AES key encryption causes enclave crash in HW mode

Kailai-Wang commented 1 year ago

We found that encrypting using the user's shielding key (AES-GCM 256) in HW mode would cause the enclave to crash:

[2022-11-16T21:43:06Z ERROR integritee_service::sidechain_setup] Sgx(SGX_ERROR_ENCLAVE_CRASHED)
[2022-11-16T21:43:12Z ERROR integritee_service::sidechain_setup] Sgx(SGX_ERROR_ENCLAVE_CRASHED)
[+] Received finalized header update (33), syncing parent chain...
[+] Found 1 block(s) to sync
[2022-11-16T21:43:17Z ERROR integritee_service] Parentchain block syncing terminated with a failure: EnclaveApi(Sgx(SGX_ERROR_ENCLAVE_CRASHED))

The error is triggered by: https://github.com/litentry/tee-worker/blob/f87dbb353490866f2c33bef19bb33c896c0574d7/app-libs/stf/src/helpers.rs#L132

It works in SW mode.

Kailai-Wang commented 1 year ago

Tried aes-gcm with 128-bit key => didn't work either

Next alternative: https://docs.rs/ring/latest/ring/aead/index.html

Fallback solution: native 128-bit aes-gcm from SDK

Kailai-Wang commented 1 year ago

@jingleizhang mentions maybe increasing the enclave resource (RAM/Heap) helps -- we should try it.

BillyWooo commented 1 year ago

@jingleizhang It doesn't work with increasing the enclave resource as @Kailai-Wang tried it. After a quick alignment with @Kailai-Wang , we will try out the ring alternative mentioned above.

Kailai-Wang commented 1 year ago

Yes I've tried the following and it didn't work:

increase both StackMaxSize and HeapMaxSize to 64MB

<StackMaxSize>0x4000000</StackMaxSize>
<HeapMaxSize>0x4000000</HeapMaxSize>

add +aes to the -C target-feature when compiling the enclave

litentry / tee-worker

AES key encryption causes enclave crash in HW mode #144