I need to look into that also. Anyway, thanks for the help! – imawful Feb 02 '23 at 14:29

0 Answers0