You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@teaclave.apache.org by Fuga Kato <no...@github.com> on 2020/06/26 10:35:07 UTC

[apache/incubator-teaclave-sgx-sdk] sgx_ucrypto::rsgx_rijndael128GCM_decrypt() panics with integer overflow (#252)

## Symptom
Call to sgx_ucrypto::rsgx_rijndael128GCM_decrypt() panics on debug build with a message like this:
```
thread 'main' panicked at 'attempt to subtract with overflow', /home/fkato/.cargo/git/checkouts/incubator-teaclave-sgx-sdk-c63c8825343e87f0/e0a4f47/sgx_ucrypto/src/util.rs:68:11
```

## Problem
The panic is from an integer overflow.

sgx_ucrypto/src/util.rs:68:
```
    (1 & ((res - 1) >> 8)) as i32
```

## How to resolve
Change `res - 1` to `res.wrapping_sub(1)`.

## Minimal example
### Cargo.toml
```toml
[package]
name = "ucrypto-test"
version = "0.1.0"
authors = ["Fuga Kato <fk...@softlab.cs.tsukuba.ac.jp>"]
edition = "2018"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]
hex = "0.4.2"
rand = "0.7.3"
sgx_types = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git" }
sgx_ucrypto = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git" }
```
### src/main.rs
```rust
use sgx_types::sgx_aes_gcm_128bit_key_t as key_t;
use sgx_types::sgx_aes_gcm_128bit_tag_t as tag_t;
use sgx_ucrypto::rsgx_rijndael128GCM_encrypt as encrypt;
use sgx_ucrypto::rsgx_rijndael128GCM_decrypt as decrypt;

fn main() {
    let key: key_t = rand::random();
    let plaintext = "hello";
    println!("plaintext string: {}", plaintext);
    let plaintext = plaintext.as_bytes();
    let iv: [u8; 12] = rand::random();
    let aad = [0u8; 0];
    let mut ciphertext = vec![0u8; plaintext.len()];
    let mut mac = tag_t::default();

    println!("key: {}", hex::encode(&key));
    println!("plaintext: {}", hex::encode(&plaintext));
    println!("iv: {}", hex::encode(&iv));

    encrypt(&key, &plaintext, &iv, &aad, &mut ciphertext, &mut mac).expect("encrypt failed");

    println!("ciphertext: {}", hex::encode(&ciphertext));
    println!("mac: {}", hex::encode(&mac));

    let mut decrypted = vec![0u8; ciphertext.len()];

    decrypt(&key, &ciphertext, &iv, &aad, &mac, &mut decrypted).expect("decrypt failed");

    assert_eq!(plaintext, decrypted.as_slice());

    println!("decrypted: {}", hex::encode(&decrypted));
    println!("decrypted string: {}", String::from_utf8(decrypted).expect("not UTF-8"));
}
```
### `cargo run --release` output
```
% cargo run --release
    Finished release [optimized] target(s) in 0.03s
     Running `target/release/ucrypto-test`
plaintext string: hello
key: 3dbdc1ab48159f009609df3f9c62191c
plaintext: 68656c6c6f
iv: bcf54762138d34f231eadb09
ciphertext: e1b0bfd16b
mac: 8b3b14331062dc7986e1edeb68dd9455
decrypted: 68656c6c6f
decrypted string: hello
```

### `cargo run` output with backtrace
```
% RUST_BACKTRACE=1 cargo run
    Finished dev [unoptimized + debuginfo] target(s) in 0.03s
     Running `target/debug/ucrypto-test`
plaintext string: hello
key: 93b8f9e1ec5f8cfc92b5770983c99060
plaintext: 68656c6c6f
iv: 312dbb35b094b91eeb0d41ad
ciphertext: 408b0c33ea
mac: 502d7099f5471bf57614110b2b6ced67
thread 'main' panicked at 'attempt to subtract with overflow', /home/fkato/.cargo/git/checkouts/incubator-teaclave-sgx-sdk-c63c8825343e87f0/e0a4f47/sgx_ucrypto/src/util.rs:68:11
stack backtrace:
   0: backtrace::backtrace::libunwind::trace
             at /cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.40/src/backtrace/libunwind.rs:88
   1: backtrace::backtrace::trace_unsynchronized
             at /cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.40/src/backtrace/mod.rs:66
   2: std::sys_common::backtrace::_print_fmt
             at src/libstd/sys_common/backtrace.rs:84
   3: <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt
             at src/libstd/sys_common/backtrace.rs:61
   4: core::fmt::write
             at src/libcore/fmt/mod.rs:1030
   5: std::io::Write::write_fmt
             at src/libstd/io/mod.rs:1412
   6: std::sys_common::backtrace::_print
             at src/libstd/sys_common/backtrace.rs:65
   7: std::sys_common::backtrace::print
             at src/libstd/sys_common/backtrace.rs:50
   8: std::panicking::default_hook::{{closure}}
             at src/libstd/panicking.rs:188
   9: std::panicking::default_hook
             at src/libstd/panicking.rs:205
  10: std::panicking::rust_panic_with_hook
             at src/libstd/panicking.rs:464
  11: std::panicking::continue_panic_fmt
             at src/libstd/panicking.rs:373
  12: rust_begin_unwind
             at src/libstd/panicking.rs:302
  13: core::panicking::panic_fmt
             at src/libcore/panicking.rs:82
  14: core::panicking::panic
             at src/libcore/panicking.rs:50
  15: consttime_memequal
             at /home/fkato/.cargo/git/checkouts/incubator-teaclave-sgx-sdk-c63c8825343e87f0/e0a4f47/sgx_ucrypto/src/util.rs:68
  16: sgx_rijndael128GCM_decrypt
  17: sgx_ucrypto::crypto::rsgx_rijndael128GCM_decrypt
             at /home/fkato/.cargo/git/checkouts/incubator-teaclave-sgx-sdk-c63c8825343e87f0/e0a4f47/sgx_ucrypto/src/crypto.rs:844
  18: ucrypto_test::main
             at src/main.rs:27
  19: std::rt::lang_start::{{closure}}
             at /rustc/412f43ac5b4ae8c3599e71c6972112e9be4758fa/src/libstd/rt.rs:61
  20: std::rt::lang_start_internal::{{closure}}
             at src/libstd/rt.rs:48
  21: std::panicking::try::do_call
             at src/libstd/panicking.rs:287
  22: __rust_maybe_catch_panic
             at src/libpanic_unwind/lib.rs:81
  23: std::panicking::try
             at src/libstd/panicking.rs:265
  24: std::panic::catch_unwind
             at src/libstd/panic.rs:395
  25: std::rt::lang_start_internal
             at src/libstd/rt.rs:47
  26: std::rt::lang_start
             at /rustc/412f43ac5b4ae8c3599e71c6972112e9be4758fa/src/libstd/rt.rs:61
  27: main
  28: __libc_start_main
  29: _start
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
```


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/252

Re: [apache/incubator-teaclave-sgx-sdk] sgx_ucrypto::rsgx_rijndael128GCM_decrypt() panics with integer overflow (#252)

Posted by Fuga Kato <no...@github.com>.

Closed #252.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/252#event-3512942275

Re: [apache/incubator-teaclave-sgx-sdk] sgx_ucrypto::rsgx_rijndael128GCM_decrypt() panics with integer overflow (#252)

Posted by Fuga Kato <no...@github.com>.

Thanks!

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/252#issuecomment-653828916

Re: [apache/incubator-teaclave-sgx-sdk] sgx_ucrypto::rsgx_rijndael128GCM_decrypt() panics with integer overflow (#252)

Posted by volcano <no...@github.com>.

@NTSC-J  I will fix this problem, thank you for reporting this error.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/252#issuecomment-651515702