-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove client-side enclave dependency #64
Comments
ankurdave
pushed a commit
that referenced
this issue
Nov 20, 2018
Add `encrypt()` and `decrypt()` util functions to remove client side enclave dependency when encrypting and decrypting Reorder outputted cipher in enclave crypto functions to match Java's ordering. Was previously `(IV, MAC, data)`, is now `(IV, data, MAC)` Co-authored by @ankurdave Fixes #37 WIP on #64
ankurdave
added a commit
to ankurdave/opaque
that referenced
this issue
Feb 11, 2019
- Encryption (Utils.encryptInternalRowsFlatbuffers) now uses Java crypto on the driver and an enclave on the workers, controlled by a flag. - Decryption is only called from the driver, so always uses Java crypto. - For sorting, the `FindRangeBounds` preprocessing task is shipped to a single worker, where it uses the existing enclave implementation. (Thanks to András Méhes.) Fixes mc2-project#64.
ankurdave
added a commit
that referenced
this issue
Feb 11, 2019
- Encryption (Utils.encryptInternalRowsFlatbuffers) now uses Java crypto on the driver and an enclave on the workers, controlled by a flag. - Decryption is only called from the driver, so always uses Java crypto. - For sorting, the `FindRangeBounds` preprocessing task is shipped to a single worker, where it uses the existing enclave implementation. (Thanks to András Méhes.) Fixes #64.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The client uses
ecall_encrypt
,ecall_decrypt
, andecall_find_range_bounds
. The first two should be reimplemented using a Java AES library. The latter should be run on a worker instead of the driver.After this is done, then
ecall_decrypt
can be removed (#37).The text was updated successfully, but these errors were encountered: