Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1452 Discussions

is there an interface in linux sgx sdk to check if remote x,y is on it's curve

TrueAbc
New Contributor I
‎03-29-2021 08:42 PM
906 Views
Solved Jump to solution

I'm trying to implement a key agreement between sgx enclave and golang client.

 

enclave logic

TrueAbc_0-1617074752892.png

golang logic

TrueAbc_1-1617075275891.png

 

I have noticed that in enclave gx and gy are little endian and in golang  crypto/elliptic X,  Y are big.Int in big endian form. 

I have change gx, gy from small endian to little endian. And golang library provide an interface to reports whether the given (x,y) lies on the curve.

func (curve *CurveParams) IsOnCurve(x, y *big.Int) bool {
    74  	// y² = x³ - 3x + b
    75  	y2 := new(big.Int).Mul(y, y)
    76  	y2.Mod(y2, curve.P)
    77  
    78  	return curve.polynomial(x).Cmp(y2) == 0
    79  }

And it seems that gx, gy from enclave lies on curve generate by golang.

TrueAbc_2-1617075509889.png

 

But shared key computed by them is different,   so is there an interface in linux sgx sdk to check if remote x,y is on it's curve ? Or does anyone have tried to implement a key agreement in different languages.

0 Kudos
1 Solution
TrueAbc
New Contributor I
‎04-02-2021 01:28 AM
882 Views
Solved Jump to solution

I have found what I want.  

sgx_ecc256_check_point

 This function can check remote point x, y are on local curve system.

 

By the way,   sgx_ecc256_open_context  choose this curve by default.

For golang client, select the corresponding curve parameters.(But notice big and litter endian in golang and sgx)

 

Just read souce code here.  

https://github.com/intel/linux-sgx/blob/master/sdk/tlibcrypto/sgxssl/sgx_ecc256.cpp

TrueAbc_0-1617351967082.png

 

View solution in original post

0 Kudos
Copy link

Link Copied

2 Replies
TrueAbc
New Contributor I
‎04-02-2021 01:28 AM
883 Views
Solved Jump to solution

I have found what I want.  

sgx_ecc256_check_point

 This function can check remote point x, y are on local curve system.

 

By the way,   sgx_ecc256_open_context  choose this curve by default.

For golang client, select the corresponding curve parameters.(But notice big and litter endian in golang and sgx)

 

Just read souce code here.  

https://github.com/intel/linux-sgx/blob/master/sdk/tlibcrypto/sgxssl/sgx_ecc256.cpp

TrueAbc_0-1617351967082.png

 

0 Kudos
Copy link
JesusG_Intel
Moderator
‎04-05-2021 09:10 AM
868 Views
Solved Jump to solution

Thanks for updating the thread with your answer, TrueAbc.

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.