Update annotations of sgx_sealed_data_t and sgx_aes_gcm_data_t (#639)#640
Update annotations of sgx_sealed_data_t and sgx_aes_gcm_data_t (#639)#640yang8621 wants to merge 1 commit into
Conversation
…#639) Signed-off-by: Huang Yang <yang.huang@intel.com>
| uint32_t payload_size; /* 0: Size of the payload which includes both the encrypted data and the optional additional MAC text */ | ||
| uint8_t reserved[12]; /* 4: Reserved bits */ | ||
| uint32_t payload_size; /* 0: Size of the payload which includes the encrypted data: payload[] */ | ||
| uint8_t reserved[SGX_SEAL_IV_SIZE]; /* 4: Reserved bits used as iv */ |
There was a problem hiding this comment.
Although the value of the used IV in tseal library is the same as this reserved bits array, but they are indeed different buffers. This reserved array is actually to make the structure 16byte aligned.
There was a problem hiding this comment.
See the sample code, it's used as IV:
https://github.com/intel/linux-sgx/blob/master/SampleCode/LocalAttestation/EnclaveInitiator/EnclaveMessageExchange.cpp#L199
https://github.com/intel/linux-sgx/blob/master/SampleCode/LocalAttestation/EnclaveInitiator/EnclaveMessageExchange.cpp#L207
There was a problem hiding this comment.
OK. Thanks for the explanation. This usage may not be aligned with the initial design of the structure. But the functionality is correct.
| { | ||
| uint32_t payload_size; /* 0: Size of the payload which includes both the encrypted data and the optional additional MAC text */ | ||
| uint8_t reserved[12]; /* 4: Reserved bits */ | ||
| uint32_t payload_size; /* 0: Size of the payload which includes the encrypted data: payload[] */ |
There was a problem hiding this comment.
The payload[] includes encrypted data and the optional additional authenticated data if users seal data with a plaintext (for example, sgx_seal_data() is called with p_additional_MACtext not NULL). So I suppose the previous annotation is correct.
2 participants
Signed-off-by: Huang Yang yang.huang@intel.com