1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-24 04:25:10 -07:00
libsodium/test/default/sodium_utils2.c
Frank Denis bfeca0eb73 Implement key shielding to protect against side channels
We may want to fold this into `sodium_mprotect_*()` instead of
exposing these functions.

The drawback is that a transition from PROT_NONE to PROT_READ
(or the other way round) would need an intermediary state in PROT_WRITE
for shielding/unshielding.

Shielding is also not thread-safe, while the `mprotect_*()` functions
are, and adding locks would make things more complicated than they
probably should.
2019-06-22 14:56:16 +02:00

121 lines
2.7 KiB
C

#include <stdlib.h>
#include <sys/types.h>
#include <limits.h>
#include <signal.h>
#define TEST_NAME "sodium_utils2"
#include "cmptest.h"
#ifdef __SANITIZE_ADDRESS__
# warning The sodium_utils2 test is expected to fail with address sanitizer
#endif
#undef sodium_malloc
#undef sodium_free
#undef sodium_allocarray
__attribute__((noreturn)) static void
segv_handler(int sig)
{
(void) sig;
printf("Intentional segfault / bus error caught\n");
printf("OK\n");
#ifdef SIG_DFL
# ifdef SIGSEGV
signal(SIGSEGV, SIG_DFL);
# endif
# ifdef SIGBUS
signal(SIGBUS, SIG_DFL);
# endif
# ifdef SIGABRT
signal(SIGABRT, SIG_DFL);
# endif
#endif
exit(0);
}
int
main(void)
{
void *buf;
void *buf2;
size_t size;
unsigned int i;
size = randombytes_uniform(100U);
if ((buf = sodium_malloc(size)) == NULL ||
(buf2 = sodium_malloc(size)) == NULL) {
return 1;
}
randombytes_buf(buf, size);
memcpy(buf2, buf, size);
sodium_mshield(buf);
assert(size == 0U || memcmp(buf, buf2, size) != 0);
sodium_munshield(buf);
assert(size == 0U || memcmp(buf, buf2, size) == 0);
sodium_free(buf2);
sodium_free(buf);
if (sodium_malloc(SIZE_MAX - 1U) != NULL) {
return 1;
}
if (sodium_malloc(0U) == NULL) {
return 1;
}
if (sodium_allocarray(SIZE_MAX / 2U + 1U, SIZE_MAX / 2U) != NULL) {
return 1;
}
sodium_free(sodium_allocarray(0U, 0U));
sodium_free(sodium_allocarray(0U, 1U));
sodium_free(sodium_allocarray(1U, 0U));
buf = sodium_allocarray(1000U, 50U);
memset(buf, 0, 50000U);
sodium_free(buf);
sodium_free(sodium_malloc(0U));
sodium_free(NULL);
for (i = 0U; i < 10000U; i++) {
size = 1U + randombytes_uniform(100000U);
buf = sodium_malloc(size);
assert(buf != NULL);
memset(buf, i, size);
sodium_mprotect_noaccess(buf);
sodium_free(buf);
}
printf("OK\n");
#ifdef SIG_DFL
# ifdef SIGSEGV
signal(SIGSEGV, segv_handler);
# endif
# ifdef SIGBUS
signal(SIGBUS, segv_handler);
# endif
# ifdef SIGABRT
signal(SIGABRT, segv_handler);
# endif
#endif
size = 1U + randombytes_uniform(100000U);
buf = sodium_malloc(size);
assert(buf != NULL);
/* old versions of asan emit a warning because they don't support mlock*() */
#ifndef __SANITIZE_ADDRESS__
sodium_mprotect_readonly(buf);
sodium_mprotect_readwrite(buf);
#endif
#if defined(HAVE_CATCHABLE_SEGV) && !defined(__EMSCRIPTEN__) && !defined(__SANITIZE_ADDRESS__)
sodium_memzero(((unsigned char *) buf) + size, 1U);
sodium_mprotect_noaccess(buf);
sodium_free(buf);
printf("Overflow not caught\n");
#else
segv_handler(0);
#endif
return 0;
}