Intel (Skylake / Kaby Lake) – ‘PortSmash’ CPU SMT Side-Channel

• Exploit Database
• 110 阅读

• 作者： Billy Brumley
  日期： 2018-11-02
• 类别：

  • local
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/45785/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124

  # Summary   This is a proof-of-concept exploit of the PortSmash microarchitecture attack, tracked by CVE-2018-5407.      # Setup   ## Prerequisites   A CPU featuring SMT (e.g. Hyper-Threading) is the only requirement.   This exploit code should work out of the box on Skylake and Kaby Lake. For other SMT architectures, customizing the strategies and/or waiting times in <code>spy</code> is likely needed.   ## OpenSSL   Download and install OpenSSL 1.1.0h or lower:   cd /usr/local/src wget https://www.openssl.org/source/openssl-1.1.0h.tar.gz tar xzf openssl-1.1.0h.tar.gz cd openssl-1.1.0h/ export OPENSSL_ROOT_DIR=/usr/local/ssl ./config -d shared --prefix=$OPENSSL_ROOT_DIR --openssldir=$OPENSSL_ROOT_DIR -Wl,-rpath=$OPENSSL_ROOT_DIR/lib make -j8 make test sudo checkinstall --strip=no --stripso=no --pkgname=openssl-1.1.0h-debug --provides=openssl-1.1.0h-debug --default make install_sw   If you use a different path, you&apos;ll need to make changes to <code>Makefile</code> and <code>sync.sh</code>.   # Tooling   ## freq.sh   Turns off frequency scaling and TurboBoost.   ## sync.sh   Sync trace through pipes. It has two victims, one of which should be active at a time:   1. The stock <code>openssl</code> running <code>dgst</code> command to produce a P-384 signature. 2. A harness <code>ecc</code> that calls scalar multiplication directly with a known key. (Useful for profiling.)   The script will generate a P-384 key pair in <code>secp384r1.pem</code> if it does not already exist.   The script outputs <code>data.bin</code> which is what <code>openssl dgst</code> signed, and you should be able to verify the ECDSA signature <code>data.sig</code> afterwards with   openssl dgst -sha512 -verify secp384r1.pem -signature data.sig data.bin   In the <code>ecc</code> tool case, <code>data.bin</code> and <code>secp384r1.pem</code> are meaningless and <code>data.sig</code> is not created.   For the <code>taskset</code> commands in <code>sync.sh</code>, the cores need to be two logical cores of the same physical core; sanity check with   $ grep &apos;^core id&apos; /proc/cpuinfo core id : 0 core id : 1 core id : 2 core id : 3 core id : 0 core id : 1 core id : 2 core id : 3   So the script is currently configured for logical cores 3 and 7 that both map to physical core 3 (<code>core_id</code>).   ## spy   Measurement process that outputs measurements in <code>timings.bin</code>. To change the <code>spy</code> strategy, check the port defines in <code>spy.h</code>. Only one strategy should be active at build time.   Note that <code>timings.bin</code> is actually raw clock cycle counter values, not latencies. Look in <code>parse_raw_simple.py</code> to understand the data format if necessary.   ## ecc   Victim harness for running OpenSSL scalar multiplication with known inputs. Example:   ./ecc M 4 deadbeef0123456789abcdef00000000c0ff33   Will execute 4 consecutive calls to <code>EC_POINT_mul</code> with the given hex scalar.   ## parse_raw_simple.py   Quick and dirty hack to view 1D traces. The top plot is the raw trace. Everything below is a different digital filter of the raw trace for viewing purposes. Zoom and pan are your friends here.   You might have to adjust the <code>CEIL</code> variable if the plots are too aggressively clipped.   Python packages:   sudo apt-get install python-numpy python-matplotlib   # Usage   Turn off frequency scaling:   ./freq.sh   Make sure everything builds:   make clean make   Take a measurement:   ./sync.sh   View the trace:   python parse_raw_simple.py timings.bin   You can play around with one victim at a time in <code>sync.sh</code>. Sample output for the <code>openssl dgst</code> victim is in <code>parse_raw_simple.png</code>.   # Credits   * Alejandro Cabrera Aldaya (Universidad Tecnológica de la Habana (CUJAE), Habana, Cuba) * Billy Bob Brumley (Tampere University of Technology, Tampere, Finland) * Sohaib ul Hassan (Tampere University of Technology, Tampere, Finland) * Cesar Pereida García (Tampere University of Technology, Tampere, Finland) * Nicola Tuveri (Tampere University of Technology, Tampere, Finland)         EDB Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/45785.zip