Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.
1264 Discussions

is there an interface in linux sgx sdk to check if remote x,y is on it's curve

TrueAbc
New Contributor I
226 Views

I'm trying to implement a key agreement between sgx enclave and golang client.

 

enclave logic

TrueAbc_0-1617074752892.png

golang logic

TrueAbc_1-1617075275891.png

 

I have noticed that in enclave gx and gy are little endian and in golang  crypto/elliptic X,  Y are big.Int in big endian form. 

I have change gx, gy from small endian to little endian. And golang library provide an interface to reports whether the given (x,y) lies on the curve.

func (curve *CurveParams) IsOnCurve(x, y *big.Int) bool {
    74  	// y² = x³ - 3x + b
    75  	y2 := new(big.Int).Mul(y, y)
    76  	y2.Mod(y2, curve.P)
    77  
    78  	return curve.polynomial(x).Cmp(y2) == 0
    79  }

And it seems that gx, gy from enclave lies on curve generate by golang.

TrueAbc_2-1617075509889.png

 

But shared key computed by them is different,   so is there an interface in linux sgx sdk to check if remote x,y is on it's curve ? Or does anyone have tried to implement a key agreement in different languages.

0 Kudos
1 Solution
TrueAbc
New Contributor I
202 Views

I have found what I want.  

sgx_ecc256_check_point

 This function can check remote point x, y are on local curve system.

 

By the way,   sgx_ecc256_open_context  choose this curve by default.

For golang client, select the corresponding curve parameters.(But notice big and litter endian in golang and sgx)

 

Just read souce code here.  

https://github.com/intel/linux-sgx/blob/master/sdk/tlibcrypto/sgxssl/sgx_ecc256.cpp

TrueAbc_0-1617351967082.png

 

View solution in original post

2 Replies
TrueAbc
New Contributor I
203 Views

I have found what I want.  

sgx_ecc256_check_point

 This function can check remote point x, y are on local curve system.

 

By the way,   sgx_ecc256_open_context  choose this curve by default.

For golang client, select the corresponding curve parameters.(But notice big and litter endian in golang and sgx)

 

Just read souce code here.  

https://github.com/intel/linux-sgx/blob/master/sdk/tlibcrypto/sgxssl/sgx_ecc256.cpp

TrueAbc_0-1617351967082.png

 

JesusG_Intel
Moderator
188 Views

Thanks for updating the thread with your answer, TrueAbc.

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.

Reply