1 Reply by abbey_chase

(4 replies, posted in wolfSSL)

Kaleb J. Himes wrote:

abbey_chase,

Thank you so much for inquiring. By default aesni is not enabled in SGX but you should be able to turn it on by adding the appropriate defines in Wolfssl_C_Extra_Flags section of:

wolfssl-4.3.0/IDE/LINUX-SGX/sgx_t_static.mk
wolfssl-examples/SGX_Linux/sgx_t.mk
wolfssl-examples/SGX_Linux/sgx_u.mk

The setting to add would be:

Wolfssl_C_Extra_Flags := -DWOLFSSL_SGX
Wolfssl_C_Extra_Flags += -DWOLFSSL_AESNI # Add this setting to enable AESNI support

Let us know if you have any trouble getting it setup.

Warm Regards,

K

BTW, if I specify -DWOLFSSL_AESNI, the I get compiler errors because the following include statements all fail because the associated files do no exist anywhere in the WolfSSL tree structure

#include <wmmintrin.h>
#include <emmintrin.h>
#include <smmintrin.h>

Also, according to https://github.com/wolfSSL/wolfssl/tree … LINUX-SGX, at the bottom of the instruction it reads that AES-NI instructions for SGX haven't been added yet. Is that a misprint?

Go to forum: wolfSSL

2 Reply by abbey_chase

(4 replies, posted in wolfSSL)

Kaleb J. Himes wrote:

abbey_chase,

Thank you so much for inquiring. By default aesni is not enabled in SGX but you should be able to turn it on by adding the appropriate defines in Wolfssl_C_Extra_Flags section of:

wolfssl-4.3.0/IDE/LINUX-SGX/sgx_t_static.mk
wolfssl-examples/SGX_Linux/sgx_t.mk
wolfssl-examples/SGX_Linux/sgx_u.mk

The setting to add would be:

Wolfssl_C_Extra_Flags := -DWOLFSSL_SGX
Wolfssl_C_Extra_Flags += -DWOLFSSL_AESNI # Add this setting to enable AESNI support

Let us know if you have any trouble getting it setup.

Warm Regards,

K

Thank you. Is the WOLFSSL_AESNI define one of my different defines that I should include if I want to enable certain other features (i.e. when I ran the ./configure executable from the root of WolfSSL, I specified the following flags:

--enable-aesccm --enable-aesctr --enable-aesofb --enable-aescfb --enable-aesni --enable-intelasm --enable-intelrand --enable-keygen --enable-certgen --enable-certreq --enable-certext --enable-hkdf --enable-x963kdf --enable-curve25519 --enable-ed25519 --enable-psk --enable-aeskeywrap

Do I have to include similar flags as -DWOLFSSL_AESNI for each of the flags above?

Go to forum: wolfSSL

3 Topic by abbey_chase

(4 replies, posted in wolfSSL)

When does WolfSSL plan to leverage AES-NI within their Intel SGX library? Just wondering. Right now, I'm forced to use a mixture of SGX SSL and WolfSSL, since SGX SSL has AES-NI support, but WolfSSL has better asymmetric support, but I'd rather have to deal with just one crypto module if possible.

Go to forum: wolfSSL

4 Topic by abbey_chase

(1 replies, posted in wolfSSL)

After much tribulations, I was able to run make on the SGX_Linux sample: basically, everything WolfSSL related seems to be missing. Here's the output:

-bash-4.2# make all
make -ef sgx_u.mk all
make[1]: Entering directory `/home/builduser/Downloads/wolfssl-examples/SGX_Linux'
GEN  =>  untrusted/Wolfssl_Enclave_u.c
cc -m64 -O2 -fPIC -Wno-attributes -IInclude -I/home/builduser/Downloads/wolfssl-4.1.0/ -I/home/builduser/Downloads/wolfssl-4.1.0/wolfcrypt/ -Iuntrusted -I/home/builduser/Documents/sgxroot/sgxsdk/include -DWOLFSSL_SGX -DNDEBUG -UEDEBUG -UDEBUG -c untrusted/Wolfssl_Enclave_u.c -o untrusted/Wolfssl_Enclave_u.o
CC   <=  untrusted/Wolfssl_Enclave_u.c
cc -m64 -O2 -fPIC -Wno-attributes -IInclude -I/home/builduser/Downloads/wolfssl-4.1.0/ -I/home/builduser/Downloads/wolfssl-4.1.0/wolfcrypt/ -Iuntrusted -I/home/builduser/Documents/sgxroot/sgxsdk/include -DWOLFSSL_SGX -DNDEBUG -UEDEBUG -UDEBUG -c untrusted/App.c -o untrusted/App.o
CC  <=  untrusted/App.c
cc -m64 -O2 -fPIC -Wno-attributes -IInclude -I/home/builduser/Downloads/wolfssl-4.1.0/ -I/home/builduser/Downloads/wolfssl-4.1.0/wolfcrypt/ -Iuntrusted -I/home/builduser/Documents/sgxroot/sgxsdk/include -DWOLFSSL_SGX -DNDEBUG -UEDEBUG -UDEBUG -c untrusted/client-tls.c -o untrusted/client-tls.o
CC  <=  untrusted/client-tls.c
cc -m64 -O2 -fPIC -Wno-attributes -IInclude -I/home/builduser/Downloads/wolfssl-4.1.0/ -I/home/builduser/Downloads/wolfssl-4.1.0/wolfcrypt/ -Iuntrusted -I/home/builduser/Documents/sgxroot/sgxsdk/include -DWOLFSSL_SGX -DNDEBUG -UEDEBUG -UDEBUG -c untrusted/server-tls.c -o untrusted/server-tls.o
CC  <=  untrusted/server-tls.c
LINK =>  App
make[1]: Leaving directory `/home/builduser/Downloads/wolfssl-examples/SGX_Linux'
make -ef sgx_t.mk all
make[1]: Entering directory `/home/builduser/Downloads/wolfssl-examples/SGX_Linux'
GEN  =>  trusted/Wolfssl_Enclave_t.c
CC   <=  trusted/Wolfssl_Enclave_t.c
cc -Wno-implicit-function-declaration -std=c11 -m64 -O2 -nostdinc -fvisibility=hidden -fpie -fstack-protector -IInclude -Itrusted -I/home/builduser/Downloads/wolfssl-4.1.0/ -I/home/builduser/Downloads/wolfssl-4.1.0/wolfcrypt/ -I/home/builduser/Documents/sgxroot/sgxsdk/include -I/home/builduser/Documents/sgxroot/sgxsdk/include/tlibc -I/home/builduser/Documents/sgxroot/sgxsdk/include/stlport-fno-builtin -fno-builtin-printf -I. -DWOLFSSL_SGX -c trusted/Wolfssl_Enclave.c -o trusted/Wolfssl_Enclave.o
CC  <=  trusted/Wolfssl_Enclave.c
-m64 -O2 -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L/home/builduser/Documents/sgxroot/sgxsdk/lib64 -L -lwolfssl.sgx.static.lib -Wl,--whole-archive -lsgx_trts_sim -Wl,--no-whole-archive -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -lsgx_tcrypto -lsgx_tservice_sim -Wl,--end-group -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined -Wl,-pie,-eenclave_entry -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--version-script=trusted/Wolfssl_Enclave.lds@
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_CTX_new':
Wolfssl_Enclave.c:(.text+0x75): undefined reference to `wolfSSL_METHOD_GetObjectSize'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_CTX_use_certificate_chain_buffer_format':
Wolfssl_Enclave.c:(.text+0xb7): undefined reference to `wolfSSL_CTX_GetObjectSize'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_CTX_use_certificate_buffer':
Wolfssl_Enclave.c:(.text+0x107): undefined reference to `wolfSSL_CTX_GetObjectSize'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_CTX_use_PrivateKey_buffer':
Wolfssl_Enclave.c:(.text+0x157): undefined reference to `wolfSSL_CTX_GetObjectSize'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_CTX_load_verify_buffer':
Wolfssl_Enclave.c:(.text+0x1a7): undefined reference to `wolfSSL_CTX_GetObjectSize'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_CTX_set_cipher_list':
Wolfssl_Enclave.c:(.text+0x1ed): undefined reference to `wolfSSL_CTX_GetObjectSize'
trusted/Wolfssl_Enclave.o:Wolfssl_Enclave.c:(.text+0x225): more undefined references to `wolfSSL_CTX_GetObjectSize' follow
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_set_fd':
Wolfssl_Enclave.c:(.text+0x25c): undefined reference to `wolfSSL_GetObjectSize'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_connect':
Wolfssl_Enclave.c:(.text+0x295): undefined reference to `wolfSSL_GetObjectSize'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_write':
Wolfssl_Enclave.c:(.text+0x2ce): undefined reference to `wolfSSL_GetObjectSize'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_get_error':
Wolfssl_Enclave.c:(.text+0x30c): undefined reference to `wolfSSL_GetObjectSize'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_read':
Wolfssl_Enclave.c:(.text+0x34e): undefined reference to `wolfSSL_GetObjectSize'
trusted/Wolfssl_Enclave.o:Wolfssl_Enclave.c:(.text+0x385): more undefined references to `wolfSSL_GetObjectSize' follow
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_CTX_free':
Wolfssl_Enclave.c:(.text+0x3b5): undefined reference to `wolfSSL_CTX_GetObjectSize'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_Debugging_ON':
Wolfssl_Enclave.c:(.text+0x21): undefined reference to `wolfSSL_Debugging_ON'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_Debugging_OFF':
Wolfssl_Enclave.c:(.text+0x31): undefined reference to `wolfSSL_Debugging_OFF'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_Init':
Wolfssl_Enclave.c:(.text+0x41): undefined reference to `wolfSSL_Init'
trusted/Wolfssl_Enclave.o: In function `enc_wolfTLSv1_2_client_method':
Wolfssl_Enclave.c:(.text+0x51): undefined reference to `wolfTLSv1_2_client_method'
trusted/Wolfssl_Enclave.o: In function `enc_wolfTLSv1_2_server_method':
Wolfssl_Enclave.c:(.text+0x61): undefined reference to `wolfTLSv1_2_server_method'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_CTX_new':
Wolfssl_Enclave.c:(.text+0x8e): undefined reference to `wolfSSL_CTX_new'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_CTX_use_certificate_chain_buffer_format':
Wolfssl_Enclave.c:(.text+0xe2): undefined reference to `wolfSSL_CTX_use_certificate_chain_buffer_format'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_CTX_use_certificate_buffer':
Wolfssl_Enclave.c:(.text+0x132): undefined reference to `wolfSSL_CTX_use_certificate_buffer'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_CTX_use_PrivateKey_buffer':
Wolfssl_Enclave.c:(.text+0x182): undefined reference to `wolfSSL_CTX_use_PrivateKey_buffer'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_CTX_load_verify_buffer':
Wolfssl_Enclave.c:(.text+0x1d2): undefined reference to `wolfSSL_CTX_load_verify_buffer'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_CTX_set_cipher_list':
Wolfssl_Enclave.c:(.text+0x20e): undefined reference to `wolfSSL_CTX_set_cipher_list'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_new':
Wolfssl_Enclave.c:(.text+0x23e): undefined reference to `wolfSSL_new'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_set_fd':
Wolfssl_Enclave.c:(.text+0x27c): undefined reference to `wolfSSL_set_fd'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_connect':
Wolfssl_Enclave.c:(.text+0x2ae): undefined reference to `wolfSSL_connect'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_write':
Wolfssl_Enclave.c:(.text+0x2f0): undefined reference to `wolfSSL_write'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_get_error':
Wolfssl_Enclave.c:(.text+0x32c): undefined reference to `wolfSSL_get_error'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_read':
Wolfssl_Enclave.c:(.text+0x370): undefined reference to `wolfSSL_read'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_free':
Wolfssl_Enclave.c:(.text+0x39e): undefined reference to `wolfSSL_free'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_CTX_free':
Wolfssl_Enclave.c:(.text+0x3ce): undefined reference to `wolfSSL_CTX_free'
trusted/Wolfssl_Enclave.o: In function `enc_wolfSSL_Cleanup':
Wolfssl_Enclave.c:(.text+0x3e1): undefined reference to `wolfSSL_Cleanup'
collect2: error: ld returned 1 exit status
make[1]: *** [Wolfssl_Enclave.so] Error 1
make[1]: Leaving directory `/home/builduser/Downloads/wolfssl-examples/SGX_Linux'
make: *** [all] Error

Any clues?

Note that on line 71 of the Makefile, I had to replace:

-lsgx_tstdcxx

with:

-lsgx_tcxx

Since sgx_tstdcxx doesn't exist anymore in the latest version of the Intel SGX SDK

Go to forum: wolfSSL