Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1480 Discussions

Data buffer allocation recommendation for sgx_aes_ctr_decrypt

manshu_P_
Beginner
643 Views

Hi All,

Documentation of  sgx_aes_ctr_decrypt ( https://software.intel.com/en-us/node/696625 )  says "It is recommended that the source, destination and counter data buffers are allocated within the enclave."

So is it recommended or necessary? What happens if we pass pointer to buffer allocated outside of enclave to sgx_aes_ctr_decrypt? ie pointer passed as an user_check attribute to ECall.

Regards,

Himanshu

0 Kudos
2 Replies
Juan_d_Intel
Employee
643 Views

It's a recommendation. I'm sure you understand why.

sgx_aes_ctr_decrypt won't give you an error if the buffers are outside the enclave.

0 Kudos
Surenthar_S_Intel
643 Views

Buffers do not need to be inside the enclave. But there are obvious security consequences for doing so. For decrypt you most likely want your destination buffer inside the enclave. Leaving the source outside the enclave can prevents a copy being required. Vice versa for the encrypt operation.

 

-Surenthar

0 Kudos
Reply