create a sample to demonstrate a timing attack
This sample attempts to re-create an image's alpha channel by drawing it one pixel at a time and timing how long each pixel takes to draw. The "abc" text should appear twice normally, and the third and fourth versions are reconstructed from timing, one by timing 1:1 pixel draws, the other by timing 1x1:1024x1024 upscale into an offscreen. It's not meant to be an exact reconstruction, but you can easily see the shapes, particularly at -O0, -O1, and -Os. Auto-vectorization from -O2/-O3 do a good amount to cover up the problem. The legacy CPU backend is the main place to look. I haven't been able to reconstruct any images using SkRasterPipelineBlitter or SkVMBlitter, and while on the GPU I do see non-random patterns in the timing, it appears to be the same single pattern across devices, OSes, GPUs, GPU APIs and content... I assume it's something like our resource caching policy. This can't really be a GM, given how it draws non-deterministically. Bug: chromium:1088224 Change-Id: I2ec79c8dd407ecb104fd9bf0c8039cb6dd1fe436 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/313466 Commit-Queue: Mike Klein <mtklein@google.com> Commit-Queue: Mike Reed <reed@google.com> Reviewed-by: Mike Reed <reed@google.com>
This commit is contained in:
parent
09dac44dbc
commit
5c612ade3b
@ -89,6 +89,7 @@ samples_sources = [
|
||||
"$_samplecode/SampleTextEffects.cpp",
|
||||
"$_samplecode/SampleTextureUpload.cpp",
|
||||
"$_samplecode/SampleThinAA.cpp",
|
||||
"$_samplecode/SampleTiming.cpp",
|
||||
"$_samplecode/SampleUnpremul.cpp",
|
||||
"$_samplecode/SampleVertices.cpp",
|
||||
"$_samplecode/SampleWritePixels.cpp",
|
||||
|
92
samplecode/SampleTiming.cpp
Normal file
92
samplecode/SampleTiming.cpp
Normal file
@ -0,0 +1,92 @@
|
||||
/*
|
||||
* Copyright 2020 Google Inc.
|
||||
*
|
||||
* Use of this source code is governed by a BSD-style license that can be
|
||||
* found in the LICENSE file.
|
||||
*/
|
||||
|
||||
#include "include/core/SkCanvas.h"
|
||||
#include "include/core/SkFont.h"
|
||||
#include "include/core/SkSurface.h"
|
||||
#include "samplecode/Sample.h"
|
||||
#include <chrono>
|
||||
|
||||
struct TimingSample : public Sample {
|
||||
static constexpr int W = 24,
|
||||
H = 16;
|
||||
sk_sp<SkImage> fImg;
|
||||
|
||||
SkString name() override { return SkString("Timing"); }
|
||||
|
||||
void onOnceBeforeDraw() override {
|
||||
sk_sp<SkSurface> surf = SkSurface::MakeRasterN32Premul(W,H);
|
||||
surf->getCanvas()->drawString("abc", 2,H-4, SkFont{}, SkPaint{});
|
||||
fImg = surf->makeImageSnapshot();
|
||||
}
|
||||
|
||||
void onDrawContent(SkCanvas* canvas) override {
|
||||
canvas->scale(8,8);
|
||||
|
||||
// Draw normally.
|
||||
canvas->drawImage(fImg, 0,0);
|
||||
|
||||
canvas->translate(0,H);
|
||||
|
||||
// Draw one pixel at a time with drawImageRect(),
|
||||
// timing how long each drawImageRect() call takes.
|
||||
double cost[H][W];
|
||||
double min = +INFINITY,
|
||||
max = -INFINITY;
|
||||
for (int y = 0; y < H; y++)
|
||||
for (int x = 0; x < W; x++) {
|
||||
auto start = std::chrono::steady_clock::now();
|
||||
canvas->drawImageRect(fImg, SkRect::MakeXYWH(x,y,1,1)
|
||||
, SkRect::MakeXYWH(x,y,1,1)
|
||||
, /*paint=*/nullptr);
|
||||
auto elapsed = std::chrono::steady_clock::now() - start;
|
||||
|
||||
cost[y][x] = elapsed.count();
|
||||
min = std::min(min, cost[y][x]);
|
||||
max = std::max(max, cost[y][x]);
|
||||
}
|
||||
|
||||
canvas->translate(0,H);
|
||||
|
||||
// Draw using those per-pixel timings,
|
||||
// with the slowest pixel scaled to alpha=1, the fastest to alpha=0.
|
||||
for (int y = 0; y < H; y++)
|
||||
for (int x = 0; x < W; x++) {
|
||||
SkPaint p;
|
||||
p.setAlphaf( (cost[y][x] - min) / (max - min) );
|
||||
canvas->drawRect(SkRect::MakeXYWH(x,y,1,1), p);
|
||||
}
|
||||
|
||||
canvas->translate(0,H);
|
||||
|
||||
// Draw each pixel into offscreen, timing each draw.
|
||||
SkImageInfo info = canvas->imageInfo().makeWH(1024,1024);
|
||||
if (sk_sp<SkSurface> offscreen = canvas->makeSurface(info)) {
|
||||
min = +INFINITY;
|
||||
max = -INFINITY;
|
||||
for (int y = 0; y < H; y++)
|
||||
for (int x = 0; x < W; x++) {
|
||||
auto start = std::chrono::steady_clock::now();
|
||||
offscreen->getCanvas()->drawImageRect(fImg, SkRect::MakeXYWH(x,y,1,1)
|
||||
, SkRect::MakeXYWH(0,0,1024,1024)
|
||||
, /*paint=*/nullptr);
|
||||
auto elapsed = std::chrono::steady_clock::now() - start;
|
||||
|
||||
cost[y][x] = elapsed.count();
|
||||
min = std::min(min, cost[y][x]);
|
||||
max = std::max(max, cost[y][x]);
|
||||
}
|
||||
for (int y = 0; y < H; y++)
|
||||
for (int x = 0; x < W; x++) {
|
||||
SkPaint p;
|
||||
p.setAlphaf( (cost[y][x] - min) / (max - min) );
|
||||
canvas->drawRect(SkRect::MakeXYWH(x,y,1,1), p);
|
||||
}
|
||||
}
|
||||
}
|
||||
};
|
||||
DEF_SAMPLE( return new TimingSample; )
|
Loading…
Reference in New Issue
Block a user