Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update annotations of sgx_sealed_data_t and sgx_aes_gcm_data_t (#639) #640

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update annotations of sgx_sealed_data_t and sgx_aes_gcm_data_t (#639) #640

wants to merge 1 commit into from

Conversation

yang8621
Copy link

@yang8621 yang8621 commented Dec 8, 2020

Signed-off-by: Huang Yang yang.huang@intel.com

@yang8621 yang8621 mentioned this pull request Dec 8, 2020
Open
lzha101
lzha101 reviewed Dec 8, 2020
View reviewed changes
common/inc/sgx_tseal.h
uint32_t payload_size; /* 0: Size of the payload which includes both the encrypted data and the optional additional MAC text */
uint8_t reserved[12]; /* 4: Reserved bits */
uint32_t payload_size; /* 0: Size of the payload which includes the encrypted data: payload[] */
uint8_t reserved[SGX_SEAL_IV_SIZE]; /* 4: Reserved bits used as iv */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although the value of the used IV in tseal library is the same as this reserved bits array, but they are indeed different buffers. This reserved array is actually to make the structure 16byte aligned.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See the sample code, it's used as IV:
https://github.com/intel/linux-sgx/blob/master/SampleCode/LocalAttestation/EnclaveInitiator/EnclaveMessageExchange.cpp#L199
https://github.com/intel/linux-sgx/blob/master/SampleCode/LocalAttestation/EnclaveInitiator/EnclaveMessageExchange.cpp#L207

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK. Thanks for the explanation. This usage may not be aligned with the initial design of the structure. But the functionality is correct.

lzha101
lzha101 reviewed Dec 8, 2020
View reviewed changes
common/inc/sgx_tseal.h
@@ -47,18 +47,18 @@

typedef struct _aes_gcm_data_t
{
uint32_t payload_size; /* 0: Size of the payload which includes both the encrypted data and the optional additional MAC text */
uint8_t reserved[12]; /* 4: Reserved bits */
uint32_t payload_size; /* 0: Size of the payload which includes the encrypted data: payload[] */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The payload[] includes encrypted data and the optional additional authenticated data if users seal data with a plaintext (for example, sgx_seal_data() is called with p_additional_MACtext not NULL). So I suppose the previous annotation is correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lzha101 lzha101 lzha101 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@yang8621 @lzha101