src: controllable entropy of inputs

2021-02-11 16:09:32 +01:00 · 2021-02-11 16:09:32 +01:00 · 8f856bb02a
--- a/src/config.py
+++ b/src/config.py
@ -60,6 +60,7 @@ class ConfCls:
    # Input Generator
    prng_seed: int = 10  # zero is a reserved value, do not use it
    avoid_data_dependencies: bool = True
+    input_mask: int = 0xffffffff
    # ==============================================================================================
    # Model
    model: str = 'x86-unicorn'  # options: 'x86-serializing', 'x86-unicorn'
--- a/src/custom_conf.yaml
+++ b/src/custom_conf.yaml
@ -11,8 +11,14 @@ supported_categories:
  - LOGICAL
  - POP
  - PUSH
-attacker_capability: l1d # ct, l1d
+attacker_capability: l1d
 contracts:
-  - seq
+#  - seq
 #  - cond
-#  - bpas
+  - bpas
+# max_nesting: 2
+# attack_variant: P+P
+enable_ssbp_patch: false
+enable_mds: false
+input_mask: 255
+#verbose: 999
--- a/src/executor.py
+++ b/src/executor.py
@ -41,6 +41,7 @@ class X86Intel(Executor):
            write_to_pseudo_file("F", "/sys/x86-executor/measurement_mode")
        elif CONF.attack_variant == 'P+P':
            write_to_pseudo_file("P", "/sys/x86-executor/measurement_mode")
+        write_to_pseudo_file(CONF.input_mask, '/sys/x86-executor/input_mask')

    def load_test_case(self, test_case_asm: str):
        assemble(test_case_asm, 'generated.o')
--- a/src/model.py
+++ b/src/model.py
@ -215,12 +215,14 @@ class X86UnicornModel(Model):
        random_value = seed
        random_value = ((random_value * 2891336453) % POW32 + 12345) % POW32
        for i in range(0, 4096, 64):
-            self.emulator.mem_write(self.r14_init + i, random_value.to_bytes(8, byteorder='little'))
+            masked_rvalue = random_value & CONF.input_mask
+            self.emulator.mem_write(self.r14_init + i, masked_rvalue.to_bytes(8, byteorder='little'))

        # Values in registers
        for reg in [UC_X86_REG_RAX, UC_X86_REG_RBX, UC_X86_REG_RCX, UC_X86_REG_RDX]:
            random_value = ((random_value * 2891336453) % POW32 + 12345) % POW32
-            self.emulator.reg_write(reg, random_value)
+            masked_rvalue = random_value & CONF.input_mask
+            self.emulator.reg_write(reg, masked_rvalue)

        # FLAGS
        random_value = ((random_value * 2891336453) % POW32 + 12345) % POW32
--- a/src/tests/evict_second_line.asm
+++ b/src/tests/evict_second_line.asm
@ -1,10 +1,9 @@
 .intel_syntax noprefix
 MFENCE
-MOV rbx, r14
-MOV rax, [rbx + 128]
-MOV rax, [rbx + 128]
-MOV rax, [rbx + 128]
-MOV rax, [rbx + 128]
-MOV rax, [rbx + 128]
-MOV rax, [rbx + 128]
+MOV rax, [r14 + 128]
+MOV rax, [r14 + 128]
+MOV rax, [r14 + 128]
+MOV rax, [r14 + 128]
+MOV rax, [r14 + 128]
+MOV rax, [r14 + 128]
 MFENCE