Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Employee
33 Views

2 technical questions

An ISV of mine has two technical questions about SGX:

 

1. May I ask about typical range of enclaves ECALL / OCALL latencies? Some approximate estimate for the existing processors.

Of course some penalty exists - call in or from the enclave is not a direct function call.

But maybe your engineers have numerical information about this?

 

2. There is a trusted OpenSSL library in the SGX SDK for Windows - topenssl - in folder /IntelSGXSDK/src/X509Verifier/x509/topenssl .

But I found no such library in the Linux SDK. Does it exist only for Windows and there is no trusted OpenSSL project for the Linux?

 

Thank you!

0 Kudos
4 Replies
Highlighted
33 Views

Hi Brian,

#2. There is no trusted OpenSSL library for Linux. The below link confirms it . 

https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/676097

-Surenthar.

- Surenthar Selvaraj
0 Kudos
Highlighted
Beginner
33 Views

Hi Surenthar,

I have two technical questions about SGX:

1. Can we expect support for trusted OpenSSL project for the Linux from Intel?

2. Can SGX supports 256 bits key for encryption & decryption because as per developer reference guide by Intel SGX, key must be 128 bits?

 

Thank You,

- Rohit

0 Kudos
Highlighted
33 Views

1. Can we expect support for trusted OpenSSL project for the Linux from Intel?

              The topenssl library provided with the Windows samples is a one-off build intended for demonstration purposes. It is not a supported project.

2. Can SGX supports 256 bits key for encryption & decryption because as per developer reference guide by Intel SGX, key must be 128 bits?

            The AES encryption algorithms in the trusted crypto library provided with the Intel SGX SDK only support 128-bit keys. To use 256-bit keys developers would need to implement the algorithms themselves or port existing libraries to work inside an enclave.

-Surenthar

- Surenthar Selvaraj
0 Kudos
Highlighted
Employee
33 Views

However, the Windows SDK 1.6 release exposes the underlying IPP crypto library. You may use the ippsAES_GCM API for symmetric encryption/decryption using 128, 192, or 256-bit key length.

0 Kudos