app/memcmp: IRQ counting timing attack example.

app/memcmp/.gitignore

@@ -0,0 +1,13 @@
+app
+measurements.txt
+measurements_raw.txt
+outlier_idx.txt
+plot.pdf
+xlabels.gp
+
+*.swp
+
+out.txt
+parsed_nop.txt
+parsed_zz.txt
+parsed_strlen.txt

app/memcmp/Enclave/.gitignore

@@ -0,0 +1,8 @@
+asm_nop.S
+encl
+*.pem
+*.a
+*.s
+*.so
+*_u.*
+*_t.*

app/memcmp/Enclave/Makefile

@@ -0,0 +1,108 @@
+CC		  = gcc
+AR		  = ar
+LD		  = gcc
+EDGER		  = sgx_edger8r
+SIGNER		  = sgx_sign
+INCLUDE       = -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc
+T_CFLAGS	  = $(CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector -g -Os
+U_CFLAGS	  = $(CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector -g
+AR_FLAGS	  = rcs
+OBJECTS		  = encl.o 
+LIB_SGX_TRTS      = -lsgx_trts
+LIB_SGX_TSERVICE  = -lsgx_tservice
+
+ifeq ($(M32), 1)
+	T_CFLAGS += -m32 -msse2 -DM32=1
+	U_CFLAGS += -m32 -msse2
+	LD_FLAGS  = -m32
+else
+	LIB_SUFX  = 64
+endif
+
+ENCLAVE_LIBS      = $(LIB_SGX_TRTS)
+ENCLAVE_LIB_PARTS = -lsgx_tstdc -lsgx_tcrypto $(LIB_SGX_TSERVICE)
+ENCLAVE	          = encl
+PRIVATE_KEY       = private_key.pem
+PUBLIC_KEY        = public_key.pem
+KEY_SIZE          = 3072
+ENCLAVE_EDL       = $(ENCLAVE).edl
+ENCLAVE_CONFIG    = $(ENCLAVE).config.xml
+OUTPUT_T          = $(ENCLAVE).so
+OUTPUT_T_UNSIG    = $(ENCLAVE).unsigned.so
+OUTPUT_U          = lib$(ENCLAVE)_proxy.a
+LIB_DIRS          = -L$(SGX_SDK)/lib$(LIB_SUFX)/
+LD_FLAGS         += -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles \
+                    -Wl,--whole-archive -Wl,--start-group $(ENCLAVE_LIBS) -Wl,--end-group \
+                    -Wl,--no-whole-archive -Wl,--start-group $(ENCLAVE_LIB_PARTS) -Wl,--end-group \
+                    -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
+                    -Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
+                    -Wl,--defsym,__ImageBase=0
+TRUSTED_OBJECTS   = $(ENCLAVE)_t.o
+UNTRUSTED_OBJECTS = $(ENCLAVE)_u.o 
+TRUSTED_CODE      = $(ENCLAVE)_t.h $(ENCLAVE)_t.c
+UNTRUSTED_CODE    = $(ENCLAVE)_u.h $(ENCLAVE)_u.c
+
+#.SILENT:
+all: $(OUTPUT_T) $(OUTPUT_U)
+
+$(OUTPUT_T) : $(TRUSTED_OBJECTS) $(OBJECTS) $(PRIVATE_KEY)
+	echo "$(INDENT)[LD]  " $(OBJECTS) $(TRUSTED_OBJECTS) $(ENCLAVE_LIBS) $(ENCLAVE_LIBS_PARTS) $(OUTPUT_T_UNSIG)
+	$(LD) $(OBJECTS) $(TRUSTED_OBJECTS) $(LD_FLAGS) $(LIB_DIRS) -o $(OUTPUT_T_UNSIG) 
+
+	echo "$(INDENT)[SGN]" $(OUTPUT_T_UNSIG)
+	$(SIGNER) sign -key $(PRIVATE_KEY) -enclave $(OUTPUT_T_UNSIG) -out $(OUTPUT_T) -config $(ENCLAVE_CONFIG) > /dev/null 2> /dev/null
+
+$(OUTPUT_U) : $(UNTRUSTED_OBJECTS) 
+	echo "$(INDENT)[AR]  " $(OUTPUT_U)
+	$(AR) $(AR_FLAGS) $(OUTPUT_U) $(UNTRUSTED_OBJECTS) 
+
+%_t.o : $(subst .o,.c,$@) edger
+	echo "$(INDENT)[CC] " $(subst .o,.c,$@) "(trusted edge)"
+	touch $(subst .o,.c,$@)
+	$(CC) -c $(INCLUDE) $(T_CFLAGS) $(subst .o,.c,$@)
+
+%_u.o : $(subst .o,.c,$@) edger
+	echo "$(INDENT)[CC] " $(subst .o,.c,$@) "(untrusted edge)"
+	touch $(subst .o,.c,$@)
+	$(CC) -c $(INCLUDE) $(U_CFLAGS) $(subst .o,.c,$@)
+
+%.o : %.c edger
+	echo "$(INDENT)[CC] " $< "(core)"
+	$(CC) $(INCLUDE) $(T_CFLAGS) -c $<
+
+%.o : %.S
+	echo "$(INDENT)[AS] " $< "(core)"
+	$(CC) $(INCLUDE) $(T_CFLAGS) -c $< -o $@
+
+edger: $(ENCLAVE).edl
+	echo "$(INDENT)[GEN]" $(EDGER) $(ENCLAVE_EDL)
+	$(EDGER) $(ENCLAVE_EDL)
+
+.PHONY: force_check
+force_check:
+	true
+
+.PHONY: scrub
+scrub: 
+	echo "$(INDENT)[RM]  " $(PRIVATE_KEY) $(PUBLIC_KEY)
+	$(RM) $(PRIVATE_KEY) $(PUBLIC_KEY)
+
+$(PRIVATE_KEY):
+	echo "$(INDENT)[GEN] $(PRIVATE_KEY) ($(KEY_SIZE) bits)"
+
+	# generate 3072 bit private RSA key
+	openssl genrsa -out $(PRIVATE_KEY) -3 $(KEY_SIZE)
+
+	echo "$(INDENT)[EXT] $(PUBLIC_KEY)"
+	# extract public key
+	openssl rsa -in $(PRIVATE_KEY) -pubout -out $(PUBLIC_KEY) 
+
+	# sign enclave
+	#sgx_sign sign -key private_key.pem -enclave Enclave/encl.so -out encl.signed.so
+
+.PHONY: clean
+clean:
+	echo "$(INDENT)[RM]" $(OBJECTS) $(OUTPUT_T_UNSIG) $(OUTPUT_T) $(OUTPUT_U)
+	$(RM) $(OBJECTS) $(OUTPUT_T_UNSIG) $(OUTPUT_T) $(OUTPUT_U)
+	echo "$(INDENT)[RM]" $(TRUSTED_OBJECTS) $(UNTRUSTED_OBJECTS) $(TRUSTED_CODE) $(UNTRUSTED_CODE)
+	$(RM) $(TRUSTED_OBJECTS) $(UNTRUSTED_OBJECTS) $(TRUSTED_CODE) $(UNTRUSTED_CODE)

app/memcmp/Enclave/encl.c

@@ -0,0 +1,48 @@
+#include <stdint.h>
+#include <string.h>
+
+char __attribute__((aligned(0x1000))) trigger_page[4096];
+
+char *secret = "SECRET";
+
+inline void __attribute__((always_inline)) mwrite(void *p)
+{
+    asm volatile("movb $0, (%0)\n" : : "r"(p) :);
+}
+
+int my_memcmp(char *a, int a_len, char *b, int b_len)
+{
+    int i;
+
+    /* first check overall len */
+    if (a_len != b_len)
+        return 0;
+
+    /* now check individual chars */
+    for (i=0; i < a_len; i++)
+    {
+        if (a[i] != b[i])
+            return 0;
+    }
+    return 1;
+}
+
+int memcmp_pwd(char *pwd)
+{
+    int pwd_len = strlen(pwd);
+    int secret_len = strlen(secret);
+    mwrite(trigger_page);
+    int rv = my_memcmp(pwd, pwd_len, secret, secret_len);
+    mwrite(trigger_page);
+    return rv;
+}
+
+void  *get_memcmp_adrs( void )
+{
+    return my_memcmp;
+}
+
+void  *get_trigger_adrs( void )
+{
+    return trigger_page;
+}

app/memcmp/Enclave/encl.config.xml

@@ -0,0 +1,10 @@
+<!-- Please refer to User's Guide for the explanation of each field -->
+<EnclaveConfiguration>
+  <ProdID>0</ProdID>
+  <ISVSVN>0</ISVSVN>
+  <StackMaxSize>0x40000</StackMaxSize>
+  <HeapMaxSize>0x100000</HeapMaxSize>
+  <TCSNum>1</TCSNum>
+  <TCSPolicy>1</TCSPolicy>
+  <DisableDebug>0</DisableDebug>
+</EnclaveConfiguration>

app/memcmp/Enclave/encl.edl

@@ -0,0 +1,11 @@
+enclave {
+
+	trusted {
+        public int memcmp_pwd([in,string] char *pwd);
+        public void  *get_memcmp_adrs( void );
+        public void  *get_trigger_adrs( void );
+	};
+
+	untrusted {
+	};
+};

app/memcmp/Makefile

@@ -0,0 +1,89 @@
+LIBSGXSTEP_DIR       = ../..
+LIBSGXSTEP           = $(LIBSGXSTEP_DIR)/libsgxstep
+-include $(LIBSGXSTEP)/Makefile.config
+
+ifeq ($(SGX_SDK),)
+    SGX_SDK          = /opt/intel/sgxsdk
+endif
+export SGX_SDK
+ifneq ($(SGX_SDK), /opt/intel/sgxsdk)
+    URTS_LD_LIBRARY_PATH = LD_LIBRARY_PATH=$(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux
+endif
+
+ENCLAVE              = Enclave
+SUBDIRS              = $(ENCLAVE) $(LIBSGXSTEP)
+
+CC                   = gcc
+AS                   = gcc
+LD                   = gcc
+
+ifeq ($(M32), 1)
+	ASFLAGS  = -m32 -DM32=$(M32)
+	CFLAGS   = -m32 -DM32=$(M32)
+	LDFLAGS  = -m32
+else
+	LIB_SUFX = 64
+endif
+
+CFLAGS              += -fPIC -fno-stack-protector -fno-builtin -fno-jump-tables \
+                       -fno-common -Wno-attributes -g -D_GNU_SOURCE -O0
+INCLUDE              = -I$(SGX_SDK)/include/ -I$(LIBSGXSTEP_DIR)
+LDFLAGS             += -lsgx-step -lencl_proxy -lsgx_urts \
+                       -lsgx_uae_service -pthread $(SUBDIRS:%=-L %) -L$(SGX_SDK)/lib$(LIB_SUFX)/ \
+                       -L$(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux
+
+SOURCES              = $(shell ls *.c)
+OBJECTS              = $(SOURCES:.c=.o)
+OUTPUT               = app
+
+BUILDDIRS            = $(SUBDIRS:%=build-%)
+CLEANDIRS            = $(SUBDIRS:%=clean-%)
+
+ATTACK = 1
+PARSE  = nop
+ifeq ($(STRLEN), 1)
+    ATTACK = 2
+    PARSE  = strlen
+endif
+ifeq ($(ZIGZAG), 1)
+    ATTACK = 3
+    PARSE  = zz
+endif
+
+ifeq ($(NUM),)
+    NUM             = 100
+endif
+export NUM
+
+CFLAGS              += -DATTACK_SCENARIO=$(ATTACK) -DNUM_RUNS=$(NUM)
+
+.SILENT:
+all: $(OUTPUT)
+
+run: clean all
+	sudo $(URTS_LD_LIBRARY_PATH) ./app > out.txt
+	cat out.txt
+
+$(OUTPUT): $(BUILDDIRS) $(OBJECTS)
+	echo "$(INDENT)[LD]" $(OBJECTS) $(LIBS) -o $(OUTPUT) 
+	$(LD) $(OBJECTS) $(LDFLAGS) -o $(OUTPUT) 
+
+%.o : %.c
+	echo "$(INDENT)[CC] " $<
+	$(CC) $(CFLAGS) $(INCLUDE) -c $<
+
+%.o : %.S
+	echo "$(INDENT)[AS] " $<
+	$(AS) $(ASFLAGS) $(INCLUDE) -c $< -o $@
+
+clean: $(CLEANDIRS)
+	echo "$(INDENT)[RM]" $(OBJECTS) $(OUTPUT)
+	rm -f $(OBJECTS) $(OUTPUT)
+
+$(BUILDDIRS):
+	echo "$(INDENT)[===] $(@:build-%=%) [===]"
+	$(MAKE) -C $(@:build-%=%) INDENT+="$(INDENT_STEP)" M32=$(M32) curr-dir=$(curr-dir)/$(@:build-%=%)
+
+$(CLEANDIRS):
+	echo "$(INDENT)[===] $(@:clean-%=%) [===]"
+	$(MAKE) clean -C $(@:clean-%=%) INDENT+="$(INDENT_STEP)" curr-dir=$(curr-dir)/$(@:build-%=%)

app/memcmp/jsh-colors.h

@@ -0,0 +1,56 @@
+/* This file is part of jsh.
+ * 
+ * jsh: A basic UNIX shell implementation in C
+ * Copyright (C) 2014 Jo Van Bulck <jo.vanbulck@student.kuleuven.be>
+ *
+ * jsh is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * jsh is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with jsh.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef JSH_COLORS_H_INCLUDED
+#define JSH_COLORS_H_INCLUDED
+
+// ANSI escape foreground color codes (see https://en.wikipedia.org/wiki/ANSI_escape_code)
+#define BLACK_FG            "\033[30m"
+#define RED_FG              "\033[31m"
+#define GREEN_FG            "\033[32m"
+#define YELLOW_FG           "\033[33m"
+#define BLUE_FG             "\033[34m"
+#define MAGENTA_FG          "\033[35m"
+#define CYAN_FG             "\033[36m"
+#define WHITE_FG            "\033[37m"
+#define RESET_FG            "\033[39m"
+
+// ANSI escape background color codes
+#define BLACK_BG            "\033[40m"
+#define RED_BG              "\033[41m"
+#define GREEN_BG            "\033[42m"
+#define YELLOW_BG           "\033[43m"
+#define BLUE_BG             "\033[44m"
+#define MAGENTA_BG          "\033[45m"
+#define CYAN_BG             "\033[46m"
+#define WHITE_BG            "\033[47m"
+#define RESET_BG            "\033[49m"
+
+// ANSI escape style color codes
+#define COLOR_RESET_ALL     "\033[0m"   // back to defaults
+#define COLOR_BOLD 	    "\033[1m"   // implemented as 'bright' on some terminals
+#define COLOR_RESET_BOLD    "\033[22m"
+
+// (the following are not widely supported)
+#define COLOR_DIM	    "\033[2m"
+#define COLOR_UNDERLINE     "\033[3m"
+#define COLOR_BLINK	    "\033[4m"
+#define COLOR_REVERSE       "\033[7m"
+
+#endif // JSH_COLORS_H_INCLUDED