Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

SGX OpenSSL API Support

Elephant
Beginner
860 Views

Hi,


I saw from the OpenSSL SGX library that it supports only a handful of OpenSSL API's.  For example, EVP_aes_128_gcm and EVP_aes_256_gcm only for symmetric encryption.  I saw from the package that it supports more that what's documented (at least for the public key cryptography support).  I could not see any test code for the symmetric encryption, so I cannot verify for sure.  I could only rely on the evp.h file to check the support for symmetric encryption and it supports most of what OpenSSL provides, i.e. no #ifdefs to exclude the other AES modes.

Can anyone please confirm that it is just some incomplete documentation that's written in the SgxSSL library developer guide?

Thank you very much!

Kind Regards,
Elephant

 

 

0 Kudos
1 Solution
Juan_d_Intel
Employee
860 Views

The functions included in the documentation are the only ones we could verify in the posted package. As you noticed, we haven't removed the remaining APIs, which may or may not work.

View solution in original post

0 Kudos
4 Replies
Anusha_K_Intel
Employee
860 Views

Hi,

Have you tried implementing the API not specified in the user guide in the program. I guess some functions were not specified in the user guide like evp_aes_192, evp_rc2 . The others EVP_rc4, EVP_rc5, EVP_cast, EVP_bf are not supported.

0 Kudos
Elephant
Beginner
860 Views

Hi Anusha,

Yes, I have tried implementing some API's not in the documentation and they work.  For example, AES CBC, etc.
Anyway, it would probably be better if they have a document discussing what they don't support if they actually support most of the API's. :-)

Kind Regards,
Rodel

Anusha K. (Intel) wrote:

Hi,

Have you tried implementing the API not specified in the user guide in the program. I guess some functions were not specified in the user guide like evp_aes_192, evp_rc2 . The others EVP_rc4, EVP_rc5, EVP_cast, EVP_bf are not supported.

0 Kudos
Juan_d_Intel
Employee
861 Views

The functions included in the documentation are the only ones we could verify in the posted package. As you noticed, we haven't removed the remaining APIs, which may or may not work.

0 Kudos
Elephant
Beginner
860 Views

Hi Juan,

Thank you for this information.  Those API's that were said to be working but not in the documentation is still running inside the main enclave that use them right?  (no ocalls within the SGXSSL library?)

Thanks.  

Kind Regards,
Elephant

Juan del Cuvillo (Intel) wrote:

The functions included in the documentation are the only ones we could verify in the posted package. As you noticed, we haven't removed the remaining APIs, which may or may not work.

0 Kudos
Reply