From owner-p4-projects@FreeBSD.ORG  Tue Nov 13 08:11:43 2012
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
 id A84C0197; Tue, 13 Nov 2012 08:11:43 +0000 (UTC)
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 517F3195
 for <perforce@freebsd.org>; Tue, 13 Nov 2012 08:11:43 +0000 (UTC)
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from skunkworks.freebsd.org (skunkworks.freebsd.org
 [IPv6:2001:4f8:fff6::2d])
 by mx1.freebsd.org (Postfix) with ESMTP id 308A78FC13
 for <perforce@freebsd.org>; Tue, 13 Nov 2012 08:11:43 +0000 (UTC)
Received: from skunkworks.freebsd.org (localhost [127.0.0.1])
 by skunkworks.freebsd.org (8.14.5/8.14.5) with ESMTP id qAD8BhAg010755
 for <perforce@freebsd.org>; Tue, 13 Nov 2012 08:11:43 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
 by skunkworks.freebsd.org (8.14.5/8.14.5/Submit) id qAD8BgMM010752
 for perforce@freebsd.org; Tue, 13 Nov 2012 08:11:42 GMT
 (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Tue, 13 Nov 2012 08:11:42 GMT
Message-Id: <201211130811.qAD8BgMM010752@skunkworks.freebsd.org>
X-Authentication-Warning: skunkworks.freebsd.org: perforce set sender to
 bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 219767 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Precedence: bulk
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.14
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
 <mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Nov 2012 08:11:43 -0000

http://p4web.freebsd.org/@@219767?ac=10

Change 219767 by rwatson@rwatson_zenith_cl_cam_ac_uk on 2012/11/13 08:10:57

	Teach cheritest to run md5 in a sandbox: checksummed data is
	passed in via a capability, and the checksum itself is passed out
	via a second capability.  Bounds checking and permissions (e.g.,
	read and write protection) are enforced on the by-reference
	arguments.  The resulting checksum of "hello world" appears to be
	correct!

Affected files ...

.. //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#9 edit
.. //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#4 edit

Differences ...

==== //depot/projects/ctsrd/cheribsd/src/bin/cheritest/cheritest.c#9 (text+ko) ====

@@ -152,19 +152,40 @@
 	CHERI_CSETLEN(0, 1, CHERI_CAP_USER_LENGTH - 1);
 }
 
+/*
+ * XXXRW: c1 and c2 were not getting properly aligned when placed in the
+ * stack.  Odd.
+ */
+static char md5string[] = "hello world";
+static struct chericap c1, c2;
+
 static void
 cheritest_sandbox_invoke(void)
 {
 	struct sandbox *sb;
+	char buf[33];
 	register_t v;
 
 	if (sandbox_setup("/usr/libexec/cheritest-helper.bin", 1024*1024,
 	    &sb) < 0)
 		err(1, "sandbox_setup");
 
-	v = sandbox_invoke(sb, 0, 0, 0, 0, NULL, NULL);
+	CHERI_CINCBASE(10, 0, &md5string);
+	CHERI_CSETLEN(10, 10, strlen(md5string));
+	CHERI_CANDPERM(10, 10, CHERI_PERM_LOAD);
+	CHERI_CSC(10, 0, &c1, 0);
+
+	CHERI_CINCBASE(10, 0, &buf);
+	CHERI_CSETLEN(10, 10, sizeof(buf));
+	CHERI_CANDPERM(10, 10, CHERI_PERM_STORE);
+	CHERI_CSC(10, 0, &c2, 0);
+
+	v = sandbox_invoke(sb, strlen(md5string), 0, 0, 0, &c1, &c2, NULL,
+	    NULL, NULL, NULL, NULL);
 	printf("%s: sandbox returned %ju\n", __func__, (uintmax_t)v);
 	sandbox_destroy(sb);
+	buf[32] = '\0';
+	printf("MD5 checksum of '%s' is %s\n", md5string, buf);
 }
 
 static void

==== //depot/projects/ctsrd/cheribsd/src/libexec/cheritest-helper/cheritest-helper.c#4 (text+ko) ====

@@ -34,23 +34,29 @@
 
 #include <md5.h>
 
+#include "cmemcpy.h"
+
 int	invoke(register_t a0, register_t a1, register_t a2, register_t a3);
 
 /*
  * Sample sandboxed code.  Calculate an MD5 checksum of the data arriving via
- * c1, and place the checksum in c2.
- *
- * XXXRW: More to follow here.
+ * c1, and place the checksum in c2.  a0 will hold input data length.  c2
+ * must be (at least) 33 bytes.
  */
 int
-invoke(register_t a0 __unused, register_t a1 __unused, register_t a2 __unused,
+invoke(register_t a0, register_t a1 __unused, register_t a2 __unused,
     register_t a3 __unused)
 {
 	MD5_CTX md5context;
-	char buf[33];
+	char buf[33], ch;
+	u_int count;
 
 	MD5Init(&md5context);
+	for (count = 0; count < a0; count++) {
+		memcpy_fromcap(&ch, 1, count, sizeof(ch));
+		MD5Update(&md5context, &ch, sizeof(ch));
+	}
 	MD5End(&md5context, buf);
-
+	memcpy_tocap(2, buf, 0, sizeof(buf));
 	return (123456);
 }