search

gramineproject / graphene

Graphene / Graphene-SGX - a library OS for Linux multi-process applications, with Intel SGX support
https://grapheneproject.io
GNU Lesser General Public License v3.0
771 stars 260 forks source link

untrusted PAL sent PAL event #2667

Closed yanzhichao closed 3 years ago

yanzhichao commented 3 years ago

Description of the problem

I want to add some code in function int set_protected_files_key(const char* pf_key_hex) for my special purpose. https://github.com/oscarlab/graphene/blob/851f7082dc995e509d36c4acfbd6dec1295f84cb/Pal/src/host/Linux-SGX/enclave_pf.c#L632

for test, I add a sample function in the int set_protected_files_key(const char* pf_key_hex) as follow

int set_protected_files_key(const char* pf_key_hex) {
    size_t pf_key_hex_len = strlen(pf_key_hex);
    if (pf_key_hex_len != PF_KEY_SIZE * 2) {
        return -PAL_ERROR_INVAL;
    }

    pf_lock();
    memset(g_pf_wrap_key, 0, sizeof(g_pf_wrap_key));
    for (size_t i = 0; i < pf_key_hex_len; i++) {
        int8_t val = hex2dec(pf_key_hex[i]);
        if (val < 0) {
            memset(g_pf_wrap_key, 0, sizeof(g_pf_wrap_key));
            pf_unlock();
            return -PAL_ERROR_INVAL;
        }
        g_pf_wrap_key[i / 2] = g_pf_wrap_key[i / 2] * 16 + (uint8_t)val;
    }
    g_pf_wrap_key_set = true;
    pf_unlock();

// *************my code***************** 
    int r=10,c=10;
    int** p2D=malloc2DArray(r,c);
    log_debug("after malloc2Darry\n");

    return 0;
}

my func malloc2DArray(r,c) define in a signle file named testmalloc.c whith a head file testmalloc.h, I put the two file in the /Pal/src/host/Linux-SGX/protected-files

the source of testmalloc.c is as follow:


#ifndef IN_PAL
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define USE_STDLIB
#endif
#include "testmalloc.h"
#include "api.h"

int **malloc2DArray(int r,int c)
{
    int i;
    int **temp=(int **)malloc(r*sizeof(int*));
    for(i=0;i<r;i++)
        temp[i]=(int*)malloc(c*sizeof(int));
    return temp;
}

the source of testmalloc.h is as follow:


#ifndef GRAPHENE_TESTMALLOC_H
#define GRAPHENE_TESTMALLOC_H

extern int **malloc2DArray(int r,int c);
#endif  // GRAPHENE_TESTMALLOC_H

and also I change the Makefile to add the new source_flile 

--- a/Pal/src/host/Linux-SGX/Makefile
+++ b/Pal/src/host/Linux-SGX/Makefile
@@ -60,6 +60,7 @@ enclave-objs = \
        enclave_xstate.o \
        protected-files/lru_cache.o \
        protected-files/protected_files.o \
+       protected-files/testmalloc.o \
        $(commons_objs_encl)

then a rebuild the grahene,and run the ppml , when run to my code , it case the error as follow:

error: *** Unexpected exception occurred inside PAL at RIP = +0x00000047! ***
error: (untrusted PAL sent PAL event 0x2)
error: rax: 0x00000000 rcx: 0x7ffe43f95093 rdx: 0xff0f9a48 rbx: 0xfaadd4a0
rsp: 0xf2827a08 rbp: 0x00000003 rsi: 0x0000000a rdi: 0x0000000a
r8 : 0xfab1d3f7 r9 : 0xfefefefefefefeff r10: 0x00000000 r11: 0xfaafa67c
r12: 0xfa8a4c00 r13: 0x64cd7cf8 r14: 0x62c9b558 r15: 0xf2827f38
rflags: 0x00010202 rip: 0xfaae1047
debug: DkProcessExit: Returning exit code 1

did I miss something ?

mkow commented 3 years ago

did I miss something ?

Definitely: error checking ;)

Please add and then check where exactly it's failing.

yanzhichao commented 3 years ago

I add the debug log, It can ensure that it's failed, when run to int** p2D=malloc2DArray(r,c);

I also try to add the implementation of int **malloc2DArray(int r,int c) in the graphene/Pal/src/host/Linux-SGX/enclave_pf.c directly ,it could work. But I can't work when a split up the code to Separate file fo testmalloc.c.

This confuses me,could you give me some advice? did I need change some code in the makefile ?

mkow commented 3 years ago

Sorry, but I didn't understand your whole comment. Could you clean up/reword it?

dimakuv commented 3 years ago

Why are you adding this malloc2DArray()? What happens if you just add log_debug("after malloc2Darry\n");? Does Graphene-SGX then work all the time, without exceptions?

Why do you use the PPML example? The PPML example is extremely big and complex. You should start with a small test, preferrably written in C. This would give you much better control of what the application and Graphene are doing. Finally, you probably want to debug with GDB.

yanzhichao commented 3 years ago

thanks for your reply @dimakuv Actually,In my scene, all the data is be compressed to a zip file,then encrypt with wrapkey. I want to decrpyt the zip file and unzip to specify pretected directory when get the wrap key for apps. So that app like ppml could read the file directly and no need to unzip.
So, I want to add some code in int set_protected_files_key(const char* pf_key_hex) to implement the function。

I try to port the zlib to Pal for unzip the file, but it's not work. when I run to unzip code, it will raise error as follow:

error: *** Unexpected exception occurred inside PAL at RIP = +0x00000047! ***
error: (untrusted PAL sent PAL event 0x2)
error: rax: 0x00000000 rcx: 0x7ffe43f95093 rdx: 0xff0f9a48 rbx: 0xfaadd4a0
rsp: 0xf2827a08 rbp: 0x00000003 rsi: 0x0000000a rdi: 0x0000000a
r8 : 0xfab1d3f7 r9 : 0xfefefefefefefeff r10: 0x00000000 r11: 0xfaafa67c
r12: 0xfa8a4c00 r13: 0x64cd7cf8 r14: 0x62c9b558 r15: 0xf2827f38
rflags: 0x00010202 rip: 0xfaae1047
debug: DkProcessExit: Returning exit code 1

is there any limits when add code to Pal ?

or for my scene, did you have any suggestion for me ? have any other solution that could decrypt the zip file and unzip it before app running.

dimakuv commented 3 years ago

is there any limits when add code to Pal ?

No, no limits. As long as the added code is correct, Graphene happily works and doesn't throw exceptions.

or for my scene, did you have any suggestion for me ? have any other solution that could decrypt the zip file and unzip it before app running.

Why are you trying to do this at the level of Graphene source code? Your scenario sounds like a change to TensorFlow scripts, not a change of internal Graphene workings.

yanzhichao commented 3 years ago

No, no limits. As long as the added code is correct, Graphene happily works and doesn't throw exceptions.

Ok, I will check my code again.
I submit a commit to my persional rep later. If convenient, help me to review my code.

Why are you trying to do this at the level of Graphene source code? Your scenario sounds like a change to TensorFlow scripts, not a change of internal Graphene workings.

because we want to suitable for any apps which developed by any language and framework.

dimakuv commented 3 years ago

because we want to suitable for any apps which developed by any language and framework.

You could achieve this in a less intrusive way. I would recommend the premain way: https://github.com/oscarlab/graphene/issues/2347. In this way, your tiny helper program does your "decrypt the zip file" logic and then execves the actual application (which can be any language/framework).

yanzhichao commented 3 years ago

Your solution is very excellent, I'll have a try to see if it fits my scene exactly.

yanzhichao commented 3 years ago

@dimakuv I take your suggestion to put the unzip logic to premain, and it worked well. Thanks again, Close.