Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update annotations of sgx_sealed_data_t and sgx_aes_gcm_data_t (#639) #640

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

yang8621
Copy link

@yang8621 yang8621 commented Dec 8, 2020

Signed-off-by: Huang Yang yang.huang@intel.com

uint32_t payload_size; /* 0: Size of the payload which includes both the encrypted data and the optional additional MAC text */
uint8_t reserved[12]; /* 4: Reserved bits */
uint32_t payload_size; /* 0: Size of the payload which includes the encrypted data: payload[] */
uint8_t reserved[SGX_SEAL_IV_SIZE]; /* 4: Reserved bits used as iv */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although the value of the used IV in tseal library is the same as this reserved bits array, but they are indeed different buffers. This reserved array is actually to make the structure 16byte aligned.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK. Thanks for the explanation. This usage may not be aligned with the initial design of the structure. But the functionality is correct.

@@ -47,18 +47,18 @@

typedef struct _aes_gcm_data_t
{
uint32_t payload_size; /* 0: Size of the payload which includes both the encrypted data and the optional additional MAC text */
uint8_t reserved[12]; /* 4: Reserved bits */
uint32_t payload_size; /* 0: Size of the payload which includes the encrypted data: payload[] */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The payload[] includes encrypted data and the optional additional authenticated data if users seal data with a plaintext (for example, sgx_seal_data() is called with p_additional_MACtext not NULL). So I suppose the previous annotation is correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants