Fail to run crypto example

[lengyijun]

[+] global_eid: 2
[+] sha256 input string is abc
[+] Expected SHA256 hash: ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
calc_sha256 invoked!
Input string len = 3, input len = 3
[+] SHA256 result is ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
[+] calc_sha256 success ...
[+] Starting aes-gcm-128 encrypt calculation
[1]    2483 segmentation fault (core dumped)  ./app

[dingelish]

Hi @lengyijun , thanks for the report!

Could you please double check if your Intel SGX SDK is the latest version 2.12. If you are using docker, please pull the latest sgx-rust:1804-1.1.3 again.

[lengyijun]

▶ sgx_sign -version                                                                                                                     

This is sgx_sign from Intel(R) Software Guard Extensions, version 2.11.100.2 for Linux.

I will update to 2.12 and test it again later.

[lengyijun]

➜  bin git:(master) ✗ ./app 
[+] global_eid: 2
[+] sha256 input string is abc
[+] Expected SHA256 hash: ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
calc_sha256 invoked!
Input string len = 3, input len = 3
[+] SHA256 result is ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
[+] calc_sha256 success ...
[+] Starting aes-gcm-128 encrypt calculation
[1]    17413 segmentation fault (core dumped)  ./app

➜  bin git:(master) ✗ sgx_sign -version

This is sgx_sign from Intel(R) Software Guard Extensions, version 2.12.100.3 for Linux.

[lengyijun]

And I'm not testing in docker.

➜  bin git:(master) ✗ neofetch
     -+ssssssssssssssssssyyssss+-         OS: Ubuntu 20.04.1 LTS x86_64 
    .ossssssssssssssssssdMMMNysssso.       Host: OptiPlex 7070 
   /ssssssssssshdmmNNmmyNMMMMhssssss/      Kernel: 5.4.73-custom 
  +ssssssssshmydMMMMMMMNddddyssssssss+     Uptime: 11 mins 
 /sssssssshNMMMyhhyyyyhmNMMMNhssssssss/    Packages: 1887 (dpkg), 7 (snap) 
.ssssssssdMMMNhsssssssssshNMMMdssssssss.   Shell: zsh 5.8 
+sssshhhyNMMNyssssssssssssyNMMMysssssss+   Resolution: 1920x1080 
ossyNMMMNyMMhsssssssssssssshmmmhssssssso   Terminal: /dev/pts/0 
ossyNMMMNyMMhsssssssssssssshmmmhssssssso   CPU: Intel i7-9700 (8) @ 4.700GHz 
+sssshhhyNMMNyssssssssssssyNMMMysssssss+   GPU: Intel UHD Graphics 630 
.ssssssssdMMMNhsssssssssshNMMMdssssssss.   Memory: 587MiB / 15669MiB 

[dingelish]

@lengyijun what's the output of 'dpkg -l | grep -i sgx'?

[Xynnn007]

I met the same problem.

[+] global_eid: 2
[+] sha256 input string is abc
[+] Expected SHA256 hash: ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
calc_sha256 invoked!
Input string len = 3, input len = 3
[+] SHA256 result is ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
[+] calc_sha256 success ...
[+] Starting aes-gcm-128 encrypt calculation
Segmentation fault (core dumped)

Maybe it's because all the following functions:
sha256(), aes_gcm_128(), aes_cmac(), rsa() in app.c don't have a return value in the end of main logic(C doesn't need a return value in the end necessarily so compiler doesn't report an error)
when I put return 0 to all the functions mentioned, the result comes.
for example aes_gcm_128()

...
printf("[+] aes-gcm-128 decrypt complete \n");
return 0;

And the result will be right like

[+] global_eid: 2
[+] sha256 input string is abc
[+] Expected SHA256 hash: ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
calc_sha256 invoked!
Input string len = 3, input len = 3
[+] SHA256 result is ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad
[+] calc_sha256 success ...
[+] Starting aes-gcm-128 encrypt calculation
[+] aes-gcm-128 args prepared!
[+] aes-gcm-128 expected ciphertext: 0388dace60b6a392f328c2b971b2fe78
aes_gcm_128_encrypt invoked!
aes_gcm_128_encrypt parameter prepared! 16, 16
rsgx calling returned!
[+] aes-gcm-128 returned from enclave!
[+] aes-gcm-128 ciphertext is: 8b2f0fd33bc9a392539c17a42acdfe78
[+] aes-gcm-128 result mac is: 1f6b73897cfc62f3266b8f39de52b8a0
[+] Starting aes-gcm-128 decrypt calculation
[+] aes-gcm-128 expected plaintext:88a7d51d5b7f0000a0b4d51d5b7f0000
aes_gcm_128_decrypt invoked!
aes_gcm_128_decrypt parameter prepared! 16, 16
rsgx calling returned!
[+] aes-gcm-128 decrypted plaintext is: 88a7d51d5b7f0000a0b4d51d5b7f0000
[+] aes-gcm-128 decrypt complete 
[+] Starting aes-cmac test 
[+] aes-cmac expected digest: 51f0bebf7e3b9d92fc49741779363cfe
[+] aes-cmac result is: 51f0bebf7e3b9d92fc49741779363cfe
rsa chipertext_len: 256
rsa plaintext_len: 128
rsa_key success. 

I think there may be something wrong with the compiler?

[Xynnn007]

Well, it seems that there is something wrong with g++ compiler.
I add return 0 in the end of function sha_256(), and the compiled result is

...
    36b3:	e8 48 fc ff ff       	callq  3300 <calc_sha256>
    36b8:	85 c0                	test   %eax,%eax
    36ba:	75 74                	jne    3730 <_Z7sha_256v+0xf0>
...
    36c0:	85 ff                	test   %edi,%edi
    36c2:	75 60                	jne    3724 <_Z7sha_256v+0xe4>
...
    3719:	31 c0                	xor    %eax,%eax
    371b:	48 83 c4 10          	add    $0x10,%rsp
    371f:	5b                   	pop    %rbx
    3720:	5d                   	pop    %rbp
    3721:	41 5c                	pop    %r12
    3723:	c3                   	retq   

Seems right and the function will return successfully.
On the contrary, if I DO NOT add return 0 ,the compiled result will be

...
    36b3:	e8 48 fc ff ff       	callq  3300 <calc_sha256>
    36b8:	85 c0                	test   %eax,%eax
    36ba:	75 24                	jne    36e0 <_Z7sha_256v+0xa0>
    36bc:	8b 7c 24 0c          	mov    0xc(%rsp),%edi
    36c0:	85 ff                	test   %edi,%edi
    36c2:	74 31                	je     36f5 <_Z7sha_256v+0xb5>
...
    36f5:	48 8d 35 66 29 00 00 	lea    0x2966(%rip),%rsi        # 6062 <_IO_stdin_used+0x62>
    36fc:	bf 01 00 00 00       	mov    $0x1,%edi
    3701:	4c 8d 63 20          	lea    0x20(%rbx),%r12
    3705:	31 c0                	xor    %eax,%eax
    3707:	e8 a4 f0 ff ff       	callq  27b0 <__printf_chk@plt>
    370c:	48 8d 2d 65 29 00 00 	lea    0x2965(%rip),%rbp        # 6078 <_IO_stdin_used+0x78>
    3713:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
    3718:	0f b6 13             	movzbl (%rbx),%edx
    371b:	48 89 ee             	mov    %rbp,%rsi
    371e:	bf 01 00 00 00       	mov    $0x1,%edi
    3723:	31 c0                	xor    %eax,%eax
    3725:	48 83 c3 01          	add    $0x1,%rbx
    3729:	e8 82 f0 ff ff       	callq  27b0 <__printf_chk@plt>
    372e:	4c 39 e3             	cmp    %r12,%rbx
    3731:	75 e5                	jne    3718 <_Z7sha_256v+0xd8>
    3733:	bf 0a 00 00 00       	mov    $0xa,%edi
    3738:	e8 63 ed ff ff       	callq  24a0 <putchar@plt>
    373d:	48 8d 3d 39 29 00 00 	lea    0x2939(%rip),%rdi        # 607d <_IO_stdin_used+0x7d>
    3744:	e8 c7 ed ff ff       	callq  2510 <puts@plt>
    3749:	0f 1f 80 00 00 00 00 	nopl   0x0(%rax)

0000000000003750 <_Z11aes_gcm_128v>:
    3750:	f3 0f 1e fa          	endbr64 

Don't care about address 0x36f5 - 0x3744. They are contents from original file

    printf("[+] SHA256 result is ");

    int i;
    for(i = 0; i < 32; i ++) {
        printf("%02x", output_hash[i]);
    }
    printf("\n");
    printf("[+] calc_sha256 success ...\n");

And we can see address 0x3749, we want the function returns but actually the machine code doesn't do such thing. So the program will continue executing from 0x3749, which is the start address of function aes_gcm_128(). So we can see a printf result and segmentation fault, which is caused by an unalloced stack storage for

uint8_t aes_gcm_plaintext[16]

Maybe it's something wrong with the g++ compiler?

[dingelish]

@Xynnn007 i believe it's an UB. and compiler can do anything on UB. and it seems gcc-9 is "doing anything" here. @uraj am i correct?

[uraj]

Yes, functions that are not void yet having no return statements have undefined behaviors, unless that function is "main", according to the standard.

[Xynnn007]

@dingelish @uraj thanks for explanation