hello-enclave icon indicating copy to clipboard operation
hello-enclave copied to clipboard
verified publisher icon digawp

Misuse the sgx_unseal_data()

Open Eins0 opened this issue 3 years ago • 0 comments

Hi, bro. Our analysis tool detected that this sample output the p_decrypted_text parameter of sgx_unseal_data() in main function of App . A possible data leak path is Function unseal -> Function main

We understand you may just want to set a sample of sealing/unsealing data inside a enclave .But according to 《Intel® Software Guard Extensions (Intel® SGX) SDK Developer Reference》 . The sgx_unseal_data() function should be utilized to restore secret data that was preserved after an earlier instantiation of this enclave saved this data . It may not proper to directly print out unsealed results by cout .

We appreciate your great efforts to setting a sample for SGX beginners . To make this a better sample , we strongly recommended you to remove the cout part in main function , or use encrpt/dencrpt functions replace the sealing/unsealing ones.

Intel sealing&unsealing Sample https://github.com/intel/linux-sgx/tree/master/SampleCode/SealUnseal/App may be helpful to prove my view.

Eins0 avatar Apr 16 '22 09:04 Eins0