app/lvi: Elementary LVI-SB/L1D pocs.

randoruf · Mar 10, 2020 · 1942643 · 1942643
1 parent 4bd2b47
commit 1942643
Show file tree

Hide file tree

Showing 10 changed files with 1,132 additions and 0 deletions.
diff --git a/app/lvi/.gitignore b/app/lvi/.gitignore
@@ -0,0 +1,14 @@
+app
+measurements.txt
+measurements_raw.txt
+outlier_idx.txt
+plot.pdf
+xlabels.gp
+
+*.swp
+*.o
+
+out.txt
+parsed.txt
+parsed_zz.txt
+parsed_strlen.txt
diff --git a/app/lvi/Enclave/.gitignore b/app/lvi/Enclave/.gitignore
@@ -0,0 +1,20 @@
+	enclave/Enclave/asm.s
+	enclave/Enclave/build_asm.py
+	enclave/Enclave/encl.so
+	enclave/Enclave/encl.unsigned.so
+	enclave/Enclave/encl_t.c
+	enclave/Enclave/encl_t.h
+	enclave/Enclave/encl_u.c
+	enclave/Enclave/encl_u.h
+	enclave/Enclave/libencl_proxy.a
+	enclave/Enclave/private_key.pem
+	enclave/Enclave/public_key.pem
+
+
+encl
+*.pem
+*.a
+*.s
+*.so
+*_u.*
+*_t.*
diff --git a/app/lvi/Enclave/Makefile b/app/lvi/Enclave/Makefile
@@ -0,0 +1,111 @@
+CC		  = gcc
+AR		  = ar
+LD		  = gcc
+EDGER		  = sgx_edger8r
+SIGNER		  = sgx_sign
+INCLUDE       = -I$(SGX_SDK)/include/ -I$(SGX_SDK)/include/tlibc
+T_CFLAGS	  = $(CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector -g -Os 
+U_CFLAGS	  = $(CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector -g
+AR_FLAGS	  = rcs
+OBJECTS		  = encl.o 
+LIB_SGX_TRTS      = -lsgx_trts
+LIB_SGX_TSERVICE  = -lsgx_tservice
+
+ifeq ($(M32), 1)
+	T_CFLAGS += -m32 -msse2 -DM32=1
+	U_CFLAGS += -m32 -msse2
+	LD_FLAGS  = -m32
+else
+	LIB_SUFX  = 64
+endif
+
+ENCLAVE_LIBS      = $(LIB_SGX_TRTS)
+ENCLAVE_LIB_PARTS = -lsgx_tstdc -lsgx_tcrypto $(LIB_SGX_TSERVICE)
+ENCLAVE	          = encl
+PRIVATE_KEY       = private_key.pem
+PUBLIC_KEY        = public_key.pem
+KEY_SIZE          = 3072
+ENCLAVE_EDL       = $(ENCLAVE).edl
+ENCLAVE_CONFIG    = $(ENCLAVE).config.xml
+OUTPUT_T          = $(ENCLAVE).so
+OUTPUT_T_UNSIG    = $(ENCLAVE).unsigned.so
+OUTPUT_U          = lib$(ENCLAVE)_proxy.a
+LIB_DIRS          = -L $(SGX_SDK)/lib$(LIB_SUFX)/
+LD_FLAGS         += -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles \
+                    -Wl,--whole-archive -Wl,--start-group $(ENCLAVE_LIBS) -Wl,--end-group \
+                    -Wl,--no-whole-archive -Wl,--start-group $(ENCLAVE_LIB_PARTS) -Wl,--end-group \
+                    -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
+                    -Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
+                    -Wl,--defsym,__ImageBase=0 
+TRUSTED_OBJECTS   = $(ENCLAVE)_t.o
+UNTRUSTED_OBJECTS = $(ENCLAVE)_u.o 
+TRUSTED_CODE      = $(ENCLAVE)_t.h $(ENCLAVE)_t.c
+UNTRUSTED_CODE    = $(ENCLAVE)_u.h $(ENCLAVE)_u.c
+
+#.SILENT:
+all: $(OUTPUT_T) $(OUTPUT_U)
+
+$(OUTPUT_T) : $(TRUSTED_OBJECTS) $(OBJECTS) $(PRIVATE_KEY)
+	echo "$(INDENT)[LD]  " $(OBJECTS) $(TRUSTED_OBJECTS) $(ENCLAVE_LIBS) $(ENCLAVE_LIBS_PARTS) $(OUTPUT_T_UNSIG)
+	$(LD) $(OBJECTS) $(TRUSTED_OBJECTS) $(LD_FLAGS) $(LIB_DIRS) -o $(OUTPUT_T_UNSIG) 
+
+	echo "$(INDENT)[SGN]" $(OUTPUT_T_UNSIG)
+	$(SIGNER) sign -key $(PRIVATE_KEY) -enclave $(OUTPUT_T_UNSIG) -out $(OUTPUT_T) -config $(ENCLAVE_CONFIG) > /dev/null 2> /dev/null
+
+$(OUTPUT_U) : $(UNTRUSTED_OBJECTS) 
+	echo "$(INDENT)[AR]  " $(OUTPUT_U)
+	$(AR) $(AR_FLAGS) $(OUTPUT_U) $(UNTRUSTED_OBJECTS) 
+
+%_t.o : $(subst .o,.c,$@) edger
+	echo "$(INDENT)[CC] " $(subst .o,.c,$@) "(trusted edge)"
+	touch $(subst .o,.c,$@)
+	$(CC) -c $(INCLUDE) $(T_CFLAGS) $(subst .o,.c,$@)
+
+%_u.o : $(subst .o,.c,$@) edger
+	echo "$(INDENT)[CC] " $(subst .o,.c,$@) "(untrusted edge)"
+	touch $(subst .o,.c,$@)
+	$(CC) -c $(INCLUDE) $(U_CFLAGS) $(subst .o,.c,$@)
+
+%.o : %.c edger
+	echo "$(INDENT)[CC] " $< "(core)"
+	$(CC) $(INCLUDE) $(T_CFLAGS) -c $<
+
+%.o : %.S
+	echo "$(INDENT)[AS] " $< "(core)"
+	$(CC) $(INCLUDE) $(T_CFLAGS) -c $< -o $@
+
+asm.s: build_asm.py
+	./build_asm.py
+
+edger: $(ENCLAVE).edl
+	echo "$(INDENT)[GEN]" $(EDGER) $(ENCLAVE_EDL)
+	$(EDGER) $(ENCLAVE_EDL)
+
+.PHONY: force_check
+force_check:
+	true
+
+.PHONY: scrub
+scrub: 
+	echo "$(INDENT)[RM]  " $(PRIVATE_KEY) $(PUBLIC_KEY)
+	$(RM) $(PRIVATE_KEY) $(PUBLIC_KEY)
+
+$(PRIVATE_KEY): 
+	echo "$(INDENT)[GEN] $(PRIVATE_KEY) ($(KEY_SIZE) bits)"
+
+	# generate 3072 bit private RSA key
+	openssl genrsa -out $(PRIVATE_KEY) -3 $(KEY_SIZE)
+
+	echo "$(INDENT)[EXT] $(PUBLIC_KEY)"
+	# extract public key
+	openssl rsa -in $(PRIVATE_KEY) -pubout -out $(PUBLIC_KEY) 
+
+	# sign enclave
+	#sgx_sign sign -key private_key.pem -enclave Enclave/encl.so -out encl.signed.so
+
+.PHONY: clean
+clean:
+	echo "$(INDENT)[RM]" $(OBJECTS) $(OUTPUT_T_UNSIG) $(OUTPUT_T) $(OUTPUT_U)
+	$(RM) $(OBJECTS) $(OUTPUT_T_UNSIG) $(OUTPUT_T) $(OUTPUT_U)
+	echo "$(INDENT)[RM]" $(TRUSTED_OBJECTS) $(UNTRUSTED_OBJECTS) $(TRUSTED_CODE) $(UNTRUSTED_CODE)
+	$(RM) $(TRUSTED_OBJECTS) $(UNTRUSTED_OBJECTS) $(TRUSTED_CODE) $(UNTRUSTED_CODE)
diff --git a/app/lvi/Enclave/encl.c b/app/lvi/Enclave/encl.c
@@ -0,0 +1,106 @@
+/*
+ *  This file is part of the SGX-Step enclave execution control framework.
+ *
+ *  SGX-Step is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  SGX-Step is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with SGX-Step. If not, see <http://www.gnu.org/licenses/>.
+ */
+#include <sgx_trts.h>
+#include <stdint.h>
+#include <string.h>
+
+#define OFFSET                  20
+#define FILL_STORE_BUFFER       1
+
+#if FILL_STORE_BUFFER
+    char __attribute__((aligned(0x1000))) dummy_buf[4096 * 64];
+    inline void __attribute__((always_inline)) fill_store_buffer(int offset)
+    {
+        for(int i = 0; i < 64; i++)
+        {
+            dummy_buf[((offset + 67) % 4096) + i * 4096] = 0x1;
+        }
+    }
+#else
+    #define fill_store_buffer(offset)
+#endif
+
+inline void __attribute__((always_inline)) maccess(void *p)
+{
+    asm volatile("movb (%0), %%cl\n" : : "c"(p) :);
+}
+
+inline void __attribute__((always_inline)) flush(void *p)
+{
+    asm volatile("clflush 0(%0)\n" : : "r"(p) : );
+}
+
+char __attribute__((aligned(0x1000))) dummy[4096*256];
+
+void transient_delay(void)
+{
+    /* delay to provide sufficient transient execution window */
+    flush(dummy);
+    maccess(dummy);
+}
+
+char __attribute__((aligned(0x1000))) page_a[4096] = {'A'};
+char __attribute__((aligned(0x1000))) page_b[4096] = {'B'};
+#define pt_a (page_a + OFFSET)
+#define pt_b (page_b + OFFSET)
+
+void *ecall_get_page_a(void)
+{
+    memset(page_a, 'A', 4096);
+    return (void*) page_a;
+}
+
+void *ecall_get_page_b(void)
+{
+    memset(page_b, 'B', 4096);
+    return (void*) page_b;
+}
+
+void ecall_lvi_store_user(uint64_t *user_pt, char *oracle)
+{
+    if (sgx_is_outside_enclave(oracle, 4096*256) &&
+        sgx_is_outside_enclave(user_pt, sizeof(uint64_t)))
+    {
+        /* 0. Fence to protect against Spectre v1 */
+        __builtin_ia32_lfence();
+        transient_delay();
+        fill_store_buffer(OFFSET);
+
+        /* 1. STORE to attacker-controlled _untrusted_ address */
+        *user_pt = (uint64_t) 'S';
+
+        /* 2. VICTIM LOAD: inject 'S' and override trusted value 'B' */
+        volatile char valb = *pt_b;
+
+        /* 3. VICTIM ENCODE: e.g., cache-based covert channel gadget */
+        volatile char leak = oracle[4096*valb];
+    }
+}
+
+void ecall_lvi_remap_l1d(char *oracle)
+{
+    /* VICTIM PREFETCH: load 'A' at valid enclave physical address into L1 */
+    volatile char vala = *pt_a;
+    /* ensure 'A' is cached and load/store buffers are drained */
+    asm("mfence");
+    transient_delay();
+
+    /* VICTIM LOAD: inject 'A' from remapped physical address for trusted load to 'B'*/
+    volatile char valb = *pt_b;
+    /* VICTIM ENCODE: e.g., cache-based covert channel gadget */
+    volatile char leak = oracle[4096*valb];
+}
diff --git a/app/lvi/Enclave/encl.config.xml b/app/lvi/Enclave/encl.config.xml
@@ -0,0 +1,10 @@
+<!-- Please refer to User's Guide for the explanation of each field -->
+<EnclaveConfiguration>
+  <ProdID>0</ProdID>
+  <ISVSVN>0</ISVSVN>
+  <StackMaxSize>0x40000</StackMaxSize>
+  <HeapMaxSize>0x100000</HeapMaxSize>
+  <TCSNum>1</TCSNum>
+  <TCSPolicy>1</TCSPolicy>
+  <DisableDebug>0</DisableDebug>
+</EnclaveConfiguration>
diff --git a/app/lvi/Enclave/encl.edl b/app/lvi/Enclave/encl.edl
@@ -0,0 +1,13 @@
+enclave {
+
+	trusted {
+        public void *ecall_get_page_a(void);
+        public void *ecall_get_page_b(void);
+
+        public void ecall_lvi_store_user([user_check] uint64_t *user_pt, [user_check] char *oracle);
+        public void ecall_lvi_remap_l1d([user_check] char *oracle);
+    };
+
+	untrusted {
+	};
+};
diff --git a/app/lvi/Makefile b/app/lvi/Makefile
@@ -0,0 +1,70 @@
+LIBSGXSTEP_DIR       = ../..
+LIBSGXSTEP           = $(LIBSGXSTEP_DIR)/libsgxstep
+URTS_LIB_PATH        = $(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux
+
+ifeq ($(SGX_SDK),)
+    SGX_SDK          = /opt/intel/sgxsdk
+endif
+export SGX_SDK
+ifneq ($(SGX_SDK), /opt/intel/sgxsdk)
+    URTS_LD_LIBRARY_PATH = LD_LIBRARY_PATH=$(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux
+endif
+
+ENCLAVE              = Enclave
+SUBDIRS              = $(ENCLAVE) $(LIBSGXSTEP)
+
+CC                   = gcc
+AS                   = gcc
+LD                   = gcc
+
+ifeq ($(M32), 1)
+	CFLAGS   = -m32 -DM32=$(M32)
+	LDFLAGS  = -m32
+else
+	LIB_SUFX = 64
+endif
+
+CFLAGS              += -fpic -fno-stack-protector -fno-builtin -fno-jump-tables \
+                       -fno-common -Wno-attributes -g -D_GNU_SOURCE -O0
+INCLUDE              = -I$(SGX_SDK)/include/ -I$(LIBSGXSTEP_DIR) 
+LDFLAGS             += -lsgx-step -lencl_proxy -lsgx_urts \
+                       -lsgx_uae_service -pthread $(SUBDIRS:%=-L %) -L$(SGX_SDK)/lib$(LIB_SUFX)/ \
+                       -L$(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux
+
+SOURCES              = $(shell ls *.c) $(ENCLAVE)/encl_u.c
+OBJECTS              = $(SOURCES:.c=.o) 
+OUTPUT               = app
+
+BUILDDIRS            = $(SUBDIRS:%=build-%)
+CLEANDIRS            = $(SUBDIRS:%=clean-%)
+
+
+.SILENT:
+all: $(OUTPUT)
+
+run: clean all
+	sudo $(URTS_LD_LIBRARY_PATH) ./app
+
+$(OUTPUT): $(BUILDDIRS) $(OBJECTS)
+	echo "$(INDENT)[LD]" $(OBJECTS) $(LIBS) -o $(OUTPUT) 
+	$(LD) $(OBJECTS) $(LDFLAGS) -o $(OUTPUT) 
+
+%.o : %.c
+	echo "$(INDENT)[CC] " $<
+	$(CC) $(CFLAGS) $(INCLUDE) -c $<
+
+%.o : %.S
+	echo "$(INDENT)[AS] " $<
+	$(AS) $(INCLUDE) -c $< -o $@
+
+clean: $(CLEANDIRS)
+	echo "$(INDENT)[RM]" $(OBJECTS) $(OUTPUT)
+	rm -f $(OBJECTS) $(OUTPUT)
+
+$(BUILDDIRS):
+	echo "$(INDENT)[===] $(@:build-%=%) [===]"
+	$(MAKE) -C $(@:build-%=%) INDENT+="$(INDENT_STEP)" M32=$(M32) curr-dir=$(curr-dir)/$(@:build-%=%)
+
+$(CLEANDIRS):
+	echo "$(INDENT)[===] $(@:clean-%=%) [===]"
+	$(MAKE) clean -C $(@:clean-%=%) INDENT+="$(INDENT_STEP)" curr-dir=$(curr-dir)/$(@:build-%=%)