Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 08d1ac4f2a
Branches Tags
tor
/
src
/
test
/
test-memwipe.c

test-memwipe.c 5.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214 
  1. #include <string.h>
    2. 

  2. #include <stdio.h>
    3. 

  3. #include <sys/types.h>
    4. 

  4. #include <stdlib.h>
    5. 

  5. 

  6. #include "crypto.h"
    7. 

  7. #include "compat.h"
    8. 

  8. #include "util.h"
    9. 

  9. 

  10. static unsigned fill_a_buffer_memset(void) __attribute__((noinline));
    11. 

  11. static unsigned fill_a_buffer_memwipe(void) __attribute__((noinline));
    12. 

  12. static unsigned fill_a_buffer_nothing(void) __attribute__((noinline));
    13. 

  13. static unsigned fill_heap_buffer_memset(void) __attribute__((noinline));
    14. 

  14. static unsigned fill_heap_buffer_memwipe(void) __attribute__((noinline));
    15. 

  15. static unsigned fill_heap_buffer_nothing(void) __attribute__((noinline));
    16. 

  16. static unsigned check_a_buffer(void) __attribute__((noinline));
    17. 

  17. 

  18. extern const char *s; /* Make the linkage global */
    19. 

  19. const char *s = NULL;
    20. 

  20. 

  21. #define BUF_LEN 2048
    22. 

  22. 

  23. #define FILL_BUFFER_IMPL()                                              \
    24. 

  24.   unsigned int i;                                                       \
    25. 

  25.   unsigned sum = 0;                                                     \
    26. 

  26.                                                                         \
    27. 

  27.   /* Fill up a 1k buffer with a recognizable pattern. */                \
    28. 

  28.   for (i = 0; i < BUF_LEN; i += strlen(s)) {                            \
    29. 

  29.     memcpy(buf+i, s, MIN(strlen(s), BUF_LEN-i));                        \
    30. 

  30.   }                                                                     \
    31. 

  31.                                                                         \
    32. 

  32.   /* Use the buffer as input to a computation so the above can't get */ \
    33. 

  33.   /* optimized away. */                                                 \
    34. 

  34.   for (i = 0; i < BUF_LEN; ++i) {                                       \
    35. 

  35.     sum += (unsigned char)buf[i];                                       \
    36. 

  36.   }
    37. 

  37. 

  38. #ifdef __OpenBSD__
    39. 

  39. /* Disable some of OpenBSD's malloc protections for this test. This helps
    40. 

  40.  * us do bad things, such as access freed buffers, without crashing. */
    41. 

  41. const char *malloc_options="sufjj";
    42. 

  42. #endif
    43. 

  43. 

  44. static unsigned
    45. 

  45. fill_a_buffer_memset(void)
    46. 

  46. {
    47. 

  47.   char buf[BUF_LEN];
    48. 

  48.   FILL_BUFFER_IMPL()
    49. 

  49.   memset(buf, 0, sizeof(buf));
    50. 

  50.   return sum;
    51. 

  51. }
    52. 

  52. 

  53. static unsigned
    54. 

  54. fill_a_buffer_memwipe(void)
    55. 

  55. {
    56. 

  56.   char buf[BUF_LEN];
    57. 

  57.   FILL_BUFFER_IMPL()
    58. 

  58.   memwipe(buf, 0, sizeof(buf));
    59. 

  59.   return sum;
    60. 

  60. }
    61. 

  61. 

  62. static unsigned
    63. 

  63. fill_a_buffer_nothing(void)
    64. 

  64. {
    65. 

  65.   char buf[BUF_LEN];
    66. 

  66.   FILL_BUFFER_IMPL()
    67. 

  67.   return sum;
    68. 

  68. }
    69. 

  69. 

  70. static inline int
    71. 

  71. vmemeq(volatile char *a, const char *b, size_t n)
    72. 

  72. {
    73. 

  73.   while (n--) {
    74. 

  74.     if (*a++ != *b++)
    75. 

  75.       return 0;
    76. 

  76.   }
    77. 

  77.   return 1;
    78. 

  78. }
    79. 

  79. 

  80. static unsigned
    81. 

  81. check_a_buffer(void)
    82. 

  82. {
    83. 

  83.   unsigned int i;
    84. 

  84.   volatile char buf[1024];
    85. 

  85.   unsigned sum = 0;
    86. 

  86. 

  87.   /* See if this buffer has the string in it.
    88. 

  88. 

  89.      YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM AN UNINITIALIZED
    90. 

  90.      BUFFER.
    91. 

  91. 

  92.      If you know a better way to figure out whether the compiler eliminated
    93. 

  93.      the memset/memwipe calls or not, please let me know.
    94. 

  94.    */
    95. 

  95.   for (i = 0; i < BUF_LEN - strlen(s); ++i) {
    96. 

  96.     if (vmemeq(buf+i, s, strlen(s)))
    97. 

  97.       ++sum;
    98. 

  98.   }
    99. 

  99. 

  100.   return sum;
    101. 

  101. }
    102. 

  102. 

  103. static char *heap_buf = NULL;
    104. 

  104. 

  105. static unsigned
    106. 

  106. fill_heap_buffer_memset(void)
    107. 

  107. {
    108. 

  108.   char *buf = heap_buf = raw_malloc(BUF_LEN);
    109. 

  109.   FILL_BUFFER_IMPL()
    110. 

  110.   memset(buf, 0, BUF_LEN);
    111. 

  111.   raw_free(buf);
    112. 

  112.   return sum;
    113. 

  113. }
    114. 

  114. 

  115. static unsigned
    116. 

  116. fill_heap_buffer_memwipe(void)
    117. 

  117. {
    118. 

  118.   char *buf = heap_buf = raw_malloc(BUF_LEN);
    119. 

  119.   FILL_BUFFER_IMPL()
    120. 

  120.   memwipe(buf, 0, BUF_LEN);
    121. 

  121.   raw_free(buf);
    122. 

  122.   return sum;
    123. 

  123. }
    124. 

  124. 

  125. static unsigned
    126. 

  126. fill_heap_buffer_nothing(void)
    127. 

  127. {
    128. 

  128.   char *buf = heap_buf = raw_malloc(BUF_LEN);
    129. 

  129.   FILL_BUFFER_IMPL()
    130. 

  130.   raw_free(buf);
    131. 

  131.   return sum;
    132. 

  132. }
    133. 

  133. 

  134. static unsigned
    135. 

  135. check_heap_buffer(void)
    136. 

  136. {
    137. 

  137.   unsigned int i;
    138. 

  138.   unsigned sum = 0;
    139. 

  139.   volatile char *buf = heap_buf;
    140. 

  140. 

  141.   /* See if this buffer has the string in it.
    142. 

  142. 

  143.      YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM A FREED BUFFER.
    144. 

  144. 

  145.      If you know a better way to figure out whether the compiler eliminated
    146. 

  146.      the memset/memwipe calls or not, please let me know.
    147. 

  147.    */
    148. 

  148.   for (i = 0; i < BUF_LEN - strlen(s); ++i) {
    149. 

  149.     if (vmemeq(buf+i, s, strlen(s)))
    150. 

  150.       ++sum;
    151. 

  151.   }
    152. 

  152. 

  153.   return sum;
    154. 

  154. }
    155. 

  155. 

  156. static struct testcase {
    157. 

  157.   const char *name;
    158. 

  158.   /* this spacing satisfies make check-spaces */
    159. 

  159.   unsigned
    160. 

  160.     (*fill_fn)(void);
    161. 

  161.   unsigned
    162. 

  162.     (*check_fn)(void);
    163. 

  163. } testcases[] = {
    164. 

  164.   { "nil", fill_a_buffer_nothing, check_a_buffer },
    165. 

  165.   { "nil-heap", fill_heap_buffer_nothing, check_heap_buffer },
    166. 

  166.   { "memset", fill_a_buffer_memset, check_a_buffer },
    167. 

  167.   { "memset-heap", fill_heap_buffer_memset, check_heap_buffer },
    168. 

  168.   { "memwipe", fill_a_buffer_memwipe, check_a_buffer },
    169. 

  169.   { "memwipe-heap", fill_heap_buffer_memwipe, check_heap_buffer },
    170. 

  170.   { NULL, NULL, NULL }
    171. 

  171. };
    172. 

  172. 

  173. int
    174. 

  174. main(int argc, char **argv)
    175. 

  175. {
    176. 

  176.   unsigned x, x2;
    177. 

  177.   int i;
    178. 

  178.   int working = 1;
    179. 

  179.   unsigned found[6];
    180. 

  180.   (void) argc; (void) argv;
    181. 

  181. 

  182.   s = "squamous haberdasher gallimaufry";
    183. 

  183. 

  184.   memset(found, 0, sizeof(found));
    185. 

  185. 

  186.   for (i = 0; testcases[i].name; ++i) {
    187. 

  187.     x = testcases[i].fill_fn();
    188. 

  188.     found[i] = testcases[i].check_fn();
    189. 

  189. 

  190.     x2 = fill_a_buffer_nothing();
    191. 

  191. 

  192.     if (x != x2) {
    193. 

  193.       working = 0;
    194. 

  194.     }
    195. 

  195.   }
    196. 

  196. 

  197.   if (!working || !found[0] || !found[1]) {
    198. 

  198.     printf("It appears that this test case may not give you reliable "
    199. 

  199.            "information. Sorry.\n");
    200. 

  200.   }
    201. 

  201. 

  202.   if (!found[2] && !found[3]) {
    203. 

  203.     printf("It appears that memset is good enough on this platform. Good.\n");
    204. 

  204.   }
    205. 

  205. 

  206.   if (found[4] || found[5]) {
    207. 

  207.     printf("ERROR: memwipe does not wipe data!\n");
    208. 

  208.     return 1;
    209. 

  209.   } else {
    210. 

  210.     printf("OKAY: memwipe seems to work.\n");
    211. 

  211.     return 0;
    212. 

  212.   }
    213. 

  213. }
    214. 

  214.