search

intel / linux-sgx

Intel SGX for Linux*
https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/linux-overview.html
Other
1.32k stars 543 forks source link

Unable to specify SGX_KEYPOLICY_NOISVPRODID for sgx_get_key #578

Open shamsasari opened 4 years ago

shamsasari commented 4 years ago

sgx_get_key returns SGX_ERROR_INVALID_PARAMETER if the SGX_KEYPOLICY_NOISVPRODID bit is set in the key_policy field.

From looking at the code it seems to me the bug is in this line: https://github.com/intel/linux-sgx/blob/4589daddd58bec7367a6a9de3fe301e6de17671a/sdk/selib/sgx_get_key.cpp#L93

SGX_KEYPOLICY_NOISVPRODID is missing in the check and so it's treated as a reserved bit.

Incidentally, sgx_seal_data_ex does include SGX_KEYPOLICY_NOISVPRODID in its check: https://github.com/intel/linux-sgx/blob/4589daddd58bec7367a6a9de3fe301e6de17671a/sdk/tseal/tSeal.cpp#L96

lzha101 commented 4 years ago

Thanks for reporting this. You are right. We need to update the check in sgx_get_key() API. Will fix it soon.

lzha101 commented 4 years ago

As the fix is not included in the latest release, a PR https://github.com/intel/linux-sgx/pull/590 is created to fix this.