Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
62 Views

Proper location of destination buffers for sgx_rijndael128GCM_encrypt

Jump to solution

Dear Intel SGX Team,

I have a question about the proper usage of SDK function, sgx_rijndael128GCM_encrypt. In the "Intel SGX Developer Reference Guide", there is a description for the function. It says that "It is recommended that the source and destination data buffers are allocated within the enclave". However, what I wonder is that do we need to allocate the destination buffers within the enclave? I think the destination buffer only contains the encrypted data, so it can be allocated outside the enclave memory.

If we can allocate the destination buffer outside the enclave memory, I can use [user_check] for the function in the EDL file. (When I tested the latency difference between [out] and [user_check], it was not a big deal, but the [user_check] was a little bit better)

So, I wanna know why allocating destination buffer within the enclave is recommended. (I'm not sure but is it related to security issues?)

I really appreciate any comments.

Thank you in advance.

Best regards,

David Cho.

0 Kudos

Accepted Solutions
Highlighted
Moderator
44 Views

Re:Proper location of destination buffers for sgx_...

Jump to solution

Hello David,


It is recommended that the destination be inside the memory space of the enclave in order to not place enclave data into untrusted/unprotected memory space. You are right, the data is encrypted (this is why it's a recommendation rather than a requirement), and you will get better performance using [user check] because with [user check] the compiler does not create the proxy functions to marshal the data across the trust boundaries.


I recommend to read this article for more details on data marshaling: https://software.intel.com/content/www/us/en/develop/articles/intel-software-guard-extensions-tutori...


Jesus Garcia, Intel Customer Support

View solution in original post

3 Replies
Highlighted
Moderator
54 Views

Re:Proper location of destination buffers for sgx_...

Jump to solution

Hello David,


We are looking into your issue. Please stay tuned.


Jesus Garcia, Intel Customer Support
0 Kudos
Highlighted
Moderator
45 Views

Re:Proper location of destination buffers for sgx_...

Jump to solution

Hello David,


It is recommended that the destination be inside the memory space of the enclave in order to not place enclave data into untrusted/unprotected memory space. You are right, the data is encrypted (this is why it's a recommendation rather than a requirement), and you will get better performance using [user check] because with [user check] the compiler does not create the proxy functions to marshal the data across the trust boundaries.


I recommend to read this article for more details on data marshaling: https://software.intel.com/content/www/us/en/develop/articles/intel-software-guard-extensions-tutori...


Jesus Garcia, Intel Customer Support

View solution in original post

Highlighted
Beginner
37 Views

Re: Re:Proper location of destination buffers for sgx_...

Jump to solution

Thanks for your kind reply.

It helps me a lot.

Have a good day!

 

Best regards,

David Cho.

0 Kudos