transmit char* via secure channel

Flo · ‎03-12-2020

Hi,

I currently work on the code of Local Attestation sample, trying to adapt it to send a char* instead uint8_t. My changes were in the files Utility_E2.cpp and Utility_E1.cpp, functions which are called in the enclaves. I changes also the types and sizes in some including header files, for the building of fifo message, but still, i encountered a segmentation fault located in the function generate_response, of code EnclaveMessageExchange.cpp (it crashed in the freeing of resp_data buffer).

Could you give me some tips to resolve this problem, and indicate to me the mandatory parts of codes which has to be adapted to send a char* ?

Thanks in advance,

Flo

JesusG_Intel · ‎03-19-2020

Hello Flo,

The SGX message exchange protocol encrypts the payload using the sgx_rijndael128GCM_encrypt and sgx_rijndael128GCM_decrypt functions. These functions require the payload to be uint8_t* so you cannot pass char* data directly. We recommend to cast your char* data to uint8_t* before passing it. You can find more information on these crypto library calls in the Intel® Software Guard Extensions Developer Reference for Linux OS page 252.

Regards,

Jesus

thiant__floris · ‎04-04-2020

Hello Jesus,

Thanks for your answer.
Indeed if have noticed that a cast in uint8_t* was necessary.
A question about good practice : to be able to check the size of the decrypted_message (can't anymore use sizeof on a pointer), i set the size of it during the building of the message in the enclave (Initiator and Responder) and then in the function marshal_message_exchange_request, i implemented :
secret_data_len = strlen(reinterpret_cast<char *>(secret_data)) * sizeof(*secret_data)
Is that the good way ?
Morever, the result of secret_data_len doesn't return the appropriate length.

Thanks in advance,

Flo

Flo · ‎04-07-2020

Hi Jesus,

I am now able to send a uint8_t *, but even with an large enough allocation of memory for char * result, both in and out, i can only send message of the same size (Initiator and Responder). If not, i encountered a segmentation fault during the freeing of _in_req_message (EnclaveResponder_t.c).

Do you have an idea to understand this behaviour ?

Thanks in advance,

Flo

JesusG_Intel · ‎04-08-2020

Hello Flo,

Can you please provide more specifics on what you are trying to do and how you are going about it? Can you share your code so we can see the changes you made?

Regards,

Jesus

Flo · ‎04-21-2020

Hi Jesus,

I resolved my problem by passing the ms_in_msg_exchange_t structure to the function message_exchange_response_generator to retrieve the appropriate length of uint8_t *, calculated in the function marshal_message_exchange_request (Utility_E1.cpp of EnclaveInitiator).

Thanks for the time you have spent on my question.

Flo