链接已复制
Hi,
Using of elliptic curves allows shorter public key length and encourages cryptographers to create cryptosystems with the same or higher encryption strength as the RSA or DSA cryptosystems. Because of the relatively short key length, ECCs do encryption and decryption faster on the hardware that requires less computation processing volumes.
-Surenthar
The SGX SDK exposes the interface to the 8.x release of IPP. If they include ipp/ippcp.h in a source file in their enclave they will gain access to some RSA functions. In particular:
ippsRSAEncrypt
ippsRSADecrypt
ippsRSAGenerate
Surenthar Selvaraj. (Intel) wrote:
The SGX SDK exposes the interface to the 8.x release of IPP. If they include ipp/ippcp.h in a source file in their enclave they will gain access to some RSA functions. In particular:
ippsRSAEncrypt
ippsRSADecrypt
ippsRSAGenerate
Hi Surenthar
Thanks.
BTW, could you provide me more details information about how to integrate SGX SDK and intel IPP ?
Do you mean I install Intel IPP sdk and include it in Enclave like using the sgx_tcrypto library?
After you install the SGX SDK the IPP Crypto header files should be in $(SGXSDKInstallPath)include\ipp
All you have to do is include ippcore.h and ippcp.h in you enclave and make the regular calls to the IPP crypto API. The calls will be resolved by sgx_tcrypto.lib.
Hi Juan
Thanks
I have check my install dir of sgxsdk, but can't find ipp sub-dir or ipp related header files in the include dir.
Do I need to install IPP first? And how can I integrate IPP into SGXSDK?
The IPP crypto headers are integrated in the Windows SDK but I just realized that you're working with Linux.
In this case my suggestion is that you install the IPP crypto for Linux first. Then, you can include the standard IPP crypto header files in your enclave and link with sgx_tcrypto.
Remember not link with the standard IPP crypto library. This won't work because the standard IPP crypto uses the CPUID instruction to initialize the dispatcher.
Changzheng W. (Intel) wrote:
Quote:
Surenthar Selvaraj. (Intel) wrote:
The SGX SDK exposes the interface to the 8.x release of IPP. If they include ipp/ippcp.h in a source file in their enclave they will gain access to some RSA functions. In particular:
ippsRSAEncrypt
ippsRSADecrypt
ippsRSAGenerate
Hi Surenthar
Thanks.
BTW, could you provide me more details information about how to integrate SGX SDK and intel IPP ?
Do you mean I install Intel IPP sdk and include it in Enclave like using the sgx_tcrypto library?
An IPP Crypto library variant, optimized for SGX enclave use, is linked into the tcrypto library. There is no need to link in the standard IPP crypto product library into an enclave. The application enclave can link in the tcrypto library, and the enclave code and include the IPP header file for function definitions.
-Surenthar
Surenthar Selvaraj. (Intel) wrote:
Quote:
Changzheng W. (Intel) wrote:
Quote:
Surenthar Selvaraj. (Intel) wrote:
The SGX SDK exposes the interface to the 8.x release of IPP. If they include ipp/ippcp.h in a source file in their enclave they will gain access to some RSA functions. In particular:
ippsRSAEncrypt
ippsRSADecrypt
ippsRSAGenerate
Hi Surenthar
Thanks.
BTW, could you provide me more details information about how to integrate SGX SDK and intel IPP ?
Do you mean I install Intel IPP sdk and include it in Enclave like using the sgx_tcrypto library?
An IPP Crypto library variant, optimized for SGX enclave use, is linked into the tcrypto library. There is no need to link in the standard IPP crypto product library into an enclave. The application enclave can link in the tcrypto library, and the enclave code and include the IPP header file for function definitions.
-Surenthar
Hi Surenthar
How could I use the IPP crypto library variant you mentioned? I can't find the header files in SGX SDK 1.6 (linux version)
You install the IPP crypto for Linux first. Then, you can include the standard IPP crypto header files in your enclave and link with sgx_tcrypto.
Remember not link with the standard IPP crypto library. This won't work because the standard IPP crypto uses the CPUID instruction to initialize the dispatcher.
Surenthar Selvaraj. (Intel) wrote:
You install the IPP crypto for Linux first. Then, you can include the standard IPP crypto header files in your enclave and link with sgx_tcrypto.
Remember not link with the standard IPP crypto library. This won't work because the standard IPP crypto uses the CPUID instruction to initialize the dispatcher.
By doing this, does other IPP crypto library functionalities (like big number arithmetic) become available as well? Or will it be just a select number of functionalities?
Yes, big number arithmetic and functionality will become available when you link your enclave with sgx_tcrypto.
All IPP crypto API should be supported, with a few exceptions (MD5, SHA224, SHA384, SHA512-224, SM3, and EC-SM2) due to size concerns.
