Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1403 Discussions

2 technical questions

Brian_B_Intel2
Employee
‎08-15-2016 08:46 AM
496 Views

An ISV of mine has two technical questions about SGX:

 

1. May I ask about typical range of enclaves ECALL / OCALL latencies? Some approximate estimate for the existing processors.

Of course some penalty exists - call in or from the enclave is not a direct function call.

But maybe your engineers have numerical information about this?

 

2. There is a trusted OpenSSL library in the SGX SDK for Windows - topenssl - in folder /IntelSGXSDK/src/X509Verifier/x509/topenssl .

But I found no such library in the Linux SDK. Does it exist only for Windows and there is no trusted OpenSSL project for the Linux?

 

Thank you!

0 Kudos

Link Copied

4 Replies
Surenthar_S_Intel
Employee
‎09-06-2016 10:23 PM
496 Views

Hi Brian,

#2. There is no trusted OpenSSL library for Linux. The below link confirms it . 

https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/676097

-Surenthar.

0 Kudos
Copy link
Rohit_J_1
Beginner
‎09-27-2016 11:47 PM
496 Views

Hi Surenthar,

I have two technical questions about SGX:

1. Can we expect support for trusted OpenSSL project for the Linux from Intel?

2. Can SGX supports 256 bits key for encryption & decryption because as per developer reference guide by Intel SGX, key must be 128 bits?

 

Thank You,

- Rohit

0 Kudos
Copy link
Surenthar_S_Intel
Employee
‎09-28-2016 02:52 AM
496 Views

1. Can we expect support for trusted OpenSSL project for the Linux from Intel?

              The topenssl library provided with the Windows samples is a one-off build intended for demonstration purposes. It is not a supported project.

2. Can SGX supports 256 bits key for encryption & decryption because as per developer reference guide by Intel SGX, key must be 128 bits?

            The AES encryption algorithms in the trusted crypto library provided with the Intel SGX SDK only support 128-bit keys. To use 256-bit keys developers would need to implement the algorithms themselves or port existing libraries to work inside an enclave.

-Surenthar

0 Kudos
Copy link
Juan_d_Intel
Employee
‎09-29-2016 09:30 AM
496 Views

However, the Windows SDK 1.6 release exposes the underlying IPP crypto library. You may use the ippsAES_GCM API for symmetric encryption/decryption using 128, 192, or 256-bit key length.

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.