Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

C++ regex functions support

Harris__David
Beginner
1,846 Views

I want to use the C++ regex library in the enclave.   To test using regex, I put basic regex functions 'regex' and 'regex_match' in the code below and get the compiler error "Function <.....> could not be resolved", though "#include regex" produces no errors.

#include <stdarg.h>
#include <stdio.h>      /* vsnprintf */
#include <regex>
 
#include "enc.h"
#include "enc_t.h"  /* print_string */

using namespace std;


/*  
 * printf:  
 *   Invokes OCALL to display the enclave buffer to the terminal.
 */
void printf(const char *fmt, ...)
{
    char buf[BUFSIZ] = {'\0'};
    va_list ap;
    va_start(ap, fmt);
    vsnprintf(buf, BUFSIZ, fmt, ap);
    va_end(ap);
    ocall_enc_sample(buf);
}
 
int ecall_enc_sample()
{
  printf("IN ENC\n");
  regex_match ("subject", regex("(sub)(.*)"));
  return 0;
}

********************************************************************

Makefile generates the following errors:

make SGX_DEBUG=1 SGX_MODE=SIM -f sgx/Makefile all  
make -C ./sgx/enclave_enc  -f sgx_u.mk all;
make[1]: Entering directory `/home/dave/eclipse-workspace/reg/sgx/enclave_enc'
GEN  =>  untrusted/enc_u.c
CC   <=  untrusted/enc_u.c
CXX  <=  untrusted/sample.cpp
LINK =>  sample
make[1]: Leaving directory `/home/dave/eclipse-workspace/reg/sgx/enclave_enc'
make -C ./sgx/enclave_enc    -f sgx_t.mk all;
make[1]: Entering directory `/home/dave/eclipse-workspace/reg/sgx/enclave_enc'
GEN  =>  trusted/enc_t.c
CC   <=  trusted/enc_t.c
trusted/enc.cpp: In function ‘int ecall_enc_sample()’:
trusted/enc.cpp:27:44: error: ‘regex’ was not declared in this scope
   regex_match ("subject", regex("(sub)(.*)"));
                                            ^
trusted/enc.cpp:27:45: error: ‘regex_match’ was not declared in this scope
   regex_match ("subject", regex("(sub)(.*)"));
                                             ^
make[1]: *** [trusted/enc.o] Error 1
make[1]: Leaving directory `/home/dave/eclipse-workspace/reg/sgx/enclave_enc'
make: *** [all] Error 2

********************************************************************

Makefile structure:

######## Intel(R) SGX SDK Settings ########
SGX_SDK ?= /opt/intel/sgxsdk
SGX_MODE ?= SIM
SGX_ARCH ?= x64
 
ifeq ($(shell getconf LONG_BIT), 32)
    SGX_ARCH := x86
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
    SGX_ARCH := x86
endif
 
ifeq ($(SGX_ARCH), x86)
    SGX_COMMON_CFLAGS := -m32
    SGX_LIBRARY_PATH := $(SGX_SDK)/lib
    SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
    SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
else
    SGX_COMMON_CFLAGS := -m64
    SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
    SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
    SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
endif
 
ifeq ($(SGX_DEBUG), 1)
ifeq ($(SGX_PRERELEASE), 1)
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
endif
endif
 
ifeq ($(SGX_DEBUG), 1)
        SGX_COMMON_CFLAGS += -O0 -g
else
        SGX_COMMON_CFLAGS += -O2
endif
 
ifneq ($(SGX_MODE), HW)
    Trts_Library_Name := sgx_trts_sim
    Service_Library_Name := sgx_tservice_sim
else
    Trts_Library_Name := sgx_trts
    Service_Library_Name := sgx_tservice
endif
 
Crypto_Library_Name := sgx_tcrypto
 
Enc_Cpp_Files := trusted/enc.cpp  
Enc_C_Files :=  
Enc_Include_Paths := -IInclude -Itrusted -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx
 
 
Flags_Just_For_C := -Wno-implicit-function-declaration -std=c11
Common_C_Cpp_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enc_Include_Paths) -fno-builtin-printf -I.
Enc_C_Flags := $(Flags_Just_For_C) $(Common_C_Cpp_Flags)
Enc_Cpp_Flags :=  $(Common_C_Cpp_Flags) -std=c++11 -nostdinc++ -fno-builtin-printf -I.
 
Enc_Cpp_Flags := $(Enc_Cpp_Flags)  -fno-builtin-printf
 
Enc_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
    -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
    -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
    -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
    -Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
    -Wl,--defsym,__ImageBase=0 \
    -Wl,--version-script=trusted/enc.lds
 
Enc_Cpp_Objects := $(Enc_Cpp_Files:.cpp=.o)
Enc_C_Objects := $(Enc_C_Files:.c=.o)
 
ifeq ($(SGX_MODE), HW)
ifneq ($(SGX_DEBUG), 1)
ifneq ($(SGX_PRERELEASE), 1)
Build_Mode = HW_RELEASE
endif
endif
endif
 
 
.PHONY: all run
 
ifeq ($(Build_Mode), HW_RELEASE)
all: enc.so
    @echo "Build enclave enc.so  [$(Build_Mode)|$(SGX_ARCH)] success!"
    @echo
    @echo "*********************************************************************************************************************************************************"
    @echo "PLEASE NOTE: In this mode, please sign the enc.so first using Two Step Sign mechanism before you run the app to launch and access the enclave."
    @echo "*********************************************************************************************************************************************************"
    @echo  
 
 
else
all: enc.signed.so
endif
 
run: all
ifneq ($(Build_Mode), HW_RELEASE)
    @$(CURDIR)/app
    @echo "RUN  =>  app [$(SGX_MODE)|$(SGX_ARCH), OK]"
endif
 
 
######## enc Objects ########
 
trusted/enc_t.c: $(SGX_EDGER8R) ./trusted/enc.edl
    @cd ./trusted && $(SGX_EDGER8R) --trusted ../trusted/enc.edl --search-path ../trusted --search-path $(SGX_SDK)/include
    @echo "GEN  =>  $@"
 
trusted/enc_t.o: ./trusted/enc_t.c
    @$(CC) $(Enc_C_Flags) -c $< -o $@
    @echo "CC   <=  $<"
 
trusted/%.o: trusted/%.cpp
    @$(CXX) $(Enc_Cpp_Flags) -c $< -o $@
    @echo "CXX  <=  $<"
 
trusted/%.o: trusted/%.c
    @$(CC) $(Enc_C_Flags) -c $< -o $@
    @echo "CC  <=  $<"
 
enc.so: trusted/enc_t.o $(Enc_Cpp_Objects) $(Enc_C_Objects)
    @$(CXX) $^ -o $@ $(Enc_Link_Flags)
    @echo "LINK =>  $@"
 
enc.signed.so: enc.so
    @$(SGX_ENCLAVE_SIGNER) sign -key trusted/enc_private.pem -enclave enc.so -out $@ -config trusted/enc.config.xml
    @echo "SIGN =>  $@"
clean:
    @rm -f enc.* trusted/enc_t.* $(Enc_Cpp_Objects) $(Enc_C_Objects)

 

0 Kudos
3 Replies
Scott_R_Intel
Moderator
1,846 Views

Hi David.

The regex library is currently unsupported within SGX enclaves.  The header was kept in the SDK to simplify future updates.  If you look at the regex header file, at line 757 you'll notice the following:

#ifndef _LIBCPP_SGX_CONFIG // unsupported by SGX

This effectively disables the regex library.

For a complete list of unsupported functions, you can look in the SGX developer reference or this web site:

https://software.intel.com/en-us/sgx-sdk-dev-reference-unsupported-c-standard-functions-1

Regards.

Scott

0 Kudos
Dr__Greg
Super User
1,846 Views

Hi David, I hope this note finds your week going well.

We needed regex support in our enclave based modeling engine so we ported the regular expression code from the MUSL C library.  It took a little hammering and filing to get it into an enclave but the process was reasonably straight forward and we have had no demonstrated issues with the code to date.

It is obviously the POSIX C API rather then a C++ API but if you need regular expression processing it is a possible path forward.

Good luck with your project.

Dr. Greg

0 Kudos
Harris__David
Beginner
1,846 Views

Thanks, Dr. Greg.  Is there currently a roadmap or general direction on what C/C++11-17 features are not outside of future SGX support, in order to determine what is a fundamental restriction, like Input/Output and something that could be supported in the future or allowed via third-party products?

0 Kudos
Reply