Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Brian_B_Intel2
Employee
155 Views

2 technical questions

An ISV of mine has two technical questions about SGX:

 

1. May I ask about typical range of enclaves ECALL / OCALL latencies? Some approximate estimate for the existing processors.

Of course some penalty exists - call in or from the enclave is not a direct function call.

But maybe your engineers have numerical information about this?

 

2. There is a trusted OpenSSL library in the SGX SDK for Windows - topenssl - in folder /IntelSGXSDK/src/X509Verifier/x509/topenssl .

But I found no such library in the Linux SDK. Does it exist only for Windows and there is no trusted OpenSSL project for the Linux?

 

Thank you!

0 Kudos
4 Replies
155 Views

Hi Brian,

#2. There is no trusted OpenSSL library for Linux. The below link confirms it . 

https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/676097

-Surenthar.

Rohit_J_1
Beginner
155 Views

Hi Surenthar,

I have two technical questions about SGX:

1. Can we expect support for trusted OpenSSL project for the Linux from Intel?

2. Can SGX supports 256 bits key for encryption & decryption because as per developer reference guide by Intel SGX, key must be 128 bits?

 

Thank You,

- Rohit

155 Views

1. Can we expect support for trusted OpenSSL project for the Linux from Intel?

              The topenssl library provided with the Windows samples is a one-off build intended for demonstration purposes. It is not a supported project.

2. Can SGX supports 256 bits key for encryption & decryption because as per developer reference guide by Intel SGX, key must be 128 bits?

            The AES encryption algorithms in the trusted crypto library provided with the Intel SGX SDK only support 128-bit keys. To use 256-bit keys developers would need to implement the algorithms themselves or port existing libraries to work inside an enclave.

-Surenthar

Juan_d_Intel
Employee
155 Views

However, the Windows SDK 1.6 release exposes the underlying IPP crypto library. You may use the ippsAES_GCM API for symmetric encryption/decryption using 128, 192, or 256-bit key length.

Reply