Community
cancel
Showing results for 
Search instead for 
Did you mean: 
manshu_P_
Beginner
81 Views

Data buffer allocation recommendation for sgx_aes_ctr_decrypt

Hi All,

Documentation of  sgx_aes_ctr_decrypt ( https://software.intel.com/en-us/node/696625 )  says "It is recommended that the source, destination and counter data buffers are allocated within the enclave."

So is it recommended or necessary? What happens if we pass pointer to buffer allocated outside of enclave to sgx_aes_ctr_decrypt? ie pointer passed as an user_check attribute to ECall.

Regards,

Himanshu

0 Kudos
2 Replies
Juan_d_Intel
Employee
81 Views

It's a recommendation. I'm sure you understand why.

sgx_aes_ctr_decrypt won't give you an error if the buffers are outside the enclave.

81 Views

Buffers do not need to be inside the enclave. But there are obvious security consequences for doing so. For decrypt you most likely want your destination buffer inside the enclave. Leaving the source outside the enclave can prevents a copy being required. Vice versa for the encrypt operation.

 

-Surenthar

Reply