Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

transmit char* via secure channel

Flo
Beginner
‎03-12-2020 09:18 AM
481 Views

Hi,

I currently work on the code of Local Attestation sample, trying to adapt it to send a char* instead uint8_t. My changes were in the files Utility_E2.cpp and Utility_E1.cpp, functions which are called in the enclaves. I changes also the types and sizes in some including header files, for the building of fifo message, but still, i encountered a segmentation fault located in the function generate_response, of code EnclaveMessageExchange.cpp (it crashed in the freeing of resp_data buffer).

Could you give me some tips to resolve this problem, and indicate to me the mandatory parts of codes which has to be adapted to send a char* ?

Thanks in advance,

Flo

0 Kudos

Link Copied

5 Replies
JesusG_Intel
Moderator
‎03-19-2020 10:36 AM
481 Views

Hello Flo,

The SGX message exchange protocol encrypts the payload using the sgx_rijndael128GCM_encrypt and sgx_rijndael128GCM_decrypt functions. These functions require the payload to be uint8_t* so you cannot pass char* data directly. We recommend to cast your char* data to uint8_t* before passing it. You can find more information on these crypto library calls in the Intel® Software Guard Extensions Developer Reference for Linux OS page 252.

Regards,

Jesus

0 Kudos
Copy link
thiant__floris
Beginner
‎04-04-2020 02:43 AM
481 Views

Hello Jesus,

Thanks for your answer.
Indeed if have noticed that a cast in uint8_t* was necessary.
A question about good practice : to be able to check the size of the decrypted_message (can't anymore use sizeof on a pointer), i set the size of it during the building of the message in the enclave (Initiator and Responder) and then in the function marshal_message_exchange_request, i implemented :
secret_data_len = strlen(reinterpret_cast<char *>(secret_data)) * sizeof(*secret_data)
Is that the good way ?
Morever, the result of secret_data_len doesn't return the appropriate length.

Thanks in advance,

Flo

0 Kudos
Copy link
Flo
Beginner
‎04-07-2020 04:28 AM
481 Views

Hi Jesus,

I am now able to send a uint8_t *, but even with an large enough allocation of memory for char * result, both in and out, i can only send message of the same size (Initiator and Responder). If not, i encountered a segmentation fault during the freeing of _in_req_message (EnclaveResponder_t.c).

Do you have an idea to understand this behaviour ?

Thanks in advance,

Flo

0 Kudos
Copy link
JesusG_Intel
Moderator
‎04-08-2020 11:35 AM
481 Views

Hello Flo,

Can you please provide more specifics on what you are trying to do and how you are going about it? Can you share your code so we can see the changes you made?

Regards,

Jesus

0 Kudos
Copy link
Flo
Beginner
‎04-21-2020 06:58 AM
481 Views

Hi Jesus,

I resolved my problem by passing the ms_in_msg_exchange_t structure to the function message_exchange_response_generator to retrieve the appropriate length of uint8_t *, calculated in the function marshal_message_exchange_request (Utility_E1.cpp of EnclaveInitiator).

Thanks for the time you have spent on my question.

Flo

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.