You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have AES encryption library that defines a "key" struct which can encrypt and decrypt data with AES. I use the enclave as struct field where I store the secret for the key. Whenever I need to encrypt or decrypt data, I open the enclave which gives me locked buffer, do the work and and destroy the returned locked buffer. The thing is, this seems to me quite wasteful because it always creates the locked buffer and destroys it afterwards. I would prefer to have an internal buffer, or buffer pool, into which the enclave can read the secret, I do the work, and then just wipe it out with clear() or some random xor, so the memory footprint is fixed and I am not constantly allocating and freeing memory for the secret. Is something like that possible - reading into existing []byte from enclave?
The text was updated successfully, but these errors were encountered:
funcOpenInto(e*Enclave, b []byte) ([]byte, error) {
k, err:=getOrCreateKey().View()
iferr!=nil {
returnnil, err
}
_, err=Decrypt(e.ciphertext, k.Data(), b) // <- must ensure b has correct size/capacityiferr!=nil {
returnnil, err
}
k.Destroy()
returnb, nil
}
Although that getOrCreateKey uses Coffer object which also has temporary buffers so the memory overhead is quite massive in general and it would require way more work to make efficient than just adding OpenInto().
I have AES encryption library that defines a "key" struct which can encrypt and decrypt data with AES. I use the enclave as struct field where I store the secret for the key. Whenever I need to encrypt or decrypt data, I open the enclave which gives me locked buffer, do the work and and destroy the returned locked buffer. The thing is, this seems to me quite wasteful because it always creates the locked buffer and destroys it afterwards. I would prefer to have an internal buffer, or buffer pool, into which the enclave can read the secret, I do the work, and then just wipe it out with clear() or some random xor, so the memory footprint is fixed and I am not constantly allocating and freeing memory for the secret. Is something like that possible - reading into existing []byte from enclave?
The text was updated successfully, but these errors were encountered: