diff --git a/aes-t-tables/src/lib.rs b/aes-t-tables/src/lib.rs index 0027108..1b0f062 100644 --- a/aes-t-tables/src/lib.rs +++ b/aes-t-tables/src/lib.rs @@ -68,10 +68,16 @@ pub trait SimpleCacheSideChannel { pub trait TableCacheSideChannel { //type ChannelFatalError: Debug; + /// # Safety + /// + /// addresses must contain only valid pointers to read. unsafe fn calibrate( &mut self, addresses: impl IntoIterator + Clone, ) -> Result<(), ChannelFatalError>; + /// # Safety + /// + /// addresses must contain only valid pointers to read. unsafe fn attack<'a, 'b>( &'a mut self, addresses: impl IntoIterator + Clone, @@ -81,10 +87,18 @@ pub trait TableCacheSideChannel { pub trait SingleAddrCacheSideChannel: Debug { //type SingleChannelFatalError: Debug; - + /// # Safety + /// + /// addr must be a valid pointer to read. unsafe fn test_single(&mut self, addr: *const u8) -> Result; + /// # Safety + /// + /// addr must be a valid pointer to read. unsafe fn prepare_single(&mut self, addr: *const u8) -> Result<(), SideChannelError>; fn victim_single(&mut self, operation: &dyn Fn()); + /// # Safety + /// + /// addresses must contain only valid pointers to read. unsafe fn calibrate_single( &mut self, addresses: impl IntoIterator + Clone, @@ -94,15 +108,26 @@ pub trait SingleAddrCacheSideChannel: Debug { pub trait MultipleAddrCacheSideChannel: Debug { //type MultipleChannelFatalError: Debug; + /// # Safety + /// + /// addresses must contain only valid pointers to read. unsafe fn test( &mut self, addresses: impl IntoIterator + Clone, ) -> Result, SideChannelError>; + + /// # Safety + /// + /// addresses must contain only valid pointers to read. unsafe fn prepare( &mut self, addresses: impl IntoIterator + Clone, ) -> Result<(), SideChannelError>; fn victim(&mut self, operation: &dyn Fn()); + + /// # Safety + /// + /// addresses must contain only valid pointers to read. unsafe fn calibrate( &mut self, addresses: impl IntoIterator + Clone, @@ -196,6 +221,9 @@ impl TableCacheSideChannel for T { } //type ChannelFatalError = T::MultipleChannelFatalError; + /// # Safety + /// + /// addresses must contain only valid pointers to read. unsafe fn attack<'a, 'b, 'c>( &'a mut self, addresses: impl IntoIterator + Clone, @@ -233,16 +261,12 @@ pub struct AESTTableParams<'a> { pub te: [isize; 4], } +/// # Safety +/// +/// te need to refer to the correct t tables offset in the openssl library at path. pub unsafe fn attack_t_tables_poc( side_channel: &mut impl TableCacheSideChannel, parameters: AESTTableParams, -) { - attack_t_tables_poc_impl(side_channel, parameters) -} - -fn attack_t_tables_poc_impl( - side_channel: &mut impl TableCacheSideChannel, - parameters: AESTTableParams, ) { // Note : This function doesn't handle the case where the address space is not shared. (Additionally you have the issue of complicated eviction sets due to complex addressing) // TODO diff --git a/aes-t-tables/src/main.rs b/aes-t-tables/src/main.rs index 82768f5..47ab117 100644 --- a/aes-t-tables/src/main.rs +++ b/aes-t-tables/src/main.rs @@ -86,7 +86,7 @@ fn get_vpn(p: *const T) -> usize { (p as usize) & (!(PAGE_LEN - 1)) // FIXME } -fn cum_sum(vector: &Vec) -> Vec { +fn cum_sum(vector: &[u32]) -> Vec { let len = vector.len(); let mut res = vec![0; len]; res[0] = vector[0]; @@ -160,7 +160,7 @@ impl MultipleAddrCacheSideChannel for FlushAndFlush { let mut pages = HashMap::>::new(); for addr in addresses { let page = get_vpn(addr); - pages.entry(page).or_insert(HashSet::new()).insert(addr); + pages.entry(page).or_insert_with(HashSet::new).insert(addr); } let core_per_socket = find_core_per_socket(); @@ -315,9 +315,9 @@ impl MultipleAddrCacheSideChannel for FlushAndFlush { // insert in per_core if per_core .entry(core) - .or_insert(HashMap::new()) + .or_insert_with(HashMap::new) .entry(page) - .or_insert(HashMap::new()) + .or_insert_with(HashMap::new) .insert( slice, ( @@ -360,7 +360,7 @@ impl MultipleAddrCacheSideChannel for FlushAndFlush { println!("Best core: {}, rate: {}", best_core, best_error_rate); let tmp = per_core.remove(&best_core).unwrap(); for (page, per_page) in tmp { - let page_entry = thresholds.entry(page).or_insert(HashMap::new()); + let page_entry = thresholds.entry(page).or_insert_with(HashMap::new); for (slice, per_slice) in per_page { println!( "page: {:x}, slice: {}, threshold: {:?}, error_rate: {}", diff --git a/aes-t-tables/src/naive_flush_and_reload.rs b/aes-t-tables/src/naive_flush_and_reload.rs index 33cc2ba..2ad891f 100644 --- a/aes-t-tables/src/naive_flush_and_reload.rs +++ b/aes-t-tables/src/naive_flush_and_reload.rs @@ -18,6 +18,9 @@ impl NaiveFlushAndReload { } impl SingleAddrCacheSideChannel for NaiveFlushAndReload { + /// # Safety + /// + /// addr needs to be a valid pointer unsafe fn test_single(&mut self, addr: *const u8) -> Result { if self.current != Some(addr) { return Err(SideChannelError::AddressNotReady(addr)); @@ -30,6 +33,9 @@ impl SingleAddrCacheSideChannel for NaiveFlushAndReload { } } + /// # Safety: + /// + /// addr needs to be a valid pointer unsafe fn prepare_single(&mut self, addr: *const u8) -> Result<(), SideChannelError> { unsafe { flush(addr) }; self.current = Some(addr); @@ -40,6 +46,9 @@ impl SingleAddrCacheSideChannel for NaiveFlushAndReload { operation() } + /// # Safety + /// + /// addr needs to be a valid pointer unsafe fn calibrate_single( &mut self, _addresses: impl IntoIterator, diff --git a/cache_utils/src/complex_addressing.rs b/cache_utils/src/complex_addressing.rs index a7a20fe..6c00a9c 100644 --- a/cache_utils/src/complex_addressing.rs +++ b/cache_utils/src/complex_addressing.rs @@ -184,11 +184,9 @@ impl CacheSlicing { } if found_pivot { for j in 0..matrix.len() { - if j != i { - if bit & matrix[j].0 != 0 { - matrix[j].0 ^= matrix[i].0; - matrix[j].1 ^= matrix[i].1; - } + if j != i && bit & matrix[j].0 != 0 { + matrix[j].0 ^= matrix[i].0; + matrix[j].1 ^= matrix[i].1; } } i += 1; diff --git a/cache_utils/src/frequency.rs b/cache_utils/src/frequency.rs index 26c3586..f9168d2 100644 --- a/cache_utils/src/frequency.rs +++ b/cache_utils/src/frequency.rs @@ -24,10 +24,10 @@ extern "C" { #[cfg(all(target_os = "linux", feature = "use_std"))] pub fn get_freq_cpufreq_kernel() -> Result { // TODO Add memorization - return match unsafe { sched_getcpu() }.try_into() { + match unsafe { sched_getcpu() }.try_into() { Ok(cpu) => Ok(unsafe { cpufreq_get_freq_kernel(cpu) }), Err(e) => Err(Unimplemented), - }; + } } #[cfg(not(all(target_os = "linux", feature = "use_std")))] @@ -36,7 +36,6 @@ pub fn get_freq_cpufreq_kernel() -> Result { Err(UnsupportedPlatform) } - pub fn get_frequency() -> Result { if cfg!(target_os = "linux") && cfg!(feature = "use_std") { return get_freq_cpufreq_kernel(); @@ -71,5 +70,5 @@ pub fn get_frequency_change_period(period: u64) -> Result { } } } - return Ok(t / period); + Ok(t / period) }