create a sample to demonstrate a timing attack

This sample attempts to re-create an image's alpha channel by drawing it
one pixel at a time and timing how long each pixel takes to draw.

The "abc" text should appear twice normally, and the third and fourth
versions are reconstructed from timing, one by timing 1:1 pixel draws,
the other by timing 1x1:1024x1024 upscale into an offscreen.  It's not
meant to be an exact reconstruction, but you can easily see the shapes,
particularly at -O0, -O1, and -Os.  Auto-vectorization from -O2/-O3 do
a good amount to cover up the problem.

The legacy CPU backend is the main place to look.  I haven't been able
to reconstruct any images using SkRasterPipelineBlitter or SkVMBlitter,
and while on the GPU I do see non-random patterns in the timing, it
appears to be the same single pattern across devices, OSes, GPUs, GPU
APIs and content... I assume it's something like our resource caching
policy.

This can't really be a GM, given how it draws non-deterministically.

Bug: chromium:1088224
Change-Id: I2ec79c8dd407ecb104fd9bf0c8039cb6dd1fe436
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/313466
Commit-Queue: Mike Klein <mtklein@google.com>
Commit-Queue: Mike Reed <reed@google.com>
Reviewed-by: Mike Reed <reed@google.com>
This commit is contained in:
Mike Klein 2020-08-26 12:26:06 -05:00 committed by Skia Commit-Bot
parent 09dac44dbc
commit 5c612ade3b
2 changed files with 93 additions and 0 deletions

View File

@ -89,6 +89,7 @@ samples_sources = [
"$_samplecode/SampleTextEffects.cpp",
"$_samplecode/SampleTextureUpload.cpp",
"$_samplecode/SampleThinAA.cpp",
"$_samplecode/SampleTiming.cpp",
"$_samplecode/SampleUnpremul.cpp",
"$_samplecode/SampleVertices.cpp",
"$_samplecode/SampleWritePixels.cpp",

View File

@ -0,0 +1,92 @@
/*
* Copyright 2020 Google Inc.
*
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#include "include/core/SkCanvas.h"
#include "include/core/SkFont.h"
#include "include/core/SkSurface.h"
#include "samplecode/Sample.h"
#include <chrono>
struct TimingSample : public Sample {
static constexpr int W = 24,
H = 16;
sk_sp<SkImage> fImg;
SkString name() override { return SkString("Timing"); }
void onOnceBeforeDraw() override {
sk_sp<SkSurface> surf = SkSurface::MakeRasterN32Premul(W,H);
surf->getCanvas()->drawString("abc", 2,H-4, SkFont{}, SkPaint{});
fImg = surf->makeImageSnapshot();
}
void onDrawContent(SkCanvas* canvas) override {
canvas->scale(8,8);
// Draw normally.
canvas->drawImage(fImg, 0,0);
canvas->translate(0,H);
// Draw one pixel at a time with drawImageRect(),
// timing how long each drawImageRect() call takes.
double cost[H][W];
double min = +INFINITY,
max = -INFINITY;
for (int y = 0; y < H; y++)
for (int x = 0; x < W; x++) {
auto start = std::chrono::steady_clock::now();
canvas->drawImageRect(fImg, SkRect::MakeXYWH(x,y,1,1)
, SkRect::MakeXYWH(x,y,1,1)
, /*paint=*/nullptr);
auto elapsed = std::chrono::steady_clock::now() - start;
cost[y][x] = elapsed.count();
min = std::min(min, cost[y][x]);
max = std::max(max, cost[y][x]);
}
canvas->translate(0,H);
// Draw using those per-pixel timings,
// with the slowest pixel scaled to alpha=1, the fastest to alpha=0.
for (int y = 0; y < H; y++)
for (int x = 0; x < W; x++) {
SkPaint p;
p.setAlphaf( (cost[y][x] - min) / (max - min) );
canvas->drawRect(SkRect::MakeXYWH(x,y,1,1), p);
}
canvas->translate(0,H);
// Draw each pixel into offscreen, timing each draw.
SkImageInfo info = canvas->imageInfo().makeWH(1024,1024);
if (sk_sp<SkSurface> offscreen = canvas->makeSurface(info)) {
min = +INFINITY;
max = -INFINITY;
for (int y = 0; y < H; y++)
for (int x = 0; x < W; x++) {
auto start = std::chrono::steady_clock::now();
offscreen->getCanvas()->drawImageRect(fImg, SkRect::MakeXYWH(x,y,1,1)
, SkRect::MakeXYWH(0,0,1024,1024)
, /*paint=*/nullptr);
auto elapsed = std::chrono::steady_clock::now() - start;
cost[y][x] = elapsed.count();
min = std::min(min, cost[y][x]);
max = std::max(max, cost[y][x]);
}
for (int y = 0; y < H; y++)
for (int x = 0; x < W; x++) {
SkPaint p;
p.setAlphaf( (cost[y][x] - min) / (max - min) );
canvas->drawRect(SkRect::MakeXYWH(x,y,1,1), p);
}
}
}
};
DEF_SAMPLE( return new TimingSample; )