Solved: Re:How to read a file to enclave and write a file from enclave

double · ‎03-16-2022

I want to implement the function:

Read an external file, and process the data in the enclave. And then save the processed data to the external file.

I know that I should call Ocall to implement the function, but I failed.

//save array
int ocall_save_array(int *array_data, int array_size)
{
    std::ofstream file("arraysave", std::ios::out | std::ios::binary);
    if (file.fail())
    {
        printf("save failed\n");
        return 1;
    }
    file.write((char *)array_data, array_size);
    file.close();
    return 0;
}

//load array
int ocall_load_array(int *array_data, int array_size)
{
    std::ifstream file("arraysave", std::ios::in | std::ios::binary);
    if (file.fail())
    {
        printf("load failed\n");
        return 1;
    }
    file.read((char *)array_data, array_size);
    file.close();
    return 0;
}

int array[5][5] = {0};
int array_new[5][5] = {1};
int size_array = 0;
size_array = sizeof(array);
ocall_save_array(&array[0][0], size_array);
ocall_load_array(&array_new[0][0], size_array);
for (int i = 0; i < 5; i++)
{
    for (int j = 0; j < 5; j++)
    {
        printf("%d\t", array_new[i][j]);
    }
    printf("\n");
}

I test it without enclave, the output is

and I can find the file named "arraysave". But in enclave, it is not work:

save failed
load failed
1 0 0 0 0
0 0 0 0 0
0 0 0 0 0
0 0 0 0 0
0 0 0 0 0

and I can not find the file that named "arraysave".

The encave.edl is

untrusted{
        void ocall_print_string([in, string] const char *str);
        int ocall_save_array([in, size=array_size]int* array_data, int array_size);
        int ocall_load_array([out, size=array_size]int* array_data, int array_size);
};

I don't konw how to deal with it!

Thank you a lot!!!!!!!

JesusG_Intel · ‎03-17-2022

Hello double,

Please describe in more detail what you are trying to do.

Are you implementing the ocalls in your untrusted app? The int ocall_save_array and int ocall_load_array functions that you pasted above do not go in enclave.cpp, they go in app.cpp. The enclave calls the ocalls, but they are executed by the untrusted app.

The SGX SDK provides protected file APIs that allow enclaves to work with encrypted files. This document describes this functionality: https://www.intel.com/content/dam/develop/external/us/en/protected/IntelProtectedFileSystem_Reference.pdf.

Sincerely,

Jesus G.

Intel Customer Support

View solution in original post

JesusG_Intel · ‎03-17-2022

Hello double,

Please describe in more detail what you are trying to do.

Are you implementing the ocalls in your untrusted app? The int ocall_save_array and int ocall_load_array functions that you pasted above do not go in enclave.cpp, they go in app.cpp. The enclave calls the ocalls, but they are executed by the untrusted app.

The SGX SDK provides protected file APIs that allow enclaves to work with encrypted files. This document describes this functionality: https://www.intel.com/content/dam/develop/external/us/en/protected/IntelProtectedFileSystem_Reference.pdf.

Sincerely,

Jesus G.

Intel Customer Support

double · ‎03-21-2022

Thanks for your reply, I know about the file management API in the enclave.

By reading the official documentation, I solved my problem.

I also know that the official documents need to be read many times, and the official documents are very detailed.

Thank you very much!

Sincerely,

double.

JesusG_Intel · ‎03-22-2022

Hello double,

Thanks for confirming you solved your issue.

I hear you. I have read the documentation many times and still read it often.

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.