src/test/test-memwipe.c

   1 #include <string.h>
   2 #include <stdio.h>
   3 #include <sys/types.h>
   4 #include <stdlib.h>
   5
   6 #include "crypto.h"
   7 #include "compat.h"
   8
   9 #undef MIN
  10 #define MIN(a,b) ( ((a)<(b)) ? (a) : (b) )
  11
  12 static unsigned fill_a_buffer_memset(void) __attribute__((noinline));
  13 static unsigned fill_a_buffer_memwipe(void) __attribute__((noinline));
  14 static unsigned fill_a_buffer_nothing(void) __attribute__((noinline));
  15 static unsigned fill_heap_buffer_memset(void) __attribute__((noinline));
  16 static unsigned fill_heap_buffer_memwipe(void) __attribute__((noinline));
  17 static unsigned fill_heap_buffer_nothing(void) __attribute__((noinline));
  18 static unsigned check_a_buffer(void) __attribute__((noinline));
  19
  20 const char *s = NULL;
  21
  22 #define FILL_BUFFER_IMPL()                                              \
  23   unsigned int i;                                                       \
  24   unsigned sum = 0;                                                     \
  25                                                                         \
  26   /* Fill up a 1k buffer with a recognizable pattern. */                \
  27   for (i = 0; i < 2048; i += strlen(s)) {                               \
  28     memcpy(buf+i, s, MIN(strlen(s), 2048-i));                           \
  29   }                                                                     \
  30                                                                         \
  31   /* Use the buffer as input to a computation so the above can't get */ \
  32   /* optimized away. */                                                 \
  33   for (i = 0; i < 2048; ++i) {                                          \
  34     sum += (unsigned char)buf[i];                                       \
  35   }
  36
  37 static unsigned
  38 fill_a_buffer_memset(void)
  39 {
  40   char buf[2048];
  41   FILL_BUFFER_IMPL()
  42   memset(buf, 0, sizeof(buf));
  43   return sum;
  44 }
  45
  46 static unsigned
  47 fill_a_buffer_memwipe(void)
  48 {
  49   char buf[2048];
  50   FILL_BUFFER_IMPL()
  51   memwipe(buf, 0, sizeof(buf));
  52   return sum;
  53 }
  54
  55 static unsigned
  56 fill_a_buffer_nothing(void)
  57 {
  58   char buf[2048];
  59   FILL_BUFFER_IMPL()
  60   return sum;
  61 }
  62
  63 static INLINE int
  64 vmemeq(volatile char *a, const char *b, size_t n)
  65 {
  66   while (n--) {
  67     if (*a++ != *b++)
  68       return 0;
  69   }
  70   return 1;
  71 }
  72
  73 static unsigned
  74 check_a_buffer(void)
  75 {
  76   unsigned int i;
  77   volatile char buf[1024];
  78   unsigned sum = 0;
  79
  80   /* See if this buffer has the string in it.
  81
  82      YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM AN UNINITIALIZED
  83      BUFFER.
  84
  85      If you know a better way to figure out whether the compiler eliminated
  86      the memset/memwipe calls or not, please let me know.
  87    */
  88   for (i = 0; i < sizeof(buf); ++i) {
  89     if (vmemeq(buf+i, s, strlen(s)))
  90       ++sum;
  91   }
  92
  93   return sum;
  94 }
  95
  96 static char *heap_buf = NULL;
  97
  98 static unsigned
  99 fill_heap_buffer_memset(void)
 100 {
 101   char *buf = heap_buf = malloc(2048);
 102   FILL_BUFFER_IMPL()
 103   memset(buf, 0, 2048);
 104   free(buf);
 105   return sum;
 106 }
 107
 108 static unsigned
 109 fill_heap_buffer_memwipe(void)
 110 {
 111   char *buf = heap_buf = malloc(2048);
 112   FILL_BUFFER_IMPL()
 113   memwipe(buf, 0, 2048);
 114   free(buf);
 115   return sum;
 116 }
 117
 118 static unsigned
 119 fill_heap_buffer_nothing(void)
 120 {
 121   char *buf = heap_buf = malloc(2048);
 122   FILL_BUFFER_IMPL()
 123   free(buf);
 124   return sum;
 125 }
 126
 127 static unsigned
 128 check_heap_buffer(void)
 129 {
 130   unsigned int i;
 131   unsigned sum = 0;
 132   volatile char *buf = heap_buf;
 133
 134   /* See if this buffer has the string in it.
 135
 136      YES, THIS DOES INVOKE UNDEFINED BEHAVIOR BY READING FROM A FREED BUFFER.
 137
 138      If you know a better way to figure out whether the compiler eliminated
 139      the memset/memwipe calls or not, please let me know.
 140    */
 141   for (i = 0; i < sizeof(buf); ++i) {
 142     if (vmemeq(buf+i, s, strlen(s)))
 143       ++sum;
 144   }
 145
 146   return sum;
 147 }
 148
 149 static struct testcase {
 150   const char *name;
 151   unsigned (*fill_fn)(void);
 152   unsigned (*check_fn)(void);
 153 } testcases[] = {
 154   { "nil", fill_a_buffer_nothing, check_a_buffer },
 155   { "nil-heap", fill_heap_buffer_nothing, check_heap_buffer },
 156   { "memset", fill_a_buffer_memset, check_a_buffer },
 157   { "memset-heap", fill_heap_buffer_memset, check_heap_buffer },
 158   { "memwipe", fill_a_buffer_memwipe, check_a_buffer },
 159   { "memwipe-heap", fill_heap_buffer_memwipe, check_heap_buffer },
 160   { NULL, NULL, NULL }
 161 };
 162
 163 int
 164 main(int argc, char **argv)
 165 {
 166   unsigned x, x2;
 167   int i;
 168   int working = 1;
 169   unsigned found[6];
 170   (void) argc; (void) argv;
 171
 172   s = "squamous haberdasher gallimaufry";
 173
 174   memset(found, 0, sizeof(found));
 175
 176   for (i = 0; testcases[i].name; ++i) {
 177     x = testcases[i].fill_fn();
 178     found[i] = testcases[i].check_fn();
 179
 180     x2 = fill_a_buffer_nothing();
 181
 182     if (x != x2) {
 183       working = 0;
 184     }
 185   }
 186
 187   if (!working || !found[0] || !found[1]) {
 188     printf("It appears that this test case may not give you reliable "
 189            "information. Sorry.\n");
 190   }
 191
 192   if (!found[2] && !found[3]) {
 193     printf("It appears that memset is good enough on this platform. Good.\n");
 194   }
 195
 196   if (found[4] || found[5]) {
 197     printf("ERROR: memwipe does not wipe data!\n");
 198     return 1;
 199   } else {
 200     printf("OKAY: memwipe seems to work.");
 201     return 0;
 202   }
 203 }
 204