3

Using OCALL, I want to get a copy of C string that is dynamically created in untrusted memory into my enclave. Thus, I have to use [out, string] attribute.

However, I cannot do that because I have to add [in] attribute as well. The problem is that I really don't know the size of string and I don't want an overhead (that comes with [in]) from unnecessary copying of string from enclave to untrusted memory every time I make OCALL.

My edl file:

enclave {
    trusted {
        public void ecall_open(void);
    };
    untrusted {
        void ocall_get_string([out, string] char* str);
    };
};

error: string/wstring/sizefunc should be used with an 'in' attribute

Why do I have to add [in] attribute?

Is there a way to avoid this overhead?

tshepang
  • 12,111
  • 21
  • 91
  • 136
yerzhan7
  • 185
  • 2
  • 14
  • The developer manual says "`string` and `wstring` cannot be used with `out` alone." Perhaps you can have your OCALL using itself an ECALL to send the data into the enclave, something like: `ocall_get_string() allow ecall_to_pass_string([in, string] char *str)`. In the manual, this is written in Page 59 with title *Granting Access to ECALLs*. – Daniel Mar 02 '18 at 15:59

2 Answers2

2

I guess, one solution would be to pass a pointer to char* with [out] attribute and length:

void ocall_get_string([out] char** str, [out] size_t* length);

And then manually copy C string from untrusted memory to trusted using memcpy().

Inside enclave:

char* untrusted_str; // pointer to string in untrusted memory that we would get form OCALL
size_t length;  // length of string

ocall_get_string(&untrusted_str, &length);

char *trusted_str = new char[length]; // pointer to string in trusted memory 
memcpy(trusted_str, untrusted_str, length);

// delete it later
delete[] trusted_str;
yerzhan7
  • 185
  • 2
  • 14
  • seems like a very bad practice. you trust an untrusted length and untrusted pointer. what if an attacker will pass you a pointer to your own secrets inside the enclave? – Tal Aug 23 '17 at 07:57
  • @Tal, agree, but I can call `sgx_is_outside_enclave()` to check whether my string is strictly outside the enclave, right? – yerzhan7 Aug 23 '17 at 09:30
  • 1
    Don't reinvent the wheel , decide what you want performance or security. – Tal Aug 23 '17 at 13:55
  • I simply want `[out, string]`, and I don't understand why I have to include `in` as well. – yerzhan7 Aug 23 '17 at 15:46
0

Maybe you should try this:

void ocall_get_string([out, size=sz] char* str, size_t sz);

size=sz means the size of the str that will be copied back to Enclave automatically. If you don't specify size, then only one char will be copied back to Enclave.

JasVixBan
  • 1