12

I have a C++ struct like this:

struct node                                                 
{
    string splitOn;                                         
    string label;                                           
    bool isLeaf;                                            
    vector<string> childrenValues;                          
    vector<node*> children;                                 
};

I wanted to pass or read this from App to the Intel SGX enclave. Based on what is mentioned here: https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/703489

I tried this:

APP:

node *root = new node;                                          
root = buildDecisionTree(dataTable, root, *tableInfo);  //this initializes the root
void *data3 = static_cast<void*>(root);
ecall_my_dtree(global_eid, &ecall_return, data3);

EDL:

  public int ecall_my_dtree([user_check] void* data);

Enclave:

int ecall_my_dtree(void *data2)
node* root2 = static_cast<node*>(data2);

But it seems, the root2 is not able to initialize properly and it points to garbage.

About user_check: https://software.intel.com/en-us/node/708978

Any help regarding how I could properly read the data inside the enclave. PS: Intel SGX enclave does not support any serialization library.

I have asked the similar question here too but no real helpful answer for my small brain. https://github.com/intel/linux-sgx/issues/229

Kumar Roshan Mehta
  • 3,078
  • 2
  • 27
  • 50
  • The enclave can read untrusted memory, the problem is likely in the handling of the pointers. Have you printed the value of the pointer before the ecall and immediately inside it? The other question of yours in the linux-sgx forum has a different code, it also seems to serialize the `node` structure with an `fwrite` which won't work when read from a different process. Also, why the casts? Why not using the proper pointer type? It is the EDL that is limited? – Margaret Bloom Mar 24 '18 at 19:36
  • Yes, I tried to print it and gives garbage including some of the data I set in app side. – Kumar Roshan Mehta Mar 24 '18 at 19:43
  • On intel sgx forum, if you read all the post you will see the different attempts and the last attemp has same code as this. I could share code with you. – Kumar Roshan Mehta Mar 24 '18 at 19:44
  • What does garbage mean? Is the pointer value the same in the untrusted and trusted domain? – Margaret Bloom Mar 24 '18 at 19:46
  • Some binary data and the actual data I set at app. – Kumar Roshan Mehta Mar 24 '18 at 19:47
  • I'm sorry but I'm confused. It seems you successfully passed the pointer to the trusted domain (as for the title of this question). – Margaret Bloom Mar 24 '18 at 19:49
  • Possible duplicate of https://stackoverflow.com/questions/41901884/c-arguments-to-sgx-enclave-edge-functions. – Arya Pourtabatabaie Apr 19 '18 at 18:13

1 Answers1

3

You shouldn't do this:

struct node                                                 
{
    string splitOn;                                         
    string label;                                           
    bool isLeaf;                                            
    vector<string> childrenValues;                          
    vector<node*> children;                                 
};

Possible problems:

  • The STL does not guarantee binary compatibility on most of its types: i.e. std::string or std::vector.

  • SGX's implementation of the STL is just a modified/reduced subset of it.

  • You may face problems related to memory alignment.

You should implement custom serialization for this instead.

ruizpauker
  • 384
  • 7
  • 19
  • 1
    Couldn't agree more. I was facing OP's issue a long while ago, trying to feed a struct to my enclave. The lesson I learned is the following: use basic types: char*, int, bool... – X99 Jan 31 '22 at 20:57