Merge pull request #83 from w-woloszyn/elf_parser

Add ELF parser to retrieve enclave symbol addresses
jovanbulck · Aug 19, 2024 · 08895a1 · 08895a1
2 parents 3b30c93 + 7d6c2b8
commit 08895a1
Show file tree

Hide file tree

Showing 19 changed files with 354 additions and 308 deletions.
diff --git a/app/aep-redirect/Enclave/encl.c b/app/aep-redirect/Enclave/encl.c
@@ -21,19 +21,6 @@
 __attribute__((aligned(4096))) int array[4096] = {0xaa};
 #define a array[100]
 
-void* get_a_addr( void )
-{
-    return &a;
-}
-
 void page_aligned_func(void);
 
-void* get_code_addr( void )
-{
-    return page_aligned_func;
-}
-
-int enclave_dummy_call(void)
-{
-    return a;
-}
+int enclave_dummy_call(void) { return a; }
diff --git a/app/aep-redirect/Enclave/encl.edl b/app/aep-redirect/Enclave/encl.edl
@@ -2,8 +2,6 @@ enclave {
 
 	trusted {
         public int enclave_dummy_call(void);
-	    public void* get_a_addr( void );
-	    public void* get_code_addr( void );
         public void page_aligned_func(void);
     };
 

diff --git a/app/aep-redirect/Makefile b/app/aep-redirect/Makefile
@@ -29,7 +29,7 @@ CFLAGS              += -fPIC -fno-stack-protector -fno-builtin -fno-jump-tables
 INCLUDE              = -I$(SGX_SDK)/include/ -I$(LIBSGXSTEP_DIR) 
 LDFLAGS             += -lsgx-step -lencl_proxy -lsgx_urts \
                        -lsgx_uae_service -pthread $(SUBDIRS:%=-L %) -L$(SGX_SDK)/lib$(LIB_SUFX)/ \
-                       -L$(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux
+                       -L$(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux -lelf
 
 SOURCES              = $(shell ls *.c)
 OBJECTS              = $(SOURCES:.c=.o)

diff --git a/app/aep-redirect/main.c b/app/aep-redirect/main.c
@@ -19,68 +19,62 @@
  */
 
 #include <sgx_urts.h>
-#include "Enclave/encl_u.h"
-#include <sys/mman.h>
 #include <signal.h>
-#include "libsgxstep/enclave.h"
+#include <sys/mman.h>
+
+#include "Enclave/encl_u.h"
 #include "libsgxstep/debug.h"
+#include "libsgxstep/elf_parser.h"
+#include "libsgxstep/enclave.h"
 #include "libsgxstep/pt.h"
 
-#define DBG_ENCL        1
+#define DBG_ENCL 1
 
 void *data_pt = NULL, *data_page = NULL, *code_pt = NULL;
 int fault_fired = 0, aep_fired = 0;
 sgx_enclave_id_t eid = 0;
 
-void aep_cb_func(void)
-{
+void aep_cb_func(void) {
     gprsgx_region_t gprsgx = {0};
-    uint64_t erip = edbgrd_erip() - (uint64_t) get_enclave_base();
-    info("Hello world from AEP callback with erip=%#llx! Resuming enclave..", erip); 
+    uint64_t erip = edbgrd_erip() - (uint64_t)get_enclave_base();
+    info("Hello world from AEP callback with erip=%#llx! Resuming enclave..",
+         erip);
 
     edbgrd(get_enclave_ssa_gprsgx_adrs(), &gprsgx, sizeof(gprsgx_region_t));
     dump_gprsgx_region(&gprsgx);
 
     aep_fired++;
 }
 
-void fault_handler(int signo, siginfo_t * si, void  *ctx)
-{
-    ASSERT( fault_fired < 5);
+void fault_handler(int signo, siginfo_t *si, void *ctx) {
+    ASSERT(fault_fired < 5);
 
-    switch ( signo )
-    {
-      case SIGSEGV:
-        info("Caught page fault (base address=%p)", si->si_addr);
-        break;
+    switch (signo) {
+        case SIGSEGV:
+            info("Caught page fault (base address=%p)", si->si_addr);
+            break;
 
-      default:
-        info("Caught unknown signal '%d'", signo);
-        abort();
+        default:
+            info("Caught unknown signal '%d'", signo);
+            abort();
     }
 
-    if (si->si_addr == data_page)
-    {
+    if (si->si_addr == data_page) {
         info("Restoring data access rights..");
         ASSERT(!mprotect(data_page, 4096, PROT_READ | PROT_WRITE));
         print_pte_adrs(data_pt);
-    }
-    else if (si->si_addr == code_pt)
-    {
+    } else if (si->si_addr == code_pt) {
         info("Restoring code access rights..");
         ASSERT(!mprotect(code_pt, 4096, PROT_READ | PROT_EXEC));
         print_pte_adrs(code_pt);
-    }
-    else
-    {
+    } else {
         info("Unknown #PF address!");
     }
 
     fault_fired++;
 }
 
-void attacker_config_page_table(void)
-{
+void attacker_config_page_table(void) {
     struct sigaction act, old_act;
 
     /* NOTE: finer-grained permissions can be revoked using
@@ -92,15 +86,15 @@ void attacker_config_page_table(void)
      * inversion.
      */
     info("revoking data page access rights..");
-    SGX_ASSERT( get_a_addr(eid, &data_pt) );
-    data_page = (void*) ((uintptr_t) data_pt & ~PFN_MASK);
+    data_pt = get_symbol_offset("array") + get_enclave_base();
+    data_page = (void *)((uintptr_t)data_pt & ~PFN_MASK);
     info("data at %p with PTE:", data_pt);
     print_pte_adrs(data_pt);
     ASSERT(!mprotect(data_page, 4096, PROT_NONE));
     print_pte_adrs(data_pt);
 
     info("revoking code page access rights..");
-    SGX_ASSERT( get_code_addr(eid, &code_pt) );
+    code_pt = get_symbol_offset("page_aligned_func") + get_enclave_base();
     info("code at %p with PTE:", code_pt);
     print_pte_adrs(code_pt);
     ASSERT(!mprotect(code_pt, 4096, PROT_NONE));
@@ -113,23 +107,23 @@ void attacker_config_page_table(void)
 
     /* Block all signals while the signal is being handled */
     sigfillset(&act.sa_mask);
-    ASSERT(!sigaction( SIGSEGV, &act, &old_act ));
+    ASSERT(!sigaction(SIGSEGV, &act, &old_act));
 }
 
-int main( int argc, char **argv )
-{
+int main(int argc, char **argv) {
     sgx_launch_token_t token = {0};
     int retval = 0, updated = 0;
     char old = 0x00, new = 0xbb;
 
     info("Creating enclave...");
-    SGX_ASSERT( sgx_create_enclave( "./Enclave/encl.so", /*debug=*/DBG_ENCL,
-                                &token, &updated, &eid, NULL ) );
+    SGX_ASSERT(sgx_create_enclave("./Enclave/encl.so", /*debug=*/DBG_ENCL,
+                                  &token, &updated, &eid, NULL));
 
     info("Dry run to allocate pages");
-    SGX_ASSERT( enclave_dummy_call(eid, &retval) );
-    SGX_ASSERT( page_aligned_func(eid) );
+    SGX_ASSERT(enclave_dummy_call(eid, &retval));
+    SGX_ASSERT(page_aligned_func(eid));
 
+    register_symbols("./Enclave/encl.so");
     attacker_config_page_table();
     register_aep_cb(aep_cb_func);
     print_enclave_info();
@@ -138,16 +132,17 @@ int main( int argc, char **argv )
     edbgrd(data_pt, &old, 1);
     edbgwr(data_pt, &new, 1);
     edbgrd(data_pt, &new, 1);
-    info("data at %p (page %p): old=0x%x; new=0x%x", data_pt, data_page, old & 0xff, new & 0xff);
+    info("data at %p (page %p): old=0x%x; new=0x%x", data_pt, data_page,
+         old & 0xff, new & 0xff);
 
     info_event("calling enclave data page fault..");
-    SGX_ASSERT( enclave_dummy_call(eid, &retval) );
+    SGX_ASSERT(enclave_dummy_call(eid, &retval));
 
     info_event("calling enclave code page fault..");
-    SGX_ASSERT( page_aligned_func(eid) );
+    SGX_ASSERT(page_aligned_func(eid));
 
     info("all is well; exiting..");
     ASSERT(fault_fired && aep_fired);
-   	SGX_ASSERT( sgx_destroy_enclave( eid ) );
-	return 0;
+    SGX_ASSERT(sgx_destroy_enclave(eid));
+    return 0;
 }
diff --git a/app/bench/Enclave/encl.c b/app/bench/Enclave/encl.c
@@ -29,46 +29,20 @@ extern void zigzag_bench(uint64_t nb);
 extern void asm_microbenchmark(void);
 extern int my_strlen(const char *str);
 
-void do_nop_slide(void)
-{
-    asm_microbenchmark();
-}
+void do_nop_slide(void) { asm_microbenchmark(); }
 
 int a, b;
 
-void do_zigzagger(int n)
-{
+void do_zigzagger(int n) {
     a = 1;
     b = 0;
     zigzag_bench(n);
 }
 
-int do_strlen(int n)
-{
+int do_strlen(int n) {
     int i, j;
 
-    for (i=0; i < n; i++)
-        j = my_strlen(&secret_str);
+    for (i = 0; i < n; i++) j = my_strlen(&secret_str);
 
     return j;
 }
-
-void *get_str_adrs( void )
-{
-    return &secret_str;
-}
-
-void *get_nop_adrs( void )
-{
-    return asm_microbenchmark;
-}
-
-void *get_zz_adrs(void)
-{
-    return zigzag_bench;
-}
-
-void *get_strlen_adrs(void)
-{
-    return my_strlen;
-}
diff --git a/app/bench/Enclave/encl.edl b/app/bench/Enclave/encl.edl
@@ -3,12 +3,8 @@ enclave {
 	trusted {
    	    public void  do_zigzagger( int n );
    	    public int   do_strlen( int n );
-        public void  *get_str_adrs( void );
    	    public void  do_nop_slide( void );
 
-        public void  *get_nop_adrs( void );
-        public void  *get_zz_adrs( void );
-        public void  *get_strlen_adrs( void );
 	};
 
 	untrusted {

diff --git a/app/bench/Makefile b/app/bench/Makefile
@@ -30,7 +30,7 @@ CFLAGS              += -fPIC -fno-stack-protector -fno-builtin -fno-jump-tables
 INCLUDE              = -I$(SGX_SDK)/include/ -I$(LIBSGXSTEP_DIR)
 LDFLAGS             += -lsgx-step -lencl_proxy -lsgx_urts \
                        -lsgx_uae_service -pthread $(SUBDIRS:%=-L %) -L$(SGX_SDK)/lib$(LIB_SUFX)/ \
-                       -L$(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux
+                       -L$(LIBSGXSTEP_DIR)/linux-sgx/psw/urts/linux -lelf
 
 SOURCES              = $(shell ls *.c)
 OBJECTS              = $(SOURCES:.c=.o)