Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kmstool_enclave_cli decrypt failed with AWS_IO_SOCKET_INVALID_ADDRESS #122

Closed
syyongx opened this issue Jul 31, 2023 · 4 comments
Closed

kmstool_enclave_cli decrypt failed with AWS_IO_SOCKET_INVALID_ADDRESS #122

syyongx opened this issue Jul 31, 2023 · 4 comments

Comments

@syyongx
Copy link

syyongx commented Jul 31, 2023
edited
Loading

When I use kmstool_enclave_cli to decrypt message in enclave. It report error:
aws_socket_endpoint can't deal with VSOCK port > UINT16_MAX
connection failure\nConnection failed with error aws-c-io: AWS_IO_SOCKET_INVALID_ADDRESS, Invalid socket address.

vsock-proxy start command in parent instance as blow:
vsock-proxy 8000 kms.ap-northeast-1.amazonaws.com 443

kmstool_enclave_cli decrypt command run in enclave as blow:
kmstool_enclave_cli decrypt --region ap-northeast-1 --proxy-port 8000 --encryption-algorithm RSAES_OAEP_SHA_256 --ciphertext *** --key-id *** --aws-access-key-id *** --aws-secret-access-key ***

aws-nitro-enclaves-sdk-c version: v0.4.0
@syyongx
Copy link
Author

syyongx commented Aug 2, 2023

It works when I use the old version: v0.3.2.

@richardfan1126
Copy link
Contributor

Probably due to the dependency update on v0.4.0 and caused by the new checking in aws-c-io (https://github.com/awslabs/aws-c-io/blob/f7bc831dd93a15aeb01e24c4175f205016b077ae/source/posix/socket.c#L349)

I will check where this parameter is being passed from the cli

@eugkoira
Copy link
Contributor

eugkoira commented Aug 4, 2023

Should fix the issue: #121

@eugkoira
Copy link
Contributor

eugkoira commented Aug 7, 2023

Please check the latest release: https://github.com/aws/aws-nitro-enclaves-sdk-c/releases/tag/v0.4.1

@syyongx syyongx closed this as completed Aug 23, 2023
dwhjames added a commit to dwhjames/aws-nitro-enclaves-sdk-c that referenced this issue Jun 1, 2024
@dwhjames
Update dependency list
68fa66f 
Release [v0.4.1](https://github.com/aws/aws-nitro-enclaves-sdk-c/releases/tag/v0.4.1)
at commit [550f731](aws@550f731) (PR [aws#121](aws#121))
pinned the version of [awslabs/[email protected]](https://github.com/awslabs/aws-c-io/releases/tag/v0.11.0).

This issue was reported in this project in Issue [aws#122](aws#122) and upstream in Issue [awslabs/aws-c-io#576](awslabs/aws-c-io#576).

**Fixed versions**

Issue [awslabs/aws-c-io#576](awslabs/aws-c-io#576) was fixed in [awslabs/aws-c-io#613](awslabs/aws-c-io#613). The fix commit [749c87e](awslabs/aws-c-io@749c87e) was first released in [v0.14.0](https://github.com/awslabs/aws-c-io/releases/tag/v0.14.0).

There were a further 3 cascading changes.

1. PR [awslabs/aws-c-common#1079](awslabs/aws-c-common#1079) where fix commit [8eaa098](awslabs/aws-c-common@8eaa098) was first released in [v0.9.12](https://github.com/awslabs/aws-c-common/releases/tag/v0.9.12).
2. PR [awslabs/aws-c-http#457](awslabs/aws-c-http#457) where fix commit [6a1c157](awslabs/aws-c-http@6a1c157) was first released in [v0.8.0](https://github.com/awslabs/aws-c-http/releases/tag/v0.8.0).
3. PR [awslabs/aws-c-auth#220](awslabs/aws-c-auth#220) where fix commit [6ba7a0f](awslabs/aws-c-auth@6ba7a0f) was first released in [v0.7.10](https://github.com/awslabs/aws-c-auth/releases/tag/v0.7.10)

---

**Remaining changes**

[awslabs/aws-c-sdkutils](https://github.com/awslabs/aws-c-sdkutils) was at [v0.1.2](https://github.com/awslabs/aws-c-sdkutils/releases/tag/v0.1.2). The latest compatible patch release is [v0.1.15](https://github.com/awslabs/aws-c-sdkutils/releases/tag/v0.1.15).
The next patch release [v0.1.16](https://github.com/awslabs/aws-c-sdkutils/releases/tag/v0.1.16) breaks due to paired changes in [awslabs/aws-c-sdkutils#39](awslabs/aws-c-sdkutils#39) and [awslabs/aws-c-common#1105](awslabs/aws-c-common#1105).

[awslabs/aws-c-compression](https://github.com/awslabs/aws-c-compression) was at [v0.2.14](https://github.com/awslabs/aws-c-compression/releases/tag/v0.2.14). The latest patch release is [v0.2.18](https://github.com/awslabs/aws-c-compression/releases/tag/v0.2.18).

[awslabs/aws-c-cal](https://github.com/awslabs/aws-c-cal) was at [v0.5.18](https://github.com/awslabs/aws-c-cal/releases/tag/v0.5.18). Linking compatibility now requires at least [v0.6.0](https://github.com/awslabs/aws-c-cal/releases/tag/v0.6.0) due dependencies on the changes in [awslabs/aws-c-cal#152](awslabs/aws-c-cal#152). The latest patch release is [v0.6.15](https://github.com/awslabs/aws-c-cal/releases/tag/v0.6.15).

[aws/s2n-tls](https://github.com/aws/s2n-tls) was at [v1.3.46](https://github.com/aws/s2n-tls/releases/tag/v1.3.46). At [v1.4.0](https://github.com/aws/s2n-tls/releases/tag/v1.4.0) it changed its version pinning for [aws/aws-lc](https://github.com/aws/aws-lc) to [v1.17.4](https://github.com/aws/aws-lc/releases/tag/v1.17.4).

The latest release of [json-c](https://github.com/json-c/json-c) is [json-c-0.17-20230812](https://github.com/json-c/json-c/releases/tag/json-c-0.17-20230812).
@dwhjames dwhjames mentioned this issue Jun 1, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@eugkoira @syyongx @richardfan1126