Skip to content

Usage

Jump to bottom
Jannik Zeitschner edited this page May 3, 2024 · 1 revision

Usage

In this page we describe what actions need to be performed by the user to generate assembly code with PoMMES given an initial function implemented in C.

In summary:

  • Annotate C Code
  • Generate GIMPLE File
  • Pass C code and GIMPLE File to PoMMES

Input

PoMMES requires two files. The first file is the annotated C code and contains security annotations of the inputs and internal function calls. The GIMPLE file is a textual dump of the internal intermediate representation of the annotated C code by the GCC compiler.

Annotated C Code

In order for PoMMES to track secrets through the function it requires security annotation by the user. This annotation happens inside the C code with #define macros. We distinguish between two types of security annotations.

Function Arguments

The first one deals with the input arguments of the function we want to compile with PoMMES. Input arguments can either be secret or public. To annotate the sensitivity of the inputs we use the macro #define POMMES_INPUT_<function-name> [SEC/PUB]. Each function argument gets its own sensitivity, i.e., either SEC or PUB. Consider the following function

#define N_SHARES 2
void foo(uint32_t in_a[N_SHARES], uint32_t in_b[N_SHARES], uint32_t out[N_SHARES]){
  //function body
}

To tell PoMMES that all function arguments contain secret information, we place the following macro in the C file:

#define POMMES_INPUT_FOO SEC SEC SEC
#define N_SHARES 2
void foo(uint32_t in_a[N_SHARES], uint32_t in_b[N_SHARES], uint32_t out[N_SHARES]){
  //function body
}

Internal Function Calls

Besides annotating the arguments of the function we want to compile, we also allow internal function calls. PoMMES is not directly able to analyse the function that is used internally. Therefore, we need to give PoMMES information about the sensitivity of the arguments it receives and potentially the sensitvity of the return value. For annotation of internal function calls we use the macro #define POMMES_FUNCTION_CALL_<function-name> [SEC/PUB/RETURNSEC/RETURNPUB]. Arguments passed to the internal function call can be either SEC or PUB, while potential return values of the internal function call can be RETURNSEC or RETURNPUB. Consider again the following function

#define POMMES_INPUT_FOO SEC SEC SEC
#define N_SHARES 2
void foo(uint32_t in_a[N_SHARES], uint32_t in_b[N_SHARES], uint32_t out[N_SHARES]){
  [...]
  uint32_t res = bar(in_a[0], in_b[0]);
  [...]
}

To tell PoMMES that the internal function takes sensitive arguments and returns a sensitive value, we place the following macro in the C file:

#define POMMES_INPUT_FOO SEC SEC SEC
#define POMMES_FUNCTION_CALL_BAR RETURNSEC SEC SEC
#define N_SHARES 2
void foo(uint32_t in_a[N_SHARES], uint32_t in_b[N_SHARES], uint32_t out[N_SHARES]){
  [...]
  uint32_t res = bar(in_a[0], in_b[0]);
  [...]
}

GIMPLE File

GIMPLE is the intermediate representation of GCC. To avoid implementing a frontend (Lexer, Parser, semantic and syntactic analysis, lowering to internal intermediate representations) we use the arm-none-eabi-gcc compiler to dump the intermediate representation of the C code into a text file. The intermediate representation is in SSA (static single-assignment) form and used by PoMMES to perform the sensitivity tracking through the function. To generate the GIMPLE file use the command arm-none-eabi-gcc -fdump-tree-ssa-raw <file_name>.c

Clone this wiki locally