Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.
1307 Discussions

Data buffer allocation recommendation for sgx_aes_ctr_decrypt

manshu_P_
Beginner
231 Views

Hi All,

Documentation of  sgx_aes_ctr_decrypt ( https://software.intel.com/en-us/node/696625 )  says "It is recommended that the source, destination and counter data buffers are allocated within the enclave."

So is it recommended or necessary? What happens if we pass pointer to buffer allocated outside of enclave to sgx_aes_ctr_decrypt? ie pointer passed as an user_check attribute to ECall.

Regards,

Himanshu

0 Kudos
2 Replies
Juan_d_Intel
Employee
231 Views

It's a recommendation. I'm sure you understand why.

sgx_aes_ctr_decrypt won't give you an error if the buffers are outside the enclave.

Surenthar_S_Intel
231 Views

Buffers do not need to be inside the enclave. But there are obvious security consequences for doing so. For decrypt you most likely want your destination buffer inside the enclave. Leaving the source outside the enclave can prevents a copy being required. Vice versa for the encrypt operation.

 

-Surenthar

Reply