Community
cancel
Showing results for 
Search instead for 
Did you mean: 
kalsheraut
Beginner
134 Views

wolfSSL with Intel SGX Enclave

Jump to solution

Greetings Intel Community,

wolfSSL noticed a posting regarding OpenSSL with SGX Enclave. We wanted to let the community know wolfSSL recently received an SGX development platform from our partners over at Intel. We have been working diligently to add support for wolfSSLs' wolfCrypt library since receiving the test platform.

wolfSSL is already observing promising results with the wolfCrypt operations (SHA-256, AES-GCM and RSA Encrypt/Decrypt) in SGX Enclave.  We will continue our efforts and plan to release this support to the public in the near future!

wolfSSL footprints typically average between 80K and 120K. Footprints vary depending on  functionality and speed optimizations. wolfSSL believes this size is optimal in the SGX Enclave environment and is eager to answer any questions the community might have. Please reach out to us info@wolfssl.com

 

0 Kudos
1 Solution
Sam5
New Contributor I
134 Views

wolfSSL is actively developing support for Intel SGX Enclave and will be at IDF 2016 in San Francisco.
http://www.intel.com/content/www/us/en/intel-developer-forum-idf/san-francisco/2016/idf-2016-san-fra...

View solution in original post

5 Replies
Sam5
New Contributor I
135 Views

wolfSSL is actively developing support for Intel SGX Enclave and will be at IDF 2016 in San Francisco.
http://www.intel.com/content/www/us/en/intel-developer-forum-idf/san-francisco/2016/idf-2016-san-fra...

View solution in original post

Jacob_B_2
New Contributor I
134 Views

As an update to the status of this project there is now support in wolfSSL for use with Intel® SGX on both Windows and Linux. In addition to being available on both operating systems the Linux example includes running a full TLS connection in a secure Enclave. Examples can be found on GitHub under wolfssl/wolfssl-examples located here (https://github.com/wolfSSL/wolfssl-examples). One of the exciting upcoming features this year, is that wolfSSL is planning to be FIPS certified while running inside a secure Enclave.

If there are questions about current support or the future roadmap feel free to let us know.

Elephant
Beginner
134 Views

Jacob B. wrote:

As an update to the status of this project there is now support in wolfSSL for use with Intel® SGX on both Windows and Linux. In addition to being available on both operating systems the Linux example includes running a full TLS connection in a secure Enclave. Examples can be found on GitHub under wolfssl/wolfssl-examples located here (https://github.com/wolfSSL/wolfssl-examples). One of the exciting upcoming features this year, is that wolfSSL is planning to be FIPS certified while running inside a secure Enclave.

If there are questions about current support or the future roadmap feel free to let us know.

Hi Jacob,

I would like to get an update about this.  Is there / will there be a FIPS certified version of this Intel SGX SSL library from wolfSSL?

Thanks!

Kind Regards,
Elephant  

Jacob_B_2
New Contributor I
134 Views

Hi Elephant,

The project to get a FIPS certified version of wolfSSL running with Intel SGX is under way and coming along nicely. The project currently has our in house NIST test vectors passing on Linux in preparation for getting vectors from the lab for certificate completion. For a complete status on the project or questions, please contact wolfSSL directly at info@wolfssl.com.

Regards,
Jacob

Jacob_B_2
New Contributor I
134 Views

wolfSSL FIPS has been validated running in a secure enclave! To view the operating environments testing was performed, on check out the wolfSSL security policy here https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2425.pdf. To get the progressive TLS/SSL wolfSSL FIPS with Intel SGX on your operating environment or for IoT project questions contact us at info@wolfssl.com. More information about the wolfSSL embedded security library can be found at wolfssl.com.

Reply