Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1485 Discussions

Retain Diffie-Hellman Secret Derived During Remote Attestation

AArya2
New Contributor I
‎04-18-2017 10:21 AM
715 Views
Solved Jump to solution

How can this be done in a minimally invasive way?

I want to write an enclave that generates a symmetric session key from the DH secret derived during RA to be used for secret provisioning, as is recommended in all SGX references.

I conjecture one has to override some of the callback functions fed to sgx_ra_proc_msg2. Is that true? If so, and if not, how would you recommend I should go about it?

0 Kudos
1 Solution
AArya2
New Contributor I
‎04-18-2017 11:17 AM
715 Views
Solved Jump to solution

After reading the SDK Developer's Reference a bit, I realized that sgx_ra_init_ex should be used instead of sgx_ra_init.

Using the former function you can provide a callback function that customizes key derivation from the shared DH secret.

View solution in original post

0 Kudos
Copy link

Link Copied

1 Reply
AArya2
New Contributor I
‎04-18-2017 11:17 AM
716 Views
Solved Jump to solution

After reading the SDK Developer's Reference a bit, I realized that sgx_ra_init_ex should be used instead of sgx_ra_init.

Using the former function you can provide a callback function that customizes key derivation from the shared DH secret.

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.