Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1452 Discussions

Read file content from Enclave with OCall

Svart_K_
Beginner
‎01-03-2017 06:24 AM
540 Views

I'm trying to read the content of a file from an enclave using OCalls.

This is what I got so far:

//enclave.edl
untrusted {
        void ocall_print_string([in, string] const char *str);
        void ocall_read_IMA_file([in, string] const char *filename, [out] char *buf, [out] int *size);
};
//enclave.cpp

void printf(const char *fmt, ...) {
	ocall_print_string(fmt);
}


void read_IMA_file(const char *filename, char *buf, int *size) {
	ocall_read_IMA_file(filename, buf, size);

	printf(buf);
}

//whereas the read_IMA_file function is called with
char *buf;
int size;
read_IMA_file("test.txt", buf, &size);

 

// implementation of ocall functions
void ocall_print_string(const char *str) {
	printf("%s\n", str);
}


void ocall_read_IMA_file(const char *filename, char *content, int *size) {
	content = (char*) malloc(sizeof(char) * 10);
	memset(content, '\0', sizeof(char) *10);
	char tmp[] = "1234567890";
	copy(&tmp[0], &tmp[9], content);

	cout << content << endl;
}

But the result I receive is the following:

123456789
(null)

I'm not sure what I'm doing wrong!?
 

 

0 Kudos

Link Copied

1 Reply
Prabu_R_Intel
Employee
‎01-04-2017 09:41 AM
540 Views

Hello Svart,

In the above program, the "read_IMA_file" trusted function is called with pointer variable(OUT pointer) of type character.Here we are passing the pointer variable without
any memory allocation.
"read_IMA_file" initiate a OCall that allocate memory and do "Copy" operation.Now the allocated memory is valid within the untrusted region. So we are getting expected result
for the "cout<<content" as "123456789".

Since there is no trusted memory allocated for "content"(before calling Ocall), no copy back operation happens in "OUT" pointer during Ocall returns.
So "buf" doesn't contain any valid data while doing "print(buf)"  after Ocall returns in trusted region.

Please try with valid OUT pointer to character buffer(with some memory allocation) or IN and OUT pointer to String buffer.

Thanks,
R.Prabu

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.