Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Data buffer allocation recommendation for sgx_aes_ctr_decrypt

manshu_P_
Beginner
‎11-02-2016 12:51 AM
490 Views

Hi All,

Documentation of  sgx_aes_ctr_decrypt ( https://software.intel.com/en-us/node/696625 )  says "It is recommended that the source, destination and counter data buffers are allocated within the enclave."

So is it recommended or necessary? What happens if we pass pointer to buffer allocated outside of enclave to sgx_aes_ctr_decrypt? ie pointer passed as an user_check attribute to ECall.

Regards,

Himanshu

0 Kudos

Link Copied

2 Replies
Juan_d_Intel
Employee
‎11-09-2016 11:03 AM
490 Views

It's a recommendation. I'm sure you understand why.

sgx_aes_ctr_decrypt won't give you an error if the buffers are outside the enclave.

0 Kudos
Copy link
Surenthar_S_Intel
Employee
‎11-14-2016 10:23 PM
490 Views

Buffers do not need to be inside the enclave. But there are obvious security consequences for doing so. For decrypt you most likely want your destination buffer inside the enclave. Leaving the source outside the enclave can prevents a copy being required. Vice versa for the encrypt operation.

 

-Surenthar

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.