From d11222dc25c2a5363b451dd9dbc81482530c9107 Mon Sep 17 00:00:00 2001 From: J08nY Date: Tue, 30 Apr 2024 17:20:02 +0200 Subject: Add way of handling SIGSEGV and SIGABRT in native code. --- .../ectester/standalone/ECTesterStandalone.java | 16 +++- .../crcs/ectester/standalone/libs/jni/SigInfo.java | 80 +++++++++++++++++++ .../standalone/libs/jni/SignalException.java | 18 +++++ .../standalone/libs/jni/TimeoutException.java | 11 +++ .../cz/crcs/ectester/standalone/libs/jni/Makefile | 14 +++- .../crcs/ectester/standalone/libs/jni/c_signals.c | 93 ++++++++++++++++++++++ .../crcs/ectester/standalone/libs/jni/c_signals.h | 58 ++++++++++++++ .../cz/crcs/ectester/standalone/libs/jni/gcrypt.c | 7 ++ 8 files changed, 293 insertions(+), 4 deletions(-) create mode 100644 standalone/src/main/java/cz/crcs/ectester/standalone/libs/jni/SigInfo.java create mode 100644 standalone/src/main/java/cz/crcs/ectester/standalone/libs/jni/SignalException.java create mode 100644 standalone/src/main/java/cz/crcs/ectester/standalone/libs/jni/TimeoutException.java create mode 100644 standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.c create mode 100644 standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/ECTesterStandalone.java b/standalone/src/main/java/cz/crcs/ectester/standalone/ECTesterStandalone.java index ab7e45b..82c2362 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/ECTesterStandalone.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/ECTesterStandalone.java @@ -36,6 +36,8 @@ import cz.crcs.ectester.standalone.consts.KeyAgreementIdent; import cz.crcs.ectester.standalone.consts.KeyPairGeneratorIdent; import cz.crcs.ectester.standalone.consts.SignatureIdent; import cz.crcs.ectester.standalone.libs.*; +import cz.crcs.ectester.standalone.libs.jni.SignalException; +import cz.crcs.ectester.standalone.libs.jni.TimeoutException; import cz.crcs.ectester.standalone.output.FileTestWriter; import cz.crcs.ectester.standalone.test.suites.*; import org.apache.commons.cli.*; @@ -103,6 +105,9 @@ public class ECTesterStandalone { if (!System.getProperty("os.name").startsWith("Windows")) { FileUtil.writeNewer(LIB_RESOURCE_DIR + "lib_timing.so", reqs.resolve("lib_timing.so")); System.load(reqs.resolve("lib_timing.so").toString()); + + FileUtil.writeNewer(LIB_RESOURCE_DIR + "lib_signals.so", reqs.resolve("lib_signals.so")); + System.load(reqs.resolve("lib_signals.so").toString()); } List libObjects = new LinkedList<>(); @@ -739,7 +744,16 @@ public class ECTesterStandalone { int amount = Integer.parseInt(cli.getOptionValue("generate.amount", "1")); for (int i = 0; i < amount || amount == 0; ++i) { long elapsed = -System.nanoTime(); - KeyPair kp = kpg.genKeyPair(); + KeyPair kp; + try { + kp = kpg.genKeyPair(); + } catch (SignalException exc) { + System.err.println(exc.getSigInfo()); + continue; + } catch (TimeoutException exc) { + System.err.println(exc); + continue; + } elapsed += System.nanoTime(); if (!lib.getNativeTimingSupport().isEmpty()) { elapsed = lib.getLastNativeTiming(); diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/jni/SigInfo.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/jni/SigInfo.java new file mode 100644 index 0000000..3cb7bad --- /dev/null +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/jni/SigInfo.java @@ -0,0 +1,80 @@ +package cz.crcs.ectester.standalone.libs.jni; + +/** + * @author Jan Jancar johny@neuromancer.sk + */ +public class SigInfo { + + private final int signo; + private final int code; + private final int errno; + private final int pid; + private final int uid; + private final long addr; + private final int status; + private final long band; + private final long sigval; + + public SigInfo(int signo, int code, int errno, int pid, int uid, long addr, int status, long band, long sigval) { + this.signo = signo; + this.code = code; + this.errno = errno; + this.pid = pid; + this.uid = uid; + this.addr = addr; + this.status = status; + this.band = band; + this.sigval = sigval; + } + + public int getSigno() { + return signo; + } + + public int getCode() { + return code; + } + + public int getErrno() { + return errno; + } + + public int getPid() { + return pid; + } + + public int getUid() { + return uid; + } + + public long getAddr() { + return addr; + } + + public int getStatus() { + return status; + } + + public long getBand() { + return band; + } + + public long getSigval() { + return sigval; + } + + @Override + public String toString() { + return "SigInfo{" + + "signo=" + signo + + ", code=" + code + + ", errno=" + errno + + ", pid=" + pid + + ", uid=" + uid + + ", addr=" + addr + + ", status=" + status + + ", band=" + band + + ", sigval=" + sigval + + '}'; + } +} diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/jni/SignalException.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/jni/SignalException.java new file mode 100644 index 0000000..726286e --- /dev/null +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/jni/SignalException.java @@ -0,0 +1,18 @@ +package cz.crcs.ectester.standalone.libs.jni; + +/** + * @author Jan Jancar johny@neuromancer.sk + */ +public class SignalException extends RuntimeException { + + private final SigInfo sigInfo; + + public SignalException(SigInfo sigInfo) { + super("Signal caught."); + this.sigInfo = sigInfo; + } + + public SigInfo getSigInfo() { + return sigInfo; + } +} diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/jni/TimeoutException.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/jni/TimeoutException.java new file mode 100644 index 0000000..c4084b9 --- /dev/null +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/jni/TimeoutException.java @@ -0,0 +1,11 @@ +package cz.crcs.ectester.standalone.libs.jni; + +/** + * @author Jan Jancar johny@neuromancer.sk + */ +public class TimeoutException extends RuntimeException { + + public TimeoutException(String message) { + super(message); + } +} diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile index 1fa16c0..aef1bd3 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile @@ -4,7 +4,7 @@ CC?=gcc CXX?=g++ -LFLAGS+=-fPIC -shared +LFLAGS+=-fPIC -shared -L "$(JNI_LIBDIR)" -L "$(JNI_LIBDIR)/server" #-ljsig -ljvm CFLAGS+=-fPIC -I"$(JNI_INCLUDEDIR)" -I"$(JNI_PLATFORMINCLUDEDIR)" -I. -Wno-deprecated-declarations CXXFLAGS+=-fPIC -I"$(JNI_INCLUDEDIR)" -I"$(JNI_PLATFORMINCLUDEDIR)" -I. -Wno-deprecated-declarations @@ -36,12 +36,17 @@ endif ifneq ($(JAVA_HOME),) JNI_INCLUDEDIR ?= $(JAVA_HOME)/include + JNI_LIBDIR ?= $(JAVA_HOME)/lib endif ifeq ($(JNI_INCLUDEDIR),) $(error "Could not determine JNI include dir. Try specifying either JAVA_HOME or JNI_INCLUDEDIR.") endif +ifeq ($(JNI_LIBDIR),) + $(error "Could not determine JNI lib dir. Try specifying either JAVA_HOME or JNI_LIBDIR.") +endif + TARGETTRIPLET := $(shell $(CC) -dumpmachine) ifeq ($(JNI_PLATFORM),) @@ -68,6 +73,9 @@ c_utils.o: c_utils.c lib_timing.so: c_timing.c $(CC) -o $@ -shared $(CFLAGS) -Wl,-soname,lib_timing.so $< +lib_signals.so: c_signals.c + $(CC) -o $@ -shared $(CFLAGS) -Wl,-soname,lib_signals.so $< + cpp_utils.o: cpp_utils.cpp $(CXX) $(CXXFLAGS) -c $< @@ -98,8 +106,8 @@ boringssl.o: boringssl.c # libgcrypt shim gcrypt: gcrypt_provider.so -gcrypt_provider.so: gcrypt.o c_utils.o | lib_timing.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell libgcrypt-config --libs) -l:lib_timing.so +gcrypt_provider.so: gcrypt.o c_utils.o | lib_timing.so lib_signals.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell libgcrypt-config --libs) -l:lib_timing.so -l:lib_signals.so gcrypt.o: gcrypt.c $(CC) $(shell libgcrypt-config --cflags) $(CFLAGS) -c $< diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.c b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.c new file mode 100644 index 0000000..f4adaa5 --- /dev/null +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.c @@ -0,0 +1,93 @@ +#include "c_utils.h" +#include "c_signals.h" + +#if __linux || __posix + +#include +#include +#include + +// TODO: Handle alarms properly. +// Create a new thread, make it sleep, then send alarm to the main thread. + +static siginfo_t last_siginfo; +static bool initialized = false; +static bool caught = false; +static bool timedout = false; +static jmp_buf *target = NULL; + +void handler(int signo, siginfo_t *info, void *context) { + last_siginfo = *info; + caught = true; + longjmp(*target, 1); +} + +void alarm_handler(int signo) { + timedout = true; +} + +static jmp_buf buf; + +jmp_buf *get_jmpbuf() { + return &buf; +} + +static struct sigaction old_segv; +static struct sigaction old_abrt; +static struct sigaction old_alrm; + +void init_signals(jmp_buf *env) { + struct sigaction action; + action.sa_sigaction = handler; + sigemptyset(&action.sa_mask); + action.sa_flags = SA_SIGINFO; + + sigaction(SIGSEGV, &action, &old_segv); + sigaction(SIGABRT, &action, &old_abrt); + + struct sigaction alarm_action; + alarm_action.sa_handler = alarm_handler; + sigemptyset(&alarm_action.sa_mask); + alarm_action.sa_flags = 0; + sigaction(SIGALRM, &alarm_action, &old_alrm); + + target = env; + initialized = true; + caught = false; + timedout = false; +} + + +void deinit_signals() { + sigaction(SIGSEGV, NULL, &old_segv); + sigaction(SIGABRT, NULL, &old_abrt); + sigaction(SIGALRM, NULL, &old_alrm); + + target = NULL; + initialized = false; +} + +bool get_timedout() { + return timedout; +} + +jobject get_siginfo(JNIEnv *env) { + if (!caught) { + return NULL; + } + + jclass local_siginfo_class = (*env)->FindClass(env, "cz/crcs/ectester/standalone/libs/jni/SigInfo"); + jmethodID siginfo_init = (*env)->GetMethodID(env, local_siginfo_class, "", "(IIIIIJIJJ)V"); + return (*env)->NewObject(env, local_siginfo_class, siginfo_init, + (jint) last_siginfo.si_signo, + (jint) last_siginfo.si_code, + (jint) last_siginfo.si_errno, + (jint) last_siginfo.si_pid, + (jint) last_siginfo.si_uid, + (jlong) last_siginfo.si_addr, + (jint) last_siginfo.si_status, + (jlong) last_siginfo.si_band, + (jlong) 0); +} + +#endif \ No newline at end of file diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h new file mode 100644 index 0000000..95fc693 --- /dev/null +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h @@ -0,0 +1,58 @@ +#pragma once + +#include +#include + +#ifdef __cplusplus +extern "C" +{ +#endif + +/** + * + */ +void init_signals(jmp_buf *env); + +/** + * + */ +jmp_buf *get_jmpbuf(); + +/** + * + */ +void deinit_signals(); + +/** + * + */ +bool get_timedout(); + +/** + * + */ +jobject get_siginfo(JNIEnv *env); + + +#define SIG_TRY() init_signals(get_jmpbuf()); \ + if (!setjmp(*get_jmpbuf())) +#define SIG_CATCH() deinit_signals(); +#define SIG_HANDLE(env) do { \ + jobject siginfo = get_siginfo(env); \ + if (siginfo != NULL) { \ + jclass sigexception_class = (*env)->FindClass(env, "cz/crcs/ectester/standalone/libs/jni/SignalException"); \ + jmethodID new_sigexception = (*env)->GetMethodID(env, sigexception_class, "", "(Lcz/crcs/ectester/standalone/libs/jni/SigInfo;)V"); \ + jobject sigexception = (*env)->NewObject(env, sigexception_class, new_sigexception, siginfo); \ + (*env)->Throw(env, sigexception); \ + } \ + if (get_timedout()) { \ + jclass timeoutexception_class = (*env)->FindClass(env, "cz/crcs/ectester/standalone/libs/jni/TimeoutException"); \ + (*env)->ThrowNew(env, timeoutexception_class, "Operation timed out."); \ + } \ +} while (0) + + + +#ifdef __cplusplus +} +#endif diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/gcrypt.c b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/gcrypt.c index ef62fbf..3df7656 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/gcrypt.c +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/gcrypt.c @@ -1,5 +1,6 @@ #include "c_utils.h" #include "c_timing.h" +#include "c_signals.h" #include "native.h" #include @@ -276,6 +277,12 @@ static jobject generate_from_sexp(JNIEnv *env, gcry_sexp_t gen_sexp) { gcry_error_t err = gcry_pk_genkey(&key_sexp, gen_sexp); native_timing_stop(); + SIG_TRY() { + //raise(SIGSEGV); + } SIG_CATCH(); + + SIG_HANDLE(env); + if (gcry_err_code(err) != GPG_ERR_NO_ERROR) { throw_new_var(env, "java/security/GeneralSecurityException", "Error generating key. Error: %ui", gcry_err_code(err)); goto release_sexp; -- cgit v1.2.3-70-g09d2 From 7e551f5cd6e28787a15287b1efe3630a4c32c826 Mon Sep 17 00:00:00 2001 From: J08nY Date: Mon, 6 May 2024 17:27:25 +0200 Subject: Allow for timeouts in native code. --- .../cz/crcs/ectester/standalone/libs/jni/Makefile | 4 +-- .../crcs/ectester/standalone/libs/jni/c_signals.c | 40 +++++++++++++++++----- .../crcs/ectester/standalone/libs/jni/c_signals.h | 9 ++--- .../cz/crcs/ectester/standalone/libs/jni/gcrypt.c | 6 ---- 4 files changed, 39 insertions(+), 20 deletions(-) diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile index aef1bd3..93e1539 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile @@ -74,7 +74,7 @@ lib_timing.so: c_timing.c $(CC) -o $@ -shared $(CFLAGS) -Wl,-soname,lib_timing.so $< lib_signals.so: c_signals.c - $(CC) -o $@ -shared $(CFLAGS) -Wl,-soname,lib_signals.so $< + $(CC) -o $@ -shared $(CFLAGS) -pthread -lpthread -Wl,-soname,lib_signals.so $< cpp_utils.o: cpp_utils.cpp $(CXX) $(CXXFLAGS) -c $< @@ -107,7 +107,7 @@ boringssl.o: boringssl.c gcrypt: gcrypt_provider.so gcrypt_provider.so: gcrypt.o c_utils.o | lib_timing.so lib_signals.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell libgcrypt-config --libs) -l:lib_timing.so -l:lib_signals.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. -pthread -lpthread $(shell libgcrypt-config --libs) -l:lib_timing.so -l:lib_signals.so gcrypt.o: gcrypt.c $(CC) $(shell libgcrypt-config --cflags) $(CFLAGS) -c $< diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.c b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.c index f4adaa5..a1ea9f1 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.c +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.c @@ -6,29 +6,38 @@ #include #include #include - -// TODO: Handle alarms properly. -// Create a new thread, make it sleep, then send alarm to the main thread. +#include +#include static siginfo_t last_siginfo; static bool initialized = false; static bool caught = false; static bool timedout = false; -static jmp_buf *target = NULL; +static sigjmp_buf buf; +static sigjmp_buf *target = NULL; + +struct timer_arg { + unsigned int timeout; + pthread_t main_thread; +}; +static struct timer_arg ta; +static pthread_t timer_thread; void handler(int signo, siginfo_t *info, void *context) { + //printf("Signal, %i\n", signo); last_siginfo = *info; caught = true; - longjmp(*target, 1); + siglongjmp(*target, 1); } void alarm_handler(int signo) { + //printf("Alarm\n"); timedout = true; + siglongjmp(*target, 1); } -static jmp_buf buf; -jmp_buf *get_jmpbuf() { +sigjmp_buf *get_jmpbuf() { return &buf; } @@ -36,7 +45,14 @@ static struct sigaction old_segv; static struct sigaction old_abrt; static struct sigaction old_alrm; -void init_signals(jmp_buf *env) { +void *timer(void *arg) { + sleep(ta.timeout); + pthread_kill(ta.main_thread, SIGALRM); + return NULL; +} + +void init_signals(sigjmp_buf *env, unsigned int timeout) { + //printf("Initializing signals!\n"); struct sigaction action; action.sa_sigaction = handler; sigemptyset(&action.sa_mask); @@ -55,10 +71,18 @@ void init_signals(jmp_buf *env) { initialized = true; caught = false; timedout = false; + + ta.timeout = timeout; + ta.main_thread = pthread_self(); + + pthread_create(&timer_thread, NULL, timer, (void *)&ta); } void deinit_signals() { + //printf("Deinitializing signals!\n"); + pthread_cancel(timer_thread); + sigaction(SIGSEGV, NULL, &old_segv); sigaction(SIGABRT, NULL, &old_abrt); sigaction(SIGALRM, NULL, &old_alrm); diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h index 95fc693..dec7223 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h @@ -2,6 +2,7 @@ #include #include +#include #ifdef __cplusplus extern "C" @@ -11,12 +12,12 @@ extern "C" /** * */ -void init_signals(jmp_buf *env); +void init_signals(jmp_buf *env, unsigned int timeout); /** * */ -jmp_buf *get_jmpbuf(); +sigjmp_buf *get_jmpbuf(); /** * @@ -34,8 +35,8 @@ bool get_timedout(); jobject get_siginfo(JNIEnv *env); -#define SIG_TRY() init_signals(get_jmpbuf()); \ - if (!setjmp(*get_jmpbuf())) +#define SIG_TRY(timeout) init_signals(get_jmpbuf(), timeout); \ + if (!sigsetjmp(*get_jmpbuf(), 1)) #define SIG_CATCH() deinit_signals(); #define SIG_HANDLE(env) do { \ jobject siginfo = get_siginfo(env); \ diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/gcrypt.c b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/gcrypt.c index 3df7656..3ddaef4 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/gcrypt.c +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/gcrypt.c @@ -277,12 +277,6 @@ static jobject generate_from_sexp(JNIEnv *env, gcry_sexp_t gen_sexp) { gcry_error_t err = gcry_pk_genkey(&key_sexp, gen_sexp); native_timing_stop(); - SIG_TRY() { - //raise(SIGSEGV); - } SIG_CATCH(); - - SIG_HANDLE(env); - if (gcry_err_code(err) != GPG_ERR_NO_ERROR) { throw_new_var(env, "java/security/GeneralSecurityException", "Error generating key. Error: %ui", gcry_err_code(err)); goto release_sexp; -- cgit v1.2.3-70-g09d2 From ba84b595ed8c0ae34b8c3540414327f8db3e4a62 Mon Sep 17 00:00:00 2001 From: J08nY Date: Mon, 6 May 2024 18:12:15 +0200 Subject: Add lib_signals to all shims. --- .../cz/crcs/ectester/standalone/libs/jni/Makefile | 34 +++++++++++----------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile index 93e1539..dca660f 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile @@ -83,7 +83,7 @@ cpp_utils.o: cpp_utils.cpp # OpenSSL shim openssl: openssl_provider.so -openssl_provider.so: openssl.o c_utils.o | lib_timing.so +openssl_provider.so: openssl.o c_utils.o | lib_timing.so lib_signals.so $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs openssl) -l:lib_timing.so openssl.o: openssl.c @@ -96,8 +96,8 @@ boringssl: boringssl_provider.so lib_boringssl.so: cp $(PROJECT_ROOT_PATH)/ext/boringssl/build/crypto/libcrypto.so lib_boringssl.so -boringssl_provider.so: boringssl.o c_utils.o | lib_timing.so lib_boringssl.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_boringssl.so -l:lib_timing.so +boringssl_provider.so: boringssl.o c_utils.o | lib_timing.so lib_signals.so lib_boringssl.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_boringssl.so -l:lib_timing.so -l:lib_signals.so boringssl.o: boringssl.c $(CC) -I$(PROJECT_ROOT_PATH)/ext/boringssl/include/ $(CFLAGS) -c $< @@ -116,8 +116,8 @@ gcrypt.o: gcrypt.c # Libtomcrypt shim tomcrypt: tomcrypt_provider.so -tomcrypt_provider.so: tomcrypt.o c_utils.o | lib_timing.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. -ltommath $(shell pkg-config --libs libtomcrypt) -l:lib_timing.so +tomcrypt_provider.so: tomcrypt.o c_utils.o | lib_timing.so lib_signals.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. -ltommath $(shell pkg-config --libs libtomcrypt) -l:lib_timing.so -l:lib_signals.so tomcrypt.o: tomcrypt.c $(CC) -DLTM_DESC $(shell pkg-config --cflags libtomcrypt) $(CFLAGS) -c $< @@ -126,8 +126,8 @@ tomcrypt.o: tomcrypt.c # Botan-2 shim botan: botan_provider.so -botan_provider.so: botan.o cpp_utils.o | lib_timing.so - $(CXX) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs botan-2) -l:lib_timing.so +botan_provider.so: botan.o cpp_utils.o | lib_timing.so lib_signals.so + $(CXX) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs botan-2) -l:lib_timing.so -l:lib_signals.so botan.o: botan.cpp $(CXX) $(shell pkg-config --cflags botan-2) $(CXXFLAGS) -c $< @@ -140,8 +140,8 @@ ifeq ($(shell pkg-config --exists $(CRYPTOPP_NAME); echo $$?),1) endif cryptopp: cryptopp_provider.so -cryptopp_provider.so: cryptopp.o cpp_utils.o | lib_timing.so - $(CXX) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs $(CRYPTOPP_NAME)) -l:lib_timing.so +cryptopp_provider.so: cryptopp.o cpp_utils.o | lib_timing.so lib_signals.so + $(CXX) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs $(CRYPTOPP_NAME)) -l:lib_timing.so -l:lib_signals.so cryptopp.o: cryptopp.cpp $(CXX) $(shell pkg-config --cflags $(CRYPTOPP_NAME)) $(CXXFLAGS) -c $< @@ -153,8 +153,8 @@ mbedtls: mbedtls_provider.so lib_mbedtls.so: cp $(PROJECT_ROOT_PATH)/ext/mbedtls/build/library/libmbedcrypto.so lib_mbedtls.so -mbedtls_provider.so: mbedtls.o c_utils.o | lib_timing.so lib_mbedtls.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_mbedtls.so -l:lib_timing.so +mbedtls_provider.so: mbedtls.o c_utils.o | lib_timing.so lib_signals.so lib_mbedtls.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_mbedtls.so -l:lib_timing.so -l:lib_signals.so mbedtls.o: mbedtls.c $(CC) -I$(PROJECT_ROOT_PATH)/ext/mbedtls/build/include/ $(CFLAGS) -c $< @@ -166,8 +166,8 @@ ippcp: ippcp_provider.so lib_ippcp.so: cp $(PROJECT_ROOT_PATH)/ext/ipp-crypto/build/.build/RELEASE/lib/libippcp.so lib_ippcp.so -ippcp_provider.so: ippcp.o c_utils.o | lib_timing.so lib_ippcp.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_ippcp.so -l:lib_timing.so +ippcp_provider.so: ippcp.o c_utils.o | lib_timing.so lib_signals.so lib_ippcp.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_ippcp.so -l:lib_timing.so -l:lib_signals.so ippcp.o: ippcp.c $(CC) -I$(PROJECT_ROOT_PATH)/ext/ipp-crypto/build/.build/RELEASE/include/ $(CFLAGS) -c $< @@ -176,8 +176,8 @@ ippcp.o: ippcp.c # Nettle shim nettle: nettle_provider.so -nettle_provider.so: nettle.o c_utils.o | lib_timing.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs nettle) -l:lib_timing.so $(shell pkg-config --libs hogweed) -lgmp +nettle_provider.so: nettle.o c_utils.o | lib_timing.so lib_signals.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs nettle) -l:lib_timing.so -l:lib_signals.so $(shell pkg-config --libs hogweed) -lgmp nettle.o: nettle.c $(CC) $(shell pkg-config --cflags nettle) $(shell pkg-config --libs hogweed) -lgmp $(CFLAGS) -c $< @@ -189,8 +189,8 @@ libressl: libressl_provider.so lib_libressl.so: cp $(PROJECT_ROOT_PATH)/ext/libressl/build/crypto/libcrypto.so lib_libressl.so -libressl_provider.so: libressl.o c_utils.o | lib_timing.so lib_libressl.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_libressl.so -l:lib_timing.so +libressl_provider.so: libressl.o c_utils.o | lib_timing.so lib_signals.so lib_libressl.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_libressl.so -l:lib_timing.so -l:lib_signals.so libressl.o: libressl.c $(CC) -I$(PROJECT_ROOT_PATH)/ext/libressl/build/include/ $(CFLAGS) -c $< -- cgit v1.2.3-70-g09d2 From c4980ceb1452488d1fb78627ed16e3a36700ccd4 Mon Sep 17 00:00:00 2001 From: J08nY Date: Mon, 6 May 2024 19:19:29 +0200 Subject: Do not test with Java 22 yet (Gradle does not support it fully). --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b39b474..fea8fe5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -52,7 +52,7 @@ jobs: strategy: matrix: - java: [ "17", "21", "22" ] + java: [ "17", "21"] name: Build reader on Java ${{ matrix.java }} steps: - uses: actions/checkout@v4 @@ -88,7 +88,7 @@ jobs: strategy: matrix: - java: [ "17", "21", "22"] + java: [ "17", "21"] env: # ffs: https://github.com/adoptium/adoptium-support/issues/485 !!! # also, add the wolfcrypt JNI path -- cgit v1.2.3-70-g09d2 From 5c823806439086c486bbddcb1cf79bc17247e24c Mon Sep 17 00:00:00 2001 From: J08nY Date: Mon, 6 May 2024 19:31:48 +0200 Subject: Add signal handling to BoringSSL. --- .../ectester/standalone/output/TextTestWriter.java | 2 +- .../crcs/ectester/standalone/libs/jni/boringssl.c | 37 +++++++++++++++------- .../crcs/ectester/standalone/libs/jni/c_signals.h | 5 ++- 3 files changed, 30 insertions(+), 14 deletions(-) diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/output/TextTestWriter.java b/standalone/src/main/java/cz/crcs/ectester/standalone/output/TextTestWriter.java index ba345e7..36ff1af 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/output/TextTestWriter.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/output/TextTestWriter.java @@ -48,7 +48,7 @@ public class TextTestWriter extends BaseTextTestWriter { StandaloneTestSuite standaloneSuite = (StandaloneTestSuite) suite; StringBuilder sb = new StringBuilder(); sb.append("═══ ").append(Colors.underline("ECTester version:")).append(" ").append(ECTesterStandalone.VERSION).append(System.lineSeparator()); - sb.append("═══ ").append(Colors.underline("Library:")).append(" ").append(standaloneSuite.getLibrary().name()).append(System.lineSeparator()); + sb.append("═══ ").append(Colors.underline("Library:")).append(" ").append(standaloneSuite.getLibrary().name()).append(" (").append(standaloneSuite.getLibrary().getProvider().getName()).append(")").append(System.lineSeparator()); return sb.toString(); } return ""; diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/boringssl.c b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/boringssl.c index 4cc95a5..6878549 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/boringssl.c +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/boringssl.c @@ -1,5 +1,6 @@ #include "c_utils.h" #include "c_timing.h" +#include "c_signals.h" #include "native.h" #include @@ -288,9 +289,12 @@ static jobject generate_from_curve(JNIEnv *env, const EC_GROUP *curve) { EC_KEY *key = EC_KEY_new(); EC_KEY_set_group(key, curve); - native_timing_start(); - int err = EC_KEY_generate_key(key); - native_timing_stop(); + int err = 0; + SIG_TRY(TIMEOUT) { + native_timing_start(); + err = EC_KEY_generate_key(key); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); if (!err) { throw_new(env, "java/security/GeneralSecurityException", "Error generating key, EC_KEY_generate_key."); @@ -430,9 +434,12 @@ JNIEXPORT jbyteArray JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeKey jbyteArray result = (*env)->NewByteArray(env, secret_len); jbyte *result_data = (*env)->GetByteArrayElements(env, result, NULL); - native_timing_start(); - int err = ECDH_compute_key(result_data, secret_len, EC_KEY_get0_public_key(pub), priv, NULL); - native_timing_stop(); + int err = 0; + SIG_TRY(TIMEOUT) { + native_timing_start(); + err = ECDH_compute_key(result_data, secret_len, EC_KEY_get0_public_key(pub), priv, NULL); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); if (err <= 0) { throw_new(env, "java/security/GeneralSecurityException", "Error computing ECDH, ECDH_compute_key."); @@ -466,9 +473,12 @@ JNIEXPORT jbyteArray JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeSig jbyte *data_data = (*env)->GetByteArrayElements(env, data, NULL); // TODO: Do more Signatures here, maybe use the EVP interface to get to the hashes easier and not hash manually? - native_timing_start(); - ECDSA_SIG *signature = ECDSA_do_sign((unsigned char *) data_data, data_size, priv); - native_timing_stop(); + ECDSA_SIG *signature = NULL; + SIG_TRY(TIMEOUT) { + native_timing_start(); + signature = ECDSA_do_sign((unsigned char *) data_data, data_size, priv); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); (*env)->ReleaseByteArrayElements(env, data, data_data, JNI_ABORT); if (!signature) { @@ -508,9 +518,12 @@ JNIEXPORT jboolean JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeSigna jsize data_size = (*env)->GetArrayLength(env, data); jbyte *data_data = (*env)->GetByteArrayElements(env, data, NULL); - native_timing_start(); - int result = ECDSA_do_verify((unsigned char *) data_data, data_size, sig_obj, pub); - native_timing_stop(); + int result = 0; + SIG_TRY(TIMEOUT) { + native_timing_start(); + result = ECDSA_do_verify((unsigned char *) data_data, data_size, sig_obj, pub); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); if (result < 0) { throw_new(env, "java/security/GeneralSecurityException", "Error verifying, ECDSA_do_verify."); diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h index dec7223..4420a4d 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h @@ -9,6 +9,8 @@ extern "C" { #endif +#define TIMEOUT 5 + /** * */ @@ -51,7 +53,8 @@ jobject get_siginfo(JNIEnv *env); (*env)->ThrowNew(env, timeoutexception_class, "Operation timed out."); \ } \ } while (0) - +#define SIG_CATCH_HANDLE(env) SIG_CATCH(); \ + SIG_HANDLE(env) #ifdef __cplusplus -- cgit v1.2.3-70-g09d2 From f8ca335dc6b5c42cd124fca1704c715771d8128c Mon Sep 17 00:00:00 2001 From: J08nY Date: Mon, 6 May 2024 19:49:11 +0200 Subject: Output full library name in machine-readable test reports. --- .../main/java/cz/crcs/ectester/standalone/libs/ProviderECLibrary.java | 4 ++++ .../main/java/cz/crcs/ectester/standalone/output/TextTestWriter.java | 2 +- .../main/java/cz/crcs/ectester/standalone/output/XMLTestWriter.java | 2 +- .../main/java/cz/crcs/ectester/standalone/output/YAMLTestWriter.java | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/ProviderECLibrary.java b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/ProviderECLibrary.java index a9a49e9..d9d6749 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/libs/ProviderECLibrary.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/libs/ProviderECLibrary.java @@ -104,6 +104,10 @@ public abstract class ProviderECLibrary implements ECLibrary { return name; } + public String fullName() { + return name() + " (" + provider.getName() + ")"; + } + public Provider getProvider() { return provider; } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/output/TextTestWriter.java b/standalone/src/main/java/cz/crcs/ectester/standalone/output/TextTestWriter.java index 36ff1af..c53adb2 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/output/TextTestWriter.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/output/TextTestWriter.java @@ -48,7 +48,7 @@ public class TextTestWriter extends BaseTextTestWriter { StandaloneTestSuite standaloneSuite = (StandaloneTestSuite) suite; StringBuilder sb = new StringBuilder(); sb.append("═══ ").append(Colors.underline("ECTester version:")).append(" ").append(ECTesterStandalone.VERSION).append(System.lineSeparator()); - sb.append("═══ ").append(Colors.underline("Library:")).append(" ").append(standaloneSuite.getLibrary().name()).append(" (").append(standaloneSuite.getLibrary().getProvider().getName()).append(")").append(System.lineSeparator()); + sb.append("═══ ").append(Colors.underline("Library:")).append(" ").append(standaloneSuite.getLibrary().fullName()).append(System.lineSeparator()); return sb.toString(); } return ""; diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/output/XMLTestWriter.java b/standalone/src/main/java/cz/crcs/ectester/standalone/output/XMLTestWriter.java index 60751f5..2341fc7 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/output/XMLTestWriter.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/output/XMLTestWriter.java @@ -147,7 +147,7 @@ public class XMLTestWriter extends BaseXMLTestWriter { result.setAttribute("ectester", ECTesterStandalone.VERSION); Element name = doc.createElement("name"); - name.setTextContent(standaloneSuite.getLibrary().name()); + name.setTextContent(standaloneSuite.getLibrary().fullName()); result.appendChild(name); return result; } diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/output/YAMLTestWriter.java b/standalone/src/main/java/cz/crcs/ectester/standalone/output/YAMLTestWriter.java index 664fa18..66c5e38 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/output/YAMLTestWriter.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/output/YAMLTestWriter.java @@ -116,7 +116,7 @@ public class YAMLTestWriter extends BaseYAMLTestWriter { Map result = new LinkedHashMap<>(); result.put("type", "library"); result.put("ectester", ECTesterStandalone.VERSION); - result.put("name", standaloneSuite.getLibrary().name()); + result.put("name", standaloneSuite.getLibrary().fullName()); return result; } return null; -- cgit v1.2.3-70-g09d2 From b76b401cf1131cb19764dd6cc88c104b85fb8f1a Mon Sep 17 00:00:00 2001 From: J08nY Date: Tue, 7 May 2024 10:47:02 +0200 Subject: Add signal handling to Crypto++. --- .../crcs/ectester/standalone/libs/jni/c_signals.h | 17 +++++ .../crcs/ectester/standalone/libs/jni/cryptopp.cpp | 79 +++++++++++++--------- .../java/cz/crcs/ectester/standalone/AppTests.java | 8 --- 3 files changed, 63 insertions(+), 41 deletions(-) diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h index 4420a4d..466628a 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h @@ -40,6 +40,22 @@ jobject get_siginfo(JNIEnv *env); #define SIG_TRY(timeout) init_signals(get_jmpbuf(), timeout); \ if (!sigsetjmp(*get_jmpbuf(), 1)) #define SIG_CATCH() deinit_signals(); +#define SIG_DEINIT() deinit_signals(); +#ifdef __cplusplus +#define SIG_HANDLE(env) do { \ + jobject siginfo = get_siginfo(env); \ + if (siginfo != NULL) { \ + jclass sigexception_class = env->FindClass("cz/crcs/ectester/standalone/libs/jni/SignalException"); \ + jmethodID new_sigexception = env->GetMethodID(sigexception_class, "", "(Lcz/crcs/ectester/standalone/libs/jni/SigInfo;)V"); \ + jobject sigexception = env->NewObject(sigexception_class, new_sigexception, siginfo); \ + env->Throw((jthrowable) sigexception); \ + } \ + if (get_timedout()) { \ + jclass timeoutexception_class = env->FindClass("cz/crcs/ectester/standalone/libs/jni/TimeoutException"); \ + env->ThrowNew(timeoutexception_class, "Operation timed out."); \ + } \ +} while (0) +#else #define SIG_HANDLE(env) do { \ jobject siginfo = get_siginfo(env); \ if (siginfo != NULL) { \ @@ -53,6 +69,7 @@ jobject get_siginfo(JNIEnv *env); (*env)->ThrowNew(env, timeoutexception_class, "Operation timed out."); \ } \ } while (0) +#endif #define SIG_CATCH_HANDLE(env) SIG_CATCH(); \ SIG_HANDLE(env) diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cryptopp.cpp b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cryptopp.cpp index 6ec2060..e5deedb 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cryptopp.cpp +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cryptopp.cpp @@ -71,6 +71,7 @@ using CryptoPP::Integer; #include "cpp_utils.hpp" #include "c_timing.h" +#include "c_signals.h" /* * Crypto++: @@ -504,14 +505,17 @@ template jobject generate_from_group(JNIEnv *env, DL_GroupParameters_ typename ECDH::Domain ec_domain(group); SecByteBlock priv(ec_domain.PrivateKeyLength()), pub(ec_domain.PublicKeyLength()); - try { - native_timing_start(); - ec_domain.GenerateKeyPair(rng, priv, pub); - native_timing_stop(); - } catch (Exception & ex) { - throw_new(env, "java/security/GeneralSecurityException", ex.what()); - return nullptr; - } + SIG_TRY(TIMEOUT) { + try { + native_timing_start(); + ec_domain.GenerateKeyPair(rng, priv, pub); + native_timing_stop(); + } catch (Exception & ex) { + SIG_DEINIT(); + throw_new(env, "java/security/GeneralSecurityException", ex.what()); + return nullptr; + } + } SIG_CATCH_HANDLE(env); jbyteArray pub_bytearray = env->NewByteArray(pub.SizeInBytes()); jbyte *pub_bytes = env->GetByteArrayElements(pub_bytearray, nullptr); @@ -587,31 +591,34 @@ JNIEXPORT jbyteArray JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeKey bool success; std::unique_ptr secret; - try { - std::unique_ptr> ecp_group = fp_group_from_params(env, params); - if (ecp_group == nullptr) { - std::unique_ptr> ec2n_group = f2m_group_from_params(env, params); + SIG_TRY(TIMEOUT) { + try { + std::unique_ptr> ecp_group = fp_group_from_params(env, params); + if (ecp_group == nullptr) { + std::unique_ptr> ec2n_group = f2m_group_from_params(env, params); - ECDH::Domain dh_agreement(*ec2n_group); + ECDH::Domain dh_agreement(*ec2n_group); - secret = std::make_unique(dh_agreement.AgreedValueLength()); - native_timing_start(); - success = dh_agreement.Agree(*secret, private_key, public_key); - native_timing_stop(); + secret = std::make_unique(dh_agreement.AgreedValueLength()); + native_timing_start(); + success = dh_agreement.Agree(*secret, private_key, public_key); + native_timing_stop(); - } else { - ECDH::Domain dh_agreement(*ecp_group); + } else { + ECDH::Domain dh_agreement(*ecp_group); - secret = std::make_unique(dh_agreement.AgreedValueLength()); - native_timing_start(); - success = dh_agreement.Agree(*secret, private_key, public_key); - native_timing_stop(); + secret = std::make_unique(dh_agreement.AgreedValueLength()); + native_timing_start(); + success = dh_agreement.Agree(*secret, private_key, public_key); + native_timing_stop(); + } + } catch (Exception & ex) { + SIG_DEINIT(); + throw_new(env, "java/security/GeneralSecurityException", ex.what()); + return nullptr; } - } catch (Exception & ex) { - throw_new(env, "java/security/GeneralSecurityException", ex.what()); - return nullptr; - } + } SIG_CATCH_HANDLE(env); if (!success) { throw_new(env, "java/security/GeneralSecurityException", "Agreement was unsuccessful."); @@ -642,9 +649,12 @@ jbyteArray sign_message(JNIEnv *env, DL_GroupParameters_EC group, jbyteArray jsize data_length = env->GetArrayLength(data); jbyte *data_bytes = env->GetByteArrayElements(data, nullptr); - native_timing_start(); - size_t len = signer.SignMessage(rng, (byte *)data_bytes, data_length, (byte *)signature.c_str()); - native_timing_stop(); + size_t len; + SIG_TRY(TIMEOUT) { + native_timing_start(); + len = signer.SignMessage(rng, (byte *)data_bytes, data_length, (byte *)signature.c_str()); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); env->ReleaseByteArrayElements(data, data_bytes, JNI_ABORT); signature.resize(len); @@ -740,9 +750,12 @@ jboolean verify_message(JNIEnv *env, DL_GroupParameters_EC group, jbyteArray jsize data_length = env->GetArrayLength(data); jbyte *data_bytes = env->GetByteArrayElements(data, nullptr); - native_timing_start(); - bool result = verifier.VerifyMessage((byte *)data_bytes, data_length, sig, sig_len); - native_timing_stop(); + bool result; + SIG_TRY(TIMEOUT) { + native_timing_start(); + result = verifier.VerifyMessage((byte *)data_bytes, data_length, sig, sig_len); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); env->ReleaseByteArrayElements(data, data_bytes, JNI_ABORT); return result; diff --git a/standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java b/standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java index 7ff2826..8802bb4 100644 --- a/standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java +++ b/standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java @@ -162,7 +162,6 @@ public class AppTests { @ParameterizedTest @MethodSource("libs") - @Timeout(20) public void miscSuite(String libName) { String[] args = buildCLIArgs(libName, "miscellaneous", "-q"); if (libName.equals("Botan") || libName.equals("Crypto++")) { @@ -173,7 +172,6 @@ public class AppTests { @ParameterizedTest @MethodSource("libs") - @Timeout(20) public void twistSuite(String libName) { // TODO: "Nettle" is very broken here for a weird reason. assumeFalse(libName.equals("Nettle")); @@ -187,7 +185,6 @@ public class AppTests { @ParameterizedTest @MethodSource("libs") - @Timeout(20) public void degenerateSuite(String libName) { // TODO: "Nettle" is very broken here for a weird reason. assumeFalse(libName.equals("Nettle")); @@ -201,7 +198,6 @@ public class AppTests { @ParameterizedTest @MethodSource("libs") - @Timeout(20) public void edgeCasesSuite(String libName) { // TODO: Crypto++ and tomcrypt is broken here. assumeFalse(libName.equals("Crypto++") || libName.equals("tomcrypt")); @@ -215,7 +211,6 @@ public class AppTests { @ParameterizedTest @MethodSource("libs") - @Timeout(20) // TODO: This breaks the tests because the libs do all sorts of weird stuff here. @Disabled public void compositeSuite(String libName) { @@ -231,7 +226,6 @@ public class AppTests { @ParameterizedTest @MethodSource("libs") - @Timeout(20) public void cofactorSuite(String libName) { String[] args = buildCLIArgs(libName, "cofactor", "-q"); if (libName.equals("Botan") || libName.equals("Crypto++")) { @@ -242,7 +236,6 @@ public class AppTests { @ParameterizedTest @MethodSource("libs") - @Timeout(20) // TODO: This breaks the tests because the libs do all sorts of weird stuff here. @Disabled public void wrongSuite(String libName) { @@ -258,7 +251,6 @@ public class AppTests { @ParameterizedTest @MethodSource("libs") - @Timeout(20) public void invalidSuite(String libName) { // TODO: "Nettle" is very broken here for a weird reason. assumeFalse(libName.equals("Nettle")); -- cgit v1.2.3-70-g09d2 From a765087f0fb9d21eb26780a187dbca23e9267376 Mon Sep 17 00:00:00 2001 From: J08nY Date: Tue, 7 May 2024 15:43:18 +0200 Subject: Fix signal restoration in signal handling. --- .../main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.c | 6 +++--- standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java | 1 - 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.c b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.c index a1ea9f1..dd08bb8 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.c +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.c @@ -83,9 +83,9 @@ void deinit_signals() { //printf("Deinitializing signals!\n"); pthread_cancel(timer_thread); - sigaction(SIGSEGV, NULL, &old_segv); - sigaction(SIGABRT, NULL, &old_abrt); - sigaction(SIGALRM, NULL, &old_alrm); + sigaction(SIGSEGV, &old_segv, NULL); + sigaction(SIGABRT, &old_abrt, NULL); + sigaction(SIGALRM, &old_alrm, NULL); target = NULL; initialized = false; diff --git a/standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java b/standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java index 8802bb4..c94824c 100644 --- a/standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java +++ b/standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java @@ -2,7 +2,6 @@ package cz.crcs.ectester.standalone; import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.Timeout; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.MethodSource; import org.junitpioneer.jupiter.StdIo; -- cgit v1.2.3-70-g09d2 From 910ccecc91097616e407ed85bba91eae80309174 Mon Sep 17 00:00:00 2001 From: J08nY Date: Tue, 7 May 2024 16:17:32 +0200 Subject: Disable signal handling in Crypto++. --- .../main/resources/cz/crcs/ectester/standalone/libs/jni/cryptopp.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cryptopp.cpp b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cryptopp.cpp index e5deedb..3590ef2 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cryptopp.cpp +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cryptopp.cpp @@ -72,6 +72,10 @@ using CryptoPP::Integer; #include "cpp_utils.hpp" #include "c_timing.h" #include "c_signals.h" +#define SIG_TRY(x) +#define SIG_CATCH_HANDLE(x) +#define SIG_CATCH() +#define SIG_DEINIT() /* * Crypto++: -- cgit v1.2.3-70-g09d2 From 2e6207f7d83d9efb8db571ca4f04d79ca63f212f Mon Sep 17 00:00:00 2001 From: J08nY Date: Tue, 7 May 2024 16:24:22 +0200 Subject: Disable bad tests via comment instead of @Disable. --- standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java b/standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java index c94824c..c39ee54 100644 --- a/standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java +++ b/standalone/src/test/java/cz/crcs/ectester/standalone/AppTests.java @@ -208,6 +208,7 @@ public class AppTests { ECTesterStandalone.main(args); } + /* @ParameterizedTest @MethodSource("libs") // TODO: This breaks the tests because the libs do all sorts of weird stuff here. @@ -222,6 +223,7 @@ public class AppTests { } ECTesterStandalone.main(args); } + */ @ParameterizedTest @MethodSource("libs") @@ -233,6 +235,7 @@ public class AppTests { ECTesterStandalone.main(args); } + /* @ParameterizedTest @MethodSource("libs") // TODO: This breaks the tests because the libs do all sorts of weird stuff here. @@ -247,6 +250,7 @@ public class AppTests { } ECTesterStandalone.main(args); } + */ @ParameterizedTest @MethodSource("libs") -- cgit v1.2.3-70-g09d2 From 0f26779b0e94a46697f11b5f6262495ec412434c Mon Sep 17 00:00:00 2001 From: J08nY Date: Tue, 7 May 2024 16:25:04 +0200 Subject: Add signal handling to tomcrypt. --- .../crcs/ectester/standalone/libs/jni/tomcrypt.c | 37 +++++++++++++++------- 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/tomcrypt.c b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/tomcrypt.c index efaa3b9..9593e9b 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/tomcrypt.c +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/tomcrypt.c @@ -1,5 +1,6 @@ #include "c_utils.h" #include "c_timing.h" +#include "c_signals.h" #include "native.h" #include @@ -232,9 +233,12 @@ static void free_curve(ltc_ecc_set_type *curve) { static jobject generate_from_curve(JNIEnv *env, const ltc_ecc_set_type *curve) { ecc_key key; - native_timing_start(); - int err = ecc_make_key_ex(<c_prng, find_prng("yarrow"), &key, curve); - native_timing_stop(); + int err; + SIG_TRY(TIMEOUT) { + native_timing_start(); + err = ecc_make_key_ex(<c_prng, find_prng("yarrow"), &key, curve); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); if (err != CRYPT_OK) { throw_new(env, "java/security/GeneralSecurityException", error_to_string(err)); @@ -381,9 +385,12 @@ JNIEXPORT jbyteArray JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeKey unsigned char result[curve->size]; unsigned long output_len = curve->size; - native_timing_start(); - int err = ecc_shared_secret(&priv, &pub, result, &output_len); - native_timing_stop(); + int err; + SIG_TRY(TIMEOUT) { + native_timing_start(); + err = ecc_shared_secret(&priv, &pub, result, &output_len); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); if (err != CRYPT_OK) { throw_new(env, "java/security/GeneralSecurityException", error_to_string(err)); @@ -425,9 +432,12 @@ JNIEXPORT jbyteArray JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeSig unsigned char result[curve->size*4]; unsigned long output_len = curve->size*4; - native_timing_start(); - int err = ecc_sign_hash((unsigned char *) data_data, data_size, result, &output_len, <c_prng, find_prng("yarrow"), &priv); - native_timing_stop(); + int err; + SIG_TRY(TIMEOUT) { + native_timing_start(); + err = ecc_sign_hash((unsigned char *) data_data, data_size, result, &output_len, <c_prng, find_prng("yarrow"), &priv); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); if (err != CRYPT_OK) { throw_new(env, "java/security/GeneralSecurityException", error_to_string(err)); @@ -467,9 +477,12 @@ JNIEXPORT jboolean JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeSigna jbyte *sig_data = (*env)->GetByteArrayElements(env, signature, NULL); int result; - native_timing_start(); - int err = ecc_verify_hash((unsigned char *) sig_data, sig_size, (unsigned char *) data_data, data_size, &result, &pub); - native_timing_stop(); + int err; + SIG_TRY(TIMEOUT) { + native_timing_start(); + err = ecc_verify_hash((unsigned char *) sig_data, sig_size, (unsigned char *) data_data, data_size, &result, &pub); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); if (err != CRYPT_OK) { throw_new(env, "java/security/GeneralSecurityException", error_to_string(err)); -- cgit v1.2.3-70-g09d2 From 568d704359aab7435c92e6a71713ed89564dcef8 Mon Sep 17 00:00:00 2001 From: J08nY Date: Tue, 7 May 2024 16:29:51 +0200 Subject: Add signal handling to OpenSSL. --- .../cz/crcs/ectester/standalone/libs/jni/openssl.c | 38 +++++++++++++++------- 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/openssl.c b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/openssl.c index 3fa560e..fc02e9d 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/openssl.c +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/openssl.c @@ -1,5 +1,6 @@ #include "c_utils.h" #include "c_timing.h" +#include "c_signals.h" #include "native.h" #include @@ -350,9 +351,12 @@ static jobject generate_from_curve(JNIEnv *env, const EC_GROUP *curve) { EC_KEY *key = EC_KEY_new(); EC_KEY_set_group(key, curve); - native_timing_start(); - int result = EC_KEY_generate_key(key); - native_timing_stop(); + int result; + SIG_TRY(TIMEOUT) { + native_timing_start(); + result = EC_KEY_generate_key(key); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); if (!result) { throw_new(env, "java/security/GeneralSecurityException", "Error generating key, EC_KEY_generate_key."); @@ -488,9 +492,12 @@ JNIEXPORT jbyteArray JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeKey jbyteArray result = (*env)->NewByteArray(env, secret_len); jbyte *result_data = (*env)->GetByteArrayElements(env, result, NULL); - native_timing_start(); - int err = ECDH_compute_key(result_data, secret_len, EC_KEY_get0_public_key(pub), priv, NULL); - native_timing_stop(); + int err; + SIG_TRY(TIMEOUT) { + native_timing_start(); + err = ECDH_compute_key(result_data, secret_len, EC_KEY_get0_public_key(pub), priv, NULL); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); if (err <= 0) { throw_new(env, "java/security/GeneralSecurityException", "Error computing ECDH, ECDH_compute_key."); @@ -524,9 +531,12 @@ JNIEXPORT jbyteArray JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeSig jbyte *data_data = (*env)->GetByteArrayElements(env, data, NULL); // TODO: Do more Signatures here, maybe use the EVP interface to get to the hashes easier and not hash manually? - native_timing_start(); - ECDSA_SIG *signature = ECDSA_do_sign((unsigned char *) data_data, data_size, priv); - native_timing_stop(); + ECDSA_SIG *signature; + SIG_TRY(TIMEOUT) { + native_timing_start(); + signature = ECDSA_do_sign((unsigned char *) data_data, data_size, priv); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); (*env)->ReleaseByteArrayElements(env, data, data_data, JNI_ABORT); if (!signature) { @@ -566,9 +576,13 @@ JNIEXPORT jboolean JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeSigna jsize data_size = (*env)->GetArrayLength(env, data); jbyte *data_data = (*env)->GetByteArrayElements(env, data, NULL); - native_timing_start(); - int result = ECDSA_do_verify((unsigned char *) data_data, data_size, sig_obj, pub); - native_timing_stop(); + int result; + SIG_TRY(TIMEOUT) { + native_timing_start(); + result = ECDSA_do_verify((unsigned char *) data_data, data_size, sig_obj, pub); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); + (*env)->ReleaseByteArrayElements(env, data, data_data, JNI_ABORT); if (result < 0) { -- cgit v1.2.3-70-g09d2 From bcd5077163d34e34d490f26875772fa62a4ee068 Mon Sep 17 00:00:00 2001 From: J08nY Date: Tue, 7 May 2024 16:31:54 +0200 Subject: Add signal handling to Nettle. --- .../cz/crcs/ectester/standalone/libs/jni/nettle.c | 36 ++++++++++++++-------- 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/nettle.c b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/nettle.c index dfc8389..48b8f26 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/nettle.c +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/nettle.c @@ -1,5 +1,6 @@ #include "c_utils.h" #include "c_timing.h" +#include "c_signals.h" #include "native.h" #include @@ -150,9 +151,12 @@ static jobject generate_from_curve(JNIEnv *env, const struct ecc_curve* curve, j ecc_point_init(&pub, curve); ecc_scalar_init(&priv, curve); - native_timing_start(); - ecdsa_generate_keypair(&pub, &priv, (void *) &yarrow, (nettle_random_func *) yarrow256_random); - native_timing_stop(); + + SIG_TRY(TIMEOUT) { + native_timing_start(); + ecdsa_generate_keypair(&pub, &priv, (void *) &yarrow, (nettle_random_func *) yarrow256_random); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); mpz_t private_value; mpz_init(private_value); @@ -311,9 +315,11 @@ JNIEXPORT jbyteArray JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeKey jbyteArray result = (*env)->NewByteArray(env, byte_size); jbyte *result_data = (*env)->GetByteArrayElements(env, result, NULL); - native_timing_start(); - ecc_point_mul(&resultPoint, &privScalar, &eccPubPoint); - native_timing_stop(); + SIG_TRY(TIMEOUT) { + native_timing_start(); + ecc_point_mul(&resultPoint, &privScalar, &eccPubPoint); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); mpz_t x; mpz_init(x); @@ -461,9 +467,11 @@ JNIEXPORT jbyteArray JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeSig struct dsa_signature signature; dsa_signature_init(&signature); - native_timing_start(); - ecdsa_sign(&privScalar, (void *) &yarrow, (nettle_random_func *) yarrow256_random, data_size, (unsigned char*)data_data, &signature); - native_timing_stop(); + SIG_TRY(TIMEOUT) { + native_timing_start(); + ecdsa_sign(&privScalar, (void *) &yarrow, (nettle_random_func *) yarrow256_random, data_size, (unsigned char*)data_data, &signature); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); (*env)->ReleaseByteArrayElements(env, data, data_data, JNI_ABORT); @@ -515,9 +523,13 @@ JNIEXPORT jboolean JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeSigna jsize data_size = (*env)->GetArrayLength(env, data); jbyte *data_data = (*env)->GetByteArrayElements(env, data, NULL); - native_timing_start(); - int result = ecdsa_verify(&eccPubPoint, data_size, (unsigned char*)data_data, &eccSignature); - native_timing_stop(); + int result; + SIG_TRY(TIMEOUT) { + native_timing_start(); + result = ecdsa_verify(&eccPubPoint, data_size, (unsigned char*)data_data, &eccSignature); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); + (*env)->ReleaseByteArrayElements(env, data, data_data, JNI_ABORT); ecc_point_clear(&eccPubPoint); -- cgit v1.2.3-70-g09d2 From aeaeef42697153a5b1cb9b0b5a64f9495af83157 Mon Sep 17 00:00:00 2001 From: J08nY Date: Tue, 7 May 2024 16:46:49 +0200 Subject: Fix OpenSSL build with signals. --- .../src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile index dca660f..2354194 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile @@ -84,7 +84,7 @@ cpp_utils.o: cpp_utils.cpp openssl: openssl_provider.so openssl_provider.so: openssl.o c_utils.o | lib_timing.so lib_signals.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs openssl) -l:lib_timing.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs openssl) -l:lib_timing.so -l:lib_signals.so openssl.o: openssl.c $(CC) $(shell pkg-config --cflags openssl) $(CFLAGS) -c $< -- cgit v1.2.3-70-g09d2 From 757621b3240482194f66146089dba960eeb5837c Mon Sep 17 00:00:00 2001 From: J08nY Date: Tue, 7 May 2024 17:10:24 +0200 Subject: Add signal handling to mbedTLS. --- .../cz/crcs/ectester/standalone/libs/jni/mbedtls.c | 34 ++++++++++++++-------- 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/mbedtls.c b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/mbedtls.c index ab556d8..7a552da 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/mbedtls.c +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/mbedtls.c @@ -1,5 +1,6 @@ #include "c_utils.h" #include "c_timing.h" +#include "c_signals.h" #include "native.h" #include @@ -315,9 +316,12 @@ static jobject generate_from_curve(JNIEnv *env, mbedtls_ecp_group *group) { } gen_counter++; - native_timing_start(); - int error = mbedtls_ecp_gen_keypair(group, &d, &Q, ctr_drbg_wrapper, &ctr_drbg); - native_timing_stop(); + int error; + SIG_TRY(TIMEOUT) { + native_timing_start(); + error = mbedtls_ecp_gen_keypair(group, &d, &Q, ctr_drbg_wrapper, &ctr_drbg); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); if (error) { throw_new(env, "java/security/GeneralSecurityException", err_to_string(error)); @@ -453,9 +457,11 @@ JNIEXPORT jbyteArray JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeKey mbedtls_mpi result; mbedtls_mpi_init(&result); - native_timing_start(); - error = mbedtls_ecdh_compute_shared(&curve, &result, &pub, &priv, ctr_drbg_wrapper, &ctr_drbg); - native_timing_stop(); + SIG_TRY(TIMEOUT) { + native_timing_start(); + error = mbedtls_ecdh_compute_shared(&curve, &result, &pub, &priv, ctr_drbg_wrapper, &ctr_drbg); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); if (error) { throw_new(env, "java/security/GeneralSecurityException", err_to_string(error)); @@ -504,9 +510,11 @@ JNIEXPORT jbyteArray JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeSig jsize data_size = (*env)->GetArrayLength(env, data); jbyte *data_data = (*env)->GetByteArrayElements(env, data, NULL); - native_timing_start(); - error = mbedtls_ecdsa_sign(&curve, &r, &s, &priv, (unsigned char *) data_data, data_size, ctr_drbg_wrapper, &ctr_drbg); - native_timing_stop(); + SIG_TRY(TIMEOUT) { + native_timing_start(); + error = mbedtls_ecdsa_sign(&curve, &r, &s, &priv, (unsigned char *) data_data, data_size, ctr_drbg_wrapper, &ctr_drbg); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); mbedtls_mpi_free(&priv); mbedtls_ecp_group_free(&curve); @@ -563,9 +571,11 @@ JNIEXPORT jboolean JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeSigna jsize data_size = (*env)->GetArrayLength(env, data); jbyte *data_data = (*env)->GetByteArrayElements(env, data, NULL); - native_timing_start(); - error = mbedtls_ecdsa_verify(&curve, (unsigned char *) data_data, data_size, &pub, &r, &s); - native_timing_stop(); + SIG_TRY(TIMEOUT) { + native_timing_start(); + error = mbedtls_ecdsa_verify(&curve, (unsigned char *) data_data, data_size, &pub, &r, &s); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); (*env)->ReleaseByteArrayElements(env, data, data_data, JNI_ABORT); if (error) { -- cgit v1.2.3-70-g09d2 From 8454c5781dd0b2ab92666c2f3d2a2bfff102de01 Mon Sep 17 00:00:00 2001 From: J08nY Date: Tue, 7 May 2024 17:12:04 +0200 Subject: Add signal handling to LibreSSL. --- .../crcs/ectester/standalone/libs/jni/libressl.c | 38 +++++++++++++++------- 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/libressl.c b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/libressl.c index 398ad1e..7d50836 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/libressl.c +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/libressl.c @@ -1,5 +1,6 @@ #include "c_utils.h" #include "c_timing.h" +#include "c_signals.h" #include "native.h" #include @@ -313,9 +314,12 @@ static jobject generate_from_curve(JNIEnv *env, const EC_GROUP *curve) { EC_KEY *key = EC_KEY_new(); EC_KEY_set_group(key, curve); - native_timing_start(); - int err = EC_KEY_generate_key(key); - native_timing_stop(); + int err; + SIG_TRY(TIMEOUT) { + native_timing_start(); + err = EC_KEY_generate_key(key); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); if (!err) { throw_new(env, "java/security/GeneralSecurityException", "Error generating key, EC_KEY_generate_key."); @@ -453,9 +457,12 @@ JNIEXPORT jbyteArray JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeKey jbyteArray result = (*env)->NewByteArray(env, secret_len); jbyte *result_data = (*env)->GetByteArrayElements(env, result, NULL); - native_timing_start(); - int err = ECDH_compute_key(result_data, secret_len, EC_KEY_get0_public_key(pub), priv, NULL); - native_timing_stop(); + int err; + SIG_TRY(TIMEOUT) { + native_timing_start(); + err = ECDH_compute_key(result_data, secret_len, EC_KEY_get0_public_key(pub), priv, NULL); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); if (err <= 0) { throw_new(env, "java/security/GeneralSecurityException", "Error computing ECDH, ECDH_compute_key."); @@ -489,9 +496,12 @@ JNIEXPORT jbyteArray JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeSig jbyte *data_data = (*env)->GetByteArrayElements(env, data, NULL); // TODO: Do more Signatures here, maybe use the EVP interface to get to the hashes easier and not hash manually? - native_timing_start(); - ECDSA_SIG *signature = ECDSA_do_sign((unsigned char *) data_data, data_size, priv); - native_timing_stop(); + ECDSA_SIG *signature; + SIG_TRY(TIMEOUT) { + native_timing_start(); + signature = ECDSA_do_sign((unsigned char *) data_data, data_size, priv); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); (*env)->ReleaseByteArrayElements(env, data, data_data, JNI_ABORT); if (!signature) { @@ -531,9 +541,13 @@ JNIEXPORT jboolean JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeSigna jsize data_size = (*env)->GetArrayLength(env, data); jbyte *data_data = (*env)->GetByteArrayElements(env, data, NULL); - native_timing_start(); - int result = ECDSA_do_verify((unsigned char *) data_data, data_size, sig_obj, pub); - native_timing_stop(); + int result; + SIG_TRY(TIMEOUT) { + native_timing_start(); + result = ECDSA_do_verify((unsigned char *) data_data, data_size, sig_obj, pub); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); + (*env)->ReleaseByteArrayElements(env, data, data_data, JNI_ABORT); if (result < 0) { -- cgit v1.2.3-70-g09d2 From e3dea615dbdf1170d304f638ab46f51115ce40be Mon Sep 17 00:00:00 2001 From: J08nY Date: Tue, 7 May 2024 17:14:55 +0200 Subject: Add signal handling to ipp-cp. --- .../cz/crcs/ectester/standalone/libs/jni/ippcp.c | 70 +++++++++++++--------- 1 file changed, 43 insertions(+), 27 deletions(-) diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/ippcp.c b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/ippcp.c index 2f876d2..fbf917e 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/ippcp.c +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/ippcp.c @@ -1,5 +1,6 @@ #include "c_timing.h" #include "c_utils.h" +#include "c_signals.h" #include #include @@ -379,9 +380,12 @@ static jobject generate_from_curve(JNIEnv *env, int keysize, IppsECCPState *curv int ord_bytes = (ord_bits + 7) / 8; IppsBigNumState *secret = new_bn(ord_bits); - native_timing_start(); - IppStatus err = ippsECCPGenKeyPair(secret, point, curve, prng_wrapper, prng_state); - native_timing_stop(); + IppStatus err; + SIG_TRY(TIMEOUT) { + native_timing_start(); + err = ippsECCPGenKeyPair(secret, point, curve, prng_wrapper, prng_state); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); if (err != ippStsNoErr) { throw_new(env, "java/security/GeneralSecurityException", ippcpGetStatusString(err)); @@ -559,9 +563,12 @@ JNIEXPORT jbyteArray JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeKey IppsBigNumState *share = new_bn(keysize); - native_timing_start(); - IppStatus err = ippsECCPSharedSecretDH(priv_bn, pub, share, curve); - native_timing_stop(); + IppStatus err; + SIG_TRY(TIMEOUT) { + native_timing_start(); + err = ippsECCPSharedSecretDH(priv_bn, pub, share, curve); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); free(priv_bn); free(pub); @@ -622,23 +629,29 @@ JNIEXPORT jbyteArray JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeSig jbyte r_buf[ord_bytes]; jbyte s_buf[ord_bytes]; - native_timing_start(); - IppStatus err = ippsECCPGenKeyPair(ephemeral_secret, ephemeral_point, curve, prng_wrapper, prng_state); - if (err != ippStsNoErr) { - throw_new(env, "java/security/GeneralSecurityException", ippcpGetStatusString(err)); - goto error; - } - err = ippsECCPSetKeyPair(ephemeral_secret, ephemeral_point, ippFalse, curve); - if (err != ippStsNoErr) { - throw_new(env, "java/security/GeneralSecurityException", ippcpGetStatusString(err)); - goto error; - } - err = ippsECCPSignDSA(data_bn, priv_bn, r, s, curve); - if (err != ippStsNoErr) { - throw_new(env, "java/security/GeneralSecurityException", ippcpGetStatusString(err)); - goto error; - } - native_timing_stop(); + IppStatus err; + SIG_TRY(TIMEOUT) { + native_timing_start(); + err = ippsECCPGenKeyPair(ephemeral_secret, ephemeral_point, curve, prng_wrapper, prng_state); + if (err != ippStsNoErr) { + SIG_DEINIT(); + throw_new(env, "java/security/GeneralSecurityException", ippcpGetStatusString(err)); + goto error; + } + err = ippsECCPSetKeyPair(ephemeral_secret, ephemeral_point, ippFalse, curve); + if (err != ippStsNoErr) { + SIG_DEINIT(); + throw_new(env, "java/security/GeneralSecurityException", ippcpGetStatusString(err)); + goto error; + } + err = ippsECCPSignDSA(data_bn, priv_bn, r, s, curve); + if (err != ippStsNoErr) { + SIG_DEINIT(); + throw_new(env, "java/security/GeneralSecurityException", ippcpGetStatusString(err)); + goto error; + } + native_timing_stop(); + } SIG_CATCH_HANDLE(env); bn_get(r, (uint8_t *) r_buf, ord_bytes); bn_get(s, (uint8_t *) s_buf, ord_bytes); @@ -713,10 +726,13 @@ JNIEXPORT jboolean JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeSigna IppECResult result; - native_timing_start(); - ippsECCPSetKeyPair(NULL, pub, ippTrue, curve); - IppStatus err = ippsECCPVerifyDSA(data_bn, r, s, &result, curve); - native_timing_stop(); + IppStatus err; + SIG_TRY(TIMEOUT) { + native_timing_start(); + ippsECCPSetKeyPair(NULL, pub, ippTrue, curve); + err = ippsECCPVerifyDSA(data_bn, r, s, &result, curve); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); free(curve); free(pub); -- cgit v1.2.3-70-g09d2 From ca1be45c3e39a3d667b0d5a7023958487c8d55a2 Mon Sep 17 00:00:00 2001 From: J08nY Date: Tue, 7 May 2024 17:16:25 +0200 Subject: Add signal handling to gcrypt. --- .../cz/crcs/ectester/standalone/libs/jni/gcrypt.c | 37 +++++++++++++++------- 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/gcrypt.c b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/gcrypt.c index 3ddaef4..705a873 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/gcrypt.c +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/gcrypt.c @@ -273,9 +273,12 @@ static jobject generate_from_sexp(JNIEnv *env, gcry_sexp_t gen_sexp) { jobject result = NULL; gcry_sexp_t key_sexp; - native_timing_start(); - gcry_error_t err = gcry_pk_genkey(&key_sexp, gen_sexp); - native_timing_stop(); + gcry_error_t err; + SIG_TRY(TIMEOUT) { + native_timing_start(); + err = gcry_pk_genkey(&key_sexp, gen_sexp); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); if (gcry_err_code(err) != GPG_ERR_NO_ERROR) { throw_new_var(env, "java/security/GeneralSecurityException", "Error generating key. Error: %ui", gcry_err_code(err)); @@ -461,9 +464,12 @@ JNIEXPORT jbyteArray JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeKey gcry_sexp_t res_sexp; // TODO: figure out why ecc_encrypt_raw takes signed representation.. Nobody uses that., everybody uses unsigned reduced mod p. - native_timing_start(); - gcry_error_t err = gcry_pk_encrypt(&res_sexp, enc_sexp, pub); - native_timing_stop(); + gcry_error_t err; + SIG_TRY(TIMEOUT) { + native_timing_start(); + err = gcry_pk_encrypt(&res_sexp, enc_sexp, pub); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); if (gcry_err_code(err) != GPG_ERR_NO_ERROR) { throw_new_var(env, "java/security/GeneralSecurityException", "Error performing ECDH. Error: %ui", gcry_err_code(err)); @@ -573,9 +579,13 @@ JNIEXPORT jbyteArray JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeSig get_sign_data_sexp(env, &data_sexp, this, data); gcry_sexp_t res_sexp; - native_timing_start(); - gcry_error_t err = gcry_pk_sign(&res_sexp, data_sexp, priv_sexp); - native_timing_stop(); + gcry_error_t err; + SIG_TRY(TIMEOUT) { + native_timing_start(); + err = gcry_pk_sign(&res_sexp, data_sexp, priv_sexp); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); + if (gcry_err_code(err) != GPG_ERR_NO_ERROR) { throw_new_var(env, "java/security/GeneralSecurityException", "Error performing ECDSA. Error: %ui", gcry_err_code(err)); goto release_init; @@ -628,9 +638,12 @@ JNIEXPORT jboolean JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeSigna gcry_sexp_t sig_sexp; gcry_sexp_build(&sig_sexp, NULL, "(sig-val (ecdsa (r %M) (s %M)))", r_mpi, s_mpi); - native_timing_start(); - gcry_error_t err = gcry_pk_verify(sig_sexp, data_sexp, pub_sexp); - native_timing_stop(); + gcry_error_t err; + SIG_TRY(TIMEOUT) { + native_timing_start(); + err = gcry_pk_verify(sig_sexp, data_sexp, pub_sexp); + native_timing_stop(); + } SIG_CATCH_HANDLE(env); if (gcry_err_code(err) != GPG_ERR_NO_ERROR) { if (gcry_err_code(err) != GPG_ERR_BAD_SIGNATURE) { -- cgit v1.2.3-70-g09d2 From 2b80f0abca83172e586ca192e16db00b3951226a Mon Sep 17 00:00:00 2001 From: J08nY Date: Tue, 7 May 2024 17:53:43 +0200 Subject: Attempt to enable signal handling for Cpp, fail. --- .../ectester/standalone/ECTesterStandalone.java | 6 +- .../cz/crcs/ectester/standalone/libs/jni/Makefile | 47 ++++---- .../crcs/ectester/standalone/libs/jni/c_signals.h | 50 ++------- .../ectester/standalone/libs/jni/cpp_signals.cpp | 122 +++++++++++++++++++++ .../ectester/standalone/libs/jni/cpp_signals.hpp | 59 ++++++++++ .../crcs/ectester/standalone/libs/jni/cryptopp.cpp | 7 +- 6 files changed, 228 insertions(+), 63 deletions(-) create mode 100644 standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cpp_signals.cpp create mode 100644 standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cpp_signals.hpp diff --git a/standalone/src/main/java/cz/crcs/ectester/standalone/ECTesterStandalone.java b/standalone/src/main/java/cz/crcs/ectester/standalone/ECTesterStandalone.java index 82c2362..6ef1be7 100644 --- a/standalone/src/main/java/cz/crcs/ectester/standalone/ECTesterStandalone.java +++ b/standalone/src/main/java/cz/crcs/ectester/standalone/ECTesterStandalone.java @@ -106,8 +106,10 @@ public class ECTesterStandalone { FileUtil.writeNewer(LIB_RESOURCE_DIR + "lib_timing.so", reqs.resolve("lib_timing.so")); System.load(reqs.resolve("lib_timing.so").toString()); - FileUtil.writeNewer(LIB_RESOURCE_DIR + "lib_signals.so", reqs.resolve("lib_signals.so")); - System.load(reqs.resolve("lib_signals.so").toString()); + FileUtil.writeNewer(LIB_RESOURCE_DIR + "lib_csignals.so", reqs.resolve("lib_csignals.so")); + System.load(reqs.resolve("lib_csignals.so").toString()); + FileUtil.writeNewer(LIB_RESOURCE_DIR + "lib_cppsignals.so", reqs.resolve("lib_cppsignals.so")); + System.load(reqs.resolve("lib_cppsignals.so").toString()); } List libObjects = new LinkedList<>(); diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile index 2354194..6282574 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/Makefile @@ -73,8 +73,11 @@ c_utils.o: c_utils.c lib_timing.so: c_timing.c $(CC) -o $@ -shared $(CFLAGS) -Wl,-soname,lib_timing.so $< -lib_signals.so: c_signals.c - $(CC) -o $@ -shared $(CFLAGS) -pthread -lpthread -Wl,-soname,lib_signals.so $< +lib_csignals.so: c_signals.c + $(CC) -o $@ -shared $(CFLAGS) -pthread -lpthread -Wl,-soname,lib_csignals.so $< + +lib_cppsignals.so: cpp_signals.cpp + $(CC) -o $@ -shared $(CFLAGS) -pthread -lpthread -Wl,-soname,lib_cppsignals.so $< cpp_utils.o: cpp_utils.cpp $(CXX) $(CXXFLAGS) -c $< @@ -83,8 +86,8 @@ cpp_utils.o: cpp_utils.cpp # OpenSSL shim openssl: openssl_provider.so -openssl_provider.so: openssl.o c_utils.o | lib_timing.so lib_signals.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs openssl) -l:lib_timing.so -l:lib_signals.so +openssl_provider.so: openssl.o c_utils.o | lib_timing.so lib_csignals.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs openssl) -l:lib_timing.so -l:lib_csignals.so openssl.o: openssl.c $(CC) $(shell pkg-config --cflags openssl) $(CFLAGS) -c $< @@ -96,8 +99,8 @@ boringssl: boringssl_provider.so lib_boringssl.so: cp $(PROJECT_ROOT_PATH)/ext/boringssl/build/crypto/libcrypto.so lib_boringssl.so -boringssl_provider.so: boringssl.o c_utils.o | lib_timing.so lib_signals.so lib_boringssl.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_boringssl.so -l:lib_timing.so -l:lib_signals.so +boringssl_provider.so: boringssl.o c_utils.o | lib_timing.so lib_csignals.so lib_boringssl.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_boringssl.so -l:lib_timing.so -l:lib_csignals.so boringssl.o: boringssl.c $(CC) -I$(PROJECT_ROOT_PATH)/ext/boringssl/include/ $(CFLAGS) -c $< @@ -106,8 +109,8 @@ boringssl.o: boringssl.c # libgcrypt shim gcrypt: gcrypt_provider.so -gcrypt_provider.so: gcrypt.o c_utils.o | lib_timing.so lib_signals.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. -pthread -lpthread $(shell libgcrypt-config --libs) -l:lib_timing.so -l:lib_signals.so +gcrypt_provider.so: gcrypt.o c_utils.o | lib_timing.so lib_csignals.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. -pthread -lpthread $(shell libgcrypt-config --libs) -l:lib_timing.so -l:lib_csignals.so gcrypt.o: gcrypt.c $(CC) $(shell libgcrypt-config --cflags) $(CFLAGS) -c $< @@ -116,8 +119,8 @@ gcrypt.o: gcrypt.c # Libtomcrypt shim tomcrypt: tomcrypt_provider.so -tomcrypt_provider.so: tomcrypt.o c_utils.o | lib_timing.so lib_signals.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. -ltommath $(shell pkg-config --libs libtomcrypt) -l:lib_timing.so -l:lib_signals.so +tomcrypt_provider.so: tomcrypt.o c_utils.o | lib_timing.so lib_csignals.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. -ltommath $(shell pkg-config --libs libtomcrypt) -l:lib_timing.so -l:lib_csignals.so tomcrypt.o: tomcrypt.c $(CC) -DLTM_DESC $(shell pkg-config --cflags libtomcrypt) $(CFLAGS) -c $< @@ -126,8 +129,8 @@ tomcrypt.o: tomcrypt.c # Botan-2 shim botan: botan_provider.so -botan_provider.so: botan.o cpp_utils.o | lib_timing.so lib_signals.so - $(CXX) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs botan-2) -l:lib_timing.so -l:lib_signals.so +botan_provider.so: botan.o cpp_utils.o | lib_timing.so lib_cppsignals.so + $(CXX) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs botan-2) -l:lib_timing.so -l:lib_cppsignals.so botan.o: botan.cpp $(CXX) $(shell pkg-config --cflags botan-2) $(CXXFLAGS) -c $< @@ -140,8 +143,8 @@ ifeq ($(shell pkg-config --exists $(CRYPTOPP_NAME); echo $$?),1) endif cryptopp: cryptopp_provider.so -cryptopp_provider.so: cryptopp.o cpp_utils.o | lib_timing.so lib_signals.so - $(CXX) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs $(CRYPTOPP_NAME)) -l:lib_timing.so -l:lib_signals.so +cryptopp_provider.so: cryptopp.o cpp_utils.o | lib_timing.so lib_cppsignals.so + $(CXX) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs $(CRYPTOPP_NAME)) -l:lib_timing.so -l:lib_cppsignals.so cryptopp.o: cryptopp.cpp $(CXX) $(shell pkg-config --cflags $(CRYPTOPP_NAME)) $(CXXFLAGS) -c $< @@ -153,8 +156,8 @@ mbedtls: mbedtls_provider.so lib_mbedtls.so: cp $(PROJECT_ROOT_PATH)/ext/mbedtls/build/library/libmbedcrypto.so lib_mbedtls.so -mbedtls_provider.so: mbedtls.o c_utils.o | lib_timing.so lib_signals.so lib_mbedtls.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_mbedtls.so -l:lib_timing.so -l:lib_signals.so +mbedtls_provider.so: mbedtls.o c_utils.o | lib_timing.so lib_csignals.so lib_mbedtls.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_mbedtls.so -l:lib_timing.so -l:lib_csignals.so mbedtls.o: mbedtls.c $(CC) -I$(PROJECT_ROOT_PATH)/ext/mbedtls/build/include/ $(CFLAGS) -c $< @@ -166,8 +169,8 @@ ippcp: ippcp_provider.so lib_ippcp.so: cp $(PROJECT_ROOT_PATH)/ext/ipp-crypto/build/.build/RELEASE/lib/libippcp.so lib_ippcp.so -ippcp_provider.so: ippcp.o c_utils.o | lib_timing.so lib_signals.so lib_ippcp.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_ippcp.so -l:lib_timing.so -l:lib_signals.so +ippcp_provider.so: ippcp.o c_utils.o | lib_timing.so lib_csignals.so lib_ippcp.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_ippcp.so -l:lib_timing.so -l:lib_csignals.so ippcp.o: ippcp.c $(CC) -I$(PROJECT_ROOT_PATH)/ext/ipp-crypto/build/.build/RELEASE/include/ $(CFLAGS) -c $< @@ -176,8 +179,8 @@ ippcp.o: ippcp.c # Nettle shim nettle: nettle_provider.so -nettle_provider.so: nettle.o c_utils.o | lib_timing.so lib_signals.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs nettle) -l:lib_timing.so -l:lib_signals.so $(shell pkg-config --libs hogweed) -lgmp +nettle_provider.so: nettle.o c_utils.o | lib_timing.so lib_csignals.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. $(shell pkg-config --libs nettle) -l:lib_timing.so -l:lib_csignals.so $(shell pkg-config --libs hogweed) -lgmp nettle.o: nettle.c $(CC) $(shell pkg-config --cflags nettle) $(shell pkg-config --libs hogweed) -lgmp $(CFLAGS) -c $< @@ -189,8 +192,8 @@ libressl: libressl_provider.so lib_libressl.so: cp $(PROJECT_ROOT_PATH)/ext/libressl/build/crypto/libcrypto.so lib_libressl.so -libressl_provider.so: libressl.o c_utils.o | lib_timing.so lib_signals.so lib_libressl.so - $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_libressl.so -l:lib_timing.so -l:lib_signals.so +libressl_provider.so: libressl.o c_utils.o | lib_timing.so lib_csignals.so lib_libressl.so + $(CC) $(LFLAGS) -o $@ -Wl,-rpath,'$$ORIGIN/lib' $^ -L. lib_libressl.so -l:lib_timing.so -l:lib_csignals.so libressl.o: libressl.c $(CC) -I$(PROJECT_ROOT_PATH)/ext/libressl/build/include/ $(CFLAGS) -c $< diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h index 466628a..3f3c473 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h @@ -4,11 +4,6 @@ #include #include -#ifdef __cplusplus -extern "C" -{ -#endif - #define TIMEOUT 5 /** @@ -41,39 +36,18 @@ jobject get_siginfo(JNIEnv *env); if (!sigsetjmp(*get_jmpbuf(), 1)) #define SIG_CATCH() deinit_signals(); #define SIG_DEINIT() deinit_signals(); -#ifdef __cplusplus -#define SIG_HANDLE(env) do { \ - jobject siginfo = get_siginfo(env); \ - if (siginfo != NULL) { \ - jclass sigexception_class = env->FindClass("cz/crcs/ectester/standalone/libs/jni/SignalException"); \ - jmethodID new_sigexception = env->GetMethodID(sigexception_class, "", "(Lcz/crcs/ectester/standalone/libs/jni/SigInfo;)V"); \ - jobject sigexception = env->NewObject(sigexception_class, new_sigexception, siginfo); \ - env->Throw((jthrowable) sigexception); \ - } \ - if (get_timedout()) { \ - jclass timeoutexception_class = env->FindClass("cz/crcs/ectester/standalone/libs/jni/TimeoutException"); \ - env->ThrowNew(timeoutexception_class, "Operation timed out."); \ - } \ -} while (0) -#else #define SIG_HANDLE(env) do { \ - jobject siginfo = get_siginfo(env); \ - if (siginfo != NULL) { \ - jclass sigexception_class = (*env)->FindClass(env, "cz/crcs/ectester/standalone/libs/jni/SignalException"); \ - jmethodID new_sigexception = (*env)->GetMethodID(env, sigexception_class, "", "(Lcz/crcs/ectester/standalone/libs/jni/SigInfo;)V"); \ - jobject sigexception = (*env)->NewObject(env, sigexception_class, new_sigexception, siginfo); \ - (*env)->Throw(env, sigexception); \ - } \ - if (get_timedout()) { \ - jclass timeoutexception_class = (*env)->FindClass(env, "cz/crcs/ectester/standalone/libs/jni/TimeoutException"); \ - (*env)->ThrowNew(env, timeoutexception_class, "Operation timed out."); \ - } \ -} while (0) -#endif + jobject siginfo = get_siginfo(env); \ + if (siginfo != NULL) { \ + jclass sigexception_class = (*env)->FindClass(env, "cz/crcs/ectester/standalone/libs/jni/SignalException"); \ + jmethodID new_sigexception = (*env)->GetMethodID(env, sigexception_class, "", "(Lcz/crcs/ectester/standalone/libs/jni/SigInfo;)V"); \ + jobject sigexception = (*env)->NewObject(env, sigexception_class, new_sigexception, siginfo); \ + (*env)->Throw(env, sigexception); \ + } \ + if (get_timedout()) { \ + jclass timeoutexception_class = (*env)->FindClass(env, "cz/crcs/ectester/standalone/libs/jni/TimeoutException"); \ + (*env)->ThrowNew(env, timeoutexception_class, "Operation timed out."); \ + } \ + } while (0) #define SIG_CATCH_HANDLE(env) SIG_CATCH(); \ SIG_HANDLE(env) - - -#ifdef __cplusplus -} -#endif diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cpp_signals.cpp b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cpp_signals.cpp new file mode 100644 index 0000000..75bc17c --- /dev/null +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cpp_signals.cpp @@ -0,0 +1,122 @@ +#include "cpp_utils.hpp" +#include "cpp_signals.hpp" + +#if __linux || __posix + +#include +#include +#include +#include +#include + +static siginfo_t last_siginfo; +static bool initialized = false; +static bool caught = false; +static bool timedout = false; +static sigjmp_buf buf; +static sigjmp_buf *target = NULL; + +struct timer_arg { + unsigned int timeout; + pthread_t main_thread; +}; +static struct timer_arg ta; +static pthread_t timer_thread; + +extern "C" +{ + +void handler(int signo, siginfo_t *info, void *context) { + //printf("Signal, %i\n", signo); + last_siginfo = *info; + caught = true; + siglongjmp(*target, 1); +} + +void alarm_handler(int signo) { + //printf("Alarm\n"); + timedout = true; + siglongjmp(*target, 1); +} + + +sigjmp_buf *get_jmpbuf() { + return &buf; +} + +static struct sigaction old_segv; +static struct sigaction old_abrt; +static struct sigaction old_alrm; + +void *timer(void *arg) { + sleep(ta.timeout); + pthread_kill(ta.main_thread, SIGALRM); + return NULL; +} + +void init_signals(sigjmp_buf *env, unsigned int timeout) { + //printf("Initializing signals!\n"); + struct sigaction action; + action.sa_sigaction = handler; + sigemptyset(&action.sa_mask); + action.sa_flags = SA_SIGINFO; + + sigaction(SIGSEGV, &action, &old_segv); + sigaction(SIGABRT, &action, &old_abrt); + + struct sigaction alarm_action; + alarm_action.sa_handler = alarm_handler; + sigemptyset(&alarm_action.sa_mask); + alarm_action.sa_flags = 0; + sigaction(SIGALRM, &alarm_action, &old_alrm); + + target = env; + initialized = true; + caught = false; + timedout = false; + + ta.timeout = timeout; + ta.main_thread = pthread_self(); + + pthread_create(&timer_thread, NULL, timer, (void *)&ta); +} + + +void deinit_signals() { + //printf("Deinitializing signals!\n"); + pthread_cancel(timer_thread); + + sigaction(SIGSEGV, &old_segv, NULL); + sigaction(SIGABRT, &old_abrt, NULL); + sigaction(SIGALRM, &old_alrm, NULL); + + target = NULL; + initialized = false; +} + +bool get_timedout() { + return timedout; +} + +jobject get_siginfo(JNIEnv *env) { + if (!caught) { + return NULL; + } + + jclass local_siginfo_class = env->FindClass("cz/crcs/ectester/standalone/libs/jni/SigInfo"); + jmethodID siginfo_init = env->GetMethodID(local_siginfo_class, "", "(IIIIIJIJJ)V"); + return env->NewObject(local_siginfo_class, siginfo_init, + (jint) last_siginfo.si_signo, + (jint) last_siginfo.si_code, + (jint) last_siginfo.si_errno, + (jint) last_siginfo.si_pid, + (jint) last_siginfo.si_uid, + (jlong) last_siginfo.si_addr, + (jint) last_siginfo.si_status, + (jlong) last_siginfo.si_band, + (jlong) 0); +} + +} + +#endif \ No newline at end of file diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cpp_signals.hpp b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cpp_signals.hpp new file mode 100644 index 0000000..b926656 --- /dev/null +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cpp_signals.hpp @@ -0,0 +1,59 @@ +#pragma once + +#include +#include +#include + +#define TIMEOUT 5 + +extern "C" +{ + +/** + * + */ +void init_signals(jmp_buf *env, unsigned int timeout); + +/** + * + */ +sigjmp_buf *get_jmpbuf(); + +/** + * + */ +void deinit_signals(); + +/** + * + */ +bool get_timedout(); + +/** + * + */ +jobject get_siginfo(JNIEnv *env); + + +#define SIG_TRY(timeout) init_signals(get_jmpbuf(), timeout); \ + if (!sigsetjmp(*get_jmpbuf(), 1)) +#define SIG_CATCH() deinit_signals(); +#define SIG_DEINIT() deinit_signals(); +#define SIG_HANDLE(env) do { \ + jobject siginfo = get_siginfo(env); \ + if (siginfo != NULL) { \ + jclass sigexception_class = env->FindClass("cz/crcs/ectester/standalone/libs/jni/SignalException"); \ + jmethodID new_sigexception = env->GetMethodID(sigexception_class, "", "(Lcz/crcs/ectester/standalone/libs/jni/SigInfo;)V"); \ + jobject sigexception = env->NewObject(sigexception_class, new_sigexception, siginfo); \ + env->Throw((jthrowable) sigexception); \ + } \ + if (get_timedout()) { \ + jclass timeoutexception_class = env->FindClass("cz/crcs/ectester/standalone/libs/jni/TimeoutException"); \ + env->ThrowNew(timeoutexception_class, "Operation timed out."); \ + } \ + } while (0) +#define SIG_CATCH_HANDLE(env) SIG_CATCH(); \ + SIG_HANDLE(env) + + +} \ No newline at end of file diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cryptopp.cpp b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cryptopp.cpp index 3590ef2..c4c74a6 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cryptopp.cpp +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cryptopp.cpp @@ -71,7 +71,12 @@ using CryptoPP::Integer; #include "cpp_utils.hpp" #include "c_timing.h" -#include "c_signals.h" +#include "cpp_signals.hpp" +#undef SIG_TRY +#undef SIG_CATCH_HANDLE +#undef SIG_CATCH +#undef SIG_HANDLE +#undef SIG_DEINIT #define SIG_TRY(x) #define SIG_CATCH_HANDLE(x) #define SIG_CATCH() -- cgit v1.2.3-70-g09d2 From 219fb8d3385604070dc2ee9cac5ee7c74bd34749 Mon Sep 17 00:00:00 2001 From: J08nY Date: Tue, 7 May 2024 18:02:22 +0200 Subject: Separatate C and Cpp signal handling. --- .../crcs/ectester/standalone/libs/jni/c_signals.c | 10 +++++----- .../crcs/ectester/standalone/libs/jni/c_signals.h | 22 +++++++++++----------- .../ectester/standalone/libs/jni/cpp_signals.cpp | 10 +++++----- .../ectester/standalone/libs/jni/cpp_signals.hpp | 22 +++++++++++----------- 4 files changed, 32 insertions(+), 32 deletions(-) diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.c b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.c index dd08bb8..b452787 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.c +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.c @@ -37,7 +37,7 @@ void alarm_handler(int signo) { } -sigjmp_buf *get_jmpbuf() { +sigjmp_buf *get_jmpbuf_c() { return &buf; } @@ -51,7 +51,7 @@ void *timer(void *arg) { return NULL; } -void init_signals(sigjmp_buf *env, unsigned int timeout) { +void init_signals_c(sigjmp_buf *env, unsigned int timeout) { //printf("Initializing signals!\n"); struct sigaction action; action.sa_sigaction = handler; @@ -79,7 +79,7 @@ void init_signals(sigjmp_buf *env, unsigned int timeout) { } -void deinit_signals() { +void deinit_signals_c() { //printf("Deinitializing signals!\n"); pthread_cancel(timer_thread); @@ -91,11 +91,11 @@ void deinit_signals() { initialized = false; } -bool get_timedout() { +bool get_timedout_c() { return timedout; } -jobject get_siginfo(JNIEnv *env) { +jobject get_siginfo_c(JNIEnv *env) { if (!caught) { return NULL; } diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h index 3f3c473..a82b572 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/c_signals.h @@ -9,42 +9,42 @@ /** * */ -void init_signals(jmp_buf *env, unsigned int timeout); +void init_signals_c(jmp_buf *env, unsigned int timeout); /** * */ -sigjmp_buf *get_jmpbuf(); +sigjmp_buf *get_jmpbuf_c(); /** * */ -void deinit_signals(); +void deinit_signals_c(); /** * */ -bool get_timedout(); +bool get_timedout_c(); /** * */ -jobject get_siginfo(JNIEnv *env); +jobject get_siginfo_c(JNIEnv *env); -#define SIG_TRY(timeout) init_signals(get_jmpbuf(), timeout); \ - if (!sigsetjmp(*get_jmpbuf(), 1)) -#define SIG_CATCH() deinit_signals(); -#define SIG_DEINIT() deinit_signals(); +#define SIG_TRY(timeout) init_signals_c(get_jmpbuf_c(), timeout); \ + if (!sigsetjmp(*get_jmpbuf_c(), 1)) +#define SIG_CATCH() deinit_signals_c(); +#define SIG_DEINIT() deinit_signals_c(); #define SIG_HANDLE(env) do { \ - jobject siginfo = get_siginfo(env); \ + jobject siginfo = get_siginfo_c(env); \ if (siginfo != NULL) { \ jclass sigexception_class = (*env)->FindClass(env, "cz/crcs/ectester/standalone/libs/jni/SignalException"); \ jmethodID new_sigexception = (*env)->GetMethodID(env, sigexception_class, "", "(Lcz/crcs/ectester/standalone/libs/jni/SigInfo;)V"); \ jobject sigexception = (*env)->NewObject(env, sigexception_class, new_sigexception, siginfo); \ (*env)->Throw(env, sigexception); \ } \ - if (get_timedout()) { \ + if (get_timedout_c()) { \ jclass timeoutexception_class = (*env)->FindClass(env, "cz/crcs/ectester/standalone/libs/jni/TimeoutException"); \ (*env)->ThrowNew(env, timeoutexception_class, "Operation timed out."); \ } \ diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cpp_signals.cpp b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cpp_signals.cpp index 75bc17c..999349a 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cpp_signals.cpp +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cpp_signals.cpp @@ -40,7 +40,7 @@ void alarm_handler(int signo) { } -sigjmp_buf *get_jmpbuf() { +sigjmp_buf *get_jmpbuf_cpp() { return &buf; } @@ -54,7 +54,7 @@ void *timer(void *arg) { return NULL; } -void init_signals(sigjmp_buf *env, unsigned int timeout) { +void init_signals_cpp(sigjmp_buf *env, unsigned int timeout) { //printf("Initializing signals!\n"); struct sigaction action; action.sa_sigaction = handler; @@ -82,7 +82,7 @@ void init_signals(sigjmp_buf *env, unsigned int timeout) { } -void deinit_signals() { +void deinit_signals_cpp() { //printf("Deinitializing signals!\n"); pthread_cancel(timer_thread); @@ -94,11 +94,11 @@ void deinit_signals() { initialized = false; } -bool get_timedout() { +bool get_timedout_cpp() { return timedout; } -jobject get_siginfo(JNIEnv *env) { +jobject get_siginfo_cpp(JNIEnv *env) { if (!caught) { return NULL; } diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cpp_signals.hpp b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cpp_signals.hpp index b926656..4dc222f 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cpp_signals.hpp +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/cpp_signals.hpp @@ -12,42 +12,42 @@ extern "C" /** * */ -void init_signals(jmp_buf *env, unsigned int timeout); +void init_signals_cpp(jmp_buf *env, unsigned int timeout); /** * */ -sigjmp_buf *get_jmpbuf(); +sigjmp_buf *get_jmpbuf_cpp(); /** * */ -void deinit_signals(); +void deinit_signals_cpp(); /** * */ -bool get_timedout(); +bool get_timedout_cpp(); /** * */ -jobject get_siginfo(JNIEnv *env); +jobject get_siginfo_cpp(JNIEnv *env); -#define SIG_TRY(timeout) init_signals(get_jmpbuf(), timeout); \ - if (!sigsetjmp(*get_jmpbuf(), 1)) -#define SIG_CATCH() deinit_signals(); -#define SIG_DEINIT() deinit_signals(); +#define SIG_TRY(timeout) init_signals_cpp(get_jmpbuf_cpp(), timeout); \ + if (!sigsetjmp(*get_jmpbuf_cpp(), 1)) +#define SIG_CATCH() deinit_signals_cpp(); +#define SIG_DEINIT() deinit_signals_cpp(); #define SIG_HANDLE(env) do { \ - jobject siginfo = get_siginfo(env); \ + jobject siginfo = get_siginfo_cpp(env); \ if (siginfo != NULL) { \ jclass sigexception_class = env->FindClass("cz/crcs/ectester/standalone/libs/jni/SignalException"); \ jmethodID new_sigexception = env->GetMethodID(sigexception_class, "", "(Lcz/crcs/ectester/standalone/libs/jni/SigInfo;)V"); \ jobject sigexception = env->NewObject(sigexception_class, new_sigexception, siginfo); \ env->Throw((jthrowable) sigexception); \ } \ - if (get_timedout()) { \ + if (get_timedout_cpp()) { \ jclass timeoutexception_class = env->FindClass("cz/crcs/ectester/standalone/libs/jni/TimeoutException"); \ env->ThrowNew(timeoutexception_class, "Operation timed out."); \ } \ -- cgit v1.2.3-70-g09d2