Implementing a baby HTTPS server
As explained in the last chapter, we have to define two different calls to be able to interact with the enclave:
- Enclave Calls (ECALLs) allow the application to call a pre-defined function inside the enclave.
- Outside Calls (OCALLs) allow the enclave to call a pre-defined function in the application.
Ecalls and Ocalls work differently. We will not go into too much detail explaining how (at least for now), but it is best practice to keep the amount of Ocalls as low and as controlled as possible. A misuse of an external function on a Ocall can leak or write enclave data if not properly implemented.
EDL and proxy files
To implement the Ecall and Ocall, we'll need to define them in a Enclave Definition Langage (EDL) file.
Then we'll pass this EDL file to a tool called edger8r. We'll use it to generate proxy files, which will handle interactions between the host and the enclave.
We define the Ecall and Ocall functions the same way we write prototypes in header files in C/C++.
The general skeleton of an EDL file resembles the following: