Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

2 technical questions

Brian_B_Intel2
Employee
373 Views

An ISV of mine has two technical questions about SGX:

 

1. May I ask about typical range of enclaves ECALL / OCALL latencies? Some approximate estimate for the existing processors.

Of course some penalty exists - call in or from the enclave is not a direct function call.

But maybe your engineers have numerical information about this?

 

2. There is a trusted OpenSSL library in the SGX SDK for Windows - topenssl - in folder /IntelSGXSDK/src/X509Verifier/x509/topenssl .

But I found no such library in the Linux SDK. Does it exist only for Windows and there is no trusted OpenSSL project for the Linux?

 

Thank you!

0 Kudos
4 Replies
Surenthar_S_Intel
373 Views

Hi Brian,

#2. There is no trusted OpenSSL library for Linux. The below link confirms it . 

https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/676097

-Surenthar.

Rohit_J_1
Beginner
373 Views

Hi Surenthar,

I have two technical questions about SGX:

1. Can we expect support for trusted OpenSSL project for the Linux from Intel?

2. Can SGX supports 256 bits key for encryption & decryption because as per developer reference guide by Intel SGX, key must be 128 bits?

 

Thank You,

- Rohit

Surenthar_S_Intel
373 Views

1. Can we expect support for trusted OpenSSL project for the Linux from Intel?

              The topenssl library provided with the Windows samples is a one-off build intended for demonstration purposes. It is not a supported project.

2. Can SGX supports 256 bits key for encryption & decryption because as per developer reference guide by Intel SGX, key must be 128 bits?

            The AES encryption algorithms in the trusted crypto library provided with the Intel SGX SDK only support 128-bit keys. To use 256-bit keys developers would need to implement the algorithms themselves or port existing libraries to work inside an enclave.

-Surenthar

Juan_d_Intel
Employee
373 Views

However, the Windows SDK 1.6 release exposes the underlying IPP crypto library. You may use the ippsAES_GCM API for symmetric encryption/decryption using 128, 192, or 256-bit key length.

Reply