You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In epoll_wait01, setup will firstly create pipe, and in get_writesize, write n * 4096 bytes to pipe and then read to determine pipe wirtable size.
However, in gramine-sgx, pipe is implemented by socket, and mbedtls is used to encrypt data, i.e. mbedtls_ssl_write used to encrypt data to write and mbedtls_ssl_read used to decrypt data to read.
Each time in SAFE_WRITE (4096 bytes), mbedtls_ssl_write treat it as a record (including header and app-level data), thus n record is sent to socket. When read, mbedtls_ssl_read read one record (read header, determine encrypted app-level data size, read app-level data) and then it is able to decrypt and return plaintext data, while other n-1 records are ignored.
I.e. maybe a loop of mbedtls_ssl_read is needed to receive n mbedtls record from socket to successfully mimic pipe behavior, maybe should update lib_SSLRead?
Also, from your description I don't see why the test fails. It tries to put a lot of data into the pipe and checks how much of it fit, which will be lower under SGX. But where's the failure?
Description of the problem
In
epoll_wait01
,setup
will firstly create pipe, and inget_writesize
, write n * 4096 bytes to pipe and then read to determine pipe wirtable size.However, in gramine-sgx, pipe is implemented by socket, and
mbedtls
is used to encrypt data, i.e.mbedtls_ssl_write
used to encrypt data towrite
andmbedtls_ssl_read
used to decrypt data toread
.Each time in
SAFE_WRITE
(4096 bytes),mbedtls_ssl_write
treat it as a record (including header and app-level data), thusn
record is sent to socket. When read,mbedtls_ssl_read
read one record (read header, determine encrypted app-level data size, read app-level data) and then it is able to decrypt and return plaintext data, while othern-1
records are ignored.I.e. maybe a loop of
mbedtls_ssl_read
is needed to receiven
mbedtls record from socket to successfully mimicpipe
behavior, maybe should updatelib_SSLRead
?Gramine commit hash
8fc123d
The text was updated successfully, but these errors were encountered: