Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 13 Nov 2012 08:11:42 GMT
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 219767 for review
Message-ID:  <201211130811.qAD8BgMM010752@skunkworks.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@219767?ac=10

Change 219767 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/13 08:10:57

	Teach cheritest to run md5 in a sandbox: checksummed data is
	passed in via a capability, and the checksum itself is passed out
	via a second capability.  Bounds checking and permissions (e.g.,
	read and write protection) are enforced on the by-reference
	arguments.  The resulting checksum of "hello world" appears to be
	correct!

Affected files ...

.. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#9 edit
.. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#4 edit

Differences ...

==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#9 (text+ko) ====

@@ -152,19 +152,40 @@
 	CHERI_CSETLEN(0, 1, CHERI_CAP_USER_LENGTH - 1);
 }
 
+/*
+ * XXXRW: c1 and c2 were not getting properly aligned when placed in the
+ * stack.  Odd.
+ */
+static char md5string[] = "hello world";
+static struct chericap c1, c2;
+
 static void
 cheritest_sandbox_invoke(void)
 {
 	struct sandbox *sb;
+	char buf[33];
 	register_t v;
 
 	if (sandbox_setup("/usr/libexec/cheritest-helper.bin", 1024*1024,
 	    &sb) < 0)
 		err(1, "sandbox_setup");
 
-	v = sandbox_invoke(sb, 0, 0, 0, 0, NULL, NULL);
+	CHERI_CINCBASE(10, 0, &md5string);
+	CHERI_CSETLEN(10, 10, strlen(md5string));
+	CHERI_CANDPERM(10, 10, CHERI_PERM_LOAD);
+	CHERI_CSC(10, 0, &c1, 0);
+
+	CHERI_CINCBASE(10, 0, &buf);
+	CHERI_CSETLEN(10, 10, sizeof(buf));
+	CHERI_CANDPERM(10, 10, CHERI_PERM_STORE);
+	CHERI_CSC(10, 0, &c2, 0);
+
+	v = sandbox_invoke(sb, strlen(md5string), 0, 0, 0, &c1, &c2, NULL,
+	    NULL, NULL, NULL, NULL);
 	printf("%s: sandbox returned %ju\n", __func__, (uintmax_t)v);
 	sandbox_destroy(sb);
+	buf[32] = '\0';
+	printf("MD5 checksum of '%s' is %s\n", md5string, buf);
 }
 
 static void

==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#4 (text+ko) ====

@@ -34,23 +34,29 @@
 
 #include <md5.h>
 
+#include "cmemcpy.h"
+
 int	invoke(register_t a0, register_t a1, register_t a2, register_t a3);
 
 /*
  * Sample sandboxed code.  Calculate an MD5 checksum of the data arriving via
- * c1, and place the checksum in c2.
- *
- * XXXRW: More to follow here.
+ * c1, and place the checksum in c2.  a0 will hold input data length.  c2
+ * must be (at least) 33 bytes.
  */
 int
-invoke(register_t a0 __unused, register_t a1 __unused, register_t a2 __unused,
+invoke(register_t a0, register_t a1 __unused, register_t a2 __unused,
     register_t a3 __unused)
 {
 	MD5_CTX md5context;
-	char buf[33];
+	char buf[33], ch;
+	u_int count;
 
 	MD5Init(&md5context);
+	for (count = 0; count < a0; count++) {
+		memcpy_fromcap(&ch, 1, count, sizeof(ch));
+		MD5Update(&md5context, &ch, sizeof(ch));
+	}
 	MD5End(&md5context, buf);
-
+	memcpy_tocap(2, buf, 0, sizeof(buf));
 	return (123456);
 }



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211130811.qAD8BgMM010752>