Unsealing Process Does Not Return The Entire Input Data

Nazmus_S_ — Wed, 23 Aug 2017 08:08:06 GMT

I am trying to seal a string, which contains about 7304857 characters. When I load the sealed data from disk to enclave and unseal it, I get only 1731 characters.

However, if I seal a shorter string (containing about 2000000 characters), it works fine.

Is there any limit on data size for a single seal operation?

Untrusted_Application.cpp

    uint32_t sealed_length = sizeof(sgx_sealed_data_t) + sizeof(input_case_char);
    char* sealed_data = (char*)malloc(sealed_length);
    
    seal_string(global_eid, input_case_char, sealed_data, strlen(input_case_char)+1, sealed_length);
 
    std::string sealed_file_path = "abc.dat";
    write_file((char*)sealed_file_path.c_str(), sealed_data, sealed_length);

    char* sealedBlob;  
    sealedBlob = (char*)malloc(sealed_length);
    int* unsealed_length = new int[1]; 
    unsealed_length[0] = sizeof(input_case_char);  
    long int length = load_file("abc.dat", sealedBlob);
    unseal_string(global_eid, sealedBlob, unsealed_length, sealed_length);

int write_file(char* path, char *data, int length) 
{

    FILE *file = fopen(path, "w");
    int ret = fwrite(data, sizeof(char), length, file);
    if (ret != length)
    {
        printf("write_file: Error %d\n", ret);

    }
    fclose(file);
    return 0;

}

long int load_file(char* path, char *buf)
{

   long int length;
   FILE * f = fopen (path, "rb"); //was "rb"

   if (!f)
   {
      return 1;

   }
   fseek (f, 0, SEEK_END);
   length = ftell (f);
   fseek (f, 0, SEEK_SET);
 
   char *buffer = new char[length]();
   fread (buffer, sizeof(char), length, f);
   fclose (f);

   memcpy(buf, buffer, length);

   return length;
}
// load

Enclave.cpp

void seal_string(char* input, char* output, int len_input, int len_output)
{
    char* data_to_seal = (char*)malloc(strlen(input) + 1);
    memcpy(data_to_seal, input, strlen(input) - 1);
    data_to_seal[strlen(input) - 1] = '\0';

    //Seal the data
    uint32_t sealed_len = sizeof(sgx_sealed_data_t) + sizeof(data_to_seal);
    printf("sealed length is %d \n", sealed_len);
    uint8_t *plain_text = NULL;
    uint32_t plain_text_length = 0;
    uint8_t *temp_sealed_buf = (uint8_t *)malloc(sealed_len);
    sgx_status_t ret = sgx_seal_data(plain_text_length, plain_text, sizeof(data_to_seal), (uint8_t *)&data_to_seal, sealed_len, (sgx_sealed_data_t *)temp_sealed_buf);
    if(ret != SGX_SUCCESS)
    {
        //sgx_thread_mutex_unlock(&g_mutex);
        printf("Failed to seal data\n");
        free_allocated_memory(temp_sealed_buf);
        return;
    }
    memcpy(output, (char*)temp_sealed_buf, sealed_len);
    
    
    free_allocated_memory(temp_sealed_buf);
    free_allocated_memory(unsealed_data);   
}

void unseal_string(char* blob, int* unsealed_length, int length)
{
    uint8_t *plain_text = NULL;
    uint32_t plain_text_length = 0;
    uint32_t* unsealed_data = 0;
    uint32_t unsealed_data_length = unsealed_length[0];
    char* blob_in_enc= (char*)malloc(length);
    memcpy(blob_in_enc, blob, length);

    sgx_status_t ret = sgx_unseal_data((sgx_sealed_data_t *)blob_in_enc, plain_text, &plain_text_length, (uint8_t *)&unsealed_data, &unsealed_data_length);

   if (ret == SGX_ERROR_INVALID_PARAMETER) 
   {
	printf("ENCLAVE: SGX_ERROR_INVALID_PARAMETER\n");

	return;
   }
   if (ret == SGX_ERROR_INVALID_CPUSVN)
   {

	printf("ENCLAVE: SGX_ERROR_INVALID_CPUSVN\n");
	return;

   }
   if (ret == SGX_ERROR_INVALID_ISVSVN) 
   {
	printf("ENCLAVE: SGX_ERROR_INVALID_ISVSVN\n");
	return;
   }
   if (ret == SGX_ERROR_MAC_MISMATCH)
   {
	printf("ENCLAVE: SGX_ERROR_MAC_MISMATCH\n");
	return;
   }

   if (ret == SGX_ERROR_OUT_OF_MEMORY)
   {
	printf("ENCLAVE: SGX_ERROR_OUT_OF_MEMORY\n");
	return;
   }

   if (ret == SGX_ERROR_UNEXPECTED) 
   {
	printf("ENCLAVE: SGX_ERROR_UNEXPECTED\n");
	return;
   }
   
    printf("LOADED UNSEALED DAta  %s \n", (char*)unsealed_data);
    printf("\n \n \n ");
    printf("length of LOADED unsealed data %d \n", strlen((char*)unsealed_data));
    
}

EDL

public void seal_string([in, size=len_input] char* input, [out, size=len_output] char* output, int len_input, int len_output);
public void unseal_string([in, size=len_input] char* blob, [in] int* unsealed_length, int len_input);

Hi Nazmus S:

you_w_ — Wed, 23 Aug 2017 09:35:13 GMT

Hi Nazmus S:

I think your you need a bigger heap size in enclave's configure file (eg: enclave.config.xml). You can try to adjust <HeapMaxSize>0x100000</HeapMaxSize> to a bigger value. Then it will work. According to you data size I think it should be bigger than 0x6f7699. Maybe more.

Regards

you

Hi You,

Nazmus_S_ — Wed, 23 Aug 2017 18:54:20 GMT

Hi You,

Thanks for your response.

I already have a much larger heap size, 0xD0000000.

Regards,

Nazmus

topic Hi Nazmus S: in Intel® Software Guard Extensions (Intel® SGX)

Unsealing Process Does Not Return The Entire Input Data

Hi Nazmus S:

Hi You,