Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
165 Views

about sgx Cryptography Library (sgx_tcrypto)

It seems that sgx_tcypto don't support RSA encryption/decryption, is that right?

I didn't see them in the spec.

Is there any plan to support RSA in the trust library of Linux SDK ?

 

0 Kudos
13 Replies
Highlighted
165 Views

Hi,

Using of elliptic curves allows shorter public key length and encourages cryptographers to create cryptosystems with the same or higher encryption strength as the RSA or DSA cryptosystems. Because of the relatively short key length, ECCs do encryption and decryption faster on the hardware that requires less computation processing volumes.

-Surenthar

- Surenthar Selvaraj
0 Kudos
Highlighted
165 Views

The SGX SDK exposes the interface to the 8.x release of IPP. If they include ipp/ippcp.h in a source file in their enclave they will gain access to some RSA functions. In particular:

 

ippsRSAEncrypt

ippsRSADecrypt

ippsRSAGenerate

- Surenthar Selvaraj
0 Kudos
Highlighted
165 Views

Surenthar Selvaraj. (Intel) wrote:

The SGX SDK exposes the interface to the 8.x release of IPP. If they include ipp/ippcp.h in a source file in their enclave they will gain access to some RSA functions. In particular:

 

ippsRSAEncrypt

ippsRSADecrypt

ippsRSAGenerate

Hi Surenthar

Thanks.

BTW, could you provide me more details information about how to integrate SGX SDK and intel IPP ?

Do you mean I install Intel IPP sdk and include it in Enclave like using the sgx_tcrypto library?

 

0 Kudos
Highlighted
Employee
165 Views

After you install the SGX SDK the IPP Crypto header files should be in $(SGXSDKInstallPath)include\ipp

All you have to do is include ippcore.h and ippcp.h in you enclave and make the regular calls to the IPP crypto API. The calls will be resolved by sgx_tcrypto.lib.

0 Kudos
Highlighted
165 Views

Hi Juan

Thanks

I have check my install dir of sgxsdk, but can't find ipp sub-dir or ipp related header files in the include dir.

Do I need to install IPP first? And how can I integrate IPP into SGXSDK?

 

0 Kudos
Highlighted
Employee
165 Views

The IPP crypto headers are integrated in the Windows SDK but I just realized that you're working with Linux.

In this case my suggestion is that you install the IPP crypto for Linux first. Then, you can include the standard IPP crypto header files in your enclave and link with sgx_tcrypto.

Remember not link with the standard IPP crypto library. This won't work because the standard IPP crypto uses the CPUID instruction to initialize the dispatcher.

0 Kudos
Highlighted
Beginner
165 Views

Hello

Does the sgx_aes_ctr functionality provided in sgx_tcrypto use AES-NI instructions? If not, then is it possible to use AES-NI instruction inside enclave?

Thank You

0 Kudos
Highlighted
165 Views

Changzheng W. (Intel) wrote:

Quote:

Surenthar Selvaraj. (Intel) wrote:

 

The SGX SDK exposes the interface to the 8.x release of IPP. If they include ipp/ippcp.h in a source file in their enclave they will gain access to some RSA functions. In particular:

 

ippsRSAEncrypt

ippsRSADecrypt

ippsRSAGenerate

Hi Surenthar

Thanks.

BTW, could you provide me more details information about how to integrate SGX SDK and intel IPP ?

Do you mean I install Intel IPP sdk and include it in Enclave like using the sgx_tcrypto library?

An IPP Crypto library variant, optimized for SGX enclave use, is linked into the tcrypto library. There is no need to link in the standard IPP crypto product library into an enclave.  The application enclave can link in the tcrypto library, and the enclave code and include the IPP header file for function definitions.

-Surenthar

- Surenthar Selvaraj
0 Kudos
Highlighted
165 Views

Surenthar Selvaraj. (Intel) wrote:

Quote:

Changzheng W. (Intel) wrote:

 

Quote:

Surenthar Selvaraj. (Intel) wrote:

 

The SGX SDK exposes the interface to the 8.x release of IPP. If they include ipp/ippcp.h in a source file in their enclave they will gain access to some RSA functions. In particular:

 

ippsRSAEncrypt

ippsRSADecrypt

ippsRSAGenerate

Hi Surenthar

Thanks.

BTW, could you provide me more details information about how to integrate SGX SDK and intel IPP ?

Do you mean I install Intel IPP sdk and include it in Enclave like using the sgx_tcrypto library?

 

An IPP Crypto library variant, optimized for SGX enclave use, is linked into the tcrypto library. There is no need to link in the standard IPP crypto product library into an enclave.  The application enclave can link in the tcrypto library, and the enclave code and include the IPP header file for function definitions.

-Surenthar

 

Hi Surenthar

How could I use the IPP crypto library variant you mentioned? I can't find the header files in SGX SDK 1.6 (linux version)

 

0 Kudos
Highlighted
165 Views

You install the IPP crypto for Linux first. Then, you can include the standard IPP crypto header files in your enclave and link with sgx_tcrypto.

Remember not link with the standard IPP crypto library. This won't work because the standard IPP crypto uses the CPUID instruction to initialize the dispatcher.

- Surenthar Selvaraj
0 Kudos
Highlighted
Employee
165 Views

AES-GCM algorithms will use the AES-NI instructions if the corresponding feature bit is enabled, which is typically the case.

0 Kudos
Highlighted
Beginner
165 Views

Surenthar Selvaraj. (Intel) wrote:

You install the IPP crypto for Linux first. Then, you can include the standard IPP crypto header files in your enclave and link with sgx_tcrypto.

Remember not link with the standard IPP crypto library. This won't work because the standard IPP crypto uses the CPUID instruction to initialize the dispatcher.

By doing this, does other IPP crypto library functionalities (like big number arithmetic) become available as well? Or will it be just a select number of functionalities?

0 Kudos
Highlighted
Employee
165 Views

Yes, big number arithmetic and functionality will become available when you link your enclave with sgx_tcrypto.
All IPP crypto API should be supported, with a few exceptions (MD5, SHA224, SHA384, SHA512-224, SM3, and EC-SM2) due to size concerns.

0 Kudos