Refactored ksecprintf -> secprintf. Secure code is now all in common libtest161.

This library gets linked in by default in userland, and the common files are
included in the kernel.

kern/conf/conf.kern

@@ -310,12 +310,12 @@ file      ../common/libc/string/strrchr.c
 file      ../common/libc/string/strtok_r.c
 
 #
-# Security functions that we've added to the C library and
-# use for secure output.
+# libtest161 shared code and security functions
 #
 
-file      ../common/libc/secure/secure.c
-file      ../common/libc/secure/sha256.c
+file      ../common/libtest161/test161.c
+file      ../common/libtest161/secure.c
+file      ../common/libtest161/sha256.c
 
 ########################################
 #                                      #

kern/include/kern/secret.h

@@ -44,7 +44,7 @@
  * allows normally compilation and operation.
  */
 
-#undef SECRET_TESTING
+#define SECRET_TESTING
 #define SECRET "SECRET"
 
 #endif /* _SECRET_H_ */

kern/include/kern/test161.h

@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2009
+ *	The President and Fellows of Harvard College.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE UNIVERSITY AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE UNIVERSITY OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef _KERN_TEST161_H_
+#define _KERN_TEST161_H_
+
+#define TEST161_SUCCESS 0
+#define TEST161_FAIL 1
+
+#include <kern/secret.h>
+
+int success(int, const char *, const char *);
+int secprintf(const char *secret, const char *msg, const char *name);
+
+#endif /* _KERN_TEST161_H_ */

kern/include/test.h

@@ -178,13 +178,6 @@ int ll1test(int, char **);
 int ll16test(int, char **);
 #endif
 
-#define SUCCESS 0
-#define FAIL 1
-
-int success(bool, const char *, const char *);
-
-int ksecprintf(const char *secret, const char *msg, const char *name);
-
 void random_yielder(uint32_t);
 void random_spinner(uint32_t);
 

kern/test/lib.c

@@ -1,65 +1,7 @@
-#include <kern/secret.h>
 #include <types.h>
 #include <thread.h>
 #include <test.h>
 #include <lib.h>
-#include <kern/secure.h>
-
-/*
- * Common success function for kernel tests. If SECRET_TESTING is defined,
- * ksecprintf will compute the hmac/sha256 hash of any message using the
- * shared secret and a random salt value. The (secure) server also knows
- * the secret and can verify the message was generated by a trusted source.
- * The salt value prevents against replay attacks.
- */
-int
-success(bool status, const char * secret, const char * name) {
-	if (status == SUCCESS) {
-		return ksecprintf(secret, "SUCCESS", name);
-	} else {
-		return ksecprintf(secret, "FAIL", name);
-	}
-}
-
-#ifndef SECRET_TESTING
-
-int
-ksecprintf(const char * secret, const char * msg, const char * name)
-{
-	(void)secret;
-	return kprintf("%s: %s\n", name, msg);
-}
-
-#else
-
-int
-ksecprintf(const char * secret, const char * msg, const char * name)
-{
-	char *hash, *salt, *fullmsg;
-	int res;
-	size_t len;
-
-	hash = salt = fullmsg = NULL;
-
-	// test161 expects "name: msg"
-	len = strlen(name) + strlen(msg) + 3;	// +3 for " :" and null terminator
-	fullmsg = (char *)kmalloc(len);
-	KASSERT(fullmsg != NULL);
-	snprintf(fullmsg, len, "%s: %s", name, msg);
-
-	res = hmac_salted(fullmsg, len-1, secret, strlen(secret), &hash, &salt);
-	KASSERT(res == 0);
-
-	res = kprintf("(%s, %s, %s, %s: %s)\n", name, hash, salt, name, msg);
-
-	kfree(hash);
-	kfree(salt);
-	kfree(fullmsg);
-
-	return res;
-}
-
-#endif
 
 /*
  * Helper functions used by testing and problem driver code

kern/test/rwtest.c

@@ -9,7 +9,7 @@
 #include <thread.h>
 #include <synch.h>
 #include <test.h>
-#include <kern/secret.h>
+#include <kern/test161.h>
 #include <spinlock.h>
 
 /*
@@ -21,7 +21,7 @@ int rwtest(int nargs, char **args) {
 	(void)args;
 
 	kprintf_n("rwt1 unimplemented\n");
-	success(FAIL, SECRET, "rwt1");
+	success(TEST161_FAIL, SECRET, "rwt1");
 
 	return 0;
 }
@@ -31,7 +31,7 @@ int rwtest2(int nargs, char **args) {
 	(void)args;
 
 	kprintf_n("rwt2 unimplemented\n");
-	success(FAIL, SECRET, "rwt2");
+	success(TEST161_FAIL, SECRET, "rwt2");
 
 	return 0;
 }
@@ -41,7 +41,7 @@ int rwtest3(int nargs, char **args) {
 	(void)args;
 
 	kprintf_n("rwt3 unimplemented\n");
-	success(FAIL, SECRET, "rwt3");
+	success(TEST161_FAIL, SECRET, "rwt3");
 
 	return 0;
 }
@@ -51,7 +51,7 @@ int rwtest4(int nargs, char **args) {
 	(void)args;
 
 	kprintf_n("rwt4 unimplemented\n");
-	success(FAIL, SECRET, "rwt4");
+	success(TEST161_FAIL, SECRET, "rwt4");
 
 	return 0;
 }
@@ -61,7 +61,7 @@ int rwtest5(int nargs, char **args) {
 	(void)args;
 
 	kprintf_n("rwt5 unimplemented\n");
-	success(FAIL, SECRET, "rwt5");
+	success(TEST161_FAIL, SECRET, "rwt5");
 
 	return 0;
 }

kern/test/synchprobs.c

@@ -9,14 +9,14 @@
 #include <test.h>
 #include <current.h>
 #include <synch.h>
-#include <kern/secret.h>
+#include <kern/test161.h>
 #include <spinlock.h>
 
 #define PROBLEMS_MAX_YIELDER 16
 #define PROBLEMS_MAX_SPINNER 8192
 
-#define SUCCESS 0
-#define FAIL 1
+#define TEST161_SUCCESS 0
+#define TEST161_FAIL 1
 
 /*
  * Shared initialization routines
@@ -29,7 +29,7 @@ static struct semaphore *startsem;
 static struct semaphore *endsem;
 
 struct spinlock status_lock;
-static bool test_status = FAIL;
+static bool test_status = TEST161_FAIL;
 const char *test_message;
 
 static
@@ -37,7 +37,7 @@ bool
 failif(bool condition, const char *message) {
 	if (condition) {
 		spinlock_acquire(&status_lock);
-		test_status = FAIL;
+		test_status = TEST161_FAIL;
 		test_message = message;
 		spinlock_release(&status_lock);
 	}
@@ -273,7 +273,7 @@ whalemating(int nargs, char **args) {
 		panic("sp1: sem_create failed\n");
 	}
 	spinlock_init(&status_lock);
-	test_status = SUCCESS;
+	test_status = TEST161_SUCCESS;
 	test_message = "";
 
 	whalemating_init();
@@ -308,18 +308,18 @@ whalemating(int nargs, char **args) {
 	}
 
 	/* Make sure nothing is happening... */
-	loop_status = SUCCESS;
-	for (i = 0; i < CHECK_TIMES && loop_status == SUCCESS; i++) {
+	loop_status = TEST161_SUCCESS;
+	for (i = 0; i < CHECK_TIMES && loop_status == TEST161_SUCCESS; i++) {
 		kprintf_t(".");
 		random_spinner(PROBLEMS_MAX_SPINNER);
 		lock_acquire(testlock);
 		if ((male_start_count != NMATING) || (female_start_count != NMATING) ||
 				(matchmaker_start_count + male_end_count + female_end_count + matchmaker_end_count != 0)) {
-			loop_status = FAIL;
+			loop_status = TEST161_FAIL;
 		}
 		lock_release(testlock);
 	}
-	if (failif((loop_status == FAIL), "failed: uncoordinated matchmaking is occurring")) {
+	if (failif((loop_status == TEST161_FAIL), "failed: uncoordinated matchmaking is occurring")) {
 		goto done;
 	}
 
@@ -352,19 +352,19 @@ whalemating(int nargs, char **args) {
 	}
 
 	/* Make sure nothing else is happening... */
-	loop_status = SUCCESS;
-	for (i = 0; i < CHECK_TIMES && loop_status == SUCCESS; i++) {
+	loop_status = TEST161_SUCCESS;
+	for (i = 0; i < CHECK_TIMES && loop_status == TEST161_SUCCESS; i++) {
 		kprintf_t(".");
 		random_spinner(PROBLEMS_MAX_SPINNER);
 		lock_acquire(testlock);
 		if ((male_start_count != NMATING) || (female_start_count != NMATING) ||
 				(matchmaker_start_count != pivot) || (male_end_count != pivot) ||
 				(female_end_count != pivot) || (matchmaker_end_count != pivot)) {
-			loop_status = FAIL;
+			loop_status = TEST161_FAIL;
 		}
 		lock_release(testlock);
 	}
-	if (failif((loop_status == FAIL), "failed: uncoordinated matchmaking is occurring")) {
+	if (failif((loop_status == TEST161_FAIL), "failed: uncoordinated matchmaking is occurring")) {
 		goto done;
 	}
 
@@ -399,8 +399,8 @@ done:
 	sem_destroy(matcher_sem);
 
 	kprintf_t("\n");
-	if (test_status != SUCCESS) {
-		ksecprintf(SECRET, test_message, "sp1");
+	if (test_status != TEST161_SUCCESS) {
+		secprintf(SECRET, test_message, "sp1");
 	}
 	success(test_status, SECRET, "sp1");
 
@@ -628,7 +628,7 @@ int stoplight(int nargs, char **args) {
 		panic("sp2: sem_create failed\n");
 	}
 	spinlock_init(&status_lock);
-	test_status = SUCCESS;
+	test_status = TEST161_SUCCESS;
 
 	stoplight_init();
 
@@ -669,7 +669,7 @@ int stoplight(int nargs, char **args) {
 	for (i = 0; i < NCARS; i++) {
 		passed += car_locations[i] == PASSED_CAR ? 1 : 0;
 	}
-	if ((test_status == SUCCESS) &&
+	if ((test_status == TEST161_SUCCESS) &&
 			(!(failif((passed != NCARS), "failed: not enough cars"))) &&
 			(!(failif((all_quadrant != required_quadrant), "failed: didn't do the right turns"))) &&
 			(!(failif((max_car_count <= 1), "failed: no concurrency achieved")))) {};
@@ -679,8 +679,8 @@ int stoplight(int nargs, char **args) {
 	sem_destroy(endsem);
 
 	kprintf_t("\n");
-	if (test_status != SUCCESS) {
-		ksecprintf(SECRET, test_message, "sp2");
+	if (test_status != TEST161_SUCCESS) {
+		secprintf(SECRET, test_message, "sp2");
 	}
 	success(test_status, SECRET, "sp2");
 

kern/test/synchtest.c

@@ -40,7 +40,7 @@
 #include <thread.h>
 #include <synch.h>
 #include <test.h>
-#include <kern/secret.h>
+#include <kern/test161.h>
 #include <spinlock.h>
 
 #define CREATELOOPS		8
@@ -63,7 +63,7 @@ static struct cv *testcv = NULL;
 static struct semaphore *donesem = NULL;
 
 struct spinlock status_lock;
-static bool test_status = FAIL;
+static bool test_status = TEST161_FAIL;
 
 static unsigned long semtest_current;
 
@@ -72,7 +72,7 @@ bool
 failif(bool condition) {
 	if (condition) {
 		spinlock_acquire(&status_lock);
-		test_status = FAIL;
+		test_status = TEST161_FAIL;
 		spinlock_release(&status_lock);
 	}
 	return condition;
@@ -131,7 +131,7 @@ semtest(int nargs, char **args)
 		}
 	}
 	spinlock_init(&status_lock);
-	test_status = SUCCESS;
+	test_status = TEST161_SUCCESS;
 
 	kprintf_n("If this hangs, it's broken: ");
 	P(testsem);
@@ -264,7 +264,7 @@ locktest(int nargs, char **args)
 		}
 	}
 	spinlock_init(&status_lock);
-	test_status = SUCCESS;
+	test_status = TEST161_SUCCESS;
 
 	for (i=0; i<NTHREADS; i++) {
 		kprintf_t(".");
@@ -302,12 +302,12 @@ locktest2(int nargs, char **args) {
 		panic("lt2: lock_create failed\n");
 	}
 
-	ksecprintf(SECRET, "Should panic...", "lt2");
+	secprintf(SECRET, "Should panic...", "lt2");
 	lock_release(testlock);
 
 	/* Should not get here on success. */
 
-	success(FAIL, SECRET, "lt2");
+	success(TEST161_FAIL, SECRET, "lt2");
 
 	lock_destroy(testlock);
 	testlock = NULL;
@@ -328,13 +328,13 @@ locktest3(int nargs, char **args) {
 		panic("lt3: lock_create failed\n");
 	}
 
-	ksecprintf(SECRET, "Should panic...", "lt3");
+	secprintf(SECRET, "Should panic...", "lt3");
 	lock_acquire(testlock);
 	lock_destroy(testlock);
 
 	/* Should not get here on success. */
 
-	success(FAIL, SECRET, "lt3");
+	success(TEST161_FAIL, SECRET, "lt3");
 
 	testlock = NULL;
 
@@ -426,7 +426,7 @@ cvtest(int nargs, char **args)
 		}
 	}
 	spinlock_init(&status_lock);
-	test_status = SUCCESS;
+	test_status = TEST161_SUCCESS;
 
 	testval1 = NTHREADS-1;
 	for (i=0; i<NTHREADS; i++) {
@@ -562,7 +562,7 @@ cvtest2(int nargs, char **args)
 		testcvs[i] = cv_create("cvtest2 cv");
 	}
 	spinlock_init(&status_lock);
-	test_status = SUCCESS;
+	test_status = TEST161_SUCCESS;
 
 	result = thread_fork("cvt2", NULL, sleepthread, NULL, 0);
 	if (result) {
@@ -609,12 +609,12 @@ cvtest3(int nargs, char **args) {
 		panic("cvt3: cv_create failed\n");
 	}
 
-	ksecprintf(SECRET, "Should panic...", "cvt3");
+	secprintf(SECRET, "Should panic...", "cvt3");
 	cv_wait(testcv, testlock);
 
 	/* Should not get here on success. */
 
-	success(FAIL, SECRET, "cvt3");
+	success(TEST161_FAIL, SECRET, "cvt3");
 
 	lock_destroy(testlock);
 	cv_destroy(testcv);
@@ -641,12 +641,12 @@ cvtest4(int nargs, char **args) {
 		panic("cvt4: cv_create failed\n");
 	}
 
-	ksecprintf(SECRET, "Should panic...", "cvt4");
+	secprintf(SECRET, "Should panic...", "cvt4");
 	cv_broadcast(testcv, testlock);
 
 	/* Should not get here on success. */
 
-	success(FAIL, SECRET, "cvt4");
+	success(TEST161_FAIL, SECRET, "cvt4");
 
 	lock_destroy(testlock);
 	cv_destroy(testcv);
@@ -726,7 +726,7 @@ cvtest5(int nargs, char **args) {
 		panic("cvt5: sem_create failed\n");
 	}
 	spinlock_init(&status_lock);
-	test_status = SUCCESS;
+	test_status = TEST161_SUCCESS;
 	testval1 = 0;
 
 	lock_acquire(testlock);

kern/vm/kmalloc.c

@@ -31,7 +31,7 @@
 #include <lib.h>
 #include <spinlock.h>
 #include <vm.h>
-#include <kern/secret.h>
+#include <kern/test161.h>
 #include <test.h>
 
 /*
@@ -838,7 +838,7 @@ kheap_printused(void)
 
 	char total_string[32];
 	snprintf(total_string, sizeof(total_string), "%lu", total);
-	ksecprintf(SECRET, total_string, "khu");
+	secprintf(SECRET, total_string, "khu");
 }
 
 ////////////////////////////////////////