Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

std::hash output differs inside and outside enclave

kh__Naveen
Beginner
597 Views

Hi All,

I have an application where I calculate the std::hash in untrusted app layer and this is verified by the enclave by generating the hash again. But as we know std::hash in untrusted layer is provided by C++ stdlib and inside enclave it is provided by Intel sgxlib.

 

For example:- std::hash<std::string>{}(std::to_string(1234567890));

This produces different output inside and outside library.

Is there any way to make use of the C++std lib function std::hash inside enclave ? or std::hash provided by sgxlib outside the enclave ?

0 Kudos
4 Replies
Francisco_C_Intel
597 Views

The source for the hash functions, __murmur2_or_cityhash, is in the memory header

C:\Program Files (x86)\Intel\IntelSGXSDK\include\libc++\memory

https://github.com/intel/linux-sgx/blob/master/sdk/tlibcxx/include/memory

You should be able to use that header in your untrusted source outside of the enclave.

The compiler you are using for outside the enclave may be using a different hash algorithm, and you can probably find it by following the STL headers.

Hope this helps.

Francisco

0 Kudos
Francisco_C_Intel
597 Views

Clarification: You may not be able to include the entire header file. If you do, you may have issues/conflicts with your compiler's C++ headers and this one and #ifdefs. Consider isolating this functionality to a single .cpp file / copy the hash function to avoid these types of conflicts.

0 Kudos
kh__Naveen
Beginner
597 Views

Francisco C. (Intel) wrote:

Clarification: You may not be able to include the entire header file. If you do, you may have issues/conflicts with your compiler's C++ headers and this one and #ifdefs. Consider isolating this functionality to a single .cpp file / copy the hash function to avoid these types of conflicts.

Thank you. This is what I wanted. I am planning to copy the source from the memory header. But, God, it looks so confusing as to what to copy and what not to.

Currently I am calling my hash function like below
 

std::hash<string>{}(<some string>)

I see that inside the enclave when I check where std::hash is defined, it takes me to the below code defined in C:\Program Files (x86)\Intel\IntelSGXSDK\include\libcxx\string. So I am a little confused now, what exactly to copy.

template<class _CharT, class _Traits, class _Allocator>
struct _LIBCPP_TYPE_VIS_ONLY hash<basic_string<_CharT, _Traits, _Allocator> >
    : public unary_function<basic_string<_CharT, _Traits, _Allocator>, size_t>
{
    size_t
        operator()(const basic_string<_CharT, _Traits, _Allocator>& __val) const _NOEXCEPT;
};

 

0 Kudos
kh__Naveen
Beginner
597 Views

I was able to achieve this myself. I copied the murmur 64 bit function to seperate file for the untrusted layer and used it.

0 Kudos
Reply