mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-10 05:03:43 +01:00
test_sandbox: equix crypto test case for issue 40794
This is an additional test case for test_sandbox that runs a small subset of test_crypto_equix() inside the syscall sandbox, where mprotect() is filtered. It's reasonable for the sandbox to disallow JIT. We could revise this policy if we want, but it seems a good default for now. The problem in issue 40794 is that both equix and hashx need improvements in their API to handle failures after allocation time, and this failure occurs while the hash function is being compiled. With this commit only, the segfault from issue 40794 is reproduced. Subsequent commits will fix the segfault and revise the API. Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
This commit is contained in:
parent
d5dea2202c
commit
c40c5adec2
@ -12,6 +12,8 @@
|
||||
#include "orconfig.h"
|
||||
|
||||
#include "lib/sandbox/sandbox.h"
|
||||
#include "lib/crypt_ops/crypto_rand.h"
|
||||
#include "ext/equix/include/equix.h"
|
||||
|
||||
#ifdef USE_LIBSECCOMP
|
||||
|
||||
@ -292,6 +294,63 @@ test_sandbox_stat_filename(void *arg)
|
||||
(void)0;
|
||||
}
|
||||
|
||||
/** This is a simplified subset of test_crypto_equix(), running one solve
|
||||
* and one verify from inside the sandbox. The sandbox restricts mprotect, and
|
||||
* hashx will experience a failure at runtime which this test case exercises.
|
||||
* The result of the solve and verify should both still be correct, since we
|
||||
* expect it to cleanly fall back on an interpreted implementation which has
|
||||
* no operating system dependencies. */
|
||||
static void
|
||||
test_sandbox_crypto_equix(void *arg)
|
||||
{
|
||||
(void)arg;
|
||||
|
||||
const char *challenge_literal = "abce";
|
||||
const size_t challenge_len = strlen(challenge_literal);
|
||||
const size_t num_sols = 4;
|
||||
static const equix_solution sols_expected[EQUIX_MAX_SOLS] = {
|
||||
{{ 0x4fca, 0x72eb, 0x101f, 0xafab, 0x1add, 0x2d71, 0x75a3, 0xc978 }},
|
||||
{{ 0x17f1, 0x7aa6, 0x23e3, 0xab00, 0x7e2f, 0x917e, 0x16da, 0xda9e }},
|
||||
{{ 0x70ee, 0x7757, 0x8a54, 0xbd2b, 0x90e4, 0xe31e, 0x2085, 0xe47e }},
|
||||
{{ 0x62c5, 0x86d1, 0x5752, 0xe1f0, 0x12da, 0x8f33, 0x7336, 0xf161 }},
|
||||
};
|
||||
|
||||
equix_solution sols_actual[EQUIX_MAX_SOLS] = { 0 };
|
||||
equix_ctx *solve_ctx = NULL, *verify_ctx = NULL;
|
||||
|
||||
/* TODO: A subsequent change will modify these flags to use an auto fallback
|
||||
* that will be built into our fork of equix. (This implements a
|
||||
* performant and low-complexity way to share the generated program
|
||||
* state during fallback instead of re-generating it.)
|
||||
*/
|
||||
solve_ctx = equix_alloc(EQUIX_CTX_SOLVE | EQUIX_CTX_COMPILE);
|
||||
tt_ptr_op(solve_ctx, OP_NE, NULL);
|
||||
tt_ptr_op(solve_ctx, OP_NE, EQUIX_NOTSUPP);
|
||||
|
||||
int retval = equix_solve(solve_ctx, challenge_literal,
|
||||
challenge_len, sols_actual);
|
||||
tt_int_op(retval, OP_EQ, num_sols);
|
||||
tt_mem_op(sols_actual, OP_EQ, sols_expected,
|
||||
num_sols * sizeof(equix_solution));
|
||||
|
||||
verify_ctx = equix_alloc(EQUIX_CTX_VERIFY | EQUIX_CTX_COMPILE);
|
||||
tt_ptr_op(verify_ctx, OP_NE, NULL);
|
||||
tt_ptr_op(verify_ctx, OP_NE, EQUIX_NOTSUPP);
|
||||
|
||||
/* Test one of the solutions randomly */
|
||||
equix_result result;
|
||||
const unsigned sol_i = crypto_rand_int(num_sols);
|
||||
equix_solution *sol = &sols_actual[sol_i];
|
||||
|
||||
result = equix_verify(verify_ctx, challenge_literal,
|
||||
challenge_len, sol);
|
||||
tt_int_op(EQUIX_OK, OP_EQ, result);
|
||||
|
||||
done:
|
||||
equix_free(solve_ctx);
|
||||
equix_free(verify_ctx);
|
||||
}
|
||||
|
||||
#define SANDBOX_TEST_SKIPPED(name) \
|
||||
{ #name, test_sandbox_ ## name, TT_SKIP, NULL, NULL }
|
||||
|
||||
@ -343,6 +402,8 @@ struct testcase_t sandbox_tests[] = {
|
||||
#else
|
||||
SANDBOX_TEST_SKIPPED(stat_filename),
|
||||
#endif
|
||||
|
||||
SANDBOX_TEST_IN_SANDBOX(crypto_equix),
|
||||
END_OF_TESTCASES
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user