Copy Intel IPP Cryptography Function Context Structures

Copy Intel IPP Cryptography Function Context Structures

Good morning,

As described in the reference: "Some Intel IPP Cryptography functions use special structures to store function-specific (context) information.". My question is how can I initialize one context from another? Is this even possible? For example: I have a fully initialized IppsRSAPublicKeyState using the respective initialization functions, but by necessity I want to fully copy it to a new context to not repeat the entire initialization process again.

 

Thanks in advance and rest of a good week.

6 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Hi Stevie,

 

We do not recommend doing this. Can you please provide a bit more details about your use case?

Is the initialization really bottleneck?

 

Regards,

Andrey

Of course let me explain what I intend to do: at the moment I want to seal the secrets included in my enclave (an RSA key pair, an RSA public key, and others that are out of question context) using the functions provided by intel SGX SDK . My idea was to seal function-specific (context) information, in this case RSA public and private key contexts, as soon as the application terminates. When the application was run again, it would just unseal these contexts and copy them directly into new contexts and extract the components needed for encryption or signatures.

By the way, thank you very much for your support.

Deep copy of the context structures for RSA is not supported now.
You can dump the memory context points to as you know its size, but it will be pretty much unusable after restore as you have to care also about internal pointers to the data in the context structure and data alignment manually.

The recommended way is to save not the context itself, but the initial data for re-initialization.

Hi, Steve,

Right, some of IPP functionality has such ability (copy context to and restore it from). It's true, for example, for TDES, AES, ARC, Hash, HMac and DLP functionality. But it is not true for RSA. Generally, (if functionality supports ability of save-restore context) it additionally provides the pair of Pack and Unpack functions.

Thus, ippsAESPack and ippsAESUnpck are store AES context in the memory buffer and restore it from. The similar behavior provides the ippsHashPack - ippsHashUnpack pair.

The appearance of these functions was due to specific request related to usage of IPP in JAVA based code. The cases similar to yours, have also been considered.

Because of different reason, future of these function is not clear now. That is why we do not recommend using current IPP's save-restore mechanisms. Instead use general way for (initialization and set up) for context initialization.

 

Thank you very much for your answers and I will take what you have been told to move forward.

Once again, a giant thank you for helping those who need help using your products.

Leave a Comment

Please sign in to add a comment. Not a member? Join today