Community
cancel
Showing results for 
Search instead for 
Did you mean: 
bianca
Beginner
285 Views

AES-128 inside an enclave using USER_CHECK

Jump to solution

Hi, in Impression of Intel SGX Performance the authors generate some benchmarks to analyse the performance of a program encrypting data inside the enclaves using AES-128. They say that both the in buffer and the out buffer are declared using 'USER_CHECK'. But how can you do that? I have a program that does the same thing, but I declare my parameters using [in, out]. When I try to switch to 'USER_CHECK', the enclave in buffer is empty after calling the function. How do you copy an 'USER_CHECK' pointer memory to the enclave and back to the untrusted memory?

0 Kudos
1 Solution
JesusG_Intel
Moderator
276 Views

Hello Bianca,

 

The sample solution that is attached to the bottom of this article, https://software.intel.com/content/www/us/en/develop/articles/intel-software-guard-extensions-tutori..., has several functions that are declared with [user_check] in the EDL. Check the EDL file in the Enclave project. You will find the user_check functions in Enclave.cpp.

The article also explains how it uses the user_check parameter.

 

View solution in original post

6 Replies
JesusG_Intel
Moderator
277 Views

Hello Bianca,

 

The sample solution that is attached to the bottom of this article, https://software.intel.com/content/www/us/en/develop/articles/intel-software-guard-extensions-tutori..., has several functions that are declared with [user_check] in the EDL. Check the EDL file in the Enclave project. You will find the user_check functions in Enclave.cpp.

The article also explains how it uses the user_check parameter.

 

View solution in original post

JesusG_Intel
Moderator
252 Views

Hi Bianca,


Was the sample code I sent you earlier helpful to you?


bianca
Beginner
240 Views

Hi Jesus,

 

I believe it did in the sense that it is working, but I am still confused about the performance. Because when I change the data in buffer pointer from [in, out] to [user_check] and copy this plain text data to the enclave, it takes 3 times longer to perform the overall computation. My buffer in pointer is [user_check] flagged and the buffer out is [in, out] as from my understanding the enclave environment cannot read the enclave content, it must be crossed through the proxy bridge.

In the developer reference, it says it should be the other way around, but there is a massive difference between my benchmarks (100-150 MB/sec) vs the one from the link that I sent (1000-2000 MB/sec).

 

JesusG_Intel
Moderator
232 Views

Hello Bianca,


In both the Intel code sample and the paper, the authors used [user_check] for both the input and output buffers in the ECALL. See this excerpt from the Intel article:


The original EDL for ve_load_vault() and ve_get_vault() looks like this:

public int ve_load_vault ([in, count=len] unsigned char *edata, uint32_t len);


public int ve_get_vault ([out, count=len] unsigned char *edata, uint32_t len);


Rewriting these to specify user_check results in the following:


public int ve_load_vault ([user_check] unsigned char *edata);


public int ve_get_vault ([user_check] unsigned char *edata, uint32_t len);



JesusG_Intel
Moderator
216 Views

Hi Bianca,


Do you still need help with this issue?


JesusG_Intel
Moderator
207 Views

Intel is no longer monitoring this thread. If you want a response from Intel in a follow-up question, please open a new thread.


Reply