Developing a Sample Enclave Application
Step 1
In this topic, you will see a quick guide of how to develop an enclave application.
Assume that you have an application with the following code:
#include <stdio.h> #include <string.h> #define MAX_BUF_LEN 100 void foo(char *buf, size_t len) { const char *secret = "Hello App!"; if (len > strlen(secret)) { memcpy(buf, secret, strlen(secret) + 1); } } int main() { char buffer[MAX_BUF_LEN] = "Hello World!"; foo(buffer, MAX_BUF_LEN); printf("%s", buffer); return 0; }
The program displays the string Hello App!
Step 2: Create an Enclave
1. On the menu bar of Microsoft* Visual Studio*, choose File-->New-->Project.
The New Project dialog box opens.
2. Select Templates-->Visual C++-->Intel® SGX Enclave Project. Enter name, location, and solution name in the appropriate fields like any other Microsoft* Visual Studio* project.
3. Click OK and the welcome dialog appears.
4. Click Next to go to the Enclave Settings page.
5. Configure the enclave with proper settings
- Project Type:
- Enclave – Create an enclave project.
- Enclave library – Create a static library for an enclave project.
- Additional Libraries:
- C++ STL – Link C++ STL with the enclave project.
- Signing Key:
- Import an existing signing key to the enclave project. A random key will be generated if no file is selected. The Enclave signer will sign the enclave with the key file.
When the enclave project is created, the wizard ensures that the enclave project has proper settings.
Step 3: Define Enclave Interface
Use an EDL file to define the enclave interface, which exposes a trusted interface foo. The EDL file might look like the following:
// sample_enclave.edl enclave { trusted { public void foo([out, size=len] char* buf, size_t len); }; };
Step 4: Import Enclave to Application
To call the enclave interface in the application, import the enclave to the application using Microsoft* Visual Studio* Intel® Software Guard Extensions Add-in.
1. Right click the application project and select Intel® SGX Configuration -> Import Enclave.
The Import Enclave dialog box opens.
2. Check the sample_enclave.edl box, and then press OK.
Step 5: Implement Application and Enclave Functions
To implement application and enclave functions, use the following code samples:
The enclave code
// sample_enclave.cpp #include "sample_enclave_t.h" #include <string.h> void foo(char *buf, size_t len) { const char *secret = "Hello Enclave!"; if (len > strlen(secret)) { memcpy(buf, secret, strlen(secret) + 1); } }
The application code
#include <stdio.h> #include <tchar.h> #include "sgx_urts.h" #include "sample_enclave_u.h" #define ENCLAVE_FILE _T("sample_enclave.signed.dll") #define MAX_BUF_LEN 100 int main() { sgx_enclave_id_t eid; sgx_status_t ret = SGX_SUCCESS; sgx_launch_token_t token = {0}; int updated = 0; char buffer[MAX_BUF_LEN] = "Hello World!"; // Create the Enclave with above launch token. ret = sgx_create_enclave(ENCLAVE_FILE, SGX_DEBUG_FLAG, &token,&updated, &eid, NULL); if (ret != SGX_SUCCESS) { printf("App: error %#x, failed to create enclave.\n", ret); return -1; } // A bunch of Enclave calls (ECALL) will happen here. foo(eid, buffer, MAX_BUF_LEN); printf("%s", buffer); // Destroy the enclave when all Enclave calls finished. if(SGX_SUCCESS != sgx_destroy_enclave(eid)) return -1; return 0; }
Step 6: Compilation and Execution
Now you can compile the application and enclave projects. After the compilation, set the working directory to the output directory and run the program. You should get the string Hello Enclave!