New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kmstool_enclave_cli decrypt failed with AWS_IO_SOCKET_INVALID_ADDRESS #122

Closed

syyongx opened this issue Jul 31, 2023 · 4 comments

syyongx commented Jul 31, 2023 •

edited

Loading

When I use kmstool_enclave_cli to decrypt message in enclave. It report error:
aws_socket_endpoint can't deal with VSOCK port > UINT16_MAX
connection failure\nConnection failed with error aws-c-io: AWS_IO_SOCKET_INVALID_ADDRESS, Invalid socket address.

vsock-proxy start command in parent instance as blow:
vsock-proxy 8000 kms.ap-northeast-1.amazonaws.com 443

kmstool_enclave_cli decrypt command run in enclave as blow:
kmstool_enclave_cli decrypt --region ap-northeast-1 --proxy-port 8000 --encryption-algorithm RSAES_OAEP_SHA_256 --ciphertext *** --key-id *** --aws-access-key-id *** --aws-secret-access-key ***

aws-nitro-enclaves-sdk-c version: v0.4.0

Author

syyongx commented Aug 2, 2023

It works when I use the old version: v0.3.2.

Contributor

richardfan1126 commented Aug 3, 2023

Probably due to the dependency update on v0.4.0 and caused by the new checking in aws-c-io (https://github.com/awslabs/aws-c-io/blob/f7bc831dd93a15aeb01e24c4175f205016b077ae/source/posix/socket.c#L349)

I will check where this parameter is being passed from the cli

Contributor

eugkoira commented Aug 4, 2023

Should fix the issue: #121

Contributor

eugkoira commented Aug 7, 2023

Please check the latest release: https://github.com/aws/aws-nitro-enclaves-sdk-c/releases/tag/v0.4.1

syyongx closed this as completed

dwhjames added a commit to dwhjames/aws-nitro-enclaves-sdk-c that referenced this issue


          Update dependency list

68fa66f

Release [v0.4.1](https://github.com/aws/aws-nitro-enclaves-sdk-c/releases/tag/v0.4.1)
at commit [550f731](aws@550f731) (PR [aws#121](aws#121))
pinned the version of [awslabs/aws-c-io@v0.11.0](https://github.com/awslabs/aws-c-io/releases/tag/v0.11.0).

This issue was reported in this project in Issue [aws#122](aws#122) and upstream in Issue [awslabs/aws-c-io#576](awslabs/aws-c-io#576).

**Fixed versions**

Issue [awslabs/aws-c-io#576](awslabs/aws-c-io#576) was fixed in [awslabs/aws-c-io#613](awslabs/aws-c-io#613). The fix commit [749c87e](awslabs/aws-c-io@749c87e) was first released in [v0.14.0](https://github.com/awslabs/aws-c-io/releases/tag/v0.14.0).

There were a further 3 cascading changes.

1. PR [awslabs/aws-c-common#1079](awslabs/aws-c-common#1079) where fix commit [8eaa098](awslabs/aws-c-common@8eaa098) was first released in [v0.9.12](https://github.com/awslabs/aws-c-common/releases/tag/v0.9.12).
2. PR [awslabs/aws-c-http#457](awslabs/aws-c-http#457) where fix commit [6a1c157](awslabs/aws-c-http@6a1c157) was first released in [v0.8.0](https://github.com/awslabs/aws-c-http/releases/tag/v0.8.0).
3. PR [awslabs/aws-c-auth#220](awslabs/aws-c-auth#220) where fix commit [6ba7a0f](awslabs/aws-c-auth@6ba7a0f) was first released in [v0.7.10](https://github.com/awslabs/aws-c-auth/releases/tag/v0.7.10)

---

**Remaining changes**

[awslabs/aws-c-sdkutils](https://github.com/awslabs/aws-c-sdkutils) was at [v0.1.2](https://github.com/awslabs/aws-c-sdkutils/releases/tag/v0.1.2). The latest compatible patch release is [v0.1.15](https://github.com/awslabs/aws-c-sdkutils/releases/tag/v0.1.15).
The next patch release [v0.1.16](https://github.com/awslabs/aws-c-sdkutils/releases/tag/v0.1.16) breaks due to paired changes in [awslabs/aws-c-sdkutils#39](awslabs/aws-c-sdkutils#39) and [awslabs/aws-c-common#1105](awslabs/aws-c-common#1105).

[awslabs/aws-c-compression](https://github.com/awslabs/aws-c-compression) was at [v0.2.14](https://github.com/awslabs/aws-c-compression/releases/tag/v0.2.14). The latest patch release is [v0.2.18](https://github.com/awslabs/aws-c-compression/releases/tag/v0.2.18).

[awslabs/aws-c-cal](https://github.com/awslabs/aws-c-cal) was at [v0.5.18](https://github.com/awslabs/aws-c-cal/releases/tag/v0.5.18). Linking compatibility now requires at least [v0.6.0](https://github.com/awslabs/aws-c-cal/releases/tag/v0.6.0) due dependencies on the changes in [awslabs/aws-c-cal#152](awslabs/aws-c-cal#152). The latest patch release is [v0.6.15](https://github.com/awslabs/aws-c-cal/releases/tag/v0.6.15).

[aws/s2n-tls](https://github.com/aws/s2n-tls) was at [v1.3.46](https://github.com/aws/s2n-tls/releases/tag/v1.3.46). At [v1.4.0](https://github.com/aws/s2n-tls/releases/tag/v1.4.0) it changed its version pinning for [aws/aws-lc](https://github.com/aws/aws-lc) to [v1.17.4](https://github.com/aws/aws-lc/releases/tag/v1.17.4).

The latest release of [json-c](https://github.com/json-c/json-c) is [json-c-0.17-20230812](https://github.com/json-c/json-c/releases/tag/json-c-0.17-20230812).

dwhjames mentioned this issue

Update dependency list #138

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment