search

aws / aws-nitro-enclaves-sdk-c

This repo provides a C API for AWS Nitro Enclaves, including a KMS SDK that integrates it with attestation.
Apache License 2.0
99 stars 74 forks source link

kmstool_enclave_cli throws error #117

Open stibala opened 1 year ago

stibala commented 1 year ago

version: 0.3.1 and 0.3.2

Following this official Nitro Enclaves guide, calling the provided lambda function with "operation": "sign_transaction" the successive call of kmstool_enclave_cli decrypt leads to error "exception happened calling kms binary: [Errno 8] Exec format error: '/app/kmstool_enclave_cli'"

Trying to invoke the kmstool_enclave_cli directly from within the docker container gives following exception:


Fatal error condition occurred in ../bin/kmstool-enclave-cli/main.c:402: aws_nitro_enclaves_library_seed_entropy(1024) == (0)
Exiting Application
################################################################################
Stack trace:
################################################################################
kmstool_enclave_cli(aws_backtrace_print+0x90) [0x63301c]
kmstool_enclave_cli(aws_fatal_assert+0x58) [0x61ae2c]
kmstool_enclave_cli(main+0x40) [0x41e14c]
/lib64/libc.so.6(__libc_start_main+0xe4) [0xffffad6e7da4]
kmstool_enclave_cli() [0x41cf90]
Aborted
bash-4.2#```

Thanks for help!
florianpreusner commented 1 year ago

I have the same issue. Followed the same steps and "successfully" compiled kmstool_enclave_cli. But when calling this binary file by server.py I get the same error: exec format error: ./kmstool_enclave_cli

richardfan1126 commented 1 year ago

Hi @stibala @florianpreusner

First of all, kmstool_enclave_cli can only run in the enclave, if you try to run outside the enclave, it will fail.

Second, the exec format error is because you are building the binary on local machine, which may have different architecture from the enclave, so the enclave cannot run it.

You can try adding --platform=linux/amd64 into this line and build the cli again

florianpreusner commented 1 year ago

Following a focused discussion between myself and @dpdornseifer, we have deemed it necessary to migrate this particular issue to a new thread on Samples GitHub Repo: https://github.com/aws-samples/aws-nitro-enclave-blockchain-wallet/issues/12

Consequently, we can consider the current thread closed.

Thank you @richardfan1126 🙏 for the support provided. I also think it's platform-related. Please rest assured that any developments or results pertaining to this repository will be promptly communicated.

Cheers

richardfan1126 commented 1 year ago

@florianpreusner Thanks for your action.

I didn't foresee a wide-range usage when I was building the CLI 3 years ago, so I didn't take different CPU architectures into account.

I will also do the testing on my end and see if there is any other issue regarding CPU architecture.

I think this issue can be open for now because the missing flag of the build script is in this repository and hasn't been fixed yet.