You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@teaclave.apache.org by lyj <no...@github.com.INVALID> on 2020/11/13 00:27:44 UTC
[apache/incubator-teaclave-sgx-sdk] Fail to run crypto example (#285)
```
[+] global_eid: 2
[+] sha256 input string is abc
[+] Expected SHA256 hash: ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
calc_sha256 invoked!
Input string len = 3, input len = 3
[+] SHA256 result is ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
[+] calc_sha256 success ...
[+] Starting aes-gcm-128 encrypt calculation
[1] 2483 segmentation fault (core dumped) ./app
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/285
Re: [apache/incubator-teaclave-sgx-sdk] Fail to run crypto example
(#285)
Posted by lyj <no...@github.com.INVALID>.
Closed #285.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/285#event-3991476604
Re: [apache/incubator-teaclave-sgx-sdk] Fail to run crypto example
(#285)
Posted by lyj <no...@github.com.INVALID>.
And I'm not testing in docker.
```
➜ bin git:(master) ✗ neofetch
-+ssssssssssssssssssyyssss+- OS: Ubuntu 20.04.1 LTS x86_64
.ossssssssssssssssssdMMMNysssso. Host: OptiPlex 7070
/ssssssssssshdmmNNmmyNMMMMhssssss/ Kernel: 5.4.73-custom
+ssssssssshmydMMMMMMMNddddyssssssss+ Uptime: 11 mins
/sssssssshNMMMyhhyyyyhmNMMMNhssssssss/ Packages: 1887 (dpkg), 7 (snap)
.ssssssssdMMMNhsssssssssshNMMMdssssssss. Shell: zsh 5.8
+sssshhhyNMMNyssssssssssssyNMMMysssssss+ Resolution: 1920x1080
ossyNMMMNyMMhsssssssssssssshmmmhssssssso Terminal: /dev/pts/0
ossyNMMMNyMMhsssssssssssssshmmmhssssssso CPU: Intel i7-9700 (8) @ 4.700GHz
+sssshhhyNMMNyssssssssssssyNMMMysssssss+ GPU: Intel UHD Graphics 630
.ssssssssdMMMNhsssssssssshNMMMdssssssss. Memory: 587MiB / 15669MiB
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/285#issuecomment-726476194
Re: [apache/incubator-teaclave-sgx-sdk] Fail to run crypto example
(#285)
Posted by lyj <no...@github.com.INVALID>.
Reopened #285.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/285#event-3991560948
Re: [apache/incubator-teaclave-sgx-sdk] Fail to run crypto example
(#285)
Posted by Pei Wang <no...@github.com.INVALID>.
Yes, functions that are not void yet without return statements have undefined behaviors, unless that function is "main", according to the standard.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/285#issuecomment-726502162
Re: [apache/incubator-teaclave-sgx-sdk] Fail to run crypto example
(#285)
Posted by lyj <no...@github.com.INVALID>.
```
➜ bin git:(master) ✗ ./app
[+] global_eid: 2
[+] sha256 input string is abc
[+] Expected SHA256 hash: ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
calc_sha256 invoked!
Input string len = 3, input len = 3
[+] SHA256 result is ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
[+] calc_sha256 success ...
[+] Starting aes-gcm-128 encrypt calculation
[1] 17413 segmentation fault (core dumped) ./app
```
```
➜ bin git:(master) ✗ sgx_sign -version
This is sgx_sign from Intel(R) Software Guard Extensions, version 2.12.100.3 for Linux.
```
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/285#issuecomment-726474611
Re: [apache/incubator-teaclave-sgx-sdk] Fail to run crypto example
(#285)
Posted by Yu Ding <no...@github.com.INVALID>.
@Xynnn007 i believe it's an UB. and compiler can do anything on UB. and it seems gcc-9 is "doing anything" here. @uraj am i correct?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/285#issuecomment-726496640
Re: [apache/incubator-teaclave-sgx-sdk] Fail to run crypto example
(#285)
Posted by lyj <no...@github.com.INVALID>.
Closed #285.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/285#event-3991665756
Re: [apache/incubator-teaclave-sgx-sdk] Fail to run crypto example
(#285)
Posted by Yu Ding <no...@github.com.INVALID>.
Hi @lengyijun , thanks for the report!
Could you please double check if your Intel SGX SDK is the latest version 2.12. If you are using docker, please pull the latest `sgx-rust:1804-1.1.3` again.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/285#issuecomment-726451983
Re: [apache/incubator-teaclave-sgx-sdk] Fail to run crypto example
(#285)
Posted by Xynnn_ <no...@github.com.INVALID>.
Well, it seems that there is something wrong with g++ compiler.
I add **return 0** in the end of function `sha_256()`, and the compiled result is
```
...
36b3: e8 48 fc ff ff callq 3300 <calc_sha256>
36b8: 85 c0 test %eax,%eax
36ba: 75 74 jne 3730 <_Z7sha_256v+0xf0>
...
36c0: 85 ff test %edi,%edi
36c2: 75 60 jne 3724 <_Z7sha_256v+0xe4>
...
3719: 31 c0 xor %eax,%eax
371b: 48 83 c4 10 add $0x10,%rsp
371f: 5b pop %rbx
3720: 5d pop %rbp
3721: 41 5c pop %r12
3723: c3 retq
```
Seems right and the function will return successfully.
On the contrary, if I **DO NOT** add `return 0` ,the compiled result will be
```
...
36b3: e8 48 fc ff ff callq 3300 <calc_sha256>
36b8: 85 c0 test %eax,%eax
36ba: 75 24 jne 36e0 <_Z7sha_256v+0xa0>
36bc: 8b 7c 24 0c mov 0xc(%rsp),%edi
36c0: 85 ff test %edi,%edi
36c2: 74 31 je 36f5 <_Z7sha_256v+0xb5>
...
36f5: 48 8d 35 66 29 00 00 lea 0x2966(%rip),%rsi # 6062 <_IO_stdin_used+0x62>
36fc: bf 01 00 00 00 mov $0x1,%edi
3701: 4c 8d 63 20 lea 0x20(%rbx),%r12
3705: 31 c0 xor %eax,%eax
3707: e8 a4 f0 ff ff callq 27b0 <__...@plt>
370c: 48 8d 2d 65 29 00 00 lea 0x2965(%rip),%rbp # 6078 <_IO_stdin_used+0x78>
3713: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
3718: 0f b6 13 movzbl (%rbx),%edx
371b: 48 89 ee mov %rbp,%rsi
371e: bf 01 00 00 00 mov $0x1,%edi
3723: 31 c0 xor %eax,%eax
3725: 48 83 c3 01 add $0x1,%rbx
3729: e8 82 f0 ff ff callq 27b0 <__...@plt>
372e: 4c 39 e3 cmp %r12,%rbx
3731: 75 e5 jne 3718 <_Z7sha_256v+0xd8>
3733: bf 0a 00 00 00 mov $0xa,%edi
3738: e8 63 ed ff ff callq 24a0 <pu...@plt>
373d: 48 8d 3d 39 29 00 00 lea 0x2939(%rip),%rdi # 607d <_IO_stdin_used+0x7d>
3744: e8 c7 ed ff ff callq 2510 <pu...@plt>
3749: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
0000000000003750 <_Z11aes_gcm_128v>:
3750: f3 0f 1e fa endbr64
```
Don't care about address 0x36f5 - 0x3744. They are contents from original file
```
printf("[+] SHA256 result is ");
int i;
for(i = 0; i < 32; i ++) {
printf("%02x", output_hash[i]);
}
printf("\n");
printf("[+] calc_sha256 success ...\n");
```
And we can see address 0x3749, we want the function returns but actually the machine code doesn't do such thing. So the program will continue executing from 0x3740, which is the start address of function `aes_gcm_128()`. So we can see a printf result and segmentation fault, which is caused by an unalloced stack storage for
```
uint8_t aes_gcm_plaintext[16]
```
Maybe it's something wrong with the g++ compiler?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/285#issuecomment-726494292
Re: [apache/incubator-teaclave-sgx-sdk] Fail to run crypto example
(#285)
Posted by Xynnn_ <no...@github.com.INVALID>.
@dingelish @uraj thanks for explanation
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/285#issuecomment-726648022
Re: [apache/incubator-teaclave-sgx-sdk] Fail to run crypto example
(#285)
Posted by Yu Ding <no...@github.com.INVALID>.
@lengyijun what's the output of 'dpkg -l | grep -i sgx'?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/285#issuecomment-726478453
Re: [apache/incubator-teaclave-sgx-sdk] Fail to run crypto example
(#285)
Posted by lyj <no...@github.com.INVALID>.
```
▶ sgx_sign -version
This is sgx_sign from Intel(R) Software Guard Extensions, version 2.11.100.2 for Linux.
```
I will update to 2.12 and test it again later.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/285#issuecomment-726463430
Re: [apache/incubator-teaclave-sgx-sdk] Fail to run crypto example
(#285)
Posted by Xynnn_ <no...@github.com.INVALID>.
I met the same problem.
```
[+] global_eid: 2
[+] sha256 input string is abc
[+] Expected SHA256 hash: ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
calc_sha256 invoked!
Input string len = 3, input len = 3
[+] SHA256 result is ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
[+] calc_sha256 success ...
[+] Starting aes-gcm-128 encrypt calculation
Segmentation fault (core dumped)
```
Maybe it's because all the following functions:
`sha256(`), `aes_gcm_128()`, `aes_cmac()`, `rsa()` in app.c don't have a return value in the end of main logic(C doesn't need a return value in the end necessarily so compiler doesn't report an error)
when I put **_return 0_** to all the functions mentioned, the result comes.
for example aes_gcm_128()
```
...
printf("[+] aes-gcm-128 decrypt complete \n");
return 0;
```
And the result will be right like
```
[+] global_eid: 2
[+] sha256 input string is abc
[+] Expected SHA256 hash: ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
calc_sha256 invoked!
Input string len = 3, input len = 3
[+] SHA256 result is ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
[+] calc_sha256 success ...
[+] Starting aes-gcm-128 encrypt calculation
[+] aes-gcm-128 args prepared!
[+] aes-gcm-128 expected ciphertext: 0388dace60b6a392f328c2b971b2fe78
aes_gcm_128_encrypt invoked!
aes_gcm_128_encrypt parameter prepared! 16, 16
rsgx calling returned!
[+] aes-gcm-128 returned from enclave!
[+] aes-gcm-128 ciphertext is: 8b2f0fd33bc9a392539c17a42acdfe78
[+] aes-gcm-128 result mac is: 1f6b73897cfc62f3266b8f39de52b8a0
[+] Starting aes-gcm-128 decrypt calculation
[+] aes-gcm-128 expected plaintext:88a7d51d5b7f0000a0b4d51d5b7f0000
aes_gcm_128_decrypt invoked!
aes_gcm_128_decrypt parameter prepared! 16, 16
rsgx calling returned!
[+] aes-gcm-128 decrypted plaintext is: 88a7d51d5b7f0000a0b4d51d5b7f0000
[+] aes-gcm-128 decrypt complete
[+] Starting aes-cmac test
[+] aes-cmac expected digest: 51f0bebf7e3b9d92fc49741779363cfe
[+] aes-cmac result is: 51f0bebf7e3b9d92fc49741779363cfe
rsa chipertext_len: 256
rsa plaintext_len: 128
rsa_key success.
```
I think there may be something wrong with the compiler?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/apache/incubator-teaclave-sgx-sdk/issues/285#issuecomment-726482361