Giters

sparkly9399 / SGX-OpenSSL

OpenSSL library for SGX application

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

SGX-OpenSSL

Overview

OpenSSL library for SGX application

Description

This project contains modified OpenSSL codes and necessary wrapper functions to be used for SGX-enabled applications.
We first ported an OpenSSL library to SGX for the SGX-Tor project in 2016 and made it public as an open source at Feb 2017.
Then we cleaned up the ported OpenSSL code with the newer version of OpenSSL for other SGX applications.
We also referred to Intel® SGX SSL project after it was released.
This project uses "md_rand.c" and "rand_unix.c" codes from Intel® SGX SSL project for generating random number safely in enclave.

Modified OpenSSL version: OpenSSL-1.0.2l https://github.com/openssl/openssl/releases/tag/OpenSSL_1_0_2l
Tested OS: ubuntu 16.04 LTS, 4.4.0
Tested SGX SDK version: Intel SGX SDK Linux 2.5 https://github.com/01org/linux-sgx/releases/tag/sgx_2.5

Usage:

  1. Go to OpenSSL_SGX/ folder.
  2. Run sgx_openssl_setup.sh to configure OpenSSL.
  3. Type "make" then you will get "libcrypto.a" and "libssl.a".
  4. Include the both static library files to your SGX application project.
  5. Copy and include the wrapper codes in "Wrappers/App" and "Wrappers/Enclave" directory to your own project.
  6. Implement your Makefile, EDL file, Linker script, Enclave configure file to build an SGX-enabled binary.

For the detailed usage, you can refer to the sample codes

Running sample codes

This project contains "Simple SSL/TLS server and client" sample codes.
I hope you can get some hints from the sample applications.

  1. If you did not build OpenSSL_SGX library, build the library first.
  2. Go to SampleCode/Simple_TLS_(Client or Server)/.
  3. Type "make" to build SGX-enabled TLS server and client.
  4. Start the TLS server at SampleCode/Simple_TLS_Server/app.
  5. Start the TLS client at SampleCode/Simple_TLS_Client/app.

References

  1. SGX-Tor: Tor anonymity network in the SGX environment (NSDI'17).
    Paper Link: https://www.usenix.org/system/files/conference/nsdi17/nsdi17-kim-seongmin.pdf.
  2. Intel® SGX SSL.
  3. SGX-Box: Enabling Visibility on Encrypted Traffic using a Secure Middlebox Module (APNet'17)
    Paper Link: http://conferences.sigcomm.org/events/apnet2017/papers/sgxbox-han.pdf.

Contact

Juhyeng Han sparkly9399@gmail.com
Seongmin Kim dallas1004@gmail.com

About

OpenSSL library for SGX application

License:Other

Languages

Language:C 74.7%Language:Perl 15.9%Language:Makefile 3.7%Language:DIGITAL Command Language 1.6%Language:Assembly 1.4%Language:C++ 1.0%Language:Shell 0.8%Language:M4 0.2%Language:Raku 0.2%Language:Batchfile 0.2%Language:Prolog 0.1%Language:Emacs Lisp 0.0%Language:eC 0.0%Language:XS 0.0%Language:Scheme 0.0%Language:Roff 0.0%