Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 389bae0e8b
Branches Tags
tor
/
src
/
test
/
test-memwipe.c

test-memwipe.c 5.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218 
  1. /* Copyright (c) 2015-2018, The Tor Project, Inc. */
    2. 

  2. /* See LICENSE for licensing information */
    3. 

  3. 

  4. #include "orconfig.h"
    5. 

  5. #include "lib/crypt_ops/crypto_util.h"
    6. 

  6. 

  7. #include "lib/intmath/cmp.h"
    8. 

  8. #include "lib/malloc/malloc.h"
    9. 

  9. 

  10. #include <string.h>
    11. 

  11. #include <stdio.h>
    12. 

  12. #include <sys/types.h>
    13. 

  13. #include <stdlib.h>
    14. 

  14. 

  15. static unsigned fill_a_buffer_memset(void) __attribute__((noinline));
    16. 

  16. static unsigned fill_a_buffer_memwipe(void) __attribute__((noinline));
    17. 

  17. static unsigned fill_a_buffer_nothing(void) __attribute__((noinline));
    18. 

  18. static unsigned fill_heap_buffer_memset(void) __attribute__((noinline));
    19. 

  19. static unsigned fill_heap_buffer_memwipe(void) __attribute__((noinline));
    20. 

  20. static unsigned fill_heap_buffer_nothing(void) __attribute__((noinline));
    21. 

  21. static unsigned check_a_buffer(void) __attribute__((noinline));
    22. 

  22. 

  23. extern const char *s; /* Make the linkage global */
    24. 

  24. const char *s = NULL;
    25. 

  25. 

  26. #define BUF_LEN 2048
    27. 

  27. 

  28. #define FILL_BUFFER_IMPL()                                              \
    29. 

  29.   unsigned int i;                                                       \
    30. 

  30.   unsigned sum = 0;                                                     \
    31. 

  31.                                                                         \
    32. 

  32.   /* Fill up a 1k buffer with a recognizable pattern. */                \
    33. 

  33.   for (i = 0; i < BUF_LEN; i += strlen(s)) {                            \
    34. 

  34.     memcpy(buf+i, s, MIN(strlen(s), BUF_LEN-i));                        \
    35. 

  35.   }                                                                     \
    36. 

  36.                                                                         \
    37. 

  37.   /* Use the buffer as input to a computation so the above can't get */ \
    38. 

  38.   /* optimized away. */                                                 \
    39. 

  39.   for (i = 0; i < BUF_LEN; ++i) {                                       \
    40. 

  40.     sum += (unsigned char)buf[i];                                       \
    41. 

  41.   }
    42. 

  42. 

  43. #ifdef OpenBSD
    44. 

  44. /* Disable some of OpenBSD's malloc protections for this test. This helps
    45. 

  45.  * us do bad things, such as access freed buffers, without crashing. */
    46. 

  46. const char *malloc_options="sufjj";
    47. 

  47. #endif
    48. 

  48. 

  49. static unsigned
    50. 

  50. fill_a_buffer_memset(void)
    51. 

  51. {
    52. 

  52.   char buf[BUF_LEN];
    53. 

  53.   FILL_BUFFER_IMPL()
    54. 

  54.   memset(buf, 0, sizeof(buf));
    55. 

  55.   return sum;
    56. 

  56. }
    57. 

  57. 

  58. static unsigned
    59. 

  59. fill_a_buffer_memwipe(void)
    60. 

  60. {
    61. 

  61.   char buf[BUF_LEN];
    62. 

  62.   FILL_BUFFER_IMPL()
    63. 

  63.   memwipe(buf, 0, sizeof(buf));
    64. 

  64.   return sum;
    65. 

  65. }
    66. 

  66. 

  67. static unsigned
    68. 

  68. fill_a_buffer_nothing(void)
    69. 

  69. {
    70. 

  70.   char buf[BUF_LEN];
    71. 

  71.   FILL_BUFFER_IMPL()
    72. 

  72.   return sum;
    73. 

  73. }
    74. 

  74. 

  75. static inline int
    76. 

  76. vmemeq(volatile char *a, const char *b, size_t n)
    77. 

  77. {
    78. 

  78.   while (n--) {
    79. 

  79.     if (*a++ != *b++)
    80. 

  80.       return 0;
    81. 

  81.   }
    82. 

  82.   return 1;
    83. 

  83. }
    84. 

  84. 

  85. static unsigned
    86. 

  86. check_a_buffer(void)
    87. 

  87. {
    88. 

  88.   unsigned int i;
    89. 

  89.   volatile char buf[BUF_LEN];
    90. 

  90.   unsigned sum = 0;
    91. 

  91. 

  92.   /* See if this buffer has the string in it.
    93. 

  93. 

  94.      YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM AN UNINITIALIZED
    95. 

  95.      BUFFER.
    96. 

  96. 

  97.      If you know a better way to figure out whether the compiler eliminated
    98. 

  98.      the memset/memwipe calls or not, please let me know.
    99. 

  99.    */
    100. 

  100.   for (i = 0; i < BUF_LEN - strlen(s); ++i) {
    101. 

  101.     if (vmemeq(buf+i, s, strlen(s)))
    102. 

  102.       ++sum;
    103. 

  103.   }
    104. 

  104. 

  105.   return sum;
    106. 

  106. }
    107. 

  107. 

  108. static char *heap_buf = NULL;
    109. 

  109. 

  110. static unsigned
    111. 

  111. fill_heap_buffer_memset(void)
    112. 

  112. {
    113. 

  113.   char *buf = heap_buf = raw_malloc(BUF_LEN);
    114. 

  114.   FILL_BUFFER_IMPL()
    115. 

  115.   memset(buf, 0, BUF_LEN);
    116. 

  116.   raw_free(buf);
    117. 

  117.   return sum;
    118. 

  118. }
    119. 

  119. 

  120. static unsigned
    121. 

  121. fill_heap_buffer_memwipe(void)
    122. 

  122. {
    123. 

  123.   char *buf = heap_buf = raw_malloc(BUF_LEN);
    124. 

  124.   FILL_BUFFER_IMPL()
    125. 

  125.   memwipe(buf, 0, BUF_LEN);
    126. 

  126.   raw_free(buf);
    127. 

  127.   return sum;
    128. 

  128. }
    129. 

  129. 

  130. static unsigned
    131. 

  131. fill_heap_buffer_nothing(void)
    132. 

  132. {
    133. 

  133.   char *buf = heap_buf = raw_malloc(BUF_LEN);
    134. 

  134.   FILL_BUFFER_IMPL()
    135. 

  135.   raw_free(buf);
    136. 

  136.   return sum;
    137. 

  137. }
    138. 

  138. 

  139. static unsigned
    140. 

  140. check_heap_buffer(void)
    141. 

  141. {
    142. 

  142.   unsigned int i;
    143. 

  143.   unsigned sum = 0;
    144. 

  144.   volatile char *buf = heap_buf;
    145. 

  145. 

  146.   /* See if this buffer has the string in it.
    147. 

  147. 

  148.      YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM A FREED BUFFER.
    149. 

  149. 

  150.      If you know a better way to figure out whether the compiler eliminated
    151. 

  151.      the memset/memwipe calls or not, please let me know.
    152. 

  152.    */
    153. 

  153.   for (i = 0; i < BUF_LEN - strlen(s); ++i) {
    154. 

  154.     if (vmemeq(buf+i, s, strlen(s)))
    155. 

  155.       ++sum;
    156. 

  156.   }
    157. 

  157. 

  158.   return sum;
    159. 

  159. }
    160. 

  160. 

  161. static struct testcase {
    162. 

  162.   const char *name;
    163. 

  163.   /* this spacing satisfies make check-spaces */
    164. 

  164.   unsigned
    165. 

  165.     (*fill_fn)(void);
    166. 

  166.   unsigned
    167. 

  167.     (*check_fn)(void);
    168. 

  168. } testcases[] = {
    169. 

  169.   { "nil", fill_a_buffer_nothing, check_a_buffer },
    170. 

  170.   { "nil-heap", fill_heap_buffer_nothing, check_heap_buffer },
    171. 

  171.   { "memset", fill_a_buffer_memset, check_a_buffer },
    172. 

  172.   { "memset-heap", fill_heap_buffer_memset, check_heap_buffer },
    173. 

  173.   { "memwipe", fill_a_buffer_memwipe, check_a_buffer },
    174. 

  174.   { "memwipe-heap", fill_heap_buffer_memwipe, check_heap_buffer },
    175. 

  175.   { NULL, NULL, NULL }
    176. 

  176. };
    177. 

  177. 

  178. int
    179. 

  179. main(int argc, char **argv)
    180. 

  180. {
    181. 

  181.   unsigned x, x2;
    182. 

  182.   int i;
    183. 

  183.   int working = 1;
    184. 

  184.   unsigned found[6];
    185. 

  185.   (void) argc; (void) argv;
    186. 

  186. 

  187.   s = "squamous haberdasher gallimaufry";
    188. 

  188. 

  189.   memset(found, 0, sizeof(found));
    190. 

  190. 

  191.   for (i = 0; testcases[i].name; ++i) {
    192. 

  192.     x = testcases[i].fill_fn();
    193. 

  193.     found[i] = testcases[i].check_fn();
    194. 

  194. 

  195.     x2 = fill_a_buffer_nothing();
    196. 

  196. 

  197.     if (x != x2) {
    198. 

  198.       working = 0;
    199. 

  199.     }
    200. 

  200.   }
    201. 

  201. 

  202.   if (!working || !found[0] || !found[1]) {
    203. 

  203.     printf("It appears that this test case may not give you reliable "
    204. 

  204.            "information. Sorry.\n");
    205. 

  205.   }
    206. 

  206. 

  207.   if (!found[2] && !found[3]) {
    208. 

  208.     printf("It appears that memset is good enough on this platform. Good.\n");
    209. 

  209.   }
    210. 

  210. 

  211.   if (found[4] || found[5]) {
    212. 

  212.     printf("ERROR: memwipe does not wipe data!\n");
    213. 

  213.     return 1;
    214. 

  214.   } else {
    215. 

  215.     printf("OKAY: memwipe seems to work.\n");
    216. 

  216.     return 0;
    217. 

  217.   }
    218. 

  218. }
    219.