Intel® Software Guard Extensions SSL
Introduction
The Intel® Software Guard Extensions SSL (Intel® SGX SSL) cryptographic library is intended to provide cryptographic services for Intel® Software Guard Extensions (SGX) enclave applications.
The Intel® SGX SSL cryptographic library is based on the underlying OpenSSL* Open Source project, providing a full-strength general purpose cryptography library.
Supported OpenSSL version is 1.1.1*. To work with 1.1.0 version please use "openssl_1.1.0" branch.
License
See License.txt for details.
Documentation
- For details on library architecture: Architecture overview
- For details on using the libraries, please refer to the:
Build Intel® SGX SSL package
Windows
Prerequisites
- Microsoft Visual Studio 2015.
- 7-Zip
- Perl
- NASM (Netwide Assembler)
- Intel(R) SGX SDK.
- Intel(R) SGX PSW.
- Intel(R) SGX driver.
(Note: 7-Zip, Perl, NASM need to be included in machine's PATH variable)
To build Intel® SGX SSL package in Windows OS:
- Download OpenSSL package into openssl_source/ directory. (tar.gz package, e.g. openssl-1.1.1.tar.gz)
- Download and install latest SGX SDK from Intel Developer Zone. You can find installation guide from the same website.
- Change the directory to the SGXSSL path and enter the following command:
build_all.cmd <OPENSSL_VERSION> [default == openssl-1.1.1]
This will build the Intel® SGX SSL libraries (libsgx_tsgxssl.lib, libsgx_usgxssl.lib, libsgx_tsgxssl_crypto.lib), which can be found in package/lib/{Win32|X64}/{debug|release}/.
Linux
Prerequisites
- Perl
- Intel(R) SGX SDK.
- Intel(R) SGX PSW.
- Intel(R) SGX driver.
To build Intel® SGX SSL package in Linux OS:
- Download OpenSSL 1.1.1* package into openssl_source/ directory. (tar.gz package, e.g. openssl-1.1.1a.tar.gz)
- Download and install latest SGX SDK from 01.org. You can find installation guide in the same website.
- Source SGX SDK's environment variables.
- Cd to Linux/ directory and run:
This will build and test the Intel® SGX SSL libraries (libsgx_tsgxssl.a, libsgx_usgxssl.a, libsgx_tsgxssl_crypto.a), which can be found in package/lib64/.
Available make
flags:
- DEBUG={1,0}: Libraries build mode, with debug symbols or without.
- SGX_MODE={HW,SIM}: SGX feature mode. Hardware/Simulation
- DESTDIR=<PATH>: Directory realpath to install Intel® SGX SSL libraries in. Default /opt/intel/sgxssl/
- VERBOSE={1,0}: Makefile verbose mode. Print compilation commands before executing it.
To install Intel® SGX SSL libraries in Linux OS, run:
make all test
sudo make install