search

herumi / mcl

a portable and fast pairing-based cryptography library
BSD 3-Clause "New" or "Revised" License
465 stars 156 forks source link

Cannot output (SGX hardware mode) #217

Closed Aptx4869AC closed 1 month ago

Aptx4869AC commented 1 month ago

Hello creator, I have a strange question. I built an SGX project using the libraries libmcl.a and libmclbn384_256.a. I have implemented an ocall_print_string for output, which allows me to generate pairing content only when executing make SGX_MODE=SIM. In contrast, I am unable to output any information when using the standard make command, despite both commands compiling successfully. I am not sure what the reason is, and I would like to successfully run it in hardware mode. I look forward to your response.

make lib/libmclbn384_256.a lib/libmcl.a MCL_STATIC_CODE=1 -j CFLAGS_USER=-DMCL_DONT_USE_CSPRNG

The following code did not take effect in SGX either.

-DXBYAK_NO_EXCEPTION -DMCL_SIZEOF_UNIT=8 -DMCL_MAX_BIT_SIZE=384 -DCYBOZU_DONT_USE_STRING -DCYBOZU_DONT_USE_EXCEPTION -DNDEBUG -DMCL_BINT_ASM=0 -DMCL_MSM=0 -DMCL_STATIC_CODE=1
herumi commented 1 month ago

I don't know the details, but isn't it a specification that printf cannot be used in SGX? Please ask your question in Intel's SGX forum or other forums, as mcl has nothing to do with it.

Aptx4869AC commented 1 month ago

While it is somewhat regrettable, I appreciate your response. Thank you.

I don't know the details, but isn't it a specification that printf cannot be used in SGX? Please ask your question in Intel's SGX forum or other forums, as mcl has nothing to do with it.

Aptx4869AC commented 1 month ago

Although my method did not produce any errors, I am uncertain whether it is a feasible approach. Can I directly write the macros needed for non-SGX projects into libmclbn384_256.a and libmcl.a?

The successful command is:

root@9fd52facac38:~/pom/mcl$ make lib/libmclbn384_256.a lib/libmcl.a  MCL_BINT_ASM=0 MCL_SIZEOF_UNIT=8 MCL_MAX_BIT_SIZE=384 MCL_MSM=0 MCL_STATIC_CODE=1 -j CFLAGS_USER="-fno-exceptions -DMCL_DONT_USE_CSPRNG -DXBYAK_NO_EXCEPTION -DCYBOZU_DONT_USE_STRING -DCYBOZU_DONT_USE_EXCEPTION -DNDEBUG"

Although the SGX project can run, the output is incomplete.

root@9fd52facac38:~/SGX-EXP/mcl_test/simple_version$ make
make[1]: Entering directory '/root/SGX-EXP/mcl_test/simple_version'
GEN  =>  App/Enclave_u.h
cc1: warning: Include: No such file or directory [-Wmissing-include-dirs]
CC   <=  App/Enclave_u.c
cc1plus: warning: Include: No such file or directory [-Wmissing-include-dirs]
CXX  <=  App/App.cpp
LINK =>  app
GEN  =>  Enclave/Enclave_t.h
cc1: warning: Include: No such file or directory [-Wmissing-include-dirs]
CC   <=  Enclave/Enclave_t.c
cc1plus: warning: Include: No such file or directory [-Wmissing-include-dirs]
Enclave/Enclave.cpp: In function 'void bls_test()':
Enclave/Enclave.cpp:119:30: warning: cast from type 'const char*' to type 'unsigned char*' casts away qualifiers [-Wcast-qual]
  119 |     const unsigned char *m = (unsigned char*)"aptx4869";
      |                              ^~~~~~~~~~~~~~~~~~~~~~~~~~
CXX  <=  Enclave/Enclave.cpp
LINK =>  enclave.so
There is no enclave test key<Enclave_private_test.pem>.
The project will generate a key<Enclave_private_test.pem> for test.
<EnclaveConfiguration>
    <ProdID>0</ProdID>
    <ISVSVN>0</ISVSVN>
    <StackMaxSize>0x400000</StackMaxSize>
    <HeapMaxSize>0x1000000</HeapMaxSize>
    <TCSNum>10</TCSNum>
    <TCSPolicy>1</TCSPolicy>
    <DisableDebug>0</DisableDebug>
    <MiscSelect>0</MiscSelect>
    <MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>
tcs_num 10, tcs_max_num 10, tcs_min_pool 1
INFO: Enclave configuration 'MiscSelect' and 'MiscSelectMask' will prevent enclave from using dynamic features. To use the dynamic features on SGX2 platform, suggest to set MiscMask[0]=0 and MiscSelect[0]=1.
The required memory is 59580416B.
The required memory is 0x38d2000, 58184 KB.
handle_compatible_metadata: Overwrite with metadata version 0x100000005
Succeed.
SIGN =>  enclave.signed.so
The project has been built in debug hardware mode.
make[1]: Leaving directory '/root/SGX-EXP/mcl_test/simple_version'
root@9fd52facac38:~/SGX-EXP/mcl_test/simple_version$ ./app 
This is a test message.
[Enclave] pair_test begin
Info: exp successfully returned.
herumi commented 1 month ago

If you build using the following options, then you can build sample/pairing_c.c without any special options. Then, your application can use lib/libmclbn384_256.a lib/libmcl.a as well. How about it?

make lib/libmcl.a lib/libmclbn384_256.a MCL_STATIC_CODE=1 MCL_MSM=0 CFLAGS_USER="-DMCL_DONT_USE_CSPRNG -fno-threadsafe-statics"
gcc sample/pairing_c.c -I ./include/ lib/libmclbn384_256.a lib/libmcl.a
./a.out
Aptx4869AC commented 1 month ago

The method you provided can be applied well, but it is still not suitable for SGX projects. Nevertheless, thank you for your response.

If you build using the following options, then you can build sample/pairing_c.c without any special options. Then, your application can use lib/libmclbn384_256.a lib/libmcl.a as well. How about it?

make lib/libmcl.a lib/libmclbn384_256.a MCL_STATIC_CODE=1 MCL_MSM=0 CFLAGS_USER="-DMCL_DONT_USE_CSPRNG -fno-threadsafe-statics"
gcc sample/pairing_c.c -I ./include/ lib/libmclbn384_256.a lib/libmcl.a
./a.out
  • MCL_STATIC_CODE=1: disables JIT code and is for only BLS12-381 curve.
  • MCL_MSM=0: disables AVX-512 IFMA for msn.
  • CFLAGS_USER="-DMCL_DONT_USE_CSPRNG: does not use /dev/urandom (SGX does not support it).
  • -fno-threadsafe-statics: avoid __cxa_guard_acquire.