PrivacyGuard is a platform that combines blockchain smart contract and TEE to enable transparent enforcement of private data computation and fine-grained usage control. This repo includes prototype implementation and evaluation programs.
License: MIT License
Dear sir,
This code didn't check whether malloc() result is NULL and writed sensitive data to it,
as we know, the attacker can mmap the address 0, if the attacker do that, the sensitve data will be writed outside enclave.
in file PrivacyGuard/DataBroker/Enclave/enclave.cpp line ,vulnerability code is here:
sgx_status_t ECALL_enclave_DO_config(int num_DOs)
{
int i;
sgx_status_t ret = SGX_SUCCESS;
sk_key_DO = (sgx_ec_key_128bit_t *) malloc(num_DOs * sizeof(sgx_ec_key_128bit_t));
// here.
// same issue to varaible sk_key_DO and DO_data_key_assigned
DO_data_key = (sgx_aes_gcm_128bit_key_t *) malloc(num_DOs * sizeof(sgx_aes_gcm_128bit_key_t));
DO_data_key_assigned = (bool *) malloc(num_DOs * sizeof(bool));
for(i = 0; i < num_DOs; i++)
{
DO_data_key_assigned[i] = false;
}
return ret;
}
here sensitive data is writen:
if(!DO_data_key_assigned[DO_ID-1])
{
/* Generate a 16-Byte data encryption key for DO's data */
sgx_read_rand(DO_data_key[DO_ID-1], sizeof(sgx_aes_gcm_128bit_key_t)); // the data encryption key will be leaked if malloc fails
in file Enclave_testML/isv_enclave/isv_enclave.cpp:
sgx_status_t ECALL_compute_task1(
sgx_ra_context_t context,
uint8_t *p_data_encrypted,
uint32_t data_size,
uint8_t *p_data_gcm_mac,
uint8_t *p_result_encrypted,
uint32_t result_size,
uint8_t *p_result_gcm_mac,
uint8_t *p_rand_key_DC_encrypted,
uint8_t *p_rand_key_DC_mac)
{
sgx_status_t ret = SGX_SUCCESS;
uint8_t aes_gcm_iv[12] = {0};
uint8_t g_data[data_size];
uint8_t result[result_size];
int i;
do{
ret = sgx_rijndael128GCM_decrypt((const sgx_ec_key_128bit_t*) g_secret_iDA,
p_data_encrypted,
data_size,
g_data,
aes_gcm_iv,
12,
NULL,
0,
(const sgx_aes_gcm_128bit_tag_t*) p_data_gcm_mac);
}while(ret != SGX_SUCCESS);
printf("\n[ENCLAVE] DataOwner's data are:\n"); // =====================>leak
for(i = 0;i < data_size;i++)
{
printf("%c", g_data[i]);
}and here:
PrivacyGuard/DataBroker/Enclave/enclave.cpp
Line 490 in 94e888a
hi,sir,
I think there is a security issue here:
in file Enclave_testML/isv_enclave/isv_enclave.cpp:
sgx_status_t ECALL_put_secret_data(
sgx_ra_context_t context,
uint8_t *p_secret,
uint32_t secret_size,
uint8_t *p_gcm_mac,
uint32_t provisioner_type)
{
sgx_status_t ret = SGX_SUCCESS;
uint32_t i;
uint8_t aes_gcm_iv[12] = {0};
do {
if(provisioner_type == 1) // DataConsumer
{
ret = sgx_ra_get_keys(context, SGX_RA_KEY_SK, &sk_key_DC);
if(SGX_SUCCESS != ret)
{
printf("[ENCLAVE] Get keys failed.\n");
break;
}
ret = sgx_rijndael128GCM_decrypt(&sk_key_DC,
p_secret,
secret_size,
&g_secret_DC[0],
&aes_gcm_iv[0],
12,
NULL,
0,
(const sgx_aes_gcm_128bit_tag_t *)(p_gcm_mac));
if (ret != SGX_SUCCESS)
{
printf("[ENCLAVE] 128GCM decrypt failed\n");
}
// ------------------------------------------------------------------!!! INFORMATION LEAK HERE!!!
printf("\n[ENCLAVE] DataConsumer's secret is:\n");
for(i=0;i<secret_size;i++)
{
printf("0x%02X ", g_secret_DC[i]);
}
printf("\n");
}
else // iDataAgent
{
ret = sgx_ra_get_keys(context, SGX_RA_KEY_SK, &sk_key_iDA);
if(SGX_SUCCESS != ret)
{
printf("[ENCLAVE] Get keys failed.\n");
break;
}
ret = sgx_rijndael128GCM_decrypt(&sk_key_iDA,
p_secret,
secret_size,
&g_secret_iDA[0],
&aes_gcm_iv[0],
12,
NULL,
0,
(const sgx_aes_gcm_128bit_tag_t *)(p_gcm_mac));
// ------------------------------------------------------------------!!! INFORMATION LEAK HERE!!!
printf("\n[ENCLAVE] DataOwner's data key is:\n");
for(i=0;i<secret_size;i++)
{
printf("0x%02X ", g_secret_iDA[i]);
}
printf("\n");
}
// Once the server has the shared secret, it should be sealed to
// persistent storage for future use. This will prevents having to
// perform remote attestation until the secret goes stale. Once the
// enclave is created again, the secret can be unsealed.
} while(0);
return ret;
}Hi,dear
some errors occurred when building PrivacyGuard:
Line 99 in 1ef665f
Line 100 in 1ef665f
CXX <= service_provider/ecp.cpp
CXX <= service_provider/network_ra.cpp
CXX <= service_provider/service_provider.cpp
CXX <= service_provider/ias_ra.cpp
LINK => libservice_provider.so
GEN => isv_app/isv_enclave_u.c
CC <= isv_app/isv_enclave_u.c
CXX <= isv_app/isv_app.cpp
CXX <= isv_app/operations.cpp
g++ isv_app/isv_enclave_u.o isv_app/isv_app.o isv_app/operations.o -o app -m64 -O0 -g -L/opt/intel/sgxsdk/lib64 -lsgx_urts -lsvm_u -lsgx_ucv -L. -lsgx_ukey_exchange -lpthread -lservice_provider -Wl,-rpath=/home/test/PrivacyGuard-master/CEE/sample_libcrypto -Wl,-rpath=/home/test/PrivacyGuard-master/CEE -lsgx_uae_service
/usr/bin/ld: cannot find -lsvm_u
/usr/bin/ld: cannot find -lsgx_ucv
collect2: error: ld returned 1 exit status
Makefile:256: recipe for target 'app' failed
make: *** [app] Error 1
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.