Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Unsealing Process Does Not Return The Entire Input Data

Nazmus_S_
Beginner
‎08-23-2017 01:08 AM
606 Views

I am trying to seal a string, which contains about 7304857 characters. When I load the sealed data from disk to enclave and unseal it, I get only 1731 characters.

However, if I seal a shorter string (containing about 2000000 characters), it works fine.

Is there any limit on data size for a single seal operation?

Untrusted_Application.cpp

    uint32_t sealed_length = sizeof(sgx_sealed_data_t) + sizeof(input_case_char);
    char* sealed_data = (char*)malloc(sealed_length);
    
    seal_string(global_eid, input_case_char, sealed_data, strlen(input_case_char)+1, sealed_length);
 
    std::string sealed_file_path = "abc.dat";
    write_file((char*)sealed_file_path.c_str(), sealed_data, sealed_length);

    char* sealedBlob;  
    sealedBlob = (char*)malloc(sealed_length);
    int* unsealed_length = new int[1]; 
    unsealed_length[0] = sizeof(input_case_char);  
    long int length = load_file("abc.dat", sealedBlob);
    unseal_string(global_eid, sealedBlob, unsealed_length, sealed_length);

 

int write_file(char* path, char *data, int length) 
{

    FILE *file = fopen(path, "w");
    int ret = fwrite(data, sizeof(char), length, file);
    if (ret != length)
    {
        printf("write_file: Error %d\n", ret);

    }
    fclose(file);
    return 0;

}

long int load_file(char* path, char *buf)
{

   long int length;
   FILE * f = fopen (path, "rb"); //was "rb"

   if (!f)
   {
      return 1;

   }
   fseek (f, 0, SEEK_END);
   length = ftell (f);
   fseek (f, 0, SEEK_SET);
 
   char *buffer = new char[length]();
   fread (buffer, sizeof(char), length, f);
   fclose (f);

   memcpy(buf, buffer, length);

   return length;
}
// load

 Enclave.cpp

void seal_string(char* input, char* output, int len_input, int len_output)
{
    char* data_to_seal = (char*)malloc(strlen(input) + 1);
    memcpy(data_to_seal, input, strlen(input) - 1);
    data_to_seal[strlen(input) - 1] = '\0';

    //Seal the data
    uint32_t sealed_len = sizeof(sgx_sealed_data_t) + sizeof(data_to_seal);
    printf("sealed length is %d \n", sealed_len);
    uint8_t *plain_text = NULL;
    uint32_t plain_text_length = 0;
    uint8_t *temp_sealed_buf = (uint8_t *)malloc(sealed_len);
    sgx_status_t ret = sgx_seal_data(plain_text_length, plain_text, sizeof(data_to_seal), (uint8_t *)&data_to_seal, sealed_len, (sgx_sealed_data_t *)temp_sealed_buf);
    if(ret != SGX_SUCCESS)
    {
        //sgx_thread_mutex_unlock(&g_mutex);
        printf("Failed to seal data\n");
        free_allocated_memory(temp_sealed_buf);
        return;
    }
    memcpy(output, (char*)temp_sealed_buf, sealed_len);
    
    
    free_allocated_memory(temp_sealed_buf);
    free_allocated_memory(unsealed_data);   
}

void unseal_string(char* blob, int* unsealed_length, int length)
{
    uint8_t *plain_text = NULL;
    uint32_t plain_text_length = 0;
    uint32_t* unsealed_data = 0;
    uint32_t unsealed_data_length = unsealed_length[0];
    char* blob_in_enc= (char*)malloc(length);
    memcpy(blob_in_enc, blob, length);

    sgx_status_t ret = sgx_unseal_data((sgx_sealed_data_t *)blob_in_enc, plain_text, &plain_text_length, (uint8_t *)&unsealed_data, &unsealed_data_length);

   if (ret == SGX_ERROR_INVALID_PARAMETER) 
   {
	printf("ENCLAVE: SGX_ERROR_INVALID_PARAMETER\n");

	return;
   }
   if (ret == SGX_ERROR_INVALID_CPUSVN)
   {

	printf("ENCLAVE: SGX_ERROR_INVALID_CPUSVN\n");
	return;

   }
   if (ret == SGX_ERROR_INVALID_ISVSVN) 
   {
	printf("ENCLAVE: SGX_ERROR_INVALID_ISVSVN\n");
	return;
   }
   if (ret == SGX_ERROR_MAC_MISMATCH)
   {
	printf("ENCLAVE: SGX_ERROR_MAC_MISMATCH\n");
	return;
   }

   if (ret == SGX_ERROR_OUT_OF_MEMORY)
   {
	printf("ENCLAVE: SGX_ERROR_OUT_OF_MEMORY\n");
	return;
   }

   if (ret == SGX_ERROR_UNEXPECTED) 
   {
	printf("ENCLAVE: SGX_ERROR_UNEXPECTED\n");
	return;
   }
   
    printf("LOADED UNSEALED DAta  %s \n", (char*)unsealed_data);
    printf("\n \n \n ");
    printf("length of LOADED unsealed data %d \n", strlen((char*)unsealed_data));
    
}

EDL

public void seal_string([in, size=len_input] char* input, [out, size=len_output] char* output, int len_input, int len_output);
public void unseal_string([in, size=len_input] char* blob, [in] int* unsealed_length, int len_input);

 

0 Kudos

Link Copied

2 Replies
you_w_
New Contributor III
‎08-23-2017 02:35 AM
606 Views

Hi Nazmus S:

I think your you need a bigger heap size in enclave's configure file (eg: enclave.config.xml). You can try to adjust  <HeapMaxSize>0x100000</HeapMaxSize> to a bigger value. Then it will work. According to you data size I think it should be bigger than 0x6f7699. Maybe more.

Regards

you

 

0 Kudos
Copy link
Nazmus_S_
Beginner
‎08-23-2017 11:54 AM
606 Views

Hi You,

Thanks for your response.

I already have a much larger heap size, 0xD0000000.

 

Regards,

Nazmus

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.