Asylo
Public Member Functions | List of all members
asylo::EnclaveAssertionVerifier Class Referenceabstract

Defines an interface for assertion authorities that generate assertion requests and verify assertions. More...

#include <enclave_assertion_verifier.h>

Inheritance diagram for asylo::EnclaveAssertionVerifier:
Inheritance graph
[legend]
Collaboration diagram for asylo::EnclaveAssertionVerifier:
Collaboration graph
[legend]

Public Member Functions

virtual Status CreateAssertionRequest (AssertionRequest *request) const =0
 Creates an assertion request compatible with this verifier's identity type and authority type and places the result in request. More...
 
virtual StatusOr< bool > CanVerify (const AssertionOffer &offer) const =0
 Indicates whether the assertion offered in offer can be verified by this verifier. More...
 
virtual Status Verify (const std::string &user_data, const Assertion &assertion, EnclaveIdentity *peer_identity) const =0
 Verifies an assertion that is compatible with this verifier's identity type and authority type. More...
 
- Public Member Functions inherited from asylo::EnclaveAssertionAuthority
virtual ~EnclaveAssertionAuthority ()=default
 
virtual Status Initialize (const std::string &config)=0
 Initializes this assertion authority using the provided config. More...
 
virtual bool IsInitialized () const =0
 Indicates whether this assertion authority has been initialized successfully via a call to Initialize(). More...
 
virtual EnclaveIdentityType IdentityType () const =0
 Gets the enclave identity type handled by this assertion authority. More...
 
virtual std::string AuthorityType () const =0
 Gets the type of this assertion authority. More...
 

Additional Inherited Members

- Static Public Member Functions inherited from asylo::EnclaveAssertionAuthority
static StatusOr< std::string > GenerateAuthorityId (const EnclaveIdentityType &identity_type, const std::string &authority_type)
 Gets a unique identifier for an EnclaveAssertionAuthority with the given identity_type and authority_type. More...
 
- Protected Member Functions inherited from asylo::EnclaveAssertionAuthority
bool IsCompatibleAssertionDescription (const AssertionDescription &description) const
 Indicates whether description describes an assertion that is compatible with this authority. More...
 

Detailed Description

Defines an interface for assertion authorities that generate assertion requests and verify assertions.

EnclaveAssertionVerifier cannot be instantiated; it is intended to be derived from by classes that implement the EnclaveAssertionVerifier interface for a particular identity type and authority type.

Derived classes of EnclaveAssertionVerifier must:

Derived classes of EnclaveAssertionVerifier must also implement virtual methods presented by EnclaveAssertionAuthority.

Member Function Documentation

◆ CanVerify()

virtual StatusOr<bool> asylo::EnclaveAssertionVerifier::CanVerify ( const AssertionOffer &  offer) const
pure virtual

Indicates whether the assertion offered in offer can be verified by this verifier.

Returns
True if the offer can be verified, and false if no errors occurred during the operation but offer cannot be fulfilled. Returns a non-OK Status if the verifier is not initialized or if an internal error occurs while attempting the operation.

Implemented in asylo::SgxIntelEcdsaQeRemoteAssertionVerifier, asylo::SgxAgeRemoteAssertionVerifier, asylo::NullAssertionVerifier, and asylo::SgxLocalAssertionVerifier.

◆ CreateAssertionRequest()

virtual Status asylo::EnclaveAssertionVerifier::CreateAssertionRequest ( AssertionRequest *  request) const
pure virtual

Creates an assertion request compatible with this verifier's identity type and authority type and places the result in request.

Parameters
[out]requestThe generated request.
Returns
A Status indicating whether the request was created. Returns a non-OK Status if this verifier is not initialized or if an internal error occurs while attempting the operation.

Implemented in asylo::SgxIntelEcdsaQeRemoteAssertionVerifier, asylo::SgxAgeRemoteAssertionVerifier, asylo::NullAssertionVerifier, and asylo::SgxLocalAssertionVerifier.

◆ Verify()

virtual Status asylo::EnclaveAssertionVerifier::Verify ( const std::string &  user_data,
const Assertion &  assertion,
EnclaveIdentity *  peer_identity 
) const
pure virtual

Verifies an assertion that is compatible with this verifier's identity type and authority type.

The verification operation verifies that the assertion's identity claim is valid, and also checks that the assertion is bound to user_data. If verification succeeds, returns an OK Status and extracts the peer's identity into peer_identity. The caller cannot make any assumptions about the contents of peer_identity if verification fails.

Parameters
user_dataUser-provided binding data.
assertionAn assertion to verify.
[out]peer_identityThe identity extracted from the assertion.
Returns
A Status indicating whether the assertion was verified successfully. Returns a non-OK Status if this verifier is not initialized or if an internal error occurs while attempting the operation.

Implemented in asylo::SgxIntelEcdsaQeRemoteAssertionVerifier, asylo::SgxAgeRemoteAssertionVerifier, asylo::NullAssertionVerifier, and asylo::SgxLocalAssertionVerifier.


The documentation for this class was generated from the following file: