Providing Secure, Well-Tested SGX Integration with wolfSSL and wolfCrypt
Did you know that wolfSSL has support for Intel SGX? Not only do we have support for SGX, but we do continuous integration testing on that support to offer our users a more robust and mature solution. This means that every night a process starts up and runs unit tests on crypto operations in a secure SGX enclave. Here’s a peek at some of the on going tests in action:
… LINK => App GEN => trusted/Wolfssl_Enclave_t.c CC <= trusted/Wolfssl_Enclave_t.c cc -Wno-implicit-function-declaration -std=c11 -m64 -O2 -nostdinc -fvisibility=hidden -fpie -fstack-protector -IInclude -Itrusted -I../..// -I../..//wolfcrypt/ -I/opt/intel/sgxsdk/include -I/opt/intel/sgxsdk/include/tlibc -I/opt/intel/sgxsdk/include/stlport-fno-builtin -fno-builtin-printf -I. -DWOLFSSL_SGX -DHAVE_WOLFSSL_TEST -c trusted/Wolfssl_Enclave.c -o trusted/Wolfssl_Enclave.o CC <= trusted/Wolfssl_Enclave.c -m64 -O2 -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L/opt/intel/sgxsdk/lib64 -L../../IDE/LINUX-SGX/ -lwolfssl.sgx.static.lib -Wl,--whole-archive -lsgx_trts -Wl,--no-whole-archive -Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -lsgx_tcrypto -lsgx_tservice -Wl,--end-group -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined -Wl,-pie,-eenclave_entry -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--version-script=trusted/Wolfssl_Enclave.lds@ LINK => Wolfssl_Enclave.so … SIGN => Wolfssl_Enclave.signed.so + ./App -t Crypt Test: error test passed! base64 test passed! base64 test passed! MD5 test passed! MD4 test passed! SHA test passed! SHA-256 test passed! Hash test passed! HMAC-MD5 test passed! HMAC-SHA test passed! HMAC-SHA256 test passed! GMAC test passed! ARC4 test passed! HC-128 test passed! Rabbit test passed! DES test passed! DES3 test passed! AES test passed! AES192 test passed! AES256 test passed! AES-GCM test passed! RANDOM test passed! RSA test passed! DH test passed! DSA test passed! PWDBASED test passed! ECC test passed! ECC buffer test passed! mutex test passed! memcb test passed! Crypt Test: Return code 0 …
If you are interested in using wolfSSL or wolfCrypt inside a secure Intel SGX enclave, let us know at firstname.lastname@example.org. We can provide you with full details of our current support and evaluation information. We can also help answer questions about users interested in FIPS 140-2 cryptography support inside an SGX enclave environment.
Curious about why wolfSSL is the most well-tested SSL/TLS library available today? Get the details here!