Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Local attestation of enclaves from different applications

Svart_K_
Beginner
747 Views

The provided sample code for Linux creates 3 different enclaves and then establishes secure connections between them.

To be able to establish the secure channel to a specific enclave, the source enclave needs the other enclaves id which is of course known to the application of the two enclaves are being created from the same application.

If two different applications are creating there own enclave which should communicate with one another, how would the source enclave get to know the ID of the destination enclave? Would that ID have to be transmitted from one application to the enclave on a general way (IPC)?

0 Kudos
7 Replies
Surenthar_S_Intel
747 Views

Hi,

We do not need a secure connection to exchange the enclave id's. The Application can store the enclave id in a registry or on the disc along with the enclave names which can be retrieved by corresponding application to obtain the id of the required enclave. Then the  application initiates a session between the  source enclave and the destination enclave by doing an ECALL into the source enclave, passing in  the enclave id of the destination enclave. Upon receiving the enclave id of the destination enclave,  the source enclave does an OCALL into the core untrusted code which then does an ECALL into the  destination enclave to exchange the messages required to establish a session using ECDH Key  Exchange protocol.

-Surenthar

0 Kudos
Svart_K_
Beginner
747 Views

Thanks for the reply.

I've tried some simple test now by starting the destination enclave code, which sets up an enclave and prints its ID for which I receive "26ce00000002"

Then I used this ID in the local attestation example to connect to

uint64_t wrapper(const char *c) {
	errno = 0;
	uint64_t result = strtoull(c, NULL, 16);

	if (errno == EINVAL) {
		cout << "WRONG NUMBER" << endl;
	} else if (errno == ERANGE) {
		cout << "Too big\n";
	}

	return result;
}

uint32_t load_enclaves() {
    uint32_t enclave_temp_no;
    int ret, launch_token_updated;
    sgx_launch_token_t launch_token;

    enclave_temp_no = 0;

    ret = sgx_create_enclave(ENCLAVE1_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e1_enclave_id, NULL);
    if (ret != SGX_SUCCESS) {
		return ret;
    }
    enclave_temp_no++;
    g_enclave_id_map.insert(std::pair<sgx_enclave_id_t, uint32_t>(e1_enclave_id, enclave_temp_no));

const char *test = "26ce00000002";
e2_enclave_id = wrapper(test);

    enclave_temp_no++;
    g_enclave_id_map.insert(std::pair<sgx_enclave_id_t, uint32_t>(e2_enclave_id, enclave_temp_no));

    return SGX_SUCCESS;
}

int main(int argc, char **argv) {
    uint32_t ret_status;
    sgx_status_t status;


    if(load_enclaves() != SGX_SUCCESS) {
        printf("\nLoad Enclave Failure");
    }

    printf("\nAvaliable Enclaves");
    printf("\nEnclave1 - EnclaveID %lx",e1_enclave_id);
    printf("\nEnclave2 - EnclaveID %lx",e2_enclave_id);

    do {
        //Test Create session between Enclave1(Source) and Enclave2(Destination)
        status = Enclave1_test_create_session(e1_enclave_id, &ret_status, e1_enclave_id, e2_enclave_id);
        if (status!=SGX_SUCCESS)
        {
            printf("Enclave1_test_create_session Ecall failed: Error status code is %x", status);
			print_error_message(status);	
            break;
        }
        else
        {
            if(ret_status==0)
            {
                printf("\n\nSecure Channel Establishment between Source (E1) and Destination (E2) Enclaves successful !!!");
            }
            else
            {
                printf("\nSession establishment and key exchange failure between Source (E1) and Destination (E2): Error return status is %x\n", ret_status);
                break;
            }
        }

 

The destination enclave is still running and should exist. But when executing the local attestation program with the source enclave I receive a "SGX_ERROR_INVALID_ENCLAVE_ID" error? This error is not thrown by the local attestation example program but comes from somewhere in the SGX libraries and I don't know why since the destination enclave is still running, therefore the ID should exist?

 

 

 

0 Kudos
Rodolfo_S_
New Contributor III
747 Views

Hi, Svart.

If I understood correctly, you are trying to use one enclave that belongs to a different application. AFAIK this is not possible to be done.

When you launch an enclave a "context" is created, and it "binds" the enclave id to the application that has created it. So you get that error when you try to access an enclave that "belongs" to another application. I could be wrong, but that's what I understood from my experiments with SGX and from the SDK source code.

Best regards,

Rodolfo

0 Kudos
Svart_K_
Beginner
747 Views

Hi Rodolfo, Yes that's correct I'm trying to establish a communication between two enclaves belonging to two different applications. I'm surprised to hear that that is not currently possibl, since I interpreted that from the answer from Surenthar. Also in the description in https://software.intel.com/en-us/articles/innovative-technology-for-cpu-based-attestation-and-sealing (Figure 3: Intra-Platform Attestation Example) shows two different applications A & B or are those supposed to be the same?

Can someone else confirm that this is not possible? Is there a workaround for this scenario?

0 Kudos
Svart_K_
Beginner
747 Views

Anyone who can answer the question? It's quite urgent...

0 Kudos
Rodolfo_S_
New Contributor III
747 Views

Hi, Svart.

The description shown in the white paper you pointed out states "Enclave A transmits its REPORT to enclave B via the untrusted communication path.". Those arrows there are a bit misleading. The communication between enclave A and enclave B is actually done via application A and application B. 

The "workaround" for this is, as I mentioned above, using the applications that own the enclaves as an untrusted communication path. There are several ways to do it. As an example, one application could by a socket server and the other one would be a socket client. When an enclave wants to communicate with another one in a secure way, it should encrypt its message with a key negotiated during the attestation process, and send it via the application. The application that receives the message forwards it to the destination enclave (which it owns) and the enclave decrypts the message, gaining access to the original message.

0 Kudos
Svart_K_
Beginner
747 Views

Thanks for the clarification

0 Kudos
Reply