Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 497ed8ff45
Branches Tags
tor-parallel...
/
src
/
test
/
test-memwipe.c

test-memwipe.c 5.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223 
  1. /* Copyright (c) 2015-2019, The Tor Project, Inc. */
    2. 

  2. /* See LICENSE for licensing information */
    3. 

  3. 

  4. #include "orconfig.h"
    5. 

  5. #include "lib/crypt_ops/crypto_util.h"
    6. 

  6. 

  7. #include "lib/intmath/cmp.h"
    8. 

  8. #include "lib/malloc/malloc.h"
    9. 

  9. 

  10. #include <string.h>
    11. 

  11. #include <stdio.h>
    12. 

  12. #include <sys/types.h>
    13. 

  13. #include <stdlib.h>
    14. 

  14. 

  15. #ifdef HAVE_SYS_PARAM_H
    16. 

  16. #include <sys/param.h>
    17. 

  17. #endif
    18. 

  18. 

  19. static unsigned fill_a_buffer_memset(void) __attribute__((noinline));
    20. 

  20. static unsigned fill_a_buffer_memwipe(void) __attribute__((noinline));
    21. 

  21. static unsigned fill_a_buffer_nothing(void) __attribute__((noinline));
    22. 

  22. static unsigned fill_heap_buffer_memset(void) __attribute__((noinline));
    23. 

  23. static unsigned fill_heap_buffer_memwipe(void) __attribute__((noinline));
    24. 

  24. static unsigned fill_heap_buffer_nothing(void) __attribute__((noinline));
    25. 

  25. static unsigned check_a_buffer(void) __attribute__((noinline));
    26. 

  26. 

  27. extern const char *s; /* Make the linkage global */
    28. 

  28. const char *s = NULL;
    29. 

  29. 

  30. #define BUF_LEN 2048
    31. 

  31. 

  32. #define FILL_BUFFER_IMPL()                                              \
    33. 

  33.   unsigned int i;                                                       \
    34. 

  34.   unsigned sum = 0;                                                     \
    35. 

  35.                                                                         \
    36. 

  36.   /* Fill up a 1k buffer with a recognizable pattern. */                \
    37. 

  37.   for (i = 0; i < BUF_LEN; i += strlen(s)) {                            \
    38. 

  38.     memcpy(buf+i, s, MIN(strlen(s), BUF_LEN-i));                        \
    39. 

  39.   }                                                                     \
    40. 

  40.                                                                         \
    41. 

  41.   /* Use the buffer as input to a computation so the above can't get */ \
    42. 

  42.   /* optimized away. */                                                 \
    43. 

  43.   for (i = 0; i < BUF_LEN; ++i) {                                       \
    44. 

  44.     sum += (unsigned char)buf[i];                                       \
    45. 

  45.   }
    46. 

  46. 

  47. #ifdef OpenBSD
    48. 

  48. /* Disable some of OpenBSD's malloc protections for this test. This helps
    49. 

  49.  * us do bad things, such as access freed buffers, without crashing. */
    50. 

  50. extern const char *malloc_options;
    51. 

  51. const char *malloc_options = "sufjj";
    52. 

  52. #endif /* defined(OpenBSD) */
    53. 

  53. 

  54. static unsigned
    55. 

  55. fill_a_buffer_memset(void)
    56. 

  56. {
    57. 

  57.   char buf[BUF_LEN];
    58. 

  58.   FILL_BUFFER_IMPL()
    59. 

  59.   memset(buf, 0, sizeof(buf));
    60. 

  60.   return sum;
    61. 

  61. }
    62. 

  62. 

  63. static unsigned
    64. 

  64. fill_a_buffer_memwipe(void)
    65. 

  65. {
    66. 

  66.   char buf[BUF_LEN];
    67. 

  67.   FILL_BUFFER_IMPL()
    68. 

  68.   memwipe(buf, 0, sizeof(buf));
    69. 

  69.   return sum;
    70. 

  70. }
    71. 

  71. 

  72. static unsigned
    73. 

  73. fill_a_buffer_nothing(void)
    74. 

  74. {
    75. 

  75.   char buf[BUF_LEN];
    76. 

  76.   FILL_BUFFER_IMPL()
    77. 

  77.   return sum;
    78. 

  78. }
    79. 

  79. 

  80. static inline int
    81. 

  81. vmemeq(volatile char *a, const char *b, size_t n)
    82. 

  82. {
    83. 

  83.   while (n--) {
    84. 

  84.     if (*a++ != *b++)
    85. 

  85.       return 0;
    86. 

  86.   }
    87. 

  87.   return 1;
    88. 

  88. }
    89. 

  89. 

  90. static unsigned
    91. 

  91. check_a_buffer(void)
    92. 

  92. {
    93. 

  93.   unsigned int i;
    94. 

  94.   volatile char buf[BUF_LEN];
    95. 

  95.   unsigned sum = 0;
    96. 

  96. 

  97.   /* See if this buffer has the string in it.
    98. 

  98. 

  99.      YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM AN UNINITIALIZED
    100. 

  100.      BUFFER.
    101. 

  101. 

  102.      If you know a better way to figure out whether the compiler eliminated
    103. 

  103.      the memset/memwipe calls or not, please let me know.
    104. 

  104.    */
    105. 

  105.   for (i = 0; i < BUF_LEN - strlen(s); ++i) {
    106. 

  106.     if (vmemeq(buf+i, s, strlen(s)))
    107. 

  107.       ++sum;
    108. 

  108.   }
    109. 

  109. 

  110.   return sum;
    111. 

  111. }
    112. 

  112. 

  113. static char *heap_buf = NULL;
    114. 

  114. 

  115. static unsigned
    116. 

  116. fill_heap_buffer_memset(void)
    117. 

  117. {
    118. 

  118.   char *buf = heap_buf = raw_malloc(BUF_LEN);
    119. 

  119.   FILL_BUFFER_IMPL()
    120. 

  120.   memset(buf, 0, BUF_LEN);
    121. 

  121.   raw_free(buf);
    122. 

  122.   return sum;
    123. 

  123. }
    124. 

  124. 

  125. static unsigned
    126. 

  126. fill_heap_buffer_memwipe(void)
    127. 

  127. {
    128. 

  128.   char *buf = heap_buf = raw_malloc(BUF_LEN);
    129. 

  129.   FILL_BUFFER_IMPL()
    130. 

  130.   memwipe(buf, 0, BUF_LEN);
    131. 

  131.   raw_free(buf);
    132. 

  132.   return sum;
    133. 

  133. }
    134. 

  134. 

  135. static unsigned
    136. 

  136. fill_heap_buffer_nothing(void)
    137. 

  137. {
    138. 

  138.   char *buf = heap_buf = raw_malloc(BUF_LEN);
    139. 

  139.   FILL_BUFFER_IMPL()
    140. 

  140.   raw_free(buf);
    141. 

  141.   return sum;
    142. 

  142. }
    143. 

  143. 

  144. static unsigned
    145. 

  145. check_heap_buffer(void)
    146. 

  146. {
    147. 

  147.   unsigned int i;
    148. 

  148.   unsigned sum = 0;
    149. 

  149.   volatile char *buf = heap_buf;
    150. 

  150. 

  151.   /* See if this buffer has the string in it.
    152. 

  152. 

  153.      YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM A FREED BUFFER.
    154. 

  154. 

  155.      If you know a better way to figure out whether the compiler eliminated
    156. 

  156.      the memset/memwipe calls or not, please let me know.
    157. 

  157.    */
    158. 

  158.   for (i = 0; i < BUF_LEN - strlen(s); ++i) {
    159. 

  159.     if (vmemeq(buf+i, s, strlen(s)))
    160. 

  160.       ++sum;
    161. 

  161.   }
    162. 

  162. 

  163.   return sum;
    164. 

  164. }
    165. 

  165. 

  166. static struct testcase {
    167. 

  167.   const char *name;
    168. 

  168.   /* this spacing satisfies make check-spaces */
    169. 

  169.   unsigned
    170. 

  170.     (*fill_fn)(void);
    171. 

  171.   unsigned
    172. 

  172.     (*check_fn)(void);
    173. 

  173. } testcases[] = {
    174. 

  174.   { "nil", fill_a_buffer_nothing, check_a_buffer },
    175. 

  175.   { "nil-heap", fill_heap_buffer_nothing, check_heap_buffer },
    176. 

  176.   { "memset", fill_a_buffer_memset, check_a_buffer },
    177. 

  177.   { "memset-heap", fill_heap_buffer_memset, check_heap_buffer },
    178. 

  178.   { "memwipe", fill_a_buffer_memwipe, check_a_buffer },
    179. 

  179.   { "memwipe-heap", fill_heap_buffer_memwipe, check_heap_buffer },
    180. 

  180.   { NULL, NULL, NULL }
    181. 

  181. };
    182. 

  182. 

  183. int
    184. 

  184. main(int argc, char **argv)
    185. 

  185. {
    186. 

  186.   unsigned x, x2;
    187. 

  187.   int i;
    188. 

  188.   int working = 1;
    189. 

  189.   unsigned found[6];
    190. 

  190.   (void) argc; (void) argv;
    191. 

  191. 

  192.   s = "squamous haberdasher gallimaufry";
    193. 

  193. 

  194.   memset(found, 0, sizeof(found));
    195. 

  195. 

  196.   for (i = 0; testcases[i].name; ++i) {
    197. 

  197.     x = testcases[i].fill_fn();
    198. 

  198.     found[i] = testcases[i].check_fn();
    199. 

  199. 

  200.     x2 = fill_a_buffer_nothing();
    201. 

  201. 

  202.     if (x != x2) {
    203. 

  203.       working = 0;
    204. 

  204.     }
    205. 

  205.   }
    206. 

  206. 

  207.   if (!working || !found[0] || !found[1]) {
    208. 

  208.     printf("It appears that this test case may not give you reliable "
    209. 

  209.            "information. Sorry.\n");
    210. 

  210.   }
    211. 

  211. 

  212.   if (!found[2] && !found[3]) {
    213. 

  213.     printf("It appears that memset is good enough on this platform. Good.\n");
    214. 

  214.   }
    215. 

  215. 

  216.   if (found[4] || found[5]) {
    217. 

  217.     printf("ERROR: memwipe does not wipe data!\n");
    218. 

  218.     return 1;
    219. 

  219.   } else {
    220. 

  220.     printf("OKAY: memwipe seems to work.\n");
    221. 

  221.     return 0;
    222. 

  222.   }
    223. 

  223. }
    224.