Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 287b64ee10
Branches Tags
tor
/
src
/
test
/
test-memwipe.c

test-memwipe.c 5.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217 
  1. /* Copyright (c) 2015-2018, The Tor Project, Inc. */
    2. 

  2. /* See LICENSE for licensing information */
    3. 

  3. 

  4. #include "orconfig.h"
    5. 

  5. #include <string.h>
    6. 

  6. #include <stdio.h>
    7. 

  7. #include <sys/types.h>
    8. 

  8. #include <stdlib.h>
    9. 

  9. 

  10. #include "lib/crypt_ops/crypto_util.h"
    11. 

  11. #include "common/util.h"
    12. 

  12. 

  13. static unsigned fill_a_buffer_memset(void) __attribute__((noinline));
    14. 

  14. static unsigned fill_a_buffer_memwipe(void) __attribute__((noinline));
    15. 

  15. static unsigned fill_a_buffer_nothing(void) __attribute__((noinline));
    16. 

  16. static unsigned fill_heap_buffer_memset(void) __attribute__((noinline));
    17. 

  17. static unsigned fill_heap_buffer_memwipe(void) __attribute__((noinline));
    18. 

  18. static unsigned fill_heap_buffer_nothing(void) __attribute__((noinline));
    19. 

  19. static unsigned check_a_buffer(void) __attribute__((noinline));
    20. 

  20. 

  21. extern const char *s; /* Make the linkage global */
    22. 

  22. const char *s = NULL;
    23. 

  23. 

  24. #define BUF_LEN 2048
    25. 

  25. 

  26. #define FILL_BUFFER_IMPL()                                              \
    27. 

  27.   unsigned int i;                                                       \
    28. 

  28.   unsigned sum = 0;                                                     \
    29. 

  29.                                                                         \
    30. 

  30.   /* Fill up a 1k buffer with a recognizable pattern. */                \
    31. 

  31.   for (i = 0; i < BUF_LEN; i += strlen(s)) {                            \
    32. 

  32.     memcpy(buf+i, s, MIN(strlen(s), BUF_LEN-i));                        \
    33. 

  33.   }                                                                     \
    34. 

  34.                                                                         \
    35. 

  35.   /* Use the buffer as input to a computation so the above can't get */ \
    36. 

  36.   /* optimized away. */                                                 \
    37. 

  37.   for (i = 0; i < BUF_LEN; ++i) {                                       \
    38. 

  38.     sum += (unsigned char)buf[i];                                       \
    39. 

  39.   }
    40. 

  40. 

  41. #ifdef OpenBSD
    42. 

  42. /* Disable some of OpenBSD's malloc protections for this test. This helps
    43. 

  43.  * us do bad things, such as access freed buffers, without crashing. */
    44. 

  44. const char *malloc_options="sufjj";
    45. 

  45. #endif
    46. 

  46. 

  47. static unsigned
    48. 

  48. fill_a_buffer_memset(void)
    49. 

  49. {
    50. 

  50.   char buf[BUF_LEN];
    51. 

  51.   FILL_BUFFER_IMPL()
    52. 

  52.   memset(buf, 0, sizeof(buf));
    53. 

  53.   return sum;
    54. 

  54. }
    55. 

  55. 

  56. static unsigned
    57. 

  57. fill_a_buffer_memwipe(void)
    58. 

  58. {
    59. 

  59.   char buf[BUF_LEN];
    60. 

  60.   FILL_BUFFER_IMPL()
    61. 

  61.   memwipe(buf, 0, sizeof(buf));
    62. 

  62.   return sum;
    63. 

  63. }
    64. 

  64. 

  65. static unsigned
    66. 

  66. fill_a_buffer_nothing(void)
    67. 

  67. {
    68. 

  68.   char buf[BUF_LEN];
    69. 

  69.   FILL_BUFFER_IMPL()
    70. 

  70.   return sum;
    71. 

  71. }
    72. 

  72. 

  73. static inline int
    74. 

  74. vmemeq(volatile char *a, const char *b, size_t n)
    75. 

  75. {
    76. 

  76.   while (n--) {
    77. 

  77.     if (*a++ != *b++)
    78. 

  78.       return 0;
    79. 

  79.   }
    80. 

  80.   return 1;
    81. 

  81. }
    82. 

  82. 

  83. static unsigned
    84. 

  84. check_a_buffer(void)
    85. 

  85. {
    86. 

  86.   unsigned int i;
    87. 

  87.   volatile char buf[BUF_LEN];
    88. 

  88.   unsigned sum = 0;
    89. 

  89. 

  90.   /* See if this buffer has the string in it.
    91. 

  91. 

  92.      YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM AN UNINITIALIZED
    93. 

  93.      BUFFER.
    94. 

  94. 

  95.      If you know a better way to figure out whether the compiler eliminated
    96. 

  96.      the memset/memwipe calls or not, please let me know.
    97. 

  97.    */
    98. 

  98.   for (i = 0; i < BUF_LEN - strlen(s); ++i) {
    99. 

  99.     if (vmemeq(buf+i, s, strlen(s)))
    100. 

  100.       ++sum;
    101. 

  101.   }
    102. 

  102. 

  103.   return sum;
    104. 

  104. }
    105. 

  105. 

  106. static char *heap_buf = NULL;
    107. 

  107. 

  108. static unsigned
    109. 

  109. fill_heap_buffer_memset(void)
    110. 

  110. {
    111. 

  111.   char *buf = heap_buf = raw_malloc(BUF_LEN);
    112. 

  112.   FILL_BUFFER_IMPL()
    113. 

  113.   memset(buf, 0, BUF_LEN);
    114. 

  114.   raw_free(buf);
    115. 

  115.   return sum;
    116. 

  116. }
    117. 

  117. 

  118. static unsigned
    119. 

  119. fill_heap_buffer_memwipe(void)
    120. 

  120. {
    121. 

  121.   char *buf = heap_buf = raw_malloc(BUF_LEN);
    122. 

  122.   FILL_BUFFER_IMPL()
    123. 

  123.   memwipe(buf, 0, BUF_LEN);
    124. 

  124.   raw_free(buf);
    125. 

  125.   return sum;
    126. 

  126. }
    127. 

  127. 

  128. static unsigned
    129. 

  129. fill_heap_buffer_nothing(void)
    130. 

  130. {
    131. 

  131.   char *buf = heap_buf = raw_malloc(BUF_LEN);
    132. 

  132.   FILL_BUFFER_IMPL()
    133. 

  133.   raw_free(buf);
    134. 

  134.   return sum;
    135. 

  135. }
    136. 

  136. 

  137. static unsigned
    138. 

  138. check_heap_buffer(void)
    139. 

  139. {
    140. 

  140.   unsigned int i;
    141. 

  141.   unsigned sum = 0;
    142. 

  142.   volatile char *buf = heap_buf;
    143. 

  143. 

  144.   /* See if this buffer has the string in it.
    145. 

  145. 

  146.      YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM A FREED BUFFER.
    147. 

  147. 

  148.      If you know a better way to figure out whether the compiler eliminated
    149. 

  149.      the memset/memwipe calls or not, please let me know.
    150. 

  150.    */
    151. 

  151.   for (i = 0; i < BUF_LEN - strlen(s); ++i) {
    152. 

  152.     if (vmemeq(buf+i, s, strlen(s)))
    153. 

  153.       ++sum;
    154. 

  154.   }
    155. 

  155. 

  156.   return sum;
    157. 

  157. }
    158. 

  158. 

  159. static struct testcase {
    160. 

  160.   const char *name;
    161. 

  161.   /* this spacing satisfies make check-spaces */
    162. 

  162.   unsigned
    163. 

  163.     (*fill_fn)(void);
    164. 

  164.   unsigned
    165. 

  165.     (*check_fn)(void);
    166. 

  166. } testcases[] = {
    167. 

  167.   { "nil", fill_a_buffer_nothing, check_a_buffer },
    168. 

  168.   { "nil-heap", fill_heap_buffer_nothing, check_heap_buffer },
    169. 

  169.   { "memset", fill_a_buffer_memset, check_a_buffer },
    170. 

  170.   { "memset-heap", fill_heap_buffer_memset, check_heap_buffer },
    171. 

  171.   { "memwipe", fill_a_buffer_memwipe, check_a_buffer },
    172. 

  172.   { "memwipe-heap", fill_heap_buffer_memwipe, check_heap_buffer },
    173. 

  173.   { NULL, NULL, NULL }
    174. 

  174. };
    175. 

  175. 

  176. int
    177. 

  177. main(int argc, char **argv)
    178. 

  178. {
    179. 

  179.   unsigned x, x2;
    180. 

  180.   int i;
    181. 

  181.   int working = 1;
    182. 

  182.   unsigned found[6];
    183. 

  183.   (void) argc; (void) argv;
    184. 

  184. 

  185.   s = "squamous haberdasher gallimaufry";
    186. 

  186. 

  187.   memset(found, 0, sizeof(found));
    188. 

  188. 

  189.   for (i = 0; testcases[i].name; ++i) {
    190. 

  190.     x = testcases[i].fill_fn();
    191. 

  191.     found[i] = testcases[i].check_fn();
    192. 

  192. 

  193.     x2 = fill_a_buffer_nothing();
    194. 

  194. 

  195.     if (x != x2) {
    196. 

  196.       working = 0;
    197. 

  197.     }
    198. 

  198.   }
    199. 

  199. 

  200.   if (!working || !found[0] || !found[1]) {
    201. 

  201.     printf("It appears that this test case may not give you reliable "
    202. 

  202.            "information. Sorry.\n");
    203. 

  203.   }
    204. 

  204. 

  205.   if (!found[2] && !found[3]) {
    206. 

  206.     printf("It appears that memset is good enough on this platform. Good.\n");
    207. 

  207.   }
    208. 

  208. 

  209.   if (found[4] || found[5]) {
    210. 

  210.     printf("ERROR: memwipe does not wipe data!\n");
    211. 

  211.     return 1;
    212. 

  212.   } else {
    213. 

  213.     printf("OKAY: memwipe seems to work.\n");
    214. 

  214.     return 0;
    215. 

  215.   }
    216. 

  216. }
    217. 

  217.