add tests for untrusted tampering with data and metadata

This is a test-driven approach to investigating and fixing the issue mobilecoinfoundation#1576 These tests confirm that the trusted side indeed does not always detect when untrusted tampers with the memory, at this revision I have these results: ``` running 5 tests test helpers::exercise_oram_storage_clear_data ... FAILED test helpers::exercise_oram_storage_hammer_data ... FAILED test helpers::exercise_oram_storage_hammer_metadata ... ok test helpers::exercise_oram_storage_clear_metadata ... FAILED test helpers::exercise_oram_storage_shims ... ok ``` So the shims work normally when the memory is not tampered with, and the code detects when the untrusted metadata is hammered. But it does not detect when it is cleared, or when the data is tampered with. This is likely because of the issue point out in mobilecoinfoundation#1576, in the next commits we will fix it and get all these tests to pass. WIP try to fix trusted merkle root check Fix typo in readme Fix tests by using a branch that shares a trusted merkle root. Adding clarifying names to indices used in the test to better see what it is doing
wjuan-mob · Mar 31, 2022 · 99c452d · 99c452d
1 parent 878eceb
commit 99c452d
Show file tree

Hide file tree

Showing 4 changed files with 901 additions and 27 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/fog/ocall_oram_storage/trusted/Cargo.toml b/fog/ocall_oram_storage/trusted/Cargo.toml
@@ -22,7 +22,11 @@ rand_core = { version = "0.6", default-features = false }
 subtle = { version = "2", default-features = false }
 
 [target.'cfg(any(target_feature = "avx2", target_feature = "avx"))'.dependencies]
-blake2 = { version = "0.10.4", default-features = false, features = ["simd"] }
+blake2 = { version = "0.10.2", default-features = false, features = ["simd"] }
 
 [target.'cfg(not(any(target_feature = "avx2", target_feature = "avx")))'.dependencies]
 blake2 = { version = "0.10.2", default-features = false }
+
+[dev-dependencies]
+lazy_static = "1.4"
+mc-util-test-helper = { path = "../../../util/test-helper" }
diff --git a/fog/ocall_oram_storage/trusted/README.md b/fog/ocall_oram_storage/trusted/README.md
@@ -31,7 +31,7 @@ An important optimization is used:
 - If the ciphertext metadata from untrusted is all zeroes, then we assume this is
   the first time we access the block, and pass all zero metadata and data back
   to the Oblivious RAM. Effectively, we lazily zero the data segments in blocks
-  living untrusted memory memory, and dont require that we write encryptions of
+  living untrusted memory, and don't require that we write encryptions of
   zeros to every memory cell at initialization.
 
 Authentication design