https://community.intel.com/t5/Intel-Software-Guard-Extensions/Data-buffer-allocation-recommendation-for-sgx-aes-ctr-decrypt/m-p/1072043#M333 <P>Hi All,</P> <P>Documentation of &nbsp;sgx_aes_ctr_decrypt ( <A href="https://software.intel.com/en-us/node/696625" target="_blank">https://software.intel.com/en-us/node/696625</A> ) &nbsp;says "<EM>It is recommended that the source, destination and counter data buffers are allocated within the enclave.</EM>"</P> <P>So is it recommended or necessary? What happens if we pass pointer to buffer allocated outside of enclave to sgx_aes_ctr_decrypt? ie pointer passed as an user_check attribute to ECall.</P> <P>Regards,</P> <P>Himanshu</P> Wed, 02 Nov 2016 07:51:24 GMT manshu_P_ 2016-11-02T07:51:24Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Data-buffer-allocation-recommendation-for-sgx-aes-ctr-decrypt/m-p/1072043#M333 <P>Hi All,</P> <P>Documentation of &nbsp;sgx_aes_ctr_decrypt ( <A href="https://software.intel.com/en-us/node/696625" target="_blank">https://software.intel.com/en-us/node/696625</A> ) &nbsp;says "<EM>It is recommended that the source, destination and counter data buffers are allocated within the enclave.</EM>"</P> <P>So is it recommended or necessary? What happens if we pass pointer to buffer allocated outside of enclave to sgx_aes_ctr_decrypt? ie pointer passed as an user_check attribute to ECall.</P> <P>Regards,</P> <P>Himanshu</P> Wed, 02 Nov 2016 07:51:24 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Data-buffer-allocation-recommendation-for-sgx-aes-ctr-decrypt/m-p/1072043#M333 manshu_P_ 2016-11-02T07:51:24Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Data-buffer-allocation-recommendation-for-sgx-aes-ctr-decrypt/m-p/1072044#M334 <P><SPAN style="font-size: 12px;">It's a recommendation. I'm sure you understand why.</SPAN></P> <P><SPAN style="font-size: 12px;">sgx_aes_ctr_decrypt won't give you an error if the buffers are outside the enclave.</SPAN></P> Wed, 09 Nov 2016 19:03:31 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Data-buffer-allocation-recommendation-for-sgx-aes-ctr-decrypt/m-p/1072044#M334 Juan_d_Intel 2016-11-09T19:03:31Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Data-buffer-allocation-recommendation-for-sgx-aes-ctr-decrypt/m-p/1072045#M335 <P style="margin-bottom: 0px; border: 0px; font-size: 14px; font-family: &quot;Helvetica Neue&quot;, Helvetica, Arial, &quot;Lucida Grande&quot;, sans-serif; vertical-align: baseline; color: rgb(0, 0, 0);">Buffers do not need to be inside the enclave. But there are obvious security consequences for doing so. For decrypt you most likely want your destination buffer inside the enclave. Leaving the source outside the enclave can prevents a copy being required. Vice versa for the encrypt operation.</P> <P style="margin-bottom: 0px; border: 0px; font-size: 14px; font-family: &quot;Helvetica Neue&quot;, Helvetica, Arial, &quot;Lucida Grande&quot;, sans-serif; vertical-align: baseline; color: rgb(0, 0, 0);">&nbsp;</P> <P style="margin-bottom: 0px; border: 0px; font-size: 14px; font-family: &quot;Helvetica Neue&quot;, Helvetica, Arial, &quot;Lucida Grande&quot;, sans-serif; vertical-align: baseline; color: rgb(0, 0, 0);">-Surenthar</P> Tue, 15 Nov 2016 06:23:51 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Data-buffer-allocation-recommendation-for-sgx-aes-ctr-decrypt/m-p/1072045#M335 Surenthar_S_Intel 2016-11-15T06:23:51Z